From 37a33e12cc580a054bcc50ae7f7556710e1992c8 Mon Sep 17 00:00:00 2001
From: jschaul <jschaul@users.noreply.github.com>
Date: Mon, 5 Dec 2022 15:58:11 +0100
Subject: [PATCH 01/38] Add sphinx-copybutton plugin to make copying snippets
 of code from docs.wire.com easier.

---
 changelog.d/4-docs/copybutton | 1 +
 docs/src/conf.py              | 1 +
 nix/default.nix               | 1 +
 3 files changed, 3 insertions(+)
 create mode 100644 changelog.d/4-docs/copybutton

diff --git a/changelog.d/4-docs/copybutton b/changelog.d/4-docs/copybutton
new file mode 100644
index 0000000000..cef39536e5
--- /dev/null
+++ b/changelog.d/4-docs/copybutton
@@ -0,0 +1 @@
+Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier.
diff --git a/docs/src/conf.py b/docs/src/conf.py
index e7c36d04e6..a37c1a8dd9 100644
--- a/docs/src/conf.py
+++ b/docs/src/conf.py
@@ -46,6 +46,7 @@
     'rst2pdf.pdfbuilder',
     'sphinx_multiversion',
     'sphinx_reredirects',
+    'sphinx_copybutton',
 ]
 
 # Grouping the document tree into PDF files. List of tuples
diff --git a/nix/default.nix b/nix/default.nix
index 34f37250e0..bd35e4aaf2 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -36,6 +36,7 @@ let
         sphinx-multiversion
         sphinx_rtd_theme
         sphinx_reredirects
+        sphinx-copybutton
         sphinxcontrib-fulltoc
         sphinxcontrib-kroki
       ]))

From 36507cf671063c0bdea120378c4c629dcec0d730 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Thu, 12 Jan 2023 17:22:31 +0100
Subject: [PATCH 02/38] Convert docs from reStructuredText to MyST markdown
 (#2980)

---
 docs/convert/compare_screenshots.py           |   16 +
 docs/convert/config.yaml                      |    1 +
 docs/convert/conversions.yaml                 |    1 +
 docs/convert/convert.sh                       |   12 +
 docs/convert/revert.sh                        |    4 +
 docs/convert/screenshots.py                   |   47 +
 docs/convert/shell.nix                        |   17 +
 docs/src/conf.py                              |    3 +-
 docs/src/developer/developer/index.md         |   10 +
 docs/src/developer/developer/index.rst        |   10 -
 docs/src/developer/{index.rst => index.md}    |   20 +-
 docs/src/developer/reference/index.md         |   10 +
 docs/src/developer/reference/index.rst        |   10 -
 .../src/developer/reference/spar-braindump.md |    2 +-
 docs/src/how-to/administrate/cassandra.md     |   63 +
 docs/src/how-to/administrate/cassandra.rst    |   65 -
 docs/src/how-to/administrate/elasticsearch.md |  127 ++
 .../src/how-to/administrate/elasticsearch.rst |  134 --
 docs/src/how-to/administrate/etcd.md          |  261 ++++
 docs/src/how-to/administrate/etcd.rst         |  264 ----
 docs/src/how-to/administrate/general-linux.md |   67 +
 .../src/how-to/administrate/general-linux.rst |   69 -
 docs/src/how-to/administrate/index.md         |   12 +
 docs/src/how-to/administrate/index.rst        |   14 -
 .../kubernetes/certificate-renewal/index.md   |   10 +
 .../kubernetes/certificate-renewal/index.rst  |   10 -
 .../scenario-1_k8s-v1.14-kubespray.md         |  241 ++++
 .../scenario-1_k8s-v1.14-kubespray.rst        |  244 ----
 .../how-to/administrate/kubernetes/index.md   |   20 +
 .../how-to/administrate/kubernetes/index.rst  |   21 -
 .../kubernetes/restart-machines/index.md      |   42 +
 .../kubernetes/restart-machines/index.rst     |   45 -
 .../kubernetes/upgrade-cluster/index.md       |   75 ++
 .../kubernetes/upgrade-cluster/index.rst      |   82 --
 .../administrate/{minio.rst => minio.md}      |  256 ++--
 docs/src/how-to/administrate/operations.md    |  139 +++
 docs/src/how-to/administrate/operations.rst   |  144 ---
 docs/src/how-to/administrate/restund.md       |  293 +++++
 docs/src/how-to/administrate/restund.rst      |  301 -----
 docs/src/how-to/administrate/users.md         |  590 +++++++++
 docs/src/how-to/administrate/users.rst        |  609 ---------
 .../custom-backend-for-desktop-client.md      |   79 ++
 .../custom-backend-for-desktop-client.rst     |   90 --
 ...ertificates.rst => custom-certificates.md} |    5 +-
 docs/src/how-to/associate/deeplink.md         |  174 +++
 docs/src/how-to/associate/deeplink.rst        |  174 ---
 docs/src/how-to/associate/index.md            |   10 +
 docs/src/how-to/associate/index.rst           |   10 -
 docs/src/how-to/index.md                      |   20 +
 docs/src/how-to/index.rst                     |   21 -
 docs/src/how-to/install/ansible-VMs.md        |  275 ++++
 docs/src/how-to/install/ansible-VMs.rst       |  277 -----
 .../how-to/install/ansible-authentication.md  |   63 +
 .../how-to/install/ansible-authentication.rst |   66 -
 docs/src/how-to/install/ansible-tinc.md       |   54 +
 docs/src/how-to/install/ansible-tinc.rst      |   54 -
 docs/src/how-to/install/aws-prod.md           |   36 +
 docs/src/how-to/install/aws-prod.rst          |   39 -
 .../how-to/install/configuration-options.md   | 1048 ++++++++++++++++
 .../how-to/install/configuration-options.rst  | 1106 -----------------
 docs/src/how-to/install/dependencies.md       |   69 +
 docs/src/how-to/install/dependencies.rst      |   74 --
 docs/src/how-to/install/helm-prod.md          |  208 ++++
 docs/src/how-to/install/helm-prod.rst         |  225 ----
 docs/src/how-to/install/helm.md               |  145 +++
 docs/src/how-to/install/helm.rst              |  154 ---
 .../install/includes/dns-federation.rst       |   43 -
 .../helm_dns-ingress-troubleshooting.inc.rst  |    2 -
 docs/src/how-to/install/index.md              |   30 +
 docs/src/how-to/install/index.rst             |   30 -
 docs/src/how-to/install/kubernetes.md         |   85 ++
 docs/src/how-to/install/kubernetes.rst        |   83 --
 .../install/{logging.rst => logging.md}       |  160 ++-
 .../install/{monitoring.rst => monitoring.md} |   14 +-
 .../install/{planning.rst => planning.md}     |   57 +-
 docs/src/how-to/install/prod-intro.md         |   58 +
 docs/src/how-to/install/prod-intro.rst        |   60 -
 docs/src/how-to/install/restund.md            |   80 ++
 docs/src/how-to/install/restund.rst           |   88 --
 docs/src/how-to/install/{sft.rst => sft.md}   |  162 ++-
 docs/src/how-to/install/tls.md                |   52 +
 docs/src/how-to/install/tls.rst               |   60 -
 docs/src/how-to/install/troubleshooting.md    |  265 ++++
 docs/src/how-to/install/troubleshooting.rst   |  255 ----
 .../how-to/install/version-requirements.md    |   28 +
 .../how-to/install/version-requirements.rst   |   35 -
 .../post-install/{index.rst => index.md}      |   16 +-
 .../how-to/post-install/logrotation-check.md  |   81 ++
 .../how-to/post-install/logrotation-check.rst |   79 --
 docs/src/how-to/post-install/ntp-check.md     |   44 +
 docs/src/how-to/post-install/ntp-check.rst    |   48 -
 docs/src/how-to/single-sign-on/adfs/main.md   |   41 +
 docs/src/how-to/single-sign-on/adfs/main.rst  |   19 -
 docs/src/how-to/single-sign-on/azure/main.md  |   92 ++
 docs/src/how-to/single-sign-on/azure/main.rst |   82 --
 .../centrify/{main.rst => main.md}            |   66 +-
 .../how-to/single-sign-on/generic-setup.md    |   37 +
 .../how-to/single-sign-on/generic-setup.rst   |   42 -
 docs/src/how-to/single-sign-on/index.md       |   15 +
 .../single-sign-on/okta/{main.rst => main.md} |   62 +-
 ...ouble-shooting.rst => trouble-shooting.md} |  221 ++--
 .../Wire_SAML_Flow (lucidchart).svg           |    0
 .../understand}/Wire_SAML_Flow.png            |  Bin
 .../how-to/single-sign-on/understand/main.md  |  561 +++++++++
 .../understand}/token-step-01.png             |  Bin
 .../understand}/token-step-02.png             |  Bin
 .../understand}/token-step-03.png             |  Bin
 .../understand}/token-step-04.png             |  Bin
 .../understand}/token-step-05.png             |  Bin
 .../understand}/token-step-06.png             |  Bin
 docs/src/index.md                             |   46 +
 docs/src/index.rst                            |   43 -
 .../{release-notes.rst => release-notes.md}   |   13 +-
 .../2021-12-15_log4shell.md                   |   90 ++
 .../2021-12-15_log4shell.rst                  |  103 --
 docs/src/security-responses/index.md          |   14 +
 docs/src/security-responses/index.rst         |   16 -
 .../api-client-perspective/authentication.md  |  435 +++++++
 .../api-client-perspective/authentication.rst |  476 -------
 .../api-client-perspective/index.md           |   15 +
 .../api-client-perspective/index.rst          |   14 -
 .../{swagger.rst => swagger.md}               |   17 +-
 docs/src/understand/federation/index.md       |   24 +
 docs/src/understand/federation/index.rst      |   25 -
 docs/src/understand/helm.md                   |   61 +
 docs/src/understand/helm.rst                  |   64 -
 docs/src/understand/index.md                  |   17 +
 docs/src/understand/index.rst                 |   17 -
 docs/src/understand/{minio.rst => minio.md}   |   13 +-
 docs/src/understand/notes/port-ranges.md      |   36 +
 docs/src/understand/notes/port-ranges.rst     |   36 -
 docs/src/understand/overview.md               |  143 +++
 docs/src/understand/overview.rst              |  148 ---
 .../understand/{restund.rst => restund.md}    |  110 +-
 docs/src/understand/{sft.rst => sft.md}       |   97 +-
 docs/src/understand/single-sign-on/design.rst |    3 -
 docs/src/understand/single-sign-on/main.rst   |  560 ---------
 137 files changed, 7202 insertions(+), 7424 deletions(-)
 create mode 100644 docs/convert/compare_screenshots.py
 create mode 100644 docs/convert/config.yaml
 create mode 100644 docs/convert/conversions.yaml
 create mode 100644 docs/convert/convert.sh
 create mode 100644 docs/convert/revert.sh
 create mode 100644 docs/convert/screenshots.py
 create mode 100644 docs/convert/shell.nix
 create mode 100644 docs/src/developer/developer/index.md
 delete mode 100644 docs/src/developer/developer/index.rst
 rename docs/src/developer/{index.rst => index.md} (52%)
 create mode 100644 docs/src/developer/reference/index.md
 delete mode 100644 docs/src/developer/reference/index.rst
 create mode 100644 docs/src/how-to/administrate/cassandra.md
 delete mode 100644 docs/src/how-to/administrate/cassandra.rst
 create mode 100644 docs/src/how-to/administrate/elasticsearch.md
 delete mode 100644 docs/src/how-to/administrate/elasticsearch.rst
 create mode 100644 docs/src/how-to/administrate/etcd.md
 delete mode 100644 docs/src/how-to/administrate/etcd.rst
 create mode 100644 docs/src/how-to/administrate/general-linux.md
 delete mode 100644 docs/src/how-to/administrate/general-linux.rst
 create mode 100644 docs/src/how-to/administrate/index.md
 delete mode 100644 docs/src/how-to/administrate/index.rst
 create mode 100644 docs/src/how-to/administrate/kubernetes/certificate-renewal/index.md
 delete mode 100644 docs/src/how-to/administrate/kubernetes/certificate-renewal/index.rst
 create mode 100644 docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.md
 delete mode 100644 docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.rst
 create mode 100644 docs/src/how-to/administrate/kubernetes/index.md
 delete mode 100644 docs/src/how-to/administrate/kubernetes/index.rst
 create mode 100644 docs/src/how-to/administrate/kubernetes/restart-machines/index.md
 delete mode 100644 docs/src/how-to/administrate/kubernetes/restart-machines/index.rst
 create mode 100644 docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
 delete mode 100644 docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.rst
 rename docs/src/how-to/administrate/{minio.rst => minio.md} (58%)
 create mode 100644 docs/src/how-to/administrate/operations.md
 delete mode 100644 docs/src/how-to/administrate/operations.rst
 create mode 100644 docs/src/how-to/administrate/restund.md
 delete mode 100644 docs/src/how-to/administrate/restund.rst
 create mode 100644 docs/src/how-to/administrate/users.md
 delete mode 100644 docs/src/how-to/administrate/users.rst
 create mode 100644 docs/src/how-to/associate/custom-backend-for-desktop-client.md
 delete mode 100644 docs/src/how-to/associate/custom-backend-for-desktop-client.rst
 rename docs/src/how-to/associate/{custom-certificates.rst => custom-certificates.md} (80%)
 create mode 100644 docs/src/how-to/associate/deeplink.md
 delete mode 100644 docs/src/how-to/associate/deeplink.rst
 create mode 100644 docs/src/how-to/associate/index.md
 delete mode 100644 docs/src/how-to/associate/index.rst
 create mode 100644 docs/src/how-to/index.md
 delete mode 100644 docs/src/how-to/index.rst
 create mode 100644 docs/src/how-to/install/ansible-VMs.md
 delete mode 100644 docs/src/how-to/install/ansible-VMs.rst
 create mode 100644 docs/src/how-to/install/ansible-authentication.md
 delete mode 100644 docs/src/how-to/install/ansible-authentication.rst
 create mode 100644 docs/src/how-to/install/ansible-tinc.md
 delete mode 100644 docs/src/how-to/install/ansible-tinc.rst
 create mode 100644 docs/src/how-to/install/aws-prod.md
 delete mode 100644 docs/src/how-to/install/aws-prod.rst
 create mode 100644 docs/src/how-to/install/configuration-options.md
 delete mode 100644 docs/src/how-to/install/configuration-options.rst
 create mode 100644 docs/src/how-to/install/dependencies.md
 delete mode 100644 docs/src/how-to/install/dependencies.rst
 create mode 100644 docs/src/how-to/install/helm-prod.md
 delete mode 100644 docs/src/how-to/install/helm-prod.rst
 create mode 100644 docs/src/how-to/install/helm.md
 delete mode 100644 docs/src/how-to/install/helm.rst
 delete mode 100644 docs/src/how-to/install/includes/dns-federation.rst
 create mode 100644 docs/src/how-to/install/index.md
 delete mode 100644 docs/src/how-to/install/index.rst
 create mode 100644 docs/src/how-to/install/kubernetes.md
 delete mode 100644 docs/src/how-to/install/kubernetes.rst
 rename docs/src/how-to/install/{logging.rst => logging.md} (60%)
 rename docs/src/how-to/install/{monitoring.rst => monitoring.md} (58%)
 rename docs/src/how-to/install/{planning.rst => planning.md} (55%)
 create mode 100644 docs/src/how-to/install/prod-intro.md
 delete mode 100644 docs/src/how-to/install/prod-intro.rst
 create mode 100644 docs/src/how-to/install/restund.md
 delete mode 100644 docs/src/how-to/install/restund.rst
 rename docs/src/how-to/install/{sft.rst => sft.md} (67%)
 create mode 100644 docs/src/how-to/install/tls.md
 delete mode 100644 docs/src/how-to/install/tls.rst
 create mode 100644 docs/src/how-to/install/troubleshooting.md
 delete mode 100644 docs/src/how-to/install/troubleshooting.rst
 create mode 100644 docs/src/how-to/install/version-requirements.md
 delete mode 100644 docs/src/how-to/install/version-requirements.rst
 rename docs/src/how-to/post-install/{index.rst => index.md} (53%)
 create mode 100644 docs/src/how-to/post-install/logrotation-check.md
 delete mode 100644 docs/src/how-to/post-install/logrotation-check.rst
 create mode 100644 docs/src/how-to/post-install/ntp-check.md
 delete mode 100644 docs/src/how-to/post-install/ntp-check.rst
 create mode 100644 docs/src/how-to/single-sign-on/adfs/main.md
 delete mode 100644 docs/src/how-to/single-sign-on/adfs/main.rst
 create mode 100644 docs/src/how-to/single-sign-on/azure/main.md
 delete mode 100644 docs/src/how-to/single-sign-on/azure/main.rst
 rename docs/src/how-to/single-sign-on/centrify/{main.rst => main.md} (55%)
 create mode 100644 docs/src/how-to/single-sign-on/generic-setup.md
 delete mode 100644 docs/src/how-to/single-sign-on/generic-setup.rst
 create mode 100644 docs/src/how-to/single-sign-on/index.md
 rename docs/src/how-to/single-sign-on/okta/{main.rst => main.md} (73%)
 rename docs/src/how-to/single-sign-on/{trouble-shooting.rst => trouble-shooting.md} (60%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/Wire_SAML_Flow (lucidchart).svg (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/Wire_SAML_Flow.png (100%)
 create mode 100644 docs/src/how-to/single-sign-on/understand/main.md
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-01.png (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-02.png (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-03.png (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-04.png (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-05.png (100%)
 rename docs/src/{understand/single-sign-on => how-to/single-sign-on/understand}/token-step-06.png (100%)
 create mode 100644 docs/src/index.md
 delete mode 100644 docs/src/index.rst
 rename docs/src/{release-notes.rst => release-notes.md} (51%)
 create mode 100644 docs/src/security-responses/2021-12-15_log4shell.md
 delete mode 100644 docs/src/security-responses/2021-12-15_log4shell.rst
 create mode 100644 docs/src/security-responses/index.md
 delete mode 100644 docs/src/security-responses/index.rst
 create mode 100644 docs/src/understand/api-client-perspective/authentication.md
 delete mode 100644 docs/src/understand/api-client-perspective/authentication.rst
 create mode 100644 docs/src/understand/api-client-perspective/index.md
 delete mode 100644 docs/src/understand/api-client-perspective/index.rst
 rename docs/src/understand/api-client-perspective/{swagger.rst => swagger.md} (67%)
 create mode 100644 docs/src/understand/federation/index.md
 delete mode 100644 docs/src/understand/federation/index.rst
 create mode 100644 docs/src/understand/helm.md
 delete mode 100644 docs/src/understand/helm.rst
 create mode 100644 docs/src/understand/index.md
 delete mode 100644 docs/src/understand/index.rst
 rename docs/src/understand/{minio.rst => minio.md} (86%)
 create mode 100644 docs/src/understand/notes/port-ranges.md
 delete mode 100644 docs/src/understand/notes/port-ranges.rst
 create mode 100644 docs/src/understand/overview.md
 delete mode 100644 docs/src/understand/overview.rst
 rename docs/src/understand/{restund.rst => restund.md} (61%)
 rename docs/src/understand/{sft.rst => sft.md} (77%)
 delete mode 100644 docs/src/understand/single-sign-on/design.rst
 delete mode 100644 docs/src/understand/single-sign-on/main.rst

diff --git a/docs/convert/compare_screenshots.py b/docs/convert/compare_screenshots.py
new file mode 100644
index 0000000000..c5b4d9eca1
--- /dev/null
+++ b/docs/convert/compare_screenshots.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+import subprocess
+import os
+
+output = subprocess.check_output(['find', 'screenshots', '-name', '*_dev.png']).decode('utf8')
+
+for dev in output.splitlines():
+   ref = dev.replace('_dev.png', '_ref.png')
+   if os.path.exists(dev) and os.path.exists(ref):
+      print(dev)
+      cmd = ['compare', '-compose', 'src', dev, ref, dev.replace('_dev.png', '_diff.png')]
+      print(cmd)
+      subprocess.run(cmd)
+   else:
+      print(f'Cannot compare {dev}')
diff --git a/docs/convert/config.yaml b/docs/convert/config.yaml
new file mode 100644
index 0000000000..78f2c64c8f
--- /dev/null
+++ b/docs/convert/config.yaml
@@ -0,0 +1 @@
+colon_fences: false
diff --git a/docs/convert/conversions.yaml b/docs/convert/conversions.yaml
new file mode 100644
index 0000000000..cbeb844cb6
--- /dev/null
+++ b/docs/convert/conversions.yaml
@@ -0,0 +1 @@
+sphinx.domains.std.Glossary: eval_rst
diff --git a/docs/convert/convert.sh b/docs/convert/convert.sh
new file mode 100644
index 0000000000..11a4a33fe7
--- /dev/null
+++ b/docs/convert/convert.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#
+set -e
+# shellcheck disable=SC2044,SC3010
+for f in $(find . -type f -name '*.rst'); do
+    if [[ "$f" == */includes/* ]]; then
+        echo skipping "$f"
+        continue
+    fi
+    rst2myst convert -c convert/conversions.yaml --no-colon-fences "$f"
+    rm -f "$f"
+done
diff --git a/docs/convert/revert.sh b/docs/convert/revert.sh
new file mode 100644
index 0000000000..df5cf912b3
--- /dev/null
+++ b/docs/convert/revert.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+
+git checkout src
+git clean src -f
diff --git a/docs/convert/screenshots.py b/docs/convert/screenshots.py
new file mode 100644
index 0000000000..ff172710d5
--- /dev/null
+++ b/docs/convert/screenshots.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+
+from selenium import webdriver
+from selenium.webdriver.common.keys import Keys
+from selenium.webdriver.common.by import By
+import subprocess
+import os.path
+
+def sanitize_name(name):
+    r = ''
+    for c in name:
+        if c.isalpha():
+            r += c
+        else:
+            r += '_'
+    return r
+
+driver = webdriver.Firefox()
+
+output = subprocess.check_output(['find', 'build', '-name', '*.html']).decode('utf8')
+for i, p in enumerate(output.splitlines()):
+    n = os.path.relpath(p, 'build')
+    url_dev = f'http://localhost:3000/{n}'
+    url_ref = f'https://docs.wire.com/{n}'
+    img_basename = sanitize_name(n) + '_' + str(i)
+
+    try:
+        print(f'./screenshots/{i:03}-{img_basename}_dev.png')
+        driver.get(url_dev)
+        driver.get_full_page_screenshot_as_file(f'./screenshots/{i:03}-{img_basename}_dev.png')
+        print(url_ref)
+        driver.get(url_ref)
+        driver.get_full_page_screenshot_as_file(f'./screenshots/{i:03}-{img_basename}_ref.png')
+    except:
+        pass
+
+driver.close()
+
+
+
+# assert "Python" in driver.title
+# elem = driver.find_element(By.NAME, "q")
+# elem.clear()
+# elem.send_keys("pycon")
+# elem.send_keys(Keys.RETURN)
+# assert "No results found." not in driver.page_source
+#
diff --git a/docs/convert/shell.nix b/docs/convert/shell.nix
new file mode 100644
index 0000000000..130c456c6d
--- /dev/null
+++ b/docs/convert/shell.nix
@@ -0,0 +1,17 @@
+{ pkgs ? import <nixpkgs> {} }:
+(pkgs.buildFHSUserEnv {
+  name = "pipzone";
+  targetPkgs = pkgs: (with pkgs; [
+    python3
+    python3Packages.pip
+    python3Packages.virtualenv
+  ]);
+  runScript = "bash";
+}).env
+
+# then
+# virtualenv venv
+# pip install rst-to-myst
+# Fix this bug locally: https://github.com/executablebooks/rst-to-myst/issues/49
+# pip install sphinx-reredirects
+# pip install sphinx-multiversion
diff --git a/docs/src/conf.py b/docs/src/conf.py
index e7c36d04e6..1d2c7fa490 100644
--- a/docs/src/conf.py
+++ b/docs/src/conf.py
@@ -128,6 +128,5 @@
         "security-responses/log4shell": "2021-12-15_log4shell.html",
         "security-responses/cve-2021-44521": "2022-02-21_cve-2021-44521.html",
         "security-responses/2022-05_website_outage": "2022-05-23_website_outage.html",
-        "how-to/single-sign-on/index": "../../understand/single-sign-on/main.html#setting-up-sso-externally",
-        "how-to/scim/index": "../../understand/single-sign-on/main.html#user-provisioning",
+        "how-to/scim/index": "../../understand/single-sign-on/main.html#user-provisioning"
 }
diff --git a/docs/src/developer/developer/index.md b/docs/src/developer/developer/index.md
new file mode 100644
index 0000000000..77e35760cf
--- /dev/null
+++ b/docs/src/developer/developer/index.md
@@ -0,0 +1,10 @@
+# Developer
+
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:numbered: true
+:titlesonly: true
+
+**
+```
diff --git a/docs/src/developer/developer/index.rst b/docs/src/developer/developer/index.rst
deleted file mode 100644
index a8fefaa770..0000000000
--- a/docs/src/developer/developer/index.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-Developer
-=========
-
-.. toctree::
-   :titlesonly:
-   :numbered:
-   :caption: Contents:
-   :glob:
-
-   **
diff --git a/docs/src/developer/index.rst b/docs/src/developer/index.md
similarity index 52%
rename from docs/src/developer/index.rst
rename to docs/src/developer/index.md
index b48dbecae0..59cf4fd92e 100644
--- a/docs/src/developer/index.rst
+++ b/docs/src/developer/index.md
@@ -1,19 +1,19 @@
-Notes for developers
-====================
+# Notes for developers
 
-If you are an on-premise operator (administrating your own self-hosted installation of wire-server), you may want to go back to `docs.wire.com <https://docs.wire.com/>`_ and ignore this section of the docs.
+If you are an on-premise operator (administrating your own self-hosted installation of wire-server), you may want to go back to [docs.wire.com](https://docs.wire.com/) and ignore this section of the docs.
 
-If you are a wire end-user, please check out our `support pages <https://support.wire.com/>`_.
+If you are a wire end-user, please check out our [support pages](https://support.wire.com/).
 
 What you need to know as a user of the Wire backend: concepts, features,
 and API. We want to keep these up to date. They could benefit from some
 re-ordering, and they are far from complete, but we hope they will still
 help you.
 
-.. toctree::
-   :titlesonly:
-   :caption: Contents:
-   :glob:
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:titlesonly: true
 
-   developer/index.rst
-   reference/index.rst
+developer/index.rst
+reference/index.rst
+```
diff --git a/docs/src/developer/reference/index.md b/docs/src/developer/reference/index.md
new file mode 100644
index 0000000000..4b6e82f195
--- /dev/null
+++ b/docs/src/developer/reference/index.md
@@ -0,0 +1,10 @@
+# Reference
+
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:numbered: true
+:titlesonly: true
+
+**
+```
diff --git a/docs/src/developer/reference/index.rst b/docs/src/developer/reference/index.rst
deleted file mode 100644
index 1eb9feedba..0000000000
--- a/docs/src/developer/reference/index.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-Reference
-=========
-
-.. toctree::
-   :titlesonly:
-   :numbered:
-   :caption: Contents:
-   :glob:
-
-   **
diff --git a/docs/src/developer/reference/spar-braindump.md b/docs/src/developer/reference/spar-braindump.md
index f32532108b..dcee5847e9 100644
--- a/docs/src/developer/reference/spar-braindump.md
+++ b/docs/src/developer/reference/spar-braindump.md
@@ -113,7 +113,7 @@ export IDP_ID=...
 
 Copy the new metadata file to one of your spar instances.
 
-Ssh into it.  If you can't, [the sso docs](../../understand/single-sign-on/main.rst) explain how you can create a
+Ssh into it.  If you can't, [the sso docs](../../how-to/single-sign-on/understand/main.rst) explain how you can create a
 bearer token if you have the admin's login credentials.  If you follow
 that approach, you need to replace all mentions of `-H'Z-User ...'`
 with `-H'Authorization: Bearer ...'` in the following, and you won't need
diff --git a/docs/src/how-to/administrate/cassandra.md b/docs/src/how-to/administrate/cassandra.md
new file mode 100644
index 0000000000..c75439d626
--- /dev/null
+++ b/docs/src/how-to/administrate/cassandra.md
@@ -0,0 +1,63 @@
+# Cassandra
+
+```{eval-rst}
+.. include:: includes/intro.rst
+```
+
+This section only covers the bare minimum, for more information, see the [cassandra
+documentation](https://cassandra.apache.org/doc/latest/)
+
+(check-the-health-of-a-cassandra-node)=
+
+## Check the health of a Cassandra node
+
+To check the health of a Cassandra node, run the following command:
+
+```sh
+ssh <ip of cassandra node> /opt/cassandra/bin/nodetool status
+```
+
+or if you are running a newer version of wire-server (altough it should be backwards compatibile)
+
+```sh
+ssh <ip of cassandra node> /opt/cassandra/bin/nodetool -h ::FFFF:127.0.0.1 status
+```
+
+You should see a list of nodes like this:
+
+```sh
+Datacenter: datacenter1
+=======================
+Status=Up/Down
+|/ State=Normal/Leaving/Joining/Moving
+--  Address         Load       Tokens          Owns (effective)   Host ID                                Rack
+UN  192.168.220.13  9.51MiB    256             100.0%             3dba71c8-eea7-4e35-8f35-4386e7944894   rack1
+UN  192.168.220.23  9.53MiB    256             100.0%             3af56f1f-7685-4b5b-b73f-efdaa371e96e   rack1
+UN  192.168.220.33  9.55MiB    256             100.0%             RANDOMLY-MADE-UUID-GOES-INTHISPLACE!   rack1
+```
+
+A `UN` at the begginng of the line, refers to a node that is `Up` and `Normal`.
+
+## How to inspect tables and data manually
+
+```sh
+cqlsh
+# from the cqlsh shell
+describe keyspaces
+use <keyspace>;
+describe tables;
+select * from <tablename> WHERE <primarykey>=<some-value> LIMIT 10;
+```
+
+## How to rolling-restart a cassandra cluster
+
+For maintenance you may need to restart the cluster.
+
+On each server one by one:
+
+1. check your cluster is healthy: `nodetool status` or `nodetool -h ::FFFF:127.0.0.1 status` (in newer versions)
+2. `nodetool drain && systemctl stop cassandra` (to stop accepting writes and flush data to disk; then stop the process)
+3. do any operation you need, if any
+4. Start the cassandra daemon process: `systemctl start cassandra`
+5. Wait for your cluster to be healthy again.
+6. Do the same on the next server.
diff --git a/docs/src/how-to/administrate/cassandra.rst b/docs/src/how-to/administrate/cassandra.rst
deleted file mode 100644
index 180a8f2a8c..0000000000
--- a/docs/src/how-to/administrate/cassandra.rst
+++ /dev/null
@@ -1,65 +0,0 @@
-Cassandra
---------------------------
-
-.. include:: includes/intro.rst
-
-This section only covers the bare minimum, for more information, see the `cassandra
-documentation <https://cassandra.apache.org/doc/latest/>`__
-
-Check the health of a Cassandra node
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To check the health of a Cassandra node, run the following command: 
-
-.. code:: sh 
-
-  ssh <ip of cassandra node> /opt/cassandra/bin/nodetool status
-
-or if you are running a newer version of wire-server (altough it should be backwards compatibile)
-
-.. code:: sh 
-
-  ssh <ip of cassandra node> /opt/cassandra/bin/nodetool -h ::FFFF:127.0.0.1 status
-
-You should see a list of nodes like this:
-
-.. code:: sh 
-
-   Datacenter: datacenter1
-   =======================
-   Status=Up/Down
-   |/ State=Normal/Leaving/Joining/Moving
-   --  Address         Load       Tokens          Owns (effective)   Host ID                                Rack
-   UN  192.168.220.13  9.51MiB    256             100.0%             3dba71c8-eea7-4e35-8f35-4386e7944894   rack1
-   UN  192.168.220.23  9.53MiB    256             100.0%             3af56f1f-7685-4b5b-b73f-efdaa371e96e   rack1
-   UN  192.168.220.33  9.55MiB    256             100.0%             RANDOMLY-MADE-UUID-GOES-INTHISPLACE!   rack1
-
-A ``UN`` at the begginng of the line, refers to a node that is ``Up`` and ``Normal``.
-
-How to inspect tables and data manually
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. code:: sh
-
-   cqlsh
-   # from the cqlsh shell
-   describe keyspaces
-   use <keyspace>;
-   describe tables;
-   select * from <tablename> WHERE <primarykey>=<some-value> LIMIT 10;
-
-How to rolling-restart a cassandra cluster
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-For maintenance you may need to restart the cluster.
-
-On each server one by one:
-
-1. check your cluster is healthy: ``nodetool status`` or ``nodetool -h ::FFFF:127.0.0.1 status`` (in newer versions)
-2. ``nodetool drain && systemctl stop cassandra`` (to stop accepting writes and flush data to disk; then stop the process)
-3. do any operation you need, if any
-4. Start the cassandra daemon process: ``systemctl start cassandra``
-5. Wait for your cluster to be healthy again.
-6. Do the same on the next server.
-
-
diff --git a/docs/src/how-to/administrate/elasticsearch.md b/docs/src/how-to/administrate/elasticsearch.md
new file mode 100644
index 0000000000..f128a0c1d6
--- /dev/null
+++ b/docs/src/how-to/administrate/elasticsearch.md
@@ -0,0 +1,127 @@
+# Elasticsearch
+
+```{eval-rst}
+.. include:: includes/intro.rst
+```
+
+For more information, see the [elasticsearch
+documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html)
+
+(restart-elasticsearch)=
+
+## How to rolling-restart an elasticsearch cluster
+
+For maintenance you may need to restart the cluster.
+
+On each server one by one:
+
+1. check your cluster is healthy (see above)
+2. stop shard allocation:
+
+```sh
+ES_IP=<the-ip-of-the-elasticsearch-node-to-stop>
+curl -sSf -XPUT http://localhost:9200/_cluster/settings -H 'Content-Type: application/json' -d "{ \"transient\" : {\"cluster.routing.allocation.exclude._ip\": \"$ES_IP\" }}"; echo;
+```
+
+You should expect some output like this:
+
+```sh
+{"acknowledged":true,"persistent":{},"transient":{"cluster":{"routing":{"allocation":{"exclude":{"_ip":"<SOME-IP-ADDRESS>"}}}}}}
+```
+
+3. Stop the elasticsearch daemon process: `systemctl stop elasticsearch`
+4. do any operation you need, if any
+5. Start the elasticsearch daemon process: `systemctl start elasticsearch`
+6. re-enable shard allocation:
+
+```sh
+curl -sSf -XPUT http://localhost:9200/_cluster/settings -H 'Content-Type: application/json' -d "{ \"transient\" : {\"cluster.routing.allocation.exclude._ip\": null }}"; echo;
+```
+
+You should expect some output like this from the above command:
+
+```sh
+{"acknowledged":true,"persistent":{},"transient":{}}
+```
+
+6. Wait for your cluster to be healthy again.
+7. Do the same on the next server.
+
+## How to manually look into what is stored in elasticsearch
+
+See also the elasticsearch sections in {ref}`investigative-tasks`.
+
+(check-the-health-of-an-elasticsearch-node)=
+
+## Check the health of an elasticsearch node
+
+To check the health of an elasticsearch node, run the following command:
+
+```sh
+ssh <ip of elasticsearch node> curl localhost:9200/_cat/health
+```
+
+You should see output looking like this:
+
+```
+1630250355 15:18:55 elasticsearch-directory green 3 3 17 6 0 0 0 - 100.0%
+```
+
+Here, the `green` denotes good node health, and the `3 3` denotes 3 running nodes.
+
+## Check cluster health
+
+This is the command to check the health of the entire cluster:
+
+```sh
+ssh <ip of elasticsearch node> curl 'http://localhost:9200/_cluster/health?pretty'
+```
+
+## List cluster nodes
+
+This is the command to list the nodes in the cluster:
+
+```sh
+ssh <ip of elasticsearch node> curl 'http://localhost:9200/_cat/nodes?v&h=id,ip,name'
+```
+
+## Troubleshooting
+
+Description:
+**ES nodes ran out of disk space** and error message says: `"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"`
+
+Solution:
+
+1. Connect to the node:
+
+```sh
+ssh <ip of elasticsearch node>
+```
+
+2. Clean up disk (e.g. `apt autoremove` on all nodes), then restart machines and/or the elasticsearch process
+
+```sh
+sudo apt autoremove
+sudo reboot
+```
+
+As always make sure you {ref}`check the health of the process <check-the-health-of-an-elasticsearch-node>`. before and after the reboot.
+
+3. Get the elastichsearch cluster out of *read-only* mode, run:
+
+```sh
+curl -X PUT -H 'Content-Type: application/json' http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'
+```
+
+4. Trigger reindexing: From a kubernetes machine, in one terminal:
+
+```sh
+# The following depends on your namespace where you installed wire-server. By default the namespace is called 'wire'.
+kubectl --namespace wire port-forward svc/brig 9999:8080
+```
+
+And in a second terminal trigger the reindex:
+
+```sh
+curl -v -X POST localhost:9999/i/index/reindex
+```
diff --git a/docs/src/how-to/administrate/elasticsearch.rst b/docs/src/how-to/administrate/elasticsearch.rst
deleted file mode 100644
index 3a101a7645..0000000000
--- a/docs/src/how-to/administrate/elasticsearch.rst
+++ /dev/null
@@ -1,134 +0,0 @@
-Elasticsearch
-------------------------------
-
-.. include:: includes/intro.rst
-
-For more information, see the `elasticsearch
-documentation <https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html>`__
-
-
-.. _restart-elasticsearch:
-
-How to rolling-restart an elasticsearch cluster
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-For maintenance you may need to restart the cluster.
-
-On each server one by one:
-
-1. check your cluster is healthy (see above)
-2. stop shard allocation:
-
-.. code:: sh
-
-    ES_IP=<the-ip-of-the-elasticsearch-node-to-stop>
-    curl -sSf -XPUT http://localhost:9200/_cluster/settings -H 'Content-Type: application/json' -d "{ \"transient\" : {\"cluster.routing.allocation.exclude._ip\": \"$ES_IP\" }}"; echo;
-
-You should expect some output like this:
-
-.. code:: sh
-
-   {"acknowledged":true,"persistent":{},"transient":{"cluster":{"routing":{"allocation":{"exclude":{"_ip":"<SOME-IP-ADDRESS>"}}}}}}
-
-3. Stop the elasticsearch daemon process: ``systemctl stop elasticsearch``
-4. do any operation you need, if any
-5. Start the elasticsearch daemon process: ``systemctl start elasticsearch``
-6. re-enable shard allocation:
-
-.. code:: sh
-
-    curl -sSf -XPUT http://localhost:9200/_cluster/settings -H 'Content-Type: application/json' -d "{ \"transient\" : {\"cluster.routing.allocation.exclude._ip\": null }}"; echo;
-
-You should expect some output like this from the above command:
-
-.. code:: sh
-
-   {"acknowledged":true,"persistent":{},"transient":{}}
-
-6. Wait for your cluster to be healthy again.
-7. Do the same on the next server.
-
-How to manually look into what is stored in elasticsearch
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-See also the elasticsearch sections in :ref:`investigative_tasks`.
-
-
-Check the health of an elasticsearch node
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To check the health of an elasticsearch node, run the following command: 
-
-.. code:: sh 
-
-  ssh <ip of elasticsearch node> curl localhost:9200/_cat/health
-
-You should see output looking like this:
-
-.. code:: 
-
-  1630250355 15:18:55 elasticsearch-directory green 3 3 17 6 0 0 0 - 100.0%
-
-Here, the ``green`` denotes good node health, and the ``3 3`` denotes 3 running nodes.
-
-Check cluster health
-~~~~~~~~~~~~~~~~~~~~
-
-This is the command to check the health of the entire cluster:
-
-.. code:: sh
-
-   ssh <ip of elasticsearch node> curl 'http://localhost:9200/_cluster/health?pretty'
-
-
-List cluster nodes
-~~~~~~~~~~~~~~~~~~
-
-This is the command to list the nodes in the cluster:
-
-.. code:: sh
-
-   ssh <ip of elasticsearch node> curl 'http://localhost:9200/_cat/nodes?v&h=id,ip,name'
-
-
-Troubleshooting
-~~~~~~~~~~~~~~~
-
-Description:
-**ES nodes ran out of disk space** and error message says: ``"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"``
-
-Solution:
-
-1. Connect to the node:
-
-.. code:: sh 
-
-  ssh <ip of elasticsearch node>
-
-2. Clean up disk (e.g. ``apt autoremove`` on all nodes), then restart machines and/or the elasticsearch process
-
-.. code:: sh 
-
-  sudo apt autoremove 
-  sudo reboot
-
-As always, and as explained in the `operations/procedures page <operations.html>`__, make sure you `check the health of the process <elasticsearch.html#check-the-health-of-an-elasticsearch-node>`__. before and after the reboot.
-
-3. Get the elastichsearch cluster out of *read-only* mode, run:
-
-.. code:: sh 
-
-  curl -X PUT -H 'Content-Type: application/json' http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'
-
-4. Trigger reindexing: From a kubernetes machine, in one terminal: 
-
-.. code:: sh 
-
-  # The following depends on your namespace where you installed wire-server. By default the namespace is called 'wire'.
-  kubectl --namespace wire port-forward svc/brig 9999:8080 
-
-And in a second terminal trigger the reindex: 
-
-.. code:: sh  
-
-  curl -v -X POST localhost:9999/i/index/reindex
diff --git a/docs/src/how-to/administrate/etcd.md b/docs/src/how-to/administrate/etcd.md
new file mode 100644
index 0000000000..a18c801f87
--- /dev/null
+++ b/docs/src/how-to/administrate/etcd.md
@@ -0,0 +1,261 @@
+# Etcd
+
+```{eval-rst}
+.. include:: includes/intro.rst
+```
+
+This section only covers the bare minimum, for more information, see the [etcd documentation](https://etcd.io/)
+
+(how-to-see-cluster-health)=
+
+## How to see cluster health
+
+If the file `/usr/local/bin/etcd-health.sh` is available, you can run
+
+```sh
+etcd-health.sh
+```
+
+which should produce an output similar to:
+
+```
+Cluster-Endpoints: https://127.0.0.1:2379
+cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
+member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
+member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
+member e767162297c84b1e is healthy: got healthy result from https://10.10.1.12:2379
+cluster is healthy
+```
+
+If that helper file is not available, create it with the following contents:
+
+```bash
+#!/usr/bin/env bash
+
+HOST=$(hostname)
+
+etcdctl --endpoints https://127.0.0.1:2379 --ca-file=/etc/ssl/etcd/ssl/ca.pem --cert-file=/etc/ssl/etcd/ssl/member-$HOST.pem --key-file=/etc/ssl/etcd/ssl/member-$HOST-key.pem --debug cluster-health
+```
+
+and then make it executable: `chmod +x /usr/local/bin/etcd-health.sh`
+
+## How to inspect tables and data manually
+
+```sh
+TODO
+```
+
+(how-to-rolling-restart-an-etcd-cluster)=
+
+## How to rolling-restart an etcd cluster
+
+Etcd is a consistent and partition tolerant key-value store.  This means that
+Etcd nodes can be restarted (one by one) with no impact to the consistency of
+data, but there might a small time in which the database can not process
+writes. Etcd has a designated leader which decides ordering of events (and thus
+writes) in the cluster. When the leader crashes, a leadership election takes
+place.  During the leadership election, the cluster might be briefly
+unavailable for writes.  Writes during this period are queued up until a new
+leader is elected.  Any writes that were happening during the crash of the
+leader that were not acknowledged by the leader and the followers yet will be
+'lost'.  The client that performed this write will experience this as a write
+timeout. (Source: <https://etcd.io/docs/v3.4.0/op-guide/failures/>).  Client
+applications (like kubernetes) are expected to deal with this failure scenario
+gracefully.
+
+Etcd can be restarted in a rolling fashion, by cleanly shutting down and
+starting up  etcd servers one by one.  In Etcd 3.1 and up, when the leader is
+cleanly shut down, it will hand over leadership gracefully to another node,
+which will minimize the impact of write-availability as election time is
+reduced. (Source :
+<https://kubernetes.io/blog/2018/12/11/etcd-current-status-and-future-roadmap/>)
+Restarting follower nodes has no impact to availability.
+
+Etcd does load-balancing between servrvers on the client-side. This means that
+if a server you were talking to is being restarted, etcd will transparently
+redirect the request to another server. It's is thus safe to shut them down at
+any point.
+
+Now to perform a rolling restart of the cluster, do the following steps:
+
+1. Check your cluster is healthy (see above)
+2. Stop the process with `systemctl stop etcd` (this should be safe since etcd clients retry their operation if one endpoint becomes unavailable, see [this page](https://etcd.io/docs/v3.3.12/learning/client-architecture/))
+3. Do any operation you need, if any. Like rebooting
+4. `systemctl start etcd`
+5. Wait for your cluster to be healthy again.
+6. Do the same on the next server.
+
+*For more details please refer to the official documentation:* [Replacing a failed etcd member](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#replacing-a-failed-etcd-member)
+
+(etcd-backup-and-restore)=
+
+## Backing up and restoring
+
+Though as long as quorum is maintained in etcd there will be no dataloss, it is
+still good to prepare for the worst. If a disaster takes out too many nodes, then
+you might have to restore from an old backup.
+
+Luckily, etcd can take periodic snapshots of your cluster and these can be used
+in cases of disaster recovery. Information about how to do snapshots and
+restores can be found here:
+<https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/recovery.md>
+
+*For more details please refer to the official documentation:* [Backing up an etcd cluster](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster)
+
+## Troubleshooting
+
+### How to recover from a single unhealthy etcd node after virtual machine snapshot restore
+
+After restoring an etcd machine from an earlier snapshot of the machine disk, etcd members may become unable to join.
+
+Symptoms: That etcd process is unable to start and crashes, and other etcd nodes can't reach it:
+
+```
+failed to check the health of member e767162297c84b1e on https://10.10.1.12:2379: Get https://10.10.1.12:2379/health: dial tcp 10.10.1.12:2379: getsockopt: connection refused
+member e767162297c84b1e is unreachable: [https://10.10.1.12:2379] are all unreachable
+```
+
+Logs from the crashing etcd:
+
+```
+(...)
+Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.691409 I | raft: e767162297c84b1e [term: 28] received a MsgHeartbeat message with higher term from cca4e6f315097b3b [term: 30]
+Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.691620 I | raft: e767162297c84b1e became follower at term 30
+Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.692423 C | raft: tocommit(16152654) is out of range [lastIndex(16061986)]. Was the raft log corrupted, truncated, or lost?
+Sep 25 09:27:05 node2 etcd[20288]: panic: tocommit(16152654) is out of range [lastIndex(16061986)]. Was the raft log corrupted, truncated, or lost?
+Sep 25 09:27:05 node2 etcd[20288]: goroutine 90 [running]:
+(...)
+```
+
+Etcd will refuse nodes that run behind to join the cluster.  If a node has
+committed to a certain version of the raft log, it is expected not to jump back
+in time after that. In this scenario, we turned an etcd server off, made a
+snapshot of the virtual machine, brought it back online, and then restored the
+snapshot.  What went wrong is is that if you bring up a VM snapshot, it means
+the etcd node will now have an older raft log than it had before; even though
+it already gossiped to all other nodes that it has knowledge of newer entries.
+
+As a safety precaution, the other nodes will reject the node that is travelling
+back in time, to avoid data corruption. A node could get corrupted for other
+reasons as well. Perhaps a disk is faulty and is serving wrong data. Either
+way, if you end up in a scenario where a node is unhealthy and will refuse to
+rejoin the cluster, it is time to do some operations to get the cluster back in
+a healthy state.
+
+It is not recommended to restore an etcd node from a vm snapshot, as that will
+cause these kind of time-travelling behaviours which will make the node
+unhealthy. To recover from this situation anyway,
+I quote from the etcdv2 admin guide <https://github.com/etcd-io/etcd/blob/master/Documentation/v2/admin_guide.md>
+
+> If a member’s data directory is ever lost or corrupted then the user should
+> remove the etcd member from the cluster using etcdctl tool.  A user should
+> avoid restarting an etcd member with a data directory from an out-of-date
+> backup. Using an out-of-date data directory can lead to inconsistency as the
+> member had agreed to store information via raft then re-joins saying it
+> needs that information again. For maximum safety, if an etcd member suffers
+> any sort of data corruption or loss, it must be removed from the cluster.
+> Once removed the member can be re-added with an empty data directory.
+
+Note that this piece of documentation is from etcdv2 and not etcdv3. However
+the etcdv3 docs describe a similar procedure here
+<https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#replace-a-failed-machine>
+
+The procedure to remove and add a member is documented here:
+<https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member>
+
+It is also documented in the kubernetes documentation:
+<https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#replacing-a-failed-etcd-member>
+
+So following the above guides step by step, we can recover our cluster to be
+healthy again.
+
+First let us make sure our broken member is stopped by runnning this on `node`:
+
+```sh
+systemctl stop etcd
+```
+
+Now from a healthy node, e.g. `node0` remove the broken node
+
+```sh
+etcdctl3.sh  member remove e767162297c84b1e
+```
+
+And we expect the output to be something like
+
+```sh
+Member e767162297c84b1e removed from cluster 432c10551aa096af
+```
+
+By removing the member from the cluster, you signal the other nodes to not
+expect it to come back with the right state. It will be considered dead and
+removed from the peers.  This will allow the node to come up with an empty data
+directory and it not getting kicked out of the cluster. The cluster should now
+be healthy, but only have 2 members, and so it is not to resistent to crashes
+at the moment! As we can see if we run the health check from a healthy node.
+
+```sh
+etcd-health.sh
+```
+
+And we expect only two nodes to be in the cluster:
+
+```
+Cluster-Endpoints: https://127.0.0.1:2379
+cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
+member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
+member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
+cluster is healthy
+```
+
+Now from a healthy node, re-add the node you just removed. Make sure
+to replace the IP in the snippet below with the IP of the node you just removed.
+
+```sh
+etcdctl3.sh member add etcd_2 --peer-urls https://10.10.1.12:2380
+```
+
+And it should report that it has been added:
+
+```
+Member e13b1d076b2f9344 added to cluster 432c10551aa096af
+
+ETCD_NAME="etcd_2"
+ETCD_INITIAL_CLUSTER="etcd_1=https://10.10.1.11:2380,etcd_0=https://10.10.1.10:2380,etcd_2=https://10.10.1.12:2380"
+ETCD_INITIAL_CLUSTER_STATE="existing"
+```
+
+it should now be in the list as "unstarted"  instead of it not being in the list at all.
+
+```sh
+etcdctl3.sh member list
+
+
+7c37f7dc10558fae, started, etcd_1, https://10.10.1.11:2380, https://10.10.1.11:2379
+cca4e6f315097b3b, started, etcd_0, https://10.10.1.10:2380, https://10.10.1.10:2379
+e13b1d076b2f9344, unstarted, , https://10.10.1.12:2380,
+```
+
+Now on the broken node, remove the on-disk state, which was corrupted, and start etcd
+
+```sh
+mv /var/lib/etcd /var/lib/etcd.bak
+sudo systemctl start etcd
+```
+
+If we run the health check now, the cluster should report its healthy now again.
+
+```sh
+etcd-health.sh
+```
+
+And indeed it outputs so:
+
+```
+Cluster-Endpoints: https://127.0.0.1:2379
+cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
+member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
+member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
+member e13b1d076b2f9344 is healthy: got healthy result from https://10.10.1.12:2379
+cluster is healthy
+```
diff --git a/docs/src/how-to/administrate/etcd.rst b/docs/src/how-to/administrate/etcd.rst
deleted file mode 100644
index 47bce63d70..0000000000
--- a/docs/src/how-to/administrate/etcd.rst
+++ /dev/null
@@ -1,264 +0,0 @@
-Etcd
---------------------------
-
-.. include:: includes/intro.rst
-
-This section only covers the bare minimum, for more information, see the `etcd documentation <https://etcd.io/>`__
-
-How to see cluster health
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If the file `/usr/local/bin/etcd-health.sh` is available, you can run
-
-.. code:: sh
-
-    etcd-health.sh
-
-which should produce an output similar to::
-
-    Cluster-Endpoints: https://127.0.0.1:2379
-    cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
-    member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
-    member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
-    member e767162297c84b1e is healthy: got healthy result from https://10.10.1.12:2379
-    cluster is healthy
-
-If that helper file is not available, create it with the following contents:
-
-.. code:: bash
-
-    #!/usr/bin/env bash
-
-    HOST=$(hostname)
-
-    etcdctl --endpoints https://127.0.0.1:2379 --ca-file=/etc/ssl/etcd/ssl/ca.pem --cert-file=/etc/ssl/etcd/ssl/member-$HOST.pem --key-file=/etc/ssl/etcd/ssl/member-$HOST-key.pem --debug cluster-health
-
-and then make it executable: ``chmod +x /usr/local/bin/etcd-health.sh``
-
-How to inspect tables and data manually
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. code:: sh
-
-    TODO
-
-
-.. _how-to-rolling-restart-an-etcd-cluster:
-
-How to rolling-restart an etcd cluster
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Etcd is a consistent and partition tolerant key-value store.  This means that
-Etcd nodes can be restarted (one by one) with no impact to the consistency of
-data, but there might a small time in which the database can not process
-writes. Etcd has a designated leader which decides ordering of events (and thus
-writes) in the cluster. When the leader crashes, a leadership election takes
-place.  During the leadership election, the cluster might be briefly
-unavailable for writes.  Writes during this period are queued up until a new
-leader is elected.  Any writes that were happening during the crash of the
-leader that were not acknowledged by the leader and the followers yet will be
-'lost'.  The client that performed this write will experience this as a write
-timeout. (Source: https://etcd.io/docs/v3.4.0/op-guide/failures/).  Client
-applications (like kubernetes) are expected to deal with this failure scenario
-gracefully.
-
-Etcd can be restarted in a rolling fashion, by cleanly shutting down and
-starting up  etcd servers one by one.  In Etcd 3.1 and up, when the leader is
-cleanly shut down, it will hand over leadership gracefully to another node,
-which will minimize the impact of write-availability as election time is
-reduced. (Source :
-https://kubernetes.io/blog/2018/12/11/etcd-current-status-and-future-roadmap/)
-Restarting follower nodes has no impact to availability.
-
-Etcd does load-balancing between servrvers on the client-side. This means that
-if a server you were talking to is being restarted, etcd will transparently
-redirect the request to another server. It's is thus safe to shut them down at
-any point.
-
-Now to perform a rolling restart of the cluster, do the following steps:
-
-1. Check your cluster is healthy (see above)
-2. Stop the process with ``systemctl stop etcd`` (this should be safe since etcd clients retry their operation if one endpoint becomes unavailable, see `this page <https://etcd.io/docs/v3.3.12/learning/client-architecture/>`__)
-3. Do any operation you need, if any. Like rebooting
-4. ``systemctl start etcd``
-5. Wait for your cluster to be healthy again.
-6. Do the same on the next server.
-
-*For more details please refer to the official documentation:* `Replacing a failed etcd member <https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#replacing-a-failed-etcd-member>`__
-
-
-.. _etcd_backup-and-restore:
-
-Backing up and restoring
-~~~~~~~~~~~~~~~~~~~~~~~~~
-Though as long as quorum is maintained in etcd there will be no dataloss, it is
-still good to prepare for the worst. If a disaster takes out too many nodes, then
-you might have to restore from an old backup.
-
-Luckily, etcd can take periodic snapshots of your cluster and these can be used
-in cases of disaster recovery. Information about how to do snapshots and
-restores can be found here:
-https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/recovery.md
-
-*For more details please refer to the official documentation:* `Backing up an etcd cluster <https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster>`__
-
-
-Troubleshooting
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-
-How to recover from a single unhealthy etcd node after virtual machine snapshot restore
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-After restoring an etcd machine from an earlier snapshot of the machine disk, etcd members may become unable to join.
-
-Symptoms: That etcd process is unable to start and crashes, and other etcd nodes can't reach it::
-
-    failed to check the health of member e767162297c84b1e on https://10.10.1.12:2379: Get https://10.10.1.12:2379/health: dial tcp 10.10.1.12:2379: getsockopt: connection refused
-    member e767162297c84b1e is unreachable: [https://10.10.1.12:2379] are all unreachable
-
-Logs from the crashing etcd::
-
-    (...)
-    Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.691409 I | raft: e767162297c84b1e [term: 28] received a MsgHeartbeat message with higher term from cca4e6f315097b3b [term: 30]
-    Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.691620 I | raft: e767162297c84b1e became follower at term 30
-    Sep 25 09:27:05 node2 etcd[20288]: 2019-09-25 07:27:05.692423 C | raft: tocommit(16152654) is out of range [lastIndex(16061986)]. Was the raft log corrupted, truncated, or lost?
-    Sep 25 09:27:05 node2 etcd[20288]: panic: tocommit(16152654) is out of range [lastIndex(16061986)]. Was the raft log corrupted, truncated, or lost?
-    Sep 25 09:27:05 node2 etcd[20288]: goroutine 90 [running]:
-    (...)
-
-
-Etcd will refuse nodes that run behind to join the cluster.  If a node has
-committed to a certain version of the raft log, it is expected not to jump back
-in time after that. In this scenario, we turned an etcd server off, made a
-snapshot of the virtual machine, brought it back online, and then restored the
-snapshot.  What went wrong is is that if you bring up a VM snapshot, it means
-the etcd node will now have an older raft log than it had before; even though
-it already gossiped to all other nodes that it has knowledge of newer entries. 
-
-As a safety precaution, the other nodes will reject the node that is travelling
-back in time, to avoid data corruption. A node could get corrupted for other
-reasons as well. Perhaps a disk is faulty and is serving wrong data. Either
-way, if you end up in a scenario where a node is unhealthy and will refuse to
-rejoin the cluster, it is time to do some operations to get the cluster back in
-a healthy state.
-
-It is not recommended to restore an etcd node from a vm snapshot, as that will
-cause these kind of time-travelling behaviours which will make the node
-unhealthy. To recover from this situation anyway,
-I quote from the etcdv2 admin guide https://github.com/etcd-io/etcd/blob/master/Documentation/v2/admin_guide.md
-
-   If a member’s data directory is ever lost or corrupted then the user should
-   remove the etcd member from the cluster using etcdctl tool.  A user should
-   avoid restarting an etcd member with a data directory from an out-of-date
-   backup. Using an out-of-date data directory can lead to inconsistency as the
-   member had agreed to store information via raft then re-joins saying it
-   needs that information again. For maximum safety, if an etcd member suffers
-   any sort of data corruption or loss, it must be removed from the cluster.
-   Once removed the member can be re-added with an empty data directory.
-
-
-Note that this piece of documentation is from etcdv2 and not etcdv3. However
-the etcdv3 docs describe a similar procedure here
-https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#replace-a-failed-machine
-
-
-The procedure to remove and add a member is documented here:
-https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member
-
-It is also documented in the kubernetes documentation:
-https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#replacing-a-failed-etcd-member
-
-So following the above guides step by step, we can recover our cluster to be
-healthy again.
-
-First let us make sure our broken member is stopped by runnning this on ``node``:
-
-.. code:: sh
-
-   systemctl stop etcd
-
-Now from a healthy node, e.g. ``node0`` remove the broken node 
-
-.. code:: sh
-
-   etcdctl3.sh  member remove e767162297c84b1e
-
-And we expect the output to be something like 
-
-.. code:: sh
-
-   Member e767162297c84b1e removed from cluster 432c10551aa096af
-
-
-By removing the member from the cluster, you signal the other nodes to not
-expect it to come back with the right state. It will be considered dead and
-removed from the peers.  This will allow the node to come up with an empty data
-directory and it not getting kicked out of the cluster. The cluster should now
-be healthy, but only have 2 members, and so it is not to resistent to crashes
-at the moment! As we can see if we run the health check from a healthy node.
-
-.. code:: sh
-
-   etcd-health.sh 
-
-And we expect only two nodes to be in the cluster::
-
-   Cluster-Endpoints: https://127.0.0.1:2379
-   cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
-   member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
-   member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
-   cluster is healthy
-
-Now from a healthy node, re-add the node you just removed. Make sure
-to replace the IP in the snippet below with the IP of the node you just removed.
-
-.. code:: sh
-
-   etcdctl3.sh member add etcd_2 --peer-urls https://10.10.1.12:2380
-
-And it should report that it has been added::
-
-   Member e13b1d076b2f9344 added to cluster 432c10551aa096af
-
-   ETCD_NAME="etcd_2"
-   ETCD_INITIAL_CLUSTER="etcd_1=https://10.10.1.11:2380,etcd_0=https://10.10.1.10:2380,etcd_2=https://10.10.1.12:2380"
-   ETCD_INITIAL_CLUSTER_STATE="existing"
-
-
-it should now be in the list as "unstarted"  instead of it not being in the list at all.
-
-.. code:: sh
-
-   etcdctl3.sh member list
-
-
-   7c37f7dc10558fae, started, etcd_1, https://10.10.1.11:2380, https://10.10.1.11:2379
-   cca4e6f315097b3b, started, etcd_0, https://10.10.1.10:2380, https://10.10.1.10:2379
-   e13b1d076b2f9344, unstarted, , https://10.10.1.12:2380, 
-
-
-Now on the broken node, remove the on-disk state, which was corrupted, and start etcd
-
-.. code:: sh
-
-   mv /var/lib/etcd /var/lib/etcd.bak
-   sudo systemctl start etcd
-
-If we run the health check now, the cluster should report its healthy now again.
-
-.. code:: sh
-
-   etcd-health.sh
-
-And indeed it outputs so::
-
-   Cluster-Endpoints: https://127.0.0.1:2379
-   cURL Command: curl -X GET https://127.0.0.1:2379/v2/members
-   member 7c37f7dc10558fae is healthy: got healthy result from https://10.10.1.11:2379
-   member cca4e6f315097b3b is healthy: got healthy result from https://10.10.1.10:2379
-   member e13b1d076b2f9344 is healthy: got healthy result from https://10.10.1.12:2379
-   cluster is healthy
-
-
-       
diff --git a/docs/src/how-to/administrate/general-linux.md b/docs/src/how-to/administrate/general-linux.md
new file mode 100644
index 0000000000..e0f6b694fe
--- /dev/null
+++ b/docs/src/how-to/administrate/general-linux.md
@@ -0,0 +1,67 @@
+# General - Linux
+
+```{eval-rst}
+.. include:: includes/intro.rst
+```
+
+## Which ports and network interface is my process running on?
+
+The following shows open TCP ports, and the related processes.
+
+```sh
+sudo netstat -antlp | grep LISTEN
+```
+
+which may yield output like this:
+
+```sh
+tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1536/sshd
+```
+
+(how-to-see-tls-certs)=
+
+## How can I see if my TLS certificates are configured the way I expect?
+
+```{note}
+The following assumes you're querying a server from outside (e.g. your laptop). See the next section if operating on a server from an SSH session.
+```
+
+You can use openssl to check, with e.g.
+
+```sh
+DOMAIN=example.com
+PORT=443
+echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT
+```
+
+or
+
+```sh
+DOMAIN=example.com
+PORT=443
+echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text
+```
+
+To see only the validity (expiration):
+
+```sh
+DOMAIN=example.com
+PORT=443
+echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2
+```
+
+## How can I see if my TLS certificates are configured the way I expect (special case kubernetes from a kubernetes machine)
+
+When you first SSH to a kubernetes node, depending on the setup, DNS may not resolve, in which case you can use the `-servername` parameter:
+
+```sh
+# the IP of the network interface that kubernetes is listening on. 127.0.0.1 may or may not work depending on the installation. It's one of those from
+# ifconfig | grep "inet addr"
+IP=1.2.3.4
+# PORT can be 443 or 31773, depending on the installation
+PORT=443
+# not the root domain, but one of the 5 subdomains for which kubernetes is serving traffic
+DOMAIN=app.example.com
+
+echo Q | openssl s_client -showcerts -servername $DOMAIN -connect $IP:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2
+```
diff --git a/docs/src/how-to/administrate/general-linux.rst b/docs/src/how-to/administrate/general-linux.rst
deleted file mode 100644
index a2c8d81d1d..0000000000
--- a/docs/src/how-to/administrate/general-linux.rst
+++ /dev/null
@@ -1,69 +0,0 @@
-General - Linux
---------------------------
-
-.. include:: includes/intro.rst
-
-Which ports and network interface is my process running on?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following shows open TCP ports, and the related processes.
-
-.. code:: sh
-
-   sudo netstat -antlp | grep LISTEN
-
-which may yield output like this:
-
-.. code:: sh
-
-   tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1536/sshd
-
-.. _how-to-see-tls-certs:
-
-How can I see if my TLS certificates are configured the way I expect?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-   The following assumes you're querying a server from outside (e.g. your laptop). See the next section if operating on a server from an SSH session.
-
-You can use openssl to check, with e.g.
-
-.. code:: sh
-
-   DOMAIN=example.com
-   PORT=443
-   echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT
-
-or
-
-.. code:: sh
-
-   DOMAIN=example.com
-   PORT=443
-   echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text
-
-To see only the validity (expiration):
-
-.. code:: sh
-
-   DOMAIN=example.com
-   PORT=443
-   echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2
-
-
-How can I see if my TLS certificates are configured the way I expect (special case kubernetes from a kubernetes machine)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When you first SSH to a kubernetes node, depending on the setup, DNS may not resolve, in which case you can use the ``-servername`` parameter:
-
-.. code:: sh
-
-   # the IP of the network interface that kubernetes is listening on. 127.0.0.1 may or may not work depending on the installation. It's one of those from
-   # ifconfig | grep "inet addr"
-   IP=1.2.3.4
-   # PORT can be 443 or 31773, depending on the installation
-   PORT=443
-   # not the root domain, but one of the 5 subdomains for which kubernetes is serving traffic
-   DOMAIN=app.example.com
-
-   echo Q | openssl s_client -showcerts -servername $DOMAIN -connect $IP:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2
diff --git a/docs/src/how-to/administrate/index.md b/docs/src/how-to/administrate/index.md
new file mode 100644
index 0000000000..5f6dd1ab72
--- /dev/null
+++ b/docs/src/how-to/administrate/index.md
@@ -0,0 +1,12 @@
+# Administrate components after successful installation
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+
+Kubernetes <kubernetes/index.rst>
+
+*
+```
+
+% TODO: .. include:: administration/redis.rst
diff --git a/docs/src/how-to/administrate/index.rst b/docs/src/how-to/administrate/index.rst
deleted file mode 100644
index 5995a82a3c..0000000000
--- a/docs/src/how-to/administrate/index.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-Administrate components after successful installation
-=====================================================
-
-.. toctree::
-    :maxdepth: 2
-    :glob:
-
-    Kubernetes <kubernetes/index.rst>
-
-    *
-
-..
-    TODO: .. include:: administration/redis.rst
-
diff --git a/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.md b/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.md
new file mode 100644
index 0000000000..ae9323d55f
--- /dev/null
+++ b/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.md
@@ -0,0 +1,10 @@
+# Certificate renewal
+
+```{toctree}
+:glob: true
+:maxdepth: 1
+
+*
+```
+
+%
diff --git a/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.rst b/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.rst
deleted file mode 100644
index b782d3b107..0000000000
--- a/docs/src/how-to/administrate/kubernetes/certificate-renewal/index.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-Certificate renewal
-===================
-
-.. toctree::
-    :maxdepth: 1
-    :glob:
-
-    *
-
-..
\ No newline at end of file
diff --git a/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.md b/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.md
new file mode 100644
index 0000000000..316b644cd0
--- /dev/null
+++ b/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.md
@@ -0,0 +1,241 @@
+# How to renew certificates on kubernetes 1.14.x
+
+Kubernetes-internal certificates by default (see assumptions) expire after one year. Without renewal, your installation will cease to function.
+This page explains how to renew certificates.
+
+## Assumptions
+
+- Kubernetes version 1.14.x
+
+- installed with the help of [Kubespray](https://github.com/kubernetes-sigs/kubespray)
+
+  - This page was tested using kubespray release 2.10 branch from 2019-05-20, i.e. commit `e2f5a9748e4dbfe2fdba7931198b0b5f1f4bdc7e`.
+
+- setup: 3 scheduled nodes, each hosting master (control plane) +
+  worker (kubelet) + etcd (cluster state, key-value database)
+
+*NOTE: due to Kubernetes being installed with Kubespray, the Kubernetes
+CAs (expire after 10yr) as well as certificates involved in etcd
+communication (expire after 100yr) are not required to be renewed (any
+time soon).*
+
+**Official documentation:**
+
+- [Certificate Management with kubeadm (v1.14)](https://v1-14.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/)
+- [PKI certificates and requirements (v1.14)](https://v1-14.docs.kubernetes.io/docs/setup/best-practices/certificates/)
+
+## High-level description
+
+1. verify current expiration date
+2. issue new certificates
+3. generate new client configuration (aka kubeconfig file)
+4. restart control plane
+5. drain node - restart kubelet - uncordon node again
+6. repeat 3-5 on all other nodes
+
+## Step-by-step instructions
+
+*Please note, that the following instructions may require privileged
+execution. So, either switch to a privileged user or prepend following
+statements with \`\`sudo\`\`. In any case, it is most likely that every
+newly created file has to be owned by \`\`root\`\`, depending on kow
+Kubernetes was installed.*
+
+1. Verify current expiration date on each node
+
+```bash
+export K8S_CERT_DIR=/etc/kubernetes/pki
+export ETCD_CERT_DIR=/etc/ssl/etcd/ssl
+export KUBELET_CERT_DIR=/var/lib/kubelet/pki
+
+
+for crt in ${K8S_CERT_DIR}/*.crt; do
+    expirationDate=$(openssl x509 -noout -text -in ${crt} | grep After | sed -e 's/^[[:space:]]*//')
+    echo "$(basename ${crt}) -- ${expirationDate}"
+done
+
+
+for crt in $(ls ${ETCD_CERT_DIR}/*.pem | grep -v 'key'); do
+    expirationDate=$(openssl x509 -noout -text -in ${crt} | grep After | sed -e 's/^[[:space:]]*//')
+    echo "$(basename ${crt}) -- ${expirationDate}"
+done
+
+echo "kubelet-client-current.pem -- $(openssl x509 -noout -text -in ${KUBELET_CERT_DIR}/kubelet-client-current.pem | grep After | sed -e 's/^[[:space:]]*//')"
+echo "kubelet.crt -- $(openssl x509 -noout -text -in ${KUBELET_CERT_DIR}/kubelet.crt | grep After | sed -e 's/^[[:space:]]*//')"
+
+
+# MASTER: api-server cert
+echo -n | openssl s_client -connect localhost:6443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
+# MASTER: controller-manager cert
+echo -n | openssl s_client -connect localhost:10257 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
+# MASTER: scheduler cert
+echo -n | openssl s_client -connect localhost:10259 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
+
+# WORKER: kubelet cert
+echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
+```
+
+2. Allocate a terminal session on one node and backup existing
+   certificates & configurations
+
+```bash
+cd /etc/kubernetes
+
+cp -r ./ssl ./ssl.bkp
+
+cp admin.conf admin.conf.bkp
+cp controller-manager.conf controller-manager.conf.bkp
+cp scheduler.conf scheduler.conf.bkp
+cp kubelet.conf kubelet.conf.bkp
+```
+
+3. Renew certificates on that very node
+
+```bash
+kubeadm alpha certs renew apiserver
+kubeadm alpha certs renew apiserver-kubelet-client
+kubeadm alpha certs renew front-proxy-client
+```
+
+*Looking at the timestamps of the certificates, it is indicated, that apicerver, kubelet & proxy-client have been
+renewed. This can be confirmed, by executing parts of (1).*
+
+```
+root@kubenode01:/etc/kubernetes$ ls -al ./ssl
+total 56
+drwxr-xr-x 2 kube root 4096 Mar 20 17:09 .
+drwxr-xr-x 5 kube root 4096 Mar 20 17:08 ..
+-rw-r--r-- 1 root root 1517 Mar 20 15:12 apiserver.crt
+-rw------- 1 root root 1675 Mar 20 15:12 apiserver.key
+-rw-r--r-- 1 root root 1099 Mar 20 15:13 apiserver-kubelet-client.crt
+-rw------- 1 root root 1675 Mar 20 15:13 apiserver-kubelet-client.key
+-rw-r--r-- 1 root root 1025 Sep 23 14:53 ca.crt
+-rw------- 1 root root 1679 Sep 23 14:53 ca.key
+-rw-r--r-- 1 root root 1038 Sep 23 14:53 front-proxy-ca.crt
+-rw------- 1 root root 1679 Sep 23 14:53 front-proxy-ca.key
+-rw-r--r-- 1 root root 1058 Mar 20 15:13 front-proxy-client.crt
+-rw------- 1 root root 1675 Mar 20 15:13 front-proxy-client.key
+-rw------- 1 root root 1679 Sep 23 14:53 sa.key
+-rw------- 1 root root  451 Sep 23 14:53 sa.pub
+```
+
+4. Based on those renewed certificates, generate new kubeconfig files
+
+The first command assumes it's being executed on a master node. You may need to swap `masters` with `nodes` in
+case you are on a different sort of machines.
+
+```bash
+kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin  > /etc/kubernetes/admin.conf
+kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf
+kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf
+```
+
+*Again, check if ownership and permission for these files are the same
+as all the others around them.*
+
+And, in case you are operating the cluster from the current node, you may want to replace the user's kubeconfig.
+Afterwards, compare the backup version with the new one, to see if any configuration (e.g. pre-configured *namespace*)
+might need to be moved over, too.
+
+```bash
+mv ~/.kube/config ~/.kube/config.bkp
+cp /etc/kubernetes/admin.conf ~/.kube/config
+chown $(id -u):$(id -g) ~/.kube/config
+chmod 770 ~/.kube/config
+```
+
+5. Now that certificates and configuration files are in place, the
+   control plane must be restarted. They typically run in containers, so
+   the easiest way to trigger a restart, is to kill the processes
+   running in there. Use (1) to verify, that the expiration dates indeed
+   have been changed.
+
+```bash
+kill -s SIGHUP $(pidof kube-apiserver)
+kill -s SIGHUP $(pidof kube-controller-manager)
+kill -s SIGHUP $(pidof kube-scheduler)
+```
+
+6. Make *kubelet* aware of the new certificate
+
+1) Drain the node
+
+```
+kubectl drain --delete-local-data --ignore-daemonsets $(hostname)
+```
+
+2. Stop the kubelet process
+
+```
+systemctl stop kubelet
+```
+
+3. Remove old certificates and configuration
+
+```
+mv /var/lib/kubelet/pki{,old}
+mkdir /var/lib/kubelet/pki
+```
+
+4. Generate new kubeconfig file for the kubelet
+
+```
+kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
+```
+
+5. Start kubelet again
+
+```
+systemctl start kubelet
+```
+
+6. \[Optional\] Verify kubelet has recognized certificate rotation
+
+```
+sleep 5 && systemctl status kubelet
+```
+
+7. Allow workload to be scheduled again on the node
+
+```
+kubectl uncordon $(hostname)
+```
+
+7. Copy certificates over to all the other nodes
+
+Option A - you can ssh from one kubernetes node to another
+
+```bash
+# set the ip or hostname:
+export NODE2=root@ip-or-hostname
+export NODE3=...
+
+scp ./ssl/apiserver.* "${NODE2}:/etc/kubernetes/ssl/"
+scp ./ssl/apiserver.* "${NODE3}:/etc/kubernetes/ssl/"
+
+scp ./ssl/apiserver-kubelet-client.* "${NODE2}:/etc/kubernetes/ssl/"
+scp ./ssl/apiserver-kubelet-client.* "${NODE3}:/etc/kubernetes/ssl/"
+
+scp ./ssl/front-proxy-client.* "${NODE2}:/etc/kubernetes/ssl/"
+scp ./ssl/front-proxy-client.* "${NODE3}:/etc/kubernetes/ssl/"
+```
+
+Option B - copy via local administrator's machine
+
+```bash
+# set the ip or hostname:
+export NODE1=root@ip-or-hostname
+export NODE2=
+export NODE3=
+
+scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver.*" "${NODE2}:/etc/kubernetes/ssl/"
+scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver.*" "${NODE3}:/etc/kubernetes/ssl/"
+
+scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver-kubelet-client.*" "${NODE2}:/etc/kubernetes/ssl/"
+scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver-kubelet-client.*" "${NODE3}:/etc/kubernetes/ssl/"
+
+scp -3 "${NODE1}:/etc/kubernetes/ssl/front-proxy-client.*" "${NODE2}:/etc/kubernetes/ssl/"
+scp -3 "${NODE1}:/etc/kubernetes/ssl/front-proxy-client.*" "${NODE3}:/etc/kubernetes/ssl/"
+```
+
+8. Continue again with (4) for each node that is left
diff --git a/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.rst b/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.rst
deleted file mode 100644
index 2db6f4f178..0000000000
--- a/docs/src/how-to/administrate/kubernetes/certificate-renewal/scenario-1_k8s-v1.14-kubespray.rst
+++ /dev/null
@@ -1,244 +0,0 @@
-How to renew certificates on kubernetes 1.14.x
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Kubernetes-internal certificates by default (see assumptions) expire after one year. Without renewal, your installation will cease to function.
-This page explains how to renew certificates.
-
-Assumptions
------------
-
--  Kubernetes version 1.14.x
--  installed with the help of `Kubespray <https://github.com/kubernetes-sigs/kubespray>`__
-
-   - This page was tested using kubespray release 2.10 branch from 2019-05-20, i.e. commit ``e2f5a9748e4dbfe2fdba7931198b0b5f1f4bdc7e``.
--  setup: 3 scheduled nodes, each hosting master (control plane) +
-   worker (kubelet) + etcd (cluster state, key-value database)
-
-*NOTE: due to Kubernetes being installed with Kubespray, the Kubernetes
-CAs (expire after 10yr) as well as certificates involved in etcd
-communication (expire after 100yr) are not required to be renewed (any
-time soon).*
-
-**Official documentation:**
-
-* `Certificate Management with kubeadm (v1.14) <https://v1-14.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/>`__
-* `PKI certificates and requirements (v1.14) <https://v1-14.docs.kubernetes.io/docs/setup/best-practices/certificates/>`__
-
-High-level description
-----------------------
-
-1. verify current expiration date
-2. issue new certificates
-3. generate new client configuration (aka kubeconfig file)
-4. restart control plane
-5. drain node - restart kubelet - uncordon node again
-6. repeat 3-5 on all other nodes
-
-Step-by-step instructions
--------------------------
-
-*Please note, that the following instructions may require privileged
-execution. So, either switch to a privileged user or prepend following
-statements with ``sudo``. In any case, it is most likely that every
-newly created file has to be owned by ``root``, depending on kow
-Kubernetes was installed.*
-
-1. Verify current expiration date on each node
-
-.. code:: bash
-
-
-   export K8S_CERT_DIR=/etc/kubernetes/pki
-   export ETCD_CERT_DIR=/etc/ssl/etcd/ssl
-   export KUBELET_CERT_DIR=/var/lib/kubelet/pki
-
-
-   for crt in ${K8S_CERT_DIR}/*.crt; do
-       expirationDate=$(openssl x509 -noout -text -in ${crt} | grep After | sed -e 's/^[[:space:]]*//')
-       echo "$(basename ${crt}) -- ${expirationDate}"
-   done
-
-
-   for crt in $(ls ${ETCD_CERT_DIR}/*.pem | grep -v 'key'); do
-       expirationDate=$(openssl x509 -noout -text -in ${crt} | grep After | sed -e 's/^[[:space:]]*//')
-       echo "$(basename ${crt}) -- ${expirationDate}"
-   done
-
-   echo "kubelet-client-current.pem -- $(openssl x509 -noout -text -in ${KUBELET_CERT_DIR}/kubelet-client-current.pem | grep After | sed -e 's/^[[:space:]]*//')"
-   echo "kubelet.crt -- $(openssl x509 -noout -text -in ${KUBELET_CERT_DIR}/kubelet.crt | grep After | sed -e 's/^[[:space:]]*//')"
-
-
-   # MASTER: api-server cert
-   echo -n | openssl s_client -connect localhost:6443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
-   # MASTER: controller-manager cert
-   echo -n | openssl s_client -connect localhost:10257 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
-   # MASTER: scheduler cert
-   echo -n | openssl s_client -connect localhost:10259 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
-
-   # WORKER: kubelet cert
-   echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout | grep Not
-
-2. Allocate a terminal session on one node and backup existing
-   certificates & configurations
-
-.. code:: bash
-
-   cd /etc/kubernetes
-
-   cp -r ./ssl ./ssl.bkp
-
-   cp admin.conf admin.conf.bkp
-   cp controller-manager.conf controller-manager.conf.bkp
-   cp scheduler.conf scheduler.conf.bkp
-   cp kubelet.conf kubelet.conf.bkp
-
-3. Renew certificates on that very node
-
-.. code:: bash
-
-   kubeadm alpha certs renew apiserver
-   kubeadm alpha certs renew apiserver-kubelet-client
-   kubeadm alpha certs renew front-proxy-client
-
-*Looking at the timestamps of the certificates, it is indicated, that apicerver, kubelet & proxy-client have been
-renewed. This can be confirmed, by executing parts of (1).*
-
-::
-
-   root@kubenode01:/etc/kubernetes$ ls -al ./ssl
-   total 56
-   drwxr-xr-x 2 kube root 4096 Mar 20 17:09 .
-   drwxr-xr-x 5 kube root 4096 Mar 20 17:08 ..
-   -rw-r--r-- 1 root root 1517 Mar 20 15:12 apiserver.crt
-   -rw------- 1 root root 1675 Mar 20 15:12 apiserver.key
-   -rw-r--r-- 1 root root 1099 Mar 20 15:13 apiserver-kubelet-client.crt
-   -rw------- 1 root root 1675 Mar 20 15:13 apiserver-kubelet-client.key
-   -rw-r--r-- 1 root root 1025 Sep 23 14:53 ca.crt
-   -rw------- 1 root root 1679 Sep 23 14:53 ca.key
-   -rw-r--r-- 1 root root 1038 Sep 23 14:53 front-proxy-ca.crt
-   -rw------- 1 root root 1679 Sep 23 14:53 front-proxy-ca.key
-   -rw-r--r-- 1 root root 1058 Mar 20 15:13 front-proxy-client.crt
-   -rw------- 1 root root 1675 Mar 20 15:13 front-proxy-client.key
-   -rw------- 1 root root 1679 Sep 23 14:53 sa.key
-   -rw------- 1 root root  451 Sep 23 14:53 sa.pub
-
-4. Based on those renewed certificates, generate new kubeconfig files
-
-The first command assumes it's being executed on a master node. You may need to swap ``masters`` with ``nodes`` in
-case you are on a different sort of machines.
-
-.. code:: bash
-
-   kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin  > /etc/kubernetes/admin.conf
-   kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf
-   kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf
-
-*Again, check if ownership and permission for these files are the same
-as all the others around them.*
-
-And, in case you are operating the cluster from the current node, you may want to replace the user's kubeconfig.
-Afterwards, compare the backup version with the new one, to see if any configuration (e.g. pre-configured *namespace*)
-might need to be moved over, too.
-
-.. code:: bash
-
-    mv ~/.kube/config ~/.kube/config.bkp
-    cp /etc/kubernetes/admin.conf ~/.kube/config
-    chown $(id -u):$(id -g) ~/.kube/config
-    chmod 770 ~/.kube/config
-
-5. Now that certificates and configuration files are in place, the
-   control plane must be restarted. They typically run in containers, so
-   the easiest way to trigger a restart, is to kill the processes
-   running in there. Use (1) to verify, that the expiration dates indeed
-   have been changed.
-
-.. code:: bash
-
-   kill -s SIGHUP $(pidof kube-apiserver)
-   kill -s SIGHUP $(pidof kube-controller-manager)
-   kill -s SIGHUP $(pidof kube-scheduler)
-
-6. Make *kubelet* aware of the new certificate
-
-a) Drain the node
-
-::
-
-   kubectl drain --delete-local-data --ignore-daemonsets $(hostname)
-
-b) Stop the kubelet process
-
-::
-
-   systemctl stop kubelet
-
-c) Remove old certificates and configuration
-
-::
-
-   mv /var/lib/kubelet/pki{,old}
-   mkdir /var/lib/kubelet/pki
-
-d) Generate new kubeconfig file for the kubelet
-
-::
-
-   kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
-
-e) Start kubelet again
-
-::
-
-   systemctl start kubelet
-
-f) [Optional] Verify kubelet has recognized certificate rotation
-
-::
-
-   sleep 5 && systemctl status kubelet
-
-g) Allow workload to be scheduled again on the node
-
-::
-
-   kubectl uncordon $(hostname)
-
-7. Copy certificates over to all the other nodes
-
-Option A - you can ssh from one kubernetes node to another
-
-.. code:: bash
-
-   # set the ip or hostname:
-   export NODE2=root@ip-or-hostname
-   export NODE3=...
-
-   scp ./ssl/apiserver.* "${NODE2}:/etc/kubernetes/ssl/"
-   scp ./ssl/apiserver.* "${NODE3}:/etc/kubernetes/ssl/"
-
-   scp ./ssl/apiserver-kubelet-client.* "${NODE2}:/etc/kubernetes/ssl/"
-   scp ./ssl/apiserver-kubelet-client.* "${NODE3}:/etc/kubernetes/ssl/"
-
-   scp ./ssl/front-proxy-client.* "${NODE2}:/etc/kubernetes/ssl/"
-   scp ./ssl/front-proxy-client.* "${NODE3}:/etc/kubernetes/ssl/"
-
-Option B - copy via local administrator's machine
-
-.. code:: bash
-
-   # set the ip or hostname:
-   export NODE1=root@ip-or-hostname
-   export NODE2=
-   export NODE3=
-
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver.*" "${NODE2}:/etc/kubernetes/ssl/"
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver.*" "${NODE3}:/etc/kubernetes/ssl/"
-
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver-kubelet-client.*" "${NODE2}:/etc/kubernetes/ssl/"
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/apiserver-kubelet-client.*" "${NODE3}:/etc/kubernetes/ssl/"
-
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/front-proxy-client.*" "${NODE2}:/etc/kubernetes/ssl/"
-   scp -3 "${NODE1}:/etc/kubernetes/ssl/front-proxy-client.*" "${NODE3}:/etc/kubernetes/ssl/"
-
-8. Continue again with (4) for each node that is left
diff --git a/docs/src/how-to/administrate/kubernetes/index.md b/docs/src/how-to/administrate/kubernetes/index.md
new file mode 100644
index 0000000000..cc2c6a0143
--- /dev/null
+++ b/docs/src/how-to/administrate/kubernetes/index.md
@@ -0,0 +1,20 @@
+# Kubernetes
+
+```{note}
+These are not the official documentations you are looking for.
+[This way](https://kubernetes.io/docs/tasks/administer-cluster/) please.
+
+The content referred below merely contains either some deviation from upstream or
+additional information enriched here and there with shortcuts to the official documentation.
+```
+
+```{toctree}
+:glob: true
+:maxdepth: 1
+
+Certificate renewal <certificate-renewal/index.rst>
+How to restart a machine that is part of a Kubernetes cluster? <restart-machines/index.rst>
+How to upgrade Kubernetes? <upgrade-cluster/index.rst>
+```
+
+%
diff --git a/docs/src/how-to/administrate/kubernetes/index.rst b/docs/src/how-to/administrate/kubernetes/index.rst
deleted file mode 100644
index 2e6fcd71da..0000000000
--- a/docs/src/how-to/administrate/kubernetes/index.rst
+++ /dev/null
@@ -1,21 +0,0 @@
-Kubernetes
-==========
-
-.. note::
-
-    These are not the official documentations you are looking for.
-    `This way <https://kubernetes.io/docs/tasks/administer-cluster/>`__ please.
-
-    The content referred below merely contains either some deviation from upstream or
-    additional information enriched here and there with shortcuts to the official documentation.
-
-
-.. toctree::
-    :maxdepth: 1
-    :glob:
-
-    Certificate renewal <certificate-renewal/index.rst>
-    How to restart a machine that is part of a Kubernetes cluster? <restart-machines/index.rst>
-    How to upgrade Kubernetes? <upgrade-cluster/index.rst>
-
-..
diff --git a/docs/src/how-to/administrate/kubernetes/restart-machines/index.md b/docs/src/how-to/administrate/kubernetes/restart-machines/index.md
new file mode 100644
index 0000000000..0323efcf2d
--- /dev/null
+++ b/docs/src/how-to/administrate/kubernetes/restart-machines/index.md
@@ -0,0 +1,42 @@
+(restarting-a-machine-in-a-kubernetes-cluster)=
+
+# Restarting a machine in a Kubernetes cluster
+
+```{note}
+1. Know which kind of machine is going to be restarted
+
+   > 1. control plane (api-server, controllers, etc.)
+   > 2. node (runs actual workload, e.g. *Brig* or *Webapp*)
+   > 3. *a* and *b* combined
+
+2. The kind of machine in question must be deployed redundantly
+
+3. Take out machines in a rolling fashion (sequentially, one at a time)
+```
+
+## Control plane
+
+Depending on whether *etcd* is hosted on the same machine alongside the control plane (common practise), you need
+to take its implications into account (see {ref}`How to rolling-restart an etcd cluster <how-to-rolling-restart-an-etcd-cluster>`)
+when restarting a machine.
+
+Regardless of where *etcd* is located, before turning off any machine that is part of the control plane, one should
+{ref}`back up the cluster state <etcd-backup-and-restore>`.
+
+If a part of the control plane does not run sufficiently redundant, it is advised to prevent any mutating interaction
+during the procedure, until the cluster is healthy again.
+
+```bash
+kubectl get nodes
+```
+
+## Node
+
+```{rubric} High-level steps:
+```
+
+1. Drain the node so that all workload is rescheduled on other nodes
+2. Restart / Update / Decommission
+3. Mark the node as being schedulable again (if not decommissioned)
+
+*For more details please refer to the official documentation:* [Safely Drain a Node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/)
diff --git a/docs/src/how-to/administrate/kubernetes/restart-machines/index.rst b/docs/src/how-to/administrate/kubernetes/restart-machines/index.rst
deleted file mode 100644
index 4f4a315a93..0000000000
--- a/docs/src/how-to/administrate/kubernetes/restart-machines/index.rst
+++ /dev/null
@@ -1,45 +0,0 @@
-.. _restarting-a-machine-in-a-kubernetes-cluster:
-
-Restarting a machine in a Kubernetes cluster
-============================================
-
-.. note::
-
-    1. Know which kind of machine is going to be restarted
-
-        a) control plane (api-server, controllers, etc.)
-        b) node (runs actual workload, e.g. *Brig* or *Webapp*)
-        c) *a* and *b* combined
-
-    2. The kind of machine in question must be deployed redundantly
-    3. Take out machines in a rolling fashion (sequentially, one at a time)
-
-
-Control plane
-~~~~~~~~~~~~~
-
-Depending on whether *etcd* is hosted on the same machine alongside the control plane (common practise), you need
-to take its implications into account (see :ref:`How to rolling-restart an etcd cluster <how-to-rolling-restart-an-etcd-cluster>`)
-when restarting a machine.
-
-Regardless of where *etcd* is located, before turning off any machine that is part of the control plane, one should
-:ref:`back up the cluster state <etcd_backup-and-restore>`.
-
-If a part of the control plane does not run sufficiently redundant, it is advised to prevent any mutating interaction
-during the procedure, until the cluster is healthy again.
-
-.. code:: bash
-
-    kubectl get nodes
-
-
-Node
-~~~~
-
-.. rubric:: High-level steps:
-
-1. Drain the node so that all workload is rescheduled on other nodes
-2. Restart / Update / Decommission
-3. Mark the node as being schedulable again (if not decommissioned)
-
-*For more details please refer to the official documentation:* `Safely Drain a Node <https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/>`__
diff --git a/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md b/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
new file mode 100644
index 0000000000..739ae7ee2c
--- /dev/null
+++ b/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
@@ -0,0 +1,75 @@
+# Upgrading a Kubernetes cluster
+
+Before upgrading Kubernetes, a couple of aspects should be taken into account:
+
+- downtime is (not) permitted
+- stateful backing services that run outside or on top of Kubernetes
+
+As a result the following questions arise:
+
+1. Is an in-place upgrade required (reuse existing machines) or is it possible to
+   deploy a second cluster right next to the first one and install Wire on top?
+2. How was the Kubernetes cluster deployed?
+
+Depending on the deployment method, the upgrade procedure may vary. It may be reasonable to test
+the upgrade in a non-production environment first.
+Regardless of the deployment method, it is recommended to {ref}`back up the cluster state
+<etcd-backup-and-restore>` before starting to upgrade the cluster. Additional background knowledge
+can be found in the section about {ref}`restarting a machine in an kubernetes cluster <restarting-a-machine-in-a-kubernetes-cluster>`.
+
+```{warning}
+For an in-place upgrade, it is *NOT* recommended to go straight to the latest Kubernetes
+version. Instead, one should upgrade step by step between each minor version.
+```
+
+## Manually
+
+Doing an upgrade by hand is cumbersome and error-prone, which is why there are tools and
+automation for this procedure. The high-level steps would be:
+
+1. upgrade the control plane (also see a more detailed [list](https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/#manual-deployments))
+   : 1. all *etcd* instances
+     2. api-server on each control-plane host
+     3. controllers, scheduler,
+2. upgrade the nodes (order may vary, depending on whether the kube-components run in containers)
+   : - kubelet
+     - kube-proxy
+     - container runtime
+3. then upgrade the clients (`kubectl`, e.g. on workstations or in pipelines)
+
+*For more details, please refer to the official documentation:*
+[Upgrade A Cluster](https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/)
+
+## Kubespray (Ansible)
+
+Kubespray comes with a dedicated playbook that should be used to perform the upgrade:
+`upgrade-cluster.yml`. Before running the playbook, make sure that the right Kubespray version
+is being used. Each Kubespray version supports only a small and sliding window of Kubernetes
+versions (check `kube_version` & `kube_version_min_required` in `roles/kubespray-defaults/defaults/main.yaml`
+for a given [release version tag](https://github.com/kubernetes-sigs/kubespray/releases)).
+
+The commands may look similar to this example (assuming Kubernetes v1.18 version installed
+with Kubespray 2.14):
+
+```bash
+git clone https://github.com/kubernetes-sigs/kubespray
+cd kubespray
+git checkout release-2.15
+${EDITOR} roles/kubespray-defaults/defaults/main.yaml
+
+ansible-playbook -i ./../path/my/inventory-dir -e kube_version=v1.19.7 ./upgrade-cluster.yml
+```
+
+% TODO: adjust the example showing how to run this with wire-server-deploy a/o the offline toolchain container image
+
+% TODO: add ref to the part of this documentation that talks about the air-gapped installation
+
+Kubespray takes care of bringing the new binaries into position on each machine, restarting
+the components, and draining/uncordon nodes.
+
+*For more details please refer to the official documentation:*
+[Upgrading Kubernetes in Kubespray](https://kubespray.io/#/docs/upgrades)
+
+## Kubeadm
+
+Please refer to the *official documentation:* [Upgrading kubeadm clusters](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/)
diff --git a/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.rst b/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.rst
deleted file mode 100644
index 1c09a137f9..0000000000
--- a/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.rst
+++ /dev/null
@@ -1,82 +0,0 @@
-Upgrading a Kubernetes cluster
-==============================
-
-Before upgrading Kubernetes, a couple of aspects should be taken into account:
-
-* downtime is (not) permitted
-* stateful backing services that run outside or on top of Kubernetes
-
-As a result the following questions arise:
-
-1. Is an in-place upgrade required (reuse existing machines) or is it possible to
-   deploy a second cluster right next to the first one and install Wire on top?
-2. How was the Kubernetes cluster deployed?
-
-Depending on the deployment method, the upgrade procedure may vary. It may be reasonable to test
-the upgrade in a non-production environment first.
-Regardless of the deployment method, it is recommended to :ref:`back up the cluster state
-<etcd_backup-and-restore>` before starting to upgrade the cluster. Additional background knowledge
-can be found in the section about :ref:`restarting a machine in an kubernetes cluster <restarting-a-machine-in-a-kubernetes-cluster>`.
-
-
-.. warning::
-
-    For an in-place upgrade, it is *NOT* recommended to go straight to the latest Kubernetes
-    version. Instead, one should upgrade step by step between each minor version.
-
-
-Manually
-~~~~~~~~
-
-Doing an upgrade by hand is cumbersome and error-prone, which is why there are tools and
-automation for this procedure. The high-level steps would be:
-
-1. upgrade the control plane (also see a more detailed `list <https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/#manual-deployments>`__)
-    a) all *etcd* instances
-    b) api-server on each control-plane host
-    c) controllers, scheduler,
-2. upgrade the nodes (order may vary, depending on whether the kube-components run in containers)
-    * kubelet
-    * kube-proxy
-    * container runtime
-3. then upgrade the clients (``kubectl``, e.g. on workstations or in pipelines)
-
-*For more details, please refer to the official documentation:*
-`Upgrade A Cluster <https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/>`__
-
-
-Kubespray (Ansible)
-~~~~~~~~~~~~~~~~~~~
-
-Kubespray comes with a dedicated playbook that should be used to perform the upgrade:
-``upgrade-cluster.yml``. Before running the playbook, make sure that the right Kubespray version
-is being used. Each Kubespray version supports only a small and sliding window of Kubernetes
-versions (check ``kube_version`` & ``kube_version_min_required`` in ``roles/kubespray-defaults/defaults/main.yaml``
-for a given `release version tag <https://github.com/kubernetes-sigs/kubespray/releases>`__).
-
-The commands may look similar to this example (assuming Kubernetes v1.18 version installed
-with Kubespray 2.14):
-
-.. code:: bash
-
-    git clone https://github.com/kubernetes-sigs/kubespray
-    cd kubespray
-    git checkout release-2.15
-    ${EDITOR} roles/kubespray-defaults/defaults/main.yaml
-
-    ansible-playbook -i ./../path/my/inventory-dir -e kube_version=v1.19.7 ./upgrade-cluster.yml
-
-.. TODO: adjust the example showing how to run this with wire-server-deploy a/o the offline toolchain container image
-.. TODO: add ref to the part of this documentation that talks about the air-gapped installation
-
-Kubespray takes care of bringing the new binaries into position on each machine, restarting
-the components, and draining/uncordon nodes.
-
-*For more details please refer to the official documentation:*
-`Upgrading Kubernetes in Kubespray <https://kubespray.io/#/docs/upgrades>`__
-
-
-Kubeadm
-~~~~~~~
-
-Please refer to the *official documentation:* `Upgrading kubeadm clusters <https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/>`__
diff --git a/docs/src/how-to/administrate/minio.rst b/docs/src/how-to/administrate/minio.md
similarity index 58%
rename from docs/src/how-to/administrate/minio.rst
rename to docs/src/how-to/administrate/minio.md
index 6953d1355c..1a79ba648d 100644
--- a/docs/src/how-to/administrate/minio.rst
+++ b/docs/src/how-to/administrate/minio.md
@@ -1,20 +1,18 @@
-Minio
-------
+# Minio
 
+```{eval-rst}
 .. include:: includes/intro.rst
+```
 
-This section only covers the bare minimum, for more information, see the `minio documentation <https://docs.min.io/>`__
+This section only covers the bare minimum, for more information, see the [minio documentation](https://docs.min.io/)
 
-
-Should you be using minio?
-===========================
+## Should you be using minio?
 
 Minio can be used to emulate an S3-compatible setup. When a native S3-like
 storage provider is already present in your network or cloud provider, we
 advise using that instead.
 
-Setting up interaction with Minio
-=================================
+## Setting up interaction with Minio
 
 Minio can be installed on your servers using our provided ansible playbooks.
 The ansible playbook will also install the minio client and configure it to
@@ -25,29 +23,33 @@ minio to run behind a loadbalancer like HAProxy, and configure the Minio client
 to point to this loadbalancer instead.
 
 Our ansible playbooks will also configure the minio client and adds the locally
-reachable API under the ``local`` alias::
+reachable API under the `local` alias:
 
-    mc config host list
+```
+mc config host list
+```
 
-If it is not there, it can be added manually as follows::
+If it is not there, it can be added manually as follows:
 
-    mc config host add local http://localhost:9000 <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY>
+```
+mc config host add local http://localhost:9000 <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY>
+```
 
 The status of the cluster can be requested by contacting any of the servers. In
-our case we will contact the locally running server::
+our case we will contact the locally running server:
 
-    mc admin info local
+```
+mc admin info local
+```
 
-Minio maintenance
-=================
+## Minio maintenance
 
 There will be times where one wants to take a minio server down for
 maintenance. One might want to apply security patches, or want to take out a
 broken disk and replace it with a fixed one.  Minio will not tell you the
 health status of disks. You should have separate alerting and monitoring in
 place to keep track of hardware health. For example, one could look at
-S.M.A.R.T. values that the disks produce with Prometheus `node_exporter
-<https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/smartmon.sh>`_
+S.M.A.R.T. values that the disks produce with Prometheus [node_exporter](https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/blob/master/smartmon.sh)
 
 Special care has to be taken when restarting Minio nodes, but it should be safe
 to do so.  Minio can operate in read-write mode with (N/2) + 1 instances
@@ -62,9 +64,11 @@ interrupted and the user must retry.  When you shut down a node, one should
 take precautions that subsequent API calls are sent to other nodes in the
 cluster.
 
-To stop a server, type::
+To stop a server, type:
 
-    systemctl stop minio-server
+```
+systemctl stop minio-server
+```
 
 Writes that happen during the server being down will not be synced to the
 server that is offline. It is important that once you bring the server back
@@ -77,32 +81,40 @@ is thus recommended to heal an instance immediately once it is back up; before a
 restart any other instances.
 
 Now that the server is offline, perform any maintenance that you want to do.
-Afterwards, restart it with::
+Afterwards, restart it with:
 
-    systemctl start minio-server
+```
+systemctl start minio-server
+```
 
-Now check::
+Now check:
 
-    mc admin info local
+```
+mc admin info local
+```
 
 to see if the cluster is healthy.
 
 Now that the server is back online, it has missed writes that have happened whilst
 it was offline. Because of this we must heal the cluster now
-A heal of the cluster is performed as follows::
+A heal of the cluster is performed as follows:
 
-    mc admin heal -r local
+```
+mc admin heal -r local
+```
 
-Which will show a result page that looks like this::
+Which will show a result page that looks like this:
 
-    ◑  bunny
-       0/0 objects; 0 B in 2s
-       ┌────────┬───┬─────────────────────┐
-       │ Green  │ 2 │  66.7% ████████     │
-       │ Yellow │ 1 │  33.3% ████         │
-       │ Red    │ 0 │   0.0%              │
-       │ Grey   │ 0 │   0.0%              │
-       └────────┴───┴─────────────────────┘
+```
+◑  bunny
+   0/0 objects; 0 B in 2s
+   ┌────────┬───┬─────────────────────┐
+   │ Green  │ 2 │  66.7% ████████     │
+   │ Yellow │ 1 │  33.3% ████         │
+   │ Red    │ 0 │   0.0%              │
+   │ Grey   │ 0 │   0.0%              │
+   └────────┴───┴─────────────────────┘
+```
 
 green - all good
 yellow - healed partially
@@ -110,33 +122,32 @@ red - quorum missing
 grey - more than quorum number shards are gone, means the object for some reason is not recoverable
 
 When there are any yellow items, it usually means that not all servers have seen
-the node come up properly again. Running the heal command with the ``--json`` option
+the node come up properly again. Running the heal command with the `--json` option
 will give you more verbose and precise information why the heal only happened partially.
 
-.. code:: json
-
-    {
-       "after" : {
-          "online" : 5,
-          "offline" : 1,
-          "missing" : 0,
-          "corrupted" : 0,
-          "drives" : [
-             {
-                "endpoint" : "http://10.0.0.42:9091/var/lib/minio-server1",
-                "state" : "offline",
-                "uuid" : ""
-             },
-             {
-                "uuid" : "",
-                "endpoint" : "/var/lib/minio-server1",
-                "state" : "ok"
-             }
-          ],
-          "color" : "yellow"
-       }
-    }
-
+```json
+{
+   "after" : {
+      "online" : 5,
+      "offline" : 1,
+      "missing" : 0,
+      "corrupted" : 0,
+      "drives" : [
+         {
+            "endpoint" : "http://10.0.0.42:9091/var/lib/minio-server1",
+            "state" : "offline",
+            "uuid" : ""
+         },
+         {
+            "uuid" : "",
+            "endpoint" : "/var/lib/minio-server1",
+            "state" : "ok"
+         }
+      ],
+      "color" : "yellow"
+   }
+}
+```
 
 In our case, we see that the reason for the partial recovery was that
 one the server was still considered offline. Rerunning the command yielded
@@ -158,97 +169,96 @@ thus important to have good monitoring in place and respond accordingly.  Minio
 itself will auto-heal the cluster every month if the administrator doesn't
 trigger a heal themselves.
 
-
-Rotate root credentials
-=======================
+## Rotate root credentials
 
 In order to change the root credentials, one needs to restart minio once but
 set with the old and the new credentials at the same time.
-If you installed minio with the Ansible, the `role <https://github.com/wireapp/ansible-minio>`__
+If you installed minio with the Ansible, the [role](https://github.com/wireapp/ansible-minio)
 takes care of this. Just change the inventory accordingly and re-apply the
 role.
 
-For more information, please refer to the *Credentials* section in the `official documentation <https://docs.min.io/docs/minio-server-configuration-guide.html>`__.
+For more information, please refer to the *Credentials* section in the [official documentation](https://docs.min.io/docs/minio-server-configuration-guide.html).
 
-Check the health of a MinIO node
-================================
+(check-the-health-of-a-minio-node)=
 
-This is the procedure to check a minio node's health.
+## Check the health of a MinIO node
 
-First log into the minio server 
+This is the procedure to check a minio node's health
 
-.. code:: sh 
+First log into the minio server
 
-  ssh <ip of minio node>
+```sh
+ssh <ip of minio node>
+```
 
 There, run the following commands:
 
-.. code:: sh
-
-  env $(sudo grep KEY /etc/default/minio-server1 | xargs) bash
-  export MC_HOST_local="http://$MINIO_ACCESS_KEY:$MINIO_SECRET_KEY@127.0.0.1:9000"
-  mc admin info local
+```sh
+env $(sudo grep KEY /etc/default/minio-server1 | xargs) bash
+export MC_HOST_local="http://$MINIO_ACCESS_KEY:$MINIO_SECRET_KEY@127.0.0.1:9000"
+mc admin info local
+```
 
 You should see a result similar to this:
 
-.. code:: sh
-
-   *  192.168.0.12:9092
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-   *  192.168.0.22:9000
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-   *  192.168.0.22:9092
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-   *  192.168.0.32:9000
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-   *  192.168.0.32:9092
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-   *  192.168.0.12:9000
-   Uptime: 2 months
-   Version: 2020-10-28T08:16:50Z
-   Network: 6/6 OK
-   Drives: 1/1 OK
-
-Make sure you see ``Network: 6/6 OK``.
+```sh
+*  192.168.0.12:9092
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+
+*  192.168.0.22:9000
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+
+*  192.168.0.22:9092
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+
+*  192.168.0.32:9000
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+
+*  192.168.0.32:9092
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+
+*  192.168.0.12:9000
+Uptime: 2 months
+Version: 2020-10-28T08:16:50Z
+Network: 6/6 OK
+Drives: 1/1 OK
+```
+
+Make sure you see `Network: 6/6 OK`.
 
 Reboot the machine with:
 
-.. code:: sh 
-
-  sudo reboot 
+```sh
+sudo reboot
+```
 
 Then wait at least a minute.
 
 If you go to ssh in, and get 'Connection refused', it just means you need to wait a bit longer.
 
-Tip: You can automatically ask SSH to attempt to connect until it is succesful, by using the following command: 
-
-.. code:: sh 
+Tip: You can automatically ask SSH to attempt to connect until it is succesful, by using the following command:
 
-  ssh -o 'ConnectionAttempts 3600' <ip of minio node> exit
+```sh
+ssh -o 'ConnectionAttempts 3600' <ip of minio node> exit
+```
 
 Log into minio ( repeat the steps above ), and check again.
 
 You should see a very low uptime value on two hosts now.
 
-This is because we install minio 'twice' on each host.
\ No newline at end of file
+This is because we install minio 'twice' on each host.
diff --git a/docs/src/how-to/administrate/operations.md b/docs/src/how-to/administrate/operations.md
new file mode 100644
index 0000000000..9a8b8522a6
--- /dev/null
+++ b/docs/src/how-to/administrate/operations.md
@@ -0,0 +1,139 @@
+# Operational procedures
+
+This section describes common operations to be performed on operational clusters.
+
+## Reboot procedures
+
+The general procedure to reboot a service is as follows:
+
+- 1. {ref}`Check the health <operations-health-checks>` of the service. (If the health isn't good search for "troubleshooting" in the documentation. If it is good, move to the next step.)
+- 2. Reboot the server the service is running on.
+- 3. {ref}`Check the health <operations-health-checks>` of the service **again**. (If the health isn't good search for "troubleshooting" in the documentation. If it is good, your reboot was succesful.)
+
+The method for checking health is different for each service type, you can find a list of those methods {ref}`here <operations-health-checks>`.
+
+The method to reset a service is the same for most services, except for `restund`, for which the procedure is different, and can be found {ref}`here <rebooting-a-restund-node>`.
+
+For other (non-`restund`) services, the procedure is as follows:
+
+Assuming in this example you are trying to reboot a minio server, follow these steps:
+
+First, {ref}`check the health <operations-health-checks>` of the services.
+
+Second, reboot the services:
+
+```sh
+ssh -t <ip of minio node> sudo reboot
+```
+
+Third, wait until the service is up again by trying to connect to it via SSH :
+
+```sh
+ssh -o 'ConnectionAttempts 3600' <ip of minio node> exit
+```
+
+(`ConnectionAttempts` will make it so it attempts to connect until the host is actually Up and the connection is succesful)
+
+Fourth, {ref}`check the health <operations-health-checks>` of the service again.
+
+(operations-health-checks)=
+
+## Health checks
+
+This is a list of the health-checking procedures currently documented, for different service types:
+
+- {ref}`MinIO <check-the-health-of-a-minio-node>`
+- {ref}`Cassandra <check-the-health-of-a-cassandra-node>`
+- {ref}`Elasticsearch <check-the-health-of-an-elasticsearch-node>`
+- {ref}`Etcd <how-to-see-cluster-health>`
+- {ref}`Restund <rebooting-a-restund-node>` (the health check is explained as part of the reboot procedure).
+
+To check the health of different services not listed here, see the documentation for that specific project, or ask your Wire contact.
+
+```{note}
+If a service is running inside a Kubernetes pod, checking its health is easy: if the pod is running, it is healthy. A non-healthy pod will stop running, and will be shown as such.
+```
+
+## Draining pods from a node for maintainance
+
+You might want to remove («drain») all pods from a specific node/server, so you can do maintainance work on it, without disrupting the entire cluster.
+
+If you want to do this, you should follow the procudure found at: <https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/>
+
+In short, the procedure is essentially:
+
+First, identify the name of the node you wish to drain. You can list all of the nodes in your cluster with
+
+```sh
+kubectl get nodes
+```
+
+Next, tell Kubernetes to drain the node:
+
+```sh
+kubectl drain <node name>
+```
+
+Once it returns (without giving an error), you can power down the node (or equivalently, if on a cloud platform, delete the virtual machine backing the node). If you leave the node in the cluster during the maintenance operation, you need to run
+
+```sh
+kubectl uncordon <node name>
+```
+
+afterwards to tell Kubernetes that it can resume scheduling new pods onto the node.
+
+## Understand release tags
+
+We have two major release tags that you sometimes want to map on each other: *github*, and *helm chart*.
+
+Github have a tag of the form `vYYYY-MM-DD`, and the release notes and (some build artefacts) can be found on github, eg., [here](https://github.com/wireapp/wire-server/releases/v2022-01-18).  Helm chart tags have the form `N.NNN.0`.  The minor version `0` is for the development branch; non-zero values refer to unreleased intermediate states.
+
+### On the command line
+
+You can find the github tag for a helm chart tag like this:
+
+```sh
+git tag --points-at v2022-01-18 | sort
+```
+
+...  and the other way around like this:
+
+```sh
+git tag --points-at chart=2.122.0,image=2.122.0 | sort
+```
+
+Note that the actual tag has the form `chart=<release-tag>,image=<release-tag>`.
+
+Unfortunately, older releases may have more helm chart tags; you need to find the largest number that has the form `N.NNN.0` from the list yourself.
+
+A list of all releases can be produced like this:
+
+```sh
+git log --decorate --first-parent origin/master
+```
+
+If you want to find the
+
+### In the github UI
+
+Consult [the changelog](https://github.com/wireapp/wire-server/blob/develop/CHANGELOG.md)
+to find the github tag of the release you're interested in (say,
+v2022-01-18).
+
+Visit [the release notes of that release](https://github.com/wireapp/wire-server/releases/v2022-01-18).
+Click on the commit hash:
+
+```{image} operations/fig1.png
+```
+
+Click on the 3 dots:
+
+```{image} operations/fig2.png
+```
+
+Now you can see a (possibly rather long) list of tags, some of then
+have the form `chart=N.NNN.0,image=N.NNN.0`.  Pick the one with the
+largest number.
+
+```{image} operations/fig3.png
+```
diff --git a/docs/src/how-to/administrate/operations.rst b/docs/src/how-to/administrate/operations.rst
deleted file mode 100644
index bee240acb1..0000000000
--- a/docs/src/how-to/administrate/operations.rst
+++ /dev/null
@@ -1,144 +0,0 @@
-
-Operational procedures
-======================
-
-This section describes common operations to be performed on operational clusters.
-
-Reboot procedures
------------------
-
-The general procedure to reboot a service is as follows:
-
-* 1. `Check the health <operations.html#health-checks>`__ of the service. (If the health isn't good, move to `troubleshooting </search.html?q=troubleshooting>`__. If it is good, move to the next step.)
-* 2. Reboot the server the service is running on.
-* 3. `Check the health <operations.html#health-checks>`__ of the service **again**. (If the health isn't good, move to `troubleshooting </search.html?q=troubleshooting>`__. If it is good, your reboot was succesful.)
-
-The method for checking health is different for each service type, you can find a list of those methods `here <operations.html#health-checks>`__.
-
-The method to reset a service is the same for most services, except for ``restund``, for which the procedure is different, and can be found `here <restund.html#rebooting-a-restund-node>`__.
-
-For other (non-``restund``) services, the procedure is as follows:
-
-Assuming in this example you are trying to reboot a minio server, follow these steps:
-
-First, `check the health <operations.html#health-checks>`__ of the services.
-
-Second, reboot the services:
-
-.. code:: sh
-
-  ssh -t <ip of minio node> sudo reboot
-
-Third, wait until the service is up again by trying to connect to it via SSH :
-
-.. code:: sh
-
-  ssh -o 'ConnectionAttempts 3600' <ip of minio node> exit
-
-(``ConnectionAttempts`` will make it so it attempts to connect until the host is actually Up and the connection is succesful)
-
-Fourth, `check the health <operations.html#health-checks>`__ of the service again.
-
-Health checks
--------------
-
-This is a list of the health-checking procedures currently documented, for different service types:
-
-* `MinIO <minio.html#check-the-health-of-a-minio-node>`__.
-* `Cassandra <cassandra.html#check-the-health-of-a-cassandra-node>`__.
-* `elasticsearch <elasticsearch.html#check-the-health-of-an-elasticsearch-node>`__.
-* `Etcd <etcd.html#how-to-see-cluster-health>`__.
-* `Restund <restund.html#rebooting-a-restund-node>`__ (the health check is explained as part of the reboot procedure).
-
-To check the health of different services not listed here, see the documentation for that specific project, or ask your Wire contact.
-
-.. note::
-
-    If a service is running inside a Kubernetes pod, checking its health is easy: if the pod is running, it is healthy. A non-healthy pod will stop running, and will be shown as such.
-
-Draining pods from a node for maintainance
-------------------------------------------
-
-You might want to remove («drain») all pods from a specific node/server, so you can do maintainance work on it, without disrupting the entire cluster.
-
-If you want to do this, you should follow the procudure found at: https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/
-
-In short, the procedure is essentially:
-
-First, identify the name of the node you wish to drain. You can list all of the nodes in your cluster with
-
-.. code:: sh
-
-  kubectl get nodes
-
-Next, tell Kubernetes to drain the node:
-
-.. code:: sh
-
-  kubectl drain <node name>
-
-Once it returns (without giving an error), you can power down the node (or equivalently, if on a cloud platform, delete the virtual machine backing the node). If you leave the node in the cluster during the maintenance operation, you need to run
-
-.. code:: sh
-
-  kubectl uncordon <node name>
-
-afterwards to tell Kubernetes that it can resume scheduling new pods onto the node.
-
-Understand release tags
------------------------
-
-We have two major release tags that you sometimes want to map on each other: *github*, and *helm chart*.
-
-Github have a tag of the form `vYYYY-MM-DD`, and the release notes and (some build artefacts) can be found on github, eg., `here <https://github.com/wireapp/wire-server/releases/v2022-01-18>`__.  Helm chart tags have the form `N.NNN.0`.  The minor version `0` is for the development branch; non-zero values refer to unreleased intermediate states.
-
-On the command line
-^^^^^^^^^^^^^^^^^^^
-
-You can find the github tag for a helm chart tag like this:
-
-.. code:: sh
-
-  git tag --points-at v2022-01-18 | sort
-
-...  and the other way around like this:
-
-.. code:: sh
-
-  git tag --points-at chart=2.122.0,image=2.122.0 | sort
-
-Note that the actual tag has the form `chart=<release-tag>,image=<release-tag>`.
-
-Unfortunately, older releases may have more helm chart tags; you need to find the largest number that has the form `N.NNN.0` from the list yourself.
-
-A list of all releases can be produced like this:
-
-.. code:: sh
-
-  git log --decorate --first-parent origin/master
-
-If you want to find the
-
-In the github UI
-^^^^^^^^^^^^^^^^
-
-Consult `the changelog
-<https://github.com/wireapp/wire-server/blob/develop/CHANGELOG.md>`__
-to find the github tag of the release you're interested in (say,
-v2022-01-18).
-
-Visit `the release notes of that release
-<https://github.com/wireapp/wire-server/releases/v2022-01-18>`__.
-Click on the commit hash:
-
-.. image:: operations/fig1.png
-
-Click on the 3 dots:
-
-.. image:: operations/fig2.png
-
-Now you can see a (possibly rather long) list of tags, some of then
-have the form `chart=N.NNN.0,image=N.NNN.0`.  Pick the one with the
-largest number.
-
-.. image:: operations/fig3.png
diff --git a/docs/src/how-to/administrate/restund.md b/docs/src/how-to/administrate/restund.md
new file mode 100644
index 0000000000..86bdd27e6a
--- /dev/null
+++ b/docs/src/how-to/administrate/restund.md
@@ -0,0 +1,293 @@
+# Restund (TURN)
+
+```{eval-rst}
+.. include:: includes/intro.rst
+```
+
+(allocations)=
+
+## Wire-Server Configuration
+
+The wire-server can either serve a static list of TURN servers to the clients or
+it can discovery them using DNS SRV Records.
+
+### Static List
+
+To configure a static list of TURN servers to use, override
+`values/wire-server/values.yaml` like this:
+
+```yaml
+# (...)
+
+brig:
+# (...)
+  turnStatic:
+    v1:
+      # v1 entries can be ignored and are not in use anymore since end of 2018.
+    v2:
+    - turn:server1.example.com:3478 # server 1 UDP
+    - turn:server1.example.com:3478?transport=tcp # server 1 TCP
+    - turns:server1.example.com:5478?transport=tcp # server 1 TLS
+    - turn:server2.example.com:3478 # server 2 UDP
+    - turn:server2.example.com:3478?transport=tcp # server 2 TCP
+    - turns:server2.example.com:5478?transport=tcp # server 2 TLS
+  turn:
+    serversSource: files
+```
+
+### DNS SRV Records
+
+To configure wire-server to use DNS SRV records in order to discover TURN
+servers, override `values/wire-server/values.yaml` like this:
+
+```yaml
+# (...)
+
+brig:
+# (...)
+  turn:
+    serversSource: dns
+    baseDomain: prod.example.com
+    discoveryIntervalSeconds: 10
+```
+
+When configured like this, the wire-server would look for these 3 SRV records
+every 10 seconds:
+
+1. `_turn._udp.prod.example.com` will be used to discover UDP hostnames and port for all the
+   turn servers.
+2. `_turn._tcp.prod.example.com` will be used to discover the TCP hostnames and port for all
+   the turn servers.
+3. `_turns._tcp.prod.example.com` will be used to discover the TLS hostnames and port for
+   all the turn servers.
+
+Entries with weight 0 will be ignored. Example:
+
+```
+dig +retries=3 +short SRV _turn._udp.prod.example.com
+
+0 0 3478 turn36.prod.example.com
+0 10 3478 turn34..prod.example.com
+0 10 3478 turn35.prod.example.com
+```
+
+At least one of these 3 lookups must succeed for the wire-server to be able to
+respond correctly when `GET /calls/config/v2` is called. All successful
+responses are served in the result.
+
+In addition, if there are any clients using the legacy endpoint, `GET
+/calls/config`, (all versions of all mobile apps since 2018 no longer use this) they will be served by the servers listed in the
+`_turn._udp.prod.example.com` SRV record. This endpoint, however, will not
+serve the domain names received inside the SRV record, instead it will serve the
+first `A` record that is associated with each domain name in the SRV record.
+
+## How to see how many people are currently connected to the restund server
+
+You can see the count of currently ongoing calls (also called "allocations"):
+
+```sh
+echo turnstats | nc -u 127.0.0.1 33000 -q1 | grep allocs_cur | cut -d' ' -f2
+```
+
+## How to restart restund (with downtime)
+
+With downtime, it's very easy:
+
+```
+systemctl restart restund
+```
+
+```{warning}
+Restarting `restund` means any user that is currently connected to it (i.e. having a call) will lose its audio/video connection. If you wish to have no downtime, check the next section\*
+```
+
+(rebooting-a-restund-node)=
+
+## Rebooting a Restund node
+
+If you want to reboot a restund node, you need to make sure the other restund nodes in the cluster are running, so that services are not interrupted by the reboot.
+
+```{warning}
+This procedure as described here will cause downtime, even if a second restund server is up; and kill any ongoing audio/video calls. The sections further up describe a downtime and a no-downtime procedure.
+```
+
+Presuming your two restund nodes are called:
+
+- `restund-1`
+- `restund-2`
+
+To prepare for a reboot of `restund-1`, log into the other restund server (`restund-2`, for example here), and make sure the docker service is running.
+
+List the running containers, to ensure restund is running, by executing:
+
+```sh
+ssh -t <ip of restund-2> sudo docker container ls
+```
+
+You should see the following in the results:
+
+```sh
+CONTAINER ID         IMAGE                                COMMAND         STATUS        PORTS    NAMES
+<random hash>        quay.io/wire/restund:v0.4.16b1.0.53  22 seconds ago  Up 18 seconds          restund
+```
+
+Make sure you see this restund container, and it is running ("Up").
+
+If it is not, you need to do troubleshooting work, if it is running, you can move forward and reboot restund-1.
+
+Now log into the restund server you wish to reboot (`restund-1` in this example), and reboot it
+
+```sh
+ssh -t <ip of restund-1> sudo reboot
+```
+
+Wait at least a minute for the machine to restart, you can use this command to automatically retry SSH access until it is succesful:
+
+```sh
+ssh -o 'ConnectionAttempts 3600' <ip of restund-1 node> exit
+```
+
+Then log into the restund server (`restund-1`, in this example), and make sure the docker service is running:
+
+```sh
+ssh -t <ip of restund-1> sudo docker container ls
+```
+
+```sh
+CONTAINER ID         IMAGE                                COMMAND         STATUS        PORTS    NAMES
+<random hash>        quay.io/wire/restund:v0.4.16b1.0.53  22 seconds ago  Up 18 seconds          restund
+```
+
+Here again, make sure you see a restund container, and it is running ("Up").
+
+If it is, you have succesfully reboot the restund server, and can if you need to apply the same procedure to the other restund servers in your cluster.
+
+## How to restart restund without having downtime
+
+For maintenance you may need to restart a restund server.
+
+1. Remove that restund server you want to restart from the list of advertised nodes, by taking it out of the turn server list that brig advertises:
+
+Go to the place where you store kubernetes configuration for your wire-server installation. This might be a directory on your admin laptop, or a directory on the kubernetes machine.
+
+If your override configuration (`values/wire-server/values.yaml`) looks like the following:
+
+```yaml
+# (...)
+
+brig:
+# (...)
+  turnStatic:
+    v1:
+      # v1 entries can be ignored and are not in use anymore since end of 2018.
+    v2:
+    - turn:server1.example.com:3478 # server 1 UDP
+    - turn:server1.example.com:3478?transport=tcp # server 1 TCP
+    - turns:server1.example.com:5478?transport=tcp # server 1 TLS
+    - turn:server2.example.com:3478 # server 2 UDP
+    - turn:server2.example.com:3478?transport=tcp # server 2 TCP
+    - turns:server2.example.com:5478?transport=tcp # server 2 TLS
+```
+
+And you want to remove server 1, then change the configuration to read
+
+```yaml
+turnStatic:
+  v2:
+    - turn:server2.example.com:3478 # server 2 UDP
+    - turn:server2.example.com:3478?transport=tcp # server 2 TCP
+    - turns:server2.example.com:5478?transport=tcp # server 2 TLS
+```
+
+(or comment out lines by adding a `#` in front of the respective line)
+
+```yaml
+turnStatic:
+  v2:
+  #- turn:server1.example.com:3478 # server 1 UDP
+  #- turn:server1.example.com:3478?transport=tcp # server 1 TCP
+  #- turns:server1.example.com:5478?transport=tcp # server 1 TLS
+  - turn:server2.example.com:3478 # server 2 UDP
+  - turn:server2.example.com:3478?transport=tcp # server 2 TCP
+  - turns:server2.example.com:5478?transport=tcp # server 2 TLS
+```
+
+Next, apply these changes to configuration with `./bin/prod-setup.sh`
+
+You then need to restart the `brig` pods if your code is older than September 2019 (otherwise brig will restart itself automatically):
+
+```bash
+kubectl delete pod -l app=brig
+```
+
+2. Wait for traffic to drain. This can take up to 12 hours after the configuration change. Wait until current allocations (people connected to the restund server) return 0. See {ref}`allocations`.
+3. It's now safe to `systemctl stop restund`, and take any necessary actions.
+4. `systemctl start restund` and then add the restund server back to configuration of advertised nodes (see step 1, put the server back).
+
+## How to renew a certificate for restund
+
+1. Replace the certificate file on the server (under `/etc/restund/restund.pem` usually), either with ansible or manually. Ensure the new certificate file is a concatenation of your whole certificate chain *and* the private key:
+
+```text
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+...
+-----END PRIVATE KEY-----
+```
+
+2. Restart restund (see sections above)
+
+## How to check which restund/TURN servers will be used by clients
+
+The list of turn servers contacted by clients *should* match what you added to your `turnStatic` configuration. But if you'd like to double-check, here's how:
+
+Terminal one:
+
+```sh
+kubectl port-forward svc/brig 9999:8080
+```
+
+Terminal two:
+
+```sh
+UUID=$(cat /proc/sys/kernel/random/uuid)
+curl -s -H "Z-User:$UUID" -H "Z-Connection:anything" "http://localhost:9999/calls/config/v2" | json_pp
+```
+
+May return something like:
+
+```json
+{
+   "ice_servers" : [
+      {
+         "credential" : "ASyFLXqbmg8fuK4chJG3S1Qg4L/nnhpkN0/UctdtTFbGW1AcuuAaOqUMDhm9V2w7zKHY6PPMqjhwKZ2neSE78g==",
+         "urls" : [
+            "turn:turn1.example.com:3478"
+         ],
+         "username" : "d=1582157904.v=1.k=0.t=s.r=mbzovplogqxbasbf"
+      },
+      {
+         "credential" : "ZsxEtGWbpUZ3QWxPZtbX6g53HXu6PWfhhUfGNqRBJjrsly5w9IPAsuAWLEOP7fsoSXF13mgSPROXxMYAB/fQ6g==",
+         "urls" : [
+            "turn:turn1.example.com:3478?transport=tcp"
+         ],
+         "username" : "d=1582157904.v=1.k=0.t=s.r=jsafnwtgqhfqjvco"
+      },
+      {
+         "credential" : "ZsxEtGWbpUZ3QWxPZtbX6g53HXu6PWfhhUfGNqRBJjrsly5w9IPAsuAWLEOP7fsoSXF13mgSPROXxMYAB/fQ6g==",
+         "urls" : [
+            "turns:turn1.example.com:5349?transport=tcp"
+         ],
+         "username" : "d=1582157904.v=1.k=0.t=s.r=jsafnwtgqhfqjvco"
+      }
+   ],
+   "ttl" : 3600
+}
+```
+
+In the above case, there is a single server configured to use UDP on port 3478, plain TCP on port 3478, and TLS over TCP on port 5349. The ordering of the list is random and will change on every request made with curl.
diff --git a/docs/src/how-to/administrate/restund.rst b/docs/src/how-to/administrate/restund.rst
deleted file mode 100644
index 584066ab43..0000000000
--- a/docs/src/how-to/administrate/restund.rst
+++ /dev/null
@@ -1,301 +0,0 @@
-Restund (TURN)
---------------
-
-.. include:: includes/intro.rst
-
-.. _allocations:
-
-Wire-Server Configuration
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The wire-server can either serve a static list of TURN servers to the clients or
-it can discovery them using DNS SRV Records.
-
-Static List
-+++++++++++
-
-To configure a static list of TURN servers to use, override
-``values/wire-server/values.yaml`` like this:
-
-.. code:: yaml
-
-  # (...)
-
-  brig:
-  # (...)
-    turnStatic:
-      v1:
-        # v1 entries can be ignored and are not in use anymore since end of 2018.
-      v2:
-      - turn:server1.example.com:3478 # server 1 UDP
-      - turn:server1.example.com:3478?transport=tcp # server 1 TCP
-      - turns:server1.example.com:5478?transport=tcp # server 1 TLS
-      - turn:server2.example.com:3478 # server 2 UDP
-      - turn:server2.example.com:3478?transport=tcp # server 2 TCP
-      - turns:server2.example.com:5478?transport=tcp # server 2 TLS
-    turn:
-      serversSource: files
-
-DNS SRV Records
-+++++++++++++++
-
-To configure wire-server to use DNS SRV records in order to discover TURN
-servers, override ``values/wire-server/values.yaml`` like this:
-
-.. code:: yaml
-
-  # (...)
-
-  brig:
-  # (...)
-    turn:
-      serversSource: dns
-      baseDomain: prod.example.com
-      discoveryIntervalSeconds: 10
-
-When configured like this, the wire-server would look for these 3 SRV records
-every 10 seconds:
-
-1. ``_turn._udp.prod.example.com`` will be used to discover UDP hostnames and port for all the
-   turn servers.
-2. ``_turn._tcp.prod.example.com`` will be used to discover the TCP hostnames and port for all
-   the turn servers.
-3. ``_turns._tcp.prod.example.com`` will be used to discover the TLS hostnames and port for
-   all the turn servers.
-
-Entries with weight 0 will be ignored. Example:
-
-.. code::
-
-   dig +retries=3 +short SRV _turn._udp.prod.example.com
-
-   0 0 3478 turn36.prod.example.com
-   0 10 3478 turn34..prod.example.com
-   0 10 3478 turn35.prod.example.com
-
-At least one of these 3 lookups must succeed for the wire-server to be able to
-respond correctly when ``GET /calls/config/v2`` is called. All successful
-responses are served in the result.
-
-In addition, if there are any clients using the legacy endpoint, ``GET
-/calls/config``, (all versions of all mobile apps since 2018 no longer use this) they will be served by the servers listed in the
-``_turn._udp.prod.example.com`` SRV record. This endpoint, however, will not
-serve the domain names received inside the SRV record, instead it will serve the
-first ``A`` record that is associated with each domain name in the SRV record.
-
-How to see how many people are currently connected to the restund server
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-You can see the count of currently ongoing calls (also called "allocations"):
-
-.. code:: sh
-
-   echo turnstats | nc -u 127.0.0.1 33000 -q1 | grep allocs_cur | cut -d' ' -f2
-
-How to restart restund (with downtime)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-With downtime, it's very easy::
-
-   systemctl restart restund
-
-.. warning::
-   
-   Restarting ``restund`` means any user that is currently connected to it (i.e. having a call) will lose its audio/video connection. If you wish to have no downtime, check the next section*
-
-Rebooting a Restund node
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you want to reboot a restund node, you need to make sure the other restund nodes in the cluster are running, so that services are not interrupted by the reboot.
-
-.. warning::
-
-   This procedure as described here will cause downtime, even if a second restund server is up; and kill any ongoing audio/video calls. The sections further up describe a downtime and a no-downtime procedure. 
-
-Presuming your two restund nodes are called:
-
-* ``restund-1``
-* ``restund-2``
-
-To prepare for a reboot of ``restund-1``, log into the other restund server (``restund-2``, for example here), and make sure the docker service is running.
-
-List the running containers, to ensure restund is running, by executing:
-
-.. code:: sh
-
-  ssh -t <ip of restund-2> sudo docker container ls
-
-You should see the following in the results:
-
-.. code:: sh
-
-  CONTAINER ID         IMAGE                                COMMAND         STATUS        PORTS    NAMES
-  <random hash>        quay.io/wire/restund:v0.4.16b1.0.53  22 seconds ago  Up 18 seconds          restund
-
-Make sure you see this restund container, and it is running ("Up"). 
-
-If it is not, you need to do troubleshooting work, if it is running, you can move forward and reboot restund-1.
-
-Now log into the restund server you wish to reboot (``restund-1`` in this example), and reboot it
-
-.. code:: sh
-  
-  ssh -t <ip of restund-1> sudo reboot
-
-Wait at least a minute for the machine to restart, you can use this command to automatically retry SSH access until it is succesful:
-
-.. code:: sh 
-
-  ssh -o 'ConnectionAttempts 3600' <ip of restund-1 node> exit
-
-Then log into the restund server (``restund-1``, in this example), and make sure the docker service is running:
-
-.. code:: sh
-
-  ssh -t <ip of restund-1> sudo docker container ls
-
-.. code:: sh
-
-  CONTAINER ID         IMAGE                                COMMAND         STATUS        PORTS    NAMES
-  <random hash>        quay.io/wire/restund:v0.4.16b1.0.53  22 seconds ago  Up 18 seconds          restund
-
-Here again, make sure you see a restund container, and it is running ("Up").
-
-If it is, you have succesfully reboot the restund server, and can if you need to apply the same procedure to the other restund servers in your cluster.
-
-How to restart restund without having downtime
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-For maintenance you may need to restart a restund server.
-
-1. Remove that restund server you want to restart from the list of advertised nodes, by taking it out of the turn server list that brig advertises:
-
-Go to the place where you store kubernetes configuration for your wire-server installation. This might be a directory on your admin laptop, or a directory on the kubernetes machine.
-
-If your override configuration (``values/wire-server/values.yaml``) looks like the following:
-
-.. code:: yaml
-
-  # (...)
-
-  brig:
-  # (...)
-    turnStatic:
-      v1:
-        # v1 entries can be ignored and are not in use anymore since end of 2018.
-      v2:
-      - turn:server1.example.com:3478 # server 1 UDP
-      - turn:server1.example.com:3478?transport=tcp # server 1 TCP
-      - turns:server1.example.com:5478?transport=tcp # server 1 TLS
-      - turn:server2.example.com:3478 # server 2 UDP
-      - turn:server2.example.com:3478?transport=tcp # server 2 TCP
-      - turns:server2.example.com:5478?transport=tcp # server 2 TLS
-
-And you want to remove server 1, then change the configuration to read
-
-.. code:: yaml
-
-  turnStatic:
-    v2:
-      - turn:server2.example.com:3478 # server 2 UDP
-      - turn:server2.example.com:3478?transport=tcp # server 2 TCP
-      - turns:server2.example.com:5478?transport=tcp # server 2 TLS
-
-(or comment out lines by adding a ``#`` in front of the respective line)
-
-.. code:: yaml
-
-    turnStatic:
-      v2:
-      #- turn:server1.example.com:3478 # server 1 UDP
-      #- turn:server1.example.com:3478?transport=tcp # server 1 TCP
-      #- turns:server1.example.com:5478?transport=tcp # server 1 TLS
-      - turn:server2.example.com:3478 # server 2 UDP
-      - turn:server2.example.com:3478?transport=tcp # server 2 TCP
-      - turns:server2.example.com:5478?transport=tcp # server 2 TLS
-
-Next, apply these changes to configuration with ``./bin/prod-setup.sh``
-
-You then need to restart the ``brig`` pods if your code is older than September 2019 (otherwise brig will restart itself automatically):
-
-.. code:: bash
-
-  kubectl delete pod -l app=brig
-
-2. Wait for traffic to drain. This can take up to 12 hours after the configuration change. Wait until current allocations (people connected to the restund server) return 0. See :ref:`allocations`.
-3. It's now safe to ``systemctl stop restund``, and take any necessary actions.
-4. ``systemctl start restund`` and then add the restund server back to configuration of advertised nodes (see step 1, put the server back).
-
-How to renew a certificate for restund
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-1. Replace the certificate file on the server (under ``/etc/restund/restund.pem`` usually), either with ansible or manually. Ensure the new certificate file is a concatenation of your whole certificate chain *and* the private key:
-
-.. code:: text
-
-  -----BEGIN CERTIFICATE-----
-  ...
-  -----END CERTIFICATE-----
-  -----BEGIN CERTIFICATE-----
-  ...
-  -----END CERTIFICATE-----
-  -----BEGIN PRIVATE KEY-----
-  ...
-  -----END PRIVATE KEY-----
-
-
-2. Restart restund (see sections above)
-
-
-How to check which restund/TURN servers will be used by clients
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The list of turn servers contacted by clients *should* match what you added to your `turnStatic` configuration. But if you'd like to double-check, here's how:
-
-Terminal one:
-
-.. code:: sh
-
-   kubectl port-forward svc/brig 9999:8080
-
-Terminal two:
-
-.. code:: sh
-
-   UUID=$(cat /proc/sys/kernel/random/uuid)
-   curl -s -H "Z-User:$UUID" -H "Z-Connection:anything" "http://localhost:9999/calls/config/v2" | json_pp
-
-
-May return something like:
-
-.. code:: json
-
-   {
-      "ice_servers" : [
-         {
-            "credential" : "ASyFLXqbmg8fuK4chJG3S1Qg4L/nnhpkN0/UctdtTFbGW1AcuuAaOqUMDhm9V2w7zKHY6PPMqjhwKZ2neSE78g==",
-            "urls" : [
-               "turn:turn1.example.com:3478"
-            ],
-            "username" : "d=1582157904.v=1.k=0.t=s.r=mbzovplogqxbasbf"
-         },
-         {
-            "credential" : "ZsxEtGWbpUZ3QWxPZtbX6g53HXu6PWfhhUfGNqRBJjrsly5w9IPAsuAWLEOP7fsoSXF13mgSPROXxMYAB/fQ6g==",
-            "urls" : [
-               "turn:turn1.example.com:3478?transport=tcp"
-            ],
-            "username" : "d=1582157904.v=1.k=0.t=s.r=jsafnwtgqhfqjvco"
-         },
-         {
-            "credential" : "ZsxEtGWbpUZ3QWxPZtbX6g53HXu6PWfhhUfGNqRBJjrsly5w9IPAsuAWLEOP7fsoSXF13mgSPROXxMYAB/fQ6g==",
-            "urls" : [
-               "turns:turn1.example.com:5349?transport=tcp"
-            ],
-            "username" : "d=1582157904.v=1.k=0.t=s.r=jsafnwtgqhfqjvco"
-         }
-      ],
-      "ttl" : 3600
-   }
-
-In the above case, there is a single server configured to use UDP on port 3478, plain TCP on port 3478, and TLS over TCP on port 5349. The ordering of the list is random and will change on every request made with curl.
-
diff --git a/docs/src/how-to/administrate/users.md b/docs/src/how-to/administrate/users.md
new file mode 100644
index 0000000000..b1ec7d1c69
--- /dev/null
+++ b/docs/src/how-to/administrate/users.md
@@ -0,0 +1,590 @@
+(investigative-tasks)=
+
+# Investigative tasks (e.g. searching for users as server admin)
+
+This page requires that you have root access to the machines where kubernetes runs on, or have kubernetes permissions allowing you to port-forward arbitrary pods and services.
+
+If you have the `backoffice` pod installed, see also the [backoffice README](https://github.com/wireapp/wire-server/tree/develop/charts/backoffice).
+
+If you don't have `backoffice`, see below for some options:
+
+## Manually searching for users in cassandra
+
+Terminal one:
+
+```sh
+kubectl port-forward svc/brig 9999:8080
+```
+
+Terminal two: Search for your user by email:
+
+```sh
+EMAIL=user@example.com
+curl -v -G localhost:9999/i/users --data-urlencode email=$EMAIL; echo
+# or, for nicer formatting
+curl -v -G localhost:9999/i/users --data-urlencode email=$EMAIL | json_pp
+```
+
+You can also search by `handle` (unique username) or by phone:
+
+```sh
+HANDLE=user123
+curl -v -G localhost:9999/i/users --data-urlencode handles=$HANDLE; echo
+
+PHONE=+490000000000000 # phone numbers must have the +country prefix and no spaces
+curl -v -G localhost:9999/i/users --data-urlencode phone=$PHONE; echo
+```
+
+Which should give you output like:
+
+```json
+[
+   {
+      "managed_by" : "wire",
+      "assets" : [
+         {
+            "key" : "3-2-a749af8d-a17b-4445-b360-46c93fc41bc6",
+            "size" : "preview",
+            "type" : "image"
+         },
+         {
+            "size" : "complete",
+            "type" : "image",
+            "key" : "3-2-6cac6b57-9972-4aba-acbb-f078bc538b54"
+         }
+      ],
+      "picture" : [],
+      "accent_id" : 0,
+      "status" : "active",
+      "name" : "somename",
+      "email" : "user@example.com",
+      "id" : "9122e5de-b4fb-40fa-99ad-1b5d7d07bae5",
+      "locale" : "en",
+      "handle" : "user123"
+   }
+]
+```
+
+The interesting part is the `id` (in the example case `9122e5de-b4fb-40fa-99ad-1b5d7d07bae5`):
+
+(user-deletion)=
+
+## Deleting a user which is not a team user
+
+The following will completely delete a user, its conversations, assets, etc. The only thing remaining will be an entry in cassandra indicating that this user existed in the past (only the UUID remains, all other attributes like name etc are purged)
+
+You can now delete that user by double-checking that the user you wish to delete is really the correct user:
+
+```sh
+# replace the id with the id of the user you want to delete
+curl -v localhost:9999/i/users/9122e5de-b4fb-40fa-99ad-1b5d7d07bae5 -XDELETE
+```
+
+Afterwards, the previous command (to search for a user in cassandra) should return an empty list (`[]`).
+
+When done, on terminal 1, ctrl+c to cancel the port-forwarding.
+
+## Searching and deleting users with no team
+
+If you require users to be part of a team, or for some other reason you need to delete all users who are not part of a team, you need to first find all such users, and then delete them.
+
+To find users that are not part of a team, first you need to connect via SSH to the machine where cassandra is running, and then run the following command:
+
+```sh
+cqlsh 9042 -e "select team, handle, id from brig.user" | grep -E "^\s+null"
+```
+
+This will give you a list of handles and IDs with no team associated:
+
+```sh
+null |       null | bc22119f-ce11-4402-aa70-307a58fb22ec
+null |        tom | 8ecee3d0-47a4-43ff-977b-40a4fc350fed
+null |      alice | 2a4c3468-c1e6-422f-bc4d-4aeff47941ac
+null |       null | 1b5ca44a-aeb4-4a68-861b-48612438c4cc
+null |        bob | 701b4eab-6df2-476d-a818-90dc93e8446e
+```
+
+You can then {ref}`delete each user with these instructions <user-deletion>`.
+
+## Manual search on elasticsearch (via brig, recommended)
+
+This should only be necessary in the case of some (suspected) data inconsistency between cassandra and elasticsearch.
+
+Terminal one:
+
+```sh
+kubectl port-forward svc/brig 9999:8080
+```
+
+Terminal two: Search for your user by name or handle or a prefix of that handle or name:
+
+```sh
+NAMEORPREFIX=test7
+UUID=$(cat /proc/sys/kernel/random/uuid)
+curl -H "Z-User:$UUID" "http://localhost:9999/search/contacts?q=$NAMEORPREFIX"; echo
+# or, for pretty output:
+curl -H "Z-User:$UUID" "http://localhost:9999/search/contacts?q=$NAMEORPREFIX" | json_pp
+```
+
+If no match is found, expect a query like this:
+
+```json
+{"took":91,"found":0,"documents":[],"returned":0}
+```
+
+If matches are found, the result should look like this:
+
+```json
+{
+   "found" : 2,
+   "documents" : [
+      {
+         "id" : "dbdbf370-48b3-4e1e-b377-76d7d4cbb4f2",
+         "name" : "Test",
+         "handle" : "test7",
+         "accent_id" : 7
+      },
+      {
+         "name" : "Test",
+         "accent_id" : 0,
+         "handle" : "test7476",
+         "id" : "a93240b0-ba89-441e-b8ee-ff4403808f93"
+      }
+   ],
+   "returned" : 2,
+   "took" : 4
+}
+```
+
+## How to manually search for a user on elasticsearh directly (not recommended)
+
+First, ssh to an elasticsearch instance.
+
+```sh
+ssh <ip of elasticsearch instance>
+```
+
+Then run the following:
+
+```sh
+PREFIX=...
+curl -s "http://localhost:9200/directory/_search?q=$PREFIX" | json_pp
+```
+
+The `id` (UUID) returned can be used when deleting (see below).
+
+## How to manually delete a user from elasticsearch only
+
+```{warning}
+This is NOT RECOMMENDED. Be sure you know what you're doing. This only deletes the user from elasticsearch, but not from cassandra. Any change of e.g. the username or displayname of that user means this user will re-appear in the elasticsearch database. Instead, either fully delete a user: {ref}`user-deletion` or make use of the internal GET/PUT `/i/searchable` endpoint on brig to make this user prefix-unsearchable.
+```
+
+If, despite the warning, you wish to continue?
+
+First, ssh to an elasticsearch instance:
+
+```sh
+ssh <ip of elasticsearch instance>
+```
+
+Next, check that the user exists:
+
+```sh
+UUID=...
+curl -s "http://localhost:9200/directory/user/$UUID" | json_pp
+```
+
+That should return a `"found": true`, like this:
+
+```json
+{
+   "_type" : "user",
+   "_version" : 1575998428262000,
+   "_id" : "b3e9e445-fb02-47f3-bac0-63f5f680d258",
+   "found" : true,
+   "_index" : "directory",
+   "_source" : {
+      "normalized" : "Mr Test",
+      "handle" : "test12345",
+      "id" : "b3e9e445-fb02-47f3-bac0-63f5f680d258",
+      "name" : "Mr Test",
+      "accent_id" : 1
+   }
+}
+```
+
+Then delete it:
+
+```sh
+UUID=...
+curl -s -XDELETE "http://localhost:9200/directory/user/$UUID" | json_pp
+```
+
+## Mass-invite users to a team
+
+If you need to invite members to a specific given team, you can use the `create_team_members.sh` Bash script, located [here](https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh).
+
+This script does not create users or causes them to join a team by itself, instead, it sends invites to potential users via email, and when users accept the invitation, they create their account, set their password, and are added to the team as team members.
+
+Input is a [CSV file](https://en.wikipedia.org/wiki/Comma-separated_values), in comma-separated format, in the form `'Email,Suggested User Name'`.
+
+You also need to specify the inviting admin user, the team, the URI for the Brig ([API](https://docs.wire.com/understand/federation/api.html?highlight=brig)) service (Host), and finally the input (CSV) file containing the users to invite.
+
+The exact format for the parameters passed to the script is [as follows](https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh#L17):
+
+- `-a <admin uuid>`: [User ID](https://docs.wire.com/understand/federation/api.html?highlight=user%20id#qualified-identifiers-and-names) in [UUID format](https://en.wikipedia.org/wiki/Universally_unique_identifier) of the inviting admin. For example `9122e5de-b4fb-40fa-99ad-1b5d7d07bae5`.
+- `-t <team uuid>`: ID of the inviting team, same format.
+- `-h <host>`: Base URI of brig's internal endpoint.
+- `-c <input file>`: file containing info on the invitees in format 'Email,UserName'.
+
+For example, one such execution of the script could look like:
+
+```sh
+sh create_team_members.sh -a 9122e5de-b4fb-40fa-99ad-1b5d7d07bae5 -t 123e4567-e89b-12d3-a456-426614174000 -h http://localhost:9999 -c users_to_invite.csv
+```
+
+Note: the '<http://localhost:9999>' implies you are running the 'kubectl port-forward' given at the top of this document
+.
+Once the script is run, invitations will be sent to each user in the file every second until all invitations have been sent.
+
+If you have a lot of invitations to send and this is too slow, you can speed things up by commenting [this line](https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh#L91).
+
+## How to obtain logs from an Android client to investigate issues
+
+Wire clients communicate with Wire servers (backend).
+
+Sometimes to investigate server issues, you (or the Wire team) will need client information, in the form of client logs.
+
+In order to obtain client logs on the Android Wire client, follow this procedure:
+
+- Open the Wire app (client) on your Android device
+- Click on the round user icon in the top left of the screen, leading to your user Profile.
+- Click on "Settings" at the bottom of the screen
+- Click on "Advanced" in the menu
+- Check/activate "Collect usage data"
+- Now go back to using your client normally, so usage data is generated. If you have been asked to follow a specific testing regime, or log a specific problem, this is the time to do so.
+- Once enough usage data is generated, go back to the "Advanced" screen (User profile > Settings > Advanced)
+- Click on "Create debug report"
+- A menu will open allowing you to share the debug report, you can now save it or send it via email/any other means to the Wire team.
+
+## How to obtain logs from an iOS client to investigate issues
+
+Wire clients communicate with Wire servers (backend).
+
+Sometimes to investigate server issues, you (or the Wire team) will need client information, in the form of client logs.
+
+In order to obtain client logs on the iOS Wire client, follow this procedure:
+
+- Open the Wire app (client) on your iOS device
+- Click on the round user icon in the top left of the screen, leading to your user Profile.
+- Click on "Settings" at the bottom of the screen
+- Click on "Advanced" in the menu
+- Check/activate "Collect usage data"
+- Now go back to using your client normally, so usage data is generated. If you have been asked to follow a specific testing regime, or log a specific problem, this is the time to do so.
+- Once enough usage data is generated, go back to the "Advanced" screen (User profile > Settings > Advanced)
+- Click on "Send report to wire"
+- A menu will open to share the debug report via email, allowing you to send it to the Wire team.
+
+## How to retrieve metric values manually
+
+Metric values are sets of data points about services, such as status and other measures, that can be retrieved at specific endpoints, typically by a monitoring system (such as Prometheus) for monitoring, diagnosis and graphing.
+
+Sometimes, you will want to manually obtain this data that is normally automatically grabbed by Prometheus.
+
+Some of the pods allow you to grab metrics by accessing their `/i/metrics` endpoint, in particular:
+
+- `brig`: User management API
+- `cannon`: WebSockets API
+- `cargohold`: Assets storage API
+- `galley`: Conversations and Teams API
+- `gundeck`: Push Notifications API
+- `spar`: Single-Sign-ON and SCIM
+
+For more details on the various services/pods, you can check out {ref}`this link <overview>`.
+
+Before you can grab metrics from a pod, you need to find its IP address. You do this by running the following command:
+
+```sh
+d kubectl get pods -owide
+```
+
+(this presumes you are already in your normal Wire environment, which you obtain by running `source ./bin/offline-env.sh`)
+
+Which will give you an output that looks something like this:
+
+```
+demo@Ubuntu-1804-bionic-64-minimal:~/Wire-Server$ d kubectl get pods -owide
+NAME                               READY   STATUS      RESTARTS   AGE     IP              NODE        NOMINATED NODE   READINESS GATES
+account-pages-784f9b547c-cp444     1/1     Running     0          6d23h   10.233.113.5    kubenode3   <none>           <none>
+brig-746ddc55fd-6pltz              1/1     Running     0          6d23h   10.233.110.11   kubenode2   <none>           <none>
+brig-746ddc55fd-d59dw              1/1     Running     0          6d4h    10.233.110.23   kubenode2   <none>           <none>
+brig-746ddc55fd-zp7jl              1/1     Running     0          6d23h   10.233.113.10   kubenode3   <none>           <none>
+brig-index-migrate-data-45rm7      0/1     Completed   0          6d23h   10.233.110.9    kubenode2   <none>           <none>
+cannon-0                           1/1     Running     0          3h1m    10.233.119.41   kubenode1   <none>           <none>
+cannon-1                           1/1     Running     0          3h1m    10.233.113.47   kubenode3   <none>           <none>
+cannon-2                           1/1     Running     0          3h1m    10.233.110.51   kubenode2   <none>           <none>
+cargohold-65bff97fc6-8b9ls         1/1     Running     0          6d4h    10.233.113.20   kubenode3   <none>           <none>
+cargohold-65bff97fc6-bkx6x         1/1     Running     0          6d23h   10.233.113.4    kubenode3   <none>           <none>
+cargohold-65bff97fc6-tz8fh         1/1     Running     0          6d23h   10.233.110.5    kubenode2   <none>           <none>
+cassandra-migrations-bjsdz         0/1     Completed   0          6d23h   10.233.110.3    kubenode2   <none>           <none>
+demo-smtp-784ddf6989-vmj7t         1/1     Running     0          6d23h   10.233.113.2    kubenode3   <none>           <none>
+elasticsearch-index-create-7r8g4   0/1     Completed   0          6d23h   10.233.110.4    kubenode2   <none>           <none>
+fake-aws-sns-6c7c4b7479-wfp82      2/2     Running     0          6d4h    10.233.110.27   kubenode2   <none>           <none>
+fake-aws-sqs-59fbfbcbd4-n4c5z      2/2     Running     0          6d23h   10.233.110.2    kubenode2   <none>           <none>
+galley-7c89c44f7b-nm2rr            1/1     Running     0          6d23h   10.233.110.8    kubenode2   <none>           <none>
+galley-7c89c44f7b-tdxz4            1/1     Running     0          6d23h   10.233.113.6    kubenode3   <none>           <none>
+galley-7c89c44f7b-tr8pm            1/1     Running     0          6d4h    10.233.110.29   kubenode2   <none>           <none>
+galley-migrate-data-g66rz          0/1     Completed   0          6d23h   10.233.110.13   kubenode2   <none>           <none>
+gundeck-7fd75c7c5f-jb8xq           1/1     Running     0          6d23h   10.233.110.6    kubenode2   <none>           <none>
+gundeck-7fd75c7c5f-lbth9           1/1     Running     0          6d23h   10.233.113.8    kubenode3   <none>           <none>
+gundeck-7fd75c7c5f-wvcw6           1/1     Running     0          6d4h    10.233.113.23   kubenode3   <none>           <none>
+nginz-5cdd8b588b-dbn86             2/2     Running     16         6d23h   10.233.113.11   kubenode3   <none>           <none>
+nginz-5cdd8b588b-gk6rw             2/2     Running     14         6d23h   10.233.110.12   kubenode2   <none>           <none>
+nginz-5cdd8b588b-jvznt             2/2     Running     11         6d4h    10.233.113.21   kubenode3   <none>           <none>
+reaper-6957694667-s5vz5            1/1     Running     0          6d4h    10.233.110.26   kubenode2   <none>           <none>
+redis-ephemeral-master-0           1/1     Running     0          6d23h   10.233.113.3    kubenode3   <none>           <none>
+spar-56d77f85f6-bw55q              1/1     Running     0          6d23h   10.233.113.9    kubenode3   <none>           <none>
+spar-56d77f85f6-mczzd              1/1     Running     0          6d4h    10.233.110.28   kubenode2   <none>           <none>
+spar-56d77f85f6-vvvfq              1/1     Running     0          6d23h   10.233.110.7    kubenode2   <none>           <none>
+spar-migrate-data-ts4sx            0/1     Completed   0          6d23h   10.233.110.14   kubenode2   <none>           <none>
+team-settings-fbbb899c-qxx7m       1/1     Running     0          6d4h    10.233.110.24   kubenode2   <none>           <none>
+webapp-d97869795-grnft             1/1     Running     0          6d4h    10.233.110.25   kubenode2   <none>           <none>
+```
+
+Here presuming we need to get metrics from `gundeck`, we can see the IP of one of the gundeck pods is `10.233.110.6`.
+
+We can therefore connect to node `kubenode2` on which this pod runs with `ssh kubenode2.your-domain.com`, and run the following:
+
+```sh
+curl 10.233.110.6:8080/i/metrics
+```
+
+Alternatively, if you don't want to, or can't for some reason, connect to kubenode2, you can use port redirect instead:
+
+```sh
+# Allow Gundeck to be reached via the port 7777
+kubectl --kubeconfig kubeconfig.dec -n wire port-forward service/gundeck 7777:8080
+# Reach Gundeck directly at port 7777 using curl, output resulting data to stdout/terminal
+curl -v http://127.0.0.1:7777/i/metrics
+```
+
+Output will look something like this (truncated):
+
+```sh
+# HELP gc_seconds_wall Wall clock time spent on last GC
+# TYPE gc_seconds_wall gauge
+gc_seconds_wall 5481304.0
+# HELP gc_seconds_cpu CPU time spent on last GC
+# TYPE gc_seconds_cpu gauge
+gc_seconds_cpu 5479828.0
+# HELP gc_bytes_used_current Number of bytes in active use as of the last GC
+# TYPE gc_bytes_used_current gauge
+gc_bytes_used_current 1535232.0
+# HELP gc_bytes_used_max Maximum amount of memory living on the heap after the last major GC
+# TYPE gc_bytes_used_max gauge
+gc_bytes_used_max 2685312.0
+# HELP gc_bytes_allocated_total Bytes allocated since the start of the server
+# TYPE gc_bytes_allocated_total gauge
+gc_bytes_allocated_total 4.949156056e9
+```
+
+This example is for Gundeck, but you can also get metrics for other services. All k8s services are listed at {ref}`this link <overview>`.
+
+This is an example adapted for Cannon:
+
+```sh
+kubectl --kubeconfig kubeconfig.dec -n wire port-forward service/cannon 7777:8080
+curl -v http://127.0.0.1:7777/i/metrics
+```
+
+In the output of this command, `net_websocket_clients` is roughly the number of connected clients.
+
+(reset-session-cookies)=
+
+## Reset session cookies
+
+Remove session cookies on your system to force users to login again within the next 15 minutes (or whenever they come back online):
+
+```{warning}
+This will cause interruptions to ongoing calls and should be timed properly.
+```
+
+### Reset cookies of all users
+
+```sh
+ssh <name or IP of brig-cassandra>
+# from the ssh session
+cqlsh
+# from the cqlsh shell
+truncate brig.user_cookies;
+```
+
+### Reset cookies for a defined list of users
+
+```sh
+ssh <name or IP of brig-cassandra>
+# within the ssh session
+cqlsh
+# within the cqlsh shell: delete all users by userId
+delete from brig.user_cookies where user in (c0d64244-8ab4-11ec-8fda-37788be3a4e2, ...);
+```
+
+(Keep reading if you want to find out which users on your system are using SSO.)
+
+(identify-sso-users)=
+
+## Identify all users using SSO
+
+Collect all teams configured with an IdP:
+
+```sh
+ssh <name or IP of spar-cassandra>
+# within the ssh session start cqlsh
+cqlsh
+# within the cqlsh shell export all teams with idp
+copy spar.idp (team) TO 'teams_with_idp.csv' with header=false;
+```
+
+Close the session and proceed locally:
+
+```sh
+# download csv file
+scp <name or IP of spar-cassandra>:teams_with_idp.csv .
+# convert to a single line, comma separated list
+tr '\n' ',' < teams_with_idp.csv; echo
+```
+
+And use this list to get all team members in these teams:
+
+```sh
+ssh <name or IP of galley-cassandra>
+# within the ssh session start cqlsh
+cqlsh
+# within the cqlsh shell select all members of previous identified teams
+# <output of tr> should look like this: f2207d98-8ab3-11ec-b689-07fc1fd409c9, ...
+select user from galley.team_member where team in (<output of tr>);
+# alternatively, export the list of all users (for filterling locally in eg. excel)
+copy galley.team_member (user, team, sso_id) TO 'users_with_idp.csv' with header=true;
+```
+
+Close the session and proceed locally to generate the list of all users from teams with IdP:
+
+```sh
+# download csv file
+scp <name or IP of brig-cassandra>:users_with_idp.csv .
+# convert to a single line, comma separated list
+tr '\n' ',' < users_with_idp.csv; echo
+```
+
+```{note}
+Don't forget to dellete the created csv files after you have downloaded/processed them.
+```
+
+## Create a team using the SCIM API
+
+If you need to create a team manually, maybe because team creation was blocked in the "teams" interface, follow this procedure:
+
+First download or locate this bash script: `wire-server/hack/bin/create_test_team_scim.sh <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_test_team_scim.sh>`
+
+Then, run it the following way:
+
+```sh
+./create_test_team_scim.sh -h <brig host> -s <spar host>
+```
+
+Where:
+
+- In `-h <brig host>`, replace `<brig host>` with the base URL for your brig host (for example: `https://brig-host.your-domain.com`, defaults to `http://localhost:8082`)
+- In `-s <spar host>`, replace `<spar host>` with the base URL for your spar host (for example: `https://spar-host.your-domain.com`, defaults to `http://localhost:8088`)
+
+You might also need to edit the admin email and admin passwords at lines `48` and `49` of the script.
+
+To learn more about the different pods and how to identify them, see `this page<https://docs.wire.com/understand/overview.html#focus-on-pods>`.
+
+You can list your pods with `kubectl get pods --namespace wire`.
+
+Alternatively, you can run the series of commands manually with `curl`, like this:
+
+```sh
+curl -i -s --show-error \
+ -XPOST "$BRIG_HOST/i/users" \
+ -H'Content-type: application/json' \
+ -d'{"email":"$ADMIN_EMAIL","password":"$ADMIN_PASSWORD","name":"$NAME_OF_TEAM","team":{"name":"$NAME_OF_TEAM","icon":"default"}}'
+```
+
+Where:
+
+- `$BRIG_HOST` is the base URL for your brig host
+- `$ADMIN_EMAIL` is the email for the admin account for the new team
+- `$ADMIN_PASSWORD` is the password for the admin account for the new team
+- `$NAME_OF_TEAM` is the name of the team newly created
+
+Out of the result of this command, you will be able to extract an `Admin UUID`, and a `Team UUID`, which you will need later.
+
+Then run:
+
+```sh
+curl -X POST \
+      --header 'Content-Type: application/json' \
+      --header 'Accept: application/json' \
+      -d '{"email":"$ADMIN_EMAIL","password":"$ADMIN_PASSWORD"}' \
+      $BRIG_HOST/login'?persist=false' | jq -r .access_token
+```
+
+Where the values to replace are the same as the command above.
+
+This command should output an access token, take note of it.
+
+Then run:
+
+```sh
+curl -X POST \
+                --header "Authorization: Bearer $ACCESS_TOKEN" \
+                --header 'Content-Type: application/json;charset=utf-8' \
+                --header 'Z-User: '"$ADMIN_UUID" \
+                -d '{ "description": "test '"`date`"'", "password": "'"$ADMIN_PASSWORD"'" }' \
+                $SPAR_HOST/scim/auth-tokens
+```
+
+Where the values to replace are the same as the first command, plus `$ACCESS_TOKEN` is access token you just took note of in the previous command.
+
+Out of the JSON  output of this command, you should be able to extract:
+
+- A SCIM token (`token` value in the JSON).
+- A SCIM token ID (`id` value in the `info` value in the JSON)
+
+Equiped with those tokens, we move on to the next script, `wire-server/hack/bin/create_team.sh <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team.sh>`
+
+This script can be run the following way:
+
+```sh
+./create_team.sh -h <host> -o <owner name> -e <owner email> -p <owner password> -v <email code> -t <team name> -c <team currency>
+```
+
+Where:
+
+- -h \<host>: Base URI of brig. default: `http://localhost:8080`
+- -o \<owner_name>: user display name of the owner of the team to be created.  default: "owner name n/a"
+- -e \<owner_email>: email address of the owner of the team to be created.  default: "owner email n/a"
+- -p \<owner_password>: owner password.  default: "owner pass n/a"
+- -v \<email_code>: validation code received by email after running the previous script/commands.  default: "email code n/a"
+- -t \<team_name>: default: "team name n/a"
+- -c \<team_currency>: default: "USD"
+
+Alternatively, you can manually run the command:
+
+```sh
+curl -i -s --show-error \
+  -XPOST "$BRIG_HOST/register" \
+     -H'Content-type: application/json' \
+     -d'{"name":"$OWNER_NAME","email":"$OWNER_EMAIL","password":"$OWNER_PASSWORD","email_code":"$EMAIL_CODE","team":{"currency":"$TEAM_CURRENCY","icon":"default","name":"$TEAM_NAME"}}'
+```
+
+Where:
+
+- `$BRIG_HOST` is the base URL for your brig service
+- `$OWNER_NAME` is the name of the of the team to be created
+- `$OWNER_PASSWORD` is the password of the owner of the team to be created
+- `$EMAIL_CODE` is the validation code received by email after running the previous script/command
+- `$TEAM_CURRENCY` is the currency of the team
+- `$TEAM_NAME` is the name of the team
diff --git a/docs/src/how-to/administrate/users.rst b/docs/src/how-to/administrate/users.rst
deleted file mode 100644
index e7d1e856dc..0000000000
--- a/docs/src/how-to/administrate/users.rst
+++ /dev/null
@@ -1,609 +0,0 @@
-.. _investigative_tasks:
-
-Investigative tasks (e.g. searching for users as server admin)
----------------------------------------------------------------
-
-This page requires that you have root access to the machines where kubernetes runs on, or have kubernetes permissions allowing you to port-forward arbitrary pods and services.
-
-If you have the `backoffice` pod installed, see also the `backoffice README <https://github.com/wireapp/wire-server/tree/develop/charts/backoffice>`__.
-
-If you don't have `backoffice`, see below for some options:
-
-Manually searching for users in cassandra
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Terminal one:
-
-.. code:: sh
-
-   kubectl port-forward svc/brig 9999:8080
-
-Terminal two: Search for your user by email:
-
-.. code:: sh
-
-   EMAIL=user@example.com
-   curl -v -G localhost:9999/i/users --data-urlencode email=$EMAIL; echo
-   # or, for nicer formatting
-   curl -v -G localhost:9999/i/users --data-urlencode email=$EMAIL | json_pp
-
-You can also search by ``handle`` (unique username) or by phone:
-
-.. code:: sh
-
-   HANDLE=user123
-   curl -v -G localhost:9999/i/users --data-urlencode handles=$HANDLE; echo
-
-   PHONE=+490000000000000 # phone numbers must have the +country prefix and no spaces
-   curl -v -G localhost:9999/i/users --data-urlencode phone=$PHONE; echo
-
-
-Which should give you output like:
-
-.. code:: json
-
-   [
-      {
-         "managed_by" : "wire",
-         "assets" : [
-            {
-               "key" : "3-2-a749af8d-a17b-4445-b360-46c93fc41bc6",
-               "size" : "preview",
-               "type" : "image"
-            },
-            {
-               "size" : "complete",
-               "type" : "image",
-               "key" : "3-2-6cac6b57-9972-4aba-acbb-f078bc538b54"
-            }
-         ],
-         "picture" : [],
-         "accent_id" : 0,
-         "status" : "active",
-         "name" : "somename",
-         "email" : "user@example.com",
-         "id" : "9122e5de-b4fb-40fa-99ad-1b5d7d07bae5",
-         "locale" : "en",
-         "handle" : "user123"
-      }
-   ]
-
-The interesting part is the ``id`` (in the example case ``9122e5de-b4fb-40fa-99ad-1b5d7d07bae5``):
-
-.. _user-deletion:
-
-Deleting a user which is not a team user
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following will completely delete a user, its conversations, assets, etc. The only thing remaining will be an entry in cassandra indicating that this user existed in the past (only the UUID remains, all other attributes like name etc are purged)
-
-You can now delete that user by double-checking that the user you wish to delete is really the correct user:
-
-.. code:: sh
-
-   # replace the id with the id of the user you want to delete
-   curl -v localhost:9999/i/users/9122e5de-b4fb-40fa-99ad-1b5d7d07bae5 -XDELETE
-
-Afterwards, the previous command (to search for a user in cassandra) should return an empty list (``[]``).
-
-When done, on terminal 1, ctrl+c to cancel the port-forwarding.
-
-Searching and deleting users with no team
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you require users to be part of a team, or for some other reason you need to delete all users who are not part of a team, you need to first find all such users, and then delete them.
-
-To find users that are not part of a team, first you need to connect via SSH to the machine where cassandra is running, and then run the following command:
-
-.. code:: sh
-
-   cqlsh 9042 -e "select team, handle, id from brig.user" | grep -E "^\s+null"
-
-This will give you a list of handles and IDs with no team associated: 
-
-.. code:: sh
-
-   null |       null | bc22119f-ce11-4402-aa70-307a58fb22ec
-   null |        tom | 8ecee3d0-47a4-43ff-977b-40a4fc350fed
-   null |      alice | 2a4c3468-c1e6-422f-bc4d-4aeff47941ac
-   null |       null | 1b5ca44a-aeb4-4a68-861b-48612438c4cc
-   null |        bob | 701b4eab-6df2-476d-a818-90dc93e8446e
-
-You can then `delete each user with these instructions <./users.html#deleting-a-user-which-is-not-a-team-user>`__.
-
-Manual search on elasticsearch (via brig, recommended)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This should only be necessary in the case of some (suspected) data inconsistency between cassandra and elasticsearch.
-
-Terminal one:
-
-.. code:: sh
-
-   kubectl port-forward svc/brig 9999:8080
-
-Terminal two: Search for your user by name or handle or a prefix of that handle or name:
-
-.. code:: sh
-
-   NAMEORPREFIX=test7
-   UUID=$(cat /proc/sys/kernel/random/uuid)
-   curl -H "Z-User:$UUID" "http://localhost:9999/search/contacts?q=$NAMEORPREFIX"; echo
-   # or, for pretty output:
-   curl -H "Z-User:$UUID" "http://localhost:9999/search/contacts?q=$NAMEORPREFIX" | json_pp
-
-If no match is found, expect a query like this:
-
-.. code:: json
-
-   {"took":91,"found":0,"documents":[],"returned":0}
-
-If matches are found, the result should look like this:
-
-.. code:: json
-
-   {
-      "found" : 2,
-      "documents" : [
-         {
-            "id" : "dbdbf370-48b3-4e1e-b377-76d7d4cbb4f2",
-            "name" : "Test",
-            "handle" : "test7",
-            "accent_id" : 7
-         },
-         {
-            "name" : "Test",
-            "accent_id" : 0,
-            "handle" : "test7476",
-            "id" : "a93240b0-ba89-441e-b8ee-ff4403808f93"
-         }
-      ],
-      "returned" : 2,
-      "took" : 4
-   }
-
-How to manually search for a user on elasticsearh directly (not recommended)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-First, ssh to an elasticsearch instance.
-
-.. code:: sh
-
-  ssh <ip of elasticsearch instance>
-
-Then run the following:
-
-.. code:: sh
-
-   PREFIX=...
-   curl -s "http://localhost:9200/directory/_search?q=$PREFIX" | json_pp
-
-The `id` (UUID) returned can be used when deleting (see below).
-
-How to manually delete a user from elasticsearch only
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. warning::
-
-   This is NOT RECOMMENDED. Be sure you know what you're doing. This only deletes the user from elasticsearch, but not from cassandra. Any change of e.g. the username or displayname of that user means this user will re-appear in the elasticsearch database. Instead, either fully delete a user: :ref:`user-deletion` or make use of the internal GET/PUT ``/i/searchable`` endpoint on brig to make this user prefix-unsearchable.
-
-If, despite the warning, you wish to continue?
-
-First, ssh to an elasticsearch instance:
-
-.. code:: sh
-
-  ssh <ip of elasticsearch instance>
-
-Next, check that the user exists:
-
-.. code:: sh
-
-   UUID=...
-   curl -s "http://localhost:9200/directory/user/$UUID" | json_pp
-
-That should return a ``"found": true``, like this:
-
-.. code:: json
-
-   {
-      "_type" : "user",
-      "_version" : 1575998428262000,
-      "_id" : "b3e9e445-fb02-47f3-bac0-63f5f680d258",
-      "found" : true,
-      "_index" : "directory",
-      "_source" : {
-         "normalized" : "Mr Test",
-         "handle" : "test12345",
-         "id" : "b3e9e445-fb02-47f3-bac0-63f5f680d258",
-         "name" : "Mr Test",
-         "accent_id" : 1
-      }
-   }
-
-
-Then delete it:
-
-.. code:: sh
-
-   UUID=...
-   curl -s -XDELETE "http://localhost:9200/directory/user/$UUID" | json_pp
-
-Mass-invite users to a team
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you need to invite members to a specific given team, you can use the ``create_team_members.sh`` Bash script, located `here <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh>`__.
-
-This script does not create users or causes them to join a team by itself, instead, it sends invites to potential users via email, and when users accept the invitation, they create their account, set their password, and are added to the team as team members.
-
-Input is a `CSV file <https://en.wikipedia.org/wiki/Comma-separated_values>`__, in comma-separated format, in the form ``'Email,Suggested User Name'``.
-
-You also need to specify the inviting admin user, the team, the URI for the Brig (`API <https://docs.wire.com/understand/federation/api.html?highlight=brig>`__) service (Host), and finally the input (CSV) file containing the users to invite.
-
-The exact format for the parameters passed to the script is `as follows <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh#L17>`__:
-
-* ``-a <admin uuid>``: `User ID <https://docs.wire.com/understand/federation/api.html?highlight=user%20id#qualified-identifiers-and-names>`__ in `UUID format <https://en.wikipedia.org/wiki/Universally_unique_identifier>`__ of the inviting admin. For example ``9122e5de-b4fb-40fa-99ad-1b5d7d07bae5``.
-* ``-t <team uuid>``: ID of the inviting team, same format.
-* ``-h <host>``: Base URI of brig's internal endpoint.
-* ``-c <input file>``: file containing info on the invitees in format 'Email,UserName'.
-
-For example, one such execution of the script could look like:
-
-.. code:: sh
-
-   sh create_team_members.sh -a 9122e5de-b4fb-40fa-99ad-1b5d7d07bae5 -t 123e4567-e89b-12d3-a456-426614174000 -h http://localhost:9999 -c users_to_invite.csv
-
-Note: the 'http://localhost:9999' implies you are running the 'kubectl port-forward' given at the top of this document
-.
-Once the script is run, invitations will be sent to each user in the file every second until all invitations have been sent.
-
-If you have a lot of invitations to send and this is too slow, you can speed things up by commenting `this line <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team_members.sh#L91>`__.
-
-
-How to obtain logs from an Android client to investigate issues
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Wire clients communicate with Wire servers (backend).
-
-Sometimes to investigate server issues, you (or the Wire team) will need client information, in the form of client logs.
-
-In order to obtain client logs on the Android Wire client, follow this procedure:
-
-* Open the Wire app (client) on your Android device
-* Click on the round user icon in the top left of the screen, leading to your user Profile.
-* Click on "Settings" at the bottom of the screen
-* Click on "Advanced" in the menu
-* Check/activate "Collect usage data"
-* Now go back to using your client normally, so usage data is generated. If you have been asked to follow a specific testing regime, or log a specific problem, this is the time to do so.
-* Once enough usage data is generated, go back to the "Advanced" screen (User profile > Settings > Advanced)
-* Click on "Create debug report"
-* A menu will open allowing you to share the debug report, you can now save it or send it via email/any other means to the Wire team.
-
-
-How to obtain logs from an iOS client to investigate issues
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Wire clients communicate with Wire servers (backend).
-
-Sometimes to investigate server issues, you (or the Wire team) will need client information, in the form of client logs.
-
-In order to obtain client logs on the iOS Wire client, follow this procedure:
-
-* Open the Wire app (client) on your iOS device
-* Click on the round user icon in the top left of the screen, leading to your user Profile.
-* Click on "Settings" at the bottom of the screen
-* Click on "Advanced" in the menu
-* Check/activate "Collect usage data"
-* Now go back to using your client normally, so usage data is generated. If you have been asked to follow a specific testing regime, or log a specific problem, this is the time to do so.
-* Once enough usage data is generated, go back to the "Advanced" screen (User profile > Settings > Advanced)
-* Click on "Send report to wire"
-* A menu will open to share the debug report via email, allowing you to send it to the Wire team.
-
-How to retrieve metric values manually
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Metric values are sets of data points about services, such as status and other measures, that can be retrieved at specific endpoints, typically by a monitoring system (such as Prometheus) for monitoring, diagnosis and graphing.
-
-Sometimes, you will want to manually obtain this data that is normally automatically grabbed by Prometheus.
-
-Some of the pods allow you to grab metrics by accessing their ``/i/metrics`` endpoint, in particular:
-
-* ``brig``: User management API
-* ``cannon``: WebSockets API
-* ``cargohold``: Assets storage API
-* ``galley``: Conversations and Teams API
-* ``gundeck``: Push Notifications API
-* ``spar``: Single-Sign-ON and SCIM
-
-For more details on the various services/pods, you can check out `this link <../../understand/overview.html?highlight=gundeck#focus-on-pods>`.
-
-Before you can grab metrics from a pod, you need to find its IP address. You do this by running the following command:
-
-.. code:: sh
-
-   d kubectl get pods -owide
-
-(this presumes you are already in your normal Wire environment, which you obtain by running ``source ./bin/offline-env.sh``)
-
-Which will give you an output that looks something like this:
-
-.. code::
-
-   demo@Ubuntu-1804-bionic-64-minimal:~/Wire-Server$ d kubectl get pods -owide
-   NAME                               READY   STATUS      RESTARTS   AGE     IP              NODE        NOMINATED NODE   READINESS GATES
-   account-pages-784f9b547c-cp444     1/1     Running     0          6d23h   10.233.113.5    kubenode3   <none>           <none>
-   brig-746ddc55fd-6pltz              1/1     Running     0          6d23h   10.233.110.11   kubenode2   <none>           <none>
-   brig-746ddc55fd-d59dw              1/1     Running     0          6d4h    10.233.110.23   kubenode2   <none>           <none>
-   brig-746ddc55fd-zp7jl              1/1     Running     0          6d23h   10.233.113.10   kubenode3   <none>           <none>
-   brig-index-migrate-data-45rm7      0/1     Completed   0          6d23h   10.233.110.9    kubenode2   <none>           <none>
-   cannon-0                           1/1     Running     0          3h1m    10.233.119.41   kubenode1   <none>           <none>
-   cannon-1                           1/1     Running     0          3h1m    10.233.113.47   kubenode3   <none>           <none>
-   cannon-2                           1/1     Running     0          3h1m    10.233.110.51   kubenode2   <none>           <none>
-   cargohold-65bff97fc6-8b9ls         1/1     Running     0          6d4h    10.233.113.20   kubenode3   <none>           <none>
-   cargohold-65bff97fc6-bkx6x         1/1     Running     0          6d23h   10.233.113.4    kubenode3   <none>           <none>
-   cargohold-65bff97fc6-tz8fh         1/1     Running     0          6d23h   10.233.110.5    kubenode2   <none>           <none>
-   cassandra-migrations-bjsdz         0/1     Completed   0          6d23h   10.233.110.3    kubenode2   <none>           <none>
-   demo-smtp-784ddf6989-vmj7t         1/1     Running     0          6d23h   10.233.113.2    kubenode3   <none>           <none>
-   elasticsearch-index-create-7r8g4   0/1     Completed   0          6d23h   10.233.110.4    kubenode2   <none>           <none>
-   fake-aws-sns-6c7c4b7479-wfp82      2/2     Running     0          6d4h    10.233.110.27   kubenode2   <none>           <none>
-   fake-aws-sqs-59fbfbcbd4-n4c5z      2/2     Running     0          6d23h   10.233.110.2    kubenode2   <none>           <none>
-   galley-7c89c44f7b-nm2rr            1/1     Running     0          6d23h   10.233.110.8    kubenode2   <none>           <none>
-   galley-7c89c44f7b-tdxz4            1/1     Running     0          6d23h   10.233.113.6    kubenode3   <none>           <none>
-   galley-7c89c44f7b-tr8pm            1/1     Running     0          6d4h    10.233.110.29   kubenode2   <none>           <none>
-   galley-migrate-data-g66rz          0/1     Completed   0          6d23h   10.233.110.13   kubenode2   <none>           <none>
-   gundeck-7fd75c7c5f-jb8xq           1/1     Running     0          6d23h   10.233.110.6    kubenode2   <none>           <none>
-   gundeck-7fd75c7c5f-lbth9           1/1     Running     0          6d23h   10.233.113.8    kubenode3   <none>           <none>
-   gundeck-7fd75c7c5f-wvcw6           1/1     Running     0          6d4h    10.233.113.23   kubenode3   <none>           <none>
-   nginz-5cdd8b588b-dbn86             2/2     Running     16         6d23h   10.233.113.11   kubenode3   <none>           <none>
-   nginz-5cdd8b588b-gk6rw             2/2     Running     14         6d23h   10.233.110.12   kubenode2   <none>           <none>
-   nginz-5cdd8b588b-jvznt             2/2     Running     11         6d4h    10.233.113.21   kubenode3   <none>           <none>
-   reaper-6957694667-s5vz5            1/1     Running     0          6d4h    10.233.110.26   kubenode2   <none>           <none>
-   redis-ephemeral-master-0           1/1     Running     0          6d23h   10.233.113.3    kubenode3   <none>           <none>
-   spar-56d77f85f6-bw55q              1/1     Running     0          6d23h   10.233.113.9    kubenode3   <none>           <none>
-   spar-56d77f85f6-mczzd              1/1     Running     0          6d4h    10.233.110.28   kubenode2   <none>           <none>
-   spar-56d77f85f6-vvvfq              1/1     Running     0          6d23h   10.233.110.7    kubenode2   <none>           <none>
-   spar-migrate-data-ts4sx            0/1     Completed   0          6d23h   10.233.110.14   kubenode2   <none>           <none>
-   team-settings-fbbb899c-qxx7m       1/1     Running     0          6d4h    10.233.110.24   kubenode2   <none>           <none>
-   webapp-d97869795-grnft             1/1     Running     0          6d4h    10.233.110.25   kubenode2   <none>           <none>
-
-Here presuming we need to get metrics from ``gundeck``, we can see the IP of one of the gundeck pods is ``10.233.110.6``.
-
-We can therefore connect to node ``kubenode2`` on which this pod runs with ``ssh kubenode2.your-domain.com``, and run the following:
-
-.. code:: sh
-
-   curl 10.233.110.6:8080/i/metrics
-
-Alternatively, if you don't want to, or can't for some reason, connect to kubenode2, you can use port redirect instead:
-
-.. code:: sh
-
-   # Allow Gundeck to be reached via the port 7777
-   kubectl --kubeconfig kubeconfig.dec -n wire port-forward service/gundeck 7777:8080
-   # Reach Gundeck directly at port 7777 using curl, output resulting data to stdout/terminal
-   curl -v http://127.0.0.1:7777/i/metrics
-
-Output will look something like this (truncated):
-
-.. code:: sh
-
-   # HELP gc_seconds_wall Wall clock time spent on last GC
-   # TYPE gc_seconds_wall gauge
-   gc_seconds_wall 5481304.0
-   # HELP gc_seconds_cpu CPU time spent on last GC
-   # TYPE gc_seconds_cpu gauge
-   gc_seconds_cpu 5479828.0
-   # HELP gc_bytes_used_current Number of bytes in active use as of the last GC
-   # TYPE gc_bytes_used_current gauge
-   gc_bytes_used_current 1535232.0
-   # HELP gc_bytes_used_max Maximum amount of memory living on the heap after the last major GC
-   # TYPE gc_bytes_used_max gauge
-   gc_bytes_used_max 2685312.0
-   # HELP gc_bytes_allocated_total Bytes allocated since the start of the server
-   # TYPE gc_bytes_allocated_total gauge
-   gc_bytes_allocated_total 4.949156056e9
-
-This example is for Gundeck, but you can also get metrics for other services. All k8s services are listed at `this link <../../understand/overview.html?highlight=gundeck#focus-on-pods>`__.
-
-This is an example adapted for Cannon:
-
-.. code:: sh
-
-   kubectl --kubeconfig kubeconfig.dec -n wire port-forward service/cannon 7777:8080
-   curl -v http://127.0.0.1:7777/i/metrics
-
-In the output of this command, ``net_websocket_clients`` is roughly the number of connected clients.
-
-.. _reset session cookies:
-
-Reset session cookies
-~~~~~~~~~~~~~~~~~~~~~
-
-Remove session cookies on your system to force users to login again within the next 15 minutes (or whenever they come back online):
-
-.. warning::
-   This will cause interruptions to ongoing calls and should be timed properly.
-
-Reset cookies of all users
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. code:: sh
-
-   ssh <name or IP of brig-cassandra>
-   # from the ssh session
-   cqlsh
-   # from the cqlsh shell
-   truncate brig.user_cookies;
-
-Reset cookies for a defined list of users
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. code:: sh
-
-   ssh <name or IP of brig-cassandra>
-   # within the ssh session
-   cqlsh
-   # within the cqlsh shell: delete all users by userId
-   delete from brig.user_cookies where user in (c0d64244-8ab4-11ec-8fda-37788be3a4e2, ...);
-
-(Keep reading if you want to find out which users on your system are using SSO.)
-
-.. _identify sso users:
-
-Identify all users using SSO
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Collect all teams configured with an IdP:
-
-.. code:: sh
-
-   ssh <name or IP of spar-cassandra>
-   # within the ssh session start cqlsh
-   cqlsh
-   # within the cqlsh shell export all teams with idp
-   copy spar.idp (team) TO 'teams_with_idp.csv' with header=false;
-
-Close the session and proceed locally:
-
-.. code:: sh
-
-   # download csv file
-   scp <name or IP of spar-cassandra>:teams_with_idp.csv .
-   # convert to a single line, comma separated list
-   tr '\n' ',' < teams_with_idp.csv; echo
-
-And use this list to get all team members in these teams:
-
-.. code:: sh
-
-   ssh <name or IP of galley-cassandra>
-   # within the ssh session start cqlsh
-   cqlsh
-   # within the cqlsh shell select all members of previous identified teams
-   # <output of tr> should look like this: f2207d98-8ab3-11ec-b689-07fc1fd409c9, ...
-   select user from galley.team_member where team in (<output of tr>);
-   # alternatively, export the list of all users (for filterling locally in eg. excel)
-   copy galley.team_member (user, team, sso_id) TO 'users_with_idp.csv' with header=true;
-
-Close the session and proceed locally to generate the list of all users from teams with IdP:
-
-.. code:: sh
-
-   # download csv file
-   scp <name or IP of brig-cassandra>:users_with_idp.csv .
-   # convert to a single line, comma separated list
-   tr '\n' ',' < users_with_idp.csv; echo
-
-
-.. note::
-   Don't forget to dellete the created csv files after you have downloaded/processed them.
-
-Create a team using the SCIM API
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you need to create a team manually, maybe because team creation was blocked in the "teams" interface, follow this procedure:
-
-First download or locate this bash script: `wire-server/hack/bin/create_test_team_scim.sh <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_test_team_scim.sh>`
-
-Then, run it the following way:
-
-.. code:: sh
-
-   ./create_test_team_scim.sh -h <brig host> -s <spar host>
-
-Where:
-
-* In `-h <brig host>`, replace `<brig host>` with the base URL for your brig host (for example: `https://brig-host.your-domain.com`, defaults to `http://localhost:8082`)
-* In `-s <spar host>`, replace `<spar host>` with the base URL for your spar host (for example: `https://spar-host.your-domain.com`, defaults to `http://localhost:8088`)
-
-You might also need to edit the admin email and admin passwords at lines `48` and `49` of the script.
-
-To learn more about the different pods and how to identify them, see `this page<https://docs.wire.com/understand/overview.html#focus-on-pods>`.
-
-You can list your pods with `kubectl get pods --namespace wire`.
-
-Alternatively, you can run the series of commands manually with `curl`, like this:
-
-.. code:: sh
-
-   curl -i -s --show-error \
-    -XPOST "$BRIG_HOST/i/users" \
-    -H'Content-type: application/json' \
-    -d'{"email":"$ADMIN_EMAIL","password":"$ADMIN_PASSWORD","name":"$NAME_OF_TEAM","team":{"name":"$NAME_OF_TEAM","icon":"default"}}'
-
-Where:
-
-* `$BRIG_HOST` is the base URL for your brig host
-* `$ADMIN_EMAIL` is the email for the admin account for the new team
-* `$ADMIN_PASSWORD` is the password for the admin account for the new team
-* `$NAME_OF_TEAM` is the name of the team newly created
-
-Out of the result of this command, you will be able to extract an `Admin UUID`, and a `Team UUID`, which you will need later.
-
-Then run:
-
-.. code:: sh
-
-        curl -X POST \
-              --header 'Content-Type: application/json' \
-              --header 'Accept: application/json' \
-              -d '{"email":"$ADMIN_EMAIL","password":"$ADMIN_PASSWORD"}' \
-              $BRIG_HOST/login'?persist=false' | jq -r .access_token
-
-Where the values to replace are the same as the command above.
-
-This command should output an access token, take note of it.
-
-Then run:
-
-.. code:: sh
-
-       curl -X POST \
-                       --header "Authorization: Bearer $ACCESS_TOKEN" \
-                       --header 'Content-Type: application/json;charset=utf-8' \
-                       --header 'Z-User: '"$ADMIN_UUID" \
-                       -d '{ "description": "test '"`date`"'", "password": "'"$ADMIN_PASSWORD"'" }' \
-                       $SPAR_HOST/scim/auth-tokens
-
-Where the values to replace are the same as the first command, plus `$ACCESS_TOKEN` is access token you just took note of in the previous command. 
-
-Out of the JSON  output of this command, you should be able to extract: 
-
-* A SCIM token (`token` value in the JSON).
-* A SCIM token ID (`id` value in the `info` value in the JSON)
-
-Equiped with those tokens, we move on to the next script, `wire-server/hack/bin/create_team.sh <https://github.com/wireapp/wire-server/blob/develop/hack/bin/create_team.sh>`
-
-This script can be run the following way:
-
-.. code:: sh
-
-    ./create_team.sh -h <host> -o <owner name> -e <owner email> -p <owner password> -v <email code> -t <team name> -c <team currency>    
-
-Where:
-
-*    -h <host>: Base URI of brig. default: `http://localhost:8080`
-*    -o <owner_name>: user display name of the owner of the team to be created.  default: "owner name n/a"
-*    -e <owner_email>: email address of the owner of the team to be created.  default: "owner email n/a"
-*    -p <owner_password>: owner password.  default: "owner pass n/a"
-*    -v <email_code>: validation code received by email after running the previous script/commands.  default: "email code n/a"
-*    -t <team_name>: default: "team name n/a"
-*    -c <team_currency>: default: "USD"
-
-Alternatively, you can manually run the command:
-
-.. code:: sh
-
-   curl -i -s --show-error \
-     -XPOST "$BRIG_HOST/register" \
-        -H'Content-type: application/json' \
-        -d'{"name":"$OWNER_NAME","email":"$OWNER_EMAIL","password":"$OWNER_PASSWORD","email_code":"$EMAIL_CODE","team":{"currency":"$TEAM_CURRENCY","icon":"default","name":"$TEAM_NAME"}}'
-
-Where:
-
-* `$BRIG_HOST` is the base URL for your brig service
-* `$OWNER_NAME` is the name of the of the team to be created
-* `$OWNER_PASSWORD` is the password of the owner of the team to be created
-* `$EMAIL_CODE` is the validation code received by email after running the previous script/command
-* `$TEAM_CURRENCY` is the currency of the team
-* `$TEAM_NAME` is the name of the team
diff --git a/docs/src/how-to/associate/custom-backend-for-desktop-client.md b/docs/src/how-to/associate/custom-backend-for-desktop-client.md
new file mode 100644
index 0000000000..ad66ca975e
--- /dev/null
+++ b/docs/src/how-to/associate/custom-backend-for-desktop-client.md
@@ -0,0 +1,79 @@
+# How to connect the desktop application to a custom backend
+
+## Introduction
+
+This page explains how to connect the Wire desktop client to a custom Backend, which can be done either via a start-up parameter or via an initialization file.
+
+## Prerequisites
+
+Install Wire either from the App Store, or download it from our website at (<https://wire.com/en/download/>)
+
+Have a running Wire backend in your infrastructure/cloud.
+
+Note down the full URL of the webapp served by that backend (e.g. <https://app.custom-wire.com> )
+
+## Using start-up parameters
+
+### Windows
+
+- Create a shortcut to the Wire application
+- Edit the shortcut ( Right click > Properties )
+- Add the following command line parameters to the shortcut: `--env {URL}`, where `{URL}` is the URL of your webapp as noted down above
+
+### MacOS
+
+To create the application
+
+- Open Automator
+- Click New application
+- Add the "Run shell script" phase
+- Type in the script panel the following command: `open -b com.wearezeta.zclient.mac --args --env {URL}`, where `{URL}` is the URL of your webapp as noted down above
+- Save the application from Automator (e.g. on your desktop or in Application)
+- To run the application: Just open the application you created in the first step
+
+### Linux
+
+- Open a Terminal
+- Start the application with the command line arguments: `--env {URL}`, where `{URL}` is the URL of your webapp as noted down above
+
+## Using an initialization file
+
+By providing an initialization file the instance connection parameters and/or proxy settings for the Wire desktop application can be pre-configured. This requires Wire version >= 3.27.
+
+Create a file named `init.json` and set `customWebAppURL` and optionally `proxyServerURL` e.g. as follows:
+
+```json
+{
+  "customWebAppURL": "https://app.custom-wire.com",
+  "env": "CUSTOM",
+  "proxyServerURL": "http://127.0.0.1:3128",
+}
+```
+
+The `env` setting must be set to `CUSTOM` for this to work.
+
+```{note}
+Consult your site admin to learn what goes into these settings. The value of `customWebAppURL` can be found [here](https://github.com/wireapp/wire-server/blob/e6aa50913cdcfde1200114787baabf7896394a2f/charts/webapp/templates/deployment.yaml#L40-L41) or [resp. here](https://github.com/wireapp/wire-server/blob/e6aa50913cdcfde1200114787baabf7896394a2f/charts/webapp/values.yaml#L26).  The value of `proxyServerURL` is your browser proxy.  It depends on the configuration of the network your client is running in.
+```
+
+### Windows
+
+Move the `init.json` file to `%APPDATA%\Wire\config\init.json` if it does not already exist. Otherwise update it accordingly.
+
+### MacOS
+
+Move the `init.json` file to
+
+```
+~/Library/Containers/com.wearezeta.zclient.mac/Data/Library/Application\ Support/Wire/config/init.json
+```
+
+if it does not already exist. Otherwise, update it accordingly.
+
+### Linux
+
+On Linux the `init.json` file should be located in the following directory:
+
+```
+$HOME/.config/Wire/config/init.json
+```
diff --git a/docs/src/how-to/associate/custom-backend-for-desktop-client.rst b/docs/src/how-to/associate/custom-backend-for-desktop-client.rst
deleted file mode 100644
index 6f4f768345..0000000000
--- a/docs/src/how-to/associate/custom-backend-for-desktop-client.rst
+++ /dev/null
@@ -1,90 +0,0 @@
-How to connect the desktop application to a custom backend
-==========================================================
-
-Introduction
-------------
-
-This page explains how to connect the Wire desktop client to a custom Backend, which can be done either via a start-up parameter or via an initialization file.
-
-Prerequisites
---------------
-
-Install Wire either from the App Store, or download it from our website at (https://wire.com/en/download/)
-
-Have a running Wire backend in your infrastructure/cloud. 
-
-Note down the full URL of the webapp served by that backend (e.g. https://app.custom-wire.com )
-
-Using start-up parameters
--------------------------
-
-Windows
-~~~~~~~
-
-- Create a shortcut to the Wire application
-- Edit the shortcut ( Right click > Properties )
-- Add the following command line parameters to the shortcut: `--env {URL}`, where `{URL}` is the URL of your webapp as noted down above
-
-MacOS
-~~~~~
-
-To create the application
-
-- Open Automator 
-- Click New application
-- Add the "Run shell script" phase
-- Type in the script panel the following command: `open -b com.wearezeta.zclient.mac --args --env {URL}`, where `{URL}` is the URL of your webapp as noted down above
-- Save the application from Automator (e.g. on your desktop or in Application)
-- To run the application: Just open the application you created in the first step
-
-Linux
-~~~~~
-
-- Open a Terminal
-- Start the application with the command line arguments: `--env {URL}`, where `{URL}` is the URL of your webapp as noted down above
-
-Using an initialization file
-----------------------------
-
-By providing an initialization file the instance connection parameters and/or proxy settings for the Wire desktop application can be pre-configured. This requires Wire version >= 3.27.
-
-Create a file named ``init.json`` and set ``customWebAppURL`` and optionally ``proxyServerURL`` e.g. as follows:
-
-.. code-block:: json
-
-  {
-    "customWebAppURL": "https://app.custom-wire.com",
-    "env": "CUSTOM",
-    "proxyServerURL": "http://127.0.0.1:3128",
-  }
-
-The ``env`` setting must be set to ``CUSTOM`` for this to work.
-
-.. note:: 
-  
-    Consult your site admin to learn what goes into these settings. The value of ``customWebAppURL`` can be found `here <https://github.com/wireapp/wire-server/blob/e6aa50913cdcfde1200114787baabf7896394a2f/charts/webapp/templates/deployment.yaml#L40-L41>`_ or `resp. here <https://github.com/wireapp/wire-server/blob/e6aa50913cdcfde1200114787baabf7896394a2f/charts/webapp/values.yaml#L26>`_.  The value of ``proxyServerURL`` is your browser proxy.  It depends on the configuration of the network your client is running in.
-
-Windows
-~~~~~~~
-
-Move the ``init.json`` file to ``%APPDATA%\Wire\config\init.json`` if it does not already exist. Otherwise update it accordingly.
-
-MacOS
-~~~~~
-
-Move the ``init.json`` file to 
-
-::
-
-    ~/Library/Containers/com.wearezeta.zclient.mac/Data/Library/Application\ Support/Wire/config/init.json
-    
-if it does not already exist. Otherwise, update it accordingly.
-
-Linux
-~~~~~
-
-On Linux the ``init.json`` file should be located in the following directory:
-
-::
-
-    $HOME/.config/Wire/config/init.json
diff --git a/docs/src/how-to/associate/custom-certificates.rst b/docs/src/how-to/associate/custom-certificates.md
similarity index 80%
rename from docs/src/how-to/associate/custom-certificates.rst
rename to docs/src/how-to/associate/custom-certificates.md
index 3a5c15b852..2c52391570 100644
--- a/docs/src/how-to/associate/custom-certificates.rst
+++ b/docs/src/how-to/associate/custom-certificates.md
@@ -1,10 +1,9 @@
-Custom root certificates
--------------------------
+# Custom root certificates
 
 In case you have installed wire-server using certificates signed using a custom root CA (certificate authority) which is not trusted by default by browsers and systems, then you need to ensure Wire-clients (on Android, Desktop, iOS, and the Web) trust this root certificate.
 
 The following details the procedure for Desktop and Web on Linux/Windows:
 
-https://thomas-leister.de/en/how-to-import-ca-root-certificate/
+<https://thomas-leister.de/en/how-to-import-ca-root-certificate/>
 
 For Android and iOS, if you know how to trust custom certificates, please let use know so we can update this documentation.
diff --git a/docs/src/how-to/associate/deeplink.md b/docs/src/how-to/associate/deeplink.md
new file mode 100644
index 0000000000..d3bfc77e27
--- /dev/null
+++ b/docs/src/how-to/associate/deeplink.md
@@ -0,0 +1,174 @@
+# Using a Deep Link to connect an App to a Custom Backend
+
+## Introduction
+
+Once you have your own wire-server set up and configured, you may want to use a client other than the web interface (webapp). There are a few ways to accomplish this:
+
+- **Using a Deep Link** (which this page is all about)
+- Registering your backend instance with the hosted SaaS backend for re-direction. For which you might need to talk to the folks @ Wire (the company).
+
+Assumptions:
+
+- You have wire-server installed and working
+- You have a familiarity with JSON files
+- You can place a JSON file on an HTTPS supporting web server somewhere your users can reach.
+
+Supported client apps:
+
+- iOS
+- Android
+
+```{note}
+Wire deeplinks can be used to redirect a mobile (Android, iOS) Wire app to a specific backend URL. Deeplinks have no further ability implemented at this stage.
+```
+
+## Connecting to a custom backend utilizing a Deep Link
+
+A deep link is a special link a user can click on after installing wire, but before setting it up. This link instructs their wire client to connect to your wire-server, rather than wire.com.
+
+### With Added Proxy
+
+In addition to connect to a custom backend a user can specify a socks proxy to add another layer to the network and make the api calls go through the proxy.
+
+## From a user's perspective:
+
+1. First, a user installs the app from the store
+2. The user clicks on a deep link, which is formatted similar to: `wire://access/?config=https://eu-north2.mycustomdomain.de/configs/backend1.json` (notice the protocol prefix: `wire://`)
+3. The app will ask the user to confirm that they want to connect to a custom backend. If the user cancels, the app exits.
+4. Assuming the user did not cancel, the app will download the file `eu-north2.mycustomdomain.de/configs/backend1.json` via HTTPS. If it can't download the file or the file doesn't match the expected structure, the wire client will display an error message (*'sInvalid link'*).
+5. The app will memorize the various hosts (REST, websocket, team settings, website, support) specified in the JSON and use those when talking to your backend.
+6. In the welcome page of the app, a "pill" (header) is shown at the top, to remind the user that they are now on a custom backend. A button "Show more" shows the URL of where the configuration was fetched from.
+
+### With Added Proxy
+
+In addition to the previous points
+
+7. The app will remember the (proxy host, proxy port, if the proxy need authentication)
+8. In the login page the user will see new section to add the proxy credentials if the proxy need authentication
+
+## From the administrator's (your) perspective:
+
+You need to host two static files, then let your users know how to connect. There are three options listed (in order of recommendation) for hosting the static files.
+
+Note on the meaning of the URLs used below:
+
+`backendURL`
+
+: Use the backend API entrypoint URL, by convention `https://nginz-https.<domain>`
+
+`backendWSURL`
+
+: Use the backend Websocket API entrypoint URL, by convention `https://nginz-ssl.<domain>`
+
+`teamsURL`
+
+: Use the URL to the team settings part of the webapp, by convention `https://teams.<domain>`
+
+`accountsURL`
+
+: Use the URL to the account pages part of the webapp, by convention `https://account.<domain>`
+
+`blackListURL`
+
+: is used to disable old versions of Wire clients (mobile apps). It's a prefix URL to which e.g. `/ios` or `/android` is appended. Example URL for the wire.com production servers: `https://clientblacklist.wire.com/prod` and example json files: [android](https://clientblacklist.wire.com/prod/android) and [iPhone](https://clientblacklist.wire.com/prod/ios) .
+
+`websiteURL`
+
+: Is used as a basis for a few links within the app pointing to FAQs and troubleshooting pages for end users. You can leave this as `https://wire.com` or host your own alternative pages and point this to your own website with the equivalent pages references from within the app.
+
+`title`
+
+: Arbitrary string that may show up in a few places in the app. Should be used as an identifier of the backend servers in question.
+
+### With Added Proxy
+
+`apiProxy:host (optional)`
+
+: Is used to specify a proxy to be added to the network engine, so the API calls will go through it to add more security layer.
+
+`apiProxy:port (optional)`
+
+: Is used to specify the port number for the proxy when we create the proxy object in the network layer.
+
+`apiProxy:needsAuthentication (optional)`
+
+: Is used to specify if the proxy need an authentication, so we can show the section during the login to enter the proxy credentials.
+
+#### Host a deeplink together with your Wire installation
+
+As of release `2.117.0` from `2021-10-29` (see `release notes<release-notes>`), you can configure your deeplink endpoints to match your installation and DNS records (see explanations above)
+
+```yaml
+# override values for wire-server
+# (e.g. under ./helm_vars/wire-server/values.yaml)
+nginz:
+  nginx_conf:
+    deeplink:
+      endpoints:
+        backendURL: "https://nginz-https.example.com"
+        backendWSURL: "https://nginz-ssl.example.com"
+        teamsURL: "https://teams.example.com"
+        accountsURL: "https://account.example.com"
+        blackListURL: "https://clientblacklist.wire.com/prod"
+        websiteURL: "https://wire.com"
+      apiProxy: # (optional)
+        host: "socks5.proxy.com"
+        port: 1080
+        needsAuthentication: true
+      title: "My Custom Wire Backend"
+```
+
+(As with any configuration changes, you need to apply them following your usual way of updating configuration (e.g. 'helm upgrade...'))
+
+Now both static files should become accessible at the backend domain under `/deeplink.json` and `deeplink.html`:
+
+- `https://nginz-https.<domain>/deeplink.json`
+- `https://nginz-https.<domain>/deeplink.html`
+
+#### Host a deeplink using minio (deprecated)
+
+*If possible, prefer the option in the subsection above or below. This subsection is kept for backwards compatibility.*
+
+**If you're using minio** installed using the ansible code from [wire-server-deploy](https://github.com/wireapp/wire-server-deploy/blob/master/ansible/), then the [minio ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/master/ansible/minio.yml#L75-L88) (make sure to override these variables) creates a json and a html file in the right format, and makes it accessible at `https://assets.<domain>/public/deeplink.json` and at `https://assets.<domain>/public/deeplink.html`
+
+#### Host a deeplink file using your own web server
+
+Otherwise you need to create a `.json` file, and host it somewhere users can get to. This `.json` file needs to specify the URLs of your backend. For the production wire server that we host, the JSON would look like:
+
+```json
+{
+   "endpoints" : {
+      "backendURL" : "https://prod-nginz-https.wire.com",
+      "backendWSURL" : "https://prod-nginz-ssl.wire.com",
+      "blackListURL" : "https://clientblacklist.wire.com/prod",
+      "teamsURL" : "https://teams.wire.com",
+      "accountsURL" : "https://accounts.wire.com",
+      "websiteURL" : "https://wire.com"
+   },
+   "apiProxy" : {
+      "host" : "socks5.proxy.com",
+      "port" : 1080,
+      "needsAuthentication" : true
+   },
+   "title" : "Production"
+}
+```
+
+**IMPORTANT NOTE:** Clients require **ALL** keys to be present in the JSON file; if some of these keys are irrelevant to your installation (e.g., you don't have a websiteURL) you can leave these values as indicated in the above example.
+
+There is no requirement for these hosts to be consistent, e.g. the REST endpoint could be `wireapp.pineapple.com` and the team setting `teams.banana.com`. If you have been following this documentation closely, these hosts will likely be consistent in naming, regardless.
+
+You now need to get a link referring to that `.json` file to your users, prepended with `wire://access/?config=`. For example, you can save the above `.json` file as `https://example.com/wire.json`, and save the following HTML content as `https://example.com/wire.html`:
+
+```html
+<html>
+  <head></head>
+  <body>
+    <a href="wire://access/?config=https://example.com/wire.json">link</a>
+  </body>
+</html>
+```
+
+## Next steps
+
+Now, you can e.g. email or otherwise provide a link to the deeplink HTML page to your users on their mobile devices, and they can follow the above procedure, by clicking on `link`.
diff --git a/docs/src/how-to/associate/deeplink.rst b/docs/src/how-to/associate/deeplink.rst
deleted file mode 100644
index 1ef53550b1..0000000000
--- a/docs/src/how-to/associate/deeplink.rst
+++ /dev/null
@@ -1,174 +0,0 @@
-Using a Deep Link to connect an App to a Custom Backend
-=======================================================
-
-Introduction
-------------
-
-Once you have your own wire-server set up and configured, you may want to use a client other than the web interface (webapp). There are a few ways to accomplish this:
-
-- **Using a Deep Link** (which this page is all about)
-- Registering your backend instance with the hosted SaaS backend for re-direction. For which you might need to talk to the folks @ Wire (the company).
-
-Assumptions:
-
-- You have wire-server installed and working
-- You have a familiarity with JSON files
-- You can place a JSON file on an HTTPS supporting web server somewhere your users can reach.
-
-Supported client apps:
-
-- iOS
-- Android
-
-.. note::
-   Wire deeplinks can be used to redirect a mobile (Android, iOS) Wire app to a specific backend URL. Deeplinks have no further ability implemented at this stage.
-
-Connecting to a custom backend utilizing a Deep Link
-----------------------------------------------------
-
-A deep link is a special link a user can click on after installing wire, but before setting it up. This link instructs their wire client to connect to your wire-server, rather than wire.com.
-
-With Added Proxy
-~~~~~~~~~~~~~~~~
-In addition to connect to a custom backend a user can specify a socks proxy to add another layer to the network and make the api calls go through the proxy.
-
-From a user's perspective:
---------------------------
-
-1. First, a user installs the app from the store
-2. The user clicks on a deep link, which is formatted similar to: ``wire://access/?config=https://eu-north2.mycustomdomain.de/configs/backend1.json`` (notice the protocol prefix: ``wire://``)
-3. The app will ask the user to confirm that they want to connect to a custom backend. If the user cancels, the app exits.
-4. Assuming the user did not cancel, the app will download the file ``eu-north2.mycustomdomain.de/configs/backend1.json`` via HTTPS. If it can't download the file or the file doesn't match the expected structure, the wire client will display an error message (*'sInvalid link'*).
-5. The app will memorize the various hosts (REST, websocket, team settings, website, support) specified in the JSON and use those when talking to your backend.
-6. In the welcome page of the app, a "pill" (header) is shown at the top, to remind the user that they are now on a custom backend. A button "Show more" shows the URL of where the configuration was fetched from.
-
-With Added Proxy
-~~~~~~~~~~~~~~~~
-In addition to the previous points
-
-7. The app will remember the (proxy host, proxy port, if the proxy need authentication)
-8. In the login page the user will see new section to add the proxy credentials if the proxy need authentication
-
-
-From the administrator's (your) perspective:
---------------------------------------------
-
-You need to host two static files, then let your users know how to connect. There are three options listed (in order of recommendation) for hosting the static files.
-
-Note on the meaning of the URLs used below:
-
-``backendURL``
-   Use the backend API entrypoint URL, by convention ``https://nginz-https.<domain>``
-
-``backendWSURL``
-   Use the backend Websocket API entrypoint URL, by convention ``https://nginz-ssl.<domain>``
-
-``teamsURL``
-   Use the URL to the team settings part of the webapp, by convention ``https://teams.<domain>``
-
-``accountsURL``
-   Use the URL to the account pages part of the webapp, by convention ``https://account.<domain>``
-
-``blackListURL``
-   is used to disable old versions of Wire clients (mobile apps). It's a prefix URL to which e.g. `/ios` or `/android` is appended. Example URL for the wire.com production servers: ``https://clientblacklist.wire.com/prod`` and example json files: `android <https://clientblacklist.wire.com/prod/android>`_ and `iPhone <https://clientblacklist.wire.com/prod/ios>`_ .
-
-``websiteURL``
-   Is used as a basis for a few links within the app pointing to FAQs and troubleshooting pages for end users. You can leave this as ``https://wire.com`` or host your own alternative pages and point this to your own website with the equivalent pages references from within the app.
-
-``title``
-   Arbitrary string that may show up in a few places in the app. Should be used as an identifier of the backend servers in question.
-
-With Added Proxy
-~~~~~~~~~~~~~~~~
-
-``apiProxy:host (optional)``
-   Is used to specify a proxy to be added to the network engine, so the API calls will go through it to add more security layer.
-
-``apiProxy:port (optional)``
-   Is used to specify the port number for the proxy when we create the proxy object in the network layer.
-
-``apiProxy:needsAuthentication (optional)``
-   Is used to specify if the proxy need an authentication, so we can show the section during the login to enter the proxy credentials.
-
-Host a deeplink together with your Wire installation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-As of release ``2.117.0`` from ``2021-10-29`` (see `release notes<release-notes>`), you can configure your deeplink endpoints to match your installation and DNS records (see explanations above)
-
-.. code:: yaml
-
-    # override values for wire-server
-    # (e.g. under ./helm_vars/wire-server/values.yaml)
-    nginz:
-      nginx_conf:
-        deeplink:
-          endpoints:
-            backendURL: "https://nginz-https.example.com"
-            backendWSURL: "https://nginz-ssl.example.com"
-            teamsURL: "https://teams.example.com"
-            accountsURL: "https://account.example.com"
-            blackListURL: "https://clientblacklist.wire.com/prod"
-            websiteURL: "https://wire.com"
-          apiProxy: # (optional)
-            host: "socks5.proxy.com"
-            port: 1080
-            needsAuthentication: true
-          title: "My Custom Wire Backend"
-
-(As with any configuration changes, you need to apply them following your usual way of updating configuration (e.g. 'helm upgrade...'))
-
-Now both static files should become accessible at the backend domain under ``/deeplink.json`` and ``deeplink.html``:
-
-* ``https://nginz-https.<domain>/deeplink.json``
-* ``https://nginz-https.<domain>/deeplink.html``
-
-Host a deeplink using minio (deprecated)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-*If possible, prefer the option in the subsection above or below. This subsection is kept for backwards compatibility.*
-
-**If you're using minio** installed using the ansible code from `wire-server-deploy <https://github.com/wireapp/wire-server-deploy/blob/master/ansible/>`__, then the `minio ansible playbook <https://github.com/wireapp/wire-server-deploy/blob/master/ansible/minio.yml#L75-L88>`__ (make sure to override these variables) creates a json and a html file in the right format, and makes it accessible at ``https://assets.<domain>/public/deeplink.json`` and at ``https://assets.<domain>/public/deeplink.html``
-
-Host a deeplink file using your own web server
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Otherwise you need to create a ``.json`` file, and host it somewhere users can get to. This ``.json`` file needs to specify the URLs of your backend. For the production wire server that we host, the JSON would look like:
-
-.. code:: json
-
-   {
-      "endpoints" : {
-         "backendURL" : "https://prod-nginz-https.wire.com",
-         "backendWSURL" : "https://prod-nginz-ssl.wire.com",
-         "blackListURL" : "https://clientblacklist.wire.com/prod",
-         "teamsURL" : "https://teams.wire.com",
-         "accountsURL" : "https://accounts.wire.com",
-         "websiteURL" : "https://wire.com"
-      },
-      "apiProxy" : {
-         "host" : "socks5.proxy.com",
-         "port" : 1080,
-         "needsAuthentication" : true
-      },
-      "title" : "Production"
-   }
-
-**IMPORTANT NOTE:** Clients require **ALL** keys to be present in the JSON file; if some of these keys are irrelevant to your installation (e.g., you don't have a websiteURL) you can leave these values as indicated in the above example.
-
-There is no requirement for these hosts to be consistent, e.g. the REST endpoint could be `wireapp.pineapple.com` and the team setting `teams.banana.com`. If you have been following this documentation closely, these hosts will likely be consistent in naming, regardless.
-
-You now need to get a link referring to that ``.json`` file to your users, prepended with ``wire://access/?config=``. For example, you can save the above ``.json`` file as ``https://example.com/wire.json``, and save the following HTML content as ``https://example.com/wire.html``:
-
-.. code:: html
-
-   <html>
-     <head></head>
-     <body>
-       <a href="wire://access/?config=https://example.com/wire.json">link</a>
-     </body>
-   </html>
-
-Next steps
-----------
-
-Now, you can e.g. email or otherwise provide a link to the deeplink HTML page to your users on their mobile devices, and they can follow the above procedure, by clicking on ``link``.
diff --git a/docs/src/how-to/associate/index.md b/docs/src/how-to/associate/index.md
new file mode 100644
index 0000000000..3dba99c8f2
--- /dev/null
+++ b/docs/src/how-to/associate/index.md
@@ -0,0 +1,10 @@
+# Connecting Wire Clients
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+
+ How to associate a wire client to a custom backend using a deep link <deeplink.rst>
+ How to use custom root certificates with wire clients <custom-certificates.rst>
+ How to use a custom backend with the desktop client <custom-backend-for-desktop-client.rst>
+```
diff --git a/docs/src/how-to/associate/index.rst b/docs/src/how-to/associate/index.rst
deleted file mode 100644
index 95c7d790f5..0000000000
--- a/docs/src/how-to/associate/index.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-Connecting Wire Clients
-=======================
-
-.. toctree::
-   :maxdepth: 2
-   :glob:
-
-    How to associate a wire client to a custom backend using a deep link <deeplink.rst>
-    How to use custom root certificates with wire clients <custom-certificates.rst>
-    How to use a custom backend with the desktop client <custom-backend-for-desktop-client.rst>
diff --git a/docs/src/how-to/index.md b/docs/src/how-to/index.md
new file mode 100644
index 0000000000..46bf098a9a
--- /dev/null
+++ b/docs/src/how-to/index.md
@@ -0,0 +1,20 @@
+# Administrator's Guide
+
+Documentation on the installation, deployment and administration of Wire
+server components.
+
+```{warning}
+If you already installed Wire by using `poetry`, please refer to the
+[old version](https://docs.wire.com/versions/install-with-poetry/how-to/index.html) of
+the installation guide.
+```
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+
+ How to install wire-server <install/index>
+ How to verify your wire-server installation <post-install/index>
+ How to administrate servers after successful installation <administrate/index>
+ How to connect the public wire clients to your wire-server installation <associate/index>
+```
diff --git a/docs/src/how-to/index.rst b/docs/src/how-to/index.rst
deleted file mode 100644
index 1ba77e0302..0000000000
--- a/docs/src/how-to/index.rst
+++ /dev/null
@@ -1,21 +0,0 @@
-Administrator's Guide
-=====================
-
-Documentation on the installation, deployment and administration of Wire
-server components.
-
-.. warning::
-
-    If you already installed Wire by using ``poetry``, please refer to the
-    `old version </versions/install-with-poetry/how-to/index.html>`__ of
-    the installation guide.
-
-
-.. toctree::
-   :maxdepth: 2
-   :glob:
-
-    How to install wire-server <install/index.rst>
-    How to verify your wire-server installation <post-install/index.rst>
-    How to administrate servers after successful installation <administrate/index.rst>
-    How to connect the public wire clients to your wire-server installation <associate/index.rst>
diff --git a/docs/src/how-to/install/ansible-VMs.md b/docs/src/how-to/install/ansible-VMs.md
new file mode 100644
index 0000000000..2627eea5d9
--- /dev/null
+++ b/docs/src/how-to/install/ansible-VMs.md
@@ -0,0 +1,275 @@
+(ansible-vms)=
+
+# Installing kubernetes and databases on VMs with ansible
+
+## Introduction
+
+In a production environment, some parts of the wire-server
+infrastructure (such as e.g. cassandra databases) are best configured
+outside kubernetes. Additionally, kubernetes can be rapidly set up with
+kubespray, via ansible. This section covers installing VMs with ansible.
+
+## Assumptions
+
+- A bare-metal setup (no cloud provider)
+- All machines run ubuntu 18.04
+- All machines have static IP addresses
+- Time on all machines is being kept in sync
+- You have the following virtual machines:
+
+```{eval-rst}
+.. include:: includes/vm-table.rst
+```
+
+(It's up to you how you create these machines - kvm on a bare metal
+machine, VM on a cloud provider, real physical machines, etc.)
+
+## Preparing to run ansible
+
+(adding-ips-to-hostsini)=
+
+% TODO: section header unifications/change
+
+### Adding IPs to hosts.ini
+
+Go to your checked-out wire-server-deploy/ansible folder:
+
+```
+cd wire-server-deploy/ansible
+```
+
+Copy the example hosts file:
+
+```
+cp hosts.example.ini hosts.ini
+```
+
+- Edit the hosts.ini, setting the permanent IPs of the hosts you are
+  setting up wire on.
+- On each of the lines declaring a database service node (
+  lines in the `[all]` section beginning with cassandra, elasticsearch,
+  or minio) replace the `ansible_host` values (`X.X.X.X`) with the
+  IPs of the nodes that you can connect to via SSH. these are the
+  'internal' addresses of the machines, not what a client will be
+  connecting to.
+- On each of the lines declaring a kubernetes node (lines in the `[all]`
+  section starting with 'kubenode') replace the `ip` values
+  (`Y.Y.Y.Y`) with the IPs which you wish kubernetes to provide
+  services to clients on, and replace the `ansible_host` values
+  (`X.X.X.X`) with the IPs of the nodes that you can connect to via
+  SSH. If the IP you want to provide services on is the same IP that
+  you use to connect, remove the `ip=Y.Y.Y.Y` completely.
+- On each of the lines declaring an `etcd` node (lines in the `[all]`
+  section starting with etcd), use the same values as you used on the
+  coresponding kubenode lines in the prior step.
+- If you are deploying Restund for voice/video services then on each of the
+  lines declaring a `restund` node (lines in the `[all]` section
+  beginning with restund), replace the `ansible_host` values (`X.X.X.X`)
+  with the IPs of the nodes that you can connect to via SSH.
+- Edit the minio variables in `[minio:vars]` (`prefix`, `domain` and `deeplink_title`)
+  by replacing `example.com` with your own domain.
+
+There are more settings in this file that we will set in later steps.
+
+% TODO: remove this warning, and remove the hostname run from the cassandra playbook, or find another way to deal with it.
+
+```{warning}
+Some of these playbooks mess with the hostnames of their targets. You
+MUST pick different hosts for playbooks that rename the host. If you
+e.g. attempt to run Cassandra and k8s on the same 3 machines, the
+hostnames will be overwritten by the second installation playbook,
+breaking the first.
+
+At the least, we know that the cassandra, kubernetes and restund playbooks are
+guilty of hostname manipulation.
+```
+
+### Authentication
+
+```{eval-rst}
+.. include:: includes/ansible-authentication-blob.rst
+```
+
+## Running ansible to install software on your machines
+
+You can install kubernetes, cassandra, restund, etc in any order.
+
+```{note}
+In case you only have a single network interface with public IPs but wish to protect inter-database communication, you may use the `tinc.yml` playbook to create a private network interface. In this case, ensure tinc is setup BEFORE running any other playbook. See {ref}`tinc`
+```
+
+### Installing kubernetes
+
+Kubernetes is installed via ansible.
+
+To install kubernetes:
+
+From `wire-server-deploy/ansible`:
+
+```
+ansible-playbook -i hosts.ini kubernetes.yml -vv
+```
+
+When the playbook finishes correctly (which can take up to 20 minutes), you should have a folder `artifacts` containing a file `admin.conf`. Copy this file:
+
+```
+mkdir -p ~/.kube
+cp artifacts/admin.conf ~/.kube/config
+```
+
+Make sure you can reach the server:
+
+```
+kubectl version
+```
+
+should give output similar to this:
+
+```
+Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
+Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
+```
+
+### Cassandra
+
+- If you would like to change the name of the cluster, in your
+  'hosts.ini' file, in the `[cassandra:vars]` section, uncomment
+  the line that changes 'cassandra_clustername', and change default
+  to be the name you want the cluster to have.
+- If you want cassandra nodes to talk to each other on a specific
+  network interface, rather than the one you use to connect via SSH,
+  In your 'hosts.ini' file, in the `[all:vars]` section,
+  uncomment, and set 'cassandra_network_interface' to the name of
+  the ethernet interface you want cassandra nodes to talk to each
+  other on. For example:
+
+```ini
+[cassandra:vars]
+# cassandra_clustername: default
+
+[all:vars]
+## set to True if using AWS
+is_aws_environment = False
+## Set the network interface name for cassandra to bind to if you have more than one network interface
+cassandra_network_interface = eth0
+```
+
+(see
+[defaults/main.yml](https://github.com/wireapp/ansible-cassandra/blob/master/defaults/main.yml)
+for a full list of variables to change if necessary)
+
+- Use ansible to deploy Cassandra:
+
+```
+ansible-playbook -i hosts.ini cassandra.yml -vv
+```
+
+### ElasticSearch
+
+- In your 'hosts.ini' file, in the `[all:vars]` section, uncomment
+  and set 'elasticsearch_network_interface' to the name of the
+  interface you want elasticsearch nodes to talk to each other on.
+- If you are performing an offline install, or for some other reason
+  are using an APT mirror other than the default to retrieve
+  elasticsearch-oss packages from, you need to specify that mirror
+  by setting 'es_apt_key' and 'es_apt_url' in the `[all:vars]`
+  section of your hosts.ini file.
+
+```ini
+[all:vars]
+# default first interface on ubuntu on kvm:
+elasticsearch_network_interface=ens3
+
+## Set these in order to use an APT mirror other than the default.
+# es_apt_key = "https://<mymirror>/linux/ubuntu/gpg"
+# es_apt_url = "deb [trusted=yes] https://<mymirror>/apt bionic stable"
+```
+
+- Use ansible and deploy ElasticSearch:
+
+```
+ansible-playbook -i hosts.ini elasticsearch.yml -vv
+```
+
+### Minio
+
+Minio is used for asset storage, in the case that you are not
+running on AWS infrastructure, or feel uncomfortable storing assets
+in S3 in encrypted form. If you are using S3 instead of Minio, skip
+this step.
+
+- In your 'hosts.ini' file, in the `[all:vars]` section, make sure
+  you set the 'minio_network_interface' to the name of the interface
+  you want minio nodes to talk to each other on. The default from the
+  playbook is not going to be correct for your machine. For example:
+- In your 'hosts.ini' file, in the `[minio:vars]` section, ensure you
+  set minio_access_key and minio_secret key.
+- If you intend to use a `deep link` to configure your clients to
+  talk to the backend, you need to specify your domain (and optionally
+  your prefix), so that links to your deep link json file are generated
+  correctly. By configuring these values, you fill in the blanks of
+  `https://{{ prefix }}assets.{{ domain }}`.
+
+```ini
+[minio:vars]
+minio_access_key = "REPLACE_THIS_WITH_THE_DESIRED_SECRET_KEY"
+minio_secret_key = "REPLACE_THIS_WITH_THE_DESIRED_SECRET_KEY"
+# if you want to use deep links for client configuration:
+#minio_deeplink_prefix = ""
+#minio_deeplink_domain = "example.com"
+
+[all:vars]
+# Default first interface on ubuntu on kvm:
+minio_network_interface=ens3
+```
+
+- Use ansible, and deploy Minio:
+
+```
+ansible-playbook -i hosts.ini minio.yml -vv
+```
+
+### Restund
+
+For instructions on how to install Restund, see {ref}`this page <install-restund>`.
+
+### IMPORTANT checks
+
+> After running the above playbooks, it is important to ensure that everything is setup correctly. Please have a look at the post install checks in the section {ref}`checks`
+
+```
+ansible-playbook -i hosts.ini cassandra-verify-ntp.yml -vv
+```
+
+### Installing helm charts - prerequisites
+
+The `helm_external.yml` playbook is used to write or update the IPs of the
+databases servers in the `values/<database>-external/values.yaml` files, and
+thus make them available for helm and the `<database>-external` charts (e.g.
+`cassandra-external`, `elasticsearch-external`, etc).
+
+Due to limitations in the playbook, make sure that you have defined the
+network interfaces for each of the database services in your hosts.ini,
+even if they are running on the same interface that you connect to via SSH.
+In your hosts.ini under `[all:vars]`:
+
+```ini
+[all:vars]
+minio_network_interface = ...
+cassandra_network_interface = ...
+elasticsearch_network_interface = ...
+# if you're using redis external...
+redis_network_interface = ...
+```
+
+Now run the helm_external.yml playbook, to populate network values for helm:
+
+```
+ansible-playbook -i hosts.ini -vv --diff helm_external.yml
+```
+
+You can now can install the helm charts.
+
+#### Next steps for high-available production installation
+
+Your next step will be {ref}`helm-prod`
diff --git a/docs/src/how-to/install/ansible-VMs.rst b/docs/src/how-to/install/ansible-VMs.rst
deleted file mode 100644
index 46c818f211..0000000000
--- a/docs/src/how-to/install/ansible-VMs.rst
+++ /dev/null
@@ -1,277 +0,0 @@
-.. _ansible_vms:
-
-Installing kubernetes and databases on VMs with ansible
-=======================================================
-
-Introduction
-------------
-
-In a production environment, some parts of the wire-server
-infrastructure (such as e.g. cassandra databases) are best configured
-outside kubernetes. Additionally, kubernetes can be rapidly set up with
-kubespray, via ansible. This section covers installing VMs with ansible.
-
-Assumptions
------------
-
-- A bare-metal setup (no cloud provider)
-- All machines run ubuntu 18.04
-- All machines have static IP addresses
-- Time on all machines is being kept in sync
-- You have the following virtual machines:
-
-.. include:: includes/vm-table.rst
-
-(It's up to you how you create these machines - kvm on a bare metal
-machine, VM on a cloud provider, real physical machines, etc.)
-
-Preparing to run ansible
-------------------------
-
-.. _adding-ips-to-hostsini:
-
-.. TODO: section header unifications/change
-
-Adding IPs to hosts.ini
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Go to your checked-out wire-server-deploy/ansible folder::
-
-   cd wire-server-deploy/ansible
-
-Copy the example hosts file::
-
-   cp hosts.example.ini hosts.ini
-
--  Edit the hosts.ini, setting the permanent IPs of the hosts you are
-   setting up wire on.
--  On each of the lines declaring a database service node (
-   lines in the ``[all]`` section beginning with cassandra, elasticsearch,
-   or minio) replace the ``ansible_host`` values (``X.X.X.X``) with the
-   IPs of the nodes that you can connect to via SSH. these are the
-   'internal' addresses of the machines, not what a client will be
-   connecting to.
--  On each of the lines declaring a kubernetes node (lines in the ``[all]``
-   section starting with 'kubenode') replace the ``ip`` values
-   (``Y.Y.Y.Y``) with the IPs which you wish kubernetes to provide
-   services to clients on, and replace the ``ansible_host`` values
-   (``X.X.X.X``) with the IPs of the nodes that you can connect to via
-   SSH. If the IP you want to provide services on is the same IP that
-   you use to connect, remove the ``ip=Y.Y.Y.Y`` completely.
--  On each of the lines declaring an ``etcd`` node (lines in the ``[all]``
-   section starting with etcd), use the same values as you used on the
-   coresponding kubenode lines in the prior step.
--  If you are deploying Restund for voice/video services then on each of the
-   lines declaring a ``restund`` node (lines in the ``[all]`` section
-   beginning with restund), replace the ``ansible_host`` values (``X.X.X.X``)
-   with the IPs of the nodes that you can connect to via SSH.
--  Edit the minio variables in ``[minio:vars]`` (``prefix``, ``domain`` and ``deeplink_title``)
-   by replacing ``example.com`` with your own domain.
-
-There are more settings in this file that we will set in later steps.
-
-.. TODO: remove this warning, and remove the hostname run from the cassandra playbook, or find another way to deal with it.
-
-.. warning::
-
-    Some of these playbooks mess with the hostnames of their targets. You
-    MUST pick different hosts for playbooks that rename the host. If you
-    e.g. attempt to run Cassandra and k8s on the same 3 machines, the
-    hostnames will be overwritten by the second installation playbook,
-    breaking the first.
-
-    At the least, we know that the cassandra, kubernetes and restund playbooks are
-    guilty of hostname manipulation.
-
-Authentication
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. include:: includes/ansible-authentication-blob.rst
-
-Running ansible to install software on your machines
------------------------------------------------------
-
-You can install kubernetes, cassandra, restund, etc in any order.
-
-.. note::
-
-   In case you only have a single network interface with public IPs but wish to protect inter-database communication, you may use the ``tinc.yml`` playbook to create a private network interface. In this case, ensure tinc is setup BEFORE running any other playbook. See :ref:`tinc`
-
-Installing kubernetes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Kubernetes is installed via ansible.
-
-To install kubernetes:
-
-From ``wire-server-deploy/ansible``::
-
-   ansible-playbook -i hosts.ini kubernetes.yml -vv
-
-When the playbook finishes correctly (which can take up to 20 minutes), you should have a folder ``artifacts`` containing a file ``admin.conf``. Copy this file::
-
-  mkdir -p ~/.kube
-  cp artifacts/admin.conf ~/.kube/config
-
-Make sure you can reach the server::
-
-  kubectl version
-
-should give output similar to this::
-
-  Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
-  Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
-
-Cassandra
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  If you would like to change the name of the cluster, in your
-   'hosts.ini' file, in the ``[cassandra:vars]`` section, uncomment
-   the line that changes 'cassandra_clustername', and change default
-   to be the name you want the cluster to have.
--  If you want cassandra nodes to talk to each other on a specific
-   network interface, rather than the one you use to connect via SSH,
-   In your 'hosts.ini' file, in the ``[all:vars]`` section,
-   uncomment, and set 'cassandra_network_interface' to the name of
-   the ethernet interface you want cassandra nodes to talk to each
-   other on. For example:
-
-.. code:: ini
-
-   [cassandra:vars]
-   # cassandra_clustername: default
-
-   [all:vars]
-   ## set to True if using AWS
-   is_aws_environment = False
-   ## Set the network interface name for cassandra to bind to if you have more than one network interface
-   cassandra_network_interface = eth0
-
-(see
-`defaults/main.yml <https://github.com/wireapp/ansible-cassandra/blob/master/defaults/main.yml>`__
-for a full list of variables to change if necessary)
-
-- Use ansible to deploy Cassandra:
-
-::
-
-   ansible-playbook -i hosts.ini cassandra.yml -vv
-
-ElasticSearch
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  In your 'hosts.ini' file, in the ``[all:vars]`` section, uncomment
-   and set 'elasticsearch_network_interface' to the name of the
-   interface you want elasticsearch nodes to talk to each other on.
--  If you are performing an offline install, or for some other reason
-   are using an APT mirror other than the default to retrieve
-   elasticsearch-oss packages from, you need to specify that mirror
-   by setting 'es_apt_key' and 'es_apt_url' in the ``[all:vars]``
-   section of your hosts.ini file.
-
-.. code:: ini
-
-   [all:vars]
-   # default first interface on ubuntu on kvm:
-   elasticsearch_network_interface=ens3
-
-   ## Set these in order to use an APT mirror other than the default.
-   # es_apt_key = "https://<mymirror>/linux/ubuntu/gpg"
-   # es_apt_url = "deb [trusted=yes] https://<mymirror>/apt bionic stable"
-
--  Use ansible and deploy ElasticSearch:
-
-::
-
-   ansible-playbook -i hosts.ini elasticsearch.yml -vv
-
-Minio
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Minio is used for asset storage, in the case that you are not
-running on AWS infrastructure, or feel uncomfortable storing assets
-in S3 in encrypted form. If you are using S3 instead of Minio, skip
-this step.
-
-
--  In your 'hosts.ini' file, in the ``[all:vars]`` section, make sure
-   you set the 'minio_network_interface' to the name of the interface
-   you want minio nodes to talk to each other on. The default from the
-   playbook is not going to be correct for your machine. For example:
--  In your 'hosts.ini' file, in the ``[minio:vars]`` section, ensure you
-   set minio_access_key and minio_secret key.
--  If you intend to use a ``deep link`` to configure your clients to
-   talk to the backend, you need to specify your domain (and optionally
-   your prefix), so that links to your deep link json file are generated
-   correctly. By configuring these values, you fill in the blanks of
-   ``https://{{ prefix }}assets.{{ domain }}``.
-
-.. code:: ini
-
-   [minio:vars]
-   minio_access_key = "REPLACE_THIS_WITH_THE_DESIRED_SECRET_KEY"
-   minio_secret_key = "REPLACE_THIS_WITH_THE_DESIRED_SECRET_KEY"
-   # if you want to use deep links for client configuration:
-   #minio_deeplink_prefix = ""
-   #minio_deeplink_domain = "example.com"
-
-   [all:vars]
-   # Default first interface on ubuntu on kvm:
-   minio_network_interface=ens3
-
--  Use ansible, and deploy Minio:
-
-::
-
-   ansible-playbook -i hosts.ini minio.yml -vv
-
-Restund
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-For instructions on how to install Restund, see :ref:`this page <install-restund>`.
-
-
-IMPORTANT checks
-^^^^^^^^^^^^^^^^
-
- After running the above playbooks, it is important to ensure that everything is setup correctly. Please have a look at the post install checks in the section :ref:`checks`
-
-::
-
-   ansible-playbook -i hosts.ini cassandra-verify-ntp.yml -vv
-
-Installing helm charts - prerequisites
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The ``helm_external.yml`` playbook is used to write or update the IPs of the
-databases servers in the ``values/<database>-external/values.yaml`` files, and
-thus make them available for helm and the ``<database>-external`` charts (e.g.
-``cassandra-external``, ``elasticsearch-external``, etc).
-
-Due to limitations in the playbook, make sure that you have defined the
-network interfaces for each of the database services in your hosts.ini,
-even if they are running on the same interface that you connect to via SSH.
-In your hosts.ini under ``[all:vars]``:
-
-.. code:: ini
-
-   [all:vars]
-   minio_network_interface = ...
-   cassandra_network_interface = ...
-   elasticsearch_network_interface = ...
-   # if you're using redis external...
-   redis_network_interface = ...
-
-
-Now run the helm_external.yml playbook, to populate network values for helm:
-
-::
-
-   ansible-playbook -i hosts.ini -vv --diff helm_external.yml
-
-You can now can install the helm charts.
-
-Next steps for high-available production installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Your next step will be :ref:`helm_prod`
diff --git a/docs/src/how-to/install/ansible-authentication.md b/docs/src/how-to/install/ansible-authentication.md
new file mode 100644
index 0000000000..9943d7514b
--- /dev/null
+++ b/docs/src/how-to/install/ansible-authentication.md
@@ -0,0 +1,63 @@
+(ansible-authentication)=
+
+# Manage ansible authentication settings
+
+Ansible works best if
+
+- you use ssh keys, not passwords
+- the user you use to ssh is either `root` or can become `root` (can run `sudo su -`) without entering a password
+
+However, other options are possible, see below:
+
+## How to use password authentication when you ssh to a machine with ansible
+
+If, instead of using ssh keys to ssh to a remote machine, you want to use passwords:
+
+```
+sudo apt install sshpass
+```
+
+- in hosts.ini, uncomment the 'ansible_user = ...' line, and change '...' to the user you want to login as.
+- in hosts.ini, uncomment the 'ansible_ssh_pass = ...' line, and change '...' to the password for the user you are logging in as.
+- in hosts.ini, uncomment the 'ansible_become_pass = ...' line, and change the ... to the password you'd enter to sudo.
+
+## Configuring SSH keys
+
+(from <https://linoxide.com/how-tos/ssh-login-with-public-key/>) If you
+want a bit higher security, you can copy SSH keys between the machine
+you are administrating with, and the machines you are managing with
+ansible.
+
+- Create an SSH key.
+
+```
+ssh-keygen -t rsa
+```
+
+- Install your SSH key on each of the machines you are managing with
+  ansible, so that you can SSH into them without a password:
+
+```
+ssh-copy-id -i ~/.ssh/id_rsa.pub $USERNAME@$IP
+```
+
+Replace `$USERNAME` with the username of the account you set up when
+you installed the machine.
+
+## Sudo without password
+
+Ansible can be configured to use a password for switching from the
+unpriviledged \$USERNAME to the root user. This involves having the
+password lying about, so has security problems. If you want ansible to
+not be prompted for any administrative command (a different security
+problem!):
+
+- As root on each of the nodes, add the following line at the end of
+  the /etc/sudoers file:
+
+```
+<ANSIBLE_LOGIN_USERNAME>     ALL=(ALL) NOPASSWD:ALL
+```
+
+Replace `<ANSIBLE_LOGIN_USERNAME>` with the username of the account
+you set up when you installed the machine.
diff --git a/docs/src/how-to/install/ansible-authentication.rst b/docs/src/how-to/install/ansible-authentication.rst
deleted file mode 100644
index 8e549fb64c..0000000000
--- a/docs/src/how-to/install/ansible-authentication.rst
+++ /dev/null
@@ -1,66 +0,0 @@
-.. _ansible-authentication:
-
-Manage ansible authentication settings
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Ansible works best if
-
-* you use ssh keys, not passwords
-* the user you use to ssh is either ``root`` or can become ``root`` (can run ``sudo su -``) without entering a password
-
-However, other options are possible, see below:
-
-
-How to use password authentication when you ssh to a machine with ansible
-''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-If, instead of using ssh keys to ssh to a remote machine, you want to use passwords::
-
-   sudo apt install sshpass
-
-* in hosts.ini, uncomment the 'ansible_user = ...' line, and change '...' to the user you want to login as.
-* in hosts.ini, uncomment the 'ansible_ssh_pass = ...' line, and change '...' to the password for the user you are logging in as.
-* in hosts.ini, uncomment the 'ansible_become_pass = ...' line, and change the ... to the password you'd enter to sudo.
-
-Configuring SSH keys
-''''''''''''''''''''
-
-(from https://linoxide.com/how-tos/ssh-login-with-public-key/) If you
-want a bit higher security, you can copy SSH keys between the machine
-you are administrating with, and the machines you are managing with
-ansible.
-
--  Create an SSH key.
-
-::
-
-   ssh-keygen -t rsa
-
--  Install your SSH key on each of the machines you are managing with
-   ansible, so that you can SSH into them without a password:
-
-::
-
-   ssh-copy-id -i ~/.ssh/id_rsa.pub $USERNAME@$IP
-
-Replace ``$USERNAME`` with the username of the account you set up when
-you installed the machine.
-
-Sudo without password
-'''''''''''''''''''''
-
-Ansible can be configured to use a password for switching from the
-unpriviledged $USERNAME to the root user. This involves having the
-password lying about, so has security problems. If you want ansible to
-not be prompted for any administrative command (a different security
-problem!):
-
--  As root on each of the nodes, add the following line at the end of
-   the /etc/sudoers file:
-
-::
-
-   <ANSIBLE_LOGIN_USERNAME>     ALL=(ALL) NOPASSWD:ALL
-
-Replace ``<ANSIBLE_LOGIN_USERNAME>`` with the username of the account
-you set up when you installed the machine.
diff --git a/docs/src/how-to/install/ansible-tinc.md b/docs/src/how-to/install/ansible-tinc.md
new file mode 100644
index 0000000000..294c1faa99
--- /dev/null
+++ b/docs/src/how-to/install/ansible-tinc.md
@@ -0,0 +1,54 @@
+(tinc)=
+
+# tinc
+
+Installing [tinc mesh vpn](http://tinc-vpn.org/) is *optional and
+experimental*. It allows having a private network interface `vpn0` on
+the target VMs.
+
+```{warning}
+We currently only use tinc for test clusters and have not made sure if the default settings it comes with provide adequate security to protect your data. If using tinc and the following tinc.yml playbook, make your own checks first!
+```
+
+```{note}
+Ensure to run the tinc.yml playbook first if you use tinc, before
+other playbooks.
+```
+
+From `wire-server-deploy/ansible`, where you created a `hosts.ini` file.
+
+- Add a `vpn_ip=Z.Z.Z.Z` item to each entry in the hosts file with a
+  (fresh) IP range if you wish to use tinc.
+- Add a group `vpn`:
+
+```ini
+# this is a minimal example
+[all]
+server1 ansible_host=X.X.X.X vpn_ip=10.10.1.XXX
+server2 ansible_host=X.X.X.X vpn_ip=10.10.1.YYY
+
+[cassandra]
+server1
+server2
+
+[vpn:children]
+cassandra
+# add other server groups here as necessary
+```
+
+Also ensure subsequent playbooks make use of the newly-created interface by setting:
+
+```ini
+[all:vars]
+minio_network_interface = vpn0
+cassandra_network_interface = vpn0
+elasticsearch_network_interface = vpn0
+redis_network_interface = vpn0
+```
+
+Configure the physical network interface inside tinc.yml if it is not
+`eth0`. Then:
+
+```
+ansible-playbook -i hosts.ini tinc.yml -vv
+```
diff --git a/docs/src/how-to/install/ansible-tinc.rst b/docs/src/how-to/install/ansible-tinc.rst
deleted file mode 100644
index ca5698b7ab..0000000000
--- a/docs/src/how-to/install/ansible-tinc.rst
+++ /dev/null
@@ -1,54 +0,0 @@
-.. _tinc:
-
-tinc
-----
-
-Installing `tinc mesh vpn <http://tinc-vpn.org/>`__ is *optional and
-experimental*. It allows having a private network interface ``vpn0`` on
-the target VMs.
-
-.. warning::
-   We currently only use tinc for test clusters and have not made sure if the default settings it comes with provide adequate security to protect your data. If using tinc and the following tinc.yml playbook, make your own checks first!
-
-.. note::
-
-   Ensure to run the tinc.yml playbook first if you use tinc, before
-   other playbooks.
-
-From ``wire-server-deploy/ansible``, where you created a `hosts.ini` file.
-
--  Add a ``vpn_ip=Z.Z.Z.Z`` item to each entry in the hosts file with a
-   (fresh) IP range if you wish to use tinc.
--  Add a group ``vpn``:
-
-.. code:: ini
-
-   # this is a minimal example
-   [all]
-   server1 ansible_host=X.X.X.X vpn_ip=10.10.1.XXX
-   server2 ansible_host=X.X.X.X vpn_ip=10.10.1.YYY
-
-   [cassandra]
-   server1
-   server2
-
-   [vpn:children]
-   cassandra
-   # add other server groups here as necessary
-
-Also ensure subsequent playbooks make use of the newly-created interface by setting:
-
-.. code:: ini
-
-   [all:vars]
-   minio_network_interface = vpn0
-   cassandra_network_interface = vpn0
-   elasticsearch_network_interface = vpn0
-   redis_network_interface = vpn0
-
-Configure the physical network interface inside tinc.yml if it is not
-``eth0``. Then:
-
-::
-
-   ansible-playbook -i hosts.ini tinc.yml -vv
diff --git a/docs/src/how-to/install/aws-prod.md b/docs/src/how-to/install/aws-prod.md
new file mode 100644
index 0000000000..0359d98d71
--- /dev/null
+++ b/docs/src/how-to/install/aws-prod.md
@@ -0,0 +1,36 @@
+(aws-prod)=
+
+# Configuring AWS and wire-server (production) components
+
+## Introduction
+
+The following procedures are for configuring wire-server on top of AWS. They are not required to use wire-server in AWS, but they may be a good idea, depending on the AWS features you are comfortable using.
+
+## Using real AWS services for SNS
+
+AWS SNS is required to send notification events to clients via [FCM](https://firebase.google.com/docs/cloud-messaging/)/[APNS](https://developer.apple.com/notifications/) . These notification channels are useable only for clients that are connected from the public internet. Using these vendor provided communication channels allows client devices (phones) running a wire client to save a considerable amount of battery life, compared to the websockets approach.
+
+For details on how to set up SNS in cooperation with us (We - Wire - will proxy push notifications through Amazon for you), see {ref}`push-sns`.
+
+## Using real AWS services for SES / SQS
+
+AWS SES and SQS are used for delivering emails to clients, and for receiving notifications of bounced emails. SQS is also used internally, in order to facilitate batch user deletion.
+
+FIXME: detail this step.
+
+## Using real AWS services for S3
+
+S3-style services are used by cargohold to store encrypted files that users are sharing amongst each other, profile pics, etc.
+
+Defining S3 services:
+Create an S3 bucket in the region you are hosting your wire servers in. For example terraform code, see: <https://github.com/wireapp/wire-server-deploy/tree/develop/terraform/modules/aws-cargohold-asset-storage>
+
+The S3 bucket you create should have it's contents downloadable from the internet, as clients get the content directly from S3, rather than having to talk through the wire backend.
+
+Using S3 services:
+
+There are three values in the `cargohold.config.aws` section of your 'values.yaml' that you need to provide while deploying wire-server:
+
+- s3Bucket: the name of the S3 bucket you have created.
+- s3Endpoint: the S3 service endpoint cargohold should talk to, to place files in the S3 bucket. On AWS, this takes the form of: `https://<bucket_name>.s3-<region_name>.amazonaws.com`.
+- s3DownloadEndpoint: The URL base that clients should use to get contents from the S3 bucket. On AWS, this takes the form of: `https://s3.<region_name>.amazonaws.com`.
diff --git a/docs/src/how-to/install/aws-prod.rst b/docs/src/how-to/install/aws-prod.rst
deleted file mode 100644
index 0cf147bc20..0000000000
--- a/docs/src/how-to/install/aws-prod.rst
+++ /dev/null
@@ -1,39 +0,0 @@
-.. _aws_prod:
-
-Configuring AWS and wire-server (production) components
-=======================================================
-
-Introduction
-------------
-
-The following procedures are for configuring wire-server on top of AWS. They are not required to use wire-server in AWS, but they may be a good idea, depending on the AWS features you are comfortable using.
-
-Using real AWS services for SNS
---------------------------------------------------------
-AWS SNS is required to send notification events to clients via `FCM <https://firebase.google.com/docs/cloud-messaging/>`__/`APNS <https://developer.apple.com/notifications/>`__ . These notification channels are useable only for clients that are connected from the public internet. Using these vendor provided communication channels allows client devices (phones) running a wire client to save a considerable amount of battery life, compared to the websockets approach.
-
-For details on how to set up SNS in cooperation with us (We - Wire - will proxy push notifications through Amazon for you), see :ref:`pushsns`.
-
-Using real AWS services for SES / SQS
----------------------------------------------
-AWS SES and SQS are used for delivering emails to clients, and for receiving notifications of bounced emails. SQS is also used internally, in order to facilitate batch user deletion.
-
-FIXME: detail this step.
-
-Using real AWS services for S3
-------------------------------
-S3-style services are used by cargohold to store encrypted files that users are sharing amongst each other, profile pics, etc.
-
-Defining S3 services:
-Create an S3 bucket in the region you are hosting your wire servers in. For example terraform code, see: https://github.com/wireapp/wire-server-deploy/tree/develop/terraform/modules/aws-cargohold-asset-storage
-
-The S3 bucket you create should have it's contents downloadable from the internet, as clients get the content directly from S3, rather than having to talk through the wire backend.
-
-Using S3 services:
-
-There are three values in the ``cargohold.config.aws`` section of your 'values.yaml' that you need to provide while deploying wire-server:
-
-* s3Bucket: the name of the S3 bucket you have created.
-* s3Endpoint: the S3 service endpoint cargohold should talk to, to place files in the S3 bucket. On AWS, this takes the form of: ``https://<bucket_name>.s3-<region_name>.amazonaws.com``.
-* s3DownloadEndpoint: The URL base that clients should use to get contents from the S3 bucket. On AWS, this takes the form of: ``https://s3.<region_name>.amazonaws.com``.
-
diff --git a/docs/src/how-to/install/configuration-options.md b/docs/src/how-to/install/configuration-options.md
new file mode 100644
index 0000000000..647ac5f0ee
--- /dev/null
+++ b/docs/src/how-to/install/configuration-options.md
@@ -0,0 +1,1048 @@
+(configuration-options)=
+
+# Part 3 - configuration options in a production setup
+
+This contains instructions to configure specific aspects of your production setup depending on your needs.
+
+Depending on your use-case and requirements, you may need to
+configure none, or only a subset of the following sections.
+
+## Redirect some traffic through a http(s) proxy
+
+In case you wish to use http(s) proxies, you can add a configuration like this to the wire-server services in question:
+
+Assuming your proxy can be reached from within Kubernetes at `http://proxy:8080`, add the following for each affected service (e.g. `gundeck`) to your Helm overrides in `values/wire-server/values.yaml` :
+
+```yaml
+gundeck:
+  # ...
+  config:
+    # ...
+    proxy:
+      httpProxy: "http://proxy:8080"
+      httpsProxy: "http://proxy:8080"
+      noProxyList:
+        - "localhost"
+        - "127.0.0.1"
+        - "10.0.0.0/8"
+        - "elasticsearch-external"
+        - "cassandra-external"
+        - "redis-ephemeral"
+        - "fake-aws-sqs"
+        - "fake-aws-dynamodb"
+        - "fake-aws-sns"
+        - "brig"
+        - "cargohold"
+        - "galley"
+        - "gundeck"
+        - "proxy"
+        - "spar"
+        - "federator"
+        - "cannon"
+        - "cannon-0.cannon.default"
+        - "cannon-1.cannon.default"
+        - "cannon-2.cannon.default"
+```
+
+Depending on your setup, you may need to repeat this for the other services like `brig` as well.
+
+(push-sns)=
+
+## Enable push notifications using the public appstore / playstore mobile Wire clients
+
+1. You need to get in touch with us. Please talk to sales or customer support - see <https://wire.com>
+2. If a contract agreement has been reached, we can set up a separate AWS account for you containing the necessary AWS SQS/SNS setup to route push notifications through to the mobile apps. We will then forward some configuration / access credentials that looks like:
+
+```yaml
+gundeck:
+  config:
+    aws:
+      account: "<REDACTED>"
+      arnEnv: "<REDACTED>"
+      queueName: "<REDACTED>-gundeck-events"
+      region: "<REDACTED>"
+      snsEndpoint: "https://sns.<REDACTED>.amazonaws.com"
+      sqsEndpoint: "https://sqs.<REDACTED>.amazonaws.com"
+  secrets:
+    awsKeyId: "<REDACTED>"
+    awsSecretKey: "<REDACTED>"
+```
+
+To make use of those, first test the credentials are correct, e.g. using the `aws` command-line tool (for more information on how to configure credentials, please refer to the [official docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence)):
+
+```
+AWS_REGION=<region>
+AWS_ACCESS_KEY_ID=<...>
+AWS_SECRET_ACCESS_KEY=<...>
+ENV=<environment> #e.g staging
+
+aws sqs get-queue-url --queue-name "$ENV-gundeck-events"
+```
+
+You should get a result like this:
+
+```
+{
+    "QueueUrl": "https://<region>.queue.amazonaws.com/<aws-account-id>/<environment>-gundeck-events"
+}
+```
+
+Then add them to your gundeck configuration overrides.
+
+Keys below `gundeck.config` belong into `values/wire-server/values.yaml`:
+
+```yaml
+gundeck:
+  # ...
+  config:
+    aws:
+      queueName: # e.g. staging-gundeck-events
+      account: # <aws-account-id>, e.g. 123456789
+      region: # e.g. eu-central-1
+      snsEndpoint: # e.g. https://sns.eu-central-1.amazonaws.com
+      sqsEndpoint: # e.g. https://sqs.eu-central-1.amazonaws.com
+      arnEnv: # e.g. staging - this must match the environment name (first part of queueName)
+```
+
+Keys below `gundeck.secrets` belong into `values/wire-server/secrets.yaml`:
+
+```yaml
+gundeck:
+  # ...
+  secrets:
+    awsKeyId: CHANGE-ME
+    awsSecretKey: CHANGE-ME
+```
+
+After making this change and applying it to gundeck (ensure gundeck pods have restarted to make use of the updated configuration - that should happen automatically), make sure to reset the push token on any mobile devices that you may have in use.
+
+Next, if you want, you can stop using the `fake-aws-sns` pods in case you ran them before:
+
+```yaml
+# inside override values/fake-aws/values.yaml
+fake-aws-sns:
+  enabled: false
+```
+
+## Controlling the speed of websocket draining during cannon pod replacement
+
+The 'cannon' component is responsible for persistent websocket connections.
+Normally the default options would slowly and gracefully drain active websocket
+connections over a maximum of `(amount of cannon replicas * 30 seconds)` during
+the deployment of a new wire-server version. This will lead to a very brief
+interruption for Wire clients when their client has to re-connect on the
+websocket.
+
+You're not expected to need to change these settings.
+
+The following options are only relevant during the restart of cannon itself.
+During a restart of nginz or ingress-controller, all websockets will get
+severed. If this is to be avoided, see section {ref}`separate-websocket-traffic`
+
+`drainOpts`: Drain websockets in a controlled fashion when cannon receives a
+SIGTERM or SIGINT (this happens when a pod is terminated e.g. during rollout
+of a new version). Instead of waiting for connections to close on their own,
+the websockets are now severed at a controlled pace. This allows for quicker
+rollouts of new versions.
+
+There is no way to entirely disable this behaviour, two extreme examples below
+
+- the quickest way to kill cannon is to set `gracePeriodSeconds: 1` and
+  `minBatchSize: 100000` which would sever all connections immediately; but it's
+  not recommended as you could DDoS yourself by forcing all active clients to
+  reconnect at the same time. With this, cannon pod replacement takes only 1
+  second per pod.
+- the slowest way to roll out a new version of cannon without severing websocket
+  connections for a long time is to set `minBatchSize: 1`,
+  `millisecondsBetweenBatches: 86400000` and `gracePeriodSeconds: 86400`
+  which would lead to one single websocket connection being closed immediately,
+  and all others only after 1 day. With this, cannon pod replacement takes a
+  full day per pod.
+
+```yaml
+# overrides for wire-server/values.yaml
+cannon:
+  drainOpts:
+    # The following defaults drain a minimum of 400 connections/second
+    # for a total of 10000 over 25 seconds
+    # (if cannon holds more connections, draining will happen at a faster pace)
+    gracePeriodSeconds: 25
+    millisecondsBetweenBatches: 50
+    minBatchSize: 20
+```
+
+## Control nginz upstreams (routes) into the Kubernetes cluster
+
+Open unterminated upstreams (routes) into the Kubernetes cluster are a potential
+security issue. To prevent this, there are fine-grained settings in the nginz
+configuration defining which upstreams should exist.
+
+### Default upstreams
+
+Upstreams for services that exist in (almost) every Wire installation are
+enabled by default. These are:
+
+- `brig`
+- `cannon`
+- `cargohold`
+- `galley`
+- `gundeck`
+- `spar`
+
+For special setups (as e.g. described in [separate-websocket-traffic]) the
+upstreams of these services can be ignored (disabled) with the setting
+`nginz.nginx_conf.ignored_upstreams`.
+
+The most common example is to disable the upstream of `cannon`:
+
+```yaml
+nginz:
+  nginx_conf:
+    ignored_upstreams: ["cannon"]
+```
+
+### Optional upstreams
+
+There are some services that are usually not deployed on most Wire installations
+or are specific to the Wire cloud:
+
+- `ibis`
+- `galeb`
+- `calling-test`
+- `proxy`
+
+The upstreams for those are disabled by default and can be enabled by the
+setting `nginz.nginx_conf.enabled_extra_upstreams`.
+
+The most common example is to enable the (extra) upstream of `proxy`:
+
+```yaml
+nginz:
+  nginx_conf:
+    enabled_extra_upstreams: ["proxy"]
+```
+
+### Combining default and extra upstream configurations
+
+Default and extra upstream configurations are independent of each other. I.e.
+`nginz.nginx_conf.ignored_upstreams` and
+`nginz.nginx_conf.enabled_extra_upstreams` can be combined in the same
+configuration:
+
+```yaml
+nginz:
+  nginx_conf:
+    ignored_upstreams: ["cannon"]
+    enabled_extra_upstreams: ["proxy"]
+```
+
+(separate-websocket-traffic)=
+
+## Separate incoming websocket network traffic from the rest of the https traffic
+
+By default, incoming network traffic for websockets comes through these network
+hops:
+
+Internet -> LoadBalancer -> kube-proxy -> nginx-ingress-controller -> nginz -> cannon
+
+In order to have graceful draining of websockets when something gets restarted, as it is not easily
+possible to implement the graceful draining on nginx-ingress-controller or nginz by itself, there is
+a configuration option to get the following network hops:
+
+Internet -> separate LoadBalancer for cannon only -> kube-proxy -> \[nginz->cannon (2 containers in the same pod)\]
+
+```yaml
+# example on AWS when using cert-manager for TLS certificates and external-dns for DNS records
+# (see wire-server/charts/cannon/values.yaml for more possible options)
+
+# in your wire-server/values.yaml overrides:
+cannon:
+  service:
+    nginz:
+      enabled: true
+      hostname: "nginz-ssl.example.com"
+      externalDNS:
+        enabled: true
+      certManager:
+        enabled: true
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+nginz:
+  nginx_conf:
+    ignored_upstreams: ["cannon"]
+```
+
+```yaml
+# in your wire-server/secrets.yaml overrides:
+cannon:
+  secrets:
+    nginz:
+      zAuth:
+        publicKeys: ... # same values as in nginz.secrets.zAuth.publicKeys
+```
+
+```yaml
+# in your nginx-ingress-services/values.yaml overrides:
+websockets:
+  enabled: false
+```
+
+## Blocking creation of personal users, new teams
+
+### In Brig
+
+There are some unauthenticated end-points that allow arbitrary users on the open internet to do things like create a new team.  This is desired in the cloud, but if you run an on-prem setup that is open to the world, you may want to block this.
+
+Brig has a server option for this:
+
+```yaml
+optSettings:
+  setRestrictUserCreation: true
+```
+
+If `setRestrictUserCreation` is `true`, creating new personal users or new teams on your instance from outside your backend installation is impossible.  (If you want to be more technical: requests to `/register` that create a new personal account or a new team are answered with `403 forbidden`.)
+
+On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in `hack/bin/create_test_team_admins.sh.`
+
+```{note}
+Once the creation of new users and teams has been disabled, it will still be possible to use the [team creation process](https://support.wire.com/hc/en-us/articles/115003858905-Create-a-team) (enter the new team name, email, password, etc), but it will fail/refuse creation late in the creation process (after the «Create team» button is clicked).
+```
+
+### In the WebApp
+
+Another way of disabling user registration is by this webapp setting, in `values.yaml`, changing this value from `true` to `false`:
+
+```yaml
+FEATURE_ENABLE_ACCOUNT_REGISTRATION: "false"
+```
+
+```{note}
+If you only disable the creation of users in the webapp, but do not do so in Brig/the backend, a malicious user would be able to use the API to create users, so make sure to disable both.
+```
+
+## You may want
+
+- more server resources to ensure
+  [high-availability](#persistence-and-high-availability)
+- an email/SMTP server to send out registration emails
+- depending on your required functionality, you may or may not need an
+  [AWS account](https://aws.amazon.com/). See details about
+  limitations without an AWS account in the following sections.
+- one or more people able to maintain the installation
+- official support by Wire ([contact us](https://wire.com/pricing/))
+
+```{warning}
+As of 2020-08-10, the documentation sections below are partially out of date and need to be updated.
+```
+
+## Metrics/logging
+
+- {ref}`monitoring`
+- {ref}`logging`
+
+## SMTP server
+
+**Assumptions**: none
+
+**Provides**:
+
+- full control over email sending
+
+**You need**:
+
+- SMTP credentials (to allow for email sending; prerequisite for
+  registering users and running the smoketest)
+
+**How to configure**:
+
+- *if using a gmail account, ensure to enable* ['less secure
+  apps'](https://support.google.com/accounts/answer/6010255?hl=en)
+- Add user, SMTP server, connection type to `values/wire-server`'s
+  values file under `brig.config.smtp`
+- Add password in `secrets/wire-server`'s secrets file under
+  `brig.secrets.smtpPassword`
+
+## Load balancer on bare metal servers
+
+**Assumptions**:
+
+- You installed kubernetes on bare metal servers or virtual machines
+  that can bind to a public IP address.
+- **If you are using AWS or another cloud provider, see**[Creating a
+  cloudprovider-based load
+  balancer](#load-balancer-on-cloud-provider)**instead**
+
+**Provides**:
+
+- Allows using a provided Load balancer for incoming traffic
+- SSL termination is done on the ingress controller
+- You can access your wire-server backend with given DNS names, over
+  SSL and from anywhere in the internet
+
+**You need**:
+
+- A kubernetes node with a *public* IP address (or internal, if you do
+  not plan to expose the Wire backend over the Internet but we will
+  assume you are using a public IP address)
+
+- DNS records for the different exposed addresses (the ingress depends
+  on the usage of virtual hosts), namely:
+
+  - `nginz-https.<domain>`
+  - `nginz-ssl.<domain>`
+  - `assets.<domain>`
+  - `webapp.<domain>`
+  - `account.<domain>`
+  - `teams.<domain>`
+
+- A wildcard certificate for the different hosts (`*.<domain>`) - we
+  assume you want to do SSL termination on the ingress controller
+
+**Caveats**:
+
+- Note that there can be only a *single* load balancer, otherwise your
+  cluster might become
+  [unstable](https://metallb.universe.tf/installation/)
+
+**How to configure**:
+
+```
+cp values/metallb/demo-values.example.yaml values/metallb/demo-values.yaml
+cp values/nginx-ingress-services/demo-values.example.yaml values/nginx-ingress-services/demo-values.yaml
+cp values/nginx-ingress-services/demo-secrets.example.yaml values/nginx-ingress-services/demo-secrets.yaml
+```
+
+- Adapt `values/metallb/demo-values.yaml` to provide a list of public
+  IP address CIDRs that your kubernetes nodes can bind to.
+- Adapt `values/nginx-ingress-services/demo-values.yaml` with correct URLs
+- Put your TLS cert and key into
+  `values/nginx-ingress-services/demo-secrets.yaml`.
+
+Install `metallb` (for more information see the
+[docs](https://metallb.universe.tf)):
+
+```sh
+helm upgrade --install --namespace metallb-system metallb wire/metallb \
+    -f values/metallb/demo-values.yaml \
+    --wait --timeout 1800
+```
+
+Install `nginx-ingress-[controller,services]`:
+
+::
+: helm upgrade --install --namespace demo demo-nginx-ingress-controller wire/nginx-ingress-controller 
+
+  : --wait
+
+  helm upgrade --install --namespace demo demo-nginx-ingress-services wire/nginx-ingress-services 
+
+  : -f values/nginx-ingress-services/demo-values.yaml -f values/nginx-ingress-services/demo-secrets.yaml --wait
+
+Now, create DNS records for the URLs configured above.
+
+## Load Balancer on cloud-provider
+
+### AWS
+
+[Upload the required
+certificates](https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/).
+Create and configure `values/aws-ingress/demo-values.yaml` from the
+examples.
+
+```
+helm upgrade --install --namespace demo demo-aws-ingress wire/aws-ingress \
+    -f values/aws-ingress/demo-values.yaml \
+    --wait
+```
+
+To give your load balancers public DNS names, create and edit
+`values/external-dns/demo-values.yaml`, then run
+[external-dns](https://github.com/helm/charts/tree/master/stable/external-dns):
+
+```
+helm repo update
+helm upgrade --install --namespace demo demo-external-dns stable/external-dns \
+    --version 1.7.3 \
+    -f values/external-dns/demo-values.yaml \
+    --wait
+```
+
+Things to note about external-dns:
+
+- There can only be a single external-dns chart installed (one per
+  kubernetes cluster, not one per namespace). So if you already have
+  one running for another namespace you probably don't need to do
+  anything.
+- You have to add the appropriate IAM permissions to your cluster (see
+  the
+  [README](https://github.com/helm/charts/tree/master/stable/external-dns)).
+- Alternatively, use the AWS route53 console.
+
+### Other cloud providers
+
+This information is not yet available. If you'd like to contribute by
+adding this information for your cloud provider, feel free to read the
+[contributing guidelines](https://github.com/wireapp/wire-server-deploy/blob/master/CONTRIBUTING.md) and open a PR.
+
+## Real AWS services
+
+**Assumptions**:
+
+- You installed kubernetes and wire-server on AWS
+
+**Provides**:
+
+- Better availability guarantees and possibly better functionality of
+  AWS services such as SQS and dynamoDB.
+- You can use ELBs in front of nginz for higher availability.
+- instead of using a smtp server and connect with SMTP, you may use
+  SES. See configuration of brig and the `useSES` toggle.
+
+**You need**:
+
+- An AWS account
+
+**How to configure**:
+
+- Instead of using fake-aws charts, you need to set up the respective
+  services in your account, create queues, tables etc. Have a look at
+  the fake-aws-\* charts; you'll need to replicate a similar setup.
+
+  - Once real AWS resources are created, adapt the configuration in
+    the values and secrets files for wire-server to use real endpoints
+    and real AWS keys. Look for comments including
+    `if using real AWS`.
+
+- Creating AWS resources in a way that is easy to create and delete
+  could be done using either [terraform](https://www.terraform.io/)
+  or [pulumi](https://pulumi.io/). If you'd like to contribute by
+  creating such automation, feel free to read the [contributing
+  guidelines](https://github.com/wireapp/wire-server-deploy/blob/master/CONTRIBUTING.md) and open a PR.
+
+## Persistence and high-availability
+
+Currently, due to the way kubernetes and cassandra
+[interact](https://github.com/kubernetes/kubernetes/issues/28969),
+cassandra cannot reliably be installed on kubernetes. Some people have
+tried, e.g. [this
+project](https://github.com/instaclustr/cassandra-operator) though at
+the time of writing (Nov 2018), this does not yet work as advertised. We
+recommend therefore to install cassandra, (possibly also elasticsearch
+and redis) separately, i.e. outside of kubernetes (using 3 nodes each).
+
+For further higher-availability:
+
+- scale your kubernetes cluster to have separate etcd and master nodes
+  (3 nodes each)
+- use 3 instead of 1 replica of each wire-server chart
+
+## Security
+
+For a production deployment, you should, as a minimum:
+
+- Ensure traffic between kubernetes nodes, etcd and databases are
+  confined to a private network
+- Ensure kubernetes API is unreachable from the public internet (e.g.
+  put behind VPN/bastion host or restrict IP range) to prevent
+  [kubernetes
+  vulnerabilities](https://www.cvedetails.com/vulnerability-list/vendor_id-15867/product_id-34016/Kubernetes-Kubernetes.html)
+  from affecting you
+- Ensure your operating systems get security updates automatically
+- Restrict ssh access / harden sshd configuration
+- Ensure no other pods with public access than the main ingress are
+  deployed on your cluster, since, in the current setup, pods have
+  access to etcd values (and thus any secrets stored there, including
+  secrets from other pods)
+- Ensure developers encrypt any secrets.yaml files
+
+Additionally, you may wish to build, sign, and host your own docker
+images to have increased confidence in those images. We haved "signed
+container images" on our roadmap.
+
+## Sign up with a phone number (Sending SMS)
+
+**Provides**:
+
+- Registering accounts with a phone number
+
+**You need**:
+
+- a [Nexmo](https://www.nexmo.com/) account
+- a [Twilio](https://www.twilio.com/) account
+
+**How to configure**:
+
+See the `brig` chart for configuration.
+
+(rd-party-proxying)=
+
+## 3rd-party proxying
+
+You need Giphy/Google/Spotify/Soundcloud API keys (if you want to
+support previews by proxying these services)
+
+See the `proxy` chart for configuration.
+
+## Routing traffic to other namespaces via nginz
+
+If you have some components running in namespaces different from nginz. For
+instance, the billing service (`ibis`) could be deployed to a separate
+namespace, say `integrations`. But it still needs to get traffic via
+`nginz`. When this is needed, the helm config can be adjusted like this:
+
+```yaml
+# in your wire-server/values.yaml overrides:
+nginz:
+  nginx_conf:
+    upstream_namespace:
+      ibis: integrations
+```
+
+## Marking an installation as self-hosted
+
+In case your wire installation is self-hosted (on-premise, demo installs), it needs to be aware that it is through a configuration option.  As of release chart 4.15.0, `"true"` is the default behavior, and nothing needs to be done.
+
+If that option is not set, team-settings will prompt users about "wire for free" and associated functions.
+
+With that option set, all payment related functionality is disabled.
+
+The option is `IS_SELF_HOSTED`, and you set it in your `values.yaml` file (originally a copy of `prod-values.example.yaml` found in `wire-server-deploy/values/wire-server/`).
+
+In case of a demo install, replace `prod` with `demo`.
+
+First set the option under the `team-settings` section, `envVars` sub-section:
+
+```yaml
+# NOTE: Only relevant if you want team-settings
+team-settings:
+  envVars:
+    IS_SELF_HOSTED: "true"
+```
+
+Second, also set the option under the `account-pages` section:
+
+```yaml
+# NOTE: Only relevant if you want account-pages
+account-pages:
+  envVars:
+    IS_SELF_HOSTED: "true"
+```
+
+(auth-cookie-config)=
+
+## Configuring authentication cookie throttling
+
+Authentication cookies and the related throttling mechanism is described in the *Client API documentation*:
+{ref}`login-cookies`
+
+The maximum number of cookies per account and type is defined by the brig option
+`setUserCookieLimit`. Its default is `32`.
+
+Throttling is configured by the brig option `setUserCookieThrottle`. It is an
+object that contains two fields:
+
+`stdDev`
+
+: The minimal standard deviation of cookie creation timestamps in
+  Seconds. (Default: `3000`,
+  [Wikipedia: Standard deviation](https://en.wikipedia.org/wiki/Standard_deviation))
+
+`retryAfter`
+
+: Wait time in Seconds when `stdDev` is violated. (Default: `86400`)
+
+The default values are fine for most use cases. (Generally, you don't have to
+configure them for your installation.)
+
+Condensed example:
+
+```yaml
+brig:
+    optSettings:
+        setUserCookieLimit: 32
+        setUserCookieThrottle:
+            stdDev: 3000
+            retryAfter: 86400
+```
+
+## Configuring searchability
+
+You can configure how search is limited or not based on user membership in a given team.
+
+There are two types of searches based on the direction of search:
+
+- **Inbound** searches mean that somebody is searching for you. Configuring the inbound search visibility means that you (or some admin) can configure whether others can find you or not.
+- **Outbound** searches mean that you are searching for somebody. Configuring the outbound search visibility means that some admin can configure whether you can find other users or not.
+
+There are different types of matches:
+
+- **Exact handle** search means that the user is found only if the search query is exactly the user handle (e.g. searching for `mc` will find `@mc` but not `@mccaine`). This search returns zero or one results.
+- **Full text** search means that the user is found if the search query contains some subset of the user display name and handle. (e.g. the query `mar` will find `Marco C`, `Omar`, `@amaro`)
+
+### Searching users on the same backend
+
+Search visibility is controlled by three parameters on the backend:
+
+- A team outbound configuration flag, `TeamSearchVisibility` with possible values `SearchVisibilityStandard`, `SearchVisibilityNoNameOutsideTeam`
+
+  - `SearchVisibilityStandard` means that the user can find other people outside of the team, if the searched-person inbound search allows it
+  - `SearchVisibilityNoNameOutsideTeam` means that the user can not find any user outside the team by full text search (but exact handle search still works)
+
+- A team inbound configuration flag, `SearchVisibilityInbound` with possible values `SearchableByOwnTeam`, `SearchableByAllTeams`
+
+  - `SearchableByOwnTeam` means that the user can be found only by users in their own team.
+  - `SearchableByAllTeams` means that the user can be found by users in any/all teams.
+
+- A server configuration flag `searchSameTeamOnly` with possible values true, false.
+
+  - `Note`: For the same backend, this affects inbound and outbound searches (simply because all teams will be subject to this behavior)
+  - Setting this to `true` means that the all teams on that backend can only find users that belong to their team
+
+These flag are set on the backend and the clients do not need to be aware of them.
+
+The flags will influence the behavior of the search API endpoint; clients will only need to parse the results, that are already filtered for them by the backend.
+
+#### Table of possible outcomes
+
+```{eval-rst}
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Is search-er (`uA`) in team (tA)?  | Is search-ed (`uB`) in a team?  | Backend flag `searchSameTeamOnly`  | Team `tA`'s flag `TeamSearchVisibility`  | Team tB's flag `SearchVisibilityInbound`  | Result of exact search for `uB`  | Result of full-text search for `uB`  |
++====================================+=================================+====================================+==========================================+===========================================+==================================+======================================+
+| **Search within the same team**                                                                                                                                                                                                                                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, the same team `tA`         | Irrelevant                         | Irrelevant                               | Irrelevant                                | Found                            | Found                                |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| **Outbound search unrestricted**                                                                                                                                                                                                                                           |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByAllTeams`                    | Found                            | Found                                |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByOwnTeam`                     | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| **Outbound search restricted**                                                                                                                                                                                                                                             |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | true                               | Irrelevant                               | Irrelevant                                | Not found                        | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityNoNameOutsideTeam`      | Irrelevant                                | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | No                              | false                              | `SearchVisibilityNoNameOutsideTeam`      | There’s no team B                         | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+```
+
+#### Changing the configuration on the server
+
+To change the `searchSameTeamOnly` setting on the backend, edit the `values.yaml.gotmpl` file for the wire-server chart at this nested level of the configuration:
+
+```yaml
+brig:
+  # ...
+  config:
+    # ...
+    optSettings:
+      # ...
+      setSearchSameTeamOnly: true
+```
+
+If `setSearchSameTeamOnly` is set to `true` then `TeamSearchVisibility` is forced be in the `SearchVisibilityNoNameOutsideTeam` setting for all teams.
+
+#### Changing the default configuration for all teams
+
+If `setSearchSameTeamOnly` is set to `false`  (or missing from the configuration) then the default value `TeamSearchVisibility` can be configured at this level of the configuration of the `value.yaml.gotmpl` file of the wire-server chart:
+
+```yaml
+galley:
+  #...
+  config:
+    #...
+    settings:
+      #...
+      featureFlags:
+        #...
+        teamSearchVisibility: enabled-by-default
+```
+
+This default value applies to all teams for which no explicit configuration of the `TeamSearchVisibility` has been set.
+
+### Searching users on another (federated) backend
+
+For federated search the table above does not apply, see following table.
+
+```{note}
+Incoming federated searches (i.e. searches from one backend to another) are considered always as being performed from a team user, even if they are performed from a personal user.
+
+This is because the incoming search request does not carry the information whether the user performing the search was in a team or not.
+
+So we have to make one assumption, and we assume that they were in a team.
+```
+
+Allowing search is done at the backend configuration level by the sysadmin:
+
+- Outbound search restrictions (`searchSameTeamOnly`, `TeamSearchVisibility`) do not apply to federated searches
+
+- A configuration setting `FederatedUserSearchPolicy` per federating domain with these possible values:
+
+  - `no_search` The federating backend is not allowed to search any users (either by exact handle or full-text).
+  - `exact_handle_search` The federating backend may only search by exact handle
+  - `full_search` The federating backend may search users by full text search on display name and handle. The search search results are additionally affected by `SearchVisibilityInbound` setting of each team on the backend.
+
+- The `SearchVisibilityInbound` setting applies. Since the default value for teams is `SearchableByOwnTeam` this means that for a team to be full-text searchable by users on a federating backend both
+
+  - `FederatedUserSearchPolicy` needs to be set to to full_search for the federating backend
+  - Any team that wants to be full-text searchable needs to be set to `SearchableByAllTeams`
+
+The configuration value `FederatedUserSearchPolicy` is per federated domain, e.g. in the values of the wire-server chart:
+
+```yaml
+brig:
+  config:
+    optSettings:
+      setFederationDomainConfigs:
+        - domain: a.example.com
+          search_policy: no_search
+        - domain: a.example.com
+          search_policy: full_search
+```
+
+#### Table of possible outcomes
+
+In the following table, user `uA` on backend A is searching for user `uB` on team `tB` on backend B.
+
+Any of the flags set for searching users on the same backend are ignored.
+
+It’s worth nothing that if two users are on two separate backend, they are also guaranteed to be on two separate teams, as teams can not spread across backends.
+
+| Who is searching       | Backend B flag `FederatedUserSearchPolicy` | Team `tB`'s flag `SearchVisibilityInbound` | Result of exact search for `uB` | Result of full-text search for `uB` |
+| ---------------------- | ------------------------------------------ | ------------------------------------------ | ------------------------------- | ----------------------------------- |
+| user `uA` on backend A | `no_search`                                | Irrelevant                                 | Not found                       | Not found                           |
+| user `uA` on backend A | `exact_handle_search`                      | Irrelevant                                 | Found                           | Not found                           |
+| user `uA` on backend A | `full_search`                              | SearchableByOwnTeam                        | Found                           | Not found                           |
+| user `uA` on backend A | `full_search`                              | SearchableByAllTeams                       | Found                           | Found                               |
+
+### Changing the settings for a given team
+
+If you need to change searchabilility for a specific team (rather than the entire backend, as above), you need to make specific calls to the API.
+
+#### Team searchVisibility
+
+The team flag `searchVisibility` affects the outbound search of user searches.
+
+If it is set to `no-name-outside-team` for a team then all users of that team will no longer be able to find users that are not part of their team when searching.
+
+This also includes finding other users by by providing their exact handle. By default it is set to `standard`, which doesn't put any additional restrictions to outbound searches.
+
+The setting can be changed via endpoint (for more details on how to make the API calls with `curl`, read further):
+
+```
+GET /teams/{tid}/search-visibility
+  -- Shows the current TeamSearchVisibility value for the given team
+
+PUT /teams/{tid}/search-visibility
+  -- Set specific search visibility for the team
+
+pull-down-menu "body":
+  "standard"
+  "no-name-outside-team"
+```
+
+The team feature flag `teamSearchVisibility` determines whether it is allowed to change the `searchVisibility` setting or not.
+
+The default is `disabled-by-default`.
+
+```{note}
+Whenever this feature setting is disabled the `searchVisibility` will be reset to standard.
+```
+
+The default setting that applies to all teams on the instance can be defined at configuration
+
+```yaml
+settings:
+  featureFlags:
+    teamSearchVisibility: disabled-by-default # or enabled-by-default
+```
+
+#### TeamFeature searchVisibilityInbound
+
+The team feature flag `searchVisibilityInbound` affects if the team's users are searchable by users from other teams.
+
+The default setting is `searchable-by-own-team` which hides users from search results by users from other teams.
+
+If it is set to `searchable-by-all-teams` then users of this team may be included in the results of search queries by other users.
+
+```{note}
+The configuration of this flag does not affect search results when the search query matches the handle exactly.
+
+If the handle is provdided then any user on the instance can find users.
+```
+
+This team feature flag can only by toggled by site-administrators with direct access to the galley instance (for more details on how to make the API calls with `curl`, read further):
+
+```
+PUT /i/teams/{tid}/features/search-visibility-inbound
+```
+
+With JSON body:
+
+```json
+{"status": "enabled"}
+```
+
+or
+
+```json
+{"status": "disabled"}
+```
+
+Where `enabled` is equivalent to `searchable-by-all-teams` and `disabled` is equivalent to `searchable-by-own-team`.
+
+The default setting that applies to all teams on the instance can be defined at configuration.
+
+```yaml
+searchVisibilityInbound:
+  defaults:
+    status: enabled # OR disabled
+```
+
+Individual teams can overwrite the default setting with API calls as per above.
+
+#### Making the API calls
+
+To make API calls to set an explicit configuration for\` TeamSearchVisibilityInbound\` per team, you first need to know the Team ID, which can be found in the team settings app.
+
+It is an `UUID<https://en.wikipedia.org/wiki/Universally_unique_identifier>` which has format like this  `dcbedf9a-af2a-4f43-9fd5-525953a919e1`.
+
+In the following we will be using this Team ID as an example, please replace it with your own team id.
+
+Next find the name of a `galley` pod by looking at the output of running this command:
+
+```sh
+kubectl -n wire get pods
+```
+
+The output will look something like this:
+
+```
+...
+galley-5f4787fdc7-9l64n   ...
+galley-migrate-data-lzz5j ...
+...
+```
+
+Select any of the galley pods, for example we will use `galley-5f4787fdc7-9l64n`.
+
+Next, set up a port-forwarding from your local machine's port `9000` to the galley's port `8080` by running:
+
+```sh
+kubectl port-forward -n wire galley-5f4787fdc7-9l64n 9000:8080
+```
+
+Keep this command running until the end of these instuctions.
+
+Please run the following commands in a seperate terminal while keeping the terminal which establishes the port-forwarding open.
+
+To see team's current setting run:
+
+```sh
+curl -XGET http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+
+# {"lockStatus":"unlocked","status":"disabled"}
+```
+
+Where `disabled` corresponds to `SearchableByOwnTeam` and enabled corresponds to `SearchableByAllTeams`.
+
+To change the `TeamSearchVisibilityInbound` to `SearchableByAllTeams` for the team run:
+
+```sh
+curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"enabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+```
+
+To change the TeamSearchVisibilityInbound to SearchableByOwnTeam for the team run:
+
+```sh
+curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"disabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+```
+
+## Configuring classified domains
+
+As a backend administrator, if you want to control which other backends (identified by their domain) are "classified",
+
+change the following `galley` configuration in the `value.yaml.gotmpl` file of the wire-server chart:
+
+```yaml
+galley:
+  replicaCount: 1
+  config:
+  ...
+    featureFlags:
+    ...
+      classifiedDomains:
+        status: enabled
+        config:
+          domains: ["domain-that-is-classified.link"]
+          ...
+```
+
+This is not only a `backend` configuration, but also a `team` configuration/feature.
+
+This means that different combinations of configurations will have different results.
+
+Here is a table to navigate the possible configurations:
+
+| Backend Config enabled/disabled | Backend Config Domains                         | Team Config enabled/disabled | Team Config Domains     | User's view                      |
+| ------------------------------- | ---------------------------------------------- | ---------------------------- | ----------------------- | -------------------------------- |
+| Enabled                         | \[domain1.example.com\]                        | Not configured               | Not configured          | Enabled, \[domain1.example.com\] |
+| Enabled                         | \[domain1.example.com\]\[domain1.example.com\] | Enabled                      | Not configured          | Enabled, \[domain1.example.com\] |
+| Enabled                         | \[domain1.example.com\]                        | Enabled                      | \[domain2.example.com\] | Enabled, Undefined               |
+| Enabled                         | \[domain1.example.com\]                        | Disabled                     | Anything                | Undefined                        |
+| Disabled                        | Anything                                       | Not configured               | Not configured          | Disabled, no domains             |
+| Disabled                        | Anything                                       | Enabled                      | \[domain2.example.com\] | Undefined                        |
+
+The table assumes the following:
+
+- When backend level config says that this feature is enabled, it is illegal to not specify domains at the backend level.
+- When backend level config says that this feature is disabled, the list of domains is ignored.
+- When team level feature is disabled, the accompanying domains are ignored.
+
+## S3 Addressing Style
+
+S3 can either by addressed in path style, i.e.
+`https://<s3-endpoint>/<bucket-name>/<object>`, or vhost style, i.e.
+`https://<bucket-name>.<s3-endpoint>/<object>`. AWS's S3 offering has deprecated
+path style addressing for S3 and completely disabled it for buckets created
+after 30 Sep 2020:
+<https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/>
+
+However other object storage providers (specially self-deployed ones like MinIO)
+may not support vhost style addressing yet (or ever?). Users of such buckets
+should configure this option to "path":
+
+```yaml
+cargohold:
+  aws:
+    s3AddressingStyle: path
+```
+
+Installations using S3 service provided by AWS, should use "auto", this option
+will ensure that vhost style is only used when it is possible to construct a
+valid hostname from the bucket name and the bucket name doesn't contain a '.'.
+Having a '.' in the bucket name causes TLS validation to fail, hence it is not
+used by default:
+
+```yaml
+cargohold:
+  aws:
+    s3AddressingStyle: auto
+```
+
+Using "virtual" as an option is only useful in situations where vhost style
+addressing must be used even if it is not possible to construct a valid hostname
+from the bucket name or the S3 service provider can ensure correct certificate
+is issued for bucket which contain one or more '.'s in the name:
+
+```yaml
+cargohold:
+  aws:
+    s3AddressingStyle: virtual
+```
+
+When this option is unspecified, wire-server defaults to path style addressing
+to ensure smooth transition for older deployments.
diff --git a/docs/src/how-to/install/configuration-options.rst b/docs/src/how-to/install/configuration-options.rst
deleted file mode 100644
index 869dc6c603..0000000000
--- a/docs/src/how-to/install/configuration-options.rst
+++ /dev/null
@@ -1,1106 +0,0 @@
-.. _configuration_options:
-
-Part 3 - configuration options in a production setup
-====================================================================
-
-This contains instructions to configure specific aspects of your production setup depending on your needs.
-
-Depending on your use-case and requirements, you may need to
-configure none, or only a subset of the following sections.
-
-Redirect some traffic through a http(s) proxy
----------------------------------------------
-
-In case you wish to use http(s) proxies, you can add a configuration like this to the wire-server services in question:
-
-Assuming your proxy can be reached from within Kubernetes at ``http://proxy:8080``, add the following for each affected service (e.g. ``gundeck``) to your Helm overrides in ``values/wire-server/values.yaml`` :
-
-.. code:: yaml
-
-    gundeck:
-      # ...
-      config:
-        # ...
-        proxy:
-          httpProxy: "http://proxy:8080"
-          httpsProxy: "http://proxy:8080"
-          noProxyList:
-            - "localhost"
-            - "127.0.0.1"
-            - "10.0.0.0/8"
-            - "elasticsearch-external"
-            - "cassandra-external"
-            - "redis-ephemeral"
-            - "fake-aws-sqs"
-            - "fake-aws-dynamodb"
-            - "fake-aws-sns"
-            - "brig"
-            - "cargohold"
-            - "galley"
-            - "gundeck"
-            - "proxy"
-            - "spar"
-            - "federator"
-            - "cannon"
-            - "cannon-0.cannon.default"
-            - "cannon-1.cannon.default"
-            - "cannon-2.cannon.default"
-
-Depending on your setup, you may need to repeat this for the other services like ``brig`` as well.
-
-.. _pushsns:
-
-Enable push notifications using the public appstore / playstore mobile Wire clients
------------------------------------------------------------------------------------
-
-1. You need to get in touch with us. Please talk to sales or customer support - see https://wire.com
-2. If a contract agreement has been reached, we can set up a separate AWS account for you containing the necessary AWS SQS/SNS setup to route push notifications through to the mobile apps. We will then forward some configuration / access credentials that looks like:
-
-.. code:: yaml
-
-    gundeck:
-      config:
-        aws:
-          account: "<REDACTED>"
-          arnEnv: "<REDACTED>"
-          queueName: "<REDACTED>-gundeck-events"
-          region: "<REDACTED>"
-          snsEndpoint: "https://sns.<REDACTED>.amazonaws.com"
-          sqsEndpoint: "https://sqs.<REDACTED>.amazonaws.com"
-      secrets:
-        awsKeyId: "<REDACTED>"
-        awsSecretKey: "<REDACTED>"
-
-To make use of those, first test the credentials are correct, e.g. using the ``aws`` command-line tool (for more information on how to configure credentials, please refer to the `official docs <https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence>`__):
-
-.. code::
-
-    AWS_REGION=<region>
-    AWS_ACCESS_KEY_ID=<...>
-    AWS_SECRET_ACCESS_KEY=<...>
-    ENV=<environment> #e.g staging
-
-    aws sqs get-queue-url --queue-name "$ENV-gundeck-events"
-
-You should get a result like this:
-
-.. code::
-
-    {
-        "QueueUrl": "https://<region>.queue.amazonaws.com/<aws-account-id>/<environment>-gundeck-events"
-    }
-
-Then add them to your gundeck configuration overrides.
-
-Keys below ``gundeck.config`` belong into ``values/wire-server/values.yaml``:
-
-.. code:: yaml
-
-    gundeck:
-      # ...
-      config:
-        aws:
-          queueName: # e.g. staging-gundeck-events
-          account: # <aws-account-id>, e.g. 123456789
-          region: # e.g. eu-central-1
-          snsEndpoint: # e.g. https://sns.eu-central-1.amazonaws.com
-          sqsEndpoint: # e.g. https://sqs.eu-central-1.amazonaws.com
-          arnEnv: # e.g. staging - this must match the environment name (first part of queueName)
-
-Keys below ``gundeck.secrets`` belong into ``values/wire-server/secrets.yaml``:
-
-.. code:: yaml
-
-    gundeck:
-      # ...
-      secrets:
-        awsKeyId: CHANGE-ME
-        awsSecretKey: CHANGE-ME
-
-
-After making this change and applying it to gundeck (ensure gundeck pods have restarted to make use of the updated configuration - that should happen automatically), make sure to reset the push token on any mobile devices that you may have in use.
-
-Next, if you want, you can stop using the `fake-aws-sns` pods in case you ran them before:
-
-.. code:: yaml
-
-   # inside override values/fake-aws/values.yaml
-   fake-aws-sns:
-     enabled: false
-
-Controlling the speed of websocket draining during cannon pod replacement
--------------------------------------------------------------------------
-
-The 'cannon' component is responsible for persistent websocket connections.
-Normally the default options would slowly and gracefully drain active websocket
-connections over a maximum of ``(amount of cannon replicas * 30 seconds)`` during
-the deployment of a new wire-server version. This will lead to a very brief
-interruption for Wire clients when their client has to re-connect on the
-websocket.
-
-You're not expected to need to change these settings.
-
-The following options are only relevant during the restart of cannon itself.
-During a restart of nginz or ingress-controller, all websockets will get
-severed. If this is to be avoided, see section :ref:`separate-websocket-traffic`
-
-``drainOpts``: Drain websockets in a controlled fashion when cannon receives a
-SIGTERM or SIGINT (this happens when a pod is terminated e.g. during rollout
-of a new version). Instead of waiting for connections to close on their own,
-the websockets are now severed at a controlled pace. This allows for quicker
-rollouts of new versions.
-
-There is no way to entirely disable this behaviour, two extreme examples below
-
-* the quickest way to kill cannon is to set ``gracePeriodSeconds: 1`` and
-  ``minBatchSize: 100000`` which would sever all connections immediately; but it's
-  not recommended as you could DDoS yourself by forcing all active clients to
-  reconnect at the same time. With this, cannon pod replacement takes only 1
-  second per pod.
-* the slowest way to roll out a new version of cannon without severing websocket
-  connections for a long time is to set ``minBatchSize: 1``,
-  ``millisecondsBetweenBatches: 86400000`` and ``gracePeriodSeconds: 86400``
-  which would lead to one single websocket connection being closed immediately,
-  and all others only after 1 day. With this, cannon pod replacement takes a
-  full day per pod.
-
-.. code:: yaml
-
-   # overrides for wire-server/values.yaml
-   cannon:
-     drainOpts:
-       # The following defaults drain a minimum of 400 connections/second
-       # for a total of 10000 over 25 seconds
-       # (if cannon holds more connections, draining will happen at a faster pace)
-       gracePeriodSeconds: 25
-       millisecondsBetweenBatches: 50
-       minBatchSize: 20
-
-
-Control nginz upstreams (routes) into the Kubernetes cluster
-------------------------------------------------------------
-
-Open unterminated upstreams (routes) into the Kubernetes cluster are a potential
-security issue. To prevent this, there are fine-grained settings in the nginz
-configuration defining which upstreams should exist.
-
-Default upstreams
-^^^^^^^^^^^^^^^^^
-
-Upstreams for services that exist in (almost) every Wire installation are
-enabled by default. These are:
-
-- ``brig``
-- ``cannon``
-- ``cargohold``
-- ``galley``
-- ``gundeck``
-- ``spar``
-
-For special setups (as e.g. described in separate-websocket-traffic_) the
-upstreams of these services can be ignored (disabled) with the setting
-``nginz.nginx_conf.ignored_upstreams``.
-
-The most common example is to disable the upstream of ``cannon``:
-
-.. code:: yaml
-
-   nginz:
-     nginx_conf:
-       ignored_upstreams: ["cannon"]
-
-
-Optional upstreams
-^^^^^^^^^^^^^^^^^^
-
-There are some services that are usually not deployed on most Wire installations
-or are specific to the Wire cloud:
-
-- ``ibis``
-- ``galeb``
-- ``calling-test``
-- ``proxy``
-
-The upstreams for those are disabled by default and can be enabled by the
-setting ``nginz.nginx_conf.enabled_extra_upstreams``.
-
-The most common example is to enable the (extra) upstream of ``proxy``:
-
-.. code:: yaml
-
-   nginz:
-     nginx_conf:
-       enabled_extra_upstreams: ["proxy"]
-
-
-Combining default and extra upstream configurations
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Default and extra upstream configurations are independent of each other. I.e.
-``nginz.nginx_conf.ignored_upstreams`` and
-``nginz.nginx_conf.enabled_extra_upstreams`` can be combined in the same
-configuration:
-
-.. code:: yaml
-
-   nginz:
-     nginx_conf:
-       ignored_upstreams: ["cannon"]
-       enabled_extra_upstreams: ["proxy"]
-
-
-.. _separate-websocket-traffic:
-
-Separate incoming websocket network traffic from the rest of the https traffic
--------------------------------------------------------------------------------
-
-By default, incoming network traffic for websockets comes through these network
-hops:
-
-Internet -> LoadBalancer -> kube-proxy -> nginx-ingress-controller -> nginz -> cannon
-
-In order to have graceful draining of websockets when something gets restarted, as it is not easily
-possible to implement the graceful draining on nginx-ingress-controller or nginz by itself, there is
-a configuration option to get the following network hops:
-
-Internet -> separate LoadBalancer for cannon only -> kube-proxy -> [nginz->cannon (2 containers in the same pod)]
-
-.. code:: yaml
-
-   # example on AWS when using cert-manager for TLS certificates and external-dns for DNS records
-   # (see wire-server/charts/cannon/values.yaml for more possible options)
-
-   # in your wire-server/values.yaml overrides:
-   cannon:
-     service:
-       nginz:
-         enabled: true
-         hostname: "nginz-ssl.example.com"
-         externalDNS:
-           enabled: true
-         certManager:
-           enabled: true
-         annotations:
-           service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
-           service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
-   nginz:
-     nginx_conf:
-       ignored_upstreams: ["cannon"]
-
-.. code:: yaml
-
-   # in your wire-server/secrets.yaml overrides:
-   cannon:
-     secrets:
-       nginz:
-         zAuth:
-           publicKeys: ... # same values as in nginz.secrets.zAuth.publicKeys
-
-.. code:: yaml
-
-   # in your nginx-ingress-services/values.yaml overrides:
-   websockets:
-     enabled: false
-
-
-Blocking creation of personal users, new teams
-----------------------------------------------
-
-In Brig
-~~~~~~~
-
-There are some unauthenticated end-points that allow arbitrary users on the open internet to do things like create a new team.  This is desired in the cloud, but if you run an on-prem setup that is open to the world, you may want to block this.
-
-Brig has a server option for this:
-
-.. code:: yaml
-
-    optSettings:
-      setRestrictUserCreation: true
-
-If `setRestrictUserCreation` is `true`, creating new personal users or new teams on your instance from outside your backend installation is impossible.  (If you want to be more technical: requests to `/register` that create a new personal account or a new team are answered with `403 forbidden`.)
-
-On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in `hack/bin/create_test_team_admins.sh.`
-
-.. note::
-    Once the creation of new users and teams has been disabled, it will still be possible to use the `team creation process <https://support.wire.com/hc/en-us/articles/115003858905-Create-a-team>`__ (enter the new team name, email, password, etc), but it will fail/refuse creation late in the creation process (after the «Create team» button is clicked).
-
-In the WebApp
-~~~~~~~~~~~~~
-
-Another way of disabling user registration is by this webapp setting, in `values.yaml`, changing this value from `true` to `false`:
-
-.. code:: yaml
-
-   FEATURE_ENABLE_ACCOUNT_REGISTRATION: "false"
-
-.. note::
-   If you only disable the creation of users in the webapp, but do not do so in Brig/the backend, a malicious user would be able to use the API to create users, so make sure to disable both.
-
-You may want
-------------
-
--  more server resources to ensure
-   `high-availability <#persistence-and-high-availability>`__
--  an email/SMTP server to send out registration emails
--  depending on your required functionality, you may or may not need an
-   `AWS account <https://aws.amazon.com/>`__. See details about
-   limitations without an AWS account in the following sections.
--  one or more people able to maintain the installation
--  official support by Wire (`contact us <https://wire.com/pricing/>`__)
-
-.. warning::
-
-   As of 2020-08-10, the documentation sections below are partially out of date and need to be updated.
-
-Metrics/logging
----------------
-
-* :ref:`monitoring`
-* :ref:`logging`
-
-SMTP server
------------
-
-**Assumptions**: none
-
-**Provides**:
-
--  full control over email sending
-
-**You need**:
-
--  SMTP credentials (to allow for email sending; prerequisite for
-   registering users and running the smoketest)
-
-**How to configure**:
-
--  *if using a gmail account, ensure to enable* `'less secure
-   apps' <https://support.google.com/accounts/answer/6010255?hl=en>`__
--  Add user, SMTP server, connection type to ``values/wire-server``'s
-   values file under ``brig.config.smtp``
--  Add password in ``secrets/wire-server``'s secrets file under
-   ``brig.secrets.smtpPassword``
-
-Load balancer on bare metal servers
------------------------------------
-
-**Assumptions**:
-
--  You installed kubernetes on bare metal servers or virtual machines
-   that can bind to a public IP address.
--  **If you are using AWS or another cloud provider, see**\ `Creating a
-   cloudprovider-based load
-   balancer <#load-balancer-on-cloud-provider>`__\ **instead**
-
-**Provides**:
-
--  Allows using a provided Load balancer for incoming traffic
--  SSL termination is done on the ingress controller
--  You can access your wire-server backend with given DNS names, over
-   SSL and from anywhere in the internet
-
-**You need**:
-
--  A kubernetes node with a *public* IP address (or internal, if you do
-   not plan to expose the Wire backend over the Internet but we will
-   assume you are using a public IP address)
--  DNS records for the different exposed addresses (the ingress depends
-   on the usage of virtual hosts), namely:
-
-   -  ``nginz-https.<domain>``
-   -  ``nginz-ssl.<domain>``
-   -  ``assets.<domain>``
-   -  ``webapp.<domain>``
-   -  ``account.<domain>``
-   -  ``teams.<domain>``
-
--  A wildcard certificate for the different hosts (``*.<domain>``) - we
-   assume you want to do SSL termination on the ingress controller
-
-**Caveats**:
-
--  Note that there can be only a *single* load balancer, otherwise your
-   cluster might become
-   `unstable <https://metallb.universe.tf/installation/>`__
-
-**How to configure**:
-
-::
-
-   cp values/metallb/demo-values.example.yaml values/metallb/demo-values.yaml
-   cp values/nginx-ingress-services/demo-values.example.yaml values/nginx-ingress-services/demo-values.yaml
-   cp values/nginx-ingress-services/demo-secrets.example.yaml values/nginx-ingress-services/demo-secrets.yaml
-
--  Adapt ``values/metallb/demo-values.yaml`` to provide a list of public
-   IP address CIDRs that your kubernetes nodes can bind to.
--  Adapt ``values/nginx-ingress-services/demo-values.yaml`` with correct URLs
--  Put your TLS cert and key into
-   ``values/nginx-ingress-services/demo-secrets.yaml``.
-
-Install ``metallb`` (for more information see the
-`docs <https://metallb.universe.tf>`__):
-
-.. code:: sh
-
-   helm upgrade --install --namespace metallb-system metallb wire/metallb \
-       -f values/metallb/demo-values.yaml \
-       --wait --timeout 1800
-
-Install ``nginx-ingress-[controller,services]``:
-
-::
-   helm upgrade --install --namespace demo demo-nginx-ingress-controller wire/nginx-ingress-controller \
-       --wait
-
-   helm upgrade --install --namespace demo demo-nginx-ingress-services wire/nginx-ingress-services \
-       -f values/nginx-ingress-services/demo-values.yaml \
-       -f values/nginx-ingress-services/demo-secrets.yaml \
-       --wait
-
-Now, create DNS records for the URLs configured above.
-
-
-Load Balancer on cloud-provider
--------------------------------
-
-AWS
-~~~
-
-`Upload the required
-certificates <https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/>`__.
-Create and configure ``values/aws-ingress/demo-values.yaml`` from the
-examples.
-
-::
-
-   helm upgrade --install --namespace demo demo-aws-ingress wire/aws-ingress \
-       -f values/aws-ingress/demo-values.yaml \
-       --wait
-
-To give your load balancers public DNS names, create and edit
-``values/external-dns/demo-values.yaml``, then run
-`external-dns <https://github.com/helm/charts/tree/master/stable/external-dns>`__:
-
-::
-
-   helm repo update
-   helm upgrade --install --namespace demo demo-external-dns stable/external-dns \
-       --version 1.7.3 \
-       -f values/external-dns/demo-values.yaml \
-       --wait
-
-Things to note about external-dns:
-
--  There can only be a single external-dns chart installed (one per
-   kubernetes cluster, not one per namespace). So if you already have
-   one running for another namespace you probably don't need to do
-   anything.
--  You have to add the appropriate IAM permissions to your cluster (see
-   the
-   `README <https://github.com/helm/charts/tree/master/stable/external-dns>`__).
--  Alternatively, use the AWS route53 console.
-
-Other cloud providers
-~~~~~~~~~~~~~~~~~~~~~
-
-This information is not yet available. If you'd like to contribute by
-adding this information for your cloud provider, feel free to read the
-`contributing guidelines <https://github.com/wireapp/wire-server-deploy/blob/master/CONTRIBUTING.md>`__ and open a PR.
-
-Real AWS services
------------------
-
-**Assumptions**:
-
--  You installed kubernetes and wire-server on AWS
-
-**Provides**:
-
--  Better availability guarantees and possibly better functionality of
-   AWS services such as SQS and dynamoDB.
--  You can use ELBs in front of nginz for higher availability.
--  instead of using a smtp server and connect with SMTP, you may use
-   SES. See configuration of brig and the ``useSES`` toggle.
-
-**You need**:
-
--  An AWS account
-
-**How to configure**:
-
--  Instead of using fake-aws charts, you need to set up the respective
-   services in your account, create queues, tables etc. Have a look at
-   the fake-aws-\* charts; you'll need to replicate a similar setup.
-
-   -  Once real AWS resources are created, adapt the configuration in
-      the values and secrets files for wire-server to use real endpoints
-      and real AWS keys. Look for comments including
-      ``if using real AWS``.
-
--  Creating AWS resources in a way that is easy to create and delete
-   could be done using either `terraform <https://www.terraform.io/>`__
-   or `pulumi <https://pulumi.io/>`__. If you'd like to contribute by
-   creating such automation, feel free to read the `contributing
-   guidelines <https://github.com/wireapp/wire-server-deploy/blob/master/CONTRIBUTING.md>`__ and open a PR.
-
-Persistence and high-availability
----------------------------------
-
-Currently, due to the way kubernetes and cassandra
-`interact <https://github.com/kubernetes/kubernetes/issues/28969>`__,
-cassandra cannot reliably be installed on kubernetes. Some people have
-tried, e.g. `this
-project <https://github.com/instaclustr/cassandra-operator>`__ though at
-the time of writing (Nov 2018), this does not yet work as advertised. We
-recommend therefore to install cassandra, (possibly also elasticsearch
-and redis) separately, i.e. outside of kubernetes (using 3 nodes each).
-
-For further higher-availability:
-
--  scale your kubernetes cluster to have separate etcd and master nodes
-   (3 nodes each)
--  use 3 instead of 1 replica of each wire-server chart
-
-Security
---------
-
-For a production deployment, you should, as a minimum:
-
--  Ensure traffic between kubernetes nodes, etcd and databases are
-   confined to a private network
--  Ensure kubernetes API is unreachable from the public internet (e.g.
-   put behind VPN/bastion host or restrict IP range) to prevent
-   `kubernetes
-   vulnerabilities <https://www.cvedetails.com/vulnerability-list/vendor_id-15867/product_id-34016/Kubernetes-Kubernetes.html>`__
-   from affecting you
--  Ensure your operating systems get security updates automatically
--  Restrict ssh access / harden sshd configuration
--  Ensure no other pods with public access than the main ingress are
-   deployed on your cluster, since, in the current setup, pods have
-   access to etcd values (and thus any secrets stored there, including
-   secrets from other pods)
--  Ensure developers encrypt any secrets.yaml files
-
-Additionally, you may wish to build, sign, and host your own docker
-images to have increased confidence in those images. We haved "signed
-container images" on our roadmap.
-
-Sign up with a phone number (Sending SMS)
------------------------------------------
-
-**Provides**:
-
--  Registering accounts with a phone number
-
-**You need**:
-
--  a `Nexmo <https://www.nexmo.com/>`__ account
--  a `Twilio <https://www.twilio.com/>`__ account
-
-**How to configure**:
-
-See the ``brig`` chart for configuration.
-
-.. _3rd-party-proxying:
-
-3rd-party proxying
-------------------
-
-You need Giphy/Google/Spotify/Soundcloud API keys (if you want to
-support previews by proxying these services)
-
-See the ``proxy`` chart for configuration.
-
-Routing traffic to other namespaces via nginz
----------------------------------------------
-
-If you have some components running in namespaces different from nginz. For
-instance, the billing service (``ibis``) could be deployed to a separate
-namespace, say ``integrations``. But it still needs to get traffic via
-``nginz``. When this is needed, the helm config can be adjusted like this:
-
-.. code:: yaml
-
-   # in your wire-server/values.yaml overrides:
-   nginz:
-     nginx_conf:
-       upstream_namespace:
-         ibis: integrations
-
-Marking an installation as self-hosted
---------------------------------------
-
-In case your wire installation is self-hosted (on-premise, demo installs), it needs to be aware that it is through a configuration option.  As of release chart 4.15.0, `"true"` is the default behavior, and nothing needs to be done.
-
-If that option is not set, team-settings will prompt users about "wire for free" and associated functions.
-
-With that option set, all payment related functionality is disabled.
-
-The option is `IS_SELF_HOSTED`, and you set it in your `values.yaml` file (originally a copy of `prod-values.example.yaml` found in `wire-server-deploy/values/wire-server/`).
-
-In case of a demo install, replace `prod` with `demo`.
-
-First set the option under the `team-settings` section, `envVars` sub-section:
-
-.. code:: yaml
-
-   # NOTE: Only relevant if you want team-settings
-   team-settings:
-     envVars:
-       IS_SELF_HOSTED: "true"
-
-Second, also set the option under the `account-pages` section:
-
-.. code:: yaml
-
-   # NOTE: Only relevant if you want account-pages
-   account-pages:
-     envVars:
-       IS_SELF_HOSTED: "true"
-
-.. _auth-cookie-config:
-
-Configuring authentication cookie throttling
---------------------------------------------
-
-Authentication cookies and the related throttling mechanism is described in the *Client API documentation*:
-:ref:`login-cookies`
-
-The maximum number of cookies per account and type is defined by the brig option
-``setUserCookieLimit``. Its default is ``32``.
-
-Throttling is configured by the brig option ``setUserCookieThrottle``. It is an
-object that contains two fields:
-
-``stdDev``
-    The minimal standard deviation of cookie creation timestamps in
-    Seconds. (Default: ``3000``,
-    `Wikipedia: Standard deviation <https://en.wikipedia.org/wiki/Standard_deviation>`_)
-
-``retryAfter``
-    Wait time in Seconds when ``stdDev`` is violated. (Default: ``86400``)
-
-The default values are fine for most use cases. (Generally, you don't have to
-configure them for your installation.)
-
-Condensed example:
-
-
-.. code:: yaml
-
-    brig:
-        optSettings:
-            setUserCookieLimit: 32
-            setUserCookieThrottle:
-                stdDev: 3000
-                retryAfter: 86400
-
-
-Configuring searchability
--------------------------
-
-You can configure how search is limited or not based on user membership in a given team.
-
-There are two types of searches based on the direction of search:
-
-* **Inbound** searches mean that somebody is searching for you. Configuring the inbound search visibility means that you (or some admin) can configure whether others can find you or not.
-* **Outbound** searches mean that you are searching for somebody. Configuring the outbound search visibility means that some admin can configure whether you can find other users or not.
-
-There are different types of matches: 
-
-* **Exact handle** search means that the user is found only if the search query is exactly the user handle (e.g. searching for `mc` will find `@mc` but not `@mccaine`). This search returns zero or one results.
-* **Full text** search means that the user is found if the search query contains some subset of the user display name and handle. (e.g. the query `mar` will find `Marco C`, `Omar`, `@amaro`)
-
-Searching users on the same backend
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Search visibility is controlled by three parameters on the backend:
-
-* A team outbound configuration flag, `TeamSearchVisibility` with possible values `SearchVisibilityStandard`, `SearchVisibilityNoNameOutsideTeam`
-
-  * `SearchVisibilityStandard` means that the user can find other people outside of the team, if the searched-person inbound search allows it
-  * `SearchVisibilityNoNameOutsideTeam` means that the user can not find any user outside the team by full text search (but exact handle search still works)
-
-* A team inbound configuration flag, `SearchVisibilityInbound` with possible values `SearchableByOwnTeam`, `SearchableByAllTeams`
-
-  * `SearchableByOwnTeam` means that the user can be found only by users in their own team.
-  * `SearchableByAllTeams` means that the user can be found by users in any/all teams.
-
-* A server configuration flag `searchSameTeamOnly` with possible values true, false. 
-
-  * ``Note``: For the same backend, this affects inbound and outbound searches (simply because all teams will be subject to this behavior)
-  * Setting this to `true` means that the all teams on that backend can only find users that belong to their team
-
-These flag are set on the backend and the clients do not need to be aware of them. 
-
-The flags will influence the behavior of the search API endpoint; clients will only need to parse the results, that are already filtered for them by the backend.
-
-Table of possible outcomes
-..........................
-
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Is search-er (`uA`) in team (tA)?  | Is search-ed (`uB`) in a team?  | Backend flag `searchSameTeamOnly`  | Team `tA`'s flag `TeamSearchVisibility`  | Team tB's flag `SearchVisibilityInbound`  | Result of exact search for `uB`  | Result of full-text search for `uB`  |
-+====================================+=================================+====================================+==========================================+===========================================+==================================+======================================+
-| **Search within the same team**                                                                                                                                                                                                                                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, the same team `tA`         | Irrelevant                         | Irrelevant                               | Irrelevant                                | Found                            | Found                                |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| **Outbound search unrestricted**                                                                                                                                                                                                                                           |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByAllTeams`                    | Found                            | Found                                |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByOwnTeam`                     | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| **Outbound search restricted**                                                                                                                                                                                                                                             |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | true                               | Irrelevant                               | Irrelevant                                | Not found                        | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityNoNameOutsideTeam`      | Irrelevant                                | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | No                              | false                              | `SearchVisibilityNoNameOutsideTeam`      | There’s no team B                         | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-
-
-Changing the configuration on the server
-........................................
-
-To change the `searchSameTeamOnly` setting on the backend, edit the `values.yaml.gotmpl` file for the wire-server chart at this nested level of the configuration:
-
-.. code:: yaml
-
-  brig:
-    # ...
-    config:
-      # ...
-      optSettings:
-        # ...
-        setSearchSameTeamOnly: true
-
-If `setSearchSameTeamOnly` is set to `true` then `TeamSearchVisibility` is forced be in the `SearchVisibilityNoNameOutsideTeam` setting for all teams.
-
-Changing the default configuration for all teams
-................................................
-
-If `setSearchSameTeamOnly` is set to `false`  (or missing from the configuration) then the default value `TeamSearchVisibility` can be configured at this level of the configuration of the `value.yaml.gotmpl` file of the wire-server chart:
-
-
-.. code:: yaml
-
-  galley:
-    #...
-    config:
-      #...
-      settings:
-        #...
-        featureFlags:
-          #...
-          teamSearchVisibility: enabled-by-default
-
-This default value applies to all teams for which no explicit configuration of the `TeamSearchVisibility` has been set.
-
-
-Searching users on another (federated) backend
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-For federated search the table above does not apply, see following table.
-
-.. note::
-	
-	Incoming federated searches (i.e. searches from one backend to another) are considered always as being performed from a team user, even if they are performed from a personal user. 
-
-	This is because the incoming search request does not carry the information whether the user performing the search was in a team or not. 
-	
-	So we have to make one assumption, and we assume that they were in a team.
-
-Allowing search is done at the backend configuration level by the sysadmin:
-
-* Outbound search restrictions (`searchSameTeamOnly`, `TeamSearchVisibility`) do not apply to federated searches
-* A configuration setting `FederatedUserSearchPolicy` per federating domain with these possible values:
-
-  * `no_search` The federating backend is not allowed to search any users (either by exact handle or full-text).  
-  * `exact_handle_search` The federating backend may only search by exact handle
-  * `full_search` The federating backend may search users by full text search on display name and handle. The search search results are additionally affected by `SearchVisibilityInbound` setting of each team on the backend.
-* The `SearchVisibilityInbound` setting applies. Since the default value for teams is `SearchableByOwnTeam` this means that for a team to be full-text searchable by users on a federating backend both
-
-  * `FederatedUserSearchPolicy` needs to be set to to full_search for the federating backend
-  * Any team that wants to be full-text searchable needs to be set to `SearchableByAllTeams`
-
-The configuration value `FederatedUserSearchPolicy` is per federated domain, e.g. in the values of the wire-server chart:
-
-.. code:: yaml 
-
-  brig:
-    config:
-      optSettings:
-        setFederationDomainConfigs:
-          - domain: a.example.com
-            search_policy: no_search
-          - domain: a.example.com
-            search_policy: full_search
-
-Table of possible outcomes
-..........................
-
-In the following table, user `uA` on backend A is searching for user `uB` on team `tB` on backend B. 
-
-Any of the flags set for searching users on the same backend are ignored. 
-
-It’s worth nothing that if two users are on two separate backend, they are also guaranteed to be on two separate teams, as teams can not spread across backends.
-
-+-------------------------+---------------------------------------------+---------------------------------------------+----------------------------------+--------------------------------------+
-| Who is searching        | Backend B flag `FederatedUserSearchPolicy`  | Team `tB`'s flag `SearchVisibilityInbound`  | Result of exact search for `uB`  | Result of full-text search for `uB`  |
-+=========================+=============================================+=============================================+==================================+======================================+
-| user `uA` on backend A  | `no_search`                                 | Irrelevant                                  | Not found                        | Not found                            |
-+-------------------------+---------------------------------------------+---------------------------------------------+----------------------------------+--------------------------------------+
-| user `uA` on backend A  | `exact_handle_search`                       | Irrelevant                                  | Found                            | Not found                            |
-+-------------------------+---------------------------------------------+---------------------------------------------+----------------------------------+--------------------------------------+
-| user `uA` on backend A  | `full_search`                               | SearchableByOwnTeam                         | Found                            | Not found                            |
-+-------------------------+---------------------------------------------+---------------------------------------------+----------------------------------+--------------------------------------+
-| user `uA` on backend A  | `full_search`                               | SearchableByAllTeams                        | Found                            | Found                                |
-+-------------------------+---------------------------------------------+---------------------------------------------+----------------------------------+--------------------------------------+
-
-Changing the settings for a given team
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you need to change searchabilility for a specific team (rather than the entire backend, as above), you need to make specific calls to the API.
-
-Team searchVisibility
-.....................
-
-The team flag `searchVisibility` affects the outbound search of user searches. 
-
-If it is set to `no-name-outside-team` for a team then all users of that team will no longer be able to find users that are not part of their team when searching. 
-
-This also includes finding other users by by providing their exact handle. By default it is set to `standard`, which doesn't put any additional restrictions to outbound searches.
-
-The setting can be changed via endpoint (for more details on how to make the API calls with `curl`, read further):
-
-.. code::
-
-  GET /teams/{tid}/search-visibility
-    -- Shows the current TeamSearchVisibility value for the given team
-
-  PUT /teams/{tid}/search-visibility
-    -- Set specific search visibility for the team
-
-  pull-down-menu "body":
-    "standard"
-    "no-name-outside-team"
-
-The team feature flag `teamSearchVisibility` determines whether it is allowed to change the `searchVisibility` setting or not.
-
-The default is `disabled-by-default`. 
-
-.. note::
-
-  Whenever this feature setting is disabled the `searchVisibility` will be reset to standard.
-
-The default setting that applies to all teams on the instance can be defined at configuration
-
-.. code:: yaml 
-
-  settings:
-    featureFlags:
-      teamSearchVisibility: disabled-by-default # or enabled-by-default
-
-TeamFeature searchVisibilityInbound
-...................................
-
-The team feature flag `searchVisibilityInbound` affects if the team's users are searchable by users from other teams. 
-
-The default setting is `searchable-by-own-team` which hides users from search results by users from other teams. 
-
-If it is set to `searchable-by-all-teams` then users of this team may be included in the results of search queries by other users.
-
-.. note::
-
-  The configuration of this flag does not affect search results when the search query matches the handle exactly. 
-  
-  If the handle is provdided then any user on the instance can find users.
-
-This team feature flag can only by toggled by site-administrators with direct access to the galley instance (for more details on how to make the API calls with `curl`, read further):
-
-.. code::
-
-  PUT /i/teams/{tid}/features/search-visibility-inbound
-
-With JSON body:
-
-.. code:: json
-  
-  {"status": "enabled"} 
-  
-or
-
-.. code:: json
-  
-  {"status": "disabled"}
-
-Where `enabled` is equivalent to `searchable-by-all-teams` and `disabled` is equivalent to `searchable-by-own-team`.
-
-The default setting that applies to all teams on the instance can be defined at configuration.
-
-.. code:: yaml 
-
-  searchVisibilityInbound:
-    defaults:
-      status: enabled # OR disabled
-
-Individual teams can overwrite the default setting with API calls as per above.
-
-Making the API calls
-....................
-
-To make API calls to set an explicit configuration for` TeamSearchVisibilityInbound` per team, you first need to know the Team ID, which can be found in the team settings app.
-
-It is an `UUID<https://en.wikipedia.org/wiki/Universally_unique_identifier>` which has format like this  `dcbedf9a-af2a-4f43-9fd5-525953a919e1`. 
-
-In the following we will be using this Team ID as an example, please replace it with your own team id.
-
-Next find the name of a `galley` pod by looking at the output of running this command:
-
-.. code:: sh
-
-  kubectl -n wire get pods
-
-The output will look something like this:
-
-.. code::
-
-  ...
-  galley-5f4787fdc7-9l64n   ...
-  galley-migrate-data-lzz5j ...
-  ...
-
-Select any of the galley pods, for example we will use `galley-5f4787fdc7-9l64n`.
-
-Next, set up a port-forwarding from your local machine's port `9000` to the galley's port `8080` by running:
-
-.. code:: sh
-
-	kubectl port-forward -n wire galley-5f4787fdc7-9l64n 9000:8080
-
-Keep this command running until the end of these instuctions. 
-
-Please run the following commands in a seperate terminal while keeping the terminal which establishes the port-forwarding open.
-
-To see team's current setting run:
-
-.. code:: sh
-
-  curl -XGET http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-  
-  # {"lockStatus":"unlocked","status":"disabled"}
-
-Where `disabled` corresponds to `SearchableByOwnTeam` and enabled corresponds to `SearchableByAllTeams`.
-
-To change the `TeamSearchVisibilityInbound` to `SearchableByAllTeams` for the team run:
-
-.. code:: sh
-
-  curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"enabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-
-To change the TeamSearchVisibilityInbound to SearchableByOwnTeam for the team run:
-
-.. code:: sh
-
-  curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"disabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-
- 
-
-Configuring classified domains
-------------------------------
-
-As a backend administrator, if you want to control which other backends (identified by their domain) are "classified", 
-
-change the following `galley` configuration in the `value.yaml.gotmpl` file of the wire-server chart:
-
-.. code:: yaml 
-
-    galley:
-      replicaCount: 1
-      config:
-      ...
-        featureFlags:
-        ...
-          classifiedDomains: 
-            status: enabled
-            config:
-              domains: ["domain-that-is-classified.link"]
-              ...
-
-This is not only a `backend` configuration, but also a `team` configuration/feature.
-
-This means that different combinations of configurations will have different results.
-
-Here is a table to navigate the possible configurations:
-
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Backend Config enabled/disabled  | Backend Config Domains                      | Team Config enabled/disabled  | Team Config Domains    | User's view                     |
-+==================================+=============================================+===============================+========================+=================================+
-| Enabled                          | [domain1.example.com]                       | Not configured                | Not configured         | Enabled, [domain1.example.com]  |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Enabled                          | [domain1.example.com][domain1.example.com]  | Enabled                       | Not configured         | Enabled, [domain1.example.com]  |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Enabled                          | [domain1.example.com]                       | Enabled                       | [domain2.example.com]  | Enabled, Undefined              |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Enabled                          | [domain1.example.com]                       | Disabled                      | Anything               | Undefined                       |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Disabled                         | Anything                                    | Not configured                | Not configured         | Disabled, no domains            |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-| Disabled                         | Anything                                    | Enabled                       | [domain2.example.com]  | Undefined                       |
-+----------------------------------+---------------------------------------------+-------------------------------+------------------------+---------------------------------+
-
-The table assumes the following:
-
-* When backend level config says that this feature is enabled, it is illegal to not specify domains at the backend level.
-* When backend level config says that this feature is disabled, the list of domains is ignored.
-* When team level feature is disabled, the accompanying domains are ignored.
-
-S3 Addressing Style
--------------------
-
-S3 can either by addressed in path style, i.e.
-`https://<s3-endpoint>/<bucket-name>/<object>`, or vhost style, i.e.
-`https://<bucket-name>.<s3-endpoint>/<object>`. AWS's S3 offering has deprecated
-path style addressing for S3 and completely disabled it for buckets created
-after 30 Sep 2020:
-https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/
-
-However other object storage providers (specially self-deployed ones like MinIO)
-may not support vhost style addressing yet (or ever?). Users of such buckets
-should configure this option to "path":
-
-.. code:: yaml
-
-    cargohold:
-      aws:
-        s3AddressingStyle: path
-
-Installations using S3 service provided by AWS, should use "auto", this option
-will ensure that vhost style is only used when it is possible to construct a
-valid hostname from the bucket name and the bucket name doesn't contain a '.'.
-Having a '.' in the bucket name causes TLS validation to fail, hence it is not
-used by default:
-
-.. code:: yaml
-
-    cargohold:
-      aws:
-        s3AddressingStyle: auto
-
-
-Using "virtual" as an option is only useful in situations where vhost style
-addressing must be used even if it is not possible to construct a valid hostname
-from the bucket name or the S3 service provider can ensure correct certificate
-is issued for bucket which contain one or more '.'s in the name:
-
-.. code:: yaml
-
-    cargohold:
-      aws:
-        s3AddressingStyle: virtual
-
-When this option is unspecified, wire-server defaults to path style addressing
-to ensure smooth transition for older deployments.
diff --git a/docs/src/how-to/install/dependencies.md b/docs/src/how-to/install/dependencies.md
new file mode 100644
index 0000000000..43ad7f7d90
--- /dev/null
+++ b/docs/src/how-to/install/dependencies.md
@@ -0,0 +1,69 @@
+(dependencies)=
+
+# Dependencies on operator's machine
+
+In order to operate a wire-server installation, you'll need a bunch of software
+like Ansible, `kubectl` and Helm.
+
+Together with a matching checkout of the wire-server-deploy repository,
+containing the Ansible Roles and Playbooks, you should be good to go.
+
+Checkout the repository, including its submodules:
+
+```
+git clone --branch master https://github.com/wireapp/wire-server-deploy.git
+cd wire-server-deploy
+git submodule update --init --recursive
+```
+
+We provide a container containing all needed tools for setting up and
+interacting with a wire-server cluster.
+
+Ensure you have Docker >= 20.10.14 installed, as the glibc version used is
+incompatible with older container runtimes.
+
+Your Distro might ship an older version, so best see [how to install docker](https://docker.com).
+
+To bring the tools in scope, we run the container, and mount the local `wire-server-deploy`
+checkout into it.
+
+Replace the container image tag with the commit id your `wire-server-deploy`
+checkout is pointing to.
+
+```
+WSD_COMMIT_ID=cdc1c84c1a10a4f5f1b77b51ee5655d0da7f9518 # set me
+WSD_CONTAINER=quay.io/wire/wire-server-deploy:$WSD_COMMIT_ID
+
+sudo docker run -it --network=host \
+     -v ${SSH_AUTH_SOCK:-nonexistent}:/ssh-agent \
+     -v $HOME/.ssh:/root/.ssh \
+     -v $PWD:/wire-server-deploy \
+     -e SSH_AUTH_SOCK=/ssh-agent \
+     $WSD_CONTAINER bash
+
+# Inside the container
+bash-4.4# ansible --version
+ansible 2.9.12
+```
+
+Once you're in there, you can move on to {ref}`installing kubernetes <ansible-kubernetes>`.
+
+## (Alternative) Installing dependencies using Direnv and Nix
+
+```{warning}
+This is an alternative approach to the above "wrapping container" one, which you should only use if you can't get above setup to work.
+```
+
+1. [Install Nix](https://nixos.org/download.html)
+2. [Install Direnv](https://direnv.net/docs/installation.html)
+3. [Optionally install the Wire cachix cache to download binaries](https://app.cachix.org/cache/wire-server)
+
+Now, enabling `direnv` should install all the dependencies and add them to your `PATH`. Every time you `cd` into
+the `wire-server-deploy` directory, the right dependencies will be available.
+
+```
+direnv allow
+
+ansible --version
+ansible 2.9.12
+```
diff --git a/docs/src/how-to/install/dependencies.rst b/docs/src/how-to/install/dependencies.rst
deleted file mode 100644
index 4c50f38d25..0000000000
--- a/docs/src/how-to/install/dependencies.rst
+++ /dev/null
@@ -1,74 +0,0 @@
-.. _dependencies:
-
-Dependencies on operator's machine
---------------------------------------------------------------------
-
-In order to operate a wire-server installation, you'll need a bunch of software
-like Ansible, ``kubectl`` and Helm.
-
-Together with a matching checkout of the wire-server-deploy repository,
-containing the Ansible Roles and Playbooks, you should be good to go.
-
-Checkout the repository, including its submodules:
-
-::
-
-   git clone --branch master https://github.com/wireapp/wire-server-deploy.git
-   cd wire-server-deploy
-   git submodule update --init --recursive
-
-
-We provide a container containing all needed tools for setting up and
-interacting with a wire-server cluster.
-
-Ensure you have Docker >= 20.10.14 installed, as the glibc version used is
-incompatible with older container runtimes.
-
-Your Distro might ship an older version, so best see `how to install docker
-<https://docker.com>`__.
-
-To bring the tools in scope, we run the container, and mount the local ``wire-server-deploy``
-checkout into it.
-
-Replace the container image tag with the commit id your ``wire-server-deploy``
-checkout is pointing to.
-
-::
-
-   WSD_COMMIT_ID=cdc1c84c1a10a4f5f1b77b51ee5655d0da7f9518 # set me
-   WSD_CONTAINER=quay.io/wire/wire-server-deploy:$WSD_COMMIT_ID
-
-   sudo docker run -it --network=host \
-        -v ${SSH_AUTH_SOCK:-nonexistent}:/ssh-agent \
-        -v $HOME/.ssh:/root/.ssh \
-        -v $PWD:/wire-server-deploy \
-        -e SSH_AUTH_SOCK=/ssh-agent \
-        $WSD_CONTAINER bash
-
-   # Inside the container
-   bash-4.4# ansible --version
-   ansible 2.9.12
-
-Once you're in there, you can move on to `installing kubernetes </how-to/install/kubernetes.html>`__
-
-
-(Alternative) Installing dependencies using Direnv and Nix
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. warning::
-
-   This is an alternative approach to the above "wrapping container" one, which you should only use if you can't get above setup to work.
-
-1. `Install Nix <https://nixos.org/download.html>`__
-2. `Install Direnv <https://direnv.net/docs/installation.html>`__
-3. `Optionally install the Wire cachix cache to download binaries <https://app.cachix.org/cache/wire-server>`__
-
-Now, enabling ``direnv`` should install all the dependencies and add them to your ``PATH``. Every time you ``cd`` into
-the ``wire-server-deploy`` directory, the right dependencies will be available.
-
-::
-
-   direnv allow
-
-   ansible --version
-   ansible 2.9.12
diff --git a/docs/src/how-to/install/helm-prod.md b/docs/src/how-to/install/helm-prod.md
new file mode 100644
index 0000000000..29045f1818
--- /dev/null
+++ b/docs/src/how-to/install/helm-prod.md
@@ -0,0 +1,208 @@
+(helm-prod)=
+
+# Installing wire-server (production) components using Helm
+
+```{note}
+Code in this repository should be considered *beta*. As of 2020, we do not (yet)
+run our production infrastructure on Kubernetes (but plan to do so soon).
+```
+
+## Introduction
+
+The following will install a version of all the wire-server components. These instructions are for reference, and may not set up what you would consider a production environment, due to the fact that there are varying definitions of 'production ready'. These instructions will cover what we consider to be a useful overlap of our users' production needs. They do not cover load balancing/distributing, using multiple datacenters, federating wire, or other forms of intercontinental/interplanetary distribution of the wire service infrastructure. If you deviate from these directions and need to contact us for support, please provide the deviations you made to fit your production environment along with your support request.
+
+Some of the instructions here will present you with two options: No AWS, and with AWS. The 'No AWS' instructions will not require any AWS infrastructure, but may have a reduced feature set. The 'with AWS' instructions will assume you have completed the setup procedures in {ref}`aws-prod`.
+
+### What will be installed?
+
+- wire-server (API)
+  : - user accounts, authentication, conversations
+    - assets handling (images, files, ...)
+    - notifications over websocket
+- wire-webapp, a fully functioning web client (like `https://app.wire.com/`)
+- wire-account-pages, user account management (a few pages relating to e.g. password reset procedures)
+
+### What will not be installed?
+
+- team-settings page
+- SSO Capabilities
+
+Additionally, if you opt to do the 'No AWS' route, you will not get:
+
+- notifications over native push notifications via [FCM](https://firebase.google.com/docs/cloud-messaging/)/[APNS](https://developer.apple.com/notifications/)
+
+## Prerequisites
+
+You need to have access to a Kubernetes cluster running a Kubernetes version , and the `helm` local binary on your PATH.
+Your Kubernetes cluster needs to have internal DNS services, so that wire-server can find it's databases.
+You need to have docker on the machine you are using to perform this installation with, or a secure data path to a machine that runs docker. You will be using docker to generate security credentials for your wire installation.
+
+- If you want calling services, you need to have
+
+  - FIXME
+
+- If you don't have a Kubernetes cluster, you have two options:
+
+  - You can get access to a managed Kubernetes cluster with the cloud provider of your choice.
+  - You can install one if you have ssh access to a set of sufficiently large virtual machines, see {ref}`ansible-kubernetes`
+
+- If you don't have `helm` yet, see [Installing helm](https://helm.sh/docs/using_helm/#installing-helm). If you followed the instructions in {ref}`dependencies`  should have helm installed already.
+
+Type `helm version`, you should, if everything is configured correctly, see a result similar this:
+
+```
+version.BuildInfo{Version:"v3.1.1", GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean", GoVersion:"go1.13.8"}
+```
+
+In case `kubectl version` shows both Client and Server versions, but `helm version` does not show a Server version, you may need to run `helm init`. The exact version matters less as long as both Client and Server versions match (or are very close).
+
+## Preparing to install charts from the internet with Helm
+
+If your environment is online, you need to add the remote wire Helm repository, to download wire charts.
+
+To enable the wire charts helm repository:
+
+```shell
+helm repo add wire https://s3-eu-west-1.amazonaws.com/public.wire.com/charts
+```
+
+(You can see available helm charts by running `helm search repo wire/`. To see
+new versions as time passes, you may need to run `helm repo update`)
+
+Great! Now you can start installing.
+
+There is a shell script for doing a version of the following procedure with Helm 22. For reference, examine [prod-setup.sh](https://github.com/wireapp/wire-server-deploy/blob/develop/bin/prod-setup.sh).
+
+## Watching changes as they happen
+
+Open a terminal and run:
+
+```shell
+kubectl get pods -w
+```
+
+This will block your terminal and show some things happening as you proceed through this guide. Keep this terminal open and open a second terminal.
+
+## General installation notes
+
+```{note}
+All helm and kubectl commands below can also take an extra `--namespace <your-namespace>` if you don't want to install into the default Kubernetes namespace.
+```
+
+## How to install charts that provide access to external databases
+
+Before you can deploy the helm charts that tell wire where external services
+are, you need the 'values' and 'secrets' files for those charts to be
+configured. Values and secrets YAML files provide helm charts with the settings
+that are installed in Kubernetes.
+
+Assuming you have followed the procedures in the previous document, the values
+and secrets files for cassandra, elasticsearch, and minio (if you are using it)
+will have been filled in automatically. If not, examine the
+`prod-values.example.yaml` files for each of these services in
+values/\<servicename>/, copy them to `values.yaml`, and then edit them.
+
+Once the values and secrets files for your databases have been configured, you
+have to write a `values/databases-ephemeral/values.yaml` file to tell
+databases-ephemeral what external database services you are using, and what
+services you want databases-ephemeral to configure. We recommend you use the
+'redis' component from this only, as the contents of redis are in fact
+ephemeral. Look at the `values/databases-ephemeral/prod-values.example.yaml`
+file
+
+Once you have values and secrets for your environment, open a terminal and run:
+
+```shell
+helm upgrade --install cassandra-external wire/cassandra-external -f values/cassandra-external/values.yaml --wait
+helm upgrade --install elasticsearch-external wire/elasticsearch-external -f values/elasticsearch-external/values.yaml --wait
+helm upgrade --install databases-ephemeral wire/databases-ephemeral -f values/databases-ephemeral/values.yaml --wait
+```
+
+If you are using minio instead of AWS S3, you should also run:
+
+```shell
+helm upgrade --install minio-external wire/minio-external -f values/minio-external/values.yaml --wait
+```
+
+## How to install fake AWS services for SNS / SQS
+
+AWS SNS is required to send notifications to clients. SQS is used to get notified of any devices that have discontinued using Wire (e.g. if you uninstall the app, the push notification token is removed, and the wire-server will get feedback for that using SQS).
+
+Note: *for using real SQS for real native push notifications instead, see also :ref:\`pushsns\`.*
+
+If you use the fake-aws version, clients will use the websocket method to receive notifications, which keeps connections to the servers open, draining battery.
+
+Open a terminal and run:
+
+```shell
+cp values/fake-aws/prod-values.example.yaml values/fake-aws/values.yaml
+helm upgrade --install fake-aws wire/fake-aws -f values/fake-aws/values.yaml --wait
+```
+
+You should see some pods being created in your first terminal as the above command completes.
+
+## Preparing to install wire-server
+
+As part of configuring wire-server, we need to change some values, and provide some secrets. We're going to copy the files for this to a new folder, so that you always have the originals for reference.
+
+```{note}
+This part of the process makes use of overrides for helm charts. You may wish to read {ref}`understand-helm-overrides` first.
+```
+
+```shell
+mkdir -p my-wire-server
+cp values/wire-server/prod-secrets.example.yaml my-wire-server/secrets.yaml
+cp values/wire-server/prod-values.example.yaml my-wire-server/values.yaml
+```
+
+## How to configure real SMTP (email) services
+
+In order for users to interact with their wire account, they need to receive mail from your wire server.
+
+If you are using a mail server, you will need to provide your authentication credentials before setting up wire.
+
+- Add your SMTP username in my-wire-server/values.yaml under `brig.config.smtp.username`. You may need to add an entry for username.
+- Add your SMTP password is my-wire-server/secrets.yaml under `brig.secrets.smtpPassword`.
+
+## How to install fake SMTP (email) services
+
+If you are not making use of mail services, and are adding your users via some other means, you can use demo-smtp, as a placeholder.
+
+```shell
+cp values/demo-smtp/prod-values.example.yaml values/demo-smtp/values.yaml
+helm upgrade --install smtp wire/demo-smtp -f values/demo-smtp/values.yaml
+```
+
+You should see some pods being created in your first terminal as the above command completes.
+
+## How to install wire-server itself
+
+Open `my-wire-server/values.yaml` and replace `example.com` and other domains and subdomains with domains of your choosing. Look for the `# change this` comments. You can try using `sed -i 's/example.com/<your-domain>/g' values.yaml`.
+
+1. If you are not using team settings, comment out `teamSettings` under `brig.config.externalURLs`.
+
+Generate some secrets:
+
+```shell
+openssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 > my-wire-server/restund.txt
+apt install docker-ce
+sudo docker run --rm quay.io/wire/alpine-intermediate /dist/zauth -m gen-keypair -i 1 > my-wire-server/zauth.txt
+```
+
+1. Add the generated secret from my-wire-server/restund.txt to my-wire-serwer/secrets.yaml under `brig.secrets.turn.secret`
+2. add **both** the public and private parts from zauth.txt to secrets.yaml under `brig.secrets.zAuth`
+3. Add the public key from zauth.txt to secrets.yaml under `nginz.secrets.zAuth.publicKeys`
+
+Great, now try the installation:
+
+```shell
+helm upgrade --install wire-server wire/wire-server -f my-wire-server/values.yaml -f my-wire-server/secrets.yaml --wait
+```
+
+(helmdns)=
+
+## DNS records
+
+```{eval-rst}
+.. include:: includes/helm_dns-ingress-troubleshooting.inc.rst
+```
diff --git a/docs/src/how-to/install/helm-prod.rst b/docs/src/how-to/install/helm-prod.rst
deleted file mode 100644
index fb9b81841d..0000000000
--- a/docs/src/how-to/install/helm-prod.rst
+++ /dev/null
@@ -1,225 +0,0 @@
-.. _helm_prod:
-
-Installing wire-server (production) components using Helm
-=========================================================
-
-.. note::
-
-   Code in this repository should be considered *beta*. As of 2020, we do not (yet)
-   run our production infrastructure on Kubernetes (but plan to do so soon).
-
-Introduction
-------------
-
-The following will install a version of all the wire-server components. These instructions are for reference, and may not set up what you would consider a production environment, due to the fact that there are varying definitions of 'production ready'. These instructions will cover what we consider to be a useful overlap of our users' production needs. They do not cover load balancing/distributing, using multiple datacenters, federating wire, or other forms of intercontinental/interplanetary distribution of the wire service infrastructure. If you deviate from these directions and need to contact us for support, please provide the deviations you made to fit your production environment along with your support request.
-
-Some of the instructions here will present you with two options: No AWS, and with AWS. The 'No AWS' instructions will not require any AWS infrastructure, but may have a reduced feature set. The 'with AWS' instructions will assume you have completed the setup procedures in :ref:`aws_prod`.
-
-What will be installed?
-^^^^^^^^^^^^^^^^^^^^^^^
-
--  wire-server (API)
-    -  user accounts, authentication, conversations
-    -  assets handling (images, files, ...)
-    -  notifications over websocket
--  wire-webapp, a fully functioning web client (like ``https://app.wire.com/``)
--  wire-account-pages, user account management (a few pages relating to e.g. password reset procedures)
-
-What will not be installed?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  team-settings page
--  SSO Capabilities
-
-Additionally, if you opt to do the 'No AWS' route, you will not get:
-
--  notifications over native push notifications via `FCM <https://firebase.google.com/docs/cloud-messaging/>`__/`APNS <https://developer.apple.com/notifications/>`__
-
-Prerequisites
--------------
-
-You need to have access to a Kubernetes cluster running a Kubernetes version , and the ``helm`` local binary on your PATH.
-Your Kubernetes cluster needs to have internal DNS services, so that wire-server can find it's databases.
-You need to have docker on the machine you are using to perform this installation with, or a secure data path to a machine that runs docker. You will be using docker to generate security credentials for your wire installation.
-
-* If you want calling services, you need to have
-
-  * FIXME
-
-* If you don't have a Kubernetes cluster, you have two options:
-
-  * You can get access to a managed Kubernetes cluster with the cloud provider of your choice.
-  * You can install one if you have ssh access to a set of sufficiently large virtual machines, see :ref:`ansible-kubernetes`
-
-* If you don't have ``helm`` yet, see `Installing helm <https://helm.sh/docs/using_helm/#installing-helm>`__. If you followed the instructions in :ref:`dependencies`  should have helm installed already.
-
-
-Type ``helm version``, you should, if everything is configured correctly, see a result similar this:
-
-::
-
-    version.BuildInfo{Version:"v3.1.1", GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean", GoVersion:"go1.13.8"}
-
-In case ``kubectl version`` shows both Client and Server versions, but ``helm version`` does not show a Server version, you may need to run ``helm init``. The exact version matters less as long as both Client and Server versions match (or are very close).
-
-
-Preparing to install charts from the internet with Helm
--------------------------------------------------------
-If your environment is online, you need to add the remote wire Helm repository, to download wire charts.
-
-To enable the wire charts helm repository:
-
-.. code:: shell
-
-   helm repo add wire https://s3-eu-west-1.amazonaws.com/public.wire.com/charts
-
-(You can see available helm charts by running ``helm search repo wire/``. To see
-new versions as time passes, you may need to run ``helm repo update``)
-
-Great! Now you can start installing.
-
-There is a shell script for doing a version of the following procedure with Helm 22. For reference, examine `prod-setup.sh <https://github.com/wireapp/wire-server-deploy/blob/develop/bin/prod-setup.sh>`__.
-
-Watching changes as they happen
--------------------------------
-
-Open a terminal and run:
-
-.. code:: shell
-
-   kubectl get pods -w
-
-This will block your terminal and show some things happening as you proceed through this guide. Keep this terminal open and open a second terminal.
-
-General installation notes
---------------------------
-
-.. note::
-
-    All helm and kubectl commands below can also take an extra ``--namespace <your-namespace>`` if you don't want to install into the default Kubernetes namespace.
-
-How to install charts that provide access to external databases
----------------------------------------------------------------
-
-Before you can deploy the helm charts that tell wire where external services
-are, you need the 'values' and 'secrets' files for those charts to be
-configured. Values and secrets YAML files provide helm charts with the settings
-that are installed in Kubernetes.
-
-Assuming you have followed the procedures in the previous document, the values
-and secrets files for cassandra, elasticsearch, and minio (if you are using it)
-will have been filled in automatically. If not, examine the
-``prod-values.example.yaml`` files for each of these services in
-values/<servicename>/, copy them to ``values.yaml``, and then edit them.
-
-Once the values and secrets files for your databases have been configured, you
-have to write a ``values/databases-ephemeral/values.yaml`` file to tell
-databases-ephemeral what external database services you are using, and what
-services you want databases-ephemeral to configure. We recommend you use the
-'redis' component from this only, as the contents of redis are in fact
-ephemeral. Look at the ``values/databases-ephemeral/prod-values.example.yaml``
-file
-
-Once you have values and secrets for your environment, open a terminal and run:
-
-.. code:: shell
-
-   helm upgrade --install cassandra-external wire/cassandra-external -f values/cassandra-external/values.yaml --wait
-   helm upgrade --install elasticsearch-external wire/elasticsearch-external -f values/elasticsearch-external/values.yaml --wait
-   helm upgrade --install databases-ephemeral wire/databases-ephemeral -f values/databases-ephemeral/values.yaml --wait
-
-If you are using minio instead of AWS S3, you should also run:
-
-.. code:: shell
-
-   helm upgrade --install minio-external wire/minio-external -f values/minio-external/values.yaml --wait
-
-How to install fake AWS services for SNS / SQS
-----------------------------------------------
-
-AWS SNS is required to send notifications to clients. SQS is used to get notified of any devices that have discontinued using Wire (e.g. if you uninstall the app, the push notification token is removed, and the wire-server will get feedback for that using SQS).
-
-Note: *for using real SQS for real native push notifications instead, see also :ref:`pushsns`.*
-
-If you use the fake-aws version, clients will use the websocket method to receive notifications, which keeps connections to the servers open, draining battery.
-
-Open a terminal and run:
-
-.. code:: shell
-
-   cp values/fake-aws/prod-values.example.yaml values/fake-aws/values.yaml
-   helm upgrade --install fake-aws wire/fake-aws -f values/fake-aws/values.yaml --wait
-
-You should see some pods being created in your first terminal as the above command completes.
-
-
-Preparing to install wire-server
---------------------------------
-As part of configuring wire-server, we need to change some values, and provide some secrets. We're going to copy the files for this to a new folder, so that you always have the originals for reference.
-
-.. note::
-
-    This part of the process makes use of overrides for helm charts. You may wish to read :ref:`understand-helm-overrides` first.
-
-
-.. code:: shell
-
-   mkdir -p my-wire-server
-   cp values/wire-server/prod-secrets.example.yaml my-wire-server/secrets.yaml
-   cp values/wire-server/prod-values.example.yaml my-wire-server/values.yaml
-
-
-How to configure real SMTP (email) services
--------------------------------------------
-In order for users to interact with their wire account, they need to receive mail from your wire server.
-
-If you are using a mail server, you will need to provide your authentication credentials before setting up wire.
-
-- Add your SMTP username in my-wire-server/values.yaml under ``brig.config.smtp.username``. You may need to add an entry for username.
-- Add your SMTP password is my-wire-server/secrets.yaml under ``brig.secrets.smtpPassword``.
-
-
-How to install fake SMTP (email) services
------------------------------------------
-If you are not making use of mail services, and are adding your users via some other means, you can use demo-smtp, as a placeholder.
-
-.. code:: shell
-
-   cp values/demo-smtp/prod-values.example.yaml values/demo-smtp/values.yaml
-   helm upgrade --install smtp wire/demo-smtp -f values/demo-smtp/values.yaml
-
-
-You should see some pods being created in your first terminal as the above command completes.
-
-How to install wire-server itself
----------------------------------
-
-Open ``my-wire-server/values.yaml`` and replace ``example.com`` and other domains and subdomains with domains of your choosing. Look for the ``# change this`` comments. You can try using ``sed -i 's/example.com/<your-domain>/g' values.yaml``.
-
-1. If you are not using team settings, comment out ``teamSettings`` under ``brig.config.externalURLs``.
-
-
-Generate some secrets:
-
-.. code:: shell
-
-  openssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 > my-wire-server/restund.txt
-  apt install docker-ce
-  sudo docker run --rm quay.io/wire/alpine-intermediate /dist/zauth -m gen-keypair -i 1 > my-wire-server/zauth.txt
-
-1. Add the generated secret from my-wire-server/restund.txt to my-wire-serwer/secrets.yaml under ``brig.secrets.turn.secret``
-2. add **both** the public and private parts from zauth.txt to secrets.yaml under ``brig.secrets.zAuth``
-3. Add the public key from zauth.txt to secrets.yaml under ``nginz.secrets.zAuth.publicKeys``
-
-Great, now try the installation:
-
-.. code:: shell
-
-   helm upgrade --install wire-server wire/wire-server -f my-wire-server/values.yaml -f my-wire-server/secrets.yaml --wait
-
-.. _helmdns:
-
-DNS records
------------
-
-.. include:: includes/helm_dns-ingress-troubleshooting.inc.rst
diff --git a/docs/src/how-to/install/helm.md b/docs/src/how-to/install/helm.md
new file mode 100644
index 0000000000..75ce93eda2
--- /dev/null
+++ b/docs/src/how-to/install/helm.md
@@ -0,0 +1,145 @@
+(helm)=
+
+# Installing wire-server (demo) components using helm
+
+## Introduction
+
+The following will install a demo version of all the wire-server components including the databases. This setup is not recommended in production but will get you started.
+
+Demo version means
+
+- easy setup - only one single machine with kubernetes is needed (make sure you have at least 4 CPU cores and 8 GB of memory available)
+- no data persistence (everything stored in memory, will be lost)
+
+### What will be installed?
+
+- wire-server (API)
+  \-  user accounts, authentication, conversations
+  \-  assets handling (images, files, ...)
+  \-  notifications over websocket
+- wire-webapp, a fully functioning web client (like `https://app.wire.com`)
+- wire-account-pages, user account management (a few pages relating to e.g. password reset)
+
+### What will not be installed?
+
+- notifications over native push notifications via [FCM](https://firebase.google.com/docs/cloud-messaging/)/[APNS](https://developer.apple.com/notifications/)
+- audio/video calling servers using {ref}`understand-restund`)
+- team-settings page
+
+## Prerequisites
+
+You need to have access to a kubernetes cluster, and the `helm` local binary on your PATH.
+
+- If you don't have a kubernetes cluster, you have two options:
+
+  - You can get access to a managed kubernetes cluster with the cloud provider of your choice.
+  - You can install one if you have ssh access to a virtual machine, see {ref}`ansible-kubernetes`
+
+- If you don't have `helm` yet, see [Installing helm](https://helm.sh/docs/using_helm/#installing-helm).
+
+Type `helm version`, you should, if everything is configured correctly, see a result like this:
+
+```
+version.BuildInfo{Version:"v3.1.1", GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean", GoVersion:"go1.13.8"}
+```
+
+In case `kubectl version` shows both Client and Server versions, but `helm version` does not show a Server version, you may need to run `helm init`. The exact version (assuming `v2.X.X` - at the time of writing v3 is not yet supported) matters less as long as both Client and Server versions match (or are very close).
+
+## How to start installing charts from wire
+
+Enable the wire charts helm repository:
+
+```shell
+helm repo add wire https://s3-eu-west-1.amazonaws.com/public.wire.com/charts
+```
+
+(You can see available helm charts by running `helm search repo wire/`. To see
+new versions as time passes, you may need to run `helm repo update`)
+
+Great! Now you can start installing.
+
+```{note}
+all commands below can also take an extra `--namespace <your-namespace>` if you don't want to install into the default kubernetes namespace.
+```
+
+## Watching changes as they happen
+
+Open a terminal and run
+
+```shell
+kubectl get pods -w
+```
+
+This will block your terminal and show some things happening as you proceed through this guide. Keep this terminal open and open a second terminal.
+
+## How to install in-memory databases and external components
+
+In your second terminal, first install databases:
+
+```shell
+helm upgrade --install databases-ephemeral wire/databases-ephemeral --wait
+```
+
+You should see some pods being created in your first terminal as the above command completes.
+
+You can do the following two steps (mock aws services and demo smtp
+server) in parallel with the above in two more terminals, or
+sequentially after database-ephemeral installation has succeeded.
+
+```shell
+helm upgrade --install fake-aws wire/fake-aws --wait
+helm upgrade --install smtp wire/demo-smtp --wait
+```
+
+## How to install wire-server itself
+
+```{note}
+The following makes use of overrides for helm charts. You may wish to read {ref}`understand-helm-overrides` first.
+```
+
+Change back to the wire-server-deploy directory.  Copy example demo values and secrets:
+
+```shell
+mkdir -p wire-server && cd wire-server
+cp ../values/wire-server/demo-secrets.example.yaml secrets.yaml
+cp ../values/wire-server/demo-values.example.yaml values.yaml
+```
+
+Or, if you are not in wire-server-deploy, download example demo values and secrets:
+
+```shell
+mkdir -p wire-server && cd wire-server
+curl -sSL https://raw.githubusercontent.com/wireapp/wire-server-deploy/master/values/wire-server/demo-secrets.example.yaml > secrets.yaml
+curl -sSL https://raw.githubusercontent.com/wireapp/wire-server-deploy/master/values/wire-server/demo-values.example.yaml > values.yaml
+```
+
+Open `values.yaml` and replace `example.com` and other domains and subdomains with domains of your choosing. Look for the `# change this` comments. You can try using `sed -i 's/example.com/<your-domain>/g' values.yaml`.
+
+Generate some secrets (if you are using the docker image from {ref}`ansible-kubernetes`, you should open a shell on the host system for this):
+
+```shell
+openssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 > restund.txt
+docker run --rm quay.io/wire/alpine-intermediate /dist/zauth -m gen-keypair -i 1 > zauth.txt
+```
+
+1. Add the generated secret from restund.txt to secrets.yaml under `brig.secrets.turn.secret`
+2. add **both** the public and private parts from zauth.txt to secrets.yaml under `brig.secrets.zAuth`
+3. Add the public key from zauth.txt **also** to secrets.yaml under `nginz.secrets.zAuth.publicKeys`
+
+You can do this with an editor, or using sed:
+
+```shell
+sed -i 's/secret:$/secret: content_of_restund.txt_file/' secrets.yaml
+sed -i 's/publicKeys: "<public key>"/publicKeys: "public_key_from_zauth.txt_file"/' secrets.yaml
+sed -i 's/privateKeys: "<private key>"/privateKeys: "private_key_from_zauth.txt_file"/' secrets.yaml
+```
+
+Great, now try the installation:
+
+```shell
+helm upgrade --install wire-server wire/wire-server -f values.yaml -f secrets.yaml --wait
+```
+
+```{eval-rst}
+.. include:: includes/helm_dns-ingress-troubleshooting.inc.rst
+```
diff --git a/docs/src/how-to/install/helm.rst b/docs/src/how-to/install/helm.rst
deleted file mode 100644
index 695a4c95a3..0000000000
--- a/docs/src/how-to/install/helm.rst
+++ /dev/null
@@ -1,154 +0,0 @@
-.. _helm:
-
-Installing wire-server (demo) components using helm
-======================================================
-
-Introduction
------------------
-
-The following will install a demo version of all the wire-server components including the databases. This setup is not recommended in production but will get you started.
-
-Demo version means
-
-* easy setup - only one single machine with kubernetes is needed (make sure you have at least 4 CPU cores and 8 GB of memory available)
-* no data persistence (everything stored in memory, will be lost)
-
-What will be installed?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  wire-server (API)
-   -  user accounts, authentication, conversations
-   -  assets handling (images, files, ...)
-   -  notifications over websocket
-
--  wire-webapp, a fully functioning web client (like ``https://app.wire.com``)
--  wire-account-pages, user account management (a few pages relating to e.g. password reset)
-
-What will not be installed?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  notifications over native push notifications via `FCM <https://firebase.google.com/docs/cloud-messaging/>`__/`APNS <https://developer.apple.com/notifications/>`__
--  audio/video calling servers using :ref:`understand-restund`)
--  team-settings page
-
-Prerequisites
---------------------------------
-
-You need to have access to a kubernetes cluster, and the ``helm`` local binary on your PATH.
-
-* If you don't have a kubernetes cluster, you have two options:
-
-  * You can get access to a managed kubernetes cluster with the cloud provider of your choice.
-  * You can install one if you have ssh access to a virtual machine, see :ref:`ansible-kubernetes`
-
-* If you don't have ``helm`` yet, see `Installing helm <https://helm.sh/docs/using_helm/#installing-helm>`__.
-
-Type ``helm version``, you should, if everything is configured correctly, see a result like this:
-
-::
-
-    version.BuildInfo{Version:"v3.1.1", GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean", GoVersion:"go1.13.8"}
-
-
-In case ``kubectl version`` shows both Client and Server versions, but ``helm version`` does not show a Server version, you may need to run ``helm init``. The exact version (assuming `v2.X.X` - at the time of writing v3 is not yet supported) matters less as long as both Client and Server versions match (or are very close).
-
-How to start installing charts from wire
---------------------------------------------------
-
-Enable the wire charts helm repository:
-
-.. code:: shell
-
-   helm repo add wire https://s3-eu-west-1.amazonaws.com/public.wire.com/charts
-
-(You can see available helm charts by running ``helm search repo wire/``. To see
-new versions as time passes, you may need to run ``helm repo update``)
-
-Great! Now you can start installing.
-
-.. note::
-
-    all commands below can also take an extra ``--namespace <your-namespace>`` if you don't want to install into the default kubernetes namespace.
-
-Watching changes as they happen
---------------------------------------------------
-
-Open a terminal and run
-
-.. code:: shell
-
-    kubectl get pods -w
-
-This will block your terminal and show some things happening as you proceed through this guide. Keep this terminal open and open a second terminal.
-
-How to install in-memory databases and external components
---------------------------------------------------------------
-
-In your second terminal, first install databases:
-
-.. code:: shell
-
-   helm upgrade --install databases-ephemeral wire/databases-ephemeral --wait
-
-You should see some pods being created in your first terminal as the above command completes.
-
-You can do the following two steps (mock aws services and demo smtp
-server) in parallel with the above in two more terminals, or
-sequentially after database-ephemeral installation has succeeded.
-
-.. code:: shell
-
-   helm upgrade --install fake-aws wire/fake-aws --wait
-   helm upgrade --install smtp wire/demo-smtp --wait
-
-How to install wire-server itself
----------------------------------------
-
-.. note::
-
-    The following makes use of overrides for helm charts. You may wish to read :ref:`understand-helm-overrides` first.
-
-Change back to the wire-server-deploy directory.  Copy example demo values and secrets:
-
-.. code:: shell
-
-   mkdir -p wire-server && cd wire-server
-   cp ../values/wire-server/demo-secrets.example.yaml secrets.yaml
-   cp ../values/wire-server/demo-values.example.yaml values.yaml
-
-Or, if you are not in wire-server-deploy, download example demo values and secrets:
-
-.. code:: shell
-
-   mkdir -p wire-server && cd wire-server
-   curl -sSL https://raw.githubusercontent.com/wireapp/wire-server-deploy/master/values/wire-server/demo-secrets.example.yaml > secrets.yaml
-   curl -sSL https://raw.githubusercontent.com/wireapp/wire-server-deploy/master/values/wire-server/demo-values.example.yaml > values.yaml
-
-Open ``values.yaml`` and replace ``example.com`` and other domains and subdomains with domains of your choosing. Look for the ``# change this`` comments. You can try using ``sed -i 's/example.com/<your-domain>/g' values.yaml``.
-
-Generate some secrets (if you are using the docker image from :ref:`ansible-kubernetes`, you should open a shell on the host system for this):
-
-.. code:: shell
-
-  openssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 > restund.txt
-  docker run --rm quay.io/wire/alpine-intermediate /dist/zauth -m gen-keypair -i 1 > zauth.txt
-
-1. Add the generated secret from restund.txt to secrets.yaml under ``brig.secrets.turn.secret``
-2. add **both** the public and private parts from zauth.txt to secrets.yaml under ``brig.secrets.zAuth``
-3. Add the public key from zauth.txt **also** to secrets.yaml under ``nginz.secrets.zAuth.publicKeys``
-
-You can do this with an editor, or using sed:
-
-.. code:: shell 
-
-    sed -i 's/secret:$/secret: content_of_restund.txt_file/' secrets.yaml
-    sed -i 's/publicKeys: "<public key>"/publicKeys: "public_key_from_zauth.txt_file"/' secrets.yaml
-    sed -i 's/privateKeys: "<private key>"/privateKeys: "private_key_from_zauth.txt_file"/' secrets.yaml
-
-Great, now try the installation:
-
-.. code:: shell
-
-   helm upgrade --install wire-server wire/wire-server -f values.yaml -f secrets.yaml --wait
-
-.. include:: includes/helm_dns-ingress-troubleshooting.inc.rst
diff --git a/docs/src/how-to/install/includes/dns-federation.rst b/docs/src/how-to/install/includes/dns-federation.rst
deleted file mode 100644
index c25184ffbe..0000000000
--- a/docs/src/how-to/install/includes/dns-federation.rst
+++ /dev/null
@@ -1,43 +0,0 @@
-DNS setup for federation
-------------------------
-
-SRV record
-^^^^^^^^^^
-
-One prerequisite to enable federation is an `SRV record <https://en.wikipedia.org/wiki/SRV_record>`__ as defined in `RFC
-2782 <https://datatracker.ietf.org/doc/html/rfc2782>`__ that needs to be set up to allow the wire-server to be
-discovered by other Wire backends. See the documentation on :ref:`discovery in federation<discovery>` for more
-information on the role of discovery in federation.
-
-The fields of the SRV record need to be populated as follows
-
-* ``service``:  ``wire-server-federator``
-* ``proto``: ``tcp``
-* ``name``: <backend-domain>
-* ``TTL``: e.g. 600 (10 minutes) in an initial phase. This can be set to a higher value (e.g. 86400) if your systems are stable and DNS records don't change a lot.
-* ``priority``: anything. A good default value would be 0
-* ``weight``: >0 for your server to be reachable. A good default value could be 10
-* ``port``: ``443``
-* ``target``: <federation-infra-domain>
-
-To give an example, assuming
-
-* your federation :ref:`Backend Domain <glossary_backend_domain>` is ``example.com``
-* your domains for other services already set up follow the convention ``<service>.wire.example.org``
-
-then your federation :ref:`Infra Domain <glossary_infra_domain>` would be ``federator.wire.example.org``.
-
-The SRV record would look as follows:
-
-.. code-block:: bash
-
-   # _service._proto.name.                  ttl IN SRV priority weight port target.
-   _wire-server-federator._tcp.example.com. 600 IN SRV 0        10     443  federator.wire.example.org.
-
-DNS A record for the federator
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Background: ``federator`` is the server component responsible for incoming and outgoing requests to other backend; but it is proxied on
-the incoming requests by the ingress component on kubernetes as shown in :ref:`Federation Architecture<federation-architecture>`
-
-As mentioned in :ref:`DNS setup for Helm<helmdns>`, you also need a ``federator.<domain>`` record, which, alongside your other DNS records that point to the ingress component, also needs to point to the IP of your ingress, i.e. the IP you want to provide services on.
diff --git a/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst b/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst
index 90b9e1f3b5..610ca8c784 100644
--- a/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst
+++ b/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst
@@ -143,8 +143,6 @@ Next, we want to redirect port 443 to the port the nginx https ingress nodeport
 
 * Option 2: Use ansible to do that, run the `iptables playbook <https://github.com/wireapp/wire-server-deploy/blob/master/ansible/iptables.yml>`__
 
-.. include:: ./includes/dns-federation.rst
-
 Trying things out
 -----------------
 
diff --git a/docs/src/how-to/install/index.md b/docs/src/how-to/install/index.md
new file mode 100644
index 0000000000..183215c603
--- /dev/null
+++ b/docs/src/how-to/install/index.md
@@ -0,0 +1,30 @@
+# Installing wire-server
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+
+How to plan an installation <planning>
+Version requirements <version-requirements>
+dependencies
+(demo) How to install kubernetes <kubernetes>
+(demo) How to install wire-server using Helm <helm>
+(production) Introduction <prod-intro>
+(production) How to install kubernetes and databases <ansible-VMs>
+(production) How to configure AWS services <aws-prod>
+(production) How to install wire-server using Helm <helm-prod>
+(production) How to monitor wire-server <monitoring>
+(production) How to see centralized logs for wire-server <logging>
+(production) Other configuration options <configuration-options>
+Server and team feature settings <team-feature-settings>
+Messaging Layer Security (MLS) <mls>
+Web app settings <web-app-settings>
+sft
+restund
+configure-federation
+tls
+How to install and set up Legal Hold <legalhold>
+Managing authentication with ansible <ansible-authentication>
+Using tinc <ansible-tinc>
+Troubleshooting during installation <troubleshooting>
+```
diff --git a/docs/src/how-to/install/index.rst b/docs/src/how-to/install/index.rst
deleted file mode 100644
index 03802f43c7..0000000000
--- a/docs/src/how-to/install/index.rst
+++ /dev/null
@@ -1,30 +0,0 @@
-Installing wire-server
-=======================
-
-.. toctree::
-   :maxdepth: 2
-   :glob:
-
-   How to plan an installation <planning.rst>
-   Version requirements <version-requirements.rst>
-   dependencies
-   (demo) How to install kubernetes <kubernetes.rst>
-   (demo) How to install wire-server using Helm <helm.rst>
-   (production) Introduction <prod-intro.rst>
-   (production) How to install kubernetes and databases <ansible-VMs.rst>
-   (production) How to configure AWS services <aws-prod.rst>
-   (production) How to install wire-server using Helm <helm-prod.rst>
-   (production) How to monitor wire-server <monitoring.rst>
-   (production) How to see centralized logs for wire-server <logging.rst>
-   (production) Other configuration options <configuration-options.rst>
-   Server and team feature settings <team-feature-settings.md>
-   Messaging Layer Security (MLS) <mls.md>
-   Web app settings <web-app-settings.md>
-   sft
-   restund
-   configure-federation
-   tls
-   How to install and set up Legal Hold <legalhold.md>
-   Managing authentication with ansible <ansible-authentication.rst>
-   Using tinc <ansible-tinc.rst>
-   Troubleshooting during installation <troubleshooting.rst>
diff --git a/docs/src/how-to/install/kubernetes.md b/docs/src/how-to/install/kubernetes.md
new file mode 100644
index 0000000000..1c4430eefd
--- /dev/null
+++ b/docs/src/how-to/install/kubernetes.md
@@ -0,0 +1,85 @@
+(ansible-kubernetes)=
+
+# Installing kubernetes for a demo installation (on a single virtual machine)
+
+## How to set up your hosts.ini file
+
+Assuming a single virtual machine with a public IP address running Ubuntu 18.04, with at least 5 CPU cores and at least 8 GB of memory.
+
+Move to `wire-server-deploy/ansible`:
+
+```shell
+cd ansible/
+```
+
+Then:
+
+```{eval-rst}
+.. include:: includes/ansible-authentication-blob.rst
+```
+
+## Passwordless authentication
+
+Presuming a fresh default Ubuntu 18.04 installation, the following steps will enable the Ansible playbook to run without specifying passwords.
+
+This presumes you named your default Ubuntu user "wire", and X.X.X.X is the IP or domain name of the target server Ansible will install Kubernetes on.
+
+On the client (from `wire-server-deploy/ansible`), run:
+
+```shell
+ssh-keygen -f /root/.ssh/id_rsa -t rsa -P
+ssh-copy-id wire@X.X.X.X
+sed -i 's/# ansible_user = .../ansible_user = wire/g' inventory/demo/hosts.ini
+```
+
+And on the server (X.X.X.X), run:
+
+```shell
+echo 'wire ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers
+```
+
+Then on the client:
+
+```shell
+cp inventory/demo/hosts.example.ini inventory/demo/hosts.ini
+```
+
+Open hosts.ini and replace `X.X.X.X` with the IP address of your virtual machine that you use for ssh access.  You can try using:
+
+```shell
+sed -i 's/X.X.X.X/1.2.3.4/g' inventory/demo/hosts.ini
+```
+
+## Minio setup
+
+In the `inventory/demo/hosts.ini` file, edit the minio variables in `[minio:vars]` (`prefix`, `domain` and `deeplink_title`)
+by replacing `example.com` with your own domain.
+
+## How to install kubernetes
+
+From `wire-server-deploy/ansible`:
+
+```
+ansible-playbook -i inventory/demo/hosts.ini kubernetes.yml -vv
+```
+
+When the playbook finishes correctly (which can take up to 20 minutes), you should have a folder `artifacts` containing a file `admin.conf`. Copy this file:
+
+```
+mkdir -p ~/.kube
+cp artifacts/admin.conf ~/.kube/config
+KUBECONFIG=~/.kube/config
+```
+
+Make sure you can reach the server:
+
+```
+kubectl version
+```
+
+should give output similar to this:
+
+```
+Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:23:09Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
+Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:14:56Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
+```
diff --git a/docs/src/how-to/install/kubernetes.rst b/docs/src/how-to/install/kubernetes.rst
deleted file mode 100644
index d4e423dfa4..0000000000
--- a/docs/src/how-to/install/kubernetes.rst
+++ /dev/null
@@ -1,83 +0,0 @@
-.. _ansible-kubernetes:
-
-Installing kubernetes for a demo installation (on a single virtual machine)
-============================================================================
-
-
-How to set up your hosts.ini file
--------------------------------------
-
-Assuming a single virtual machine with a public IP address running Ubuntu 18.04, with at least 5 CPU cores and at least 8 GB of memory.
-
-Move to ``wire-server-deploy/ansible``:
-
-.. code:: shell
-
-  cd ansible/
-
-Then:
-
-.. include:: includes/ansible-authentication-blob.rst
-
-Passwordless authentication
----------------------------
-
-Presuming a fresh default Ubuntu 18.04 installation, the following steps will enable the Ansible playbook to run without specifying passwords.
-
-This presumes you named your default Ubuntu user "wire", and X.X.X.X is the IP or domain name of the target server Ansible will install Kubernetes on.
-
-On the client (from ``wire-server-deploy/ansible``), run:
-
-.. code:: shell 
-
-    ssh-keygen -f /root/.ssh/id_rsa -t rsa -P
-    ssh-copy-id wire@X.X.X.X
-    sed -i 's/# ansible_user = .../ansible_user = wire/g' inventory/demo/hosts.ini
-
-And on the server (X.X.X.X), run:
-
-.. code:: shell 
-
-    echo 'wire ALL=(ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers
-
-Then on the client:
-
-.. code:: shell
-
-  cp inventory/demo/hosts.example.ini inventory/demo/hosts.ini
-
-Open hosts.ini and replace `X.X.X.X` with the IP address of your virtual machine that you use for ssh access.  You can try using: 
-
-.. code:: shell
-
-  sed -i 's/X.X.X.X/1.2.3.4/g' inventory/demo/hosts.ini
-
-Minio setup
------------
-
-In the ``inventory/demo/hosts.ini`` file, edit the minio variables in ``[minio:vars]`` (``prefix``, ``domain`` and ``deeplink_title``)
-by replacing ``example.com`` with your own domain.
-
-How to install kubernetes
---------------------------
-
-From ``wire-server-deploy/ansible``::
-
-   ansible-playbook -i inventory/demo/hosts.ini kubernetes.yml -vv
-
-When the playbook finishes correctly (which can take up to 20 minutes), you should have a folder ``artifacts`` containing a file ``admin.conf``. Copy this file::
-
-  mkdir -p ~/.kube
-  cp artifacts/admin.conf ~/.kube/config
-  KUBECONFIG=~/.kube/config
-
-Make sure you can reach the server::
-
-  kubectl version
-
-should give output similar to this::
-
-  Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:23:09Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
-  Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:14:56Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
-
-
diff --git a/docs/src/how-to/install/logging.rst b/docs/src/how-to/install/logging.md
similarity index 60%
rename from docs/src/how-to/install/logging.rst
rename to docs/src/how-to/install/logging.md
index 5d9368c83c..ca4ea9341d 100644
--- a/docs/src/how-to/install/logging.rst
+++ b/docs/src/how-to/install/logging.md
@@ -1,182 +1,164 @@
-.. _logging:
+(logging)=
 
-Installing centralized logging dashboards using Kibana
-========================================================
+# Installing centralized logging dashboards using Kibana
 
-Introduction
-------------
+## Introduction
 
 This page shows you how to install Elasticsearch, Kibana, and fluent-bit to aggregate and visualize the logs from wire-server components.
 
-Status
--------
+## Status
 
 Logging support is in active development as of September 2019, some logs may not be visible yet, and certain parts are not fully automated yet.
 
-Prerequisites
--------------
+## Prerequisites
 
 You need to have wire-server installed, see either of
 
-* :ref:`helm`
-* :ref:`helm_prod`.
+- {ref}`helm`
+- {ref}`helm-prod`.
 
+## Installing required helm charts
 
-Installing required helm charts
---------------------------------
-
-
-Deploying Elasticsearch
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+### Deploying Elasticsearch
 
 Elasticsearch indexes the logs and makes them searchable. The following elasticsearch-ephemeral chart makes use of the disk space the pod happens to run on.
 
-::
-
-   $ helm install --namespace <namespace> wire/elasticsearch-ephemeral
+```
+$ helm install --namespace <namespace> wire/elasticsearch-ephemeral
+```
 
 Note that since we are not specifying a release name during helm
 install, it generates a 'verb-noun' pair, and uses it. Elasticsearch's
 chart does not use the release name of the helm chart in the pod name,
 sadly.
 
-Deploying Elasticsearch-Curator
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+### Deploying Elasticsearch-Curator
 
 Elasticsearch-curator trims the logs that are contained in elasticsearch, so
 that your elasticsearch pod does not get too large, crash, and need to be
 re-built.
 
-::
-
-   $ helm install --namespace <namespace> wire/elasticsearch-curator
+```
+$ helm install --namespace <namespace> wire/elasticsearch-curator
+```
 
 Note that since we are not specifying a release name during helm
 install, it generates a 'verb-noun' pair, and uses it. If you look at
 your pod names, you can see this name prepended to your pods in 'kubectl
 -n get pods'.
 
-Deploying Kibana
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-::
+### Deploying Kibana
 
-   $ helm install --namespace <namespace> wire/kibana
+```
+$ helm install --namespace <namespace> wire/kibana
+```
 
 Note that since we are not specifying a release name during helm
 install, it generates a 'verb-noun' pair, and uses it. If you look at
 your pod names, you can see this name prepended to your pods in 'kubectl
 -n get pods'.
 
-Deploying fluent-bit
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-::
+### Deploying fluent-bit
 
-   $ helm install --namespace <namespace> wire/fluent-bit
+```
+$ helm install --namespace <namespace> wire/fluent-bit
+```
 
-Configuring fluent-bit
-----------------------
+## Configuring fluent-bit
 
-.. note::
+```{note}
+The following makes use of overrides for helm charts. You may wish to read {ref}`understand-helm-overrides` first.
+```
 
-    The following makes use of overrides for helm charts. You may wish to read :ref:`understand-helm-overrides` first.
-
-Per pod-template, you can specify what parsers ``fluent-bit`` needs to
+Per pod-template, you can specify what parsers `fluent-bit` needs to
 use to interpret the pod's logs in a structured way. By default, it just
 parses them as plain text. But, you can change this using a pod
 annotation. E.g.:
 
-::
-
-   apiVersion: v1
-   kind: Pod
-   metadata:
-     name: brig
-     labels:
-       app: brig
-     annotations:
-       fluentbit.io/parser: json
-   spec:
-     containers:
-     - name: apache
-       image: edsiper/apache_logs
-
-You can also define your own custom parsers in our ``fluent-bit``
-chart's ``values.yml``. For example, we have one defined for ``nginz``.
+```
+apiVersion: v1
+kind: Pod
+metadata:
+  name: brig
+  labels:
+    app: brig
+  annotations:
+    fluentbit.io/parser: json
+spec:
+  containers:
+  - name: apache
+    image: edsiper/apache_logs
+```
+
+You can also define your own custom parsers in our `fluent-bit`
+chart's `values.yml`. For example, we have one defined for `nginz`.
 For more info, see :
-https://github.com/fluent/fluent-bit-docs/blob/master/filter/kubernetes.md#kubernetes-annotations
+<https://github.com/fluent/fluent-bit-docs/blob/master/filter/kubernetes.md#kubernetes-annotations>
 
 Alternately, if there is already fluent-bit deployed in your
 environment, get the helm name for the deployment (verb-noun prepended
 to the pod name), and
 
-::
-
-   $ helm upgrade <helm-name> --namespace <namespace> wire/fluent-bit
+```
+$ helm upgrade <helm-name> --namespace <namespace> wire/fluent-bit
+```
 
 Note that since we are not specifying a release name during helm
 install, it generates a 'verb-noun' pair, and uses it. if you look at
 your pod names, you can see this name prepended to your pods in 'kubectl
 -n get pods'.
 
-.. _post-install-kibana-setup:
+(post-install-kibana-setup)=
 
-Post-install kibana setup
---------------------------
+## Post-install kibana setup
 
 Get the pod name for your kibana instance (not the one set up with
 fluent-bit), and
 
-::
-
-   $ kubectl -n <namespace> port-forward <pod_name> 5601:5601
+```
+$ kubectl -n <namespace> port-forward <pod_name> 5601:5601
+```
 
 go to 127.0.0.1:5601 in your web browser.
 
 1. Click on 'discover'.
-2. Use ``kubernetes_cluster-*`` as the Index pattern.
+2. Use `kubernetes_cluster-*` as the Index pattern.
 3. Click on 'Next step'
 4. Click on the 'Time Filter field name' dropdown, and select
-   '@timestamp'.
+   <mailto:'@timestamp>'.
 5. Click on 'create index patern'.
 
-
-Usage after installation
--------------------------
+## Usage after installation
 
 Get the pod name for your kibana instance (not the one set up with
 fluent-bit), and
 
-::
-
-   $ kubectl -n <namespace> port-forward <pod_name> 5601:5601
+```
+$ kubectl -n <namespace> port-forward <pod_name> 5601:5601
+```
 
 Go to 127.0.0.1:5601 in your web browser.
 
 Click on 'discover' to view data.
 
-.. _nuking-it-all:
+(nuking-it-all)=
 
-Nuking it all.
---------------
+## Nuking it all.
 
-Find the names of the helm releases for your pods (look at ``helm ls --all``
-and ``kubectl -n <namespace> get pods`` , and run
-``helm del <helm_deploy_name> --purge`` for each of them.
+Find the names of the helm releases for your pods (look at `helm ls --all`
+and `kubectl -n <namespace> get pods` , and run
+`helm del <helm_deploy_name> --purge` for each of them.
 
 Note: Elasticsearch does not use the name of the helm chart, and
 therefore is harder to identify.
 
-Debugging
----------
-
-::
+## Debugging
 
-   kubectl -n <namespace> logs <host>
+```
+kubectl -n <namespace> logs <host>
+```
 
-How this was developed
-^^^^^^^^^^^^^^^^^^^^^^^^
+### How this was developed
 
 First, we deployed elasticsearch with the elasticsearch-ephemeral chart,
 then kibana. then we deployed fluent-bit, which set up a kibana of it's
diff --git a/docs/src/how-to/install/monitoring.rst b/docs/src/how-to/install/monitoring.md
similarity index 58%
rename from docs/src/how-to/install/monitoring.rst
rename to docs/src/how-to/install/monitoring.md
index ea900526cc..18f5a8865b 100644
--- a/docs/src/how-to/install/monitoring.rst
+++ b/docs/src/how-to/install/monitoring.md
@@ -1,21 +1,19 @@
-.. _monitoring:
+(monitoring)=
 
-Monitoring wire-server using Prometheus and Grafana
-=======================================================
+# Monitoring wire-server using Prometheus and Grafana
 
 All wire-server helm charts offering prometheus metrics expose a
 `metrics.serviceMonitor.enabled` option.
 
 If these are set to true, the helm charts will install `ServiceMonitor`
 resources, which can be used to mark services for scraping by
-[Prometheus Operator](https://prometheus-operator.dev/),
-[Grafana Agent Operator](https://grafana.com/docs/grafana-cloud/kubernetes-monitoring/agent-k8s/),
+\[Prometheus Operator\](<https://prometheus-operator.dev/>),
+\[Grafana Agent Operator\](<https://grafana.com/docs/grafana-cloud/kubernetes-monitoring/agent-k8s/>),
 or similar prometheus-compatible tools.
 
 Refer to their documentation for installation.
 
-Dashboards
------------------
+## Dashboards
 
-Grafana dashboard configurations are included as JSON inside the ``dashboards``
+Grafana dashboard configurations are included as JSON inside the `dashboards`
 directory. You may import these via Grafana's web UI.
diff --git a/docs/src/how-to/install/planning.rst b/docs/src/how-to/install/planning.md
similarity index 55%
rename from docs/src/how-to/install/planning.rst
rename to docs/src/how-to/install/planning.md
index 29e84f97a6..1c3b1a5f44 100644
--- a/docs/src/how-to/install/planning.rst
+++ b/docs/src/how-to/install/planning.md
@@ -1,10 +1,8 @@
-Implementation plan
-====================================
+# Implementation plan
 
 There are two types of implementation: demo and production.
 
-Demo installation (trying functionality out)
------------------------------------------------
+## Demo installation (trying functionality out)
 
 Please note that there is no way to migrate data from a demo
 installation to a production installation - it is really meant as a way
@@ -14,36 +12,36 @@ Please note your data will be in-memory only and may disappear at any given mome
 
 What you need:
 
--  a way to create **DNS records** for your domain name (e.g.
-   ``wire.example.com``)
--  a way to create **SSL/TLS certificates** for your domain name (to allow
-   connecting via ``https://``)
--  Either one of the following:
+- a way to create **DNS records** for your domain name (e.g.
+  `wire.example.com`)
 
-   -  A kubernetes cluster (some cloud providers offer a managed
-      kubernetes cluster these days).
-   -  One single virtual machine running ubuntu 18.04 with at least 20 GB of disk, 8 GB of memory, and 8 CPU cores.
+- a way to create **SSL/TLS certificates** for your domain name (to allow
+  connecting via `https://`)
 
-A demo installation will look a bit like this:
+- Either one of the following:
+
+  - A kubernetes cluster (some cloud providers offer a managed
+    kubernetes cluster these days).
+  - One single virtual machine running ubuntu 18.04 with at least 20 GB of disk, 8 GB of memory, and 8 CPU cores.
 
-.. figure:: img/architecture-demo.png
+A demo installation will look a bit like this:
 
-    Demo installation (1 VM)
+```{figure} img/architecture-demo.png
+Demo installation (1 VM)
+```
 
-Next steps for demo installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+### Next steps for demo installation
 
-If you already have a kubernetes cluster, your next step will be :ref:`helm`, otherwise, your next step will be :ref:`ansible-kubernetes`
+If you already have a kubernetes cluster, your next step will be {ref}`helm`, otherwise, your next step will be {ref}`ansible-kubernetes`
 
-.. _planning_prod:
+(planning-prod)=
 
-Production installation (persistent data, high-availability)
---------------------------------------------------------------
+## Production installation (persistent data, high-availability)
 
 What you need:
 
-- a way to create **DNS records** for your domain name (e.g. ``wire.example.com``)
-- a way to create **SSL/TLS certificates** for your domain name (to allow connecting via ``https://wire.example.com``)
+- a way to create **DNS records** for your domain name (e.g. `wire.example.com`)
+- a way to create **SSL/TLS certificates** for your domain name (to allow connecting via `https://wire.example.com`)
 - A **kubernetes cluster with at least 3 worker nodes and at least 3 etcd nodes** (some cloud providers offer a managed kubernetes cluster these days)
 - minimum **17 virtual machines** for components outside kubernetes (cassandra, minio, elasticsearch, redis, restund)
 
@@ -51,13 +49,15 @@ A recommended installation of Wire-server in any regular data centre,
 configured with high-availability will require the following virtual
 servers:
 
+```{eval-rst}
 .. include:: includes/vm-table.rst
+```
 
 A production installation will look a bit like this:
 
-.. figure:: img/architecture-server-ha.png
-
-    Production installation in High-Availability mode
+```{figure} img/architecture-server-ha.png
+Production installation in High-Availability mode
+```
 
 If you use a private datacenter (not a cloud provider), the easiest is
 to have three physical servers, each with one virtual machine for each
@@ -71,7 +71,6 @@ Ensure that your VMs have IP addresses that do not change.
 
 Avoid `10.x.x.x` network address schemes, and instead use something like `192.168.x.x` or `172.x.x.x`. This is because internally, Kubernetes already uses a `10.x.x.x` address scheme, creating a potential conflict.
 
-Next steps for high-available production installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+### Next steps for high-available production installation
 
-Your next step will be :ref:`ansible_vms`
+Your next step will be {ref}`ansible-vms`
diff --git a/docs/src/how-to/install/prod-intro.md b/docs/src/how-to/install/prod-intro.md
new file mode 100644
index 0000000000..a908c14c30
--- /dev/null
+++ b/docs/src/how-to/install/prod-intro.md
@@ -0,0 +1,58 @@
+# Introduction
+
+```{warning}
+It is *strongly recommended* to have followed and completed the demo installation {ref}`helm` before continuing with this page. The demo installation is simpler, and already makes you aware of a few things you need (TLS certs, DNS, a VM, ...).
+```
+
+```{note}
+All required dependencies for doing an installation can be found here {ref}`dependencies`.
+```
+
+A production installation consists of several parts:
+
+Part 1 - you're on your own here, and need to create a set of VMs as detailed in {ref}`planning-prod`
+
+Part 2 ({ref}`ansible-vms`) deals with installing components directly on a set of virtual machines, such as kubernetes itself, as well as databases. It makes use of ansible to achieve that.
+
+Part 3 ({ref}`helm-prod`) is similar to the demo installation, and uses the tool `helm` to install software on top of kubernetes.
+
+Part 4 ({ref}`configuration-options`) details other possible configuration options and settings to fit your needs.
+
+## What will be installed by following these parts?
+
+- highly-available and persistent databases (cassandra, elasticsearch)
+
+- kubernetes
+
+- restund (audio/video calling) servers ( see also {ref}`understand-restund`)
+
+- wire-server (API)
+  \-  user accounts, authentication, conversations
+  \-  assets handling (images, files, ...)
+  \-  notifications over websocket
+  \-  single-sign-on with SAML
+
+- wire-webapp
+
+  - fully functioning web client (like `https://app.wire.com`)
+
+- wire-account-pages
+
+  - user account management (a few pages relating to e.g. password reset)
+
+## What will not be installed?
+
+- notifications over native push notification via [FCM](https://firebase.google.com/docs/cloud-messaging/)/[APNS](https://developer.apple.com/notifications/)
+
+## What will not be installed by default?
+
+- 3rd party proxying - requires accounts with third-party providers
+- team-settings page for team management (including invitations, requires access to a private repository - get in touch with us for access)
+
+## Getting support
+
+[Get in touch](https://wire.com/pricing/).
+
+## Next steps for high-available production installation
+
+Your next step will be part 2, {ref}`ansible-vms`
diff --git a/docs/src/how-to/install/prod-intro.rst b/docs/src/how-to/install/prod-intro.rst
deleted file mode 100644
index 420b5fc296..0000000000
--- a/docs/src/how-to/install/prod-intro.rst
+++ /dev/null
@@ -1,60 +0,0 @@
-Introduction
-=============
-
-.. warning::
-
-    It is *strongly recommended* to have followed and completed the demo installation :ref:`helm` before continuing with this page. The demo installation is simpler, and already makes you aware of a few things you need (TLS certs, DNS, a VM, ...).
-
-.. note::
-    All required dependencies for doing an installation can be found here :ref:`dependencies`.
-
-A production installation consists of several parts:
-
-Part 1 - you're on your own here, and need to create a set of VMs as detailed in :ref:`planning_prod`
-
-Part 2 (:ref:`ansible_vms`) deals with installing components directly on a set of virtual machines, such as kubernetes itself, as well as databases. It makes use of ansible to achieve that.
-
-Part 3 (:ref:`helm_prod`) is similar to the demo installation, and uses the tool ``helm`` to install software on top of kubernetes.
-
-Part 4 (:ref:`configuration_options`) details other possible configuration options and settings to fit your needs.
-
-What will be installed by following these parts?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  highly-available and persistent databases (cassandra, elasticsearch)
--  kubernetes
--  restund (audio/video calling) servers ( see also :ref:`understand-restund`)
--  wire-server (API)
-   -  user accounts, authentication, conversations
-   -  assets handling (images, files, ...)
-   -  notifications over websocket
-   -  single-sign-on with SAML
-
--  wire-webapp
-
-   -  fully functioning web client (like ``https://app.wire.com``)
-
--  wire-account-pages
-
-   -  user account management (a few pages relating to e.g. password reset)
-
-What will not be installed?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
--  notifications over native push notification via `FCM <https://firebase.google.com/docs/cloud-messaging/>`__/`APNS <https://developer.apple.com/notifications/>`__
-
-What will not be installed by default?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-- 3rd party proxying - requires accounts with third-party providers
-- team-settings page for team management (including invitations, requires access to a private repository - get in touch with us for access)
-
-Getting support
-^^^^^^^^^^^^^^^^
-
-`Get in touch <https://wire.com/pricing/>`__.
-
-Next steps for high-available production installation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Your next step will be part 2, :ref:`ansible_vms`
diff --git a/docs/src/how-to/install/restund.md b/docs/src/how-to/install/restund.md
new file mode 100644
index 0000000000..90a616b105
--- /dev/null
+++ b/docs/src/how-to/install/restund.md
@@ -0,0 +1,80 @@
+(install-restund)=
+
+# Installing Restund
+
+## Background
+
+Restund servers allow two users on different networks to have a Wire audio or video call.
+
+Please refer to the following {ref}`section to better understand Restund and how it works <understand-restund>`.
+
+## Installation instructions
+
+To Install Restund, do the following:
+
+1. In your `hosts.ini` file, in the `[restund:vars]` section, set
+   the `restund_network_interface` to the name of the interface
+   you want restund to talk to clients on. This value defaults to the
+   `default_ipv4_address`, with a fallback to `eth0`.
+2. (optional) `restund_peer_udp_advertise_addr=Y.Y.Y.Y`: set this to
+   the IP to advertise for other restund servers if different than the
+   ip on the 'restund_network_interface'. If using
+   'restund_peer_udp_advertise_addr', make sure that UDP (!) traffic
+   from any restund server (including itself) can reach that IP (for
+   `restund <-> restund` communication). This should only be necessary
+   if you're installing restund on a VM that is reachable on a public IP
+   address but the process cannot bind to that public IP address
+   directly (e.g. on AWS VPC VM). If unset, `restund <-> restund` UDP
+   traffic will default to the IP in the `restund_network_interface`.
+
+```ini
+[all]
+(...)
+restund01         ansible_host=X.X.X.X
+
+(...)
+
+[all:vars]
+## Set the network interface name for restund to bind to if you have more than one network interface
+## If unset, defaults to the ansible_default_ipv4 (if defined) otherwise to eth0
+restund_network_interface = eth0
+
+(see `defaults/main.yml <https://github.com/wireapp/ansible-restund/blob/master/defaults/main.yml>`__ for a full list of variables to change if necessary)
+```
+
+3. Place a copy of the PEM formatted certificate and key you are going
+   to use for TLS communication to the restund server in
+   `/tmp/tls_cert_and_priv_key.pem`. Remove it after you have
+   completed deploying restund with ansible.
+4. Use Ansible to actually install using the restund playbook:
+
+```bash
+ansible-playbook -i hosts.ini restund.yml -vv
+```
+
+For information on setting up and using ansible-playbook to install Wire components, see {ref}`this page <ansible-vms>`.
+
+### Private Subnets
+
+By default, Restund is configured with a firewall that filters-out CIDR networks.
+
+If you need to enable Restund to connect to a CIDR addressed host or network, you can specify a list of private subnets in [CIDR format](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing), which will override Restund's firewall's default settings of filtering-out CIDR networks.
+
+You do this by setting the `restund_allowed_private_network_cidrs` option of the `[restund:vars]` section of the ansible inventory file ([for example this file](https://github.com/wireapp/wire-server-deploy/blob/master/ansible/inventory/prod/hosts.example.ini#L72)):
+
+```ini
+[restund:vars]
+## Set the network interface name for restund to bind to if you have more than one network interface
+## If unset, defaults to the ansible_default_ipv4 (if defined) otherwise to eth0
+# restund_network_interface = eth0
+restund_allowed_private_network_cidrs=192.168.0.1/32
+```
+
+This is needed, for example, to allow talking to the logging server if it is on a separate network:
+
+The private subnets only need to override the RFC-defined private networks, which Wire firewalls off by default:
+
+- 192.168.x.x
+- 10.x.x.x
+- 172.16.x.x - 172.31.x.x
+- Etc...
diff --git a/docs/src/how-to/install/restund.rst b/docs/src/how-to/install/restund.rst
deleted file mode 100644
index 732f0d0e26..0000000000
--- a/docs/src/how-to/install/restund.rst
+++ /dev/null
@@ -1,88 +0,0 @@
-.. _install-restund:
-
-Installing Restund
-==================
-
-Background
-~~~~~~~~~~
-
-Restund servers allow two users on different networks to have a Wire audio or video call.
-
-Please refer to the following :ref:`section to better understand Restund and how it works <understand-restund>`.
-
-Installation instructions
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To Install Restund, do the following:
-
-
-1. In your ``hosts.ini`` file, in the ``[restund:vars]`` section, set
-   the ``restund_network_interface`` to the name of the interface
-   you want restund to talk to clients on. This value defaults to the
-   ``default_ipv4_address``, with a fallback to ``eth0``.
-
-2. (optional) ``restund_peer_udp_advertise_addr=Y.Y.Y.Y``: set this to
-   the IP to advertise for other restund servers if different than the
-   ip on the 'restund_network_interface'. If using
-   'restund_peer_udp_advertise_addr', make sure that UDP (!) traffic
-   from any restund server (including itself) can reach that IP (for
-   ``restund <-> restund`` communication). This should only be necessary
-   if you're installing restund on a VM that is reachable on a public IP
-   address but the process cannot bind to that public IP address
-   directly (e.g. on AWS VPC VM). If unset, ``restund <-> restund`` UDP
-   traffic will default to the IP in the ``restund_network_interface``.
-
-.. code:: ini
-
-   [all]
-   (...)
-   restund01         ansible_host=X.X.X.X
-
-   (...)
-
-   [all:vars]
-   ## Set the network interface name for restund to bind to if you have more than one network interface
-   ## If unset, defaults to the ansible_default_ipv4 (if defined) otherwise to eth0
-   restund_network_interface = eth0
-
-   (see `defaults/main.yml <https://github.com/wireapp/ansible-restund/blob/master/defaults/main.yml>`__ for a full list of variables to change if necessary)
-
-3. Place a copy of the PEM formatted certificate and key you are going
-   to use for TLS communication to the restund server in
-   ``/tmp/tls_cert_and_priv_key.pem``. Remove it after you have
-   completed deploying restund with ansible.
-
-4. Use Ansible to actually install using the restund playbook:
-
-.. code:: bash
-
-   ansible-playbook -i hosts.ini restund.yml -vv
-
-For information on setting up and using ansible-playbook to install Wire components, see :ref:`this page <ansible_vms>`.
-
-Private Subnets
----------------
-
-By default, Restund is configured with a firewall that filters-out CIDR networks.
-
-If you need to enable Restund to connect to a CIDR addressed host or network, you can specify a list of private subnets in `CIDR format <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__, which will override Restund's firewall's default settings of filtering-out CIDR networks.
-
-You do this by setting the ``restund_allowed_private_network_cidrs`` option of the ``[restund:vars]`` section of the ansible inventory file (`for example this file <https://github.com/wireapp/wire-server-deploy/blob/master/ansible/inventory/prod/hosts.example.ini#L72>`__):
-
-.. code:: ini
-
-    [restund:vars]
-    ## Set the network interface name for restund to bind to if you have more than one network interface
-    ## If unset, defaults to the ansible_default_ipv4 (if defined) otherwise to eth0
-    # restund_network_interface = eth0
-    restund_allowed_private_network_cidrs=192.168.0.1/32
-
-This is needed, for example, to allow talking to the logging server if it is on a separate network: 
-
-The private subnets only need to override the RFC-defined private networks, which Wire firewalls off by default:
-
-* 192.168.x.x
-* 10.x.x.x
-* 172.16.x.x - 172.31.x.x 
-* Etc...
-
diff --git a/docs/src/how-to/install/sft.rst b/docs/src/how-to/install/sft.md
similarity index 67%
rename from docs/src/how-to/install/sft.rst
rename to docs/src/how-to/install/sft.md
index 2824d6827a..e4560c7216 100644
--- a/docs/src/how-to/install/sft.rst
+++ b/docs/src/how-to/install/sft.md
@@ -1,125 +1,116 @@
-.. _install-sft:
+(install-sft)=
 
-Installing Conference Calling 2.0 (aka SFT)
-===========================================
+# Installing Conference Calling 2.0 (aka SFT)
 
-Background
-~~~~~~~~~~
+## Background
 
-Please refer to the following :ref:`section to better understand SFT and how it works <understand-sft>`.
+Please refer to the following {ref}`section to better understand SFT and how it works <understand-sft>`.
 
+### As part of the wire-server umbrella chart
 
-As part of the wire-server umbrella chart
------------------------------------------
+`` sftd` `` will be installed as part of the `wire-server` umbrella chart if you set `tags.sftd: true`
 
-`sftd`` will be installed as part of the ``wire-server`` umbrella chart if you set `tags.sftd: true`
+In your `./values/wire-server/values.yaml` file you should set the following settings:
 
-In your ``./values/wire-server/values.yaml`` file you should set the following settings:
+```yaml
+tags:
+  sftd: true
 
-.. code:: yaml
+sftd:
+  host: sftd.example.com # Replace example.com with your domain
+  allowOrigin: webapp.example.com # Should be the address you used for the webapp deployment
+```
 
-   tags:
-     sftd: true
+In your `secrets.yaml` you should set the TLS keys for sftd domain:
 
-   sftd:
-     host: sftd.example.com # Replace example.com with your domain
-     allowOrigin: webapp.example.com # Should be the address you used for the webapp deployment
+```yaml
+sftd:
+  tls:
+    crt: |
+      <TLS CRT HERE>
+    key: |
+      <TLS KEY HERE>
+```
 
-In your ``secrets.yaml`` you should set the TLS keys for sftd domain:
+You should also make sure that you configure brig to know about the SFT server in your `./values/wire-server/values.yaml`  file:
 
-.. code:: yaml
-
-   sftd:
-     tls:
-       crt: |
-         <TLS CRT HERE>
-       key: |
-         <TLS KEY HERE>
-
-You should also make sure that you configure brig to know about the SFT server in your ``./values/wire-server/values.yaml``  file:
-
-.. code:: yaml
-
-   brig:
-     optSettings:
-       setSftStaticUrl: "https://sftd.example.com:443"
+```yaml
+brig:
+  optSettings:
+    setSftStaticUrl: "https://sftd.example.com:443"
+```
 
 Now you can deploy as usual:
 
-.. code:: shell
+```shell
+helm upgrade wire-server wire/wire-server --values ./values/wire-server/values.yaml
+```
 
-   helm upgrade wire-server wire/wire-server --values ./values/wire-server/values.yaml
-
-
-Standalone
-----------
+### Standalone
 
 The SFT component is also shipped as a separate helm chart. Installation is similar to installing
-the charts as in :ref:`helm_prod`.
+the charts as in {ref}`helm-prod`.
 
 Some people might want to run SFT separately, because the deployment lifecycle for the SFT is a bit more intricate. For example,
-if you want to avoid dropping calls during an upgrade, you'd set the ``terminationGracePeriodSeconds`` of the SFT to a high number, to wait
-for calls to drain before updating to the new version (See  `technical documentation <https://github.com/wireapp/wire-server/blob/develop/charts/sftd/README.md>`__).  that would cause your otherwise snappy upgrade of the ``wire-server`` chart to now take a long time, as it waits for all
-the SFT servers to drain. If this is a concern for you, we advice installing ``sftd`` as a separate chart.
-
-It is important that you disable ``sftd`` in the ``wire-server`` umbrella chart, by setting this in your ``./values/wire-server/values.yaml``  file
+if you want to avoid dropping calls during an upgrade, you'd set the `terminationGracePeriodSeconds` of the SFT to a high number, to wait
+for calls to drain before updating to the new version (See  [technical documentation](https://github.com/wireapp/wire-server/blob/develop/charts/sftd/README.md)).  that would cause your otherwise snappy upgrade of the `wire-server` chart to now take a long time, as it waits for all
+the SFT servers to drain. If this is a concern for you, we advice installing `sftd` as a separate chart.
 
-.. code:: yaml
+It is important that you disable `sftd` in the `wire-server` umbrella chart, by setting this in your `./values/wire-server/values.yaml`  file
 
-   tags:
-     sftd: false
+```yaml
+tags:
+  sftd: false
+```
 
+By default `sftd` doesn't need to set that many options, so we define them inline. However, you could of course also set these values in a `values.yaml` file.
 
-By default ``sftd`` doesn't need to set that many options, so we define them inline. However, you could of course also set these values in a ``values.yaml`` file.
+SFT will deploy a Kubernetes Ingress on `$SFTD_HOST`.  Make sure that the domain name `$SFTD_HOST` points to your ingress IP as set up in {ref}`helm-prod`.  The SFT also needs to be made aware of the domain name of the webapp that you set up in {ref}`helm-prod` for setting up the appropriate CSP headers.
 
-SFT will deploy a Kubernetes Ingress on ``$SFTD_HOST``.  Make sure that the domain name ``$SFTD_HOST`` points to your ingress IP as set up in :ref:`helm_prod`.  The SFT also needs to be made aware of the domain name of the webapp that you set up in :ref:`helm_prod` for setting up the appropriate CSP headers.
-
-.. code:: shell
-
-   export SFTD_HOST=sftd.example.com
-   export WEBAPP_HOST=webapp.example.com
+```shell
+export SFTD_HOST=sftd.example.com
+export WEBAPP_HOST=webapp.example.com
+```
 
 Now you can install the chart:
 
-.. code:: shell
-
-    helm upgrade --install sftd wire/sftd --set
-    helm install sftd wire/sftd  \
-      --set host=$SFTD_HOST \
-      --set allowOrigin=https://$WEBAPP_HOST \
-      --set-file tls.crt=/path/to/tls.crt \
-      --set-file tls.key=/path/to/tls.key
-
-You should also make sure that you configure brig to know about the SFT server, in the ``./values/wire-server/values.yaml`` file:
+```shell
+helm upgrade --install sftd wire/sftd --set
+helm install sftd wire/sftd  \
+  --set host=$SFTD_HOST \
+  --set allowOrigin=https://$WEBAPP_HOST \
+  --set-file tls.crt=/path/to/tls.crt \
+  --set-file tls.key=/path/to/tls.key
+```
 
-.. code:: yaml
+You should also make sure that you configure brig to know about the SFT server, in the `./values/wire-server/values.yaml` file:
 
-   brig:
-     optSettings:
-       setSftStaticUrl: "https://sftd.example.com:443"
+```yaml
+brig:
+  optSettings:
+    setSftStaticUrl: "https://sftd.example.com:443"
+```
 
-And then roll-out the change to the ``wire-server`` chart
+And then roll-out the change to the `wire-server` chart
 
-.. code:: shell
+```shell
+helm upgrade wire-server wire/wire-server --values ./values/wire-server/values.yaml
+```
 
-   helm upgrade wire-server wire/wire-server --values ./values/wire-server/values.yaml
+For more advanced setups please refer to the [technical documentation](https://github.com/wireapp/wire-server/blob/develop/charts/sftd/README.md).
 
-For more advanced setups please refer to the `technical documentation <https://github.com/wireapp/wire-server/blob/develop/charts/sftd/README.md>`__.
+(install-sft-firewall-rules)=
 
+### Firewall rules
 
-.. _install-sft-firewall-rules:
-
-Firewall rules
---------------
-
-The SFT allocates media addresses in the UDP :ref:`default port range <port-ranges>`. Ingress and
+The SFT allocates media addresses in the UDP {ref}`default port range <port-ranges>`. Ingress and
 egress traffic should be allowed for this range. Furthermore the SFT needs to be
-able to reach the :ref:`Restund server <understand-restund>`, as it uses STUN and TURN in cases the client
+able to reach the {ref}`Restund server <understand-restund>`, as it uses STUN and TURN in cases the client
 can not directly connect to the SFT. In practise this means the SFT should
-allow ingress and egress traffic on the UDP :ref:`default port range <port-ranges>` from and
-to both, clients and :ref:`Restund servers <understand-restund>`.
+allow ingress and egress traffic on the UDP {ref}`default port range <port-ranges>` from and
+to both, clients and {ref}`Restund servers <understand-restund>`.
 
-*For more information on this port range, how to read and change it, and how to configure your firewall, please see* :ref:`this note <port-ranges>`.
+*For more information on this port range, how to read and change it, and how to configure your firewall, please see* {ref}`this note <port-ranges>`.
 
 The SFT also has an HTTP interface for initializing (allocation) or joining (signaling) a call. This is exposed through
 the ingress controller as an HTTPS service.
@@ -131,6 +122,7 @@ An SFT instance does **not** communicate with other SFT instances, TURN does tal
 
 Recapitulation table:
 
+```{eval-rst}
 +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | Name                       | Origin      | Destination | Direction | Protocol | Ports                                                                       | Action (Policy)                      | Description                                                                                                                                                                                   |
 +============================+=============+=============+===========+==========+=============================================================================+======================================+===============================================================================================================================================================================================+
@@ -146,6 +138,6 @@ Recapitulation table:
 +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+                                                                                                                                                                                               |
 | Allowing SFT media egress  | Here        | Anny        | Outgoing  | UDP      | 32768-61000                                                                 | Allow                                |                                                                                                                                                                                               |
 +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+```
 
-
-*For more information, please refer to the source code of the Ansible role:* `sft-server <https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/tasks/traffic.yml>`__.
+*For more information, please refer to the source code of the Ansible role:* [sft-server](https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/tasks/traffic.yml).
diff --git a/docs/src/how-to/install/tls.md b/docs/src/how-to/install/tls.md
new file mode 100644
index 0000000000..f3a044597a
--- /dev/null
+++ b/docs/src/how-to/install/tls.md
@@ -0,0 +1,52 @@
+(tls)=
+
+# Configure TLS ciphers
+
+The following table lists recommended ciphers for TLS server setups, which should be used in wire deployments.
+
+| Cipher                        | Version | Wire default | [BSI TR-02102-2] | [Mozilla TLS Guideline] |
+| ----------------------------- | ------- | ------------ | ---------------- | ----------------------- |
+| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 | no           | **yes**          | intermediate            |
+| ECDHE-RSA-AES128-GCM-SHA256   | TLSv1.2 | no           | **yes**          | intermediate            |
+| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 | **yes**      | **yes**          | intermediate            |
+| ECDHE-RSA-AES256-GCM-SHA384   | TLSv1.2 | **yes**      | **yes**          | intermediate            |
+| ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 | no           | no               | intermediate            |
+| ECDHE-RSA-CHACHA20-POLY1305   | TLSv1.2 | no           | no               | intermediate            |
+| TLS_AES_128_GCM_SHA256        | TLSv1.3 | **yes**      | **yes**          | **modern**              |
+| TLS_AES_256_GCM_SHA384        | TLSv1.3 | **yes**      | **yes**          | **modern**              |
+| TLS_CHACHA20_POLY1305_SHA256  | TLSv1.3 | no           | no               | **modern**              |
+
+```{note}
+If you enable TLSv1.3, openssl does always enable the three default cipher suites for TLSv1.3.
+Therefore it is not necessary to add them to openssl based configurations.
+```
+
+(ingress-traffic)=
+
+## Ingress Traffic (wire-server)
+
+The list of TLS ciphers for incoming requests is limited by default to the [following](https://github.com/wireapp/wire-server/blob/master/charts/nginx-ingress-controller/values.yaml#L7) (for general server-certificates, both for federation and client API), and can be overridden on your installation if needed.
+
+## Egress Traffic (wire-server/federation)
+
+The list of TLS ciphers for outgoing federation requests is currently hardcoded, the list is [here](https://github.com/wireapp/wire-server/blob/master/services/federator/src/Federator/Remote.hs#L164-L180).
+
+## SFTD (ansible)
+
+The list of TLS ciphers for incoming SFT requests (and metrics) are defined in ansible templates [sftd.vhost.conf.j2](https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/templates/sftd.vhost.conf.j2#L19) and [metrics.vhost.conf.j2](https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/templates/metrics.vhost.conf.j2#L13).
+
+## SFTD (kubernetes)
+
+SFTD deployed via kubernetes uses `kubernetes.io/ingress` for ingress traffic, configured in [ingress.yaml](https://github.com/wireapp/wire-server/blob/develop/charts/sftd/templates/ingress.yaml).
+Kubernetes based deployments make use of the settings from {ref}`ingress-traffic`.
+
+## Restund (ansible)
+
+The list of TLS ciphers for "TLS over TCP" TURN (and metrics) are defined in ansible templates [nginx-stream.conf.j2](https://github.com/wireapp/ansible-restund/blob/master/templates/nginx-stream.conf.j2#L25) and [nginx-metrics.conf.j2](https://github.com/wireapp/ansible-restund/blob/master/templates/nginx-metrics.conf.j2#L15).
+
+## Restund (kubernetes)
+
+[Kubernetes restund](https://github.com/wireapp/wire-server/tree/develop/charts/restund) deployment does not provide TLS connectivity.
+
+[bsi tr-02102-2]: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf
+[mozilla tls guideline]: https://wiki.mozilla.org/Security/Server_Side_TLS
diff --git a/docs/src/how-to/install/tls.rst b/docs/src/how-to/install/tls.rst
deleted file mode 100644
index 8adac3d525..0000000000
--- a/docs/src/how-to/install/tls.rst
+++ /dev/null
@@ -1,60 +0,0 @@
-.. _tls:
-
-Configure TLS ciphers
-=======================
-
-The following table lists recommended ciphers for TLS server setups, which should be used in wire deployments.
-
-
-============================= ======= ============ ================= ========================
-Cipher                        Version Wire default `BSI TR-02102-2`_ `Mozilla TLS Guideline`_
-============================= ======= ============ ================= ========================
-ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 no           **yes**           intermediate
-ECDHE-RSA-AES128-GCM-SHA256   TLSv1.2 no           **yes**           intermediate
-ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 **yes**      **yes**           intermediate
-ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2 **yes**      **yes**           intermediate
-ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 no           no                intermediate
-ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 no           no                intermediate
-TLS_AES_128_GCM_SHA256        TLSv1.3 **yes**      **yes**           **modern**
-TLS_AES_256_GCM_SHA384        TLSv1.3 **yes**      **yes**           **modern**
-TLS_CHACHA20_POLY1305_SHA256  TLSv1.3 no           no                **modern**
-============================= ======= ============ ================= ========================
-
-
-.. _bsi tr-02102-2: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf
-.. _mozilla tls guideline: https://wiki.mozilla.org/Security/Server_Side_TLS
-
-.. note::
-   If you enable TLSv1.3, openssl does always enable the three default cipher suites for TLSv1.3.
-   Therefore it is not necessary to add them to openssl based configurations.
-
-.. _ingress traffic:
-
-Ingress Traffic (wire-server)
------------------------------
-The list of TLS ciphers for incoming requests is limited by default to the `following <https://github.com/wireapp/wire-server/blob/master/charts/nginx-ingress-controller/values.yaml#L7>`_ (for general server-certificates, both for federation and client API), and can be overridden on your installation if needed.
-
-
-Egress Traffic (wire-server/federation)
----------------------------------------
-The list of TLS ciphers for outgoing federation requests is currently hardcoded, the list is `here <https://github.com/wireapp/wire-server/blob/master/services/federator/src/Federator/Remote.hs#L164-L180>`_.
-
-
-SFTD (ansible)
---------------
-The list of TLS ciphers for incoming SFT requests (and metrics) are defined in ansible templates `sftd.vhost.conf.j2 <https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/templates/sftd.vhost.conf.j2#L19>`_ and `metrics.vhost.conf.j2 <https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/templates/metrics.vhost.conf.j2#L13>`_.
-
-SFTD (kubernetes)
------------------
-SFTD deployed via kubernetes uses ``kubernetes.io/ingress`` for ingress traffic, configured in `ingress.yaml <https://github.com/wireapp/wire-server/blob/develop/charts/sftd/templates/ingress.yaml>`_.
-Kubernetes based deployments make use of the settings from :ref:`ingress traffic`.
-
-
-Restund (ansible)
------------------
-
-The list of TLS ciphers for "TLS over TCP" TURN (and metrics) are defined in ansible templates `nginx-stream.conf.j2 <https://github.com/wireapp/ansible-restund/blob/master/templates/nginx-stream.conf.j2#L25>`_ and `nginx-metrics.conf.j2 <https://github.com/wireapp/ansible-restund/blob/master/templates/nginx-metrics.conf.j2#L15>`_.
-
-Restund (kubernetes)
---------------------
-`Kubernetes restund <https://github.com/wireapp/wire-server/tree/develop/charts/restund>`_ deployment does not provide TLS connectivity.
diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md
new file mode 100644
index 0000000000..7aa9f80479
--- /dev/null
+++ b/docs/src/how-to/install/troubleshooting.md
@@ -0,0 +1,265 @@
+# Troubleshooting during installation
+
+## Problems with CORS on the web based applications (webapp, team-settings, account-pages)
+
+If you have installed wire-server, but the web application page in your browser has connection problems and throws errors in the console such as `"Refused to connect to 'https://assets.example.com' because it violates the following Content Security Policies"`, make sure to check that you have configured the `CSP_EXTRA_` environment variables.
+
+In the file that you use as override when running `helm install/update -f <override values.yaml>` (using the webapp as an example):
+
+```yaml
+webapp:
+   # ... other settings...
+   envVars:
+     # ... other environment variables ...
+     CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com"
+     CSP_EXTRA_IMG_SRC: "https://*.example.com"
+     CSP_EXTRA_SCRIPT_SRC: "https://*.example.com"
+     CSP_EXTRA_DEFAULT_SRC: "https://*.example.com"
+     CSP_EXTRA_FONT_SRC: "https://*.example.com"
+     CSP_EXTRA_FRAME_SRC: "https://*.example.com"
+     CSP_EXTRA_MANIFEST_SRC: "https://*.example.com"
+     CSP_EXTRA_OBJECT_SRC: "https://*.example.com"
+     CSP_EXTRA_MEDIA_SRC: "https://*.example.com"
+     CSP_EXTRA_PREFETCH_SRC: "https://*.example.com"
+     CSP_EXTRA_STYLE_SRC: "https://*.example.com"
+     CSP_EXTRA_WORKER_SRC: "https://*.example.com"
+```
+
+For more info, you can have a look at respective charts values files, i.e.:
+
+> - [charts/account-pages/values.yaml](https://github.com/wireapp/wire-server/blob/develop/charts/account-pages/values.yaml)
+> - [charts/team-settings/values.yaml](https://github.com/wireapp/wire-server/blob/develop/charts/team-settings/values.yaml)
+> - [charts/webapp/values.yaml](https://github.com/wireapp/wire-server/blob/develop/charts/webapp/values.yaml)
+
+## Problems with ansible and python versions
+
+If for instance the following fails:
+
+```
+ansible all -i hosts.ini -m shell -a "echo hello"
+```
+
+If your target machine only has python 3 (not python 2.7), you can tell ansible to use python 3 by default, by specifying `ansible_python_interpreter`:
+
+```ini
+# hosts.ini
+
+[all]
+server1 ansible_host=1.2.3.4
+
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
+```
+
+(python 3 may not be supported by all ansible modules yet)
+
+## Flaky issues with Cassandra (failed QUORUMs, etc.)
+
+Cassandra is *very* picky about time! Ensure that NTP is properly set up on all nodes. Particularly for Cassandra *DO NOT* use anything else other than ntp. Here are some helpful blogs that explain why:
+
+> - <https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/>
+> - <https://blog.rapid7.com/2014/03/17/synchronizing-clocks-in-a-cassandra-cluster-pt-2-solutions/>
+> - <https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04>
+
+How can I ensure that I have correctly setup NTP on my machine(s)? Have a look at [this ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml)
+
+## I deployed `demo-smtp` but I'm not receiving any verification emails
+
+1. Check whether brig deployed successfully (brig pod(s) should be in state *Running*)
+
+   ```
+   kubectl get pods -o wide
+   ```
+
+2. Inspect Brig logs
+
+   ```
+   kubectl logs $BRING_POD_NAME
+   ```
+
+3. The receiving email server might refuse to accept any email sent by the `demo-smtp` server, due to not being
+   a trusted origin. You may want to set up one of the following email verification mechanisms.
+
+- [SFP](https://en.wikipedia.org/wiki/Sender_Policy_Framework)
+- [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail)
+- [DMARC](https://en.wikipedia.org/wiki/DMARC)
+
+4. You may want to adjust the SMTP configuration for Brig (`wire-server/[values,secrets].yaml`).
+
+```yaml
+brig:
+  config:
+    smtp:
+      host: 'demo-smtp'
+      port: 25
+      connType: 'plain'
+```
+
+```yaml
+brig:
+  secrets:
+    smtpPassword: dummyPassword
+```
+
+(Don't forget to apply the changes with `helm upgrade wire-server wire/wire-server -f values.yaml -f secrets.yaml`)
+
+## I deployed `demo-smtp` and I want to skip email configuration and retrieve verification codes directly
+
+If the only thing you need demo-smtp for is sending yourself verification codes to create a test account, it might be simpler and faster to just skip SMTP configuration, and simply retrieve the code internally right after it is sent, while it is in the outbound email queue.
+
+To do this, click create a user/account/team, or if you already have, click on `Resend Code`:
+
+```{figure} img/code-input.png
+The code input interface
+```
+
+Then run the following command
+
+```
+kubectl exec $(kubectl get pod -lapp=demo-smtp | grep demo | awk '{print $1;}') -- sh -c 'cat /var/spool/exim4/input/* | grep -Po "^\\d{6}$" '
+```
+
+Or step by step:
+
+1. Get the name of the pod
+
+   ```
+   kubectl get pod -lapp=demo-smtp
+   ```
+
+Which will give you a result that looks something like this
+
+```
+> kubectl get pod -lapp=demo-smtp
+NAME                         READY   STATUS    RESTARTS   AGE
+demo-smtp-85557f6877-qxk2p   1/1     Running   0          80m
+```
+
+In which case, the pod name is `demo-smtp-85557f6877-qxk2p`, which replaces \<name of pod> in the next command.
+
+2. Then get the content of emails and extract the code
+
+   ```
+   kubectl exec <name of pod> -- sh -c 'head -n 15 /var/spool/exim4/input/*  '
+   ```
+
+Which will give you the content of sent emails, including the code
+
+```
+> kubectl exec demo-smtp-85557f6877-qxk2p -- sh -c 'head -n 15 /var/spool/exim4/input/*  '
+==> /var/spool/exim4/input/1mECxm-000068-28-D <==
+1mECxm-000068-28-D
+--Y3mymuwB5Y
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+[https://wire=2Ecom/p/img/email/logo-email-black=2Epng]
+VERIFY YOUR EMAIL
+myemail@gmail=2Ecom was used to register on Wire=2E Enter this code to v=
+erify your email and create your account=2E
+022515
+```
+
+This means the code is `022515`, simply enter it in the interface.
+
+If the email has already been sent out, it's possible the queue will be empty.
+
+If that is the case, simply click the "Resend Code" link in the interface, then quickly re-send the command, a new email should now be present.
+
+## Obtaining Brig logs, and the format of different team/user events
+
+To obtain brig logs, simply run
+
+```
+kubectl logs $(kubectl get pods | grep brig | awk '{print $1;}' | head -n 1)
+```
+
+You will get log entries for various different types of events that happen, for example:
+
+1. User creation
+
+   ```
+   {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Creating user"]}
+   ```
+
+2. Activation key creation
+
+   ```
+   {"activation.code":"949721","activation.key":"p8o032Ljqhjgcea9R0AAnOeiUniGm63BrY9q_aeS1Cc=","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Activating"]}
+   ```
+
+3. Activation of a new user
+
+   ```
+   {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","User activated"]}
+   ```
+
+4. User indexing
+
+   ```
+   {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","logger":"index.brig","msgs":["I","Indexing user"]}
+   ```
+
+5. Team creation
+
+   ```
+   {"email_sha256":"a7ca34df62e3aa18e071e6bd4740009ce7a25278869badc1ad8f6afda792d427","team":"6ef03a2b-34b5-4b65-8d72-1e4fc7697553","user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","module":"Brig.API.Public","fn":"Brig.API.Public.createUser","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Sucessfully created user"]}
+   ```
+
+6. Invitation sent
+
+   ```
+   {"invitation_code":"hJuh1C1PzMkgtesAYZZ4SZrP5xO-xM_m","email_sha256":"eef48a690436699c653110387455a4afe93ce29febc348acd20f6605787956e6","team":"6ef03a2b-34b5-4b65-8d72-1e4fc7697553","module":"Brig.Team.API","fn":"Brig.Team.API.createInvitationPublic","request":"c43440074629d802a199464dd892cd92","msgs":["I","Succesfully created invitation"]}
+   ```
+
+## Diagnosing and addressing bad network/disconnect issues
+
+### Diagnosis
+
+If you are experiencing bad network/disconnection issues, here is how to obtain the cause from the client log files:
+
+In the Web client, the connection state handler logs the disconnected state as reported by WebRTC as:
+
+```
+flow(...): connection_handler: disconnected, starting disconnect timer
+```
+
+On mobile, the output in the log is slightly different:
+
+```
+pf(...): ice connection state: Disconnected
+```
+
+And when the timer expires and the connection is not re-established:
+
+```
+ecall(...): mf_restart_handler: triggering restart due to network drop
+```
+
+If the attempt to reconnect then fails you will likely see the following:
+
+```
+ecall(...): connection timeout after 10000 milliseconds
+```
+
+If the connection to the SFT ({ref}`understand-sft`) server is considered lost due to missing ping messages from a non-functionning or delayed data channel or a failure to receive/decrypt media you will see:
+
+```
+ccall(...): reconnect
+```
+
+Then followed by these values:
+
+```
+cp: received CONFPART message YES/NO
+da: decrypt attempted YES/NO
+ds: decrypt successful YES/NO
+att: number of reconnect attempts
+p: the expected ping (how many pings have not returned)
+```
+
+### Configuration
+
+Question: Are the connection values for bad networks/disconnect configurable on on-prem?
+
+Answer: The values are not currently configurable, they are built into the clients at compile time, we do have a mechanism for sending calling configs to the clients but these values are not currently there.
diff --git a/docs/src/how-to/install/troubleshooting.rst b/docs/src/how-to/install/troubleshooting.rst
deleted file mode 100644
index 79adc61f52..0000000000
--- a/docs/src/how-to/install/troubleshooting.rst
+++ /dev/null
@@ -1,255 +0,0 @@
-Troubleshooting during installation
--------------------------------------
-
-Problems with CORS on the web based applications (webapp, team-settings, account-pages)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If you have installed wire-server, but the web application page in your browser has connection problems and throws errors in the console such as `"Refused to connect to 'https://assets.example.com' because it violates the following Content Security Policies"`, make sure to check that you have configured the ``CSP_EXTRA_`` environment variables.
-
-In the file that you use as override when running ``helm install/update -f <override values.yaml>`` (using the webapp as an example):
-
-.. code:: yaml
-
-   webapp:
-      # ... other settings...
-      envVars:
-        # ... other environment variables ...
-        CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com"
-        CSP_EXTRA_IMG_SRC: "https://*.example.com"
-        CSP_EXTRA_SCRIPT_SRC: "https://*.example.com"
-        CSP_EXTRA_DEFAULT_SRC: "https://*.example.com"
-        CSP_EXTRA_FONT_SRC: "https://*.example.com"
-        CSP_EXTRA_FRAME_SRC: "https://*.example.com"
-        CSP_EXTRA_MANIFEST_SRC: "https://*.example.com"
-        CSP_EXTRA_OBJECT_SRC: "https://*.example.com"
-        CSP_EXTRA_MEDIA_SRC: "https://*.example.com"
-        CSP_EXTRA_PREFETCH_SRC: "https://*.example.com"
-        CSP_EXTRA_STYLE_SRC: "https://*.example.com"
-        CSP_EXTRA_WORKER_SRC: "https://*.example.com"
-
-For more info, you can have a look at respective charts values files, i.e.:
-
-  * `charts/account-pages/values.yaml <https://github.com/wireapp/wire-server/blob/develop/charts/account-pages/values.yaml>`__
-  * `charts/team-settings/values.yaml <https://github.com/wireapp/wire-server/blob/develop/charts/team-settings/values.yaml>`__
-  * `charts/webapp/values.yaml <https://github.com/wireapp/wire-server/blob/develop/charts/webapp/values.yaml>`__
-
-Problems with ansible and python versions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If for instance the following fails::
-
-    ansible all -i hosts.ini -m shell -a "echo hello"
-
-If your target machine only has python 3 (not python 2.7), you can tell ansible to use python 3 by default, by specifying `ansible_python_interpreter`:
-
-.. code:: ini
-
-   # hosts.ini
-
-   [all]
-   server1 ansible_host=1.2.3.4
-
-
-   [all:vars]
-   ansible_python_interpreter=/usr/bin/python3
-
-(python 3 may not be supported by all ansible modules yet)
-
-
-Flaky issues with Cassandra (failed QUORUMs, etc.)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Cassandra is *very* picky about time! Ensure that NTP is properly set up on all nodes. Particularly for Cassandra *DO NOT* use anything else other than ntp. Here are some helpful blogs that explain why:
-
- * https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/
- * https://blog.rapid7.com/2014/03/17/synchronizing-clocks-in-a-cassandra-cluster-pt-2-solutions/
- * https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04
-
-How can I ensure that I have correctly setup NTP on my machine(s)? Have a look at `this ansible playbook <https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml>`_
-
-
-I deployed ``demo-smtp`` but I'm not receiving any verification emails
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-1. Check whether brig deployed successfully (brig pod(s) should be in state *Running*) ::
-
-    kubectl get pods -o wide
-
-2. Inspect Brig logs ::
-
-    kubectl logs $BRING_POD_NAME
-
-3. The receiving email server might refuse to accept any email sent by the `demo-smtp` server, due to not being
-   a trusted origin. You may want to set up one of the following email verification mechanisms.
-
-* `SFP <https://en.wikipedia.org/wiki/Sender_Policy_Framework>`__
-* `DKIM <https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>`__
-* `DMARC <https://en.wikipedia.org/wiki/DMARC>`__
-
-
-4. You may want to adjust the SMTP configuration for Brig (``wire-server/[values,secrets].yaml``).
-
-.. code:: yaml
-
-    brig:
-      config:
-        smtp:
-          host: 'demo-smtp'
-          port: 25
-          connType: 'plain'
-
-
-.. code:: yaml
-
-    brig:
-      secrets:
-        smtpPassword: dummyPassword
-
-(Don't forget to apply the changes with ``helm upgrade wire-server wire/wire-server -f values.yaml -f secrets.yaml``)
-
-I deployed ``demo-smtp`` and I want to skip email configuration and retrieve verification codes directly
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If the only thing you need demo-smtp for is sending yourself verification codes to create a test account, it might be simpler and faster to just skip SMTP configuration, and simply retrieve the code internally right after it is sent, while it is in the outbound email queue.
-
-To do this, click create a user/account/team, or if you already have, click on ``Resend Code``:
-
-.. figure:: img/code-input.png
-
-    The code input interface
-
-Then run the following command ::
-
-    kubectl exec $(kubectl get pod -lapp=demo-smtp | grep demo | awk '{print $1;}') -- sh -c 'cat /var/spool/exim4/input/* | grep -Po "^\\d{6}$" '
-
-Or step by step:
-
-1. Get the name of the pod ::
-
-    kubectl get pod -lapp=demo-smtp
-
-Which will give you a result that looks something like this :: 
-
-    > kubectl get pod -lapp=demo-smtp            
-    NAME                         READY   STATUS    RESTARTS   AGE
-    demo-smtp-85557f6877-qxk2p   1/1     Running   0          80m
-
-In which case, the pod name is ``demo-smtp-85557f6877-qxk2p``, which replaces <name of pod> in the next command.
-
-2. Then get the content of emails and extract the code ::
-
-    kubectl exec <name of pod> -- sh -c 'head -n 15 /var/spool/exim4/input/*  '
-
-Which will give you the content of sent emails, including the code ::
-
-    > kubectl exec demo-smtp-85557f6877-qxk2p -- sh -c 'head -n 15 /var/spool/exim4/input/*  '
-    ==> /var/spool/exim4/input/1mECxm-000068-28-D <==
-    1mECxm-000068-28-D
-    --Y3mymuwB5Y
-    Content-Type: text/plain; charset=utf-8
-    Content-Transfer-Encoding: quoted-printable
-    [https://wire=2Ecom/p/img/email/logo-email-black=2Epng]
-    VERIFY YOUR EMAIL
-    myemail@gmail=2Ecom was used to register on Wire=2E Enter this code to v=
-    erify your email and create your account=2E
-    022515
-
-This means the code is ``022515``, simply enter it in the interface.
-
-If the email has already been sent out, it's possible the queue will be empty. 
-
-If that is the case, simply click the "Resend Code" link in the interface, then quickly re-send the command, a new email should now be present.
-  
-Obtaining Brig logs, and the format of different team/user events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To obtain brig logs, simply run ::
-
-    kubectl logs $(kubectl get pods | grep brig | awk '{print $1;}' | head -n 1)
-
-You will get log entries for various different types of events that happen, for example:
-
-1. User creation :: 
-
-    {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Creating user"]}
-
-2. Activation key creation :: 
-
-    {"activation.code":"949721","activation.key":"p8o032Ljqhjgcea9R0AAnOeiUniGm63BrY9q_aeS1Cc=","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Activating"]} 
-
-3. Activation of a new user :: 
-
-    {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","User activated"]} 
-
-4. User indexing :: 
-
-    {"user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","logger":"index.brig","msgs":["I","Indexing user"]} 
-
-5. Team creation :: 
-
-    {"email_sha256":"a7ca34df62e3aa18e071e6bd4740009ce7a25278869badc1ad8f6afda792d427","team":"6ef03a2b-34b5-4b65-8d72-1e4fc7697553","user":"24bdd52e-af33-400c-8e47-d16bf8695dbd","module":"Brig.API.Public","fn":"Brig.API.Public.createUser","request":"c0575ff5a2d61bfc2be21e77260fccab","msgs":["I","Sucessfully created user"]}
-
-6. Invitation sent :: 
-
-    {"invitation_code":"hJuh1C1PzMkgtesAYZZ4SZrP5xO-xM_m","email_sha256":"eef48a690436699c653110387455a4afe93ce29febc348acd20f6605787956e6","team":"6ef03a2b-34b5-4b65-8d72-1e4fc7697553","module":"Brig.Team.API","fn":"Brig.Team.API.createInvitationPublic","request":"c43440074629d802a199464dd892cd92","msgs":["I","Succesfully created invitation"]} 
-
-Diagnosing and addressing bad network/disconnect issues
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Diagnosis
-=========
-
-If you are experiencing bad network/disconnection issues, here is how to obtain the cause from the client log files:
-
-In the Web client, the connection state handler logs the disconnected state as reported by WebRTC as:
-
-.. code::
-
-    flow(...): connection_handler: disconnected, starting disconnect timer
-
-On mobile, the output in the log is slightly different:
-
-.. code::
-
-    pf(...): ice connection state: Disconnected
-
-And when the timer expires and the connection is not re-established:
-
-.. code::
-    
-    ecall(...): mf_restart_handler: triggering restart due to network drop
-
-If the attempt to reconnect then fails you will likely see the following:
-
-.. code::
-
-    ecall(...): connection timeout after 10000 milliseconds
-
-If the connection to the SFT (:ref:`understand-sft`) server is considered lost due to missing ping messages from a non-functionning or delayed data channel or a failure to receive/decrypt media you will see:
-
-.. code::
-
-    ccall(...): reconnect
-
-Then followed by these values:
-
-.. code::
-
-    cp: received CONFPART message YES/NO
-    da: decrypt attempted YES/NO
-    ds: decrypt successful YES/NO
-    att: number of reconnect attempts
-    p: the expected ping (how many pings have not returned)
-
-Configuration
-=============
-
-Question: Are the connection values for bad networks/disconnect configurable on on-prem?
-
-Answer: The values are not currently configurable, they are built into the clients at compile time, we do have a mechanism for sending calling configs to the clients but these values are not currently there.
-
-
-
-
-
-
diff --git a/docs/src/how-to/install/version-requirements.md b/docs/src/how-to/install/version-requirements.md
new file mode 100644
index 0000000000..dc9cccc8f9
--- /dev/null
+++ b/docs/src/how-to/install/version-requirements.md
@@ -0,0 +1,28 @@
+# Required/Supported versions
+
+*Updated: 26.04.2021*
+
+```{warning}
+If you already installed Wire by using `poetry`, please refer to the
+[old version](https://docs.wire.com/versions/install-with-poetry/how-to/index.html) of
+the installation guide.
+```
+
+## Persistence
+
+- Cassandra: 3.11 (OpenJDK 8)
+- Elasticsearch: 6.6.0
+- Minio
+  : - server: latest (tested v2020-03-25)
+    - client: latest (tested v2020-03-14)
+
+### Infrastructure
+
+- Ubuntu: 18.04
+- Docker: latest
+- Kubernetes: 1.19.7
+
+### Automation
+
+- Ansible: 2.9
+- Helm: >= v3
diff --git a/docs/src/how-to/install/version-requirements.rst b/docs/src/how-to/install/version-requirements.rst
deleted file mode 100644
index 3c204404bb..0000000000
--- a/docs/src/how-to/install/version-requirements.rst
+++ /dev/null
@@ -1,35 +0,0 @@
-Required/Supported versions
-===========================
-
-*Updated: 26.04.2021*
-
-.. warning::
-
-    If you already installed Wire by using ``poetry``, please refer to the
-    `old version </versions/install-with-poetry/how-to/install/version-requirements.html>`__ of
-    the installation guide.
-
-
-Persistence
-~~~~~~~~~~~
-
-- Cassandra: 3.11 (OpenJDK 8)
-- Elasticsearch: 6.6.0
-- Minio
-    - server: latest (tested v2020-03-25)
-    - client: latest (tested v2020-03-14)
-
-
-Infrastructure
---------------
-
-- Ubuntu: 18.04
-- Docker: latest
-- Kubernetes: 1.19.7
-
-
-Automation
-----------
-
-- Ansible: 2.9
-- Helm: >= v3
diff --git a/docs/src/how-to/post-install/index.rst b/docs/src/how-to/post-install/index.md
similarity index 53%
rename from docs/src/how-to/post-install/index.rst
rename to docs/src/how-to/post-install/index.md
index 4a7420aa23..2dd2009af9 100644
--- a/docs/src/how-to/post-install/index.rst
+++ b/docs/src/how-to/post-install/index.md
@@ -1,15 +1,15 @@
-.. _checks:
+(checks)=
 
-Verifying your wire-server installation
-=======================================
+# Verifying your wire-server installation
 
 After a successful installation of wire-server and its components, there are some useful checks to be run to ensure the proper functioning of the system. Here's a non-exhaustive list of checks to run on the hosts:
 
 NOTE: This page is a work in progress, more sections to be added soon.
 
-.. toctree::
-   :maxdepth: 1
-   :glob:
+```{toctree}
+:glob: true
+:maxdepth: 1
 
-    Verifying NTP <ntp-check.rst>
-    Verifying data retention for logs don't exceed 72 hours <logrotation-check.rst>
+ Verifying NTP <ntp-check.rst>
+ Verifying data retention for logs don't exceed 72 hours <logrotation-check.rst>
+```
diff --git a/docs/src/how-to/post-install/logrotation-check.md b/docs/src/how-to/post-install/logrotation-check.md
new file mode 100644
index 0000000000..17bcdde7db
--- /dev/null
+++ b/docs/src/how-to/post-install/logrotation-check.md
@@ -0,0 +1,81 @@
+(logrotation-check)=
+
+# Logs and Data Protection checks
+
+On Wire.com, we keep logs for a maximum of 72 hours as described in the [privacy whitepaper](https://wire.com/en/security/)
+
+We recommend you do the same and limit the amount of logs kept on your servers.
+
+## How can I see how far in the past access logs are still available on my servers?
+
+Look at the timestamps of your earliest nginz logs:
+
+```sh
+export NAMESPACE=default # this may be 'default' or 'wire'
+kubectl -n "$NAMESPACE" get pods | grep nginz
+# choose one of the resulting names, it might be named e.g. nginz-6d75755c5c-h9fwn
+kubectl -n "$NAMESPACE" logs <name-from-previous-command> -c nginz | head -10
+```
+
+If the timestamp is more than 3 days in the past, your logs are kept for unnecessary long amount of time and you should configure log rotation.
+
+### I used your ansible scripts and prefer to have the default 72 hour maximum log availability configured automatically.
+
+You can use [the kubernetes_logging.yml ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/kubernetes_logging.yml)
+
+### I am not using ansible and like to SSH into hosts and configure things manually
+
+SSH into one of your kubernetes worker machines.
+
+If you installed as per the instructions on docs.wire.com, then the default logging strategy is `json-file` with `--log-opt max-size=50m --log-opt max-file=5` storing logs in files under `/var/lib/docker/containers/<container-id>/<container-id>.log`. You can check this with these commands:
+
+```sh
+docker info --format '{{.LoggingDriver}}'
+ps aux | grep log-opt
+```
+
+(Options configured in `/etc/systemd/system/docker.service.d/docker-options.conf`)
+
+The default will thus keep your logs around until reaching 250 MB per pod, which is far longer than three days. Since docker logs don't allow a time-based log rotation, we can instead make use of [logrotate](https://linux.die.net/man/8/logrotate) to rotate logs for us.
+
+Create the file `/etc/logrotate.d/podlogs` with the following contents:
+
+% NOTE: in case you change these docs, also make sure to update the actual code
+% under https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/kubernetes_logging.yml
+
+```
+"/var/lib/docker/containers/*/*.log"
+{
+  daily
+  missingok
+  rotate 2
+  maxage 1
+  copytruncate
+  nocreate
+  nocompress
+  }
+```
+
+Repeat the same for all the other kubernetes worker machines, the file needs to exist on all of them.
+
+There should already be a cron job for logrotate for other parts of the system, so this should be sufficent, you can stop here.
+
+You can check for the cron job with:
+
+```
+ls /etc/cron.daily/logrotate
+```
+
+And you can manually run a log rotation using:
+
+```
+/usr/sbin/logrotate -v /etc/logrotate.conf
+```
+
+If you want to clear out old logs entirely now, you can force log rotation three times (again, on all kubernetes machines):
+
+```
+/usr/sbin/logrotate -v -f /etc/logrotate.conf
+/usr/sbin/logrotate -v -f /etc/logrotate.conf
+/usr/sbin/logrotate -v -f /etc/logrotate.conf
+```
diff --git a/docs/src/how-to/post-install/logrotation-check.rst b/docs/src/how-to/post-install/logrotation-check.rst
deleted file mode 100644
index 6094d6d3a3..0000000000
--- a/docs/src/how-to/post-install/logrotation-check.rst
+++ /dev/null
@@ -1,79 +0,0 @@
-.. _logrotation-check:
-
-Logs and Data Protection checks
-===============================
-
-On Wire.com, we keep logs for a maximum of 72 hours as described in the `privacy whitepaper <https://wire.com/en/security/>`_
-
-We recommend you do the same and limit the amount of logs kept on your servers.
-
-How can I see how far in the past access logs are still available on my servers?
---------------------------------------------------------------------------------
-
-Look at the timestamps of your earliest nginz logs:
-
-.. code:: sh
-
-   export NAMESPACE=default # this may be 'default' or 'wire'
-   kubectl -n "$NAMESPACE" get pods | grep nginz
-   # choose one of the resulting names, it might be named e.g. nginz-6d75755c5c-h9fwn
-   kubectl -n "$NAMESPACE" logs <name-from-previous-command> -c nginz | head -10
-
-If the timestamp is more than 3 days in the past, your logs are kept for unnecessary long amount of time and you should configure log rotation.
-
-I used your ansible scripts and prefer to have the default 72 hour maximum log availability configured automatically.
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-You can use `the kubernetes_logging.yml ansible playbook <https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/kubernetes_logging.yml>`_
-
-I am not using ansible and like to SSH into hosts and configure things manually
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-SSH into one of your kubernetes worker machines.
-
-If you installed as per the instructions on docs.wire.com, then the default logging strategy is ``json-file`` with ``--log-opt max-size=50m --log-opt max-file=5`` storing logs in files under ``/var/lib/docker/containers/<container-id>/<container-id>.log``. You can check this with these commands:
-
-.. code:: sh
-
-   docker info --format '{{.LoggingDriver}}'
-   ps aux | grep log-opt
-
-(Options configured in ``/etc/systemd/system/docker.service.d/docker-options.conf``)
-
-The default will thus keep your logs around until reaching 250 MB per pod, which is far longer than three days. Since docker logs don't allow a time-based log rotation, we can instead make use of `logrotate <https://linux.die.net/man/8/logrotate>`__ to rotate logs for us.
-
-Create the file ``/etc/logrotate.d/podlogs`` with the following contents:
-
-..
-   NOTE: in case you change these docs, also make sure to update the actual code
-   under https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/kubernetes_logging.yml
-.. code::
-
-   "/var/lib/docker/containers/*/*.log"
-   {
-     daily
-     missingok
-     rotate 2
-     maxage 1
-     copytruncate
-     nocreate
-     nocompress
-     }
-
-Repeat the same for all the other kubernetes worker machines, the file needs to exist on all of them.
-
-There should already be a cron job for logrotate for other parts of the system, so this should be sufficent, you can stop here.
-
-You can check for the cron job with::
-
-   ls /etc/cron.daily/logrotate
-
-And you can manually run a log rotation using::
-
-   /usr/sbin/logrotate -v /etc/logrotate.conf
-
-If you want to clear out old logs entirely now, you can force log rotation three times (again, on all kubernetes machines)::
-
-   /usr/sbin/logrotate -v -f /etc/logrotate.conf
-   /usr/sbin/logrotate -v -f /etc/logrotate.conf
-   /usr/sbin/logrotate -v -f /etc/logrotate.conf
diff --git a/docs/src/how-to/post-install/ntp-check.md b/docs/src/how-to/post-install/ntp-check.md
new file mode 100644
index 0000000000..f093998eea
--- /dev/null
+++ b/docs/src/how-to/post-install/ntp-check.md
@@ -0,0 +1,44 @@
+(ntp-check)=
+
+# NTP Checks
+
+Ensure that NTP is properly set up on all nodes. Particularly for Cassandra **DO NOT** use anything else other than ntp. Here are some helpful blogs that explain why:
+
+> - <https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/>
+> - <https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04>
+
+## How can I see if NTP is correctly set up?
+
+This is an important part of your setup, particularly for your Cassandra nodes. You should use `ntpd` and our ansible scripts to ensure it is installed correctly - but you can still check it manually if you prefer. The following 2 sub-sections explain both approaches.
+
+### I used your ansible scripts and prefer to have automated checks
+
+Then the easiest way is to use [this ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml)
+
+### I am not using ansible and like to SSH into hosts and checking things manually
+
+The following shows how to check for existing servers connected to (assumes `ntpq` is installed)
+
+```sh
+ntpq -pn
+```
+
+which should yield something like this:
+
+```sh
+     remote           refid      st t when poll reach   delay   offset  jitter
+==============================================================================
+ time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
++<IP_ADDR_1>      <IP_ADDR_N>      2 u  498  512  377    0.759    0.039   0.081
+*<IP_ADDR_2>      <IP_ADDR_N>      2 u  412  512  377    1.251   -0.670   0.063
+```
+
+if your output shows \_ONLY\_ the entry with a `.POOL.` as `refid` and a lot of 0s, something is probably wrong, i.e.:
+
+```sh
+     remote           refid      st t when poll reach   delay   offset  jitter
+==============================================================================
+ time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
+```
+
+What should you do if this is the case? Ensure that `ntp` is installed and that the servers in the pool (typically at `/etc/ntp.conf`) are reachable.
diff --git a/docs/src/how-to/post-install/ntp-check.rst b/docs/src/how-to/post-install/ntp-check.rst
deleted file mode 100644
index 09b3852e62..0000000000
--- a/docs/src/how-to/post-install/ntp-check.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. _ntp-check:
-
-NTP Checks
-==========
-
-Ensure that NTP is properly set up on all nodes. Particularly for Cassandra **DO NOT** use anything else other than ntp. Here are some helpful blogs that explain why:
-
- * https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/
- * https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04
-
-How can I see if NTP is correctly set up?
------------------------------------------
-
-This is an important part of your setup, particularly for your Cassandra nodes. You should use `ntpd` and our ansible scripts to ensure it is installed correctly - but you can still check it manually if you prefer. The following 2 sub-sections explain both approaches.
-
-I used your ansible scripts and prefer to have automated checks
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Then the easiest way is to use `this ansible playbook <https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml>`_
-
-I am not using ansible and like to SSH into hosts and checking things manually
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following shows how to check for existing servers connected to (assumes `ntpq` is installed)
-
-.. code:: sh
-
-  ntpq -pn
-
-which should yield something like this:
-
-.. code:: sh
-
-        remote           refid      st t when poll reach   delay   offset  jitter
-   ==============================================================================
-    time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-   +<IP_ADDR_1>      <IP_ADDR_N>      2 u  498  512  377    0.759    0.039   0.081
-   *<IP_ADDR_2>      <IP_ADDR_N>      2 u  412  512  377    1.251   -0.670   0.063
-
-if your output shows _ONLY_ the entry with a `.POOL.` as `refid` and a lot of 0s, something is probably wrong, i.e.:
-
-.. code:: sh
-
-        remote           refid      st t when poll reach   delay   offset  jitter
-   ==============================================================================
-    time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-
-What should you do if this is the case? Ensure that `ntp` is installed and that the servers in the pool (typically at `/etc/ntp.conf`) are reachable.
diff --git a/docs/src/how-to/single-sign-on/adfs/main.md b/docs/src/how-to/single-sign-on/adfs/main.md
new file mode 100644
index 0000000000..2e48fd531b
--- /dev/null
+++ b/docs/src/how-to/single-sign-on/adfs/main.md
@@ -0,0 +1,41 @@
+# How to set up SSO integration with ADFS
+
+This is being used in production by some of our customers, but not
+documented.  We do have a few out-of-context screenshots, which we
+provide here in the hope they may help.
+
+```{image} fig-00.jpg
+```
+
+```{image} fig-01.jpg
+```
+
+```{image} fig-02.jpg
+```
+
+```{image} fig-03.jpg
+```
+
+```{image} fig-04.jpg
+```
+
+```{image} fig-05.jpg
+```
+
+```{image} fig-06.jpg
+```
+
+```{image} fig-07.jpg
+```
+
+```{image} fig-08.jpg
+```
+
+```{image} fig-09.jpg
+```
+
+```{image} fig-10.jpg
+```
+
+```{image} fig-11.jpg
+```
diff --git a/docs/src/how-to/single-sign-on/adfs/main.rst b/docs/src/how-to/single-sign-on/adfs/main.rst
deleted file mode 100644
index 53155b14d8..0000000000
--- a/docs/src/how-to/single-sign-on/adfs/main.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-How to set up SSO integration with ADFS
-=======================================
-
-This is being used in production by some of our customers, but not
-documented.  We do have a few out-of-context screenshots, which we
-provide here in the hope they may help.
-
-.. image:: fig-00.jpg
-.. image:: fig-01.jpg
-.. image:: fig-02.jpg
-.. image:: fig-03.jpg
-.. image:: fig-04.jpg
-.. image:: fig-05.jpg
-.. image:: fig-06.jpg
-.. image:: fig-07.jpg
-.. image:: fig-08.jpg
-.. image:: fig-09.jpg
-.. image:: fig-10.jpg
-.. image:: fig-11.jpg
diff --git a/docs/src/how-to/single-sign-on/azure/main.md b/docs/src/how-to/single-sign-on/azure/main.md
new file mode 100644
index 0000000000..dbd0338907
--- /dev/null
+++ b/docs/src/how-to/single-sign-on/azure/main.md
@@ -0,0 +1,92 @@
+# How to set up SSO integration with Microsoft Azure
+
+## Preprequisites
+
+- <http://azure.microsoft.com> account, admin access to that account
+- See also {ref}`sso-generic-setup`.
+
+## Steps
+
+### Azure setup
+
+Go to <https://portal.azure.com/>, and click on 'Azure Active Directory'
+in the menu to your left, then on 'Enterprise Applications':
+
+```{image} 01.png
+```
+
+Click on 'New Application':
+
+```{image} 02.png
+```
+
+Select 'Non-gallery application':
+
+```{image} 03.png
+```
+
+Fill in user-facing app name, then click 'add':
+
+```{image} 04.png
+```
+
+The app is now created.  If you get lost, you can always get back to
+it by selecting its name from the enterprise applications list you've
+already visited above.
+
+Click on 'Configure single sign-on'.
+
+```{image} 05.png
+```
+
+Select SAML:
+
+```{image} 06.png
+```
+
+On the next page, you find a link to a configuration guide which you
+can consult if you have any azure-specific questions.  Or you can go
+straight to adding the two config parameters you need:
+
+```{image} 07.png
+```
+
+Enter <https://prod-nginz-https.wire.com/sso/finalize-login> for both identity and reply url.  Save.
+
+```{image} 08.png
+```
+
+Click on 'test later':
+
+```{image} 09.png
+```
+
+Finally, you need to assign users to the newly created and configured application:
+
+```{image} 11.png
+```
+
+```{image} 12.png
+```
+
+```{image} 13.png
+```
+
+```{image} 14.png
+```
+
+```{image} 15.png
+```
+
+And that's it!  You are now ready to set up your wire team for SAML SSO with the XML metadata file you downloaed above.
+
+## Further reading
+
+- technical concepts overview:
+  : - <https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-protocol-reference>
+    - <https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol>
+- how to create an app:
+  : - <https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app>
+- how to configure SAML2.0 SSO:
+  : - <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#saml-sso>
+    - <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications>
diff --git a/docs/src/how-to/single-sign-on/azure/main.rst b/docs/src/how-to/single-sign-on/azure/main.rst
deleted file mode 100644
index 02115a753f..0000000000
--- a/docs/src/how-to/single-sign-on/azure/main.rst
+++ /dev/null
@@ -1,82 +0,0 @@
-How to set up SSO integration with Microsoft Azure
-==================================================
-
-Preprequisites
---------------
-
-- http://azure.microsoft.com account, admin access to that account
-- See also :ref:`SSO generic setup`.
-
-Steps
------
-
-Azure setup
-^^^^^^^^^^^
-
-Go to https://portal.azure.com/, and click on 'Azure Active Directory'
-in the menu to your left, then on 'Enterprise Applications':
-
-.. image:: 01.png
-
-Click on 'New Application':
-
-.. image:: 02.png
-
-Select 'Non-gallery application':
-
-.. image:: 03.png
-
-Fill in user-facing app name, then click 'add':
-
-.. image:: 04.png
-
-The app is now created.  If you get lost, you can always get back to
-it by selecting its name from the enterprise applications list you've
-already visited above.
-
-Click on 'Configure single sign-on'.
-
-.. image:: 05.png
-
-Select SAML:
-
-.. image:: 06.png
-
-On the next page, you find a link to a configuration guide which you
-can consult if you have any azure-specific questions.  Or you can go
-straight to adding the two config parameters you need:
-
-.. image:: 07.png
-
-Enter https://prod-nginz-https.wire.com/sso/finalize-login for both identity and reply url.  Save.
-
-.. image:: 08.png
-
-Click on 'test later':
-
-.. image:: 09.png
-
-Finally, you need to assign users to the newly created and configured application:
-
-.. image:: 11.png
-.. image:: 12.png
-.. image:: 13.png
-.. image:: 14.png
-.. image:: 15.png
-
-And that's it!  You are now ready to set up your wire team for SAML SSO with the XML metadata file you downloaed above.
-
-
-Further reading
----------------
-
-- technical concepts overview:
-    - https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-protocol-reference
-    - https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
-
-- how to create an app:
-    - https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
-
-- how to configure SAML2.0 SSO:
-    - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#saml-sso
-    - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
diff --git a/docs/src/how-to/single-sign-on/centrify/main.rst b/docs/src/how-to/single-sign-on/centrify/main.md
similarity index 55%
rename from docs/src/how-to/single-sign-on/centrify/main.rst
rename to docs/src/how-to/single-sign-on/centrify/main.md
index 12d6d530fd..ed88ba6668 100644
--- a/docs/src/how-to/single-sign-on/centrify/main.rst
+++ b/docs/src/how-to/single-sign-on/centrify/main.md
@@ -1,46 +1,48 @@
-How to set up SSO integration with Centrify
-===========================================
+# How to set up SSO integration with Centrify
 
-Preprequisites
---------------
+## Preprequisites
 
-- http://centrify.com account, admin access to that account
-- See also :ref:`SSO generic setup`.
+- <http://centrify.com> account, admin access to that account
+- See also {ref}`sso-generic-setup`.
 
-Steps
------
+## Steps
 
-Centrify setup
-^^^^^^^^^^^^^^
+### Centrify setup
 
 - Log in into Centrify web interface
 - Navigate to "Web Apps"
 - Click "Add Web Apps"
 
-.. image:: 001.png
+```{image} 001.png
+```
 
-----
+______________________________________________________________________
 
 - Create a new custom SAML application
 
-.. image:: 002.png
+```{image} 002.png
+```
 
-----
+______________________________________________________________________
 
 - Confirm...
 
-.. image:: 003.png
+```{image} 003.png
+```
 
-----
+______________________________________________________________________
 
 - Wait a few moments until the UI has rendered the `Settings` tab of your newly created Web App.
 - Enter at least a name, plus any other information you want to keep about this new Web App.
 - Then click on `Save`.
 
-.. image:: 004.png
-.. image:: 005.png
+```{image} 004.png
+```
 
-----
+```{image} 005.png
+```
+
+______________________________________________________________________
 
 - Move to the `Trust` tab.  This is where the SP metadata (everything centrify wants to know about wire, or Service Provider) and the IdP metadata (everything wire needs to know about centrify, or Identity Provider) can be found.
 - Enter `https://prod-nginz-https.wire.com/sso/finalize-login` as the SP metadata url.
@@ -48,25 +50,33 @@ Centrify setup
 - You can see the metadata appear in the form below the `Load` button.
 - Click on `Save`.
 
-.. image:: 006.png
+```{image} 006.png
+```
 
-----
+______________________________________________________________________
 
 - Scroll down the `Trust` tab until you find the button to download the IdP metadata.
 - Store it in a file (eg. `my-wire-idp.xml`).  You will need this file to set up your wire team for SSO.
 
-.. image:: 007.png
+```{image} 007.png
+```
 
-----
+______________________________________________________________________
 
 - Move to the `Permissions` tab and add at least one user.
 
-.. image:: 008.png
-.. image:: 009.png
-.. image:: 010.png
+```{image} 008.png
+```
+
+```{image} 009.png
+```
+
+```{image} 010.png
+```
 
-----
+______________________________________________________________________
 
 - If you see the status `Deployed` in the header of the `Web App` setup page, your users are ready to login.
 
-.. image:: 011.png
+```{image} 011.png
+```
diff --git a/docs/src/how-to/single-sign-on/generic-setup.md b/docs/src/how-to/single-sign-on/generic-setup.md
new file mode 100644
index 0000000000..d455899cca
--- /dev/null
+++ b/docs/src/how-to/single-sign-on/generic-setup.md
@@ -0,0 +1,37 @@
+(sso-generic-setup)=
+
+# How to set up SSO integration with your IdP
+
+## Preprequisites
+
+- An account with your SAML IdP, admin access to that account
+- Wire team, admin access to that team
+- If your team is hosted at wire.com:
+  : - Ask customer support to enable the SSO feature flag for you.
+- If you are running your own on-prem instance:
+  : - for handling the feature flag, you can run your own [backoffice](https://github.com/wireapp/wire-server-deploy/tree/259cd2664a4e4d890be797217cc715499d72acfc/charts/backoffice) service.
+    - More simply, you can configure the galley service so that sso is always enabled (just put "enabled-by-default" [here](https://github.com/wireapp/wire-server-deploy/blob/a4a35b65b2312995729b0fc2a04461508cb12de7/values/wire-server/prod-values.example.yaml#L134)).
+
+## Setting up your IdP
+
+- The SP Metadata URL: <https://prod-nginz-https.wire.com/sso/metadata>
+- The SSO Login URL: <https://prod-nginz-https.wire.com/sso/finalize-login>
+- SP Entity ID (aka Request Issuer ID): <https://prod-nginz-https.wire.com/sso/finalize-login>
+
+How you need to use this information during setting up your IdP
+depends on the vendor.  Let us know if you run into any trouble!
+
+## Setting up your wire team
+
+See <https://support.wire.com/hc/en-us/articles/360001285638-Set-up-SSO-internally>
+
+## Authentication
+
+The team settings will show you a login code from us that looks like
+eg.
+
+\> `wire-959b5840-3e8a-11e9-adff-0fa5314b31c0`
+
+See
+<https://support.wire.com/hc/en-us/articles/360000954617-Pro-How-to-log-in-with-SSO>-
+on how to use this to login on wire.
diff --git a/docs/src/how-to/single-sign-on/generic-setup.rst b/docs/src/how-to/single-sign-on/generic-setup.rst
deleted file mode 100644
index 79f4d9585a..0000000000
--- a/docs/src/how-to/single-sign-on/generic-setup.rst
+++ /dev/null
@@ -1,42 +0,0 @@
-.. _SSO generic setup:
-
-How to set up SSO integration with your IdP
-===========================================
-
-Preprequisites
---------------
-
-- An account with your SAML IdP, admin access to that account
-- Wire team, admin access to that team
-- If your team is hosted at wire.com:
-    - Ask customer support to enable the SSO feature flag for you.
-- If you are running your own on-prem instance:
-    - for handling the feature flag, you can run your own `backoffice <https://github.com/wireapp/wire-server-deploy/tree/259cd2664a4e4d890be797217cc715499d72acfc/charts/backoffice>`_ service.
-    - More simply, you can configure the galley service so that sso is always enabled (just put "enabled-by-default" `here <https://github.com/wireapp/wire-server-deploy/blob/a4a35b65b2312995729b0fc2a04461508cb12de7/values/wire-server/prod-values.example.yaml#L134>`_).
-
-Setting up your IdP
--------------------
-
-- The SP Metadata URL: https://prod-nginz-https.wire.com/sso/metadata
-- The SSO Login URL: https://prod-nginz-https.wire.com/sso/finalize-login
-- SP Entity ID (aka Request Issuer ID): https://prod-nginz-https.wire.com/sso/finalize-login
-
-How you need to use this information during setting up your IdP
-depends on the vendor.  Let us know if you run into any trouble!
-
-Setting up your wire team
--------------------------
-
-See https://support.wire.com/hc/en-us/articles/360001285638-Set-up-SSO-internally
-
-Authentication
---------------
-
-The team settings will show you a login code from us that looks like
-eg.
-
-> `wire-959b5840-3e8a-11e9-adff-0fa5314b31c0`
-
-See
-https://support.wire.com/hc/en-us/articles/360000954617-Pro-How-to-log-in-with-SSO-
-on how to use this to login on wire.
diff --git a/docs/src/how-to/single-sign-on/index.md b/docs/src/how-to/single-sign-on/index.md
new file mode 100644
index 0000000000..2cdb939676
--- /dev/null
+++ b/docs/src/how-to/single-sign-on/index.md
@@ -0,0 +1,15 @@
+# Single Sign-On and User Provisioning
+
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:maxdepth: 1
+
+Single sign-on and user provisioning <understand/main>
+Generic setup <generic-setup>
+SSO integration with ADFS <adfs/main>
+SSO integration with Azure <azure/main>
+SSO integration with Centrify <centrify/main>
+SSO integration with Okta <okta/main>
+*
+```
diff --git a/docs/src/how-to/single-sign-on/okta/main.rst b/docs/src/how-to/single-sign-on/okta/main.md
similarity index 73%
rename from docs/src/how-to/single-sign-on/okta/main.rst
rename to docs/src/how-to/single-sign-on/okta/main.md
index faf3799db0..6fe285c55f 100644
--- a/docs/src/how-to/single-sign-on/okta/main.rst
+++ b/docs/src/how-to/single-sign-on/okta/main.md
@@ -1,53 +1,56 @@
-How to set up SSO integration with Okta
-=======================================
+(sso-int-with-okta)=
 
-Preprequisites
---------------
+# How to set up SSO integration with Okta
 
-- http://okta.com/ account, admin access to that account
-- See also :ref:`SSO generic setup`.
+## Preprequisites
 
-Steps
------
+- <http://okta.com/> account, admin access to that account
+- See also {ref}`sso-generic-setup`.
 
-Okta setup
-~~~~~~~~~~
+## Steps
+
+### Okta setup
 
 - Log in into Okta web interface
 - Open the admin console and switch to the "Classic UI"
 - Navigate to "Applications"
 - Click "Add application"
 
-.. image:: 001-applications-screen.png
+```{image} 001-applications-screen.png
+```
 
-----
+______________________________________________________________________
 
 - Create a new application
 
-.. image:: 002-add-application.png
+```{image} 002-add-application.png
+```
 
-----
+______________________________________________________________________
 
 - Choose `Web`, `SAML 2.0`
 
-.. image:: 003-add-application-1.png
+```{image} 003-add-application-1.png
+```
 
-----
+______________________________________________________________________
 
 - Pick a name for the application in "Step 1" and continue
 
-.. image:: 004-add-application-step1.png
+```{image} 004-add-application-step1.png
+```
 
-----
+______________________________________________________________________
 
 - Add the following parameters in "Step 2" and continue
 
+```{eval-rst}
 +-----------------------------+------------------------------------------------------------------------------+
 + Paramenter label            | Value                                                                        |
 +=============================+==============================================================================+
 | Single Sign On URL          | `https://prod-nginz-https.wire.com/sso/finalize-login`                       |
 +-----------------------------+------------------------------------------------------------------------------+
-| Use this for Recipient URL  | checked ✅                                                                   |
+| Use this for Recipient URL  | checked                                                                      |
 | and Destination URL         |                                                                              |
 +-----------------------------+------------------------------------------------------------------------------+
 | Audience URI (SP Entity ID) | `https://prod-nginz-https.wire.com/sso/finalize-login`                       |
@@ -56,34 +59,41 @@ Okta setup
 +-----------------------------+------------------------------------------------------------------------------+
 | Application Username        | `Email` (\*)                                                                 |
 +-----------------------------+------------------------------------------------------------------------------+
+```
 
 **(\*) Note**: The application username **must be** unique in your team, and should be immutable once assigned. If more than one user has the same value for the field that you select here, those two users will log in as a single user on Wire. And if the value were to change, users will be re-assigned to a new account at the next login. Usually, `email` is a safe choice but you should evaluate it for your case.
 
-.. image:: 005-add-application-step2.png
+```{image} 005-add-application-step2.png
+```
 
-----
+______________________________________________________________________
 
 - Give the following answer in "Step 3" and continue
 
+```{eval-rst}
 +-----------------------------------+------------------------------------------------------------------------+
 + Paramenter label                  | Value                                                                  |
 +===================================+========================================================================+
 | Are you a customer or a partner?  | I'm an Okta customer                                                   |
 +-----------------------------------+------------------------------------------------------------------------+
+```
 
-.. image:: 006-add-application-step3.png
+```{image} 006-add-application-step3.png
+```
 
-----
+______________________________________________________________________
 
 - The app has been created. Switch to the "Sign-On" tab
 - Find the "Identity Provider Metadata" link. Copy the link address (normally done by right-clicking on the link and selecting "Copy link location" or a similar item in the menu).
 - Store the link address somewhere for a future step.
 
-.. image:: 007-application-sign-on.png
+```{image} 007-application-sign-on.png
+```
 
-----
+______________________________________________________________________
 
 - Switch to the "Assignments" tab
 - Make sure that some users (or everyone) is assigned to the application. These are the users that will be allowed to log in to Wire using Single Sign On. Add the relevant users to the list with the "Assign" button.
 
-.. image:: 008-assignment.png
+```{image} 008-assignment.png
+```
diff --git a/docs/src/how-to/single-sign-on/trouble-shooting.rst b/docs/src/how-to/single-sign-on/trouble-shooting.md
similarity index 60%
rename from docs/src/how-to/single-sign-on/trouble-shooting.rst
rename to docs/src/how-to/single-sign-on/trouble-shooting.md
index da0ca43210..cdc7e1204a 100644
--- a/docs/src/how-to/single-sign-on/trouble-shooting.rst
+++ b/docs/src/how-to/single-sign-on/trouble-shooting.md
@@ -1,32 +1,28 @@
-.. _trouble-shooting-faq:
+(trouble-shooting-faq)=
 
-Trouble shooting & FAQ
-======================
+# Trouble shooting & FAQ
 
-Reporting a problem with user provisioning or SSO authentication
-----------------------------------------------------------------
+## Reporting a problem with user provisioning or SSO authentication
 
 In order for us to analyse and understand your problem, we need at least the following information up-front:
 
 - Have you followed the following instructions?
-    - :ref:`FAQ <trouble-shooting-faq>` (This document)
-    - `Howtos <https://docs.wire.com/how-to/single-sign-on/index.html>`_ for supported vendors
-    - `General documentation on the setup flow <https://support.wire.com/hc/en-us/articles/360001285718-Set-up-SSO-externally>`_
+  : - {ref}`FAQ <trouble-shooting-faq>` (This document)
+    - [Howtos](https://docs.wire.com/how-to/single-sign-on/index.html) for supported vendors
+    - [General documentation on the setup flow](https://support.wire.com/hc/en-us/articles/360001285718-Set-up-SSO-externally)
 - Vendor information (octa, azure, centrica, other (which one)?)
 - Team ID (looks like eg. `2e9a9c9c-6f83-11eb-a118-3342c6f16f4e`, can be found in team settings)
 - What do you expect to happen?
-    - eg.: "I enter login code, authenticate successfully against IdP, get redirected, and see the wire landing page."
+  : - eg.: "I enter login code, authenticate successfully against IdP, get redirected, and see the wire landing page."
 - What does happen instead?
-    - Screenshots
+  : - Screenshots
     - Copy the text into your report where applicable in addition to screenshots (for automatic processing).
     - eg.: "instead of being logged into wire, I see the following error page: ..."
 - Screenshots of the Configuration (both SAML and SCIM, as applicable), including, but not limited to:
-    - If you are using SAML: SAML IdP metadata file
+  : - If you are using SAML: SAML IdP metadata file
     - If you are using SCIM for provisioning: Which attributes in the User schema are mapped?  How?
 
-
-Can I use the same SSO login code for multiple teams?
------------------------------------------------------
+## Can I use the same SSO login code for multiple teams?
 
 No, but there is a good reason for it and a work-around.
 
@@ -45,28 +41,21 @@ still use the same user base for all teams.  This has the extra
 advantage that a user can be part of two teams with the same
 credentials, which would be impossible even with the hypothetical fix.
 
-
-Can an existing user without IdP (or with a different IdP) be bound to a new IdP?
----------------------------------------------------------------------------------
+## Can an existing user without IdP (or with a different IdP) be bound to a new IdP?
 
 No.  This is a feature we never fully implemented.  Details / latest
-updates: https://github.com/wireapp/wire-server/issues/1151
-
-
-Can the SSO feature be disabled for a team?
--------------------------------------------
+updates: <https://github.com/wireapp/wire-server/issues/1151>
 
-No, this is `not implemented <https://github.com/wireapp/wire-server/blob/7a97cb5a944ae593c729341b6f28dfa1dabc28e5/services/galley/src/Galley/API/Error.hs#L215>`_.
+## Can the SSO feature be disabled for a team?
 
+No, this is [not implemented](https://github.com/wireapp/wire-server/blob/7a97cb5a944ae593c729341b6f28dfa1dabc28e5/services/galley/src/Galley/API/Error.hs#L215).
 
-Can you remove a SAML connection?
----------------------------------
+## Can you remove a SAML connection?
 
 It is not possible to delete a SAML connection in the Team Settings app, however it can be overwritten with a new connection.
-It is possible do delete a SAML connection directly via the API endpoint ``DELETE /identity-providers/{id}``. However deleting a SAML connection also requires deleting all users that can log in with this SAML connection. To prevent accidental deletion of users this functionality is not available directly from Team Settings.
+It is possible do delete a SAML connection directly via the API endpoint `DELETE /identity-providers/{id}`. However deleting a SAML connection also requires deleting all users that can log in with this SAML connection. To prevent accidental deletion of users this functionality is not available directly from Team Settings.
 
-If you get an error when returning from your IdP
-------------------------------------------------
+## If you get an error when returning from your IdP
 
 `Symptoms:`
 
@@ -86,9 +75,7 @@ that contains a lot of machine-readable info.
 With all this information, please get in touch with our customer
 support.
 
-
-Do I need any firewall settings?
---------------------------------
+## Do I need any firewall settings?
 
 No.
 
@@ -96,9 +83,7 @@ There is nothing to be done here.  There is no internet traffic
 between your SAML IdP and the wire service.  All communication happens
 via the browser or app.
 
-
-Why does the team owner have to keep using password?
-----------------------------------------------------
+## Why does the team owner have to keep using password?
 
 The user who creates the team cannot be authenticated via SSO.  There
 is fundamentally no easy way around that: we need somebody to give us
@@ -119,71 +104,66 @@ for IdP registration and upgrade of IdP-authenticated owners / admins.
 In practice, user A and some owner authenticated via IdP would then be
 controlled by the same person, probably.
 
-
-What should the SAML response look like?
-----------------------------------------
+## What should the SAML response look like?
 
 Here is an example that works.  Much of this beyond the subject's
 NameID is required by the SAML standard.  If you can find a more
 minimal example that still works, we'd be love to take a look.
 
-.. code:: xml
-
-    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="..." IssueInstant="..." Version="2.0">
-      <saml:Issuer>...</saml:Issuer>
-      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:SignedInfo>
-          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-          <ds:Reference URI="#...">
-            <ds:Transforms>
-              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml"/>
-              </ds:Transform>
-            </ds:Transforms>
-            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-            <ds:DigestValue>...</ds:DigestValue>
-          </ds:Reference>
-        </ds:SignedInfo>
-        <ds:SignatureValue>...</ds:SignatureValue>
-        <ds:KeyInfo>
-          <ds:X509Data>
-            <ds:X509Certificate>...</ds:X509Certificate>
-          </ds:X509Data>
-        </ds:KeyInfo>
-      </ds:Signature>
-      <saml:Subject>
-        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">...</saml:NameID>
-        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-          <saml:SubjectConfirmationData Address="..." InResponseTo="..." NotOnOrAfter="..."
-                                        Recipient="https://prod-nginz-https.wire.com/sso/finalize-login"/>
-        </saml:SubjectConfirmation>
-      </saml:Subject>
-      <saml:Conditions NotBefore="..." NotOnOrAfter="...">
-        <saml:AudienceRestriction>
-          <saml:Audience>https://prod-nginz-https.wire.com/sso/finalize-login</saml:Audience>
-        </saml:AudienceRestriction>
-      </saml:Conditions>
-      <saml:AuthnStatement AuthnInstant="..." SessionNotOnOrAfter="...">
-        <saml:SubjectLocality Address="..."/>
-        <saml:AuthnContext>
-          <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
-        </saml:AuthnContext>
-      </saml:AuthnStatement>
-    </saml:Assertion>
-
-
-Why does the auth response not contain a reference to an auth request?  (Also: can i use IdP-initiated login?)
------------------------------------------------------------------------------------------------------------------
+```xml
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="..." IssueInstant="..." Version="2.0">
+  <saml:Issuer>...</saml:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#...">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue>...</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>...</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>...</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml:Subject>
+    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">...</saml:NameID>
+    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+      <saml:SubjectConfirmationData Address="..." InResponseTo="..." NotOnOrAfter="..."
+                                    Recipient="https://prod-nginz-https.wire.com/sso/finalize-login"/>
+    </saml:SubjectConfirmation>
+  </saml:Subject>
+  <saml:Conditions NotBefore="..." NotOnOrAfter="...">
+    <saml:AudienceRestriction>
+      <saml:Audience>https://prod-nginz-https.wire.com/sso/finalize-login</saml:Audience>
+    </saml:AudienceRestriction>
+  </saml:Conditions>
+  <saml:AuthnStatement AuthnInstant="..." SessionNotOnOrAfter="...">
+    <saml:SubjectLocality Address="..."/>
+    <saml:AuthnContext>
+      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+    </saml:AuthnContext>
+  </saml:AuthnStatement>
+</saml:Assertion>
+```
+
+## Why does the auth response not contain a reference to an auth request?  (Also: can i use IdP-initiated login?)
 
 tl;dr: Wire only supports SP-initiated login, where the user selects
 the auth method from inside the app's login screen.  It does not
 support IdP-initiated login, where the user enters the app from a list
 of applications in the IdP UI.
 
-The full story
-^^^^^^^^^^^^^^
+### The full story
 
 SAML authentication can be initiated by the IdP (eg., Okta or Azure),
 or by the SP (Wire).
@@ -206,9 +186,7 @@ impersonate rogue accounts) hard that were otherwise quite feasible.
 
 Wire therefore only supports SP-initiated login.
 
-
-How are SAML2 assertion details used in wire?
----------------------------------------------
+## How are SAML2 assertion details used in wire?
 
 Wire only uses the SAML `NameID` from the assertion, plus the
 information whether authentication and authorization was successful.
@@ -221,9 +199,7 @@ wire user display name a default value.  (The user will be allowed to
 change that value later; changing it does NOT affect the
 authentication handshake between wire and the IdP.)
 
-
-How should I map user data to SCIM attributes when provisioning users via SCIM?
--------------------------------------------------------------------------------
+## How should I map user data to SCIM attributes when provisioning users via SCIM?
 
 If you are provisioning users via SCIM, the following mapping is used
 in your wire team:
@@ -238,17 +214,16 @@ in your wire team:
 
 3. SCIM's `preferredLanguage` is mapped to wire's user locale settings
    when a locale is not defined for that user. It must consist of an
-   ISO 639-1 language code. 
+   ISO 639-1 language code.
 
 4. SCIM's `externalId`:
 
-   a. If SAML SSO is used, it is mapped on the SAML `NameID`.  If it
+   1. If SAML SSO is used, it is mapped on the SAML `NameID`.  If it
       parses as an email, it will have format `email`, and you can
       choose to validate it during provisioning (by enabeling the
       feature flag for your team).  Otherwise, the format will be
       `unspecified`.
-
-   b. If email/password authentication is used, SCIM's `externalId` is
+   2. If email/password authentication is used, SCIM's `externalId` is
       mapped on wire's email address, and provisioning works like in
       team settings with invitation emails.
 
@@ -262,29 +237,24 @@ Also note that the account will be set to `"active": false` until the
 user has accepted the invitation and activated the account.  Please
 contact customer support if this causes any issues.
 
-
-Can I distribute a URL to my users that contains the login code?
-----------------------------------------------------------------
+## Can I distribute a URL to my users that contains the login code?
 
 Users may find it awkward to copy and paste the login code into the
 form.  If they are using the webapp, an alternative is to give them
 the following URL (fill in the login code that you can find in your
 team settings):
 
-.. code:: bash
+```bash
+https://wire-webapp-dev.zinfra.io/auth#sso/3c4f050a-f073-11eb-b4c9-931bceeed13e
+```
 
-  https://wire-webapp-dev.zinfra.io/auth#sso/3c4f050a-f073-11eb-b4c9-931bceeed13e
-
-
-(Theoretical) name clashes in SAML NameIDs
-------------------------------------------
+## (Theoretical) name clashes in SAML NameIDs
 
 You can technically configure your SAML IdP to create name clashes in
 wire, ie., to map two (technically) different NameIDs to the same wire
 user.
 
-How to know you're safe
-^^^^^^^^^^^^^^^^^^^^^^^
+### How to know you're safe
 
 This is highly unlikely, since the
 distinguishing parts of `NameID` that we ignore are generally either
@@ -292,16 +262,14 @@ unused or redundant.  If you are confident that any two users you have
 assigned to the wire app can be distinguished solely by the
 lower-cased `NameID` content, you're safe.
 
-Impact
-^^^^^^
+### Impact
 
 If you are using SCIM for user provisioning, this may lead
 to errors during provisioning of new users ("user already exists").
 If you use SAML auto-provisioning, this may lead to unintential
 account sharing instead of an error.
 
-How to reproduce
-^^^^^^^^^^^^^^^^
+### How to reproduce
 
 If you have users whose combination of
 `IssuerId` and `NameID` can only be distinguished by casing (upper
@@ -309,30 +277,27 @@ vs. lower) or by the `NameID` qualifiers (`NameID` xml attributes
 `NameQualifier`, `IdPNameQualifier`, ...), those users will name
 clash.
 
-Solution
-^^^^^^^^
+### Solution
 
 Do not rely on case sensitivity of `IssuerID` or `NameID`, or on
 `NameID` qualifiers for distinguishing user identifiers.
 
-
-How to report problems
-----------------------
+## How to report problems
 
 If you have a problem you cannot resolve by yourself, please get in touch.  Add as much of the following details to your report as possible:
 
-* Are you on cloud or on-prem?  (If on-prem: which instance?)
-* XML IdP metadata
-* SSL Login code or IdP Issuer EntityID
-* NameID of the account that has the problem
-* SP metadata
+- Are you on cloud or on-prem?  (If on-prem: which instance?)
+- XML IdP metadata
+- SSL Login code or IdP Issuer EntityID
+- NameID of the account that has the problem
+- SP metadata
 
 Problem description, including, but not limited to:
 
-* what happened?
-* what did you want to happen?
-* what does your idp config in the wire team management app look like?
-* what does your wire config in your IdP management app look like?
-* Please include screenshots *and* copied text (for cut&paste when we investigate) *and* further description and comments where feasible.
+- what happened?
+- what did you want to happen?
+- what does your idp config in the wire team management app look like?
+- what does your wire config in your IdP management app look like?
+- Please include screenshots *and* copied text (for cut&paste when we investigate) *and* further description and comments where feasible.
 
 (If you can't produce some of this information of course please get in touch anyway!  It'll merely be harder for us to resolve your issue quickly, and we may need to make a few extra rounds of data gathering together with you.)
diff --git a/docs/src/understand/single-sign-on/Wire_SAML_Flow (lucidchart).svg b/docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg
similarity index 100%
rename from docs/src/understand/single-sign-on/Wire_SAML_Flow (lucidchart).svg
rename to docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg
diff --git a/docs/src/understand/single-sign-on/Wire_SAML_Flow.png b/docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow.png
similarity index 100%
rename from docs/src/understand/single-sign-on/Wire_SAML_Flow.png
rename to docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow.png
diff --git a/docs/src/how-to/single-sign-on/understand/main.md b/docs/src/how-to/single-sign-on/understand/main.md
new file mode 100644
index 0000000000..465ef9dc48
--- /dev/null
+++ b/docs/src/how-to/single-sign-on/understand/main.md
@@ -0,0 +1,561 @@
+# Single sign-on and user provisioning
+
+```{contents}
+```
+
+## Introduction
+
+This page is intended as a manual for administrator users in need of setting up {term}`SSO` and provisionning users using {term}`SCIM` on their installation of Wire.
+
+Historically and by default, Wire's user authentication method is via phone or password. This has security implications and does not scale.
+
+Solution: {term}`SSO` with {term}`SAML`! [(Security Assertion Markup Language)](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language)
+
+{term}`SSO` systems allow users to identify on multiple systems (including Wire once configured as such) using a single ID and password.
+
+You can find some of the advantages of {term}`SSO` over more traditional schemes [here](https://en.wikipedia.org/wiki/Single_sign-on).
+
+Also historically, wire has allowed team admins and owners to manage their users in the team management app.
+
+This does not scale as it requires a lot of manual labor for each user.
+
+The solution we offer to solve this issue is implementing {term}`SCIM` [(System for Cross-domain Identity Management)](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management)
+
+{term}`SCIM` is an interface that allows both software (for example Active Directory) and custom scripts to manage Identities (users) in bulk.
+
+This page explains how to set up {term}`SCIM` and then use it.
+
+```{note}
+Note that it is recommended to use both {term}`SSO` and {term}`SCIM` (as opposed to just {term}`SSO` alone).
+The reason is if you only use {term}`SSO`, but do not configure/implement {term}`SCIM`, you will experience reduced functionality.
+In particular, without {term}`SCIM` all Wire users will be named according their e-mail address and won't have any rich profiles.
+See below in the {term}`SCIM` section for a more detailled explanation.
+```
+
+## Further reading
+
+If you can't find the answers to your questions here, we have a few
+more documents.  Some of them are very technical, some may not be up
+to date any more, and we are planning to move many of them into this
+page.  But for now they may be worth checking out.
+
+- {ref}`Trouble shooting & FAQ <trouble-shooting-faq>`
+- <https://support.wire.com/hc/en-us/sections/360000580658-Authentication>
+- <https://github.com/wireapp/wire-server/blob/1753b790e5cfb2d35e857648c88bcad3ac329f01/docs/reference/spar-braindump.md>
+- <https://github.com/wireapp/wire-server/tree/1753b790e5cfb2d35e857648c88bcad3ac329f01/docs/reference/provisioning/>
+
+## Definitions
+
+The following concepts need to be understood to use the present manual:
+
+```{eval-rst}
+.. glossary::
+
+   SCIM
+       System for Cross-domain Identity Management (:term:`SCIM`) is a standard for automating the exchange of user identity information between identity domains, or IT systems.
+
+       One example might be that as a company onboards new employees and separates from existing employees, they are added and removed from the company's electronic employee directory. :term:`SCIM` could be used to automatically add/delete (or, provision/de-provision) accounts for those users in external systems such as G Suite, Office 365, or Salesforce.com. Then, a new user account would exist in the external systems for each new employee, and the user accounts for former employees might no longer exist in those systems.
+
+       See: `System for Cross-domain Identity Management at Wikipedia <https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management>`_
+
+       In the context of Wire, SCIM is the interface offered by the Wire service (in particular the spar service) that allows for single or mass automated addition/removal of user accounts.
+
+   SSO
+
+       Single sign-on (:term:`SSO`) is an authentication scheme that allows a user to log in with a single ID and password to any of several organizationally related, yet independent, software systems.
+
+       True single sign-on allows the user to log in once and access different, independent services without re-entering authentication factors.
+
+       See: `Single-Sign-On at Wikipedia <https://en.wikipedia.org/wiki/Single_sign-on>`_
+
+   SAML
+
+       Security Assertion Markup Language (:term:`SAML`, pronounced SAM-el, /'sæməl/) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. :term:`SAML` is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). :term:`SAML` is also:
+
+       * A set of XML-based protocol messages
+       * A set of protocol message bindings
+       * A set of profiles (utilizing all of the above)
+
+       An important use case that :term:`SAML` addresses is web-browser `single sign-on (SSO) <https://en.wikipedia.org/wiki/Single_sign-on>`_ . Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending :term:`SSO` across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The `SAML Web Browser SSO <https://en.wikipedia.org/wiki/Single_sign-on>`_ profile was specified and standardized to promote interoperability.
+
+       See: `SAML at Wikipedia <https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language>`_
+
+       In the context of Wire, SAML is the standard/protocol used by the Wire services (in particular the spar service) to provide the Single Sign On feature.
+
+   IdP
+
+       In the context of Wire, an identity provider (abbreviated :term:`IdP`) is a service that provides SAML single sign-on (:term:`SSO`) credentials that give users access to Wire.
+
+   Curl
+
+       :term:`Curl` (pronounced ":term:`Curl`") is a command line tool used to download files over the HTTP (web) protocol. For example, `curl http://wire.com` will download the ``wire.com`` web page.
+
+       In this manual, it is used to contact API (Application Programming Interface) endpoints manually, where those endpoints would normally be accessed by code or other software.
+
+       This can be used either for illustrative purposes (to "show" how the endpoints can be used) or to allow the manual execution of some simple tasks.
+
+       For example (not a real endpoint) `curl http://api.wire.com/delete_user/thomas` would (schematically) execute the :term:`Curl` command, which would contact the wire.com API and delete the user named "thomas".
+
+       Running this command in a terminal would cause the :term:`Curl` command to access this URL, and the API at that URL would execute the requested action.
+
+       See: `curl at Wikipedia <https://en.wikipedia.org/wiki/Curl>`__
+
+
+   Spar
+
+       The Wire backend software stack is composed of different services, `running as pods <../overview.html#focus-on-pods>`__ in a kubernetes cluster.
+
+       One of those pods is the "spar" service. That service/pod is dedicated to the providing :term:`SSO` (using :term:`SAML`) and :term:`SCIM` services. This page is the manual for this service.
+
+       In the context of :term:`SCIM`, Wire's spar service is the `Service Provider <https://en.wikipedia.org/wiki/Service_provider_(SAML)>`__ that Identity Management Software
+       (for example Azure, Okta, Ping Identity, SailPoint, Technology Nexus, etc.) uses for user account provisioning and deprovisioning.
+```
+
+## User login for the first time with SSO
+
+{term}`SSO` allows users to register and log into Wire with their company credentials that they use on other software in their workplace.
+No need to remember another password.
+
+When a team is set up on Wire, the administrators can provide users a login code or link that they can use to go straight to their company's login page.
+
+Here is what this looks from a user's perspective:
+
+1. Download Wire.
+2. Select and copy the code that your company gave you / the administrator generated
+3. Open Wire.  Wire may detect the code on your clipboard and open a pop-up window with a text field.
+   Wire will automatically put the code into the text field.
+   If so, click Log in and go to step 8.
+4. If no pop-up: click Login on the first screen.
+5. Click Enterprise Login.
+6. A pop-up will appear. In the text field, paste or type the code your company gave you.
+7. Click Log in.
+8. Wire will load your company's login page: log in with your company credentials.
+
+(saml-sso)=
+
+## SAML/SSO
+
+### Introduction
+
+SSO (Single Sign-On) is technology allowing users to sign into multiple services with a single identity provider/credential.
+
+SSO is about `authentication`, not `provisioning` (create, update, remove user accounts).  To learn more about the latter, continue  {ref}`below <user-provisioning-scim-ldap>`.
+
+For example, if a company already has SSO setup for some of their services, and they start using Wire, they can use Wire's SSO support to add Wire to the set of services their users will be able to sign into with their existing SSO credentials.
+
+Here is a blog post we like about how SAML works: <https://duo.com/blog/the-beer-drinkers-guide-to-saml>
+
+And here is a diagram that explains it in slightly more technical terms:
+
+```{image} Wire_SAML_Flow.png
+```
+
+Here is a critique of XML/DSig security (which SAML relies on): <https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>
+
+### Terminology and concepts
+
+- End
+  The browser carrries out all the redirections from the SP to the IdP and vice versa.
+- Service Provider (SP): The entity (here Wire software) that provides its protected resource when an end user tries to access this resource. To accomplish the SAML based SSO authentication, the Service Provider
+  must have the Identity Provider's metadata.
+- Identity Provider (IdP): Defines the entity that provides the user identities, including the ability to authenticate a user to get access to a protected resource / application from a Service Provider. To accomplish
+  the SAML based SSO authentication, the IdP must have the Service Provider's metadata.
+- SAML Request: This is the authentication request generated by the Service Provider to request an authentication from the Identity Provider for verifying the user's identity.
+- SAML Response: The SAML Response contains the cryptographically signed assertion of the authenticated user and is generated by the Identity Provider.
+
+(Definitons adapted from [collab.net](http://help.collab.net/index.jsp?topic=/teamforge178/action/saml.html))
+
+(setting-up-sso-externally)=
+
+### Setting up SSO externally
+
+To set up {term}`SSO` for a given Wire installation, the Team owner/administrator must enable it.
+
+The first step is to configure the Identity Provider: you'll need to register Wire as a service provider in your Identity Provider.
+
+We've put together guides for registering with different providers:
+
+- Instructions for {ref}`Okta <sso-int-with-okta>`
+- Instructions for {doc}`Centrify <../centrify/main>`
+- Instructions for {doc}`Azure <../azure/main>`
+- Some screenshots for {doc}`ADFS <../adfs/main>`
+- {doc}`Generic instructions (try this if none of the above are applicable) <../generic-setup>`
+
+As you do this, make sure you take note of your {term}`IdP` metadata, which you will need for the next step.
+
+Once you are finished with registering Wire to your {term}`IdP`, move on to the next step, setting up {term}`SSO` internally.
+
+### Setting up SSO internally
+
+Now that you've registered Wire with your identity provider ({term}`IdP`), you can enable {term}`SSO` for your team on Wire.
+
+On Desktop:
+
+- Click Settings and click "Manage Team"; or go directly to teams.wire.com, or if you have an on-premise install, go to teams.\<your-domain>.com
+- Login with your account credentials.
+- Click "Customization". Here you will see the section for {term}`SSO`.
+- Click the blue down arrow.
+- Click "Add {term}`SAML` Connection".
+- Provide the {term}`IdP` metadata. To find out more about retrieving this for your provider, see the guides in the "Setting up {term}`SSO` externally" step just above.
+- Click "Save".
+- Wire will now validate the document to set up the {term}`SAML` connection.
+- If the data is valid, you will return to the Settings page.
+- The page shows the information you need to log in with {term}`SSO`. Copy the login code or URL and send it to your team members or partners. For more information see: Logging in with {term}`SSO`.
+
+What to expect after {term}`SSO` is enabled:
+
+Anyone with a login through your {term}`SAML` identity provider ({term}`IdP`) and with access to the Wire app will be able to register and log in to your team using the {term}`SSO` Login URL and/or Code.
+
+Take care to share the code only with members of your team.
+
+If you haven't set up {term}`SCIM` ([we recommend you do](#introduction)), your team members can create accounts on Wire using {term}`SSO` simply by logging in, and will appear on the People tab of the team management page.
+
+If team members already have Wire accounts, use {term}`SCIM` to associate them with the {term}`SAML` credentials.  If you make a mistake here, you may end up with several accounts for the same person.
+
+(user-provisioning-scim-ldap)=
+
+## User provisioning (SCIM/LDAP)
+
+SCIM/LDAP is about `provisioning` (create, update, remove user accounts), not `authentication`.  To learn more about the latter, continue {ref}`above <saml-sso>`.
+
+Wire supports the [SCIM](http://www.simplecloud.info/) ([RFC 7643](https://tools.ietf.org/html/rfc7643)) protocol to create, update and delete users.
+
+If your user data is stored in an LDAP data source like Active Directory or OpenLDAP, you can use our docker-base [ldap-scim-bridge](https://github.com/wireapp/ldap-scim-bridge/#use-via-docker) to connect it to wire.
+
+Note that connecting a SCIM client to Wire also disables the functionality to create new users in the SSO login process. This functionality is disabled when a token is created (see below) and re-enabled when all tokens have been deleted.
+
+To set up the connection of your SCIM client (e.g. Azure Active Directory) you need to provide
+
+1. The URL under which Wire's SCIM API is hosted: `https://prod-nginz-https.wire.com/scim/v2`.
+   If you are hosting your own instance of Wire then the URL is `https://<hostname>/scim/v2`, where `<hostname>` is where you are serving Wire's public endpoints. Some SCIM clients append `/v2` to the URL your provide. If this happens (check the URL mentioned in error messages of your SCIM client) then please provide the URL without the `/v2` suffix, i.e. `https://prod-nginz-https.wire.com/scim` or `https://<hostname>/scim`.
+2. A secret token which authorizes the use of the SCIM API. Use the  [wire_scim_token.py](https://raw.githubusercontent.com/wireapp/wire-server/654b62e3be74d9dddae479178990ebbd4bc77b1e/docs/reference/provisioning/wire_scim_token.py)
+   script to generate a token. To run the script you need access to an user account with "admin" privileges that can login via email and password. Note that the token is independent from  the admin account that created it, i.e. the token remains valid if the admin account gets deleted or changed.
+
+You need to configure your SCIM client to use the following mandatory SCIM attributes:
+
+1. Set the `userName` attribute to the desired user handle (the handle is shown
+   with an @ prefix in apps). It must be unique accross the entire Wire Cloud
+   (or unique on your own instance), and consist of the characters `a-z0-9_.-`
+   (no capital letters).
+
+2. Set the `displayName` attribute to the user's desired display name, e.g. "Jane Doe".
+   It must consist of 1-128 unicode characters. It does not need to be unique.
+
+3. The `externalId` attribute:
+
+   1. If you are using Wire's SAML SSO feature then set `externalId` attribute to the same identifier used for `NameID` in your SAML configuration.
+   2. If you are using email/password authentication then set the `externalId`
+      attribute to the user's email address. The user will receive an invitation email during provisioning. Also note that the account will be set to `"active": false` until the user has accepted the invitation and activated the account.
+
+You can optionally make use of Wire's `urn:wire:scim:schemas:profile:1.0` extension field to store arbitrary user profile data that is shown in the users profile, e.g. department, role. See [docs](https://github.com/wireapp/wire-server/blob/develop/docs/reference/user/rich-info.md#scim-support-refrichinfoscim) for details.
+
+### SCIM management in Wire (in Team Management)
+
+#### SCIM security and authentication
+
+Wire uses a very basic variant of oauth, where a *bearer token* is presented to the server in header with all {term}`SCIM` requests.
+
+You can create such bearer tokens in team management and copy them from there into your the dashboard of your SCIM data source.
+
+#### Generating a SCIM token
+
+In order to be able to send SCIM requests to Wire, we first need to generate a SCIM token. This section explains how to do this.
+
+Once the token is generated, it should be noted/remembered, and it will be used in all subsequent SCIM uses/requests to authenticate the request as valid/authenticated.
+
+These are the steps to generate a new {term}`SCIM` token, which you will need to provide to your identity provider ({term}`IdP`), along with the target API URL, to enable {term}`SCIM` provisionning.
+
+- Step 1: Go to <https://teams.wire.com/settings> (Here replace "wire.com" with your own domain if you have an on-premise installation of Wire).
+
+```{image} token-step-01.png
+:align: center
+```
+
+- Step 2: In the left menu, go to "Customization".
+
+```{image} token-step-02.png
+:align: center
+```
+
+- Step 3: Go to "Automated User Management ({term}`SCIM`)" and click the "down" to expand
+
+```{image} token-step-03.png
+:align: center
+```
+
+- Step 4: Click "Generate token", if your password is requested, enter it.
+
+```{image} token-step-04.png
+:align: center
+```
+
+- Step 5: Once the token is generated, copy it into your clipboard and store it somewhere safe (eg., in the dashboard of your SCIM data source).
+
+```{image} token-step-05.png
+:align: center
+```
+
+- Step 6: You're done!  You can now view token information, delete the token, or create more tokens should you need them.
+
+```{image} token-step-06.png
+:align: center
+```
+
+Tokens are now listed in this {term}`SCIM`-related area of the screen, you can generate up to 8 such tokens.
+
+### Using SCIM via Curl
+
+You can use the term:`Curl` command line HTTP tool to access tho wire backend (in particular the `spar` service) through the {term}`SCIM` API.
+
+This can be helpful to write your own tooling to interface with wire.
+
+#### Creating a SCIM token
+
+Before we can send commands to the {term}`SCIM` API/Spar service, we need to be authenticated. This is done through the creation of a {term}`SCIM` token.
+
+First, we need a little shell environment. Run the following in your terminal/shell:
+
+```{code-block} bash
+:linenos: true
+
+ export WIRE_BACKEND=https://prod-nginz-https.wire.com
+ export WIRE_ADMIN=...
+ export WIRE_PASSWD=...
+```
+
+Wire's SCIM API currently supports a variant of HTTP basic auth.
+
+In order to create a token in your team, you need to authenticate using your team admin credentials.
+
+The way this works behind the scenes in your browser or cell phone, and in plain sight if you want to use curl, is you need to get a Wire token.
+
+First install the `jq` command (<https://stedolan.github.io/jq/>):
+
+```bash
+sudo apt install jq
+```
+
+```{note}
+If you don't want to install `jq`, you can just call the `curl` command and copy the access token into the shell variable manually.
+```
+
+Then run:
+
+```{code-block} bash
+:linenos: true
+
+export BEARER=$(curl -X POST \
+--header 'Content-Type: application/json' \
+--header 'Accept: application/json' \
+-d '{"email":"'"$WIRE_ADMIN"'","password":"'"$WIRE_PASSWD"'"}' \
+$WIRE_BACKEND/login'?persist=false' | jq -r .access_token)
+```
+
+This token will be good for 15 minutes; after that, just repeat the command above to get a new token.
+
+```{note}
+SCIM requests are authenticated with a SCIM token, see below. SCIM tokens and Wire tokens are different things.
+
+A Wire token is necessary to get a SCIM token. SCIM tokens do not expire, but need to be deleted explicitly.
+```
+
+You can test that you are logged in with the following command:
+
+```bash
+curl -X GET --header "Authorization: Bearer $BEARER" $WIRE_BACKEND/self
+```
+
+Now you are ready to create a SCIM token:
+
+```{code-block} bash
+:linenos: true
+
+export SCIM_TOKEN_FULL=$(curl -X POST \
+--header "Authorization: Bearer $BEARER" \
+--header 'Content-Type: application/json;charset=utf-8' \
+-d '{ "description": "test '"`date`"'", "password": "'"$WIRE_PASSWD"'" }' \
+$WIRE_BACKEND/scim/auth-tokens)
+export SCIM_TOKEN=$(echo $SCIM_TOKEN_FULL | jq -r .token)
+export SCIM_TOKEN_ID=$(echo $SCIM_TOKEN_FULL | jq -r .info.id)
+```
+
+The SCIM token is now contained in the `SCIM_TOKEN` environment variable.
+
+You can look it up again with:
+
+```{code-block} bash
+:linenos: true
+
+curl -X GET --header "Authorization: Bearer $BEARER" \
+$WIRE_BACKEND/scim/auth-tokens
+```
+
+And you can delete it with:
+
+```{code-block} bash
+:linenos: true
+
+curl -X DELETE --header "Authorization: Bearer $BEARER" \
+$WIRE_BACKEND/scim/auth-tokens?id=$SCIM_TOKEN_ID
+```
+
+#### Using a SCIM token to Create Read Update and Delete (CRUD) users
+
+Now that you have your SCIM token, you can use it to talk to the SCIM API to manipulate (create, read, update, delete) users, either individually or in bulk.
+
+**JSON encoding of SCIM Users**
+
+In order to manipulate users using commands, you need to specify user data.
+
+A minimal definition of a user is written in JSON format and looks like this:
+
+```{code-block} json
+:linenos: true
+
+{
+   "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
+   "externalId"  : "nick@example.com",
+   "userName"    : "nick",
+   "displayName" : "The Nick"
+}
+```
+
+You can store it in a variable using this sort of command:
+
+```{code-block} bash
+:linenos: true
+
+export SCIM_USER='{
+   "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
+   "externalId"  : "nick@example.com",
+   "userName"    : "nick",
+   "displayName" : "The Nick"
+}'
+```
+
+The `externalId` is used to construct a SAML identity.  Two cases are
+currently supported:
+
+1. `externalId` contains a valid email address.
+   The SAML `NameID` has the form `<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">me@example.com</NameID>`.
+2. `externalId` contains anything that is *not* an email address.
+   The SAML `NameID` has the form `<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">...</NameID>`.
+
+```{note}
+It is important to configure your SAML provider to use `nameid-format:emailAddress` or `nameid-format:unspecified`.  Other nameid formats are not supported at this moment.
+
+See [FAQ](https://docs.wire.com/how-to/single-sign-on/trouble-shooting.html#how-should-i-map-user-data-to-scim-attributes-when-provisioning-users-via-scim)
+```
+
+We also support custom fields that are used in rich profiles in this form (see: <https://github.com/wireapp/wire-server/blob/develop/docs/reference/user/rich-info.md>):
+
+```{code-block} bash
+:linenos: true
+
+ export SCIM_USER='{
+   "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:wire:scim:schemas:profile:1.0"],
+   "externalId"  : "rnick@example.com",
+   "userName"    : "rnick",
+   "displayName" : "The Rich Nick",
+   "urn:wire:scim:schemas:profile:1.0": {
+      "richInfo": [
+         {
+         "type": "Department",
+         "value": "Sales & Marketing"
+         },
+         {
+         "type": "Favorite color",
+         "value": "Blue"
+         }
+      ]
+   }
+ }'
+```
+
+**How to create a user**
+
+You can create a user using the following command:
+
+```{code-block} bash
+:linenos: true
+
+ export STORED_USER=$(curl -X POST \
+  --header "Authorization: Bearer $SCIM_TOKEN" \
+  --header 'Content-Type: application/json;charset=utf-8' \
+  -d "$SCIM_USER" \
+  $WIRE_BACKEND/scim/v2/Users)
+ export STORED_USER_ID=$(echo $STORED_USER | jq -r .id)
+```
+
+Note that `$SCIM_USER` is in the JSON format and is declared before running this commend as described in the section above.
+
+**Get a specific user**
+
+```{code-block} bash
+:linenos: true
+
+ curl -X GET \
+   --header "Authorization: Bearer $SCIM_TOKEN" \
+   --header 'Content-Type: application/json;charset=utf-8' \
+   $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID
+```
+
+**Search a specific user**
+
+SCIM user search is quite flexible.  Wire currently only supports lookup by wire handle or email address.
+
+Email address (and/or SAML NameID, if /a):
+
+```{code-block} bash
+:linenos: true
+
+ curl -X GET \
+   --header "Authorization: Bearer $SCIM_TOKEN" \
+   --header 'Content-Type: application/json;charset=utf-8' \
+   $WIRE_BACKEND/scim/v2/Users/'?filter=externalId%20eq%20%22me%40example.com%22'
+```
+
+Wire handle: same request, just replace the query part with
+
+```bash
+'?filter=userName%20eq%20%22me%22'
+```
+
+**Update a specific user**
+
+For each put request, you need to provide the full json object.  All omitted fields will be set to `null`.  (If you do not have an up-to-date user present, just `GET` one right before the `PUT`.)
+
+```{code-block} bash
+:linenos: true
+
+ export SCIM_USER='{
+   "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
+   "externalId"  : "rnick@example.com",
+   "userName"    : "newnick",
+   "displayName" : "The New Nick"
+ }'
+```
+
+```{code-block} bash
+:linenos: true
+
+ curl -X PUT \
+  --header "Authorization: Bearer $SCIM_TOKEN" \
+  --header 'Content-Type: application/json;charset=utf-8' \
+  -d "$SCIM_USER" \
+  $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID
+```
+
+**Deactivate user**
+
+It is possible to temporarily deactivate an user (and reactivate him later) by setting his `active` property to `true/false` without affecting his device history.  (`active=false` changes the wire user status to `suspended`.)
+
+**Delete user**
+
+```{code-block} bash
+:linenos: true
+
+ curl -X DELETE \
+   --header "Authorization: Bearer $SCIM_TOKEN" \
+   $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID
+```
diff --git a/docs/src/understand/single-sign-on/token-step-01.png b/docs/src/how-to/single-sign-on/understand/token-step-01.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-01.png
rename to docs/src/how-to/single-sign-on/understand/token-step-01.png
diff --git a/docs/src/understand/single-sign-on/token-step-02.png b/docs/src/how-to/single-sign-on/understand/token-step-02.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-02.png
rename to docs/src/how-to/single-sign-on/understand/token-step-02.png
diff --git a/docs/src/understand/single-sign-on/token-step-03.png b/docs/src/how-to/single-sign-on/understand/token-step-03.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-03.png
rename to docs/src/how-to/single-sign-on/understand/token-step-03.png
diff --git a/docs/src/understand/single-sign-on/token-step-04.png b/docs/src/how-to/single-sign-on/understand/token-step-04.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-04.png
rename to docs/src/how-to/single-sign-on/understand/token-step-04.png
diff --git a/docs/src/understand/single-sign-on/token-step-05.png b/docs/src/how-to/single-sign-on/understand/token-step-05.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-05.png
rename to docs/src/how-to/single-sign-on/understand/token-step-05.png
diff --git a/docs/src/understand/single-sign-on/token-step-06.png b/docs/src/how-to/single-sign-on/understand/token-step-06.png
similarity index 100%
rename from docs/src/understand/single-sign-on/token-step-06.png
rename to docs/src/how-to/single-sign-on/understand/token-step-06.png
diff --git a/docs/src/index.md b/docs/src/index.md
new file mode 100644
index 0000000000..c5b3d5b4db
--- /dev/null
+++ b/docs/src/index.md
@@ -0,0 +1,46 @@
+% Wire documentation master file, created by
+% sphinx-quickstart on Thu Jul 18 13:44:11 2019.
+% You can adapt this file completely to your liking, but it should at least
+% contain the root `toctree` directive.
+
+# Welcome to Wire's documentation!
+
+If you are a Wire end-user, please check out our [support pages](https://support.wire.com/).
+
+The targeted audience of this documentation is:
+
+- the curious power-user (people who want to understand how the server components of Wire work)
+- on-premise operators/administrators (people who want to self-host Wire-Server on their own datacentres or cloud)
+- developers (people who are working with the wire-server source code)
+
+If you are a developer, you may want to check out the "Notes for developers" first.
+
+This documentation may be expanded in the future to cover other aspects of Wire.
+
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:maxdepth: 1
+
+Release notes <release-notes>
+Administrator's Guide <how-to/index>
+Understanding wire-server components <understand/index>
+Single-Sign-On and user provisioning <how-to/single-sign-on/index.rst>
+Client API documentation <understand/api-client-perspective/index>
+Security responses <security-responses/index>
+Notes for developers <developer/index>
+```
+
+% Overview <understand/overview>
+
+% commented out for now...
+
+% Indices and tables
+
+% ==================
+
+% * :ref:`genindex`
+
+% * :ref:`modindex`
+
+% * :ref:`search`
diff --git a/docs/src/index.rst b/docs/src/index.rst
deleted file mode 100644
index 28721d822a..0000000000
--- a/docs/src/index.rst
+++ /dev/null
@@ -1,43 +0,0 @@
-.. Wire documentation master file, created by
-   sphinx-quickstart on Thu Jul 18 13:44:11 2019.
-   You can adapt this file completely to your liking, but it should at least
-   contain the root `toctree` directive.
-
-Welcome to Wire's documentation!
-===============================================
-
-If you are a Wire end-user, please check out our `support pages <https://support.wire.com/>`_.
-
-The targeted audience of this documentation is:
-
-* the curious power-user (people who want to understand how the server components of Wire work)
-* on-premise operators/administrators (people who want to self-host Wire-Server on their own datacentres or cloud)
-* developers (people who are working with the wire-server source code)
-
-If you are a developer, you may want to check out the "Notes for developers" first.
-
-This documentation may be expanded in the future to cover other aspects of Wire.
-
-.. toctree::
-   :maxdepth: 1
-   :caption: Contents:
-   :glob:
-
-   Release notes <release-notes.rst>
-   Administrator's Guide <how-to/index.rst>
-   Understanding wire-server components <understand/index.rst>
-   Administrator's manual: single-sign-on and user provisioning <understand/single-sign-on/main.rst>
-   Client API documentation <understand/api-client-perspective/index.rst>
-   Security responses <security-responses/index.rst>
-   Notes for developers <developer/index.rst>
-
-..   Overview <understand/overview>
-
-.. commented out for now...
-
-.. Indices and tables
-.. ==================
-
-.. * :ref:`genindex`
-.. * :ref:`modindex`
-.. * :ref:`search`
diff --git a/docs/src/release-notes.rst b/docs/src/release-notes.md
similarity index 51%
rename from docs/src/release-notes.rst
rename to docs/src/release-notes.md
index 497af3cca3..478db87668 100644
--- a/docs/src/release-notes.rst
+++ b/docs/src/release-notes.md
@@ -1,14 +1,13 @@
-.. _release-notes:
+(release-notes)=
 
-Release notes
--------------
+# Release notes
 
 This page previously contained the release notes for the project, and they were manually updated each time a new release was done, due to limitations in Github's «releases» feature.
 
-However, Github since updated the feature, making this page un-necessary. 
+However, Github since updated the feature, making this page un-necessary.
 
-Go to → `GitHub - wireapp/wire-server: Wire back-end services <https://github.com/wireapp/wire-server/>`_
+Go to → [GitHub - wireapp/wire-server: Wire back-end services](https://github.com/wireapp/wire-server/)
 
-→ Look at releases on right hand side. They are shown by date of release. `Release Notes <https://github.com/wireapp/wire-server/releases>`_
+→ Look at releases on right hand side. They are shown by date of release. [Release Notes](https://github.com/wireapp/wire-server/releases)
 
-→ Open the CHANGELOG.md. This will give you chart version.
\ No newline at end of file
+→ Open the CHANGELOG.md. This will give you chart version.
diff --git a/docs/src/security-responses/2021-12-15_log4shell.md b/docs/src/security-responses/2021-12-15_log4shell.md
new file mode 100644
index 0000000000..b567c21e74
--- /dev/null
+++ b/docs/src/security-responses/2021-12-15_log4shell.md
@@ -0,0 +1,90 @@
+# 2021-12 - log4shell
+
+Last updated: 2021-12-15
+
+This page concerns ON-PREMISE (i.e. self-hosted) installations of wire-server as documented in <https://docs.wire.com> and its possible vulnerability to “log4shell” / CVE-2021-44228 and CVE-2021-45046.
+
+## Introduction
+
+The “log4shell” vulnerability ([CVE-2021-44228](https://www.cve.org/CVERecord?id=CVE-2021-44228) and [CVE-2021-45046](https://www.cve.org/CVERecord?id=CVE-2021-45046)) concerns a logging library “log4j” used in Java or JVM software components.
+
+- Wire-server’s source code is not written in a JVM language (it's written mostly in Haskell), and as such, is not vulnerable.
+
+- Wire-server makes use of Cassandra, which is running on the JVM, however as of version 2.1 no longer makes use of log4j (it uses logback). Since the start of Wire’s on-premise product, we have used Cassandra versions > 3 (currently 3.11), which is not vulnerable.
+
+- Wire-server makes use of **Elasticsearch**, which **does use log4j. See the section below for details**.
+
+- All other components Wire-server’s on-premise current and near-time-future product relies on are not based on the JVM and as such are not vulnerable:
+
+  > - Calling restund/SFT servers: written in C
+  > - Minio: written in Go
+  > - Redis: written in C
+  > - Nginx: written in C
+  > - Wire-Server: written in Haskell
+  > - Wire-Frontend (webapp, team settings): written in Javascript / NodeJS
+  > - Fake-aws components: based on localstack written in python or for SQS written in ruby
+  > - fake-aws-dynamodb: this component is JVM based and was used in the past on on-premise installations, but should not be in use anymore these days. If it is still in use in your environment, please stop using it: all recent versions of wire-server since June 2021 will not make use of that component anymore. Even if still in use, it does not store or log any user-provided data nor is it internet-facing and as such should pose little to no risk.
+  > - Upcoming releases may have wire-server-metrics: prometheus (Ruby), node-exporter (Golang) and Grafana (Golang)
+  > - Upcoming releases may have: Logging/Kibana: fluent-bit (C), Kibana (JavaScript), ElasticSearch (covered in section below)
+
+## Elasticsearch
+
+Wire uses Elasticsearch for for storing indexes used when searching for users in Wire.
+
+Elasticsearch clusters are not directly user-facing or internet-facing and it is therefore not immediately possible to inject problematic exploit strings into elasticsearch’s own logging (i.e. elasticsearch stores user-provided data, but doesn’t itself log this data).
+
+*Example: A Wire user display name will be stored inside elasticsearch, but not logged by elasticsearch (elasticsearch logs mostly contain information about connectivity to other elasticsearch processes)*
+
+Hypothetically, the log4shell exploit could be combined with another exploit which would allow an attacker to get Elasticsearch to log some of the data stored inside its cluster. As elasticsearch is not internet-facing, this doesn’t look easy to exploit.
+
+In addition as per Elastics’s [own information on the matter](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476)
+
+> "Elasticsearch 6 and 7 are not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Investigation into Elasticsearch 5 is ongoing. Elasticsearch running on JDK8 or below is susceptible to an information leak via DNS which is fixable by the JVM property identified below. The JVM option identified below is effective for Elasticsearch versions 5.5+, 6.5+, and 7+"
+
+The JVM property referred to is  `-Dlog4j2.formatMsgNoLookups=true`
+
+[Update 15th December about CVE-2021-45046 from Elasitic](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476):
+
+> "Update 15 December: A further vulnerability (CVE-2021-45046) was disclosed on December 14th after it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Our guidance for Elasticsearch \[...\] are unchanged by this new vulnerability"
+
+Wire on-premise installations contain a version of Elasticsearch between \[`6.6.0` and `6.8.18`\] at the time of writing.
+
+**As such, while ElasticSearch is affected, it is A. only susceptible to an information leak, not to remote code execution and B. not easily exploitable due to the way Wire uses ElasticSearch.**
+
+Still, if you’d like to avoid even the potential information leak problem:
+
+## Disable log4jLookups:
+
+If you have followed our official documentation on [https://docs.wire.com](https://docs.wire.com), then Elasticsearch on premise was set up using [wire-server-deploy](https://github.com/wireapp/wire-server-deploy)  using the `./ansible/elasticsearch.yml` playbook, which installs a vulnerable Log4J `2.11.1`:
+
+```
+find / | grep -i log4j
+./etc/elasticsearch/HOSTNAME/log4j2.properties
+./usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
+./usr/share/elasticsearch/lib/log4j-1.2-api-2.11.1.jar
+./usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
+```
+
+The BSI [recommends](https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3) to mitigate setting the `log4j2.formatMsgNoLookups` to True in the JVM options. Elastic [recommends](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) the same mitigation.
+
+You can do this in the concrete Wire on-premise case using:
+
+First, ssh to all your elasticsearch machines and do the following:
+
+```shell
+find /etc/elasticsearch | grep jvm.options
+
+# set this variable with the filepath found from above, usually something like
+# /etc/elasticsearch/<hostname>/jvm.options
+JVM_OPTIONS_FILE=
+
+# run the following to add the mitigation log4j flag (command is idempotent)
+grep  "\-Dlog4j2.formatMsgNoLookups=True" "$JVM_OPTIONS_FILE" || echo "-Dlog4j2.formatMsgNoLookups=True" >> "$JVM_OPTIONS_FILE"
+```
+
+Next, restart your cluster using instructions provided in {ref}`restart-elasticsearch`.
+
+## Further information
+
+- A mitigation for this with fresh on-premise installations is introduced in [https://github.com/wireapp/wire-server-deploy/pull/526](https://github.com/wireapp/wire-server-deploy/pull/526)
+- We have of course fully applied the above counter measures to our cloud offering. We have no evidence that this vulnerability was used to launch an attack before this. Any hypothetical undetected attack would have required additional security vulnerabilities to be successful.
diff --git a/docs/src/security-responses/2021-12-15_log4shell.rst b/docs/src/security-responses/2021-12-15_log4shell.rst
deleted file mode 100644
index 741d2622cc..0000000000
--- a/docs/src/security-responses/2021-12-15_log4shell.rst
+++ /dev/null
@@ -1,103 +0,0 @@
-2021-12 - log4shell
---------------------
-
-Last updated: 2021-12-15
-
-This page concerns ON-PREMISE (i.e. self-hosted) installations of wire-server as documented in https://docs.wire.com and its possible vulnerability to “log4shell” / CVE-2021-44228 and CVE-2021-45046.
-
-Introduction
-~~~~~~~~~~~~~
-
-The “log4shell” vulnerability (`CVE-2021-44228 <https://www.cve.org/CVERecord?id=CVE-2021-44228>`__ and `CVE-2021-45046 <https://www.cve.org/CVERecord?id=CVE-2021-45046>`__) concerns a logging library “log4j” used in Java or JVM software components.
-
-* Wire-server’s source code is not written in a JVM language (it's written mostly in Haskell), and as such, is not vulnerable.
-
-* Wire-server makes use of Cassandra, which is running on the JVM, however as of version 2.1 no longer makes use of log4j (it uses logback). Since the start of Wire’s on-premise product, we have used Cassandra versions > 3 (currently 3.11), which is not vulnerable.
-
-* Wire-server makes use of **Elasticsearch**, which **does use log4j. See the section below for details**.
-
-* All other components Wire-server’s on-premise current and near-time-future product relies on are not based on the JVM and as such are not vulnerable:
-
-    * Calling restund/SFT servers: written in C
-
-    * Minio: written in Go
-
-    * Redis: written in C
-
-    * Nginx: written in C
-
-    * Wire-Server: written in Haskell
-
-    * Wire-Frontend (webapp, team settings): written in Javascript / NodeJS
-
-    * Fake-aws components: based on localstack written in python or for SQS written in ruby
-
-    * fake-aws-dynamodb: this component is JVM based and was used in the past on on-premise installations, but should not be in use anymore these days. If it is still in use in your environment, please stop using it: all recent versions of wire-server since June 2021 will not make use of that component anymore. Even if still in use, it does not store or log any user-provided data nor is it internet-facing and as such should pose little to no risk.
-
-    * Upcoming releases may have wire-server-metrics: prometheus (Ruby), node-exporter (Golang) and Grafana (Golang)
-
-    * Upcoming releases may have: Logging/Kibana: fluent-bit (C), Kibana (JavaScript), ElasticSearch (covered in section below)
-
-Elasticsearch
-~~~~~~~~~~~~~
-
-Wire uses Elasticsearch for for storing indexes used when searching for users in Wire.
-
-Elasticsearch clusters are not directly user-facing or internet-facing and it is therefore not immediately possible to inject problematic exploit strings into elasticsearch’s own logging (i.e. elasticsearch stores user-provided data, but doesn’t itself log this data).
-
-*Example: A Wire user display name will be stored inside elasticsearch, but not logged by elasticsearch (elasticsearch logs mostly contain information about connectivity to other elasticsearch processes)*
-
-Hypothetically, the log4shell exploit could be combined with another exploit which would allow an attacker to get Elasticsearch to log some of the data stored inside its cluster. As elasticsearch is not internet-facing, this doesn’t look easy to exploit.
-
-In addition as per Elastics’s `own information on the matter <https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476>`__
-
-    "Elasticsearch 6 and 7 are not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Investigation into Elasticsearch 5 is ongoing. Elasticsearch running on JDK8 or below is susceptible to an information leak via DNS which is fixable by the JVM property identified below. The JVM option identified below is effective for Elasticsearch versions 5.5+, 6.5+, and 7+"
-
-The JVM property referred to is  ``-Dlog4j2.formatMsgNoLookups=true``
-
-`Update 15th December about CVE-2021-45046 from Elasitic <https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476>`__:
-
-    "Update 15 December: A further vulnerability (CVE-2021-45046) was disclosed on December 14th after it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Our guidance for Elasticsearch [...] are unchanged by this new vulnerability"
-
-Wire on-premise installations contain a version of Elasticsearch between [``6.6.0`` and ``6.8.18``] at the time of writing.
-
-**As such, while ElasticSearch is affected, it is A. only susceptible to an information leak, not to remote code execution and B. not easily exploitable due to the way Wire uses ElasticSearch.**
-
-Still, if you’d like to avoid even the potential information leak problem:
-
-Disable log4jLookups:
-~~~~~~~~~~~~~~~~~~~~~
-
-If you have followed our official documentation on `<https://docs.wire.com>`__, then Elasticsearch on premise was set up using `wire-server-deploy <https://github.com/wireapp/wire-server-deploy>`__  using the ``./ansible/elasticsearch.yml`` playbook, which installs a vulnerable Log4J ``2.11.1``::
-
-    find / | grep -i log4j
-    ./etc/elasticsearch/HOSTNAME/log4j2.properties
-    ./usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
-    ./usr/share/elasticsearch/lib/log4j-1.2-api-2.11.1.jar
-    ./usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
-
-The BSI `recommends <https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3>`__ to mitigate setting the ``log4j2.formatMsgNoLookups`` to True in the JVM options. Elastic `recommends <https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476>`__ the same mitigation.
-
-You can do this in the concrete Wire on-premise case using:
-
-First, ssh to all your elasticsearch machines and do the following:
-
-.. code:: shell
-
-    find /etc/elasticsearch | grep jvm.options
-
-    # set this variable with the filepath found from above, usually something like
-    # /etc/elasticsearch/<hostname>/jvm.options
-    JVM_OPTIONS_FILE=
-
-    # run the following to add the mitigation log4j flag (command is idempotent)
-    grep  "\-Dlog4j2.formatMsgNoLookups=True" "$JVM_OPTIONS_FILE" || echo "-Dlog4j2.formatMsgNoLookups=True" >> "$JVM_OPTIONS_FILE"
-
-Next, restart your cluster using instructions provided in :ref:`restart-elasticsearch`.
-
-Further information
-~~~~~~~~~~~~~~~~~~~
-
-* A mitigation for this with fresh on-premise installations is introduced in `<https://github.com/wireapp/wire-server-deploy/pull/526>`__
-
-* We have of course fully applied the above counter measures to our cloud offering. We have no evidence that this vulnerability was used to launch an attack before this. Any hypothetical undetected attack would have required additional security vulnerabilities to be successful.
diff --git a/docs/src/security-responses/index.md b/docs/src/security-responses/index.md
new file mode 100644
index 0000000000..a0c58f66ff
--- /dev/null
+++ b/docs/src/security-responses/index.md
@@ -0,0 +1,14 @@
+(security-responses)=
+
+# Security responses
+
+% comment: The toctree directive below takes a list of the pages you want to appear in order,
+% and '*' is used to include any other pages in the federation directory in alphabetical order
+
+```{toctree}
+:glob: true
+:maxdepth: 1
+:reversed: true
+
+*
+```
diff --git a/docs/src/security-responses/index.rst b/docs/src/security-responses/index.rst
deleted file mode 100644
index 1c1e3077c0..0000000000
--- a/docs/src/security-responses/index.rst
+++ /dev/null
@@ -1,16 +0,0 @@
-.. _security_responses:
-
-++++++++++++++++++
-Security responses
-++++++++++++++++++
-
-..
-   comment: The toctree directive below takes a list of the pages you want to appear in order,
-   and '*' is used to include any other pages in the federation directory in alphabetical order
-
-.. toctree::
-   :maxdepth: 1
-   :glob:
-   :reversed:
-
-   *
diff --git a/docs/src/understand/api-client-perspective/authentication.md b/docs/src/understand/api-client-perspective/authentication.md
new file mode 100644
index 0000000000..51cb738b85
--- /dev/null
+++ b/docs/src/understand/api-client-perspective/authentication.md
@@ -0,0 +1,435 @@
+# Authentication
+
+% useful vim replace commands when porting markdown -> restructured text:
+
+% :%s/.. raw:: html//g
+
+% :%s/   <a name="\(.*\)"\/>/.. _\1:/gc
+
+## Access Tokens
+
+The authentication protocol used by the API is loosely inspired by the
+[OAuth2 protocol](http://oauth.net/2/). As such, API requests are
+authorised through so-called [bearer
+tokens](https://tools.ietf.org/html/rfc6750). For as long as a bearer
+token is valid, it grants access to the API under the identity of the
+user whose credentials have been used for the [login]. The
+current validity of access tokens is `15 minutes`, however, that may
+change at any time without prior notice.
+
+In order to obtain new access tokens without having to ask the user for
+his credentials again, so-called "user tokens" are issued which are
+issued in the form of a `zuid` HTTP
+[cookie](https://en.wikipedia.org/wiki/HTTP_cookie). These cookies
+have a long lifetime (if {ref}`persistent <login-persistent>` typically
+at least a few months) and their use is strictly limited to the
+{ref}`/access <token-refresh>` endpoint used for token refresh.
+{ref}`Persistent <login-persistent>` access cookies are regularly
+refreshed as part of an {ref}`access token refresh <token-refresh>`.
+
+An access cookie is obtained either directly after registration or through a
+subsequent {ref}`login <login>`. A successful login provides both an access
+cookie and and access token. Both access token and cookie must be stored safely
+and kept confidential. User passwords should not be stored.
+
+As of yet, there is no concept of authorising third-party applications to
+perform operations on the API on behalf of a user (Notable exceptions:
+{ref}`sso`). Such functionality may be provided in the future through
+standardised OAuth2 flows.
+
+To authorise an API request, the access token must be provided via the
+HTTP `Authorization` header with the `Bearer` scheme as follows:
+
+```
+Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
+```
+
+While the API currently also supports passing the access token in the
+query string of a request, this approach is highly discouraged as it
+unnecessarily exposes access tokens (e.g. in server logs) and thus might
+be removed in the future.
+
+(login)=
+
+## Login - `POST /login`
+
+A login is the process of authenticating a user either through a known secret in
+a {ref}`password login <login-password>` or by proving ownership of a verified
+phone number associated with an account in an {ref}`SMS login <login-sms>`. The
+response to a successful login contains an access cookie in a `Set-Cookie`
+header and an access token in the JSON response body.
+
+(login-cookies)=
+
+### Cookies
+
+There is a hard limit for the number of session-scoped access cookies and the same
+amount of persistent access cookies per user account. When this number is
+reached, old cookies are removed when new ones are issued. Thereby, the cookies
+with the oldest expiration timestamp are removed first. The removal takes the
+type of the cookie to issue into account. I.e. session cookies are replaced by
+session cookies, persistent cookies are replaced by persistent cookies.
+
+To prevent performance issues and malicious usages of the API, there is a
+throttling mechanism in place. When the maximum number of cookies of one type
+are issued, it's checked that login calls don't happen too frequently (too
+quickly after one another.)
+
+In case of throttling no cookie gets issued. The error response ([HTTP status
+code 429](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429)) has
+a `Retry-After` header which specifies the time to wait before accepting the
+next request in Seconds.
+
+Being throttled is a clear indicator of incorrect API usage. There is no need to
+login many times in a row on the same device. Instead, the cookie should be
+re-used.
+
+The corresponding backend configuration settings are described in:
+{ref}`auth-cookie-config` .
+
+(login-password)=
+
+### Password Login
+
+To perform a password login, send a `POST` request to the `/login`
+endpoint, providing either a verified email address or phone number and
+the corresponding password. For example:
+
+```
+POST /login HTTP/1.1
+[headers omitted]
+
+{
+    "email": "me@wire.com",
+    "password": "Quo2Booz"
+}
+```
+
+If a phone number is used, the `phone` field is used instead of
+`email`. If a @handle is used, the `handle` field is used instead of
+`email` (note that the handle value should be sent *without* the `@`
+symbol). Assuming the credentials are correct, the API will respond with
+a `200 OK` and an access token and cookie:
+
+```
+HTTP/1.1 200 OK
+zuid=...; Expires=Fri, 02-Aug-2024 09:15:54 GMT; Domain=zinfra.io; Path=/access; HttpOnly; Secure
+[other headers omitted]
+
+{
+    "expires_in": 900,
+    "access_token": "fmmLpDSjArpksFv57r5rDrzZZlj...",
+    "token_type": "Bearer"
+}
+```
+
+%
+
+> The `Domain` of the cookie will be different depending on the
+> environment.
+
+The value of `expires_in` is the number of seconds that the
+`access_token` is valid from the moment it was issued.
+
+As of yet, the `token_type` is always `Bearer`.
+
+(login-sms)=
+
+### SMS Login
+
+To perform an SMS login, first request an SMS code to be sent to a
+verified phone number:
+
+```
+POST /login/send HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890"
+}
+```
+
+An SMS with a short-lived login code will be sent. Upon receiving the
+SMS and extracting the code from it, the login can be performed using
+the `phone` and `code` as follows:
+
+```
+POST /login HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890",
+    "code": "123456"
+}
+```
+
+A successful response is identical to that of a {ref}`password
+login <login-password>`.
+
+(login-persistent)=
+
+### Persistent Logins
+
+By default, access cookies are issued as [session
+cookies](https://en.wikipedia.org/wiki/HTTP_cookie#Session_cookie)
+with a validity of 1 week. Furthermore, these session cookies are not
+refreshed as part of an {ref}`access token refresh <token-refresh>`. To
+request a `persistent` access cookie which does get refreshed, specify
+the `persist=true` parameter during a login:
+
+```
+POST /login?persist=true HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890",
+    "code": "123456"
+}
+```
+
+All access cookies returned on registration are persistent.
+
+(token-refresh)=
+
+### FAQ: is my cookie a persistent cookie or a session cookie?
+
+When you log in **without** the `persist=true` query parameter, or
+with persist=false, you get a `session cookie`, which means it has no
+expiration date set, and will expire when you close the browser (and on
+the backend has a validity of max 1 day or 1 week (configurable, see
+current config in [hegemony](https://github.com/zinfra/hegemony)).
+Example **session cookie**:
+
+```
+POST /login?persist=false
+
+Set-Cookie: zuid=(redacted); Path=/access; Domain=zinfra.io; HttpOnly; Secure
+```
+
+When you log in **with** `persist=true`, you get a persistent cookie,
+which means it has *some* expiration date. In production this is
+currently 56 days (again, configurable, check current config in
+[hegemony](https://github.com/zinfra/hegemony)) and can be renewed
+during token refresh. Example **persistent cookie**:
+
+```
+POST /login?persist=true
+
+Set-Cookie: zuid=(redacted); Path=/access; Expires=Thu, 10-Jan-2019 10:43:28 GMT; Domain=zinfra.io; HttpOnly; Secure
+```
+
+## Token Refresh - `POST /access`
+
+Since access tokens have a relatively short lifetime to limit the time
+window of abuse for a captured token, they need to be regularly
+refreshed. In order to refresh an access token, send a `POST` reques
+to `/access`, including the access cookie in the `Cookie` header and
+the old (possibly expired) access token in the `Authorization` header:
+
+```
+POST /access HTTP/1.1
+Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
+Cookie: zuid=...
+[other headers omitted]
+
+<empty body>
+```
+
+Providing the old access token is not required but strongly recommended
+as it will link the new access token to the old, enabling the API to see
+the new access token as a continued session of the same client.
+
+As part of an access token refresh, the response may also contain a new
+`zuid` access cookie in form of a `Set-Cookie` header. A client must
+expect a new `zuid` cookie as part of any access token refresh and
+replace the existing cookie appropriately.
+
+(cookies-1)=
+
+## Cookie Management
+
+(cookies-logout)=
+
+### Logout - `POST /access/logout`
+
+An explicit logout effectively deletes the cookie used to perform the
+operation:
+
+```
+POST /access/logout HTTP/1.1
+Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
+Cookie: zuid=...
+[other headers omitted]
+
+<empty body>
+```
+
+Afterwards, the cookie that was sent as part of the `Cookie` header is
+no longer valid.
+
+If a client offers an explicit logout, this operation must be performed.
+An explicit logout is especially important for Web clients.
+
+(cookies-labels)=
+
+### Labels
+
+Cookies can be labeled by specifying a `label` during login or
+registration, e.g.:
+
+```
+POST /login?persist=true HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890",
+    "code": "123456",
+    "label": "Google Nexus 5"
+}
+```
+
+Specifying a label is recommended as it helps to identify the cookies in a
+user-friendly way and allows {ref}`selective revocation <cookies-revoke>` based
+on the labels.
+
+(cookies-list)=
+
+### Listing Cookies - `GET /cookies`
+
+To list the cookies currently associated with an account, send a `GET`
+request to `/cookies`. The response will contain a list of cookies,
+e.g.:
+
+```
+HTTP/1.1 200 OK
+[other headers omitted]
+
+{
+  "cookies": [
+    {
+      "time": "2015-06-04T14:29:23.000Z",
+      "id": 967153183,
+      "type": "session",
+      "label": null
+    },
+    {
+      "time": "2015-06-04T14:44:23.000Z",
+      "id": 942451749,
+      "type": "session",
+      "label": null
+    },
+    ...
+  ]
+}
+```
+
+Note that expired cookies are not automatically removed when they
+expire, only as new cookies are issued.
+
+(cookies-revoke)=
+
+### Revoking Cookies - `POST /cookies/remove`
+
+Cookies can be removed individually or in bulk either by specifying the full
+cookie structure as it is returned by {ref}`GET /cookies <cookies-list>` or only
+by their labels in a `POST` request to `/cookies/remove`, alongside with the
+user's credentials:
+
+```
+POST /cookies/remove HTTP/1.1
+[headers omitted]
+
+{
+    "ids": [{<cookie1>}, {<cookie2>}, ...],
+    "labels": ["<label1>", "<label2>", ...]
+    "email": "me@wire.com",
+    "password": "secret"
+}
+```
+
+Cookie removal currently requires an account with an email address and
+password.
+
+(password-reset)=
+
+## Password Reset - `POST /password-reset`
+
+A password reset can be used to set a new password if the existing password
+associated with an account has been forgotten. This is not to be confused with
+the act of merely changing your password for the purpose of password rotation or
+if you suspect your current password to be compromised.
+
+### Initiate a Password Reset
+
+To initiate a password reset, send a `POST` request to
+`/password-reset`, specifying either a verified email address or phone
+number for the account in question:
+
+```
+POST /password-reset HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890"
+}
+```
+
+For a phone number, the `phone` field would be used instead. As a
+result of a successful request, either a password reset key and code is
+sent via email or a password reset code is sent via SMS, depending on
+whether an email address or a phone number was provided. Password reset
+emails will contain a link to the [wire.com](https://www.wire.com/)
+website which will guide the user through the completion of the password
+reset, which means that the website will perform the necessary requests
+to complete the password reset. To complete a password reset initiated
+with a phone number, the completion of the password reset has to happen
+from the mobile client application itself.
+
+Once a password reset has been initiated for an email address or phone
+number, no further password reset can be initiated for the same email
+address or phone number before the prior reset is completed or times
+out. The current timeout for an initiated password reset is
+`10 minutes`.
+
+### Complete a Password Reset
+
+To complete a password reset, the password reset code, together with the
+new password and the `email` or `phone` used when initiating the
+reset (or the opaque `key` sent by mail) are sent to
+`/password-reset/complete` in a `POST` request:
+
+```
+POST /password-reset/complete HTTP/1.1
+[headers omitted]
+
+{
+    "phone": "+1234567890",
+    "code": "123456",
+    "password": "new-secret-password"
+}
+```
+
+There is a maximum of `3` attempts at completing a password reset,
+after which the password reset code becomes invalid and a new password
+reset must be initiated.
+
+A completed password reset results in all access cookies to be revoked,
+requiring the user to {ref}`login <login>`.
+
+## Related topics: SSO, Legalhold
+
+(sso)=
+
+### Single Sign-On
+
+Users that are part of a team, for which a team admin has configured SSO (Single Sign On), authentication can happen through SAML.
+
+More information:
+
+- {ref}`FAQ <trouble-shooting-faq>`
+- [setup howtos for various IdP vendors](https://docs.wire.com/how-to/single-sign-on/index.html)
+- [a few fragments that may help admins](https://github.com/wireapp/wire-server/blob/develop/docs/reference/spar-braindump.md)
+
+### LegalHold
+
+Users that are part of a team, for which a team admin has configured "LegalHold", can add a so-called "LegalHold" device. The endpoints in use to authenticate for a "LegalHold" Device are the same as for regular users, but the access tokens they get can only use a restricted set of API endpoints. See also [legalhold documentation on wire-server](https://github.com/wireapp/wire-server/blob/develop/docs/reference/team/legalhold.md)
diff --git a/docs/src/understand/api-client-perspective/authentication.rst b/docs/src/understand/api-client-perspective/authentication.rst
deleted file mode 100644
index 52630c58a6..0000000000
--- a/docs/src/understand/api-client-perspective/authentication.rst
+++ /dev/null
@@ -1,476 +0,0 @@
-Authentication
-==============
-
-.. useful vim replace commands when porting markdown -> restructured text:
-.. :%s/.. raw:: html//g
-.. :%s/   <a name="\(.*\)"\/>/.. _\1:/gc
-
-Access Tokens
--------------
-
-The authentication protocol used by the API is loosely inspired by the
-`OAuth2 protocol <http://oauth.net/2/>`__. As such, API requests are
-authorised through so-called `bearer
-tokens <https://tools.ietf.org/html/rfc6750>`__. For as long as a bearer
-token is valid, it grants access to the API under the identity of the
-user whose credentials have been used for the login_. The
-current validity of access tokens is ``15 minutes``, however, that may
-change at any time without prior notice.
-
-In order to obtain new access tokens without having to ask the user for
-his credentials again, so-called "user tokens" are issued which are
-issued in the form of a ``zuid`` HTTP
-`cookie <https://en.wikipedia.org/wiki/HTTP_cookie>`__. These cookies
-have a long lifetime (if `persistent <#login-persistent>`__, typically
-at least a few months) and their use is strictly limited to the
-`/access <#token-refresh>`__ endpoint used for token refresh.
-`Persistent <#login-persistent>`__ access cookies are regularly
-refreshed as part of an `access token refresh <#token-refresh>`__.
-
-An access cookie is obtained either directly after
-`registration <API-Registration#create-account>`__ or through a
-subsequent `login <#login>`__. A successful login provides both an
-access cookie and and access token. Both access token and cookie must be
-stored safely and kept confidential. User passwords should not be
-stored.
-
-As of yet, there is no concept of authorising third-party applications to
-perform operations on the API on behalf of a user (Notable exceptions:
-:ref:`sso`). Such functionality may be provided in the future through
-standardised OAuth2 flows.
-
-To authorise an API request, the access token must be provided via the
-HTTP ``Authorization`` header with the ``Bearer`` scheme as follows:
-
-::
-
-   Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
-
-While the API currently also supports passing the access token in the
-query string of a request, this approach is highly discouraged as it
-unnecessarily exposes access tokens (e.g. in server logs) and thus might
-be removed in the future.
-
-.. _login:
-
-Login - ``POST /login``
------------------------
-
-A login is the process of authenticating a user either through a known
-secret in a `password login <#login-password>`__ or by proving ownership
-of a verified phone number associated with an account in an `SMS
-login <#login-sms>`__. The response to a successful login contains an
-access cookie in a ``Set-Cookie`` header and an access token in the JSON
-response body.
-
-.. _login-cookies:
-
-Cookies
-~~~~~~~
-
-There is a hard limit for the number of session-scoped access cookies and the same
-amount of persistent access cookies per user account. When this number is
-reached, old cookies are removed when new ones are issued. Thereby, the cookies
-with the oldest expiration timestamp are removed first. The removal takes the
-type of the cookie to issue into account. I.e. session cookies are replaced by
-session cookies, persistent cookies are replaced by persistent cookies.
-
-To prevent performance issues and malicious usages of the API, there is a
-throttling mechanism in place. When the maximum number of cookies of one type
-are issued, it's checked that login calls don't happen too frequently (too
-quickly after one another.)
-
-In case of throttling no cookie gets issued. The error response (`HTTP status
-code 429 <https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429>`_) has
-a ``Retry-After`` header which specifies the time to wait before accepting the
-next request in Seconds.
-
-Being throttled is a clear indicator of incorrect API usage. There is no need to
-login many times in a row on the same device. Instead, the cookie should be
-re-used.
-
-The corresponding backend configuration settings are described in:
-:ref:`auth-cookie-config` .
-
-.. _login-password:
-
-Password Login
-~~~~~~~~~~~~~~
-
-To perform a password login, send a ``POST`` request to the ``/login``
-endpoint, providing either a verified email address or phone number and
-the corresponding password. For example:
-
-::
-
-   POST /login HTTP/1.1
-   [headers omitted]
-
-   {
-       "email": "me@wire.com",
-       "password": "Quo2Booz"
-   }
-
-If a phone number is used, the ``phone`` field is used instead of
-``email``. If a @handle is used, the ``handle`` field is used instead of
-``email`` (note that the handle value should be sent *without* the ``@``
-symbol). Assuming the credentials are correct, the API will respond with
-a ``200 OK`` and an access token and cookie:
-
-::
-
-   HTTP/1.1 200 OK
-   zuid=...; Expires=Fri, 02-Aug-2024 09:15:54 GMT; Domain=zinfra.io; Path=/access; HttpOnly; Secure
-   [other headers omitted]
-
-   {
-       "expires_in": 900,
-       "access_token": "fmmLpDSjArpksFv57r5rDrzZZlj...",
-       "token_type": "Bearer"
-   }
-
-..
-
-   The ``Domain`` of the cookie will be different depending on the
-   environment.
-
-The value of ``expires_in`` is the number of seconds that the
-``access_token`` is valid from the moment it was issued.
-
-As of yet, the ``token_type`` is always ``Bearer``.
-
-
-
-.. _login-sms:
-
-SMS Login
-~~~~~~~~~
-
-To perform an SMS login, first request an SMS code to be sent to a
-verified phone number:
-
-::
-
-   POST /login/send HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890"
-   }
-
-An SMS with a short-lived login code will be sent. Upon receiving the
-SMS and extracting the code from it, the login can be performed using
-the ``phone`` and ``code`` as follows:
-
-::
-
-   POST /login HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890",
-       "code": "123456"
-   }
-
-A successful response is identical to that of a `password
-login <#login-password>`__.
-
-
-
-.. _login-persistent:
-
-Persistent Logins
-~~~~~~~~~~~~~~~~~
-
-By default, access cookies are issued as `session
-cookies <https://en.wikipedia.org/wiki/HTTP_cookie#Session_cookie>`__
-with a validity of 1 week. Furthermore, these session cookies are not
-refreshed as part of an `access token refresh <#token-refresh>`__. To
-request a ``persistent`` access cookie which does get refreshed, specify
-the ``persist=true`` parameter during a login:
-
-::
-
-   POST /login?persist=true HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890",
-       "code": "123456"
-   }
-
-All access cookies returned on registration are persistent.
-
-
-
-.. _token-refresh:
-
-FAQ: is my cookie a persistent cookie or a session cookie?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When you log in **without** the ``persist=true`` query parameter, or
-with persist=false, you get a ``session cookie``, which means it has no
-expiration date set, and will expire when you close the browser (and on
-the backend has a validity of max 1 day or 1 week (configurable, see
-current config in `hegemony <https://github.com/zinfra/hegemony>`__).
-Example **session cookie**:
-
-::
-
-   POST /login?persist=false
-
-   Set-Cookie: zuid=(redacted); Path=/access; Domain=zinfra.io; HttpOnly; Secure
-
-When you log in **with** ``persist=true``, you get a persistent cookie,
-which means it has *some* expiration date. In production this is
-currently 56 days (again, configurable, check current config in
-`hegemony <https://github.com/zinfra/hegemony>`__) and can be renewed
-during token refresh. Example **persistent cookie**:
-
-::
-
-   POST /login?persist=true
-
-   Set-Cookie: zuid=(redacted); Path=/access; Expires=Thu, 10-Jan-2019 10:43:28 GMT; Domain=zinfra.io; HttpOnly; Secure
-
-Token Refresh - ``POST /access``
---------------------------------
-
-Since access tokens have a relatively short lifetime to limit the time
-window of abuse for a captured token, they need to be regularly
-refreshed. In order to refresh an access token, send a ``POST`` reques
-to ``/access``, including the access cookie in the ``Cookie`` header and
-the old (possibly expired) access token in the ``Authorization`` header:
-
-::
-
-   POST /access HTTP/1.1
-   Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
-   Cookie: zuid=...
-   [other headers omitted]
-
-   <empty body>
-
-Providing the old access token is not required but strongly recommended
-as it will link the new access token to the old, enabling the API to see
-the new access token as a continued session of the same client.
-
-As part of an access token refresh, the response may also contain a new
-``zuid`` access cookie in form of a ``Set-Cookie`` header. A client must
-expect a new ``zuid`` cookie as part of any access token refresh and
-replace the existing cookie appropriately.
-
-
-
-.. _cookies:
-
-Cookie Management
------------------
-
-
-
-.. _cookies-logout:
-
-Logout - ``POST /access/logout``
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-An explicit logout effectively deletes the cookie used to perform the
-operation:
-
-::
-
-   POST /access/logout HTTP/1.1
-   Authorization: Bearer fmmLpDSjArpksFv57r5rDrzZZlj...
-   Cookie: zuid=...
-   [other headers omitted]
-
-   <empty body>
-
-Afterwards, the cookie that was sent as part of the ``Cookie`` header is
-no longer valid.
-
-If a client offers an explicit logout, this operation must be performed.
-An explicit logout is especially important for Web clients.
-
-
-
-.. _cookies-labels:
-
-Labels
-~~~~~~
-
-Cookies can be labeled by specifying a ``label`` during login or
-registration, e.g.:
-
-::
-
-   POST /login?persist=true HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890",
-       "code": "123456",
-       "label": "Google Nexus 5"
-   }
-
-Specifying a label is recommended as it helps to identify the cookies in
-a user-friendly way and allows `selective
-revocation <#cookies-revoke>`__ based on the labels.
-
-
-
-.. _cookies-list:
-
-Listing Cookies - ``GET /cookies``
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To list the cookies currently associated with an account, send a ``GET``
-request to ``/cookies``. The response will contain a list of cookies,
-e.g.:
-
-::
-
-   HTTP/1.1 200 OK
-   [other headers omitted]
-
-   {
-     "cookies": [
-       {
-         "time": "2015-06-04T14:29:23.000Z",
-         "id": 967153183,
-         "type": "session",
-         "label": null
-       },
-       {
-         "time": "2015-06-04T14:44:23.000Z",
-         "id": 942451749,
-         "type": "session",
-         "label": null
-       },
-       ...
-     ]
-   }
-
-Note that expired cookies are not automatically removed when they
-expire, only as new cookies are issued.
-
-
-
-.. _cookies-revoke:
-
-Revoking Cookies - ``POST /cookies/remove``
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Cookies can be removed individually or in bulk either by specifying the
-full cookie structure as it is returned by `GET
-/cookies <#cookies-list>`__ or only by their labels in a ``POST``
-request to ``/cookies/remove``, alongside with the user's credentials:
-
-::
-
-   POST /cookies/remove HTTP/1.1
-   [headers omitted]
-
-   {
-       "ids": [{<cookie1>}, {<cookie2>}, ...],
-       "labels": ["<label1>", "<label2>", ...]
-       "email": "me@wire.com",
-       "password": "secret"
-   }
-
-Cookie removal currently requires an account with an email address and
-password.
-
-
-
-.. _password-reset:
-
-Password Reset - ``POST /password-reset``
------------------------------------------
-
-A password reset can be used to set a new password if the existing
-password associated with an account has been forgotten. This is not to
-be confused with the act of merely `changing your
-password <API-Users#self-change-password>`__ for the purpose of password
-rotation or if you suspect your current password to be compromised.
-
-Initiate a Password Reset
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To initiate a password reset, send a ``POST`` request to
-``/password-reset``, specifying either a verified email address or phone
-number for the account in question:
-
-::
-
-   POST /password-reset HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890"
-   }
-
-For a phone number, the ``phone`` field would be used instead. As a
-result of a successful request, either a password reset key and code is
-sent via email or a password reset code is sent via SMS, depending on
-whether an email address or a phone number was provided. Password reset
-emails will contain a link to the `wire.com <https://www.wire.com/>`__
-website which will guide the user through the completion of the password
-reset, which means that the website will perform the necessary requests
-to complete the password reset. To complete a password reset initiated
-with a phone number, the completion of the password reset has to happen
-from the mobile client application itself.
-
-Once a password reset has been initiated for an email address or phone
-number, no further password reset can be initiated for the same email
-address or phone number before the prior reset is completed or times
-out. The current timeout for an initiated password reset is
-``10 minutes``.
-
-Complete a Password Reset
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To complete a password reset, the password reset code, together with the
-new password and the ``email`` or ``phone`` used when initiating the
-reset (or the opaque ``key`` sent by mail) are sent to
-``/password-reset/complete`` in a ``POST`` request:
-
-::
-
-   POST /password-reset/complete HTTP/1.1
-   [headers omitted]
-
-   {
-       "phone": "+1234567890",
-       "code": "123456",
-       "password": "new-secret-password"
-   }
-
-There is a maximum of ``3`` attempts at completing a password reset,
-after which the password reset code becomes invalid and a new password
-reset must be initiated.
-
-A completed password reset results in all access cookies to be revoked,
-requiring the user to `login <#login>`__.
-
-Related topics: SSO, Legalhold
--------------------------------
-
-.. _sso:
-
-Single Sign-On
-~~~~~~~~~~~~~~~~~~
-
-Users that are part of a team, for which a team admin has configured SSO (Single Sign On), authentication can happen through SAML.
-
-More information:
-
-* :ref:`FAQ <trouble-shooting-faq>`
-* `setup howtos for various IdP vendors <https://docs.wire.com/how-to/single-sign-on/index.html>`__
-* `a few fragments that may help admins <https://github.com/wireapp/wire-server/blob/develop/docs/reference/spar-braindump.md>`__
-
-
-LegalHold
-~~~~~~~~~~
-
-Users that are part of a team, for which a team admin has configured "LegalHold", can add a so-called "LegalHold" device. The endpoints in use to authenticate for a "LegalHold" Device are the same as for regular users, but the access tokens they get can only use a restricted set of API endpoints. See also `legalhold documentation on wire-server <https://github.com/wireapp/wire-server/blob/develop/docs/reference/team/legalhold.md>`__
diff --git a/docs/src/understand/api-client-perspective/index.md b/docs/src/understand/api-client-perspective/index.md
new file mode 100644
index 0000000000..8bf19e4290
--- /dev/null
+++ b/docs/src/understand/api-client-perspective/index.md
@@ -0,0 +1,15 @@
+# Wire-server API documentation
+
+The following documentation provides information for, and takes the perspective of a Wire client developer. (wire-desktop, wire-android and wire-ios are examples of Wire Clients). This means only publicly accessible endpoints are mentioned.
+
+```{warning}
+This section of the documentation is very incomplete at the time of writing (summer 2020) - more pages on the client API will follow in the future.
+```
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+:titlesonly: true
+
+*
+```
diff --git a/docs/src/understand/api-client-perspective/index.rst b/docs/src/understand/api-client-perspective/index.rst
deleted file mode 100644
index d419508892..0000000000
--- a/docs/src/understand/api-client-perspective/index.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-Wire-server API documentation
-=============================
-
-The following documentation provides information for, and takes the perspective of a Wire client developer. (wire-desktop, wire-android and wire-ios are examples of Wire Clients). This means only publicly accessible endpoints are mentioned.
-
-.. warning::
-   This section of the documentation is very incomplete at the time of writing (summer 2020) - more pages on the client API will follow in the future.
-
-.. toctree::
-   :maxdepth: 2
-   :glob:
-   :titlesonly:
-
-   *
diff --git a/docs/src/understand/api-client-perspective/swagger.rst b/docs/src/understand/api-client-perspective/swagger.md
similarity index 67%
rename from docs/src/understand/api-client-perspective/swagger.rst
rename to docs/src/understand/api-client-perspective/swagger.md
index 5dd3d29e36..057d5beb2a 100644
--- a/docs/src/understand/api-client-perspective/swagger.rst
+++ b/docs/src/understand/api-client-perspective/swagger.md
@@ -1,5 +1,4 @@
-Swagger API documentation (all public endpoints)
-================================================
+# Swagger API documentation (all public endpoints)
 
 Our staging system provides swagger documentation of our public rest
 API.
@@ -11,21 +10,19 @@ documentation still has some endpoints, but the new one is getting more and more
 Please check the new docs first, and if you can't find what you're
 looking for, double-check the old.
 
-New docs
---------
+## New docs
 
 These docs show swagger 2.0:
 
-`new staging swagger page <https://staging-nginz-https.zinfra.io/api/swagger-ui/>`_
+[new staging swagger page](https://staging-nginz-https.zinfra.io/api/swagger-ui/)
 
-
-Old docs
---------
+## Old docs
 
 Some endpoints are only shown using swagger 1.2.
 
 At the time of writing, both swagger version 1.2 and version 2.0 are in use. If you are an employee of Wire, you can log in here and try out requests in the browser; if not, you can make use of the "List Operations" button on both 1.2 and 2.0 pages to see the possible API requests.
 
-Browse to our `old staging swagger page <https://staging-nginz-https.zinfra.io/swagger-ui/>`_ to see rendered swagger documentation for the remaining endpoints.
+Browse to our [old staging swagger page](https://staging-nginz-https.zinfra.io/swagger-ui/) to see rendered swagger documentation for the remaining endpoints.
 
-.. image:: img/swagger.png
+```{image} img/swagger.png
+```
diff --git a/docs/src/understand/federation/index.md b/docs/src/understand/federation/index.md
new file mode 100644
index 0000000000..48e78ea649
--- /dev/null
+++ b/docs/src/understand/federation/index.md
@@ -0,0 +1,24 @@
+(federation-understand)=
+
+# Wire Federation
+
+Wire Federation, once implemented, aims to allow multiple Wire-server {ref}`backends <glossary_backend>` to federate with each other. That means that a user 1 registered on backend A and a user 2 registered on backend B should be able to interact with each other as if they belonged to the same backend.
+
+```{note}
+Federation is as of January 2022 still work in progress, since the implementation of federation is ongoing, and certain design decision are still subject to change. Where possible documentation will indicate the state of implementation.
+
+Some sections of the documentation are still incomplete (indicated with a 'TODO' comment). Check back later for updates.
+```
+
+% comment: The toctree directive below takes a list of the pages you want to appear in order,
+% and '*' is used to include any other pages in the federation directory in alphabetical order
+
+```{toctree}
+:glob: true
+:maxdepth: 2
+:numbered: true
+
+introduction
+architecture
+*
+```
diff --git a/docs/src/understand/federation/index.rst b/docs/src/understand/federation/index.rst
deleted file mode 100644
index 70ff484f1f..0000000000
--- a/docs/src/understand/federation/index.rst
+++ /dev/null
@@ -1,25 +0,0 @@
-.. _federation-understand:
-
-+++++++++++++++++
-Wire Federation
-+++++++++++++++++
-
-Wire Federation, once implemented, aims to allow multiple Wire-server :ref:`backends <glossary_backend>` to federate with each other. That means that a user 1 registered on backend A and a user 2 registered on backend B should be able to interact with each other as if they belonged to the same backend.
-
-.. note::
-   Federation is as of January 2022 still work in progress, since the implementation of federation is ongoing, and certain design decision are still subject to change. Where possible documentation will indicate the state of implementation.
-
-   Some sections of the documentation are still incomplete (indicated with a 'TODO' comment). Check back later for updates.
-
-..
-   comment: The toctree directive below takes a list of the pages you want to appear in order,
-   and '*' is used to include any other pages in the federation directory in alphabetical order
-
-.. toctree::
-   :maxdepth: 2
-   :numbered:
-   :glob:
-
-   introduction
-   architecture
-   *
diff --git a/docs/src/understand/helm.md b/docs/src/understand/helm.md
new file mode 100644
index 0000000000..9b27659a75
--- /dev/null
+++ b/docs/src/understand/helm.md
@@ -0,0 +1,61 @@
+(understand-helm)=
+
+# Understanding helm
+
+See also the official [helm documentation](https://docs.helm.sh/). This page is meant to explain a few concepts directly relevant when installing wire-server helm charts.
+
+(understand-helm-overrides)=
+
+## Overriding helm configuration settings
+
+### Default values
+
+Default values are under a specific chart's `values.yaml` file, e.g. for the chart named `cassandra-ephemeral`, this file: [charts/cassandra-ephemeral/values.yaml](https://github.com/wireapp/wire-server/blob/develop/charts/cassandra-ephemeral/values.yaml). When you install or upgrade a chart, with e.g.:
+
+```
+helm upgrade --install my-cassandra wire/cassandra-ephemeral
+```
+
+Then the default values from above are used.
+
+### Overriding
+
+Overriding parts of the yaml configuration can be achieved by passing `-f path/to/override-file.yaml` when installing or upgrading a helm chart, like this:
+
+Create file my-file.yaml:
+
+```yaml
+cassandra-ephemeral:
+  resources:
+    requests:
+      cpu: "2"
+```
+
+Now you can install that chart with a custom value (using 2 cpu cores):
+
+```
+helm upgrade --install my-cassandra wire/cassandra-ephemeral -f my-values.yaml
+```
+
+### Sub charts
+
+If a chart uses sub charts, there can be overrides in the parent
+chart's `values.yaml` file, if namespaced to the sub chart.
+Example: if chart `parent` includes chart `child`, and
+`child`'s `values.yaml` has a default value `foo: bar`, and the
+`parent` chart's `values.yaml` has a value
+
+```yaml
+child:
+  foo: baz
+```
+
+then the value that will be used for `foo` by default is `baz` when you install the parent chart.
+
+Note that if you `helm install parent` but wish to override values for `child`, you need to pass them as above, indented underneath `child:` as above.
+
+### Multiple overrides
+
+If `-f <filename>` is used multiple times, the last file wins in case keys exist
+multiple times (there is no merge performed between multiple files passed to `-f`).
+This can lead to unexpected results. If you use multiple files with `-f`, ensure they don't overlap.
diff --git a/docs/src/understand/helm.rst b/docs/src/understand/helm.rst
deleted file mode 100644
index 3899186182..0000000000
--- a/docs/src/understand/helm.rst
+++ /dev/null
@@ -1,64 +0,0 @@
-.. _understand-helm:
-
-Understanding helm
-===================
-
-See also the official `helm documentation <https://docs.helm.sh/>`__. This page is meant to explain a few concepts directly relevant when installing wire-server helm charts.
-
-
-.. _understand-helm-overrides:
-
-Overriding helm configuration settings
-------------------------------------------
-
-Default values
-^^^^^^^^^^^^^^
-
-Default values are under a specific chart's ``values.yaml`` file, e.g. for the chart named ``cassandra-ephemeral``, this file: `charts/cassandra-ephemeral/values.yaml <https://github.com/wireapp/wire-server/blob/develop/charts/cassandra-ephemeral/values.yaml>`__. When you install or upgrade a chart, with e.g.::
-
-    helm upgrade --install my-cassandra wire/cassandra-ephemeral
-
-Then the default values from above are used.
-
-Overriding
-^^^^^^^^^^^
-
-Overriding parts of the yaml configuration can be achieved by passing ``-f path/to/override-file.yaml`` when installing or upgrading a helm chart, like this:
-
-Create file my-file.yaml:
-
-.. code:: yaml
-
-    cassandra-ephemeral:
-      resources:
-        requests:
-          cpu: "2"
-
-Now you can install that chart with a custom value (using 2 cpu cores)::
-
-    helm upgrade --install my-cassandra wire/cassandra-ephemeral -f my-values.yaml
-
-Sub charts
-^^^^^^^^^^^
-
-If a chart uses sub charts, there can be overrides in the parent
-chart's ``values.yaml`` file, if namespaced to the sub chart.
-Example: if chart ``parent`` includes chart ``child``, and
-``child``'s ``values.yaml`` has a default value ``foo: bar``, and the
-``parent`` chart's ``values.yaml`` has a value
-
-.. code:: yaml
-
-   child:
-     foo: baz
-
-then the value that will be used for ``foo`` by default is ``baz`` when you install the parent chart.
-
-Note that if you ``helm install parent`` but wish to override values for ``child``, you need to pass them as above, indented underneath ``child:`` as above.
-
-Multiple overrides
-^^^^^^^^^^^^^^^^^^^^
-
-If ``-f <filename>`` is used multiple times, the last file wins in case keys exist
-multiple times (there is no merge performed between multiple files passed to `-f`).
-This can lead to unexpected results. If you use multiple files with `-f`, ensure they don't overlap.
diff --git a/docs/src/understand/index.md b/docs/src/understand/index.md
new file mode 100644
index 0000000000..f7ca56369a
--- /dev/null
+++ b/docs/src/understand/index.md
@@ -0,0 +1,17 @@
+(understand)=
+
+# Understanding wire-server components
+
+This section is almost empty, more documentation will come soon...
+
+```{toctree}
+:glob: true
+:maxdepth: 1
+
+Overview </understand/overview.rst>
+Audio/video calling, restund servers (TURN/STUN) </understand/restund.rst>
+Conference Calling 2.0 (SFT) </understand/sft.rst>
+Minio </understand/minio.rst>
+Helm </understand/helm.rst>
+Federation </understand/federation/index.rst>
+```
diff --git a/docs/src/understand/index.rst b/docs/src/understand/index.rst
deleted file mode 100644
index 3cca9519a8..0000000000
--- a/docs/src/understand/index.rst
+++ /dev/null
@@ -1,17 +0,0 @@
-.. _understand:
-
-Understanding wire-server components
-====================================
-
-This section is almost empty, more documentation will come soon...
-
-.. toctree::
-   :maxdepth: 1
-   :glob:
-
-   Overview </understand/overview.rst>
-   Audio/video calling, restund servers (TURN/STUN) </understand/restund.rst>
-   Conference Calling 2.0 (SFT) </understand/sft.rst>
-   Minio </understand/minio.rst>
-   Helm </understand/helm.rst>
-   Federation </understand/federation/index.rst>
diff --git a/docs/src/understand/minio.rst b/docs/src/understand/minio.md
similarity index 86%
rename from docs/src/understand/minio.rst
rename to docs/src/understand/minio.md
index 0c8fb60c38..afd4e1cd27 100644
--- a/docs/src/understand/minio.rst
+++ b/docs/src/understand/minio.md
@@ -1,10 +1,8 @@
-Minio
-======
+# Minio
 
-Official minio documentation available: `<https://docs.min.io/>`_
+Official minio documentation available: [https://docs.min.io/](https://docs.min.io/)
 
-Minio philosophy
------------------
+## Minio philosophy
 
 Minio clusters are configured with a fixed size once, and cannot be resized
 afterwards. It is thus important to make a good conservative estimate about
@@ -23,8 +21,7 @@ cluster is starting to get full, you will need to set up a parallel bigger
 cluster, mirror everything to the new cluster, swap the DNS entries to
 the new one, and then decommission the old one.
 
-Hurdles from the trenches: disk usage statistics; directories vs. disks
------------------------------------------------------------------------
+## Hurdles from the trenches: disk usage statistics; directories vs. disks
 
 I have done some more go code reading and have solved more minio
 mysteries.  tl;dr: if you want to be safe, run minio on disks, not
@@ -35,7 +32,7 @@ to figure out the amount of available blocks.  If it's not a mount directory,
 it will just call `du .` in a for loop and update some counter (which sounds
 like a bad strategy to me).
 
-https://github.com/minio/minio/blob/e6d8e272ced8b54872c6df1ef2ad556092280224/cmd/posix.go#L320-L352
+<https://github.com/minio/minio/blob/e6d8e272ced8b54872c6df1ef2ad556092280224/cmd/posix.go#L320-L352>
 
 so the answer is: if you use minio, e.g. with mountpoints, it will silently do
 the right thing and if you configure it to use two directories on the same
diff --git a/docs/src/understand/notes/port-ranges.md b/docs/src/understand/notes/port-ranges.md
new file mode 100644
index 0000000000..94191336da
--- /dev/null
+++ b/docs/src/understand/notes/port-ranges.md
@@ -0,0 +1,36 @@
+---
+orphan: true
+---
+
+(port-ranges)=
+
+# Note on port ranges
+
+Some parts of Wire (SFT, Restund) related to conference calling and Audio/Video, establish outgoing connections in a range of UDP ports. Which ports are used is determined by the kernel using `/proc/sys/net/ipv4/ip_local_port_range`.
+
+The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port.
+
+You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number.
+
+When setting up firewall rules, this entire range must be allowed for both UDP and TCP.
+
+This range is defined by the system, and is set by the `/proc/sys/net/ipv4/ip_local_port_range` parameter.
+
+You read this range for your system by running the following command:
+
+```bash
+cat /proc/sys/net/ipv4/ip_local_port_range
+```
+
+Or by finding the following line in your `/etc/sysctl.conf` file, if it exists:
+
+```
+# Allowed local port range
+net.ipv4.ip_local_port_range = 32768 61000
+```
+
+To change the range, edit the `/etc/sysctl.conf` file or run the following command:
+
+```bash
+echo "32768 61001" > /proc/sys/net/ipv4/ip_local_port_range
+```
diff --git a/docs/src/understand/notes/port-ranges.rst b/docs/src/understand/notes/port-ranges.rst
deleted file mode 100644
index 0d2cc4e13b..0000000000
--- a/docs/src/understand/notes/port-ranges.rst
+++ /dev/null
@@ -1,36 +0,0 @@
-:orphan:
-
-.. _port-ranges:
-
-Note on port ranges
-===================
-
-Some parts of Wire (SFT, Restund) related to conference calling and Audio/Video, establish outgoing connections in a range of UDP ports. Which ports are used is determined by the kernel using ``/proc/sys/net/ipv4/ip_local_port_range``.
-
-The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. 
-
-You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number.
-
-When setting up firewall rules, this entire range must be allowed for both UDP and TCP. 
-
-This range is defined by the system, and is set by the ``/proc/sys/net/ipv4/ip_local_port_range`` parameter.
-
-You read this range for your system by running the following command:
-
-.. code-block:: bash
-
-    cat /proc/sys/net/ipv4/ip_local_port_range
-
-Or by finding the following line in your ``/etc/sysctl.conf`` file, if it exists:
-
-.. code-block::
-
-    # Allowed local port range
-    net.ipv4.ip_local_port_range = 32768 61000
-
-To change the range, edit the ``/etc/sysctl.conf`` file or run the following command:
-
-.. code-block:: bash
-
-    echo "32768 61001" > /proc/sys/net/ipv4/ip_local_port_range
-
diff --git a/docs/src/understand/overview.md b/docs/src/understand/overview.md
new file mode 100644
index 0000000000..56f203f707
--- /dev/null
+++ b/docs/src/understand/overview.md
@@ -0,0 +1,143 @@
+(overview)=
+
+# Overview
+
+## Introduction
+
+In a simplified way, the server components for Wire involve the following:
+
+```{image} img/architecture-server-simplified.png
+```
+
+The Wire clients (such as the Wire app on your phone) connect either directly (or via a load balancer) to the "Wire Server". By "Wire Server" we mean multiple API server components that connect to each other, and which also connect to a few databases. Both the API components and the databases are each in a "cluster", which means copies of the same program code runs multiple times. This allows any one component to fail without users noticing that there is a problem (also called
+"high-availability").
+
+## Architecture and networking
+
+Note that the webapp, account pages, and team-settings, while in a way not part of the backend,
+are installed with the rest and therefore included.
+
+### Focus on internet protocols
+
+```{image} ./img/architecture-tls-on-prem-2020-09.png
+```
+
+### Focus on high-availability
+
+The following diagram shows a usual setup with multiple VMs (Virtual Machines):
+
+```{image} ../how-to/install/img/architecture-server-ha.png
+```
+
+Wire clients (such as the Wire app on your phone) connect to a load balancer.
+
+The load balancer forwards traffic to the ingress inside the kubernetes VMs. (Restund is special, see {ref}`understand-restund` for details on how Restund works.)
+
+The nginx ingress pods inside kubernetes look at incoming traffic, and forward that traffic on to the right place, depending on what's inside the URL passed. For example, if a request comes in for `https://example-https.example.com`, it is forwarded to a component called `nginz`, which is the main entry point for the [wire-server API](https://github.com/wireapp/wire-server). If, however, a request comes in for `https://webapp.example.com`, it is forwarded to a component called [webapp](https://github.com/wireapp/wire-webapp), which hosts the graphical browser Wire client (as found when you open [https://app.wire.com](https://app.wire.com)).
+
+Wire-server needs a range of databases. Their names are: cassandra, elasticsearch, minio, redis, etcd.
+
+All the server components on one physical machine can connect to all the databases (also those on a different physical machine). The databases each connect to each-other, e.g. cassandra on machine 1 will connect to the cassandra VMs on machines 2 and 3.
+
+### Backend components startup
+
+The Wire server backend is designed to run on a kubernetes cluster. From a high level perspective the startup sequence from machine power-on to the Wire server being ready to receive requests is as follow:
+
+1. *Kubernetes node power on*. Systemd starts the kubelet service which makes the worker node available to kubernetes. For more details about kubernetes startup refer to [the official kubernetes documentation](https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/). For details about the installation and configuration of kubernetes and worker nodes for Wire server see {ref}`Installing kubernetes and databases on VMs with ansible <ansible-vms>`
+2. *Kubernetes workload startup*. Kubernetes will ensure that Wire server workloads installed via helm are scheduled on available worker nodes. For more details about workload scheduling refer to [the official kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/). For details about how to install Wire server with helm refer to {ref}`Installing wire-server (production) components using Helm <helm-prod>`.
+3. *Stateful workload startup*. Systemd starts the stateful services (cassandra, elasticsearch and minio). See for instance [ansible-cassandra role](https://github.com/wireapp/ansible-cassandra/blob/master/tasks/systemd.yml#L10) and other database installation instructions in {ref}`Installing kubernetes and databases on VMs with ansible <ansible-vms>`
+4. *Other services*. Systemd starts the restund docker container. See [ansible-restund role](https://github.com/wireapp/ansible-restund/blob/9807313a7c72ffa40e74f69d239404fd87db65ab/templates/restund.service.j2#L12-L19). For details about docker container startup [consult the official documentation](https://docs.docker.com/get-started/overview/#docker-architecture)
+
+```{note}
+For more information about Virual Machine startup or operating system level service startup, please consult your virtualisation and operating system documentation.
+```
+
+### Focus on pods
+
+The Wire backend runs in [a kubernetes cluster](https://kubernetes.io/), with different components running in different [pods](https://kubernetes.io/docs/concepts/workloads/pods/).
+
+This is a list of those pods as found in a typical installation.
+
+HTTPS Entry points:
+
+- `nginx-ingress-controller-controller`: [Ingress](https://kubernetes.github.io/ingress-nginx/) exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
+- `nginx-ingress-controller-default-backend`: [The default backend](https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/) is a service which handles all URL paths and hosts the nginx controller doesn't understand (i.e., all the requests that are not mapped with an Ingress), that is 404 pages. Part of `nginx-ingress`.
+
+Frontend pods:
+
+- `webapp`: The fully functioning Web client (like <https://app.wire.com>). [This pod](https://github.com/wireapp/wire-docs/blob/master/src/how-to/install/helm.rst#what-will-be-installed) serves the web interface itself, which then interfaces with other services/pods, such as the APIs.
+- `account-pages`: [This pod](https://github.com/wireapp/wire-docs/blob/master/src/how-to/install/helm.rst#what-will-be-installed) serves Web pages for user account management (a few pages relating to e.g. password reset).
+- `team-settings`: Team management Web interface (like <https://teams.wire.com>).
+
+Pods with an HTTP API:
+
+- `brig`: [The user management API service](https://github.com/wireapp/wire-server/tree/develop/services/brig). Connects to `cassandra` and `elastisearch` for user data storage, sends emails and SMS for account validation.
+- `cannon`: [WebSockets API Service](https://github.com/wireapp/wire-server/blob/develop/services/cannon/). Holds WebSocket connections.
+- `cargohold`: [Asset Storage API Service](https://docs.wire.com/how-to/install/aws-prod.html). Amazon-AWS-S3-style services are used by `cargohold` to store encrypted files that users are sharing amongst each other, such as images, files, and other static content, which we call assets. All assets except profile pictures are symmetrically encrypted before storage (and the keys are only known to the participants of the conversation in which an assets was shared - servers have no knowledge of the keys).
+- `galley`: [Conversations and Teams API Service](https://docs.wire.com/understand/api-client-perspective/index.html). Data is stored in cassandra. Uses `gundeck` to send notifications to users.
+- `nginz`: Public API Reverse Proxy (Nginx with custom libzauth module). A modified copy of nginx, compiled with a specific set of upstream extra modules, and one important additional module zauth_nginx_module. Responsible for user authentication validation. Forwards traffic to all other API services (except federator)
+- `spar`: [Single Sign On (SSO)](https://en.wikipedia.org/wiki/Single_sign-on) and [SCIM](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management). Stores data in cassandra.
+- `gundeck`: Push Notification Hub (WebSocket/mobile push notifications). Uses redis as a temporary data store for websocket presences. Uses Amazon SNS and SQS.
+- `federator`: [Connects different wire installations together](https://docs.wire.com/understand/federation/index.html). Wire Federation, once implemented, aims to allow multiple Wire-server backends to federate with each other. That means that a user 1 registered on backend A and a user 2 registered on backend B should be able to interact with each other as if they belonged to the same backend.
+
+Supporting pods and data storage:
+
+- `cassandra-ephemeral` (or `cassandra-external`): [NoSQL Database management system](https://github.com/wireapp/wire-server/tree/develop/charts/cassandra-ephemeral) (<https://en.wikipedia.org/wiki/Apache_Cassandra>). Everything stateful in wire-server (cassandra is used by `brig`, `galley`, `gundeck` and `spar`) is stored in cassandra.
+  \* `cassandra-ephemeral` is for test clusters where persisting the data (i.e. loose users, conversations,...) does not matter, but this shouldn't be used in production environments.
+  \* `cassandra-external` is used to point to an external cassandra cluster which is installed outside of Kubernetes.
+- `demo-smtp`: In "demo" installations, used to replace a proper external SMTP server for the sending of emails (for example verification codes). In production environments, an actual SMTP server is used directly instead of this pod. (<https://github.com/namshi/docker-smtp>)
+- `fluent-bit`: A log processor and forwarder, allowing collection of data such as metrics and logs from different sources. Not typically deployed. (<https://fluentbit.io/>)
+- `elastisearch-ephemeral` (or `elastisearch-external`): [Distributed search and analytics engines, stores some user information (name, handle, userid, teamid)](https://github.com/wireapp/wire-server/tree/develop/charts/elastisearch-external). Information is duplicated here from cassandra to allow searching for users. Information here can be re-populated from data in cassandra (albeit with some downtime for search functionality) (<https://www.elastic.co/what-is/elasticsearch>).
+  \* `elastisearch-ephemeral` is for test clusters where persisting the data doesn't matter.
+  \* `elastisearch-external` refers to elasticsearch IPs located outside kubernetes by specifying IPs manually.
+- `fake-aws-s3`: Amazon-AWS-S3-compatible object storage using MinIO (<https://min.io/>), used by cargohold to store (encrypted) assets such as files, posted images, profile pics, etc.
+- `fake-aws-s3-reaper`: Creates the default S3 bucket inside fake-aws-s3.
+- `fake-aws-sns`. [Amazon Simple Notification Service (Amazon SNS)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html), used to push messages to mobile devices or distributed services. SNS can publish a message once, and deliver it one or more times.
+- `fake-aws-sqs`: [Amazon Simple Queue Service (Amazon SQS) queue](https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html), used to transmit any volume of data without requiring other services to be always available.
+- `redis-ephemeral`: Stores websocket connection assignments (part of the `gundeck` / `cannon` architecture).
+
+Short running jobs that run during installation/upgrade (these should usually be in the status 'Completed' except immediately after installation/upgrade):
+
+- `cassandra-migrations`: Used to initialize or upgrade the database schema in cassandra (for example when the software is upgraded to a new version).
+- `galley-migrate-data`: Used to upgrade data in `cassandra` when the data model changes (for example when the software is upgraded to a new version).
+- `brig-index-migrate-data`: Used to upgrade data in `cassandra` when the data model changes in brig (for example when the software is upgraded to a new version)
+- `elastisearch-index-create`: [Creates](https://github.com/wireapp/wire-server/blob/develop/charts/elasticsearch-index/templates/create-index.yaml#L29) an Elastisearch index for brig.
+- `spar-migrate-data`: [Used to update spar data](https://github.com/wireapp/wire-server/blob/develop/charts/cassandra-migrations/templates/spar-migrate-data.yaml) in cassandra when schema changes occur.
+
+As an example, this is the result of running the `kubectl get pods --namespace wire` command to obtain a list of all pods in a typical cluster:
+
+```shell
+NAMESPACE      NAME                                                      READY   STATUS      RESTARTS   AGE
+wire           account-pages-54bfcb997f-hwxlf                            1/1     Running     0          85d
+wire           brig-58bc7f844d-rp2mx                                     1/1     Running     0          3h54m
+wire           brig-index-migrate-data-s7lmf                             0/1     Completed   0          3h33m
+wire           cannon-0                                                  1/1     Running     0          3h53m
+wire           cargohold-779bff9fc6-7d9hm                                1/1     Running     0          3h54m
+wire           cassandra-ephemeral-0                                     1/1     Running     0          176d
+wire           cassandra-migrations-66n8d                                0/1     Completed   0          3h34m
+wire           demo-smtp-784ddf6989-7zvsk                                1/1     Running     0          176d
+wire           elasticsearch-ephemeral-86f4b8ff6f-fkjlk                  1/1     Running     0          176d
+wire           elasticsearch-index-create-l5zbr                          0/1     Completed   0          3h34m
+wire           fake-aws-s3-77d9447b8f-9n4fj                              1/1     Running     0          176d
+wire           fake-aws-s3-reaper-78d9f58dd4-kf582                       1/1     Running     0          176d
+wire           fake-aws-sns-6c7c4b7479-nzfj2                             2/2     Running     0          176d
+wire           fake-aws-sqs-59fbfbcbd4-ptcz6                             2/2     Running     0          176d
+wire           federator-6d7b66f4d5-xgkst                                1/1     Running     0          3h54m
+wire           galley-5b47f7ff96-m9zrs                                   1/1     Running     0          3h54m
+wire           galley-migrate-data-97gn8                                 0/1     Completed   0          3h33m
+wire           gundeck-76c4599845-4f4pd                                  1/1     Running     0          3h54m
+wire           nginx-ingress-controller-controller-2nbkq                 1/1     Running     0          9d
+wire           nginx-ingress-controller-controller-8ggw2                 1/1     Running     0          9d
+wire           nginx-ingress-controller-default-backend-dd5c45cf-jlmbl   1/1     Running     0          176d
+wire           nginz-77d7586bd9-vwlrh                                    2/2     Running     0          3h54m
+wire           redis-ephemeral-master-0                                  1/1     Running     0          176d
+wire           spar-8576b6845c-npb92                                     1/1     Running     0          3h54m
+wire           spar-migrate-data-lz5ls                                   0/1     Completed   0          3h33m
+wire           team-settings-86747b988b-5rt45                            1/1     Running     0          50d
+wire           webapp-54458f756c-r7l6x                                   1/1     Running     0          3h54m
+                  1/1     Running     0          3h54m
+```
+
+```{note}
+This list is not exhaustive, and your installation may have additional pods running depending on your configuration.
+```
diff --git a/docs/src/understand/overview.rst b/docs/src/understand/overview.rst
deleted file mode 100644
index 71d2f2a45d..0000000000
--- a/docs/src/understand/overview.rst
+++ /dev/null
@@ -1,148 +0,0 @@
-Overview
-========
-
-Introduction
-------------
-
-In a simplified way, the server components for Wire involve the following:
-
-|arch-simplified|
-
-The Wire clients (such as the Wire app on your phone) connect either directly (or via a load balancer) to the "Wire Server". By "Wire Server" we mean multiple API server components that connect to each other, and which also connect to a few databases. Both the API components and the databases are each in a "cluster", which means copies of the same program code runs multiple times. This allows any one component to fail without users noticing that there is a problem (also called
-"high-availability").
-
-Architecture and networking
-----------------------------
-
-Note that the webapp, account pages, and team-settings, while in a way not part of the backend,
-are installed with the rest and therefore included.
-
-Focus on internet protocols
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-|arch-proto|
-
-
-Focus on high-availability
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following diagram shows a usual setup with multiple VMs (Virtual Machines):
-
-|arch-ha|
-
-Wire clients (such as the Wire app on your phone) connect to a load balancer.
-
-The load balancer forwards traffic to the ingress inside the kubernetes VMs. (Restund is special, see :ref:`understand-restund` for details on how Restund works.)
-
-The nginx ingress pods inside kubernetes look at incoming traffic, and forward that traffic on to the right place, depending on what's inside the URL passed. For example, if a request comes in for ``https://example-https.example.com``, it is forwarded to a component called ``nginz``, which is the main entry point for the `wire-server API <https://github.com/wireapp/wire-server>`__. If, however, a request comes in for ``https://webapp.example.com``, it is forwarded to a component called `webapp <https://github.com/wireapp/wire-webapp>`__, which hosts the graphical browser Wire client (as found when you open `<https://app.wire.com>`__).
-
-Wire-server needs a range of databases. Their names are: cassandra, elasticsearch, minio, redis, etcd.
-
-All the server components on one physical machine can connect to all the databases (also those on a different physical machine). The databases each connect to each-other, e.g. cassandra on machine 1 will connect to the cassandra VMs on machines 2 and 3.
-
-Backend components startup
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The Wire server backend is designed to run on a kubernetes cluster. From a high level perspective the startup sequence from machine power-on to the Wire server being ready to receive requests is as follow:
-
-1. *Kubernetes node power on*. Systemd starts the kubelet service which makes the worker node available to kubernetes. For more details about kubernetes startup refer to `the official kubernetes documentation <https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/>`__. For details about the installation and configuration of kubernetes and worker nodes for Wire server see :ref:`Installing kubernetes and databases on VMs with ansible <ansible_vms>`
-2. *Kubernetes workload startup*. Kubernetes will ensure that Wire server workloads installed via helm are scheduled on available worker nodes. For more details about workload scheduling refer to `the official kubernetes documentation <https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/>`__. For details about how to install Wire server with helm refer to :ref:`Installing wire-server (production) components using Helm <helm_prod>`.
-3. *Stateful workload startup*. Systemd starts the stateful services (cassandra, elasticsearch and minio). See for instance `ansible-cassandra role <https://github.com/wireapp/ansible-cassandra/blob/master/tasks/systemd.yml#L10>`__ and other database installation instructions in :ref:`Installing kubernetes and databases on VMs with ansible <ansible_vms>`
-4. *Other services*. Systemd starts the restund docker container. See `ansible-restund role <https://github.com/wireapp/ansible-restund/blob/9807313a7c72ffa40e74f69d239404fd87db65ab/templates/restund.service.j2#L12-L19>`__. For details about docker container startup `consult the official documentation <https://docs.docker.com/get-started/overview/#docker-architecture>`__
-
-.. note::
-   For more information about Virual Machine startup or operating system level service startup, please consult your virtualisation and operating system documentation.
-
-.. |arch-simplified| image:: img/architecture-server-simplified.png
-.. |arch-proto| image:: ./img/architecture-tls-on-prem-2020-09.png
-.. |arch-ha| image:: ../how-to/install/img/architecture-server-ha.png
-
-Focus on pods
-~~~~~~~~~~~~~
-
-The Wire backend runs in `a kubernetes cluster <https://kubernetes.io/>`__, with different components running in different `pods <https://kubernetes.io/docs/concepts/workloads/pods/>`__.
-
-This is a list of those pods as found in a typical installation.
-
-HTTPS Entry points:
-
-* ``nginx-ingress-controller-controller``: `Ingress <https://kubernetes.github.io/ingress-nginx/>`__ exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
-* ``nginx-ingress-controller-default-backend``: `The default backend  <https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/>`__ is a service which handles all URL paths and hosts the nginx controller doesn't understand (i.e., all the requests that are not mapped with an Ingress), that is 404 pages. Part of ``nginx-ingress``.
-
-Frontend pods:
-
-* ``webapp``: The fully functioning Web client (like https://app.wire.com). `This pod <https://github.com/wireapp/wire-docs/blob/master/src/how-to/install/helm.rst#what-will-be-installed>`__ serves the web interface itself, which then interfaces with other services/pods, such as the APIs.
-* ``account-pages``: `This pod <https://github.com/wireapp/wire-docs/blob/master/src/how-to/install/helm.rst#what-will-be-installed>`__ serves Web pages for user account management (a few pages relating to e.g. password reset).
-* ``team-settings``: Team management Web interface (like https://teams.wire.com).
-
-Pods with an HTTP API:
-
-* ``brig``: `The user management API service <https://github.com/wireapp/wire-server/tree/develop/services/brig>`__. Connects to ``cassandra`` and ``elastisearch`` for user data storage, sends emails and SMS for account validation.
-* ``cannon``: `WebSockets API Service <https://github.com/wireapp/wire-server/blob/develop/services/cannon/>`__. Holds WebSocket connections.
-* ``cargohold``: `Asset Storage API Service <https://docs.wire.com/how-to/install/aws-prod.html>`__. Amazon-AWS-S3-style services are used by ``cargohold`` to store encrypted files that users are sharing amongst each other, such as images, files, and other static content, which we call assets. All assets except profile pictures are symmetrically encrypted before storage (and the keys are only known to the participants of the conversation in which an assets was shared - servers have no knowledge of the keys).
-* ``galley``: `Conversations and Teams API Service <https://docs.wire.com/understand/api-client-perspective/index.html>`__. Data is stored in cassandra. Uses ``gundeck`` to send notifications to users.
-* ``nginz``: Public API Reverse Proxy (Nginx with custom libzauth module). A modified copy of nginx, compiled with a specific set of upstream extra modules, and one important additional module zauth_nginx_module. Responsible for user authentication validation. Forwards traffic to all other API services (except federator)
-* ``spar``: `Single Sign On (SSO) <https://en.wikipedia.org/wiki/Single_sign-on>`__ and `SCIM <https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management>`__. Stores data in cassandra.
-* ``gundeck``: Push Notification Hub (WebSocket/mobile push notifications). Uses redis as a temporary data store for websocket presences. Uses Amazon SNS and SQS.
-* ``federator``: `Connects different wire installations together <https://docs.wire.com/understand/federation/index.html>`__. Wire Federation, once implemented, aims to allow multiple Wire-server backends to federate with each other. That means that a user 1 registered on backend A and a user 2 registered on backend B should be able to interact with each other as if they belonged to the same backend.
-
-Supporting pods and data storage:
-
-* ``cassandra-ephemeral`` (or ``cassandra-external``): `NoSQL Database management system  <https://github.com/wireapp/wire-server/tree/develop/charts/cassandra-ephemeral>`__ (https://en.wikipedia.org/wiki/Apache_Cassandra). Everything stateful in wire-server (cassandra is used by ``brig``, ``galley``, ``gundeck`` and ``spar``) is stored in cassandra.
-  * ``cassandra-ephemeral`` is for test clusters where persisting the data (i.e. loose users, conversations,...) does not matter, but this shouldn't be used in production environments.
-  * ``cassandra-external`` is used to point to an external cassandra cluster which is installed outside of Kubernetes.
-* ``demo-smtp``: In "demo" installations, used to replace a proper external SMTP server for the sending of emails (for example verification codes). In production environments, an actual SMTP server is used directly instead of this pod. (https://github.com/namshi/docker-smtp)
-* ``fluent-bit``: A log processor and forwarder, allowing collection of data such as metrics and logs from different sources. Not typically deployed. (https://fluentbit.io/)
-* ``elastisearch-ephemeral`` (or ``elastisearch-external``): `Distributed search and analytics engines, stores some user information (name, handle, userid, teamid) <https://github.com/wireapp/wire-server/tree/develop/charts/elastisearch-external>`__. Information is duplicated here from cassandra to allow searching for users. Information here can be re-populated from data in cassandra (albeit with some downtime for search functionality) (https://www.elastic.co/what-is/elasticsearch).
-  * ``elastisearch-ephemeral`` is for test clusters where persisting the data doesn't matter.
-  * ``elastisearch-external`` refers to elasticsearch IPs located outside kubernetes by specifying IPs manually.
-* ``fake-aws-s3``: Amazon-AWS-S3-compatible object storage using MinIO (https://min.io/), used by cargohold to store (encrypted) assets such as files, posted images, profile pics, etc.
-* ``fake-aws-s3-reaper``: Creates the default S3 bucket inside fake-aws-s3.
-* ``fake-aws-sns``. `Amazon Simple Notification Service (Amazon SNS) <https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html>`__, used to push messages to mobile devices or distributed services. SNS can publish a message once, and deliver it one or more times.
-* ``fake-aws-sqs``: `Amazon Simple Queue Service (Amazon SQS) queue <https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html>`__, used to transmit any volume of data without requiring other services to be always available.
-* ``redis-ephemeral``: Stores websocket connection assignments (part of the ``gundeck`` / ``cannon`` architecture).
-
-Short running jobs that run during installation/upgrade (these should usually be in the status 'Completed' except immediately after installation/upgrade):
-
-* ``cassandra-migrations``: Used to initialize or upgrade the database schema in cassandra (for example when the software is upgraded to a new version).
-* ``galley-migrate-data``: Used to upgrade data in ``cassandra`` when the data model changes (for example when the software is upgraded to a new version).
-* ``brig-index-migrate-data``: Used to upgrade data in ``cassandra`` when the data model changes in brig (for example when the software is upgraded to a new version)
-* ``elastisearch-index-create``: `Creates <https://github.com/wireapp/wire-server/blob/develop/charts/elasticsearch-index/templates/create-index.yaml#L29>`__ an Elastisearch index for brig.
-* ``spar-migrate-data``: `Used to update spar data <https://github.com/wireapp/wire-server/blob/develop/charts/cassandra-migrations/templates/spar-migrate-data.yaml>`__ in cassandra when schema changes occur.
-
-As an example, this is the result of running the ``kubectl get pods --namespace wire`` command to obtain a list of all pods in a typical cluster:
-
-.. code:: shell
-
-   NAMESPACE      NAME                                                      READY   STATUS      RESTARTS   AGE
-   wire           account-pages-54bfcb997f-hwxlf                            1/1     Running     0          85d
-   wire           brig-58bc7f844d-rp2mx                                     1/1     Running     0          3h54m
-   wire           brig-index-migrate-data-s7lmf                             0/1     Completed   0          3h33m
-   wire           cannon-0                                                  1/1     Running     0          3h53m
-   wire           cargohold-779bff9fc6-7d9hm                                1/1     Running     0          3h54m
-   wire           cassandra-ephemeral-0                                     1/1     Running     0          176d
-   wire           cassandra-migrations-66n8d                                0/1     Completed   0          3h34m
-   wire           demo-smtp-784ddf6989-7zvsk                                1/1     Running     0          176d
-   wire           elasticsearch-ephemeral-86f4b8ff6f-fkjlk                  1/1     Running     0          176d
-   wire           elasticsearch-index-create-l5zbr                          0/1     Completed   0          3h34m
-   wire           fake-aws-s3-77d9447b8f-9n4fj                              1/1     Running     0          176d
-   wire           fake-aws-s3-reaper-78d9f58dd4-kf582                       1/1     Running     0          176d
-   wire           fake-aws-sns-6c7c4b7479-nzfj2                             2/2     Running     0          176d
-   wire           fake-aws-sqs-59fbfbcbd4-ptcz6                             2/2     Running     0          176d
-   wire           federator-6d7b66f4d5-xgkst                                1/1     Running     0          3h54m
-   wire           galley-5b47f7ff96-m9zrs                                   1/1     Running     0          3h54m
-   wire           galley-migrate-data-97gn8                                 0/1     Completed   0          3h33m
-   wire           gundeck-76c4599845-4f4pd                                  1/1     Running     0          3h54m
-   wire           nginx-ingress-controller-controller-2nbkq                 1/1     Running     0          9d
-   wire           nginx-ingress-controller-controller-8ggw2                 1/1     Running     0          9d
-   wire           nginx-ingress-controller-default-backend-dd5c45cf-jlmbl   1/1     Running     0          176d
-   wire           nginz-77d7586bd9-vwlrh                                    2/2     Running     0          3h54m
-   wire           redis-ephemeral-master-0                                  1/1     Running     0          176d
-   wire           spar-8576b6845c-npb92                                     1/1     Running     0          3h54m
-   wire           spar-migrate-data-lz5ls                                   0/1     Completed   0          3h33m
-   wire           team-settings-86747b988b-5rt45                            1/1     Running     0          50d
-   wire           webapp-54458f756c-r7l6x                                   1/1     Running     0          3h54m
-                     1/1     Running     0          3h54m
-.. note::
-
-  This list is not exhaustive, and your installation may have additional pods running depending on your configuration.
diff --git a/docs/src/understand/restund.rst b/docs/src/understand/restund.md
similarity index 61%
rename from docs/src/understand/restund.rst
rename to docs/src/understand/restund.md
index 35014c28bf..0cb8dd6f6d 100644
--- a/docs/src/understand/restund.rst
+++ b/docs/src/understand/restund.md
@@ -1,25 +1,22 @@
-.. _understand-restund:
+(understand-restund)=
 
-Restund (TURN) servers
-========================
+# Restund (TURN) servers
 
-Introduction
-~~~~~~~~~~~~
+## Introduction
 
 Restund servers allow two users on different networks (for
 example Alice who is in an office connected to an office router and Bob
 who is at home connected to a home router) to have a Wire audio or video
 call. More precisely:
 
-   Restund is a modular and flexible
-   `STUN <https://en.wikipedia.org/wiki/STUN>`__ and
-   `TURN <https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT>`__
-   Server, with IPv4 and IPv6 support.
+> Restund is a modular and flexible
+> [STUN](https://en.wikipedia.org/wiki/STUN) and
+> [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT)
+> Server, with IPv4 and IPv6 support.
 
-.. _architecture-restund:
+(architecture-restund)=
 
-Architecture
-~~~~~~~~~~~~
+## Architecture
 
 Since the restund servers help establishing a connection between two
 users, they need to be reachable by both of these users, which usually
@@ -32,29 +29,28 @@ Restund instance may communicate with other Restund instances.
 You can either have restund servers directly exposed to the public
 internet:
 
-|architecture-restund|
+```{image} img/architecture-restund.png
+```
 
 Or you can have them reachable by fronting them with a firewall or load
 balancer machine that may have a different IP than the server where
 restund is installed:
 
-|architecture-restund-lb|
+```{image} img/architecture-restund-lb.png
+```
 
-What is it used for
-~~~~~~~~~~~~~~~~~~~
+## What is it used for
 
 Restund is used to assist in NAT-traversal. Its goal is to connect two clients
 who are (possibly both) behind NAT directly in a peer to peer fashion, for
 optimal call quality and lowest latency.
 
-
 client A sends a UDP packet to Restund; which will get address-translated by
 the router. Restund then sends back to the client what the source IP and the
 source port was that Restund observed. If the client then communicates this to
 Client B, Client B will be able to send data to that IP,port pair over UDP if
 it does so quickly enough.  Client A and B will then have a peer-to-peer leg.
 
-
 This is not always possible (e.g. symmetric NAT makes this technique
 impossible, as the router will NAT a different source-port for each
 connection). In that case clients fall back to TURN, which asks Restund to
@@ -63,17 +59,16 @@ allocate a relay address which relays packets between nodes A and B.
 Restund servers need to have a wide range of ports open to allocate such relay
 addresses.
 
-Network
-~~~~~~~
+## Network
 
 As briefly mentioned above, a TURN server functions as a bridge between
 networks. Networks which don't have a direct route defined between them,
 usually have distinct address blocks. Depending on the address block they
 are configured with - such block is either considered to be *public* or *private*
-(aka special-purpose addresses `[RFC 6890] <https://tools.ietf.org/html/rfc6890>`__)
+(aka special-purpose addresses [\[RFC 6890\]](https://tools.ietf.org/html/rfc6890))
 
-- `IPv4 private blocks <https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml>`__
-- `IPv6 private blocks <https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml>`__
+- [IPv4 private blocks](https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml)
+- [IPv6 private blocks](https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml)
 
 In cases where a machine, that is hosting the TURN server, also connects
 to a *private* network in which other services are running, chances are
@@ -81,56 +76,51 @@ that these services are being indirectly exposed through that TURN server.
 
 To prevent this kind of exposure, a TURN server has to be configured with an inclusive
 or exclusive list of address blocks to prevents undesired connections from being
-established [1]_. At the moment (Feb. 2021), this functionality is not yet available
+established [^footnote-1]. At the moment (Feb. 2021), this functionality is not yet available
 with *Restund* on the application-level. Instead, the system-level firewall capabilities
-must be utilized. The `IP ranges <https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else>`__
-mentioned in the article [1]_ should be blocked for egress and, depending on the scenario,
-also for ingress traffic. Tools like ``iptables`` or ``ufw`` can be used to set this up.
-
-.. [1] `Details about CVE-2020-26262, bypass of Coturn's default access control protection <https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/>`__
+must be utilized. The [IP ranges](https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/#further-concerns-what-else)
+mentioned in the article [^footnote-1] should be blocked for egress and, depending on the scenario,
+also for ingress traffic. Tools like `iptables` or `ufw` can be used to set this up.
 
+[^footnote-1]: [Details about CVE-2020-26262, bypass of Coturn's default access control protection](https://www.rtcsec.com/post/2021/01/details-about-cve-2020-26262-bypass-of-coturns-default-access-control-protection/)
 
-.. _understand-restund-protocal-and-ports:
+(understand-restund-protocal-and-ports)=
 
-Protocols and open ports
-~~~~~~~~~~~~~~~~~~~~~~~~
+## Protocols and open ports
 
 Restund servers provide the best audio/video connections if end-user devices
-can connect to them via UDP. 
+can connect to them via UDP.
 
-In this case, a firewall (if any) needs to allow and/or forward the complete :ref:`default port range <port-ranges>` for incoming UDP traffic. 
+In this case, a firewall (if any) needs to allow and/or forward the complete {ref}`default port range <port-ranges>` for incoming UDP traffic.
 
-Ports for allocations are allocated from the :ref:`default port range <port-ranges>`, for more information on this port range, how to read and change it, and how to configure your firewall, see :ref:`this note <port-ranges>`.
+Ports for allocations are allocated from the {ref}`default port range <port-ranges>`, for more information on this port range, how to read and change it, and how to configure your firewall, see {ref}`this note <port-ranges>`.
 
-In case e.g. office firewall rules disallow UDP traffic in this range, there is a possibility to use TCP instead, at the expense of call quality. 
+In case e.g. office firewall rules disallow UDP traffic in this range, there is a possibility to use TCP instead, at the expense of call quality.
 
-Port ``3478`` is the default control port,
+Port `3478` is the default control port,
 however one UDP port per active connection is required, so a whole port
 range must be available and reachable from the outside.
 
-If *Conference Calling 2.0* (:ref:`SFT <understand-sft>`) is enabled, a Restund instance,
-additionally, must be allowed to communicate with ::ref:`SFT instances <install-sft-firewall-rules>`
+If *Conference Calling 2.0* ({ref}`SFT <understand-sft>`) is enabled, a Restund instance,
+additionally, must be allowed to communicate with :{ref}`SFT instances <install-sft-firewall-rules>`
 on the same UDP ports mentioned above. In this scenario a Restund server becomes sort
 of a proxy for the client, if the client is not able to establish a media channel between
 itself and the SFT server.
 
-*For more information, please refer to the source code of the Ansible role:* `restund <https://github.com/wireapp/ansible-restund/blob/master/tasks/firewall.yml>`__.
+*For more information, please refer to the source code of the Ansible role:* [restund](https://github.com/wireapp/ansible-restund/blob/master/tasks/firewall.yml).
 
-Control ports
-^^^^^^^^^^^^^
+### Control ports
 
-Restund listens for control messages on port ``3478`` on both UDP and TCP. It
-also can listen on port ``5349`` which uses TLS. One can reconfigure both ports.
-For example, port ``5349`` can be reconfigured to be port ``443``; so that TURN
+Restund listens for control messages on port `3478` on both UDP and TCP. It
+also can listen on port `5349` which uses TLS. One can reconfigure both ports.
+For example, port `5349` can be reconfigured to be port `443`; so that TURN
 traffic can not be distinguished from any other TLS traffic. This might help
 with overcoming certain firewall restrictions. You can instead use (if that's
-easier with firewall rules) for example ports ``80`` and ``443`` (requires to
+easier with firewall rules) for example ports `80` and `443` (requires to
 run restund as root) or do a redirect from a load balancer (if using one) to
-redirect ``443 -> 5349`` and ``80 -> 3478``.
+redirect `443 -> 5349` and `80 -> 3478`.
 
-
-Amount of users and file descriptors
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+## Amount of users and file descriptors
 
 Each allocation (active connection by one participant) requires 1 or 2
 file descriptors, so ensure you increase your file descriptor limits in
@@ -140,33 +130,27 @@ Currently one restund server can have a maximum of 64000 allocations. If
 you have more users than that in an active call, you need to deploy more
 restund servers.
 
-Load balancing and high-availability
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+## Load balancing and high-availability
 
 Load balancing is not possible, since STUN/TURN is a stateful protocol,
-so UDP packets addressed to ``restund server 1``, if by means of a load
-balancer were to end up at ``restund server 2``, would get dropped, as
+so UDP packets addressed to `restund server 1`, if by means of a load
+balancer were to end up at `restund server 2`, would get dropped, as
 the second server doesn't know the source address.
 
 High-availability is nevertheless ensured by having and advertising more
 than one restund server.  Instead of the load balancer, the clients will
 switch their server if it fails.
 
-Discovery and establishing a call
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+## Discovery and establishing a call
 
 A simplified flow of how restund servers, along with the wire-server are
 used to establish a call:
 
-|flow-restund|
+```{image} img/flow-restund.png
+```
 
-DNS
-~~~
+## DNS
 
 Usually DNS records are used which point to the public IPs of the
 restund servers (or of the respective firewall or load balancer
 machines). These DNS names are then used when configuring wire-server.
-
-.. |architecture-restund| image:: img/architecture-restund.png
-.. |architecture-restund-lb| image:: img/architecture-restund-lb.png
-.. |flow-restund| image:: img/flow-restund.png
diff --git a/docs/src/understand/sft.rst b/docs/src/understand/sft.md
similarity index 77%
rename from docs/src/understand/sft.rst
rename to docs/src/understand/sft.md
index aec41fe742..28f2c432d6 100644
--- a/docs/src/understand/sft.rst
+++ b/docs/src/understand/sft.md
@@ -1,82 +1,76 @@
-.. _understand-sft:
+(understand-sft)=
 
-Conference Calling 2.0 (aka SFT)
-================================
+# Conference Calling 2.0 (aka SFT)
 
-Background
-----------
+## Background
 
 Previously, Wire group calls were implemented as a mesh, where each participant was connected
 to each other in a peer-to-peer fashion. This meant that a client would have to upload their
 video and audio feeds separately for each participant. This in practice meant that the amount
 of participants was limited by the upload bandwidth of the clients.
 
-Wire now has a signalling-forwarding unit called `SFT <https://github.com/wireapp/wire-avs-service>`__ which allows clients to upload once and
+Wire now has a signalling-forwarding unit called [SFT](https://github.com/wireapp/wire-avs-service) which allows clients to upload once and
 then the SFT fans it out to the other clients. Because connections are not end-to-end anymore now, dTLS encryption offered by WebRTC is not enough anymore as the encryption is terminated at the server-side. To avoid Wire from seeing the contents of calls SFT utilises WebRTC InsertibleStreams to encrypt the packets a second time with a group key that is not known to the server.
 
 With SFT it is thus possible to have conference calls with many participants
 without compromising end-to-end security.
 
-.. note::
-   We will describe conferencing first in a single domain in this section. 
-   Conferencing in an environment with Federation is described in the
-   :ref:`federated conferencing<federated-sft>` section.
+```{note}
+We will describe conferencing first in a single domain in this section.
+Conferencing in an environment with Federation is described in the
+{ref}`federated conferencing<federated-sft>` section.
+```
 
-
-Architecture
-------------
+## Architecture
 
 The following diagram is centered around SFT and its role within a calling setup. Restund is seen
 as a mere client proxy and its relation to and interaction with a client is explained
-:ref:`here <understand-restund>`. The diagram shows that a call resides on a single SFT instance
+{ref}`here <understand-restund>`. The diagram shows that a call resides on a single SFT instance
 and that the instance allocates at least one port for media transport per participant in the call.
 
-.. figure:: img/architecture-sft.png
-
-    SFT signaling, and media sending from the perspective of one caller
+```{figure} img/architecture-sft.png
+SFT signaling, and media sending from the perspective of one caller
+```
 
-
-Establishing a call
--------------------
+## Establishing a call
 
 1. *Client A* wants to initiate a call. It contacts all the known SFT servers via HTTPS.
    The SFT server that is quickest to respond is the one that will be used by the client.
-   (Request 1: ``CONFCONN``)
+   (Request 1: `CONFCONN`)
 2. *Client A* gathers connection candidates (own public IP, public IP of the network the
-   client is in with the help of STUN, through TURN servers) [1]_ for the SFT server to
+   client is in with the help of STUN, through TURN servers) [^footnote-1] for the SFT server to
    establish a media connection to *Client A*. These information are then being send again
-   from *Client A* to the chosen SFT server via HTTPS request. (Request 2: ``SETUP``)
+   from *Client A* to the chosen SFT server via HTTPS request. (Request 2: `SETUP`)
 3. The SFT server tests which of the connection candidates actually work. Meaning, it
    goes through all the candidates until one leads to a successful media connection
    between itself and *client A*
-4. *Client A* sends an end-to-end encrypted message [2]_ ``CONFSTART`` to all members of chat, which contains
+4. *Client A* sends an end-to-end encrypted message [^footnote-2] `CONFSTART` to all members of chat, which contains
    the URL of the SFT server that is being used for the call.
 5. Any other client that wants to join the call, does 1. + 2. with the exception of **only**
    contacting one SFT server i.e. the one that *client A* chose and told all other
-   potential participants about via ``CONFSTART`` message
+   potential participants about via `CONFSTART` message
 
 At that point a media connection between *client A* and the SFT server has been established,
 and they continue talking to each other by using the data-channel, which uses the media
 connection (i.e. no more HTTPS at that point). There are just 2 HTTPS request/response
 sequences per participant.
 
-.. [1] STUN & TURN are both part of a :ref:`Restund server <understand-restund>`
-.. [2] This encrypted message is sent in the same conversation, hidden from user's view but
-       interpreted by user's clients. It is sent via backend servers and forwarded to other
-       conversation participants, not to or via SFT.
+[^footnote-1]: STUN & TURN are both part of a {ref}`Restund server <understand-restund>`
 
+[^footnote-2]: This encrypted message is sent in the same conversation, hidden from user's view but
+    interpreted by user's clients. It is sent via backend servers and forwarded to other
+    conversation participants, not to or via SFT.
 
-Prerequisites
--------------
+## Prerequisites
 
 For Conference Calling to function properly, clients need to be able to reach the HTTPS interface
 of the SFT server(s) - either directly or through a load balancer sitting in front of the servers.
 This is only needed for the call initiation/joining part.
 Additionally, for the media connection, clients and SFT servers should be able to reach each other
-via UDP (see :ref:`Firewall rules <install-sft-firewall-rules>`).
+via UDP (see {ref}`Firewall rules <install-sft-firewall-rules>`).
 If that is not possible, then at least SFT servers and Restund servers should be able to reach each
 other via UDP - and clients may connect via UDP and/or TCP to Restund servers
-(see :ref:`Protocols and open ports <understand-restund-protocal-and-ports>`), which in
+(see {ref}`Protocols and open ports <understand-restund-protocal-and-ports>`), which in
 turn will connect to the SFT server.
 In the unlikely scenario where no UDP is allowed whatsoever or SFT servers may not be able to reach
 the Restund servers that clients are using to make themselves reachable, an SFT server itself can
@@ -90,19 +84,17 @@ Due to this `hostNetwork` limitation only one SFT instance can run per node so i
 
 As a rule of thumb you will need 1vCPU of compute per 50 participants. SFT will utilise multiple cores. You can use this rule of thumb to decide how many kubernetes nodes you need to provision.
 
-For more information about capacity planning and networking please refer to the `technical documentation <https://github.com/wireapp/wire-server/blob/eab0ce1ff335889bc5a187c51872dfd0e78cc22b/charts/sftd/README.md>`__
+For more information about capacity planning and networking please refer to the [technical documentation](https://github.com/wireapp/wire-server/blob/eab0ce1ff335889bc5a187c51872dfd0e78cc22b/charts/sftd/README.md)
 
-.. _federated-sft:
+(federated-sft)=
 
-Federated Conference Calling 
-============================
+# Federated Conference Calling
 
-Conferencing in a federated environment assumes that each domain participating in a 
+Conferencing in a federated environment assumes that each domain participating in a
 conference will use an SFT in its own domain. The SFT in the caller's domain is called
-the `anchor SFT`. 
+the `anchor SFT`.
 
-Multi-SFT Architecture
-----------------------
+## Multi-SFT Architecture
 
 With support for federation, each domain participating in a conference is responsible to
 make available an SFT for users in that domain.  The SFT in the domain of the caller is
@@ -116,7 +108,7 @@ initiates a call in a federated conversation which contains herself, Adam also i
 A, and Bob and Beth in domain B. Alice's client first creates a conference and is
 assigned a conference URL on SFT A2. Because the SFT is configured for federation, it
 assumes the role of anchor and also returns an IP address and port (the `anchor SFT tuple`)
-which can be used by any federated SFTs which need to connect. (Alice sets up her media 
+which can be used by any federated SFTs which need to connect. (Alice sets up her media
 connection with SFT A2 as normal).
 
 Alice's client forwards the conference URL and the anchor SFT tuple to the other
@@ -128,9 +120,9 @@ to the anchor SFT using the anchor SFT tuple and provides the SFT URL. (Bob's cl
 also sets up media with SFT B1 normally.)  At this point all paths are established
 and the conference call can happen normally.
 
-.. figure:: img/multi-sft-noturn.png
-
-    Basic Multi-SFT conference initiated by Alice in domain A, with Bob in domain B
+```{figure} img/multi-sft-noturn.png
+Basic Multi-SFT conference initiated by Alice in domain A, with Bob in domain B
+```
 
 Because some customers do not wish to expose their SFTs directly to hosts on the public
 Internet, the SFTs can allocate a port on a TURN server. In this way, only the IP
@@ -140,16 +132,16 @@ this scenario.  In this configuration, SFT A2 requests an allocation from the fe
 TURN server in domain A before responding to Alice. The anchor SFT tuple is the address
 allocated on the federation TURN server in domain A.
 
-.. figure:: img/multi-sft-turn.png
-
-    Multi-SFT conference with TURN servers between federated SFTs
+```{figure} img/multi-sft-turn.png
+Multi-SFT conference with TURN servers between federated SFTs
+```
 
 Finally, for extremely restrictive firewall environments, the TURN servers used for
 federated SFT traffic can be further secured with a TURN to TURN mutually
 authenticated DTLS connection. The SFTs allocate a channel inside this DTLS connection
 per conference.  The channel number is included along with the anchor SFT tuple
 returned to Alice, which Alice shares with the conversation, which Bob sends to SFT B1,
-and which SFT B1 uses when forming its DTLS connection to SFT A2. This DTLS connection 
+and which SFT B1 uses when forming its DTLS connection to SFT A2. This DTLS connection
 runs on a dedicated port number which is not used for regular TURN traffic. Under this
 configuration, only that single IP address and port is exposed for each federated TURN
 server with all SFT traffic multiplexed over the connection. The diagram below shows
@@ -157,7 +149,6 @@ this scenario.  Note that this TURN DTLS multiplexing is only used for SFT to SF
 communication into federated group calls, and does not affect the connectivity requirements for normal one-on-one
 calls.
 
-.. figure:: img/multi-sft-turn-dtls.png
-
-    Multi-SFT conference with federated TURN servers with DTLS multiplexing
-
+```{figure} img/multi-sft-turn-dtls.png
+Multi-SFT conference with federated TURN servers with DTLS multiplexing
+```
diff --git a/docs/src/understand/single-sign-on/design.rst b/docs/src/understand/single-sign-on/design.rst
deleted file mode 100644
index af2102e363..0000000000
--- a/docs/src/understand/single-sign-on/design.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:orphan:
-
-This page is gone.  Please visit `this one <./main.html>`_
diff --git a/docs/src/understand/single-sign-on/main.rst b/docs/src/understand/single-sign-on/main.rst
deleted file mode 100644
index 8603a8fd71..0000000000
--- a/docs/src/understand/single-sign-on/main.rst
+++ /dev/null
@@ -1,560 +0,0 @@
-
-Single sign-on and user provisioning
-------------------------------------
-
-.. contents::
-
-Introduction
-~~~~~~~~~~~~
-
-This page is intended as a manual for administrator users in need of setting up :term:`SSO` and provisionning users using :term:`SCIM` on their installation of Wire.
-
-Historically and by default, Wire's user authentication method is via phone or password. This has security implications and does not scale.
-
-Solution: :term:`SSO` with :term:`SAML`! `(Security Assertion Markup Language) <https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language>`_
-
-:term:`SSO` systems allow users to identify on multiple systems (including Wire once configured as such) using a single ID and password.
-
-You can find some of the advantages of :term:`SSO` over more traditional schemes `here <https://en.wikipedia.org/wiki/Single_sign-on>`_.
-
-Also historically, wire has allowed team admins and owners to manage their users in the team management app.
-
-This does not scale as it requires a lot of manual labor for each user.
-
-The solution we offer to solve this issue is implementing :term:`SCIM` `(System for Cross-domain Identity Management) <https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management>`_
-
-:term:`SCIM` is an interface that allows both software (for example Active Directory) and custom scripts to manage Identities (users) in bulk.
-
-This page explains how to set up :term:`SCIM` and then use it.
-
-.. note::
-    Note that it is recommended to use both :term:`SSO` and :term:`SCIM` (as opposed to just :term:`SSO` alone).
-    The reason is if you only use :term:`SSO`, but do not configure/implement :term:`SCIM`, you will experience reduced functionality.
-    In particular, without :term:`SCIM` all Wire users will be named according their e-mail address and won't have any rich profiles.
-    See below in the :term:`SCIM` section for a more detailled explanation.
-
-
-Further reading
-~~~~~~~~~~~~~~~
-
-If you can't find the answers to your questions here, we have a few
-more documents.  Some of them are very technical, some may not be up
-to date any more, and we are planning to move many of them into this
-page.  But for now they may be worth checking out.
-
-- :ref:`Trouble shooting & FAQ <trouble-shooting-faq>`
-- https://support.wire.com/hc/en-us/sections/360000580658-Authentication
-- https://github.com/wireapp/wire-server/blob/1753b790e5cfb2d35e857648c88bcad3ac329f01/docs/reference/spar-braindump.md
-- https://github.com/wireapp/wire-server/tree/1753b790e5cfb2d35e857648c88bcad3ac329f01/docs/reference/provisioning/
-
-
-Definitions
-~~~~~~~~~~~
-
-The following concepts need to be understood to use the present manual:
-
-.. glossary::
-
-   SCIM
-       System for Cross-domain Identity Management (:term:`SCIM`) is a standard for automating the exchange of user identity information between identity domains, or IT systems.
-
-       One example might be that as a company onboards new employees and separates from existing employees, they are added and removed from the company's electronic employee directory. :term:`SCIM` could be used to automatically add/delete (or, provision/de-provision) accounts for those users in external systems such as G Suite, Office 365, or Salesforce.com. Then, a new user account would exist in the external systems for each new employee, and the user accounts for former employees might no longer exist in those systems.
-
-       See: `System for Cross-domain Identity Management at Wikipedia <https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management>`_
-
-       In the context of Wire, SCIM is the interface offered by the Wire service (in particular the spar service) that allows for single or mass automated addition/removal of user accounts.
-
-   SSO
-
-       Single sign-on (:term:`SSO`) is an authentication scheme that allows a user to log in with a single ID and password to any of several organizationally related, yet independent, software systems.
-
-       True single sign-on allows the user to log in once and access different, independent services without re-entering authentication factors.
-
-       See: `Single-Sign-On at Wikipedia <https://en.wikipedia.org/wiki/Single_sign-on>`_
-
-   SAML
-
-       Security Assertion Markup Language (:term:`SAML`, pronounced SAM-el, /'sæməl/) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. :term:`SAML` is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). :term:`SAML` is also:
-
-       * A set of XML-based protocol messages
-       * A set of protocol message bindings
-       * A set of profiles (utilizing all of the above)
-
-       An important use case that :term:`SAML` addresses is web-browser `single sign-on (SSO) <https://en.wikipedia.org/wiki/Single_sign-on>`_ . Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending :term:`SSO` across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The `SAML Web Browser SSO <https://en.wikipedia.org/wiki/Single_sign-on>`_ profile was specified and standardized to promote interoperability.
-
-       See: `SAML at Wikipedia <https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language>`_
-
-       In the context of Wire, SAML is the standard/protocol used by the Wire services (in particular the spar service) to provide the Single Sign On feature.
-
-   IdP
-
-       In the context of Wire, an identity provider (abbreviated :term:`IdP`) is a service that provides SAML single sign-on (:term:`SSO`) credentials that give users access to Wire.
-
-   Curl
-
-       :term:`Curl` (pronounced ":term:`Curl`") is a command line tool used to download files over the HTTP (web) protocol. For example, `curl http://wire.com` will download the ``wire.com`` web page.
-
-       In this manual, it is used to contact API (Application Programming Interface) endpoints manually, where those endpoints would normally be accessed by code or other software.
-
-       This can be used either for illustrative purposes (to "show" how the endpoints can be used) or to allow the manual execution of some simple tasks.
-
-       For example (not a real endpoint) `curl http://api.wire.com/delete_user/thomas` would (schematically) execute the :term:`Curl` command, which would contact the wire.com API and delete the user named "thomas".
-
-       Running this command in a terminal would cause the :term:`Curl` command to access this URL, and the API at that URL would execute the requested action.
-
-       See: `curl at Wikipedia <https://en.wikipedia.org/wiki/Curl>`__
-
-
-   Spar
-
-       The Wire backend software stack is composed of different services, `running as pods <../overview.html#focus-on-pods>`__ in a kubernetes cluster.
-
-       One of those pods is the "spar" service. That service/pod is dedicated to the providing :term:`SSO` (using :term:`SAML`) and :term:`SCIM` services. This page is the manual for this service.
-
-       In the context of :term:`SCIM`, Wire's spar service is the `Service Provider <https://en.wikipedia.org/wiki/Service_provider_(SAML)>`__ that Identity Management Software
-       (for example Azure, Okta, Ping Identity, SailPoint, Technology Nexus, etc.) uses for user account provisioning and deprovisioning.
-
-User login for the first time with SSO
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-:term:`SSO` allows users to register and log into Wire with their company credentials that they use on other software in their workplace.
-No need to remember another password.
-
-When a team is set up on Wire, the administrators can provide users a login code or link that they can use to go straight to their company's login page.
-
-Here is what this looks from a user's perspective:
-
-1. Download Wire.
-2. Select and copy the code that your company gave you / the administrator generated
-3. Open Wire.  Wire may detect the code on your clipboard and open a pop-up window with a text field.
-   Wire will automatically put the code into the text field.
-   If so, click Log in and go to step 8.
-4. If no pop-up: click Login on the first screen.
-5. Click Enterprise Login.
-6. A pop-up will appear. In the text field, paste or type the code your company gave you.
-7. Click Log in.
-8. Wire will load your company's login page: log in with your company credentials.
-
-
-SAML/SSO
-~~~~~~~~
-
-Introduction
-^^^^^^^^^^^^
-
-SSO (Single Sign-On) is technology allowing users to sign into multiple services with a single identity provider/credential.
-
-SSO is about `authentication`, not `provisioning` (create, update, remove user accounts).  To learn more about the latter, continue  `below <main.html#user-provisioning-scim-ldap>`_.
-
-For example, if a company already has SSO setup for some of their services, and they start using Wire, they can use Wire's SSO support to add Wire to the set of services their users will be able to sign into with their existing SSO credentials.
-
-Here is a blog post we like about how SAML works: https://duo.com/blog/the-beer-drinkers-guide-to-saml
-
-And here is a diagram that explains it in slightly more technical terms:
-
-.. image:: Wire_SAML_Flow.png
-
-Here is a critique of XML/DSig security (which SAML relies on): https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt
-
-Terminology and concepts
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-* End User / Browser: The end user is generally a human, an Application (Wire Client) or a browser (agent) who accesses the Service Provider to get access to a service or a protected resource.
-  The browser carrries out all the redirections from the SP to the IdP and vice versa.
-* Service Provider (SP): The entity (here Wire software) that provides its protected resource when an end user tries to access this resource. To accomplish the SAML based SSO authentication, the Service Provider
-  must have the Identity Provider's metadata.
-* Identity Provider (IdP): Defines the entity that provides the user identities, including the ability to authenticate a user to get access to a protected resource / application from a Service Provider. To accomplish
-  the SAML based SSO authentication, the IdP must have the Service Provider's metadata.
-* SAML Request: This is the authentication request generated by the Service Provider to request an authentication from the Identity Provider for verifying the user's identity.
-* SAML Response: The SAML Response contains the cryptographically signed assertion of the authenticated user and is generated by the Identity Provider.
-
-(Definitons adapted from `collab.net <http://help.collab.net/index.jsp?topic=/teamforge178/action/saml.html>`_)
-
-.. _Setting up SSO externally:
-
-Setting up SSO externally
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-To set up :term:`SSO` for a given Wire installation, the Team owner/administrator must enable it.
-
-The first step is to configure the Identity Provider: you'll need to register Wire as a service provider in your Identity Provider.
-
-We've put together guides for registering with different providers:
-
-.. toctree::
-   :maxdepth: 1
-
-   Instructions for Okta <../../how-to/single-sign-on/okta/main.rst>
-   Instructions for Centrify <../../how-to/single-sign-on/centrify/main.rst>
-   Instructions for Azure <../../how-to/single-sign-on/azure/main.rst>
-   Some screenshots for ADFS <../../how-to/single-sign-on/adfs/main.rst>
-   Generic instructions (try this if none of the above are applicable) <../../how-to/single-sign-on/generic-setup.rst>
-   Trouble shooting & FAQ <../../how-to/single-sign-on/trouble-shooting.rst>
-
-As you do this, make sure you take note of your :term:`IdP` metadata, which you will need for the next step.
-
-Once you are finished with registering Wire to your :term:`IdP`, move on to the next step, setting up :term:`SSO` internally.
-
-Setting up SSO internally
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Now that you've registered Wire with your identity provider (:term:`IdP`), you can enable :term:`SSO` for your team on Wire.
-
-On Desktop:
-
-* Click Settings and click "Manage Team"; or go directly to teams.wire.com, or if you have an on-premise install, go to teams.<your-domain>.com
-* Login with your account credentials.
-* Click "Customization". Here you will see the section for :term:`SSO`.
-* Click the blue down arrow.
-* Click "Add :term:`SAML` Connection".
-* Provide the :term:`IdP` metadata. To find out more about retrieving this for your provider, see the guides in the "Setting up :term:`SSO` externally" step just above.
-* Click "Save".
-* Wire will now validate the document to set up the :term:`SAML` connection.
-* If the data is valid, you will return to the Settings page.
-* The page shows the information you need to log in with :term:`SSO`. Copy the login code or URL and send it to your team members or partners. For more information see: Logging in with :term:`SSO`.
-
-What to expect after :term:`SSO` is enabled:
-
-Anyone with a login through your :term:`SAML` identity provider (:term:`IdP`) and with access to the Wire app will be able to register and log in to your team using the :term:`SSO` Login URL and/or Code.
-
-Take care to share the code only with members of your team.
-
-If you haven't set up :term:`SCIM` (`we recommend you do <#introduction>`_), your team members can create accounts on Wire using :term:`SSO` simply by logging in, and will appear on the People tab of the team management page.
-
-If team members already have Wire accounts, use :term:`SCIM` to associate them with the :term:`SAML` credentials.  If you make a mistake here, you may end up with several accounts for the same person.
-
-.. _User provisioning:
-
-User provisioning (SCIM/LDAP)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-SCIM/LDAP is about `provisioning` (create, update, remove user accounts), not `authentication`.  To learn more about the latter, continue `above <main.html#saml-sso>`_.
-
-Wire supports the `SCIM <http://www.simplecloud.info/>`__ (`RFC 7643 <https://tools.ietf.org/html/rfc7643>`__) protocol to create, update and delete users.
-
-If your user data is stored in an LDAP data source like Active Directory or OpenLDAP, you can use our docker-base `ldap-scim-bridge <https://github.com/wireapp/ldap-scim-bridge/#use-via-docker>`__ to connect it to wire.
-
-Note that connecting a SCIM client to Wire also disables the functionality to create new users in the SSO login process. This functionality is disabled when a token is created (see below) and re-enabled when all tokens have been deleted.
-
-To set up the connection of your SCIM client (e.g. Azure Active Directory) you need to provide
-
-1. The URL under which Wire's SCIM API is hosted: ``https://prod-nginz-https.wire.com/scim/v2``.
-   If you are hosting your own instance of Wire then the URL is ``https://<hostname>/scim/v2``, where ``<hostname>`` is where you are serving Wire's public endpoints. Some SCIM clients append ``/v2`` to the URL your provide. If this happens (check the URL mentioned in error messages of your SCIM client) then please provide the URL without the ``/v2`` suffix, i.e. ``https://prod-nginz-https.wire.com/scim`` or ``https://<hostname>/scim``.
-
-2. A secret token which authorizes the use of the SCIM API. Use the  `wire_scim_token.py <https://raw.githubusercontent.com/wireapp/wire-server/654b62e3be74d9dddae479178990ebbd4bc77b1e/docs/reference/provisioning/wire_scim_token.py>`__
-   script to generate a token. To run the script you need access to an user account with "admin" privileges that can login via email and password. Note that the token is independent from  the admin account that created it, i.e. the token remains valid if the admin account gets deleted or changed.
-
-You need to configure your SCIM client to use the following mandatory SCIM attributes:
-
-1. Set the ``userName`` attribute to the desired user handle (the handle is shown
-   with an @ prefix in apps). It must be unique accross the entire Wire Cloud
-   (or unique on your own instance), and consist of the characters ``a-z0-9_.-``
-   (no capital letters).
-
-2. Set the ``displayName`` attribute to the user's desired display name, e.g. "Jane Doe".
-   It must consist of 1-128 unicode characters. It does not need to be unique.
-
-3. The ``externalId`` attribute:
-
-   a. If you are using Wire's SAML SSO feature then set ``externalId`` attribute to the same identifier used for ``NameID`` in your SAML configuration.
-
-   b. If you are using email/password authentication then set the ``externalId``
-      attribute to the user's email address. The user will receive an invitation email during provisioning. Also note that the account will be set to ``"active": false`` until the user has accepted the invitation and activated the account.
-
-You can optionally make use of Wire's ``urn:wire:scim:schemas:profile:1.0`` extension field to store arbitrary user profile data that is shown in the users profile, e.g. department, role. See `docs <https://github.com/wireapp/wire-server/blob/develop/docs/reference/user/rich-info.md#scim-support-refrichinfoscim>`__ for details.
-
-SCIM management in Wire (in Team Management)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-SCIM security and authentication
-''''''''''''''''''''''''''''''''
-
-Wire uses a very basic variant of oauth, where a *bearer token* is presented to the server in header with all :term:`SCIM` requests.
-
-You can create such bearer tokens in team management and copy them from there into your the dashboard of your SCIM data source.
-
-Generating a SCIM token
-'''''''''''''''''''''''
-
-In order to be able to send SCIM requests to Wire, we first need to generate a SCIM token. This section explains how to do this.
-
-Once the token is generated, it should be noted/remembered, and it will be used in all subsequent SCIM uses/requests to authenticate the request as valid/authenticated.
-
-These are the steps to generate a new :term:`SCIM` token, which you will need to provide to your identity provider (:term:`IdP`), along with the target API URL, to enable :term:`SCIM` provisionning.
-
-* Step 1: Go to https://teams.wire.com/settings (Here replace "wire.com" with your own domain if you have an on-premise installation of Wire).
-
-.. image:: token-step-01.png
-   :align: center
-
-* Step 2: In the left menu, go to "Customization".
-
-.. image:: token-step-02.png
-   :align: center
-
-* Step 3: Go to "Automated User Management (:term:`SCIM`)" and click the "down" to expand
-
-.. image:: token-step-03.png
-   :align: center
-
-* Step 4: Click "Generate token", if your password is requested, enter it.
-
-.. image:: token-step-04.png
-   :align: center
-
-* Step 5: Once the token is generated, copy it into your clipboard and store it somewhere safe (eg., in the dashboard of your SCIM data source).
-
-.. image:: token-step-05.png
-   :align: center
-
-* Step 6: You're done!  You can now view token information, delete the token, or create more tokens should you need them.
-
-.. image:: token-step-06.png
-   :align: center
-
-Tokens are now listed in this :term:`SCIM`-related area of the screen, you can generate up to 8 such tokens.
-
-Using SCIM via Curl
-^^^^^^^^^^^^^^^^^^^
-
-You can use the term:`Curl` command line HTTP tool to access tho wire backend (in particular the ``spar`` service) through the :term:`SCIM` API.
-
-This can be helpful to write your own tooling to interface with wire.
-
-Creating a SCIM token
-'''''''''''''''''''''
-
-Before we can send commands to the :term:`SCIM` API/Spar service, we need to be authenticated. This is done through the creation of a :term:`SCIM` token.
-
-First, we need a little shell environment. Run the following in your terminal/shell:
-
-.. code-block:: bash
-   :linenos:
-
-    export WIRE_BACKEND=https://prod-nginz-https.wire.com
-    export WIRE_ADMIN=...
-    export WIRE_PASSWD=...
-
-Wire's SCIM API currently supports a variant of HTTP basic auth.
-
-In order to create a token in your team, you need to authenticate using your team admin credentials.
-
-The way this works behind the scenes in your browser or cell phone, and in plain sight if you want to use curl, is you need to get a Wire token.
-
-First install the ``jq`` command (https://stedolan.github.io/jq/):
-
-.. code-block:: bash
-
-    sudo apt install jq
-
-.. note::
-
-   If you don't want to install ``jq``, you can just call the ``curl`` command and copy the access token into the shell variable manually.
-
-Then run:
-
-.. code-block:: bash
-    :linenos:
-
-    export BEARER=$(curl -X POST \
-    --header 'Content-Type: application/json' \
-    --header 'Accept: application/json' \
-    -d '{"email":"'"$WIRE_ADMIN"'","password":"'"$WIRE_PASSWD"'"}' \
-    $WIRE_BACKEND/login'?persist=false' | jq -r .access_token)
-
-This token will be good for 15 minutes; after that, just repeat the command above to get a new token.
-
-.. note::
-    SCIM requests are authenticated with a SCIM token, see below. SCIM tokens and Wire tokens are different things.
-
-    A Wire token is necessary to get a SCIM token. SCIM tokens do not expire, but need to be deleted explicitly.
-
-You can test that you are logged in with the following command:
-
-.. code-block:: bash
-
-    curl -X GET --header "Authorization: Bearer $BEARER" $WIRE_BACKEND/self
-
-Now you are ready to create a SCIM token:
-
-.. code-block:: bash
-    :linenos:
-
-    export SCIM_TOKEN_FULL=$(curl -X POST \
-    --header "Authorization: Bearer $BEARER" \
-    --header 'Content-Type: application/json;charset=utf-8' \
-    -d '{ "description": "test '"`date`"'", "password": "'"$WIRE_PASSWD"'" }' \
-    $WIRE_BACKEND/scim/auth-tokens)
-    export SCIM_TOKEN=$(echo $SCIM_TOKEN_FULL | jq -r .token)
-    export SCIM_TOKEN_ID=$(echo $SCIM_TOKEN_FULL | jq -r .info.id)
-
-The SCIM token is now contained in the ``SCIM_TOKEN`` environment variable.
-
-You can look it up again with:
-
-.. code-block:: bash
-    :linenos:
-
-    curl -X GET --header "Authorization: Bearer $BEARER" \
-    $WIRE_BACKEND/scim/auth-tokens
-
-And you can delete it with:
-
-.. code-block:: bash
-    :linenos:
-
-    curl -X DELETE --header "Authorization: Bearer $BEARER" \
-    $WIRE_BACKEND/scim/auth-tokens?id=$SCIM_TOKEN_ID
-
-Using a SCIM token to Create Read Update and Delete (CRUD) users
-''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-Now that you have your SCIM token, you can use it to talk to the SCIM API to manipulate (create, read, update, delete) users, either individually or in bulk.
-
-**JSON encoding of SCIM Users**
-
-In order to manipulate users using commands, you need to specify user data.
-
-A minimal definition of a user is written in JSON format and looks like this:
-
-.. code-block:: json
-    :linenos:
-
-    {
-       "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
-       "externalId"  : "nick@example.com",
-       "userName"    : "nick",
-       "displayName" : "The Nick"
-    }
-
-You can store it in a variable using this sort of command:
-
-.. code-block:: bash
-    :linenos:
-
-    export SCIM_USER='{
-       "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
-       "externalId"  : "nick@example.com",
-       "userName"    : "nick",
-       "displayName" : "The Nick"
-    }'
-
-The ``externalId`` is used to construct a SAML identity.  Two cases are
-currently supported:
-
-1. ``externalId`` contains a valid email address.
-   The SAML ``NameID`` has the form ``<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">me@example.com</NameID>``.
-2. ``externalId`` contains anything that is *not* an email address.
-   The SAML ``NameID`` has the form ``<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">...</NameID>``.
-
-.. note::
-
-    It is important to configure your SAML provider to use ``nameid-format:emailAddress`` or ``nameid-format:unspecified``.  Other nameid formats are not supported at this moment.
-
-    See `FAQ <https://docs.wire.com/how-to/single-sign-on/trouble-shooting.html#how-should-i-map-user-data-to-scim-attributes-when-provisioning-users-via-scim>`_
-
-We also support custom fields that are used in rich profiles in this form (see: https://github.com/wireapp/wire-server/blob/develop/docs/reference/user/rich-info.md):
-
-.. code-block:: bash
-   :linenos:
-
-    export SCIM_USER='{
-      "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:wire:scim:schemas:profile:1.0"],
-      "externalId"  : "rnick@example.com",
-      "userName"    : "rnick",
-      "displayName" : "The Rich Nick",
-      "urn:wire:scim:schemas:profile:1.0": {
-         "richInfo": [
-            {
-            "type": "Department",
-            "value": "Sales & Marketing"
-            },
-            {
-            "type": "Favorite color",
-            "value": "Blue"
-            }
-         ]
-      }
-    }'
-
-**How to create a user**
-
-You can create a user using the following command:
-
-.. code-block:: bash
-   :linenos:
-
-    export STORED_USER=$(curl -X POST \
-     --header "Authorization: Bearer $SCIM_TOKEN" \
-     --header 'Content-Type: application/json;charset=utf-8' \
-     -d "$SCIM_USER" \
-     $WIRE_BACKEND/scim/v2/Users)
-    export STORED_USER_ID=$(echo $STORED_USER | jq -r .id)
-
-Note that ``$SCIM_USER`` is in the JSON format and is declared before running this commend as described in the section above.
-
-**Get a specific user**
-
-.. code-block:: bash
-   :linenos:
-
-    curl -X GET \
-      --header "Authorization: Bearer $SCIM_TOKEN" \
-      --header 'Content-Type: application/json;charset=utf-8' \
-      $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID
-
-**Search a specific user**
-
-SCIM user search is quite flexible.  Wire currently only supports lookup by wire handle or email address.
-
-Email address (and/or SAML NameID, if /a):
-
-.. code-block:: bash
-   :linenos:
-
-    curl -X GET \
-      --header "Authorization: Bearer $SCIM_TOKEN" \
-      --header 'Content-Type: application/json;charset=utf-8' \
-      $WIRE_BACKEND/scim/v2/Users/'?filter=externalId%20eq%20%22me%40example.com%22'
-
-Wire handle: same request, just replace the query part with
-
-.. code-block:: bash
-
-    '?filter=userName%20eq%20%22me%22'
-
-**Update a specific user**
-
-For each put request, you need to provide the full json object.  All omitted fields will be set to ``null``.  (If you do not have an up-to-date user present, just ``GET`` one right before the ``PUT``.)
-
-.. code-block:: bash
-   :linenos:
-
-    export SCIM_USER='{
-      "schemas"     : ["urn:ietf:params:scim:schemas:core:2.0:User"],
-      "externalId"  : "rnick@example.com",
-      "userName"    : "newnick",
-      "displayName" : "The New Nick"
-    }'
-
-.. code-block:: bash
-   :linenos:
-
-    curl -X PUT \
-     --header "Authorization: Bearer $SCIM_TOKEN" \
-     --header 'Content-Type: application/json;charset=utf-8' \
-     -d "$SCIM_USER" \
-     $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID
-
-**Deactivate user**
-
-It is possible to temporarily deactivate an user (and reactivate him later) by setting his ``active`` property to ``true/false`` without affecting his device history.  (`active=false` changes the wire user status to `suspended`.)
-
-**Delete user**
-
-.. code-block:: bash
-   :linenos:
-
-    curl -X DELETE \
-      --header "Authorization: Bearer $SCIM_TOKEN" \
-      $WIRE_BACKEND/scim/v2/Users/$STORED_USER_ID

From 4bfc91a7d4e50df3bf6386e092a42ae0c948ab21 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Thu, 12 Jan 2023 17:41:05 +0100
Subject: [PATCH 03/38] Update Federation docs (#2982)

---
 .../how-to/install/configure-federation.md    | 107 +++---
 docs/src/understand/federation/api.md         | 342 +++++++++---------
 .../src/understand/federation/architecture.md | 313 +++-------------
 .../federation/backend-communication.md       | 167 +++++++++
 docs/src/understand/federation/glossary.md    | 108 ------
 .../federation/img/federation-apis-flow.png   | Bin 0 -> 64907 bytes
 .../federation/img/federation-apis-flow.txt   |  32 ++
 .../federation/img/federation-flow.png        | Bin 144554 -> 142892 bytes
 .../federation/img/federation-flow.txt        |  55 ++-
 docs/src/understand/federation/index.md       |  30 +-
 .../src/understand/federation/introduction.md |  45 ---
 docs/src/understand/federation/replace.sh     |  11 -
 docs/src/understand/federation/roadmap.md     | 112 ------
 13 files changed, 533 insertions(+), 789 deletions(-)
 create mode 100644 docs/src/understand/federation/backend-communication.md
 delete mode 100644 docs/src/understand/federation/glossary.md
 create mode 100644 docs/src/understand/federation/img/federation-apis-flow.png
 create mode 100644 docs/src/understand/federation/img/federation-apis-flow.txt
 delete mode 100644 docs/src/understand/federation/introduction.md
 delete mode 100644 docs/src/understand/federation/replace.sh
 delete mode 100644 docs/src/understand/federation/roadmap.md

diff --git a/docs/src/how-to/install/configure-federation.md b/docs/src/how-to/install/configure-federation.md
index 38d53af30f..c7e46849bc 100644
--- a/docs/src/how-to/install/configure-federation.md
+++ b/docs/src/how-to/install/configure-federation.md
@@ -1,20 +1,12 @@
 (configure-federation)=
 # Configure Wire-Server for Federation
 
-<!-- (background)= -->
-## Background
+See also {ref}`federation-understand`, which explains the architecture and concepts.
 
-Please first understand the current scope and aim of wire-server
-federation by reading
-{ref}`Understanding federation <federation-understand>`.
-
-```{warning}
-As of October 2021, federation implementation is still work in progress.
-Many features are not implemented yet, and it should be considered
-\"alpha\": stability, and upgrade compatibility are not guaranteed.
+```{note}
+The Federation development is work in progress.
 ```
 
-<!-- (summary-of-necessary-steps-to-configure-federation)= -->
 ## Summary of necessary steps to configure federation
 
 The steps needed to configure federation are as follows and they will be
@@ -22,32 +14,32 @@ detailed in the sections below:
 
 -   Choose a backend domain name
 
--   DNS setup for federation (including an `SRV` record)
+-   DNS setup for federation (including a `SRV` record)
 
 -   Generate and configure TLS certificates:
 
-    > -   server certificates
-    > -   client certificates
-    > -   a selection of CA certificates you trust when interacting with
-    >     other backends
+    -   server certificates
+    -   client certificates
+    -   a selection of CA certificates you trust when interacting with
+        other backends
 
 -   Configure helm charts : federator and ingress and webapp subcharts
 
 -   Test that your configurations work as expected.
 
 (choose-backend-domain)=
-## Choose a {ref}`Backend Domain Name<glossary_backend_domain>`
-
-As of the release \[helm chart 0.129.0, Wire docker version 2.94.0\]
-from 2020-12-15, a Backend Domain (set as `federationDomain` in
-configuration) is a mandatory configuration setting. Regardless of
-whether you want to enable federation for a backend or not, you must
-decide what its domain is going to be. This helps in keeping things
-simpler across all components of Wire and also enables to turn on
+## Choose a Backend Domain
+
+As of the release \[helm chart 0.129.0, Wire docker version 2.94.0\] from
+2020-12-15, the `federationDomain` is a mandatory configuration setting, which
+defines the {ref}`backend domain <glossary_backend_domain>` of your
+installation. Regardless of whether you want to enable federation for a backend
+or not, you must decide what its domain is going to be. This helps in keeping
+things simpler across all components of Wire and also enables to turn on
 federation in the future if required.
 
 It is highly recommended that this domain is configured as something
-  * [ ] that is controlled by the administrator/operator(s). The actual servers
+that is controlled by the administrator/operator(s). The actual servers
 do not need to be available on this domain, but you MUST be able to set
 an SRV record for `_wire-server-federator._tcp.<Backend Domain>` that
 informs other wire-server backends where to find your actual servers.
@@ -57,41 +49,40 @@ breaking experience for all the users which are already using the
 backend.
 
 (consequences-backend-domain)=
-## Consequences of the choice of Backend Domain
+## Consequences of the choice of a backend domain
 
--   You need control over a specific subdomain of this Backend Domain
+-   You need control over a specific subdomain of this backend domain
     (to set an SRV DNS record as explained in the next section). Without
     this control, you cannot federate with anyone.
 
--   This Backend Domain becomes part of the underlying identify of all
+-   This backend domain becomes part of the underlying identity of all
     users on your servers.
 
-    > -   Example: Let\'s say you choose `example.com` as your Backend
-    >     Domain. Your user known to you as Alice, and known on your
-    >     server with ID `ac41a202-2555-11ec-9341-00163e5e6c00` will
-    >     become known for other servers you federate with as
-    >
-    >     ``` json
-    >     {
-    >       "user": {
-    >         "id": "ac41a202-2555-11ec-9341-00163e5e6c00",
-    >         "domain": "example.com"
-    >       }
-    >     }
-    >     ```
-
--   As of October 2021, this domain is used in the User Interface
-    alongside user information. (This may or may not change in the
-    future)
-
-    > -   Example: Using the same example as above, for backends you
-    >     federate with, Alice would be displayed with the
-    >     human-readable username `@alice@example.com` for users on
-    >     other backends.
+    Example: Let\'s say you choose `example.com` as your backend
+    domain. Your user known to you as Alice, and known on your
+    server with ID `ac41a202-2555-11ec-9341-00163e5e6c00` will
+    become known for other servers you federate with as
+    
+    ``` json
+    {
+      "user": {
+        "id": "ac41a202-2555-11ec-9341-00163e5e6c00",
+        "domain": "example.com"
+      }
+    }
+    ```
+
+-   This domain is shown in the User Interface
+    alongside user information. 
+
+    Example: Using the same example as above, for backends you
+    federate with, Alice would be displayed with the
+    human-readable username `@alice@example.com` for users on
+    other backends.
 
 ```{warning}
-As of October 2021, *changing* this Backend Domain after existing user
-activity with a recent version (versions later than \~May/June 2021)
+*Changing* the backend domain after existing user
+activity with a client version (versions later than May/June 2021)
 will lead to undefined behaviour (untested, not accounted for during
 development) on some or all client platforms (Web, Android, iOS) for
 those users: It is possible your clients could crash, or lose part of
@@ -127,7 +118,7 @@ The fields of the SRV record need to be populated as follows
 -   `weight`: \>0 for your server to be reachable. A good default value
     could be 10
 -   `port`: `443`
--   `target`: \<federation-infra-domain\>
+-   `target`: the infra domain
 
 To give an example, assuming
 
@@ -137,7 +128,7 @@ To give an example, assuming
     `<service>.wire.example.org`
 
 then your federation
-{ref}`Infra Domain <glossary_infra_domain>`
+{ref}`Infrastructure Domain <glossary_infra_domain>`
 would be `federator.wire.example.org`.
 
 The SRV record would look as follows:
@@ -159,6 +150,7 @@ alongside your other DNS records that point to the ingress component,
 also needs to point to the IP of your ingress, i.e. the IP you want to
 provide services on.
 
+(federation-certificate-setup)=
 ## Generate and configure TLS server and client certificates 
 
 Are your servers on the public internet? Then you have the option of
@@ -169,7 +161,7 @@ public internet or you would like to use your own CA, go to subsection
 
 ```{admonition} Note
 
-As of Jan 2022, we\'re using the
+As of January 2023, we\'re using the
 [hs-tls](https://hackage.haskell.org/package/tls) library for outgoing TLS
 connections to other backends, which only supports P256 for ECDSA keys.
 Therefore, we have specified a [key size of 256
@@ -252,7 +244,7 @@ You can use one single certificate and key for both server and client
 certificate use.
 
 ```{note}
-Currently (October 2021), due to a limitation of the TLS library in use
+Due to a limitation of the TLS library in use
 for federation ([hs-tls](https://github.com/vincenthz/hs-tls)), only
 some ciphers are supported. Moving to an openssl-based library is
 planned, which will provide support for a wider range of ciphers.
@@ -449,6 +441,7 @@ tls:
   verify_depth: 3 # default: 1
 ```
 
+(configure-federation-allow-list)=
 ### Configure the allow list
 
 By default, federation is turned off (allow list set to the empty list):
@@ -525,7 +518,7 @@ DOMAIN to your
 {ref}`federation infra domain <glossary_infra_domain>`. They should include your domain as part of the SAN (Subject
 Alternative Names) and not have expired.
 
-### Manually test that federation \"works\" 
+### Manually test that federation works 
 
 Prerequisites:
 
diff --git a/docs/src/understand/federation/api.md b/docs/src/understand/federation/api.md
index a11e38397d..2a8325606c 100644
--- a/docs/src/understand/federation/api.md
+++ b/docs/src/understand/federation/api.md
@@ -1,48 +1,77 @@
 (federation-api)=
 
-# API
+# Federation API
 
-The Federation API consists of two *layers*:
+(qualified-identifiers-and-names)=
+## Qualified Identifiers and Names
 
-1.  Between two backends (i.e. between a *Federator* and a
-    *Federation Ingress*)
-2.  Between backend-internal components
+The federated architecture is reflected in the structure of the various
+identifiers and names used in the API. Identifiers, such as user ids, are unique
+within the context of a backend. They are made unique within the context of all
+federating backend by combining them with the {ref}`backend domain
+<glossary_backend_domain>`.
 
-(qualified-identifiers-and-names)=
+For example a user with user id `d389b370-5f7d-4efd-9f9a-8d525540ad93` on
+backend `b.example.com` has the *qualified user id*
+`d389b370-5f7d-4efd-9f9a-8d525540ad93@b.example.com`. In API request bodies
+qualified identities are encoded as objects, e.g.
 
-## Qualified Identifiers and Names
+```
+{
+  "user": {
+      "id": "d389b370-5f7d-4efd-9f9a-8d525540ad93",
+      "domain": "b.example.com"
+  }
+  ...
+}
 
-The federated (and consequently distributed) architecture is reflected
-in the structure of the various identifiers and names used in the API.
-Before federation, identifiers were only unique in the context of a
-single backend; for federation, they are made globally unique by
-combining them with the federation domain of their backend. We call
-these combined identifiers *qualified* identifiers. While other parts of
-some identifiers or names may change, the domain name (i.e. the
-qualifying part) is static.
-
-In particular, we use the following identifiers throughout the API:
-
--   {ref}`glossary_qualified-user-id`: *user_uuid@backend-domain.com*
--   {ref}`glossary_qualified-user-name`: *user_name@backend-domain.com*
--   {ref}`glossary_qualified-client-id` attached to a QUID: *client_uuid.user_uuid@backend-domain.com*
--   {ref}`glossary_qualified-conversation-id` / {ref}`glossary_qualified-group-id`: *backend-domain.com/groups/group_uuid*
--   {ref}`glossary_qualified-team-id`: *backend-domain.com/teams/team_uuid*
-
-While the canonical representation for purposes of visualization is as
-displayed above, the API often decomposes the qualified identifiers into
-an (unqualified) id and a domain name. In the code and API
-documentation, we sometimes call a username a \"handle\" and a qualified
-username a \"qualified handle\".
-
-Besides the above names and identifiers, there are also user
-{ref}`glossary_display-name` (sometimes also
-referred to as \"profile names\"), which are not unique on the user\'s
-backend, can be changed by the user at any time and are not qualified.
+```
+In API path segments qualified identities are encoded with the domain first, e.g.
+```
+POST /connections/b.example.com/d389b370-5f7d-4efd-9f9a-8d525540ad93
+```
+to send a connection request to a user.
+
+Any identifier on a backend can be qualified:
+
+- conversation ids 
+- team ids
+- client ids
+- user ids
+- user handles, e.g. local handle `@alice` is displayed as `@alice@b.example.com` in federating users' devices
+
+User profile names (e.g. "Alice") which are not unique on the user\'s backend,
+can be changed by the user at any time and are not qualified.
 
 (api-between-federators)=
 
-## API between Federators
+## Federated requests
+
+Every federated API request is made by a service component (e.g. brig, galley,
+cargohold) in one backend and responded to by a service component in the other
+backend. The *Federators* of the backends are relaying the request between the
+components across backends . The components talk to each other via the
+*Federator* in the originating domain and *Federator Ingress* in the receiving
+domain (for details see {ref}`backend-to-backend-communication`).
+
+
+```{figure} ./img/federation-apis-flow.png
+---
+width: 100%
+---
+Federators relaying a request between components. See {ref}`federation-back2back-example` to see the discovery, authentication and authorization steps that are omitted from this figure.
+```
+
+### API From Components to Federator
+
+
+When making the call to the *Federator*, the components use HTTP2. They call the
+Federator's `Outward` service, which accepts `POST` requests with path
+`/rpc/:domain/:component/:rpc`. Such a request will be forwarded to the remote
+Federator with the given {ref}`backend domain<Backend-domains>`, and converted
+to the appropriate request of its `Inward` service.
+
+### API between Federators
 
 The layer between *Federator* acts as an envelope for communication
 between other components of wire server. The *Inward* service of
@@ -68,19 +97,10 @@ See {ref}`api-from-federator-to-components` for more details on RPCs and their p
 
 (api-from-components-to-federator)=
 
-## API From Components to Federator
-
-Between two federated backends, the components talk to each other via the
-*Federator* in the originating domain and *Ingress* in the receiving domain.
-When making the call to the *Federator*, the components use HTTP2. They call the
-`Outward` service, which accepts `POST` requests with path
-`/rpc/:domain/:component/:rpc`. Such a request will be forwarded to a remote
-federator with the given {ref}`Backend-domains`, and converted to the
-appropriate request for its `Inward` service.
 
 (api-from-federator-to-components)=
 
-## API From Federator to Components
+### API From Federator to Components
 
 The components expose a REST API over HTTP to be consumed by the
 *Federator*. All the paths start with `/federation`. When a *Federator*
@@ -107,13 +127,10 @@ attacks such as attempting to access `/federation/../users/by-handle`.
 ## List of Federation APIs exposed by Components
 
 Each component of the backend provides an API towards the *Federator*
-for access by other backends. For example on how these APIs are used,
-see the section on
-`end-to-end flows<end-to-end-flows>`{.interpreted-text role="ref"}.
-
+for access by other backends. 
 
 ```{note}
-This reflects status of API endpoints as of 2022-01-28. For latest APIs please
+This reflects status of API endpoints as of 2023-01-10. For latest APIs please
 refer to the corresponding source code linked in the individual section.
 ```
 
@@ -139,10 +156,15 @@ the backend.
     w.r.t. that term.
 -   `get-user-clients`: Given a list of user ids, return the lists of
     clients of each of the users.
+-   `get-user-clients`: Given a list of user ids, return a list of all their clients with public information
+-   `send-connection-action`: Make and also respond to user connection requests
+-   `on-user-deleted-connections`: Notify users that are connected to remote user about that user's deletion
+-   `get-mls-clients`: Request all [MLS](../../how-to/install/mls)-capable clients for a given user
+-   `claim-key-packages`: Claim a previously-uploaded KeyPackage of a remote user. User for adding users to MLS conversations.
 
 See [the brig source
 code](https://github.com/wireapp/wire-server/blob/master/libs/wire-api-federation/src/Wire/API/Federation/API/Brig.hs)
-for the current list of federated endpoints of the *Brig*, as well as
+for the current list of federated endpoints of *Brig*, as well as
 their precise inputs and outputs.
 
 (galley)=
@@ -153,46 +175,63 @@ Each backend keeps a record of the conversations that each of its
 members is a part of. The purpose of the Galley API is to allow backends
 to synchronize the state of the conversations of their members.
 
--   `on-conversation-created`: Given a name and a list of conversation
-    members, create a conversation locally. This is used to inform
-    another backend of a new conversation that involves their local
-    user(s).
--   `get-conversations`: Given a qualified user id and a list of
+- `get-conversations`: Given a qualified user id and a list of
     conversation ids, return the details of the conversations. This
     allows a remote backend to query conversation metadata of their
     local user from this backend. To avoid metadata leaks, the backend
     will check that the domain of the given user corresponds to the
     domain of the backend sending the request.
--   `on-conversation-updated`: Given a qualified user id and a qualified
+- `get-sub-conversation`: Get a MLS subconversation
+- `leave-conversation`: Given a remote user and a conversation id,
+    remove the the remote user from the (local) conversation.
+- `mls-welcome`: Send MLS welcome message to a new user owned by the called backend
+- `on-client-removed`: Inform called backend that a client of a user has been deleted
+- `on-conversation-created`: Given a name and a list of conversation
+    members, create a conversation locally. This is used to inform
+    another backend of a new conversation that involves their local
+    user(s).
+- `on-conversation-updated`: Given a qualified user id and a qualified
     conversation id, update the conversation details locally with the
     other data provided. This is used to alert remote backend of updates
     in the conversation metadata of conversations in which at least one
     of their local users is involved.
--   `leave-conversation`: Given a remote user and a conversation id,
-    remove the the remote user from the (local) conversation.
--   `on-message-sent`: Given a remote message and a conversation id,
+- `on-message-sent`: Given a remote message and a conversation id,
     propagate a message to local users. This is used whenever there is a
     remote user in a conversation (see end-to-end flows).
--   `send-message`: Given a sender and a raw message request, send a
+- `on-mls-message-sent`: Receive a MLS message that originates in the calling backend
+- `on-new-remote-conversation`: Inform the called backend about a conversation that exists on the calling backend. This request is made before the first time the backend might learn about this conversation, e.g. when its first user is added to the conversation.
+- `on-typing-indicator-updated`: Used by the calling backend (that owns a conversation) to inform the called backend about a change of the typing indicator status of remote user
+- `on-user-deleted-conversations`: When a user on calling backend this request is made for all conversations on the called backend was part of
+- `query-group-info`: Query the MLS public group state
+- `send-message`: Given a sender and a raw message request, send a
     message to a conversation owned by another backend. This is used
     when the user sending a message is not on the same backend as the
     conversation the message is sent in.
+- `send-mls-commit-bundle`: Send a MLS commit bundle to backend that owns the conversation
+- `send-mls-message`: Send MLS message to backend that owns the conversation
+- `update-conversation`: Calling backend requests a conversation action on the called backend which owns the conversation
 
 See [the galley source
 code](https://github.com/wireapp/wire-server/blob/master/libs/wire-api-federation/src/Wire/API/Federation/API/Galley.hs)
-for the current list of federated endpoints of the *Galley*, as well as
+for the current list of federated endpoints of *Galley*, as well as
 their precise inputs and outputs.
 
 (end-to-end-flows)=
 
-## End-to-End Flows
+### Cargohold
+- `get-asset`: Check if asset owned by called backend is available to calling backend
+- `stream-asset`: Stream asset owned by the called backend
 
-In the following end-to-end flows, we focus on the interaction between
-the Brigs and Galleys of federated backends. While the interactions are
-facilitated by the *Federator* and *Federation Ingress* components of
-the backends involved, which handle the necessary discovery,
-authentication and authorization steps, we won\'t mention these steps
-explicitly each time to keep the flows simple.
+See [the cargohold source
+code](https://github.com/wireapp/wire-server/blob/master/libs/wire-api-federation/src/Wire/API/Federation/API/Cargohold.hs)
+for the current list of federated endpoints of the *Cargohold*, as well as
+their precise inputs and outputs.
+
+## Example End-to-End Flows
+
+In the following the interactions between *Federator* and *Federation Ingress*
+components of the backends involved are omitted for simplicity. Also the backend
+domain and infra domain are assumed the same.
 
 Additionally we assume that the backend domain and the infra domain of
 the respective backends involved are the same and each domain identifies
@@ -202,125 +241,98 @@ a distinct backend.
 
 ### User Discovery
 
-In this flow, the user *A* at *backend-a.com* tries to search for user
-*B* at *backend-b.com*.
+In this flow, the user *Alice* at *a.example.com* tries to search for user
+*Bob* at *b.example.com*.
 
-1.  User *A@backend-a.com* enters the qualified user name of the target
-    user *B@backend-b.com* into the search field of their Wire client.
+1.  User *Alice* enters the qualified user name of the target
+    user *Bob* : `@bob@b.example.com` into the search field of their Wire client.
 2.  The client issues a query to `/search/contacts` of the Brig
-    searching for *B* at *backend-b.com*.
-3.  The Brig in *A*\'s backend asks its local *Federator* to query the
-    `search-users` endpoint of B\'s backend for *B*.
-4.  *A*\'s *Federator* queries *B*\'s Brig via *B*\'s *Federation
+    searching for *Bob* at *b.example.com*.
+3.  The Brig in *Alice*\'s backend asks its local *Federator* to query the
+    `search-users` endpoint in *Bob*\'s backend.
+4.  *Alice*\'s *Federator* queries *Bob*\'s Brig via *Bob*\'s *Federation
     Ingress* and *Federator* as requested.
-5.  *B*\'s Brig replies with *B*\'s user name and qualified handle, the
-    response goes through *B*\'s *Federator* and *Federation Ingress*,
-    as well as *A*\'s *Federator* before it reaches *A*\'s Brig.
-6.  *A*\'s Brig forwards that information to *A*\'s client.
+5.  *Bob*\'s Brig replies with *Bob*\'s user name and qualified handle, the
+    response goes through *Bob*\'s *Federator* and *Federation Ingress*,
+    as well as *Alice*\'s *Federator* before it reaches *A*\'s Brig.
+6.  *Alice*\'s Brig forwards that information to *A*\'s client.
 
 (conversation-establishment)=
 
 ### Conversation Establishment
 
-After having discovered user *B* at *backend-b.com*, user *A* at
-*backend-a.com* wants to establish a conversation with *B*.
+After having discovered user *Bob* at *b.example.com*, user *Alice* at
+*a.example.com* wants to establish a conversation with *Bob*.
 
 1.  From the search results of a
     {ref}`user discovery<user-discovery>`
-    process, *A* chooses to create a conversation with *B*.
-2.  *A*\'s client issues a `/users/backend-b.com/B/prekeys` query to
-    *A*\'s Brig.
-3.  *A*\'s Brig asks its *Federator* to query the `claim-prekey-bundle`
-    endpoint of *B*\'s backend using *B*\'s user id.
-4.  *B*\'s *Federation Ingress* forwards the query to the *Federator*,
+    process, *Alice* chooses to create a conversation with *Bob*.
+2.  *Alice*\'s client issues a `/users/b.example.com/<bobs-user-id>/prekeys` query to
+    *Alice*\'s Brig.
+3.  *Alice*\'s Brig asks its *Federator* to query the `claim-prekey-bundle`
+    endpoint of *Bob*\'s backend using *Bob*\'s user id.
+4.  *Bob*\'s *Federation Ingress* forwards the query to the *Federator*,
     who in turn forwards it to the local Brig.
-5.  *B*\'s Brig replies with a prekey bundle for each of *B*\'s clients,
-    which is forwarded to *A*\'s Brig via *B*\'s *Federator* and
-    *Federation Ingress*, as well as *A*\'s *Federator*.
-6.  *A*\'s Brig forwards that information to *A*\'s client.
-7.  *A*\'s client queries the `/conversations` endpoint of its Galley
-    using *B*\'s user id.
-8.  *A*\'s Galley creates the conversation locally and queries the
-    `on-conversation-created` endpoint of *B*\'s Galley (again via its
-    local *Federator*, as well as *B*\'s *Federation Ingress* and
+5.  *Bob*\'s Brig replies with a prekey bundle for each of *Bob*\'s clients,
+    which is forwarded to *Alice*\'s Brig via *Bob*\'s *Federator* and
+    *Federation Ingress*, as well as *Alice*\'s *Federator*.
+6.  *Alice*\'s Brig forwards that information to *A*\'s client.
+7.  *Alice*\'s client queries the `/conversations` endpoint of its Galley
+    using *Bob*\'s user id.
+8.  *Alice*\'s Galley creates the conversation locally and queries the
+    `on-conversation-created` endpoint of *Bob*\'s Galley (again via its
+    local *Federator*, as well as *Bob*\'s *Federation Ingress* and
     *Federator*) to inform it about the new conversation, including the
     conversation metadata in the request.
-9.  *B*\'s Galley registers the conversation locally and confirms the
+9.  *Bob*\'s Galley registers the conversation locally and confirms the
     query.
-10. *B*\'s Galley notifies *B*\'s client of the creation of the
+10. *Bob*\'s Galley notifies *Bob*\'s client of the creation of the
     conversation.
 
 (message-sending-a)=
 
-### Message Sending (A)
-
-Having established a conversation with user *B* at *backend-b.com*, user
-*A* at *backend-a.com* wants to send a message to user *B*.
-
-1.  In a conversation *conv-1@backend-a.com* on *A*\'s backend with
-    users *A@backend-a.com* and *B@backend-b.com*, *A* sends a message
-    by using the `/conversations/backend-a.com/conv-1/proteus/messages`
-    endpoint on *A*\'s Galley.
-2.  *A*\'s Galley checks if *A* included all necessary user devices in
-    their request. For that it makes a `get-user-clients` request to
-    *B*\'s Galley. *A*\'s Galley checks that the returned list of
-    clients matches the list of clients the message was encrypted for.
-3.  *A*\'s Galley sends the message to all clients in the conversation
-    that are part of *A*\'s backend.
-4.  *A*\'s Galley queries the `on-message-sent` endpoint on *B*\'s
-    Galley via its *Federator* and *B*\'s *Federation Ingress* and
-    *Federator*.
-5.  *B*\'s Galley will propagate the message to all local clients
-    involved in the conversation.
-
-(message-sending-b)=
-
-### Message Sending (B)
+### Message Sending
 
-Having received a message from user *A* at *backend-a.com*, user *B* at
-*backend-b.com* wants send a reply.
+Having established a conversation with user *Bob* at *b.example.com*, user
+*Alice* at *a.example.com* wants to send a message to user *Bob*.
 
-1.  In a conversation *conv-1@backend-a.com* on *A*\'s backend with
-    users *A@backend-a.com* and *B@backend-b.com*, *B* sends a message
-    by using the `/conversations/backend-a.com/conv-1/proteus/messages`
-    endpoint on *B*\'s backend.
-2.  *B*\'s Galley queries the `send-message` endpoint on *A*\'s backend.
-    *Steps 3-6 below are essentially the same as steps 2-5 in Message
-    Sending (A)*
-3.  *A*\'s Galley checks if *A* included all necessary user devices in
+1.  In a conversation *\<conv-id-1\>@a.example.com* on *Alice*\'s backend with
+    users *Alice* and *Bob*, *Alice* sends a message
+    by using the `/conversations/a.example.com/<conv-id-1>/proteus/messages`
+    endpoint on *Alice*\'s Galley.
+2.  *Alice*\'s Galley checks if *A* included all necessary user devices in
     their request. For that it makes a `get-user-clients` request to
-    *B*\'s Galley. *A*\'s Galley checks that the returned list of
+    *Bob*\'s Galley. *Alice*\'s Galley checks that the returned list of
     clients matches the list of clients the message was encrypted for.
-4.  *A*\'s Galley sends the message to all clients in the conversation
-    that are part of *A*\'s backend.
-5.  *A*\'s Galley queries the `on-message-sent` endpoint on *B*\'s
-    Galley via its *Federator* and *B*\'s *Federation Ingress* and
+3.  *Alice*\'s Galley sends the message to all clients in the conversation
+    that are part of *Alice*\'s backend.
+4.  *Alice*\'s Galley queries the `on-message-sent` endpoint on *Bob*\'s
+    Galley via its *Federator* and *Bob*\'s *Federation Ingress* and
     *Federator*.
-6.  *B*\'s Galley will propagate the message to all local clients
+5.  *Bob*\'s Galley will propagate the message to all local clients
     involved in the conversation.
 
-(error-codes)=
-
-## Error Codes
-
-This page describes the errors that can occur during federation.
-
-(authentication-errors)= 
-
-### Authentication Errors
-
-TODO for now, we only describe the errors here. Later, we should add
-exact error codes.
-
-TODO we might want to merge one or more of these errors
-
--   *authentication error*: occurs when a backend queries another
-    backend and provides either no client certificate, or a client
-    certificate that the receiving backend cannot authenticate
--   *authorization error*: occurs when a sending backend
-    authenticates successfully, but is not on the allow list of the
-    receiving backend
--   *discovery error*: occurs when a sending backend authenticates
-    successfully, but the [SRV]{.title-ref} record published for the
-    claimed domain of the sending backend doesn\'t match the SAN of the
-    sending backend\'s client certificate
+## Ownership
+
+Wire uses the concept of **ownership** as a guiding principle in the design of
+Federation. Every resource, e.g. user, conversation, asset, is **owned** by the
+backend on which it was *created*.
+
+A backend that owns a resource is the source of truth for it. For example, for
+users this means that information about user *Alice* which is owned by backend
+*A* is stored only on backend *A*. If any federating backend needs information
+about the user *Alice*, e.g. the profile information, it needs to request that
+information from *A*.
+
+In some cases backends locally store partial information of resources they don't
+own. For example a backend stores a reference to any remotely-owned conversation
+any of its users is participating in. However, to get the full list of all
+participants of a remote conversation, the owning backend needs to be queried.
+
+Ownership is reflected in the naming convention of federation RPCs. Any rpc
+named with prefix `on-` is always invoked by the backend that owns the resource
+to inform federating backends. For example, if a user leaves a remote
+conversation its backend would call the `leave-conversation` rpc on the remote
+conversation. The remote backend would remove the user and inform all other
+federating backends that participate in that conversation of this change by
+calling their `on-conversation-updated` rpc.
diff --git a/docs/src/understand/federation/architecture.md b/docs/src/understand/federation/architecture.md
index 5d3c7ec762..392806ac91 100644
--- a/docs/src/understand/federation/architecture.md
+++ b/docs/src/understand/federation/architecture.md
@@ -1,67 +1,54 @@
-(architecture-and-network)= 
+(federation-architecture)=
+# Federation Achitecture
 
-# Architecture and Network
+(glossary_backend)=
 
-(federation-architecture)=
+## Backends
 
-## Architecture
+In the following we call a **backend** the set of servers, databases and DNS
+configurations that together form one single Wire Server entity as seen from
+outside. It can also be called a Wire \"instance\" or \"server\" or \"Wire
+installation\". Every resource (e.g. users, conversations, assets and teams)
+exists and is *owned* by a single backend, which we can refer to as that
+resource\'s backend.
 
-To facilitate connections between federated backends, two new components
-are added to each backend:
-{ref}`federation_ingress` and
-{ref}`federator`. The
-*Federation Ingress* is, as the name suggests the ingress point for
-incoming connections from other backends, which are then forwarded to
-the *Federator*. The *Federator* then further processes the requests. In
-addition, the *Federator* also acts as *egress* point for requests from
+The communication between federated backends is facilitated by two components in
+each backend: {ref}`federation_ingress` and {ref}`federator`. The
+*Federation Ingress* is, as the name suggests the
+ingress point for incoming connections from other backends, which are then
+forwarded to the *Federator*. The *Federator* forwards requests
+to internal components. It also acts as a *egress* point for requests from
 internal backend components to other, remote backends.
 
-![image](img/federated-backend-architecture.png){width="100.0%"}
+![image](img/federated-backend-architecture.png)
 
 (backend-domains)=
 
-### Backend domains
+(glossary_infra_domain)=
+(glossary_backend_domain)=
 
-Each backend has two domain strings: an *infrastructure domain* and a
-*backend domain*.
+## Backend domains
 
-The *infrastructure domain* is the domain name under which the backend
+Each backend has two domain: an {ref}`infrastructure domain <glossary_infra_domain>` and a
+{ref}`backend domain <glossary_backend_domain>`.
+
+The **infrastructure domain** (short **infra domain**) is the domain name under which the backend
 is actually reachable via the network. It is also the domain name that
 each backend uses in authenticating itself to other backends.
 
-Similarly, there is the *backend domain*, which is used to qualify the
+Similarly, there is the **backend domain**, which is used to {ref}`qualify <qualified-identifiers-and-names>` the
 names and identifiers of users local to an individual backend in the
-context of federation. For example, a user with (unqualified) user name
-*jane_doe* at a backend with backend domain *company-a.com* has the
-qualified user name *jane_doe@company-a.com*, which is visible to users
-of other backends in the context of federation.
-
-See
-{ref}`qualified-identifiers-and-names`
-The distinction between the two domains allows the owner of a (backend)
-domain (e.g. *company-a.com*) to host their Wire backend under a
-different (infra) domain (e.g. *wire.infra.company-a.com*).
+context of federation.
 
-(backend-components)=
-
-### Backend components
-
-In addition to the regular components of a Wire backend, two additional
-components are added to enable federation with other backends: The
-*Federation Ingress* and the *Federator*. Other Wire components use
-these two components to contact other backends and respond to queries
-originating from remote backends.
-
-The following subsections briefly introduce the individual components,
-their state and their functionality. The semantics of backend-to-backend
-communication will be explained in more detail in the Section on
-{ref}`federation-api`
+The distinction between the two domains allows the owner of a backend
+domain, e.g. `example.com`, to host their Wire backend under a
+different infra domain, e.g. `wire.infra.example.com`.
 
 (federation_ingress)=
 
-#### Federation Ingress
+## Federation Ingress
 
-The *Federation Ingress* is a [kubernetes
+The *Federation Ingress* is a [Kubernetes
 ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)
 and uses [nginx](https://nginx.org/en/) as its underlying software.
 
@@ -72,16 +59,14 @@ other backends.
 
 Its functions are:
 
--   terminate TLS connections
-    -   perform mutual {ref}`authentication` as
-        part of the TLS connection establishment
--   forward requests to the local
-    {ref}`federator` instance,
-    along with the remote backend\'s client certificate
+-   to terminate TLS connections
+-   to perform mutual {ref}`authentication` as part of the TLS connection establishment
+-   to forward requests to the local {ref}`federator` instance, along with the
+    remote backend\'s client certificate
 
 (federator)=
 
-#### Federator
+## Federator
 
 The *Federator* performs additional authorization checks after receiving
 federated requests from the *Federation Ingress* and acts as egress
@@ -96,14 +81,11 @@ Additionally, it requires a connection to a DNS resolver to
 When receiving a request from an internal component, the *Federator*
 will:
 
-1.  If enabled, ensure the target domain is in the
-    {ref}`allow-list`
-2.  {ref}`discover <discovery>` the other
-    backend,
-3.  establish a
-    {ref}`mutually authenticated channel <authentication>` to the other backend using its client certificate,
-4.  send the request to the other backend and
-5.  forward the response back to the originating component (and
+1.  If enabled, ensure the target domain is in the allow list,
+2.  Discover the other backend,
+3.  Establish a {ref}`mutually authenticated channel <authentication>` to the other backend using its client certificate,
+4.  Send the request to the other backend and
+5.  Forward the response back to the originating component (and
     eventually to the originating Wire client).
 
 The *Federator* also implements the authorization logic for incoming
@@ -112,20 +94,20 @@ the internal components. The *Federator* will, for incoming requests
 from remote backends (forwarded via the local
 {ref}`Federation Ingress <federation_ingress>`):
 
-1.  {ref}`Discover <discovery>` the mapping
+1.  Discover the mapping
     between backend domain claimed by the remote backend and its infra
     domain,
-2.  verify that the discovered infra domain matches the domain in the
+2.  Verify that the discovered infra domain matches the domain in the
     remote backend\'s client certificate,
-3.  if enabled, ensure that the backend domain of the other backend is
-    in the {ref}`allow list <allow-list>`,
-4.  forward requests to other wire-server components.
+3.  If enabled, ensure that the backend domain of the other backend is
+    in the allow list.
+4.  Forward requests to other wire-server components.
 
 (other-wire-server)=
 
-#### Other wire-server components
+## Service components
 
-Components such as \'brig\', \'galley\', or \'gundeck\' are responsible
+Components such as Brig, Galley, Cargohold are responsible
 for actual business logic and interfacing with databases and
 non-federation related external services. See [source code
 documentation](https://github.com/wireapp/wire-server). In the context
@@ -134,205 +116,8 @@ of federation, their functions include:
 -   For incoming requests from other backends:
     {ref}`per-request authorization<per-request-authorization>`
 -   Outgoing requests to other backends are always sent via a local
-    {ref}`Federator` instance.
+    Federator instance.
 
 For more information of the functionalities provided to remote backends
 through their *Federator*, see the
 {ref}`federated API documentation<api-endpoints>`.
-
-(backend-to-backend-communication)=
-
-## Backend to backend communication
-
-We require communication between the *Federator* of one (sending)
-backend and the ingress of another (receiving) backend to be both
-mutually authenticated and authorized. More specifically, both backends
-need to ensure the following:
-
-- **Authentication**
-
-    Determine the identity (infra domain name) of the other backend.
-
-- **Discovery**
-
-    Ensure that the other backend is authorized to represent the backend
-    domain claimed by the other backend.
-
-- **Authorization**
-
-    Ensure that this backend is authorized to federate with the other backend.
-
-(authentication)=
-
-### Authentication
-
-```{warning}
-As of January 2022, the implementation of mutual backend-to-backend authentication is still subject to change. The behaviour described in this section should be considered a draft specification only.
-```
-
-Authentication between Wire backends is achieved using the mutual
-authentication feature of TLS as defined in [RFC
-8556](https://tools.ietf.org/html/rfc8446).
-
-In particular, this means that the ingress of each backend needs to be
-provisioned with one or more certificates which the ingress trusts to
-authenticate certificates provided by other backends when accepting
-incoming connections.
-
-Conversely, every *Federator* needs to be provisioned with a (client)
-certificate which it uses to authenticate itself towards other backends.
-
-Note that the client certificate is expected to be issued with the
-backend\'s infra domain as one of the subject alternative names (SAN),
-which is defined in [RFC 5280](https://tools.ietf.org/html/rfc5280).
-
-If a receiving backend fails to authenticate the client certificate, it should
-reply with an *authentication error* (see {ref}`authentication-errors`)
-
-(discovery)=
-
-### Discovery
-
-The discovery process allows a backend to determine the infra domain of
-a given backend domain.
-
-This step is necessary in two scenarios:
-
--   A backend would like to establish a connection to another backend
-    that it only knows the backend domain of. This is the case, for
-    example, when a user of a local backend searches for a
-    {ref}`qualified username <glossary_qualified-user-name>`, which only includes that user\'s backend\'s backend
-    domain.
--   When receiving a message from another backend that authenticates
-    with a given infra domain and claims to represent a given backend
-    domain, a backend would like to ensure the backend domain owner
-    authorized the owner of the infra domain to run their Wire backend.
-
-To make discovery possible, any party hosting a Wire backend has to
-announce the infra domain via a DNS *SRV* record as defined in [RFC
-2782](https://tools.ietf.org/html/rfc2782) with
-`service = wire-server-federator, proto = tcp` and with `name` pointing
-to the backend\'s domain and *target* to the backend\'s infra domain.
-
-For example, Company A with backend domain *company-a.com* and infra
-domain *wire.company-a.com* could publish
-
-``` bash
-_wire-server-federator._tcp.company-a.com. 600  IN  SRV 10 5 443 federator.wire.company-a.com.
-```
-
-A backend can then be discovered, given its domain, by issuing a DNS
-query for the SRV record specifying the *wire-server-federator* service.
-
-(dns-scope)=
-
-#### DNS Scope
-
-The network scope of the SRV record (as well as that of the DNS records
-for backend and infra domain), depends on the desired federation
-topology in the same way as other parameters such as the availability of
-the CA certificate that allows authentication of the *Federation
-Ingress*\' server certificate or the *Federator*\'s client certificate.
-The general rule is that the SRV entry should be \"visible\" from the
-point of view of the desired federation partners. The exact scope
-strongly depends on the network architecture of the backends involved.
-
-(srv-ttl-and-caching)=
-
-#### SRV TTL and Caching
-
-After retrieving the SRV record for a given domain, the local backend
-caches the *backend domain \<\--\> infra domain* mapping for the
-duration indicated in the TTL field of the record.
-
-Due to this caching behaviour, the TTL value of the SRV record dictates
-at which intervals remote backends will refresh their mapping of the
-local backend\'s backend domain to infra domain. As a consequence a
-value in the order of magnitude of 24 hours will reduce the amount of
-overhead for remote backends.
-
-On the other hand in the setup phase of a backend, or when a change of
-infra domain is required, a TTL value in the magnitude of a few minutes
-allows remote backends to recover more quickly from a change of infra
-domain.
-
-(authorization)=
-
-### Authorization
-
-After an incoming connection is authenticated, a second step is required
-to ensure that the sending backend is authorized to connect to the
-receiving backend. As the backend authenticates using its infra domain,
-but the allow list contains backend domains (which is not necessarily
-the same) the sending backend also needs to provide its backend domain.
-
-To make this possible, requests to remote backends are required to
-contain a `Wire-Origin-Domain` header, which contains the remote
-backend\'s domain.
-
-While the receiving backend has authenticated the sending backend as the
-infra domain, it is not clear that the sending backend is indeed
-authorized by the owner of the backend domain to host the Wire backend
-of that particular domain.
-
-To perform this extra authorization step, the receiving backend follows
-the process described in {ref}`discovery` and
-checks that the discovered infra domain for the backend domain indicated
-in the `Wire-Domain` header is one of the Subject Alternative Names
-contained in the sending backend\'s client certificate. If this is not
-the case, the receiving backend replies with a *discovery error* (see {ref}`authentication-errors`)
-
-Finally, the receiving backend checks if the domain of the sending
-backend is in the {ref}`allow-list` and replies
-with an `*authorization error*` (see {ref}`authentication-errors`) if it is not.
-
-
-(allow-list)=
-
-#### Domain Allow List
-
-Federation can happen between any backends on a network (e.g. the open
-internet); or it can be restricted via server configuration to happen
-between a specified set of domains on an \'allow list\'. If an allow
-list is configured, then:
-
--   outgoing requests will only happen if the requested domain is
-    contained in the allow list.
--   incoming requests: if the domain of the sending backend is not in
-    the allow list, any request originating from that domain is replied
-    to with an
-    `authorization error <authorization error>`{.interpreted-text
-    role="ref"}
-
-(per-request-authorization)=
-
-#### Per-request authorization
-
-In addition to the general authorization step that is performed by the
-federator when a new, mutually authenticated TLS connection is
-established, the component processing the request performs an
-additional, per-request authorization step.
-
-How this step is performed depends on the API endpoint, the contents of
-the request and the context in which it is made.
-
-See the documentation of the individual {ref}`API endpoints <api-endpoints>` for
-details.
-
-(example)=
-
-### Example
-
-The following is an example for the message and information flow between
-a backend with backend domain `a.com` and infra domain `infra.a.com` and
-another backend with backend domain `b.com` and infra domain
-`infra.b.com`.
-
-The content and format of the message is meant to be representative. For
-the definitions of the actual payloads, please see the {ref}`federation
-API<federation-api>` section.
-
-The scenario is that the brig at `infra.a.com` has received a user
-search request from *Alice*, one of its clients.
-
-![image](img/federation-flow.png)
diff --git a/docs/src/understand/federation/backend-communication.md b/docs/src/understand/federation/backend-communication.md
new file mode 100644
index 0000000000..7fa3e71cb9
--- /dev/null
+++ b/docs/src/understand/federation/backend-communication.md
@@ -0,0 +1,167 @@
+(backend-to-backend-communication)=
+
+# Backend to backend communication
+
+We require communication between the {ref}`federator` of one (sending)
+backend and the {ref}`federation_ingress` of another (receiving) backend to be both
+mutually authenticated and authorized. More specifically, both backends
+need to ensure the following:
+
+- **Authentication**
+
+    Determine the identity (infra domain name) of the other backend.
+
+- **Discovery**
+
+    Ensure that the other backend is authorized to represent the backend
+    domain claimed by the other backend.
+
+- **Authorization**
+
+    Ensure that this backend is authorized to federate with the other backend.
+
+(authentication)=
+
+## Authentication
+
+Authentication between Wire backends is achieved using the mutual
+authentication feature of TLS as defined in [RFC
+8556](https://tools.ietf.org/html/rfc8446).
+
+In particular, this means that the ingress of each backend needs to be
+provisioned with one or more trusted root certificates to authenticate
+certificates provided by other backends when accepting incoming connections.
+
+Conversely, every *Federator* needs to be provisioned with a client
+certificate which it uses to authenticate itself towards other backends.
+
+Note that the client certificate is required to be issued with the backend\'s
+infra domain as one of the subject alternative names (SAN), which is defined in
+[RFC 5280](https://tools.ietf.org/html/rfc5280).
+
+See {ref}`federation-certificate-setup` for technical instructions.
+
+If a receiving backend fails to authenticate the client certificate, it fails the request
+with an `AuthenticationFailure` error.
+
+(discovery)=
+
+## Discovery
+
+The discovery process allows a backend to determine the infra domain of
+a given backend domain.
+
+This step is necessary in two scenarios:
+
+-   A backend would like to establish a connection to another backend
+    that it only knows the backend domain of. This is the case, for
+    example, when a user of a local backend searches for a
+    {ref}`qualified username <qualified-identifiers-and-names>`, which only includes that user\'s backend\'s backend
+    domain.
+-   When receiving a message from another backend that authenticates
+    with a given infra domain and claims to represent a given backend
+    domain, a backend would like to ensure the backend domain owner
+    authorized the owner of the infra domain to run their Wire backend.
+
+To make discovery possible, any party hosting a Wire backend has to
+announce the infra domain via a DNS *SRV* record as defined in [RFC
+2782](https://tools.ietf.org/html/rfc2782) with
+`service = wire-server-federator, proto = tcp` and with `name` pointing
+to the backend\'s domain and *target* to the backend\'s infra domain.
+
+For example, Company A with backend domain *company-a.com* and infra
+domain *wire.company-a.com* could publish
+
+``` bash
+_wire-server-federator._tcp.company-a.com. 600  IN  SRV 10 5 443 federator.wire.company-a.com.
+```
+
+A backend can then be discovered, given its domain, by issuing a DNS
+query for the SRV record specifying the *wire-server-federator* service.
+
+In case this process fails the Federator fails to forward the request with a `DiscoveryFailure` error.
+
+(dns-scope)=
+
+### DNS Scope
+
+The network scope of the SRV record (as well as that of the DNS records
+for backend and infra domain), depends on the desired federation
+topology in the same way as other parameters such as the availability of
+the CA certificate that allows authentication of the *Federation
+Ingress*\' server certificate or the *Federator*\'s client certificate.
+The general rule is that the SRV entry should be \"visible\" from the
+point of view of the desired federation partners. The exact scope
+strongly depends on the network architecture of the backends involved.
+
+(srv-ttl-and-caching)=
+
+### SRV TTL and Caching
+
+After retrieving the SRV record for a given domain, the local backend
+caches the *backend domain \<\--\> infra domain* mapping for the
+duration indicated in the TTL field of the record.
+
+Due to this caching behavior, the TTL value of the SRV record dictates
+at which intervals remote backends will refresh their mapping of the
+local backend\'s backend domain to infra domain. As a consequence a
+value in the order of magnitude of 24 hours will reduce the amount of
+overhead for remote backends.
+
+On the other hand in the setup phase of a backend, or when a change of infra
+domain is required, a TTL value in the magnitude of a few minutes allows remote
+backends to recover more quickly from a change of the infra domain.
+
+(authorization)=
+
+(allow-list)=
+
+## Authorization
+
+After an incoming connection is authenticated the backend authorizes the
+request. It does so by verifying that the backend domain of the sender is
+contained in the {ref}`domain allow list <configure-federation-allow-list>`.
+
+Since the request is authenticated only by the infra domain the sending backend
+is required to add its backend domain as a `Wire-Origin-Domain` header to the
+request. The receiving backend follows the process described in {ref}`discovery`
+and verifies that the discovered infra domain for the backend domain indicated
+in the `Wire-Origin-Domain` header is one of the Subject Alternative Names
+contained in the client certificate used to sign the request. If this is not the
+case, the receiving backend fails the request with a `ValidationError`.
+
+(per-request-authorization)=
+
+### Per-request authorization
+
+In addition to the general authorization step that is performed by the
+federator when a new, mutually authenticated TLS connection is
+established, the component processing the request performs an
+additional, per-request authorization step.
+
+How this step is performed depends on the API endpoint, the contents of
+the request and the context in which it is made.
+
+See the documentation of the individual {ref}`API endpoints <api-endpoints>` for
+details.
+
+(federation-back2back-example)=
+
+## Example
+
+The following is an example for the message and information flow between
+a backend with backend domain `a.com` and infra domain `infra.a.com` and
+another backend with backend domain `b.com` and infra domain
+`infra.b.com`.
+
+The content and format of the message is meant to be representative. For
+the definitions of the actual payloads, please see the {ref}`federation
+API<federation-api>` section.
+
+The scenario is that the brig at `infra.a.com` has received a user
+search request from *Alice*, one of its clients.
+
+```{image} img/federation-flow.png
+:width: 100%
+:align: center
+```
diff --git a/docs/src/understand/federation/glossary.md b/docs/src/understand/federation/glossary.md
deleted file mode 100644
index cfb0cdea6f..0000000000
--- a/docs/src/understand/federation/glossary.md
+++ /dev/null
@@ -1,108 +0,0 @@
-(glossary)=
-
-# Federation Glossary
-
-(glossary_backend)=
-## Backend
-> A set of servers, databases and DNS configurations together forming one single
-> Wire Server entity as seen from outside. This set of servers can be owned and
-> administrated by different legal entities in different countries. Sometimes
-> also called a Wire \"instance\" or \"server\" or \"Wire installation\". Every
-> resource (e.g. users, conversations, assets and teams) exists and is owned by
-> one specific backend, which we can refer to as that resource\'s backend
-
-(glossary_backend_domain)=
-## Backend Domain
-
-> The domain of a backend, which is used to qualify the names and
-> identifiers of resources (users, clients, groups, etc) that are local
-> to a given backend. See also 
-> {ref}`consequences-backend-domain`
-
-(glossary_infra_domain)=
-
-## Infrastructure Domain or Infra Domain
-
-> The domain under which the
-> `Federator <glossary_federator>`{.interpreted-text role="ref"} of a
-> given backend is reachable (via that backend\'s
-> `Ingress <glossary_federation_ingress>`{.interpreted-text role="ref"})
-> for other, remote backends.
-
-(glossary_federation_ingress)=
-
-## Federation Ingress
-
-> Federation Ingress is the first point of contact of a given `backend
-> <glossary_backend>`{.interpreted-text role="ref"} for other, remote
-> backends. It also deals with the `authentication`{.interpreted-text
-> role="ref"} of incoming requests. See
-> `here <federation_ingress>`{.interpreted-text role="ref"} for more
-> information.
-
-(glossary_federator)=
-
-## Federator
-
-> The [Federator]{.title-ref} is the local point of contact for
-> `other backend
-> components <other-wire-server>`{.interpreted-text role="ref"} that
-> want to make calls to remote backends. It is also the component that
-> deals with the `authorization`{.interpreted-text role="ref"} of
-> incoming requests from other backends after they have passed the
-> `Federation Ingress
-> <glossary_federation_ingress>`{.interpreted-text role="ref"}. See
-> `here <federator>`{.interpreted-text role="ref"} for more information.
-
-(glossary_asset)=
-## Asset
-
-> Any file or image sent via Wire (uploaded to and downloaded from a
-> backend).
-
-(glossary_qualified-user-id)=
-## Qualified User Identifier (QUID)
-
-> A combination of a UUID (unique on the user\'s backend) and a domain.
-
-(glossary_qualified-user-name)=
-## Qualified User Name (QUN)
-
-> A combination of a name that is unique on the user\'s backend and a
-> domain. The name is a string consisting of 2-256 characters which are
-> either lower case alphanumeric, dashes, underscores or dots. See
-> [here](https://github.com/wireapp/wire-server/blob/f683299a03207acb505254ff3121213383d0b672/libs/types-common/src/Data/Handle.hs#L76-L93)
-> for the code defining the rules for user names. Note that in the
-> wire-server source code, user names are called \'Handle\' and
-> qualified user names \'Qualified Handle\'.
-
-(glossary_qualified-client-id)=
-## Qualified Client Identifier (QDID)
-
-> A combination of a client identifier (a hash of the public key
-> generated for a user\'s client) concatenated with a dot and the QUID
-> of the associated user.
-
-(glossary_qualified-group-id)=
-## Qualified Group Identifier (QGID)
-
-> The string [backend-domain.com/groups/]{.title-ref} concatenated with
-> a UUID that is unique on a given backend.
-
-(glossary_qualified-conversation-id)=
-## Qualified Conversation Identifier (QCID)
-
-> The same as a `QGID <glossary_qualified-group-id>`{.interpreted-text
-> role="ref"}.
-
-(glossary_qualified-team-id)=
-## Qualified Team Identifier (QTID)
-
-> The string [backend-domain.com/teams/]{.title-ref} concatenated with a
-> UUID that is unique on a given backend.
-
-(glossary_display-name)=
-## (User) Profile/Display Name
-
-> The profile/display name of a user is a UTF-8 encoded string with
-> 1-128 characters.
diff --git a/docs/src/understand/federation/img/federation-apis-flow.png b/docs/src/understand/federation/img/federation-apis-flow.png
new file mode 100644
index 0000000000000000000000000000000000000000..faf81be98897896a7493840ef6a67b5dfaff28fc
GIT binary patch
literal 64907
zcmeGEcR1Jo|2_^swUv^UStQBKC?b1D$}BQN(+t_GVGBtb5?NUxmAz$DLS$5Cb`jZ|
z-}&hMd4G=Yb^UoA$L~6><G6l~*XyXBp5yVj-*4l*o#%Of25FvE*}ao#Cy7Mbt$IpP
zn?%}5OCoLhv11z^kxlGPz#n9e+A8v-tVWh!BoZ4*RZ&jYHD<iqMW41~MS9)C?3b}D
z_ojUm&RSH=Jk6=8--OH+TlM!Ej<3;#4rP9$^Po4pM=fGr7xwLxE-g(?$bK@Vw4<LF
zD7_`hjep<i<LSvBn|5%yI{f+R_vZm`n_|UP*mv9^vH$N6-L=%>O^W~hnVq{R9})Q9
zAKhACcB=pWq}?M|`rlV+GtvbA_ce-1!kn~0|9#D=%j#Uz|9wrwrze^m|NEjSq4-n(
z`yw8T|9|@+Z3$yz<5L{e_%BA>QMtQq$<o!;HE_hH_8#N!tUYv<>uW2`2}-*dn3)w!
zO<B)noUd7)8*4Mp)V}(&%CA4Se|Y$jMPYn=e1YWg<GQ;=IJD1yxtdo{;y$;tAzI{a
zeEh+Zl9Kzeu_op#?Cc3Ge*f7n5&bex@gnCx!Hy%1Ki5_kPN}L^K9_L0|LD=niFB&w
z6XxATPCIt(Qqb0>zH|4keP0EclO8s+j9S}C?^a--bT%FD`HR(oR6LoT#V&T%y=A4o
zR<m>NQ~g`pvy69<uJx3N8{}E14Kp>5ytC>!+EwVdo%DAsyIfvDVXpT&4GoQu+w`R=
zx1mo_%`eX|S65fRAa2Y=k7xf;lafG-x-c@5r<a#jn)YFlj?qrdXp7RQsHhf4W@cuQ
zHeXza=)Z8HYn~hHnCi4ECnLQ)``jSC?2>lnqoc;byn0zA(#tc?&ZqjCU%JHcATpAS
z^y9~mf*U_KeTw4MW1mZEvDjE&dm`f_O{!>U2qmv+N;+P*OtyI&n}`TqN4BZTGf|r_
z@2>0o&rK5_=JlRp_wJdsY0Z?g&ztn0WjB3I(P%T?s-39ew!tdp&LQo5<Hkkd2;HhD
zi3gIGO02G3OZDv7L`4<BPNYGZ*`7Un#N207i!#X4beGSCG1Jq~B(|@ePF_8hbyWB%
zg@9=p-}HQ1T3Ww_jm@9_RBEryt@|Cz&i$62jE;`B?3SUT(y|rf-bF=4r)F)<$Egu}
z&$2CDPD6uoczF0)TRNTdWY6<SXL54#C&#Z-v+Um=pOLXkLPBD7x?aF_W_ULR1x2t|
zdGN7Iu`)gfNUz;yuC%6~+ht&2@H#JVUx(Mi#Qsg2H~;+klg!G>>YA0+`>rk)n;-8g
z;}rrN9(E_6rbl>wjutuXY10@Z-oMU4O@2xEX^ZHuU%&Ko%(pU~u%)oDuwY<hj5jHD
z-?3wdrrOcVM<PGIwrt}mC@7Fc+~O)ndrBp2drHz;-0B;@ex;!f+M=CCdxwqf@ZqgG
zDQEpkOQrC(?sLD-@y(t0EO)wj^P+{tUGKH!gC|cijdf%<Ii8<PKbH|)pJ)C3L84L3
zLatV#vfISQaKp3F-g24o@$u@lh4Jq+df6roPF`|*_tMgCadB~Z^7N^kp&_%gv-9ZJ
z6w0di?`!6=Ow0EKDQ@ED=f8C2N^rK-_3J@%(V{j6v2#V9OTwQX@rN8#@DI#ZQc@Z!
z%JdvITY3_#5i5B+Je=}#L&L#{Q`JJ<gX=4kGK)(~@!H91U)tLIl9LZhN=Z?%uu#bD
zb;u0wUwT+hZ<ufE7ZS1yD}V9wWj`#;&!6uD`bDwG*LusOK7amv@zN#Vef$Qr*PZ7-
zd^j~b*~?1DqkAhaFRx`TaWVV!<D+VwQl5)@%h#8AnM5qN?Ao=9*qQeBeWe}?wSPME
zcNvFQ?I0(=osx2dkB{#KHe5wT<sOSTbyJ*-o`Ht<b5#y%^%yasjyKvmIyDRW3JQmM
zO>Vq=`BE*1f@F|y`+SnGVrpvYiL}?r->qqz@$=-#lNa^_wfaRjxwW;mcRF?X1*ORT
z98gAm4r3e>Fe)HXQc_|?D_dJ>dwn)aTSmq|Mjl}hyTN8{ZH)^EG03$vL)lq6pkmha
zapd0IQgd6IlA7Ai;ikCoAGuZvh*#viLQ||1J|@&CUrVH&H+H2fY&*%M+&fe?k~98F
zL-d!9j;0v{5fKsomMJQ#W<51F_5?e%ix*#zWJzqTsalDeov~u}@`A|K{HFD$jt;#K
zSk0X7Q05a`tgOb2@^cW=_d-K!Mp885jy_sDs{dNn=l}}~-@W}3=dVA@v+3M<hi%8k
zO7F%N1%>yL_1oC^4D-~}#v7kYj1)_geh$=y_b*ejO4C}lzj``S)Y#Zq_3VV51B;8i
z{GC3O+c8lT6Zx88x|$Ib0li;R<6q+M7BtL^H2I<E@I*<tOmt~vxp+_J$HvC?jgQBS
zto#`q<T%<{;^r9khOW26e>d~6`#mx;vOE6%%2_KNU%u>Z&o+&-coyfq%-y@-_~HIR
zTwqnMRmV=xNz|L@ktG?g<#(StnHU&$kbJSo<ju{^;*Gy*Lg;Ip=mkvpu31_RU$7l(
z&-C;4_4RBTL5uK{_F5ivdtT<fX7EJ9#Wri?{OQxDQPb;Z3f^|UHoMCfrM64*G07Kq
zy$hcf6cltPJKHXHlAlyrQ6am7lCo(*3}rCdqHxt{^WL*DVi6W@4i0a=B&vi<E?8Z;
z!f90Me$Hs4ukvocu%V&h!9#}*sXX;rn|oXkR$S~+Hd0?*&C%=laP7(2=O+(8dG>6i
z&>KtUhpZSX)=)~X)sf>e=qhlZOE2*3tGHd&l6=~6&GXvz>*Tm$>ahJ1oQSg_gZ0&=
z8AmDqgqX-Cy0Kj+M{+IOsMB@R9#}oqPSgE{-V^rcT<Bczi1f<Tjyr6tYYV-1{QUgX
zI?{1JYIO+Q<js>&z#36T<=*?BpLC-3uosh%NIdgQ^wg<S6+NXM5%=%kdhvqoxb?Ta
z3ITiQ@<YPIRRZ?x|Jz@)i*!qoT`rRIjOI&qMx$cq%!-_};388c#DemvQ#(j6)Sn6q
zii#?uRgzr_4W0Y>emhAP!LOBVB9)Y!{IfMpConX0E9oAq%mL$KXTRsq_mf`uY^>jK
zbbMdrG<IWQ!k8qRaXz!}=g)%^I^H1$=H~2@l9JWmZ)Ij?HfI{17#$sD<KWnWtuF9h
zJGr{HHdV*!!_`*oGTDQDq>0nZG@xrsKc{f>=JAAtgoo~-bT!xw`=3=?NwQ1RLsL@&
zD)wEU6WR@<7FG}tak`VMuZ)Y&r>W={JO9zdRdyA-P<qUd%V9I|?#(acHc#nqERP9{
zcNNmew*RTyyp2K@>1sdOBQ^dbcNdm)^jpp$QUyxTu6=wJh=kV;Lu&Rih~)kxKBQmc
zTkrY#`6pub?CggQ*$;l8BHi-y+q#W{fy8FD?fbY%iR*1dWgo)!OKYp|-MgFn2L`k<
z&hwKhaD75oJ~P;_@tjMqXltWG39I}5_G-k_r$IDF&Q{dd@2U&iUq3Vd(d@ndK`E*I
z$iUQd8T$^%c;7o=*AwV;tu>YEfTSylL_A7OLo>BFWkIT_3uhIw`Efi36|TwRak1Bm
zDDLxM<VUuMQ-Zc#VmHUXQ3;roRAiU0^LP&vOOT{WGgWj<P_P2IcmL^A@-*Gx+EC_!
z;>oi28G6|_Ru}D)Qc@0abCYl0zDH44SNHZD*FC_7izsNMH|`;8iv!`Wb8~C_cG2IM
z=o07P;CP`DejqS7_)b}w^pAWyN)HbYNw?`Oc>4RN$F4f459ZkQN>5>dOJ}+_#=pOf
zh>i}%4F^kEY^OYM4{JgCP~<&CG%O7b4f_^WH@k^<?~eQW`?KR3P@)u(@>2`FJ|m;X
z`uA7+f2CAQ6e5~&k()mRf1F<4bRq7Tsi|p+_Zky=_3QlnfSep51WUC^LHXJ|v;Us`
z>8*E*Q%43JYnJbHmAKK6E+PX@oH$Y9v9M>P@%deKPW-1(?!DIc`!|mX@Ao14v6;x&
z*szK2;t=~60BQ`<o?__RkN7UI*9xNFQZNYKdVgXsm6uiP^JWhAgr<yCDO%<ewtTiH
zT>oB_<BSZdpXe#&9UU9nMcRVpNbV7%;Z)z7{}n;ChgF*IX#MBUw0XAO>8%4?9^ttO
z6M8u=0iM06MARO_pEi8fmUF*gb685FP0BpEAM)y*?UH6=W2+Ot-j*I!Aen7)9T`jA
zVQ+7*_51KVa*}`~n@Do(5j&7b{cqj}Q1Z5IY^+aiJajiRDY~ipIwyzfF@16XJ1O3C
zX<DuBXs?Ra*jn1;LdvWrnh4#!d-tk`I`eFF49Xlw&e~tVUe$C2P_iB^leX_yOt$GM
zaXU2LnJ=Is)fgueXO|s&=ap%BS;d%UP6rF==gMR`J%W^P$DQdBy{RW_tE&&QA`Yp9
zam~$s@;>|4^vJ}-guJ@?J+>Wp?mv9Uaon!Q=(?NVPP*z?g#Obz<>loC>bUgD-g1Gz
z-|9k{kJui&_Ju9^GHSrNlRe`o%LgeANb0-Jjz+YMefRLjqKG#Q@L5yVAUlKWaRZLC
z<}))hG>>`by`PI%Jz8|fW<Jb|_;|@YTL4hg$Rm7MIfvfTR*HM8++N@ej;yaJ1j%n$
zC0*Gb3YeN0_2k=`M$KnfO7dHFedsye*wbSIBz>pAXzJMJOLI4I|8EO=fd-7PF99wF
z&&52v^h$3i<}?Sj+4SH?c}vUm0+cnQFWBIYr-Ej8TISPhmsj1n{C#}`v-L90pSga)
zz#v)^SfA_`Fhqv#33m2nQ9(?Fv!Pn*T*C`??XNEMi(-20A8T)Kmse9$3v<{`!N8V9
z!^p_JL%yAUA3EEVlaJ4a(O6PqVx-lbwA2+k-x$+d9hruDqmCl(v)AlbVx>HW^-aD!
z{v6IK!_%GawYEIRGG^VGcgCp9bID<94iU|JIL4v)@*A7Zy#A9)s$6Qx+6Q@f(!c#i
zG~}~+8pxxx`t`p#YFso}WCy54c8ll?Qv?nT>U0|arp0~m@#CiFnm2FWq<!$<fy1jr
zS84S#XB^LrE-fzykF{p#2{iqA9uwohv6VLRHOUv~goi&oEbP32H^9)Q@Y1VIvHi=)
zmCrdwvDe<dd&l>hPswSlovz-v)ZHnz?!q_Ugp`z&0_$Hb$>MpTK|xfHUB=qac&?$I
znhSRTL!LT&cHd)ePT85|SHmw~_?piTYTD+<+x>W_%Dt_+u8zLI^c+zmipS>~V+Fm}
zR|{LFfg?w_45zm5t1;sV9w7FvDWqTAt|dt|Ys}TdV}wyfH)!t8eII%Ix!-O5V_wU%
zA9FGvKYol<n+^(0okihSRMdR|1RoSWM5CDW@+Hq&WUu>n(#HCVz^zxR?1TBcH{Z(6
zp1k_q&N+(b9JL*Hg9av;`HAijavIJT7(mr%%D4^$q-Ply`{&#BZXyB7_YDp{OkBsT
z)|k5<94WB4xEPrKb>9(IR#x3?lhS`XvXG*^TJjF%Q{}mij?PrKOE1}nB9RqLgrql(
zcOO04N9sd2Ow~!*b3W7HaL@3<;U}UtOtW)yjwM;HpZ7~R`^Lwcg*h$H{yHRG=KP0=
znwr|7I{@tp+xO6<-g{SaW~NP9{m}dEgLRdaa-MwUQo0ij&rSq}htrQm#-R(Fe|>p|
zLDZVz$GhuyJr*W{>Vq9hhn1#8Z7C_kS>m{X*QZK&P2QhBe}1&9@EEBNbGF!xzFP&a
z1oI{6{rg8M8yoikh&1FhYRIf{)Y3dv_kVk}X`dylTg_LEAeZl#H)1Xr8uB(+#(5Qb
z#yJGXy>GHV8$9#P@leDm2d`2@hT7#Tmo5z!nV961u?2Tn;>yE@g0r7Kdq!X6i6knr
zr%(cPeu5j#GR-1!c`a$NjNDk6|MRWP%cE?Flaq7PEwQjzBjB=K=gJc%PDlVgd(t={
z4r@S0+`v>IS$;n`IXO+!;&Sj@cu>%75D8^t^<!}n5%CZAa*w;|oU=9kbUUGAMW=UC
zBUyj4^6qwvzkQWUS#eLE1irakpMU{w$IhKq*ovw3H4jB4C9`j@%^0NIkAs#FyxPd3
zo2nU~lo6L*(vyLY4GO0#U**+)Rm`@-b$*-?uwM5^wmG#*)KKs-(~-*niUe_iafS*=
z`0CZGL<c9D>1(t1)xzGZQ*|uB_P6*A^DcgTaJav~p^*F2T=X+v-z^-64+k{?Y(-Bl
zf4BH@|DeKN%xa`>ITqVXN=wOP)sHeUGr#}(^{xKzovHI~Uz(e5=jP@X*vbujyYg6%
zsC=4HFJE5CI<~i-+j}3KOh6n`Wj1F-$$l06N}cGImp?uHm}6oxmB^N9nC~AMNi)$^
zc(?wsfW@bW+{FEEk*fd=LdD2PPP*2du$3Sp-rdDylf921&3Xm5Z{N-$<^HZ>&UeG^
zwZ}O|X6DVZVS`3y9^dJl%Ke1wdL)52mAdq1h8vm-9j{`p?i+1RB%pnK{X<^MwPVMQ
zMdk4a^#m<xb*!wVNe|8R|M?S&amozk;#-N^vHt#k@IYapdCWn6h<UHN#(s2h(v}=9
zaToHs4p4muwcvecCo?xU_u{XVIEPmQ6BAj-3-{b_b9`mhk=5_Z2Glj$lDrGEW9Uhz
z-xpEd#lYj_w9n~SXku|Slhx?DN<HWSyXuf1e^-|r?S-G&b{EO%>E$c_UMZBJj5}mP
zUo#?h<oC(>@fCiqhzt540ag|!Rq7w{PXTj(elBsMu2&HQh4r`B@%js=6%|dl6AVhK
ztf;7H{{Y@BNXmBSgSAIBD4$g=EpMt9GSX2q13xP6-@ku#uEX@&*O#FMt61MS-7@nv
zO!-sOL#Lx2ScB{UT;J!BLz|cXIfcivRAz2%+r!BFet#}sv9LHaZ(xYfQohHamHKDs
zm>8mp*=KcX`<2g6ZUc+4iHkEzxzAQ$HmosBET_ek-Y+EMKFihN^rk#(aXr1hGv5x#
z5~KcBB)+1Gih_#Db`i_gTc8bAS63Zoy^V4$qn@ZEN2_xz>WFq{?`F?AJct;7feF4*
zm=)cuF)MRtkm4O8i&ht>PHAY=;jcA@MYsD)yBRenf*y5@9OUOelXk*h%Om@;UTc9?
zi*%j1R!2^6xsR!*wXLnmIJpuDY@QsLyCiLHCQ)my#&;$;=1Mnzx1!vtf5_G2prVTM
z{=LDgfu$`0{}33i5hE5qy?6<;gpOJTSJ=Vx4_3~#fvl)GaNy66Tpcye^s4G=MbA}G
zku3F~Vg$l6_c1evU@bC?obimBI=AQfRrA4G=l&t56C?%(hQM&g(@DcF&ocT)E_Y-Z
zD@n_oJb99!V6sd~dD=(NvI?BW9u<W3dr%Ipulwu)4(cDce}8Xsr{fT9z|I@a&gWMi
zZ=kGJHZ@U_Uf=wsO~BLZ*RP*aSFgsag%BS`cDd3wNAEAXF8=+g_Obc_d&H?PuPz*$
zTEh6a(^wf%UX#PU@Tc>Li3WhfweN2($A9AC8s_poU~X={_rQTzi{}{3g7UY3t$X1%
zGwheHU?P3ECn~95?8srpF_{`*hU&WDx(i0a$Bs3Zdbn_Ka+;$CVfrGNQBWi(rZ%6S
zozVC*1y-^(fFM_SG!vCWG4)fhjn(TSim2%6A6t};OD*4Ya*Em(N=ZSX%XCi~@Eri8
z{_PP1EyVBO;H4@1d2%t^-m*|Mu#w`@eh$(Rjo8mZWse^{dekzwRc2%L7;wA8!x<p0
zAqJfcG~E6Hv<sdydk^i{1oAFqZT@UwLOTkv9Z5|!fw-~K!j`XJg^=i5wr(9NwCOGL
zsyT2HbV2pv)BrIZCOhHxAYyhWcYv4+0uwL*I!7&g?DubZWZ<ttqxp}gbQw>+;F$f>
zsTcF=@WF#*h#^fTnF+kZw?fC1MbFVM@o}YL-;E1y$dyQy2}()RWp|9r93Ag1XT|(b
z?`T*<ZsV}BI+Wkl+iU7sa^t6bGDnz^kr4}~wfkdb4Gj%HhlaM2#2f|##Xg4Q=exvv
z<ZydWIIMgwEGi<pNB@kFMQvYqu}l99>WT&Wb-$yX-K6<5^#PrJV^y9oN9_kWCUgMz
z*cKgk8<btONSEC#Vz0jp?Zbv`!<e*1v%o3}wDInep{Id?J2@gwy>|X%@a|gkCNQpI
zUdzWpm^P>B96>W81HO=VbrmBP1hYaS*0Dbii(S*4s6tGmi;J$UnTGTT*DqhczAtnf
zd1$-A+qjlqRa2wn$+B;sKdbj5*>0xe73lT^Z;nw6+xhGn^CN!4Z6sn81SbfX?Tec^
zgy|maE<wP_%gf)`SobP%o!aE|yOp5yEL&4=BQ6w`mHTIZePxjGmfW;yQ}vteyP13u
z{sTkxk4bOJ1_4HC@z*+xL=SD9c*&JA7g9=kNni484ABi)NpEaNGIZ0ZV`5^6x38|L
z0d=Pvb4El0RQi@JTP_ZMh#=ik3fcFw;`U~OMn>5Tz{vWuI*0~IwHc#Yh{MpQgGBZ7
zn6ED1SP#L>7Z1>us+WC0SXdZsl&>*xd~h)7_`!g*G;Un=LC)RF3zOl<<x|Pp1%-uX
zUtY*5$t?L1EGX8i|FNkz*?lL&8`rLJ85tW-p-B+Jhq_=<VPQPzk+@`&C9RlK{UdQc
zwYN8KCkiUaTKs2YW20|ikbn+wttBZ)Y~p!HNXQf2ry%hUNV)q?57iIge=)~l^|BRR
z^&M+7O)}_@+np!6xH(k`c9>)6iI7EgXBXKEP^+Wunat~}Ga8pJUFrj?qKKjK%WE@*
z(ci!Okp_sy9hMzgp&|4F!za)70xrC^sM|Buew|bpw*SIj%*R3p%WS((N_wv{fY=9I
zsKjT38h-6QXL;PJodR{L09-N=R_W(>2{s4|YA!%fa3~kqUz|Q@XbmX;Z}8^i<Xmfi
z#R$HU{K%0bs~G6j$WMc6g%adhb>Y+V!b0(Pxw#SO-jGRtB1dmv#PHaAI$0YeSv>f_
z8!j$QPMq$jJ~dka{9bO^wrwYA3rRkdNn~g4pQ(X5KjF)t0y{_M?XcnEd4_K;sm6}!
zrD-eSh4gW8(q2XS^Tih{H`!kRrgfBxy?2kIvY~;$V;bzWuc^<PNUtym|1U|Zkw*F9
zfq{EFJpT6G)&z~@Ic8e!?L|<gYC~}{J|=>~!k?VHzy-#Ghwq>H^))49_JH%~7rCx0
zK$A;ZhOO=+3*H@RIx2!EPBhJ|ojr4g4y^v8u{_|ReFQTxvYT1-b8Zj8jskJTI$?3C
z&}0sS-ops93r+aL0>hazXZ)b@41Uu%bt>>he0+q3mxe~urrrQlPkPt=;7J3=Vn9Rn
zP6GfPKE?4sGCcmm+bi;*sl)#4EIJF7DOLBZGpmfZt^wwtrA^_+oRQ>!MvV(G^&981
zO^gdX7P2su@1>zRgs2-XioJXHuHenlFOo8ys;a7YFr2rDf_b9Fz$c-1{ldaTx1)70
z>apjT<@M{_#1^_8Z~+@w<5a#fQM{>1#}+;3VHWF>4Ad`>r3yxqU*Z++<mA}LIss~)
z3)b4IbvX7D-C<jTSH12w{{)Kc3rw?DyY_C8yY}N<T7f6#VDU#jpTxO;>BlkGIQC>2
zOURu*&D$}JJn{n|Wa-Rc0!g~Ci~gwYF9Uv^m-lV}i*E`K2@F)D?3q?qROGShE)pS<
zn(^3`7bvdSt~+^oqCC2(B+x{l`2$PEXo;W!7FPlhd(q5{46sT!<NR*iTP;>M$~Ka}
zac!TXg2HChi5m0)Gdnv<psa5{eh|G86|Tyzd~MsYV{aw%J6c<-!FC8@02dPzlRbTU
z7jz)-pE^Z{v&?IPp$-$oACV&Z`ufDL!8YDS?ISctjGHV2wS|R+2Ze>HLAUvWKSdIl
zSy>VCOyB&UPEb#-@!^Gn!3L9EJ(H-Z7qOE_JBPAknZHLz`#`{sf|%js=Z{ZJ+>C)8
z0D3F1hyvbvSIp?;DqnJ7kbMNPis_Ni(w3K(3I4D)oHZPnl)%EW?MeS&AW+Lr85tRS
zFDWT0jG+5b1(kGlX_<~+yKf=0|K!aI+~yZTre$K1*VCiNpev7i3AvFc)9~*4*S}3N
z8!zm7%LoDv%Z-WPZhNMo1z07bUWKVTwjP#}GG>Wvtg6~nTU+bq%}FaWGTjq6ZKw?$
zOf%Q=oO+yem0Jk^f4u<vwY0SQ3+@#*cXZT&xF9%GQ0MWuLACrd;n+U{FMxZ9&&&*M
zZEa=g#56t$$PWo}lnkvMPbM@ROrJFm4xj!z+I&b%Tzu$4fO05PP<Y5m#?#=B?Wg*c
zRzYa?&s~EM2bqnxyS5X9BO&Gj1;`>y09>~#C@2uKh|k6fE8t7!P39Z+JeFNt*W(<{
zs-0}7zXX105iHoxKYw-u7^A=@KoHP>ca5s5s!Hu9ivmIi>P1yW1?h7AqlOvLHFQ|a
z`?T)D{HSE^s$1fHm2Vyah5yN~tgOs+Yy>ss^d(`kWd}Dmw}WD041{uw7H9@i;b{Gb
z53=}k-%+DLG&QmhY6&&f)u|apHSGNSyHTlK=YG=x78BURg5_+2KtnJcub_GL4hU<9
z*xBW;`#Z|*y^qP2AkSpJkS;_XO&d_5!*#5FQy?4=(!4dQ3ZtD5AR6@bT_jyNc9xfu
z=Ju=Dix~2+VPIJ_@Gf01+jfVIn2m@JBfUT-sdKjI$w>=6MHxqlPkRSOucEqo3&@0k
zmoGU<70`b$+{Bf}Dk>%&h<WHoxF)1`E&UlJCb5BV8O=QF3pdBwcSFRye~N<`jQ1Rn
z41@$v`Vc*92BUywmQ(X9qe5!b+#2L)O^`0Y<`ney^ujBO=@CuNYZ$FCD{HarlZP0K
zb|dC7&j&=p+4w^m1o`N%UukbYDJsq~PCdGcrCxr8*VowRxz^9*UqulE%b|Z;>YR<W
z^=rUI>ZhgijyLdxwhX<R5zKFLa&n_>8IPH)l#+^2m0y5Ba|JLi8w2M|T;3Bwv#P7<
zj8s%!<o{X5K<Q`5;TIsz^z&{1N&Y~kY)6mo!HfVw+W+m_V~|su-(J-~yrdTwDLsgY
zxDCovjwh<>!-pNVwzf}BI;FQ{b}5>k)YH@JD)VBtYJXLU#yB<jk%nNqp)RA;Kr7sa
zVRbinBmD~((u#|4i%)X`{!jZ#<eR<!k1yr_GfPj)13pP;^RO-`0?%I(zMwi09H@3*
zm&Xr*{_54Mzo@Ed#V32W)M_NO+@6}5u~_Bc+0TG7N<8q>u|^|^ZHK%)ee}bJzJLGT
zDDhg!D+u9a7Xg!@07BFZitj}FL$!Nxiplf?S3jEL)ujwFr}qsU(fW1n!PMJtG{KCF
zj5~JkR)TUyv@n!-;32w^qk*S(gU-7F-AdAZb_Xizwa&cEq72>NT(wOEDTOj8c<k6+
zNZ~~p%8E)45nbSjx{923AvNyB9rpc$3k>?x^q_80RrjP<*kYQv1>(5o!bQ}4429e9
zNv+wYtnTjaH5VkQ(t=`R4_MpSL_B)r|5(6u6A2!IjA4VQqtlDm(LkY!K<-dbxU0}j
z?bUGn`0*Fn+2K3sc>0h(=984QP5m|VxTWg(s~?FKdM>T9$~SM9j!Plomg@SCMhBLW
z0FSnj5ZML|BHUhsQ*Qx@EVIa|q6jsZ?BXgPxwQ{<l&!VTBNk$DGdTvX<{Y6NDlcJX
zWTbOxR-D~>KfJU;=zMV8Y79n>^g>QWUFyLO(SfT|7AujdH!W7)4hnkX9S$?fgh<6d
ziHOkZQlf6ASLA7kW{EvkPAB8GI`||=F*%Z8R%@FcR1lY3i%T}cC3mX{dpq1X`oEs8
z|6eqM@onuX^V&sEPY;Dk){~!&jdb+rQJ{r4OjgQ@Nz&`<>o@G}E1~kW8q<N53(m;k
zExP$DVZzc=6z(eGcfhH{@0OMMF?8`8ysN;TsNIw)9NH5Ytd>5pb1%{6*|@lNL_|cK
zI&(%TSuLt>U|=(FyptZk9%|vYd^=V+pzJY;B_$<QeEPH#?;;EIebLr7Yl4TmS?>yP
zr2gxRa$y~4i-dqG(t64XU4WPlJUu-HF<zMq5JI7t>t8lvL`6{~8aZx-;8rl^1$+4@
z&N@M7*@QM5HQ<C#{~Rl2xLZWKdue7w2uO_Y!kaCq>AdZ4zMC9QXv#$YbcO$iB&(xC
zbLGkvFfX-WYvH|0_RRNMndgU;aX%);D9P(>>8alpz6sHPx{K)n&(VqqcKuamrah!=
zj5U-H=kGwfF3Lz9gtE>c;mikR5d13fspzl+;E%q&y-Ep>j~|vUK`n~scNPzom*4O9
z%#7AiAz@)2hYQp}gOOvAkY0C(u1d_5Lz0VJIP^Fof(($KB#T6Uss8j1Oa$>jpQGKy
zC)Cx||AOBGbxMnit$~yq3}{H-xgIn+HUvKtp$)hJ@P!z)r_^f5?bYQ;5%ajuTRWDJ
zrx!9XxsA%J6R1+ibMeN9OTv<_e@O=q9)v4_XV3nVTa1mnS;p!IhA@8%nN@8;64P7y
zDA@=I_h{K)l-CN4mG%nWx@(^-03YH;nLzuOf%52>{ov@r`|Q}Wr}pl4%8S<4_i#<`
zdwW^6(|+6i1d<l?S@#6mu7J%7{Mq{#a(7>(r3FC&VMh}@ayDk~=5E+jUR!?`<}-M=
zgNQY}sBdIsJ4R3SXQI2oWtx8v3kw6+x%*0EOb{kK3kZ|<)smI6R){GbSc<^S0JMLn
zr>ijBAB<8%pSz96e*!SRe)mohaR)O8r4ZLTFb0>-ONx^&6ZgO)^aDW<;f}ioQMm`&
zCMCi9c4V^>=B(6(dx2{07;nM}vr5Nh0&?`%gb;oA+xPGBm<H9P3V{i8fWyJQB*4>y
zT;SJbL=q9!G{T<;Y5*huHVFHQFi+$-jh*)m2q08-+!67d^z)g)1WgS>m~;!Iv;`y!
za}6bUx>#85LEa`BJf6BZ^w<>K!e-J1`}F`;?_1^NGSc3wfgs5C69_@dLzMU@fVn(p
zq#0J{_3PJr!wJV0_yckv_gk0<<8e<=AU2WuU_b$*b;P!-fDB{<P=$J|BqQ>{Ep`TT
z9-E-xUhrA(!P+###zS~I@H^M_RdFz=zM%ODx|i5W40ScNwz9G$f?crgDxktJR*jqK
z>+8FPp{oyx0s94iPq|O{WckJcotNrb%f)hvHN4p-T!4+p|8IFV%*3xzZp=SF5lS`4
z<+=5WRTvJTaBwihlmzkWvwh}1U1fX>0xJOjz6dLC0sIY^oWQ8eNLsW&+pwP>zd))0
z3qmG4p7!LygF6I!@FC(5QJn5>+b!rkt`CLxfNalH5%_&2%j{2ZmhAx*QiW1sW@#Br
zbx3*8qfXP^{Ul6xcfe>Jl9oPzu2tttPD4y3QQ>BQ_s{@1pnX$f>c7Vzv<VInSO6<P
zo@qh0glmwP>Ud|b-U*bJ0f&>EHx38QjbAN?G0wlQt>tWTErdlBHElbvqvCu2-DD)#
zi0JR!A%^d}U?OrpgNsf?WGUGSeA>Egn>mO~IKC9IRzf#NHKzjpbg@V{Q$Pf$jy$44
z&`i*w6ENHG<h%K-FI^?c-nb!nNthAwO@S$ws8o-S8p{_t3<*NL!0_U^%q$nTwN6tv
z5s?W-r~;NU?x#Csf6)(P>n}p}6%-P>ou5w>o7ad|7D-plA+MUcx<q6<$mfHE!v&dX
z-BZGdtMG+wDBrgG{(}eXqT{5#&rgqG%$CQpl1PrjpXD$c3PMITDyLP0Kktbk8A6lB
zu9RD?+peqNcA3`-I}guJSe4|#Bme#TQvocRQK7?D1%HZ4EF6)t54m-=!EM$gG~9q-
z4<%|TD6P~BZ#m&_Y=&DCGTTq^XZ~zE^h;cYKs@M52cXC4Wf|Q@lEBC+1TTiZp`it&
zOUxQ1lCPhi86@9RYHIQzb^gx(F$C|pFP)+gE){l&Ciw8%XoxVGh9cGzF<brp`?mtA
zNwCW(oCV-&!PS%A)UrH70t1t5B@tncsc}2_j@i-X&9J8aU0A3~KK=ONe7?tmEsSav
zb#*E%Z~4$M3A+z~*+Zs);FHedfk;X-4C=7djPRk?!puR)P6Q(dCe{pgXt&r7biR0v
zIBBt)qkExp1ftvhL={8@gg_gRoh?8tMZCgxsP2>~h!V<SEJ0A}a$x76pkNf<f{sbp
zFi{Hw<nC^Rt7tdjPi0|Y0c9e`BJEjFvG6o7xEH3y9B|h5pI<=%q1b;?w}f8+rGQz~
z`qtB@jNXesx1*AA)=>&?jUv0WMw*zMBs@NNBB2m1)p7_32uz($eEgW6^Gvia{5-OI
zw-A=xZ@E_VG0&g>{Pimc>-oN;gWj&EL@Qly-gP%^W+_j;%cKdRDI&2IAvC~M=nvUt
z#LX7vCmgzOC7=Up0r5L<usfY75cmEVB|)YH0LXrh5vMt%d`}i3*EcZ{h8!SL>+^yX
zXM#Wgl+}%ODHyM)4jc$eP31!TSN!;4V06Tz<lWo1^;&23^%>Ao$e~A~_nczcSM~L)
z&gcEK$)#K_Ys*eC5-xjC=M<g_UnWw)`um&1O#?rQoOt2D4hFYOY&G&-0TThKt+RwM
z%PA^u0U=D32f|oJSm7cfsDNhvqGzDMDWpADH5Hvl_JMQROd_nPY`jY^7kN{Wad2O4
z=jG)^umq~sLe{B*6U@xaZ1hKNhT6)H*Jhgm>O!FR2A1E0(~${Eoo`$mD`JRiJ@^Mm
zaMYMX=z}Q0{s69oYnR9+A|Qank)e0Q9fyewB^>LBm>T~pShO4Hb6{;=o^pzla5)O?
z=YQ1Z<jb(V!4z2eyDdX2UVbYA-xVAL;urEnKvWdntyi*TuvUXGtb&IPbOq5`U_aOj
z@KWNlaR4qRdAP>1$YKIpEzsS}!)4fboy8?2ED+ONre%`nvrTrV>F&h5`p%|vAMQq%
z>68zo>{R1oQPM>;y8`Dw(fa4*E`NZ?Zvnv3Pv4B<Xn|$ypMhGyBIC`nFxeXb`5C6{
zd*CQM7rI>l0XE&IYeFrffW6!L$2)T1hegN(gr@a5PKFf`l2T9(p@dCLOyBz2r%S@)
z-*Pr1>8a`#Q6gx7MYiFUpb6rUEDXYzb|Az3kp7!VSjN{^8kmH7&<+#ep#0}B^~^Rc
zKY;m#;pENK#f%&%cQZsyA^0~m{LS~BBpOko2|HbKxgHqjy8!{)vCQ`U)#TvH&7cLt
z+^YmQDQNvokkI|Ge@FXhWEGX*ezcp)@%P`BWmI^FD9(5;B&f~aD}PRqh=BhBmrab6
z$3Cphdo<WRz<<`=MReP?ZM*;RQh)eI(oViaLOUx$&{TuZt{z#cNg_OcRerlr3T1IM
zH3IbjD~l+ggp7jV*bXyf=dr7e)u;wSPQP_?R>!A`QvaMQg!*z3>q8=8tWb|WPF`7A
zDgGmobYpq;x>3OmGB9NF7-C!g-1QUphpZ5?QUbmayqBOwEd`-IVI~lB9%lfMe>&-*
zp=cVGl*Hk=v9{1ZgN|v@UmYZFE7W*E;BBNv)=6|a-7F(U0Js`-XRWta&LDGX3ro2`
z;~yrr3wug9{qaO_Q+-B9tb#&9-Xl`Yu3YiQR=xlBP2cGJ6Hz<3%U(mfKwH^y=N8^B
z9=)I8*cFOfuOxzier^{Oh#`Q}-9M>@K0#8B57YzrS|Ik&9jb5_QSE0=pMH;}AdH6t
z(5FfF2k0ADKY0B9P)@t)!fpw-$5$}Izq9^M4F<Uiy0|^Okf86q%_M!+C1Et!gz=el
zq5P#ZhI7~%-Xj+N!l^fvM~@)O3G>VJaBvVtW!}!r{EQ_uAB!RhA3Qid`eG|+9>;CF
z7+_nigwLYdH(~Y3t&Q^h6qr+8OQt(u{XB<Wr#t;7JRT%x5TUGYXQ&Y<1Yz&Gwk$#*
z!qL%dpb3ILDw5RlbLe#a6QB`r&sh>&DlDh=(}Su6p#<r6^L@IyX{NztV5|=y7SSVW
z-atvxMCuch0s-|qGT|v{$!^EUhq79_c-V!o*A&<v;yfD@h*At8rV7=agtH8X)=yH9
zKybmeEPxmw{J+(;wVOzAvpDY0SLvDI%(rK->n_?#A{g?MC*VS^f~WQ&b?~%nMtnRO
zPFO&{3$j1IzJWsND5a;UD@j|Y`7qyQeQm)MwFq5HtZs`Qa<3No!WQ|lufHF{@Mh8n
zA&xV0m$|f8sdv*#bCT_iyc(R70==8`X2M+Sp_GY_ng<;Tr1T-_M;m<`p!AK#xU)k7
z0#w2j<;=q5?Bk{vG}fa*Ttf|FkO?YdFDfd+8G*EKwOugKppp|d;N;2t?*o^er-e+=
z%qh`5h)zMO79B`=M}Pa3{imU+uVA;qa|Q+l$*HOBoSmJ0*j@_A3S`#R)%EZ}(Ddc>
zJhxEz_REF74?OR;!j`IYc^^g)9zstg$^M6LCwX~!;pD|nz)&^v8cc#_u*(Y`Kkkce
zLG(Z1eV)+77wN!%+#-Fnb*BiaFN{?t3<=C8DaisoozN~xY@D3R)-g&dDu?*^D2VY5
zi1@}>J3pqFN)WQL?F{78UbJ}=(-RF#yQ!afeNUm_;??*~-Te4qz7TEXg9juM7}#pC
z;Zctm!TPgD5Cb$OCAUYs<?S;(hh$KVsz6CLzqx#Rab;zInA#l%Pes_)X&yEKEnU&l
zLJbBANVXa<sX0Z16&?-M5-CIJ?{~~g&Zw&^0_RTsZsSFdsYKgDrF#!hJ@YDqM@TcL
z@m{{7X;xRQ=0j5#=nt@&gtrKTU?)7?B;DXRx2TB63Dq1*N<k--Y_f+r!6)>3(Iqz+
z=z>o(rA*UJzd3Rmjt}tip%|Qpesqcp0CZNx`K$-wzAnNO*556HMck@6J8y0>9paV_
z-{7|^tD-k3lte5$^Z0MQ%AthVeyA*VZPO3LG~zf165{MwhsJ8nahdM|7nj6#0j2pR
zCgL~?<evVM09`k3+^7J9Ut=gc_;x5cDM=P{lWcqTUJ$kbHd{$ZEZNmuy}euDxIZ&~
zI0>k@yU33iJ&qlt@%Q(Kgi?oDxVlG3ww?bL$~w_vF^Kc58}LPbB*uzs*RBmR1Uv{-
z+rE^$0f>QrbJYj}M4;k*`}U1ZRP=n>!drDtox*!1gx(IHg(9FfF_N$TeNU-Yp0sH%
z^R<s3KlWQ;eLxa&qSvsu58$d{v!(j<SRniOSzG7esd-cjf;su!kxj{Fm3ohmSj&F^
z?gUQFBP<Z-l^{|GTRT+nprH@kwT5m|WPQjl@y2J8FX5t<Gjd*Ebt7s1CRbB5J?h4X
z6M0N1Fb~b+;7eE>nD^OOJ7Sy2AaRcSkU)AhhnoOH%_4WWRPcL|53KaG9>G6MqIA@6
zei|^&G{_}gnyc-~wR$XOo3t9T3=?^^&EUWh?@vN|wSKY3HI%(peG?eCgWx!c+6iTy
zaH!v75>YcUX`N4qG2afXGZ7e>_F=#QXV<=MyXoM7<0;z!il$JT?IoV7&#T&)EHCE-
zBru7KixajSVrWE+Y85*Z%6xGCk$QnEOWEac>J#t}!$PKR7!DvF7ZI82tK3ZR9W^yu
z;W{L}p?1&8$|BAU0n+*3x<!It>iv%&OvG4*`UzOf{irS1N{;~lq=&XwkDWMChod%R
zm%QBeZ6O1|Q9*;iu55w@5Y9d`G?7!MPtzRP$CWxE+y2=bvj!%%N`j?8IWX@kuqSNl
zkQ9hpA@BssMhymJAxJ+2R!1iR1UNweQm`IJdXq?0Ufm#k@8Z=}xKR@mlP_PsR3Mp&
zVSt#KdwP1n)7=)UAA!=Ac-%XI=klPkw^c2KBiJUnCB2qu0S45@bknrALLniR1c+G^
z12HV#EExYPp}q*-=#wSPBp`fbm6f;Q5*|<HL_d3W2osm^Q+4(8JxFGVJ_K*LMUEi9
z2-E}jc;M!1^>s~!ps9HDvhIOl;5tlxD`v_WO_~t-Q1l5(4yU>La69@1H{usvETD}B
zhJ`81%Wr~d{C2d6Rj^DTRrBM9mKN=MO1Oz*gpCy)i#RBQ@kSPIshWd!g#8UwbpX7Y
zw%RK?UFCVhq#@lP)#;=zJWNGHvl;C6JIl76aII9rB171UpyghK_ll^=adD<)b%w3;
z>0RidRLsn~P=<izWudjg{<QhNNUa^R6O6h)bftI{060@6&>TT^1whd41G6;RnnvRe
zB4f~kEg{<wR0JFy#3TnS!2%n;zb?-?CU<o@9AqOA#?Ok6AIVWml$Di1WGX|(4Cyj?
zSPa<ZPsthvwXYv^2*y;aEw}JubIiP;F~#ireZ{6)LBI9kSORXStK5eba0)AD7SUNU
zJ7+<uB*J|B+TMKvCKL!cLIDM|xpVtA8I**>qGC9!`g3^LA63c%p9pD;u1=Tqrsy2J
zXY|-e7DFJMJw)XLhJhb!JL)u?=eto|m2i>>ryX{lIn%&mnlSWH37sxyWas@hk0~H5
zVw5c|mH@5$1-O^+>%jg*pwy6k{Ck<02=XydF7rjvW?8Hza31IUqnj=+byzjCt5*Xc
zn)e~5{?5+&hK21R=7EX|S)9ZQIW|Q|{Fo5AhF$yv%Q((NA1BD|i#9f)gmo5s2hu5h
zQ7Mn$SaG(JIAwz)E$m49I{KPBpFV`*&R=T8?UCCn2>qHkb%m#ux15CJM(}r-v2ps6
z&~!)_Lf;@N2Cy;&^9!#d!D%K7<vQs6&nYQfD?vtrFL`~fnSB<@JYd#c=qWfq9E1XE
z0U^~~-KMKR$bDfV6!R*9$07Rw^xxI~{(Zm(G!Ai`^|)p04jio{)F47T`i~70)9F?e
z8mQh}gu5Kpp@V{gn&YKs6-~>qCFXDd5TF*xuouoPLj0CeCHQ5+!-Ww*Ki85Df-U#_
zC!O4TU8&TO(I@PVHtt};y#Yhw=OU7X;8&sK+Asb!10W~nk*#5A=ZKIeg#Z7crq8A8
zR^rrOwbw}r2^@md823sA-}^tr4bdpjcF7SH5S2C}!)^zb*<v&xxEq2lg}EjX5EUnF
zmEvt(w%r09K&Sot^MAbnRp9@xHpWz9C3CQZ7zH<D#wN}n1tavq8?fTosy$c@oF}_T
z9N*Q?1_mOm2$7MIV(Qfb<*RovLn^RG^o7f;%X)fBBJ#Gs7$u6ms;_yOoEM-lyk=d^
z9V1wLh7-0daLE!xRd9CwCE;0|xdmWQ1Q!XmALmbkU>K7F6oO3#XY6p8%_b+5UcvOJ
z$;jcmBT<8cAM1%U{rs5%K-C{i0DvH{DskZMA-|z$-JiR&Ljz7G!mcLd7d>*{{pYXc
z>Tnzo95`{R7sE6T?)HPod;;g(e`FD^JbKm3hn=3k4Iv}@@cY1i7=REw?*Xwen(G-H
z1^c~s?=38b1>xVMq$JKkp`@y-Qvez^)-qCQ2{A&i0KrFO8sT1KVqzkET_7-!X*+R9
zUvy7U;2SfKs6e$4Ov-&2!U&rfEK6{bhJofMd>?2e+bZVS(^%^?IY<@Yx?Y3YB-}F~
zXd0c`bujo4qZ%PrgT$*Qdxul5&9JOuSkh)GhQlDZ5k?4HW*yoC;ZY>C8>90W_P%v?
z&g6-+Cm6jhRZ~o^+*s?~Ac!#iH<!pE&=5Wy6efaiK6~~o>6;119KK0`M3R=4{yR0r
zeWMh6Vusp59D%?|+ud?|;VJm;S;uyWJ)!C=-0mPv;8OlO+`!Cn<VYg&M!a?va^7X@
zZ0hEYMzm%$8NM4*Smo!7dQriO*k4#`e`jsOmjzT-RmpdsV`E?bO<Y?qbsqgM#{q`_
z`@RX{6@*{yw08v|90>xa&^JjYV~1~#JcNk3$|pYU$P@Xo)rf|jha5s~0P%2SeyCc%
zfxx_PLQoL-zhf9R#>c6=$gpnsnt+!tEwfaAy@$|SB;@^wWl0=pI5XNxUh(klskei#
z*YNmZ4h|C6)5Qzp<TcQ&$VeDX^}3X3n(1Y|ZR)d~c%%u5ni&#xntl#DsSjxWpESD#
zGU<ClCfx_q|BFlgDZ}@m0MK5&jn5>!Aw=85Y)fdv8XDPRE^>--7jQdJ2m)}HhfuBw
z3xnapMvlwKPZ8r4);bwRMf<%ol1dbMhVL4aYpWl&z8a2hdzG&1H_xMG5X$g_hi6E%
zRae0({Q;MDW<qK^Uj&aT2fI8DB8r#Gtj2U6|EkJy_OG{8_=xKKNvq7sA4lfjAF+yC
zyOUe*-hX3lORS`k3~T82jwTdZC1vGL7X`U|)>q%;4h>Y@uA}Q{Qn~Bnvq>WsS8ZJG
zZHx|jo}jagWo*<rBe_$yhlYfFML99=F(B{zsP#%;NW`{FAAG|bXKoFSthkEEkg=;1
z{mbN%g$3TjM~Me`Ph`gxQgcb)01oyG2;k-638wtG?SKVD1RkvfU(g^azybQjF)5om
zH2OYP%*`|p;Ps3J-qP+yGPjSsPb~5twtNwog08{Lp$by;ox@?$U)P_@<fQNK=V(Z8
z0>+Lw>}2KJjPF#zPlfrG;Q#!M#HajX$AA9%|2+6_9sb`I<RXqUBw<wziYfm6`c<$j
zm27NOOpNs(YVE*~ka|ZEGU6A1Q>nN%eK>|{(F(r(Pfw{KJeps?=5we@IFD<hvjbU4
zG{lJO0HX~{8|GPSf!lAx_kQr>U_K~rU48v09BB~aP6CH5<w6#Gn4O)yv;xF$1^=Rh
zqvKbAHaaFI9@XIR@Q%Tck!^TGfW<Qy+uH%Dh*3fH!Lw)2aJ7%dM*eN}t&%|Ea;X^^
z(@>i&K|3-Dnft;wl?wOtSfqw@GY~0pGkdmD;z3k%D=^PLax4OXwrCF=ux*ya7lCvX
z*bm@nxZu*#QW~0SG>ozw*D-AbBhc~sT=SZpQX8u?#EEqAzS)_XV?MiyC8_x8Pki`;
zn3z|XAU@&5<b!wi1In<4pMv`H;Q90C0M989P(OCHgMwuYRTdW$ONDJ}U(;JO4E$Tf
zs$Km-E6({Cm$+&{|KKq$dbf_F+0P~2w9(nm<9-~y<B88ANxmG<G$xT&b>ijyKAVF7
z=i=Z{gq`8R#P%@Cs@m7D1q%xbE?I?r`J(w8Uz-5fC&+q?fg(64NDF6nZo(wv=HW4h
znih@2nLvrFdwDkz@7woL?!^u^4PMi-5(q4*IJli;$%~xCMz{PK>+5@guWdQrNn|L_
z0)6Q0lxT1UbS^9|wgP~3AIr=ioSYN@gE!9q@9l0K*^w`~`NP*Dm&v10;hsx-89cx`
zXF+mP)y6UATrAMmty{T|9z6@OLcKX3Eo(U74dG%xi7!qmZ0PPb1|DrA7|4eYlfY&^
zhi&}9JFgYz{W9K0oRO*kSrIpVu3iGMe%Znz5qu99MEH)5J;dF}npE#mBDooW-xYyo
z<>v0rBP^_qFWmToIq)2y6$ThpJe}#-m3ti50TQ^EF`J&po3!H3OUIeoa6Z7%5L|pN
zKvqMXj46gf9)owO(5jMs*2YYU9oomI{{nhW#;FMQXc*LjX}Q@|nV=;phabp<&(ab_
zYTRH8aXFGs)+m`De<<}$<(a+Trm78$m1#sC>x}P?&_aOaLR*OvFzxv<M0$#X`G3|j
ztfH&=-xVt2ZAcERx7kUg!fQC=)qeC}Iy%taX1{erx$@3dC-_HfU6f;|Yv@f=K~_Tl
zjLAJsJn0q-ww5G&RKjPy1d&LbtF(IjZ<i=TWpQX<1+qy%_rF4Uz=J55lAEx;IJ^Dd
z$L8CQk~FqK+=2)50_wwuw{TW-bW`qwMR0In;1DVY41W5B!o)RxU~=aA_vR$hYX%A0
zh(q}HnpbFkL}B^hcuzSoX+?r2dE<{RA-e_B3)tos5iesa{uaN3RB?!)PH|eHEmcc_
z$alcLOk--|372+B(2|i{6*1YJy-$?#z8sZ*x0Rul=#OC^YB&G?%WWA|XDJdd)L@cU
zz+D<CKKb`5RfYe18v(Ic7id^+w*EMr)Y7;0h^pILQPPL{>FK$z9}92io+d8oz6uqW
zv_DGED`R*O$oH|Zpvn@z7&Pme{!jh=|8nm-z|89NMmP3YNv1LJwPaW|kxfea<9(Hf
zEEgXXi`spU=m(Q^<g)d*^I4fipOP=r=Q>TMeVqKP>$-T((PJ#H``G@CO0nIh4jNN%
zPDm8KIgli3`I%$CxPxRvo<-gImq0C=w;~g7hBCBE^Y5B6F9;?Nrv_YL{?CUodsxxm
zstbtox#hm_JKflOr8W2T3at&4=Vr?FXB?_9&Mz-UCPxc7W<BDIj!YI`mp<!`Z+g0H
zb$VYcv$?tL<%|aEOaqaQnDCcUtqk9zzBhe-pA{OXO1yo=S6^A6;=vF04I7J&&t-h%
zAXzqdiN~g&s~10Q0S;B8oJBHWx2aFOt(1w5ZmUximzHEh2NQ+g>>Cf>(wR8Q7VCwW
zpZpRMhNUOkruUl}7w>NAv<qz>k>=GcDM*xFTU0=KGI1OcXh*p|2Nvjzt7DRhXHFK!
z^}2=PT$kP^9@DIQd-hAeG|V>_ajd0%F70U2JGm-%!mjpOOLfOke+x&Ok(`{5WzU_%
zCmn}NP-qi_Xq4-(y~<8a9gCK*%h|KB{A?$^XsS>7f#1!gI(frmKWy%wbiS5h8qU%I
zTRo4?%ZHLFXS7kXI6fxio=Y>*+D^H@4ZmSpsJ&4--lO(_md?r8q$lpzLa)Zh=A6JD
zCK)wQ1A<Kw4%M<Y-Fc_u<Mjvz%dH`n=WgW-X)l%0D!-8E<8J;q?vj$-v7D+eq@vm~
zKe;+6<q|<nJ@M(!kjd|F@tL)yLXz)K@<(Zvf+D=0*O7t}?s6{EK(!`VJpEb(`*0af
zZ+?v_jN|6xlLwRE*6MO3Ro>4bIItkS!#}jc_k_xC$G9j5tFeUh{LjWhhB9#ULhE~H
zXNGC-1e5S$+s%$g-&ef;_GuAL`(mF(tx5F*DUVHruUzl`7eA6&-?V3FpX6T*YK$vq
zQ!R2hEPw1uW5YDV_C2fV`1X|#7X?4GB?qm#Y)@MGk)d~JZqA=ySTyzVmEyOKBH|Ky
z^$xqG>&sda{8)c|4VTeH1eC7V(mGAHYZb4FT8`c?W7=r<*txsZ+<Q%+oJDKk@jZk5
zS{11xmzFU*^@v0Zs?2rEAmwnTS8lr=B}Idgc*Z1h<w5ibD~|H#V<I-c6{Gkr5IyUF
zPS4{+3oWmFo7`cyrZ11ntcFI)1v+Q^e2to`G^AVovma-e`%N!jYm`@gbIpdh`sKOU
zujx@CA~hB<!;OY~svwx6R~yyE&t)V`mK$bJUMb7?b*w~ZyrOd`U$4jH>uf`<039=P
z%B1u7BaTc%M;Y1K`RJp#j0Up=4yW<HmnUlX=m1X)<~x>(->84p`1z9V<Xy+u-b%U7
z{H&Ih*ho4$I-3cPHTQS5p&Q};rR}EP5*-=c^_j=LYB!v#LACwri%&Gjzmld*!I}yK
z%%{xI5a$W~lqPx)tMAioMXpoY(N=E<*VfINywAPTH!&<TR{d9cNv`R8xumyl+I&~X
zbA!$3Gmb5IS#}orairNWKc=k==IAbAJk)XCc<4uZhJScWs&Mk@>%V<Clf=(&cuUP%
z#@Sxa!!r_V&vZW9u<m--(AB=sX3JwRyFT&G*xO@h+~^E2T107Ssgd!sbge}CT(g1m
zGh;wKm-e{-?(jGZ{!FuOkL~c}`>HA@*l=iP?0Tk4!KuC|%XWT@6F=*7+0p3+xo;3e
zFWz3gJ3CzP(|!2qRb3p>**)5;!&`0;_h-o<-|{H*E>-OX+x>H2H3D!_iqF6hr+wRA
zT}WK9=<qpv!nR9S{WCwjOJgm`nxPERvT%nuIA^^?B#tglMGlvBoBrauTge9YPimv9
z{N|E_e)Oc$6~45Y$@z&j?ivqf7Eht~?sxC3<50`U@ypX<j1=3>Wf^G+l>PM#UJBj)
z`)QNH$XS80{+fDV)5x0}qJt5KwtebZUstwH%qfEjJ|06`O-=Xtr^3lM=Z!R@a}B1w
z!MAH?-?WLl;`1+QVlQ<~uhMcE=Dk}Y<9?u<=&$o=xvs8mtZr@l+}Ean<74l)K1eDk
z=p?cU1vBE(_p7W1?1}a}>G-a#pF}1{@jTLKHc2yg!*?*HeDCP#IodEe*<G9h7w6M(
z6-C8#%cxIj%lMK7;!Gm3kn5tRezYSZ5;IbouP>4v=H%poMAT_jjKf#*3fWxJ(sGHl
z>caWG*yKfD-<vBvWzS0kdM@QQKH`6tyi8G3>fxi7-}B`QFRV4bfLk%cuJQ3dPufqb
z2M44vQ25c((D35h-&D2Z<u_KIl2ewaUtn$2yE%J?k-1d|-)7Z6@KsviQAw{4>%X>h
zD~0@azfOhY4~_=I*NV4qSMp#jP(nYIeC=H=*m%KoJT)VHq)C|d*>aEd($eJD7q?3t
zi;P0>H8ch?6EaWw^-qn`Me!Og$Jb`+=fup9uW^Siec}=pRwG8A``jGI)i1L;lx;`A
zpTh|lMhgD`1H(dx%Y%LQHR1&38`~A+g@4a9<;A#C3a2j&emn+{eokBa0W_hOQ9}bj
z)Cc(;v${4^RB3m6(!O5Fm^!Vz+bc7U<Jaf!6%_4{iYHI}+sN=^wr<`#8A9iBo#(Xo
zi;rjjG1R-dbepeubw2%iq(66<h|Ld8{NqYSY@3y+Wp_vKm5j;F6Sn+L6Gr!)J<AOt
zz5d9byt-e~RaeU6rgy4+_m3hT!M_?dUGL7ocBgak;%o2qrPm-wv!X?w&wflX#a@|I
zR?^S4rSJaTo2`;JvW#RWk`v#zI9u4XbLP)m%C~vZA{iOxH4f3`eU7lt@d^nE)%<CE
z%B_{~q%n4vwz+u%I2r9cI)Rs`AIsCx)2BcyU~$7*<U<&9xXG8$U|9C}rq4)!PVd<#
zD@Db*t<8z$RwG$b_)ZvYYwK5FH{&LZ;9XC@kXXd=3wCU{I^%z3@t^3i`%i?^ZVCRN
zX>A>|hh<UZ+>39EhZC_EPE-BKeBq1?i&xW|oIa-msb6cZ3V-+O*&oa9yy8bbg~~G{
zjhZz+U3Z?HgQ>ffD9q@2t+kl}lD!L$Zu)G0mfvwxNu^hFCCqECz4NQc4OxMi$f&pP
zD-Xt*FpHY3Z4YY>5om1-{JHsnyA5(bdPGX0x%otEj-!v$#7SAhya`?0ypl-h0df6|
z4(kUV#XZYo+4bB%qK_}-$9m;G`r$O1A>I==^ugo4Rw>AlXo)(V&b&$O-u1-UxCLq5
z=RR%67uHr*ZMxi3H!3>jI;UuUHHz4d3pPAmd8!=xG)cs&T<gz|ja}^<g?U}B_{L29
zxN3iUf+-|7<krxgyJ4R`a$CjS4lGHr%9nFr$rKvi9*n7p8V7ujjBIN^x|!6H`+rO-
zBuSG3Z}ybe3RJJD-+2C8+`nS%n*W9y66vB)>@<ab<*?m({o?;Tbj#W-0F%nUpO72{
zs;9zFlj;w4+&sp4mYn>N6hA}7z+oS64?4%=sq#zIZ*p>+MTqC#D!C_1^>pX%ke1AE
z#XJ|@+>3P^X0&>|nT;MIj0z5YzsV`g+Bp<rSj<8^UG_jNf76H7xlw)blP9S;H)*`y
zv~}l)=4LIe4!aA*_>x`XDJm}l)lq6PE>_;bZOI<x)qHV_nkMppa4uW;Ax*`X4<gAK
zZl&A~4c+b2`){qDvTIf=7?!%{!bo^MSDbSHNsh$kR9K2t4DKca-lo6@JPJzSK@x<8
zPhY<t>m0x|`?0O<9AUkSa6izF6Ms$+Gguhw4gN3c-UO`Ywe9=OvaptMA@h)_Whz5u
zh?1EUk+C$ONdr+@&Bd}<gb*54XhLWaB^u0?C>o@J(4<f*mFE4qVy)+XpZk5DWAFXG
z@3D{VxQ`o4|Ka!hUDtV?=lA<Pzvu8eWmPpEIJFPtk8e<6YsT!#*dQ9+mwHUMd@U37
zd>n5MWl>TdE57sYumQxSH%Z3}%kx}M9`2EMakW?LEZa%rmLwKLZS$l4J{e?SY_h^n
zsc~yAFv0~Pe%L<5)myup<hV0vwJz)`OIKW%b{`I5pXdu1ZJ@P!drNasU0QKLBBfy*
zO^{inWIFzR#piwAHF~8}*C)il(lq^JV{~KsoE;=zTJrKGJi~KX3%o-o)?5Xn*h)Kb
zZluXk+6vD?pP0gacvMvWSo8Vwv)vs!7QK6SF8Z~DTJ-jo%8|c-7QR3ookf=<XRR)I
z!u72yRJCKQLXdxCUNu<K(A2as76@nhd3xr|UdP6C?lt@pjh3pnT*IT$H(;O^!A<-C
z-83V+{O#Mb;=O6a_mwkpqh)h43S3Uu(1A^08M#0w7eC9($f#3upP*A5J&yOgq3Bf2
zIOlQu^riiObH#1gD9{$0vh+n@3v1E-x=lq@c8QYzB8+5-t{Js>%Jl%?Q25~$a7iUD
zi-Vr)Wbi$*u;`nHUl*E;?0wzpT|KG(NATG2>r{gtE^&d5@(Hl!TVekcx}j#hzO%Gy
z*IvD{>C2mhV2svQQ`W=yN9qy7RefjfJO`8Ug;G5Upo0&40ec{KdC9Ui<v~hze<ANS
zaCrqylZ8dyt62Mtb2}&N-U`Nh4%x49_2<tkIVQ%G(P){?Juc?P)4=c^Yust|gAn1B
zr22<*Jr_{p51z7Vcf(L@TGmTBe>pB(dii2&K|V@cXpo$+?vi(PX<DGMEZqXU?J*3w
zxbKre2oAjvOGDyL0hQ{1q-;M6Yc$}S)t`QwZC!G>6<5vjxcb)_@E4kYxYE{_*+t6f
z3}9UuRJ1nBFSsfC9h{3E+KLRSh-oxdKp#DMr}*jPM>KJx@Jv}MZ~WvLw?OW)D^IVw
zu5R7Y;mSoHK7_L)F79}H&m)*Nh4S!-c#l8-{8L~qERy7ul$87#_>76yvH+$TCjCN=
z^eHED?8C3<rM&KLde&`n?6G%ts2lcoA9M~Yf^uNRM%1{gucv`d0v|mG47p*L+(%Ut
z2&)+Q%GK4i-+0Y24?iGYWx31P+u6OR)!-P+8K}b*Fb+fQG|m{VPZo^O6pF=a*RD+7
zX6^ZvBZVCx%j~$4lG2x_GYZbL^GY`ErJdfU(~mzUVJaoeH0I9Tjj_WTXh-!l$Hj<6
zLqNowYo5*!JA(j$hk*3>`wqi5L>eDK-G2iol*_m{Qukcj`ufZ36MP4{+qRAWVIAmO
zKUwX}b337(!(d%M@R^z5ER;?oRnw6G3i0G+ofu8sTf3g4MzSe>+|N1z$b2g(YwpdR
zK@jgx-ZsJnUk80^LD}#el1g&G0Fzb2C{^g{j#_qd+*$U&8DawQg1X8A%T?cU$KiiP
z|JEVN89m`T>i?ShX=XEvlWz9<?KV)E%G!-sr;0TQDjaHtcZoYWwv4J79kW8XNd@^S
z&uGfPFBP{dAHR69jwO(kei|NTEo}NU{O-2pTw4T&uo{_;oX-6j1x`UMuZw7lJc1E8
z`sLMq%o$C`296=iJoKDv*E%<rg_R65h6*Ejzlf-tmThHLnM_t`pY2$_0XnNsi+H|u
z4QQaWDpJu5q@n@mgr(NtS-ZBn8Kf!Iw4XGp7c7HrT)lc6Rocf-pNvdQ#?m}3uv)vS
zcRnu+%*`j_v7GbrCE8u5WlNW?Br7&DHxCCYE+aySFcaK#dpZhu=~o3kO5eO0p?WPk
zdc6Q@4PM`}QG*Cozfpnv*BU5zRh#BYu^stx@BM9GA17#$wr|t3U0kcQ^5UBDd`&gP
zAX*p4#?=RdgG>OJjc=*jD1dOZ_tPpr=H0f9Kxcl^EFU^KN2!evoJqLgtb3f2qQ-{y
z2*!Lv3!RSu*lB4O#xugXg|AJ?Q2FT4<oI!_bl>>e|M`w)EfGehZ_8ckL7r#&e0wrY
z24yh7UAuM5=%vy;qO7$b1BEd$P${FeJvJ!KJ@Zxa^XciTHT`8)kt5OvDVt_`q2sZS
zLTz09{{4A&MwprPjvY(o)tkeRhWgzfMd@Tc#nWF=N?0z8@ku-tOb0ltRRg#jo1~B@
ziS#-IRye^hW!1MSc^*f0R7Q{^>@V9NL8-9aO<UTh<9anpYE8-qNP0T1PXsvEY0>wU
za?U}|zPR6!LGp`PP^YNrUc0tA=j0V6D3JRgy*BwOF_4F7ozys&Mh`I4<K3Hr>lNO1
z?lD;Gt64a<u{y)J;bj~=>ydEFTnwAPuj}}G3)RXS!V(h3qG=pVh@R8dYz>~g6gVS0
zGHuSpGMBGDuWz<>pCxrVgWAhS{a21Q^+j%y7{tc0-v=SvTS_vmW-Y^_s!?1)4!h@v
zPI8x2E(ex%QMpYZTN!EmRPJLhac}1?zFFKbev`tB?A$Cho1(uGqAZ2#>$J6@!m_D%
z{?-EIfBCJzh_gbzk?(rLByISxnLF;pPQ1jnbaQw2jE;_`t!5YKwq#(WSI%izg05Y=
zrW3#je&dPADfv-IIhXs-TFWOddmctEfwV7zMGy=DEbd2coMUuM0Jn1dh!Jx!$oi9Y
zJ{F6kHJjHu{PywX*#Y`aQ=e|CCA>7!xi0+qTE1jx^cwbA==taxL~G$G4!XKL%doEg
z>ER}9L6(=#oTiWRV%wVK-@F=gna`bt<1xCLe!Y92<%Ipf!c~2q0R5Vq;F>T=KmHP0
z7D@;cZA)}jUpV(B&YGoN;L>z?i-Ez@ZAkCM&k-ELh!(54{4AP7WUq|9E$5&?x-mwT
z9TJ1AsNtFQtD8F)?Af!Y{MGGfmd+JK2HN@c`v&MeqkOnTEXGnfxG{f)s^BBBwY5R$
zQ4<rc8RCWkdkElOIR~5A5~wCtcM5FZ2ZsBHxg~ja+5C{K?nH5Xr>>IE#3=}?%VvEV
zd!izyG~fg#it%6Hb=&sp)>@AG6<1Rx1t}itH!+muZHh;p*xvlo{MZ<-6&c#Kzs%Ox
zT6K3g^e!UOqPm<<FT%0N$Vg;rqsv-lGvV3Nx$CEn9XmrRx)t$w{|IXy*oEyIUCwaw
z_$oU_A?71%iT<<a1z`3oe1B79G$q4)xeB~RBA@Kp=1@EE$l~RJb94)w>-`&Es!fgy
z<{vL|105>k>JfTPaIShd;Nr@&zmuGuKG%kV{>$AiQs;@q6ZB$l;`1HB6E@yZd7$@b
z1++ofYHnmNuLoaxx{WZCK>(<IzC<ed(Ifo1>Jw^n%_CGj7S$TAUtD<*UX0F-^V}n!
z`w#yV{BaMwO~pRAy5*tBIYD9Xor`BVthckfDMATd)aT)eF3iv83Qak*2dlWmibD!k
zFr1uM!~&5Z(8wqb79z?q%&9MKENsu|lMWmiKe2wtz4C9>kI9^l&o!60>vFoUcFP-w
z&R8%g&UHB^T7%8GQ5SV$uAzDgD4um~cGxuRW#(JPR_&(|`&30=TkCW-!VMG~;(+DY
zTD@k?N!r5B;67{0@jB=Q&6G>x8cO_-&R!-wt-G{gBs3UFgOAGSD%0OcAavuMw1y8K
zUY;KliNI#_Cl9M5$%dLccKmgC^18I<hj!;Wb?K5K7=sjv-MhBE{A-?vRZ%Jgi0_V;
zg)6A8<ci;Hia@<j+Ea72GQMdA$y3S;yPT(gNg1au*@mzZD%Ek!=5xDTz22gYjNq#$
zlZ8OgYk~x!JxWmjfXemgoQ9&laDo$|{>5P+w&uMDZKZ{UK`fq&Je~^yzAeGD7px`^
zxb%%4_*OP8^O|t+KzO#1oR8s@fs#Xpgwr|V8|ZSnAFNo~x*n|2$91P);1hUCGH{W1
zp3u@tt9crR2XNYiySBB)tj#sBWa(<%%4*pOj)v=nEE4T-3!if@CUp^e>sVs%aiiGK
zGnaXciqOp_*h;JNt=27Fnl$?I{lV78>q!z$!lMwcHr$p}wT~EHq}))GC*GnYp|X8@
z2LCy?cmMGlA00o_z6>NJuHE?U`=2C+OZ_hj1lrl20srtf6jLWht#o=aQ*p*$zx{jx
z*SdKgnHXD4T>pc_(E(T5<HhhL{~vKY?RVqfg%FB#+o_ea5ZKD0yLa!FsTG-Qaaoy<
z+9@M_cG-<>dDG3kxMjPQeupoV7}14CumYp}uFQTQpkLN?A5#XeDk%3GDRxBxFKi&?
zi>CjuNN|sm!-icZ$$Xrex&kEQs9|bRQBn6igDqQzn>mS&j|+vX9AAnTjM&!xEEEN!
zD~=&iTwEmA_XwsQBNZ2w5*@2AsJNd*B+wZ}kvEP!P(%${NY}entq7cRnGThdr%#uo
z%w0$7KW02WFPyxhM#!R<Qlwz`m-s5#U&BR7s1lqTioHC730mf4^WqRIDk%viM^nhS
zwIV?20wq@xRXu{Pb(psKet3ms07YJ?2$Lj8vz)&EMH9*mbiy{+UWrtjYfaaw6!ma%
zu~GcPCe8~^xt(rRh{|kO?2<Jig`=r1gM+)Dl+<KZaT|qh0=FGec2b;`T@e6fugd4m
zxd0t+#!o?2F5-nqHZVVBt0>URN-697<@u7XJ$t_3?%!}}ap*TmX9F<>9P?6?Wx*Ac
zWkTj4c<V7`1W@Sy(=ep~)$-yTLUEDZF5IA<WtQFNGvaIql7_NdNJq8rRD=CovH}VD
z4fJY4x#8p#i)>6VzN&*>obvWQPoOnpE=>9BxZB8#&!U(PyIq2ua-OIjkerQD6$KI9
z!VxHnwGr75R<sJ{Ad&|1z^VYsTaT<To2yo!(F(>W>zp-SWAkM7VmGLH%B&Iv0d*J^
zHC70#9O#u2>1S4izP_m6VY)JO1O#f;Sy00gR;sjL(WDhjBXbh*pA~v>WAqiu&nvW%
z)9$d0{_Ep+H;KHx_T8b$zD*UmH`Epfts>VxF~+7MUyA~EjgHRgF+TTib%|a(<jCS1
z+h1v;Yy@OqP2#bO%0ni*xU@73Y4JsXl*fT82^4LRbzT*NSq_)i>)AhSZUNO$pwJ~U
zQ%)|VJjh}}1&i-6$2m9lwRkaZT>S%6xNtL6+(J+S=u1de5$TghFkR~+;i9LGf8HZN
zutSNR$O>NorLj@Gu!Nrg0xJq6soVB7q4akmn7PQyE+9rIt5e3S-0e@df!#aPd6M*^
zuC?-yZv7@0Ztn&j!O72-lm)t=9H^1Kt93agCnx9KwAQ%&-rfTrK6+Gszn6+awq0rJ
zFma<1#sb6zckjISp+TE2{%foWA@wM8Iny{oopRzV#aXB*)gj=;c}(u&ec7I;a!j#3
z0O)95(NUy`dXGilj4l?vPNQi72?oPO8Kdj#{2}wgXdE5|%-#EfyGTa4D*`%_Rt0~W
z8r@=DakyM$T%=7h`b7nj+|tf_=kX|2`z;IL&7fPJA^R+T^XAya2r_;^Wj08<(@*Lw
zpDb+tY7zOb-AHZmC3SY?Ruq|H`+H8-zcS;s-RP`b@m1x&uJ6zNorEqa6i`G6geG!>
z0mf&!G~XO^fwNOo`e^+q?MB*td^y!xp8|ZCvcnqct2Ll8B%-VT_@hk{1rl*|nFodd
zX_99*9qc1bVj}(U;luIl>-)EeIyPV4uL8MR<{|b4dYwbr`Cv=p1V*Al<&D-nosO<G
z^jY+qtfwRP0UIwhKslT|+^6Z3?8bFq$|7MNV~P;GB=5HL1uDYo+S+N+AS4sf195+;
zEq(Y-)Y)rp?J}h(42{{&l@@jX_E5G^x6%_fo-|tQY|8B$Mk)P8?TCB{!^bR+@=UDY
z1un3Pt@Fg0?{R^$h(_7vW_a$>;~PN&F8eA5(RmnswajE#r44F9-}bic=6E)Wk__Z#
z1zqsTe_dgDn9+0KK!fVE9dG86H_0v1^}%KLx=7oBHH08a`<mfF#vg3gt0aJgQir@3
z(k&K_WrfL<feJVn#I@Ar4W7B<4E{T{A0yLz^Qh1+lI*9@woGu(1OvNF7N3)wJK@(~
zA2oj|MbT?U%b00<L{+^1h^28!_s8LuG(8*}L*bI~_>{z*!hIjc2K*-F+I*Fk$dM?v
z&Aon4?4GS5ku>~DVAA-H{{eK1yC)%GpURPW8SRF|(k>eI2qt!~#UtW%uJnjrO#~Ln
zUw%15W(D)8-JZuZ_h^q#5=E+%w(D`^CxjY&(iG_0FYQ{HqzsBAal3i$sktG10wO#9
zKj}WXqx!FXZ};mUk+k4zcRu`562(1YBmvP^%b=7|t>3$d-x|Jtr76&qOI>%RyMU0t
zeI#$P;qWjtJsX}2B^{}VILYnZpKm>hc<S7j1b;V?U~}YNUN-<Fza6#Tt@MP1okABD
zbw5qYmyxw;-yS0&5#aFcRvZiKAvNdp2vjvne~64gVs5~ipv66qS&>0<&BUta9(x1<
zuv_U*-GeMUU8nuu|2l<N#U5&ZmH79EKZ(#Ser*8z|MsW<<^R|&k&`$&f5)>`=3d8^
z?HzD>O!3oPi4l`iQnEGL`Hc<;f`oj?&I~I&Em(^?ePw3Oe3>gv2Dfxaiu|`PB5~;3
zbKq}(4Q#(2@!$W?{YTaG#6X!-rQIu+$Yt+JQ*3;5ztd5}N#ZjV#U0zN^V{b)y{9=P
z>-t51T)Gp_=o50&EhY-eJpJ0C+*|dTMYhHhl$tNb#M$Ik__()iI=z2#OxRcUv%ij(
z#yUU=Uab7^>WX2nGS52a>G({JtBJE{m=Kp4?BC#I`!QdmW`GQB;`L*+T;fH-7dA{>
zb<C4AmAP?_Hd&JroG;|M^_M;8>^Obmrpo@#x0BcJ>#<M4pd?==Z515nusJs;J`99~
zDO%XzvuwqR)W4J`Rs41_8**}OLaTL*rpDsZ+lvl8DyfNkVzS4*<+u40*SYvlv=Nu6
zF+psubbOF@)_zi1_GtgMtP5(c{<8<1ES^gG7N*~G`17RR9e2IG$E+@0jrtp%7mO6L
z7F08#ITeccH_DqlO-XMiW@~@Vk+XT9xn5Uq5C)GkeDkj89!h_pnjwS*ofGQzx89QU
zIA@8<!(QE9zv7caczyVN(zjKrnhPJS6)(JP+vWU{h_l*JPN#l{gy*h4zOi=wjh!FP
zPIk^-<}pdX=i2P;d&j75pIo2*SMR=KRQc!(9^JGwo02E?J%-KELnLK(=S((pBBV;9
zd?HKA4jJj2mODmf1!b?SeLrmtY_sW=852vPB+|`ZTwisoRAhW}bH#30ni$(jZC7h^
zC)M;*6MN_6D%!od6G0~9&LOO$>zm|iJNH&ZoWnFtean}l4E8#hM$MkR{zRnp4VkA2
znI<8rUG$!1n>&BWa$D56{ZFDz?F=5gxYUMWL$5o3m=IT~sI_X<^AZ;hn-c{-<HO9>
zerd5auf6-kcAE44Xw+1y9-~GF?fU#|)#Z(mYew(ymC2D@{NmA~*|wK5N)N@|uxKzt
zsj3Pp{Y);f!9%EAZaf)VTl(wbMY`EYVpgGzxRGZWw7+Lrc$H;b7?gcUwo|l0G?I}s
zM?QFko1SnLGM{vvh>+6RY(Q>Dbxpz8psOyPspGj3pRY#(FcUY{w&i!K|4&+x0kT@<
z;dA2jrwXNj5R6E_O4t@-AL*swka<QSQ4rF%YVyA;MG^wPzSvs({<Z3m>D#khy_{wC
z-W{P@o*Uxt(%5ip=&(cN$JUK@tuiEQ{4eh7y_#D)M?Z?KgOV<;X;9)Id7KmDi)U3(
zVWI}nt(;Z;f@NrA>Dm_9r`LScwln`jXmO06I9;Zgixwv}H7he-cZjM-xcTa7W?#-t
zx5&R(W$7O4`XuBacsR(bex>5DS+R0Yugc9XP-*>oNN1zXDWGRsvqSWhXNNDTU*Yqj
zU9#xfzABdFTnl;HYw7Xe!P8D(%TysfL4<HV&}B}rR$JS`!hca}>{40SeAhK&LALLU
znNz1mQ<;bLQfXWm6;*G!?56ctz1k1T;*tETiekN_RN$Fa2EY0o6)gVOKYpyK2PjZ*
z9X8x$ZRDKO5%1soA(#pyWqg=8HmT3%&Al(Kx$5L*fCgm!h7ESU5rB=^agGNsxNo$I
z-*|oNB}J*_k>}e(m+5GZ&k@4{GJZ8h+}5>w_jO!IvEnw(693i`#3os1=IJ^sxq3Fd
z%&a#~NplVC+~cEvMscWS@Y2nLy6;nXXrOa(V+b?(g1o&qNJ~p6r>0I?TL2D}1m8YK
z|KqlvqoocUxanJ7yE^RYI<#4X8?{wb(|scMluW0<?EXP!{gvx3`L0tQUOmP|uaDaG
zs9SRv^FW~ycw>6kgp>AIPgFB6uIODH{b$P!=MPjU#iv7B{~P_p1&!$SvyvQNk6N@?
z??kd;`i0ddHX>ohZr0s>(RKTjdWg|EN_BZZTPOUR3Sw2_(Li<EfTW~xS(jGndVIlp
z0zvOe>y4bkhTo*j6Gx7$y|TzQ+7sG$>FoG|%lOfJ%Bzn=(S9*Nd6tRkWkqKZpe2Ia
z6}&pX@Q6EhaarDP$26DZ^LOrSVtbBHG3ea6)u$rkNQS&a=BBLhrc3*~JFnjM%F!%Y
zQ=g8G1^<<@Ao9kIETzgpZtn4C-Tj-wt+PAiUb6}7(|2`&nT%@Tqn<*_XPW7)svTK3
zB<o5`!si=1Ht*fv>qErz2*>jUyQiX28{f!`sQHKby96&Uuvm{g^hR^aG+!0l{S#UX
zr@ud3^r%6|Opi?;lA+SJwwK{^N~VAMIgZ7@ITK`M^*GmL1dpa4owZh0+c$lZlNh1f
z+%`;cpGargfBmNxhJXK$0-cfAJ@!=c7~P&Rp?*_$!rC;ICEY2M`FHVw-5RmWlBCaW
zUUjRV<9dLq=kjSv2A`~U54Gjdf=i`5D!Db`<mBz2toWqQ2imiQm?DQ=mmuwa?pyU>
z0?GpZ*w3cLvt4+7XY|5$fwC&Sy$G~X92^Vp3Pb<kf#EkeWeH6S9O@pY)suc78;JTq
z<pb}mF-V+)!}lP6e!Nwo95=V|?vueSXd_nL`Gh=IAgl<mub}$G^Oe-!jBFdboN!)Y
zd_j!J6jY8#&edAP!AT>eDY=4HxmN&0&Pobi!udLgaRC|lsD}<6G+RDLS>SDV3hDX)
zZXBv;rQ_Um)Z^;rjW*@!`lYFzj2thK@`lgd^8;P$+HQqtF)ku65CLGVCL&Tp6BDmb
z4Kh0+8F}*+lVd;s&i4ot**9&MT7!cOlRYj{Ty^ifz_XEhGdU+mOE3_c35RFSo^1|w
zQ;x~coYt=f&>RyIAEhq+Eo~mKFYUh<7%ozxX~fr?Tk&Rm8f)I*TO9HHTdH98^kQ11
zvK|3z7oJ6e;=<h_9WGR|U%wDoXEhI68n(vUT<7bHhZIu@9jvhFj>KiXIBm+4=KvSQ
z6%~_6{8a_8TMYROde3g&C>-1Pa`Kl1b0IgdyHFp%4GO+Dt}fSH07h$~x9eWkid+oc
zAy@^vhA)ACe!vcOEjX(J(9N(pPA`>c{iuJUKUP}W6ce@T`g(zSJel1IxgsLTslo=m
zIhVdqpM(|a>X`zGXMl&GV7mVN^D4Y06dda;4&BQ_TL+Ay3fI}SM~^I!1aTSCW5=4)
zo0`jPE{srx4ujX8hdLKZ0fZ-@<sk#~?B*d$6J;ZW0cVKWdm$g7c<U!AIR?2erdVaC
z*6SS)?w%%^OA)WAB4l19ntEU`6`UJ)38J=nFgHmcM2K87Seo*>fn!9UiM~rih``H;
zQz#vh@84e#73I_B&QyW>+IWZ1qb@k7xW@AE^5;Q+jxmJ^6aQVXlBEHTD?}F%EPH%w
zqxq+oR~OLHFEn1<@*6b!#?`*qC}8qM(?AK|B;TjALn6Iugu2t4=7w&)rs)Capji!p
zX<rLtI?KK~_*_sB-(6bOBQP)!t;;m1DupJz_RYcH#4|#5a|y~^&4VFAOYmD<3TW0?
z;%B)gY{f9^XWqwwa>QM(tE+cS*g#)_YB~gxsmoLR(Y_S4wXTO82>{+YN3o;o0c`^y
z5&>xvGT4^uYJ}Go)Cm)HRY4#!e(%&R6BI(ZKHr+h?!}Nd!BZIPg3xDRCk9Ly0xJ*W
zu)ya^abSRBg`(i7(4}O;G1X?R*B5sa`sW#Fo4^!Zwy`hh)ISU8VNSirsuZG}F=Y^!
z;^Nj_(YXK$wiU4I7W7_d>0A#4E}^{H2dd+>Y}o5;M#)d;3$eA@SM>3tMb#}3q}oc?
zwvANz$C)}NZV<SYQEnx|D}m}zzK6oHn6sIMXk<(o%2ZLyXVC;EKvl#fqM?Z8H%1kD
zO@N2=%C6y=L(@ZoZ0ny*U&HRPy+m2MRHQQfhPNi9NnToYzwGQI1fm|u5hVNf4`mCK
z(e!c4rR5eTzavzET}}o|&hFc0N~<%#!*VwRJnPaypcSyPrua={$*HE(MmfziJ$OxF
zGq?+SGSw=@y#RL}6)J{>!tM7dzWqF*<<Aq^6(#4-pI>93@>15s($aExBomtWtYc$*
z_FiIth1lP=1cO<FQnTjrn|2;uXlA&o@p`jCL*uF*4Y}~h?yn4n7_P%z<2a%jV4bIh
zPC|!}OIODl%o2rc05(Y6ER51+RUN>YZ!l62EVCTMLu8R)$ap-(bWhu}t8LwT9@$b4
zfrW58gSScn)e46Q<AN_xbnt0vD5x^Qf5A-W(88bxfSmGI!M`afrbHt)InVPI9QBwo
z1|+S=`4iw$OSRs05*8;RqZYZnZzv7Sri<O??Y;Z^#F1kcE9%^1J=082Jc(BJlHI5s
zkfGVdS_@lPX@6zMb-?RhIKEv(3_>Qn@xq)1Q%CdX6*f-{<wPVGEnHbIaK0fjjCp#M
zB={n}6<F*!!ubTE(;TfjeopqYyLU&f_4fARU<l_aIJDGe3lKS5&vCgRO4A3XxBZ^n
z<*snyldWiCPRIF$2m4IGTI=GUk+AoNhQHhb@J)Z7Kvm-$YBdEU%f69}p1u*j??tS8
z7bs5~e8%t+TgHm)e?;E4LWdjTZ5bE8tIR`D$wiF+Si|d{%w7@FR2lSCblX<ZZQGWp
ze~^au`Q4{3^7FmYe{I;s151y2C-!mk95qSXO@FPL^fEQ|v(qy2)+{eLH}&Kww=-8p
z=KKD+Ft?A~+TX`WFHEiMl^t_r;ptzL?>05qeW_Z?;qWQ#byJbjm3m!s%ZcGKo2&HG
zR^y7YaLnZEMOq6N7R~9t-%IPNMTg#9?tR_dB6o593|CXL6&0P`*k`Q2S*PbX`{L%W
z)aAE&Ge(GETtj2;AE+gI4xM=?p{=E|%eA!pWZ+;4)rIrc)PbY+rH9c3lZ%h9ZhL{#
zRULJ0-isViSyLHt8o22nfKu|%d={2hU3AC_7BNefqsoNk6<XTI!QTEV3zS=^h=T%;
z^g%{O&7L%)SgYc$Fa*Md>FwLizE{2UQ7{R+Uw%a4b{d3BRb5>u*d(0)5uA=?KH+7x
z1zG?bBtK)*d;aDa3O^xU9CUNrLe_!GSAy9hec?@r^UPdy13g>`NDRh*TxIM8Iu1u^
z412m#vUl$WKO)FM(i%;IFv6bmbX>Emjnh`#mZBX^Fqc>+JU+MR5WYaan>LtjXCpR%
zz<nhO<S+#-BDT6K=kn1t-R6>4FrXI@c~WSOHT(v%$Lf#Y&&bC;lcS&)G6CUVH$KS;
zF&3X83^JMKlff571KMz>3Z8i$TS<)OkzRK44$~sgK{$oiqv0!p<FR+x|Bmy}2af`J
zUhi(2vXT#!`6QktJvB<SjcVy-R;Q~??ky?#fG@lu!9|%Na%b_Tx#Qn74Zxl;21x{(
zMX(V+_v{(U4r#DHCvHY{=2bZ}|3gaWK-fDl4t0IE^`k~vxjtX@=MG!f>n0;g);@S^
zee?G1(wk4dnD)o`fKj{fU!75qj>ezqDBMfqaTAqgcMTK<A9Qzr^m$o@WxoOT{juRG
z)C&m+N%^IB%;c6P-ReWe<CxN+^y_cGO&3FKDE7)UTRG!yY(ZoqoNQo+80Lh*|L^x6
zgssum9=xwxp7yQo#K_(aL&l3IX0QJE<fIi&^ZP6g>OFRBn2B-d7ILxbFFJGWh4hjk
zT1>5cbi-n&ninG&MvZbE-N}vLjvh4EGLh)hwsh3Uk$3N99Vkk;w{P1H*^T*Mv<C3z
z$4&PBu!!FhlWts!yw_iRUT^!0<Gy|1;l($9sp+ylB7})Ko6D>g7Fn*l`Bx9=)BfjI
zzTRh2bg&EWUwwGxnQ{E)trNS;=VYee$q8%wb1~vexJE*goj85^@Ts+Z`aSl#zDtpx
zAJy<EH@y?yD@vC=JXY^yJel{n>cduey5!{eq^OSfoU};nWc}~gj4kJQ&ENy#PIlvm
zMvNYvk#5AR4-`%Oc6qACq4R${ZsLFH)T#Jxyt3#*(A-rE7e1H|dGd&56S=JoWnxur
zZ3t<YVw6hK5-H~g*h$p{J<x$vJZKr;P!j)%F(4dzCn-&enyzA$wFtSYB95pM0DK|9
z=SLOvK>F;V$!bCZmY}7XhdEFDVWaU!9W<=OP=&jjHo+J)%&Le3)m_dXJIutRuk+r!
zU-Wf!@(q-u_{vEq=I%MiZ_W!BHsAA$Ydv_@r5k$mhd%PF8fLXpr){O5+jAS-%v(Rp
zcro8mco<>@JSweFyJdOA31wjVE1S=<2sy68aDi-aAt2cnzJH%IF(P(LZr!+2UD9Vr
zuX`Z-ftIyOZk*<Gs`iXhicfo2*m}6lrkTXHPyhap(3=eZFjd^@fH7Sq`Mtux;j<D{
zNEhaQC>4%XPl>*&;Xi8;LqO2rhHm41LQxY-93C>m9RkCuBHzETAlCi_dE2`WADA~b
z13noD;bG=<_)`)$B%xg(OSIetDFXp4CJ~h7-k1ofqj2NMP(=^U=xfMSktW%5Tq$z5
zB!Fs0bL*HNc>;z)*oDkxCv@Js2SK;+63uvW8M;q$H=XAOQwDNAbtE2+;#1U=$%BFr
z{Mb1-$RSuIOWo7<RJ6zs;{Jr8*u|jB4MNo9whQ!x7_6c7dmw+8=Z?bLmc6<?W7Vp*
zZoA<;9+T1uZx)n<Q#-{ZG*@@y3qbKk(jX1umo1a1h+PSJWiW3WTJ!OFP-4dqG5GIM
z(42+Fi6s*cjVHNJstx$~I&R3`yLZrtq>)c7Z{ey=e)6ubuBsZziIbw}+Vm;<j(=K`
zNucv$gkm@hJt!y$gf{T2d-_TK8rI*Pdk#(FrS^qKX4rkYk<FNoSA3e|FsoZ*DGa1t
zTwFq1FpR7E{8`M-Ha_Br{{sd;{-5NnpwfiD4098Cf|zjUT+g?|XO1z)-Vml-wJ9@<
zQ1s3?62r7DB$CUKAOGB|*Nkn^QBk2J2s3BRD%qg6-PKQQTa9n~t)9V~{>AmT-)?bX
zeRd?Grc|eUlCj8<GiIb=DJ!DcZaibG$rkXxO{Tb|Oc&Av32ewtVv3FsX&{~4%eA$A
zO`ibrF+F=3#$H+guUIV=QTY9;sF-s-jrx+HYD|HDX~Wgug=5HP0G)TGrHOQwh^J5S
zCQOwvgW+hcs;>`2O^O40-{HekS$-Xur80mogeNl+sH-xi&e)=gIvBF-zA*WTj5MH%
z;wbW~%fYdn=Z6LD0WbiQpPeO;#y!EB=i1W>aY~a#8KG)q_z4E~f5?17aC`=wOqjw7
z8|>X)dJf5J!f|?xLX{8}sEJG#+qUHtB4TlKbTxMTkb@sNsiq-_6ijhvw2Hs)-FpE$
z?kn}d#3sJ@>I4^Ow612iqVSu^F-tkbDq|NsMvnG#j~?QHJt?ErXG*2K71n69)VWqA
zj}63w^p?y#yX_UW8tCx2)rZSoqs=|SJxZrIihT5nYvZKY!t>IaGa63!4V8}(r81tH
z*MJ--x3-kqqQ)ajn1_oP4|BS6PxqmU_u#b<h<0RU-h=VKG;2hC!g6tDgq=DP(v5L1
z<In5pru;I%Yg1#K+1h%iLG|RHcz65Y&SIFON9|3<F0sSP>KuzHG>Q;n1&BbL>zr?I
z97q(~VY1GTl4!isrFEAFV}Rdj6G=>PXs8^yB`W7``C6|X-`?w#@s&$A76Ok6YsRT5
zlf@eno=J9&9XmD`vo0cY5N^aQSKs+wjwah_Z#7_+mZ84y;Ninpz)p*i4idQVo(0hn
zxgXlf-n${5@fur<KVt{%!P4X&AwD_3F?tfc30hHJGFl##4HC~VD-e2AoMlZfM$#d`
zsXtjw3RW<~h5_}(T(DLyqZ+O<tp4$1H{`6F6$X#jk8key;VM3#M_g^|bXfU2ckMEy
zrK3J>EVS(-2C?DK%Djh2-8@F_{W55fk5L{4<WtAWxFy?#J2zfsgwqf{56{Y~eCxCh
zCC-bPG3hgXn|73W>lp_g_A*ZyRo0hQypv)?T-{)f+R`I4USmPc7#K+c@HPMYT<2zo
zE5foLA>>HRzL;O>GiNmMj2{u_6ee~M-lvrvJ;_Bn2yry7w-R$<rPbwSks{(l(+zDa
z%l<j@0k~tQK1_?782$GuXwMv)ei~ZeA!BbTf#FEF`Jf*XosUf}ME=nYA0<7P2BXL(
z$}G`YQ>eCpdd;~&;{H~JEk;HUA@j!}VsUR`TI9%$-dhz0m*J7d^9Uky!@|lFvomXS
zYZ-HZpC0d2tlpb?U&nSqjN{R(^iN?X>t|l@<;yPk>Z?~93feMvT3e?q2(iWd^C0yo
zC4Em))<KF^hEdK|7ZdN_-%D;N4hK>SyHbB!VFkVEwK7VO<f^B4Ca$}5)ABMObgMG&
z54BSh_!<+1B|258n7er0Jlh?r)_3huloe4^s^-<^e|YU!{bHk~m?6vz?i3C}##D4Z
zL&YnykePJzF7_;_bhoLO7om{=C9aM;`;M^!IgR;7SooJSk7G|<T+0Gwzp4M+R8J+w
z%;o=i_p{tYPuUUg<_=W3q`#QMui7a8c3NIaH#$h>FIYgF9y@1F0L1!n1bPyvoOEd<
zG{K@C7qnzKgG<bW5_L)1oTew4#;HTBB6MQr8yb$`z+f06#>!<DO_az!IE}kBmW@Tv
z(C{g`VED}K#8f83ih2lb7|H1ZeBl`Xv|lS*j9$dgqIBk7Dr9rQm5A{1O%=02ybQZa
zOTFNMiaBw7A44{4&iv%2EJE>$<D(V{e=)@8VeG%q>DCno8RJR7FC@O4X6$61%+u52
zc~jU@&!`iEaP8D8Z$R3-)5gZ=&h8GF(jCBk##cA({^L&pbcy!lE>J7s$#s^Pf7B_K
ze`QRw2)Hq{IEqT9mf~hOvLi#zMQSJSD^K-LP0}4K=3rQZz-7q1$#0$Bo&c@$Ju5QU
z8Ozkwi^v$AP=48$*Ml{2R~D>X`3v6$>#?Vj+j|V0vYYctgjrS!?!x3WLnP>hl0!;m
zoEEU0_L_01cTG)qZU3JZH8M?jE_;(;$RT3Fs2kXDGpd;w_l;Cxi0+aw&u*Y0=R6|_
z0Outq>3ofsPi_@{Cya9Q_FU7pR@5*(dK9a)HT2?8Dn?P{^v15&mMH@n%Gnt)UFQm!
zLlry)wr$Ld)x0ei!HILIES5TqDc4uD>WeN%zZSC*XvzU_wFh!jSF@>1B=Z2=#4&OS
zdBAe{QEyYbKjb5j40jbXIDj4=^BKGUY&+~-IIljK0EJE3ar8+gDODm(p;QAZ71<Ij
zk55(_JI?mC{h#Q|yAGK2#5^L-b6cR0@FB@TN{pYKEcGLcv8XW`E#au@>(}H;j6NM-
zD(1|0I%e56@R#29L(c{Ed|MHqk~UXi{kKxgL~HS&K7Hong^$3zb)&icVBtfG0vLGf
zl(dYa&Lo|ibIFp#Ks2hrw?t^CuW$dPBkeO|PD->j=FXJ>zz7|X1r+}WVzDZa9PZQQ
zL_NoOUI76sa9jloD+G+e(Y+vDT6y~7pySvSc8`eNRHj*E`OC0jM;uQ%curcduqggZ
zrET)$Z_CFU!{cL~p2iN(yWU}0u-g+lg*#Y%%8xn0QQRuKc~rjE{CtocjBXZz4vy2g
zIYkuFoJ;nbl>duTuuT{OGcxNev6tgo`_}2i39_<BDB)yv_ft|Vjo18EeVrVyd;04i
zV-7DK4S>xNnof71NF~bB1C|ov72_p~cardo9x>w0*>cloXF32eIO&8aS8-Bcq#Y5G
zVt0ubGa?D!x<c)`=YhS%L(x3;y%f|*nbq;w*Cl<x6(ktUdKf{QnrH2UTTME*D3P>o
zdd%*st*rT3a+1Yf^PG2~l|QuS3H$z~w)|0)meiITHr|qG|6}`Kt=ixJ``;tmi@yJr
zzvOHXZ+<*MZP%{rA!^?y(%HWgZ+qP2_x7hY((hku{c6MK^<mscBh%zae*5;zd$}mn
z{(tqCr5$iqBA1L8g>v%ZzrX)a$9#ND%lcfy)OX^JX$KGN7SBWcvR_Qk2g`g2wcMj2
zma&4D=<t#W1<0gAxj~Fm*+Z`C-FOLc1o0}JSv_Q{rr1@(y!>#6(uYwoPp(%2gs>#0
zwzv>dIaKyiZIEle<LxAn=I(_RJH~bvhoq>-srlZ&ygFLgDSoLeXuGQ4t9NhfzaRQ>
zlXW=r62T3i9YDAu>3JawOd(lj154rWt+4NR@y~Q>93D2?liu976&38)(^`qD%a(1S
zBH&E}Ni)-Fao}`lpPa%3Vc|wCuqQen4pBw;{E*7e_`3A(J^m+20n6|!Nq(Zd{0YpQ
ziIyGjfEC+QnO(qKfjEDTx|a+*F_TWx0o^-ygbBG$U;D>G;flKV?pzLm4q^mKLQCBc
zK8;qt{Y;bb$8B`=^{uN&=lt7%-aL+4$ms6=zNn<>s`hnpKX`EDufOg`sQ6~Z8@m}6
zvAfFp1Ox>1vN_DWWKq6Buq@9bhh|vCU}`u#rw?6N9cEQivYe*LR4B^UpG?M#s<!+4
z4)$({pk@+P1m<7?m!Cd-xQ}C_sqO|FpI?deBs~@b4*;Bf4Q?~rh4vmwR6kU`!ngI*
zsjU0{e;i0M2$fC~B_F@qvbbh+sWTZ(B!PVzR%H@mG`vV2v61I;nSwS(O`qo63^gtH
z;mVKEkgJQfp`o*O9RLWoW_~60siIA}q=ZWI=Z>PDCZ3|}?PzPf7$&<9hT=f7iyRyp
z4ODDd4yOCRZ@wf~Xt4v-&Vd{uK$;gYD5o1^68(q4FerSLDNNsyc#TDxj5BREy1%M>
z-yw;gGO#=8T59Gx(peIi`<O-k)V1q5@&vjdj<_}#N{L5A!<{%OINb!`O1jr^6NyIm
z!3qb^`d)=(da5mX{D-^n#DisZ|4_;ihtgc|8Cji!06B{a0!NMNwWJ_WbEWWkMsdwp
zDGfL&SzY&}j%7`&s}Hs3apHL^{rEJE@N??#y+{4@0Om?Y_jjd^f3Lp-N`Jr}5U<V_
zr)r*IUd#d7txjN?w&9kfz1u&}x3|5UNY>$Buc3=q^BScwz8wW?e^wf2*<NN*=al-l
z13F}(fID)ag$R;!+^RRcY>$m>{^PMUtBo2rE=eG1k{cMgddGj$bIKQ9zlAJ3FFIo1
z#1mnA+A+)TD>g@A0jQdI$C;?mM{@sf>>4y`R44bln<OfpsQ=OSbj{Eyn<N0xu5Zw-
z-u1lu_dvtN9%i5mpRwk$_9^o6sYq1SyvAtsZik`21*5JcR&(e5k6(NgQAm2qlw<70
zjogD}|8ftOZC!V+dDxeK`G`O6Eo_+mzxO2hkI(Df`@cDtz8yGR#`v40Dq6Sxuqe;6
z>C)AB8}~+QUTf>F2+g!~>7~QJf4Sp2`1)<U#aU?YhVFqsC6AW1{|38?d-30V(*Mmb
z^uO)L?0=LuksYz4d5xOaNV2o&RU*;gSEuxN=iZr?Z&Gq?{H|HF6?+v9ERQ~O!FGvK
z+^lE!q9;nZC@}iu$JLIJ{dI@WY<;z}e8%Ue)dk=_QYj5Zr=D*OcIjB)G^FzL+n}#)
z)`sy%>MuRB>DxOw^-()4%z7&_G~Y1O<<+cfMjuvS!{r}x*{*6!vt(4~-I<vR#;MwO
zzW$uyJ;P*KfO}Q;&erWrB-yaBz}0<;c5Wbk#wB@Qv#*3Gec6yEr#qwf@sEEm-0HOp
zA54zT`4A|+uI`_D%yv3eIu-EbVM6_)DbEsSl%}>kDo#<Yf0dn_eB3ks^}<Chz6OqO
zzFtuGo~f*nn3k0ECMD;PX-38JS-Tt#g`}+W%Vpx9+-Q}b#ML*()(lSwJer(dUtK(A
z@sU=^f^{xmYX{zGZTVB;z)_7e%Wu!fiIP1%<5sOf)q1sqZjGmUsrb%aUFoh+Z@)KU
z!8!?8iAA%1a~UEL==th>rAod+-4ZE{V68)wc71G~j+e=lVKc(2DjRWL`r(nr+xO2;
ze7*kh(E$BP4sY!0^^QK&mkr^fu7CdY_(7WSG3GqpDUr>y589{_>ua;+Ym$b#{GtxL
zy`R+d?GM`mN1Nu{nr-mNC6z5dXu4DPPqV&=A6lxRF(a!WzqChx*;dci*862I8@B!0
z#d-5Acg4iUoi!TW2g|wD4Re$)ihE9u>6?pmY(b#y>-%9wGdlMe^bkx<!lH5K5Gkjb
z0Xf$3=dw5MHGLI@sf$Hg?X80cls<e9cT3}ahbtW=fA4_0DvhUEt@P-1To;@{e<gcW
zsI^%7GU{_vh2ODbNo|+4|2(Vb&qVe$_5l;t2Bc+F4Uo~fmy=}OT;R6Psp;v^>D#*&
zzPa1BNn!AyX^pG9=H*n~Zwzr7{B@+)<gtE@Fe7uCxBgI(w!S3s$i%M}_Y!|R9BAfS
z?CEXi<J{Eis#U`e&0S(2f_YV$RwS1!pXj4vJK<1*_9M##|1iyvt}=QvJMO;hmtatJ
zZ&SuqfB!>~JMYVdY79%u9y#&l;HZpU&5nr);oF8ty>^UN0o*bCP*ORt@wG(cquU?C
zU1d%3G;Vv>6dO*z)a3c-h#q75_A{5xdyc{I!j5w`)r6i}WB=Cvwbaz<YCqjHC{26P
zH6W?HvVUaToy~LnXZlxl2>R+$n+;DpJ|!;Bsu)uzX|32P-ltLq>}Y;qx;n`;^=g#G
ztGk(Jb~+_Anrp7kczM%wh=i(Ya(8Ff?kxpn4_`bjcz!WtMu)<-8Ge|B?2XkamG+$E
zlk$Gm0-x#570wZU2M+ulnw+p#{s!&pS@g(LJ!HIGV(asK`He|7wdK=%9c+VH<(<0^
zRmFFH&}?HncZ1sUhR!&(rC$A1o@E~U`uvTugxhbkE@pigG{<5D4^ndCx|8n1w6B(y
zwy>8TAM9%~u;uMa@|hjh;Yky1%#9T5Yf2}-Q#msOih0e2Y9;Ppk(a)EM_bR4y}r11
z8{#)xBT#OjUMSUYe!R2a_3J9*H%2LhRmum|e9W;vJ!ja%zs`2VfW36zfPf&|h$}J;
zb+a?()Vl``v3|67c4S|#NgJOwEoj+k9eyA#PMLi1mbL#2i#JCmeX^^1IGF0%drzz7
z&IT*FwpQCeF1RMvT^6$il9Laz(8BB^f1NpdK;nxRo&(I+mDU$Trhc|4`_O4O@3bxN
z`ljp(XJe^wwXi5u?wi30E_=1!-Pg@)_w0E=XZ3~+p5fAic6aUSJj($j-yPpHl)h5m
zhNW{KW(Q_zn)E)d^L~(^=SGe4hyX-2)N;dM!7-q*fTUUXcD=Y~>di_6Z`LT?efiRk
zbg5fWL1ZuM!KJx3BzewXovLLr<bR^m^lplc9_jXmWnRCX-Ej4sqPuO?7MU5_gKN_6
zN_j`=#yK1r(x&^O+ne_r9(=LZ(fOgTO5i-J>b2c#%c%{LsZ)!J(nDtQ>bqo^*Dq^6
z?5cI8Hm<PrQGOMlbJL||R+@6DXJNzinz|`1+quw&>MIW(jy24yU*UMxBB221wfJfM
z$G^Li6`no3af55CeM^FK;mqHf*LZq`b8oCZX`8vXNC2SP7ce$Fz~*~$GDg3Xd(-Z+
zyEO+6AAXc|qx+u1Id(h35?<bLltL9|Typqe=r#itp9e4g@{eut)OYdnTaLNxPAe<J
zFXzwZcrKGtad9)x))d5xfCpbh(^O0aF6Ua2X)#&nVA{y9gJ*B=6ES1Tvr7K}iPN)&
znVLmjyY_hcZ(H6O(TcLUYX^f#diSz!9M&qeu~aT`Fa4-9bnMtAE^RIIqoS&dbq^kl
zF>GvsdU>!?d8*RiT7XB7R!6CuMw&SsOG?rwA<Z8x6;8iR<|Qrv3-dbU<hItNT-9kR
zse3n6WPI_11il2BIjH;O$SpZPjOzIZ!N~{{4QY**Xp2|#g7()&T9{{^hpDQtJMZ8r
ztN-+ITeqjH15^ETr`R+O?bEmI&Q=AhcMnYI-C1#D@Y<cfO?s4Tqw<5TvDEO^w6-5E
zm}Tjm!3gZhPXTGD-k7d6Mb<V|m214X*15xOgj@b>G2dLk;yt8ch##btmHowww5Qn`
zJ6}COk@w56mLUa`bQeVgSbE#6m?W)+hxnrO^z>>ay~LiEzgnfP*NGjN!uhRryJ86-
zbXocZ+3<CiZ?IJZdO6Y1E&gs!%)lN);?34ASIi**F>(P1+LJaPW@KDgFmd;iS)LI`
z2f);AuJQaN_A!_v8Nc~D<$Apty?g(YS1dI%8|+v={7L_D@vra9H8fO6X!&hUn!)15
zt-haP+<VEr4|G1ix@l2k-H^rI3a&ia_{)6F^nR!{y{Ahb>!D)t_NiW*;ghj}t81jP
z)LTH;edgFGB`2@nnioId)9gCqSB+1#^oCZiUr_KV?WAdBL+P7d8{*$Nnq_{~|4JKY
z-;Ry-Tb><T_2r}TKuVI(&Yg~(cG~x1TY=$&wr+1Ozkao~?8CMfiqkB<PM93O!GGPh
z*M^TXbC~_<r~LYiYu(+I5j|U4mOML~k;m*nHxTUS=T|wumMTdb+hHCj^<u*{3i2lE
z3Lgf!*Y}kQTzb1_+@Jvi9}vInT54zSc^fn|e9ia)B~FSy(+b+=S_jT}U;E-%msIuG
z53fJ`I%?D=BZa|7JSWW$umGw0;S5Y?|0|%($>%CHdfWF|xMbM9SIU-Yb0zHuR#p9c
z-8B1z^6lw{_E&-qD7C<a?i5L=(bC~t|1Pa02a+^-PMWuH;qZ1!`g@Y^z1;HeT=dYy
zjZxjv&&UXv$$Or>poqWydSKCxcZp2U?fFjwwzR$}zoC$xVeK;eTGEM2J2nqlHgoo>
zv$5UQt@FIHc;T4Jzt8+VR#oXnnwplH7uRUTeOe!|3?^y>vx+B%k3srtio9T9wYpkB
z`{xADRb95?A@Zlq=ag=MQ6dv4vC?!4!F$Di-1h(yd}qqwk)ubSpl+f_I-dCW?%h3y
z533(utcHfe!}gz_`s>>7Ot~S6t$wMcrFGoL=Yq*Nx1_$R-!T%&4d55FbAsXf88v}h
zl%cKi+=eFYI*wwfgc9|#5#j)$c0);8g!WXLc0-L8O2I>6VPo4G(p;-ED?tl)Rpk3n
ztg2|VRFuNLCvKYZ8SA-1*h<?1=Rd0~edX%^%AUJ$p^V1&Pc8~Sa6sQKGFxS8rsX`=
z!%XX6%g-iaHrpM1QrLBCMIo$QO@%6xM?=9vM7`tJoPV}JDs3pF1>=@Z5_{!Pk0SMa
zj2g5?VKH3Sd8jnbUi<R(|Dps4bBW=fx<Ww(0oy(~t#|@Ptt9VdjQvaVUj__F1SE~2
zXVKuIIxAw~_eF5rX_~U#@Z-myOE6wf-sPTx=Vbr3XN3rK_h7?<Ra>IqtcZ{?P7QLX
zak`uVO${|l=iASmIn%o_K+$?X_c9V|Fie^5(MpI4gOcu--Ncf<V7Q<?RQQ{ibQ=5l
zUbmPR@Qj1W4hAYaD9|AXomWj)=?>%rU?@)kHsCxG)6$NjFt&mf6ihB`)g81Pig?SI
zf>dqyae=a(PWSa#8JWW%oZiM=i8QDBNH2Sq;Od$YPl%k}a{Bmjp<))3tk425zHUF1
zq?~E`n8<r;A!YMlz1nGOTgplhn9&!O1<MEN@e@c7RSk_q#0l7k31|nSHfB3?X6n=#
z$_N2>fxpX{qz)BOIU`__s9jNJ-6NsEmLUTwakoyyU1Xn%%$6eKGzNg<D*OEM%N@{h
z<J_^7yNnit4u8DSGOqScO-C`*k{CXXakXPdkM0QR!DsHfQM<SF<<OZsc4NB=d8o?T
zEJJO9iAHA$bPxs*=I}S4QAAB;P9E3OkkHnog7#pcgTt(7%Ysn2AvCC-z&_97ogE|1
zK*Ey#DU-5ZO{o&*Ez0S3Xt{LaoqXU{G+9h^d#_+z7%JBvHo*`;t5?C1l)O{{IfEM$
zygavP5aXRB(2;IIn<zvV!Vn5#$oKb0`EWhMY3;SJsCbfwf^(Jx>Zx$kK&FURMYy&c
z(wNim2YdsA^m@#Nb%D8;(Tkm#cT-#v7@H6e(6YYC++2+@)GVRW5HGz^JZJDTjKQof
znZpC4iP?v^ffoH#Zn>1*q<V+45U-ms_|VHnpgd0Cdg5yV|MZlaqrP(GG1CGl9c=H?
zfI<a*#pbanh#$6FrLDQIii(P8w&3g%<CxfWy<$5{;J+8jW1v%96Co>G$15Zb@_{D_
za?~#}?E~n)5P={JI0|z0;)*W&ZsYKmmADebwzW11#hMf9<L)$ivN9!h{8zGsjy&9C
zyuro(V!wtWJjC|m?nmE63%kmFhfj_>6_;!8zj?DwdG%j#@Jj|q@FjH6H6a#wesiY*
zVVcQI=OCsf=mzL$$n?$#!dV8BWM%ST{^v76lAGJH;>V-#!xE5Ddwb3KIwEf-moE=$
zqZJ@;2ZZ+~Rc(63G7SwAv=i`M#%21ff1!~$z3t=e$YM@mbp!UuP%)5n^)alw{0glK
zzA@~^+FgfBN%fiwH%6-W<XYu-rrT@V;oI`caOXLUDkC=!;qpRv3MZe{+b|<kLexz@
zw+h`jR9gF7r@7omAw4Aivc5(7N+=jdLVYD$qC#e01yThGq}Q7fU25g>%pN2Bw*Kg-
z@?Y@X#krMO(1~=Py*dy^o^5MpMkBwF6+&ip*-h{CGsa3_e$gYpK?ls!pXrOM;M7FK
zjj=x3|H`2Ql9K<L(B8TJF{eG5z1GFrUTA!I?NhcuDmD^Yj2MDn$q6{?J!Hm=Xp21f
z7Nq-|F<Z#Vg@)k}PTF}1&AvN9fPk_OhKz*mhoowq1+!=0w%Gh`FKpRLZalVo^9eka
zu{Av@nNl+beooj_z5R1EOkHFXiUO?W2GC3D`>9w4lf_E|qF~_ZD%apB5kovd;fydJ
z(ej+`m%^OQUBhi@qOVGsobZMjmj3?!T7~L<(;1n*BP0C-tgYX@LiTg+BFMev@+;n^
zI$tM`?$f`mR%y|~fVJAyGNOtZ)$n+eoln1%{=e)Taaiib<RAx|8n4ijqU~ok#5>v3
z3V0udtSZyltT)+4&?d11z5rYq<wYr!Ycqx<E}IgF)jLs$V7>N$g9EX{;I^-cDm0qD
z82z7^<g~i}9}<f>bx~SIB9r1zCJvL%dU*{%Up7Wb=`<?MYe@7_IZ1uhdBjn`UOLEd
zCfX4~2RSxKj~KBVg@E{x$flu6cE6xj$DT2b+sSr$obH0vpAb*cQef)&Yko{;nikYK
zN#Mju6x0|tCxJd}<kYFhX^BUU?=5fA6V?LTh{5gB(oWvr!PBLC*0Bm$FUw%~s4hv?
z-I%oKqdfbQ3(x#((FqMEz>a4Qo!FzH#o;kf-o^OGy&;D%LFN)${dgh+>y$KQCD2|Y
zcS4qX%iB1OUXZEGxLDFt!@6(3ev8;$@X-cvAfY2TwhH)+eV9}t+*|>pKM=`U$3%vX
z{79?QW;&Kmj$8EumyG1J`toaJBF8y1OUnkip}#T|+JJA&1|N9sy4Pg=0AflNx?dCf
zRVnn(EF?Pfg|{Hp6G%EswS#R%HtGPan>$A8JJ<FjOphT0fXpsUJLq;ma?`rSPcuB1
zh}I1Wnw-quE~5~XX>64|K6c)&%#r!8q&^KgVBc@&*P(2D#Yytcz9`F?y?jTgxWsTU
zKB*A8!=)(asOD!DGdb<lSdXTS4;KY=qF?If`U@sya$|b^eTH?FoIQI86%5j&YrDp~
z3b%l%cxcfa;!gFBwH@@<yv^@c{|l9xwBVmQWSLL;!-E=2?`>6hS5)-n$&)n}2tWb?
zx{cHLHRw63qbqCSrl;(7k+BYU`;O|5U->T#Y5yyW$F%kPPKBo3f-m@+k&~Qx#mK*(
z5Q9pt{5wOPJ9Y5e`A?*D;yf2SIP4Ee>1|)mYZv@%GIqjA+qZ-4@9jRIM6TVw%QVmY
zo6NR4^EO2~-)V!E^s2K?szQ0IAz`jIU_|>Xs@JO~Um)~PRF`b<BQJaN@#B-?U`e=x
zQ5rw}^RCe2G==sSS+e@he`K~vedqt3C6Dv*={jv;>voQW#=O4&;MB**KE~&U0i>Iv
zJ_$V{#E)nrNUZD9@IL71Kqb2!E+@UiIg6@TlljrgNYY_wuF*x|q*4b9C&tB#NbOYx
zf09OuSYsrkR>r73^6!RO#soQnw>axR+^p9|AIKlO(3@04!k*y@A9b|$<)~_l)!(7%
zh6$tI4S4;rR-=3E#%EU+Oin$0@Nst442zd@31HVO@Kx<z;8fECHANvES|$kT?T2TV
zTROyjA{JQn=r#-;Jb4MSf#iAvR8vDZ&M-YZ<us@gL9WohG{|{MD_?PJyQ#9;byxy>
znJj23-7$#{>b-ln3!z0QwD|vllve%P{}U<g{{K!&8#<z#DnO)O1oqF!SA5Nw|I}rN
zN#`x3WI~z>vljYc@X(=$?{0cSjby@kVDH-xBeVtB-jvm|B&ty#`Bo(VyAak!13#Hm
z&Ipkvh!nS7?Dpca<0j=DCNH*fj#Yj6Vu;&hXxdVm2)yYcG)*9kJwy9Q*fo1`6K9Yx
zv}`#Q$vowOQ@8vG`)udvD34A#!>W)JLJk@cJ4e*F!Q`JG3la(xN=V&>JeDQ;tCCXw
z^;gL1$kpDwfA4J|i)u%tkbLX(TQ=r27i@i@2y3zMpSmt7>Ag%sL5~47th6CpaRl`A
zin^o|<3Wbw<I=NRw;(YyoQZ^faK!QiCPMl$iXm9v&YOffR6ijA#q$)0FIx#>>IRP<
zKAg(bdMy1!MKOqJzsSC(vg1RYxi>3lHKB)144S5;<LCc*-YUurrYk0(uRAngEaxMq
zI}+R;bFt9;sarQjcOPak8!1-OF8G<!Q%D2I=MMY(4?~SSR$2Mg^)xCz+IzZU@<o2E
ztoBo<9Szk+Ja{jo-%81y#jtiZx)B1Um$|vvovRbIb8eUqpbd004mLu|4o;SFUBQml
zI^<)1<u@HCk&8Gd&2~(L(q!bQ5uJ79)kua1fLNK<DGT1XtuZ^H{hUPO=J`f(2AZy5
z9HK;y!ZcVR-|6@agO}+RFE@1^NT1G8h;6QNhIu|>207ZwcnF@w0ir&m3FH*_zW2a^
zNt7xiG>0w}P|RIe71S9wCZUJpUpp|*rZ=ON)J57q&AdN+zi}3_&IZ@E%C@)f-rYma
zBg9ssCzz&0<JtkeW4yizVud#L5F*HT@A{}GtiN0yFu4%i^8`G&JgNnmJZvfVpE%K1
zf*OMp_+Dld{=gu6sW^}Ao}Ko~t{po_WZP=Ld{NkUlyYDGsS;MSlhL2iQsc!+{b40_
z7_{}K!3lUDsh^&CoTS0%LKt^Z=x)hHXcI&zQACj`RC2_x)j#d3RF|V80~lq`M>V7S
z_wSEidr^`+phLxv4yfZxNp)ktzB?oVY2FhapT4@E@_mli35V8mob9ChzEN5m3w#XF
zMi}@iuaC9cIds@CA@w4gr5~W@&6;bc4<GI>fzg(FDOmW4Vja3snCJRVPv5DklW4$=
zYKizSbgi#Wpy6aIc@_`tfcyD8P9o23coa=XmNs01=ub-3;Te?-g5)3OlFMKbti;0-
za0~uQ-o|ybwSKEv6h(((XxhU6QSVxD@b0D&WJ9z}oH%w&$j;DngupIK(5m8wySKzj
zYK#o^6wyiX?%nU~5e_-b*>*#67dtF}o2s5niMkW7DWR0ixPbxeqx<&@_p~fpSP>$6
zP54#4_RY;+-jG^JNn3>`dgdg@_tjI#n)gLU$^-jf%W)>#7wS*^WYb>!MoG2$ruS+U
zkVeA80tS#;=L<93oO=t&F$iko*IgP&9U~@)5|9D~wowQAv(i1~xYVxUCAWt3dF^<Z
zJIl&1kjbO|MM^skDH(`ZyXubR?dPtAKcr4zy>~{8q^$Nyk`A4w{K{?j_^)jCenO#v
zz<dfjgr81C$@BEqSQb0qVK*9!{OABj4ASM*{>lr}0LKhG8Wc2Ibf1sEQ(IkqtJ3~;
z54}pJ2GnR&-p&>VRBY)CP!^=V4>0+Ptc?-HMdoC13rEK$B^AG_ic%9&PZW?dHJleM
zv^w`)W#SR>pWF2!JlHqRt@?VXSJ1yNv$LB?%x%Uy5h|?1ZeXu!vSZw!7cghmbC3mH
z^5<}8bHZU1dFktyj`YgoFk4kq!)o74YHN}ghV%u>vN}UUh4I-bEU>yeJN*<)1qekw
zNvqmafE#$0CA`^_TRj1FMsQB#J-JJyWFX2tc8L#KRTjyN8%(bI9jJ%BHlHcKU3w0E
zQvib$Wt|h}IAg#hoe^?!9^mRqe|eG{SrJSar-f!yni;if%ECMViFtRVq^xW)PWa8+
z%7cocPNZ2*^dTTQPVRFH*C~l9uB}ew%f6EnXWM-qA@~`~f&j4J<0nrVu1i2ixU=fr
zB0}bZWy{>ka+}w3c64~jF-b#X5hsO+XZ%)!?$L^Ji@M<fs^*FzTigyP9r!zM{fx2(
z{7izAE_HPRP^A}fzOSU@LI6(m=RNqXT^SSGT%E#*;uBy;$mWg9OUuh23uPAF8f58R
zI3;Gp{U|+y2EH>IfphTe3LtifO+$@w?PCTTSe##f{M`3*O^pzw_8J;ZT22Uiu8{H>
zhv4r8gP+YX0{L#H6quI0(oe*+MYKII*0&E`i45LTN1lmCms54}SfM`UyUNoIE|WI#
z$FFbp_PPmDg2EYOCI8D7-+V-5)^#7Xa8~@vw)-w=r81PGvtRVP(A-2=?l8PHz*`K4
zR`*pnND7)kpq0718Hpw)0kQz)p*yNp^%y$y7+pipQI^eLu;2o2u39bZIw2(gseAWe
zgw2ZayF(DZ3XKuC+!PLM<WO#qE~2!;r??R4xEST_I~<s&w#bq&oH{jivUTYqtG}p=
zb~`n>exNGq_b*jZP3fQmC2ljFdfM97%cRU&K)HP2z$TuztGTSkUJM}Uyb|iTYk$~E
zAf*+ct6q0&)*IbQiP`$D%PBc!R&C#dZ6BrBfPvG@BoRNO^Zj>K>mZB^zpGlS=cbA7
zKaR2=9;T-5zkXdI<Ip;Z>D%)~Sd!h4bwc25^r6UY^#17?w}T!ZRqE8M(b0+M%}@}J
zQ*Vyo<E~+W0r2Pfso{hM)U86-0Z~FSRQ<=_X>zCkq0m}rW;Ox8fHUMso|8TuG&DC)
zAtG5@n19o%Hv3I<usS?cu{u7x!j!`ph4)BB#X;HE9-_E9pfvIymf@ZDi$S{|sCY0k
zTjC507@63HYnR5pcxAF601LQ#r<TrJOB3T2qeFhJbpq}FyTWO&%(k~zW)3O;$Hbsd
z|5mvyz1x4-ux(|1I6Q(S{;oaii$&L{T9Pq`zr?Ojxmov4p&!%w(lWkb(RXS@oHh?E
zzSoZbul~}i;%Ga(zfoM9YxBcVKaD!`(}9?fW4Bkm{e5F-e_u79++Tf4hxV&I>7%8Y
z7{9exb<Ik7wVo%{eER!(df!|VdUJpA@1AbAz0Zs|Gw$)7=GM>eT2&_<`LXAlnw`3(
zvy!?8+NUkADUpw8$PdJK>wly3+<)h0XFDu1M<z1I0w<d@I@j9$t?0ea{~5X96?VTE
z!+?{=2TZ?7Exp9FRL=I~SFd#0{;SAy#;AfKXvaIn&`ct%YvULZ`}oO|Ov;YhC-P~+
zEM%5r-KE^9ZQ;}qOam+5_>p#TEI`L8E9)Y)7yhrp+&>ei`Sz&@32m*n#|Wc)FN`v<
zi|&U317}AH-WR0B!rwz$bnj#UpwO@~ewxM0l@tTnSXmhC3;Ido(l=kk{6#c$C^&uH
z0YFE-k3-Or)le4#ND+e$fXFfbT?fiRu6~J}SERJq2>6koNvjgMgi8qxVd7t*Y-F{r
zE%Xrg0*+1inll90i}?lA0kSwPW&Q;iMn<77Y%%$2{jf4s75Bu-$_hX+j59r)_C}9j
zQa#SdWh5KV+25ITcr&H!)!WfsB-+}CsNy7YMF@Vy%xaHa9B{)JD@!GG0<4#A&nzVH
zh~igs2tH0r%O>?3qe^6zm0LkFEv*VK0?-<Fy?sOyqo{-%Cb2o0*+ZPuK+xHM>28^#
z;YHO0cn(%#l4^Bzbvh5`B=c<PFc2>59>L^$6LEUQq8K;IvWz9d*Ot87bl9&FH>Fny
zYe`nfG)||(5vw&dPx|?VQwa<yNO}BNbNluyU~|G3h9|rgxiLn->vrt;+#_+D&33$@
zzWD;|qIVgRbE+{%<dHmKT>~=gPpjX46?03=h}c*qRbdBy(#tCh)owYtg#)O6zkvhK
z(|yG}l_lJhiPcKiA|u5xtann~CC2^w%>?s~ZgOJc5_mLUc@uYwZ4oMaB8X&SX!2FJ
zt8iD$`*>?pPfl>=YT#yq{4P%S!l>qErxr>##=JzG4}}C_Y?3JpMhxPGgO~_;#I&+C
zq_VOl@}2&#=FU8<=Ddyn2Qv)Dm@(PO;6w|ulsybGjx0x|RoO$4Wy+FNW*&?sbX4{h
z+Sef^g^Wkpw@CIi+Jq=AD!<nq^IXsG&)@ZXuIGBX=DNm=&N<)n{eC|8=f2<f`+mQD
zG?^m!gK$WC_S%Yvkz{}(k_xJb#1y7KkxG(#6$lHC7dx5J<31(aZ&FGZu9|eB-i3u4
zOcO@SPjBErD_P1sIU{l?2#(_0;cYtwW;P;2dP#TVNL5rCNT*s_T45yZ;&Fyxd)m^c
zzhPT)%zSV+#mx3r=w$HodIIALkh0Zt=Z5hzohD71Brm)<juL7Y#?+uhiJ;>{h72i0
z{C*lkL;-<;Jya7WO`1m5k5Fw0I>DxZN18AyQx{r`9(;gr?C@*5`~5SuVOc!$bYd<e
z4%tkHiGy*y*$Klt@#qraoGudAAR|Zj8Z9*UXwpRC`d8MXf&1bezPfk}t7KKSPlHBr
z)0-;%4a=q|bhWE{#_1UwPa}=C#F+*0xkad2-5>pFtm>)%eEB*GSBsy2uJ@*m?OMO5
z)uH5?B8#ceH~RdvTc4p-RZi)G^TNG*;UNv*W7LDT(EbAl;vJePY+AIPCwgS+*N8Lz
zplqmEy79BLsqQgsV-h$0*i(e8L>bg4y|HLYDtwj~-kY|`DalrY=GmMp8igX&;LA&_
z;bI#zUD<uO(Y`CWUvDC9xUJhlaq$F%elE&VG2Q=bxoX}d(+1aI1@ROO3K9HfY);gT
z(S0kPyc#8?qfVO?>K>>X+wr>ZKL;#zA50z=Fev-({rjD$Zhh?e@0ZJ*nE0)TSHk~&
zxo_^}AUqc0_E{1%>U*1b{E82VwKD&AH2wL*E1D`4mJ9wr73Kd6FIR8dbH#~&KC6(W
z|8X+8Ip5)Q$!Z3LMctY#TOUzIKyqf$(!!`Mn57f%E!m~iP~BBjm$%tv;(kNNwm@WN
zoSY(<uZo%<w0ax|(M@Kn(Ga%x#Z~*m2kXc`D2=c;oa*6`CW1^<SE!KRj0z=al5y{b
z(6myO4cuu+GxNpEm-<+FA^R1GCX^UIF!C@#!&ZsZvxq1_NkpuKXoe=Pd42p`vtL9t
zHZ!vss!%@5b$j#}CxW)@YJQ}O!%=7y*gA3^J4IgzwIh+sV%*j4#HzzY=?E$SiQ5|g
zJ$v+^$V)KgZ_%I120~G)C~BvT9s7?SllMn)n2HoR`<3uBt_A%Xgq{A0no_IeC666B
zoHb!E3=AM>5t8<f^ghMlXjj$6^XIQKn`p#Pr^tkvc$BGaZ0>X(Au4i}>GcW2#ZXEF
zvFy@>(Z(*Kn~GrBZjO0TBI6pJNoJS3yHE4-I>qf)szgx9Z<%<jtHh>)2o%nlI9^1k
zb0}`<Y)ss?ZJQ{Ealh%Gnul$m9G#%y){8ujN`o7TXhLz^BDy|}S!I8vXrZyuimr$L
zu8gKQ8j1}&hw6mlzU=D|t)&;y#2qyRak1H+2Q-?44<1ZM1NcFuBZmu_!wXcbc;p7$
zesS=?#)3hdC4(cdEID%I$ku*9+s+T1IB?LT5pS?THMXEVyh^1>b1OW^F(k_0bV+ZB
z=Lrqz@UXB2%tUe@Z2a>52r`gMv_8$`o;}%CZ#<}*k7jZnu@v<fB+jdURCCTp(7)>#
z+peS0f)MaD$CVk}&JG{j-;SAPM!9L^dWo|fSh6c!r7g~cdUIOq6b(@TnG0CsNFGcD
zR5YePJ9~r$pXLAce(~d0U!^Qs8{?3kLct!eZ=V5<=fHLos97|Ub#VD;A79MOe37>H
zdqeDM=rWiB;`=iHYoIF1O$_GAutr8W9A9n<(&(3-p3YfTv8()SX68a3ZvTB(VyqK`
zl+hs}qkt{}rZ=L<6%ZVp$ee1yvBzEp>$`LC_++2`yv(m6Jw@@edFxhadMD*Bur8v2
z1$h)=x`OscS7<pV)dh!&?i@Y@K&w;%(1|=4GCE}!4H9+x_El@@EeEts>_o1ASwKD$
z@$IaAPPL|p6;l|{1u=vZvpsAURN0IdwMO2YaKHgvh=70<K-YvfPq<GZXYcO5;*^xU
zWmHw0jvWnDVmlXL(7@;2`nskra_;dc#jA$&0`JBrDc46f2w7DStgBaldzZE~(AC8+
zgE!KhFB?Ml5Zy}gM(1Zb_8khJ{!Y|&9(7guBz%iY%+>2eFTG#CsZ9LW%S|g@d@Bb~
z$hS~gx{VhTN_B(;YIS3PsTttKw}>He98~-~Xe9@b)ryjsu_WXw)WQxsspKz~T1fD<
zQ8_!uFw({Fuv1c1+E4v{`ss9s@CKvyKm{A@vWr0Juw}~;`F(!=Y-hmr{@IEJwH{Ia
z?%gr^#HI4^@z?(O2$Q)4exsNtUZvvu{v;two?cup6xw;L{^Z<H67Gzw7tr1_PP8K1
z6DhijARU--@(Mlqgr#P3QT|<X6RhNG`5dVijqJZc4kLx)V*iG`<;5sKRk<{NazCHo
z{Ap%C`Mdg`Hlo2=|MNfaKj-~+cTwQoMJX%V*I&^S!#nor3dPDqwwN`z$h|c8Sg<Iv
z&>0{wX5yhpA(Z#}bppFI3J!)Qj6v7lGfqt>2NNlJM=bW{IXO9FbR{msN3kmr(K6EY
z90&~v^(JSE{Vbsg&Zj6ZrY?JKNd<Ih0}+GmF-PpPbW{)^PEm$QjtyC-<k3lc5^>qP
z9BaBN`tHFH#14{~Mx%ovnt1p+X&ZF<e2ZWAA~XCmhJjO};&j44p);G$xrHJDx$gva
zin)!=Zqn!g+-jr<k`oAxe&TWu0C1H#=O<7N7RHD8TLaQsk>XQ|PX`-)FNTo>1UU}C
z-!9GV-`<#3jXAmbO%5s9#?0xMX~fiE|Nc(YVGHr<K{af>QjaA`!#{gR*D*(7u9X+u
z7(+p}vhuuSYl@kjSzK{349DV8a#&diO>L-GO)9ao2P88NJE>A6(IyR*XvE!DX(%x5
z=k7;Y)J#Jz87H1cT!<!&%(MK>;~BJ8b{;x(2;PK$P*4JAi&k_fXRJoaB)1e<nmo=5
z2!4{fQ;bZ5FQcQPO<{#MB2+olnen0lm5Sj2&mKClevSCICs3S@`G2f~{`0kuT+GD=
zY^!-20RIT3QcK*u=a}J>_MfhO<fB4ro{^x>%lcoaedK!lO~|0tPIS&tX&a3w9Kh`^
z?!qn52r);6if5PMb&~EfCO=_lSXqj>1PVGzsXq`v4aA>A4EpN*FW6Fvtma~xssj_=
z4WE<s?ek{Wk3C~`aEcex$0p^;As2d4RHU!ki=i2ZZ)<JsKD2*K@JT`SR#n&;e;j@;
ze$x?PC1u4Ax{o<&bySTSfBWZhoz#xu5fL#oQofiq#yfns)V?5Cp&tIFESk_Pa(JVt
z?@0u{95#xTUpF-MPlG`7C7LRHT8$3*!#v3w3wjuF<h>~?^rB9mIC&E3LS4i|Tz1u;
zQl}l(Z8;KRN!299kNjAU`f9W8RFsQ^bK?Hwbb~Lysqir$74k=`UrS=np4qbTKAR><
zS^olsf8U0tHH$f>_acDsgZADlFN=RW>*J$v@o%h{_lRKf<su)n>2vY(XDCk3j#Hm~
z{IaAZ{`z(Gyt#9A@$-O{ntR~g{@uG5Txr!HWa4ID-{ktERk8HGP3Rx3;ItkD_ypCM
z!f(C`mhy$uvcV6!2ggEm9S>(F8%mlKb@e|J8m#L!Au~A^3kvyBFZ*8i;H^LHK3g?}
zJnO0+8{Pa%?IVA$+x5Rtz{m%kp8Y@gK?9wV?oPM+z02UGqwrU@BKw}$!(ySyw?5|N
zzJ^p6R6Q0{S;5JdjvHJbxo-2iy4CqN{_WpSCzoF{Z>sg{^5sWSzU5R4EW56Viz91B
zINcIfYn;P`^<zJMrQfG|e&IpyhOOJyCb`KQ#2S5^zp2S)01J8s2L!Ik@LDSYoR{iU
zeXodnLbp{^N7->~s2HFZmtB@m<r;d99Ers90q`Xabl5SUdg+u+37I{+&bGQBcvPla
z&+5pBbVPdi=lRe;m_`=|e60NXn3iCD(aMcYX6kTGrojkwqtgzuWG4ZB-isLhHq|}V
zrNoMhP~@S+Sd&&AuKvBw_K3Xg*_xy>x$eTrW!G9|=!!CpQUx(b$Hd5|zlafQ!hquq
ztj$a165|EaD+mr>SJ%{X(dCh5Eo*;_x-%ikJ8)HqP346(0MTY13l#H4J$=;t)nW5@
z@&PXqbly~F+d=-E#fR0u&A)Dvj)~Hz|Jg^695t!$?Daypk@mn_${Qoi8p&Jl_6`I!
zQ6CO)`qZnG{ImXNRHkWtvH#y*e65j>ia;r#4F2(@N=MXx`47o*46GU}ZV#A!_8W+3
zy2i#iILC}SE^H5zs=S@I`#j%f%TkaRf<lQO`pRfB`~p-8Zc|H}l`nJk@2tq2x1^-u
zPqnBI+Wk3m9dcmtRCZD`qwG?IuUE2JdMJhN0x(-ySahPpXmv$Xw|k&>P=2Pl;d$DZ
z_jDTS&OcT2&WtLqJnhXI4-cA5)2yP-F9%yR2LNl`sgo!!@2afC;!5lgLqVf-4GaWT
z!2j$zX3ZgV8UreyH_)B&Xw~x;wa6jluFYV@i4|p>+V6$bX(Gf+r^=dlG;>?@GFI{W
zD7m3N@1sG1JdzK+@c8izvJnBGU8|BnmoHwpaD$9$OZlD4ZD+OkYO_@e^}0Z4Slqz!
z$)Ji9_;*s!a9a}Z>w;~UwAzA7<!$KhJ<!lH`S>bHFj2wnNXrFCyk=6dA26;rV1>)B
zW+9zCo~&!Kd1Af!&8x%Y^mQvtz%`E~pDdqU$K`%1Ij2XqZ#Zn&FqQd=6)A`T^hSkn
zA%r9GGD7mkt-5R>IchOtqPITPKK@h)L~3~WTobjIn5T1(vNC7@*u6Sj=lTgutc|aQ
z#^8KnNp9wW#K5zUTPRiz0)aePmTd+wA)a*4o;@q0`RoGQ6M*2IdxhbvU8H>;2=t-%
z>}kK<`axB<+V6DMjk>W}WV?ZWW9U6s(<seBMB{l1(*$$O7xdpF)h*44A|^NFG^UT5
zAnt099=)3}i%1|DF=Y<!d{H3RxG6`8j~P6d@W@CP3hHr(xOvya8Wc2NR-P3vA~U>&
zY_u=7-~_b(Ss%*FbLMO}i9m<v7t|usAhUO)89zI>4iff4#1X`W7MxL_jTY_ukHxkC
z5u{rX)!lh;6y8PR-wNcpHKG#xv{>K}k7t{DiugMrMD_+~5(U>S8r@PV!z?eR)tMgu
zxV=wy`T6eKMGraS>Ee-}YLZAX1R=?Zw)h3;pwAJ_8u$&>G;RHXAYe-94H{IDl7(!~
z0UE5vq%4wa(<_nIiuS4}4e-C7LC@1_^5ktqNik)EXI~6cR*+(4A<rZibwJlROP-<#
zpo?887fGNlLVO+8cD&M|<UOBx6H8SA<ypG1tUB2Q@}D%eFJSWo8(X}YN;`D`>EN=W
zNu=xLxQ{Nh5ZAW)28wvMf->x4LEa)Lh#e{9@q3fDSAo=k5%m&R(bcPk_q<bTDBfcd
zRBm(7E|^kMl}NRK-jz|0bfkZ)85Al<%5MP(;NNz;(ntj<M3{7_cijo?)p<XNSi5PR
zt3uaykp24E1NW5!#1~<Ze3Q;h4*hkpW@f-8(5?LUt(0*fvtnBZFj3*2n3K_=JD%<o
z1UG2~my25)QfzXY;9R@k3@XDu7TCc{qZA=|&D=Ok#7HzFstdYHi3KRZ{ts|mQ(`R2
z{n=MOy7THS#xr{R2LyzZA1!{6I+d*?O596UXI+<00B(X(NHSCaHzZo(4$$PCXZd}h
z-K~WRCbs9?vlubbhIKcM*bBqwAnl+c5TSr$$0`<o8r0y)RXnbB`|l#8#ih7DjG^~L
z^ec|2T@Gc2{3{3KL>hLgY>=E-`tAj!gd|{tvOJmlFk1EY$?R)wn^QNL@zn*17tE7k
zl@47NJr**Z-1PzyVKGoZj5zw7_L|GjhP**t3%>$NWDHo#&i*)M0Sw^1Sle+4`rr}r
zya}z9A2Ysr@WZRn1*Xy`0sjj5`S;EL*reI)dBzjk0TtaO(smD6Dd4UVJS7)cH*H2*
zjT^VY(X-UFGg|+`ZIc}<BI?1O?>4cZ%5GUqk?K6_>|~9!JEWmSKScw|+T#MLCBbHp
zr^N!?OfcCS!$@0J^q|b>wN&yRtjgq-ZycrDB_%rFb1t|bJ%1N;E~SAfM!I}!7mRRn
zOI9Z#k#{A?#Gb*MFmY_A$5PDwxCQsV{F-;21sw$OucTFyd5)niSbq-P$8Ft#pSo1B
z^phmcU<#!PLk3<j8sJ&MU^!Dc?bh1Q(ei*E;r8-!d#T)kzHjreqq(v|30HLc1h<n`
zE1}i-VOlcJre|SM&>YxZVp*Zo)7PH>%_fk(k6bvV^g<}RfEX@*=RR_*wkCoy$1~^J
z5qa={*L#Qj>g0FfX)*$+@%TimNw_s`?(SDnfRTc^XRxO^Me{90i9+b}@6*nWi|cig
z(KEZ_%fs1vhv?lQPc%oY<#|RJmxpmnVySXG-u~4j84(KUdvg3_wIdnqFv3%^g)#!W
z0UMP_GL2TNtS_SELY}m^71X_}_%<Yu#?3<BKP$)<e~u0qbuP1e1aCtS3HDVqI5@Rk
zt$UaAH976Fb6TGMWox@o&<kf+t&;t@-rY$TbjgW@0B#usM;Zw|X{t%5OTHmZP=Tqr
zujqRH%wt~Umsa;6G5pyT>*mt(Wr+wn32b6SyNlNA`-pQN=qu#n8$D98=4->>Z{=?}
zN4@Q@J%y-EL_UBmbsTrR@W9GPHy90xlTgTiOZSh)=qvlWZ4LZ8vqHpokDDd722`Q?
zbX=iLWv#7yV2Et`uMY>)y^&P_m}<g7)$ac2GQ8x^f46zSj9y34M3+D*YlfL`W7tmI
z?>7<GT!2`rS%HTH3P&0S<`a$IU307UGx2a-PN<P}r7Z<thhMlJBsi8$qCa@B4Rdn2
zB-EQP515*Ac=Qcn_bF9r%v|X>w0N9Qt5tS)ey|`{xUx^;cxm5NSl)8@=_r*^^fTL-
zSn&)I<`Xm2=R0q3euzUjjc2)orFzbQ+VsJWuBmV}DLwn6xQj}EWidMg@@^mvZt3c<
zQRU#0;LmMYG|}jOvP&d37q;6?KG+;~_9psGQ>%rXLQ0i!elft8xKqhMqnt2!hoO9#
zE9Ms1mdXRl&KWm?rXA<8m_~Cj?EpMW+&-duJaj!d9`J^@C?U{qXwk{XeeAe#9SrKi
zVozQoVFTe3a9!RTSyTh=5g@o7lk|SRWz<m#v_K|km^h4K%rK{2ablKk-qWX{0RQcl
zjGf_8sKcR>RawDNnGD25FMT{)z#KDJD9bS)U#CyuN_V*>2VWz8@!YFP62u-vKm@_}
zB#9yKxVP#ANx}l6TGrT`oUt?rW%nFDm&=h8gGA*-UdswZi#}f14(=uQrirh-@&aHy
zpnkvV#e{BT7o!n<-KYJA)9t{JU&qP$Il{P)81_=m6~V2_wwPj~Q&?0uSQ<z`keh2x
z3Y<tgC*il>8pb=MTQSXYo7p$PJQ*`8fVX!HLe-(3L93n_)-_kCr$Ze#I+cP=6N$V#
zQJfVyh12I2=ZcPsyzAz#*G#zTYE|bsNn1xM6rD=NBVgEyTMUfibdw-72}H&SX;~XD
zXzG@4C8)HkC_#ado$KrUIHo5Ejks;Fj4f%K`wqIqFy&1+q6aA)h1HRrbMx5a)%l%?
z8igE0+xyi8e{^4#AG<!t^PNgUu0~uiIdywGq?M&rMJdHpn((qy=qW6!)<f35T@m!p
zAEykTHQb5H6PltCa+4;=py67w8FocHU+BTRl`TVFohOCwzJ2)Ynsh;4f#KaF+kHAd
zqt5ne=Cofp4+-=T0K_4~5{_5v@4r{Ss+t{2WRxbaEPpXig}aT;VE7=Mg(=HrsY$*g
z4-jnA_rB}=tM*jPwV0sn#FOW;QxcT1Xa;qi@g3151gRh%_aUprX!K_GnC}d_sgE8U
z`Nr`1t5<P|iOHeDE;sf2=!i`->5z1A7~Slp%3XVAwZVD=_hyf^CRq1evEFQNELJLP
zzyikl<Pd^L_!HRGiCIv;4}m}D6&D*67DYyrPv;;#nhf6sN29+6mrx&^iz;2=lCi4v
zAow^}A79*K2_%D|%k%z#x4gJlZVG1t%N__U0P^Kmo7Z1cRey>#dHCSL)_nWQlk`5f
zZ13umU6F61WnyCD4lnb0qunl#^V(=>>GtkDiCl0fL&}6HCrJ?YXMM1qGd&il*3>GQ
z;hbVtR5m43B3=)AIy$D=IU`miO-iVsFAJ*!{zF!~SQ51u1pfHyag-3xPq9?=-bI%K
z7Q5HgtbRV}HQ8?hM|r(}5EMpK8hf?qU^HHXc4_bDH)o08%Pk;nf0{+o3MI+cgi#=M
ze0|>{_1(*HAN%&u(NSr@iPd>`1OlhAsNYJr%?IFWdq@)c3;`4*t^b6}MO8;_1BK4>
zdnQ`V^M}Et-G`SdLa^z@eU?JUh#)3_ql?Wl<Bfh{#VKJ`vHcR<OZF`&{IEu&>^?j_
zr2^6u3q8pup*-KKcIC@hjpa!X_vgiDTGng_*!<_v<}S?Pe{}!(uae;#UAiQ_t+1{%
zp%5du(D(8ei<H}(>RX4rB%PHCn7q5~YVVKvURCqguQ`Fhhj>ffWceyD>>f~epz5HT
zd+@t6b+&k^3Zy{;?mER6SgK{-DRv?JCv)ijWN+(_*$&NjcXv0g%c?p4*x{o*+J>3S
zf1{j(S!JLS|8xO<04U))fDI&%57`ax2=dUS%uG{)S)3f5R1>Z5{_>YOkz%1=(+A0G
zl*7w!S%{0T<a7iTvDIbLHbhxSWXZ~V1&0GH^*Sahh+*3af={c|k6bG(c8yYNL{`ad
z$J7&5R{PG@Ri$Jkg)W*E)jVWT>J9D9EK^Mw%F)(zS-kx21LVW{=uSaAWbohzZV%4n
zR$s|V4Io@d)?Gv#Vy-b%0vM}Y|8`-!z_M7Hc;~qsGI)Jm-Rq!P0zO31sm?0AyS}Y`
zYRY4$`SYcMwghMrLKcJ-7ph0L$N5Pv$ze?#?FZDh(M@+fx^ec?;sg>V2vdEQ+jCa<
z@891`)u#N~KHp^nG7D9?`ja#CUVE00V|3W_(mDOB`;$|Fk*a1bSu!K<@-C_9<cOx6
zbWOci<pfjb5a)*-l5?RWYTk}{{%Wt_EBbYwrB1Fn?|T)l^v>E}`ueo?W-F*g%EF>Y
zO+?WC)TjKm*JY{GaH9Tpe*5IFtez3a-sQJl`gBC|CM~u7p}m!6aMN;A(S!9NC61(b
zePi&~VQ-yRgR5xhvV_G3kG^x~PQkh++B=luGgf&tchSINc(uk>O>NEB5Lu-u#JO@j
zH8qMh%mkIHpVhhX)>9h9nTKzd6Po0;LvR~*hxD3gspXc8X&N$H*Ruri8fmeade~5!
z%=^;2XG5A=jpVntoJ-v^vaWIrDv~E9rbEp@nB3KLgeqX}#Or+=Pb~0EB*y@Wyvg10
z9V##btmYU}G}8|kYLi?(E(QyL98d<7s7gzlhJ196@07(5=6$^g^o_+<Od4EFu}JYT
zXaDHj5BJXu)mg~Z<aR!GCMa#;%^uHFC?+SE`vrt3E+(9DEMxvMh8Se(5loA{^yvqd
zn`_PG<dZiw{amv&L6)h_Uf!#-y|X6aVM6HJ;*25_5R^7)0}Fb+S_%5I!_D3JB?8=A
z*LH9II4aR0{dVP^Gqpc{y85d^eOSx!O5KVvM}RxPZUhCA20zg|1YE1*v9>Eu*%aLS
zdW1aLJ`v`3cI7hcd$~bJV`n9iY4M{Iws7wIdR?8{zczk|;l+_wx_0b7UoFshx(z28
zZE?mFi%DSLn>(A&xV%2Nj=3;98kW`65L>n~^U;mn!V|WkmZ7ZMLA?<cyUvkg*;tq*
z{4zDVgl_;Xp--A1`zGy~epXb$f>fyVmk-^yapOiFgkE9MzWF5Qlmmri1ouv@O@|s1
zuyf}jLUIwro~-p>*Tt+TEDETFn9@@kF7M8FhZ*HBHiOs*sIXtkri*ZN{xxlZJQ#P|
zD>CX>W|))lMe&fsVTu+5%%slKRfKqUggFGh7fzpAdW0;i>bj3_p!yj}tuFBhxliZm
zFWysp=^gPts59rm_@~kB<q(uYh&3vQx9Mw?N_s*Zk*^DN(wYnfsHUfsM`EhR$oau0
z+N(w}eIQ&JE_ThO{323CG%9h&Za-@tEL1YyLv%GSEE;GqY?wXv8o3;JTU#7$UU97o
zAV?hJA?rtvAODlX<0XXK7@!gvj~fb;k&~zl3`_<|vL5>i8;OVr;eS8e#aKiZI(GS^
zf$n{IijHMcoRUlL<_<<e7Qv5v95Vq~frGGRV9A?=3F~6~pPaEZRa%9k1IxnBsQb{r
zA?mAv<8v_jc}Nxx|JB;jF$mj(P{>6Ry-D<sd7hGmTMZu%$Km#zV8Viwo--X>9fya{
zR{|li)o)Nnlr!U61n^`H_fMcVgi#mYJz~mil^9%FyvpbCq?2-qr~zJpQld&xNKrmx
zZgD>|MxDlM_-c_nz6)Tc<Q)MNb0i!Nl4U_565KJZ;?bJcUAh<+7J2z<++g=pX<y{G
zc@oBbhBJ!NO-^}k!)>x9lnZpg9pdl&>gewsr#^Z_GAMYRP?QB&@~V6)N2n>$VqlL>
z0J(DL9c6xgEd{QW;D;lBb91*X2UXMMNPHE49b0o&!xUIi7UXtvt0Y|qQV<>(LqQ;~
z>BW!6w%xFW%EZ_zVZ61qAr*Zh)U5hj4e5f>2{jw2S@Y%=uo|_!DrW%&Os42D-g|FG
zP9IfEld>I>7{vv?!io@>a2oSiYZ+n}gpJBp2e?dfW)=#3=DrDM2Qe6Vl5rHBntct_
zfn<-9yR0qqV{`ruI*H87qx0WUIf{OO8%nx@#V|K`;<fLy8NSOzc3~=<0aDRNB--MO
zD8IP*0WJY!Kp*Jr#0Y%IF>RJMRBsIswd7cWsB!eyqYNg=u6cho>2iyOlRWQI8-Yrr
zBZCCs6Pv+W^bCYyCj=}W-xN%SB5qhTYShRW^-~HpYauPLjVNhs=e`<QVGpPz5RjlY
zEQn;+heP?sF|+~%i<BjTz<~j*Sy4<0@+i_HP+zh+`CZ7Xj-UwwuD!_1TR@9R+Oa$<
z-vA{7GJ#+S5j>W{L)%A~lfL^-TOGJ<S$DPralF0tR}Qo#a6J2oD0*f85DO_fN#)Cc
z-z0bA1s^Y&ByS!zqqpD&(td(z2(i<G61j9YD~e6g->S>KyLT5-LU}Ne<BpQaTKrDr
zqP0B=LNm%cDg2i}J(~(dE53^CccD^M(}7r0>^5KJ{P@&K^l8K`)pXoA>3p+;)kIZN
z-UvbNT4)cqL9&5@b$zGKosALcnUiRZPi9WMy*1fI|CCLuUIbXPOAKWL39XXyTqx<P
z%;5J2Ym)lydfT)J7Lq36)bTM@NqmmbCS@Q`5V+?bskH_Dczv?M@k`@^qBs!8Wx#f9
zGY<&@!UNSiTsvF6qI9TX=T6pI`rjJn^F%;y^vLXG)AFRrfH@UflIJ_Dtp4fZ2*>>J
z-=8<zROM`XuK0x8(&?8X1g#^jlU@*SZV3RuOZC9dX$N&c^60&(P25q({9gTh!eTES
zntx?)xU3xXpvfd=_}wolDWOB3z&>|od{zueDX!)X+$Z-O^5cdJ?G^qz#PAQuQCc75
zCVhCY2u&A(kxGLJM#<&8?-h0bsM7b@{EWO=OgYFk!@+HwdD?Q5g>@q2f>vBjmo>Vh
z>(OpuO;K&!U<Q8mKVyTcA!<_n2{&EZEpr+z=J>>peJXZZ{XV#UrO=u|^8v1KJdav1
zJOK8fW%hi+G)ViC_cikAIP+AqkZ!ABX2Yfng_0n|PCDc}h<@TcC(ZKuD_GY}sp9sK
zP1ardD7-Xo7l)rUya)C!9DUd0P1-A-eBfK^L;WIr3(84`q-$uHSp1=;p+YOuv-POe
zOqw5JMb*Bj-EDYgZ)NP}*=XVKglCd`3D)#zR+10^{D)n(Zt!5zZo_Aj=d}D!@w*I4
zN8Nbz=v3Iouhbjz^7GA}B|CN)95E`>ssA2jshweq_2-VhZPzHuM*5=L^#1OP-hhR!
z!Kl7UqupUt`yD%Xc2_N5x$@X@o!0gJSxFtF1KVu-Lh4-Tfa(tN`j<3ht@hR?oo$p!
zi9TLKE&HW;>yrL9d7EYo-R%^nP|OZ`2X2s(K_gj)fpx<WqrRVdnOv53u+hhV^`xl>
zgkVT6$xf%a)eGA>jpsLtl{SPf(o2ECI-7V{vO%Ry7w2HLUOpj+k`=<l0?H~-yGZXq
z&6&DAz^{@iaK=KPJ(4^xeQC&v*>$Vu_mvk6%Ne<t=XpG=$rbPjAgQeuYZR89DAX*d
zxq%sGmze7-=^8Jii`<qjGBrc^78=&m!|#qX(^2<wg9IW0illClriK3;`dAzlJ9xm9
z{c#Rg9i+ScZP~S9+yDLFD`UI^o&WAThs>Te=QC?gq4=NT^nLD-|F<s5e;7*Y2XKs~
zaH~0%g>zLJxD{}vdUQa*394+DcX=0R{2pGRr}=v#OZ^?EPXW1YnrGFKWHY^Kz`|6e
zX`m?_7x50;lo!6tP<;L_ONa5W8QGy@`1bQhFqKda6la~1GVj+C2UZunAxULic6C$z
zYn)4wIt==QAnQ_tQ$WVa5(dr$Ym;Ck2tKIN1dSZs04WP;dI(}dXy*H{_adb|N#iqz
z6(*c<T7%B8XYEp#h6bTqO6^fd7l~lLlR@-Qa`FWTx=%1OvjFxhr`dY(%9WB0#*Qae
zO$F4J<OHA?5Zag{b`r;-CLv*~7=lUP^E|*M=di#EG@i;)`RNck7nmHg!H$BW68du*
zwHzKoi=7Fs$(o}STwu_;q|HQpk37F$+^E(c{}};9@FeZ}dog>aNx_tGZwSL612QrN
zXgq0C-Bs7HMOg`-?`+gk$?yb@CT8=@b_g6zlS7)Wj1vj*JS;Z0<@QcPx)nMv?V*CX
zZOPpRQC@oKoXyb%elq{Y=$2#?G(rW=%^`ym);nn6R8P;EN#1o(n520}ni@~}Sxl89
zg%rv1o^BN%>8=YSORkW-F_&LRCd8<uqA8>6gW}F4npxABODZSZF9NCCp_Hiso+>+5
zEtG4D3W^dt&rUpu@{CWlQ>4Yf&16cdwWNgtqGZmg>HK9zPI0>PveyrWsIn#T=SYhJ
zRm)n;*_kNgF)%9h1`M!}njTWHa4fhb?PkrP{9RJjj^<`PWUP`VmmvAlZ6H?+xG*=H
zN8`r0`o20(nk-^7J!IH0GYv#ihLQW1Kz-&xW!1`@7>G4}oeLl+sAc6cLF~@6D;5uM
zaPx9<lW4M7O&CCuWSUaMk)$Y95ORfiG;`*Y#huSlu~<PGlRiH+ju1i_M*>BkA~al5
zq$MsV?*Gk^QE!uUcKh&me~@H#l>!*I!Rs_>dO@D2sgog=-rR{WYOzA07c5<RT^1YP
zUdSd;l>!+acnw_SUU2<qQXp>kZJMA0hyof#QCVOevsZ8;3TP=Rfzt*0;mhB`wUyNo
z_4DtIrLTfQl)g|D*aD``th<wP6W79up;GW;i$qF~AUh{yDI9a5zXBH<AOR?&fxu6a
z0?V)j-1SQsO9h@g1ah90yFN4o+)H@@4iSe1IdpdKb12(hC!LjCK0G{JrMXIJoHqh`
zR94}o_1pI_IG`Fg6SWY_=XDUp20MtHrQm547II9HQQPsbk1S|;4qILWRw0MhxYG+^
zw#XHtZgYb{Dgs(f#)sDtIz`4?pI7Fp_Ad8dHg!n!fNj6$jq{!8)>ReuP2)cIk{5PQ
zE@-fDs$tmafqqLud+Npw{9)@jCp~|^7VRfYHd;UW@;@edv}v;O=8(=cxkGyY_NK{(
zb$izIdHt!E_w)*PGmTQEDSLC~X<wd!NIO7d+Z$T(EVDUk3A^{~35|?w;&bZM2s=Bw
z)K#V3CQX{8D66RO9+1vJ;r<0i7vH_>e|-A3*@w>qhd^l5i&yp7DV}zIem}tMwJUmd
zf8ucMd@#J>o|QW`ZE8C1mtP9syvb+NhS&D$)oaHUCzZ05k&%(QR~uU!o0+p_t()7w
z>XPAPRpd=kNJ&c@nwFMUSyMFt52e|7l-+#n`e5yeQZH)zC4J2A-dSU6`ZctqiIXPb
zyZIM;93qe?BV|0<ROfwF?a#MUs;YhC6B1haj$2(<GbAS`C%mtVhsRz*as&Tucg_Sq
zTm-)AS^2hs4`OY7`}aS?JkkW0XQhLYv+mL9yQGwqEHD{<XW#1=1Q0YI)<KAS<26H9
z>yNSB%07HpPBGTaZ~Vd%!0+g&sGs&-dH3>4N6iIga&q#bhiL%-kfmgmlk$7kb<rNa
zYSiFPFTwlaEPMTWc}UdQZVgUnXSX_R6IaFxZTmJq{t70H;Ut7&!n|)EEReXkIPTA$
z-Me{fuVX6)cX9$Y@T{ryo8HGd2F&IcTif=ft7>`%4<9^C3(%Y|?KP*kxY*6jZ7JFl
z8#Zj%9UMI0-96y=@gdFDH>~mu;x1)Z^VIla;E#Efjh_nCUqvM*&R@P<6ByWrNzzsC
z@|r$;_;BCrc_ck<c~x&vMQ_)+^Srfd4{(~C@~j#?A~-TMw1Ll&BmK>zwf0QhFgkP;
zP;aQ3yE3&|=Rx~|D+dhRW=hs`^Wnou^XBPXx^#)>G}Y1ZDoLMrst_gVv0zwoAUs?r
zCN`FBbLiyB10O!D$jZuERb8gnxpU{S-F|p<YOR^FRp^l;8bG3DCHIVHA8yAjt#z&a
z>#v_#PohT&du*PUSJ3o6zf75O&2Z%FZ&&C}klUcF{ow5E+^$n6We4AeeTkSZE(UaE
z^Fd1{PMOkZ>6=F;1mLk8V$t@lhsKm9{$)E{yXVdeJ0|u}g`1!7DBnzZ@#*L}weDC*
z?RsHmkvESfCkOOVH(228d{C|XC*(XXM-goqQ+C(s{g2*ROrPL6KhxQ{nGX%Y@3&;8
zu72O6&}}b_$1VxB)23msJAZ+z>r3MDgADIrwXS7ah&=2K8yaU98ZjU#nwO!WT}2FY
z@#5Z~R*{Dfm(D1Db2n)t|2rlord^jVJ%g|PibH1O#*MvRPpSNQUUA2@f7X9pmF8&E
zzn6gWYo`$1`o*Bs>)Xim^Pg1f+JCt-s%Do*P5t~L^O=n|e|dSs0bllvMr-%FgY~;d
l6L$LBFRSW*@Gb9j>G=^esSGD3eH03n>Ey8qqi6p1e*j@Da_Im7

literal 0
HcmV?d00001

diff --git a/docs/src/understand/federation/img/federation-apis-flow.txt b/docs/src/understand/federation/img/federation-apis-flow.txt
new file mode 100644
index 0000000000..5771f1cb4b
--- /dev/null
+++ b/docs/src/understand/federation/img/federation-apis-flow.txt
@@ -0,0 +1,32 @@
+title: Federated request from galley to remote brig
+
+Galley@a.com -> Federator@a.com: request
+
+note:
+- API: From component to Federator
+- `/rpc/b.com/brig/get-user-by-handle`
+
+Federator@a.com -> Federator@b.com: federated request
+
+
+note:
+- API: Federation API
+- `Wire-Origin-Domain: a.com`
+- `/federation/brig/get-user-by-handle`
+
+//group: TLS-secured backend-internal channel
+
+
+Federator@b.com -> Brig@b.com: request
+
+note:
+- API: Federator to component
+- `Wire-Origin-Domain: a.com`
+- `/federation/get-user-by-handle`
+
+
+Brig@b.com -> Federator@b.com: response
+
+Federator@b.com -> Federator@a.com: response
+
+Federator@a.com -> Galley@a.com:  response
diff --git a/docs/src/understand/federation/img/federation-flow.png b/docs/src/understand/federation/img/federation-flow.png
index f6558c63df36f7b36f009e74f2f97cd4a0a92305..25a0014e24be2657af54cdd2d8b168ba8a8af233 100644
GIT binary patch
literal 142892
zcmeFZcR1JW|3Cb$C`rqRNXkmcOv|byDKav%LW)piZw*<MGE=gmtc*gERaQw>L}s>-
zt?cf{+2{ND-N$_#zxz1u|L>pUxUQ>QZ*Q;n`Fftu=VP5Of7P=J8);c-DHO^^#ZxEL
zDHLi({8LD?7T<X=+gXGEtg=&AI8I5g+3}M?*+o%2aZJNGYP7>eUwQuTx(V&Y=h>|H
z)Xg7Al!YEY$9l#>)%>Ffo%nADa}k#6mgBr3EEQtmuh<^)Sn7V>WyZSpVNOzl{7*+u
zubFp)Z7=mY=y@^*d+VRMjSt$@%tzUc4@Rqu%LE4RqFL?tzrGk_^_!@7asJO&{GWAe
z0#5w*D?wx}qyK+jdCHiMkACa_d_DZYqRRc>AL8^8jXm|>pE*Hmdi3Fcf5wlo!khEI
zKeKi3-Bt4c>u1zi{(tw23aLBZIr#<$(}#wJia3q6rwDDTcN_fpkV{ov{dh;dLux)>
zVnbsi<H$ntxfdz<hp0+wYgOD;cCfRj<{!fPO3?pj$uxfLkalIH{1_fSU(T}|D;gh9
z?nXT8`<51+(TD2aYQ6q0Yd4j@{I*R<-|wy6U{8?jO44wA=+M&q^dm_pp@EvGfs#&R
z1+RP4&*z+8+L2>k-}99HkDUEzizuaJFvd%$Xd4?_s*UtPaq-lY_~L^pZU(~oT~!N{
zlatBAJ*WZ?RgKhq3a&}R<KpGZrWJR$Qz+}!t)pW*kQQ);yQ|1!G4tXldW!e6XI!iY
ztaQqG;;Ux*J~8MQd$Lp9_=@(8pE1~j>mK$e6_H|VWo0!{ufP%ZDE-;9=}l**JzXY#
z9MfbzwtM`{;bfD9LI%BDE8XE80W~!>s^`vyJh^0IGNo0eb*|u=Lz33Z^ENg%e4>R8
zBj3g|_v4z%NX<1J62Dw?J0e0mEc}?}>~cXlFE6i_!&b(rqR<fjlSjNvy1Q$pZr{FL
z($X?#z?gg@B_-wKr%%ZZVj5+OTE2pUf;Mv#-6=wAQN7EuHF2nKj)L}f{j~Erw7-A<
zuKW7+R(iTnYp!)*c_4FdQ>r%4)rg1)-;$D}Ev>D`_4L?Io;*1*GgCG@(#$kWt=rjq
zQb8eb+UHA*EC<Er_o(h6Nl7`p>h$T;bAP(L%3u9z&DpSK-KN`#i9Ffa*|DjqfxmyX
z^)?%M$r~C*R~IcWFUKV$P%$$zPv*S7Tw7JGwr%H5!!#v@`#WyDc(G^r+sh3bH*Rdq
zFyfHALwC&H-rj%k*Vx!59v+^gl$7IJsK`wksE$lBDwaX<P4q_?h3CC2Dk6W`vUTh3
zq5;&>a6tOry?Y;tU*2^7&DD+U?Cg!{25k7O6Mz0FI66A|SEkVXe4Ct<bd>YqE@9!#
z0$OQXf~+rGplsf}xvacAEH5Y_fqQOYAznUkThAi@xPp<9QTy|Wl-vf(*T$u5v#q|<
zU%7HcL_%VpV^m$8YTmndr7bNij~_qIeD&(X++^?MP(9b%{;KNgGE}Ltsp%SAfw`sS
zGmEd!ABmaKj&;1#7A)RH(^B9f9u*aJ0l(P6!Qs)9C#DlW-XC%r(@$<zThJ8{h}AJ<
zdO4DuoIEi*>k}5nv|mEP`0CaB>lt`|e1CoUT4H*{;Bs2B!?FS2xRYFlVPTnN-^hrb
zpvQ1yvdO}a_qPHQuXPr@ZL~*q{s}mW0$;<jefxR}73D+CQ%R=IF<i&-z-{}=tOHkC
zT3TpoqooCM4X#{C`7t!a=fs9fiaT~|ZO`;!y8(?V+h_6dWiz(D73<x8k8W*jY%FWW
z&86}`!MWp*&C$%vOg`H#%57|xs!_M{0H(x&b-Q**Ix1DiJbk*)eZD^;aUkY^_2UOI
zF-D{99qsL9Qb9YV>38hdaWPjf&&Jq)TpLw$M*8`!Tep-}81|g~=zbtzWxsjdQNMfl
z_Dwp=Q&Um-wH?66X|$7c`<+&oWvcMDQeyvp#+_2ms#c4iBZN0pR8*K1F;i~0=2!-{
z?K8;NaQFB#*6|^9@41Upjw9cctDl60@yv`gXOu0ovaryosi}$epH@`dJ3F0%^0(?N
z(7p8J#+r5E=U2vy7SE1J6gmESOgUPICid#ptBVckM#Vy}gZldVUUg;v)vnL?{M9P)
zzOhkb?7;Kq&u>OYN6#(weF_P?t}owJ`&hr3I&O49EBHfm#*ouZ4f!HAS|dpXg-Vmf
z?3^5?uV1RG0}{O!f4wnT$affFl;I%#V`zCtkUVbE`i8Gx>kHkSvb1B8llLzC{zbOK
z?K^jR2EIJWbDiZsd5_hHUDENRm85yyt`jFu2Gl+|U`=ajY1v-j!eDD_o9FgtOz&`d
zW0%+8d$NC*7&45C?}UeM8*WNnckbLdJ^=wPNlCp?(chDm9HsU3TU%RO4|%N=I9E%%
z{k~9npM9vSSe6oNH&~;SZ@>3Ghpf;h0o>@aN1~=>rU$OJ>$pp~&)HaY6&bj9;wJ33
zYT449Zot6&Rp-^k_4sh2musTvGs-auY|$Dh-jR{p4U0VuhV{)iY!fU=)y@#{Sg`LK
z91L8X>kCmS^EhQt=*l!UHukZqYBdGr`M$iI`taeyG@CaoT)M<N)>*hgTU%Sd$X)lU
zaM8i~#52r&{r$(ZwVA(t`*!NosiW%Z^xik4)jT~tb+Sx+9?2d&$c$Uz{Cjk}_svdK
z)5`lkm{D43IyW*iMJV1OAq;mmb8JFozpd=ZG+uLDPHq+D&Ye4GfpS>HvYGBuU(>;w
zrxc2^vhvJ$7su>yQz^EZ?LhVRgy+xWjfy?}0t0X5<{qG2SXr7!ZBkR*XX+JLWZVzY
z(b3sV_Q;QRykmBCb+x&Eojzz1J<qr;*P24MHyww}j(e;UA282+f3>~gl9pyKbe#>>
z^ZdEwfB*jdx`qb+S{`9F`4Roor)k^U+b8BGO)1{E`Xi2`G;(rs`fsl%R=dy$JWG%G
z?fI=Qf8~JY%)9sBzw5Ru*xT>FZf95SIycpS1}~FW@|yUu>S|ZfJ(P-n2GdxiUS1Je
zV_`(fk$6Q^*mnK~x%%d2?e>aq-?UCCD>Ho+6BE0gYu!dmp+cMOMxmLs#>x3!bbYln
z*Bc~OXeXqfx66HLveLx0erEua^wsX20Sz&ey_FlbZ{L1%7mb)1i`YfKOzXA-$2cGQ
zW%LgW(59!S_vA{u&hR-Z57fpOU8;@79f%ZLnjef2`}z9P7y7Rnnwma(Z?1kyU>?i4
z{dfG6-B|l!Q3FGj7x5Yz8hyW?^H<l@oUQ&^<lz=M;yzfz{=T|eNr^-3;;G0=#@kb~
zs#Lq~vWOl(rJ}-2b!>}ap(~I3%KV_o`LEBF&2q70n7*dHeCgAiVH9YAdOBWuXJdJ^
z8=7SB_gtGG!6mPt_p&Q<as}ZHUA~(+woMQH{K+(OLo;t((|GY;p(4XPUjrSTN7V<g
zp~S{xcF}xj$uccp`uaj8LJ<uxGSg|ilRhJBhIOCrs|20%@@{-u*)_^f4k!;i-g(6S
zl+x$gTIK`Rt=!md5iN3A@s*l0%Z#@l8#H%mZ7vV+Jcu2z0aM(hb$)uVJp0zV&9s!;
zKsGw048Coc#31guEN?gtL=pdIBY{d9T%iZ-l^4*3IS0I!7jj}VGK8OF@8q<|{9T$>
z5nV>DF&X`tnF*cedNaW>r4A4l!lvpT(z|UV-=-ahGTWOi{;n+d{O0hOQOmNIze(qF
zi^|}g<G%3dh=@IFizzfAdsKvM-83~dcMA!nw-2gm9nBib3AlS#FnkbK_F%6927F}Y
zK9!@BsToE5;YCj4hN1@8C%o3!B_^$8-dK<H_wzhwF1#eaM%A)8JxtHj$;nAHsJPfG
zYo@I1glOS}sxBKF+vF@h-{;~(K1xxC)T+BuwS{*J3ujbYQ^oBX;@?<7DqY95-rGb`
zR!B&w=K#}7JNa7*&raS8*1Loo`*v0N!Q_#EqL{?w^$vwL9s<8EV=s!eg>6%H|2lqW
zWqC2s;&b>u2BV0zF^j){3D^(S9i!};o163d>2qt|#|U7})yP(D8z<+&E`zt%sVyul
zC=@$8yZsgoRHQ!U_eyE}it$?6%E4^7rL3}YT~$>;*V(SVJo)9R&%$Oqg(W4~6oPh^
zW3+ew`gL!+_$5D!hPa%5hp9fr$*cl-CY0|*Ls`!yXaB{i$;o3Vc7Bcf4N-?|kGor4
zy}D`LI$sl)wVQVE6*;-MxEw+|ObmbD-d@mR>EnB`*mIfn?c29Kb{jTqn4J9b<Y1t+
z-kby%*E9N{woGF=G!gx)=ez%;qsN!axMAcaX{K(Ye6Q`yG%hWxM0qM;=4D;3ji%Q=
z_<M5l#^cAVlpiHG)|hwXORQeA=JQfDM$9gJ0tbME?CwmgEr9T;vuC#%{T)ut==@|G
z$p33ua8&N)NdN5fu8ls-ulGvb)_wc}wQb&(`?A_ne)@WzI4~(ylpMIxl^wXBqy?56
zYOASX$)XnpMMbl!-?n0kt)kHTpWyvi7klj1^{|)mm0>T)Hhtbv<iSRU0YJ#Z$jH41
zgY211G&RegtO3&LDKPc6+L9)6=FFK%TZ`%HFvm^TdeD`7dV{Ny;^J0ef{9+!o$l7W
z6W@IP$YyTU%<~Q*yvh^Uv^_oLftXTjd6gfdA!OQgA1^B_qwqa?qSiU6clt=gB{jUi
zSd7ne<tO3izkP@)1en>qd-p1UKkr>MhpzY0+~09{H5V7x-5rPN#V=KFS@V!mmu?^l
zWU!q};eHt~##Ux#Us2PF3k?a16H`+kYGwZlPH%r0Toc1*@b;Y`5WUHdSD7E|PNEkm
z4l0MHq~semEbg6+Yn(lwbLG><l~oVcSBLj27qijUKI41JAjZYDCPLU~Ed@CHLwoy<
zW5<r2Qc_|ZR0|!T{>OqI-}n!wxKtCh9y>&Rn&zfzy2tR(pR4$2C`_HXQiTkt%YNIX
zIop}B4mLDn3hg!>GQlx4{6<HuoLybR-D1?`KWCh(d%@2rblG8_sT$}(%bRN)QBR*v
zV#WyS=WW@*EEM|bT!x`^n%<lA<BMKjYdc?=eJ0S_1X!-6(Cy&$>(?ii=IzLfB^^gg
z(6x+BOgIPr{QiCN#o4Dn#>ay;vK{z=Z-4yqr5uwa^IDe-m|eDx_s~%NGYakMfB>5H
z>u+Rb*(SU2yLO^31{}W4ro2?xwryJvr`WX~EJ|8hnrgA9M|-gshf1{6`{l(yTRAv_
z3JRnsN3o9|1_yHv$l49ifrR-bCGkOg2>r}J;Q{ALKhziL=O=TD!)qyPuBEJuir$~<
z`1|$`*S%2kt0;i#VqS9*Z?yH~gHn?~d`K@?bq5#Qi*5cM`?&s@!e$VTV*N#dD$t(i
zFEo!IzuE5YW8|e*xaG{bxko%<qI>ozJZC<y8TvX2>w59hrQ@2KOq(`ss{8is&hzKI
zm^Gr<$*8!Js;ZRZi$V*X<z;1|3*X<__MXi0zzsGT`S#Kob9tMf&aU653p^GNU^;6G
zdI1Dv+W%Ass@n48;I)&OQ>!Sty1GNn85{sk`v#QHo~_8SY^Lz-RMj{EbWnekXT)_j
zZKPjwJGQ5<v=Ih=)Y{V4R#wn7f~i#BTs5Fjm(DTJ)0gc`8hr}7CqYd{$jq@T&FN2B
z=oGQr-A?X}*G$#w>BTC4{&G%zJmKKsbWS0oqPu%kqA7edG}VtppXp1d;wSdWc+O9m
zW!VE6*#B&hci*{VhrVFY3C@Qug%exeSE*|q-tf0R`q3jkaj(cmFun5Kl~q+$L+x+v
z5+hzqO-)aC|NQAcGh^>Q{pFzF-Mc3M>t4Nnjm@`F@O(B6&=*r@F@ZS_!`w1m`3{yo
zf6T0`?na7VHUY5gv25tBnld*xzW{3F7Z7ms{{2nfH+Pq3Wo3!AZMf;ZZQuEiRK1-V
z@*`0>IXTrf!@<L@W*pjT9H$L3timQcROh5jO-yXMKTuO1eA?sT4vYcfZZI|pEvWM{
zQGx2$DPo9Sio0c8dWTFtog$QniQN+yXJ@}4l^B_O4<2lpe7lPVUwpQ<H_0;5*1Cj;
zgm5wN0Xvl!xJ;k!D4ICVi9VW#nV2Qz;}#EmPS^J4T7+VZtd|Us*v8lkomCIH6vD^3
z8CCP5rtTbb9I9Id%EJ(YQr|9YSg<9g>z&hPyMgMhF>Y>d5&3nW-aUBq$nTxg_-gNV
zmsJ9C-G6FoYd1scz&u9j=GhJ2ueL-@m4e^|e5u#Ydy@_#GB>v{J2KZ3C~Wh0#UpYF
zlvGt)JK~*k_dJ8ZIV=)hqNKZe_3De;&VB+tt&5X8qyOlRL*X#!X<$%bkt|uWJYN$l
ztF%MV6}$`g$IhX*Rta7${ij4Q{_FZOI=Ikd=H`3^WL5@oJcC|g<K(0;J@DmWSeVbF
zM=ViNF7zNE(%Xa$1+N}7DWefID$*Zi@B8&@qnDT0qsYkasxW~bj+QVFefjLG9jrvM
z`21N;OKaQc=x7}fK|*4pF$k&i%92ZRTif^V{%wN;10Om&cY>yrO%K*i_6EtuTesy-
zOiUbwMuU;JlR_;Jzw*27nt4m+?sS89yh1xyQ^+-7Z+>>z6kua-&*)o;|FI1t@|KSe
z_5S_)Cq^=gk1Hy!2QMLg>_JG#tw3hs4^>sPKpxOg-e;Lsmi>6-@4p^}rt#BEP#E(e
zDK(V~JmbcV8+l%TWze<CeD(v(8iU4zg&jJ4_!E^fW79jQYm<c`r?`9E-C{f!_JX@l
zVj(#N1?gU%&-s8m2odCVUf!X*9I`vVfB!x=T`P-?vR*(yAR!^)0@^@N(c;X{HL<(u
zBrcRtmhivHh$@=v*^q7BwhbK)rE&7g6@E&rVhFF;hSF1O0?^G|d@_s``OgnxV)&Q(
zZswAe<$w@k{`L7r2o14`i9S%0K30cmM^<W<`KmVy#M@-f;Id8vcM$lVl$@+t<#Y?Y
z^YH=efVny69RRaC9D#;Sx;vkOJFhF5XYlt+y0aCs=oJbUW0g1MXv<r>7a!U>-r6ac
zH>HH-y)1}v{MEW1{WSc$5GUvHx~8VECq|%gbHGpKgD9Qk(B6~s@<9IkLK-*AF70yi
z0=E1x(OpU{Adss5hjh}nZHx2s{w{==bQZcroL|A*rJ?svXj%EE9^hkW%oXwjYp4xK
zN31~J(HnTQZu3sYnVFf>f~IJyw}*zzeS+AwY}s|S4SV!@Ok0?M_Qm@|j|dqX9Mm3`
z2wP!cWu;xWX~&i~dinOrj|P7HP#r#u)=s--Eghf3U*PlO?(PM<Xl~jpFF3>j0VNJx
z`~E6%V)VQCu`N`)d3fZ}rHzv3XCcp=i4gKP3kVEkpwO_gvL3&5>5{)07B#=xGdLvV
zjCAt{{`1Y+X*y~qD=IScCkQ=^iIH-7rG7tkXi@j;h^y}GOYX?X$eXAtrR`Wcp^!n0
zM2L}GAzdFn9Ospml`U>@3JnTUnHQpL-Kr*0vAdSEbj!NfRq@ZBO)icXmx4M25kgfg
zRp9WT0`wm3EM$YuVInNLS3yAm!|BJ9YehHSzCGO7)TD-S@BXL5DbKcdZN+`|MXmd(
zeny`2)Bqvo-(T_I6~^Y~G<cIJ84p(U8989;Gaa7YAAII!n~myUnVm7ea^*OfILbLV
zvRFkyVI2XbxLMr;18W%=7*I=bz<U#b2q#WZLE6+D3$tZ1yL9Oew(m2qzbidCi(r@a
zZ|yEeb_bGeUHo??5E5CO%k%(v&~d!+1#~5HQ3tQKKiIya(*)fqHa>ne5%i!dmyJXO
z2e0Pfh@tmw3qJ`7^8Newhd?>e0)1U)hmR>MZ(LYdfTCIwz$EbC!2@qVLki`5w)qWU
zIa72OGGwdK2Fv}?buz8Ki|OavEAH5K<-!GTbnspL{Ip%3i~Cp)UZvZ&Z=bn^MV#*I
zOGLoy>FKEhFU?YFn5RzMP+zbSFdCv&+0U;py1TnqnVOnnVwGSd6POD@_4AJSFZnBD
z7M7M=+}u?A^m1<lm(y+B_%JF;@ZWu=-R!nj)hfC?-Y$Igjxi-nY*-tiB9>Cba3~Z{
z)q42>_bE0#{XVKX^1_2%G~m6Jz{Ox7`-)c3<(m9<hhDvU^^pD07PP9{xDss#TjE_L
z(f!Bk&|LFU@6AaiB|0T#<;jU|IljGnnLbYg077?^<9ry48+7XQ>6_u<T1=t2Q+;T*
zb#+@%k#nf5dSK=hp?{7^*p0wf&=R(4u4&j^8pI)clIV`zAD|+EL{#9{W?k<;eTti&
zQj(_ox^wXYCnZYKX%pT@L{#*~y?e@<%)aER7)$<{DQXg#=JlNRBi}ZHg&lI9*tKb=
z6yL!Z$W=twM=ccg(igEeG(COi_>2FIHZNHYP1zk&SfLXd%2J+7EGXAQo=b<ux{8Tr
zix2hw<3}3sCg0Rl0e5$IfT4~QA%6069wq+|pJ%VO!zywm|GtKn-~S(T$ItKovoChe
z<B4Rk%QSDal*`S*+88cj;c@Go0jKVyr10OpdzT>4{a4%bQUa&7vZB>A=N}AjFUdct
zIVhK6nRZ!2QzpT6ZDzV!6TZ(nvRyOGNwYQ-l#So*1?mL)_l^drAa2bk`Y&Om0u2of
z4QV*2@iXDIdn9tASEX5M6gD>ISGb;RQdE9<nKHtvDJ+qbj$h?4bznp{aUCNM{rV53
zr4OT{H-Sj%=<2>NDTx)^d`yGa|HMsbwq+F+oQDr@hfX*2?WLY3b815-e)i$x#{qv=
z7B{b7zg{B!-*53~?9126i*8Cjw~mz5jT@`L?Njp2XKo~anx*?8eJ>>lQm;;JQob|u
ztdiLnFt31}FC-)9xryBX282GMZD<aR`7_3+rO{biTkD)Z--BJ!<K+tiey*G+bq7|&
zfb<shN`g2b!%!Nd{w>g~TFA)b?C9-mY^9$*t;ZHq)f(8}H8a-K=el+x`ec)WaynU0
zgMvU;t)DM*`uZ+Xyu-pY&Bh-m9Y3FIwVr|vozfGmvGbdF%2ig0D^#(Un#8>w?xn;$
z)@e?dO#=bY)TfVMEs+(ys^Ep%>^X)Jaz74UdmXLmdQ`2IK}lQt%_}EmjooOY6xC+~
znHQv=4WB%+M?pE|->S<>WTh+C%DWcxrd;`dc@xfu8o!17JN<|d(U=sLLl#R-Q<GZt
z^}m{EQc+H`Y;dhO%#fU)<o};FC09pY=JI6rE<+<}Hvhi<H$JUI1)8fdW(44rwu2hk
z%0tq?wCliz-=zc|J2BH~3<o#mZeZXBD{Je(<<Yh`87YBUyuhHKWSl@7DS^k)OJ<He
zf;-Wk+l!`!`)d~9=jZ+M<v#e4DfxUSPJ|uLN!f7p1jhlWW6mxvp9**lT8sG6<$SiS
zb)M?`Bq_a<Tq4s@XW_f*s);X;B~mAf;74^P2?pf$N6UCDoUD9EPqnJ#NyHPsA!TAQ
zYo0!Lj^W&kvtdtuqZte8zM`tHuNM&$I}Tq&1bEptF@;&!@IrmOJU-M>h<TWkgC>iR
z$&VjBO4-CALx*dDw6*HobEO+`al5f)>T)c#@3KnJ0zI6xu@QmSD(Wz-LA7pOFVuKk
z=6ZB~(d&Ju?8iIVDL?x9Zr{C2N7)kO0&yGYpX<mGRsrqwGE9jJCMGxE-&*$!a<|E|
z3`}Z~0|)LzL@*N_9d!J*kB{bp1Bf?gO7hyxJMUtuGP)IJJ94OQSz28F)0Jg6c$N%*
z?Tniu1y}x?1u!IT=XYNasrBpM1F8B$`G_Zmn3Rhcz$WccPrWe+RWutnmgDBxLhywo
z8wVweMdAu0;I*h(6(fNn6cLLCZVH*`b;;-UNV(3?0GO0QP>hR<yRlQ+^}@_hJxKXl
zilAWu3qd5<;iA_%rP}js*AU3OyfE9<I?KbUP6bY^u`dx|`{RS%_=yVO&q+W#tCq}F
zAh2^_61!<uR|Ihc0i~0bhE&l~>{VPXLv^eqK{3Pz3>L+3?97=Bkda`~mBV=|cgLSW
zxqO3yHp2<t!p?pV<31MXaHt`119Vt#*a^f3%!H=`zi2BX<890>rARSq$Q1a&%EU7f
zBCa#$j~+dWC3b_q|NCH`GY_Jo?g9Y&RR#tHRRYb{y-<na|8);y{t1n9d<|n8XlP2p
z_vu}*uvjlCDH(Odf%c!$UHe$VGV^N3k-WEW<3Mj|Hf$(`8j}T<O8n5Hlez6MV1En_
zu7il@?B>=x`u%lFwgm$q5q<#&KHP3`aR$^S#IBq0A7$qI7(h;bK>r26<&~0>dJr6Z
z^T&@1P)SWeW>vL>9>od5PlZ<d;YExm?Vde*fG&#L0?(Y_CSeSXMBsT~Isut$T}9Gb
z8HV>j9Cz>Aw~_7O)!T52D7*IVT@OHB@}|o(5Mm~mkkBUBwK_Rhm?$ORzi-F;(*JSj
zDO(RiXge<bj<4@J%25@S&G3In%Y|87CPqLnXl_p~zIs$yq3jaX3a-vA7}B`rOpirJ
zZnzwQ!bMyD-YS6h0@Pp(4I8)QgrVWif`Wofm+4E8&f>3j<WsyMU640`p>b{G6~RDF
zI=9wtq~`!r>upFpW0p%iy{$WT(0O=xShZ%aKXT*<p|Y^j$~}N;>Bwh$@`TNE;pZO8
zQG9n2vRco~&#yh6{W<+`pvrSiakGB(_xpVOcnaTN2cP<o+iyXj`tBb;yw5&8vWh|=
zU3T_<h%#$D7JpMysw2hMf$fw*xGJv~J$g*Cxw-j|wf<Soc-nsrPow@YBOvQ4im0e4
zW!Hgp$}U-1qo`-RSkI&HCrp#$<+R{uZldU9ULb-L<%idF4fmcsfve=fU?VSZs*1EP
zz{{_M@C4jUiH&`z8w~rUz0i#r%%<lsoOr^;p+=m5Qoy20<y|YYm=>B!dg%$Cy;8pM
z+15H*@5a%du@<*pzI@rTHuUT>u31Q?#BlfB#Lj<!M_FAxxOzI?`fXIy4m94i=m-^0
zC7mdtosLxA$bXQ`#k0BdAm%p6Q0TvNROXHSn9H?Q^B^FtS{T3eCV2`NglsJMs!YTI
z*2Ik^@yE(OB;5N5azMlZF^hqLfsZvc;qMGiouUaBG9Wf7ZY(E+SM<6QD4WQ^bM`l_
z&OTBmTj_1zmpELu3agEVwzjZsaf1hT&il$r1>P?$EqP_XOiWEDJDj@WfR#aODlln8
zA@h?tQ1imZ?V+^-oCOgy_a=4N>RTXQ!rzL6hE(3LPf(D;xU^>;MMqH;DORfYfPTro
z_-EY6ii3xm@r~7YLTb{CigykV4<E7{P|A`zfBrm$miI4=&N~pj1o!Q;9q*KGhe(7z
zgheg&*}xo|mL?ePL&hGzk?t><pPal9p?WOk+wSA1RMphpgYr(4Zk9a?|1i#U9Jvfs
z+6Oqngua33Zu@*L@0U(qHGYazoa>*ljTF2Yg_3=x>2#ba!&Xfuq^6S2FAO}nX4Cg^
zD`}|*uXWzWdczU)j+S=&(9yvj<MDgDl9CdUd|BAo<cy3sQ1YSQeKB+)d;1U>0)~Ti
zYxaB07Q$hm?S(sAK|GN1SYSjM-_FlJ@-0pGoS+K4k}V7jw?F_1)nYkd#qwM!@+P!G
zV{~;J2ZwSLBvH2Lc1r17A~po*K>Djz54agOUcVMU8+GUg#$-HvtvM(=7f;5bjS}Us
zCC`@Y&PKL7D8C(W0f>!`v7l|`mmQk@rw76u5x0?`Vf_3xO;?;!0!idP3@d0k{=YhS
z&V>JfB}&9T$U$}S@*6-{e(lre;f$|(hQyh3+u3L-f9z9Z%$D()yp@#|((Hv0K}i2)
zVq)^6w|C7t1d3Qhe(VdopR^!;;6Mci;Cg%yw!R4rOWdlh%;xoVb>79rvXHB?JeOU`
z+{R}Jw;0+B%YN4`N@r&$rok~))h%$v19ABgu2#sU0NomYe`Q9dD#m<Z|NO#8hViv)
zK_Js?a4O$FQwX|%zj}KUcikA0s`F$IHSgIdKdh?eSo!XS5+7gR(r@3kL3z+LV2tM%
zwI3ph7A^^i9Q`&p)te!v+$=1VMgU94qTl#w!tl|Dj$L=Rixa$Y+t-&%L}bgp^Vvr+
zhRuG9V{|D!Ij|8xo`#n8_{EFdVAcV%mjp*KG;Sh71%cSt$ZMI2{fK?Zo)~w|kQay=
z5FW06?pzkyE(tL}#2`29i2aZ^il-M!;ZWNfVW^g6Ows<GC**tSH67aDIK-Sja|W$t
zA1r-Ci^YUL3BEnq7GG^J9wy%+4+Q)zV)NsuJy3b0wYZqrgQrjL0a6v%9*&mvx{s-a
z9sdIqdJEO6jja2R0(YSY^N4dOoIlShCN6H4pDkcg6LlDl%<VUC4$7>|^&S)wS95S&
znwwN72@dE5ujs!%*>7<Z*2l+!fuBG3PU}MjA)roD<r%I39XznGGuz^vRa>s|fCRLZ
z$U%toL`lwli4`6F_3Mn_^nG^8(@I?Gw*vzMomIXzHUeHz>l+w|;@Tq@AMEc+(M-K?
z`SPBkPAG~6?(^!;SDqfWTg!I9ssuMDE<Jq{q@BC$l3HW#Y7K`^CX$fQrAuq^%jj75
z``O9X>v1iQDnn#OBr9#WM<X9Dg9*kE#Ps7xPvGVC1uk|3)e0UBkBJEaJxX}-q8DK=
z+VQ`iLiWsIT#*bHqCmF%n_Pv7;oUgX(CTsYSlczg)5I}3UES@l5h5h5SRZtSe?^?E
zxVX655_dVL+K!2dNhwB#ofzjX9Unf#x8(YKYP%yN=+oxO&(AL+BI14T-o}&nclcv_
zhUZ)3-cA+#a;6zSHy-ncGnTI(dk1m~W|Jx0Yofh;%P=zPS)!kxpC4*UWrm4W9#+6V
z40nF+=Zly+d=$FvVpLjMT4V-8?Z~zIeiQE94<HIT2uc)2s<rSk*Mf=p1U<yZ#V!X#
ziO4@C@98P?*Hr$*4DlFCAMBQU5E^<LVz5b5ism7QVaA&`Z(iIcx|$*@D~qieaY$)|
zBoF~!uQa7l;}$@$?#5O8vjDt3jA0G+NU5Pek;vJ}lWU6>$KIWmZcgERc&bc3cBphJ
zy=!r4$(>~IFeKzreG`DrrAQkI8x@rSB>oe)0e|PZeK~N|l8)n@_W(^yW()WG`}=>a
zt*yKq<8cQKsp<=t!Grktzbrpw8DVOWbPLL18@y$B1e*XbwlXpKAYl;hER3JZP}M&k
z?X-2XTAvJ$bVfjhoO4Wy{<x+_3M}o3$;tNswjyW%G&jA0omb6usRja-APV=Pre+hy
zm4dVLp?v$FoZ?iyK)Z983kZwR=;`TAzDU^o3u9LVvkSKVR?BZ`$H<5Jv?qoLVNg^{
zU<*EY@<iaPsp+R+9{5AzLWTu==ZX;0>8|APIst@6Vo#&(ZyAmrQ>h}jhcD?AKpeog
zs{deEc=(;z*j@hvkVr!S3DO^)J#*?*iHhv<ZD6(ch%?FgZVHPG)rrQ+8Dsa(jlQnM
z75WjEzSI)*;P&2g&r9$+==&4X(;@SlZ)cA}vm>iaUWZrwz*tAJryPNXZhQyBfe`k@
z@LPU<D++RQYq~uCup`cL4*}RxEDD^ca@TJd)||U{A1i47$n`6kX!*SnMxMtmT-fz{
ztV3@=Bm`H;*yTRGkyq)FH-uy&O?oZQMm&m!T|!cquWMy)L9rsTeP}47C_vsXI2+z*
z5(R~YwlhO&qWdsI(PHJ$!O3Mo^zQ~oyZ#v*#r5~-dO+>SZgXTyZ=fS$?KCgBB$Qsj
zW(mTgVUCf-NQ{=%l>WI0VpD7kjtcFA4X!}uh4-r?Yme*xDnfL^6m#~FZ4VXXQ=Z?a
zn5kAlQnj(Olf%s+)G^ZWE3US?xAzvh7McA-7(RRUY@~(!{Nf_nqB@9_K)c(39kKsP
zBh7&W2Ux@}(H*dA@h1771qpPuLr0DT48C=qG;v?}`GTyp-&QUX=tB?c1~#F1qvC8A
z?qLnyV=NK)1ZUs)@?~E*YNp_7Lv?X$=ouJnVd@d{#30}P27+CXD4*9&45P!BG&eJ2
z`{A+$URytY@+1(TAs+RR`TBJ!iAh-MfBQpei###2TMc{*oO7~C+sGJWg1i7bzARTs
z(e_rn?Rp9U5d@gy?r97Z>DbG-CRh3SYRt%JHn?bV=k8|OvW0T_@?|XV?p?cL8=G3r
zyi-|!(;M*PeQD_$Fc<8oV;UNvc`vh{(zCGm!CTJD%Oh-1r^x*<;L{!Km=CB%WY(@L
zd@0=And)r<56rN@`35mxWIcDlA02ARdZrW&Otc%C6{$W9MpY}0+8EhNh{6xBFQ_+c
zyMR@pcw@RgL-3}2>hi^lB%wxvX=oaK;b$P!7ZnwO0m{M3Pagb-3OOHMDD&Iuyu2W>
zw6rua^Ya{>t-$GQ#0ZQ(++LrVn=3R~fEku$_IcZW%WrgK4`X>m+<seeb909}kHQ(%
zFL2(98*mJk8gX>p|1SUGsaZGGQ@#NZjfGGY!UGYjCBPLX-zi1K_u57tJ{bD%zkJyU
zj4ltU0wh~lJS%G^N>f9FbRT5xOgal(SPov@LDFxi?IkqFxnFO(P8VK1ae_MrjyrY|
zg(CL#7UiEf0x5tn2&l-{-yD>Xpr#;|N`b<^hC+-2{SE8!f3WG4msU{I2#g$uc?r0C
z&vSVJj>ZPCcWTuwR=T-X+d+Pb!T^gBZt&T5N329kk%uJ6{ExA*`}q7lKr-~7wI9K=
z#+ZKi@Zk+m3BL@56DN+sf&h6l3s>NW%nv;Rw|}d4Tf*=)*m($9N<l556BieU3Z+69
zD$qLiUp7yKo9*IjDVdkPu+G8uvJ*;t@q%ncg4IBoMWB6PD4X__`42TFGsMTo1NrM;
zIj^RjVfZg?VO}3kKlmpH>0>l6z^DQBj9Vu--#c}A_yW0_B7uXjWC;e=Dn`2GQOr$B
zESUEr5#!bN4i2jr)2>TiY2+i3YoNuGz<VUn0bTbQQf{#Hn1HL*h8ell8|H7h%?|s3
z306OrIJ0D`77d`h69p#^fl3rMCCNo_J`5dk^Zup8xv&LO1e}hOhld*dLr!0R2Sm7X
z$0!Zm$p_fu)lUu*E~Arc71@&fsiVVSY)fy|U9!D+#tW+0+8*QsrlW1$LQ^h*8G(c*
zzvu(nQ1_VCw5{vGu#Q7>D4$nTKp++gmXD*RSZ2Tb_bU*E+h|~50Mxb7V`1h7(!Fp3
z2yLi-D)~ldN598};YOF8q9(WJbf6s&9RYVyX(tE?6*V<!&6Eicg^vl)U)V_$19=+s
zNuroxXCDLR9^=@I27N0(KmX9WlgPn%E=?*x`(1~jLNpfen>qv;;4bz|^?!ya=;l9I
z2lR$T+i>(4mlN9f98M;XHw3Ce>!6@RRbbw%qP)4*74BvTF@gZwnc3M@6fjtwJe%DJ
zORa;J{kC$aq@y6OO0?h@mw><ql0yRutjE+gnMbnJi2x<k4Vcp-rB=k(Nq4~Pi-q1o
zq0N`zkaFIFp9y=r*2sO*$GHZ>3z3X6T>HOh?Z7|}I7A-Uhkx^3Kflw>vB%aVB_$D*
zESB*Cj{NV@?=1Vxw;)ynHR`U(v3t1wZrE*z>sA6QVldH=oYLTGY9gBuaqj2OpDj6-
z%!p9`7#*dH-IeKrFiCZ^G~3RdJ1MkdZU3X(;1*NG#zvUdyQCm<e4mgPlvF8h16}L|
zvuac{nON7g&7D93!F@;~H~U)GP6C!7GIS3Q(;^y(hFQ=!b?Sxur;i^?pdtoJ)FivY
zA-$2ekOEW<q4G9l1+X{eZbu_m*CU`bH1MS<)Li=!ZKgSR@Zi$SR~3pkhFi~P;bP+F
zA-#VKyDU!a894(Hx}9?w`F{GZ0j<!<^!4?L4M?H(8UiY&f{Sn7oX$?z1q?ZMQVeu-
zWhk${8f$(D%Wr~N8yyj6fLMk~TZ8*L)S4pzd=OZ1k1g<*(q2rGNQ#@P>VuYw>e^ag
zXhzT}KD!IkzOe&b?H(BkB#@(`;<-*IOoASWbr@K3M~`|}i)2qs*!UE$YpLOm-+T<x
zoXp~=_@oQuGNi3%OyrycD>eoM|7JlVYd?H|+sNABnAB>pHmKazSxaH;o0Eq;Qifc@
z4(9G|Le9{tBcBO+B*{@Dik#{8=jz+QoKVLYAdT&q<rF|<q=7jg>B?c|lYkFM@&)u;
z6GIef8Zs8>^&nP6WQmdS5OJBhNI9yZ!HD$59rTsbva*D-SK12Wnw!hP^LO*{(V(%O
zL{yq6*5Fn0yed$APNzwg{9PH!cb?>gIpPEB^Ww#ep>vgTpp{sAA|*foK?-;^{0X2r
zIV&qcd_3;6GPw2t{GJHcO_-lOrWSJh5TUHLi*PdB%pp?-)s8?ICIKyqcY7zBI-Hdr
zeJRXf6P57b+=nX)Z-Exd8=&^Aq9B?rW=2JOXB!jmcvNCWa%!p^I3CJQFsmJk(UD_Y
z$eD&TwMYOt+(*(eTi!Vd1C450MYCh#%mEjnFQE%a*2KsLVM@M7^g2pKIT{_9zyui?
z84||>PcFOja3<&vhIuSdEav&GmUnwG@{ubvhszKC3nhW8W}UWk+lN2QKUZ7Hj|;04
z=8c98mt+-%XgJ*T{w-@>rcIsF)zcGyG`ABmOol<4uw3zkUjb9ui?n~^e*fPZ9KEbK
zq|DV6$f0qVgai;m)t@M5Ho8DEy}~~l8fZTw&<9Pr4iPyDwRI|XIYAhYBrLa~HFMq9
zdMMPWeO_`i1^M@~O8E?V3)&b-Rgsq;aH~aZdrr&@H*NUz3H$LQ3ICt&Q0YDplU<o;
z?;0PUF#DG1^F{Bfrlm_9dAEAdfQ%AB954x;ni(QI2I$^z8w%2#{p@Ea{rqSU{_lqN
zNtvkW+09g_!X%wBRdFBzGpu|W(o-+Az?0y#h?fQS@B1a=07L?Dj=;>GmFh2Fj4dqu
z!C^kP|LM;;*Vpk5YxB8aQ_~l>Cb|07*7J7{KszsOYGMNB#V=NK=D>8qAKn96mYqBe
z&Kx*f5^@>|O|BtAg|N?{oq9v#!b~8qHR;4jiR;Su_i46rSn)hew>P)8-l(FYf~vjH
zUlo?<7=oloIb!qOqoa4xP`W{8FfRmb+2pG<^GpgqQN3V#yB1aT12_)52Q5M@<4kc^
z<=ySKz>-J@#7Tt^$rv3>5F+6zJrY^fTX9bgq>P}vl{c&u2;6l@R4f7HlXMb<9vW$B
zY0BTlvoS{;_;JWf;Pq1kK#+aP1gwMBV2sgB1`PbtEZ5m9qDC&`d!cm`0fwHQe#`dl
zdp9|0B}h%NKGYBoebcdrXSo`pD3j&o({3~?h$Rhuf4#?Xtlb}i0m1(*`3?fGfKMxj
zAkuUE?Ac9_VJH*`f+rAS5P@1s&Tk-YfNf9NwPHLa)EbEqf#U--u*qnJg@wTajImfa
z#d7uS9n-M=mlHzmjS`z?s~$_m093ekC8wlRWq%@;(Y0&WaNI)ss_;axv$Hd4Kg213
zI7<z03@N^n_wSEgT^VNGy!V>bGw#HWRK~X|OtW$2CpuGi2KWGCL6>~j&MXaP1=og@
zG%;wP-*l5Oy*5{HgwgrEB<qo&$RIinWx5Vp4u$$ml&tGaQrY}9{x*0nvCp2}!e@U5
zo+8Gyoo_DV4=R5G17H;&i>Douxh>zn8xz9Ynv<%ev4hXN1)(_u{b0idqsb2p{b$@B
zoEp@|&P{v7`)j*;LrNR&|2!&~<R~Z)B$-82Ct_*|2_<&%ik%w<-zbhsxnDIm_d|ko
z)zRcY5#n%v`lJ}e=KTI9wMpq2*B~f`H^Rcgs)O#_Svxf~^#JGj07Fbc*ARyxofxal
ze^t-fIdLXyW`#2&>o*Q&tf2s9_>y!E;CUSmwk1hv*oEPqo1u;&<RF+&O=>b`yM@Y4
zLbTq$Uj?y~z;tjK-c39L`;<?&wy7*^53TW~W)w`=1F^$#p#O73Tt-F^V1jmM`QG<H
zM<m&Zk7NSt6sbHxEtP=W?TNI1cki)ghF(JtV=8&Sjw?=Z+OpwvOo035En7W4Cj8wY
zbWMsIHYHFCB4>Mkk9P$j2X+Cdm}em4{^WyzvI7aU!X;AxrJOL5AOex&6wMx|ThHd%
z{|si~!cojsDC!H?xw%YN^8cjxn&{}Tkkl(wFC15+!$}bc`$Ek!5CA8Kn*^ZG60ZPC
z72XLJSXjH_Dc}r}o2F2Q)X2I_QK5RVhZ*+tp9QrcX9D{AxK|?PiQ@PHs+TRC3(zW4
z>|L>+p#03Ra;RV(K|>1cutG+c=#^5=6BKxp;omRKPxTWl1=*8KLNeL_*W}^&Vxagy
zap{F;h)Gv^u*>}xWUUJ*tUQ<L=X257=Jl(AnB4X>d;1N^g(1iY-VZd`3wGnYFtZou
zAn&bOvo<tO8Jm=(B|+h05!0j4t|(@kl+$wa@^T(J#6pf$ojrRJCyKztwFjgED0R8k
zdPEM!Svw@Zy&;7X*ps3uutUb3g+Lx;3vqGOke#Zd4l@)l|7IiZG$<bn3(F7e10TdD
z&=G$0^xOn+>xIio80X!4_p)FZG^S{7AQ>x)Uw;s?!N3X^FuE~FOB)*Kfd>d5zj!m%
zEX?;x`c&>>0(=G$=ZOne?Ri@<R7-)P@8j0#;|v)}n}K=O*2&2iP9+5S^~fvZbegKZ
zzq;Xh;|5vJowA;Eh@~NF(Ty@E0||Yd!brE~ox{jBGz}kAWR*cn;wwcrHKY>>;={JI
z$_f(?M0FA!5djPM+Pkq5kb8QLAChl-PCDf)vkfScNwCv+;8eo%@FjAg#9OR*9b)O+
zIM30NYt4ovG&vWFL?sQtQIG4|fZ%jm96~rr4xXS{A|~krEfoASp#Q(s3<x6XII4q#
zkQAI!TB|A&!>wAh*a&TDZ!Sa8`~VvS@3k0AAbSrF8!G=XoK<bd<%A0x0m3?xOc%PE
zR@SE@pONULLzISqPw)-Q4+iaJy__qWSxdwwJ$-|adkkoR^t%}E#@JJ&m*Q-Z9Y`F9
z=Ukk6&AF{m5XcEvoDJAQPtTdYWnU9I<IwPMfZRJ+uOgRgcHqTWgKp5Cp0X5ms6W^@
z^lU9SbQB~wvGc!KfUN{W5~CW?Fo<uNZ{8@Nc8wAHzQ=Yj9^mJY`<zI+{@a^4Ps+J#
z*N><B9g_!$kQyOmVDqyf@wzp5k_>?spxYQ;-Fp1&YO^y7vz9o(u*uli7;9NhoNf#>
z+f8gPhz|rx*x=t;IK4}R33Bkpag+rrQa4CFuzBeBz%y4s^~p&<sCHx)nVFeUQBjq&
zwXwlOg_-dI=)3&yc_<xhBuNKD5j02*2Nss#xTxYV+pAY%TIu>Ys3A<whQs2#2@VHd
z!FN`}8fSp<d2zJC=+dMFD2J5G)Cm|^-eRBSB(z=HJbdo$lxBq!B!|`nr5R(F82Ol$
zaX^XW@HI)+xzAs}Xl7;%UB?{sBiX`dJ1c8E7+6n%3K~WwUeevuvzla(B_)Y>RDpvx
zAekCH!;izhz^(<>I}Q@=xiWtlun1H9Q{Ud!OQ8q}Y$HJ~;<bdR$h^mq)G}ASZ0nTx
z_?y_98w=h35Rwb-N2K^{%jUCj<Es{IHnJaK#KFzP-|-QH);a8@rKKc^Q&LiLx^0h|
z8j4;A8rRbDGEpx{cf$PVZ??Hi!2t4xIRcH+2a~}R-W55=zcBNYOMF2!<w%7bKYiN+
z)+6?OXc{&@N>(9C`2+iW+u+c?S`S)2^F2zB_pc|s54#wdYj1d*Rn>p>zV2NgCZ*~I
zG(+(Qmem}%DxgeEUu*>wl>grw9%%kJO-tAovtA#MsOVPMb)}H(2^W9^4bkbJ;ZLh|
zCHxe3(zzEklCsR|`VN2f!?hh`V?Zak&>*4clcWLFv7=Z`0*Z-qLM2V&iWry>Z^$5y
zTPBkM3>S4MkDf+6L!UQ^Z(ihk2?@mWMl%%tz0x{3WgV@8TR+|k9XAUiEW`(Lw~_4h
zJ;Awk&r2_oXaKaGSNz$LY%xoh)H!HBJ)k_=lC=h*UJ}-X4EFfowN0qF$ODG(FR+NW
z&<+Vc=q`TWd8tiQN@@o-Es+CSzWOt2Kb4JOQtPO_jPfC$0tc$;FxPPykqfzW1ha1-
zU!2uld)K#-?%IgmJY<q|I>><!PH_`bLkv0Oe|8+cP6hjgoH7XL2WPGX6P^63B1_JV
z60HPz*}I_3<ZKljfSa#h+c8D0SDPhIWFYj~ytCl&9lGtSF$7WHyLoxn>a7G7N(QC>
zZ2x;`<**|6@hzh3)L64y1Fv7<<FCjTHB4x<xwhYgPd+eKQ@!-13*YJEZI8~se3W`A
zF<bt#{6@`({Bfe($ASY+UHA0L`z~ui=gWPTe!Tg-!I|GOwXcia2Bi$#Jf=o33mc>$
z#%Bqox1#z51PneA5mjnh#>@p4RLwaYe1E*(A|6AseOBDUOW;!qb;l~o+uG93KhjrW
z9W`J+Kq8aHNB<e7ZK#IAbwDnhUDi_{Z=#C7S{v{_u!fH*fkuebk5Wd_LJDlH=VE46
zd_qDs&bLy7f`UY+KjB;}h_S}?>r--tOWn5ZlGkhf+jq&x7%~g#*P%Q$vrOd6D=My_
zKC5D6ixF6U*gf61J1=IBkSfwG@8BuJpy%JGpQkDx!1(aRi$Rae3iESwN$&Ggw3{{|
zS5tUb{-A-rek0V0wOb}+k<(~&8!vo;%}Ez@NqTYgH4Y}KjdvDGKv?vcc)u<<0ldx<
zXT2UvI;G<Y45_deEMR;s;5-qeUqK8LCG2&O>(DFT(vlHtVF|KM*L{5wHcvf1A|oqn
z3h;s@7J*gLF%1$<I<_UhgoGw!x&}o2V{hN4a&dLN0=;?rPU&}F0Y+zmI7fg6#3Gea
z&b_z~5745T<?R#XsLc@uIC8zukCu@y7HuLK#dO`qrVhLn8t<i_0Kygd`Y7v)dxK90
zrGS&3O1Y>r@oT6;I{}Sh+OZ=Iku3>}h7&l+pN?4+@!g1tBDHmAf6=%t+u`d8DcTw7
z5G?q(xyxGcvC=VSrs(PWEPy5($)};G4>sN&fWBDO)~0u@VDe71+t}e8>o%?6Mo6_d
zL1~V)!zF#3a;t>$C^h2|Yrklw#C7s+9aN|O;o+1wovxpqCC56ztoQEUuYqM!Q&PGM
zEB86bt@L!Yc)o4#9eB#7*6n#}@bg?J%b6uEe%xYu?_IX;L#zQgNtFW*gpYOVTH$Os
zAO&y&_wvf(c#77`$EcDQ>WQb#2AXe6^+6kN1`yb9T0zId&7B0%I7RpMbCTB5e0hF0
z-TI@Pjj)P->`-4{0#aZWEt$rfo5nc)&iUdo8qZ*W;uNerOdNj0f<s>Zt5^1*62U4%
zii`hBH@om_Bt1BJmn9AXf{jQpM33x3WG)GMBJ!&tq!^I=QNqi=!lu`ZJ5HTr@%1Et
zgci=aV|yna_n}qHU%u&&mYfWj2ri-yj4J^_2)d;T#=REy9dO|ba%B)5uG@T^D=tA3
z`x15d9H#q~uA)Lu2%EoJvgDw}u;N^;!HBf`TqfiYJd7a$rXoMC7lPqCJWV3o>#t|w
z{J;}_wfNia9v%+Jtibx#g$S($*ef1o2LLgH9%KpSn3je{HOr*D5zdnb9>s9J*s~BH
zCz9(@6XodDiKIUsL3$Wj0H^}x<>h;Mc~1iCRebjKE*OT!z5wPcfyYs}rCW@^_=hRH
z&#<6{hH;!Xb&MV8DivGJH-EDd!?tbDnT_1lkbWT{dRSt7VL}EA(U$E94JZK}7m`{8
zCm<D7!FF-oM%Dy)wN;-#pMlZVj8Qz3;kA6m$YVAvfLZwJ3^Czc+}v=yTm^;Ki0Rco
zI-1sO=%$Q9sUyDuj}N)WF8TXd@g}L=RiS&I!Tyl3mz>(t{)K^=?~)e4!}!8)t{;kT
z;58funcC13E$MU?l&J{PPb1PVq$1%mJ-yPHv>V->{gBO%BCi~FZ2hdi@M#+}idRx#
zPK5~@8KRpugC}Svo(`iEzI3HEI~kQ?yd(uDpm4fIvLdahcxB-XOv!p+lko*@;1WqZ
zHpU1m8GLo!UD8xR9LID=d^tRm$UTpimMm57C6DY7i`<XUru1y%xzlIQYC#OlhGFP1
z+ETCM)mLM8R#{o1^CAZ;D?hLl>1V@T#l@cU{miT7DIcHFGVx!eVn1s524@R^?UaOz
z=Hj_6AP+poi5uk7<3OYYjvP6U(;2Er9L+$<96|N|{E%JzImNBgw{Wu(dF%ix_;kZB
zW?k}_0rcwv%UI$-4dXn7HWau02-n!hRipmwLGf@;ECC;b6Oab5z=TE{{)Ucw**zDQ
zL4_#hU<#ThA0OW-Qu4^XVf3cqWJ~{zoHgG#H@|=C%r5LLNO&2!U=%tqWicZTFX8hk
z!_5T?Y{H1OF1VYBtZ2af`$gBhoMg0u9nax8I)6%zU~&bIL3XEQv7Er5t#^JhfCfDF
z-8Up8<im##`@xyW#v~g7N1A|p#od47MyfkI=e2iqh_{RIa&r$M@u!Urjx|@op4I9A
zV;8_7C;aZhk;6EHmyC0iP$tA{mW|U_Q7A{xhKGhGAo(!@|1`{AlFn`LsZ%2o7-Zo{
z1x0)O)>VAN@i$`3Yn<1tqp-KMeO>3LFJHdQIkn#XjK?qZrpJ)2%uVL$Cy`QteUyS}
z<t&S9amtoXZ%m&*wQD^9ADKx|=Yg97<@=qZTaSk0ctDhtv^0+*SPD6%3+pfgayE<j
zXaiW_Y}~env(tRSi5zfu?rdUDLD(e)Hco{}DPmtv%S%vdn$W_PV`K~f&sZ@F__flU
zYY$kojUDXxJH9A3ZC>(Be+`A=9n}Y!I3L{Fb{s}d3d-CP2kEcCOi))>*LZneLh;Qw
z8;^AOzj`T%z%S}_`unV1R)&9!ebq%$h`K%K(iQjcn3PHlFs)wY8i2=&Gpexf>|r{(
zrH6%tK|xcoh8~2@_Z8H>3E5tIuTNoDyXrhK5%Tc}8t$L(#*4lp)z%0HiR`K?Etzq!
zqZ)D!LxsYme1?tlHZSjEX{j7As>;D$k;8{|AtK{0N+-f*>lJQ<0NeV`DFYJo4EomP
zX(l|a?W0S>rNzV!Q!?5wz19u3hp>ds&hqCz0=N%SQ&TZ<UKI*ij;;CYIsRy%ro<M^
zC-`cH<erY`huhKCU^ys?eP{p|VzqAgrlRytwqROxB-?8`n3r;Ry(Qo3kMuZ@w16xG
zk0K=OfPjDotbPs%FSdj-B8LI~{`D}hF(u5F<c~-)AzudD{)pYcUB}UuI9&Nl{kLKr
zm!GS|q{Aov32g<eAPK>5UPUOnF{F==U^6zOjvuFgL8##+%pIn^>L-*R@2`igF99bR
zBkL%xkQ6;>4^Ycb;i*#fde;gQA)%bZ-|Jv*Ip9$>v*6|(3;tLcm4Iy72|P<AhD?#D
zr%#!-ZjD33BR|{lt1?XG>5)V{5-ABv|Et%ZSKf+zYhSmr+$s76_2K|?3vfe)WS{Vp
z{ey#h6rsF4g$&CFA$T7S!IEEzSLR@=&;I<XP%Hf>ir9w)T|i+ZV-usC7j*dF000K*
z>*<Nd34)7@5)_K1s2uiy$dfOvMIP_ClOfYVj@AHgbeNkk-iS~nFuWSZk6D(^{_A}o
zE7i|I5R|x7&7v!~4O2l2w^qcEHRSoFFORP~Iv!YI1yl6^=TL@*@b&h3hS1>Pc!&mx
zmgn9%S~KlC-{?$Lfl&k<OB+)=$MM&Bb{TgaEGW)DhYUAoWFV-NiYM>TZrJb@9wuos
zg|pxEg8Espj(z)a|5J3b;<IvdkO+g=l!)K^^ZVr(O<Zx)>&q(SHyaun0!e%|P5%6N
zv81?5^7(d58f+1=3YzKqx)^gB{`5TDisZCP+;Ja`RIPoA!G(o|pj@c{Nh2^XA;FXJ
zn2x^w8Q>Z{T^$o+1{U5B4m>{mZlz^zo>b34>7(L3vrRZ96MC0oa7M;8EyoQPPa7^8
z4wOwFMqdG9AZKkI#ybtLn>CPZ7Tq9>Ie`<j{7Ajs6OecO<lptVx+-w+cDrzfhwyak
z{H|*s1G_#)Ii5uzuMXCrgx89DQ<9n-4u)!<J{>T5Jq&tks%qSEe*L^m@(xuN<Q*&r
zZx!r*R}@jLO7(!JDnd8|Np4FpY*suo0g#smgO`VwcNjW!6Y6t41KRB_Ma-5kDEO(s
zQhT|%PXHEcqK^;~@(VIJa{9OZDGzR$&9eqzA7O0P3}3yW5RT_2{QT`Cp7Alcw;EAq
zl&7|hO(p_9W{pEAEi7Rw&LbR1-}0SD_`dkw!TS<YZ>M^6Orv(c_!QWyR26Az-S_cf
zieX`XxS(!4G9RYz@C7FQ`OK-Qyn;jDuJ;@&4cYf=@ezBk;Ab~M^#nhJMwpnHUjX}=
zIs7S+LqzKV_uKsZ*1X`fkdVsnvMZCDzeI{F0Qcr!?+-vT(<pGZja1^*i@0MI%3K*4
z`nr-eTFJ#WO|<60*S>OF-v0KiZvbLBh$Z866&lAwG^hZ^y(S~CCRqB)v%=3+ZjaW7
zE*$*oa+KLTS8W)-W-vE`t(P5|OSlvlg`RsHoW9vEQZqGJn{mCrD*1#z{cV30?}9@$
z3GJfaCN6#oG`(kgCyMvq3Iyfg%9HUAUh;r^zy*9j@^C})?%&r@Q&XFn`2xehn2d*~
zmjQ0W#HV@`O-|Q^<_DP%_P<&s*biSnfrnwK0b|a5*dW}JpC(v(Nbc-|=E}%29l09(
zm$jGf@G(P<%k-uj56c;HSl$)yqe88bzKAFm6Fd7;YpiJ3lwe16{t~<`)^h@@^!U$b
zCy||ZlX^pIeyCtM-ZEJGKW~ZulDAYeWdHY;XAIfNTXKItT=R-YRcRU>axXvsY1E0J
zQb1)D%n=a2bCF_Z8gH+g=|zORWVxIfw#On$@vcNmP00Rl|C_&7O4PiPP(3k_rjvC%
z7!RAX>^<#W5NNwrYUf>vU5lbM-j%nq)?SpY(5;E+7dAuDlCK9&TlrT1=Z~4JH#q<E
zCrax7`6gC^EXZ|o0*Ewk^!^68n;a>>@NXtY#!%%j>HMhk%>P#G=%p=uoC+<4Zg1eb
zKEpsv2Cm5!QV717rK9oUEW2LBWQ%n2;KqM1PV2oevYMh8aPOWb?k{-KOw0Yq$B+3X
z-??2L#`(t6%E~z|>_Kh4N3Q*Q{R7GVD8@A^X~3xe$hY%EEDS})ojcQ^c>|T}0jjIx
z3~n|~%k)lbr|Z`vAdA7x1LCs``22H0(sL;fDY8bml9=);#C+#AC~#II7#|oJoP7_`
zE1>qW%DCs@%?VKS`2GEIZ~~@SGQxhr32@WEh75xf;Pg|kT}#L}M&dWH^R#q<FPPWQ
z{-;Zl=a|6#@#>n!lQP3ERX>V@^ppx%aX!x`4)fM}^cp}C8Th?}yXEfi!R_prgnAW=
z=$R(C>NyjWc<!HAWN7js&}8zR#?zs4c1{=kr(_$p@O>D-b7qntt|nt1w&DQ?0G&iw
zfFP<2+@45!At>As;%&j@CTbTh#G;MO;AFfd&_D3`fd#USfkGgQ2wNl3K*S&%=QkZK
zcAtNR)JG~BaVjtbLQW|-teK2ds0GLw`2^$!L$$C(a}Q2{kYtWOywVXQ3&*dSk^lxl
zq-s|2OLuXIXQd>6<toxh{MzYJ-_i|I(bzkt-FfyNI;4Z|enkc-8wcBQE9!?W;V~I{
zAh-ck5ni;iV43**IjeCm1}MpVc;NXg3$<P=Tux4Z-bEk$R~IEuX&4`Jy~J+6R=k`G
z<3|GzYs|UUWeD=42JQft;rUjslOM~=<pHN5Z-m!h#X~^Eo_rxFl{*<_O7I*!H|`G4
zf;@Pn*KP8avx_m2F{BCFK<`AaJ`J8YVqgg%A6gSFoeFh`%yA?#$k^G$eq;t8GX3JG
z;Dtfizw;&2VF>^OKVQD-R0mz@#}I=d@_l%O1*p{P?_w9fQBeW1^-VAJ4nFI`={Z8!
zkKh@HK(u|`-Np{Z|32G~PvxuuA8oOO=|FeOcxTaX+X^7d5K)5+ZOjM^?FoZ6Bzg>s
zm!<*{7__#sv$d^9h2JZp-6m*08VFR2sn5j5Ch+=u8jyJJ!yoTvpFVn&gsNq2gBAQ7
zk6l>zZPv-@n@#cby`Z3G{4f#tQWuur0prS_Jb4Ay73gq^h4C;1d$Pp{FjSGA4TZt5
zp6OpnmaN&z$62`-7y>t8KhB3jOnctu1Zmv>kF&whc=hH@ZCx(7AyJ2LXeQXWt79kA
zPGBhv3t^mhRc!EQ*mKu|H)O9|7x?94Suf8!5lK=>>5Ff>=1=1x6(J;!P40cJlf69=
zCk_6*efKUEXk@q{@v}i&;baBdLUZv-A`aVHB4dWY)fb!2e@jVm>Uns%?-YWmb>Qyy
z0KveUgjnFY4RzwRQe0rMFQFDT{MvpKnb7^MpvxoJ8<3$xFfAGJ2nQkVrFVELL+a_U
z|BJXc0mpiM+x?&BT4`C$X^@KM6jCXn(x6Clp=cmUnrKj@VKr$mG#H~nBvQsogC<i*
z2qCFdLQ*o6A^*?)wASA5d+hi4AIJaLd%u6j-tTV_&+~o0-}}Dq>pIW#I<MjG0pKDl
zkl?7-!XhM_tCl`F+Er9yR~H3e<nXov<`!x1)~yjN4MjcK(DM1|OWjcfT&1f6PrSvH
zxj7W{S<y9Lzm73|N+#SH7~{dqT(F*lhYpqT#N0QgCqXcrR&=D65Q_u!XwiKK`$4B0
z8|<n7_<D6zr?bWaOgt7{n$fA|bDp$Xpg`-^wd<gE?b?a597mL;2(oKl@2(6c37v5V
zrLw@6jj^x;nGXXEERSn$s+{bihVWTHQ3Sed*o-hsKl_B2ORvlufU_x9wtE0wee?&P
z0>KHSiizG>Xw2TpCZRp!>)ZGsR=&nT$qGr(aI!0Y7$o2{ZbfPSpA<L(Oa|DBLeN2x
zpYT%1_QZLDH^TbNfTN-gW~H&&uabufqy$9y0&?to^d#(<yy;l{>Kc3LC*FHE-F(2P
zq;ML22k2GR)I@JlO41`My~NTf1CWT>Hq5?dvCK}*Ue-FbYkXU{v|H0DY0vRUUl%!N
z9p%SG(if5J9mUa}^nL$<12!vupZoT0_YHJS0sK0Wc&>jYnTvo?0c|sLE=&K!wVc1$
zIZ%jJ#C@1Lb?Sx{!fIS1xy|{wcgSproXFoBA*nT$wV}+h_<_gbA8nW}{Uz0h4|CeQ
z`Gvd>9pvD=SQ!PwF<$y?sbhmr=|MvfJInGSgHDW)K39dhm52UE5~4Cq<!~S3DyhHC
zingvHUTJIfZdwkW-K@P(ML|J_0%lxDNAV_mUmcNimiYDJ75RT)D><;BFX)mr@n|jn
zT_^0Z3>S79m~_9c_<=-qpHAloT`%yI{`ljM1%T-`|M4?vx)_OCQz9|%mqQIu(s{7-
zR=I9#-|e5YY1s*#&eGqI?9Ki^_QN#p)cbCo-?rPZVrtuHvnz_jEOXkv@2+9*ySOUU
zro4;v4U_ijeEXBA9I>qfRR_KBH~0_n^{Tsz=I^~BO<bfull*UIavCpV_YU!jA9(KA
z-HX<_UG2WFjkuQ5!WGA&zKdRDPq!#MmTVrejp~;#bNPK2JDrRB>)Nd!irq(>&L$S!
z+@>Lkc*vpHjUaq#*bIxp!VN3_l>W9?!l3kV-MaP}P5gPJs~~H;efwDohl^|8{ky)5
z_UmLEazC|j@p+vVCLS#md^9Fa8lj<)ons+=0avB=-E4-cpV`}DXBSWX!3mSZPZiP?
z=A}L)SqY>pfBD&yWA;?uh8#4=^46VlCfZj8nC|&$(L^rbu1MgeT$sGoiNpu&JCpbj
z8Q_;HFoBculf9K3^JcGg8nWXQMlhTo)Wa55aZcj_c?F8?9sn4av|(JzhH)Xpjl5mU
zr5CkzV#|2_A3sZ`mF3^Np1RHWiou;P6YW(s=QI#U?unRs*-`7Mih)LTc9aNE9LQOd
z$N6~~pF4MMF+kLrkw&U1Wy!}ew=M-hHp=uEWszGq<W8K&j@ruN;!BkGS7}km+ok{e
z?OO46p5xZ|?P;ipQY=l^9$j`|%fiUeN?3|da54gZIAKFW<89*dC89pm>D;Rr36hPB
zD6Q4M0pkI<GL0vcGpX|KrCYa}7aW>X{I3?kslyYBoe!0j*Ez(E`13{ht}aeI9RU6v
zVv%xoePL{L%*Mj?H5#Jmfb{{Fb|cdis4L)N&7U1QxRJt<(gXsu^^R`awr$zD9k1PP
z-n=Pj3%FJBDr6RmV(*`FcL!DolzCgi!+JqtrjDU8c#z(XPGqFjpu6ii*mhx8eIf?j
z;WTLqNv|Cw^a{A_75;+8;jmr|XtL%kH#$pxnW3FslrZyzgS~VvZ^O9t;?as!6K&Qo
zB1n*7(J$pRPnBt4Y)*~e4s$fGjv{N=^+sKINztB_b?!SkilQEzu87UBr=hH^^;ou-
z*56$^*?lau(80g|UI&s>Ra?6RQV_T*uU*cd!iF91N=kxY?)vx_U`$}Tt5k^`IPK~l
zpzaV9)mPwD{*aMb1P-BSMcP|cSGSb^Ary_cW_mAwT`@NudSE@c=C0Dq9xq_Ci+jUZ
zS)u+A2ZyOs(>C&x-W6C$ERI??A9Yk=^jQ=+^zF?9w-F@btXW4Emq^!%&PLtyo*jbb
zP7i3%7_~h053%$}@>El|PulYCZ>^^4h4*k*F$P$Q{aQ)x?LB7Ie%Sf2;zSo~`Uu@O
zYCBH?KU$1QmcK*Q(bsz#qzF{mn*4$Sai)qTrS;=YD-QUYeKprv3|L>x2j>ywqd+k@
z+}s1e`lrr0J5nU%qAq|-;gjgiD8MmN5S_p$K8Toyfttf84O-DGWLI=vn(lmi(5`@%
zn(Gh}>j9)DZho^D6?LRtLn2fgjKU|{J~BD|74^`8<ic1*Z!2E{W;vm-1TjJ=s?HJI
z6<U;*!iIp{pXY_NZupUrKpzQ1T9L2QFj50p9=!75{`xO>Dg{|Xp#!e7Sfp*=*3qQU
z1dgT*F;m8BWCz_rZ=p;qF58#ew1*CMagtM0&E_eb&D$WNnPTBhzp-Nb!QXVFLJ@a>
z+Tv!}t-AVi)ub&v2*aK?cJ1CBGRtk?lA1f%bJS3xp<l=(e@8{HrI!g{c^N&0^|yEN
zqPWs({5q`(1a!t7HY8nxhG=SHH^1HAIczjt&1``zK_`>>4;?Vz;nj&FdmIx<24<mF
zynwfsV=SCQ6zpY4zVx_oEto)ze-(-d&)GTFyiqv(jw~H-6H|Z!R_*g0a=XB}=dJ>a
zTE1Kgw2t@UEO#ElrRHCCaqa;CyvC^Mci~oMVQCpeW~co^ML0sy<l59w)SN>`v<>%N
z68^gTB{!hP1@}wocvf+8Q*~CteeofHF<G+i0YGXikR!RNJPw6G-BlJG^#0SQD=^zv
zXrhtJQ34UYC-(5$TkKdGgIyKXQIVm(ntL-2_L)6ocypA~uSUVl2OM|F@YWv;a-}h0
zLelHkrnG!*wX-|z<5SS8JUlY;6fh-89kpB#{J>KXdVV4Qu6-n;(y??(lWN!u9x`N3
z?BqVrGBW17zkl=QJlRoi$AtL!U{V>mXAPHJv@++6zIS?6!#SZ&*mVEr40L~s#5RVj
zE52K~)X=+&((H9~B~t=8UD@@eW|BPt>;tqmrDq7*mwM8w6JCx~uGd79?S&%9zSk4>
zz)4l}(kRT0Xo$)r+$!l^zgy*uZFK-r7P`9h;7leu)<;1j4l1pEiPi8~#b6$Cf=oPn
zAOtD<dgco#29vWdNjs~FhLuL43k1$}9Et85U9wPYtFM3YX<vmjrAe}B-%V}6y6Q0o
zJ}Sujr(a<?{L%ZIip0K~V2juri-{L94MdyD-h+P?vL-G5o=&YYV@&PPMEz5zPb=!p
zh;u(pamBN}3Z5(g`tZW!<Wj%H$Ymqt_WWvyX}ArdNHh?O^HrU#o}OOm`ZMOO!*XD^
zZ;9AS{7+sT{^@p!UzYXtduta@Zf-2muA!0jDvS~jPs*vj*}OZ65{4q{bzPe=(9koI
zyaS0Z_3Vktf{&(~y0SB4=&rnuG;WHJS5QQ&qtt^Fesy)%)3c*|l=Y(m{o?L?-?3WN
z3xQ1#nMw%Tei!9N%`4k<z1V(xUWXLLwL52(I~J0y$Fb?ewFOlAHTl-pgBJxa$iKPC
zAI5xJ?tOTh<JP|5xR#bB4LMFXEA8@k)E$u3nui3kvH(>b>FM3QGyT*aZU_q=eYQ<`
zNs~!UO{~RL<7~A#_4jf=-)W~o2u79}%1-zM**a$JL9s;uOubbtoY73w;1UsFVp%yQ
z@fE{c{t;2IuC5T967I7$tY2K25Bcs8J5CT7bW?|r1DCOV1#b?(v-U+KaRpj^4s$#*
zSn=6VJ2I=X?>PV~01V`;IFQW)T`c~UKm+~Zr{7LfAW7WGvFO6Z5l4X|H#KN?b|l(o
zvFl(n7^UJE01?@zK@=^V6(f*Spgn#;(oh2?8fa~X=%C{DJrguMS)67pj~@?q%{ept
zGJ3WV<Hju!Vg%@)@X`Ds(Oxht=qVMT;f>MgMa25e+!j})M}St+qw4p776^3NR#Ue4
z+{A6O1tUWjO*OTTabfMjo~F;?NU#4c+t)6;xzHUpDv+|(nz)@1%?Y%hIDQpUq?{5{
z1Wf!okI6h7B0V7O+o*N3^^Cf)8aQ3HFbC`Yu7mZT6RNXutXea;5T@+9(A{v*ivTqH
z>`1STXA7H78gcXri3aP#9ps%d=k&%LGtPuXB&}=K8hMM524V36tVd`-ShZ!KWvA^L
zI+vk?aiq6dRL>$Q?IfrAr0lyOeGVm_&4NlX5YkTAmKPVM9o9d*=pVuc)!qp??}LAI
z7ud#$2eqa(o@r}wI-dc_F(!tvVn|oh5~4;maujO>nZ`F(?qku9z@*Zy;xLjYW|Uk3
z*JCU}7HdQZ1R8P*ATUV+=Ze5g#s<{4@$-m<fyeLHmyIx>!;rd4F!ir@7I)H%xGH@t
zM+u<Zi)-AZK5tjA?S=^}4P*6h4#+Ozrl{NGF9O1jylO)el=u(;K4(UmECGs=oBE14
zwhqd&x8}|p;wcH+O*B6*$lAnB62u_E_$u3&4r?{d-m>Bu>6osJ&`gaCv|pzCqs8K@
zr`4?$jLS<71T79;aM{jfKFvgB6z@5{8n*IR1*pP7wGLAr*%gVG<g<DRz){d&MELKM
zi*EUx5xN#}9CKJNx$p3^TfctSNXtG&=bE1K_b+lRw<5P~i{b<QN7CwW&Y$UkD%oUz
z$JM*|o5OTWgp~pW%0`1-^QEvLN6DhkvG|LGRWIwwO>bnI4Rv+@9&VrWEaB?jL?PdD
zKdlt$*5Xya|5>Ada7djOHGq~SltI9B@h@YLz`{0{yVdW0v0;K*qQfhJ1V(Sjs|x@7
zXl8}cA$m1lkn0Tp&AiWJOE1JkkxUneL1@7Yyi|o+NDzDIho*V{(5A!|3s#_tZ?EOq
z8$iqZ`c_egOP75_Yf82=Bj@Y(939W66j&kT@A{032fx)8AO40xfaZcud{!3+eUmH1
z*x2aykv^<*Al<rIHJFvH;IK&#%iMYoC|C2vr7ySL09=<Z_eC7NICfEI6Ax*Qp>tMY
zUetxm%gdGYJgz^%fMt$*0CeLpRn@BSoK?rxXkA52BNS;^XMtn5Z#A8qWG_lgUSiGN
zf6|oBL-UuFE(mM=8%38SsZ;(Xt#*4h-83V*yhE(LT3*fv1rOX?=gnW*^USu<fs<aB
zNdHvwb=hA-^Pm6hnBjcPaKX2CmrsMQnRpynJ`jgm^uwxNs~6=IrsaH)-jcmTj-R{M
zai@FylY|t^amRF)RU)I<x^3HHJAL14bAAH=h6*jG_X%GXfPfcv=|RqAg`RM>OSW#k
zI<kk!(%-;}-`Lj9<5sJRgE~gJ)$P;C<_oX{hI<!pvp4aij!HX_vKK&YH3&+qDOnO~
z1*VO*-93N^8bU^sp!K^*wXj}6mM5fmilrzz!Eh6ts7aR8*&^Ho7oo*bmo$j1Glxpe
ztF&HtJ5#h0lgp8&oS|6Sx${S>0^;k_2`<!PuWQs;I131}@WOBObB7f+_r^YKC{+<<
z+#ek}B)b>?{;1~N|Er3&>fzfn>f+EsY2XMS-<ugD;e~`vQUZ5c8-`GiT(-7+`muEV
zj#{&@<r+3L-4V~;POB^a{CT7vhxyoNZ!1f>bnku{bRCd1xol6CeE+z}qNwt1+N4o0
z*q}8yM7;j4#u;B#T`j`NwXl*sUv_i?K#oR~E21Zx(qixk>61&EPY$yx|G0g9#my}D
z0PW_xS7Z|m(%kpZ5&7ZMC(i*2BMBQML>7&Az^hAZhYTJpswEQ1c_duNjSg^2IY;jb
z5RVek>cQR?f&*2w!o*qt1c=23^zYvvfjYXu7oXHdj?||?kV;FOlgBFvS%Lrrd)}FA
ziv(EkMIS0Eu7Mj;7thClSZ#fC!_UU1<*3Mo+6>9TtFrR5IZKJsS^bKq<en!95ih~#
zQ>(WB^n3u17K6)~G<Q5FG4$K$#P$_1B)ms5NwWa{w-l=F?u4EJd}35yo{GNosp&kM
zvcT<s)_b8OuCKSPH6{OAgmhn~dG2>|3c;XwtE@RBP<;?b65fXp!DXQMF5rXR<>Z2C
z7m%xXS6sY})>t%j%UBv<)Ayka?9eobbAbqiD^p~scZCQ37#b6iz3{)mG$odiX9&V%
z%O0?d#k}+Jc~zAq3#cH_49$Z+Skga>zH*9vQR8tyg^<z&_yq5av)()!=;AKG!d2jo
z-Yz~xLba7o?jr=d{6QIqz3Z`KbIvY5z?$9NHb(mRB{A<H*0x3xU4{=YbN^;br&>fn
z5epRg-O$Ii+&2;cV|NkJKV9}PoqaQo6J1nPipdz`cn-tFd@xXfP&0~rh4;3j&atzh
znz;%#R8H&V3w&JyVZcOABM4fAfflM>i?C~UqySoS?lI?s9i5FVDfB4n?X%?JLvS?_
z0w8yBw1L_OS!;tgcj`Og`PDU-zkU7soI_YikCY)3DE)+E&hi6ywrt)!j{`?Z4`Iig
zp4C(wR%Gq}kaLQ|R!F?_tm)agh&zo42MNE6e949ra?W0Vjoszhc_7v3f+?2{Tg0Z5
zrdrX<RR%qG$dPN#A|8w?tt}3(Gf7XUEMn`q2mC`>4qtZTyx`l2#$dfBJ8V2^ciMnZ
zz(AbQcKS8b*e8SZ+`qXoh?bj+uwS3xt+QF?Cz?RR#;(;w2r%c*KT9JkW*SXXF}v>|
zw5|aK<(+e`%zyl{ZcOe2W7H4G)b5njB!5;PN{PS$pAGUa)P)P9e+N$U?rVpx-JiF7
zq1nie&oZ?<0P_$tmXlB}p}LI>NXISd3Z+gNa%(b+&|Tld6|*rJ2N%nxuosK~m8GGa
z*20Ur9rQ#Uy(n_6fk-}3WD5mOG_5E1zCP->>!X*YfT}1nz6)MzaiTmp0DXq%nKf2s
z)?DvVGi0|c4}_KZiH9?hM4gh+&;FxVLv1PAPV$3K+)nizn^)1+9)eT|^4m2$D_22P
zbpg*NoAs(1dcD1Ld9EDM+F1jS9h0;7^Kb-QO6YY52NO9dMYG6BWjEwrnLkKSIe^lF
z^bvUbTQz}aQw;@zR*-5L(%Y|My6YX)D64lE^4i5$7ujD)-0qJIx`~5CHu})Jre(IB
z$P;VG08@&J%&7BjtUnP?(;1y^bLduGjL1<;kDy6Y?`gF<?rCS@R}avag5?qoXKJuz
z8&>Gf{j2jH9inAg?;|<&Ki^pKM#CNtiWI_F3_i|-Qxw&tJ>IE`&sYfcSv_2{nu9EO
z17L@FSWVQ4tJAh0J91>6QhGiIV3O*HC84f%4YHb&h<5*V4%BN?o4E^ldW)}{t`N#@
zA-^TBczI>&%c-nFDvcl%(KQtXbzv8_{*%a@pD4Y%Ujqh_VYn+fe|mRW2&xd>^-}AO
z%s%tpg<gg|=&quMd9}^|KV~OxiOU%$DZchyG&rODVYptbgVGE#sfaD=Nu&NrKZ+av
z$ss2En}1CE{WnSKpEs=d{htsJ2mbf?04emZhy*c4`S+<SNy=#7tvSfu(#FKY^&vU3
zq8`C_Tv+R*JH0HW@2c5X-oEYc_g|?F@ACU=$)I_^pQ7Zy_lG(sX{MThE?h0E3E!Fd
z;4@S`sr#>r%X*VM{d{}L&Y_?Wi>TaQKxhkaSI}*^_niKshDBfo62dGSpNZSn$FBSe
zEq5IxFqr*AdAfu%e(~(tPuFO)6R-B*lK708V@0UWi=4^I%SKEV3YcsSwwka99W$YO
zE-HsO>jt5524`G?KZy{niS<u)o6Sb*pF2#vnnb=cvX?h*oO}Xg5L*uMn)L=l1A}a_
z>oDke6<x@AcG}fdf&C)XoLN~5@nTuRsoj5PDoA@0dkp-F5PKMp^mU)-%$=J9=72xi
zrKP6!(}CO<uU`FbMT60Ohuef!SZ7_4u+i2xrdG5^u#?8`ksrU&S8OW*iW57^Xh|l&
zYJ6ZU7KFm+fqZ6jF+h!bH7q_cu}=ZMDMAE-He&6MyN3@SPF)*WUsrjZK|Aw%9E-nN
ztUGgNh*R?~?AI=V0SH@Vc*mEX9W+qEH6b-MzPmGAV7%<-rmzbik+LzLbs))@fgo<m
zUJjY-`&=N2AoRi9GjaO3ySs<3mr`!_9k^=>SqS@-^+;^y+;qhJ$$R3qtHdo%L}@bQ
zJ$ZMGsr`rU;w1%P%Kq)Y)0a@5!VM&GqDh0^XAf?92zC#%+`%PZ#5p-Z9W6(|wF})p
zfx66YiX|{UK7wJuxF+g@R8Nr1N=1i&9Za-!r=exzw%y`UCXEnWoY&cy+Es1?rysWg
zw;|ybb@~0qsyRIK(JOpt!wKe~5TZ!>Thu`@+8uJHw`U$lZI;alP63V-J7jy@<DdeO
zxx&ptvd>9~!LetlyRa;rIVrDs*u3+5$@<O)Yl(MO7%zQ3`P4<Ub*NJlC_KJT=voKl
zik?S3hLEH*WJn+F@gOGvd9x4QoZh?w`A;`FIj@Z-=H>yUrI%?3PKl3KD*OeAk%y(O
zT1O?J$jlZn3#!&n=$zd*9`@Oh^IZXAJBvlRh<UXk1>y>HOs9xFW)5s*9ASPGmiPiS
zL{W_z$&V`)JzbqEH_%jiM(itqM{#lp;W{5G2!Pdm9cz12=;BZ0s~DJ+A<di*hmUzc
zFbnJ{=aoA!M7y+ela>lx2$(^gYz8=dE=YuGeV?)GT!jLF&u>lPi4?h%#%8O+TU(}4
zW@K{v)Lw{gYupiMAaN4FmT21n4biHP7Xfzf@~5z$63JG70UyGRkR)XNt3@1r_v@p{
z+F}+R{SO&GZnL0-dWw!BWD!?Dii0`RgplM=jL>S+T$)Xb0Jy+(V2*6kEATW$0S7>W
z2`P@EkY|ZzEVBO7-riS*@)g0#>|C>a<CAbW3sKx|<7x$%!gdop#(N-Jd`?6fR+^9U
z!3s=QC}K$LFK`Y|uBwrKidU)T;kDV`J3nWds=AK*-c~1Pjqk(W0Ky9a57j}oOg!AJ
zRdV)zPMpw6UN)h(Yf~>vjsAkTUD@W>FKIZxDYSQcM`BvM;Wy>0**5e-d&z@VcVTE^
zlm{%u7kHo0>(V4A5WpB^5fydDtrEm}k}5skJ|f1T1vT*y`ILgsU(y%s*`>=x7Hk<x
z_84XEv_z+e^sF#?O5MLYe2j@8w399^n+7qy30g*UEnG{HRLPu5RxI6qW1XrOtyd8H
z7fG@5Z>jRj5~F?4?!Ui669mJ4mmrctasxwq+YbiBZui=Y)y-<%ThR~n@#EUaSn<o|
zqt;3<h%iAXiO@HSemuNz!nf&(e~<V}ja{sB7T;`zS>iCO8Y+%AR|_6pC^-xpEc>@M
zA!%@H-d|zPm=WUIcdFiy-U7s<eD~lK6hHsV*Z)C^{y)(EeL4O24w(ZM#R)yPqUUhE
zr}o=g*c;51w?3n3T@Wj-Tw&>ed9A;`Bymd4QIhOc95!&^BmRT0+kgIFV(TT6ACrzv
zpV-rWdT!W|Pao6FfnXGRZuuXm$lz1SIoaY0?7O1g=v&fwa9w=-kl>x)76{TraQnw_
zW1mJC`A@KjeHX4bY0K)>#dOfk_H6&=0%Sb+$l?r@Ex(sjQY69m{RC!P4<|ITa$M*9
zC%)dkhj_ms>Sq)<!PUI<8=b@*N}9nV+$x%lL)g_)rju>nZ}P51?%2AE`d5^|*oqPs
za>(Qr^)P@DjcVkB8R=|!MB#fA7uXUD#Ch1ifAg}F9v)bI>j}XV<V*lt1!Zm7h5W+@
z4+bNc%3D;}3?Tu;LD!#tO#c*PiVC%ancKy{n{2jD;?|Mk{%Eul*SiVuSR8BkYF@+~
z<0=OdqB;H8bUY%;Njnw+{8pnd5<O^~H46Z<xyr$M3@^^0hz+I7MEh(kC(m_~{FK+P
ze}(s@A$Y=;i^TFEQX3IR&<(zr7CnA)U~U7`yGw5AY@zl`*zs%2&gHp6t4}e1zP&<X
zgS1<N#7bmKphjw`&Oo@QIQbFCi0WU6Jq1+>I4y$qY<E-)q8m)mJZ{!UPn-Y-%0a#-
zMCsR7+*#r-$XPH?DV;Y6w1{%Q6sI%MeUR@2s8d!Exe~F4f<#Yu%A%|w7t#8`9TdHS
zGy22ccx%`Oiuw)b6+S!a@0@$fR&$ODSwQcx>(1k{j6>bxg!}&sEgfD-7!q(6FL!zG
zUWs_ZD5Bg0M70W~m0;=g<83<v<^#_y_9(>Y>kZ~mK=zakL2)AePdQaxfou{Axd6fW
zpF<wIuS5k@g$2XeT@FmTfF~<zy+Kg|0{u_KzyG-WLkABgqq!#$0q<EFyQhCmZ{6wB
z#RCzT0B2$V?Z%&YZ0-R97^V%%O>rAT_ILucM~<&Ags$e!!=<dLsVp)R{X_Q~9A)LR
zu?sXG=Tk#J-a7G7QVXN<&WS^hDHb$SH=Il_ZKRnxcF=02)}3{`T$;Zg@%-ZB#?j8b
zx<@XVU9s4#d+VYZq0g^$wz<+ddO>!t`B$T+2d~S%a>PwnFI8shz`9D8##d%mU2bQ$
zuW0zWv-;Z`t&-&>wqXqu<0s{Adqzoq0)H|ZUdPywzt#1^l#XG)=ed7O&&>SHh=JFW
zX?mFjLsgn_sU7N<wf*XD>_Tk$j7&opPDM;4#d12Zm_y(Zg|F4CTPpA`iG_vdctCEa
zPgf5u6f-6U4s@Ba@8S{7I(}~|*aB#V7}y{N6MKCTZxger=p^QDVEe7#KzqDLk=qhQ
zL#sts=Ix`XZmcl=qo?w5oKz9xzhyUzImT!*H`DJ#<Av-4_7X!U(zaUFpmGy_u|Gat
za{0k9)OB2u1SvuXj_NhoQHCzR?T$8&#?y#v!<3azf}IM(S`yy`=8o#;t{dB14udtI
zC=0F=#NseXcO;VAtZ(46Oy+QAvHsP!?{TKwO8~XjaL@x|w!%weDmMhb&5tB8GW{l=
zhQEx&gb!Uw5=}Yy@x=xgk|=cT-1#9O5%1dx06xz&1txD6MwSvF*db%bo(9!zAzXyf
zb)+Ng$-}}4$Vat}6G_+y!Ihy7!J%Lk&KB#xZ>eWe<sUfrB9joWdeqtZ9XLaqm6RNT
zW=I-*S?$7*QnH8kTdIZ!Jahvc9SOENbVTll^z?k@l|A9d9b7Fj^xLgpk{@X)i!fLv
z?F$nqhU0(9Dm}!`Gu>UGj;pyrqW`2FC+P(3+O69Y5^Yhc7?t3F()Rkj+TMsZ9<Cho
zrlP_oXNzozC8(IMroB6TY-5-=j@tSW*qVOg#}p42M3r58_kN0`T*I+`tVl*~ulQ%B
zB&!B>{Ht^F$>?Zx;-Mw<4_<U<;kMp=`SJ`xQojLx&jB>;*y(4rSr3~&7`j7oz<_-e
za9VC3o{f%cRAsRuP&ml${K`k}EH6J7BbpXBqNCf)8n5<k%8oCuR?&7Rw?7Rsb#p_l
z4HaZt9TM5#6A*tskFGY5rB1~}1osnKw*RKK*}~XKf|YP8ZGl@!OUj-%+;RuXkHGI3
zhXP6d1V_oDe6*`z7C;wd^`a?^%ujfDCc-!EjmmRogENW36?C$t>xiYwn9d*w9wT9~
ztpV9DJ?oH|n3#2C{v{blRq8Klo;mwkwi!C_yhK8^H9oqHn0x`!>NVD?i))XTfdK&$
z##oy=_ZanbZ;MuAddV;p#0LoYS9rsDlp^?pgrhy-T^JbpkqlSzKF!Ai;}VJM5JUNe
zg%aT||LoaGqJ1l?Rc2HR8unF+LgpTPC^g|>5v$DNj|EJj$ja{8zkfQEaSBfWSKd|+
zL;>=RrTK^gWR{P`ZlZ7GGn0T>orT-$14LqvSvkT1EOuVqb@?Uf9L&O?S@@Nb=UkwU
z0jxd1Pph6ys+7zly~AZ}=!)2=VM)0%(}|Lu-7IGkH17T-)3z07{$)sihpOZu4)j#=
z$_Y`0xw#(bAx?mM1$I1&@*vq`bbpG}$!vACwC%h5QY?x<G7x-mtWExDO7X4W(+h97
z^<!p`{xro)8A;+YDeu%a^if~G=xlT!nYLsHm^V?!PR1~MwY7B$645cePe@Q@AEYp~
zG|FmHD4imf#l}~jB+onx@c;!36};rY!v`#+8{y%}QE8&Hf9IY6+<-vvo<^KJtkU}g
z#=-QhIm;9vm`*}X5}5vdx38A)!9oTlhD>0AMsP_bi0Kz_(|`49D(`c!(*OIah~Dk$
z95LqYHrmuzv_==?96*$M=F4>5y7DMM`3C#L6i@@{W_MXGZgmnasljFnHhDWS#}b5X
z&z)McCrd+dl|zQRWoP>@h?X)bqfxJEFmR5Wb_vtQWy=~XomMH$K7F3BjO&@#+Keg2
z>qI9ZOp!j-^3D%umdfAp6YLSyCsBSnN+#ib$nUF9nwL5o`G=T4!@?2{LYPpV!KP`0
z%N-0Lv1UM-c901A9F|vvBp3o7`B-XC7>zbqfBKRFL=dpDQty98)#L{iw2!;Y)>!k$
zUUH$Cv{!g(IZlLuVUUnFAc1yHjb#Z{**lQY)@|EvMYt}&72{{7AcQor<#BCrm5m@7
zfyMGcvVbM}bR2L5J;=!!_xO8@etr8gHO8DAKn%7gV0D@0!?><KbJ+fb5xgH4Mwsi-
zV!SRVT3*Y+6AKYll1Z6W7TafgD5tS?jvhb$p1s9qa~o}@#Z?Mh_XL^;CJ@_Nv}jRk
zy3r1YFw(52R95=wDPx2DAoWoIK89iw6E%fBM(pmal$2vU`YzqNnb&__RYU4?m^?EA
zEfnWl0tpSD#Vk<G1oH|Elr4wO>*iKs3Qj%DC_<58*DE29aFN3b=hP}~oLOeL$fxms
zV%O>W-?@FebH9FR)ayTW%Yv7M4}`5fJ<_NP6dc|3`#4%D(07GyKP)3Rl?5v-6FJ4{
zj`^!+PmhW%b(W%K<s=obm}`O1l297Ia*XhiCU+55`@%yI?s08&N2@94cscFn#z-r@
z@d0ga!S;(-%vw=d{p5(<=zjLSiOWyOA)e3=1jf)0gR8TpUMFBfgvqVGpQabr9cc1}
z8@RbyNt>r^N!yLw)HNJ+{KsRCYYepqv1u6Kc@XGN)h2(epuj2I9|P)PMigds)NVWd
z0NATuVk?$D(y$dL8A1}y=bpmiV3*u8?r`vmJL3S}E`xwE-F;x8OeV;W7+y-gSc*wG
zdud#VAJHltSWryL!U`vLW@nxJs`qs2n=f14bYmB44qeh&ISdfNiNrn*w8)n3HTUl_
zGi-A#^iD3jxv`&Xt*o(|lk<_Uk5ALqf1#mo{RbKLaMspYG+x}Rd;OS5iu10o@`s~D
z95LCVzJ5;Lmp+|4Ptow`oqm3}TacmCj&Anj?5-cxbc{{+bJ}%?q-qELsd|(sb#3!4
zZE%Th<P?(Aa{8L~U|@QFR$q_i0RPd02M=~1V)(^Zd74-{@B7aY+1QTH$GX4UnyP+$
z#vm-?G*lO66cqT-XJ)y_)a|gnaq(8RiQ(Ne-<4x~A9ZmlA^M#j`fI0)f^?djTj(&c
z{N^5g7bAIMdYhq?`hPAx^_tpeYiw&bnX$^v958cccN=Y9-z<jP966$C|3|m!?{6=<
zc<Wlr79zeA;Y(a!SB;e3De-^SE<8W<|KK-~siiG--xm$xC4=VtGlI@7PEUOFg&&r$
ze{a{JR9KBk=$Gjmru*LCpw3%dXOi~evzqV`|9s_j8;W}Vzx$h!wy{izb&GqvZfqAh
zxny<#?g4Y>dVGJBa%zYy*+U@evR*QWe3eN(`0`uB&DDK>5P6D$gM%g%GY9?npcMPJ
zh4&qOP>-$|(`zW_?p%*S(mR~4GRnS3XSbf2Kyz&6#hyR@exKqY%l-ns^3J*}{k%!G
zbGcbZ?z)QOiYeH0J-)fP6XE!FYpjg)3EDqn8FaRHrn64$Bw)2-V)1HP+o+K)7X%S7
zm=Hd+(2`?8*ue)D_1D<?H=6r-)M7#&j56jnM~B+&LnVuG{GIFZ)rCuaab0?q?xWf`
z4;*Ni$8Z60#6S!waF|zrDfA&T^ocQ9woFX<BFL*v{sj*y(_hOM#gG_+jJRARX}}Y*
zlPlxYd(lZ9NTlI68r@u|$of$BpC=-r%smOrOYqBDyA&_*2x{A)%=^DTepZ0aeBJkQ
zWK~2;cNeYtBgBsH(7T>7fW4Vmv_b*+l!l`X!Fmy4u`L-gadj22*y*A32R^<}0ceRR
zfMeaWWi%On7V;@1Hiv?Of`;AFpFMju7z(X@?({$j$*Y8}8R5+>0una`WMdx@*z=hi
zBifiM#7T=htOpk4$KbQ=)P=({js)nTQz*yvX3dhkfld&&2mYF)>mkUlK_Y|}6;nI<
z6OY0p2B)DlFD66ZZdUU2Oh+`-Q0msTDs`f#P$Z9pc@a%P?0+TMX#R1}z(~5lOm)Qq
z^9u*4utoc3=T9HEGvh7nS`;|aG<_>JRu$p57?5^+M)9-)vk3DJ*ovn5Yx~2Nh;c-O
z4|0r2VlFWphy+~Zl&5DBJoqwX`5+wX(ZCW;!i$?F;l;>xjt${YEn)o};nC58{Reso
zVdr>gj2&ec`B?-;6r>Phgoy-eLD5mg0H`q_&P09*gZ{LklAffeyMP?JdVA02M3*2!
zCJi$$xXxk4RWE?@1^S66?Kdd+lHPtfj)|05mwBn<{U+r^ZE!$H&+oarx;`N3(IZXB
zBfV*RU>^@@K7TydU&{dS2i4-A0OD=mutXT1bb{B+poI&Qv_~YU5!Y(&!$yneAWCI8
ztTe4JJhQuXuXo?2O9Z<YHwsOkm<lGRpope#HHm*_z`bN8RVFTp$2bv10fa1#^gC;$
z-tX;aE`2I0a9PNaRUNdzHP~{~v7(Iivc}GM<gy!k(J_c~S}YS(hUY9AaMV)fv~QWY
ze=<!q^cKqMP#xi((3fuhmjwm3q{%$0L*%Z&GHTI`uv=MwkHJrn_vT0$B+NMTgMV7X
zJP+&<K@e6#I0YIVkx)%NVNwkK;Q&mtvG|st$-$tQ)Z>IOoq6^waGaPvz^o6H9v88W
zW{!fa1fx+BowGJ^OM(|1M7K;%YQ;$w*dT^m3rAAaG~yvaw@ZF7_M$_lPHk2Kz+mmF
z$|ug+^1s&RRJcqBRb?rN#1*q#2Dn?rM8Dqg;c0h{c6)MZqwv*jv=Pb2BvR@+14%E0
zC1F7(5N?KwqKq<X67tSBsQ3pfC`d#~b-dR@G6IQ6?8rXEsFQ9ZmdK1BfAjE3CFv7!
zOI`NSuEoHC&EtqYTtQ$%>bkL+tOVjyA^=h{e;#Y8AOZ(Zl<>P0pup1G;w7cAOhr#b
zV%6mcN9fZT-&UsA%KFs&d~b3^RL}Zbx2nSJGQZCQUGzN227PN~3Pbo)MUV`daOqyw
zFX-E^pPqpM#uII=t;=N+aXH-z<|m;pNdTjgo3L5I;_2yC)Ls)NP3qdc`*cQ|40|z$
zxoDYH8NZH1Frl!GHD}F7Ds;J8YOYQ^v<VX@w)FI~FhZ-kFz!RTf6<F)2VOfhI|``k
zOXR@m&Tl?`OyJ`jIeuJGL&FQJ5uX*d7;jy{{Dsxe&D%@$wE$1M!}5`II1(nkr~_G_
zr$?K;j<TWJqSnYDI7&#d^#3VCCAgXj00>di0$QFnzP_7GdXXBoR2q<4i*s3X;fzZe
zW39)ifxWCoh9%mh3sry&)Y@!dKLrsjMdI(()>#(!4@FU~=H`yist{)*ksjx157K$>
zmiOYAZxRIg*lpypzcAl~+tW|)dED6<u5mvVo5k)X7F2abfd?Q-1oWp!`G_W{RIuAR
z#YbOTkZ@|{Dz|Y{n&-bh?dUY_!vQ$4WIAa-Wd+G1W+mR)5=rbD7*Bqbf{h1yoH@UN
zHhoUaU>4jQ&c-aqUjRP~vC+V<jVBMZbKs$C>Gz(ICV!5Wo`+S6>yjgnB&m^+F?(kq
z@rK0i5Kqc7)(pr8x4$!`UI&CzcK}H!`_7H1B}xoZLVKE4A}4R6kxT<)R`z=_l?w*K
zo-MBv9slal<50%B0K3x62hFc#nh?lth1e1o#;iJut-DBKC7eespodY0J>rxQj-SLP
zh8YYl*d>M)h%qxvL`_Z><Bt?<j@og95?%VY%ba?P&K(J7(sbPYVr)wOM%69$8ok`)
z9%7#7V=c}EMoy_@S&I>1q5>!Rd=ei&pQ_f*#-*=@J0NR-&$WD%F947yuU{X{0Ve>&
zz!C#YbbS~H&2*kwxTtgNh~pY9gx0~3o?=tFIgLmYS;|v(-7$av{#ZQ<PeQ82)s~hX
zAAUjQ30LjFqMKG(hsc%GaJIuxS|3uD=DI<o3Q4uENU10VDPj8p5e!{)<u5k!N5I~P
zuV4GIU&zw*C}Dx@2ZDFCK99|o19zM=qz8S*q$5KY1hkhRXJh`NCpfV<ju2n}Kn5Lg
zO-Wsy?(;rk?PJnP^}Uh=N<wp+3sFg24Kmqbi?4R0&5ik3ZtSm9^b2n&Nbi92A&*&1
ze`C$)P=pv<_~giz`$%cyb$^-25&<K-&DyP!df=h|fdgWo(dkhpIb$z%$@J@9T3q~?
z^D6JIz0giVS<CJHr<f989mvO(MZsO*MwJZxG!2WZq;=<ev!^Rx)L$vdA!6^1a=PK1
zly#wD<Ryx9PG@X{rqA`Lnnz7{k($p-x#>(?A}K7-;DdW(;)UG??@O~B2Ul(QWZKof
z-p+q=bJTnC3)P*Qk5+tVR)900uCH=&f1F+CN6P)Kb4|n%C%>A9p|N7WxwzeA6rKC`
zzwY6tIrvh>EZlIZp4H1gO#Hn^Dg!Nv4CcaXU4S-NlpWyQ_-Ln*j#mDfAR6X+xLpHP
zmi$GLFRfd?zY|$C_kB!Fh&1(^wM0ahMlrO?DAvwuuE&72^CW|Rzy4>D@&0s@eKxzB
zG~#!5OBFvE&=mTlA-y=O;DGe9`A`d}W}4U2$NmvUX8gg!GcKu2bH!=dyX)nnjm5|N
zj931rEO8s6vx#i{->*n3%DTo7^bNisthU(Dpwe@GxH9R+`=4YG8b%kBv>$QzDYT@2
zVn224wE4QNdlB0CfETG>d&#t&tUX^ECUq4%iu?D=j01lepfgr)>7@&P|C6qt^xpn@
z_b`t%Tl(eh*K&GiH~n=n<o)7n)<<cWeF7G5`_J1^wK?-k|9+|X{C9n0F}EiZPX;zS
zu;^I|((BV4;C<o$L(N!<(=Ww+HEYZb{{l7evXM9Oq4t9ZYYFnE&#5Y({~DTc%eHMF
zII<0+=86yM*7Ka{Q{KDkZx*PS3nZavo^h#j$750cg_KYyMFSE;Y2SVPD1>3Eed9n2
z=o{%Myx~BJPCyrs$vXt*N-%irGjf#euj}n+Tyn#20J+1%A+KW?9LIs=_^v{06is~>
z5gw3qezb!L=1V+5UB7Oq(-!`S1^^bjlLI|<Vl64@L-Jex^zFNMj{uK^OF328?vHO@
zfA3;U8sP5jUB4)QJ5!Z04GMMa)b{bh;J5P$tsm?<NMC%g^wlHYR#cq$hhSmnEHg1t
zgTEvd*Vy{LJ@G9eF|i%3OL2}T>0BVk2sXVpQ3C4Omj6HFP!ozD228&rzf__^6X`6c
zl9UyJZQuq6QfmqPh4ghRKsv*Z*myGNELXt;iLwKtf+5y3nfyV5E}|x_3*>1eQLE^p
zm4MCchcgi)gUE7vsjO~ILt$+2rrD>5J_HySsI>%-2B%@X`=NZ7{@TyrZp0Zm`d)Px
zq*nn1LNC)S;4eMAoFy3Kh><LKgA4Rrd`hN63etz9l24y#cak$yOu8UB!+x<VFysIN
zN6I{Gu-bzmtp&G{j9d|Wn#_3Q$dPo_^$>c?irvVa(X~7#0<SBG8AZ}FE;<|xoN@#U
zP6;?9Bf7;v2}H|JNkUMK9k)7L3NOSzy+x2Ba#lLW(QC8`7?mi`mIfvsJaJ-ga5~N%
z_@zLiA6&vAWF4-Pc5I}*bPk%4G<g&0!!-2v6Z>KHA#xcNNEZa!0-olCyM*>d<n1WU
z4#GG$hUf3FwH-8W+*yG*%FFwG*aKru8B5gff!u2@AGgJST|sfc;-TzM#D{j;$C)Cb
z6tbY^rS^IbD^IJNs&6H!F)r<%)DaON7f|1m(Pqs>qGja|26>3%{02y(082T6)S^U~
zqyKa^Rvpk@?MO+Uq@;{Uv1ZcUKyvTBR2H6l9K|n@$ik=0<S~j-qU3*eequN%wGs5h
z9P%4Eh)k+y$8|+;-tbhqq%i3E#Grak#l$E_&iauiF`{=qoMmZOl#aSk7r`M0@fZ0h
z!dxC8gnZ>7+m<e=wwY%)xqyCxxQEj)jF}<Yfu*rtVwhnfECk7rC=UTMTj}s#pfd^l
zlq(*pFOCSezCqv!x=&<?08bdVap0j2J2cohdN>S4>+?tjd=X8D=iiKsT*E(5P#i~b
zp8?jp2Ll3`hP?k+k)5!rEu@rY$@GLjeE;;!F*aHx{l8f%6trmhXq(vJt!EUvOa**-
z+SI8nq4krhz4nW1jgLRbrxGJ{Abu&}S3_n6Ix-zf-v-0!a}>+w`6r1)q|WWmvx4yU
zXN2;Tk=KW*k?CC`T7g%zA`FQXkVR`y0B@oTr=P^}33n`J-gK(p)bC#{0Dyku1xK?R
zE2nUgiC9QWba<UCn`SJErm<>ik?evxZLq3pX4Ewf>%b=V)?6TdgY=A00t`KZ|I`z<
z42q;4+6zfceBdBIK@Ppp<UiG$-d{AOdmz25z_vQu>pD3GUbuYOA|~=pD(?03SvdeN
zLvVglBE+sn<9S+nMSheavMbmz@yKW`RK=GE-f|ihBWW)MW=k@)^;c~%To&9hnZ$xX
zeYphY2vN^sKC3`&!>7)I-52YdYtPEI`}S@+Q7Y5%<NNnd=(~*kEMQd`e?pota1%rJ
zvMhmI3Bnfk23|j*9lS`UIicUtSl&k5MXxVDu!9UNjBxyQp0LcGBUp{WPM0rWmn1tg
zNUV`@<*5m6;4M{&?a&V@D95sDi5TvuPoK6h*>xvM9Fm&X#TkA?vmKgC%FpqxJ&X~#
ziP1q+H<@jmCI7h^>e9QnGn<-PKY&mpmmd=maS>FWF7#9E7!@RP#LHnzLVJmzNJhGf
zH6gZ>tkw^O!f+`3_ZWH_)){dJ`Nkoje8hjOyu4OqnVB8h`kQi1K*?y3?tM3|+e9^p
zQF8bN@U9!mL#P``JJr($j$9hnmk^#gX!+a6cwTg&1_#bC-}Sxj(vL}rzf*uw^##F4
zjwIPWfIbl*9e+uBm=0e8A1=&>N^9@*SM7ab#=_^GWZj@p9b{z2j;g$8SK5VVEOEfW
zjE%E~Z9%A~&w=OC`LDlp*gHHV@DMB~+%JToS+qq{3q;2N%(oc2icv|o?%dJNtf6Dr
zmzpLL;E{zslRtzV-uX!#Bh%J!f<#y`##a>Ti~<94ldv^Uz13vHvh)3r`JxXAUVb}b
zSg%x0j=;!{F7Q1d5sYyOB&Fssw#@J8Qp^<R1k!&bp3F7Y6&TNlXL-YbSBDt-31SU6
zWpYNoG`EvKvsU`d*MJz5t}Q!30Y#xJDpz)q4n+oxwgps5;MdPu>}Lw2IiNLEF6I=e
z6v3`UC2@XmP;c-)Gama2!KH8*ldW(_ETCfoIf2-Y;GLo_?AWoR(C}uNoa=86ECgB!
z6{2!4c^BP2zz15H>dn#Tuw%>sHRTu2jJ)3AJe&(T6E#>O*{qlZEr2(|0DUs&$h?Cl
z8B(w_%V)5rrY|SrH_$+z7{opj;2<G8{Nl+Aek<HjqyoGJ*_enW>~yv^gOlt7tQ~rB
zO$_-(Y;G%rDirV-fgeLfWxj0qIXQq+0{Js4-Dey?!<L4<>KbAo?%n(Oa>r%w_nz-J
zqOSkW<|~mpx=$Qp)A_moRHwkBntft(b^WvoEz`B7QRbgCI8u}VeA!Q-zMJqnub=;$
z&8WJ#EY@zAz}!eKpGtG@_h$M6SU;kP9P66e<c>3S<<rq)iwUeoaE)_4L>y~gAWh74
zbxn29Rb*@sDR*+`e}6WH?DJB_6=~w`K1fOzxcPo$3I@|3C|9bkpQqMJ2D;WUzOimh
zuVvt|<eLER?>AfU;#Hf@%l(`4lP-*-K6Z0L#*x4*6~8QtBaN2|odz8HqVASh%vi>N
zH2uGu(-wVZFa#-Ea(Jw`O-0kyL|V%AjcI#89BNdbMxdwQoT;Vm;y286|NRXe%8sS3
zB2m|vD*fa~k~#)Zs0gYLI{Upe&#fALS)7ynVVes^N5w^IKL7Ux{`#XU@AcmP{O{io
zzonZR_}}!+TCc1&N0Q>uaK80b9&oPr^)s#f;$n4wSxJew^zV*Ko?V_X*FzL1hOSgY
z_8&poJhGH{!bxhP_Wk{zT?3WU`IX;atH%jy<Nx<>s;>8FT-^TL#5j)++g<!Bzt^0t
zFsx{-m{h&G@^zEpwWgUW>6=te1^xJFCuiuJ``%06UnMux5ezuxt6NvA=Ql=uZ|tG{
z;i;eY0Fxc>GQK-X7@c8NbfG8Te%!p+smLs@Ve;-h0n<amZmDlH-0=BK&tLV@hqu*P
zTFzB1U9~Fl)A*IGb8^~1dO}}+t1r*)rLsXmY4%I)4BOi|SLOnZ`LFXa!VtsED9T)8
zPLH%b7b{*@j_!D@T6<7_<RniP(&P-=rhcNJ+Gf0YbMvWAYd5{Rm3%e3&xFR5`6TGG
z^ll%H-qu3%b;YcT{II~L{HTqGE?>5HdWGq(zir9DyxVIEyI!lAZoX>Ol;%D1cbD8N
zTXVA}D&f}w)jpO^O<#H{*ZWRswL2qX`WkxVzUzi<dfu?+Q|`@4VPV<*L;8uG@7D9E
zc=XCbN55&>c!{g4Ym#PMy#6=8_@H0R3-<B$_8y?G=5gs#tCJ`HG}<`6myA<LVJc^h
zcC@YLOS5$2?M?okJCD71@nT5+ujErfUYgk+ukXdGZq_kexDITl&02@giI-Etqc-Js
zdE>U<uYCN*1rg?3xSmt1d@|Ox_WSI)^Yy*LvTH*!=Pp^(tOp8A1zRAOkjFzP&)u{j
zFzQrkgJYN6x~S{F1D$;U3$p4}WQ?-Tv5zM@$ZB_d@F7LzZsErjV3*T^o>g|fu|bLR
z@W<%J<4dmH$+)<9>Dn~YS=4Bf{&PJO9vNznk0#Nc>^-g=@t;$G$-54lKfmm-tGf4b
zlj7Rr4bOcLm<5D<`0;IF^_PYgX~uR5wqKWBywuz}bARY-NA2^A%Qx<<cJOa%ki9%<
zW6JnRU%gdNnK@0K8`<NWSKP{AtAY=n%i8Wb8EASSN9NZ`O;UtF8&+24g@yf%?-zEe
zw2CyyH4h_aRN3CR$ouB!sU91fG&aAvVO78}DyN>%@n%9rX<=QfXJ$uK%Z=5_o4<aI
z<g)tkW2^kouKw-9TF`>$UE6P0i|3)!E$ch=T6MMjafhsRRZC{(@Awp7-^ncK&PP2{
zt&u+z_inGOe*fm7S!Oo2$m#Ec@258I>@v!G{M_-auIbBJeoXgymOuIcM11Q9yYn|>
zRef;1Hc3ux;~)M%MnAq((h#-2@PtjljutmI6}4#mIGVM*C;r-&-H#rpzng3`Zi@AI
z6^Hk_`BC2)A>*e$rBCUn*B<qoVlM0`lGSgjT8amwd9AOZRmRm3o%%$tdE^vm*~?J&
z%Orc}(VNtF1lcsmx4u@``s?#8jz71`j56M)^dsc2UA6L4v(}zl)-}qF8~n|*`E8WL
zoj(4`f23AB@K9TiG|}_fE`K-s)j6xI5?4~3RdI33$?5AgwL;DMkE^ZhD64&}<W0EP
zw>Q7E(y$vUGsa2gnP23XtSz-~c4$Ah9Scrha$r?g&mS31YRk=*I9A=L3@^XaYJ%g$
z{VK(Q;*J8<PMJOXkB(X$-c*dM%=~iBFLZgdR#v5shym}XivaGoTSX;2bVXhFFm+RP
z#~yulpJ{6MXV<7*Dy{14%roA7=sU4*g7X8z_Qv--BTJOW>@YQUeSXn?&Gw4dmJ@4}
z+=_0*C_fl+{jTp9O)keW>A9>`-bIyyn_=<y*7SkP_S@L-{B83EGc(!k8yehka4J?;
zvPlSN4)R|ZXF6(XOz5hFs16e*oSv1tz5J%nw}-BKC@zlnE4Xj|sa=ynLC&Th-emSS
zG<LS}P>%m<Fe_iJu(neB32Q%b)0eR^8%*`qUv+!%!8+~Bc=TkqWbX}I8Z*`;&gijS
zWrv*x-;|V<<@x!`Zwr&xSj3-A8{sw4-ZwAT+o-wd)|OLi4f;fkQam!fqhp6<G0wIn
z%5UB;a^9<CD|s1SF{kC(RP}QOIWd0~Ioxy3yT9;<=H^b5rpBp7H&=w+Bc=M99oW6}
z?C4gZ#`pGxt;nbDOQH~!YrZi4UcJNKx~RMjg|(vqhA!8KES|9S{j$KOD)gfZo3e+8
zE)RG8w&t*^b?sCM>|gwi3r+S-HR~O2j_B3XBSON;h(F)r-pdI4?&#bUl?qqA?z?Hb
z(;c@6i`m6-UnBL?Nr<O{$BJi?_R#FFEw!2^_dBFj@9wR=syA~AHY{(}@Nbj)_`~HW
zTkQ?Yrx_1*XsS0j>vVswMr5F><(Gl?i|+Wx`#&4FGP&>B>&sH&k9ny2+U8k?<o&Fu
z`!V{5=k>Vy{q;5LE$)oeyz|X-ah%qM&(n-OCw^*D8GFU-n0PpuPv*bO>uw*QGGT4C
zt4#6d>ph$%9ve9QkH`m`+GgF=9(%`7zIJlkYo=4*K8pEKzcYMIfk!vx4Jq%GM*JwQ
zmdgn<dek$e>E~d@)Ba9cRnPA;9)R2}L#n9CO!L{oqIV&LRrjCZ{H`|M^M`-uzzR6V
z(zCH)MPJnqOm0|hxwM-}!PMiu#<?0i8~}|1xn%$iG*|bDhJ>{_^ZVKpe5RS7c8Djn
z@#aaQbi1XwWiS)3q8uAe7T(I)d4^ecEuP01bcB^qWRzLM>g|8`n>@p=+8=7}-RIBi
zYNPLKUy%iBx<KCk!l77w;GofgE3y(sRhQ+p84|QWTK!jUH!qTH7xDS}#2RC-UnX&H
zt>^lmeDmnwy0+Do`=sTv1@^~XIA+_+YNu4j`LAxgb%BaPte5iZO_fGlW$)yq))!?*
zPc-npn+y;-OaJb4p6&$u;hI^-%|D7|h8P}F+px~5>SJ2UoY7}496mg0#Qh(cQ7-rH
z^{b59bf)xM!=4G^1ZmMrJ>l5dQQkKizqk3@Ut?yT>NCmdp{vr<Zr##%8Eul2XSV{-
z;BCSQAK4W#WjQyLyN@{AF7xc9y3)c<xSN2LsxoZW$TaBOiuszcJ1*+%Yg``NZCYvO
zTvT}zAMZ&#dG5`pj3TeEZ^z*4A09bkz46tC8(SRBJf2mM=`Olf{|CJMpOtq{T)wP?
zUConcVeNbVQvHrM)4?+#Icg4{B);eRCHssYy>Vkr#NA&F5q(@-@~_vmaf<G4S+d}6
z!L>mY33scWrkoyD+?cfH>lV#W!_+4EN|T#=)CL{u1hwtGzm3hhqA-iIb=O4knRIM+
zx{yJ+YoxaxIZr{`HKz5r0RuV@32L6)F(V^fku?K;vLI}^T<`H$)58iIhML5TEvopr
zug#w3wCARF)k;~ZH&S(Hn!UTZW=O9w>rR)dS(mqb60bCd`@JO0I9(?_gKK&6GGm(j
zutj%A8_JIWvFfC==*9Gl7nQrj+RD22IKRyJ<J0O}srA-%UmV45B{k9aFT5)^GxOXe
z-I>jLa5BS|J^$!-J^Rr>%zNt^`Xf^46`1DvxTbvkmTTXJbCrrp7WePgy^Eg%`ZTsM
zWwUSJIa^8>951btjcHOKfUztPtd2$(o0ysDeyCG<ODna)FX_WE3~PCPNr<miAKBO<
zf0BW;t^N4~rF-IPQ&#4*wz;^vO;7y#(?K*wPm9}KryN=0@bsa-%e>;6^-mIqxK29t
zwY=)XGK?%}g>15q=#%SIF^F0sY<X$oVV)wsU>>SN6cq(v@U+qC$NI3DaxNdM%N;#N
zCoTxIOE8w-CZl!oaLv)%MS~hEC;5B}_b<Kee{<82`NTQHfZyPK$w85sz3o17-2sxo
zix+<d?EDsWQ)lM%rlV|-c;~zpRw;fZX=YQ;<%iK6@I7;mg=*BosCBE9b!S-oXuR*P
zQ~^@e^1ha-*T%|%k`=pZKc!xbPw^USKX{*in&Hi+`DT5K-^|<Zz3J|ZT;)p5%q`6!
zHzzDva@#2C`S{1TDdwjvU*3}9F6FPOm;3qDM4R64d+KfE(Nn+X@Q!y$BPB!RJs;NO
zdUz5ad|$o{p_=!a8h_=}v9)mz8-AtCr<pVbzL8#<w}@om=FKH21SWW_SsiTJlze!C
zcC*9Z970Al@l%<oka}U-s>W)M5{uV$c_r3AzGqtGT<i3J=N3O_2~#Q0t<q+<tzI3r
z8DT(GNwb;G*}_}*DMgE7+Y-~3ne=?q_%mtdF6;W@<B5k)IL=ITFO}EZTy*K=!$f<d
zXOHU@?^J$!Xnm*o+=>2^UUb_i)yg$?wSt;%9Avk%#HLZZ={Wr4*5U+%kM*MhR}}Q%
zuD1G0Vt;FU#l-R)CxghFuT*UwUt6`}&;Gy8WCab{8+G}%td>)ledLV3S`Md4l(vvp
zBJG*5<(;fVtHD7%Bg1L66rh<FIQrI5<A5<em30vid45RIkbm**Tuy6cvy^YeL3^W&
z_RgQ*GwsVM608nfd8*f)BUtkzS!>^M&hD_4@y;K@qesp9y3}M}l-IGizCY7Kt<&^3
zd|qs-+}uUN`Yw5Nu(^#gWp2XCG0gStkD}@@uXWVJO!;t8<7J*q=gwPBj$RV>_|op6
z4cC)bj#;^C)kDsVMWM_5mJUA~WLY_2dE@sklXu_Ba(Xi>=UTIO^W0{ayr$}*t5;v2
z$ExB9=_7SJbUBp5%G-2km#(%4w_3~rf6{YsXgTxIuiQ9NqT~IvNn*pQPzTRPA+@%?
z{uCH<c1Z4zT`AiY8n!g;h~AXz-sV@zk(0kp0q%Bf%wEDWnFcfqZ1k+!Gf~b(wogOa
z>#fDrrIDc=Tb#_kTKyi%YWH<`uks^zOYN12vQvj0U0iDq961&ANGvWS0pbBVST=O+
zv%3xZp7Y{;ZAFw(V#t!~<L_;jiVc6~ZNEBewyXJAlY2GeQtn@|c71fLEN9L**~>hC
zBe%nZ#O8xfKQArq&Y7?O(k#6+U*B`WIlp^{Z!mC@y|mxz4l%y5r$g$Y6DI3O#pNfr
zvsL^&p6U_CXYJQ^#r7e$CzX%iu<Fr|RdV^)P3k())v1$mv&bT_a!8)(!h5^a<+L_P
zP6gFxUP+#GTz=9|x0cfd-qSGmZGBCjsEy@Q3Th|+SpR(-PhQBob5fHX?paK#+$Hl)
zyMNmG%vPg=lgo@FRqbYJuYFek_moPPRW;rx7KMIVoxgU?8Uu>Joqx*Dsgtinjrg_Z
z+dJ{1>zkAZ&D@<4Iny%BwsT}w;5N0aV|ocEn)YUo=$R3nGRdwye_y&snq}GPEidzX
zsNV6HpMEN#(@^86F%;N|6wKnt%4e9%qwpfbs*=kolIpLYp6oji7jSRP+WNkx%4W}^
zHW4Y}e(mzTb!#VetEYO_u_q=s*A?6!;`q8x0`Yp^=fs+#4;oj-lP+H_+UpjzJE$k;
zq5`s;;b%r{CC|#)Bj@|}pQlf33nwEoxt}+MQovI)yXVeo@#wcZ4Gy{e`{_&kTJ4Tp
zU(=TI>Cw;cZae=hOAE;!o>g*hl_(7id$!wJk>5#z%FVid-@)H!Ug}DR7jaus)FL+)
zPLwcu%=T6nw;@9YHjW`xN!c^gZRD#vJ6yK(-*u`W)BRy(U3^AH3zpKRxN{1eU&9w|
zPQEX)t+jw3LrWG63QGCQesy)_Sk%pRdEX5=PpPG6vy8dztIK0HefzfJL7LAu`WSWw
zFV8Qy_?upTUn=PJfus9!ScIH4u*!~rrT-15R9(L$6afEz{kI8tr6AnTIz)R(rCp>T
z2Q|(nahd6h5O8a(m`d!s*6KlF;pD?3I{&oHx;MD0x>SpfFgMHTbNqgPF8=PxhJQdl
z@f!bEzd5V1VlTI;@jG@yCI8UDRe!HTe(>*?r@?QyPWt_S@lBHLGf;Q>!Ak7pTtac`
zKvI<(S^<@aCsOH!3OtwP&=``m)aaH=5mL9Ampmf4McO&2_&sT3l8}B#mMsft8fgRZ
z!j$3tC}bmO$7D)EW<MWa-&Ew1DE^eFjG6s$27{u7tPacFopoUKZbYU2)Q&hYV-R%K
zJ0z2acWrn-Qq_hh1&+P_)@n<y{BHZLzs!UX+)$5UrkM1#k<c(9S&7VMZNEFrWQGY5
zC@pw@Bl<!Hv`(7Ya{AJxxt4pLrGj^R?>DlQlW7}SYb)i^za5SF8KpT}yVr>s3MJN3
z<%YexAX$<+25}Fn%X3}eR0L-wy1y6*L4$+%Erh3E0kP3-`9Y+kC7MT%3QUm%e0p18
z11J1R)VT~epGK!mFWL!^7PM7RRQ#I;yp2Wo4frh>V;PFNv?|a4cg9>NKQ)EFq5_@`
zrzkgmV_)Pg5+-5$pnTbkz*CG@f8f;IU`7L_|Akt_$%635C?Sb%=qKPg2#yv7)_}k}
zgBnYo<5cT=?p%lV?N@^SiAEc^5Ycu<+YQ>+lcjz6Q09oxXgNF!tE&c2B#7V_9O94o
z-stvLB?(GvCFU;^r-Ae1MZ;x-=%|6v*o-Vw2vniK4Q#mmeGpAyu%v^Q{q^hDqA`fJ
zj;%~ihO?MPLu!j#yK0yjs?~S$u5NI(44&0P9lbY7W!&aBI?QF%$2Sgs^v91Mo8i9o
z8{SUgWe^+s0YrC|mw(2Io{XwNwW6HlfOeK2IK7MhF$l!~Xq4sm9lT(2u+HeoRXpGz
zzJj`4(D`Xg9A8dIy1EB(<;e7(H&jN5m{X-N83m56=`0Au1mqa-r?wc5<A+Rh%)*!S
zaJsp<!6j-fX@LJ+!}SXl7^l1WZGV^&ew`HeZyxQNH*X{lP;DFC+B^XLGYwe>nMVTO
z)_+$jx&+bnM>{ie;1OAGY@na$+4R9SOeo&jExoiHCV=b&I*O_C@H`J7is>wp=eDOk
zf5uws#YApy2TFi`C?&hlY%;Rk7WS}>CC+h(1kk6-^ci;?uHq!md<=tyvqClZ!mf{@
zAqL`$!SV0F5T3<UGAX>nAAbxSI`jywc^RVT@$FaSGDa~Q<k(<>SH|thCr0>daovZp
zW55OD3HviVI@$th0lbeYq|KY=mv<^3cwcXJDZVZfzTdU|)YVzuQ;rYpzI&6gQuNXh
zONL#$x?<GuvXCXcofp`2MRMNz^0n@FRtE&Txh@;fW#G|QMg4!??ryYH>E6@t-#lKW
zm-v4F<(ux>@Jz%1)Yz?{k>T(?r-cid@D4=?vIxCvxR^y~MgJ#8=GRay*3dJ1IZxJ5
zw2gC#%-<Ny=;pw@T*CE2M*a#nW#K#km6$M*eK-on>}P#_nHcKG+J9eJxv6TKt8rs#
zwAX8OVSA%_@^8F?w1t1lQ!llk4K_B5A&rGwFY-HKEKE1q6*}Ft7B-0{efTFabdbrY
z^Wmb!5WWSUOE9$NISs=*5W;)wmMw0IKN}i=I!$T2KYQlPnO)VNE)Z)jn*`E2N7t?k
zA7n8y*hMoBi7t4axp4Q4uuKm_Oi&7WS&z8%L<6k|y~>$Lo(=E5;Dul;aVZH#?d~od
z5K19rnR%qAcK-$4cfv9(gBAu%5wD<!!6m{cp@K)d5G}sBwRH$<WF6fNa&vn=^BI4g
zoqPp%;Ow2s@^v`=4#N#oqkE<6zght1mh2bv{pj52bMws5`HybJVSLUlwdlK|jA_g4
zhM{=PV8@iprHy498yOp4g$=yA;IcC+lC_~B5W5l4(PyHgqlG(5=(*#37-_%#=`Chv
zm`TB}E%4K{UqtC|UZd$9;Xi2RpJHOFnERuc6?P!%onc5?b(j%P=*<>=T(KHUCf{Cp
zl-Hw+)BpBsq%X|BwQ^>p44o2NUKABqbn36QoGW`l3||E2Dg1MJ9KvXdX@pw>%o#!z
zzTDV?J2S-0%xv4I=TlHaWFjD^#VgEQ<se=XkZQ>%vzaK5VAZPDV7+5!MjUYj2+RJ2
zbk+vb+s~|Z2&N0uRSa{6%?Ktux(77WRR+awLQ!zW)%83<DVcu7Y{!6rzjHYdKa`h;
z2wPedrFdTIZ!<$biZ$$I`_I8meGx|@j}YU>p=%Q==yslul)!u2<g~I(m;PqE91D@r
zVt&9Z1S4FTvKWhZ%0SL(ImfD9$+LcI&Kd6Rr|GPHZCuu!wJk74N&IGlX-x1D7nh}M
zB}$-2^cG&D6=VczguHhHfC<YAZc44VkO)|Ds?u%Z#lZ%aI!ahhOfR%LGYr!};Yp7z
zrtoPL?n4NEyh9l$cnZP)32kkMAM;q>VnC!{*$=9ui%^4Nlv(gb!%_E#^z3olsrkMz
zc!H)*!cxRN)3@bF>1>$D$T{P^e$1kYT8wQk9{Nal{h(zw-12wn2&V1u;mIoo7C$Wt
z+?C&EiE3Fn4=jXZR7_Mwnsje$P&xfgrd<4)>d(1T*4qT`NE4<wE^D5uF-%l^aM0yw
z^W-j2)CL6edRk6|=RDeX#ey9idl*HXVj*!vo~XRRJj+Pv`#^-cbKEiFKGEU)i>EY1
zCF75TQbR1_OPAI})V-Z7nuyr0rL>QV2SIxe?0FD$xK_3b$Jlb*6@;Os*jr+tTAMbP
zck3fxc4c89x2=BjuvOu0+nI>RhGW7kosT>$KacrxRDzcX7VD8DV|a96iw|1!tCu>8
zxu*ndVd}(9Jbmq&%~i*5BVj9p5V<E86qrzbF{o$OxI&G|hPBgXWR{on>te!)YA+e#
zzOJa`)8!Z8vXu4@G2UI+r?WX{?}{l`_@B!~Wol>1*Ua5pb@6!&8OzzhVEc7EoroJZ
z=20Ucm(VmaGLox9eY=PaE2d+_KY4Nm%`~!jY?p9Q>do+9MD_v5u|vq$uyR4Yvhb<}
zP5<nd%gDErGcy;6PW3H|OA;qvt>au87xtxr?kvrk7mG+A#E@zZeQ%sg(FO#KfBpXu
z_Z?7KW?PnjX{lu>EfoU@7zhdoC=!%tD1@IN86;aGA|N0Fl7mtvB<PO>K|m#gfaIJE
zfC3^}G9{8FC&{xf)_c=E{bu!qo;9xS^-6@FFWh_XIs5Fhx7`^8afOLMbj-p*KkFk7
zBku0*#PJTSH7rwkq)2ehHTBqf9h;o2XaxHNvbTe$2O;c)1DZ8Bhl{9f)*?F)zya1>
z@k9kr$S*h7F>d75LNqRqd>P!*czih}IhiP*66NVl^L*(p(iU|WwVW5BOYs3#0Yn)c
zSL7#Tq35+%LJ!MP;M^V`2qA);Z)ji;4(|7!=ra=KHV@T<jdfFfe9DL%6YKlequ-T1
z?Gm8^L8ZZ6*rZ3=4gS&eZoNoB{v=A<<XFf#zU3jqlEUgGrdHFF4PD}nOGmq*V%T}Y
zuiE1?KF00DL&cxntdWO&ZrzW+Qz)Z4`=K8divg>bMB5XO_CxD)irsoNG^L>#td8JN
z!9*OL9<F+jLMhr#=4uXXExVMrjtEQHS(49NwuK8XvB-ij>M`3x<YOtKnbL<=xzT)N
z_;+uju_E`gy7M#ndXd%rKM%MCXyKyC=&r%|rwd0Sq*-&av!Af=citu{s8)9=d7r?w
zG9CU6-!JPXNkTXI6X?0sgQ8~w##GI^y-v@FzA1EEXt!@mdT><XVg-%v6>YpJsp<A|
zrcWG-TV*Dm(8Z&I8&ZQ6Nz~9Z&z~P%`hDfYYEELgF6rZ~5)l}PiWlL&$)C~I19&0|
zc1~%Ce)uCzj`fIJ)j!0nB3AxpfH|d}%?Ofsq`e!~Lx5`K4?7Efa^+9aCDwnqK?Qo^
z=YRb1ee_TLMZRtS5XX``iwjx#<MtlU?8ko|q5tn6nkr~Zq3H4KFTUBcdH)lJdKs$2
z(w9|w{NxoohK{5v8=3@);Nd>Jk01Zuh}``HdAV+`m<_y_O#~^Qcyd(z_*}|=`rH0%
zZ(;calkikcd;WZC#PGd)rq|=^RS6<Wn_G@e^R^#IYnr<_eDT=tk8NOVUjJN$*Q`C|
zO~fLv?glk<AJvwpGMZC+GY@+Yzw2z8&^2pK<9^q>{a|I?!P?$HovPQ8<zK5~+#P0^
zrsc*&lV(C#*Q{HPyv*JHDN^=%&*tvPsdugKg81##{WA!#m|bszeB*U$T1ds@SLcZX
zORjh(q52IyP%&b*9cs2oH}2)2BIM!!Qqtt+TBPQ0a8FieJ?hysa+~ja+f03-#TMjE
zK_ZWd3W>n8!sxhcbwT6hkplf_zDQY<dZCSmM|P(i&)KEjB3OCJ%&a+SEm+Xiw8;3$
zt{_9GT9<t(tBAf*{hHx;rx|wGr`G2SMyN3BT@r3@9#(kr)}@K@#P!n;oczm;s;^qz
z#bOwh!%MYGJTAPG-=)7b!#TjIVD7Bxf`8QKs@Ja%$aa+t%!RE}QnIaNIvu2yX<{;7
z@aR#dT8{O4gxbi@{(*s4<fOYSjCDH{e088r;EfCK{-(oUKeQY%5>`6T18JRsn(Tz^
zH%H=)@_jB|9Ol4W>von8PRkAHGoli<SmU8<u@;x9TN@KiKZ%4Rb*0bFQLph-C@pVj
zP^VeXO=?yyEXe9+Z-a)r?3IPAM-Zu&_7Db}fNO7u1s$`CydP(N+*sGyfoj_iMMc}k
zmo7en`at9jvtZN77+W?m2EVC<RX4s>qe@dtGUt|mdPEC@nT<W%B59^GNu0yVa`Rh$
zhA4{kuX}_~qWMmH%+Hi??GGv4yxnofjNI9%VJ_p3kYKY>;g$eX(K+Q(pXL1`xp@v2
zZ!bXmm*q`Cma~Y=UZ>+~^DbhCjEoLCAHR_W&f!DzkhYvHbz!c0=$;(p($2U#=kQ*~
zX1G~nN#Zc<f6r~$m>W0E<Tw!jt{tO|DVVmzf(sW+Ts}KJy(Z1ReDf@iX5{>gf!d6K
zP`-r2J@^&wry84=$G9>#Vl{g)%zC%B4MwzBY~1MrQ7zZ{P<@xioGI-z<2Rf(eRZ<o
z9gZ4!+wmuV5|MwxFIZ_c9nslYI9X5g6TY@j5xB%ab$;sHqzhNQ%a+YcvZ=j?RTV#-
z0Krf?{A>Y>kdQ`Op1o{XmEJS=yWX4%%-Z(TeHZ1V#RgVKAGmGZ*}1hXe@{ZJuf(VR
zXI9NAQ$}ss+aqVBepPZ`Yon5uX*=S=tvwd<F?3O7dU|%MIPkf{P<l|w5(EFMXu+$k
zQLkRbU%$Z<^eyzb4X5<6%g(Xo0dG`uZ~Q7|H@dIhAV}COWBhA!{k^~3>9$(R=g)1b
zRZMajpXhjY@7^Ah)-v62sr>kunA`!O3lZ4d-PovkcP4@1oJe<deYRm|TBCQEYxP}&
zyGTp+R|cx2n$4SYYv#xxJZMZ@{&lLotT@&?P%eJN{np2RtC2OZqu+?jiF@>BT`W+5
z5(6vi!!Z(Pc>2CIU1)0VX{e}TztS{5Vm<kp!?65v0)3dv;ave2-#2^Q%Zh3+bL<Of
z8$?0RGt@Kz3D<cUq&!HTB1$}`mGPe6f4F2Vo?+g?(ZLpPJ<-EW7Wn6xyKz`#LmjT?
zRiY{zdgSBTsKBPHD>Nt42Yb_T%2)sOrgXBY!hU@D4{FMEjpL0=bh0K@#jkHOskBPX
zj`ye)-<oC+w04V#P`b;lUC1_4b+Ei$ywD+UF|pk#JbyEz=nE8BvFC;u7{ms2b@LgX
zi!a`hr3Izio#Ek;>>fOJuq_abrdS1|1%;b8OVwWdnL6I9V6sf@7sE`s%U;dGKOPk5
zO@|;WNmA$D6K$`118WNIDxdCnwZM!t&_p%qMX|dBd3+nzXUFgv$_%9Tcln7q-f&K>
zQCPQm?LhgmGdoq-QSf~J{N~z`Li2{Gung0N-ifKsQ%}itm}v>A`IaQb19P5RY^*Gq
z7G<#cl$Tu#$@bgUK1aDRI&9MTml@elfP1h3ul+@vo7|J=X6C}~a~hJB(p%mLQWg%*
zCN;$*k2o5?$=R`COJP));K6*0k(C`i_GoTqs%|<#BF6B+*`VY0mp#UDl-E8sP8GQR
zec#aM;UuBljDV1~4*m0)R~I#93xdKWH(vfw<?4RReVN7za|~Edz>}-xUGuBqJ+~KZ
zl!9G09Px)h)0yiDT2wBL!=Kg}-07ca+DJ>EukB$Xp?7xq)$daS4Rso_>M}BO*Ttvb
z#KJQ%D`O!|D@=|l`o6Ex6aJv?zGUBl=ExA2&7)*N3iP;htZ3PO94VMmT3WafBw+9&
z!(#Ci$_J(H4@m>pI*(FoiqA-q;L9Xx4T-`pZ;c^x_`bcs4djuRYc>`(w4Q)c)EgN#
zc80X8voo~E!-6Vv2f2->T5?AwmCpD$47BueL(1SoR-w;`P>{sPvBi-G{q&)!rO<Pb
zstn@))KJ-BTzyM(TsK7qva~Wbg~cNUyfbs@>CS^&f{wU6W@Ow@cHzjCighZNi~<xS
z%yc4~QrQOw4dc_rE@UQu8!6n|U~1Dk*_J6zqW+yti?C9$Pag=r?O=4xq7pQp`p@Q)
zXHC9;y4jpRAvM+CChr^l@toj0$Chbb-0-c2IoAZ3C0v^Mv+>oI`V>hPvzGDvoEzrx
z!9pzZ12b68oQJ=~`Okf<|FC0Xsw<~*1Hu+^+-h1<PZ?78T-(HB>~gN{*&6RWP8cux
zaH&RnYu`C40SH1?EBoS2e^)Vu!bKP9B~!tm)){c8YaTw|8)FqM*qq#^zc^>zcyC5r
z{rqP&gQkR*8zygG-PFpwk&RY!^wR1MmELn^Uzgu(%b$}u;hg_1chmf(4{1&0sR&wV
zCFsFJecjzvvBLokv!4r>UtM<Ot^0a^#B{J{L^aBq>Sbq<2hj5CfEM-9BU?HK2T39^
zc@(o6zk}87&$@>B#B(iycsA40$3{|G$(JS>ofgDRIudUqY8Z>ULIZ%q@x~st7{zuw
zy>CMs%NmWm3+8VmpIfv%i+lOdlpW*boX19O$z0l}A9kX@WTB7wgSkPt{2q0a4-v`6
zdP($cEylWqu3>j2=lb4kZGL4g8N_0?w<&#IqcY@}{F21?fudrTAU?AUb_K@p^d)^X
z(785zPCnQ+POC#t>es1(Bu+KXEAtI|J>NG?idIexZpA=;x>>D`cE-}v!%KIVr>Jl$
zb(1@DdTWtuO|JVq8S_lZ<b8(Q>L2fp;O%V57@=u<#l`6tX0XPhe~ZnWa`ECtnxB5g
z7ZIDGnsdOY9-`dEk+xgvGqpyl>+B&{7ZKdF9_AftyUYKev94R^h(qWF`llSC3qc;c
zY#W{&>-FlE@wYyjF@%SUe26;zu08yeZr3k|8sq#tH;O%#*!w~@;5GlXq81FIt3Kgl
zgX_>5V6vQV3a<1iDL|x44b=Im3?q%ULRWpbz&H*Fn>NNJvPhkip>1aTMKvkZVxaRm
z3oU|0N+BjnTlv5n*CF<)f!V01ArCNLDkGKyFLM1Ym$E7!FHvQ+7XAH)Eo_tvoT&F7
zd46o_YHii2&l($a_&)j^2~aG;Nr}=UAJ9J@=;(OF&1;8{x=cf#J9-<N4k(#n!dC3(
z-`xFG(VOvvDmHumP?H*0!EEvQjNjKA)yH;S7WKyzY@Gby<&v-@o%I@+;PMb`$uvcb
zp`AT^V&`E3s}1y2YL^U!h-5rUNJzkByjpfme2L>l$0G9`Ts;xEJayc1cTZ0o=uMF=
zu09jrswMsX{qer`A%E%0f5?DtzRkB!AHD{LktYW{KgnZ<m2$Lq!jvrM#;uX{GkBfK
zc$oEZhTAo@waedxheEoNM`HQcl9XTdT;<Q5yKVT#AN%nRRI|t99lHHeXsjBI9yxaX
z*Y7MUy?T~Ey)Yj9BHRFu3H6t%yh<Z&#1|T_ss?;CQ%nBB^&wO&ckQp=VzKY1=11=O
z0d#}(uF_2@Z&}){k54tQ7d`JUvPh}0)5&L7)q1dn_jY#8D0wlck%w7S6!H1S$gG-t
zFu(Lp*#|wpvQaT{s2JQJuOjA3|BjJyAz<ly*Guu;B65%exNgZ2HBhhY8WzVfb3>~!
zX}MW`pf1@DZr@QzmvL@9W{KR}_*_?()aCeoa<B*SyXfAyF^j2ZLA95Pdb@ZpSH2Ka
zm{@So$<3&oDsNxR0j$JoJQLbc_tMyXlMM3QKyL|^Ro|=1L)*^I46`{K1KeqRuX2jv
zxZPvR+ypaoNl8gAfNCXGV0=CI=dKC;GJTxjZ;P(C4)XAvOU>VfMHn8Zl<zUz?xmi=
zf7S_vEBf+?f;O$OvGvP)XVl)6h=1y|?GQ3Av^pr0Y%C`){{WaSvM4pxI$g=L?JjXE
z>)K{86G6PMqUnM&pV`wM=j`8+6sdGR+CDI*ZbVhS(zoOGoh7jY2ag`DwtLxcCTqXY
zKck?<Jd&CA^`l?;_mSumMt}X)$ZwXDd4Of4Ea9vg20}Rn1r1##f7j8t|AmJ`yzn}k
z&YF$Q2W3AT-^CR-I%;an_&_aA0xE<g34Wh};dfQ59v)a<*{h|?NK$JS=aY>a=D&+6
zMOnXBopIDcYFgsBUjWS%ndynzw+j&fCnJNdp35C!`MU77&Y<_=Ipf6U`LEL4&{Y6H
z>3r3vB3MMXK$aHOAY^i0pXJUL;x$vl?YrQlqt<nH_<gg@b<UTg_aaOqkPmIxB>LQA
zhu)*qRNqz;)p{fY^@aLdAYrRnAEP9o*`_f6%}&(cGt}LuLkfBlCXE@{Bzr?bJT%*F
zD<3AvQ<(y(k-88OrC4)W-X5f~oaa9gu!WjBEEU?*?oZP%)JXg@zIZUn@blS$sfaua
zm3fwvm+hJjoFb$josQF)RU2xb2*z($JO8=9*Ze0Q)M6bd)r&SpN^g}SF)#J9oSbdp
z#dlAas_)Sv^^+RvM}L`h9^t|rb5CnN8otM^LNawh!KSn;#V?Jt7WN4XpKVO)P=$am
zF-|uRQE*Xze%fAAs<bb&V{_~!>Mj&*u|cM6OyW*DD9kjb2B_hGK7G0&UcJ&}VES??
zolR6`rA}ziQ?IbmSiShJC>Li(X&Hw7{y_lpuJk54bBOaQM?3`oHWu6)1LdRq-#j+#
zy5SUMkVQaLAI79L`X3+0o3c@9Bg+c&AMfQmyXfXT6$p>6nK*n@wg!ce^i*54@l3vf
z$5zYde`u(ErJrA-uGuKu_h!qTa#Lvuuf=O|{)ZRU&*aYq>$Ja*ePt<=$||-3;hv3o
zXi&phlWwA3iwej3_-J6O2`RF+0j;{TYPC<iYV4N}zNLbi&Q;^z?3#Nophlil_bDD&
zQa^|q*pFAAz0$cVY`NTSDO6{aH9t@xWP`G*Y8vSk4xE<tarEy^#`R*G95wEUe#9M|
zzHJ+GRQBTgu5_g07{o&Dt*pDdN7FmmId^Asp5fh#276<kONm8^tj4kT?y(Vt_i;}p
z1Lu*^EG(8-WSN}8!dj<J^(udBOm^m)owZQB&}oT;@(QLPVhgxNsEvtjim|kJhGu37
zxwhdplb_$q-Ot6UMI+~4UhiRL@DY(S(Bw7KQc`5BSUZxtT>HMfi!g3W6%Ru+E|15o
z8GVDXMVP+P$F*EAT>akNR#~am;gYFtzAUi;CFQ_eyG1@Z9C^Nc$~M@;t-X{F(ghcX
zv1&*7&s2w&3buSJbZBh6W-oZ4X6B&gxGY9}@Z;vD!p!9Xbf-snhatOA|2Q_4janJx
z(6=yK__gqII9eMvOHTJNO8N{qZvtEyjfa<MJBNN*pZ&~2eeQj#RDhB29T4@=PSrE~
z!0N@{n%XPmTkgOg6OR&I*j4;@VrCF#?A=^0NB=HwK-<-MX3^)pcuS610JEswvv4T|
zleRhTfzJho9?rD`^LVfWsKkKZoB?6KIe%VbsAF#o7|MptM<pfO{6=Vg9^T%M5Jpez
zv{pQQdM?~BtPXdKr(V}zYXo*ZWLpBtKk_6EG{|ecgvQ2)f#J3*Lv6N2c6-&6)FrtJ
zb$u`9q&^-?Wf4=DXFPoV(<#6T2S#{z#%rqh(6zWW=bhQYEc)pY%fU34H|kxpT#EY&
zL8hUjvp$EfOAGaA=y7lX6wt!C9ue{Afs}XD(o<*uUZ_b8H@~tBM$q<uJn3Cr(fLJ3
z&UMND)XYc+&h9+*#Bqg;wt|z`DRfbRfxA)up2V>4<H*R!u_v?c9S-l_wjLV}Yd<P3
zlO@ie89cfCwu1$rMqT}rW5uYtdsVA;0mn?;_xzX6+g~~_B+X8U*9N5r*F|XVvY%$8
z4Ft&9&ImJzUv-Oe71WRqvZ<bN8B}Is8jr{n%k4wbH&AaB6Xo(H;repn>4{XNNOj*d
zeRt5?YnwIO$LZe9OvmjSq`b~|F{=!mGK@3iQgf12kr-1S%n+lqpU)5v7H^Lb?x3&J
zjxW#+@8RyKd-s4k;vKIWpM%`#v9?!4tffGkj!oyuXJd=^X&A%f_S!A3=o?j`{HBCS
zz@dWGpyo)vSr4uK!~+kHhWp#2y;Mx^+D|oBR2A0YG;7R^ZyfN`SYp1p<3@MfxlrK*
z?5wy8r`A;>;0L=jC$d-OT&a1iNu$j<HF)0l@XSk4H_I8!uijoiF(jm{`+m-tj^|s9
zo>+$}Fu!hrZ)ZZbY*u=HdW}4%_KQCsusey$bd|Wi2+hw=`x3m@bEEO4NY9Jnu1mZI
zG!>Z~+aw&uH<%m-y6%S=$7r~A<+AVX5K1U;U1+yxO-uE6T1?232zz>QO^*>Kpq~>!
zqAt=$E5k+B_Qi`Doi(D|KEscE4t`Wj-D%P1bnRZjXy|1|vCGEBu|ejE!p?IqKlsVY
zm^a3$4K0t9$8ijl_lYZ1N!V}BuxL3wKePAT*wXJD#=;IQ(-x+$Bk0Lnw3HkXwZBTx
z!FGDSvtsQo8aSbhOVIL5s4_ZNQzG9|*Jkxfe9kV1Gf#`B{(NY+eQSoil|6PI?y)X&
z`I>IlHO<YNr`ZD(WJ81nRO2rT*w}}MwNEj`3nm1!57t770*=k&CQUiHV6iD9;~8hD
zQ3x-UQ?F{*BPsMd57&;cekOyPt7g?=YvO~Jnpz_=OdD5V0c>g-?W}~L@j?!dPS#bO
zAx89SQ_t_N(Kg?Dxx2UbAeETQJYo5XPeJ<HGa0`RPgxl$ogHL(<Q1Ne7}0PwTsVB-
z3&6&q=gx&!<*Xht1eV^qt<S~Y6WYF4?CncS2m-{YK4G}*^;4Oglfvp0W)Qr5fZPKN
z2q?br38dn*3)Ou2Lr>;-r-2_VUssiWfUl!`(3<a3a0oZ;k)KC%!S2t@V*v5@>6$i}
z*DS1&txq(wN;ht+X#H#7>b(lz<?gQbA@HGEURG-M8>DZ%`&J-zX$@qk^^sOBs+kxu
zjCr$e^-}k}hoQzQ68yFR=R4P+fcqN@|6hUYM_&(qiVc_^ZVT%k0wpN!Otc=37AgNs
zKY!AkO;A?>@M)g0d*vf}1#t;_horopekv*suc+}yj95E4qbkt&p-Oc`qoCtTa+QbC
zuPcV7ZioLc8^-M&Lv)m%vf8-ufoo(!LqgEy)A?u>RxbK{xcts?r5iAM{45~g;Z{HZ
z$T8z2<IPPzy~;0fp1hAhypKv2sa|{|XVVh1mvG<L_qENFwKwFSimIS)RVS<3b)tZ8
zc)R6L&f5HAT2rkpS1>LE#YnT(8-Q-7hDB5>wep_Z-tkmIq7%WlwXyDnn$Tj}iIaeY
z)XEzy2z0{AQJE3?R4?DER}W1}Mf{>N)6aJak^=#<geCI?VcVhjxui_Bk%BW`X6KeC
zHzsK2QafHwniae}_YW?B3N8k|uKH}$;LLA|(LBy|DO1`6Mug6hm)XmXSCZ%zDC3)s
zq^vYV9(EJxdl+LD{{rDDd!-ZHP|05xUx*ar*^svDr&rHcd$uezUak8)lb`lS+lJeB
z^=lP^ecP?<2Gt|(czu^%oOdumd0Yq70*|Nm{4hom2*4XzV3mITozr5Lc`6_!nal(!
zs0BxH)Lu6II(mxW4i-1ecyVx~q@*Zc{kGcqFEO=T7rl7ciJ30liljwY?)6r5Z`7}C
z3DqSq%=l<bG)AvXi(e-R*nWft^(*E3_t%n>oz-}G=}pj3zVu$_<EQsDBs@&Dsx}%}
zF(;z%oknVDRa#uE7b=!>2=4Oa;eL4+V$)MGYZN!pR_v@Ar@FqWWtU<?P`&l+_zr4K
z#!&88_3${%@^Dj;0pG@Ueu?wRK(mTj_mZ(OhvWPzutsXIuh`SGufDS-U=}LC{m4(V
za~qXVy<+h3xp;mDK|pgH1Wteacuv?#@OY)eLZi7dYHEU7K%ToU+|g)ge#*^K8^tBe
z@&vle9-ZOV=AVn!U1{mLQSI&?aO*t>V^;#I5C|;XVF!VpuQoiH$@;KTPqhWGqI*5~
zHTK!12l1bqd(@HH9p+Xk@cGo-tYtYi#-0u>kYCfURv)i7>sWquF1~PHDd{n9I4bG>
zrNz&xGrq7k=i2aV{tGuIM^?53b~7_Gz>TP5P|H?E*sbipvQ6l^iQ4+Z2VUb1%h#Fw
zBvjVvpN(!?sy_4b@<Jwg2-<1`t62U06@*4}{!JdA%zfaCR*vB@llb#T52CLS^kw4A
zU2hWr$^ggKa3Yl;YoY@IKUMEw^y@ga)S#UFrlXR&K+bU#A8b4R;{xPBFd1#lM#d}S
zcbErHnmmT^(sK-%JK!RP0-o$v*8X*cQy%xTjatq1_Z9N!ZXk3c%l!e9{1y$00D9AH
zTF#N28l-^@8-$INpVFt-|Az#XAgzhIh5H@n7s%xSV)v>I@S1AwZEUhChIOneUWc&l
z)o{b|LLp`=yYB+G@36}^nFE;LBWPaRmP>t5@ojEdQioY{Dxt7oeo4yLn{;$36cw~|
zM_cV%QXde2TF?28$-u#OPK}Jmmcf83fZ^Bn9rdkG%?v;*NiF%Jeb@BAKacp{WH2&*
z6L4)e(n`JI8^k|&pepnXjqOOSuafrgunoV{XNvst)kOTmi;=~K_pe`{_S%z8aPgeH
zY6X_|J-qAI&0p$n?`zgW5lh-FBw0s`*7)t{%^-e5e+I$fm}&!d`t2TOE&Kse?l}WZ
zEwaw@TN-a~4DhYDU0Tpb_WCxW3r7OdF1np--HR^_?|Uc=WqztM_#Bmt>mS;mzO@=O
zr&v#0tYF?hA!_5tsq&`v56Y7}BgTI>&i|9H?0;>alw2!?!v3SxD-O2b-`!=(!Wk^-
zg?Jgi*guAUqm4~W__EpzHP=@>qVNh13+x-T4EqV4-i<1uE4NE}<o}o5=6`u#70s>q
ze79Z1E1;5zoJwwTuYdX9YkMzq5C?fkid8ZZE345O(q^aB_@PCKJA-HkA32}V@b@Bj
zAblBh*PtVR+yW6J8qz3(py+|4@(EH>by#od;HiOY#Xk&Dh$JvcV~AO6M?pTZT!GY9
z*EC3wgP6W636t_-h=l9~n`sh6eoUHDBEip$Lv>88K@wjF@kvmKWx%IuE_5v<lt0LJ
z41fm<aOug?46Ft>ijmvxv|MQuQ$$@|mS&B-n8ma}Q3+rrY!l)JOT6VF=s}EK!R^q1
z$V|H3*hQw}*G_`?rU3(SenfQNmL~iTh_gP!Z~g#k801rH!9Ih>@&)oiAcSgw-3b>N
zHmY)nunpawJ@Me-m6w(tl=X(X4&~(BZt}>KuUT8Gg3Re9F+V$N3|U?<i_|bKPt54?
z{R*_S8$(*ZG6|~^ViUHkp6jBGZ_C)s3}{yQU*WF|IhCot>Nn?;!o$Ns<3XeE2r({%
zw}aJ|ZR8b5ti0QYr@<%kTK4wvP`0*CgKP$mY<WbXWIHfeIPjsGLkxcmJE2*hW)QUr
zH4X+VtZey7)y=~FjlLkVn1c2L_l$?o>v~R<t5nH(5xSaCBTnXkt<41zuk&c}IskTZ
z9<XaPg2*TEj;G4p761v6N2+GRDH?-}TIl|2$92z555+@@6At8(WNCnGby?1Yyq+Ul
zTv!mj=s_j-g%WNgUQRg>G#`njPiQK$Q3*W{+9EcXC(|u-K}PwKs@?$NT-Kp-yl=YQ
zyRWo1fRhFNDLKH){;ap}-sR%wSEZ$)i-u$CJ<ccyhm}M`<mczZ$ROfJ8Mv?9XXUkA
zU%8<>?e@J)z(CcYG^d1Dn||%D)1Xbt()b-FuMiFr-c2K{C&KZ{*|`S0yCWgC69W=U
zbAfX%SkR`eP-7DF+I{pi6e5+u78bzI-M({&6RL>z<6o<xwqFM?CGbH_p}j+k09_1K
zfCpL9Fjbx%u^|tFLZ#h?8B3tZFA*QBsuXB-keWRvwJI+wtIDkc*t@thWN*NB^vyo=
zlOE?n*xCh=tVXw&rOwj}24vfnsV*dtC198QgQ~K`0>aN#Ld2mEZi-t)Hx#$5jrKht
zGM59e*!>tPW;(1$w(UybDZ35=bBXO=6gxre3l$$`v9DcS20y;RV<j?;?!{N$TtV!(
zu#-GDireyT_u_pJ%=z)Pm3>xW2F5qxaAm)t=xqSe1qj|N$lsiY>jm*E+_csmqW=ax
zW%$MAZY#9~xp}z~#3bH)XrB_d&YsPy?VgKiJ-qGstDT^^xjD)nb{SV6RmLM1+&0i1
zx{#4Ye){&xPZzm*;ynW{AS@wp%4I+r;<J^;#%KEx=Q<^>KxvkB8=|cy4oLj6r8C5q
z8gVBU+|8cNYbcbw2=a_5l;y3SGWd?F)$J>EparRi#5}iZ_5V8M=U)cl|17d!CiO&~
z4vsdELHGpX{AiO4@7Cm9Auo7Fw8JR!L){S)V)t#wyB$s90!4a-9kdJ?v)@3vqEPtg
z|DT*AE3Y(#R=iJlbN+J?rK1j``-)rtqG%p)ykXj%nX0CA&{6Yzpa^j@qworo66(qy
z8s-D$)=$ySB&SBt=5=M;(6Pso_dk5tJT^w<C#$=}Qt?MM$D5}8s2Y}#EKlz3(jsXs
z$dtjE!$Bf+E1&oi`NZ>U-Qm#+Y2xcoMCkUFlTN|<_4oO9S1_%|H@WR%0>_2-@Wzdx
zzf>a+SO)mN5wQ9A=9NQE6Ra<{fDd52<HQ)b6h=5Z#ChFznBQe5BjaI6Str0<quc<_
zlQ2B1C5Dhtth$1OKtT-y3wj9WgdZH5GX%zAEV$Y5Lhn-vaIV2P49pLsF#Hk+lIa{|
zi+3<FEmlkgebJmFS5FzWULgPh5|(QdTUU;PGu><?Hr2>IELPme$fylt22Dl~w8G)2
z2!^(27`Zis8%U0H9ZNUzKvW&X+ye%RRqEh*<viCP-3+Se`|gC7FIB-$hrZT$Y|9OJ
ziUTkQzk9yUuy!2U*Cuc8ZN+3jK#9-ZFypDH-mvLYfIErpI)bZ_(xsJa`|^jM5v3}<
z$!h1o!t8I<n)>*yL84Pu&bimCB@(NenlvHgOJnt75>dwyOnB<7&|Eu5822wET^k{H
zxp=8tOjMNL^2_gFOv>WfqUA7~21t%tgTVY1exuM@1d9GUB*z}zy(^V7hAA@z^v~*G
z;8PE)V6@!b*L8!7e>hk@7>A+?PS9G<Da@x3|2g6SO3r#^=n4~>U;g}XuCU$cGs_M*
z-*pwv!!sJgMQRZ5tif@G&b=}50LJkw`24Q#TrwsxXc0KL`XHUC3c9ZiL@X;q#k65Y
z2Zh2KL}c=!afLX#70?`Qz?4!wA}-<VgIrI}DDZ#@X&W;E{p1MKN{<7-6<yN1*7N)J
z?>|Kb0l>pf#~mZo$6;b>4#N}hUt*(bC11Ra)*-Qvhp}p7M3*dYs3+#i!Hbn_&bEq1
zXI2$%vgG07g4N*?3*}7YMdIBbL$q~stdDv}!4Nf>Sa>Z?w^$HDFklSQop6T0;NjyW
zhIQ(fB4SphOTB+9^)Y0A;>m!OrKJ)o2f`%A_y$(pdGMZz`6KYF?*9H*H#f?fpMO3C
z3Dww!qc#Jo#E%zp>h3#vbPjQFyyw6A`3T{|L%EI|{2+@*!wAT_3v0^*P&s-&C%TNV
zIw2Xl==Vo3xQcuw0}!8jF^qwh7?>myZZ?)(bfcc5JVY4%St|pNo`IVV){MMBB4(xH
zFm66RGt&q%4@NM;hAkta!26~}5Entf`RD@#goK1ZJ2wu>e+<4}%E~Viu;0+%)SzQz
zTrq;ixCM60LsW#ARU$-XZoRzoFg;_Rxyd@zp0AA&tvbk-ra{3HDO^!j0-^>`^Z?=p
zG;SHWOW|yk+>;l068SJ)#f7OMh4c(R6OAw8N3S3iBRpojyGhWK8OlNLSAk5T;>nY4
z<mX_OM>13P(qG9IdP2^hP}AERML5wfAL~sqloeBP_K6Z0=_u64rm4r0+5sbHaKvS3
zpqKr@IA-{$WMC&mKh&{(XwG=Gg&eqXs1kmHW;!dI{F{8I*%TDMUg2Bzk_=V>gjw3-
zN#;^1(n@(TRM(uAk)e(W12!tQg$hQ9Qif2Ok_i<YfS0iLa2`W>luE`bSg9ak$W84w
zt&fWY!$+1z{3Az4uTiPBsmLcou6DpB#~7c(F<_Ur4|aaH(YW10k}PO@1AZVr*gzGd
zF}K!-X{!KMwL~3F@Y^xlqJ)Kvo(-Y1!xH%<Gcz+;){x+SiOm@z;o2S{{xAaZ@dFYy
zyJ0w(c(!2hV6vRIFrs;#F_kxT5~}zb5^x+MWMM{UEkrYF4ea112a^hkW+e(d8U}$P
zka(FQG!U<A)>x!WgrE(n3on+Fd%Z+)Zli$Oj__ZVPTk%vbk31S=d+S8d)~6#6ahNC
zy}ikt4f!1CnGZn>t!aMyF)#sXUyk89;h0F!Of3m~>DY=0qLRQRD5#F7QH!vP?mato
z!-fqqV?0H5%@xwP1S}Lz66mmD8({YqnzNaM<LK<@UkGFPt6XAlbzgSrcG~h=q~-ij
z0H5lwl|pSo3@SnV56xjl27YSR$6HcnV7V>VHXa*>6OO-8?=an#h{2&)rSP-3J9scI
zq@|_F9aCCaW6L{`Xo)t0=8*1C|3xmL7J(UacEn78Zu|Cd1h071Mpddtuq(v`3y(7l
z*Fe2T(|2YE9UYkviqz)8F-!_9GT?ymhdzu9ZP>J_4k~-09L!X$)XQE-$XIX=YHDdk
z1@%>IAV$z+qz9uJm@|$4{r)!M=ndvQaoYyn`XqUAm|pS<-(I_Y_wE=Po9qWTe`8!`
z!)BL^+xE;e3hmFY$cU2ZtqT{PVKYY|^_P(eO3^_?<krnmB~cGkBWXre%w)(4G=4?o
z+vE}Zaj2Zd2Q_C}gpoN9IT3ZT)yfX%!M<3w6nBppqJ~}Z6%$DCGwXWX>l%kKgdiA5
zp~?0<v)w@!<8P`Mi6~ja1{FnR6n39b6i#87iX`901zSdq;j%|&Cy38DY;Gpek3*%_
z`(&`P41$D_q$Wk!A?~oO7~xSTw0}&8)}!DY`kZ_Qz7(;RA1oZu8(lGB#n1=FMug7I
zRBl@S%H$FC7SmRe2;?H~#^i(espOcz0nQH%QA~r-@45#gg<IILT(G$(QwPxfA85^<
zNM+hbZuHVm8{c&C4!^c~hY~=!CP1T8a_crmSYd|_iQQA^8hs=|u#W)qpngQ+sggYw
zS1=w3b~1sCu$AJ0>EcqWTL0R=5t`y~k||4YFeYr|_kTnC$gIow{|W7bTdsFSP_O|b
zWJePt=2IY(|4=LK%6@1qqMywHPq;X}{2X|qTpa%NP!h-1V=+fTtGfiS=wt&6zi4A+
z@&$28om>)kw6$9TE=RmTY=#NxmEj|!ywG^bahyqno1t2kqWIr=-;bY5xVB$}S~ImL
z(;5=N$D~$Y^7_`4K)$PMYBPBdnq<~sm)>8eZ?I~Szf;Osu@mw>ZCcxZz3<ny`ySQq
z>((Q=bfdpiWuCBbBZG6`Qc}Rz1OkMe^anoCd3)!L?x^9jrSFTMKP1t2_!=d!nCuIB
zdX9|`v^fV<i;&6U&$7Kg;gP4*B$Qo&JNqNKpY<+c4LrtKWZs^$QX(PCTt%|Xv_Jp+
zoy^Q5%{-Ed4aB*BKS??9hxg}|<oEu4*54@7=o*QVPJx>ofre$dkws!DC|$U4A*Bk|
z8SzkUh{wnb0V+ThnoymZL)L*(`3b#A5d7SqVM|A5J42uuV`YBWXvgx0;5(y$Y?KxO
zwZ^i_N_p(j+0rS@*q$Q`94F1P(k!tZ#&pAS)?%q{_H{|%7gdjQD%g&Fq?!=u0uae1
zlaN@<Q9c3I!bZgeaX@fzFw}(k;V^R8Vh^tPWb^+dWj&U@gzgU~NHkax4k=a6PEG)-
zV<8V@3SHnho$PUydebpp9yT(ZO$>{T&24dnAfDonU+hpj%IU)8B}b39HK~lbh$T3c
z4`Ri*s=DAzH)+Wjk}zMk#7J@-d?5HDd92Dk2FE(GO7>cGz1bq6iUU~Bd8+=f1^Tf7
zQ&uh#oJYmpkBexm0|57pb_tE00_9f8tU2u{I}b9pgF-?=KqjQnOd;`-AI38~4n0ic
z`-Xso8P|h|ZKfy;!A_R&vLSgNo*y2#n#WczjD9mf=^JMj6iB(cV#GO&`7fciw8k7Z
z34riU4I;@P6)q%=q_ltw5<afHyj&K_Zx2~3pB$4y*_vZF_5zrOA!9!B03IqPS^V*|
z(||58ow)ux));>VJw1Iau#WSPnpVYhJn=*6%0L3zkE?2Y^~W34Omp3QB!MNudov*b
zoSl;c_=%&b7uH%NcGUqfLsGX}Vj0N<@u7zwkqR<MGR2e*xo&C=W?s4QAP6`CM_M&>
z#gki+X$fF<T)?bZ6+i|*b1!I7wDdhVFff7^hl8l3%6qRwB3v(Ga499%E%K+-b9&K3
zJByo|gHtbt4nv|DcJz*nB%!cl7r6`zq^_!UTbRj+h#G=C0r@b?1=g)ED{_GT2fPJ}
zKm|boVj-hbwj)dV_wGUMn;cN<x3iP{!Zq%#u}SY&Xo9Pt<g$jBb(agaYa{rG@^Q5#
zC1;U+2~BrE(Al#TmWkm=xXBnS;H6+(EDx3Bg;>tmMux58mn(J?7+$$%Y8YtE+Fu#2
zK$ITeaU>%E8tibyk*IuY=P<)gHfe<<>E8@3%s#v%AtA$a`404$O;C%x-*ybITp3Fb
zA@>DNPtJY&ijK<+k&+CYDFOTr;<k-pkR$9%<at$z&&v^{2v-cIoWaXl(0O5fo06H?
zh((Qxh#O`s5U^~_QotB05`ai3kgH&3xfa+G3kQcW{F$O5&0vZQ2NSFHIH=jEsGh2E
zdR_vm20>sGgb$L_V9=74O3)|Zc3-=@{l0wupQNyvBUljFx&DQPg<x$RaCKd#vxyL3
z_ylex9;gP^i2$+{kd#}pxDOqY#u#!v6pLOWv)JS73e5$Q`&v2-b`g(o9DQJAC)T0l
zCG0$`@`LXlk0YOrv+P<n82K0;7dI#2?HVYlXnEF3`Y8ir%5U41EKk4t>EO27>;7`b
z-X9I)W8|bVUYAQfU0e6F74u2?8i&Vq6`H3)x5<5?+y0y6m!+j^_O5Lwv%EFN7PaEj
z^Ln4=&&+&tRA@39vO2fXH((T|GfEJcrjeC{R4Wed*Kjq`3hjUvv@c>M*#w~eRvb@4
zQdOzc5)vftoP+V>mxz^QSeVptW0`!&ZO9%Z^#YmZMhs(|AX3>R$Aw94!kFy^@799t
zI0z9H<Pn@{tRW|?&VsPB(uf$C0B#Hr86_t)v-ukgEG&{>>xdKH7+Eu?enH-taJC_K
z$=p|81-fn9UVsz3`%M`jr~YqEsX=0n8F1Z=@$}r3YVv-tnbdRFmYcM4aLhf3H>GD|
z3lVZj)N30mn99d&JA$kNVA~Qic)nmU1ppXE^`i>kp{@el6{moJ8j0oB$9~RBzlAoT
zF07Lxu;y8T7UwUFm(Rgal(lV>30b3XS2+Xmp#WBr=VJ_&J-)HsX+l2zYEw-_36v(v
zkQYH)05qRlB%eYB?yJQ{vLF=y>}I+;I;`(68GcDfc7;<iUi>-aY|7XrbO>XZ(T~N%
zH_bfJJkMs29SX$jFBL^^d<#S_M0^Fi0~<-jj>JU+iWKQUx<f?mNq%<3n~8zJgs+#T
z3O8b^(3y7E)Qk+l(5?i(tC&GOcA}%ALe8uyMG|RNRdoYeoe+H^sdDiJMa%$#!&=xo
z8*&^<-M!Nt6T<Mq<JK=|y`+uHl2f;DKZkcV*<=)EjPn$!G2d(f3k!?iqessXX|!u9
zdmWeNb4{yX+@6~mu}B%hhczOfzwS9j3czKj+!5l;GzZ@zSlLS?=ojiCsVAfHtg#5E
zB^}M&*jx=r8`-GWF{BS%ft89_UWX=zS1I}dk_hTGh>?$<K7EPg%<$5sGUCs*g_O_U
ze)u9FnL%h;H$X^3E&3c2RmlCa)mIxc0!C&n|AOSd=2odsO&a|K42O6%8u>ObhaEef
zt&Jbkz$kyEc>9GTG0^$X7T4hA;*v#X{9!8l`dar>H2yzc|BTV?wv1(zdEKxXX%UnU
zJaP)NrU=maY4Gf2l5lDLx*I%LgHO}@KzQx#b44}@RNBzHXfO<h7uqq3`?~}k9p|OB
zpHKgT3&8ltMHfu{zC<Z;1zsQ^X)B|e^}JcjO~3?{q?4~V@&;Z-+*ui^hPSmI7B4BQ
zStkm7TPg<urg<)YZD3ClT0irxNd?F~{6um|=Ywn~eW$V8sMuKDi=ScLm?CUvnuWDk
zM8Hf0ML~yI%R+5op)XoXrYM6k`CkX1LcqNBcvtfBX8DQns#ih)-BArGL)M}$*+7br
z0wL;w%j8?@k=eT80SbSMMN|VH@E#_FY((sJgYm2>!xHA`|4Ligx}GWz;Qmw)c*yL0
zrksGOdM@uG4nkFkab+jI$_>H!LdL5BGOECS94YZ+$MTW}ZL&s|muzhU&_NVy3di@J
z77|Qwz}DgG(26)p(jqP5zs?miJ<<Wre_RZahggAaJ_ghPVbRRJF{F&G2U-PMh3TU6
z)+oH-JxNM8lr^v@F(bdA$?DOQC$ZT2afor*!#-&9Apa*h9%5NMw%X+>M-jB3Id!sL
z!KN;X983UWPIzZe9j<VN{F@?{4ry{=^0#Ss*^`M7^1F?Vjme2Zb}J$vcZU|7isKQ~
zNMj0=RwckxmL1shB%HyvTNnFlML2;*ySQ);`QRjk-3gq5C)J#1p9;)q*skEZRqhC6
z7`4bQ!DBE4?m50tnrj1lW!-!SHFCP8R*A>sKAzMkqL6bylY>BNT>_6=g5TpbN<e5E
z1STkK`Q^`uyd-(@u4eY$Jm7Y)279a<Es7Ke9to_RT5R1Uau(r-h~9&Yj7LOpd>_6k
z8ZaM{q`+2oQ$s^yOWqI5vIaOaO`-B5-N_t~EDH>fgb!jdnY87ki_i73kTj<BD1grz
zOi0uNe?@Tbhe^%sv<Q4=@UOZ+2J4{%P!Hpe)Uc3UOibLc3aC%e7Ah@3$7&GBV;wx+
ztubMZLaeo#u{R2bmay&cQ&Ku28;`-79;k_YFedm7P9BGlUP1i-L~{=EQdHz7wNYLG
zqUs{3+qreJKD``)zY0iYHV9+B1P(?W&EKK5hyThx3kwT!@W2X(o%h}>9s?0Ckq;Bs
z#m71HhS-v6d6MhV_+jfwViKCvz~M;8PP6dQ!q=G)q_Ag+k^?YbPp-8iuu+MIL2Nzx
zYWZU&dx%s)lNoY$ztGS`+yXh`vJ=aoE?)>@O<kd@YuCn0<2iz)ENpdEzoR|l{MRF^
z!Bew<5_cy4oaOqZYr4F0Xi03{QHlA@PyLaly-z56^5n_NqlV-RW9G*Lu1GTd^<Wk+
zlB2tz=Y-ZG%3A&cx^85KYRJaWw9=2oFUQ8K#WXAdCwy;!uS(EC5<3WRfR7|;J1&YJ
zrR!bg`S4+^IU*WUusE%4_W9K*?0J8l{+ma4Z}RZ*37CJN#;v<y^ex<y1GLiv4(qPH
z)-k$lT;yJAGu_uk??KtX@93x<866$`GaDKPs`t0C{jz-os%yOjtc3%#;})|D1XdH^
zgru2=tSkaxhzVX1S^^oY#wcwVj$AnDeS=`=I0?v`X!`uQtho3Tv_M{rNghzhL75hh
zmKPC!L4RB8*_+>~G71U-?(Vuv>&PikwhN1WRf1gqMHz8dDk3}X0e46X328IakGq){
z84+;>fIp{p#<w$jCZJQ@fMoM}TR>0{NXlBkIYdf{V+3i|Zpq0j^?&f-0g6t8em>^o
zh_O&B!UvS4Up*=tK-w~Nzx+&YyD^1_7O~M)uLk$ZwzwR89fzP<at^Zw7>jWlN$o5G
zwgf#v8XH+&#8OdQte$B2fPUE-pFrts|LxGKL!&z7Ilr-zzf-P-jrtp{{1=6CndP5z
z^n$A-|M$O`nr{6QB~%odi$4!pZ&-0`_?#_%EAQ{tePnA?+QQ-@x6XRSSC$DsZDDSN
zih|wwEFz{r{<t;aQ2p_rfnF#7F~0x*@r#H1K&&8$dt~`TR&=Le^>RLE6Qzj7d*$ki
zwzG+dwA8Q#W|1IO3ZW}a)LBl?Y|tv>5))f|6ug&G6n=N*dr#iXK)Of@EP}s>g@qBs
z#?KFfghugbQH@Vb)Z&2fDutBw8Isx~z!QKMWP@0w1tp8XeTALAzZ#ps5ly#q=Vd-U
zv{&jf%(MxRg}l<2b)_9q8|_2L8d%Guyxt>t^%K!_Ks0<`S}KL2^urV*g8w9Hx?cNG
z*o`oV+Py-9qdr_}3pq<@a2q>H;8EZi<e$)o=Ay#ySsjO88nP53?13gcK#&ktD*2ux
z7m7mUj!`<-Uo`C}JA%@Ass#rXG{j=jxsjp4427Ve#z1CpsH+2V1hNu~z;6mQ71EVJ
zBm5=6<9_I%2slFTY?=W5K@zS7Wb_IGZd?#;f-Tw|d=P=<NQI9B?-46Wo)N2q0AS&?
ze4Q&^h|N0aCDg8njAs&u$N<7W!c-kWOVK`Avu+)M07ykgo(P^Rl?H0xGx8gWnhIoO
zP=+BJj6!E6H*pO`aWr{_t90_F20}J^R88OQfj|IxrlqE)Lai+hx+%t}sc8{-+=FoH
zu2E4CW5Xc|*!1l;OSGs6EUEVLyb_W0X-bVw?%*^0(1$Zk7_uM)`6kI<O9vWN^}r|y
zAd1MS1UF{#R}>``U$Y380eu(;L|8+VF-Bp|>hRY}L%)y{Wj#_zDvcB?$O+{8`}=8^
zHmR7IX_~I09ND{EPu_-NCzu}e%T7>)18KHD+((?2K2<5O6VQgkU$=KX_V<rM(HMgZ
zu@yLnhylJE6k*u<FJG|bdg+L1-*iwl)~sDSKu%?(!4tpkICJI<8x>r1_4DTgk-+#5
zS|X`%K>yR~ss!!}gubieHM{T_fODb2u>2I*RmG`i=#W!7?<>PP3d6gm&@3Vm(0dW4
zuVi_lR<JU|S&2gJrOph7R`k%f*zn6QW$CDe76}SGh*YE&xyBBx{Y}%ulE|jhkeM*H
zltXZ*H`MVQR#{~-FK)L~5N=M6D{m0Gn)tPD2hU-z@T08;3iv5RX#%#KJ$r{W7L!X_
zuP)pq%@K0SA2{$j!VH2}p1g)cKnjVVMQbA(k7&QpTTsu*$SC6xvG$`?QipA82-Plx
zbA~hTajpy?`@qrAh}wK)0I7i!p&6l}gGTZhwAkm6Ue<$Pg+_-yM!~9)qb0x{7+L;8
z#v<&^Por!Sc3JqY+qjBy==+Z-C~650)0bG0ad3<xXk$-RSP~K_YR+uyYiybKfT7Wr
zQHLa<d^1eXRe_A*ktre<6t?cW(281#g-C8eKa!xCWJ`ifg)A>#`q2RfzDxH|nndCf
zNvTNtiY6pV9X%9^^#{Y8Xr}qtz6C==A8DAyG$!3y#1ayecAzg$#o~QTb~fw_QJpFy
zrLW;FT)5uiLWHJ(0uiY!vf@D~vEROdV)x=a{deBCEa-Nr(O3brY}8mqr=w$3^rkp{
zt*D)j(Uy<HkN|>29`b<Vn#j(rML)joBd)$e{W!^d-W?PXj=xW(r9Tin$Qi?Ij1v)m
z9^OTAXq7v$ow$QGLcJyqnqXQvbQC+*tt%fu8RbRDQU*dpQft|ORTLk_zdy{}006^F
z^`G5b_y0Kl_U*zFf%bX52YxEUpNIT{qQ$MqtU>6I4fu&}H(nOaeC-4Lk5<;T=Y%yg
zJ!JaV2TD=O`4wsk`GKo1S3YgSJv6$@IyyRP3@JWh*t1k24R)F3LS;)RmT@Y*`19Ss
zDmSS$TtCjevfCJ3#1>G^cd#L>DRlJwdDc^y*Z=r1N~hr3&5Y6yf1xa&UfEETqCzyX
zb@7JdG*hD@Wq)#$+I;f>xnRn2QQYs8vOQHl?x}O{FWZ0GXYu1{;a@Ax{`h%vq5oxH
zy!_(`a4VH}YITtfc=$$ks+CnNDE+53@53Duveg{l*RWCSZXpA~71$P6R#xKgZmdwM
zXea;h`r68FB^RIi_ge!6ZO`BL^MClo;DksbB1m~C;eJX+dO^iimx?{A>CdySNcWm+
za$KY=#clr9$_Z_^>FHwE3*}lqv~e_n9G2B|Q?ky0xRznPo^q|@$JLGQ&U#E^M=kOC
zcTlY?SDsyw!9Ff7ZS>7DtVtsC<7-{}R#F4}UHZVvJ7AVYVr25^*-ePBu~1<+M#yMH
z9x=5!>3s5O%!ZO`5=xWLP)+WhAsSvt`=Ljtiqk#ae&TXh0czbttgK%XP1=(U?gCw`
z15*Rw_+WIHOHRDYk{K#T4-b!=p(S!`pq83L#(Djli2Zm3Y8F&W3?vCa?OEcClYe}A
zx&eV}ST=+<2~_b4fX$hNLJ=aKsGDauRxp_kMPlC$FIF@O-nX^s;^fTbH3&S`BSDT*
zh_9h0oiP+eo{Bq1sU&OLR=T`2BLS?PIM~cYvQzBne!S}~#Rbmmrc9EAz7AK*FfBOr
ze|?|jI8cRF377{BfKvTXG7|wlK-g$Em=%~AT)arfzz_#A0363uNT1H4aFLxVBQIZ1
zxPA-*CRdQx6T$*qeMe%|slwMf-H47JVj4*$)R3=CBA&Hd71DrzJu!NAK2DVb5ce5m
z=qIL8v=JE?Qt*?Y3TDKfnG?doaVXDGP*pg`s?czbIW_)dsH{vQf|nH)6}cvb2Bn+x
z$3Jipv$*)_<qX0_6?5QkbVeYUG4vFnSD_ItO7!!~OG<hQJZ<qv9XHeMt<#~nv5l>y
z*`50X1q})=8g#Ky;RKD@CPnAe$yCPyEA)m)VO}sdzy*4V60lExuDs)@M_I|U$NPK?
zMBcIk{EkQzBp_}NjE{~UX|m-dDu+m?22t_&MldcWqU!`JJkZ#0h1&Pf6B-NBZa-Gi
zV<4Y`_=3d52KfN!7s}}R<e~%a>713DD@#Lb@DPL-^WgwanvTPTmR)zos=(^32C>2`
zEZ4e!MMMzwJo=E2;8MO^xCbejuh#Z$+fdY9C5IbeP%JEUMa74(At0-ka6U1{jmM5$
z(G3;$%gIS=RJ{CB2}p73aH3CytnTj_$VHZG3}Z+KuxKhn=W)&%gLaC8>>;R9N#tm%
zsk}CU&|U+m9k;;-in137!+4DjGi|nhD5=o2*<I+4d-^BU1RWb{4f;s}IQywJ=q+K|
zgM(TF=ljWK)1-bV_J*OBp2FdbH%3a-AR&uTNCmzG6{-wvbNJ9IK|Pq?qFt0A(jdn)
zAmxGoWCRQvPXZn-vyy{CGRlJ8dpCCW^&NsMW!EgW@k+J=2>dasa=a_!iom0QAS<ml
z6W)+PAoFj(?W2}-++)SAmj-mI0f-1qw`f>E5|Ec>4ZnE#Cw!8SktY$OsbdF4l;_9U
zBKmXY>$loSJ)NtZ{gF6;7F&&{!-JzG^-UqzaeYsWLY06b5<tOM8&V)K#Gl<5@H&!%
zPiPMeJ4m*2|Hy*!&0dY8g?9zKBnB~uG%#foNGgT%guT>hqEZNjcq7;^Y3Li0JQnaO
z_{siQi6|LBsDoz76{rzP(;#O{2O&Wu)!n;m5gI_8i-V3a=(o@+I@I-{7=1|&PEHwo
z9V%8a)Lg6qLZx<HnvDhnIuXLJgmg;)bXEdAfrQbB*z^?z5NW^xt49Oj-*ynr4+7__
z40R`0i$BOEgPN>dp`r{dDF#$7t?cWO)Z-55UjrJ}C(V>=*Ips;h69-EY3T(Nj8QEj
zJxlujRgqw%l^8%-D;BJ`L9p~1@aocRNA!UBb`xw5n@lUmIu`Z9h4DqW51*_Oo$xG}
z9~L1fBI$jZR%pko0?ZByZwJAS6SqphDX@zO&#cR&KCh<}nTe2hA!3H4l$0s*U10G$
znFOx}Ld!P-Ss0RRLavdaQk6_h;z+UvIagz(ChX6TQ0VA>Bmm5-fHKR-2wN=Z<ma?F
z_s^i61%_rV7UrcRyFIz+93f;&`T_=+qC-XEAd7vcm1mb+fc7rg@HldOQRaXK%tCb-
z$)6!8EcrT^;zaO}xNI9-@ec;_fM9XBbQ&mFEV?*9)Z4N%Km>^gg6hRJh2M%$Vt8E+
zcoS(-`D$yLUA>B(!3riE(ZxVf5FwAf!^+WUw6?jWrM$ge4*&&zPKA(!<_R7H$4Tl3
z`&<*u>7dYzM|*9L`wK*H`k73CUdWS`P-A=ylSqOMZ-}_F7K%u+4lFk>>&Bn3I)bVW
zaQ@-O6L}%nuZNBuQ-RXti2@01g~+HVPEk=E2;dUh8rHwxh}lGD&p8_Sc2-Xxu;x!U
zo06kdUELpR7Y%^J{g+1rel#9h&UZ*?Z1?9>lL6^^g%EB6y!WzK|CcWZsO-*EA=dzO
zX&Rxp?HRvrnZB$?U>%AP8ZbE4_t-g?Do861ha-t4z`_sq_lz6`ClU2o4j5#Faf9?3
zorZHLIV!Bq{nTlBW+fRD{kgbHir&KUh7EUk=UDhK^gW^#O!2EpS9daOc|i(K<mjDK
znd-`I-gx+sg^dOHYywlzITT2+CO(7*&m|(Fjq_3oXe8-;=T9|g6Kzp~-nC3?poxPr
ze<WibQ9U-ybx9LZw=%ivN1wu8TzfP&8f03lF+8Td&DyUl*2rbIX_+6{O(-%uxV2Q1
z^2R*~KO2y7P^*a<8lMQaB8?fdm8Wo0Ze|vZ!5#O~4=>eXxhKJ!`YaN0b)?->U<}2g
zElk6_nId+;9*c5us~*pzZ_|>Kv&|?^JF*vi6NW06yYp<GqIZNHFW~fj)X6k6BjaOr
z;R%B!M<=L+w}@}pmvrL0(c<!wbK8ayLS8GL;s(Ff|M9WbpWSZ#sZ9oU-0l{&Ew16#
z&p0`M@daiU`RZR9FPX(>9)k*|y@Nv>!W8LD!_G9p)6>(b1?8PFvT>wNH9#+|zm{!<
z$fzU^7Q$&ICl<;aCQ&;@@_R6;z^NK@;i@Z6P&Ci!m$SitEik~HpNGO<5TBt3X*&R3
zF@^UlE#hBxBpScjLnMe~7%x%565P6^{@Rw)cw>Y)OyWMu>jv=N$Q~rUzyMx-b+Ckq
zk|^q&-Z}LS92Q*M-11}{LM+6S_svnG&EnrXR}<V54A*x|^#G&nK{rwWzClR6UN(y$
zL7TMaWfQyrHGg29T?E3Ou=89R?CPwcu)c^zlpR`*eh(<!&k#ibOQF+12$%n%dr%=B
zAi`7&-BmIIf~I>cA~xaZp|QjF(NWK8U)xg=Ore;y=dGxhe$+)cRL#2fhx7Np?vg1w
z+|5{JLzURfQxXU8e9?T{z4|QWkn~FJ>sI;+Fh>MdnF-ohv<RrU15eXM_G43k3e}8A
zT@x^a^f)d7H9%oTts%V%P)i2EXZQqf`dECo8lj(B2!r4fk965{8Gbm&JC2HpiIIeW
zuy8>+CJ^+P=G}kYrD(E(g=SJbs&9e<l70oAXJFg(IRawfJR!js%?dJ8LS7UICW?q|
z_0bA@Nk5P57Q)*E8N4PUKOi80#CkH?fapxl6V{2IPWV+9b{QR7B9L0z#djOJhT4cu
zafVqiIX$5se-0b_2y+Ws7ZCbBO-@FD4s|$M7#H#IWnk+~h#iDch@|nW_8VLd^vHJ+
zepyF{J}?1vP&}G?uL&8fUAJzKV9?0U1+I0TBrV3QW`U#=56#<U#1K759~bYu{?GN>
zNrHvMhS1sx2Zz9eI4L>AmwK#}WifUHUdSOnK4mm92$qG8cZIkV#g6ej{kV4N<_B=D
z^<#aHqW85QWzDWe`q69G5}rT1@6*C7lsP}K>36Fkk!xDW^)KhYqb~~YB|x3)SaIGn
zxKiku*Xud#b6)LV)WNjZ`R`M2_4ITGz?IB@TV6c_=nkO{8jhn0XHAU06}i9tvHMHi
zOf`354o!l$A5@T?iTF3s_kS;|Kk-inuYg5e;P|_AyU=m77EprS;p4|Y$7MZ84dv8V
z&U^C<g?ZBoKG1noDSg1*{>)*;hnFs0I>g2%sjeO{sXDt26(nT?tKNqd(DTp{Mkc22
zFJE3f2vA1Xf<kxxM^Wvz3Vtn0nwm}iJgX@i4*x(LPTstTR@b+y_?w;LkLy}hgrsSB
zc=)=lZ6gxQ>tgIkncLgjq3iwLd5`Vib)CgxTRh<ifRkMip8-CWYM8il9Z(+RV26Z-
z=fpJvYV(~A0$)}~u|{a+MMXvH6x+fFCyn)#f2R1ql_i?LZmVG2wBtirnIeiLb4O2%
zs}W2V*ko&_CHn8A0t9tnpkT_Lm&7QLC}P0uv~9hCY$PQkqhY+e+@`DKS8&u9ep0<M
zU|#4;6xgxugN|Fiz(FI46kdNz%xfvA^3@Xfh!h_Py6M&@D5G!xxJ>|x(LiaSWrUuU
zs4D`lB^UTD$aZNFSlD1Dvo+p8D52%%=0Z_A&2`xY$X)TJ<>zPa)?se}_r&VbN89Hy
zD>yqE<Vm5F1MuCA(FV-jQEL#z$PfYHz=0q<o9MleiRrSbkq&*r_CrMt)>o*77;Umr
zsN>L)BZ`DqfestA=~olt5DshdE?k!;_L7?^aX@VpXu*vw{|MIvDht^7`$@Zw<*cXT
z{cS=WzvTfPCqy-r-2_{MQp`lcK?!^3gZ7oV)>Z<99JE5~(*VBf#WfAb5Dw6KiL5-1
z9+S_np5JnJXKUM}-GOm8yw4awljJnf%v@u1`LYR~JhJzP2qB1LgoxeKGVG7Sjywk7
zcj{OOB!r(~3jFIITmY)_jT;$cegGw1`jzU_gz;-KP`NAC6IIhl-h?+%x5iAD3EKGM
zV`C7t#{@NED)}+uKJMGGj?($pz8~1dcJkAhOC-c7yh$P|4i@^yOkETjB=e7niD8V-
z#zC?&sW4DS^!W*qIm@!^F^zVBDkCdPxZ6bZod6aH)hZ4SIjFr*MR4OekQIRTG_VO=
z%KOYvvY>EX#IAtkq$Eq%Sly%H!-}A#qwg{s+3vdROkNa@xPbqmG^j#pFp*IDAIlK#
zG628zxFoXX&?1vYu?jf92AJ){%U-<#-@G2(oNNXGe*U`ey{KCV@#eE2@+tC?5o6QA
z%lH)sJ&o{U|3zJ)9gpk)?LRuiVsstiFu+#wkWT^xB~pWu<})%4lse})A*0V~j2d7i
zZ^PL^rZEV09LmzkW=N!92mg#vb^!e1F_UV9m5SV!__UK7mk$xHKfV`vj{Dyc?<5{(
zhDApr!5T^ZNG4cPn|DHNoMfif6NWpMG5;dLfs_GEzgkTDvQp8MAf!9y2`H$8M5hdW
z!U6(60Q^w`1BQmDifIRkG;w2SA+^d7r31MZJU&P;CjjIKR;x<*G=?(~9eqF8Pf!a{
ziJ^oOT58hycWfv*a~sh8)gjzYHZPS7_|X0K+cPYw7-WR@4ZZ<+1-{zXgKhDPkYv{F
zW)%?;>2)xj#wl*RjZcPz0fc!nuYp>t9GNr0a*+m1BxC|7Aaj>E_oKgly#zwZAr=-g
zTwtG}o$rv2YBvhVvMdb+qDgBe@Ea_&J+4)l8-WK;>LiF_vNX^>C-HPhfr9py8seDE
z)PS1r(gR@Gz^3+S2(F?qZ~pr<xL|6ES)aj{I|?;J?y-3wauYH(8V6a|zxk7_*eN5U
zz}~$!p{Q3~*LF@&7d0lnqg%^DZ)zcRap<)OI6b~|!+ymV%4P!d2D0~F51v^dutaIb
zkIb0xUcov~MOq&YhKH{K-hR~M$8<;o%CflsC4q+B401hDz|saH1N4+pk$JT+F*2IZ
z=Pt~&GQer6N1F!kqB!)6P0{r(*^z*ybN3&ICF&NyX%WEhAtO3M@=SmT5$GsY+IeC<
z6GR_5Pajq=d;BJgXfRL-b%mHu{LsH6XU(zPM6{6lk!K>i3?x^MO3<l=-?Tvv9y)}r
zkI4?Q0_nrH+9gf>dq#^9pM-5VvLb?6!8(c#npMbYL0i7=(DTG-I96ZwJCdaOJbNo*
z>hkvhgxoX<i+EHHXj0is_9=BuV?Fg@S(4}*>O8Fpbm_2EhphkMYRoD`qmvkX)dEcv
zQVGKytPe?tR-sEi7y|4l&@Q0hC^6DV1Q1Ic2)w-H3wrrLBE>D5;IRDjKIOtse<utF
zjvqgdhn0d8AqK6E0U%f>UIze_A|ZYNybG|zA6kTgS4C#drhv`FA?zT|@Y(lEyO61I
zGR=%ZSVGOhltrjh3y93J;C+yCg8;Qy2VFyjGg?0XF=K2pvr@^uVFqrH=HDzcvQ|m>
zKqGCYE{P3hQUpQ8|0fW90*L3EONA(b2^i?dt=;f7p%y3(DSdIrWJuxb+}Q!Vf8rP6
zur%8%pE1){eFhmQK@A)LA|N;KI>w^!Jf()=_A`537n0ju=FJeyG?1GnYWDJh(}~~T
zRZx)3NVy=+<(_T&VeAudSQ#4e^7%`~?bd_AO?Jn#8WcahEgb@@z2yv(6_PIYs<749
z9Dzdt7DxK`KI<~h%x?7|Hndn;g%;Yzs!KPlkPuGZq=km^tXn67f1s?{$!oYm5up18
zKMJ=q049%2n=Y=TV?PqC&ZCxdlg6?E6wz@;#;e_08G)cXoJTY0(5t_*z#`xA!%!9(
zUEz@+8Nr|b+lI(Ldml<*aigg~p}hL#N66Uxqw(?e6((q?G=ML+xqjLpm?%K${3r3k
z*6sfR*`czbW(~QsEL%{0RtOoQ`~OXQ>PLe5pWJz?5y`>`-j|n0rsN6ZXbziE-g|6x
z^b@+#ms7Yg&`;267qmxf{u_619+vakwhd=mrm!q?C_^C;8l{w(OA#fdRMJF)G-#f%
zWUN$_28Cv&L`8E%gC@;$p)_iq$LrmXu<rZ$p6C1C?R%f^egF8{wtKrRuCD8M{eI_p
zoX4>r`@SD&Wg`RIibgK660lV*HZ|cRE{p!$JJY@(JwpXUpazIIw`u+i{&VFZN=02@
zOQ<D&=#S2tKmRl|Y;@Y%0E67D93PGDX5aQt`Ep22KBgm|cm5TQr+}bWK<z$X*cSlA
zOmBxsgjh!ycyX^P))Av-z<FpuVvd}Z$N|Wp<eln?J&XAxAz=Ox?*b_&K_&IJ0JBjP
zmJeBgvjZ*@zilm!78DuJh(`qC5b+HRN3r2)ED0vf5Qm7i5&*j>eRK1-_&&B~ZlLP0
zOaA=A`(dnMj2v(C)~&g3bCHpt?*fXrbc8<9%oa$DodB3G=m6Rwy3ml3hJnte3yvpR
z;z9`#L`?u0g2G6QTG}7z+<O1*h>~BPdf%W`ks=g{I*Fa{jY9oFjt-u?*+Hop``JHR
zuoq`8NWoY9OpIgB!ASzii3Zv^ueKrMrR_`39QfY_MC?y!aTE+9egZHuXaNl53YG&B
zj`OC<$mLpV65gP<u?dG)|Bs5IhSDD>7ec@&PR|EOMx6^zN-l_k4SGl}I}|oz6M9>f
zX#sX|zC~o`3{{9apRSKhi+q(v*+hdggQxY~{J0u^1@dlL;3?b)t^^7r8Fm~kDl9Ys
z%mOgxdqgXt2I#)yhqESeNmc0plPUZTAY;Q2j;l>rgs2`ykgCh2*xH~tuPZ4B-=O=z
zFJujV5GBU>yMu9_H<b&Y|1b;K{SjnXf)$Xs%)@0cTyaT3&@2#8z9D0$sAx8bV0eG<
z#jPXMtE#F%*ybs-0YlmY`vF;a&Ms%*m()>1ye$Ii`?h8Us0M$&5hJeFf)n64(kK>+
zgkVx;^*;h;Lv1ral>(PU0lT2L@dR*mYh=m<@d_rxHFCtmFn#nUb_}6~#85#5b{i*7
za`J=kDDKHo#gH6hz=Q|_e#Ai5?fL-Idz(aPNuouMURdht8Wo5X=lt<A22Cl41QdIi
z0Ciebc;4tMywi8)Ku-n(o$mP|Nqr7wGBurXTZq&r2g?Q$c8gR(`!9n-&<&&|VkA)N
z_k&}XNeG7ZQ62}WA6DYKw~<H<*u<^h;@OpipWz3eg|BW;cU+UNEKpWZ-ygT#L0km$
zYqHII*^j6^)Ba%1?8UV&cgsieSouoxZdNRExiBPR!%p(y3OfK}ESCT!y=v&&Vg{9D
z=+zliCF76=2lJRyI}iv+g>z#Zk*=PJ0Y~84PrB8nbF6=)O>4J8wFRZmx;HQ@?fUy0
zMci|S(Dc4UOE-r$J(U4|);+hgs-8??Np-uPLWj#;5wuJx2S={Xy?y&<G=gUw!d|D^
zVP@f=gz73hVqYoR<EiV2+6y{qH5&Xg(y@p*89%9&;Om*tE51A(X+kR=Kh7NVG`c>I
z8Owcp;c-X-dEu)`7M|HHivMDlvD`+Gjo<tF6xrcIPLNHNo(Vij1(Pz$WcHq`!bnJP
ztg$TpIGMZATRw7JLLYGz{=(s;F+@5{>Ld?LsB%*B9c-`C&id<W20PA7b|<AWHUJ@$
zM*zE5YU&<()~Jv1+9mnY)A45P`+r_9aS7bFsYW2XAr1w8%&yV}DtwTT=OMhq+<LOF
zdsi)HvXmd1Bu*?{2EUgUayemnbo+n9dG>FFz@LHTZ3?)nO7VZMQhDCAp`{>v-lk1&
z^XzZdpG+#Pex9U(OA*^k2mU5|WcXW@apC4ikYa3Ao@&35_2(|dwf=Vr2LHxSm=uYy
zbaky@mD%^rZ=~&Le1vNLD}WyC>*vpp-Q4jlJou9bkhQ=tEHd{!2u-PrntyOCd+6nk
zIQ<FAg?+?JQ0GJmgS7e8tM~x?!b`jXOX^f2N!oAx9QZ&0rb2&inEF;7RSq40A0<QG
zd2!M!%p#_Q^po&#J(!}EV>y~jp{Ko>ho=gEW?`92PwC6-2ak{a$?~NGYp=T#&(!xE
zJ@Y-T#DqpOMT*c7B=mxI6V?Q1y7pl<+b49O0Zzdm=mt>y-PBvb6%z6b&z*bYKD(|Q
z#XlpQeV!I+0UQ-lo>1H2?;bP7Pw#aD!))RDLsXSw&z7KH)%kV-TDRDD%~MWkL;FmW
z1<Nn>kJ?U#&BRhxn<SyS2B5Fc1M$pc!U;%(Dm$JwW*tinIM>7$2C_>%e{trRF?H?{
zxkozfn7U$@5G;sSgMc%hs>=(a62``^)z)sJt9cDd19hpX2!_7PA9+Q!A;;+jElX11
z$KZU*elVm2Tf6J!WVe3JBufLi%J;8d*P<i^A)-<v1@+QdW##X!t;E2?*?!a&&Cvd=
zjebODhZy@aauLYBu1KpD@kAy*1Dr<~Hq{ykz=+c!=rQOZ`KE>|dIk50@tGEogdvFp
z;M*|A2T89Fj5i3lgrqAjF#wG*>Y=0kRYc|(?d|%dV^T=4ARecoYY51}h~3a19*tk|
z85jdio}}7I!1RX#iVeYhOKP$r%EC=$UtzA?buc#}%<^Ir(hEV=j0bZJ%?m2)2%v_(
zn&Aq3DwND3aGVr@5B3aQ&=3UWIrHb|^@>q}2fwD}5-AfSZLR@WH%DZA)i-c)UBoyz
zVyUW_f1Tl$DuRw2-D#X>gcqXqqJus-z>g!o#`nSa08mGwZJ3pkXs6a@P?^dKl39R0
zV8}{jsX}1YWb}dhmq_!}fkB`rmL}$9KI#{JyK=Z>J%bPyD2Bo?ewJ!0AQeSu0uY3D
z5j7dD1}w*AFc;s8{v2s!lj|>`Gl9H@M3BgHh;;*Pg}0nBT9Fjc(fxSHtE@==5<mqx
z8Fa*>5l$LYaM&aP2$7zV2q!4fK>|4i5+2POCHgGciiBIji|gHF0keidKp0t>!EcSu
zbyO@_{cmxtWMl?8+yhQ%WE4O?p!E!s@d%Lmo&!c4JSB<EL>A7t&62bczzz3DPq6J*
zcJ{OD{;;V%maMI?I{L|AW@2nOz49iyjOcoDqX&vw4w9g1{rrAEvhM%|@P$f}BI;s7
zG9d}#WRNz9*nChb>*9M@cEmLqO}C0GsYkZ(_U%qmg1HjN2jN5*76+QaY$8Sh<X8b{
z_yQ_cQrZG=y=SAPt*wjPnH;RB*^X{{lNCFtR3`u(67zwGo!|gq$76(oX3uJ4B-PYF
zpjI4U4uqAo@=j>CsRu{I9~@^TU>6x#OT^_~{m<Z9TrZMun5aPuOrADiBcQVgyMV)m
zxobMHa!AWZH3kuspta35%Sm{sy8A!lap`;HT*;M=WMh?Y4gE<d1znz(U<b}el9y~f
z^XdTdT#}lB2pnf!MfU_sU3sKseVCHC3FtLacMncl3P==CqqozL%nGE9n>J+*J-Uv^
zO&uYuBUyyJ?>~No1D~jFd4P;%>K!`6_qb9oo=`<nabo-T;bFE?FAK2ARz@WlUx*)*
z$m4Ul?6*2EG_ojVbtm%~WaSK0X&JjqWL|3>qkcX$5NQkG8j0Bg?C3tH`VnJbTU7(7
zt>yv<uhXca9vfJw)F#9}b>oEmVG}ylXw#!1aK_0NbSN&UEYXIPBB>m1VHm<0^-s|Q
zz0Y|O2L&;*P!IvR9+`-<>@@8M^hm}nlVlrQ43U|L+J^Ziw#;!ef^Q*Dya})pJXYKB
zcpS*cs?^mv&?^o?NBd%7Cz=98IC0Y_{UQheG{ysZN<?{R{v=h@EitGTsLDU8Jef(<
z6s%W1KE6IkttI2*bczcKcGQX74?vW<fIN|$J^*Oa>{sYI@lNCuhz2jZ85B>VauI4t
zR7eaAx~b^*1tP6QCY-C$U)!FZxDse79Bf^QA%nX@4LnzkvrjE0(QBoi0YlhN0!gEW
zrk2*H+FJ2^!>Z_u{z$MkfxQkAf;<XW7|_Eo{?qr0OaB2$)qfSg9mqFW$9xgZtAJgh
zw7`g?*$h_%7+>3wi&#TpfJtd!C_p@&^etF28>i4&e;=w+EEXSH;s}SC-~;0nOaB6C
zx`QPM>2!7zNuAibQTn(IWUqiy8+4_HS*{(YaDu~(UW5)r>Y(5rfz__V`YPun(vekF
z;I)E^x_Du?-H#fpJ$X&cjBa@pSpf}V4KJg<^4t{3RWn+;@X&mbh6hDH<2l2+d0NR%
zx}`!w89Q>MwD^;4bJXUg9pJyCv0Cn#33H;k$=AKrsZq$+ImN_IyzEMn#2`Z@qRm)8
zd%N+Es{rpbDpYaSB8c)5*9r{jq|@OFPr*QGL67FayK@wA#fKZ*&LZNI)(Q`bv{uyD
zPOq>)Vd*MB!g(|@<;M|BPNO!;eRb^gtCjrR+{DK?lN^f|5#ta<c4IkREG^P-VK)%2
zhyX^oIN$VFVDmXA`CmSrpYT9@?lu&p*dO^jimen*_m`KKKT0f?00;{#RoJ2HOo=+U
z5$L6g?A%G7gY=N_(e4*LnJDg`P{0H(nw~*Gx|&*drWbo+DN-@#>s%Ndxd*&(G6gS<
zP!1#P65Fc?R|nrREwK!!dg*8YTqJa<`oh^Do<M_g2sfUAud%z^NSi@Y>43g7^bARq
z2>H0{Q{RjN5JH!1Q8)n}W(t*u=!?U2peP^~hX7IOkP1CTm6nBpzc>k913(`E)ND)#
z6uu<w0Il+n4Wi)Q1A!oRC<fE%(?RG8$X0|{5fE7r<A5vxYycN}YKb=n{z%_~al|UN
z!<w*xkdL<+jU_cROifrZ0AkdXs1tBIDu!6>1>lbFI~x&?A3S&v0EWY4KN|1H_gEI?
zCaJiQ85JSwUcq>Jgd;M0seGw+o#;U@9B2c=?ChiI^^lbKpa-T~DR{M>>_5`dd7V1t
zbV{Q@rzM0%U02SFelprBpTYNwhCxFTvXvE6KOQbw1a3ZV&6UntWq=Vvd26i8fe-g1
zc4X)0Z`=R50_7|Cw-?ZLqZTvj-)E?o7%hGkc*ZCQPmr@2LNraWuGa?Ev1StBN_@iZ
z`;-P56I}r(0=11Gcp)wqQXp-eGSr)-SSREq${D{;6S)xtEn{D|NPYkEWeqy+5c?|u
zIwr*#%4=Wq{j>0wRH;$athH?0N>j6m)ey54X$?_R5gRBR85tXsNgG$-Okry7Q6~p&
z(u)Z88)`gGy3WCTBzoF6Ic!g$A?oO?q@X~QU(1$258$+sh##A<)PcpurCeV0U7!(8
zU6ibnq!7a66<SR6?MOg_4vYtKRbWn9GB1FloB)zt3^C%o6?_NKqVmkcqj4sv2*$wF
zZpD%M@If-a1p*v>4l;&JfFNX~Hf#x3j}4-t31?@PoGIxA>~s;bfk`<xRGWys$AD?4
zo8mMY`F3}kfc4O2(A<urGng0U3xRV8eD27Mj*>xO;UJuG?@z#z#jQI}5TM4z;ikwz
zEG3%o4b?(8fjhVz>6#-n>6m!4AUn_$X#_Q5V*m${vYh|uE6TFFx$jdArsap@#vh^d
zKKJbGuCZ^%4oxSU1Kp@ji*51|A5FNk*w8g8X<YXC9P_B%<x@r(rk=L$Fjn6rB%~O5
zI@^*VVjsK_(A1J@9q$CzHThkg(b^n?REEuH_;yx7c)dT2y1-vC=&`BmDMYg>8rLZ0
z3`*4~f?KI<<jng4h+-FUDtWRG_V)|s9kDr^pT?|T$@&K^6eR6NTUE-dzaysbPnLHx
z8WgKfx|*~(UpRQ^kXN7sN)ibpw}(?_%xMM!sueQpNZnp*<e;AHZ(hH)dN!zuWC-1d
zu%>TGAaik*eY@dUw;om4N1~*q&ixegcKubnIg9;Sb=jr#2mEaKmrRgv5?=a$`IoQx
zX#DA#PB`;<B@phwl0PZz@a3PpPk&2cRj*@!MJ!~@mD+nZe?^x`*O_T7?vuD0UY$AP
zf8|sEXBW+5O!hS_U$W34^rp+|y7sg8?Yju422KY!y7_d}Ch2w<`OZZ)Ks{W<b}pL1
z40UEI|0G1hVt)MZn>X8#>0=8#B0E%iIk4H2C@jba6^*`MFSnYMLFC^?){2DWuMLfB
zaWvykAdh~k4#el@{Qi7&IbcWjBre;$qr9>bmJ%h^DCmFvd#bEFY-j}a%1@vSBmZJz
z+5tVtno@e?z;7;qx!9UDdr(Zs67MPs5OQ`+O^vw<AWD+o5#WZD0oC9m%#QaPi4l`5
zEG*1Xes2sL@oP;>(Jh?Bds4TEPYkJ3I44&;U|!*<?3)qn((6eI18c3=c9f(2?`Cpf
zAVJNq9#q1r44aeJpCa9D1^`dIt_NWx4rUWI4M!3B9J9pNSC!$0CoV64FawW3OC9tW
ztVta-GRb+EDqy6YM_q~Vh}x(X)h&)couF9a#UW)NNi{<TNFRqtI*zdth@L4*!Y_xY
z%J7beMAW?qT!5sxh+R1KIT;XY76ZN@>L)CCC^tvTeo_Vx>m-DE@|8rTLzET*5E#S`
zM5BPb2Pps$V*-nUi-DF!fmxkRFfr1QSAZW~N`gK_CB2M$_#FfvG91VT4+s*5SgO^*
zuBBcY!fJL;Jd@%Tnw_t}mpAU7!vLwJ7>7{|&~d;xJNGw3zM?V-HL`3M1-*Q{O_f;)
z62ZNz=M@#b2#>|^`3q>CcvhODz=qJAe5-LloeEco+A^8~Z&xSw-Oq8(v1yB|ptp}q
zp3g}(@aPh<T19t+9GvBlsiUOf+n<7DwG3JgDo_9^9D|_?iK|gl3c|92*v{w#l7c|c
zsNo2bp3Jng{jOB4p}7A9E((>B$d5Hy7js~;XKEpkBUBc$XgxspOL71dgGUH-3=7kB
z%5O)eI%(!;cbvi4F=2rcma0Kw!ULryiY#&Cp)NB)lM|=eiu`sQE*LLIqDwMPz(XYR
z8{I6#@?&5zyMTO8@PxDY$Px5b<<Oczbx3|2XB4$k_H16aZXethcG-@-1&IgNsq@gg
z#PS=s`l~J`76!n0DgXfKe?p>!APXASZ7`v>00V;cgB%{58z)g}fZWF;IXKT60~nyM
z;4nv296<Lo=dwt3=sO#jxh%SY-A#Dl)T_ZhCVwD=0X`obUN!*#k5gbl%0t>WL~QX_
zoim?4eJD4=3^o864^1o=RK2TKts+k>;w!qsXgnNy0On?Uk>=$6xtXl3V7(_Z!uknW
zKnt=ta<-zr0TR8?Jy)kvDnX50Y4PC?<+0$TU^%;RhT<u~Raa1@(?6Yc_Ur;Y6Pi+k
z*_If^-4au#A`8Miu9POn<0G1e62Ze(1zi#}B=d%D0OO&!N90LCPYe5t;d&H?5Lh$)
z9W_cg<xc^_fwTm@xAS^dfKBMjP9`SsDHMb+pDVep0B*VfJcTT&$-@XW;D!uESm=C5
z5{0Z#2O*34aHYWZUu$tArGnvvJWP-9(V9MvB1DgcqLXq`Y&~+Vfds0i9EII!av8xD
z;9CYF(?epJ9$+|y#eCt8{Uj^T{~Og^5`00@{pS5~oxUa(2x+tNL@k4aP}LU#g}BH6
znb>Dn+D@xq9@>tF&yd06L>5lA^Y!=QurosN0j>eaIe8FZQIyDFwSx@Wyv6J|FG4n0
z53qt<5A>1st2z*m#S0g9XPPc(1&*cSuI>P7jEKk?bcc4tLirER5~EV-Z|fIhi^z<)
z{y5ByBLoyFE(U6v&mh@yGiVACIQ8%o)*b6rt$|M``m>(|WNDwlfTa{M3pHLSVon=&
zHFZd0W6&NuMbInId_oW4C;$x^XNGPf@^rFZz#cEynN|Wdo<cnYF{;Er#%jQnyb^L!
zpz07+i907{uDG+XYw|%s$;pVb1=rf#<>$%p1ARHFTI+Yu<iNeZf;W&xHlF=bLkN^f
z6iXhQWH(IE2(B2nfrgrEi@4*sK-`01np3^GZ@ad(HZdE}KcTQo6caE9*A-cyYkKG2
zJ#dr)A3)|qIk<>O#q!M#H*R=FbBcuR056^!w*<J>u8hF<79R@>`Q!(Wz>d|nL68>>
z9*Xr4@{?x<sY|dASLBI6TLt))By{!aql2AgpkV`P<N-EKpd{j8{%2l93)D%(nnneO
z)H)i5uAW*^Q(5d&W=ay({G1TpjBG=osPIQ@Cw$CV%m5e|<*X03sfsgN)SeNxi!Xx>
zz8OX$WKs!)3B|+hRT=#-1jTvg=p6<<`?h%FCMO^wOVCw=ArUJ7Y)~Qh|7i+g3%LdY
zDJ8)v&c+QmvnU!PBNn<8{uiWjI9H3`7D$@DVtb9Fh??f^Th2TKx=V09xUJ=vaEUN#
zIp8$zod$6IH=hO>KhCVY%VRJ;WZQZ92{HUYu=_YPgi}ZkByx}uGjVv~MEO)a2-XZy
zr-AAe3_Zd|B?K9;Ffo7T%$|J`Ta%2;fJedVYY({(5a|!}O^RLE%%h{e6d8@F=fJZ4
zE|Bo&ApUrXS-b)vKMdUUZP}jYXatgW*l@oK*0C<&wp|bkAPJ|(M;vvcdhRgE$wM!c
z0{HOA$a6IEkr0p_qb5#o_}t>K2*si&csDXKGD;bFzaU&mV)Uy{;|r6$KtP|T4Fnjc
zke3nBnhd8PrP^^R-t}>KI$U0hv4NJr#ucd?IpB=o>5#?@q5Sb~tJ45fw|@_{ZKd-U
zb!iwri((;dj<4o8EdhbafgdZDwtEEv_(NCMXXwpeB!<HGj0MQKy+E1f%jJEHz=uIY
zk%(^O4!O&2BC$JZJH&C2pi&!=4j!^|Kx&fm^%J(+4h1mIuE*U?^(V5n%*eLWEEDY3
zdG^8A^Vxi7lCuPM6ds{whs-P5kHEaI2Bui#oZF5Td2zt8%UxsjodRDvGn#%>WUwB@
zQ%F6KKf?To)RTuS+BL<@U;#i5c^!P{mudafZ|2X2;1$p+<+b_NL&MVNwlBx1%}8)0
z(Q5ZjSS5B4%-9`fvst>N)IHE+Wl5b*u|7^Rv*7w_4}+R`Leu!=d#zu>8VppyEK$??
zVVIt9kQ)M-z=42xzQc&+i{~#X%uM#=y2W3Ybv2OHH~@Rnx&wf11nJtBdy54qAV_WJ
z0!@%3Z3+0WUI`F;|GHe3F5(7ZK+R4iL!^g|P*D5Mp8O^0k62RF+cNf;A~rbWGsPkU
zgK}gnUtYk-CY-0A&TU6^T9)&0ioM0plLDV(pY@1T-M)7yApj8o$#?#Xo5Gq?x-_b5
zYPbUPr5;T9gzhA7JCGOku1raNeGUFJ^doi+-55&yLuI(AX@!$p$c%xzbk2b~r^pqS
z3taef?>d&T83gFz#}3#V7xB5U0(O{jBg_A#O8>Gp=je3%ABGF)p`lm1@6jxlivL+r
z^WQ9#e%3@ir&07a@~(BOjM;p|Qb>22?=o6(^=HPz<t~Tmcl^bYxQF_z=JT=I-c@tq
zjs<gKwc$_Z?_M_i_ICM6!KZ6~bnl<`@c*{IOkIDarxpJ2PK_3RXp`k%N!YF0=^^c>
zW}!%WaQlp(1@4bbm-?R7+u?K<BO4}E6Vu_J4^IrOj#mO2<>rrfF7(-GgHv76c7J*!
zLzS+5@{6jq*V&y|v>{g}A$Ds_TeftJ&PQu-3ODoe)|!)7_ZgkL&MA*uqB355KWT$g
z0u6JDc!~BXtD;RR*yeFGhD9jv%FGH4*?h{JA-lo(w97iD^xjK{Y74(StuKCQXf=;x
z2LnY?y1G?z?Y78>WSydptuR$p07W2O9Z9N;v#+gAWun{I;p3+d9MA}2gU`Gi`-_B@
zPY=UZuy+;|Nv~b|lug1gNKDZTbFjiWx$SIu^oR7qYWtd>yT3?`8T6i(E(E?#iTz&x
zk`TsB3)2pN=6GG7W=TRyWpE4sGB6~KdoI)*>)gg%W8k|7-{Q**at%nGi?O;9G-z9=
zDE?q<lYULC<f4pG-6kh#oa>>H13xC)Ap3aaZ2~kUn=TCI^&gew-_%uq%r#)q#%qGQ
zdFLHh2r7&Y>dToKNTcA@XciU{I*!4Z1<|4E{e_a6{Hv;lDioJ+e+#+M8?0Mbo11Rm
zi}VMsVb4u%hC~0D-wY1AJX_U)j1L!zXGz%DolCGD?f;xpaTjn(aq{DvhlUmu>qaI$
zv#}D^ZMd~pdW^;_VFm_m2Nl4shM(ZPziRbdZL8XsYm=X!_{t?BvP7<CR}2!QD~!U@
zZKh!cejQMPKLBVFtb%!=U3Sh4*QpW}n>r&_!(L1u?ekE>`jO2ip4dm_qlGe_FWUKh
zztsW^RnKqm!VHinwl-Fo$U|R<d2tH~<-PT(c&)w?szV+m-EMbZzn&Oc4>fE-oXw<z
z@}tyG)iY?{<QGJ}l#!7^(&(*r+t?K4`ojk%hg}yhHC0wqD_auHd=k)i|MREKew^HV
zJ<fXC;(vr!fgp5bN!Hq&9H*Eowv0lMkU1F{&dh+o?9!0SYBNjBUwCo0<UMZKQbok1
z-%AnpIz007%WPhEiuO0xij=iWx|`4~V6TV;<T)}v_;O1X%_LeWp|svlJk4ZmNE(vf
z(?P~twjNVGVAzzm+L4W4j)%#w3LicX&KcHkC!$8C;sfsU+ot`2wL%ueh6W3YKFM9J
zjMI&zFYLiP9@M=^yS2Gskw|Q3VO-KwiP`|;CfkRcw0pK}u@N!R&X28pbtU+?@7Nj2
ztW26OI5^7xv7mMR;f(hn97y*r-69YDebB^XAGoDQdQd`$>`hxq@@%y}xn<?PNaSq!
z@^1Z#(ankn<Rcw$teu2<CAYg0*T$mZjL>7h>{L<EycmrFDXd+k)nZoJb`2U2d6X18
zIs}dNs$QxoJF<TdUh#VA^D}qz*o4&_cAU_wew%#AaaBNEuY1ce=ZMN^&6^18_w+e(
zmg@~St^_f@FvCypQ!(@NyYc9+ul03Gf)dd0QjCpx8y_En#ng%&IkA2tPlHUzon>Z1
z>;|8oI3bUFCe&`J^X@(KQC~G(UZ&UNn4yGOVwC`EIT>inXhlpnx9t{5>)q5>$e0YU
zn!f_<e}onJ5rHRv{!c{L|F1tNJcpQqsjpMd-H*62{`Bq8ftn<5oerakZtQ?l9|}|g
zkM05%RZX5oYqm|28;{IMVGpdDJqVb?5OWSvtG|!cb8Xy6Dw3s33pUHW3W>|c9ofTv
zo~m*CfaXWjf5L1o07EIEJz4N37g8-2mY(Hw_6{lKAiQ>NRqAzKo_+4VjBL@Vm*?Jz
zh0g*0j3%esyRIg6G?7{xO5_oe4U8lfq$FcKZ*VTHG3nP)Q1Q@3OM`PTe(RNS%MW!z
z4kEzG4!o!uI8oI27|nD24kNzu?(ghZ+J)9gkI=gy_U5`JPau#Ui7V3&MT3}Op(G6B
zmg$o$tlKmU=SAJ-{E^W$Uu0jL8D+R<++<xDi4fYWCpPzP-;=o(*+^b+O)EN{UchGC
zJI&@)SYw!TiFT+=M9<1%rH^+-wXIZ+cRpQK@u`I4V&<3Rk;b-TMn<3BuCf_*+TGLI
z8dkP4Rt_f#nCC|v>QP?kj2$|h#ILUsWZPD15Llusp4V0W>?4oyl7R%cPF$U4`Td(t
z;qMbMURlMWI-a>XGDY(B`z8?V0_b#1T_h<b^{HqNnlEc_)=L|#&<D(j)-~pJHJ^P0
zx^E=@gL<Zbj5e?PHtf^wuGC%`3j@E89APLaUc{TWtXa9zTQ5JmW%q;Ccblx2c|Lly
zGwD=>R8Uh_acGg^z=Yy4?_H<&*69_L@7Uj;_LM27)9UBF*v78wR%P_12n>eY3?Hcd
zRzNe_t7GK9eidd<h(*Eq{7P73+$E0^v-d@oTRGlzq<m`YEKITdJm_XEj=)7%Z%=1b
zNs;!g>bBTZGo?9DaB#U*sU$3oIId#D#lQ)B@k!nC`l#aKQLo-kE}i0l>+z;5pWMHH
zqCSd7Tc$oKpuZCn9V}o@bQ&@WtIg_)Vz-&L74<7M6vTT&evq;vz3u;cKI=KDA3S&v
zejsNka>S<yVywkuf#DIHKV+2--b8JK(1IK^>d~n#Tc&FL6lND8=G_@{3w(taY&)1_
z^!@orKgZM9_BvN2IT(X<AXc9lUyLar>*+b;?+Y^vWO0t{&K~?6XPoj}mAQ~k_x(4e
zGyk-<iR;xxzQlvY{OWNWbZrJ+J1t_pggOI+cgMH-r{+6mu*+qu(k1ph5YZ`kb$6FV
ze@Ur+!o7?E>m=3sjd{g(r>!^PoG6YRSE?M%ol@V8N@*)o+P?BiGk1QT4Tgu89xi=U
zv;6u^Cs`Addx!3MJqztj^nR+`Y><M1?yevm#sdmC6?}Ya68{x6o+qj^3{^i5>U=Li
zPxn;O*R%}2XlY4FSz!a|t-0q9orlBghU303gxYIe<>giNhqf4xQ?7(-;0#PD#m@UI
zZ*{FWk~u5p;-LG|tty_OxgC)M7e{ht?6Mj0L0VKank})NJz<4~BwbTldb^<Y2Tm@|
zu@wQDgSO`7SEt=9_7C>MP2gm@xGh<@&{MyrqW^J?pyr_R$R0gCAFZ6TA;_dkqGS#9
ztD}`=2I>qSCyumseO2#i;g|BS^YyAX+rq*UGzsG?CYn4%EwhCYZ&)9sm8YU%RK=%x
zl>1!!UyQ=!B=03JO+&lO%dAr5iiFuVH+$zkmx+5OK6E*$Tfs!?-XX`XqQRN5*>6-A
z<oYCG=GI=MjHN4&smL2}7_?U<oI&}Sv%NMwzw|kVuWt2`P#zt)L@8y36EY$J!yY}k
zO{&LL?fT;;c3a&E%0K(4eoF?7R{`u1wSag>wxjLBw5m_x?{q;>Xf5!+NwOd^fCs|w
z8UV<dc!0=BiR}%$-$)n<tkjky^U^w-!N)-8gJ8QK0;@sS03eYUQF*0{lOF|a1}Xx|
zzM@Dgh2?4=G$$bdYpGmjv~#w=dWf7@$x4;<luB<VR`kKWlo$z?^^U^S_PgN_G&2UU
zwG5auq(nxChU{)+0dK`%n2=k>!+<4W;xhgY{n6TkO<tnfcaFN7<jRenF<z=$SsYdQ
zdepeTy+#>utWARzgtCX$A7(oLF)&zw8($K1#rT+C90-to&9k?vyi#QHTSS|73?0DO
zg-=F_<>fmq5{DfIIx0d+c$RJck~R-&Y903&F;vtSuv?8xwuDET>VN)rgTMdem!`^P
zeM#Lu;L3$*IkqY?vyL9~+RnG%K31!JWBhWXGv4B=VbT&RPa_AWw+war840F)$=y8_
zePQ8NRUvs}E$O_^u`Mg-nY5jL5R}{-!K*xS%ntM~sM}AJJnw(5m^|!|Y!T8ivoiML
zQ%Mh7D~;`m_1Te_^cheiTGm$Y?A}(=8mTcXCef9_aT0@$pI(`g9X;W;q%v7uI;gVp
zP4DMf%&V5|G4jy{om!5oc4V6CwZ$rX?W~28*7_N;NSm0A<F$_~k~r8+za4m~m3t<9
zhyNeC%;XoX9qrtQ58u?&%?s@ekKj(|l;Iwac`Tsmgj}`nW2tjA@0Z<ia$5`v&8jQy
zrDM(yizP8@t5>C{Phr_US=nZ8_m+0uan@R9b)^+7ye+9m@j7T8zh1!CiYP}=!<K+a
znf0;ajNRD6{sSuyXb7G@awH@|Wu8aflUksj54@EuD0`kWU))>Yj^N3k@G=QZ5Bv7g
z02y>O3D=pwYUdO6j6!WaLK1;jyOQ9Zpkwt6t;Ccnc+LVh6Cq;)z%Z_y<d^}PDUkL8
z^h)JkX)sWHrv<c0!=DSC1>$v*5fHWPG33{xr3DD_a}edi0Hlv}r7fUI1B7h4(f}ng
zvnHZDC_JQ*gc`FM>O<E6Akf5S1M>}u;%Qp8KrVhbWPkV=_vo6PID7(E!Xh>r#u|^q
z2GI4`HI%jxgxBY$?QCZ{3deJkI~!CI9M}Y(V~TwF(-=T(L1<U#kDq^&xa*DF<6SYQ
zp6r<tbMbM1p`6*E7kIk2JL*y}IhAwCwvO<*ObLJCU_}HU@;JO$oVk~(md&TF8A&#Y
z{aL}@j!nQROBK{}y-MI?uFdKYt5*|>2Ty{?`SWiSXT5fu&m2^U$jCg3iPj@}<C_8c
zT+Dpg-70bU0a#7iViWCG_v;i6T{)wu_}tLna+gI<6D$7&`*KmOkfmGC1Qr(;vr0NC
z``m3Atc!#Z_gr|ZsYE8Z8$a2^5KoH#R9Gl;{P;n1@fgYpOE1ZYGT4MZ$S>KP$hk52
z*>j~}_XuT4KS8gW(XVP({q!D~l{vxXHWnuY9{%_$vunbEof&aKz`okR3M+V!<qvLJ
z(w!y7t_fDh+>+}plfMVPzwvs(z9}r3^TK?jkrd{O%FBDOW)A_!zTcz{QqLx?@A+0y
zt0gAf+<BG!-``k$sy;@?H9*wN^|j7Kx%!QpbtjB^l;^Dwsx=qm<yFaIa@^7U2;1`I
z;TTt;igl80LRR)P<?<o#WA<w`i59Z1FoE4T*)+h)bQ~882W^gR`<mW}mnteM)CVHJ
zA&j#C1xS~0Us$fZe(?riD!HOgoi>etd{maoFqOp&rp(wHEG6;)#YDGE+%Xb_u!}-5
zNK9eS1{khH1A{{x&5&~CM5mDGI$%(ccPNoavptNL9dc$9InpMqR|1p)-49IxH6Oc(
zeILJPH&SS$tTfkKu(0{0t#kDYQ8BT7+IhbDFAZ-dB|ZLDzsO|V^6%OUJ@JfsRBJkU
z)m$(MbF*q^gSJ~1cgIa9&UQBqJ6|z1lrK<nx6$kuoDjacJrFk*6rYGi+eFZ;mhX&W
zQ2y+<#v9?iek%X-hBxYC58Y(pBGMB4bpOc3UiZgre0quEbuY>5r$Bf#xd>8AowE)$
zO~+p)OPC*Mud-NP1@?pBrL*wSY%dPV6@4I)@~|6j``*H*kLo;M%B%8}PM@5RcW@Hh
zwV|ZH$@qMr6*qUBPOrVAV~ne7$B|DH<6U1~^Dtao>_U#UEsbN_n2@}6D}P;4L9uSU
zMX&qWvv)K@w%H{5q}2Z?f5*;pKVvd8)RI~m`B74yo0IcYL<Fzb4t?u9M|RgL#|40O
z{ZFa~>3p|qgu#2?9?maMzkgmZ)h)ciWK50g=wc7l<u6p?w#&C0)$dJN;4bF<49+W_
z?4S;~Vd^T()SiMgM(Y5UK`IW%c95_JgcXp6vSH6IV|k1JKT*tr9;E!en7XZZmTil`
zI$q9!xeV?%ZhTy?y8rsSb3OfHG$y@&usu{fDdD0!R{|2;H7tw+dr$RyIScBiPn{8A
zRo8%E^HIQ}aMSPtjwiR>wA<3I_+9*)nJN`|<@R5^Akl1A+-YYSB<|yL2M*|Y0o_5z
zt>h!i%*yO1T0}>DQ~q>S-)dKS;_RDC2PZo+LpN@yqO&XMRKIKIVlZPKZ#cG`Tlh_Q
zXVWmJdH@<vb`xW+g{sT^RFq>z!))eE48uBP&Su=uI*#&7iNW6nR$E1HYaV62`fZwe
z2J6GR`-YxcR<S)7f=;vNLSAq(Y4@f0YsnSstgI5G+KqYM__hD2U9f-$ql0akySG#s
z8x;-adRNR$sIc(>*I5P+7}FEE_n#QwS!ZZhX0{f@mUnfWs0vZ(_YXS=?&?;*Z`xV?
zWV2kgQAsigyRTlp{5;&d%rRT-^`d2FO8DjUa}9(hIEjiZDTrLQ4Jx;G7yfDgLLa=;
zZ^@%I1Crc6N%x4;$VwqqH$K~;$GZ%p>7nJPZ3*;>d~mW&^8USnqJZKS9Bv{pf&pH>
z^Lm#W4OznE!L1S!DXa;ZLLlB!`x!kS5Lp9|SCCbOE9FXP_)CJ+NAxseNn$!k2%4f6
zrnzn6BT^`MAoB}Ef~hr2nj_O=n;#;S*mWLk!>QtDBQYoot)(m+K2hVUb^8HP!I069
z5W#pmW->M^Xzm9YGItvtV~op$<84H3hC9qE^kfW?m~57RzKJmcYVwtS9doA`F^o4o
zhy!(Rb}e%cu*o^|lAcMI8MsJCMr_zEukyI+;@59Wz=c?VYIeLQdqz#1@y7i0N8;*N
zYdwXeArLKTubN$%!hG`n{iTpf9=Vup%~mBZWO>s5*or|=1u%aLC@;@Z(~C3GERH=k
zw|@8Bz`k7BYuEFE)Q6mn>pK%-5#t{vTd)purp}^%-C#45l6Qsw1S5su(1aladk%Z<
zSh7G&=i#i51Sk;ipz&~R>6Wuk(Qc#armVw&y-k!ixKn|J#c0xF)mP!^z5$H!I*dx`
zL}YE6kxxZqYwNRQoA|K9(h|eYKH>KzpKeyEt}svZeiMwHTM}*2#F|hozTM=q1OQiW
z#h8|eI=dA2b_FyK6%#K9q3c+Z?C-qGwDrX{vkn`L%bJ(|6OYbQ`yusPO-)UWj7RzV
zwt{Sg^duNWMrwZ&aoWenhcB83!(=G_%d1#$rTqv%1Cl0hK%_xKEQx?#pA$=SU1&@m
zIif&G0i1!R{DHw_VUz^$fX?Ey!%{NYr)w+Y_1^?Zu{~@_#H113rU(PRnkr~8_jPx_
z`Cd{YuV0xI_;$#Ac)&_hrg0EcagQrTS^LJ?L@60qnmm;D`#QosbdNK1|LAF*kweq^
zTbd##rX2<zt-JYj4!7)TSAjyiCrh`CI6DBv$QNhslM9Rgu8{55uc-5NtOaL@T-Ctt
z{(-kGtwjmmif=xR_&P3Fxhud=C-L;L<Y|XOHF*qPC@u<VZY~#FS>L{6Kc+5iO<7xC
z9IwA%hV3hcag&q_lEn78yFwi1wQ23F`}pz9wxm;s>ezSoWljJy)?}>>=(F0ys~mf1
ztD<Q^W&zVbl*xYx8IDx^fRDh16NkY>IO%P=JLcS1J0mfPgu%2lHsOfKlj~<*>`2tK
zEb<Q%(yv&Hpp7=qfs(M4aDaikP3xRpYs^AnuDx{YqlgayoL7DnAI9Z!Z`jZgm0WK$
z;xvP0&Bmn;!BOrroYAJ->dFbeAHV!mv6La7uNI3fTLSO|My=L}cOLhN4~H98gXOT$
zD=jqG*w{7?+Q|t}6X@(*49%GFrm~TDS|<OPX#20;9VqOlJx$F&x-q1r9ylJeMOO<@
zm)NAY?;7mymt<4}UR3a_6<NL10|XzIl2G18(9(c>-Onf|>-{~hx`u}tg)bzYEm`3?
zemp$W)6wza*}Kbx#3S({bKA)#;Fv_&H>c_6@E3dL|AcuG>?Do}udnYrd@8Y{#%jP+
z+P$#TMIk3^??>f1JgVXylW4FQFM;k|AJ$z;-z3x#0fIRgpQ6Sdy+^QH@7#8Ddv`xb
zhU;;TGEElja{g$SKMnNurAr<^K^i0RTJ0Gp#JQm`C%ALx_;%b1po9`^gx8s$AM6Me
zFH-w94V%Q%U88fz$Qek?IU|mLp>pMm%J{AF&L_Rm%Uv|+_Rw2+{dbi&fso5`GJZh?
z6S3Xw9THG3qjJ~DFB@gXcH<+?u}?y9HyTwEf@tOR3<n;K`($v!0Qs~}m?1i_t)&JJ
zt9mA)wrt%hc;Sh&PKmW(RWGRaSdr>}GIDs2%(>M>HA(yo)H@W|lb3b!Pi*Uco8e!J
z+|XrmZ!=|T0Qt)4_8A(gl733k$p$Vhq6MP!6z(g&zX4af%Y3A{Om&-QLO^h1WVXG;
ztf5owyZQ*4${im33ltFHv|&5tL)BT3!PkzyaG3A+#Obl6?$9j^UCT80OV=%XUxI(*
z%<{h?Jg;x1x|q9{rK<5n(g8;=lM`i^reR`?j@Z&AOJ2-&(+ZXI?r5DTT?4KjpX@mB
z_Yv#*Wv$<8ROz)T6YCeV+olERVx&!J1GjPUGtFhxV|!6$Iw?Uum9lr`jT_1yoXD2%
zTh+M3I*fl32?*WmZwmHYUMv$38hB7A8HJ!Nln^qb&vdsQVJ#}~-x!U2z)RftD(Z=i
zK%x33dKO4Mr>TdH2T8&mZQimO#x!SKP3qH+0Rw5iJ%Uj=pFz?g<8qkdWrKW16lsS3
zqD6~h;IfGl>o{PM64*4NEd~DG?b`)p9Sp(_4O9T-T_Bc5OF<^}9EnyNN=V{06U7=Z
zviI4+K*^Mg^+BsE(TdWqTN)y)B;W#D5Gal-1|KiY^9$M*Ya4)*6g6|b&9v+X+=2En
zlAH_zUQ#Oq)74cw$4?)tyAblkKq&0!_d6qB()wKsJ&s8Gh$$`k<WW?nY7=3X@B0jm
zHZ89L5E;d}HrAC`Noutv7^IvS_V{%1<EJYkrFwvG)C#wV>{?nXpCELh`@QGLrY__5
zxg#oI{T1VphcDWAor@vC&SWg%Ne<v}W^ytJ-a;YDjp|9nsW<hG97pKMG)qE3av$>_
z<dTekZX>$Dv5O-F`o4p>-qOs4*QGkZVrOZb?7s8m+;P)jUB=-7%?@nM1kF0mVixZq
zxC#@;f}yVsP8E1wM3(}U4owVq;C7A~L^%TyN*7c0$WjjqpG$g3LBr6!r}7(2LlWwM
zo2PD6Gk^X7r5Y1f4Tl*r<0Bm#V%pFR!rQ={AW$Bm74@;VnAXh!c97M4Q5nI(aeuwm
zHuN;<ptrqlnT-<Y(xvbHu<_lrb4br&0CPQi+6Ucfw?SbKX1#0tx%aF^@JefYe?yW@
z(C9wcxG0uXWq_I4^t5O(WRl{EN!gNL6Q#bf<c+l1xcS%v&X!{7V7ZJW_pGu_4Bott
zi^qD;Q2B=mG7!YKoQ;7-HTCs%YG7xUlyIfxqYg8FHbLVcfPl4vWrUS=3WzrnJ0m@_
z(E)uM7}SvUF}SXq0p-$g4Y(uG?A3|UIwne46(|zpYcc2zG_ND0gG`Z?FL9$uwMf)D
zaEuu;5n7w#-|p1?*kduGRcEGCS8y0bTyB4i(wXl?==T}bz}Qqz4^CUjbFY{W&7-As
zU#<STutxZp!@ZKu6jj+CRrhm}g(#Pb<0K_sob7i(!quGj*e7y$q<<Fbd14BtXMB3V
z8webT!Q|L9VWJ3}ahYvW0Oj7}BgeS7xLO)Qi=HcOG`spO#N~Qlq+;a7uFr-&93tG(
zrdgn5*jr4V6uFOtYL~BzkB`5Q9^EZnTnG425MIQH<7AcqTA3^wcn-!$m0+=3%lg$D
zUZ#knB#=2!FL4`btWL|f3dICVmr{fB=SX^+7%6c{L4R@G$*$a$ays&CNKDu=-S*ax
zm3_lAdoEN6q*+kAGu2u6qH?O0*I<XJPF2v2tns?|B@fqLo;Nq;603)*MIa4IztWIt
z2rQk(O~}6RD#4_y{P@dj4=_jM2NHyt53%4!MhA+Wwuzs{v||BONsN|+z37^L@w-v?
z1z)hbMz^(hp03Haj5Y1GaeL*SzukS(j*R&5h8TCX9#yw;`~!>G9si!@|1a>Qtez=y
zm=64~XrIvW1H=Z>C#RK_D41N0j5@#wF5npC`K3I%=<jhj^laQSEc&NhlJZ0*M9}th
z7nPK0cp=fyaOwbFd=fNa;5U!D6_TxoIT<)Lm)qI?`QvoN*^>yvpI;41oIugCZ+~Pn
zwJ3_h!n)4_L>kenUuG1kyx;W{+9c5zvpwL05pK9*B#pg;8Ch!6=lMR(AQN*c0h0=d
zM;<?T7uHLc;g;mpmxw@;Iz}nN9^YPAfnzUVIR}Ey$>zZ!5sp8@G}FynDZR@Gj5Kl`
zLr4w;Z;sp=)6ePA97wpM5?`3y;=t~L3e@7X+1K~;M<%{3w21Bq;;kJodAWBrKmZBp
z5nd#)*Z&x~(A+h<wZ!TX>mU1Lo0Jq4br35lsT_3@Z!HgflUyAqESp;K%t9Tl{*yTO
z1V-9Jk(g$gha*jXt}?Ef`}mEN>!~C~IVgWF7B#L0>R9}KxCk6DbWf~W+YO6Kg3W|u
zE|pZ5C#%%hVbGi#Zjh|&sf?r`l<%J3#}{#QFxCFcl$widy#GVLcSsM%e5%hDR*`X`
zxvydQayOvQ?!lBHtFC`qy<HlEdvabZ3g!)iHMaDXoD4E%jAOR>o#a7RVb*_@5q5n5
zPZ6@63mtq$_`gjsE1S#-S;qXSX==Z*@l>%2*p%3Sd}iEd@P9O%&gYI+@*oEu8%t5Q
zY9Chn?YO1e)^Q&?dGd`({h?aD^R8uh+lEuc6HHyO6j-|6{!9R~J@PS|W>@GbMzD`G
zQL?(6(_M-EML+-lREhj|2vytPp@#wo7Hv@LUjJrp<&yx{*yH|QFpJ|P!Bd;0M&cQG
zzSPcVM*?#U>}C&;+HEn^69GU6k%k~<@PcWEaQ!eK3KB2T`9Td;(2&uW5oR|4$(zpF
zF$;{^!I6}+-4||R*jxT!WKy7TC2Jit6Qv=vdI%JXL;`5e(sVl{5G1MYn;7ksxS>7W
zT<DBv!q10lKa&{4&=MRc4@S<5XsHm}oNR>fHOLzgv^BDxo*ZE*YAQvl^*PIU!%_Ko
zisb<}C#pVK;(#GeQ|=dIL_JLJX#x|`(lOm61hS2zu0)CicNJen8mYjzQpD<^;NP4%
zbFH^;-%ffD`MrVujXV!0k?Q%AViC~v8IyW3nEc>uK8mxJtfsQ+^=jhfkod`ghE2R&
zoI}~=k)U0}u7;cip#^ykRL;W6B~@b8FET|ce;WMLhnher1sqQ<`LCj-{1#mS`2`L)
zvgn1uAYUF&ghST{W(J7Ll<CNfjI+H6FI0C00iU#UG)GItvV{v8ldC5dnortv;C7mC
zApHcc9O8XweU*ahQIi9H41%zJICB70YtRmC8lp(jh9(^vavAHZNKr?Q|ETn7h5}6E
z+4dj%axh~f3P1day+&`HW>^zEgyTD9tmiJSdOd?E%%sSNuL1oNQL{foX7wul*cs9#
zLsZA+Ozk()iPF#sI2!Il!si+QJeo`dpzoncgF7CW7#S6!{eq@b2uSP`?Pc@D!YCTx
zCzW5f`SVkZsCFRA>MKo2dd_h4bPX`9Pp1+NR$0YF+69lBRev1u9hRvigh7QW3-tV6
z2C<3BgaGFPO)NrMAB@|I+By`98?qK61rUS;I!JF_X^JjQSEX5uux#k+^PT=>McS|U
z(<Oy@oG-{l`D+xhh%s0KZ>|v3ixx;Y=;$l$#K%b1Y@OfFWOi3I>TBPNTA#-HkiS#<
z=Gtr#XfPB$9xf<bYkWK_Zk?y>aowXvIhz~AL`MI<zb>O<BP)NbTB)8^XB~&Fm0gaO
zm1welO(atzGOf4Y96UpLyXtNEO>J>D<Pp7tsV~5m8+NcM2%CUrh-VC-^@>$zthY@u
zdJ~kt(akCc=I}e7K%GKAF8khT@SRDR?qWB6#vNoylRrI2FoUV8k}K2Z#1qV^n*6!3
z4~^P0m~;@6{pVb37_OMK7T@+i?5vouIBw>g#X#vNe;Qn1Zo3>D{taSc)s=yn$}<1F
z!@ARpu=ES=%(yr8;Li_VxG-vtTh`xM8if}=PE9}8KK0j|%y9*0oFBtAbv@R~Y(mR~
zMfmzb@Vp@f+Tke$-dxG2hYS^geV8Kf>t{>Q!rxbKrUnO;=`&|4C9t|o&AlKnRrv6R
z_sm0^lY8?-A8eNUq;uuA=D+=F`1|zqKk(jQQ|G{R1JaJ0F_M4Hz3?}Bls|tIa;cPC
z6J>w$Uth)fELsLDM2twN5M#=1<gs|uonJ4{TpxJy_6+ajr@!yqI_C%PKU_O@^`AGq
zr6Bcx=s$A)bx(~JElMh@<Z3t(>BP}xUb;a>K`gJ+)6Z_Vu1A-`KabfNV6cR)$C`Ch
z_kgP&BWbR8;nVBiH{yTmb^qI?vd`SG$j2!u^E(fBK%k~V!YY@W?`v!KFyxn6C)R+}
zZ7L{pg8TOZo|5NtY|XIFu0TnvFIejBMhDpMfLQ?C<z*D(Lq@`bm~5A+M`e9~El~Rp
z0byXtZI*hlFSnpzA@t6F{pI#T`Oe~V|EyvAd-tROc!n!GWbSWjZa#A8P*6<v{i**v
zvsw2&L+uYvtUwXeXXP>aY|pP{$hi!s$Hxl-u0UJ#tw0s`+^%+QxD%2~G}t^LN?#wU
z3z0YGyZE4Y=nF~Ny}rJ_gk5$GnJ&>fC3kQZ)s|QQwev?TAA>&J?25`IbW(2>T=;N7
zpb+MMII%LJc<xM4maNg`xRrVA_caHcD1WUj@pxbD#~~B`%EVRg3;YWPOH`2QO*wMp
zNM`Kr9Xl36YtmZ>8z*>XEHN`19F6zof*C+IrtLubI2Ya>+8|M2aKkdQl0$Ju-vM~@
z9lWzRF02;`|1lhHmkkZ^A3b~+gn?L@f$G}=BW2moq?$$Ayo78CXZpzf=YMhUjQ+i1
z7SCC<F}Go;dpQg2Zt_ER_`SY75pH!UADp7MB3_puA4UFs8{UZbA3ZvPYrTEz*16Jf
zW=!3az1Q`c7A)Uxk9r>ykoRk7a00zo!|1!Akr5;4yI_Z!i4LWqk<q$Mn{MGxO-e;L
zx-JxlEJQvq^$RK@1cuL0cEeHDwMh^vn2Wsv@~D`AG32&y;N;v6=LWdtJL^5IMJc_U
zPh%EN7$JiMfZfA&7>W4>S^=EgzBqpBVK@)#e{*;oZE00URSo$_HmCs5K?>rTHDVqu
z7dQ8993FrnoL;}?hZFxCXwIiR0U1DSu-bU6NrJf+*NNmuZTs>es7j(@Vl;77g6Qdj
zLlUj{Y#ddga$!qTSC6h)zy3PRF5S^)?S>o6!j&r}_v~RI9gm1f^&0~YC_pkQDm;;`
zsp)z%m%qRo5^KxK2kJN6k<fYT?p=T6$%&A+6u(gNz`%4wZ-rRB6(|)1bc%1`T~EU4
z4pI`SLx=u=`{72+@A!&t;Hq6Fx3IQk(fqg@!Q;yD`-E`Wx0XjL$LL4-?NOab^X_kp
zx2gD`e_=b`FAu;s4y*x)b>3%W+yw6cx~yAw?mWY*;$owa7@+y^Xt$LRL|D&Yu=_}A
z0~YWtZ|{}Rt*r;46*3Jd``rzW!D0E+(m8NbdWgghYsI5Ua7t;Us`RN-ivc*~70~cr
z#_{7?$Zzf~-!T=Nmi!BS9zR|oVJilV8PB>wk%j@Af4jYL2m_Y5Rg=Zw6Phz9eyORk
z(ZR!G8S3Wg=YSTi5;6K4c1H`@*p8Z;@06Gr@*g(GvOpdpg-^qI)(C?c4BcS?a14u=
z=CVi*m=I)CRe8g7*DF6eYyk^KHs#;}rQ?MaZw=SOeTT2Jx2NZsNlT$vf3fV+8@Kl)
z_cv%_S4klWL$~Ax%F(|TFFpYK78V5%aA>GD#2H%fBl=PG#u;awcfRA@yXtV)*DHT{
z6}=Nk`QBrbZH<q(#r4lwHD`vjv>E;-*G@j-hgqHe2=+qvw}Y_1IF9X!x$Y}r>ohbp
zgfM7-{ra@a#x8fOA8^Y$z;<2BThXegfdN@*4l?p#n5s@WA}P6k!v+UTi0Q$CG=`K{
zuRRfVoY*=W58r<%SlLn99;du0wWMUpnySnXTfj_R%q=q=Cneygql$`bFhhhu+-rY$
zRj{o#H)c?ydCtcI8=dpWQB!jZ9O2dQ$#4wSs*(Oie*Q&J{XmfbyL3!M?V5sp6^vO`
z;i@UVkdl9fM>-2OyTjwhs}Wd)XNE(nI_(KE=x~)JFL;w&#->N^cuYrUGeVffz?40p
zXm!D)K-x?KIwlK0JYq!O+<w?j%1Nu(4t<?TwqRrf#e#;lM(rDn5=R)G&B{9c3yeFp
zk-o#|U>XaKJJ<`^<8yK4&tP*j25i<$IU)1$re7zF%RaS+uDxXL<=b&@l`nrzyb^M&
z@6d3iVbz1SM!^p`qWb*5dh6@!-PV`$drGm~V-wt*A#m}n$jFc5V87?Xek9ipK9;kv
z*ii2DBx>1W(;dbs(NY|`2wepj<+EM?+Od8b?vrsy|NFVyP?Pzdb(TDSJa53v+FA@P
zUH^SI=9t;!DuKQPd}$wYc_f}&F*HyM-vtvRs^vt_Owlh*(x`~P!o$waj!@r!wZs@g
zOsrWcs8ly0t+q&ji^S^dt>JZ_U)a?pA8SziCq=t)tw6#1;9M<<&q6jfHfLUG%#KVN
zz&9*j!^h_ec4(cvH=a%~Kr>i0IU>w_ZEZ#HQi6$Yp6~~&_L#DvFV`0+ygWArNR1lK
zy67N>6I{Q!00wmv5z{_Yk?EYkh0pfByRFV|Uw+xtG&yo$3sU?{>|fyLf1p?kzzr_1
zs#^5tpQ%X6x&{X~^71;NJS$4EV_H{<8a2$aV~z{s`@BE5{UyqknWx(zDC`_rdB?q&
zALG-ICx)t~h(n>h!@!_4d<6u=-!Tn682%!SU2n1d6T9Beg>}Mf__Uw^%7XgtVsS`;
z4Rij1ErGv}^M?7TEaI$(`Dm#^<%StIB2{zp2azv2K%B(~87Y*`jxSzpMRn&7><h`|
z=6qvsLEUt?a}8rtQE)^75d_qAP;P;J!37OSHGxTeN^Gyt_R~atY_^JPa1G2){y<1W
zN%{`0`-}7W;HQ;`4B<FT1aQJV!@33?VQt+2m|nAH&3XbpBX)TgoQNb|Dnjr_dk<SA
zdWgP0Y3-4`gg^lp+Yb8JF2sErt_BCc*_efDIq+ll9)#N?$B#GSaN*jz)sb?MDbxO_
zW*)nvkeME^Bg**&6o6CzBs=S)2j*-`(q8B6P%G$iQ@Yc0@u3|BR^7b`%+586I{C?q
zhK7fC7qhe*(zIEOC6xs3zTH!bJ}(DR90k8RRJQFs4O6fsK79CaE?kM5dHv&-4IBQD
zU|N>))<-@0CvC?Tyb9wzXjQ|NKdmo=Jz0>H=X*?tdHLo|Ffb{~Oy(?_8;aNbXuqqN
zz{;KaPtMKKp?UPOxcEZU5_j)rOXvigKXPOiJkCpb_p|f4WgRdw;)Csqx#feGrXn)-
z|4JRjcAuT{_VNxFl-xY>>w7MjSFP;o+oU#;bhmo$Kh+S^FZgEIwWSMPtba#@g;S(9
z>|AZ-k}WTDL^2!ixsEw&VBn9V@$p~k+tVeQd8W<q{inqFl2b9=H8MyxK6)njQKh_x
z8#vYq3O+<<Tu<+>?rvVqcB2pbVoQ1V{H$ae4DUZOS%T$o<Muk|`~Lpx;m^a#xj_k4
z*4*FO-hqG1P$iu38qA!;SM9j=&xfwzm%Zw6OAwV)^El7Bf9{h)h#hkR>t4Ic6ejkd
zbL_*3da*W91e)f!Fd-&d1m^|VDzMA0ZxNJ-*~Hq-n_HbmJ+>+x!bqhd5HZ+?VwP=D
z*yGH;oBfE=2DjUoB?k#7#}TX2`z|h5vBH6^EQqeb5>*pm6Tv%7(;qYiTWaIFbyMwO
z`+>jR!RClqH}X_Po_)dZZ}eZ~uM48b!8;@`MKTN1x59CaGiZxq^eqq*WN<wRI%SOu
zdG(R9jfhSAi2R4vKGqMe(Qc$=BeqxXo=Qxe*wl6Py!*}mF^+-G*3tpg{zq}r!=RvH
ze^QW``0tx@<mq<9LMfb9Q&MqUuMlkPomn{nmmJWCg+LF+fo6Tk-vu5$;Jey=hPe`K
z9QTCE2+Kbohf7B@QfTlh*6iH*2;bJb3ckq_Xl!zB-+mugtCeuv(sCDYk068zflJko
za3@@R#!_bR;7F>7zPJe4cM}d};hQFy1%n4vgyoMJP<xOf592(VLWes(ox^tMD)2C`
z!){QYvrR@&0k+xm=FwqP56VVk8~P^Qu!iWy@$ngZ5=M)<wZd>!z`oByzJe&X5J1U!
zoUS4x9newxh?+Se(eQpV4*U)NY@Wb59<^Cu3{7wQb(p1GM|7Y18CP@f(0cG&hs9IE
zU7n!zIrFlyMrgr>2BfVlKWdY_(TzR{lL@lr!c+xJ+ewMkK7Sj_pa6FY#@_GYDKX`(
zNy}e2>>ChqggAuZr$9L3-Kv^bnsX5*H^BRNET?D0QN!`kSvZtiFp+}C8P@;70t~sY
zqsALCxBwYFva*~qP+Nm=SR*6hEK}^UTo!QdUx(QH?)n`S6M1u%aXhFxT#jS?4y40?
zc(UM8cm$6g+2^!N4%;x0kR4y?z@bBhpm~!WDr!c=MJ<fTfuwsOJNt3iNWD^S!mm*^
zAmuCO2{6a_>-!nK#f4iy;(ZEQt~JJiHts3R%X5O)A09yl0HE%H0WH*YEYqh?e~A-@
zeD&x#<7;A{J%v#y%RLSWUz%c5Hf1?xx<WFlhSmDFgTr6!?0KLeU8qfg8G^6*x7h^5
zB7N{%zb3ae0gQJIr9LfWvBhEX&Zs5|V)d1LtvW;|=LK;PDATA*!53KD4Xm^?J+pcj
zFI{>F`Pi8^msSJ(3BZ|M4jXhOY4>X1+gvCvGjZfLSG?Ycn*!naYLv#vR6l?Yan-wS
z5J@{1ED4srNdP<y$7e}cDtHR&E(Hv1F>&aXUTvZ$Rk285Un9LT-XjKnGH~EDm?~0Y
zg7(nT5|^@sH8VWkRnGW@B8bgG9`)hlM{j1t*^17qF*Z2bkn(5D-IjQ+7M7kjk&0m+
zHr#Jyz>n@tW}<pJn`HSAW#V=$WEK>3?@^~9o`1!br#c6sEEl|7Ym}Gv0OQ!PKuoe>
zIh$g;`tacly?%j<g?}SQ_#X25|1O=}DJrV2t9utGIRMy-Jf73x%P$*m?tbzAn67?l
z6llS5y}}--U=$XDo_;`Z@N2k&VEw<+e-jfEh{>P`z$Y*TQEG#mMW42c4Q1v@NxNA9
z6IXO-f|||BCa~#n3PAJq8L?Fu&+Gtg{tnzk+WYwD+|iDHPvo<u7m{(FpM<$Ca^yn?
z4opwM97LS18#y`uMss{(tXCR_llbO>GgI-Da~3{>b>!}<<^ps>>)YFpAzR0nTC;ZT
z6qtjEP8=fV#g3U6)r912ZYmZvLsGIHj(M7}L@N$Iv*_)LeM;*h&AyhJ9h$TB_dzJL
z>E0^wTesb`jK<7af91lNaq<%5eTz_w<}O@Ub303elB3QPX6>p{&5C3j(bUyde4bL#
zx@AtEKYtdD?QCoFR#(!~+k&&19t)~JBTUag0P@h+dH(L4c}Q4GC2ES`OfAY_arDvf
zq^berZBggmO$GA*cX04V*tl=+%#K{Z>fmjd-agp#J5|oln$sn<K{jF(Rw+`rdld+p
z=x0!>54#O~-8w7V4HhNFZN^#8G2n0Y%$YM;kcz_-W(k}u@$`zYos94AI+tp%H~!Eg
zd^8!0+Bd}|e9sQ7jTgg-X!XNM_+ob_b6_;Sh?aGb7>FVGIr8+JK&e*2wTd4Vt3Q5P
zGB-rAgn2dE+t)V_bVLG&KQ<Lds&ZiD5Sdy5(hz|skcD7fu&?DDTn2PnRv>cbPEmIU
zJERxq2^s{TeMscv0NQCYVv<}Y_OGP(8)O0kb}PG1qXI*vY7Y^NAv`<qazAZvEG-H<
zxLcSKnThJI9054i#cO!DCD_ksi^jAroF_03mPd}fLex|*b`Nigc-O!{Ix=a@z@VLo
zLbvBdT5hf*eDAs-q@f~n-TL*pqp%Ck!yy9eQBK%vsAC=uCl}Yk)vNVS?jEeiURb+p
z7d-MBFQeCkR5fRm=q)gm%!H9c%jc(QHmcdKbw@5CJ2mgg+K91zOTghAL!ON7Etp}5
zlHn^(q*a)SF(ySJ{Y&AjUpTRg7$VvX%8_Bk(=CFTGVn6Iff?S{uxKBHj`}G0v-@Vb
zJHX9$z%T?COWu321!_PK@Wr+RNrsy#$PIEvtH(_f?Cn`_eHY3iR>PWFj5*dT;$(rS
zdE3b;2yE`1J9mD@<fvYg@1iR(!4ZNY5qg`ftlKEe6<1w?3D8yauK1CYuNuX%h|a~m
zmBRDw5rPVFUokh+*MI|YlxEcs_JS%3MN<=qwt~)Qa~y#W!RYy1ZK4I0w(tcnTBTQm
zN)!gvh#Yv>0;nEnW8=7+GB_c%<!gO?8ioqZOoe|H;Tt)ls7owbLxYhR3rp`!=5QZ7
z)S-d%23eJthl=HG_#8D@GSPXdhcVSNFgW44cNbYm<1p`$cbe+)MGC4>@s#3MmmHQq
z*wE3udy$1eU&L)OYs>tA?RRe1-u0`yK05!r?Z6MwtA2hQ=oD4N4z?8C#9GETEIWK!
zQf&u#IxvV%gE-Jde-!Z;3O)HVsF2{zj-AA>k@+Xi=|`~re)!xb5f(r%?U=S?O9OB4
z<0#z1l?(T)^LgI7efyol8<~ljO0cYBwVk*zC{jJ|H}bS_%8wtcAaZ|!t5fY#4i41H
zR?A@<w}gl1EyCeP+|kGC2{&)fL{f%N_#4ahoPmKfzIaPXn8%Xm)?#pn@<tB1Z~y+e
zS02r}@9KIj$);dz!GjEke=_CNB&peX85_^@c>>>jhv<dG9GM+PR^5!r=DCcpdJzRA
zI#nVA;FRn@pO5F1+~w-zJH~1ne4a=bHgI##mUjLNiT%Ij->F4uOYG+^TXfsmdFG{v
z4QGRouRiXxQ!Te}PB;$nKUc2QZRcy)p=Dr@TIB!t@VMKxy}ug*nark^ug}lzKfuZH
zJ2^hU;x_wuhDt-v!^Q9#3RiYoyyjokhQ98|t;I+Gd8s|W_M#)nUdLMs*|ClRopbL&
zV1c##`}7S9IXY#i{&@O2#&pWhrp`L&>;K^4360Iox5C1BX5Y>#<vrNo@=s4-Dv*V5
z)F0&wus1R>!N7o`O3hnhfBox2bEIzUHR>che5I=$>+b_&-7p^SSAZ?S;8egLZmPWm
zb8L}+K_;@*Y#b6!C>H?fvizuwnTx*#FvX#xj9?ZB+=FF{QY@=~0ibWrO`Dn{DgmFf
zBLT+0b^~rj6@kr~+&Mz$<b?~HSdfKm0iqV$oQQ?t*{O+&JdS<Q>ea{2om+#<CZTiJ
z6e>^A!J5)s61EI;2X=HK7h8b@6}{HKaZJxN+U;`fABcbP9F#7>vY83X{VpBy_SnDE
zvTtHq)E2_`^YfiiA7BiQ(wD}?@&prtNj4>inR~wXzQ<Tn%s8%K;gTf>kxX^QKMoJA
zeN%h)@nhv!_1H@_pU`jYjIRkd#jhAgTWkbhOba|<3-)@n8Sn=~GqaR1uO6MwQbhwB
zcO<9QNW{&ptX`wU`FVk1{~S1z)e496lrPnBz4zF9Mdmi;TdvW^oU+DQb9al0;etj6
z+rO3~e}5!lCk_Y#JDwL1<qUf`Z2!4p#s6ULO~7hi`+wnOwv8JRkv57bqCqqwnkmhr
zkS1x;TpDacTS=r+p(K@NX`Um^^E{Vkl}f{E9^TI#dq4l_obz7Sd;aG=UC+KA!?M<I
z{eJiTy}!d}5HmC5goJ9^{6rJZ=S_}Ckw&_nOWnpvf{iVN)Ytp?wdDx4*v{K_?8wFD
z|1m!P4oM9L;uP)`S*j~OHN6&e@Ix=;qwORK>ucAody4?tFqBhO#nEJ^)$kv>)%p!n
zjIdt>n!t39H&cN5O4<}Xu~q(4Id)-EZ8tn`4Hgkfd`=qB;caq|Q$q+BDIHQm^$a`X
zf%HQM5B4NYlngU!E13=Nf8ZnhYv?8#@O1k@?b8<DzpT)2LT?-jt-bXMNFR~kNMMPX
zpjyBQ((nXpY%|i_Ak2u1eYsrFOQ0+)%o>q4Ar9U=u<D9K{Ot?zfQx$}JM|1i2;8ay
z{If@oAFsR$xI5PIpHN$V3W@!;<}3D+2e++Qv*`;COQiK%kZWU9fqD0eEHsSKRqE{M
z_|wg8Gmf@`9p4}mg_>K>&!+#dOZJxt3$$*Q{TLbfl$V#6#+E6N^!(p-&>JQoFj1ar
zX@n$QR7q*)wu6#ykdKq>y=e{lV_brns*85v@U}N~WEqwEXZ|U}Y-N+Ojh5DEA@#Oa
z=9<bO<cZTb#hJm}cw&clf%_}1BPJ6**|Dr-mVhfo*ByU*_T0JUNPsalc1M(FM}&tu
zSV3`d7sTyR5H0%wYbaUBe^Q_}DypWohk`FkMpc{!jWmvEvKph#xHH_2N)KnaHz;zW
z=uoYA>g6Sj*p9mIOI_Uy3`r=Ex!cKYsFpAWj|wG#H*@T~f*{=6Qyz^~N+z^RcVip!
zB4`mhzLG5@iW)e-)~;VqMjI5k+_$_H&}~kNNiIXTP58{2Gf(v4O#BL-6Nb%6XQ5d)
zlp=V3-9IgyrOY*-Z?K`N>h-hiH7%AeQBlG?fm99bsN?p`Vq+UDSSsxFd>Qeh59ugI
z6~uTBbf;3lUY&8qpvzx)VmUi05{Mj^zdv;_m$zUr)%D=>-yCrhy1n;rkdD*6JeH2e
zr7YN<d-8w**^cE7H%Q-Js!@0EWTtdoTbrON|1|Ye`W**$eYx)R@w*s@z?}F@Y3P75
zX$Zqxl^76Wxp6YEjY<U`F8dj&Wtexm#w*8NJ!xwp5_3Ced6)vVZ1LS4sBnHnmP#sY
ze3`vxJdOJ*nJ^J3g(8hG!rf`OvFG&GhRQmj8-a620?But8$+4NV|*?+Lsvm31Ob}C
z5#3!`$cSMUmJ8q8Q??VVnA&`tvUS8x3_{n)Y`FC`hDk01>Dwe`vamJLl8XT!8V!?N
z?AbAcL;&lOQd2n$n@@oi3ux*ZZyxg_=sr%itf2r1(FNxMQu!-*GcW4?b99Wt;*#vp
zk^{{{iuivribQLt13|tUL!TW^vXJ)Lgyk3v`>zdq`Re&vW)ut>;{p(6Q7@08*MY&N
zo2%<aQr)6GP8tPBs-9zIn<5W&i5eIjw3BL+PTM9idli-a_vYm12z4=#t-I4?Zenr`
z)d9^>6%X`}IjnwMMah?hU~4zItXb_<UP;N|-SNAkXSFqLq!&dz))?aQC<I!Ny!F{<
ziD94ozyQmOUF}u22OnIP9B;iPtId$WKYQtGZ|{o%vjzaLw$jq(!O&zhzyDcY8F~mK
zlat)h8|+xnlf<6LP4SG7_TgIx*45N>U980}w^bMVe;v$dhqgZnKbVN_1*UBXzPX^@
z>^0H4Zh!%CXWQZeHwo#81Ic@z|IBMd)O`Lj*S);s7qsHvB{l^oWh&a*{1L}gV|ZeM
zQ8Pj<^LC5Qzs+FWlGwKl{Oi!SvPoKQ+<tvO6zmkDgx77gwO!%2m#H{&-?Pt`{(Z6{
zEsA7i=HY)Eyy4#<1BMt69?WfI`s=TJgTMQB`I-e~nSSvS`Pcsa!)fT0`e*2W{`{Bg
z|17!x=HIN=rzL4We%xPre@m}Dw$I7Ne9kd1_T;nA9VYf=b8`dAsrU2#>D5{jZ$AKV
zwrrtbTpFSNSySl$m+Sst-=8i9CJv70ZzhalY)V##*T!fSIp{Wo9k}ay4;X{En@2~D
zSH?TI7&KW3e3%e^Jong5&}TfW(N?W>)nTg*|7vjC^UdE{|LWDA!!qxnoOhQeKAgk&
zjFk8biz2EOW?!w=y!UzH_4zu)V_%*a&~F_a*};}@i<ra8>rWq=X75mC=eRijZJ}p{
z0j$aey|*uHY>z!CP;OyF)D<>7v~{~}7(HTQjry_T@A~oZkNuwyjhI$X&P~nNLDNux
zUXZJ<lbwTOnN_GfM_L-+Uad!`Z;FbiNIn?t9^#SY^pW(I40gKQxFWjKB$TQE@PVD^
z;KAOMmfYN)jHc3lk-(UfsP!^?EpCTb_zwR`qek~P+~>i==g-j);VX;lGc9iVvoSL#
zYk}VfR|!@RyZPuLa*vkHFStG2=+AWG#3MJs*Ts*vIc%Y&mBKup!kZ9Tyko+37w;C_
zieqY$Uq3%si5x>{H5C!>CIw{<yZvX{xrJH(q?8>Y4&PGw#w63#^fAmmgf|ng6MR!K
zR(8UoSQ?|=+}>*(r%XE73O&aHG}`t84p4Pxu+Ve9K3SiwqGGW-HAjQ}#I1uvLt3Y{
zjM0j?2_su6*6Do6G5IoQE@APH3odj!7yCq}X1q#jMZ)WDUCogi_%Sic*pumC(p@Oe
zW7&VkX(BR~e%lG1Wuc*UYpqK2-`q_%Ha5<W-*o6u$gRO%3(1@P@w^iypYA#B5^P_O
z0j>~ylJoQP-{?K>)vHQb)mExe7}a7seZBt_<;h;x;G)d7&KLCI%kYw`JrT(f>WN$K
zeLC}l#o)KTxpl^-;?o{_8n-ddoSSE1x4LT7V>e6BqIlt&zJAf9U_{rw$=R(tmD<#1
zk?Q)4)tq~K@)jAj%q)}QxIT3TIrnL^Z_F*NeL5K@&s^>NBlzO<{pTUqeSS=vA?)k5
zj>@ZKRzIGcNn4RMJ+*#(D)a6hKCAoi%-~q4x<-=T<|+<0h2jV08T>m>jB+I0n%_*(
z)9XX`Fy@*aBe|nRr^g!N_1UnhOJDPp#}^GmsKpD^(HYs%Qfi}`M8CXRg$F2;YGM9x
zL;t;ykksUZnCM^fd)%F0p-T~%pAtHvI8ihZ?{QA_z%M}EyK>P>8HLWC1G=?wmlFot
zx3sa_HJ%E-w7{5m`uV}K+@h*`T7q}7xizG+i;C`D6kPNk$p4fr@?@;NTzbbH-se&3
zS9J2rPaubH+d%8|<Wux@>)HsFFL{~*SHHaftwH#Hi%Rx)AAeaWfRfu0qxsPN=~K~Y
zf#IqEJN=UpZtqm<F5RD4{0m?TpE5V^SVzm$Ow!;g-q+e_zWX=3Xx<|GsfU2x{IHl@
zFw<@G%^&Xh(X~x}%4VoTZ5FWgZ7b8~_M2w<=2jOlaA@_v*u!hF-0?N<<Z;cOI!PZ+
zFHe@9=RSJZhqxt1BRVY-NhM^JmjR05+eup?>ri>w+DPTkyI<d%9xDs9v`IT%yvaW=
zrt^@}N9I>XnLedqHJ8yrGNL@*%loW7d-VsK?)^}5;R0kSXN{1M-uRqp+Lo=wGx2R&
z>$kOQpXqDA{4i&|PVDuD#4mG`j95F}sv-j~e5*nxo2nzGX$I=-bvA8Vwm)<6(Y|{&
zco`q?7RvE6J(KH(sXjWpxNaYR$$jj=%@!GKs$i*M!>khNIO{6m2=#PtWsZZtV<*6J
z`A8XEEb<JeN7p!Zab5piUy&_0Q|7|C+07hI-znh=MsH?$jeehQ+0(yf&V{YFxGd4(
z-H(5;g{!VC-p&5)=HiYLm6fOn&WF>!ywTLwN1gCszRXu=x|!j0sc9MAGISXI$HxaS
zlxC{abfw<B94x6v@#Qi&k3kbgT%AB&VJ0IqY1x`pTf4(y(V2X`*-3`D_YchnxZ8&{
zo++@M%(;5}_nk`qI)0%=mHFFyG?(vQ_2bJn&)C;>-==%f6#RmINMn4MY+&y59!&tj
za|>icOw;`m6Ay9e3#>ZR@UfL|-i$uMAT!xYv}-eq^*~7-vtp?e8ZqU`vTG8C>pgYo
z6H}?)X*1e()!K`;EfarZ0Wi}L$*XI;hJFpuoF#$ntTCLoSIy5%WaZ>MK;g7yeAJ~!
zrO3lXv#55_n0j*^D*Df#K4A!sgW|xuF&6AP5;IY9oVwkWltb+b?oCx684GuOse0IN
zL6IJ@W_|N4N2WS9T~g|c_U;6><>=7{i#_ipGo{0a9Xi`D=koa;7nH!mR^*8bP>DZ8
zM$ICV++w1l9WOK{ZiFA!uht(_sX1+aWFl%tXx*BN)<3hWXUo~Xk5x>~Dl+0g#DGF^
zVcvpS<AUVLH4LSeJH^&Whgg`OG-$naCMy#|(-nZpsO-53k+9p-qubrxkC_ar&<#)Q
zxzTEg-$w-n`7D-(KSaGG8x>)hV9;G?V>)r`)wB^UZ7-jGvR%w3gg~1abC;p)hJu1U
zZ*z0~m`+ZxUf!KR;m(}aJx)^){{%<vmkIjRW#7sdm|BN+xOaME!?wg2mA-luczu<I
z%gwYFPnH6;bl=a1I)kt3+nT1y-R$SOS(h^H`bke#VBhu9<v6J>bkfrO-k3N`FCwQc
zCMBhFy<XB{ab`EQzn1az^pOk0np-@Yz~vvAYzxi0XWawQu&=2>MarifysTB#)c7<7
ze>-rvk3AO=9z|ngd>o(3v_Gz+;+=`mSljA*%kZ!}O7nVc(mq}N3M7}>q*#0K-)M_<
z8*$*#aauk6sFgm|nH8|7ZFBKO>`ab{=f_)zS~o-9<e-ylj4o44(TnKc861%Hv!TQI
zA(o{uV%N6f_S%*oqqlVi5?(hX<oKO-s#AYlo61meXhEXs<Wa|$fwcZu6FeEU$J)jO
z=H6&z<e{K##{Kbg?X)s0rZ0n*?it}+SG7s#C~u&p)oEpz+q<x^-Sj(~Y%r%#+pxs&
zm6o0CW*ba1R7Cw-je4i=WX#xX>Fp?uH4|Hjc;C=IhSu!{3V=KWR`k5UW8fT%<!tlt
zq>s*x8^>=J_m0nHMm6k^-*s|M*3Y(9G||Cwwc(Sj_&8zQmFt>izKfVPtOmv>FFXD5
z1+D@?r+>{Bp85C`<hnNf_2~2k>P;ynv(gSG!O@=G(d@lN1(L7lev=QMX&b4x%cTDr
zoq6e*yZh(+Wg)U~M#CwIdYP%vi@N_-B`dnu!uUz(E1lM>m|KP8R-5X(5xu<+)?=F>
z4<mtN_NZZ}Ax6S}Evb{wFucI$Y~5{JJJ(XMX;1}e0TV!iW2z5LOhy{c1*du{wyiw5
z?&{*gJ>VE!(TIQ-{bvn_c_ZHhqvVgTPL0rF0EjW%>*@9TW8+&gS|lXBPrXJdh-T~5
zSlNMh!NK5Xux~N#F~tTycC0k%#bJYmO>bVRiapuuau8b!(8gPXIe8jiaBOW@y`rE%
zaoS*U*_eP-89RZV&30q?iHS`&rL{%MiIH$8F1}7rZ`y5bTAR*7Ng5M^#E7^Py4M;>
zPtSN3dQzr_9Y}|3my7=Q@+dBe0}dVK0fD4ntv|tygzC^AUp1y{w=p=}{WR>>(~+~%
zrT@jhfZH@yMwY`O&$a1wkt*ysws3dEe^cO}4`lUrW7$gOT@3m(W}sXD{wO%g+B1)%
zZ}TU}9ahY>XMdy+$!o%N+GoVyer5BXX)cq`%m@M%DF$l|?zLW>c8+h@5t}d3S7|8e
zfAYz&gOV6N!h4K*?y~^Hg@&f!F9OV<(SE#>qvD%*$8)=2q-Nnex5E&{r@(IKqHY^N
zY5aF-ed9F0etkB%ow=umd;5_ocAM(ogYCDReXbq-VYaUAy>!5<>1G}O$h@k>uxyrS
zi$I;>eR1}o$_W*B7bgvAZ`MQz*BRRB)$aH9iS2dww)#y~b$67SSnxcHy7fp<UGkmo
zb?T{Uo3g?`v7xslb+yw1x!DQTNTd5{pQBo4t-|#ga_{UB_Ec41voJ9Uu#7g`u!ql?
zJ9Rv_ww4&&`A)7`Ip>03jCM%8p1Sp!c6y>{o^K3&mo4PXT(I`QH#qRY<abg{NJ@63
zw;GK#^lJPtEIZ4pHoiiNZzR)^FOx3TZ(ig;ZdF=$_#U?>*KXG<xd?y1l6>1!aN(4P
z!M^>6({5qZTF`hwbO?$p>(0Pc!jomo;k0qTM|^ZPb?5gAr0dA+%sD@dE-u^RieVw7
z-1NNEtBoE~KSoEhZm^qtum6oFbHw4662qf#{olr7G;=S#1HXIRE_zldvhSK|y7mf}
z7p$7C&2vI*`c|EhSJLR3y-r4|Dy7mqyM_Ag$5^z^Ap73+|C9rZN@#(Qad${YV|~3b
zAJ4;e+wa6ac%;0p$omx<D*7*sMIHpXU0BC)wD4!yxPMUzUAPUi9~g!mj_*LH0Hdst
za3#OKDuH+lz5V;$j{e<XA9bsRZHG#N?yF%FhK;*_tPQiCQc17(z{wtOvCERvp>+d+
z@=uq0=={yM*b?LY&*%f}i~r5P`PY=c85tbt1HW&1*7P@O>RF!q65HTuHs<!r02xfU
z&9wi)i`LjY|Gz^W8Kvg@UD*F${hNGEBe=@~60*w?_<krUm7?1-l$?$RKRRGZYvfxs
z+4%WimzPU}36u|v{jL+&SAw5*f&#CHJYCLF^p91O#Sb(8t1v#_We8YbIrMojlpadn
z2%so*`}bazcS{7+V+51Vm}}5FMsv;a(;FqxAy@m;zZT3Y$ATNnvvPBD3q6(m0S5#A
zywEPby{BhFX_YfD!S#);P3L7KN-tszR8+Ly*4CEtSh$m4U1H@w_nI#OG$<i(S{k64
z0~!^9wIDvTV{!^*VM}-r_qAmTmhp{kpn#0WgdS8jHnxtR^+RxJP0(`$fVvnx$6TB;
zNw7dC0~s{NIo+gHQ!S2S^`Y>QPPH(2xMA0y;1?#ZhSMipe+w{crc9x)3}P`mKuMYa
zNX`MjeTs*tGC*hz-gHA2+L2S=W6MZO5(C`pAXniw{f^lVTBQUp3g~08MJ9UDnn2X=
z;kTgyLci5v(GI|v<UR9*EkO8in7%lpFyFOn7eOXsAWKlOfVO@CE_8Di@BzxWP8{T*
zkbq22d9NIM5bTF#I8hg_W48JwFAp`+VE{f$V#@?x4*CM@brr5|fNZaTpyX<4cta3*
zBppFA)&1+QwV1m7ws!4R_$*)!_rZpG6DO<~*nqhF6_{d`Sd@TDh~{Sz><N>M+m{1N
z2Wp~pxWZ8iT5~&38UFz+<y%PkOTOmu1UzgEO<_}bEP$mi0=XUdKOTd#mJV>oWInTV
zrzlV%1ZNL_C-g;ozO_Am{Fry*<=St%|K>%x#pAMw?=i^OkFZMM1oH{QEKGxb;Er=(
zvI*6qbC?Q|sT9om=D?0XYrmS0ZV($bDLENW@e@+>(^fzJ0A7MZI;jK)3nB%0Brchm
zf^Z5%I^nIagwZ}G<c9zn#`I>a`-R5x51^ufTdo8^QQMs{*VDHk+uH?M%}!tn39LVD
zs>6jq`yKHCvaobPv(u~d3e+|FniAQdTNjLz0+8xLK6VZ^=nDZqw^7nx;5AqgkAPT%
zLj>U&VC1HW9`YS%AOL0Sj8tTM(&=;2NDL_C#dslk5CHydgTcpe|E`u$20WDl;BURz
zwbsGhl%(^R{rHy6;%*;SO<)Clq-@L8<z${ghCYzNC`a1|i};+4O^USxAc^pdA^;OC
z@A7a(Hb{tP0dw)KHgY#^1}LWw@u7r<LMS7cFroijHfBHC&%NcJM(e23`VAYp9v$+d
zd<C`w_U6u@vk*8EZYZA3jm3p|Lb(9;<b!73CdWO?<gxjdq090HY)LX=a74Fbw2&oQ
z8t@?WIQl9A*MKWZ3|<;;0wKTZ4M9EUNW(pX05{-H^A2l-pnM$h2AHJ63uGAu5vChU
zeLoY^DgY4<N_w9`H`TOx0247uU_Fw7+{0vFEzRl~oHqGp4}qfs*w8jQI_KzUHsD%U
zu3qgs90{K(^hu=QpNln2fG1B*;$wj)71Swx^$A`VccQ&gWCa1a8-)SmWk_QJ&2<h*
zZ>)M-OUr9qXiJQGV1+352}KuUcYq<0aptFG0>F*(cX?7nFMLYCm0E|A2%}vRk1*9t
z54T-bG<$I&nX_B@7mD^o4?qJ8lb9MM0fbEiHLaVl=?Nkm--E0MY=(nUev)8E(T9Zc
zoIY&=zPstmrO7bI&J7s4BF}j-kc^OkY2u3VBoj>ne*qpD;KmSqQ9|q?4;WDnF?;gX
zBzj`oK}i|5!hM`!0X83&J6n4~(~$&QPm}>fPLOGsP#_ykzWo5iA%I}~y))UoeSO8j
zyfTd=;KrUZe<^@#k*_VsJUb&?dgRjludxkyE?Ff;^sOnsi(j#W`jmguV6Q*FtrsR4
zTD%z;4ZebnSyYq>_x!;{wST&~>(;WdvEdx?=F(S)axs<*S8ye>KamqN)6;PO2-=ee
zm*hR*hEcF59>Jq)IQ3^85^J@p8*WbJaI6JPOBl=Wk+U<74;NsToFUY!bjJwaY<#fk
z1(12(+2J^@@06LEo9Cc_2h!Cyb9OCvh(c;o(hnd@dwFx}Ff)SVQ(M|}&r33U1tCJ`
zrSB{A;>fBjqZg`zxZ`6u2!MReyEA-15F#}P1q52>nhkrqyS4V3`!bz8xr2=@IyI%V
zW&GuwsovitGtp(20sAF`UJOZbgdD)q#PDZ@@sF=(5$Osr{)C9-28_B-XWaAl^2!Cx
zKnbQk)?o(dlPIN_9mfCd$5{>N9q0_=m?maWBj9k0HvvM08B8K$Q<^J?t@WvvYzRZ$
zm=6*_B7*XY-+@XYC{?702?@tEGK%qOCHu(G{o^1TtmhMk*R&o1^9z&%lb+&TI24qB
zQnBKU+Wc@6y=l47*b+3QADP0$i@XG74o=}Bu2bVwYB#266mlGXZ%O5Dvj^XK1*TwJ
zQnF8ga^KO~qXUWJp3n|583qW^a>F#l9X}xhQ3jq02OWWDf{43y&z@Jq<{x*26!dFI
zEbWrNd9&{vKY)kU@#WF|2M;QM7RE9mB)9i)wt@)gRRAX>U!B^5JOn5-GEDr5W_jEk
zd~r8k`mHH3+M3#h2#+vOD8gWO<4U*nXjef)a8K)_)YREU&Ee9{u&{|mx6EDVE}Xxx
zdJSjvY0qs;r{C>3{WapgO0c($Z27sIs7DiAhl-8FFYP*VRxe0#0}FM(vWnnF78X{C
z*p<;fXa9V^A>j8tr!ocSZo7Lwao+o-ZfqpU&FNM8q>6v+#DZF1r;4o}uoFZkkl5j3
z4qpJl{Yp>QOL+XDn2?2H-e-f`Xb!~h5f&B+B4i13M(1=9BvcRS1ntv=-S$QzIu~VU
z2iCI|;N^Ol^uu)VL^}6}e9W_n_yHn=*s4{lY^K_sYOql+zUGm~fk>>wV1`=*I7rEB
z-o$#=OsM1&uR|n25ky82r$PS%+AGW>>MNkK3QuM5{UDui6AyFy6QPQF2pLJELLjOE
zzzBB_4H=dWdch@}_-O&U1ah7j;yufl8jzdUHCy2o49E4#hz!6jsu5s`x*iTGZvAFs
zomh6?SoN)}Z@=Y)_RQ%ocN`G%Tb8&wd3E!hu3g6Z%}<iOU|;d+-kJfdSO}m82W8*&
zL9Rn?8n&<!kB91zMR6?e#wD*Y3MFX;u)``mE7cD4I0l5hCBj&cV`KVl^X5dewG`v3
zkxkHA!;fJ(vH&9g2P6&iAAe+3w$pU>^aO)bA>njae;m$ac#}7hG(UO!Nz2;X+d-B7
zV78NDTqF&9TKs(FQR8RXLK$NG`$fWvW#X)jr?R1X>%MPU)={Ce#7GamvqY2vAmreV
zfC^pK%c5uy#GThY6OT21tM7N|O%^}Rnut}}lC&9qLCnj59uNUQK<@nc`%v-~XSLQA
z(fXQuUPMHdXQiCuFZ(35K;Qz2(G>vl?w+38hox2;iv;}q+F9l>c6UV%83vy+RUR5j
zQV{c!qbkLCMU-FUT8icJb@1H5PxBwzEX$Lg|N3HY+yTZ^;#o;a>ihM2IFapM_4CG2
zDB6KP-yU)Xw|;$f7#6wyxqs=cD3sXCKkpCuKEK|dLMayhbu%cA4gVkB)N%JyU*980
z!-?jvdmI3x#G<gSh4{1rp<|8=uy9>WAur_GfrtA8rwF7Gh^7*Z#NDBjsYJ$>r_NEb
zYHl5+U%FnoLr82rBL}IAA(+m`Gl~I=>bYIUGtsbxhxq*Aq$CdFoN%shaaf%9+O(b`
zz53_ZGE{;kRz##Sg-HyEBW^Q0fcW5i!w=z$Soi%YC%A2lN|FWm`PD(LP{eyMijmWC
zXn{iEW^m{vPBTexfDnMQ#2cVXXlQ5{`wB<p0C3*8=ae+S#)Ty%o{X;r>{Jjdk&@qo
zFiHq6)~D2;U2Dme7O|K(MI%D^g>Jt0=?!oy$nZr0H7;j~PP=}S1G3%ZH^|M1Hz|2r
zR9Vh_jUQ(?cWxjOWW<~eXPQ2uX0ZN_V`}f8K7G2ijqAVxAwaLoQ6r4!A8`AIP*4s;
zsd9f3@+e(2wS)bo{P;pqJQl+48l;qWz}zswQHP-psYch}U?lzu{t^vlB~T`~=<ozO
zblAQ`;_4{mIL~L|m5RV{xY+e{cL#yKDxUK3RXx55$d{F%a(a4r$hDvHurP8#H5Ue4
zJhomrM9RB5I|G5(RfcRwrKc?qOv)nFQx$Ne)uGN*AF|u9c5OLus6_Syx4f*{0lb>f
zPFrvvpbVjkqp@zA6kh<bwyqw-L)iRtN!JYm?WYK<`zv--d3qi*(Sh2?DjXhg7z#vO
z1a3nN?m|0)0pvV#@}vS%H+gL4iw4M^^Rco(>8u3YCJbpWGb~5l<52JB<mC+@vMb2R
zc@QcP)>Wa|AW~0H5cGlbkVS1!3qt7|q#RyNI#yOmAV$VP>LY!ul(#Y6HZcQ+Ibt#h
zq0k5^+S*nH&$W`0i^!z_wt0cdAjsR>dtDy#Ss}0mFGpWVAIEu1bWOo9sU>#+=xY-C
ziM9+8j6n(D9rcn^&;1=sPCj@g&~fd%w^=|MNAbnjsbV4qSOV`-Y!Y&?ARlDevnF&Z
z{pg@AF)2jdM67+0<HW(MzG?&y{5<l}#$?kFKs*$1-#2f5f#{EdDjYmWk6HD{!hull
zs6iHHhm(gGsFSS<<vR5$Z^YgWzizw%x)Bg-jbhY;z6tqcA^-=jt}8vS0#bet#^jWg
zepm&IU%I4#!V>8}hwN@pi4;&XF^S<4`YVH6^eh?y)uy7@E`-S|7H1XeVq&n&%*)$k
zmhSKG4`rqrn5hsOhD>PlB-;s#i0GpXzHMv_u3Dhp$t#yt@ttlw8t(i4ofX{LnkaRm
zYn(DWluC?=6;BC39z+^fzzLQE0JVMakCw-lp#sQL0O@<AupW%Sib;ahT8qNQSsnTb
z@BjRBx!uBaulqY3&GPlVZOKVV-;f&>mX<1@c(^DLTC{uVCYNBFF^XaNR6pG(G!BlX
z&lB>!WAgTL%-<@t;}n6}F8C=292^`V#UGB`puavQ5T?4fFAkEMIlL5ZjaxA4GMF)i
zoHBkO8+S!avGuiL+-XuN#=%y2)ykD5&G6;7wTOA!(biO4Tr8)c;02|znm9e#suQT7
zw(r={4|m+0nPb<XN(h}C_Sp!<Xg|Cp-mFii%61<1t6lBwmxm^ci;AjH?T%yTgd@9~
z0r=mnPTf-elmOCeDCt-~D#L;>2VZY`cJ`%!sj;y%^l@T_yZigY5T#)Ac@s}+bZjiO
zhu#hOZ#Y=>aM64Z(A>Ip>)bzGeQ&%+e0SSNz|vSaIAW{ySyJ3kuxU>|#|~<4RzqaY
z8CTZU4%VCIq<pP?vveZ8kpW9h2^t26Cl)gIW2i9$34>5%{^G=D6BMV5MFERLXltRn
z<-LcVzWeLfHvmq<%~vc%CJtVxUeG#1KCEWQr$z0<UxF6kkrJ28YLqb@T<XUkj;2`y
z+{K|0!@2DvAJ*Rta({_Ct?w@%Xo11?x{VtnKe(bEB$-{XkM&WNxN@P*{BqxIchJz}
z>vAG52>U`sPVdWW8HK!QI|R(ZRucm2BQ?r|Spv@)kT{wC80VqRc&I`=L%vF)$;oBQ
zDeF5H?-B_iIcFG(<5<7Q11<*RVJ4=WxMle-jWR+3b;h-YA!iTX$j1l^f!G<46g*$N
z2*G{_!4A}7dv``0E|6d%GIE9a`Q_l{5c3dZej%T&3j3=NfzbefSpD+~-D)tp-UIL=
zR*AX*?o9G;Bk`a^LC}IRMGXQ=0P53Hv*O%bVRuQ61JON*`bhoYF076-R$NlD8nC%2
zP<aMGk04t9c&;9=Uq=#2h%Z!ZU|8-w#scW>=-9tzjnj3_Lt@xL9?%!mYlc~hdR1j#
zL<B4GgXQH_#iPG%ZqB8@r#J?n-FfsmW}q|zXOq(F60a7AgogrMU0v~JOk$wqd8MYN
zk|Y|-1ciwg?+V9NKNB12!|+!M0F3M?(pR`&6K7(;RT;7D!w^($CK_~VqBR7`S71x~
z@n>HOssw#()zOIwgtk;7*oASZm^;x!U9;Ef3{HV6a-gIRXQ-C(PpUnL@u=%X;*I-x
zh}eRoLsW&gKvHr+Oi{ZL(tlpMMi{is^oK`tqDT4Q{(a&M8>|UC*PCq_>FEBebnwv9
z(vnjR@Vb7~Dmasw`wDq?Wq<xWj;Irg!w}z-Md2N*3_z{Kc^EWLx)ay$ldlFH(e1o>
zpFW)h@*fA77Xj^(kO9EBJ0pZf5rBOxT1$(Is{xKhh&RRYN^*K)3Zh-?effGwU%2|P
zoyR)_RB(;d(Vl#c2SU`-F(})(i~T(6sVcB-BxsbEQMg}tR_Jo7@T~PX#>1oH4xJ9>
z^&-pVG)Uh5R6nc4GPOq;^6ik<7{|jx{^@-f`3O>=TBP$Acc(Rr8P=(-Fg(<yT=Uas
zm9j%#NlCZwcVqe_BZ_hF&*Z&%88|;j=^+L9{@~BVv8EoWJBh>)$3gxNV@gg@9H<Fq
zJCjxelnTAE7r<Qw2`!^2{S_HR(kzOxDd?$+4d;-eCfWT=Ps4nGy#y}&0=Tvx%$O;Z
zH*`NgQ0@TIcuqQ3cSaVJT@R7!hwWO*_s(#Yw76CNjRim+N*v>Tot=aOW6tlZsH&>k
z8nCS95~epnLKKS2b=e){lkuaix#VOjy%F6=Jp^(h2ZtW`4J|GC>jkC|wPO-m8TJ6N
zMZ$?f+41vMyrDxMwj4VTEEpCzDUK|hr%<GSrQ<cwF)$#W+wgB`s0@JU=FPvBvTx~&
z>invxIo^Eyx!}W2Ag!l37XHk=lUDpn>nYL~e`Wgr9Vt4#@zs;65)gr<gk=I_tc*ee
zKc4r0RV@G0THxwQG<DF75pzeM{V-&}VN2eV(xjSZ6$6%Tcj3BdWSm8^aJGRAM-bXm
z#M6f47mQ*!c!+u$`ejG=K)rz?EpSo`5wk7`oukpo$rmqQHkl`0MynbJxcqfFc?|zw
z0dElrex;Z@WPpySs@l_IwPX!GXuG<MlC)Yl@UlA|l2*GYYcxs&I-rs_##bN@KO!#;
zXG4#8D)s2s<Gqd88bp>B|2<_yk$gpwxS%>Rk!AK~InsE{4?Q>0^Snc{*N<aD{?er<
zc(B3Xl3XF#ifI{t2%?L)JJv)Tnx$mJqG4l$)WP%FvjAjW{phonL!&+jnl9mBMv<+p
z_plN9C=CoyFq+QK&K4pj-1Q#<4ijyZex$=SWrB;4`D<I8*8rJV9EY3==*dK41c#Hv
z0pZ8x5H<Okvjas<#Xw;IvxkZ_>oMY;FxZ?-l2nqwf*|8;*OruYiX_5^F1?aQlFkXE
zXmbcXd`Th^1pLbxq+d7SyaGBgNZu+a7LxI`gD@@71@V_1#YU!mIv5%UfR{ieBo3ou
z_jf>H`_2fWR3ox`h}QA98f1t+b84z>i~y)Cq3BD&pB83W4)X&V{pA7o(BhRIIt75w
z5q5SN#A2Io0Z!wPlz^v*FI+=wFm>tb=y;1qN{pn@zE+K~H8L=W1XY04fx4Wq`Bs9~
zlDnDKZ&Rq!$mxo==|dZ<2JYbRAbWFRaeml=WJJV{XfxjrM=%oKliZ$-O$x3w&W|5g
z<89@^jY40=b7$LV?nXTB4~(raKz7^(5+9dVAr16ViIxR%89)neyxobRKj_7kO2~qE
zczOn5Asjh!1m32XXCORMjlN9PtvKAd|D0=!VV>j^cRgnvQVCJqk;^CvwxdpjeTnlm
z6i`^#b%@o(@e9FF)ZOBHeE{kcDC-LwrBl5^>n(8hVC1BZ#%?7P03rZzzlj~={ti67
zP~2J=)Lf_|UdqJY9fv|ZIwDoY#UFRN3X}E&PI4OvpHO>V8W96=_jgcEK*I#wPy-vt
zXvN_$wgU&zJ*v1ob#Y;qN!{AN1Gxn}lEOi+E^26)_8q#c+-VH9G!EuVkop5-?(w?y
z>%kg6SY-~3`6IO2m(KB=FZ)5teZJ7^upk1GQw1)D<VS$HR*@+pyj`ymn;vr%bNsX4
zW66<+Zyo~TiwY=5q(T7Gjtg9C{vTN@AY_oKcc)OMHHqX*Ugt^gfdk-~P)rQm-yuyw
zSP@23{$oOd0;#ef6+nOb_IZf(pzm3Z#O0V6(>ghn&QBSMiY10l70^yPC<Yt&TGS(`
z4|r?dUlxM4cZzZQpBWfiTtC4HClYsL$JZJ+<kZy2qn#d(1s)7u<9m>I+}|PL5Jj7S
z__j0ZVW7qX2~pB(!+*M{+=A@uP>2&Bb!28wVE_(hY&7<^2d@B<r7BEbqiL^LokeTy
zS!`^q-f1H<vpDV2SBF73foW$U3Q<%{tQ8ND!V-V4@855k4>iL=sFpRcER#il4^+OQ
z@JzyyAbyOAsleuUp$;P(&)aJoQEb7_&rcFDF^G!#kB*MQ%GRW61iSY=Y8UsY$3))^
ztMd<Jn55!IJ|S;rHqK>7TQCPTA`~H9UVJMkS6Aa=s{E1od%k=bj{dc`KoN=zL&GRc
zVv%G8BgrSx0h?dzm~4Dvq9PLb&=LW=8Sf_~cLl#mTukgRRRuw!ySG=u9fQlrxw$(J
z9zHyR-3L&X9M(Lkq0urZY-`J`pM<`$48{;eb5UeKhb<R`iqzL@qNl41Hx5Sv(#E3|
zhCl0^r6Oi_mFdqS=B+CT8YGUO1=HV>nuy^KBAA9@rXubZN+@`hzQc$_JY_U0JDmI6
zVIx*?Q>xwUEEP2NR1~Tz-{**&IUY=Aut1a+F{gD@UFw3>!M;rxMN<_*v3Se<K-?~L
zx;^!FXd)PxAyf1?#Rkh=6zI<w;cBA<Re)ekL=zs{iHHVX=1B;cqF14a^NGkL47Q|_
z=24~HWJ?Gp^Rbz#I6#oC1t4|waaKfezWqw?&`=bT;XXw29A`%?W0bZ;`TvMo#{l9X
zrh`Y|ii0C!$uAIr{CY1aS=&`tFIWb-3L%fJ36h|7-OHcydHC`(;5*QOFExYk5xz&T
za>xbT4UCKf_4|8OmZDu!jne1_N*346mXvt1e*uW<?&*Qw%r|Tf_bAqR*GG>o+uLWL
z{nGXIt8@qdUyy7IA-cFYSE}NwEif=ATM6rt6e!61(Y?1J!TiW$u;qjyE%6K$2oB4m
zeTA%P|78&YhXm!nF!ViEp@3C{ocQ8}2=wY`cnvi*WxvngRdf>rpDFIn^ldF29q8My
zpDA-#I3PAkrONB-zSom|PI@C>9_RhXBI9VhaXtDB^!zq*?&H~;1;3$u+5RLOQhLyb
zI9SErjdgK7r^%VjYlDM2P%okGR`<D(L9P-(3&)V>r>o`o9ef=2;lYJ{ws&sTQRd9(
zc}&b2uKrex#NaC(j(L5^&Zt0}6qDKgU}TyPHp)XTN)cVec<_!Rm154}<d(tQ9KsoF
zcqEr9J%c`xZsqIOudx8GHS#Befrh%O5@H{^josErCvv=cyh!-Lcds<coIi*;2wGuM
zSQ75<P<W#aPufbd_zWs0<pU@wxQ;p<V`gSfI6;V}TqsMh4pi`OUN||4#3;Li_FRc3
zl=IQDV|35S`G{}4R6p<8!+E<)RICyO51c;(kds5ZUl9Se1}y}al2Mp#q2%`h?OO{c
zFu34})vw+D-;5I^zW<@V1EK?H6`qF!3g*<$kuNFqBm-cSlbeQ#7rAN5b~w0+O$Cv5
z_F~g8to<45uWCi;HVG?9R;+I>@u{JFoq4L0B##jm7kE<e8~)+Tz58xA+L*-O7>bEV
z{m(p@;@z0UmCyCH=RjGQ0EuMA>k+P&rU(mz+wsttpCG^XIDo>xavy$+<TB_71_{hL
z|8a=$hR)d3R2DgXP<9rV4aA?8Di?}$Hxh2gOiUpZ(ajIari5*8y+;D490NM&Ul*4K
z3FLh}$OpZjium$&<4!dFS$7e~6ADFsD>`PDaZm^azq3M)59JBdx<@!oyw+}f?}fXg
z-S@lW&7-GI)syRU<fWwIODz2y-wmPW=8ER#W|FhPALKITKbRvOiRtorZGCrlUNCD`
ziJ}LQB<ChCJtK4Gj3Z=^-y)V46c##99zx}X?@L<VKOBfSHV*Qe7?^o&T1EcC@rVnq
zc&?--b~`z0DQ8UZh2GE<D=a1bZ_LQ=_TZfK+O+i7jz=CWRVw7A|2=bp1{EF(#nMam
z&}LPh``3Be+Rn+;xU7F~NFHx^p>^$BEge#4QI2fEElpHIL}n$$Wzq$70JQpkC&MC5
zVu!u-^WSrc|D*XxmO*z{fkqeqSCiMLpPOYHOiw*gRBH|p|0`_9*@gGrzU*8Tp2xdy
zQ|+G28~e}s*#sAUG3CHQEzGk_yDr!ax85T~R6fCd5(>Ih-ybh&DyX5(C&+Cl3D6nO
z(UI19y5qWWkA*d3$~0areymNKNkPMjd9k3gtEUIuL^#}T9`zrMF5Ey(IMMCXyPd(|
zOXW3h$PtH0BrbSu3Y2Ls>>V1mBe83gQLtsWqWxiGdW+wZFg`Z}Zm7I?*<SVWJcfpu
z>E82IIyls3I*N>{LoC^rst%D2@`#90p)C;+g5vYdg@yeOJJK6)L6186<BtrazRcd*
zY1&t*g)h}QYH##Vb-LNJw(jfMc{IaRgA(<l!u&{aMTsJ<dwFM+`6-r@)pyG>IPE6p
zCk4ZVH}c|8R|pO5?P>_}M=OuDuW;+PugUvH`v(IvS`WmVRMl=Z$o;;cw0_6Yy3K-n
zUQ9aXQTrR$R>f4C>aFwUk>I!4SP@&*v(!6goyfKur9XXn#TvoTr%Ws!P#}M6fH6ya
z^o5&0%1_WO)XO%eX{Gil<-2cp{_Bp&*p)dA*E@51<Ugi^e(dyR`T5nKF9h`0Ie0vr
zek@y^uvxP1g2C*Wvt=b!<?Z(3l5^2}`%f!DnM(0iQ`@ZDpMEb7;es3UxlgiO?Pqnh
z>Cjts$v<$cmrc}N*lk4dddFdYhBVRE6?+wJY=o0f^!E1Z*Yt1fAK;g9bM<~Rzea$2
zAmah6a=?$ew%YHfUAX3ALO3m&<(Lln*GNbx>UDKW4HU#I%kc`GykqqqHLu~!v_=_Q
zd2r&}@g}2!(Ghw!vC+Lhk`7Lnc`&Zx=azce>dgLnaX51Lu<^{ED*k#pYKHLRnGhQR
zKDliRr!N*1=&(GV&Y5PTwcUZ1|LP5Nk)3%`G`wsF4#=`7MAbQ-4W#A=W>Y^eroDrT
zf~-68%HPa~PrR?6zLIVSJK+&=has%okluT=eeoZ-yC$nS=s3H?2B*KtifIXUI%r&(
z?+Y=Z<ImN=>uFBeMajsNdh*%_@e6k6SRE~sQZCD6+_hnq%4nrH^^TS9qqIlZCn1N{
zg!X0&kuN{q{i4nL3HDK)ldV8SwT_OycUjVP&6mD5msYHHtsSaQ_x(|(M|WyUEdAqk
z^%(Es0&B9o5VYjZrZWtNCf#$`epbL`R>sYS%4(h<3sL2?S%J6wF_#-Z9Fu!ybgQDT
zO2_#%$Bhq(!K*IG<UN_}>*OE4ITKe9thw|+{Wn)f(HpTab-%L6yJFqe93V8Jl4u_Y
zHq%>g^_TKWy4Asn37+2s=ctLEPp32tnr2d3tyv^fH7EPg)a9UWqfeDuc%G*>n`-nv
zPiXUz4%ZU*D4OV=v=8S=ZRRj5oW3hr<>>IVQ(sCxcY?0-qE*iK#<!?Y!|Y}g8Yc^M
zf;(q7-wCj{V>mJY%EL@Szm8RYJb}Bb^<B)BD;WyzG}Pfb`AmEM2gg+3xJ{;oqhIN{
z+jMHcXrNrtDZZ~nky@J@e}wtCL-1EWHv#!_GlxN|#iMAGDn6g{uUgx-uW?~$cS@px
zzCkmM{I%WCRJz<Xz``WPFl?>(EIK;u2OZ`)-8~DTH7r8oivrdfi@NrSpKH^V+s(6`
zHkRW(xk@OImN``O{#wZFkiP79zI&hk;O3^iFwd)&YLONwn>iQe-D1mfYf+oeQsd5u
zD<4mMT~A`2Ug`I~;6IhD?Y4uB_%;VIujeskaMmi-Zzq=;wg0r&uVtb;G$vayw%G0`
z)kPKEJUIVNJzmew?XVGJ-*uZ5ZOO5^1u4PuFTVxGGvBxnqnyTIH@8TWax0^?E#q=S
z!wX4G7O~zk4OrVM<3<a=Y}-_|hWEPpXcwEdD?e6>V<rxE>2AK}aEQsx$RqGDikYm*
zlo=MW^|FZy32~Ykw^l+F1j_OwIvnF;P@<Zo7JEE`1937Pr?Je7HN$nt(~gNXF4#ZL
z6{OxrWwC#01jcc0jo>2Y1r<$}diZL@385n9$(@IrSuOnP4r~rp=CBlV7YUgNR<_A|
zGXD<kq|0o@uLF3@_jG-4KI7-NHz!ITz7>7F?b)lpW%K)sx}zkaW^c};=4ZED%$pq_
zVnWg>R*7eb33NF73-K4UW3vq36~1yv6}6<t?4cj<I6V|(-PJyHvpFdM*+^GKXgZHs
zQr$Q`A75i%9Y>~5OKtpzj~^?){3cb1e^KgpQ67MU5}Vb4z%t^^=>_J}8TA(Lmbq-#
zb2-J!{j{zAS(tj$mBWX7%_dtex*RRY+*>!>Jm1MsQXQ+KDCX`YVykuIhHpBfbyd@4
z7*ctsSPZhF8bo4y5v6Qe&j<^fu&KYlv)^KXP+ATC4LMe@IhjwUnooVW+h0E-fHx?t
z$+>{1Rt}Wv#XJ$dljku%Aa>eL6O+EV34h@#Na25P^`)DQaWRlJZit8>?aCjtOKnSs
z-mhQZ98(`sZ2lBo9bdGfuy96b@7_TPer{}IFIM%?@o`COi=lUz4P#+jtIyYB=>nR|
zh&nEl<#3<nV2kCMN>6%I0|Nu+*Z!VVr;o90dVNLuHw^5$+jKBP>#hhLSHj<V`WroE
z1URIirbZd()-kHu8mA8b$-Wke=m@0{4-eCs1t$jT*L!<W&M{L}Y-d%_NyAc-d1PAX
za+-J6{o}`la{ft9Hq*z&TKf8`9ldF3bGr=_S({p00wOOnyf=91^$}(ErAs*y@{th{
zoVRoxNNh!y@>`aU#?3x=TJcx#JPFy(Qa3PQlp))@hNmAgUgj?hy636Zk!9-7-j+cm
zy12g=dM$LP-bjV!MQP0yI*+LMk!KK&CP=mixBGYrcbi^~uW?P}!23(|O=2=WBM?OM
z&P^EaOeicWW1F-kSqSr^KleKx36&bYGBdtNFL&jN-(Ksa)LXa27dOvZk1Z;;q+0j)
zIXv-XoR`Zj#)#4<nU34={jtrh(G^mB3O%QvJTdS3Dy<3=c*P>GMdq=z%A{28TGY10
z^al(tMJs!NKD%4WBxVJsB?T8>DfLUH?0@tqL@qHZFx1<MY8lPk1MoC6Kfe$<_i4ey
zrjg&j54nGmmhO+K^h#(muT#hU4SHo4loi((Y0x-Y3WQ~i;+?rIcGk?T5vLw*8mWD*
z8KPVKJcFIi6{Z?mk4#&eljL<|Wwxgum4VLZI){0Ks)&<V`smVO;^##-Sz<L*D05k3
zXvmd15G}?e5Uo46&}wLX!gqE~ZD34;@z5a=4(-yalsYe;g=hOl!@A44JA`xh;(jGn
zedyYC#&bMBdvjltk=xDTj1}<xRP^Z$3R0IIP?!{TM@L){siIoH^~P8I1I0c!F#9Zs
z3lO#z#+rZG+Nj<5<^a~LySqJ`iQlm1z3nOcCH3@rwK(ah7}&BL3i-b4@&%Q|3=sen
z%16tO|E!c<W~7Qmy06HNmu4De&Ys;o*{|@u{*Zs}VGa%nowDGY*#ky>C;T%{t^)=)
z!(PBd25=07xbEEM*$Tf#I_h2Y_vEFe->mSryBy)4*xDM502lCiSn-*5NwfKQy_EYq
z2K!TnDi*9zN2j8}9^`K?e!L}I`{K)Q^=^U^DWiMS)EB4qBT9o_0}(>)?vf)zOD3;S
za8bOqM;c&8F1Q%&;|}r_#%7TUQJY>^3P#Il@>>q2smyg6qL)NgF}3AcV6f)K-6{E4
zjN`A;cBjii^!+4#rgE9O-jV)+nD%=#>2@zRF)UocH!v}AGMgFqS(i6FTqb3GLScN4
zCfTo7!=0UDQ5vm`(4F>Q&-4vyxQ%AidFp(N?$vI8E1i?a5E_?(we8rnktC!tEh$g>
z%iFKO#&;M0)Yo|}KW=_wcdyJ*-(bG6w1sr4UA%$n?T0>${Nv^K&^B;gy=iY?cR;j!
zy@T6cbsElWjrFun{S^XkdbQsl1nsa0zU1=;`$?~(ilaJukvVd6+dCIpjw83)K+TM1
z)p#TEf(;3ctnbwLhM*7~FWVBk$@piVu1Y&?n)LLp(bBPev2gmZsJ#?_;F_UflIAZs
zpSb#G!rUxBm0{{W#PAbuYx+^6bv%rYe;cWIzWunl7u`uSu6RvOx_HfACmYkMOqMzO
z?Z4gW@wXYC-|4!yGumx(sIGk9{KdTfYLoIVF?-*c@3&m(Cm$pI^Rv2>#LoV)tCRN%
z8=FRWh18UH>2Ou*3p&pC(a+ojBj5D)6f`8CjmfZ~eh<@Hv@B~%)Q1v~q=BuaQ{U8&
zfE9oT-SLSP$eVVpR@86^AK4aixGTu>W=q(EKJR<??k)GXQ;F4PtCZcgoOBc{1{WHu
zyS4c(gF@c}0h6MaJ6@nNGfGFL?hQ4l;3ea=_Nn>#>BDTfqkjJ3>SbeWm@uc@oRgK(
z9pCAI#5(-T^AHq1*K4Qb-lYxKMC$7d&XkFWi%vzuzVylbRBUPRI|cDfY{jg>{6eK#
z)!Az%OJ+S}s&#7Xo6%Q1)=KEizn?nq(cf2amTtCdEj8n2ZLr(0Rf)~et}1PM?y8Z_
zLve#GuT|oVCoT>TC`|W<XR9RJ+)FTUB~wS~qnJjB!)zDR%QHdknN^N2-T1<1yfI8j
zTozdI-fngi%<9ef@6-&HDl%j?Aph<2^c>(^2+cFH(MbFgT`~;3;tjJ8x{h_yl2!%f
zIPJ@ilq`d*`5$7!Wb@7zY4~YeU(>A`bm?`Y%EIW}R*CCIK#Va2elRz>Szo?D$6nu5
z*-rjpmcc#L=FO`u7DK*I?ijLKj8xq!gyyO|RD@J3>mrZe{vz$V=R|eowV$tcVk#rQ
zz|a3Ca39|3=j8BfsVM}#mdbSeS=2V{twcE&uh&QE&z<<U55VR?9l2j<btJC)h5!6N
zhD2Pt*#8l{G3YOJ0f9VX4E^vy8vSK71=EKnEQVVnK^;<1uu6P@R;4baDA8+|LAMAf
zc5}d}#fbeUL{JUd*OCL1l12RxZ$>#IuY=_d2<HGW>6t?(F<4`=wVf4z9M+Fv;A;qu
zzr|Pwuo`JhGyv<3HG?xZe!i~0EPdVw!C1?ngi%2Z9$P;)s>7vZ1sZ4aGMwCiO+;4c
zdN5+V>}h)i)DRHDqHsQnR?>3|Z6ojC*zbIEi{!8788I4z)1=&u8}G0^2-XW@eEq2(
z?Tu;Hv3+y+LIjKWF9aXJjJIo{>?nru3>~jU1gKhpL}b;h1!);4bh?PmC+<ySh8;?1
z00sO&s7#+|)JHG33RBiN2<okyO~ZUeyUZ_=bXR|kL7BvGN@E)P4$MXIJ8fi|hN&KA
za|AB|<xZuZdT_0naXO5TVLTKDY&mAe#0nnMg%dfDa}CG+I>N|!9z#)gM&O?K=YC|n
zze9e$YRwvb$St8sT!W^X`1oWg?=bx2%aONlJ48(AtIE(mBW`66DU6$G{>B1qq7MV^
z?Hif6TJ8}~O;mKjED|ObalqBV((EiGPi+9wl*|)4cMeb*Vhy{Io<|PPp}RHD(UC&h
za)9(yVfgCt54<(GdW0VsAB;Tzz#N<)w;?>L)w-TM7|K=UV(IfI0Ko=#=P3{tH-Ohd
zd-vCD?g%TZ9NKuKTL+Y(G`i%q0Bd136#%Rxrg9C{rDWQPCUHSd&IM>?$pf_j+)_~L
zP>KX5unIsx#$&bzmtSIb2l+$~`2I5Xq0L-Q+Tn1d15#X)yf4A7g;oo=E&=|!VKhwe
znULz2xq9^tp=}XVIcaL6w=8j|4nt0BTU&SvUx2S-C746hZ-H)MK&5p*xr}YFgY62j
z!3!mbGBAM%miBKvChF1}uvth?m;f$ubE~nEVSOq7Z-<`XU(~|T<MzeLZ-99b&>}`~
zV2>OHATt~z&+aEedXp2wKwFL%bCi*}9Jvng@v6bwi#KdhaVHaXnEqZw9~<bFYV`aI
z)7$|5CKw=0SGsWztE;QoGs}LVED4kd@INU2rUK&l=hh2SOV3A|>$uRC9GdMLUDjPf
z#Dc(VFl6BXT4x5n0c~h$cQU8Oo<XBY6|H>*WUdznp^H|C2jULZUBT||?mpZgpi|1R
zt|EYSCvc^dUO!ua+)kxK05Mp9am3BxJ+_HE5hz66!_2}GUMv9q83`r;-W4HFfXt{I
z28ghA-GYs-*Z%ndP!g;o>X`V|Krj}0DpcSl5H_mtF>38Q$&?>jW-=IRprjzy#G&|H
zvPpB@7@{%pDg@#SH;&7-rUqj@B(<4<BWi}phCJc1_^vxN_>2+r$gnqW&JYj)V<<wD
zyWG$zQKsR+HVnJ!X<Pu$A~nn{g<xX0m|(ynrrjc9YBydXf-B=}83Vnc4<KN?rjjdh
zsmV++6wqdV3sD<=36wk^35*OVOW)Q+piU3qtBY0QueR^nbr?4n>Zz)TI9i5$*MUdC
zEGsA^q$npRNNFU7VB?sw9Ter}FvMhuEdyi@V=Lm67d!x2rHe(bMVNHG#a2d%ppNc3
z_EE$SIx$qUuYjUe>KFr93{W~fARo|$`615IN<IyZ7$E=TQO{r=t9<LU>4pC^?nFrA
z(BI=c6nPq1UnDN7sthG*upnmU!*ym1MFiFOYo@8BfyY!w!?v`HlDL?e-%9>#o>xua
zz<KIwY9xNb*^mT2qqLEScq|GXX+H;dm&jZZNgzCJ@l-G7yoVUA%nQaB!Epk!)PX~&
zO$_QkwELc<gF2}nbbq7B2))u%tFgz}(y|UTFqMumkcGm5BcS8AF?(Pz{-5TNiAtY_
zqEb;gU1c7d`5W)J>k(2RFiKqu_c)Du?RkM-HUU~Hh34T*F%y~`88-L@l1%T>|9QMc
z=DF*56#ZAILsSKaF`7lFLg|ZXxPHv?dI+%Ut0d6T(S_k72}OpCAK|hPNzfS>Jt68;
z!t?HcpkU@Y&BNhkXo3~Bw5Wq2Nk-5(v-EtT8OeTyI2==>goFe~I>Qfys|xV#B=Z1s
z@$mQ8xVguTf5ICcQRY)Wt^qy>ED~9a1a1H!?{}SfZW1Z%D?aL0d4~h!LFSz(1qo1?
zN!_Q!Djr*<FLQA|8bv;Nw_6;quvG{g1B>LgiODmhvC5s&&k$q#v2hfzW)Qr|q#5#k
zo;E|S%_4n;Q#(p{0PM?z7*+&A%X@4k+y`x1%U?H5<m{GiUmo)?APe5%Sb{yUJwew%
zaT8{?KQVrszc79m>u|>Cfn5s8*{9e!#9L9!9gx0rLPDN?eo>%7_a*oGRmn>6Yc-k$
z0rskgR0G^(vH=L{0qV_h&`ZRP!2ck|D2Zruw4xPvBp#Dh!jD*7n9RI5yyo9x23bth
zk&tr&i$RD!7}0@f)P#IIXfMAFCXJ#%HB>|78EhVHPZeo1b8|Ft!mAOC2vP;G>gR!h
znlYvr<OdUM1bECg;CFFCoEbYq%pItnaE!-`nwnIBVv+{$5aZG4+j*b%04`JqaAG%*
zs2I8HA*A9l92vW!Hf+Z_V~;FW=G?hI0d6Ny1Ss%J;mSyoMqIgK8<%b_CDHG{z%<@A
z__u^3z!<>-0C=Y^KD2Of$fAVftA$Y1GHwRz)y;HWbjD-PbmSR0XiQ|KG4Y<WYv5Yi
z$!GMKnOk%JhBA^r8an=c^v-S`laBi!EWU$WA^_S-Jg>H1xifM>!pTt|ZbN?n+L-?{
z-A0K?S(Vcy39bNeVyyJUOPIWgG!2c>HUJiv#%&Y|>w`Z#48Ha&Kf3VpwGwU@JLAvS
zH3u*=D_jE}qA|%NFw{zylTLzWD~^DpTj-=Ci8ka<kRHWw_jgS8mwvKt6-!5a{;vjy
zr$KRa-?uz5{TF5tFV8Y~u**5|E^?WF&qZ2#C&wIV>9mVDN`-M4)F3PzrC;~+Gls6>
z@;MaCeohMsj%1y4;ywaeBtKa)<eowFd}%^Q{$%JlTJz)=|97PMKd<EfBsEGwIIzMh
zmQG4kR2qyY(D44a_sKXmWtliQk@CpBt3O;5LLSpt+1@PIwTrd;QX$79wR_#oV#&gO
zpJayK@jcJyQYwAzp-=u&p}XPYVdg6-W@6~8KY%XLkyO2}zUb|1fCsOL%I_$>c+mbb
zX-~O2^6%u1)^OG3bI38(aFsFM-Y73&UcxoHLB61*I98mE84!0}&`AjQ4d5l5$011B
zigI&<*;AJll6DYak|cm2XGK0K2WIY3dWE2UWzzDH0vN!e03OOLz6h5qRCD>YsVkq5
z{N>kUlKbnV&E<O44&Zgo&U~@TP#ySOc#F8%$ib2wn;Cf$sv%ot)v++)W))ZhlZGdP
zh^Mdb&6&D=kl$Y~qHr3Qy`6w5fP)(cyz2-P(*+r7!T<cj!p9Hs9zA-|y&4eALPNTw
zW5`9HG7@Oa=Vx+z@y$#4Cz}t1+I0Jzj|%7yeS%vY5ElBx`rtGD_cmdgQO|VV-!#<r
zleak=qkB*ZI0|xmQ)u{IYWnDRbnOcBeQSAJE@bJ>^4FXocb2Q>#L}IGlR3GwCI8%6
z(XGR4&v=@EVId|H->B?@n**{v%m4DTW4xC}v#8|$1L>|N7lmjS(sigeOE_V>IX0a^
za|{G4&A#K5uL+<oI_4nCiy#YPT1W&eRl-Rj0C?LX&|Q#aClJIm#qvJ1SzpYgcA{`$
zrB`_X**Wr_z>1Rh^!!{~2^?)K+Hp4##B&5#8XH@;0<KbQ^XRs?c;V5(&3F&R4Lgs&
zsXvwi>5ew@M4bEPLNVU6scJWG_HU%h!a`I$Wh80YS78jzuU^JU4-!zUIKLMXCNw@+
z1O%=iMwWwC!v%s~)g^fdhuFYTW;-oy2m!(Zd3mfNm$XRWaWdEtD}p91Aq_21qa9FA
ziGgrTsz!q72ha?(s8Aem1Yb)~>tOeQU~vHxYxm5|Ou{D=BlWt4MFOMG%-k=;D;T4Z
z%CW)#s^EODfWaog!B?@_fj*Ih<;ew%47#i0=rF<u=~|E*jOovqBN09Y2xRb=-tPI<
zkj1vv^gQaF#YKk9P!DlVEe7HHdv1qaWIiX(@%F?n{{roY*LFUXI+^{UWP|3l69;$i
z&hGM#-KUe_d8<d#Tj;%67SG(mw@G`4pnFOOlQr0AX{q+<SIQ>GsQvTbsozFy_U212
z*g=z>RXxQ6N)@o2w1q~rUl7DLHh{7F8Pt_L0Dg#*C(uPfKz^JljcJB|HV){G;OP=h
z0~D^Eaf(->G68YO3e_x>5_l=d5te;LS@;GoB{~ZL{e6H55a7|^sBFYBomW`6&Jo4p
zV<Z(H04_ylnTIYwDQc-uxzNf3sTuqCPY1xZm`1!VTBFyMyEO}_lf+gV7mzifE8zC%
z(QjxUpTvWL?aW_jK$L@RLu`+sDH7`e^xG$}rlw#I0>FG$WhF!%y?%!m5WsJbXHhM#
zG&MB^)yBl!yc-NeR<)$3zvKbXW+CK6@}-eqZ=mP#z*c~k$Y&sxL_i}w!Og9MAcf@D
zA4zv*vZ)T1gg2+&Rwx*EzqV{Wk<o_6!Y*#ZJ&0;|BGOL~t6pd4xi5Br+2M132l5Ko
zIO1BF45+@>ZFDh8fQ%X$8w*4ShuCFhIyevkb7)rF{T`zRjcc?ra%*ZlQA>WrGzgB}
zXMhlc9OVH3Xi#{VKpX(4p)uU`fPN<$WdO#$Mols|Kc8$r&x3lr2VV*Fw>8_I7w;-W
z<E9TzpqO>!LO=&38;8jb=fAqn{B~iBbp#C1OiWEV?Avf+WX$xlz;sIj^5{T!!I@}_
zBeG^9J3{otfgCMGv_N&BgB}hAk_S~-1)9n@%)8;FMJymeO{2i5BnM$U8L}{l!nr)G
z8X2$fly|$C<6|}jnHU>?g?FD85S-A-=|Gnq+9X+?EQ(gxuC7u~fe$c6lOh*5_Xp5<
zL8=0_!Vi!rE5WA0vtDxsLht_eGl$VkaqIs`e5+}c0b}E^H@JTNGulJLyC;$G#GvJJ
z%fLVxZjQJLpwnSjx=m9V%ti>zboBP-f%3od42}Vasx1})LG0SyLsNtuoV$}3U(^p7
z4DzdQxaV-9gvWym_$rk^gCi!a&H}vek&8<w7F(~U;+17rL0^nePxZnLrW46Kqy1_(
z4b3?7v5>#=g)T#_U~jl>ue6z&*~&kT99fsOQ*9Xzy4}6+K_giE^z>Z)*VcV3@Jw8N
z6?TEJTwOMmX{`glmz$EzJiNR*Vh7Ll7^6g3@C9fVq>&XjR{JEw5u*b^84sw!YLm9M
zww0CD2UOCiR$PC(;E0Y@kBK~y5@F=FEDO;6YvVBOB<_$4U}H$*9-nw~jgI~v%wzB2
z4^SMvFc9~}W4<xH(5f_qJ5lV%{}TJ3xbpllT)*WH9v(UhnAV;8NTfB94L|@zTa5XL
z1<kY1!b?kN)K_TBSHKhkAQ_T7yzy+{K1v$*BP(v9-%rDC8BV4TSewxG5ET<E7)ipu
z{DHjyTVhG#<R~e51Dz$@k+#V@L$Ci(-KI@EiD)8T^+=~_H0y|-@_qTTS0yT71L&C8
zzp=Ms6BEm*Nys>fB?i%4Z;WRlmNXznzY7ZL9=J2~gmycxbN=&lxVFO{M7jq16OKiv
zus@3v(jho<rssJV>b+h0uQYmE+5d=5>;!MuH}Y}wR%etXU!cv0PSiC+!%{SjJ`QT?
z>HT)&(t?4O)`R$XF2o2Zm3X0WlS#g<g`L#^U5$g#^-dv*U!tE<anVX&y0HCn>xNwE
zfzUj`#np}dsfD9YNlB?|ARUH;xd6{if&KMfF?uhi#SIh5ycTJxr9g3Nq2B^;o@G#(
zwOlR@%;%l-#J}=8-!4T)<PO)-K)VBi8kA@sV^_t3--*_V1d1BnhL21rhM8DdHy{tf
z+K07XiOfS7IG`TV0S68BKe63}S*}TONy#)Q2e<8v&;|fJsu+1133Om)G)#oTGZ1AB
zY=NHOkE>#Jq<{|PN8>{jad3o6Wr8viI&&2OMYCqVCgJYg)fToPTU-_KjziDzF+Hyr
z(JMlHV?7{E)J?G4aXG{rg=i&#`*sgD!mgOvYVY1}aP?by5(pRwcex1L9|vV2wMEHT
zn9(Pabfcr}xvAKv9cV6*e@BodV7#H;pI;m0jyrzBx_P@*HBos1G1nVL<(V@XXrdBN
zQ+NX`-hJZY?7SaNhUkr;!SzB!j`!K;ves5V&=#NI&p!S??VX8R&iUK-v(Hc(gveB~
zv`j;brKpJPOJf_dO^alU7F#M6qeQlm6p0LCj3rBoB+6AOGWJM|O4dq^7M1STX=Z-E
z-*Y_oeg6Z`({ao(!*pHO_xgT6pU-)o@AG}W-%Rsy!uoU2xCeA;*RCCZ7l_RfsiPCe
zzX-nAHMayyV~|<a8g~ZPs2j##u$n7<%E53^vk(cU31NoOwg;_ps=XM6_)t+%z#1zA
zRCz(HWrt!(8iG3<tlM5zR#9N)rfvnv8?Kt^*d`Ek5uH$w(P*xjVWYW~`dB=Lkz)HW
zJdKv8*bpMCCQ@VVez#h(d#ZY|Zkaa&84Q?qW;|yhgEQinO*C-UkMV2zj2P7h;sNC<
zi!%B7bIUm^6j!c({`3}Pu_JaUT$zA-!nO|c1@52BbfXB%inlW$VG6fL#NQAYBYCf5
zxYw&>&rC$`2A!@jthBXQHvfhD)$(62+k%Q9)TWrT;_3{0=UbibjdX|6jjYqd+N)Si
zFwU3=j*n%$MYa=nkd@xk%IdS$<096T;rzsK*0=|A98?^~rygw!;@DGLTRYRI2L=~}
zIXtMNv@p2niP1A_qcYbsyRm4<R<(tUg=Bbo6B1Ec8h`p3(<B)To19O?C?du%ADW0M
zM$|n@7hkw|QG$KW{4)gid_>j49`nI_OT1b1Jk9gpzAY>afZcq0)n~@$J)igeMT<U!
z!h3db$3DlAbR)vZ_1l$=3~YpF9ROhY;Ug1VZmbQ%_ba$jS-6%FtR0sx-~N}iTe^Fa
zUP_N&Tcbd82#*QzjuSzaGF`6)$_KA9#8dfn=^4wiH)`?VK_6(odlV!$6Xi1b$Z0X{
z3GjAZv?tiwmXaVLEKtE%LFttSFt`usE!jIcjYN-PK<6NfT{tm?mR2Xeuu2bU6bD6@
zZk$4ijFg(U-yaz1lz?`sF?ZDP%vD*zNrO3s5HQjbm(+8K^AkKumZjx=ALCT~+GEW-
zmnBPXnPyvT#6QXR)1T37TQAM}vtGfG7H@numrb*c($$Gx^o_du=BrmNNqd~p_z~;E
zto?)gKd$R@@BaP8`AL>}d3lOGiJFhtKeeFw@@;@5TeAp=z8yPvz6tj}2mLt4H;&+(
zG<>0>8;b>SqNLuEw;*vQVd|MZ%78z7OdW4itp6iYTzPAYR3sbw+g_RMz?4xsyDrAf
z!!5i_$aL<k3V*}|ocfTJ2#toN-oL+_vIB@Nm6GIqpLgYt2--y!Q*hN=KpzALhI^M*
z<Ttl`oQ8Yw?f9=kE#`fGf6y1*X-MGqG$ep00vW)WmgM8LJTEbWg;!gVqPiGENOI1W
zCcD2S5!M|zaNr#8Y*gTs5&06!nPx3o7su~#u-+2nYjmhhTXZf16B5iB9MVR@9sRFZ
zP8l&4Vf}et?Mk>CHhsR1ZqsP1-otA2Q@kvfS=rQ_*znQD`6w4T5^*pR>S)3Niga$(
z@9YYi0%vp1lF<Hq<;qYA)+|9$t;zgGeCXNtn^=Dgy(;_?d>1if;UbQph<ao(|4n_N
zLdBMbwGcR(IOuVDA275W#1gXMeK0!uDeMz#C0JDA#KQ01g#NMQ6WZr>ojFtevjXXk
zi-nSh<r!`+r^?@X5lW5U;el?I{dNtF2CGl6dT}go<4Op~=_dN_lkp0qVWCX#K^_ci
zIo~W1W!kN>dN_(u3rQhWJZ}+T^uU)Z3F%?pkxYYIkiw^J{>#yh-@6AUNR*0nv9z%%
zZX$|`C>^p#w~2tbPU#LAGGtEnY!Yn}B&Wp3#i@6v$=-Uo+t$i~qY>Am7fC4-VG&IP
zk6cTIDQO{%8y5ga#e3>MiKslrj*P|2jYBJKdG2S1J_^dqcLW8s0Y!9XI7Z=$7=(ED
zQ5hA!ew{(VVTSg|_K)HTK%<DkGUsmF<J<~IkY<SwPWc?I6r*sGi4Gk*ZrHoGD~DM|
zRYS=K(}rAH1R3&do?jkF$CA9SXQoTxdiQ)Xk@19CF_5HPHn@5$++lm-5MI^HWO|Y-
z?e4SuDb`f9F~x)u2wdFkmIJxuyVgJ&>@KT=`#=ot!o3t*dbYLr&@eTsOB9(<zYeQ&
z+^_~jl`_mWnlC2afhaD>`;qs;{vIsJZ^-=>NNdUYPTgEbnM>wh%HvA>pwOVW-Hc&T
zb=mVwTC|K$x8hq6b##78If;$@*LZ2M?6~OXg9lypENzeKVKjFr{>l}}CyE9p<(D_R
z8KF}-fUKkR;^X;6#26QxMEQkIT3RbYoINr%a`*355-~>3L}_(p`hLi(d!^D=N2~H|
z&57JQZyh`|T61JjhZL2Rj6zc|>SS!`s)LNp+2dAQTVG#PRyLWf)TVt8Bh96or-8}e
zB*bD`6-{m+%9NCrfCGUnSlAc0+#lrbE(jj4*H>4UYse;R6w_PWucDb8wyTyBPh4x5
zyqD5`PB$_&Cz`~_;~FEX!`ywd;Us6G`4HDgwCgr(y#>RUUATPnM*v`fWD4NE2~<;2
zrAEL3*fzXE8qE(gcw)#))^a$uMx~1x>nj2TxtWt={<sQCrZ!3G5uP)BuuY&0vhL|r
zc=(oc-bs-yx@i;oUrm*Any#$p0oC3l7-;>7pDT+#1T97qubWv}A&3E1p$2iDo-Rs5
zB<5XbC9X9FFT7<E8(SDTY0@MSV8kNIo>WV@huKb!h=P)moAgp|P)=4QF2@+=JeHLe
zWmn3ZFNn}=DXv~jJce-Ec0zKn=mTq|jXgX~hI5-&uxPCAju;UZ7KRFBZf*TA<n0g&
z6|YVj*26i5Bz>k$H+<naZnVCb;fj!Gtm7zjO&l$%xep~lTI-XkhPeZ=eB1e06gV}O
zQ7{`bQiM=%G0FA7q$Ii%P*W=^D&kl8enB&+)V@+y9&kENe^Wl`0T-wWoEbw@W>t6V
zR8qIC9_ITkkQ(t&l?|dqR=<#u7KQm<I>WD!jHN?F#Hb|y-L-RPGP#7<DYBlDQ&W3q
zyVi(mTP>}-2s3xb(^d6D@`~(p{^0_co3nsanRR<+ab_eIwlo=_-V9m!_R%&XpqP4U
zdyaKR@1_~njfL{O6^hpBb4%iA<4pf;dN7sjwCEA7h^7iCp`xBAX*|ib*JNu)`|x4$
zydg=FF-x&XYpZ!T%syq4@i=6iko>W{G+)*DznIv;tGk4es+W^Q1Cn(im8ZlCvpWUr
z>vkd~Nv<)5m`*yiC3YIw_j`{Xj&pa`?F_nVTe5P#>b_@2;+{?d-i9a<%?W5Y>#X);
z8-wEY2RCGyIiSH8+Hc-dvtdi9SI`+;5oQ8nlTC^%nJ^`HA$*k>5+0li$s*E8`_;v~
z)#4WWt$SrIuPAzqWuGG>;*29Y=cJ*w2nqu@)jpZ=yj{-qL}W;UFPYE2350>17e#L1
zsZ*}o{VaHz)N0EkTl6ANln6$+#dUNf@}{Wuh$DlE^DUV?Mo9PQ+-!2N_Gq!TO;`57
zK`foO58z~`Jnn`2IR(Of*d0oU4n!1r%{cx;GxXOer9`pxKTwO8wRwbgdmf6y1dq*}
zc=ukqwoykoU~;OP*k9~%12C@`cAZ@u3Lv|Pnj-2u->amv_W3zgWC6U!DQsy4>;{c&
z`s5<ID;Cv^A;oiCqEl1AR!*32+Mz?n9E5|7NZ-hx?B?&-y48u>B+Ce>?E{O?Wx^8q
z6O4}YsQXX{$$7@1<8`N1TU5M~iE~&&$dL%g6hCE^1$_spemf+U5*0z$HYVlI<n-aq
z!R<Pvzbjc=ZZU%lyO0_|MoWFr9vuGiRybk8iSp3=^xd+zZ!@uLljXp~W-$pv1G*ly
zpFTM{I9%tsRQ|rhVRk6P)lB0>eQ&n+#wj2n#lx8drYu6HgmvDxZhJkOOiCI`%2p<0
z7X1&nj39P^6e9g8lUdz#8rkn9m*3BC*Tpb7EiH%xym^G*E1KQGp`mK@H<Q^ewLAp&
zt^|M1p_gWtPF!bhHN^M{nIdkOdL)|&8>4%Jy4fsifZY)HV*!^gtqE)C4fD!aG11mG
z4Rv9Pr~1!^W!pWU=jLJ$>4;wk*0>9wtzqt6d_SQKNgbg)@)@By$xl`9j@qsm>#0*a
zlJE>z{}Yn7G)0@7HEwvX$Sas1s43E(F^m9PFt{!P#3VT{UcL--ZQ5`r$l{&vo4l%Z
zcXI=+i6C|t7Iomk=^`5n@F6#{$nkrx=P@Ky5g1}}$d(G=vi8FZN%>d4c@RvD`T(xh
zt!CBAl@kBMBO(M81tt>UkVW5$Sk(gTMjVJJ$@edP-tJf3--2FnW4`+O>q1WIBJ|zt
znMen<G|IFB?a93OA-SpXkBc0;R53T%(44nfA9n<?T77(cj0O+ZH8+pIe2ykWCYgcc
z5qv#G#u$?1Y@S1<MG%`${o0_GOSt7VmNk)gWCYg-O$#)4D>2nmDt_Xf0@QoUtg9_}
zP>7|S$52IuO#;b6PTZ(5V_FovejRai`%d!<ua=u1IA1sr92Xt01eW^gk6k+KN`&sR
zljg+t$0tsnd<<$2;7I@&vs**$hh<go(B0iYB4SLMCOX<I;1uox>50jmm@rXG27t6B
zM?h78)I+01uN19vQ6z=gNsv!}a^*GfHyOq>R9bn|UlUO7v{_RVyC(l9<#uPEd;1xS
zmUU-?>Gs4j@q*oo#DtUTh5CnS$*7QJr0V{FOl^qg&)r`rkDU8K+dcoe-|<GOO=_ZZ
zC<_+390NX8;?&;6CJ`A^(R3CkPw-FYcda5H$6a}z;2Ffi0n^aXHjN{2>d{DWWDuKt
zDaCB|&9guJG~Zn_nF7wK;ZxqyU3;%&e`^vmV-{MifR@LI6C(J^e&iYMaWP+$<`by7
zH}G|Ene(FT{#XB;8kav$wbFaI`?1XyD&s@-tjCW1imcy}cSl{0^E&)g*V@L)o`Db3
z)}R8uWQhUCs#5La%ATs;2QSwoY7V&MKw;`+m<DP9EonRZ9JAtIT=Nslrd`A8olYP5
z+ml&Q8#lHP_-yE!ewn_*V$Ax)c+VU$;)d^;kq%WhAAeZ6di9`%`x)iqJa8uCWr4iB
z5(46jK6pBc86no=fq~9_Og6=s*LdMwY|X~8)#PbWPU5H`fLu`$*n#Q*^Em7IerHP*
zXYWM=<&fOz7#r`x=&>|s(jWwF*`5U$%S*JPc>${{L38)Pb<dxl{hZM<M%7aV<n%r~
z%Z&8&WJ=P^w}JWPk{>`gb7Te40x?LdOJ!k<0g#h&q8ozez%YG5FVbQjV#@j%%p+2g
zw6a`ts<4Ty0sp4@16KdQp=nI<*mGL47nlWh0r~g&^g2c)ZxJQD6`#K`ZyL!Bh*=3)
z7logC(9qHtEAv*nrVg-Jl<Q(&n?-8vywz02vL!gK69`}?p$j69reyzAv4qi*gxdw&
zz1$>U4Th+dV0s|^Wks&1LrKaig@L4E-;h$AzuB}?$Bt`@whfN=sWTyPfVUgbgGCdk
zad=9s$9~g$$v^x!-}UODzS%P)^>u8AAjD>9Y{w#e1s=u;njYJA?Q(h#V$v>}_Egfz
zB%9dZQjhE_`n+kNR^_3DZMns(&fLoOeKX&7&gA0YH_>Y^L3Th^U9<LZ%#kB!7i4r~
z``+ZXO0T4j$hhrfhms4|qNkv6_cPgC_ZrJpZ`A1CHaFR8b`5<0bXC6E1xTchuCBM~
zJW`Z8g#{`{*nUA+VZ``n6%HnnT}Pao)A0{VAwxU&bme7!h~E_b@@HVoi#4{PD_&VU
zhX3S1GOutAjOv+i>hkwGI<5Nm>9dLT(xTX`tI-0hx_9?uRHZQyr+bOTFR@fno*Ak?
zl8aHQocr_jjEt|zNs4llS&c@m=LdS*OrNd>@?rPcZq_UmqQ<jp=o$;YfGB+^d_U}F
zor_}EsGb?%;~IahSnc<#;G#<J@~-ZO>T{QHLhGz@hL-+i%>iYmZmU--9y|yYNqD+9
zh6lTiwB0}@z}>wCTp@D%Bw32+1zxVEMt@eD`m|Q5a<G0mVjVkAVOB+NMs^2laKja|
z1PR+{iV+urNQGW-x}G|at6|zbw=pQPXFp{AG<RAK8rXZnVArP$EEGn5j_cQ}Zr*Hh
zTUj+oYk-yqttZ+Hc4+I#N&^DJ*3|5AV>>6SVyVa0^iQs&uMWuG8C3M_g$q81>O*@@
zeu55*@fdM4ATo^vx!V>yVoD909>vH~uJ3PP*S)^ll}WEp!=0te_4d*C#P5-gjylJV
z9h)_KHZI<wMZJ$uClt~TX>Ou>;2Og2sKwJm)6gwRqVokUD-DisZD`#TsiG*U=*x5=
zWYBaw;9SoN2sd-r;lY4DK6!Gxn%xCjxrfU5yiZ-FVVV?$fU%x{lH?Vm;rB^yN0HfM
z*!oCz*m<-$MRy$-L97t|hNTq;$B{o$%747(!Pyb@BM4JpjJcsBodcf-xd_?1wVll5
zd<^GU-$VB*m>S>*?3A^udj5e6y){S@Se62aMmS8|WP|C)-SWNEn$bOJMY@>A`mZHy
z2m%d82{H5_<pAEPH_)ZbMn6O9Xp}s~)d56ClSW*W*UN678>(#O-v|hbS2MXVuc`uv
zaays$7R7NY$YL`4)<%zpVPs9aV=A!Mk_X2F=)3`#T9QNA{c^JA<PNoYs@-e4g?>LL
zjQRn^?D2@~cp+;bpfOsS8X!so`@OjjXw74P66dPHGnV$IVvnBZ)767hw1)XLe(Xwn
z;wG(G67*f+;c}+?XF1rT0W1AP7Nl<4rg?4mMRzTMmW^yucM6ePaUL(P8viN>r6kpY
z*^rm87`k`8kuZ4BM?wWmR!+zYQc&LaTh8Z=)Vtj5g!1xc9d^ZJ05VIBh9y`j$kXq0
zF10r`H7#1#y3To4=OF_IgmP!6QcS}8b6d6QDCJ>Jb^j1*pA1)ZG?q>6la+p(e&Pl=
zctBQN@51Y4(?l3*oBIfXlE`CnE-dcEKC{a^bKLvzIz6a3JAt7qfuE*g;mwJ*$MxKu
z`q)dC(o#}3!tF%tISbZu$jQ&hE%kc#SqiZ|&9AI{eS@A5u62Fsu1IqL)|@cFz{b_h
zJr)E+x~y;6s#RfeaVjsKb#6hh`=&)3xpWdjryft4gW=tr#CVdeB(4KyvA+d?`%rl+
zl<J2y)v2<^(>Mqzfu&3U2hy8)x(6D^q}})Eq(3_IQ#QK_Cx*lkZf+IVI=&nK2l(*-
z0T(DmwO++TD+hNHIE?lCy4P<9#uom`N-_m~0@mOFil*`4^YP(Kh50fM$At^SzE3tb
zHFZMLNZglcH3G_tZ!jH1DI{v%-*grfVJgNXg3OT8axC?v2m^8jE*?c1f{f}QtBYmS
zzKCTS+MWBEk_XxUJ_s#MfPG+OZ0rCaM!a%^q)Cww1b#x}S`qx)ym|8g2ANj$wCnOy
z6=L*kUc11dEox5vwUnQq`fs`<a*;H3UOhO`N!&@q7(-XrluDh2yr(qo${zh`fjEV$
zm-?=Id+L&;4s1oUp+hOEZj+6V1DdB@b!*kC+Z$dM7FzR1-2J|y!W4qO1nivByzoEl
z$=v2%UKz|z6t58a?Ms(ks!?#p9m|R|-%Wqvn@*il;N|}e+AhSu$K}nu)_r{S$3_s4
zlANtpx;qS3=O%iYvU0E@IGKD)E#WbXTnwwp5uGU1q!$G4YH`=i#UB6x5!Xye-C58#
zDDm4;h#%!2yU|+R)f7JIDaC`70j~n+O>y=pZrs=aW#x(4nDULeG1{h+)lC+BMN@47
zIf_M9mMP{FmYEILM$L;2X|8$vDk!lMwCK4zZ*~diFfm&7MmowaKFz&3>!sY~Fxln0
zYcE(Kzm~<60GLcMO=daqi4x5sz8e^G^ymkGqR($jb?Rn58MasTx3dSOco1j`*uI#(
z4}S3j8Mt8MI2?o>Nh690DMg49P`H08`RVe?uQ~JB!~#uIUf!;Wt$d|con4Zmx23eV
zZPMZD1fS5-szdJi*IZeF0ImTb3_NYzf3@iZm@RH3lQ<h2YkbGnpegF`qdSM(4vL+F
zoVw<21xlow(%<GD2KoE@8yYhxGlY(EG1!SAUMu;28!c}=aR<a^oBjdD>13;$aqUJ!
zf{*&9MxW6k>eqSuS`I1N!F?<(4<Mi>o<;Wd_Hl*Tw}RAEcD(Vdvr+Nt_Z5W_jqF&&
z-sr#CkT?JaX!8o{ar0-Np^HPb*oTPNX6Yc&L!OFxk5p&k7J_#XZI~T}6K&eY&?x-?
zb7=~PqBK!Bm&Z<;)W^VJ3m0;Zb}I<<;&*kTpUKq)?AbFTDPIs2=y|j0ukoZja?>h)
zKXRz=%B~%D>1J<K_%;oq7KQ!t3Ni@@e*sc<hp_~aHWdJmle6=vO>H}Ct{FH=GlF-a
zV|E>wK=?mk6EVbB7VZ7`4Gg2ZZnHc%apFXbEX--Us$Qr~xz=H*!OKuxYl1ye_q{DF
zBH3teMG6(@Ig{v(VFhzL?pkHfU-riIi&m!~VE24UHz_7)>MAla^t1D(P&D4WemwxF
z?><UNMMw6tB#%(~E*Y-VlrKAgDVSswoX)A-Mj-nbzb<JI|09z7`ISFOqO?7@G2_@o
zf_T?TMoU(WPfjTmZ*ff#><BWU;NvNSP-Fe7T{|H~aEzYgkwGd-1yK|pk{#cU?hsI!
zKZow_(9oZ8a02Sg35<H~N@n3h|CVxGVvjUhdHZdaqdh8NG)nf(ZDyigM_b#U9<9T|
zg$iOqgq80QqUGQ_nGc~MITd)-m?OU)L1Ma_MBjAvyIGSX&92i`pgQhLjZ@53!~hXA
z{W+$OPUZBq;qm49g8-fpcgq&8mvE!b4C6cDgEDjL&at~Vp$9O~mC64&H)*8!iGVl0
z&N;8U>dk}e`T1J@OvG%HZWdV$=Wkn!)rq`)i?o293F>HZe#34}#aN5*-F;@-ZHc^J
zsi;6m5Zqas`YbeS$_9uag3OS%d6MHX8;}my$|bVs&fV`kz!I0`oZG}piEL7<!w&0s
z(6_o9vEUd7V2IYRC_GDtH5I4z9+eI>oK8F>b?!eFd$7DbO&$$^)EJTkPm9rY-(=jL
zw)ck%XV2O*pQfy3)ex|qGftBNrGR4!Xb8wEfRZ!HCb+?mjVJF8=j^-3UQrw+Kt6|Q
zi$F}&e(beV;Ck$wD3HK_OaK&^gUKetJVB?JR*ef85B5Qz<(sx`Q`wo2Y(sguC^z1i
z#t2xG(c*i(Irhc?@L|CtjVCTA5}?9<VOZl#dkz!M?i7-I=`TYr5XUb%h}0A5u}J_q
zf0jMhfSf>;C6G7E7JMfbb+Au0<+hX~uX7VjVJ1uj1>*}=GOo5@XeohoDi{<R$m3XV
zvFFeK%ClScEN&a!z@j&AX6vncNM`@F=Ag3rOUxw{!ipmK6$TmXNX5+{n=QWyOM|{b
z6lJNwV{_L7k&(cLZTQ<$#?j%sH*ER#yXnVeM``M{A0U7OfZ!1T2U5@|AQU{366Ti1
zYk*CY%N=I60hCZu;-a?apkMU6)==4w+k?3G`6Ukx1leET@L>!#P}`ho1^&V#x(|j<
zgv?}5QA`wr{~jf3$lG(=nLv=JZ!{~`pF-A3THcVHrmv-A?)9eQmZs?(8Xj{S#}+T{
z+NBG<*aY_xxdb7rhKiBEh?`)=Q1%0Hv_NK=#zP9VP^Hh3p@ODYQ-QgmST4*sjH;N9
zqk*`AJ-T2{c*e75`|0Bp)%=71&iAE#h=b@Z0a0t!?xd#vOk4pn4#;Zx>%oIsj0q+@
z`Uo&5hkijp!7}S2>Z8dV@529aTe-3~)i_Nz5yfMWV?m@}ahd02Tid~>7ii&61&ac;
zvqbCwdRY0)g3+`~hq)_7_^WU9-w11k@4+o^sZI9I>4kgh2nu{LjiOc@NOmG#MWF76
z85g`ePk&c?$o-HthC%8Bm#FPb*g1+VD?pubbUbwpn`;xzWr`iUUrazVUj7FFti)W~
zeq<Sqy{nf=gS04#j?lRemZ;_jZ{BRreWV$^f$h(nNNeU*eDW`EE#6z%(_`@WY2WFz
z;;?MaNEWOkKz!*mQjeOz)1{I;@#Cp|?#5y4BP{JMT4Y}Fo)z5l_!WAlzHk44a0#Eo
z&aPW&!E4mt+y~y~yUfiz%YJ6fQ+bB7r93~rnZctHa%G$^nv>@4FItKUcbvbmzJ4$#
zx3p1Ec@M~%vC7iI0<-yE^o!Fx2N@ej<4_02rJmhreL6tsTMnyB?|fTbo^K1(<Da$Q
z38kq}Y@o_GQtFcGwTMV*>RJ9orER~}K0D1SmQ#!xuXlar?nOr1qh?!3NK1)|w;rWr
z?o>+jJ~}JK;6h-L$2!{-bB+0?g9oQEh!^|oW($+?dRxW@fMW@A;1Br`mB~~rGeqn?
zHt2x$+_||eCLM9DFxq;rO{-SMz(zE91+NO(t%3nzX}ljK$TL@~yR)H>!t{{cLclCu
z7gBgJ@p66smG=jgRn~?tWnJh@4HtBggjT~T4N{LB{?f92dO@G8l;^6E9-<N8*JriQ
zT{EM>RIYbC>r+y9s7{dUH289zoY%&!*CECjO`@*Y6KM+$Kewf%)U*tYA18RUy~lF9
z3G^@AP>7azoEc>9o|~?`NT3$F{LTI^)FF7&rcq%|EP$`uwd=*!fcOPM(MQUsqiGIg
zJ+L<6hYDm+)aeb0Ij!ccaDYked{bu*7t&dUF<3|HEUxSN?b|B;RMb1e!WM>nOLOCA
z_6=Q=b;TcV+4fkw;@u**H8<QrXotT{^xT=#%ahd;Y3ANMIo$C1g~hu+sHZdp2i8`U
zIXntHb8+nM&1!x3jhtfB)`o1k7Vf2z96fwn5}j`}H7EP{SP&|Nc1zt&>)F{yr%{hj
zYfD`Typh7OW$yRcLUz`<Z1Tk%a&=lwf~*6}HG}ol3?M?m=}aqPQJ535k2j!>>dm`6
zfS|nqBBQd#pb!`(!U1DtoBPxn(d;O|a8UZqFp;(3DWEWHzNV}PsYSMl-(ePS`u!Uf
z{x#HahY6rm$T$V-^J<|w>@=TS#|$Yn)s2X(+B;Uhs=raJ+dgsd>H)Lj-Fiw_n>bEy
zyfxEs(#TH!Kadi2J`VkPF=-SEHpzek<v$Jf`>2JILeD}sO1jumO>WvWg|ZjA@cS|A
z!9pr0SgMUWGCV#ZA=WvwixRV(|67?`d~K>Oqid2Fj~?Bc9IS{9s2Js>%phefkfoJM
zbw$M?0CPbEsZzrEJNnq?dN3#6LU4|vZ`8rzVDWDOYX+d|O)<^62D%?W-OAC%1Bhkz
zjV0O5VyzK4T*J)2cRmIx-6-@OBcFXbbt%u0#w^3*1@GR4T)H$E--o^+JSq6ck^B1{
zonIH+qI}!8DuP#%eaiPIq`DwA4MNhz|F5z<rCt9-C1{2ELU<wxO-)U$AP$IWJZJR(
zSi4r**tFf~*sYbti5o1rX0Iq=t-E|zxkK$@wzGr9!T+w1N_o<*9E^ynLFy>0m-}x0
zI#qqx-lpkOEOfmpJM+RRL$&m~Z+TIA?(Bj4{APrag9wt7uFxPH&VZ=9`yNOJLN5a)
z)byNGGR0uo!A!s3jvv_Zr7}68xkYEHHXL4c%XI^|jZ%VuwaGn`(t}QSa7f5>lPPRV
z8>Nb>s+9cvgG75{q$ZgK(VOv`8ZaF`aC;Fn*N@QCnYy`iZI3N5muZ9i5*8MC;>2R>
zuKg?F?cejy%3e5S%B*L0lnI1idk)q=-#irVveNi4!*N6}K$7)Y14G9g)r&LLOLUzS
zHGfp>sS^jrIZRV~)=lkB-2al|s=4#4-JV8_b@-t7%r0Q>qNPhGz_+KqC2x&8w6&|3
zJtRe?QE#edg+IfH?xVoj)bTp>;mE$oO!R;J{Yla3eHJ4|#U8LOT)wn&rNI{0N$)4N
z-GBJWokJCI11XVMlJQ=z!=L9VDXDZHXJb9RsxLDQX=KJc(P3pvGOiuci@V5wi;F8H
zGmHyw7oFao-pkdcl~r-h*|FEfWa;jxtrnqp6Da)v%A7WL_lBz87le8t<OuqACl|b!
z#@m>#HF>(vV%`?VIn##jzHv-$NrUTcg(8rO;Jb)gHT^BFx83>$dUo>4)pQ<eO2zu_
z$p*u_TnpzD5{rH4)KF;LxOeZIcK(RsB%Z+L9XoU>6Ir(QE-q={i%sz-XV^cubHqsR
z&3okskB+$Mz4`K$Hy+NrGu(Aj+n~dFkCflPqfTGqQu(A|&imh!XL<!@_1l9|c_H<2
zt9cjFTX-|O2|FYC>C;c{Gmj3J=QVZuvu?*vjVt8e`<_Oq^&NHbK)};|YW+rC{PH*}
z^`7PQ8mHG?sLl`|-MLwlCK@yuaLj^dinSq|&M)_&*O3Qziru~TJ>|_ZimC=&9C*>x
zYi`uB)vcE-t*o_}B-g6B*YD&3%X_e>|M^k-zEzT*aLxbvQJY7o`{xg1lk}tY2%UfZ
z)E)bemlf~t_>UzmRG1b2|3z|-DpTz)E&mpFTOpGXO~)hqC)I8sONPkV?)bu1E5M{D
zLV|#Qo;I(uOr8Aw<JFuYdcpijZW`lHR*sckZfK~DhldHN$&M>Sl+-eTG}q?t`Q~3Q
z`Gx_Y2I^X<Qcb^lB-OrXC-imQgFYLA#}&Tw-WwJ+npz5+*e`cRv*dT~Us44*mTaQh
zON^pAdP%8GS8P8C(_I>_aQHc#qRDPozI)Qap9mKQ^nC!r>5Esd#*&Hfy`o`Q!n)W<
zEfDLHttos<ig~6s7ShoXjxb1Z6_vaF;>F`g9nW66q)XLH0Fup0M`Jwbndk3Ld@;TV
zMSsVxUDN2-jzpaq(7Ba~_vr0Zo+MB(-i7K4Qgf8^lV0}q@X$mGGTy3~20Q7mQ21fk
zZ6vTLQB-mFH_%2Cjy=qBnx7f5lkvEAjyqBc3_S~5XvX=(iJ6XM5BLg<*8F&A*!f7c
zI~T<C^vjQ$IU&^<)*%DbJIG#WD~uq?0czqdLn`W~eZHoUZdgE8YPV$E%f?NZAlSZF
zQW|s{f08n4I2tw*SjDhx$)n%L(Q-BO{WO5OKl@`XrO`R)Sq4A;K9(Yv5?~>78}y_H
zX0GRuFCsUTb}2-GvlO&c56Z)Vfuu&~3?m4Otu(Y21y|P0jO1QWN(e#{*EyfKo+{sO
zZ2>+&E#d(_uw$AvXU=)F$kBiaFE{!8^~WF7{$4-3{BDwIDJ{Y@m~RJfEh}EgDGf9n
zS)Jc>?K)=s__mxXLUW|+ud#a@g?eU{rC<~w<IRVIU&G2hO1ncUB7)LiY1rJ;X^**g
z+!P0A=T`neskB84I604yizynTe5>skSJ}!lqXpuO@d8co_Eeq-ERSGOP)r_zRi#9N
zDMTe&zfy!NaUnDfTBxe-XmfcxOGWIl!2$MD77;WRl3Id6%UIW=N7Vthynp!jX=HI-
z+ElCv@khS0ru-#|l<@hu;x7);iHVEy63yizc^95?m8>c#tt=0@#Rzr_mht+vwEKxc
z3&5=Z?xex{2#0yy`01md_+ak{#>|!$7hjrEm31)X;*uF;g<q+v3Xh8%$@#=mp1V1`
z8+ZkWsUd`DN<FO<5qv|yEAD0o4UMhj>_j>pus_l|Y_=v)!gI>|L_JPHxUKeLPks6x
z<CFlNC;+uNI<ifK&<5ONj=MVeY_kIX+pbzN#r8i9N-U+Jq7?GAK;OCXexpYRy2pEv
z#Zj<o^BK5daS1jsHme2(6#?KtiEoQnn4)D2j|meOdvaWIHobpGf`s#D&lZq&Qa-hg
zwD7uT7L-TkBVBc%7ujF_5QAknMfwxqtx9X@ke$zZ?y_*<Xbu2I#(E7J6viW9yz7?V
z=PIotEBFvn+zaqeJ<#3z!}A?vu3VH8gkDLQNIe5-5OzTN$H|w|A)b~ewZ>sk5OOE-
z`;jb3-ereRVW{+WsJv($iX{~VaTnk_imS$?wC<0r1~ueg^J_9}cS8Nma%bn8e2H4T
z&BYd&Wx#0K7I-|vHkcZ$mD=a8pW?5j9v;89-)%6U?WaziGLAr9C4-be)xL*gyNIhf
ze3tO7l%CKgC1EJ0j#v1SC(7pU(xnSTcTXy~FU`!$;C-eboA{`N7gfX6g2p2pEs#0(
zt47WD1a#J&v_{}za`vX<h!X?`MuFGU*!V+Im2Q`x1s8O1u%;5GRGt#%aHnntRihG<
zE&VwxTpDUffSX6097Ipy54u_mA=v;0igh?2C7c`S$1?uvl*84LtcP(zb<)sSYFJKv
zr1ss9%JkQREUFr&ss0nCcInQd7Li`d{=qw-k9lw&lIW*U`^h{D{3ljY(Pwb%$YFk(
zR3CIv!%hY1$jGLc%~P=UfsRXoyoXjy-lcv}D2>~DC869r1g{De;+Y(~5M}nGL&HF;
z@^HYR<FhXsKq+K5Z6ZwBJ35Yl9~m+(t^W4GS|jC@!!_@6#4b+X?p$xqe6dRxJP@W+
zn|}8p#W52A>X*TXZemw~8J9xsDiC@XOH0^#6l4zc42hGmadF4s&-5^J^QXhdO-zI4
z>S=fl6we3trVsPN90hKCYXI5Bd5Lwsw91s<{A*KGrq<)9Fp_dfpZZk^3F|hHe}AQ<
zl&&Awp)_bkUKXV#P-txIrO4=@7te!D@dtro8BCX%h+0C@0P**O*26zQ&sgk#gdcf!
z)q5}y|KNUynimuo+i)t&L=8ZO()3faAJ#r?d}-^W&XdJscMIXJmA~|^ab%ZiUOLo(
zHV<3uT?~RuALF>)`M#75Qql?7({<6}2gf^rxh!NTjX|MiOv|mSeizKH2R7<K$CPN<
z=W*rI2gj{B0%&YXwM!@Pew^zZI#5+^T??Ca&NTXSBX$RW|0JmXJH~X_<umOck7~A2
z<)nWnJRLFy_feC9xi3Gx^F#j?nEs!8(WRy~vwsiM9KTs*f~aSV8#USH^a%S6{{<b;
BC&K^$

literal 144554
zcmeFZcR1Gl|37>x71FR$h$6CQG^{ckWMq{UqJbjWvm&dK?1mK;iByE_SrSnqdxc~c
zvb!Iz>+`w3_kAD7eILi~|KIQY<2tVD9Pjh>e!ZU0$9kT@+Q-#5(6P}`D3lFH4y))=
zC~KH06zYDOwfGy#+QMc0m&!?3U5S!e&+&so*+Ds?a!AkZ!Dy$uiRS#@b(4mRk6*Lh
z(mi)ax-wGf1lzIm+UMSh(@V`dpA+9&*Q&%9v9($<`XzffukFbXJFMB(hUYv@QT^fK
z<2(I!sQtNdCnImxP=Dhi&xs+Y`uPV=6GQP@6AGbschIZ~`kx1LqDk|b9o+wYB>!2r
zIz;8)M~e7b=HP#ydDw!UpON9ekMQ!X+PnUJ5qE$@;^BW^qe5qOF#O-w1Tk0pasT@o
z27#MYs{ivE-L3!IeNfSw&bO|CckePrMn;Oej(4PsZfx`%dKb>4t*filS>XJvfIqeA
z%NORK3uz~wq!;X?E^TPg^3vkizWrIjKCG`a<A0V+Z;V6UgPGDZGIFYlcPCafIhovz
zWVW)_R-@5y-LDP4f0qrLtDb+|B5D$p?=;jGrnvHSBsp?;Y5sSttgGl?{lidM*YUzv
z{h6n7jxKTJoNMfRxc!gvmC;rSO6gF7uW0cWcJ^lu@_VJEo~0+3>`nJH6*K9sU6`7h
zN*n3JF7VdYdsaZfHR*YuIeXTs`sOwYW!<`U^z1SjA;)%g7ke+hIP;#7;`itg51Wjg
zQ5A1;?exHVCX*7M?G#V`Vv&hsrn_<7Bf(@xq&wQ#*-bX8b4A5wK6><f<FVg9?vp)-
z^jQz>oH({W%`&Bk$vD^U<OoMdeSN+5i4zg`Z7eN+8Ppn_D7@tS)ZqCk2L}g!i6ZBp
zUngGd!8KKqJ=eTX>TJD#OpIYv^dbG3<-#gHK0X6y2IgPIkr9Gw2YfAid+UGs`}>!+
zw$7O{r>Uf;r@wpuKCMYouX52KP*_;lVQ#WFU34vW@3LZj681M&VMm8a#;F{-+1c4o
zpFdyE%oJ_QwGXWdW$kZ%X2^RnCMG7ZwDe$WTbq)xF}s?Y+T`?f<;>3(mXS3lyZY7C
z)kA*=d`wW}qBzWsp4=xZtBhwIJ$iKRPq%N?%dxhc^{dxy^iNIYef|1%;<IO=vt#Z3
zE#|(eW@hnq#mmdfNhvARtgNh4Ij_z()Yj>2;p8;S&``h4arMcQ-6LP0uivm?!<Q^`
zF6A5ahpt??5<E0EKE9Ecm-lIUy3%H9a+3z@;+~q9C}8tVevdJa&U;>5O#ZN$fnjIy
zAokKoNTz^*K&;f+ji=sR+^~K7_Ai;H?D(#efBvYuxVQw@q|^M!PkZ|GAb0o<F|kcT
z1{s^f>`$MjY}&M`vZ^X7FDxZx*WAKFvTEp-zD2<ab#rs`j>nVfxlOjOEGpK%w)@6-
z;lc%RX=xFc2cJG^=e>Pf(b~H8-o1M-UcM}!o9dq$Zsf`TURzgJiCt=8WwjbtaL(5D
z(fQAhV<oNW#yj5{3YYAlX)Sb@dhp=EX?(D=vvchI`&N@ZW&2#mP10I)7ETHYB^sHr
zJpY-NmNq#v6A%@}vPW9l;^M{Iv`l<G-(H=)l$secw49OVyll!p;i{ZvR#a&_@bjm!
zu=mK9G|Ppavg@I#m%0k`zg)rY{1b8z8+`TFZQE!m)Rgl2hq5eP<G2o`&@CdB_Mt1S
zt*tZ-@$y2srWY=x_Y4p7yRzewk`7&8+xL6F)1Y3h<D=x{%4x^`YFf|PQHC#HzErm0
z=28c%aC7W)IQZhl3x3CLia!oZ?Wku}2uteVx*Z&{E*f<S4<Cwn&3}(c9ZZn1zjr4g
z!F;r%v!kO@E{s#2k%NQdOs;XBgGKO!A$H9%`N!9<U)NY++I{?;mrTgYo^ziL2Hm<P
zGUcYahMGF4T?Sw0i<7M9Y{sW-EA{*u={<XxIpy56?G``8h^?=#uC^{_rTDky*oL-?
zm=@@HdH)&jERPg8apsrH&##(w_oJeCr+>C&RW7q_-AbdQqa*qK=#e7=Gr!ZZ{q4F6
zPukqSx_Vvosg;T1#pC1B#V%v_C<i~Gh`oII@=Q~vd5P$&uz`Vrm))=b8a5XAjI~LZ
zefgp{F7x>D<7@Hp@pDT9?<1lvo2Yg-+%suelQg<uaJRfAYuNRgo@y~Wow=;KdX44c
z>zo{x&mZgRLQ;Jf$KF^j6gdB6R^TG_V|bY(OcghYw(0Zd#v)JGY{P`KG=YWLF>)OI
zZ`|k`{CGdlV@6Qz7F)n}S(kTqvgbbSP*GD0X}B+APiJdu+fnGw<ml*_=lN&ccz@=X
zZr{JR6#p(UWto@Uh>qSe()?`Qi4!OIg@kxyWsOHAW~XYnDjFLZ+S=Oo`K}bY)yaF#
zp02sQeYm?sk&@^%RBu#pMc_7<qUc5;+~~?!39CvgnTs7pUUFV@4tCwere0mR3482X
zH@9S(GO>O(dU=KxUryp|{R76VDs%!zlm?1lT--LZ5+BnMlXL602$w!H%o6urxH2#_
z6uLM!5TRA+eb}_fgJpbt{9SGBDhjq|Syk1V{rmURY}%x5W5YMzRkYsF(9opV>*PhT
z;=PTj$5;oxe?Mes$olo`*TaVoAJo-l^t%?X<KyFFlx-OhtGIVBD{h6`?C3VXYhBt_
zHMaxMqYN^PuD*C7PVtL~V7jr1Ya@1ceof~Ki`7cX%2bpaH*TN=Dq|5Vr+X^`t%m9!
zQYf05n$r{ATr(rh6*y{+gLT_d9zRYtFYyTq4ZWV5D?>TGvNVsqxrX93-Kf4*!D}Bq
zJ-x$JpXzAmTUHMb4~NT_8N;Sf^DNqP?J4AV({m|s++ve1M?VW3Yk$KdFTcIWW9F{0
z&yS_x+qZ9jYHAW};1$zR{b_RaC|yTK$K>3U6~zx%f52swMp;?eB>!@1ojZ-tqs*9D
zpRWT2D>C}iZ_B=YJK3Rr<;tGRPEJ)GbHBbH!_!nXd?$OTE_N5+!d3~+Vi}J!&MQV~
zEQ(1#kbDF?Y@1+{a$`%2VMq1XuLg%THCaAON=o|Y+PBkDs8MEnvC%Bsl9U6_c)VPi
z>kpGGauPMk+u^k|Rb%PV$Qi;Sf3cS{q$y#lzh?cmZQHKxppmrRDtRX8g?+osA@1;?
ztnY(^beWl%eYx@;)BG-)gAEDhHVyH(196f|^Fs-eKVI2<Wc;kBuODFi=HmMl*6|$w
zzZ37B#yj>)n3`!lN!HWT8<>48SXW<vyzX<cw`bf>uc7+wWp#BL8eEcR4#(9n`~RBJ
zrrvRLtAx^FEiG2+Lz~TtJb1lU=7%g#eSWNIor@F0@;T%A^MIBt^U(9yPf8UxHdMuX
zqDbETmg^8EyyP2JrnoYvTo~Qd9k_{W%kSYIKUjWV)z4ekJW=vjwAd^!(A3B%woV2I
zN^&A$2TgfvwpG>A=O<b*M^FIcUbs$lF=k~?vx%I1nPPNG)sx@gb-m_&8O_0aoCmHP
z*7(rSz$#<kwhPBCrd2sRxki6_nc4rIX-l`krm7I1y*L5u(Zwy>=6?@Wy}rI~6CK4L
z$i|3lgRkqS(1`oas+vszQ6&G_K%kNyPo&Hh%>`6p?m^$>g`C8!EV0KpJ2|Zif0ur1
zNi1Wpv6%mvo{pU7c{9oNOBWz4f?eAyqJPT<{*4^_UUama|GTo>H_PQct&@F4^%{M^
zb!yYME+WzKF)_Q>mQZLSc58_`dg|-z?-Uiy>=@E9IG8=06LRyWaP$za?2dps8hl)h
zh}OZWXIaI9(Z#M4W)h}2Cw%reC6;ZZ-`M~B{+;(RYmtrWYHiz=%qU|YS65ewu#ytr
z?CHu%6^Wur?UU^6>{B!NejiHq1!z3jr&HJc%usBnm{?YwJ$2HKVZja6WTzW>H2PT{
zQ4|#w?UP}7?xcEM{gK+OyT&%SvH4V0d((b~6epyn(K;77cngi4#aWbWkJ_T`^?BmP
z%JO39`47<|Oy)6b6BcL3gsu#KIz-tqH#ZmbBjEacfH}aLhq<H97H;l^9j5u0*PK6p
zo<ebQa@upgiJI(>c>y`Su>{{01};{!&6PDZ>uPI5x{r4c<f$(I`XFY_DJCn+t{%o&
zh1T9XHg;>9lugk2rlg$j&c6nZOl23UvS9n3F;nzeatmJkH8phzn_W=vcGH7>j!Is3
z7cXvHw=U4qeeFgL{$f{mclUiLhpEwJ9UX<OwgG`>N_>{t^7HfioYt>jKQ;C7{@ze~
z<2h*_o=1#f?Jq2pQAA8Gp6dORi5g#};E9&^RR7r)%D0BD7Zw$jHQ1i&=y};^8{!!a
z_s&jDUA=dYjnY$kb@jQ<0_jz&SASTlLyOsgZ{Q4&@VfT}))qkc@bTkY%>Rx&%j$aX
z7%DinEIg|G{O9+X$K4wOSYHXq`JcS^1bh2jd+zf(Th-r}^Q3@DsUIkV8(rYQ{Ujx@
z%FIwl2TK;eC@dk7U6<d6E=EOR3|8TL_bKtv^~+JulWU@$kYoC|v)G%RGy{N;@VGdE
zy<t~aEcNxP?ym;Y=_|DIv)h~@e(cz>DaZ4_>!MsXUg|?t?(4r>`!p$u3LQ-1(#hYw
z`ZtnWP94~^OZ&ws=LkN{NgUd~zN%1kskMBX_fQaCIP@x2R#sB@WAE#94H+Lj5M!f*
z_m@lvc&vFp`qbC*gd%{MojZ3@0sQ&xpxJkMfaW&G{#86YJU2P^GfLUiZC)Kt`IKoY
z3uLg3NBwpsFa`rFYoLTx_35URBa^>=l{YB<75=>~{BC^$ziIwkVIX?To|iAmozzeZ
zjtpr=rl%K}H7yFvBz>7Vm2=_!h83ziv~|(nHA~p(8XoaKWRm3JSsf#0zLo-<UEa~b
zap=&Y!x|dQLpqUzYyM$D_pbhjQ`po$pv4K%{Y`UCJJWmQ#}6ug8VXBSu3Qll_T_iS
zr8&px@lJLWV+!3CBhtaqG=fG)?c6*(qCFFIRX=1M{`5qUS@f*4h?NfLLF=1KTn`>T
zoI;NgHp$z(o>esR{fR6y`3&PXnM#YkpBuVfT7MwW+7ei<wa9bt<;#~Rm*$<wlVx2-
zOHs8fEG@YQ|IE&+JvsicXJR631G`KQ{`%d=k5%X-FD`W}fZ4q^@*5s*d_<vJ6%s;2
zOM5jt+cC{u(4!0cV$k{PO!{;6EnBwqaZ6t6!=hwlWN4T8cz2Zea%siOl`Sv+Vc_Bl
zD=d_w9K<;ezk8Q^P|<0S9waR2=~I5nnxe=LOcY*luFQP{aX~=}hq-*0vgcYWE2$ZS
zsg=q)$}jt3%TrMR)g^uBV%``UtA;&$3gSa*0o4s$Y(I{98P0LzBlS%n93>`;Lbaeh
zkDur(DP8OE3NZIIF4}zT#9S<Il*I1c>W^7Z=|{eLigi6>W22<6&$4mj#!p|r-gx|&
z54}bLCmB1gw6-=~X;E~ctE#dxa^c%s$9}bJZ`@$ZpI@K5p)YR{Hrg?Jw9tD|2Hja-
z*cTw+#g!krKvkRX@4cjkK1D@2dGh3NOBNS^lgOav@#EDwwk;HXPHjCEpo7MPygxl=
zGJby7--hEEC~uC2|6pxJTN@i_8o^ZBZ!Vfr)>O<fF)~(iJ{^4sx+lGcw2<jT7g{nO
zZlynh)9$GzkgWgApsydR{NdvX-HDXF`!l&k&5LjD){3X_)6mq#N<1==e}-3xDEQ3(
zvd+E&WN_t2ld2ad2ZxDpm<o5ed(q_PvRYk({p<fW#>d9;OZmoq0n@A6SyNkEJKT})
zlp6C&?$__%y+3{gPfuU*`u%Zl(9N4FfORily~5$!AbjdI4bT@$R|$bR&Lg`Nx(l3b
z1O8as+1-qjI%^4F*=O6-Tl?$WxpSvMje<f#uHC-9(eK*Ms_g7+$@cZv{I-akdPm*g
zrKkGyK~7Fiox{l85f5uFLmjT8rdf7TQ=Qs#a#og>4!z}TD0klP_VxnC0C6`RpMn<D
zb(W|=jq8q}iP<Dwx2U*5I-gN7wuhzDeRnsvpfIfjg<E&-Y@W*BL4yasqvJKQOmq$I
z(Gd|mO#Hx3RfX=qk9HPMDsiKZ=AkEM%LRBQ1E15kzqu51Btg+v0Z42^;_0s1a31yO
ziCxUvc@KWwIOH<?i3*g5DFIu3o0wVQ=7jFIuA7_&>lhL|Jw0OzKD~c?CpI?dt?R@p
zzYcdQA?4mb^$iW1Aa$T0W9#NQ4c)G@#h$7F!3p`;XqfjV6GUWgZeix<Twkb|!`~I}
zxFt|hZ9~JDx0=24OhPBHNO+3I$yKXXo!N5yJ?QDDB;{i!u{WHHMnF$P!$OM{$(rQ_
zTH4uV?1Qf0SF|T_4z;yb_+rIBN(A#iRbRmf7kcR2Ier2%Yr?o5L9cLdbyfd8_%S>x
zDj+s?>jOD=Mi3DBEn;TE7x!9L(g>Run~ZKB7#rK*>+2gE7uQ=GCDg~&8s%-G`ubug
z8<8wNd{8zp*fKgg`U!|2B{kIogw$<i$vv&T{oA+T_MySS@~$pU(3HyGLk&~?VT#H2
z?YWbalLw*EpyhE=)(9o9%(h=T*ZN{-rs-QgQO;Eqat%0}ADlOaI9$2H99V;Y*n$>$
zJs@Dso;`aee`b{^9XUb^UP9{Fors9*p{!!%wY79W9?($AvaM<=dt!rwX|d7tepm~O
zp+7u*_KXKS<LcF`dA@%YP_-%p_5jRUfX0J`?c2ZqJ+&rt^IO+TQ$-PnclCLBCipA}
zfV)p&A-RQx>7Sp<DaRdz2;!fYx9=vGBImbn-{yWdDB_^d3JD3Nq@<ii8R#osoc^&o
zamOd=)1{Op{4;4$#dCe@U)#5DL50KCP`hwJkdk;Lf=_aN#o^T<sAlc~Sr$hGPYt1C
z1Xl!Z;!#xOf)H}<^WzN=8WK}e1E3_mtBW#>tI@9v)NK(;c6c$3%TfdGAn^TZTAF^X
z>vizXdouPRb8~JS0J9t}K*N^3T@S&X*OksQ1qVI7!2ntG0tJgf<wrT#n(y?ayuCBu
zN&Q@NdQ{%?!UUJGHd@rv=x?Ij+)AICo1^ZVgT~DPKUEE3>!d~YtEs92`HMt+*`&C%
z!_^nqvV5|)VvUf{Gu=O=lIFKB&d&$C6JpX;<Qa2n1$~!>F*v1l<sbC`Uqf%MNDx><
zXHY(71@eyZVC=e0oXpeH(?^A^P*nYghtCCsv2WhI<6=9`=;eg=C?Uf$w}~DRF+Mb8
zI3gXjvXzaEZrw(X&2NkguB62d_Vj3v>_=&*TfLT^-}x`_xssPx;SQQ>4$BM9NkBlU
zgO|R&Or0G4CUs~t^-f-1Ra9y7wD}pxGsj{?gRMhCLzyTvY;0^wHa0fF)>zbnI-k1{
z5y#|P$^}og7-kshSgvR(%&QQ3n2;dn{!;h$v*E>)pMQFsoO!-0E-vmGc9q69ES+e?
z5LzO{NS=u9@^U3Uc}2yNR@ca|Fs*q}3Il_VboI^#QqpZdB~m3ndNj2-QBncw3`7W3
zu|l28n;Ou2w5y06I)|m0gn+ubI+|0@{Y%AH^YizAX>Qg*yZ8Fj>6+)*zqb1J_C<r+
z&w|W-=GOp(ocs2Y7tgRbca8>c@<73x4RuBtnEF_!Pj7j^+)Rsk<4fyf=Pq1O0u#q}
zz8hDfrLMk?fKuG7-oe4OOiWDJOG&_clYj^+D%6lR^~a+eS*&erZs7Pn^8LHgm$L|V
z*_iKiHm*069P5(5E1{6clH7j}f(I$#jZdR0k&D`UvE$CR6{BY8PKn9MtB9ZnUAgjS
z%-y@IxVRD+1KXq3AVHRumF)xNL<tP^m>D^wskvccVF8M2X$XtZojZ5@01YXWQ?Jim
z1(vfybs<f*4rQ<^7**$m-8V^-f-6Tjwp=)U+7A_choB%`x6h&o+un=xA|fK^&Yw>@
z`O1a}czu0+pTJAAHJawvq^@r)+yEF2(W>&t=O?|ry;N3KR_IuzXvqZTLQws{k^He>
zW&FIYEzho9)FQ^Y{=nt*8#aVLcp&`GeWu&wxmMdQzAD)%dKJgG20AvZjYx4@Ibt{z
zNj)=oUXJ^en3;JSyE^XlogFmby*0qaU?3vJE2whKK|3QaUc9*P%J62CDt}ywp|d0L
zE}qi=$Lr8v{oMGCnuZ3whNkA!WUn&6fB?&f-vEHn9hJGm6LEtMA3b_4I@*9GGWXX2
zitVRQo3SJ3u(KM0nbSr8aZIAFhQ5TBz@WdnX=g<km!cZc9ec~6B7sCy<72Zge?NM7
z7bB%K<K(NZ#narB2ePgk@jl`b5?62C($r@SBv-{;`j45SBmLrBBlne`UpIh-?Q@&l
zv5`}be{TZhDx&LSFBJ7N7H@BAe)!g9Oz@2%A6X84MUG!sAr(DMIiIDi*slA0miCQz
zmk`YsU#jfgI~wq&z-P~dyu7>shC0(l1<C8YOaEU!kAR^w6}ggs9>dFJ|Hs@33i@C6
z#ZGwNmo0Js%@;4{er>2Bfk#Yi!k#na@Qw6z!J9X45(K*EVn<$j=x>AUcpd%uJ0sgl
z3)J+7l+$f9&g$taq<E}-k*U*+zi0coO+U(2zabKoP0;fR_6hWFjwYxeo-HchZO~GI
zhK7fS^_+DCS@7K5(mC-|8Mb;wU%nJnd#E)Z(R_ZE@{>(pOgbkMALaZ@=I6=Ob<Dhs
zwB;2Q;qmbsK_rb%o-8XZO_bbpNRKaA<r*~G%Ia$F{rk5;ryKtI+*qIWS<?%=HvHbb
zkiRR7n`miir8EEe6z?ws1qONX&1omrku7!gDiyeWdcnErt7-3N=zHXErH4W4HEMWT
z;Kn+mVLcAaE94Xi$;fSPawmWRp^qpV`h(-a%*h!U^!E1lMyF2o;gt0G27-W}sN#Lb
zffX?&wFR}3AP&edlrIndS)du6h@baf$8Te2uXz8S7Dr6mU~o_O^my}t$J)twwPtnA
zOtPM)g`pk>Kc43d44k3(MMddbPuzQ|bSl@5mVyJF-gj4z^Q%<)MK<XR)QL9DQhv_2
z(i83(wWQ2sfB@*5Fea~(&W@)le4;aRg6Su@AA2voir4ozsME%zVQBc~rK_giPLxrK
z_M^cUr{y1ws2$j?u9^PNsw+xoXC7%#^(f&>zwrO_CfwnAv!cOWK}3l7@-!-kES8SG
z{u=F9|LlooEzJzuCXed<OlbvAga5Op<m$-N-0#oaWcosi%|DO-51&@L8pYKDJpypb
z&{>BZ<zabX+I3*VZ_`5$sZ4iSz`;$w85+9Y&fY$Bd9?jaR(hxbA228=88^^IdZ-d=
z$@HOExDy?@{U}<vzt$l^L4MDli@=XeFW^^EiBif*Uw=@AO9twgo4fn_LO#>BVnI~7
zfGum?ehs{rmFFav$THkj^tP^c^5Z?}XOqS7qq?37hva^bSMXj?s|jbMrYgN3b3bTU
zlUU69M^Bt!I`QOq)csi$W8sr8sT&&`#U&+`;ERX@FFU5Dvx=FWZcJ9impTYB4}EgT
zauG7Q(!qn2ja&-!xE4rTR3{#5Tun;ai6iqV$JX#Bn=~EJgPMbbIJ{N~=Mg>Xb?f?}
z#^W++QTZh<4;;QS(Y2k@Gce$P^CmrIbC^5CZJ>Xi0|(fI3^OayB~DvfUMsu4?h)i}
z%ST!0)Z#KSH)3K~iH;6B?jI1Kzu*kw&7GdMb`$4KbX8{0qSr25+MAaam;ZEUI}IHt
z&EGKVnt0)bf3pB)#O?eR2qHyGTLz>W4CN!47-Dknk^q}@2YrmkAym<9*ieO==Lo?U
zl57%`tgX@)m;tXPtZSJG6rqTpZ`ws69sN_<iQRG@(=-4k6%Z7Yl9H}+%6pui9&Q9F
zUrP}-E8I#D2~N1gr7pRSJjc}pGA}R8bhpj$a_drq6YGhj0&Ks#vlFkV2L7A^w6kk{
zK?MRk2PUzTW>s|<R~S$_S!qZWttGxCbqdsnN>h$RIDo-oGaNd0Y&~QoSaelzo~pd?
z|DarfVPTu#1aIEH{TAANBGBP*Q|fx?uzs);h!6Mzo(lXT24-e|^ev4z$u*EE@WPtZ
zV=>|$)8}GiV-tzp5FA`~m-pD62M=xn00-5ChK1Dt&3<~Kl^{5F3u3;C-U<Gu@%1z`
zrO_hBr_Z0Km6er!aKM@FAEmqDp0w?Yi=7AZ^7E5GZ)w)AuYekp4VFs$(1TOC9WY>f
zhKANb#B=lX>>vI1s`d4GCO{&502jX8PAMrS>`RDU*Wf=Y%nvYuob*8d1;FK#lasr1
z_wKcxp3_iCtw3hA4Mby;gyE+`t1W+$;6t~2_imtzlJ?MJD!WJ+LoXG09+*x@;Zk?8
zyg`=PEfB|@A|e~u_g?geQ$*PzAV3R1UizlnClq2PkErNI*tJGE7g#8z-@a|b`!fD<
z?yIDQA+!ybej_k&9p#{w)+YErq~yXZu9PI87c{po7mq$|HYmG9wSud29fmZn`GxnQ
z%PzPap<>0G|6VVI_5##k0Sz0sM8(XEv#_x6h5K(CNN33xI}0d&kS@p@z|gq#^CiJR
z%|_SPZeZjBQ|oU^J!YLtJUs>u4tj5IZ@aeFv<D6xAXFAsT9r3YEj{^e_wTd&Ed1C_
zIf%cVf~?jz{o`|=&-a|~aG<Jkt#Gq?zJCvR_wF$MejR-3eV((zK=r*nJ$}a@9-yKS
zNcZ~n9*8oly%%TKQ0n5O)`9I*Lb$4GlsI@uwxy-zkG;up?qs@u3Z7o$er7;cDvE@J
z1Z9UzCS`}BqWObId|1zeWs_EE$;t-sGdEI<UYsU^6s5=acm1y2yF;l|!C>P~b8Cxt
zEWpdJf$#*}Oi4@(KY17SOGl9>E0|5+emL=ji$jf2fl{zlo7%5IVKF1}8L6czyaIB8
z$*=8=4Bk$lJYy}cKY#wbb#3JFM?5o-Oo`zhxN*Cn46mlH?%lfI$@cjV9&n)Wu0=(t
zekkioiR^Nr_Cx-IWG)`fodPj;K!(EPt&1jK;=5cP2K~K&v^r6O_8V0xU=WIl;HwHT
zGHj_EN|O&&mZ#i$2Xa8f0m<`&gM;tt>!aVA9zIMHEow?^QruW>2(PGhD%du0Lnp3W
zvpXKENsdzfz{ez9wicU%o}r<bV@Z=YPEJ`(jXK}Q*4DhrF-t3}sZQ7KBw%IGnrd_!
z3CR4U57a+#@C>(ChqEA#;@+$aTYWRcOZZz!(2%N{M1+MY%uBoHvFRw<;w2i5-q0_%
zFaDV@x8ven!~DkX8zD6r<|UjXBP08q1~szfPMtbMq2v1tqw@wtFJTc8$B8ca4v0jk
zLs-;`fc31285zRS0i^8-nx7m~_`%Hw5vtEtwf#0;rLCh=2Fg2Gu}SeD{KF)x3FI=c
z)5_rl6Z!_CyXC`)yfLG^I=qVPIFCQ$8z^`)3gz{M=A%hgObq%gNKHLGwJ>=9lEc6|
z22xV@Uh4A4dczU)i<kE-@9f;3;61xdLqmf|zFXPZmCen$u;nAa1)}Lf_6{I21PllJ
zw%29oEri2B+lzLygLok4y}*oZ>|aoD;A_Uo6T({XN;WewT?YXqRBNk@-PXq%ao3;~
zTA->sI6GHiLlR|+o>R`qhS(6G1DP+|yy0eCef3J}_=9~{(I%7OYt2E~Iir?{GD?)g
z);vd^8ynbfVEb{v1t2y$+Jd27(Cf(8fBGQI5pf#{8s-n5GfqlTN+F5dhG7LQCwQ!r
z_gHifEKwr%K@R$qthyeAWlY3`mpi%k5fW!^?Z@Ngf^kkQ&|4;^^Hx??NU;}11R-<G
z($cc0zkl^Q1d6tb_lQK@e!3tfBU6nANQ=LNt#1j#61R$h^<3kpPktpOijb?aeU?2)
z-^O={K0hn~%YMfWN>^7Gy1^lB?agq-Lvi^r9(Ks30Nq-AdudI&D%yPL_xXjNSr(Tr
zg@H`7!>KHLq#kw}fAsSs?z#meRkx|WHGIb(1YuS6$E$WOlm-L_R($=s1<HfIDRZ)*
z#Fb%^XyK8T&M|3+Q@sgd%C({*c?7VG&VRRfm@;xO+@<^GHYtKP`~w4d#Kkv@oO*o_
zZP<EN3av}yzRU&yc^W!8r88%Cfmw&l*a(lJX<S2u3IcJUx$iQ|_5)W+cPDspM?68)
zfbekL6DP7!c1ef<A_lo(2d)hJVe|AuDI9KpBL>y7k|jR4OGUMxQQx`ajdQ}$W5-Zh
zL}2NgonK7(lM>kX`ut}Hw1=sD<bi;{#T|MMUI8lqVlO2rdFSE7TYyxBj{D;keQ%>{
z;l%fVLT{#~+Q7EwAaECIFs~Gs`l(ZFl2TIE1+RrH>mTfgBjf+(&0d9-x&FPPQaa8q
zOLJ4YB*6i_;3ebd`+Lq`gZ1&QaPY?uf!`)jK?tam)p~?0Km`vi>Uw?tgk5{C=AbmR
zl(->?^h8O{eU23!9UD6){QLHH*`pdfy8fY|p>A5AzkC6_T4Q2rDuHW{TfDQUJ6-?T
z>9c2d7k5EXEcBY!eZ2B;ztdWF8M{*4oTSXmjgWS3ZkII}_tI(Fua-(eLN+#Q@nQ6A
zdxD%48;yCEM>QcbBa)Rd(x+Ddm%$Qk2x7Vt(i3=kW1+hfLAAmMqZ1OsK#x+MJn2W+
zi*DlY`-t6hXjde|g(#4t;6@KIVt9X<Zff&Bc&Pmn;A!f(^2w9iU?arH+Ogf~j{b}|
zSxHGroh|NiPMs4A3yVgA!ggYuyLXnCC%5JXyl=muARN%{BPb{+E-vnO>(&Of+Z@3-
zp3w#NxVOIw$J}TpPD~{H;ZEfLj<W+f1-;1%?lsX~zGj)5_boBb&(9AxKVyZ7RTWhz
zI0AQm?#GjaPxvbI+a#$C3=BvQhT4&9_w5?oyB;74We7?XX6m)@GS`BM1%!p;>*ACH
zqQn#&R`u~w_-m!AGEF?jiaR@%??guWLkzZTPS@Y(Ji>hK+O;!VBvw%r6%}zbWA<tM
zBnd=-*9*<*Yj6u7Soh*8{;>f3ye(i2^~vd=K9R_on%dgp#qqaC<y+FZ!w*-gCJtBp
z%IscTTJj<pJTwVa?7m4r=L)2a#LSB;0TTZaxB-9XdIPy|)v_)VUAF*DEN6=L1P2Gd
zYiOuBo8Wx|1*!HUkLjJ{<iA^c6q#XakaP>S!xnhU@CY^nU@)+-1R!A$?Iwm-Woerz
z#k(?W(iu?TmCp*PR(4BBH<{4aONXUBIW<)VU@MLSKy%Fx*qLgsTRRk}1W~y1`udG%
zSL$wV`wFi7;FhB92il!OUqD!l#@N_+>PgC`F|=KA^e))?47Oi04v{bQes=;9!l0;@
z!WO)9|Gv;?E35Z+dEpO9iJBGipD0F1r?-a7R|N=-#GXbw@|g}E(yAr6hyUqefH;6}
z?ckxP=;#}Xi97xakVruQ2{IX(Id=GPsg~lhKd@RE;!Mhc8>8YPjpDI#7C60gqpuop
zg+aunudoF@@E17oxD?NWzCZc<cf|ZA|JS3??8qvU=iwPWXzNJ!R3XsNi@!m0AcQ?N
z`g%~%in_A$>Td5p+Yx8Eg#c^?76ndJmB&{!Ywn#p4;8k&;~7gMT7G|wxzC}~r+3Vb
zcN!0hN8k#XyS;vI;M0ipgOE(5N#Es}nAmvOB_wtEszKp86e}XzM@BMB0OXCq+3-V=
zC@d;+oF3MZ5J3+`iB(1gCzl1$zZV?s@&|AfkJ(XLK<&8RbI6unMMcEg>D#!cRGh|P
z3B#hHkCDYljaSr{|FH;SQ(^&*3hjd(uE2}aWvk*ElunKnBRXM)KD*Dcj~enR@9be#
zYAQ&o4o*(WxH*J6#<_gP)%N!HUq{s<y`Kof$B!S6JFhywxJZtu5h5kf?$+Z(?78rT
zMn*<vtCS7Bj9sfA$^R@!qpIyYa3EwT-)+j$YvIQeveH2eJS5PE8q^DHLh-|nb6mKE
zH7G+{BJc^$zQx(IfpFBUz}1F7C9P&;VseD3N6Zt`f-6@M?1Du3_|xPFDtu{63oDKv
zE?el8{k{A5Ljf9+u^(Q%dR0MU61FB^|4`cFRHk?8fNz0wPBj~vTcAylC*Z_a=4u>q
zyq@exOCcbF0CU_uy}@FmD+(TIwLyV;(+c`c?)tlOcd~5WOgVe@ES7iYjva|#np=;(
z)uO%T2l!D|QL!4#1t;o|o?c|$^Vbg<w{8uBx15)kN7$fIvDbdUryDpi<=BnLtX)?B
zShT6@nV%&*Ftb9ptHgX!^x=R%I^3H5NFyGYXeTr)vir~&we7eX5)^A73g5xGShIf1
zX{-vx58d?<f;Uya&Yn3#5^5xvhN3YLeGEc<ad9yipfardw4r}cA$R!c${+@}<pt@b
zrKQQ~A1B~!h5mkx7=cB(KkbX$T+yjQ^ssE}4_o%wex)a87|SE>Icv9T*RDvnQ8=R}
zg>DSE0f%6z5l7eS@A4ns`gOnhs@4OdZ6y?i@Ib_B32=qUclgMWGDCCk05tuwj~_Px
zqpL!y0Ld1U%FdpCps%M#st>YumR*JJTlZe%An7;k?Ije)xv@9hM~g11sO(CB<BpR=
zp-6tdPWeY1ffPU(1XSe9Z}v({uc087N`b<^nnH{Mll8Rt7aTgxr4{UH1V)r#UIOmk
z@>yPhqp=?BeU0{JyOX(g+dzJa!T^gBZt(FA7pz2Uv9~P9e9!p!ZG8VeAQ{FFhOzLh
z(Wb-0!>@u$1ZAnKs2qd^0rF-Ytu6?eA9@6CKZ9X=%E%?yc?em`K`o(|l9GZ7r9~ep
z)HePvn<v7}HmS9g7d9W+=3sj{iKaezLXINAYM{*G&_2+Vt@<j1hrgsTB_}5X`I}rg
zrDK?7_D|a4Tw^lh(4QQnk5Rk;qXu=euB&jDxpsR80=ZftfrGGQDH;|PGkw}9`X(h2
z%sW=xV$~IAXDa55%d!`~@RP_j(4rdf9tm_n*L{SP8!SB*;A))_=3Tl?^VdCRMgqVD
z>+VS(Te8xL2T<n3hEs(=B>|g~<RZAkBY%4OjcIT%Y(^IWr{m`3U4#0eY+}Lz5w6PR
zf!@ifJ2>NY_xBPmW0Y$b*P8aev(t2ZbARnka=dsa3TxTh?-T&0qikJAQ7(lUfrO@@
z#2vawuY^@}ZM0xmO3)mt=5^E&h(&_s-KZ6oIq3H7YDD2Sn3|dbb#3ron7)d1FPs2E
z8|og)zA@tX?mcO?!JSjW(tpkf+5yoKa2GW=K}e|AtRbbDG6|yaE(Q9_b`r%vo(6T2
zC}ud>hk&`qxi+CdUoR*q*tbp%IT)X%DRpSS>(Eq)#sYrx2|)(9i+#Voe}E|H89ej}
z=nadu{@@`VSCsKNOeT;w1gb*mprArkqu)?b-dyUA_B4YSL4fV_%nTI;4Av;mVJE^;
z>!4-l*Ko?Z2=i&h3y<>%39TnNG@!snbZyIdBuiZhP{O_ebBfhyLwuc72lT!~=q(hw
z0%<Nex6OD>RQ_6Xuc-jHdNeOYGAeQH|3qsC2m8Pw^1wcVTW$sg9c@WGwEF4OrvxQS
zW<7x;KRfzu>z;F)5vze3b<^_DEnI&u>^8)8Yk(Eem}p2&X=v3NBAXC#?#GWGtvR-=
zh*0;8j?yRYc;SvPNnN}=J0~Y6g>Jn4zse16F?C{Mj8&t1Ix@$%33<Vms=#faPdsg1
zhaF8i)@8$Ut{{QnJ|vO*`cgM10ZR}WdPhd+5Di4ZEd288@DtVd@7|R{MGTd$PxF97
zdNpq$9jF>Yr9Wf^us6+K7jqAf1E4fC@TDnhc=jOLOtW|I-lgf!S`<Gtx4sWzCB)A|
zdjC33S(45pG6NC0je8mSe#XxsZP3X~OiYLkNLk}M3{*@F7yn#K=61p^V90GJn}MFb
z65DH_-d<4J_N#FA1{cH`AeLdLt;T&FZp#q@J_xP8#U47QA%IR2NAc9wzSCM=*U%6M
z%?LWh2QM+YH%@@7y+413639_q{n)4rCP5#>Iy5Zhg9rWU#9vQNIs}xgYpvgvyy+06
zIfcbhsVR5JWk_33TPnMSR&NNoJG&K$tUd4n{E@Z6nA9q;HmKb8*-KH|H>C}Grw_YF
z?akfUjGUoeX8{ZJNRp#Q6#0ecpNsjSIgu_2KpNZ7%PD}!NCR_0(p5&!CjlRj<kP6P
zmS)(b8OT_m)`M6PktIRFTipHE8OlLDJ!YgYZlJDIR92=`zBE*y(BD)Ap1+fyp9Y0h
z4N+;LSc6xo@@YZ!Ihr9?`gdixz-@{f=12gn&ogJvM9$SHgH~egiIe~V1S#NE@F#%g
zl<n+<@%45cSHQK0;B#U;Hlly_S)ErFL4>l-DaO@o6PH3IR67D;ScD8HejQ!xx^Pzd
zOytmmEw!TW=7z7R=L0QNH9_s6q9B?rX-!RcV+#x4#DmnVv}ezh!SS%|gtI%K7#%pY
znang~=)?iY;Xaaz+4|O13}{r}E`B>Y&Kz(N>JqAeY<+@a7`kK`qSp_!G~-c$2~1E>
zP#|$U@Z`!H;nQJ%(99EoV$sj9x4soX%SW#899(|zUnmJY_3I4X+ROj2{#a$FIw7V@
zm^TVGToNh@(QtM#2Dh$$p7HDONn>NF*f~zbFqwvEqH?8D#zKC*UZne*H2Z&RaEyvl
zkTO?MAcrQQ6B0lORe!RI)%-Nc^osQ~HPL-Qpbwh#Cq(2ZYwVxlloNyzD{Z?4rJ3ip
zLAdA_!&9=GD9FE8)~IHwo~KKY)fRtVj$1A6*rzf*(!Botdz{C2B>aE0Q>#}d;dM>w
z6_4cPl$m^@&lkU~{ViYW!pGoE12Rekalj;0YF3EwXrKaL*B55E1znk$3JRh@_`et0
zCuOp}ZzoHU7K?n=uWFeT^suUBNKgIH0@c825ibk<E;6Rz3`7EPj=;>mmAa1~EzX}0
z28a33@#lNaiGj|ySep-p8=F6RHY+!_wVk>t1MR$`xtRr+7ay$S#)a;L|0x5stW-M+
z&Kx>Z8gUc}O`c&wg>cTGo%%uJLQf#iwd}&A#AVIfBKmDycD&)4SI*hnZ_v`x!md62
zy*4V<B?3v2D#Ye{M@Mg>p!9;wpkD|%va8nW=UEoLr+&hczZScy2RII=2PHx>>sU#5
z&CPAs!IDS?#H2!mY=RLw2$AqKV#TTYt8XcTlo6D-@`jB9f%_8@6-xm5B%K7Ihelpr
zp7M9`c)|f^K@52by?TfM2(nKv0PCPNSfDkN1_Qq|+hgW}gt_~K0JLr*z%Vj0Zr-*{
zV56%+irg=@a6PHWH=VnAm+K&kve=$I>PfSLSkmyfSG!%tJAxq?5d7a-;4B0S_^4(C
zB0WmSk8gwwL!m$rR6&SA9BL_<-$2{|$DXod#p0J}TO3*h#s_F%lhKKZiGc-JV6ia8
zaxwpgRn(rdDUnyqQ=4aM@5v<qRCsi!rKi`veori;OP4NT+`{mp*yLR|H#bs#h*JP@
zb`88Sr1(n9$_`yz8DZNbaLMk`uGG$F%=ua@Gf7n{UC%f}0syg~OTO)3l?SteYeTj)
zF=(LQ^pY^WA<x|y^HTyO>ydJVNn!%Z^e1RJlr_g5D0)mkt(?Ck*bdJn@zJB}`0kIu
zQzTio@y})b!OovV1EAvH>f?lDZtJ&i7KHG&<vi2S<KREniqM>?$z8Jr^Qm&C@5emv
z93C>n$<2u68{4Mal-`c}KaU+uauk$1vaI6TlL-xkgc7@W#mN(mZxo|aUKh`u3qpdF
z>R?)^IB~e&zd!PT-L34}8q11f9$`=luSP{h)rH--vG&)mUw1Ii2N+@nx`sFmsl-@q
z!HdRjZmHAR(<|Ir*|QkTSWN-S2qfto!1GTSY<nuF=M;r|ZjF5mAqT<yHDpgFY&)-Y
zjS#J}GAf9j1g3+_@NMK3645-`)~>a%EwVmv4YP2{ZipQ&gWo^IBxPlV0VWuBRSA><
z9g$=szLF)ZQ>5~Q4YWdXx24kk-MQPI6?zRLjH$FeMjn{pbY#bLOo-Q}%?#e}QvPy?
zUXt4dn-Zu6k+a>i6Ww9Rft>~_<{iwsJ#{CfQYM8?tn?Q^DL0HHh(KhVqQ(1Y+wr_B
zKkjbj!6+sbHuY(o++3Cm1%J{5Escz}lGH0yFN~|vV^RddzG#aA1i-10W+CXa#4CVO
zg?EAl7S(a&FmMLRO;grH)GNCGqQ>sU8D`r3{Wz!%nF$ye*tHTfPZY;;s9uh6E<mfS
zaCRksfbz4#%AtmJ1Pv*)(+(M3qF2hfO;X@ZMt`%J|Mi_<Daf9r6Oz^jxTXrn7Y!u<
zic3E{Lv*@|z1?2dA#0t+#>#X5{dg|^^|{7XKun&yTl|8Cm7@@31n&nL><7DXTbLHW
z9ONyk)oUa3G;v5tS`rj45ivaq-O7>ImQ{4S`1rW@?b}Mms*WF5!$c97xZ$8&2<20*
zy)lu4F>8n9w;!ZX0(;W+g*X(vwi3vLY#}ag4P>Xf2m6^ymS@?CI}OUWb?eq1oPz+w
zCQuQ2`ueT`xb?$jC5-dtty|eJ48El6uO}HRO3?Q(WP^bfPNQ|BkybP{F#-<|K7Quf
zGwZ0p3z@%i7gOLfh`UXmw(H1aKvS&%ioT6oXM!0rY;7ji8An&wKsc2U<Y|#t#&nvt
zNwBWjDT^jWA5KLddc@KYwdln*Ck+X8ox)7N`mOWNEhriR*paoSt*I}Mc<LaXNDv>6
zrCoNER48^Q(Gd}_fUmt1D*?HuPidcO`(simUs|unCYb^|O$JUSJP!}?)1`irCF>AN
z--UUO)?9mbB%#S%C=!)407rcuYeVj4(qRZejSQZkSRy7F04)^!GvxcfyBQEf!e!J5
zgOC(VDXrBOPuQhhy!Zv$l0Ys~@%$h=1n;$IOdxyV`^_}}n9XQ+;BunH%mHCtNTv%_
z%^>^zfe%RZ(j!Vkz$f?y`UjKYvT@D@{p=-TlODZF$UPb~K>AIzcMF^;QcE#g<OCAO
z<ujM0TYrK93IdsM#caT4Mn>+;%_7aHjKd=%A<A!Iy^5c$=fIP(2ECv?eU<6DP=9c4
z7};AfbQC5$$@y;<fPr90VpJm<2J!91n>Xs%yB3Ij-(ugJ4DhqhYfe1VB>x)bNx66I
z=y|xuC2f!hsWGCa4nLYwFWZABDG+D@x{c=5Yb>~3XJ&d~#uft%8!ap>u$EQC=|)3y
z+{o^Z_&}(%1OA(h>0KgBkii?5(XCLCdO_-e%_F~s9=ialPbLAO+L2ylZEa0WO<mgF
z&JGh5W=1*Cch%ohP&(L2k`9I<XpjyD7M9?+Xk(b|<x5F}OcM-hh>_WFSe)0u;lL~S
zkL%fE1{mKLqYdUZQ_`Rua_+xWU|{)4eo&S+bZ_?#xWy^Y1}8`vr3p$i+AcBj(JPaH
z63Os2N!EGIUp`}PZ2?{99Oy^d`G9R~Y{_6?eT7;m7&UlGZ(rXkl0lZ0CEigr25&$z
z_4-EcMSX-_3#_LE67I7ye-^L^UHtukK$}e@LIPVzkc)UN5n2jm7)h=4Fn(>Ho}7FQ
zXLCc5=O03H!TpF7|Jt_Yc+v#bg2RUG2beLqnL3*sGi0B$y`rLmBymbhOOLki*3rSH
zH-g5sw7g8zOH!TC{{>qd&Qj2T{9ukiqYOZ2u!46*=J*$;fAB~xXr~{jRu*Jzzr%Lm
z3O|a5Lr*CcqLe*2=Uaw`MH;;6_|NUuxVMLv@IIVkWUl?-an{!THU2C>8zrah2{c3T
z1D4evyeOneOkW%YY^dPBSG`gEF-=R@7OU|9uY?2x?79j__Jj+-frjYxkKs>ea3T8e
zuBRuS)XOTe>Y6zJHHkKKR!jh$;6Z_eqEC_r)Q1jYH3=vt&Iz?Vi7TRELcAf3IBA)5
z1~6RgLsir?;u!|KNqzIAz*kf#nJ=EH=<kKLp<nj#TDbKSZP0PEA;Lm@Aa@(d&OjAz
zhTYG7NumMJcK*nZ&b0G0^iR8nuKXU<9Bs{BjZiNMYeELQxA)RU?6^1?Gx!%+#Oo-B
z1RwO4ly%v(OUTJ_;Ls8|p!IVwv*AO<7#5w*hO^i{<Xd2%njU=}!-zb{r6ZVq75U=q
z-iDijU+6FWbee}ul1UFa@Xp~~gwzm24*4IB{g<g>zmO?|kniBkHDIDspS2Xp+$hmX
zke9s)%1maf-~e2E^~#Cm0j<sq`9%goug`TA?!Q65Z55gz_V-RczO}|HVMU&sM)Sx2
zD*ANKTDVx|?*I6Jn<X`h_laaRhm3Hp-k{R^olgXmXyXb7v`zT;m<mO<F<TF-Y&3m*
z=ftCT?snO?wz0RLP3Y$G@$`Le?^S0b71nO9knrc{vWI;4M8jh9OmV#D_Gr=XkiM;P
zeyZO+fq*`RiMKwmN@w=n#~)xQ?mip}NyLA=J`5~9PkFlK3M)gnY{SRmKb;q;sHpHQ
z19vLl_>^U?2>z^shK|7zUL-0Ybzgve-DDBMd>^wxScMu?NMdk6BS`{AGs$x(Yc0!x
z>|6bAH@p($s16wzeATpHaggoWK2tB?dJW+Y90-yiN;AyjL}Z^#%jiATzPfSyfdPRm
zuOO2K(->_;hI#kzj}t3dx(hNSsGqKaO_(WrARTXwP8tdsOcE-bRih@f1eB34S5;O@
zFntgVJo^x`t8~McjCGuDez2yAHEL5ATZTY5Z7Fz2a7c(H7Df&>XW{R9Su(N@w?7uM
z|C0y+_y73u-k+8U*vJO0qx$tn9J-ePsBpKT9}PeewZu6_iYWkDDf0DPTx2kfCGmH$
z`)?lTI}Fy-2w=HCjyDyOk%@+$9*Js-YN8Cse=AfQ3CmrI;8YkM-;Z@(hb6ss{rWcX
z(-gjlU<h1*c^rrapUe2b!pLY@=w{~m5q~v+xzt1~n?}4`9L{()M*a{>I0)F_K9<wM
zZ<yKfd_|9&+cluP5Vx?uCXC#4MD6_Xvku$3Jv}@m0VV8}xUJjpnK0EXU}w5VC*fN@
z2HldwTrE<pu>dzzlO0YCj&qY1q#ws=sIH8=A-#FuXOsW4`x0nbw~-F*9~r3ywz<{m
z_}l4wEejCA$^6T_puVs{g0S{cSjGg1VqLy}y}xFf9)l+sCO^A1tMFGycC~5!({~7k
z5zp@>OmHA9qTE9j9DL~7)eB9Iya_ZOc)>10iV=}JFBML$#nSZ^{psq5I|BOCGdA`S
z|Cf&+FZd;|KEGMu9X8DCH*d}&Gz4*Z@NvE8a8h9G-b<V~&=2H2w*U<Qr%cE2hyN85
z5xIqTH*@O^Sk>Zw+0oGgH>(f_ocst%sq-D2Cm4u)D1V?_E4ZhOoSgMY;Gsxvge3YM
z_rDJYS~ZLpJbFgfGU2B?dLa<iw6w&4ACrL&oGmpdxJcs+qBUXbNqEgP8^&t5|7D7O
z`0yj{K=!LwJpBAYfVD56K-R{HHGuN`zU7LJORlB0z5VlZ<Glzvl0g{k3k(JX#F%*m
z;~W5vl!JoADtI5j7P5eL;+{DlcQ&4=8n9SHSk1i{;D|%MdJmtO*p>w5vpl+>qB2e$
z;63rS6Y2_l`5vHU0-8rgF4!sT(lvm<97;CpCWX1gQfYhkJ?9Q$sDn(|-SoHg2^s0k
zw)uFkaAD-x-WkqVBq;CIaC+VZ|9gqh9Sn+tP*K*K^k2l6T>@1G(DTQ6-ptN!JGw&_
zb{gT$nBzvH@LHZ}S^8=I7d5rG6s`2B6=DXcnBn*WXgOsV@<QM2fyMn88y+a<HX^T5
z*0quB%N&<up6WbWi}O(U<9Fny@TCrC+A3rHB&7f^S4GDB_U9(~cY(*)*Z0Nm!~9y8
z+jY|DhlXlUY`#Io!~l*sCI`?~`U`w>9*SFBbMyk3=Gf=phpGg3TNPUOJW3_zsx0Df
z#o=Ydce>dC0N#&qfQ;G<9H3zAyW1rz3qsu`<=@)cUZS7D9l839wi?M3fM?y)8Gl#)
zl)SI6w}I2<ZpMaviFtqxTwaq@XnMRtLZOIckc1&_()kR<%VW~0VeGQsV4nBkXszBP
zR|;?A+gsNx#t?39>qx{U!iP5t{6sLr3ig%TXm$;SKyh%c-SYAef$i@`Mpg!L`2-~-
zaDfpjK-2perLp)V*~7K)+n-W0ZA<i%yn^s5d>#CJglaKu6`~xIaBn{&M}U@oUr69L
z;!`gWXoU~;&iGQ%nu8EkNelso!vN-B_SV9e?>y&(5j4n_0Z_*P;@AOQ%Mm#E0Lp!7
z>)W6l+!fpNvSthdj4)`+8XCfIKb(Fv@tS!}sbZDl_B-)mjUVA&SKA0nU-*I;<d1?G
zQ`zUchEm6|CHLNZ1g9)tK^ElKc5-_3+virz-#9UAz9Q+P1+oUndu6OG3VQ&8KO!b-
z@h<_D`><e0yA8Tq6ru*>_jQu6TfaOvX3Z;jb`k!G`2CNtqQtswb8~W1G3kp)G+T?0
z)SrV$#-!|dd-*$E$<nX&&^^{>@>Q7m%v-m;xzvC*Kr*76<R&Q&&I^hre>*pXjCW4i
zbgd@8`(U#qd$#gBQVG9A-a^5lpi@Sk^*21eYO?L2rISn2$Ngd@GESNMhu&fd`UeJ5
zT-6x_WRCKO91bV8Gx`MOGy)f}6~p1%H6e^;<!^c$azy7BrMCTauLPEHueL(QhOcA;
zFSy#W0vvQcT1!*&d;U;-Khk-rV72gt<6&X5xE-%|ZDAk(+hFxZQaVxmzu#;gr8wVf
z{^is-B2j1wnp-6-smWBHoy_N_Iy^lio;(i5UE43s%D>ow&nX_CDlb&r65X|3H6@Qf
ziJx1QTVB4?t&wD%Nx8lG@Bvh1JG*Ol@7yWHRnwUWJ>h?-;C&ArFdS$=3e^uQm+(_8
z-(e<T7FK^hbOH*pqQMv%B8`}=Eg|SdMc$cC(Ee%=dBRDl{`QTWHYQ9s*;ZP>7lzZ0
z+ZO}%pUpR^zP6TIMrI4}1gF<znPu^6NVnXnTJ`5j9=K)@1A>c-i*lP&KIEI7OxJeT
z(blU77@(zy&gNyfZ(169YjxX}={C|pYcn%t*BPpx!OuE54S(86;W@d0Z^k|}kdYAk
z+sAEe&(8<Gwh?>`0-CRHBnL6m0`eVCP}tyi{rYN*N&q&$bQwDZZCeY$DfBx;!uo&y
zv|Umy*r%Ui#1QeGq*PCq_{d|j_zcF$^J@!{g;|0F4KhmdVjZ2GRAi<s4ZrAwAFPo=
z0QjAAJ!%@v;w0VFqnLM$X5djHsb~~$HPADdxe)$h(Eei$&D;ZEPyKE>Cf11HKThLE
z2&|w&TA4FU_^kt#@h$s(d*r<r_UNbULD;>D;ujGeU5&&Ey~)E&FUT_luptGIog=c6
zE&jD|-OBGyi5hqWz&`X)BCSxw_wCz9a37_3Wx*DeMGdfvup2n>r$I-_$p;N<%yYEL
zz1VpaBS$2fMCvN)C=Vjk5JSKWgOO0g3k7FAcW_&Z+|p(a=LYqtz_*||h+HNVi9|G0
z#Fy_QDuIg%L>O>OXaK%WcXTWa$k;vS8S!TXSYBAwY_$3u%YjHBu57FChKr5KYe3Tm
zk=Y%3{-z5XnQ8OpI~e!Xysw*o+1iTkCfW?Ps%XxIW)f&39|Dyf0krdYC5~5BXXis8
zVR9Fth+&ONME-MFUOPHDJ%amE-S$<iaB>xd+)C6h0wQtD8cTeAiHnXm$I`yx6}9bJ
z{daym)(T7-`Vxtrj~D$h!@hi~n@UH)v>_K<F}a1|M--@{622>50IB5Mqm}cb3+}OR
zW5#~QuX`yY6##R<8Ymk=F6i+2FT1&Q*;<W4+;jrS^uLmlQpn3w;l{dO<3BXH$rAv-
zYnMMl?hI^fwcwRUjvSFt>xBknA#*<s5QJ7;uqt(rLd=_VVY7&i`Pw$8lV3B{Yj3=q
zGl|Z%4FUKAq7ycH;fIb93l3Fh^C~<4sF#-<E?6(aDBGVWs!y*i{)4gpKQHU^5S3Qa
zQ3+8&*@)fe$c-hmhGxP6e-+0Ami<159wO-(Na|n@s!)I}5|Q&lHjRK!M~tBh8e|;C
z_%5_exGw^6{M@=BEc0w3z%@|JlQRucJ^^((%zP6TI%=!<6M0f{>yTAIjI=bU5tRY@
z9*TouIm1y$fzW08qnFGh-Wr}9wH-OD+ZI{nvo`fr)-9Aln4aYK>mWOx@tOdPhs~Tr
zdt{s8mc>)&N6%h%{ou|S`Y3_L{Z^EqK2+0SG&V?ex?h?@J6=P4TSb1FuRNUjVN*u~
zr^oP4>`M}7BL*211#D~tBaR-}BcNuTop9*Kxb0<E!BB6_WsRfvU$!<RPS56`{R3M;
zqgjR8kXKNko2Hw3cjK{(*I%}_;G5x^@q0(wa?2U-p2&4OHONySkUf3+Y>PnTgR>Gt
z--OqX`}-IqDXoFQflU;0H`w(m-nplK7#}6@|NN*w(!id$iI2|onWhNO<}`IR42;8l
z<xF&2i0g!Ix|`KH0D2viPDU=S2IQC=F)mP6mc)O5bN<d(-|B#<kh|MNJawD~bx!w`
zlnOyfEGJv!jL+H;TipYZGsTa6_)-s@oH(0U%$KTsa)PWjTkJ<04EcgFnS+!I=K2^6
zyp^kHPWpfwE`7rwBr*l%{4*o~oZ+JfBDquX7DrBw{qq*bPL7ecxEI;{&nFZ_HvjVp
zM;vEgSsvjZBuTO(hYte}99bVxYi}(XhcWvnpp+e+6Ggn+k7w&DM%=x;cScIvJmRj?
z-Wll`DFFf36N;;6qy_f7o-jW_{`u{~$!tF6?_X6^RjB}!b<4wpB27oma=!^&xOaH!
zgd$VE{FfG$kc5SkKMV)%za(+;e;$XwrTQoT`-dPSO<GkT(f>TM?-3C8--o3%FEgpM
z|2!%$pqc;Ai<%>~ng4wa!!rT&&VL^UCvbfJePlfT-|K^P1rd}1Jk@Km_;;z^Z2+=J
zEeEM0?BthxE@&Y1#Y;{qB#qSN@$<QH=Godv0feh>A*9oX#sOEB0<+*Ogt<2+zB(YV
zJJAd%m~DfuV^YrW-=8}@eEy8!4~hz^2_|{Kep6DE-=`7_SL02WDt>{F-@I53zyiMj
zh@7}Nbt8-Xx^?R?JVu2f^>Q2!f1ZB^e;F9Un-0^e3OHg{r^3Zv!}kJ5|DuzM;r!ej
z^AUMSfstb7@!0D9gM&97J~R#gV*CZI9sOf<DWYDRHia?X{`aR<kMi&`r&a>fiWvS9
zm6D2pX3T)xKPCncj{K;vfI0-52tOB4f?9;E)>8?6SF{2$ngu@<RI(aU2fq7mQPJCg
zG?x*pz^FX=4L1szfQDYZlb8o*BpVUCS@<)t$>ibPQM?m+8<uH$tUU&pfr*7hm4tVE
zd~R~e-$PUZa$cBR3l5nPn7ih^J!Ob@M!Z)+bShI4x}p_GF=_RL(89>Px99xbCz%K!
z5ULNY9JCs0{0%IP1>WJ!#qHSmWX=e@93o?yS<wLsC<n^7UslP=J*W|%;U*#xRtH0S
zKlE;*kwBLN&F%mGy$V7stsj^RW;8`cwFLirY^-A$Lv;I~gdE28+-g9r-UT@YSt@js
zcPI&GIbInF6Fv&(118&6Y?E!kwn#cuc6W2-9q2=DCJr-#m~;J8Lcje$BoT(JKSX2k
zE0CYN>EDO(2?*^&ANO_-pk$Jj!fNXR(#Sc2U`HdBsIV~1qpPb+!UFg{uqOQA6tTK_
zx9}aqjKiIut(Quct1E+<+@WC2BYx`!noouj1k8)QGB2a0*nl|JB`799%wS|^4}E_I
zFg6-~ums!|HZW}bS^)TruxY`U*vujb_PFHh-|YAx4ImbDA896N+Lb`jAAokWfCjPi
z)GVig{$Gu}Vfs(C34a?VV;#<jAEw<8b>NKG3bqo0D_hOX%+Sok0bRD$z`WLi-&+cG
zB~3eN6+B!F)hT%WdcRvO4ib11C?JJ|Z$YnQoTp}I2cbsb*sd~+@Wz%w%}0FsFq$$t
z{lTl*$eCC|{(k#b7JmgK!1U(I81{E6R2?E*V4MzVgW%B65Bhwdx;VOwTehe{ULYS0
zg_eTij2SWwxcS-8Y!KMP*2#AMY0$rfK95uC;NtQa7?Wh4U?1R=spF~pT}E3)Oc6}}
z=h0!hM@i@C1Hk>SEE>m-VSpnFp6ihDEG}FxO*ep!MR033z+Wf^UA#X0bvhCCpaF9l
zkwS*I{r#z-E5L-JLmCA?uo@8_ZlT`+EP_+f;ZXZ32k8_CN5`Gg($Xz|fW8q%9Fn~t
zsi44#pQSLd#~^jrm*sayGXJgoM#`j85JZ8CfRoq{TM1ca=$eF&3K&09+W@6cSxxOm
zxE`#Klx&-xkN1#9M4F{1fYpq08YbmlQ+2qZS+d{1ox&$R*za@$M#bPl7Xlhk2H<Z+
z4;?_XVLx6zh41XNFnylLV;_(c`OjlO{X~3fWitp9&NW*?J9G;~=G7og+PsQ`YR6WC
zpOQL^&4^O75vP|!!7COqrp;_@r=I3E;PUWKR77jSFWi*mgytW?j}Y|XC=+suUHA!b
z-|EUBPRTdqLmiykej!E|92Q2@2gswBk#mETaRgpF2Et*T2O!u3Fm)6HYUr+F!d<|u
zw;VD3@6pzkK?C3&$4>`aL-48|0%?kfi+c}U{UiDPv|G3dIo2q07{L65pTQ)Qab+gU
zw-JO>DMua?!;iHR>H+TN|1aj=1T5!uZ~Kq6u$FO|$5_aac?wZ7lPOK4(Uho&k|v2|
zj!;sFlF~d#lV~ukN`+|DpiF7fpd?9pKUeJMdG`D4_xb;y<9MIrcsusq%eK1j`*;6-
z*YzFF^ZcF{5PJ+`>?TdtyOIv~n715p2<SC0o3b;1#;b}uCxIH?g7`{^K?!=qj$H@L
z=M(eLAh8;l{IaM0D6)Lp4emx3O9o1)r_&>2rcCJ9h1KxR>+HNcC3k*iZto8_!!#zi
zICWoG*S~My4)Y0>zb{jXWvTz(ty>9L)|4C-=M03jXAm7-fwT_yUL-x!Vx>ZF=^YhD
zBNCNbR=xYYR<F18feM2g9!tlrIBB+f_citn!N|vZk)sh^gqSFRx6#V*{P|p$OJ85T
z!COrX4MBa5FQ4*m5JkF}G9kw}b^k{xvZ5zBMosJ+Lh>ldW7=Yfe#{tOr|ye>Uj2%J
ztF8L||1D3PH_+^klKkt(MJ&JMb>w<s-#ZpHPel|WMj-c1Y9t_H7nfII4a|3h_D!su
zO?h-|;@*p1oUvelnbc_Q&70qtpY4AG;JEjI0o(V-=T)XFF|I-zC4pj0OTC!IZraiv
zaN-RO-MGD7`E)uV27w<VK)fVxGgAWQRMg7P8h-A&<+>}zrb?!44toY{5|}o3_Uu>8
zkJ5A^hCjM18tkX*klE(|^ftWoK`;+FOJwSQ=ViuYbQ~b=uPUBCI~tQf4>}6Y)n&5;
z+Kj(bQce;#Bt-X1p6j9$`j5>;ZCL0iLg2oAQQ0LgN%T~vrX{IB(eLJL1KL-Y1eu{d
z{bR@wV|CNo{FxZ{AXvP+%gX5O?Y@c6j}a@u9VOr)OJWjogwU#>;O?`jY5{7$6XM3H
z`JEeoj0W}=<H~%FM%kU8PgZJ{s$!=<qqjld;UIQ`*aZNx;3wR=;a?@*-R6UkF{?KL
zJd1fz*2FfbGQ4x^;DeMyv}KE|N+q#6TTMAY8|?#og?QM3l`pcu(z8PyQqZ5pC~J}F
zN{IkqqY?-0AU8xAE`ejT0Jy<rmvBj!2xAb+Qd6fo!d_3qEEl;pLu8_DW>1?T_xMqe
zY}UHFZzrhFYN&JfW|1L4td>x=_=DyWKzvC3F{uKE1xYw3W|*iXNGu;~YyafUp+w!0
zC<x+^jarVpkX<h3k9m>;LK0O4s-iI6Vi5#TO#a7$=217hGz0>*)pu)5vFRn<B|(?B
z6W$vn==b1bB8nj&m`d>pN<el788sGU3*H${EJ9{BgcMzZkb#c-EVTxt1+;Xz`4$a+
znO#MW$V8(?$P!v+tY9Ch=4_oNWKFR{a-X~XLkkcaYe~v&hp5Gir8(<#vj<8vBIa-y
z$+2HzCY4#WvwVNaK*I8!<1#;uun`jI6$Bf?Xf?Fzslnen{tTd-JDhUX6tZR!cgEI!
zp~^BO`#Ox8IWx!U(xn|>-RDOE+}$Fpt|SId<iFua^E7B_4a&0vT}Mryp1GNDhND6l
zT<ivlr->|K7o2c4!7;byG5nv%FBI*sU!6wSpV;qIB9Pz49r+Rd`T$$}-_43jO3|24
z6x8Jzcx;%^@09vZbMRqPs89Z7m;k<9P)=*`Z$?Q=r@SdGHOPy#3K#Fn&DOVieYC%6
z<Xw2IQ+dWwkTf|N+`%;XVewg}OyI5rUN&hOipun59gx=sl=+)tcEA3s<idL0u-LlP
z@k_hHDqUpGz3{gCmD}u_?IJ)!_-QZ;WFr2|r1s-!h)PykTYp`hcuuv{C^T*xo`6x`
zzBkvn5G4lYS|c(`!**Z-3EKr|V*@KwAD7}NE_~&xRi|%IGA7AW4tpi0r>Fbbfatq0
z=aFy9;!dNDo(Mu2g?Iv&V(R$~6I=ol^wBAo5V>3^nA>h1!2kW##hF89*#nalEfqmh
zqsXR4{#2q$t(k3HX^A!7amGz$US~VY9q>9Zdc=}NwyV9r_<Niz9Qq@51bxbME}g5v
z(uQgl#O1|Rqunjv{7&Q$3O7P2^xXhxu8!RXEml$KCED?)JCQ4)^rhPo+i6h``M<$B
zdk9$*xg;%n-P04%#JfKR40uH7kq9zOgTVr38Ejr^yuA*I4~t?Es9rl!{(=-dk&zcJ
z<bYPRI{tXE0z{3iD0nnIUG6ZB8Ax}rk@mm>VnC*UczF208QafI9aOIg6aow}Xk;<;
z{Zm*1hlb`|IYg&5;Eg-7{CYCaJT)Zy;lsmd3P24=t77XVZC5(TlNi|etf0V+$AV!^
z=X+>@QkZJOqTxCaKI)8+d!HGbF9+DC5@l@f4DTP#16!zbN@h=g?`x&`mrF+}0ED2v
z33-+)4qXsGF*{Q0B|kuv`0&nF@n<ob;MsmLo^}cO$qb)&-!m1?>;I?-`@G<6gOLa#
zChyf^|0f9<uRbobNqZ>F#2jzr6SvBEU2Uc+a<A4I2UD${M>}VftWWygpT^h(4Ta7D
zh9*FU#N?eN%w*86O2PS=Xjc;Zgceh953HUN_zz0dNyYW12hu1&1i=ArM!6mx@Pu_{
zitTQE>vx-1hSOw9-StdT%@*t$U2UXOBSMFC*{t?rs>^t0@lBndnLg}HFMEqAj48;C
z{JovrKNpaJ`$k74vEA^c*mWZqE%`I}0JuuWQVo%?(_2d4k08biXOx^Hb~<RXlG@7A
z(!po;Q=d`RPoj|j$UK>H__oz3O)S!;e#^v-P3U)^*dGu8+1-Il4d=|Ay9MrsiksCq
zYXZoeB7E-Y$lpREdBg?%EEc3UG`PD~qA|Du20qLD%+JKzXO*gZ%|<2phCYZuAngvb
zq3HJ?lUvG>;_{c|qdhRtLYoZY&)S=?R|^S~cKrTJRGhaAv&XqxS4bb!G7N;}7ViN6
z21=^9a-|UPu1ggCJIow(d?_T&(fCORg@gcEs3@@oeGO<EG|z(KJhtUCa@EDPAQo_R
znj7;V08dd5wfZbeYhho(n#;2(A?5GU6mDyXq2Upuj=~QBz>WK3CK*kEvUDLB#(COU
z#I_PF_D2^c#BazwRlxQc;Qv*rgM98$Tix$pD<@ae<t@}}a}eWpyz@EoM)JeSG431R
zJ#rM+LU-g&p(#9xY0{U_?F*h9i7L44Ik3IbyWOuvBKj(4@B->(D=$mBb0|8)1s@T<
zp8-K!yak&s@Vq`XWg7(!WGkezVH%xncM3)xq3js8yopJTwyL3tH#bkN<x?gmmPnHG
z1raUMwMiZm(WNV1YzU;M6tx7k0HpaET8iL#7EI{SN!C%RPshW5OJmg#CAp8k*2LC#
zueD1kA+_uP8KG&3zj5SE!<z%O_d5Y+zXl6TH`85^ZobLGmElN$1)Z|WpY}+Og~k)2
zolZJ#M$Xe#hM!EN|6h)96vk2d)3%ZN*&rU5U=YafKKq;M=wGQzzR(vp!8zB-kC`yx
zG)oBR!Q9O&Zf*<Yy~yjp0sS<5W_+6Nc=ynMLJNI++HbyaMdxfuE5<yRnF`xd5t6w1
zH7bY>XO0PPKY;fDr<2joNhM_zIEu%A1{)Qh?W+A87aGDn&{JJ!IEhMhaOM*|1PJ@n
zn!kQkVfv$BNXg5IQ>L6FBZ)mj5Le51{c{sI|4ylEPJ!frIK*}DfE!Mf7)U_$VgA=$
zSU>IKXCqWb5&{Q;vDk`Vb0M>EqlR4g@%l$sSF5@&c^6Vk5tRW#1URntZ|z0lb3jYS
zyQvfxmaI2XFs_*M6UB6#>jdy=ntM}Y0;$kp-Os;{>7cnN%-N>&s)Z&0T`{Mt<Fxxp
zNgZ!r)`$oT6RHw^nW9hcf#Xk1u27a%{U7M(;vk=%_BRTtE2;6N%cm@^-cA>OFWd2C
zt=-7JR5VMN!C5h3(obk(uH(|N_K$QJ1nS5-7yJq;bRqRyF-PhjzjCJSS4tS<P#f{{
zbKdn6)TPByDppspa5Dx;FYNsX9&0fJ2-o{@rr+Y9?{M8qM*M~95BdT+xJ<nIA3y(Z
zg10JCsJ0bB;JJluKi(JH5a%Vr#9HX7qHhGVMqby{;2xWNDz=)U6_rst@Gb+KYiF5%
zCs8@n|L8JOM+i{6v#=o%Eiu*EbHpdieLo?{pMJ}-eUO}dT<})8R#a5RA-@vzZN(fv
zvzQ&y<?4m+PwdXzwa!0)SH!B7Q4#CO3Ru4j*vLM1*FWK`uYI02e*C!U-obWDhPt*b
z)8#unfyI{(w`J4{!LuVNBpgm1yNfg69cR{uXkP-ka3ZtTG~vXv6-0%}dq+~ZyI@7h
zoqaXpZ|fTv^#59jVl@Ni+-*&K-<kdRT)sCr(`2X5AteZ488wrj6{B@4%xVH7+gp((
zUA!gQ^lX>Fu>})OerdZU-k+3Nv+w#5(5n+#4~SZgkQ}P*)dLj9U+3;jQcsh+4Js+9
z8ss&Cy%us96equ&PjUABKnNrX^Z@M=g(@!V85eb9p{5{pw>h`4&A4+%Kgxpr3b_;j
zPX<1~ppV;zbm`oAGq4G2d{DC_o)XoKNk~+(!{B5>i$HuyZ0`Z`tlrQ+4QBTwl>+c&
zAkW0C-~qkLY^ypcVXMttkt>Xp=-Xj<yPO_{W~aZd<?!`$3Afweaw*Fw@wS}q`~-S^
z#E8ET^JKs)3v>+0o_T>Ajt?~6Rw0RLX{RtS=_L#y0@ekmvMf+G#_W;AOov9jmd>)>
zZqhJDe2NsG_#q%1kGNOao)bhw{XmyLee0t?_^|rF9p9odk^1w`gM8XFbpK2wbS*5b
znFGo!^6lH(dB#3O{13$m!w%A03fbu#i|SP%JHS>+jUts%g5&EZpMFBCZ3oB96-!^`
zSJWj|xbx@X(EITvmxvN{02yF3#Av!KPeQ<IoF}xKxY@oE7GN719}4$cD%}h^(gTc?
z2EMtaF#$&j7n|ys<0Qbk94!;k7E<UrOhZK?WP{&I6<Y5X7kfY)4>szJMHIm9N)*td
zVM9ChC%M!rUw}!JZL{Vnp%X;<aEobYfE}aLbsPaS-0pkR7+i5=SGr6<6M78y5Sd~P
zWD`m#mSGz^{5f*uVTLz_kixeG@=geIrobQz6}-?+q-?#j%LWXcK-kf$!W1xq@?1i$
zvCs^^0aTukM6FL_+)fypaClU_<HiEmK2amTd?{aC{5rpK1>c{6cmdH1H52;c={qvK
z_ovTgf#DcyK*b|8YXXC{v1xYut~1xX;%^{Uhb?02fnr6j_TDe_$8|JPLa~U!*=o>6
z%HXAWXhC|S(<P29A=cD8sJ2C@>Pdnv>(dk9O8fV#WKd4OS_!1hul#Z^DQWcjCZRq9
z!WKgh?$|qvI?1<4Tpb;0?c?d`!rO=D1z;k2oDU*BQznjxFek`|;%1<3K@FTXww_W<
z*<WRp1jJ4`{t2`R9YRJw1)5!kyn#GDjuQ_aS#+)?;h&x(5uoP(fa;8rP<Yj$Lv42u
z(jDIMDAgKl!i=RECH+rPT>@jy1{jbK3hnoN?R2v$b{W{cGa#ZsR6v~>u8-Sf13o6#
z{2_eZ%Vh`AUKB1LVDh6X8uWW2o44-8ma}~=t0Qw8{&SC2f~?W%X&_4p+?FLW@ZR#W
zmmg~KnL&Ye71W6Y&eXmXvl5G!Ez68H(E~_0diAO#P|ni^H??5R3%>5wsTIvXPWjW<
zE3z^lF+yc5^U|}Z-k#LA9BlW?Z{53Zqxuz{M($Lkf>_d|U;-mV&I9BurwETL(Uhg4
zSy4r-u`sdEuwhCN;oS0>@pCyqY3hx>A-m*EgBd$!)ksmU{LLNYUO((sFxBk|dWV4?
zkTxq}H$VyL)6Q^*7>i!Ma^+jTb5hRdisEp9Q<#QHQ(Wlw!YI^HIj|vrp@Ox_Ujw91
zq)m@Q>%{$>^_CLNfPRtMLeLn9(-HxoWA>K!Vov88J#`0nn=13f<m7MwG?v8n{iPp1
ztfF-S)|%;L1%9%XWFv?ew8SK~)mS3%kY=^qy}W9)5c#pPg&0|(<x_83!Va&fOR;r#
zBEJm1eP_*^$js`{;8OI%Q+?LVf^I@CQ&_mVts-)qwg9r&aRe4RV$1#Bz57$M$D{+0
zlxgTQwcT7Oe+T`ZM0?R2xdy8+4<$p$k?TN$ct%XPSp|^T_qO9o4onjCBsR)ZoD65x
zp&8mT?Gh%83RJaWhRJVMTo^|aY<PNT5c(1*H3ROJ2vx*~=^$@cu3jBDYnOJsszbey
z<q74Esp&Lu0R1dKWvf)w2yZ@oc#K-j)Ik@G$D7sB7V>=L2;{J>Ej4yof$MuPg)!9X
zUC$_!;-`mx>10VP4Gs_lynvt}0p7`eCI^-_g@7@~HWt|=o%owD>AN<;hzj;1C@qY}
zy~M=Ci`T1vba(>G+NH4!7Z;k4K=rD&f)J)%I(@{5=s%%`5K!~>i2}4E<<(E@KVZOe
z)|qgN`S_AKf6KQHvxLcY|4G`f(5i^10?aWx7t5=7w)!a|tk54H`0~0FfV1I{P%^Wa
zJ7Z3boBlrE(i@QsLkl0l{+t{g5u&dP*%8)30Eo0e$;_9+qO@PXY-2n$V$$VfxdEIB
z(o>anLt+soM=T<+REHx5)H>q46&~pQ&0#_%e%{?(cjFMy<_P0Fr&e-;D7rg@C=ck<
zM_3H}6E{*)8HMTHG{!RyJhX8XMmkUt^IATsZu#Xh75_)NEcTf^PmuflzxS!rXD(~<
zB_WFW9%?=mC7p@B%*OPsu(0J3fo6?nW-oU+BcV3E(D;!<Bq*+v-cSEg!ZwLg#`_%E
zCk>)C1zc)JPS8L$#-!a57wLTw?x#e`rolf8+6w0^Z>B;8Ud&i+>A=<NfiEzodtmpy
zei+(Qkx@)n*X*R_fTU(h<f4!zqp#W$j4QboUuOw@KK^Pr4>-`Y^qqZu>M~k0ikS2Z
zmMd1T*5^87a!x+}2-<av63^=i3ZyN$uXrGtNUS6nmv}(BTSb5p!CPo%L6CACZg5pW
z5X;5oPsK>ZU$6_zaa{wBLDzYfNwUf)3*7H2&wP8FPJQKWw5(E8Wbi9G7A=3<)z#Jt
zlNeV1U+hwLqTz>rElRL<ZvgWikj}Y#8AMq?wUY~5LI7T|K|MsO8C*H$L3TsmhYubI
z11#Q7pN{sY?&Fbpo<Io|I}L9-WpCdeRhIXWkv*mFR%ac^p`vid2XnLAfy<yc<hk+d
zg2wJvdlmWbgwdl&m+Q;V%#92^S*VzmzIa!U1{udUz6aKQ-9at<NYZb1Yd>e?;;go_
zp`oGbDT{B<k%{?97`+h3dGh0!A;M43se;fGJvnM0p5%Vj($AH-XT|osIN}FS?3l6e
zuH2~;g@;03THYA@60`#LCT49Z;7n=WT5RjZPwG&ldTsA3{^!3VVsYFY!FV5u`UnC!
zI{0-S7KncFBEe5gZR*nXmdrqu3ap(XlyO_9?!IfqszOB|HaJx*cJ%&_3dVM66h^O$
z7r*lmavJHSLd{Ixc~6OnQYp^+VY^qXj;)BpqScP0%47$M2{4W`SnRmLfCa#DeJw7P
zDKQ;!(m}Mryj`b_<Ra*xT9?X%C<mw8N<a2RVxn3GuISGC0KX_rbC<8%kcQ#J+A1*I
z!R{UyWQT{>Pt2~NXCPFQe2}Vptu-$h1E8Z-P}v$h9@oI-`J(y)V^9mx9*7!FH~>a`
zzcSPQ?YtlDud|fst?W}M)fhJ2#^IzwI02E_tAGDwm`Pde)(B$;s0g!yHuOHomibuR
z`rQ?D4Vw~IZF5HRKHl#%Oy~<&jqVNlo75+t`32DnGoc|%xdvh-4dz8Xa2^;0)um-+
zaJ1is@X_E<GnsSb<U1GYnA&`!P>eOwAV6rjg!?Q54xEOtlA@?SxD_HnkdY*d!!#Y4
zA~4o0_&;+*TQ{@)ssF(1+TyS94rWUVl?D|pqd`JH4OZ(1=Px=$5thY>5ajTF&aT56
zs*lDzQh<TG)iI&_A28tJ_$c&y*#8+6DhZhd6GdIcxH8lt;e_$vzi4QuVlBcfv=W)i
z5*`2|Z8&3J1Rfef;Y9;jA#x(gV!*wM<_M~8#xLhzonwyomKY~OTPv)TCEzTDUj7j+
z*OW`EU@_b<1S_4BOG@A-2)iwq86*tC>i3F*ojXLvGqS3LlarHxJzj836sU6Sx4JX|
z#^=VZ|FNcWGn@^2I&QuNh69cvX8nj-GER$$RIl#V#EV&TG0`UsUx}27px{qYrL0C+
zS(nv7Sy@La2&YYC)<~#?9p17Fnc=+1?Rbl%hulcq7Mc>$^;yV=U&KS@#Dc+4d=G^K
z5^>`BXX=y`p0Y5~KwLtqDA7s)#D*jgnnWBl29Nd-)9);6-k;NIu8?1PN=oh=(n_86
zv93<YW@nfbU4g|H4#Hwmf#mg+p<&CKxJC&f2L`y_2Hho2)nMs2-6^U1@WB%B&f#5I
zB)eWPSP}!6X_DaCagy5=9&Igx^{J5ed~`D8z15qOW4@4>k(6!@d45bluzY0$W~&5^
zAPN;y`$4xmN@B1|Ok>fpo@V}tr~LlTamqw78NwBU3f>3Jb9gJnS_n?X_hG!^Sa(T#
zigxM>;iD$(i0&=7EF$dT*y0jhWPOTufqKgNrHyd+9x=jnqS&ar&a-Lyk)CO@y3I!l
z)K-2>)@2m`GQK^vl<vw1H0emMR2KeIn;?Z|M{pm>SR)Hf!lA&-t9+-kFe7Mfd}xNC
zH?Q5h4H8NHEqHoxKmm!eq%e{&if`z@^y%`u|4zu9-a;%W@%MF~HV>L}I#ywFa&q{>
zih548X4EGoT8#~<1utF*&lzrdXUS%^u7D@f<r{|}3@$y?Y3Ma(x{~(rjp%dQ&!<nl
z&8!2Q<E)o!SP7>M9{%8024;rZ?%yxQ?U9#owkP}FrE(Tf$|Pv}Sx?Pj{d-+RgN@&|
zJ-r*UtVaM#18494Q*e|BqlEUBPHRNWkF8*8@l0%m0;zfP+=W^@zn0;JOQd?Lef?F6
zEx!Db@g_?ShIMG@fRQG>z*F_~NHK*i9DM}rLjMNGn6OJ54N{W9`II9ZnM`HVA;)e!
z|4Nod<YOMS!553Ck-BpiW&%<WcfQk^$?YjLZh8O_{rJNCSVucuy-gQat#2)rHSpfD
zaAAA4B#=M{ZVA>CxV7A_j%odN<<ccZ6wqJ{?6()Q4^S(#ul$i>Q_czjXtW|RXFGhA
zXdcZTqngF^et)`X)u_kB!lVr<ym^&o{sQPeIOQ>*CQ<gt<kxz*xg!P=^v&DwJmdGo
zeYL=KPx4pZm8J!lk>l{q_ll7`;-2T<fh)rzBW0Gh(;b{3Q(}^%(6)l;`JyWdDUs@7
z9MGQ~mD%**R}Oc%-(_;Fg!a{KIvB@iT_X*l>V9?1t@sD@+h=jB$->3&W|qGQ8%dwE
zk-2lAaPIo)zcKO|CSV6DYYA}xQ_Rz<=U$!oYEx!@{{oxQWr(>r;QH+kzzk+M#%Jln
z>~|%!_F~=<JWklv3n3S2j94JdwF!t6!x<Gu&5Uj#E7U)f%z0$D_cu)wh#es%#%Fe`
zs;HznD2!K^P$!E%LU{BeXCC>T+VdRNLV3pVo0_-};e?*RP@zwz+YxJWi<t|hKraH-
zs=?$C4~IJ5c!p0%`o*b-=|B5l{1W%vcHAQZgg6#Uf+3*SRJ*fuI?d-B64u@jfJOnW
zz#^fF(;t$M_jB)CjA`5ZVs?Q8T+<PzZpX8o22ohcNHA^G7b7&GK>EmJn;G?=_Fy|9
zZx{M`@<t}0*}N~WexXCJ-wBi0gPt1D@%JuW($st0L)EmJBlg1Xng#Cfg-yA{pAw3T
z7pScZ#!7?!rf7<j0YUxgbo0;Fg4>!~6RY~_BUY_<_En`Kffy)jDn(;8_T~p#bkUOm
zjS8FM>ue;Ee`3x|)`~g}f(Y>*R_T(Sn!1?*El7&|3ZoqyZUi<cSWYBER|U4hiQ59I
zK@V_A&dM~T4k&ch)j1a+&CiKo*u2}TS?!#dKtbgp1e;XHnq>_WFy*=gPf4ltYsZcm
zpu+;(p`G%q{y{SoUNwg2zu|rO+_xqFEWKXBP{?^Qd>C?4?cy;A(*O8F`1ey7Ec|`R
z`u*ftfA$cXkBET%3mVIJp*C0f_Mgh(6NSBC(SUV1G-2Y+Rr~gR-g&z0^R3S{ra6UU
zM6t^F@}Zgf{6lNAfk867jEUixcXu7D&$sOb=f0w3e>8FYSVgWpa#~zU@?ewLJ*p)a
zR{iMWZ_S4#X{$W>pZ`x`x2XfVLZ|Kv+FszT)~4^a&th<q8hnrt)q|H)!L|E?*->WK
zR?fcDiXDd-^pGHNiBmRj4=M#ASTSwJk84+HQ=Chyh;kM!6K;8QW*9z<l2nNoipaft
zf4zsK3p85-sA3sX4#i`m+wzu5zz^U*6^ByR-MIB3r-?iGaf+AzlP0-`1gu>u{GRY5
zRXoPou>7bP{&;x+=}<@rerkZl$<RUrET}$&gf1W`@3fXNmc`|Y={xGDDHQf#Iub(u
zOKBk{m(b{xXx2|56N>r`ttkD#-=fF?0Uf|PMs6jt7wqgn2>?R({dI~G^pt);azCXm
ze)nGdcnH<|!~<LI_|@*iORK$4a=*8J%sn~s*w9~lE_UkWndQ7L#IsOKCQ(hrDMKY-
z)S}h?lm7|`>offJif&W0*X~rwp1FCu&7Sg!SGQMQ_8&g=$hpNMhL4d=P^dEtdGyMA
z;j_{$!6Bnc!xd~28oz%CFPm#)7v<{e>TdOZpkf9H*)1Icw+EN@3Aie?pa2o4Lk5Y^
zEQ@74%@%$|^XA4wpa$b38TVZ3rHuRda~`w|XxL6H-I(v`+`W6$=)t3Qu+tDexFaZw
z1e?N~dILJQ40wROh>>g=g>|~MZY-l*I!>RMJJpO<SgFDS-AkjeaM)l8ek_NaTl=eo
z+!RKV{=#k`sMn|!Ws$kMpcDaQ;fuki^Ne#4(DfNIWC9Jyg$WzP>z$-n%#Sc%qqtW+
z*=tmvKmNFep4k@9(wt@zJ;F2TORGk6@S`8~uIcXGYd^k8R0o8($^kARd*;lZJ$CqT
z&)s;P@pJa~UiK0PM<@qrOuZnjx|HrNZ=TYcHS4&7fc2s7Z&8?N#N4@~X*Y9_gXz9~
zPot`u_AT|Anw$;}Gc(ZzeeKFw;(cCCK7M3`#I@y29W&&!5+*@2DqV8Okgd}$nd&H(
zefSUrOI4Xp4xU49XC-U<g^{WKg`iY(jCcpRNz2E!ml%2x!nu+p%8~ZU2<E}me7OTF
zoNxg1qZ?9G$%!hVI%fQS9S->UXm>cF$&>mGT5lm4H;YFZ$zfcwvuBsVvX9T2t#oDf
za0`pZg~7eW#|-T+)u)|Ak5$MYWUwPOuP)qxOfH*G9Hk#O>mvhn;sT|l$BtbNgEVN$
z#)FjGKBTX)^71+a>$SUg-z>6i)QL1H)<tTQNuo0|-Wk81X}@#6z6PE-zl%>fd+I@p
z!W0RKIw4JaZ}nvRjB(SZWqdUgk88+~AOwv=^ht0*)XSxs=_I)DmTz=|FNQpvNNQ6i
zp{j>%PQ2^Vf%iI?Fk&5dX15y~uaea<zJfRAj(aXy*i+(Q!CnqCMH44oF=ePCl*put
zKg7S4lMr9?_G-i!_H&Lb%i)<cum&q2mzGF&<`)h&pWuN>jGaM9Q?DtCi`<&xbiKRy
zynD6_d1Hw_cMuWZ)Z|YRma80DrV>X}H-|mi9QKdD8+d9CuQ#Nyc*bD9{hY3^!ZuAA
zAf-R5U$>5jT_$W8aVqgT8MObNt-OUq=U>KiL2W-TPWQE!_+AGnjAO_8tW6SU<%k%H
z8^-s((Hg8KN@=7|Yq#zZzdlww=*LHIobqVn6hD@g=G}e4=xyxhNQpN)dV=?oxc00Y
zlF-F`ABozFBRqfO<3!^%1LHpVhAh>8eB&c+-?&fE3cifQ_d%A&#SQ2q)te7Gn9z}p
z@Z-mLsrdfl=in2uCfj~)4*Y$|k3UJw94S6Q{M_3n?sD7Di__xG+kV{I?w0uD#_9jP
zH?_Qm#$;{Q@K^0{o7k*;T)fAtdBgcQ%Z;F*0hDbCeh+WvF*Snc$PHvf+nLF~i~vfi
zoN~ypI6jVMd5fw%YfFuO05gs8<f~%URiH3n;kokJ$`^564WiJfL{5*TS_TNkg)3Kr
zKvT<65H69#-H63;kZ)7yL*hW(aFlA)6H3nza_$aiK{i-hTHeNFp~EOCDGdcE<jXRS
zBNPb;m*s7uFju*T4xtRSZw7_lFiX9mOCg=sgZYh8>~~5mRjXH1`*^<uT~Ksd;W{aJ
zjJxGRmYTB^J<)1XXn=Oit<?>jRkN1<GXIWwAVVQvO558l2hm$`W5tDx-b!-A58uB=
zuza+28e+9|_Givas;Ct=tFRLf<W+Y(dNSBrGDxmlz_kZW+j@do#-Ln>rC!L1&eafO
zYI4~Us7!89Yl%Q^v2)h+>EUbN*l7@!%GoA{S$>XE(xXO|C^hD_t^05OHeE7y#h8}7
zd-duXd~LwOqn%Cn?say)u(-aVL7lB_98gNU3eb(S4k>AUJYYcAW9^I05}4Fb2BT4f
zcEin}1AkoQ!~wFwIMR+d)18aH*D{|4XS!*|Aa&n0l20y8UxxbbQB-0CIrVG0-FGkO
z$WrSX5^WY*eWGyy-9SagjZ-K%pA0F%+FAyN^@)dq9$i2tvYkJ}^MZ(xfz*Z&ac-Ep
zY?+wA@IM+(9q^J2=IQ(P?mbf4sEaXAlFh_E^hGXK36YW043#Uh?eT!f9hpm6HTI`Z
zKkoOC`_Vvr@<Rp0XySQ{5KMDtzU3G3Teh;X38duD$I?J5#ds!4!&$kDGcb3#4grv|
zaY`A<lLO=(r9{XCEjcFz@Uqe*zR3qp*`F4+9PBW<NP%b^te2omy<z<^vHyk3mjh_R
zo4$Sx;5M*Ook-$T@RJqiSk_+CwQDgKZwCcs@8Iwx{N?2MFAHfU^LiymBT-oC^a)PU
zkN0-ERn)_>IY5n$5L|l$zh41gK|AM-3!0(|YEDcJuH%QZor(yD*6XzYL0sEXXbAki
zb7_RJYPn9_@h6#T;;wLJ_AU#=0c;zk)-TBlGr*FK)0_9vyk4HY=Q^9rS8Ns1OHQe4
z?iKd&b+IKV)dSE68FKdgJe(e?^1_#iJAfU79}n!AW<2{(B;3<Wy(mqBJaYY%g;_n7
zfML9?2r;!~A`CR)p79LjSs;py#IGB+ZS&#j&A{<UyQZ8cExPN8y0Np<7pG6e@+ufD
z^C!eJ0EXK%V=co(2ocA&0vzT*B7G8)pj7MiF9{ueB_)HY<TtEOQ&d42%Z)}M|69!M
z+uMPkC}ZmAkXKN_GTC(=k}a53yd8}~j!kR5N9&`^OjU#d&(U5Bf8ff<!u$x037voc
z-SO_-yEHyQV4}j6jKLfg(wbVr0b6xQ++})aCFlCIWq0`fzC(vjQpDKPts$N2;5qnW
z1mociHN|=qRjE<E@PN`LAlTd6vvFN#Fl1#5CMDtn*W^W8Gj__9wc?emZgJEwk83sB
z@GOiT>WrhIQVlUsHaCA+wQH0lZUG_46HA&Vh;ud3$?be`a{+LJ_;yk|D3=1(dj2Ku
z0WGYO6B%}tcwltut{e%1^I}%Kt&OM!kqxM@g9srP473O$nZ#7?<V3`}mG$vg6E}-n
za>3m_1l9R=_CHL;%^ho~k=tqxaF{;*`uV`0wg7|WKo4^dLWpPO6ctWV<V5-U$J6tY
zDqK)-mZ7V%`uvLs7hWeta6XDU7JMm4!R^VmIQZRZZcm7VPs3Uw#M6%7AM?~*J`e&&
z5!Okag%DysS5~(ChO6$a??Za_^u*UgYxH?V1hp3ccPUaQDuN<8Vddh_&XCzv_~Pq4
z1w})I=ji4~DWZFS1|_T?rm+_vG|74UHR!ulv29dG3KaJ_--u!Ovq6nHEL)H=XDKUd
z>v6+}-_I{D%$M8u;UZaSBm<p*4Ji*FF5+%vQ5on@86Yw=CUzxdMzqlYT&^`57T8+z
z3u^oYlHtAFHRIzK#X(N+){f5R_fEOFxpAc<U^FSo7gO@7@xUTc!}CTPnzLbGiE%4v
zXJeuY@bzPOd|vU3Y9H#HX_r<_8{{C?0r$quAWutihu8D5(&MFbfm!vpZXL@}$N(Ns
z%{l}*M;c}%CNAL)kt=ff=4QrM=k0!lC0oOK2TrNMvc{1IfJDgna&M=sa08`*T|3Hb
ze>T74;RVnkuFtotA<1}$7eVHs8SI<9qFJKqdi8PRgbMz#2~fnBT%l!$7Jb@)t~_98
zsCs`gaOrJdqK!3R?B0e7^`l3RrW6<Jp}olYHDe<3$|DWw6zNDjav&SF8n`wzy92jz
zyH_}g1q*$^9IGFC0GgC_z^Y~uxZ3Qv^kf?+1mfjo#;sF{dgm1w7)Ysc&PdNB(V}v1
zQDHttmg<_CmzmWKZX7jw^f-=PE8g??(W9H6$4^%H{>6*wMK4g>4aJd`%`O|xr)+I8
zBioQhyujR2xK*G~&yaRbRwN*2L+wnmvuibOEOH+Z?{RwRmZ*pOP0gCa6VUjZ$3xpn
zPoG{N^44l4k5_-Dn>pdq_^rT!a4yw1TBdTS^vL~<kHSndDV*iyTSCH!Hy^_6W{nk*
zaQ$M^WnIr<!$L(vK%kZl$>ua2gkssEpPi`e!j5A%txR3<8E#=AM|M3I71NtHP6k?H
z!KZA^U|*KJe(m_ynu1~m*{&NWaY4Y4kuJeNI(ZcWQUiX=(nzUu<TJxgD%>5JLw$Pp
zK40nbuJB#XHVU7uCMKZ-ftNB1EU}qMEhqZtc+_a;T_SlA(04#(<w#WoPfUpcl~snm
znE~{|vtXtA!)`j=ikgBfArsH{Cwq#i$#$M;S^(33g|2d!ZSH$e1mpNdm~oo8M=q<J
zZzVA(yoR&7(_Jj%b7htPU?q%0Lg1O(h5K@CdsxXp$_Q>JZXj{!hy#!ZxkD6cr*#`R
zZ87?mn<1}OC@HymczA%)_(0L?#96D84P4HjKTpeMox6`Ah7jT*Yep1nLOmc7F-JQd
zJ$`(=tn3Ch1oA3kO-^%s%V#ZCN(Ck`6o`)IgU!k7>I?(XfhjTSI0w)ZJSv#3vrxt*
zHXm?4iZ~=f9)?WZg{tC&V(VgXum*6n62DN&g}kCJ8q`SaB|J%%b6ob?&6}^oss^WI
z32EHmVlv5I<l7?j=U9v{TCv-jPz$?~!xwUPbo3;4897xy-FGACf+MQ>_{xiglf}d1
z(ncxTA=Qtn`a6cB3X{86*6ZHh?b&ec61PDlHym=-i7&vQ@{=pFs$>JE+;WldnJbxH
zzlIa5v}htj`*Ww~Ki_<m2<(ac4NaK{n<DLFOZzUSS12k?Yao0X&^SdEB9jawbJ*%H
z#yixpL2@rZZ+gSMvvWIi=&*zBSy7yj0BWm7;pZ@L`ckM!RZbH`*Efmy#?0q>%AuTQ
zLU2RUU=#ZG1>p2K!SP@~EShY_3&}WRE=<%~2hF2S#a}(>6f^4~JM;7Mb|A9q+@*^u
zUtg?K5`F*~o`UFQE?C=;24aRGpO@p2<}B@nC}bQhFE;T^;jK+L&;koJ8PGrnSw982
zsryH20Zh-<KpU*1?BI&j<E+g^C<G7@h{=No4`x8?5kJ>Z``r?Sr_tT$sO22t^5WB#
z&IKYZQ;!Gh++7EnoYS~?MXJoqS+k<GJuLXf2b!y9QFy03f6m0g6BRmtFw$}7Q>66t
zifu0U?f@3;OUIDHAphD*(WS2a)YYZnZ2I4epm-KKiAM5oM~Snc$**nRzkMsp0gWDi
zT3zhWu_JZ7^3hv{Rgj?12uniYqUgjep8>HVE|y*2sI5@_gf?H;QpO<$bsBoMW>D?T
zw>BN+2JFv0*nGAo@8Q{r=@PXAEY%Lo`XrPxvsZsfpJV$q0@+6J@dNNR<y5&jjgzmJ
z0mIw!{Bwd|aFr56CmUOJJh&eZLJj8HmPjUT@ghCTcHhzzj%p(i=?#ZjDG`LkQpqNb
zP)+w=(ekAp;})Tss_x30$obHQ&YyH<i0pMbvT|Zq58H)&4~Hd^3lCv76S1~p4|O4B
zwBA^A&)wieP8Y88x_ethQ(Cx*x7H*HC?9X@Rqrhl^}{#2=+L%4SVAI3^s}k)<38rJ
z8*{WFL_u7)#LzKxQr~Xq#9At&Zn!zR$Haas&n&*~>bhR}NJqJST$}wI(MC%gy%*vq
z$`bKYTek7&h=U0cWO5^*^gE^{_RMUJJAD7#mb7{#fNIXe+n*H&JznoFE@l4kP3)uP
zoqzl785>CKJT`ujM_Y3}e<<JiUTb5Ps!}<1Y7W56sX2YxK4qw8Tay<Zx~}a4B=YFD
z4{HB_B{&H|{J;H(Kl_;f=+foX{)e0ROJQv{;4BK-g#Y-(+Adb&zd!@FPKWAQeRWQx
z-@~yt864YAgKedYeEK;pgp?x6Yv<5VllTVl5CEg-y{$cy1imC!G26L=#KDCK4Sa$3
zmpcK_^PdkNZXK}51;LNQ`m%H9&MNf5lqTsz8d0T|YQ|YdVvH1u+E;}>$eO<zwtbjX
zISqpIbB#}}iy_zznE^y{b$nrHL0Z~My7CF1tZQ760CgKMWj>ei14$9>>cIzZh_$N^
z?Bs+9e(gD#cUxv0!%nBDVSJHarc&q;kTM9&S<E1Gaxb*ea9T%MmiqW{>}2!1gcAg1
zKDRm^ejWe!T9L|@ND8cFV;ih>7jrs$QU5WDCn;;Xn7o4&HH(Es+c&T8WL<4=Cyrq&
z@Yp51#PND`^!4?XDmSr1(E2$#p=7M9i;EAE;4%tbRg_g(h>aUK#LTG=oeovf4IiHh
z@WD(vTlHI86-CL2{#Z?0`wHOGHJaf-_GvzPWASy!SHP(-gvxx-bGQICpH%}pbn3Ly
z39#IoUo0n!nVOqtBV`HZPUOs)iA~pYGP*gfqGAR+Gn7f5k`pbE<CkU4d;li|tZ7Ko
zDWK92+pozA-#w{`S2`iCm<-rUzJ+qt(Tp*@A@)7Il_5LI5M56s1jVoTENcp@b?P{%
zdM_~N_a_j6YckW9$s0>4LQ!OcD<YfsCGs0GB9wDWq4irhVVas+pIogza_Q-tIbkqy
zvUBGe0Ra+mFC*N!4iRUFa+eb#vba0JfvZHLPiPlV3YEw+2$*a<KNL3<g#FUK{U=mo
z<3M8x>X)Z(Iksx_c{-~b+{^8J<~ZHh+d^V+VX|J)`xp_o`^+pN+8pc#gm4`ye`n!s
zW!UUofO+wRmMmQwK-W&6ohYBpk&)v?Awr<bqz|v35RD9pGIs2^aVuEaD%4X_iUOTy
zv`)sPNDg+2vQiaP%voxp#?AROB5Hg0M)37VqdZZ}V4Vn{WXZB+fn;u=o5#;}_wSDt
zU;y}W8Pba9{MVnWN=!=9Ok)UH5jY9}M2$W#f-Z1K1DS9Mt2&#@g%p`-{^5mk@6oFs
zg)8yxfeT!v=sKT#Efv5V63+avEytOc2_<MV&aP2_H^ILk9_l5VAwi8Ofi)8j#0io-
za%aK1Q7fEp>J~FpD=IZ=Olb(6g8C*H@N8ze1yDlai_OS6D5MCC>qI?4!l$G(Iez5G
zBaWe>$<3iUfKEPQJif=jYIOO?aeDEw3l}Zo6K6V|<nfF(6^Q1|`=XNPrV)=R69Ukp
z2dMg<kxHS_NAVEv`&Cj>G7{Mmt6Y($+#0g;6KlU@Y$;xdj7U`yuE(kRoHlRJ*}Bym
zT5AlW@B;ZlFOWkw72L=WfF7n{re<d0A>Kj%)OpU%wdl+uP^YjEU=xrCd*=p^5&M`2
znqr<jM>uAf(~@Xc!u_fs1R13WN|a4?=uA&+;9)8(R`J<c3oOGyaTzSJzQcx@#C?Cz
zWwIZcbDZ+^Bf2(KG9n7FC7aIJqD{F#{fH!ejT36EaO2!!hUr<iy5y}0L1$fMj@dex
z#hp_}Q8Z5HPDF$JW&R`tBb2DDg{hoqx|Ah@_Tc>S<Hyk_`O!UURaQLrI?le}i--pn
zEXjR-wdsM20WfvhQ;R`^9Fp#a{1v{0@g6RD3Qw|}f>?dy#%ls9l5cu<K4+RJyR5D6
z@Tkm1kwS4VLIGML8WJx?#5J9qnGJU^W7TPfZ*u?@QWNDFbuBFLWd*x<xL6J$_2TG)
z@v~=ZfS^3>mr0a<S5a}fYB~>x@_JHw7@Caqk5-(8EhZ*73Q<d8`lVICHmTuCF--`F
zWEck!MH6rAB*o2puNj5oC{OyaPO(B6&mPgvSb!RkM|BLtvsf(JY54^OrA<L*ZvCB{
zY0My$Zrr#bJ!Q%>Yx${Dm1z{LauUlkxF?nx0yuv){M^5_Z<-C|nah~R$wxgJb>zAf
z#ZelJ9i3MOL8t*uQCeQ!1|Vf+wCtu?J1KJ+(^*6<oK4D^!Dh!bRt4NR1BLGlW)F@Y
zIkKH64IsQc%7z#cAlwh~=AAluQgAL^vJ${#Dv&s=!>v6e*Q_%0>Tyq;Aq~ZC72Sf)
z`RJ&HrK4$tL{mYBUp+_<!hQy~rE=UtI9gGXOSEgbqWupofc#@U-dX=gqqsro`=k>J
zW`cR!olqO9N}1K3`0)(=SRie*=pV%y)#915&h*Dyj89?iJ?LZ-vYdvp=ZlCd5xZ*Q
zXrg)YQi=js=UK6?z|Ux-FE~4UliEg&8I!hk8V!u%ws6^H+H?$aOy8XVCgxWn>3js1
z1y<Uj!Xr95`T#Ea0?LA!6QBYuXI+&l(+*pw3;@|2{_^&oMOaOVu8|cjwF692Ha`ys
z0jx8FIpXu^v10=7&iQ*IA=^|(#}cP|5r-kmxb03UTT{&^R4<{gDtYtfI!G6f9*o$a
zpnCr-!a>&ShsVWrJ31=+g^7x=Lt<xGmZ3M1ks6P0U_>m0-!NkGu&%KYgFSnSc~2%e
zHk>zz=CsNkz)Ev4he&mq7|5pfM}{Ei3iKH=;7XMNv7~XaKmco=Bhn-^Tt_Fd9Wezv
z^q>2zT<d`PDwIc&_)vhkY*4z@y-Sz#r%tUr^mV_1JZ(}Y(%T?<g!g%46bC_3F+2>q
z;|EA8kYLt;3Uq8qdAUC&ih+?Yoz`V47!H98AvYTWqUIQhwI=c?$olAlw)aHZA%ILl
zY;cP*5r<k(6ZQ2w+k}a9CLKjznq>;SM@2=tz#HlWY%}8vPgire8k1ZB+`;YikjPXg
zM~H6Y;9t`;b}0<%+2exN<k-n&<NlC{qKA>N)ULG{RJ*ZO=a*`Qc!M4aQF1@)^`D&9
ztDa#T(AZYF3fhM<-cJL?uC8r^I;EGl-y)uj-6oM2?%DS5*>jU^|LzBEkjf~FdWzal
zx?(N8hF+gGg6vh#2t<zS#<z!6UeLy)S^kZX8WV{hf452CU)TJeT%5Xy3T|x0l!FPs
z#v9FlJ!L>wr(3;F0iW@Xj)|L<A&gGVo+jX)dtyzr{mk4V+KX5Y?8Lagulay`TdHyn
zO`t`yVc>U^w2}VxPYD<7A#2rG!S)j-@#@?MZLfaSbIX(gtZB4a6GaQ!){OO%koeL?
zv>^Q6Z#>jLPcEjhl={&woIOX@*?|R?b%npLy=XmZ`-{?)IJNlZIQ}WuwT(cOs6FxL
zB|43v9mO4L`}x1Z1-8A@z5hTkKGw);C-KEd*6Lg7_3p#nlG1OlwEps@{m@yWMXlNN
z-95%;MjQJ(e>fEAt3zfi3qc0o`vq}YO55Y@GwpwW_Tp3i=lINj{|?`7?EE%DGk$Wy
zrP79Zw#6Cim9=WLn&-W2-jN$3-x&P;uZwd{!bY#@Jh5U*=a)xLPM0yyAL5qE;i;<k
zA10UAq+4VcTAivf+uFmU>`AeoQgO7DB9;wx<wZ)*-4dkV_<fI^>(TP`YOC_`HE~%1
zk!RU7-ySuJKs$C^(sfw2>Ijaq>Q-x~H9E65pv|r5=-lx1nOOx7+pFEMSM`i4$$p_K
z`kkyf^}?@j$8#rj&0E{|dFI#{#nM-`p4ndd*@5Vx<{8ysz=D?9S+qdmgLL8F#tRo-
z&k1Q>rO;Xzh(vtrOoK;TtryzrR^d_|8&snEAwzem*G{{aZ180a(`3&o7|~fKXPM*G
zt5-XAFY_{x8(e6n(`Zy(JSp00Uun4B?d?a~|MJy;%kdnFl*OK(Cf5c#4ys*h0%lmG
zD$f_X=LL^_@VGF<ZK%riP;_!SuR6n`X!GjJ(^d|fbn%jxF@uX|wqAz)xkA*vQfhwq
zeywlClhrC2k<B?tRc{-vz1;atRV8G+AUrD-_J6rJdQJCi&X|zCmk=tmgQ?kptKH@)
z^`E5cq!fL|N$uL=^z0*xfk8J=ls?+?WOLZ^afPxUZ&nui>v(3J&n=uhfoE~&fV@ny
z+}-*-y|~MM6-swBJxn%zsyWcujZ3y105o}TQ93t9GFGed%SQz%#r~6%{OeDJR=An$
zOKmKf)i>VQ0nDS{1nrPDI=bR9&M^ACkaVHwlyurwsf&X4rr^mVM=sh~&|LA%(<?8^
zaz)0WUygs$Ojux;oxg1O7N0WOoxIIVXP(ft+j1h`!g9lc!%L-Sevb7HTAWj9(pA}a
zQm9xt5eDf>dDW-#BUbkw{UpmIK~k-``{YWGdRNU*ozr){4_@nO__1-)pcz{u5d8(`
zUY}*>RUO}w9aca7a$S+Jk%w{LVRlQrmMXbeB)eBMrOvN<*&N=GUy}CmYl35MvG&Br
zukkn;<{uj4(E9PM-Po;<`$QU6c|}#(Ms6-icJdB4*iw=i=ON{9d)!s#Uh7UH?JY_1
zzB8+=ANkrSEIII5J!;-rk131l6@FVE?fSI>DPl^$^(q-MtFH_RxRjY3c-W%Sc>J?~
z^%j{5rE9Xsc<fRmHA?MBwFwU{aP{JP9fzO)bpJ2?ip<7|<`s4JQN}H<Qac)}<1RO*
z-}qYMS}d;e%&^u)szq+W4IcYLUcG+%X>;^E(E!fVO;{lRt!QnUU94Yj@qo>eu5+RJ
z4fnk`Uh&M|)!ok1Eh&DwO!EFaaUcFx^fWB3@(r06x}#-`$4Zs>`mb*iXPcL0tsI<i
zVqI}=r@);ydbY6#4uAg8q-fH;>$>Epp=A%3j5phvZaj1R{=7kPFM`kJTQ!%*`ELSI
zmQ8&bGfE+}>0<Hi_p=&JWDk7n(V^R*8|#8?Kdq>d046`67?plMZ&Meus|L{u%{(XY
zrGR5y2M6w{iTCibvvN>8kRFyB_#IN!d+D)ND&nzLWd91%{G|0y?W=nG)nDpX1j-nV
zG_&p4wvRx^4j$LlE*xds>*LYbL9=ch*jKI+`}sr5hRWQDF0J?CH6tu99QbOLFi*4T
zP)?{;kiwd)&#%O6IC-RdQE)?O6>Us)LF3(3K4a9PcU2iz(H*KEK7K|yxqEP=dHtBW
z%8%FIybaxUcixOIlHDx5&PMHQQj?q;k#hvC%jo|5Z!esvHA8)GR`TV~MH;em*Qczr
zaD7@Ov$a-2#`sHw_~k{%yGH1q`u1V`(bGeMCeJ$H-KGDV2<bVMS9jTb{^osjSje+j
z*&6AJG?~=L5!*`wl#GYYLUeO(s_Hx4w~9N9K85+L85sEc`Gpsp_pS!cXVI?v-Nt5#
zZOqd1V~)Kj%q>h(7(QINs$gE|#OIZf+c)_=a1Ex3GI&>^x%&0W2U3a!QTqdGN0|lf
zoIBe&(<d~?a9^2Jutrl@lx^HY&DQAF{89b;8`yqqT9y|zd1XevxrhIHrD2?z1X8W+
zmApzh;rpT)C2@KAu_anUz2@#vVN@LdOU#)xM$WwC250A9KHJamlb`2h85>V2fBiI{
zK{NMWbGME1-1p7MOHR&kxf55Ue$7sSYZjcFvSxm_C*9nxR~7GC>rkO&c>h63Ow^W{
zZt6Il2J1y@=<U)DK5utrU6xO%ne7^{<apmtpZ4xNq3v1n+N?x*dSKPJ_mR#Q`ovqy
zC<m^4y#7T{N@ut5<*h}L%T6g=xluc6lV-#7F*I}w&&+h4sOM`E-xA&Lu}4T~yhgCg
z#LGqIT3=qi-=h2Wa&e*SEhqm&CJtG}S~IhwCVCityWM);Ys=C0PwqR8>{xoyz(Vue
z>j~<9Yjx{OS7+L&CcTgw-6WsfQ0d~g->TEmrx&m7)S9Q>RM%ZI_T5NH`F#sL_Q%4@
zPkiQ67TWOkY;&EY7EAP%@}h-3?=4~kNHJKm*-zbQShucU6x8<xc<-r+-5KXj*xeau
z^v*zU$J%FuP4@<k?R4DK+D7Bxyy5}D@80!62e%kTJUivQuashIe!NyumENQ0@1sI3
zfZjHQ#%C-dpmV08FBp_@T)cU~J}a4B-Yyf}Ryf^>f3bjUrA}bEGEUa8HMCQo!8W?P
zc1@yT4~q#k>G0Y0u8ldy_zPBl|9l!c)iv9<n{q{Nw6C^KAfn&R6)lE6s=n_saetc~
zyJSqIouh~CjV;M*Djr|bXzH<_dGdXAwSJz*x_RV$Z|Su6+m~TqYwXT$-}`7Sj2jE6
zEYIM3<D{5xUoRJYv9YoWSnXyvmgp}nohu%-<UCWkTn*&ro)3?oHG1*v&^Y{nIlL$&
z_v@E(uWS#^G`fR|Q66hziV~Xd##Ov}sp<5|ZsZuhEyrhSMsAKj<1zcjpzN1Yis}Kg
zrKj?y%|=<f!#}5GhR4J1*T0O)uV^ZTlbHy{b+tL+yFIDY{QI{hF?Z&a<|!>pwy(%6
zSg$0ftl59k-{mP|bU^vShLkYA?2Yg~H0jJhpK1E5cplqd2DlZ+#@{GSdr9q?b!~wT
zfQq@De>g20o#wb@$(`qzC8w&Q*C8zRmCMrO4vX(X>FH?DY7$ehe?r;qqFWzNJux*4
z^jWW0J{)NQv=9z{cl%m)FFN%t>F=CU%ax1Yxr*lw$UrYN(qoro{kI|krk))K+V;wG
zYuem)9+uZ5yn`m*Oi7V8HE$`t`-hHpz&PNtJ$qc=RqN^m>uvY9+gThuNX9+u%+=x@
z-(wrivic9UxqoNcgjr!>{XaDyT2$BLn?j`l1r&%t&P~r>BDd}IZvWR(KWp>#4uhuN
zp0Ajw1!|ScytR|}#fxV4CuMy@6Y`{`#~<1}qhDG>d|{GN^XHc<R^Iiz7rj(d0Sh*j
ze22mI4)UQ4KnI|{?NA+fRVQceuO<!&QaZQ)@NM)tT3(U8SgcAqV1{Di;~EQNy1=+?
zj(WITTPL9W!O_{3>Cw5ibBTMWPj?kT#_ro5O=P>msna{?!mj9beZPN99w=j|F*$e6
zE(;?$lcLy51_RHRpEOpmt1Dk>8~fcX+bVStkO->R>Vjwdd;h#m!$`Z0{vX4;nOAAv
zvM+V|hByerz#$EP_s%PbDTs|XJKeS8Vf(&m^AvcP8JXcG`VgbaLO0vm`YtfI^R!_*
z2j*(wT<2Y(^#1gXYi6~&?`DmTnzyXnF5Ni)lT}XR0UsZqlyK#ig(rnF)lvg3aP6b<
zDE>((eR`Ye(nwxyFUcR+ECFgM%1B>JV_LPZzkd>|=5tz+6A{yul@jes%-<WYI+JeV
zubHhVY!((8ta{Y&b#RNGdU399&h^B=83*313fBIfZk*f2diQCLF_UR3n9g9}jrK1a
z6D-H46~*7~H?ixJ=bx#k7<>uhz`7xdenB?%)s=~-_Q=i~JnOryjLG{Ovx>_mD$dzk
z&^csokE#Bek+&x4*sm9?xc`9OHc#L8jx~`yWBN8}HJE|ww(t$DP3dRvSWQR#++5Si
zd}_6moO~CBll26*2-EB_ns==|$El5l!p{$_sj<|1KQV3n{-FB)lg7O{zk8s=(uult
zj!)eko+v*hRIx^p2$)}()RORP-plt5wA`&~!-fn=O`)O$W19HPzr1nUuzI)VNt4vW
z<D6c({Ppy{jqHRm2~%SV%wpqAqTTb#loti3>=Z$D&)-0AXOC7-HqZI1hby8tOHtuG
zjZLh`i9DR@JXO(2WFT~50Vf`XX2t6SYFBP=_-6LCskE4*j1(0&XqlPVwO+Ak?*FMi
zJ;5+7$4;8i1m1$s%TH=Ylf5}hdNRtA_3KNud))TZ@Qi(W<s_kWh5K={!jR;ZI^qT(
zV>{s;q<(Pf)KcT2=Rtl_6K@1Oct1ht3@C&@*Q8sAZiE|p_iF9B!3i%WNE?;BncRFJ
znyNBpue5HYQMR)b_EtNt%GM_wS$VW`333_`8)bpmp!8I$%C8pX-inngGl~BZ)~k<v
z{q#A`$b(f&o8o-&qW2tgL;qb@H7lCGZoE3zZh@^{edfJ`ukBBKTT!EAoBV#yxD&Tm
zx}rn25^0Q7BO7&V&6Pfe@@u6gRo^N!l9Tp&?q`(i6lv1hnlx)twbN1u_n<V_w@3h1
zX9tvoT=MMVjIi{}m+@c683uaaO|Mi)^VM4RMDOORu&`1gD{#;=&OsQ5KyoUl7?)b7
z$30H|_WnTgzF_Y2Fnj7A{<`u-*!i#3cZYSB>r`{apu>gSi|-nT+z8TJJY=4!Hp>j)
zs^Ytf!O^F>*Wf(THiwlZw8{r%Wd*4x8|5z1>`^G1@}c@P=W_l2YOhDvHzUiarDI^}
z`0v&kPnJ9^?jE6wd7J9psPyrMnNixs9%J>d{vr4MWozb(J*wG_4fnrpZ}7F|@a>>n
zNy+hs_rH~YHD2VLAJwSt5q~(sq_qY@OYPFM(cK13)2xbZ>C?2qIqA$$7q9Q7?#*r$
z*)}UA=OzSP@*GwesWee@hH~u`J5k5?&yV%)=`|WRtL;!Ud7kI@HW>bOXK$4k<#hR}
z$<dEcQf{ANnDh9gxO=))z5OhTuKM_z%=I1}8vkCu>{YwVvX#Gdh?h~RoL6*hj=5Y=
zE=zaEtAq1851O$ePS0i~P>SdD(PdP?^Z)_J&R)D09~x(DJNeDa*cUhA8a6teQ(hFY
z>&b|QiY6!B@@$>)E-k9(#~gih-}B0ow`zav)NIx1JKn{$Ce37=<(JvAbJj)ZPIr4U
zr?&Xv9J|-orOG4c#pgFaoV=k^(yDH%Rhrc~w-gmqzE(vaUa{iNXw(Z&F3T>E&J7I=
zRMKm(GrJg~yV`kgqg9JRhYs<RLX#Y3+_SrVCoW3~;k*jSc13QWSK#{I4Jp2Z%?iyX
z*H2A|(eromdY|s*<F~pXD=IFOCiQ|^t*m9K+}%j0>~(GBzOvI_?R9ghJ5%m%QDVMf
z-GW1*fyxi9D_Y-AiLC#edHmG+iqs3gDrSUjvD2{IB$k3)YFC%PzMmT0W7XotN2F5H
z(?d^;Y}YwG<*h>6%a<+H9S+Gcfg@VBzOx3&lm*X1HZ+0cQf#N--D}hb)Z{}gLVuO0
zy@!X0O7&2OQ**jrdsf@J<6cX0<A>MDbHRYlI->!R-kbF6&Z4^DZAYH2-~2`f+Z44-
z`O1jxTmgb#0VLHvnmV9sMOIkw9CKr>EYG%oq1U}e$lb-ye^)!+_M-oY7yWBN`WEF*
z60br_;lh5<tw3Ps0lX})70M6lZ~j{zBRb2Skf7Sn?)B<pl0~=MtzX>RNgV8S6#c`G
zpZ^(o{5F9LO5A&kS!bx<BJoLUmutWjw*CAUU+dNIS^rL=PeJAj&XVR+`G4lluWc0E
zdF_k*Tl%M%Y@e*i_H~xZ%hPX}v=f{RaN#gVB3ws7hg5N7K^(gFuh>HQ3z7vwR+Vv~
z8B99I+`X&tV$E_PRo0);uSG9UXxmYsq2^s%W=_fK&p^dd-I|u&3dv&GS@!AE(s~u#
z--95%0Cm$jDSmym(+n(Z-KupW4KFbJ9!e3Cx^-GPd_X2v7N?{<%SuWb?iD;<O&u;X
z)oA?T`x{kd(GDWU>0@}capi&}JWH03`+AX&IQT&5;%XmZ-1QuOQt+}=+tcBg!%+1J
zVeVCyETr1ydA4^}IFJ44Tfmt`N0>XB0RN+?0;6F%(E`h~)mLUKqgN9eSjGf{m}XaW
zf;|x8RHTOTSWyiE7GB{p;Zms>G{}mzs&{sA8O?;H;G6Ks6391ae0ag6(&<jdTmkZJ
zGACX@zxYw=Ie8;?5PuK~8cx}splHqT61-mUkg#ELmTLvm4>zTTw3PI)2L2>XCLRT^
zzg_EhCvR>{+LI@%aW5ljx^f_uKLdt-Y`H=5))7KEw^JO>jo`(f@%<jqmxi1{DA?Yf
zD`A5nz<jwE%bgIW1n};uXqv=x6HK>0G6@6F|8jKjLMFcS^ngvlThR3~`IN(O9i+L;
z>Pyp>h%qB%0T(V_^kZ(GR>8wniZKf#nE0=7QYFj>KwAVtR5;ywuYtxq{#)HjIOWvr
zY;`d%!yu2D<naRWR!~S8*ptuz?Xe}rFjS`&vgPW(mM(Bqy&5#VPzhDNyt`fq*3e3c
z#aL;W{q6k%-H&doeB=rqn>-bzfAm{PCcBnpaJ$;b@uf=*dGTdAt6Pk7d!w)wy8N$D
z`ZfOFVOz^lm1iQFG)Ivsm-esdb1pLi^8=yogOX#{2sK81oB^9=5J#V~LQr8QX!kbx
zmjiPyI6=Dz?`mAWIb+1184<x<$W|~=Vb4H+0P;DZD6e=C=7k6PIfMN|CH8k7E)GF<
z@#1&74fa9L?Z+ArN0ykYyGvo3sRV7N&SOQ7CS&{c)7>*IC<P)B$_R!WldTw`D4!_H
z65WOzV3iPT6ZWBHcEx>W7CMj<TLkOA-_{oK?w<^eZ6|&poyp+ljM5Jtf?xfA7O~&T
z5prXwFGEDof;EGit{ZZEuFyy#Lg(&Kb)}gFp<ncaBZCjy!5S92<4AEt1zoc;t5<w3
zE#oyN%H2vA?D|-myX}BkKc3ueNtl#-BU6%-mmv&;Lvw<9<9m$n)TxtDzCbi(A}!&$
zu{C$_yaWfPYh6A{sPWjivZ<(Ocfg;Z#Jzx88oLT9MHIvpxuG5qg?#)}!Q3DpdD`gC
zE)=95-(np)3p1U8jDZekB$_p<1Uj&m)yqIg1NTZR4Hb5(CNdjec(?Oj?r_qnsD#?|
z-a=0TUZ5h1+>a$b_%*<pdeTh4gA|6R96xVfk#!uCc0#F>vQ>qvi$no?cUS*OT2Vm^
z=X_#-dxJ+}m9Vh?uUU6<bANFOC}_ZTSP`pmZgNDIPgVQw^=lx7!G^qh&K>JdWy28=
zQlz5r*lJX|OQ;CgV9W0`YrsuwQh2PrG)+H?Ndx1C!u(r$$biflrW0q%jLMtYqt0F-
zbY{I<I8WqW)r-2WShv5l+ISLWH;&`-xmqwu99wI1$GRZ^QB6=FV28=Sq~AG}O_`Yr
z^BWjf`834GR$uzpe7q`Lu9!dw4#jog4qMHA%lQHgj94m|`x27}4b#u3Z~%t4+}pG#
zIM(@LRptlg_+wH@oN00kor5bgqx44{|6@9Fr2eQ_2A-}#3O~6zcRd?KnQv}7(Fi&k
zdC2>`#=-+@l#~RCj3TlRCpg5p6VxIiBIGK^Ju1(LZk(JDMsN_uMtuhj3g9&rOwB%x
z(*L$k^vj5IBcJ~D^sv^)((Hd*ysgLz{}eu5Li_{v{sQ01EClvCxFZ(49?s;mkc(vD
zZ^t<0a-=W0#E}vvM2Sm&tPt6Xr<HBXlF_z7a+Wud8sa@L4GFVUK^%96+Zp!#3R(@M
zw1KFuJ5&gUy#W{E@iS)3$gPY?v?#qlg5gl~7Z>|Y(jH6VQA{=Ka#Kp=KeYHwqkEg+
z2<MJ|WQ)#{vg+y(6jS}K9d8Q6=a)bNY&N1Yr8sI_S-bHTgSl5G=njM!YtX#?mhJ@&
zVrqqKq<E*%>YSEa(~}LXkXQTAc}l$M&eyK1ujjykv_5F_kXH9H=s4gXS^z_KE@~7N
zE;syw4kH@4{OHdZRKhX6w#RjVvm!WEK#~OLv=^5eqxNH?ZBVoHA@8z_T9b>eCTBah
z+DX`%-%agRHC(?qx6J<ckt0s4X---EdFL$$+rgC=f8TH{tY+?pg-#{2qAvBc4_mc(
z?1g?eY(s4h*nO%xvp3M~&9U72j~A1-RLhs{pI1{aTWWUO#3Q|F{-Q;{bnMu%spz<C
zGRJ68C2-W={B7Gtqtj~7EWkxKH`lTuHVqXW?Ck9D1^si(m`-%OmgFtRQg1J>Ul^s6
zJMe7)-5AE#^O+{+?*Arn8)ecV>k!>Id*U9Y<wpGLFfu>CQ&nC4!rVKxn7iQkzK~!4
z)X;z_!|>>dE4-lcr%apnfQNz-<P6(-f9BOwbqD75@%4-PTvzu18QU)l{#c7-TH?{H
zQQsJ9;LOQ;OkM0j8IHlsu=(ZHhaXf-sBmwyf3fbrY;3Qd&)3(q^xQz^{u?RXP2^5k
zi}k=<jRQ6M;v*!XuCAVUK*hfgRY)Q=+(F_ta=%}MgQWzF*ze?-MAGBO_fG~hRoR8)
zG-bvNXPeW@r556(#HtzI>!diaBro7;P3m|Hl>fJ~ZP8+`f8+1ZxkAEtgF}`FaZ1Pn
zRn^{%!Odr^sk6K<FyLku`bCc0`1I-1tJkmFQQmbOG~+i4(4!|$Djw=-N;jWGdBVWM
zS)>*vZl4P{IEObXal6w+;_~Iox2+q-;RYalF*#GWH<CHW=I&`dM)f-R3XczpoqHUJ
z%ODx%sJ}4au)$a>)#&*3r4#$*<Y4r4_|Tzt9OQip)j#BTH#`dGQ<QAYO!B&ZT^yI<
z=kLFXV(wP?vl}rzItPZ|wE6t9XH459zr?i>v3L87yfB{SA|Zh(*QjL+Kb34&7<s)8
zjb3MDIEkcSX^TBWM_7F^81&rte*Dr;AHzH@*j=fk`&z8Frf>9!nQaCS)24VXU#xb7
zlrnDauWjxHBd(hs{e8)Z5waAoQ<3gq{-u-W`N#A1en?|5vsr{F<AP*o@oMFE+RjH$
zl*tQ6#1W2ur$5TiZo59c?xXvhJn?<Zlqr9}?A}M0_VWe2Bqs65h@L&`&aUY5YdeW+
zIQKk0_rqD`MCvGBRTkK<Z{MS=sWhkKfBo5Kxzq}&UiwFtep&+lt-9~G#d;C=u#a!M
z)UTa)EBE_x$-;DD0ITi!dZ81$$azdf@wTTZQx+{*a^s$}0SaOLW6M7+d3All;$eEa
z3L|;J*B7%FI-dCL9-92!%xz%E_`g_t6L2iowr%(_l`%s^W*SL`LNZUKL4zSAGNqJM
z%A7G|3R$JJN<yPZ6q)CtS!9e1sR$X$JpTJxt>=B8?|uG%`~GkH?rmFZS-HFJ>prjZ
zJcj+)kNsf8w)FPH-TnG*VsU#{iccrNICdhe<=c4pLZ;3i{c*`><ab^*`N=$g1i9C0
zkZ=6C(*X<j>orB*Az6ltUlyYMbH&^;^40&mBrcFe{_`^ATN?gr<;cHo%aUvTd2O@N
z$07RjiYX&k{pS@dhe!9%i`foe=ARdL)qnpW{nP;}w736<_;afkvCnoNveo^6@bcDP
zJ?|6Q+r6%4F4b4Z$UcM&ZMF}^JxzZ`yple^fs6Gn^&I&WoT(!!E}pcZN}}eU5BtA<
zi~px<kyH~EU&wNzZFp|2z225BI<}2V;eSN#%(Cxm-Yj!qFv_+6nWR`!w4P*a+1qx8
z_8ysaPZu7V+VIJHNGbcZvNt`Nn~O=F*`UOJJ@m;zUS{uNhmjq#1-5BrUyiqDE?)NW
zyR7%;&xVyo2WNyRdWOQFeM2-JW0LwUiQZX_X&vE}J57A*m7!!TCf6U<l)ggan40~!
zIp3eF<~_-Jez|JaLc_sXxK4SRE!F7;4RuablY>4~H+Ny&#__!XDpW>?J*+N|EInd7
z`dsYdHvP*&JJiKv811&IB&Tg(7d)<Ux_&8}Kz(`X+;uU=GQFt5SB*6vm~As`{S-o@
z_msS~T<qLeA<W0u>+|{fWwfvH^QjzOn_}8z>b5pvy%xv2uIueN-w()!&1L1DouJ7+
z-WuU_pzZfrG<ZNx{+IB8fT97tp5O@6$4)c8H-?+{S!?j{#76U1S4$VGLhi}XjWM`y
z#&S>aL}WySUf?3v#FP|s>+8mnv8!%>(+K|9v1+??b@dv}m0YFGIak`gi`0#O$>;!I
zgDGms+-0HjhOyZq;0|j`#$K_}wI4G2c=pRwE>vuFjk&P1YmZ1sPP0|*iVM(-zFAUn
zdsUn7eu|BajndTA6g7F&9@><ijA3?`QgNHuU>&9QRzdr>BwJ{PbNTW}6wGW&3ywaY
z+4XH`fpTng($ar@pn0@Ec=`J^w9f@%T^X-RTj`ja^DAGwZd1Ew<E=-JmJI#8>inh8
z>b_AcW6`tOk#Q%%)qD5@!NI0`9v@|re4a*IyKH!+EF(4is^(|yeFGm#^Z3AloU{+2
zGZPEJS4<RUm0VSoU1Zm1um9A&RPM;&hS{kmCq4lI+ra?|hmU!lG4@ONRhQKyEVlbP
zu!<=4xeZycFTNL}<a>M#3MHJv!ZfY(<&S;(`9Wl62D<yWw_W7Oo}m!jTtSUhRaE@q
zm@8M7{5-ibZgclyK(w3`^G6elnSxi?!0+$v(!44y6mk67uIujIFB^(aeV^XtaZ{Z=
zedA)ABSYtwYwWJL;&e7KIXU=F#1USvH|@OKqg<`-!X;@3<~brN`8G7utT^u{^Xy~b
zxr1ds-wz{n;6^>8di3a0(U>?<#qsqf`6tW1t4!?8N?CLxMCm1$p{J9z*%RdxAB!Sx
z-##RDV8ddX=!8!NH4Et9;oNv{0h;4)SnA!o&&!MtsGKV)>3P@CP<3PfrQtW5zT1CS
zI58l5WAj;>t}ael#YeH}dsMwf`A$4k6qlD56jF|Zf{V`J=JhzJDf<*;U0*6e{i@u)
z;*kDnA%^JgBOE+Dbgu?2W$mVQp@3*pA9wWPjysQgPb_W{*_w!u4a(3VMMcum3mvYn
z<JFe$-`^5kB~^pHoN=Z}3-r;%tNS+1DmfLjab60}n(MCKli~GdwW^;mt6jHwoT9xT
zaE$dTo9O6#RQ)(Fl$3}%I2f0{wDK#vS*UkvC_(T3UM<#VR?CvyoRYm=kxV9^EEdc0
z9g`<|K#ooGRnu&(F$k2-v-R6FvYH|U`>Jv`r@!k=7yCf7Cr3ucNgLZbt|v!!Ye(`g
z!mXCqeHk1cS7xP@e7>rhJen3VogZ3RUtizZGr{g_nM+e0{rxotztlv1vW=M#Of@LK
zrKwSuYQi=>ofoHil-0k@AjD_dH(KH0RZUY<0iE-^D@tgxb6jVnZEf3=>=qlnj#G!9
zFyNCr#!Qu@Oi=ZYELl{t)7EeJ8W(3a`)OQYc5W#7gr%K>V^8BkQPR!oEgy?LcPDI)
z{&+S@R6&8QV=O~zwCL#*_fnK>PJJC<DDdK0^4={?&i4k3NqS2VuZ;G)$2MxSdA2n5
z4GkF!{)<n19IvkG@MWMNU}ZD;{6)^x)lCI&Eh|zQidU>yvDBn+aY^3EJ)@6jmnB!}
zm%k}4upis+@~r&)7)Uhxeu~#*$RhAlbkmV@ALn-IJG6*mT;dzdnS8gij)6T`PmGAH
z@&uPFhW0*jnXTCW`sTOrjW=g7%scW-d+t!{*%`$pm+rl-?u~hy(|d;1$IHDsY1KLw
z!6B^Y6>0bCrxM+#ran2dx?~1lY4p=DtC^V<aXVoZvHrSAS@+~}m~(mxvnrFlTzv#L
zKjk^1I?-MEio+v5f2GRcQ1MX7?Oi(so1ZbA!62Sv6T7DR)OviD+f}nxj@YTxz9>-3
z9#W-5C#t6ga$oH&J}7iU!<|n<=6cAMohB0Ue}8G$VDI|u5V(-<B3PK3XVZA&&hyu=
zr7~Zy2+7tuaDe4u+p?~t8aYI?OVi910uvTApeW-$n5Y$)m*dkTOo1Cu!Ki4Pnl3IX
z@@;<Vxv4STatThkXe@K{lZmwyckZs3aS45!?~2Z4j4n@lgJM<`g*06Y%$$4ny*avL
z(`<N0W7^vBzY75X(3q&@l~vC$W*;{X7E)msSDK7%o2%M$BTPD8r4x5C`_x()DZMBo
z?cq23nb)u1bwlMW$Kb;&))P0&b3DGK3^ZTgG&j6Uk10y<!y>&9-$|P~L5HLJh*y%c
znLU-0{!waE_A_VaxD7|89?d&5uQ<<M_Lu$O)Ljp&91n(vZN6nMy7Oah-1sYfPtNX}
z5$c8c-DOkBr%v~VG&d^+e^6V!dKv6PbC#Xjl7Shad#Z(;Fj~mfD&Ky0M09^@jD64k
zveAY492%I58|qo?LMl7LBd2^yOVdwTcdQ=xSV-g7Q4rX@=B;GgIF8*&`R&c89zU!4
z5>YL8tioD<&RMLie8r*aX^TlZqczdNJueF1H8xiCW@wa^w)5lI={~s|nQ^uz#<um)
zx6|%qISLAwl-u`e_I~^J{A2p#erUWdo=~`+ai~^*(nCb6e9@TfSTzIMGS7!?-&s+)
zN>pk<f$Dr4?`M6;cqzLuDhabg>i+v@vZwkCKDQW{NmZ&X?)a{ktyoB`L(3SZT*%=J
zy({os+TvQ<&`=uX<mmkQor&u71QR$CEU-__8BS~zc{&5l+1bzIeokM^`<uVutzb!A
z<r9`dtBC&A;E%-%mLcooG~6ZMdJL{}x$Sgwo#{f^bk-~9+2$o}c|N>5ujbpmNZPOD
z>Agu?$Ev&Ti{lnycB;`QP4<PWJk&U&BGju7y=Y0g{CO%?ZzWe^f~(ApiK$}m5%(v(
zuMd$}HFi0P$)CtO&ob7hTk+=QDa$%`EK5wx)hLm%D4-2HD&R7RLZ9{f^iAgibz+b;
z4^67gM3ua#MI&*Xw$!rZomZnWIo&8(zjk8>N5@3ZpR4a1RWl|gc2N|#>Pqa+y0Mb6
z#G5O-UKsiOVq=RllJzSMPB5J#BTQ4i%?Df*u15NAIQrf&`(62yBQnE%`;@@+V2;@q
z1k0NUX82@Jf?j3zmQ4}6Wfh$0TwPsRUEQ?d_GxKvUdegA<nZ@X6N5Swae=3nD{?#=
zYGa_<Ai4T|Rc_dY?lpy-8;*-!h;-E2w~t3>kxFMx@d=*%KZnaCuC$|7$7tgwIm0%E
zvsZO(X?MOl8FT4UAZBkHr$3Sr;F*%HdEaA@@3x+GzMTfSo<n1*99nQAQ5^4naY<DF
zn(893#dQ%k$<?<o&5Vm&5`rGOoU+^H=Wp-8g*_g0Ts1R0?Ya`OZ_M>a9p5ibJJ1tl
zw&7iqp1!`6tzE~<Y?aYxm=3(C!dA{a>-g&arMxnh!7(vni~NQteAjI&SKr_N#4G0e
zgmjNs6i1jY{BJ-;Mq;YWb35x>A@gn>5`sTx$b#*9a}4Qykk3L<j`R_+q_Pk5WtHpD
zE+t&l|DMh^gKycgc=QUZcnE5&P|5Cp)=~2A@giemW9z!RtAOBPl%@a;rLS);`gxy2
z#`nbZ^a#hM1?b^3>+fp)eD*}aLmU(5Pf~(H(}`Om?(Q`;t<K3P=MWGGf$`W2{T9e3
z(9XLL(NV%0o{JWrb=+^eFj#nwY0H*rPn!(x2|@2?BG>-T4*2_T{@J-RcKKf4Wkv^T
z6|AHH|I<+<4r=r{`?AotvQiM%VPRe%bn}xnIzUgd90d|B4@?ai?Yn)F*KI*q;~T@w
zd`F_sOg5PwGCeA-WH@c<rs%U5X*#+~ZrPN3_1a9WM{6Nboqg)iPA?`Va-{a=U#i9J
z_V3eqA9W0G!RDbl`?88{8lE`H>5=S9B5FZ@yKaJ-tE<B8yI<!WnAxK%%Jrh<+-6-`
z+}I)|5h-s)JHerjEqc|r_6(KX%PHKsYZu$Kg`LAdAIp5+9BwN*!+!U>`3eb%<vh&G
zN5qyrd>Iu}Y<VFybzq@VC}4Dy^+JM@QMMYws&B#iyVhSwNs&x3Y0$K_<-%CAoyLb3
zKXDsY^$|WN+PU4D!}p*%yMW@LE_C%_YDz8+p}EP%CY^KHct@z<17k^*rlf2h)rF+i
zd$L2>2W(P|A4$zD{AKav`Ev&;tBgg?&P*5MvIC4Iw|IG#j)#YP1?IUP<DHxz>)+Pf
z-~V;zOFn@H?L&uL#Cnn>C(ZySBI8s~w#KVWJa(HiaX4n8bG>mrMIAl*E%?gJi3Eq{
zTQ}S0cI=Q^_G<c^DuVyF6S*tpiuW8iV00ogcQ`xx+{js@=*UP`7R#)OxfpZowrkgd
z6As*D>o>Koe%tn7>|?%bRlS6r0jd(>(J%be#I0KjcNTfEu{nxvkem?y)?CUxKhORy
z$<v6qMcWUHh;19aF9t<b&A7j_UzoaWPY@caGHg3D{L%MzQWEWT-@;DVS{#oYx4G3O
zQVFKL8R(z_sF~E}w53uIak!6<C6Je_cbPvg-#$q<HPnF&u6C^TWO$m6?`DRXv;sf+
zwJfXDs#Oso>p@%g)Yyj(teTdGhi>ix{|F?=>L*DK!+YoOE;?vC)5ELt<R-+#bS;it
z+mbaSD=wbg>Flx?CpY^<tLf*^^;^)UBy{W;&tv=dDTeEPF^%`!rjxdyMDBv3G|&F8
z=u^REz!aOD8Bzfzt7yD$Uv1;<RkO2$uqH<wnxx$?Ure-Ni_1D0p+z^tyY|U_r<aC*
zIc9g>vmy?9Yos8psC!VH>ej6aBh|4QEZ$a64!gq3M8LoAH<Xi_g>aPY+J?<&oVR)T
zl%e@)E!*nV5KvW_-}F6SDKGDX2hX(g);&CT<mKo}e)g1}?(i}9Xcge*<K$f?9Psy@
z<1-WA`ulALZ%CY)v*A8mV|hM4e~Has{SLv=o8(i)uGg_rsDWT*v|R(+_T7H-;aPCc
zx1Ym57Z!6FEhQeLwpMO<qBt6ziMNjJi}d~y`?bZOuE$!#ah<ouA=O2GC)ts<-rioW
zJ>fGxaA#n;u()%(ft&`ihOn>~&tJTV$$wXuzvHKBV?)DM3yX8wGgowjnQadp>EX_s
zoBO%X$Vg}R?j`hE7xQKHkG`#Kyt@fG)mAUBMS1&OKDitLbRua)Ffgmj2TeY94*7|w
z^UiDHZ-8+=GCA^|c4q9^+!EpHnv#wMb@VDZcb`vhbN^B(qpZAWtiK_^Olqs4;fBGv
zpO5uFLH>~D!i8hDZ$7Nwwr7tXxMD>T5h*Dt!BL-QdghB6nO?*<79JZL!c;0Ie);<c
zj$b3o%f%N2LFJZc_pl23kf<9$pZ$_=y?*_n>wfi7C_fy?4h_`ta~x<n%S}TQK%Leb
z`?6|V_=mevTP&aS_HK$(I3j@tG#ct;dqt9S@*>Lrs*KKXUxS}U+fZ9>$emYk#U^U&
zhX-1A3Tikn!z3M#@c{-1D=4Da>|YhxZ#Q=`H^QyJgY&}NV%1L7iVWkPix)2jLA+P~
zc$`Yz@Q18o9`(kghnr{TL^@lZ@KXNpW4y}8(xrHKf0pW0JAdwd;N3B0k#i2IY+L>W
z$IW{+$;D0yv@^>Z#}Vg>$;vVUWFhkzP1ENYtgQT$Hh;L>vKewEHq~$Gpw=I7ek%`O
zZ@-vIes68&(3#$oY{>ICIXFVWGd$js$7^ohV143dzS%AaAYuH=1p&YIzsAbloDOuC
zBravRt3p?)p%QLb*K@0=NEn!ExI%w+S<1aF0pEKH(50|~&K<_^+eY=w{(H&EY`?K_
zZeZhEs@k3&U4fuA5Ze*!D&1bVW?}Pzzk4$5C#03mjME}=q4`{7_gJc4QLzjgA7gcN
zVD^>>s@^=A|0qiFU?H;}hH#)@wm12_x~_Q4z%|d;-SUQphW0bOu2G&$O$9MoxqiE6
zHyPGp{cfr<m3byCTsm7wFu5Ip1XoK!H2G<Qt@u;LcA3$~r-Obz7Wq8?e4y^mio5#4
zfjq^J^w`(w362e4R#E=!qZ2RW+&^xab0IFsUL#$rdm-(eg*l)hgyooqCETd^_Hl+l
z`1>Q?hhBsuj4yF&*qU3NeY}?YmG8m8qPg>;((1y+kIZiEy|%Q9t-4fa&AW#+nn6LI
zi&P#3?pJBc`@$Y}bg({WoNFn5mO1Mu4zT?YW++tIj@0ezJ=`L)@$mX9tJorb@4bqO
zL#iGeqSwt;T3qD`ECa~u)4Q%q4j)E~InBD#R}2puP^hrnN>2}gNiXSd+k$Uc@#)S(
z>T~v#<g+apT2}4e7&y{>VGEz4i+@{e>dvICY;-xS0-;)g)n%?fEL2&%0{So%L^=D!
z#}AW7yIfu$7~XiE&AqZ{uKEzmQE&aq%318|{eLZe{yiU71YiGraD;E=%BI>(_gzK#
zCvBV-PINpQ_~sv<&u;UkZxw@ywKQAIHU?n%kKF|W)P0KeP%%h+=+C=4JzC1*^P-3C
zbi-1;42@~~r3KVhql$3Q_ME@Jru>N;*V_~~I?fdPw%pb9tQ`B9<o*22yKJkIlhe~Y
z9)98%RfGx?zVDrV+RSFOIyxq;*AiGs)djbzAd$m1&)<ci4lN;nIK%8h!#dvX)FuX2
zH{s|h7SmgvPpVGaNxb=)gD~67MWOm}*CW2oUd)J_6Yt%7I6M;kt+|%_@b}g-=aRMh
zF7a&rMQT5@9^`tSed<t4?=!um>g7HGlxk=Ie%Mr{uHsW{<H3elZ$8_k5uvOH1#eXA
zSl9VlCLC~IY(zj8hz2gcs4|@q^5q%i@nh56b`#jm#5gGF%7K-4povCNpleHP=1R)^
zDgIn!tpDmRE{us)M=@YF<M792f@%ep<Cez8^3&r2=QPq2*1N>;8%6<nTCr*s&&DIO
zx9XJ+7I*|qv+auIr!(09X-GaPI(ja3wwv)6vMu?SDC4$WyDIOlKPy|mf8J`~j^Vd8
zQQ^!h7-_Y2%AJ4IZ)QCunSXSFpvs<;Zifl3Em;?K>ENW#duhOU4E;qWFPDUbXAIx7
z>gw?m*?4!4E`}K6k8q@lG=Jmb1~CXYOKTGo+MF653X}|u-`OL`$zwm2nfr1{0D0f3
z-z5+7A-cN%A1L|%fS^Y!p8yJp6etoY6n<dLta6suBcXV<wqKIWz*>1&ZDiW@cAYJt
zalDdb1OVWVZXqaZRaC;G%XzxuoY)du4_q?2Bk4X9HP@WyWOcNh)E)4eUR&{UiGS#Q
zDcHpqa|gF<`EsegVIu#g{oWHB<mFSm-(`q&tNtkgv{!P5>lzPMRIe#P5IH)3f+NrE
zNoB#52C;S&2Q24FWuL1j{UQe4JTS@ZV2`wI?O(ANl}7=7>3qi4YCog9rMNVQY2&*G
z5emL>@}zv2=>+$}r+%6%)r-9Z+ZF>q#3$nJJCMu2^|UG*j=A*i-q3{E_aY{WIjw*0
zTLZ}5bb*VagSWV=kQ^RiB%qUSyzkU0{;;<l<K_7Akn5vKd!gMoM$6{ugdg{*QN#yO
z!|Hy^$D>yKx?Xmh5DK-K%0Qjiv7lyS!X+`0zaPzLEh%Sw*$pLp0NB+rItQGq&S)Gg
zU=3)>-B~Go<YN=_B@4Y|q<aMHxwIxS#!1EZlholFm&)ZeKA{&bRBaw=n-DDW5eRu<
z)MGcg?TE$b=JUWB?64e}-Ef<LUIQ#u8oNu1I-Fm=7tqp@iAY@+ozS6Sme(fq{_cfx
zf)~7du?#NgR!T}Z0`k-YPgn^^*Vm91*s<w5E%o}k3Xf&++#;R$_*1n#d{R=%rA<xj
z*A<7Vkac&tex+_3(wrR^W}sjyN`2m-g++znN<hX<9(=e-TtR5)eI@K%gWTkM_gIjy
z-8a0mL3~BB!M!NCo2s5BDI3;Ai3A`zBFGPHfw=rAfCc1fB<}2aiy&Wd&I=QwxS{8g
zX%`=&q`i_$3vaEeIu8+d)BA7#NAgXQAY^f}wv!Xc{;<~E7b4k4R?6OgcRDIz^xUh*
z0RUzhP=#e(KH#shkhiM!aL0lQW)v<Xd22%ZM~$cd6r;Gy+{v9^x^|5TV2Ja~TeY}s
z$4H>U#vE5acJHvXWP9-7DCIvqyiL`6RH@^WBtQQ?Oc7>{x!*a%SZOP_;YlWU3WgOe
z^6@(G@}t{m+?pjKn}hG};!gsb01o$Rz6cc*T)5S&+0i1;n@w}@Se<Q#B-M$e#03Kq
zgFpRKeq;Hyf=?VLY;<+EmUj0p39Ym}{xN%xqU2uWTnIop=(PrESBe|FSah%{^{BtR
z=4$<axB%dfS;w{}(YB)W7@?Y-lSe>#E-sVK8BpqMYTA>Pa{QKp*wh6S@dOOM`J?|H
zZ|?;1iri^S)o+=4UE?cCU#^9|jPLE`t4}vwjJyV1+?<ITotA8Vg;9W4IG~J_(pP7G
z35f@p-}96|pnN1q9$v6Tc-^ZMg2|Tml!+j+)jEB8gRq8g%HA854GkURBoC)U=Q=<p
z^j8)UWVCma9FqI<QBjJw4Idnz&P=tibfQ;hJBKU|gaN_n19rIm%rj9JE^IY38@%iU
z=$yc~D_4Dy-f-rNUqsI5%^tl<QG#lB-c9|P`z(P3TwK!qyt2xt#_##3mdi1b_@OGY
z?^X6u2Zxfe5Q8{5M<%%8VAR_qmhC#!`sPh*@|K9zz3<&+O&)zPJ8lUM@uW|Ax{`Ap
zi(0B+m+C->H`D7RZc|efD&*{c@TE?=s(G1h{&YWN4M7uH3RzrSv$~Y5x$n;BQ25JJ
zQ39QZh(R%P8DdXh@w;WTW}|-mhGh{~A8BuTHIL8FkV<T>$>WvE``fPhl<5UQH3q1W
zO}zx&Z56n2iU0Lww71~Fw`g7T{%>`0W4D9!Q^}A8s2n2IQY*mN2XFnVcxo9Ro>V~z
z)J|jF0x1Rm^ZNJd>HqKxzs=SE{W9&peNY@J9M(4VU=ZPNKSpj&or5@;?F}a#QU*AF
zjQltMEh8|)Ut3-6OGb_*FyB-CJ)R7(#s68w_}^~jf44OK%ca5LdZQiZpL>4ENGKqG
zUjN}<Mrlw1iv6cR9%J~6jG&FUr4mwhKeVcM+%d%9%hJ}?{AM30&vf<nPHK&<HQHY(
zw0t>JnC`h}Cp&DR-Gy-pmdkZb$H7foqhhsg-8#rS>Ac|dnP<))2PyF4wv~uO_T{8P
z&Zi5Sh4Y=t8Vo8b`RsWoi>{m<(rNAS5jnl!O~gBiWZSAo6OOrev67=x-QWx8uEMZQ
zY3Nyg3XI|j(*+TL6`a5W14Ue6^e~aeImb6{+(<^8QnwyHjDW_D9ds^05BssWayoGb
zzq<{Z*Xb$z!3H7$y4v2Cl?ZfXITN(V*~k||5kib5D?t<p|M*NQ-3JnYqRV&}n&S7k
z7Jn=}%L|#wQgAVMSeoqbIJ+u$>!|avr#5-aEQBSnLsU+V6GA`^;P-?@^MF$E4*ag*
z@l6{xoP)SWSYLBK#0VPGB5vIh1#`s)lgyhj;TW*OPQjs&>5DmEYU}HRu3T9Lt#3wX
z3n4{`)pD`lV`|E)tgKA!ebjB7jkzhn&DK6W>D+`+WlQ4e+lCS=xwc=c-*3XTbm<r0
z^xn;d4^xK<|FTGq78_bFk-lF2whyz>75i8P^*z|Oy=O{6M=)S&!?%HE-iwLA`s(V%
zkS*0beq2glUtbnV9E9>iJqFv1&@dpd#K_EC1|?83wiZ)Xgg~tUR#lnj+JCCMimjre
zLUjFlHj2zh7E@OjhT2&fbQG!2yJtW@7X(Q%5X3v+MCEVZq-oM>0)+-8*bMsh$5U<v
z2QwhC&j63~hKl<V)SsZR>yM#USb$LIUSo)wHE7F9nD>0J*f$c>Hxj}9X)f|n!T+*h
zV7h*sEDeQ`fYA`{`2<B|k|=_J`54@_`wt&t^3#E?oFlK}0@m!g$?ebs#3>0>S3Y?M
z4vLI|BSQKauEjD)kYT<`!6qdYM5xZ$;;yN^hn;K=9SS1jvMB4LN15p80=0({Fk=E^
zxt5S=Z`evf&{nZSN!;Gcsi3gX`RnWDeEj?%Nbv%JtiU)Mj5rW=y!5FLTwN{<w?YY(
zVdu`BU^?lzErB8p)QlH{a%g?x1R4631opOB_VMLlG6q20qeWp3<n?#=4OU>LBQ0d-
z04Ia0P7j~CSVktD%W6gy!;MOC%rNCE9P84BQM^HBQs*&27))MZ!qK3d+TldzV2mu9
zTf-p?MN2`f_wkV$;gu^_B6VFt9qO?#jvtbI6nU~OCjdiGL_rhE%gZCI9Wsm=BDFRs
z{(xHM9~;Y)nwBO9!AL6iy)DLdhd@lYw4#C@+Ddzki~<V_eFCNtSg5M0u@p{(dp(M~
zcFhLNF^sSSRCE5)rKLCG<G&nS!NL;ZJ+_FR-WuC1$Mfgi0TmV&mgCKjX)vpx3@oq5
z;4R<2cP|;zv2kD|q7Uz4eEj-nyEW%G8n)l>!=tnY8Qo**$0}^sVQ55Y>FF(2R8%Cx
z=s;|xN8NHs71)-iK&;l*yE{EIV+Vp)XjoW4WMt&P{1R+tu)&@C8`mRH!H^?eMgEVi
ztpaEf)`I?BXMcYLF=XI#_kPUZM2W6my$IHi1%zz_7&cT*bc~FiJU_ebpoZj&pFucL
z+aAzMK7)qMYC*7YTWmOdYIl67fst4ZZrz^oDLgK1kQ#%qSWF1F$t31roDXK;LFYsn
z%dlz5mgoXuJJasClT$GCwOQ~B>|!qH#0CK>6qAtH4!Yn{$XOA%stZ)VGVHA%LYp8K
zPk#CQ<x4VmeYGGY0<#N2I4gtP;g3ocXs(t*0u62$jNCw3@5xhL;H_(;jaL@RKsHd?
z!Uq9ZzHN;p3gc#XqM%;}tuBTzU2)haCfuU7nOPj_5Q~wMSl~JyKfgvk_FM23g92}8
zbTls}5w8{0@WrnZE1a(y8@LvqgbZ03bkBmZgT+w2#4xrU*PaC@AxM(NWLq1EnIQ2`
z8U}-~3tQJ-xCT8AL15Q1O$>GL(ra-*+$$KmC5*76%uR%0F1BWk9-bcO>o;%gCmQet
zf-!rZ8B$kVFde}-Yb+q-E~6KlIQT3piwBT0E)oR3A0rwlF2^rmD0&bfXWxI*ewDWa
zB!gfaVN7o~evEgMwhI;aGiT0pp%p08j>vREpw|T76q{(7l#~=6FeAAE?8GalpkgQn
zwGdrr?xre8o{^;r23pqzeK~F14?U26#&e<`9v+Nj<gDq<w6ru?@aelSg+LqBXH56D
zN>MkgKVuJ$`8jA70#d^<T*(LtKduuUMe7;0N1A#&{1$ki-4HjF4@1PvF06{1;UH4D
zZTaqd@H0q%OJOtchvBJ4?HhmiU_4zJgcpNBT_l?!4t*_Twv`sg>6uBW65G!V;>nt2
z9tvwa{bMiz_Kyh?{5<n>6IP{w`P}?Ea?j}Hcu!?sME8p7*>Qc@O`CWR7I{lBmibMP
z#zeB5;QcaPxpL*4=;!h8oGZ36LfMQ5AYBk1vJD88WzZS>(Qy5*zr-1}Yv=Aiopjer
z+7n0^Z6ut_S<3>4gIU`>0<NDx?ZmJ@fGD(meSLgz5MckZT<AOs$<4MONV?8paG92+
zr4T<qKdN`jZ-S!U%WV(NKfE6C9bl%C0a+UkA_8gQeg)!mH<UsAZ{8FJUt1PC9`pN{
zNm4xrW;-J=N6__|K_$eP)DQs1urasp-3tN1`o&9EH#brx0)-(AcH_B_(|DpYulw%s
zdWh0QLO#hFx_kFAYY@(8t$_2sD^7{`afrL1PZ_uAq%aIBGr0$sw#=yNckeiW(=58E
za;^?*nw=9U?g}|conPr7Z&g)QX1^;q!f<CL&CPs(rTI1-Vw|7-xu?Z>*|KHiGpLe^
zirW=Vx9`KxYJ(cPb?a8#F_aRT>|0q`S>F}=`Q=ut`Al=eKtdr}L6j@Z`tafN{{B=;
zzTVEH`-<6FSz91`33@C$9UUEU%8H8F&wpTGP$&{u9fT0j!@1M9VvCw791&S4Qhq}z
z5tikZJKIhjD=QI@yLFKF=wpWQP@>eMw@Ei+Jkd2k4{!r-wyp@}oP;8xSnLiPJG(&G
zsaIQV;C6U0C2h+U1;2T37{_Gnulo>5Oif$G#U!<U{qOQDw=o7Ubv(I)cSC)Bqkr3s
z3L*t4s*%W|cws&Q9Dc&RCSMM+cFbwTIlhRhbVoOLUOpn8#D#<`VB2U%ab-|QNO@hI
z;W&h}%CY8X=g1ri_gZr;ER1P<@M8ps)GH8+z>-vhD$EnUMQRyu{xJuPb|g_3LMIGn
zDu?u5_M7L=84+#N*485B-%-?!T!?w40-P6__eFsRcFNto8jMw&W5>dY?DwS&Lsgb-
zmydXIr(u4;a>(`F2hFx<=vCf&ZtO7z#0Ioq{K7pDRG!1&G_IytQ#WLRl&F*xD<+f@
z2khVWAS-y+y7kg`*>lH#V5xe}$|M$?dHx=B>7d|XF(oBFJaochh5${<Da$P{9POx_
zGd)W{OJ>=%YgfyR$xp6>;V9+m!CFIcIpW3-i@36z>pYwMV97Ik%upwVNBn$+%-n3*
z47Kgs%@gZRz_B8_^N)`gf)R;A2!NRZ`OV55>n9L=Us=@z<xE*LiO`PWmPn}plueYd
zS7T=cgSf9P9wUnRvxu%C!JXNJCJ<cVb5-iyyQ}jFtti8L>U2eArIvV%rev%*I0S>v
zo)bR!>QGul1Y-4Be#$-ewg^c&VohgTi6L+}c1#?0YP<yx5NnfJ^Sef+38n#$WKCO}
zAc@7GE=y5hn{PpH(W{k>cxIDRQ>C@FoCrn&QGZ9T$)OB1scGSeSy>e~SA3p<;ee<z
zBg`-CgdNU;h<p<1HCUy-wKgy7>C;<@iNC@smGv~2JrAsXi7kNVk6h%<L{!cm&OLkg
za$ubD4$G?`;A7hMp&@>$F!!Y+B_Wn)J#T9GMPWrGo~FmdaFV5g!Ua!DOAC^j(@Wh%
z#M2|+*VW0w9TU0KEAp+7JUw1K(VDmxBm_|VC7q>k?$DPZ3yH+snrjnwDyKhhE2@D2
zG1=OpjHh`OYnz&?;n}<T`ock~CgbVi<c}K0xE7tnq|VC0pPwpO_Ae|ttrrBX_Z4bt
zLYO-c2!n?IIO7f8)n8WWu{?opAEx1K!mvzkOj+ozuB@V+-NdB|2bRe2c*px_ge##h
zS$2D_7MBbFHyfMIY`o?FrPE=ZaXXxAEi`UHIu}A_q=&)gJB93k2_h0976cHt;j#$K
zR3|!_#N^;m!&3yOrLBi`H2<WGZa4#sIYFGYa@DFX^bX#M%9rYcym}P`A~}{Wr4x16
zibE3~*<v_T!=s}Z%f9tmcI6C8Ib<NTuAW}cOc7ck$Xrr1Ifi}yd<d;TpU{^^y&V5Q
zf!9k9&lw4$i{OWzY^Spi<z3OiW{sOg^9FTMC8_^oke7jrt1Ct@Gr~m+aE>Qpmh8ot
zm;m%%mA-%f<ekLZA(kaewr<<TsCc3+6x~!L>)5h-lGqe9h`s!1VkWQ#0rR?bJFlq1
zK$#bH<9Z`~4eQW{Bnlo>=|<^mNjKM_tH&(s7!P6`v}O!LXZ_{YJ<Hr9f7}i4v0T6e
z5;06=)g0W`icb)Q8G(<Jm6g>*u`<I|vJZnWNYe<u5yqU;qjkJR5rMI)=MVZG4E%A+
zJ7a+B0u2(Nqu`z&3}2o@!<{x_N5y0EpnrDwT)KMbwd4E0Mw82Kt|8X*B_W<0FvZ2i
zb;4(5)*!kqL#UF0o+`8b`@68qkgCU*y>CLe5sFlS3~wgpIW;v^7JafU(W8H%PpuTv
z(GiHz%3i-_#i6>iN*|4h{y1#J@$*405MDA6Q&UF*`<5%atVJZpfZh!$v>A@Cm^E6P
zG6=J)>M^XT$l!+IH#jhSYF_dPbVqt?SD?-wd-OoT5P~|A*&v1b=_A7x_SkFe7#6mq
zs%jC`nJ=bouxK2Cb?U}=y2qKBWk{7sj?mlNdpYk>!Hf@3g5Jh7fy1xk5>IJ6m-y2F
ze}+Y6z(ZD_Y(qZ@hma6S7BNhV1MMc-7+A-n+=%0kf(?2b^l;Q_3(vY=5Zug#1IaLs
z#2wLHGump~GMOE_F_omGvXTKo8e+C}z__lQtjNsG-HdS$sAElAqXR>vk+E`ZU+xC<
zV1rmgZdw!DF9YqC1wJ#&G)J1Y!MUMX2KuXu5U4K#TMC_@)bqk(49&DTc`_Q;5ye=8
zZ0*wqu97KOTs{nwM7m^SYkLk6!OLt|<wOJ@h)Sh@d<?F{XwwbkIN*qPBRsDxYLbgK
zld8fNa>md_4EW_kTUgB|Co7~z2!2Vo4|O?JglAlpptgpJJX##|_KUTCK+l_^Zrr$W
zS&*srYQN5O3x*)c;n{;6P+UK@fNnBGgL>$grJ>ML$tPz^kJd?e*=WP7dtPQB5r8o-
ztE&2Xsp<Ro?~&+0w#I1Igo42zgLqaRlfz=@yQ3&n<g1bABtCc$hE2!YtRX5&;mcHF
zeAo{ktM=AONAE{4oJ>Gs;~)#3sUvY_mFLajp(x#iMZcjmlX>S~dzno{z2G$$6Sn)*
zvPYPB4#JEwI;2cie|dk;eP-Or0^Ov>Mlw5hO2$g24gQc?xsu-SfpMcc5-&uJvH5Ga
zA3C%W<2cwz_qcs*kK+8_H`kpL6_uCgMqXKghVjcnyRWTduUSeeL!Q4QSE6q{c#d9#
zfLkOkK>D#4vV+EH<~)$1HTH;MlJq;)^e7UsvbLoq+H>BWB@Y?$<tXSSBEBHRb7V@P
zBv@+RlrGcv?VE&HUELHu8{_1IFsT@OHvlo{T9q3cs(YAzIZJr=DCba_KR}`t^Zd1~
zqema7bNYA>9Qh*h{|i+t+JQjn4+_}(qyj6+S<5Sq-XyqnY%F`jcHFwPlapo22Bc(*
z5uZ~e+Xtt@U_cHq#VI$pMbx%`p?|OK2ucCzSM?kVvP?<oJii)dMr$#2lL;WpA_~|V
z143)b+7X;FBtu&0X?~@89{u2UI2a-p(j*|LZ3+k8jdI<E@bDeE5_*4NF6s~Rm2&|L
zorLCId*Q$b4<v-uy+fhP!!CWDII&*GKVRc3WY2q>(nSz!W+2r>9qd&$X8)8RRDf$N
z$8r2os3*H_9Sa=O7Ubb1lD5FSmux3Ar%j@b^H2hVmL_(%^TNE3*?|MRlQnPOE}^Xd
z9r>Z7G!Y(P<QE%EG8E|P;1#4tz0sBTV^{1vCNq#c&&<rM1ikHUOCYPtr|zvp>?kY(
zVpiVefk5nmg^Yko%<f?Sd)0V<t(sLF1OhPbk%BX-MDiDjl!lH1fYXJxHE3~`0G@-3
ztbpaVXR1b)QP$MNOF|^LQ$*J**1d0RT!s;K9Do~#hr4uudnKclpF|zQ379AD-&Pv{
zzeM>H8Q{CZ)z#JIFJCg_FEnS`v$zd32LPk8t$Bl?&Jd2N#Cn~AFg~lG5{J3DxyQ`-
zdJIaufD_*hRI3+*nPIn#53y1NmV#@#ZTx-LuRuM^hG6!+EE^%@Kx_i6D?T*GcTSlq
zDKDpk%Lns@0W4cNfB?jU0~VqDF`K5Wp@9cJA5a`WNpjb{udnAOLDR&<VhYcR2awck
zC*S{?OjssXw8IjUF~XQVK=MM|JSnbWoD&5o8rztTLNv!AC}=U@au}_fNI(6CJ%1Hi
zd?Np#<Lbhg`n+=WYFY}>s?E`(60NJ3Mc6nvgrXT8nZgR7xorIM7Y{^*hcn}1o!#AZ
zxHdKtflk06zZ^M#_NtlGl}N+OYc_1)f(zBNun=6y#RN>Y?*01+wFFGQf+4(DGJ#Ha
zVh*dKgx1aMhBH9!Lo$!VFAq{uz6ykGCyS_C`KxWLmt}l*>I`YGq^xl-kc)1~hU6B0
ze+wZSG@<=L`~?XSzg+t)6}6Nu3|6Sd#u8(s1<puI{R%iO(85@<slz)EpeYSlp1!H?
zoUzV~OiU8PKET6jp`V|MPG4PTEC4djC%V<Y7w0>vq2Wnl+(F<kUXeRHykT!gu?AK0
z{}L(EQ6#m%d`2DQ0BDIt9{I}jQBjdPI6+~g^YZ1(6l1v}&!3B6XBJTf-cwwFOa3D5
zuNbj?rL7y|0ic_~J~=Z(G7ty`Xkw5wzU;rZ*)p$^NI)EpboOeW1u+7lMT)<82R>T=
z(aF<L|1shbs`%8#!~z8h(x1DCmCqmHWg>EFhL^yPf-!330U5r6tyzVRY&oc>3o5%X
z;zY$dIbzy47XB0r0Btpz<Qa_a>X*W`zQfE0K{YRKzzpx+zb{AJ7lp|Wx8UMnIjbP{
zA0F9_BP1&)C()4mdzGF3tg-?0>Cs3`QAC8rJ%Ly}pfjhR9mN@X^JaaAJA5tZn<&XT
z0A@}cGB>__=Z<~R#O5OCgqY`GuHwMYnIYS!Po4x~;!!|1oZ)%ot?LAJtgS_%1;_-4
z6de7#RQs!uaT^WX9dhLBicV#S9Ae?_nv4Awc+W`x+JXsOzdVaU#_k(R0l1qo;Jb~D
zjW3tn(}!^^N1P3WGxj<3L;e(se%UZ%Rrn0_;4`4`VdS>fe)Z7DzjPBW;YRF+J4+c^
zS&iM+;_{<BzxyK9mGQ8Vr>#|CO_C`?L#o`N=N!i|sSus5a0{lt+yWd!%{#!TO6H^(
zc$t(&iLa@-Aj-%=AMmT!bDKoY%Z;2qV~}>}{QC9ofNW?H^MIqSJ^D-;G*8$X;6Ly?
zfuf8ET!Q{u0lr64I?cb;z(}RB$O~vG;OR@5<)YI`U)Db_E81$T4A-bR_*}QMI3^ta
zD*y(p?i2a^be2CC@Hq_704=lUuywj{`haEK$kh4umVfGOKIfr@Qm#v=`w|Sl77CT3
z7`&epwjAnihyChdO-kqf=XXp|JJ3;@^uvGXcW3FezU(zpC;dY6=N;r3{on3L{XeQN
z{%U=l_8T8mfAn=`L1Z#n`Si<}wZ@W8PqO6>T<?~gGX9jaHvE|P<$aHAk84*cCdj?E
zIP}#{+OhFST!d{RzulwE1jg3KuDjX4|HB2)-fAeZ{kDs%a(aiziFPYJ-rZpz#&bGO
z<bQN~J2U51cr(3crr^lg!7;Dm-yDc-N2Gq&Gh?p&_;LF4moEw~d|03QZ5g+Ix8j-;
z_XY=I>?tKCM!NZHHj7)Mv@<#Tv!*|*22hm^MD<ZK3N(CB0Wh~eYhn7+w{KziafPxn
zKW13C_LaYS#e(q}ls_hS<Dk|b35_)O`HV#R=?i{k3XfY{{Fo{ZK5`5a04lnyHHTaf
z>ov@d_*n@rh-LwTW5PhagKzcvUR;FMv{L*6un{OAUVZbIcdYt+ddg^GMUdvi;74Z^
z9_|f3R3vpXz+tu!yH}34>X^djUG}>XxtFs#T7-ybr>rkPg;1?0RCups>{$D~YuA>u
zva!`>+V3QoCv*(P)VKP`Zrm7%Ul7M|=FHD~gEi=a$ARAS5%M*h^89a%CX595BNt)Z
zM%FQ-fBzWF-+d?99((m_HzwSJ-zx}Np(sG}4)F<BuZF-cLHvsgsaps{IiAKV{;vI<
zL*Phk2cj7p;1VF2RzajA6!DTR4#TfV5|cld!yl52@6d+jP}$<(=BB6OH2l=b2LMur
z&VwjY1lUn^@Io$Lx<rRqI_UiQq|{Va;6V@NWv=O;$MZ-VYWL`7<KyGgTzv`DAJgfg
zyGp|D2w#wWvLcyy{PbxB+;5_>Bzj@a;f7}+QuH_@qZF~!$aw3?oo7&qWFt7N1z5Pu
z!L;a)*Fu6o##_oCt)s^v@$<kkC`5HUK)*3FV-=jzzV0y<FuEGkt)fwlDFC52PVKBB
zY6VZ<hDAqLL!~4d-eP;xDI9Vlct9{jd`==(gc3d;3+at2)TLv<+aWpW!2&+0_#5sv
zmgGTF3`=2Pcl=luKLU0npu7;0=^PlifZ0k~t1pr2D&DYGTKar)@(QF3G`SX0C}zNc
z6QM4pQ=JsDvypOkjayHja!bZCW5>hiXt}t!+!=w@2}bzcB<TkWBJgJ`ZTkzALlmQS
zBtWAf1c^G}7h>@d$y|+M5*zLc5h-hL7e?xbXs2Sah&P3N^}ewr#crZ{J~-G0ssAL_
zQSNBnO79;p)-)G*ZiIg%mE#AuJV21bTfN6yj-Yyo4q|e1Hb;(_O1uShiaN?tjAGRE
z^;O5DNm@*Kg&-IWM&T&G8LKV(hQjEb;wFVCuz;+A8W709B-Jbcnim8afBx!K`R(nO
zIQaRQV|N4-Tm^X^O7mKPW~g6rH1s4;vJJzt5W%l2p=34kVoicI0F+<%3lxre=hber
zt0rC5wT~OIXb7M#5<@Ea&ME=_c6=ScL5uoP5DWuq8>ha!<k7#Wx}4Ah05wx2%f)aA
ziO;7uV^arWb|R~YI_Al8qSjdo_0ii#Ma3wdlE49OS{uF=%qvE0S}bwu!9sqF2@b$H
zL2~SmQ1e$2dl<<23Z$X<3bdHe@`YR_>&s?Y*~cH8UEcse{T3x-|J#qhK(YH>(iWC)
zKN04VdMxqGcxn)~iHSmSo{5x&0icRreKk_IQ^p2$*2%&Aq1$JWu8>fL@(&E8!=%$Y
zNm2L#i1*%u2bXke1=PHGLrB_dB_*}tHl2|l9kUyom_SpnI`B~I-<W^X&Lu99D^L_g
z*@=J@us9<h9MemYG@&X>W}T5#2qVc+?6`$39~vJ1*9T=46_Rv70R)qqHG#K`^gT@9
z;h760Ev*|2si5?98HA8autLacG)DG^AuT1S0pJKy$3~3b8M&#w1hx3p@!j9QvjuC@
z;Jx_zO%gRYEm&Y}fOj}RVpm^vefmU8g+@hf#g;?VZf$K%L2-f<XOFd_ZHiS$`Dvpa
zq)?ue^Zb^1Soz@o{fjqOA$<!ycaFATv~K6Vo7ZDwgAwF7@}%Jss6ShNnTjqp{?gS0
zPeV)tuwS#s)-+JLfptl&b=YfYm}Jzp;To&Gy?xe)9~MHE-9UC9oE|%bAQP8(TJ$6%
zLkpFXtPE3ys~_@E_ipSnv_v;j((T*2=4_0V`%rtD;?Ra`sk={>OG`=V;?TuT0i@R4
zx^)pm@z^^{&v1#n*$%C<V*@H1He^<<hXRE0g4rJpitP~f+Pilzh5U3aH#5c|a>J|u
zElY8Ebmz`0=yezv8jADqY}~LxQtineQ-nNQk%`M;=qsfOE0Z<@A(wj3S3loZ**G~x
zV)&WKbbDPL7h>3kX=#vKVgL5<G+n}0Yx1&B#wGFKGw}R+`<qVC9dJ7M&hFST=3wmr
zWJmj^eSj|};*^uPYqyV@@DV(O$OAXSLhsKzzuJg%!pXTEn~_u;eFl+K5_z4-t$|3h
zNC{i{@X3?xP<SS^2Ta361(_MJETf;_f^ua1_3JG76-@F&Q;;?0T`oOH{`(U#JYcFb
zcb2}|2K@(4_+mUK^qhaXYUQg19V}-I)kOxVlV(Cx@wQ>6o7c#z_e!XU$39$-JsS?P
z$qjWMe(WVU`?@T7S=sxi8<GKSgYqx}8U~&c{jn@_$NV$90RJ<f@CSerW_C2J2P%g)
zzyM((@yz5vZQW~b&J4LE*ivzTyd{A=N$7cK7`H>c4%K|ri@wPN|7g(o#|Zy`3GF80
zR_Y<}aRmi}Lj^yVV0=%O$yK!X*n!4?>6q0R-9s?<f|<d5K3Qwc_^SENK=#L&GDFM<
zaD&28{nDPayGr=};DazzkUvl$5Ftt@qu*P3f$cI-&@Zw>0fo>`5Hmv*praF0K7z8c
zTnj6%UcBfJBM2voort-E%n*$VMFwCCTTmxihI47!vK2)_)c18@wMh{XQ9D=zEXT5@
z!<^A^C5W<iIV#azJw1!XbR&EA+)(1&afb^AI2bqthAu|qp<pgO3*b9K)__0Y<mWfH
z(?S`BlcZ{(4P-zsa!nP|;juk?RKF!m*INs#Kg}(g-?N%?U)9Wo-l@*Qt)l}CO+F?T
z7OW6qB6>JpSHu;hzkK<EJfi}pTtNA<-%5g(4UDKe&Q7xa${WQ0B4HQ&ICLTTR6S1V
zgy=-$*q5LV(N~Z*yZ-~y;n<qX^!^}`X(sMf?Lp4byWd9ZHxcnETIw68zX*?dBiQJK
zPf!2h^n#6GCYT__CbWo?Q*E*Lc@pPyavn8U%iW6rLnlP5!Qn!sE(qpF{<#jxSzW5m
z{eB~P^S28Ozi*Gkk#);i{+sU1#(%=S+&Tw&A`gWjeY<<0`DTYY?5WeI%OJXV)7d4m
z1~vYX22(2<O4_Q375)&R=Ax*+78Fw|0Q=)Cu;JvKCp`U>(mx-qW;#7RO^WaBUj6Ii
z-*)7=u7hf`Kk(aIsEpSr<yB!ikQ<+duPVrOGxa{fAt81^)5bXVjghz%sB^z}5h`Ke
z=G@x57FgLRE3&Jkd;hvVFLL-2Oq<5UnZZGXVf7Czv1f4Pi8a2af7ew%xwii7jmT@b
z2w-{=8YAevb?cU}c*@PK$q(eAEHWDaUWZ95rhc)abWMUUFhCNHdc*3uXRb*gv^)H`
z2}d@BU1Y1iJ}YXX*iXy^|0qM)SDWvC@^ylS2rBFl;QHJ6)a<7SnPH5zu|rW%$)%SA
z6D7|fiUb-}h9Do!93Z8wC&fJ^23?qeSc>H{u&}rQ*wzMLd*8B;Sm6sGv)xc~riH1;
zvq$|pWy3h3Sz(^qw(Z*kU>NW2Nmz2nFsz_J6-5ZbD{*KqKnvGg7vLibq?u|=7qhmv
z4+ccgiBm=5UefRe5b+b@LQ*0C@V_q79r2SlM(9q$`Vce{kJ}bc-W;<9KbL&`C<MzK
zoRJ|{e@vk<b$=j02JPQL@CQi?ql1V5LUHiXJ&MyOG&$KF4X>D_&<G4L1EmwvEdYtm
zYLwAXG7CTqiKV=ilf#EJm)rp28ps{S#Knce2X^CFo^o~lr3Z%EJ7PMd?zdo1CO===
zV}0ZZ$Y?SEx{vaN0c!w?7KT}k^WCP&T$~Dr|0HMzg|A>8jg7g%w_(NFprla-*6@d)
z-Jd=UcPz~FBA75M^4<&>4hDd$0D^)9IwWe27og^-?1wCf6xK+|1#Tq~+`VS(S%Ufq
z3SPh$^*DRhlpk@0%H9XYlLJp`NO2F`h@8B<vbS#^)p=sPTnPpSV>%l%$pMgfo#UVt
z@tqWdWEqAkhXB{`#xQL}%K<y?&{Ci@31VU5lwBpsd~f}~<(U$^e=sSYY`=h557|Yk
zp_Tz-0K#%mXjl=X>H<6jDd%Qf4+8Nn)H(>SQ=Xp<R(#~;y7XJ{iV9yb(L#fuL0Gd8
zfUY~{Zi1=;P`Dh>YAwXf$frUKAKs|~g&d-j1~+O`dX540tcoBe$m1ja-3WeE1}LzU
ze^!=)@AS7dsgU^WYej(y&4DCIL!3;5bP2g?Nm-e;<ZD|0kdW%7J$rO@*#e0R#_N7N
zkQsJ4IXRS*svwT*D7BiFJzO6Tfua^K4p~#=atKpP31CZ=pdODrn53{^Th$i%oISdw
zy&EYj{0CaA0+N!%p`4Tb@{FCWt+k_L1a@f|>iX%0<NP@7px~{t$T>v=oGidXx_YNf
zVG!WRE(rTx`tYHpg;ccaEJ!5!Dehm9=p%)8@TEq8X?A11wqkv3PMpAj+Hbdn5=G4d
zq<~=UM1O?gU^1S<xXEuGPCuvjB5ea^PU?7wJx2#W3Y^XrgkM1k*grCo4HTNro}POO
z2N5aCBGcfXX?*{lWc_*~K0$!yb_Syxb-KTk`L{JrA+Xz4R0~j}4kQ5Pix*5trh1z*
zx|g=TJe0YE;aN5QSbusZGjjt;Hc>p%g>vwzp>{Pyhqqt4{fGF_@LK^YZ95(=qd^^+
z1wj6J3+b!B!a@{)v(7x|JLBn@YjOc>2=Ip^8w+mUzIBTN#lZ}Uk)vZGsXP+W(vPw|
z9_~CSg79%Q3QA_*W`NK_sM{JL4kfI*W~6p=AJ+nEY-CR(*HBVc7Ds6vNW6087G2#)
zx<3wPR3FmvoTx(UZr{#CHW4gUB8c8~8|V98p>{=hy%7IF&S?X)kE7@n+k@#Q0>Dx#
zU>_(7$@RXQNB(=DNXFerNW_GPBi4ER__0UIW`v5}aK|}*3+i~puE(%LXb~Xd(7*sL
z$rAo)!<m`q0g{`^x3gf0yP&vS_e985Xa(+=6ytzS%7LNm<(bP0|LWKFODs=Ux8^c-
z66lW*EL~K93D0Bg3&0>oVB28;3CCa(mMtsF2lJbAT>F<%qMJ6EnzOkhZ%<oag89mX
zyG3c<F%(l!;K2r2D<ebrG`>?`c$-^W%aQG3(6=U*1(OfX0nkx*jj6{Uf&stbiq!sd
zI8p$bY!EtA6nIvbV`KNVfMR1qvOxsdVnHRuaeew^8($^Aabr0GDkKMzV;U~Kd$FKh
za7%k1Hjpwu$T}!@Lu!Li8jw$WA3k)bUJ1?7%HiSRh#<pZzEC+L<YHx>r3=6)NaBd}
zO!*DY@J;rAMF(>7@~IQ*dPwi#PzY>-%5T#L^#gnN`Xk6s!XBbv*+i^g{I!b6D;6!x
zpDmc~dsvqXmXnhEpdbOQ^IRQMEpoY#e)qOMlll5Ko~5%iJRjPo;u;zvD14W}KMx~?
zv_)}!kHTUfA0M(|?%!wBInSzv!WhyZ8Vc0y5;!nt#H%~L6W$rB4@*%{C)GLPqL4iI
z%YRiFD!}B0<Am9bqMLcO*Ti5Xbg-?FZIaIh;JXOH_5VhcXl}Itb;>l_)tsCPOT4rh
zYu{<@Z2(+EQDCgIp`P8rJG3#WCvbwl_DS{3h51Kdh7!cU(Xs#h5(a8WA*m-|Vt;q_
zpCnMXe(l_l-+~Sd1ph8Mgnh!DJNFY~33Ey2U27q`6;Ngs7x!W{{nJHZkX&I4f<<@5
zpQ!48GoT}v{1<e|saE#>{nD9<Aw7`P5G33gDlEWc$BVblXuv)LPVh{TOUQyj?0%SD
zl;WC?rCS@jqYaI9B0i%A@zbK>NyXCt?1huxVayS=6};^c_zf}w(*j=NDs1||*cOct
zHLkD!W)yn|+vD}E-{t~{iNvrI^l{9z)e$iO+s?*!(8wb%wVebLRPOi_e%0M(Lim*x
zg-ZIj`jD;30dPOajS{?GPa7H=(?@PKlJS9LEG-<^#aCaTC)!|CZPDsDD&-*0-`juY
z4I5{S^q*XHIz;I|;%ATDhYsQ%L}g^y0g{0Uuo|EmrP}-z{57+I_Cf)CbZ^}q7Q#OP
zm`CajP>?SHK7;tth=fH5$Weu=4qLkB6zJWgPK&7S;tS!~d)1e!nEwaxhSi~<`fveN
zR$`K63P-t6;*A9T0+ipysN#A+kew3>m?*!24-L{VH;xE7>QJ^$G<?trGAjTvkd#bc
z*4#HpCJbv5av*O8=|UGZuBUHvPj%5EtbvZsJ|!ikPSDkZ!5u+&Hb{34`tiy<2n~XF
z+&PEkBuA6bAgELGvz{b&MDT@%GZf5#F(L*?b$+d<CQ%K=^Q|5pN&s1bfh+>FLC?U@
zg`yZ@QCbSoS@VYvNG52hTP6=Pzy}-nn9qw4c=Av1OE4xxhxfV5!M=ExVW)>)8k7th
z51a&*UsqXJKmgre+emi^@B>QJk~BR0dvFM~?!DjmePC2#t6Y(Xpyc!}_skKhgv8wV
z0l5;%md|{BT?$Wx77BVK!(i{xXvW&T{Bjy;I4P`R4^{zr9In+9Az?tnS2Sb_i`}pN
zP~?-329L8ypGKekSH`FIO?~H%9b6DT7RR{c%U7>Pz(a?_&N_ovTZ=9mkl;KC#8EUq
z?I?%mU~urDbPxv)mytdO473&dSrPs;o+1f8!)Ir`4NOc{!va^Lj2y(Fjfgk`&^F<I
zF^UBNVqJ#l-WIv8He=#@GsG{Pz~+}C$@~O`ZXU#-Jlc#gSFf%?7^JJMeU3vr6bVz9
zoL!YeWIlLn=yMVS6KWM^>2AR=B>Wlx14`dH_ugh8h4UCHoTvb|w-V7HL8vS7&mBJS
zJ|(|`>h)#~*!5Vj?cW!(@vmGWthzRcgWQTOq?(gpI8EeKC92`cJ|Qs2|C<5lU`G9o
zY%#GQ4kU0q00C?JFu}<)2~J%c#3J(jy=O<N2?p=_{4E{Gc4d{7TS#XXs#u|9Tm!}i
zZ-F}t1O0#nBb))QNY@|BLZ1G}45PF;w4XUb5<`a2i@yDYJE#CHY+aDY#TtxtXUZ~P
z54HFT0QOjOg{bAcyle2yD-n-7D(L+y70<c(o4O$)iefp8bZ>j13JL)50BiuVu|SAf
zZy~&M`0!K$fispj1UIwO2^R5o&x|YZVYD^`g9?IT#<|_`%4G6^xg8syEGkHV{kpmW
zuqSB!ciTazS|@QYiUNtqQhsp|2w;mM3DRa-3N0V>`2K)7|N4OD5JG%Leu=U`%!kH%
zAh#2pU|0rtE+x?LpGKM`*NTECX&yOsA1-VKECa$IdWu*VWE>BFK3V+mRfge%pzGHK
z;7j)!8wbIOndH74HUNr7+Fp<)cY@W4Y(=?}o<f*-4n+l+Hs~`%W0QyhB*O4+!1VIq
zRRU&3TtSD&-vyY)Rk+^(F;FQgLBuE!kmY2-$RbMB`87y_)?na`anW(sYA`+f-DNmO
z*9LtVaMx2u2?-aw^L7m~Rp5?wSK6x84oY2maR?Dlx|@ZaogEJOv$u91u{DmJ9c<g2
z#_JB`kei#^c&beW=qi9=$(cxEc3wSsgi1bn%9V^1xC0M=SQr@@p%;+!@14)jSAj_o
zb^7RI9{p7b^?M?ojBFoC0x}?Ai!Os?2t?hOciokql!EaOj-(!d_y_L887&p~D|8g3
zJV?%l${U@>UjMX|NoI=7Eij(^IX>?D>6H^kM+X8ulCsR>2Es}bGcU~3tdJ8aJV>}O
z$d_m+!oGyGRV2XOxl4a)fTQe$*K~B17=>I)3{1^w3uG;z7?A$2u?;5>`e7GM)Z6Vh
zH%~&Y4C8+EjvZofg>0XKPM|%ZB_*1cW$Cq`HK9ue2xnrJVP+m5Xz@YVv9rVF><&$j
zguqf7tCyobY=$*a#GMgKKv5vE-u~(0llWQ($z)bkB{mkI`zkmr*k<6ya+q^Zu|M*A
zcH-mhBQolJBaWk}QWz_fc7kJBc^@(m7eoVuSb^##D(mI=(NXZHGqzO~3eE{0s0Pve
z35!SBk=Fd@5EK3jAtsKt4Td_%DkuaeC)>qWhet%{AZaCV4lLL913MB9r{emAV@bLc
z$xb#iyT4EBVHm21AhQ@?Un9d+u3@2&#9u%??-Qt~W`$k~NW)xC<fBoC@GB8Gko+4<
zW&S<aZ+>bG$aay4XeFafuXeY!Ss=!yqo9PIlI4?&Ru0f5baw1`Y1EUbj3Wt{hM(AP
z_#10feGD_+p)U)SFcc9N4O=UGDW`oR-SixEC!9Mv>W13cWypE2L}8}LCs?CE4qBwO
zi}6O=UDyH!ADx4L0d2J!gx)0wayGd^3=sC18*9SzVf_<iPS*I%uPF4KA_11$x)f>R
zo6+gW$IovI#qYW^bP0#0&>;k}46~K*)T(7N2QPpG)fw;JUh0TEw;~&$2>`#PgyBcn
zI2sF6d*XWzBN-;NDcC@8XNnt_4Xkm7vqbnyM-kF5;!J{F0AMvy-UM1Oz9#z3++z<U
zKYTTUN}E4|5^E&Cq+E$Rlgv5_6bUOHg5ahMNjW@BR{Z?Z{Ra*Z1BTL10AeyQ*O7G(
zk5r57Z1MwJ@%fuKTToDv{aqvKcZnoqE(DV+P)S5LucLwuZsRd1{NPOrtzNyF6f)65
za7^%0XlUQ=J&a=f%8V%=$~8I>@e3$%B^ArGAJMH@jM(`|x?I~4923HaghTC{&5S92
z2sY%e^7_~7Ckb;2a6WP#8$2xH&|{r`2jD6DW{(YQZbxwwOA~?!fsTTWkUiOMbH;b`
zKU@G+(jbKT+wsocK0UjfrqKC8j|2tZe{#UFzODn&-xlD$=-`s;SoQ>QkSYOM8B$ai
z(55ef0TM>vcjQ(5-Hq@{E4g;tNbKdyod}W|-r}px|D8iPPI&b$?{9gs#&_oXCVG1M
zTd-1OLn3awef6FyM(%C#TGnax0&qnH61j5l?hs6ax50FtT_g&JWs{2o5Xk61VQrFE
zEjp3Wew30}?r<4O{-i7l=xF=BpAXlqRvZ_+{`cPq!ipSvWyuG3Um*fmzhD0u`6V~_
zUx|W2^5sjH-oF#$;56X**C+C#-3REd*SA-{X$oU?rn?3^irIm&p)rjr`GXCsWmtl>
z4}(m&^3m$k_p21guJKYJ*;T_}-ArM}aEO79ViDxS%GKizC;kgbR<6dAQI#@(%82s`
z4@$CmW)>E5nqW~Ha;=aMDgL<~aW7`94@JSX$U8Q&p3W@@Sdk)xCJ{jIT8VqNoq0e)
zYa3AO9a^)$8&#7*0U$6WV%hhu<vxWR3s7+U%qsDuBY}Tlaj(_zn*8=wV`^Jb-y#MW
zkphTMrEP7q*Dm}_od)Jh=nZgBQx(k*Z4qo@_!X*OPY>FXnFhdpC<;zR4<)$&^~!Kg
z#MqF49SlW)c=QzMVGtG7>~8}|VS{Q$!+0#@CBe@mrh-t%ZEVCS%`_7`L}SC_<HWhs
z($S%mFOjue)|x`?n*$yLVXe57l>WmG7}ioe7gXYbZ9H^VM_U?d6hUaRM3v-@GetV8
zDF0{eUM#R9=J7v%oKi=*xQtYKtV<xi5uAwHpt3I<{{?;pW{i{~IT2D18mcMXDg+z=
zq}yxa1yJn*X@ZpQ%gdANtWd9^`-OZW4S_+_Binf#RV~sh4*;qY1Q&!=rkfLx)f~P4
zqkJ<lx1ec}Je|<Bv&`AD%p>9N%78KxB0Pq%)K?3fEC@i%1xV-@(_%iD_aNcV!Hqb+
zmO!>>^#|&$-RO+@P{=_(p&Pm4UV?8pU<A^d4P+K)G<@`RA^bR@ELau$HjMM&=E3K;
zMRbi+hv1h~Nl6KXvfm_1#HV`Si4_c&u>kvxtsf-m5NHU%ryd`DznZvSv@LF+M3GJ4
zd6ch7@ID6%T3%Ik_rnNCbdl`plN71`qm&+mXF{5~>qcO#Xer{M@nsq$WT?leVUm`?
z4xb4jln}$w^JI%*LWU5v*;7RdQYSmqp&uiTq?95h@FpuiA#@gAtlI27DGP%Vg7^Rx
z1e0mU$>A=F!tRUv`)_n7(E=|tKXVgxG~zDN@K1;k9NP6toBki(-UJ%!wp|~-r6MZH
z*npxCA`Qqa;fYG-sR(HxNfVhfPf-a?2$>QQqKp|U4U{Pgk;pvH!*^WjdER&L{qApl
z|F!<>yVrX5yGytGcmICZbzbLr9LIT_lu5+L^Q}cx<U~R8at*5pX)wN>4+IFNczg{x
zwmeu%Xb)XV!Jf14Ny*N<FjYk_lII48YQ7*Cwtr;!2g*YpX8QWZW>npz3j$sF-kzRI
z(QhA%8$5}lfQmxUG`tzyaDe5E18R>!#39npK@`#`L#U)1hBrWiV`XJULMnQxbIyNv
z*EIsa1_lA5zm@na%_fLhS8fnniB;_d2oCoqnZxxz=GBk0^P~d-gC0QhfDiKZ_`?zY
z0NbemW={S}h(bno9XN3e+4lmWV25r`kByGrzF-If9*|Y>moG2shGZIB$dbdhd<ZoS
zki0PMq9;LyDdlK-S+jQS5+fs{*Buv74N)ineRg1C7?M}Cx)fo<f%0%PBTzcp=MG17
z!X0Kz{cl{OT22v*MFUKEt3tXZmIT4TaW#)>{T36>6T{=<shNhWDEGvy1+1Sgb3>kJ
zig(z9iZMNV_GtUKK4vrL?~y<+P^Y^Ql5BE}fe}+{*|wNHKSb=19Mg#Kxw?&?U*6O-
zx=!@~ZY*FBl9~f_L(;C8HAnCSGzS7FCK{pYEGs=+KcS2zC0~A;!g#$~y4!TOZriqk
zsEQH$2C-<C6ftFUqL@d~#}3Tcutn}c6XfquNQjJK+}aUy*CG#{#P!#I`gKA^Ia2Zm
zmy%&4i5O9(QS8wihH+3gAcw-vIN(*HE<5!|*O_<g*3GENz_%$Q0G)@d$1-YcLIPGA
zKRP>m78L}fM+iH)PC)jU^t%9{@62?|khDJ%=RI}eggjCZ0%+sgWgf~C0Q8QShh0J_
zz(?HHkfI_?TCrftvS|FlyYArb)szZxy74{Vg?w~hbP?*COx*{v51PQoS_=8=#sRiO
zK9Xgrh^5Z@r?{!!brX%bC=jEe1H(}Tfk?f>;TUksI1!csLPl8{f7qPdW<nSu{O?|W
z{jkw#E&#J72$gYcccIAnt0xDo<(c=;y)rN1JiVLrcp+0^W@Y8xx;3t`U}2(g;X80N
z9nR!!B2b%^Kubi>B=qLd;92<K;~-O8jRq131`Hh{TX9!zgoeh|X5%O1mmzIwHCdPr
z|M0^8E8-CWB3Kr{HO5??t^O+g0qYZa(ta!)#7;)=3*gkqw!+?5!rW`mH6ZKcE;)RG
z_*jqZ)4Hor=KiDeh&dI58$iqqaEf5%5k`x&;YosL4Z=?p;xucot_1%B^MzOF901jh
zO<4b;4+R4#KzF+qXEwrZV7#vG45y64aRgq{oeFF(-Lh5y7$G$&vI`64AcCtGm|@vR
z3=p8yN*uO7boH);EqAlajP)6*3xGp`&hMr$MCOw{-A1@Ak|+%n%&Z28Qq!G_1qQ5}
zG?Wqe|3g_jN?sT+xuL{94v`}oFGF<?$wuC<z@)|hsS`MezqBcs;zgSYnZJW|u^hGx
zsiHwxq@=q5yZdq^J&{q!L|0n9OjJOsNk!Tw{#%|p@YFtvg_U*jh({aj-Ma>gK3Y#f
zxTa(J5sAqkoqJIX5a<v|^woaz`fR`$oJ7Xc{A^BWjs?kX;rixN*SY?{zSS2Ks!x*+
zHN>9TK7T*#U|M>5MS1z6iyV5iIA>M^z#K?=E+x(iYMR9N@NhjvAJEmof6D+ONv2$c
zVW`+IpRP0)hJYq92R{FC?u9Fk4Qz}efODHd=EhnIlXR0s0i`Yf(w_&cpi`EYvD)N~
z$%6X2#msS9?J7oZ-n?<6s>)P)7fN$Q=z}6>av&c1==|=~0pV~pn>#Me1c3bUnh~p-
z=4sxrsz<5({+c^~$|FPyb0A+!0VIM-EQrQf9m`99XLQ_;%W=kuqFEIR$@Ima?f%!#
zz@hG=P1VKlot06)r{9c<r`r#iLDZNN4KZ~SvT5qUhiQrExW_T0NP7(o|MH+f-$c`Y
zJ{$$(uRy`y%GP<_lOG<eFfnQIUhUB(qMoF^#6E2&<78o|KXNfeM5gsZ!rU?C?tlI{
z1P$orrvY7%H#=NOG(bR&Hb`#aj#0k$uYW=sPFUCa`Evdp4)J}BU8XGFMM$xcn?W8;
zO;_3<$?*PB+Ei$;AFuoKg&<m|Wo7d7wfsL+ZT#2V9bfY1hkx!Ho?OJ=5@qCG`z6i)
z$V|wa{;NFX;6KOK=aI27>#oH)KwSU20smeg{M(0EdV;LoAi0z~#`OWh3qn@{o(H$(
z=<jQ=Jb?%9DN-=m_98H@`gChY2Rtz*9R|>Ix&eY6?6Y#hi#{!weyrOk@{g*-Avh&n
z^1=^V^h{6?{=kF%`r3~&2!}WvNF2PYYa>Vq9B2tfrhr}!@k<hycmDV4!6iR<$nG`M
zpwk5%uE%ffR8{FvOxG0M1dHRcm_llJ`1|_G0}?@V&(c$;P7!$%z)r(X5QM8x%|VVv
zl56=fh?2Sa`DtNrg(6f1{4X$z$jXh~O-K--C>}jp{s}GBuyP{ccCBN}f2&P&`<k+>
z$iW>;kRVPY^DOLX@?nT<C@Byos427z3>8SIP$2!QiYW}}v;a6Eak;xjYhvX5YHT_W
zxKAKmprc4!{J9d191Asba+1o5Kaym1!jsG6A3I4&NRXhwH72(cg|+))abtNN2|W--
zcGN^(u5&#mXw7+r?DSDPv^fp=j^Ze7lF#Cha)zM*$<GNaLqxF9kp1}iQ}*dL?U?G*
z-8HE=D&eA53c<?MS2J5XJ0CQN<X@jS^4|-lJl#H^d1zwNvJl-zOSO5wv)AL0>5UmL
zt!_m{F~AhSknK3Ct!`!?;fn(N{E1pEMGNmg|Dk^%Z%J{bc{yqllHj+X5&R(<;0<7m
z#QJ$Iu2|WT(Y(cP`qBy33tR|3tJv3p7^_%JK=!OhtR_-XD818g#{6=G)X%Q@DmhJ`
zKKlmpmS9U*N5E_!f*GDf*D3HajbC30;Ac{>ksL@^SlBj%aG?MVBGSdI4|ZryMq~1$
zk3`cYc9xw0FaS4VQ8Z1@gJ>zk5&9j~4kQ~O!rMR%FXphgohac-a5#d@32l?YGi!Dl
zIg})i@x9*2=E>MONFE@=cyd_?I2Xj$v31W&kl%1aW=tWw1qn7h&^>5GF?E(OnK;fq
zjciQbV1v#l%$7;HpwtBeA_~POe~i`Gv2V{}_aKykk1k?D9ro#FXEbC<lbwPZET!)j
zDBJKhPHFocNC^n+4Lp7gs@4i<6>Zx}{ZvJzwT}tcS`t0q3Sjg04i09(12ykgRD4Af
zA29t`*wCF$tl<TejN}HT)*T7k811DWVJ`3+o+X7z%9JcKASZy>?MOL^_{ZwqR7oE6
zi^v*u3>Eb6??t}C03r1?SV*B%L@~=>mXCIEk`@3nC6y~Q<Wxjr?G+r%00EyU67Q5#
zE)G|(61W<GLb!`L8l92U@5er>Mm1&mR0EdY)8l;sP)<S3!wM%W{mj#hAQx^2tGG51
z>4dQ{r|fhW4{~BsFC(?nbR|910B4EH9hx@qHHo#Bq+lX!G}?66u(I-YWW_s<Ko%^I
zUWiR0Z{XZSPeD&`861DkgQfr#Hj7+t+2HZqd7?^0_5*0B<rCcj2$m3b0qV1Zg}8%O
zYC_dqkG6`0=!pP>PDp(SHiAN&aFV|!F;EnT@IgH4hbSzGggh&C0fAvrAP@c)ToI{E
zfrhWfeV(0ZS*SCN(EBE%+jLZBTWW<)cnPTLz;(NpW6Kk729zCI+eEPbE3iz+ctYfi
zWGE!OeLQ@8Xpk%pmpTcCzFogyfV_dSbdMn(8XNwz0d_QBXCK8V!?ov|6(|ov=oq$O
zq?a#Yukc(}Z1(KJ&}N8_8Bx2pK|sBab~Euc3KKCwa*0}L-%=Wy0H_Ow7Uo+PnATs9
zZ`8-S+6GKZ7zuqTp`_fG(R=3R=7P48o1at!)1lbogiuV#A23X4KVd_<N!&j0P(<ze
zj}omCet?Z%TwSfv`}KvEr4)|cl#jqnh^k;;Y_%^eUVNdMRUINTiJd0C*?sDSV-aj%
zaaC==;K_fN{VgCoGDA^mn2u4>^qW1QVq^wANZ2-*B|#Xc1oJ2`7;NM(%gW031lhHf
zt{D1qDoW@6NJWZ4hVr{e8KZljfwS@eE#<>E&dk)t_V>r#3jljggjR?*TR^FSA48Ab
zAzTzFzpB%_$plI>gmZF_z^VBoBoX%q-M!~7znH~{=rU;e78yJ2k}^EF(l;S|$s2dc
z$(fKlgqTeCn>oyP7+VYdBY~R9?<WpVn>~r002y0|drGbX^`0mkb5I-@Tc1OU#YcKh
zHt&C5KZz$60|jmyK8%oiAeR@3Nht6QKOVq+L@%%}jsQYmLZ~4~_RY3<)SP~(p;V)S
zx#Wbg*94)q6#=YT3b<lBd9v>-!Gr=uQYE=S<5k_x?|WKcQgYh_X<xcUCF|z>9WBq5
zV;NB!u;SoYi(A`<t_d^9PYesk0BfK5W`(4c8PSCsf*O>C0TAh_15rQH{q&_{24Oru
z4e0sO6f&atAkGIGhK2%2v&&HI#eGHQse<r|8$@_$LU~$6B=}slpEQCIitqW07ej*h
zwr=%9^6U#v7y4xZ@P~2i$cy<vFQ8b8C(j3n0#TrR8u*Se-Av&2LWec5$-<A;GS|mG
zuKbP=?Fm~g*qbjhwWzbnog`z;-l`E4OpXsTPB)Q>$m6|Vcs$o|i;3yND`C>lR##h_
z_SC6P%ixg~F26{bf6{%8*pc%+Ut*JID96D-A<y?POsQ*ZO9FF;@{C*zX@y4zi#usE
z`!a!wY-oOFAQl)2AkE48!uhz1M-k8ds|+n`PcASGcF9YLqhAm`u*Y~P57W}tocb8)
zm65Rvhwu(;D*n*7s^+BX#DL(c?h!B?iYOY<<6vrKWt5;#I#<C2Aw^CR1AhQ!JhVLc
zzqe8-3WwKA7$cb)M2*({paNB}TC)G)NNGQuUOec*0nkQ7K=`fb8><v(dYO~c3Ni6A
z3N`>XI0ukI(*Hr!!Q##K)P+z(hFT|AT0qMQR0nhz5kQ>rI;LZe5v(zYKSWqdX@%^b
zuoggy>B)pyB$Y_hC~lh-y-DvWd@CuOPcm1nUhRF5_wzROJsr|$w?nP1i1QO29HQr2
z<x`$#-3>urh5C=+ML2zk9SBh_h^79oRB<OfJT!akjv8UIEQJDm2ujsf=srKC<DdcY
z3b2HYxb)yBq|Jkb;sWUDEoVUCl%t~vMvSY$Y!X?9-0UDVF5fCo{4xuSY5+G8e-L!@
z+4p7DL&3?%0oyna5H6G=kW@gNl0WNCvl-hfOsBwo2GggcK8;(&X|BL-Abq0HN+Hdx
zeHoAEgsu#Cd^4~WL^ttk0$NZvB(_wEQ=G|asgca}inSf*5d#4fQ4{+us63EvUm9rU
zz$Vi)LY7YA&Ak8w)=au@=*fmpA0c%`4}+$`SNqir2>tD)nQT%c#&mXl&tTx%{ugvV
z5JVF~1_&c*KCK)1Oo((+jsu4#nJDxH)D)=W(=Htb&<#c((5pzzw$y(Y88Z8FZeLBb
zk3CNKYQU&Bqi85xn3sZj0n0(7ogEsrs``b(g-)s8en=}`y?O<cu@cy{(Ha>w8CJw-
zCavM*3_@YDQPzn_j(3QOrS6_bA}Gj`aOtk2HKtgtgZKzEaS=i+BQvun5~Oy7vNEK5
zM7?C$Bzv#WN9pwnCf>hVh%YOaaYM!_2IA~NA--v7%6|MV4$vbWA@RG}Hh_SJ-lN0|
z2Lb!_d>0!)qKT~Mzz}>#5BDtN0O5~M)NEmRss?5n>NWm|2{h7aJDfRmXzxe#uRq(g
zQrbS=#JUr5S21WMmZ3Tl0I&gp_)&`%hR$C<fATtqy*Yu0`>An!c5-0g3^3SsY&f0q
zh(FCl9Uscel?B68WZuDv^7?25G(R9A&Nb&vmCk6fflV`9R(cQbLYqo#Vq#ZPxyxiO
zzn~!XVC$-$e<#(i*Ik)<+$cLeWh%GloB8EvtE06Yu((j`X{2IEwYzL1{?zhZk%x*2
zk)oFCL;Tu3D|8gK;F3k5SYq{;Y#T1%dHNQwtPs_RU`)4KjrJN)uwQbl5f2^^_5p@X
zXIPk7=$4_d@kf>l`dp{G3B)uW@0xwuQ@7}UYc>x#2)Bk{(IML+CKlMB@-WSfY>0=w
zuc6>BOb-=>(1~=d5Ouxm+^7~n&N|63Xe8P~^^9K;trkQ85M?}iI|4;OT<wA2$9?vD
zZoWA|v|cW7mO6@-HdN|#SYgDB4Szh)DGI+2;?#gc&yvNI%VD&Uy0%j@`p9u84Y6-L
z4!5J{%pBdlInFa;L0odg_)K+(s9u4yrPT29@u~D=z~?X1Axm;k$5&K2kUQx--z6%V
zRQmwVhQt&Q3zFCkqSCuvXIWBl(F&q{Y=vJJ(N_*B&(OQ(@(A=#qJGo4`VM5vze`{Z
zKdL+Lp7(k2=Jo3vZE%}&BW?)r4^5cl{1}{-m6f@E@&Gz@aDf31+fK+@;y~*9l94c)
z_Yoc^l4B!}9D5DQbdIftb48YJ@)CyBmJItOZIng%CTx)WF`a{j7jO<9=ra)-iL@T0
zk+nPag76_}Yi4s1w#s3m3?t_Tb~9<e!Qrku75{^n77<x5yybw5qU2ot>kjOaz*u4|
z;7SU}+T6M@@!uUxsudX-8Ci6KIzwnDK?OxDZd3Yd$=PeXb1)GBj|#-#r%qzxh2sQT
z6Ho=8Dz|m7twfeivS+A{xIXE=saVA!$&C0#AXoG(tX;bn-Cw%x_P-Um#@Ef|Qc1TU
z+9N=b(jt(Navwj0#la%v7%@#89EnP9c32Jf2qm0e?zeS`vf%`y1;2C?onf1o&I3JN
zuh#_;GBJx=fTWY??~Cw!i#)_j;3l~qpMvve83IGk(brU#1?8}>MY)}=?c|cPY$m$#
z-7jPv=$a;Y)5Gf1na`D}8T`XhVS6gaDi|27BdXp1AgPG`a8b%>GOaG)Dkp-q4}u%Y
zkmVrXKLJwaN6XroWtRU^6&JU(m<Z0p{0CnH6ULYP?>O_rX(U&GvjKLipkw>D@bCtf
z9WWNi;CP^7hCOY-rTLF?3;(Dxa<5otUHrUNz4p!f_g-jX!}zq?WJ3{yr0aa&%(LF>
z9I~};&RYi++cG!Hi?Dxi1-i$GDjIk#dg6A#NIJ`SR+EbiRRU)uStt|X+ZE;Z2e$BG
zSU}&ulz@NoD(cA+cMhs$XQ|9z`D?6A+pnbYXa%k26W>h&X7vr`++pmY$NgB04l-|O
z;I3n@JXO+gJ%(0*n_ubiCjMNh7B0^ff@wlxHPVF_CHQi8T^w*c)gSo1qgjfty5d7i
z`QKUqoRMfRfdTDCqRd8BsrJ<sTO3A+Y;sbPk})_sQLOo(pO&D9dU|>&)0p>OL9&Rs
zl7ylK?tmdyOt$x7S_o19btu;0`o;u@2MA!>#z6!UP8z>M1&PuQ#7xZ)d+0Yk;c?Ao
z;<Py^=eBAbjEZ?9rLSt9a7DgD)DrUZ%=Ngb=4h@($lnJq7L=+(jp;-dh61Sqr`2`U
zPyv?QV8}g*Zi65bC|XGG9Z0;}b$UB$vvabg!yf_OAaq;K{5@n7#0~oNY5m^UHEn-w
zSqmv8H}WN@VY_OR+2C5t$4f`Abwzj%-w3U&=z1Y-wJ5TcAu{~*5^gq(sEZHVEg!C*
zhdg#GftCRB7lGe~EKq0cHgk0E1KcyhPog>`E~G#uO0!fd8+l<Q*VWyPf@Kw9hxutJ
zL~;e718uQn<ht2WFr*Q8CJi8vx*J~<g`I@uD`e|vX2y+NeF%txImkn$<^p4Rct%2p
zj<|r3#)q?%7V-kyRpss%88>cRiKcgHr^z)anF+&7nuSSwBDlA`<X_59<s00BnQ}3F
zQbBPMpa5}+xJ(i{9QO~8Nw1;s_@gJNlMAN11--TnTga$yT_<%#2tcAI$!0*dw@v$6
z#PxDIMqG>&BIzO_2ju-a(*|WuqCpA4>NuM7fnV9DjEDX}`6aMm>fzf}sCvjgg2nAu
zKEM9aN$Z8O>%Q}4=sBF5yfKhPDs;5spagI{MI2j>w-#N4fH7BfCKv)*2t*aY*)<y+
z+~2VcR58jr@QS*Vvf!p6O9L)=@aCSaawJP9u8w{@o+dh<uEyB)0JS4v3%bs9ddC^2
zT6V{%FB?F<wrDa^?b?_-+w^!7ElJKGCVM+7b_Uo*oK4c!={s*u>?F!oQ^Vn8*^Y42
z#OZe$9n#fJY+#g7M}*!v2prtWX&WdK#?V~w&mghG?AUE0&}j2m?`aT@=g>2fr_uYG
zbA`?M8F6MpFK}p!=d4NDh_);-GKFzbxE&ldxTF`IV-mmO<Tk@WmE$;Z?!{K-_wPw(
z&ivuG!n196o@qY!-cntW`e=&*RA!Z<w}OKY8JMIMpJ<zzNNv_Vyni%l(ILwBtrGeL
zz;)|2!zp`bPBSyEFJI&!k<?c^>ey@l?u~SIx<mS!V<zGU6HDFMn9irjBbVil38r5(
zLK*#lSv{n;modc0eG~J6E%)x;4OKb4Kk5Mz{4hJ({ZV;1@5%qOze82C`H!L<pHyAp
z!9%!)u83rq?t)78uBp)`e(tcGQi_*$eQR@Ns{_}hCTq+@Y^yO3_q53G@ktIgV3x3Y
z198gAA3Aishi`F^g0ttJ%Y2LioV0uade&`@CMr0_YOCXmV=Ue(eXsuA);T)#=WkZ2
z2>yQipKp1gv!}<X8Ok2KZu&3&O7d;-3MFHB{(cFVFaAQp68QRR6LZJEUrGPP!)4vS
zo5k#0e0IOz^Owcqeg6Hfn{WTi2c5ZXM_K%!(VxI5E2Wm=)2D-5e-DpZycW&>_<P?P
z0K6k>Q);C{1^#zasA{DY+9YDc|6HKPUf}F(z&cHuO%r=bFX6?D)D+Sj1QdYc2Dr(;
zCD{xundlmF3lFcC^2^8rWI~Q?m;l_7b(RErMMoj&J=UJqhiY7Y{@&l;>aQdOf6{^n
zS*0>iz$zSN@Cgy<ZSU;#fq(oqC%fSv2T%n1MvV*)1I|PNVsxpyW(7K3iQ!9&+6LJZ
z$XU=OK$=e|tw4<7+&1YL94j=Y3lBS_f6FKsOSuYDG^r@W&>km`Kqwg#K!OPLc~IRu
z<Uf=<vaB=Kvi32tF~dOel@ubTf%^;`I*cQ~lPeZ2_$@h8jY~<nE(aeAr28bdahV-b
z!Ph;GbE6H>LX@1psKx`fFV;IqZ;1^m9My>BDRE4J8|9<Sb1#mr_WSX9PHGaT3RDR~
zywP9_Omd%y@71$N!V$=Z3T-K+=7|B5gM-6jrxK*BiQ1&S2=-)X-4FOSFKS|k0|PFa
z58*CF*QxT`b()aDK;ra1Xkdxv7X*)(oF-3SfDLy*0VQ<nz(6n#M~o=f`C5nDO#pg)
zl`>98^u7`43rYlxwImi3P;>eB+6}fUIH8S#w08nh9>lq*AP`C<HYA_J>5Sfg?*2l2
zNz#6WoDKK11jZ{A3Sy;xp^FSQ9&y4WT1o_@He0Y$-oTzgCX=%Rr<~GPF`y-66C*|w
z6*g4Qs8Vz+BXHl*3rt!oh{+73a>N$GJ0gMuQ2UWb`KVRE2d`T+X$Eat43L394LFL{
z!5bP?vIqP=CGGlGBIc%lb-xmcgbws9sh9MF@Hz1Jg9rC=s3dR`j!G8-+$D7`ARFYO
zMrZRW<X#~SXZ8C6NfR{rR1|nL$3U!L_Qgvj4h0JF?gZvb6o)%3YxrS@N_<h^%?B|L
zwu3yf3glwMAQWW!D;&)*-6oAf1bX>nM2O^1?WR8EwnLCHu^1oisb@g92Qf@RicO)Q
zHQF1ON>o88mVH~;GPgo?f+iUsXwXS-tF*%?E!b5LsL9Y*vuT`qlk0A7iqlj_IQl=m
zCi8KF(0%fBtvL_k0XrE9gO^1e1f9g}(RE=id-52%b4_7xfE~f?7>Gwo(hi(BUZuw9
z${10{(j)qN0%rit!T9H6giipEPZ~hrlA{ES(;Rsn3J)o4aSvoH58;hxwikFZSvJs(
zqHWx589giIwd>w;G};h3J-H*`a7eQ9*FFxEp7>HKxM8r-^h6Ubj{D2tok-UcfHwXh
zP8m7?C-3g<p{G2Ii}S)mh=!MsQX^XGypWzzQ-}{XPQc7_-_|3|C_|nWothd1$uiNL
z!wN|rIXZEe^x6qS?f{^FZGijB@u9F4_JwOeD;&o`dz1o3+5uXK^zOlGfxv^vw$PuD
z4snWE&oatyCXvO@0J{_`hJrF_x$ozwfQumLAwngB46vzWgbKM%+*71etpJ1DUIq~T
zAQ(yHfuzF)Gcrn`D8~~nM+**d#D#p3IY}|}qIN6lAu_>(bV}hqMT4}cs;<VUTnXrK
zL^0uo059M}$x<#>(<XjR7L{S7zX^My2!#uo0z*2k&;nbGhQ`hPMmxr4K)8AXbDDGp
zs(&7;-nAdu$cgIq+nLQ_J3<X6oZg+>iv$RsX~duseW-dT7GU3U9Ba&ew2P6n`>oq`
zauWt{H9WJbee8vQ6cDAjZy#~WM3^If#v4Nu;^LN}0|8<%|I5rIV*{SEg!l)M@{`t`
z7!?#j0|Lwy(SA8XK^4{`cs<_=XviJ{t)>v8BFOTVU=?t}Qsk)BS_&Sw7ux;N=@W~m
z4@7oNLIG=7WaMgV>%O%gGwxxadw#wt78)3-qN=L2zxG)I-!)qY2w4d$TqEHy2U2p3
zA6kvLLM&bPDJqKo7K+36l>^vyDU^(=PnwWz<7^SJ%@x2E!}N9qKoBR$H1Pd3{ASPs
zg;Z>xB9E&DFG2?*0{T`7h=y1%EVeG;?Op*QZ_LTfjYVZZ>>g1-;7kdG#*+|aNQ~jE
z>JH5pPFvCxGNcb`28OFj4_<zSyAKKI`@HCYsgcF0Cc}l%K`0(YF3aIiW>{Ch=ob@H
ze+%M54&?0_n`oiZC?QlAlp7GkvhIyXfke7wQHzkjvt4>zVM&sFmSt_}!UweRL-k3z
zlv0zzVa$cwOq?n~4U{5{PQUa^6Q?cz!57<~;55WI5i&3hTQuOww^KlC2y^841dnWZ
zc$o6AR1zMOLohxO%xl<>)93EpyL5e5Ll5$LynN~4*F<$3s47XSh$|RGSgdz-jdNy^
z<deBII4P076L^qNDU>N5F<1$d-n<0S@#`0^;jmgCgo$R{4D&fPv}ZM#fIh(<ByqXd
zHZCG|36KTEYQbS=Cnsq@Ni1e5dQT&ZGduN~hPyl6Wn%*2v3X*rLDCGKwe#!WnNrM7
zDS#L7_JnXEfV+tR@OVNH&S`$1f!o94)Ttw}%BzT70PJ$m<$GkBn*j(8*0mWF>1Brt
z_u#2O+Jiyt0U%Oi(F~8Ca`T&Wpqw72q^yF?e@%)J8(7K(=I0e<Wzire1+ofrBvH}?
zz*d19;^erUbnwC^*gX^oRBqfN+%J$upc}{&I%RU=<B-;5-!mbAE+Vq(h)of$88@Kx
z*Bhi+iohgF$L8o})|j~ML|sD2&NjpQI97$P6h3>vgHZ-%Dr@VK_0&yIq#Wcefe!Wv
z-jZE)%hlrKNdb<Vs?fxUP7cmLB@;b;W%Y6TlL1XYO~_axGbSDu0qsTSQ2^e4Ezsw`
zf{vJYeQ9d0B})q25SENu+?L3I0D5#hp#yWJ!Wts6LknjsehraRA*n>&hs~3e_VXJ~
zWIq6J#0nkGS&Ru9O$`mChm3}SlN9L$Bj)5>ZD%*3X}&G#FbYiKFh@?lgS;3U9Cn9-
z*1=*JV)-AFdZys9oUVt=9s&8o3hkEtP}?%#eWlp~l^qx2v~FLU&9;_9eG06h2rHT}
z{GtXZjQzpbz<z6q{5)-u`<BM!u_eT#^tnxoarfS<dLX)pQ9h*zj7;g7PI;HLw%~Xv
zN4ob8gGYu!kU~MCOAO|Tv_47OAEuYYL<>|oWFHWyE`_B#u}YO!QAud{F-p4TU6O3X
zAbOatBG%V<g$nTSP$SXx-b4#8P%7o1jVt*064p)(p!WnoblFlvFFKYTAQdseh80B3
z2EYu1KroIY*NQtlv5dH2ku0gXxta8ZAkPxTm>8_3cAPHIrSC^rfiKB2^tue?AmExo
zRE)sk1E^Yp!$4h~foyVERS-NK{@`3l(sU&?pUEG%{1`y{?Ih&2Ko%dOuq0eKlBpX|
z(VXBY15i#!^y)~%C=YQOAu^F1jJPACFNOG~0)cCzRkVOuf78vss)&U{#|7;t`ow&<
z2&{Qkk``YemmDV%Wx!7GRFtzfvcZy~qKALw6WKO4kM>L1fw$O6=@|S4dYjA!0eZ`p
z&2msQ9GHA&rqIyF196%}8j7TVLcw<o+#tRhv;vtUO*~()hypr)LcxfBBs%oKq+R;;
zDO+~yEOKF`x@pv+(+!C$+&A5}Tce%luJlT0N^LJ=J}25?2G9;8!0@}UzcqR5HiHi2
z4${)nX~0OcZ{>k@=9-_Mv3d7kFB9d){riifPK=B;K&$E8KKyG8SA|ed(jPh-o`hif
zg+n|J6ZTQglZyti*k1-*B`qJ4QH~=P5T8+-xI8TFeZt}3_NZU0^UETEgH+Zg&dI?U
z{bJ-chxlQOR<~nx3SKc6es*-|^akuRCel@yI?+NwLj1Y0P34i6VV28??%Ra=dO&0V
z`9tm4AG!Yn7ohkT`dw;ug=FF&9A2$p0iq9&&_&SVS65dnME*{K7S&Bib&`iyU(-hV
zBuV7-$fx(=zqe8wap<i6<5upx1gTu<o&?{n_k^?|Cnj!hr4%#yH~$o^TM1D>f-Cr+
z;niNgT^_IgE_F3TmnyhzqTQJC*Zxtu)WuwMpbVrQmSpiTG=m{%^zZ7^(9)v55v8xK
zrB#Ao4_9QI>y>+V!dI0{@BRDrXlKxGh`|hUXDG--26o_PFB3WO-C23`C&DG=NASU=
z^BhSM=+Z-6&G_1eMR4T&zpe%Q>tTGnHz0vOQj!i1*vipdTSOR0Y*gKWw_=vHukk<M
zpjwbPaY9&+4w)x;&{|Hn{>iB!@}*VTx|VTU#h%}4NMBz%)15bc|N2wwl3(ci|5m~O
zUxo_ScW_V;b@Go*#EOL5(JI|>`9fRdvu;Cmg8Rg}>Y1VFW~=Lg2MJIx&G6g&n+aHG
zEEWN-vpEDy5%1bR%2l!rK6QUykN&@+5&xIJ%m0KuV$AmDt}Orc`MXX2yNjK|VN*FC
zK0&WaF8(mO-l3S-WB%OXJ+J;HJMa1%>2dv1cE+2+gy|g^G(v-mJIw|PJkIyD$9}SX
z+n<in93@X8SUBYlADJ{34lns)v12u-<aoI)A207K`~ZVv=F71^c2&AEy4)#zlvlzZ
z($F9=x?#u0h+K)bnxu=W6LZ?r-<tB+{Cs7V7cX?q2T`7}S=PKdJwxVf@3dLFh!I%v
zN-3d0_Py(HygLe79D8wrx<tik#JJm`Ue!v?07>x`j<d!+4H%Sswt+qHePQbUs&2Pz
z-E(Ik>iJ&NG!k+9*uAJFdYgNTs<~SV9faQ<JhY?cRI5~gBKOVX4M!N9&I~Kv4L+9b
zvdg`0e!R}yu+Wsg@p76%r*KeL<NFmn%7@F#0`yqM&(yzKZsqQxGufX|q(kTTGg)uJ
zJNu*lrT#Wr#|kP;3cvFD#ItP90iO@muhx&tq`Z|1-1()zTqJP4cxe)oV|9|2l$Z6u
z<Cd*kwwQimb|p7i$?nv<2sYn$?@rOpJUN=h*eBW0S{-ZeHBfKU;C?PFA8^ZNmx*2j
z-MeceY%YkbWpt)n%*dvL!D2GUAG}XJ6RF!!XtPWA=}})#&n<Ao@t;XdN(xmw`*dED
zHqS+<EOadO&z(APO3t<KhpmId@<k*>PBBh3wAt`Q+zW>>8xW>l<UUpErN*8KDOW0R
z9Xra-UgME+XhJ+y-GD1|;EWf%Qo>&#JUrQ1A16Q`a9CobaIPV{Q~Z+XfZGsLVaeTH
zY^8nR777RC0w*W=$~YI0hz3SUFa@m^lW;n}A#D2;d`^dOl4%$Y_zcqA$bSFs-BMoO
z#T#`%O-;pPxi`2CSOIz$KewwLnC)CDpX_kC_uHJ{^K%B&&dxGla~Px3J`ORRYVEJ1
zR|$&bzmSKN8uNcAl|}RV^AQ`jEdq^Qa(@Yjo4<LsDRBL-RpNRoUEOv2k)G}_pSG__
zjOOVNzjJ$~N#TL66a8))=JA^ads<9ZGH^;RXA`$+_%c!P_3Aa`2`t$haxUxVmap`|
zQwrpi;#jfbfRY)uxM!9%7Ya@Rrxu%{^ZS*)Rs2ZGFtu)?IdkS0#f^?-_nN#t%rZ~D
z9k*x?Dp3gvsCXdDu{z4Mz4}D}&jSa?w%MuKGqt8PL1uNmN@#alQuo|>aAf$h%~3s7
zRRQuyH{=#{HMz3G(En)f-k=~CN}-0<@#=5u=4ht<V>fAOYKl6SOY0lHD8`oCXV<4E
zkr0ybq1-=oL+kgwYh^g511^Wxgdt+uuUbcK)g(K(VUN<mhAr5Y&riv1l$fN+^A5Zg
z;p{rgoCC+WE)D4i$Cgu5o><Qu?;2d8)F!eGrOv6rbz)R#W?}sn!P2Iuo2o5PlE=jw
zdy!2gXKYA8yT;kp=zul<S!~at`~~i>FIoI#=e%L!=16gKF67#0qbJhPFjf|sPgDIl
zy7114Zt>$1NdJQ7shveDU2p1#`*i-L|0Tz~<MH*u(e>NMKPD#5u!~;UxzS-&>G1(k
z`&kL9kC7Iy@clTYeaqerxN6_=H~jj-{_@+r$8&KHw|@}!zztXV<(pcp6&E^oxA^Bm
z4*X+%Oh>}j=r@hOdJ}T0%sO18#Vz2z_)C2WKj$qA_YR~xl{qv>t#;G0Q9rw4^>)$t
zC6bbj>{Tr+)HFF}9o?=Wd+>#wzec1z@=O{ya6tWL#N0-)I@T%-roE}5=(O-n9OK<|
z)BEHu{#+t0tztG?dY7WwuL$n@j-<12Z|_V=+4~Kzj7FN^c<aeocTOJx#d~!W<y819
z{j|YTm?DxMiS<yD63p<@V7%PZra;R+h{WRP64zpz8s^apoR0>bgpv-+PhHHA|Gss}
z?NFVDp7O`NUy}?g9@iGOmcGeon5-0&7}eYuF(W+lZEl94`h5%;60Y&om?LnIBk)5+
zQ$Ul=x0lp1`S;FuTLi?qJ`lQ)rxTniVK>j+|J6_6`K(sLhgY~xEEDtI$#uQ~jz>>K
z6;HHb$&>3n=`z9db$XKd>IW2m7nV*R?}MVT0X*bYn35c5cUF#yanuN3su1>glyAD9
z<rO%DztpZCX_GyCIA~v?OMh{GqG0joN2gzvl^HY?SjTR9t?4y#DwuA3{K~$w?^@hP
zEuOW?S$U^9)UH*y5l6=+vXKqi25!%&8O7I*H@D0V{7~4;H<Paa^UG%y&&=C2?y<4?
z=cj9;&3c|c>)w1c@BGnOr%h)Qs#1?heGk8$?Ad8BR6K6IVVPQGf7^Jzqq|p+-bdQ2
zBDXwca<gg0#OmCS-s7fyroH(@=hNae)8?(uGlVX`iQDEL{PDQy*yFA4LIX)_SgsnN
z)tq(bCr*Lecf*F|(=vO7m)aQc<-I<zhWng1JwyL7rXQb}O<%83H+>bH;q{=mV&CXD
z!F?YipBLXO$t`;clOF!aa4o*o{Fx)Q&mV1RVG`P&8!$7_l&dp1v`&b8{`Vmca<6C&
zGqi7X$go86D$%1=h&hH^gx+09$Nv1lJ>nbCyLa364>S|0D^NdfA8%-T8?kG~2=3YE
zihpVOEPmI(Um>1vLMp-=z4ctD$1dvS=sI4Zq0e`eT49@>?HT^UuQ+=bFMV^f2Og0C
z`2vmEHX^e-1{^nU@3?kjg8M*@a}QCKZ9Q6GuSu>%S7_mYbm4&&b{Isx;rrV-E%!}o
zEYEG4_{p2dBjTI?DzcKJTgS|iJ}Q9PR0<PZXOe16po{TZh>+%Q*82JLXR*n5SGv7l
zg1xG4v@C^+Z1cRv{`85HuWaM6HRaHm#$5NrSinWNi)UB7`dZDXX0~&4&c<+$h-gqD
z7r-vlsAnI>D0t$L3^TqJ+dSPu#$PXb>gI)vKe|UXWeby@r{au26>@R#<rLf^>&Hy4
zfGjQCKU)3W>iW+nRmk-|%S!-46uiSe&F6goJI0~;?Z3Y4K3zrGEVC!RMmE#BXSrz&
zzlp;1PJ`D6gIQ8dWMZqvk44{KhWqv7gdFSg)xCUYn_ep90gBb96SsN5bRkNPkz8a~
zQ~e>bM$0kG^{?*+%1_Ac930)qFUzI&SnJEhk=mKK*1X%=y5FP3{d8()o@PqMABy0A
zVl*@2*k@;@E5dU2>=Q4n(K1(ax`n0lqaJDIGa}?0VJdCeF#U9I@W`B(vtzdZ$G~@^
z`eeC`H^@Z(tp#}P!peu0w742-D;JoS8azJ#>nT%NoyMf`11ytQZ{BFwPquoK9ana3
zB;YICz;LH=P2BK&3qwq{e_;aZs>MMya{Mwf)Tn^mf`XoZno|xMRL05pFxiNyuhGR%
zC3slnv}gb7lH(r>cI=*ANhXy_6tSH8@KfF9>uA%JoZPW}Gvo1#*xXeb?bM?NLR!M%
z?M(wNp0OTT#iwt5LLxzH>@gD!1wdMQKWu+j+R~+IiAbS5TKntQy2QAr!3pYGXu~wD
z`>bhsOhaRWal?k-?<LDINU`X3;$}#N{H*HF32ZF1YuQ}$bYb1{Q9C6Joq=9RYxn6R
zTqwm#BBZL>#jmgvXb=GQ@f$u;E=_q_($7sxrrWNHik^w9`k=?L*I~)Yc<a(R$Gwf*
zygwPy7F6aez5FGa*Ql4xyK+?zi-Fn`iN~b|y36WwakX71t5>9_+X`e;QH=BKuhB4=
zRp-56q`)3)gP`uYqF_0vfRD1t0dy<^4{h6*pKgA#f&vp$cGQ#W%qv!U1O<r!dP^Ja
z%wiX-p*C@@U5`x2+HgZa$99u+DjX|=9pO_w(RW>Hm)kA`*7)Z*vu!upz5U{Sojwuy
zd6|w+xqOY!=hgyU_l`*E{v2QV>6HISU*PP`H`|TGN;;!9_&RUdGHQ2_y_1Z@JbgyT
zCnF@nJ}O*U{VA{8?B!o{Gbi1-TnzKpW9pab+vNS+uZAr~Oszhzx~5k5FnnZFFN2h(
z*%bA3uDp>Ez1y&?wweh81D9;^`}=lB@?Y}ewkI74N;xD>k?(jL`u(_#*TUScMxhh+
zE;%nGiyLzGlIig+-y`AlS~4{fUTS{KQA!@j<@)vOCu4Nzho<y3Bi=^d-@0x4y!dsj
ze)Ukvx7~+kA_mT@AB>V@rD2#`(G)qCX4bKs%)pVKH%zTif1ogNE`sVuu(H$T#tdx%
zuUL;&k2Kezh|oPj_q?D$`0(7oMp*HfS~e<wZ%MzUf2j`xT~|>kyw-+(m}e2AepC5Z
zE~w+`1Z5SK4bYrpo`v3>wkHSUR9S{*ufjA_xL>rbjk7)2Jc06qZ^fS7HB>*;k7Z_L
z38g<6+u(ubLC^JZTXuye!ET%4TPTg^&Y~8!OaXTYPmY>$;e!9+txlg`wzWrX5}#P6
z9QZ)!+{f3i_xA^|(N!R!ihb2N7I1rP(ss${*ku+M(LK8-pEPXyPAR=;h!t2?!Ph!)
zKbyt4CML;X6%e5tfBC1X$72>}_|>ah_l#w=3ngRSZ59!6wM=>@2CntctnkiZPH1bW
z@rWt%_LEy{9>@8dd>>fqd`@Y9Ou$v2*|~vc55EI~r!9Ymqc*sv7M{9!N0G@_xwb1?
z40nH2XO5I|Wekqm()y`mHtE;ZtD5ZDXU9Lf*nK~4G9G>+vC+hB_F{8ZWxYjeyAFc$
zCxSJJj11qnJGIil;LDxD<LkEEniZwpyZ6P8GqH`0F3YUAEUom|3YnHt{rt(X=2?$j
zZ^H{V7J<|JPp;`l?^`z7)3jl3db}K|{|>7w^Sdvr_{4}zCFy28o@{wLePp8l=j#wv
z#x*%>(MwnAX<INk-SfPx{3r}<ZC8CkjgZ!RPWasCsw#O51G;fTe>mT8F$1#r`2JSn
z+J*b2kGtpe>adb7&m4o-5CCtL{VH;93lAvL&iCjR3_@%>-mcoRRfeS{M>yn-Mn?Q<
z<?9={IR$B#0HN4n@rnOnq$G`r-3~2&$Ejyi`h}a>kvUf98=VT|65pspKbHFm(|vsx
z*An9*3bUZFYD1k$gk;wFA6+Z(<#OLu)F<oFAT%2Eremzg;GpT7*q!h!cy6=G9Z4+I
zV=UH9E(Rx}+)cLVkdeQ(Oef81{k_@(R@T`x#9T12NJ>8UtuYZRtnLZj5r+rY6pn3_
zvyE?P4++r%C??3;)7HktmV5YtKsvM`^w{i*Ma2e6<A;Pg*qkjy_S=U@R8Ge%v#{px
z9goO8U7hDQIdw+$ad9OEV$1K}zr}mX9#+#|{WKfo_U>JF?_MqQtu2h%1I5+N>*eQ9
z$8ot%vQAGsDD@OLvxO9{Gx#y{sVUyjm5Org+xoxMDv!MUcwa!xr2f<6)ra0&-Vw79
z3JhEy_9B%>Mg5^g<;gPM;{|tHeZKSXZVN1CUP`s|?m?$$OpWYAVBvr;P*5ydU;m8r
z>++Wy&OXV7$LINj4|dbLZd|eLN?~Fm4g8Q^Qih{!z3Sh=ean7$3uBhmFF~7}TauwN
z;+2NF3Nf>X%yq`*9YZ9WbqZnRqUc38<vJ+3)6#dd@f>5$i9M9oE-pUNlcPsg4xeY6
z$j%rD26+l;Dl1(FCcVJ*$l2>yZV9tlZGC;o=$ZB%4!0TN4@U*8+K_Gbt}9v~8yK2a
z#Uc!|pn!NB!W&fjxc2_w%zTOc^zLQV)eJkXcAxe1377SHpOsB5HusVmIuwc<D(Ru{
z_sxf87}riqp>SEfh+CJi80WP~y<;L}gZLE*Rw2WnJTv8Yzq;#+B3_?Heh>fMxbzbz
zq=Df_PF8j%X>~GJJ~p66%}dCj05fIp(705n*Gh^W3bTqBcz|O4EAEq7!c#*dgG~b6
zR4C?D0RP9t^tbnZDTKA7Is9B`D_x9z@Grj>a(TQr+Se*tb?8j~)~qtzb5c^FqEG~j
zCMZY`9z!ST2?$ZhbXMUH+b<Y5Z#ity!KzX#_9)K6_l+tXWF)h!FnoTIZ%4vM&pIEN
znYnWJxvvz;nycc58=Yw>S(d*xBiO~na$&Bqnc8{&4-vV(tP2M%#6-_{p}1RqBkE`%
ziqcJTwzqEHT(M_Q*3LqWoXq){)KuZ1Et$RNf?6iH7!zot_(zBRvz7F+mvav&1F=os
z?Oq+1Ewf~a9{1j<ZA%r3QjF{{;3jtTPG;t%v(0PWZ&b~(cXS@>m5p*e=Now?Oyd0D
zoyl+gGBmAyyH?kyegpj`2F3XGg$UVTG3!9J>skg}bW-P;@gvVow3uu(o0RDFwEdb#
z#b8?*J>(J8GcIz0&4;g$CAc}7@L7IvkTg3~^%RsaW}%h^pA&lW=+9a-wOO0|c%tQg
z&5-akAX?G$m)3h?7huFKldWxV`l%L$%rn-6zmN-#Qcln_>#0fK9<*`$^aWN5`>sZs
z+=-2DFCFH6t5G}a13$vK6^*E$H9E#@+yE<w-|*Hc1N}?IZBZwAF6psvj96|u+VE>K
zuYd|3+^RCqwG!Yve@+6Z$HV&;HV5yuiOidwJ=aXtUcS0yc3EXrN#iQ1edDYKf~#Je
zd{#9vVJn<}9{bmnOMx+M^GkZME6ziM-+AKFVZcxCAu|)x;`W_g=89xY%s}jwK3A3Z
zP=K?Rm%l%LN{$k+L^n_481}<8s*IaqVXJ+NIlDTfX>q%b{$M)<oJGh)j0*@wj8E1E
zT#j!AjnD%xJf+b~>~4M`CtqDW!qw22_}sWT*}D4k=d!mQ^l4Uh><;?5fDxHfjc1JF
zo;}v9FHMW)1op6un&vv54_%+rH;K?tqm4RE$E&k=Qd@GCp)e+B%8RQs>>I>=Vn1&>
zIQi4@((KFa>&4GeR$ZSxlc}M>P!&^F$iocXIN94ybG-P7El~0C7I3gq;tz9rSk>FS
zimpfNs<i5Z=_jeFtHYbe*(II0XHU^2UOGpAyUygDRCYzN>+~a}7eX(ucqY`JUb#*Z
zG-@zf=#Ap1RX<mJgGbPTw65md262VLw>F+^jhSLV_9O^Iak+{Y4MA+V1Hcp(u2xPT
z_cX}~WRY9&9q&7&Cghm-QC{>a^^d3NUvR1pMln$YH`u+Kb)h<XY-8)Erh*!Y(6MO4
zX$SphLbPGJsq9koM(<{?EXmBAkMNGTb7!SWg2H68>*n(79K475gzd|n#jQ32iP<DD
zEgL2r$rtocJN`c{&|`3^-eH<2;-1~_4kTxC<$brttWi<tMv2+6dL5+YE3U8KbL6aI
z#g)nSh9t9v9VEX;?&t5?dh4$moc0Huc<hu<!Uc3Xe7zK7wX5H~BaI6k8ZTC?coP)_
z(UI}n$o-=)?W3v_x?Dyrc3ajY=E2qA;oMZ`!uhV(wzHY93r8b<g@oL>v(&NT8UX?Y
z^3Qs7DcYfFd-qO(y?*MW>E8#=aLFz*4M^3Rzht=jeZCVC62*P`n@v}HUGjt2m|@+z
zGra)FZwLP#@DrnM3^k~z&Ab_OVX<gR9~|!vzS379Fp!3Y;w!8A8_llf`&jyjMa=rB
zakFU^O$=;|az^X9I><1JYLx)3-%ju34gZIn0fpk{cVLIrDK9|Vg(1TP5M=mxlR|;y
z3`<qQzN<kh3HbOWgEeGvWeyO`<fTv-hsx-D&-9%X<BS!6%f9b9aW-j2@(;u=vm9?8
zNzI3^@n~J8@PP}%S`Fj9KET04gRf2vZ!K4UumV3$!|#N!oHkolHjY!TF{2yeHgX{q
z!A#5r3ssR)1KrbX{Il<zxyD$8O=_($C4@_4k)4{4txIVMe3(@js`d>Vy2RU|RV_rM
zIp@hl^=gGRRjD5DrBd3RD<1adIn(xS56J#P19$Ih-+2nIrkH>JyerMre23V=%e4y0
zEFr}<n&%8;oF-|(hVDlS)U4)A0X6THZtmTd@v-}{(>ss`zJ6Cd%~cdz#f#}r#`Cgw
z?;4CKn-q(ZvKW(ny5J*UYh@6*0F_Af{c8RJ3LZhC69)Y#Xk{4Q9H_0SX;zy9F5axV
zcWYL=_07r-`*~@a3om9PYNP#odpm9REVt<Fv#uXY&3`Y8McSJcd`SJH+kWnA(ce!A
zgwF`~XG`6z#yE^$Mk0E5!PCYh91Gsb5fT=84bXHfgj3M_c{rdqf1*5{Un;?-=Y^K;
zz{s>Kt#*Fc!1NU6wGOOalo!v@ykD^0cBOB1$<OVZ)1LQvgz$azZ^Cg(1qAp~`uSq@
zYssYpahlu0p6W9I+dtpk=ePY;bXizLWF*zX7pk;pwkjf>3JnG3>ghB2l5_p7(dOrE
zN4&8Y37n79dT8d2)+zI{x2pyRH~K}cp0k~NJ*3&Bu}N~8YF7EsH6Y5PTwMW3->JwX
zJuI4)*!D$00ZS|7sBXwbd}_9(Kn%VND}wfD9v#wFDhhz&9hW9Oxi9|@Ksli8`HPVy
z>F4H7zMJhQ5bZT1E-oO`Y}s<o_uOrGKTe;z*UK&~bn<Oitjf^V@=c*{cMSNHb$u<<
zh(3!m&AQ31q}G{M($3bi{)VX8hR}%Y`XqYd;wfs;xDimUQp<b^n8pt7z9Uy;V5LV7
zJlhnIw8!$`;!r{HQgh=3hTE5%(TQ-SmH*^>W6urZ+{Xcl%ZZriZJEE-_U@h2@+ea#
z2vNwpqI1UsD)<G(MYpXha0#h;^OY*L{2<XQ<fJ?j%M(C)z^fjyia^)n>&QKdRvK|-
z@_%Kd_`O?pDM2oq83Hzks+Qe}IJUg~-CcTumJ6jEMU%FP#B{}h(O=@s2)5|%Y$<SR
zS6;f@G5A{Obt#ZgOWXNAl)k@@5??JW^%W3v=C`XD3O%oR%vO~ZuaLUZuj4y~-={x5
zB1!TGY-dJ}xreWrkLk=XQ+j9S)&MFmX?!01iP6R@N=j5TeQ^EG<+z{{97@F{A}n7_
zkTL<(?)p{5^;~A=J9whDjBTQ#E65*;UdgrMIRhvbl-@<3*FPrm>#n~3rBUjG5wdLf
zsA?SWg=ZUe&6-SfG)-3Hy0C7_=Emn-Xd~Wn3=VgwQHtW!>Qy5?%ywrT1z6k5K~q%y
zhI+(BKM=Wi;^-_d*yP`%l@}Ct#Rsd@3!9h&90}rVUIDtM?YW}QLaFy<wX~D9+@7BE
zL0w%m6gPy9@8@b{dK;dz-giBQKIDZWLUz5yDEQAO-w`#+6`y(c>pkJciMA!0?JICu
zI?1lDo^2gjGd{!mx?>5FX2q{A{a=;tWS;TbUYJsxxy`)Hq%kxL6#cm%&~`r~n%cX*
zM@+i>6tDW6>{nB>JCI{xyZ7p$qUsVU(^E|x87D>72CE%DtT5?S*-)^DHiYkb`E*tQ
z6-9+%pmaJ*&A&A2UYNJ7xp(`IAsHMAK3^_UZ>Dw6nJao_&Mtd)%|5$x@(DrK>E}vV
zhnx=G6{86i(B0oKV6>ycRX|holmBg-(~|~%q8lY=`H%n<bE#a3G5B0=_66Y9>-Wyr
z;sQF`N~3bC(_VGzzpyk<>g>DRy>=;;R>DW6SnsIzs%zGhru{45-QzfNLR<GhJ<ryy
zELg4{$pO?s9IL#7Cn$kYlM(xtqzE}b%<M7JG*~@e$G*#fp8#30K6YlkcTDMq1Ov3x
zk|o8S7%jmV<&cVr;`g;0(uWORU?-S&|EQjH9<YIEs`#46RL@Lko%a%u3hc6GYXbrO
zeD`P)ow~0facNS*aJS783dt^kj7W>6n)v7Ex|Vs|(eM3cM@vE9-t`|pn5BLFlm>s+
zcJ+N_n!mUNR77BkQC-oOH>+t@&r>01-(&k}VsL~bP%g+5uAk)+uJdaH1BV9&NMvn(
z_m`0PwqM%-Hkf@bj}o;Q=I{ODcw}=wcm?yX4W?*Ysgt<s^i=;a6*k0;g;|8A<t>M~
zf?Fo$b$e;6+nyYqqnEU^4E8W>+Tq%~61Le1uVq1*mc=1CYKmtePnW^WEd9i<LMuO6
zgeE`$4LL6Bp3gpC>p0HI9Cde@ap!dS_(7o?2(&$%$80BCuRJkeaU0v<4#O}b%cjsV
z3#JfVRIc(zznW99RO^o)KZ2P{`zaU#_2SwU>q71CD?0;%T-^Gk#?5BxvKlh1m>l%4
zD1hr!b#`H5toFISsM^#V><b)9)KH}P1FsR<l_LLF*T9_}AJ`!Ds6t76icjjnUPp!R
z4JbO>r^k%$h&pdXV(STmaFVj8?7C#fzT9!#3&#_9%ZehZR5}asv-(^SQrR?=J9jeo
zIXHN$YH3aMOL<O@$(6XxrveAy#wZ{E<*T~eUsp5j*k#QV_NB6#71=08?XBA6dM^Wr
z84OLHO9uWY&{W`Dc2^_gSkHzZ6)o|hlWpjQqsh4}xb|~=kQaKqy6eS@^i0C6oyApX
ztk6r$Nu=xI0f)`Lkip{P-3&M$Ng3|#J$9aN=gWf@$%c9$^B@;BpG;G@@z<6eD7^tg
zz>(rUU4>vSr?T>@>d&b(KsJw?R<G!5a`n1V)lz0&`H4m~x8P}0l(t{Slm7uBb0*h#
zFEMggtcIha{i=Q%EO}s9MBwzyLJP2&Y0vX-cjRoAXJ%y`fot`p?gnHGc2ty`b_3A?
zS7}h{g92WjnfW+YtKte>RI*Mo9fkJjv-Pry%O5Jz?4rnL#4De!Dp~`q^n-}t&h_sX
z4wxx7=li4{EAak!;~EjDW<Fjp3VN*FrzJl>QW9sUo@qU^6>#xNsiuB`S`9#-^{FlU
zoo1P8p4x0`j-|60XbjeHQA9yN&%t30j5R>Uk%1eua1YAuRmiJezT9JaT3_Ai<l~q}
zJtmF2(jlK;0hR|&>zk!!_FC50>HU(`s|$xvED*J+?bO@Ll%hT<jq{gni%b?~seZk!
zeYTZ3D|0t22+xmyHKA-8hoo*g$95GNyCa|hfO}}C2*cgGA7Q9>eTqIzf&0yZ<B7wE
zg%37n0@@K3U5C0n+A!-`iXRKx1UpL7p^9`Z$}p3|`t{vq{YHb%uSTUT)-r`uw~kCJ
z6$A&X7qy7n2<B};?zMjBu8d7Le>^>-8@BW{f_wT2gEhGKRq<J(ZnGm=PP6M@SBA_p
zRWQNwa-UlA%eR-eX(efHO+QO%NWX}=BrP64-v=In3U;lz!~X(?-o7LQA&BR9!Jd?L
z>uUsu!<v`GjZs<DXFsvXKk&dp2O3>z*GOvls~hNAOjH&m{BH8(m3^ETklPRW)RE*c
z+2Yk3l`#7!Iw3*uocf_dD)?&(1=FQoHRQa==>xHR`g6JdtkcZ+F|?w<Nr9kGWiiWI
z0-Ctbsl;5(m|bdyfB@x#pVd#6ZQ|XW_x9`&`26BXmO52Yd&P>b#*Utyp$rsKONX@{
znVdef4`PEmJI`e9(@bxDaq9Hsz#j1(iS$579zFVD7KLeQ>+SD`>;2THl=VFA-X*$u
z^NNw5A}|kJ{_bFtyl^;=cy`xb2c0v{FBBcMAiAV3-+sTODvc9AJ^mq2e&yIYU$`a_
z=(^)d?c=!M&`P%BbLGc{jy-4Pr2a-goQ`%s->#BUBC4u()mAV&!eVGxOE81a@qycS
z?n&Q)z517`gFlLqSWBH+rVCK8D&#&li7{zu7U0s7H;_Vid)uVnE~SE}M%k?J0rqzD
z%J4s{cJQFUaKtk<K4?mhfAzeppJlfB;K5<0Cp`;y>5i@kGYpZUJCPbY46V@CG2{P0
zmc*}m4%+5CI_NM-j&Z)AYQ62-4@L$(kBzd$1azOc?MYr@JmWC?w94TgWewZH(#twd
zYD3AF1#%1Yp3WVMf7Yz~z~V&<UAI8eDzB}42@ipJwsqdm?)Mcr0qwq5(DSgILjs{~
zqj%3cP4w-j$p83udh|;FwsVEfd~|cuk^xZz`;|$q5-EGgEB@pj?Wd_zHZtN1DG=N9
z@3tDZDNf6|u>Iu~A@doveyyj?vDlF4qSlBXzBVg&XXOwl<)eag8gG}L(?B8ZeX)6=
zb0YTrWo0r7eT`G~62ko}pm>3*mMEh`djxvM^v3Q=jLdKiU8dPJx$=!`>@fDKK&XkK
z$+`M*HFBJW3!8Y{O<IATBezG765zHgxqi>|(P)uG!i9t_{h)OA>_+e4JD$p`<Wwqx
ztSg<2(OOsXicf+(&D*KxR_$-Tjwx4qXD)@Q**Gp;nz|pQAEZh~+5MZ)fo~cG7%=ug
zh_XI&+FF=cfL1A+PvfBs*N;{Tn*Io~vY|OUeVGQa0sP3zZTf{hhZ;?-Ev^AnrTv!0
z1+K%_|7CE-sRj4zm&LLCIDCRP`YdXGS&^L^nQ`Djx<S{EKLoHn4ZQL8wY@il+M?AC
z-8Fkd+m^dQYz)Dz+R@LLaLS~Y${IDO$*O33>sHi00CtvjPe}XLiI<O_jp)|Bgb%_>
zYLA!tc_&tpK~JHo0TK5e_d1{_vK@5~r0x(w3nBe2`Ie%WbeXL_?3uBN*E7pH`Lk!G
zLAwQH&K+vg);(vdZLRq2WtQ!)3-bZi!p3?2NIm^{XpDB-xC6w&P^wiT#(70~Twz5y
z7Q4tU7Z+y(bc#7WqLfVlD~E>E(ag+4DatryfMm%Xq6`EqZazLX#0fGa`cl0MpmpUZ
z34_yqPs8Yc1YZ)Gy~VD>-=nqc%|y7!NEBb#xA#Lc^E~$BLas}@SFo7$rw@gv_y)T!
zL7xKq`Z^{PU9CHKTu+YXGpa|$Zvs&YI_OnWxb<BoON;#Z$FfX7?W-~m%)f9MY~5^T
zz7TP4u6vgrrvK&DtMybuc>4+$C*k~a$-DV=*C%VkQ_?MZQr9L(u?ZKZA&KDWEz*E_
zpaQ@<AoZme=eqOn-@YBV?eovpU!QMlek5Awzw7$x94T0s0#a}cuz8_V{-01O!Cs!5
ze+_<)F?j7VzcK%T%=f-shd1u6d7HEM)2E&Od3`Jt$;*~7`tvSvJxn2*lSkX;1^Adl
zvtXRhP#OMSrQup^mucVfg}qc13Oucz94(+gMH3C!4+58M94~ai40^8`b8AW5#x8OC
zQ8B$96r*0RBAu(Dd?J!4jp_-F+~)<V=~kytw<ajfH*j59N-eG2+BEPp)*_&dN#v~=
ze~^XUMF_CmP?ACnre)eF_;5BaG)ow1L6O@RaCSb5A`B3}cmiA&zV%R}!vWeRvl0=b
z^vQ%TZOo0I@*1(CT8bsFoTWE!Kbe-n<)%a>$ow1!%iFixgC1M6OF8gAUplZ46?x8;
zIo^YXmfOdp(dhEf#N^b<!9hi+k+4wAKJ+GGe+|rnl&GqCryi)J+^mR0AW=JMt=p`I
z&$6h?momSL7xzTXx6;UbyGJnM&+$`lDqiO<q()6zzDP<sgUGqB#9JxhrC{t6_1Y%}
z)G3BpMZjh$6iD3CkeNjq$BLflk|-^e7WmX+vNgO?19wpQ`rYM#1wH%eN&?Tc`}cMN
zJTY<pvL3~=GV1D~tIpI1AMA)ZXifFjWlqPLH;6-qIl#s68Y2&%IZ~z5&9f~xV?tZ1
zpZ%=`cq)7G{UWH@Eu12vhR&QlyC9_Ba!>5Ny8d&kiLFqM3GuR<=;X{6<D5S~T(cLV
zsB6hHYmjQOg2$sU=iBYtm2tjZ*;Cc(9tK8CX)>wK$n6&p$BM(TYd3Kr$g}G+I>2R>
zpn)aL8jI)}V?G~T4pn$~J`>4t%D(}82vm6e|JSqozpG^9H5QwmtD68t&i$6;0y)%J
zL=K(J)~~yZ-e@H>Oi?JL*>~^S7<Do%Z34s67#aVFwXq8sHP-zjP6j~vANr507rx|9
zOh)!BEVO6m+og%_5?gt{DsiJvoaehUAB4o5c6VMpto1fp_CU-=Z`tCFvYPyj``&HT
z9Qr=u7o$yUwBCDF1~hB~`7MQVvv~!p?u(Z{ni;!bn^fO3<|G>#T;J0-Hg!}uIPzn?
z)^7>%*?9LD0%|V48V)W~BA2=NO213z|N8;p|C;S$VaCA2->=e>0{rk4{quUSeT4L!
z|9;(1ddUCJo5ZvfH2!|i{(pVYYaVVXsr$$yiVrL9=d}IjcS&>0F3euUWNLdoXY@Cy
zpFcln-DDudiXKP!Grvf-rTdItK#Z!fyjBiNyj^5?2n<lrvBrA3*ZmfTtHNa&3ET;|
ziNcIFJ5B3Wp@dKIVepxYul{3bB)}V<=%=@(Vo=dcdvC8((-qzjKlHF@z)R+S8$ADR
zV=_hij~||J`B0Y`V}|inE3Cc>lBEZf&^~2*p1(m8erWXQG$h?MZEczl)9K%i<@vL2
zSA}=<+35(S;n=@#>1&?WCY!=I<?HM1bZVaI3&CFk!`7{}(45fJqA?54KzLjzz?Bi*
zSFmFs?IR#5{vYPvJFd!Y+Y;Oc^q3Du1O)?%sEB}oNK#P{5m6A4tRfjiKyox-AWD!N
zB^pSQB^t;{MA(v5GDuF6Yb-tLt$VAwtNT^gul?h_bAi40x4&<#xyBrG%rUJCGn!Xm
z2*pCTZj4|e_JyvlaH!m9K6CrrlM~CZzzj`Iqo5F3qaQp>4g2$9WB_2sat)0nKlF^C
zJ#zQ{ji~&lUL$T){QRC?UMH}4(JYAZkF;>Y_}bT34v+sg=+Rz42FRhk;48HMNTn8@
zOVW^pzu{R}3lO6qOjFvvd-pvUqTVZHv~ot9An7v2*E)%DC)Z1=nwo+z_QJ#8zXbC!
zTyB4j&z&oQ!2f$+S_>xbU4acCa`rWO4^(rkE#T-~ivArk5F2e58t9sdh>RrT>pzfw
zA9T9r!zPc<a&!+mgVCfCj4s%P#A3{G6Z_dqm*~)EhBo*6FqmJvd9ye=pkU^989k|(
zwh@9hyC$#PkPs%!`#u|I4Cldc@NHiE<vnnzn>$BJTSZmvX1UR4vzvp%9VN}-0tN%v
zk3JqS_QU0<mv|9#pH}#rp>2;7zLmHI6>h?F575ht{-Wrs`HnxPRN15Z_iIOo_dv@o
z_l7FoUmJrFGUP-780HihqW=ibn9N(%0KT4qgB=X}3e(Bt2{h!sg%)G8fcc>05OhXj
zaQ;9SwFbTee8)YosT5sjbLVH*pt}e*lEttu^yAjOn3I8Fxq+C>3-vjq&KekwaI>%e
zG3<%BF6U9u5epxn<f=Kc+|Z|w(U$(`UL#{wU{?y`ovRqBi4Ix@eSo1Ne8D=nrl1E?
z4MwY%VrvyU48OdgIU6EW4$rzv@Hs(y+|C0BT+y$!ZtGT?>JSE}hZMMup|Pg5z5OIS
zF8U9<p;d1P#+_W~@kQ6xS+v>0D>tn>172PZm?l_@9SjTZ&4+JngL&Vsy?Y&_gDo9l
z#QI)~A9i#UdLF$~C?^fi+MKv9_ABhTixH2~U8lVcy28bWPRRN&TvhO?<U>Fph>40W
zxuNejf@!7KCnaCwL89yOT3L)0Y{$`HtvWn2t^%ErOWi%Vp`gCzfmdtBQGFU!Ufp~M
zo3pRIy%K1>gKru9RO~f_E$(47U$_lO9CN&b%Xe%WZbvh`79G3y;41mKem5(+NOyB{
zKju^~0aNW@ZI-io)vEk!oMbv0y5`}LP?FRal)&u<OVf30*S_JZ6u5&{ee9UmXoidG
zB&)i_husYgT6kad={aG`eK0?O2IxJHtY|aby#<_p22z2A7?gw_{-pqjLFmpyx4&~Q
zddn{D-w5+NF$5Qivt4r$_8R0pL+}(N!-L742U^f8X|=q?2?Mc89wc^4<7^tpg3B0Q
zjO|Cf_a_T-hY$i7Fx8F>MT9S%$iua}AUs}8fsaiJ-vpY+_!Wi&Hz|$~_d*Cov%9U2
z3HZ#|E^@c}mk1Mj;^A7fNn;T>pa~w$cBrVGOVyL7pf~=Y-x;q1%KqRg+89c&aaKW0
z3#Ul=wCh_T3%m?NAR2EhE5)ZO*++1nBe64QI)&$pO$4`ZzXijDCc{Sf?r_4}3^P;g
zv59Z!`*ic0*c6X6z48=5$B_Y_XTr7+r&GtOJv4tFHdrlqbg;PMb<Mol{RXjz42MLE
zBfjx{+%uUhbHjkIvDgb}6(_B<WLi^Z=Coj^uZPDQRC+K2@*0^k0u`Y@yo6v4aHmdB
z17RNC5cg4B<97}5_7=sYAK2PbaO8{x8|N^jm6ASm>@a$JxOLsa3L?J4cpbbJF^h3i
zmvP2psBqCgKDF@SE<0iWuzya(;lE<!;u(c!N7uphlY$Wi&bSX%m;p$_G@=-sT6qdF
zFoXkMVvF*cn=$L8<lwcUzmbDm6lU~&O1y(`p~mSK1EC6&_22?D<<rF3NWl_d5+1D$
zpRkC()!~R~89EHR91<m=Ha!Q*1!fJ-oBh{(=o^NcFSmCzul5HrqnQii2GD2uR6c1p
zS_*Y;3Hd12!C3@n5p2#joD!I{N=)iVsc~Qbs+UQDEoL6GQF*Jab`M|fQeKxaKN|c{
zfNsr5rYWW*qH%i?L&}`5)-)ZlojHtl_OC7TbG)#q#2E<&xfpF@<PVnbQDZ%WZ2^NK
zA2@+*Fx|^*;oHKMAu19454d1lfP)pST+Wz0V&!TAe_W(`E<v8L7x$spnKx(Y9y@*X
z$C85qYSA}mPtH9_Zj=9czPHh0Ze@$&^+CgE1eYQ-{C8DHuQ}<s{&hu#D^388%X#(-
zi=>wa;Ar0|<{E*@o<or1%*o%7W%vQcvXj$#VoTvQPGSk5*1FzeG{$$&#PQ!(c;dwW
z3;6R+^x?yYaBw%qu?Y`>JXl&R0H%RKz^Ln0#EOS-*J&Q}-QjRD^H(@1YN<zKbHb(l
zaPn(Q)mK(hqU=#f-UCYSZC%}DTp`xO&ef~a*vr?q`R<@O_A7$YPAW=BNfp-A)I_Bs
zj*`Ll=w?U6fa7<xVL93=qv$R^-#`Jruws;nI2iLAuOVJ?!uMkiz0#PK10A|xcUAb(
z{|hjIgNrypz%iyB8*U}tL3<#HB#fI!r>+PBBe4*tz{u(KHBK^2lo;mK=%~Zf3R;q-
z_86guA%FRppCJb8D75tNf_-!zoi26(C;-Iu6R^#tg9{Y}mjD+coJ<>GDS_@@4)1MJ
zew;Kg5rNObYajuNIoyw*Dx~a%<MU1!pL!M(=jaM}R6m4%wtlt_J+CncI~b@;0fqDm
zUH_Y@Y#UdQO+<XMa8JYS=I79$nqL%#HhZ%B;c+fB{f!HQ9#~bf4#Ovq0#l77*k+;Q
z8nnuSgZ+H*94D9G`Hhk7j4wWa4EOuiFJE4h<&Lu-k!k6+9XoErykG>TeXXBA=fUy;
zcgL6vjwaTQ+ji}8!1%BSfU*t?7A?UXo;NTsJazgsF<}GK?guQiXb>;r)U4QY+UGzy
zESiepz>m{>5l|tS{Rn}l3tFiSr$)80a!FW5bSb!mL4F$Wn1>fL>GlPLhK;&9)XrP@
zO`XBw(3Sdxn15XsY&)e*L96?_+_^D!5OPJhwo5OsEyH<x89wQ7hJ1*nvsof|(ZYqp
zHY#W^T^tH{kx>zH*zh*2IFrzOZaX)r2^Tm?z^$in>!H98vi;5)q0gASn8n%wJ4#q=
zbizG8@{AuR#sQ$H-unTEs&(Od)|K^M|LprVgMPH)&cLZ2b4uLN6y4h0t-ZexlMb&U
zKm+}L?eDL^r1VQTPT)l-I*$)m)6^8h*$3N!aC|0)0iT0(R6tOW&tf>Ds<x#i1g0H}
z-anJw2h|jD0YY4Fg{O!!qaZ!D1f$)IAsj67(Qq5Mj|%7PGrQLTa>9uW<9b*rIJyW@
z#u10r0>{*M_&^t1j4&qJR&;*nD)DXb!o5NJ9SdBvwb4M1?&`}p12T-#WjSa+qj~y=
z43?c8Z;W3N&o|g+Z!{0yF>#vf7iOI6K(G8BnW&XmgQX@ye@=em-zUGBj1`PlzV-DP
z2N?sn;J+&qu{Ct|53#`lCvKG(fC9Yr%aY=OJ3#u029wd2*Ix0M^#EsL?rD1+dv0KX
z>(+n)4^73#K*MmmZathka7bwEqYMsk82PxtG7bGEWMChU+pghle?lT}C$a>1?vQbS
z1RhmnW@LQn={bG;_(C|G&}_pbP0!*J7*U>qGhEOmz}ve3e@%)d*tTc~_w@7AUcUjz
z2*yFL^aFb>;2p|{i6s0Lt(LUIuVC}lWaz9oiA({;4dIgd+1c4oalT=u7NbVeX7u&8
zPCM;b!@y>-@#mR889>IC;P6m~Q9Jq)VRlf4V{rlTHpRzvB7q@+4BG`pLuU|K26SFv
zRMxHU-_0S!C_|undOmy!&U3PFu-A#ZG_J82J6AsOszYL8Ngv{X1B^%L1F|vQ=m9`U
z{YUECw|4*#t|nfBmCUQ>(+hFKuc6l)21B$PHW0%E?V4wgC2iop!3R$%5?HV#)#1>?
zyWz<Ew{SP1uW;*4?^Qb4@9-}X1F0u&fZ^n@I!ty>z~<Fi`QH6i45BbRC;o)6Mej^3
zWNZbp&FM|VV#|jMJF%O9i-0EF1VxEK6MSVIkTnerm$FyGj~KQXYBG)3qr_eX_+1RQ
z>r(oS?Z}IhpBliA5m(L(@Qb{#aV)zg=KLKDl37PbSA>{l0b40n`IixrHh2mgerGTp
zHxT!>I?KX%YGOc2NvTm%9|ti!lQa=p%z~a5WhW%Tzx&PE<JZ|>A7Ky3biCq3TUF%5
znYP#OGj|)!cMGnwI5-;D6o8TRpF27Vkb11(e|*0JK9H~3b7$UQB-w(a8XCI|a%XvP
zTwTWLz?%ZQh=b_nzJlar&5@evvjcT+rGD?2wp&$MQHuPy%Nw0&obnec?b{QKyXVbN
zio}&uw{|~n%t&bU`UT0X{{ZU;r^0%hGI^1~v0&Z=%tT?Y*o{%iNC<MC>SKxcai}dp
zrr_}C>4V=7XBaiCkoo=J)-x)=nxEM1@}#g`d_jkOnpwH|VVmTC2@tfQ?7U7yORGzH
z46Sg#n2e08fdUpD0B!Hn4b@Eh8!f~*L_|dD5bu@Sjah&aF+!PG5@|JBjC8<e)^(xF
z<U#nQT}9M!2)Z{z^Jm*`;>Gk@uncnB65*$eQIM}|YBu1jx6U9Y4B;q11%&ADjuyO<
zBhK8g+2C=N+`SIdAfDiaq&ZT7gq|ct1Fz-*Ltq<uet`zFbo!R%{0n|=MA{5qjF0CH
zf}L&V^Gk@F@TvLS)%AeD3?ZyZ#MLcUR@3~h7HJtsVa`Nlbslf($$@=?ot#?xE(}b?
z0glKyaD<qsA<okH)&wOg#OB4?-OrrWZyS*O{m2=~>}a?~d2JWDM~+C03V^}qLJE*R
za#}<?2GkNtaNLtamx3im29ab<^*jg3f$+M}9{D@A!4m{5$h#e}^eJRUD?He5REOX&
zq>#axz%GSqZh{(RCzN3D(qcWb3Pb9`;c87`W?>nr*Nv}&8tj$XKm`nzT&(!OmtdE|
zKgQm$wP16G3Tz@p&`FL#oNRzRa2=~YJdX);WLysdQ5j%PVVrU%9fn%M$Ri3?7S_{!
zX#`VnVW=rNLSZB|3442WfkI*S)+S6LLB36ZFy?1KZsFVOhw<Zn*w^I1L0*3rZc}ke
z=$klp^eE*<Y#tvBrc}(o&=3c5&|q_Ob29^W^KbQdxNrq%*OS5nmq%t#!R=}tsT9`4
zLdNZBHtHUQagH_sMVv8CH_UxvCz*~Xm@v`~2}p4gq5f#F+Cm)P4wyZ#ZsSH#oTTXP
z?vZR=xP{N?u8_^t;LJ!R7Yx@x5!>fq4Z~d{lR~)bF>|6C_qI%9gsrux#p(C%TJsP_
zs3;bZDML8uvM~A}FXhd7L=|}qK!&%?XV4zFIg6;?JA80rAsoMiP55c={mb(3?$Et!
z!2fFHmcx$_KNq~mxcVpI;RaLHusWe&W)+BtLg@bYFy_FNp4>!Co&b^I@)Lf7Idecw
zg$t8bU^Q_9tB;U|Aj#lF?v0>;T=uw;(Mv-&%o@7_i_)z5xoKRBTH+;`r)3z<!iWD&
zLqh<@J>7<NiZ@sYlC{E|@E9VvFQ%UW2*RQ3AclPDP~*yB%ne`skCK(ffYey8Trg>Y
zM;|eq0<6q%yb9Z3b!6mlnej&24>abruK;KRzPZaN<W>O75*A4h4#OCRf{8`1K{C7r
zP9!d-Bu?T{>eVMd#F({Uz%9Z!5MYDPb^h8GWR7)afhmPZK*BJ*zM!lst03z-4(yd%
zk9fiJ7{sMz=_fKW0S+o~0bRnv!qRLtAPCfgEcP1sInhi)`~j?g`5c-b_vAO<C=w1p
z04L!E@8K9_I?#;Un_pe+2`GisTJ-AG9d3f-bYiYsig_<0VeW<>Byu~FYNLxr@c?ZO
z19mA1c$l1ktQPn*66Y8^&&h<yFMWNIxLvH$5oC0b7bF>73>!9_M9Kk1<27<)93bvE
z9~r2nUaW61i}UgpGr(mWVxIo~r@`hSKpc--sBQ}!w`}$5D6Hf4tkQQ8KmZu@%8c&n
zR@NaRE?v457$6_nm$NQ$YHMz0gqh3ddc7Rn!SfNPXkj>J(epH#+-ca(A~E3v6GeQ}
zjE#5h*|Udg)8qt{nFMQa@NzM#xjBh5Q>JQ57B3!b^OWjf$b|D9A$<Xuur@wn2-QX>
z2lyioh0M<s`a%a@xElL@MVoC~ycD3skALp>&jF`%1eBuyyBQAyDad4h<^bMY2m$5|
zhF^4CqB?m2>A@v2FeWA@pdQn7OMN5F`2qT2f#!)FLf?rz1$Cu1&;W2p>!?Ew<`(uG
zG5h{p&-qoj(h`PDm*U1-?B)eA4lfME4oS<lRkmlQl_cT879;{rg4C)^`8HXJ#EZ<D
zHJrh9-^Y4vK0H1$(h68}6|TKX*_Mw(Y^NS#lVQLF0@D)27_OX2b1(y-9<KA9h3g#(
za*N1Vr?lCeuUQr&7z@vepbmu5=&Np#$uYmh3^hQ}#6;vh*w%wlhS=*5>-0Jhmhtpm
z;V49W)n{gB`Cu7_B>|>|3uZ9kl}IQ0yQe*dsS$q`<{lm%@3p&5!_^SpT8rV{yNj4x
zEnNz)GcVoU%C-zXjWMwB0}U||Yy`q;3z!OU2#trv5ol0$z7}kQSwd1c3~`tg>K7u|
z?FIbPKrj#u)5G2=7;9)UgAJ6+z^a9yILLIQ5^pxEhQu%RX(+;t$+mva=nPiFUyy9W
z9&~89Idp*~h-wD%XR<je5lB0axH>uQWMNtQyvDLrQkrCUcbBcB<G8vQp{<qhCm<=x
z%*q(D;TM^vZwxa^Q2#E+uOX6SGm|6cQoqtu=}0Asu=WA*-*|*^EiPaK%%TGYt>D-2
zms<A#LFCer%VB#>GCKGVa>xm<S+fRXk#5)N!MeXQr&B&wfg2>79|o4gHqN(PWA&E9
z6eUHCO!#J9Ra09)c7SF@AjcH;=wmDkW6T(!fG{)OFgpjoHy5y_;g?f!t|?Ik1q6tH
z8Jc2pv|D|8)lQ0v8sV>zg@Nb<AraIWY}KDSVcuS{0a9R$edejaj&}hs3Z&tk00IF|
zTV1Iah#vU14Yb~+*oz3L*UBPB2M5Xc5#R~D+jV*}q#G?@0-lvZ)6RHei>Rg#K=raB
zLj;2_9d%}NE5oBn7wzYWWOR0&AQq3FJNL+t4W~BlEiq1GGxJvZUB9w8g=kg<4_5G5
zPeIiI6fKEk6KlqtIE=Eqg5mW@8rbA=aSA75?i!?+<%qZaR>8pWn8k%JLo7Lij+kI1
zPfng550N{ONoerlK84cEB&_toe!i+oL**0Yo*|6UtHS9>QZvnCRi&j)I7#2baZuEm
z?il84$JIGh3Qlan*%6BSgCa_6)Eu>N3Z$tx2EZbCqR2&!aydDNqqgaSIhnm#2ggr>
zFMvsKxDNxhkmLd-6j59ivCu`nd=)e{8VqUef%DvbeNP=dYM<CJ9+H8Q2fW#EF%q~|
zpnsSTy)~}|#w&>Xgw;fhP`9;k=*vP|*E$dw5)v|GwmNRs26X=}INhVbGvNBQB)q&r
zCq-ce|FVn}5Tg{>Q!VFP=Pu^c%;mmRWWc{@Hkzac=^+COC@lfOM&e3o7!~^)kqErT
zT`Q825>yYg!g*!UpV6sR9kq(W%F2q*c7qW)gnp%OPLJg%0H9%YRiung+g8s<3(g!8
z`KQj<wmpnbc+JwJx-&q%aaVWb;rRe8@VI(<dKQ<JWj$>Q&(ldULV^#^Q3+&2%lWrj
z6lux)lU&le3me|Jk*?jk-X7+zn5j|$6nh5Im~cSgM2HWh!=v`uu}Zr+Pt-p+Out=X
zwEC9#=ByYa=bt*}V$?oVKd~0+E44goANU+(*39~CecSe^U6sE}qyKC5)JX>7&!)$-
z$&`NhuXDeOscp2#9!T=AXtQpAV@B3kts<E&@?~J4657S<4FgD~JF+L5cf$9!QV3D@
z8|Ihg8Rt~tw{Uy!L=H?LU=C5CS*GmWyAz12#PZNM!7c2U7GT}(GYPECE|mr-62bqi
zMTQX;N*$%_xflvr@|`~su4Lfy&7=%Z9{s~uE^5O_IM~$!kGuutx&zd!>1mph{CpaF
zpcUyCmpBOCKYTAYcV2lclVc6?5tKZf12I7A7?SDk`jmaUJv)4hn|{}g+i0(9YRY|L
zZ7YQbD9%D03gU=(sFLKWXD&5lnox5laUOQY81sZ$z?<so5m&XJWmX$03zCwcPJ?-a
z?!<Z+SwDs+xnTrQqm1>W)xUho*RHN27_NQC2=v6Hq*lyP2?M7_d6%D`h;W3Gr4tTA
z0KOf#9gE`FCdP(`L65Bi`dw@fXzzp9E<|~VrrBmf8PxzOT*@B#m(0j$)74l1Cx6+5
z)yIGl7OmDQ$WO@B05~tctE_Z`Av3UoBZ4v~rw45I@ms>%;b?>z<}J)>L2~;R92VRg
znORvM;ygQuCAhPnq|+c6itvQtf1#XHISjT55#tU5=pe$*2nwBq9mDR{6$lp&K*Ea?
zC>rR5Li{l?c&OE{?eT;Qh8KJXa6t($awyZ`{{0b9kJ52Ud@2_08?Z{mQFz1^5Sk7}
zxe??FBV}BbztSf$l>4+l#<<fqfP2H(;<Gd-Gg$mv_WoS-!+-H%k`>5*y~cERaPuTp
zZ&g6G4|F9d8RDdZFZpR}>nuYX;0KHm^TiE-Qtlm21xkWKEFn7yh683LBa>0N7%98*
zhtW*H;AX;P!v1uP(mt&kd@Xx?OvmP(C_N&|Bwl&D1m{&<vi3R(pd9*#2-}@A*}(t>
zZyBju+X4Z82432)nCgrh`4Vd!MEDP*bX5DYa0=^vN?5?e6e3WVi|vB(1O)x);phU?
z=0qAt0Y*M~^X90e9a;&4dvpFNaq5-uvm;d{cpLdf0`eGgD1fL$whPllS9l<hqX-_<
zCD1p3+gVEN?|?(Iva)cX+@XyJMors)&#`gYZxIILc2HoEz%c3Q>F<%4V)Tv64o@V0
zC?r7%cprzM43Z3`{78rlK<xfSDr)fIT^v{bh#$`Z7P6=jJO)sghF7+LF{y-Mz2MYD
zVOtcj8FTt_!l%u<BYg;RKza|i6MJL`3#i_#6F3Sm%?1>Klbc(mB+bizWl!mBP`M>+
zoRskFA(R`)c&ExCgjz>j9nPjDp?DXdH)DV!{#S0jdd1ThNv#+`qZ`vLfW!nqOTr8L
zA&T7?tX2$O7^e|HtTd*u0F^v45Wu~`7ar(gJQ4RV#Xv8F9tvP_Udq-7Ef$?y3Alh+
z=+#8{W?Gcy0R6zKc+m|I<-l6{`&-JTkoo~CVCqBpr|+#l$<n4V8!R$r>h<@?tiFJ@
zZU>JY0qbs{T<%KpCIz!0s19S)LH(f)>{n8Ero)IY!wTF_FspdPUIQMTS&ib&R7}x2
zk8q{f;RA*d*5oe6I7lt#f~j>44LFgE8w~$dEYk80hu|@|Vs8dZK*^n(dM-JORU$4W
zg~-QJDS06dE}L)hDWuBK+iO+H*U~jTkgJIsi9w!@C}$-av<MLo@_;Ezb90!XT$O16
zD|;R;2$<wzQJo^pzB8?+siO~+E^Om%N@oHC1A)oX!?y-hBXZ7+M?Q%CQ%*C0r`QM(
z&nkN)2~C$iSo34JJu}!ajJ0M==ULZ}h;uMbm7P;1WZ5T7fy8GNqr(uZ8oX&yRGoP$
zsU>6Sc<q&4?v!sNCh=4;S?e{>2=T<HfMSu1>%~?q5F|+<iX=%W@!&v!O=Us`#VXpO
z<@?Os{(}b}VIjbh6zBME;QD#M9dc1vfEty-lHd+Ck|tA2gBE~TK8qg1{wbjoM}Jkr
z+;d%kwa5t4d#ksW5V4D=l#sTJFmeG>d;+;i)*R$2mT{5U2-;8ZQ!Iy7_Wwfyb^jwP
zECd>SBOHm~LGFR;Dz^b|4h%)?XroX>!piRKnMbYjCE^WQ?eI4&gqH^85)J+dVx?h_
zRLwqF2G+KA7cu*Vupn@t2PxGSo7TKA?;0n(chABzb?cFvWUCO%Vc+r&>yg7yP2{xX
zu1|Cbs?kZ=Xu8%&*WKNn0@2xequo2)4rFWYSaYwL+kIMUz^~{|n3?2UNtp&0q<2IN
z^5ZN%V)4Ohe6V`uFO8Rb?k#M{wRCjf&uv=Q9{;C?h+p7D`vB_u&DllvNCr2UE;m~9
z8z<9FGQ^;049?CWXbF1W_J<+Gg70i{f{c4+=&v;F!2^LCq~rp}+-o3NQEF}6{yTo1
zh<J~o=9iK-%wPTUw(iHTq$ptd_{V<V)OzmIvY)z$2Q!b)ga`#;s{sb>a9fN5$Y+Hs
zRR9=JYN@3tbVDn)U32$j)$i{`OPlDY@k^oBcniUwcI{f}PudS=A}6P(7g05KznL$;
zu;q}}-+1JEle6CO{I1dO*x~S|qGB~Z<Jra765IqF&Zn+KGxNOv^X{yNkQhpDA7U5%
zwajQ~Ek2XKS2W1ZUneDS{?pT<t<t~X+KCg4d&*DG=vMz03Y}=XCCxDuFZt)?xZvO1
z*#BO!9q!@3srp2&u%IYO{u%8nY#rZZx}5i^YTEL_8y&lcW6XV9lJ@3|t>AaKfBV-J
z4ZnYe*m5O$+m3~K2tDL?_kOEZ@c#dg1%Ur~O}{=07xlk}jA?2ACrZP%`O=b-9pBn{
zwLT=TGj376@Tt4V=I<m6{;+J-y$R-qhPmrLMKQ2Q?H2fm@~y|e+zfVlfd*0-JhPi0
z+?SiM%EPcb)8}$+gZN!hu4Me$DwSxX*k)67Vfbo_f<@F7hMb0^lsq+d`Bw{_@=G4Q
z&R!wFbJStE%1XwMPA}CZT1=c7jQ2nA-7(?$>)Q?cr0I1lS=;PW;|Zvv%XUfdnJ@NH
z6h=M2u7eK5kk`jUpgSbocbx1$ywoZGcJYPpD;DS%w_Yh8dsXTae>w3|zr;6KUnwa&
zwI9Kig4{<H8>HG|vp#bv!|P><+pan`O0B7!xBO@8H10&CJ7W45GgzS{O;3AW38l=%
z6XE*Pb_d&oZeYZT%ZR~Q|B9?N-XA6%n)go+u4|sBuC@LCMRTG5Qrb-u{J^eg8>)(X
zE3Acvt)w@b=w>}VDyq<-4CRsdjkE>(XD3d3;3rYaYijLiMFw(qYHg+~i+)ahsaYws
zWaV=5SqTTPPO=$?44*wL6J5R?&&E8FdeHLT>h|c6)tjlFp6tW*-_x|4Qu&+aIUXR6
zcKQ{%4C{DOlNNlx`c~uitI;s^%Lk1+MBj&1I|cH2{&lpqlONdgzDsI+){%$pOtCz!
z@SHl`GPiS?UbV}Wx2l+glSCm1@A{kd^{Mkqm2Xcc_IU0A@g{lBM~JdGwYvaKp4Ut4
zsBwZT>DG(l{mAzRB|lM+lHk))#68XuVq5XxeCq<=@qQ&CRfclM$L{21u3P76@~WzC
z$%dS$;ymbkF;?W$%Q4;X`KFnUxm61A4ccHkKf8EA`5k9r{O=+8HpFfXA?0lExb3sr
zGuC2L<4oEDo{H_?JAJ8k)63Sigq?gIx7egx<YOm;@ocJo{n%xhGM~{tVUN_l`PVN7
zX?O)i+;9J;wgkX3a$cIN(g7|Q9D14;EI17lNRj4{k=0cU7g3&+pR1w|pOsS`c+-$6
zp!#Ck_tv80n+0|L27jzkNbMaOi#_x1iQA{Nc?uKzynRi`{;w0?J<I&2?OHAh*a?CC
znMj)QJh_tbrhZ0`!-`_a2ZpNdkN67q>T6U!{4AU~o}l$*KRhJL#hBtbmK*a<jh)&b
zFZGuiyopA8r`Hrn`X0wP0}$Yb>!Qv@4y)-kkFv@{pSkv-%`YNawS>!!q3P4^Tult3
z5F&5r@=)!;!@0YAWf^yJ3<XN&zRq`IbzW{2bZb_mF14MjK2^ISqL_<vX+B>A)!XBv
z_a0l1ei6{AdEx3NMT5&&m6ysEl6Z3{FhDIT;-F>QWmD^HS6dsagBGU`Uwl56nsFxZ
zZ_(;bh7bD=-PKnV+PN*1mIC$SF8+qH0``jsZ{#^;EWcqk5}+!VF%08MOF{k|mCAIg
zsC42J-XQ)ILNu3^3H$O}EpM?-@h*AHs5W<7eX_$GCvbbpkU?v|%56yoIa(oOPNoC%
zUizy22kVv6AHmT;Q$BUn=Ax}Yh)J*71E=ZP)Jn0o>%Yr$b{4Zs@6o;&c<`wI&I6a}
zpa(QuM3bnaf5^tttgtY8Ay84)r=)$E^O@8xxhQ8A_QffsT-UKiHVeHF#;Du$OrOhT
zUE5zMGKq*5sDG~apl-io)%y9-wA0n5Op^kfjS4BjILKTNuqPM3etm2ChLSJc@_Q@G
zd1iX4VK=p<D9{X^#*=~scPG#IVPpmxgP|(EXLchx$z+<E0B8FeFxr`_1<V9XeyrDe
zW!i0@o67`ro~%<hYASpS-IfM}FrhDS30V*-Q^@nKFoevv_G0ZTez-0ga^k=8oic&g
zO#-f(_J8yS0|8=Q)DJp=8{7Tb+MIYgZ-(P|eV-<^22_pK)=$pp;0`}*m6kghqMYS>
z{QEbDtjU6Xz~bb<pBkH8+T7gEXT`IODP(vHAHAkbT%qf1f%{HFXGU&JnueSsYi;&%
zk?-dDni=&DIdsm&*WSDhUoRxo&S%mysw}kCz2Wx(+{QjI#k=0X>(PySckgmpXV|dZ
zh^1@$eAz&W{o)I)V2<i)c6WEf&G@7OK7#?Hp8`yS(Q<ZTvyVrUQGtoXkAn15yK@{j
znrvrd3-a>1z{xd#xl1CRo(kf<c&61&v01_`_>Q<l=EZFR0^PEVR%O#sJd=U}T$*dO
zr>sQ+jIye_s~^r74azN9W0QZlvq!-hp&g?+j;Gd@l?_fpS^$Ttzv+3br&2j`=jX&a
zvT`4+-PIT)leq+<O^xO#AAOir-qPi_-t^93^+B7CrOB)H?uDpIwl?}#){b=dm<UYX
zWe0dm;hV>YvMSf_q)r^Q$=cV(ul5mZ;>9<;fUi!CtA1g!Hh0;atWB$e<0Rbr*&7X2
zdDFh8zuLHS`<MN|tqZo{|AXfI5Gm*~(9pyVQ(_GICF|-6Pk^D35%bm8WdS@g;-_C_
zBqUFH=BMd<wj>P=?h%*%FezYcY-IFKuOg#81=+~C?5TBSfkNHhRK=w{;U<^4Kq$X0
zRbv@yuPw6X75_oC7iPV_y(Wr*=9RD=%Lk0GO5z(>*cYTHB=dLfBvp0bD^=Akv7>r^
zdKJX1V%~Pi_hk2NJooH^_;??GUK+%}UTPUe>U@Z2=%)^k@x3v%Qbk2wFNfXz_HPbu
zxTt69_)_xPxA)!9&~EOErNA>WFnrvqgI%eB#J;E~j?USWH~T-{`<kyjAdw?H^L@q8
z5KD&jBqx_<d9<ht%OJvOijG@rpR#M6@eY(*-s$l$lm-o4w5^OfIkNkN4Wpz|;{fV7
zer|FnI(iflRdTn?Y_Jcp6DpgV72Zr$SjwX|KNmvIke`XqXMD8<e`jkmEM2|jolXjU
z(r%paK&kJrmsRZq3z+QuO_n|KHhl=bU2REEMbLa{kdqV*+zl5hO?!X7=b~t=JTbVZ
zxJu3NACi1pslT09N<u<&s%(w9+E+U4Hs_Jf3e~)~;mqWXuO_xBnA&A-c`j=e2%ceZ
zF4r6RGW0M*FD`8s?{a#bR=)Id4a@l#DoGVlsXJ0X`~t!j*T`71gsM9hy?uUx!XalI
zmbcRlN!w**m$u|^9n{lO-N-iQt70Px+ya9+jEGyAZZPS+x4nYDy5nyKD@--eIXK&7
zw~(rl;7}P@_KlDBX4iU0PtTo|hhn74{iT}6E@8j8ZdLGnbi><6)Ok^;S^V{kDOdBS
z!ZJ}6yER5kXL_fr5=C@d{iCCoj&x=he#@Xe6T;z!UDCDj!^7y{X9zgKWfpd{P$L$U
z#~wDw5?X>~O<74#SCa50{!4fFu{Qt6f)^**<2gsWn}Qexmx8lDIn(noRIlzsfjMGn
zN6L`QUp*g|s<xDjb}_yikDpUh8rb;3k6Mr`d30nG-E>KUb*{}{6XOAP!`%vMy#2jL
zO!Uen-cBX<m2O>Z#&8t;yY}GCY^B-jWkY^T=FOU*EH$2D)^K1CRlXmbp0Obs-zr(V
zsWB?>s+wJ4v&u+u#N|49{ko0f%THcwOPOD|9?46Q-vfbHKP0!7)D!)}*_y+9jxeT$
zfI3=lO24Me%j}Jz@xF?#^LL=G2_OZz-IDx?S7w)&_)P5mcJsvYd;s^SUlnr`s?GPr
zoM8I_|91>OGQZS0Bk;oF;i)gb*=5wh^r8%YWlsW&=MaS*f{q8HPF#{RkhA~Wp%Y-)
zH~)Xr8uXu;!5@I`;RDhN*$VQOMZaTK*oFKw+bhvGJpcP@L(=__|KDaPKW^~vB$*ES
zX3(k!z8zvbf~uYa=XH3Ch`8S`3i*u|cHFBJo)1K(zR{F^V*kE<PADfr=J5t1V!uP$
zYrzrF#BJy%BtA;Cl8GQ43NUs>SEeB}bQ^*z%~2(#Eg)G@Y9Eg4-@bF_9caHjA3s(P
z3_#NhM#7nGkctTXqXVW8%{FT7Xy{l#rdAnbk6n!8A*E-~x=^)k==wzDjFX)qEU2S_
zzTm>xK#<;c)FFJ@Nz8wO#zzx^5?I5zlSU`m7dSww;#G5%Ix**pR8=tn{6g^T-U~5#
zAoo}mQ@<&@^rBV^76sz-f{YxS>6g}%!<mjO(&zrL0~Eq+L9%qq$*FV^L-o}}y7?Tv
zI!@>=UW0!H?Y$Lp3V{BO1{QYIj7ZfOtj9SN@o{U0Mn*DQXFgO{lg=W{c`7!U1GT-I
znfWdRA02hn{Co%W%Q&uQH7aaXp@L9_p2P*_9K9o`dE5ZQmg&lB6#p+5Luvx3V{9F(
z%P?kv4l@i*F3$Aaj;OIyKuufprBJn+UU5UBpowytXb5>01I?0{r-!TL&A)l$1{vLh
z%Qb>%UtpRr;J5(vBo#pA>O8Qbzd1VqRCWl_E`q`Z5luR#P+!e%7eq=ySR-^8bwfOc
z`t_l>SyV1a{T^7UwGs9I!O_tO{4vOBwn|Oo)(<`KeQvhwWkY54B!b~3XqWU0<CQWX
zlnnd==92>G2hzHNthCPb9TNe6_T7#(Fc!N6e{3r;8$!H8kAS<0V`~<&T%^LAd9QCl
zL7r%Mwg}q>qE0thry264qhm=Pbi97Tc0!~K!m0sX00^Z542p(|rFAA`n#inCHtnbg
za)K5HD+`kp3Gw~`>Ng0A%jHyU$SfKIt2L0jeubVEEoDob^53BQ$NcL<7W1j@=!Y&Y
z?NC-%*4U!8Bw4HKHcl|urHWw1qu4X)3O;GGu&n?XJEE?E$mI_7y$!BwsE&@PpMFFY
z#vUNl2$KTA)tfh1t;=BgT}wP+ugleSUG{US6bk<2DT68|W10XqQ4oj7m>Koq0(1hQ
zsR$!_`EGo+uZjl|#_Ljp5;Ep+L8`tTge3|akWXB%V?jv=j~FZX7&3fP^nrx|QGuCR
zw}8llMtunejbhfObKRpf%iYMKz)Sk$K@$!0b88<#RWkb1cB-39fIbCA4HM)KY24}H
z6|zT<7YYm(j7|btf0(Si6iIoghF#Re#0mp)u9(k$0+LEkH7tc-W!duOPoN=05t``6
z!2@hQax<oi9i!FcUZBgZ>ChZXt;0dx6P-fPltlfD9E8_fuwm~{nKGI7TYOW$xdx>q
zmjSkpwl=!XFZFA?u<kI~S5Ju@hZ82|Rhk8&aE0QzakWj$b!!Slfl4hd$!TdIwL4w=
zWg`BljdxJI_ME>B5*?Kf3IxMfvBWd#QH3J|OHtvwp?~k|ziA{;(0)@~j0waKl=9PW
zUqFLltCh=**aS0dEB@y5b(ryqyISDJWLJ7s13gbheOlS5NMP8PI0_%m#;B~fBM4z0
z5m%)l1Q2|ntmWdA!a(%$xM7{RQhgj%g>$O?B6iUH(O4|DC$jjKu|-<-$*kzO(!}FH
zu6*O$Cyu$XcstUW1&&e|3kMQqB13^9>0m(lzw_37RHM$@L_GzS5+6jbC|=-nKsmF*
zxKhxpA&07YMMGVE!TbLp*FP<e1e7k|f=bAGtVRw>&OLHj&^T=_4F<XIl5U4Sb#B5)
zVpV}o-^R!1hx4P^)Y=|rs0@s(Tfd{zvD9S$aOj_7hB6~O-Y=NbIW<53-DYV3$4X;8
zW<CeHX1;fHM!s)XDl+Try;l-ueJ<qm4tEi2<^m%}J(oTAFMX$dY#sGC=ZO2YmmC3g
zmqwbKbA`vpD!z>te49;eit~~1k%+GznKaMM3ieTH5>$<sgQm;`f{+m-#MKn&w6-3;
zaTK&qEtDNK5Oa>SW+TZuefqRCG*fM@t>K7pS}26QOiQDpKf&wKqfnJ>%VH`O0b=a2
zv#8pw8bl{Wm#zF4AtO%3<cDXd5kld|Udq48SO#TJ?(2=0ApiAYcG<!wjlymXYB4pq
zsVJ76f{?(Q*}~G&zp@zR!V53273*D5!K~UbRM9aY4pwC<{(Qz7sY1B1+z?qtMnn|h
zqaksWg}NbU7E=X_^Yc$)<XT56hNAknyK99e)cKv+?U~|qv;x6$mpF8l7vmQ1c}1sr
z^vmTJ3nrLaSMJ$z(&mM7uB|d+NG;K_wJSU3H$m8X2xB{+mo1-xpz^V|cT`^9QE}-D
z7rcb#zN@iaN(g<g%ew!hP2dKavU7_m_!nxAQiNjWT`L?APjK?<AP&|Z$d7{h1EEmX
zp*g-v>mxR5TW6=H$^_!Fx`o}&%c~YUk{44N!%<?zVSWn1H^r27f)raOMw+5bdg-qh
z8~)M))D8~~v5wlhh=wEZ__iB%;_g4ik?x?f;>Nz5;g#f_@&qxS{lMB|UnNl$K!|fs
zDNW$R-rPGXg!+JApE7B`JTQ91zJYenLh^zen^4j@gudP&0gDgyk(8rhJAQtn&#Rk`
z>>KJxJKOi|+Y9-%l=burPm&i<_OEAPcn;-Jz*`Z|VlTE+hv-(;?pd`*8W*M2xAxIe
zp^_hOjBC02&&|m@4x_3n)KqT*griyFf~l!#9ixS-vvab>!@Nc80s@WoyS6d?^VgqO
z)6mdpql*RRG;!a)eKWV)VSm-(C@uMH`%DnQHnGZ?7g3%|GG(Qli}`Ck+$|`S^rdMP
z7Z=-qwg2Z2t={RKq~tHVwS)YULc_dgPf`6YN}i2a=wCm6f~))I=HnZQ{-6Ef=UW(x
zpxd`r?<_`mf~HuW-Ga7=%`T!N!>I7ZLRx-2ei7x|_n%));BVAexgjqAvMH~RY)nGi
zcZ}6U|M2*DEh;bVot@Emrl&nnw|<7RM82^Wwet-dHas4%#o5Y9x3Xh|7gD-xsAtV4
z7BTC8N;n2J>p}K;G!6TsB&Q5FGxHmN|5y&@+n{chhr|Rk!Xrn4drB`K>_YWXejJo!
zD(Za7p|gxfZk}3l=NRO|Jt&I5y4n2%;+`G=1hb|NRQ8?#cxd6gcy{5b2TF`lsN^*n
z5=G=iXn9Gq&&Vq;ul2CF>Bh#c82JPl_j8=qW{sVaXluG~>5?y~Rc3MY0XVw3QR|YR
ze3!)d$y-03Yu=(SfQuIaiC3gl23&!Vx;+^KRQl?Y#PFTYA-ZEJdkMG|li{e?c)I`+
z#HAr%mBk+5j~l>?y<wi^ZGy5o{=*G$IUXulB{y!mmBXW>S*=0_MkXe*5NWO7yjfd?
z8mq{wU-z;-u3<4nfbQqx_>=|o1fziS05cnzK&Cyz*Don76oVwC8o05n0R_-F#0!(Y
zdReI3E}S{z%&d)YVA&aDmVEj3!m;jZF|Z0nwQ<j%KZlS#4v9m%r8D9K?qLmNXC?#9
z${=QW?pr}K^vZhjr3!?M*-#gGFryc}4=oghEwoHb@sLKvK(kDL@UlHYBO|G}e?^xM
zUaP}E+~eq7m4SRC1=0ki%E~^siy=o$PUCXC($dm`Ejl(EpYv_V@Zc0FR;+Y?eYr@Q
zi4v;ybLU?k0p^xPcMJa!BJMsdE?x!j1Ip<1h}vsJX>vS_eUM;h#iu~o<S$_HaxxuD
zrsVBg5pobfju#Z$guXoo2M6_K!`Fp1a40)EJEQ0N`FeW#XISFOOg5wL%&dnGUqVar
z``a`tV1%A5V0WkZ+6Sn4@Y(t{P@Y+$4Tc*l7u9=K8~`}p<v^d8Ppe`yI@GtYG4dm;
z53To#H{&2F;f8Du>xx_#j0apH(i{<#LvwBo9#B~+`U^fnRl2`t9cA$IuWyQ1$-*(0
z|40;$@hKF9Z(@}3V^$ea^n$uG>$l`6W2FOBdNNN=P4z&qg}cGQL`8e+etk5Uox~;}
z+c4qE+Y30%N4~uYbVZ|ekc#c3dPZhuX?eLM?qD^xfmdLlwOH=<BS#dl)@vXNQa3P&
zN4rc6yb{p=@F-3td#{`vb^r7LCNkk0`JnR$;Oi!krqdLfal-L!pTZskP*ogqZeOhJ
z#{(JgYbqU9*Mx!z?PMRawo=X=;#0`{5#NfWL`Cm?>znsm^QFsoGM6(gcjrNjw#V*p
zXGY#7&U?KP-4;n+INMN{eTu`_@!`WNAl+wQ-rf&zGsZ5EmiAzNiYBbODR#NIK=i@*
z>Dr_*!oDH`J)`JYdYe^&M-DXZh)i(f!VZYmMFD^5Ij-KdXhQzr1)s&fz*Bx#x*-`R
z@)Pk7=y6KHe#K+lS4rfo5YNPJnXc?pdVD}x0h*4}Qc{&h&S=~}IpB^hm;P(Z0R@vL
zx(;=e(eS|JNxT2>o>Az<KVrj-7(vzo{S+_uhFpC1xIf8I@z#<UGEN3uz8oXj<N8yv
zI1|wX5{S^WL!A5vU^%?&BKdWmBOe3t_W_AglEZz`aE?;GjGNsa*a+lujX%GFhyWdu
zZ47%L=pf22zVQ&Ueco0#Xu3kU+j3rOImLW%u!xJ?{D6s~oo?5xcvYddPR5{V44P8{
zr=XCe;X*W`xazYW5x_;gfIpbIVEO&a{axx6H^0@!2CQZjhyfI4g<TUK^%O$n^5kZ8
zuxmpsipB1M1v^$H#`F{&1RZsr7Eno^Q&8|{hMd)McyRDNsEEh@{(Hl#Vt|XpO9CUi
zJ369pwut*NscF}}jO07x6@etZC-2sx(`U|j;YKt2HRQ<R3vJlCH5PlN8&V8MSJzsS
z@(yGiff0)L(Fv>yX@D4YO--{+nyV;-q1%2ygv%qKy&}*mfr*E{R2<q*k#SgJ>N4^W
zcC<x{gjf$h#4g;Wo<kjkMqL_$X>N3AkWjW)G4%z0MNns~YOV?#Uc8p9VN}}2wa$PW
z{Tkc`%}OHoR#st#{3tT&-V~}zQr9Oa9eWYMYtiOMwhy0i$DZxmk0FKjh>u6-e9t}{
zq2kj2pjvUiTUP-elagh@LF4Kr_|5t+V36=fWVMnZLV}7R5UG4X>`8{^OAt~gOEfR<
zVr?-t>3Y8%pWm2ejgHs-r4;)o#TC~$(H64UXd@%z0rBO3{gq&}>u6Q};YG`rs;x?&
zcYJ$z#j<7R3F|XzkR_8lGwcK(kVBXhe|(@p>(E}zwhjvmGcq;xW+oDHdZc)8mr?2(
zTkrk#U@b*gEwD~V<DcUfz3G~MK}+EUpg|t@9N_2i0V@RZ9#n4l&IlNHI3rXjM7)K`
z-tHfOER+t2FV%F}L>Y-Tg>IGOvR}UTx6IF_@qOHPhJ-)l>1Cy;PFuFR@Gj3@O*#5y
z=a1*-nDF1BP8x_dtM`8KW3y^=7rTIOb9^8Tp+P>ULkY1>aJXovgUV7$=pbK5?g}h&
z`=#emD|27Ab^*n{@8^PWBuYU^KhBdVV<iKeQ9}Rv8E73JDQfQWKeJohBPb|{TLSp-
z<jNn&?A&6Qlj<P-=oox|jZ=Na+Eq*LaGze}7>JOqkhz$Wu=hXEq@z7noz{m4adI+3
zskoP)KU2?50G1>QNhd;2p~*STbQ$Hc$xk%t_y~kgtbCFvZp33$jRvFu*J)gTfQda<
zd#Lg8&=lx^B&$6@L!qoc_5%|hr8VgVdZgIjKK=t3uD?=tk-W_1=gXF$i~EH#zQmp#
z|A0>l<&yJH+=&<E|8M(YSyeqQ%Ki!awrzO;ulToT+dm+gLb=TG4<4sbHj?L=x1=fE
zPy`C_+5>Mpl+tg!-aA`RP|%S<(t`CY<a>PzMflalTB<$J8XOrJsST?e%&Y%^HjqRA
z07L)+zB{i&(flF*k!-WE*Gri$CC5W#4xVkFI1Vf?lGXv8G}jnF6I~0E3`dA}D<?kX
zTq6OIm({@Tr9iW}itgZ14+40y(X=T)j)Ky&l}qlB)f;M)rdKCTPC0-Pyk`VdUfoFk
z&6=8l22DE3Hk0T<uoEb|8hlu$jxJi#uyM4!O;&6=Z~+~GW9WYAuxu1rBN%}Li%eQF
ztBD7o0(FprXT8M-S%Ll6d*rDgk#!S(2K||lp&@Is5EmzB*$>9DuQ^*0ojyHP;rF2@
zcn%y0;3x^;2%xeXz>$xiAMm$`NSS*vXq}{g=x_8_pG5=V`oI4U#TV$beBtEe1YWZp
z7FLC`&Eyc$Z_eVQs^fly9^Ou#O97GT0*0I2ggb~8m@DD2t|}3<vD8BN%`A>5=6~?Y
zZM4rsEm*XqD>}rMlc^P$9<p}r!OySh`AzjwdA4rdT7#zI$f&3u5{xlw&T{<QQ*=`l
zwX~>0TILafL!%h~jUOSvwU!O=HKrMafaZ;dv4T8c3VC$@WC-ow8JtDK(S#9->v@Kg
zL?PQU#i9X};|pY{CD4jy^@HUzGBcAypBFsE+<P-JW~+LjP$!SF=R>5EwT;aNdU}6@
zc{hRK2QZX~M=x?``p>22T6+Lr{u&MxHfVJDj}QrbHTZ(I?(V0^vP+tply`fIuVXpu
z_4@LA@FF+Cd}R-p?3+Tj#szrTh<||4I2i{6AjAR1033tMSFL)SnVE@nHVkK(a+djd
z3}Kdojq;YQTT{>%Q|`wlhNv$?VEfv&Pk=UbfH2VW7lhvQa6nTX$df1M?t%3~mMab7
zx1^}(96C_Q{$~j`KMpi$Ia(!_^exwB+SH`KQ64Xsv9x>zp-LofTwC3JAXDV87tnKI
z1EJ{@<epfje%8}IoFeZ)a&SX+T=?Uer(eE@l#>U>Rvd-)?Cj)>!CeOYdjXMn%(Y?<
za=Id`;fAXT)Tht!5jr0t9+I{iq3iEMkJU|CesS2;*4Gycw)v!(m@dGx(ao|M{-S_m
z4dw0NX(63^P8PGN=|y~nudS_PM94TauzJlJDjt1XPtP;JC4bFx9XHQ{{Xi`s5+5S&
zLC%v-wMyQtf|eH`H>eFT$axB98yFci2{0UrpW9W80|YQ7<G><3zkC`lB-RNW=sPjG
zapNGn&z|!;8u(Wl9Ke4Zm+rW)2+{>)27uTR5=Q_Y&+F(sL&wY&p?-*`<m>l>j8C2O
zVN>+(Jd>;FhBrQs^S`_lb{Wsmd^4G-DM5feAD=v7gtBcqTFg{(ZJTCt^1(ZfSh9}L
zb|Htrmkmghi#c};P3lI$vp6lD0jby7n%T}uc-*-o;yoeSobzMdZTb=7eDPZp9mIkD
z9y259lZ7g@=w&4!R~wKJ7S`#Kz_9O7;di08pbE*x7)<4!fp+<Y{_YymJVno8#{~Cj
zzt_#MDKjZly>I|%1<i(d$`M=Mmf<7RC!d&{IB}OGW~(-HzRRjW{s$4iEYQAjUm;L2
z$~g#>{s>FzhV#-IUFIX_hXTES#H8C|!Q{rmaG5igD&+z6ABxsh9f<Z%pE~uP1YI=u
zi6P1N^4hHDaQE&W+#&$iXG$3_v2B5ZS<o_89>gyPtj$U9BF|`c;4g@F<;=~~N#>cH
ze25K-PVius!^JEkg5w?g%kVRCLgJwXcR$%a*nd!jmJZW;1$4gCI;4XKqXVquJr4d(
z*Y;Z-TAmyGWARbZ2unS0*9c!g?v9m~0$&QO`3O9*=U7+2Rth=Fd7{8Q9I^hMV1c^)
zutNHcFi2NI5zci-yQ*~H{X99Of;<I}{HbcLEto9Q1#<|^@z?~quwub?KL;YXt+y9#
zy;G+}!xQs#5Yu8wWClg52=YS~qi~UlYT6cFRYA=v6i`(cT@W4-u%3B_D<i;)B!pne
zyCH$`V3v}S8sQ`L0JN+4v6boK?MP;ze(hROX{iKSGRkVBk!OL{hy^8q3{MB_CN88X
zZ5~T6BRw5sqS=0K>%)m$pb~XA-3mlEhJ**I3NMtFox90VaoH(OH8&2ev%REiYWP6@
z*X!tDCJ|j$gT{7lvh%crgv{m3mt9Nk**@oL{~{jC#yLdD(bW2XOBee5Ia`l1qNh4m
zd7<M|&<o9#W&r@irI0DTpXR1_@jq<%WOAsZ;m^Tmgz8}=az<^?-+(vyUN|1n$8oKX
zQ|~PDuI1U4*bgNb6Z7-5N-v&w>86}3BbsXFg*46+pAiNqCzs;s&V>9Mu){At?Fari
zS1bPzi^&6me$8?Z^7oVkaco4#6qKsiRC5})F#4Z~(mVF#_2mRn?W698j62Tg`cT$u
zBm5@=rcpxaK8NrB@jB3O1uH?>DIjEG$|$pPj<r1YB|w{Us#x&OojYUYcbsD$Jiqbt
zTqa)yUeeDC&}<*^Kfre&Oi45twEK5_hgSuh1f)yLFiFLl#lIp)AOxd4g7)ywh!BAm
zaB_G_t_}Y_t^e;q){h_lJM#K3{LnbrbOFWDr#gDILgwB53WuJv6_58Ubfhn!zcF7o
zeE7L?v_pyn-k;{dQQD(n&y_P%fBa7e(oS4^0O4f)K}L%uKQ7=u0O5b(vVP_Vc!U4>
zS6$;J6KyL;?U(BPR%blX=&hRDnPN6Dw=m{eSAC{guH~eVZXaiVajad1Vs2g7>q?iG
zewO{wNERo@tW@wL!<Oli@+Ku=C{e4jCSOlHeUho>#7(H&+7qFF<wc#a&Qxr&TIp4M
zt>oogpP7c%oSk=9*!^cZ-xIb&2K`}c%JfL3*dgn8y)^PYi`3r5*s*dBKLXqBTYOEr
zw6^JmvgoZnWxf65IY{!kzeT>*>6rX3m@*xzEKF`pzc3ywPo#2#_bW?od6u&$0;rME
z(Y^PX=ATytWubp=$NXG20d-=1yLTy<8)gRuH3`;O<@#YYf9VM-=}S|5L*L1=tKA=L
zCHULvu!HfLfm1zo;Z8u0(x3YjN@@!?;e+fmMab7d>&0pPdb;G!Os4YQ)l5Rbmn@L&
z9K}dl&g5^zWlFrnda>nK2ATGzVks$;G3xLJ-K3NZ3yHhCr6$jzd;iD17GB})pO#;s
zeBpi3kWO!n1bglgaR8(aeR7j+=S148M>b0a@rdDQsH^9pcTpHLd|)}w7$Ia6Qr*Md
zTh<VDHXuB5dq{U|n((9fYW9-(?oAuE+SF$Watt{(2XRU$zoIFk8az1umdDp^#j1wT
z#Q5yUW}7AZj!fBEzEqY{&YqIe@2xfX@QK>&;Whb}eo^%E4Tp@f7B0z(krS0dMRUj_
z;?|ve`1|BJZbQdcrgjR;mOZqnwZ=#@n?nYP!96|kIkSsWtSToq&SsEHeJycO`%T2e
z$LIlLOVgrL`R`^TC!+0`=c83Wa#b!-w>XonJl#AsMs4kAr_OWB@4I-fr&3t0jXGc<
zE=`tS<d;@vaWz#d3H-)?V&1yXGMm%VW3uwHewR-V)8Os;l!4g1O)9cy%2X$7XU6%t
zUMj6X$imwCIMjMxeq7>A))PMCO;0gJsONp6Tl37sG=X=!#0%ZTo=P?_%8yU<w?#wq
zrSh5DRBK?`rMfP<tJNVyXV5tOV>lJsSR0>+#`vKIrugO*-S{P|=?@H?wY5|qWq5UC
z`+>?4pXxDBITtgd*)~%^mMY&k?SV?!%<=3bmjKk-dh@TS)x_BtjCD^3+RhB+cIeyA
z22*((Om*5y*R}QXGM8q!xVXqnFfK|_?@e27{Y7?i)LJyD)7m3)w?u&eS;}M~$6%C3
zeda*O-)))M!q39ZGPh{*@7k?$o*I2btD*KB+uSwp<3h^eIPx^=qU9>%EXN-Ee2fqm
zIjJ{&JY03FMsw=*+1-*e)O}Nyt$UTz|Bhx;<Z9tfv$Km3l229|5%!NNSB<|YdQTiT
zS-n@-ym)Vr^IXWA+5=UZ`!?y6)*6g~aJbr>qu#rE6%)^i-kk3j^h2zVO9(5ov2tbk
zk9Hg)$*F3bVx0Q+kqezwVr7L6)~`f&-V=_;8<WN;WG##OK1~K$O!o^4$CS!!Ei3J;
zn2n?viQXshO~yjtf-;wo(l+tsv(^twe9Wp}_<3$f>|61eeZX6@oGhVvsii4b>+F(^
zCKpCVD+<ZnXc$+f=eJDfvCWW1v8r0)t*XqtZFX|MlhoLyJC+JLI}Ww*=zKIkwOyj)
zw8xHAo3KZ_nA)uf_b4qhUz?R7Gd6E(`&3Lv@P$Lj{?dtbp`4}^{pkZEE8hbYN>)^y
z1#4jIJqt(%Ix*sX<(;vyg36my6T-<BrD>C?cEWL)(2T?j1n|`M$cAXa>9OPJ{`j2h
zj?MxR6H(<==^V%EX%o*bS~yiy9;+AJ$sXOy5>L;TZ9AMfms^)A)4a95r=d?Z#x`55
zyj9fW01LBL+4Hw4R@5b{R&9x4mFc|Zm!B#4bzZx+%xtv%Rr~3)XE{O?#nE-I!ogvu
zEnj3EtCDh#f#-V7Q<+@FoBbrT&fGalYhSKCP@@nnH6MmCb>bhIZG@j<@$mKQ9yEVu
z+&K;gR_=5OH)v6DmM3TB8>un0A|T}1WM5o5#ulO#B|I;{F0L@qt|2(zNU4b#dIU|y
z=(o_h`iWVoI@dL-6Db8Q%RGQI;KQ&pS4c>He58LcLZ^205wiu4zFu&o*=UymaH4Os
zwVHE@m*L|~tCO2o2FttZz7LJF$Z#_-vq{pAW+r(733~U(^~)Og&4wZ6@nn8#m#b2r
zHW01E^tj@A2RpA`)xK~Qulr&qkJ%J=Q%8b5SNAo<fM$S{%Tu$uz;b4&uq^j=b&~ts
z;pymn{ibD5<*Zs|Ey~DPGe%WS1SRn5B=xA%M#=WJwg{xA5+0@llR^@wtUPg1t88mk
z;g9^mVTB<GT6%fL;#>wZt0uwWQ<9*JPJ6U<*Ijz}P;S31vqk>1b2Q(l5%)J5-Ms1L
zBc}^Ce%Q5ARfSu@a<<KEcA~#V7DWUPPz6UU)5<wBQ{3X+pd5>N_io=arKcVTlpW=)
zXVgc==WMKsYieYXB3Wh)sdX4zRe#o;B~&N+Lt{i;dZtDy>6|JA$+2R0m=OKxLAcZK
zC5_6Swv~SFUH;hXrfhJqi*e(`8;8S^0YY-imdRbys=5G@{<P%mbljAQsVOo2+a(Uj
zPX+%l*5@kd!I|sZ+tu|*eLf=MIhIk?=;jf1gOJGyE^2&qNs@L&%8?^SdJ0yBGqduH
zKiMm1DhEJm+(@nA?w!J6dC01Q1)=UNW>i$KlQJ)<so^eElXz@|iBlIK9!Rwreg>z|
zlj7oXV_o4XMuKAAxJzZJf!?OA!42h-pEfb1@Z7vZ|1qA7`0Jh;n_-eo!2>iHxK2Xr
z$|X{Lll@|nA>$gUv#6CG((K={_4@$34n`%%sYqU2R(N~5vNK4<jJHV%Cb1glg$)gT
z+N!gST^st_X4)^d1}O<oD$l1OUFLCP5T6>bv#SytxkHKw-1;9*c^Jh~tEygGUpH><
zk4a|W9iCApG4&-7&}GjfX2T!i=F_CmEZXxv$7RbFqdBJOwC2g97#}|Rbw%ZA58G1p
zj!)%-WzwL$WlLH7wLjbEWb~uscXP%o@7joE;j+;cJ2U!y)~#{tadgUzz&ZaEwnvlw
zsxPmJoAiB+-O8U^{cv3sUqwVFE6z-0&bq7D8O-)g)}ZqJ;_lrOvhgZouC|pyMn-$@
zIXa8}(gJJ`=MXH^=M$_~ffM;=mx3+h6)Sx&zF1l9Unz7R0^kjsElvsdyCuiCHfO);
z@zWI3de1cr7W)GFsPv}yE9P9ZQ+^<8e(3=ylnq(e9$Q=tzzzd*r_SkT^kUjp$t<Hd
zo*h?>qL^`AZKv7XbpzfX;i-RgDi=?wm!7Mi&1QJ$%!n%I-Nxa=quJ>`#%plv*7FJs
zugu$RqBS3Z^heGnQ_T(cvBV@7cJ8wA{ox)FC;*CRRu;6StL86nHyPJ+MuTt})5ju-
z`JC+JtLna!i?(h$@D7r?k-G6-YFe~LxqJ*V<l<|b-JcTIy|NXY*nFP1=J`ZSPi<`M
z8cnvJ$tk;Tbw{5Cqwz?Po$$QTiN0(F&AL=$s)}-kM?~(NW6jrH`)a5IA!{7q2C0J3
zRt#odP*AYapWj3;Iwg$3%iTQ;%mWtN{r$5qlr}^`9PTkNPznV!<J4G}fky-g$p9vP
z?+A$POA-HbXH7rMXv!uPh#ax}b~mDI;<HV5cZl%@vmuYY7x%~Gul6BpX;6EHx>kq0
zHU94_!`2W#kH>pqq2Id1pPwBSee=#sx=M|^YHZuC@L`kn)Lff2>XI8tg<EDZSUc+=
zYudTT($aB$X)W=+2UsS@YS5_R5I?N|qXKV~jGMEkK}6MASGM#~rBt{(%w`*J@=|k|
zQJj=TiSOY3FIMAijdM*!y=LkvBJ)bT184mri;6^OYI*Uj21CJ6UiQSQdrk~Ca_4O?
zN(of$r_PGz4tod%&L)aFPx%O`PDj!oDiV5o#v|Bzcp10O1yv!zrQL7knK~Qnpljqd
zExVCD-MruATccbnOICnd0+-Q=P=6lnh%k27^FG%XD6G#q?!(T~(U3!uZM(zrtkk$-
z>Hyy=8$;){YvbB1&b+-hrhbTi?0f5~r1BoD^sr4T^v{tqNRMbp9<u)Q$WCYF@{j(N
z)aL<}l-Z%e5Q|!Yxv}%Ft{m#=zV&uJ@Fyfzde`9<tlcWtqE+WuIWlWAX`%jcg~EKh
z#;PrclxSP}FAk_Ql{MhRsY&ozq6>62`t8wqRNv?aZ!)2BSsdRo;y?6d;i@g4HJfvd
zS=e#lsmw{`#sC5DGMjLepBmPop5~e#sLV19Uvm0X`jZ599{;q7?k45w39*hNy~ahC
z?PhO&))W*Tm6f!yi|eV0)o<<q87HS=d%l(BOqKDi_@d@!6&L#1k@G&&CQa?kxj9)`
z3c6)oSNw(4atJa`7<9qeRXQ=#1i_W8nhLctw!dS_CjzUXcd~Pd*5}YK1Xwx>nJ7R}
z^RjEEjU~RN=9TOUn{4gOv%xbVKqIb<{9(BV-fcXUiwB%{r>MfKL2>$u37iu=B0wqb
zlUukx5c%da@HdkK54L0<)_W0b6P0_UiBq>4_ke!Be$PnZk^bn`!tnLu`Evfl{dcFE
z<*rP2N8j=1H%J8LgF=aNjyXukMj@p)Il*-E(OX~UtL>-V3^k^G!~UYIp?DTYY~>%{
zBP4XJ&tUS^NNmGE+KNqI4_WoISk7fc4_K)>z>2sV9${10hL*3|T;{SImrA+h==PG5
zw<y$SAZf2mfh<#nIZMMPuN4x0oRMQ+oXuVeuAL4g&y#KDnxD0mnM{1Ja;)-d@=Ae&
zD7k!Ikf1KpKfu=by}ji4(=gPn2?H56DoZyrJ>hLP-(35H*Q78WMtmZ#A_67C8UFb9
zUzGrLX!R|mtQUsN1*Nzj@A&xu6jpmK{J2HS<l#5>n>9-2s3ms`Y5VdOZUTgC#lHl)
zf22wjiqk*Rtp5`~eA5G~z{^C6gqnivRQ7D;4j~~G(eSFhDL=2P0onNTBXIH+`u=&5
zuFv^xps|_J^G~y63EWU*NLdp86Z^!6M@Fi__Oa=(KxF_$bq!F)aFZEyFZ3{FU?u_%
z`0m$(PgI`22RfF#xT75fdMzlq%$gW~eA*t%zt&%oMRlhdmGNETFvPqAF7~m02u1{m
zLb7w<y{*Xc;~yalx3IE$juJO0N+0N!pEDrV$y$M9p89X?oq1Hxd)x0bZ)8Xr$`A=f
zh7^_EV51Zn8e|rtq(ovXN^G_<q(YHG$ryzqlCg;rWyn|>%%qYe!+Blo{p|DH&;6`*
z);edMf6i&G``)I0eZQaK8s69YdSBF9s-V{ix1@#1hd>k>k5Mmt<T;u7Ob!G++#Bu6
zv*4viV9q_D7JMvS5J)P3Ff8s*{o2r~iK60d;;pRf|Im@%K|zwQv8P&UU7m{=j0(sa
zwURcIB1t6$0J{y-RO(4c71~%@uEX=W#KP*%aaza_Z7qOL_!2{@tWbj5df~za(cd|f
zMk!|!#PpmKeW0u`;N&JO{Yv9R7$VrS2OX<@>>yl!pyJ)LTQ~C{0rn|IX!Y-3A$%nH
zGH<$4<LEOgVGdOFD9^i;>%t?qnLd3FQa*bDCEZ|$0}h<_821;2la=qu2H8GyN~R`F
zap~yN>UXiCB<pq>PKne^YCH?VH?N0#g$l-A)cddJ<cwh(gF{pUQa%-Jq;wKU*$(LO
z02rUD;+iSylTDX@IfH&4dp=&6ozy;pqW@t@J@cFY=*(W!&TQZ_eI`*n0QvhTDXHv1
z!bp}`NJ%1XQ~7HvuV2SQIwiN-iz?bok1O!cAS?KMIrQU&R}`%ttmJ@%WbAM#M4LBH
z1ZT#M2mx*`P_PshqO*qoVOCS3oE>TAD0_}R=l0=CI5zswgQPZhJ?g6MvvZ9QBWkUr
z)MeGBz+zpB<AT`2`96j8g_M)fZ5a>1PZDzk{S<p1>B0GBrz!MRerfjKaG=7WvHyDg
zn;cqVdkxsm9Mabe0!er=1?ja{QU;?wa|-!9DUAZq*F+o<e4Q%9Pb8g!B_(DDPRv1S
z43BT=0+HXPi9khJISOXkVW@OL(L&Oo=VLrGJ4y-*_n>^~0NYMa9ewCn6qRPVzNYCU
zSPH94-W?U>oabM(z2E!0PKdZ10(YH*zD!Tlg**9uu%UP{3@G?)alv^iU#f}?xwWH%
z1cV1F&;qPa_iCl2v=<RlOQ|0*q3D;5pGBV;031G7FJhK!K<UWEWmQjMsx8Bib$_7A
z+?8aZBB?l1Kss^ydyl+6Hv3lB+<G{f8s@cIx|Oya^_&A7j!%mPzZG@{LRVwqd{TTf
zqF{H!cv;`BU9b2Cgw*u8_z)7?G;-+~$EqGL%|h9P<h0ul!qYLR*3X8oD;oyKZu!@$
z@y*mtjYm2%nubG~v2ZlJ$*RXo3S7~&lEST~HrL3Xf0j}<B4FdjV2FT;RW-YN!6^d!
zdw%w(SJ+@s*L=b#=nspkUX80<NSP*t{h;nhKwuL@Auqg}F@2P|XkG3>KyNgW>0RWY
zqgwZJAoqMV7nV)K<{i8p=f*n3?qm+$K{`IX4tn!ml%uMSJ&>c#MsAz;kjiXWX}B-6
z6Y7(HN@ZhOHBxlKU!xZ58}Sv{tQU;E$w)N4;I%CzBxLsXlD7;a<7<z1@m7}!*<H67
z?_;AvcOdom0ePv{U#ko5u|SKFz{(EQ9SYG)_kx=zwR7roTRHKRP`gCk(z1G0aNz>7
zlY8Ndj10m9?18z{dP1y}J)zU+`+xJ5QZpd)XB1TQz28sYxOvInR3og(An*5kpb^Co
zFL&$F<F!!O%fsDa%Tck(&UK)al<m0e_XP`XLUv#H<|G`%CKM;JM?`s`#M5>gd37)F
zs=Dy~Yv1e3I#7Y${r3FkpD*@FW9;fXG_<^eBRBCbCt@U4Q(TCU7KOBc(ppe|^=#CA
z1B7O`_+_p+)+vu_rna`;toB$m5&v5JCf|ma>w9zXEn+SvD%n!k7o&J@+Okoo`GrHg
z^te_2lT;p~nMqL^V!>_l8kj(1r11V3Jt0jiiV?OD>5!t85-x|Z%j7-zaO0`WzJ?As
z_tBYn{!XP$o9#}K5Poj4Wby&pIy%;noVnoC`6;pFCHwwl6@A&9qx$1TwRXOtIGg#v
zytB(cq1nRk0qt~$a22LEeAJr)t38rmN4_KtH#dJtjrT5OB~2@fC>wa}QW8IT(rfQM
zyLQlz>bchuBGNy+_8;XXht}=dd5?D-(dQa=i|z!+F!kqstRwwChOJRlojL8vDc4|X
zl#^z`C6ccN&wo)-pHAuTZl9+SLf}a6tJKy7Go@y>Jb7HoQO3gbO`sh!c?xVhojP5A
ze3Qb;qIz0Adyb%)EEn`QcIt?gbD$<BjEpma!Rrv#Iv)$CbDeXr{m2owz4ru#Qc!T;
z5tY#N;%)?C`}F_qXCX$RlX3kGE!O?lI+KD{8qcM0`o@Ul8XFG~9JlR1o!^R?8wTH6
zllpJ@Lm_|hhvbKKYUdl$Kz;#gk{Y^q&K2;web6qYMmXv0qC+IwCrm0j!1v8=wX)GP
z%BVkTED8#RD=#aiHWH=EyGJKR@g7hkHdptk`{Sc7&gH3ELa4ci{~3S+s@smAf3ad_
zz~J&aUOxy#@-O$qDQTIm2#x)VcJ9_?tnUiAauZ=U{rFPR`#%<h{$HlC^Z5VU5j0cZ
zG8bJ?Gb6whGlZE1%&5K7EN~On3ca+0plW#arFZ*0Pnj8hY0`!~!{ByqaS=uOciXwd
zZ7<Tlp_!(3^nl@}0com7_s6B(_iL<TXKVX`nzfd$Zv38I4c|?GUMB4<P)r{@*sr3M
zrs{5G)6u1sQ?tbV2RHM5|N7g^uN_<(bkd4BaKMc!x%9t49=Auve;Z1wozE%g1kw2d
zhw~){KzNLt4Cl8&O%#h26ZdIt(OVzi@S#mey4t__ZNIdzD|qKxkKYD*)1s7m_3A<4
ze_;LT25)l0=i*GE=~3nq>iuiz;6c&k=97~S|8dE1Rjk&vV(XblFa54k8lU!WejDKF
zP^dl|0m*%uhxpV6kM$Rf7awnBJ7r4vwqDwX0ebm6_ZiB9xsS2w;P!8RTWfTqiSgLv
znurw;LsS;!U7VU!b8N-F56zphN~3H#{8+RDT0a);Uw)hYAB)y@QSe0*Pk_*9jjGwb
z|5v~9=jBn*I{Tm4bAz{fVmFCPM(rMShwc<EWgXN<N7mHTOgyKk;9UsgEN-U+sqo%w
zU7%mw?bF*4E>JMsB4U}NQ%Nlc$M>6Yd3A@fjs-Mcy6xD0oVv@k>HX$FE)&*Ylhqg_
z30H_^3JT1wpWPLiczO-44RMK*a|MjNX_6o{!&$GMoIgj1n01}3CHZwCcH`ZlHY3YQ
z;W3vTirj@ck6w1Xy~4ZJWO7F&!lK(PvN$m`w4EOeUl{QAXzP{IM+Mz2?1KGbL~6uI
z)5<Z92<Q&ow(j$$ocn!L(>6Lc@vbE=UL4%sd-5xw>hbVaB?@73n{fDVV@`!hPYUnK
zJTH8~9Wn=T`a*i9)o(lv65Xu8k3e&`YkEZ%_*KiWGJqdT35%gS{pik6RNc2?g+k@1
z0_632qvZ$L<~2OsAaEsv0$;nr=dCec2i5w|T1O#0a-QF`YCl`&Pp28+1qtE^O4Y9(
zpF2GwL~HB*W~BUdL;E3pdlmp*O@GcFakR8F1%_0fe?+PzEL&mvN+SsIi1ax~svuA|
zjNt^AoK9Bsn^MY?)&OC?GpR@damI87lP$@zL3$GKG$<Mx|6H<0;Zr|BAzkRzWH93i
z7RnyhG*B2Rhr&vtbj03{3#g3r*=?}=Qw$p*+3TgHWl7E^3_Pe}w>eHGU*2C~Ou_LJ
zr)KmI)Ax8}C?82LE!mn44Jk+oMib(ORyS?h6qGa=rm_y)5`uc+nMoInka(cbzeHlz
z23IKZ#OIO8oRsVxPea&;&##ZmatX(X-ZtqHBn_2zv_T6?)|q~JKU7FLFq}>#T_8Yz
zL8f3w%o;nWy|QdTTuI7&6t9J)M~b$e%*&1a9WiQDcJAl}3*v|qZl81+bLZI9$w>Ka
zA|&3=0X@iEx1bXR*TF!nU{G#HB9E~2AlmfPXyXf6yLRp8k8gW1*M&YhQc7Fi_ORW7
z%|NP0$bDX;nr$~?#0GeNi|N_=bIlsbQYM|4wf@apy@IjM`f9?`=5a=F$b?$?G-8TE
zMjbi$a^x;e@7LF?{HpS#Q**ZRcye?Jk2By!1*x=cdw`YFW)H}fZ^;Ib&ihfS35pgj
z8DpoOB?@Paddw@9b1T$t%|o<h@1y|<SyX$Z`n;OScJtG-($y3jRz~SlNx#`h-FFZ1
z*>C)@(7{o5Jpze`W}Eac1{nl^LOlk%h=%D8^vg|mB=NB&KOUDbcN_yOZG!~iAe<~+
zzT1INLE|+r!hrARz$``VvdqtsP62LRPefWt?QJ<v0>Fxnp$8J#BPWp+2`Q5SE0zM3
zTA859`rxF?mZZnw?@AdO>7KIW4flmujC{tlikToZz1+gkALm*o%zNlSFd7uiup=Co
z4NCtp1fxByq`d|KQOUe2^K@;W`MraO_%8ir{T1gRCtp15;lFk!?n%>%YS~uJ%Is~L
z(3?UFY`pL<R$*Jz3l`OO?IjwPny!qbku)gU|H-d1|IBO8r+lX^vl}b#&q|L)R^Tv(
zLt@&X{`32L1qTJ~lSUnyoSqdhPUIkxu3E;%Qy{qwXtW{dHv49LLtwjwUax;ung68y
zvn2&Pesmsat-3TlrBQN?+U{M;Yu_3`$)896{li|aT!a%k1<U(Z^UA$|XF#xTBPQ6b
z)UQm-iqGAqiNU^+e1m*)a-#b!SiL9fZ+P@;-M9e+NJo1fU!pZ47h)rwp;na@*}Kwq
z8LT+HcHQZ-KFUVRzj(vgH@=<-z3BzZX4I)|n>I0U=wC9n$BsSTM(|EvB!GNDfmdzQ
z6FxHr;utPnd)aYA&Ex9FiXC=`hcBF0?c5&T-EFAIC*8f4EXk=lgOQjEpNpojJHQYG
z)CUo5=w)K^cwd3n>#rKsn-w~#@ObXFxSqvDR~wTT93kDgp9l<aC8+=R?nz`fLH!H*
zdM#^j`^-HZdhejg?UNd803LCmj3)HMYxMMBp{FML5d~<@PWf^UD+hSVjFiLs>6IVq
z|D}9wC-Ps`@@>HdN5F_@lUVw(?<>xgovTp_#%6@xd%V0%_A~R+rQf6j;fZ%~GYHI+
zZ&wqZ(1~+cSaG!IkN;7U^EkgGIpLYu8mJCCpm%G!;thkMv2+t|8z@WwS5nx;%#OaU
zU<<U}#t3%6<G8Yx!j~q|-A|XR=n;aUMbXJo3cZp$KFc+VR8knNk{@zSkFX0+Ubka5
zzkMz9fBs+zPOvo{qzG+h@Z#hf_dhcBMBtu%NEeKeo*l`p5k{Q~6Y#LuGw_EO<b#8j
zeLPC)5>)ExqVVba+s8iMqsG^MFF&o>%I=r-cU7FmI-U9>+Ezn1WRHEw+BxHFLTpo&
zWB09bXuZF2v;8lq>j&u8@2%US_0S{FHcTASN>x#Hxqr!$kK<<r&S_chGj;s&Yxl2A
ztSvcuvh0yd?6URiEI%%_e^kvX(Dr@<v#V;dR3G?dHb!6Dd5=opY2iq>>vHf!IGdm&
zY4K|j@^Yr-{ZNeMu274<9%w8>+1<|Ql(~_BmG$0}$F)*Z+pufbE~PTY=4}n`F=pZG
zyS=dw*7z^iTl-R#y|)b;c4Eu@lO7j?S;T>|lW>hI?IUG01KueVYWVDzX9xrena+VD
ze0lp&p7Pw?mN!5E)6r!$ld+4WC8GK8jA2i8dpkHdSnnRRjU5Ca?9is~v@G^LQsbtc
zp5B#v_jV9Kd7-_4X_B^ke6p(PX@;s&va*ga4#V}`1bnrxl>sd194{awlj$eWDxkSu
zx_7Vb<jIqXR4f=GgY%ntaYdc`wMFZa3+a<suyEl_NZ2`NwKZ~v;k8_`1*DJHay{{W
zr(E+IqCK7>iq39ZK1Y|-4_jX=)BZ41BhWq;rFWnb0h&^MxYp_P*)gs068a}lxrqww
zHaYv=B%t1is5qbJOT!@i`bc8t1NjH=N}_xMTv1LO;8js#MZ_jTDkN<#tQsyyJ^Aa$
zhbS7W^)lZ0rTvy&JG>ooYNOxT(G|c1f^wQ4W<4}2HB#McNP?H>@p$eRcPA$pBK4%Q
zz~`%WYTvQrC`2yMjre}HBZ)j>s-bZ37re~v223pD*Er`_uV3$FZn7B@jsvq*bj=Ci
zdzIAGMu10ak2`$(g2zeA(TU*Eil=vI+pU2DeBj)9_KLXz2B}Wy&svsy5df$nfx2_C
z+B|o6k)S=C?g(OvM++&67clnI{kwPDFwo6D{p^`D%)<`y*ag;gZ_(-Xv)174J;&hI
z)fvhg#f79e(k<05;}jQP9e5?J7<NK2A*A-_0{%bj*Cl;`kuT-uwgSXt;#j2fc`dt5
zHo*{kZJ6aigXbtZ#>UlJMYPLXHXp2n&num1(BmQO`XJab+kn@-zJ6Xzf;}9V5&?-3
z@d^_eM8nQ&paKqi-{tcc2Huv+2%iTJcG6IBSY@s84(V%u`Z1u$)N=Dz#&ZTfHOk7$
z@}_S#H+*0-*Yt(N;?CRw?M}<sX}d4(9v(ORzt=j-sLUAeWFnqJoBhU4O3&C>dMQ8W
z(W7utyC-i0;vR+7(KG(&S=q|fC%2~M;{y?9Ip#xdU48hlJ&*#|^b(2YCyEEemZQ&B
zb)(M?MsYJlmeWQ|+v3LM_J#M)D27$os1_iGu%V3>mi$7jJ{{99!nn*NsFS(=k|-AM
z8NAZkY&b6r#-9K1q01Rd^O-aErNp;V@>yA$y=w=bu?5?B5-5zpEI-C`S67dTU#D~t
z=RP6X+w*MRDO75*MU}_?U`yEF$We$kIeg+s`^L462B?}Hd+|3Hz&-!wLFEKsW%@ft
zAYsgmjLf@kehvUr0p@#3QY%jRS5q2c0%1H|6|hA_0-O1AnzXSxa|A`%SmtrzaqDGf
zZsuB}3=?_yf{UiUeh5t;pxHyP`+1MjPjyZ$Uaq^Rugb7t5sD*6j+AM1=nPS?n9T`#
z!{~3!<NjrRnQiBLG<n#h2n$n9y=v{e#U>u6!>SLxshTo-KR<sxQx543Y)tK=2kQC$
z-)b6tx^Sosu7JWo;hQ&E>;)v;eRQ8`$4p09`6ltL4EtHQu>ZG_Wus~V)yr845j;Zd
z+KPhFA&M;|QBkDjI+ISVBd6NmE?(EOXc!T}Rq9f9r{>EZ@}@-J>&R|`iQnpGcGWJx
zx^_<L3PUBHHp@lFdueFYB`Ri8*A}MB%Q!q5%QN0r{p$bCSO(oARdEsNZ{|WB&>9iG
zoumf`WzM8sM%I>|%rVuAxhFbvfbJ?>9%EzUP<>b14f8u&&uhVeI64ZEb|;J(iPU-y
zLDY-8u`<5-!@I}3;D*f3Z?2?NV}`W`N0iy>$S*C#&Kc4De|T#GJM)}o{Iv7kd&g|u
z0KEB}`y=M{=#-?2t$Eg@U4!X$S7p>UQrA5gREFgAgZxhI+h6C6hw_kf?jBVIb~ZAY
z|3p9WJKC+Z<+i~D%V;!`w19aSbTRq-x`;73BGiq<K%V<>2D}qxUWN~!y69AcrfmvK
zO0KdvA2U9N##|z3Y{Z(88#7?be$BnUIT0_b2huw#n?ng}ftQyPJ<Qrqnr_)p`vgUJ
zvE|q-ZrCPW4HJ$4KZHS}R!I53;81KhBhd)cBPvOp@<<P0=x6ii>Pc^Bu))&JnYDAk
zMj|m8=!AHl4A3TTR3h}~)~{bb^Y8R1HDy`T7B8odTom)ENZta!oJKzf$)zD0FEU5n
zqGl5bFp&P4-`}dqs5y)wol0xue)5dUYHHVL-uVQw?#ei5piqWI>)7QTA&jJLYcE$F
zq}sIq!1GJWI+0@RBmHK&cOJQI@qp#GpRXvgR`S_8VbUbhgSLW7qo%Y8`5e53g--Ca
zCxuUw>t7@)D6gp42Tx!7-NqL8q6{)O`(_kBIgoqqSbFBXP`nc(S2r_G79l0oV`&k$
z{CcurIE!0ot#CHVKYn!PcBaM07|JM4iaYh_523*{D@5Dwm!?gfG6K8EnWK)R?~-lO
zBI3yEneOg7JVQ9MWARR7nFqqURH@X`jJ1YJ>dgaV)Ft76)d7bl<AiZs^jZwZeb<r6
z*`#ly68teVENUqeW-sF2vVWgAc`{QshcXd|T5QI9HJOda#5&3eMGT~}X0|d1d<Imi
z+pZ@Q5@s{8L9*n>uLmtCRKSYvA*5XN>h^kaAvA$Rzdq0Jos1#EM#{^8?`Lvy#dPJx
zHfp7+YK1eADYRe=GM0x%S+fZfCM>9YHcD2S4DwGD-)RO{qd@bFsB5%Me*U6t!l6ZF
zPj(X&=rTa8p<+9k1T3qI8tqIfh^i?b8X7@~csgBt><X3A-xL5iF3D6JPC4>MmX)9A
zny4G+oUKNauYwF_IB_a)EVI8ecNrWnuZau^xhmI&@XHk`G-82STuJPjLT2W6JUc@P
zRZS^RqQi6rEx=7qA_YO}KZNEr5h}xSl~S`B@Su7RI&m@(ktTGRrx=hfLk3sYZNLyo
zpIOVSi7DlWu>Aua9)^U^r!Mjatui7~@zK=h0*3iG7pD;8_v1~8sIE~mt$&fXK&&pv
z#!DMVjKx!8CD}^mhH2Z_*eI&$uQPb!y$T2J<m|ltY2w<BroN%14!R&{i(c0bGBmu&
zY(MF1QFL63#u`gD6c_)3kuf5_L?_tbijZq0iwY!-8Kg|{iHQw^#wXD$*_SiBpWYuC
zPEQ%S73%tkOdOngZXmmn9an$-`a{bX>>4<a2yX@{SDN}pS5?MZ%e?|Sk+T7khEF^3
z!Dx@6-LPr(sq;Nb@!Lg__k`QMKJ-4xbRnhmFyo%;tvYnzA~<O=Qj7q5V8a1Y&&bwJ
zyC2rV=TWWwq<h=$JX({9!@JL*ChkD=g!q|Rk!EI(hxLs1kNl&=kk@UD=IzykTkr&q
z1oXj09k4E?ypcq~6DChSIp>y!c!`9B0bn3B+^)nP9k>={%nj4d;n?^8HucPc864*I
zv9a?u__@!US6*E$Mp@wtke+s;y2;WID(GSlv7BNf!Nv0P^P_9hhYlXBKv%6rvj8S~
zP;_r9BR<xyZ6qUF3Q{@_A3hv{LK^inAIw|c`8Aw&U8>uijWVV(l8L+A7F)IG?Ss~i
zj*e*Q4dJRN7}9#P^WHe%6YO1Fe0&|5Y!3rrC!JL`DZVxOk&GDo#<-V!!{OKmHlm2L
zVvl~+oo^(eUAfhJ*gd+rx~3)~J<?K1=@P}~G<<P0%@%IcxQcwwh;lWVgOoNvo%z-T
z=`xU-_$UbjiDfB4I^<=FGdC>0N$Z}|3E%L-w#J?KD2D00<PZ_^7ve=nZo4f<3RIw*
zmexA1H=~X>?AS4WO~T+h=oOto`jyiv17cV~vd@(zSD&#QszwVn`Ns`{${ynEiZHt}
zyU(&y>8Ay|53|jZxqwMsV*K06l5M)_0jgJc$Gj<f&l42upcu_DwL3n|#G@c3o5SIX
zx5O6%K6ShDG4$F#hEFniyu$ucQi(glCH)*6dvm}flA%r@Lm0z0*Yb3q@LKY%fyP6f
zo+SI=A}XjQ)_u<(Gs^bMT5uIE`>O@dZ*+v3G7QUOYrQoEeU-BhI}N1tO3)x?Ht@^Z
zCxCA2H*SpLQbQn;Hs&Ixnq#K1>myGl9?C?hDxjS^hFNSmeW>)h0P|>r@I{07T7<je
zJ0dhLy(=r5e>IdCkZ0j)e90(CUFCU<F)iq~$nZj*Ci=k=%C>JFB`K3c0{hun4{h3{
z$+ZtZotP4uL^q?Yl#8G9vE>EK#Ji*NWNl@`7J8f7y<wagWzwSkJEqNK9T415?$P6b
zeXYw9(-O}zyB3b)9lY9i7i<6xixQ$=VkTtMCn6EIb7R7+MUhQ#QdqALl4KcQNIQDP
zjbF<!^o_^|GC1i0G6gUPA&<DYxXw5~;s#N61BO++h;M0(zMrviINBWt9)1jek)*cQ
zkjp?aTf^X2Zv-Gk;|~{O8J~k4-|F#v<@eesHzEwwGS<RAY1y&k?sw`fhzBURPj_{-
z;`noaFQ=ugp-kurkj6I6Qc>?s$c#r+oi;RnW@>={uDS^?Uc4ASZP}!IpoZO~vykTV
zns?{Q6mmP9pJBUaaGj_&W7yq*tvW9|I(@cCB0M;hh(}OVK<Y(h-s+M=<}F6N-Z^T^
z#7UEE<EH<{vD@u&&U~1r6Q+$R$}vrPIypH3J2oM@b|QCUqk4|py<5B!%AF9Ou8UhF
z7L`dg?4^ZC!YP`}cL5s|0S#b92xu&(&-z^KNBkwJF;PwXs9oecE72<C3|}OBhs_n$
z>CvimQ*VFW-WNZ<|C$<2)-7h5XH|$}rlw>PN^`c%-C_m08e;9+ymg-``3IHeZqT##
zG<PUUY4m+;Eq-*}mMt!*Af+vf!PP5Ffocq1m%Gorsc3`BOpX?2U#17ty)ozEDxNu=
zg2x=LR$zz8%@{I8$SHI07-!&-<)GX9_70oyMq?RwTwKuNLK{_|_Yb-x9lgxwwPRce
z!0A&W67C~5dADLt<@78UHBZ-`V?Ok=^Oum%&hPixrCx(QW7Z}ALKeD~kw;jT=@_rj
zurOwt?w+giDXOAN%$*-j^`}&7Bk#F2f$8VRnD|bem_08P6W{(hL&%~4<K$HUKJ06q
z7e&IsH?y*|+(W>YR>OVMc1$s5V3nn3!I)m7tzJJtd8;bpUY7$t$1JoQjyPmz45W2k
zhVO#91e`v-Bqqm(sy-(LbS6b9IvMcekVRn_18LM$KX5{rDR+fJh!%O@z<~p0;%dGD
zGQlHL<45)XysEcJ%(mu7#vQTXT&>%@*%?e%wRvz=dHD>Ipfmg+yw&pWUzfnf$}{P%
z_jYNV)7M>f4{WJaBXl_dS0pebWcB&;ejCz9MV3j(jQ4Z~T~g^Y#V{Kc(Ybf_Az3H`
zeGwyQsiLwPqr0=fp&og{b`l+3f_mz-7kPWFDQEh<_m6yuOv_W`Sw?z>pFeMcwbYpq
zw}SRmlsT>e;f(^u5k^$JqeGcC0GAlVa5Mi1T!YhDFXsor4lT8lhB_3RD(5Xjl2mV8
zxT{(hL-1T+`c&*U>3DN+dYP4&|KNf1nd}ly@T2p~+LD4RK$#iN&5(JH@YQ-SSydpm
zcK)Hpn+){`ZzPQ8Bt9)I{d32Twov4Xx$zTsZr(O6+fq3%ssF3j_s1DKa!8EJbaZrV
zug*H2T+syfkuz7#b#vV@W3Y&jof<$~BzZ<QU?qtw_@uSh_wb!9GUs}9HBo(hq`z0>
z()^9vm1V<C;X-WSr086DK_;a$@x*G>&?HtAC>)XWWljV3o%(37Sduq8>JCl?)Mn5=
zIIfU6GTbr6*XZ$QgZuNqdQ@~K1fp+qlRKi)Q8nm7)iinvsGT(oI#7T=YJic(I9l>f
zcC%8u7{z_X!vu7DIjUfT*#xZu{XeeSJI>&0qz%l=2>jsixQ)`*H>7##AZ`k|M;j<+
z7Wg9Qv8!NtZSOk<r$r~2*dr|mkVKj=6jb|ME-Wlu0Z3`n-W$tdQ8@eTa2c}KsL@)L
z@2F!UKPHL4m?d^b-#tH2AfLAn1{CKvIxv3cw|QqTM7KT)Cf{KN;YB<eO61|Iw{062
z^Pp?ec(ywjcxwj!A6DQ>IgZr<uA0ArAF{f$KzJnUz)d*yoM`dT+B)j1b=hxrCOVeW
zEc<rpa%r7ji%!PtHf?G~K$)G=wns;vzXwnSX}%s*C4d6Es^GOw7Qv0a2kNE%$(gQe
zn;sK0>m}!9laqCovR<W8XN?LCJwK!HJH8oI<YcHSy~dJQ5?}4+YVSYiKRRoz@o0}L
zC6^jZ`1Y-KK5gEcLH<Zga&rBysq}dB@N`bb)+x!}Tlo`->bp8*yp1@bw1FV4gRyrY
zL2W#U&ATV(N3szo7i}hb#mikGW?#Q~a~kLrseEx^VW6{8E>f>DvZQm;i!U^itlzLf
zqhG(9TG#wYX6S$4$Uc<!t_*f|bGuH7M3NqY!>n*4z0{BVb3K$QX~F_Fir3Bh$cMT=
zKD&*iN2Hro(q+IT6gv>~tLOl|xO1c}QQBoNUlM5<tc<Hj19W=9_$>moSxi$zpE~!`
zZrpe<;G*%idxM9Sm@lq=Hx-APMBf5cyQjQ^;h;geMDdHZ_yErlJvSiyKVZ34V{pZe
zVH7huf_w=U$~J@IG^2txm}-am#NkSX7>g)iA`t=>tPt$E_~}y-S-T%MqaL>=nMy2<
zt_k>(>Gv;QF=HZcAfP4#-HEVDDPYE+35zix6j~V-)fITAkRTxc{(YsEEeG!%@}~@s
ztP}7N1Cd9NAd@PIPPDMnAQ2jL>zXgDvU$7pQLiJOkyeOnyaa&(8luqCi7Ck8Y?~*V
zs2~pWbY2Pez|!U?&TH>eQL>k9N*fX4I&WFv%Po<_SYtuzDxT-$Am_oBI+FtquF#KT
zVV^#KKAiX>Z%Tf*b72-X?*PV#o8oa+_Ptz8JLv5cBgt|H8qA+215o+SO@A)vw0YDn
zbf;l?q3HAs21_&+S8_V`NY;Az^5*N-C0mN?1lR;)E5WtN3^>ZtPA03e`o}ggp%?*o
zctnJ;Ph4Umc;FyFfbMs`8R@E57$!9f78vA$zrQGcv!*LbmIehT)ZX_0R;k`~v>X8n
zE<N!G-I0_@tt|aL=gu#wfIa;ng9yEnn4QF|t8MGozAB)mRI3a<i|T_*02$q%P?eLD
z)A!CdMw6tCSV@3e#LnW8lv}mBjJtSWSs8^w1oKgK(baNKx{)OV#2J4<PJEKto=$(x
z2?q9?Id9%P>$g28#B~M>(jeADpmG5scu{eOt@zB0NV5w{)2VM=2ODpT5hU|5$HhRK
zL9w_l4<$Z<7(~tzWwS;C;PHTCy5(<s<n*7)CjdV<&sBhYoWiOf<&#C<zxlE8qrfok
z-n}csZYd~VIyfV^P1B|u?dxp*^Unrs;eL(?)8$TbxtUKa1r6M)Z;4i)U@VC(DW7vz
z=q2uHzkgF(2``UbOwzkx(IS*!x{;!;BBH5)wdsU&2@6xjo?l`9Fo*HP@~=xt)TmcP
z*c=og8pB_I^}^PwY&?#VVF2aBn9z5M#wSdImdzgUZW*$uU)v3IZwLPt2{Gjk9Rk3a
zz^LS!5=cu(5Mv!SgveGv8?;X{7d%`=Xl((rB;f2Ab>H`OE`0y?E9G9%MurRW#Q(b=
z>_7@tlg}P;b2h+x@Y`!Z7ODt&6LOPE#N<DJ8hUFMXJQJI4lvzgky?|R^WouICp(5D
za(5-i|D{>8*|-+2s12E@wO{j$jYq&am^L`*ip>XCAKQ2*_K<_af^>a&L%Sl5zt!c?
zae%K87s`-3eDK7b?-Xyw%^1o^W`WE_hn?i!nV{|z1@+W7LxaOZTlj=OT4O~*6c5Hk
zyfI<oL|vkZD2w?H@9Y9Q^zcO!ML+||I|(lN@a_A)&G*>RLwi?`xqYXeRarq<)A_mU
z$!t&_`3b=E1}Q7gGiOwelF&91GDe~vPiP!Xz6?m|g>583Ge^{VMaj0EoOc0*B0eWr
zJ}doDJ=>x5!|TQ^T8J_==*TME%+`>QVJy4EzLfm6gF3O@&e%UNvc?7mr>%E?CyWtb
z*3Hcggn<UM0eXH%jg5?GYBF3{JRq~O@9Fb>BTK4gvGEVUQPYVRWy0pITU+5zO0d4K
zO6CMSc<|uhn4V+Cc)WHAJbC<ONoMdDa!`Tkd8^>Qj;7FoR}$cDXxCR)S4ISQQHi9G
zxBcaXOA)i)v?KhZ3TU$QLqCf_R?kXHs!NMAUfz>&@8VA2C<i1Z8Ie^Ya@-$I3o)(T
zD1Qf2%_ZKpW!In2z2@~hAu6_HB|LWIXZ)y{+&|;lmG2OY;Lt}%>Mrm-q_Tq330m^R
zXDykQ<i$uz<w$vP$rAsD<28cx;O&P2k_8b(yod7hw6Jh6;Rlq58N^C5$QB|&`>v7L
z%T#KFT4VPNj*0C0uhokWQ>}h)y{N6y*5_j!ic=0`=j8=cL%m7F3>o+anUobS3g=tI
zn?(;^S(gmx^F#x?lJ!>B)-n{B>XRV%Ot2im<xTRdO^pA;jo>t3>lkNeXUU_1`E+`J
zd#^upcxrfsF)#lN3(e}-qJ7N~Nrl9pK^2Y-9hq>UqD#=$wte=#U<fE$kP>GS3&!9=
z4Gj%v84ki2I#4^(1Ga%y;;Qmkhm3$zV%Mlu&36eW#W`Zcx6hsHK!^kDwl%!AXTUL~
zh+Wp7jwjcddNzcG$=mZ=J(;g7HCxc_(1G*R(zmD|Ag_UK{0F&zOH|^mA1eOxOJ@d2
z;F_hR?Qm>LCIm$2D2mi)dXRwk;EWLcoCIs5jEVN&#q{(ZcW$3-g!=AUTr;yBhv0V(
zI$kh^Nn&6T5M2tqG!r9B<hZ(SgC>QgrRHFv@o{m0zxAwl4cvsQR9&1j==V2s>PNJg
zR!JQ4iMq5lpbA&w88r}soM586JfH`u3s*eLuAT2cPD7*b>h$%s5s6?l49S`&qMEug
z#<-l|^%m%L?;#pV4`?t#i?t*8;fQf-_F+L~E<q=grDLNknxS*lbTC)MaM?#40-8&g
zFKaw>O6MhAjGC`5Ne%V&^+f@#5eXQP=*0;g4SHizBzLJ_zrH}sGNOTl=8Yv?w{auH
zZ&h}AAqSV6D;$rxx6kNp+7RAvMqQ{ZGeAYiCiSLYRG^<kN-<aHygoSX{2;N#1n%Dq
zE_BZ{7o4yAn20RqSP!?hR)jvz8>}S>7|ZtRZ?Q2QmRotbn@a4_qwRo2X@1Ji_2h3Z
zb25>(Y{?kZZQEM&U7x#;DEYpTcm#9f`~Fg+mv><hC8njPuZ2g8_y4}=b!QYi1?8s{
zBBc|Y+HC%@oM8G+Zo!ph_tz6!fg<wY^)j1Ue|Y<F2i+xw&z`Lz%>z`PMSLS%1nPry
zab$zmAjaISO`Ahzb(NKs!vHFP+E2ON+suc@FMjQy)4MkVDyHmw+pKZpy_9}2%u>Jr
z+!o3~n>KBTr?-Gd+YnQ6Ab<mhhZ=fnfI1dJNgS~l!K)=PY_Ck%<vnJ&xs4<RmdMQQ
z?$N#MuF*{UP3tl$3q5~cZDk000^@PDP{G!1quwer7TuLBA}7e0>bbG5uQ4L*Y7K?N
zO{-^4I??NQ?u$Oefa|s$=A2-n341x5V42pidR;97_5eb^ynCiSYtM2=6L_Ge6#!kR
zU9Suwh_NBe+K|a)_~vIo_@$)3so*b$=}=c7b~K=Z<pPo{RTiT3N-(amAOQp2^DlDJ
zxoBBY%R5&5p#{nWczLbD^V(X=Nz=}(F1jGRWBu`Ft$c1Zs9zs|%2nlRvu4do5u7Sy
zb_bwU%XaNDFyD}F1;{4*=yzrQyy0lExfh&YX3%4Fc;`Wb)M!GJDgfjN5Ty}^{|o~+
zB|^|$PIzht+isvm6=eDou6f<5fdxN1y#S*|ECB*lPqRlmTBV`uk3Jnsv@`$<PF*Ud
zi5eBa$rUA;#HwEyuvAJGo=*5eohA%HyLMH>J0(BkfH-xlCG?x&<TRA?`sqc~7Q>|<
z4z^-)QBp`kLc-P;Ei>PuRJa9z8)i*ChHi&K-*45n?Qle_ah=cUO}={N$|{zKQ@&jz
z>|@-U4INLaHQFiXiv(LCv*|=kZyX7azVZf=b|*3};w6SN@6ym#R#CZ1@k=HKlXW+e
zLX&I($U+5M-@Z0Q@M^D4{~cbv#r>S6v$ncMi`<3D8bQ5L;3|Lr{$g%!5Xdth^(T3#
zV9l5dW@Tqi2-r_#2UzRkozm#Qw$MM$V!q5ybVN_us@#j}O@Nv)gpPg=d5S=|)g1&d
z0mUZclxqhr_Z!8SCGQ?tCCn#QBjJz1OdqP7M)F8FJsbxmcvE2V;bR1@L}49%{awfB
zM)3#*1?5nyVZYgDyA9OSi(2sXGB}s&y$H$Ph7Hr~0ez<vOs*(0=D`d5yF=MPaXUn?
z3EIB!Gz~S!d|w;jWRQ`PuiMMBP$EO;FAw#LD%eUZuY$n9mI};D&$jQHY~A=`qwyOC
z#13&A)F<}2{?wB%bxG8kw9z@3Z!;{ST{jhT&B<U{MTLb57x`c*=KO>n3);<ap_gpy
z{vi*#Z#k)Tp2$L=BeEH6%RQ}u;h~|S&%S}`LniqX66IK=Af<*#q?But_F;m>m9Oeg
zKF*J6Xney>=H><k3o6Hpsl^uq8A}}rFhQ3nRP!$&DATj+d;6K`N7GimOag&e^H9CV
za^EQ%I+~YQ*$lB6cETK9ywVG(zTrHmS}&tWlVx`&)Gy`QQ#CMpJjv+(OD@a5pe??^
zO*8Afm4Y2;g~ES99^y}&7~z>kVgDDrDGn1-hz&17yc9C?>I`BQ(y3_9DY(I{PiqF5
zno?i>INjOVf|wxkeXk!cRvBth8#ePOhqbt*r2a*GE_h?Vnd#h7sOCdKY9hVQ^;d3W
z+Tquo#-R%y;iv+qENLDzd=@%|0ci8pYnPde-D{s7`l`pyqAQIKOx*P?)_f=Dz^0kG
zQf3=s@nYUgp(H0V5@XehAycG0RD=ak#k>8DIc)k6Y)?J|Hf9L>fwZR-j2$mwoN5Z-
z(S^zk(X8&QjF!~4>f~SWHzU!W$<?D6p^>U9brHh-eMB_qxvi#=EwszfH8)8=g+RnH
zC*z(?=IhJ+Ai;Yu{<nZh;R~Nx@U$*hf256>4X3xne8%TLs(D@^++jGqKE9cV+YoYF
zpz+iioFw4fE!0u7vLe1r2+g{>vPJsl?%@4}K*UmSAQuZV^IuMo*IcUYVR&VjZGuh!
zbH^i4%bl(PG&p1v)sXWPLj{RyV`HjpVw(ZBK!Ljw8L^k;xDL~DE|um<eK|sZQbWPR
zGkNpCXt2dbBu+fPK-A<b0w*wWheQ0${((LCzA!}~QV=dYh1rv~Pq#Y_dR_d#eMvig
zi42y4-8ME|k9>s~p2<<xp4Kdb_M}q>bsMB*XK&(GOrJkLhttYPqrC)bIMJs?MSn20
zDKRlo><HC!y!2IMvm>tkyd`-my&M8a+}kC@n!#_DL{REW4zX%*o1~N}WkM*;gaQ#G
z{ytR_7jiIUbb8P6$FguT+S8H^6^KYvVQazcZ>I3yWOq{`Y)ODgV#6Tv5U6&X;j7%w
zfXemjO6vOrok%)(8C<u{3k>G(5e_Aene)o7hkKiV7YSPrB&V2w7*`3Ia=UI5W`l%N
zW}de6<$jk(wm!BCi)t$hu5G%fnRDUM$CRvj_qrwx_3(8h(%?{aq|$h$pg^6SqYP)s
zrD-!B8TVEs^WfW`R8QMSM2CM&`Eq*U!zxQuiJt6G+pDE<|1yP8!i}QWudfq!Fs4*R
zE(qpUifWj?Zp!8y!}<zD6vT}qVdjSoaBBlckPj8bYkc}py2gUmYiJlvNW3@p6jdrN
zHoZ(bI`;c)BF^)x6;rB~>sOr&kNMA0{i*n|dxzk~nlD*W?eb^{@8@K;D*WNSlGJVO
zYj=JQE74DikNoY%8#f~A1B4u3%KX1O(T$c?4C`f|NcXPR+;M%AU+*3t^?c$@GM8_E
z>vAeSz6%4qAZ<uzTkQvpiNBN9b*?!dHkpd{YUrrMMVk^5s!n>0Zu0K}Nb<zz6Aea1
z?0J-*)7ga)47#OhDKX2t8;$aK;}Ymq%aq3+H23{gdl!?$9Ic4OCrh+5c#;D=iRX_e
zv5OeBQH4{We{M|gpxKnPU~(yprFQ1>Xy+TJv)i#$X2sj132uBrsTl6Lu~*oqx`wdo
z0?&O`HCFc<HBBce{`jFttI@&jYgJ3Wq&Ux;C!M)epjMWorEJfu4NLZpm}RC%DgDEX
zH^zJM#Sjy_a%KS6#vUBo<>=9){q*dTEPR%7qt5tLc87Y{!`Qe3gjKX#@3=fZ>hAQ)
zg+xH3d-pY@D1m1F-&`K+_*@G83^Sm1;cT;dRRc0r7cO(OGYbyye7ah1tYdI^m($e)
zs`N4&M>v>W|2Qt94(U)n-Ql{YY)dBgoODWyy9|E+exgCQ$@1_)lWSEE9=E!|e`QNG
zlM*6Ve%@K4la%n|-6}L|?<-qr?UWQ)tZ}DK$1X=#*iW1=VLCxBnI_z}ijy8Ul=m<1
zo^x&E?VQ1Wqat><J;XO>o~+QQl1FlRZvM*cl}p7@<JjdNhbjLv6f)@C!MMGD4Iy8*
zZq`nTy8ikKavkyabV+JMG1^>(zrVs_R?~3s*Vq65rk@L8yhJ#A2W_GZAy{4*ltZ4j
zmLP^$`2Ot^Zw#o6L0KJaZJl+}qsg9s*3Wn?$K%Yh>OM=#p7`Az<+Bf7Fj0|Aq~kug
zJno=S0Vvwd<h8}$3%+iac!}z=g7n<n3dh~gAvhO<xXXaC(6G|1_$9=BREL8g@wq%!
zQP7E4To3#7<Etcf0T?C*Lbyc)J$)$g?jbh^uPiPrlaY^e3Q|lI%)WooldPT>*-J3O
z-|B(iVCt<&h$fz2IzZeYtWJ=K1q?)KLwQq@WvV2?Eg>K|Kp^=OaleR($1f>LdWNTW
zP1NPZsP5qgd7nK*-4ba6GALwr?Mfm%l3*ER)QR+wA1m2AujZoJ4PHzpjt!QIBIa6Z
z08)(i@MwM!Lrmt;ox&OxLXdzC9XsZ^=g~zH+4H3j!GIuO)Iqc<NJ2%reE)tJ%&A$g
z%XE4h>Amgw_nA%-2LJuj^VKnVB!O+1W(W6aJ=rY96iSkvEIav0mwsm>&xQ+VkHKIZ
zB$-;1Qx2R$gti8f80e~aSz#&gthN9NJX|^;Os>f{h$MpV(Ksm>C023biCK+FUoGPc
z!0!ziQ^>>Z;}a#(1>UF&?O+r9>wCu?5sY3newxpp1RjzqD~ygbB^-2%OGwy{lc&_N
z5b)6Y!e-I|XZ9Au+aBnfm^*`~$Uo(37n4&yf6o7O<XRJV)!hT)1b|eD*mb*yg80Kb
z5w1Fpi+5*S#ccAtRTQVUx*sLUSd(J|^F;<rDhwGq)Cgc-AWkwIwn;F2LBC8=C=Qe6
ztjAO;V4bcLmDLDhGcEZ{e8I@R=Z7H}-_O9{fOmNjbgD>N>V*adq)54LKX56*h~f%d
zX7f(QmH;zikre<3(^69#v~9aX=lo_2AQ*`8hgWwtvfIIdffsQNp8&{RZ|<oB95Zo{
zqr*Rzs-nX#2CtG^?d4tHJV@9`h}<8T1)#Bpc0M>&(liJ=HV9~KrmJfveAx~33Q)Td
z1zi=bu?oZr6bwmRU0{4k+{22)Qe00m%1PZvFAo@$a^Jpv<&+Ug%BE18h7W@$Gv_Ea
zR#d!t_wIJe(g)_afgZ@pk<0I)@+Gx>R<?oVXq9igf^ftrY64#iZuE<yq9iI@!?j#N
z8|K|9I&Pu%qxOAZw+2mH_pHByas%lhdo|m8GewzJ<gr}bD_pobXGq&N_)&YBZ|ykH
z<T;m5Az*bWIt*@aARx}N9)AqToa&08QZ#nJ<{Tr8v~gF;$+yUxI^qDkUUK#D7){8I
z?=m3#`o|kse#UQpg3xi0S#fj%=+1qyn^1_0DqSLAu=NL1s9;7(caD?^v9toAuCe)B
zQwmW+HzQc0SkAfeqVy*s4Nj5Zpq0$65&i&NWA}ifWh&qiH1k}hYD@jB1$~~%<Sgl^
z(a#wJz79mRpVUjH#}YnqA{#erwx5L><NGv3O3F*C=8o9WXA~CgjMww#;Mu^F<y+Ht
z-ZdTg^#VLK?KZZ$3Fkp^ed+V)Flf;_@~k*GR<s!nL1#STV(Zyvcg8Z@;K!HGW+Kil
zjH!K(m=1T>N%JHI%o~eaCqO$f(0FGoSt(h4y*S_zsYr4X0{mcq2zbRNVUD?@<~-5Y
zj6{LM=RMFDQ0Uo5dJws&>o`sTMEj>-`Xem`R;$3vQZtd=XKCyZB?2I$kIj(Y+$~2V
zLpws5SqYv;tIvKCBkdR?7ipWVb7o;_6UMmq`?ic4!-|q|ySSQyxJv3vXjzIC8fIb9
zN?jeGb=esfY3K9A6DRg@A0H+A1ata|eUa?f;EG`y%${v?iLm&OAiy{s*CY))*aeCz
ztEg*xl|3;5TO(8M0Ez~Vdo|yT(3a|Q5q(8MXWcZmz82;m7OS-C@UtsGYp{S<h9~aF
zNu-55UyHh01s%px_JBiv#{au1pT)*DUxA&LTg1<kNwGpl%E}6$BBo}QKK#xY-wrXZ
z<aK2+@T^sO+T%`s0aapFY6EV=jS3?~PsoF2P_(D>qe1)j?RnBvx8vv2<bULTGRc#o
zl29o?cI`;Oq<~3=(fF5N1kHo&s+C=N+BI*D7<5)p31dLzVa$XH?XcBLi}H5=)>TDf
zfBA}7M$*r|p4y9>`$6HPFKHvIoXgA)4vPXE3&O>RZGN#`Zx^+_pQaaOky%h291GPA
zErSfOcwA-Hg}G6HGaPn<phZ;2_7T^o)$OUkJ>sr!r7Q#ExXxg5kWJ~G#+j9SCYPtR
z$5gH00M&sIvP=lcxQF}%x3*BRvnz~ZV`E=};mQ7!SAO|cTPEmF(^EqD0?>^Iu^;I1
zXdTcbaq>l&2jG8O$%t_Zf$wUL*dH3gpepLc&Uk+&EacK}MVCg6ci$mxO0D{DT7^#1
zUtd1;H~q(*QQB&4M-Ke=SN~Cs&Hw&qN}2iqL4W^^W?snuyWe!`d!r^@W8Y1?>+?hA
P-pYLRuwz4}|M5Qn<BcNB

diff --git a/docs/src/understand/federation/img/federation-flow.txt b/docs/src/understand/federation/img/federation-flow.txt
index e4723c11cb..c9c4be4bd2 100644
--- a/docs/src/understand/federation/img/federation-flow.txt
+++ b/docs/src/understand/federation/img/federation-flow.txt
@@ -1,10 +1,19 @@
 title: Federator to Ingress/Federator Flow
 
-Brig @infra.a.com -> Federator @infra.a.com: (domain="b.com", component="brig", handle="alice")
+Brig @infra.a.com -> Federator @infra.a.com: federated request
+
+note:
+- `/rpc/b.com/brig/get-user-by-handle`
+- `{"handle": "alice"}`
+
+
+Federator @infra.a.com -> DNS Resolver: DNS lookup
+
+note:
+`SRV _wire-server-federator._tcp.b.com`
 
-Federator @infra.a.com -> DNS Resolver: DNS query: (service: "wire-server-federator", proto: "tcp", name: "b.com")
 
-DNS Resolver -> Federator @infra.a.com: DNS response: (target: "infra.b.com")
+DNS Resolver -> Federator @infra.a.com: DNS response: `infra.b.com`
 
 Federator @infra.a.com -> Ingress @infra.b.com: mTLS session establishment
 
@@ -15,36 +24,52 @@ Ingress @infra.b.com -> Federator @infra.a.com: mTLS session establishment respo
 
 note: The channel between infra.a.com and infra.b.com is now encrypted and mutually authenticated.
 
-Federator @infra.a.com -> Ingress @infra.b.com: (originDomain="a.com", component="brig", path="get-user-by-handle", body="alice")
+Federator @infra.a.com -> Ingress @infra.b.com : request
+
+note:
+- `Wire-Origin-Domain: a.com`
+- `/federation/brig/get-user-by-handle`
 
 //group: TLS-secured backend-internal channel
 
-Ingress @infra.b.com -> Federator @infra.b.com: (domain= "a.com", client_cert="<infra.a.com client cert>",  component="brig", path="get-user-by-handle", body="alice")
+Ingress @infra.b.com -> Federator @infra.b.com: request + cert
+
+note:
+- `X-SSL-Certificate: <authenticated client cert for infra.a.com>`
 
 
 //end
 
-Federator @infra.b.com -> DNS Resolver: DNS query: (service: "wire-server-federator", proto: "tcp", name: "a.com")
+Federator @infra.b.com -> DNS Resolver: DNS query
 
-DNS Resolver -> Federator @infra.b.com: DNS response: (target: "infra.a.com")
+note:
+`SRV _wire-server-federator._tcp.a.com`
 
-//group: TLS-secured backend-internal channel
+DNS Resolver -> Federator @infra.b.com: DNS response: `infra.a.com`
 
-note: Check that the content of the _target_ field in the DNS response is one of the SANs in the client cert and that the content of the _domain_ field is on the allow list.
+//group: TLS-secured backend-internal channel
 
-Federator @infra.b.com -> Brig @infra.b.com: (originDomain= "a.com", component="brig", path="federation/get-user-by-handle" handle="alice")
+note:
+Check that
+- that the `infra.a.com` is listed as one of SANs in the client cert
+- `a.com` is in the allow list
 
+Federator @infra.b.com -> Brig @infra.b.com: request
 
-note: Perform per-request authorization.
+note:
+- `Wire-Origin-Domain: a.com`
+- `/federation/get-user-by-handle`
+- `{"handle": "alice"}`
 
-Brig @infra.b.com -> Federator @infra.b.com: (UserProfile(Alice))
+note: Brig perform per-request authorization.
 
-Federator @infra.b.com -> Ingress @infra.b.com: (UserProfile(Alice))
+Brig @infra.b.com -> Federator @infra.b.com: response: alice's user profile
 
+Federator @infra.b.com -> Ingress @infra.b.com:  response: alice's user profile
 //end
 
-Ingress @infra.b.com -> Federator @infra.a.com: (UserProfile(Alice))
+Ingress @infra.b.com -> Federator @infra.a.com:  response: alice's user profile
 
 note: Via the encrypted, mutually authenticated channel.
 
-Federator @infra.a.com -> Brig @infra.a.com: (UserProfile(Alice))
+Federator @infra.a.com -> Brig @infra.a.com:  response: alice's user profile
diff --git a/docs/src/understand/federation/index.md b/docs/src/understand/federation/index.md
index 48e78ea649..a1dc6b6cfa 100644
--- a/docs/src/understand/federation/index.md
+++ b/docs/src/understand/federation/index.md
@@ -2,23 +2,29 @@
 
 # Wire Federation
 
-Wire Federation, once implemented, aims to allow multiple Wire-server {ref}`backends <glossary_backend>` to federate with each other. That means that a user 1 registered on backend A and a user 2 registered on backend B should be able to interact with each other as if they belonged to the same backend.
+Wire Federation aims to allow multiple Wire-server
+{ref}`backends <glossary_backend>` to federate with each other: Users on on
+different backends are be able to interact with each other as if they
+are on the the same backend.
 
-```{note}
-Federation is as of January 2022 still work in progress, since the implementation of federation is ongoing, and certain design decision are still subject to change. Where possible documentation will indicate the state of implementation.
+Federated backends are be able to identify, discover and authenticate
+one-another using the domain names under which they are reachable via the
+network. To enable federation, administrators of a Wire backend can decide to
+either specifically list the backends that they want to federate with, or to
+allow federation with all Wire backends reachable from the network. See
+{ref}`configure-federation`.
 
-Some sections of the documentation are still incomplete (indicated with a 'TODO' comment). Check back later for updates.
+```{note}
+The Federation development is work in progress.
 ```
 
-% comment: The toctree directive below takes a list of the pages you want to appear in order,
-% and '*' is used to include any other pages in the federation directory in alphabetical order
-
 ```{toctree}
-:glob: true
-:maxdepth: 2
-:numbered: true
-
-introduction
+---
+maxdepth: 2
+numbered: true
+glob: true
+---
 architecture
+backend-communication
 *
 ```
diff --git a/docs/src/understand/federation/introduction.md b/docs/src/understand/federation/introduction.md
deleted file mode 100644
index 02e4d057a8..0000000000
--- a/docs/src/understand/federation/introduction.md
+++ /dev/null
@@ -1,45 +0,0 @@
-(introduction)=
-
-# Introduction
-
-Federation is a feature that allows a collection of Wire backends to
-enable the establishment of connections among their respective users.
-
-(goals)=
-
-## Goals
-
-If two Wire backends A and B are *federated*, the goal is for users of
-backend A to be able to communicate with users of backend B and
-vice-versa in the same way as if they were both part of the same
-backend.
-
-Federated backends should be able to identify, discover and authenticate
-one-another using the domain names under which they are reachable via
-the network.
-
-To enable federation, administrators of a Wire backend can decide to
-either specifically list the backends that they want to federate with,
-or to allow federation with all Wire backends reachable from the
-network.
-
-Federation is facilitated by two backend components: the *Federation
-Ingress*, which, as the name suggests, acts as ingress point for
-federated traffic and the *Federator*, which acts as egress point and
-processes all ingress requests from the Federation Ingress after the
-authentication step.
-
-(non-goals)=
-
-## Non-Goals
-
-We aim to integrate federation into the Wire backend following a
-step-by-step process as described in the
-{ref}`federation-roadmap`.
-Early versions are not meant to enable a completely open federation, but
-rather a closed network of federated backends with a restricted set of
-features.
-
-The aim of federation is not to replace the existing organizational
-structures for Wire users such as teams and groups, but rather to
-complement them.
diff --git a/docs/src/understand/federation/replace.sh b/docs/src/understand/federation/replace.sh
deleted file mode 100644
index 7b4da2997f..0000000000
--- a/docs/src/understand/federation/replace.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env sh
-
-set -x
-
-for f in *.rst; do
-    if [ "$f" = "index.rst" ]; then
-       continue;
-    fi
-    pandoc -f rst -t commonmark_x < "$f" > "${f%.rst}.md"
-    rm "$f"
-done
diff --git a/docs/src/understand/federation/roadmap.md b/docs/src/understand/federation/roadmap.md
deleted file mode 100644
index 87fb85834a..0000000000
--- a/docs/src/understand/federation/roadmap.md
+++ /dev/null
@@ -1,112 +0,0 @@
-(federation-roadmap)=
-
-# Implementation Roadmap
-
-Internally at Wire, we have divided implemention of federation into
-multiple milestones. Only the milestone on which implementation has
-started will be shown here (as later milestones are subject to internal
-change and re-ordering)
-
-(m1-federation-with-proteus-mvp)=
-
-## M1 federation with proteus MVP
-
-The first milestone **M1** is a minimum-viable-product that allows users
-on different Wire backends to send textual messages to users on other
-backends.
-
-M1 included support for:
-
--   user search
--   creating group conversations
--   message sending
--   visual UX for showing federation.
--   a way for on-premise (self-hosted) installations of wire to try out
-    this implementation of federation by explicitly enabling it via
-    configuration flags.
--   Android, Web and iOS will be supported
--   server2server discovery and authentication
--   a way to specify an allow list of backends to federate with
-
-(m2-federation-with-callingconferencing-and-assets)=
-
-## M2 federation with calling/conferencing and assets
-
-The second milestone **M2** focused on:
-
--   federated calling
--   federated conferencing
--   basic federated asset support.
-
-**M2** also incorporated a previous interim release which added the
-following in a federated environment:
-
--   likes
--   mentions
--   read receipts and delivery notifications
--   pings
--   edit and delete messages
-
-Caveats:
-
--   Message delivery guarantees are weak if any backends are temporarily
-    unavailable.
--   If any backends are unavailable, data inconsistencies may occur.
--   Federation with the production cloud version of wire.com is not yet
-    supported.
--   Federated conferencing requires an SFT in each domain represented in
-    the conversation. The caller\'s SFT is the \"anchor\" SFT, to which
-    federated SFTs connect:
-    -   SFTs must have valid certificates suitable for mutual
-        authentication with federated SFTs.
-    -   Currently all video streams are exchanged between the anchor SFT
-        and each federated SFT. The SFTs select the relevant streams for
-        each client as today, but inter-SFT traffic could use
-        substantially more bandwidth than an SFT to client stream.
-    -   The administrator needs to open ports between their SFTs and
-        federated SFTs for signalling and media.
--   Assets will be stored on the backend of the sender and fetched via
-    the sender\'s backend with every access (there is no caching on a
-    federated domain). If federated domains have different policies for
-    allowed asset types or sizes, a user may receive notification of an
-    asset which it is not allowed to fetch or view.
-
-
-```{note}
-A rough (Backend) Implementation Status as of January 2022:
-
-Tested in M2 scope:
-
--   Federator as Egress, and Ingress support to allow
-    backend-backend communication
--   Long-running test environments
--   Backend Discovery via SRV records
--   Backend allow list support
--   User search via exact handle
--   Get user profile, user clients, and prekeys for their clients
--   Create conversation with remote users
--   Send a message in a conversation with remote users
--   Server2server authentication
--   connections
--   Assets
--   Calling
--   Conferencing
-
-Partially done:
-
--   client-server API changes for federation
--   Other conversation features (removing users, archived/muted,
-    \...)
-```
-
-(additional-milestones)=
-
-## Additional Milestones
-
-Some additional milestones planned include the following features:
-
--   support more features (guest users, bots, \...)
--   support better message delivery guarantees
--   federation API versioning strategy
--   support for wire-server installations to federate with wire.com
--   MLS support

From 4bcf4ea76c1e8f43cff4066d0ae77f20c06923a9 Mon Sep 17 00:00:00 2001
From: Stefan Matting <stefan@wire.com>
Date: Thu, 12 Jan 2023 17:58:55 +0100
Subject: [PATCH 04/38] Inline "Administrator's Guide" one level and

integrate post-install in the install guide
---
 docs/src/how-to/administrate/index.md         |  2 +-
 docs/src/how-to/index.md                      | 20 -------
 docs/src/how-to/install/index.md              |  3 +-
 .../post-install.md}                          | 57 ++++++++++++++++++-
 docs/src/how-to/post-install/index.md         | 15 -----
 docs/src/how-to/post-install/ntp-check.md     | 44 --------------
 docs/src/index.md                             |  6 +-
 7 files changed, 62 insertions(+), 85 deletions(-)
 delete mode 100644 docs/src/how-to/index.md
 rename docs/src/how-to/{post-install/logrotation-check.md => install/post-install.md} (52%)
 delete mode 100644 docs/src/how-to/post-install/index.md
 delete mode 100644 docs/src/how-to/post-install/ntp-check.md

diff --git a/docs/src/how-to/administrate/index.md b/docs/src/how-to/administrate/index.md
index 5f6dd1ab72..79a04fa649 100644
--- a/docs/src/how-to/administrate/index.md
+++ b/docs/src/how-to/administrate/index.md
@@ -1,4 +1,4 @@
-# Administrate components after successful installation
+# Administration
 
 ```{toctree}
 :glob: true
diff --git a/docs/src/how-to/index.md b/docs/src/how-to/index.md
deleted file mode 100644
index 46bf098a9a..0000000000
--- a/docs/src/how-to/index.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Administrator's Guide
-
-Documentation on the installation, deployment and administration of Wire
-server components.
-
-```{warning}
-If you already installed Wire by using `poetry`, please refer to the
-[old version](https://docs.wire.com/versions/install-with-poetry/how-to/index.html) of
-the installation guide.
-```
-
-```{toctree}
-:glob: true
-:maxdepth: 2
-
- How to install wire-server <install/index>
- How to verify your wire-server installation <post-install/index>
- How to administrate servers after successful installation <administrate/index>
- How to connect the public wire clients to your wire-server installation <associate/index>
-```
diff --git a/docs/src/how-to/install/index.md b/docs/src/how-to/install/index.md
index 183215c603..0b4119e9ee 100644
--- a/docs/src/how-to/install/index.md
+++ b/docs/src/how-to/install/index.md
@@ -1,4 +1,4 @@
-# Installing wire-server
+# Installation
 
 ```{toctree}
 :glob: true
@@ -27,4 +27,5 @@ How to install and set up Legal Hold <legalhold>
 Managing authentication with ansible <ansible-authentication>
 Using tinc <ansible-tinc>
 Troubleshooting during installation <troubleshooting>
+Verifying your installation <post-install>
 ```
diff --git a/docs/src/how-to/post-install/logrotation-check.md b/docs/src/how-to/install/post-install.md
similarity index 52%
rename from docs/src/how-to/post-install/logrotation-check.md
rename to docs/src/how-to/install/post-install.md
index 17bcdde7db..6a513f0ece 100644
--- a/docs/src/how-to/post-install/logrotation-check.md
+++ b/docs/src/how-to/install/post-install.md
@@ -1,12 +1,63 @@
+# Verifying your installation
+
+After a successful installation of wire-server and its components, there are some useful checks to be run to ensure the proper functioning of the system. Here's a non-exhaustive list of checks to run on the hosts:
+
+
+(ntp-check)=
+
+## NTP Checks
+
+Ensure that NTP is properly set up on all nodes. Particularly for Cassandra **DO NOT** use anything else other than ntp. Here are some helpful blogs that explain why:
+
+> - <https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/>
+> - <https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04>
+
+### How can I see if NTP is correctly set up?
+
+This is an important part of your setup, particularly for your Cassandra nodes. You should use `ntpd` and our ansible scripts to ensure it is installed correctly - but you can still check it manually if you prefer. The following 2 sub-sections explain both approaches.
+
+#### I used your ansible scripts and prefer to have automated checks
+
+Then the easiest way is to use [this ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml)
+
+#### I am not using ansible and like to SSH into hosts and checking things manually
+
+The following shows how to check for existing servers connected to (assumes `ntpq` is installed)
+
+```sh
+ntpq -pn
+```
+
+which should yield something like this:
+
+```sh
+     remote           refid      st t when poll reach   delay   offset  jitter
+==============================================================================
+ time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
++<IP_ADDR_1>      <IP_ADDR_N>      2 u  498  512  377    0.759    0.039   0.081
+*<IP_ADDR_2>      <IP_ADDR_N>      2 u  412  512  377    1.251   -0.670   0.063
+```
+
+if your output shows \_ONLY\_ the entry with a `.POOL.` as `refid` and a lot of 0s, something is probably wrong, i.e.:
+
+```sh
+     remote           refid      st t when poll reach   delay   offset  jitter
+==============================================================================
+ time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
+```
+
+What should you do if this is the case? Ensure that `ntp` is installed and that the servers in the pool (typically at `/etc/ntp.conf`) are reachable.
+
+
 (logrotation-check)=
 
-# Logs and Data Protection checks
+## Logs and Data Protection checks
 
 On Wire.com, we keep logs for a maximum of 72 hours as described in the [privacy whitepaper](https://wire.com/en/security/)
 
 We recommend you do the same and limit the amount of logs kept on your servers.
 
-## How can I see how far in the past access logs are still available on my servers?
+### How can I see how far in the past access logs are still available on my servers?
 
 Look at the timestamps of your earliest nginz logs:
 
@@ -23,7 +74,7 @@ If the timestamp is more than 3 days in the past, your logs are kept for unneces
 
 You can use [the kubernetes_logging.yml ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/kubernetes_logging.yml)
 
-### I am not using ansible and like to SSH into hosts and configure things manually
+#### I am not using ansible and like to SSH into hosts and configure things manually
 
 SSH into one of your kubernetes worker machines.
 
diff --git a/docs/src/how-to/post-install/index.md b/docs/src/how-to/post-install/index.md
deleted file mode 100644
index 2dd2009af9..0000000000
--- a/docs/src/how-to/post-install/index.md
+++ /dev/null
@@ -1,15 +0,0 @@
-(checks)=
-
-# Verifying your wire-server installation
-
-After a successful installation of wire-server and its components, there are some useful checks to be run to ensure the proper functioning of the system. Here's a non-exhaustive list of checks to run on the hosts:
-
-NOTE: This page is a work in progress, more sections to be added soon.
-
-```{toctree}
-:glob: true
-:maxdepth: 1
-
- Verifying NTP <ntp-check.rst>
- Verifying data retention for logs don't exceed 72 hours <logrotation-check.rst>
-```
diff --git a/docs/src/how-to/post-install/ntp-check.md b/docs/src/how-to/post-install/ntp-check.md
deleted file mode 100644
index f093998eea..0000000000
--- a/docs/src/how-to/post-install/ntp-check.md
+++ /dev/null
@@ -1,44 +0,0 @@
-(ntp-check)=
-
-# NTP Checks
-
-Ensure that NTP is properly set up on all nodes. Particularly for Cassandra **DO NOT** use anything else other than ntp. Here are some helpful blogs that explain why:
-
-> - <https://blog.rapid7.com/2014/03/14/synchronizing-clocks-in-a-cassandra-cluster-pt-1-the-problem/>
-> - <https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04>
-
-## How can I see if NTP is correctly set up?
-
-This is an important part of your setup, particularly for your Cassandra nodes. You should use `ntpd` and our ansible scripts to ensure it is installed correctly - but you can still check it manually if you prefer. The following 2 sub-sections explain both approaches.
-
-### I used your ansible scripts and prefer to have automated checks
-
-Then the easiest way is to use [this ansible playbook](https://github.com/wireapp/wire-server-deploy/blob/develop/ansible/cassandra-verify-ntp.yml)
-
-### I am not using ansible and like to SSH into hosts and checking things manually
-
-The following shows how to check for existing servers connected to (assumes `ntpq` is installed)
-
-```sh
-ntpq -pn
-```
-
-which should yield something like this:
-
-```sh
-     remote           refid      st t when poll reach   delay   offset  jitter
-==============================================================================
- time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-+<IP_ADDR_1>      <IP_ADDR_N>      2 u  498  512  377    0.759    0.039   0.081
-*<IP_ADDR_2>      <IP_ADDR_N>      2 u  412  512  377    1.251   -0.670   0.063
-```
-
-if your output shows \_ONLY\_ the entry with a `.POOL.` as `refid` and a lot of 0s, something is probably wrong, i.e.:
-
-```sh
-     remote           refid      st t when poll reach   delay   offset  jitter
-==============================================================================
- time.example.    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-```
-
-What should you do if this is the case? Ensure that `ntp` is installed and that the servers in the pool (typically at `/etc/ntp.conf`) are reachable.
diff --git a/docs/src/index.md b/docs/src/index.md
index c5b3d5b4db..135a0aa03f 100644
--- a/docs/src/index.md
+++ b/docs/src/index.md
@@ -23,7 +23,11 @@ This documentation may be expanded in the future to cover other aspects of Wire.
 :maxdepth: 1
 
 Release notes <release-notes>
-Administrator's Guide <how-to/index>
+
+Installation <how-to/install/index>
+Administration <how-to/administrate/index>
+Connecting Wire Clients <how-to/associate/index>
+Optional Configuration <configuration-options>
 Understanding wire-server components <understand/index>
 Single-Sign-On and user provisioning <how-to/single-sign-on/index.rst>
 Client API documentation <understand/api-client-perspective/index>

From 40201f59d0a476a9f0132d5df219a6887de8d7ab Mon Sep 17 00:00:00 2001
From: Stefan Matting <stefan@wire.com>
Date: Thu, 12 Jan 2023 18:10:16 +0100
Subject: [PATCH 05/38] Move configuration options out of install

---
 docs/src/{how-to/install => }/configuration-options.md | 0
 docs/src/how-to/install/index.md                       | 1 -
 2 files changed, 1 deletion(-)
 rename docs/src/{how-to/install => }/configuration-options.md (100%)

diff --git a/docs/src/how-to/install/configuration-options.md b/docs/src/configuration-options.md
similarity index 100%
rename from docs/src/how-to/install/configuration-options.md
rename to docs/src/configuration-options.md
diff --git a/docs/src/how-to/install/index.md b/docs/src/how-to/install/index.md
index 0b4119e9ee..2758ad819a 100644
--- a/docs/src/how-to/install/index.md
+++ b/docs/src/how-to/install/index.md
@@ -15,7 +15,6 @@ dependencies
 (production) How to install wire-server using Helm <helm-prod>
 (production) How to monitor wire-server <monitoring>
 (production) How to see centralized logs for wire-server <logging>
-(production) Other configuration options <configuration-options>
 Server and team feature settings <team-feature-settings>
 Messaging Layer Security (MLS) <mls>
 Web app settings <web-app-settings>

From 460e3b8cace832e401944abe73b8b2b1c8b989ff Mon Sep 17 00:00:00 2001
From: fisx <mf@zerobuzz.net>
Date: Fri, 13 Jan 2023 10:40:59 +0100
Subject: [PATCH 06/38] Fedcalls cli tool. (#2973)

* fedcalls cli tool.

* Cleanup

* Output both dot and csv.

* Fixup

* Fixup

* Changelog.

* Fixup

* Fixup

* Update tools/fedcalls/README.md
---
 cabal.project                  |   7 +-
 changelog.d/4-docs/pr-2973     |   1 +
 nix/local-haskell-packages.nix |   1 +
 tools/fedcalls/.ormolu         |   1 +
 tools/fedcalls/README.md       |  31 +++++
 tools/fedcalls/default.nix     |  38 ++++++
 tools/fedcalls/example.png     | Bin 0 -> 110931 bytes
 tools/fedcalls/fedcalls.cabal  |  74 +++++++++++
 tools/fedcalls/src/Main.hs     | 220 +++++++++++++++++++++++++++++++++
 9 files changed, 370 insertions(+), 3 deletions(-)
 create mode 100644 changelog.d/4-docs/pr-2973
 create mode 120000 tools/fedcalls/.ormolu
 create mode 100644 tools/fedcalls/README.md
 create mode 100644 tools/fedcalls/default.nix
 create mode 100644 tools/fedcalls/example.png
 create mode 100644 tools/fedcalls/fedcalls.cabal
 create mode 100644 tools/fedcalls/src/Main.hs

diff --git a/cabal.project b/cabal.project
index c9f7daf5a0..b1c4c70161 100644
--- a/cabal.project
+++ b/cabal.project
@@ -42,13 +42,14 @@ packages:
   , tools/api-simulations/
   , tools/db/assets/
   , tools/db/auto-whitelist/
-  , tools/db/migrate-sso-feature-flag/
-  , tools/db/service-backfill/
   , tools/db/billing-team-member-backfill/
   , tools/db/find-undead/
+  , tools/db/inconsistencies/
+  , tools/db/migrate-sso-feature-flag/
   , tools/db/move-team/
   , tools/db/repair-handles/
-  , tools/db/inconsistencies/
+  , tools/db/service-backfill/
+  , tools/fedcalls/
   , tools/rex/
   , tools/stern/
 
diff --git a/changelog.d/4-docs/pr-2973 b/changelog.d/4-docs/pr-2973
new file mode 100644
index 0000000000..89fbeb8be6
--- /dev/null
+++ b/changelog.d/4-docs/pr-2973
@@ -0,0 +1 @@
+Tool for dumping fed call graphs (dot/graphviz and csv); see README for details
\ No newline at end of file
diff --git a/nix/local-haskell-packages.nix b/nix/local-haskell-packages.nix
index 387f117aa1..aea935c787 100644
--- a/nix/local-haskell-packages.nix
+++ b/nix/local-haskell-packages.nix
@@ -51,6 +51,7 @@
   move-team = hself.callPackage ../tools/db/move-team/default.nix { inherit gitignoreSource; };
   repair-handles = hself.callPackage ../tools/db/repair-handles/default.nix { inherit gitignoreSource; };
   service-backfill = hself.callPackage ../tools/db/service-backfill/default.nix { inherit gitignoreSource; };
+  fedcalls = hself.callPackage ../tools/fedcalls/default.nix { inherit gitignoreSource; };
   rex = hself.callPackage ../tools/rex/default.nix { inherit gitignoreSource; };
   stern = hself.callPackage ../tools/stern/default.nix { inherit gitignoreSource; };
 }
diff --git a/tools/fedcalls/.ormolu b/tools/fedcalls/.ormolu
new file mode 120000
index 0000000000..157b212d7c
--- /dev/null
+++ b/tools/fedcalls/.ormolu
@@ -0,0 +1 @@
+../../.ormolu
\ No newline at end of file
diff --git a/tools/fedcalls/README.md b/tools/fedcalls/README.md
new file mode 100644
index 0000000000..e43f95e14a
--- /dev/null
+++ b/tools/fedcalls/README.md
@@ -0,0 +1,31 @@
+our swaggger docs contain information about which end-points call
+which federation end-points internally.  this command line tool
+extracts that information from the swagger json and converts it into
+two files: dot (for feeding into graphviz), and csv.
+
+### try it out
+
+```
+cabal run fedcalls
+ls wire-fedcalls.*  # these names are hard-coded (sorry!)
+dot -Tpng wire-fedcalls.dot > wire-fedcalls.png
+```
+
+`dot` layouts only work for small data sets (at least without tweaking).  for a better one paste into [sketchvis](https://sketchviz.com/new).
+
+### links
+
+- `./example.png`
+- https://sketchviz.com/new
+- https://graphviz.org/doc/info/lang.html
+- `/libs/wire-api/src/Wire/API/MakesFederatedCall.hs`
+
+### swagger-ui
+
+you can get the same data for the public API in the swagger-ui output.  just load the page, open your javascript console, and type:
+
+```
+window.ui.getConfigs().showExtensions = true
+```
+
+then drop down on things like normal, and you'll see federated calls.
diff --git a/tools/fedcalls/default.nix b/tools/fedcalls/default.nix
new file mode 100644
index 0000000000..1fa52660c6
--- /dev/null
+++ b/tools/fedcalls/default.nix
@@ -0,0 +1,38 @@
+# WARNING: GENERATED FILE, DO NOT EDIT.
+# This file is generated by running hack/bin/generate-local-nix-packages.sh and
+# must be regenerated whenever local packages are added or removed, or
+# dependencies are added or removed.
+{ mkDerivation
+, aeson
+, base
+, containers
+, gitignoreSource
+, imports
+, insert-ordered-containers
+, language-dot
+, lib
+, swagger2
+, text
+, wire-api
+}:
+mkDerivation {
+  pname = "fedcalls";
+  version = "1.0.0";
+  src = gitignoreSource ./.;
+  isLibrary = false;
+  isExecutable = true;
+  executableHaskellDepends = [
+    aeson
+    base
+    containers
+    imports
+    insert-ordered-containers
+    language-dot
+    swagger2
+    text
+    wire-api
+  ];
+  description = "Generate a dot file from swagger docs representing calls to federated instances";
+  license = lib.licenses.agpl3Only;
+  mainProgram = "fedcalls";
+}
diff --git a/tools/fedcalls/example.png b/tools/fedcalls/example.png
new file mode 100644
index 0000000000000000000000000000000000000000..26bc63134fc15f6e76dcc857c138989e2a94a0ca
GIT binary patch
literal 110931
zcmeFZbx@wmvM>A+f;+(_5Fog_ySuvtcX#*TA-FpPclQJd?iSqL-QhmTT6^t%>fWkb
zr|P>^-yi2mAiVSR^i22k^mPAvNSM5=7y>K~EC>WbkPsJE1c4ygK%h6f&~Jbi$?^bY
z5a=DJhqAhpqP{DkorA53xs@@Yle?WUp|P8}2?*r2P>^csg4>!H{A!5C^EN+_9<Qg~
z1Cr<I#U*Ak!PtFy*Jgm!yaskX2%o?8lJC`f+4nro^MY2(x*%!eet_qe-EHFO(3Cs+
z$L{X=y~Iq?ZEI)SsqFQ+JGwj7{@@(cv2!yL!D*-Mof~4H+Kq8`!wSK$9^c;mHQr*Q
z|AwcrW{mFXE&nr*e0U{Nm#5$PLLy!JOr=)x?)6j0D>~#0C(qW+VU6#j>qn2pWU^j2
zMe)qO_zg=i3Ew=aKqR7Q29z&ja~XZ<51#aIE|k)FeVaygXjop|Cg?Qoy{>7r>N^at
zc(gb==p<GHw0X09y;dO}Zv-CF`Ft`s8gEPQ4j<V<&NL?)_YP0nTbE78jtsU0i-tUv
z2(-L(?U#*UWtQ=zsB~v6;1#k~M{V;;Fbk@lFXC3wJwo#jKjXPzt$)7cuB=iw_|n%q
z7=eW;F_lI$^J`ObP;b_@sXDeh1E*PAZox4;%Mxa+Zkg_OcsAJ`iZ;sshw>ZW=fjtq
z&z>`|Z<~0Ekt&~l7JaIPH<pdo78ULChMLI)`9Ar)D(Jq$W){()nS?p=LSUeI3VgdS
z;j|&Rc|Q}Fb8-s`3N4Q64HAaz*A&N)JY)HZ^Tywb#H{Kn*&*GCFu8Yx$WXTUYZ?X%
zOXKvJHV(~2!>0H5NNIJ-;#l04NTY45X}OUo9GpbzG>vMDk(Q`fNm^COVv%fii;{Vj
z(t_Cqi^{x$#I*WJ3(NAx2}3!*Z`YHSw(YkJ$&U0FYbQS-42RjLhNqUOYe!ih@ggoX
z+~+AvD;gefxK8SRMC-ULTi^1?vd2#j^vQBu*G-Kz#V^R5>{vD~c`P2gdYK$&%&z*p
z5?QWi)ZZCNV$P10ou7c?jv))!84O~>M9@Mp>L$E_<)k$22u{yqEKI+DzYiNhJsDq%
zAJ4#;EEnq1Eq0>qWvra?=({~K^CY#h@yg;TTl_dQ{G8dCRns6MbU5&<6b@ZEYp+9T
zQO91FNYF*nvaWx03Eie8>6`W31<j)eh9SnRhSzsdF`MDFM;e-}<^w`6)0NRd{sU*5
za*8^~mTl}WwHiX2UXV?Ujs(oQ1S8;1{7X^v_QEJzoR++Ekw+`cPRHSa21iz1A-p-n
z?J0+sC~%WZ%v@^g<wsJ@uDTwor&AqCP0`Y$-Xyt9_Z~ZC&#G(|Z&`P(t;bq!&#h0j
z$R^Bc8Qd2G=f>!bKZtY{V{V<0S)2L03cB5FxMZ2;^C%%jNP4YY)zVUaLMn-_`BWl5
zDw8682KmwM!D8ELb`BQXaAbU9px*CTf0?Pavo<~9A!8p;-Dj?f<qDrGdh?Jo{vsTg
zG3-9lQI0%#0cjEaXI>pP>2>|3!i`z0S=vmFNdHxocAS=Ri?^#}V`G|%&|5oIm+(*X
zC$Uqb<S8EM%CkIZ)uP7YqNi8AGCns$+|Lv-+znawDjo<2`AjJW%$Sd`uJMcyEtIJ$
z7aCi($UUl|OEj>QkEBGG>FzhVo;7@)m}X@s^Ls68ss)N%=uK1Aw@XBE>=y{7CF0D1
zWXf_xHn_wnI1%;uy3CZiABBx8qj5^OqUsN|L#$A)VU_c>$ai4;b>V7Rd-wU<B7ZH;
zfi3ri>Op#88W*kwhSy9=YIkpj1sV)kS2%~ED#$D`cYn$F<~_;jeB0NqsM~@|>wQwF
zzv;$0ORW^%hUXM#p&R_5+^#gQweVrlpnkjX*s}OE_{E*_R?`~4^2?|8)y*d~BTtiO
zq4cb<bc1x;26-Oy&Cg>qQg@cmy2EE>8<0c3sr~JyEqPh28>US!SVw#^+q}CEbMnv0
za~De^MkiVpd;tllW&!+$pIN99bV#Yw_@(ndhH^4Jq+i2beZ8m*c!JpP0MkLg>U^W#
zRSFs&_mu;a7fwU(oRst0iF9VbmUKrY=TF!nv4hDKkzDvvrv&4PpC))YaAx-YGg2PL
z`YUIZc&W=LrlMoe>KfeJ7VEGOPrAPB<+u2C^nF;*0j}CBM9*D>E0CW^rXBORA89^8
zW{6x(7Ws>YFi8%aDMa*;?<kTc>rGmTdM2T<O;0y13B5eBCc#%Mw+a=bO`BQjp^+UR
zOjNOjg8SffHGMCHacYU9u+ex19R;?$=^3-pp=UfKw8fayW$G^Q-d>Qyu=oOvFUN{W
z#&Dkc=JB&T^BS}ZN1^l*oGS<48vAtDN3&}9rhG6d4tlKbTOlmyAkC+$UEE$MhlH`Q
z7`ZwgHWcSn3S6`izpbS;8;X$g67|px;S(t&OsiT7Wg^@5py6^qjxGI(Iu;kvUX@R+
zIl2ceMtFgX<f5^!%x@+`3ycongBeBj+wUUB72Z_uLP{w^+5bBFYF`I4B3#uXD*W@L
z@0~ugV(u`)DAoZA{{@bN1jDx_q&$H}1XpD_L?xjwiqXgZvVLGhEf!i)#k3X_N$-l}
z)lFseZ}D2M=3t4_Lk|vyJ_sXY5kHE!fr0I$ISIF6-vm3j<{gDO3qbRXIJ&m$OXEPv
zC|($pj`umiAz(;Lc?jcNSP|<BS9w=Cd?SX~9L{a*9<b|z^Z!|QVU@(0y@4N4S}`+u
z;8_VNocS*6SRl<?YbsZEAaC+ZTw;4{=}`(EnIgaCB(yai8!}iA6w5XgOZfH3ByM43
zK}%@PzC<7FYG&}Ks&k`)cg1UNQN_Z)#^=fe9o~*i_%HLqWnQ=$L3|XZusP9rB&--9
ziNZNm2b*n$+^DV(SrOq7uD(O$+u((pYY2M7e?i`4N0u#SO$P??$w>~ZPq3{%Np!s#
zQF_frKIz`0Wi2Mmq@4I%!OMvY6br^`P~A}Q(?OyAy}7>|Kk<iJw&3k?tx#Jk7T62&
zy_rCT@AO~~2+y*8IVR@rgqZ#!W-%C;3fPA^c9#QONgBv`IWqZVp>gDhExg6mWS^rk
z4*jd{XTO%ABVa*Wi``+IY^0_ZgONLA-)axLD!^jvSLF|JSIy->Nw{W{F9jx;z5T=w
zJKJ88vLj5akanX;DemIW_fk71-lpFmT#GI&XoaN_|Bj_Ke3%01YzR5%>FMa@IDn70
zyJ*utb<Z`aEQSQ{h<gaM^yOQK4)`MrvG&%83HTNwey9a8+1sa~P6wZZsU>iS09MKC
zEPTsukdzO_7yqMKbgYWof>-X{pjIM8#1C@1=jIcQ?=;8UbON?D<XRJE<Ve69V1owz
zQH9AQ!NG4oqI5gk#q&!zkFBTS`vu#>uc%KWFSRG83yTv94hGw8J~TiF%;wM%N?k-T
zp8ER`hMgG9`7KR^qE<P8c|haiBY#S7p6HMdScuCMs#49G5ryH7{EB+mmMYN~;`ZST
zF}{hPrWNAX#{)tTVU$Jk-1yRX$w!oTtR*3dX4+KPI3Y~PglrpMs^se6dNIt6#`C_v
znWo*74AC?`MZGn%zoNc5d;urx55sk4LSI8PxJtw#qE}J%k7Q%3`CP%3Hkjg&d=)<7
z{!U0D0sa#l&H}WVbevck0$aQORN6@&$N(4a*~aZ$0Vfkgj5H`Og~Eg?0N>I~Gqe|~
z(msx2En-Uzu_*dR7KI7F2BB8I^gHe|4PKA`4T@*qcdf`U57InBmt_c#<ZNuz@D`_E
z9833mid5s}`(F<huwVM`AqUy8jhUQa3wvXKprPj$h(fZ6)NykmL#b7C1!%>kw)jn+
z5nbU&a)Q-^`zMzZ8--FP64+(kt?$O4Wm^m1BJ#KhLdn}E*wbFgy@#U#n?>Y*9Nd<p
z$Lqxoa<(JjIN^P7MR4{7?CMi-o}otoayIB~EZHIxdQb^X1KK(`9+t2SPDJ0c0!f<2
zC+aZE64%gZrHD}_QKrhas3^r(ax;8nJPYzJ8z-DQKek+CuxN=`Oz%`dqpxk?DPouW
z<u*zM5{jQc`jWwT+zC#6=WmW#`c4|y%fc*vA&mY*Anq!XNSrq3*h3~0-p*DdQzLZ^
zvqo5NO*7o9I6RY5Nc2+~!w*aEK=NB~QST6PuxYqVa>Tbxy{$pAmxnVa6KLeBbjq+C
zMZ&Rl@2KWd5Y{Ji5D+4xmY9aLNIY&6E7S+fx^>CeXQKvkVkZ0*tFEkC4zKW09{Ou}
z1_*DG4E!KNazyur+TdV6mgSU4oF`Ya#9Uy6?4?DZ3=9tRr$|#Fa}LUdjF{cDQMT37
z2E2nDvyu~A1_P^x3`fAJ3z+QtSl_fyXCONW#Tw=%j#y2O&k3)Q->fAvysL{KU*WJ~
zH`iv}tVvAdqi}+SX7#3&v4vr7J`2TTAlM^%$TYqG@JKF1?g}*%%P^MgqTDv=_5&^c
zKwZFS5xINGm+vrX1?3uS=pguRImbj8B{{TtA`bineT$~aXu~)TQf=bwxDKOCV|aYT
zh5*p}r9caXBjghWU#M`1dOxH1JgjAZ&Dy*ZjXOaBT1!qpiis@diK$7H@BE$D9~2^d
z!dDxGu~d|ZsBvR5R;=;kg1t&Vt*^lnsQZPxblFmOkq`%a1|f3hI$OWJ*Vf&dN6D0`
zh|_d{5uKX&h=oArhfs`pd39`n-Z)06EwCk@9N;daIl!(<yG(5lub{}WEI`XV$8Yow
zD>bG@@Dj9Dh2PTirZfZtr7o@LM_Qq)7sX65IR7U%gp1igrX{?9^5bk(VI3NG=0Suf
zNbD*Ye|$mi?}284rG+l`;{k+uozqBkRk>SQ4EiVXPBU*Uj7}TGztO==NwG{zz~vaH
zJqaX61xZ<UJ5E!d?}CV{Tpq#>(bT__(08xVf?6Qn7uhg&-F!Vw+MoHjq3@S1{{#BL
z9XSu$OBuow8Rf(6cRE!(=R|DML7~-dYyGkg8S<#aAB*M+Zi%G<wdoRa_D7)J;7FAr
zgY4XF;niKV7==KvFro=f)i(>K)fZog*)mYxa!BCo@#o2A$TerP!-phSXeaS&icSv)
zlK5=aWOjpVLwL+!BtIQ?7GvC|P2GtUY`;Jd-!q@$JWWj&x(ovc9F8^Kmu@5G1Tr0F
zoWUKZTs4#p=$AL{JD6+&ebDv}pTE++e6F{-Hm!EKf`aJdhhrP7H}i}Flgv#t8%;Hb
z_#WpZ*@WW4*|;bDNZ2|~LERDBQ=x6AZnGf>YJwC*LKE9-eot`u^UmC}2qB+%W8@RZ
zA-wn&TR2}4RSexUJQ(@hIvFZ5UocB@UMW`Jg4Ov#;eAsKI+PYfu4{3IvEUpWJ@bKB
z2dWzlAqfp*yw!L@GR6U-S448Bd@3SqF;i<%m|tB1oH|=On4_3FhFa%LbQ33Jtdva&
z!Uy;?-ise!y{#?xmZoz%zUC_lUa?{F7tn=5-Qv2yg2SqZq5Hp~#^#z$L+xK!TrPYp
z#C9^GosO@HLZ}SmI)tWL%O@Te>}C20ZCkfiQgwfz1rOSXkGs!FzRD1PN0@TfEa4bq
zH+&bX@`dZu<5$PN#I}xuq7S(J2|aNTL~6ghKmWMSke1qepyoq1hrkzVlT>k_*2m4V
zRl-rJu5is37=7<kp4gS{Hu24ofzkz!PPC|qqV6O;3Yqms>nCpTgUm2DLWj4#G5RPF
zgkN%JDEqlkF(%eURv!HXn@F?mj@Dx=uGq2jaEaDh9N*~Tnn6Yg(**@?$bCeA64*rW
ztVPWbbL;n+PJ$xGAa;e@47?Mu>>ecigkAmVsp10BPEq|Uwv@k;SwOcsy_<HuOWC2M
zSubKWhPR0JP2%lT4y%DyNDM8Q76f||<|!JUhlqI&dzrs00=R$UPrDB>X-~vBwI-gj
zI10;SP45$pMF@K*6ymqQ${>38jV#`J`EpdF@@CLY&s?>O<bctl<<Uh+B)?Dv|ANQJ
z*<&RUB9_@I)oXN*5%b)~`V~jM-y>E%?23`>mM2j}mycT@H^(cvoMVSr64XSBw(z3`
zo5<XN)1HwN#m}&aD;t^{s)|t4#6LIz)Em|+Dd)#$Prrvx<eAa?!0UukB~z(~PlFNU
zp0B+x%qhW$DiM;~qmS7A3Dee&?*a7!<B<$GNFEjSP9zzo5bTPRfvaoaE8>mv&z$}s
z0`Ba_zP3a53GcSMefpgzh!0I!SnHM0V2s&{U;EH-lyNzohPra!ijVtJ2zb$Ws|i<!
z5SyZW?+`DD<^A5C2Y#3R^|ho{_10@bIa5irfw5xF)kN+*ut}hBG;gg$iBq`6BGMrn
zNgHPL9dm_)88o!oud!OMi0JbsO(p#nBQ%L5#WI>21lq3zL`Tzp$LC-9@LZ8ygeN|b
zsQw(!Uq&~v8gpD=&;P|n+4@~FvVpcrD^bF8!sA)r8*)^LXw<{r2`bppsbj9%hZ$`B
zr&3DOn<|J)5{!=bw-hZ~-*#jlCW*7i+|bItR&HTSg)<-HIcJ6|^?J|wqx4r+Qn6Lw
zb5|a5v^&|Fy)!Q@<iMBI&^ya?nf35akYJfaQK1zO4I)~-=a+rk6OEW;L$1AYcl09O
z+~?8s&9G9i#J}j<682H{>pMoLy8A4A!F~9_=a~;^;Ligy&C#&lU0APn=??_lt-j4`
zw<be31*>a?t*wuG#665LOI*SSAP`uPxsZ^&gpkm`P&5ELOZSf95%1>5>(x^#$VC^R
z3MDrxlEn}f!K;TADMGdgR>ha5eGVW+kO+^+Thp{VGps&X+bAmyEG2~Y@nh%YplA^f
zdzFHvG2mf8>1*|jZgusOr(qniz=dL7W_?#(lq^{p?yvTCBAOOHPt7EeflR`_4o~m)
z?EIRxt5!4X(b1_CI|7V1#w`*1n@pPkce^=m`fZpHHC<`XZjT|U&eyw`!|*=abVph^
zZYCqrcb7dM3>fBmB;VDx6{E<Zgs8|AdVScg9(0eWRi&<d;JJqj#P&8$Ib;q&?j}kk
z6bK4ngeC714N}cOgM(R!Za70~@d?w0ZHE1{rOpq7V>E~K0@c}CUlaFESCJmJu9JPV
z4;uLwgavxvJ+Djp0?e8(WX09zPGtxaUWrQPx-*pVS_ExvHfCd_rX?`QO!)bDodG$e
zeiQ#&riX9L<F0T{74GdbxAqSplH$@k1UozE$Q^Re_TE;mRL{p->Gn<n#Wjc2ZB2g#
z0PS=$2T)CQ8EH;KTWeZ<BU=MwS~qJu0QCfcxcS`d^bIYIod^w#P0ek1h)!EOi3rV&
zc!<<kWawq=gpAG1#XTI1l{{pX4LvLkIgE(-cwxESH~|LM#!mW#Zq`;dj+|~hM1S~l
z0zdz5rXwQ!L*it~L!>SvPbg&TU`)tN%S=m8BjRT6!brpmOUUhDWWuQ^Ec!PK;1ds#
znUj+pCmo%ut1GQ56RoX-DIEg`2L~NJBON0n4M0KT=x*br??z+eNc@|{Up$139St4K
z?VQYQZ3ut!)HkqocH$u-0^Sq;Ykt;tGBW?Lw{iSi3xGc8-1P0}7-;F~tgY$(vxlRT
zhzr2v?+N`MdpIfs;4qz{v7@cCgQ2mAi?NLp@qe-~GW@5%owI}0A90Kf>5Q$6tpQR;
zU{r?xGNhP<jQl@6eyhOL+}iF>FF@J<h0@8~<loBrFLV3-=8ri4IT4`yKYafS^}l5Q
zLkv*K$Z!hV8an@;o`f(D(eLp&jcg6gjX3}OXkfs>XrNEeLSw?rXh_4%YQjXr&dy;(
zW2kRrK+kT%#GtQl^dGDwY#g2RZ48ZnvjUjYnge_o*bUh@j93_GSQzvfX_%P|7-`rI
zISgr-I2btC8T6UiSQ!ofgN2-fIbfCgR{uGx->i%PRwl;AOw7#81~d$Y1{^fZMg~kY
z`bMnmH2U=Ph9+zrhU}~i?0;Ap8FGr+I#}xi%V}<{Z)!|uXJh*3#czdk3dl?F5HZry
z|GP!rO5e!@=)glHZEoZ2_U{+U=GMkaPWr#K$-v6Sz{<$Tz`?}EN)OEX-$bg$4vv5&
z{^rR*Ps_yk=gseB;RJ*M6s!N+P5}mg+5uTOg&d6aoopSHZEdZ1h<;Cr@ORIDUdsU6
z$w=QxUs&JC7+^}z$jHgS$jQi{{QElxCo=~XJp(8Gf6&_+nVY!(->83Y9zyQFmR#K2
z5g6b7Pt#vJO3B#%uTOt{v@-v*l?Vy{Yzj_&!@opu)ORudYrO$pf4wp^)3-4-2E51L
z=K8O8^Z$b>u(KF&Ft8bM&=|9_Gtn?Jny}L7>vNa@Mq$Lv#$ss1#`d>V|8RG-HF0v)
zcQ6((1@s8$3NX(<x*{b1vrrU&boLLmtC{idRR9!5!@x-MkHT1({#F>>-vZP9_8I?@
zn49i@(+T$<g8y(bK)=7*0OtkxLb`vP;omv~X7K;=`Fkz?Uk*V?_&<aExAglz>iQpb
z{kJsm-y;4W>-ryc{kJsm-y;4W>-zspU9kU7r;KfYD99B^mLmJRjetZ8#!g(r5d?yJ
z_xlSBl$wqOG(tH^$cRAgz@x+Av%op&$$&tFAPHdsWw(W+WoLD?#YfPYYeT;dPCiOZ
zgIT3NSVPdKjq3$>>xoibt9D9A1MPS3J|al>WW&EzmVXPu0D_3uPW+X+N)UJm8yc*4
z{jxIFec8n2xHCM@#1wJqFv=B_P(VW%ge(aC;m^0L%{$)ke0{oqH{}p~@z?S5@ga&S
zs;CepM~fv1Yxn<){vjCo?T=6NMn+qEPMkN8f+OAJ=nwN@!bI<*BhD%QVme+KN+RLU
zPlyJKj`j<yNU+GAeG}>V=-|MDUO4z~HU%*x8ft2R&wlckcGLg|m|(%9w|~!RWg%NH
zNn&vppG&h^z073r?EdNTmdT+e>)H2&JW??y3m-B6@5!&1BRmwOBx9jtVnzrPf#})T
zZf|Z>m6gjXDiC2{+%L9ZR6ffVrX^$P$HV?5?e8(X>1JlQDTN_GUcA1iEA73#y`-e1
zO5dc<udfRdBZPAgELL7GzjTqK|4T(d<E|ty3Sj&;HWgdJWo6WXKfVq_CeYrzzB7>%
z`&*4c$Papsc6R-vqd$X;C+Q`FUx?Z9MvpjZCnrz86|83Pn5srh7Z+AGnvQkCz*GZ&
zJ#U^$3oApOBmdG#t{c+z#m)PGXFuLB!qA^^*Vorjh<I*Czp62cI$!isS$;f9k<!($
z(B)*1=VZ`#Wp~MuR)Q;tK=_90<y6}JBzTB^@<`^f{1#g?S)yXeZZ(?TT-(<E*=i93
z3&sAT^l*A=j?0&ql8MPtYt038cJtoh#cTSzzs<e-{jc@Eq<H3IGaW5EfA<s2FEdk@
zpP$eL+Jaw7Ct>6heUKnTb&>OY+8jZ}%=maRv-#voyQh?tRHwHd2`EB#SbxjYg;Brt
zQ83NLz}Xrkzn+-F=S@#<<$Cv=e(Z(cafi9b)-^bJ6TvDk|8@5g;*I~B@2oIs+<*at
zd)vXOGGE%r%{lgbUSVx>GX==Vm?y0LJtm%4z|eMTTAFMoqxp)qUfXw{?C|g!li8d7
z!-Lyf#gE1X+2Bxt0f;K9s&7Cc-Pn9SM|Uurx*fw>wI0XEixPU(tL>hyj`6>UKR=2m
z1_eQ?soIgrWj@>|z!NaERaMc`vYzaonsRxzo}D2(GL^Qpv?P{u?Cx*EY?1+H;j6HV
ziP53kVD&Nc^^bz~cH_Tdxzg_;gCcQn#TspRcpa%eendZNA#k5FG;MX5VbsydFd0Nc
zYt!toQjwHAXgm@Z5b!b6Wv#4|ui2W}8i<|4Lo{7!bMK2LNa9|WTZrnRTVw(Ip8rGB
zMgO&WQ{ptGE7ijOsk!Acq=%cfdopu=F=Bf>g1upVW4+r~t$rh7-PC6?|1__k4p*w6
ztZcg7vr#NXgJYiKwN@1e2U}A!xv!5bK1r?4ZTsXT5c6(y+o3cdP>A*377WDX$V8BZ
z!kZ`d^my7~K1EtRZ`Bs-tND_~>fwpR;dUnfeU_h+SERVC3?3RfGL)Oc^QP?GhaV{G
zF&!Nd9d!<cqhH`KsN;1}QS2RV%2H@%?wT)m(z#rDA0=3?XIFmw7#zG9{~<)PDDsX>
zCNe6jfL0v>qSt(?@MNhv@7uQq5y~;QcwX0&r=bZ38XqIul{OUxh4Z*{6Pgv<zx1m%
zS6Eq^nQ0>|Oai*2(OM|1JiNWrW3aF<Ri)c?Xnse=%y#j8#Cv>DWe5_{?lln~=B;4$
zU0{q9iG<|N^Yz|@kdTmJR}jqfV!h>@<cX=oMMR)D2{KbM#Pcf_9Tr2S%K&-I=Z>X4
zj*H`?L&SSH)ZDx3!h07UV^#bUxkAk6R$rwIS}(_RN`~_mBCYC_H`=s~T64O3YWJAJ
z#YM<7rD~P0NgpUd{R5*4s)`3I?OG8~B}>atmD=^gtG<?J)tj-w6coij`o7R<v)itB
zxw|2}4g)Tuy*(rnZ~d}5M-kX=9dH<;qQaTbFe?~M&r+rb)$>P#;e(LqFPg>0$|@=x
zc%u=!bVZHUiwzXy{jVPdX+jY3U)*sn;jVH2xTJ@btE+1#XQ#d>TwE0U*l=oL;dDGU
z8!Hia;~%AOq>(P-rY0sb+4Z-{`Xrj05gvZx1O639O4K8)s3g3iNF1Uh_s@f4D-ye<
zw&bdgqSDQk66*a@qQfcaMwi*_#FsObN=ru7NRjSB?dLnJ=SKHF@%e|kd;g*8QFA_<
zM)p}$md!>FMR@oK!d`L7hL7`h7H&aoP*I0HaM4IYLZZI5)_R^FJ#9pHjjK^0RI+C9
z=PU-@nx3GKfWRfhd!E6!ppS^VV$UtvC_%N3(TMnqVImt>P)Mj7@5E!%8J#KP1}?6y
z-uhX*r(>n9Fdcgjs<N991cf$x-LJGi!g*o#^!`juO)V)YhPivXy9*MFey`xXFu%CC
z;AG(Vi-pDc{{G%nHp|9g&RRw$lh2bjCChTMfd<_G0Bkg?9a5rX$RGn_va(*sS`g+c
z`y_42$;cWV=Uj}93+xTaR8>`F)0yqB_F^<OHQnhhZ%(+7-(w(xV8ZM#E-nDa4F|Ga
zZL4o|eFHMxJ#pL_t*NRiDlTqzJ$;GXXR@@g0P)MnSl?#qEVsIPKHePvL`WOW;6eiV
z`-4eiI4(?MU*n79eOw9UtK!@H?oT)n$!GCC*J&{}Ha5RdUl9!*9fRiLc&ahFrpCd?
z$7ihp-*i+M%&)wBWaFc6y`|~MwyF-hug`J|LVbNb$d39>d?!x~p471)SuRJu&U*3Y
z>$?v=K2l3OOQj`lX>7Jpk)iR*wEK;tozAQb=5hDrQ?sMGs)^T6_d|P9Nky<=-+%pT
zvTUq4I5^<ez1}P<>**2Bk>5L75>k>1Jg7#*=e#<eW22;`q+)^td5J!9djkOTEKOTD
z%5QV@@$r6Wd3dy4vtysuqD^W&)}bxw5AAP%bO{N9RI;U_qVo2}TpusVN*~)(P%s^J
zXx83m|Nf~_pf6CaPW;)RTK&mpYuX`JTLRhP_5>y)!<}1~Ned=8H$bgduch)snPRWL
zkMqFXTQ*vHPmfu4&p7@X;apAzjrm)odtB3jU5<eK!+@>QBa|ub(~<j-*K&oDvNE#O
z({V4=_=CRBMIB1ngQi!|w2dY9p|Bt?%+WjtWiWp9Mp(MFEG5yO#Gvu18S9r*^u$Dr
z*e*WdN5tdPRXHwuZeblE@3rq>BEiAY1bp+gp00t|z77r-QKnBEoSdISLNL+M(~|4X
z&#tIxXlSUZ0UYvZwp?mDrB*~l#KFPg0rEjvpNgu~KM>LeX-O91Gw6Fy4>J!>l*foc
zH9P`>A#ESXuk-bxtBc6B@xvRi)t;UpwP%4zwvQhRzy%)N+DayPeU;VJ#xl4TyQjRj
z!)N3&x9TiS>wUU8bya49;V@gBoo(nhD}j}R3b;95Zne!hHQ>xxDX_%kY=5E1h4b2l
zdi&O99&hc0!R->`H9kJRt1EY^aO|nolPsh==LK?mZ!f#J7zN!~wS}RWqIkzdb=s20
z`#FxR8+F5$c~3upFd*Qjw78T;v*~VsO51RA7LW^+U6JFnclJXHlkVku4pj#~!*{mQ
zkUm8U<5k9*#p<q#I3yYom$Sxlj+RRG?)qeTb2MW*XN6c>TW7XX4=|kafB-dw2Lw=E
zU7c<xEj*{4pKKu#E^nFTT!mVNHW&!-;jT!HmTHxqZs&pm3KKIk!2?D;J=z09p7R6W
z-bIOq_U3o^`^d;d`TOgunqb5YOwZ1KiHPcj!~PxQ?IqFsJpCF<suUI#-oa$Xqj!FE
zQG9gC0P)M|$;qkB4J}$e-Bn{1JPZK75s%w#Ek8`D__wQCY4l~QEGa3-RR;0<uvg2T
zOWf@BD<KgRO$A2R-(t%c(i^Cifk26gvk(w7w+uKq0>m9h8eYfs@%^mF5FxCn)QO=V
zspQCRvm`SZdsIIUNc)z5GW?Zszr|}d1XGb^BBO0lSPoC;b0BoNPd+n-ocr+Jza*2#
z^DR^ebF)Rt>Y%Yta>G65*ZBCYt*u{P4o+lbefjxxLzyRATYIOSU?AC`w`{s;Uy%<F
zTlX%RYC7F7KM!WU?2O>TIl_Sp<@H7Lv7LFn`e-UBFo3qUxJO1ut7{v%TyOBi!jzPh
z9yfa7a^%%jRIY&@C3eov*N1bJBym~W=xBBI^>P_yzJoc{)%ND*6bVNXVrsWnDYavn
zJm7v$Pe_n?<`xzwd{w&xn@7!#yKupR8XEHwab&V7j65HB!9W+6m(nBBVv$%b>s`G+
z%QH9}AGU`WaM`SKR{)4!LNz!9`12X;`;Ls3x0mSr{9*=|CoeB==1}>;Tqi;OV0ZWN
zPE=ZKw9@N{Y^*Y?D+I)S23O-p(v@HJhpRvPhE{%b*k*w#AN*)*<F>dr%Tn0h-j2Ye
zLx&XsA|FfDN`$5NYn}E=8X6oRZjbn8_e)if+tc0ouj<Z--mOu5F0i$MI5NY&FZOnJ
z?9K;Hfj;0M;Bx!%0ZX+yH8S+%6v3~B1^FSa*I5phYa2~X98i2xl3u%m^&b5xm0HEl
z?k)osytVZ)V7QQwkOQu<<%=5NeifM&;v^o|2Q0e1f1;PpprHvhld+VP`1tAJD1IN^
zj<`6(EMD5hHw}i-&s(Ij$t|znPrM&p<x<(vK{v;%GRX9%qX8I8!Rk)}@shICH4V(s
za4?DPu_~yj-0M3d!v(%zpa`_;m1pPILo=#@I9NP|6JkMK1?8_p8*`EG$1?|vK(EGh
zn~vk#sLAo+EA$q&+@$F2sgf6~FB3j?x+N#0%gNH;a$@{*Vg#6a-+BosPdD2>71^8w
zCQI)WrcJjmHl7X*4`12OVzjaQn!CG0Bqk<~Bvsed4G&S><yt(mS+{v}QCtwi%(b_*
zKRvT~y(n=5n>MyXHLWul*X?rW*=%fMgGfn<>32wE?{L8Fd=S61WIC3~H{=sbg9Zz>
zHeYM1ycT9K`E%>KG~mE>GhcckRh)4U0-wFfVVlvlQ2-{4EtgIw(WgS#>{nR)Ry>E}
zj>1F*t99h|*47t14)W!aBsx8x{L=E-%GF<6B~VCAE8a>Gt7x4HYD!R`9C@epCwC;I
z#;S38jEI>^-_8UoRkmgh0pzqsE7XWyAlPCVB{efQzP_=R*eo<mu48F-z0H&-&s`xU
zD;(c<GBn(ro^AzwJwMCIH&QrHi;R50h$XqdImT6CssH&53EJL9k7fTP<6Ivg_^dv!
zs#y*X51*c%o{yVdRMfxi5D^Z0eT`63YN<{=yWCpb>3lDvprD|q*O{H2Ex;@CC#$`h
zf`#RT2EDxCIypOkbbQ81W-^@xl0(%>O(}Fyz8p#$^pNgvHX|hdlpsRrWcC~%ZJ@y>
zhC@Y#v4;Af;bekX#?lg0R9dvhZM#xVqs2Lvc6&FBEm3W|gaY$+-0W=>q!VNt4H{;<
zvZbX=xJ9U%w=hGrh;52dHO?zVoIDyh#pgt~o>in#sf5g%@3W&jy_ZRJy3B0U(y@;_
zT0MOqnF$IQfg_BWQC!aVtdk>fWJKonconGn^Ix@p{P^+yp2oUEdQ<G$I~It~jf9Pu
zd`Zr4-e26;hxHQe(;>g<_;f`o;7OoVIJI~EBPKN!{1FKY8ylyd^<ZVW*>cWC43Xd)
zB%Xw&rNzaTj$5!OF_0h>e~<#%t?`cozM|dp_F$oWs7!-Nty0%>>kP$W1_<FFZuX}Z
ze%+bNe#r-m)tAgNJMM$}27BjKd@3J%bK;o6i;w;uWuYWNweJglinNK7(^a3(>f-#o
zdy}WCFFVJ1+@m$#WGpobbnqlxZ~)SZB8}C!Er>sM<D07tGH}>5r+GBm<LY+wGttun
z0o=gY7?7F<2Uj8hOAHU6$ve_3h4tr5!9+!KqVFX1o%$9fDVeT9HOH*pYIVQ5vZ4zB
z2i?s+e6?Hg)9-mQDs>_tfWzebBQiSZYHvS%36*JJ5S=3x1VU~#2zE6i7eJm%qM2%_
zPO-b(*<>;;+V@drK=zsX5>8c`;GVz?t|YMT7*K|?YZAVo4x;bDE*Eic&L@hSPo$zW
z@bjnoQA%F221f3^DfU?5Ud+o=addx)Sxn)I5CxBhh6W^-kJVWi1L!Kcx)Z~+Knr{n
zyrR+xukXs6DRKfn9|IGcS+5jep7xTXV@D27@B+vyLhZb&ewxmYs*`fR++xJ3c~;e_
zQ76n0D#du(Z==zsXQrqq+_m)7sRu_!+Fh;}eq<8@_8?(F2}2rZY-W}mr}Mg;Q)x?x
z3=Inh_YndJkb!`a+rDe-`SBJBcZWu!!((Qlc6T&5oqhIa&s$LD4tIHZxwEsg`2{ib
z+cy$N@E}IU_b&UB_Ys`yC(E8d<Q}-Z1O%_NdSBMhQ=tW~PgiXhu8OC=jhNAMoIm>z
z@B&d06AO!V6*n1I-_LKv8M>>2o}OGW;v_svM{zi}i(<YEXqc&W4CW3hx+_vTJUT+e
zLKg4~LzwPAts{Y$`SMbC<KrLP<!WfzPgtz4YCipE=`Sl;CnxyNMLrHc`ed7$5hiD5
za#kFgm)5(zJ|kVm1Qh{$cWDU{g22-MNEsdWIxp&daL8#*&4Rgk3L2K1$I&kYO3K2%
zFEqX{Z35Mmi5D&D{St;ZSAH#;E#m#Yi4uhq`%a`rzs6Cw%u;Y>U|PB`nN|7Zh;{`Q
z4hOTIu)JrF#3<#BElmxLjPCMqER2lIEKR2rfo!wMhsR~QXniEf-Vt|cZQgXRP*Fnz
z+i5L3YgLiQyZxu-_0{#$Qz9fjyZFc5mw6!l$HKy)ASdr190cPR5ebe(6_b)ul9m1P
zqljS3%*MvX+PXYHf4bSx6de3HeoNUxAJ{+BGc)Mu=s+k7>aUq(1kqb8d&EaaM@GVf
z>TIl)6?6qYetP5A@XflQu)JKOc5+}qK}>A1tE+2b;sY6(Sc`tCY6XYydRN#xvBf%b
zAl#@my<Nffm3`cdW+>NcY^bU_!#-wmIU+dSpu5*;dHI%;lLG(^ATHOVlf}m9)2@3`
zYZ>5Zh{R=6RXCqQie`7@wCD-VY4^D1_CAo_tOs7RTCX(O96wyuIbr{KESd@u5{%u1
zi*j;4fR;Kk;$veUPEYW8JlGHS_g#+{3T#(-f9FR{HQ@&>&ZUdV$xf#$&$gWf`ugj!
zy!Utr59QcwsI~xZ0w6zT78WHXC8;SXEp2ee+q=6H`|wIiQ-G6v^L;3ZZe(PHf#MG$
zI8Jw9=x!Sq8=H=YU*+rL0HpiC24u56H?2(zMF4X75v?aBrIQA6)srPoe{s3adqxAE
z=cN|gj3k%v%0YzZB=gk>{W&e=bJZJ_AJ3DX=1X-oh>)gM=yX_=)eftZ86J%I+9h2s
zS!hK*k782NZ9aT7%_&(yJ(hYp9Ggr-3e_L9xNrv!Ukfmh095j<`s)O5o|kB}#RY>e
zXpPAOEo20d7b8IJVvL%QaJ;y7^JKYIGzyOfKWf8{z18(}aCjL0u0Q{rfR>kcw70iF
zDCDM|g@w!IXn4dsH6w$`s|Om0?vjU+PM2GeK<D-_s<W!zkJsDhZkVHb<kVgWAYk)0
zxHOFNr0+Y4nwt;I7u5nD0hCQhS6Nsnh0t$dxxmUrrd3nPYAu~lHZ?FX^!R8yK0R4h
zw)OMp&vKpG3V}scYCRE9Iy48XL(iU{-}lCk1-_Bk?N_J0+BPaCCOa!UkHrSKtap{#
z%~p43`rF3aH#f59=jU-`G8sIcJNXjtfGpACVEOCUaXH_DOim`p*(}@DL=sX`R$WU=
zLn=DDPOsqA3v{1Yy;lJItD3js;?km|L6eBx?32-MGn)7|@?zCspsTymV7&;ocAVB|
z_=?qNw7&s|nOjogwmX)g)o9a=iJu4gJR6BgryCUf*?E7m*R&2vBG$OT7#sWAz4Fcr
zNKPzSRIWER3_xzz2j~*9$$#O@dusWGfGP^5wjrx)YMvHtDL`c!?X1L`696a)1OWhi
zlj{4H<6(VgSfdJv3BQgTdb*s($+{h%@VZ^ZhpDKj&?E@8*EG;pC+N$?qG2+7OODq&
zqt+o%xwEV`<x$H=wk0vKQuDiP3ry$<Z8J_9)Ck?g<JZKqQQ_onq$Z!*tOhn5K-0Jh
z?X{=FE8Z?DDS6MeDFe{|agu0+&9XEQw$8jB;Z06V>_4R$4t*{nF<l2hHCCIY$vgcx
z03y797}e>pnn__YJ!gEWrlcH9rTe~a2P7bIB+X{)df3>}MS57ctQBO?23ycsm004}
zNA9EjD7*wiQb5?|Mnuw7A2V?KvIamkKpy5Z0nY*(CHm;N6M0q@I#;O&?w6Rj(;t)f
z1{|D$`a+~?^$!Rx5B?iUxPM+QFJ(#~=h?YH2iYBOq9P+V(Gb#qV6XvV?Gd>LB}K&_
zHc#untQyAlQ1ZM*WB3*2KCv+|8Q0DOkOF{h@(vtzV(91hoM@|(3=djWr5l_0NXc+D
zwn6MXBZH`M%JeaB2$)p4J;0Wl6N;2BMIksTII1(3D$8k^s<A*hT6FJWH3zLfA~y;@
zT%G>BRUp}nV0C+Wg2<vnhQ50pQiXl{bc%+VM<n0Tap~nH3gmCxK2KPn;o)K66S+M*
zR_=p}va0GAy!Bf1sh^u<Um&ayw#e;&MiZntJ&p!Iz;)VG5F`y<U*HJ(Y%Ku)TvWf6
z;Dh1dnBUq$lVJUb6ZQVxyTF`8y5Q%}e-wj5-cL6^H6<e+s-mbGOCotXHRlY3A}hK=
zS65DOJ||odB+Z+P&!-)0h93ZjIX-I+0W!@S)oaCAtU0F`yo5c`61k@3(Vm_<J(rRK
z`4yL_PF8Hn=;AlF87oeG1vwk2YtEFotqN3bz3t73Yh|+LuSS5r`)&hwPmyrBB)2>^
zPddK-3d_c($C`M+7Y3Vmb2Q&QJd6f<&*$Ut>|q5sp;P;S+{&|oYGu^TzUVY2R}9cw
zD}<-SkWNkxjtAR?qQb((t%awjH>(hEY3^@6N!=e*EC0!xpmR?1<@D5eblO8h`yuZ|
z+uGYN;4b)5c<}oapF54qDlD|rM7|o;L~hi^)+Cmv7iIN|9r7!;R1Yp#R<ocbGY6<@
z_sY>y^7W~W5zd1Q-uN8&D}&Y^$x-u^_e^i^6)69%EIp(Eb)X!R|GnOYnD_Tg{=|BH
zKvC<T(hu^(IZ({;ad|87iR|wZ+1V^)&MWtyN>t#F@3Q=V2?5li1Yg~;3IzGMu(3Iw
z(!l>>v6m!@926OecLV-+u?&a-ARt)d271*09%L^`2>ET?fU^9jsePv-grL+AaKs5Z
z023J+qB7w7r!4oX&z|@nMXYBxV5q-F{yk~F_oBsr)scQTjz{;oonOG*y!ki9Lp5{<
ze`vekzlnUZH;28_&qMyB1rX{tv%gn`0O|jxmVc1~AmINmx<;SRXpxeT2nU5EB_xIQ
z8bG)QD*$KQ=qTShS)1eTXoEG_byngJELN+#@BZMO?F#^$4+(+)6@YRZvzSb2Gv)rR
zQN55gxS*&cUbizs(j5m`7g-tWsLw5;T2l?)k5?@8%<;5LMxli{{yD(~5TN{T`LnY#
z?|HrQMHZX@*ZPj^i>0|mN=h0~8Wj@C({1<gcDBCU9oe*F|1A2Mnlz$&{Vf3!uRYP$
zBJO_cCoqXv-IWz-(#!i=Q!p^CceYDCmoWdV#2yu%=?)v7)b&R1rNlcj-jNY}UaO{z
z_Kffv$@8?0{QP_%<Nd|OUZ&T%GCZ74DG|Hn=MS!<qXR}LO>y-Ud`UA?HdCtF($vC;
z6&Z9FwAg4HjmL7Km8)#LZOr3wg>|$82^!1ddl%75GbzrRMpH?+3WSCrdBqJh4D|K;
ze=Op|)eLW_VsBsH>&v4VA7AJBCfT^zsgkNp3S)gk!_BI%>-E7r6VU|;dg_N>g8;$~
zv9!UVA<tWvoSPb_fmquz8ETBV*;&QP!-IolX_E+M#h7w+4F!qz#Dtjg;)<Vf{~>c}
zd$eLZCHWl?J?7--%gV||4Gjzq0w{W=PV0?Od;3XYL1}4eM6bcVxGG$1LIQf2FpUas
zlqk@cr#m-uu0>fxN=AlBfQg9#{C5wwQY(xa)Z8imHrS4ZNAj820x6TROd9;$!NEal
zDyqin>X?|AoWv&JX>Nvsz*ldw1Col|sr}VF86d9_%&97{$eY?TsPRc8$XYc}pltkM
z(<{=uOP5|*T&$p^0=I+_O7`xbO*gJq8m*X+kf77*;XGI2`;lsAG{tdy5M4+p5P(R4
zUbf2%$(k#jzOUJV0w6-vu#PEpN(hKxj7UWZw#SJ<mw(*_P-HARSlmC@r_rn4C}pdx
zs7Opo>bpex$3j9C2?``-WnB)IG*H<FJntC~tdvbmFd}+k;g=fBCUUE)>?{(#C90w)
z!GQ#G<UOd-Sww*<pVdYW3;@3?CUj)JJRsl}%{4d6(do3rC#0whlq)OCGus$0m20_j
zad8dYeFI8g#wI4bZg*cvBqT;q*4KduJht6xsY*diEy=_4a%TjnG_<+B<i=`Ipuwg{
ze``r?2@DKu4GA%N!i*A)Gm<X+sW>w|EewEzhqE;AqYLx$n0}1_7$qV|P&S?2>+Wkw
zDh_CT{|ZPShqF5U7S61cmBsfS$-rGsmgcRi7J-u^mRe2pv#8}<xs;?NAluD=ESbb4
zkb{ibVrTmPd+)|SkpE8ngusOc6m?mmyG?4<sX=zm$F(n6z5xM<W<{33>HM>|x45_z
z-0v!qFGjq_h`!h0{7hd+=kcnVzH#mH9#rLgh{2-50_q<dO5-tg@$hH~X%!<&lcgM_
z6zLVI)N9w>Yt3$HdFY?Wo6Z9VZ?HjtU*a`e%f2~YRAPy~IIpg+hXDP-7jx;v2zVXb
z&Nn`4Xry#Tzb`K-Sy-N*|M5dWS2vRonm0>NT^Z{=O2^e{!D0ghA{IReWX7CIvZJD=
zc1y^!Tvsm9>T(Q;@V+d!ELQI;pU)DzoZMJKsVWd-kdsq-c)G`tP@sl=lglCvQ#_up
zZ512K{8=6awkF&kc0@KGLq=@QoH~b02U<IK^L?&2J8p6QKqfnGR`>G!z&5q%#Q6;P
z2uVpvw~K!aYR{K~CaS72&)6hvq0an%P)-zeC~;zvAhg5dK*u{ioDlkbG?|8lg~e=%
zN@<0T&mn;ENF~vh&Xo<gB`c`vl6J>3*cftK{i464msII3Ra8_2mP=JjtM!vV9SbWZ
zCud7dY^(m}Pt!36Pj;@c6fQPu>U7z{OSiTVBmy8GbKV>G7uCYXz*%UtUA=2^b4Ebm
z%{pcBsB?NO`}2_4N=Zs(Zu6FwmtWi6{%Ui-{4NlP<C_nFhu;bdk+3&lK;V$@U*Ag=
z<mPr6R0|4rw>a$+QSezWIBDVHW=-(Q%4T#63h{)%17X&K<pkgqXJ%&HxmN;1kj8{F
z3V2Vy$-FR`Jh{ItacF5Re$dqg$*Zb1xSi{P&KkC?=PGo>?(dja_t|V$jPx6v|M8K}
zA$z!fwM_Rk^En53%7}<x(w^8P5+}{-;4tY##KiR2eP2#HlK_;JR=39JVvAyuBNOnc
zDk|um6o?22VNnrzg35qxrSf_&q%bJ}<(690k<`vlKgu*}!PXwG4}sX~aJpDYz=t<$
zjL-L_t7^Tw7DzD??;#*<UX6}+WX=KDa%N~^0-w{xj8Ry`e6_>-`>dZem=+W~7JuQ?
zM+HhTvA#tKR~$6pqRiFBMR-_P3a7KCiHV7h4nB+4_|ovv{!}4Q3WR}yVP$2V4xyo>
z^td_FXtY@-A|?U~6F5%6^5jNTHGK2?EG)opt;4!K5dBO1J-+Uh%(_Oh&VtVmMR5Sq
z5*~hW@3>1s1s$*lMEz?w$G0bi89c5p<39oep%Atlnq%KgDo{cOqTry`*ys7Cv64<x
z5@aa=RnOVkSs<xIde58Auqjuv)nspYd$R0$u~nSUH4q5Z`h0xL1{%&_JAG<)1Y9hM
zglJF*0guC$iU62OM^Vw<(tIr@t#;^_FJHpKBz(Wp($Qtb#uD*h!Gb2IrZzV>i_Jfy
zVXDmy4@=+C)6MkNvD!R8%{y{t0MJNAYN{k~1D$DXU=-4CdK%4Q_5-L#w{s=WRE{%4
zw%|uD1}soc&p-qLmkuuUS?2bcarD0TO=14Cd-$R=xWZg!of?RidxAPVSU$MdWT?Ya
zsf|ZQ?bk3mVbs2ub_IP7{PqR!L!H*d$I8d+g5_qRs{;uog>Pxe<7ySz-jv*zHq_`K
zt9hKW$Gr*GhK7ZO1q9f7+trt!BU(y@(%2jO_UDSsfj|6^Y71MNn+N*)Bk@?mJzAXx
zP~XKh0HqFaKPaU4PA5wmjL5~QeVdoR%i+Mpj~D9U5D*|htZCM^w!W_~&*oF##4;nL
zrNyBU;0hJ<LxO`(=GzN}`Vf^zfFqA{ffI><_h>vPFyFn_WVFp;I~;(2MMQdoBa)`4
zr$PLxs)-~Lu_U;{#dlsW8C<U7u}%&Su|X+lTj&6q0{T8s>}X)nW!nkh=opC@Kq2)T
zZ&y*wH31DP>ns2`fqD$8N%mX!bkqQ>s>AJmV=#d#HUuWtz}`ooBRIIAw${;GKW1-#
zDqWT}<Lv04+g9Up2HUU;H^)8SMhu{!`UgI9IGT@T#X%v4f)Ubx{nZ@D?kT%eO^l5#
z5Q#6v<sf`?avr9ybbI<viL|@MI6sBMeHZbGBk-Foe<Z=`lIrQEE?_A`i8PKUD?H?T
zK<!31&;f9atIMq#)U$vmm_`N8h)>gE#qbDGq;i>p?O!58Ln9&(0MN<f@#(&HR<yi$
z4hIMLP0BGuBqT2P1EcBrA|?e>uayEjMpm241C<{O&WEz;&<w1si3te>iA-3L{@_rM
zPy|U&z+I%=Z{I`}32A7KulALST~BqtG;eHdw3tl@N~EPwV?_7GWuB{PX+3J07K*@m
z?~Y__?tP;3!bB&54)8eM+X4!^!ZdX?HKW6WZ~e-KrKt`dmej+-!hqWcAxLpGN&}l<
zYmKWui`9mGqxg&6U4q3~YnwlS!U#||mDFUh+>z$Y;PrV5vgP)ioSambhP>`pRi?LI
zbXk}#o<6JAn~uO7(~uSg9%JKeMn1kYS$viF1o*4#Z?Y+h3JMcjq$CobKL<6nT+L3)
zt8G-#&`^JqOS^fPp#sq}nAcj)jV4+w#t?^GUpx6)y{2<f9j#Vs$|aTd6xTJBXjZpX
zv^_o7x4Y8mN!9uk8Ga(n>Mb*3pfXlZNX5}kT4}r74a%y8gYsNi?|yS|9R$PD9Wux4
z^UUzzv4qdXYZ<gwmQs&+)An<y)n#2KU41GWo93_|#owj$L6;MoqN<_9g7@p{2F-;0
zu40I&Y{TUES1u!QXQ#Te-DXG`=@OUY4c};s+mmOfdI|~(*)NFUuon*=E&KcXt4&jR
zVqcOQtV@dsS37jL{P{tDr$#0!ssWvR)f0N$F4X4c5-rVfA&6no?>}U6gMru`Q_pTl
z@$n_Fv9Y#=G&N(R3ErJf5_&6}Q{34S@q~O$Ox*faoxh9BNc!2#=iTS4w297F8)NHs
zZ_l+<7Rx(l=T7JS4VIoE&pmmIY~;WnzuG;c<Ki|Wv3+aitpI=?Tk2!X?Zx&J#HFF3
z;YWr1++3nBs39IQc@r-$i<JW|0N6F)BnU(v5`Hson95QlagT~hN-bPmN))*}qiJ(F
z-mTt`Hx9q>Kt&r4z-5*EK1H1tHw7J?XT>XHP*qJGkSZavSV<D1$%E(N;o}#|lp{52
zXla>p4<m;O1Mqyg7A`oyxw*N9Msb*gRtW-8OeiG<GHj8)MjV-3jPM~SyR2+@(X#(b
z1{ZMoMT$nF+RI&1(qTBEG*(}GmHgm{!`s{YeRR_E)<BLBR0bYCA_4El`u_a@0&tg)
zd&IrPWw|BmY~gE6%)sbCCYx<Xaf*h$!bDdv-0n!4=Ni9!paF@5Y%)DBGl|hgk3<I?
zCXgDKnDPN8ub`;<g5HUu*~ki@oUz*M2xZy|w_|+H??|gmMhz&a-bE8cG};tLM51Yb
zQ5c^k1@Vid$gBDQw`wd<cj@{gdgax{A)(+t!x!^<%67;Rh+bOn%|_W+Jtdf*#3#U@
z8*eyDBI1rNwWnpp5wkMnNO(Jk#>I*F3>kG)V`s^&`t2MIoAH*e-kJ^6Y%~5Z=HBwJ
z%BWi#U34RoN-N#cozmSMf|NAUjUXZ29Rkwb-Q5k+Ee+BQXS$!g-?QKI7aV?kq1Ia5
zYtAvpxa!WxkQK<JAD~i5$8Bg<8&4m;H)}nj;v5;piM(s2JnQq}$X)3{+5)&VA-8)?
zQ&V48*QQPpEog=K+@{vNy~!jZfRy!1;i=Al4%p}Jm{=qM5_oj-T$^A?3X0%RGFdsP
zER0_-I-{RF)zjJVxp>>lD{5bpQ+gZ42I9CJ%+OHpkwRL$uMQ4oi@|6aNz9MwbWMoE
zF~#}8?qK;&S~hGq>fMxEAvrcSz%S#%l%OH{I0~4#MTLb(=mL3VdGfR3F~5XJ3jk+R
zP!b#&Nx<pNrxrG7ENx-Vk{eeNR$?qo6xlyLKb@}+W-k(M_oJ@6i(cE10FjNBy9<D1
z<|6Q~G&=P6&c?f2uZ-OT-u_C7_M7iLJ?Jq)LXH5y4#)~x8XC2E)%@Jt{lh~Qv^J;1
zgjWCV=8s)bk6!wu7$1_+JgP_qeI|Z>Q^}Km+KQ~4i2>}OsJOU(vv+#;M$OEZnYvP>
zc$AUOPQ$p!@guEjO4&EImX^h~pC%py6B+d^ET^t_TR4o3jX@2LZYeD+OcwOf-!gi*
zIpuY}G@n^;c)GvJNdWYKSJ(F+?VIzR{s^y-&o2b)uICsgo1B~;u7|_ls=So`U9xqw
zwGH&=2kON|EUImYkXC@AnimPV(TA*$LHEPe27-OlglFGi{1n6sIc%e!4kCYMixd=i
ztH%||;5C&IGtkRc7!N*>+ibiRVQ0^FvF+pJ*t%F)nm#_>Un~D8ATAMPY9a>XE1&*p
z;*<D`cbHO+MOxaM6XHxR9z4cJCUL#jJ+GRPtE#Hh%XCdFEUu5$0N@%dn!P`5R!~r|
z{=)H}A@`mzmjVL8$0u1PDku_>LV^grKy61H*D(8F94|&InFWu?8l4K9Q5~wPKa<vp
zVf-CzQN8Mh1#`eyCa((%%lXJYAU_Pe@7W}DB+M>P+xvT|K$rc;N;S^dAI#z4z3L1i
z%OD4W#iz$d)A1CF){49)@3M)D-Eq8^D-BmsS948sO;^qB!GXQKJ-|BvDvd%WA>!=?
zf|{)QwHHRwAa#6_XC{_3I9P<wp4R<<qS$t|$^?wc`EscO4u9x*(iw?z-5;(?L5aK4
zR{3}_y2LqSxv#o+jehNNG9!pEG1ayCH|yi^+D=DPY~1!=M(JK-7SQ5mDfZlch)Rl&
z-(T)_yAOM-k}sc=V71b;Gq6E6IXQ_x)!!0e%k(4s`57GY6ImZ;Vn8#q(H-=bpk7^l
z^Y_A{Zi{QQwvFZV{$-&G0PG8q{Aa%R{H^$)k+{mUSUNMSig0;)vpu-g*9^wG#%#aG
zVn1lmw`!;0H}Ncf?t6T`KGu=?mapKz$IlObyH@ARXp%r{Q&Wnz_x8X>o0o1T|1i-+
zdnRU3tJ?)7Aoh!OKKQg{ltrWz4Xq2qWD5FBZtrfY+sDVHydkc2n>Kx=pdb}o#2hVo
zIiD>S7zi&-=zL?N2cU5BVpqOZu;4EpomAE05MJRYr9P-u6*V=vgMtazmW2>x)4V*Y
z2ohV@`yajCL9ZT4tFa>IdunPyw^mbKXG%w#lvJbD>K;$N+GM{4Z%IeDAEQF4aD9#s
z4FP|4I#-JVvHKlDPx*O2h63$ixjAty3q}t!JG)|`r%Q|_UmiImREk#e*L^hUYhmA7
z_R_ys4>Di+(c1#taDw#qKaDqg-gzBu#bULk5rQ6aPMS$;PiHC1E8Y=C^u6XEjrlrj
z9G%Lkf#Aa}6*7L-Xp6{tJhJzX{!*H+H=q?1D4pI)ac;R*bj$_j_Y}@d{<%I@@jA^w
zgv7*%(wmwXZai2-BA~F%Q1~+&t~Bu=cw`hIYZyfGx+$Y2F7?!y?JxKc@v16eoskR9
z2ubZHBqgc#_97)R7P7K!7ZrZhbHA9H5<ShaGW3%tD#pfHo&RK{e8rtudZTE%))scW
zbl84|j54UjYFSEO9LE)Jy`+BkFwd09+U)$?vdHTqs=717*ZKFuw_=&v2o4RsaNeIj
zSFuziPi-&1U)#!3e-|{HshirQrL$jIDaz!>lF?(|esrr97uQ8^o?4B-!@ci(?Rl@t
zXQdgQK&c@YztnDUwbGnTd8i<bSxD{B-7WB&gPv{XcSEfvJu%NrYOgUYyp83vg*#Yw
zX(gzM!|5DOMG1L<LCvX-)-t$E*Ozt(5C%Ck+}P-ZgzL(4W@ctEo|p6()>~UvS?l;Z
zQjC`T2cX&$loG>%{H(cr!i@PorL3q12hnVZ0>fK+^E4PsIBhArx_UV{GQAVlG#+tU
z1V-2l9~-QfphdbxA~U(X*E^oa<mGQp*AO7Mp*!pAw=Ac*s^qebpfCv|7B)5U&=m`i
zP2HYh0c@?SyQ`pHdPq8^&=Y($L`$pcUii7+57Z5K)Hf4360hiF=qOA~a6>7OAX3=`
zz<6T+Q<~hJ<lhJpV}%H@x3{;PE2*pbu+}ozZcCyOL%#2L{{X9O6iqG`mzQTMC+Br5
zONt>$TT@q;C%_Bg;^G2WEbwBStUS$H^YT92N90VBvp)aw*M->ajuC0#C9)UK%cig;
zYggH>trGD%>qa!n=6-+iHa0QwXm04~)6ZW8ZMs&H&i8<TH3gaK>S_}9ucG$$%#fa5
zs^1F>qsgrGH6<-IC21)p*9TX{S>1tpt<L-$jBVN3Mn@z*Y>g-anQP?+f>c!bbQ<ME
ze2%vOAdC4X4`y2av~&{_lk)yPv2^~#I7g4=hDznvWr-QY#Cpw6yjV_i!^0?$XE62-
zM0e}d!!I|uO?&K36sqL0t?I1~CxR=H%=N`+YX_ipKmoocYYPfnynMbviz^MIz_(FT
z4>z>v<sI~^>yXGu-q)D!yfji;V!gAo@jN?{F_)Kif*#jLlrM6X_GfhJB^4DlR*J`u
zZWmM2Qvml+Q#9wgvDgX08BSzKZU5vwmA=i8S`So`c0+N4nS2%irk02xg!7#b5X&{$
z8P+H<S0okCpQ*RSg0a58`W)OFl|%{)K|xu(M<elSGnS9gT>JTK^s<}Tq(*nBUKZDw
zna5>BK0TeI&9gYwQn{71v2hyv7)AbF0?|vH73$M5kCvq+KE!He=oJbUAs=;Obe8LO
zuxGO~+Yb0~5Sp2QC-vA6W;-uu4-HLrRyV$PAJ~H`c{7h!c!!-Zy$-uOdJiA8zj(Pn
z6NSSEln?fXYPp=!5c1HwoTS;UEH?e&Y;@A8tO=8Q;^JlH3;K|nVu2b<Ij61`y|HmV
znYi;7)u_M)Z5F4nFni6XJegf5?^m3|VVz$S5A$buI_^7%{6A=fJ(98|FFb}USxte<
zjWXBZc>_?iWD;leTBu=teddP8GDfSab5z0|?F}Iv#q-+}hGE6?*hX8}w6p`2K5Xf{
zN1+k7eP~Yj_@cTkUA;2rYHG%r0<(O?Qbd+6^#@6BHrii?C{~mRIWxEoMMk5^uJT2c
zUN5u~DA0r9Gp3!G&elleaKWF7yA5+;!AK$UAimf*5dDF4`(R@~IpY}u5fKrQ86E=1
z=<{H)6gg%%A+s(iHX%Q5i)XL&{^DZ-1Ft*%8_4-NiuCZ%Kd*%G-S_XXuUzVZSUGpK
zwb^NSj=fkzhGl`h`ahgg)(b5HLQMC!P`uT(HVSeKUB=5JDd>(^Dp6(3v)jsoU#gCW
zb(-!*pN5SjyJP`wwtuoA+`3X_a*?#=lgVpqBPS=PI+MINoJc`{jf-11Wg`~wh5Rfh
z6pxYquU=Hfv+t<sw0TX(F>l~25{^&nLU3?!$LfnQp4(uk-Z3!&P?D;q@pFqCAF;wm
zm00nd-u_-9e%$41GX=<}!GRVUMsF7a*)|5ZrJs`klA8K4E+cdB+3OWCUlNCt1%Nr2
z^h4&RrdVvOMQc^6va<cM$yq4MNtuX%X(73!bm{mvu_g)J-kQ%!Q|(GKuL?t>$4yyy
zcsRK<#og_cQqjzes!M(6%X70%3?c1%KF{tzG*DRs1I1tbv1AMs1dqM(uNHx2sJA!3
zz4gn*AAbb@lePA>d<7C92FDNY16>K(Fyzzq5qHeI%**w~rClOnAv_-+pXpc{90Y(e
z4~OOL2~0ZT3~RLxRQ`i}j(ZjVq&ENnTAym32R&6-m^O@%&B=6nv$NED7w|+tvhz<^
zH(}Tf=~!OQ2AoCbhwP&xDn>@eRsGd!(@~o@xkKX!5TM!~bqr`sP9{H_tLqSwK?(f_
z41vjjk?{neEjQCsK=T9jX*{D9v@RPPhCYwX*I-zvtgHm!+pj#Lg~dgVg6TD%&#tbT
zB1T4A%=Q3p13eK;y={Jm4HyFpOR_h?Ys?l4P08#5c#g5L36zkqaMmC?6D{`PKIdyc
zo7s?0l|L(jVIgpE*?P^C@9BDbx7)lPJ#KoSmW-i(Hl-|AWVCzxk5p{PLXtQmozDF1
zmN>i>qn3Bm^vJ|N;N8#ZH&GKF^+9|II7Q2mdve5CpnQ>)pgM9SveAk5^_r)kIyx|#
zTx_$|uCFiWO22GuKnn`Kg&@Adv#`WkY32-5HZcu}j|+aMFUv!OirU#1_?)aEyncOe
z!^V;w{<d3I_EGeWygWJt5rT+}X>1&Pl25~-C99MA8&}id;+m*RJwc6|+Xxi41!}`o
zjvD)|B*-UA84{kj<OE7(rFQ}kDY-v-6?H`|4lyh&dY+%I`i-W@)hD1j!$p-|o>95E
zKd~U;qhaG96<Q`xIE@aux~tC5iTJbb$wayap<nLM9dxI^%R28XZH$iYV*Z@O%-r=I
zcG5p6BrlH*Qc>|KJ}%1JySDvhj2!Vd@jzlcnaIbT!oAgNqRSHcv&C8`iO3<TrxQ{H
z^a5hmKyFLi;xh`Nr%GXQ^@Mxn`?O+k0+_r!!^jcIanq_~`T6->YUui((`nGVIJg*8
z8Ph;O517vGaSaZse1*)($N#3xp9!W;u#~5>JBC8G?bdAt&-~!naAmB_6iiKCSDQ`u
zMNk030^)j&dh6NX7CSKm%|qnqDEWEobgJT>K!%m|Vtd<oa0*NfwwE^wQu2eqIP%;j
z=5TTI!-|C8U6j9Cfyb*MENmoobMxxu@nb8n4IR$cuQk<LLUoL-GSaaY3y}AH;^N@}
z3~D^`y)mD=<KOixAo|(rSJ>O%m$G?SuyQ_2y{DeV7=OoUyG%IIzILEi3^*PjI%)BK
z(w5N3|DM8(G?A~cw!Z#Zr_M@%n2^uxy2O5~-+HyGcX6?)D5N;6PznQ9n2h{$Awbd&
zEDp)T-}M@AQL8;TAA|1!sqb8w&OAUWfW&!FT}4GhMa7aZ7c=w_Yp|V`+RlZb#aibl
zxoCV+63~{%3BEjDJhwhjk&%&gbpt%3M8EdnY^&tdu_&5+(1<;nRuia$wX_;rN{*^+
zQm?M0V(6KeK+?>(ek*x-c$oG-Q9ln>nL+!Xsigq0#C^lV(S$K*25Dkkvm?jN2LoMB
zR{_}x$PG^e@JCY~uaN_YPl$m6jKg+8gbklklHqk|D$1Jk@toXw3i4~v#y|-jT^)*x
zmoluO#l$2ga&mI!FD55NeKIv&HCFsFXe1^s3SK2Gz-4Gty<r9i2Z1qmy+b&LVx`Fm
zOc)`dp$~nZX>mFE<zq;F<!#-yPm7_I<?H@^DkKu%(gwHDE94eROJk~O#KIu7L?SFK
zPASI-y3og0v22`l^5N<V`cblpPPFoVRCw_}lOvO08BfOvBi4(JnbNKO7{o#`-PY9&
ztFJ%O_haOtfyJC{Z#CTIq(qVYerR=iIzK+%OFc<YP@!d_o`Y0KU8Q;-qEfDpTF9CS
z4+#h`g4{Oo`6<uSJNdCMxNfo%l$R?+k+UV~-r-2JT-cs|{05HMhwIB3?AMTGN$lj5
zsR9fflfR$(4mFIO>)t>xu>zhRn13PsM8h8m4)qeORV0U2h_uk*z2Dvb@iJ2U<#KPW
zy&yAp7zNgkfYSyw?*182d&3@gRiNZ1tKAyB{V#ClGLzW|wp3^SM)2)hSjb57$9o2>
za$PCQwFm(RO6zSz7CVn8wEQ1PgG$gOBq_xxr5Xw;jc;4cUTLeT4Re+}&-FSCL@AL;
z(Cb%;vivACX!j0heFp1Mx82zq)MiMB5pzJ-y$+EZTmZ0)fRTADiP=A8rp|pdMV^Q^
zj6kr=T1Q2n{d6$4e<uCqmsG6TNYeA=ehb)v1Ox;yA3qiac4fbpij&rms3&b-Uy)0B
z?hXsPy}boOw^ga8*yKBEUaIEL{qn$~)q--Xr5DoXx&3zooE4~N=P}#giV6w<=~HM2
z)JMHan{h1+(ccq%efyMX_4xU-6mRdZEUm4rA%Cy*G=1hBsTMjXH@sXGXr(EVpX!~D
z7qzO*fW=2wxum3~rap8S2tsXEn#6k50iR^E+VBMcnWm=C{PMMC<C*(=dy3`d`mIe2
zpDeYt!PUV5?6K^u6-!;M%W1~?=l-hdYG5D!)t^Gn9~K;ftF*J$#vmmxFW_|_=U8j9
zb7jvAbgXV}Zi7WbAtCT;U(5?+PASO9a;mC~u2R_L>V$QgaUgs^q?>H^jYfw5=(O9p
zZFJb9FsqDGYk2EyF)2yWtRc^I`bT$B!!mHYAj0}Rw(t!`@qEdppa|!cP*Vfq*=>Tz
zLUlTAVQ(ynUjPIvgwji=6rt7D?#VTWgZ!>e_1TY6jFD>HW<Y{)aGbJQ%+5v+4H<mU
za6Qt@3-WMsYot$=OXH)_tgbVh=$ws@jwx#RqN4Z8EF&DvYt{ltv{Mk5PzlC<H&il`
zeIz50()%AR06o*Io0A^}S^8*^Rp|DoZJXCZ&)b9S$RRyl0VPtgnweJb5@pI>f_ygo
zNCh)tfzM@T{-tF1QZ8M4sTwaG-(iN_2~C7YR1yvY>ZgHEV7rgrU*^sUL%@V7X(oM|
zG+;6KIvS!yuc$%>S>IRrceeaM%8tQ|5%)i^_<E!{*KefbadYk;iBwhH3k~IY6l47-
zI5kym=TBQ|tzLJQpQY6`0+oLXzLJs@w2&0i0;y|$nYiMxU|oW?*g`|JK`#YTwxQ_h
zXMtS{K*c>|A4)cP0$yB_JcavW99-^}(3~HTpDit6?kn50ply6yL;bIT^?ufAPv{(u
z<f-{8(<jE~dBM)wl=4i+Y_Uwwh|@(`80z3){n@K)Ho$okmifyRLjC*CeNmtLg7Mq)
zN_4OGzaL(?L;`KxS4YP*7L)VIoc`d*{Q49@pVa~-0V@sy2r$Z!_cx}c5lY3dnvLp$
z1q$%%Z_+t!R>|e%r-dr{z&YOX`5~g?cnPXwrTZf(#&?PDhvtWp=cfPzQ&U%!w1K!^
z9yJ=>u?)%sGXjVf@VGfagBWII;W6qb@q3INEmVVnwqSt}_)7^mY^;6*$^g&|$~PP_
zNhtpoIS#p$a!jZ+IX3ez;wdu|6JTg216#-*jI0t868k!ogSsMsf>cXQ^Xv!gz<w!w
zb0eCwgXKgWz^<eO;Va>Q6TVNsz0G)E8PWhi{tl=oAYQF<S@Q-xo*(Iqs^EP?F%W8$
z0=x$ll_vyL;MxSds)J+2i{?gT`a2->lm}4RbE~R*R#B05tPV}p!c1#+le?E)QA>+R
zlWz>>Zh3F${$(DO+uOIbbJO#JF4tC|zizKdR8>`#l^e|-6PIEF3iO}QIwUBxK=6^q
z>$5S{8wz|9b@lc0-gwBK2Bk%`khp{dX@S>LF}b-E;G)PmYg5#pvl1*fvhq`kH+)s=
z?&zPT6TwGI<KcV_lg;Yu9<`iO3&18M4x0j<I$d~3oEjpefw;KCR0b!{OZfEapm)MT
z4B+~2-cB~?ejSLSytXkE=Cu>Dd2(NvEk1xpFOZj4s;RMRh`c`DH#Mz^jfQ@!HNp9l
zo15M1=j=={4xI@uQ#7}oFTjNvggbhEl=M-3%2oAt%v54m$PBqTPOPrX8Xgi6g7~}$
zJW~k*gxD_*TS>dgh}A^kdiHlMo!1U+@((P_=f`SwiJ&BY3DZ8*xm}n2<Y{O;Ja}P9
zq70AAE;rBQczPlyM;`N=^?j|UGs}c_Q>T>-{;DU04_t(stNhV9AF+TWmwPjRd|-Zd
z_9oT%QA2AVq5bn}%e$qTEGXZi0|X^1i0ehduLK{fQb!&i1cduJhN|mpwPN+TQvHj4
z4E+lYl?wyW%!^(S5Fm>IDAH64hin?4xgeMFw!(Q1g8wh3`sqMZ_FluP)-Xp?21Pug
z=tZzS43&!~M!VD(AL#<ei35w$!{^YI{`R(ddHHOsUrkk&O$jcu{nPW~h(sj$5AR=@
zJyh7pU)UDEBVjS=H{Cwov07{Zzz4wQK(@`|bsq+BUtph89BvH)+6J^Gd<@dJ2bj3H
z2YY+ejRAWr&Gj)cQ!%}v1iNy()HG^wiNk|~ZXRxt*KaAl2z~DC>@WE7W$JTbQNyW9
zDNuURx*%O?-@o$$(~{36b&hZV*rJYK59r<Ku#qWJ2L=Wd8KPrji*E<$8(+zz;2wGa
z$A0?@YqG3`(MqkQ1`sPGmTOKHsnPk7{&T8)IV$9k#2kd_0F9e4K>JCU{kk_G9kKn9
z?b%SE^HGqKo1C8JWMhkYtjM*E$OR+Q5Ahs5FBf%4M>xR`v`xhra&@^BF8fW;8d7MD
z3mDAXtbBFIWZ6UAcUI2f0DU71D{C&v9hH~P;re=o@%|Kt^&+r0)ScO}A|N232RWQ|
z!41ZM!J9Er#zaR&UETX4PqPZpFfJ;m(j@4RD1rA=dGaQ?zk=lnU)C$l<KwrB)SOO;
zWv!3@oXm0)8qHcP$fX_>D6yiW14o4Gxu&tXWbEVKzK?KH2<fMh(~)4ijeV6aVgF=l
zX_A%ZK={`Udg`FmJ`K#Y8+Ip6PIiUjeeVurNqNOJFwk+iU-HdAsopje;){>0s{8o-
zAnfjJC>v%sraNcbK3Rw=r$Fq(qiqnybgidIfI(WEE9TjoJigoANh&NE?5V}gyA{3Z
z2Ujv4nR&D_tRRUon$`>Ld+7*Jv%7J@Dlo_#EK%qjRC>|lN@kL37=8DLXAO+}^p#7L
zm83eE%*ICkaN?W%ljKl;fBTDt`%{Rl3>G&JnCyDvqvI(OytjcWQN#;Id#R4i;&^A6
zWMrttPXG7P&Qqer>8c}<p3$j3x6eycLxY0P1G^7<ZO5r8?r>-4JAMYedzp@jiQqwF
zj_Q!6ukF)oZ~mJjAz4QeH8`6t#A@+Gdbq(VH~9F4=2spj7UhJrOvh5{V-rv6myL&J
z6^>M|Gvyk;77;LXC*0iuJ}bYVAb5BOm|IVl8@pG>7;m&r?ojY37XCqd!^6YHpr#cS
z>9@P*W*5=Y(eZje-U7q6@&%db`^gvz885t%#Kc5FU>W*;wl!D&LdD9e!ee$fjK{=b
zyZR5|_a07=;XJ(k5ryz-ieY4Q9{dUi2k_8DErQd5B}o?YSEugi<#+RN19cN4WZleT
zFjpsvB}!2U7Ul@{2v<x@wAV&S)vB_Y80U4bItGqa1r~;?vXGci(?ZHk_j=V7X<zZ~
zOX{oPk)!lvUbCR|>YG(51%>(#oNMhqYrt9yVB7{>MhLKw@p<0b^#pGK9D~)g0R|Ev
z@){8~H#avRAOKLoRfJlT>I2E(3s~VeYz;o*;om)60M<~EH8KJilwV<Cp?P{t45m_y
zjIuJ&AqJ0#V&mam9E#*m(-FsBe+Dv#oSd9Y0WWtzi^vmMmjUN*#-)lH0HZ&`bRQiZ
z0o4#pM}Hi4ePP)q(Med?qApScCNVKF)<wqf4*r`rf$iwyBO|cBz;SB5u(=YPo(%lJ
z;^KV+(PY5(0*<z3K=GApZBbyW`&<ArRp9GP0UXL7gEmJR4vs&7-2uKtT!YRfkLqkc
zPft%>xztoapKsyea%%#u{0R&wAV%nNZ!+Lww^hBo%;6t&x={I90s-M+IFYdxoUp)G
z3^;BI66J+_TLTA&i%x%d1UNV`QBhs+3|w5AkFAb8E4w{E{=L4nwo+*UN$0x|92DFU
z!L8HGC=3#8Y!Ia*YPS0$FpvTA6IkHEMdful0a87HfDI=wj*dLiy4w~fFchjD03)+N
z-mhQeR2sAka|s-_#17}%F^vw=wyWEMZtuCA!{!@Rl(gO+{no#s7Q~|b5Ef>B@h2fh
zs#q*klhrhim~S9F47<gh;;-N+3bMs-y&G7wJ`e`eQQT7bxoE$+*6h{Il$gG5+TYJ1
ze><RToH-0_l)Oy6dL;XbHT>|HVB<4xDKW8o1U-`o-qJ`u$-*LBd_28iVE6+0^hwA%
zPj00lT1Qdn@10#=CZ1#MCI%`hFlIqB;thytl+8S8IXKYO*5xhmPN1M5eSMFA-Vw5C
z^qxZORzTeDlvt2W6@!SOWalD1g*Ge#x6Pe`%O`@<NOZ6yIoEQo%Kh>ujBf^Gytuzk
z{VhaMQHWkoIVD3r*vqtVa?-E(+vB#ep(&-|Cm}Q+hJg`s$oc|nX9B}=%2XU0&z8Nt
zNTi8LbhMvDBrKUYwxy*C0-9-*@b7X#uiJ{4W|zCOv#yUp4XK>*rFz}(b>ha7yXhI<
zrKL%Cb;F&mBJGaRcs(Ya?rSxU&OkhxLQ$p{8f(Tn>nvW_*niCGTRuOW4t#wT3Ets<
zTpl&`-g+mD6C*y4qhu&<AX@0F|K{$;osOjmx!?1BO)^>zoRbaZFoIR12Eiq8YkhVW
z(wEYl@E+GE>A3t)U{SKJm;qTg*eRCg=Gsmbi%r%#xhJoj^_t}~*qB*aV@0y4>F8{K
zSAdCj#Vmq|Ra;E!hwLkmyYiNRAm8iG$i&3yX0<h)*E!-X{{fH;0=N)Xc*2|wM{PEO
zh<CNoV;m%YOl838qq*Py-58CE0$gBEU(cUEf53C1z(Rlh`CdwD(BtN#%h7M|%l4N9
z57(&D?**zLSi>q5mmv_9h{x+5l_g6&OA-92M6)eT93%vMArkQXzASok!XJoEwAp9`
z7a*dfti0If6=Z%0o?xNgrTkl)zP)`Vb-?ZspHfR}d`-<|$j<P*t6TKPd>~dpf&k&h
zSBKPtBfhLLcM^6B$JjJM2?UR?H*D;+_t(c@_i;}u8gvJ~@&R<c@ADHib_fujr_>(y
zoR;t<Feyj|pU%z7i;Gk8z5iO9n3%dWlfZxqiWPA0DLg#r0R7xVx{{ij*WbSzRVKrI
zVZ`y7ndR9<i`5e2+U`4qTy}PYo4wO{jrNVp^65P3?RHtMxw+<rEiElz0!mf;j2qZ%
zq}S~Id9AJ0n@WM0tD^naFHtqQQiW3irxU7p=~l<Pkokkz3%n79hw}g{a`sOh5EdjH
z$K$5{Dia$OJ%_Jf!G8kU0M-5D`+NAMI$M`a<{X{+6VTIO8L*j+>GGtv0dLm!HaRe#
zSAOm*yS;{pe(c5t`8GO01Y8tP7atd&o}QlQ=E~=OS-@wOpH=yJcZ>lbTML`5=4YEY
zbbNHyj$4#<xfI9i!mER^6uG(I6L6i@h3>O^>CfcV*h!eImc~vjG_c=vxY+$F|7%=W
zsB(R}#i&baTuEK3tt2+?SWHDkR8-6UG)f?RDlqGK6C33lPd6;!O%4m)H4yyglu7EE
zzof`SrYQP#X+dzo{)X52d7K=9+c5tSGRhCr(E`@xWR-lDK{6g6eWU9VWrk5`EiLKt
zRmZhh%p8e$suYD=>4tG?H4VC`9Yw;U{ro42d<D9~9XsWifX+@&h+<T^xz!syrqUdh
zHA+)hC}-zOoME~YXAAZmcv#7h3=irtOQ+=d0~QVf)!Bk{p2?Hd*s97bFBF)e$sEjL
z_4rb4t-J!s<c%@is<`+h#f)7dmN@&}h>qFXUnQuI<B}!UMvaX~I(5`>3GfaMi(h<@
zim%0HPxSrAZhK{7B+wl^uBmYmJLV$(>{7jRH~(2)-V?H8vXw6V^(*4Xj|XjDm^tma
zG$zK>E+>)<`nrob9+g56b@iIm`d^oqMcj|0t0f*cx6^s?_Yd=DnuFQ`a&p;V7!;l_
zE7#kq1p~x4p^1{@x<l1@9y}U48ag@}_L}N<|KVj{PW!?r`of-Y1m~0+_>Nj8-WYpS
zrijal?48clE7%Vw%%nH}*2FO}`DCd7yPnDG3^SpMMU2#U+j!%zAw_9;0hNOEr>Fn+
z4Jq=c8+m4fpl<X(`4i=x#@jDnnz5hM@1MP%^G20@*4v)k6*8oI`;h(plZS?|AwMUD
z6e1Vvh}bXa&df5}1Yr}YLgWA2G*kpzt%|rY>gg3t_Fm4BaeqG3##Fpp6b7=ri&a$>
zCzsmb@P`EloBHkBo}J+q)@MEg1Edb!{|xUUi0rU9#gKQZ3OV8lj<s~486e~f_F5Pk
z98xaROO%zwa6ZudRi-{sYN@1Iu-+v$*!l5|Cij0!`e#VF82`5=YgC?Dz)<IZY+c~8
zT|OB8U*;(9r2lP>Y9}%M-{z>(Ag%u&{OM%-FEgY66~vge7CIJf`qDS*z(vT1AV<N-
zC{K+I$S>u>9l7oAB8IxUgz?hsY-~OE!ah|%m~*hdKU?Jo@=)e5|FdoopJrn!``6aU
z*xA+i#NZ&t-n8uOICKdAN0#i<(EdRtJ{1KU`R|=z?%!~N&fXn7Ynkn7s!#Lfy{Xh<
zIImwD0uyv`@x$|zN7&c@5p^Rz-K9{<I9={3nVIbp^SdttT*K^W#~)#$NX<(lA@2K1
z^EdHgkI`Do&e7u_=aT28``!p*ehW*>hmCFofP?>k9|{y?c9#=f28L3>ji@A9I~N4x
z9or>!e`7N<Ag3qXBKSWq`GpBQ^K7$=Eh{T4Px`a}4mr7RDFZdNZwkJvTl_fN2j7kE
zckiH5ID`I-Zj7a$-}Og+e0g3!K_5-|mV)2n3I%NJ*yffRCjlDD&<?wPbsPi3-2>4O
z2$R0h#h(f%y4$;WJRM!#Eqx@|54ObAG{UJIQAwK2?Tgl8qC!h`q;x1UiO{KNnF8_S
zF3y3yp;<1r6I0N7dKk#yU)x(H+TIaX!CGGaS%VE(A9!6+2_+$6zJv>p=C`~Y6610N
z5fhu34aiqGERzz*WD*eie;4rt$%zIz3$Ay00=q^jG#%Z*kY5AW-fF9-sV83=FT(wO
zR2;076wU?I`iY+TJi37Q_nXr!EmjD`$0s<fMEA%K4uc4dNxvhJ>4P09#5b3MoTBsb
z?t`<HTV+fP`$>Ez2`rqjBb#m;Y9gcBNO=>3pRZERr!LrmA!t9}s;bijVnK8Q&aQj~
z3`}Tj<hc0GIGVp_WG!AOlam#04tEygncaQi7{uuK_yDI6h#d~_gT6h7>kBVV(uxK2
z5opUTfzR5L?0*)?-b-)!fU=v1hm7~u@v+|0s^Z2p)$QY3W8<F=yG=54bAf}gP#}~@
zNUiqX2@yJiBxp2MSPbsB)f?8l&Ig|>TG=E>QPC%J#E(I9b$=diqGF&~&7l3EF8-+L
z^O$2KrNTho;6n#Mmuh$JO_DO85u%6T!)<Kr6ep*`a3{?CuC&_$xb#RmiYz56K5S)W
z?Qu82!~hTs$jTtpw|-~g|Kt72dcnIis7?lcCMIxdf<B_Qyw0A?)l~?<Wv1PEavzLD
ziFyzAXIuA=tf(0SN#5qrkipE%4jWjS3rS0dTju5a$6!Vgk*KNuR8DM`_DD@dx%eZj
z`R1>yq9!5-$Iivh&aeSBwUE2}oh2^HuiRk+kOx#(5Ad(IEXKhB0lfhHcE33Ze;4s=
zBa-!jl@9o;@*A#S!QUf*4h=W9@F!{cuL9E5owxq5hOR#;!~Tn3cv8JIsLSP1Q3df^
z=n|385U@x<PS@X!9hg`UUxhL2{jI>G85x<B21!b4qRx6pj2%bkN0CMEts*zKQ%Q0%
zlBdAL{@*J)#DLo4;}D#V9T8DjN$IXKJq%1`ftTUL5IkDi@InhP=7G#IAnW;@fc$jD
zQe9Q;;4sTRLqSen!J!Cx!o(Ujh@z5u7pd?Y;ytsT|EliZMR|8$g2#6q8g>0hMVat5
z<b{OXA_6-hU-m=Hb_<KUcgLgRXOmcHu#-MO;WGGzp;FVq_`HOO9UT0<W<Z2>id)}9
z+#QF>d<6%GqxZLHwg|`EvU|0a6r*D--3c39;8N{xzsRw1ItOEMF4kJU9nNRfU|*lW
zAq0tMyapMfJ71aGCJmVA=p^*i<op<*VAsFL!s>|VsWH&eA^5{mp}tD<Rv!6xB<{VC
z%G3ht!Taf+f{Mx(NN)hq0)kPjbh*bf{R80axYqZP+S+g~oSY1&$jztWYifXL1%K`N
z4;q^-dR`v5VKn?i3pY7A1W@x}F@9_0E-3Qme7u{;>M-`p135#p*J16GIh~96^z<F8
z#PswQOSl2h&(C(3z^Vlu4o{CeGbQ5Li;Rf+9Vk41f7qMKHS(^vsj$Q=D1byFSk7}?
zw<s5ONy{~2+!Np=V#`QYoarM|O_IOsWMri2Bke@$hRM&wX8m_E-WO6gW{+95!vuBT
z=~&hkAR3#1>+&WHz6I#t8$92Z>06KBp02gqnwd$o>DQPmf#P0X&IBg-%*ct%{hi@N
z_u2?nDkl7jV-F^MiKI96oyek_tD<5$b*$b0*BeYsBF%yhztBU>M}1o3x`*+5ft_CL
zYD@GuKTkeAB_RP=u0R@I02SQ-soXvSJnF*J?hm+u=x~q^EPiAX-urpr_yPkz$i6F7
zEoy6f1{>kO4z@I)XUxF6oPYmdOsYyl`#};T5aC{m*&poKtW2aOWp-u_4M~NdOUDKe
zyvr+sM`yf5apxNt2#X*NF0S)SDhP6=jkhp258j1)TB&~(p8Ed%`#f3u{ZA%?rp&+T
z#S!R+eSPV;kcSOE7)GsMT6X0e#HFV4nuLU=6n!1W4SfCjwdRtK<$o5)ZfBjU53p!{
z9FfZMVUe2s;MUlvlGgwW4;wrVJRfhEJ%2Aa>=F?YRcgPy<UsqwKK1-9pfSC_JORfi
z6r{1S5e0AT6?)^3*(c7v|7?%<Rx$w?_q(Vh0wv1V!p1izdYXcW{;=#_0G$}b#-X`<
z_A0^pS4gu0E&S-!+})e<^LN*Q0vX&Z5Uf>DZVjprGrkqK_|3t$qwTllB%1%(>Y<{v
zT$CP<Ca9P{voth~wJM0y;Mp87FU{q-e0x;$cv(cZ?C!H<UW+7*A*XCr+aG{Yge%PE
z%45GNs%dU62NxI+hzYyg?&EWu!rs=_7Eb-bDSyae#qq^*AwTouG%kp<#gDB^K=%)P
zCQ*ZfA3RNgM<X(vnw$FETO{a)CHRJzT~2K}(P#7vTBF<2uhLv8o#F9Jl^26Ds;6Uw
z<eJ(`?dG;YCYt}O)Rdq71|Wc@vhobL*8pY=ga-e>8RNm2wXYvc9;;qUh>sqEdmNfR
z8XL?v?*7S4+nXk*aAB`;INV(H&}g?vJZY(3YCS|n4w$OxegEA%(8;o;=jCXscW!R1
zEVT4EW2Lza9)9R6R~cihLdGRUB0Rh<x5KrkSBO(8^97)LAVRsyTJ#Aq+1Zu$sjs_(
zw3AX_RAwy~vd9vL8D0=R<`)+fXlf@lH_1-T&Eb|)+<?Txd|7y3aQWryRv@1y{oJ<t
zBHpdtUL9(z#pZVr3&_eniC}yW2?<d;REGiQNOkoSgRn@-h5#!Q=gqd%nm7UyWEm0t
z?20!&E^cHe!Jg|Y{Jnbw`t{Sp)f0Qa6B(EBWQ++=B&t`$WE*WEyFHwwuN6)+83dS_
zngXu}4$jVX0xnnv7PD1iv++a-ujHhqi3O|%kRwgD(*`(g`@%C3Au@PO`1}^I+|yoj
zX%iI)z`+yQb@G%c?rkh8>aCw~ONga1ecy5>k=<%>rGCCvxy9>pT*&4i^x{o0S9<r^
zvI-30GyAOdHfzsOapV|?>@%~xPF42!yy|jtSFe_r5(iE6zi}I!!`7DMjAgm;4Cw4t
zSZKeay+6KA_s|arLV*==a$-+KS9dULb}%*pOu%NV_3l;$ui)o#JSH6_Roxb|e)UIn
zUyS>!`)dYSS?r#^uRUhOf@69WKe<>{PUcS)grV%$g%*-omwQAFwceVWD_U9YUHqwB
zs>@|R4opiAMMeP`Z-wx!!^?a=e`K$FevI(U^SQ+wZmX&uXS<vl>(pjH%~+(d=5q;V
za=EJ>^wVV_RjHP0*IIzH<gN+$+`tNNr&}hW<fGk*A3gXZpEHGfow8=BVZfL<{EHQ8
zz3VU(?68yZ=3;WarJJuBf}HT-uV2{Tompn<p)8SYp+iAZJ2Px{6SR`lj&+P!H!~>t
zFI>*ZUSydDlAKJ(T7P?-$D9)&l#>{9U_kmvG6(R^RW6jPL#vME;7c5IKV~UfFx3?S
zAs3TD+auW9Kxhy7nVahbjMH<aI<YcHeo={ukr5GdGc!FXBqFtvQc|y9Kv3)0=R0JG
zX1ysIM3EX>=^6?G4Fm1zrNG4<UhZ=T9O;0H-U2c+L9ZrnGS~Z>LYp#`=UVB!>3u7X
zW)M6KSPxQmP<M}paxZ|NFB>P~?iQ7VL)0@u(pB`=LkTy)8@Ds*aan;d6?`xXJSUnI
z(!wDn+y7my!hyVhPX@fZ_;}=;wkwpeqCkaE$?{(x+dDfxS_udJ>DPkIgC3!Z)Z~Kn
z5Dbz`@F|2*VKw+3!sW3DH~_YTcJ>S*W6|%$#WK0cC#+_(cYT8I7GJ0r78YXj8z{&r
zV|+j?LC-4^OhHd`LvyZ)$&FXb8?)cIztrXxK-Oh4I_N&^hBRx}$_RSh^Er2IqpK&Z
z63k1<NKsKx3A)|OYD*VQHnaImR(*?rvEp^<^0`6G5>&A$`n$@X@f~*O>~mZAX!#q;
zX07U$1}-g*=6enbfcHH=p}6wdxtM8bPC$`TirejDDo{VFSd7dil$9Hl+k(I&7GlAK
zcLoaS+RNE+*3XaUYmzCP`OlxkW(Q~D)OD9d>oMhY{DCqVBto|Tu|i{U_@zia#6pYW
zK1R0N^Q#}f=#A%?9RK~^?-HAn+?J{BBkYejFpvR;!BDBl9h5sKTmsye^|NdQRpi?6
z#QoS;3Z+iGGi}dhyv<Y#Tr$kV?FwOcwrSDshjCXVM$?}?jt?wXM|5?F@hTDjM+=bk
z7Si&3dw&;0g^Hh(Q*Z4-G~8*8F#FOV363G4PxSP@d*`?}vC$ifmrbvxtD6QSg?R-N
z?SV((N-tN%&RZeDh*UBIqr-5%Ez8T&bmUZ2vp!f~3FRdRY615C_ir!}uM04GoG$rH
zjEu}Q`2)XZU+?jn&)!b41~7qwexlXmD(&E)%d}cWrTvm%9TC$1%xi43I`%Tsh(^F^
z`Q-~doIbqo>zuy6o}LI|cB8?~06=|T3p&W_>3PkK>?6D)l9G|(WU*-d8X$4;hiB(X
zNdT7(3d9sl?Dh=OX+R5lJ&zc($b~I6G&N}^)x-G4#YI}qSxZVwgFLz%MIjv>kG-hQ
z>_7&<K^)H6HhG-3{rc5Y5ZxWHhTi^sH8DHpe3&37l4W<3@gxyRG(I}qOmh9{XHKhm
zKz8;fOi%>9R*P=|H6bFYw2aIylWtmOrb5o7>G)R?t_k6YZeR%nrfi>wYdwCKpHmis
z!~k1vHKEfQNOssQEnVbflpLt6(W(2u=V;ze7^I@A`bbGjE69}Td79pQ6G41&ce(E%
zEDROe3u<^kaWTqUZWx4DAiaR{GX!$$>0M9k1+r6D%w$tHS){13@6*rQ9q)$vBQt>-
zAvfUeNb3Z21Mzij3m(O5G(P7}HyK`#j>%5%@cAL_&0jG<3ue1~B!}@GL`U~e^@3X_
zR4*L0v^@U(i}+1Qh`2X+@-r4DCK1sQ9z)vvLLKj2pTjOw2CvU+NErfLaJs$7<56g4
zvzSZ*9KxE_LRGJpk06B0<+*Foi2!Q-tos2xZ1xkk>uvDMzf|L1y<@9H4|<T1aR;}d
zWZe-)$lNlO+ubwcm=>#YOfk>8*xf};$nU)gh!>HppJJi7;4HSb=EcLtR@G_6$3KXF
zg$IE=D%>6HA4ZpdQKi-5daHqc4Th`Pr}4Dh>HSzr`8Rw6_D_AIE+@+>icy&Y)<sXg
z&ztcHe>b|TaOiTfvu9P+%*LHh7jisFFtG%WR$SJ5LlXml#uopeI}qI-pEFQ8m*djC
zYRHlyIU8TVs$fYK4+JWM40eFBQWsN)3Q!6Nw4Hu7LK68G8lXfL^y;nda{%qTclM)A
zXp@t+>})e2lmM^20s=IwovU65AO-D(ofV|#mFZ|SFI1bdF`D+wCTC+(6j^9H@^gtw
zE1!2{q#HYFxtI%D^i+sTkY$ehT;2`}^+VlWLEc^VpI_~0YfU;i6$%I}OKZ_0=k9aj
zy`{OmEbRM^6^Q@{iJ@VYk0QUg)6Pd-j-@ks;;(jRen$|+T<NMv{mA~Ms-Mfkf~}?&
zQp?^dMO!35DQ8h7Z8>DX3z#~e!?{wxK)s|?o0M6vmTB=aaF0Is?ePBzX%L&D-){)x
zTFa;UqKXf}j>m}!rF2OfSkoz@)NygJN5Jx+$%}*i*d;qm&%s}I9q$n0Am7f#x?-b!
zS6?&oDiV{#marv5%q-bF<<eq>?$#Qy(fns&4x3Dhm>HTiCl@J8g>b*vS9|++h$3>O
zkM&%ZmWKeAI(Ov*GdF;7T0HNj78mi$-S^f;RA+q-rgFbte2<I6{yGV$dW%p_c6Q5&
ztsyPcyrv@Ub^)(C>odmoAU+o;M9E+ULP5iGuzg(lyjdAaK~EV;d|{u-o``{o4?Keh
z2M`QmVkp=aZz6OEU=E*C&T0!PxEL9UA&WZNA$1_1w9Vp5+l|}po6z5b*~9qa7Ft1;
zbO`CEog$EOcLKVcU*NtbIg=TDUVm76kN2l{g@BD6q#@Mg1)A>469K8h*5)Rs&3T*S
zKJs1Pto~t{UOON%x_+`g^B!Pfel3Pl)4OZIh+jkbxl-~k?YHp)5BR55_ZhOXUbT5Y
zAw#gz`sD2Jsi=mbpviw@no?5cNJN-FI&AsSOZG)L98C2l=oaOaZk-5J+Y5{2OhSHE
z6i^Frw3XDzN-Iw-4i&kSXKYV_SbL^I15`9rt7b>_s6?N;gW87??jJu$d?6AZ9uUMv
zHyLUSXei*%9~&RfS1trQ$=A0QwD1c}{M_8VMXk9-MMJF*S@KwvUiX)cQ*)pVs7Ylf
zb7^oYR;TRi8?9lpjEt3@?v>FPc>ShT-Oc%QE`HPq28vKii+71}rP--e^^T2pwC8tH
zuQBw$KKMsv<&R3{*iMX6G7Q9_p@wbIVDEBl-XGY=xr-f?D@|Uz?K%C)vg%*H?1!&o
zjK}M@Q}PYau)O#4tTekhX>0X(4Qu~*V#7ZOJ$7e-mkTy%xuiPkUerTz0_{f2!JyTB
zrE3C&q;HR=79>~it~NR4*Bz8@ks+xft9ecy^SZq7x`Xf!dR|_S;kje*Z-J_XjR>15
znD1V8N&6Dzt>d<look@nu2?t|7fFK0sEvOifQxwh_uZG}+aI98jouk>uBnt#kXftq
z+BH43Mr+M5HZ@&&g$CnWXPO5rFG|X)(9m(%*b?DyY^JkdFzj}QW*aYX10_VIWu#~Z
z=z4m3%C5Ct);kPIf0l&tdi9memv`TJ3PkqnwDgc|9coOfgUb?2slb2i1DM)h4*3y6
z7`tNzNt--+9eCjWh6lnaV%+=LU#G-!BbYW-@e})t9cB<g*uH?-^Tg}VpeY>SrjpM%
zSeWl@NT2P<BI_pRgZ91sF1keQ1;7}}W_eCF76J|n!p1*9r)@T_^Sdo4z0eJz{~g(C
ze@}vKib$*LzVs;+%u<c@T66nWF5Nc>=qu;*tRD_L-)-uUuvyI%u^*lt!iyA0rEzr<
z@g*@kQeTX`wb5E|2~Cn6D%Ih0xbWoQmC)d{-5oo{1&*u3<whZG9t|z-`Gv;4!})WR
z%UCK;WC|*V()Zn8&&f698Sx;Gj}06ga1hdW(K1=v^jgZwU(Cw%wpzUzxV&|h<3OaM
z+eJ&ohv&J{+{HyVLV3o!^d0b=^)_%rLyd&;Hm9or%*;FO;)H@@$E&UDlVslg5pc@N
zjXXSVI(2d0J_|ux{f(vCJJk!^3_5=@xjNx|!%+P?2O7TyP_^YHYds$=^lqacEvUdl
zl9OQrV#owQTB9#>C#Ma)^(^hn1M0`KpTYsPs;Y8M8FA#lrX7%x5jExkL8<HUAOf*-
zX2j<xX=yjqPO<9?+e~1%prCMYa=PHKrhVeqDgx11<=X!;$^j^_<s#OCtx{A`QXx@%
zf@EnF@Ers4OLGd1K~!BN!L#!xv$QKkZMo<6#^h?LM|5c}WL;&93R1CXKHWE56Q1}*
zQ&&^o9=%agzN#gt)GtoN-5Z1gmekf>0m(%MpIdfTmOU5<fM)Mg0&><pDS~9t?TXM*
zvhM8p#ntgr{>{CUB|%dbhj=MKHX)>p0>qFALVk5+<@Yo+Zg*Xc!+7HiNrHHg3_+i>
z?R{2Ag$20nOL-UBfG(Iou^}z!k-@=X7{~$G$h}=%x{uB#yVs@tk;KkU$*_=(*U={N
z&x0`JRQa&5`f$GXpT!aM+gzUxa6sH=mSThL3lzkBwrZz!>0J=|kzS46GZ?`K0$Dlz
zK0?-~cmL_{p*kwEKKhj#ptX2LFaBNCaXDG7J~0L(_SWQ<0HkAMV9~j7&%0~Gj*=&G
z_u{Vk=BW6x@Af<FxmbP#$9AZ`*F$P@Jyrf*{i(N1RFs#9<$d+DFpKjDH4@Sfa12m2
zH)*+45iwhgoU}fOwzi6+k~p*8E=E|dqU??@)qYNmizAQhZ}!?{gmC?S^;5YJ#F&m}
zv}2?fqN^W+#z95EyTx@M8B$_!SnF~#c3~!exPO3)i+i8OrS;`-t1m2rc_rMl)$ArB
zmMWrA-oB7uo>ody61b?t=Q@k{A-_Bysd?Dv(rNRr$tfrlGPv@}vd|%*PV&2L{vO2Y
zA0R#?KV?`dDdCNt_793Iy7Lpsnsc{RKx=T^5Lfh_{>^MWkP99JuF`($=6hgMksLyC
zVVO!^le|`o-M1fwU+e}(?d7-nxx<-gX=LPN1RbvVf>drQ@UMPc>owm%IzT=ZI2-SQ
z|Mp`LDztCw1Nw|sYkU~~7J1Pz@R{}CDN);94dq&XOB_^ix3SUxdsV#qs1Tjp0~S<B
zIiJ;D6u~?+45MCDObj-1K)=E*bjJpnL}*9|IAj>p1)Du~>(uBpARVCi0_hroBmZ60
z?KfHf#hJfersHj1kWWTdp8VA7?utUddknR{SGfh6!g*WR{M>w)4zL=^;Pe*`TBRO~
zT#py8em8LOq<i<R*@88e|Kv%7J=A=2IygSBP&K8L6+rv(V_5`AW%HsFBQ5P>g&UX@
zv>1v@mn!a_9)5QtTuX!N-qGeC1eOq|*<6?<6dvKxL$iG5-HBJ2&BdSjGF^zTS985Y
zi>v4Ptq&wBKAqpQMn%|gW2`h)o{*Q%bMMort-*|egedG<({Zbz^?GkLf0K*O=EhqB
zyzvb?cgI6_?)4(`X{kY)N!v9vOiR>I43Y5bM{Yq%@el57)wTxk0nkuTx@SP?)H9V!
zk;*9}DmpNhIj-N*;JVhvqSW-u=LNv$`-X-rcudk%6iC+ADAF>Aw-koAc6phZ*brmW
zAsp-hH#aHOQRU>+Y3=&5&mDPAhtf>?+sDgbyH>H?`OvegaeXDfc=k$0cx8Nkj!2as
zQfBk|wckQ@Xd;uDpa&(ZC9dUQ4Ca~R(pLXtC|;w0K+MKQ6$}Ckr96E|2xdWnqWhIm
znt+}X0Z^*ECxerhU#pb|>?$_)K(xwN773{zEMLj1rN(4xanwB0QD8rKy1tH-NE2XC
zt2KIyDs9hfzwW!;>{2C@P?1Pa)94(o@$&Q~h1e%KIawxwK3Tx4>CTpjsv#i6P*=Pq
z3PYJ@Ch1a>!@o4==hFp8Ki>Jx%9@XRRi=4FLQ4Xw4yA>d=<Hh0)cN#~!FF!p0QJl5
z98eyEzTIZEr4eA6z<<8Gy<K7uDd>>pBmd;Hi;jY}Qg7yBqpz>;-D`_@jgGEobv%HH
zEHeb@D9AO;W&QyoVj-mTm)`O=W2UF2R|^!Cj+jsouzn%IArbJ93ukLJRW(FkZ?6Ye
z+XZ+Ccr&$hTq<fR8ZhnH-@iY1I7qCyyhOrE^YnVsZ$$^uTkt?y27?|%#-pjFrDb`D
z4(pqjhufG{a%2Sx-5D+wc!Zd8AnN)Ek(82g*<ap2YP<m7dkqomr5NVd06qg*>bYG3
zaN0wYGPXUAxpnw@!}?Z*d_^d}-fq=>O2v-ycK|V;;L&7IE@&8IceZzW*92^i-n_8x
zirB1TUd??wP1T1A5NWfT%!W%H#ibw(z84e2f=7~&XQZIurl45pnThL;PUY#{5!T#c
z{C0(k3GPxLgEy|%h<STE80%uY)(Zylp1ze9r-zak8r)D&-djvp?r&|cn7oza)Z%y@
zE8HJ%2gBE+>a0gkR$jqDBqR`^NonsH+&;IP53)@D)PVeb_Ci&17!5x7b<I`ycx@|}
zHc-!+OrJAX$_gN!>Z+ej>b&gMO~SkAMYhs#>c<R&k;*SnPo7WmP(r#QBCN-zf=qk^
zSo~K@9~`K>6r$#%K+&_~`kF0b+^audN#!K=Fh3&8a`E-#F#wF6!K+EP8y{&BWjKBn
zwW=SowzuX|Bp=5_M~@8;pDs6oH3B}~r^|zbAz5o-Q_a|REfY{pYL(!vB*Die$s}!R
z0Io+J&4pkCSfkC&23`H9a;mP=`xo_Va3_<nuyP2nl5@hxO2Hq4;bEv@8JsLtqcrLA
zr?bUWP!qW_X6O<eAP0>8SWcA<0&XiP@YE(#+u}hoU92%4*eB~HTNw{HY({#rWzY7x
zw!F5C)e|C}1V#fVZc@7e(ti6Ki7#K&h+8)%qH~1j{m0X<)fA%;d}F4jU=Skd^|{8|
zd<-CV$y^(&PZOU7+EO`7C>%8Dab;#W=XSr7g!b|^xZwGBLO`pD<A0BbhjaS7Ny~2(
z-dF5mSGU#qsk6JE0TnF}jfl<Zz9cP8*UgO^g4pEzQ9?)OF&y#TjCp?~kfj(G6e>Xh
z-Y75fmCNnl5FfL<yPlJk7-Op11cv{IyY~#ItL@rG<(7&dkxCE|M31_nCj^NaJ-X;6
zh~7zp2!iOH=$+_wDM9q!EiHOqdM|rO?)!P(_x+yz9pAC{pMC6k_^~1^bIm!gagA|~
zbDXEal`9|HB1Kaq_0GLd(OYQrZ!I)x$tOE^4hk_lDv5WhszysXKeeHsjd7piLLY8%
zP{0FL)<n-!qg#$k@#0Az=RJbM?$ngqj9(pOwP8@+8tw^PnRxYDN#rZ7wjRNU4*|qn
z-RHiE6DeuNzgz0>9?DmY7mKQ@3QBwkf?~!2Pn;r%uK!?RPv+oYQdRNt_PR_>jfD}#
z+h*M7rE8$b;Y3NVT8U?3Qg1xmsoSa_Az|GoFB@&ez$nRKoq6y9e6MJ4iAOhcnkUlH
zeHpLfONcq_Id7Z>u;nd!C03xJLd%&U6h?HM6*_I$=j-BGcE`rmUnzZ`nJxN|>^t4L
zfbs66&pm|JXOU0Vjsm(0%+BF^*cc^y2LYVIs*V#hJQSnsi$WRM_Q7i+C622ryEfOE
z2?V*;$Y`nQ`Hp)xdv+)>4XKML=h~ye5u&lR_2Fp{OdAdi?C$OY4uJ4$fXx!jzN!JC
zWgAuAS?ZyE{1}2$<=z@oWJPg1{t_}6Zk^TOTmNs>)fbJo#ARh+s??4^nyL7c3GoU_
z`LCzW&L{5Px6geOO_8{G@gS$RR^7t`^L^5cO{__pDdv*2L2q+$xtuJ@UwcXy4M<R9
zb0eM7lW~Vlp-t<R#&VH$t2<j8E)S=X;;viET|7s?HtQf!$HRI(RVY#}vI>LLk`@*e
zm*cxJ8@H;iMsKclX>HWUsB+z6RN5nQeaMI?HbtvBIqU*_MlK@-(|$g<*V*Ly(y|#K
z6STv(?$FtIi19)~!qfRM<o;(UZGSdU6}%n#VbmvrZX@Ejr-*@%)hy|i;K~D%`xd)9
zE9Jm0gsuaqjS=we3VgzenCE`R3fXG;GY|FHhTZ@@kB&J$hm(64FeW3hAN}r~zBaZu
zh4<}GRrV4Rs%4hhWh{TiO`vv5e<)e-)G?L^(5XFEKkCpSX*pgRc$*$_kV!Et=+WQx
zQ|M?~!ZN0_(>R)Mi80-{0Zmlj*cgH!OX*p_xWBvdt`YmMXP1{=<T{}wRaHktxYCl-
z`@b!D#>9}=Et2xtNh@da`{arwbUimNe6H+fiYW@oo$PQeM92slc5dS7B*hsn-GPrh
zN!~aZnYfL<;yH)PW*w`e{HEh!9HT2^$Cr=?TqIAn)CG}DcLrPqtXFv6O;3#Jwl%wi
zT=x4+M@_%dUl@Nb;bkPdziE61{n5U6sCAKQdY1JRyO6e**HNcIYDS<q7wE14oKRuE
z!dW`MSh$2q{O%jA+be<z^P2HkE_>F%j!V3xLcZD;FM%k7yXI{k{qf59yW;4vFTY8y
zH8VeYQXDUNc!`E*($%;7I`1-^Ub1=l==?f+<+Eqp7s)-MK)!140LBsXLzwC#*%Gdw
zpPs!Q|HW@l|JCs!3$ODHuY+d5y&G@bv{U|;CEnIVhN01U|Dw;ucnO!26BViyLe$F(
z=hqliCy#eydpqtliCX3@W^S%eEujK36!SM~kE|5a=Q?7ksHh-t=R*e_SQJF8`kiPm
zhg;EB)?TMIodSm5g<hrgTtaU%O4=T^Nj8dQcFZsIb*m+3OvPQoIG|OUr$;>0TP?{q
zvfgb@2#ktZz8!fjrFi6(mgmlFr1JAkVzHH#UCxLsV?^T01lh{P0qM8&L)9=X(KWw-
zp`oSKlcytk(X|WM*gQNu?2$eLyjvY<<M)|^SLp>uR8o5N*raeXcrinRg3WrmyK~g5
zay5Qwnzus^{oy^kkTJ$YU&g?K!QH3T+e<am-B40}zyP^daq+95;I_jZEr9^3KGOjP
zcJ|e_$VV9ZrUp_y_$=ec)J46ih1d2shPR2HK7I4-&7i9XhK6=8;pNZXKA7(z#qqt%
zmJVo#-M(Es|8tH)z{Jj-8(}uFeXf0+QRXW{USzpe{h_QavdU>!!qKUmLA6m$w2}(6
zP$cGNW-!kQx(i<A9PKL(F?jp+^Su5N#<^k6HX`DOU<SLfzJ9z$=GibKMJ>yjb+pUG
z?j0R`#s<BLG1cG$GhC)dhDxtqJ*qr~nj{d^(>gi;=(vQjwbBz=ui-U`g%Pnd-x{+Z
zA%V2t(H~8h>m%04Z$1?dx)J)-!te|V0_mZqhd<K$j8;dn>FKF2{N*JmX^}?wb-d^`
zw1L`&(sqKbVVr-|NQ?2*UWwDMg#gP<8<i^(X?rp`Gw>znX?39yqB)Sa%pNj>_wT<S
z#s%jMs+JAPsnT;$m&RP^zq`^b0`f1A+i5fFmUi5iTur@3{za*nvcq}1PkGcI(8I1r
z8r%%%@|!eS>OBTDrw7i&mtRP>*zPah#F$@N!aVoWco^fUnOWDgXZy57S(%tgznG|`
zLh-W!0*VWQ09#?;U%OUnJ^Ja(R*u`(#-oS@w95{3f8&QstPXLDzldJ;Btm>V_r6|x
zacPNYehKp_B!QN_%J(M(COsep>>~T>0H3uxLm1B-Pp>`9L|3!>NA<V$+HlWYL~sEj
zn0q3Tt}VXcm5wdvBaG^zNV{FFB`zEfH#fJQ!L9*JMusSa-jc7XWGwRj9B?AC6pKAO
z=A2%N5@baM24Z9ExPA(^nSU-(nR2wbxtT%FL51*Jc2EoclG(aD^lQV7JXnO7xpQ4a
z10SQp&(lZpMcuE#Yy9F59)FFD7JtHZ+uz_@3=j66;}fg&_{hk_hwha9wlAdo|H81d
zdoJPo_5M@Aneq`Zd|{(q5_U=J?)>(U;!6EVeori4sMCo`k$M$6;800v+&JRC#_36(
zFEMsdkU2-xNPBb@(LE6nuLm*v(o%8Yf9JfP-P|OVq2kcwaz2Pmpqc9!X-oFm@3t?o
zvJ>tjDvvPELfhJlp7y+ZIcAG8bHV9?DvlNJez-m0L2@e&sc@8zWGE2z2c%uGKiY=5
zM<B<$yqLG?&G+2M)C~%6BBqj9eUjT=OiHNCbiF|_v?qRGAyS4mYoBhx&d_AB(^`P0
zO(9T@hi6~AFW_p>)g8YvWdq$lO`~5xAer14b<N&grZ#n*_;q%CxXrsINtw2|?U)^*
z^upbJjBmj~Gc%9?16(`QkV?t|Vdr*m3r)NoUumdaibThp^0c)T3S6T7>vL0J6neBu
zT}6f4cJQ5?TySEdHuJHzPG1aN5i)6JuHzgumEeJUtk?>h#8F2S@QD&$Jz8l+$vHg^
z*H4gJ`hdZ&oDvR3*3}u$oKqw`cx=ChMuvvQN+wCCl#5fmf6Qzc9TauXd^02<K+|#y
zg-06j+_bm5d$}v&a0O*!y)s0!KPzr-4jO1bcZss}HohmDrMGy;zoKS=hY#Trw@3DU
zFtaVPzaxSt=ll0ghb4A&7U~YT6nUEPNZL%1Ov;P0a6<Vz^VQulw=ipXDktXI1{pQ=
zlj+%==<>!{5^d$1JUptHm`<G0*~#e<Au-N-RSD28ei(c4k@FKV$^^igVLtUi`2Yv!
zVBlt?fzegMdE0%F>Y^1c)A3STTJpe+buDxA<`Itk^df@&9l94`Pwc$PA|moP_f|*C
z`ma+3j{#Jhaba`LWVDDJP|zs5O^^Wh5h6IY-Z(y(u^Lk;-aiZrTS9y!AmDpML$f+o
zi2Ss<F={amV6No;;oR(u&pj4MHm0Y8(#<IFFW<X()ju@!bYlh^!*U5c6ML5D+=UC*
zVV{Y><n$=CYBpkHX4Z_zFw)jO??G-u|75VYz}K1+V3Kea-OSgei;#iW)C#ehW^V$?
z32<~@_I@4*>l~y#?OmS!ms`VigL`frUFlRApS-WwP0U!p<BxB?DGxI9XYPk0R_25P
z7)*BEbua<Z)5CJ_5*{>Do7&oZ{Jd{puY({-WY42m>8J>eI)LNb)k|za)q*Bi#92%}
zXXD}fFeazrW;r#}`1pe%F6MBtjb6#9C(ocLSFhqd#3K=t><D8rDw1<(fxSWM(GBJ~
zevGavFpQH)fo5GaRrzZrC8$o^-0I-+@Trr6p0iNYfk?K{t;nVC%i<K05>kB=osAqP
z9auyMq(1y{V&>KxJXQyCwzijOMKK=H({kC{o+3NH>(I(ag3f~-r!V*{MeXn~(93mo
z@b?xJH5ZD0dV6X3KA=b=F7q#>&6~H0$X13UJV`2m>&-X0XSO;~^F^nH=I7(#^5WhG
z586c@c&69(pPq)q-$#))wa7fA_#ot(nTd|rbv~w%ef90B74gmI)N!0v==LXedGjr|
z<H|U1Vm!HrHPj^W?1S{{7oX<>>g*gsv(;4Xr$0}>KZm2J*qov87q+)oEEX14C6`xg
z>qbJVh2BpetsS&_SfpqaM{QwY($c)F%bQrXjKR*YoEEyShX-t_@lWoF&|9g=e26EU
z@1-99`N{dXte}$DN8*xj!>41(#L1K-vkj4r9ls&bl<r&_{DVz7LLB9hNkMGjB4cR4
z&}CtehNh-H41w5>>4I7+IEkw9INal~thN%dGgnks@0c5OQ7s?tS}1^KGjtXSq8re|
zrK-I>BE4BTs$47>k4*<cj(R#f-*0A#O1Ne!mBN%mILuW`iXZ=&+sw)wCguFz(F~9w
zT^L`nLvi-`XD|gVrJzs@+P;&fDy2UXz?ll?;uQ2QZ{3<bKG@lRIhUlYz?Dy<6<uJ2
z+JW(j1Yw`vt}b18d@c$o6z{{Z3s}6up4~Ej{UL_Nfia&|ftC1$OyPgH0EEO3;aBcK
z$MZvFWkJD>-?KN11H~PX`rpC1=*~Y>)Q2h&j|8DZh*c6(Khx9YEA2?;=hx_mdPnN&
zUbDK?Z|HzW1rzIITTsJoQOKcwdY4=On~yl#l;qO9etAb&a%N^!aPT&CxVdP{0W>gd
zotJ`s|451rBaA%~`cTr-gX9x-ikX(9@3F$l0dP@<3yoW}na7bXr>m+?m#T{M^R1#M
z<5N?^LP9|5u?4CQxq*c)Br4I9phQOpI4cm2GUV+~mRl|h`^r$0pGm+cTeVPl-<qA7
zNq$JRi|+BL2m|&>wz_i89DVQIm7Seqo7F+xH*aG6{nzKarjCw2W?L5tc;N2)FCJfu
zL}V){$lSzo2Pp}n{v6}c^qb)ZJZ4AwIWatL{9vjs4DBPryM-~l#)jnCR9;wE&Xv5N
zbgd7XYA|XSEiuq<!mhiOiYqU#ZElT{2PS$C;1tk?3ZYlF&0f1NjHSgKUT(9ZZ=`!B
zs7^^U+}9^~^oE!2*3!IxE!+|qi+4QOQfxiE1AH#e_9?cEFBpCLK&i@I;AR%wrg2}o
z8P-!`4!U?)8`w9dXId=8n3;8xDOY=v7xfX!C3UW?<>BEG%;Bvt;1v-;82?fga@2WC
zxTV)fIVx3^dk*99&c~a{FWT|E?QiY=aWw2RF%em8He%`aDzLHfzRAdhcx-!KL851}
zV*Vh2i=RJl7~OdG^!01Oj<|34V?Ladd-manu1uL_+@%Zabv?9kaYt&%d5rs1!sp&^
zZF#x1Y|h<ue;j@T<55<e@zO*M4jbEIZyGptVfs=$beo%Ryu%YgO)Gj1qYLxog(EKv
zjE+j(A(XBU<SI;Tm6c6Z$k|{}P0uY?*SL?K6ddbH@L5;_%ebaSe0gq{$oHX)MwzL@
zOBL2|YF}_Pdni2t%Fr%iV3!~K?xvJII8RhX0u0yNyn$1GlB_+<(c=~jYBBif{SZI5
z>n@q5^Piv;c0^(-Yz3`nQb+r$-*=G<_lCWH%+}N2RZ4j0)e5-fwLhUs(P;@q*l*q4
z@)i^XP$dFk{1pb&zYx#exO+D|AWBU4!Q&SvX>0d=2${I&4ew*nZNIK;)v|l7KR@Y?
zJyzj4{cajeZfp6gjI<SAsdyD0EByTOB*Q9JFegbd2vedNV`BEO@O$P)PEQASddKIL
zA)BvF+IQxcXsM~4+giD2ry>J3sOOt6+`YTt9hz-xirRm&3?lL=iBE9va#(zdY^l3~
z@!bgRtj>2@ny(vH%rdokft2?l&|?D0<+gK4fnqtckn7elx3tJEdAw2Y-1!}M1tl57
z`k_f1eAU8>*?M|<R4d*JN|~+45Z{z^xWi_`@3FHo*KSR9T4Bqf(Q)FcUYW>)i=?OW
zP+$j_py5iSC8{WIT3aGX4;c|LySrFFSSEKC{wwV22?={aIACil6=AXlDs5v`>fQD3
z7r-cHlgo-`Z7b*wZ<K$afURv13{0DjHFhuDzwt5KBnHOD8n3;)a;3S{VkDf!d*89K
zEg18Cuk4$AT{{wzx8TR}>}lUck+?W0VflG@(j$pl8bANkd}h!2Yep_U?IqGtkq{#S
z(V_hP{mQCZm$kug!6b}m;*m5yqLzx`ohdK9>EVH0>G%tPFhA0{_6WI=3XVRMGQWDP
z_0&bv)e)}*=;zVUxoytTD*dotRp~6GRb}Ph|KUzyv${4`c{4f5>`Bzd^C108=H{Q-
zjW_gKH9UW6rbs_yZI+{m=DJ;AEQ-n(mS&}5m)Fn^s<O+kYYkuSmey>G0GzM6%qAt!
zL$NU4Fl{sOVO+M!SR^9v=g*s}tb)R!5j4I1?WkOV?orTDe442!V?Y0DC{?Nz^U}kN
zEH@FyM@@qviwaMEIpWC3UOv8|jSebHKDXoh48b4K*ZG=~nK|CjE8QZLK{S+}Z^niF
zz^N6){<U>xJ|7rkr;PK;5!=o;xIX0Iusbd*RKUcnlaami@KnO~YtI79+(#3)=SUyL
zvbP-1p3X58;l*;JN}3|?e-@#pQB=g0-&QALVS7YJ{*$=rj?Kda_&c}K(`i0D8<?Y4
z;?!*2yP46iZ>S%|F#}tqDu+~d7E*I)(wNIyxC-jWd|k0fKD}A$)BIW?4xd=o8Mko*
z%6!Mm!B%RtJ>5NroH%NQ)|eRjsTqf{TfeaPWJYvBk7!|<+C}8p*#$jNY-4RLp@3ot
zi-$3=E2N~WC1zrV!CSR%SH$@E7&x4tf|!%3sV9Y~$Z%2Hcz%jygYU*PE=GZ=Bpy}(
zF4kmt_{=U^JvCVfX(bx*Hbo%mN0MkaDIb=c+-5<+286e0URD2dU7g=n$LQ@Q&ld}N
zS4=fz7%=G=iMs4d7YSTCm~Bf!+TVl;rukL1%(R!pe3d^Ltc(Uk?%b8y-r8Vg-RRGz
z=W&o%+M4IVn0WUHRV>P&EU#%8Q3Y<z!cu^9%tESi>C&f1f)ot*-|x<NzuVuqem7jj
zoSC^f=agE%>*MScxz*Zz=!Fl|JychU$kV(~9^#dr)NYg#_iTIJA6A;I8t=dex4NkJ
z;;*jn*9vm!Z}QLY8aXPb&*cpFmJ^>p5PmK!tXzy}xc{t*j{C<C{!5Ohuj-+4N$H5H
z9X_Ge5>hFqPZQj3e3@pZe{R+AR9#qANl8}=Wn4Sl=TwEh?u*Z#dJ8~eSga=pH#ZM`
z<^*2;d=re%e~P}G`Ip<XkIqK6vJ7v^%DIF_t2A2P)t`|p?FxMk5`V^JS$;jO;wq^A
zW_10n=c?+;8XdV?1T@k&sg^H3Ydq~$<+K*_y0^E0$1%otuyk8$im!pPQCde^8%(E8
zps9n=nXL-sD7}H+#W(}Ii`nrq3&fUL?C!SX;TAHio4~GRTF7+{l=xC`r|Th68IeWD
z=3;uIr0MiS4g%vS1>DzCX}McjyTy9Z;RGvpUm7&t*9FexIxhh!1-D3x<Y@t!qPTov
z$Q1wOK1-v|h>xi|Zs#suIT-r&M$?dzwxy|q(IsFwEO(02CbvHIP+3bT${ly<G}~Wx
z1xR*_p^Tm&R9}R)jARaP($>Vd@8)bRGHE(YA(irjZ_W19kM&uI2tU7OcOq=C5g6~5
z2Xg_<bg;KS$(~}8Wg0=)cNEC5M0{`c<A@z8mq2HZbFl4hPPo=u-msz^7Q<J6GZ#I&
zs;c*jkhk4gL4d26AscD4UHkNT>beb{E#qhBXC!~UvF-gr-ZJE}wpNfP^Ta$VcPc7`
zLD`pV7tzqFp7rh9yXxvVoQqn6Uu%FoG}#1B7h6kga9U6pf(Hr4<uiIP@R*NHxk*xR
zwa&el(2|XC`L!+BQ7yMSH!2q(pE<LV?QDWWNPc3(KRNKc{8o|hPvXDculG+iCPkPN
z9{U{fh}u)eBzd)cc8J(&9k2I0VnN>5>JR7G)kHUmHUr(u`RmYAj5{ul57Zka+eF(K
znu`#3zqgxRb?1M>GT5^+!i=52Xr~XzpL(U^K1im3JQ>DQQPCwJ^TR9$!|6pqd;se~
zU|YKk|7;SZ>I>4<6)8a2k9pui#mKlj+sBf5$qnD|o}ONEK1&h*v6MJFLm$Y;0BNdu
z#vDL`V<T&)ui@m7yoN|Ac3P-K)6RuV*C#e?xF2y2;CQ>N*>+*lxDWqq*=q7g=`SO$
z3#~l4^Q+q+U@uD5##%DZEJQPePgtYXW$H_>a!TeYek2JBNZy;ev%^?z7!%tK10A8<
zZ#wS~BaKl@uW?PdQsWweBO{3j2x{j-N%=i+iPb7>$(p4B(gsTv4KJ)?qwm2u>Fobw
zC?&lqPZm@f!0-_V7nhxd<&dr1BwO{Q;wF7*nG8!HmqgTvnI=pgJkF((k<eAr&0R2?
zR7_X3*~NHoE07*F8P&tsUZJ-0@rZ?Kvo@iw;am@6?mQiVc%WLA!-cA=;oWx37&xp}
zLAoz7t2?b-F&|(WHA(kbs(`j99PxZ0#t*lE!?5>}xOf{_7YPdrDk>{$Jxy@g*g1#3
zk5BpFY=lPV?-80*I9qTMf&=5b<NgK#mBi6$|L06My8VyOw1U<|o^R$nKfhdAJ~vju
zC1x*3P)UyGw_`Hu{g(a$MyxsSx%YiSL>nFPc@GG#PHi0c)432P{Y_m#rvP=OJ4rP5
zU(^*K%bZP)xu(hzekjIE6_M5WdLIXGD^T;d=n&scq=9#WbQ<WJGtkm%<-T^2VH@=+
zMa+#<5V7PKG#h-@g*)xEyBiy`OcjwpkwZ}%;;D2^%Ie{E!O_Mqn(mEmS?wSf$56We
z)Ksn_!6ZBe8+P57FFgS#mcQ@-+M?fIi{V^%`}N_U0kD+#6WePYAfdN5@yx_z6-sb$
zpLnaGu|^~#%Y7~<NCE5V+W8}CHR|=1+ufTv3<W9%vZry)Rb17Hb5l-H$5gT1Qk@Jl
z!5inf%}?qFLVGzDCsqI24zfh05@nSw%Kf1IwNY9;KK`;%?8Zv9M`j|7;>dJJq9Sqb
z>xHbhH1Fw5G8&q#j&NXNx`O7~hUAqiSHKR##pM+A!odG3HT4lTHa3p_R*saMyojVE
zBQ<qR`qSxSZ6E@t=Uu;e<;U7nK5E^wX~r!Xwr9#TG{Jym9xn7yaYm0NixYu0*tjjX
zmY+}6-obT@Cx>F@JK;BG?skb3QeaF6&r)eq_Uplnx-a(;T2xIbg}!Jy7DB@XvGVg6
zT&v3wqfWX>!IF|Ykq#!6W99-e?@i;hDowXY%qv~fkjH8btv^~l+1mw%uTtt6GWN95
zG+)FxzDX~uBg<<lmZpP%<$wM9_2&sGn4nt;xE8Z(&HP}lmXOfJ$hM#Fg-!|CZc<>p
z5EZ3m_!-&iLhK`?l^d4cETaAQW5V*!V?u#I>>^BJYJVNY%8%qH&XME#d8rc!r1VEG
z5V<(Uhlea2#aJ*+{9OcWZ5b+pml}!DKL&y)n!G{UH2wTj)4|g#r1{0X)c<ATTb4>J
zk5xLSpC|YF*;V{A!5V?3o966J(BAO<zkJj11JB97f28w&4vw?wge)HIZ-Ry5XD_b<
zw(`}xCC#+@#%rjrt6cW}76JJ(pYGkuE_)$h7k5yiMUdy67pX0Ph<9xpP;P3M>r_h5
z-|LqC@amO;yE598D2tu!a=h6L9_QmAHktIZt?r*;x`QP)#Sl;tT7rQoxVlyA8q6C#
zTnjdi-|ue?1vI4DrERt|>IZ0U2W_8NaE6souC|XT+i0#5+rLZf#^ORRTcbH$`QupQ
z*NmhFda#)v<6ryd&A0rF^62`&iHK4x>}k?TJA)foA;*qeWXE}Z$kyBhoEA0>1|`d1
z+x6^f$>Hvbg`pFRbL_P)y0N3jS9z36qbw=(ie53j9mtFhD2Pvvx+u)Q<23BBUR<YJ
z$0Kgf{>x=~)Zn#T-%0hlRoE5(8jQQa&n`+`6u;2S+93Omra{E4k(EskQ}6;#cG51V
z(X2{D&}3L}M6&+u^W*@m%a5?mJ-GK&`-z9e31iW2-8jyL(wJ`a+(Nxt6>?|TC=1E8
zf28Dach6V0mA;9nz$CRzjH}}Xdi3_ri<&o)LO7#q5)JjyPP`kjg;f0ci|Hy-yn5=|
zvTGv^cSk`91>6|`g-?oib*&AiRbbWYGb}7EwUd{>g=WP#JNBs3W2>gnKisilHpUoL
z<P@QbUP38T1}cUtNurszJM=onxzTg;Db&p^UI7*|K{PYukvz^Tbsa2{^Np4j2~H9^
zQMm6+sN7194rj7O)fr0^_CD5NV;}sK&8b>$-0=SpM|p9VZ-}VuWM#HUEj;%wbt$!K
zC~~YhH#jgUp*J@FP0E(lw(G6R;p8UK<D&yCGG5-2cN$9wW3en!Jr(m(ZVnE`v<f~q
z5ZR38vH>oIC{1#5GNduXDAc9|=Gmus?-FnS`XEu3Mj`VxlgUU)%E-37MAi}UF>&jP
zL(%+tbz1&FhY8Q-%+Z)sL}Ti=Yt6wkK19RZc|%`AYA7#K{yg|uiCalsnkL;j`tw+2
zFB~~#?S2u*qS$OemZ3tSWMxDFZBxRxvvu?(aDk6;{<cx7-e7m7jzUiMB?i(UiS6};
z(dzFX;$nUg0g9zILgn_NMRI&y6xz9@+_NP@;D{)n0n(~;H!=VE>pB4epf#|qB#DN?
zYxs_B+_|$)QOzgIlbJLON^aoO70GI_fw<dUh%&$&xH`nSfjw|rb@82@z|^Pi50%-@
z;ql8StPAr)5o|?lMvfeF&8^XIVsTX|>IaSs;vy9k3<`trC*^<9lRZaW_#mBI5MPj_
zioGy+birbwy1S0K_=)6YCac4(#);BT_MfbXbe}$bYHPa(8jvs*1NM|b!NGzdSZ61N
zab(da5OQX&0}3sp`Ew^EVu6(65!`m>FJ63>{~1Wpv0C^*yNf8+a>I7TrK{3cY)-SE
zV&Qd~bT(&^Jt{RTA|Lk_Zn9AFOACf0JF0C+4Gu2}a`Y$5^MAHLw691W?D$bJjXg40
zy&y^C*Rb3q%7}!l3x;~)!otEpxE<(=Q2TH2|9zuV?e`{4+oL!<PFw2gKyfZ<SOoM@
zkv&?1In=6@yM|r)DpG23nVnI?>!KA66|;ULJjZdoT)C?$1%VfmF6iaNs-8@FJ)Jug
z4Y7_H*D=ziHCCZ8v+Ei{71>QAx^%#DR%hl{hA=R^*oYfTEO=6$?6%~iJ}U2A=hvoh
zl+C77$flFT;mgWM$WT#Kv+yzmB9)1WNyKOmsHuY|EimiLtd^2rJ%Z5^rDBsd?5n>o
z<4N3BOj6Cg634X-v;t+F(_^w#Ofomm4==kW4-L}dHzr{hZ5ZM??ht7f6>{c12;puS
z8O$s;ePM}yL0viBnD;W8lJ}JzTu_-JNefT?<W%V*lWxPluQ#Q+>!_aC>Y$Ix_sRbf
zI6U0V5J14lCJ+`_%Tut)fL#Vt;Bh%Qpu`mv8mgzQUH7k3(l#$u@h%2u@k0-Zk?<wG
zOWDMZ#?E;$?FlSSwd_7?R%_w?I#`VN)?R`06axdB@k6~gZ))hyp4MuXxB1JTaPwaw
z1a$;6JhC05ZruF+K`}@?ABqxNZ7=?S5%RO6_jaDFWbIrW5m0c?j`xIX^`yUFVHEh$
z^$A2ZKUrbQu}fHBKRtQFl>d7vV65Hft-b96(gv{iblw1&|9<GOrF3qW9zNK%+#2R6
zKHi)7K^};Ag^U^71Q&HLB4|4jf0E75m-ZrKK2u?~K#SDjoJSSOEy5?6xC73?d)t$>
zEzZdOrN(caasu-DlQ}1ch5N_^ToqpZL_OAGh4ZE)zt8EZ)pikMAJlqZzI<`Rx3^b9
zEj9P1)*O9(grG%`)r~l9QabTanDq8@76dAOUFaLkH*wO}?$+N~dc)P;uxaw=^tmhT
z4<{wn)yJ#Pj;F%HM(Wp;Dm1#rR&FZi|75?KWlT7%(o~wxanr>)#il^=WR#1o__2|s
z+tR(=0@Q-3BYU-#?_sl6M$%qC3ksrartToF;;FTiqCfuR@Jhia89FM{Si-d?+H<iL
z8_GMT(rpYe(E^Si+rG4s<aa=8%~4}v2moA&|3FWKIcorE>$v``=$K2}AyW2e<SsZ7
zRGQB;gA!g!&vs=cQozyP4rK>nztFzIPF8d?jnUcsUDsibZ{PVD9l@qjYLVc)S$3^M
z#~^mTB+n$7qp%f&O_`rIcOc%q;NhirJ_seRYCIUY$};sSf49}2W;~-}&UnemaMsg6
zm9h#+T`(KMx6E5RI*hDRAIFbX>zjfhNf3yQm;~p(WU=t;w{M3A27*%ZEfSLUf1NFJ
zsmh6)IB;u-`J5{h^L1gM6M)g(jg1J<nbJ}-($$qm3pCS~M$>l;J1%-Nt&C@(JRC?i
zBV0(z(xNSt)9#enB__B}LGb7Q+*@H39b#E}*Wq}0g%vi^_<9>L9I<p+xvMF!Dcg_}
zBdKYYO_$Uq<>jd}(4yO6pRN+k&d=W=ARu>pAuhfGR!Y{^>^amicE48y1Dou3(5??T
zdvqr57AaaMknDWz?(16_%uT@mF*fE5g*J57{9=<1)W5SA=CKzBG-)3XRM_dLbq6AB
z^Vj-+O_OuEj8eG0%IIsRNfODr&VOhAZrGi$%Vd^TmTg~%W^c|J<jGo94YWn_9jysC
zIvyQ6PzOUR&YKjR%+3yO;_Zr_QW*agNjl)d5fe@hjIhZPlhVyJJ#rK0P<pbpzH(e+
zL_qRcfrb`a1e;ErjyC9~`|h-Svb^M&F?gj`Ivq+xuzD&G{CPWt#W(&E=H?q9=Lpjp
zK$Awi9mKzLCpD|a@f7s|5|8QN5s8kD%i{#UmL@V@O0DcsjA^ND3a`eTysE|gM1N`~
zC~X~pKN-R;sw7LH=xCc3FOs`4XlO%ZV?ZVsoDM09T2gxVz21?%t%V-2&B~_!^yw3W
zYS|XlS^S?tIQyk{`tMW0h_T!L9<m5Yp=c;WTT2TI6VnwOoO=k9sG^Gr83|mcs6ivU
z0mvRORsWh4GVY6_p<$G0k#w0}UBKIp5N>FkuoFO31S-Dk8SXU{JG4nE@%-Sal$xbG
zSf*5Ja%J>kV3QkuEXnEH?g5!ZtR+bk6%N~dhtsT6P!!=nn2dDZ;Idl0K}^hJyEXxp
z49tJQW4ht{`?9~Ed&aXIbMo-yc6kaP@qkH6p|7!W!5%Iee{Fh@hxqLLV=N+d5Q8B^
ze?H5w@ZTFM2E0o59m!PLAHn<mU*9UfCjGgU?|1x@>_5xgP2rhkGi4o}9p|IdW&iW*
zF@GWL4Q9Z48A!_<Anon%-vtVg;6EM9KQOoI-P_Y;G&iy{<%;bm#{1CikwOq6>}_`1
z_t~tzgpWeKaWkpMo3-kA*jMk#qp&k%<p`=Gwv4-N;4#RGIts--^7BLbSuXauRIyjt
z^nPf$<g@i<cE@X??f0&Wk(y1CCu>;9`QSl3tUn_5xA^?9N9)_XD2>&Qyi;-Ct#hC+
zM;SZ(Lb#d_&(ga$!RaFE3NE{Yw#pXelDKrshYLgoUDV9sUv_c+d}7`0wfb=or~!5r
zi`~ZbPajB*MoQqlhlvB?Vm|m+`omYYZ#Lzff8wL?vJLP5i}=WY8I#8~3G?<L$H7pT
zlH>w2NB)Gagqca3O%#U(Sful02%ibeEi8cD2Zw&=Hz4YcN&P<8HSSaoIyoh!2yki@
z0~gsBjeF};U>Xo3F>rXWgS);kV?4)$Z0TKGXUG04Lbx!hOzU9Ot32XcMdl+8gkYL<
z|A_9}SikPs6xLizFVcJ-W9Q~Q+$lHwD`^cW^^&LN)3+5*%iidYyxWQ4ke+b}-mNf3
zO15z`WwlHfBiwmAd-q#6t#ykaW0GF4U1b@`8a+JRzPi33hg7n*K6C9(wuLA|Et6bV
zUk^rkVd3HK9v++jeoD2|VD6Vur35r{P+$aAakK&E$z4!XQ(Gc~WoTW5T`pN1#?afp
zxW=Q3WE6JJwHaCM6Hp*|$;)ZnfFnL5^^81-wuJ~$kXGx%9yPMJ+LGWz?09txC)p~z
zY;IDmEiKOY5;obv;kIa#cvFdmDgomo`mkGkTI=s!jQTCM4ZC{!GuK7M)i!Lla>n*x
zQ_5CDrc;9fgmY^c6Br@Gd^wA5E0};H(2ss!a$Az#+Dch)006m0*#GhQEB0q2mj-e=
zT3U=i(B{^~gapKQm^^*XVpQyYe7gc^HW*PX&u5p9z&0h8;LY0{Q02c|sFal{o!(1B
z=Jp}x1FU;|eg)xy){-}BW-%5C$^4(01r@8<OmXq<?R;`MRT>9~kJNb&YLAl>WROU(
zNK!(rdOggc!x3Y){WS?R`7<h?m55QwWb`SKhJA>6CdWg+U|#TUehPKyIzY*dpCc=O
zE9lnih}ZIuXtB^uSz=jk_+B*i)rA5|90wiFNCwg+4o*&3!8U-xRz&=M>xoinJa0>o
zWrgC`<!D_vSOg3LNWjhjjx3zn5g&^NX#y+}?Cfck=yFEpk{QzS0QCQPyqyygmow~J
zYa@rWK=aU9Hv18yLJ%MG8w89?LR2;Kii?Yb(2BHNfOrie4c+lHzfbGEo*Gml%&e@C
z1gYd{H=Q}(uo^I%j&U11#ZfZSM&R$(wEa-l{dv_@c}HpRRIBap4EFaXkYi{01t$h!
zS<4lE0g)x1^|Qc5!7K7kSgQN5;is&O;H8jGaprJ3(U@baNo%s_Bc(ZsoGE-qX@xRN
zgoGVUO{Hd2pOOcm7J=p^=tzK6h?26hA8}Y(qTxSW0Im?58^6z#8}Gm6uuv{#X`yb>
zSJrZ!=Ps?QdkzT&A<gU8uOEw^{rDOVimtq-Xyo^=Vs!H6$^QG5)wJ$R^PKaaZ*04R
zH}&u1f0v@p^VkurudipwXLaAOvb5Y;9W{FU_NZ$0V8qGap3{CM3gzth?w5a)M|!N1
zqwT_%Xi}0$`)QqlZ=4193SFG{mfpmDs9k)w^36)XMdUE8q@u2&a%K{7yU<`*$gAoA
zJutiL%lU5qn}1B#h}yLZyFX{t2lZGwEFLm4vhH=bivUQT-jJ4M+e1E@TT-`Xef;*-
z+%0BoW+b6Q|H`n9`rYl9rx%hxT`fAjKEB(7FgaN&^Zjzc=+B$^y~4W!I~=j=DJRg+
zL9nKfEAcKDU(^5#ESF;Y$0tV;X#Loua=$^eV}H!$0ghFJ;-2xnx9=fQ4Q`MZUC+`h
zvJ*ah-S(Y0?_>oKRI)m_2aroijPbHf1S<T+Yd2H8Jf0Y#%FTtywajD9eXF?;q#U4N
zE2*|gtk)iO#++O92YF9h$hDP}a0yw#<MZ>s?(U*RxTK-sBD(67<i?FH%d#=(wSAUk
zH044ss3seJJX;;;o0Y4_8p&d6@<CCN@v_uLCM-oA!jPCoyymR;8;W7)({c1L<Nxf|
zJJmCp;=-}vo#`_An8oCYL&v?e4P>*!SkYLDZcJFe&IT%ypUvmX!Q|-e6a=nXpWche
z8XqybqzR8vy%Oc}-Q6Xk$)1b@Vlc~tM)c|YX|5KCo_TtEgRDD<)?(w~%@JSteO)^+
z!&Mk^a*80>CCk#JNJJm(g+gHNo6@);=T$^{$(VTE&O$jysK<E67bREhl*T>FcFJuj
z!!=hV&1AXxLKwRNiW4{dG`j&#h%ziY2XIwm{Ko{n(U2R;rlk`~<cdW&)RaoekhxWe
z#klOYhw2sYbM3kBogY~22lFlqOUo~wp4a#jlasCIJIT1XA_s1CRQ%@^5vQPTOnt+P
zT-euft4mnvUdKiPEvg(jGSZ*n9Enu4U3$0SA6>P2oj<kDP$yVAN&X5M&K3@&&2IQ*
zoMjLNHoZ0z>4HmhOG|U@p8F~K{t|b(=Lna-Z&D3mda_oF2diWk+!NDfX^4rfi~b}#
z9VPZH($P=Me)RShfRcjJz1C79PjxC2b*p8Ww839|(ek)zCu)Z_vELPiu|0Szk$kqs
zKQPxtbab8>d`R-tanFliiy3L|O+Qc!|4J>_oWY@B6r2R^7t5$(G}yz~vi(6-ERx1<
zEjaFu+JNMJ&#Fe{y?u9cozgA8@Z6!?G+|cibmFQyhgPGL#?c;9L)+@_Gkn=EnkBCD
zj|AvJBKpu9k5NvRTAoCC#bj!AB-KF4`5;{@R;|i{JZE|b7Wytti{rABp$Sl67QoE_
z@9I@x{4W5u<Az^sG8%A8?(d3lb5W1JZv|Bh%T+ytI4vgcPtE_IBjyoeQ%6%H{+40J
z-J)#yY-N5#lQuJ^sw>=uh+T2n()f{<e%cdcj&U2|z=*AcL^~u<to5MiD<~`smT*si
z!!tY#;_JB;3BRAm3A<OZ<tYQtjv+~BRV|P1=PWYrn&hews1DTHwLJR~+jirSQ4M92
z-#?C_PpbH5CpdeR&S{=+K4Zc6`@h~F@c)-Q7Hhb8c25a~M@%SQ%n@z&Y3TRQOzg|@
zDW*gFtnzpV1z`$Iv)fx+9XVBFVGpxE6$Z>~xgarva?j!*EoAeUP>da2n76x9zQ1jr
zU@o{{Z6$E;N94Q@qM5q=*utGOo5X~qPdZC}Kr|nZIJBQyP6W9w#Q*u5`-)!@<%=3W
zJcg~Xfr=V!i=5P3>QQ4##UYU3vRFIYn$LQ2d7Gm+inD5sCWu!O5M%QhbvbM`wF-Wg
zO5KGjQViR7f1mKtF~n3F1j6Rm4|iD6L!ieABG9+!UVqD~k$psaF`I~+S--Ar5J!Ng
zmKv4Pr_e$iX|=~~*`pq<Y7fqWzEe8PipT7Sy92q39!NC0{mV=B-5tHaV##Cr!(vWW
z^FtHo;PmEFsh+a!xNxg{Kp;w#5mV~AzyJD4*CLrH_%9oSg%51PE!ugIBtU>yRd(H{
zUePX%pM?D4b%h2~!cqa0U$Qi`NiyqmHul1Y)8kHc&U0EtzQm-6+{2BSwpn}MF=inw
z!UZDa_?t{WWQPFb%O+7Cr{mVOYMVq&lb2(#*BI*#+X>mDE58e4;i6bI=RetSGOR9d
z`k!X<T<cEHh=@GShddGD@$B5V`u*972@nam*``>iWNcy*1MIlHo<f}loAJ}V&CzZL
ztC%(Gc4MBmBlO~Q#Ps*Jt+oR;rCC#cShr!R_09Ry!-Zy>nEHmL<Gysy2DT5+a8Lfr
zg29@wnao{Ac&t$ZP9xe=cryJn^fq!B_9vzKqLnJ$_Z4Ccg=-S!aPb`EBo$80IHSVD
z0V&vDDIPa`faU&xj;<9Zd;0sW$13a!Rq-$VzLJaHV}XcYGcz;G%V*0`K1&Hc2;Ker
z6APBe98**9tkE%qTwRtrAS$xEb(mf>2Kj6HC!Sj5tL#TrQeTH!hs7_GG17{(i%X>k
z`MurQD<t6S;Ep5jS@+%H2sY!aE>&&Y4kcFPWq#aSSN)s@SM}5y!g%Z8m!OfL>=rfC
znZf3!ZmG*=C$szi6W8WFDS7z62ebK3&KKdWaoKN#+F|o;?z~&TA8am66Sx{|rBh}!
zrbO>{8GRC0URX|9xtenIn#0_Upj-BXB{n<riJp45k7N8}*Bg27g*(mzbO`l$!M=-j
z$;tL{1JoHEZqeQT3tO+RK}a`xnt^b~pEG$F6Kj=Snl<27g7=`xQ;m6o&t+d?*j^mX
zET^uZzL+lrghyzof|xlapwxk1zkUr1OHD}VK|0u&nxdhhvQhr~npgKI;3?9;I1;2H
z(501=l^sN(7?ld<;hIBvu~1!e<ZPH+kXP{Gjcad3FQbGhG=Br|;|nIUEe&NmKSOyz
zl5&Q_OE)(S)F3Djg|l>WzmPwS=PEh*mZD_EIy#<&pKOlp+T2~dTU1~QUN=inppHA~
z1mVZ~Nun=)y6T2+y0?pRFjK#(n9k=X%4`pY1_{DOUgyr81C$2h5cu-&L3#rd9>$xl
z;`iQq;4RCkshQ0Vw5X$xpCw6OT}7?rn9BhbHKH0nc4Bco&iJCu=A!+>{f3c%kxxQb
z+15J*5dHg2CP#KX!^H!y*=(gQGtCBfIWQ~-=E<J;p0pVw-S7oaxONUx-wE?%p<aWp
zZi^fe8w(2ujly1lk@|DgO?7lA+-w1Pvqq1J{~boNpuFq@tcCY@s|RGP%FD`Dq2CQp
zFO=DxJv|Nwu1rjiOO?%v^Yu~+_Nm=>vE1<~KV3CMy%3l>OuOZzdJL6JTk!uW?vHM|
zM1+qI`ZCU7kjceW4m47@(S1=#B2TQGQQ4UMpNme$$S->6PYMZr!Y%5@weG*os9x@n
zlUX!sTQhNis^vC6rpLBA%l*|61%Y84=O1QiePB_uvu8}OZMp4+AKWZr%4NC`RPQp^
zIeEd`K3t$s35IysOh%q8SY?5{K1>AjVf}t|^aXjQ1EghSMn^|^xVhc%Yier1uoqm7
zt<BBt4_wWPO+q4U#FOL~8ZDvq^kvH@;`Iq$d7Lb@0<kjExR=zWINH_SHO=3kI||!n
z>?J_;b0^QFd<)b10>_V&Le&7i;<TK9B_`GiO%>=lg9)2a>Z#%T(~NT`edP5vqLNgU
z$Cf)ED=VEnFit-p%LxhR2TJ)knWIIAUJAt6ssJT*Y{cX+tb`9exa}at(-9{|nO|J&
z=jXS(y**R>`$J%?q<f6^jE;=J(*<^4eTLh3d`B8@-@Y|A&I+!nnB2*Wi>U!5SF~C5
z7V&{3Y3$fV`-|Oa|4uqiMIe*mSCl$_dO3IVh(VbJwHSN8tYUuI7{$F2IS+R?DQ{z~
zkKAB?Ap%!>q%=k*>TqVrxQ5=LuX9;_sM4uCGBQ$k*AhORg2Dh;_Q8l2WOE?S0-MQz
z;VWfp$IxI4hr#!1`BXl(Nzv-W(z2UXKBdsF`{CdY8;SEF%BC+xbGH3E3GK%vb`*ek
zZDTBmoarKwtg;}h1&D&u+|*nPhvT?Gw9N_>j_Kh7g2C~yeYz=0CDADa4OAT4>FOp&
zMxsuR583=XJ39f%fhe3Nn+~cUln)=S{mDY!%l8U|G<S5Ef+Yh;l0s$xivM0;zOXVg
zcQ<R`Y~xfpBTU49==tzjmMGYnHdXWO(EknTML}}bY!G4*IK;qzR)sKJYfGF6Aa9|x
zir9PFW}HxzJe^eboHZZY;$XUyRM`^p;7d8nD~J9rE-+Mae0X-LsA*^b3F%pmVQ{;Q
zgR`}^24k;ySXdC^(pC!m>{8U{ziEV0?!b-~RMBhFVn67CxH8Ve1;qr?>16Ng<CG_e
z{QLPPZSD3vtphbw6M^3#e;0CGH!%=QyMdk`d$ZpaT=d4*i$>7$MdA%dqp9x~1KSu+
zohd9g8{t*PDUYj*JQ%@+gn*t&yyx@h&-V@viVS*wj*M`Fa8W@)5b2-lp@5$<w58D2
zfrTaCWxg)D)Y*DsxMpCMYH5M{AfpMozI&W|VoS{Kx3k;(V@FEnevCoClIdng;{Q#0
zUrX03E~VJD7)MJ=1-j{H$9v%iP13@u$g;;*e*YU|+nw<Ql0EgKvvjrE!WaJa`&cV}
z8uGu(@=PoDb)i?s<FFG211M5bT|EnD<!{#^A5^XyDHN(~HL*RCg;D4MjXb-YV5I4I
zTTUoZFm3atY@$j0vFD~0QW9pXv9w3;w%={0h8Px>sYN)=mlQ~(NiX^!uJfO#e+wEC
zaR+JTH*F$Ytrv<ig-4aLrRCZN_kT5oQ?1f98_$gt$q(q>8d)wW+4Sxqs(ON4e_!Zo
zA-a*c2aP<apOms6g&zDt9#2lraxE~U0PqoZD|pe;*$Meg@Gzm6d!FV*Sq-_X(8!mz
z$Gt33c}_}Bg(HyBLF_;78%h!mk(_^`Mj6;=ntyr&K42b8an9yUF?v=ZEj@~eEvvRL
zS?KDl$8*()&7~xcstBS;@dJCTQ<2{o>KdLLp5obZIM~}`HR^ALzuNij8Q<}ijIqMa
zzR=iii4a;EUR&dj_1L#q$|O)uZzPlQq&fdve@J&}aNUfcoDn_rHhXTKUMumNe`VJp
z@y~<7L+-5rcxZbDI&knDg=uC(rmrd?dUcbd^%8eiu^kd8zKfH8GO<mWnr!DK-R~GC
zAZwFsYdabGharGw#J70&uEc!CYc^9UiyeXJXl}MYS{TloDo48<?VBthslqo~s?>QQ
zll<0?N%GlaCE{j9dIvcpx**Z0y5ZT)W-M5h*%l)NEClXnuovW#?bl3je~HKMbc7}w
z9XI(fGTIlSQ%noIj8QIa7<S<*m*1>^6m%$7c-uyZVl5~#(6^wNGi)nvX>Hxw+B(`n
znX+Aj2>=)$0f$c`Bd#;_30e00p?sR-90@oagc$G;@*!k9P`CO2ettKgDK2w}QI$aD
z5?;K<Vu}}v`yopulC$@fqC#>x;Pm{T*H%f(l*^4K0h~WFt8$61JehEo9uln5o7Usb
z!xN??Eu-kz2pixwcJ`v&%R%!=yx?)BTn_RTOKI?$0CEMU5|Y~Oi4FPsQKkhXB+zBX
z-xuEsICtv5i10JC6OEC}ex%N;pLSzCZ#!a4C%rPevRBUs<}$#fbaGNt{2?VJB?M(A
zCMjXz6matx8ymyCggb5XyMle6l0(ujy}!4oQen%)!BGl3Ids06!!tpR@xLR<tLV?N
zN{YkP-=7((E#6Kko?o2DA`_uq6-g1g;PWb*&UB=6*1zpj0S-IUW2Sz@j@6oYlXzCC
z`JbfEzN+>~T3Af18S^oyU29(5#!((FUS90muAXu228BT+(H(YJosP9t<73{3hHMN?
zknHstT21}*Nzw!wgQjLYh{hHbfwrBrrsmmqvM9fMx~{B!Kx+Q@S<1oXjNJ7Iqaf<e
z9zV!vW)6QV+j*Jn`De-RSwqLXj&|0OS>Y=J1a`3=CP&7r^<_LmK76KLI59?j6ZJxr
zAzEs8k#j$e7XZsPHCdu?yEAP4Vw;1TbNj`QUh*lfFAjx@4%C`@x~P0XJXK=Vv<^bx
z1{fCFuT9iMG(r;iXR?Nn&2VeX0S!uEk^hAJc(}NrY3f7F#ST7(1qGH9)gQo%4O(7Z
z%^Co;tjdq9EDuo|JB$26@&j?;jq5ObcV|hQ<+q#+_2fqxr5k0j?3SC0G+7}4UC>le
zxapVQe?=1_A5>IeL`EE0rNKZ9*!1kJIi7tD;GF!Zt(A=C)X~$kf#?mxJ`wq{S5n$d
zQC3ecclD1u)J@=vk2E%R*7Oh8v>!~)7}=nMd7Ll7S@;}L9;{6ZY#-voMGxV2I4bhA
zFSF<WETWTC99?YLJXvL-59@lHqu{^yJEd1v|73wYJUnF2A?Jh&d+$$+<tgproOcye
z7+=5Qlhpxq0^~<9G%94iW3!|S5SXlCu&)>u2crJPc&cYo&*`eQNU(WdZXXJIe$VgG
z-4pW>3!GKi+mu-3sOQ+l^D@sA&x$!(WkhbB<z#UJ9`GFWXR9i|etn0CNLk=m0rN=x
z>RJv7b)~XBC(}YoK8UVwbDiJATORG}e0sXh^-eS<I41Vjy<f?mgB~0@^o@=`%m9FK
zuqa>Anmnn{8bAxOwZ*|Xv7wd1<6B>km)zRT`=4oHcUq`Ca6ljl1vUXRmzb$llWyje
zAm66yecu>d4A=+|^f>8hNGXQ?gr#8v<2rP#`OJ5>s-)vGQ(wu;^5OF@b5|{WK#!`Z
zS?&}WlkAIIhR0`0E86WX`WGBoieF-0Rp|hTWMjE#A_QruzmxNJymGXyO+4SB49x8_
zGK^GI&Rkw^U<tx?03l5ywp4nq%9iF*p0`hPh605uy4!Q)si8xX;^T1!iFH(ss|+?x
z6)sYzhjZ21XI{=my~V@3!|u>AQW1cnDO{B9PnsH#7;$OK3#>d{d0HCpDEA|!`=0av
z+80)~@S*__s;$i!7~K&s^!4X6L04g8LzbowiX4~%{r9b>61_=E$_G8Sa27qthGw&h
z$GZFfQ#N?2FL5*YcFIf&Upq8-XINWGo8I0g1ImO==x1H&cTN5}ft=!w-)4)Xlw~%g
zRUbqQxpO#~>-$rZOcLCy$SXz*pB#gZ!!BAuAm1ekXsGn`XO{~9!Q;oBpna#V&iCk1
zBk-ad8&l<72{$FGI-k`rh%cYs?s#yP`hD|VO4mh_%q~q3ti5~%bQSVS+v0+FSuYz)
z^!KBA5!7R0!Qcm+52Y{1{pn5XTJWG4E(cvvR4KGF#*_R1RpwVtCkIPdR<`&3IZRHl
zx_R~Lo98KP+2lfB&T8-1uLorg-QKNMHqIZD5|=oB?+M86a~<pAwV(2-6geuZG}+SH
z=-N45)n`wVf}Gxe{CP&-;w75Dvp^T$flMGWz8l2{fCzrY+{?m<<bOr}6dfLH{UmyM
z${M~R{U1QTzCr{R^I^_i4VIpE!%r(HB9GfaV=h#9>O9>BF9*y8OMCVHq`12ZONFw~
zh=fV|K61d8XlT+Ea@5pajtf70sA&$SEqoHA+utUCRq>a}XeJ4&LebWUzhRfLqr6~h
zG^hW#z_}-_gEaN~R^!GM;s${4hKv5m8WYsNz047>D1Yv3<H=32C^D*4;)JLYk(&V^
znK-+Rw%uunZN6^HjpYrW-fbPpQKo2@q~E*ko=3WBNON`dH_2Gu>}<Gpp)g>WnYlb(
zRh5>u@a>taMAVZwS(-w&7@J{aU))fJec1tC-Bbs9%Xg=#${}U8rQt1@DVk{R&hSLG
zZQn!ce7SM&*4hpvZ!2vp!>q<V`GS5d1E=E(2Gn+GDLJusN&W-Hbj0*c&*wOzv4xV7
z{0`xh{GI17GP0o#A45OxZy1|n@+i`3zy&_`(UD`?{BN9))RXMrIHARV!3iaqe?hN6
z=s*a*fO6P3^`>0+LeAo5V+$Ak0^yq3EBCw~R=(xXR;p`#PUaRb!UWxZ3%5uC+d!Z$
zBrPbpm`}BMtE~W)AWIXqqt5bFjq)~sfx)n@QYdv><|riK#5Y+tTDSAr#u*^;^z>|^
zOso2yL-2e3IxH|SFe_^X<d6-^@8kZy>Aj)$gQ1Hs*MW<R3xuLbc4Gj$;0m|4wK-v(
zabUUXQbLQPcefa1NEH?T?k(|fI$0kLdq$&;tDejq`A?Hd>O?tDEbm9&KDu|5E*$dT
zkinwDG&$Y3KX+`Vemd_v>(;cLs@a}I?(Rli<+7UCAQRt7m!Aq~nE@0t0!IT1;r3{*
z6pqM<2tznbO;7g-26?L)cdctG++&Rgix4XZSrN2L&6Wcdg-VyNjU5Zv7}<zBE`>8f
zRb*#u7D^iEClBPtEe9dzpX7({v^U}iSgu1&-7}k#*d}SP(yMfN{a-m_ulwiC!@x?E
z8LwKp<EoG*5EPult$wz*vIFA4#}l#X?7K_q6Ph&uA0HsyBwiy~d3j1Is@q`L_y7n^
zK<Ni$?d8jt;5|BC>BRMKKu0^Rxupe|kfzXWfdK?)Es{M~R2-6-x2H{!2cQghc85oK
z%U1i}v;sTrw*SGx?USTGG;_z-d_M6`JaJ9!R}m=Zj=%XA6!_6O7oH&c6=mz~Mf-`3
zXA80bs$9h(y0dt<^4GX2y57m^&cOe(q|mTYu1Px&AW1iTGTxdZ-Q7d{k-UM`-1SR*
zdzBdqp<nx)dVm<Z&4)L-hZ^y=a>yfc8M|?pdmz2W8#;vz70mV>?uR`y==t%He$mTJ
z1uI`K&8{tP=PP$Oa#Yy_$riBWuMEX|0JWu8?<xX;C{zM+k%qYT|Ha;WhjZQkf5Tcv
zA`v1IS$(XssVKDUy(6-dGD8`a5lYD>JK2#D5=u$gGpn*fqLNL<{rJ@P{Qkc8eO$-y
zx~}8C?*DGbd3Kz~86WTWYdpu}`FK8_sMu*}Xh5VH*$k1I2Y|2%Gmwa1hAE3*RQ512
zfeeXh58oPus`(Ed+$D!lX2aR~QHrDd#Bo!-YUN+2pI>V6uWax!c69l+Ys;}MDpx+K
z?S1ay>RRX$5nQ_cG6j1dyissEeY(JR!!vbbLNQ8YQQT4GwH|7pTYP<er>Cd2GE_mx
zW0iKn@XZ{+ur*n;{cfx@a>etD`wmM!>KhSpDJXF(D5`Q_?)!ADL`jIW{3F{$Zujdd
zm6abAkACvFT;HImOV`aQ`qDd6s?yofMJI=HMdkMw=~@gM3GyL~{Mju-C}sW^r`gUc
zKR4HL<Snp$3U;s{jEZeu{qy1)0G7c|10yV}%Pv;gZFWp$%a$#B_r_cQ%v%5b4;R2b
z&RbbV+T(ZUPaf}!mmM-F2s-sTb-I`Lmgvwq7F;<bCae<YJk)X|Ykc?kM_Jzbr{X1^
zGlG?K?MgVm=!Xgp3Nom0yJTi&2GEXb9+9Ds*vo3qM@tS96K@_RHJbn?`bje=TX0oR
ze#@HlV%_nU<LSD`mdh-JV=K!)EgW|A`TTTpF*UH!Eb3@Qckum_m#?=YihBOB;j@g4
z%;)az=z+gGS)B91bQQuOX#QGDwrq%6Sy{ooe-4d%JyWmwnFb*xKCNOojdZZLC{uK`
z4>r(`#x)gOU8VhbIDh%TRW+YXk?t0dU701mHE>6%js`oOjFb!hd9=FWL!<c1@`T5a
z8$y~tKWjQr9VDm~p+n$<t4m!bcR*~(boB{d-`m5@=t_f$W&z+v1exCIw@{F*C@;5l
zQ<D%EcXM^U8xn#zF<veO(+BKugY(`JO}K$nX&}{Cv1{$O_4<~(*iV)$cQQ^aGl5Qx
z(|>(zr5BnPq8U~{c1%9yD0A59h$3q5wXw0tkGfep(S?Gn)oyaZJeE9O2oq7>%l1=C
zmuiHMstY#JdanGVE7iI@bv4Wx_3??Zv1dLT-YT4;qAnkD4Lm$NKvNp74S~5?{Ywo>
zrY~vMq{19ifG2Xd5!zET2`i9;-7E`1c1$at$26$aRP!1?3Y4*p_6CZ@*n2N8@}<O|
z7LTz{d>GA98&V&FE6irSI45hg*s(GY;$&hnXLsxU7!`MX^{?LJ|97%AoFkydshWo}
zQpIQJcK)KEHtFqOJg~72MX=wC;Wt%_9>V_ak}GR=yc%Sq>-;a~b@s+u(2W~6Fvb~s
zeB#6j^t6G_RKnaHb9Kd^db^vgx#@WCy7)we8ylHalbeB~OP5|+^_<;QmQ<wH!+3-H
z2BlWk|4Xr^<KWCI05h>Pi#O(Ma;<y1J~|;V16^(ITs9{MM@@HksY<*!h*Y5ZU@YOk
zml34eC$;_Yv9W9NJU`$yw{%liiOU+Ojki(O1zchVwNoUoVYf+{v=JO{BIUKk(EeKO
zqv0q8oin!U(`~G&xoJQ=)xOp}R=rfLRw)j_^})J3&n-(H{8#1pDDBxO>Fg@9zqC@4
zL>gd=tuj?hL^#ZMoaHal2-@uB8~pUemz#c-JY$m<jdO689@+7i1pab1%grDg@B|nk
zo3@a;U=Vq7@^QL>0yB9V8yhGXf-zN>@qx$*Ph0eH!9u7iJy#6dyDfIDdq+X6t+m+e
zh3|J?gY)`r^whwHTe6OQKZw(;HSyQW_+BXL%pd=c+H&4nRZ^9iWZR<v$2C^o|3``W
ze;R1|%)j|>!^)joSy@;>a2_5UO#bxh3;lT26tj!DXH9HD5(emG{D?6TYI?3;p6g?+
zva;HFK+9Y5!S%T!y2*Y25micyu7j~z&gHT3k<q68BHd3!&F47Of}U%ZGB^NL)zp!a
zuv=O57$!OmlEI0b{|q2^zNv7X9GjfX$;cS3K3t&EA>Q#^+1Bd&*vHI?%;YfZCrMoo
zgJr8bj`Z<t{78s1+Ee5@wNw`LDSFXfyxVy$>M%NEp2t?FZG=!U_r~|fGD*CMb1qro
z`fq~A|NZ_XAI^ZzfAuGQ7*XqvVjb|>7-_kx^z+#Jhm+sFqN>e=f4(v4-upiQKfV~_
zSyzV$aAIQOfcNh_?o@T&nwpx24<Dj%Gu{-hH@?mB??O^ctT|VJcT|enk8nxiXUlI%
z(A@U;+|s6|6%kF(HU5}ar~b6~H3Wu9)`_iQ6Yi&fqo;v&@S`fZ<MLv|x#%jBEBVvg
zZZR^<-OV!b=?xn_uti>F#}A)E3755g0CmC_L^PeWo(o>9jJ&|dqjWk;*7~*T#N;<J
zf$JqI;n6G0^Yn7p!6bY6;c{P$p=@*67bg!Vr$S8+A94WLXw!Wd9UZN$tfGQhNF}AE
zKC2Y=Y=c+lz6i}Sc#nM_YG*Hqyx0*JRWtEFh#spISNld!MwcHuU^4qP^M71OJ{UJx
zU9};}KED)OpoQuf%0%(~o>VsTk7<TK-hDG$)GSsy4^H3-G|(uKu8!v?mi^B{M`>wk
zG@vgoEbNoKvcH=0&q^Ql+8E^5L73Qn<JR)6tk{3`Yy~k<{OQ>OkNK!-5xc;x^oa2M
zTbC6bvLn)+N*!exy}ADur^@<Q!_p4^ZPyyNP6!W%kK*a@`TTob5WJ131%V1r*JD?f
z2P^XL(8|sIZP}t3rrPknCiG)+yjwy*)(f6;yhcs7Kyotwt=NB4M*dG!vA%(?dDU}y
zvQie~!(Vw-tm!;a<PJYew`Z6xmx8o(s;i|`P5wgB((Dm=-Nj0pUm=qri&ryNj=Ee(
zNSb<^B$4NJ?XJ!(Mt_>W*rLoqrT+{cOC_jt64N~ggZg88`(k?)TPi&p04eUwjp{2f
zd%ZG0iIS=x4I;+RsK3A0{F6K;(|fjjzW?Nt>fSPkcOSw`ZG^c?{sSwlkX4cPd}ehQ
z<RR1Ma$#rdo(y@tv%g$rFMS>B(lHd^@+;GES0Zn7JCUr-pT~R2wp&hG+~<|Cbb;v8
zMuBEJIpt3>$AsN~Y+<WER`tIUI4aOd2n+vb<Y-y)P5yqvS{N#6Q~i&ARw=D`BcV>3
z{`KFLk|}Melcs|J69BD5z<8D|2jTKFC{z3cp$;1~Xj;B6x|T<7F!z=x;i$=P)8hOC
z9py2uXQg$sBXUCXK8xGsjOG51YsQhpv+Vpke7$G?Srnz(KT;-&@4MF<9&O@@5lIth
z{6OAwvHOVtq<in)%}ZHF5jmf9N$=k70fA!)F>@Wgl<@Ven^(yee%RS0n~ujGZWU3_
z(ovIn{ZAQLlI>a&nd+L!+#rk05MA_pi-m;+Fyqj=vC8o01|**=SwFH)3=mT?z4!a6
z6A<%9+LahOCr7^e^8c#I&5M@z|HCG?b2*NedVihMZT@by#j`0<bU4z@+x3jbC7Jn?
zp5CWU*uKIsPb&9*mZQhml=Tm^=*+V3ko`hpxd&G%NXqHCN_F`O_lMgVqep{hbSRP(
zo%LVS`DCK+LPDZ+?f2qE4n#0TkfLp9(8|(=-an}LgQx$TcapqJ*C;yx=C??xXytYw
ze|dMGUGoq(_ha-dqOm}~;QWbu`;I}OJuC7*TJTy?kwo10L1aoaBly3fLcW7SOv}qQ
zbq38|vR-LmU3~o<rg{AzbaCc?jxGi|K<F8<7NTlKxviw6p6>1t_9WZ3t-P!Zd0bca
ztHVF%C|P$;wZExqrXxD_?=sX*ao-Dvzh>v3@<C6TmNVghr`T-Kq_&!Z+zBeMK$}Iw
zZr>(H>lvD(V&dZi0|KI=qGtXnz`y(ARL*euvX#}s&V({zHeq~Zsc+TdSi)%^F)8~F
za#OM-+jEbnYr1+@!uKv3_f%Z{DEN3dHX<hG>#%0WGjnufHqsK$>e1KY4Gv!qQMzhr
z>lS-{t*<+)@pmr<!_E|TYRn&t`E#O4ru{6spPcI${?4{ckJ0FN{b(@xYDi;KO94i;
z{Syo_{Z}wJ^fNMjW$@Nc!)NwP(5$%i_e0&EbUK(4{N<iP-2v6Wa^otiCT3@6XZANp
zU?eW}MLc|%tC_XBx_T;<r5EVf^LeY@LQ8b<2pAT}h+m2e3)^+?FGXxnN&{dYDq9eV
z$lV7@z|7p-Ls_5oo7*V2Q&M8A(<&#c9hwYo+&E!o#@<5u=Pd@8H7ZK9alPTQAXkvJ
z&jr8R**QFv*dN5kw&CZ6wk{nVouhwyeSF7HAN#2k85TA)HMQz@S5i{)A!a#R|EU9$
zOs{6P@OPoHHIz+O28~5L_B_JEPQ!14P_Cf;uZO&Bkd0VmV|82>?Y4zapL*0hmRbH1
z-qX|LJl_1v{qN!?(#?mb6L@)V-@VH!Zm*AuO5%$W5D5S!&D#I#TiB2={gZP-?+qnB
zNy#$T$q#XZ;jl00z4-S-2bx?G+Jok*xvQ%xF^66?Hcl0_$o!t~HU*YbLR3JW?51SL
zY+Kol)mfg2aK&^qx{dy2e3BfMwM$4xyX&VdVIVJ-ULL5bl6C=Y5R^M~jQ*>s)7|^)
zTAt_ZD>Al+GG2%P;{G8SB=Y&>^LIfl&;4ILqb=-}jHcH${`98il;1SW8)M(p@&YG@
z`_Fkube2~BdoW0fL;r)R|6iQ_|Np=4{r~HN-i`kg=Rob=LENRx8^(gwSB7prwz0Ar
z8z0x}KZROu6u$vSbVGXTfR8K6sML9zNPG>Y+@@mk^YhEgrL=xY{Av0dl(DuRNB>gy
zvXiWA^*5i@uH8_>4&8Sw`>X~9yZ0Kdn9rJy^pBpWBLF+zgE6j7hT3nA$x+WaoB1s&
zPgi^rj<`)N=}i!voo8h?7|VfsG|p-r$XO?QoYB(Qc*mM#KMKXQwdn!d|5#|>j9+92
zVwL$8(TIA%!h+L>oRnm6Q+x0jo`T3M7K~QfxObXhH!0g2ccEz`)UL1Cw&Ssi|B~#&
z=VMj1v-dWtvm<nEgLO6Hq_rL;P$kH>n_UkOtF=nwTr-c6?=Z735@Qt^Yjv@=7g332
zI;9n0_Q54aq;xj6Go_h1gW$Qe=IC|R>!)e^sbZ;*XH8pVSIT}=Tzzmv@5kia^Uq|O
zaph5MHg`foIwoAER5DpG;{4Fc?Ah6O0Rn$^j3CHT_o><^i8WY(Bdv{>Ht3D{;UZTj
z63@!SCePl+$aN|TiWE9iY)kTH^Fw=<YVLOo?X`~GYj^nTF_8xT@ciSZ?-X*Tr>~@I
zGO@DW-IeqbY|H&y&ns;s;cfXMhHi++<s&)V&ZnPknsjQFa&UJq)90t&x%0F>6^XBk
zbPHM`ZY!h~*7j|A8P<Zq+h3I`6}ZD=mj;ct)Hy2eGfSo2;Pi<b8XvD47%l9&A{5<V
z&{H40?403YA&*{8Nw!RF65n?2$J#eiofWDYEzA}*W8T!&IkTL;V2vgUx!d~up`oD+
zK?-yIZPjzvV*Pp!1$r{H8kA`h{B5@RR;GN99+ABD>Ue*aGPjbN+SN}VGP)-*KxE0f
zCp+;;i={A=z0{4$l#zt9oCjw%x&sLOLq`drHrpccmgLFE0whBlnwuZ<9S>-Ac))b{
z=``INesgK)M%OvI)OevJ3n!Y^784PnJ$$4{!s5xM&R_Sl^}s(kl@=CzCsI5t^1TIZ
z&{pwXBt2Wx+Rj)WtTZu=<4=r@HQ0BW)A?B6>aF@-rl>t+ai2x%90`&2aS~<@?>fnt
z5_a%9$4fhXxowg^{<EHBGHfmI8lSFu7758s5&}I5J&j#Va`$9b+{njxGdh{sLz!>*
zqZF8`vNW?I8b(j09mXKbqa9kIBVWHW?FeYUPNl%HE56qJFvUwHvqO7qs^7HK*lzl8
zq3nsgWA9-9)#Rj249uNj2To^p8mU%B%GjoJjg9Q=9c9Wj&AhAcFk$(F?CX+hPQyxc
zS&sR?*GB!s;9hP?E7F>eI*oTD&y<hyOs4z@Hh)^Cka1F6WUQ{IkfM`MT`>AJ9}P)(
z)jLkpJs(5rx11B`$n=<|$sH^Z$aJEfL$z?KoL2j*3z_!*S^j5Ey8ELWEQMqH6-)vZ
zw~^3n#VcR=*_FI5Yrj6$xb0rj{(BL_UxwvkLJV9e)@s~!qN2l`%2}3g9j~48&*awe
zzC|5Brx(><HUD;ZjUTtil?*YF0`FuYmG9}hR=|zT6g7_9dLrRNmLz&R=P8QK=RMab
z$4OAIbV<HCagauvK;paKS8<zfg{po-zH*x@t5!m$&)u95_0byw&$1rWI(}>z+k+rQ
z^pjX_j&Fsgc%XTfwxXqjcY&0lZkD!?OSjlW?o>)lH1DRENry3q)8eHa#k6+KXX*J|
zB!5Wkfe_x;dCvq@y<y>`6+dCi?BZpTOII0QEc>42dAaoj<=r>~&C{n(SA4wc_wV<=
z7fY8=5OpFp)!SotxY)h|QY-cu%^L!UK#c|Ucz0(WA0&Oz8khDaF_6hY|HA`OW)(TP
z%>r6t!IrO_HQGKtN*iN~yKVeTvrJ#7Vz`iLx^AVoShTOTF?yl+pohErA<AT0dJ+aL
ziW5!s%SP&vtv9iooT#WFr4rQc`uCxGQo;YI@V073(c7SaY>iIw8yk#bw$3r{>Cf@#
z7nG)I^?)^5rbnVTb<^a7y$C0#U*7#ZpRuef7sAP#o~YV-GVmFV6qA!#bl+TwpLCH<
zP_<6or=O+#)a^7?u6nxo>5LAI+H6r31AYd+NJW1+_SI8l|6IdC!W9-wN7Y|QOSu`5
z6Ti2tV`rUrNjt-RFwN67Uo~zj`*E{el#`Z1>+$}OBcxG0ZE{KS>mmi3yu0`8_d5#)
zwr-Bt;zU|@cwk`Q8BWg>VgLPFp?(f5b|ro7edpZWC0Qr8^)t!A<dAQM$sxb~_O<b{
zV!ZevmEb<+mj-G}lxLp*w37*OJ^7PF{e(0Jx2l2jv512y^HLG*#^Erk4O#);Xls5(
zMnzc(ZteIwhH{>eK=ba1gD2)=neRRpog}cwYY<J^-_O5~5R71<e`S=Cf+DP8R56`4
zI3UDalzAdQw|i2ByU?YLd@tGHoIgX!SOGV=bi~2v<AOxVkygv(auMNkM=NYPt@Q%m
zJ`}z>6n%!%g<xXdD#5E&vtf{R!Z^r@UL}(wlRWa@J6DtRC~n69j!U}ciRvpwNhTQ`
zwxZ18t{3p)2{q=uJ6WEqpH(V)>$IKEB3eGb8-&jEjEsg+C(5CuSYxh8#kS=hdYHMW
zsK;$KiY$vKIl{`#k7sPMxhmK_S8R9*DEV@=O=tGfk~@2`7}k&E1PQh-<HFrnn-d~6
z)h{^Q(aq7x>Ee!m!Vz{`)$Hm1O>X|%M-B5n)NuHd+CL7lIC@`jg)iRTNqwiVU7xMP
zuUEM_`}KNP12NmY&8|e(L?}|xw&L}^$Vsdb8j@k*F57T~ok`b}I+t_v-xq~Lbk)!Q
zEa6R7@Yx_kdUiiM9sN|2c%g?FQYFfKcUy`vN7$iRs?M0b^53Ohr4u{`kG|8PzUZ*(
zc6u-C7|9QbwGJCmCMG8C@q{NjC;r(h$%{81L_}Dy-@4}FB1(0{|9N&n#A9N0v$In>
z=Be+@g+qIY>?FGS*b8CCf`NxLHYMF{uaT91LQr!q;+D0-PhGnDb^OzMSn^{X?&fvX
z&TOJ%*}4g~hUJc>7kJ!iAb4vN8dWy2zp)Xu6J?$~$j`2jr%TCsXWNywP+l1GH}AAW
zMYeQhsB8EJ_<XP{8Kbm~`?9GeNUW);@RR7ptB2xij<;MkXTJOP)zhw&e}BA`8VXT-
z0>aM~I5e`f4<&BqQZ)nH4C5Q#dpy;D7#A1J#o=Cl@{FNj(C1UMK?+&gHP^R9kalG^
z%IAgDnnx<q!|C&6ym1`BZ)u<3>`f;kksS5j0=0JPYe)a<HGE&4KXc{`uYg&UTndt*
zR_2$KdPfM6*>BDt&dSO<l)X7BrR@qJX^+Hfx3vb-14JO_=3sd8H^<+w!jL1q;T6Uw
z(e(Y;ueym&u@kGI1ODL_QqO-MrfcDtFs+-T#4<;e=+1jPOrwAARGJ13)ucRLB{4Cy
zi<(zO_t3q7EsonGd<4$L+0r-7s+*-dQ@V9@X0b(Sy^LG1Ow|dh9fr@ocEs=Bm%Ya|
zJMR8{^<iDY+(C7#JEx#JDEgj?lQ!r<c=*ua?MpEk&oef)=@94{-oMmsi8+-9on;Xz
zA=;o!U7eHwDav&(%`EM7P4=<f?paSiA2o?I%u`iXE*=Q{uirov8N@4l?_1ejKmp5_
zr5(3N2b+#3(WXAMX9tGEuXYtCB_%1Q<Fl?%Z(DHxjO9|z5V^YLkzr(iPHK93!=vYi
zNWIjp8n<ZGTNKXCxg44Q^6wkI5Tl8SvoSv(pMpe=D6_K84XW;wNG#usoXXOM%2%or
z!D&Oj^3F039UWbY+9tB2*V0Eh5uAX1;K1bFW+TeY#T9#5@dP8OxZj9my5{@MTEPmb
z_$}8&Gez&&x1ft$8V%Yxx>VH?B!fs{qg;6}U%uQ)OClr|e*5-qNv{>r4GTzFsb<7W
zyArH&UIwTqG0TygW)4dV9yzktn~R>V(qyB0W9?p2<_V0kb&)PN4vm$)^75M|clh0X
z$DSLO*s;_d^IC~mYdC-CQF=Nkl`z&79g=5^J|_9Bzn7gDAD3|b)=4Zfpweq|^(FUK
zke2ryi=+Mpa!(Vkk&+T!NUeCO=FtZ()wJ0}4B-k7%##8pJL>kev<M-zKYwVyKU)Ev
zUC9atg<s$6k*B+tkufkXOI@9=8B8{YA_GFC$#a*pIbAj0bdt1TXB4!~#+`0~5dvz4
z@@extZ=p^IzD7zVgXK~NB~|luFKBJ=xllGPsY-}!e~rEopabzf+i|_o0N`~yBt#^P
z^pWPlguGNI-*Xf@cS`KpK^x>(&FrVH<JdYmkI!xNgAouC6Vu7>mQUK;eA7+`EG76Z
z?u~XEQT+X?<PpI@)eK51DzP9rm}3lb-f?bE5B*bpcnbp(#S%kSI=Tx+y^IJAQL*BN
zfJLmbKDath6}N^O(|w!wd{(Qt-avOR&hZ);jL5fo2wXBUiKP7UO(g8OnP3`OS#e9!
zo}T)L3t%eG<G1JTsYpaNx4+PGa&pFe-K@-b>YMW59$Za3J3>jyhY1%jEw~<s3+}z0
zNKJA@27ex3J{*>5vzySUdqWF$fS>Qh8P58~#y4qSpQtAtu#)2nJ0r?W^)TedAza+C
z&u2Npc*VrJbcVk&-96<jwO>YN-@4b!gI8F1!r$8zZZ@J?wB6TR07FbdV!V$ohybKx
zMDpwAmj*T^hGXXPIy*XpjN}*_l~aT7-Rqv5zn|%QK4sTj<K1lVRPBEhTI|d;6);Vm
znVm)G-)$p`zt<w)xf9>nxsa(qQDT4m??=Z2=c`gU*<ou|v;83@@x-d8Yo@4v+z~p`
zbCXHQa!@YBE_9?ZEn6#^i=9#jZtDv*7cE7d<GaV(AAWw^!yjQ+HG26p@iLN-FmekD
zhE`t!74zPq<Hsd0W`F%^W2g!@HaVY3S9)Va^4a;fnoMPgJfy*{;#}IXk;QQSs-1ZR
zGaFlrBg?SrW_E<Yu`?GB?WrFKC7M_g62aWf(_&fhH+N6nvfFgiQz6!wYIXf1>AHF1
z*o!*iry&l??~ZrhXtVAQIFWp*D=cm<Y0r-vtx!X<Hw_*sa|&Jh`*?cicxQNs-F)vd
zxA~Dat(>M}*g?8w$J$4dN|To8%<1^e-TnccLm6C_7jmxfXDdcz9{RXtQ_Vnh`-ICV
z6YJmSc|t~|@t*pR9X?e;vWbH>s7Jf&Xa&O+0en`7)aIb=Wv9u~aWrX;ZLf30t&uA`
z<{ZEKjP^^efNOGR<m7I?I?vm0M0By(*`1M!wQioa->#Yo+Mti41Nwx^zkmNmOOIWb
z9S8_KYKgn8A^{cnAi)>2>s&(XYOYULoY=*qM~`|h4Uvt1UIl>xVsRfZ=*#Rwp0QxY
zhwY@dHkl9vslqd1$oUktEiaBOSoJ@<Wa_<~ZY)S7Rh>V7J`zW{GjkU+Gczk|rTZ`Q
zxZySbk1ssXq+Ji81R1-s9n(d}3Pe<WYHau0tut*>)CLH?^sA1o?he!J%4B{>?JyYV
z?j9c7wr+Kq>Tz6M`USQ>{X4JqwZ#GSKTn`J21xtn&6{7mcmZ*eZ{7K9^z`$!jHc-E
z`QUHJl$M;Fe4#EB^oF$4_ZZ#@ASo##(HX6uzUV@zB_UBaz78<{8p8?tO)q&wM8fZm
zAYDRox%tI=dOlq=J<-a2b|1N$U%l>$KF0)UR}McsjDT^Oy3N%JyDkEQzBM{>K2#GC
ze7q9?W5*8(n5xPP6S8xs+!^4UTYtC0+y$+y1=X61nlTcsg6k1jAE)x)Le3(k5-M?`
zW=7OtRe{)NC?_Wew!p-D)T)4CR!^(In2@t0V#*v6zCfF%$Vn@;D1~y&>Te9I*_>O9
zkvbjyIT~rF&^k6eG6MBEap)0ByMAk({rO_H8EW7O-bp|?GZrzTtpO4xJ~Qumi0jso
zp@s*iU`I_ER4VkY(R%ZZyq-(OM^TK2y=!U$Y+=>{qczr0bt`HQ@l-zC34>dI)LBJU
zm0^(8p|`NMqa&O~_~Hlt^<_1gWxvl0Le;Ar_l-W4US>0*s+t=9h8{be99^%;ywZnG
z<DkeuJ11Fl|H*d*deaf!*AM9>6X5<99w8F0_|O!c5qrcJdW~DRZoR@{?c@!153p~)
z`(U-=Fm=tuyL{_B%Sj9WwOh<Mv8yCVeN@5hHU*9HtKC-V8j%Ec_94)DS7%W^F@IVN
z1j2-uq&FTAFV1;fX(3*ijEt<~H}Kr&_l;sHaE#Jv<6E@};lJd#!z-s6O5Tv%BMJw+
zjBG_0L}j9ikq#k}#LF&1(Gr9!fLs~Mu{9grcbG&>JVxo|-hs9UO{kHNztP=|%|QG1
z^_eg4p+Tz>rT?J-osAd@U$yx8T4?n$(V>DwHE?~l>E(?r(Cq$6dr$D1?ykmn^eLyd
zx_rVQ&2yvA8U`9!<t;281<A;fPxKb?=qylf-~JXuzQB#|YoH>14WZ<f#h*V%NBx-v
zMON*1Mj*w>@Y9fBzMETHu23q4orn14Y>Rfji5F@LNCbW;=juPLnULsBktdtg{g8T+
zax8Ei7#^nEQ4~bRhDS$B;D>JB+-xSZ)2aNSZ3GduGR!0U>*W-uN7N`q-n6vHZd_km
zag}=qhpv*r8cDdzBoaU~^R?|j#zj7y+U?ZTGLXi?=>l8+tHnyXez}t+2!Ia@%{TDN
zsv(I4(JZ38$M?Q2u6^g8>MQG!<4oJUd$P?ZcE~U+p7`p|yaj))-e;G$8Twf646<8c
zE8{M?hqQuqI(9vZ3LIgo85aUirL`R#$vu@elyd>(=c7lB3nIt9fB*FClF{s}*u@W1
zxcvge`S25q_;`ci<&CwUKAkH^goG|bFJ`m7<(P7u=mbWfp*X@grS(c}LMz~uHq(e8
zw*5~6O#2uKPk1u@<{{vm>HZR*-CwU_?!ZF2KdeFHL#d9SMJe+)w`X3g;#{G2fRR&K
z8fgI|mx(opCrcy^qcgzc;MOrZS8hSlx7U&US^rZlk*hn<PUp~-trN6?ij5;~URLcJ
z+(83-*4cSyn9AiKQ;pY_r?|tpxVa0dQh*+iWweS(Jfd}Kr-)U4X7-wN%+pE^*2HEA
zN_5SYEmV8OBgFN8FD-Ru>rCQd{O*H$7`Z^LYH!JH521m!)RPd2G6Nonzw}=|?-v-T
zl-`aZR+^9V4)*-@d0Tw43CbY>A3qw$b=1|>@ra6cuHJ;bOitb}_YRij9-His=hd}1
zQ|L%e82&Nd-XLo@C`ny1M8MQDJfor8v{U6xO!~b?O2r(pFhJ1BZk2-p4PrzUX$E*M
zY!Gz`*{0FcdAdc@Eu^<@T%wjD&C_j=c;pGA;Afx0z`|nxDs|jnE&nw})9jPIlSY9t
zZ^i0y54axcx?$6XUI(JmbsaLQHJ4B4HcDs|lM)ja65ocG3u&mL`Pl~7II<*shu6x~
zOn;EUWbfSd=7uGf^wq0ZRLr9Kr49*^Y<d~0toJr-Ix{s+oOp!}>%g6C`*!Ub`uWo|
zT`_WSaPaVjw;wC7b&n085EO}z`r46kZ@C)BHC>$-a#FCYT9uyjR!wnKY%(7eqGOL-
zeL{8*it}gyS^!Rc;ub0FTps>~nXqn(vt&ONz*nQ4Ev%45qH5n+yg%%Wal`%WMu6mJ
z1f#n%H4aEiufSM+cwqtWv&!K0Yq%DI!H_o0LdgtXHcu1!iiRa$oR;xjrr%T%U_sWs
zCaRaqM7~K+$wh%k_>dU5-hl`3^(7G!%7?=M_iP&_L%|}aA4rG3KI4$q{0O5DIzYVG
z#j%l*k;%#aY#ks!uFEr{+vj^`8GER|=A+XE?fx5GdZx8+-+KS5WnA?^1ALEb&M#=7
zryr}Vv9&}lkiKY;rI`-yr_NxWJ(dw=v-QzvQ+QlI*<q2A#q_<qoY0T^kQ#r!9LLT>
z5?~46z#wS6gpY>UTk9+sO!i9*R;RvUY9KmmI*v?XCv3Z4{Qglf7pEq>7LfoYjD!8-
zxh9n>&|%44F2kh}G%U_U-r`52rl#gSb3x`(U-A2fhN4wn<;#WKVmfYa&jJJMKrc~l
zX578I^`(*D{nF2#7s0>7+uyl;JGo=PV|MJ<EZf@p@1Ko6fo~`C(C`gT-ud(UE1aL|
zU;pt@szIU%Oiu0%ij7}Uis?`?(hiRLK`1c3aPzxcZe6|AI$q$ZIPq-^XPb#@Aw|W{
zM+qtf!lvT&0O-{nH~l&^M7-7Qnp*?>{9?w{kGN0ok0iZ$^Clcx#DfRWd9dj-3h?)T
zdX<lt7b!`u(POW$($cF}h+l{L?WceJ!i<9g9jc10_Q%g6x4roISy`E6c<adZD8X~z
zp1Vpy9biQOHRFRlx^Gwc&_S<MacY0w9cj}dvIntR6asZg%hS8|?F(h`A>NM3r?5zX
zo5gW0pp^~l6oSGlVk_$;ueYh3(^pfsUTh<Zr5F|rrl{j~7!F?EivY0bQ)k^hwpj^w
z0UBmzX*{)bwGdb&At8wGWxZFI5R@PjJO-a17cvfY!DlM>=g_=B&&U{G@!M-<A_FFh
z!;jyv*al6G#Nh^C!qpaj4h%p$6FJe@aBe)z-Gh!>NOyc~Pp3SlO^8J08%SQY`>$c*
z%r?yCyJZUF0#_&Fz1q{1xBz>a{Jvs)W0WF4gWmo8#+KuDmg4O=61d#Fc(i?BtFD8P
z43F{r`m&Ro+X4cHtc+P0C6oG#PN?V?PxoES-$q6jZ(4w2FD0Yk4rbAJuV3HtS;zT<
zXkVH4nkTLttep&0z9{IpiI0!}f!I~rad_)w6_jbyH4lo=1|bP|99A$f`3!;bC&uMY
zSk_-7by^papfRG$YkDp!s#Dc=9kz;&iK!O?oX96WypR8aX|CzOAD$QmPHhT>(v=lo
zf0^S5%2?#=h$s!qu9yXNlRt_?I<6LTh)5Kk3plr#A%57hg8Hwm3zx!9z_g^LrA6}_
z)M)P`rM&ra=UsOF$l!x244Ptkd4^qI%;nBB#fkAiJHBD0?jD9@3%$<pS?INfk_$gS
zKQC`4l&cW=#fsX}t}%uO+Sg#6COfk_imcVv-$U9AmH6l<d=LO{+Sq2@7;}RBprBx)
zjF)H7<)v>q`7^8>sF_#Vc5uguy+3~lk&J}HLgNvx@*})^l{H~JuYxf_sJSeG0|$#F
zcjox<mw{~F`p-&w;nO)dIGDxldonfB5D;BPY-0H}1f&lIN*odXJRuG)DGrqcX)y_j
zXquT%R|g<!9G~#BuVm8ba^=a<Th$xu{i{@v8E=2?deLpqo;}3;q@890`c%-j$d^=;
zan30X6knWekuA0Fb%I3ZlrjQr$V!8UKv$ae61D)Xz+p7)k5%GfHMREV*<&@~*NOH2
ze3MFMTnrQ&p#}l1Q20o@Va`TfOptq|&Wm}7Q9`CBhPj@bYMg#o*&iWdp(G@d;rC?M
z^*O>I;B}8?7$HdIwM8@qt}l(;!-<k~{icl#M`-jl@_M9V!6~ZrOXRa=gvg*Ebw$Pc
zAiVWM$zOPhzHi?8imyP`>iu?%h_E<*M0}`X6%3_AgybB4G5z|LGxdBfD;3V;s(g&g
zh#-Ei&bIV=22>Rt*_2Yx)l*=$WzyrB!zWMN<!DvU^IV{jNcya={#Dy+8U7j>zVDc)
zx@<DMJm000LeQ@L{j-`*4xMm~*Zq|lp5*A|Bb2v9S@G<MVUZOTJ10mQD?Kx2y?Pr<
zBRlyndn562sr~|hNXmIkd7H;luVj2e!lnMJi4vFh$w~~vzu?g;kz|>@4v00jooRT^
zVDDpz7-Z~3T|!qqv85CwIHGRqr{}~0C2-8}Z8P)pkan~U>ZW`Y*_3cZf{*VaE)HzK
z)x0|2u6`w|mA~oqxH=}nLJ@~q_vP!?7vT0#7Dh=X9%^mi-mD`>eE5(h`nP7|zN)ga
zo*G7p@|ZRplXcPy%VwmC=_<z?NIvO`MW@CnS)qfWF~?ufJvbx;hQ@4^taAQ?kxR2D
zn5l5P<-M~)UvhPPWn3W?F$SY{$!Q%;SM)=Z-Dn6!l7s-W*lYj+#i!_Rq1<YT=p=+Z
z&G7>g@!{aUK@9pc<M-a8KyL*k!A%tgQC{=#gSwxutE;zO%&)X+Z!166IQROQ)H+VS
zsK<<j;lj)exI<X{h8X1wnw3xb)%Hod*uXja-G@eM%wA2Yr;%VwUK3qv!~GOAtvc#F
z)`)dR5CRnrm)c<Z8hcCd#@28okj|VFPZJr}6i+V^CL$WXB1>2wI1k0hhykCCPc1F^
z=PKM*)m6AfF2pKFK{cQJ@IVP2HUHKre7IsoKohILBYy_r>a_(Ukkg*KeYbN;?2S2k
zZ2=waIounT6y*lZ2QCssL`CP2<hVS(nDfbM+-YOotJv#?GkhQJ63o{S0=CszI&Nj)
zB9^mnw+S^sk(1cbj4j6kio!g+xu~esXke<HXDBvXb-Oo4e*l3#s`~PuI&w{2E2OV?
z>`ZI3p?hV6;xC%|9~p_EEdf!Mb<I|z_Kq7>Z)|;0FCTi1sOuQyg>m>+c_(hBDn=3z
z6oc^ieW2P0?ViwzHotIzPbb@AxOaR`cL8xTC`mvQTA9)sG{lVve{Cz>yLa#O3oR(v
zA0hSitXzK+M2G$7p7+JA{4|K1X6L?-h%abO8<J|aQ*j?PP|rd%rXuLZPQCA_`@&T3
zJ(-o;T%%?K(Nc%nUyi5$($qZ%H7D(K&#c%d_p{X7qR)jw0~}*!M>3MU3BRfVMcmJ1
z!KC|s;C#rEpv0rpALYKjx(s(@iqz71Z3VZt7{3%<_~Jd;LWI}Z{poEJE~}vp+(Y{>
zn48CVhebwO{;0GZZvGie=)(SyQnL_00U_H40-docZ@Je9=%IapgY9=81F?~c7nN<5
zv$0I_S|GY6^sKzzX)+;KU>!3e$uRld|1VPakR&9u+`KlJT|Qt6E&ppd@J4VNhkb&S
z-ejE5s_5O?{17&?L(Z0Tv)tq2OI<Hs9Mx4-QL*&c(d04TrI)uMDX#ZS`2O9T+!a6j
zo%&`5h?~K3>q$vUGQ~ZETUDBcV&R{95f!2SvxSva{pgHcS2oJF`s$}}9h`oCt^^hy
zw-MsX2(1<igM*D82i5o_CPPeax7jEwDP0H@Kl}(yTtD^w-oU3t?m7R?BAIdKv33yg
zuqIsn+zX%z&Awo(=uz$>Y&(gZy1Lp21BQs!<$GUks-je7<iz|6v?OpM;JcsOXc6Mu
zx1*p2JX;j?6jA1ji02zw>kx-5yxu8`oNeT;#OJ|{=xQ>{Lwo#~jwh&8#O}5viWw>k
zy3xa;5Pk5YvvhQ9R5i}7oPI8NQ&>ImWd(7a60<MVJT=;ct?9JPuwHCZPMjOc_V!a~
z^32xF%kHwnAO@S#*NzXB0-YITVA=K^I`5m5Gyv-(pf?XUjk5Yu4F`5KkO3j3J}JfA
zNuhp&U#t=KGd&rPAGg=QPu8|<X$bUEKXZmWfd|n4q=5Rv21L=MJN6VH0!D(v4_)Oq
z!}{;s-Q7iPT79{vz{Y3M%6iye4<Co#Qw@!<Gn~+=k6WJSKm7&gWn$a>x30ZM+;Wq@
zG5iGtm~#zFf*GLQXt{36tQ1K@OG9%$)eJ(8sGHKr&3RU8X6+u-gScouf+J*F$RPn?
zC^kkTu(vgIAC1&Ao($~A=>uw~^pIZ{DTU|!x6X;5aKz6vv)~_2QVQCAYYDs@f1YlD
z>AZXZHS5aYt1WJlZc{xF9&0ZI@JOI%=LF69*fG{FOCI7Lr)&1YKm++YT+vC3<iM!f
z+Y2C?Qt=sNWDElOJp!5Uyu!pdxwxJdDsUX!*bCP*i<|9tA2```Ua>Mwkb-uSIs2;d
z$@F^k)c*cnic<n(l}r2m)izZ#vy`*1Ci3`YWs}|#EGr#tS)kMfr#ELnAE&4ze(m^|
zKYc<hO;AwHEx&V;_k2NC_W2_Iu3UpzpdUPb#8U~(VT{qj+FHx{<*B>ONO8+Q?9_{^
zVDtB4oh({1;1&|Pcd`S~X=RS=!s>n@^{lP6NRg0bHB*CBqQtHi-DDs6q+^1h8Z1F3
zf(9}iTsT(T_39`tf*et=18#n<rt0gL_u<c;AA6QDqbbuM7z}dDUf&)CPV<o}NR15A
zs*<BD;KyhujoIMoHL6Ga;r`tw+D8#~;K0)+E0iD*-*w=WepP^h2l1@tHR=M+_z+=I
zzkk=?L-2Ltvh9Z5hg>Ex9m#78_KuFfj{JOa!Rdx()}tIob~U5G9ZYhRaDjY|jwdO(
znpcU(<uygprGvb@O8{;0H%4(~Z+8s90$m7KLlXTc{&`qf*w_P9C?(i@yJM0EGZ?u1
zp#3e>80(*^nWZ1wt5Yt4ip)n)S_i5cy>~M*swE!vfHpO>BYf7EGjLZZO$(hyF``Rt
z_VCU2rx#AgY0u4!Hoz+iY_NW=_SwJ-LVNG>PpneeqS|FJIQBWkXKI71mh9itqu-!c
zcq8%Cy_X}e5`bI~K`UGuBGs)=Wa6W)l_)c=ckP`=iVv@;UzJ50IgTpDqsZlz6$T><
zge`L=h<;P8{i2c}4p2CwRGS5c3o%TLK*|%F#B%8TOI#=froVwqzZ;zak`TGz^sGUV
zax*Hzq-11ta`4oK7<{pzXJ$48mr2f!J0g)E2=9^!KmZ6N!{#vQFr-hP%AM;tPm8hn
z%blRa%a6lrG;9P>GVmYjCO6()MMW)#GFFx1{M)^kTaES71>&hlZ=FBFX5<K8h2M+%
zUKR*+jq<&!M}5|fQ`8%QJmCLfkWbp=XGXztP-a`;f5=ElqufuxYk&6seaSHKkeS@_
zNCLzXGn12jWhfljv{9CurOE<eZJ(MA;cHqs#4@%`6|tgEBO-Rc`k@5Lm<sq%0L+NH
zgnvqJZLbGhfc3XH@hVo<M`mwb79X2otO^JSDcfXaW&eUwn=N7fMTNH|!E>$Sc<VB|
z1F?ACk@(;NhjRB`At9kW-N}gw56lk@&su<XZe~{J;(*U(bCx+=X;ga+O$yH6APG+}
za$7v$SA4184QNI2DkN;YmPe!c-)?1pl$<;Wgi+MVPmGwwbjouAj6u@jI#Kr-MOseI
z0(rflt;UXn)?fHl0!K?nQEXgX`2Bk*kj=*MHJqQ8*(YyhoIeC=fQlp$n_dn%#Cjc&
z6GD*^B5Dbheif==7&V?q#SKKLP%K&)z*&R?3^^%NsEnajRPDQIX^97|;;Iqw0Q+;7
z*1tr@0#Pt7yK+PS`}<MCm^M;l0F~8Oe<s3xUBCWfl&t5?i@vbD#{T|zni*s}9X(;!
z;i1G4NOLJg(a51IEXI`<YidYGcir?u6I)vcF%+yjY}L3YTm)jjvB+PQDuWc$Q;T8|
z6remnIeifg++KJWB-+5nS3sF2PP)KHK~Wve3^@3%IN^vzL_E$ST+yF%WMgBa3p_w+
zT;X=tL6%ld(Bwr=u7L>Z9iI9)!B%I0^uuzAhrI>11gQeZ=O>1TzivE>0Ucg{N;Ia(
zx!|MQNv5G^Af508F)eDa3=YJo8^be<s;+w=<U@%OUs$uXwKcY5o-Rn&@Ki{iqV|Za
zSNyCRk$i${h`!}hX^yjFO*my7emnLY8jLpeK3rXunMp)G=f-05Z?xGMKQ%vzWPPHE
zl7~Jz=+b6wLdq*2ZTLp@zCr`sSjjSU%mAMf94fc<60t5Qd*^o__sVGb1h5HfQXxzx
z^j=?;8aPCpE`?oAhit3872k=pA*3eL{=c@z+CN44CtD|n2zJ!eqNcNq{ek3w4?Gc8
zaS;vxL5?WrEN&a_fHtfxRzLn4qXR?<pni;`2#69aL_ZcEYXgS=>zW#IbcCczm^0bw
z#{d+GiP^Kxl%;JKuE2%0Nb?6iX|PP2pvt&w*DGqwd5BO<Z*}?&roL|<je!XLVU6o7
zz4c%3m;(z&Ohc?;AtObpjF{D9998xDN=UFJ9?ldpSrvRKCBk}sNjC@6>%7vm4w91i
z4i6*x{#ZnwO<soax7Xid@>;{Ru6;Qz8=Fwi&ub7M#$KR;SdYeCI5kWiRXuZtnEKjw
z=Nl9~HbLa~t;?v=vm}zO4Z{$_SLSAC`++vVV;~QQZi&Op0G6VlTQ%|MvVX@T1n}sG
zx&3)BJLW3)##Qve1l-<r0A>Y{T@%6}U^z#Gg=a?Y$;w<A^nD)*_T1bptQAJ^n4m2l
zC@7ZL-_LIc0&|!%uBz%bn_{c?jKqmJb-pX*(|TTCxBHQHoJK}_VW<#E_OEC)6v!nc
z^af48r^iW+AlwHkkcUT4lJUZ)oNprYS{e#eX3IdfqLbDJ&ocn?`_VQNUafdRQQ659
zF@Ul0^^vz!@CqnIU;Ob6AA+d+JCIv-bqtD)2F!=_cfeyj0cdU9b)l%|hxz%Zu9mAE
z|Az|zGXQnRnT3TXz<t%#)nNjCfTf{O)L#&=?TmxNlk#t#OVeiYFQlA#fy9-r>tI7y
z<3V*`G)#|-$tV+rHYsv#^bM6;ynleelL#VX+0fYyRC<19X8VpExX-I!)9xuJs$r`q
zM>HwO);lK0#}}Q7EX}8{Jh_+C&+AX(J97nE7!3yfxO5syFS`&=UF<8K0Pd&KoFwg<
zjWU+dZwJpx83G}=Y1O{4my+ck%*kgi6kPag{NqvTt(SOIGeS5HN#m1EEC`BFkyNMD
z1L>-2)(XKV<Tv}t2-)NaQteKGlJt@@a{EaI1;4W&Q^9UCTJA;CWB(@!224`y@TqTw
z5g~Hb2}RJA`cM1I^Eq$1bLs*ZCwo^+7s^#;-<>l4!voosYh2!LoXX)BaRPt5vk<ll
zpkrj@Db5ufv^=~sYG@ykv+;&KK!NLcbCRqYC3FlTNBKZH3JFypACeS=<Ys|m!lo4t
zKE2Md*O>|&PgC}}EKC^~7EFmag#KY1Sp+(;(NgC%t_6659WQL*d*iQ{-^_fi-w)Ax
z^fHwgGnJ9xsgoy9WIEaMTfB2S2U=WEG+!=>-&s{vY5|OJ33%)N%ok)y#_T0S&f}(E
z<o4Ws3tmikB9W$+-`(GOW*Vl)?>>fcF~9wtjy(GMcowd{s6??aJD5{0(ySYs1m(5<
z0#Q8)sQauTt{NNPD`uyyN`IUqtiVIukFcMm*ic|V?9R*kiZ7>~S1<JxyozJ%R>%}y
zjM{vBDMHev&p4GJDEOG5g9F$5`NSU*Q@gs<skB{k^fWWAEiDfYMk+R(KXdXgBZ2xn
zz$bp$!?N7|^B$KJ6*y@p<~_-Ej@y7Y%1L<EbBjIlJiPKQzI>z7=K6HdlH@kF7>Bm+
zGtASy*#9LG5L+^xFK%npvPy&^*WMplf{opqNoe|7)yRL%&hj~1Nc>I6KMhs<Zi+d4
zKvFU$YMCjbA>a%rm=QGDzR6=*{JI(-`w8?AQjQdmA+pGQ0oMU6R)3b@oU)zIdXVsS
zex<cl-I*^NmF03{hyE6Gs_e#R+7TewuUEl9-qfI{8EaJo9m|s8I+4alLb5OlqYkV4
zcoa_uc2|*E#VV2v1%8HE>n9L@<z^T6B>@;J1M~$!`NR+)T69FjB_;h-o$W*t3B>UE
z!fTO(7Rq;|m3E}+aX^<+N-EYT;K{>XYM)Bpy?>9=ERDe49RbKD%NB(|X1CZkpCrA~
zOFXW`Y9|A;sEvAa>F{24Iyo2Vb2!|x6#I|!Id2#JCAzV<wyrMP`r`IK;rDq{_=I=$
zFeo|NS+rVNaQ{}}_mIJ`)E%w}K*>PaXj?N7S6I#W<|JG^JW8Ao@Om5YMo)gH<LtyE
zVSH=_o@=3D9z#g&Qrk8q)Iv6<O9#A*)=MB_0c1tgoZ4q}N1CeMP#v3(eQWY7U?&qp
zaHp6^54!+#c*xr{iqutjQHGj=0=%1Nu5%aQ3GXw2e{nf{$RxkJh{0Nv8AM3Diql3)
zq!cAi0fz>}euaOpX#71<3zl$q#p>lwqmUuKPty+T?l}gW@L2*c8W1}0d;uqK-Cu@r
z3~2(=KLxdq$!4wI1JM|$3HVA+#gaO4I}2%1I^K_w{R^HO2D5a16jXE4TPFySg(6_6
zeD--#L&kPp-Ix|lBhE#a6<<sJD!QiuB6FRi+k?#8c{&7hZtbv*JNiQ;w{^$d!M8wp
zYRMW2@p4|qzYd6hmNr~rF0#o4x(*QlfQ8?!ZAIg7#H2ma8K`<pw^8p0C#gvbUsR-9
z5*~r4F)PMS!;D}%#UDUaJ36)3v;!=iF@@J>6#aiFh7{P7%I!xY3+0Pd+dKE}jY~EM
zFs(IutS%iE=xKcv@iuc<LPGj0x*`#ip1-wSk|eEd4<n;>A*Cf<Q1D;4W~v@R1mY2u
z24q6Tt;lPU2-3<S;&PZ(L!Samokj)etyeVk^tEc`n|+UsWx42n8y}C3jXlfg_oe!Z
zw%fV&P4O?avjKg>e*Mit0v5q!WvN42UnJsLx$l(D%ktLa6JsXcqPm_^YY%eSd3XXD
z>@Af}rpW1lj`-f=?kPHE=D3K6t$Evfc1l-@?s{a;rLpVpZ9dmqa*<KM{n|A|K;a2L
zKUGMue?g@I@O#m6V7vRb#@}jbZ7(yo_gqU<ys*>S(o!Rh;Atbv!+c&orfy()b{yZS
zRPh+eP;}lbFtEnd@YU!$JMd7yU^fxN(k2~4NOWk=)GoeHEMu~WH(dLxoI$&;b8M83
zcYE=r`n*nSwr>LO;idC-cG*-NkN&lE<j#wey+s+((Tqn-OC8P`5|h*Kb8XCbxxoW!
zHn43CCf+9f8+o9E*e4Rg&g>wSS5(|CrawJ9i(a7nna2JIW7=zw*wJr43FAn?F1x;T
zA$9-_8Mx}8>bnIn>#*l+xiT%+_feb3KZIOqe)o~a#@Ws+t>VGS$&0fR67N^WfBr;7
ztwxobtg|UzKGHP2AOq5-C{YWlosxC_dsp22va}JvjwD&1EdiQ(v04ozAk@>P25n0E
zVDQ`rd}ms;Z1)qS)$WFdf;fnH_Ies2RyiQpi5_z`Q9O|&mqOHpR2iu-1-sA2+EvWt
z@?dBIQ4^p%|03^$uuXMnc~PR|+Q-V;<oK|BF=>qmDx$7I&Te925=rQ_oKW#6NVj%;
zx`~xXb;~(#`@)^%hXM`8%a}v8a7KnmN+%&Hfa=U|Aps&^mY>pg2#~7F_KQ5|kQvw%
z=s9pcg}i=8NyCMk+Sm`xEDN=Wb9B$Q{BA?mF82<<45^hcrm4%FL7)h$WYk<rA5v?W
z7nQHmHqJvJ5CjCMx~T0#UY)-Ul3j4HFxw!KP~;Zin^Vch7`;YGE+jbkHtWZ=Ml#Q_
zv3$)eppBBDBHh`z*~%;>B<}27(k<;2z6p)A|GMDAh;2o;x#FxDd|^~1hEBcSsy;iu
z`CcegNAdG@Gr>K}gU}RS`(o8a`V;D^F~6!47PN0{Nrt1afEfd{PDM$1z>nXckP~s}
z>SfiEZ1jU$b!T-?Mk;cNefJZh<&`D9#SVEL&@7H-@w)yJ*|S6S@U%q=50av(H3ROm
z-XJYO>=YKHBm13CVjsw#h^pM}eZ@f5jg42wjoiC~wBK|2*Wb9KCj`iE`{st9%{Kkd
z1UmAjzRlIa6S$<D>DUO{U?EA-*>o}a@p_{cw~UNQS{ve@r?D5I#&JNtlBB;qON+-)
z^2#6yy9Llqzx%+sBLsR)gAh0+sMeL{2=CcJh$M)Lin6nBT3}7KKjc+^)JdcxgJoja
zdh_fGF~Z*>6Ux1uZkGMkO&ff7aJu*GfHs!>9O$1YI^svMQ^JP}4*fv4L)&;@!VU_G
zv!IDixVW+Y_}9YUv|R82vf8-OpRUAch+KLayT|IR^oMN;PgS_X*u|Q@P3MOH$^EXW
zDYKmrUd6FOu3CV4EYao@BDcGaK8HfNc9y39YKA7U1`y|MBN~UKd#^W5QI0vK75c(v
z@1Igocv-w%Uk&wQR0k;M4~{Dm`HqYNV9+!iPU2+<kqS-w?9*76G$IMbq3%f_PL0t)
zIM>L&jg47ul8}Tu$_ffLzww9?<0Ip&BeoBbko1HAB5#uml2Hc$aKVx+qbl{t1^z9J
z!kcc;nhAP024V3N?c(gm;$mXRg=8g?k>;RO!s7>l#3ULpOJ;r6TQ=DJkoTJ*ixuCH
zBt&OqWQd&Rlq3Jsur@Ft%gs&t<IGFBYA^|CnVA(W8N)X~GXSA#`-vnDKVuB>K@d?q
zbtp2pW^sK)QV``<cJ@~`q5*+{9qNv_C96$@?8Ot@r1l>rcKLt_!fG4!b?75mSP2!$
z@snc!PJm-SyK<wtTGo!Di~}4CDb%@<zae{9ygq|SxohLdzH9D8?i_G2>MD8Z@xj2u
zXbQv;0j2nfkv<vXdvOiyFm5EmwJBv6mty4QS9s0O%gO*!ViK`xbztY@{DM#dpc024
zDtQ-x1upzH#=z+|n@|=hb0-r{+V`VqqG?VwxUpRoJw>V+Ba3p^Q`6G03tMuJ=JFgq
z{0pjbk48}&k&?MU^692|kk?5L4bY{lgNqSq<}}qq)>lz58lX|}kvqS4`^%;1=CDeA
z_>XqSmjWQG1?A^o#{ELWX~SGyMrP(2PTIEVZ+`btz7jGhd~>kWFjbc;x`D{$KcRgb
zrQ}XKF<EN=Gn~UMd(c5(nCGTQd^KtoNg}&om)sbf8rDqi4Csf?E)S@ZV+FU$4&6Ei
za0e|=7A1}QWMh?2jS@1)>1jeo5N0USWx#HM0RhmwuSf$YjD@9fA=8FmHsfQENxoi|
zwlX;yL5RCY{qg)E8&T#wT~v3x!fi<`hJ%j>twf-k!C3HWfy}%Q5Bt8}=|3>^6wx2q
zu1|o}L@Shu5Rp>lWcm$Sl_xB|9?#s<+TNMx9LRR8jm>zRp6(wI5a*|uzF|%&7w5rD
z8~OVe3jH7hCD9Z*e3JIG0@=3srTyV4viVJ47Ufp!)G|8SNTfxXMWxe&k3-P}k8fkc
z>nbB0mWlsF!~}}_-B&`#mo@XdXY1xbBeVV#q|7}c8Ct&7cE4x!zP$O<7{YGY2<7n9
z4iaVy)@7=X^ynQmiZ#r$Qn^!`)NWVO+?VZ#&f1sD=z}fenjLS+SRltKLn-UcMPQ`F
z*>7$@vEBe2koKxKugV~Vzt<+vi)(*!PmFu;z`Tn3%YjHmP&bob*!ngxA?>(2;580<
z4uB*867=-+=ubh)fP{V?Qzt^tYMx>{^X+y-Lc+N|vCfx7J)Cq+zmv`xRlEldpi^sd
zex;p1BU3hR+Gh^%n0;Sy5bG2Dr{<8!R?Rn|tFU#hAb7^AW^~w<aC?`TKh?+C+r7P5
zQer=T9MDp7`0gMDIWo`j`YPfM5u4Lq3It*P_EYn1L**?ov$zl#ybSZ(Di3@bh$+R;
zjSPcQW!)frSe7<n_x7?)&lit&ZN*X6CYT-7+0}#EVf^K)v*gPtg2`aiuG~9Beqb6Y
zkjEm!K+HZh_<KlFHLVRfc9o3-wN5VF3VJ>jIBw`AUo;bCjuo~vuYGTNw8P|`&RiH`
zfl?qA+}0ci4)|ZWJZ7ka@afZSVcR1NUkGD<A!I!z=%B&4QSkB~<x$ur|I;|?Yczus
z1DxbO4bb;`l&bTK8?YGz@m7FX5OC8qm+~Gic&f~u=0xvp*`1Jq!~>?e{e#~Z+4yad
zirX{_ht)Cj5ZE2CGH|QbfKqYz9d(~h1_lEh5!M`D1>4VKNPdoB6uYFx&w!p4`C?jO
z0|Nt=I^>|CBmBHtg&SAO*?yIDn;ao}v@ZzdOv|0P*oos>frQX^@~WF3tp~i|eDMB=
z<ntsm^Uv?h^{~-!Z}KJQk()eV(26npL=3iwZDWH`0O-Dhpy_uXUYxRD3z@}blst~)
zqDTzRS!<$4rHPt#CU=TXmhQF@pYFJfc1{BZK`q|hE<-n%b9{F&34Z~Fbbf9QJ7a~T
zN5Kw4(mF6?a(0~mW-o$`F9F>;a+3rZT#7jF)|=Xd+We^{wjY?4t9?JUUfWjhd9m>P
z#)lqTTgCJTG{W{h1>id(5C)&QQ2F4^R0Xz;cI6y$c5Nfk(kC2#hsw9_-CM&px9x`%
zC8DrD&DDz|$c?auk48ZW3iS6kC|g1q^Ic=3MIhvlmnJfj{G>i1svdi+b6bb~dhV|&
zP?bdQ9eMVKPZ*V<eWErr>|ao0ViU32!TtrMrD8I~%;UH>+nkb+T-0X2DfW%p6{OJF
z6a0Mp%JOo`&%*C#UWpzI#icJQ_zZuL;(fhyp^2($9h@n^x0&3L2??J-w!v~>+MgMq
zF1hvhiYy-uLS<)9+>qY#%|&{a^o);Uwtk9~<Tg9Oye_*Y`XL}|(yf%s>%_3(&jxuz
zK)e#%hvMsSnt)0u84;0;0miosM1dV-Fxr{ytm5;B@8|eEn|@bcpGrwVIa`U3DK}OX
zP*Jzt4*&-k9!OsRV2`;PaQL;loX1aEw<N;-Wwj<culdCEU)A3k`Q)pq9J!8iLF2O*
zw9U=U;>>ro15+o>=zKVwVfA9TPx5_i%1+0<MLm_%4<un{%!+j(J>vA`9h=Xp#*&0-
z-=M>ZC#l<`iOpv3(g{~=g|;p%EoY8KluMpGPyvq@z31zHz1a1QwMC#Bn7-uhzMFvo
zl05olWw52ZykAk4nNmiOid^czYJS%5ozCUK&+X4Ue2YjwKy}jol@pSTdrzc|`|?P8
zf^bsX=*8+B(FrxZBUfhSYZ_cP#qwB|Jk#1m_LGB3C+PXO&mX>&e$z((uY`f32I)TC
zs)x^g+fKX^uskTkc71x2nE#LV^ad0Kih#AFRQ`a`KVvsDgCCEyT||_AxYU<8iDTJH
z?FO4x^!r1Xa3_oVn*3S2X*2fx(>ZrVmS~x}osbKc16-xdH!Zs|1nS_jHOx6PBjflt
z5yM6mR#K7p!U9hqG%nVA-#Wb9414giHDwFC1-uaW^8!N$Cs2}o;X0{{RO_7O+NopB
zHZzh&LAu<B=7Z_q`MfIVk<%z>-%)KCb8Po=3+Ffg0F5ztb%x4B27>DASd{e;Bu$k0
z0Bi@tnOG1vc@abNAU=LFc;=!1t4}i~yDzzLt!$x{)Bk$7=l|mByW_d;_prZYm6;?N
zp(Hc1l7xOFg+gS6goLssGLq4dku;17p{#@uWfg@)$cnPdD59*4JlD7T+~+*c(;w$`
zpL4qT{l4GN=RL0XbzN_<+su)JWKkk0DJ&oDWwGK<_OqnuwwV7%`Qik$F${tzWRy@#
zFg^iC@=Qk#-^yFia6vG{$f;_NT|sO@myOSX;EJXUM~6H5C&Pjct~%O+83CjS*EAjg
zw=+V?%J%d3a3a_t!E86;;}338f3ew9f4_})_u*&xfme6vUoG0FutRYmVfWORZO^L<
z>!_t6`ySJ4&ATSmVx(3M{u9ZZ{aZ(ZreEOFd!MZZ%tCw!e0N5wL5tI_NMT>EGIm<t
z^m(W{c3u0peb1+n81;zn(&8e+u0IahfQ9*wB>z)XZLQW=eg|M`s2NOt-N1OU#`g9@
zgAC|2Ej%@~hYhxx{rNRq=;<7GMXO!M0NX`>pFYDFBW{+b_fRbkCbd8gLWVOu0Z)Mu
z4sR*EbO*4woqy^6)>MbMK=aR=RaPx&xh58dVFSm)s16z!+%S6#B2*W~!T?qnq{b`J
zE@njB>XzH6RD7q?Aold55@P|rl7lhN8C>|aYrkHOyr?80d!(s_gC{=oeVd1M{Hp(k
zyA*JOFf|Lg4$Q?Fi04~lkeZRLgD!l9Tm!??v!j_wae>q4{T=9z4plH4jR{fsG{xqB
zsh0_5H>Y-T-!KwzWWC7`qy;QP(3~)zI0MG&eR5GJa>;5zEJ$_yn4ji*VVQkP&<6(H
zi8=oak;?GoSO(g-#Wb#6?y2V6e|&hvx`!9zc;H%UWY<l|KX$LMvwnFf?3GTMj;5C#
zr(wMHYdZO>8UwQm=lyiU7DSJ2nsRvj+`K^a8`;~Dt_*<*`g(eOU%p_xpu?~coCEO0
zvi<sj#DmT~J3nRPr3s9Swgt>Xj6J@z$g3ZDZxW+?|KVMm=eJ%sXZ@^V|FvQ!8*JU(
z$RI=e{iW}ZvS&~%v9d-XvXfO_Q7=&Cfwy+|70#3t+{>r_mFp3<CHZ9f=}rB=*$sZL
z7S^BLf_bZefPj?L52RL%J`=ky9DklbsX52ke#Nu$LGW&#j~^Mek7Rc;j-IyY+IfAJ
zb*aB6e#8a%#XF7Xo5TM~;z&OY*NRay)QXZ%C##OifMpBzWHF}DBtE7Rj9D1ifcIoh
z9)w&0!q?9Zar;lDwWkg|$P(owLVc2otNm_P1f~7bkHHoeDfu{l{+ps!E~tWLzb3e_
zQ_ANDu3<<^(LzBFvK_js-&2`^p<j<%TiGxkEckN&<){3NYWzR<Ln<NPK|A6>fgqc7
zB^2xGcqY>(to=tT(H1l4Xsv2tI?mP{*G)m6YpfNTg^S{jLIfWxW7KRW_up$0{-1)W
z;2o!TdrWNXeBHLhPtVUne}5Du3!)Sl^3CXDR}11ugA(}Y*!JP#l_Y)2V?RMz=02%+
z?`&A_czkR7)KKI1ysk*S{-N3}1zl_3N6wsQsf%ggtNq;l%bH&Iv6#auaq_1*1%>wP
zfe%hf7$H3jh8O9(y)>U^BB28M1#O4NaWB792?l4Dup66Qu==Mn=Pmb6=i4^lA9reU
z+#~cvGv$01LYpE)6h@4P*75^IR$~JM=KKa|HzuHJ^{BBALt5Uwh=Ayg+!b;i%>&K|
zI|Xc@^Ptj)>0OpkT6J%>tVz9Tk6MVRfCw%Sh~B6zY8uhECgV+pTt}IG4xu@HGx6?f
zRMaDdRxHTlQudY>t1h)UA-G|D!?y;Z7S#{_5{xFozt_!oANm?l{w3tiSdhd?mj69k
zr~(5Jp$keqM_VBDm8md7g#cDBg<)!THsI&bYC&7@7?4=qUT2&9(cF4(_Zn%M@R=s7
z9m2aS?N!wJJjc7vV&)3z7|O|+*;&m{qO!(HS`Kz;KoiN<*6TZ$ST(oKrvYB+eCP}F
zO_gt5sDAWwqro~8frc$FWE{z%K&~WYC$?YQCu)GbgkHYfTkIBm&@hAzLSP;q?cj~Z
zat9gTR4XWCwC#ENY(pe1=jYNiC5~%3p|`2cu?s2>^)!b0@8adZo%|d}<?4c&>q6u1
zAD~>^Ws|`c3d1Y6ny8wquf|4xe;0q1d0JuP$8j-z{ipUZ>Br`89bZGTA?~uCK@`{l
z$|SyT^zC~71CAJh0%i~w6SF==$GWN1`t_RDr?+C?yXhK?#hT3DaZ)*0|87%Q!@*=t
zs-5IC6U8rN+jCP>BzG4|gE1Q7E$~15m}@7xsA5Ad$ZTwXeBkc>gKLx=whH^me!Rk(
zV4pw=;r^Pmd<sX!bUU0>Pl2f}Hp~MJI}FbMkZlI!m}`xkj1MM!-5ko9-Umlf@IEM7
z7@UFy&1%R%gj~mOkKo#|8RqfI%6|A6I3DWviZ=@{Y|!+p`ES(TnF4YxDaZSQvZoMd
z>8^{3xj881bEv(&9)jY>TXTY)iEvehqK<`;F@^3v5V~tuukO7UxTX<xBosRC-`XWF
zTv!1bemNv0=@22p16}hiJ-D^*b%VGDLXw}1L@_TijP(~#KyR)vgHs0v(h(rPUSHqE
z$)Y~qZ?uZwJ&eII06WPG82bVM(!j5X)J#cMzW{DMH0k<+#7+8tknM<)b3ZnTcWb0=
z4r$G?@I{S(OKiE~qHo=etr%dcIpK#z{Y`Bc@f5q+fZ&?WruUM58B^J2cNq3v&|XdG
z(UBcT$UfxDj5&UBqR$Ky=3l{XUDA<uIK(jbtx-+U69JwdsYFjG#sb}s<k=Z{dxM0@
zB+`A-A+^wx`1Gh^?HXQock`U3R`dCXdDM9W<!G)uGz|0YhrjGkGaxm4d@$E82Q=#n
z!JFcJ6b=RGh(oRe7De9t^7ZS3Lu#}`m;;dYmgL-6n>K<Dp5->OlzT<(mJyg$b#Ct0
z)KuQ@MW|j#H3f<Y@zc1F>0U%&aE8T;S;SZS-^i2z#rEOZ)uI-;uX^DSLxx%5*p02)
zdU$@M;}rPGk|n-#+r_)p(=rV+S`bRQ3s2W1ZpH*4`70H{LV^zn<d41pnSut0;ViWn
z2QoWg;M>4tf`fzgw-KFIIoB}yWmr?4MxDdbd;9I7m!hR*WVCo?R|Srp3%JaH3G{vw
z#QuTNQ5;+>bQ<m7&+kvpbqyKQ6>&eaz-MA>0pqGJW?Kq{$X)#p?fjUv%P}#`;+xRx
zfC+ejl^;zhvd!l0Ohn~Nd@B;xyZ!6euf>^fbD${Vr!fqD{VKDeqP4XZTm?M0e}2?I
z&&}pXv0*qS;-rC^PCBqvP<DKvb_$>-0=LB7OSj$iFBf2k4V~;bD1+JN+fh|&6cW!s
z<Nb{f7jhltH^9pW_>k-W^C4gDw9n5vxR1eSys#rbKYwX?d9)u*0w{PviI6mE;c5Kd
zn<6VKi!pa5ZShXf=1hxS1qG`=eDDCNC!LKr!$8K~Ts3pCzOl(Ni|>yO)=~f#ocrFX
z4^`0lVsK1Q#jsUS6P3}^V{NBV+J1Kh^+U^x?o$Hp)d$@S&;_r&w#J25p!sJ+sXZ@t
z>)wM$32dC4MTmpQGc8rP#e36XHx>(t8Y)vSMJU(+nkSnD9=nm4`2PDNIK1F+baIl1
z<HW^c!^$?dQhYOq<_E7)%t3pi%eq0*419q=tSIP{#-VxeVHBZpFDt}}i_@bXV1%_Y
zxvGABpLpS~Sd~;d6<r~SBI^HsDkB6SzS$Ba&@SxF1_@~-Su^FL9xdT2WS!>?&cXLd
zpl7HeP~}k?h;swTwt(0le)-SY*!91QFeq^=jBViCw-<<4m<P0|GZ+yB{W?CrJwO5f
zoVOIab$|Cc7Wq}5E@7h4axq}2HX6c6@`01d4l3i@<h=A2UpAgMWRue%wQM)Z4cz1?
z7Y}~y0Ni2~!#_Sfg`k<h*Hi9)?5}6WYW%!F2ssp9ZN9UWn2m3EfN4w6KNs^^8o0#q
zM<z}n*pQsaCr_mQw(b|e%Em+?fSU+hH90-4bNDdXR_zAK{A`9HsTwh4aXpKNw(|X>
zET#6_lZr;`z0|}R#{Yau#pc1N!+26&6Q2;cbSbq+DpgfgWCA%(PxKLJXNtfH;gmGX
zm4znC2M7H9-Ce<Nsd7m6F&d@aW}4eAi0}0OJ7x@I$b|hBnn8JomJl{*2$pfQNv$-{
zx=I%sB6sKJ=n+%`&ae*H?Ew}MmOt7dFt`U^%LhLdPk^F@-U}^8$Qr83L#Sr(M9;jz
zFPy*JXq3SqNQz)U(&cd}-OEZ6vvIvaALd-YzQ2Z==)8p*^G9di7CE___evoB!~DiL
z+vMU~s_pwhT1J=X03t&(@Cwa)gw?jc5t??ufa=ay)O1VgkFpFyuA}{P273MWrs(t}
zo(Qr>6vScYr$qv!h(HSm)PESv&-eQx_HE+f*^T6j$1Hg?+ax+BM!g=`i&`jQrTWio
zPeDBpQ>0W-e?W6Gd*Su?*|VK{aGaZA`T{i?M57E9+(cyn{COw33bXLomSVu-H`UQ$
zTHx;!L&lJGC<K|wk8v*%IKC|h*DNrJywEMN>4rv`hHD$kuxnxkxDv<=)4A#C_Ai5I
z5mxWZo;qY{xhY^b5qJ+{BlPZI8xAM7j(Va|!mbyAF?xnXj5G(qT`N#N(<zNB?nV30
zWs=p=Sp~-hnzO#hi)ajv8yK)Nrn`ZbM(Uy@IMuW8oTCucSJ2%et$#@bj0cu4YR&!2
z#6?+Du4d5dzQyPPDYbL`e{X%-+I-3NX#f+C`%V45_=S$I4^i;b6q9}-boC>qzcG(m
zEeP#bqN1BMPNw~s96?hHDjGu7zIx0(0g>&;i!=Vu)2-4-V~>|yzh(30puu92PHT|1
zvU6RMnGsYj!aA|8KZg!1#S=t=EcUvA47U?U@&d|<$CAg2%;D^dhj1N*&C#Q<fny`S
zGynG-w-kpR-1ox?WO97#ZxEcWl!9mo|7PHsh#vqq)_g!{bz05HxEl;8eA4-CFfxFm
z7}_hQtGo<hcz}?VH@U;29Yrpg(0KkyjSXz&HHoW{{y;Vx#!-8>uOHPA3uHgi(yrB4
z)`C#}GKvvt0KEp>G=3qmBJ}?r26A-#s)h`-MI(c10uslH!uLdg7~r?c7Oz-M7U(l0
zQswrDy0-^wiwylp(Fkx_l!o)af5$C-!|?{t<6&!Si+TiKfux)*y#*y~u)lu?MsvU|
zAjN|K4XaEM*PU8Y>rnL1E&cW|<Z#`N8q4krbR$U=!j<?ZKP5~J)vf!JJn57%|4hlD
zB^7TU<B{jpjN2`q%i&8HTl%CSssJeNuDGBY;7q9PTFu0?gdB++&d$#MO7#Lh3D|6f
z_RZD^&-?c6OBd<m01@TfQ0-bXboeLm?D60fiT@p-9r_vOuWyHuF&s(9;<={-dYUC=
zb3d@YNSQP2PhWzuNUlu__<hpO&MqK8CBUCh`{)feFkBX3uZ)5D?_o&g<bb)N%Y69g
zQOfPW!QVh{O?*K8$2s5)zT9l@IZ%_}3p;c%0igE<5?XQ9j|sJ0KR9gQB3obPt$|&|
zhUM*u;aC+Et(k(C87bcZvbCs;Og;)E+y`O1wFF_sjJ6So%@XR1iJr34KcAp1162lj
z#hRW`@e+PI?milbo0~QPU_jbT=On)C#_v}+^Vbk3;e@rpkUL%|aDbVQrxHJx`}>05
zi31F{0FN2Wvj7~8*Vb;JdLh`tkb$Sn^2euTX(EuZ9}`IUt$?ur=pCxBuB8hW5Ky2t
z28ngF{c$&72OTD3s@z?ujBVJB@UjH;srsb<y<KMq4NO6PnE<7MRIb3=8S(nDPaU*2
z*lY&R4EFWwzd&e@^N)~7>K=y^FZ6)PpO0m&5+Fgqn7S3+CV3<zB;E~GfRe8#!l9+Q
z=DV($8MpWrXC)$%W)oD+!>giH`xHbt!jNzB)PrC4*_FG1KMZBq3bfgfm+IZ0bHK74
z0Kz~>+EJtB=H{aKXwNu8AAsqt2VUjv8#nTCp4eA-*x6g~TS<cm05y{{GyBd`CAgwh
z09ct@^-m*0*G3(<N()Y}KxAB1fXH-DV&IZv`V@uq&=5ZKd&!DX^dAr{{lw5^#Pd1(
zF#G1{+V1Wbm|oy()ipMPG!`!J@@;&akBtpF>wDzq0s4)48w}@}6%w%WenZT!biVje
z{4i(Et#2E{TQ>Gty#s8LL7Vr!rsdWvaHf22k8c`H-`d%qep~NYVNsi6*I13q*4F1^
z0_kTtZd%dmYd#1HyA~Lh#IRS5V`GJCW7hE53#&D%8Fu#jtn`2TDtu{Z=+n%nVdY0Q
z@Lpd;lK%seKMK{amT>Hlfw%_G#I3~Ke#fK|DAzDswDdZ6PD(^1P=PARN$utuLXD9v
zjat(N1}A`@x3Kc>IX~3bXEoisfNZ%RFloS&H(08(PhsE=ruaAP{=;H5l;CM;U(l2N
z`uP(uLQF!!VrI-LxM?e)lHa|1_pV*~8z%EFU#9n@5aHcOK6AL(X#P=hDa>(i+x7_J
z32d3g$IEkFLuK|7i}EmK_5O_suz5wmo`Thc)2at37tI1i)=P7PL5}`Vm=(=2wqq$Z
zc2t0CXukbD-T_pC1{r52PM%SCfu03_5KW7UiWGM2*vo*oKZ3xAxP*Vu$B+xcT}Yv3
zm5)ndI}v!^;U2|z@7^`HurQUl{rK;nva&tbUgtl33Saf$@->0USvfg)%{t(x>IlE^
zopbh(LIc<tyThi~9L_GGY6|vOA#;H$`sXAt2weP7yZ`60ZjqLjmXwT8hDs_UG<09h
znJ|12Ov*^Jcl--@SVIpzW3Xu!M3GOQKjTJY`_$KoiAKAppFe-TclRy?To}T+;%b9e
zhC&(*9of7FEER(VkBRo<?bVI8G9On|SuTG-uGZGp9(hA>-38|n;SVK>%AP&T(1<!s
zoWxWYOgH#PBvn+bkg77frxxbsNi%_$ATT)dsd%l_i{fJ7x;wa->^X@pIv89K1%$qs
zl^p2+0#@Fpa_^~Et*spKw1U&98$SL0gNud>gZ3!XF!T1(euac_eEu==PuK?6i-06q
zmHVww9v?VRhtr~c@F2;M2kdEq<!-)d??=bRy6{B)nFzX-e1f$Bj!)Hl`oNd>j74s}
z#p?kD6RXOMjM_elV;%1<UY5&MV26+X<#!>{mnrhH6r9+P-)UxU9)5>xpK%E&2}F~f
z04{e@{YN2<j6gSpfrh#|K~^3fo@8B5>==KGC`LM2A*7(l$ui8u1n&0AIqY@YwBmN|
zT+PY=w-MZthfZRL0(n}#d>J}kXl8*5z{DioAOr8kv*V4st1Esmcny#$U|x?1HCaVv
zWrDfWV?!}13?c5_BMm?R7nM#|kW9I;wt9rl4<DWa!NN$&rEG??z;-_woRD6xUj`!p
zXT3>+DA;%f=z%@e1H(#txKe#Cc3UL{2ddw|xtfHZWa8bU7eubcJ@iiM4PG%cHh#9`
z4>uv#182=oe1-=%@Ja8SO8l)O`)6;V%HiMuj`<DkJEULl>+4^*4QhJWti}^X3gYG9
zkV8$4SsSkId>tVzfg?sPGD8>mG(R7H2oF-O+^17Wz(sZeZj50zQWnO*^un9uRUm-{
z%Z|^oC@)V`ob(-7C&x%Q(f#lG;)~h}97A6rE-s#|J3WGyi*=K-2>4PG5~b&USV9(s
zAB;K)yOHNJhh^K_+ZD~f;1cw^PF9>zNZ>GTeE<G^LxYhB2kFfKD+o~5Vtx#ckMF@G
z4wnE#N{YT0!PJV<7t*;)^jmsSI-x|B%=S6u<TO4$9`QjEX6L{}1NU!URfVIE&T{G}
zw1u-1pBbH~)s6*;tS16Fabm(RB_wo18mv{}-}XQ&sSSHDG4?)GA|@*O@=F^Iuxni=
z5Us+c$CDfvi|LM{1VD=l;>`zK1sqrMX*~B7-M#x*vL3>){nGw(=jOlyK*m3WeFmRD
z^967aOvVQetZsZ#t$qV~zmKnOW+8vFfG9i<*3)IyM~&;~nJCz=1Lv>WDm<F^akBLB
zw1Gu5`sgnu5wy9O>FF=S&0`S85~mCT))%}W|I1V`mn9x*IR<Hr!B@#(SY8fhA&?A4
z1_taI#`D{--CPk~9}slNS-$(?j)Td&Y171yAFL6qfo_$-L2hr!r4ZQtGSQKckig2L
zAR#1V3t#|ZgQmdgISgUZoUM@}Rb|=P@7}zj`~N=H>C>lW;tUaSYtyOJPGJ)i)I!_m
z-{WVxI*5H<!QuBnWry#`uW%-|q~tf$z-Rz(-@KVRC4&tspc45_H}A)7YHB68;&6uh
zlY?-{U)zKv_>vb9IA^2@GnX_GA9<fdxC5#IXhRxizmDkQ`d`EXZOY)-v1@mHXU1^B
zb?w(xk(=33l-IA6z!JpcNkM)-=~@95|Nd|;5OgGB>QI!*9m>Pp7ag;z%^N0r6C&K?
z{Q2{sQrg))q$JxrUr&1cSdzsUG8DC?cooQaKAutVDF$B&9Dg!o{$C$}i;2#30&xYx
zfP$+#P%M-q;$ZkjI&nltHxH3ZvC*Nxi3R5i+!lA#;|7^bf~`njC~X_i0=>50>q~7l
z4Gp=hj0_k!9(%>1L%{>1!@Z}aefjawVppjTN_rumSimg(u1ThZy$y0X(FEmTpj$e2
z&BBPqN71S>5HZxA(`E)y8>KwxL1_;kA~)P`-I7B3W8fMf1HpHO^k`{^K=v$vPBdwu
zg@y73LIhtmx`X!+Hvx|PONq~3SU5lSl!?v;uM+s~Jq0Ijor<RI@H0z@jlFWGtgH-S
zc@1t=ckq92mAaA9difD)RNXL_vcJtTfZGX%w0p@CJ`}gnF9ageIm5R0I>IuZ+>`u#
z_9xGtJv*Lf{Td8T{NKq`R3mz*anRBy;GQ8d7>e<5bEm&&;gYt(dBle#ImiV@-RT(_
zc|}FS$yHCv7slXJ5{R5UzW3i!=S@Fq0_@uzI-#XSa#E8_m6A|sKEjwuNJ#J3BQ^@+
z4{SxgV>ph#iQ6-E(Ac;mHZ~R=CPNo<U}Q!?fhQ6&P}p~kjqTpp1w^_Mp=}CHKIPJd
z8;oaiaMQ!o)NtNi?BoTZ|L?uM4C<n>vGGq=V4%3Nm+eMDV0eolgyLcXJ=Bp7#Iml=
z&eTVbHmqMCeYzO~X=mWeP4<MR34&krU%Q#EEmy#gkYvA#ik9Z_^rcd?ZfFLF*h$YC
zp!q@M7k<5CjZV_vJqB=R9H5;!0n|BJS4naA?iV;=I0I0d4nvg(G3Rc}#G5xg5q!G3
z%w*ch0FU5~>bD#)cmWT=7xU!F4`9;fDB3}1=H%4$A4Bj5CNn!XrwTMd?q-j?f&v<t
z5aqklC#XZx3H$xzK_rOjL1e7f%X()R*pLM<4TM84E<cI@IZIPBvjreiWA%V5VPHj;
zSN1yyB^i}OshGM=Dt-{=YdV&w!=@U!2Kfei7WtbFp1&C#y|>|b@LhSLYXf=X31S&X
zJxwJ<WPMW;t_L>ArlzLCk_0oa&Npu~7v<skhxdb%>eL(0L<D*bkBnfM14s{0L|cz7
zz~|tiTHnM(xl^}-{nj!F(z#6Sq`4qb3PFv`M;;u4Xkx8Rqn2z%nnK;sTjpyl!MSr|
z7AR}E&z{X8p(Q^iM*46l72s%wOa`c=6B{wIEAU#;b;4`YimC5g3THGE6H`b_9Z?`f
z=68ZvpwbtcJcyzeL`dlAA*liwmNrF7ufd~$K3tB2NJ1DyC_&ODyRbsr8wb<kA@c)(
zjewGL%WN2OG$1@f{WnFAB<T|N$N%%_)orSe!z(9Aw^AEkw+O)~(GaP|YwZ9pCBE+v
zIZjKA#Nwl&rUb{Do|#+2A~8N*3GsqeWxfyRxar^%T&yFlmtp!r_6z?1K8px*F;trN
z>zXLINT`V6v$TL%Du4f=mKK+apQ5=RH6gwIjxXvOJgy^*Sv%$AzJDrticqe)G#UKn
zCBuj&-!YVm?WkGF*!}ODY^qH|CiXTuqp*ly3<SW#%`G_xrZ9j0{6VqYq(KlNY{4&0
zO1<4IEqkC&SGPEBYFcvUqYQRUf%>N=UZ`PXv!&1z+!{r65#uam8A1dG*ncW-&yk~1
z(*}#@7eK;9zn`mvUkZqWPL9coSN|(odwzmI6?q;g0D8o;KYH#xCrx5dGn-?Qq^`cI
z;D$3EGgyX0{SYUUPx{<{p7bisB`W_DSiDf=gvau0c2-zCD>IX#t}X}wIw>BUMgUj1
z?uRXYV_-$v?{V!I036+<p`>?t5%(aHTYgO!O`zA`KtZUfT2=EmJ%JVpODzDZUzcYC
z@Mr(Ds0elcJgT_#4`3C8xQg%bNS}{aPd~-b=1n-5!m|I*R~|ArJKnXvi>CA;(hezB
zM){Avx$?9CK9+q8qyf;EIGsAR-y-8^7CznzY>N~W6e#N);5VnGt-XcyL@_@hha-wd
zsHTb<Mbn?*Y(`+YPJ)6Yb~B@7n-`?XBnaJsDQ}cLXjG)no<tt;^qj`&g{>X6uEwp{
zSS{wBso#Eh%_GFWZ$l$P;Le&6*rYw9B*)5}ToYhoWF(Jn5Z4y2K14dcBw*=X5hW{Z
z6hu>QX)85n=k0Q9-QYHn&&$S!tWP*m6MSR?i^~}mAJ09ejw`i{Q3=i<NSw3*^B}dM
z`Mq`Ljym}x(Wk-IMTCt(uAN*KE+Ei{Vyj65$F`<cM#z9ljsJgd^P<8ec!qGZ3VmrM
z5CT&eQoVirIBNqnk%UbzQ0igaU>kw{mXZ$16)p)-#b9A%0tARnK3trfbog|-|M_&R
zxGpG+?AJ{S`$7AOF4TLMy!;I20+$p}<S)*4y8sjmx`R}M`mEMEkBx#VGAb-=tS>_S
z-sh;Q{^{}V4N6S^dlhmI40VLp;mrz?I~Q^PUwDoNv5~4;`1sM{S2xXq0Qd(#*!wrR
z)(7Ylx-~Wmc=f@oDkHU$>JbKT)nI<UhM4~M^`>w6BM`l&)B&5m7J%cxSd5KALd2Mo
zCF>GI7s{f;m*yo+^KCH?^?ucaf}k;WM~Y2R9r70Jvg_2jCg_RB|9)r3?dydME-FZ)
zLWc=M=@P&zK1Elei-t&Y0)mAvSW^#YgHDt%$fav3IGeG`KJN5q0Lk72Cv)(mukRu{
zk`W=IiT*!vKIy9gB2YmDvUUI-Bt!C>H*WxO-o-fP@6QEbO`^~YFp`}{sY*I`!OdeW
z1;9oE5b^z|BM{WDpHxYV8pbNRCYt~K*#0$zM8QSO;+sEwSSN^XYUhbpA#k6<p$#m;
z%+v{kP=;h2F8n&sf8+!N2*CoJf80*b^oJ;^6-@(%@109>A=JeGJw^`<lPs|N4i0#|
z=$Zu$O-*+>e=5d3Q-6xi8sw2vm>e-ABWjVjB8c>?_q)l-!{+GpU^#eg{y{f0nO|5q
z1Gpi{=6^ppm^%&sYbYI+lN~H3o12@xe<PNl{Bb#RCd3X0>RMD(&4(pE6+dr$aWHax
zV93cvfj}Hf#zz?>UB7qk$Vb`lY-dMTMopMqM3IISM*LVEXZx|IXA?I~K^nkoCSFB0
zscqY~p_bz&pKe2A;{=#i-oLY+ls`ughCitD*(eyV0XWp`rEcvHz&`|Ury@T8_YmBC
z`x-zOO~I(>y{mQjl-LtGSp{y=nDRG-6iE85&_8+mpu$0~;9l~nu5Ps;Jg2eLeC>s~
zuC6ZBVSOi0pZ<n>y!Qf9_anI`8Zw?+;uXc5ykc;%Xn1t=z?)@xIXN9Tm8GWA#3SN5
zp`y^fEwPuu$k0&do>C#0p9muP2z`e)P6;vLpEDmneq9guql^6kL=)S;WkhziP(9w>
zI7Ns(@8g+L)M$e!DB9cF_L6Um^x`VMv4Ert6zxtu>4hBp618R=3^Ytl<Mac*LA!GO
z3l1k`ClPpwL>~xZ<Rwld%G6qQlzm8;vj{_IJk&Nps`+QKiWR+npfD~*Wn&|YAji6O
zG11XGPQK+ZS6fC+2x}042-4+GcwvaX0V{#Ycs%{L3nbK7)2o)*h72yw{sQ@A(p&kb
zE6`b>&G?Cg)1gC$aFVL(fwu+V=wg)j@Ni-z8^#l#FeA6M?VUp+0=M8zJ<iQ#@*%AI
z=OOG#x_#)BG*>Z`Br!gK&;d&%ZxVIDe5pwoA5}L|<=*?@Eg^t7%8+$Kn$T|p3!|W$
zpFq(g{ZLAqZ(=8AK=U(HN!!RGC(sQwA4>fu7N<+`+CbfOtZ9gXJ^cKMm_9e*x@|MM
zr+Og(NA>TsAl*FY8{a~I2i-fun)}kco3gV%=F$L!HGk>WO^4#kwcb5K5RYRi>u?s<
z!YrS({1=0g#9;fKBZ&j<B_LkEwvLuZkn9zvJ+IM_7KGdQ`7!J&u$bfaZSc?G>*f!O
z6-2wB`>O#KojL_a4_GV)vazoTMV)f?>{$%TtN^Q@Jv)P11TVtg(Q)!l1js}08X8{L
zll6YW0iubMd~ksikbMlf@48&o@2bck2pI`>w*37-S#9`Ka~F)oZYj3&EExaG1&FKI
z1z!kns+HB8*FtSfToa~lRnlAtJnCxI_44K3&C%}?cA^Dxhra{L<x97z)TCf3ws$X;
zrEtwaZm#sIvej~^1xU+9;40w0kc>AZbo}K%@S$0PS>c*cYxvK>6Fw$+#TL<3pdKRU
ziz-Zn(~efhv%CNJ2*<3hpdtj2$Z<cEEUiwT?moe@Ux=ObVSWGp2Y%Z4PbycYYxQ69
zO(b~V1Q})vV{r@A)}_2_*MbFg$Ude><IS@H>FqPm^?7`lDOW;HW@zcfN?_!qzmA<*
z8<aor?5FnOc7I5E78t3XVF>3%y$<_So^K`@WiPx%Ij<R6S~@2=;XfxvM@{k14h~qu
z#mmQse7TC68pe3xYzI-UVtK<zqqJ*ZCCoWOu17_&9>_$J)8$Pe+{vfkUTmHNAL;rp
z&r=K)Z)-F@b<<ltd@NerX>8w%H;il)fJmP>+f~kWs07z^%mPBhdY%$<t<ndU3?(mK
zsCW3UyA#hX8X{S@)lU=~at5gj>r|p%>`7=)xam5M;t7pD#U8~hK!k5yh2qm9R>fNE
z>&~*OeGWTTysu)lx4NtzP-g(G%V<`?lUl%RbOrqik|ZpOD&UX?7z&*(jQYL;T~F$r
zK<%ce5z0nx8MWF?9oUF^h-msFaOdD+kn+~8w8pWU^@SD&4LmE8+RzoKEPj_QEd>)D
zDc-BnY2)0nLbC?zJg7S4w~IDs*>1i5?R`f@pI_T|)$t)lzM$Y>DCAvTa}yK!8=pV8
zg;otr17GAD$T1f1xz>^u#&LK;@}46a`j;<hT0Liebyx|$yFa(%(adse^}bwborj-;
zug*NTT5{LT!57w$EMl@sVIU(R@BvziJz@(m>m5y-3b7Lv^AEug9UUF4e`VVFi7v4D
znhgh;3GlTJhW@#x^H%`YQ|@c$FX(V|p1Q|%zjk309DXWb?^KE<G%D!+S@M?$a>Qfm
z3hHMo0v;U6dV;gZIdkI%(<k4wE9<Xjz)qq-$TED<4@gi{P0E4zHnfRg`={j@B<ocs
zS*ShxT#E<|$WDcN%)jH}+-mQQKQ^YHj-PJvm9)-Ngqi==3*0|8D)L6+*(~oYo1UHq
zf+H9L^Axz<Trox|4n@*N!2<t9FN9-cXTT$G(4^}rnV_^qx<bpqM)6Zog*r|_iLht<
z3v`a;>Sx~3eCVybseFex=d}c$scmcwA(Z6V^9JkqQdlNZT8cL%skD}BFDXqrC?&oJ
zwMF*r70fLCLp_YxC}_vAhFP<;A=6Oo(^=?w`ss}76dvRy@zveX5`qxYC0FvtBz`H@
zxJpQ5^HmIDdH`%KC$FWxUK<;65)!JK=?fNBXb$V1zOoqcH8S&gKi5W;{138J>jc4&
zEX8P1Fa+Zqa)j)s_iJWGa{G3LojZS^GeJE42MS^OVyvyB!@Ju{!czD+CPRnGQl^P=
z83ItlOvr-q1x?6FiDY@+r%wVIh(pm@scR$7t0!(uymnegs&g!8;_p_qmTkQn75#z8
z4F<!Dvcjp~iiR?O-a7baFnNb<D$@b~mWdEU?gYA-e({K|56${+8tYw7&L4p(g+f9E
z{ZNsReQ1Tg@9R@2h%tx(T#oV*YlUkU09-hIe!f0ZB`HGm)?0|UvDsBE_+zg~>4nP6
z6n8n7Il*7AU%y6`hxz_TU=($4fdxPipm%&0S{HJ}P1oFr$c@r)C#Ck|$CC8)+UjbW
zg-t{O?O%|F%l~HBCpqVwMvkZ&ET{5j-{UuvHTahQlu*AGr*4jtYy9fSEu{vYfmQw2
z8NJniyg`QTK_x%|#b7V)#~V+h11%3dJ+=KFBMG3hwp_Sh%rkhrqE2*n`q~*iq1Jtm
zD|*JP#97SB43c?)b#Scd&U#h@gKil5q6C}oM-<s};uVb|aZw?Vp0>i#HH_wTK~;O#
z>FM$p_H{=V8WbPC+O2uRdtZ$HFK|OJ(%s{u2(1FDkEV)6<TWh0fO{sdASi&2G79|v
zzQ-Va%?wB#uj-6yDZgy<@Vr|*$Qy%TWDwIPP_7bL)1S;MsT?)@>$jguV$I-2>k`wD
zCJ^>fB}B4;sn8C_6!ZC*>aq=Y;vI8522xd9Btt1D0GP&XTklQqUD_?Xr$VOZkh~0i
zZ*{1M^Y)8sO|vB-s7QdOll0y{TnIT6%_;P}!IcSW?3d5d6i-n_zDqcuYazz~L7dHx
z<{`t9^LxjX*U$vbE|en!<KF~1WBvphHux)ytjHpR2cUak5Il0^0~E6uS9B^<CCQR?
zhW*Rf2ZjgJWCR8G3da;aZ=$>3bHDYmbR_#BA?vmqdkqv#C1hk;a?2Od_5tCIVl#t1
z1yIO{pP4sm2GO8?+9iK~;MZ?#Tp5C;C4byfqgqvDS441%v0`G7vfn)}&P@wqYz$rb
zS=+X5#qbjIj<tevSe^{EJlr7^nW+4m?<wq?Ws1#Hpw6I*I>+&Rj@|oQ=Fuz+osQk;
zs<Y0U_bXQuu)pKlgS>!!563MmA`TmmsJcH*PQKV+2P<vXjj#6z5lYnme4(ZkL&w5+
z^X_NXkHYF@qd&e>dL<PZ<B8pc6SD4pR4yV;Ef}5wzY2kqF3A>Q8X2y<W$h`njJZ(1
z&Q89U98ekFI>@|z^l+4umgL7v$MU~WNhIrWZQS_LZo@e838_`Iv@G}gjW^sUO=Ag>
z7}9l&p;(&=14Lh|LtjOD1fHHyrs{q4a_5<N?UK#AFW%P3M))+5a9(W9#3TV>lWSw`
z<Sf>7p|iRJIzlfrO`T>`NxS~}8fqzqkF^svXBgNLhV&J=FZ*F$&~7d-4ml<J)e%+M
zq?8mJ2M19K))}1z2s!Ptbm#UCP6ir9McT#mjx(otD^c4)HeM4bpe$*{6HWuX3=(VA
zO_^0z((LQj0SjfW;IOCli_zR1E$72qeWb~2sP86=kTqn!37;fg6?r+YwRLu4Z0Bj{
z%f!MG85QL+IJhOIu6osFa?wYB|K4FQ7G`GjjdGN995EoR7bEG3<$plqOY75KMT_#y
zoR{mPG~2TAFMU$l{?)BYA?{+3_HPYM%@&26Q`Xi&`}NUoz`U`k<lb5OM;IrfBAIw6
zI;nIAG8@DFCY;CbVJp~9C3aT;gs8<{)&o4lZvq~0@i=|K-Ggc9&j9f1-tW1lu{l|<
z^QB8wse#Sgl@z|bSF%~@ZDTN96Q1M2ibp8i8fH65PrCg4S7aZP969rlCzP_os*)%z
z#UPw)LQbs;MB+s|M7yv*V{+V@SKVjSd0kXribt}2{E@6S#TS`%;=d69?waj;_CDNq
z6hq<An&svO?cgIi!q7VoT-?>Px;v=~z5!P?9@yxyM!tiGPQ}%0?=M}V!we8$P2Xj3
z9Z=j$@7`_S-$=tc@gX3r!4BK+lJyuKw>m!Ga#V5h5nqmDaFaqb5<Hk@Kk-+)dwUb_
zM{MNeymU%%$W;+}?2-j9L5FE4CjLoIH^XQidFtqgh<r3C-psm`<m9>);|*8G^}0X(
z(RX~#GL{Nyf=k>YV2YNppl!JEFt_2l6DB1g=#y#D*P01=!B<PvFA$w4i0o1STJ{R~
z>Qu-{Vq_!-G%|1Mi^Au&uqC!gDQ`mapy0!%p&Odjl~ntAWx0379}}pderRgu!2D>+
zok_oH2n5!mz<%wt2*HHe3VK1cXCiHXAJe*;R3*FQ5wBfGYF?MfAF2V9KuhR>dN!;q
zB&DU<1Ph=MH9uOk95v<UCdHilDs-!Ex}g|uWwcg251k0d8q^dsfA(k4p5$VB14tmb
zK-xa%89Wcv{4&e>d=+r)eZBdvy>2Ow_f0uavpL!xJvKu!Qksyk@a7OeZfaG6RkmME
zftCPkj!Q^T-%njBK$cx<jMG;QqWf;nmajG5vn^V5zO9Qk(#U}$2OrN7V{dSj7?S7b
z=Vv8%=KM`n*t2%lmOrMhmEi*V$vhLLEd~zWf?}v<B+}ju{~|wWcO7Yb2WlxJ<27Jz
zA=k6AzM<Sg!QTIjXm#EQKelMCg2bSC!xz_=FF!Y~$rFpPSmxoTBT2z%=8Ipvz>sD`
z?|svMg0Dl{!B!2is~SP9O#~4PwgKjw1->^kOZqr)J5PwJB(fS=jba7>zEwnP=4^z~
zY8q<gA##t*e0CYU6y13fTjs4W5A%-SRZ2H-WEx#uLbwqmG{C%T>K~&gB~cIz@t|3O
zm`KWX&R*s?ooADFXt83nR_oAf3hWHDgn|qQW<Tr8#aX14^)~%TKLO&xt%LIT(5N2(
z#9BfMgQgI@U#ig{6Tiw5$}a}N4IA!YdamX|Re7CdPdIhDAU!dH<;e&GHvtVMzQ1!Y
zZAjx2++mcI%#!u`TIr&-XavQ~&>~`8<m01A`aivuOAQ_$#f8By<l7q1a~Hyh(!THC
zKh0i%E(nST{JGAyKB1upLIap=!lp*__j|jico|>ZcZH<e9}?jJt`CS!Awk#T$<ZvV
z7p<tMh!nGVl8RIN7qi0L${s<TAsNUT2v#o-6VPJfFX@T2vgl8Fmo6>&;bjYEdiCnp
z+UCR9aV%Lc0TxngLeDEJqJ2sHzUSegdtqz<WsmCXuk|<kiWEvVFUX)<J=YUVEaaWw
zTf03E{!D_=TD6rT3JH9CeD@L)pFsL-y@TnS>=h4qcHO^wR|jt}^cA*M`dhqtrlG6b
z0MXl&J5R?~fho}&E9{({xBm|IV0j3ty4#$cOdO(&A=Ymy)Z{)t7n3K(t8yhQ%yFhC
zN@DPvPKaJWK)IpVIOcwo5ls4$ezpEgVup}EqpnN@2PoRP*h8J)TSgDAA9^A*)O$S!
z4JZHfR#mB=%X@WalN)|Vn!zYwLf3cVfb>+)LOc*JSBoJjcB%*6DJv}n>dAVKh6rAT
zqp4OCq<sd`T|IhD<X2dCWf_X$!ENiM+oq_<Rg+nJg|5UL!*u?&Ynv5Py6_#a9F2_v
zA`Xggrvw)azvKpvP+x>V`M7Wl=!;j+i?Z|a;eUpIj^}#y5E~<)dE6Tk0n^^PkqMM3
z_@$LJ7Y1iQUlfnd47_GsI-{;0eCt*lAYVXfY!qDM6uPHsmz6Z&8X~vrt(1%m`{vJ{
zZ@##@?R$kofkg3@g%_^{e;z9;VyPt_eVooL$ZiN7Y)?Q3>O+mE3PbtX_-m%!r~+zT
zN0G$PQtj;}Dg~l6$J4=M<mQ3Wpx(2kgP+_M$Uy05^qpTFt_gl+;R0RG;ID@(B5}RX
zNrm+!UwwT&_=qu|O_KHW_WzplRt}|5mA$fGD4GqoK<-jdDB8NR2RCAH<>zm|mSdS&
zSyT1kC8_0jC#qgxY3NCYMcB?=SE3s1fIg}(a&bD|&QsvLhNXZj2VK&qoPnEwjpMo4
z4z>Nzx&TD$CT2of!yq*XZh>l-)h76F&`|lEkh*nH(C2L|l0Vv`yLZEX2*p?%Er>CE
z9$FrTT|j9Q-M$Pg0E4UcRRg@vXlLGa>jr=Ph^i3XG_dVX{fWNJ9Wzd_)5n?RBhrs%
zfn{uVM**kG)y2)j<7q)bwK#UN%|am9$90sPt$y4ciMfgJku&JZp)=xmDyyhiZ!*}(
ze70jM^MDbzKeiD2dV6c^+t<A9NB;BY=Ydjs18~LcY=-;>dSti7rK<er8dKl{%TDz{
zu5TYp3^G9a-x6?zz6K20vOh#6Kw;pb1LvwvyL)&XXzSc*aTCTC(bhW@U!d-FQ{-Ku
z%}5sK8aP$$&%;Wj=2UNSGwUoXtZxUkOJ7{v<x}wv?8@9dw}wkx`7JCm?a$r9)3~ZZ
zZPdcNq1@wxd3M-&9Usx3`3UO+Y(-GzXbIs2;{15V^2mvajs4~6!S6mOfHAP2q|H>;
z_KW4(Mn1)l@jJmPX)}$whmtJtWtU}P<l&eOcW>vtQ0DiHW70B23s#HE#5b(sa_>DR
zz=l-lcM1XsgCps#BWoHPBN9v`Q1G{=is4%J_cz~|z>ph2Gwx}IxLcXvv18p}&O-xn
z3Uy*rEg#LH_pK~DkgTu;arjsA)$qVb6C)2kHJ-XS{9EAhVe9AC!~OPm;Pdn1UEVbk
zbVoMu_Q7UEJvC+`m=4!Eu=$nE2`$Y7$O8r$As!Pfq4i&2To1vt`;Bqj=5^~nAoA4N
zLSfUaSc2K_PSe4Oi9eUhuNaC&T)9$78nhM9s&2~PtLfX%A;uN^!EFJS=c$$+1L3h>
zsf~m_WP*^mb?a7KMvM%=`DzESs=K+wvCvHH7VZGdz8<aB(b5W(8PjAs%%1uA6si?O
zcbXRwOdHoe(Lb@~hf?~Hw{mEFw7p?71?_}BsFSsgjStIVF;o44;Z1dQK|||S4P=Ma
z+9k!sdQq5osh5QXkBt(6vope(k6>J45KYf|EYNGB&*);ts(bT(0pf4V4UQPcLs?$F
zbE+R1r7lrm52mbfsWby(hLhszy~1ufe7B;&^d$+kFp>k4`8wH^7d~1m1jmP@dl9T>
zYbbqwI`+INkM#RlKDhB>U*5bt;vL@(YYj6qGYbp807t-PT`yQTuWe<&+GXbzkBE*4
z(^qlY+WIG?Ag_Kf2JR(4DKQulV?Mcj0&3k7a~4rUK3=5I`Y%H|+^mPa(}dQ-WJmZJ
zGJ<aVy!W~i^m;d1E5jlpUhmo1A^0k>7ap4#hLrVUBi**TFddC7xB}=sAuf(|hX!o*
zK-d&oCiAJWv}O}4n)J~)nw~f{6}$avVxRQS@j)5XFs`KKd^011e9ZJrT;LLHE7cTY
zN39lNvsu)%ZEWZZr<jx!Kj4uA9+riUaMxs8Dkr#<$Sx<GnMJ=}R*d&SkV7M};1a^I
z@l&dy*zpXV^@Rnw08P+VUCjJypl?aPv1tPj&$az>eY-wSKK14mZ#4}r*B$SkcYIn>
zz6{6$fEZAo&T5TcLf2ng_nR02a?1FY9K113Sly8NB7#Vj%jaZ#6%<8$g&pSM2^=|N
z$OqVb1u#I)iw{|5=gyAiX8l3c8@pV4Lx2enP&>|_0AT<da#pE|6PkbLuqi>O_4U;a
z^-NdkNfqI^6|OnV_-H3uE!6YgaW#Ye)mt+Rm0Wt1$Lf3h=PZ^v2O%YyA4CC`tcQ3A
zx5%ljG@EJ;ew|s>^z2yYGp93W;Eo;fXv7g%IH_H)RaZ!Oyl0U|+Pon&9mOT@_TAre
zf|XoN&dCUqRi^%000KGb=~gmvttJ4sUw+dudqDEtAaVm;YCSm}I3gV5K;KJ6Tw*AK
z(m`KvgB>t^JEc`!2o&PfMnhuv>TGX(n7ed|WU+$1ldi6N9M(y_1rF<0uhWaE=scqk
zZbRGUe=NfgJG%52i@Z8Lfz;&W<TR8W0456xeELg9B^_zj>9jhw^>Np!JWYUq#7Avh
zyY^y~N^1&_rNFA?0vPT-EHCfr=$OMS#5T?BalktLOt6MnH_C+A>VNF+PTb}32D7t(
zgGBf$vKo35EOcKwPKT?6@HBsS<lB6yoF4F?+V5Rh-8h|vVJs=p%*ly7Z?lm;69nFG
z7Y-RjB9N1(jbbPrxn6F=r6z_~H=M&as9>$@*A`~S)2E?#0=yH-kH#GJaA!0(Ga6~z
zD`7g3bV@QTms1SIutuuxWn|Ye%Xr~Zz+AX#)0jVIXNN0objGfXp52|`Awpif1YP4&
z)7!UVaNTNX$YUhzeg9^k)i=C@o_y%z-Zau=o0M5%JtkCN3FDFQ+^p<u^8$N)h!k<^
zXUca3JOj_BLt-P$xav$)L)Z?4y)2QuF2vwD=j6C7|H<LN_{!He3vKP~Z)$2*;P*c-
z*w_(#-%bwxup#M{+E|!s;GS3a?uGCk;E@<y0sX`ul-OIp(NbRwsA24AYug8#u+UJW
zqelniF)afZeQIv*axV*ELrq5Q9hGiWrM#H5Z%MAy2E*O)&ALKH2Tw`%Wua5ucub_+
z96#X2i$$1(1{x!684sGPDl3<^oy^p_t}Vi0fV01wu9SntFgjxa+;~eR#~&cPqQQv@
z56{lY(Ui9C;$n^Ns!|oypp6%b*3ybasv1}oH=*wf+|4Mf&3yY#QPHc})pfDOi=%1Q
zHkj90S@nT5QWp=+!xDfH><$Pz&P;3}%g4azyN3N90tyMtGxAqJD7bn1c6&#M`Vl!%
zfVwg=H<SU@6iX=G(h;t*xQ6Sux(j?+7_z!S5CgainxT&N_5tHHp=4nfvC{oKUIqSQ
z+q_V`pf<owp3D*q0i6)ksr2Yqbm@pXaA&%$-aa+3LCO+SYjOi3&^%#_4K4Z+t3%SS
zV0_-vVo+%IxwDgjFQuf6e#Qi#2$C&`_MUeG$HCYE#(;_SHt~$QSkzrGe*jv6Nyp=Q
znVct2?q~^tVu~LwB#vtI5Vps8eK#Tb!zzCdld@wGqiwuENM>dx<Z;c9kL^@$i-c?d
z$|CyZ)B~8&rQQ_?!OEo6wZ@y(m$WvwAusxaWrzX?cq0~+)6&tAN+7VedU|?zS@x$a
z7CPsy8hsBE&OA#IK)R50ZXO;?UCtdpPIBMDhDBov5}Z1}Gs~U&tz~zV;@8t3yZZe3
zbI{oWFz>^Y0<OrA4DowJ2ch0u?;!Nb^Bo&Thw<3_2xS9q&|f8hr2G`U{r5ev<ki|V
zR{Yr=reJ`|JrwW48aDq%e7Gpb8pwzc<EP{bAIIKNkd%CUVdW3fNUOUsPBM^Y7ntuZ
znGjrC$^5`{->Zm`53ihDXh)JZAl3Js9y#IUghjk|7`;I`0&W3mMuIcwGVtT5krBkK
zj^J8=jr6(V!Ua!HPyA&({>38rRLw&32i~#zv&Iy+4_ty8d=Ihq+f|<bqFUe)ZK#pg
z19CieY&WL=2v|shZi;tNoI*E*4R~5xP6$G#wEko(w8JH-)g5#o=wFg~-vzN5Pzaud
zWYAC`lINF+dq;LISkc?uJcW5Q--#4wd2DrmxOBP&Jra5ZWOQ)(Levdg2ToTqU^Q~Y
z_gkn?i)^j{gNdDzaTz#z1SKCf#({+bx$1FpgA)Wuc!B3PUTSv-;hj{ZCz3t}Zg9|*
zl?BUbc5;$|k=!$q5NVq>+vTh0(l3XlFncy{e(>-iX(QYU6G~qG9ibG#INuQaIxgGq
z$bXb%X{<Lh`?f}KXlyM0{(Y9hbVAy0%&U!oAR;2L0pO(4=${|9YcfF>UhvDnc^Ej1
z^}kaf$w2Ww3D>pXn3`gmb+yCS#|LXIN0xsKT<r%tOtYPao}S!~QP!0VVw4C6MBYoc
zMnA6dQQkCD%Y_auPX)DIULLt867Qagt_mu&=g;Gp=E$2`F9zcLSdSK8$Q3qgnK<+=
zba{fv7hfBen*cU52x7+J{!@VS8t87_YZb;i^ert9m9-8{c@JS2S%#(?aR7YvpVVli
zE(_T_*x`OefUV%iu;8!!(MnsHnZ^Ae7?9j{HnVcSU6w~oO&y$^{J{+=TAF~9_B<o<
z1*vwxr^ERa;;F^k#PKN@Q-+YDtAgd@W#~6%!RG(*D+7DArta@g`4Meq+!}nw12`~<
z0vH-*E>mGY5tbpH_&`^A<v{dXjsZ^~Hb6EftvJoL8mtAE#{`pz8J(=;<P)#M)`RD#
z4vHT30%8h;>H4E5s>Vh}GZib#tch=;Z&~LRTexQ+T7e8fZdA_96pNqRoM*zz&Q93`
z#_NH<um*Gseik+TuH-5;$Px1MWdJ)u(R0kqY+wSr5t7}GDJm%~oXyvFRlFp9b8|Zx
z7^vr&%U1B(*eD22sqHO5@y;N;PxH*2e)TaZ)psyNwDie5T(eOwkp{a*jszPcuTgf1
z;nB87sjRw;zTeZ<+|1N;bnbmxYAU(hCn_8_0XodY1D)v&_?^PS!Ulu#49RdT1*HxM
zbQx$Eh?JzAn(hK?;``w#?|H>^oELj=X+g3cfiB`>R?-Sx%)sic2YOdYdB^<A1+aPg
z5l&uJ{RKjcqJY4mvXY6*PEOuCD2f3jj-?&QX5;z8^hALuNT>vt=l1oY_t@YooFx_d
zVS6JMOAPs2AONyAHx2UdIXlJ?(482tkl|nP2O}HEh)|e?Py{2T1h|I{93CA(0q3~c
z2z%sTyx2{tt*IHt&7QB&*uVcYuK_JJRpWC<c`TsuuR;T){xJ+HP>Zpx=>fe<nB{|8
zOksd{FeAmObz!_mQ9CU=`#Whbj+Bs>mwZW@Y3pg$0u3LZUGkL;c27qq7YEEU6?!zW
zXEBmT5SN>;;>Dv!!yu~0`;CEn{5mlg9T77#^YrMxy1F{<%ez2vN4<)s2zWz;hS)_l
zJxj|Rw-{k1CGK;|W8XJ-T`mITwgl!3y5`dpVQn8j{>H#8beuadQZ3AoEsT!fQZV=#
zc<HJk;wsAi7R&cm(!z)CUb%x*_PD0P8|wH{k~urOJb}w@3PB`dDh3MJM={bHEoV0e
zFOaI8*Ri4l-W-rT4ZM0q0a*pwF3h)e#cqLFs+U#PH-FPmZ0jI)BE{c+Z7ai^Mrnf3
z9s5@JxVaZD^{k)>@Xmbe^`q0NLjT)qpoLSEefwUMzDCe%BMu@SMLSlbmVJ0%S|-(c
z%fd>Q={dFOT{7S(7T3)Py}bb4!rj?@>yUN1+cG9iO2J=lYipA?xN!;vlAg%)+}yUy
zlAEILBqmC6UNe<wN1R6scYuZCz*Be(y@e1E=o55U&_c9;m@KUN1{c8(-`??tB2iiV
z@(PS#sJ5Ja2wlvG*B??M2SU3ZW4YeUNb@QwSQzL<T_}h+{c_9|^+(m1Hmc$}TgQ$k
zGn13^c>H)u=m2)&_Fh;CfDNY8sZCMaqP3>w4~2230p6r@Gcq+al)Lc951!fU*8RHl
z_1%L5HO_Y;%%nh{srv~q5kqwllEAXE$v24d=W3#n58uvtZTHU~+A(~!cvP^sNbt)9
zsD$dzd*l<4LeN;W65H2Z)hO=Sdi4156|z@??GE>Yc%`$B`}WapG!1vjyY8z>igLhm
zKwR$wqZiJqAx#K?sJZ;`#>Wc$83e(485?sPiwF2Z0uvzp=I&e7luY90R+Y6hj&h~3
z&vJ7|aDhDD4^*>-TrVsv+_W-+X>XEoff<+;n!4#A!~#UiMWSo4n;U5kHhZx~P>7A8
z+Is4=@L>mm^=h#?4>iwk*aL1n9Ez1eN(6~s=u5<Oq%hwL3kAorB+hMOA|km@pQc<&
z2WZso*0OW*5=&&U^%hDk6i)(P!Y+;IVMix-c%Dj#kBjRUS^qh5kdl0zJB`BN&>D}e
zE4wkWT1`9f^OTTSn7HBFFYZ8I+1U{+y+ZU5>;c#MT&7w@7aJcB{bmpL5o8w>6=73t
z^ZW-QkcAq=WrB&TWV*#AHHjG$#C1}zx6~NSz+~|E;^I@2Y*INK`UBeGLbxm}EG*<4
zd&cs_6kBED+K#=@a)QmbngF~f3h*aCf9&&%ITYJ!Ws&<B(6k(G&3K8)Jve8(FrG$`
zKRep;y0Ou@_PQYGvc8Z+HhXTv$Z$h#`t=77Hv0|Ep-6B2E{*;_lrpt2xF`pF$o;|l
z;a|*~qaE?Dko&8EP%g}lFScwzJ<%b-S>M~cf}I+YJ|smq+azzZh=@I;tlkX(?bAOS
z*q8;P`Xo;dE$uEPC2)#AHaG8prU{DY)=5*i+RpHy9Pt2ym$W!VFv4R(q=&l{ERa!I
zpZ}EJeNXe^3Q~{bDL`Saayw*(I9VuHgx7yKendPn9I6#>=%Ns2!BCjwMi|Z?k2#V1
z#MAaJ*75pW##d5>u`M1T=JTGet|KU_pFaHs)(W^YALhe;X~7XD{QE<wP#xNSN^olL
z-{T9I3k^o}7Gtz*0Fs0!mQggq_!6weWsERt_i_pjeg7`Ou?CZ~KakYlxp|XZf*X<!
ziXaAxrh0mWpctVfp}8ph@<!ZwVDqNfOBMIFtmH$Ia0fj-{otpVj=M&WBidS9r*Tz4
z%)~$%z#D{Dtt3G9SH}aPP4|rlhYqHZ>)siXp^y0_0J_}fJ8wz#jAv<ic>pL;Fyi5%
z*aJ^PtAo$C2S)U$#CGiXjr)g<#zDtTEiC-;MxZ}{w4wj=*?s#$QD&Ew`JX*2zwtwL
zzbhuV&}pR&4nna{M?)hJ0-ctYKN~lY2&sD)wQK}}d(>A8S%|}x=R5@_<5*pXrECA}
zrfsm2_FQR#wAZ$A2CkTesoqC?e11z+ECsPW_g_>fZ-JEP2M9d1jF8XPemR1|8Qgu`
z+CFF=a4=E4V%HU-It<scfrH@?RXga-%*+7LUBr_GYhJ1)PZBFC#>dwpg75RT7S-0S
z2e@%4PG+AJk33(FY~lW=15YsMVBY?g)$(n7J7;45hw(o6Tz!YQHSBO(*cKZK<rO?f
z*eF2lD&2-r;6otYe+toz6yq81k-=i8K2&5N8$pQm`j{RxAYj?V)ZxEv9qfRxiU$PH
zM?p?k5u*E6({E(b#OlJxyA57&PrXv{ghhE1%yUm0l8R@09i4E44D)>3I=JMtV|lZI
zD=@v^7??qQ^Ps%v<3}F=T#!E;s83)ato#PJXr*iTiKOMi^O34I&QPij6vqDo@%3Df
z54|8(cov=R*gn2NZ`D?$<$$!E+jho*tKKri2x*o0QV@#wi0tgFEC3C>Dyn}lkWGJr
z?zx)$4+*R}{)XE2fO2S6zoC)Q=)55aGV`}Q?+-r7%iDn=$ejMKnMac!B9t5imQNic
z)gnoIgJX5<&_`<r*pJ!2#lfs->D_Gnh!pSqq(xY-$~%K(jIK5R59oBomSmGPGlM!-
zsO4Tlf_6Ku0(3uIsyIszktFl=KNQ(uj8H{YJAZwGEJ<cRrh6>G<Lo>1Ent*_ErfIa
zVVVE<aIMzBAZ|}{eRT8t_pB9vFgi@n&aM{!_U+r@drJGP%Snp$?`=!q?N6?7L+ilo
z+p6u-Q~l<R<BAk!@7TnK3I|#s7+tk>bR0==2JQ*|<vL3*clQNsOUFTX+vi0P@22Rt
z{2>UsaNFRPM~>bxsGOx?p#e!e`du&Bor#J%AUHs50tlxqU<!C-!@GBE6zrZIf-yA)
z0;>`^FgYBvx{MagAJOM86CUm9&fgbE84us3zQI8c5N8pMLarZ7Gph(FTkE-vZ*CUJ
z9)_PYD%DR){^(SFBnn<vSK}okHs3O2?ihyv<jt>Rs7)T5<WVa4?LZ(!yTXtRI}O@X
z`%b{zCKmcGlBh8QW3{dou;pXo=O7BinENYfCM7tHAr*U?e?!D`|L6q`ZUEU1it=LK
z{<hb-o$4cC+3Bvxi(Uq=1Ov|v8#drFfh{RvlABbrabm>B7Pi8pU|3p0!2fdfaqpl|
z=x>C!ZF@E;%c~l|E9Hk4{!;!b!E?C)OS}&IqIdvP81^4O1_pjM@8`$b#sMBWTj?b9
z^O%vNcfk}6d_+_eoZQ@9fOI<ps0fBJ60!ZBdiOpa20C>>MSpgqfd?K}|78{=_mcBD
z7*=EK2y6puX;T{C%`6~yT-`6LU!!vZEAA`RbD@arcy&Foq-0lJ8_9W@+RalSyuY*m
zMfJh7eCC|t13MpHxFWV^k3T{`d2)R89wMk?xfg!syZ7(W06yHL8gBL&3(p8j?d#W}
zHG>YyyRjXkG;sgxqG~Xcre3#TUIB*%%L^&a$GP`q<f4`0ZW3{rJgC*Pnfcm71Tf&V
zGZUYE;Z{_EwVJ3%NIMV|suBFEmT3lX`*8x=iAjIg@7<T&ZNKA;U~P|O4|K2Ef3%@7
zfWy&R3e>%_cJGq954W4&40~<;Wq4Ryh<$w3QC-~#jm^m2sbG|uNMIk(%e9&zY`bni
zmW0502L3o;l;%PdBlnl^-%|`kbdaMxEG!HM7nh6ViQ>?Led?Uw9-NSHOie8?Bjf&~
z6I(ZA!H=iIJM5)ZpM;=t{F6`@MNr=Sb^t>0H&E(wm5<xjHe@ltlJore0>BavFRvcF
zLh<GO0K#Czi}N}<_X{G)!AZ955!qAO7`Iziu6Hzh1-Ze7PD(?Fw^^S4vn|PbTACl(
zxSx7br6e0<xRxf=3^q&mK=OnEU(Agg5bKp%y$r%b#sOHw+W~&niPnIWws&?G<4i-V
z#WN8d-TL(OiS2FJK4@xe4E12~srQ?>XVbsh8DoVPlxY}_p@-m(&PI>Qhl(&i-$006
z_pV}eYJ%Xw?d#*3;3QK(a*3>%n7(*o>~Dt>2o3pP;@}9fE7V&KPaPhC<2FeFD7{B=
z=;*eyf22NVXJ?zOrB0IEe&?EYBgk$5Ci-vD?P#{-0SOfqbUUhx@$cV9CVjMOK<4b2
z=(PQsef!**5Iso8%{ueC&!sr8X1ToOPW^$TFr5=0%?TDRxvG23&=QhPA+Iieg@ZV(
z0k}q@qrdM#cYmDw=^q3E7Ct3gXXk*vN~&|`&OKii0cdSzpcjl`V4W=`xd|>|y}kS!
z4x;uhH53Cv(T>26A@$z3Z83uqal5a5HJyZ5gA^(RMoVXl=fFt~CWUl~X-<$0F#oXz
zkcI4Ti4!%Nyj50qo$BJjl-nSY93#K1^7T}-Y7nyL>dKGe;UH<66xcVTUDS<<g0Re{
z)D?Cf<B@v+ZWWD^4c0T>Yp-9eUaKP<Gep-?dY9k3K|NWJlMf`<*AC$z?l-OFP5w=O
zL(Au@4(RB>wI3!GB=(VVYc%Og1}?0D1n1)7BJ?bz>j?_AyL)_#va+(g0>lgD)}P6R
z@F9-W8Ze>T>cs(>%-0c?&5rpAYpQ{`dOWSv6s@P_sPJz};O#0YD$32hh5bw6lG6c8
zx;m2`_Nlw0Su`(4?d2zb1-hr+^WP-R+UmFYyTHMSbo}y=dYYH#^MUV0#Lh9}S6|#Q
zWP{bk#tLBi3E8jdn9R`K{Pt&_`n5Pek6Lf7peIa|6y`l#25LJ?JWgSRsC|00^CChe
z_?sRczd*+8x?kp6@(G$IH&ov9c7egcRoYLhCXGqo8Z0iHypVn*$hE}$?h4Bb0Yc4#
zq>4#f!Pdn5J&$=rFhGI9(4veH+mk2v-3IoKOLBObj=@rtM(zK!_uX$f_u>0@A{vym
zOP+*Ei#AQEh_*^Qqb;Pp3k|doB{Vhfb}7<&Nc&MyNxOtn-D&UfJ#XLR^H+R6_i^|^
z+#T=ndR?#UI<NCQFKzIVZDa9OU(V`?(6t@NCvW5!W~1j_Hmq>~@+CkffJ@=6_}QPO
z^>`Em$WZ2>ida~bIj8xb-+ztVJg3DAMmFgHaI=ncLGW^+(Obp#0!s?{gYUDXIFDy6
zMLuBdIik3v$;F-s;UTeF`VA!pZ+wIlBTnNN9=u(Zy8lcqD=4#IbnQxpRLs|@4`M##
zW}vr#>2S+bRV4P>kFw(KNu+fTZ7<*5L6D#(bId5gkHBE=hO9Cm_(`rr=-DHJrJEql
zX=<XOzwS9d_NXdFA08MVY0)SO8HjIS7Z0s@&%3v$P`1%ZjKkvH5cMC-i9^k-yI+)i
z2%!+w&T|@Yee&Q*J%0MAYM|JS{4N~`5;~ze>~<o|S-)+t>XXi>6)hn<{+!tqgl6;^
zekN$Y*N|>GO7-gOiFB0W96W=Od23iAS)!n(p+zhb3z~^pb>feC`y?vu%WcOANhkio
z>&GJg!DN9n?I%rxg8@j|PuA^%Vcf_L_$ZXFoF%(=@Ctw<a4T-QYaRg&Fh+%((~#2X
zKUzIYZoO}1b!+qxwXPJhmCmrZJ61qGWZ+jhiadRKo7=whVYQ8ux5JO{m29WdeAPxC
z1lgM}2X|Wl%z|$v@26Tl&N@Li)o^x^dthLo!%TP*A%Ki+pH^0eo0-P=z4nR=!$VBe
z$Lv|NKkO8Z;7xz9Z6lUfBQlrGu^9X5)PgJUhY{zpj<tt9?L2Q@q2!EL@H45Wh3;qO
z18~FF+GOVgAQ<y&kJQ51ZnGj?PKuS*(9)_q!3&V=)z>gd6^9ZIdaI!s&s2w-oQbC|
z>|_Iho};DnX<S_Qw~Fv^x^*$g*^8js!tVjPjAmH=ptht{1A`nrc^or}T8pjSXm>a@
zTA_0QG_caKLxRpq=}8lR)cuZ735^Ua3pwW>XI)y+tikl2k)K#&9Al4;3kXn)YQ%{J
zzpE-NBu}ncM`ealF+MPzySqy_Io&40@v^$xp3r?<T&UD)L2xEh1829;x!t8pL2!k$
z5#iqg`<KF>`8Ga&`9ij^|0M4-+OnUE1_^pIbR=2Y5Qc$hP9Ay+zQbyKtHnPIL%}#s
zx#1bUFzAFL*7MXMMt1Krj~lH#=P9s8)eVq5UtedJNTITl$i77$@&#ZE;s)rv0WW9N
zdz2Oz^Ip7*nA1JMI!l)PPCqTs;ZIfTHmTHYr*X3q<T@1|t|m|keduS>J`*D&ax5&f
zMQLoVr+0?|(?+?V&FA4}hs4>*sJ^dn9bVQv6PPs1!?24i%LK)21I3?A!3_opZ(Z2s
za9(uWPH<KFyJ)2%_~Clar8&h7vlj?AMPy}7*Rp_5A^RP+&pphj4!vP!D`1Aa(oz;4
zi2bqWspb6-A(eIhB8Qj)o4}YStxCH9hV@r?6*toNrJ}ya08^U8VhB=e+GH6;b~jsz
zsq=g*rLP1b#=%abd@AP@nJwxR^AUXuOj*kwl-@#v!)f;d{yytjf#O!Ll8r~-&@krt
z^B%K!rrl_QzZEa&c8qB49*=mg0OCA%MU71{&pGQS5P8He@c<|QS3;ADi10rTwe7(m
z9AH4;Boid>@s0o}0t6Up``)zNU0AYf4GW~N<XS9HB;{nbjD7c?f4;49@N*`&^>*nr
z*d*+9L(e#5x8=8J9+O?k_wMZi0vqZwgQ69vB5DB_090V%;Mjr}5vnMpktm{3hlAr6
zk4&;I;80r9US%{Ngx6j0FKDE~GNYCrC@NqH@CGHOyf8s_1sE<F%+JmagSSy+WGMvL
zB_+8;A~}-z`EB44DS$#uS|Z!7A&LU2fHDO+DkdIr_esF_OmS=d!rB55TO4E<*ycSw
zM8O`EW=Ph8lbxUN86Q8FXit%*C%{dmYSRE3H%W~9cI)Uh*I(cnj(pQM?JC@>jM>Y4
zyuV?h1WPOO)zK(=d3$3z+-$tZfPk>@r-lYLaT^T)^iIQb5W1r~fb1t&Ia&VWFN89(
zK{=2)u-73I1IXt@-W{u}Fq7RxBF>S2b3sir`<hk-q2_uxb7E^oizg7s)7gVPU%nK9
zX^)f{z7zcX4K+0&*unhwpTmcLLXWj88L1_1kZjK6-F>^`>sLU?k2Bk$0Ue*1KvO^>
z-PLa4(M)lx0@*3KxOf8l6nQLe2D6~|BQ?d^G~|7LH|#69X<aURvMnRwok?yTk55Wv
zWH=!(GURhryC7TBLr22DoM=&}`CQqLF5UiC(2c;$8-Gr2ovo3oP<y~2%pyx4q|ej2
zh8OkqQ9i>a0Oo4&$buFYLg#G6%bu;{($Zv89vFdJ7F>FdjL>9x^ksZ})|&uo90Q=}
zpg`2U2>cZ1A#!rGN5FA^(r8t+@YR%D%^klQqPExd(b=Hl4V>{SP|QQX4yQ0oG?S5)
z#h`ea?b}FScy=W}ct8Wop;$wD3?>Gib!@-ZN7!sPI4N@FVKT|he2sl9VXB{2??*;T
zJrNs61&O?W7Y|~u@B6IFC?ipbpv{4@o9A$=+Y2<m&=2gi5{!q@Czf^x9>&wHwZSdS
zi;jzqzF=qwXFoo;u3+^?9#HfLd$mKL#!Ac>t`5qXz-cs&kp1FtJ80%&(ZhQS2p%$1
zNHHuqCCL=)fPjF$&fdb%yV4ti*E;rVYiXrxTR}xii%}N1JS5*jnC6$6i3nL15upia
z0euBBMvJl$Bate(*s=KU-nsKSlmIlW0^OY+gG>{DD~K;-CfrePLD&LL7t#+F78Yaz
zZ1@AG4`9}k1HOP1K_j@?SZ`C@Es<5g&dn_n-I#gp67-gKl()kF$~$@nuc>7*C<EW`
zD6a?Z2l-lA#{{n~gjU-llnc~Ouc^p^6_EP!_0<>AEr^ggx=id9M;OykUP0}7dgsbl
z<zxm{*^wE~I*DgY5=*DAB6-`hQd<|Kl7+1~7R{7n*|W4oHx@%p_%{i5Fi9dfaoFts
zJN3#id*(2ITPzUpSL+r4>v>gB^L176edkE~3UMgt=W7FccOtKI$*MD!1)kR&Il>Z_
z_2%}|bJnOHC1@v=OtjMU>|d%JkJHFJ3oi-rzp<SXhaEe+x;f?O&s76U%bUKI=P<vM
zsUQ3vy{y-Me8(Wn<!Glx^#~i1v7oj>Qvh#|H+Z7z?>3341t@hiP@xac@H}Y$S=!+>
zUye6wR$}ZLq@Dls`>7+!>z6Ccc<X5h{e0iiGTU=?0<<Dmn<UW=ezd<k&T?;8L*vjv
zgBgRtDc2a<7(txna5;Pi-90-_LR-w=9G4Lfdu<$N{<#q=T3Fee<dP@dX6gvS8bYnN
z<f`r0s)V2xIunQr9zXcKi}B#eZ`%2LGauZ$7pTPCCVcRqvJaE5EQ<rqG>yOa9R)WE
z@Cn8_xWWUk`6Qhxzqo7rHWTw|Xo?~PHTZRQSb!1E<Tm7j0mp|_T={WkNQ9iAR3dS6
z)Sqgof*P9kFNN%Zk<hOhPp9i!s~|P}e`CeF2hcjTgggi7cipXnT5}8rE*GCc<#g!K
z_LFnh@S2-iTI!lHMNMA5fB8An&ao_ZhHbYANB6lYL3A?mE5b-9Bqbu((A4w=d~+7r
z&}D;KSS)f}Uo*W2B%)^`>@bU9Bl*~*>v~WU+K%IVL3F%OPYW#B^7m{wpgU-GFG8D-
zzB$|Y7iTC}y30NC>&~G$3FHTSB95svA5h-w?#sxZ*8f3C#+L<Jlf@@$w>FomwG~!W
zd^Uh)09v!>8ayr{qIHN-S9^M_ukjQoGF)GUYS^^r49~5AMp?k=WdOPWHe#DmH|i`T
zZ3tlOQ%eqFD$MNc)K@nM%K@bR&j!5>y*n?B%5M3{GJn(m=fZ8x9sJDy997C9T%btb
zrn2KWb517S^@QuCqYWO%`CML$*{H`HEAmPRdubkR#cCRE<L^DXpHbtgf^V!I#qY`+
z=a_AN%&nN|sP;zpDy~&~4>IffZLD_Mo~y?^bVbGd3GZqV=K-5T#<2a7mY#X~*>3)4
zGwTZ_bGDfl8Sbd7Pwe{$dSz?V{gH}81kH?gk`|5o`M7%?2Z=xrH(NiPd8KRK)oThT
z?&J~N)bg^CN^RaFt1>e(d_OYtR{p5Ng@pu3O)L?nsc_>Mu;+ujw6(P(IF*$3jt(9B
zG&<MY+e@O3OB(mn`WO`z)w{RTNe012xY^k<Cbm}|T@FV5y|9qPH-%ZkT856KTv=;*
zYmtx7$c+#XvYnm3P)mE!<MDo{NJ347Hu|twL(zY4DN+xoZQEn0%cM<ZFw@BM=e<J-
z4jSY9u9>I9PDWjBx=d>e5&8xTz(N+aR*1yZygz2<U1!dmQPq8&KRvX#_*E~O@2Pc}
zMgG-`3-9s}X`!$BGc{Fl;?H}V;+6T|7ksr~<1@3o%*IQ6m$#rs`0`kfB6PAbX}s~1
zC08oyY_gKc<)u*b^K^{cTU#dm@EVZNTw`i3s9@5sJiUZgCm&z@b}6=~dWf_7%ei9S
zVD>sjT%+^r=k3j5VgEdx{{fggFJ5q-ZlW;FHN@2=3x2>8LX*PN^WKY16@8@xXR`t+
z-w0-&R8Y9F^yufmLAJGFwJ96lYim`_yL|le7OljxCRS%>#aIl2{c@xxD-K)^uuK@$
z_8%+mb_{Sa8t|7h&NW2FbW08o$J&^C|9-#CbuU?hb$)Kw1R7n-KWwC47#QG4Vm?Uh
zc07`@&HDp;fRcB<f8AgypY{f)OvIX!q~;uwuojVOB5_tuF?B)BIEL!P!|w#bo?YrH
zr}S~JGf!81{k^<?f6O~w((Q=%MI=68b$_N(5?TUky_OiQXvMpxqP~F{>3FT?A~|_^
zw^+Hr&sWRLLfi(OWXyzEFdPtF!(nFm$-qsgx&zY|8X4{H^4>(xbUJkY&i+(YURL(o
z@h(m0;ZP>s-To}6UTaU%ly7wy>`!n?y*d`fEiyUm<O#)$uP+xbQK-4ff8%J%_oX0S
zj-C<qip2*h%cxgZR=i~Q*(QGV*^)Eo>Ciwf@G>zmEHltw@BEI`C8`pAy!ytu_2J>m
zYv;pi50*Z**2Y5us-dMe$4xwsWMNchWyP2K=s#x6YuAdq`vwO^W1HQ>6}Y3qQapWq
zag_ZTKgc)i$*6fGTCNpVuZ{x!wAr1+N*5P7ZgjjGt(^V+x#y;SI%kFMZxi%5P<1{l
zaDG52&D)<wAzlm1{`#|?!QY;~VqCUA3=Arx>0c9xMMAPZCVbKA#xY=uxlc^SrrYEB
z!m44-JK>X!sxF+clZBd>R~@BHMPd(9T68Ujd?)o<>oV2FZ05~OP4!SLImrk$7YQ}P
z9r2l+tugrVi|=%Kou2VNdqOjIS6VCU!@*;%b0{-!24wL+z#M4tKk`N0jxeySxv%<J
zHb(?Y$15RVZ83Ll)lQ;mZhdz4i$m&G;!uCTdHJ0FGXZ8*-I$*csPxT9gNrpXgK@hB
zemV2!%)2nqrg40PzjZE!-=;Y3g^l)92v!T}_QAg0r+<Ch^OpJ2wo2?|?_tsf;`=F^
z!n=uQTrJJamhBdYwA?+q61?cC?g}*{*MHM_c-Vd=+EQ<`tvA?uSH{WRvqeIJ%|-kV
z%FD|ai^N?OM4G>t)^i%=8d@7GtmtH1S4bT7Qh4!6fAMgkMSjh1nwcALU7eG&6k^eA
zcU|15Ogwt^lIZB7-q9rb$Eo_K%&|Le#3s^F-GyO<kq}1f`6_KN*$j|G^bP;qGGI4h
zC9UrEN(lWWmY4E6y9rYtu`&fHxuWX55@M}Sa76UfJMT8>b^j4wQP`63{j;4!oCX?Y
zg?>vfHI5uFbWX0Sb)K5aBNAJ3kI^xaAA)F^>bAAxIqF$~3TL0`?SQ>Qp^;n}G1g$A
z&8E2Q-8%=5C~i8c;_e*c(HA}6P4$^-=WLyW;{)eb`i{@t%(8zD^bgmN^^zu--r5)=
zKS@>kvjVG0L}Klg&w1HRb8^i^3*MC`xut)SX>vBl&KC7oiZETme`GLcR|@nygy+uV
zbxzXLopNZ%*3kO+V3=vw1=IDI=Clpk-jiu}pdS#6qYJGe%^$5ZxKgDkQSq@Ti{#bS
z-EEwCgVuB_rrEkY<3CTiJ!_kE3iBV`4J8v>!%}wjzrC3KbX&G!hW&HA8(bmx;Sa|!
z#Thnyvece^OSX<X7j1~5Y1>wl=miW4Eb>{yYV&e1u$NgC*v{qB*k9=jty6N88Ftkg
z8Tw9QaZIXUM@I3nMq|#o0$55eVT~8rwUxW|eZ;knaYxmp$Ol~*e&bfUSzDz)pzfWC
zbA{Mb*@^Q@PG7=oQJcjG`|(%{B1*U8uXx}4=EEIMGIFp&h)}~)s5&%6wdnTY@AW7O
z7?_zF8k8V6cUz2W9kn(F7j1QNV9b3%U%`6oL-X}mnz{umBlWLtm3}4XbNpL3HvBv<
z%7)dwzx2@BSeNOtUzK3ZgV0s=n%~v$^0JBJay`^D*D@7uJh!=c+kne<8z<$PT8{rn
z@2z6nzKH;Lqr6@DauHELVa)U#GwWjW&)K+~qaCTJhm18g-*a{vDoC=?VKGixdgh)#
zna4NrZclepbf{PGZ0JK%YvUuY9cca9UZmSUw<&i#I{B9R>4g~&TwLWOV(h0mvl*r}
znbM#$vhkl^?Z0?k>O}#2uKjcO9foHboN5BaxuXV$We&6&WKOL9Y<?}&{GnX<Hzmee
z{e2dR0tT-u^OLWhjAv0z&S;&;^D5<>&rI~rU2-omaqDUNxM1}y@WR&XiRBeGlVFRB
zf3EjxjfpdVNKdy<czMp+SSqm<`7Oj@;?>3Rm&*#eJ>1L@E=esOs=BVv^=c11NVj)?
zYFsNji4m-=qc{KpUuEmuWgm!U-F(#T$f8_1{p;;|V9h^Rrpcp!7fNiiwShtTxooN}
z-y4%xH{^%=Qi#Np(zGib*`^yEWvPgg4VoxlY>Mv-Hrn3ldEfeV^0GX;zkI>tY<HoB
z|E69{3x_&~klqm&XT@@a=j1#DoG&ReRbh*a5Iws+Qb^O$%>Mn%ksg}~4CcWB5nFAe
zmu)L8LT?IFeZ71SynIoObem%1@|@16R9uGynA>Q59_gtX7|5Skx#4o9=Vp!rq;$AS
z+ajC^tYN`o(T64)-?v7WUFmw3{&S^`xFM}FW9d`%tj|#j{s5+1OjUzh3d8sPs)R(3
zS0MH*j}(}PvrCl+tH`X=Da`qfsq@r1M4ce*weL#wwlV9G{C++3GwGsxr^#lvju=Z2
zQKOxDDE^@yMP-4dK<D`*gCy!(KD^BPlW)7)g?6lb!B!m;Cz*STC+|ZvZk<1|M|-yB
zu|RXt!=WH+s~o1~%33R13U-Gge|z>7&REOk1CfHmI<kvL1H59aXN1HBH3rI@>ibHf
zWb{>omDb}9OmA_UFSKLNYj3;4Lmbfi*XIb{&*cLbh%G<XEJui+?U+1tjq^jCum?$u
zPlcMBiuC24u2Xsst5v^EqVc*S^G>9%uS>Z4kp<~d+jTw>QER>F{F>&xSE@S|+s7G9
zg13*Zm^xKNeY|&K^YqQ=oEcB9^Nn<@gzE^@tcxep9BA98%rjC;GKOxws9B3k2yqGf
zP&`j6RT!S0OyQS1J(c{-D42dGcGEE@gqFhanOhJsZN+!fB=~%QYYJn2Bb#FI&2x>E
z>t~W#4W>0-GNruKaq8H7w4S!rmUp<dxmUS1Ij5g;6Q%HFM?~&cdb>hS^M)e7Rf0A$
zz)GiM*cKM~r>`vd-tJ85T;luBlK$onMjtK3Zl{yYMNW&+0&CpVVeb|<-&#iGJ*K7Y
z*BWQKpEyJc?p2xeUCNi#;SnBRXR7wDDVKR0yjPSdbWegjClAe=g@!Y9(~RVs+#`yc
zywyotu34|uX&gi9PnDW~c|-c!faGkbc!J}E?6G(QvvTF(Pgiml1r`c_B*&lZj@;?P
z6Mkq$|C9Nr*@QQOw-U56%BOUyO-z_;<Esk;66yC2Nh6iCkePf!6uxoYb2vqQ(cE9%
zC-P0yA#TKFl4D}yo+~b9E=wL$E2=}{%rvA3DN*Bl+d>b~?HTTRct7+E@6Gk<y|1Qq
zDt~%z5A6DTXm6zI$5VSaF3rsjd@0PGOfq1e4c)^q`7%&yc~sYKYqfsFW@rCpise^J
z?Tfh%1+VsY=0$UrE>V}>%~)<NzvE1>c!UfjcqvY=q*hJw{U3R*DY+KX>mDz)47%~9
zMcE)V#X`}X9&{pyV#!zkQ1AN0Wa@;0$GH3G?`g-CpZD1?x+r=|!FMasgCZ$Zc`AC;
z%Qvlk^LLc{&wFS5ZvJs)I19_tfO}79E-A`c7Ik!&EcuGgy^joOf2Tu9AW*Ak5%$~`
z4}l$%-%`K;+5MI9I2w(10^wl-dY}0Dd@9+DlaR^>7AwfF@&bSDX@BF3_?*@LYnZ0w
qtp^b}f$-)3zWRTU>3`#r*rKoKW#HPpLb4)n19ep`l|1E3cm5wr{X_@=

literal 0
HcmV?d00001

diff --git a/tools/fedcalls/fedcalls.cabal b/tools/fedcalls/fedcalls.cabal
new file mode 100644
index 0000000000..2e42d6f9bb
--- /dev/null
+++ b/tools/fedcalls/fedcalls.cabal
@@ -0,0 +1,74 @@
+cabal-version: 1.12
+name:          fedcalls
+version:       1.0.0
+synopsis:
+  Generate a dot file from swagger docs representing calls to federated instances.
+
+category:      Network
+author:        Wire Swiss GmbH
+maintainer:    Wire Swiss GmbH <backend@wire.com>
+copyright:     (c) 2020 Wire Swiss GmbH
+license:       AGPL-3
+build-type:    Simple
+
+executable fedcalls
+  main-is:            Main.hs
+  hs-source-dirs:     src
+  default-extensions:
+    NoImplicitPrelude
+    AllowAmbiguousTypes
+    BangPatterns
+    ConstraintKinds
+    DataKinds
+    DefaultSignatures
+    DeriveFunctor
+    DeriveGeneric
+    DeriveLift
+    DeriveTraversable
+    DerivingStrategies
+    DerivingVia
+    EmptyCase
+    FlexibleContexts
+    FlexibleInstances
+    FunctionalDependencies
+    GADTs
+    InstanceSigs
+    KindSignatures
+    LambdaCase
+    MultiParamTypeClasses
+    MultiWayIf
+    NamedFieldPuns
+    OverloadedStrings
+    PackageImports
+    PatternSynonyms
+    PolyKinds
+    QuasiQuotes
+    RankNTypes
+    ScopedTypeVariables
+    StandaloneDeriving
+    TupleSections
+    TypeApplications
+    TypeFamilies
+    TypeFamilyDependencies
+    TypeOperators
+    UndecidableInstances
+    ViewPatterns
+
+  ghc-options:
+    -O2 -Wall -Wincomplete-uni-patterns -Wincomplete-record-updates
+    -Wpartial-fields -fwarn-tabs -optP-Wno-nonportable-include-path
+    -funbox-strict-fields -threaded -with-rtsopts=-N -with-rtsopts=-T
+    -rtsopts
+
+  build-depends:
+      aeson
+    , base
+    , containers
+    , imports
+    , insert-ordered-containers
+    , language-dot
+    , swagger2
+    , text
+    , wire-api
+
+  default-language:   Haskell2010
diff --git a/tools/fedcalls/src/Main.hs b/tools/fedcalls/src/Main.hs
new file mode 100644
index 0000000000..7a717e75ef
--- /dev/null
+++ b/tools/fedcalls/src/Main.hs
@@ -0,0 +1,220 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module Main
+  ( main,
+  )
+where
+
+import Control.Exception (assert)
+import Data.Aeson as A
+import qualified Data.Aeson.Types as A
+import qualified Data.HashMap.Strict.InsOrd as HM
+import qualified Data.Map as M
+import Data.Swagger
+  ( PathItem,
+    Swagger,
+    _operationExtensions,
+    _pathItemDelete,
+    _pathItemGet,
+    _pathItemHead,
+    _pathItemOptions,
+    _pathItemPatch,
+    _pathItemPost,
+    _pathItemPut,
+    _swaggerPaths,
+  )
+import Imports
+import Language.Dot as D
+import qualified Wire.API.Routes.Internal.Brig as BrigIRoutes
+import qualified Wire.API.Routes.Public.Brig as BrigRoutes
+import qualified Wire.API.Routes.Public.Cannon as CannonRoutes
+import qualified Wire.API.Routes.Public.Cargohold as CargoholdRoutes
+import qualified Wire.API.Routes.Public.Galley as GalleyRoutes
+import qualified Wire.API.Routes.Public.Gundeck as GundeckRoutes
+import qualified Wire.API.Routes.Public.Proxy as ProxyRoutes
+-- import qualified Wire.API.Routes.Internal.Cannon as CannonIRoutes
+-- import qualified Wire.API.Routes.Internal.Cargohold as CargoholdIRoutes
+-- import qualified Wire.API.Routes.Internal.LegalHold as LegalHoldIRoutes
+import qualified Wire.API.Routes.Public.Spar as SparRoutes
+
+------------------------------
+
+main :: IO ()
+main = do
+  writeFile "wire-fedcalls.dot" . D.renderDot . mkDotGraph $ calls
+  writeFile "wire-fedcalls.csv" . toCsv $ calls
+
+calls :: [MakesCallTo]
+calls = assert (calls' == nub calls') calls'
+  where
+    calls' = mconcat $ parse <$> swaggers
+
+swaggers :: [Swagger]
+swaggers =
+  [ -- TODO: introduce allSwaggerDocs in wire-api that collects these for all
+    -- services, use that in /services/brig/src/Brig/API/Public.hs instead of
+    -- doing it by hand.
+
+    BrigRoutes.brigSwagger, -- TODO: s/brigSwagger/swaggerDoc/ like everybody else!
+    CannonRoutes.swaggerDoc,
+    CargoholdRoutes.swaggerDoc,
+    GalleyRoutes.swaggerDoc,
+    GundeckRoutes.swaggerDoc,
+    ProxyRoutes.swaggerDoc,
+    SparRoutes.swaggerDoc,
+    -- TODO: collect all internal apis somewhere else (brig?), and expose them
+    -- via an internal swagger api end-point.
+
+    BrigIRoutes.swaggerDoc
+    -- CannonIRoutes.swaggerDoc,
+    -- CargoholdIRoutes.swaggerDoc,
+    -- LegalHoldIRoutes.swaggerDoc
+  ]
+
+------------------------------
+
+data MakesCallTo = MakesCallTo
+  { -- who is calling?
+    sourcePath :: String,
+    sourceMethod :: String,
+    -- where does the call go?
+    targetComp :: String,
+    targetName :: String
+  }
+  deriving (Eq, Show)
+
+------------------------------
+
+parse :: Swagger -> [MakesCallTo]
+parse =
+  mconcat
+    . fmap parseOperationExtensions
+    . mconcat
+    . fmap flattenPathItems
+    . HM.toList
+    . _swaggerPaths
+
+-- | extract path, method, and operation extensions
+flattenPathItems :: (FilePath, PathItem) -> [((FilePath, String), HM.InsOrdHashMap Text Value)]
+flattenPathItems (path, item) =
+  filter ((/= mempty) . snd) $
+    catMaybes
+      [ ((path, "get"),) . _operationExtensions <$> _pathItemGet item,
+        ((path, "put"),) . _operationExtensions <$> _pathItemPut item,
+        ((path, "post"),) . _operationExtensions <$> _pathItemPost item,
+        ((path, "delete"),) . _operationExtensions <$> _pathItemDelete item,
+        ((path, "options"),) . _operationExtensions <$> _pathItemOptions item,
+        ((path, "head"),) . _operationExtensions <$> _pathItemHead item,
+        ((path, "patch"),) . _operationExtensions <$> _pathItemPatch item
+      ]
+
+parseOperationExtensions :: ((FilePath, String), HM.InsOrdHashMap Text Value) -> [MakesCallTo]
+parseOperationExtensions ((path, method), hm) = uncurry (MakesCallTo path method) <$> findCallsFedInfo hm
+
+findCallsFedInfo :: HM.InsOrdHashMap Text Value -> [(String, String)]
+findCallsFedInfo hm = case A.parse parseJSON <$> HM.lookup "wire-makes-federated-call-to" hm of
+  Just (A.Success (fedcalls :: [(String, String)])) -> fedcalls
+  Just bad -> error $ "invalid extension `wire-makes-federated-call-to`: expected `[(comp, name), ...]`, got " <> show bad
+  Nothing -> []
+
+------------------------------
+
+-- | (this function can be simplified by tossing the serial numbers for nodes, but they might
+-- be useful for fine-tuning the output or rendering later.)
+--
+-- the layout isn't very useful on realistic data sets.  maybe we can tweak it with
+-- [layers](https://www.graphviz.org/docs/attr-types/layerRange/)?
+mkDotGraph :: [MakesCallTo] -> D.Graph
+mkDotGraph inbound = Graph StrictGraph DirectedGraph Nothing (mods <> nodes <> edges)
+  where
+    mods =
+      [ AttributeStatement GraphAttributeStatement [AttributeSetValue (NameId "rankdir") (NameId "LR")],
+        AttributeStatement NodeAttributeStatement [AttributeSetValue (NameId "shape") (NameId "rectangle")],
+        AttributeStatement EdgeAttributeStatement [AttributeSetValue (NameId "style") (NameId "dashed")]
+      ]
+    nodes =
+      [ SubgraphStatement (NewSubgraph Nothing (mkCallingNode <$> M.toList callingNodes)),
+        SubgraphStatement (NewSubgraph Nothing (mkCalledNode <$> M.toList calledNodes))
+      ]
+    edges = mkEdge <$> inbound
+
+    itemSourceNode :: MakesCallTo -> String
+    itemSourceNode (MakesCallTo path method _ _) = method <> " " <> path
+
+    itemTargetNode :: MakesCallTo -> String
+    itemTargetNode (MakesCallTo _ _ comp name) = "[" <> comp <> "]:" <> name
+
+    callingNodes :: Map String Integer
+    callingNodes =
+      foldl
+        (\mp (i, caller) -> M.insert caller i mp)
+        mempty
+        ((zip [0 ..] . nub $ itemSourceNode <$> inbound) :: [(Integer, String)])
+
+    calledNodes :: Map String Integer
+    calledNodes =
+      foldl
+        (\mp (i, called) -> M.insert called i mp)
+        mempty
+        ((zip [(fromIntegral $ M.size callingNodes) ..] . nub $ itemTargetNode <$> inbound) :: [(Integer, String)])
+
+    mkCallingNode :: (String, Integer) -> Statement
+    mkCallingNode n =
+      NodeStatement (mkCallingNodeId n) []
+
+    mkCallingNodeId :: (String, Integer) -> NodeId
+    mkCallingNodeId (caller, i) =
+      NodeId (NameId . show $ show i <> ": " <> caller) (Just (PortC CompassW))
+
+    mkCalledNode :: (String, Integer) -> Statement
+    mkCalledNode n =
+      NodeStatement (mkCalledNodeId n) []
+
+    mkCalledNodeId :: (String, Integer) -> NodeId
+    mkCalledNodeId (callee, i) =
+      NodeId (NameId . show $ show i <> ": " <> callee) (Just (PortC CompassE))
+
+    mkEdge :: MakesCallTo -> Statement
+    mkEdge item =
+      EdgeStatement
+        [ ENodeId NoEdge (mkCallingNodeId (caller, callerId)),
+          ENodeId DirectedEdge (mkCalledNodeId (callee, calleeId))
+        ]
+        []
+      where
+        caller = itemSourceNode item
+        callee = itemTargetNode item
+        callerId = fromMaybe (error "impossible") $ M.lookup caller callingNodes
+        calleeId = fromMaybe (error "impossible") $ M.lookup callee calledNodes
+
+------------------------------
+
+toCsv :: [MakesCallTo] -> String
+toCsv =
+  intercalate "\n"
+    . fmap (intercalate ",")
+    . addhdr
+    . fmap dolines
+  where
+    addhdr :: [[String]] -> [[String]]
+    addhdr = (["source method", "source path", "target component", "target name"] :)
+
+    dolines :: MakesCallTo -> [String]
+    dolines (MakesCallTo spath smeth tcomp tname) = [smeth, spath, tcomp, tname]

From 6657b855c67d126982d87948eecb7d36007af463 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Fri, 13 Jan 2023 11:29:06 +0100
Subject: [PATCH 07/38] Add "edit on github" button docs (#2983)

---
 docs/src/conf.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/src/conf.py b/docs/src/conf.py
index 1d2c7fa490..ee4d992b35 100644
--- a/docs/src/conf.py
+++ b/docs/src/conf.py
@@ -113,6 +113,13 @@
 html_favicon = '_static/favicon/favicon.ico'
 html_logo = '_static/image/Wire_logo.svg'
 
+html_context = {
+  'display_github': True,
+  'github_user': 'wireapp',
+  'github_repo': 'wire-server',
+  'github_version': 'develop/docs/src/',
+}
+
 smv_tag_whitelist = ''
 smv_branch_whitelist = r'^(install-with-poetry)$'
 smv_remote_whitelist = r'^(origin)$'

From d83c6793bb42b0d41f83237622e7cb2e22ea70b1 Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Fri, 13 Jan 2023 13:28:03 +0100
Subject: [PATCH 08/38] [SQSERVICES-1828] pagination of team members does not
 work properly for certain team sizes (#2968)

---
 changelog.d/3-bug-fixes/pr-2968                |  1 +
 .../src/Brig/User/Search/TeamUserSearch.hs     | 18 +++++++++++++++---
 .../test/integration/API/TeamUserSearch.hs     | 17 +++++++++++------
 3 files changed, 27 insertions(+), 9 deletions(-)
 create mode 100644 changelog.d/3-bug-fixes/pr-2968

diff --git a/changelog.d/3-bug-fixes/pr-2968 b/changelog.d/3-bug-fixes/pr-2968
new file mode 100644
index 0000000000..e32c978a07
--- /dev/null
+++ b/changelog.d/3-bug-fixes/pr-2968
@@ -0,0 +1 @@
+Fix pagination in team user search (make search key unique)
diff --git a/services/brig/src/Brig/User/Search/TeamUserSearch.hs b/services/brig/src/Brig/User/Search/TeamUserSearch.hs
index dea5b4dd37..3731f02ab6 100644
--- a/services/brig/src/Brig/User/Search/TeamUserSearch.hs
+++ b/services/brig/src/Brig/User/Search/TeamUserSearch.hs
@@ -102,12 +102,24 @@ teamUserSearchQuery tid mbSearchText _mRoleFilter mSortBy mSortOrder =
         mbQStr
     )
     teamFilter
-    ( maybe
+    -- in combination with pagination a non-unique search specification can lead to missing results
+    -- therefore we use the unique `_doc` value as a tie breaker
+    -- - see https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-sort.html for details on `_doc`
+    -- - see https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-search-after.html for details on pagination and tie breaker
+    -- in the latter article it "is advised to duplicate (client side or [...]) the content of the _id field
+    -- in another field that has doc value enabled and to use this new field as the tiebreaker for the sort"
+    -- so alternatively we could use the user ID as a tie breaker, but this would require a change in the index mapping
+    (sorting ++ sortingTieBreaker)
+  where
+    sorting :: [ES.DefaultSort]
+    sorting =
+      maybe
         [defaultSort SortByCreatedAt SortOrderDesc | isNothing mbQStr]
         (\tuSortBy -> [defaultSort tuSortBy (fromMaybe SortOrderAsc mSortOrder)])
         mSortBy
-    )
-  where
+    sortingTieBreaker :: [ES.DefaultSort]
+    sortingTieBreaker = [ES.DefaultSort (ES.FieldName "_doc") ES.Ascending Nothing Nothing Nothing Nothing]
+
     mbQStr :: Maybe Text
     mbQStr =
       case mbSearchText of
diff --git a/services/brig/test/integration/API/TeamUserSearch.hs b/services/brig/test/integration/API/TeamUserSearch.hs
index ef4ab14088..a57301bb0f 100644
--- a/services/brig/test/integration/API/TeamUserSearch.hs
+++ b/services/brig/test/integration/API/TeamUserSearch.hs
@@ -111,7 +111,7 @@ testSort brig = do
   let sortByProperty' :: (TestConstraints m, Ord a) => TeamUserSearchSortBy -> (User -> a) -> TeamUserSearchSortOrder -> m ()
       sortByProperty' = sortByProperty tid users ownerId
   for_ [SortOrderAsc, SortOrderDesc] $ \sortOrder -> do
-    -- FUTUREWORK: Test SortByRole when role is avaible in index
+    -- FUTUREWORK: Test SortByRole when role is available in index
     sortByProperty' SortByEmail userEmail sortOrder
     sortByProperty' SortByName userDisplayName sortOrder
     sortByProperty' SortByHandle (fmap fromHandle . userHandle) sortOrder
@@ -144,12 +144,17 @@ testEmptyQuerySortedWithPagination :: TestConstraints m => Brig -> m ()
 testEmptyQuerySortedWithPagination brig = do
   (tid, userId -> ownerId, _) <- createPopulatedBindingTeamWithNamesAndHandles brig 20
   refreshIndex brig
-  searchResultFirst10 <- executeTeamUserSearchWithMaybeState brig tid ownerId (Just "") Nothing Nothing Nothing (Just $ unsafeRange 10) Nothing
-  searchResultLast11 <- executeTeamUserSearchWithMaybeState brig tid ownerId (Just "") Nothing Nothing Nothing Nothing (searchPagingState searchResultFirst10)
+  let teamUserSearch mPs = executeTeamUserSearchWithMaybeState brig tid ownerId (Just "") Nothing (Just SortByRole) (Just SortOrderAsc) (Just $ unsafeRange 10) mPs
+  searchResultFirst10 <- teamUserSearch Nothing
+  searchResultNext10 <- teamUserSearch (searchPagingState searchResultFirst10)
+  searchResultLast1 <- teamUserSearch (searchPagingState searchResultNext10)
   liftIO $ do
     searchReturned searchResultFirst10 @?= 10
     searchFound searchResultFirst10 @?= 21
     searchHasMore searchResultFirst10 @?= Just True
-    searchReturned searchResultLast11 @?= 11
-    searchFound searchResultLast11 @?= 21
-    searchHasMore searchResultLast11 @?= Just False
+    searchReturned searchResultNext10 @?= 10
+    searchFound searchResultNext10 @?= 21
+    searchHasMore searchResultNext10 @?= Just True
+    searchReturned searchResultLast1 @?= 1
+    searchFound searchResultLast1 @?= 21
+    searchHasMore searchResultLast1 @?= Just False

From 8760b4978ccb039b229d458b7a08136a05e12ff9 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Fri, 13 Jan 2023 14:21:16 +0100
Subject: [PATCH 09/38] Fix Federation Docs errata (#2984)

---
 .../how-to/install/configure-federation.md    | 14 +++---
 docs/src/understand/federation/api.md         |  4 +-
 .../src/understand/federation/architecture.md | 23 +++++-----
 .../federation/backend-communication.md       | 46 +++++++------------
 4 files changed, 37 insertions(+), 50 deletions(-)

diff --git a/docs/src/how-to/install/configure-federation.md b/docs/src/how-to/install/configure-federation.md
index c7e46849bc..69396c92b5 100644
--- a/docs/src/how-to/install/configure-federation.md
+++ b/docs/src/how-to/install/configure-federation.md
@@ -14,7 +14,7 @@ detailed in the sections below:
 
 -   Choose a backend domain name
 
--   DNS setup for federation (including a `SRV` record)
+-   DNS setup for federation (including an `SRV` record)
 
 -   Generate and configure TLS certificates:
 
@@ -31,7 +31,7 @@ detailed in the sections below:
 ## Choose a Backend Domain
 
 As of the release \[helm chart 0.129.0, Wire docker version 2.94.0\] from
-2020-12-15, the `federationDomain` is a mandatory configuration setting, which
+2020-12-15, `federationDomain` is a mandatory configuration setting, which
 defines the {ref}`backend domain <glossary_backend_domain>` of your
 installation. Regardless of whether you want to enable federation for a backend
 or not, you must decide what its domain is going to be. This helps in keeping
@@ -118,7 +118,7 @@ The fields of the SRV record need to be populated as follows
 -   `weight`: \>0 for your server to be reachable. A good default value
     could be 10
 -   `port`: `443`
--   `target`: the infra domain
+-   `target`: the infrastructure domain
 
 To give an example, assuming
 
@@ -237,7 +237,7 @@ trust when interacting with other backends.
 ### (B) Manual server and client certificates
 
 Use your usual method of obtaining X.509 certificates for your {ref}`federation
-infra domain <glossary_infra_domain>` (alongside the other domains needed for a
+infrastructure domain <glossary_infra_domain>` (alongside the other domains needed for a
 wire-server installation).
 
 You can use one single certificate and key for both server and client
@@ -266,7 +266,7 @@ X509v3 extensions:
         TLS Web Server Authentication, TLS Web Client Authentication
 ```
 
-And your {ref}`federation infra domain <glossary_infra_domain>` (e.g.
+And your {ref}`federation infrastructure domain <glossary_infra_domain>` (e.g.
 `federator.wire.example.com` from the running example) needs to either figure
 explictly in the list of your SAN (Subject Alternative Name):
 
@@ -304,7 +304,7 @@ The *server certificate* and *private key* need to be configured in
 just the federator component. If you have installed wire-server before
 without federation, server certificates may already be configured
 *(though you probably need to create new certificates to include the
-federation infra domain if you\'re not making use of wildcard
+federation infrastructure domain if you\'re not making use of wildcard
 certificates)*. Server certificates go here:
 
 ``` yaml
@@ -515,7 +515,7 @@ Ensure that the IP matches where your backend ingress runs.
 
 Refer to {ref}`how-to-see-tls-certs` and set
 DOMAIN to your
-{ref}`federation infra domain <glossary_infra_domain>`. They should include your domain as part of the SAN (Subject
+{ref}`federation infrastructure domain <glossary_infra_domain>`. They should include your domain as part of the SAN (Subject
 Alternative Names) and not have expired.
 
 ### Manually test that federation works 
diff --git a/docs/src/understand/federation/api.md b/docs/src/understand/federation/api.md
index 2a8325606c..e48e642294 100644
--- a/docs/src/understand/federation/api.md
+++ b/docs/src/understand/federation/api.md
@@ -231,9 +231,9 @@ their precise inputs and outputs.
 
 In the following the interactions between *Federator* and *Federation Ingress*
 components of the backends involved are omitted for simplicity. Also the backend
-domain and infra domain are assumed the same.
+domain and infrastructure domain are assumed the same.
 
-Additionally we assume that the backend domain and the infra domain of
+Additionally we assume that the backend domain and the infrastructure domain of
 the respective backends involved are the same and each domain identifies
 a distinct backend.
 
diff --git a/docs/src/understand/federation/architecture.md b/docs/src/understand/federation/architecture.md
index 392806ac91..6bb1e782bc 100644
--- a/docs/src/understand/federation/architecture.md
+++ b/docs/src/understand/federation/architecture.md
@@ -6,19 +6,18 @@
 ## Backends
 
 In the following we call a **backend** the set of servers, databases and DNS
-configurations that together form one single Wire Server entity as seen from
+configurations that together form one single Wire Server entity as seen from the
 outside. It can also be called a Wire \"instance\" or \"server\" or \"Wire
 installation\". Every resource (e.g. users, conversations, assets and teams)
 exists and is *owned* by a single backend, which we can refer to as that
 resource\'s backend.
 
 The communication between federated backends is facilitated by two components in
-each backend: {ref}`federation_ingress` and {ref}`federator`. The
-*Federation Ingress* is, as the name suggests the
-ingress point for incoming connections from other backends, which are then
-forwarded to the *Federator*. The *Federator* forwards requests
-to internal components. It also acts as a *egress* point for requests from
-internal backend components to other, remote backends.
+each backend: {ref}`federation_ingress` and {ref}`federator`. The *Federation
+Ingress* is, as the name suggests, the ingress point for incoming connections
+from other backends, which are then forwarded to the *Federator*. The
+*Federator* forwards requests to internal components. It also acts as a *egress*
+point for requests from internal backend components to other, remote backends.
 
 ![image](img/federated-backend-architecture.png)
 
@@ -32,7 +31,7 @@ internal backend components to other, remote backends.
 Each backend has two domain: an {ref}`infrastructure domain <glossary_infra_domain>` and a
 {ref}`backend domain <glossary_backend_domain>`.
 
-The **infrastructure domain** (short **infra domain**) is the domain name under which the backend
+The **infrastructure domain** is the domain name under which the backend
 is actually reachable via the network. It is also the domain name that
 each backend uses in authenticating itself to other backends.
 
@@ -42,7 +41,7 @@ context of federation.
 
 The distinction between the two domains allows the owner of a backend
 domain, e.g. `example.com`, to host their Wire backend under a
-different infra domain, e.g. `wire.infra.example.com`.
+different infrastructure domain, e.g. `wire.infra.example.com`.
 
 (federation_ingress)=
 
@@ -53,7 +52,7 @@ ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)
 and uses [nginx](https://nginx.org/en/) as its underlying software.
 
 It is configured with a set of X.509 certificates, which acts as root of
-trust for the authentication of the infra domain of remote backends, as
+trust for the authentication of the infrastructure domain of remote backends, as
 well as with a certificate, which it uses to authenticate itself toward
 other backends.
 
@@ -74,7 +73,7 @@ point for other backend components. It can be configured to use an
 {ref}`allow list
 <allow-list>` to authorize incoming and
 outgoing connections, and it keeps an X.509 client certificate for the
-backend\'s infra domain to authenticate itself towards other backends.
+backend\'s infrastructure domain to authenticate itself towards other backends.
 Additionally, it requires a connection to a DNS resolver to
 {ref}`discover<discovery>` other backends.
 
@@ -97,7 +96,7 @@ from remote backends (forwarded via the local
 1.  Discover the mapping
     between backend domain claimed by the remote backend and its infra
     domain,
-2.  Verify that the discovered infra domain matches the domain in the
+2.  Verify that the discovered infrastructure domain matches the domain in the
     remote backend\'s client certificate,
 3.  If enabled, ensure that the backend domain of the other backend is
     in the allow list.
diff --git a/docs/src/understand/federation/backend-communication.md b/docs/src/understand/federation/backend-communication.md
index 7fa3e71cb9..a71c6e158b 100644
--- a/docs/src/understand/federation/backend-communication.md
+++ b/docs/src/understand/federation/backend-communication.md
@@ -9,7 +9,7 @@ need to ensure the following:
 
 - **Authentication**
 
-    Determine the identity (infra domain name) of the other backend.
+    Determine the identity (infrastructure domain name) of the other backend.
 
 - **Discovery**
 
@@ -36,7 +36,7 @@ Conversely, every *Federator* needs to be provisioned with a client
 certificate which it uses to authenticate itself towards other backends.
 
 Note that the client certificate is required to be issued with the backend\'s
-infra domain as one of the subject alternative names (SAN), which is defined in
+infrastructure domain as one of the subject alternative names (SAN), which is defined in
 [RFC 5280](https://tools.ietf.org/html/rfc5280).
 
 See {ref}`federation-certificate-setup` for technical instructions.
@@ -48,7 +48,7 @@ with an `AuthenticationFailure` error.
 
 ## Discovery
 
-The discovery process allows a backend to determine the infra domain of
+The discovery process allows a backend to determine the infrastructure domain of
 a given backend domain.
 
 This step is necessary in two scenarios:
@@ -56,21 +56,19 @@ This step is necessary in two scenarios:
 -   A backend would like to establish a connection to another backend
     that it only knows the backend domain of. This is the case, for
     example, when a user of a local backend searches for a
-    {ref}`qualified username <qualified-identifiers-and-names>`, which only includes that user\'s backend\'s backend
-    domain.
+    {ref}`qualified username <qualified-identifiers-and-names>`, which only includes the backend domain of that user's backend.
 -   When receiving a message from another backend that authenticates
-    with a given infra domain and claims to represent a given backend
+    with a given infrastructure domain and claims to represent a given backend
     domain, a backend would like to ensure the backend domain owner
-    authorized the owner of the infra domain to run their Wire backend.
+    authorized the owner of the infrastructure domain to run their Wire backend.
 
 To make discovery possible, any party hosting a Wire backend has to
-announce the infra domain via a DNS *SRV* record as defined in [RFC
+announce the infrastructure domain via a DNS *SRV* record as defined in [RFC
 2782](https://tools.ietf.org/html/rfc2782) with
 `service = wire-server-federator, proto = tcp` and with `name` pointing
-to the backend\'s domain and *target* to the backend\'s infra domain.
+to the backend\'s domain and *target* to the backend\'s infrastructure domain.
 
-For example, Company A with backend domain *company-a.com* and infra
-domain *wire.company-a.com* could publish
+For example, Company A with backend domain *company-a.com* and infrastructure domain *wire.company-a.com* could publish
 
 ``` bash
 _wire-server-federator._tcp.company-a.com. 600  IN  SRV 10 5 443 federator.wire.company-a.com.
@@ -83,34 +81,24 @@ In case this process fails the Federator fails to forward the request with a `Di
 
 (dns-scope)=
 
-### DNS Scope
-
-The network scope of the SRV record (as well as that of the DNS records
-for backend and infra domain), depends on the desired federation
-topology in the same way as other parameters such as the availability of
-the CA certificate that allows authentication of the *Federation
-Ingress*\' server certificate or the *Federator*\'s client certificate.
-The general rule is that the SRV entry should be \"visible\" from the
-point of view of the desired federation partners. The exact scope
-strongly depends on the network architecture of the backends involved.
 
 (srv-ttl-and-caching)=
 
 ### SRV TTL and Caching
 
 After retrieving the SRV record for a given domain, the local backend
-caches the *backend domain \<\--\> infra domain* mapping for the
+caches the *backend domain \<\--\> infrastructure domain* mapping for the
 duration indicated in the TTL field of the record.
 
 Due to this caching behavior, the TTL value of the SRV record dictates
 at which intervals remote backends will refresh their mapping of the
-local backend\'s backend domain to infra domain. As a consequence a
+local backend\'s backend domain to infrastructure domain. As a consequence a
 value in the order of magnitude of 24 hours will reduce the amount of
 overhead for remote backends.
 
-On the other hand in the setup phase of a backend, or when a change of infra
+On the other hand in the setup phase of a backend, or when a change of infrastructure
 domain is required, a TTL value in the magnitude of a few minutes allows remote
-backends to recover more quickly from a change of the infra domain.
+backends to recover more quickly from a change of the infrastructure domain.
 
 (authorization)=
 
@@ -122,10 +110,10 @@ After an incoming connection is authenticated the backend authorizes the
 request. It does so by verifying that the backend domain of the sender is
 contained in the {ref}`domain allow list <configure-federation-allow-list>`.
 
-Since the request is authenticated only by the infra domain the sending backend
+Since the request is authenticated only by the infrastructure domain the sending backend
 is required to add its backend domain as a `Wire-Origin-Domain` header to the
 request. The receiving backend follows the process described in {ref}`discovery`
-and verifies that the discovered infra domain for the backend domain indicated
+and verifies that the discovered infrastructure domain for the backend domain indicated
 in the `Wire-Origin-Domain` header is one of the Subject Alternative Names
 contained in the client certificate used to sign the request. If this is not the
 case, the receiving backend fails the request with a `ValidationError`.
@@ -150,8 +138,8 @@ details.
 ## Example
 
 The following is an example for the message and information flow between
-a backend with backend domain `a.com` and infra domain `infra.a.com` and
-another backend with backend domain `b.com` and infra domain
+a backend with backend domain `a.com` and infrastructure domain `infra.a.com` and
+another backend with backend domain `b.com` and infrastructure domain
 `infra.b.com`.
 
 The content and format of the message is meant to be representative. For

From 8816b3fe327bad6b40c6fc5f0022fb755832406d Mon Sep 17 00:00:00 2001
From: fisx <mf@zerobuzz.net>
Date: Mon, 16 Jan 2023 12:17:22 +0100
Subject: [PATCH 10/38] Fix `ToSchema Version` instance. (#2978)

This partially reverts commit 6f91151 (#2965).
---
 changelog.d/5-internal/pr-2965               | 1 +
 libs/wire-api/src/Wire/API/Routes/Version.hs | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/5-internal/pr-2965

diff --git a/changelog.d/5-internal/pr-2965 b/changelog.d/5-internal/pr-2965
new file mode 100644
index 0000000000..9dffecdd84
--- /dev/null
+++ b/changelog.d/5-internal/pr-2965
@@ -0,0 +1 @@
+Fix `make clean` (#2965, #2978)
diff --git a/libs/wire-api/src/Wire/API/Routes/Version.hs b/libs/wire-api/src/Wire/API/Routes/Version.hs
index 5586be14ba..68d46bf8ee 100644
--- a/libs/wire-api/src/Wire/API/Routes/Version.hs
+++ b/libs/wire-api/src/Wire/API/Routes/Version.hs
@@ -64,7 +64,11 @@ data Version = V0 | V1 | V2 | V3
 instance ToSchema Version where
   schema =
     enum @Integer "Version" . mconcat $
-      (\v -> element (fromIntegral $ fromEnum v) v) <$> [minBound @Version ..]
+      [ element 0 V0,
+        element 1 V1,
+        element 2 V2,
+        element 3 V3
+      ]
 
 mkVersion :: Integer -> Maybe Version
 mkVersion n = case Aeson.fromJSON (Aeson.Number (fromIntegral n)) of

From b58e47708e8c399dee2066590fbc1d8ccd4002df Mon Sep 17 00:00:00 2001
From: Sven Tennie <sven.tennie@wire.com>
Date: Mon, 16 Jan 2023 15:19:56 +0100
Subject: [PATCH 11/38] Add Helm chart for K8ssandra in test systems (#2981)

This is not for production usage: E.g. the chart does not provide backups (medusa.)
It's meant to simplify k8ssandra setups in test systems.

Co-authored-by: jschaul <jschaul@users.noreply.github.com>
---
 Makefile                                      |  7 +-
 .../5-internal/k8ssandra-cluster-helm-chart   |  1 +
 charts/k8ssandra-test-cluster/.helmignore     | 23 +++++
 charts/k8ssandra-test-cluster/Chart.yaml      |  9 ++
 charts/k8ssandra-test-cluster/README.md       | 89 +++++++++++++++++++
 .../templates/check-cluster-job.yaml          | 19 ++++
 .../templates/k8ssandra-cluster.yaml          | 43 +++++++++
 charts/k8ssandra-test-cluster/values.yaml     | 13 +++
 8 files changed, 203 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/5-internal/k8ssandra-cluster-helm-chart
 create mode 100644 charts/k8ssandra-test-cluster/.helmignore
 create mode 100644 charts/k8ssandra-test-cluster/Chart.yaml
 create mode 100644 charts/k8ssandra-test-cluster/README.md
 create mode 100644 charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
 create mode 100644 charts/k8ssandra-test-cluster/templates/k8ssandra-cluster.yaml
 create mode 100644 charts/k8ssandra-test-cluster/values.yaml

diff --git a/Makefile b/Makefile
index df625369b5..9b44c21278 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,12 @@ CHARTS_INTEGRATION    := wire-server databases-ephemeral redis-cluster fake-aws
 # (e.g. move charts/brig to charts/wire-server/brig)
 # this list could be generated from the folder names under ./charts/ like so:
 # CHARTS_RELEASE := $(shell find charts/ -maxdepth 1 -type d | xargs -n 1 basename | grep -v charts)
-CHARTS_RELEASE        := wire-server redis-ephemeral redis-cluster databases-ephemeral fake-aws fake-aws-s3 fake-aws-sqs aws-ingress  fluent-bit kibana backoffice calling-test demo-smtp elasticsearch-curator elasticsearch-external elasticsearch-ephemeral minio-external cassandra-external nginx-ingress-controller nginx-ingress-services reaper sftd restund coturn inbucket
+CHARTS_RELEASE := wire-server redis-ephemeral redis-cluster databases-ephemeral	\
+fake-aws fake-aws-s3 fake-aws-sqs aws-ingress fluent-bit kibana backoffice		\
+calling-test demo-smtp elasticsearch-curator elasticsearch-external				\
+elasticsearch-ephemeral minio-external cassandra-external						\
+nginx-ingress-controller nginx-ingress-services reaper sftd restund coturn		\
+inbucket k8ssandra-test-cluster
 KIND_CLUSTER_NAME     := wire-server
 
 package ?= all
diff --git a/changelog.d/5-internal/k8ssandra-cluster-helm-chart b/changelog.d/5-internal/k8ssandra-cluster-helm-chart
new file mode 100644
index 0000000000..ce269c8ef6
--- /dev/null
+++ b/changelog.d/5-internal/k8ssandra-cluster-helm-chart
@@ -0,0 +1 @@
+Add Helm chart to configure clusters managed by k8ssandra-operator for test environments.
diff --git a/charts/k8ssandra-test-cluster/.helmignore b/charts/k8ssandra-test-cluster/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/k8ssandra-test-cluster/Chart.yaml b/charts/k8ssandra-test-cluster/Chart.yaml
new file mode 100644
index 0000000000..b67746d307
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: k8ssandra-test-cluster
+description: K8ssandra (Cassandra cluster) K8ssandraCluster object for wire test servers. (This does not install K8ssandra itself!)
+
+type: application
+
+version: 0.1.0
+
+appVersion: "0.39.2"
diff --git a/charts/k8ssandra-test-cluster/README.md b/charts/k8ssandra-test-cluster/README.md
new file mode 100644
index 0000000000..865183c156
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/README.md
@@ -0,0 +1,89 @@
+# k8ssandra-test-cluster Helm chart
+
+`k8ssandra-test-cluster` provides a `K8ssandraCluster` object to create a
+*Cassandra* database with
+[`k8ssandra-operator`](https://artifacthub.io/packages/helm/k8ssandra/k8ssandra-operator).
+**It does not install `k8ssandra-operator` itself!** This configuration is meant
+to be used in test environments: **It lacks crucial parts like backups
+(`medusa`)!**
+
+## Usage in Helmfile
+
+### Prerequisites
+
+You need a *storage class* that can automatically request storage volumes. For
+Hetzner's cloud see: [Container Storage Interface driver for Hetzner
+Cloud](https://github.com/hetznercloud/csi-driver)
+
+### Usage
+
+These entries are used in the `helfile` file:
+
+``` yaml
+...
+
+repositories:
+  - name: wire
+    url: 'https://s3-eu-west-1.amazonaws.com/public.wire.com/charts'
+  - name: k8ssandra-stable
+    url: https://helm.k8ssandra.io/stable
+
+...
+
+releases:
+  - name: k8ssandra-operator
+    chart: 'k8ssandra-stable/k8ssandra-operator'
+    namespace: databases
+    version: 0.39.2
+    values:
+      # Use a cass-operator image that is compatible to the K8s cluster version
+      - cass-operator:
+            image:
+              tag: v1.10.5
+
+  # Installs CDRs automatically
+  - name: k8ssandra-test-cluster
+    chart: "wire/k8ssandra-test-cluster"
+    namespace: "databases"
+    version: {{ .Values.wireChartVersion | quote }}
+    needs:
+      - 'databases/k8ssandra-operator'
+    wait: true
+    waitForJobs: true
+
+  - name: 'wire-server'
+    namespace: 'wire'
+    chart: 'wire/wire-server'
+    version: {{ .Values.wireChartVersion | quote }}
+    values:
+      - './helm_vars/wire-server/values.yaml.gotmpl'
+    secrets:
+      - './helm_vars/wire-server/secrets.yaml'
+    needs:
+      - 'databases/k8ssandra-test-cluster'
+
+...
+```
+
+Please note the `needs` relations of the releases: `wire-server` *needs*
+`k8ssandra-test-cluster` which *needs* `k8ssandra-operator`.
+
+`wait` and `waitForJobs` are mandatory for `k8ssandra-test-cluster` in this
+setup: These settings ensure that the database really exists before resuming
+with the deployment.
+
+## Implementation details
+
+### k8ssandra-cluster.yaml
+
+Contains the `K8ssandraCluster` object. Its schema is described in the [CRD
+reference](https://docs-v2.k8ssandra.io/reference/crd/k8ssandra-operator-crds-latest/#k8ssandracluster)
+
+The specified *Cassandra* cluster runs on a single Node with reasonable
+resources for test environments.
+
+### check-cluster-job.yaml
+
+Defines a job that tries to connect to the final *Cassandra* database. Other
+deployments can wait on this. This is useful because `wire-server` needs a
+working database right from the beginning of it's deployment.
diff --git a/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
new file mode 100644
index 0000000000..dbff6e0332
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
@@ -0,0 +1,19 @@
+# This job fails until the Cassandra created database is reachable. The Helmfile
+# deployment can wait for it. This is used to start wire-server deployments only
+# with a reachable database.
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: check-cluster-job
+  namespace: databases
+spec:
+  template:
+    spec:
+      containers:
+      - name: cassandra
+        image: cassandra:3.11
+        command: ["cqlsh", "k8ssandra-cluster-datacenter-1-service"]
+      restartPolicy: OnFailure
+  # Default is 6 retries. 8 is a bit arbitrary, but should be sufficient for
+  # low resource environments (e.g. Wire-in-a-box.)
+  backoffLimit: 8
diff --git a/charts/k8ssandra-test-cluster/templates/k8ssandra-cluster.yaml b/charts/k8ssandra-test-cluster/templates/k8ssandra-cluster.yaml
new file mode 100644
index 0000000000..4139f672e5
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/templates/k8ssandra-cluster.yaml
@@ -0,0 +1,43 @@
+apiVersion: k8ssandra.io/v1alpha1
+kind: K8ssandraCluster
+metadata:
+  name: k8ssandra-cluster
+  namespace: databases
+spec:
+  auth: false
+  cassandra:
+    serverVersion: "3.11.11"
+    telemetry:
+      prometheus:
+        enabled: true
+    resources:
+      requests:
+        cpu: 1
+        memory: "4.0Gi"
+      limits:
+        memory: "4.0Gi"
+    config:
+      jvmOptions:
+        # Intentionally, half of the available memory
+        heap_max_size: "2G"
+        heap_initial_size: "2G"
+        gc_g1_rset_updating_pause_time_percent: 5
+        gc: "G1GC"
+        gc_g1_max_gc_pause_ms: 300
+        gc_g1_initiating_heap_occupancy_percent: 55
+        gc_g1_parallel_threads: 16
+    datacenters:
+        - metadata:
+            name: datacenter-1
+          size: 1
+          storageConfig:
+            cassandraDataVolumeClaimSpec:
+              storageClassName: {{ .Values.storageClassName }}
+              accessModes:
+                - ReadWriteOnce
+              resources:
+                requests:
+                  storage: {{ .Values.storageSize }}
+  reaper:
+    autoScheduling:
+      enabled: true
diff --git a/charts/k8ssandra-test-cluster/values.yaml b/charts/k8ssandra-test-cluster/values.yaml
new file mode 100644
index 0000000000..3aabc8db1a
--- /dev/null
+++ b/charts/k8ssandra-test-cluster/values.yaml
@@ -0,0 +1,13 @@
+# The values in k8ssandra-cluster.yaml are well choosen. Please only export and
+# override them if you are confident the change is needed.
+
+# storageClassName: the name storageClass to use. This defines where the data is
+# stored. Storage is automatically requested if the storage class is correctly
+# setup.
+storageClassName: hcloud-volumes-encrypted
+
+# storageSize: Size of the storage (persistent volume claim) to request. At
+# Hetzner's cloud the smallest volume is 10GB. So, even if you need much less
+# storage, it's fine to request 10GB. The memory units are described here:
+# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory
+storageSize: 10G

From b2c183aedf83439ce0398d991d7561dfcb0e5efe Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Tue, 17 Jan 2023 10:13:30 +0100
Subject: [PATCH 12/38] [REFACTORING] ID tag expand abbreviation to full name
 (#2991)

---
 changelog.d/5-internal/pr-2991   |  1 +
 libs/types-common/src/Data/Id.hs | 58 ++++++++++++++++++--------------
 2 files changed, 34 insertions(+), 25 deletions(-)
 create mode 100644 changelog.d/5-internal/pr-2991

diff --git a/changelog.d/5-internal/pr-2991 b/changelog.d/5-internal/pr-2991
new file mode 100644
index 0000000000..150d50cf30
--- /dev/null
+++ b/changelog.d/5-internal/pr-2991
@@ -0,0 +1 @@
+Make ID tags more readable by expanding abbreviations to full names.
diff --git a/libs/types-common/src/Data/Id.hs b/libs/types-common/src/Data/Id.hs
index bcdd57aa12..5663626362 100644
--- a/libs/types-common/src/Data/Id.hs
+++ b/libs/types-common/src/Data/Id.hs
@@ -87,54 +87,62 @@ import Servant (FromHttpApiData (..), ToHttpApiData (..))
 import Test.QuickCheck
 import Test.QuickCheck.Instances ()
 
-data IdTag = A | C | I | U | P | S | T | STo
+data IdTag
+  = Asset
+  | Conversation
+  | Invitation
+  | User
+  | Provider
+  | Service
+  | Team
+  | ScimToken
 
 idTagName :: IdTag -> Text
-idTagName A = "Asset"
-idTagName C = "Conv"
-idTagName I = "Invitation"
-idTagName U = "User"
-idTagName P = "Provider"
-idTagName S = "Service"
-idTagName T = "Team"
-idTagName STo = "ScimToken"
+idTagName Asset = "Asset"
+idTagName Conversation = "Conv"
+idTagName Invitation = "Invitation"
+idTagName User = "User"
+idTagName Provider = "Provider"
+idTagName Service = "Service"
+idTagName Team = "Team"
+idTagName ScimToken = "ScimToken"
 
 class KnownIdTag (t :: IdTag) where
   idTagValue :: IdTag
 
-instance KnownIdTag 'A where idTagValue = A
+instance KnownIdTag 'Asset where idTagValue = Asset
 
-instance KnownIdTag 'C where idTagValue = C
+instance KnownIdTag 'Conversation where idTagValue = Conversation
 
-instance KnownIdTag 'I where idTagValue = I
+instance KnownIdTag 'Invitation where idTagValue = Invitation
 
-instance KnownIdTag 'U where idTagValue = U
+instance KnownIdTag 'User where idTagValue = User
 
-instance KnownIdTag 'P where idTagValue = P
+instance KnownIdTag 'Provider where idTagValue = Provider
 
-instance KnownIdTag 'S where idTagValue = S
+instance KnownIdTag 'Service where idTagValue = Service
 
-instance KnownIdTag 'T where idTagValue = T
+instance KnownIdTag 'Team where idTagValue = Team
 
-instance KnownIdTag 'STo where idTagValue = STo
+instance KnownIdTag 'ScimToken where idTagValue = ScimToken
 
-type AssetId = Id 'A
+type AssetId = Id 'Asset
 
-type InvitationId = Id 'I
+type InvitationId = Id 'Invitation
 
 -- | A local conversation ID
-type ConvId = Id 'C
+type ConvId = Id 'Conversation
 
 -- | A local user ID
-type UserId = Id 'U
+type UserId = Id 'User
 
-type ProviderId = Id 'P
+type ProviderId = Id 'Provider
 
-type ServiceId = Id 'S
+type ServiceId = Id 'Service
 
-type TeamId = Id 'T
+type TeamId = Id 'Team
 
-type ScimTokenId = Id 'STo
+type ScimTokenId = Id 'ScimToken
 
 -- Id -------------------------------------------------------------------------
 

From 37d9b3f9dbc295c0ffd760ea5b4622ac08db1746 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Tue, 17 Jan 2023 15:25:28 +0100
Subject: [PATCH 13/38] Refactor Writetime (#2994)

---
 changelog.d/5-internal/refactor-writetime     |  1 +
 libs/cassandra-util/src/Cassandra/Util.hs     | 56 +++++++++++++++----
 services/brig/src/Brig/User/Search/Index.hs   | 33 +++++++----
 .../brig/test/integration/API/Internal.hs     | 23 +++++++-
 services/galley/src/Galley/Cassandra/Team.hs  |  2 +-
 tools/db/find-undead/src/Work.hs              |  4 +-
 .../db/inconsistencies/src/DanglingHandles.hs |  3 +-
 7 files changed, 94 insertions(+), 28 deletions(-)
 create mode 100644 changelog.d/5-internal/refactor-writetime

diff --git a/changelog.d/5-internal/refactor-writetime b/changelog.d/5-internal/refactor-writetime
new file mode 100644
index 0000000000..fb0f680472
--- /dev/null
+++ b/changelog.d/5-internal/refactor-writetime
@@ -0,0 +1 @@
+Refactor Writetime from Int64 to wrapper of UTCTime
diff --git a/libs/cassandra-util/src/Cassandra/Util.hs b/libs/cassandra-util/src/Cassandra/Util.hs
index 062d9913a9..1b033038da 100644
--- a/libs/cassandra-util/src/Cassandra/Util.hs
+++ b/libs/cassandra-util/src/Cassandra/Util.hs
@@ -14,28 +14,28 @@
 --
 -- You should have received a copy of the GNU Affero General Public License along
 -- with this program. If not, see <https://www.gnu.org/licenses/>.
+{-# LANGUAGE NumericUnderscores #-}
 
 module Cassandra.Util
-  ( writeTimeToUTC,
-    defInitCassandra,
-    Writetime,
+  ( defInitCassandra,
+    Writetime (..),
+    writetimeToInt64,
   )
 where
 
-import Cassandra (ClientState, Keyspace (Keyspace), init)
+import Cassandra (ClientState, init)
+import Cassandra.CQL
 import Cassandra.Settings (defSettings, setContacts, setKeyspace, setLogger, setPortNumber)
+import Data.Aeson
+import Data.Fixed
 import Data.Text (unpack)
-import Data.Time (UTCTime)
-import Data.Time.Clock.POSIX (posixSecondsToUTCTime)
+import Data.Time (UTCTime, nominalDiffTimeToSeconds)
+import Data.Time.Clock (secondsToNominalDiffTime)
+import Data.Time.Clock.POSIX
 import qualified Database.CQL.IO.Tinylog as CT
 import Imports hiding (init)
 import qualified System.Logger as Log
 
-type Writetime a = Int64
-
-writeTimeToUTC :: Writetime a -> UTCTime
-writeTimeToUTC = posixSecondsToUTCTime . fromIntegral . (`div` 1000000)
-
 defInitCassandra :: Text -> Text -> Word16 -> Log.Logger -> IO ClientState
 defInitCassandra ks h p lg =
   init
@@ -44,3 +44,37 @@ defInitCassandra ks h p lg =
       . setContacts (unpack h) []
       . setKeyspace (Keyspace ks)
     $ defSettings
+
+-- | Read cassandra's writetimes https://docs.datastax.com/en/dse/5.1/cql/cql/cql_using/useWritetime.html
+-- as UTCTime values without any loss of precision
+newtype Writetime a = Writetime {writetimeToUTC :: UTCTime}
+
+instance Cql (Writetime a) where
+  ctype = Tagged BigIntColumn
+  toCql = CqlBigInt . writetimeToInt64
+  fromCql (CqlBigInt n) =
+    pure
+      . Writetime
+      . posixSecondsToUTCTime
+      . secondsToNominalDiffTime
+      . MkFixed
+      . (* 1_000_000)
+      . fromIntegral @Int64 @Integer
+      $ n
+  fromCql _ = Left "Writetime: bigint expected"
+
+-- | This yields the same int as it is returned by WRITETIME()
+writetimeToInt64 :: Writetime a -> Int64
+writetimeToInt64 =
+  fromIntegral @Integer @Int64
+    . (`div` 1_000_000)
+    . unfixed
+    . nominalDiffTimeToSeconds
+    . utcTimeToPOSIXSeconds
+    . writetimeToUTC
+  where
+    unfixed :: Fixed a -> Integer
+    unfixed (MkFixed n) = n
+
+instance ToJSON (Writetime a) where
+  toJSON = toJSON . writetimeToInt64
diff --git a/services/brig/src/Brig/User/Search/Index.hs b/services/brig/src/Brig/User/Search/Index.hs
index 8dfc420437..bd460bee31 100644
--- a/services/brig/src/Brig/User/Search/Index.hs
+++ b/services/brig/src/Brig/User/Search/Index.hs
@@ -62,6 +62,7 @@ import Brig.Types.Intra
 import Brig.Types.Search (SearchVisibilityInbound, defaultSearchVisibilityInbound, searchVisibilityInboundFromFeatureStatus)
 import Brig.User.Search.Index.Types as Types
 import qualified Cassandra as C
+import Cassandra.Util
 import Control.Lens hiding ((#), (.=))
 import Control.Monad.Catch (MonadCatch, MonadMask, MonadThrow, throwM, try)
 import Control.Monad.Except
@@ -73,7 +74,6 @@ import Data.ByteString.Builder (Builder, toLazyByteString)
 import Data.ByteString.Conversion (toByteString')
 import qualified Data.ByteString.Conversion as Bytes
 import qualified Data.ByteString.Lazy as BL
-import Data.Fixed (Fixed (MkFixed))
 import Data.Handle (Handle)
 import Data.Id
 import qualified Data.Map as Map
@@ -85,8 +85,6 @@ import Data.Text.Encoding (decodeUtf8, encodeUtf8)
 import qualified Data.Text.Lazy as LT
 import Data.Text.Lazy.Builder.Int (decimal)
 import Data.Text.Lens hiding (text)
-import Data.Time (UTCTime, secondsToNominalDiffTime)
-import Data.Time.Clock.POSIX (posixSecondsToUTCTime)
 import qualified Data.UUID as UUID
 import qualified Database.Bloodhound as ES
 import Imports hiding (log, searchable)
@@ -775,12 +773,6 @@ scanForIndex num = do
 
 type Activated = Bool
 
-type Writetime a = Int64
-
--- Note: Writetime is in microseconds (e-6) https://docs.datastax.com/en/dse/5.1/cql/cql/cql_using/useWritetime.html
-writeTimeToUTC :: Writetime a -> UTCTime
-writeTimeToUTC = posixSecondsToUTCTime . secondsToNominalDiffTime . MkFixed . (* 1_000_000) . fromIntegral @Int64 @Integer
-
 type ReindexRow =
   ( UserId,
     Maybe TeamId,
@@ -837,7 +829,20 @@ reindexRowToIndexUser
     )
   searchVisInbound =
     do
-      iu <- mkIndexUser u <$> version [Just tName, tStatus, tHandle, tEmail, Just tColour, Just tActivated, tService, tManagedBy, tSsoId, tEmailUnvalidated]
+      iu <-
+        mkIndexUser u
+          <$> version
+            [ Just (v tName),
+              v <$> tStatus,
+              v <$> tHandle,
+              v <$> tEmail,
+              Just (v tColour),
+              Just (v tActivated),
+              v <$> tService,
+              v <$> tManagedBy,
+              v <$> tSsoId,
+              v <$> tEmailUnvalidated
+            ]
       pure $
         if shouldIndex
           then
@@ -850,7 +855,7 @@ reindexRowToIndexUser
                 . set iuAccountStatus status
                 . set iuSAMLIdP (idpUrl =<< ssoId)
                 . set iuManagedBy managedBy
-                . set iuCreatedAt (Just (writeTimeToUTC tActivated))
+                . set iuCreatedAt (Just (writetimeToUTC tActivated))
                 . set iuSearchVisibilityInbound (Just searchVisInbound)
                 . set iuScimExternalId (join $ User.scimExternalId <$> managedBy <*> ssoId)
                 . set iuSso (sso =<< ssoId)
@@ -861,8 +866,12 @@ reindexRowToIndexUser
               -- It's mostly empty, but having the status here might be useful in the future.
               & set iuAccountStatus status
     where
-      version :: [Maybe (Writetime Name)] -> m IndexVersion
+      v :: Writetime a -> Int64
+      v = writetimeToInt64
+
+      version :: [Maybe Int64] -> m IndexVersion
       version = mkIndexVersion . getMax . mconcat . fmap Max . catMaybes
+
       shouldIndex =
         ( case status of
             Nothing -> True
diff --git a/services/brig/test/integration/API/Internal.hs b/services/brig/test/integration/API/Internal.hs
index c8bc85804b..cc2e3900f1 100644
--- a/services/brig/test/integration/API/Internal.hs
+++ b/services/brig/test/integration/API/Internal.hs
@@ -14,6 +14,7 @@
 --
 -- You should have received a copy of the GNU Affero General Public License along
 -- with this program. If not, see <https://www.gnu.org/licenses/>.
+{-# LANGUAGE NumericUnderscores #-}
 
 module API.Internal
   ( tests,
@@ -28,7 +29,9 @@ import Bilge.Assert
 import Brig.Data.User (lookupFeatureConferenceCalling, lookupStatus, userExists)
 import qualified Brig.Options as Opt
 import Brig.Types.Intra
+import qualified Cassandra as C
 import qualified Cassandra as Cass
+import Cassandra.Util
 import Control.Exception (ErrorCall (ErrorCall), throwIO)
 import Control.Lens ((^.), (^?!))
 import Control.Monad.Catch
@@ -77,7 +80,8 @@ tests opts mgr db brig brigep gundeck galley = do
               test mgr "get,get" $ testKpcGetGet brig,
               test mgr "put,put" $ testKpcPutPut brig,
               test mgr "add key package ref" $ testAddKeyPackageRef brig
-            ]
+            ],
+        test mgr "writetimeToInt64" $ testWritetimeRepresentation opts mgr db brig brigep galley
       ]
 
 testSuspendUser :: forall m. TestConstraints m => Cass.ClientState -> Brig -> m ()
@@ -370,3 +374,20 @@ getFeatureConfig galley uid = do
 getAllFeatureConfigs :: (MonadIO m, MonadHttp m, HasCallStack) => (Request -> Request) -> UserId -> m ResponseLBS
 getAllFeatureConfigs galley uid = do
   get $ galley . paths ["feature-configs"] . zUser uid
+
+testWritetimeRepresentation :: forall m. TestConstraints m => Opt.Opts -> Manager -> Cass.ClientState -> Brig -> Endpoint -> Galley -> m ()
+testWritetimeRepresentation _ _mgr db brig _brigep _galley = do
+  quid <- userQualifiedId <$> randomUser brig
+  let uid = qUnqualified quid
+
+  ref <- fromJust <$> (runIdentity <$$> Cass.runClient db (C.query1 q1 (C.params C.LocalQuorum (Identity uid))))
+
+  wt <- fromJust <$> (runIdentity <$$> Cass.runClient db (C.query1 q2 (C.params C.LocalQuorum (Identity uid))))
+
+  liftIO $ assertEqual "writetimeToInt64(<fromCql WRITETIME(status)>) does not match WRITETIME(status)" ref (writetimeToInt64 wt)
+  where
+    q1 :: C.PrepQuery C.R (Identity UserId) (Identity Int64)
+    q1 = "SELECT WRITETIME(status) from user where id = ?"
+
+    q2 :: C.PrepQuery C.R (Identity UserId) (Identity (Writetime ()))
+    q2 = "SELECT WRITETIME(status) from user where id = ?"
diff --git a/services/galley/src/Galley/Cassandra/Team.hs b/services/galley/src/Galley/Cassandra/Team.hs
index 1dc85be7a7..ff03dc0062 100644
--- a/services/galley/src/Galley/Cassandra/Team.hs
+++ b/services/galley/src/Galley/Cassandra/Team.hs
@@ -258,7 +258,7 @@ team tid =
     toTeam (u, n, i, k, d, s, st, b, ss) =
       let t = newTeam tid u n i (fromMaybe NonBinding b) & teamIconKey .~ k & teamSplashScreen .~ fromMaybe DefaultIcon ss
           status = if d then PendingDelete else fromMaybe Active s
-       in TeamData t status (writeTimeToUTC <$> st)
+       in TeamData t status (writetimeToUTC <$> st)
 
 teamIdsOf :: UserId -> [TeamId] -> Client [TeamId]
 teamIdsOf usr tids =
diff --git a/tools/db/find-undead/src/Work.hs b/tools/db/find-undead/src/Work.hs
index d7b366efdb..3ab6ca4d74 100644
--- a/tools/db/find-undead/src/Work.hs
+++ b/tools/db/find-undead/src/Work.hs
@@ -23,7 +23,7 @@ module Work where
 
 import Brig.Types.Intra (AccountStatus (..))
 import Cassandra
-import Cassandra.Util (Writetime, writeTimeToUTC)
+import Cassandra.Util (Writetime, writetimeToUTC)
 import Conduit
 import Control.Lens (view, _1, _2)
 import Data.Aeson (FromJSON, (.:))
@@ -72,7 +72,7 @@ logUUID l f (uuid, _, time) =
   Log.info l $
     Log.msg f
       . Log.field "uuid" (show uuid)
-      . Log.field "write time" (show $ writeTimeToUTC <$> time)
+      . Log.field "write time" (show $ writetimeToUTC <$> time)
 
 getScrolled :: (ES.MonadBH m, MonadThrow m) => ES.IndexName -> ES.MappingName -> ConduitM () [UUID] m ()
 getScrolled index mapping = processRes =<< lift (ES.getInitialScroll index mapping esSearch)
diff --git a/tools/db/inconsistencies/src/DanglingHandles.hs b/tools/db/inconsistencies/src/DanglingHandles.hs
index 5a208bd868..613d6deabf 100644
--- a/tools/db/inconsistencies/src/DanglingHandles.hs
+++ b/tools/db/inconsistencies/src/DanglingHandles.hs
@@ -138,8 +138,9 @@ freeHandle l handle = do
     handleDelete = "DELETE FROM user_handle WHERE handle = ?"
 
 checkUser :: Logger -> ClientState -> Handle -> UserId -> Writetime UserId -> Bool -> IO (Maybe HandleInfo)
-checkUser l brig claimedHandle userId handleClaimTime fixClaim = do
+checkUser l brig claimedHandle userId handleClaimTime' fixClaim = do
   maybeDetails <- runClient brig $ getUserDetails userId
+  let handleClaimTime = Writetime . writetimeToUTC $ handleClaimTime'
   case maybeDetails of
     Nothing -> do
       let status = Nothing

From b2d243a2bc665283a9040a4791cda3414928e7df Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Tue, 17 Jan 2023 17:48:36 +0100
Subject: [PATCH 14/38] [SQSERVICES-1848] Flaky test team user search query
 with paging state (#2996)

---
 changelog.d/5-internal/sqservices-1848               | 1 +
 docs/convert/shell.nix                               | 2 +-
 services/brig/src/Brig/User/Search/Index.hs          | 1 -
 services/brig/test/integration/API/Internal.hs       | 1 -
 services/brig/test/integration/API/TeamUserSearch.hs | 2 +-
 5 files changed, 3 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/5-internal/sqservices-1848

diff --git a/changelog.d/5-internal/sqservices-1848 b/changelog.d/5-internal/sqservices-1848
new file mode 100644
index 0000000000..ed89235a80
--- /dev/null
+++ b/changelog.d/5-internal/sqservices-1848
@@ -0,0 +1 @@
+Fixed flaky team user search integration test
diff --git a/docs/convert/shell.nix b/docs/convert/shell.nix
index 130c456c6d..2016f223c2 100644
--- a/docs/convert/shell.nix
+++ b/docs/convert/shell.nix
@@ -1,4 +1,4 @@
-{ pkgs ? import <nixpkgs> {} }:
+{ pkgs ? import <nixpkgs> { } }:
 (pkgs.buildFHSUserEnv {
   name = "pipzone";
   targetPkgs = pkgs: (with pkgs; [
diff --git a/services/brig/src/Brig/User/Search/Index.hs b/services/brig/src/Brig/User/Search/Index.hs
index bd460bee31..28e3b41e5e 100644
--- a/services/brig/src/Brig/User/Search/Index.hs
+++ b/services/brig/src/Brig/User/Search/Index.hs
@@ -1,5 +1,4 @@
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
-{-# LANGUAGE NumericUnderscores #-}
 {-# LANGUAGE StrictData #-}
 
 -- This file is part of the Wire Server implementation.
diff --git a/services/brig/test/integration/API/Internal.hs b/services/brig/test/integration/API/Internal.hs
index cc2e3900f1..f3fbeae676 100644
--- a/services/brig/test/integration/API/Internal.hs
+++ b/services/brig/test/integration/API/Internal.hs
@@ -14,7 +14,6 @@
 --
 -- You should have received a copy of the GNU Affero General Public License along
 -- with this program. If not, see <https://www.gnu.org/licenses/>.
-{-# LANGUAGE NumericUnderscores #-}
 
 module API.Internal
   ( tests,
diff --git a/services/brig/test/integration/API/TeamUserSearch.hs b/services/brig/test/integration/API/TeamUserSearch.hs
index a57301bb0f..10e762aa89 100644
--- a/services/brig/test/integration/API/TeamUserSearch.hs
+++ b/services/brig/test/integration/API/TeamUserSearch.hs
@@ -144,7 +144,7 @@ testEmptyQuerySortedWithPagination :: TestConstraints m => Brig -> m ()
 testEmptyQuerySortedWithPagination brig = do
   (tid, userId -> ownerId, _) <- createPopulatedBindingTeamWithNamesAndHandles brig 20
   refreshIndex brig
-  let teamUserSearch mPs = executeTeamUserSearchWithMaybeState brig tid ownerId (Just "") Nothing (Just SortByRole) (Just SortOrderAsc) (Just $ unsafeRange 10) mPs
+  let teamUserSearch mPs = executeTeamUserSearchWithMaybeState brig tid ownerId (Just "") Nothing Nothing Nothing (Just $ unsafeRange 10) mPs
   searchResultFirst10 <- teamUserSearch Nothing
   searchResultNext10 <- teamUserSearch (searchPagingState searchResultFirst10)
   searchResultLast1 <- teamUserSearch (searchPagingState searchResultNext10)

From c21e6a33f96c670d260a10b3728e5e5892bd7026 Mon Sep 17 00:00:00 2001
From: Paolo Capriotti <paolo@capriotti.io>
Date: Wed, 18 Jan 2023 10:03:32 +0100
Subject: [PATCH 15/38] Fix v3 leak in get-conversation endpoints (#2992)

* Use v2 types in legacy get-conversation endpoints

* Use V3 get-conversation in most tests

* Test get-conversation@v2 endpoint directly

* Use galley v3 in brig's integration tests and RPC
---
 .../1-api-changes/get-conversation-v3-leak    |   1 +
 .../API/Routes/Public/Galley/Conversation.hs  |  20 ++-
 .../brig/src/Brig/Effects/GalleyProvider.hs   |   3 +-
 .../src/Brig/Effects/GalleyProvider/RPC.hs    |  27 +++-
 services/brig/src/Brig/Provider/API.hs        |   6 +-
 .../brig/test/integration/API/Provider.hs     |   6 +-
 .../brig/test/integration/API/User/Auth.hs    |   4 +-
 .../test/integration/API/User/Connection.hs   |  26 +--
 services/brig/test/integration/Util.hs        |   7 -
 .../src/Galley/API/Public/Conversation.hs     |   1 +
 services/galley/test/integration/API.hs       | 148 ++++++++++--------
 .../galley/test/integration/API/Federation.hs |   3 +-
 services/galley/test/integration/API/MLS.hs   |   4 +-
 .../test/integration/API/MessageTimer.hs      |  56 +++----
 services/galley/test/integration/API/Roles.hs |  15 +-
 services/galley/test/integration/API/Teams.hs |   2 +-
 services/galley/test/integration/API/Util.hs  | 131 +++++++---------
 services/galley/test/integration/Main.hs      |   2 +-
 18 files changed, 245 insertions(+), 217 deletions(-)
 create mode 100644 changelog.d/1-api-changes/get-conversation-v3-leak

diff --git a/changelog.d/1-api-changes/get-conversation-v3-leak b/changelog.d/1-api-changes/get-conversation-v3-leak
new file mode 100644
index 0000000000..8f5f313314
--- /dev/null
+++ b/changelog.d/1-api-changes/get-conversation-v3-leak
@@ -0,0 +1 @@
+The unqualified `GET /conversations/:id` endpoint has been removed from API v3, and is restored to the previous behaviour of returning a Conversation using the v2 schema. Similarly, its qualified counterpart `GET /conversations/:domain/:id` now returns a v2 Conversation when accessed through API v2.
diff --git a/libs/wire-api/src/Wire/API/Routes/Public/Galley/Conversation.hs b/libs/wire-api/src/Wire/API/Routes/Public/Galley/Conversation.hs
index 3c877fe475..65dc97b08b 100644
--- a/libs/wire-api/src/Wire/API/Routes/Public/Galley/Conversation.hs
+++ b/libs/wire-api/src/Wire/API/Routes/Public/Galley/Conversation.hs
@@ -102,12 +102,13 @@ type ConversationAPI =
   Named
     "get-unqualified-conversation"
     ( Summary "Get a conversation by ID"
+        :> Until 'V3
         :> CanThrow 'ConvNotFound
         :> CanThrow 'ConvAccessDenied
         :> ZLocalUser
         :> "conversations"
         :> Capture "cnv" ConvId
-        :> Get '[Servant.JSON] Conversation
+        :> MultiVerb1 'GET '[JSON] (VersionedRespond 'V2 200 "Conversation" Conversation)
     )
     :<|> Named
            "get-unqualified-conversation-legalhold-alias"
@@ -120,18 +121,31 @@ type ConversationAPI =
                :> "legalhold"
                :> "conversations"
                :> Capture "cnv" ConvId
-               :> Get '[Servant.JSON] Conversation
+               :> MultiVerb1 'GET '[JSON] (VersionedRespond 'V2 200 "Conversation" Conversation)
+           )
+    :<|> Named
+           "get-conversation@v2"
+           ( Summary "Get a conversation by ID"
+               :> Until 'V3
+               :> MakesFederatedCall 'Galley "get-conversations"
+               :> CanThrow 'ConvNotFound
+               :> CanThrow 'ConvAccessDenied
+               :> ZLocalUser
+               :> "conversations"
+               :> QualifiedCapture "cnv" ConvId
+               :> MultiVerb1 'GET '[JSON] (VersionedRespond 'V2 200 "Conversation" Conversation)
            )
     :<|> Named
            "get-conversation"
            ( Summary "Get a conversation by ID"
+               :> From 'V3
                :> MakesFederatedCall 'Galley "get-conversations"
                :> CanThrow 'ConvNotFound
                :> CanThrow 'ConvAccessDenied
                :> ZLocalUser
                :> "conversations"
                :> QualifiedCapture "cnv" ConvId
-               :> Get '[Servant.JSON] Conversation
+               :> Get '[JSON] Conversation
            )
     :<|> Named
            "get-conversation-roles"
diff --git a/services/brig/src/Brig/Effects/GalleyProvider.hs b/services/brig/src/Brig/Effects/GalleyProvider.hs
index e92c14e720..afbe6b5875 100644
--- a/services/brig/src/Brig/Effects/GalleyProvider.hs
+++ b/services/brig/src/Brig/Effects/GalleyProvider.hs
@@ -7,6 +7,7 @@ import Brig.Team.Types (ShowOrHideInvitationUrl (..))
 import qualified Data.Currency as Currency
 import Data.Id
 import Data.Json.Util (UTCTimeMillis)
+import Data.Qualified
 import qualified Galley.Types.Teams.Intra as Team
 import Imports
 import qualified Network.Wai.Utilities.Error as Wai
@@ -25,7 +26,7 @@ data GalleyProvider m a where
     GalleyProvider m ()
   GetConv ::
     UserId ->
-    ConvId ->
+    Local ConvId ->
     GalleyProvider m (Maybe Conversation)
   GetTeamConv ::
     UserId ->
diff --git a/services/brig/src/Brig/Effects/GalleyProvider/RPC.hs b/services/brig/src/Brig/Effects/GalleyProvider/RPC.hs
index e84ef002e0..a3cb6c2e37 100644
--- a/services/brig/src/Brig/Effects/GalleyProvider/RPC.hs
+++ b/services/brig/src/Brig/Effects/GalleyProvider/RPC.hs
@@ -18,6 +18,7 @@ import Data.Coerce (coerce)
 import qualified Data.Currency as Currency
 import Data.Id
 import Data.Json.Util (UTCTimeMillis)
+import Data.Qualified
 import Data.Range
 import qualified Galley.Types.Teams as Team
 import qualified Galley.Types.Teams.Intra as Team
@@ -27,8 +28,10 @@ import Network.HTTP.Types.Status
 import qualified Network.Wai.Utilities.Error as Wai
 import Polysemy
 import Polysemy.Error
+import Servant.API (toHeader)
 import System.Logger (Msg, field, msg, val)
 import Wire.API.Conversation hiding (Member)
+import Wire.API.Routes.Version
 import Wire.API.Team
 import qualified Wire.API.Team.Conversation as Conv
 import Wire.API.Team.Feature
@@ -84,7 +87,7 @@ createSelfConv u = do
   void $ ServiceRPC.request @'Galley POST req
   where
     req =
-      path "/conversations/self"
+      paths ["v" <> toHeader (maxBound :: Version), "conversations", "self"]
         . zUser u
         . expect2xx
 
@@ -97,12 +100,13 @@ getConv ::
      ]
     r =>
   UserId ->
-  ConvId ->
+  Local ConvId ->
   Sem r (Maybe Conversation)
-getConv usr cnv = do
+getConv usr lcnv = do
   debug $
     remote "galley"
-      . field "conv" (toByteString cnv)
+      . field "domain" (toByteString (tDomain lcnv))
+      . field "conv" (toByteString (tUnqualified lcnv))
       . msg (val "Getting conversation")
   rs <- ServiceRPC.request @'Galley GET req
   case Bilge.statusCode rs of
@@ -110,7 +114,12 @@ getConv usr cnv = do
     _ -> pure Nothing
   where
     req =
-      paths ["conversations", toByteString' cnv]
+      paths
+        [ "v" <> toHeader (maxBound :: Version),
+          "conversations",
+          toByteString' (tDomain lcnv),
+          toByteString' (tUnqualified lcnv)
+        ]
         . zUser usr
         . expect [status200, status404]
 
@@ -137,7 +146,13 @@ getTeamConv usr tid cnv = do
     _ -> pure Nothing
   where
     req =
-      paths ["teams", toByteString' tid, "conversations", toByteString' cnv]
+      paths
+        [ "v" <> toHeader (maxBound :: Version),
+          "teams",
+          toByteString' tid,
+          "conversations",
+          toByteString' cnv
+        ]
         . zUser usr
         . expect [status200, status404]
 
diff --git a/services/brig/src/Brig/Provider/API.hs b/services/brig/src/Brig/Provider/API.hs
index 84ea17a47a..529cc5a776 100644
--- a/services/brig/src/Brig/Provider/API.hs
+++ b/services/brig/src/Brig/Provider/API.hs
@@ -897,7 +897,8 @@ addBot zuid zcon cid add = do
   let pid = addBotProvider add
   let sid = addBotService add
   -- Get the conversation and check preconditions
-  cnv <- lift (liftSem $ GalleyProvider.getConv zuid cid) >>= maybeConvNotFound
+  lcid <- qualifyLocal cid
+  cnv <- lift (liftSem $ GalleyProvider.getConv zuid lcid) >>= maybeConvNotFound
   -- Check that the user is a conversation admin and therefore is allowed to add a bot to this conversation.
   -- Note that this precondition is also checked in the internal galley API,
   -- but by having this check here we prevent any (useless) data to be written to the database
@@ -981,7 +982,8 @@ removeBotH (zusr ::: zcon ::: cid ::: bid) = do
 removeBot :: Members '[GalleyProvider] r => UserId -> ConnId -> ConvId -> BotId -> (Handler r) (Maybe Public.RemoveBotResponse)
 removeBot zusr zcon cid bid = do
   -- Get the conversation and check preconditions
-  cnv <- lift (liftSem $ GalleyProvider.getConv zusr cid) >>= maybeConvNotFound
+  lcid <- qualifyLocal cid
+  cnv <- lift (liftSem $ GalleyProvider.getConv zusr lcid) >>= maybeConvNotFound
   -- Check that the user is a conversation admin and therefore is allowed to remove a bot from the conversation.
   -- Note that this precondition is also checked in the internal galley API.
   -- However, in case we refine the roles model in the future, this check might not be granular enough.
diff --git a/services/brig/test/integration/API/Provider.hs b/services/brig/test/integration/API/Provider.hs
index 02e73d1ce5..93172e6ad6 100644
--- a/services/brig/test/integration/API/Provider.hs
+++ b/services/brig/test/integration/API/Provider.hs
@@ -734,7 +734,7 @@ testDeleteConvBotTeam config db brig galley cannon = withTestService config db b
     svcAssertConvDelete buf quid2 qcid
   -- Check that the conversation no longer exists
   forM_ [uid1, uid2] $ \uid ->
-    getConversation galley uid cid !!! const 404 === statusCode
+    getConversationQualified galley uid qcid !!! const 404 === statusCode
   getBotConv galley bid cid !!! const 404 === statusCode
 
 testDeleteTeamBotTeam :: Config -> DB.ClientState -> Brig -> Galley -> Cannon -> Http ()
@@ -758,7 +758,7 @@ testDeleteTeamBotTeam config db brig galley cannon = withTestService config db b
   forM_ [uid1, uid2] $ \uid -> do
     void $ retryWhileN 20 (/= Intra.Deleted) (getStatus brig uid)
     chkStatus brig uid Intra.Deleted
-    aFewTimes 11 (getConversation galley uid cid) ((== 404) . statusCode)
+    aFewTimes 11 (getConversationQualified galley uid qcid) ((== 404) . statusCode)
   -- Check the bot cannot see the conversation either
   getBotConv galley bid cid !!! const 404 === statusCode
 
@@ -2088,7 +2088,7 @@ testMessageBotUtil quid uc cid pid sid sref buf brig galley cannon = do
     assertEqual "id" cid (bcnv ^. Ext.botConvId)
     assertEqual "members" [OtherMember quid Nothing roleNameWireAdmin] (bcnv ^. Ext.botConvMembers)
   -- The user can identify the bot in the member list
-  mems <- fmap cnvMembers . responseJsonError =<< getConversation galley uid cid
+  mems <- fmap cnvMembers . responseJsonError =<< getConversationQualified galley uid qcid
   let other = listToMaybe (cmOthers mems)
   liftIO $ do
     assertEqual "id" (Just buid) (qUnqualified . omQualifiedId <$> other)
diff --git a/services/brig/test/integration/API/User/Auth.hs b/services/brig/test/integration/API/User/Auth.hs
index 834bd46a69..3005674924 100644
--- a/services/brig/test/integration/API/User/Auth.hs
+++ b/services/brig/test/integration/API/User/Auth.hs
@@ -46,7 +46,7 @@ import Data.Handle (Handle (Handle))
 import Data.Id
 import Data.Misc (PlainTextPassword (..))
 import Data.Proxy
-import Data.Qualified (Qualified (qUnqualified))
+import Data.Qualified
 import Data.Range (unsafeRange)
 import qualified Data.Text as Text
 import Data.Text.Ascii (AsciiChars (validate))
@@ -256,7 +256,7 @@ testNginzLegalHold b g n = do
 
   get (apiVersion "v1" . n . paths ["legalhold", "conversations", toByteString' (qUnqualified qconv)] . header "Authorization" ("Bearer " <> toByteString' t)) !!! const 200 === statusCode
 
-  get (n . paths ["conversations", toByteString' (qUnqualified qconv)] . header "Authorization" ("Bearer " <> toByteString' t)) !!! const 200 === statusCode
+  get (apiVersion "v2" . n . paths ["conversations", toByteString' (qUnqualified qconv)] . header "Authorization" ("Bearer " <> toByteString' t)) !!! const 200 === statusCode
 
 -- | Corner case for 'testNginz': when upgrading a wire backend from the old behavior (setting
 -- cookie domain to eg. @*.wire.com@) to the new behavior (leaving cookie domain empty,
diff --git a/services/brig/test/integration/API/User/Connection.hs b/services/brig/test/integration/API/User/Connection.hs
index d7f0bcd432..f25a2f594d 100644
--- a/services/brig/test/integration/API/User/Connection.hs
+++ b/services/brig/test/integration/API/User/Connection.hs
@@ -178,11 +178,11 @@ testCreateMutualConnections brig galley = do
   assertConnections brig uid2 [ConnectionStatus uid2 uid1 Accepted]
   case responseJsonMaybe rsp >>= ucConvId of
     Nothing -> liftIO $ assertFailure "incomplete connection"
-    Just (Qualified cnv _) -> do
-      getConversation galley uid1 cnv !!! do
+    Just qcnv -> do
+      getConversationQualified galley uid1 qcnv !!! do
         const 200 === statusCode
         const (Just One2OneConv) === fmap cnvType . responseJsonMaybe
-      getConversation galley uid2 cnv !!! do
+      getConversationQualified galley uid2 qcnv !!! do
         const 200 === statusCode
         const (Just One2OneConv) === fmap cnvType . responseJsonMaybe
 
@@ -304,32 +304,32 @@ testCancelConnection2 brig galley = do
   rsp <- putConnection brig uid1 uid2 Cancelled <!! const 200 === statusCode
   assertConnections brig uid1 [ConnectionStatus uid1 uid2 Cancelled]
   assertConnections brig uid2 [ConnectionStatus uid2 uid1 Cancelled]
-  let Just (Qualified cnv _) = ucConvId =<< responseJsonMaybe rsp
+  let Just qcnv = ucConvId =<< responseJsonMaybe rsp
   -- A cannot see the conversation (due to cancelling)
-  getConversation galley uid1 cnv !!! do
+  getConversationQualified galley uid1 qcnv !!! do
     const 403 === statusCode
   -- B cannot see the conversation
-  getConversation galley uid2 cnv !!! const 403 === statusCode
+  getConversationQualified galley uid2 qcnv !!! const 403 === statusCode
   -- B initiates a connection request himself
   postConnection brig uid2 uid1 !!! const 200 === statusCode
   assertConnections brig uid2 [ConnectionStatus uid2 uid1 Sent]
   assertConnections brig uid1 [ConnectionStatus uid1 uid2 Pending]
   -- B is now a current member of the connect conversation
-  getConversation galley uid2 cnv !!! do
+  getConversationQualified galley uid2 qcnv !!! do
     const 200 === statusCode
     const (Just ConnectConv) === \rs -> do
       conv <- responseJsonMaybe rs
       Just (cnvType conv)
   -- A is a past member, cannot see the conversation
-  getConversation galley uid1 cnv !!! do
+  getConversationQualified galley uid1 qcnv !!! do
     const 403 === statusCode
   -- A finally accepts
   putConnection brig uid1 uid2 Accepted !!! const 200 === statusCode
   assertConnections brig uid1 [ConnectionStatus uid1 uid2 Accepted]
   assertConnections brig uid2 [ConnectionStatus uid2 uid1 Accepted]
-  getConversation galley uid1 cnv !!! do
+  getConversationQualified galley uid1 qcnv !!! do
     const 200 === statusCode
-  getConversation galley uid2 cnv !!! do
+  getConversationQualified galley uid2 qcnv !!! do
     const 200 === statusCode
 
 testCancelConnectionQualified2 :: Brig -> Galley -> Http ()
@@ -483,10 +483,10 @@ testBlockAndResendConnection brig galley = do
   assertConnections brig uid1 [ConnectionStatus uid1 uid2 Accepted]
   assertConnections brig uid2 [ConnectionStatus uid2 uid1 Blocked]
   -- B never accepted and thus does not see the conversation
-  let Just (Qualified cnv _) = ucConvId =<< responseJsonMaybe rsp
-  getConversation galley uid2 cnv !!! const 403 === statusCode
+  let Just qcnv = ucConvId =<< responseJsonMaybe rsp
+  getConversationQualified galley uid2 qcnv !!! const 403 === statusCode
   -- A can see the conversation and is a current member
-  getConversation galley uid1 cnv !!! do
+  getConversationQualified galley uid1 qcnv !!! do
     const 200 === statusCode
 
 testBlockAndResendConnectionQualified :: Brig -> Galley -> Http ()
diff --git a/services/brig/test/integration/Util.hs b/services/brig/test/integration/Util.hs
index 649195714d..37cfac2e5e 100644
--- a/services/brig/test/integration/Util.hs
+++ b/services/brig/test/integration/Util.hs
@@ -710,13 +710,6 @@ getTeamMember u tid galley =
           . expect2xx
       )
 
-getConversation :: (MonadIO m, MonadHttp m) => Galley -> UserId -> ConvId -> m ResponseLBS
-getConversation galley usr cnv =
-  get $
-    galley
-      . paths ["conversations", toByteString' cnv]
-      . zAuthAccess usr "conn"
-
 getConversationQualified :: (MonadIO m, MonadHttp m) => Galley -> UserId -> Qualified ConvId -> m ResponseLBS
 getConversationQualified galley usr cnv =
   get $
diff --git a/services/galley/src/Galley/API/Public/Conversation.hs b/services/galley/src/Galley/API/Public/Conversation.hs
index c080d83b04..800c9f4654 100644
--- a/services/galley/src/Galley/API/Public/Conversation.hs
+++ b/services/galley/src/Galley/API/Public/Conversation.hs
@@ -32,6 +32,7 @@ conversationAPI :: API ConversationAPI GalleyEffects
 conversationAPI =
   mkNamedAPI @"get-unqualified-conversation" getUnqualifiedConversation
     <@> mkNamedAPI @"get-unqualified-conversation-legalhold-alias" getUnqualifiedConversation
+    <@> mkNamedAPI @"get-conversation@v2" (callsFed getConversation)
     <@> mkNamedAPI @"get-conversation" (callsFed getConversation)
     <@> mkNamedAPI @"get-conversation-roles" getConversationRoles
     <@> mkNamedAPI @"get-group-info" (callsFed getGroupInfo)
diff --git a/services/galley/test/integration/API.hs b/services/galley/test/integration/API.hs
index f193cbfee6..7c001655ca 100644
--- a/services/galley/test/integration/API.hs
+++ b/services/galley/test/integration/API.hs
@@ -98,6 +98,8 @@ import Wire.API.Message
 import qualified Wire.API.Message as Message
 import Wire.API.Routes.MultiTablePaging
 import Wire.API.Routes.Named
+import Wire.API.Routes.Version
+import Wire.API.Routes.Versioned
 import qualified Wire.API.Team.Feature as Public
 import qualified Wire.API.Team.Member as Teams
 import Wire.API.User
@@ -125,6 +127,7 @@ tests s =
         "Main Conversations API"
         [ test s "status" status,
           test s "metrics" metrics,
+          test s "fetch conversation by qualified ID (v2)" testGetConvQualifiedV2,
           test s "create Proteus conversation" postProteusConvOk,
           test s "create conversation with remote users" postConvWithRemoteUsersOk,
           test s "get empty conversations" getConvsOk,
@@ -270,24 +273,46 @@ metrics = do
     -- Should contain the request duration metric in its output
     const (Just "TYPE http_request_duration_seconds histogram") =~= responseBody
 
+testGetConvQualifiedV2 :: TestM ()
+testGetConvQualifiedV2 = do
+  alice <- randomUser
+  bob <- randomUser
+  connectUsers alice (list1 bob [])
+  conv <-
+    responseJsonError
+      =<< postConvQualified
+        alice
+        defNewProteusConv
+          { newConvUsers = [bob]
+          }
+        <!! const 201 === statusCode
+  let qcnv = cnvQualifiedId conv
+  conv' <-
+    fmap (unVersioned @'V2) . responseJsonError
+      =<< getConvQualifiedV2 alice qcnv
+        <!! const 200 === statusCode
+  liftIO $ conv @=? conv'
+
 postProteusConvOk :: TestM ()
 postProteusConvOk = do
   c <- view tsCannon
-  qalice <- randomQualifiedUser
-  let alice = qUnqualified qalice
-  bob <- randomUser
-  jane <- randomUser
+  (alice, qalice) <- randomUserTuple
+  (bob, qbob) <- randomUserTuple
+  (jane, qjane) <- randomUserTuple
   connectUsers alice (list1 bob [jane])
   let nameMaxSize = T.replicate 256 "a"
   WS.bracketR3 c alice bob jane $ \(wsA, wsB, wsJ) -> do
     rsp <-
       postConv alice [bob, jane] (Just nameMaxSize) [] Nothing Nothing
         <!! const 201 === statusCode
-    cid <- assertConv rsp RegularConv alice qalice [bob, jane] (Just nameMaxSize) Nothing
+    qcid <- assertConv rsp RegularConv alice qalice [qbob, qjane] (Just nameMaxSize) Nothing
+    let cid = qUnqualified qcid
     cvs <- mapM (convView cid) [alice, bob, jane]
     liftIO $ mapM_ WS.assertSuccess =<< Async.mapConcurrently (checkWs qalice) (zip cvs [wsA, wsB, wsJ])
   where
-    convView cnv usr = responseJsonUnsafeWithMsg "conversation" <$> getConv usr cnv
+    convView cnv usr = do
+      r <- getConv usr cnv <!! const 200 === statusCode
+      unVersioned @'V2 <$> responseJsonError r
     checkWs qalice (cnv, ws) = WS.awaitMatch (5 # Second) ws $ \n -> do
       ntfTransient n @?= False
       let e = List1.head (WS.unpackPayload n)
@@ -318,7 +343,8 @@ postConvWithRemoteUsersOk = do
       withTempMockFederator (const ()) $
         postConvQualified alice defNewProteusConv {newConvName = checked nameMaxSize, newConvQualifiedUsers = [qAlex, qAmy, qChad, qCharlie, qDee]}
           <!! const 201 === statusCode
-    cid <- assertConvQualified rsp RegularConv alice qAlice [qAlex, qAmy, qChad, qCharlie, qDee] (Just nameMaxSize) Nothing
+    qcid <- assertConv rsp RegularConv alice qAlice [qAlex, qAmy, qChad, qCharlie, qDee] (Just nameMaxSize) Nothing
+    let cid = qUnqualified qcid
     cvs <- mapM (convView cid) [alice, alex, amy]
     liftIO $ mapM_ WS.assertSuccess =<< Async.mapConcurrently (checkWs qAlice) (zip cvs [wsAlice, wsAlex, wsAmy])
 
@@ -344,7 +370,9 @@ postConvWithRemoteUsersOk = do
       dFedReqBody @?= cFedReqBody
   where
     toOtherMember qid = OtherMember qid Nothing roleNameWireAdmin
-    convView cnv usr = responseJsonUnsafeWithMsg "conversation" <$> getConv usr cnv
+    convView cnv usr = do
+      r <- getConv usr cnv <!! const 200 === statusCode
+      unVersioned @'V2 <$> responseJsonError r
     checkWs qalice (cnv, ws) = WS.awaitMatch (5 # Second) ws $ \n -> do
       ntfTransient n @?= False
       let e = List1.head (WS.unpackPayload n)
@@ -2141,14 +2169,13 @@ postSelfConvOk = do
 
 postO2OConvOk :: TestM ()
 postO2OConvOk = do
-  qalice <- randomQualifiedUser
-  let alice = qUnqualified qalice
-  bob <- randomUser
+  (alice, qalice) <- randomUserTuple
+  (bob, qbob) <- randomUserTuple
   connectUsers alice (singleton bob)
   a <- postO2OConv alice bob Nothing <!! const 200 === statusCode
   c <- postO2OConv alice bob Nothing <!! const 200 === statusCode
-  aId <- assertConv a One2OneConv alice qalice [bob] Nothing Nothing
-  cId <- assertConv c One2OneConv alice qalice [bob] Nothing Nothing
+  aId <- assertConv a One2OneConv alice qalice [qbob] Nothing Nothing
+  cId <- assertConv c One2OneConv alice qalice [qbob] Nothing Nothing
   liftIO $ aId @=? cId
 
 postConvO2OFailWithSelf :: TestM ()
@@ -2190,12 +2217,12 @@ putConvAcceptOk :: TestM ()
 putConvAcceptOk = do
   alice <- randomUser
   bob <- randomUser
-  cnv <- decodeConvId <$> postConnectConv alice bob "Alice" "come to zeta!" Nothing
-  putConvAccept bob cnv !!! const 200 === statusCode
-  getConv alice cnv !!! do
+  qcnv <- decodeQualifiedConvId <$> postConnectConv alice bob "Alice" "come to zeta!" Nothing
+  putConvAccept bob (qUnqualified qcnv) !!! const 200 === statusCode
+  getConvQualified alice qcnv !!! do
     const 200 === statusCode
     const (Just One2OneConv) === fmap cnvType . responseJsonUnsafe
-  getConv bob cnv !!! do
+  getConvQualified bob qcnv !!! do
     const 200 === statusCode
     const (Just One2OneConv) === fmap cnvType . responseJsonUnsafe
 
@@ -2223,7 +2250,7 @@ postMutualConnectConvOk = do
       <!! const 200 === statusCode
   -- The connect conversation was simply accepted, thus the
   -- conversation name and message sent in Bob's request ignored.
-  bcId <- assertConv bc One2OneConv alice qbob [alice] (Just "A") Nothing
+  bcId <- assertConv bc One2OneConv alice qbob [qalice] (Just "A") Nothing
   liftIO $ acId @=? bcId
 
 postRepeatConnectConvCancel :: TestM ()
@@ -2258,16 +2285,17 @@ postRepeatConnectConvCancel = do
     Just "B" @=? cnvName cnv3
     privateAccess @=? cnvAccess cnv3
   -- Bob accepting is a no-op, since he is already a member
-  let convId = qUnqualified . cnvQualifiedId $ cnv
+  let qconvId = cnvQualifiedId cnv
+  let convId = qUnqualified qconvId
   putConvAccept bob convId !!! const 200 === statusCode
-  cnvX <- responseJsonUnsafeWithMsg "conversation" <$> getConv bob convId
+  cnvX <- responseJsonUnsafeWithMsg "conversation" <$> getConvQualified bob qconvId
   liftIO $ do
     ConnectConv @=? cnvType cnvX
     Just "B" @=? cnvName cnvX
     privateAccess @=? cnvAccess cnvX
   -- Alice accepts, finally turning it into a 1-1
   putConvAccept alice convId !!! const 200 === statusCode
-  cnv4 <- responseJsonUnsafeWithMsg "conversation" <$> getConv alice convId
+  cnv4 <- responseJsonUnsafeWithMsg "conversation" <$> getConvQualified alice qconvId
   liftIO $ do
     One2OneConv @=? cnvType cnv4
     Just "B" @=? cnvName cnv4
@@ -2286,29 +2314,30 @@ putBlockConvOk = do
   alice <- randomUser
   bob <- randomUser
   conv <- responseJsonUnsafeWithMsg "conversation" <$> postConnectConv alice bob "Alice" "connect with me!" (Just "me@me.com")
-  let convId = qUnqualified . cnvQualifiedId $ conv
-  getConv alice convId !!! const 200 === statusCode
-  getConv bob convId !!! const 403 === statusCode
+  let qconvId = cnvQualifiedId conv
+  let convId = qUnqualified qconvId
+  getConvQualified alice qconvId !!! const 200 === statusCode
+  getConvQualified bob qconvId !!! const 403 === statusCode
   put (g . paths ["/i/conversations", toByteString' convId, "block"] . zUser bob)
     !!! const 200 === statusCode
   -- A is still the only member of the 1-1
-  getConv alice convId !!! do
+  getConvQualified alice qconvId !!! do
     const 200 === statusCode
     const (cnvMembers conv) === cnvMembers . responseJsonUnsafeWithMsg "conversation"
   -- B accepts the conversation by unblocking
   put (g . paths ["/i/conversations", toByteString' convId, "unblock"] . zUser bob)
     !!! const 200 === statusCode
-  getConv bob convId !!! const 200 === statusCode
+  getConvQualified bob qconvId !!! const 200 === statusCode
   -- B blocks A in the 1-1
   put (g . paths ["/i/conversations", toByteString' convId, "block"] . zUser bob)
     !!! const 200 === statusCode
   -- B no longer sees the 1-1
-  getConv bob convId !!! const 403 === statusCode
+  getConvQualified bob qconvId !!! const 403 === statusCode
   -- B unblocks A in the 1-1
   put (g . paths ["/i/conversations", toByteString' convId, "unblock"] . zUser bob)
     !!! const 200 === statusCode
   -- B sees the blocked 1-1 again
-  getConv bob convId !!! do
+  getConvQualified bob qconvId !!! do
     const 200 === statusCode
 
 getConvOk :: TestM ()
@@ -2677,7 +2706,8 @@ testAddRemoteMemberFederationDisabled :: TestM ()
 testAddRemoteMemberFederationDisabled = do
   alice <- randomUser
   remoteBob <- flip Qualified (Domain "some-remote-backend.example.com") <$> randomId
-  convId <- decodeConvId <$> postConv alice [] (Just "remote gossip") [] Nothing Nothing
+  qconvId <- decodeQualifiedConvId <$> postConv alice [] (Just "remote gossip") [] Nothing Nothing
+  let convId = qUnqualified qconvId
   connectWithRemoteUser alice remoteBob
 
   -- federator endpoint not configured is equivalent to federation being disabled
@@ -2689,14 +2719,15 @@ testAddRemoteMemberFederationDisabled = do
       const (Right "federation-not-enabled") === fmap label . responseJsonEither
 
   -- the member is not actually added to the conversation
-  conv <- responseJsonError =<< getConv alice convId <!! const 200 === statusCode
+  conv <- responseJsonError =<< getConvQualified alice qconvId <!! const 200 === statusCode
   liftIO $ map omQualifiedId (cmOthers (cnvMembers conv)) @?= []
 
 testAddRemoteMemberFederationUnavailable :: TestM ()
 testAddRemoteMemberFederationUnavailable = do
   alice <- randomUser
   remoteBob <- flip Qualified (Domain "some-remote-backend.example.com") <$> randomId
-  convId <- decodeConvId <$> postConv alice [] (Just "remote gossip") [] Nothing Nothing
+  qconvId <- decodeQualifiedConvId <$> postConv alice [] (Just "remote gossip") [] Nothing Nothing
+  let convId = qUnqualified qconvId
   connectWithRemoteUser alice remoteBob
 
   -- federator endpoint being configured in brig and/or galley, but not being
@@ -2711,7 +2742,7 @@ testAddRemoteMemberFederationUnavailable = do
 
   -- in this case, we discover that federation is unavailable too late, and the
   -- member has already been added to the conversation
-  conv <- responseJsonError =<< getConv alice convId <!! const 200 === statusCode
+  conv <- responseJsonError =<< getConvQualified alice qconvId <!! const 200 === statusCode
   liftIO $ map omQualifiedId (cmOthers (cnvMembers conv)) @?= [remoteBob]
 
 postMembersOk :: TestM ()
@@ -3381,7 +3412,7 @@ putMemberOk update = do
           assertEqual "hidden_ref" (mupHiddenRef update) (misHiddenRef mis)
         x -> assertFailure $ "Unexpected event data: " ++ show x
   -- Verify new member state
-  rs <- getConv bob conv <!! const 200 === statusCode
+  rs <- getConvQualified bob qconv <!! const 200 === statusCode
   let bob' = cmSelf . cnvMembers <$> responseJsonUnsafe rs
   liftIO $ do
     assertBool "user" (isJust bob')
@@ -3496,13 +3527,13 @@ putReceiptModeOk = do
   let qcnv = Qualified cnv (qDomain qalice)
   WS.bracketR3 c alice bob jane $ \(_wsA, wsB, _wsJ) -> do
     -- By default, nothing is set
-    getConv alice cnv !!! do
+    getConvQualified alice qcnv !!! do
       const 200 === statusCode
       const (Just Nothing) === fmap cnvReceiptMode . responseJsonUnsafe
     -- Set receipt mode
     putReceiptMode alice cnv (ReceiptMode 0) !!! const 200 === statusCode
     -- Ensure the field is properly set
-    getConv alice cnv !!! do
+    getConvQualified alice qcnv !!! do
       const 200 === statusCode
       const (Just $ Just (ReceiptMode 0)) === fmap cnvReceiptMode . responseJsonUnsafe
     void . liftIO $ checkWs qalice (qcnv, wsB)
@@ -3511,11 +3542,11 @@ putReceiptModeOk = do
     -- No event should have been generated
     WS.assertNoEvent (1 # Second) [wsB]
     -- Ensure that the new field remains unchanged
-    getConv alice cnv !!! do
+    getConvQualified alice qcnv !!! do
       const 200 === statusCode
       const (Just $ Just (ReceiptMode 0)) === fmap cnvReceiptMode . responseJsonUnsafe
-  cnv' <- decodeConvId <$> postConvWithReceipt alice [bob, jane] (Just "gossip") [] Nothing Nothing (ReceiptMode 0)
-  getConv alice cnv' !!! do
+  qcnv' <- decodeQualifiedConvId <$> postConvWithReceipt alice [bob, jane] (Just "gossip") [] Nothing Nothing (ReceiptMode 0)
+  getConvQualified alice qcnv' !!! do
     const 200 === statusCode
     const (Just (Just (ReceiptMode 0))) === fmap cnvReceiptMode . responseJsonUnsafe
   where
@@ -3775,11 +3806,9 @@ removeUserNoFederation = do
 
   connectUsers alice' (list1 bob' [carl'])
 
-  conv1 <- decodeConvId <$> postConv alice' [bob'] (Just "gossip") [] Nothing Nothing
-  conv2 <- decodeConvId <$> postConv alice' [bob', carl'] (Just "gossip2") [] Nothing Nothing
-  conv3 <- decodeConvId <$> postConv alice' [carl'] (Just "gossip3") [] Nothing Nothing
-  let qconv1 = Qualified conv1 (qDomain bob)
-      qconv2 = Qualified conv2 (qDomain bob)
+  qconv1 <- decodeQualifiedConvId <$> postConv alice' [bob'] (Just "gossip") [] Nothing Nothing
+  qconv2 <- decodeQualifiedConvId <$> postConv alice' [bob', carl'] (Just "gossip2") [] Nothing Nothing
+  qconv3 <- decodeQualifiedConvId <$> postConv alice' [carl'] (Just "gossip3") [] Nothing Nothing
 
   WS.bracketR3 c alice' bob' carl' $ \(wsA, wsB, wsC) -> do
     deleteUser bob' !!! const 200 === statusCode
@@ -3791,9 +3820,9 @@ removeUserNoFederation = do
       WS.assertMatchN (5 # Second) [wsA, wsB, wsC] $
         wsAssertMembersLeave qconv2 bob [bob]
   -- Check memberships
-  mems1 <- fmap cnvMembers . responseJsonUnsafe <$> getConv alice' conv1
-  mems2 <- fmap cnvMembers . responseJsonUnsafe <$> getConv alice' conv2
-  mems3 <- fmap cnvMembers . responseJsonUnsafe <$> getConv alice' conv3
+  mems1 <- fmap cnvMembers . responseJsonUnsafe <$> getConvQualified alice' qconv1
+  mems2 <- fmap cnvMembers . responseJsonUnsafe <$> getConvQualified alice' qconv2
+  mems3 <- fmap cnvMembers . responseJsonUnsafe <$> getConvQualified alice' qconv3
   let other u = find ((== u) . omQualifiedId) . cmOthers
   liftIO $ do
     (mems1 >>= other bob) @?= Nothing
@@ -3828,17 +3857,14 @@ removeUser = do
   connectWithRemoteUser alice' dwight
   connectWithRemoteUser alexDel' dory
 
-  convA1 <- decodeConvId <$> postConv alice' [alexDel'] (Just "gossip") [] Nothing Nothing
-  convA2 <- decodeConvId <$> postConvWithRemoteUsers alice' defNewProteusConv {newConvQualifiedUsers = [alexDel, amy, berta, dwight]}
-  convA3 <- decodeConvId <$> postConv alice' [amy'] (Just "gossip3") [] Nothing Nothing
-  convA4 <- decodeConvId <$> postConvWithRemoteUsers alice' defNewProteusConv {newConvQualifiedUsers = [alexDel, bart, carl]}
+  qconvA1 <- decodeQualifiedConvId <$> postConv alice' [alexDel'] (Just "gossip") [] Nothing Nothing
+  qconvA2 <- decodeQualifiedConvId <$> postConvWithRemoteUsers alice' defNewProteusConv {newConvQualifiedUsers = [alexDel, amy, berta, dwight]}
+  qconvA3 <- decodeQualifiedConvId <$> postConv alice' [amy'] (Just "gossip3") [] Nothing Nothing
+  qconvA4 <- decodeQualifiedConvId <$> postConvWithRemoteUsers alice' defNewProteusConv {newConvQualifiedUsers = [alexDel, bart, carl]}
   convB1 <- randomId -- a remote conversation at 'bDomain' that Alice, AlexDel and Bart will be in
   convB2 <- randomId -- a remote conversation at 'bDomain' that AlexDel and Bart will be in
   convC1 <- randomId -- a remote conversation at 'cDomain' that AlexDel and Carl will be in
   convD1 <- randomId -- a remote conversation at 'cDomain' that AlexDel and Dory will be in
-  let qconvA1 = Qualified convA1 (qDomain alexDel)
-      qconvA2 = Qualified convA2 (qDomain alexDel)
-
   now <- liftIO getCurrentTime
   fedGalleyClient <- view tsFedGalleyClient
   let nc cid creator quids =
@@ -3912,12 +3938,12 @@ removeUser = do
       let bConvUpdateRPCs = filter (matchFedRequest bDomain "on-conversation-updated") fedRequests
       bConvUpdates <- mapM (assertRight . eitherDecode . frBody) bConvUpdateRPCs
 
-      bConvUpdatesA2 <- assertOne $ filter (\cu -> cuConvId cu == convA2) bConvUpdates
+      bConvUpdatesA2 <- assertOne $ filter (\cu -> cuConvId cu == qUnqualified qconvA2) bConvUpdates
       cuOrigUserId bConvUpdatesA2 @?= alexDel
       cuAction bConvUpdatesA2 @?= SomeConversationAction (sing @'ConversationLeaveTag) ()
       cuAlreadyPresentUsers bConvUpdatesA2 @?= [qUnqualified berta]
 
-      bConvUpdatesA4 <- assertOne $ filter (\cu -> cuConvId cu == convA4) bConvUpdates
+      bConvUpdatesA4 <- assertOne $ filter (\cu -> cuConvId cu == qUnqualified qconvA4) bConvUpdates
       cuOrigUserId bConvUpdatesA4 @?= alexDel
       cuAction bConvUpdatesA4 @?= SomeConversationAction (sing @'ConversationLeaveTag) ()
       cuAlreadyPresentUsers bConvUpdatesA4 @?= [qUnqualified bart]
@@ -3925,7 +3951,7 @@ removeUser = do
     liftIO $ do
       cConvUpdateRPC <- assertOne $ filter (matchFedRequest cDomain "on-conversation-updated") fedRequests
       Right convUpdate <- pure . eitherDecode . frBody $ cConvUpdateRPC
-      cuConvId convUpdate @?= convA4
+      cuConvId convUpdate @?= qUnqualified qconvA4
       cuOrigUserId convUpdate @?= alexDel
       cuAction convUpdate @?= SomeConversationAction (sing @'ConversationLeaveTag) ()
       cuAlreadyPresentUsers convUpdate @?= [qUnqualified carl]
@@ -3933,16 +3959,16 @@ removeUser = do
     liftIO $ do
       dConvUpdateRPC <- assertOne $ filter (matchFedRequest dDomain "on-conversation-updated") fedRequests
       Right convUpdate <- pure . eitherDecode . frBody $ dConvUpdateRPC
-      cuConvId convUpdate @?= convA2
+      cuConvId convUpdate @?= qUnqualified qconvA2
       cuOrigUserId convUpdate @?= alexDel
       cuAction convUpdate @?= SomeConversationAction (sing @'ConversationLeaveTag) ()
       cuAlreadyPresentUsers convUpdate @?= [qUnqualified dwight]
 
   -- Check memberships
-  mems1 <- fmap cnvMembers . responseJsonError =<< getConv alice' convA1
-  mems2 <- fmap cnvMembers . responseJsonError =<< getConv alice' convA2
-  mems3 <- fmap cnvMembers . responseJsonError =<< getConv alice' convA3
-  mems4 <- fmap cnvMembers . responseJsonError =<< getConv alice' convA4
+  mems1 <- fmap cnvMembers . responseJsonError =<< getConvQualified alice' qconvA1
+  mems2 <- fmap cnvMembers . responseJsonError =<< getConvQualified alice' qconvA2
+  mems3 <- fmap cnvMembers . responseJsonError =<< getConvQualified alice' qconvA3
+  mems4 <- fmap cnvMembers . responseJsonError =<< getConvQualified alice' qconvA4
   let findOther u = find ((== u) . omQualifiedId) . cmOthers
   liftIO $ do
     findOther alexDel mems1 @?= Nothing
diff --git a/services/galley/test/integration/API/Federation.hs b/services/galley/test/integration/API/Federation.hs
index 23bb350eed..e33915ce83 100644
--- a/services/galley/test/integration/API/Federation.hs
+++ b/services/galley/test/integration/API/Federation.hs
@@ -1064,8 +1064,7 @@ updateConversationByRemoteAdmin = do
         postConvQualified alice defNewProteusConv {newConvName = checked convName, newConvQualifiedUsers = [qbob, qcharlie]}
           <!! const 201 === statusCode
 
-    cid <- assertConvQualified rsp RegularConv alice qalice [qbob, qcharlie] (Just convName) Nothing
-    let cnv = Qualified cid (qDomain qalice)
+    cnv <- assertConv rsp RegularConv alice qalice [qbob, qcharlie] (Just convName) Nothing
 
     let newReceiptMode = ReceiptMode 41
     let action = SomeConversationAction (sing @'ConversationReceiptModeUpdateTag) (ConversationReceiptModeUpdate newReceiptMode)
diff --git a/services/galley/test/integration/API/MLS.hs b/services/galley/test/integration/API/MLS.hs
index 5379b70180..7b94424cd5 100644
--- a/services/galley/test/integration/API/MLS.hs
+++ b/services/galley/test/integration/API/MLS.hs
@@ -235,8 +235,8 @@ postMLSConvOk = do
     pure rsp !!! do
       const 201 === statusCode
       const Nothing === fmap Wai.label . responseJsonError
-    cid <- assertConv rsp RegularConv alice qalice [] (Just nameMaxSize) Nothing
-    checkConvCreateEvent cid wsA
+    qcid <- assertConv rsp RegularConv alice qalice [] (Just nameMaxSize) Nothing
+    checkConvCreateEvent (qUnqualified qcid) wsA
 
 testSenderNotInConversation :: TestM ()
 testSenderNotInConversation = do
diff --git a/services/galley/test/integration/API/MessageTimer.hs b/services/galley/test/integration/API/MessageTimer.hs
index 3ff97b0061..b464c0b0d8 100644
--- a/services/galley/test/integration/API/MessageTimer.hs
+++ b/services/galley/test/integration/API/MessageTimer.hs
@@ -72,75 +72,71 @@ messageTimerInit ::
   TestM ()
 messageTimerInit mtimer = do
   -- Create a conversation with a timer
-  [alice, bob, jane] <- randomUsers 3
-  qAlice <- Qualified alice <$> viewFederationDomain
+  [(alice, qalice), (bob, qbob), (jane, qjane)] <- replicateM 3 randomUserTuple
   connectUsers alice (list1 bob [jane])
   rsp <-
     postConv alice [bob, jane] Nothing [] Nothing mtimer
       <!! const 201 === statusCode
-  cid <- assertConv rsp RegularConv alice qAlice [bob, jane] Nothing mtimer
+  cid <- assertConv rsp RegularConv alice qalice [qbob, qjane] Nothing mtimer
   -- Check that the timer is indeed what it should be
-  getConv jane cid
+  getConvQualified jane cid
     !!! const mtimer === (cnvMessageTimer <=< responseJsonUnsafe)
 
 messageTimerChange :: TestM ()
 messageTimerChange = do
   -- Create a conversation without a timer
-  [alice, bob, jane] <- randomUsers 3
-  qAlice <- Qualified alice <$> viewFederationDomain
+  [(alice, qalice), (bob, qbob), (jane, qjane)] <- replicateM 3 randomUserTuple
   connectUsers alice (list1 bob [jane])
   rsp <-
     postConv alice [bob, jane] Nothing [] Nothing Nothing
       <!! const 201 === statusCode
-  cid <- assertConv rsp RegularConv alice qAlice [bob, jane] Nothing Nothing
+  qcid <- assertConv rsp RegularConv alice qalice [qbob, qjane] Nothing Nothing
+  let cid = qUnqualified qcid
   -- Set timer to null and observe 204
   putMessageTimerUpdate alice cid (ConversationMessageTimerUpdate Nothing)
     !!! const 204 === statusCode
   -- Set timer to 1 second
   putMessageTimerUpdate alice cid (ConversationMessageTimerUpdate timer1sec)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const timer1sec === (cnvMessageTimer <=< responseJsonUnsafe)
   -- Set timer to null
   putMessageTimerUpdate bob cid (ConversationMessageTimerUpdate Nothing)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const Nothing === (cnvMessageTimer <=< responseJsonUnsafe)
   -- Set timer to 1 year
   putMessageTimerUpdate bob cid (ConversationMessageTimerUpdate timer1year)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const timer1year === (cnvMessageTimer <=< responseJsonUnsafe)
 
 messageTimerChangeQualified :: TestM ()
 messageTimerChangeQualified = do
-  localDomain <- viewFederationDomain
   -- Create a conversation without a timer
-  [alice, bob, jane] <- randomUsers 3
-  qAlice <- Qualified alice <$> viewFederationDomain
+  [(alice, qalice), (bob, qbob), (jane, qjane)] <- replicateM 3 randomUserTuple
   connectUsers alice (list1 bob [jane])
   rsp <-
     postConv alice [bob, jane] Nothing [] Nothing Nothing
       <!! const 201 === statusCode
-  cid <- assertConv rsp RegularConv alice qAlice [bob, jane] Nothing Nothing
-  let qcid = Qualified cid localDomain
+  qcid <- assertConv rsp RegularConv alice qalice [qbob, qjane] Nothing Nothing
   -- Set timer to null and observe 204
   putMessageTimerUpdateQualified alice qcid (ConversationMessageTimerUpdate Nothing)
     !!! const 204 === statusCode
   -- Set timer to 1 second
   putMessageTimerUpdateQualified alice qcid (ConversationMessageTimerUpdate timer1sec)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const timer1sec === (cnvMessageTimer <=< responseJsonUnsafe)
   -- Set timer to null
   putMessageTimerUpdateQualified bob qcid (ConversationMessageTimerUpdate Nothing)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const Nothing === (cnvMessageTimer <=< responseJsonUnsafe)
   -- Set timer to 1 year
   putMessageTimerUpdateQualified bob qcid (ConversationMessageTimerUpdate timer1year)
     !!! const 200 === statusCode
-  getConv jane cid
+  getConvQualified jane qcid
     !!! const timer1year === (cnvMessageTimer <=< responseJsonUnsafe)
 
 messageTimerChangeWithRemotes :: TestM ()
@@ -186,15 +182,16 @@ messageTimerChangeWithoutAllowedAction :: TestM ()
 messageTimerChangeWithoutAllowedAction = do
   -- Create a team and a guest user
   (tid, owner, member : _) <- createBindingTeamWithMembers 2
-  guest <- randomUser
+  (guest, qguest) <- randomUserTuple
   connectUsers owner (list1 guest [])
   -- Create a conversation
   cid <- createTeamConvWithRole owner tid [member, guest] Nothing Nothing Nothing roleNameWireMember
+  let qcid = qguest $> cid
   -- Try to change the timer (as a non admin, guest user) and observe failure
   putMessageTimerUpdate guest cid (ConversationMessageTimerUpdate timer1sec) !!! do
     const 403 === statusCode
     const "action-denied" === (label . responseJsonUnsafeWithMsg "error label")
-  getConv guest cid
+  getConvQualified guest qcid
     !!! const Nothing === (cnvMessageTimer <=< responseJsonUnsafe)
   -- Try to change the timer (as a non admin, team member) and observe failure too
   putMessageTimerUpdate member cid (ConversationMessageTimerUpdate timer1sec) !!! do
@@ -203,43 +200,40 @@ messageTimerChangeWithoutAllowedAction = do
   -- Finally try to change the timer (as an admin) and observe success
   putMessageTimerUpdate owner cid (ConversationMessageTimerUpdate timer1sec) !!! do
     const 200 === statusCode
-  getConv guest cid
+  getConvQualified guest qcid
     !!! const timer1sec === (cnvMessageTimer <=< responseJsonUnsafe)
 
 messageTimerChangeO2O :: TestM ()
 messageTimerChangeO2O = do
   -- Create a 1:1 conversation
-  [alice, bob] <- randomUsers 2
-  qAlice <- Qualified alice <$> viewFederationDomain
+  [(alice, qalice), (bob, qbob)] <- replicateM 2 randomUserTuple
   connectUsers alice (singleton bob)
   rsp <-
     postO2OConv alice bob Nothing
       <!! const 200 === statusCode
-  cid <- assertConv rsp One2OneConv alice qAlice [bob] Nothing Nothing
+  qcid <- assertConv rsp One2OneConv alice qalice [qbob] Nothing Nothing
+  let cid = qUnqualified qcid
   -- Try to change the timer and observe failure
   putMessageTimerUpdate alice cid (ConversationMessageTimerUpdate timer1sec) !!! do
     const 403 === statusCode
     const "invalid-op" === (label . responseJsonUnsafeWithMsg "error label")
-  getConv alice cid
+  getConvQualified alice qcid
     !!! const Nothing === (cnvMessageTimer <=< responseJsonMaybe)
 
 messageTimerEvent :: TestM ()
 messageTimerEvent = do
-  localDomain <- viewFederationDomain
   ca <- view tsCannon
   -- Create a conversation
-  [alice, bob] <- randomUsers 2
-  qAlice <- Qualified alice <$> viewFederationDomain
+  [(alice, qalice), (bob, qbob)] <- replicateM 2 randomUserTuple
   connectUsers alice (singleton bob)
   rsp <-
     postConv alice [bob] Nothing [] Nothing Nothing
       <!! const 201 === statusCode
-  cid <- assertConv rsp RegularConv alice qAlice [bob] Nothing Nothing
+  qcid <- assertConv rsp RegularConv alice qalice [qbob] Nothing Nothing
+  let cid = qUnqualified qcid
   -- Set timer to 1 second and check that all participants got the event
   WS.bracketR2 ca alice bob $ \(wsA, wsB) -> do
     let update = ConversationMessageTimerUpdate timer1sec
-        qcid = Qualified cid localDomain
-        qalice = Qualified alice localDomain
     putMessageTimerUpdate alice cid update
       !!! const 200 === statusCode
     void . liftIO $
diff --git a/services/galley/test/integration/API/Roles.hs b/services/galley/test/integration/API/Roles.hs
index ed769f7d96..b5ed4cb27c 100644
--- a/services/galley/test/integration/API/Roles.hs
+++ b/services/galley/test/integration/API/Roles.hs
@@ -84,8 +84,8 @@ handleConversationRoleAdmin = do
   localDomain <- viewFederationDomain
   c <- view tsCannon
   (alice, qalice) <- randomUserTuple
-  bob <- randomUser
-  chuck <- randomUser
+  (bob, qbob) <- randomUserTuple
+  (chuck, qchuck) <- randomUserTuple
   (eve, qeve) <- randomUserTuple
   (jack, qjack) <- randomUserTuple
   connectUsers alice (list1 bob [chuck, eve, jack])
@@ -94,7 +94,7 @@ handleConversationRoleAdmin = do
   let role = roleNameWireAdmin
   cid <- WS.bracketR3 c alice bob chuck $ \(wsA, wsB, wsC) -> do
     rsp <- postConvWithRole alice [bob, chuck] (Just "gossip") [] Nothing Nothing role
-    void $ assertConvWithRole rsp RegularConv alice qalice [bob, chuck] (Just "gossip") Nothing role
+    void $ assertConvWithRole rsp RegularConv alice qalice [qbob, qchuck] (Just "gossip") Nothing role
     let cid = decodeConvId rsp
         qcid = Qualified cid localDomain
     -- Make sure everyone gets the correct event
@@ -123,10 +123,9 @@ handleConversationRoleMember :: TestM ()
 handleConversationRoleMember = do
   localDomain <- viewFederationDomain
   c <- view tsCannon
-  alice <- randomUser
-  let qalice = Qualified alice localDomain
-  bob <- randomUser
-  chuck <- randomUser
+  (alice, qalice) <- randomUserTuple
+  (bob, qbob) <- randomUserTuple
+  (chuck, qchuck) <- randomUserTuple
   eve <- randomUser
   let qeve = Qualified eve localDomain
   jack <- randomUser
@@ -136,7 +135,7 @@ handleConversationRoleMember = do
   let role = roleNameWireMember
   cid <- WS.bracketR3 c alice bob chuck $ \(wsA, wsB, wsC) -> do
     rsp <- postConvWithRole alice [bob, chuck] (Just "gossip") [] Nothing Nothing role
-    void $ assertConvWithRole rsp RegularConv alice qalice [bob, chuck] (Just "gossip") Nothing role
+    void $ assertConvWithRole rsp RegularConv alice qalice [qbob, qchuck] (Just "gossip") Nothing role
     let cid = decodeConvId rsp
         qcid = Qualified cid localDomain
     -- Make sure everyone gets the correct event
diff --git a/services/galley/test/integration/API/Teams.hs b/services/galley/test/integration/API/Teams.hs
index 72cb13c55b..63c416f644 100644
--- a/services/galley/test/integration/API/Teams.hs
+++ b/services/galley/test/integration/API/Teams.hs
@@ -794,7 +794,7 @@ testCreateTeamMLSConv = do
         Nothing
         Nothing
         Nothing
-    Right conv <- responseJsonError <$> getConv owner (tUnqualified lConvId)
+    Right conv <- responseJsonError <$> getConvQualified owner (tUntagged lConvId)
     liftIO $ do
       assertEqual "protocol mismatch" ProtocolMLSTag (protocolTag (cnvProtocol conv))
     checkConvCreateEvent (tUnqualified lConvId) wsOwner
diff --git a/services/galley/test/integration/API/Util.hs b/services/galley/test/integration/API/Util.hs
index adfc6d1b29..11255a97e0 100644
--- a/services/galley/test/integration/API/Util.hs
+++ b/services/galley/test/integration/API/Util.hs
@@ -1033,12 +1033,43 @@ listConvs u req = do
       . zType "access"
       . json req
 
-getConv :: (MonadIO m, MonadHttp m, HasGalley m, HasCallStack) => UserId -> ConvId -> m ResponseLBS
+getConv ::
+  ( MonadIO m,
+    MonadHttp m,
+    MonadReader TestSetup m,
+    HasCallStack
+  ) =>
+  UserId ->
+  ConvId ->
+  m ResponseLBS
 getConv u c = do
-  g <- viewGalley
+  g <- view tsUnversionedGalley
+  get $
+    g
+      . paths ["v2", "conversations", toByteString' c]
+      . zUser u
+      . zConn "conn"
+      . zType "access"
+
+getConvQualifiedV2 ::
+  ( Monad m,
+    MonadReader TestSetup m,
+    MonadHttp m,
+    MonadIO m
+  ) =>
+  UserId ->
+  Qualified ConvId ->
+  m ResponseLBS
+getConvQualifiedV2 u qcnv = do
+  g <- view tsUnversionedGalley
   get $
     g
-      . paths ["conversations", toByteString' c]
+      . paths
+        [ "v2",
+          "conversations",
+          toByteString' (qDomain qcnv),
+          toByteString' (qUnqualified qcnv)
+        ]
       . zUser u
       . zConn "conn"
       . zType "access"
@@ -1531,61 +1562,13 @@ assertConv ::
   ConvType ->
   UserId ->
   Qualified UserId ->
-  [UserId] ->
+  [Qualified UserId] ->
   Maybe Text ->
   Maybe Milliseconds ->
-  TestM ConvId
+  TestM (Qualified ConvId)
 assertConv r t c s us n mt = assertConvWithRole r t c s us n mt roleNameWireAdmin
 
 assertConvWithRole ::
-  HasCallStack =>
-  Response (Maybe Lazy.ByteString) ->
-  ConvType ->
-  UserId ->
-  Qualified UserId ->
-  [UserId] ->
-  Maybe Text ->
-  Maybe Milliseconds ->
-  RoleName ->
-  TestM ConvId
-assertConvWithRole r t c s us n mt role = do
-  cId <- fromBS $ getHeader' "Location" r
-  let cnv = responseJsonMaybe @Conversation r
-  let _self = cmSelf . cnvMembers <$> cnv
-  let others = cmOthers . cnvMembers <$> cnv
-  liftIO $ do
-    assertEqual "id" (Just cId) (qUnqualified . cnvQualifiedId <$> cnv)
-    assertEqual "name" n (cnv >>= cnvName)
-    assertEqual "type" (Just t) (cnvType <$> cnv)
-    assertEqual "creator" (Just c) (cnvCreator <$> cnv)
-    assertEqual "message_timer" (Just mt) (cnvMessageTimer <$> cnv)
-    assertEqual "self" (Just s) (memId <$> _self)
-    assertEqual "others" (Just . Set.fromList $ us) (Set.fromList . map (qUnqualified . omQualifiedId) . toList <$> others)
-    assertEqual "creator is always and admin" (Just roleNameWireAdmin) (memConvRoleName <$> _self)
-    assertBool "others role" (all (== role) $ maybe (error "Cannot be null") (map omConvRoleName . toList) others)
-    assertBool "otr muted ref not empty" (isNothing (memOtrMutedRef =<< _self))
-    assertBool "otr archived not false" (Just False == (memOtrArchived <$> _self))
-    assertBool "otr archived ref not empty" (isNothing (memOtrArchivedRef =<< _self))
-    case t of
-      SelfConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
-      ConnectConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
-      One2OneConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
-      _ -> pure ()
-  pure cId
-
-assertConvQualified ::
-  HasCallStack =>
-  Response (Maybe Lazy.ByteString) ->
-  ConvType ->
-  UserId ->
-  Qualified UserId ->
-  [Qualified UserId] ->
-  Maybe Text ->
-  Maybe Milliseconds ->
-  TestM ConvId
-assertConvQualified r t c s us n mt = assertConvQualifiedWithRole r t c s us n mt roleNameWireAdmin
-
-assertConvQualifiedWithRole ::
   HasCallStack =>
   Response (Maybe Lazy.ByteString) ->
   ConvType ->
@@ -1595,31 +1578,31 @@ assertConvQualifiedWithRole ::
   Maybe Text ->
   Maybe Milliseconds ->
   RoleName ->
-  TestM ConvId
-assertConvQualifiedWithRole r t c s us n mt role = do
+  TestM (Qualified ConvId)
+assertConvWithRole r t c s us n mt role = do
   cId <- fromBS $ getHeader' "Location" r
-  let cnv = responseJsonMaybe @Conversation r
-  let _self = cmSelf . cnvMembers <$> cnv
-  let others = cmOthers . cnvMembers <$> cnv
+  cnv <- responseJsonError r
+  let _self = cmSelf (cnvMembers cnv)
+  let others = cmOthers (cnvMembers cnv)
   liftIO $ do
-    assertEqual "id" (Just cId) (qUnqualified . cnvQualifiedId <$> cnv)
-    assertEqual "name" n (cnv >>= cnvName)
-    assertEqual "type" (Just t) (cnvType <$> cnv)
-    assertEqual "creator" (Just c) (cnvCreator <$> cnv)
-    assertEqual "message_timer" (Just mt) (cnvMessageTimer <$> cnv)
-    assertEqual "self" (Just s) (memId <$> _self)
-    assertEqual "others" (Just . Set.fromList $ us) (Set.fromList . map omQualifiedId . toList <$> others)
-    assertEqual "creator is always and admin" (Just roleNameWireAdmin) (memConvRoleName <$> _self)
-    assertBool "others role" (all (== role) $ maybe (error "Cannot be null") (map omConvRoleName . toList) others)
-    assertBool "otr muted ref not empty" (isNothing (memOtrMutedRef =<< _self))
-    assertBool "otr archived not false" (Just False == (memOtrArchived <$> _self))
-    assertBool "otr archived ref not empty" (isNothing (memOtrArchivedRef =<< _self))
+    assertEqual "id" cId (qUnqualified (cnvQualifiedId cnv))
+    assertEqual "name" n (cnvName cnv)
+    assertEqual "type" t (cnvType cnv)
+    assertEqual "creator" c (cnvCreator cnv)
+    assertEqual "message_timer" mt (cnvMessageTimer cnv)
+    assertEqual "self" s (memId _self)
+    assertEqual "others" (Set.fromList $ us) (Set.fromList . map omQualifiedId . toList $ others)
+    assertEqual "creator is always and admin" roleNameWireAdmin (memConvRoleName _self)
+    assertBool "others role" (all ((== role) . omConvRoleName) (toList others))
+    assertBool "otr muted ref not empty" (isNothing (memOtrMutedRef _self))
+    assertBool "otr archived not false" (not (memOtrArchived _self))
+    assertBool "otr archived ref not empty" (isNothing (memOtrArchivedRef _self))
     case t of
-      SelfConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
-      ConnectConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
-      One2OneConv -> assertEqual "access" (Just privateAccess) (cnvAccess <$> cnv)
+      SelfConv -> assertEqual "access" privateAccess (cnvAccess cnv)
+      ConnectConv -> assertEqual "access" privateAccess (cnvAccess cnv)
+      One2OneConv -> assertEqual "access" privateAccess (cnvAccess cnv)
       _ -> pure ()
-  pure cId
+  pure (cnvQualifiedId cnv)
 
 wsAssertOtr ::
   HasCallStack =>
diff --git a/services/galley/test/integration/Main.hs b/services/galley/test/integration/Main.hs
index 6907d1ab45..6410cc9fb8 100644
--- a/services/galley/test/integration/Main.hs
+++ b/services/galley/test/integration/Main.hs
@@ -88,7 +88,7 @@ main = withOpenSSL $ runTests go
         "galley"
         [ testCase "sitemap" $
             assertEqual
-              "inconcistent sitemap"
+              "inconsistent sitemap"
               mempty
               (pathsConsistencyCheck . treeToPaths . compile $ Galley.API.sitemap),
           API.tests setup

From 8b2e9afdf5bf79fd1c14492c1b439774e76f4dcb Mon Sep 17 00:00:00 2001
From: Sven Tennie <sven.tennie@wire.com>
Date: Wed, 18 Jan 2023 10:42:22 +0100
Subject: [PATCH 16/38] Update inbucket (fake smtp server) chart dependency
 (#2998)

The prior version relied on an image that has been removed from docker
hub. Thus, our own inbucket chart could not be deployed anymore.
---
 changelog.d/3-bug-fixes/update-inbucket-chart-dependency | 1 +
 charts/inbucket/requirements.yaml                        | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/3-bug-fixes/update-inbucket-chart-dependency

diff --git a/changelog.d/3-bug-fixes/update-inbucket-chart-dependency b/changelog.d/3-bug-fixes/update-inbucket-chart-dependency
new file mode 100644
index 0000000000..63ae2c40a9
--- /dev/null
+++ b/changelog.d/3-bug-fixes/update-inbucket-chart-dependency
@@ -0,0 +1 @@
+Update `inbucket` (fake smtp server) chart dependency: The prior version relied on an image that has been removed from docker hub. Thus, our own `inbucket` chart could not be deployed anymore.
diff --git a/charts/inbucket/requirements.yaml b/charts/inbucket/requirements.yaml
index 2478ba341c..47adf720b7 100644
--- a/charts/inbucket/requirements.yaml
+++ b/charts/inbucket/requirements.yaml
@@ -1,4 +1,4 @@
 dependencies:
 - name: inbucket
-  version: 2.0.1
+  version: 2.1.0
   repository: https://inbucket.github.io/inbucket-community

From 58b761737a449e7a8b781d90434f1ac1a3f0b9d8 Mon Sep 17 00:00:00 2001
From: jschaul <jschaul@users.noreply.github.com>
Date: Thu, 19 Jan 2023 15:10:45 +0100
Subject: [PATCH 17/38] Chart compatibility kubernetes 1.22 (#3002)

* ingress compatibility k8s 1.22 and beyond

See https://kubernetes.io/docs/reference/using-api/deprecation-guide/

* batch api compatibility for k8s >= 1.25

* fixup lost closing parenthesis

* wording

* go templating: don't munch the newline break after a comment
---
 .../0-release-notes/chart-compatibility       |  1 +
 .../templates/_helpers.tpl                    | 10 ---
 charts/inbucket/templates/_helpers.tpl        | 26 ++++++++
 charts/inbucket/templates/ingress.yaml        | 14 +++-
 .../ldap-scim-bridge/templates/_helpers.tpl   | 13 ++++
 .../ldap-scim-bridge/templates/cronjob.yaml   |  2 +-
 charts/legalhold/templates/_helpers.tpl       | 26 ++++++++
 charts/legalhold/templates/ingress.yaml       | 14 +++-
 .../templates/_helpers.tpl                    | 27 ++++++++
 .../templates/ingress.yaml                    | 64 ++++++++++++++++++-
 .../templates/ingress_federator.yaml          | 11 +++-
 charts/sftd/templates/_helpers.tpl            | 27 ++++++++
 charts/sftd/templates/ingress.yaml            | 34 +++++++++-
 13 files changed, 253 insertions(+), 16 deletions(-)
 create mode 100644 changelog.d/0-release-notes/chart-compatibility
 create mode 100644 charts/inbucket/templates/_helpers.tpl
 create mode 100644 charts/ldap-scim-bridge/templates/_helpers.tpl
 create mode 100644 charts/legalhold/templates/_helpers.tpl

diff --git a/changelog.d/0-release-notes/chart-compatibility b/changelog.d/0-release-notes/chart-compatibility
new file mode 100644
index 0000000000..54bf8bf8d0
--- /dev/null
+++ b/changelog.d/0-release-notes/chart-compatibility
@@ -0,0 +1 @@
+wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but keep being compatible with older versions of kubernetes).
diff --git a/charts/elasticsearch-ephemeral/templates/_helpers.tpl b/charts/elasticsearch-ephemeral/templates/_helpers.tpl
index e49dfab7a6..2aa4295dc8 100644
--- a/charts/elasticsearch-ephemeral/templates/_helpers.tpl
+++ b/charts/elasticsearch-ephemeral/templates/_helpers.tpl
@@ -15,13 +15,3 @@ We truncate at 53 chars (63 - len("-discovery")) because some Kubernetes name fi
 {{- printf "%s" $name | trunc 53 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Return the appropriate apiVersion for Curactor cron job.
-*/}}
-{{- define "curator.cronJob.apiVersion" -}}
-{{- if ge .Capabilities.KubeVersion.Minor "8" -}}
-"batch/v1beta1"
-{{- else -}}
-"batch/v2alpha1"
-{{- end -}}
-{{- end -}}
diff --git a/charts/inbucket/templates/_helpers.tpl b/charts/inbucket/templates/_helpers.tpl
new file mode 100644
index 0000000000..c0e9c95498
--- /dev/null
+++ b/charts/inbucket/templates/_helpers.tpl
@@ -0,0 +1,26 @@
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Ingress API Version */}}
+{{- define "ingress.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kubeVersion" .)) -}}
+      {{- print "networking.k8s.io/v1" -}}
+  {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+    {{- print "networking.k8s.io/v1beta1" -}}
+  {{- else -}}
+    {{- print "extensions/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Check Ingress stability */}}
+{{- define "ingress.isStable" -}}
+  {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/* Check Ingress supports pathType */}}
+{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
+{{- define "ingress.supportsPathType" -}}
+  {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kubeVersion" .))) -}}
+{{- end -}}
diff --git a/charts/inbucket/templates/ingress.yaml b/charts/inbucket/templates/ingress.yaml
index 7be2a320c2..c2803b4e00 100644
--- a/charts/inbucket/templates/ingress.yaml
+++ b/charts/inbucket/templates/ingress.yaml
@@ -1,4 +1,6 @@
-apiVersion: extensions/v1beta1
+{{- $apiIsStable := eq (include "ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: "inbucket"
@@ -14,6 +16,16 @@ spec:
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+                {{- if $apiIsStable }}
+                service:
+                  name: {{ include "inbucket.fullname" . }}
+                  port:
+                    name: http
+                {{- else }}
                 serviceName: {{ include "inbucket.fullname" . }}
                 servicePort: http
+                {{- end }}
diff --git a/charts/ldap-scim-bridge/templates/_helpers.tpl b/charts/ldap-scim-bridge/templates/_helpers.tpl
new file mode 100644
index 0000000000..c288d2067d
--- /dev/null
+++ b/charts/ldap-scim-bridge/templates/_helpers.tpl
@@ -0,0 +1,13 @@
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Batch API Version */}}
+{{- define "batch.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "batch/v1") (semverCompare ">= 1.21-0" (include "kubeVersion" .)) -}}
+      {{- print "batch/v1" -}}
+  {{- else -}}
+    {{- print "batch/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/ldap-scim-bridge/templates/cronjob.yaml b/charts/ldap-scim-bridge/templates/cronjob.yaml
index 365fa67eca..3b41131f6b 100644
--- a/charts/ldap-scim-bridge/templates/cronjob.yaml
+++ b/charts/ldap-scim-bridge/templates/cronjob.yaml
@@ -1,4 +1,4 @@
-apiVersion: batch/v1beta1
+apiVersion: {{ include "batch.apiVersion" . }}
 kind: CronJob
 metadata:
   name: {{ .Release.Name }}
diff --git a/charts/legalhold/templates/_helpers.tpl b/charts/legalhold/templates/_helpers.tpl
new file mode 100644
index 0000000000..c0e9c95498
--- /dev/null
+++ b/charts/legalhold/templates/_helpers.tpl
@@ -0,0 +1,26 @@
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Ingress API Version */}}
+{{- define "ingress.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kubeVersion" .)) -}}
+      {{- print "networking.k8s.io/v1" -}}
+  {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+    {{- print "networking.k8s.io/v1beta1" -}}
+  {{- else -}}
+    {{- print "extensions/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Check Ingress stability */}}
+{{- define "ingress.isStable" -}}
+  {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/* Check Ingress supports pathType */}}
+{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
+{{- define "ingress.supportsPathType" -}}
+  {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kubeVersion" .))) -}}
+{{- end -}}
diff --git a/charts/legalhold/templates/ingress.yaml b/charts/legalhold/templates/ingress.yaml
index c6ae51758e..24cfcd9813 100644
--- a/charts/legalhold/templates/ingress.yaml
+++ b/charts/legalhold/templates/ingress.yaml
@@ -1,4 +1,6 @@
-apiVersion: extensions/v1beta1
+{{- $apiIsStable := eq (include "ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: hold
@@ -16,6 +18,16 @@ spec:
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: "{{ .Release.Name }}-hold"
+                port:
+                  number: 8080
+              {{- else }}
               serviceName: "{{ .Release.Name }}-hold"
               servicePort: 8080
+              {{- end }}
diff --git a/charts/nginx-ingress-services/templates/_helpers.tpl b/charts/nginx-ingress-services/templates/_helpers.tpl
index e6480a5834..32f4467617 100644
--- a/charts/nginx-ingress-services/templates/_helpers.tpl
+++ b/charts/nginx-ingress-services/templates/_helpers.tpl
@@ -59,3 +59,30 @@ Returns the Letsencrypt API server URL based on whether testMode is enabled or d
 {{- $hostnameParts = append $hostnameParts "v02" -}}
 {{- join "-" $hostnameParts | printf "https://%s.api.letsencrypt.org/directory" -}}
 {{- end -}}
+
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Ingress API Version */}}
+{{- define "ingress.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kubeVersion" .)) -}}
+      {{- print "networking.k8s.io/v1" -}}
+  {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+    {{- print "networking.k8s.io/v1beta1" -}}
+  {{- else -}}
+    {{- print "extensions/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Check Ingress stability */}}
+{{- define "ingress.isStable" -}}
+  {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/* Check Ingress supports pathType */}}
+{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
+{{- define "ingress.supportsPathType" -}}
+  {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kubeVersion" .))) -}}
+{{- end -}}
diff --git a/charts/nginx-ingress-services/templates/ingress.yaml b/charts/nginx-ingress-services/templates/ingress.yaml
index 6cc9d019e4..0314ee9513 100644
--- a/charts/nginx-ingress-services/templates/ingress.yaml
+++ b/charts/nginx-ingress-services/templates/ingress.yaml
@@ -1,4 +1,6 @@
-apiVersion: extensions/v1beta1
+{{- $apiIsStable := eq (include "ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: nginx-ingress
@@ -31,51 +33,111 @@ spec:
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: nginz
+                port:
+                  name: http
+              {{- else }}
               serviceName: nginz
               servicePort: http
+              {{- end }}
 {{- if .Values.websockets.enabled }}
     - host: {{ .Values.config.dns.ssl }}
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: nginz
+                port:
+                  name: ws
+              {{- else }}
               serviceName: nginz
               servicePort: ws
+              {{- end }}
 {{- end }}
 {{- if .Values.webapp.enabled }}
     - host: {{ .Values.config.dns.webapp }}
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: webapp-http
+                port:
+                  number: {{ .Values.service.webapp.externalPort }}
+              {{- else }}
               serviceName: webapp-http
               servicePort: {{ .Values.service.webapp.externalPort }}
+              {{- end }}
 {{- end }}
 {{- if .Values.fakeS3.enabled }}
     - host: {{ .Values.config.dns.fakeS3 }}
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: {{ .Values.service.s3.serviceName }}
+                port:
+                  number: {{ .Values.service.s3.externalPort }}
+              {{- else }}
               serviceName: {{ .Values.service.s3.serviceName }}
               servicePort: {{ .Values.service.s3.externalPort }}
+              {{- end }}
 {{- end }}
 {{- if .Values.teamSettings.enabled }}
     - host: {{ .Values.config.dns.teamSettings }}
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: team-settings-http
+                port:
+                  number: {{ .Values.service.teamSettings.externalPort }}
+              {{- else }}
               serviceName: team-settings-http
               servicePort: {{ .Values.service.teamSettings.externalPort }}
+              {{- end }}
 {{- end }}
 {{- if .Values.accountPages.enabled }}
     - host: {{ .Values.config.dns.accountPages }}
       http:
         paths:
           - path: /
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: account-pages-http
+                port:
+                  number: {{ .Values.service.accountPages.externalPort }}
+              {{- else }}
               serviceName: account-pages-http
               servicePort: {{ .Values.service.accountPages.externalPort }}
+              {{- end }}
 {{- end }}
diff --git a/charts/nginx-ingress-services/templates/ingress_federator.yaml b/charts/nginx-ingress-services/templates/ingress_federator.yaml
index e756d1cee2..bd9a6aa0b1 100644
--- a/charts/nginx-ingress-services/templates/ingress_federator.yaml
+++ b/charts/nginx-ingress-services/templates/ingress_federator.yaml
@@ -1,7 +1,9 @@
+{{- $apiIsStable := eq (include "ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
 {{- if .Values.federator.enabled }}
 # We use a separate ingress for federator so that we can require client
 # certificates only for federation requests
-apiVersion: extensions/v1beta1
+apiVersion: {{ include "ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: federator-ingress
@@ -24,6 +26,13 @@ spec:
       http:
         paths:
           - backend:
+              {{- if $apiIsStable }}
+              service:
+                name: federator
+                port:
+                  name: federator-ext
+              {{- else }}
               serviceName: federator
               servicePort: federator-ext # name must be below 15 chars
+              {{- end }}
 {{- end }}
diff --git a/charts/sftd/templates/_helpers.tpl b/charts/sftd/templates/_helpers.tpl
index 5832980497..f6e1d33113 100644
--- a/charts/sftd/templates/_helpers.tpl
+++ b/charts/sftd/templates/_helpers.tpl
@@ -58,3 +58,30 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/name: join-call
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Ingress API Version */}}
+{{- define "ingress.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kubeVersion" .)) -}}
+      {{- print "networking.k8s.io/v1" -}}
+  {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+    {{- print "networking.k8s.io/v1beta1" -}}
+  {{- else -}}
+    {{- print "extensions/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Check Ingress stability */}}
+{{- define "ingress.isStable" -}}
+  {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/* Check Ingress supports pathType */}}
+{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
+{{- define "ingress.supportsPathType" -}}
+  {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kubeVersion" .))) -}}
+{{- end -}}
diff --git a/charts/sftd/templates/ingress.yaml b/charts/sftd/templates/ingress.yaml
index 9bf7958fa0..780c3d5cbb 100644
--- a/charts/sftd/templates/ingress.yaml
+++ b/charts/sftd/templates/ingress.yaml
@@ -1,4 +1,6 @@
-apiVersion: extensions/v1beta1
+{{- $apiIsStable := eq (include "ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: "{{ include "sftd.fullname" . }}"
@@ -18,14 +20,44 @@ spec:
       http:
         paths:
           - path: /sft/
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: {{ include "sftd.fullname" . }}
+                port:
+                  name: sft
+              {{- else }}
               serviceName: "{{ include "sftd.fullname" . }}"
               servicePort: sft
+              {{- end }}
           - path: /sfts/
+            {{- if $ingressSupportsPathType }}
+            pathType: Prefix
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: "{{ include "sftd.fullname" . }}-join-call"
+                port:
+                  name: http
+              {{- else }}
               serviceName: "{{ include "sftd.fullname" . }}-join-call"
               servicePort: http
+              {{- end }}
           - path: /sft_servers_all.json
+            {{- if $ingressSupportsPathType }}
+            pathType: Exact
+            {{- end }}
             backend:
+              {{- if $apiIsStable }}
+              service:
+                name: "{{ include "sftd.fullname" . }}-join-call"
+                port:
+                  name: http
+              {{- else }}
               serviceName: "{{ include "sftd.fullname" . }}-join-call"
               servicePort: http
+              {{- end }}

From 35b9ba8d45e33b2aa075cc81df7ec08da75d3c12 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Thu, 19 Jan 2023 17:15:46 +0100
Subject: [PATCH 18/38] Update docs: How to view swagger locally (#3005)

---
 docs/src/developer/developer/how-to.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/docs/src/developer/developer/how-to.md b/docs/src/developer/developer/how-to.md
index 14c0e278d9..b900fc4f1f 100644
--- a/docs/src/developer/developer/how-to.md
+++ b/docs/src/developer/developer/how-to.md
@@ -16,15 +16,14 @@ Terminal 1:
 
 Terminal 2:
 * Compile all services: `make c`
-  * Note that you have to [import the public signing keys for nginx](https://github.com/wireapp/wire-server/blob/develop/services/nginz/README.md#common-problems-while-compiling) to be able to build nginz
-* Run services including nginz: `./services/start-services-only.sh`. If you don't want to run nginz set `INTEGRATION_USE_NGINZ=0`.
+* Run services including nginz: `./services/start-services-only.sh`.
 
 Open your browser at:
 
-- http://localhost:8080/api/swagger-ui for the swagger 2.0 endpoints (in development as of Feb 2021 - more endpoints will be added here as time goes on)
-- http://localhost:8080/swagger-ui/ for the old swagger 1.2 API (old swagger, endpoints will disappear from here (and become available in the previous link) as time progresses). Run `make -C services/nginz integration-test/conf/nginz/zwagger-ui` once to get JS libraries needed (they are not included in the repo).
+- [http://localhost:8080/api/swagger-ui](http://localhost:8080/api/swagger-ui) for the swagger 2.0 endpoints (in development as of Feb 2021 - more endpoints will be added here as time goes on)
+- [http://localhost:8080/swagger-ui](http://localhost:8080/swagger-ui) for the old swagger 1.2 API (old swagger, endpoints will disappear from here (and become available in the previous link) as time progresses). Run `make -C services/nginz integration-test/conf/nginz/zwagger-ui` once to get JS libraries needed (they are not included in the repo).
 
-Swagger json (for swagger 2.0 endpoints) is available under http://localhost:8080/api/swagger.json
+Swagger json (for swagger 2.0 endpoints) is available under [http://localhost:8080/api/swagger.json](http://localhost:8080/api/swagger.json)
 
 ## How to run federation tests across two backends
 

From 73d79d374527965331b42dcb2dd46a94a9670393 Mon Sep 17 00:00:00 2001
From: fisx <mf@zerobuzz.net>
Date: Fri, 20 Jan 2023 11:17:13 +0100
Subject: [PATCH 19/38] Hook fedcalls into api docs (#2988)

* Hook federated API call docs into docs.wire.com (manually).

* Update fedcalls README.

* s/client api calls/api calls/

(Will also include fed calls from now on, and anyway an API is always
both a server and a client API, or it wouldn't work at all.)

* Dial down warning in link to swagger docs.

(it's gotten better since 2020)
---
 .../4-docs/hook-fedcalls-into-api-docs        |   1 +
 docs/src/configuration-options.md             |   6 +-
 docs/src/index.md                             |   2 +-
 .../api-client-perspective/index.md           |   4 -
 .../api-client-perspective/swagger.md         |  16 +-
 docs/src/understand/federation/fedcalls.md    |  18 ++
 .../federation/img/wire-fedcalls.csv          | 122 ++++++++++
 .../federation/img/wire-fedcalls.dot          | 219 ++++++++++++++++++
 .../federation/img/wire-fedcalls.png          | Bin 0 -> 728020 bytes
 tools/fedcalls/README.md                      |  11 +-
 10 files changed, 379 insertions(+), 20 deletions(-)
 create mode 100644 changelog.d/4-docs/hook-fedcalls-into-api-docs
 create mode 100644 docs/src/understand/federation/fedcalls.md
 create mode 100644 docs/src/understand/federation/img/wire-fedcalls.csv
 create mode 100644 docs/src/understand/federation/img/wire-fedcalls.dot
 create mode 100644 docs/src/understand/federation/img/wire-fedcalls.png

diff --git a/changelog.d/4-docs/hook-fedcalls-into-api-docs b/changelog.d/4-docs/hook-fedcalls-into-api-docs
new file mode 100644
index 0000000000..2a6d02a8a3
--- /dev/null
+++ b/changelog.d/4-docs/hook-fedcalls-into-api-docs
@@ -0,0 +1 @@
+Hook federated API call documentation into docs.wire.com (manually).
diff --git a/docs/src/configuration-options.md b/docs/src/configuration-options.md
index 647ac5f0ee..1eeee72383 100644
--- a/docs/src/configuration-options.md
+++ b/docs/src/configuration-options.md
@@ -431,11 +431,11 @@ helm upgrade --install --namespace metallb-system metallb wire/metallb \
 Install `nginx-ingress-[controller,services]`:
 
 ::
-: helm upgrade --install --namespace demo demo-nginx-ingress-controller wire/nginx-ingress-controller 
+: helm upgrade --install --namespace demo demo-nginx-ingress-controller wire/nginx-ingress-controller
 
   : --wait
 
-  helm upgrade --install --namespace demo demo-nginx-ingress-services wire/nginx-ingress-services 
+  helm upgrade --install --namespace demo demo-nginx-ingress-services wire/nginx-ingress-services
 
   : -f values/nginx-ingress-services/demo-values.yaml -f values/nginx-ingress-services/demo-secrets.yaml --wait
 
@@ -633,7 +633,7 @@ account-pages:
 
 ## Configuring authentication cookie throttling
 
-Authentication cookies and the related throttling mechanism is described in the *Client API documentation*:
+Authentication cookies and the related throttling mechanism is described in the *API documentation*:
 {ref}`login-cookies`
 
 The maximum number of cookies per account and type is defined by the brig option
diff --git a/docs/src/index.md b/docs/src/index.md
index 135a0aa03f..da0c17e170 100644
--- a/docs/src/index.md
+++ b/docs/src/index.md
@@ -30,7 +30,7 @@ Connecting Wire Clients <how-to/associate/index>
 Optional Configuration <configuration-options>
 Understanding wire-server components <understand/index>
 Single-Sign-On and user provisioning <how-to/single-sign-on/index.rst>
-Client API documentation <understand/api-client-perspective/index>
+API documentation <understand/api-client-perspective/index>
 Security responses <security-responses/index>
 Notes for developers <developer/index>
 ```
diff --git a/docs/src/understand/api-client-perspective/index.md b/docs/src/understand/api-client-perspective/index.md
index 8bf19e4290..e86c0de1f2 100644
--- a/docs/src/understand/api-client-perspective/index.md
+++ b/docs/src/understand/api-client-perspective/index.md
@@ -2,10 +2,6 @@
 
 The following documentation provides information for, and takes the perspective of a Wire client developer. (wire-desktop, wire-android and wire-ios are examples of Wire Clients). This means only publicly accessible endpoints are mentioned.
 
-```{warning}
-This section of the documentation is very incomplete at the time of writing (summer 2020) - more pages on the client API will follow in the future.
-```
-
 ```{toctree}
 :glob: true
 :maxdepth: 2
diff --git a/docs/src/understand/api-client-perspective/swagger.md b/docs/src/understand/api-client-perspective/swagger.md
index 057d5beb2a..5722c95aed 100644
--- a/docs/src/understand/api-client-perspective/swagger.md
+++ b/docs/src/understand/api-client-perspective/swagger.md
@@ -3,24 +3,20 @@
 Our staging system provides swagger documentation of our public rest
 API.
 
-We are currently (as of 2021-09-29) migrating our documentation into a
-new system that is automatically checked for correctness. The old
-documentation still has some endpoints, but the new one is getting more and more complete. We will completely replace the old one eventually.
+The swagger docs are correct by construction (compiled from the server
+code), and the are complete up to bots/services and event notification
+payloads (as of 2023-01-16).
 
 Please check the new docs first, and if you can't find what you're
 looking for, double-check the old.
 
-## New docs
-
-These docs show swagger 2.0:
+## New docs (swagger 2.0)
 
 [new staging swagger page](https://staging-nginz-https.zinfra.io/api/swagger-ui/)
 
-## Old docs
-
-Some endpoints are only shown using swagger 1.2.
+## Old docs (swagger 1.2)
 
-At the time of writing, both swagger version 1.2 and version 2.0 are in use. If you are an employee of Wire, you can log in here and try out requests in the browser; if not, you can make use of the "List Operations" button on both 1.2 and 2.0 pages to see the possible API requests.
+If you are an employee of Wire, you can log in here and try out requests in the browser; if not, you can make use of the "List Operations" button on both 1.2 and 2.0 pages to see the possible API requests.
 
 Browse to our [old staging swagger page](https://staging-nginz-https.zinfra.io/swagger-ui/) to see rendered swagger documentation for the remaining endpoints.
 
diff --git a/docs/src/understand/federation/fedcalls.md b/docs/src/understand/federation/fedcalls.md
new file mode 100644
index 0000000000..80fdb3c03e
--- /dev/null
+++ b/docs/src/understand/federation/fedcalls.md
@@ -0,0 +1,18 @@
+# Federated API calls by client API end-point (generated)
+
+**Updated manually using using [the fedcalls tool](https://github.com/wireapp/wire-server/blob/8760b4978ccb039b229d458b7a08136a05e12ff9/tools/fedcalls/README.md); last change: 2023-01-16.**
+
+This is most likely only interesting for backend developers.
+
+This graph and csv file describe which public (client) API end-points trigger calls to which end-points at backends federating with the one that is called.  The data is correct by construction (see [the fedcalls tool](https://github.com/wireapp/wire-server/blob/8760b4978ccb039b229d458b7a08136a05e12ff9/tools/fedcalls/README.md) for more details).
+
+The target can only be understood in the context of the [backend code base](https://github.com/wireapp/wire-server/).  It is described by component (sub-directory in `/services`) and end-point name (use grep to find it).
+
+links:
+
+- [dot](img/wire-fedcalls.dot)
+- [png](img/wire-fedcalls.png)
+- [csv](img/wire-fedcalls.csv)
+
+```{image} img/wire-fedcalls.png
+```
diff --git a/docs/src/understand/federation/img/wire-fedcalls.csv b/docs/src/understand/federation/img/wire-fedcalls.csv
new file mode 100644
index 0000000000..bfc571a6d8
--- /dev/null
+++ b/docs/src/understand/federation/img/wire-fedcalls.csv
@@ -0,0 +1,122 @@
+source method,source path,target component,target name
+get,/users/{uid_domain}/{uid},brig,get-users-by-ids
+post,/list-users,brig,get-users-by-ids
+put,/self,brig,on-user-deleted-connections
+delete,/self,brig,on-user-deleted-connections
+delete,/self/phone,brig,on-user-deleted-connections
+delete,/self/email,brig,on-user-deleted-connections
+put,/self/locale,brig,on-user-deleted-connections
+put,/self/handle,brig,on-user-deleted-connections
+post,/register,brig,on-user-deleted-connections
+post,/delete,brig,on-user-deleted-connections
+get,/activate,brig,on-user-deleted-connections
+post,/activate,brig,on-user-deleted-connections
+get,/users/{uid_domain}/{uid}/clients,brig,get-user-clients
+get,/users/{uid_domain}/{uid}/clients/{client},brig,get-user-clients
+post,/users/list-clients,brig,get-user-clients
+get,/users/{uid_domain}/{uid}/prekeys/{client},brig,claim-prekey
+get,/users/{uid_domain}/{uid}/prekeys,brig,claim-prekey-bundle
+post,/users/list-prekeys,brig,claim-multi-prekey-bundle
+post,/clients,brig,on-user-deleted-connections
+put,/connections/{uid_domain}/{uid},brig,send-connection-action
+post,/connections/{uid_domain}/{uid},brig,send-connection-action
+get,/search/contacts,brig,get-users-by-ids
+get,/search/contacts,brig,search-users
+post,/mls/key-packages/claim/{user_domain}/{user},brig,claim-key-packages
+post,/access,brig,on-user-deleted-connections
+post,/login,brig,on-user-deleted-connections
+get,/assets/{key_domain}/{key},cargohold,get-asset
+get,/assets/{key_domain}/{key},cargohold,stream-asset
+put,/conversations/{cnv},galley,on-conversation-updated
+put,/conversations/{cnv},galley,on-mls-message-sent
+put,/conversations/{cnv},galley,on-new-remote-conversation
+get,/conversations/{cnv_domain}/{cnv},galley,get-conversations
+get,/conversations/{cnv_domain}/{cnv}/groupinfo,galley,query-group-info
+post,/conversations/list,galley,get-conversations
+post,/conversations/join,galley,on-conversation-updated
+post,/conversations/join,galley,on-new-remote-conversation
+post,/conversations,galley,on-conversation-created
+post,/conversations/one2one,galley,on-conversation-created
+post,/conversations/{cnv_domain}/{cnv}/members,galley,on-conversation-updated
+post,/conversations/{cnv_domain}/{cnv}/members,galley,on-mls-message-sent
+post,/conversations/{cnv_domain}/{cnv}/members,galley,on-new-remote-conversation
+post,/conversations/{cnv}/join,galley,on-conversation-updated
+post,/conversations/{cnv}/join,galley,on-new-remote-conversation
+post,/conversations/{cnv_domain}/{cnv}/typing,galley,on-typing-indicator-updated
+put,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-conversation-updated
+put,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-mls-message-sent
+put,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-new-remote-conversation
+delete,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,leave-conversation
+delete,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-conversation-updated
+delete,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-mls-message-sent
+delete,/conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr},galley,on-new-remote-conversation
+put,/conversations/{cnv}/members/{usr},galley,on-conversation-updated
+put,/conversations/{cnv}/members/{usr},galley,on-mls-message-sent
+put,/conversations/{cnv}/members/{usr},galley,on-new-remote-conversation
+put,/conversations/{cnv}/name,galley,on-conversation-updated
+put,/conversations/{cnv}/name,galley,on-mls-message-sent
+put,/conversations/{cnv}/name,galley,on-new-remote-conversation
+put,/conversations/{cnv_domain}/{cnv}/name,galley,on-conversation-updated
+put,/conversations/{cnv_domain}/{cnv}/name,galley,on-mls-message-sent
+put,/conversations/{cnv_domain}/{cnv}/name,galley,on-new-remote-conversation
+put,/conversations/{cnv}/message-timer,galley,on-conversation-updated
+put,/conversations/{cnv}/message-timer,galley,on-mls-message-sent
+put,/conversations/{cnv}/message-timer,galley,on-new-remote-conversation
+put,/conversations/{cnv_domain}/{cnv}/message-timer,galley,on-conversation-updated
+put,/conversations/{cnv_domain}/{cnv}/message-timer,galley,on-mls-message-sent
+put,/conversations/{cnv_domain}/{cnv}/message-timer,galley,on-new-remote-conversation
+put,/conversations/{cnv}/receipt-mode,galley,on-conversation-updated
+put,/conversations/{cnv}/receipt-mode,galley,on-mls-message-sent
+put,/conversations/{cnv}/receipt-mode,galley,on-new-remote-conversation
+put,/conversations/{cnv}/receipt-mode,galley,update-conversation
+put,/conversations/{cnv_domain}/{cnv}/receipt-mode,galley,on-conversation-updated
+put,/conversations/{cnv_domain}/{cnv}/receipt-mode,galley,on-mls-message-sent
+put,/conversations/{cnv_domain}/{cnv}/receipt-mode,galley,on-new-remote-conversation
+put,/conversations/{cnv_domain}/{cnv}/receipt-mode,galley,update-conversation
+put,/conversations/{cnv_domain}/{cnv}/access,galley,on-conversation-updated
+put,/conversations/{cnv_domain}/{cnv}/access,galley,on-mls-message-sent
+put,/conversations/{cnv_domain}/{cnv}/access,galley,on-new-remote-conversation
+delete,/teams/{tid}/conversations/{cid},galley,on-conversation-updated
+delete,/teams/{tid}/conversations/{cid},galley,on-mls-message-sent
+delete,/teams/{tid}/conversations/{cid},galley,on-new-remote-conversation
+post,/conversations/{cnv}/otr/messages,galley,on-message-sent
+post,/conversations/{cnv}/otr/messages,brig,get-user-clients
+post,/conversations/{cnv_domain}/{cnv}/proteus/messages,brig,get-user-clients
+post,/conversations/{cnv_domain}/{cnv}/proteus/messages,galley,on-message-sent
+post,/conversations/{cnv_domain}/{cnv}/proteus/messages,galley,send-message
+post,/bot/messages,galley,on-message-sent
+post,/bot/messages,brig,get-user-clients
+put,/teams/{tid}/features/legalhold,galley,on-conversation-updated
+put,/teams/{tid}/features/legalhold,galley,on-mls-message-sent
+put,/teams/{tid}/features/legalhold,galley,on-new-remote-conversation
+post,/mls/welcome,galley,mls-welcome
+post,/mls/messages,galley,on-mls-message-sent
+post,/mls/messages,galley,send-mls-message
+post,/mls/messages,galley,on-conversation-updated
+post,/mls/messages,galley,on-new-remote-conversation
+post,/mls/messages,brig,get-mls-clients
+post,/mls/commit-bundles,galley,on-mls-message-sent
+post,/mls/commit-bundles,galley,mls-welcome
+post,/mls/commit-bundles,galley,send-mls-commit-bundle
+post,/mls/commit-bundles,galley,on-conversation-updated
+post,/mls/commit-bundles,galley,on-new-remote-conversation
+post,/mls/commit-bundles,brig,get-mls-clients
+delete,/teams/{tid}/legalhold/settings,galley,on-conversation-updated
+delete,/teams/{tid}/legalhold/settings,galley,on-mls-message-sent
+delete,/teams/{tid}/legalhold/settings,galley,on-new-remote-conversation
+post,/teams/{tid}/legalhold/{uid},galley,on-conversation-updated
+post,/teams/{tid}/legalhold/{uid},galley,on-mls-message-sent
+post,/teams/{tid}/legalhold/{uid},galley,on-new-remote-conversation
+delete,/teams/{tid}/legalhold/{uid},galley,on-conversation-updated
+delete,/teams/{tid}/legalhold/{uid},galley,on-mls-message-sent
+delete,/teams/{tid}/legalhold/{uid},galley,on-new-remote-conversation
+post,/teams/{tid}/legalhold/consent,galley,on-conversation-updated
+post,/teams/{tid}/legalhold/consent,galley,on-mls-message-sent
+post,/teams/{tid}/legalhold/consent,galley,on-new-remote-conversation
+put,/teams/{tid}/legalhold/{uid}/approve,galley,on-conversation-updated
+put,/teams/{tid}/legalhold/{uid}/approve,galley,on-mls-message-sent
+put,/teams/{tid}/legalhold/{uid}/approve,galley,on-new-remote-conversation
+post,/i/users,brig,on-user-deleted-connections
+post,/i/users/spar,brig,on-user-deleted-connections
+post,/i/legalhold-login,brig,on-user-deleted-connections
+post,/i/sso-login,brig,on-user-deleted-connections
\ No newline at end of file
diff --git a/docs/src/understand/federation/img/wire-fedcalls.dot b/docs/src/understand/federation/img/wire-fedcalls.dot
new file mode 100644
index 0000000000..77648a9d95
--- /dev/null
+++ b/docs/src/understand/federation/img/wire-fedcalls.dot
@@ -0,0 +1,219 @@
+strict digraph {
+  graph [rankdir=LR]
+  node [shape=rectangle]
+  edge [style=dashed]
+  subgraph {
+    "37: delete /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w
+    "3: delete /self":w
+    "5: delete /self/email":w
+    "4: delete /self/phone":w
+    "46: delete /teams/{tid}/conversations/{cid}":w
+    "54: delete /teams/{tid}/legalhold/settings":w
+    "56: delete /teams/{tid}/legalhold/{uid}":w
+    "10: get /activate":w
+    "25: get /assets/{key_domain}/{key}":w
+    "27: get /conversations/{cnv_domain}/{cnv}":w
+    "28: get /conversations/{cnv_domain}/{cnv}/groupinfo":w
+    "21: get /search/contacts":w
+    "0: get /users/{uid_domain}/{uid}":w
+    "12: get /users/{uid_domain}/{uid}/clients":w
+    "13: get /users/{uid_domain}/{uid}/clients/{client}":w
+    "16: get /users/{uid_domain}/{uid}/prekeys":w
+    "15: get /users/{uid_domain}/{uid}/prekeys/{client}":w
+    "23: post /access":w
+    "11: post /activate":w
+    "49: post /bot/messages":w
+    "18: post /clients":w
+    "20: post /connections/{uid_domain}/{uid}":w
+    "31: post /conversations":w
+    "30: post /conversations/join":w
+    "29: post /conversations/list":w
+    "32: post /conversations/one2one":w
+    "33: post /conversations/{cnv_domain}/{cnv}/members":w
+    "48: post /conversations/{cnv_domain}/{cnv}/proteus/messages":w
+    "35: post /conversations/{cnv_domain}/{cnv}/typing":w
+    "34: post /conversations/{cnv}/join":w
+    "47: post /conversations/{cnv}/otr/messages":w
+    "9: post /delete":w
+    "61: post /i/legalhold-login":w
+    "62: post /i/sso-login":w
+    "59: post /i/users":w
+    "60: post /i/users/spar":w
+    "1: post /list-users":w
+    "24: post /login":w
+    "53: post /mls/commit-bundles":w
+    "22: post /mls/key-packages/claim/{user_domain}/{user}":w
+    "52: post /mls/messages":w
+    "51: post /mls/welcome":w
+    "8: post /register":w
+    "57: post /teams/{tid}/legalhold/consent":w
+    "55: post /teams/{tid}/legalhold/{uid}":w
+    "14: post /users/list-clients":w
+    "17: post /users/list-prekeys":w
+    "19: put /connections/{uid_domain}/{uid}":w
+    "45: put /conversations/{cnv_domain}/{cnv}/access":w
+    "36: put /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w
+    "42: put /conversations/{cnv_domain}/{cnv}/message-timer":w
+    "40: put /conversations/{cnv_domain}/{cnv}/name":w
+    "44: put /conversations/{cnv_domain}/{cnv}/receipt-mode":w
+    "26: put /conversations/{cnv}":w
+    "38: put /conversations/{cnv}/members/{usr}":w
+    "41: put /conversations/{cnv}/message-timer":w
+    "39: put /conversations/{cnv}/name":w
+    "43: put /conversations/{cnv}/receipt-mode":w
+    "2: put /self":w
+    "7: put /self/handle":w
+    "6: put /self/locale":w
+    "50: put /teams/{tid}/features/legalhold":w
+    "58: put /teams/{tid}/legalhold/{uid}/approve":w
+  }
+  subgraph {
+    "71: [brig]:claim-key-packages":e
+    "68: [brig]:claim-multi-prekey-bundle":e
+    "66: [brig]:claim-prekey":e
+    "67: [brig]:claim-prekey-bundle":e
+    "87: [brig]:get-mls-clients":e
+    "65: [brig]:get-user-clients":e
+    "63: [brig]:get-users-by-ids":e
+    "64: [brig]:on-user-deleted-connections":e
+    "70: [brig]:search-users":e
+    "69: [brig]:send-connection-action":e
+    "72: [cargohold]:get-asset":e
+    "73: [cargohold]:stream-asset":e
+    "77: [galley]:get-conversations":e
+    "81: [galley]:leave-conversation":e
+    "85: [galley]:mls-welcome":e
+    "79: [galley]:on-conversation-created":e
+    "74: [galley]:on-conversation-updated":e
+    "83: [galley]:on-message-sent":e
+    "75: [galley]:on-mls-message-sent":e
+    "76: [galley]:on-new-remote-conversation":e
+    "80: [galley]:on-typing-indicator-updated":e
+    "78: [galley]:query-group-info":e
+    "84: [galley]:send-message":e
+    "88: [galley]:send-mls-commit-bundle":e
+    "86: [galley]:send-mls-message":e
+    "82: [galley]:update-conversation":e
+  }
+  "0: get /users/{uid_domain}/{uid}":w -> "63: [brig]:get-users-by-ids":e
+  "1: post /list-users":w -> "63: [brig]:get-users-by-ids":e
+  "2: put /self":w -> "64: [brig]:on-user-deleted-connections":e
+  "3: delete /self":w -> "64: [brig]:on-user-deleted-connections":e
+  "4: delete /self/phone":w -> "64: [brig]:on-user-deleted-connections":e
+  "5: delete /self/email":w -> "64: [brig]:on-user-deleted-connections":e
+  "6: put /self/locale":w -> "64: [brig]:on-user-deleted-connections":e
+  "7: put /self/handle":w -> "64: [brig]:on-user-deleted-connections":e
+  "8: post /register":w -> "64: [brig]:on-user-deleted-connections":e
+  "9: post /delete":w -> "64: [brig]:on-user-deleted-connections":e
+  "10: get /activate":w -> "64: [brig]:on-user-deleted-connections":e
+  "11: post /activate":w -> "64: [brig]:on-user-deleted-connections":e
+  "12: get /users/{uid_domain}/{uid}/clients":w -> "65: [brig]:get-user-clients":e
+  "13: get /users/{uid_domain}/{uid}/clients/{client}":w -> "65: [brig]:get-user-clients":e
+  "14: post /users/list-clients":w -> "65: [brig]:get-user-clients":e
+  "15: get /users/{uid_domain}/{uid}/prekeys/{client}":w -> "66: [brig]:claim-prekey":e
+  "16: get /users/{uid_domain}/{uid}/prekeys":w -> "67: [brig]:claim-prekey-bundle":e
+  "17: post /users/list-prekeys":w -> "68: [brig]:claim-multi-prekey-bundle":e
+  "18: post /clients":w -> "64: [brig]:on-user-deleted-connections":e
+  "19: put /connections/{uid_domain}/{uid}":w -> "69: [brig]:send-connection-action":e
+  "20: post /connections/{uid_domain}/{uid}":w -> "69: [brig]:send-connection-action":e
+  "21: get /search/contacts":w -> "63: [brig]:get-users-by-ids":e
+  "21: get /search/contacts":w -> "70: [brig]:search-users":e
+  "22: post /mls/key-packages/claim/{user_domain}/{user}":w -> "71: [brig]:claim-key-packages":e
+  "23: post /access":w -> "64: [brig]:on-user-deleted-connections":e
+  "24: post /login":w -> "64: [brig]:on-user-deleted-connections":e
+  "25: get /assets/{key_domain}/{key}":w -> "72: [cargohold]:get-asset":e
+  "25: get /assets/{key_domain}/{key}":w -> "73: [cargohold]:stream-asset":e
+  "26: put /conversations/{cnv}":w -> "74: [galley]:on-conversation-updated":e
+  "26: put /conversations/{cnv}":w -> "75: [galley]:on-mls-message-sent":e
+  "26: put /conversations/{cnv}":w -> "76: [galley]:on-new-remote-conversation":e
+  "27: get /conversations/{cnv_domain}/{cnv}":w -> "77: [galley]:get-conversations":e
+  "28: get /conversations/{cnv_domain}/{cnv}/groupinfo":w -> "78: [galley]:query-group-info":e
+  "29: post /conversations/list":w -> "77: [galley]:get-conversations":e
+  "30: post /conversations/join":w -> "74: [galley]:on-conversation-updated":e
+  "30: post /conversations/join":w -> "76: [galley]:on-new-remote-conversation":e
+  "31: post /conversations":w -> "79: [galley]:on-conversation-created":e
+  "32: post /conversations/one2one":w -> "79: [galley]:on-conversation-created":e
+  "33: post /conversations/{cnv_domain}/{cnv}/members":w -> "74: [galley]:on-conversation-updated":e
+  "33: post /conversations/{cnv_domain}/{cnv}/members":w -> "75: [galley]:on-mls-message-sent":e
+  "33: post /conversations/{cnv_domain}/{cnv}/members":w -> "76: [galley]:on-new-remote-conversation":e
+  "34: post /conversations/{cnv}/join":w -> "74: [galley]:on-conversation-updated":e
+  "34: post /conversations/{cnv}/join":w -> "76: [galley]:on-new-remote-conversation":e
+  "35: post /conversations/{cnv_domain}/{cnv}/typing":w -> "80: [galley]:on-typing-indicator-updated":e
+  "36: put /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "74: [galley]:on-conversation-updated":e
+  "36: put /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "75: [galley]:on-mls-message-sent":e
+  "36: put /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "76: [galley]:on-new-remote-conversation":e
+  "37: delete /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "81: [galley]:leave-conversation":e
+  "37: delete /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "74: [galley]:on-conversation-updated":e
+  "37: delete /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "75: [galley]:on-mls-message-sent":e
+  "37: delete /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}":w -> "76: [galley]:on-new-remote-conversation":e
+  "38: put /conversations/{cnv}/members/{usr}":w -> "74: [galley]:on-conversation-updated":e
+  "38: put /conversations/{cnv}/members/{usr}":w -> "75: [galley]:on-mls-message-sent":e
+  "38: put /conversations/{cnv}/members/{usr}":w -> "76: [galley]:on-new-remote-conversation":e
+  "39: put /conversations/{cnv}/name":w -> "74: [galley]:on-conversation-updated":e
+  "39: put /conversations/{cnv}/name":w -> "75: [galley]:on-mls-message-sent":e
+  "39: put /conversations/{cnv}/name":w -> "76: [galley]:on-new-remote-conversation":e
+  "40: put /conversations/{cnv_domain}/{cnv}/name":w -> "74: [galley]:on-conversation-updated":e
+  "40: put /conversations/{cnv_domain}/{cnv}/name":w -> "75: [galley]:on-mls-message-sent":e
+  "40: put /conversations/{cnv_domain}/{cnv}/name":w -> "76: [galley]:on-new-remote-conversation":e
+  "41: put /conversations/{cnv}/message-timer":w -> "74: [galley]:on-conversation-updated":e
+  "41: put /conversations/{cnv}/message-timer":w -> "75: [galley]:on-mls-message-sent":e
+  "41: put /conversations/{cnv}/message-timer":w -> "76: [galley]:on-new-remote-conversation":e
+  "42: put /conversations/{cnv_domain}/{cnv}/message-timer":w -> "74: [galley]:on-conversation-updated":e
+  "42: put /conversations/{cnv_domain}/{cnv}/message-timer":w -> "75: [galley]:on-mls-message-sent":e
+  "42: put /conversations/{cnv_domain}/{cnv}/message-timer":w -> "76: [galley]:on-new-remote-conversation":e
+  "43: put /conversations/{cnv}/receipt-mode":w -> "74: [galley]:on-conversation-updated":e
+  "43: put /conversations/{cnv}/receipt-mode":w -> "75: [galley]:on-mls-message-sent":e
+  "43: put /conversations/{cnv}/receipt-mode":w -> "76: [galley]:on-new-remote-conversation":e
+  "43: put /conversations/{cnv}/receipt-mode":w -> "82: [galley]:update-conversation":e
+  "44: put /conversations/{cnv_domain}/{cnv}/receipt-mode":w -> "74: [galley]:on-conversation-updated":e
+  "44: put /conversations/{cnv_domain}/{cnv}/receipt-mode":w -> "75: [galley]:on-mls-message-sent":e
+  "44: put /conversations/{cnv_domain}/{cnv}/receipt-mode":w -> "76: [galley]:on-new-remote-conversation":e
+  "44: put /conversations/{cnv_domain}/{cnv}/receipt-mode":w -> "82: [galley]:update-conversation":e
+  "45: put /conversations/{cnv_domain}/{cnv}/access":w -> "74: [galley]:on-conversation-updated":e
+  "45: put /conversations/{cnv_domain}/{cnv}/access":w -> "75: [galley]:on-mls-message-sent":e
+  "45: put /conversations/{cnv_domain}/{cnv}/access":w -> "76: [galley]:on-new-remote-conversation":e
+  "46: delete /teams/{tid}/conversations/{cid}":w -> "74: [galley]:on-conversation-updated":e
+  "46: delete /teams/{tid}/conversations/{cid}":w -> "75: [galley]:on-mls-message-sent":e
+  "46: delete /teams/{tid}/conversations/{cid}":w -> "76: [galley]:on-new-remote-conversation":e
+  "47: post /conversations/{cnv}/otr/messages":w -> "83: [galley]:on-message-sent":e
+  "47: post /conversations/{cnv}/otr/messages":w -> "65: [brig]:get-user-clients":e
+  "48: post /conversations/{cnv_domain}/{cnv}/proteus/messages":w -> "65: [brig]:get-user-clients":e
+  "48: post /conversations/{cnv_domain}/{cnv}/proteus/messages":w -> "83: [galley]:on-message-sent":e
+  "48: post /conversations/{cnv_domain}/{cnv}/proteus/messages":w -> "84: [galley]:send-message":e
+  "49: post /bot/messages":w -> "83: [galley]:on-message-sent":e
+  "49: post /bot/messages":w -> "65: [brig]:get-user-clients":e
+  "50: put /teams/{tid}/features/legalhold":w -> "74: [galley]:on-conversation-updated":e
+  "50: put /teams/{tid}/features/legalhold":w -> "75: [galley]:on-mls-message-sent":e
+  "50: put /teams/{tid}/features/legalhold":w -> "76: [galley]:on-new-remote-conversation":e
+  "51: post /mls/welcome":w -> "85: [galley]:mls-welcome":e
+  "52: post /mls/messages":w -> "75: [galley]:on-mls-message-sent":e
+  "52: post /mls/messages":w -> "86: [galley]:send-mls-message":e
+  "52: post /mls/messages":w -> "74: [galley]:on-conversation-updated":e
+  "52: post /mls/messages":w -> "76: [galley]:on-new-remote-conversation":e
+  "52: post /mls/messages":w -> "87: [brig]:get-mls-clients":e
+  "53: post /mls/commit-bundles":w -> "75: [galley]:on-mls-message-sent":e
+  "53: post /mls/commit-bundles":w -> "85: [galley]:mls-welcome":e
+  "53: post /mls/commit-bundles":w -> "88: [galley]:send-mls-commit-bundle":e
+  "53: post /mls/commit-bundles":w -> "74: [galley]:on-conversation-updated":e
+  "53: post /mls/commit-bundles":w -> "76: [galley]:on-new-remote-conversation":e
+  "53: post /mls/commit-bundles":w -> "87: [brig]:get-mls-clients":e
+  "54: delete /teams/{tid}/legalhold/settings":w -> "74: [galley]:on-conversation-updated":e
+  "54: delete /teams/{tid}/legalhold/settings":w -> "75: [galley]:on-mls-message-sent":e
+  "54: delete /teams/{tid}/legalhold/settings":w -> "76: [galley]:on-new-remote-conversation":e
+  "55: post /teams/{tid}/legalhold/{uid}":w -> "74: [galley]:on-conversation-updated":e
+  "55: post /teams/{tid}/legalhold/{uid}":w -> "75: [galley]:on-mls-message-sent":e
+  "55: post /teams/{tid}/legalhold/{uid}":w -> "76: [galley]:on-new-remote-conversation":e
+  "56: delete /teams/{tid}/legalhold/{uid}":w -> "74: [galley]:on-conversation-updated":e
+  "56: delete /teams/{tid}/legalhold/{uid}":w -> "75: [galley]:on-mls-message-sent":e
+  "56: delete /teams/{tid}/legalhold/{uid}":w -> "76: [galley]:on-new-remote-conversation":e
+  "57: post /teams/{tid}/legalhold/consent":w -> "74: [galley]:on-conversation-updated":e
+  "57: post /teams/{tid}/legalhold/consent":w -> "75: [galley]:on-mls-message-sent":e
+  "57: post /teams/{tid}/legalhold/consent":w -> "76: [galley]:on-new-remote-conversation":e
+  "58: put /teams/{tid}/legalhold/{uid}/approve":w -> "74: [galley]:on-conversation-updated":e
+  "58: put /teams/{tid}/legalhold/{uid}/approve":w -> "75: [galley]:on-mls-message-sent":e
+  "58: put /teams/{tid}/legalhold/{uid}/approve":w -> "76: [galley]:on-new-remote-conversation":e
+  "59: post /i/users":w -> "64: [brig]:on-user-deleted-connections":e
+  "60: post /i/users/spar":w -> "64: [brig]:on-user-deleted-connections":e
+  "61: post /i/legalhold-login":w -> "64: [brig]:on-user-deleted-connections":e
+  "62: post /i/sso-login":w -> "64: [brig]:on-user-deleted-connections":e
+}
\ No newline at end of file
diff --git a/docs/src/understand/federation/img/wire-fedcalls.png b/docs/src/understand/federation/img/wire-fedcalls.png
new file mode 100644
index 0000000000000000000000000000000000000000..35fb0ed9d2a6b2b09c69bcea79b3d6d6b527d72c
GIT binary patch
literal 728020
zcmce;bySz_+AaFC5kV0}N<|bA=@1c6KtxmoL0VEu8l^i_K(P=JDG`+h3F$^b0cns9
z5$W!(Gk?DC`u6_L-ea8e$JysuW31&;c;b%hn%A83x_#tsTp=f=BP9?B<kzlB$P)<L
zhY5uJBP3h#H#wj8|H1$4)V+R1g0M;a&-;QHe*)nc;hMxnMTfUzUG^FW7B_cI$&xTK
zQ53Um-6<!xf7hSbG}hxRe<CwY65HEZ)v_{d)0K-d+m%N@Mf{16$TW$`Yb?l6Tim*x
z>SY0CG4s75Q4!x?lOfl|#g1*!sugwd^quT<6|oOo?OYWR*iKeLfma}2e0Ow4i0?_f
z6bU(O|NJRPxG(9SKi!^Sm(kpUKgZti^76WT`SSAe^2w7YJFQNgI+deQ<0~sIEiEe>
z6JA+SVP$PSY{<aCAS)~D=7PT#7vEZ>p}p3XXRoKLyVSq2u^}QN!o{H7wxW1;<NH%;
zV`F2hoX+AuqK0ep9J0A<yBQB1IwZ7>KzMKRGH)wE>_T8bK$LtO2_v40XQ#_W$@Aa+
zrD2$4H9yj{x;S~@2Br9p9XkqEMiSPR!reEP=Z1fJQe>zl)*H3X*mt|y*S){Ew#0AR
zyf*h!*7N1tw}&m3AMDsuTvD<;Jv&gXo?{hNGwia|^Js0xYY%mjW?u8sQif@ZGONh(
z;~(Xx^Xw;^sgwDr6U|%<MittYni5o!)w61rmMS<m@$(kH@`KlZe*Jo%!+mpo(YARr
ztJ^Ii{PJ<X#6*tuwHo0`vZLpN7~JQE>aPcK*4I+{d~0tHahvGKx;t1Cwmd!8d0&y0
z>go4R)||Y&yzK0$-aUKvoTS`cbeQnIefQK`9gMiv85R92Q&Lh=Gqbb189CI_jT$0%
zi;D2_&UEHjd%k?|;K83iy5d*0w6u(k;|lerZAY8U+fu#uvhtEeD6$$aH$+{JkqIsJ
z-5iSWZT@ttgiAZar0EKS>o+d#bffxcnb30g1KY&QW5V5pbc(mTt-aw;cUzxVnd$!K
zF;si<#Svk<=|7jnA4@Z*rLS%Jm*2mCUo+RHr%XG~j)RBCPdn-E;h7))r>3W;)dEhf
zSnoTV71LTTo;Z+_F7Nc_z5^Q@+XuPw&193CUMo|*SRWF{{c3a?J`pc=%#zYXPfva9
z%@c0tg_9~TsECsocNe-oJ;bpzJ(fc${#Y_X$562+hcYqq8H1?X?=Sb)h%+$Rk>%?)
z@J{O%K459OcX>L^uy$ji<L+|*XmesHzv-JE;&bWg=~tFVlZ)P+cjOgy!(10_ZU{4e
ztEqWmL1p7lFKDGNCr2Urj+4RJ+4;WMv4f=JV`C(Y&CShNphAJ7ghst`ta-Y_Ass9M
zQr<d4pV?*T=KF7SWSXxo4~DlzXbGvQs;LRtPju4q-I?m0e}2Giwpze?u%<sSt@kDF
zV?%g!=ZId}iz7ldETS8=qMK{0lSOSGjxOldV4bb3uFm!j^N05p<-{f?CWeKD)pYJ8
zv~~+SQ%ZI7H~1dC;IuTwxL#EqHNSpzakATeVeFPTN!O13;!@YI&(6$5%Z7`XwQ{?y
ztu4=HS#(vr`>1Q)nxeBZH@vnK%x7rPnsUGTW80QKuEHhVsvw@VrER<Rz7@1C#Z^%u
z#eV2|l>GJU*Mp^-Bd+*nns?0frlqEm?%88*W@bbqN+6i*wNfDv(q{jBe;OOh;&lFs
z?+$BgYfNCS-FSP9EW_W0g5N8BA(nb=7>kUWUG<CaCN^2o#)|1m@X^opk<-1tqVISO
zNJTe%MK>Nld#1l{i*XXmLDGj0A7Tg8`pRNe%gCJE)G{eQ+A~bQYa4-kr}O?R7cbtI
zW{%KHQM2gErJ|-T+w1i6={XWcSA1G~2Ak+c$K9d}PID~PO~V^+Y77ttCJPpiin@(7
z#&w$J@7Q|3px{DSO}1t4(sZ8Pc&^ht>$1K3)hnS#4j*<}7;DS5HFa~rBfPwJ*aZ-T
z80~iuVo8M#`Gtli)Em8)I$6zE@b_B&`e+}+uOfGMW8>5G*L+`Mypv`(vJkSkG;?3O
zMc<0TtX*Xa5p~~)yylPfx^6a?D&%CQuc!C(!=+teWs)`%V>_G)gxirzOH1FrNu2#|
zP!=`+obPUHO3zeJiCK_*96KAELY(4?Ro69tX7i5B=WEWg_a8poc40m1UQcn0wtE-@
z11&8gngZQ5E{+d|yYXUe&M{j?$ccfOiII_!nVDHYAnQHxI(F*RBe$Whyv3J{mzJi9
zk?_^Y>r4INt_!rG)>i9Fy}m_jGfx8o0&tV4sHm{8BL%#PD#=<H%HL&!eSO?ymriKs
zS`r9yhUZ<DxX+%=jEt0sk~cm>7a(=nzi<BuNt=;I9|qC8zw#%GHs48FRbu7G&AJT`
z7dBRje4HX{Kt;cmy1IItqKT=gu+31Na-!OF?{z6DZ1(s#O9Iy(q?X1@#E0Su)uKwQ
zN^Wj$m<zSUqkMOs)mYY0u_@P?nqpuP^6{R}pFdY*4dd2%P%~I4dHFJ4wH(`b@1s=O
z)6RL!1cDd`8z(0x3(Nb-GAkRKNNPUQwye9|h|5Nsv5Ks18<tocIyyRQOP}@1HZTHq
zc6MjFZ13HBDHTQO)0b8&GTM|tExIw?TZR;}u&{uCpOY}3&pJTIjS;@h*=Uj>cC5~c
zm(><)FWhbAw19w0oMOCUd}pV|%H%EvmlUUY6SuXRFku1nc8OJ$3CDiSgxmVcG<J6S
z+M)nb{TY3{(u?QMl@glHuqm?!oSDQ2iDSnuO`ni__P$m#=9?~$jP8l!#~(a=xIB%)
zQHoQvJ1nGNK_Dd#*TLtK3i9&D1EiKWsc30)EPEwG+#4ibi)b0OryJ7?SoD=K2wL^!
zO%_IIhG=jGR`#bqnw^~;ZT+lQEwBSAoApg-XlQUSX2*Jyjh(%!r6rI-)M4s30+TUS
zMgNTJ>VlWI_e^i?y9)`*3D_iuH@!Y|?c9N9D?Y^i$67z12t9#BFCehEzS!OUS#Ou<
z22v09mac+aj>e5-u9<~}=H)^uB0dP5nVD&=jBDNVN&M0!D$*UI4#>Y{z6^tJu13jU
zxl)Efyf(;Rg{7lI<9#Q`A?D@<k4`Frjl)de4@^?S-z$4~$YaYkn}Ls~WZ!9g*4^Pu
z`T7E5d%mN!sAy4pGJ+GK@%s1g-{*onol9LBV{ZyscfGsdtX1d|>~_dUVvJErLc+7A
z*FQCt_x%0tx7guEEQ+j3CMG75#B1m3*UC!Mnzw>$zst+ZcOPIrW71gO)YSCjhfh~a
zmU+in7M9orwtaYt+%2gn-V-M-vDH`q_^~`yvhTu$3(M1C!uBs-ys$$w#B#x9X=&UT
z>z9@`J5(Q`?bsiHH#E99K`JME@ZdovX683<-XKiA*(}1xjCB`@uEs<}oamz7wR5N2
z#`0i>stg`P;Il>a8mtYUt)15{bji7uc4uwLadsf!^=snGRsX$8N-lkn`)#Sfzbl7L
zEbR5GSE)$#)LdFjKw^jkCr|eG^-+i;JUflI^Sim&*)7bEwzSPYKJFLWoIpnWoMa@?
z4J2z|uG6PaW67t>u?8R?<mTiAXIjitBI2j{<9%Phmhf-DL=OLqnbjkvPqWsP(&zMS
z2T5gRYw-tQ6<p2^4!=VV;l3Vf(b#PJz3hKEUKu=h|LN1G*uc$SL&ZM~b>{H>YA__j
zX1c?8;)Gsjwk5Kb%+;$boSe~K7)8KA!<x4|=3T@=_<fRxY_?>dC<cxB)Ty5b1q1~J
z`T3g~8d76puMYBk#M;o%&@d^Azk@g;W?o)V@dUSc@xpET&-ag)pDt~|KrpyW-46^@
z`57(K)zw8@y~D$&{jQo6L=zt%cm2uJr$2xGym0>f(q@3afA7$ck)B>}e}Dh@co&uz
zU@HSdH~`RDi_YwY1e3i$ppCB)lO(QOxpMjP_ix|y4Gi{+e@aYL&oo<J>~`<H&`!MX
zZ81yB=>RqrEW!oA&lr58;|%dD5SxvEMq_93*^WzZ!%NEy*GD|U==l2jCMR=UkR2Ev
z_6emW-s8QAyu3UwFK>H>Y1w8n*2>zX`=)72QdoGnHXujn8Dsg?rUYX^5>^gAzS)%`
zKu^b&IpeV8C?YT?#2&Gq{H2+Fujk>eeSdm;cQab$<YQ|CtL-KyCnqC2V>=$d3lpq2
z-d(g=_u*1YvbOum+-b&0EHnJjaAVw0tlw!G8{*Blcd-VHY^(!bcNgK`v5vNF-Fnun
z_4bIA(mqUPsTv*xNS|jj+>m2E$f=ooPEas7SCaU<1SLzLFwB*TwyV<Mi5JxetW-QU
z>x|Cax^>Ipupsd#8ugH|e*pvaSvg+4TK;(diJf~717yi)#*zO1%tP>`DCVxhIG&OT
z=^Ge0>o}vYpt6hji|==icjnCYlsp2Ot}ZWk7){K28y0ru#bF}O!?F#^HF47Eq@v6H
z^XE^2^J3Diw1N7FD`7&mbUeD>Lhlx~eY(Y`(6Z<6t<FZq#B6Q=k*&>C0`TKEG&D73
zG*5KB%o8v9&Rqp0pQro%$=KK!Zc!V|cV%!}+24_-dw}RKEG(?hBF@#9RQJAMeWBy%
z(W7a1s!ckxKgW#{%R2(WiP7H6o8{E0D<9;7at{&azaqMgRIB$AMxG;mx*?xLC+#3K
z?mECM%^j{XrW%sFmB9RkTUtk_2f<Z6%ffslm(Zw$LJRAOi;a!X_A)_C9S~paSZlhm
ze;nIZf^A1d02_82(gP(WB{sgv$jC8!ubrRVH#fe1{fhgGX$FLaJ->g1kY-?D!0)!^
zpwP0FFp`O(p%gE~cOx1Tp&K*9{8wSCzpqUY%Th{EUS3%##8)x9y8;CoiB(iq%4iaE
z3Be;51<cAL2Diu0pJUa;8Jj-9a6dtQZ%$MPa_?xQ`e!v>58*e>#PIc326pE={`71T
zn;<3sPOa_oK|T&8jLyiDzmIF=QHZ%Q-kvcE5G$j)3&VNrTUpr^2?_RFsowyh8*Tr&
zo!<7XUsDY#Z-k4u_7v|>Xxfs)c80{X`IDukr6US28O{BF-%cnFTMv8x0I64WJmHt$
zws~y}iwV>)*wf6EKGK@h|NIy;2ZzjYzt*-k^Umyg&!#WgY>n<%2iJ{_hk+ZV|Giu8
zDPG=&l9FD3S&?fpGW<IHSQ+a`=7k?FJrW|W_v3%R!B!TT#m#LaUMb=H`SZ*--qIX6
zp!doIGqJ*T?AYx;-+YKOjSE5h?OXPPr2KTxB_rC>3=sk*zue!JtdS#MNgSW~ZbUJ0
zadBzQzbn*3==8~xQR(Tg-8eZo3}^-#;}nt$7Sw<oUK|!I=9V5;L`3=f285ycKi~Hx
zZV!k~6|m@}5waOVeWxhg^u^ly@9+`ClKcAf!}?KKBSK-`xlCi|XzX{ywgUOMy11}&
z*uEY0dHk4SXg?jD+Nx5bRv@P)CCPTws91K-#7%`Arf%o1A)?A?Mg*dKjCcBZh`_B5
z7>Niq-WcaE&1{N1Y-AMMOyxoM{0?d!tPV>nE313=h7ehhGk^kF`2(@?Qr9C;9P@N>
zT6}%5!%QaEc2wEx^qH4o)?Fsi*Gx>?FQ>b2x(V5vnvSZ)$~rj-70EGC+78wA0MJnS
zM79scBAyT~VY_<oJ+kuSRCr`ml+r>Tpkb^JYg2T|qkY0cLV)={8>x6m6UV<k+(qj>
zy|_5Ip@Iq-h2_qDN6q4Mm8#1a+^g>HA&Bu;)YhV&oFrEMNt&VW-VqD6*7o+jM}+1O
zXw0gdCkq5D|9t!X`!`@rS!wADI)0PVXS8?orzNTGWI4{>@zz1AylOl4CqDBolDA+9
zH(3dZS8;rGmI;5d^@W>JA;vS!!I5QW%mvn))$j6<9XNPUanJmZ%1XeoM%IHq5`~3@
z?(6f^7wDCQk#T5Jjp{$5`s>VhRABZWeoA}RjAmAwhlfY^^SSfq^Uo%jkg2P8NS*xn
zXzvlaGe$3Kwixp1zt1Eqc^yc+=tVOsIN7jMjV3yC7ALxdE&oVN{wg?0=@Sz(h_3|N
zq@O~T!c^E{SQC;9O#ol~{eR{=&aTXl+Jmb=-V90^h?H8jI}op)!7paGsd`s!mrzt>
zq*1_QiI0ak)ZPl)*L?l@;jF2=z}{<Hqzy3P-pLP)kdl(M3ergh%vvc99U2%JQS(<y
zu)KNmCf;7#bv_`DP4{3)M!*k!?Ar{DlfXTJKu3TvsDE;@vs1jzo;?emXDr;u$H(&}
zst3!Wq0v!iU_(z&PoV4;HS^_>=E4Gtrp(k4`_W_k`~j;mSD9w!=FVFWJd23X<7nC5
zn<Q6@^5Pz`9JI)mXU%sJJ$FuZwBE!d!wJKIc$3(ExVj8`_?xb!relFzS3C#7L+~7a
z<<_m>9#d%-SJ%tOZz?Jt%;IKcl{!YTw7lGOZ^xD|?2(a?B-^*H++w0Ueeem&K&x8E
zCb~X64miaXQ3!}QK0^?r4v3M4Y+UN@<$QPjIlTZl8hzeiMOLKYe3xZj0bVvXBL1un
z;YZDlEkZ(0j(y3#S_Dvw`!3AS2S`N$*j(}^`%rdrj2+Ammv*7_pi)o37ZjzSkCGD;
z#}N;QR9bsO%ge8-%~Y@@)9~4|0%HwS1<Qn<&A^TA?2d}KECH?#xgR<2@Y2;v(#B@4
z-0wu#+qXmE!NI{)H-gpG-7aMxFs#*8tW4#-^PScrr008anQN<$*s=G67w2Uz#wl7o
z4CGLkB&jz#WA+0n)VS)&HjkANgnLhlUArFnima5El$2Cd#A6Ei3~Q=tYVPO(rD5)D
zG1{`C>t{}!I3X;&ieD83$VH)ufD@m<j79NqC;6+&{?bWt#MGMZte@Aw@6}(k9d76c
z5<vnxV}{rn5Kq-H_~g5;z5OD#pk|)k^yEs!8M^BG+je2K4vvhl`dwXHTSK~1U!YTS
zll{iw<Lk@7Z}M82+1kpAPQXIr#*LcU!P-Y;w8#B_bar-v`D-%CD3nq*7m{2UQ=6Oj
z6<WO&)}1(dA$rS7rjFhr{;Zzba8cqdP=R7!{QmkdLo%(cx}&r-8r2y>Bd-QqynLlh
z%<I<&bCW>!0s8|5;ohwLUM3}kMtcUgr4N`POnvJs@Lb~M0Nu~SAB%sWAoZg14hRff
zU0QNk?6Ozu2c3qA#%=khG~M0Z>FGl!y7IJhtWI)qO(JR{HDZZ?V>(QJ_1d-RnHeif
zOH_N0rJ?|RF}vA71DWRZ<U!{wKWcD_Vyj=gc+tdU1kp{JL=bCAcn@ybqUBs2v=AK?
zbxT!MLPCOO$s*<k7Qx$AQS#agf`U1iI+W4a!wLya`;ML`At6c0%q+C(Cl&V6De>Mf
zzIE%?ns*mM!^7QCSpd)Y`Q6mXTgsSUTvTB>*xBCTLw)Fw@@i`Qz3;R}Av{mLIu1RT
z#9DZZLfF92kUr=3C2?_fc6MDoy&T(#Uj?gRgN*t<*2Rz(od9m#zkfeUZz}J4P5*?1
z(I6f@#CBv3yUAbX0O!5EU@>$2z%lTx_BE(zITB-yntyys=xWa+hVr6XlRq<yizs_B
zl9(F#gr<OYFJ3@j|5LJK<KtAM-+d088sg+RcMj?P7W<*u1g3+e#GRVFJH6J{*7kx`
z-&G3>3yc|n&~8TLGXv9_aU-Nyagybcgyht;G(KM5=49==Iyx7_!y=j}GBeG7fWO%U
z37DUskBv(qj#~E-IlbNLf_a7-zULwdu~?kvXblX$;dMc{C|IZ{D%sY>wxF!BC6+Xc
zxW>$vQglj&iUl2KA|;LwqfDZIpW)b@XP*r0hV9$bo}Zx{%u`wI0X|`BYD!jQS%Qi3
zmYNzWlcnX^!BUsc-b8?roSmJG-_ZT+fUqNQ_g7VIZE{ZMJaQ#(uymrbX~3@S+s~al
zNApXjZm_tk&^44J$A0oC<G1ea@C`xWLGkiJ*VR^!j~_o0Q#8}7#zsYN9ekD3+|bvs
zXkTC1rWqb55#iIPe|)jeu*>rv+?dFlq!iC~-o)DftlAl;a4OStBEy$KG)XC#wBviS
zxmS)UKW74|%G>+Vv}vlXnSFhIh}~5o{MRGuX+*t14nC#ewH;AB`y1m;>h&=)@>}`k
z5BrFvr-A;2)MVP!%nU2=&Yt1NKLLk^!cm>|^z<C}GeWqGi;JVBrA6`Oca<qZ^7$XP
zgkp;tu?Z=X9_9kX5!zpcuHPQ-_k5}Cz8*k+RaQ1oDyp<ENloUx>jdIOwl*#IZIAn%
z832i$zk$b}NPt#}O2&NR|Fph3Yu-*FUK1`_`^Lf1F~h9wmA3naRqU9J^sBt);iEsr
zBFOHRlny4%kt-cMG8PqMOrsfUFE9T}mHq77Ji4?_viCV`>w@QmguqnM&L)OD1Tywa
zO-%)!c64%TurA%T_i*foPJSjPeK0pl2}~Dg<CI#nE%n5&T3PXya9icPrFaz@T1ieL
zU~!mHAJLPnL^_z)i-Pj#QMdUKrHPsl0~e9A`sEZ8aUx;eP3_}!@A5P_vr<xi+x3u@
z*o?LMQM?KYy1E(ZJYH2Loj9r7%IRj#R;8Jc@@b;GsJ6h!OS7IT>D)FMzB`}mG9{qm
zEG>C@dn@aZf`yZhdmXllHQA~nL6gQZ2Lj`E=CdkIq?;S=8=b|_K`6yhCW>!%7B~wq
z>H`6F1_3F(72ax0wk;<iBg59wQ825nT$81wBkO12R->?s6Rn>kcybaBg}EjvS7!*(
zaj>Z*F?mjLas3%g0tI1qt;lVigb@{v*)^2N2E4TEpOR0-kJ-eARBDbI_!_^zNo7GC
zaGNs^R<NITGa{!(xsP<_udl6<4JMVQw-ZA0ygfaGF8!(CCYwOz^R>A6PlT@sk>*8p
z>U&sF{*rItV;>(u0JzHYQ9pkD(n^TD86oNUa&B%8vPpoHfw_6&eCAQ7i1P(c^-wuD
zFN_hZYB{-=VPRb$p@^&@t763a_rC$ZZ5T|>Z?ldG;Ns#!!0BAQHk7C=`|f<t4Zy<E
zrPD2-4vjl9IqWBiEZss8*(c&yyL~2Z0WU8oJj9UUyf~3KcJNN^J54#csV@8O{o=a1
zx&Q-w#to5yw+<5IM9-MFzoz)p*Y}MhGB5erGqM#!eSIcIrgP_l=r3uX#x2~Huk#OG
zc)lh?^UG@n1bIRe=vLE2Lk7j3BS%+OG`1<SHX+YqltAVUB@sizU!91w$kfoV%q=q|
z1!)NL&9R@<Ys@umr_)C%nV9INO5zfK*6IEHqHKtqva+%#MQ-z)`7ayE6~z%kl?N(%
zq|q$1w$#+>IJ<Jq4_iK`q!_g%bs;~R4t+HmZAqTQpriIrIPZm|=dF`{(k8hD+RkTH
z_Q1-gPoAV7ZGHLXjU>s3$=>}W+j~o&3)_yomXAB{Fm<ei8^B#V?G8EprwqNO!M-2<
zzyfM*?;$o`yS6(^0x)Fr47dGfRkOQy?;0EbDERV>iiXB0Tg1B~DlL;LKFQ!Rt*YhD
zLW4Ek&*|ys0W^T`01J@p+w58C1ig6lN)al}P@rdLI}jy<!d1@2t4YO|w-Dy3TpgY@
zhtdyEJRN5Nbvo~Qfr~3yEgqF>y415auNj~3y1~-Qii(j+pIQ6%5eL|tj5Zb22Lf|Y
z5RK6GEW2?v@yE)Ox0PAP+HB($H_KIGoTXh^JG~P!V>8}()KrJA>hp(nI|Xm!ZeAGg
z0H32CN7_OGCZ*|wfPg(#KXK^=`y8aAvece;+uT@3y#_e2!ktA_0Vu4-T6xaC&(2-~
zZm0C|{FSDE_pYqA-Z4raV4y1u>SfOn>Bf@M3@YD%IcU1|{L-Vnj?T`e<B<R*uU@@s
z6;)7BI6z66y~TSFknkSr&-vCq5L*sTP9|sQN}hh7dTraBDc+RviKT?ChH!%VsWh_!
z%fZadOay?;j12NUd-Qzyp9eosWq&7RYvSazGSZabzBXM3rc%k|CPB=V|K4vgFY*1f
zv_D+Wvbzq*sjAYfry-kqz65_^UF0xOMJs+4wQGD7oui}UoVY>7k|v9`krB(X{ih(P
zK+k=A;=~h;!kyQaEG=|U+6)=IRja6|;M6W08yOL@9*{OPGz{q)c0T@jIX1<xB~E_*
zgm%~j&wSiH`lR-c&BfjMe0+Qn5fS9>qXv7wsG`~n_+<9HC+0U{UQ6bDf-#^J^1P6&
zDUYP6p(<zKt{ppQXW#aK%UKXC!Kg)TvC27r?AUMMFO(pNPuJhDGkUVCXFd!2jz9pa
zN?g1cBp*8m2g3!YZ^@FV76AOl+R`#A!1&!DX-m<0sFnz(|A?Sfr1*#5zv6WqCU76*
zt=WYI5x2E$`M4@@mX9Ape&{T_J>*>V@c!x11aq&&Jmtz%-9ZC~fAG`ggdjud)c<$^
zI8cQj@R8`swPj;v<+UOuE78~2zsf{;UyK{_UoUmCPIfod7c*MNBDNB4s6H`KQT>SH
zh$;Y42!wjjqrh)Hc(9f3CD820%X|E;&W&ev0}dM8xnt2?sL2|@dXRKMOJtz`9iJI~
z8fq#gPRWkCVl%n5RTbRl!o^RZ0vWh(i}^Fl#IL>80kH|$aA05nB<GD_UeqloMMT~u
z3fd2LX5G~mFBj-`@drwjle>p`UwKVFaYMd)J*o56%a;_1z0W;72pbnZdIvuA`x%#F
zI4Iy>-z`eF{3%+fOK-$f(W@hc=V?gy6kyJQnux^ovy)hZ2=jH<XVXVYG)W{g)fk+L
z5_tSFz<->PC}ptz`LkB7)xIGGJXNT`-9m?HUDuz(O$mWKwY17C2ce{r?%wV9L!Z)z
z3G)ls(HT@#RRsdZ+0oHQ;&_h6QA$cH1pNi~NdPg&nLZRR_0+a@5Yn+zJ0I;rszk`B
zM365jAtni-gp1u&rS4Uq<m27~ctc+ShHFb31l||29g(0e2b=XgSlIREyR0k$S3y<m
z=QgE#Na5RJn#iPswbfV5$eN42_GC=_I?Q)R+LnV&Px)<6G_4l<>cV)hn<bX2nnHv*
z5BH9wsi}K2-G(=mvmMAU{Y}ZWnzY_IR{c^}uRccZPfeYfpVv&)-yNDQ-`3U!@p*oJ
z9)<#hZ!Eh|5m%u_AKqvCyAF%m8`!sydi_DX08qxh23)e8=%DrXdGTWJo;_)4Y5r1C
zAW_b_Z@7SDi<CcIB&C+aR<yfQq@}ugJTdFn6CWQP8{0E~m!I^z^KFnLm?%-S6NPy&
zIcMIZvR-R9;WzIo_Uf#^DqfDr<qGS7#gEO6MNv04tvf>A&URtd`Zn{vE6qE!H79v8
zXwt~((_)v|{FWyTnotgY{HY^wcV*=*)>cDk?QTYpqjgyo&&)Dz47|xBrQs_iWq9wc
zZ)hkiC>VC$QGT@NKy(uTEM^lrNKhsnME;J?dRNrc=v;Sa1oJ&=5Bc#Vq3$1fZVqTg
zv1NPpto?R^=SvRtOm@{2Xr^V2RLky2%16MQ4OEAUF8zL}_AVni8E{|6#U)=k2ipl8
z2{e@qwIta~&9|Maa@kN!badpUs(7~??wlkgY+4T0eE`60_W2gjn9&}hEFtj?Qah2y
z^Pqbj5;8J01gAj7oAd4)=Q%lFXw~hx%`_K8R51u^S8Qy~6r?8Hh*i%>bcHGoBB%xG
z{_*3-v3(_995x=I+amVxtU<-W`(p3sU-^zew;-<3Z{NOwRzTAArQ@%tsj;a4c-ia=
zj4eZ^;)t3iNpy09@5??N0G|}}3(O?=QzU2qSFi8~!*JI-BXsv~j(mFpV(<OKhb8!M
z>~G&KCIs#PK;cyTPf9J7wo4$yhv|#JnvDPc%?&vh#E(XiTUSR%=<{13y3`M7aBG;>
z>4|52Sx>5?=n=W#5%{QkzegKy$*Sg-_ngJ+|JsKL0l>olFqKtDfb{=f-1bC!1@ZdQ
zNfhD#Ue=HPKmS2PV_2Jls(?~B*zc|EBoIazqvTH$#fCkE*bWFnsPbhrpKjvGbjLxg
zfiDRm680BE&zehv^{zWaL-W{TFCqSN<r@weO|Q*Uw`ocnZU1>+0{3=m>3;}+j~r~!
zfBtr0?|+Ed|Jg!?srdWP|0jMh?Tjr(a3rXqLEi7`H!kP}mDSZz;d@9)@qxpJpH)A}
zu`Ep^OkcZpt&=i9N=ZwLGeAl`!{oa!7YmC61af7an>YQC5?Ycpm#0lKRv=Og1Xk+v
zhE0Rr0$uPYQ25-r?Ynl(RwB*1Z?4<BEwd%(^8!q`IjX6(gIHYZ2Z_*I=9|2}1jGx?
zXtokWB8WNZZ)wy2IG;EKnpPT~WP#KEq3=m?>Qs!tFNcQ=;Q;~j@N^hck$Q<kVEike
z2T1jUGg<BjGa%H<wz}G|yn51eXtf~l_3M0x=?B^t1_u2T6E$3e6Yklb;ve8<AbO@a
z#i6^p*XdD*Y~HKHg=|pc+ak1p#K6YEadO4Ci5D-wIxYZvfs(~J0TvF9>dMOAH;^)2
z7TOHgmLS2_h6?zqLyLPA9uDPVwmMW`wl^FasMDO0n<JJ0P|p>&Wx!Qn6e&^DGjthh
zGNM_gEkN1UYfIR{_9(=(e*u32R7_U_6RX56UGY7t#3~{rw9=%a%`YNy_N?-tQzJFh
zMp4iYZjK21kQJ)AWUpPjm2!JaQD<$ftl>mRKtKlAaW_X`YFi6Y{v*kXtnSPG)WFjL
zQaSwyVST#}h{K~$(^+`5j96T#iE8QQ&PP$<2Wh<-J=0BFZs0brUw`WsL8*hM*lut_
zq>Q#+ovi!tux6=ZqmXrV)pcn~=lO&?k+_6$Wu>jXUG2DET`h`2498%ZD89V>CF7bE
z)OU!BGnD{YWzT4VEA$KuzH_u>iNc!HhLo3caxRicG9$AsPX}C}hLj9bR?#iBjlpac
z<chpJ6$gt49i-a^>0V1kH5<!JJlNr3!uUSV&BMvZ`KTKBiZgU8w~kSu{GRU3sL6vX
zrEcF!soyJqe=N(&3r#ZnVnWWEuT%?kPxbcx`6IIQd)vaxr%-R#XKO`gd!be`P*8l?
z2o4QZS5}ss8>H;i+n-cXy1KgBon!q-djmn>SAla!Tib3gaSO);<-`|9FI4#Y`uI4m
zj%N`iQy399C*_Rblar9xF8VG!k5U{p)Lefq2x(xVCL!+QE54cyKYzl&@MGi0S&8oK
z>gz8`kPY^1-}-S=^^xdaJslm!z{>gO2}AUcEbkGo-+_9EcmD3D0=Rz^b}L}rbvili
z{hVgt%{I&Sz?_-~;~H1{lS5zr&_@RC5B%BrYFzTxid8*8rAe6SdshRf7KN)5!fq~#
zij81)miwU>AY=6hn$E{4B28g=z?AdDw+M>`J9Viap1n_s`S-2KVVU|6o)dUB-T3DK
zD66%l*w|PI(w5Hh;*V9?Eq+E<KcQk<n#RZB9(vZs3rt~!*461ny?2IzAV9{iWD3}=
z4u-!Y#NI^3Cq#AVkciXV<9m`*LjnFPFXo{<5{Xx#Ov&p;E`Wy0Ng6+V4a?fHFFl33
z0A5AN#9Ku-Fy;{Y*Jj`x>nd>0Ds~8#maMJM#7m(}U0Z5xZO!`S^fdHrT{7yCB(;nu
z4B@X|&p|DmvY$&zN&+4oC^OZZEw#G~Q5$sE+7c)#OviK#m;VnJ7nh}JwKA=>EiBL{
zcRubAwW>Wwf3Agyw-O(Y<maD<BPncA1E?AG3d0=VV&{GEj4;epLWTF;1jm<7ii~^y
z!Udvpjc8h}!YH?$h(i7N>J{Zj_qS^x$Dn8R1Qx+%3Y_qpsA>AUAGr_M*PPe^x82e-
zD6pg8ZPu%fYU~#WzmsOsCFJHJFW=xzPETSu7BbMVQj?f6=+t_NcV)|<$tXi#(!2t!
zPc=+1SzVTtj8|lxnLI}nM(~$~ojwD1Yy!))^x`0wW?8syZn(OwVe{dYmio=x(;cUN
zZz%$nuz>2;d0~%CIFv`_WUXpn+3VNU;mll~bQJllIyNz}F%Wuprq`JBiYWYkpH-zr
zJ6c<pR#s+u5gjvbm=H74neCnIAumo2RW`xWlB`{nG#`LL1Gk@&!tLgwtNRBY(ILZ$
z90EZ9$?I>XdKu0;h?PBRdvxU>1Vt(;6x-JZ=jC81XmNDC2oBap%XbP4KI|Zm)|@qI
zj?jZ{0DM~Q^Os$k27iY&nwp*-dHPIsEZl}rMr!)E!PJt__912kfg$7}1+VTm61RJ(
zw_pu8L-$-hF4CT=q1z4{c4#T)4HhvGp<k!PXEE5<V{sGtK8A2Vzt6B^tsIC_;iDAC
zZ2@dhxGhaXrX=b~eBzHkoF``BSV0tcKYsieGeRXQcqGQJvL8u*pbXc~)udsAahsRX
z>FMcU#f8f5V?eNc?GqpQz*}QK>DFIC<+cWAM7Q(gg<ZRL37x;R&l}mq*SGfdX@#X}
zy64gP`G-}s>9^&Wj-Q5p1Rpd6i1Kol)2Hhl-8D5d-qsk74CQI_K&n}u=|ApQ{_EGT
zhK5(`j`<LAfX$n_fl-JnIS${MlJfG!&VTrwFyB0oQ*D51N~~1&w@-tkfEofW6kgoy
zdyL19iLoC-zJ@UYe%4^=fxf;*NPM8$vj;+z0*~1z-a>((5H0PvwlobQr|nS)rFecp
z0mA6gG{_b|KR@2!XBHWs)IRYNpHFCna`B1iS~lfqOW*<r4n@DTs5Y3w3d{|Nh77nf
z4Qt=Qgs8T!E~)!vUi0IBjSX|w*RJ_^l%+Rq!&m4Qd+wg|J4I+Ro%;P%D7<1Dfj==n
zUn8QPn@mAV%fi^0mVu!gB&dQ){F^iH&lH>uc=LvI`__dd7*Rahvry@*1Rd}&Q9<m3
z$25#fV~a<-WnZ};7!LBo=cbTr$oqUM$~8@&1O!mo4Z(~fE~IU<TTT;k;a=>v+u{H{
zSa20^ivU?ei)s^CY1VT%Lh|<`#kvr#Eiod9CP&WQ`_gC|M^0m(c*8*$!Gt&nbnfn(
z$m!5)f^v^%Z1GXHr9+j3q4-y%Cm6BNUHv2VGEX@I&hQOL>j=)#N&nv6^<ig5dsVn-
z5wbh%w`btt_<N1ecTTEZ;M}PE*DgVbeZ)PXb^)SV3rZhk=#YQC1$7?ZzJKQ-(;HE1
z+}W4ZbPUcP>?}lD-hXfPUMHAG&l^Sp&=!!`Nf<Ge(MdODE>5VCy8-B+)-R>Mi+BI~
z+`1GdCMHx4`HR1tVOdF3%UFRcTv{_C<iV<D!hPiKQ{gVUAQS(!XNZ-6JQ63-p<#ye
z4bO%r2ShwnUQ(~(Mx}&17^<BgK780i&3VR_<L?vR>zszCl{H|D$lJq@1q5c%o=$XC
zz@ckaoU8O-Jq5P%ckbMAbj(rKfvH6@VtF_w9MKI{BK=oSnzn235glu=Y@Mp#<88~z
z#id=~Wb5j5fV5Oo<}}QRFy~`TA)Ub!aQW#Wz0zkn&WjcXdLv0#vb(oGKqaiylZSu-
z8^hN7U%I*qOlBd1-V2DiU88m9N028^=>6a`Qie)!G>a_v`J=Q^RabxH?Hv+pqLc*(
zLarHXS~8k}@zDPlzv+Gs3~c#yEA7dXCu9=Mi2+6~d4wtj*bK$?ZQLD)2OXaAH*b^<
z-)hUV=MuJDIY_B6e`L=g_S>cniRxLb(qE;WF7SPl=8qQ`ZwSmI-TnX@s5+Q0=FO-=
z8cpn$|43jmLEK*(8mz$ez@G<VoSIX^s4F)^j%5u_YE~)*`)X+5_4S}Q(<>CF{>pD$
zeBJRfU)P#G*wGfzDrVj^$;gFc3$?V9Py70#ns^KJ0#M8#mjaV3wmdV@2DJ^v!j?nJ
zB%ps_KvF`2f@lT0zD>v0;v`)gXBetVu%@OTl?jp-nwY+3dy*CWdWz2H&z~Vk8^e-@
zOOEA}T7cV9&o1$DM5K%g?dVG`Kini(4kE{Am~<Ody>D?2u4tsP&DA{9i*))(j-_$M
z6%zx2J2dw})4tv$<^{N~YD4%do0^nZ0~SV_M$v=7%EpFgY8mKNc_t>BM{!<1hr09q
z#fR}O-We6r{MvPK1IoKfxUsm_LdD{x4V8vTeu07;A0JOJl_YPj`~=;LXc&uAblO;R
z{Le=b()huZB}UYOuKlcf_~_A^Qg*fUSfFxfW~fD&Ke1|OES}(xw`e*Pk8SisIp&Uz
z4v+Of6-a|lMWuMbb9Mqz;~iP10ZXf^(8;p1&w1-$VfpdcD&hiUfZMG}Y+#R2)6fWz
z9MX6bKfkL|bwvdwsn>vAzS5O~HP*DOtlEl-hQ%UV`;&AQ)E;dn|BGRw;tl+^myY{2
zS~NYAFIc}Slc1jAHS#JX1PaG$j2z2bUV{o)W~5b-CM{b6qw0+?{3@EYld!RHv9p_X
zWG3E^Yzzt#>Vd}(h7l&F$oo~)Hu0AdE@>0jy0kn)-L+#BMrY_;H`VP`KK9sc2}*>p
z4juoo`bXsiNGuni&RKkLWKJU3ii3lIS9BewrLyPrS#Il2Kb7MKj@i53f=d)+t{Rx9
zMb9e%>xg@v6eV|`@-s{BS-dlcx^MfA9Y6GW;}q#=XdISj3@r4Om7BqdAadS8>Gu0K
z1sxq^np+F*FtCBV85<pC3y?Z;<Op<nE7T)SRaXrCAUNY!g_23Rwh$d1@RymJn?s;3
z7il;qBH{+@!y8=n<A*V9r6^K~qCKxZ8dU&e_UzlIlF+m>+W5Wq+VV_Mjce6Iv13=!
zYv2hOSoKyg4Ja50x2C2Bg<O&K;9f?e#PHvp4!8PkKhzuTJ$$Y%SzA;^Ma4(r&*0!9
zm{SwY9p94J|H7-IhYu5hXmPQ)Ub{inT*SwZ#l^*aRym5S;|)=jFb<;CVfY|CVORC$
zINq`*@9m{m>XH9rp)$uPz?Bn4+iJB0Ynr6tH?7NX`d_=Q<=9WvOYL|6WR>}i|8Cas
zPAE&#fR?XS;52-G_0H|Pa{VWlc@xIKl0peh&C0Te+W`Ttsr1muPpR#(5q1-u!^6Xf
zN0Vyr?jn0)6B)&nj$4zjk-=|~l%b$|N=awah{<|lp6tss<)V6qb-uosuI_P}OP=CA
zMEo|^${5?*tM1)6P@OT~1Xn%&9_(ow<%#g7$dhp9e*bO&hlbMQ-DG4oHa7WA^YQm5
z(bfWpX*2n29p*&fE5K!lL}38|O|VE9iD7TSqxAG?rQeAw@MPl~QJ3u4`V|&wqc7il
z4)j|sL$4<#C6!lD5ZzeP6E6o(+ja{jLjFR#Y3Z4>sMw2(!HzxPAo`*h^_Ql4HrHll
zwX}XAZIUn|8<lvI=ee$CswGCtvJrLo47%?HC56RwGlP|34<sXi)^9*~gsyLV4a*z3
z6m}I@1f!J`0Bk8JC~ljZy8`9WQBYFq>gepJr>{&@f*4Dz`?pmm-_txSXyr*UgF+tO
z21s+C01zQNB0%4X5mR}C(gL4`E;uMIz`{}_xAN=~dB)@Ktw1UKoRtN~#Hkx^-;?j#
zyBFT^0g;-RVlRcZrkin+v_DA)y2s;FQsfdMQ`PC*D|J9RUxyJ_qkc_W0vP5W#|GC&
z(m?Kxw;moI#JXs35RF(eEC=uC>koa}7nNZJzM-YaeG{17O2xv<`C&ZAkHA|77?X&i
zKv*KAm|lSn9W@KXf+5lh8!BO1K0DhD2=AJ<^T(K|s~{r-%c5~EhD+>&+>o=fg4ZLV
zo$s2M0xP#|+lJPcNaciOS5Cbt!`KW3-e`Ay;|mGb5_S)Cj!ySD{O~NhzEbz>p~$IQ
zEC*qskdLTWTuKxo&oP}>EpjW6V>x{8-fwsgVUS9AnTPzJdAFOmjdx}WZsXaqWy{{Z
zdpjR8ia_}iFGsX(dxbK0zxdkv`fxairBj|`X#65)VPz#6Z6%I>P-y^zKR;CeP*?`O
z?fCwrIgLB;!m5ieCc-45cO7NeB@#i9uIhjK`<qe?t|v-b+K*B-zZBKBBSpjjc7<#A
z59cp@ZXiW**XQWS$j9IR+z1n@7u{SL<q|K4=-cK2L;=GWO2Pk3e<aaBko@e3urd=R
z`YKjVY2Jdi|GSiohTEfvtGO+SG)5E^jCgr+(MH8i_>56|O%!JTooF4Gh-YRyB8sS!
z$KI57TdB%~oI&qgPavOU<OOf)n_kz0%xf@0w#s6sHY#MKq$trH7@*$s%OkGgl}oUa
zU0?bBOwV_bEx{ib$J!J)14muVZ2z4?E0tJ5rH)*zWoG{$poIzvC_;#{XNA5xf#IeR
zYubmRmlDHX@vNV?&Su|a@<4FW$>p3@gW!6*pjN}9JBM{Y2T}0CU{JCr%}s1V&75et
zOEZ)elI#X7mFiEzeukOa31kU5Q&Q<S8p&EsV=7ouf+$|SeOtx-OoQ{3Cmh>W+fXoH
zA!&nCpoAMG2cxIwqelR6N{0N;YBdqzKk}Plj{bKZfMDf_?7VqW)ADexFmXl2*RY_#
zRjQo-kI!KN>KD=Hu;%QwvxNJvYvBwZpTBweOn>F@AnfYaT-HHn&FO>{N=6^t?XL*%
zq{uA!nUnhLu8P;sn0<-$Lis~zXR+7T=qZjH8{tm9S(^2rzWb?)-SytPf{->03|!H}
z=lK$r#Nkh}UdFyXm-VX#u7s9YxRuuBSV2-xS5E3F*rL#MGVc45Qt3bySqZUu)bl0c
z?98bpbT5!>e*m|RXLwulaDdT!&7H96geYVrvN17vj+5H*qEaXqn=mmq*VNLg;b<Ho
z#^Ve-snR)L_L9kRo?5NiFCX^22weJ^9M*f%6@kuZ+b%L1ISmc7HR@4Llnv%^V{vNb
z(=af&!{R8_^&Lq{@)^wsITkpks@;YCr+G?$7j1m_Uu_PNGSt-6;v@zBI{%MG2gCU9
zXtY{41DAD>6m+@z@q?t~qRU<P$mgpC0Kd^k)YY|41V_NT>Nf(fA#7-H4*uG_H`>f0
zUXDOx)CyPz{+Y;JiC+akLfmDR36a=LfT-5l-GLR-=0mSa?MV?Jl>x<0R8*8$PX9!f
zXkbpE>P==p(SeK#s~)aq^ZN)50cz(0)Q(7=tyof~QI6w~8GOSB3lmu69eWN{0X4$;
zDA|1L>HW+4eFIn8T3cxZueh=WTDW!IqW?vo!kWRPeJ7xPA{dsO<DNsE^w_@(m0U#{
z=m3U}3#OoTCby7sK4Z`Oy`T$V8S!jZ2r=1J;1!@=JZ^o9YU29yVTR}WnFa6eU!p$D
z72N0WgWFpNO<S8wz5Ckvnw`rv6M`Q-x*{hhhw**BSpgRVzzrl>!-XD6@W@552^i=-
z^9u<0zP1=FKNr~jKbs>gn!(+i@T}X_wrBeT%idCKG^senqcCpj1i^@$d@IeH{OnBg
z6vh^`%Se@`_NyMck<eu5Q*jD0uq*cs4pPG@)LTlf#(C%|5HSY_hpko&H4V+x64-T6
z=%?bgFxR1jwrF)CuXIjlXY&q5eQ>*oaOC^;fd~B%^8`%mb&?O-^;xOU%mR6S2L8|o
zTY`<hMn_k4k2OQ+nc2a>9%aQ7Vd}&#R#;8YCxX%lnv{N+c6v$*h>o5&Xy%v*-+9Q-
zFI3xLSUm^KLuU}_;!Y)nJqc#e2Z?<Lz^&k<VQo>@YEk)EXt$-2@qbuIOx>GV1Edl>
zI|k`$gEs1yt_7PX$LxC%C~cLmA0&1RMZrrf3!bm@1S^#T>Z$ra0ON*D>9v?kui|Yx
z8T!D``1|{>udjD?c9Jk64hu2%p$su2cIu#tMUS;>lxIPKD{Q`uaMnSs@D(X~LC+N+
z)%GwSkPPGoq7`ve(HaDB5@@zJ{O@r8FTRND*RFlo<p0-Hac1BjQ$^}z0>#ts;B#eU
zWfA!1LBpIgZD!YtH@U6(Iv_x^(50=Z$rcM12z2h5NAtGnp$Z|lwR2f1;5Fvdq)Ntl
z@2mjJcv4K*ET2NJ#6RZ(Fj}G2Kw6qiAo`zNA|0Vxn*K3&sKW|vDhLAgP#wU9DGgHN
zv;VvAgW8WLRGVr_#R6Fuk|XX=aFMF9hIJJ^eFgdXL)Ki`{kE<rM@*^3G|>y22Wkfx
zIaq%JQ;(v+V6#zZBkrKy%9RuUP6Z;ASMSM^?OV6llN4<9h7&vj4g1nU06XLE7Np1?
z<YxBfSrIIOse*;2JZO+?a9|)+_7Ks=K>o6_AITnf<p4nj!V*;kqkdbe!5I5aGMZz7
zm2j#gY2@e{8!r#lpK#-co{26WyilT2P0^(jOiU7^(Sh&~Bz7E4x7fiWcgc0ODWn*I
zL*n>N6eXz9X}qspzmE2h;H<1gBvY(2fPGZ!SgpCkqUh*5?uRf9Z|ktyLOZJlH5#Q(
zdb%L;gPjC%4eRRk+#HkV+w+dEcGeNgWIMRxVWk0ea#|r8Mj|w+(Emi5XP~Da9U3YZ
z5tzg-*tV05*qgt&@tl<UhJnfz19~MLHkx(&4Vt2;;SMWRSaVlk;)5v9s1HD9k|A{V
zEb_S@sn-MNgvg%m*F2#NMS@ffYB~EDM96mU{(!2RhiZb{rY5(z+srmG6<FVYQ>5Tw
zlpITTt@ekJuTqV`8a-~v`vG0KXkQo|7*Ot+Ej1YuECG2BYihpTcu0*%AkPwC;|doh
z?+q*wXS1|q8UBf1De(nukvA?)sGWG$`D!OQouZDGi8NUWH&!g~fM5yy0w`gCl2BA1
z_uIaGyGE{!550eIFr39^Fu}ov8CVH#FWPddHzvWMGRwZ}j8|e?S&75`AvQFxPCW#R
ziJArB*ulZUtUdjjA^%V)Q_eowJTzu!X@WZHdw2VUrwhnAl!1M3h;45Xixt*I2H7ax
zV0HHu_JV!Iq)8u5>|`Z%Ee~L9dMa_;&~Ok#ZY{i9*}>u5@}$D5)*VgMcK;h^Lb~#p
z!f-ZG5dGK2z>}(3DlIA`B!nzhQ*#5{!%%%M^ed<(^-jKzd%P6lnsl;n3aMoEC>wRL
z@!qKliZ?f2iLW5tySLdsGD?vZ2!06O7r(10VI4t-5)tER)Sul`$K&tqHsyb$IH19l
zXEj`T2Lcn_!GjW~cyYGEMs8g@y`uRw<w{n)4d?z=RAlKP(Q+*9S$C6_RQD-=tg%xf
z$zf}JD`l<;f&&>tJKy1RAz_7?lA|-wibwMB$dt88=A<0UL6GhH$jH(&G63oTAeMzs
zs#!>HUN!DdT4N5<NiMs)1F_N}U!Mk;@aRC!Nu{Oq+;$%O35_dP$|?$nzpf1u_r0~Y
zlTJ|Zr>7MrZK+W)F@_n^6^fx3sT5V4E<W4|uBQDHCC%?Ye?VagBo;fRP}*iDh(iV%
z2<mB$y4#s?XlRsyT+}dIr+8YPpSSi|gd}k(niJbn&fPn<S{LWU*ZuhMV?pbI#=38&
z+9oEf7n%*PzY}#oN=<!*>z$)xbURu6`{MZAygWX#OW}Ikqm|UuLc+pix*KYg{>ceq
z;|aqXpMRB1Q|6<IRIcM=M8t4#y%TpgsspGsqX<sm&H&|4TzT>7*KnvZxOSx70|yQO
zdL(HViI_C92n*+dAylgTCX+#{c+pEKii;iY1xG{#b0tz6xj01xiqjk%{YB!@H<Bf`
zjc+9sVv~b5OtgQam`u7_26$1o_#R=qNrQic;xN}m+lv$J$3CfLpgDx-hCO{6j0#ad
z2JyOXIraM@v=dAo)X46jo8NL%If*`sw06`o|92lnN23y-FcdsC<xflKU_3~=!}Ztu
zAG_xwWIbZtOMMw8$Hs_FoOu1`45Edp+5#m3R}1v>2z0NBE)D8KCIxAcbhJN3VUl~B
zc#Z0pkt$b@!|r%5kGMn?aefwv1CWz1-nj9C*e*yQSGjjDB`Yhduq9wiKAD*&fw_gi
zxA)oqL0iKAYexjpzc9k_U%m{2QTBg~8GB;03elzsDTC<BAP<y`01wGy%V84Wp+lq4
z^5H0aN$^8Gi8F<ngj^E>J&?G?h?>|18*me_QKIGX{f7fjzoUWy>uExCn*Y7H?ctmI
z=a2vYn^OLV%_S@<4o!S=r;udc1O(LA5;bV?vbZluH867|ihJvHc6EK%<q_RLD;u;7
zlMJ<p`g@hy&g1+(62-ovK)`NpB1JAZ8wDX>s23sQD;Erk>C()-foN=#O;iT41~YCy
zu{9bPo!DK8!x2_)MaiQP<!3ECQ`R;%eP!-Qf52&D;bbL1Z{p>F+HT9}Dw^sA2_1y<
z1C(Nw6Ivip5D#lvdq&F#Kk!mN{aLenmX>krOAz}`ojmEKU1(T)R6sxgjt{&IwwPH?
zTr;((7R$l*wl)|Rs@mFu88+Jt!vXxJD(B5>)jCA4cTa*1=a}2|(EyEJFnp}d0KEY&
z%v5$ejdDQHa$Cl67QummWnBBn$$|U&1Bp%Y(8h53jQi!qyJO-1*h?t>^z<-N`YcU%
zx{?GIu5&=zgvV$kjX02cerTS7+kaB^{)J2;MrFRd^5QZik}P<YEq1SeEYv%_pqhx>
z{{FoOM~l6g05k=(Lu~Yf6zX+D3bnA1q`yw=sreKWb4s)j$0s1*4+eJU+9m)ft<3<>
zmVN&|T?tzRj-V;!LVRwdWuT@W93QXdVnFjWe6Y`b!+G>14gOA&tSRc%WIlUMtX}AG
z0P7hW#O6C8>lR2w&}r&w=UBqSxI}{}tRNIdMlxCWTxCkd*PmKb1WhMO4QWFyE~9N`
zYN~EoxM5k(%wrmAIq<L0W~DSrS=c*G!qjw6GBHhM)x!U2QC#}Hd*ifgQ6LfTFf(I(
z-B!)RRy%-M0cd84soZ8D3GWF{M}2T!;cSg?K>Mbm-DWewjnsDm)8=QT>Z+>u?B!M#
z1|e0BZ9F+iL4uBnWH}a_W>IwG6%EbJU%?G<#f0N5iB>Du^)7f0mj|~JeH3A)w`(=6
z>@y|Y-H)J2)_6I*#BJsB+dUq+Q8hNp1m=rn)i{Et?F4Ix&G0CF>ue`95Qs?WDUp%-
zD0Xk$xUuFi;pjTS_@c1z<+y3ve%28TJFLEI4z4-PsEk5j_~E)s^un33<Jc*SW^m=0
zM2p=QjLyM`1hQ{w+RP%ZsReCFd8mf|9+eXv9c@BhOd&q^-1!rFaoGZ4c&74^zz_d9
zDwLviM??JYX*nx7&<n;4ITI~+D#I6Q`y#Jl9Q?i%Tfw)_I|xCc6)&DLGcn!!>9+7-
zuj^__#f#C@oWog_%qz)kJzA%VSy@>_Ak`I)N@!t=c1Mj?UT*7D8fBW<C%X1~WTe7(
zaIgW5!HLSSs$3b&Q31XR8`OdqGk(_LOGn2lcu=LsgLZbF6t45M$giOZ{_eusABzeA
zp#WnB-Wj}Ce^F@NZL<#fbYc_xZFzNdw9_rSBc^5>AvOZd%jOZ+0t*YrLCgZ=+PKS*
zK&y+0^D5NP#fTBvm_ua?Ug(W#aQt<Kg=GlH*(|xVhJ~3q8X0KK0UR67CBU}*4);s&
zz!UUmn+?J`EE^^iWvwl0-hO6*j?ZFo3Tn|%zPCB(MI`3Aw7+UmWcZcmbWzra*?D>8
zN6)jZ>*6s(-__JwO*JxdclF&sAii^TREXJieI86-j?Nf0#O}CRhu<jL&b)Kxd`B?@
zFVX1XN5l@>#n(ciLO7(VMW}WMA`$cH(>~QBZG1C`RCSJP&5_p*Y@8Eh>;qgDstv%&
zEQ*7+yNDip!M)u$&u4+oZDM#H31#H`QT5Nd=!DSseT`PJ9b325yC?MlRe}aP`l|k$
z)+mz*&F&mFBN(q)+1dLBE^D9-%^E$)7c#E-v*arLgac=^WfJuya0pxmon597gAmJ>
zry;GP4$<Az=Zh`c+)y`6I;T^NKB(<>ven9~Fe|k<zPk%QmPtm)kw)DZ(c51LVXGnV
zIm1t3S@w0PP_lc5XpZy<`Lb6~4#W8F-McmGInS3wLH<6e-9gX4oxh`z*)8UlcSF?>
z4r_EefZ9&t;EdC00xbK*AqWq`A?Ld|H`nM`?Jh3<;L)R9MJ}i}h_fO>H*?nlHnKqW
zTOX}I{eg^*eFlzY?kt1Q;o>5*#G~N<x?jJ39ouArsENYqFgl*SYfP1K+5*w9hQn2&
z<bM==>PK3FA*H9R2>d)K?hnRCt7(RN520p`o;}};Lo(pYU<{BNZew0}3hBJg@z)EH
zO-a)_;sGm!_b;A+ZLX<_)~laW4LoYQkCs<rFnbX`R#5XpvHOHs!U6*k6>o->&BDE}
zws`L*j2l9e7emik>RMPN!Mh2WRvLV#KG<~R4k(oMjxvSIczeUwZ{9@5{Jju9^!0HR
zo9bX@2TEjN`-ywkjY=KhP7cc%LU;npgz3Z0@ZYc!9?=_X&q%1Tyh?mU0yhJwh=_XR
zOd%ub$ra@UqEop+aE|Wi(IgysBxQj7d!)ajx*95GaB#3t^7I5$608X5GN@bW`AtBH
z4xm5>l7=}xtoIku?2?13_Zr?xL*wvbH3d#10zro2xVMa$+9D%8-w7{^E=-(H@`-Ri
zyu?HyzLjw|NzWm<{jy^DULPNLs3@r=h&*YJQLR-|%r^;dS2j&lNtpi<VN#HhdGwh1
zcPFaPi5U)o*DvN!)-Y|qdM>p{bf9D1Jnb3@#nrmn)qPsrw00uG{$>klW$Yp^bO#>E
z{{2?$LR0M9rGsh^<t2{qfBGFGvXp*L_!QmCypT9JkT})SNf;aJ>cl9v_jXGkIf6C1
zFolEehy`5qi>*Pb1_n{hZKiPbdfxN?I3I=M$HZHD3)ObNn>2|Y86Bl1D+O&N{nvl-
zvo+r_E$Pa`2P&i&DUjDI1Gy&K(qiKDu=HKy6B4L7)DFTUNkc<(_^{br|D_3&LU>Zp
zJ7qpXv}XjBA}vWD*~)zaH2``9@puAZ4z?LpoC}A86~KhdBlt%!SU%i!mgsaMUfeH0
zf2}SruMdiDeh@j_%5uz}pUYvw?4N%n3_ZpZP_%{k`x6~py_~dGDtu@T7*0t^@%G-S
zu<Jkf;eZ__ka)Hl%0Dm}{C{*A?fI!$156;=AR&#fy=MCNmfT4wAh7rxz(-4JFh^b+
z&_zE!5X;c1X5t>l^*)S;<{3%`Lj!|h$B-M=7bi>(VXTOU5gFDTwzs!eDErTI6Zvs=
z6ZRav<^6lrDYurOq2tUzY-8OKvA_4i-ISOpeKa@)R*0{(2SMe<lP4pcIcag*{(YQ>
zGSO}Ek7bPG(9`GHs^yw8$&rzL$PDP)J!5<9-#gW*>3+`6&2>UZgIxr`8)vvk-eT`d
zijGla1$Y<-JrFANpHn1_5<h-CzGu%<@4pu+GIY*AM|kGoNDO%D)!8%$iyds{cZvRz
z|9aO90R7R?(dkJvE^NODGS&cx*kPUBkd|g5`DlRO`xm4WJnC_vk`Ytvxqt$=J5Vka
zq8IHA$DwzAI4$z;^~DG=H~kG?a1|8oT9MUH`1RSOBlH(3h+1{_y$?8ZC$!qm$_j<N
zh}~FFspX5`zi;n^0Qfep`0Pilm7NbQ*H>&Y%jtDOLjM<YZyuNP`o8_%<|Ij`WGX`}
zp;BQbm5>lhsiYE;6e2|;8A2#iiwGr&l1eEwOGJ`FgUFDi36+W@^}Ih>-`}(M@3r@S
zJ^PR6wfFspW##T3KA-D4uk$?4<2X*-$KdpQ#Zr*9S^V~sM|J*Rttv6MZcTBWF!2Y+
z(amDyXtjj672zh;;p+~JDtP?9lbgD_nwo$mk;S=e+64Cv+=qyBJtE>o7!Z95i<T35
z_%Q*jWv_jjLPtZzdD}hjsWUKc?55<mvt&lf{c%v-=43jR99+Ejll$MPn_mC3E-CCm
zB>d;RUdtw!+St5j{Y@LXDEk9~*45cho=8YaK7IUHgZ$J$fvol&7aPaT(@HBgR_DFS
zf_4ESOgDPrFz>TV#`P!E(4;><&!R{};~k$CI3CpNuYpH|Hm6_L!pmUF(p~!w9B5aq
zBjxZwZn%a^*!An{3$87lzV$Pb^K*d#cGH$bO1!N!_+`}ju8vdM@2%_CuXl56e&^YK
z0g1wz$NxYws`Z`v_F~~rum(_p$7S_xELRj)WD-EyLZs`K^QHLaK{>Jgx+^c&8SUJu
zIa3O%sQY{$VPAEfDb<zgcxB0$bCx?cUiW!^x=_jT<;Nvww+3Ba6In$5QCR5EKh}H#
z%w#Hr1oa-ta@)Stq0q`b|Mv@GEh~+;0vm?A{<$Q<ICP0o#2c8v&9|ddTOOOJ)U0%L
ze0|*`j}(e-K;d)gs9i;GUAxZY(2KX&aPoNEQAsWBfrAE(l@c?MUV89Fz|4>JZi2(3
za{_(sJmVbAx!1a-Pu<pK)wCD8{t+qPrzK1K4aLBnl^NaXlYj(}T>HqXkN@khD!OTR
zj#@<Ss<^PNYv**%AsWx<h2lUqp*`Kt%yjrXW%raO=k?cLMMd5+cYfWJP&~PGJk&S)
ze{Psx2U4?2+hv6+&o1kD($@8~zt}VRQ}^KMcktlB`JvA}Prb>;W@{Ao60q*BNZ#LB
z@0JXW7&ooko-Y#ht|lj!+`G5;VOhMV{xFl89!7Ffc!t!t7d)AJZB6=+3q7^xi)6-W
zYmbo651HG?Avh>#gl;7(rx{MX69Tqoh}WZ)Uf#TMgC?7W(0*I8<X2{|SF^b}uc9Wt
z{J7OcHbL>o1N=AyG63+pqQ68!L={?{=iXO!FcajEwy}{5%AHy`Ij0at!OQhqZEY_T
zm@Fz~FJxxw`Q2|Azgk%a$ErkY^@bA;%j!hQd!dDyPcX%}Ena!lsD0@+h#-5kZ-?IN
zWr(sW+_f%9@b1|$M_lBVwbaB!Sw^CD`jH2;;D0q0t-#8orsG2_U5c+wN+NOmR5pxH
zB7!?d7Rf0x;Y;<^L^3?CSi;Raci~9|2_YbUQ?+eRQr(`tdX?3?Sx(x9wp@0LCYOvh
zcpRA+^{sC3CTcc%CZkqh+c(0a5z@*C|LpkNw~<A)a_#CTP2PAZF|h@1-<?Q>=&q>K
zKH$NTb>vglmE!fcI&9RM*$i0`Uz)mZg|p=R^Z@MUKL`}dhazQ$M@xVC(WmBzzp#v4
zkv6>J^gW&Y^V2yuBTi?*Fyz}enp!v@`W!u)ioQSP6pAP))!FIko!Xa~nqIlOcGGg!
z!Eih+uroNALB^Vk4mHbhor~+R_&L?vn+sj$_?3k@x<~{&cJ-a6<1Rp{=ck>>t$@ry
z-g^1UmFh!=o<%c|hduu1FU{e(>FJnHULgxqQgVVn$xmQ|pkwATf1KRZXOf3h@1dhI
zT<@HCE}LAqc#nL};MmQMIpdDkDo*mBzUlp4%v8{}wI1V8$+1`_YDD4)T$KR38(T#~
z3kwS)qZsOHB;z|9pUs6-c}Mc;di75;xUI9qsBPo54k)~<Yq{-q;6>90$3|a+nlu&l
zWVIoRA#tHiy>4fv3~JeEoxRmBK>dE>jH$ko%hGnu*mWq`;0GkLdt+#>UDCVcDb>5`
zl4(?I;Dx1KmOCw(GpF0e6AxDXt)XF^w(HG<2cZeQo*flkF*P<WtErg|fehOEKuSEI
z!Hhw%WCxlT2`!#=@AqUzfaf0ph{AJBHyBqzH0LwL@HpF%uYt)Upj#S@lt5FM3^1Ni
z51%A8H5?}>E{IZ!iV<|a%EUo;-~x|4F-}FrNWqWlU2pDORT&?^kTP*D(@w2++T7~u
z>d?Bhw1&&OV8#*K6G{+$jKQ&w(FH?f8$H_a9Gi^O^PlYURWUL@vcPfH>DzRj`9526
ztihSxMU#MOGD-!i!gZ+u10L8;#wI0frNrRLAEDng|G)}@ICW(9CDu3hl8k+vnp*y=
zR~lGmg`CRE%Y*K;)Xc1%<Bv8Z>#t>pf{IFC`8YlWr!S}w>I1Hn=Ds<8RtJ~km8ZVR
zN22Pm!b79gE@8M^-LagMV%aVxyJojw<~dNTD|x-Y(u$~S*W7_lY0~)n4?34q=$&^w
z>Iepb)JoV$Y8_U?k^-+r$P{KvmjY?Xd7YlHOt<Zb{Jsbk?*on9Pr($R#*0t2Z5vf^
z{eAo{@sXoO#ZTFWocLR=!qknkkLb-T^MEW8!m>lsTK#MOF=7GWw9Jxz$t87b8lYSr
zFwxrbN#bn4*6RE!3~Pc@HNcO(@;Kb|CQ@VTi3xqe3G1Bw-}5?^K?wn2+3UXbc6u~0
z_uad9IXMd#&+~hC>%h)x6|x|Tu_}wrAv;$)G(BH`-Qt~acD0;r@@$H8o0?T8f2B5I
z-4`i$MUn%`uKbe<J)Rw(<WN6;>d$(WO}kyvUkj)bN*_FW&CH4*<j-n*rb7<CpL`DA
z3XV0}J0GF76cngW-8M!{H+0Ewj#<z=!gDh=yiI1qr)|2JdD{&BgyFc$cFSDcE~Pa#
zy2O4YdlZw0W7Aqei@vWeHT`HsAU`N>k_Sf(JkoP--S_XD_v2j8vh5~jTlE<_?XHb7
zz)bi;;D`W=vE#>!JLLyR_%yG5{SSr{h3RwGX63v<8!e>^=T%OTXyNYeURYFAroA>N
zV87I*T@U*Y8g#SxGcL8UU2nq`xgMj@v2Hd)-^w>z`{Ydes+h2c(<Po*`92@8@MuV8
zrJ?KBl486{t)o1<_C9nitJCw<po3z;oUkXyKyqF`<y>Oul;j#t&e?^CeFy1QlEc^@
zg4YCDD@(igU`wm%J>1>*jmJ14x5DvDkA@N9cHN?zjO$oZFU~;{jEIOBwIHD6PTz^L
z-CBNKqv*;mM?e<v;BLv%NK-8T4n9~#6Kmmwfw)vrPWxw+3Vs}|UDxGU)eknSHe2eK
z)YW2(*{rv92iDgIJh3|0dQ1JI@v(Iuqhu8~{^Mj2X&vBu%IMW4&(i1q*V`kmK1iB(
zppS}2?n1>bTg-m%v)3OK?{?~3YqQKWoy7NFmLfUQMGc@eYE;JY_Q^v(MtuT!5(u)H
zncd}W$yD~1oKnLkLLu!VRwZ6i7B}q{-aPHor~kVCiHV6Lz1V(Yd+$yy#)Q|Q+s=R=
zXs^bIt!iuiDHhB!FG=-C3J%`$)~ht32Euaq!TPu<k?l(zZ0>8nR&X|+BXu9YU@2V^
z^sx&%cj=N~xpCRD!9SHix<YQ<gUPwP_g*<l<%3c%O|Rb4owO(4HrJj44p~Lw>XkNM
z9sY^3pKRg#EFH03{g7HTvzOYBwDnaRJ^oU7r{`UA^-Y#8oip(>G#u9j8{CTKjh2q>
z{MPt-RFuL3I27A80|RX;_eD5X=y*CE7i3vB$_QE(zVn~le!{`DE>WwS(4MnDx>L7%
z;m1s0`)A|qJyx(C!SnMbbpI4ZH8Sy%l}QthaB`2=^mU7FB=7|n&Re{At{BT@@bHs`
zCGl&V+*$@kXO$EjcY3X$-E>Cp>$TvfcV}p~&hAeRc;8i{By)bzVVQ`DzQSfb*INC|
z=KaQ#rL(TbRM<5?s@ABz*0-mtRPWE121duW9b24jF}C!}Qj(C@BR7u`>-?1paO8<f
z7>$Hzb@e7LbL6so{_LyUGFIaLpbL&34mWl+UR{G*X6YQ5V`mNQ@E=i8`72d*`GkR^
zydY1z0??2U@{s}K!E))UMkT1odC~ZfvNW^rYyKZDK!Wa~N!KFQ{f=JJWt36H9TEUt
zF{9dyW%PU&F3e%M_SL0YgWo*bsdIWH8Ld{(;uObns1UkhrHZlo&2rsNwFM%JCuuQa
zUwi4wTTj^K<%AW(%-?H1N9B!(%&fFwyKUXH$vobn0HxSKCF}JzHZBu~%gunhxpe6%
z>Y~gULCq<V+PaZeup#HRJ++-Yal!;*{4%(cGkp`(_eG>l)mOE9(){^m?i8oDpDQb6
z1`L>UdYgC0T}9nsbdFANHFB&7qq(`63)}CxMutcISgJUpk7)NK?ca_4bjN9Gp11H0
zdaSQ?Y4GCdmWGBpk^9z`$kiU&Fu2RRy2y47)w<V(#}}u__m2NIL@-{<fAf{gR_&C(
zeyVAX)rn8H=KQ`F>i8|<>YCaJyWTOGfy=i{pS`c`&AM5MVd@drE6QHPcDm$fZ;whr
zkKl2xX~luvB?ZZX3*e9`pGhK}a&%v=pYr^>&6sPHxcRM9N9u+pC!d!SbLjcj6f4M>
z;`LfVh%Un$^5ncmOZSAeT0B_(zKt?23@{mR8KPIPSZX$OS8%aMk9|B9#=KC%-SO6~
z(<K`U3gX(#!uJfeC$pl=Zmv&2IeI~Ltz<&V>YK%=7wBKqJn$uv$V;>RJp<BHGyF8<
z17j5x7et!&>sn7kWTaQv>XrIMgCi6h=SHY#yd<SuGr5>5jyIe_<F`u}$4N7~T<&o$
z=Tp7g{Lm%AhKAYUBSwx&J)$Nv`A%e<T~0tBt!5jJ&?VvhYu~IIw(4@gfaIvf>15k;
zM)oZ(LH$tK^Kzi?@?NG=Rl8QizrQFiIuI5WRoEo`Q{ny!J+6Cb>f!eL%QhYv+<d_4
z_rTn{PRnO$H7%TyuXoO)QQYae#Ls&LEh}2m+%0aM%O5!FiS6W?>gupDIMG-yZ2uZ3
zZ<YUHX<>W)x?<5YT1D4+!JL*sUFfyOJb3sp_l(M{5UCN?!<21AZ4ID19Gv;$U1!26
z@BVwsfm_S4ZvW}M#Ve1L46hk7t@=ZjI}^T9B|j2}L`yU%-88LPeqiT4qQ%aSR>kP~
z%I+V#DWtH%IpO14K~D*&`9e06q6FnoSde&0TxQ5!0%85B@e8}#$t_rrO`)F#l1R-C
z8Ta`##R0>Hy~)eFsA61#uW4yjRd|K`h%<qK>(;MNcC9%Lr|iRnBQV<QPkW!&K5J`J
zG&oeT@z^L27iBuqh?{YM4xF*W)XXMPFHfhXhyF22kPy$O7B*zJ;E0W4%iAYin!IV#
z@+$mRIg&F~*BfO|zpt;Z=w=nvdCIvIoAk~lC4lr)+#c?;TBdHCILmVdW;G#CK8cIo
zz%G#bVl=fmcp7L*rYD#T>M_Bt<YQwb$Od15#*xhQt?L!L*ptItpBO0Lk-Knf&Ut)Z
z`qq5#xBUyQRzzG?PnxGUVinZE>X2EONB(qKGyeC!m$rlA?S!){ZvAexxNq-|YAsx0
zDq)a*_m>rRftfbSf~bZ{KXeIVTzquJy`aSzE?n3<>L%hEuRIW57}(V32+MHRKWd?o
zs~nWur&ljk+rX8WiZ3dH8mwixC$|Dk&f7ErVS%~~jY>v74jDr1A%+rY1+{a9<Kon~
zHzYB68TRYf!$bEuawKHnhbu_!U_fEpf;B7TjyWTr(Piu1(<g6hZYDU_voxnGW5skQ
z`Iq&YX!rDdc;7RKIiH6fA&qo)jx`xSQAugBzW#gXg#7Ssm60;fRl&1ni-B~9BfhzE
z<rDrlVDgpkZfjRnYs_enxP3>ladw2OOBezGyzVN?Tju5+4^w8#&87d&NP@p3-qP8i
zI<GHX>??NewJVA{*_t7;vh!1(Jvg3T;5y65FJ(_cLW0rN`nwvBh1)!1$Z@v5<iQLZ
zWd(yXI!>WkzUK;?9Gn-bzcu5`^67x}RB@mnW%*^r$crS`n#@%(T)9an^kGe*UASBB
z3>ECrborip?@)ro$2UP~hLwmE<kQm&j!>*#EY>y}R1mxUK=17tLt-B|e%oa>D|N%6
zD_TuwO8HvO6*Dsy+>CMXSZ<NFsVe(fd%=qjZ!Vwi9WxwRvaT5Ynj%gDS_)1nO*qXD
z`MvAEXEth%){O&+rv`)1Bt5o`1s0pFr}ts48angt-MV>Tf^Pd^zLeLJ@K(I#pon?}
zc|WLVAkAImIdBd(C-MyvNeKxvaMYeW`Q*d0&C||Pg@DyLT;R+@h=U{4z$5$ymo|Kh
zE`(Gk>MH7%ySd#^eAUs<sSlMj$M~JsV&NY=_z(a(?!cZAs&g(BoPHa}#o(G?vnbK?
zGevQJ7Y#RYMTaaJPvN~wr;EoeI=nAP`cqlizM!=O@b=r~u5R&cn)BtfwNTga=BX(y
zC3&4a@)=vpEYf2CAl;|E=GJQX?l?rnz43ZfUcbnwXY%_G9(2s{ZuGg>myJ$!4!%H#
zuC%xnOO8j1m2bCKTo~vwtm*i8-AdBacFvseF;rR`oHteNds*^UPV8Pz&O|hxAvZ#N
zOm6NiO6vrlR<h;C`P|XJhukjo>HIVGgL4Ap!4v=k5|DVUo!)pi?;f10WKJc$^C#+k
z?J4IrtXWe)M5LW(v^FOl0!=hQ=QWwet5*VDzih{OWgCAT$FK8c>JAj8J;?COG1Okx
zC>^`l#pCsos-O9*!FN0!_}*#IX_8+5FCaJTyS3WZ1|g=G$m?}K-+++})hb>PLnX&f
zo7PM<`SHOq>UcHVKjpTw--r>jzI(guDQOx|5U~BgYsue+Ve=-eNG+lIJ>DZ|_xGZY
zmB4YQ({19`>g$Y_?oH#S<9lcCEvg3l&cC|bFuo!)l9<gFJdp2IGQeg-iqgx@iOyyk
z8Sm;g%*?$y{DpSzjc}Jcz60zBsuo|^IBG*m3L3|m54S)+#S9ETmH-W@i*x)!%D#SG
zB-J%gtW(^+mX?;ohsA;0eZNVnESV^29Rc*g<&srOyh2<(zuIpMZ5_z}4~pD7)tywy
zn7Z?qXSHwVDW;;z&IyW@Zn#U-_g!IgAYkaQ)-!(C0eu*?<>JCD+gQqof}$ehph^4A
zw(G|$xIM=$hNXVla2(FvXx<<?L{9NG31ZX2V?@<al%FrC)gjNv+`RegU3**6)0J3}
ze8Qi?Mma3^x$?oO$?`!hcng-!-KWN|j<xIE?`DdN_QgH>X_+_w)7G3DQ9~Aq?Dx>3
zxJ2K2{gmnB$6tFRTX1vm{T~-ncXHf6SQUe3cuQLQ?`W8&-4-Zk>936JGd#nu0G~-V
z0+~=!qxgoD%}LJXj~Q`N_fJ>EpR_{Q?A_axP-rTvCfk|&7bchbhGs2J*<PJDMA7D=
z*~)E+k+;nx?ztV4>Z%vVDb9ynYHG^m2Bg2zclhwHczV`sH+x@z2W;v4_s3CI3?II+
zn#@)w=+;~7boGpX@qE#fVOXU7`}qIG-(l-?5oyc|T{6kv@lOxx!2Hl}_4O*Q{qI`(
z44HZ~%gb0&wA&0@U^@rkLQwC?uKoE22H~vME0Ueg1Y&;uSz090I1Vc^{@KaFU1!EU
zyYz2kMkET^edIr#IMJEu|8dBn*Y*F|-xnBTy>CD9tN{Y4a_8;PTV~CgwRGtKUHxD~
z30bvA479S=#zZzTF~C~O?uiUzm)w8iHB_$zJ_Hoiyp7>XQetNernUVs`FYi4pPZQS
zLy@T29~Zu;ix+jqpE6y#^soNnR7C#SIJQD{0GFjlpOS(xLuEOKA}zHIX4+`pLEjs{
zLH<3jUG{Nc`^Sc#v{qc4oi7!oxz%5q9|}KaO^i8j%bV*4AI~WDo;~uB@1M)ty~3)K
z{aCzhfMv<Yb2}81oYj^$?R@n|Un(lOv2qrsZieIFRhHMg?bLer=FNqNWtisLTYV$X
za&&Om^!4D)*<Mmlf5#Q(VzBd&#&ezab5O8?!orbW)z#H?J(us5ySyYks$9T`@7$3o
zA{_*ZYhHgNH1vD#r&yZe=3G?{vE}R6uZ_ZlGP7XAIycSX#~zk$TEAffL#XapeucxB
zU>Q}Y(6RP)=JpUi`4$kl-(>ondgQvgjK6pcVu%cbkSK`Gk3O}0?-&S&Zjn2A6@ny^
z+)DKd<e?T8hjZr;Q5e0HU}?R4IfiAhmi43Yo2|v{g#le5Qes{Im=;e=NnH}2?;fe%
z@z%=nEJ6D%D|XiJHyKa2p$UJ)@821+BGEk~e`bpA_u6+W*u@l@bLjCqmD~w#YO@YD
zG&eTh=TuqV@UwYPuwgTw*<nUBE*#mVn_lgj(ec98>##%08_#(xG@R%oI6Hp>e;^ZE
zSM9Ci2#vwa)RZ!XCBY?DqQ!w4Fr+X$@b96tP!w)jJ{J!0z^M?P3IkOCGyrG3-(@DU
z5ZY8!<a{*-0|`hL4r`RR2E+O*?<MfdSf7>irm9_X)ABRxz@ncSou0L84_>`-@9LI$
z{MLbf-$ZfUQ(c3s7cJ^))7HebEPctClgiG*O}Ir)31LU@x1jk{o80gel;ur?nUZmj
zZW;%0h@*$?_t(a9?SJO4L5h~Li~632-f4!XPzwkIy0-c*WtTopX|{7}O=9K1CKE2X
zfiMW`dUQ1UKrwkB@~xlE-97f};!Uubi9<%z)qtdnqE}d3x25+OaePDRJj`m*zr&-s
zRHXFRUuU&E67`hD<f+0VYb!u;vD$M_K#fSjKVJ!xr^?s2mD*CSUAq<>+^PL*Rn^bd
zpIh92!@0J<(Av5ta`E>*fx#Ch6cq$vCXArAd7I?HS#Mv~e*EadM{xhms-um4+;g&w
z#2%g9QmC5gA6_nszIN>u6j)vFhh-<s!p)a013h=}@GLASK(Q;;zH!3_U#HZ&{hrnY
zOqUYX9p2XvC5pQ*^y)Yf$zbkva?YE;Ru#yZ$y$C{nwvj#J^SH<i=Z)@K7F~P2aQ!S
zud!Ds7I<W&(T(QDpSBK?^Je8XoDDj=D{y|WVSZ83kTcmQ+M^Wx{j$rU4#~HJJU>tk
ztN+<bzyC!IqEoi~i1wpv`(~uoyehi-$qpoa{3-GFuZZBkh8SaQ<6xzP2!<<?mksI)
zUuljKxj>P|vfBm<%L&$ctM<V{`d%22bgiHojHdKmc<vVHAdQd3<oN}d3f~sT%AYUI
zBb!3@l+@@PE8n~Gp50GQz$tk2B{FK;bw5Aj`SZn7EQ>xn+L^cG7{!*7El(^Q^rKJU
z(+d_+5!x&k{M74fo73MnZ|l*cM`V-wA}7$<*6(>OaZ{3?K-~-W9N`@v9*)NRS<Chb
zlO|#AtDTZeV6+(V#FUwKLx=jjTm6TA=@v>aiH@XRG|HCxUp;a&7N_oqj+`|#kaaL~
z!oV^O>fuRVo$gAcZ#NSKloCtG>xDC`a$oMk(hbvp`lZ{v|E<}Z2Es?*96RG5$0)4u
zaxjR7{?7=8`4jPS9e?U@ZUs!pBi3nm?wr}RR2OVWfAn|;a}^;<&u_6A4JS0R2~IYo
z1Bqy*fk&{*)@#dJ6;o&V0#+ZKp2imZkwC9UwU6F%Qz3VHu;;dLU*F!_cby~(oTzwM
z_f>tc%=Xk1^GDqto4c=5USIMlzlWBOR?l!dGW+*=q0nR0<lE~fDoVk1f9`AptE>{<
z5%INm+r0ex(5_u)Vug(jLSBuwM+@FqQTfu$%d)%4F+*E^LG&@Dd-s0qCNuozrr8=^
zOHm+r^J!W3lhmof4_Qa`GshY=qDAzDE*D3^Psx7tsF|7t7ZnifnWt+W$A={hZmBqt
zW}xsQCr2<sY;0kbH8u!S1tBL{<nA!s@^|dygBj0GWk1WEmR>9^(#alo>M>!5XPoSD
zsLpkS=5Qx;tBoxnfP|^c<?_iY_x+vkBqcGlYqzyF%_1_1%Aj7i>PyFK1=Zqx1?>N#
zCfhcar&Cj~_?)K={TBXd(?WH(Q~&k3>D&`UuSj+ktrqXo=SO{g`k-GNi}t<#m_mZ&
z(MiA$y*d07&qJ2P@@f<`%Y*3zcqB5`!JV4Q+nO>$TT9DYPHNM%p&a$FbAt`-5o3J#
zAT2BVN+F`FPSQTy|2l%a{c?;ZEuyDB3uU)758ts<&uo&vV*kVJTr2<6>{+0z&&8^t
zOO{z#`L0dFQ(2G&eJu$t%6;<0=g^__K5jQd@B?=*^POsO>!>JBT{w*bEF$eDpY0&~
zh(yuChoA?B0;4LLA`Q!i!S36wtS%I`te>)j?!vSOh>UQ5L32c%O3&J2OA+SJ^j9(M
z;?Zlr?k`VTX-jJ?Ek$wNgg3ZHdlU&0hti|L?H%7lqibZpCV4OR62QA{vol;)66mEI
zdmMf|3=MaC_7oR?9*{&e8^jTC^;4p5a2_)ZUca8sII;bTU97j?P?FrO^@kutzJ2_T
z!035@s=TTy!7fKOqlQK+o#YT4Jvo-hy)))HVUz$QDc!GMRTHLra2gm`HBS1_P!5t|
z!;phxd{<v6N|vzMHdN&C{p%aW6Z*87*Zxbc(ePo2h+#$OL$SSK;o;9L+TlYYTsf{k
zI)AWA<n`-dlK=!d(Z`%b<Vy#V60QH@OulIB;qjYSA<v7~+C-wt!(LA81IGww$2H<k
zRMhGDp)3}tZ<G8zkv%kyEg{-S%BqRUo2*!&go>dvMDytA=(Wl+98Ziacor6I8c`o|
zYaXGVy@6aFp)7=z!ZT)^#=>|4vPd#53kxg&TQ#jE58ea{pHeBx!{xr4&Q*+sQp3XR
z*?YnQ=5g1SbNKR-b&$<W#*gs?#Wstwe5O%b4=`BZpxy>c!a2c`dUx$w!L`EOgN7V}
z*uGs?a@6}RX|;9oI$k)|7p4$=CmIu_J2t{jSh+ITKq2D#bxjxAPp<KF2TUUny_55h
zh7!Z+J%iYj{;pmfLN_5Q>M4{3IjQ$MT;>tPj@JYX)kIQofy38)!oa2|3Aa>5x4+UG
z*bVPbon$H*D+<a0sVoov!o$MC9a7Q2BXgpiFy4Ln(tGh?xIy3ip{LBRu{0#{We0I_
zkw1Sa%9QKbvnSF?h<WmU4jlBP!@!kK&#3IPxEU4om04ENmyN<rVDdJOA>D)1&Gt-!
zVz7O?>z7vrZ{7@xvfVgp)7t@}FHGJ9n0Eg5ao)d_HXCN<TG4iA)ZoA)W2Cc|JEerG
z-<A*;zZMpzBNkKqnH~1`v}w$MBv?}b(F4OmjMJ)jpN!Y9lO9Cm=|RP&-H;4T?$B)9
z6N&Oc+Ma>_{%f6_qK#f)N=jTKb()0-B?%duiNFasr8db#fsQhCiDp1Gn8~ayG5IOy
zzLb@zLKFbcz1`%V!aSvJI@3d!{G{=WqwlNyJ;FK=RjSe!qP{J?9v>6acaX)hWhwAb
zfdv{{&`90Bd2<Vzm-u*f+n+h}EpyJ2Z;||B59p^(|8y$?%npq5kkqOebAE~Y0^<um
z+>k=S&|-60_qG&>_Z1^7qOa(Q!7Z^&aaWg<yGSOUSS_;Z_((Wb(xE@6(c%4>?EGg?
zF9<aKQgF6<i1&gS5mx(oH5?ufxM*BJ9(>DZ&z_-&*rj(OAE@Y-MEe>ka)=Qlj!BK5
zH0dc%<iX@W3@Yp0ENaMzB22DPlVe=ndzgkv?nzt}KyhEaeEF!XzUBLun%Y|24|(JP
zf$j8H%IoqUsmrT#CgaODO`~Pn_8eGC@XPQzt|PaJa8Da_^X8snVtKA@4IqIVUYoC2
z33S6lVA8JGKqd{V8u*Dvc6Nt74B1sdL=mA%U2-J8_F3iM!0Lc#weg6WG2=Jn7V-V7
zxYfiO`|PFL2Q%5K<5uYmVW2H-i9YpJNl<#ovvBg%4K}nyjD-h8V++Ods++~o0Y0e~
z_07YJc?*Xp2O41(Je-@(wSC3-RtVU?yH4}Z9;Rk5wQI7Ju70E`PLap`^w*(`W3y~>
zRq2iaYvx?3**KGew6X6{ojt8+@bK`U9-8XW;?i<uEHDPS6SXF6BZWh^CepRWW!f@n
z>jpmNm7_wjYTpMee*Ki?HR_?D{?k3%l2OTl`7uC{iFK85PQQNTn|nqcsU|fT(xaEp
zvFvgjP<Z%_5lBpSZcLy#9}%ILYH<g@DjtaglXm|6MnKa78;dWpKH}|N3FozbR_!#F
z)7@quBv^W+fOKNuMJ_inX=Khx=KcEuun7;-HlDRIX<4kmZihqa_3YMu7(lOHzb03N
zim8e=l%@p<Mc_aG*b116NbNO=0rb<|wR`U0o(UCseE-9&SY{SHuNi?K2eoG6bD6r>
z*tq;a2X!Q=UtTp~c?TVku*%qHq3rziLwKeTU^WM?#_bvUU=lV{s4HM$V6LGKI|E+h
zf&Kea)VA0UmJF;VU6N_uS>)s6qvg>8j~s@d<q|V92KHPt9A`Uu@b<OYo^1_5xHo4$
zd?*-kKUlRztCm3qL!_jR2Lw3S{AQ{5kyWc?J#CO(dhlX=4aX1O2bk~$o<G0-+TF1C
zKLLkyV4`A(7nFN7Esl9}++F5qyJ3OHWBc~fvEhwhUJI64Z$@<+X3j7;c>lcc52h$E
zFOVfR*DQysjpA|?>wyO=n45z<WXFyJ4wCPaSw|HW6=o||ES?y{*<4q5hxcC+K6*=$
zQ|ix8q2~=J{UO{z0Q#SVyMT^p&^|ZZgfFi~5QYiZj#E)qZf^VgeSMfFvp71941)1U
zjRQ1my7@?sXgi~}?qr|_n_?PMd|;qqNFa<EfM$e8x%8n|6ZIRIdMA1XnQqC*6Esc-
zuUWSwTzGM1<>T(n-$M;Bo@B4u+$^TE@aLRVegxNppLt6;Z==+YcZBr@Ervt+6`n?s
zP4R&~-7fl)5@R~G8shR$$+hUngei0S`udwTDSIrAO-^p*HAq-Ew?_xxiud0VDY6&J
zNXjb4{@il@+c}|?e1ZHRkqYfubnu(lHN9ZzDa!zG{5SR-Z-1$90%mTBF6%JI;Yj^s
zHH4F)Uh1_a;aV+~qsT7-*PNV$^MIB8;o!M41#)etH;MaSKX+~DUPaG`Ud-qb+ZIj9
zvAfAoIyMX45KFw9ZEbL@UE4YeP8z*bI;ZLBD}`EC(Cn@;d_Sv<J!vaUu{tyesc9m%
z6R2$Ho1luVtgK{ZJX@ai<jGFPN|NE#1+n?v-MilwhX0a0{5^g8mTBj?q3hqJUN}G2
z(5%R4`TfP3P9A1ze;*Zz>cjynZ~;wabTbA59EK2lQ(dZ-M5+q}Tf|-*$#^v2*Rug9
zD<q%ZM~}kXb9i^WQ{F1N{xtgucI;d#1?Gp^LWQDj<T`M`XDDm3%oIQ=ftjdvYL$tU
zuD57I|3SR#A722GJ#It)Hzc*znL`-)Ko8JmDZw6cP+rS(Y&8+Q5Rf9T4uA+m{wzQ1
z0E6_fxdBcScFg0))f7;7bT@Ctv*@<|==l)JvTO;%oLLgxS92`f(M4kwl$%Ct0m^{+
zgv>r=sawCu7JK>n<}iOiV%Zw>iMEqTq{9{pJ3v7JUP_F)&##Y|Zm5k`-YZ8>YqwN@
z^2*NENlX)xJgABaCKl6|{(f2PmEZ#^SX1;HyXgHpPE$r;O^`kW*@t9JAaUj888RV|
z-k-0j?yOm?A5$x<--6k&xjC|r>e{mm-1f@jav|NJPlK0Ly6t3!Nrj)Ntkx)51uC;=
zwXMEz=Mp)?1S`HQ2azbxh>HO6=&WWFnvE$to9i&1VzHgkP!stuiRr!2eV8%$IgLD)
zuLGSY#%j_NL}?KJJHt_!-gof@Cmb`uxLI^}nG6Uh7;r90x+~*E1oksglh3%brRu6h
zO=Xr9$>e_B;KB|4dgf-5fGj#q$4Vssv9|VD`}r9=rs!4@oo%~?E~!ExR=SDy>r5%S
zB=mVgC%q^ty1gc$hE9TvgdRpM@sur#jcXWIP+Ah7b=TWd`W6=<R#NL6Y2D%WWafG4
z+7r8N_tQKhYiVh5Z>^xKFQv<1!?BA0FBw{s1Uqw$feDtoI1dp+e!=J3aX+aqT@Swa
zciL`bIA4Yi7hP%MhGW`~yVj<=yE};qPWcW)Kh)k4(x(wI=9(B|P{Mf~$MCP0vzc^i
zFKsA_Z6^au3Z$BoBlLnfK6P;s@Rk$Xx%{Z*q^qVK>`D(v?p<eMt~o+pjk5}q&Z%l@
zdFPZhw+++YrP*X~vG7V$+Wg)=&0|-NYM8oLj)Q8iRHA3Q)-q`snMdW$bU+_@7Bf68
zet?4CyqvK;_ujp&TwYOOyj<R2$02sD+WNQ2gXL$>D75**ZQ2+&T7cv276ls$(UP7r
z%yg2K=JnT3omxt7F??2+yPuf~vmb_X?YnlSi%-WU0q2_qTe|l6Dty-y`Yu@8#h9ND
z2yllpTR6diKgEKlxCdTk%=kFwW$KDC@)@PkA7W5_oQvj+3+5B_#4uH?;UHv5A@(55
z{@D?hz3x%jp&u1r6oWf$Kw<lMb!BN+Qwc(vm(=#<f9cxeszDM(P|*`evkW=*+nGFk
z<D5v-hMzmDb7F+Cle*)kPe1ocTuXmuXxdua$;HeLB_ACTZ0J3RRK>ZZPxmJOn528=
zWn#2%bT4$<eK^Y&X}zFFCST^TY@=YMeJTX$x5>p%`*yZz10Xujo`wexUIo_yHSh50
zTMfpa3ecD|ih<v|uK-j0PjXFN$Y%DbPyhTh$kqMYcbVcK3yFq_+&Ol9PyhnBW0AXS
z-*4NxRZk49%$YN1=qT!k3L}a7b?rNBSPCqc*x1a~v944X;gOMJwwPHhtnoZ0duGoS
zgR|&@W42T*!f6QN3|zS5^W@IuKt099@Z*^KCjYC<nt-8m5fCXZ32&r52Ec9(*9wm+
zutn;i!VJ%$l5<C%AdQ50X@g{!C{fGF=(nXu=Q;;6TLi_7r(eOc!CfAsAWO><?&-o|
z{(VW2ch~=i<Wk4*zS&}>L;CnE3O89Y!tOUoGpr-xG#m^ssZ`6K$jfZIotiJ~D^Qr$
z(L?s=96xblk5I&*IlFiB)smVm2_=b%8m&UI^W)3wtLi?`+nSr38(}w1NMA@TVI0w|
zd-o4Vtj<Y1(cv<18+Xl{m&M0L%_;aXRYwr%IWA@UDS6gE7({I1e_H&nUtKFZWC(|G
zIo1R`4JPgRkdqB#{UknXga{mR7Rjek%F1NonCG};og70+=(2TdApZgHrQ2dKOje}S
z6Uqi)JkwL4IF8WTX<k;qLRn|IyRcJSMYqQy7nkmDYZKQOPwu|29!4L*c>Jly7_cCw
zkn^IVf(=*Mv|RiD%o%yQGU<O4XXN6WLGz{Vcd$k(u8izpjYRAv==?vhMh0K*V2w0O
zeZq>56Nu(flyyoq^S;|W%&691sOD}ul5{C+bAC5sgGlBAgJ|Hv0dChl>E%LQHy<mD
zoSX+mks{G6TI%8w61F#ssZN<_b4Bu@q0l~&fcH50>}N0!GQQ?Lm%s{OMG5G--iO0M
zH!kgIG3dWn4$ig2*|jgRKVc*CL|RQ5rObUp_PnG9R|}d*SgPDKpP&_l2jx!|)$!=J
z{}(KZ@ag@q$H5JT5(}CdN#t``Jxo2Gf1f?j;RO{Vc1P%;Cy%~CEH>UjdaHgvE&2%i
zenPzb&gj2fCC5tda=CWwSRce0&~&`L<z6iCHB~!WSyg)$-Z+hKcQ>~i<`Yint5IVL
zt?m8C{bXJwEh-zH&)GI4LXiz96y2h@x2#u6hwuCjH5;(*`$)f(6k*n?u)K7R(8<Rk
zWXrUnoO6H@0UAU1DSLa?iaLoJUlI%%h(gnS;jl+(nA&g&2K4WLW{MAsOVDjeAL_bM
zr+O16xJ)W_vC74W_`n%XG>8Dg09jfUV4*?|0;ri2kWAL_l!jkgn&-@!on}f=>%ZYp
zIhdj1YS?mjl7i^&v`LnClxd9WTY>|P8RefXC_^wdYE@NG=&n6=c?Msk?qh{$_fcIr
zDb7iJLp-^5Y~2~~_9%7(CqB?jw_GR^l|6d$M3X_s;UScDHbW63H!v;}9Hn_@8+Nax
zB<_r$B&GdUe@#|ybGM75=-Qxr6Esw4ji{p`Afl2t81~O1Vg2kuZ^mg=lIEF)nL@ga
z;AD5@C_7kZ?vfQNjs=D5J+x6KQKV+}KXaxTs5Zfp6ef*YP)<`b`NF=gK(Zu{^m5)n
z(TX(vQB%ab=jQia*Td{br@TFcG#-Djkzsm9M$f2{nWgcqxqfx4s-~u8P01dln>@aZ
zkQd!GVg2L&{T%`frQ2DJfnS7s&BN^{V*{o##W&mpCn6+wRA+Pb^e7w|Zz<$vyD@{f
zA){*N6CRS+^AGB=+kYlNCSR5mj6~CL*|K?QD$u&o>?!yWwRyN;F6(!{r>Jrqd8HbL
zjmC59+X2jlx6CtwwIK*d$>W8w0PgOI^Fu#0{G>_Ib!L8HA&x7_-2W>_`-<}FP0Y-c
zEaJu~D%KoPO2ucuhwgRwC|$9CKZzt1^k&A%GhG!3ongNhv^{s(*w}z*oO#lI&PR3R
z$j(<xJB#9U=FE9OgP1NbA#oZ^Z@@n4;<Fm#gv^77#uW&i!iUAhoA8_;BNAEbA{hDm
z@9mf*^JTSwD8e)L{LxI_^#N8xC5M{fP}_4}_?7l>(Oty{@7`&vsWl?`rdSGMe$~2t
zdn*2zz?=!m&(9}JAD(?l@b>F?eJh@IJ0=E8yzqz!)eWPCypPA36ZD_iV?U}3ur?fx
zn?0s?5vGxoT@B$s3_6(c_s-@Uy20jX{ML>7&j*?yTq(;tc{Hs(+kdT~%4I=dpLdMb
z;@vOTMWPq(Y(Pp7rabK0D`y~s>ACP`BD+1=<)6yS1+o}@5n#~YElsMfv#Gi~C5LO0
zFhQd-km>SY&rY|&s%l;RhX?4Agl{3z6{BB-6Wb{{Z|qqigHhqX_Da92`CnX<I7~r$
z_UQv1lrEG2WMbTHAR}@9&l0rPMx2`H@|Tv@TLF30c|rW>xflBDTQHCzPRR_=HpZjz
znvH-M<cwlIi)9qs^zIoH;!K&~ukXv}O5F#p<%snU4Ak0KG7S(FKjZ3)0`CR9@Y@f7
z2*QWJ_=Yt@2UtdB)$Hj#gemVi%B${sll7kkSn!D^G(aWU?SIxHQj17Qp+-odb$TC2
zLP1XMZvM<pd_s8mRr^_ELg@&{4QF?0ylichUyYR!x*XkCbUcjbva&9Y63!l02<VeQ
zMWX5=Q+S=<x07ghFnk5q6cbBJO`;KqGnH`sV&#8VL7cqg!53+s?QjRu;Zq2gTBm_A
zSC+XE0(<TD{Q(_;iyN@P0iQv<15|SFtINyp3C<vZW;xLRXD;|s9UT$PpN5~5T9hgC
zx4hQi%O`AtGO#*QD5mQsQ|7y#l6gSje$?E95$^ZLbjgzhlHUI=B_}0^=74_D0?;vL
zUu=k&<=Fk-{o*4qO%B?qapfMQ!ID};!tvnn0O)D(FNo#9`i$e7hT(OufjHg`-z(Q&
ze1FUbpJT_yirstnZpGq5M(a!NoRAaSD@W$ylVqE>ijlRjvk|ANy2=f^OOLSUUa?-i
z9KUMMA1xhOE<}HPW+TcRhX4B!Ear?qB@FCdk+y5%f(ipcn0Y^qR2)Q|MD)ElMzt7@
z<6H8U%Ma=RCZ2}04~$C5{07XJfGKWu)gait>6VNeEv6eu!`Z>lD}Q5L)Q+TQ8fGs9
zyDMqwSK7i&<vNQjPy!KP+R$pcY~H+`x#U6;*uhXJ&}3pn@18xMjcbMZCzzOh{_NAv
zeI2T6PbFg8t@}O|Y%18;AcnV=hY{NTqaQt|aom4!)8M~fqGq5GwfdyZzp>dqkn;x+
zH7PMMwLWtQzGZA*n$lVfHUj2YILx8}^H(LtC|WF`bVryx$^6Fd3F&4M@aByo7$7I-
zh1c`zF$SXDSrqq1?evAfQ1*uJ{Woe{+zugz4}=^<FoU2J!fa@+oYWbOab<!LBvT6<
zqf_)w)0*h{?CW+0J<Sp0W5lOE0DJ`f{q}R`|50+N8Eyb@p&J$)Tne?Fe3?1vpEgaS
zjZmEGv7^_demL=1;k!mwPa~9>@|>A~hElrl)HUW6u-P_;bYMuu*AKA8ICNhzn1YHc
z*l-#sD9gUoA4{CYlcxMP6bjy;`lgumQ(nJ$1Ag2pkTm1tBc1Z=hUXO=l#P5pR+s+D
zdu{4c+%_n}z=|H0JEPjBJohA&(Q9f=YdI*hICZI&l?Ohn$vUtOd<SCB5#F+*{cuff
z+`#A^ei?gCjF`lseEj(F)5F$}e79OG7~}%7hVrYLbx{_7#QHkt=zBnXsUBz1`Q4?{
zCr>`V-p=T3@M*H6D+2{@6|rFCi^nWv`uF#es)k{(Oc=_tW5+L&yBdpTXrs@xx2T_h
zmqEAh+_~4~+5QpNuF-Mq55W&hM7x_=8k`wo!M%q};j9IeVI1(jEZYw~&+4P_rf_zj
zk6`J)a2>B9;&?mVy0vJ*f{X!RlvKcr7D>8-OGz-O`cCFyb8~a(X8J{kse-_EQ7D3L
zoHaOo_Uzzc!*Xntp&~7A%l7KoPfC}uf%*#;FuxQ@ACM-XLt^4l%j-0QR;^-8`k*5Z
zK=WsbdHgK*&vZ}&Aad+OV7PZzYxMG-y?du%)9UKlgy@eM07lFbBx+VPD6L4fG&V*a
z2Z+>H7r}2v`<h2mG;Jk@O!0ZEdglR6?S9|W0tYz7zOYFCx^U96vWzC+B5!XoQljdE
z3;H+@xo6w<F6$}RNKH*m=3Cl^9{(l??Yu0Ob-d_w^2D8|K9ge_3^Q2}H(^_fOO^Do
zhg{i917Qfjmu8e32Lx7OGmzrKFlgTR5~feA#UGX56&2aIPf;WSdSVx5>^MDv3sCBu
zAe&IbY71{yU!5sIbI&j9(Mg3ZMT~Bh_X;~?zj?FDxg1Gx@q3<atqr+i!2-=^09%sQ
z9N3kb>FiP43e4--;-kD41!~SSH5`8m))lob>=Ehn6{8gtPP*0|%7Lk_+ap<UxiapB
z5B{dFw*TnWZ#kyse)q+To2jX9g{w=Ow9xzA>(@J&mzXcj`Qz~Q)kmozXOaRgw>MpP
z^Se;^!PUt*tFez6c-Fa`jiz7S$<fZ=K~4BvyVsZ6_8=FA<8<LDHy+_+XlAw+au$5V
z=%4IlO5{`X=bR=tqf|s(pO}#Ftfn3RcR<yTLCy(7R~Yv1*Du7i`#+F+(c8X=9tzoC
zNM%#nI2$iD?L8~_OkPNLqICbbUr$Uv-eRI(mXt0h>>+ROi$yD#%=Y%zvm1odN00RV
z^0D)k^{|H!phl>3|NZHEE=Rj3lkwbt#;(c6O>?%OAYcml*mi~y?bI4kHC(XKMn`|<
z!K!td;?B=6&tt<iws4bZ^frFuWTg;$k^SQNb3tr5=1wG)fkVlwgBZ<cmpi*}C)UJS
zD~&&)57bg$3%zl|?GCzQW6Rw;{l({ac+Ak%4>$SX_?9ILRTH!w*O|&DTKTjUgb9>3
z$}oOkab8ng^_Ee-NU-`cEU`+!vuK6N22BG~<!2tClZdgG#o8X)w{I5l50>H}X=&Z3
z70iUDo!-l$75@+^-TaAXm<7k2Jdlp8lMv6>X?7*MZ0F^Kaaasv*dye+fmyao{L4On
zE}?oQybSE$A2tgvblkKG)}_$V-nXxdu044dvsSGAf=qn}JTzYJ3k7__%A3U$FEn_6
zL#&|Uo_D$r%H>ut|1R=`70%zQ{9{wqi-SAYu^Tvh?jH%&av3Dwh#|jhgpn76h|O(m
zF6#B6V{&3p_>|&<wtxRtoQ8)yU>f|>uOy=HI(6yJ(`@bRPDabF@%AkkFtO5ehT>b>
ztMP7c&RI_Wol(wCsHr)3>Qw037}-tTYd(Jb=fsJXlJ6|ZgX)%SXLu~)@u$(;XNyQS
zM^r>ahS{OK8mHpeax^PC|4fLXV-g&^QXn|#`CKgWgwY~QPjUZ=sA$BnVGEU30ORp@
zC%50!?`K<*cL0eBFrFc8fWi{JktaACpKVdqeK=}h2fExR#nSPEuhh36KZ@Lrj*y(^
zxOSu$k|w4staVQ)ydUmS%|tr)jY`so;tHKMwpUiKwc2)1fAmR;mJ^;IrjFIcMt{B|
zjlEhjlM6eyoTO_Q|0#+LErF1eQi7V<anOdh$<PEF8o!a(EW{4LI+g4!`PU^nlDp_v
zNvG@t2F<x9e1YiP(oM+!Lz=4gL#Ys2=S^?N8WhD0@LjF)F{X>vLj^5nsgpWA%XTdo
zdwXo-*6?56mr1nCdVR0_0u*SlSd;ViPFJUBm@Gqv4__3mO}L8eceqma9g=O}FI+yj
zQORmkqo*ujng}Nj20413haQ&kIl<L)Y<p@QrMH$=7#FrAoC_|9&tunA#|-y6ZlLg*
zL>;(*(Gp>c%b~HTB+Iwvc)x3q<p|sSmNDu-a54J)HszO4neg)TxB3jz$S+YpnPp4p
z1vRladOHzoFbn<O-93v-b6hDy)o(>54s^V)7bDE`frs&V50%4*o8^z*Yu&GWCksX*
zi=RHV-;p3CS!wCXq|nX_Ube_z>0bQw_u|l)4+mT<vI|qP#!QDc`Fj)nM|H(*6UU9i
zHHKcxP|1gN?G8d$!KO34dblzFVM_1UeMUxCtryhD912JcG~t2s;b<=j2O1+hkn$ag
zUi7REuBiPJi>IZVxE3&m;;t;WUG?e1hrLrvrcKQ_Xj6qhj27u{_kA<p#LycOg9%{a
z$w5R`KETy@k@i8o_-(b;R!ZyQ2^@9>LCog4S&bGiWLZ<Z!ssiJ@2-2U+t~ho$Z3h9
zl6r@)vvRXMCUkk$Z_fEeHSR}fuFrMUPdwTUD1AGShM0V7)|hNex#J6|iGrqV2+*Ug
zSo0?7c3}(E;|q6#xkWKP1idB49vtt{%_TBAYW3j6>KcvH!4)z+K#d^f+`4t;^p*t6
z$R=v+&6-5jcb@yBCp2MlX3_4qSZi6FeP4kZeYixN8IM+F>U_D#@@OcKTZI84z&L7`
zC#UMosxi{fK()E^P^@n7#nfn+1z`mkuC_y$WhAx-^aU&;Rw>JH9SYzjyQIX&O&KjE
zMwH#KVdC#ieb&(v#85MxYR&Arc?_^J$LTuTX9v{oS2V1d3|>7zJvUv|%4o6ikTo%S
zPA>E#34aPZY}h0pJNN!P%ZjdzLB|7}0wMG5^~KWQ*t`-z)5weiFOUD+WAMDar9CEV
zkz;Y<kXYNu5tCZFI5qYY-_I#?d+@NQs>KD5Malj19bA#602h)NfJ^M;qmi&~EV)w;
z+rpxTM*oNYMj5o{;|kxQ2BlyStec4G+i;|!aw|nR&q$a+qFa3G?2+kLtuefNG{l5r
zBH1BeM_L3{qV;YB-{3T_=#WVhCR{d!Fec1_zp4A&J*@_+(0-{Fh>(w@cjgY?zQB6c
ztS)|8fWBASis-<p6-H(KvLed1kMyE%uqg5-GTT0V`cxN{bMEeyYC#!{?+V*6KFT}u
zca*F|+Pjm<bNuAIaTFNo#jwpLrSAm#{CmtiLGM*I<?yjQ4|r#M2-rgT{t{KQ+!bYl
za@&EXva|tOWh62I)_d+d_>vC7`9)bpMby(N7R%M<wbv}${QE*-09nSg$`MiIEWYQm
zn(T{bG;HWiG8ShXZo*3n&!&;X)dQ@$6fgVsv=NI5%LOjhOvm3O4+4ZoV1#t`6SN9)
z9&H(-^=s#)!bNiqNP0(Zxgzn-9s3!ThejOi*SGJ93l}08-%2?~O3M%_$_wL&`1OIM
z=g$u%opm0c4~s@`&K#lpn7G5YHuqiJI%AkzXt{|*^;zHT%A=Td1{s4<V=xJpgvVhD
zK_#7C?(ihln8Uqv6W^Qs*Co;$;T{QtbKq+r(i82^_m=cjDr7`EM#Yo-VKcylUNKsl
z1hV9gFHKo3K~vPBf!rtW5jJ)kK!1v7JDl`?^hb~IY*o><2W@FyI_m(ZCOlt+79*L$
z!_2}G6#>OgYWi<kFC`)g5<LbgQn&4xbcJ$6yB+Q<4JhPRcd@VqSj}wy{Kp)0hjO>x
z+7ib#+ijZjs@5c;fCBY5Bk5e0>d%|Eohqb##Eu`sit?M<I<<NYm@L=nvGhz(vQ7iy
zm(H|3ba+}=;fBan;lB%)#al!O6jqIEkpt#lh;)sY{3p6s{D8b`OE>K;-1FGFr|O>3
zKYl#?-L%WePpb3Cp3U3aOBK)m`uMgYaENm5u!_8f#apYMuOai}402Gx+qAdL+B28J
zs32Jd;1CTzTj~6_f_`#jRy6!H&;e;*zaCSs2y(ZOkTP}^L<{})9$#u}b9agROU2S1
z$r*TMF*3`Vs;YGqJa8K5a7X@DC1uoo1cGh-`e;}|RKRp=bMtAm3fU8M=uhbPXSHCf
zp_J%Sb<%F*=hOJfyt<Wb9f_hCxcBAMmFge#xQC0yFu8y6Waiuv*K~HDQu_}VV8i~_
zUtgbs<I%bne90S<gu0xAca6fu=N{fwXJEhHy{ofF2h-6+cH-en`GLP=w09-XY+3Q+
zXwBES?zKr;j#tdnEE`AbP<mbsnyTPsKvU?}j5Vf<e4@9O8@g+c7v&kysU&0K0a;;m
z!w3TS5ntZ|iKEAkF<vPV^C!?iz++rs&tJIUsu|Q1%-RdLHxw>HqTnj0xUZQs5`Oj_
ztWGpWMAniw!qMdwUyQzD2QWg>ih;ewhEDtl<n#{RNMpNhdG~$loW#=27v_D4G>_Rk
zTyekD2ZmkJW)WO5yu9+K44fmtyCx?66u`3Us<CEl`u-h4-Rdjv+%OTLL0>c7#CjB;
zC8UQ`XVL1_t17#StVys6AXOFj)4t&=tB&2QG4r$jXj_q9K=Wz`eIiRbH%(Azox#Tc
zV8+UKc_zp_h79?I`V-uQrX;M}SFc{V)A?F>wt#TUSOz0&Yb?*9f9m#e4zVLm9g3#6
zG%V*;H_^iG@rr6@%rrB{`A$b?xA_Fgo;?p8Ir2ibkaLi9hw*naH%L<Ti0tQ6*V+uX
zSpBKV)!A7vdPA{X6deTL0`Q-*+>@zQkqxRTCM0n{T*VAV<u&3KX?#OYs`|6+z)I1+
zyA4r!Pe5VuS*##jE?&40tEyuNiD^0@(B9A>kiwJq`ZO$47uiqpX>bw?+_v9NFW7Lx
zve?m@nma*X1n8BXvWp&{iOc&uc<cU8!VnRV%TZoK;V)429$3^vBn!B=(A4yF@J-=)
zW&2+Z2<Ug#ppa9LKGYD6z9M@Ab_|$F*q>*F9N-y)DVFo2L=zb$H1~^u#3!yizf$;p
z8n0W!tkPd12%2^E&kwru3qBUKw+Pn+-`*Fv+dO2X9n6%i;UJQml8Pha%1h|@hu!ik
zuPZ29Q_nFzHys#Q;y=G36P2|0#HDe9cO%!>{#|NH@RklRP1GgB)l7K_fHMizbb?oK
zzdt|E==eG1#%JyT44MD>`K&MEnMjZ(FrSY4?!clBy0XZp^Vh-MSDP3a)stjOkXGg$
z;v=c82Hj9mN#8FnvX?hZ+N*-;DVc{~$Mvv}f*VENB5|RcNX?0(eTs{C``%ZA8{);#
z7%bQ{x5o-kv^Tip`{zwWKEoW$?Dvd2OzW^M*R!pxy!=7AGy4zL90OOz9=>$u476!1
zu0aflX~T~du|5#CT@4K#to%g}mfro+O?0blDrf5)QP9$u_$x$`w~Lm{kIL(eV>it*
zdPVK5Hd^3#Q4!NXiqC6%YV}hEJQ%EM2N?1h=n^Uu>ygFP^y3E;&b>RSI!$0d-vq`K
z6H|5>sdo*~kh4kn`i~0FHCM)cKBmDtC2JTa>1GpEw!XjH33vc}iv}Lw9bJP5N2hbb
z`9o)!fCy{l{Q2`ZwPAxuFNk6B_z6gy*}B0?cV)`_3sl)4`~hc6_iX)QHP?ul!ceoi
z&kL_Qwn()lOc0CZcVDp~xLY*=2TOva2asE_QBqf5s^GUd!BY1T+cy6#T#$!l^~1Gx
z>KpYxn6WO=Wyo@O_ZGrG3E#@f**?I71%#5`u~k>JH6}Lyxm5ivw{=?`2eS$+Vaf+_
zh}1Bzs5}&;4>=qWCi-5xR!#eUOZya0Tx}=$59!;N*V5^=dYZ<>PyfC|ew2+5$ReD?
zGQxaX^EKMX46}hATmA849GTs)6F}gjy(Uo9x1U0p5s-nk#d**N8XTBU=9B*BR`lr6
zgCqFnD5xSFLD={#Cr1Gn#Ft8_$(JFu6tK&f)pNCiu;d)VAZL6i@$_8}iD%^Bf1iD8
zdf`Wa(7k2g%DDd5HUwms--3<EkV$qranV&l7)JI~J5Y1`WJbitn6F>Eb}GZeS}ujo
z9$9*0C#(T4sr|a?aXv%;K54yl=FD`#;`YrO{9!m201n`+soy?%;zWJnawkBVXWFO(
zsw)S(FQ+KwEM%bJhk7@%9rCTUU%N&{*1TK}2d!mjh(^+-r)B09&(_uHxo(R#wa~8a
zo+WI7i^Io>%8Uu)z(1^PZu{09_V$&;!NwK2tk<gC?GV=>sf3T3JasCpP!$CQy~r8U
zroBX-!(GvMTT@Yi*CTD-3nx!5v9{iY$so%RCO7nnyiSy7G`<ntF|iHmCB#n+4X*wA
zH;Jbt;Ux7vG#hSi)b;C6a&j(Abs8@JkreTXLf6hSsVJI?%gNXJ_46Zx{eFc~>_b@@
z%bNqgN^2Q*FItC;`U^u!bss^Vt4x`W581JYHN`i__EX;UUWea<XLIg?9-)p%v>*+E
z4&&Q>NjyNfId~{qhV}1nyKddtlP53TItAhjGY02KOC}BF=f@$k-Ij|Upr5Ykb#o(n
z!G?ysO?O_Fx;aKQJhG;8A{yMP?LLiFhc%9c6oxeH9a3<0M{(S){N5*fF2^C&d_q*m
zOkV3Xgkk+RsUENCK)!g<02IKXI?vTreQEovQ<uiU2opZ!+a0<2`HdvUMY6``<}cX}
zK*oq5<L8h#!5~OX+ldQrUtP+S^tcjuNm5MLoZGISE7=YMLAlf9v)2KsG>0oqo$7yS
z9J)NxuNy^G7@pmD<;rTtTtHFrNJ<s^@#bpC*!o3Lt_pg;jbr$hsw#~I`54}}Jfv+P
zt@{>#6a~4z{>sY9iG<_bR!<W`!K)Rp(?AD|**}{owbr6Ck~U`8m!n?;4;?#34_<pm
z70EQWviPcI<8`Ycp^DX-M=g#$?X}S)=<AyN??z572Kg7a(xBe05xliq*{O5qrmuTG
z8kZ%pzT*2$_BohkLbF7W`SiSzBd6MrA3sLG1-C1`Hnt@(!eTYqk(fNozW<zOeTre=
z#C8$Jgo+i%I}Vy-1d2M=%i!D;rid=Ec#)U3)fY4I72+=v*S%R#e8{NXWP(AbSw{Jo
z--yXmBp56J>mwY3nl_x~Qpes#+;eGbPl4?0bsWei=JvhodyLlRhS6Gb5|jVDrMG)w
z6jp1lb`iPH!fW-Ks;mQ!9&_)v_EOJy#!-m!d*&wXt%s#i67OgR%ZoYoG=y9CIucDr
zdJTo$^#)Tp@TPL6ia8cdGB$qEJ=$`@z=(Lb7*e{l46#Tx86S^VN^I<^9@8{5q;*lx
z^pq#1V`Rz?A~dv3SW~d5+@RZczl?@>JM&-@Gv&PUZ*_c2m6xk6p-M{WzU=ozU?z~6
zqaNuZFF3RdqG9G>?NCI7G+H`l#L<*pznSm_CGB%0_KfkPU4QtPjJHa3VKDnKWP~Xe
z?&9z8>Q8Bjh)L4jcFTSE1@{dm?OzM(jhsFh@P$RPBw{jX*<Ml!3*qCvdu8}$GQ?tE
zQYk3TkZhia^htjNPMn9CwTa1Wqy9-_w6%kzKD>XA%?hZTfdXmB>K?fA_0{Ek5|gL-
zzz`CyKWa#lvfy#!2^ce;#|D<A2mZa~%C&2U!;d<=j{6$=`F<k?hxS<Txwn+4I~H>5
zeZ%+Ov5aC=v#RRqjq-NA=>MhIy_wN(z<_uJ1Z2zt<pM+7{tRN*&=vb-Uircm<TCMQ
zK|^J}V@S)k=#CpIH0$$}!>oe42|Y$ubiS-mic9M<x+p7d!tz_6fejkZk5Rfa=d8h2
z;@zi*LanfNExQxOb3fh6*QXYrpO)VBQTaC-F2j$_%{_%e2<=Hvd9(ybAR2E(eRk6d
zT480iFzstza0Xr2xGS4E-8j18Dkx8Eyh4NW<w`UIA+_JHtE$WZ+5!zy)YcYwF4!)e
z`+JMRj&&|Bai~FtxNQfOAhQ7N`VrvT=z}zR(IPyX1Gr%Dp{+tDmyK0z{G6y)CI04N
z%&mU|RZVNy)MX07jqF`?W~yA5WLtNw+7@t1=V|A0g8odF15=7W1%pB_>Tl%b&sFHL
zhkfziJLB4oz%mIsO0bGOG6zqZIB`w)%>s>mn4I(>*k+KEY$q?Xwtfq)FD8!|zT3@1
zkXT_!5bv28%6JqADrTy^>F87BQOa!{m9h>|q`(tCeVQKqdN3Kz4Ze8GXuWlsgXSCM
z)8U)lHe<?wIf996W6mYUO)OaeH$ECR4QxA7PRe~;jwVeynp<&m?(yd(hqY#KA$7%;
z#XE4C&O{vuo(U=LQCg4#r=yFHYRUVkyc3Z}g=-Rdb4Sz9u&E0bG~OfZ6^X+7ksB@|
zkijJ;y<xCq<#q+A$7yNpjIMsrKdS$nIeL24#!20~cdu4`dIQD)+>B8pM?%tf)3l~G
zpw5|o<;IOo*hp~-a_=FY@G>eYCzb^S1kiGL9d10<-8ygTTesEp*BTezi2HA)X5_lj
zW5%5D%zbnzLAW{)07)lT1l?zq-2ZwS7O8Q2s*(mSKPmDp%Z$IvERt~lYRD)N4oMo1
z6hq48p|4Ey7ll=QJ<Dx*`O=&X!#_gbr=);ba-2f{R-|1~_>2Xb$Okg3#fKGFZ*h?=
zY1c^ffBq}vZP&AvyE{_o>ifZMzXx=^dj>kmcDyRLzP=ia3N-%4jXG+;0}BO_3kle2
zDz^rmQ8Imo4ts-pT{7H$+)8GR6?Ro-uiT{0aZ+F#*bFJpA64cRBBYjed+X+iU))d8
zuIwUis5lgde9`VfUNupo-nZSG93&6=5$s{zm2Sc!tKY1(9l3kn<kCb%os16NN%Hms
zPdg|!7t1L!_-!6S?enMbxcidB=FbmTAME%l{Ev|M|M}VfjwcR1d`aR$m))sk$wF~J
zKc;fF=%NaS9eZ?G6|49^6q#;99r%%+4riM11!S>726esuKg+*ApU`Jm;2%njNc6w{
z1=iY8p$m_;Ig|X^x`p}q&~B0ME?>56U1lrwEtp;8wQIQG;lgJ!|MtQC`x$@Ym<dz0
ziL_HlM2$>MGvlz+bfi`ds26};LDO0+=ryPX9d0?jydkfp75MWR=@jx~DRj4jA|a=l
z!%C3#jy&NlHBw4Ups+4n$k9bB>n&MzPBSLR*q3kIIH|w5x_{?nal;OVlum|Ge{Qnc
zYf^W#Y*2z|$uTAsg(<Cxs3<b)>xC8@LB=VSuu-7R@cBCc<4QtBKs`T0Pp@eFsQBf}
zJSB_U8zbYls;m5L|J6I^$rEbC)ea8x+r#3O6}+H5{KZGQ`KF*?sbeyzIEE6x1FROP
zzFxY8*vib2#KTu=mL!_Ki(PZ1@Rci7F+GYaE103D6{I93hI18!V>HE)gWFL>k!G1p
z7zpW_f5cLlh&&FH6^jOy>($i`hh~!$TQ6Jomwz@T)%?)O>gp&6U%VPp=WwsJgQ*og
z>8ydNkr8Gf@EG89^FZ>C^62W|1R8|YOAAIzCyK+dIF(%v4Tb?yU|I+4S_y}7t~I6{
zps0VKMUl!#iD8rlF8Q~8o?K2d)hQPR=${O0h1KQgS$LjmOq-_G7C3b(Kn<AY)tcqu
zCKj+9`G6<%NlrrJO+A0S*+y=}Z6>VJEOfZVm@4R=csmLY)+&8_3yV~@SJbTB9(Y0g
zj6X@Rx$lJ%f`@p#b<Qq$X|#hb7w;ll!H3xU!73Vb=vrVS5PmT02e@BYGq{KS;6JxN
zt}6&_hqn#BbxTg~`rQKG+96X3<sR0kOVELTAp;E1_Dr>FWgWWHLX0tgQtk|!f-CNv
zF!IDB^c@hFl-Bsa-yaiE(qXQ=1a(xT|4{+ICpzC;-n=t4GV%-1SKM3Ui40ls>uYg)
z2Ph`kA8@j%iAml>urmZjypS)bk`Hzaf;k~rX=vz}V-G`W?*Ne~c#)tvWUjTdv%a%w
z=ExIVYDO*Ca==tnFp>iQEjQ4;fO-z9p^{f`IeyNw>_~h?%6eRDv{zKv1_O`|BX1r!
zcrYNZO-?gIkOifW?JkxN{WBgIjXwM5FJrYbO4k2D+j+<Jy#If{%n-6mRwUU?BN{SJ
zD4R$FrKzk^(n2ySaUvCIScM`D64}ww)KZZV?IdLs)pdW@`F^k8b-S*Aul_mT@8R?r
z@7H)fAM4qI0Jb9+s8XjzwY8hvy#r7yIO!WSD+~Dt!a{xT>rqis3Y#7RloBISN2S5+
z+E1SrnEV-`;o`)XcYf|(?RS6PT-KAO(WTu5Mvwj(Fw>U;7*gXfmncFLet-_Y{``sR
z!|R`(LYc=gqP3drX>N$v1y4Lgy9!H13M11un3sXtZ1BqBS7`A-@jwf?mtXl@nXZlt
zj~17?%_ZFxJ$jr-GZT7qfpugz(Ewr|UcK7X+?*+#$wXm)##G1fIc~X6pZ;K3=DrTL
z!9uBpR|-cqKd4b`{X`$g0w3!WbgQS=3il*rn{?a_%mrv-j*^e0V#Gw{{loTm;yyC4
zm&iwe93M|xfNYFQ5boxRR6Am?DafiM2wjyi4^r6tm@IGAGWMvh9Kq_o-(Jf+^p>AG
zb%^&fRE<AqU-=<=q@kheb?gP+!Fih_K0b5z{g~n^eUlpzhcvEn@KkC!VT9J1pyZ+U
z6VIMHrGh02z-4AbLHMK2b&eHn%_LVEKz@jf=(QAUH+tJJsrI*y?=sHK_LtaVZT-*S
z2wFZ|Lix^qcJwQI_s&-TQnU1(l!x=*FF(@~+(CZ0um1j(1T-9%raNgSExGhhTH0Pj
zX=qsxC04nk`@(W?U24SW(e>}&XCu|Z?>DT-^2rD_`xhNa4#`zB`>L@nvk#1V>i3q#
zNDuV!%a<6b>uV-q5KBEj@wmCQ_3#lRuB&neHU`&y_noPzNS&3l?TUOgrJ=PiB=7UG
z4@vz*oGyWpDzBCQeFz^He!(cI2kdWQOuU=kyRfA~FgZR>72zAE%ZZJBB%+Y5yZF*8
zQtk093dUxRJp505>W*N7Z2LjDb|z1o*0I%`_w946%qANmnXiP9i0QxGoK7#v=i!65
z^Cz1*V~`0{=3hG_I=Y~H4=Oje!M&eRm@v24X!EN^4`kBRTy9)T!3{t$tS%y0qI4!6
z`&&nroOu3ba0C5Pm;G9CAz2m5rk`UmuUm$UHyk4oIpkr+*z;KxoTM#>3fl1a61vf3
z!{PI1B0wgYP&dq7V4Yw+D+|*X)HUrxKcZT;b`sKp3Ne|cZM{7uoR4?wcew1shj6L>
zA~yyfi%@yFa^}q2kUkmjVOVd5_M!2+Xp_UW>IP32+<?V^Rb?+eYUrV%^&yU>h>84G
zMb!eaLluBd^7Qk0qT?pMI<@38y)U7l=yT7WKQBND^su~nu6yO(jVW^{ot`v){AcJr
z&NsKF%9F%7l99nKI6OJl3yfKOdH4!p7AJQLKSF8!qK*FnxCh9d?Sss;$zRic@qE8a
zT-V*Z%v-YLSjWdj4vp8o%IWUO^OnnM{+JW%hBn3ej663ze?YS4WvS&R6=s(gSm3#d
zE}UKU&xW}Bu^*ZL1mSLAYGpN1W<iaE5s^)JyvqM_p0PvwNK#Vsocengq^6&FiPLxW
zxB8=ny%?su4T3$m0V#QUU|;Uo=Cc>pOcIzzDRc*^Bjjdq2|7<#DO~RNJ!^0(E>>oC
zWL2~i2WZe3N~_ekdDC4+cUaz!iC7gS;3u9rp(HTr$Xb8gDJNnu=~zVNz*BDP<1b!h
zrpTfiabH@`mC|dU!3m|Nnq#%6jXr4ZLKX_DcH-!aj(=QcB$9|dh&2VrYOdlst@Y=;
zxceBXk*o6e1ewxBJzuAmiCp+R66S4qCnx`=Vwbi_$QGfyY*;zi0bq)L$b9Qon8iOB
zHhARxFjtI1DSvLzUn|$}H>yNi$R4T88BkRSI8$)<DE0J@A)1zp0}XH$FOl;fppAS1
z0-7QV`NUNz`pWxww-^%(Ty}biaB10WQ$^s}A*5L>wsO*G`^8+Gysc|eq#PxjA185i
zfkD<pRt#b0q0h^5EY?@{zsf0xLj)<tH7S$Tt9JukY9HYmjEb6Q<iuVGUlI9zl!J%)
zyr?y|LWd0z>z3X+d>aBrB*}Sy)(%&-&ZFZ~DGOzNQza3)pzvAVe79(%9=9YUDTG~R
zP0ck2g_{9_GatARMT(rdh*D^l;JZeK-NKt$|3r)ohd+N@7+Sw*gS3jcwZ79t8Z6LW
zS}|fN=$pXnjT!Dqa0fy>R7sL*b3B}xQcD!i<|T$Lqa3suasCYSPNj@>0w{xs`5XP$
zWq_>DT=uvXu9>^wwLlbmxya7KLVx}G$RYw^i9}8^oW|@GW#tQ@x8jJ)=zWNas!-Sy
zeA5wGt8zapx^A51_xy?P@)gsSf_%=K2y5u^;|R83up%-w_Sxi#6IUiL9ZRUb+fc0x
z9-*KK)DLfx|117XLVuB|A==>_=GGj&Y;rR2))*NfVO7WbCP0GOQK~1AQVFFqyOuA8
zonQlwSukj`uXlvJ;R>taEG9R2kiRLL{rzdV_EN-x0ORVn^aApD$4rxPT}3PXQo`?E
zzpfj;0@`lk=_R1F88<1BC>GAA$m^M?U#_u^U4L)u%b^*+_`bp4e!P9FLZyc8HRBie
zCew6)`V+pre)|?JZFI*m3NsXbZA*)WHKkp@!=@G%g;Z8v_TBEeG;J8tBHDMj-}79x
z9~-T$tGN;uKhIX)m|f~r<_jlpmCAwB`t9ZP8SQdIy>~hc4(nyez!8x1NvBZ(U@<;K
z0P~?kRwEw|6C@fy92D9#oZp|-PwOWp_VxSs5LKIXK>WkUt4H>=*3W)P^~tm-SB&Af
zoPo-z{LnyQep&1<CuR12mx!gvp1s#s$it+lm{Mlbo+40vGR==MbWu@OAhzZ%C?vr6
zUoTh6HAt}LKDZ<m%5;sPLsLKRs!G1Vl4Db_2SP&L;%!qc`@E}}EnTG@oHFQaik<F*
z*l_in2sC2=XP0|ly0N!+Hz7gKvd6nSJIBe(>+CkPcXw~+5%TG=Eg|-i9hj4~^XB2w
zd^NcdB9bdW;)TR!a-l#5=2vW~g+I7UyY=zomi=1U5P=@<D(|D54rvRMUIZ;3PY>_p
zdv521e$%`7c1f6AxfO9DH|humsKPt_ZmK$%CX{dZL)8zQL86dm215|6xGKt?JA_l-
zzL%cnIV@x}G(T&LE=aY1N*feiwv+^62C7&mR($@f7p%hYfgF9Gs+_CzAtOhQ6i|EN
zoN2}3gbtT7Z_Ac%x2E^MwS8P+OE!5rRUd>j^`He~xh=VF2OeE8?Mz8=am<FeMape>
zL4#X`<i`5?8{bF0g<+%1p}RV%^HhA=CIay0`G^F2)5=iFEDKWVUQur>v2dk;;!`q_
z8?<<F5^9S>hn|rJp<<mE+2gt%3V!Ar0!KiQRx+!H1`S?y(;J;Pl@Mej33wJl0N-o4
zi6{&%Z=aaZelz}fqwdNz6qn_;QcdswqXm$jJ))m_v%mRVby-R2GcQ4ty$fniAbiYK
zt38Zp8;$ejqBdlQxOluR(}&l6{(So6$#5z6_BL16oAV6wmTJN<Re{LAeKUCAcHi8E
z9*KNxB0R3Hm^-C+_BYbYSpOsOpJ-^bLH%ime+9D!c~!JGp1OpYjGTsKC?O^`HdE&a
zA@=}L?0PCB2pQ?g>S3F|C`HbPg(DPA?I(|R_mvg$q_xDXiXtV%HR%^V5i0ri<}CO4
z)JCVd(YtTIE-JF}rBrFh#E_=B+xeusx&GDY$4%e9(OAFIbPr!4IbcAz`&<!~=^Wr3
zZA)}?P&-<~8lV_OkwnE2f8OWdup9_|>b}B6dpLRSxUN0Kv(@g6-AD<0e6;5I;NWAM
zO^kaOIv!FJ1Z?~r?lOVV4V%b@1~sxC`Kz}`*ik`8j$sp}pAO*#=eMX14$`F!+RJ!J
zsydEHU}=&}A~{6^%kNi(Kkq<td~yh~_}BXswnJ42m}llQ7>h7B4lN3u1$PbH(szs@
z;vvP8d;SzZIF!Ufi@yaR#P});jo*#ee%;uUwagmNuJV{hmjx@skLL-XcaD&&Yp%A$
ze1hqJK!`6NH@;tCPY3O~-qoCyWCs1FL$ha=Kqo^UuY$po&HzqVXUUSWp51!%K$w}H
zy?CBFqx|?$eecVHrSbX6a$v|J`~$<*q}6W+^ersVddtN)?er4vl<ggmkca`Lp&&R$
zdPblXufC2GcA~ueEMh^RaK%H0s|5RLw8+nx@q_OoxU9GDh}lXw$@sDvKD`y15xi6U
z@6C<Wb#3EOSxuW}hoL>teiUCo*iMqb@v60<$>FUD7a>T3!f@M{Bs#kh6-LXw*U1Tz
z^cOW`?Ijltcm5?Gkamz}hf!H>ElpA3t8DkINPhg_x=}LU+)h+_os@l868JcyvjPeh
zlEEy<EI3mKUFoK04m<;puDf*UK4L;Rp}E~!Q>C{Hp&+d;*MUu;C$M_JZr9PpN-LC<
zcTbr7XE}!mXCa^55WsSNMF%W@ZpC2G1$SZC0c!)yn|p4i{i01etVQ};P$=|)+gP?7
z=H)t(bihCvkDZ>iJXx>zRg=qtL4IuE#7^;n<tRXE+8!5|KO9#SD&_CrOAHv$z_e|&
z-Vd{*_J0Tp3`8KqPu>i9#WOE$Kb{I!&5QY}$*V&!-D0r1{a9gfWjvux!~lE${{828
zYEgGUr;;i-e?s>~R}!lxC@OEgAGYUEJDGPxcAe>j_$+5&e`z396i5VwG-H*M(;dzj
zGIsFMzOEyoA7@YM+6}6a-#)mL#xPKzzNZK;=W|3?ZjM8B9&3WhmE|PfAACGyxK~6Z
z3r9fSs6g?E3Rrsyky;1|ghV6S?%^}$n;z`MK(*e|Hk5t*NFrrRvCWOXBW8W2qGxv~
z+po%wfE_0>0JR3p6_wrswCC0NHT1|hrilp~c60%bUW5D24z^kUq#WpMY(@TL(U7^g
zx|YOSDQ_<os9VYvZfzANVb#Sf^H}ug!;T*PNAa7TpiL+(5cW;M-1y{4883~hT}Y}S
z--8e|yGj+`E_87tI6!EU@lf-^b4T4^kw6hFN5<ttx$EoWGuZnXsc;~yDE#z7>t3Gt
zACe3MrRWe^S%#wK(JOIWz~rlb8H&B1<ltE&j$gX8HTS_=9U^Jx7)~pE^2D^@`UdQ>
ze_d=CF{X8Q50PxxVX1)wccE;8;TNoSWR!ybcrEK~kOHazaf%3?xs4M&CE)YOh&M`c
znN42@AH<2EV1HndN0;o0)21z(GPF=?2Etlp<v5n#42s!^h>xsp(spO4suKLFFsGK&
zog_;V4S~~;RDvI|e}#v<bm@aCQaj!i6eM20oSJ>~o+0fSSDm+ykIIXJggwF_^<FY)
z1NU-0y6Q((e8H=}E9p&3%)Qvs()GrlUeo-hK6^GmJB6u#BR4N{@MuckP*Y5)w(h|K
z(J(2nHBc!a=rB8eGw=<@B31jbUWaR9vMmXNP$F*xzzDZH@f3)gFRe;ql7<}P3H3tM
z)=n9U4DAUJAlY0z`PJ+`#%Kb_i7FQ^kssWnTer&5NH=n5c9r7-l=s{&7!@Xu(m<*@
zsZVr>uF2=K>iZJm%IkagO`fAyyKqkdIOvQS0W@$NRBDfXszs`Tlo8g-4ou@-ct`L*
z;34&)l-fv-yS)xQMgfU!8hz9go7wN;9^Hhjxm*A@{$DMMdQK4y$4*X11UDo{tEJ}U
zF+wyJ`{NuSElSg(yu~xm!@Z!RxUoL=G2gL0s|uV><;7*2nor0(s3!>$?QuQVBRRLp
z*u~=6mYtw(wo82*MXEBTM2rUvUP$X4g2s)tiWVdyk~37m&Jj*|E$gdgLQ9$U;zc0v
zrPde)`)NH6*2H{mXYN8HA9Ci$gPUn?DU>J!Hk(&!u<v9p!jsf0v^?jIOD&F>H$vT6
z7*OXGe&%Z8vUQVA_eiT4g7`?#SO51-jAYI-n=*kzgj)_y8DQm(WzJYCllc|h!){=1
z2b6IDFQNDI%6ztogS;J>rG&!@Qd8RI(0^nyfmY0cn&264_cnOsqUA^TP~NEPGj_<@
z*)rh&md#x2`y26~3YQe$y#e9{OkM<$31W^_Nrow0&d9QG6#_sZ=mEmXF}YQx$A2O_
zVM1=n)y8G-`FDprJ&8O^&?AV0SAdSFV*)SrN#;`qEj(_1E_k&3MlpRCIV3q>j}2X4
zP4FVUSAjA0qz<Fif$}1himaY!ql*C+w(1W{Req~H@AKv4mnSPXPN?|-JeV!L)o!04
zzkK_RL(i%_wKRms&goD2xnD~{QZn$=sf$@dYrgMM-#0~Bc{l5pg+Nz;YzuGLUSK<r
z6&eGirKn^eJ^~#&)8QB>I%oFm2B*2Go)M=jJC;~~x!yKfR$cW>*KQ&=#`HVf$ZZb^
zC?ut&2P$%&d1Z=)m6p2xe9N~kj5~(;<^cks9t~Gk>ef}mrcbH>=2IYYXVflIe{Q|X
zzaxlTa?qeBcH;f}Pw+&o67=@h`$t{1b*PVn0+`OrmrQ+Gwf;e9XsFhhN>FdK`r!14
zqDk{ZO9UmQ)f24M$;k;6JN5bVrI%iDy;oLRk|GMDpf(1PkL*C!@?D6UnKK=!E<8`5
zj!`~K=s72FzJ&!XG&e2q^6RrO&5R_Uj=(u1Lpc9r%;2pdZCB>ea*N3j^LF9q7Z@c@
zZ;G#4-vTLr+9xn*E&#q&zD%SsWWK(5^-5{{_=TZ!9hyY$S6#h2Nj=#hbX(2b5!NB;
z%!hqZ(U>r5c!m+cG$EC_v2#GDB)p%IqQNycjY%#b%OKNl-oE`lV%y@-+cob@sp{yK
zCr_XL4gglh48uQfCK&}UbK2B<3$<9_?QFkCxDg_d_=SaS;*aIz<ftQaW8+S_jh^Af
zEOg4|f`yCrdDwq4l=jK*mR&19_?R$blM)ssjV5;5@LW-+Bx=ih_wRS_@<@mtlazF7
zEZ3WFk!LS#FmwPgu{)C9P}mD|O4#X$T?#2&xh@&pMx6Z3l7xborXl+DtCz>~RivhR
zO^l6?*!~R)s7LNDewp?W#-z3iqUl~TfJuD@jqy*TMSWJ*fJ$WIF=F;;d;0GSfo<x0
z%?O)M>W3YHvAwJG5axuAR0c=CD~FPxI&^vs^{Q^VAorKyn$cYvq9|NRGM`wT=3T%M
z7)6$wf44C&r>k|sf(x}PLk`c6_Ai1#LmhdkD8^w}^%P(5|Ak_k-M^>(^AAH*P{y>}
zGio0-hb;0zx%jC%wAz{REHK2l`<oRtG*W1gYR!PTH^KUyUSd<SVabF3(&L!VB0JD(
zq;832{}ad0*-)B<ZNM#w*$9L|njB^I!RP$_bE!KV+}%Yir9SNvoPzKTJZ75l;(Mc}
zN?Pmx8g^;bV$HtVCIQ$7Be&NX7#n}7uh%3nAmQ=pmWrhoTegf%ZUFK0JkfHzMbE@>
ztqpUThsekh;}ju(QfGnKL<9^yh4HNtf;Q(^1Ot|qi3OpKhTl+GeF>5uqe1MA)mCpi
zq$iQ?Dc6;^iZ5JAc(RNq322H_9a5Q_Kr6iGt#$`$*Gq;{>YDQMC4gBge?(?J2`@;C
zr;4DY=N@kTu~FSIJoD9&QLB)?`i#UPd%>daYF5ej`dCD7avmDr=ZCJ0=-#ax0r6Ej
zNRU!wJa0Zo&0m*X-F8zEK>-5Bp;HYmZYUaFC;IB-Zd*z)l|D^lPI6SS>>&y7?5;Qt
z-)O%|M6a3?2eJ;U;Q6CR(-=!<e8@y}Zhh}|@cwToJ}_9$qOa#E0Zn{&rX!VP?k$Bm
z>ys)gKY#(&Cndg7sO~X^uabF6u4zh?b>?kmk!Xn#(Fh*K2n4(#ww9~OH`3POA<LM7
zeF0kmIj_WO%N!*HK|<=_yAfhC9H5*9mmU}o(*9S?BWZtVK6a`xo|c(|S8Wu(4<9;y
z;L%xAC^jc}(#mT&o^P?auKvn(R-RhW48s0^`^bjC8ovo6=JZ>`YTr(rJUK2te$75h
z|29k2e@bfdO=<4ZZFneL-dHx`1A~KaX$}PVpsfJ|fof>_K;x_-bCHWNGyQw>%>mjh
z(XSX$1ojdVkj~Pq*tc0EKR{VT#SxSOg>D9sl<Z;x%s<rCW%%^%_4QaKoKPpL$dfH$
z%`6L6i5l>ik?OKYqj`OJ112W#sC8$}nNwKvKh#n07g5Ebj#6rcmJO8nMrRZIPP-lW
z$KahTx-t1<TW;fNAEZsn0m>$DB^d9M+r(sm6g(xU$h5@{KM5lJ65tTsEaZXwv17-N
z8z=9XI_P?Z`+gyB>FU)jDG7z0`Y_ergozLJh7XS~og@XVGiQ0QhI;n;eHVZ4h;&f0
zr9k4#L3+tDK#HD!*MJfp5_=DqW6u3KT!d&0nd0}>*wFBLmT_g{k261|jvPB?kmAzJ
zWk{<2^3c6Tx9vvCET}8|v`}ay@syUL&t5QgHg|5WU3$;R#B-t#1Bp!pb+thl&k(G2
zykbHs7zIsfP~iJ(Q$&IkO&4ivKSrp@pv(NsgSQoa9Xh-y4r2@*Np_=|WnZ!0y%{W^
zVP7e+dl?R1@*=X(BP%K0N;&IKwDk?+t!}WkT-=Eqn?~FHBoz-x?E3h$mz>tLGXyJ=
zSMS`ff9!f)zkS>6>=5TH^RxWtI4+g++ts9S@j?r2h6^^?rl#6gm-^&tZ>Ox=Ka#p+
zX3M&CwLvyh*ktIfY->Mbxe|=itGy~S{VU&g^}Y4i-TsHoC*)!uWFSI5Z6Qpul@VSP
zW!KH24EzF-Tm3eO`sj$n<7vC_EyLY3y&2$I+NPw@l^r{Kc2QcI6^okn*R;2%xn)i2
zH*hC9^X#rRu_gbmMoH;o5llj2z~l&sXIon#Wr;W@E~lCATvpeFj1hS_bkr!Jt4E7P
zw<@J}=1kPY?JK;>b+RgqNOxRWV&S8{<tvL7K;pTN6xcDcQ-;ylASS2G`Ej*rgvEN<
zfxxh+n|8p~D4(i<-K-SBZ!>r>@dS)=0Z8XxEfQ<~=si79Pkh9z6}Y5m_{NWamYy!?
z+Jmi_#6Vrf3XPMl5@Ibeg58UcZ{lCje>&RR1M}rgP+U?n|0rztfaagC*Epo22TZUn
zDag%LmXU#7AI#L{XU`g%UCejLz1>?~DLS%De5RA1{fK_ilm^3x3kFVy9HwAvi8W)Y
zqbL&~4q=@4vu6u`mYs5MZ@mp`qwG_MFkaAcc{eAFe|R~oM7qF~HrYB^YVhEvZq;*S
zWj!TsS?6B`?B;ji;LYhD1AVmUxiv?FA{yYp580B7+&tpTuS+AzQ5Z~E5QQzCAqQG)
zfD%j`Va;4#i}mze@hj6JnpGMa_s)x1(No<<f8?-b`B$?+EP%FNAfk{TOcEFRuBhlq
z#J`2^^kPl~#i1Z@-@28Howt#<Ztef&bb2&OZW6F96Re02Yx0cPey<^wg;|t!hiZip
ziNvAvz5pSt^$wn2|F`;xnDWbrTzJI0sp4G+CgWC4u3_Qmw*L0YqAPRVQkjtBe}u?@
zU>b*#62UKSl$sZG#k_x{`anSzwy0>_+rt+Umzjg&<*ysQSoZJ0KuHknQGUZDBzDlt
zQ@1!L3u94jll@PgRCM{ZgPZ~9#6Ws=<)86FKwhGXWXrw##_Fjl4?HBk;lU*_<mB6L
z*qK%hUdsp$X=z4VS`#;1SviX;o1^`eC`yFjIoH~I9!1CS3R!K!qH&s92D=OTCQN?#
z(w}4#*lwtb=%qzZazwSBz{X!^&vFA=Ke>=7KH_S_s6z*aT2an%Pf)xA)wJ_#D7>^2
zHirh6;(%~tWEl5td9$&ly~CbwCuHWcr*{0cVbBhy>wNvXVzRUE9}%mJ4YzOJR6v|r
zZ1;Ch59f)~r$fTFu<^;KbB34zsFBb{U^26%s+Wk96p4_WhQd5Bq2ai_IziH@bV%3-
zDm^tI>A^A6*M@|=A(b1}G4}X-!C4JN0M4IakgPa5taw)skIS*7;Kr_JXA4tC>4DJU
zpxw9?87X#X^24QDt*nyR(&Lu~OaW5_USm0UWk%+_pEFbINtLE&f0gwiA#+KBM`?j`
zurSo++tH8^qg=D^S5Gdv1f0U(56(@O6e<VqwV}r%MrpcTUlk>Yj*?WAlwM_J38i}a
zy#|qNm01AdyGxm7CZykk@WJ%VpO7!M<L!{(AX*9ne!)$#@6g|nJ1D6(PT?l))D6R=
zZ;;hg=S^ecrw_TZr%7V<)GVr3z(0!9M6<NN5g-=+tkZMxu$&&KERuH_L<CL+=%f{)
z0Io4QY@h_q-?hrokI?(HPy-!(JmldD>|r~FG>p7FuGC1q>4mx<_UcC-+^JFDTjcBC
zXg58I&*8MC+8?~I!-P7T+m}j)gu9kszo@6A)aHm}f8oPorrGJ}s7ZSC?g#Vx{uCF)
zi1(@?QwbAuqC@ua5r-WWT#1s<He{RSlg);X_i4AEUqn^<3kEx<hL1EIMBF$cM-pH>
zi@Y73!b9VQ1CN@qI5-vn@zXu5@uok0+7acu%}ylyj{Gr%9Dqr*wWY$K>0GNZ*tqz)
zF?QOSeYAp{EI%r9%CN~XUxvt?MAo3avB=j|(6nHAg7*)^ffC1S*%iD{0zMkA!fX=i
zTtVzj(+BOw^@HNc0A~dKk(`Vfn*pE<s4YrHsk_JJID9v-sqDP@6JBX`zHx&iENn7L
z+Mv(*yC6bbM09<ea#yv(73{4=HaQ{41X~St{Sg!zYND&_6P_D2v-90geF}z$dT$VG
z7XV#=l=tl;RuCXmBz55!2|<?*Yhbx&_4-a(rlpLKonzi2DJ`NBL?{3X$SJ_v4}>9m
zyQ4<?Y!?hw+1vgwvqeak17L`sw(vu55r<px@o(5?EF=6*7L|t8Jv)R-9<fm2#dmg^
z@&EzWA7F<xUm`8y(SwqKIW8tdbc7Fz8r}JB7cGfe!zoS3?1yNB1R?kj5E?8x#NR)T
z=RW^R50Q)#fVtJHR&mO2tz1wo+W8_Uk+HzNxj`)Rj%dN)XGb!VkE^Kio=8{{e+=l4
zN`^}DXJex@mtMH?)t)qve40%cF-fqFp!EeqUAzRq4|(C>?d)a1^C0x>oKt|qn=9`%
zbvoD{enm1?(C4bWp=j8Ew9mVaMZjPZ@MKG#<lx@m>psOp4EhluUD4PV|C`oo#<#!%
z0qPmcAgkeAM4s&ppHDB)H>96P{0^*PdofruGJy@b2MHXxL*07zlvYr51*ul!e+sx>
z_6A&cA=E^YYTcd23r~SfSwfGudGiMf`m=?rEpWD`nJHzY@@*d`T5`@DVZ@1|q9V$-
zszJFut=XJsI(|A`db7!&yF;_i{YsV<f(yRce6WM;#i9=<heOULF2pv3hk&vSTvspX
z@3zj>trEpIUi$d)7A#3f85ESCoKY09RHL0%3z)VsG2OC{{(;%M_<lu#*Tbg6bkL^e
zkLXi~NCVglbt~G}*|TO*ddVYOjgXhqidw_5eH#FgC^f{{va+ApZr|Vj1F`tD`S1#P
zS<ma3#oC0l0^cM}hYfdj$oQubUYB#~Y=MwTZoiJ5;FZ}uc+kj%8uSYR_`^=6<qhi)
z7ki}YLqh}vTy|Kwd&&kY-Y3u?1+3w1J0nKy@`Uj#Lea8Y=J$jZ<k%#^4Dh9#;)q+}
z%a<?g6zmlyU1!|3%9Z23*f@e@N&I>2x`X~u^laZ&F0JbCF`SUW5%R|(d~6NgLOHJ(
zJcPQaa)Ef%=I41%lCtj6S;+&nX={a)GnK7!eLF?nVL9{{{1R7CN_Z+^x*!LU8CZ`X
z)I*W-`+E&ADw6p<U*53lf;<G29=kfdWGMyLCgge_J~U9}@2SlGz~VTgBikeWoP_qj
z7D6w*uEQ5~V8D^8GcK4~&uzAeHli&4&NLg9t;74~8ZH;?vm%ncjztilgl&THZ4L0;
zR3hZv2r)Yx^<K-O6_Kxyz4;l5oP)i++3@aNM1NmHZgjYp3^1&2pTke2;Jdj$kem`)
zlzXbzHHHr`J|kRokjJ9JH-1s`zFB0QoKIJ!Cb+|{<lyiSUfK8vNwNL=qid6bN5`54
z6S^5SZRN$`?;umybma--5~&fij}W<&EQ}wK_!}ShYgiO987|V=(OtWA;cmB%G^_5@
zd52UUijW7LDB?75ro&@N1H$<YSG~G$XpH9x3cx`m!Ee)GunTH@ta9KC>E~w0F$nDF
z-nxXs7n(z+TnG!JOya&w{YRD=AxcWCWCt>t?fv`rXe93nBSX^fEa7SqW(bFbjBG7q
zQwA=q?eh#_FKy}-eXiykRA0cTIh(&<jYp^e$&7mg7>!Ry+*IYN&|dQL@`0E{l9Q8x
z)A64(!i7@WyjU1wrS2TReoA6ooHU_C#S3T4ZTv4hy4(&hf!)hBJ{3v~v=77=_!yOT
zUcmo>{<ciG?EX#7nclrg!HD(Gb<*TjIU%*^toi8NVQ<DoqtS!>V;lkYKBu|okq&Z|
z=70IFTK=c#_2{MCy6@cE-&$Ji&OadBZyp9nY)5il6Yj?Svn5st301aV<U9R89E;!w
zJOX0G5*0#{SFIB89Gv@~KaW4DQyIttKQ5s}O3n}I*4EZuGF;)C4CpcWN(ALiNuv9*
zK_UOq0)Vp2Z<D%ql!kw~?7;50L&uK?xG=i!Oq>=~<VQ#=>%An5g#hYPy>L&E5Dcc4
z9szo(_6@RPOYG}s&pspZ=N3hu&YYaM+qVhK44xPi9Gt>5;e<MEu1_6VHMA}K9qM0B
z5iuFz?l@!4C?>1i)SR3K@UJE>+5tK>Zlb(bqh@Sd-wEn+$l)~sY6=ob*oO9JHu`(O
z@aQ5XkUVtc=l+LnQW%FQhI4XcTpmVF4GrT-r_IgG7X0-WH5_$9b!ec5qQei5FLNgz
z8`z2SzL}R`S`0iO$8jlfi(w%EzPt@C3dq6ivcsz0f24##7ncON3M)P<*{3JAZI5=!
zOx8$~4ImC0>%xBh`cdfwHvrjgS{D4u#IUju`~{t2fsb%M14GeX{ysNa<|1cN?cocO
zAQ2^G?3xQ^RAH`C(fJc6ZlY<+_`#RT>f8_~WPAsY8-$U_7X;PD#kH{gV*}uAllUMy
z;Q}9vpMITsZIi-+P}UuwC#910g{{<7^J{cY^EA+r<ZP>FTfjZ5loW;b1S1lE_p!RV
zIDCFjK?L=OA~<#<BLogV!Kq4L5!|pV>E5kdtD<x0TG99@OTO=3M=k(r69H`?7w+(r
zDo%9d+9|(2_PHy*Pc`R^m($!*c1Km8zhKtj$cxBuxkXuzJ@A}hnTTU60Y7ua`ba5L
z1#e;S9CTchbkJI)vMpyVyS_TH<Ps{7uq)T9axOgQZu(SHGY3vC!P`mbxwsB{$#DMP
zEx7jC^8~Eo`mrbBz^C%`C4`J<zURBi$u<67#nUM3ILL#H`};lr4X8+onc7VV;#F1_
z$O$M2h5O-@dP&L2Bo+y3v)X(H>14O>M~Q{mX_T6MB)P{a!O;QH>{b5rx$5c;6-kyk
z5$JFQq<K_2>|HgnLYrgO<Sun@{yfY%3h0lbgHsGVN{UwA?dFERwzNFWE9wf$Y*O}R
zz(zg+B<+F+=efCPtAs=<v$TON8hy&LLg%?#B836O@Ud;G6?~%#7kM&xdy{z(QERw=
z2Wpchz2wr>=ovb?y0kr7TepsHJ?BcGP^;cpH8qR^*h3({&D%0>mGK^u2xQCn1r(5Z
zUVUTS{ls7GZ9gBxnP)_pFxn2SL5l-1B?ZObd1z$1DbAdEWkQXqkcDJm6U|FQ)>yV}
zj<!ASS#0MVRabLTM|Mm5jpdFh1v>M=kr|$M)z%%)7|XD-5c*m-8BsvNFIEiBl8mEo
zDG}ofVxVf_BxB8g3nK3Cje9BhNjJ4j6yzzKsKIqKc=^LMZ3?b~&aaD8=YXrJSpC;M
z^EMX^O-2rpmJ!?l5%3a<F>ko-wr#XU4WJ%2sW#_r!rc2<&$+D~I%kvH#pSvuinB)2
zZ`QEV)BQTdu@bLf{OF0SQyJ{o#1Y(NvuCkMNz#NLNt0%%XN|Nx-_2?Zdd8%xSp2`|
z7ahtw?{02h4&i~G`u;dhDr!m$-FR2Wj@4GCD2o8)f+4R(ydY>+4}L#3NUWRZ33`?v
zBQ&|9=|R)zVk?XDU%diJZiKFGhSjP_4?;CKY~)Cx0wH7tP_x_!4VUGP;XGLuwOZo^
zKfmQ@J6Hi6X_Y-~tWX|Y-MyBkTh{ZYrU=amErZ$RKRNSkhhb|LqEUpTCRlmYKq{)L
z882RJ3K%te7d)z``jBJ5T%0a~5{g4M&f+@zcS2)uTSi7^=H)&EGq!C^u%^~{_U9v2
zQOWb?hc~o@w*L{5Kd$_hHJtfbb4rBe($vS<%FIkQ?#Ro}$P|g~s-W9tf4`cb=(?r4
zRuq`3{@G6*o0<Kjlor^^Nt47TR8B0ZreUMX(oBA~R82p@vB-6uUYKa!En%|9wEx&&
zUcGamwy&&LD=jTGc#u4L_AWDkQoi#~p#~8h3Qodh*4CWbz)Ji>ul#x{af1Ld(KS?r
zFzo|&AJUT@m|&fMOak9&Lisz+I-xvl&OsL4R-Qv>W^@CD>(>5{Wd<IF#v`~<Jy{hl
zgWJT~=wiO0a>Ic^MzT3XrD<yAXiW@73GFlN`yl>D{;%oA(`xEvI_~IbMPil*jBE14
zsm<J=vL-)wp)}lAuije5>6wuiP+RkrCuvXyZ$I*f{B_;tM;bTMXYgMM6@x06a-vo4
zBAa`~6`^vcm%taqsFs4{k{$e3`^uUUebJ2FW1F^`MIRb3Bg-j8d7kd4I}t0j^&H2W
zv}omjl{Y<w$&0u92z<__jxqnu|HV{tttf>L=^SG78d1Xij|>vlzu{6X{ebo1{H&eN
zXFu1q#Ybb<Ce->C7FQDXP*}tl{2pn%wW<5!gw<V}Zt6A-idKR3CnVad^+74imv5@I
zI)7NJ*foQGovx?a;?r&I%X%gmGM~`g$|`D)T7GKkWzh|`Z|=m>6ACh6_YmZKyhxR1
z4n0?j-{Kmn6Fj<`Hu`(SUGE;#h%(ri$WqX)6Jl`_9xQFT%qfyk8oH`vRg2#asFdW`
z#HUS1qvCp!0^#r}>H%<EhMlY@!#rpdvG)9eSgb8NU#VGk_jl6K#=_`Zx4;&-+i%t%
zv|I!QdF?ZmGP_D1vn&Q#tYk|rHPx`~ZK5B6Q(b9(`<7vY$XpC;mcpxWuD^2Et9<O&
z=FF;|5Zw$jCO|G7<H7URx!<Ay@Ns)FZ#ilO0A}yD2Hw8)!TDWOd^AEWPU@_=VY2~k
z7C$Y|fB*V*Gb^NUB23>;k*n6^)D~Syty%MKcTeEoLTAlG$DPWJ?aSr*ta^E7q4o<3
ze!eW#5}P@W5`@(LQC}%PxM{JP_7NJ$f?t4@KW6S)Wco}9d`@rJ+TJU=&hIsQQxig{
zCB;5kbj20q_;gm~pFZ7`W(wuvy3x|Z)i17~vb}Ke(cG+vfcdWN?QoVXJa!a2z4pKf
z<BhH;<6s*|yXL$rr>>)V#(iwet-ygsGWq%`)A;TnQ%r8zo!VB^b*q&ttqzlR`6a<y
z*V-<v3Qv4pm}YW9Lp^L9tjdF=>D&FF`=%kl00W_uNZ|q*(XWEN6{2j>&**dY7YoxD
zp)|OPgrT~&`OSbU3g5dA!2!E)i3$<WHpbg!JPq$T?L;LaxC#g3)Fa#;6WHM1Hpwxw
zc71vQc7fI+d**v$r;B68<N%u`xDC7Rn~>nJbmZ}YBEf+aL5)3^g!cK1k8`)Cuj+So
zM~dOK8;gqM8@^{8e)(A`Yt#HEs1Jlfm41Umzxig4<71e*b8Up?Fp~8H%d5$Dp63aU
zU}}C}subhr`iH^((OH*oKK5Vtd+hYP)mGqcL=*@ZE=@{R0P68_CG-17o_&1T{=77#
zhsw^F_9qVpjgjdkGiB_UumipAjtsTUKM*<Q$T9gVYd0oT?+h<qw{vR2g#-ta>Q@EF
zY~C6qd~Z4unP7cw)XwH1jvM>PuZzF+V%how-M+c+)U-HnCD&_^m~7?G#z{%LGd=|e
znVH9I_>$zDz}|=8Lr($h18>H&4YT--FiDVzvuFwQF+aiff$9-9$J{;!c8Ty$wUhlF
zh=2dYEsRV*E#-I^$O+e;AmDCoq7F}Ay9~5Ov;9vToY-D<?fdz&dx}>q7Ng=743%{#
z@2KZONNP-}Qmq@DpO;4nep*I`uj~1PNf!HC?*{~Fp4F9OK1tuvenl#-KUawKh|I4B
zgabYa1-Indp+gJ>C!mMn(7K{5Osb$cr;{Yzq#|tIL12v`z_18S0s~(^4Fa}QSv~i+
zRDq=m2J8zwdsaJWK8^-%dC+Kl4LD5ab*+5%gsur!g?`kU_Mh(Ug(xT3F64gva2oz9
z>!z+8)1U7m@?m`BemAe6;~R_OHJrb`-|z1~D0g=~O)SS2?!mLpP0Hx#$&n&NC3;m9
z@E4-_C1M*;f3&Kge*;jVzUPLX0sxHeT}Ous7W>hR6F=y%b;OePHeSx$1}*dR$dMxu
zNZ+a~a22%jfk8AW?}Lz@T)PGlb-BF$elgdF(*0syD#U$@%a-bMUA-FfELBhl!*&Vd
z<6N3=QDRc%+Pfu0UDoMy|A{5v6&xuYry!M3C$2m_$o!<{I29GVzflfe8>WyL)B_#A
zu0@Lhz572S)(`N0hIE3`V)%@0lDSW2(QO6}Z7*JXAqR=gY>FJFJ1vOdWW;)ZYNBBj
zk*(rv5se;kkfjL8a(ic6syur1h;3Fo;i=_^f|&Ha@gP_L*EJx-#0tv}T+A1-YnPJm
zX2<Q99sc&(v;T=CV5co=Mrp+@jIO)CW)cF}dbkg)FBo%@CR*jk82Il%3&AcIqUkD<
ziF(}!*`#aobhxjVMtm-aG{#G!3aR!d?u&nA9B+BDy#D7#+KDxjH@4`W5-1qQmqO3<
zE<HUf%g@`p@yCzE*jSM7(aPq!7@9Jd59z&d!GfnWB<Y%pZE4bhU0uGx`xBrakY>iW
zB2>XQb){!5RIAv`|D`(SG=?C)c1=)(qFtyOL;hbtsOE*F!k8|4_njy7d=K$l4gZIA
z5tM?blu7-|puj)BcG7JHR!oV*Qp|wPEQmcqW}1z?`-AfO2yF|!=3AqrqLGY*0t@1B
zQN8+nmOm7`DQ7K9VqG#ToHCgvtN3ZNNFaH|fixrBV;Lbj>L1+nEe)waYf#zh$ifjr
ztO)5h^R=~+uw1xNKNjBV!k1w}B0yv)?J;Etv$mA__t}e3fe|SbG3jR|MJhduhYTll
z>kpU`zb?0E`F7SgC!mXqOZD4WK~H_}oaOcs&da@SH_}*Y#Lc^XOPhcVTBx1`aBTbb
zEVpj<sEeu5hgX$|K9twqJwYU6EpB`gB!&zfS`OJ|nH@Gg<=26|qq?5u{eJ&0VA~=h
zf8g(qCq0R7=&jFwLcBYaxZRq<EELyZ)y#?d1+a`tI4}^PM>**Ifz2X~+6zS&acsN+
zLV<B3v>cV35M;-Oe+R_!W^V`5HbF(@RMi(TktrhxeJkb>0RYoY{f11DbbCFK*9K=<
zj4O1U5bX=3cjZQouc*j99l7P_|3GL3&gsM7$nHb<OZeTp24f^RL7%-LoGtJbJqBD=
zI`A`y9<a5~xPeEB=&}5QW?8oiw77hk@D{2)+`NQ;5`iE@;i(Zo9z3Trp~0z$25&y;
zU7$1M$8Y;01SK%^`x3!*;^f8Z(S)=5GyaXCyO&1>oH3RhjJGghj1=)t>WrcDI5Qke
zkPUPP|An%7x`JbeOk3pZE#l_xMy<Juq`SYyFRigB1Lq9uc#V#ie#>ESb<HGBuK&EW
z2(K^-_qZ+EY;dxqf79&76qGL$nX+cZiW8{pl7zfIkIO3z4X2!5k|Cte#Q*>?mw30u
zN_P|>xACO~c6>t1-XOZa=si0A)**A(J-s{lgojHrfRy-o1Kge``m=LljEKi2-mR}N
z(GY!mLBZYS!bHq%#qm)zhxESTD`4EeQWEQ(+dLmBWuI;bKyJ^@IXNsSGYD%_9L^!m
z0i63nxZ4kDuu&3uyLH*m+`!!ab~18$!Lmc)1nyg81mnvUUto~g<zuKaA4X+0#mGuC
zGc(ROAv2$^Sgk9KD@|tXrbh>u1<y>PPq5C^1AY7VM+LWH&=rI2Jeu9Rc5&e<Iga&Z
zEckVrLNs;CFK^eJOQRG<oBADlCy%L72pd;@tTq7|jpA@$ITe+7w_Y=M?8v?P^VV;^
zA4)gQ6|UJvYE8)_@#nff)wJM^SzgA@a{)8VPVPxyf@x=7I`kL;a?9Nz_@Sr;>p5%d
z>h6R4(R3mBWlZDDor$NQz*io!gcsm8{T{N`?znxXsPCfHr21{#XcKVCKGV!O02nco
zGyL^{V8>m->*vd@n|6lNb;+ey5Xh2Zagp7hDtEpK<8yEAZp!nCa1ZzB!c^XN32myq
zz@dPoL=uDU&<i7+zLc|iTOdp&8dGqM;5jE3O*r!sy+``D{1)?F^XBabPfU3-)+=b|
zu3+OQ6AB(ZV)TU8yDI@n9^w_^eBO*<naKzG3HuWeQF>Qa;D^VjCA4ph$JH@DIp^)$
z5Q)FfoinVjw^hQpvn7^p{PCNk_g*wn2?Y<2`_woPB+oj*;Q#oIY>aTU>H?canKS(R
z<QMIe)-NKrMdlNUV{`wy1wK-2<IUh^Fh-<XhSSb0xx~7?gK)rCxZ`~{$9SnbR1dZd
zpRG_Pu;KhcYh>o+{eC0o%m9Bu<<XLeoD%IS7x5tPXAn^ox>#AFu3yh<StC1ewwfAC
z^86gf<8JmGyN}u#(q&2MOCQ1c$&xY6)Mz-m+59~%DTnvufk#na026YUKkJu$=1R)!
zhi%qBVtsln8z6J>>Q!sd5I_LHdg>&=2G(Kj)xGiNw>G;BjZaBKjxmx8mi8shjK`Zg
zO8tZKtgP7#!kEp=CK-OItrb)bJV1&)a7%~|N5`MEdt_yqpR-PA0c)g?q|EWxkwugs
zU`a8FpO;N(A3bn+##T`dvxj}OyN11_@nrGgD0%Hmo6Lt<<oleHmvq6BHjYjSZH-^=
zyY4aFv}ugYMY?0%msAE^K``rE-cQD3g&l?45xb)yJ{m@hAU9$HX4{{=a*O2r?^8(_
zyu;F;ZucRz5+N|zaJYRcOKNMkF;|sq0xvxm6u%G}b%6E^yEiXfu#N_wIz{}!-vI$b
z2Mro0A%>Rkk&gnYS`vh3>rME;H%x32imBS^(aOYeT_Y71u$FomAtpE3Mh11FZ6iCr
z`IFVAe%UvO>ofDavVXP8)_(@$-3DF58O4i27!A<oHodZ4E)KAKDV98MudD+F!RJub
z&zUvL$;s)QhO0r;n$o1*6BvfZ(ZTq|3Vll+M*D2u+-?>NLOk%t0owG5<Q)pZgKH-7
zA;o040?m6Y7Ccth4U=vGD@~tXPgdTr-iJ8jl@(%#yJ^nw0x6>Qc5pL`?ejt_vj;W^
zfm?hX&PEEG$j$PW>j{(2vn`lz8aX{EW?~er>gcPaBqc3PO&d}Em6PCMZk_^$LI3J`
z0ztJLd5#PZI~kQ?-&;&<jHi&jX9cd>Peyjk7!NB&+q%0z)BCl)Lf*FQ0m$<_0R=<G
zUjI?LHrg#!K-NKiYbK%mjHU)8KhHLNP7U~<ZaPfjJh3!lb`7e1$e`#V^9hl|<}L(#
zBYt3&gwE}oE*fp{Sa$WNy1KUzfj@5lYH7J;qaPiVUVwty#KgodIdgGjoQg07td}q?
zYIB$K8m^OudhacWap_T^`J9&a(NntgLlV0_Jnnw^8TuZIz`Z0><UMeA-=l;`6Js+9
zg`Alk-{B&zH0^N4bd~?-TkHrfx#@DpT+*Io46a5B;$~VV`g9zgu~~N&(g}m4O{Q5k
z!10L9T`*GTSf;eM?b8;E-W0{9goXA;RqpezuUX=PQ2jRB2*&-c>u>Jo#9q72L8gJm
z<M@)Arq($wshJ%hgh?41j%XAB^&r2eTXtGnTGFu#)a)o>y`~Epf!aEP<4j-r2s;^2
z$V}7lDdi;kcXXpdG<|itzox%#4gtHA6LT3nOk@9Q=^+M&P-162waGBMN<bGSVo*?!
zP$o>W=*p5o+x#xR=<3?Ze8GeIWx5~#UR&g^J}P=BA)7yzZ+U%lbNZp@YqYeqn0f;z
zZER8O;<nB61VuXg4_OYRs*P*sB4p`hUuWsv=QhNrBaBgJ02-d~qedfwJq@RsU{DjV
zP!=Rd2gWwk9fP!u_kJE?`qwkp!9DA`SHlL&Ej}F$!^9WVlqVsacvrER7Zj|sxN)^b
zgFy%5J<;>ulpfN%d!vEuzyaEKmiNvXHvd6nV&b~+6=Lgw=H`hBp4ks`o0aniL!@ry
z`lQ7dXM)h}+sqkOnEF*dI!Kq16)>E$iQ*;Aixy|wi#0bVFqEC(AM3aAQTg8M=l7Ut
zeY~ioMEM4M54RU%!VUOnuQiD!AOItPpg1Noym}@K+Yx;C3qyh$n_~xPqe{6Afdr8b
z=?~lxXm$Hj_lwgzuG24qMVBC2Ev<)G1}rB$^gXuc5zL5btp{uxea>6$YwOH=>dOyi
zTHm>m4_%L4*BbM_(MZs@av1$6ezql+{w!)u?J|4G7L7|GYhtq$W}a9-WzUWsHxm;J
z_C|f;pruQ12<mz{7@vm%r+sHlJ(_Ho3pqf;+g{(??{-zyKMK&8G#@fjEV+hIA*lWJ
z(qf*C9%Gd0n(07lf1n@JSpCT2YwGX5jE?4!ZKJ6K$fchg?rYA5@|1{f*Pf3yi(Gb%
zVw7GGL+b5|H+<{z>P$y<<wzjtT<kfAv}JxPJ!8#)TOOBE_G<qejN<6@-+w>8M>}f=
zMx~`CvU)ppCouh~UX1r8;3c*|=i;h~ar$)?6}Q<wA@5F;q)=9ti$L!3RzMfe6G)0~
zJwZL9h#R&%7g$SSG?+yz@tp&YK8^Q#O{uW*TE1@2mw7ZMBxUK1mfA9F`Qv^40?m#g
zHHL`qCDVzWM2t*VD*Kda_D^Z4ARMTLenMqze>{M5U3+?j`LNkwCiHl7CwOMP_id0C
zhAWf7j*O6N1vz8o&YqWTY*sfTGRGZZ_1vI#&r)NpmR&ulm&^MlOb+y2bRkH^>J`mA
zYg!Njaab}Kjq>JDhiL(Q0Xug1sMFfvzxXz}DTR<(E(#J%jxLBm;HE4JrU73j_+R-4
z9UP{}JB1@szWp<qheG4aoS1(&kPjX_m}IhM<Hmh-l^kDj()!T`p9xyvODcX;Pc@`U
z<N|l8!Jt=yFA_g<%$iB4bSVCD9M$qtxz`ryZH1lV<$qUbwl`D51`zx-bf{fPVqNZX
zO(OyfT;KbCn7cPqbkMS#<oc9-Tt|E`?)qp3u3yNZUO!P8l(r4h0;EGt^J83C0{7Xg
zv@|4uf=Px2#_>qz=ZLI|l&>T1DY|uK6#zhGrKLgLq8oAJ4CL~$G<hm_am}QnGm5K+
zrg+$w3&rB}19G*)dIzhwwTkCnakSj5IbgvB!R2C3%SezEsEiRaiWV+BRNw^X-Q1*H
z`{Bb*WKvArBIn|y4uB3J5=Dyi<fxDU2<V^*%HeWo+B?_tM1RdcCsHq7zTBf{&zELO
zz@aSt%0JVb*D5E^F`R_QjOv-|1vr9)2+DfCeKpOs@`UpbppaK?t)!K%W!y;4*o=46
zf3d^lkqgdfkyuHm1e`T&*qN_izjEk&&GMhq^YzcLf!e9ZN80>7@s*_thvYF|-@3f0
zL9Qt_ykqps^QODx&-9m~u2h?IBWCx!nzMosalp7muS-gDuRO!II+sp2RTtpHWVpD-
zL21?JuZIng&=!Kn@R{#<32A#h#}X8Ci>c}Td-qUe7#bN-_DGH%y}T<xYLfWS@z4LG
z1sL?Q{qR%XUS;Whp5vkEV?t&Z_G%RrgX=Z+r`kI%demn-g(@sFM_&1|PuuT0)}Idz
zU7q~Pb{hejr1|Ot<g5Gl@(s@nn#*Cs9<8q3D5m=o<rATN*D4dfcE6}xp@tBn`PZ+?
z<YfZFFhw**s)vF$O$#EQ6?bM_RkOH-$am3&aMzLZ%A#Uo7%f6;k!Stiv(!nH>smqE
zz@Qj(KO^K>pP0-b-O(<$$P0qFzr3XS5(0u-o1b_g`TJsOK4p)n)C(zI$ykV_k=n@h
ztu;oNKn^&Mm+3*<_vyPWy6J6(<AI56My-pcz;Z&o?~<^0(23H&OER`l@PP6Ox+WqD
zz=M28-a9%>BLCqzp)CFe9;0wzYbn~yY^^)*$YSSTG4QkFXT4gd3J*nG)xQ?v&X%|H
zj{`U${{Q_&8v%;Z-MKS%%_LRFp$uv#7UgqUnW+F)h&+_ozvzOZW54We7q46)eWXa}
z%L93!Ce-Jh07oSj`_6YaWu!2Vy5nc*e*-3`{5N3orhTW<h~Em_@&E5HTG)O;To_h#
z4L$MHsh<-OyKzr9`sh#M@XXH5^_Om^$N-P@E}1s)X!<}C@`LM3)$NiQih$E{!$<i0
z?G_f#mED(~4gKEMiXnq2#T_j1_lE$(M5+%KIbLVU5!hQ?^QLh6#EDFe-&)MsNcwk%
zAi>dKkng$+OD;i+wEudpd8dKf8$IQ|wm(Vh_JNU3&<lR*o0XY~pHR6mk#>tXUx|-Z
zRY~x8b}sPCyuYM6iZnr_a=Vp7n)}ya^~D@ZHT%jPU*FHO`y)W{&NWl*lDT3CqDZPk
zCkM#zIgt}VSbT4OAQ&Q_Jg}q`X9LM%yGjHxs)WQt+xmj&65v&b;}2GrVF;Q!sf{hd
z=^r2I<Q=S;ntHbSXIXu{dqw6*yWc?F<X5HMJDp}GgjfnH3UpU?f4G&|M)AW5rUVTX
z7y@4by+tCG=_26Bw(bz4P^Nc;Bm+<piQBD$%mX%H9qo(|@=9Hr<ttRCz}~60g}2>u
z4Mrp23}2zsbVCyls~=uhTY}u3@ekaoLp}gTFX#E<^Ddj3cK58+?^;6l)p||4rRL|#
zImaX3*_Fpb*xf@FoJ?*A{2A%@?rOd@j<}}nXM=1X6!hxp`n&fV*8zYX*miF0+4937
zKJ~`-cRCifoCWOSVIjW{aOs%V_fgVKnBE53#9TcqRkCZK52~*lA&KCs9Dn9zLUHS#
zKlYhfoS9TlO51~S=TMwU>pn2BNKSEzU0+*P_QWnWF)`rfXL=_!(sB0UD7kH9au4&1
zqe*}S@}UUjQf>#5XWs0A>knz*X$zi>J9W5eEbcMt{O9_vGM@Y7Zn`yqa^7Ja*li;~
zI>qzJ7j!3&jRAm%*W6K}H)MNI<6qZSMz5>+{UERYCmHr@SFU_y=eT1>wp6{q-=8l!
zTyl;vDyftc)~zN?A6`3YEsM}0mHKp7yC2d$y#5yVbmelJ-H}WcN^Lhay^x?0o*T3M
zK4-!AuOH^y@v+GFzuv#7@d{=OwZc#;49@sBd${dF5^9im+^N~EtwZ68fa*@2aO2$`
z*7C7t=M>$V*P&}B5g*uce5%s(v1C-eZd~#1hkng^k>+>ZyR;<MvpEDMLD2k3o)TzC
z{L`B1G!+U}vq7oB)>GR1JoH`=wtaq=?5CDT*BToyTOOiV@rWv!WUM<4@jn>6MEPB-
zcqb`|`+8@YFwmIL1??AfTR^&2rfAv_j`tg_k?w0T+R<YBOW-PYs*&9v=>2kL?%1Mz
zdddGzwQZ-8F?MftXbGPELQjmG!&bE4Ne#SGFrx2u7YwKU{PClWsZ)0v_yUk}^m5H8
zeM6im3YxRhHyUT%)s?f!iGW1tHZ!FYGjB?`aA90-OnvYo^Nn~xUY5SgchnmLXs&Zd
z->YV0`|caFuM|c@VbgByEF<c*z4cvtPFYgzo}N7q&pX&-XBo?mJfbId;lsM2Ww3_A
zdGkx4luT02&6druq~t=Ml+-}=DQFpPV-gym&2ZFn1VH#cpn8UE;m?F=73|tCD5O87
z5)iwz!tG?rFa8DhbWS1la6v&p%8$lIK@N4Nfi6(^bh}kGR?F0!)r|jP{-ax<Q9rO1
z#4@|en3Sb5yzg)Exgx;2`==XRQ>d}K`!_Nz66z3ZcD%nofPojgzS?!FpP;cp^l?<$
zor(q8Xh#WY4i_6!ZcwL?ijlp0gD!`{h1<7(k|)%8DDWZY&yrq>VSy88R~c&6zy?h5
z<@Wxdw3!CWF0CTaD|Gfh(<H<yr9|?~xpW?mR(H9vy*<1$P-2WHeyaonJz)|e{>jY7
zX0+6N+DkV`m&MsoW#jt%7N}|#QP7vQHl<u*Sp&~hq|y&2GuQCV#sZVQpHIU;?k?N@
z=FR{~NgWgA+t**3-GXW!F=vmig$7vY#pKORw|2*_2ktiNsF_~)UTHkMuBvIr?BC~R
zsL<Y+s2~tpa_JVrHY}NdIH#BJjzSVBW(!C(<(+tYd*@p_p!>Vu0|aDgh3X7;59Mw8
z#=Cbp_8XWmV6rc5R6Awbl)=4&4!YRC{qX72Q+0P8F{Xmt!8N&i)$zU9M86x&=p|gf
zLl3zANREgA-#IAFbT8-fbgAOT?z!C;u?pDtg8szr4~@pqDeJYCpUZY~?(5FJrKo-A
zEBHB0h>)|}hY}4p!E;-DQS0wJ)6pd`?M~kYFpI2Iy8n>pT^`<BkvyY6#|In~8|`Ig
zCTRa~4VPIn%YjdYA$VVIn>p><S97oaGp#$-A2xLge&mNBf=%W}@$J%Z?kHnhkVyL4
zVoV1aGUYG{p8xz4F|0Lb(wXyWL%pA={R{=C5N0tr8_C=sgj)df<vk!uwckqj=zl=c
z$Kkx)mBh$VcDh00wkmv5z?S6h&1h@7U%MjNAci9s8MhFH$aM}Un*R5<rY4tfpL)#{
zB&)EoVeRAT<X6bk;*i;qlG4eOcsziu<8sWlk!BHACS9V1xlc!>R)6$bWF)P2i}Rvx
zrr~=M=zteCP4Y%d)u-)vW&H%EB^%Ebs%V8x9`GWTs{{)$L@$JgM=ywOkOaXuL7!Tl
z`FWv-M#_|vi!RW`pF=~N*=8Ur@_y?IV`IU;XXBvW`>PU2)KIZ*0s{$y(>K99W4QJU
zG!(8p-7g0(JX#-VG*zD*gD(Smia1$8seQ~FbT6JLu}ot#(cm-qcX<+UVtZ+UP=U^x
zp06cva2-Eiw*Zd6b7|BAE*2P`me)FwxL5)X>=__<PUxowlBGb!p^0q^$fP{;(%$)X
z))Pya_by0aJBTon#$yR=iiVuxQbPo#;5aQq@{41F7%%sZYzJW^#=mq`U?~bu?j#&|
zTfQs^R?LeT`T>N1w3U%m5dWc;auLqai7Gk{&5*X%Z%qEBS^n=#q=(v6(~UyL3cI!8
zX~)O#7`BSL7U5A+oaK)d$-x_#8iSIBp5{L!naVNtI8T16;T?qu6P~|GQZbD*%BV%1
z!HUGD@t@y5d?DaDIT6r@v_rU1{yu-+?u$?G_`Dc%A<`CFn)K(OIRiSr8_U7m1ng$W
zh3IwljBDo*#!r<58K2Z>Z7#eMGqX<wadlS9P)Y%;FuINwt_=g)QWh7xP7oCUPE%}e
zch2bkZzj9Pq9(LlRzo7=Pw6dQEQP=cbTQ+UzVbnfPaQ8VqJj=?N=O}cBzbvD=F{t)
zTdsVlF=qM!+A3^b1{-TM1`ZfJSoZx9Z*QBAvNaQC&)zUbf;Cq9=IGZ5<q{krd>lLr
zj|vKAV0epv=Tw<3b61Ny^Q_yBK8lPbp_~C6KxIo_>6ll$hOX$kdqxt$9=S+f)uq3C
z|5C``a_hv=j}NYkhPiQ`@#rNbCFRe&WUWGZr`_-3zuadtQkYG9A}nW)FE>aN=BxxY
z!MKhxy?G+vH23DYqpm+{rEcdS7-LtnX-??K>V>X~yD0i{^@<f*VhBQYLrx-^#$#Pw
z5Pg<AfGa;UP!PH$zk#&dT76ym8AUVd`AQ?vfaMm6^q}KBU6@A9woE<FJ|+3iO|Vcr
z(Vjmam@IbO%>4J4AMf7cFo{qm9i1_rq+dMN3S2lf%<Iz|9XJRYyx{lV;>vYfUIj;b
z{YkI(t+-YG@xfFPr$>x?LGbzY=#<Hm5sL7RO863yDiSyR&Z(@g_6r`S@3E*{>grxH
z5cm1k+g}97?YEJIRVXyx7wz`M+9&JHl$zzM70Y@|>l9<qEhNvhGc~33Hd(*kGT>?O
z#B+|erPx#7AY0@f;(+VA83@9lj~kIldI7R$u`*&9ZU4m~%G{CaIhVFs*_$t2KAJKJ
zcaP*8?f=qxSH-7p_<yi?c_+@9Y?Cw5-RAo<RO#lfvLqhisPe2(YX1-#UwHQAV^0!&
z<ID+<g8#K-oTc%`=JM0gm(nsb3#_@Fz@(p`iXsUy<L_0<-v`$9zkh;L;CmMn(-W+%
z^XG-Jzq=<q_D<QxH^sp%KH4z*uW4s2%*+DECYy(S7*s=aLe}akv!FhaZnGae9B!%@
z8`Pk=)oDXlE%i_3<^PUUg^1C;petu;5}Gw3)iAhlUCQ3AHdg3hUvEe93v|~?9NjG9
zh9+M!?_FV(u{e62U?G}4JE_#vX@4JmZ5^iCte<lH$PozedzCMR0I4a>_dMZ%4WbKv
zMs1xI*7EsJm$>w2W&^#>sEXtXLr>v(#Z9uFP3RF8%TyDFBDWNS=@8O|v#+*n;zQ<Q
z?7o$ln8FoA_n_+gNB0VcBw|M+Ie(1(cvL7V6Gx5v-?ZD3OQhKefzeMMKd!8+2V4qQ
z<U|qx=90u{9obzwcY;YKIn)eoJyJT^1ca~Z)p)fvA!p{1`M>S`!~Kv1FV9TBa!{e<
zJcn6M0Joij5aWykR><RCGl}_ruuu^jr^r3ja%MAab=F{@y)-cvg75w;jeA94QPH=c
zAeYNWLI(c+st`8@CIWak_PNF{afWp$04DPU$t)+9hEWuVxOT>oCr9j3yx}y*J$tao
z3K_AK{4}oIlz_4YZ%6*W$-!yrAD2x@{>)$IuLDBw;6KN*(R%#%j5DA-7JKvuv7&KK
z>`F46bh@9U!h62RH!gP`Y~J$qXV$YXrx%Qo$nKijl8U4ty`M3ZtIUGvb;?tl3Y7fY
z{p8ClAb2>1_%`88R&Usl=9_o>g;R`FQ)|DP*j-&k{1LJAkb$!jq=S%LV^2oH>hX1x
zoT4)6@&^!JvhbGtJn0k@#N}w^G;Yf#NAC%3*Zz8SGb4WG@2&>MK79>C;GwE6KkASd
zedd(GkLJ>&o2}lyeN!!e*OOzqb!)=5BBed1>Ma#OV+z^&g6&42)!<};gVo&rIBCB?
z2lMbaq4XY@a-hJQe5tU0QwJf9qO&E(N}w1~@OXRoN$wfUPQeUy=kDF}vvwXxMWcas
zfsY?_lo(M#3?4d>(Ue1aAA()&;ni1MoRPWar9^}-3||4ac$b{62@@<j;)-~F4a=u@
z(3~W=@iox2f+R!rq4|^=6_>e93MyEzX{r>=UZ}f-gS9ET-~g#9%OEN_M)&SXd}{Hv
zlUv1454Q@zLFJCndcW39)93x7uR}=F7H|o2$ZBZoAeUhBJ2)|}m%1Qx9!>ffXg<#q
zd~OD{m4E*1N;aQ%_zvD+54ixVqsNcKr0oKxLGcMQh@i=SS;+t7FeA_5E$bwOE8j5R
zwTepsuaJA&y>%LI-YJB>(@dV+C&554R?spjy6WW3_5#ceUm+wy{a7Q6i-%AQzad@b
zzQ8?(I)S$X?o3NSK|IcL+nYNl=d7&V@N|k&n@x`=51y#$+w}-Y(5SrD%h+J<Z|jJ5
zJvtvw1X^y|D+Va&%lS9Aw4g<5^vn7BdVo^4zCU3x3Y)Y@IK>WNopC+NW?aN>NAK`_
zeg6Vk$z<nkFU*T0TSY^HfA`1~Db~+LTg%BsI0icV?<AF~9q!^vvG5LFjPN;Cf)lyI
zng63}T3vj)hMa)$o`(0GPh0WCcVhf&PfNIm_Sf?S`U-`qoX-d;YflSv$C%OeU?*H6
z^FYPL%?y4O#xyy7;xz9oer>G|MIfnvXGXrSsd-r|)wtL%W+=o!)M=j&iZ$s0Ih|B$
zNbY*SS4Wb^{0{;(bk@$XGM``%b-kBdA{pZJg0Yl!n=KrKD3Qz1jGiZGhZLrkmX->w
zO9`ul<sIiQ#oRJxc`jajH09`4gGzsKd1nuQyKf2Ix_4&?Oo-7pgW4`ilPWwsM6_S9
zV1fdGPbIXuedE7<X!C0R(-x$+4;=%dJjjeZYt?qeKTWyIJx?HKQ4r-FuzLix>GsYC
zi?Y&uCa&5*_qu=FGdBHlTwn1|#=~0$7^3gRI}t3^)&+sU4^8j$QXB6%DYi@Y^&2VE
zHDR)hr%}^46J;BxZ42%sZxoL%UTZVZ$4GsKnX+wOo5!*Y*RB>K(MDAt2}4-I0GHho
z3L**D7S3{So9o(pvWywiI(?0j*#Q9(w*d9q%B~n)r2E`cHu=WA$HqY&sMZVP=Q)zv
zFL<Vv8*#i6`4)0THNN*zdXhofmzRYQpD^Udq@(W6_6dQZp*K{o3l9XMgoKgo4fip<
zc03fFiUY)cRcuK9CPf&fgf;@PBE=?q!OL8<;WO$zQREq8J)usOr$SheeW;}b);7*_
zN0!~rna6Z90Q$|d&g+RKx&EHv=t;vnOspFZ?$f%&p~)UT{{)Q+DClj|5edbJypaAs
zXQo&DTs~6(7ZF~aJbCiF<iQ6I9>8^`sADLi(AV8z`p3_{&9Df3toeqNczeGZ!z8Ko
z1ua;o&kW5fR+W?Uidp;Gml{US^Il8!wLhl66jmhD{ZMq@lHMB=r21#ZSOdQGCs{9|
zo>#Bz)1INy-nyS|X<z`_1HZ+WH*9||9+qGOrqWyA|6yy)P#NsWT)|)zG-H>9Qp<Sr
zjm80KYFvZ_dZS~CKAZhI#94psS|$yns^ba#@D**+@aF?dpWcjDoqn`x$*~6zH?;^&
z0a&?%Xie#gh4H7W{hCM+Zda^%DX16_;sABgz6N3uT{$SiFQt3Vt*uK}_g!XjiirPp
zhhyUBh(;TKqf8De1YyPxH|ey}RF1>i^G!6i1eSiRudlDH)Ujye_UI*pM$*B2+02Iw
z$sX%jS$n}9!w9yv^~`eg_I}AG3lhk|MW1!WK4{2z9XG70zy4jiy#4p||3%w*$8+7k
z?f=t~(r`7Usi9I@R*NL5L?J7sos6WChODmC)sjleNN8ChAxUUykWm@Y9uiWS*?!Nr
zuIu{Uzx(l9f84jn_i@kg@gC>vJdfizk3&vQ8u?C0NC~@byU96S|45Q>V4_bb4}WM7
zcg~*KS=KtHjw0`8;k#__IT!PL%y#{&@#~6wk)9nwlQF_tItDamQzuXMbk*tfZ13d6
zPb#-9zI=>LN?WFC?AfzWr~2LSuSM|_l6p1ZO745jB6(lLGWdO3T$aA-dv|2_EPe!s
zDVGcxoAtNJOzR_WOAOOEWI7SVQ_edaC$BeItNah8t?SygE7N^|$pd_3-40qszOEH|
zdD0c~S0S8sYHgm8beVPE7UL0;$A-^oh1aKfrESTxRAeH<z3YA8c{Q<zS0}$>O!`lB
z^oo*xR?iYf?A|&3?xw9Vru;n672|~NX!P7ARa8{eR$p3%YcoD+ykE4UOFWl?<eZee
zFx7m)MsR{gcvNh~%~q~-A_(cqn^OZ%=+Ee@fod=Ai&V>C>DF1*Z7n=ZfvS6zr%rwL
z?wu?2HtmX*$6EHW=|}~p6{GS^fzHZn?{%)5boNQxf<~99W~Hr}cZ^HYb>CeVb921-
zrqoJxhF4U7-(f2o9w_Qj3XLTKl@taBzL9UeIBjR`%g+8*_x)<cqLxtmzH#B(cIR}B
zFPGRt6ONkr+W-%(YPP-q(4gI__Z&;cndH5<@5ng8m~xX~iW!<`eP!8nYXb4WUM<e|
z01EP5cPBgB4$5I>>Lfn;qelzMm(sPgBFx#@5fQRQSLPQO%s#^YwOCJS&Apce&$_mn
znyIrb0t)+R@GJueWC~c<jP05wmgVP0PWt}mV-|oHFIJd+T7N(AJfA~nsGz|p<IFm<
zaCEJU>0(^Lpc`0|$FC6(M&nmit%HN9oe&$5kf2f_dFaiSClZfeo->l`ADcMFoj^ww
z;II)Rg0jAM-_zO(hJ$@1u85qqOv$J$?|%DPIcUG>L}4Qmterf*ShkQXFsS|Z{$c&_
zXMyGTUKDz;zZ_IhQ}yhGQl}LG6I7ftq(x=6q;(11)sld9zg{eE8p6BNxy?rm0Q}-W
znPtrdPggqaOxQimy7r~wKX-uRODk>vs@I)*tl24h`<>us)PB~yW(OAwNFpq_^AGA>
z4x$uc0sX-ar(F;RQ1$F5A9U`dMP~uHj4~QVWO;j5>WLF4MtEx%wsc17VH&I_$m>{-
zruOlDpIl6^?mc>RG42S)O(-^(w);mBWI`Qcx1spMhr1~adck`1f3H)VS6nur#0#=}
z$?LRBt)<)SK8M;rZM?n_eOFmh|HQ2EAFo`BA0ePjf3FkVe&?P2{+r7|@-KW{4pM`+
ztkD9Tw$!y)xKO<5tv3K!9}QN-{Lh{h$_O(Q)1F!RuBabc(mOMR6@}Kf0i96p?SB*2
zY2ycp$D!w}?9TAwJM6swxTR-xLyOIuCP9}+IxuHYgrVH|^~nDjX)wAUA<0U$O>vG?
z+o(o+2mEE|gYmNF2*iHjJ9<1{-!S_NH)BIxY{b6*xR&MZpS95z#7H<dn#`4?GpTZx
zwzkZc0YoGj8j_8y=BvZ@P&A<~QvF|?a5=bf+HyU;9F*T4<_h+R2$Is?zsR1_mUl5s
z`Gv#x-d}THt85j^X)<qkw0|uC*&l5!{T<)yNi;2&mGds+g0oUM+WFR5jo`2EQrm=p
z52f?y-0r_Aw^H=`mqf=E6abrit6<l*R<os%K}-8oS5^iujm9pa!0!mER=&qqhqgAJ
z(1?K5nt^{k`R;sLZqlUl(>5MqJklJA+qL$hMQfLgcg6KZ+T#m?VTNZQ(hEyHzr9KN
z1)KBo%~+|0KTrmU^(vQ=icQ%pF#3(!qwX(zkkbEz<g}gNOe4F@4SX*6LJ&47t-z+2
zv(=RP9+0ua2M#Q$sIY~$(GzkNU0NG91t?g<Lwvh<$^8UUvfmz4V4pUMen6*S-bluf
z8qm*!k>Py$!i}BN?+>=8F0B5w_%K%3;YwD#JKz`v)^R_(Y%t8)@nWx_kWhQtrS%^z
z!2hC_aF`^0Z-%1P`(H4BbL-qtZsbZ24!AY5?R_r0b5GvQ^1UQo>iVEHkriyuK?<^}
zs^-<HtF&Iuk#RnHtj+K4oqwMIl1;2CqlE_mttBy%{kk7mIGVuiPt1me^T%iV%-rRE
zGk!wssmh-}1@(W|9#YtEJaWxkS)%pe&i4VAjgq#H-Pcy8zy3(3V)j2RcW%^`14Vg#
zl+L#FM-I&m@OO%XA%bC?R<@{*h2f?f(5HmA==wfioROCo&lqp!fuiJCdSaHEjQj)O
zs=}qR@9*Cm=(XtU%KU>$XKg#UJsD(_q}<cF#N6L4<&FIPmL4jTC;t@d6(3;*K>2>m
z*s*_oUp`G9`Y8SJ;~*0sALHK&2D*M-wJ#6#HVJW^Fo$&xojpQ;1KBcr@nTs7Cy`#V
z{f(`(`s|`kwU%7GN=G)>Zh0rsHKpS319Io7DsNq52JsTjk$~0?GKhY%8MQc5_Kk#u
z)wg%YJV|A{(PP+~%>&Awo>A+uo>r}<Uw6fW%x*xoL{!-i2hx!Um6@?3NDy5OnQ<K?
zQAQ>>G}MxuAFZBSVvar;-D9GS$Z{30D?Cfw`L*lK9KLVCV*15jH+kw6S4rQod@t5Z
z=jqcD=eYwjZZG-9`OQ4?H<sbxfE4)~rR-^dVf8hn;4oZ=(>_uyRqA#Ps*fFfGyBqV
z|0!$#WI*7kBC6x6aYXslgI89npN^SPep}_qg`6!PxK=RGJ6ZgFSbyZoY8}~UC*Fl@
z+#(_JbL+B7;q``9H{L`Jbm{b$%|YG8K~~`*${k#hj?l9)3wFa(aMvVM6~kT*xU<;i
zKj>0A2L)q0OQEh&?ce9v0h|A@hw<MhO!$9jB9{Bl>X2iDrcy(u7av-5XK~2Qo2GK!
zezPRp4kDhas;mSHpWF*%o(Q_{Q0K~mUSo}m5Sg*7yGYmej$4P9fBZS{ps<RuZ1*;C
zMQM*j``<vZXiDd^mjvq&1ZToB#qa;?f3LFSe<x~*Ro*3h3SCxn4K5pOdj&T~51sgt
zKH1vFrm%vwF}_|48gxL6ElI@>P<IFGS-x#}G6yA)Ul)F8&ctoMbfL|Zq&?W6z>P*l
zjV1yQ+gIPQmFCbCSgU$O(WTQ1D-e4Law!!xvcJ%semjH85M&Z?j-tN(6CPIrbhz~u
zha4F7W80-zCt%U(j3ZQ@wURT9#aGwnPs3l=(}2<usl2YEVp6Zqyh;ID!O38Yu#vzk
z_|z6wwOsHLu(lTFvI^Q2;V4e5q!!{&FuAlG=mmc0MFD0N&#*VSS&6}z5cX3o40;0x
z_SHZOQ5Wsna&&Mieri-d`&Wd2y&ze~{uRmtK&I<o2B!iyS`4+bs<ub$Uwf$JOeF(c
zJ8R@bRa-DUO(C#NLgoRj403zPDl`S)LI(y1{x%MY)FK8G!FoX3uJr}I8JJ<-+cGof
zFwM~}z1|&At`e*_9ru`k^7}#_UD8fnSud-22<U2WlT{xc3Rd)jM&hm6iWMNz8Vk9+
zC>j$h8}r-vgzO8H+!)xuKV#U;CCcnSaL8;SPGu0cZSo;rIcPW@<s(PB7a72q8XI4+
zTOp_zxkT4iFh{^2lwXaHOHX7ZV@v1s;OsXl7d{mv{FwhM&!^9UV7t{@v67o<)89E>
zS3~1Z{iZ8$x=M1w;IQM}>9saC6HYGNFwHlsp#i!SYURu;JmvNV#G^c|<R_Ne5Uum(
z$qT|DKcmsGEm;1tuLgV}9<UQ}2q>aLL@4lF)N%H@$4-v0U*IMAock!uRCc9{W)wv!
zsG-<rY2@30nR&c-&jtzB0BmDydsUmZ)MrYtKpoeCpZcn-8rP4x^GY(u@61mE0fw*m
zmZZW@xUz8te0IiWFFjvL!LDPVzd=T!(Wd55{fm?&pLtV`v4B~6tha=O{mz|N$~Wws
z#Vu``9*{Lh$u^{I!9hGe*dN(*>YU`quU|v$4I4lDI=JlIsl2x(I{uagCc$n=E^Hmu
z{QQ}dsHU@Mk+3l4;1F-z1P!$#>jEV?$~5NBSAcF+{3+XBr8bsLxcE_J^UF24bqAcU
zdbAA8-?e$9jErDxMk5!|!u*l9XW}X6Z_l|$Z{MCz$=`Lgnh_ik4=XX>wBR+kYGt$Q
z{7#<K$ITvAeub}&Y@fr2TFWPjo-Pb>(C+a5^88=DdB=Iv#mi@VrhK}tQxOtBOSruB
zGh3PkuL`2o8lll9cxyK{681L;DTj){c0hk@>aPE#bAezPgCok8W^QjYD!lElkRLVD
z*zke?8?sroQz9~+hfG*7+0u*|6l)%Hr*}PHTO4@$^bWQzcOGR*)xOLPHfu69#NCp4
zMZCO6r~Z&un5%oZ*8h}QmZ7gWwbP?#9=F6!wGP{QKt|+tVEv@xoP>v09_>u5XpDNX
zhiwn;9kWDy5dgH{C*`qe^{#5>`>Lw#jkkCV@Dt&60j*+)SU)K+IM=!sQMVT92OjSb
zVsH$W+SL6~2F76rfb_ba*@nm-2eU`UR2~F}(d6448k~xy46y0;S0-0Y*N!+pqjUR)
z^}3kdAi3!D-#-+5Eg@~?8=C6S2f?e#G9eCbdxxZkX0k@9X$4xB$ZDyL;1R4`#E$c|
zy+z4fcH+JS$d}?^rokmb!a>f8dzMzg#t{Imf&yksGg=HmJrZw*cSYPf)U#g%J#nSr
zUqU06SOMkG@Y!qW%?kE@v4T?iaBl3ggzq>J=Lk}Q+Z*#EX{d$@a)4I;J$Gm0>R8Q!
zdo&yQd*sGb8bFv5cN|%C%=psl-NLa%brhE5<?TNuGX(nk4^|OUp|Ei5+O$=ayg+vJ
z=u0$Zuj_FknZr;w(*2s}hzZ{5LODjCGdPvE4us>6{N<hHe(UyM*MnI+Z<#93!U@j&
zB{zWNTj9(vkC`eTQtF^8c!p)I?<#C2GdWv2XMNiUC`o4=P~BC!KU<+OY%g9mSWe0>
zf-yn5aTyc*EVFXq;<Dg_Yy;V(StP0NmlsT6T#u-hK9BeCwdlOyv6Y=W-X)osEQpm`
znz<t6v5-*XBeB_1z93}j@PL9-E#%Wckh(hr9UoR<4>_`Zd-#uL;b3-qXh3`)%xARj
z`bh>6!j|F{588Z{R`_2|guc$Y8CH%S!k#z=W;ZK^TOk}U&P%`5u~<<0EqX1R{j8ax
zL4$P(il3x<G{~+Q0+q%Ahz6t!=Am7RaWib$<lLw`pt?e85usbWju5-pFWmJg<cz`_
z_U5lPQdd@&7a7V;omvT0jS{eRv9IfHR3j|7JoE@zP%AF8J#k2zweaCBwVx_|fOVw>
z`<C%tiW3f5<H)9~J(3N#0(8xcj^*fnh4L|JK1s#JRn*58q(X?2NOTV~qzxwaE@zh4
zYB@GWqge^r!zMwErDW2CXNYK62j2e46|X|TlE-b2?%v&(a;Hm#@Owoo!PNlu%?8TL
zd8bp3FgOSpJjb?3v8YX4<^ie?x_ZcYrmn_Eb6SI|Uq6>1($^A@NvdKADHO($#xI&W
zbe{NSiKHlK5u15vlXB6!`V{gQI@I||h;((x&sf0{9)5+W15>fKvLE~M(AE!QEK#8e
z)E>%9L2lsIfEAh=$cympt0}$eBVOV<DJUD>a7aIL(JqweMnoMj{81F8ZjuH@M#yO0
zD7G(EMb}K}M5gTO?y<yDP_njvmElv^I;Up&s^9<X0P*+<k{S!aczNvD4zv1uK{zOQ
z)#G7%^piTuw3FY+CJ_(*v-7Lx%7W>%Y1?VGzbtuBgVOj3IZ;Ha-P#exR_H$)!;R=J
za4itB9a@_c6YZy>&rlbD7rGPt+@A<L&U~rQlgBU%>qXiDe%u4Sq?B*;J-ni-Jo6mG
z-&eN(yP(!-)21m(>+%xfDSvHGwS|4i`gJIycA`*q23X`N{#T+Q&}2D)KNLv8K_1+h
z;-aui>&ga1y?361?N7&3nay?kvA>(yo>hE1(r=;-*{4BMzmAVXtERZiKz4so?Z$z9
z`c#!gMAJjJe;CV9h%AjmS{L`!ee=~D_d4E&{ryZHa@hW-0e;=y`+Ye3hJ%f<^IyFN
z|C*%)i?@I_tlc<)r&DHzf@W|8t$p}fhpfT&pRFDnVi3jw7cU(V5s_zI3!YH^;|Htt
zo6kJZ=~B?{s*C(%FOO-XT6kn+3pzqXw0_fud)?n-Vi^iB@>{Z@+Kb*OnKqA^JaOe)
z08Dt;OP5A_XuUYSD1RvwlllnAhuevLKg{2B0|6Ed;J2LM{nUvK8!lO;R<bD8QHaQf
zG*oVRKVTi_3-tY~S9^iYcsJB96;BKj`?7gE$7%>+bdJhp13RdDO}$-8Y=q?3wYh#j
zIryKtK{h{dD)*|d-!1C}x>K;e$K*V}oQZvH-p+XXW~7RNTBEfI6d+v$hl9`0q^I*b
z{oDmO1T$USw*efRj2l{`!ghUb=`msn{*P)2T|bA5J}93srQ&V*{fGTmNjQ#qpJ03O
z{Tc-APd(dQgR^wocn51M&f-HA(!8uF)pd@{2JWg^MbG7diW}^Mo>@Y_lB62n*fV0P
zTD6#k%_@uK75=+c+<!CDUpX)*CkH1RR6kZNkra8By>x2jzo5F&bERX(f&T~U7?8{q
zACwV-ev$cr@s*WXPMNpl7n@Gpl0JJ7S69n?Jn65~SsL#Ya$5dK*5=Ydm|so@G+)0U
z^qD2kQsOS%+b5)_#cWTUt*i`53<`DkZ;?t5(Hf~hUDq8u;_@e1;a&koibgf@`4zu{
z8_|0<O6Ue%xS(MZA>Xe%lW+r;)IJl&ytp^4Tdv>%%~7<^4VV^n_ELZ4%)C5rEAlW8
zPF@x#$vcMtk+)y*w^AY~=nhTaox5E+ecrxDOY7kH>o#K2YB3xj2zMLR;-7XgOl8HP
z$NSh)!9W!$LB88+r^+<ku=oXj<MdVk{Xooo_is(k#$t)~39Eu>>$R^4YNdFg5<EOM
zs5WYJ&w)6DQl;^WQGDTlkH`o%K<)Rqok-b?==ABS?8OTSqRz8+4mA7HF?@BFNF?^N
zum*R}%z#;E-&`=1<Mp3~YD_Du*ZVGDn)>GEx~q|gd%!L*5vthn8;fc$fBE+9Hj{%;
zD4y5D3d|LUR6U1j7KR?AA-}ki$qo`KbdRA%m`C%c074N~UYln^zcg&X0IeU}0;g^4
z?tx;{pS>a;RSq+dTpgXK+~ltdY7W-Z&cKU43og6eqe^gd>e?$VHg*LPhN13-eK5E=
za)WC1=V82*%&u=(M3ac~0FOU8kZ)WRI*2`=<ybTB#iMy_urL-NmMeV){W9~>)2uVu
zPd_Wn|91N20u`Sw*zmH#<WXT2ko}(f0bXQP5EX!uWXBGojAoOcr4oUH5d{X*8cSqo
zPZ-abYKgVfo^%#;5{nE$xckX4B9C!!n4;wge}8|?k?2m}aY);r?7wSWp#Wh?BLHD_
zjJzk>*s@*jNr@9#{)uh!f{*Xkv!}NZeX;`tf`<I#m-{U}`|eM5owT!ULdSh0P}|*+
zI&$=A;a$WlW8DS9;=o(WM<uSEMLkVYb=%N!(fOA1R{2ix0$D=M^jx*;`SJ*wMd?-X
z(l5JxI9&J;%O|YouU)&wT{AQ`F6*)7@xzSJ$V+Diu8+5KOL=!N=GE%^d&O&CjU24>
z?k3Od*F7c-Cd3~I9cssYZf)-~)nB|_B{5(Vk_28qxEvjcwiG`pkj|M+)+C0=x}zfZ
zV0oXdYk)8S&uP9-3knjTsJadQ|I%(Wx%~Ps)^2!aML{BfHF%#ryBf<?Lg6M)&i?7+
zV38q?F^%@+nISP*<JTEnC<wHiF7c7Rls!OBsNzB%v%9gev8d%3wY^TA!o>ja1F;5G
z3j`zX`Vq87j7$hGXqUug;CD&$Kp;-58#nL*9I3*7Vj2F>FpgTe9BB%v*tDz?2kx=q
zKFG)P%9xom8zD1T)uY0o+=mT(KEr|5LFn-tPNq#7adA5d#h48+3kBPc8Z+iHVz`kf
zg*-H~hOMsmom|?!waPIVF<rny8Je0dTv0Y;o~EWd+~Cjm9rnsmC%|0Z<rFxyde+Qc
ztt;x6-PSQ%cg_l1+sNqXAGpU{&RbRTec!$mKP+@vZe?$eHeJ7bg06XlalkB@9+4@2
zakBfie4-YCebS&{%t0fgC0>Y=mDh}<lJf^Q-#%8PU6%XWq^VIhJnNlUTSfFf)z0Tv
zY=|6_wJBwgq_ni0*AsCW2B?c#9tIJ4P6w@53Ed83JR<A=xJ19@UXk}I+pomod=EK2
zY?vT2ctMZ?Q@Z7QJLDR6eKdp&w>T0SbmY9Rx3%?^)fwS_&BT=M6w`_+Q%+cYSe^8I
zR5Y-Z(v++DN1ncVl_Xffidew5$o5(4xI=X}nIw@LdU!71bmJHrA@<<Q&OLNIt@XM~
zCG=j5>C@Pq#R~N_qTOV0soG%n9~bUtMF>l<Qvoh8RJ*x#pH(G8Ky~%{x3Xi#)RK4}
z@D#xmlps$^jqb!38iD2N&*mlWDA8Knz73yKI41g^yZWEj|J5f9|8D1#{Ufl@h57==
z^wdx3X!5g2`yRr)BC~<&t|N$J{`%_?sC((FnNX!{=mqU=9k_c-V<Fr5GG{ZmbH;lE
zlDdjnn`nq9eJxH+dH&NBOi4q^EIuNCbdK$7V4=eOf=Qcth1m~}v-&F*A*iu_cSmzj
ztL@Kst<o>&y-%E<Z}!pYi+=|?kvOjp*!<nE4sIa07Szv=lbIDtzw<|UwUffE3lK4B
z9Lj%*%1~E)57oWFGq7&M#dxE=#oi__+g#a8?$^E0#$I}!I5sccoHJ5)l6LxhX0ma~
zk<C1tJJyl!a8ETSZLI38VVFu4NaqVLX2df~SY&v$#o{Djcx72#U0`*|el9EF)u<$T
zMCpwamtj)*=0i2^tAUeMMwXn4%GqvG*lNmLB3Q@@!U*R=u~WhV7+XMZ{gWCtSzCB$
zDX^rg@t9LPag@MGs*f<mi9O+Z{7ZqNsS({aHl@uLm!UcNCaCDtQeAJgEYa1it*s>@
z^y(uilH4yFjIXZXJx2s)@n?DS@KVCY+&(s}4t;cG&d8A;F|CYPpv@gX@=Z3&&QaO5
z-Ur`>8`+F?Ut2$D#>|9mX1;@6)^%_57}ys18G@*rMC?SrTHzk#HN1MC+M;yruRHcf
zuf{)U(24JW(YyNzpbn%Md4pc-z>17O_XT#rrhf^4232YI+f$DgaDaA`5hlimyqkTh
z+FmAA-;|B2b$vg!v-s!}2ZnYUIW8mbqd~v^bFmuI9Pbcm8fFw`8-2mSCNl4qU0V6h
z^8EaWcxxM@m0Rzc>ql5_J3B&7uIY@sbLJ1vhBr?33X8;TIy${|{n`DmO|sdar#zYM
z>uXOsSJasaEKzV4PMbPaUt4E{<hX~p8S-}z^9<Q7(b=IumscVAITL>J)(;(Pqb?=$
zp;3AN0G#d6p~K2aD$}RebGr9j=y~hqybPs?3_(SWLo4K)pco;UJy}_EsKd~?4whaM
zmn7@q%&h(CyTN`VgI%eQiIHzuk9`CILKd;b@;b81wq=P9YgPfb(Uy~6Q<g>qteXCu
z0|_I`^!BgYyje$Ff5zas$f1Zt#^;@ka2Bd2+7*=a3OC7emu%Ej%T1@i^&9Nn`d55g
z+vJH8djKMC-8!Ad0NtS3J0&>TvuDn<Hoa?;b;rn!7A4bX>b#UbnN5F)6ulc=YL04N
z;0;x27^j<?e70tYV(RK=R`!w?#yA9SlUDq4e{s{&Cty}fW0YUsu=SsPwKk=~=H)o~
zHkG*G@8ZF0|I+c8<Hv>u{SqzB#Zy*ZLh|3HHEVJh=~$Up{_r^>H{d(kog*H(EB1fP
zY4Brx#@-&-tcq~=M#s-noz&g|2o~pgf>U0(7k7JwDuHa+y_Vj2bLUPFJ!H)Mi329I
zrmvZT6BnjTU1Cg~0QN}E<{a<a_oB07nWbs$t<7|TpuzY);e+27XkdH1!<LhM9EJuL
zKVDHZF$)ZB_NqO55}%9uP<`D`Jk&WyrN4zY1DY&?zRF(ZqZR!_V?*~(k5!&C6AE6N
zjC}eN2cQTsejAlN)G+#7HyIZHwWFot2V1vJ$!~4rqYLrDu)9!usO|&^EjfP*I(ptG
zPGzX;=AZX_qx{vMeKYs=@DA$B!hS4h<Eh88m+k0+E4uRtV2HP@c9|cNIrmUqgh9ig
zkhv00yRGuW-__-XRl8nH2~3q+y-#e&G^MJoCneWeS_*hQ31yBOU)@4>Wudt40n*3a
z;5lh`8$<VX1$K{HosD--H<=@k@~I63%ukgC$7TUR&0xqzdN08=D7)i5o<ch<gd%|Y
z1`Rv-BUoq_((=|_#1x+yV_iqE2K^rIs~b?=jdhnAG^i&az4XEFj5tLhA;-TcMLazt
zd9Qdo_x=?H1~M>orES0p%>_RW!8@}$nz=a7rV_(3H_4IjW(vL-X|Nl*y1IjBFGoBg
zVEU*(02-nF!lI|-_AGn3204%eFt}J}gU!NoZkL5{wW^bZ#$y0jpamfv#Lg~y##H$>
zh>T2jczk^e0R`!L`NKc|m0EOlU)nlBaf;j%A<BJ34`|>brLOLo)6wmULA0j}s1t`Q
z?sFHOycjoW(v?YuS1gG%5w8E4&}>kr>1hu^<n_<`%USvMo}6h``zmFoL#v(Q`|7h%
z!XrOp<!E=Q!GjBCcxpu~m|PwlU~@0V55r0HtT>DC2gvt1Ou*Uiz-7YISD2Z}d4}1K
zxC_Gq()ak0HGrEwqZ54AN7YU|kF-!b5rZE+ifa^47y$E{*uo>DMv_KSz56yj8s<AM
zc-DAUYf8ey!a(}q&5W(vzyaHL4zS;LBprbB9KWZJnZ0KZ%YOH+jZ)0j<L9^QUU6J7
zXsY>|a5Xp4!l5u-e^*6B^D^$%(nVpT&d=V{hd?zn1;s5<MH8c@XI-N$^i;TwpIFby
zRN)iP6T4o${ErsEqOqxI!rRLV8y-t)JZ5u-rA0(1WC>`#c|Uac@aVPiHD^F$Pqhub
zsj&oR<amwxvudGe<-R;dA$90AeNo%+{4Z^*OV0-~d-7y)R7c;wy)r}T@rLW*!fYyw
z?VpNG)#V|IKZ2#-yO@ZM)HVI7JiO&JuPGQq#O#dGHm|4OCtj$a;1@24wa%#*+7|im
zmz-hya1gZk9EY;g%y6Jz%yuleuv7NgcS1^E<-EU40s>FT#n&Y`I}A1|Y18VY=DIO%
zRA>1)C%sp7mQOGX5F2toVJ2{-Z(ZB3+=5W;ekId_xd95}#vOX}Y0%)odr6C5aYLu{
zMFt9~YV|*-`A+0v!@D`7_<G@H{7HEidPyrTwA%iMb(Z45fdfa48f9Zsj{U&+ltgw4
zVFjBS8n#Uzg65tBCc<f?b)BG3qefxYNRLLI0s>61wc4tx3(9+NqT^REzsSjz4R5RO
zs<d|lNn8M)k<+Ez4%Ps=T>h|lOivr*vym&;tO>gHd|~x~@o&0Mrwm;_9`x`}E(NYV
zqW;xTDB+9eE%8sI{$99v5fqR<fx3vQhWFAaMGr*7xLM6dQZVZ0hD^9Ik$4DMFN8=0
zfr61r4;ob1ZmT!REbdVEpZpZNi7kgWwC#Onh+o$8E5uUcttO{bwx?^}giU4DwLGw(
zmhiOvNq8TzEu>ed<X)E+da$jHf-g4--*VZ@@%k%FN_s89|8!=<yAO)v9li&b3GHI8
z&FawVi>qb5^78X{mOd}WT4Y(mshPcde~q7@bovh&&2jy3)!M}JxrK#AQR?cvhWzjk
zBit_-COub~Td9zRJo%n`H=+L7r)38`blq*$Fh0z{#`TrSh0Hdw`PC)SbqmD(=A1OD
zyIHp)vJb)Qo@N<sSUCw^qyA3uoQy=E>HQjdEhS9h72dgG`=6Z}AHM?l7>H+?b#D7J
z?Qq;BY^<QdkuT|!!w(T18TMVGEGy}T$f2u@-=jfW%!?{sxs>Ob9se-6)2}3r2`9Y0
z=MUA%Sg|VACBV;5+kEkhI2P9y9Fuxx_I*I8!U_-}UmYzEht8QH3>_dcckj*(GY^~<
zdUr;7BDMQzz$}x3<s$W0&rWrf$r0^-WoLqwP&tmEQvLha@-EPl0GK1OJfBfKY5Da_
zPXfoWEYmnF!HA!3{ZYuL$L}k_(4gYD=15jha4j`BXL0aC!q8lwbG13#LI}0}@M`=r
zd|r+ZR#{RosDpZj?+km{{dX<z4Ql;bHd`D|lRuOKSa;E_zT9CupCW-zF#&PTg3QfR
z@x#M#$U1i%q9Z;FRrTvkC1?Dw&|u;lmPJIF_2VRqG(Asg>5z)U$BxC_xB*(04Zem6
zT6xlLiCvPHQ)UPf&bw>iI7g_e2Haia1Qn1OxIP&?cI61kW^y(movf3`dUOa{g%s+u
zNgp{~t>^A>GsKrC?Tno5g}JcGGFf>syQZK7sq1I_WV)Lj1!m=ybg0JUByIv9ZDpLL
z{@S&{QGGk)O#LPya*R?Pa{tpmUL9X&{Ud7#`th$<N6Np7ipGDvI{rKU;XL!PqQ<Yt
zEnCq&Ibg8q_T306&-5YYn>qvyB%s4TGv8r=D98+N8(5Yo_O*KW>Rc%wqMnLEKyB2h
zc|0YeuMz`}DiQW3eA9Zyabyv<vO0<sF}lI}B9-sb`p2n5{T(fPJGw2(VVk*qL06>y
z?qB;3=YKUVHUIj2{CE7rgSVE5f)21)f`2yFcz`>nPW91Ph|m!50w-wNh0;pKT_@7#
zjEwrrT!PLSc~Y-}=L+Rv$Ri<%i^tmi1Q-DN>^)61!vMdoj?I`<AgR=}^Yrkjt**Y9
z(0kCd&wv^=byPkw3*6s=_Q5PFIW{q@!OJYP^E`CuCL3CSDy_8m^~ear9&zZreCgwO
z8*X~((xr~gFh(3$VUIQ|`=_nb_Z+L^gIrY8GZnowB&>{kc8P*i4~;`HF$AS-v$t0u
zTSLI*aNpZHeMn=VaK(dqs#kPxjNk|yd2(x_aQ-!}<^Tx5#SkQ--C~thcE*!S2Bo0$
zc;J4mq&=;qZkJXdSVuctQ^%?kbK*M^9~zBT&GkNWCj99Qeu$G=pd>iZ1)r_FErt&T
zJ>HZlId{|>in{V9cvmtN1n_1jw=fMZ8w7_Y_zC5_Vqf>dG_}#AH8*BLlo~yJRap3B
znfJocY=`HrZycbHRT+D%3seE6U?p<bySlo1$CtxjzyWI5;g0znQlPX#Kv9k%&{k1Y
z9PN&y{=I^Nv%}`Nwl>3Y$gLgbxj=mF6e%aQ)o*t7h37>&hpW4on3&;c8TTg}n3h*;
zl<z5AA>E^(pF09NiDcZbn#GrqqJfWM)oL0X_Y;&Cu!0vt_Cm|oXQQ}!z5crYsS-Em
z!p%2m5TRx-U2k5zXc4xZC0nPHU11ormgmdDBLDTPE*`<VA0~n0(X&EgS55BMZ;Y%g
zCyGIvg1aPXxygy7!4~1K^ojG!=hP_;aSA4aPg!@Ab==1^RM}TQV6{wXBe*m)7mbUO
zcgYjne51{iWTUqiw>j{%)^M;tYGWMWKpG(_sX@yMXd7Dnw5$pR6Wm&e_73*nEn-Wj
z3V*L{H_oF;Kts-GKq+M4vv@xGBa}XO?i~M><wGInO889U`W&uzQu8FTY<E>xhV+o*
ztsQDKQ5ze|jdADsA@|oiz6R+7=4-_#VWe^gHL)<|9dcc`VD**j!}UV47B4G^!+$-B
z-&j*mayuQ*vX}$mUfJhnyugFeQIKr>YOJ;4;__AYT*REE?5~Pa6?WgzNlQ!2>xrVW
z@|EsZwyO}TiQFvUIQ=pN4F^)*S+kN51kyrq9bchhEGpu4y99T1E2~$K1710Mz?B{1
zl^wMF!oAq=1D5()DTvbP5<>lxi|0__*n48knC$2T@qoR}s5bBLHOv5HOhA4w@@zxf
z)Iztd7PvHE(v>ayzEn3Li^?5SC|pesynM<cZ{Douc;t$)@RkJw_XYeEjK$FhHzXyc
zv_XU2^1lLvGBg>gPHY>0a-kY-j4TB>Hj@M@EJ%54hrLLH?#AZ9{RI0Z5m!CB_LQ!v
zDqb9(ayi{xK|w*;Us#jy{xxR~xvaNt`Q88Uv%yK(KeB423LhiRmcDWYTMxX6jW85K
z{1#E?7#L8Vz`J>hd11{93Ol&Du>7|!#)qf^U!BI)ZJc#zl!a=RxB{)Yu`$-67prdd
z;F|~`%5c4`_44D^>7-rg&A5>-46gXXG_B69c))MX(WZpk4pntj<d9?+fPF}!ci;R>
z<gJ>ds+!E}gZ6ObNz#q^I+FI0x=HAScmFV4IuKGJVme*KutFly*Gdq7;1gDXVIU*Z
z_hoWQsF!f^zd`J>C{q*gG<458k;tq|nZlCRWyOou2!%Vb`9%)nJbxRadA>lTd^+J@
zp}v$6_Er}$F=G>x1zK8VGymYZfyE)J115+tZ1@$Vf#AHzTr2UW@&1*6MDqfV5`B1r
zQ#gNI#Tm|SxBR=AnFQpD;`VT)-*#<l#jjuS0XrnDHA+cIu`HY@Xbo-|jI{zDH(D}D
zs42SbWUjjEHPfry%MjMsE?oj8fhvMW=Y@=>9Keq8h*F?40Tsh(M5U#qzRrYSPF`<m
z`7(CX(#w0cKy<P+YV?p>zL~A_thPMzL(2B)jZ;*75Hf{V;l|IfZsE90#xQvD<mEYx
z6p13;P_FWoKBrsfKcQ4_Lx`Yl2gle;v@qVRG7p$+7_Q{~Ww}rj@B%kvzI%v|gdpiN
zhZ4^zW404$sw49J4=ADx22xiWc!HOeSfHc_EgCX(C^IrlPWrx!{KZAxa-)Lok(G@%
z)D(b&_Maj~PtR9)Qv}<p>=ZKm3N$^>1oeq0PUA68KQ4tPj!r0G_U-H7pSk7XG46Yf
z$l642CxQ)Th1F;W3(yM0EdWvAMDcFpN#O8iPbtqRq^%*_HKn;~aeImf<L$zLVB#9S
zy$H!B2&%vUv9m~#Rx4;T@-HX_whC_v?hoSo?_NWMlaOFCP;$V4e53+AL6<{9QdwwI
zQmVxX2ZX|xJC69Nw2~U>LiC|9)_8d6jf;zkSsP=TnJ7qnbx}Vxds5)3I0z6I3!l`@
zm|0nG+@%EI$}l03t%x%Ph3f4zkc6zPEqH-Sec^j+23ecb4+p{wfiYoABD7qS$3dTK
zV|atLbBw{eK#Fh!fVr3h2QecR76PTneL}6Vm&GkcV-%}=u^h!0EEPTIN-w+%<&lLn
zd&17NhrwD{wExk5C&R+5I0|Pnwr%>%jo|M)_iOcJGF6bdtXg%RrQP%*ls}OyF`pcG
zi~fK;TN17)E3aSQE=}OV74^)G`Z?zyUZ)5s==?;Y#tQ;p+f<jQcK*o*?a`-*#bbw|
z`15D>w!&LbFZi?csoKi_z%dzIwxTSgdEc#NG|4$??fsvdY&CQcSD~b8HQX$SH($BB
z61-wNz{Zg_aMe(H?rGv54HBZ|QTVjs8NGY<uy(ta+)n${kt%e3>M9}1x$*mFez~_{
zTG)yWd0nm|p<|@V{Y2%#Xf*t|(Jlocwmd6v4v7$B`Ya-w<F=3nR_rhjR>`@c>hkUM
z;>z8$HW|f^yLbQGefy#95T3qqooJeESs*_LuNfSC#7+w&2A8y{Kou~&oLmef$VXIn
z{|qYj+U$cAb&Aw6Fo>@+|A-8Iic`QBq}Dqf9F(R`wW=z=k1X}UnkiB}wC-oQC~n`T
zS_!p&&2%E%DsLI|vCW~}z+ToHvb6D?UZ{E$Pa3aFJuAA>=WX38xF)hc3HG1vLmiW4
zN!!AL0?Q5iJrM&Bvjwld(Fxj@KNexzEzWrUgYIby(r~T_n~~?!>p8l$AXy;JK$<}p
z1eM5SLO#$%GM_0I?(8U1zyDZN)`z#6NJZO`RLei4rHhjH?!qd5!?e;4LiTZR@P|~C
zhV&g=Wmr;&iXxoe@EW)p7Q1D@?_oDIJp8%CNHcxk3XaBZGBCKH%2$7M#}0?oBiOAA
zGbUpHoVG4+SFvvV?q$!muQ$T@j#nB_4YPRdc|NNg^ww`T4g&_$2)>q*So)gBn=t06
zShp`UM?UR;{*|g|N(2Ye4s~@mt|Ip;IayWdK`vXtMi0qDeU_2Ip4b|^(Xr7CbgnA|
zWkpoT@&4+|YZO;?;w9$6<K>rM$6cg^epp(}i}dR<guxi|z1(~wFz_92490{3@Oqwk
zx=hI7C@3&#s;Bi}j`t2ZU3(&ZbC`k!2a%InYRUxk5Q6Pde7vrAu$s-&he8tT{P{73
z-?-Y=;x8h4S?gqF2KZalzB$^V-pK`gAkX|=3=(aEMpnbhu)oN=&&Y-1X2Uf0j=hDJ
zoG&&9X(eeH7`^x-xM@e7PRNa+Gr?MSTtD_>go@9p0go#*^psMgheUG>=-*$-a$W~f
zkzf8c@m`T>7(j0zrBr4OU68gsl>QVYB}Q*<U=Oj2Gh%J7f+_*#bApr$PjZIxoH>C{
zHYjht(jB-Rmi@}(sQ#AC533r`6*xJ#=4JP?Hq9!sG-;ciBRkbs$Gd{c7+K&5`P;xa
z!|X3e^6`}tMBM8f4os54_4_@-0$TIjfLpVNdEVN#ixPx+PEGx}b3^F2KWr`Y?k`f0
z5VUJcQF?L8C|Ku)iUmH%S$Q)YGj;=9uy`U>C$H=#1KJF%Pe@L|VaxgEf~;xglaQh7
zrby9Qm9>Tk4$ZxGu7mns%!ngQnz_Ny9K;=(qT5bGkS85-ByC;Tv0t^dESpb7D|614
zmYT(W{Wp5q9IaiV1|4kUeBO=i0<Q2+He4UD_c_km`z5a<wQrnM4=0V8`Y_K&76M_8
zC;~z7LJvs=^n-G;Dk{5>PEmiSDJui@^y=MvskZioR?VJcaSl9n;)J@qQOU*=g4+}R
zMNAhQK4J4e&u^t7gbkp~?{Na?rduW>_^w5){KScv(C|zLoBCQV{6RfG)~3B=$uM^1
zNvW!}VYfEG#`vkR|G;Jb@&-DKwoM<tX905|drMRS%j#pbX0zwaafL;rL|i%kkfQF=
zP_@y~7=te!J_f6VxVUq(_iQJcnullJym|D*<jvzV5w-h`IX8l)Qh-U&(V=d^cM?%v
zL;uJc52MX{s4#q>2B(zEmy5AR8oYC6O#F@$2hSC^+*=nz_kbZRk7va6?-A#2y^ed`
zB{%uKblp1Jx<A~Eh1}!bI9kw6qeI4C>>5r1lsP0(m|ZT}*bMqC>|4;~3JOlBXa=Ag
zWVC5tE>rvT`pp|^Mm_rloKdrBOIb-k>(5a~+N*6=W=D~w<j}V^5{@h<+vv#J<92k!
zqsTLF^jJpG<9U}b*I}=6CwQrL1tY?ZYuA|4&)n+59irIijhl^j58o0l5R4m*YX1d6
zPaZ!;bW3QGs&k`af1G#hn2D#q6(d9$v4`>svNCMftPwmedS*BRHJF*DyOL-n?fGaH
zKa8u*<I4;tF2m88ua?Za&{qS76^Hee1_sD1ZDqZD{rw~MWXi>Q6XdZzwooo1CQJTQ
z$mrppG{Z&>Q*(m3xyHF}HRI(e<)fShGiS|$bv-|OkHN^31eu_NR**Wz{5D}@|6#+<
z`}mlyTzQ+>N#ikW4)v4^?#j5Se^D~iS7AZQV|HP?$xxrjntGg>DFmJG+jo~wsJQv+
z?TwU9cmtBCj(d8lC@EFE2=PphwBNR^v?x9zeNL%uSF1pUyvgWdSY{zXf{}-%^bzjF
ztQ_vHCmnJ4ynkJi+n0eWi&w2IQM=IVq4l42U(gBiNFpWpz>*(%))>cr`ts#rNi`Nr
z>GeGRlb2uL0J+ORA_Qr3_+yh~Hhq)G5@_(x>+Ii8@qG%m@IVM%`~281a%W~nhLG;X
zGl+`PyY=&rACo1;;ep0^J;4Qeu{fDzhi(g-b(t0uhMio>YK!D{I;uU3Ei7b@rokef
zO0Zm=L=fd)ch}%qYh!90b^_a(y2?uZ9$N{n7_MsLHO%4tuz>?ZP9GEaD&s7CBr-E~
zi<Omw6ff-3bab3~H0}BIop~0OOgtKo1<FL8zDN+#5~7)&Zt%1Wx~odq`uIa5YE`nF
z9d;W#F^O(-#QPBck@2#9$<8Jf^W?%@+pD*QG`XrX>@Q1dkepGvq6F`aPnCwfo<t-J
zz2ux_m^y@j=BcvNr<*nv88w-!S4%`~pB!aBTp!yCHw%U>AxW~|<Y^<_IjXRBD4(e$
zvTWL#Ic1z+zP$$z=P*O*K79a;m%Y;;7e`rzxXA_4MRJzY_0CNkm_XdAdwKFMaDp0#
zK05D0%L-X~WGeSXWy%z(8QU-2PQ$;CMoKt)FvoQ6dmNu>o;>PA+-mHu>OmS<IH2KF
zc8FQW-UO&yng1~7t&20E8EkP|JJ@qDFtb`)vwcN^hJxb)HUSvHBD)Qov-6u2o(-cl
z-%>*G_5i)3l?ah4Oxk6aRy!_U{J_0q$9gmfY~ktEyLHI+U4UGGVZ2NyiF#4>2xiM&
zGEFIiGjq}9=fvBPLAbPZspG4;MI}15N1ykILx6;fO#U>Lid`M#S8tu~@O_jhXUev1
z+l1ZA%uIRmKwBCem>&7rsl+jO|9W@k?Ah4D&D2WNW`Yuw#zqJT<+v17R#m>8)CY5J
z8REA=BkD*$27Sd=d*SEu=%^^6MbaDBj90|PEuXb|@=)WtM1tt)@BRCUcRn(eBoXXi
zAAOqI5BM!mlJ3eNdJ}a_P!TwEU$|F5Z}<<tlYNVuE4OUjI>q7U>UT9?@6WduxNG<!
zvM<R3j-y*)eJ9UmUao$@ADGeW#!s)+@b&Q-=aID7WBMs?@5?VS#Vz*41jt86)<5%1
z!W3Vfv~HvyJP{6@($evg;-T$Bpu42)mdcL+LPYsIbeHsAma3_#Nrz_5k;?Oc3sBWg
z=kFur?Trg2*QV?8BxVd;dGd>MXOXmL+B$lfhWdJ^pLe^`eEFtJiS3VJZe>OLCT#+0
z8VdS5x&vffxnM)ym0%S2w{9a_%zUmqtd^UbC{1CQ?iiMzuv?^To$WpJ8BHt~!X|P0
z(X?qQtj<oxJK1<M4)6NMK2$e=$;m~#3?Y-D|HGUuTR+v;*Rz9vdENbgQ~*||Izb5{
z%t8MQE=*;IO2dE&QBTE-Wee{6<!z){UUgV=JIxe9-3UFrBO>jOo(?TPMAlzsgH0;G
znJdEEt^Hy!G2?wTa(fzG@Ic|q8i!7xn)&EH%=hUVuK!j7=&I-y{x3p+WhHaQH@=>0
z_T_5S>bQc(=ISTYlTEADI*R1?r>)aHKf8f#lQ#$-5CNZ`<0{xevGcy8@aSv6WqMM?
zP^?qXrlrz*GjZhZ0n(2fjsy8+!I^|=p1Wai&sE(VE?@W<<G^<>9Bpu{TkqaHfJ+uG
z)Z4rgBYgVK;??D_jC-cO|NcD%cGi38z`=vdKYpwteRjMu=o(Jx6J&pW$sC*}QVVQr
zZm`!l#N5i{6}D{|?^mQCm{=8?zPXzW245H)FznBy%BJV#C(hqdbNn%`q)V3M-!@Dh
z&_>FxxJ(s>GAtagyuJHbZf@LNuXvhCUhkKMg?Lb86czc&xfu33@k;6+;=X4)asOOx
zQ}}AS$bR?njZxZ^H6(NV6D5m*dY86O&cE#`a_gnPt7~Yp*YA*Q>Qc5vtPoYgI8Oye
zbO>#KW9unVP$0<C(IRdv50Ri8<%FHEYFwyd2K$Tic*T^?9cCRVo}6ydA6chk^N%NE
zPQ&NEmt(hL-j2t2HHQ@-=BSeknOMmI$E>l60V_TG7f~%uwB>NH$iy6(DcQPdNkoWE
zL#PCIb-51CcH@Q(!iqDp01P3JlGZGqI*0WL)U(EhhHMrxx~`J->Pg^nQ;nitf<UdK
z^dW1lYH88tlYK59-wjKF$ni{die+NGpOOvgUi@zbAuhXfeGaR^{4$*|`KauU(vbC<
zK{Os<G<(~hi;Efc%`pO#K6<kou<iI&4|U+t+pn$Qnd{L<pdPT=o~@v;tf?seWRlyt
zTgj&P-*y!>9?mXtt$DV9tJcC51*^SmfNs1IB~yDvtmOax3*`lW5Xsf%I%S=5CMgz%
zF3s6#H79F|(vL%Z(h_z0EqJYeVfv`!Y#4vpCfF}v!3W8BHbYCw-}4_Wz{c1@5F3WG
zp@@l}e;%3J>;?Ei&J|ULT65IX)1=4l*5*X6EmQH19e7(LrH{Sv<^Cm4Jq+DKbp0(D
zm*`B(%Y~zevS7Vp0HM8JPpG5RnAS>9S3L!ty7B^H_awJC%;5@yhkVbZ@Pi1jj3)_5
zreuy^!ot#>cNy%*J9JjsBV=xK^o05_H5r;qZ!em7{_I)ewiymLZ`knQQzdW(8MUER
z2h4yKIrsXnpyRja&`3K&nW6+BAf<pTSg?TFjFyL$40b2=JJ77xcwC-y@|$b)q+Z>+
z=@%&m>$QV`TB<*S9E-2MoD6-B%v18PCg#Ze`P$LmG|un3DBgZA_v_=#Uuq6hvZkm{
z*p65OG{)ef2KD>5+Zaol9~p0NE$PYL^St~WD!b;cU@G~_B=+6WtcCGVpPF#yOnzL1
zIiM4N84as>wEf&$2Aghhm>xTNG{Qb~u;pyvcv}6-(mL6*Lf6hn7(-9}KRHe}NB)$X
zplGO-0vQ^p<@73{vy3D}k!G*vNbXZ+aU+5P1%|~vG|XV605oAk#;-Z?AC~%fQTbC&
zkh!v6I3=po|G6SZ3p1v<b33%i?Qs4cBu0i?&<Z*z3h_LW)V^G!9AjO>h83+;32m&&
zkfXyuh+qHc9%;mGCcZtK48UZd`U?1lpj6-R<dm%I1zs;`4wVLL|3v|X27LpsnkO;W
zrd~c}y$k0!PGCHrJ}N5oORfld__>EDM-E;AY>R-~`i2I=fnl<jK%fZE&C6O*P#eW0
zVuL_XyZnC<)RILI)OL8_X108r`NyC^R<^duFec>vX!3aPsvPirg!U+VF_C3|G6e+`
z3}%MyB$P@A4;%m!#C!H9FPv~o<Nj<i58e`448Q88b+08#RKf7xbN^kQ-fc69gI5q%
z&$(O~o4SbPKD3SjcNAHM_~=|oucOysqww0*t55Ut9LO0)N5RCSHB=&K1?g16KYZ^B
zg3S}l5sjR^j+2DF&BJ=*cI?_EFgj7oI$5S}ecPVfpgxFk2Q4A0esLKV#&DhB)r|}d
z&2d;Isu=jU6|HW+a#L^Q3Fi9xAHIKodun-yIF-MDSCBp>w3Mf@tPI<6;b=29GAf-p
z%1xOiHQ~dkUqonB1(eFa0RWZg(F1B<m=by3AFPWJKFqAYsdUBeUQdJ+L$(1Jf`sou
z26Wcj8;xQouSXpfWq3e@ADOcOY)6qj4<XmEe}8b+(wRfuZgeX7O;P)uPfVP#|87tM
z$2;4zS1w(ObJ7+?5``&zv)dW+II$`e+yV$lWVyShW{3Hv&N(yNBfhxIGXP_N`N6Ou
z#M}53Or~GU%aa&kKsL-n#DWU`{=mSCojQfD5*{dy8Ipd4wKe=z%uBii6-+Vi+y48u
za5LyB_`=gb)+?-hhp0w+o~&2t%&s}RK!n(l1hU8%IDpKEc7_NHubug5<BZxp`+QWa
zC`UCnN-qIO4(n8bZE!ntXI%`TqM<BUi&|4TYmwHJ+~>JqtqeqGM?f#PNq_V7Im-lo
zsrPWCF(s5X{4}7$1L;o&g{%#BhQ$y*WzY{!js#Y3c$E5R2&;N)?sf!AFdy3`=K>|F
z{Vz#DCnR8q6awD0b?ZjT=I+}G^7fA~;NM7-f7K7RcL5vr|M@4lZ8R{s-{0QGZa2`d
z1mC!!%%sZ1M;{p)8JXvxCDH`|7k-uciYaUExY6^$z%XeEfm}T7@SQYkx3VOHtkztG
z1QD1Nt<ilV0gD-MG=hIJa!wqu7;TE;fWL3{jq$3gEu?PI1Qc+Ebwz)#>xsV3`sZQ#
z{=Ub6xS4{+Kz%Y!{3J$}#h@PN8B)E%9YbjH7P%<gKwYIfj%x!Q*DqT1gj>-~h5+k~
z;{3!`;syDKm$iERwH{N)szt)}7{|*5n$iSMCv1ws_;KIk{<Jwbw`)3f>1;t+TN7X<
zIB2C4U^(oJmsc!^JSuhG@8{1AG#0YtKqg6U*bCYmT~Al0ODyBXWoWG@4#;>#3*-Wf
z?bysM1+prwpqO%lmwfs}(QGGZlOXHJbINn7l&%^+b4TdDeN}k_V2fHAWxiGlPz;}~
zI2AJ3dO1Ol$Wxzv;z|<RDXkF^2)B1-Nr1Lzc4nr4kNkE2WP+XqMy=k__Q*>#M^2r_
zNGdgG5HH`e^}-z+%zP$5(Kl=dpUq&$fKR@xXU}a*Bx;7XE(rdBRDo8D2bx07zg)Xk
z#%KfC8p4kDCv@OqJ*3o)f{(z+AR{Oh5(osd^J&uzCK`6`*um?Gp>OZN?A|?kTpE@k
zA+K==PA9z{<wi4rQSN$WfBE6AODoTXjO6cNq5Ej-w<CFHFYw@my`JPyNhw{Zt2@U1
zw72*8UYnvP5xs$^cvZ{+xgx+g!-unG%-|6^{}%t{i__ksHf(j2a~aCgV9+!n#(|3M
z&iQ>|dhkkZ?IY<$N&r%HTQ&Qd5EJeN=W%ob%VbRaT7i~P&gKX0E8HapSNg?KXgq4Q
z(W-3}EO_eSh&aFcYCO%%49m7FO9f3G33@(kwZ6X0fTLk@0qx2VN0=Zt7iOZ>WC?=b
zP@bpIx^ieTmr(P>hHnbWrhd0B1%%>P(}eH^3IP{{=ezdhj{DY7X>00*797opAof^i
zZJqw967vJDEEa;01sa}{5iojqC@Cmh3>O#Mf42m4LZ}E3+{|Q$ptjHn33=wR<^~2;
zJb(H|Qyt3AOOEt<VmdLOsijm1oB%+**lfMEL8T)ME(6S^M^HSjj1a$75>qiqg-T;?
zWIV|EWcTJ4_|V0d8XLb?RN(l%+_9OS1A^KT#}x6CCb=+HPo7u_SGJxC#-n8L?h?`$
zS+7MEmM|mq4?&LvUQmbL5Lp<~Zf4DQT+dyl&*$^bhaN17Po|Cl(y-_w^p223ALE0z
zqm<+Wx=X^wV@SdmIB)UxH*enHsxa4+6+Gf=0kCIw?`mnno*FIC3ObxQ<N5yO1_tZw
z?1oEAYkMxmNh8H+&;0pa8h(UXl}Xn_i&nf%_8$heP|JAo{FSq_kj1;i4igz6cgsP{
zXXbhx^K0)ve2BrZ&Cv<G5M^?xoSBOOfzdt;gSQV3hnu?r*^Dq`CrEzTB=t@?GjgMB
zeN88}BIXs64^o`{@zpRgnlC<e%9O9zjSE&Ll_2EYO70hzM*jRn(YT1;8k9EG{=kn0
z%a?~m-Eg8{LVIW#J<A=mzD&B67eXEbx%N*C6f)tsfz}|jbac31D>;y*$Xj#xXwvGH
zwyqW&h(4#Lo=F51o<V%f$E6_I=TyXaG{w}RMj2Lw@MD^{khZYv*SC{&hB|NuMg|OC
z%mrJwN_IamUAMdFNT|)Vu<APqK52z(d}uX?&e-lA{#SojxDEjcuBitI5gY|wT=ybZ
zeePUz8p}J*WfZaDQ?7iUiEx9f<8l1>l}7{n^=sx=Li2?m2{SWunW`*`8vtpJsqto8
zTcci;7%iMWb!udrkxTD|sFc(99v8NIoGZsJNY>x+{k89{<=sSP<8z}T4d}N(geaL&
z6g>`bz(Zhxed<Bww?(4U<GqtO<>Y=`Vhk+C%$9;3`XU2h=gJkWi39fT-5YHde`FZe
zYpj@S*nxYK`qU#?b^LfMUUaq%K|l*PH?%ZR2nS8uu<(;g-yl`IPaG*1ctEzhNpL_w
z1?Hx$W>=u5o+pDK;3aA|-ConL5n;N>vv<#)<O`o}HfgZ!1rR5VRe`Dy89}FhC4n7M
z?cydaT4fN1P?fGc+#El=l~z^_&lU{-khN4BbF(dDJ2<-)#d{0E57?nVy#aic(5j)w
zq;cjC<K;P^_NyBw?)*1)aI0bAK61xcMkVZ)g}Sem+%I#iNi|0XXT5y<Xg=15KOuA%
zdCtLsjxcae$-nMHt8+(Y#?OLO^|s%EJXp=88KnxxMLQ3Kr1*uMviech)|+{F!}fGW
ztXQiq=Pmd~Z;ZqhZ#Z6)r=_EpY#S)p5kyB%ra-H;g2v^J+mU-)l$+dGmUWbR;_u^Q
zIcNV-r`dC6Si7PF2oZa_3;=i^l}_KTmq8ek7)3&f=FDje33M@#_VTPEaCkOO4q%f2
zkBp#i-(t-}%2My%p2{=y(c>LQ<N%Ppe%(6S&MW0Rg3RYt6s7C<O!+`d2MpOuLgN0w
zHS}h}x)Z&ze7o@aLioDy*>#{z3Y&VVw$i}x@|-icn3&igC<3;>uH|2vCvKlVLK1~P
zUwXX_hZ%KJe9IvE{axzhXbm`QRHm9Eg-}S`9_M>9mo#!3?pE}Y)h)vaR5gWgQ&wTr
z@>co_jTs#rBHfbWVg?B?2)%;YD8OP}+gfYtIkMo=!#6EW2CKw;n`<lxECl~4xsXmG
z%MPLDEB=B;57uk%7uDs<stsGiv{fOp<t86t<(uS@O9`mQc!Q6<U4@hShG}`3TY6Sx
z@+cy?<!tJop?_HOI&u@9)90TCPBh&LijgK~I6@Mtomvucb$)OPWfyasf|&ISyf2!w
zl%?AqaV^Mf5)=2dKP<SjqWQXU;pi7o6~R^tC9A)m-@^wFa#ABZ{r;f5g^L$wus#1t
zK@6D<(I+fm$%7$q;m3_*-Rcn{7+|xdo)|b32x@+suJ$ifaKeAbT%oy{*x}bzzVq%s
z-Y`vU|6IE{j8oLP&tpPwkK}oN!!i1`lDflVJUTGDq`Kiqe<5La+qs~>Xh4{7iMt!$
z=P*K}`6KmRT-0Pnql?P(NILKDpG2NK?;Ph(4eE&4xVT&gt(=sgowh?mi<Ee58Q}_0
zQmMaq(X1AD=1d*OCu1=buEE*yg2bY@n0543#X}aNCj~3$9e9Nqk{-pfHPY%6>IBLJ
zUt|+_c=S|#56&eZ=>11U&u7<^PL_YH>*;y;@C+<lja=o<Tof|79UN?1d;WRmOkm*T
zK8LwH3)&_zVPu|HO#;;C!`9W*pvB8ybkOh3&28%i9m=ooX=x*J?wM73|Dt=Va7WIS
zo~WK1laTNOM#yv`yvQGiH9xlbF)*eV)t<%fmV1@?^eLR{*^JAw<5<3-B4JlOTs4KY
z>}%If-2cE9%(C?ricYU~d;q_~DMmW=FTdW2{6BBqD#DYNH?^jonT{59nVh%5ytNsx
z3ZMuXH5_jn%0-5U6Gely08#6=)XzTpguplK=_cAn23gzi$WASrNO-BrGSxVwIg$`;
zU_d*4{gW{<+bG}3w{K&0^agXCmWGc{;P#8htrQ^vi&!N%=s0vm1QTRWG)q{)>p8R%
zkU<yaqJ(W{6O(1@r!%yLUNz@`6;787SEVUaf*u;JinBbKZYDVK(rjOm{b96n0~R)n
zoxzU;9S!_wZoSG8<mn{(X$rT5Me12H?tVKD_+4dZg1lAKxGz3YL6c!&%8+MU#F(;)
z!z3sWq7_9z<-R(o0km|3?v+%Bb>&a5S)=hdj<ZkK|4P+TkzZv)GuR6#G$J<;6Yd&P
z)M3-N-YF~;!lzN9sXx+7DvPFJLZS&;evP_wD+`HJ(e)tVYedB-j*DT^(q>?`xFH0@
zOq7!w=??C)V51YFA_(0ug>#0B!E4ZR9sIFrP>+LHDNElnF78Ysn}Eb+=EhBMm$c5Z
zcc|Xugt&~Gp~THsP>8T!-%SSefv+OXj*8uwg~^7Zu%ac^pySqM!!rFb&>AwJy?dL^
z=t`=qY)y@5^<#w}+J!FV=E_MzXr$$<pK85DJ#mNm!mcz4sCU}GU=5Jyn2)iC2&VaU
zZEJd0HffQ_a`Z~i@DK_*=3YW$HR)_bdAr$+`fy!_8Z;l=B4VCf*@C7t0K>#$qs40z
z?=($EwwjVgA#Wq&e5+#*zfRUBs{P4Wwy`0V%utZO@#T0V)1qsaE&_SYR7}l6hp_;)
zl#m2>?%eCDC!k5H2&vLfkEey@@OR-@&nOYul2qh8+FRSTv2<*i@euQp_MaB%rapr8
ziQb&Qc%o@}4vX{}GJQxEw;0{&NdP?FPrBIh(LF6AxR)2f?szESHs=efGzv-iyucY}
zByokQ`1DCAm}6ySmCKcqh3OLcIehKxjp?U(t5n|gox68`k<oBK2s<X&T&ec&7kQYN
znayOJ2K!BB>|@cEebB^hpR^SE$IzBBXdU+S6a=OI>sthMSKb2dsLwz|j#w^Ap3Qi3
zZS6dIZayQw3s;~$oUar#E|2mH1+mVZf&P_Vqz4bZ*BsSoi7nx+CGCJf(G@{BSe9o4
zSI?EB<!}p@k?UwV^k?926lWM~u0jXER)VF(-wru$*9FlF2(@lX5xpnH{z^!QN`qf;
zCa1D8Kn8as>~=>@S+6mpN8>Xxkj|cQ7)}duB$d`ye%ZozH@EG-yJjV)uOKGbD2Pdz
zgX3Y84<CL4b?#p`=pPx^!NZ3aWlWA5s|G<Z;Aru;Z|vrO!^5rT$;KCRJ)SOqLctB&
zgm%mFRGk0PWe)q!Z@ymFA}$IlVTe!IT!??&QaigJw5L#$SIlBfC%Ul8M>*%F6dIPh
z*J+4F&TT(F*ka9k%)%dT&4M*myNuWI4!yOw3>XmRT;nE8U<WdwJ!&B$I>q|n1OK<k
zQkYO#`q>e1$k@;#iTPgRG5ZO;7UfCz0K*x9>6I;eNr;QDi7~A;-?L2qtzq12Q*YJ+
zX!gWqSO|YEdBsFn<S{CHcJVL0aaZlO$X~TeQXj6oJj3PEi&p1hqM(h~<gZHHK4#>|
zdsLaHPrnHw4Gws(tBG-OJAlI7Pw?8DJ$+j7$;@EYJ9`RlSa6>?>!`SFFPIEOTO+JO
zQ0m_B1JcqqQuDy3;r_`<vwUJWo+`%*ThSxf$Aj+facAasF|=45unyM^y8Bx5U>#Y?
zG+(yiJ!+S)SI&R^dN!<TrUh)Q(cc=fE#F@&M*LWHHS|f6`pG52r|&GvaqS^?{~Zr@
zYYRF{6brPNP8{z74)-v+FgJGxBM@5q+1oz4dwOPr+6+!zV%ghl0Ya)K*5B9&Q0j~%
zn54_`H#ofr#l#E&uZ>vKs}@VH>BHNR5^D@1TCN#)VG<@RP9S(6GP?9+gr`gJADLtv
zR5>_<>TSPVu5?pZrHPwtzkZmr)PBdlkwdp!|H5aqH1FJTE?pVyO4hj<wCII~5dl-y
zYEV$n485d0Bg1rtTGfrWu#DLH*64>YSaApJetH=ANtk#)ShtOa068yx^!@X3X%8Mg
zyl#4x+HOAfLVt(C{M_8HqXTyyy1Rz55z!RkvQzK=_AQrdVkP|C+kd}Dj~+b;wWcj7
za4#n-CIx9L?XmURwa?rm4&3M-AMrLOF0L6lC%5xe$LulQ+I{=<p(&+pVZu&noP>z@
zf1{7;d3M_WRUhRMNs0eI>Z8t91mMtV9fJbsk%^(9)2}zX5G8C@eg!6?s8~bsKJr(Z
z^z&IR&C@@n(uX~w^|7*A)Z&L*d5K^D*t{=kxfVzJEi-7|Iq&Tstl(s4|KM#cn!P@G
zKz4REK(}ymqx>bonU@|mQ74<UFI%=JKz?~R>Fp;?oah9}11CXQNltFzSVY+PxtxGs
z4)~umgfK)rBbYo2;+fRjUMVq0<QejbL7E+yjnE2%{0;ZBBID2WdVV7I_G$nYB%f>6
zyhozO$oN$vJVQ6bT>Xti)Y{2gs+=|3R0fHH-kfULrRgm;MOnGEAhosl$B%b$<LAD*
zl;LkX*F*5q^7Vx^HhKHpZR%`L$MhJ#&%{H_ZRy=ZTJbA~zP9U7&iMle(kQ^W^5+rA
zmQ)|m_&~$VXXk?rk&?nVJ#u<SUHqD8>zL$Ny9|?JABQz@L^$c|Ier-K;tDUoe|74#
zpSIu9G#^wF+_ANs_G9<#xBNH=nAq#rQGP5C7Xt0-N<BFLBuTSyWhRD<gQHRKeai5G
z2E;e=9G#$lrg5SNd-k(0!_}9Wz;!ZrLM;H-Un*X+7}^b}p5JL>vlkze!<whS(}xYq
zS~EphUOjEZiwIJ+ZQImZqyH>%68iiFDdI}E-h;=ZuSZKm`CYeW%@opJdk&spH;4|J
zo|Cl@L`d`=`0`%dUe0F3t(_H6um7k;*e|D&!F?i<j$dZ?TitZ?(En67y&lqZ=)B$a
zkv&^N5jk~q%P*(>>>)Oa)DeC&tyR&q+^ELT3m4YGnM@pD!>hqtGl9YXc#*fG&}N`c
z-GoAoYjni5>enwaR*pQf*Zwb*FZClN{=Y=N)NjuHb6k)&Z;DglTeia`9eIK(1XOp?
z=spfy)ERrKF5TV;wBvq)+uWE>>XEQJG_R`cZ@rkndLQf7t5<%?i5D&dbDIB*czx7=
z{qSeiy2h7+hv&_OT!=KWwXG0vuf<;Q@q+ZH{8*5!Mn!lC2skQf2D$}hxx$0(e{rYx
z#VyC93mU`L8iIoN8%$w$P8+p-m?stzL8eFa_#6}@gH-F)N$5lJ_ms^GJK@8sn#=~e
zJj#A}RFtt<uyU#Xf*588?F?%{*Z@!M;?hd>>n79ISdePCWql{@QQkv8l$M5VtO(Ei
znCp>40M=9s0Cx8ig1zXG<rKb*PWa$!i|Y@me_K#cz+XRa8eWkj+;g(sp4ph}$(-o*
zM4;To_uy3Id;kP*(-bMX45j4jd9MUU-n->OXqLv3e-vF?jyr2+t1Lfx(8Um8mng0S
zMB6B>V?lB+Ig?Z@jObC;#oP?*v;RhiUrA--c_{@$NdOSeuIb!`kdRHWYUY-f<77UA
ztD8NfV#0jsdpVE4K{Q>O)L~5nESW!5N_7WbSSn7!RhY>^;3e?YpyT7?6NDqCsV<qk
zSny`NWx949j)<wl|Df#5!)o5&cfT@J2q79IGLs<`iAZePhD4~)q*9bQm6D=Np-f37
zl~5FlLM3G?DMU$8DUs47QfNA_PkZn4JLjKsU1$BVul@aQYOT+Dzn|fL?)!c!!Psiv
zMo(a%&7!zWX4>P8VmtzKqU&>adg07&F#ccH63_c6Li*|;;E)-Zu=aY3Ap1C#VRftE
z`v4N6#u_%p2@9+-5B<{P)WH9^09`wY{rreoM2PhA)vH(AlzW$Xqtof9v*Lwk-#&d}
zA&5e2Fj^xhoHO75Oz@1$GB!!cRr!y{wdB5UMf*sV<!>PuYziWO6UWF$&p&VH+?}U#
zE?IfaBuS7oQf_T{*bo{&x8~|wvR$H6-K_1Obg$~!&dSZzz!~jbI+SvV<=}NHw^?F7
zIt>*T)L1{m=RMgN)!kB6j>N(F1Tubo;`-jbbJ$X|4zu7@Eq)Ko7sKU&tGzDv7sN!Q
z_t-^_967(aA@@}b^bT4C!=Wb>Q3wIW;;Z&~V^!hM5nnZRGOy>Z-v&Xste#@A|3TxS
zUd)>N>3~wi?HcL_2^jo&67>8Nx-0M%J(Yo<(>zI3UOi1CPSQEL<9#JS>_+2Q1QvY{
z!MASaxi>$LG%6(Y7`;3}cG~Y*7utiObxme>62-CIyitqA^LW2)-@ftNLVT%9OG>gy
zRZO3!T5Qg~8s@mkiC8Y%r%za}GkarobU~c{#~H*5u={_UK{S<>=frON&l*Gt+VbZo
z9!W{fl<O;InSi&jstBb{M855oEg|R6Uq72lUXkgH>QMcC{J->~IrIMi=tU6|#`tex
zr3?%)XjU{PJ<ms9x_o)0vhoAeHx!|ucPmDOZjZ}P({O2sWTT<F?eTR<vz(4MPB&=n
zOH7o@Lk{@0li?<{f0#x8UAjb}3Y$$XP`Gv1&u``K-7Vaq^rP}ZU+7}e(rMGG@aq}}
z&b;=rR2S4!QsQOQvhJv^*aOQPLRgh7S^xbz)q~%`H`8ByW5|tU?o)WgES&T-H1gTT
zQ$OK8-z(8A>F!<XUp5`kl9N|s3hbYRt-_>l*UVxb(PqqADV4G6`m+O*LykU_5|wyi
zbCcI`@;NO3Was*Izzl$O_2qMwe81GywWFH_o#yAmUGMN?yW-~3&^*3sEnLCR@LF<<
zyw`pi@XBEM*F$t@Y*#DD&$r!`5;gURiq8}_w|*{@0@PXbs7HSpnTv4&ba#rq7PM8t
zn37b6&%uZffGrt0$4<{XAKMcWn@#!)lp9^i-#mxPHBhWEC<)7r{PGWD6)#Z%eIDz_
z1mBS$2qzxYd4+cHH210YvY{ygv!y(LLBsA-{jXFnc)m4-c-If+(ob*vFe6xM4RW%r
zSw%q1;$~kCD<1@@$e#eh^mZvLP1Td}a0&4De+xHCriUTBRla<Q*mce#VDTBsg#iQ7
zK5s|GOEe%lBDTD!cB`wpd^m|82Rry<lpCjSf24dtG)7g(_D9BaV?z!F_BPn&wcHz{
z%&D6KnV5ol;vpwYPw(A}T!OVGJqXYnc}Fk^p7UI_fXl;wHt>(g3n=EhQQQ40+~WDy
zn|@FjRv0R5C?5Lceb;Wvz_rW2N^TtK3lp+ymoEB~1Zhp8+NU_<nQ)g7xWb%y`V^-S
z!VsHSmVNFKkLCbGY3yw}f^zbb_jo}cmtjQ>ib@l@E0YJFDIbS$e4!IF(TahK+=mvl
zo0=#hxQW|<kcK*A;W3xuIX|Bn$C|OP361%XzBq3T`nj+^e!0Iu);=JRwF?(FADXpg
zdvI$csx^^qZ$NNp8Z#}^q@L6ds&e3rGY>;E3R9&#vuDHLjc@b9;uUl5CM5}6zzo9~
z^iw^09C3L*HEizA^#l9%eQ2(_dh#Vl$o99Hn{>Q~o|y?dU;UV1+jng9vRirIfpW6t
z_`1Or@TFmGHF*;+*zD~OK<9yY1anV2m(VYq3pIVpu$>KKw(Oz`-?(w?PG#F1?_<XX
zvF9u-%;MCIgz32f*AOc%9vPmdxv$&+luBP;7|iD4zm!{YZjG#4?Y@y=*9VJ<QlCDp
zfZixb8f49O&sj1pRLy&@CO5D!#=>*2n76-U&!XNv4gcSs7`x~r0Up-Fpvv`<2YI`s
zcT0N*`-qYA@Vgr-|8BVLsc>pX)rC7I*~8TuhKWS_G=jwOdSE9dEf<>cql(kNb8Hgz
zx~~??y`HVjTsF5_7B)82V6^W*waK*c!_rUN^=ABw7cH!r>0$c1J$2qk%Y9w;=u4ay
z-#oDnBm(;U-^kM4WVe*|x}Y}s%hdU!_`TVr!*>W^{(w~qYJ=6Qsidwlx#(~HG;s6S
zziel5)M#-2u>t5n0|S+czW~apVKpqEIwD&)*gQok?(KA+P)%%=|8;i={aLzI14&P3
zajClwl_#(7*n0*VbV+-xQ^>X@Rv#XvZjnsh@8c2aG4!vl^Zx2H@Azep?v8y_?6w@b
zo?P|y`u=!Xqa;bA6GJ5@j9z(V;fbN6lizmH(bYXK`@_EN_X+7vuf2Y_l^!fSmvt^c
z?(8YoFaH=?tH!{1K}YMgfB&|_C;a{0n`&v?p7TiYHTW}bTDIB0)EtpWY8*{4{P46i
zENRpc2MyZKo)=*lMY9K<-;P@E&*Zt;P5;N=fS=7(7TE9T&8}asrQ(|5{kU{1;>8F^
zxWW*OH31Ph&6AgA`~T11o5v)aK*XOm!>g5)#DrDTyAVhUj!Z3_XZq>;S<($7{&U6<
zbv}LZ;wK^n;hrW0{`TV$uK{W)4jF;Cof%kR+0q)^@%;J6RxrmP)NiJyFSHh~VtML!
zvDQxi@~uRv+6#tAOLoz5w-Ni(@2EUe*N&HJwop-bynd}joVKlZWOQ_O&|>W^*!cbP
z|9@L_L4Py>1ZHqm<UZ!?1r*r4nl&b65B%RBuH__I0>09V^IGh$UCDl3B~@sF;7WpL
z>Xr|UZZ4rVrN|uJzlbz317!BAGJN>sbO|$5>!~HcZ)ozN+cpb((0@HatOCoBn$&sM
zE~w)1uD2P(^W~uJ$9Eb*Z0kwoiaz>DZ3-+7A@(+R7;+~A+s&s?O}WKT*=*^K9k(db
zASb|jZ2wa=5!phX07nM}y(iKWrGa6JmQLRn()B+MkGbl%#>QgqH^G7hk<35cydRiX
zL)xNeqaEO`)!dMJ@RB3^&%;sGwdxq2IjBt)N;ydHTx=4x+c~*kyZ-ZY5gqV8b7lbQ
zskRrL93=kpd%<d0^K6`8WFWj!wS_9a<7IyQh>uTgolNS>egFH{oTYAgfwu?{Ewjef
z0&esDrQIAl|4TXIk<ISevnL+N8}T*ZWow(-hNCG3>W#=qbKe_Rt^}|d3Cz1gf_{;I
zA%LQ&#S0jrRP!u%A5e8b0YF}eqeqa?sJ>@u8QL>|8pdilzLjF8sfF49yhEuy4w}ip
zMWZ^tr5Q7tIgtE%K6>>DK0LXfno&VP!D#xzA=3Ot&A{`-NoOED`e^>(yrHpIu8^Pk
zP^`e+8f_937-)LWISke^inWm=^B$!ah+*h}IkKjvreG4!sE4}1Xa;jwm>LiS#|$4H
zM}>O-Z*hm-4M`oaxJdOZCs<xVVZF7r#jy1VfM}7iJr+7an5caZKKi+B7E`zYoR;_N
zJSg2t@O;gKeDfxF=B}IQ1--o&-l$FFs|R1ED@Z1_P%)gX0YyS`4tozA*z(3m(H`;t
ze&e^y@a0#)3Av3_O*Q8qmeu2gCaj5Mnvk1&`oxJ!f2jb-Z`u40NX{ot)N{vyq0t61
z*FZQaT#c{S5$LC+wBu(;^d2>2NX)t?-J^>TyYOCs8+oLNJd*=ES4^#7xFNhs{F%KB
zf^;p2@COBB84{)sfC7Op|HH1G5{KvE;U>>Ex@H5`9M79~(Z-3gZwpA_=EvWmmawAY
z1|83YHMgT}oFrVja3)(8LZs?-u*}&8p4g_%n<r2m9Y1cq$sekSfkByEJ3+0{k+KZE
z-}!|dtkC3AZUwy({FsNOTX_bQ*aQlqJ*{0!i{~b*&-^YymPY2G7Q?3Qc2aJoF??ac
zivX1y`P*g7#86klNazjHIC$e**#B?dFexPE5Iq`W7;b@v$1{hYHqBu4Y3g_TPEAZ+
zXYKm#rB$4sez45Ri--QBv2pztfzt+>y~{WKw!lSN`9eccZ{fo3tQs!)#@zE(I+G3z
z>M<%7R_N*Ke*5vGV>`k9ZcwU&HT|^i$H)844?pbfeRH<(pgkO^uh|J`4vJ)NPk1W&
zP}y)D1}?Ze)_J3b59cR9ArLGtOz#;P8z-bUJuz3M6XO}W?#?XvLU`5g%^|673K-%A
zX1eOy>XiltIeB?$_OQgsFYLDybKMPbp1}_^HmE1K-SUbVjNQd_xXO*c_{csvdDNrG
zS!3>;(!B^DsnL<!#-DF&B<FKaZpX!8jO-<SY(8XENo6c3pp-QJLcTJ)y#=rM*S2v7
z4v1?8n_`0zkt3wGdgsAfE}uSr+&5wf>PSZ648(^Ho$TJ$!o7+Wh%vYy9o8Pg?#Dyi
z4E7D$Y{+hJC3C3G(;t1Bxtf^RUih*NP7^x+wR0z!r!8C^%Iy=ni_v%F<W$vN)c&v+
zH`rP`d;2U@alEJ&nHFVa{Dula%LL)zkx~nDAc6^Do>zwjlQCDSV!ajZ5q_x;{{&=M
zZKt(1Fz6Ss7&x*8Icz~0!30~$)s2mCu{nkZleMN!ZRB$G9Y?^yW}14D6JGp7V0eif
z7NOnJ7G9}@Dv|<2O@U+ErnfPbBaPqq&aGQZ%F3!9Jnwt>vFV`WQhWMxCmi@rLZH}n
ztdNG2$+3n`No_<_`qpY2vccYd_^FKiecP=jQ)(MS$4X80&;k%CAs0ZL!~0ctcyx}O
zavVGdgpD!j3;`*U%)ZXfPjm#!rj<teWnZU6I`IgLxPQM5gobVkw1pFgJc}2MECSWn
zy4(ZZyYCn9Ny<BXm>OCW=Xl7HVzLhl=VJ#%$cr%VDJHo3J@5bB=Rl|GJ(h^ud7_Or
ztRo|$nY4$1a<LU6FK-o^0J_eb=_$K^zkdHd$oS*rOcSDW<W8zO2k&`9mz-67@a~;U
z@x5JmKX7ncgO~MYA0!bLWC>NtyrIIsPMylmBD(TmEsgQxA+NbcPqVO?VtbUzl_XtV
z-@!{-_ox7C8$o@G3`s*%Q&7o_$>5`dwKy{N;RBUA_mHbF<I|)T5E1#)3NkX#u3(*I
z#P04ocL|<W#3qd;g5Lx1$U(omS=;Yix@67B1FfEgZxedhpFgc@UOln3v%`Pta#L^N
z{#MANU1zF=(+G~QIy&n}BGr>1RWfq6-V!p!MvwFA>biDqAti!wm5hC@6rdFhhuHMy
z=4NmvGmZ?S5+fscNeP&M5!pGvj~<0DGSFno%1Pcp$iX=Sn%H9nsv<ts^KG5_bd-H1
z?%9<N?(Xf}atdP@m3tW1P`xvi_pGa0nk@l@C9T8#tzJr>=j`e_#noYw)#Tp-fa$Ab
z?Th-{t@Tg5S`Y$?hO}`<_&_d-!Fuol>VN)3l=KtVls_}@n)LJA$u41j5PB$#%<RW>
z@j4zK&y5`2I0et?zK2Q2l40CEG)DF}drz7a3zr`TkcImQW29&`T&U_KHheLdAUF*q
zZ=_$(1t8!eRWIGh)g#cLc_m<@p}Df+D>VTaZ|s_6Rl*e)QlKg!xoplO>*0kue%LUw
z)<E<`n!(qhUJV%{-KWok==F0_sGB_6`^n2Ezzt?sjD*BNc1=Cc%NyXE-sH609GltE
zQsSPL*Q%&?tE$$d@0&MN*^82r=GL_F7cFYCd;9t1JUXW*1E!Jmvu*gqq(=_S>gCHX
zL`Avc-^=pYHodEJWx9W6o<K<9n*)dAN38cnn2UcK9MVC;G^X?swHqBeTjKud(_{AC
z#*m<}umzad+I<%v8MZ&*%lmi?Nw%LmbfREWW_o(Wg$t9>ZgCCN)#IUGZ8yuh93S6*
zpbjnX+7&Avul>6eQncfa9djj-x>SAr>H|9m&0==;Rz^kn@gJJ%KJZbB-o5(+e8z<Z
zqk(5&vT~(5{>mfYRWINkd~*jt|A=CVp{a>UQQM2I9(wv$auX8)(v%^#wpG&>uqiKK
z|7PN1UK`o1E<e^&tN7*1iIXOs*cEY|Fo<$-uQqDj;f;R3hj@+;%G!<O_t1FL5jg&D
zJCH%i_x0<>^10;-%ZO|=HP!W)+CjOs+4P{cI&hMuc>0rCT*p{bQ+WNv{BYwnYk)-q
zwA#QzK%4Vl;sc&F`!jh1oU*!}`WV8@AlGJ;yYx~|iua%;_W5xMz5{adgULmY9u3pb
zIQ#qf;*pj`W8fbK;vwkT!V_ey|D?G1%`e&@BCBKI(um(qKU-#YY?bg%P7eP8UzWh@
zElqtD9XxeVtNSl}!tnFbkz6w%sDR?=#Ws1>>ULq<N#Xfv*{GUbU0nEzRdHGXbs*50
zvga-JURvapD=5Bk>K0y5#)I|JOSi&qn?~}eudi(Q42VPh!c`&M1E=dRTP8ni_gx0&
z2M(m+T;wwR5szx{>^-|}$Y4SNM^6uuM>`1r?AC48E+VM7NMz!lK<w++Pn|Z6Ki&dD
zWu%Rm$kX!?kmrDjrbnf5qNAcuV?>CVidetk23d_d(GV|v3cDYj8qf^321$vu^youW
zwh*4~xVP_V6e%2|Vm<IAW>3VJAwyFC$Z8^ZC@fS|{#0J>*xu%5|J)+42BVUVaBZvK
z&xXQJ@F{pd<Ej?Bj-J+UtmL<W4OwpiI2*O2sD#u}UZIZ1prN5*<1fGs`mNYIf{zbO
zw6eQq{FmY~0U=kKIA+YQ&(He%#4lt}kY2_g9hd%2oi1+XOvPqn%vlS%W#{KVRVwUB
zc<13&*9_{31mRSf+-%t9KJ|RD`KfyyH5Ei3mhE29W9`n<OPBU+B<SFCzvZoN_$#B7
z67&A@@|9n{9F(Tx#A70>k+-_7r5$?Qep>5;$;pe_L-4|b<+Ar$P|*weY+_UFRk@&c
zaX}EyGf0bF<xT@bq>AZHvoQNd^B{(fK3@cHuGrXR+S;P3m8Xs$m%AzZ2kM7Fsl073
z*lP%L^ADAwJX;1cK2L7N#C+ptsHv;NmPl)naLu81CAbOW=ToO>+Zp4(X#36)z;v+T
ztMh6K7G6qA%LqAm6~hvOmUApVPGxN$9V6dKw>qEG6Ar`8J%h$goH)2&zekGuBBG)O
zGFY{?{`~bT_r~Pxp}S_<Ae)lP0(h^Yl4SEziPB!U`E3g>F^pM5-2z7?W>OY;njF=$
zM-RAy^CaC^G05_}c|(_7S&=8p@!Y<4WE&a-j-AyOCkF?sWHFdzOW&ZtKX(8AELT^O
z7|l#<NPuCMq%u#?=WSlrp7Bz*B<mtW<dX()`!yfW`|GdL_0HL4F?&{sdoD9Gd-)Ew
zWJY~EA7cH64P&OB>UoQf=@m|pWi!9fSZD3AED!BGIp7{*kLt`Tj%;8kEi3cvxsu88
zleBFlLTFr+YBA|I*4*)N3*N*8jgTxXj?`*n6oN?4sKE2h>-+`VDI642l4$vEL`6MX
z*HH><6mOa&ooySpXIv5S6s{P(4lgKUQzlQ2T(ObF8xd|=>F|dUJQ;!730E-sSMok2
z5t>?1nbe8zLDQW`lz;>@q4x30LVuzBOfrnwGSq3kX}0Wr#_p%2WXOaG_c7UXa&q$N
zH)&rnd)-8mt%gaHZ)A#zYEo^wh*HCOx^yZuFqGX5A7UJ-%@BTWQxXi7@G`bAsWKXW
zY-Jq>t3)HsmD&dz600rL0c}G0`W|{dVIMYcOkaQPA(Gv?;mytW+mw5+mYhny?p!lf
zcl`Kk%(lIbU%mR3*h3o`3U!H=fCf7+wqnpSF71jH=a}+f3BfPYSf3?lYO21K2SuEx
zZ{l_Ov<$HIlqt86Q^f2EgTqOi)$sG@%itNpPnxg>1(pj8ETRniz_PPh^DGp`2!mYO
zHB#FJpu?*qQPJat@Tpa`p|#MOMc;o?+b6XR(w@SkbzNLr=*Egu+?NjTOCLX4W}%y#
z)>P+aT3OKMb-r}m3BJC*ypgFx%(y`M`ua#fAV}BzxpZa4M*Nu$9$a8=Uk&FM*i*S9
zo8;M4eWl}r8&6c-aqd?M(<{DpS~tZlr{+s8yOK-Ixk30(c6XroWM>%}uUsh@6BFp2
zU0iO@$fpzrGmW@>`8tp|)Q`eu^S_5Lr$?cnGdE|^!8PVKy1GwO>-H-xrv02N8?0xu
z$5Zm{XVF%PkUpYR={^Got}!wa66SNwRc2-%5Pl9l!Fbu$+}z{IZbksSVJcS|rxS#P
z=xD2=PQ4ByJaYL~vKOzZ=0<^Oq_6KWzP4!d;X1vjA)3MGgM(WuXS0Lh^71RNZvv-n
z!JYJNUfvlJHI+IMWYD0Z++23a-op7+$!yl>NpeRi6)?`gq;MVNCzwZ{G&T&*;r>#6
zkejguWZCN*n_Zo{>`>nuhF_F5E%>)Z5)_M~#jx0T4blqo^NR<~U?$tYzaO_Sdd(fZ
zf3!Wi7ytZmdF@VJHzUvt?~ZR!9=IG?@+FhVX>5Bm7ldNCqsi~pb_PXFNpS~OJAOQy
z0}0^};>%Q^Ql$m67R;N+kZBle0B{pP&qjqw(@|J>ZhFwG<9^s>VQ72ytTWGz=4IyY
zU)di%q=a{MCRj3Q*ov79R)`EXer~&p=b!4lzZNXO!kiVrS5w$>2tGD(E~AY3^UG=R
z;JB^tb%pX$!0xy8$oe~sb3`0#b=S~yI4Ip6WTi(BJ6l`x7jg^2^sy8}qPxl3`iW9I
zvk@+TLHpB;42xmj@M#Xs`^eV_O{`#4(V%A^%gW$@d}l^QkeYxQI>-@q$Dpos6y<bg
z!n|$s=C(55*&1oIm>j^~am^tT5^__d4n)!lOLp%*SvJ6<{`fy<NK~Q4qr?D=cg~B}
zi=49FH!P>}=QxlW1bt7G)>~Rq4`-|$E2aFH(oIE$obWVuqJRv5D53AJs<@pW#+r)P
z$Qp4f0t2N10Z%D4EuIZy6wI1{!#vkMDWbw5@xX!kpbNlWq_v0jTAhl-Td$jse%QtX
z{}%S|lhmd&1vQ<nw=UO!&rinU2T=?kB$%O~1i65RM!NB-r)<twh^StABI6S^>p^A_
zUaV3Q#12DG2onMbkWo>B<KV`P8hTdyrB^4r>;!HBpV!r;-Jy%+W1E_`5uT_nwVdyD
z4ghlm69RJ_j5ixZY#QU|A+tYZW=4g(6hC?Lm%jd1(6<$1f07d%G>dX_b}%!h!so3p
zT~3_blBw|@7XbfX3ekzU1#x;fwon!u>ihIum0j2Uz=f_o22cg2KYpybCUj{xQEkbT
zP9nLX*weCMXFJ&zpa~qlsn~}L1bFeYp@HVdChM%lx^)kmQ!TUjys(d%6j2T@9eIlX
zF2JgrHqmWnG=I872LkP$_CYv>D_6pc0B<mw{fWm|P(~2q^k=R9d=-U1JRVzHDW6@3
z$xe)Z&qGzlKse8OFM%?tYcj$D7&CY1hb$h6&z<{-yiN5L^xNLjvJA*fYvxR7bDv8~
zU%fKy8@fmcRC;VQ^!9#6L1?_iaeviz(Ou7%k|OhLS4K?)Vhp2rLmcCqh_jR`op7`p
znEv~?oRs(pU8GFajb}&z)Mtnq_@;UB#@&Z5F%@{C6DRr_e@1Qn%2v%wAJ$a*o_CZ(
zc#VZj&)O@jU4zI8YJ)4A<))_k`srBn@=%z51HeF0O=3Aoo(EqRpYfh^{e|$K2j}?X
zI(^_A)k;EA5@<9a)|7#ziHiSzA<?#Kfrv_Z+muz5C&bgrii)Q%+YP4W!I`w&F>e3C
zgY1_%bNY0{d<(2OX5jbMHprJ{EgUG+A$%_yjY%MRjMQjJ_~d*c#5e$K=&vN%Mp=cw
z-^1EO<wP-we&Id#BXInGuduU=0(H{q@XW)egVTTn<U{ReW@S_nwYT=WOH7J1d2pOo
zHVB&ldXt+|AMTtkDtsVhLL(wGXZK1}6q4?c%&!{v4jnxzQ2(HuvDw7KBNf&g(h<h`
ztd%KDUZ=tA79q!i1qaJcKTPogL!@8-r;Guh;9sa)7!|{8&+C)0n39DH2JZ8)`$I8!
zv3n?iiBe!A>nG~>(IF7Ay}{JV>Jy3j&#dGyVx~xXABRD+vyi-o%)hkU^<r<~Dgk`)
z{CH8@=6_T(f%-py2`!eja&iy@$B^&2K9ut<yIne)@%$WfCJr9_frI>}J^ad*1Q-o%
zFM4s(aWo-kpkLjMzo~nB>m8QW+lh|N4+2F2zC@$S({EOJIY;XMdM_gLbs@JU=7zu8
zvp%MtTZJy~J5Ll*G*zsGgal(AB36iEYKtA?^OrXDpn+U>44^<18qMi<xJ&-ia%eHB
z`|J6dXj}O>pky_jNL!qmSXZ;=aZzEGl5Ty4tS3s%o)?jW5fb5C@Rm*<e_Zz>%5Shx
z1OSwZG&PN9L&i-8)u8Whtou;M0Qkz4-&2DA>?CHP4d3?h@!@-27;g-OxwdFgRYgU`
z*RSi^*;636W+tC526;h|<_sB~wB^>;!g7x2qOF_9jJd*-@%JAS4m8htmL{yP^O9`D
zoD}B=bQWp$S5%C?awQ`(BoYD2$E||Z(a$-n+=j6C;^3pd=Fe|*8angA&G<WaXi7B{
zeahChyH$d<bRLfGUruwhj5jxkW;Z<Ck}90A>u(BY$&oQ6zl}Pi!$w4xcTI2$`5VFA
zG0P;lFDdP9RkgLVta`k?t^n8wmz2hd>VYWFm$43B5`G5sSjF$hDEWQ>d%^{T^9Q^K
zBW7yO<O2`PF+LQ=LcyEK@}EFZdE-l#F0D(pmyl;75o!lk#J5D_$F0=tx#wHS9LlW0
zR&Q(=3WEkAg?s(s@V73Rjm+JM4<L}_v8)L2QCMG%({8-{UI3Z~uqUB|3SU(QX%T<3
zl||pgX7U{XTXtSv?dt&qaLNT_D5?Zvs`(dz>WfydPJI76_w8HqQ<pAXNKy1IL=gv9
z1JT?e(vVzuogL4Y4IydJ^B)a_*vF6O5!|`It)B+H;5~!%Aq5BNwW`TVE!~Pr`dzH$
z!N^EqmqCL497Dq<<o--=DW;f@pQD0$`Dw~LLYwwm+}5ZOe^H=vTe-6z`{L`z0t!7;
zCjiim#x5o!CQJYZ8$4*xbIW_!wL*}*vAwLPzdhh&uwFz?<-IM}qP}=9D0=F(Ao(=L
z2rYe?ncRg6qZxc3<qmg~EV9#b7*U(!$-`5$dHi`9#{X06m(z^*IygmLUCW{3I9Kz|
zG|9XA<fh4gFDES1@8C=s8d`#_GbA?QML{AZrBR$(IEMKE8XCuARF&bcY>CjHzkFe+
zt>y2ZnUO)*r9gEdL8B$0$SZnkq5E5Xg0`5P1_r%@DOOE~3Q}A6eF1@iy*@z(g2_kQ
z(uV4zP0wpo;VstW3RVndr!^Eb0=Sgs7nqb|DYdg|6=!vVg@a}*50xL!)bgYATnXQ4
zrjA7EVS-&C<!XF9ap?q#wWi(LH&$~P5L5CiXdrlzEvTYR&CCSHrW*YHzTBbvz+r$&
zuco{lukSmoeZi`U?|R3s!#n{n9;VY6P7*zszwMcIOo&sear8<sDOh-N=Y6>8u5oJ-
zlAStng4XrXEU}^+nIArw(Ilj$T~6s&nsLK#JTU!v^$wSr2&V>nH@8-*C)_AN$)S?q
z=oCrLZc4N2!axe9GxnZoW%XM3w`KQ)WI(rOXy`;pHp2f(Z$XrNe_7ey1E(HsDqT-4
zK^hUt@1H-lSfv53#6~uR52Oi9n!r3X7gnNS;VPiNc$SeN@6qEuOT7*I$*o2@1kB<)
zXhvRC)LecfJ6Hu)RMAzldzQhuqm-2`V7gHRlV$iKnHoi(;PNv&d7Ygt4a$Dz3^j=(
z{ofDc?)$fYdfJEXlCq6v1bCJ{!_r`$c@mO(hGq{M-&Ecx=l`QII&|a+oUQJz-F~Qe
zV0at-7s6NnWJ{1TtWbQe&Bjx&?$f8!pmthBNtHr(3M~qwaUd01u;FVRGNTJ_4wkG+
z16grtSv%>2jIweVMJWHXILXNuUDercbvEUs71q(8AU|>@?%c6y{ILD+v;GFOH=g-q
zLDH*?jLeydW^J4$q2Y^&pu<jnZ?+L&<{my=^n{8b<h-fs>iZw=9FmipTWx#Uj2Ow-
zhm}bLG6F+v+of__NXgtT(hN_Drz4o>3sORd%H`0Nh+8`netr7##T^Kjf;)6;O_$Cd
z%H<p@=b1u%8-0w2DjCLHxA+bdhkfZ~(`Q**THeA6wc5r$b!$@5BsnRX9sDf-DJLXl
z=j0HyIr^)aD;}Ol1#^}GeQ2mTK92(+F)>QL92qGmElm%9JUF=K(<iS-rI2A`MI53|
zd%y9yc%Q^wKJ+jz26$(ar1^O)IGUKg250{Cbf+KXOD5b<S5xCQS<m`(zX|+`2{X}7
zyldA!hdEjfz$dU0u$L(xK%hG)4W4r3&>`Ww_7!$Lkk5maWL<C5cJsHQ3)T%Bbt*&4
z^?J-SYqB6y6ml;omkT>j5;g8O;R{>ORmg8Y#&hV?=LD$4t<7gF9|kL}UyxWYFDCLR
zrjipp2x)}AxAkQ<!UZJ^G4yqCO`#a2#@B?L%zPH`PRaMq?c24Dd8r=MsMwK@$8{=t
zsVVRkwG1<ugoJ?1C|flJ$Cou!r2`cdNFYt6k0huaI1Nq4<(~a>>3$O7C@c92!ye|7
z*487!7udb!+S0l(7p=Bf5FZ68hw-wV`a`{?OM5FbcY0_K*}jL4F8|Z@E<li1HYMR%
zF>VIPFb|tgEhRp8$&%+ZwL7V00*j(d;FE0CSPLla|Mqs2NkX05o2x4&!#KZFLdL78
zpnsXHre<~9y#H$6MUs`K)`Uj;8Q0`ozpk~|;?0o6ZdhZ4Px@l#*;9D1Sp)2~Jg{G=
z?dIfib`UdEk!mPe4IBNTUUZJX_@J}iPdqk%&Hdfer#@xv9oo-$)Kg?tw=<%OiL7{|
z{{ntlZfM9B`9e?LBdaKmNF%T{!bZ#U!QDNrn!OG(HLE&hB{7~lR~qbf!@70*9+gV#
z2)1@t-o=N8A~aNO{!4z)+w1pI|Cqd2XV^E)i?W-{<>)%!(sG!c$B`pFbSfw)q{J-|
znM#H+&_P=5Ge11GZeP>8H@NcTY)*EJS7}QAXVT6TI&Z%H!lU@xR4cCvi#6-#;Ifwe
z$*U(hmaV0aitS|yhS4M3bK0dv0pBPZw~SV$>6Q#5NAKY3KdP2wGV38Wbog*#3#_Cv
z*Qjygv<+(LQFFN!0+P$|7}(9eDDfx76ZbqhcAM(ib6Tzg4nC@^s(Sn84YfPfEY2M0
zPA;YV__O~3UGgE}^m}`c9X(pIcklG;<*r?(Iyx~g%$m_RcHwvG;e26)x^shP^{qbq
zp&?#8j4?6`=g#$viP@Tzv@zCoDy-~2IxL5Fr2qoogpCPGz^MiTD>zoRar0)Jp3}dM
zDBe~u<IK!py;0JV8Uq-LONP;9<<-Qz+?3jS*Jb8=pQ8h(`TT6EB<Rd=F>ro+Y04wb
zJ6#+PE{?FPX~=c&#$3~N#aLnF2dR_ONb2zQ_C^FdwNWNu@gBl05F<yF0-I1&j<7vU
zKk?46$pM0yALyvhOQd;Eii+F-Y>H+|sp@u>kPyP|-EHB}EA8-6t)p@wl3!jNa55lZ
z7k2^QJ2s-<;s0|tXx#~^;eZ;PIh;gseM*R!dg$l9*o|-NG$Gqe*d(1a@L)W8oxaK!
zX|V8V9U{%36NR;%HeM$>w!{ue<!EP~#f=*`AVv50e1L6oqI3PwDRNc2YFXPX7qED<
zVbAaN_3^iF-@Hv}cWc(Cn@$YAC>%gDeZn_untV9gylq?7Z3C_C*EM-aO{Z)Q^iTJi
zp|zM&IfgnAGSi9U$5X3ao>Wtu=;;aD7PuAwXbc>d>gfs7A>T!v&7WFrXa6Z65Y4|b
zYOW0%<gvT$At5F{o_djRO*2a?3Cy61&|!W!Ua7-Jj^vvLBGO}?FmTGzBGbo5ijCS@
z{RN!3^J)eTIy#+xSn#1ym!ChcbUQ6EJbakWp`X4g`*n5!q9JF#J@shE=A{8Tx{wl{
zJ?kEH;fy+=?X<DGfZl{}=*w~+uJe1h^yrHhG2wl<+lVX8az}+!w>s(vHHB+MaT$z7
zzOYW7AlQ`i&@EH(R?Ui~!79~DP|&R3q^7Exn%40Bqs<E`6(1pzP+A|~1fKHx;@>q2
z$lsjkDrq~Ra)5L*%$%_42RI5TkW|6cA6f}gzy^5g6DB~4oBMJ^FY(#f72@+jB}Oj<
zUFRi981RU~&OuX)eZSN{lFG2$8Lf~!ef(!v;HFw_8}LWD2W{aWEFtzsM*|tmY*OvC
zcPsLJAbL_Ar4Cj^;Af_Z4&7WE(PmLf!xN%ng=@eN7d#AbjEzx!cie8`^5Rg=+7VU{
z39HMHY(9LrFQFAtQ2D1%$XJ-|P|XtbZhq0G73|zOc8r7(<4d3fs#?E!LIAJHkL^70
zWtMklF->B4SXe9~Ml^Y9YHFmHVyaD0V-SHa*2?idw+oluzW3|*j{R+}1~fV`#`^#=
z_`__;Npr3FbIRs&j#t89S{Es!LE|gp`ANLRbsxSudP1|KV`CCXqNRI>dM&W*E?oHD
zFJNC7=VToK9*6@Z4Qc_z%_|ozI>N2_;eOi3=LM6(yc=dOE9{fgn36K&P7IH&n!BQD
zi(glB=~6ePK>FFnmwk3DQCL;|;qANpeAN)Dkk8iVEr39nuhZuPicqYB|MMm1ouz}I
zX@VfqO;QpzDE~dLasYkcH2eHe+QsqZ)6uNc9%}}_kb3&;*<^Kfr0i6-$&Q>CH8wi-
ziLhQl(+$1I@APR#Gq|=<TGCa-4x<p6IMFpdZw@QuWTmB#`}>o<*Wd370I_zD@wS4=
zuD78bSr)yZj(uNLifXUW;EQ+bl4Z-6uTFH>Ks!?x;82-`<-qa!6!#XIw!6a%D=i$m
zlyB@LYB&ZmIe743?pC=J%QJR@B;eM<bgMc|9QYA}3clz2uhsU_Hv9NXmQiRcbs4@=
zg=UMw^dXe-3A0rKS_8KpeKB^A=)gX9G8-EgP^Q55XnXOw9Xmb>tET3rO|;9+aHb3}
zcfX{U()QiXy19q^Spiis*NMnsSFa=B0N6Nt4?i(YrJ!cSL}oyh1GfXkaEbMV&SU))
zpdkQwA3uJafBO3$lvcnMoBW2@v~IA3s4y-*p3VvSqx9j&++rKf!P<SO2kyX(qY)Jb
z!^Q_X%L`OphldD~p^l_19P`W0x(5h{GAl!XhcShWvoGLVil?C!_Y8}QO4?kcDek$~
zZP;%VAxfi4VV=><YQnh(WFafitB|%RV#W5W$Vq;4-VK47j0~+3Tc-gE3eQI5qqPPQ
zqNuCB)gZ2M_g-g_!%(=GDFzk$%v9F!%gLzpA@m2-7X<thK0dv4Y;z-*QPVkY-+uDM
zi4C$Krqq^Di%x=1e9axhvvd@r0pVWe?`{@JX)~eYf-`KVY@o>$hG}o#evvzzUIu<5
z+;8L)b3mJXe<*r{e(3M9w}Mozp(rq|aXI2&P|~&rLlqWftKdUHn7F_DH+YX{|Lc-r
z3>fYvCQj~Q$kYZ{fywhmbiTT}iv!g*(3sKO5LgxObmI|}2)z%eoqfWCF$R~x4jg0>
z7`^a*K{=YNT{;gC7`8fFCk_?`?*(QJm7sQ@fM*9QDT8l)kX>|SB;=n@cSlDd)MfA?
z%=8K2ds==mvV#bPy?@iDJW)eThxK1F433#fAyANCeb+;Zm;L&6;AHECgCnMi9-Ot{
z^YDol(BXo20|FS~#x-%`Y_wM%9v(cuf1ocOH1>xftt%Br{gx;(WQXT!0|Nx}Y>tBh
zL-kLle4un2yO8@YH<|xOB5oKy)^9arG9x36b&tsz^M`n`g9OsX*P5CoVfp}016Fab
z*Q`0x?8|(I1u$n{c2ad<S>EJ;qvNxB4Hld5AKQEOXNYlx6_D!8=g&cy*N`cL^%h9B
zA|Sxq@{o^DF;*mt7axT?$jShWDi}+f>o|+fVs3(~8S9lAVQ?sY$x#X{x$_Shy`-Dp
z!v50I=3CsG8?PbO;qn3kuxEn3rIQ#?2<+ImZ=rv~p#up<_b)sk6O-WPeP={cb7Z<d
z;g(dszJ&gW#uQudb?!E5+W*npHHMtZ;J9&iG2-Ox@-L*6c1Aq~!vyb!bA3Y=kEHqG
z7z%U^CM_HrP%uhKx1brKl=Gm+5HkytU7h&Ut-+b1u6Ca~zAlgU`nFbA1l@FxfcBIN
zP!Sk33V|&1+$3NQM23{cYvMQd*LjMjoP)zR2rqTt!~P;u-GvL&o;*QEwf3GfPJ4|`
znw|UnOE30l54(7gmB~B4l?cYeV9h&vU(Ttd0^)XNJ$tqtuj5!t2_0KfIuw^PCr^Go
zwOdSXI50m=v0&E3M_J4GH6=%WE4N5^yXKO#y^C~p5n~8T$e}lAq|xvRS(G19ZhH51
zWdlE*)vm<_1;%D(vvIp5r}KR;kSwit9=%qq;s6M3KS?j1Gp%-Te5<guVXA$_jc9Sn
ze}xO;)5SecoIAH0{tpN*H57LXQp(j!m!9C(@W9-`RTxJ*Y}@wg?OQezI=B2n*W=i`
zTq-qtI0AYYJ4AbQY<Z0UZX|-XXB#~{COztS+@2u}SC7pnyv)FKghGKs;=V^d1Im^g
zQJ)fzx=ZWiaDrr<#iIjcB^a&K$BuoLn=4~SYj+im)`!P`2K`IJ_hhjQkAsf8?YE0x
z|GnBqSn`2mtzUmRFmQG6&GH_~hZbJ?^XnIQ2VM?nVcX$$Li&N9^5i_{)uY=v^Q;ax
z)6^Rv^q6^7;+GwF^Cs)EyQZ@**YEuJwNxNNU(zuGmE5l)ntcP0AvgilaloMrEQn~d
zq-qL1UC-b|q^sMo<v?q%f3zDOX3LpZa3T1*I3|J-Fcm)cm(rr)m(P6|aWt&EVbHM4
zl9H*AK`$E}AqU(^Z<0)v&VBdJyA|}*5j>#U)Pc7WokRr$)9a_rp3Wi?Oi4QeydU)s
zWHouhd&G*1i;3?<8}>7304u^I+>(2oa||3yUqH{1=HgIQRpmd<xbL7rZX|UYm8M@x
zVsban#;ZhuE71Cb=29Vy9y_+tZB^&)JnSLD63t(H9fDLtT(iPN%)BHfE>5aPk13NT
z^%*dr_L2$YDNOLjYHI!=x(j|%3RIxy;mp(1Ga55}H&HaVU;4ZL$`okj5SOKI#>G{?
zKPs-svD21RhK2I$JH+%<56ChD*>A!L1RHO(;i<X&)M?}xb55yC*v)D^-T;5}pIm>0
z_CJfSi^&CQUNs45BYr`NgEM$P!$$OP<TMW@c97-?c#w`4EnbY$hZ#Gzqij!^xFerZ
zk)jGu&8?hwl1rWqcwNcm86uat5%E#Pp@>PI0}J1EOypIEXv~;F5ktTvP-Njs1kHt%
zpsATSv4^3TK6M~N9p;4a&I_(@ty#2U>>I}DxVBN@%$Z{Wj~;j+zgk_6wpTHT-|M(x
zB3?M_?hlwD%&*dwdJUd+?_lr4QAF5DQvzUunbo>%t++Amy2Q@a{s5yLAG@i}?bJ(A
zmwyx|sUGH=H)A+d!&lB_qpoL}VIN7a`%6JM#?P4H3Z&zfVn>xe5+sc81+0g{n>K+C
zTHuik8x}sz(Wxx0C%$MyPe|*~Kdx7m12rltRyaIQVaocW$;od1rg+;M;|hw##(DQ0
zC#}=lc9$hKnKsCF-~Uj{W8tMUetz^;s<Li_HvXGuDte#+fap;aZ)XTkHy!BfEriTo
zUZ%tLw6(jhF?R2%UkDk1Xo{!h3?zsgJT69IlG9RM-AEH7+ORTrAt$w-R8`^4fweoh
zxQ}{xjHUyh9(S8pRW5bO703DsWSI?8y$<3n<4o`Vvi6T5s`(C8NrN{rh(FK!0QVgO
zNO|ExC*O2m9usX;Yp}vnZZP>CFTuCzMJe26%6x_wT2<adsB(ae+yds`;Yx$!{&X53
z3Nx!o=H`}skEVEMdd7_nm|_Exkz-@rbM(KGp@!~2V|>)HW5&oUC@}YW#T!H(0arEU
z$H%{&oqtiwVX&FsRCWf;z6g9%#-*#6IUbsiV@;scEW89LCDc%6W+}e66!iZMQQA)2
zu@t^Sh!C_dpX5p^DvUU?t5+*XOK-*f7sz+-s=HV^3R6wDdDb0Jd(OVDJutJ+Z!%_4
z&M+^kSlGXSgM2&KN+xj9$nK6OAUKgdW&8CTCN0TfA&h7R{mm>XIC#)rZE3cRO`8UF
z`N2DQF;C7Jj^SW2Q=*Z~pUY^p+#q_;6B=#`y!5H+*iW&+kb5!?OY-<A<DH2t#J$SM
z+gCw-Ap{~*)8dSb9UBgyo*E+hd)}NCW9U>|y9edK?;JC7q_}JU9fzD};70ba)7cNh
zDC^9}M`y;NTEGg+cEbkr9gr^(ZJ2+UrP}%K@JF8)b2D~iT}6)se1md{+Xl3Y9m_qZ
zIwdUCe65N!s$3sf&Z0Ijx@mQo6w7dzOmwULOlG(0h80`=8S7l{n)G`Y#t}4KM2dkQ
z_p9hgPU^^7qTalJJ+PA9zXd5nd0`4IHVL=3E;lh8)EDrXFASJ7x`rAVkP+fP*+eTT
z9gIbA-wHlpkuwi(gRFvr>Ff;!KnHW<eDSvg7H$kR210S*CS(9iov|hG%BJixnr4lZ
zXV|cQoX%JGDVPqm1w|e91C(HSI^Tzn4-R6yU16huj0}B;y?;bN0E(e`bcJ;3N`jm1
zx><jXJQWMgbS?M`35^4eN`g4g7ev6K+H5?HX(K|R1qV|zFM|(qEUtiF%gA^=VaAM}
zl4@<TB~AY2r6I+ouBrR97(S45&-~7Q^Ttnm$UV2_+t9QbU@-)g3<Do2K2^GX<a_wj
zybq$b5%WYQw*U)Z%6)WDWEpwja>}&4YSFu7*?V86u-F42yYFFypCgg6KuW5OxRhh?
z;0cHZ1J0wzjs>VI^g1|KlHw1-ZWumo!Z+j5egg-|VZ+L(A3p!GXBZ06mo<nmRD|kY
zUf!5qAYH!kG&5=1&JL|r-@Hb!cWN4r5}m})UwXTuO`v>A>(JAncqnkD<?+g9n2~T#
zuym6Q`}NCt{gHoBX5-hr{K;XDS2uuRbXA5WoNoVM?75N>^Ty}5qx=VqU+pFB(pW7&
z1=0`Wz0>~h;)|5O-Mq3gYL&8=((FB1_B@sU;N%AL8sX5QuTfxvoe_Q4`R@an0roaj
z2$ITXW@dTwA@UU485aL|kZ1L9+}gX+{9?TwGxruQ?J8?jb2TjNL9_`oLGTkzw^IGi
z{{+2IUshH+s`Ohv`gD2udc|JT7)klmbEM}=qWHM!lLS3~O^i9ZB}UG0a4H=%s~mzk
zhjcAWhirVeY}&*h1h&1bKf1#}n#!GPxPO0a^t&h60tqF44~d!j^uyeF>T(cB4%4k!
zaAC1yl7)ca`zVMsDy?(o%$aCQV;0R~k13;|;6n55Ltra?NI*t4Atx_yF&+S=NN+B!
zY{DR~Y|1n4(QNlNz!{wSAKRyQUti08mew&^;v>{iuU~((&IoZ7j;cUBhw+)HnuW;U
zVdqZhd*rkkfloEHw5Xx#vksy;PhbELQK{?&`v>dNSo(8ZLb=QGzUjAo+&*gsINF@F
zoW)#to+SK|AocH@xO<-p-t30>k<|h*vA^;PR=sH&1rBO5cqMH1_L8RI=Jqp=bapSz
z7VF5v*@qE{HU?dJXHstoTgNd<Nd=<S$WtH#Pn4E|JU}_VKMauH=T7RY$_5lHu@Nk%
zY+^;{)}tf=H||GLBZYHb>&@G@OrwW+0c|c?)I-Ua4M?SO#8_Wx&gVLl#rshrF1)n;
zs7;Mg$%x`-&%Bcd`KIUCsx>-#WfNoj=wKD<Ti3qyD>qvie)%MBUn=BhTxb7*d?0B7
z;_|~7d9RzeR^k|N2vzsjiVA>N)djPrK<RP^&_Lc)>tCqKpVE;;`gL<ExOr&%gxVSV
z{1{64X`K{zEVE8hBw)aIHnua2eqG+FdHp=pHbn*Hzh->;GVQN0{g}GV8hSVV=$Mz)
zXl^dl5chob=Crf`vxAtuqZf(&u$^>6kiaOqdgJ7p7sFj=<>ztOAWJ8nurd5$aqPjK
zgAR##z5ERx9N|F2HST-3i(QLjmyQ@<aw;U`<)4_au)TT_J1VF30HgnN^K6BK3*8*3
zNZO>f8!2r%k`^WwS&kFp3#ftvdLw^Y_4-?VJ$u`?AKh{%PQ*It2{Ia{{irZ}-b!;1
z6eB+1hO6j5yD~D5t&@D)>wBI8Gh>!gk@D`Sd`8y6vfqeMNutsF73Y()%hGT*M`QT@
zFV3LTil?aUF*F+>Fx!XIza*OZ)Kh9uw?~h!>E)%R6m%XohVZb$Rr9Xx+@K{zEAx4_
z1Mnx0evyH}6jjyZmaq2r{JX}CTJ4|NtL3K0W0&Wx+>!5h=FElmtA!!y_wz@dnQM4w
zBEJNS7K+;8eeIqX98(DLUqW7>r$xm!IiT>>@Wqj3y~oVJb<i=h<#w~5&!bZOPk2GU
zreq}w1fM%MVeQ=*Rz@kEDg}F&-m6U;jEO{%ikYkGV4qRPGq03b2ML9JTAHU1?1|Kg
z6WP4S&rg49@wS#ysmFkE=E<k65*bdN(6tga(oacG=|Uwjyl*$<;bX=eHhKJ`zP^uS
z7ph+$|C4~pJP{@!HP@}h3~)uP66vl#k#~K4DhqXiF&oU9Wb<f@kUvsmX{50|uuF45
zyq%9;gr()g_Yg73v{_Ys6^<QfZ7NwFw5@s?OGXE|DKoQqUd+NzjlAm`ioK$qqir{y
z7`;tn?Sgpus=0h+wf%b$qo|_ZZ`zxgugk4uURnEdWs-B_yKc=-w;pADYVx(B<gVKU
zhJsui|Bp#4GE2AKb^LP603xV~cisFCG9^03#&m1Xg>@itcVY$$TNnTOi(^ZPwg30w
zUXqg9l3b<1t`(m@?_>)$daUv&IjI8}qv=FOh_5-Rdy%P_<+S@ly(lNRM$qAmW|-_!
zgANKv&sR`=`){GCn4TUhrFC=6s8JD=o1|fq@}z<7Ek9n;$O4pGst3VT{4uQ^<r$^j
zj6dV(ifG?d2U7{k4j6E=Z6TdALt$cPUuo$Wm<_Z;{rX{>_OSa@)03s_n<@io!=@m>
zy;52S1&yFk{PwNHx`&ou@AQ68TUR)A@BUT~G$z%ftg;f{1S7z?{CqUWhv%&WcH*wl
zTcR9FQ$nVkaes(F^4Y(?Yx?VYR2IPX)ip35J{l!~f-5wCPr82HC!V$PMkr>ris`F=
z`YNt^(7jtXQvKE}cOaU4*+|X?;Iz>wUoWr6Y(2Q^f1hJC(CVpTG?@I0N#CiNqJK}R
zO5>dq3>!Ty`mLVq#Im!@de>Eq9M%`4X>RXZb<E0lFpKTew_l<lGx;K?BYE&q4b|}j
z^O(HtMhQQOzcE_|2i+L_{yqexD)j-hIKE%X%HF5Ar%=dLohjI1S+pl<&lLNMBm94X
zJ6E@UzG=M5<l6I?sFlS#8}2(@j4IL})H=J1`H<AIdUR1=>&9tv>uDH1mz2Z+)DY`4
zGBYK*bfGXwd-~LtUM(vIP9kzjbcsFb_+Yp|Lg2Q-=CK^qgtV!i8_6SNZs4enGC!7S
z45F1ijQq$If&n{!1>R-iwt0dVEgc19p>ACs!de8mjD>U#c(Sc!N1<NQ+!AX8*jBqh
zSAfN!1>rGJn3vZG_|48$5HbJXQO=}gfPT0Xl&@eg1mr;@VA;D-h|tZl)-n+$8b}cw
zvFJrFhIm1wcV@1L`faM3nt4AnPQ<tKQgt!cC<Bo~ygWOJkxVHz=*-@rO;o)euxD0?
zkKPb}12GrvkQY*2Q>F6|(7^`hLqc9+1%MR;cOIGIFy@|&-DlGeLU6+2XcNhb;sq`5
z^=sEY%eC{Dn8Wa*c;@@)zW;SlI&G;O-!EVicV982wdMD%h=?z=U?h6M>z=$wl7pcP
zYNO(y8LTBRGGS|S@49pntGf22&AFnoa$8|n|A!0-w`ECGO+Y?>oa*Jw8Om<(XkMD>
z&g?m4^ORtVwmQz1p?y{RE&3;)UcdP$ciMI!;Yw-WI@1*V3_<Dcw-7u?22lNGxVVc!
z@-5kR-eNIsS@5FhsTfqgeys@$7kTWD0)7)85h!6@)$YEMUPL?>SJyl54}p3bevwbx
zJZ6C;MLD8wxcNfhX6%`jH4g6K5gvF|g||Y`;zJn)1@d-m*X5|-7JrdO6?Y||aK8UB
z<e>A*lXe{_=)Ko}iN%pn=-*JT;doJE-U*7E%EDY))Q+85KRGCaf(Lgfhw8q5y-MI3
zI+Sh&@6J?3tyrk5e89lKL^#hpZu@0998>Uun{8b`os{yQQgGt`98^JmW66XXnc~6s
zGz)ZW`LA3bxXxmdYt>Tc^qir~T0QfKhzrB=XFdu(u(!RvXr?H%iSa*j%5k%24^Dc|
zUIrb?u;wM{+p4Vx>+0!Ueq{@Hh3}iAl5f6(6@5s@it7$a(~dsW93QK+s2c7D-Gz_S
zbFyH3(lqgb+Yc|9`%<Z{qT<k|1(4j=lntyB0}@bczIK4a#=amo&MClCupYbSE-b&I
zroe>JlFVD(Dx8w689QRag5WU`l8^)_9^7_+Ppjae?fvBChYNy8UD=9pF>$R(R#hAA
z<5SKW_M_ko)nz7j8#X|~2mW`gA*$gJMKEsvy=1SM;Moc5;q7LRf#wpjR-y(?ra_!}
z@NG7At%9A9o>Xqc9G#AhK@a0WA4`4c=6S?knmVy4qy5H)hW_WzzfkP)Y$Gs)QT<_y
z7qP+$=MK%D(Tu5@r;XP*s^!eZSxHB7po@1;x$-?8HTUH|zd)~1P!Q1c>(eJIds7J_
z`S890p0P6&j^E>qJI)P5I!inTP1QJm4v+?tllHY9qF;aUe==|D{c)F{#6G-{aj?jn
zxSOFA)%l%uPrUaO%7{`F@1}MtiC{`bfi6Kp>Dm<rxn&R2J7u-CFaBWvF1StHzkgnL
zIFqqcmcf=bHikIgMBhAn>l&6G+wRH6Mn(eNLR*7kVPWuvvl{bq+_TesRCCpsu}Ay^
z{v^7%`hxQMe{@}GcxnUY;$OThOBY7u;BlD0*=H!2AL9bP+pXt91oSX#tRcAH{P~v`
zRf>tU{ZR*Q3pm3%s3OEhbP*XDS0>(4u%##^h>qkh+i!kYtPc!JB!!QJ+63q6E$?qH
zLH-1tB+G+~--<^riCHAB0)|;}nce{FERc1ak*S^V!JZT`)XD}+ypRyzmDi$o>M>|Z
zuRMZ)tI{D6n15<we>kq1iEU7kSNfk!Kl7rqBHZEX+eW7QVl$i(%Na$jjSlj+EPclr
z-28E{y%Q0b3}Eexy(I4uRTck%e+D<2a|l)F8CiM6PqvpYc9fG!14H1K1)OT?HHXn=
zg{M*`p9XfQS(4)>P74hjf1SufjTSvc1Cq@df8+bR3S>kA_e$hojJy$Nb|T>D(W7mN
z0Csk3Iym~DtEvVL9{e(PoZ95c48XiWQ;<&+lliCcxpqpYo1A0d?c^)gFuK^zgqoeX
z=9@%%a9;URYij0?nF6^j=0)qFpB11vgen|4Zl&i`Laf(e=CE06iG)asLS+(#17AtM
z^oRYG9l#g(lORGq;*}msYA~GuSbD}S5&LG>VO0SElZXThMBr%vb@QTA!T(}G*Um>j
ziABe(_V<5~#WiLO$r~YGM7KM}o!kho>^82Td!nB``C||KA^49q6765*<%v(L=%o4!
zp5=tqaZpLiQMM>{24e!QXLZ^th{&^E^c0B_CCcT+L+!9$V{l_;zf+&0@@!!zDYg8y
zEt1ORDN^E{S#No+Pv8S{ggPZ#?}BuyE*MGM43n*n^mGGOWP|irKTSRqnTh^*+d2I~
z$_`AAAZf5DVw>6P1e>0zyAFuSNt&OxP<r50BXU^602~p4V1@MIuqeATEOVUjNF;)S
zsQPVdec6J!b33OCD?w;5*B{PonX_ccCNh`XIl}BP>WxKz|Bc;yUF241ZV)tHlhgm)
z+}c&-5h4K0CYNCw#H+|HUT$E3k<g<>7vtg@AZo<)m5th&gG<QQuNa+V#5%GGLf9gi
zq$6AP7Up?XWf|a}S2nr}7VgwkRq-j`FI&u>Q#NRw8NcSwWRSIAe|G?;C4QLbqegS~
z<=*f^`rOJEWG{`k*z|!&dCHU@3=}xyL?T`{+kd-P7ul@sSJ0&TEvQ$RmtJIdqtpY*
z7ea@G9vb@for%el;+-aMYu~vVI@A>PcOTnWtly_-WtR=!Lx#NW<aJ*9<d-KcPUj1<
zhIf(d_IbD2uWr+(C5)O<h6UM-CWKXQuN?LlMP{Omp~x9M?P9_?Cc<6B#c7Xi$Bku$
z@${!AVv*<O4c+^|UKA+~gaV&@MddIuH%JJ;EB!h~1y9OXL%l&wD3<V@;0XYG=vc|I
z&xvFdBH!s#^_{YHBQ+$)4~GrsBB7Tq7WtT&Eoz34z`&~&SCmB_iE$g>2wn}3`_jWn
zOUAr<^_0s>xCEf3Xo=m;K1fy|v_Jhx>_vTe__GjGRZmHijP!lAYrA_Oiyc98Qu5>X
z@w=Tu`{RB{z4R&x_>JaNQaNDp$RYY_MYT)^F~9U|&sY~5Gb;m1HzlP+!X64jjs{##
z&j*q9O9d65_OXti%A^MCQ)YMXdUX+nN*$a3D6yx?jj50c=6H(Zg@ovJ<|_tlI~^S_
zM++2h3rl^$<~1aR!n++Zdv5y_ewrv$?$dSA=-~s70KQaz{P>z(9h=fSiS&Cj<l<U!
zBCakkVB!j9*h$bYNw~HRSmcD!-RLT!`fl3f$6vO@x^oNj7%}W@V@;YUw0>`4f6;!y
zrw9H48thFHokZE}>=9mXs?ZN_U>;($T}4`wc}dJ$h@qFWOsEZ&*qPoqkv}x9C_XlJ
z?-v;lZ&<Ss(pzB?0}FgsM{3I|EA!z~MB1%g6I4XqgEe<Pd;IvKdwZMkAoOSdQzc$C
zO}TJEXS57oH2drbj6jdkyD4sI)<(Q#7seq_^etak8yRVP_YmS2P96YR@wTsYc0H%s
zhAaPvay76UA1Alhc0*AlE+XovFhHh--;-_Lm3%5L{?UEm@V?atu3d<|%vdu8r2)ms
zJ+CM004lHX1BscR{(zQJQzJLo8g(s9SV+%91&Ld+;bUNMu%H~G2eBQ={4=uW@uW`L
zY({@c-GX^Qj^hxKN7}v&tM9*A<#Z$Rp*IAtXd~D@`*!~I0>`NBMRXhnc^^RDfU^7O
zteqejW3`wG+lrWlZfcbZ9mA|1@CfFN6`=nmzut-(p;1vsj%i&s5ej@vY;T8)LN{}|
zDIVYXTu}1htJ}y^CF#F%lp%ijcI=FTzOvA60xV2m_FqN@9c4=a9Ul8+ZnlBvK>D`?
zthBJ$J9|Hs7FrZ1s8KuHd+85jo&z=x34*@tYTQlT;oW=nIzN5K<-Dan%s)F>I&{`P
z{HWA+hL?+oC(ZG(SiVQrKN|YmxB-A#ysChxj1oC6++Yp7C$_gjI_DedpA^pTIvkP2
zf=Rd8o%G=cyn&Lybi~@$)@Z|L4i-M8aMKJr?;Z1{rsi4=_wuK3;(0Od#C@Gtf(}sB
zsf^K8NF56kclJoS0{>&LKgdbW%a^`uXS48dtRFm&Abip*Dk3L+Pb=q$kPk4S5lA$b
z{H!MzK!Tytv;q9yo6kpRTrv5arbv4{8;=%;zk-1_(a?0+vRHr{D$N}UYn6Nfc~fZD
zH;&MW=fEQ$VP((-RD%k5xvc6e?01Y?wMHzo&$`J0-nHSI3vP~}%^27R>X8ckdOA}f
z?9jOA8oSd*A#jPibt~u18@A-Y1QoVQq@=X-4cq;YRnvytKvp?9);D3O7n86)va+oA
z+4s%|+ro_l3sE2C1yhFe{y%*u>%o)ZebyjI<ZJ@epjE^f3<r}ItnSnXN4S941)e>-
zmi2ELRwxx_jT*I}^K+WcHyg3vTgU`{VAqAa0C=zC;9+jUE}+XXrI%%TdRA9eHGj^O
z<>OXoa-tnyIznFbKCo`{aH=HAxs}n?Sa85)Lihf5qb`q8j0>Tkgb@LAS;j`cfJB}q
z3k$w^`Y-6t_%}&qXjxp}WY%m!HHJt=dHL>;p)$%6o;7UAD@KB7nZjc6<#&#gpLN!E
z-60ai1MTs$ExwoF{S!(T#HU#0%dmzRgB}@?46xJNx;Bw60H6k<#JEgh3UlS>g524}
z6hPTL;ckSAZ#^#o2-m$kBK~>w#~BG#9F0CYk0UZ|)!yOdO9eo)GTHi>%rWt+tBB^b
zLbN0H$DfOd)GTSLPk;74pVImz#2sc}>{{80R+9tB3;4}``a^t$e#)Mv>^~Jr9M~0N
z1iV~6<Eg+v7pjNA-5KCI7?e0L1f<|S^@039PZAhFx<_oR8rsOOJ8NAiqOg4`E6W)Y
z#MUv{WAnqur9c5~M1O3qbxKg!OqtUE*s@PGHOFcW#{S-NEjl`;Iga^rdA)PI%uL2R
z8$DwKMWG{Qx^rUND7ZGd&t1Lx-G#r7V9K-E++5pOtSaL`@buD{_g%@lV{hL?cC}me
zA|ozB3J#)M6NI(GkjqXQ84QtTfRde&arpUq!b5L4)e;iRucV<TYzfX#CWv5QYac$$
zR#TH1s3BvA?bI*y4MuDH9G^2|sezb;|3<9pgb6RWo9SgM)$c9roEn7KM4`qE$O_}7
zizLr0S1OrdkStI+K>|jvMGm0#W0Timvy;KWT5vpw!Z!=-kqN;dVD1`ubN5&`Jj2(r
z>yB))dzKk(2byAZ;&6(#_rOz7v_=EBEj$e`1L-x+{T3ysepuRL{(d1qw@~Htaed^c
z%zyPGj=7f`pd?ca;;kw_f?U94-fI2&v4PgHU{QohRFA<_HHefrrcMAkz{{!bYLM5Y
z<wYLe+C$856##S6g+AU+M+2jE<$W|MHXML_yXZ&X;7lCqFPw1cK=$3m#t;%E!^j6^
zBWQ}$CrzS!jz4*Ot%(VUCS^fAC=%J0Z{@b#Tc79aIX5y<-!R~TUPS%Mp_JVJ5Q!&4
zV})al9LRP3;jZHrL}J5p0#0HqCfFS+j&CE;R6(@8^sM*GtgMSUm3VeO{)Rk@Pt6pJ
zhaA=C{7KQ%=RM^ocTtv+lM}=i{BCNTVO}hiRkeD09P%lssJMj0FfXjUJ=}#=ZV<F+
zgP_xm9XIZ%kB_61)7w|CcK!V7H#T#@@1%TP6W%1wzRzF0K;ASlSP##iNyUE%4aXR|
z+S~I+edBA9lyBbrqI7F+|FFKiFM@&Js?MP&PA$Ad922Mlkm8VplbJ0oEars2s&LSp
zdQ4h~-#k0Srez3KNuq&jMBoN~wqY~Q`Jom<THFr?M{8@`v2B%9XuNjqID_d<TH8Mz
zLQlGES)ayH*0l_A-d!;mHQ)#W-!?iijsiu}k(XbFd0|m=%y5U36HZBK1~LmFHA{x^
z9Lh%IpX<l}$PWPvoF{2=cdOV92D|Gq*ocZ^&8RX9xD^$dXa3#t0?cd0L?_m2j6OEM
zxve#6t@GoCq^qT4x_J~To=Jjo-DBbd@q9Qt@}?iLn!jnisO4pddz-v6Mgi0BeIg+!
z_KM)7IJ=Dyo+<nXB)voK&tNFzaOe7+|F{4Hj*O7$9y=S_;9hAE;Rh;K*4En+)~>5v
z{YcV}N8zy%-OsOC3-#Df=I7Tx_LStQ4ES1KUtc<Ma!dHQ544J`2mYKgMYI}pnu-~3
z6TvZ^urhz%JpENH0?8?N7b;Q0K3T90hhS)p>WZq7zC)b4Y6pO&BQUFu^PC@^u_Dt1
zvLh<MZ$aLZyCy^}9*K#g(LLvFFanLo4G4J|!h#ltL()39O+_w0m+xknpab6LrH_hy
z@yJK#iv+F7Dmm7}=v1I`njBy+s9wTAJxRg_=VxCzpY*4>IWzbi7Dsd#?3><rFk-l9
z`wpYph4(UFrMSC$Njv@&D`W13aY=hdSv`m5{Ni;n)5kJexAq$!ve5thIbwyf*SD%Z
zMmN6GJtyQHPO$4aY(*zZnvE+d{#Z5yf&tg(4#^dE?($V=L>ZrO;z2tYrz0$`h9yGA
zxCtQ{kdrVmR(<S%BZk*jUmATwT>BVJToK>s_fL`}pv%#M8GgDu3}|@LmX8hyvxw6_
z@u7&pPn7BpIOWK^3#(g3gwFCHfa??QrgCUAva;?mja|Ju&^zRz=6x4u=cj&xp#z|7
zhd^kWU7nP(mAQG$ruS3Foq7NfsJF7$=iw`LX4x}w5DdAjtqEn4`*pya5=L!d<kSbO
zfai$_l!Bp*Ck(AXG7KlfrHmJ8kXH5#$Ag(Kn%c}?WtzIW-$2t#3rknVPxm?=7N*=5
zs24FsPHKYx5r1Y*Er$&#MrFG9(K#J{i^XR6^sf5-eOcRe{m}wb^L96eE&V*xSL61d
z`|8yR*O_NEy6Qe3#xj8;%(Aflyp$8QJ)scE1krZAjSXDGVbn}u7yx%v@bGpSksXhk
zC@qQ57MGJA{MYDi_R(YbJYL!0`LvwBGAE|w=H2MjGx#6>c^{v)mft&;FMrK}q4W@X
zn(fbdppcgG$g_-e2G+222Zt(^z^|C~@zTDoKh_UI*0MYpBBr40QxzmVAH+boXBPzR
z56e^Fu|MB4BJyBd@XXHoFC*LTshqgbeBFu~Ut1E$&akri&34Ov!v-9op{*l7OQWck
zFhvJ_<C&YGy;V7vB;gy-(&vq<)Mq{ujShNLo5XSYC@cZP1JEeFs3_Pu;vGi!8CFc8
z4F7cQKYs9tIzW?w%5jV*Ai3BNqLApJ+)(nMb9ATAZg0tAee060s_0C<Ti0E?=yXs}
z6;0uNH`kW>e!{Xt@)(`=;@X?CdA%=@!L~akGc%)I61)S$D&{1!@;-tEXeICc*i=GA
zgw$MHaj(t~ROg5S>R1GB$F-#}$K3CIvg@4zWn%9-QP->tPb*ZPF=I{b9Ej9Uzx-Hm
zOkw4lx^$({<k6m{%il;W+%?k_ooCx-<blWLQ|=5lT}QX!^nBB+3r{#(V}=E&Z8(WY
z$l94jkdcng-kn12uPY>|I6Cdif4*kqsZG!UU%cqGNY-y64}rc7g~pd3hd&%$^4F0s
z*Jrmj^wX)p_|~~=wehO|33QseY!-HL0h5S8L$o@9dW7H21cw2ui>+-1(d)C1WXJvy
z#YKOi;s_27{$ISkc~p-3|Nk2qVjDskLS#q^8A?<tQHW?p8c0Y{q!N*k5;9d18kA^I
zgrdO^Aw{H8icBS>C{0Rr9+$m8zjM}E=kIf`@A|C$-MhN)`?}uOYk0n%&*zKiHiL}I
zSaPJMXT~efZZQQYcPHjjN0LxF$*n%VzPXmhi9;})5*~9<4O(RT?ldMQ{yVoVXQR%|
zW_}dBlao>qwV*%3ioIG|moI*t^?+rS1qH@ITYVTE{@l9@|ABp`G*`%n;Ba6vLF);6
zHCK%F>C#U3i;LOW30TZCf9Q!VJ6(@I0K9{@1ie6GHfq>8xR{ayz8zRF%q#M9+=+Ca
z8dVxQRaJoysHtf^S{zVtTk0Fw+p*Vn1>P;YVy)@@f)f4u_3L;)K&RQ{<h1OmB~k^z
z$$iIWjF6NBnk>7pXwd)TGRn=InZgC3roH@VL(e`#-`CboS-!%^XdplcloZB8Gz{P>
z+p>?#klqX$j;|qN;t@f^D-1g}$wx36%u%}+aVI-3k9x9+`3RdPvZ{Vj7b?ih-xwL#
zDzLmt=BWTU-u+Xbi=Tkxx~~x$`^Z;uvG%p9EJjN`+RDSxl8$U(sJi>qnKc^-QGAyL
zwJ(a;Tx$AgSV~e7cndW+i@jl1;dM!j82gIKHiUuB{{5ndAAYQJ=Z`=cz5lMA`~_6a
zDCp|zxn#EvZtg%ena2+wvaNd+Wm{feEhD?YHE=1;cjo2p)68+eu4ur3e8~NDDE8h9
zhKZ!65>^HcY2@@#K`oy2n)EqSYOo`Nzmg3}z19<$R!%xagLU(!O4us1G;YFKYFNGw
z&L4vhuiLnhy|Y<FE}Mi;QQe69j5&u&Nf8C9YVb9B`ryI-+)7N+^vC?oN8e;k!v>5#
z?C&34@D+Z(@}_nQRlX4!49Bo>N6n^UH<;5(FvYp&iq+GIlxL@>Jz%W0YCnw${J%GZ
z35vORrK{F+u;_)ViMpwj*f1?*iE3zh^x`3=X;Zz@j>!f*5f{-~hv<&q1JTWQ8{L`D
zy<=ra(Sm@u@yOBz1Dy5iWw)9i>``#eXSSLe`Z9>L2`R%>5i9^KP{iA(gT(b%5;A?f
zU<D)Vv-DDYwHmvcQDW%oJ_5yXS7!zA@YFmkL1<zZMCD)I8%03~5#;wSPl6B*L4}gN
zV#2^@NL>w7ql`Pj=}P-8i1OC{Kwc&>rUE1@cU%%FeJQf6g=G%T7{%`u?P)(Lpm58!
z<Owizp^x!!O&a`<!XjAbER@Hy)lF1Xq)-ujhvo=_OuwDa^Fx;4WvV>$Uf38mHn_u_
zKlKhfb(r;Y$TaxwJ+v|WoJhx!LDMo*efr;(b+|^QT)j%gZ+|4CZsC$8eD^h+g;h7~
z=6W`B#?JJQJ<3B)#64ixJp9PcJ$XGvV$^6_hx6Iw6%|>UwvmRL6vs;Tuo)YUl2>O&
z;pGx@@S)9`W7+n1HhxbD`__m$SAg6m-Mo5LT+y0Z1G<1*^^A}un|h4)dXkq%k6lM`
z!LZ?UU?9nUJDW3e-bl(hlO_mt0)v;0WC*v*K6vHKt?jMVp2DNZjx9+K{iu9Q1enO}
ztnuj<cj$SQV2Q=qr;J{-Y?<H=T3?TfDg%f5lzCjV8I6^H&dz$m{=l!?LZD?D(X&b$
zwO7Jyt0^fGE*34KM!1uM1FIbWE!m?o?^Szq?-DFh`T2n!C$}+-=Xk-1_f3Cgy6$g9
z-&ItU4S@)Lromt&=5FrUJ#cRoc=4IE-x&%bMLnLUca3m`vdcvFHS`$uW0w}v_%la@
zj>TDQa-xRkVBtV}hb_p??OYECB}flerzT=cy8FpD(*e@bo>>0D2*W82HtJ?y;~%@}
z;edmvu>}t@f*81>uw<_$LPVKtDqv0#^kvfkv$ngrv4iTx1hWA>|GtW<1$2X7ZZSpo
z!JuZ%=FPV;fCbAfT6)A@_QXP)wQGerfoD9`Bj2`o*TTN0$kJH1TL*jM9DNO!n*XqD
z(IU1tzI3zj>iRFtB~mJI|JfOgnF{@r*2g$qcwQh6^XM!w9pc)fe>mFCHJ(_lxZ>()
zb@ev_#GRK%Ra1SOwSZXnWLG*X58DA{7`8ml>^xEmCl)dXSpDEd9~w7C&qxOw2?@t<
zy;=!oBYao8O!%Pw&(80J)s9|ivu}aOSC-t9T4v8SHHULfjR;#7L%m746p=b&z)F<i
z0oABhz<Md*(a9!z3;YC_+kABOJsszCqZna!@|A&ej^DDkqNht9+0{VoFK{R#qL0__
zSNaSXI2=Wb2Y+ZQEq`~L8DT_gFchQ3q;Zgp7&qqS9la)q%Nf!i6@Ljqnq-C<C$p&Q
z*Ut*lrw<ncIgA2%6tN3~OTGaGi1M9og*cMMFg&^MwW3r&pm}-e0zQ=%7pve}PGh62
zE{S{JR!pjU^%^#7OGMgzQ85|5%lKv!>V`96VMqOk1f4ut&pDv5+tc!MZhpoauu+W8
zo0^(doC4BZ6qSEal794Y)vw|Aj#Tyy!p*I@Irxb!+B-hhK-;UOT|4Iq?=7MfM*+bT
zbCzX+&w36f2q!a9#KgnAtEjv%x|=r5aQDtIF5%tI4)VqDwt#2rp&KA46NJL)8yuM@
zu1f0a8d2~SkDwB=8AP8HoX>c$nLFC6#XS1o<@L8o!unvYa%UJofp7=acbt6iq3}<c
z)@B$6soQ^qF@0Gv>Cwf3p;$#=`pttx4;DGh5gha~K6h)^?tdHi(CVK5${H#nHG~2@
zWI|bpiOXd=Wisf+5n@t>(k=b}emMh0XbXk^$|=F!vj-i1xIFQ1v%*1y6$_)0)x^_W
zz8L8Af047**;x+_EZf=vG@d>U)Qc9Afj_ZgMGWrLiPns^ZITNA3>T3E%;wW$eB?lR
z1$2tbi8JiMl>PSe={|*bj@bhxE|DQGl(940)q5m&$=ytf6U23E))+=Vucd0<V~H;x
zxdRVV${GXNL{cFcpMC&;u=IHxV290{-%<uqVV&vdqZLgY`S9Tbmra1NQr2#?_}`o9
z&_5lzD4F1g^Fso-H;3E4bG^Z~O*7S$l}#t_P9^={{`-pT4JU%>C+Fs|u74|6jw96y
zio+IB)XL87uwBqr;s-MH*)7>GF0FV>-WaJ9CHn74)k;7;C#WzW6oE??su^xrv4VZ~
z!iO$w35|&3$>;jMBn2RxKKZVwWM1~BnX4T4jq*NjA}=Y{EwB-OFO`?CI7JY&5qipp
z&YyT3w40Y3JSHIs7casSCiyUYvJh+o?-iZBHO3psHyD6GWGTPWJ?@^-D|$hpZLqf9
zgZe2jHQp`%s|)OpoSP#?j>PQBsH2eq3|I`EET`4@b0Rc(<U{%hP)l#bmfo!BF%cpq
z04+m{HI#V58*7DT+0>EI=-?nnc>HPEsxxtZ-?<;-)^y$bo>|$79D6&vS)4j54^D7l
z`rI&*H9B-&hZ+&OR#jIYzRmJuz7|b+ENax?DVD3lhF*iIPYI5qgohTN2Ya=1K0Z`8
zH%5wzH2Oh^CiJaYYX4$2WIW<wMus}|yp|}RmmE|<X#jq|jyaQ(lz!QOE{zA7_0k^0
z2BU&i!h(`@=`{zHCJ>vL77`yPPVCirljmB<Jj*-KM&i5lN-}lpQO`dNBe|xmOB8%c
z@vkWDcWEx;Hm|r;%&mFY80Tn(!nk~z)WypjiZF$I3NuVxp{T)1`}K?oSux4yaB&bu
z6LK?mPopJ8H@IcXz1jkx0A6;pXX#IzH0e*x&3AAS0Z);3+5$z@9F!7c=qg<1LRn1O
zsHL`~Cx_{=jfODC%{JYT++{wW{YmG2$Ct7bCQ#uBHg^>{C?1$1@a}zom^E>sE-eWe
zBQ7Q=?L7aulNQ7oXbOK;L`r$mI<{dtySvXi_V}M(z3Lho3f&C+A2O5Wc6bZSB61Fr
z&8&`^qWEB(B~zl}V<8fdXoM1$w7Ep~h?0r%e;KGyl#j5*)%Ac{nmybBH<YdL$q?<J
zw2+zS(`S^%o3gUusy!TxNQE{wAB8G>(4e{@)cORXFwEOiJ?GBd3*a2Ow0KucQIFft
zin{-sX}sbF^gbY<&NJ38frzG5U;|&77!I`x=ezmOZj=lqCp*&6FxFu>z@qE^wnJQf
zkv1$G7wBM%K9fL3z!F@>f9*-$^!nuUDhG|F5o`YY>@lPnJ1RhqKVcu`<Iw502YW~b
z=|$7%!4c$W`EPsw%6!b=!yA>PCcSJOkJl=PllcOj-J=c+WOT)t`#3OSDLvY+aLN}~
z2oemXQz1W5$>DS#g^L8R21p46l9x*gs4V*S@4ttB+jeD<`0(K#JeYWZ9#3EO!2eZi
z4BY|$H~tjFTHN|lDMbSt1;dZQhe1Tj83)itsm-2UbfRkM`LSD-@9h?5c_Jd~;0JqR
zb4H+qSAxUq9~S3OdrLXY;S_<V3p~E->-`@|Z5Ck$f*&t0A{31sU!NEnUlZXqc#`#<
zKg0vR9T~<bHt^Z{n|As48Iw}=AS5Y0q$elA{ar^H%=hv3Eivu+U&I?v>iJ$<D=i^m
z%S!1dZtJFpfWfR^|Cw9-ez3nhZzar6I2goD3<sD7fF@wLUv%aCZt~jX$^JwKe}DE+
zqvrWTi^0Q{YHn+53&8K-abG&t1SI|yG{+v0OVxK6En9ZQ?5xAo|Hbww;Ybh<3G1$3
zU+R=4753*7W;j>&K6MQnQ&A%`gYn$YlEzr@q_kVNARNT;_rQapr6u|wUVtm;aM+It
z2{lwgXt|3z+WYqZueR%CBbnVb%`MSfdmv}bwl39Zee-7s4IlW6cdxhw@<Gh2JW<`D
zhC<bqzGxN5@`eq;ECv}qnYHRb^y3(?!pLM9Mx4K_)WClq@)z!yhax$mES)xK(s#zo
z`~ks3(9J+Agcd@`)X~u}tF6nDynL38If0G>WAmo!;$wdtxw_;OMh|C|9UiTo8dp4@
zOaQbl1U>xekV+L!D(@l8)#I)}#JPOAj|@v-pgm?wUNHK~N%^}TSi?-H$;sNQry>Jc
zl4#8UmFV!t75Am4Gf!-#XKnGaupV=Qfr6Jsp6zr-(DPOb%Dliv^qx=X$ttO0E1U-(
z#?o!U?{@51#AI-b{(kYH?Q|w$6RWX!Jvm)kr!ih)4<u+Dq*Bjit`^w1*96}SVV)k`
z(x=b<Oj5?^)H^2fINc9xGA9u%SkTi$|5Cx8_QvHotpw?ZonVpqMMV$432t;2*0KSV
z|6&4+sx?C5gl?4U_mUG9qhzqtUGT@acE5;-1^oqWow1P-eGE=GuQ$1|91b*w7$S@h
zHZSNY2j)&mY(<no?#`DfFUJw!-77bPh$L)c6R|;@Kjwq8um_}u&VjLsa1M!;@{P-b
z^`c>HePiHp_wJq=oidSov-{d*U%g;BZXl`!)mgKSD}ZwIo9KGE#)6XM)G3=`V==Yb
z@}X<0#;LO(CMq2Liy9hxGRJ858^6Nmf$j8(U{f!M9(BdcRaRV?ptHOl`&mG@R13r1
zs-X;DbXG2139p+?P^OKoE~>&53>*PoV~{(u?aF3_*k!}+o>T}mHP>iK&LFLRbe*H~
zHQYr0VR10xLcQn`hrx$+Leg0iGs!YdqH~b70R_mofhVdl?#$h+IaH_dq0O{PWr^|c
zAi4XAPv=;lQb=_hy*;5@TSR21B5VVu#Eem)XJk18qeGB&-kthJx-+8wja99-Xq=wo
zu?~;?E`@VjOx0se<RyBerlMjb(k@G60Z|Hl7v&Js!d+ceLpy59RGfFy{L|pDmAE7?
zFOjQ^!}`?rC85HM8x?+rXZx849~yqV6Gj}Es)C@E9{oq8g7qsHF@fGt-VGb}oBbl}
zP`d`|Dkt}ad>pr@KQk;;M>P*$uO?g?^slI_<c2VZ+qXxO;aK<XCmeEYg=Oym`It_9
z?>E70X;eOxnCxYDS2w0wOgZ~({q@(39hteGz48OJByd^oh}q8F;{C+$TaWgZ+a}-e
zBXxS%fvyp%e~#X^c%&1RFJXCj2hVg;x3<yyGsW-*DrUXiEVu8c=Z_)nk2^JE=n;Uk
zfa=BLPD1M&(3z!?ZIeVRvLI1$@L_<ItMS@d&Z?o(0|v}ZR2=BXT=l1B-QoExudTHo
zU==>S#$@^Kq!mxAe${E#O<HbvS2Sq_0^?;3@8*a$RT0v%8@b$^^~F<`-%zhSrRn=1
z(<hVL6}Um2U8z_*RyeyB(O2UVGjrV^TBHfVe0v(<0gJCHXh85H%U85gCIyN*L2<?m
z&%hIq>NX?EBOS1(C0gGXZD$0`?MLPfs+ByaRY63VIMP8M%pMp@iR15{q35b|-x7Vf
zlsIi30J$SHbh5aZP+mAY;}0-D<ZaUHO{uHSERn_0|0g|tpy(ZZpMo-1WBR*#`&v5J
zl1(Xh?s)Q5WIVb>$YeTuTz=Or$)fR%w2b%L0^^fqgB(8g1vuNUZm5Uo67CM`B_MOr
zALTMaWOR_tQLcmF{KRr*$)+YA@`=@qi^YEw!qo8^nfZEC6U;ri>SnUUVeib<@71&h
zA8!2lVV+K7U9D(Vi)7J+NAoW4VWWuiZom1{w|!pn@nn8M!P=x1IKqG(R<s($HW1hk
zzEHe}yn|0JC1uofiGDThN3gYL>Xr}MWOz1aR^g2e#{8wtcs$jIK0P(h!aL|~bw?Ip
zUon2XPU5FApQ-xsO$B}aX+5?3;L&a`9xjYF$~iyxq0Lsb&#7l`CMG%(bg~7EsX{sw
z7YEiH@Z)U8vd~mfQ5iSR+rrVtW;*4rv#=Kk?m|*=)`BxIK`JB0($I8b3ZGp`n&GdE
z2?lOAD4&i5Qg9hdRY$mVtt<ujb=`(bwDw1&ln+^y)4((LJDE!`@7Zs}!YNL$WGeUD
z)ABN3uc(KBW>|iPk7Hk)I5IVZa7Ul!-D+UHqn*ZrYR2XYv+<wR=MSZ*)HnHAjx)V6
z$Jnv6<n7R$PDRu9PSc{!yN8<k)0A^PCIk;^*32qzJk+#2tNrYo=C$*BWoI^pbM9pW
z)`U(*xz(fJh#0#)i_0~yub2c}pwqT(Q|GcN8?L_w+xttbu|Jk9>UC%!t4r?RXIEn#
zSOKO(=wU&0a5@(DYGj3JXbo^Lmn<}aE26D^A2Ji9PtpYc%N4?=qMmNxyP@iAU|8EE
zpwsn~KfL${iYmRt*$6rd*S9oEdv3x$R8e03K95`OL|^5By$^sKJ$QWdK8!F!H|wX_
z*(J9<R5~Vf9K2ZnW+Fg;ZQ5yy40xs4jg@&dXeN@%rhm&Z1!Rmj(d7Eq4=CW-!9(#x
zE~HbaTiTu?x4=XLQymaU*PR<UYH=(fqasI4CTYc=#_HwHJ4_YT>fP0IoM)cZ-|-Kd
zMSZTp&(T=d?5?xGf>JwYn}g8uweHfO>U<XXZr;jw<>i7@a7?g5>+NLAcbS<Vu)3;n
z=5oedxo{`a`+Q0<D)EtK){dRAb{+v`8g-7p4yA0UZ#rg~G^WXa0#qRYW4wcphJ*~;
zI&-;BBNO7vPV1bkJ`>BG<h}(mj{e!+f9n+*f8Mz3UaxaA7XRH0lk*0xgHR7MLTORC
z%Q|S(K=dzBOg22*^-}jZBA3KjG*un$Nl_8mjbm2v>A+Exa7#nwjxEUgG^DQ7H`1Xm
zA$|NP#ga`zWh-~=Qr0KMt?%c+GqLvkeL#2;nyG@ax=1lYMlxDld`W%Oz2~D29-IAs
z+0wn{AJHULR5ZYM9P7<JCt*Ms41nK+rS^$y9q>I;Eoy0Hm8I5=?9psFS0Bh6#Gm;o
zm<NFil(M9>bmqpFw)eez9qQNV+S~KT;z>9w42jyaY=MO3<Dm5CKBMwr3d#9e>n&Rb
zS1#E=E^F~s4<DLdfoJ)oanQgyzX~t@j|(sm#)enV{T($!W97C3uMMgcl_ZYS&zYIL
zLxNswn?yzoEYRKsV16mw^L}TR;%$|UFTH17?l%QDK-g)-4d>_1ELIorFAGg%C?%5z
z?eTtIQsT}ywxX5xkh3|q|MRFXC2UTX8Z>DC$h&@(dWq?unzg5`7^UN^Pv?@3$JZsM
zP_*Qc87)Ptkz2O3wo=0a%Kzpq&`h<o7&P6+%`rS_?_`OZ=Sl6FsTTQlb2K%>cWsWo
zdiD6@Plo-51P28junrjixrzA!$8KzKCq(BRL+_Gd0frEfJGVn_hnlncieHp8z7=mW
zb_7_2mmKrTE-GrI`l+Y~w9HxaT%rgYl!v2MPUv^PSU64}TA6L6uu<`kt;i^I>->6D
zmUMYCR^9LAjh7htE~%zVXQ_`p8!0FnERt-xubXgL7i`TS6)*yx7ezMSOabrc!c<^d
zySQA~)q3MI{S#PJmd!Lz%MohYkg4$8K2d#%;yYwU&v?JarukwNZ`el&p1&5*(=Kv5
zDxA6FIctT9>DJG7e~e-R0t)C3pEMFmgkpL`e6O-0t5&W|Sb5#Yf)U?{IXg|J6octt
zSKyo$Os5UhFY_|lh{|W@)*7La(`ALj*8&;}p92S!zju)WY5|*Nl=lMS@0W|KJgyF+
z9$d{x5UhH@n$_yw$LEh(Lt<}t0NGy_rtWuJw%`2?n>RzgvT$xk8pWviQ~#Ft?Q!Qq
zL+NrBCw9V=2T!jT?=e!<rG-&ib|ZOV*$5-)yB==<q@dKFtj2J39cPM4prvbO;wP?{
zad{DgA&j!_<z2oyL*;vYn(Ts0%k=cl{2kZ{)Yv`0D}!lRGdqXS-6ZqvsM%>fYnT>s
zcr2zg1F4Z~&FW7epV02AW9)#=<ax-9OA!$w!}Gf>R%F%+2S?6VTAw`$XS+(270*&r
zyUR?~LLgbv&}B90wG_=_+wt19^ImUHx^SUeoAfSgpYeMq4bIKWTl(aO04o*>7HqUP
zL_2*_Z}P~)Qs5GI*z*8oqi<Wv(3m+Zq!)+T_1&W~X3ReK;I6s%B>h#efy!W;ZT)R=
zo!uD%B*67{-a*hIjx3mhO-l>TQ?o}1BcFgLS$X3y5n%rDv#rWh7{<emQQzHKc>n$w
z6_w)R;%16O|38`%6^U9_tYv3FcvO0hxq-n88e1;ZP5UBTo^GHaaZVEg5t!$bXGwd-
z?J;U`cAlQ<$%0OXv_CsvuGq=00Vf+9?ceH0=8s`?Bx^MR^^1tqX=LskK9Wz)<7wYc
z5Rd2;Ih#M=tb$B)qpJ%p9ZT8YH6jNs>CC`6t<4)1C(U`4pMQRY@ziP4w*IR@<Y`7>
zes@s;T@6vjx&7zQE$ET|($YmQdyH&K<A!qK$Gtj&e{R2i8nCbyj-z@L93a<*y&3Af
zeDn`)tMSDpD0CQ+4H4_+zM((k3_$mQYC+|Y=JJGYALS8$-`aXq+ufeeTZOM6Z%#8M
zFd+sG{PuN46x35qe6o0acz9@1IU;~Pyd?Vm>7g~2aN^1~l*?DfoEitE4Z{Hj7$1j*
z+`<Fw51bqT3o<hU<-lzUN<EIJ@9W$KFuCj0j-(Y!+7vIikI-gTGLDBb11jz21zn^f
z(1~CoBTPq`VU#7A40G!kePZF&+3QIeJHEJzX!TtbZ3JgINN?TrVff#$cBC@Uq_6bT
z6QUi<P%8WDs%?4il_H8+bebKgO^LCoNDTf2WmFJ!ipe7vx~{J3A2=hYt4QG#1qBB#
zIAdUfu>a3Bs@ayAosZXFmwYyb6YD>s^4@8YnC|;CVNYeGL>XY&#PU^5LNA~JU4iqD
z`@cm+&fqH1%IRTTz?od`sCU0de^pnmBrkiAD!>40Ahg&_HZPo;3qrhz$Cpw7IGpF8
zz-`hQa@laTO=A?f0Q{0y+ByLo?Jtezi0js^E7?3qos6g`c_g%38E+QN@E|}<iLB95
z>U;9kqeQp`LbKnYDZHoMQ!H6qn`%5*yOgtXN*9q*zM_J+0ow|FAFR3lnz`@1(c3o{
z($gV(QD+mSpiubV+m`n0A`)?A#U#gqi_e&b0B&EbS)tS|j9-ANh`tzjIi^NScq3k>
z_tswrAQH?m-F-5B-z3+m0st~9qw-$!(TtzadH|@w@@5Q2ZVZ1wbH%h~6?B=0Q2vY9
zS>pqO31)4lCf;{1zYZAIH#ip-;CbN=@<4?OWEXXJ%n!9!b%CHR_)?XKEkPw*+FMk_
zpzlDx3eLGvtPAxcZMpv?U(Jd{|3XT5%0|%e9x8uf+h=9z+pi#kGxO;sNOM^y6)|@|
z3fcjZlCGbh4x<oz=G#RihV`A1<i4vb(0$$w_iUYr2|e?#(tdh_R$soTYfniecK%U8
zrtsbWPM~SjF8-d|L75HB{Vvu88#YuCsMFHZ9cFP!%^5%o!-I$0$1+P<tgl~WZ*WG0
zyB$lP4Wb1@Vrki4;jj7U;ZJym5);B*-<t}94|g`-?L+|ji5ZbkmZVqfVf9(Y@YX^?
zUPB2^9(e4LR&D7*#1q2av(lr&4YYG1E5QqgxvG81p;hT=R@S&FQyig*FOhA?5RH&#
zs62KEk`TVwA~p$dER14Jei?2Q`43P#!%aFF94xrCB-}{+?LAB+!i~M)`Kzc3>5Cj<
zqEs?F1p81Ct!-pwuth9Q5`@Fh7<BTDq>R$)dtO9R`$<FfnMo980|;zX5;WF+2Oy&=
zb*Gk!NH8dZ$Z$kA3Wli(U%hvr1N%@v0uKNarczgZzIhKS?ABQ$hyt8z!=|5^8`l@?
z>pN5=0m@V}anvC_h><I_o<cVTQ^rmL4~?uqr+^6nry6GEsNv2%#s)mGy0dFGbRaNR
z+$kZuF^l491XYk%cEL>SPu4u-ik5YPQBT`a1}!?{?UV59R~Lxh@pWhC?mut4^fMSK
z6z)|4nRWv!5+hm><m~2N%J06wEGt>!$RqE+f&g^%8`X}h3iDAuHMsXnz3M=RDjr+_
z;;^Y}v~_iTJ}+og=h`k^nnxZICfRKH7_Y2+ePd>iK3bOS4YB``dqDdGf)-CwHdtPf
zl|s?fjV~`?6~tamTrY6^SqFwlKpr-8(@-lJ4UO_=&nDxtf=jlX1jH%|0%qDBNS+dO
zw+Um_C$`|L-wp{&EvJWIhGn|Q&wLX*$(i5S!m~VI?$o2NE(;mg?Vz%hYO<Y8jJBsV
z21oAzw4C^EB+&c!yJQ1ap&J++_xW@=kj6hK?-S>}wyLUUl*Q=ohnLC*5S2Iki)*F2
zUG+GE2^TfoOFa{C2ncVVoKti9PcSXL5tsJX?24p_)@@dnz2>Aqy`mN=id|dF^nu)1
zMht}=iZbc+nKSs~3d$znb(ZB#wnA<pm`w5n7Ubt|b#b9LxB%0g!22XBuIr1bCO^EE
ze!uGFz(@g&pX$E2bij=wd@Pl0vczBj)USexT#Y}j#Rm#i%x_zE-O-JVpZu>Zfq@A8
z9M|Bzd*|BNM4G9_%bBauAN>V9>@>zf&mFs0E8>ggvrXn#yNJHHim^%x_aAppVBKFo
zf4*>=)w%bX`qz&iwI{i_x#^01*bS%>O81FQysr1AnPoib;|5OL^SP_nBi%74vV(9B
zL*Be`yzs0fPXi+a!6b8OCEpdmVh&j;47AF0_#JdoV@_d96^0of{P!Zqq@#lSzV8Fl
zDj(WwUt}_7!{>wCD_+<s)t~5bDMbIDnX5&l<WDSA;-M0}xk9E_g6mWAmmXah##Wxg
z4^OJyJbL&r${T<I(}q~)B4qmQUta8e{He(Eh)CgZ=c<{zG=$aDrM-0n$QMUujmV=R
zH%qiwdHZN6Gb28hs^_0u-&C$a<Xhw9^bYl0(JGmvd)O@j`AaBPrUVOE3coebfv|Jn
zpCJ$+K$dt+yNLGS26o%CeB3~G^yQ!e&#gpO)6&-F>*Hh7`5{U0285U7mu$LmK@RhK
zG-)41HQ(!Rn>B(56$dj|lpmLkmg|K(yF<&=K8&pZ1(@aFW;{~K&cMcIjJ6!D&#Xt1
zGo|pv%v|i#f7H?4reH5<dzf(MtiKMMo(~CAN6Qh`Xb0^Zzx=R+Rr7||Y_F!k<SZl_
zBR)epN=1a>;``x8B6SvQI^pi0A$vITWn+w8O^kNFl*y;wMkgZm4`*bVtZb<$nq1sF
zsh%&6E_EZjB3bv&Ac4XOnLCOr-cmt<)nO43rEOyLW~S;Do9L&gE`dg;r6q!_!#S1e
z{Qn3oh~`GW#Ja>>;tX<&;5`@dLC8>>edlGqeCbR+h586Jf=WB@*)stLr%Qu2T@<PF
zk8?XnF4vzi%<1P<94hn4(@fGt4c94N=&j=+lRQez-qSs(;PkP6wn5U0Ch9$nZ~Teh
zI_A*Wzkbim_8(1e59*_&S8`z)v}X53Tee)~&E&%y>*_*gZ<B3mr5P7HPs=qiRxwBq
z!q!&Y4^!)Tz_^(p!{$#mFpK&BM}u+k_pT0t2YMt90V5$_aZX0C{9fYR<?7GKk*-=d
z!}J9N6)3uryLRtpqaN4h;2MFrO>a_C4U7tku!2<v6dHJYtE!g1eQUX3K^3|t=Y(77
z>6!!`CS~gCj7n@bY*4VCULt4l{}N_A?hzg1lD}p$WaPM8M@?2r1SKv=O`cZ>!*WV6
z!0(+NMc4KnWYCXbPiM-6o>y`P8sGW(B>t@PfHgrJ4kqzzW%Ujn*>C97)eu6d*r9v(
z>DNzJZ1Re$BApAP&z`GSHhqvFm|0WufEhxid2HTXUq4+%rE1HpZ-)$e{ngAw=*4%5
zn9KyieB<)QUp+&XG?5oR%&Vt}fcJ6anpBF4uCRDz7jCb$Z}py!x*9NO(`DIn@@nFy
zM|U%X<4^19$-n(afEJ|HsCXwd&l}oDmj*$ieM|BPtBJ~aQKBLBF(#Tljqm(1)g16}
z$IhJ}W6x1gFB}*5@^Q6tw&ife@1<d>slT}yw1=kZO+fTn`T3YDh_x99y=ml5ktHhD
z#-*pHLqa-f>GS<vQX6!MW5Il`0WuZez8z}!dsc&AO7{%>jzXX*0k)D(m&k70vgOO`
z>l5nKIC+M*-!w9}f*}HIo^?^tGHw24cEBHArxDacwr%?{H<(x%{ZfpsE@6l5oLw#A
zGTzn`*}V&*4#vrZsU%#p^Un<JgYGxl>OS>k)kk6MAgg`JJYbts!=rXRfo#WQZGTHG
z`r#FmP6@b?$y3XsYjX0I$DAE}W2jp2WEmZ-V7)(XzUkNAW1P2b`&8#1=w#?<o)dh!
z{=hP;w-shTbGUl<7t>_<|8?p6zm+O_Dzhsc;(S)U#amlko1E^>rh`cw8FjVTHQsvg
z1neW(cFhv>F=MpL_Qr%Cs_KtRh@2cXCVIsgq$oADHs)$rTM!B_yqR`rek2VjZ7^dE
z&5oA+EoRYlKB@8l-ru0li9xjouGWQD9v#VzhTT-_n_ZdctZ6aXce$SbuP<5`)#Zzx
zX9g;Eo~cOWk5Y4+wr<+pGu0s~g-wkR|29=arHpAP`Nf<_`k3##UxBfw(py_vo}N*T
z-#Ngh*|M^C((gCmrL<~IB1;%uCUu?JS_fm!cKYih!)AzMNjsN1;?%-%6|yGp))D>(
zDFzwNO!#AIv-;YeX1kUy058I+mytkT9_&JX%B^HY!~0Q`4-=9kRYRAmU!<O+1RNtE
zhJFd}-+9HmJjs5YvUxbSGBLuYHtv*;;l>-z4n0w=!|XaFUJCO2du&c|guLMs`Bii0
z!-PDaZ+91h*zY5AgY*|W`c1SZit9Uezj7`l#4niH)+m|z>f&jssl$d26<=$7=gCBC
zW92vBu2xA@Oz{@Ro9=E#|7wE@vnWvU`=nA&5jE75+*VAfD&tMso;L~2=;SdCZs(O?
zZ2k2mFzN3%eY@$pp4z$^O{Qnk<DBgr%Tf~FB#DL(@m)A&dyw(32M+9K8*}gZE2$6p
zdz}sCj_EaSn_4+xU{SWEN5hxB;x^Y`0~MIIt`>bUOI262yRe1nS-3z|Ai<iLkE#y*
z_~FCe=J$`?PJp^)b&S)L4Lg2(3+?5ZBQNKN6=&VQ-&KYI==gzt-rDD>zTX7gByI`Z
z#6I3HAOH*UbHHrUIky|fEvQpwV~^0Yp<DVWdPCmc{C9fRy)9XF6G}GCZ2d8#4^;uC
zv$L5QYs<;VeBf%dtR22W0oKCfPXofku`Aglu1y+~O^Lj8X~K{T_2b7%^cJ#J%H~zX
zhwlzaUmF9T9?)N8d02agaMxx~F(Yz?;7vhji#}Gqhpt(T<hTtyj{=u7W%F6c;mATF
z-^bs`l90LLn4{yJskmCk8^B<H=6mN<cl-nH?YScVH*5wZP=+yIMCz11=jD<SCvSWn
z(A8jZ$Dd!zARxiH-P|)$8OTOQOrTu-lT@}KXG3{YbMpeRw;4OG%O=EM6P^2QR#U9I
z9qdVsx{^AIHO{kH<B+01KT9v_54SP%nq%POV6vcRj?VdUaq^-2Cu*LE>2cm*;iZD4
zReH+5!&*T-y-3q3ND99XJnCFgcFDO}U<=4LpP<8O;(=wbP}FbPXz^^@={7LE2Ww|D
zlYQ_3>JF0C)cmesiUYJucB!w}Cvfm7-k8O*sSiL0YT(BpHkZq<QFs3tapQ)BX5;e0
z8}-}$_Qu-LIlx*gDRe_@#j2G1$BZy!_$!bxYDz&ff2H2Z?2au9V4+eBVYA!u<D&(X
z<u%}=xOSH7`J71O;z$GOgg2#`0@p)Mf;rAs0m8VbZ#?a4oYA#?6@WIosKDtwa-Khb
zocBR)|MIPVvA5pJ+ehy-d0i2BCHBlFSKjsBy$FV<80-v{Oqpk}+*_p32Z0TpbDTp;
z5yC+*|JcfSrC1!=@>e-`##Yk6c^fd;(l=keuID}zwI<Wj<MO_r@d|-v`SJ15@I4(X
zryMqmmT?W;SZMKJmg@0|esMlktDO^KtcFF!$E&fkpjD&Jwo!<qhHUuaD&vf48lZ?9
z>exJUX~Aectd?Y>FXH7op4&6n3O7TT3=3IDa#k!WJ6mk{iSUOujYNatP5vvwb1Ogo
zQWMraGtCZMV{zB>Em@5*f_tx5H{Q&@2#9-c=YA8Z(}zwk`3$KP+!em^RxG|#+k6?(
zQt>;!ucU#;J6$2<X!j`FCy)^!W5R_(C|CUE&4{x2kDn%dGO=*6Un!AOJa$LTY9uzu
z67y-3@aEImJJEc<ywRO~2RpzDX5&UIswti;xmn0IhyJl%q)=r1Rrb;@{h}@L57K<a
zXLK^QMMk2mE2g!17D_ohz>*&5B*WZ}rj?<JVKg7}`{qU?GL*PB3Xd^^*-<)FrVu-W
z@6Um5@T^{1yT8QpwNM#P_0rouT3)(MK04=o$b%10&&?jB<|fd-7%mmH=zLQxFgV;}
zi_2(Z>23OXnFr%`YCY~cwp`N5B0IRZ)+dwbtzEa~gm1^18wgRdQgUKQ&Zj=V+|`LR
z=uoD}$=&PuTFtpa%#4Nv*7E{gUF2lz)~{zBdk>i#@a!{s(Ys3@gUeITdO+ELVS@(E
z>&LpP`)}SLoco=neR(5gHqG~72?_SV=ON;F`LdpVB(9t6*f~Sw1D-(4QfYXX6l*(u
zC7J2f*mVqzocHn`|6d9qi;peyD$Gn)PG`<DPmEzWdaZPXeGGCbAHLjOHe#Z=i{7JQ
ziA|9P11DFO%G5VB*iIc<;aurp5EL_2&rDp{MXB*<=+Y+_qj&L0{0zFGz4G<r#|s=+
z^8E&d&%WXkV0_1to7Gldc^K0Zjgz*23D`~;S{z)aR5Vq4{QDit4bYqr3~Xovlsn^S
zj?pFJnRB3}<=m@S_YU0Yg=q`|Ty7~!ULGartj?(xM7B*L|AZ__vCAJL<<Fd^lo<qP
zlK%y39qkQQpCwWI_Lw$48fLbxXJk&&m6uhPrn8lDZLeXcLKQFNKhri_Tt{<$<5nLB
z_lq)@wn~r84qRY*d)w6d`sJ1LO_r|JkcI@?vCMSaa_0$4*tTQSJ=Ua@IW^&IVyh46
zX#Dg%j-5V>J&qj{R(Dckrl)(r6G=i-l1B}WPw$FJgO5GNrE^EamjNBM<Qb@8f?NNy
zXGKIuYP3PsTlNW#bM*2wCD>+@r{o@p{qxT}lk0ZkXH%|SlTx-f(bnE4zZYuynOk2_
zW=v^w+9R;vZRVA18<{nsZEMLJN75bh3AnlNAm0V$CXd;kp!fSEV1C%l&1aai9)8Gv
z0AZIeXibu0X3rO66;)HKdcb*zPb9RP>p1kRg7XuSF28cWy~SLCKgWbJS2FI}#uGQ~
za}Hdwbq!c0)2U_iqlfnkz68;7?xf7;89|$zujQn~pK)@ffrqAn&fQ|lP3{*62vEZD
zv!b!G1LX5hKbO?fXF2)a%+=ha!k-=puyZP%VL}HTnR-bwE?l$X^XCrug!Fwlw?11B
z|4{G`KJEL@f&1Ka>af*=*0XF$u$&=8XJwgQ1g~CKD{s7}XXGwLZ~y-D-)uX%`05YC
zJ45cTd7JIGzd7ebuH_R=3;zvLhct@ZkN(>gQrutrV>)|)&?hbsAbjK7ZHdYLyIhSG
zJmG*b%GOaizSqq(&5c9^BT9B&Bu;d%i5jWe;3a)ML?Hl2^SOIS**~r79U;r%Q%18T
z<@tn05%&wI0P#w*Qq~t{{_3fdsu1$XZFC^^3W>J+2CrQAsgG#ojdW)RQ%+arFEoOJ
z_dIG_STm5~4Psns82RSdPT$nhdoytD^JmX!5P}qnpI$6lJ@Y+v%%onA7vqG$$4siV
z6)DuGYtp2q(7*Ema1NUBTktjlDz>O;T^%-kd*5%|tXb~N*h=kh%f#+i7*Z&Z0%I&N
zGj|&>q;PIf;>b<A0wLV~)2*w1_r_7$=eLjo=^rXim@8f1sC=O>o4N%>5~B}@It%~=
zTtZ0+;(m0>r>+r${fAEb$X6&?>#XI<hKz`OyR03?-|qLTpnGAeGg)39i<rFJ+_tZm
z!n0jZO|d+re~S$s=bw~(OHRA$ytfA#>{|?c&;q*~jBjWU`3Jml?9|2>SVMq-8ePew
zMoAy{bnRs;Wc5laDw;?#!Q`RR#(a1+e5gkFv1g_)0BnF_;201_)W?jupPz47cD{?j
zVPPHD?4^4TF(CA9o|;vqAFHNzoC*UArBSLbU)UoOILBtDQ~8m{qok!1Km7a_m3G~E
z?q<a5VM)D}Hu1<JuGna07548G28YL7{&djme?;s|-v8+$(%0eX<FWsVf&h~v68Hbh
zV2?<Yn=<8<n;7Hn1^;8yBeLHrl(_9CScAf|6`TM@Oc4n0iRH^!3(U)4`@#8<__mOh
zOg8RvI&Uxwn-@NWG(GM^n<6WBeq_)8{@zS##)XR)1HB&oHVPkqVWB1bOy-gl)P^2O
z81vokvD-(OJ%|*J)#z6#e))e~01Zz-aDJWrn+A1bQK+(s$2U5<5(0K#KeRA%f<*~0
zFDdAS(9~}_6bs<Hyr*q`qz(lQzCzzXtu7}dI4EN+67wVCIYSWP=P$3iDd?I2>()#i
zD(`uL83*jjVj4kvWq!nN=>Pb%vB0I!4;(4r37v6!>`|;G4?*dsH1)-Xp~4@FxClc|
zkblAK{X5s`I~b1};lIR81O?^wcgWOt*#G{mC8ICKsV@af7lXV1T_%H7G-wPyfG~$l
zHplWXv1SW@TYA67gZG`e&!1O0r~aKed;@;3`0^#DMow!EnC@&^DG(L9F@ewtF{kus
zjM+V5MppP==qLad<3!r2L3)o#H&59VTO+Pz$>>&G8+m}CV8;yB!oUahX(NLULG88L
zMXGyMe-S&Ys5#R4S3?zrFC$`bVBt8_5GM~G&gEQBRA5|t!||<@%ni_YSUmEJwsH$&
z`qlm`$BGeDf`VHaBS}Od5=GNy%qXMA0~MkuQW}QKh0>-i|86+a8V{C8fRX5ZfI`Ur
z-JRPh4;Uss>i&pTYP@3Ja0k-dYT}}zet~o@wBX46`tJrA=uR5UM#JZ9lDg;B1-OnC
zcDiDe6hZ`~tAL+b+E1LZR`>tZ1c7h_2oyvRHP>%kXBIS;umB7bzwO^k@_9g6$511}
zNY2m;5ufn(@_21RY5vMpWDtq7#SYFGCRZP~%o2E)B2xbh{qH0=W4$t)h0Mz|+g*rf
z+!cGZ5yF`0{hhz(RIBoD&)4sb9p_^+G739mW(5Mj*j!EmO2zaLiQQcop|Fqq(CsOc
zCIv1WS5i%`{r2_iiE5O4{~XZvHb9VGH%%xZgk5#jkkiy5xLDkQcZ&GX`8Sh4Tz0Z6
z!DN66Mh7oDJ@o^efr@&h5HK)K<ofm*h8AqQjUVTkgdEvw+TOv`9{YlmxzNH8NXA~!
z@YfxiXA0)MlR2GpJC~oMl_PoW^>-j;qouAwv<6Id{*6TwvFk}CRPBgeX@ZFsutkNS
z37Xl~nY8`VR(*?_clVZw$%u>f8oh6f+=^iPtrG`tH=NrgbDxPrf=B$r=qbrXX(p@U
zlg$zkAtu+l#@B4F_A$}1=rZI@+$~n9eRmjmU-tM8tEZp-ROKzvUNNqV=er@EPd|*?
z_UznK+eDs#6<cztmUPApxH&@P%p`x^Ura5a1YB8p{ZUC0Py0+ZCP|a(d5o@HzI<WZ
zT^vl4&Gp4tsd!v3`b{gOK2J&?nF=ay?uWNHu0<yDDBT(B-cMjPcNLSNt+}J->@1{b
zcKpqG7PdM}W+!PAj@hRKfgpc=tT&b6)qpZcX?2M|NP0W|zEinC`?_gS95fnMV)?m4
zDuxrh8*0jeL)+ldyo^mxoS$1%6x967wWwHfLr}G;fx*3gM^X<)jE6~&oG|`sOw5<4
zV;UcyS>A1{RZF{Ff@c>`k^8n{o;r;k_1>!(8?9v>sN-+)YMkjiAhSflk-PjVSw=9`
zy{XY=z8{TnzywCCk3s%dSy!9)+P!Aqmpduf@ZG@8ZwjVE+~Tyvw^@%K8A(Jp261JO
zeq>npiZ+TRVcI0kAM>F@GGZ$>BA8YSisXe0F}Aw}F12GvDoj3=cf0mGtP&Bq*dx_p
z{{q86=9uz9T+S=Eo1}iMxCnU}l@3HV?F6&<qHlE7(MBr~<PRJ6#A8bBr%%5SJUISF
z*N}1hc4{SLH!ubXonGC#s(Rt-3!e@0cKMrRz#W#`i8E@pS>Mz-AsqsQ%Z7=|0oqTG
zc=Yt?k)=rxm_Vf6tJ(eaGW7-bmMSnaaD%Pw&qu~)W=$AtP?;yxgY=bq=7OtG25v2A
zK_kxp%P<=2KF9T}e|%i#G*MivBpxv=E0)A$?32&j9CeH8h4mNa8;^t;Zl+71Bli}^
zKw@b>*XSw29%VKCqHnt^5j(|%-F0R%5O3Z{j)@Io%dp&`kNPgXWCW|P-E}(uIDHzZ
z?a3}!Xkgk0%@fvJ-+iw?sh14$<u#>;^F+UPR;$+OFIu#w*<;4MUZ7bIR_!4fqH?kg
zesLJx=|rbmVYfngdozg-_1K3~+bQzKk3X=ggDYA7>48@l(JvOEp)rHBi9?Ul7m+DK
z0s`iBzJnL}dJ?2p=Pg^_zuNFf|9EHnHUD8Ve40yFLN{SD`Rk-#PC-Gy&AXP>w+t(r
zhe@4crooGgg<x;rzOJpM;o9e+XsGW#aWH`f@a<a`Bw@a9Ab}YYl~6PBB%`_9L;L&-
zxjIo1FX?Pc{ao%upyEV{Lr6yJ!p{15d!u|<9&JQ`&Y$r51`JusqHWc<?XtjXRa8EH
zm;So*3@Jjo>lh-$$*8)>IPue*=Ay=-B8ZE*PfZ*5!tkNVYo5RN6)FbR6Ki*#v&)!p
z(fc@MZvE$T858b!qqGr+9OO9LX~IyM3S?#=ev?&3zI4?sgM`e8x>mH^CE*IhYbnvo
z*02H7!&gQd<>w-`>f_YTU}u|e{$NST(AnF3REoiR9O1a#{6j@XTl(n~KF9U1*pc+L
z?55()U5qtgZANuIuT8_VfU4o`t;XQVtC}EDyM11CX_PRTeU>b2f(!{+BsNV&Wy78g
z=(V!a?|6%cEO}%xevS6aq8}qAB(hc|=7QT<CA1QG63p6x5>4Ve2*U`vUd8McZh>E5
zMjdP}K3bAugSfWK=BLmoUd(HM?WZc^ee+lNA1BQ{_V)6>jEcujBdkAeD4Vfg<L}C~
z4Bvwc|2qK+-_&E=OH^{)A$-*KKRds1h8p<~=GHT{vkCR?#}?Dqd_Ee2!h^jkAKqR7
zZM6AzHY6m!xKT_7K2*h=ZX7<p)S`WxNs$@BPS}|~_o(^I3a=`wt7E-KXnLM&zkVO^
z>*MVV$pHg0-xOpH9x>u+TTsbOr%~;>(XQENP`){}O<8f(tAnj*eOy#qS;zO&s?Fn*
zzsjvo8ZaJ^-lZ0s(OgrpFi7;l&XUHM$)2Sqs^rzZx7>ATM@@jXr=sQ%QT>){^(muR
z+h%ETZQ<jbO~fHB>}`L+fvf5euyY&F#;rys;JEdyB^soK`+waa*0*ovZB0P^{Tf5o
z^dD;*-ac>tBbNrWDoM+X`0`KAdcu6Yo}LvlBb%f8%Sr<!YyWMv*?9-4{xZ)F-&OZ;
z2u5#f7HD6pMj+2<tKwC2b2EMSgv<GbH(+-1Xl$$IW~i`keU<d^;boK?jyqV@LIw8P
z+8vJ7;KM={f}@3FJNPRZ;M(<m+6U>l>DYE$>5FH+ckT9Q%~MnOt|O+d7HJza6n=HX
ziMjE<;_2h`6%MSo0yM9)3VZSG(z-j(TenS48+FVwQK8tTDpF~u%Tt<S_vT<u%G9;l
zuhUVLjr&oT3WGSKc@}8k&n6GdXX>rgDAxNq)z)CK?lJj2RVk%H@|AadBJAQ5hO3In
z5LGK~XH2K;Cy?*ey7%3t!Nau@Io6fuxw*#jLGnRyILL9dcrhlKHtodr-9`4wPW=#C
z%ZjB|D+u0{0L+Yqrc$;*2Tw2~WiK}~<MFI{&|i~F*U+%*=li|?y1rxl&Ogx6E|Fbz
zYm3Z})OwywWhwvpW0+uN{#H<$``zV0NZsP7d}`7&9y{c)rr;tkIuAeeOW|#@270rP
z{SsmKZ$aGZVLS15Cm{$XiF3hOYAL$@^Or9ld9s-k#zt6%tW2I#=S}eGGtBwx%khUI
zu^oE7s2JiC)p=HpDo{u>#d7NKHH2oK&Wf-*$A(TDBP*-RfL}?9s!4W_fR!_YOC1|7
z5IrO%b++$g+Z#?+J6Fu7{`X{wgJbb4SOQe&d6zG1jgIjB3{MTb&1V&+0lQ%fF-iQs
z<`;>XWLoTEZN00m`;4cjQxAs?of>+2aN(t-n-k8;lyyo93YMyJ-DzwMcHFrKFb<Rx
zbq@swECB8mfr1xb_$jgHPWZkA@))d@Q+m-ftxO6!rUm6zI^FsG83!Eq^oxRPYf+GX
zf5-lP`c&vUxW4s?i1*~OIW2c1(YmK!gSJ!>`f|z3M2DTT6LMAhoRb#O`m}%AgCet)
zE7@Z#Xgjg6z(KkG=w6F!wu=ZvGFjk0coEA6kl0_BmECPBb;t;(chI+dFyya&=laYC
z@%J>GUbrUytavi0cB*!=Ir_tAWkvKkPtILYkm&tcDj+d-yUOO$tlR67ZryT6VVhBP
z6oS!3-?#R!udWgOk^POL2r@16TswU+96>&y%Gg@nUrK4A!wT8Zy^JvSZy);etkWIg
zogGsXzotVI0IcYH`5o4X6oA96FoSHk{#@hJD?uURUcKknGZmqRxhc>Uqy`SWpD+r?
zAyxzOA>B%s7#1QRXw6?RYHQhcnhIeK=w!G){5%z+fQn|M3ach5NN^IQLj6^V@wVcW
zDW5-M?Geo_xcEHiYtGZ-p5<S2gld4Qaod7FY=QXoYSc8FEaF0HW!ks4-@n<cWmmI+
zli+l_aq!LQG8KHbqX!SJe$0#wp%2a9j%s#Y3AT&hr9F70ID+L%XKOFS)`$>(qxR7d
zzxipkd+uPywsWWI_7ztWGh^VCH1r+)-JPx^u`SwE-jreQD-oy2whsFsJ*bLLYvLq(
zAIK=9`E4UZ5JMVVg+#Tg6OJ6cgPA<hF{q(AATlN=M-QQ5c`GTd4VwVyd2)v$f2@h6
z-j<7_6&HLHZgzmmgH|tc8l-*j^<u$AV&-NkmF>5oGe8vm`e_-$j)Dn78pV$IY;#NM
z`e#y2o2M`N(acwH-<D5h{Z%#W=d19kYxaG3JW6{Zj{C{qmRGwk6kBt2xp|Zh77BT4
zyGJ&=FBO9f4`5LB)&YGl<`1c7@86645z@svEphi{%k-IwipT!^crjIbA?k0Z<$rhz
zlkXgAm@I;y_J+if2j`DzGXIk1X0URlUwTxRZ+)GY@83jVV)O$_k9WP?q)E1U-MP$r
zTE9+k6!bk@00Nk0z+<~uvyY{-1ox2Nlh-^y`0LSdr=LrwOOX2R9PnE-#I@aQH;DpA
z<A$#q{?b0JWlneN`Yj&L-3DPw?rkbxL=o(MY5M19reZSGdlk2}1;>e<^6N#b;fVXj
zJ`Wr47&p@9#jg0oQwAl3FB8g`UXIV8#N|KmgSYy6alY%}PqekSW^8;?>1=ta4HLSU
z%a<$iE<Y&qn=b}bsFFTvf7te5@%v{N4${t}Ir5Ntrgrg!I6g$KmhD3`8g~p|evEiN
z+$xpZM*-$j%w-3#AJpf{UGPNec_}MRRn;@?C%+CUYIU5-zcaP4czUPXJTb#q6Zm)^
zWu?83!;U;UblSeRS9Ff0hAKM@{?U9M69t@#-uDyj_~1Lrz1lj}S=bqNX;jo>QK~=x
zn}VrTUYQk8ZAK$S>ytM>HZN?4kYr!f+}M~9-<r|$0SqhZA<!}~#$FB`T{-Nj7Ch4H
z%Udauu;d8Ht#tV~|J@TCM@Rg=ay)h&^!G1P4iZs3u~6V4KByj~P3|&GXw7Kz;Ls=L
z_AHtcW;gQ6>AG)eM_D1(H2lZp$7zmR@wyhh{oLN)yIA=^7I0zejEMx&Z>k++@n#a^
zn|X<Qjo)F9@FF<UMSmTnKb_WHS`MnWsj$MEcdZs8fc`~?xZjka_H#-j;2D`4zb<%Z
zZ)sdWls$guLZq^@RdLj?FK@y^V+z`iCdPgZ+1l;<O->;7O}Q*q{c952lQziAy*uZ$
z?2%zJ58~AZkCo+x=R!jvNmYOS`kL<yoB^HVY+**f2B!%>l0I{7T<(r4aMe9_1F?nD
zkLOij>R%U}p1$E+!)?Jz;NzSWBrN%l9h-hFM~*6NFetbBNM*%F%B{IvR|YrFC!^b6
z%QSSxqaz^+4FvX#yK?~4mg?)T8@1zWpP%?>ex7riLf2A=96H^Y{}6xc9Y-~tp4Mb}
zIPH<w+uI(jpfYkea*lWhCY)H@RcVro<7I{Amz=IwG%aQY=1;5B>3cfwyz(+?)jo^o
z*pCBo487~~icFR_7QB3UW4&RdNBC)l`67KshTf>o0de=x4S!_!Ozxt?H|N@h^$ovI
zCdTHw&e_+2oT%7!wy>ehGDM@>*E6M|VOB@~{Ma>Uesf_R-E7gBGk5r~pqo#F#MZYy
zAga_`P5IsO=@_-i?uNC_h#A#EX3KxER#vXn)^CSI*Ez-e6DRhGh@D%jCnf_emrC$A
zUmGZ^i4g3pz+TZUgN}WROz-CsTKk7-d+!7LG+s>I=F3_JDuiF3&0$>N|F*ieVeRxs
zpfbOX26_NBg1AMP+HKf?74N!oi#kf43y;O7RVg%l&Bd5)$KyZ>A%E!y50+NUACu3(
zbH}l_-`jSS6#sVde<HwAUQ&1kBwxMy{#g-9^amGieNX%jWv{N^juI$z^f5C6y`CHw
zs+F^c1x^9e*9HtkaTJ`zL#xu9nAzY&5OV21GxSfvgh+z%r_kD?VR4}v!!HeTYMo?K
z+`2Dz<I7a+fxaRpWnBLp7^xuO44c(P;@5Tanr_tjQI^InC-tIfgUNdpx0ebF0gzsx
zl6|2j|Lb%BWpGB_qv3B_!B=nZ>D0L0IW_nU1wBP>rpMdEJC=04?UH7UOq^R%SMC&W
z;>6q^0p`sZ!}2=a^|Q~m&pr}6@2#eQa&Mc7hsWaQmAc_E0l~vsaMN*Lww*#l|DCa}
zp+vfh+MGF|D#6edw&4<swwnl`*e|qBnAc=fbyAoQIQ-BkmPOR3nr8<aEY?@rj<ava
z`~Cgd7sbj@nIJvNOQe$Q5oO;1W+Xd)jQUc3yN!qIMsE}@#7IF3<Jb;)o;eT}jRjxj
z<~%Z;65RZ)DEETTFhR>9qNMLKA;4lv)ky19J{!Z3o#)1eE-x7NgF)4f=T)e)Lmr3a
zztx!@vP3=zLPMBJ@x!%gaq)hi6RC?pRT>J+Ue6GR5f?_s**xF`NsQtyIJeU1)XqM`
zgtrh`BKW_&-mgS%){Dlx*aBnXAAvoMVsFrkv%rUHmzo2AVnKefb;A{D{VChu;^jH#
zAAASsruTKO`~HQ$BNf(P^UqJB?Myd`)i3$RSl6%pE+?|&pWO>&em$MqD*cH5(DIk}
zynw~kU#rejU*wnU<rkHDFq`0E8tN5)<3?dwnFn&6NBz3pa{-3_&RK=S+6e~dKk~4j
zy>qI9j6izvUCNnN6}%PK`ik_O$9db@wMWE)l`CI!GIxyH*;Ps1<u9Hta<7F>@5_SE
zU9Vg`nSPDUVZwJ75$U@)AlvfYj;fJ<^Rd+4{9WtszZHp)mD*DqXA~>+gv`Jg#ja(c
z#NU^4e#^Gyj35t1lAG53pI`8i+EI&ts55X06J<mIQfh1^7GCpobakawU9w9IPaoF}
zO9wYO6)E>r>93QCNMCIfNjiq!$4Q5iajq))@b`z{1H$?uAq`anX6EG;2Tl>s50OR6
zD1`)-zA(yB8)Ll2@w<rCc_!pc){ziO{r4Lp`_(;~CQY2U5$z>a6~A7Vw3fNUoFgLx
z7uh{cbwF%uF-0)0@*l~lMtG08FfPSpBy`qo*g!MB`Q07MaRXs(-Geb!a(>v#wbC<2
z3>~@xofRi`?O(A80Ddwx$^q@nj6yplKryVhjH$mcG=%fLd+ek2F8;Isom+_5X~CqU
zyE0n?C5I^x<sV)V*d!epczUAU)3yH&Yeb~Pcix+-2;NGw-%P2X@oCz`FWZ%~sb~<l
z!&{Cu6}AxI&(078_!>JfXvFAJE2*<}dtGy+s1@tBk6vV$n)v(7GF6I6@CD@4q4?h6
zSbIV{{yy+G%T2XLvw2?0ZIZGICVNRMa9GixG$66eQP#g2Z9i<++M)|)gYRXTHdp8s
zFES4zR4BMVdGzR_n_*`-<z;^OYa}_A<6Uh)u9y4~%tsz9ON@S0x5{aLn)C8j4-H_t
zokt&Ez}TUb$<Q$%v$jhhYs*5WKV%;XSAhE=^{>lb`Hrg4okxF~&I0CRPrC7)#Heud
z1VOM1Ti5VZUYRPn6Qye-#S*-s&fis|qPm$y1Be}qlp7S%p8m*R021kkXeS-<#sf;)
zX@6$*;-cv-kKz_3O!D%JfAu6NEI>(Az*ZvVlFcp8_FvQX{rYpcLpINE-k%&hhzxm=
z3R~{H!HS#V7K>#YSG^Nw|G}0r6Fl!Nk(!+xuiNX13tvYY*FAzF!TWi80aG_*5Q3}&
zhJdnD`J2qlHJSUmL&o<5%sqDON~b|1&UCS_HooS;0P}nLY+Bs8Jq3mm(fM|_wvR3B
zU;gTR`jO9hp$fsd{sT?-8=uw1MFU|KvLM(5JL5vuFD{a8S$-j{XN;=vSZOc6n18>D
zmyg2OvGb~%v!6cQ#QcO1p<=f1qG+mv<V6%D_JuJ_gq=GZfM>O{$**}+@GKfDQ$dZ@
zIH+8qo`;B;JXqe^o;GP0j5eaY1HEWhG+$m#quc9%cC3kcr;M^eveW!ji?HC}OVw9o
z%Z-%(xnpQ=r0~z`k8!Tf(N*L6MtsP@LSF9Bj)@YzaTBT|g-cBvSCD^t8*W>B;P962
zy3b=@TYfv;@vUn4T?j;Er#bFFy)0XxGVj$g$gPxm%cTJj#}Oq-w2O3_`6V0><?58y
zb=@0*XsXy+KO@?H@UE!BzbA5-r*m|t@Wx0y2;`SK6(xFeFYYq0`Q&4(Dz!}rUWh&H
zcd4yJAxV#!w)Sy9%eQ061pvNn6p}RX=K=!Qd3zTP6QN&mRmx=&YL6)gcDH%%+LZwn
z@2}AlHTNNZ|8>Prb90F?RuqSm@zVMJ9fwL``tc_j2PUXu1Zf6KaA<%~m{QB_KD0zJ
zl6q(6%u`loL7zUN&{TE*xq5wh*Y)`}NrL1agE%TiScb9FukuSXu8X1ZbfHbd^EES5
z24ThQ*&*VQ26EjdHO&79M0d#(vcT74Ik?!)@o*!`Aee=JO?JgL=Aoq??pNtQ?o_{j
zuXUHcxaj)2FYDSFqHqkiy179ofy(oTVf^X27t&^q^zi%s+R^^{#JEihEECp>Sx#Qz
z+xNm_^t0OY=3%dtoa{<}x?_Ty%9a8oN=ML_vQcZ+tRpy0Mnt?PyYP|0FQE#bM$dsL
z?^j6c@Zhq8JyK45kg`}@*TX4$nqH^I!iJP99io9@BeA#$a@oE9Y8|EQmy=xbY2gM5
zyW<{N&ul+$HcWSOKVzl!iWt(DmzTpe;Mz1CLhcdWG@xtYaM5Lnaq5fW{pGjI&1=$|
z_oY;!y6L!8W%=g!6Hj$m>(2A6eto9CE=7+)<)t=Dq(}5<>@=AoF4kv{$JhnRR<z_q
zJ2?sH*x?gVf?v0oqEb<V%Zor<=)8*)xOO(>*sUUgKe_(ZEk2$Q{p0VWu49G?3H!o^
zm2?^G4-^L678d8s6OQ8lhE@K70}mNxed&!k47D)F3(x?l4*Ovk*<JUp=CrvSK=_nx
zdyNVL6C(_kJeyu`@IDU0GW{^dZM85KWfa2x(!#J;Uf&eSxSCLT(I}QUxBT*oxnjTR
z>H73K5-GQHoYlgGVz=EeK1Bs1pcck5qetI+`c#n5eV@v50t!OU)=uC{Dl9i=XCxc$
zd=OYfAg08BKDu+H#n%6E0bUs)fu#mpWn$t&$$Z}6bU;AVp4=CM)GwPS%ai3NOxS?b
z9b<}ybG=O+Rd@Qq1>qLUoQ=$JE3_Y(LI__xZlGgo$KcBWJzjpI<LC5Z>4kwjFdG;g
znct41%9Cy8?XxKjg*<6Hw&)v|aga985ME(`7wkK^#aGwPo)Et4e#XP&kBaQ)&r9iX
z*4K9dWtV%WZR=#yg!l34x`t`ZbLW)?Z&#dQ`?%^(K9r2i%)L8S?%y5P!#YKNUePGs
z$^DJZJy!CCkx61|<e?b9&byVmfOuGR{LG6$(`pZ+$|pfG6E>QLdF4A@sIs>idTrjY
z`nH#3b-;!><4tRWI2swg4TOV@2?q`2nEqZ$lq|lxeYoeL=&It!$KUO=(*NZi-!t^m
z3v18w1}(MeKkzy-`JE^mJ*_HHLMMODcfuCM2K0wu?ekNoZpZWgu&=MLdBR2Odg;N+
zQqQ<RI%D!7&<LoKv$McJqR-<lVv#hXh`U0FY1m`^HMWY&^CS@I-dS<s6Sh`@CW^@j
zG;ibc;MMf~oP>tc?yM_B;&)Y3*rTePYsuOZS#dEYOC^Uph{q+aNX5SV`YJCPWhH%D
zm|Yc~zcK_0`U^!&0`$e!czVknVqMhMZQIt){FLQ4sF%$5{jR7JR!qY3*GBJ4^n6`i
z`-Gz%ledvVC?BqM3WGAn`X=%r14XwLtG<>nO^GtAzMA~6>*yQj_Q`e&O-yGVmu9Lz
z#(RXi`|*j37B9yA^LtdrhqJX1j+cbeV1tu{Yd#M|l_JQtc5Gbu>06Fv<EFkT^j&CP
z%4=5tf8F~l)3+yNYMAa<TorWwTmPt2z7uP$PGSFZVquBL%E@HZRE44U@BQ$TnXugF
z+y%oP=e+7ZC;EIh@cDDc1Y@ey<$~?0$HMJfx9+I>c;M9`yUIj!g~UBSX8w^_{QSx>
znY)b{XFk`N^;ca+gX4XibG@xhiV|1Pu#m^S<kO-)Pb^WA+fE;ruDQ4QY75ob0Byp?
z!zmXwh^)<1?mNGEqn#w)%qPW9hJ`IP3|t~R);q>T-mUvio7>DZ{Uc+Dp@XzZ(>sB}
z%N3M-suBsQ8>|<9vb@o8_uAk4bUMJ~P^8B1ib2}h-0<8$mmlSpV@}W~O?O&(*K>}?
zL>|oV;oS~JmhbwdU+=u4`*n%WgNB+q4x7wFHs1TokCHWtCl+~pvo$sumS9%>0%K7O
zEa!>+CM~2o<-gnKGhfHFNNeW{4{IWL`U~chy8~5r70{7SlLV#L7GvA3jUK0TLXci#
zw+EXoEK`}7Wiq2VrZsv6x?`2=%I&A(%zm0mN6Ecyi;$_wO%EP+?bGs*^jE9H<1&L2
zats=M4Raqz{IF{JeAdanW?izM0n+BxVxo5^n1)#lb3eIWto%*U@sa-*ZEqfxbNjyk
z-sTWOraVc;6iI_flT1kz8i-7ZghDe?$e2n<#nXgPlrd>gnG%s`l9I7WQPDuD_UoPJ
z`~9uG*4}IXwOgO%V|l9kzOVOno!5CD=W!h8QSX+PCDz|<Gi0-{#;-b_r8(r#LIsz+
zbN};Di~>>{C^%&&3f5pAJC@EU`Fewx(L7IO<Vb;q{jBy(c>3;Cg%^-fBbSUFKi-2d
zTmSfk{HrcS*!pCM!^^$}56vJIEEHY>o7_u+5ZAb?^3d|U593yR&rv?3Zofzj>LiMK
zf;ga*g}M{haDP1_aZg#e#k5zONcZrv0TArcxibZl$-ALqvXlt0zBiN=<;K~xdRX^J
z4|kb!hPmCcUheH_q#qV5SN;iW|8q#<#HmxTSh|&kcG@{X$_H7<4SQjdUw2tywnlX%
z{wkZhMR{b(1w7+qBSU&ySolh21}%u4Glt&2_jTve3O}<ePByg3=`=6H>5XwC8(xNP
zU9)DTn%zh(p-<ntH&)DX-+y07EovV9<((t4{panN#Q;cS=3(HaCp)9;t!gaKaVQ@M
zhQTfDPUg*f;^`^6m^|~gN!-5iJN*_{>&3WVxA>Onetz$alo4ugF4-LPC=~B$>M=BK
zx?$zpOyW~?+?1-X^SXwgj@C?2t{oGzLA)?R-|}D0p{|D+(xcdNd=GsbKkeqri3*V$
zYhv^L%?dh>mVI(v_Zh9fN&{EFQ9Jv#&Wu_T!W2t6+kSoaYs$+rhYmdf3#F@XG)rE^
zeE(33!1`6YzNzWyFJ9~)YjpYkz*roD<nkTgd?_79E9b@IbvKwOGig#@qA8x^-V&dx
zs}02>{NC|Q%;Y2m@~s>t{T50BL+ib3)!i5`FU)n{xFd0JO#8L!G;!6P^)}|_1(Z>d
zSFcu6V1{Wp$va#`z+Soo2w{57hji@AD%;n$uGm2TgYh0h+QUdC@EW<Vhh+AQ^txX3
z;P^sw^Rs#$w=H63focRUiPGHmA&t{R+pCZG)x>($<0H@~b!;r#Z~X;6;M`^V?fnPO
zl0vRBarsRQi)h7?MK|yE&L3$JZE=6#y(e;7bwl5z6yJNECjFj^o+__e9mBiEOsVRn
zdDi-un;%|&vDTnqReH)r;})?_Ul#_9H}4*LA@7*%49O_(_d~k$+fLo=v}4D*zLl`8
za-W^+6T#CcoiO;8qG?-xK|uQU<UB+gf}rj7>zlrJmRseR>?kmgfWzT+oUs<pAHkc&
zWQFqX`y~#=O_@Y@nliLvQB*+0-Y21qHd!wN4ta1dLI*C2!j<G8{bk2=t%zj(F;dFw
z#k6(}PfB6?Wz|Bxyl$O2xJ1bpF3`u1AX)ZGW9!ewh3*x&wma|Y2kae|0s9@_RiHF_
z>aAQiw|7S3=LaY7_PAATT(^{Y^_pMyU)-2!VrG_}o~|)t2HAKK!(_B~Z74I^F!XLE
zQLn;&o?TTo&=`|Q1lBd_?blw0=Dnr#J-Sr(A39Wj)v9@yO3TV<3GWzvwKe|mi?sBZ
zNJ4E9Q&&QN?X@i7Atc_f(wSSiR=?%Pck6@IzsPtYURt%GK8$MUnsMga(mYdZ;USc+
zJ(?5<M-DTiytQ7UhKqJav9{sQq@!c^tQMdC=*Z(w7^h};WEHsnT<X60f=5m4iwT1t
z9)I7Q_*%?2z8PMQbG(Yp=T!r2ip9e=2Kh9Z9i>_XXE`$aoM7XC^MSg$3nd6stRFu<
zkkILvvTNwtV8gPis?8ai59I@n248kSL+jX$e}nx4PC^V51{XBsF_457h_bgB{H&+z
zSu6}MRMgc|U1~<C9|OZ60C2P2>|HqrS5|Bh^dgsN5q97okkn%Td$8-=x_3){fyJI|
z4{17ZPA<S;j^DK)nnq@8VDF&SYN)L}eC(KsoFw>$0LSQ$sb0SI?t&@nGsV&EO5Egn
zgvSs4ivUhjrN17;py*=9on^yf>n>&woMc~hojeWi6(OBe9V34xl#G&$h@$HGvE9%P
zu}{A=Z=lVbW$zZ2*VJ5#OTihidY5vaO)D*%xYN~auym|`deo**WMuT9-2qSJN^0L!
zMW(vDH7U<>{^O_979{ZlG#i5#Z6MWmF7L4=S^K`m;(xP8kCD-(YYjF}790(9b#=+z
z3;$*lO-cJ?#s7p3b=~pUEdHnX@Q#FWNoi~B!GAu<9i<|}uYZ78SJaM)X0zKhA2v6A
zKNGTUQ)~0kA1hv7*)+nw;qvm(*8&dG*~KO-HC5+l0TB;Q2$=2SiG#72yuGzZfW9}p
z&s?<Fgwm@|@Wwaf(U2R+ML}2z>`$JIXK;q)c(wq5EY$|A)o~|(x3u6@qvAoo&&<{J
z7ghcuo!DqNgJANJ^JZj^fP@NmjR`OD4Po(*gEMuGdC#~pX4fmWvTMz~CKyQKJ*(+t
zR4<HQ|8&4tk3%`Y(Km+7es7XCV?y87-TL@Bbr58y(K0KWb}mjbMnSnb-jI#q>Ux)f
z#2ubJ&{$v7%CGFV_Tv7}b{a87Y3aVwD~N|iw-YT6eJn43a<+fvru!OOMrvW7C(K*e
zy0vmb12WKx8G&N5GJAfl?K4$6smV{`2ZSQ{W&V~wxFXC7?-tL!`aM5f?ina7AIjoD
z$Ma2YvpUu0emweX?VL(&-O9qcO}!4Rdv<C9AL=?&%;2F=#53bh`XN~CB2$O3=(>(<
zMCP!qN6@-P<s-A1lN&~Bn2wQg)ndc{$x9xljz9SC%2)Ma7fjtcr=Lw)(!JWaxyfLs
zvrMDE*9tw4MFEGVy(N2p+P>)Cl{q9R7IpGXb`Oni)c@&t+WDva;&<|(2kbCEnRaj5
zMoC^Go(9a9`{Rw<qql^>-~jLllihpr<Wj8EZuc5)u)tKob>Q^5c`@nkkE*gG_Mbhw
zqIF_#A%pFjIvyY`wz)XsE}%(7d!2l9`LKiLF?~}<TnxSxBw1Y3tGyglfEtantnNHA
z?fkR+O?lCS<}9w4oMzk)SK6OHe^&N5d`s={>FDjXKJ(8nFT`VBqvuA0P;Gb4qhY^2
zT|8~4+?TfH8s&c~`LFlB=$blWA>G+uI+U^XYWhkuP4Dz=4LV8V9HmH}x$#1-Hk4xS
z_!PBNDy!z$N4@R(K1lUqz$7_2G3=+As<C~09p6p~v~}}l=9Vt8deSXhWEiGxIa1<!
z*v@smX2AL^VxB{U*%b(tD~*k7iRwG5m@IjGPn!X^h<keequ>Vx=O@hiZo8h7I8dxB
zU@c=k&ghQ(^~rnkG3oxQCMdMuyEnZ9QnXyTvcj$Q>mgnBoxQx$H-eo5`VuKuBsx}7
zF-5mHTd{2u?|&X@-As?KvRn(x;WQ@u2;{Yb*mt~HEltg1(o&xDN%Q_uk??o>dZe=2
znB3vcty@KS2yqL!&O3Y+_q!wQG?N<sS(US1W3}J71-g0f&i5Vewc4ZA2^<t2I;cG?
z^C`6~J(d~`f0RU0DdR<^dZA0k*8e4Pi#(%d{b!giy4d$G-=5x##(xerqBURtvk?FP
z<r`JhokerQjpguBym21j+eVz|qA7g(ZmJ@h4VZmh<3A`_0y<$0lJ5K9LQlD)%Ff~q
zpj8tT6|>$f=BHFgpbe}*y~MYkbjG&`E~(YLPHVnm-va=1O!`2j(5DcPb-sDp-M_SS
z8ZFZQ4f+r%IsHc;7p3LO{)du_mLB@6qWJ&*#*F~~qVO{ET}DS$w8P`ZQsZ-aN5`o4
zs94847WG*{;|eGuVfxE}aO}UZBqg`*;3`|fcSUt+Vj|delgjL<@*Ad7hEwBnfwBrd
zC?T})1v3-7R=8<lTDwlK5Hea4!R?vg77Q}h7lSE<MXF=ON=0T3|6E~z?{SRKr5QhF
z%rb$~YVmq3!JBM`_2G&v%}?F_dG4M)DTd>y`_H$d@rgWX3)eLU3Kyiik?aqXhd@z?
zq_B^<42#Gh5}Hz!36BEM2VAVU8TAW|cZQst|EYds*+hSRT<w4YU3K8tIARqKGkVX2
z0Y?~~Bqobk<5Ns3B{`Ia=60Hj=U-*Fd%yv7tpbD}i|XET`T1Ae<#ZBCnjLXK{g<^#
zoE>3oEZM+`{E^@O<)o3~%DZWkbX>mwivxcAZj_N+Kn(a>cOxk4IJE}jW-l6rVK%YZ
zu9fDTzdk*q`Su;{9~+JAnqCXvQZmu}#@dK4VIBW|ojuz^-Hg^}TNSkOGN83PlOa|#
z>y(s~aC#eLQllUsPMkd197gbQ_?bVH3)~?NL10Q~fVZ6l<O}Orc*7@Y!QQ=n+mRCw
zvQ(a5L$d&GRjWsoi7n*Y00Ub4&NU@3iu_tJkAP@IYB_(*0BDN1M+as?$3`h<uQOeE
z3PBUU#Ac5nul(V=T<E=laq-h+oS2~#X8u~DBgg#m{rjr+?fdp%TY=njG7F)o2zjSo
zv?ahm4a)Ifk`&(T+S;pl8vzg<u>sz{qMZ+ocX7l|GB^B-D%y9sxh-F@BK3r6M~m&@
zNS6b1^<&K5-`zf%1PApwZvb*Qgt&hpb;fT1%*D9j>G}qlF}atxywMEM%fN3K(FN?=
zlEqJC-0K&EfLX*KcL2nGo*_&UhlIGJ<Dn}kENDFOCz95{v(g{tDT2M3XkpJC<~Alm
zKbj;FqrYpQ?}dd4kO_rD&YS^!0#QRBla^N1q}Js?30YaL*%l${?bvbiL}YllZj^~O
zVr_8J;^vy<pT2q#$8RunDA;f+=4??W&0h-y;YoNWBA?GQa!s6IXb$uBuDJM^bl<f0
zW%qWfY1OEn)r)`tAA9ABLVO$Cpgh~ScMEnT{M%-P_y6osQSHBkPW>^l1O-)1_Msbm
z9Rw4{q{Y&%G`vuM&u9bq&;ql1U*|F%fKY+poZqicpFA5?$J3i%eyXavve|Yszryn%
zLkm@h@^Mg@6fz%?gyGVqasg@4T+m%4Cd<wJ^4YU<Ka2hZa*>+K52^|Jf=Hg2@z&us
zlkT2BzuNY>2frzs(JZPW+qh;@4S|1?YuhlRCRxS$*(v-BMsDw>gm->K?Ac8~_4EKM
zCF8NpxqbVTBFvU<HLdqnyEg<Fj{97em>eK{w6BAAm@7Gfg42~Sk1`=!{=*rp9ct=n
zj%!QMqIGWLP4NXrw$&q~0#{fSDwr~Qj~`YoI44J+&(dOf?6Qe_;;Q&vBA+3`FM}bW
z<McI`n%Y0EbI@Tn4a);Zk0g|`3cFN0=>UV$PoK`2T`4?3$j8iRXYGeh@q4VTg|=ew
z#33ga^VU2EgWM#-yW<paS%`9bwJOY7EcsJL;KkWK54Xl@8#5D|cZm&@jCUL0iL$a*
z8#e-a&(%36i~*ICG>Cjn+dlP#TBpGsl90GwwA_v5zJz>k<)wI{A5W7H*Easd-Vxoz
z06kvsP3eFmV+d9&QkmTda#*~>Dvtx_bL2=wyS<gw!(&$p;!>)=ZL+iTJ+z^ds8;WL
zuZs#gI(QGSg)Br6RCb;ys<mA#X^NTzq!vYTU|>9KML6}h8A4H9{3pjqr!?Pa;lgi#
z`cUkf2RS%7xif<|o`Edj>hA~vK?7*E>K%q~W54Lc*|RgO(#4&7h78B7%!A<=#e#V)
zeveR9ElL?Hj~L)nKE&M>5D8k_8Rsz0-o?=ouH@+WJ*b3X!xoNZ?~&?|M?-5U&3~DZ
zF;si^w4@85<Q=4gQu68IX4)DxZ{rk_X2+NT4nrAi20AQm<|^(`D4gH(;wyuobD5V_
z+f1i}hSkluxUpAPLJ@lX;)PFB%lRcyIPwvcH(6WHSysuAc?T+tgoaKc!+|d!+lx*r
zlh=cUaeIpz7+@n9IpcJ<v$2&BCX8y;qwwaMeVW-fkziYbC%G_g!|*6q9D_VEGR03X
zQ0P5r@?-{=$$Ci+8dR50Qx3=FL=do$;YzpXE>vOWJ;vS7`}%$N&3Bp^yldVK*vBUF
zaq;oxG4|Hhk#P+b$p^BW?*c2CU0d}+5!e-Lfr1ZP$B(~68!bkU68Or)>vOyZ(=z@P
z+s%HwrtBjmK6b0AY-WYl=E5Dawe<GLYY6`JwB1>{%3^h6<3t4oE4vAZ*UDn-@vNm6
z(p;303sW>-ZPs1Ah&MN_d%NG;FL7>36mPGmEMqLu%oR7|b6baiIkU9$UNXc*_*azf
zh%kPG`~l0VZB+^Z&#<AHHOill4?@lBH)rblg?{MMlVS2)cNe|CyZ9VE${x(Vu;zV_
z%RTDX^eD+3M$81z^3#h5@1c@Yu#<?w3czyZ(nR$aU$WC%YoBL+#H=1AEk#_D<uA@M
zrI)X<fx<WP#Xt>ed#shJY`b*|ubY{w5X1@E-(vySMzSppE_0n^6M52Mmp<*6$*y0w
zK9`(BEF_s>_wBUV9~y}r1_J^4Q*y|VD|xn&ODeyA&pMkVXozT}qpw#C%v{DzM`FI#
z^<PnTHfdRoGE98vVOa<QJBTW}4cS)5occW8NZ$07s#@uf6(0EXk~znE5&8=kg0#e9
z$tWMd?fK<}CDLAkj|mwDBdz$8FDh34q#zxEXR&>NDD4!=!-15AKZRoL-)VmtF`iLO
zl+SZ{@4nHMaRkK>%LrK@y~1JPtE@~uz(7VOjIRIoDq&C|hWHUni}CtI)SJvs;apk7
zU+d!eicc{RaBUsVFKZtjgcm_zw7E>iE6~Mb9vnS-lm#jgEUX0sKfazlTQ{z76jXMv
ze_&;;NJWSfWx{V=S@30rsP^cZz%EPs4;<(KF|p*3x)5e_4~F(AhhePp^7AAG1;H(t
zws%%mz9~ZyPo&7u+``jFosofj3Dy!Ej&1Fe(i9F94>EiVVMq`$YufbXHyxWZac~lP
zKgL)`eJ(F|;h^!6Nvkwoy#S^$G`ua)(=4G42__sYA!n4C*8pG+VMDr!4kD`_Crd3j
zYScP*OGhap(v^XeLqBEMDjiwbwRkRIm|VXAek+n6etaR#5LhzT#?AFi@0p+w<i)O}
zt9S2b){MVDAFj9%pa+^N+mR>|6%|GB;ZMGxx+gaXERG>V3L3}4R@T&(@I1(;+Q(cs
zgwBrAkAyo-N)>(ygockF7hAtLcI+4&5H=l1%m6(yJlJ6*ZZjaCkd&k}>vu8~Zmpg;
zD<u1k7A{zuB@e(*A3p3UOWyW$BAG>e8#l3Jug9BVkwZrNoS>b3_rDrKX?ne8I(smG
z^;TRBx%$v2s;a06Gm9?;(sC5q_&O1tbNd|&6@E86fy|I%-~`5f@7vp&U=5OWlWp?@
zxX&KBF{{gEs|?Ese-togct>(b3?j+IN&VA(GmKHyb>8~{GDv#gM<bI3=u^?+_GPjl
zl3XY4#ula<2~-<_eU{%|wD1uH25@y!QVSl;2p}4ARYSTfYi>Z1JJw%6mmov*=OX0P
zw8J+gsfdX$`4m%KRaI3})BbdPm>@o65HBf2==pA!r;w`-6-4>8@fa0Bs`xj04V|{_
z11oe)I&db`16zCh)iH&QK8Mxc!iNTS*vZ3W69@=<oVIa{86t1RY15XOANb3s;h>!9
zwlXumAV%KYED+us83skbHgE<gNd-%D9Hla9gV6J4K@zdNHITy$=M+rRy}9xdDElqO
zGi~3Fxo40?Ol<kcPSKzls;*K#Wy0EKmcpakf|#7ym)uJN5I}<*`=&e(O}0~>!E98b
z1DN$>SE6L6UG8)GdnxUN*p-UczV|>yDM&#UTF$X~W_#-<#$lS8D@XbNtK+fCNbRKU
z$SzjhMV`&|EE8?Y&q%6K&5RveO0S0~u@&`l>=Uh_rCWM=nm?Ro***I+7c9V{z@b)&
z4>gwi2SR}PYIh`6Yd^g_=8g*>^TLrZ9Fsmg({aw(z`*g6y&{)v>Z46}i2YkI$FYy@
zH*+(^KyZ=D<|~_~9&ck+(hd_s`ND$8$<!79Vt9EZ;57{=0D_oq?%us;nr^DX(ABWO
zXx}h#*|xEfG*3bgSn|H&h1GNC%`4DOHWvoI(Jy#ue{lY*L0h>b7k}EcuWRR-%sGlp
zJ+q-pr61Hq!{Gh<A40C4imMoI)pQXAyHUank6}fUbIgrd`!A9!4-Lb-4)`yn`K!Xw
zbGEgO7&A-gZN2in@qf4g7IC(Z6&<&4m-T|IY}$1GFA-$+sJg~RG!cLq=gT94m92YO
zj)xRLT1WD6<NEb&j*jBJdne&D)Ora@SkJEexNhFOS=MZ6>f2R-S-BTTo#3s_PdzZq
ze)p$GJrge=IWTO+wS^WJwquJ&`C}dgDgO^#@apHYja&g;1}C55I8uQ^I?0|)etG53
zdgt2*w;0aKKP)|9mxjzmSsVyB+^gSJNgYhqLKsh2rNoB4d;Qj}-s0i{{ZBm_CNU5)
z<00_jr9r{fC$Ma2;Xv%<ihz?5Df5pJ%w+h=I<!3L9Bm=#t*rb_LOA98)&zx2MK?fj
z-Wr`Ch6!Su@FG!TxIq{6^0U@%-rNF%u)X$SKkx!>JQxoMPQoDe2?NKZrBvrjdiE5$
zbjEVRuz;lFBQ_2lG$^wD9;_T$uazmggDrV4v-C0$&pbUPE~T2m@C=~XMD6mA|9370
zVgX_fWieHE)XC6Lq1+}nqO#6$f-b<E<j<cz1!<7H3j~1mG3eD{d~#=9Ex(8RDhcWH
z%>OqYiqr^!RwB#zuX4B!$cu45Km*Jmz-FCbb&I)Vi(?1$tkEz_m}{sH1EhXI%)z_7
z3`|&%v4?hITH<cIAPYd2XGQ^LR;LWC+12>p>W+MaUf0Y74hn_I(kl$;t{LZrhDngB
zLd0PMaWi@yH`4y?<(A1$ipi2UW4iV7=~J{v`|*k180LO)qjm6!zti2~ETjhw;u>nm
zUtwPt8}h#dk(+%kjNf1>Ufjg-%l!w^2|x{b!oo$1raDi|7UODIDol~WRfD;?_>J(G
zqn#5J-hKXBTKf1Dvm4$N7T&luZPNcCE6@fOS{N!nU@Q&L;{-oB1v&2U<8_Vu#9#g&
zenow<xq|;T7nhoxOZ}4cIO)OSImc@&G{-0_FHsoU8uonnr1KmM0zkRt6R8Vxix1L1
zf(6kXK0>lPIHlKddR!qBCQO<n#HWA&Q(8zfqIs?=P8u%X4aKH=v}rE=^!<AYsbN_u
zOC&V2`)=U=2mg;U`D(HJ;ui!39qh24vOKfmIAU}d{ZQm<ZBN$^*Ef2eC>T4~grnPh
z&m1Rz{n=vpkqiUdKxVbGrbG*L)~9Q_`2MIMwasRZj<*dWDY|S+l7IJ**}dk&@XDyA
zXpi0;s9(@{HJa8Rn*SPrzu1?|EbmH-`&#(<^Yj>{3!VDPXm8oDA$`xP!xR~OC$5O0
zXU^EJNjnCY9d6rsj{L#Yu_H&0R8;(q06%f}Z)L4;btVP?T;=s)&`^>^*j0tM6sBll
zE?&5R1<1qNxNN^73DkF6FpQT@X=U4a9S29hID6vYmgZ)N@%Xr%usrE5qjv9m^#GC@
zpvW@oZQGPoYJ>39E`ayIzB3y(wPnI?RF_^7jpJ2FC{P6vf~d&j+SYgMA98{9>BojS
zK!u82;s%(D;SgkCtT3(-C>T$q<ZP2IxR?xNpbpvJW1<U1I#=(zG?!PEk!E(>`E$jl
zXfk<CL7_uCo118!&7fk-c_2WlQUE?{5`=EQ*NDh1cWH(3(>Yoe2aBKp0Dn;-anDmw
z44075y|k9~z`vr_D1Xp5AZ$>+!Q8=X?(c)XX})=m<EuOga>{F0;&X;S6VxCjLS)v{
zXZs{&L&*P~$^{Q)Uw@3@5o5XaI+}B%OcYn#d5(`IZ>Z!K=*D=jp*xlyHymfxX7uuX
zM$57@j3p5OHrOLh#C0*THP03%>~(w$S=<L2u_<vN73`h0psWBJQaiP2!u>~_t&^V_
z<5g9a`TgK)duEG!9cKsL>RlPgc!2JE4ue)1AXJI8=qLF5Zz%A`{IaYp`MgY}l9((t
z*731(JNof9V~0a%0m)bsC`W^P!CqY@9EVvV1<9juW0p!{cnB?M=fj6Nb6$?GI_gYF
zF^K#@g2l_xqbhHGBVVBJ9ea=gxdk$*AMJ;D;}(7uq($q+09mFTbPxl!WbAY8!%$Ji
zl<`3p8W_B`QI(w2N(lFoh@N}$c%2243Xr0sh`eAdSJ7s4W`g?hSRvV&pro!|lXqoE
zl8R>x@?MhJ_SPDYI#o5LuApbNL}9FP97!5Bj1c;Dn6KPTOuX6SfY}5krQ^x}^qbE>
z<J>b*(<V;5dhXmPn4y-xXhK3Sm}1lkIMq;@jeUr1UaR<>o1bb_AW9?&HLs)Jl!0jw
z2H!AQZMxRAoB#FH`&4tK_339cq$AA8KFZH`&b_=C08|I#%9<yH>y^a^GhV#FsVuiW
z*7lw|lX|=)Hhk;Q-283RtEDKdT)rGjq^jy_Zp<xIX3YcU0yn<UUKj`z*3k)H=51;B
ztj`4nl2n^dd@|(qjzl^X&w?{IO&$p5iLP~{Lhtn;(j4gi5;`*f9Xy0QADB$w&Vsb?
z3_&lzW1pG~XBGl^3tAp0_bd`DSe8VK;arVoSJ1&SN#kl>?<RUPB!`Xr`)Lb<WVlrJ
z>=7nQH3P6;V|tO>KUrLx!KY3^aQ-Rip7HS}_bIl<I1=JDa>o@{c4L<V2$=fkhqpxx
z1!1Vl#=b6cW%P6GV0fCDK^kL7yVTKh!WaNo*PRv3>n&d?Lm3d@zA*9SqbFJP*-jb3
z$r$#lcu1G`ZM><(q$IozDY4Gst~_BvB~*Q|n_rM?EBqg-jg;&~s0a!UPM~v78VK6P
zqkHYpzaRprwoz%rnIq~F_RoP0Z5SXnN=>cducg(m8jtoQZdE=>UB2)vel0-YSw}bE
z%Z}ftCM;#LYCEM4$$KkCiPB1Ibou*Nw?X0eT>}Qr?38N|S0=^#oD0Vvw7|#b1*sSE
zg4^=hMmhN^FO}vjrkzK}3_j3+BNqr-s9<E6ZJz&dPDS~?ovyCP<6r@>2W{uT%id2d
zK|_UF6j7hQ%gp+pN`<$6y{6{ky)biPt+jO?;r-VySHPZ~=B;4I6OMwy{BIZfK-_;_
z=tGyxhK*=C<aN(Ri`Z^)5N0NLU+c*>wRP{8ED+-!x@tBn+sGTX{F;Lv9=|>wN_?<p
z=#NI$4w#t5_MSZoLPJfBjI{KNqzITY17u`gD*kRPvL{$%DE|JDIeEfSy6`>w^>cA@
z8gzu&1dCuuSs-e+yq}rropiIf+v4^aiPPld^f%`LUh+0Cn%aEo^Jw_3Jwf;kh0lD0
zc(Y|fy(&Z1F&a7*-^MchS@ol?uJUc%m9uBh#>7l&+3SGhY??!vcxyXK0m}H_)N-sT
zy_tp^25a7SHF@{$a5v-lA3p^HK=NR2v15Z~aWMjf(ro(LXf<Twvg<rzd{Sm5&hm+U
zW`hd@QhvAc!TS<R!M?tKj}53l<JzSz{c6~R>K1_cV9;>r2+Wb=_y}$}7zTjR@3?{p
zu!;47^S~{@)I4j-DRG(c)`yW&O<ZxuFv?_r9vwakO={%9Lx)z>)V#;3Kx3tZs^m}=
z@!EE{DsPL51itB5HUpW`hPhwzBe<u<8RR~5Ozb018^POqv7}Z(|6~mS7tS-l@N0SX
z((bPZsn9412OuF$jo*}$o|R>XRTOq4zCJz-I2L+c9VS2Ez!(DxX0R}uoX*}Ipa)wm
z##oLux@MWw2pyw$*L}Putzmauz_4W}xpPXIrsPg<u+0dWAEXAZD$;3oJ037LJRz1K
z|Mx!NqNeJ?rR6d$M@@!JYW*Per>#z;nRC@5Sx#a8QA^OUlUqk>O~Eat=L!8W6ql6r
z-iHtC&!0a*PVVlG(r1+0#F{OSF0=N4OWMCa?58*_hA_ePK&A@}%IeBc7P23L#!Qu!
zow-?Rx6OK`4MPphTm6O~^Yty^?&f>AR?)NZ#Ib3Nt+E(>ov~aSxS)`uk5IMA)}hok
z2#hSBFk6u7P-8Y21lmcmN#F8Xw6~ue8}<{nL$3o5zV6X;pDGbEb&Az<CB}f$+ayV%
z;T(8vWddB%Jt(ZK=9wtK;F$sD#oHo{K=Zc9Nc9a(OfnJzM7JJ2{G`;L0SUiZt0zsv
z<znyhYodh%8{HYpgFBFr+u$>Tm2*sTa&casV6zFo>kLjTePX@NgbTfsk2h#wa!CM$
zu!CV*|7>g=p@ybp@p){&w-%3#h$R!sIq=im^J32yZIQ0!CNxIeOiF9m30=4iJGumm
z-Q^}v=05tsJ4G@H9iRm(9jkd=ozAZ{9MsXQ6(s|Pk}wte#clip_m1e)HcMI2U;os<
z|Ke70pFqS&-m7%@dfIu-?dhN<AW9-tO&V|Q#9SsK*xB1(+x$9Z+}T@*$bP}jfc=i;
zmmBxeIK!ZA&Gnnar){nHucxjmPA)<d^%o@{D}-ZNeV+MhDCmNOT}dhXO+@fuy0eVV
z5pGiAFsskK1&d9eJ1V$NP`F~sw*~vp#Sgu{{^vE9t@MX$0LThhh+Oy{oCiC*@3hC%
zw!T%>oWCLv`qPV$8BG)th_E@!M5@TlLw$y0IVOlp5piLg7_s2a%(RsY*CZ;f?yZ~S
z<t`)A4J458Jl01$mEuFd9GK~#^}G=w6GJm|COE?WrDMcaVM#=W2P|T!M^pLFnMDs7
z`R?;5uCLp!UFc$!l$CD+N?9Q~R<=HRV{~VCrT={U{JA%$!T1_A>Jz(ya}LVQjm;|s
z-}r1h042p9y4PeH0!Ezf+pQktS$HweS6hnj-r%<4urpPe5p3^oS}!1jqwzYRVCOAX
zfj|Xv%%X0i%H?CH`-=VgAC!(c=xXc~(mRyig2tBtAD{`U&c+KF)%^l=3~=~1MFcb*
z;06^XrCPGGbl={$|K~THAv0<v_LF7eCi~`w>ZVctHUL``;UE@r6DBN=vmInPV%V_h
z$d3=`tu3zg6zU+pT%8OI4B#IsGnIzqBJIr$-Mp@y?_>1^Bi)4zF7X1R+qw3U<Wu2d
zD0g7{!_A-m+d#QfU_-OY!V!D*iqYE045KJE)BE;{zW?^^nYNdl5pMl)AlU>H68qI?
z$L{V`vvy5U2vTew=C|&~(0*?_+t~6hYImDcnbCiM5rywBe<67o%AD%~175S7RAzC^
zi+xBip)N<J-9pMkvY76B`RRR?9chk*Z{AcFC*(lM@Z64#Uf~;A&}c723vc79$RfEj
zI2`uX+rqPGS=#X+L0JVsCmK<Ywx2Rq^K!q0|D|SxkCQtJi7nl?^H(O2{bnV=G_c~J
zM%s||?<PCnl(gpk5kbQGiSlq0ISC~(iahwa$?fdfcvr&oWz9Dc#fjH744@_G`$(G%
zWQdaRBjL8J#c~cMx?`Ysd{NG#$q?o-znQtWKL}7e=Mj{H-Ndk-3?REHr{eakAqev2
zsZD1F^pT5n2bC+n4m4PEI5rW+Hr032ehI45<HxVVToio2?%cRB#d)^Ru>XiA?t~Y?
zF^YVF3uB<4j%XD<H3m&skbkkywhgIQ`0q`6O6ZZ_LXqC^ey<dBXasf<pC9oAxm+oY
z((1!fvMbevM!n~_7@Cn(-om~`X~Rs78xQw(e@gBPwn=?W)3AyQnqK3L(Y9WH_m1w;
zQzV?=0hF)1b_q}~8V+1fnTs@RhN4Yc$<C@6sxOBAjUPF34Jt-*3m*02`$21kWw6;H
zoP<rU#~`T(@9RH$Zr2_?td5V*jQ|}XEWyV8L^4T@o8I@5Kdk`ahZbh>JQ%MFU46`n
z_9rDFPt>-@w0F_z)VZtJ+WwukKkgHAbYD{VDEaReRZFhyd3Vhz>aDzDoJG~^D^8oL
zmTW7?kBPZ=wD<STi;bhh?~0C^E-oA^aoWr4d5z!icL_Pq$8?=JZtu&MeyhKHSz8t?
zUiMtYq3l>lc7kpLwa|SEeyY9ig}2JVekC<RzKY^HqKAo*l+QRt#aM!#-uTXH%*w5U
zK;!(qc$kz_A{n`17qgj{JG>&pEuKDmra_OM{Y2UwNcxDyIjmjBCB_Z{unN?}snurw
zwc)sd8qz8U6V3>qJ6uCwUw_%H4GX!2;dUXlV4PeLiw(XRv8~%$rm@!1mGO~MgGw)<
zG34jLs#xLYjHQvgHACB`fWr<-m(1kClBn!qohoQ*(SHC<(;L6;v~dTOOV?>+U?ze&
z{V@YH`it(Rpp54&3Fd_u)eYpA?tjbfPy0j5?Q)(i)fKi7-;>CsxPywFBR-*MHC?jg
z!B*;-SVVV^KQG+6tJ0N1UUG2&#!F1<4Pk~7ZDO>idY8J?Dw2QG0B0QtQ};=}dWZN1
z&-~U)v?j5l+3Vf8nq|MiJLxM6BqpW{&Jn9*s7B2@HEw%4n#GMUO6g)dbeuNWKCoIs
z8kzZ#7i)QTxZurmF*0%r+4MPcJmGJWC-3;oPyRwdYS+S&3|F;D+scA8Q_(m|k(3F-
zR|2HnA1Gh6ksfTN5vOGThngJ1Pr^4LcGuN?yo041E>Xve1RIh)wfB1zJJVtSy>%!8
zNGf37fZZ-SK>Yp5R)lI;lFZq?&|B!<K-s?gjjo(Mq{eu6um$p|vOBQzqY3`Sjo^l3
zkVzKpq0Hlg-Cjhhf_D4qR^R|yWK-fT-?ulB5a(W79ae;Ci4^YEr%yM2dfdB%@9>(0
zm>|TxT!8jvcq&5r5J7nbcS^gtVsy#)yJS|{*xD48(4ga~*a^-BlD)dg&MvQ?O?Kfb
z6aP@FDWc}=Kel2qW<m#xVPJgA9{M19m#h{kEmRQ&$t0}I`qw4Lr7KTte+M*$sj%6V
zvCV#SkW`-y4b9Tt9pO=W<yy)o_Y1BzHWj4NK?D5%(|Fq@XWg)(AV;C|%HwKO&9bSS
z8iHhTBY8&plPAMvQkeqoUY8tK#crl}uK29u+#;A+ZZ3c>Tlr555IV4Bh@W?aiM(4;
zL&%!aNuE7rn?rNnBsgp=ky`ft_OQ`&kA2V@OwZ<{PZ;g7MT`2zzr*rUeGf4=xxBAy
zzv7;<fGp)c<?rMKdmmT)RpUeAk6+&RizaVvn@;H@FELpdLhHi3BTzZ^4)AdMoSBrG
zg1ctP+bFuO$#sl-b7KTr{5@7Yxeks}|C;wI_OkQDgb_70Vdqkc<}m>0e#`3l<yHIc
zx3pWtm~B>-3Q1>|G7$o<7qk#mvAMC9E5@DV+QSQkg<2G>e8A;58JTt1u60=<gjOGy
zliZ~ZAqzfzn+z{4tEKg7P4QADSS4hcPAPxjXlsRh;cod44mF@wih~D;GXqBlwY039
zIC#diX%#buJpH!{+>Aom@jS2>5=5q)s)t%$$$9^$I7liB<9bqd02-P$@L*d>bL!oH
z@9(?PrJLtXK&scDn?MyCd<v7ceSAQGs(d&(zyO=F*<y?3B>9;yTK_iJ=NKU%%g~vT
z02QbGPq~iZE|xBsQaygWy@;(}6l*!-^Ji>G=mJ04D#MjX(pcD|m!seC!GrTJ%pYj?
zhyH3CoY=(Fjqz1ioN&(x^!LA?EO}&hz3eM;28Mz@_POLY2sFdVR~&5W(XL;=nj1Dd
zFV7fr@K%dxO}=mm<2NmMik+UnFFa`y?vSh9tt+Zz01n=iYX?~*GF33yZ^3jrIeZX;
z7o^t0Z@@ZbAxds&dO-ln6j#4@s`hBDTJ6!^8m||zX3=0MmVbHvwV{h_=~vb`wQ<-<
zqR$kSaO4=@z_fSqp~pi*?bg<{hwWKsZ*Syr3_RK<_i}&rHuN-da&i*hj}47%VTqI6
z*Zkbw@HJrB#EXFwPCgA96ub|&p2-%sGZ0E^Ylk*HQm@ec*2`ErTk9XKlw84Pb3a3e
zJ(z(v_x#hBFE4Fgkhn`QB6oda*!VTCiff=gZsr}P3h_6G&%Ex?;lmfKzG>BKJeM-n
zXl?#EM0(%YUSd}QM|tUwIl<lYb5*nea;dBd&_4hCY5`i4;q9y@#FV9ncRXa8<T9`T
zAP)gbq^>xS)lGcu`*gj2C1o*r=g*%H-rr+G_CQ7)j`505En)7DyW-jOe_ySlEmRX!
zOD4}*-W+FfF&TaeG(y3oN~?r=v>$2kBfA@r8yy`fH-R0ds|yJ^s1{v55=E?AwJ(qo
zQvZL_LRawHA;wH0z+mivr!zD=mlJXzr6tTBm9V3<*RulU2<L7}i|G;|Sf;)sbxyWA
zO^qbM2>Y<GYXF|!{|dgLWPc8y8PZWlzQI!`^j*Aj>gjrl*ReHjFX&DP_Dt`@RSYv;
zy{ZGCyB;5Z?dprJf`bnIR&o#);@<AxJK$@Z$ZI)QFT=$l+ij*=J^K>$19#k&{#e#R
zxgc#RySFHb8W*^61umh1`IR}Xuw}pklAkP~wBGpLKVovX%=OAqCOhdLmaJ_Trif!*
zc<IumvuB69Zwr8HK++Gf{nRyUy>GqN$TQwm-{m6!IA71BUSN#Sqg%J_pOIVmpFBAl
zfMQ7$kHkbivc{6KWaieMSnO`%?f}=phY3~^`RfWw?EU-py~VQW*u_ptlj~O=LD>T5
z1imgT)x-zfWm&tvMNn_^S<iVu$s{B&+=V{@RDgLVJu`nunjp4?-^7JE&WjY_=(*Vw
zy(G$dh|+=45QvU)geY68WRo4vn;fVIBVfYOo4|@uMSVL(4|x0_S<?G4Km^a3B}v|Y
zWAB>KwW9k`dA9!gXhx<+4D9stI+(co(uU5M`ve#`fe$3C)P{0-5yvoLR?DYHM;?@R
zTk};YZNBDCkc{mf?%Yix6z}3h2c_50+PxNG3_fqehB62Pl<4kle|{5_;EUYYY_6xz
zw#qK-G&Fok6l~}PV)%3~2P#l{GG@qJfki1wn;}1G664PM_3azG^imdcGT_s&dQE_`
z#5%DMDbM9guH=E_u(*RY`Y-h&&3ce+8+SJk`o(j>m4y3*SD_wz&7n0MEM`1&-3?b9
zG=w^W2TR=WTJ+@hhwNdxB7rbPW9O&gHeUKCH%$|4T4oV+KA@l*DRi%(zd_f74m;9O
z@nW|)1zppnQ6|vxHodtn+rjrJ`$U5FeAYy#HQKv9pINV6djsx6<dW&I`63*qOd{uu
zeoI(TQC5Z;GuCkwuVYQ3b5_$$@E#VNgB%q_YIESc2xt*8`SWXq;kM?U@<7-03{>fh
zlQ#7V=}n2SN^%a19?Nd{%NIdfK;C{ldw!?fk(9?!hNV?D9LqiuB#|2{G8M>FuC(ph
zSBf34yA!h;drDBDpQk@Y134BjAOpvQbkwbri3dAkp6@@eY~#Rk*d|o{12sku-1l}+
zxB;J$(7dOQl&S=IsYrCM?Ppl~?Jb4M^xb$c(3AUXNP9|sL4yP&0NZX>POcfJV5DgN
z?3pGs!qsd~VRGQ>J6L1F(!EjZMA3`bAn;O%OA|ZZ+(EjmV*Pe>k?>lnINr-9?rlbf
zexfz*kwWuWl^?Pn>lw`v8^7>Ou285A1hrA>dO*R`n7h%*B6elM5-wiC?84)_4SS^o
z@d|u)YQ)M9A4Yb(f|taJGiPAi%5y|&b%<HXJ_HMzvYeCx+c?v(fFneGKAiDqV6WY9
zFyTuJNPl*MD6PF>*KuXp*<gVX8@R1agZ<{;Z|z9%)iMcBz>uvh1Y^TB_jXCU04pFj
zEeQ*~AeD`a0>)a|ZhJQ<?Kz_NshjhkKZ~{qab;J-NMw8Q=O}-%eyQC=u10VUetNVw
zd2k|rG&b%5<p8cHd-Pgl5C{|l7Sr0=3S)$a$OY&D7v$)<3Kwv4`U#vA{I)h&SuMo}
zguxG#8%mw#YB2V@BDJE(4WrYM`s%l#t&Ka$(KRoPzS1MY`5#%vUyZJh=2}$P98BDK
z-DE}%&JMF&uAn@R-TQp5fx$D<KVb3`{{FI#iUHNs(!j)IP?zMM6%+)vnsFFGLVNU)
z8e?KdF+UepEC-O5J)%nos9;Q-?iJGC4{k8QjjdDz+Cfw259%`7knD~hkQOvX!UCg{
zJAL|Z8oPu>m{45HG%<IR!_K%0`TW?q%RpCp8L(XLzB5ipUJ(|D))<GKqs*k)U2a;i
ze$e~v&8HG(L8!DkdJeZNh3%1COUd7$o!{kK$Hr#-BivZS;j&e65I9YS?Ul8#8JIYe
z{$$?l+2R=fHLb%#in4!Y&VW-c-$WucVK^}lmt<Jbt~)C3JaF(J<{$0+8<<|8{utip
z`*{1XtjB9{U0@H!fKHR{m6Vjww}SaAxQrV_4v^pac1Hbj(|-3Z)O9V4;3F2NlVj6`
zPLj`2VhZ*fS=|O<h#)({ad5z77J$VdAeFkC%LmZCHrZ~#^1cS{9qZW38rlJH!IRXs
zhRHa~Uwl<kf-XRLvit7cxwdL8@$gxy=q}30U_5g`y0ee=l{5X<A0qI7y{$?(pEBjf
zQC{@!_g=<AoBa>vbn?$@=9v!yBnH4&va;gSjuOtz$m_^_1#{Y_=<t<_!k%M)F$iOq
zfq3|{3UL`K6eZ1FOMQem@s%VRr(R*k>E*6(P7Z@`-MvQ-=rRxnVVDuGu8+o^A_c4w
zG8*k5YDWQf<$`~nBp+Z4G|HJH4`F{%s$KM(8f40hUoi3gtIUIQ3__-DKSw5z>~~K9
z8CBf7IlR8NBwz4L)$p9IM^QiV9Z_JC)tytgcd1c6vGXiwIwd5~qSYj|JG&bO7H}G>
zi^@QXZ)-)yd3R6T)ubr<sIbtDs|q^ftvh$@vcvDQcS};-Glv5Zcre>qcGf{ImOp}~
zA!t74IMk#R>We0C`jF%fBv7pFy($;PuVM}yq&hHT`Y9J5f)ZGiTz$6k)L!4HarGyX
zXDm_-^j-!fd7&7@Gs8@VncVgMq$RetrW>gubqVC;kkwb$40-A6=;XAJ+~K<J)5g`3
zB9j1cTS`(25}46`o5bl&?bsn-u!A-OWF5EnFf4$wj`;dct*s&rLr;OjR056$98Mw#
zrYUR)4!A)NBn{y18Smb;0=lsYDF(TAu%4w=aiI(Em?>bGXsiZl3JpzJbDsl8fD1AO
zQ*)`xe-X6xX+{P}6Uw}emmsP=_8q3-C?|`S;O^^!ET8(OCZK5RRZ^=8=p#v~+I;x_
zoyi=V4(JJ-UXo7+6A|W?j{nWy1*Rd%$+&UpuU{*3be_j#k7v#hbAr;hNQ-ipaU+pM
z4b<@VQ2LSN-Ii5fTRRk}9Gnv{92_6%jxZrGFw<!t(-P;%ya3Po$-isVoGz4o-S18$
zb}T;|8UmiKXBFr?;QLs#U`cao(S$`|f;TXEC_p)RL5|iOY9y2+EY;l!2(3_{&3`{`
z=q))bjf-F3E;ya=8IM|^S!9mS+F~eja3IM}Ti2&1n?Ovd6i-cBeXlmlQq$cq<J2Z@
zI_$NdzmHx_!e$ahg~AcFx36K{xbl%AnAm-Li@F9agY&htIYy7Lig|LIMp2jqijoDX
z4A>ea`-SAz&~r)D)uoqwXOEh1WOPX`dhz+W!0y(QZ-L;}m}$M<C_tt!7QNi|&Em-B
z$+yg>CdcA)C!zPoeHFPfNi7aoi++&%YFtrtP^cH6orA=zYrq|Gws|{S8e_5({`mR7
zx2$g+4Rl3jWjNYBK(L@Hb_JFO8=`-i%S2_8@ap(y)e?PjA-p)hx{~uh>!`Nli@sh4
zC{eH{88Zjk%GNw&q0)xM>5hhZae)&Zo)BeyC6pb?49AU>mj^t(a^b?Gv~`)q5u_Ag
zt7~fxxP1Rq7<Xm%C_$g~)7(}{NM9yluMPUnM)s0`ZTBq3(r4ysm%L4^Mqk-4<nb8e
zH1$SLaH|Xcct&D{sUA9W7SmcA>1B9!>Ld*fi}SCxnXlcQI*o1-ZV(k0Hr{o1KNN?S
z?)sCn3}aoe`of}XTU;%f0M8sr_dy}&7>%u?r;ic#jNgDZA@3*sw_@F^->1IM$|4_K
zMCv_IBT(3mo4K9qT}CI>0fBiP2QilVB~Y)AOYFdq<MUEw<0RNNws98Dqmu$J)O*A)
z{a4$2kE$mH?UP@>e-B%l^!4u=m6a^`nwcLYT>t}*)!X0%glRp(_=5e7^y+L9-&;)&
zX1LVB4ype^A3mW=AJ21g;-TFy+alTKc3EI#<ahKaW?<nXr(d6UAsfZcLNQQdlPD9;
zHkXiw(Wi(@yA6$u#(N3&$O2+U&Q1LU$qKN6H{RHH6DkW!B+}mp9c${lSpdgcyzR+y
z2CW{_I&)K;1%A>g-Um~bS0Rn9F3r9qFMk&pvU^794<JJr!b0HWc(H*7Xq<PMsk0*=
zEyX+iCgbK2JLf~rP?G&ZL<~65-Tm`e^+RkE=h00`mWQaD<Rpc+=%6ue#*9Gqu~vgk
zV||ajNZvWWOCd*&%Mp`spbee=diZ}cN9WHqkJijz{bs&j6<)B;@P{?E!XWR*wC&R#
zStSd#(Zl=qBY>&kL-t?)jT}#M&W#ln*BX#26}@@G;7}?xW4Sk-C|A8CC^Ga8(_z%v
z^M_2dbjNR+QWK6!fh+<l1g!}PofRfz!VtjXonx-X4HV8lq36vcOsO)QfQ;~RA-lNI
z<IWTcoQ@?)PeQDan%WL#hn`bt2`i6(s<OQPxh_Qa>bZ%B*6FAnVjK9TObB`A-Qv0M
zV&KGr9RwY6@Fh_b<>Wpn#=IV4z5a=b&#tG+F2!8%)c%$8Itc`QPD81NU%36`ia#Gs
zFL=k_zHMk=aIRmxXK(6~g;*ysDmFNfo(C+Nx`qY@jF0ik9(|1(>_ykhCegIk&?q)9
z8bj1;o^FM09BE$t?A_I_Y`cr`n@f^^vl(1-;JVZ{HriorpK#)u@Ub<uv<h>ysg6^3
z|9<_;iK}$w`BxQ&uaXghk`QfHJ=4pso5-`y?CP>t+<<W72*XP&R?4rZa|^spH`v;!
zYA2b4UWRZ(24ZxLSIoazlLh}&iPyAp4d$N@5BD5#*)XSaY-S{^o4<x;lRzct)YKdg
znBuK`(JDIq-umDfS?TE;!07oB>K_g_U6DSMk9#K#!9)Dyi4*dnnlI2Q8TMFc;(znd
zpe|`GV{o%j4xTt|+M6J^gCI`9ZU-sdXZFBFjZ3IF$;BwjWW)OPSC`$`CvlTxV#6Rx
zhm%j&v*Ad{FG3}!P`JB^B#6NcL>|Ahp&wf;6|BGAhC4S<kFpzIJ#Gdp66sD)ZVb^p
zSP<av|LX2`D`Gx{40eaeyr||kZfqjy{koteW9)Fx7Ryeauqv;ujL$RG`kb0Xwrpi>
ztwtvX1rKZ$fR@6Nk`$s2y*kG<vQ0d`FxdIo^xgy25ctL}8t-1hkd1K%qu*#gBvz8g
zk~Sva8xz@{6w;DUI~0v+(56j)bJqeK=v;y}z6qK$EN6;o!K&9m((@K0O+7t(6tZIi
zkJ@!r_hDbF576g>Qk(rSU;c#VH)-FVn}v|vS*2~)QSG{```zsNOro>RV%|$mW(6fl
z6$ON7K2@y1*PcRV1rK*~?q&ZDX(>h)bm`WW`1tvO2kZpsuILfygxHc2v%0W9%nM{l
z+~wq}7>!LWQLQMCxN+&-3c-{r2aly_2M;0DRoMJZ6)Xbr4+7aEvj<2>NI*2JsWG~?
znHE|4Rqs6#u~6cdO>}l}sAAZQ%2J&5Z|`+DV6C`ZhWEe5_gTX`C*Bwql}w}Fy7k-V
z&$re+?&ZAr3_>{iWc+(`R0P!kCK)I<QVXY?>MuPi-q|`)md6Bi0P4d;*^2rT-BXI(
zS|%Pv33Y-LvkY6CjT;M~h6>HL>Oz4LdG^GjZ_nO!wHj<4ZgtKyRaojL$P-lcGWa&}
zEi<ei^$pM;LtQeB&jSP@E$BOcjC*<TZJgn#uVGEeopc8k!6%_fEzs4s_<+%4hP<cY
zt7$-tzcA%OP#XCAuT5#P?s<;C^VR*JYbR0A$bo;pQ}(5CccT#1ZmrLeUlr%)XGBX3
z1k&*>`f5NZ83fdIbM|(k(fkfp9Lxg1iNxr(pzP`od(1@=b7#+f1n<K5ZfB9M+G#pu
z9dgd#)1)tm-s`{SEl8V_w~cFwffom|m!~BOwetgg0@9Ps;6MI2ZcO29;>I8rqTc|w
z4<Yx3pBX2gfv(K}FUZZ!Wvj5J?3uT(UTr7iFihjaR+c~EoSAJ~9R3piiT0n`hs0KD
z49)|&PtTD4$-Q}$Y8fm$rrRXht5Ww&8gN7qB1EXrNVUQr80jQtGs(!TDpp4Cr#7CV
z{;E>*$AtlIuCCcH4JvUCy>;s+MeUiXTS<XHgzd*|pr$q)*S)*=@LO_9A6PrMrO?a)
zMDAaota9L8cjNt#t)R<x)7uF2P|6Gus5vS0aryn^sf^3$9n$|4gnlKJK)=d~(HDb(
z$hq|nWObJB)zPH%tlUX~LuU)RFTlif>t~V?Ih{lj;_2c7aV6+76&;VF41hj8{oJ;0
zo>G1P{@f7)+i-Gr(o9&(699}voge;f;SS6L34|2UD})F<Kh4RUU&NP^)8A$%cv>z6
zFaIJjbk1Vh8pxLEkJ8@z+iw(`pr+;oS6W~OQp5r>i_#qb`+<XV&leKGD3$3fK!GZ`
zVm?_|VkJv~;|4%262>utAK?i@tNa{yXwloZ6#Bf8haGRkGkPjD7?%q2vvFg_5MRO7
zM7qI%A^d!JbR7L<^z%&2xsZK?1t7QN-$kZdVNL5@!oXmIaHSh51{M_-_6+G3)PpYD
zw{Md=AkI5{Y#<J?kZzupP;Lo*dK=fip3OM2kS@ADr=j{VJS5_l$l*01oP3>c6b&r}
z`JlkNg3(m=5wU6_DpzHHjozZA8?CHJ9fwBTQnLKJa`G6y`~gsDgGNBnMaADMq_4=c
z@S!Hyyhs#K$*;ix!XC2^+7|*G#`e&yI3^NBclrA<0uW`_!@)%_OmT+h^(aa;Z*NA<
z1PSe3HIe66(O;Wp`I%$~tTR4v5W5_TPxTcUSN?rKCVd$;Ze=xE_{@0&|8A619OWtY
zGkTeeJezv_-64yYEM3YY#B|NG<COFk>H1iWb>uuS%V!cd0&E=iG|=aNd<VkmfknMU
z;pzW@SbtDK(K3a|Tv1jw75G>%TBBKmV5lNlB(fd#_cQHer&BjX6X!q#^vXMnjL&y$
z7tb?uV$1;X`C7kmBYzRNsDJIU>F7!FX+_z+o02+v4$I(Ry@V@{OGIORD4Wj3!QpfI
zdkB*ZMia!dAY(y|d=QkEJ3b41w}As6Ze_%(T+J*g;6ge#rp~?REZ&i@8-E_Imf~L&
zG+{Gb7LCV{34KSOVai^^Qy~g~TWl**P*^oy=Ai#?NT1|AdKnx)rlmgh*{Cfu?!?8K
zpT|gde0_l&@;9Nm@Cyr*Q5S|*2>p^fl)K+(Mtr#Q<nd!I_vTYYC4{7L3(ssTBF$jM
z6TXoQTr<BmB3_GGMk*>Ni(+ePPX6At!2wf+Tem)kMBX6=MJ|~#83Jc?Q;=!M%R|50
z&(-`)hKEE-QDNUbVdbL5lC5*5F!QLyg0UBcJOrzF>?>P-{o3XN8W|+X%BP*jSo!+(
z<J#*KCryg%S7{<|N`^v$p6Nrk_5q(CNSPa07N-sLY`8oM?PiM#at-ZmA4IZa)YSte
z&b_h`TFrv{jnLakzqag#Uiq?<7bou_fH)?@Ai&@>rwtByU4ATC7j&I3cjzG2<y&x{
z^F2A6=wcS@uYw(gr{XC8>kd{|Os|~AjVS)!%})xKaq=ZXc}ciGX?|Y5)Yv%O>`JgR
z$w|pC=2me?UVCV6AswW%Orp(=^<pcvtCsz@M0OM8pCd&n!sY)~xS^Xr5jdW1T^(;H
zUGx4@$}eczi7PX)U6^G42cWaU73`=ntduplWElJ)=?^DyLF8)yMwGW!pBmiTtkZ89
zjpyn!;#7Y~Cs1nw9~Q;h3)fu|=FL5N^w2v@&xTKpYYMIrJb3$Wn2_Fum4gfxl=oHp
zIwd8M=km0mwVqNR*%R0sGE?SnVFlX+fqIM?qdV8at112kA)TuEK#^dNn#Bm1q7;q^
zO`BIwyuBn)DkH<t%ODg9avL8;EPkRY&hY4`iv2UTpRYWmk0r#89qe5>+Qb4@Y{^o$
z?rOnVPKyqvRGmvMSlm;VDwUe5s152S4X^J~z<jPR`!IkK^y_F_u=cgt?bYSw1q5t6
zO|9>q2`iswtAD57mLE6nB9etY6a4jQ-1d2boAlu#J44MD#}g^-HB?TV#|`n>t0jN6
z6LlU6=;$WqD7tL>fZf}O{{3YcYp}zO;trC5UId>X%%+sUnNSC8E(ilGmr%w*w*<;q
zuppBHv8giW(C~J!3*6wF&-GEMUWx>nsW(01glHr(?HQ-wIUkm5I?V!zkuY5mm+^&N
zILvgQKrr_Oc7MoyxH-z8PY_Z_qv;}&X4%`nr(763$->0FO;kqAL4tR@eO317?qABw
zRSIM`)n_!)FL`a%%Q2aS(RzD&?X=Kg$6wkM-W*%=!J%x=B5A$HPaZwWmI?ReGPpHw
zZqSxCjk@O_zCL@G3Zs`mQ0;8hRua@{A~#f*IEA#9fRiVGvg$+H^T^!bNNsz_B@K>>
z=%kGLMEJilGf+pu3nWi4I#c(z#^aioot&_DXtS@ilW#-txky53z3V1vZs5q83D(&U
z4d`Q-Bsp)j>oAf#eL8(B5iIu7rSb8?OtI%mCXJI0)2BiH(n(zyY+JlycTd^>I@<BA
z>@ogvLetM9$Bu33=-^Umf#Yd7Z0_*Eb3GK%y=&L(hsK3gHa%rQSncVWtEYfUQymsJ
zatPu!<s2;fURAY=xdM+ymrVQ=e0G9hS6#9qg<L!#=PZS-W$K=HPo5kau0t~U=+W$u
zxj>X4>*tX%75^fmL%+5y^9M)%XUS0+DXC^?FlA%4qz+5mq%l;o_GfA9o}wg|$?j*5
zWIfu@LC{cYqo7vmQjIYX6-TQBREP^pCaAa34rf6%e1OgBJ;&K;icAJS&+A&d3LZl{
z96vV7%i#02XyB2G)Q+GeWtAV#C_nBNvGLahj}7D8r>x9`X$n%2cp&x#b^{+jeR|-t
z(bw|L5V@n?-e7~);rX9Re&7i#TaweM*lNa3hkEX%nvzz~o8m@P2dh`FwrdfrRbzh<
z)Y;gc@ATfwO=E^($=e3vOtsa_bOA5*`$od~B6d#j^gRtB*<ZB6$9Pqot-V8W4KHYn
z7Z5|^%n>fiYv0mWskB;HCU?3FQ-t9R7zh)3+&Z`V8M&2r8s`Psb#eLRy(w-1O=)K&
zZZd%3yVIN_vmfmGut;n=q^BAuozb5Q3tC-2Q>Dk$B!-Qw6WY{SPMgl8v@BjY$wMP_
z*Sn+vP4*<I9L+^ZQ#|bJ#hq14CaddZ@O}$>Z%o<c)_!ZC9)kd`I4B;IIKjZw6&d~Y
zgu5YR#m&l^B_(>k5}%NPgM`}6sA>K9CG5S5MNA{)@cNh4QSaU$5plcJOYknW|3fqg
zJ$33ro~@JfOkG`3%{VxZsVmFxK$p%MzPc<yC8V-TL&)Z#a4C6Og_G)E%xKOU^t!zB
z8}%<a<~8_Flz;qq-)Cc%kFt9FK)pxn1R0FmlZ6*9UQ|vxsMY1)l<i$bHT`0fIwvP_
zT_9~KiCW63ksdZ|IWQHUNS&;NzceS-9zCC_vmttwd)z0)l&^DgdTt)DrrCJad$%ei
zsY-E!cinlzb@O9Y4=xr<M%2f*67<RMKMU6xgcu;9Iw$_q=Wi_n!Ryqi*=^HT`^LpJ
z0Jpid{DAnM<2U_P)B#Wiif?JVKcvU^bM;i48$Sr9*kL~&2-7REb#d!1E_(qeRpWfu
zO~q3#SHpr4jhq&eGpyP67Evqlp>?*UEv2vPlU*Ed-=-<{utC0Pg*3tKX4>ub6&0Pv
z37l^Gb~Rk?7~GiXaA`%wrgjWq)Jt;4g7ijSyHaJ?jrk;9N-T(L`5NU*`aB^onWUx`
zFg-HkR1yWs$B@u(g5dY%OB8B`fd&O7%~{sO`3zu9?c4|*-D9_}O(&f^WrX((WgU74
z()myT3R>uF+<@OJ2;mXNsN^D-Ad{U{@^+l2CNaL;ao(uFOf{)K@A9ZVeVR1ZQm_+B
z9&h#Y@xjtwD_)o@MT$1=>U_`2x0N_%e7rZunQqtfN{_~<LXha%&?om?>)_3-jh=n+
zn)1p_)0Xk3q@_XHkxM2F_IBIc0MwxTQprkZ{({vpZ8W?1_I<-l9{+hZWcBX*Gwf{W
zAEJ|?!T&s=OJbw%ks}|q+BOl*-8Ih(cAm*kR0O@pf(7UO=0okm+=3wn0HvuEge4JL
z5N9o7PHQha@pL`GWt#C6Y0~>+7!wJ#3!w{}wVeF?sd93N{9ZnJa)~BAHTefEdkwUL
zG%#MPh;H?`#Sj$7uenEt3x)~6XE{R#N%JCCuU6dhqogjo7wcN~eAv!o!`v<X-JT!A
z)+|e#&!`)B>dcul7&BT}JQMGIX|fH0ILzhwPfAzR1mJxYnV;)ti=#QDN=S|mrq^$>
z@mL~n-b5Z!@8FucH_#~_t(&5?`Ur0CDJ!hPm%z19GQfilZ8TaR@ckuG&$+<omLdM0
zj-^qH0^K>ZOWSwsIB^sEXD9@ce!&#1A|;{7VDr}x-IB0!m9epIzYsE-e`+SZhfF|L
zWEHCdM4CNE;KjOKQ<*h~my&x(X-R8)q1fUpd6ILEv>lPyw_<R_894vXNYA~pI*V)-
zFP3*x8Uh$^I;dgwbA7A&=m4>w;$2S7j4|_`eU5$8Gi3K^z1sib0*L9FE=%2Wk8UVs
z*X38)KlS4Fu8P}1-XV9E6G(5Ff;n9NpK054D<mlze(I?S|GiRs+26rRB6)M@gf%BG
z-*@Fn{+hCMityn?CSDdX-|=Wb{O7gkQ8K^oLmdK`#JhL12VU!tg_w9Po7jfaV}7jV
zuJSBt$Qf4r0!J9pTbY?uSQxx#rM&Q)bh{xI5Y)!NRFH604!#|vTY$h1<QJ*UkPhO3
z$kP@v6nWZL#P!fghiD9OIPiAR2N~g;7}Lhu2qqvED}`Se-dq7pNdC<51zE>YWq<)`
zIulo?tc)=el>S0F&Q~7f0IdA9W!Hm*m_uh^+*<aq;IU-??bn&Y018d)5ew-UE@U#0
z-xp(kt>nbm1!(64)Rh)q?-2jx(3NU+crDrjGH@=0vYL<7;2#>gilGQJsR*P5L3e6J
zy^ZSy*6|-EI@<ABmD-03-)nLX$Odx}<i$R7h2}j7N1vfeAHd@E%B_Wh{Er_1H`R;O
z)Gcxy#0rtIJ3U1>M9mu+*}gazAOHu4e8hG{;U$t|x9lwI{FkLIO4|i;q!7|MK#`)>
ziZS=fuu%5?P*yS18!x;%<cpAdZa)vkzkBdt6qI$`)=dBP3x42a?)l6ga@L3u0t!L1
z48K*L3GHv(<^0sAp+=!0W@fg*`G=gmyup|OmJp#UX8)4b*|V~KwL#>~=dJ_a|HC1e
zh{4B&c_@zy{b6bWAUJYR3?jjiQqVfO6##~G+VBww(Caw&dG=(Ar4^gbuJ__IsRSd4
zNRT(T++O-E>dHyF7<T8EO%&WdIWd5rd6(AvvOFff%t3sq-LeG^G1wMok*9Bj862xd
z-BY+0ngi{L<&0d#<G?s7<rZ}+&C{-3yYh6IIdgEaBp9&q=+6sxJBUOdLZDy;{Qk}R
z;5vY6Mz|F;Ig~7L*oDT6%d#!YmVxd-e)Brst@mJK$<nH-maO@B3KCHqAvu>e$B?=%
zk({&mRAgl7jB6Hh!YA+nSYxtz$XvX1(4PZHHE$6cO3JGn8H|Gus5&%v(r-L&`r%7&
zVUY+i*!em7g+%9XJ2^slGMR*m)0^92YKOlZi>aEF`MBAnuIyA(&S2*oBGHDmEJCgh
z?)iikx^g~!iQ`Kz8WNq}(uBNpX(MNds!a+Y9~hJhcFPaRIizt=4!1}dcLT<Ev>;W0
zT|(>nYjyQReS;00AKlV7d?095g_G!YW99~Q;J&$yTb`nIi*M;_xF?hoansE$UQF#l
zhu;=w1ca=MK65e!!1m+EnW?Z8nmIMF67L^-D$HtD*<i?YA6RSAs+N7DOwLeC4jVS1
z<9+1h6i$A;ZaZlRrDXM|Poqpa-bY&dZl(f2YQAzc5~42ddGWS+?7k^JWxI4{&7SS$
z<Fim-|8VvZ6JOgqxIwBJlk_-k*k~#zN!vJVy2H4f9k>JN>C?z7Tw9;XWo$bCjA#sA
zbkn7vU{Ng#Ngu)f`tsn>LMS+i2XX)Yb)aUZ&t4O1T=X&sK?>HJG(gdjf8hYhBhzrM
zb_IJRx6L^zV;G_l;EU$r3{)iED%T5rZql|9GBQS~b6zSfUbf8jb9$fV_-DzI7^)nB
zqw^|$Jq;uBKu`#rEO5ibbNd&unR40i`d-t4da6<{sL9_#W2cM8VI(&pN%9}2`ZzR0
z7TgD2AF`2peEqlR=|i94G8ft*@a6eVXzIIQy=cVyV;?5qzn~3yc~0z9&PMmCm!4ZI
z*Ff8#E%hHcq<Bl1jz?C~k}hF)KKeb_X4if2in6|)MVC+Wo9Ge<>7B|X=(1iCA(f|K
zM2N}q8w27>NF=#IUx(~4HkMEsa%%60tz>=4w+0W(NgaM(sy_Fakm~h@5IX%o>PU=1
z;rfRwOzKvt@d&=3$5{z3s9@%+rRCG^^h>6fs7+z~_$PFB;p^_{K4g-nX7SUfQOVv+
zj-taa2nkX|w1D8amc(<u&@7TfH?)2y5|W+p)?ijZiv=>xPI9rwSZnz3;p2#{>QL*j
z{lIxoRXPV^0J2oF59KM~nxs=I8ypxWNBa?*iON87QWy;ab&ybJWVHJFnohD`sGH};
zHdCQ^9T#S!lG;$g@hk3JzaBpR-kR+5ZoBF$w$sJuxCI3brBo+XV%N|0kpdOR@j{vA
z_uq-uUdM%Gztx+55V05n$$c_LvZ@)56>HWwh)+Jbr{MpQJd*qL^zurCpvZ)?4BT|S
zDeD|njt_LXanR-XT9mIGVwG_NL?5)=;zP}^<iUiirruhoj+*z71iSbDV(!hux$eJq
zZ_VEnDUGC}QfU?qNRmpTREAQT2ScfdC{j_HCrOA<=4hf4Y0xN25rv{srpyr{`}NWF
zyYIc9y?^&{AIEd-<9WV+T$ig0eTMgYz1KR|d7dlT#<`}jtNdf;=30)rS=7Su{oM6`
zBXD4JaEm$?V;YD+8`l1;vq)V|R-?amLw#j;?g}+PNp45G%82+oE&h-n@cpd4vEOg=
z>Z3}ZqQ)(|fyu}6Wy{`0EGZ(tecG&0C7hT&C<8E$fg%oj5l4+VYu0>L{}~AEMgAg(
zZjh1T{niCKl)t&;ar5S+-!F}xQQmcxr<~tl#xM`0y6;_b86_u@#|UY?8F7oAE{07$
zeZMkf=VukAe2F*h@lu=@)dM-IQoS90qBI$l$65X1z9z$Ot}nenffk$IGI#y@%L^1a
z6o$DsBhdfxlsHxL^AK)K>p!(%-6@j)xu|{R_x>vtTPkS3``pIK0E~H9uX($6-A(dh
zl&|)tkR~hB<iWFja$hDaO;&$CfzUDJ&dw-vYRR!)dVRz@C7ixZZE@#@`eWtYD~b8?
z?&d$Cw6)PsUd9%ey&1Wn+)BUoReFTE{p5#vyRBlBt+T~#ZtNQy>3CJo6{*!Y_S@6u
zzQrh#v`it#K#?lh*Hz(kc;a-6nKSos+A)1;ZQ!<$?pZM#f{R9GmB5f}e(&O^ugIfb
z{cGZm?()N^V)j@%mkYDZ>bt&SqJfk)z4yKd^FQjZGl^bDz;&0Zh<{BOsd&^?9-&jy
z;t<!<5lW+uh)YNecNcoM`NE^9On^i_!X2W<s(d{GMECcSX|ybJ?!Ccgd?hrUAp&!H
zZ^5T%2Z^p-eN?T_Ef{JpvGVSY!yo(i>o-@_RZ?>Dp3j}FOu-eSO<vmk2g&5;e3$7m
zPa@2Zm*fvni;I%1Esvm;`hJ#<kBiyHa<giKtlP8uR2t*oY<R~+90T=0AW;(@v%$iJ
zJ-T)Kjh^&nU4qQ<jqogq=0tthg*{fnAx4^we`%5B>L1gxnCjgo;bB)RoTGi-OS|~`
z;-`XC8xVcB-X|8J;D^9c=_V=Zuw%!M?5p{tKF3zsuUz>FXo@0?6{vrI{!TMG#cENv
zZr{%SP@kBnK@?HGI6-IU1r^-+v_*E_CtmTeLX&ouH1^pMDzW}*W=@Xpy~QrwU3)*>
zdR4N6x=1Y0OmD#gO-zDzpHuXul94YY{QY=Jk}IuEJH%vEROr@Y>u)2Q@sm1(G|DEk
z<jtL9CHcoUB~8bgDf)d}3aLueM$ft}r#}yuofmDg3RyUYh2NUS7O>YIye4+Q=paF}
zkKbbrw58-#inqqPjcKT7=jrR~4_Ac53aOrKpk?!p&Iu=DuU{u&03n2(l($4+o9;Nj
zU{%y>LJi;!#G!x3;W)OU4$c|q52EQ<>hY!(b+pbGih`E*kbZl+ocXS#FulbuX^t5>
z`B{~6-90~s+ltl%JY3!V)56@UxocAEYsO_gXgg`Jz7nSOkUx~hX0!<8_xHztzAPvx
z&|Ah^2w2eV<Is#gSE}2dMAmfG@!h%|C4X=@iqG6*gUNwk?v>Iz09D@LtRZZfz_)b6
zzOa3NCYydLJJR&4a-m2#gfh_N$4pxF1^AS@d(u1kErfrXB-s`!Kj#ZP4OxqScp9eU
z0iVmu)Be1|F*$gX4e0`H)u2s9bXQ|1M$st1z2hLGZ{RV~JS~1Ze^bTG4m4C}X&-u(
zQ3WGr?#VZ*op-hcbng#p+K2Q)aJN4L3oCo5!<~z_CjN~d(rg~;9mN?lTHy`_;BEIS
znw~%8?;3czsVkDm2>>A?s79bfLW&>{70St#bo{`(pJr$Ol2bgR8tOXb%(7pZiI7Q3
zx_ysj+zZ6+8y%Exyf|oTUcEAow$;-vZt~w`)^s=QFu*B0jpU`SW&BtF+t(Coy9<uA
z_(c17Opuok`b$J#o!`Ur-*7CR1*i+(r0ny96ozsp_QnkaM?H6%bEy<N^cU7mN%=S2
zkD;a?sW7yk;}hzQSgUQ4ozQ2H*2XRA!4>VIzC$`s-yIYdRz#wR?ZlELOBho5xuW6^
z@TbfDJA!6dcg2beNof-k_3Jf~30bKc$so5APL16i(pmF=ITZyL`;Mlcewzzi4oD53
z=3DiiJ$vq4`lxt`KBHjg2!g|L`^F7{+^QbRqre}yOUI66HfTWmpWk#o_tN%!<xtm6
z{R1|=ciwH~(pIihLt;DZ$nJvdO4jk7i6+}TB{uimWt_2()z^JaePHJW`8R%R?|SPb
z_aiLYuy>#S{Vg1C&HAr64RW()n5X6D`t3Qtl=SU`xn!FM3?>C+DYR8-UCCAo{;;A=
z3JrWHix~d0e^2@{U?UpdF9ISSRYd~!Bcoe+b>;NGGhz{xP+VmUK5+lOD|C&|OE&+{
z?2&q=Owxg6wC1QIZyTSGh%9a$n4^M={-?Bw*YqnA;PoJZ@~KZg?<La^D?uPDe46lH
zdFQEi#T(jbZTl8!9%r@%V+@-0HbVqccv?jmC-2y{t(d?D$8~|0&-C#ehDGBP+|f;c
zOma~N4SM)+row3)#@v=A?HgoJbnpf7_HFsopOq^9ImVl$Q*Vc5-R?%af(AdiA=MuP
zUN&#O!Yr1S<rLGA1&Xqt6n;jA&eHKx-7FV)@IR>>2NqoJ4#}CEh2~3m-V>J9HuejQ
zv{bpojnTeaUi}tQLq0AYp0^W=+}pK2QPA+igU69wK&YQYWo6$diHQRqwJplrtLFhg
z@)^=bEk=I-D^DYRsI!vkUnWPSL5QhP42ea0M*hfem)g_HRP5&2e@n*jN(#PwdDyN%
zqdLRCKlPSQKT3sHlQt`v`m_kVl#-$Zs2WN4RWN?$m(_lys#=)IzTHU&7`imo=T8z*
zh$-4(c(of!&_X*A|8+spfXQCZ&;N00V_fu~&|Ouc^Q(5}Lx`m*yC%qi0h|~8tQ6~9
zaJNm_&3~$qzO;Q-mvV}?eZ|C!HmwH#5&D-U!B_t`zHxMrwAh3WF#a&%EgmBlxgWT$
zzP_&jUX=h&)$QfkAI9lGt&5oFf3gn3)kx`ufu8Bh#I({51oVrP7I3kDP!KMZOrh;Q
z{x4tsfBoQI=@m0t#43h#m4Ob2b=F#2zjV2M=g!gyBir1+jmg_BR1(<b=d!N86c#?-
z;@Z+=ziXG;?T=WvAnDEh^Rpy_Qp7ITkAXd4$2Nk-dJx{+TcD8|vlWyE4W`C{-n^v}
zm=knTe*}HrTXbIvZwdWhH8oV6oUCv(j5I#|oH4jf)&4T2X?MX>cpuO#Rp`ocJmfVX
z%OOxM4||i65=ll85D<{pKzIjy+MZjM8Idfz>Qn2<ra$+~e(%Bmb{}gcb4cDgY%pM_
z8E@S3ua>k+TnaaZg@L^cNCT63lh##}pwme#j`e`5ElB%7Ss2bS;Cl!&HeGjO8^}N*
z`6+uS-%%xhxwX(&rNncg=I2|jw3xwR<lSkzGq*dIu81pbgS-ZU%hsIOd0~q}7LPT*
z`}5`a`-M-L{Q6UnbKGJ+#lb01x!!#{!d!-R@n0ZnF-kEx;S&MQHWxm*X-osKc4Bq|
zK;-rruG-HLeLPvN-nIYh<p~TZ1L}0k9S1@CUGTRfQ@*|S`13u;HRj5F4*(7CvPxG{
z#l&iaDCGczcgo2R1&^;S&dyG)GtT{L{jKhN@!BtRE5Y~c>s;<n%=b{kl4Baxh|O;R
zU*sVAB1TYwi|HpMRc`XHv}5?-6HXGx`>j|7^y||H?~1^TmEYrKDRg;Xq2~GVCxv=!
z{rX}RwQ19Eke1QR9@6({{IYfrb}Iyr)GHn+))Ah*PpgOnkz=^YYFd-V^x2Dk+$`Y_
zK%kpWyaV*q79l@_x2*r0wSuJg!SSLjv!6W!lGYud=wsO&-)8laXG9f!QMMJI9j~&b
z+c@lKWK7oF16l~AU3g2t_IYmayzdLOM#Hm~ZcVqme>XzcMO`bX;-GHlH9-7;nrV}e
z^jZ+|kd1`8hF%rDnSr?gn5UQQ)ylibyaTJVPgBbY9!1Ue^4f=z%5?9H>-Yd`63FVq
znp!oTS_80hr7FZ?IpVlACK0;&`h~Zk+T_qY&5g0MVF`dT_Y~}S-yo5<X$BAk&Pv%*
zNmk99iZ9n6o1!^!=FjXH{pgn_D^_Sg1;j*Q`&ZbIw-|2cuyF2jsAmM=JJqDvP2hiB
z<pDJr-(Z=&Gv>3fxTa4Ds$8)*$<gH{`F1(^DJ?jWFO_Ds&G_2J;>=G?nhU=>x=FDW
zqObgEeK*P_u7#3`9hjDQS$#=xYvoNgezeKWN$sRMTA79~#z+uyR8Wt8=PQuCp@2RA
zYiTQ_Cy?h5*NuZW6-P}MPzER)->>>c6l>y0#eLa*t$VjoxW>|`t9Qzw2&{^;@>+1o
z-~S^@Havji1tvQe80@-Ht+TdZ%R=e>^7st00MdmIW2x&&Cg4q!qg|Tv=k<(Ma!5sa
zghY6Pov`G@6POxP0+x4sGvZj?yUAQ7A9pG0HkzlgmrURumb&k@*`E}4Db-FwE$(iT
zT^B%~qfAh~ogQZT)4$tP^w}=W$rm;Ry41WF0V4MGso-}8CQR3JQcaW9Z}Jhr5HMF@
z_tD+kp6iVdGV(EpZZ4me<;M%dkQuXlQuAQY^5Xd|O*NZdc})nrSu*K4K@E=m*eL;;
zQwotC_C4BFp1a|mehd!0OYzfMMP3hR@Wyz!U4&tfA)y9uExWJy$kev6+_4soH5<ER
zrH~Y02%6V`zlbvyntAntwJIiJc@FhEC;pbLYW-8$itOR_@fmongN2^YIIjQX9T&#f
zO_$u4nzQER4-UC{Zr$WlyCVdD`UhjK&0kxeKEdUyD4@-rU3%A;4)X2;_GU#a86ot(
zo!74~q|W$YDp%~cT_C&A`L<~WnF4^^RDWl3Q)Z(;J%(SkU9j-DgGkusH%aod-DB5)
z?EJhlwyEK`rY3gs=T$5h<NrJ54|O2B1cPDChRfZyBJUBp_j@!AHy9@P4sOyxO=fz{
z5l+GH-*#?{O_LflD8@($*MCIzX=x$%)v2{^*?!ZrX=c@7xbxKLFw`-DO!FI{peo?D
zIu;PzI(SIL`0u62v{tcf;;a8=%|9Rc#1*U*w5nng7GvPIa^)bGi~SlaC04mh3CY#g
ztu`8ViF)3TVYDHLrb5T!TOcV+`Ga$YS%SmZd-}I{4121d^vi4Di$PfTC;j;h2L(gt
z!op#FkMbhr`uBf+JZyYpy2l5@apC3$x)i5KOmVG(RPF6;%3*P5BCbDjJI8qF4l|=i
zS84x}W)Qs|VHB&|$o0xTxJKwJ)>c<rGUw#?`?j=Tuhrf`M|4+BVL%oQ%m|Fcru-n&
zgoX1nnkiV&?_s+{8AY<;aE&@5+sbR9Q1p^g*g&NW(EEzIH~+VZ&!o(l_6d-U096oB
z(CkbOm@jZx6W7VJ3@|}1fK<cHc<Is5q$4}dtS!Ade?aJ0?XK6~B((vh6`VQ8O4k66
zT6#J-v6<c4JU~iH7&7pE<89y0aZwY{;6eo#$phS9dV~Bk{bs|VKl6(_VxQdo0+Zo>
z?NbmlrZSnHcvHT;)&_z+X8`?(-XZU-Ahi<)oGz|4E`OJP#(Z1v+32u64jzP7zgXy?
z;daxvFJf`O-Rga{`e6F3aQe`m)v{uVTaf?=B&6+Mbf~}uvmXD*gE_{!LiE5-nAA&b
zZ=>K5GR|S&VMe0|pdRE8GkXgouZ|wYXhym+Sv_)!MqyinQ0##Q+BC@l%0dTDdxU~m
zW{k03)H`wizZvKGi4jI-lftaE%grdbZG~shuiuEj4KO+#o#U+EEsMA1aoK=`9aunO
z#pgk4=40!${k(zM7!R_Wc+3LH_V52IxNF@<pxBZKLkAl6uiy2(OPsYa{b<aUUvn}6
z*#GNCQkU!LiO*i-E){L^n_^tte?gy_<z{`b<d1w~f$hRyp)<tUdd=TICNa!{Vu#}y
zu3Zc918q(uqJyYMFsSe+rBCozdM$iE4QZbX7c}sKnlj}!Fhw~-%6X33BkDc{IYf(3
z=j>u^lkiCSXxX0<jERFrDnZ}Ey@c`wg*{pX5H9Vo`ax?_w;3<JwRxG)`uO`3dp}$n
zsW;Ah(s+t7cuK4g;w}o})`seJ?d*16{a0FlUIKv*91|JFG|jmrSkuvfBZ2EU?}y7j
zjAt>in~RK$E?16?Hc5a)22nIJH7upzZq&S&X=xY-V5#d38&XHXGAFhKnkz0qVbY;*
zENIAnyuNNOGbLcExw;Ax9ju;3XY8E7%!F|;rdP%NMO6hK)mfT?!apZAB072t$3iE)
z=<XmKC?sG$0@@X?`1BD6WwHVpRV$U96)R9=4|&`1mr*Crt1*mT&xRjH6R4@OmN{?Q
zn>rfK2DYEQ>)QQ5rEjOc1CpdZf)A=>EsZ8yYy3??MPsJ)go4Va842c!!}B`_88vy|
zPs%Z-$Gq}h)6wxs;RQ7Y{W@tsfAIpF_dDAjZhMd20|5RW+)V-T!SqRBu~;ILui>75
zT;s{~)c&j4K8;0~%||uu=ZHT(74<dpMWjv#HO_484h2QrC&=5^Ljm7^#eZidme~GM
zH;^r1<TUe!@=9c4a17Fy8Ci^gmJSI)TAMs|-H=q3Uq-XfOxaMGIIBcyx(cHc4UxRZ
zaw`zbDlZ&7-6DGMyYHYu6@`UH8+qI3lh(aKM5?^TOJ~N;e*fYE*y`4jx=3kr`6>4%
z&Z$DPR8ymzw|E(fR>4P6^IZ4J2Rcd3fW4BE6|nYsGp}5kYY~gR$B{7~ety0i6@in&
zzv)#f77!mPoh@k53huqo?O=9-8q#qnBAjBaXnYah;92o=M(MOkztdC1ld~IVs2vIB
z6#jMYVB|x_$d|1HFhaH5YuM<UOHTX4TgHY8CC^T*F*>XXjSo{glQ?R3kz5m9*(JSI
zd4se>IYGlhLvJzC#$~-|weLYmxk$VIz85ZRhG&inMD0PQq@~z<{nD4hFqp7>;n*Z<
zbHXlpINT3YB1NH7_0voGAms_#&w2BLMjo-5XJ9bgop%3zImYqM5;@U2G~Up3g5C-E
z2uF?54u#P9ZAx*-1STz!b>$H429lx^x#~vwL>#Hq5wu?lvg4)mmsFl>yJ|gGb3A#I
zJT8mrn*)>3?6sF+At`TuKY`9(Q^>NxZ?)n!Enf9UXtIpe65$*Jp!gl7qv7GG2?pWj
z`3W$1s2(z^%2z(crF_h|acIZTwgfNdsGxbfcCCW?n28e?4eJ%h`dDnz^oNIySx!Ma
z?a+DopKz-0Gwh<T{;*z_Dl#sWz6}ApZWl%km;NwRY(MiL1>cVkW5o}wWh3&0)|;g^
zo$9Q0@mKXX1j?69qDn4edqE_*PeG`+>S$N(@}^IeAAe@lSE$Dvu5}e_kk%G;JvBi`
zOJ~C&3v&zWPC7dK_a1S}GQM6Dtzcg{Ju=H|#0j-+Tg$BEL~-3sXE$U;Pt{t~d*%eu
zFnO(|jV;yAyYE|9^g7`qcJbHXq%%bUc`g-BkDM;%eXK<TEF^UHH*OKB72Jhs@MoFg
z1lU{xGl>|25eCH!jDL=s<=599z{Nh!1fcLJU4BNLXkN@G>TrY+t(x^4IR&@NVZ}!e
zio|n3|NhW0I(O<c-MK+({G*|LQCm`+Hb*FJZJ&r8D9_{Y_TF$pR5raDNRUS*fr9k3
zt}u;)w!T+L=gytULlA_ql9G>-vS}T&!XioVasjjipC&qmg@nkvqfU69tPQQYv%JyD
zl?%=~6T*xuhB%ETd!q<tZ9dqF2C0uY`R8alnhnlL@$pWpR~Jx-9lB(Uxg)7N+64|O
zCykZR-H3m4@*IL=N}ewt*4n(tFZ6-R-1)ic`r%~{)qV_-I5hqmf@HX^<;7Lq{VFIT
z7?YrkA;Gn4$O2bT48l{R@}j{+|C}*>`ieudBI4~L{GVStdER=*^bmQ+w7K$Wu5P;P
zT4T8E>|qtD_wgedXZa?$(>VDa3AV5k1`kH!B&~U|vb@~?)TzB?nOA0Q_lK>e;9j*<
z?s3CtnYEn*Eoo^QQdi>SH~(zr=TQ>TO0Vry2EX=MvUA*`A`io~-H!|JgiTw0xw<gy
z>F?m*9=nvx)f<>I^rb9j^W@#Y0)&^<Eq2SI4qHF>u=a~4-~e{y$J=>~jQG%B7Wjez
zKD6>Kk5j|wdE!%Z01?T7Qv(-21jfzF(_mYCOj(uWY-wd>g-^e<^ia<iBx<u2PKSgH
zcMA6-#PcxCmM!Cq`mDzBiu*CvM2e;Taou%vobW-|;M1qyJ9J3YTu<%)x7y(8GRj6>
z{r9uMt~w&-Kpa?VwP8aa$PA}-F^;A$y>v_#{OUt}zT`?0H_$+p6N8zvGU(*5C;e7Q
z^`Ui%d=w_YY{}%bv~t?YsXL{%K6&{P*9>dhc#Tn`4ySEA`b6Mg(#Sf0{yeBJ`2>4V
z-km<j!5REzho#7(w~(1F9fOZTLO_7vZu0zexV2j1Y-c-NbJYXiEh6sCf<yhHs5au8
z@9t|0)O0&|jjy6CrSwn7u&k!vd8Z6&q>uM@-@bOOihhGAhy$Peh0%~&ik_bzdI)g0
zv-`ZF$Q=rvSwk2XSd9H!xx&ZFQQsd<nkGK#U8{t0$*R&-%Sb+fw4M(a+Ud&5B&^8^
zuHe#KtxW&^*shrmKUnH8vTlj~T9YnMt=g;Y|Gd;d3I9}oe}5wVY;&XEOJs7c`<@@T
z=KR3dQ3InQQtZ0YGS8V+%tJ78(AjWB(MxWVW9pTfJEne~gTMdQw$KsQ%hU$kvsjGy
za=T0Ur45>9yPiSEo(okaP9;q4ctCsN>IY)uyw%}<Ld$;ftw!d8UE%ldWGgOkD3n&E
zV<5_bE$M-LG{E0~Y~Q04i^*TB>D$j9bUOnSE|qcS{TIW#6}hLApC38{c2(2pTobe&
z?^Ka|O?5E~W5u}Jr1UynYxC?09Ao;9o-|4NKCRH1A`BsYS3JwlAAE7)*AV=WMqdv{
zY(f)LW6*eYby@F%S+mx!AGWAV>-Q0Tk5=d2xii&0o#f+?I0%PTMySLaLwyISt;5mV
zZ`g_NK62$3!>Q8>^Wwl33PWi850sp%a9V13ce`vgOYyWfN~7-0%3_o<X_!^~_d)A>
z8GFfHZdcds0^P)Kwl7w#{%!!mG&{5L$IaJL+K4WO=<$2msalB}-o}^yxt)<NvtDo<
z5<d`I9{79u6Aeejx$+@R_h%}$ysUEXEdLX>Y;Yl5D^U;!PQ+uwkCGvKj?7Cf#lduk
zPMU2tCL4qXAN@Jwu0-)t^Soa4JoutIF(of9#qKc8W6xb8L?N6j#vgim<r!~yHek@C
zD2<AD-wQn&lcZ$c1O@2zll;Tv$!E{H^iUqyzkhg8gx|2|=CZnsV4~E*zrxLRE(y_&
zxL4DdbO=D$$ShGq*Jaae3q{%%v}FplHJ<n1u9(tsQ2Oj|uBU0Jo$4{1(Y&bnojX3W
zm(r#m&@i?(PnB5@%?W1>N9u^?g)GiViJkxKxU7ei8oy`H(H;_o_Zta0L*4m#owJOG
zsA+5_bNezBkmX&@%)~xxCEQVD40Q*25$?EI>=xt(cPY>LSxO#>YL-WoE*Y1|{h-6d
z8Kor>O30?3Y15w%Q`%t6J1OsX2S$?8s?`S#ygfZ<8IhpP7V(aP1-pMmMMatYK@Kr@
zTgz2$cm7P)Ii{~Qm_=r)$*<i<oT~IsXzSIvy6HE0H=e9k8ZDR#XpdxQ#=u$j>Svoq
zDNc-H%xQX0)tBbb0&pFPT)fmYOeHpcbn?(+;-$jd@Olxi!)an986*?|Hs-Yhr*;1o
zp7M3&mIZrMDqljWk?LAeJ!gA(*zpw+vRz!6Kltt20jZi_znJiAY+|#vz$v?Pa9Efy
z;GWu5W7p4-@C40fNiwbTWdDiu-|Jy<WJX*7c-$|A4^yEw`_w&MV0&+qX8NF_=KvX*
zNDXCS-e}Cw)4D{11KRS9T|H>y4|S(xdf|LhN}JG3k^Z<K*zp_DId)xe<Z`0z0jZQ%
zuN3=zNp81s_3FJ+3Ns><xeUT2EIxU6#AASK^E6VHN6S6FZFQ<VFTR%Oh9L(2raeU+
z5g-Gqk2t3{><kFdj*_=eQd7HMb%5=siyKF2rtuPs6DA=$uc27xAP1uwi#8S2WcLo2
zBDZ(346Nvu2TxCF=;bYH`?RzYvobQ)-TdIJd2!^Ln;#0#TW7@kE_ag}I8Yc<DzINE
z8}jonj@;UN`jZL5W>WUL|In&#t5^6<@z0fS$*xpgPp$FDnwu)7qQI0s^n`_re6OiZ
z3kiBsC0g>k^~!*N`8aAEbr#`VRZ4ACy6$AD(&}ToYA!jg62=a_f|2(A%~Hv_%;&0C
zBlq?ALne>$1NZnW*UDtb&Mk%<`8*jpydwTMC{yr<8jd8XoYmb0MIpGq`zmBe_Jc_;
z*Wc+n&f9wJS`M<{nw~X>WnieQs=mw44!ie@fj_dQ>l!XQQk$WX+@6#2%@(KbdGoqD
zi3Zk$T6%vkEF9u~=z5(`f5@@SXx7{%7$B;soSnLDLf%Y!jzxq?bUH|hNSFeRlyK~$
zc&mPkH4n>TqKb-&s%jiega{*>4>vl=UmkXR>#NHprIDjl=0?3$e@{anqeMEx{1BLa
z|IQ}nG8}65s|sksDh<8z@V0Iz&sWhDnBH)a)>Alhx;5lUTL0_GOZ2b58W6COA=B~N
zn4;PX?zoFfGzWHW%s!P9b-!|$n3@fzwE%HsMtJHu`CoXOzShw_qNV!6=lI8LLRjgC
zW)-9LjPkQnp0UwNv*KM%Vc6Z@Z@c%XGm4whz~H|gjH*vhzm}w(x#m<t>0RnFvdG>G
zht6CsAjvwSC(oXFb_1Y3BBgLpc^x!dv6foT5sWtR_x06_k?!4_EHOq|luK6}3}sg8
zzK2D%hriAyk${djKOvqZ3y;`SVH<(WrfTbM$Qnb@?OfJrr3_(x43-}-Z#4#8HM?nD
zTvqn_!n9fre3)to`_HBrk5W_*Kfy%EL0K1*KQ}ZreL4MY+XLWp>Pm1_)O=W6Kc1#E
zagXx8H5u>bEwMP%_f4IoqLfHb{gjsOg2rmUFQRPbL6x1SI%kgG1|9=uqWUPu_2~2d
z4mM+30ME&i9Nov-I$bLMn<Q91xa`VQIfz^@%EJ6rZd|@x2!Q@LSD;)mJ_6IDr%w;A
znPA_4l9<6U{3iiJC?6w^mX@A9XyP^Z{9UzxNz=RwY~!J}KJ-W@-%Eu;u30aNYRd&K
z%KVr=Nh5Q~yPATnt5+L-TQSI>ucz$Mnf~h<E(qoqnf3!GrU+>-FLm0$S0sGkOC%_e
zA72;MV$F7V?#;8^JAd1aXK8%=w241*34LT}^xNm}X&wR}k+}+3m#V4VMS@8%hm6Z!
z*C;*;|IKiuGpmdoo8p>T>2p4s;64uvm~{X70mtX6Ffu7X5Kkgb=BS{pe9z^#Nn>TZ
z4=A%H4iQ>&hgA&+k66m|lcry84JbvFyuQe;OKPcK?)BjOk0JJ>&l`^XSyRJ9Swx)*
z*ApsYPi_4EAI>LEo|MXA@Y>Qb<6txGs#Dt2;L|K;n7u>h>42E+yu5R_c0R8Xwac_^
zJ9YGD5xZ(Sp>2x*%|#LY?)aqC#1h6}7}aMpd8PSOch6VGzufh`qW68s$yq%2q{Wzj
z&i|aM=f6YZU6~7VP^t;)AP!~JR&!1aw6wOK?;_G0*}JKsA#?SGHEG8~ox<nYbNswc
zXfL<uW05)K?%H+hX6^R68neLC;^NK?w(e_eHLlh;nJO0b;(o{U{W@=nP{G^GRXI5+
zwd(w`Z`-d<9x)^J*Mamyl66LRw^iZKMo*t<IQmwTr=Lo&>XK}CVy0VXV;@}2QrP-%
z4Vh@UEq(>!I)>t)po{3fgv>X>$q*ro&zUnqy}eKCK~XLF6J9TGuCAKlHEnX$W+SNR
z10|nfz=Xn2X*cI<H+UlCk~pftL3(Q=T9`O*(7V21UyPkRckkYGk7RI-0n>Nwz{jW@
zRZnqI5hida`ymxQBfAMh#T3{4j>;D4Luw9IeH|U^_Qm4;Ot0wh=AX5cviMUWy8JR=
z3AyOKt@)bH&!{9|79lc28OepDq$mv=wjR3;$Kj8s?#T=tI>YUVlniYT()oiH@9HFH
z4(s)1qmIn3Ym(}^9lmrs<{`MoDDTk|mserrtBi_VW6@Igbox5YaF|ce7XU0Jb?=<R
z@3sK_@vd^A4|qL#`gX}X@s+iUbZhei7q4qwOO#|+K?M6;?MUiJnkzUlRYx+y>`+-j
zMmo7IZA72*=c^nwu<D@U`8h<j%+PD0{M(6%Dd*qq%j;8o$m&}RSUbId(I!_6O@kKj
zvh7TVyVVX%duFF$Bi(q?-)w*Ol5a11^_7u1@@M*qd*WVsUU$D{PG@e<qIvCo2L7^g
zu1R)Y^?XOG;ldF0F0R81V*)>`p0hiFy%cJM&{w9U@y?XWiqaSN9yHxh$pl8MvQ^jX
zKA>X_3afPBcu1I4UyY!E6WTI{<0FehpVqXBENZMKzuI<hv3J5^)#jcDe}LT=I$4CX
z*7T41CQLr2^lSE{shOtp?OvIGb~3G+K~>pcbY>)mU<>EZPyY2fGn$A?Re7!PQ^eKW
z$RGYRUZ^=Vg2gPv7=Hr-0oG|UiqqXVx<IyOWJfUzn;lgm>7G3&0v&AGa?fUBem}V%
zqVz)~$bVK5h(PS<P%K*XCf~JnI(Wf8t!p4|YWaqQ(mw{hivyK*cUfq6160xZLzm3a
zc(Du`w9>?6PJnsmjFy1NnN<=Fz1xeaI1#5dUSC=mzjViE(M{LZKOBz~&sdAlzF;cr
z8M95oN(%Nx@_+DH^xgA6x{Wn27NzSl1mzDTYnj*Q-`?K3YSN^eut{Q>g$Xa&VcWKJ
z2Mev+OcmM;J5->@GfZjF*lTO9WhSpPP@Rq=0M-OV9?EJbnz8mXVxj{cSxF^koz$k(
z$Iw7fWu&IAzrK_JV|~87y;!LUt{vMw<R|t!nssu5I~rBSZIxpePn3`S_38?}z(W_$
zOJCPRugcGJd|@Q_WbH&BxqJ1IdHs~4cXk|DDyw?#M#aV<9a9maGW~^)Wu*QC3DEKh
z?OIQY$z5lOlBeNUX3fB8-)^UM=@16mC_f36K=arJtD|<ZKlT5!ubXlt1D6To)dB`J
zI}2C2cg_`@nqG4k;@rgn?a$mr`N-G~wx;D1CQsJHj`r3izAgQZ3(ANb$#yC`KYjYN
zO|OGihqCk_w_CH)CC@F6$aG)^;NQ<)#cj!Lx+~#7&AY_^!}<CD@awRvcz*u<7~~0r
zU7TRSVK{^UPSB;cjWq|TXI#=6s}^`}1p4YmXQ8;C-0Fc|fXrJ)ZC9Wy(_suum~Xve
z+*}dr5G*Mnvk;)H1oKv$6F+B@*AQOs*Voiop=gW~hEM~QMBV7>o(>oYwi8|_C?Jqb
zSvi@%g9Nz)>dl@l78bfczS2h^%o#+xf=&Yh4LZ4rKOTqoA|q=9vs|&YnLWGH9_TGw
z*RI{a3RKE&>Od<O;l5O6u|!d>BV_?-NA5T>PJ7OrrwB7hoB5Li+Ch}RfJmoLF9JKX
zG<{FJ6~ss0-b3AS6sY<0aN|wOvJr}kHaW2`st5BMn2{TmEZ6a_n5}8xXe|Ef>MWB^
zk=-veFz|Z$jbxu8OjoYxD|yj!xndTVf|Y@pD?sJnF}F(Js3;KfWHzz&ut>Rd4g;Jc
zIto@!5cRaR+wV!+c(YUcc6;P{_tr^RB|H(J_K0ux#;uT_fy16&-Jm=`^YKu3H9!Kt
zgcv4!;q_@2W8+GvPd8VS@{H3tv*s!;L4=@&IG96*BOhM{*MX)p-l|2_Itwwo)K&~P
zmyPMW_+r%8yyYW%mzI>syF*B>$_^#p)>$PyyTGJ*A#V|2gn*HR3ZEnl!meEDE)Qli
z$1eeYFqej^eT_||;li+j?{)k>zqAu4Pv)a{(ovWxA~aB^<BAGO6VSM8@3?h~7FM?l
zHzfgHpr@xaa^xx9VGxrQJt_Bn^y@+J8h-y?Qg%{Kee$SLT~{qqnK<$DwyFHZ10^?+
z4UhwbW(k8fs91j1)g69(=5>)>{0jSci6o`@iNkHfLJgF>dYLYnsL<7@nuHymSF>3V
zY|lQQvuW@$$ox{)v-_$A*&Gyf!W-;?Td@I&6MQBxIjJgRNPP1}32h6GTfYBtmM}=1
zrhE7|=stDz^`YmG2<6?ifBF2msO9(VgJhqC<f6=`8JKTCWlx{6O4eQKQyO?URFQLL
zGlmbx@$=M^wLZSS3U5QU?$Zja@K_@}*siEAkmw>TAXyc79#Crb>}#Es83TKnjtjPY
zRUp>n^CTlVCq$VN&&_9U!RLtvK@n&PANs-kbM5u1Q>Ogl5RJWmH=3bv06_pNBYXRv
zKQHRo9vFm={jcKoTC*<;*kZ$w(24*-pn)J8ufL&-$C)o%HjT+}n08pTP^f(=`_wR3
zLcyQ<Boi6a%;<bB51{O*Ljr(oW(`c8kM~^%=if9~pV)q%&|L@qiY){CZy3?X`Qqe1
zo8iM4RWw0?6e~T2w3p-s|5!jdY9F_)I~OxYL$-4KA5=SjE5`l$^~<C7^&CckJ~(?f
zIfFuu<BG8bz?Rm~`LPg#d3}SE1YkclJ3`Dt4`MvBQ#Ku&Ks%gvQjp=0y4O9Rs{Q6k
zHVkt7(pXC5A_u_K^srezti3xUE{u_vfB5mEznP|O;d72AfDYTK1JPuDxm7L<Vq(E(
zHW2`zMu_B{WhXB<DIp<2^ICoi6Vbna=aGZX^C9DBWkew*qPJmZ$27dadmkbf`B6~<
zFoRv<o<4p3bG)_=?qD`|?#z8kBpI1d%P8ph@bgHuXqEU(T-Q0yS4V*akH&?>V0p2$
zeQl12TCI5{$7@&8v2-39dj#Dnh9{A+vAy#P42H3LuR3hs9+dT~zCLMBi&`AObO|-=
z<#YJ=H1pycvMg+OT^Topg>~-bw>z3i60%{>coGNQcpJsOLK@1gu&|pEY9Nc_YClFA
zkKWS77*ow7s0d*t?x4*ERr$*oWl9_(AwyrR)m5~55bE?4J^iO{|AMFh5!x;USJc3H
zA3rASC{bn>86r^q+&AsSN;@S<`01YH=~c&eRDxZ1!PC=i{CLlduauVf$r+YmkJ9t?
zBu~MZ6;erN4c%K}CTlt3asnim>v3@*<~_7Uo8GJ#=l!~9$+L8>Udx2lXJ)3i`xI8%
zFx-RXT7xZ_JP!Lz1Eh&ZL+888q*29Vo}2HB6u5v;59OF0h*%i&4GlOC;lnSKeVKb`
z`>rb$cdJPnv0|ZfZmem`ScIJIVbHV?lu27PvQ!cD&KV20Q5d{IC=RH4@!)}2(F@Ss
z*k6uVVSjr5{E)`l$s8_o$gx?nM~)u{3$nsto>t)m(6=pJI%&lTiJdS*0>)7CRoObv
zUo0lKhVlB}4&0p?@G>Rktlsd(8Jf+$FTcGV^pjQn+^ago+})5D!IKTI6DCM}Pm?Vj
znE}W2vj4`agvzAfRi8Ud+@idOWG*(_ho$WA<1=rpsc9?!Z|LipPlg5Tif(1Zt90!m
zX@a@HmGE+m%ng`<62ie@a(u^Dkuqs;PQDY64OXDKEt>ilrk<|9eP*<2Oo3nX#4mHD
z(dp&n@2W~JFYMK9*Zr8Cq-gE+1|lSt7H11inz&6twW!2c9|m}Ly~ToYrL*SXm|_d_
zn+e0k!k3tsJY9R8aa0lITD&?_P8-Z8Sz;In{)J1JyfxIFG{d6Iweg!b>-F)}_Z{tT
zU*x=ys?~kh1?@+ULDbQ(Bw?|fzIstwA|%=|v&H#pMfP%yV9ofByc=94GP3Tob*bnh
z%r)o;<mB1YucwcfS;JAA{>P*j=uLDJL6$#L8d@Pb@CZOZXIiR29yzUBRea-d?3$*g
zCT<;C!R4$O%-&it?pY7<USGq9y0f$`w=R6Lb4|EkkVNKTav*&l<q$$MDF`;pWX$R-
zE`<BgJ7__;##R+PG0O+;30#9QT@|wre=Li&=vjA`Sq5U-c%WS!BMU+6?~DNU!H<s#
zrn&p}eh-d~H5%tVw61oxXHovss<ir2+u0he(;DB78zgRnMksdHb0$w8JAc*hd^htT
zL%fpr*Q?dThxx;F5seW8mI;;bQX8T$8P2dzy=vES_?~o-yvgQ0Q<R}NXD-7fLhnV*
z7&`P4M|aUvor;fnXIZx1-WjjtyF`ZExzj-0MYG}9+;H97JDb5cz%6ldMs^)%>}bcu
zixm%~kWWkAo*{WE6gw2HxKb#+p=Nai-T8@%-^FH$7F8a3Mp<aIVuikb#&PLN&QaoH
zP7|UOsNs)&5BK~|uierv8+G5kJuSW~_HX^oKH9^k3$Nq2I}x_vLGu0UA2x#ue62=b
z*Rg%OxFj6~AjnJ`y)oV|0qB~@4)O@IfK{2xyH6b`*<Iaegrmkv3*l4DDGk8{lgxtB
z(!2QcF%!m0J@$Ji+wAW#kb50&SPFNt*B40GctMxa&z~1X+nfA~@gN6-)(`T`B|Cpa
znSO^{hXW_J4n-OS#X~bQ*{QTOaLlEKH}K<<bLxm)B6<4CJQq$80E!MB+~CUPgel+;
z{9@zH<HwFwO?tt2ZUV*YBIzlnlf2KJ>r04}lXGGDaEQ^vU~&)%qLy!tSR(rNd-oVL
zd5snhzk60i&I4fL3NUVAuqh5(b946z*DsdoBQVFK{?N#aG;Rd}rQRiYa<WhTh@g%y
zOG8UwGzn(~0KRbw0u=Jx@H*1dRcy<mTJl{^GOZy};s-dt;iJ+P#Fz@BSnP|g!YjNx
zqH1Q#c6)m~;8c=M4^pAk;}=Kr?LW<KBR#ep$u_cA;KULVm$=fe`{IaPg|-aIIsIZi
zY`t;b8IpMiq?pAbee{XWh6tlb!;w<j_gnu6^(Es=FDXBT$?WoE<IU}Rj<!A-&p?Fs
z+3U)>s%%bn%ZppK{KopjCr`d6-;a}PbAQmvAl2s+K5o@;MC`kus{u(4>4%gJ4!@=4
zJav<6B=AeeVC&&;qy!ZMxEdU4{SBD#IlV{IQhN54T*=4J&$AWA&Hk_#RwXRT*ssU;
z<?uH)3Pv;7(qP19u%$~|ZJM5k5(<?)=9+vonPLiK2s&b+I3&*G=HS?jfswLV@Pu=6
za=w52#zUuNI|U*1j2VL$9==?m`5rGAit4yFijt7Nj5Uh|$t9H;UY`6Q?E@e*x7~}0
z?2wO?TrZ2g>lANY8wdFrSv5e%zpg`nRNJU{^CahKYHDh5)rfWokl3r?o|9DUO%0cg
zF+q2)w}!3^_<8x<-r}=CuE0~leQa#T1>8en{LPlZkKw{{#-v&I@*S?lLbEo7xK}}Y
z8<qpvozUo}dJtt_FOw>aNi%{5iI{9nuy)&`8yk7$%7qDQ_G2T;J7moh+ajWM-*3Kk
zw~PTM-p)PQHl(4ZWBSe?)++}?(ne<V_Ng{mwMuX%#AuAm0ZoX^y=E`rmj*NO3nWWO
z)>A>ZNJp5#c@w-S=S0-uy?JpyO-u=AdpBPD3lzxoKl$wCt5@G^8*?Nt%Q$M#7ZyHu
z#kmn$Y%g2pnwVtKwP6uguShZ?F9Flx@8ko9E?6$K!c1b===D$aml$X|AbLf74PJo(
z$k!1J((M<{pzn6o@qe@`a`f>E+eoPa1^ZtsovB&tDcN9m2dG${!IvXW`>WoH0dKRj
zZ`0Meb!+2NCyF~(7!KUR_J8&24@5tjqnj?eAd=CKMgmWU$VA!bueZN)EH+Y_@U$KO
zG*25AW8dC3d!rJgK!yy_%3aj<yj2W1Q2Fal96OdM_;fhM^Ou%i3KEkS=83YkJ?B%H
zYVK)X%2>4Jt$@}{O#-gucJXb8Mc<&dja_ZOWmvzyNBayMc%^)#ujKQ#d61+*lQ_hM
zadI_<hYd$EqwxVT6`wxQtXC%8{L-+fUvxW`h7CPLXUb|yWsZ6bD}T|k<BKTS14fFT
za8|ARhYV2Z`!58?a1#_!OzGi#Z(}3m#2e2X3qa|(YuDloBYWxQ6?b=x!jT#w9|<r3
zKJ&)!3*3cavB!@t$R8@X!;qH-Q;K$dT3Q;!8oC3-rr*VHhT8hW_c$kW{L7qgM4{_T
zuTZ^!Drvdh+R0PsJANgH!fuAv`L~=9%tu@M^p}ybQa|VW`?c$z<Zre(E#s~j(fECe
z+z%QcB!beMTbIUGG7*I=aJE9vVKEZ=<^m^sf~MvkqBFHQ$D?2{n(8x&xNK}=WV0IT
z3o})G`*yH6dsYlqT!^xQ!lTU0*c2;9n5JiE=MzSth9Qz8wm|25yzwULn1z`iAamTU
z%!SllW;derDG50D$B7avcjyE*O>7LN;=E1CvfNEFH@zX(i$P*u;pbsUf3}U!IT36k
zQ1Gg+?4`o=JZN?I!;<c9Vc))fm6nk)8@#BUm`qO}eFv5+%?v!97qH<11GRE{?vtSy
z;S+4WgV2SI-xb#Uj}O8nT@AB)v^A-5&ccQCWSzth1Z!sH4|_-~*&@tq<&GgXH999D
z`Q&#JH2RKNsueQ{=8)G_Gg1xjmy||Z8umhzB$y{B{y{##ES$?%d+f~2nBvd;hPF?p
zo^I?txA7H-R9@orHF}Y%T3m?^)IA1ZXbKZXBqZMLxEa>Ja}O~wCCJyeEHe~O>#kq3
z25-<RQY{ihv_c(1H(MlDoz;jv+OhpiHWb{GIVT4R#8#3S)Qzr)1t?ErlEs)7yq!B`
zrQn;#(#`zr>o;MldY5+qv3tDEaI984CSuVTviPt^D*-ZCb6*vu6S(TJ&xR#tKVhli
z(M%Fyr7rbx!`iiH&YcVOGKebkC*LD2p@@#wdDs74k~E+R$kb(<h!elgelI|OVMPf{
zT}MLP%25sJf4#MJRQVyT=}lyXgjQ>JL#jSp;^=KciEL(o_W|uiw`Ik<cHM4gCrj&s
zDh!s(B<iiZ=B^nX;;rpyIVP=tafUL|sLblJnr(a{0Tz3=$BD)Y46EyPx{Q1pvKqw4
ztUY#h<y`%WaoMk5FC<HlDcuzo9IQRMT4mFizEO#ZD?Toks~nXkEc|!CL99M|=gEr<
zi@Hlln74gYO=Z<~gc~WLLGeyV*v;ku&N;s|7()ya1tJCdgH#qZjiX23Y_0p*FX`;M
zFYR<v5~D|c;oZb(YkmJeIDwHtuW0hY3CZBal*S0N1|UDfFL2hp4~Rlk>w8$o@qr(&
z@{1ZgYEm2s;S8weeC#eRzN?{1ekDJw*!Spg@0XYlRE0$*N;ly8!e2JRrX6IG3>caC
zbHuN(VgEv>=ca@@?i|D>&fHENJ4(IITXkpKzWzZ<ID9}W0zSg62BF^5>;!@RcWEi(
z<^N&-6%1}xsr+w}{|bW=6M20Z#0MfRJzb(CUCE&~3dY$x3df$An-F2JWVP?5ka9W2
z%(~Tb4yQUl?)M&>>x_(AB8`kfX5J3L<Bw)M4;GCX-FGzA)S(=y2KxHsX)ss7HLfp6
z^PgX?bI|4Sic4jq#Iz<cw$~N6T(SxQoxi0`LNR1}r&8y-cc#=%JX1+=@f){pv99qJ
z$|FI3m$oqKQF{6|08PS*OG}e#*~R%Y_pWrCv8LOON4(4ro9mH=>7Jc1Flrtt!!2C@
z!C+N0*}gj*96rTad+WvHE)VmOIgodI;7a+H{egF!qT(DyPb`igaYD7NF`UAA%ZUR^
zfcox{J>5SR7I$foIZ;`;rmAZ74Rwx1_ztvb8_J20u$zc5q|7wH92|tJI3$&GV?(#=
znRMHfl@}|VCILq(M4%_z={cH7X(P2Qa8_bH2~)9-AOBYExXQV@)1rs@`KuN#gaL0_
zI04jb0Y|TMmueF(f$SLh9f%$&%F;1{62frgvBQT)F_7ieE0i6Bw2Mi28kRIDH}LP;
znwrOJtC4qA?`>D8o2e@IX)Sb$_#mqfy?L4Sl0J|(FTM^tXI=47tz?LVQPKm@%s~t{
zrWAPIM&Rn*TiC>q3aJ7W+!=UH|Fj8SmXH3yE`xm;;$GcT(Ld_#VSO{VR7Q4ysKy@M
zaX(C@<JES@-gVTH#&X;ieI&UO@-D*7WWVyypNVJfwmj=3a~&)mBhqzbYOFkxo*}Ix
zx|Mb$O>6Un+FVbrjJGev{8G0(Rgy%ynNUoX#*fc79LpVJW~%5Jadx+p6Di7Ry9s@m
zSF0rgN<A^Mv7vhC#n&S)HVHQ*zXKp7xbXiSeNMUpm0_@CQb!a+{|EZq#9%p3xyQ>H
z++^}W4#<&o*Y+^b=d_*W*;fZUS<;#ENG8JRbWP5STi~m07ptdNc`9y8ZWfkxW-;+y
zd~}RAbg|TGX%9<@Vxx^RN%Gs%UXXyer=wgt)C<WJwW!oqpB*uG^NeR%pJF2T+>yQC
z-g2w>b@pI^>fXFQdqWG!Z#4#C_)%Ou6)O(N)`eKAs*g+`BdEL~1>`PLF@dvajcO6A
z>>f$e01)q)#an~Na!}uI{4SezIBIdk&)Ql)HG3<GN68)Th7Y?ZlqMIO=oF!ouNg2c
z#!V{a`SS-`eTrhp+Y3ie(+-l7M}K5FI%Aw1euUb^aIzZ4YJOHcBgGg+Dh>B^*3h9|
za7Z*SUi9;u?>tOHBhgI#&~5E2`zD}SbvL9I0wMDH$OsfR`yr{dwlB<vmq&PphAW$S
zeR@cy8M`LAv%4@&Ct~oMJU9K|#U}4&%B1hv2T~VY(`n=T9qdS*PUzs=PceQ_kC@8D
z+F<$qRz;C7%~k(5dYj&?Dj8r*ttE>WE!s||%M@k`6kmUQWZl!raWM<we42WGNSIl{
z)0T~C@MZ=59?2v0>9|327~wT|;#&9U=yHm3cH}|dzpN_wBM~;6|2^|;-)%C_Hs;x~
z=&^nK^nsKAdCB^<|G_&ua`DycHr83KZ7TSjyiS1MdOYh`4s1+qQAlVg367`Z+1qC7
z7Pt)c5@;@9bxq8jh55EmtDv$HJl$z+gpR_p>uYC2zDrF_t+L{zKAF33(e8Kl|F>vo
zA>$myv^*&&g&|=CPZ#2N?AIe@B_+oP&k*F|5`$$ezH4Y`@SfTH(C8?xiO|S8;6%)>
znV_I0M>@}(1VKob9V1tJ(*3{zYDHGD)U3h0U4ZOG);6>ih{Pntkv2x;2ag{USp{SD
z6@RL~&b5^TzktV{v%3}eVY}+Vh4<(~Vd^Gblt-C6vNzboDUS#8TYViY@u1WWH(SyU
zPbUJX4T(7t1u|tQAdd%VB+D6jJXy=u189qZlf$$Q(qo1YYiJA{FVVd_iS%IdbN)Jv
zvl(iD(osrV@2zO1zHdy7u*a3|xyfldFI6~w0rOpMn<&3#^}CQDHx<KQonA3QOZkzE
z^HHM-C3)ELVcIf$zTh`$Xt?cLN}u4wML*BpB@sIgZ~Ox-0QM_>#;YL;0<qA2qjsf-
ztCbtnuB!FUikPccD-ou_4XWo~$lO0814YJ2uRPe~Ra#nIRaHZ!Yin-R_EJSUE^$Jw
z2;bjPvU{2;j7u6j)UjqaB}g-dxIf=?4t4^IxloN?L7NeXzwi;i@HT$a=R3H)E&}!W
zl1<0(J<ibO->JWg3kskuZwg+|J`x218QH1|bg`QX|4+Kuk{|z`E>;4FDy2=qmz~}3
zWcHB`G2r03x`O6!;<|%S>0d26T<zJlyI%|ubXM%4n4OSqCV-Ek2SO+w(M{jHhw|lk
zH<iFW`#|Y9e8PKX{aLQ_^qQS@3FtoO{<EQ*PrsC%y)dHNAhGoD<8ta*$;s<Tw}3;S
zIyp5rYzHBrTSOifCnqEJlT&mG|AYDrQM{pR?rhQLX(FoJox(iK9t-=uE0TB-IC0HX
zlMI0Y=HeYbv@<GXitITb_l`6^F$vM@Xf9>#`7Bsyv;c+fS@WIM3l^N<WJ9w=XB1;L
zfI<ZYg$8F$r}Ta}?FSh)Py>KM!SVxc#Y^_c5phh>kb$4>R{cH<0D#o!oSx8HfSYma
z#*Ie{-+RtIMDg}mbe&Ujc$SvS<!vbWL_r|zr=}2?tIZ$MJc!m?t?zK^ZXf-Ty>~e|
z5z`@w<Al2jLpf0p?bCt~veCJsE$^?*9Mc#2w)wqXaVYjhK?r@6{1zlnO;)uLmw5A*
z+yPT5zqC+thnb3t)(GrKDF3t#VF6PxN7!6g^WC7Rs3`2lefk?b-N(yG6e^sum6mt7
z85dWc744_DW?jjsoPwy15V!)n(fE2dUH0OI3m49udHbMR%rGCIjavWZ+UuD4hLkUj
zrBhQi1NJ$6`iZIL>^K_h%&H2qF{Tgf`)mN?u|dOyoLtn=Su_9R#}?FEa7&i>tn09_
z8}nlyeBMS|98H3j=1iDg__kF2{HX$$_~y-ACU2J?ta|KMxM<6DQZAk}lVE7I!>bdv
zMri2UaY&je<zbCDE<y_xzg?JU)cmX5moisjt7ygvUG<SC4$2vQIFfR85q+!f-MW>%
zzdkfzVjKt%MSt?nQ%s4zzI0&Uz8g1fdiHr6+ZQ|-1kK%4yZc)GEowEB!bL$C)MP;m
zK4fBEDMf#0%bd$WUCOSxsSHVa;Hd3QM}S6cK^^l7f;t=QL?2`O;=e({ihXF>)z(xj
zHY6}`$mGfO9)tJv2a=7CZ=@iJmFp=cF${7JXd#$!UZT?^k7V{cg06QChB=QHXMOy-
zFmO>W+9&{Y()u_#-9DUucy{3)wET9IIi3dCGlI<>8sWIFBK*cqRH^JA1NF;N;Ug$0
z;Atuy-thNjV=Bn3*vya9dWePFk({lhyTp<cB+YBDU-0*5@d}QCyLRt}XlJ3WCMNTU
z%>fOULUM_b5rm_D($Zf`N`!&ainF$=%&STqoo-IB!o8o~w+`lcyUfgFk_O+fVG^ED
zIiI>y8mhEAjJw0ExX1R6GFl||tVuS#amqiDAkdnoJCFeH1D{9AV4-X#Uj+0T(91L(
z$DXClID}9^VpHkD+dul`E;&32dYqhhmY_#4`>*L%DZJKF=eWQHMjzB2eLcCDHw)aw
zN*UPIwMUQfqeowQHSW@HK@cUT<wllB6-9=C*LaNXuqMooEuv^zmjJOqc@v35LtdZi
zqGgv{RLi6JLx9o9N(R1+QkP!u*$y(kInUhj=~;3;UmqXFs9fe!U0Yjj<1~G1R)@PA
z7<2*B)LQ#`2Bg&L;v@;TkU@j2BTIPc$O4&ODey6{!i)U9eM?<$lb4)9aYl<53%yWM
zFF#-3y9o(oioZE$Xk!nUu_uvV8`u-x5L|jEGqW5V6n)EIOwgzl{}Xnde~O8jwPTYT
zhH&81kK)4~-VTrDfZ#0!<Bs6{kLN;i*Y|X0+`@2R=c8qC0muYtgk>x9EuMZO9}}{I
zxIg3XH@^+6ZYSp3_h0DWJz5VGQUKRAjv6b@T)eo|+WP3K(SjFxL|B-|VDAYNCak``
zl;uI%@OI^MF%@;7)gI#FZykC|v}1D!pS@Dr;s?IaN(LM;0Kr<YfFX+?;6D(Z;FBLJ
ziC~Nm1Gsn-@-sVWl>v&egPxv{I~w--jl<MB$^ZO44DxOP?(N>aJ9~u@QYvd6bwst<
zrArqpU$xZ_#2BOHHKd)GJ4GE2fMK(5a&y%Ic5`!==k|Oz{-4_ts9D>2I2`&AIv0Bj
zW2>pB=!s4EJWcHQb20`Pyt$k`N1m)5=N(nPt+Z$AX%G>pTW3)rfvzAtzz++a2DeV)
zaQ4=BGF!neLU%<wixv6?2JFIdo-c&STU(wjz7N|;_-PAlbI;HyOiN95c5z`JloS{D
z@7eS8xpVcb8ye?gTIN6ws4d9$KomW0t&5mjl^`ShtX2ka7Zxc++!$S)o^BmFi1}Uy
zQ=m*^08^4{>&o2gnf;hqEPQwRp;2BbxccSHCdZ+}SBZMI!{O0l27^vMBYDZ8vJRNx
z8dJWsv|Hg{|ES{&`K_Bb|KLOyz)5Q2jT<&tsw;@?Jtz1pg1W%nI(n-^#Q1HmC$wGA
zCB~izK0T~6{~4~Dl#=x4^Vt&+8hD~1<>@R@&r_#_42HuOS`tRb7U~z8+W#f8X<h0m
zBLjl-89?t96rab3dP3-hy&@Lqf=$3~=CA4wBULb^dmSgYz-8a=gKhmqnd8WmL)*G2
zJ2{O{F@^0K91ieHyjw?%2&3f%!O%)Qcvrh@^M|dY85~J7-~{b~9jCQ}_G+|KIZvmK
z{X*Gi*bo0+6=w}GF}V@mFArw}H#3-g!jvgO%15~Ru=!Ts4pGZbCG2mluCM<O2H(fo
ze!60Y9#uE52rw*$klrs{TK`Nx`sA&HAuPZ^=v*Pg#*g31NHg*rLI9Hk+_Z+I>#er$
zCLFjdH9l?EBxd0NE{#l?U$mRrinAJ<R?-7uY{9<AeZ(HH7$6#7Hot5*l6`~uBMaxl
zgGKMU{Ii^6UnD1gz2Dj*Op9aohcI*Yj=G$f;aE6JGUtQ_0wuphU;TUgulouwPAnET
z4SQOocR52jeSG!5$n@;_aPiO~L-sn!DV`WSV}Wz}`}cQZ90c<cM}L7JYr1#@XR6L)
zVJWGtm}H@dH^<%Cph*N(pe^~Y5i|b5_A{^YBKR)Bd)&bi>Ia9G?9^dnZFlax>Zztg
zDvpD{>Z-kw=MY4)NWoeyM@C3<a4g{@54kbwctnN~jKEu4^Y>I0Jj{_STm{|V@+BGs
zs<kB^Gm0(b{#mkh3N#{VMkA59ef@ePA)OzJDL*8Wi9wQA>p5RvBrcQ^QN~>|$F5uV
zm0H(A{m7iXw}NnmZTp0nXfGyyc$isOT4M3AdE>^cs_M+aj-P}XY+`}qHf-F8{;7tP
zhi-Y{wy88uKsc*^{kmFPW`8%8)xxl+kSb<73}A9uT%2mHnpkmfaBHyREpvlPxiY2U
z?e`UcjdPTm9S);s)V4njy&W|^f%0OVfG+D>MTHF|XZfL6Esk;>1>3{=it4;Zm=JNL
zn9@xgr|2#w_LmC)qBx>vx#q=IkYUobEl-xX76hyjE_bgL{jK>Jl;Rg8oN7u+;eArm
z(wIpRw=qp-)vEmOK6l>20{lnRyZohED)S`Pa&Tz}oqApLtMpwNN0h>8QIEqa*oL?p
z{vXB5CT_VipRBFMZ;7qBY4z&WmX-s0_x{O{dUr#bicVsYLdJW%*Knap`my5l!PV(A
z))^2r1%37?7Z-!<>%52mzApR6x?Q`Pu-77{B2gs?IyT-+dFud)gjt{HB&Ps~@W)l?
zg;yNVzRti(xKNrGx7yeY>fhh7<n8b;JxuJfqpU~P^cC8g62@+V-g<cm{;yx+_U(H}
zI#T8^b)sDGUrQ31k2sD{sq)?+i=r>o5^bM)L1-N`RL#r{QdMz2FanQdvx}68e}PX^
ziBfEO{QUf2d`A8*AS2;+ReN$~{~u+`-Y<uj7IaGloCo)y<4rk|osp5;LAfU}cO$KU
zpka6cQPU%h<_vJ0MNais*8H>&wLQ+D<aV=H9)?NVrmS^O+bFanOC2t}7-T%)7|P~0
z7}YTQygS)4Q_1munmcC>a!eG+h_rgj$I>=l8-aT#3$D#Pp{uw!ylrynp;;4H9Pa6C
z9&iA2eDh^xUw*A-Abq#s{ZMzdyu5%dPGdzuG)EtlSA%ihBZdzLe?*qgdI>V@&)7^%
zBmMoSLuqnPr#(^?c7Dgby9XaF$M`^TiqTj<%6FN9`_Dj6zowo@{w(-nq%2fj`A_UH
z3Ig*-m(Mn%iSVA}m_<Z${c?F=?4^zI*8FnfjlN>kOgXxSbZ~9&2JfG|Q*Pqgj@rd|
z^6R`H`=A@8SCK<mUlX?9&28F1#)Hf2MW&kbzfMXij0hgA>5LkQ@cwu!wp<JUQ?PsE
zf04EN{8;4maO8lZ7&!ByAZjqrZY?b>+bfQE)BnEuSeR}~2}PR-`{fn;rEmQOGJTc)
z0Wz&#lEXlLJtjOaow;+P9^<N1Sy8cI+;#^C#iAHvhw1;qEO{Vvo1O2VY$H?l8f=;Q
zH(St}1uxU7_v6NkN2p6b4UdO02IkKZ&7D}5fxc8UJ_8)dYMJ%zjN}>)XfQ)8rg?;f
zcf{UQ_>)ytj~_l96upXE`{q5HT~_B3Xtx{qtHssZTfF%mgHBZ>@1=i-gS$}wq!p*G
zNZvMJ#fA##5@_6?PwVkXN_!-HmHXvyL%Lmj{W>k}$yV5AdZ|Zeg`P=>TzzA%{{EoQ
z^_)oZ`Cf;2&m7rX!5wYXmI?op7WcZJNM6B}=+66`BceP$G!njuv84}_ORdT!KZ#%O
z{D`)CPi^oaUN7M=cK6IV<+~2XTl=fbw!bu-=K~csER3!Ftl8~&Z$NOuoyB4^Gy02%
zZ_|4pDCuD~7S&I9xJcfJdqr+>R$Wbv2{Vh!81|!!rn|Rz^QiqE9&_QFhSvdLG8(Cy
zxHz1;cnwCw+*y9?2OVqn%&@s941AOiIK<{M<3bQB^hPlOYdQysm6<CHD{568)wQz(
z{)0#qn8onLVxW!iZ*a&4Dz6vCIRhi|_2qMPmD*kG6e)l?NeA7ezA%(gbMSo<?-9ro
z(R~k*qW))(K}lvZp@qfsuhkZ^(()ZoMrX~z@&G=bqod>4vI${^f)f@GCnfcqQtbiV
zVQ1*b2y{bAJeWK>@hPi9zDqE^+FfeFYNJHw#$GcVrV43?wBiq9G&u;E6RTo6yW79A
zXY%TBRHs*LS3itWR#AD}b&_iToDj!tfvjU&`Dy)~?@w<${DnLd8n*OUJ7_M=^L6ZZ
zdNlRB3pbY}k47TA{vqy|6{F&0R>BGItfaCRGqaM=c`hFwve>EVr)BepPzfPzx5%Ql
zHP*}gwh`yC!qx(UaMd9>*5^%uLAOv>_jyVRd{?DQ2HpEl2qdUvHnA36>VFKVKBw!U
zxG(@;>77<BpoQ3L%^iMSM+C(77M8A=Kyx>Jk+y9!@S?1Wg;d-hxSNq)>IMNCjX;W-
zHJq+J=+~MhL7K68H^bov^oO&jPxsXPDld4~PX4$HdJ<1EV$yHYjm4vfG6P4@aq4B?
zTzZ9MCp`<g@d#V(zDH*l7EwrDjuysA!aiM;;b@=nl=isCg{K9wLwjl~ji_)3OHDr)
z<u-Uk2Z?pWQi?-f@)F+Ovv0Q5<<CgP3M-GL7%8wv1qViSjI=T{f@gQ@do+&1m1-<%
zn62-W^;TA9tlt$YuB^$s#9<-`VYxwuf<Nf7z;tJpf#UAR6Z-c(`eeNwylpI()+<{z
zMcRxC*br-0D+}OiMR#B4rTf8yy+*IUqh5M#=@qV+#}{+u$`24Wa(@bp9Ly$Yi%Q*$
zxoR-W__pxgLLeEL?9975M_hPq;X(WNx377=2MpaYbEbXv2f$&0IvR7>Y4`4o?}NCc
z1iPXW+CdMt;zYhcjtOSjZDIkcJn0UyXC}RcmWGseui1=|Ba2B!GHWOd{OfOjVg^ey
zD$~@muNPwvpLI)zP@I!jM}DN!eCVuX#LGC2I4Nxq<qa}oU-tWn<03)h$F}RqXOnPJ
z+8L7whn(jU>^fqjD2O8EZB{;k7M@G`{qapfu6ta<P*dYG;}Z}tsC;;*oF@Iq(_bS@
zTDUONs6B>;hH<3{2?>1ZdEsM_6HAZfHXX<0v1LZ4T3Qc$CT$X&HZNpgzyLngtB;VI
z_v&>eIvOMEnZ0|t6)R(fx`V`&bf!j5oRS|ylOq1L{q2))whY{?N$xR&v4etP&12no
z`-HjO-9Fa}uAYvI2%OBDQ^!ZF^gH`z52X(dbGWzmJit5<Ks73?ZUVBa3d24Ts`}$+
z&uSetcm&_oL#|$hZ<<QZyoF!R(kfgvVL-(RHM-T%34qeu@ZH;#*ua8h4t(#L_jT{A
z!p$b5J@j#2@zGV^pofq+mk%A6_WAOwl$0a&^@$|vh%`FiSG1kP^l)Yw3N=yLTpb-`
z3*B0uEm^kg@Yd<tqUfd9A7x~Cnz=GKg&w~AVjad~{3Q1hh+A=gfF>;Lcnq)JWZ{d{
zN`)?^4N<*NPOuf&QUQ;_x$@I=+rI7>n-}ez83^vXd9v*NzM_tg%h(8SvxHy<#fyk%
z^yjzfuT=%S*s8Bu{r%GT9^ICEXJe0FYUlJ#Kh<CTwppD|zViX&DcQmICK`9J&+gIA
zVy)yL4GRpW8+#bq`4bh1_zXG{G=-_R1^y-VI?yAYLPRf?7fXSxNc#5n8y|i^Fa?dZ
zXN$BpzIH|C%drk<e12>D-wY*0Y+B98*Yfw*lj-IK2Y+GH!<3{9lxi$i!-$lfix1;w
zDEy!r`dL?Qd^N5hz{1Tqjql6p)74xJ9fpiQ9=cboDBd`#hzyVpNdQ~mX74eS9xq5!
z;YvfLr6`A=)C@y`?8NAoM;Pjf77V_rf3a@8fZ>`%j)^}yKS2yln*cRT!}enSilI-<
zS4AI;bXgL9v~Tm#TZ3Xdi4`YN;PQ5#K6^%{FlY8`_?UR_PJ)=E%RIQ~`xLI2O2hRz
z)_-FA*HiOBy(mB<Wi`Zl_~?cxN6K$;*{8LdWQ>}K!C}~f<TP>bgRpfv<O&IVJ4Yd&
zSa&fe-qHfZS@6)D+RmVR(+wyzYqdoGgSYpN=lXyDzTa&PQmLe@k~9>dK}j@(LeVhN
zPNX5Uh)-!JNsE$E$w*pAk|u4k5}{Jrm8>G1_m@83-}O7s+wZ*oyRP>iefxfd*LXgU
z=W#q9kK=Ll2LVy`9WK;oTnY7%bXFHphPS2Tm2kAPl<7by+2KbSb0nVne?^%~YJbmw
z+6Ud;_x%(`@2Fq|m2|6JIF~<aS_JOFC#>{uJrgt@LxxNma+Kz6uMVB;3r1*aN-4Ua
z8*<eN8^5rhYg+XCVagAfyUa4qLSq3f1!_^T+k6yV<B5#?y^)Ymx@i&|0DS7axpObs
zk^zCbGmX3^3`*R=z|R=5&Ws|-d*Am=+1Jm%(EQyYqow~tTkt*Z?yg09&2jSVNl+~7
zMRP+ZTZubNaI-3TGJpKNP<c^^BXcr?{QZZWeo^DU9|jUubL?rnKC^V45g$fzfj@sb
zBL`?5WF8(CwgQOsv(9cYysswX17M^WoGvW!YS$;E*rae^b9L$c^(FSNT)%z_gSzu)
z=d+9%iX&Ox!PtFzCQXL#-=DKexp?t0)&|elfTEar0)b!{L2oyHO7Say2UGI+vdR!9
z5UG>D1`<+;{uBaEXYN~|s<7vIv7;;(O}DcXP)<`LqZRk&Re$S~p)LDo=aoeQDkKi^
z_@RzrId--i;%R9Gk8vJ)DC>nVE$r(dbn{BnI_~fG>~qaF(Cb@?j>usU)YZ7l?vnI-
zvVs@!CiO104?Q;Bix(KZSBQE56sNh!><tUqp-|Kn081p=2eW`;?gXYQNAym?QXrK^
zv>0=YeJibd&(OGAqnKCMu3$`BG!ISl!ysg@TUEet<5NQzc!nVA(tPLNK<h#anuCY?
zWGT}EuYTs|mS*a{JSZugj7;(nBGLI^i*BaDuWZ<TZ1E*AzCw*{rH&Ai(`xXbL47*i
zrD1jd-o0o>pEHqd@?;X9azxT3T;hXr*p_%Rf-ky}W>C68X3wu2gP4{$Z;~6{b7yC-
z0S~4=5?MTgYH<Jjw9mQN<82Js%~NOCmqQB=YYHBtjGgS<G1Tm7X)R?9X&iK2wYQ*6
z_d4o0qfv$3{T+7{TEBqb*{MVQ>@gP4kzE*bs^NRFJO(YXvBfk_BF?HOy`A8gwRdVq
z?Mr=Hrsj5suiUZ-XbJF<J7W6_WjVe+qenZ^HnvTAYJY^6EQg!dgaP(@Il-Px`>=E&
zzx&mUEjo+3>Ydg~NSS?mt+b{iRV;&+{$c26R+iv0MJWdGL&ZtPG27Y`zJU2>>+_`B
z;X9ECH0^7}zl|<?d`W*X>4HmVXdD6-y_MtXg}2-Fd*)wxYseA=7@7-!YtW~4U2v?E
z=o;w^yVGg5@Z-F`c65eIz!1)2>w8;~=p*rl&RV`AdUfD@d^>0>{2x)2C~>s?EJW^c
zvVVobq7Y>Ytyg<Zlq=DT>Fe)~@AU8WSq!FkJrP_4bU+@U`PN@)Ie<{U@Es4Szi5ZS
z_jtwf<)PJ!+kZTAIhLIL03op}sUdN_A~dtKf3%<v?3(~9SfE&muM?1-|9sQmufg=H
z_!+j=2DjPM|J?r36Q><0@E-Lq?kx$NGylqq*}4Yw9gDo$R(`)%5_qSz?Vn)pK4MDC
zr5;&ym>xa!)2tyX5?6*A#x+Iehvit!equY@(blr^yz0WrqWpz3>K4q-G3~#oaK)gp
zo!<>pTz~w1v3z4ev+)*xNlC+FZ)<zYKYOOrc<+1inJvXz&smouPJ-?i4+6fvpR|&5
z&Svbqe?)r8_%(mO$B8ea%~!m(dNZAp)1w#v?vE$*g}O_R`p$n1{mWip<%akbvs1m5
z-iN3Dy}kQ+OrgvWm@^J)f($Zr$}GSR!Y_GIsMQ($(7apg7I4t9@C}tJ3KG7f4HQ4V
zDTWhWX8$7wZ69LXq<C4324>6>`yYMWq^2;4AAVODW>hBl2|;I2;DDE12H7Tp04Gi-
zaWxIne)3pF>JWAgWK(m`s3~e`)w6>r1>})8LrjXF+3qwMWFjcYmgKNk&;dWPK;os$
z_*Dm{f1S562t}5;Fi6mG%0XetWD7GGEQKKyyjmJWgVVpiyIIOHjw>MX<ct?$!t)%z
zc$J=+;1rmgoXiM&cD-Oj#86%onw{2M^^1#hjqCA-gpg}F8~CYc+pFlKVJZ+U7Nf+E
zA3qwiV9(>I<^<vQnFR~Cc!L~*=n@f+5e&A<j3qi3rgG;Cs*hpbeALv3NN@_?LSe!7
zt`BgEF^2WWqd;6-%VlV)v4Z3j<SZmK_0t>+t<${z-bt72t3QqkFf`wTV9(KUH-`XQ
zpQ!w0(<B$;g$oBL3g>>*auOczV_ZT`uDke9O6{}~@gb8kG7frm&C})@Ga^FV_HI3w
zoZP~?!1{)S3y`R@qF|3<@?z)r<k_u}%Lbu6@jgarT0Z$5OI-aCR!>_-sHhk!NdEZ!
zhj=7d&uNVZNT*SYNDqdJfF5f24z?M!>%b?0=&j=%o|M)y;|cU+9^;_RRL(4+R~3V`
zp!17PF6u~JyTb~DzH_+wwPxGDnKniF78||UE6`_r`cneuD402th9xA(k6-na+OfN0
z--F&4Rv@GEmQ1vHeXAF(iA%1713{N@QY9iYz_pk+o419*On=HQ_##y-M*^9so!e__
zEKF7X_u^tgDE?7tX=?!$Uv^0#eXAIPoV)JbEX%8hMkQQ`kGWv9az)&~@3mOPYil8|
z1jQp^{X)KU|Ne{uT~Ig&9Qx3cPZabK6Tr()O8$h+jhet=;U}31=@c&XnX!cscx9-2
zpwt2w_VjEc?}ZzL>$~On_VxSsfAF4h(POSA1<>L#AoqSom%v-FL!(`q)7|AhdHjr_
zZ^(}+(=q%heHmaNmdK;l=m{w4g?ajb37C|<_(D1v`I;$z>dMODD6};+ws7WoA0sYT
z_%m#?E++=GqAt@GGv3V18`K3RdPw!)NE)gF9AxnCBCdwpUB-RPG1p|w01{OCZ;*1-
zeJd>BBpo|;p3_)b2#}FF!wa%8k-Nf#yTsBXAg%wD`=I{_*I9Z9&=_->7XlB)Th300
zXthXpx|kjn;j9zoBzq_fmd)12#zkr2Vb8(rgb*;(3VAf-q8}5?k{%|-l3QUNGevGA
z)B?$k>e#X24i-tmGJ}0!DjAx=xMY%7-X^Cj=?YddbLY$nKqJLISG-6TYO<K@49eFs
zdd!3!5qU7o8mdH%q26rE%#Gz~59B91dv^z!--2%T)-6uCiz?5lCg9|wvg#Tdt}gLl
zCy$lb&k7lwvqWCU%|uIi(xfw2ZKF+&G+jP%2y^}wWj7<)Ds|RP5A>12E$>KuluOx5
zs@YV{)Egr)+@K}<9rN>hP*Owv`}9`EmdQICuH=6zTdF}X3ZO$&@X<jUsT{GRPL5aI
zk$W}n#;B<GM;)y9XI^lNd6FV7!;l*4e$(4)q>DVbSMJOfIGs|PpNFfvD^I9m-o@Lu
zw{e=o2nkdei>G2XT4~@(dQWWV`C^_k8sd?M!p5nFk6xS)rU3i{Z0ed0&J#uH^U@kE
z9TRX^0BcsQI_8<WR|Z$JesuA{;Gs={J>05qxM|ZS8=LnuEz(~xx5+t!J`g;{D#nge
zRKmxJ=nHvPXT2krNHE`LGNB$eqHfL+VSvQfIGSG+m8MP&+BH~83S~nA?-jKF&T2t7
zzUJk!t9DaeE2K`pu=MzL_`-#i03w(tpGCi~jiT>PgzC|6TEdBvV;tLE@o#GffZv_B
zeXV1z2pcv(_swk8Rwtg7D0^D=)eIHtJj$w4^r1}RK5+1$xvE6H;^`N3<Ki@X1Dl|@
zhbM91VzP2G><X%9icC0Ju*`n?0vS_i0kf5DRc0PSUW;QT0UxkPPr*!_o`3ISyfOW!
zz~zFm1Hq016P$g>5R=pMb1aboqwibO%i8H?ZcC)Yie7$(kMB;HIB|q`gl^hu%1v~A
zbn<pmRHF0Sv#q(9{cTYiW-*GCzv9((a=T&P=#-*gKVc!M&M9=9HR>d(NFF6)Ztkh`
z^jU2wuMc_K6jf~*s$(4&bK!D+Q-N^jYGT~^0UVnkmFPOi*dwakNI3{{OKP-so+#e_
z%_npW+V}K*)rR1HQ>cV!I>Ph(Jp($kl)W+4_D(CoR{X{d+#JGX^m_N38C=5o!Zs5I
zqR$vgnS%j7kqIN4WxE4D`ne`CUl-%I1+weT#(guj>_-*nH;krq@-2G3>2GghZ;zj;
z;G1^y`gL_Jt<_@{7v^BXU$`JQc?~B6Bd!Eq3}M!#`E$&(fyBBiMiuA>TQ0JW*54ZM
zV10RE_?)`d|GGVq<zj{qySq<mnbOy%15usEwZwdX$@y4RaOwftfP^jD>PBA5`deN^
zd)1_=Qw!g|J$*HSQM0qeu;*Rf5rqSDZC25CIBhiYHDyJ`e<W8>P^Wl$?zp=oXPa)Y
zow@n+6zuZ8m`-cCsP2QruXk@>Zfd-0-Ibj411m~PCvN#_;?XzDKQfZcaTOYPl4=5s
zHijoTrsSavSjoTtf}+g>wwC|%ZDi$Q4FnhbGx%8!tgV|ig&0q2*mAPY#+7aFvT=4p
z?)K(&6)9fAyX?xyGriM<BUXPMN|cWO=+$dm=A;Dx{2vnf13>M$4Ng#e*~bhxEHu!_
z(5+zyELXVJvAZHQ2P{1QP-X1cR;0Y(nkzSK099Jklts65BC?h<>Lu(ErjfA@vEz9C
z^l2V~C=bg~il51ewqcG&hQ^&yd8r&C)f=bL0uDt>r69_s?SagXBw|%5o`cvz2;D_F
zvv%YHxn4~BHP_hq?D*A2vu1U*O{(xeb6%JEmVSnHG__NjLGDL<`A}XynSu2jL)ep0
ziIFsop`rtXZkm!cvmlTF*}YdU0<#U4yjW<gTUX9*rg+P~cQrjK`iW(zs<n@Gsp{n=
zF<k`WLG8$nL4A7MFDsk;`dY;S9S4hGw=FyY<RY2AT}hOx+2<Uf*~&T0w)RLJgb9OC
z8Bzpw>G;p3ORG6AVr`ScW&D{hwlcLBqIQ@pKSSoW-AB%$9*lkOGIkR<k8Vq^bk2LS
zBL910r%oZI;3smngJTgw98LDz`>@2dvsJ?tM0<GNo;-2lqUj3Wgqf`?Js)AM9=6!M
z?y+1uqu8+tg4S(A-Gv2Hr%d5iK})*!k_ON2;<LrP*&{1?4d<)!+(4XK2>!Iw3>!N1
zD;71T-h&>WNv_ELHjqiLE>1B$WZ&ILcnzzN6CSC4-RgIN+1|~9DkDU9bA;#j2^}>1
z(rtQXn&&R2oQC%MeVWKs`t@s+cz|^q0ihAxVD0MF<y*%0s|cuBAH=T3sQE+Y3Z80&
zJV%cxn*o2GKOS`JI?hLL*m_z1yZyOqjh#dl2qeUVI@<4z5h^;Ley@`{O7A6Qgq`Im
zVX^Id^ii<p-uJq_3;6zl4|hj<nG3e@Ktn=V!pF<+;dbGW<D=#l@o#@)dm-}oKd#)L
z-%k6BL`P)XPs9I@{$cpOd7}Hvl=^lLPM_#9KqQVycp}pSLT~c>yi#`?n4bvUB2x20
ze2q-rU~PwtYeHvmadC0`yoevZmrDPm1<<?T_5WP*x4#-Ak?8-g`}lu<gh7$QaJZ$E
zFEl>q<!zcYq~S9CZPEIn3f}Z6Mp_t6eE#L9Pz7aMJZifFS!%g(VW#@{fFtV=WQXA8
zs3Yh<aDl37z<k@OhC&3Stj-#)Y{d$FG3u#azG*Add<SXFDyfV6B6Plwuc3$}A*rjR
zH)h=t+E5edSn$T#Ca1q(BIr|D3M_+bp;F(?iEUd=e0Ie+wWM@XIdt4m$-yV8a-k){
zY*wySPsPWmAD=xtC@UPguzA-C*f)Igs>udOwpS+z3Og2HRRfhJEw!f$i^!FLdu|l4
zx!o89=eCn5P5qo#&G&;m4oym?CIS6fnIH@|S61FvDA%_y#fGHYP7@R2<5~-Aj030{
z545AQ4~{at1r}jMUiH31#VMX`fGBy@{0?ExamBQvyj<VZZ4&#*Y0ltu>vlIjC783=
z{z&Y%;!;HATt(`J-eO|FKKoOD0l6=+wvLW-Y;Jq<$5WF4a^uE|eEw@;_}sy6e>f!=
z`BwfmDrIv1E_skc*wJ^@lz1dsRc=j<hguxh(8;oH-Ls?JL>UY;+_rYOl9FMYIfM#i
z0~iTXd!~C5$lTm1B}mVy9w~IlcgnOmHEnEOme#(j33mTEhi0jkz{uE1LtYcvHFMV>
zFXj++p;K$_$=^G-ZL`0k>MGD4oQ+GCJd?U^GV<3cp5KGd3l=YadUq)}Q)<2|@s_I8
z<(k7zclW!gR!@tIQ|{h9S131dVCnbo=^M7XxrJXg6~iy*WmDV7{qll=dkuap2zCf>
zu*F5U>lWdUIEkimw?DhP^hBWAU6FUf@(WYhG57Tu^<m@3AD3;zHH4J3v8n+A!Grix
z)c}q-22X{R%@o=%HXyORnfi;N;%?8553gzf=CWV^c7P`sp~DlqyW7l5e(s`ML#8nX
zznMl1g|7>v12uE6vLZ4T54L}QUD=y4?}Ch?tx~YRJ2Fm1W!c*X@iLWz6oILh%N-pZ
zk8K;4_UB@>tY`)4tRu2i-8(a)dC6cymukKjXJ*b{S-pdY4xoOmAg-k?tZmwj-uqP<
z=gofyd~|4OWqi{GtCVS+dXc%`yEiu;yXs8e$~0seZo(KVp;vQ*?~x<tup~)pp`ZwR
zn?iCA@0=eedw98gL72|BQND8{=Gqlp-^VxNS~)-F4P?f<cT3W)i}VkmL9FN_KBTAD
ztOI|;SH@|JQK%dRg%mBM{K-Ok_G}5l_taVoYIu`z8@MwXgeAogLQzlP;GxrsD~*Ph
z)+NVjy20rsHD&$wQMkxBG9vExgw={S{X?s#Si^3CVJz4^z9#?Zg)EQD`Ev@PDxFHj
z1&>FV2Yo|Q2|SGpBg|C5+gM-Vw^_GMFF4t)!rxP-fX#Siv%EcA2&sRV9l~4u;K>Qa
zmY}$XIDS_H>X!n>l)SF2--lb2Fb-E{!UV7*0-`KK&CEzlvrz%>6Ca#<bRrgE>4T$x
zlhkm+Kibe(S9dW>jaxXpz3EsQ<~|vhj0d_2g*WXAy!o<DgTNtJf5@%M-aLX*lTFwC
zKE3TE3R{OUBP@JVA|Bq85JeD=US17pee03ot^X0QBy9sW59v>zngxxY+g7PtR*4%y
zMRuq`H#c|J*pl0v<46$16xl~Fr<>|OMZrUd!pozA85d}hrFGe`hx9-`A^*>-;kNVd
zxQ^c0l<)9eShzT3R5kGJWd6UZO8{e%QH$O24Y4lk_Y;CAaMI?XI_DGTO|S2L|K-c|
zprS;`s%<%y8z4mkYCGg#&BAPRoT}<-2?=^?-XtqE4U6bNeX#6yQc}u}`a|1C_dQ6%
zBzG}TRyOAPcd+%(wZCDnmHL)z0L_Fq8#h&PEU1hblf7^>iwa|$z=%3amp+pSZKTB~
zWO*I=q>_<KmzgwwJ-bn}VGfe*U;HhvnoUqoz9qEsY%E4(nLh{Dn_tgH1mg~HtprV_
zaqyyx(L2Ih_Vm_esO><VrS&ozIR-DjefyU0ph^wmmN@?Oi~fh7h=;`*&7EsG)%?-9
z=k&*BZgblJ_T!=lyUIv{mNWyg$z(RE+d|DEcAWSJ&ooWBel<UTV)*M4U}PsbZ)+P&
za*lKgA_>Z{kDJO2)LgDn$)!$PLvk~*PIsR}&%)LAIs@j&_f%-B8)uRP{*jcVqtgl{
zOm%nq*{YX)7VkKU{IrY=Sf>@YmXtp~d;V^mo{kEefs9yY9g%H=kBqTPIlpV}cda+E
zRNhx>v@Zw^`X#QN^FNXM-Cmg{(bP-hX3B$)n|OP5M86v)ywn|((m&H@ZgP3E0fRMq
zNH(|7x`>v2-4xXhslDSyOP|*dz0Fw$b05suAaGN1ZcWGBBeD&cV+q!Lw{MH>)!(wE
zma+|zqW?1+TU)K%c|;x^<X<oe6|3*}J-CY4N6D}zE!HN{8L+Ra0X!+zD(+C>F1m85
zGy0x%+*USFurb*7ssj8BX~A5Jv1;LVnjmYKpHyw*hx-{?^xT-UbNa_Zz3;JVBXX#U
z8EvR@BrF1Tp;|ZHvYUe_9V0CS?X_$y-RRZT?@sFg*W_%;j>>BM`SVll@4skaU7sCf
z%yPc;-CR<y<;26;g>K}g`-%CsufQqu?33hF@vs^`eDC%bCz99{u$)U1o%iaF)+_!o
zQ_Szh7ZhMJjj_~5jqLOBwn_{B5$=sf{;FRnku#fJUD{@TzsnPP3D!x#t@_p0^4*hn
z5#lSO@wTRW=iSJ1v1F-;a|me&aqF^&4dd(Mb1C-ov-I?VJ@&E|VcR%^<tJ@Y&}kLM
z7~kF$YNEU#sizD1E9K_uv|wCN07M4#*c)}a1NwCunta~6Bhls<e3SH{Zc*J`_5SzI
zyxG~kuEQ^m1fNn{EQqK9%iC<`N1nKM!b?}x9sh4PcUE)rLxFBA+WDP;vF@BOr55Xc
zkLiK9D^8p^P^>fJLwWZf)1Af)2lj7Uv}8#n%YA7l`iTDEutBg4P75Cw$Os&?gPGe3
z-(gol5zGJ;sUCYPE^R@36ri(ptj;c$22MUYw#E4c1ryh03T7VkGqaPS|Ke^R@gb2=
zI|D4o6VGhyOf#Xz+jF>Ptp@e4`X%I5Xnub5CgH<0Nm7h>qjmIBXOXLSSOl*3bZ;@G
zqOoOu<SkH66xSuMQUN@K3nwMPwFHY#4Yxqdeo}j0CL3W$hJvIROUq2<V%u3BAuZ!I
zYu1x<H%)J}V>K~k>F(%i@+B}~yf!FTSr*`(a$1{ECsSNUH@X*VMc6(NL3B@LP!--t
zW-61~X31om1&hpPe|DZ+I5o1>SZw*UALTdGb*<^b0Y*pJ&I{&)E^G_kdp3`HEqhru
zwF8;GnQ7TllajID5X|2a_vx^{EdPNBh6<l^63JdcVj|7;ynGsB$3Z}-sN4oK<WZGP
zzlp5`*ayvxVKuv!iPR?TFx4wry-?(n22(E#S;NfJ0VVjp*O!*-RrlDpe8YyTn}1k~
zL@jU9uLCPl@d{9WE{#uiT;$I$#!i=)LX7v8)uyev9(~Tv9XmetQuUg?%vAJ&5|ZV~
zBiQ2Vn)AzLh1nj7!6H$SEUM8l1GZM?&Yk^|A4Cp;3&t!l^@$TNAI>9f5)=j~)M8^z
zs1FUPN1GbIPoo}V%i6n#s7E}koe*+ft@of#BDE{bt-&vV*#g`l;|V9y(is*(6P}!o
z+sll|4kEn^wYWgJ^4NzC)vq>}xxcUWs+l~)fPiF$b<*~yblN^f2hwW7047|iQoB_|
zy@Q|PIf4OuFl@`+ozfplvO>{-qO#X*n{UW^`4W#nz?ls$ugu<5)W6~p$@gdH?KEMD
z^ZfPVgt1)21BOo!6IKhXX8RZyV6{hd**_94?tapJ+8sf_c|^vhrW0Mp&Jr)R4Sh|)
z!g#7ph|N}9&&x;@i7c#fL(|g}wP>ST=UfJW<KmZ6{w?p<2^KAt)k52AqRqJ_*<IpB
zXD31q0WW?yI7#$FVv~zYFWMs{By#&`z(JGI0s^}+{31Qwx5dPY+EEJ}oAP4c>xX%v
zH}>DDC$Xb8-skO&9BPpEK-T#O#ytfGr!XLk@DXa3N8W|-Z1(Kgr%#?7q^(6=Jc|=k
z!=;CKC#Kw5bGB+Jt^z07$Hc~v^Z54H0tteJksHFop#{n!{s{^|p$g4|;S>fx($m3F
zV^F%H$}CC05SZ##baXUl9c-N_Vi7W>f`XmoqrADD06)8S-ShDg*D(n-`>;s|hVYc1
zAFMqtX`se@fO~|5(trH?2;0yN40Ycnw1~d$D7t^YbH{&D8%T2yBTv@RVbrGsKN8Ui
z9gFqnSfJ8oU_y$>k|p)QuJH!>R9>D4DrFP%XkUK+id<42Dgb-tmWz&@z(WizMYw4&
zO*?4+vYD@h6+LbfzbMT1&BLm?!hj#Q|52!2R{ttCArbux)^V$zq1RuLQFWweJ7Tbh
z)lbbO03Zl;ckOEB1w&8x2L*Yc6fzJdz1J&ZLX}--*V{8xg(?_BFhnd6G*^jT`<}nb
z`!HxS?{d}y+OJ{lQTd#ixbb}a8IoLVioc4%pK7|$p(-O^=|I0Xz&zcxluB(&28}qk
zwM&VmnVDq&{yE@tm?9GOFnov6oaX+^O!W#0%8*movq&qIR^0h-Eb8{rGN%b;V-{b#
z4*<=~%8ZcdE+q)k%fvrdR5*CeSb{O6QRzx5z%m;LQjE=0<kAZZr((a+$Y{dbm+DOA
z>>+MppxCfgtn8aNZ;A&==oM1_t=L+l`L)p~J$dga*(uwO1>A<`bQ)(=jf6wWf0K{r
zwEEw1Z}S!jL#qRJ3S*NdYz?6+IOBAW=)YsnZi5Ij=#Pnu^N79MUXd*cRy^Y3G!(8|
zy0nN*gcV)})i=bzAniD-E&O-1z{DA8ZNG%D%_DbVx(mbS$wXrc6%M5fg9U2K{6x*4
z9>R#&un1svgAw{-iU167&<6W@MSdGdZ=`_GL6Qpk4|;cJU+lACWQ%{dd?x!&<d?$>
zk&;p3ME;G-7#UA=St_cJ;s4eh&M&n7MJM~nLxk?AoK=-G(9_Q}hZozZ(Z^#~wN}GP
zR#CXhp)kfR`6tW~i7BFx75JvTFTRkKVYqP>#B$&B=aXQ{FH8WyL}AWWWiB4+6*UTq
z=7t;>&fU;fCl05sa~RNi$7-*=i;DpI<!o?PJ5aIas!_@Oj1i3_(xEkp3ioFfzn_0o
zeNC5+4<K=WxwrCET)hXCp32nN9)b-UgK|EQOjALTc^VVWCOYK{RYs(RLs_<{Vg|N)
zRs(}ioOq1FVcxl?kINDhMB;A?sxD<;4*U`ThthOvq>bQYxid0(Sg(|{ULmgtQrT97
zV1y;8{N|Zw>ugF|1Rg(sekN6sc+gYpH}O*ZLTc~)^F2GRr&)%4aic~TdW4~EoPuS3
zpUMoHat-tXJeLnGLr5<%e=0j7a<JoA$xHf9Rwv%G=N1>2i^cb9clP}8nz>)AmeOcU
zmP78^rE6E2vBOICa%SwO&?ih-A2!$t14F+(P<umR*&+V(_9;a|pVZ$gs?wPla+PMv
zxWh*+2DM*7+5Ioh{GOPa3#gwFG@;J9a(+R_2vtJvSsbYx4x1<oH3;LsT-+;V3#`4i
z4xVZLa<7KVN5R=?e8QGJGTB@J?SDWmu3Ob|1SeVjr!-(?=i?@pfh`${s-NKuyD=7f
z4vtV#!lZ#rnD<Sj0?4eZeCsRcz3icPcNY_Y8Im?K3*hQ+A3iW0x)uMJreQl6S@G!;
z;7?X@)K4Q}+(~0~!D%^3(mja9D@d}S1i;8}{N|e%CcEFdd)FPsFcKybX7(?sE=r&^
zQ4)p0xsz%~jfjqy(hAX@AOybNQypF`q`#nR?BeUYm%5s~U?fKLxnVa$@qgOUP_><j
zpKd1XM~0^$4X5gd6vgUGa0qT1mUCU5nM6z+87V2o2?|hVZD#g^yb<UMYmLvJg^r^D
zlT?!hjmm3!Cx+(#<ZDQ#Kn`hQ=}o)sn#*ekzdyA*p^+QM*jDg);QXU(^}v}fRHNfI
zYZl%*oTR9ATprsOSVs&BpZ(##@%<a2k0M|9-bwW{Ti#>U#*L;aT;%Yk>TP9Zz7{a-
z6=lkG=MIeWXfm3bQ`&lR^S8O>3$3i4uX_4%6LDCoZ{M)*&z-zgyzU5FLSnyQ6_%5V
zE|Qg6F^_4#3&sqfgM50-R0V})9B`y1_~{rK8cM@AD1IhpS@@tu@nzgQMER|`QzlOq
z^q^0kd_f<L^C_w_mJ;$QF51L|zEV_)ObEqwUKX?PjWnwQ2P>yydxZ60@RMiHpVLu5
zrdwC=Kat|)eWdKMnv*;@1H5M3$dS)pzC5R~RzmSJ`@6~As^q1s>8WI?C|(=`2DQc}
z5n&G>?%866hjO4+Gz*1ruw#u5%4qfwc4Il~nwp#GbucW*UlZX}#!(`UU>^ZZ)L`vl
z!;r_?!s9=FY<MXXvKCiAo)49<@;<r2!=_C6gTV`7Fh9j}n&K)B7oy<bikHjxJ_hnR
z-Y(L)pN79MRnD=yxVX>Z!*s9R+4ONYbP4fVYitmm8^j~6U90|B8_oWyjpNhYbCa&$
zDR!`+U09etMLy1s)<2Mt&<LI<^k0?T4Y?lu?z|VSI}Hu3)WLt3g|n%kNBbOnJy6=k
zml5AW*Ahc`0|HPwIO{)!8H}v>bB)|g;A_d@u!qA}p3>#b+BAc<)&u3rFl9<oJuH*D
zdnkuBIhvNgT{Iq0gA+B%Y3keBzbi*lN=iyjZr;GvxR%3IHhCs&Ml<DVtn7~kLO*>{
zcW26BW)nosn!1o(Ovytp;K<W2qI-R#)dtJ_S7%L(|CJVa+GL~B-7V?-^YfhW;W|2J
z(@UdU<99WcU-p*FDg1WiNH00xx7gf;&ulBc!mfZ7;i@w>(&o~!Qzy$#0wo8lbJD0h
zfjWeoWRdufhK4n}OkF+yYbC(FeZ^~Q^Sc1u8zCXfct$v!N1cs(zP_E4e@a|C<3*YR
zrDkDaVSg@YRKq^#d2!#g1%(;7b#W!FI0nB2H_yyOJmSA0w6Q<((f}k+`I7o{&^*5d
zA|#Xv+pWJShu?a8l`_Pnr$_4X*4T^TEGS|N*1Ii!H5*6DKCAS~xAgqWVshLui0pT;
zXY0B$7hdU-YFx%gONvpU#fxNj_O$%g-TsPgxtuU&FUkj$*Q7eCw0AR^ZO)p@=|}gs
zw)i<rtl=z<cI($<G9$(<=W^_-h@7hqm5JvYV~=dvXtba6ziFu)8Vn%X^0p_ldJ5S$
zeXK;MuMZDGCRiq<v4AV`u9sjde8u#mk$E-`OiYpUC)0C4ot~CM;c~Jy3s1oz5^+KG
zu`+3WL-5U(g}f4ejMLh5dm+j5R!eE6uu=9#LS4gJtEvxa&XQSsb?1%zQ$xp%^DXKO
zK9_mh-bFru0rb_?Q|&WCWL8y{lweE%hFG4!-g&vK<<7eI83b{M!GQuJ9U)^7oDSG0
zuQ6NS5Q$d53<zd@Ly-2Y%nP%7(>yh7P~2RTb+NVqg*^|2AwrxZh6$<S&fUntKWv&r
zd&#mz@u?}7T$ExvIlK)-6}@j>2brY6oU0((*z82bn?@%kgv?r59d&(n#`J>TI<*>4
zGq$7|q_-NzojpUY;xI8ZeMYv!BBJL$t7@y8Pp&*z`W#KMWvo(8!~W&Hb}kV1EZyRV
zAAKY^8nkWHT64R&f5o}T$a110nW`!KnOX1^OCOK>@A8SM!HNu~n;`~*oV#TJ5`*yp
zFBvpay-*Jke~vVU!GHA(KEf!kc0EI7(iCqTgN%$oG$Wc!CPZ4?q0JTD3E!~exl1t)
zHu~Kd=1s?T3pl(O4fj3vvTT?!Fu2xLHu&D$uXolyU)n?85VKqaY=md}TgdoaoED5#
zQ4u54!0wpDi$piTZR*V+^_8>mYy|Dq6PsgX)C5Q*kkCQVf7+C<ZZ-h;n4#LCXV0E-
zo3}C-=Xax_m$xL6-n(C&6Ulnqb%WQj5zLd*!k^E*vZq4w2Dp{Cq>pc=V5CT@nc!A!
z#n9{zAC`qDPhUUM>6wA;2YZ?O;TJEiq5>0K0{nUvcL`C3TjxsiyS|BdP^5qIR=rrS
z7SBA+=Irn*rAPOl7dF8IMu<);oDruSrZX|;-h5NnJDxctLpjF<Y18Ayjo~g}IxrnR
zx=HGKVi1Z35xH-285KYl!I+mL>uT!ivNxynm}w3xGBwht_Nv2vY2+*P=DONt+2dH7
zUNfQTpK_|OHCAP7MfAZ?nw`}hegj`x{ihU*+4ro$X3!UR=+sqGKR4DcHvRI(;KbBt
zH%{*+KJkqk92}ymz0YtSnW>l<8)K%+I)~FEwOXT_Gok?S@%rNTq_2RYf^wP@UwgMD
z+X1f-EuGgfJ9Y~mraagvyYj-Mgp()x*Deg6d!_nrw8IOGq-TmHdba8AET{A{6ayi+
zJY%T2(?&^aBkP}cKHhay<-BH+=Wy=>Pd-t71M|&9Z=*eO+uEEDcPnYTA-9jI&XTE8
zjfi}({cT{&wJe85Z3WrF8BRf4Eh|S4(wg+$YHRbNS@$MB86YL4$$Y4mk`AS|4<g`W
zlo-6SD}H~f7a<yN3iG(VVG(SRe)>_ayHCp<{*%(yGA`>lB?>&g3?psFVq|WYay9=K
zEEJjeiS6;-g41IoB0}tlqCbHNGbbhemtX{~S#t)x_M~rQgnGe!L(|k&kv%CXDM{+X
z#DKn-`Yxs2FgpFR)@z%_RXL}2D@yecbV{YA7%$E7IczG%bWNZhC<=Z`xcq_uigC|)
zV1?%=MiSS_E2p8oK;#-fD02D6viI-b(;AU;X8EIiee};fQSxSXsNEfxXK4OXduwK{
z?U#}agpk7|4LJw>xPKRK@;byWz`hXr%%c;W>FE@@bLY-3+L%cSCb~F?Fdf^(-lUw%
z`L*uk&YoJc8pQyUES&`RJa}L0)@zkFOUy^Nn2Rfinc78OZhD_GK0kS6VXs#A`mU)N
zPc$@V?T~XSyt&plKE?X0VFd_vcSVGA4B#89sydgHZ0Zip$ks`ZKszW^SEfDyw%v^C
zjFij5w<oCTcJi-n+s;khNyZB#MqS7hqa4K{bQI$u%7ehTgjJ8W^!a&eXTFvGrF{-7
zi7MR{!9PhC;57waC~$(4k;PG|Lo>o)iK)Y{UAZy_i9K|o_c0i|vf6b%8gJE?_!x(R
z@EKN5Q8K9h^$pgES4IUsOMcwj5!Q#oP-oz>G<nE8O0f7LdD#<Oz_adqN6Ov)j~3vc
zPG>dOg*n-z5ggYT&dQlC<*=zJj*znXMvnIP3ZX2hjLyw7i$9V2IoiASs%t64HfN1+
zrjcui2lc$WCu(Pr&<X|bD`UF7{APk)a^a*${6A2;kz>Yizd=*B-&j0m-kdq14o#2d
zWvxxSu%^Y&sy+1Ys;(~|J?Ku_psVREqdnpeOm7Hx(HpnWR=`W^s;<+xZ?k%%#lnSd
zaM~=GH@%nkJ2(S=4~S~vSqol-tM6Dta|<vHk})$CC?fI{_#=m9%R=&R8kCK=h*X3u
zjadk^it1I5I)TU;ydBO7M9PVV^^zlH`!7Zw%{4Z+pgtl(us(T;<j^x_2!;sddoQKM
z?nG0-mx_=}H3h5$+Y(HwG(H^qX6kq@@#r%Ln;w<|MZahU*_e6ZQ95Gq)ZXXt0$8~I
z*{KOsDL=o5delEyZ{M_BP?vy!hn2RzTO0gFoy#C%Z`!&QR*-w+<YW|mU!KoHvILrE
zk2<^no^7S)Jm(a|+o>pre$ho64Pv`B98ozm-)Ru$QTbt{R}6Do8go5#{Yal@i@GQ8
zni}!$+C<SE%V;;tQ77^9Tzq%i^;FaPch(_wdHpgLC(UpB)(6v&zxtmUo)??<+g7jj
zzxG<XoIMiLdLT1%ZrK^JsVDsMXQ;F^83kHZKVO<&AMa`TWk6`JTN5vJ+Ht*t)U>PF
z%{N^tg}IU}3ad(g0f0aN?;6}?#ri0lL!5P6CY{rMwVYEns#6w2E5G43X0_7b-FzAU
z*uFbFItimJD_YV;IV-$(cFcEp+hj3YN6yu#vE{0a*5fBvhLt^u>e-moQBvQKR5aN$
z{np(b^%Wegbx%gbjn>v~f}mR_CzGvbnJ9%uTWTiUM2@Wl6#|<wDye+p7+kg~O8A;X
zwfG9-b;fc>7A{}@5rq*(l>)Z6>_Nx({d$_&)+d%M*YjDW9$Ey~@@pC`($JW2d#WQx
zCL%#48)q^bemDy%HH=J5F82O5!QOIgmzFdBpdm~i%lYKa>?<u0A7}+e1|dxK)oqFx
zFrsJ^`Y|eh7V(YXu`AmPk!80aXh~2(7;C987+@}-c11-+#qPCpktT#L=(KG#`QFz}
zlN{1rB8Sz-mzWO}gjLg&!k=Gu&?<Y<dF7t`{@~VxZjuq&KzJ&v9UWmS%)stI6p%zn
zYsc*yHD*i|Ezg1?0ZDV&@~)0AXzW?<<Rmzc1HRob9pQZILO0uOjWC~+7#M<KISw)h
z4;+a2_EtRZlKsYjDbfp}HjvWSQd}dqcIP|UeoHy<L;X8OgsQJhReL)e>&%?`Dw(FE
zY5c2zoc2Kn%f&s^ALMO{@GQ;|H|s4lDFKTCNg9mkC=$oLs|9IH-F8NmcDghl|N9>&
zhGleX=qwUrX+3J!Tt#%DrPuo74l))X+w3j6NU)DiuNJ&eTq~jd5sV-awSt0Y*8?4b
zavHYli$XROLbk)b0X~8na0L6~HO@hPsbT#pzPpfC2+WZRKW&=CG@>QI(#Umq8yYJf
zAE1e7HDKkw*UVIrIliyOdk)`VzgVEod33yOntTTXjEn3If&TeguMk=rWC}o^w<4`)
z!dv=pK{jU4ex0*Eqa9)`I=i~oH#WkXxY9EO@E{WXtHL_+l!+ffXU__d6STn&O!IhO
z_YxAeqT5`!@Dyu7Br<r|BKR#Wvmu<f!@Ff>d-eMa9Jm#^E?t!LeoJeQ1Bh1w%;nz=
z!(2R*^#x}Jtz$RT?|>{KNV4V1Y3k6*o`0WFs1RL}lZAvfg~=Hl-ZI)~=OPUL{W85P
zQ2x<|O4u@43fudZy*k<=Ktz0TWdz_qV)eiO6cKVWv*mF|h9_mHZjOL~a~nqw96+;q
zQ@95&t9{o4@2mZnfGy)1!(rN2X-~Bt^drM4v2xzh+=81OfU?%Uky1SXId{Ak*L-+h
zBw|r~GLu?eHYDT?=`#OD0~OqlvG(t7Tw*3~=uNM#E5Qh8Xai%VG%y9w@x~iM!{Oq!
z5h6W<aSK)dUhDNq<ltP|E~poD$6FHLvrOQlUKJO&UGUW<KOFDkhBWanG;i<18A|X?
zhsFlSgPEakq2Jrsjw0#FwC@NVE9;WF$I~Vcddj)rSa?V4^x==H9Yno)wRbXkbrlS|
zkUq|tgEB^NRsgNWN#Q+c5Xgf7?q^7Y)e1k#WbA1=G|Q;(_&0YT9h{xVD`L(22d5x)
zG8~bQ#9xJBGHwo}lyA~YmU{~3U~~cVtHFAj(#1s|g8nKJLk6HYav@{j;Q~)1WT%o0
z@)bU&bPb3H$-qI0+AmU171I!s52R=O{x@Wo^85uiJN>8ObI%SPHcUK77B{?qf9^cs
z8sdN^DDSIRJ}u>f*y7~LFECsf6Tmu#nk{Y{#H>;UL9)o_Lm~D=NZM|BG=Yr}))+Tt
zH1>2q{l_b4oJru~X?KDHTH?Eo@9H&4FsTzQQzLLgvH@DoqbTFgdGi?Ln3Rw(QO6lh
zl*R^p4B)dc{#TG}&s7obz|`f{0AesIrfT-v_zi{mnVH9B?aa*XZ@`C%K3%OPY9g<E
zm>iMj?e+z?h=vfQzH>M*_#omlQ9essIU2LP8a5W%Ue%fA7#+R%!tlhVVn8QIjX+sX
zP$eip^f$ui-McsAZrf}q95;xCrUjq~)EsGH1s~3Hr)(4(IeK(6NuB2T%V6%WSe)+!
zK_EQZu4chq6x22%{><64)=QSOG^PmiV^*Yf>(&j6sVrG<hh{1%WQ2J&0CR?O<}6QO
zs6;g7R=c_k9zRlxWJd6}5QK**IQj$ZP_xE0aIrYix&5Ku8RP#9hSRDUnli7SqW2%T
zT5rjQ>zyF<K#$$rab{-FUs7RCP7Xc4g%TNJ9|M<rr5Z+Bz;gZsV}urVEWS5Y=L4&V
z9EYrzc{u&WI>S-YC$1oQ3qgHJXN(Gk6p3BSAqWt{a2yoy{?9<KwNlX{tblQ#X*teZ
zsW0t*BZm&%EgO9L^ji8Muixw@vR9(Avy1t~GF><2WK_*pYyGDX0c`ag8GyZ8Pf&y#
z0Qbbxr?m($X-an!u|c}-jQ`NKb&kfGK3DpCMaA>6f5a4<20HiHJ5*IQhPm=3m+62-
zwgwwM-!YisDyhF%;HX8trpA$6J6^F}`zr8K&EosK7eNp2)=Ud$YiskymJ)XS+%%05
zAJ?JE$k;Y!C0=tZ$y@R93uBIfQ%_u<#~`TZM^O+l_bh(z-Yy=eiXK1qzBk<3Iz~=j
zo>@q<#QOBuTelD2l3UlVEi3AHcPbIuehjiON&!C5Vm0)he)_Zm=o1_RouKrn;Vhnz
zq0^=z-nCn~eG2~u0StOG76eod@&fb#XfXxd<`gUXl9nxQA0d9DATGxl;Sp-Y!XgBk
zKBm1|u^Bc_gQq=t>eTpZd5=23)E9TL76_(`{G<^k9EF(HBOj$s{9IM_@@U(SN4)_$
z%1Qv{n(k{VekM;Md0dv3;E*#)UEQzn{IO#p*H6JGzXk*sB(gBia=x>Jvx>0!qq#|^
zmAgTGJ4MbnG6zu0H_b68s{d=_iE>0=nZ0B=J~R{o_NJwcP*4aVu@d4EUSshW3RCyp
z>o*4e5m)okqbm`kLT&M3Uvi39{et+ym<^{09>9VHHp@6d%@XD>SWxbt`SRVaJKuy^
zY0dhM`cENe${g<w@7sN*IopGT(CCsg`&A~k<{MQD@BUqBvcJE-R&FL|?cbq44AElU
z-!p&DRB+M&geEez2~0#hI724(eb-?$JA{}&efjc;uP>X=(O~4l;`y|ud0g-d2w1|J
zW_z;4`4h-gc$Z~WM6i&3V1H$Y3-Ak~6M~!4I=@wLjX;Zt(TK&Un23mD&sM?Tf=&VD
z$T*h34hwV3Bp;U6(rZIV79>sJy#_q*D)^&qoZ#&22G#dwTS;K<E<kdt**bKhJ~hO+
z#neE^74jayAfR4x-LmD;8``eDW|h%WN(S6MunI)PsO>rjkWczj>|m(Q>kw2r!i!-u
z_2I)NxFw&)P6jc^KYkn)yce<U*v^T7;2@rEz>IQDH83sHIdkZh;WyOc#q{F`ecr<K
zDU1#-*39Y4ooAe(A7{5*%$|`hfR8tC-UN6Et7%=u`fX=zXczcO$7)4IMOD>%h##B_
zmya3U!YOF~gYy@W<rYj%@X2E7+0#$=tIw6IuzGPCw*+M#3Ssn52WM3M!tFrLcTwAR
zA(h)>V4h8;CG>9sg+NxFKi^7$O4&U2w6&Ghp?@aVaeRezxS--duNej;C-oE-bIjtu
zdq8KbgI|0{rb}ef(KKd2R_U7LyLYYr7?f<1;%-C^C_C1y2~X`NMJ5j@(9F~P{o56r
zI0XgK?3e3=l^w+?%yWjU+(r69IpnCcM{Up^Vjy4&C<MbSgkgQ4%LF5-neUkCRa!b&
zTZbQSpGTraPogt<7=3`3FI|GQ6dJcEZKQEfpbY616r?CTod}gff%LahRWdwsO__~M
z5|0a}ru6gY&Rx6Sn8pl_dQ?GyoPcye6D2U?W>K*`0MttST=;Dv2H4+m8Av3A_DdS%
z_`8huFawIY3<dVkPM|TQ5_S6KCv3)Ew#cZq8M_rAhfrvFc-)vV?)4QXF|XaTr_;B8
zI*5ktZxstEGLw4pag&&0ut&q7oo%7&_m}q3+rx;gXCF7w5V@gjMo2zdd8144wPf*Q
z#*JIs4Syz(xqIHUV3&OOkU?qPShO=8l^3y}>$%$K-a+It-Ltb<IvsG)oB5%v$P6=*
zOH5{@wR=V+QexY$M>HWUQjTyTZNoSD=1mq{`-y%q^%v(iaQPd`s;|ZD+JQ_nI&I8S
z5o;Re)#OTBx54FQYC=+Y<S-*haQGt6y|nf&<GM)nsVs&IrizH}Je%qwXAFJz^eJUC
z)EoO(;1~1rGcCuqJWNmDNZMJoEz#zv@o6MW_di_I>6o#MUWF+gyX8S?LPS}|{Gth$
zoQ>M&;0#vEPugnuOF%&6b+@V1MW8@9P?OsusH+up6ch|A(k@@T$kZvOCNpODz>J||
zPdlz$Ny9o>6Fz*ePWR(&%1k5)6&LLOa3O;DM6A>+sHf(7ZY6M<=e^b%pc0Zfm^>_`
z@yUGI6FG=a4LyrZr0aRrz%~U;l}nncth@#b2r?Fu#g6}YJ^Glj06A+D{mFSX#9+Kg
zP0lcliNy=ZQnPK_y|L6<asaPIL|c;mylt<YsGIGjvAqD1W&a>V)6@nQ#409(u^}7_
zX}+fom853&my$A*8t!L!!st@`Y-DAhAjZ&?F0`=VTz~OJn5rqM5B?RU&hW{bto{`V
z5Twg_jxr?_SoErr*K;9U4m<sCPEE33XU8RpE^wY9`^};8f$cb0`}B_8!mcN8I(X<1
z6JQR<Cwq!k8U#xbB4ftifCwf>e&hKZDvApw<f0XDS#Coafx&fE)fM&g>4NRgqJ;}-
z7KG*;$k6fAr%{D|`TEu2imfo189=P3;I^UC_aN$>vbWS95Ax_3S~ev=VWZGSfE$-E
zU&HU*j+rcCkst~gGeCHB83#qu=h>WWPsPv4jYU}_ba6&jQ!{HTr$G1}9ea=Roexh6
zi$=O6MvjbxJC!LxWKxS^)Ff?f5<L211--S7&fzC3sQvkS*)#@gdsQ@{z%7V#Y^1RC
z`1Nr=vOZm2k(wK~I1LZOL;XjCbFp0RCkeeLoWohuie9{6mZ93;<Co~jAO=3l-eYK`
zKnGv-i`)_z<kKhpX?Ai1ldjkSfBX3H4OIfh2oTg^R5BMffeR<vw3c6{pzI^c2!W-e
zoG^1@?$68Duft6xZj$<L;PB-*qCcMxfj-2}r7QzJC3NY0<{@|ePSY3C^~KcoBZA#&
z!@0(~z}Ze(J5rlKem_rE*L{+b(v0Bdt{v`63p^|y<;^Z|1SAXTZ8adoWY!a>P4fhL
zVwp#$Pw5~E`3RsxJNXhQ8ba7#`w4nHH<Vqh7(!{a@+}9QgU_l?qEtrc2p2=>j`9Hu
z%72}OOF#=r3EjQW8jZEJS#AZYY=Tj&6~z5g<XBjFy}hyoT9^{khS+OxdEtJUCtemJ
z@qB<I4Ons1n<CezAmto1C9}za=`|spCX0pSOaeGFGs_?_bFNoR26j;E%bRDe&OLGk
zK^9b4SO}WINVEl=zAn7nj$ug00zL@6i6ckO8S3{3`zhA6Q|^^_$UoGw`=NofWTLV8
z39FTeer?7AC2!(gQ(mq<_P9dk>L9db_9EIScG{?DktfkX$lVcF?KvffZGSJ1xQ>J{
zta{j?FoJmzHDuGv%S9oJI&C{`F6GL3115q)eC@Wof^3}Hkvh0)rE88eD!q1p4c2en
zpXY)sELQr@gd+racxHTR?!KDgGUhe<D|QJYi#gp;kAHSr)7eaw$IX5g#LP%C_w0E@
zI?nO<lT$C@&$!+{8mKKMS@n|9Ja9BJMz@mR_wq4aFO|#IIlSXy&Un*6<S?O+N7E9Y
z!bSkxfJCbMm^EAW?+Cx(MgmsP#BuZBXW1hNo!@Vein2Iq8U>_Al}}}PlNK%dr9d*j
z6_~g&+DmFCS5)415)Q#k@b74zP#e=9v?TuK%`A_fQAYU#N>NM;PGB@g9`pCFMfk91
zU<GE#1qHY{hT^3`ECOI+AKBi?#+ZdxFw}v1(X7y{aSjRTP5)QPSNlzXi<B#RA{Ho8
z?hs*0P8%Lx@iyIg(m50@aNOIw&WYT`&fb=Wv$z}<@a$%G7Ivs$1aS!o#gKKVMMD>4
z9cIN_=LR^STM{}wTA#%B$B;5ag^^g9)UjDv^wBT}Dc)6mm`Ik2mX$*B@7Y|P094Em
zgN=HeF{i_^j104iV$Ly|aA-9PIJ2*4t=5{jBD;xlT8mxDXdTjIP|AX9CDUVKHTPAS
zaCN5{7#l@BR{!oA`5)p1@?NcbqavsObr{+4Vr7B$Ma=W`QTkNcH;HoCPIS;9MbO$M
zXrTm4Wzv(|5z-Y_q?_4t;xonG0eb-aQ+Tut@EG8A9xnijn%YyebwUi0hG{G_s_zs>
zQ|Dn{-(VVkRU6**J*b3+hB<aheRFa(2OonABa7UcK4iX%l&j`yuRF(Z)#o7~0@j{9
znV2>f_kdfsvNPs9NQxxCBtKc`#28vi7g~r99o?w)Q@5wy+2hCiCfdwPfu057D7wA*
z!tw=C@?;lBaBgYgMGMl927dxN^JSaJ>1AbQN%HIpWB*IDg<A&9#L^@;A6d#14bBk~
zSUx(FCVB7QPr<6!xXRUiubf*L)0A0pb<%yK1~%m`Tk3u6Ka#CG7yd_O)<RX?Xsw<*
zE((p}`eIYf`pvp4Dj7Iv&~JVLDJNFH$}}?U-=9Jj2D~Ta_bv`UzA<OQl<EdN?@~=x
zLe))8>X@_m&e3}2n+BWBIIUvdNO_5tbK)Ol6r`_PU0f)2>uPG=(W<>=sj=&rOYAU^
z@TWyZ=XY^4#uj%B|2J`(1ZVs1{P+Kx^2<%2GyhL(6|J$mza5Ooyxg3-|LD90)}FRs
zc4QT%SEQK#9}+QRU#o$A`wo>9W6h#BjA&A^m{6#ZnOtSLD{7~@>-UN>GbWnajYH-#
z9)%-E(S%doE}M&%y%%hjoSZ!H`2Sa-HMnKO4dgvdDelXbDNHSkh$8vUd-o2zXM=*b
zydy|#nivtGj`M#;6wzcV15cDLL}lfvQ<K4HR$K>kTBz(lb^FhY)Me~SIt)yXw9BT9
z<L)8E?Jp@Aa>`fNZWU4MKgukU#RD_KaFaQG;>4;oYhDLv?3Z*VS(h0nQJ-!&xNgDQ
zD0D)C_RV8xhl<%aU6X-LLh=ELXHeQve3onTu)zP)FKO;-I^~f|8|YIkrkR&Fo>G;?
z$L&-2lT?%^u77{qFD&AJ)Pue8m986y4P!F62e;~uMjLbo0aDyp0T%izJu|BwTAoNE
z$4`i~AX$}`lY9Mf6BhE36IwDdGJsAA*&IvV_dcY2TI4v?LDpZlaN;Ax${Yvzxi`Pf
z^Uut*t6aR%vf*aa#uL<(DfIkCL>$n4sm^WjGgzfBR^320r~edb^}B=WQRn==t@dm#
z?Cumj?<_(bU@U!nG@jx4O*=_zu~QkxqjVCb6`Fw`+wP+3XQ?LKzI`U@%{_fQfP@as
zCj;$J%G1_wQh$N37UbtwsQkg&aJty!?LU>We&Ven=X*K-w}+saItF;5u8N2n=X%Zu
zlf(FVr!UfM4XLc18UNqpQykJ{5m#l9;k<I0ptX2N4=`3uU9D(a7y^3vO_Z|+{FvZz
zDm7mV08G*uS|le`&}q0a#>%3_{^c2Ux=rc6Sr_X0k%BjRf{xq3fS{mPrL~qxhC9BI
zFD$pBusjzOgz}9SXn9$_U%y9>1zyJc7_X*fL|CqRd6tI;!kW1HD@j=wqoQozRmMEu
zwXn^nFYes8FoD@8$uL06@F#f6AXKV)EN%JPu<=Gp%eNWg4vTh#gyTy<HBiy^WUI(w
zkylr}P%{QEUFB%3+gwHj%w2Ey52Mi4+T|H_ZHM#}6ucv<R{>H)xb1>(c=08wK}Bk&
zYgxuWlE(uBjZ!Qt7u5eglq&DyaqsB>M3Fm0JJIBOAEQ&5U}-S+^xI_v5bK)@exTjt
z-ElSOAY0#6Q(vpnm$|`{aJTaq>X@;19g;1bHT5as%g9#|kM#&>-HW}n<>BnSnQmnn
z(_;>=O7}o1<b4ciDRN$Lq&~JX@)Cm4{C|HeT6c8jMn&bHOfGWBIO$lRvSdk{Z*ucd
z$BL%5ZoB$Dl<U4sp-R=t+&nw#K#0Qb1M_Vnmc<=fj5fe(c4b78L(I<XJF~m^&7b*R
zEXF#z<8Chn$%hh>9SwJRzPGD=wSTqO{kab-fA9DG{Pq17yNS0Fx0e>}lvs3k6>X56
zryrYE=PzI-(b2}bkPw$X*I)K&nZ0<e!QAgVD^uoaCb+q7-8#Z_+#*ZMIVq={@5B7`
z@S1md9D}G;RjZ*sp_oX@W6EJHf)x$`iy6IJsv-qGhy+qw<1QwHbK)uZB4c7!j}JJm
z@p{_!pWX@wsJAENIc-_A?$sgiIRMRLLzZv*E+aOf<v&`0qGVxSGy~3QyC5g0xdB59
z>i}`RgKz9L`}aQytHRGF7n(U^#<Kjr_5q(ie@4?VajKF3;w`>Q#D`AH(bCj>YIXG<
zsR2A00ngUXF8I&=5tXS(`n6S`Icg2xx#5T8$jMgDE3GF^n4l~+6fn~{^mBxTi*}HL
z*w54#Yg{v3COmtTP!~AK-snPWbHlTeD|Mbyz-KipwS%q_NH8;8%Kr?#w>{_CvpF{;
zn`q&`_|7b=xv14{L{wB1MNR9klHQh<Ij8DFZW9GmdO5#Nr8p)s-3pg?b#>jXK;*l$
zF*Z6H#C^%yeOsT&W#{B988cwd1N$HOC&5)U^I|lkv*mY&bSW4rHk5Is3X+DoS2bl+
zm6Se1&!F$bWoD?KikjLc5^~j|&R))2HgCpV4x-{Uc>6i*gruc$92oDIJLXSdr&n=g
zPmtlB4e!=wYHs+Z9({e@850yE7<Dx;imVO4RwQ~*Fw~`NpCNIUb&=&4WOQcG>EYpA
ziH(ecSdG+l)q=gs+J0Yus3t2*1b*t8*{J+#bNmy}6JMJ??+Ywy%=HYi|E6Z#tLq~y
z{25`fX5&Af08T<)Vi1dWht1mME-sqWCD|G$@5y8MwOavK`f)YKfeo;@c{TyGKub%D
zBkFihAf)w3pXE}MCDtv(jf@97R33A5IrIjr3l1GP0RHdl?A&+U^6QIf?CCr`A}UG(
z<Ln{V)#zM!lGG`qkF>P3(EJ00Owc6bKhmzx4bzrVIgYzozY+6@<d<8GZ)mU4I&in)
z7mw|PO&-e`vuF1|ztqQ$#p)mL-qWwv`0w?utDTuMZ3c;>@`w@4!Tu#_AnDD#RUe<6
z?CcY}^5X}%41M*{+Gwu4=D}G<-_EsfnpE(7+M&9?3!^Ev-z$$wdc`gdIl8!eP8*Fm
zpMy^{4y5cnFzW&t0Qw%Ng7K=VPE@&_r*mSVRy}am!}(?Ei4#&x&aKhgOHCp}oyP9_
zEUv+%L-ru^v;=YmltV=&FU2zj*zxmyY1eO${MPhGIjHRa8%U2#TTS{1pu2Hm*hR{I
z{DaxV#$yqpBCCa%h`n+JzKWA@xY!B~RMjHcK8WbNj$Te|OahF~;+TApWhOi(_1D)p
z;@Db%pagynNg$yTYI1yFVE%V22-apLHQ>&a1#^z7D{c>VS{eMqRl<+so22aejT;W@
z&wZrPvqtg(*R?*Zjo{y>a}5<`xlZJkWye`sxpk8s@fc_N42eCvtyp*aIj48>tHERW
zsmBL1kL7J{?$wl(6~XU?Eyt7fNp|%qe_AXr>@=m3DWhq!90DuDcYMCGLR(wFfFO^L
z|LLpH_aNGuK)IXHKNJZ}H!LeJXWj)1gefA?gq+W&%gAI$6dbF44MNJ2yYX&40}yIT
zbthN-lSk*rw8S1G)z#l%r)F)9=bK=0`{_%tjd|b6K|!B49RMu{+5`aLI37M?Rb_EX
z8|T>5!+Wi+>C|s*UiWEd|HxtTJN3$;o>M%UPgO`|$OT#^QIFGV%KN?ZV9{#Vmk!t5
z`X8JD#7hRogcx&6OD(*9dh}p#E8Bgl*~ZT&k>lzB15umV-gBS)d-=CdpZdzn7uO}q
z*C@`%0uePK7*5TP9~qgM4(lsTlm$o|r@+s~u1zC)`yDrC&*{FKvodYTI*H<o+HsCS
zjlcc7y=qFUG`+WRuKe?}^|O}{PsqlHpI)DTtDN-YxG^G(tPh@Qb2paxHx~uAKl-_q
zJbL?~OYFu=h^qOeooK2|yR>7zFvF6V$1qA8+m$6>z90^1erCK!B=v?c4)&3poD8;6
zU0OPOUa81vj)d=QDBWI+9O9e+l8<;Uco6)fhdJDIORoXT)TAj#<`^1=Xp6b)&u(q?
zYPRj5_nU(Ng}MIK9*aa@&@H;)UqaZ$@(+w2qyUHED1#2Sc<VNuI_;q+tmZgI+7Pxs
zjVwgR6sf;M{%}-0HGazMri^kI&?`KQsTaTs;aTV@8;TB*UfK%#40FM!M^h%|b)A~i
zMe;yk1@K<XwGns+P(hqOUnI<+k~q5|nN!QZUjiY-uVRcS_^;PZz7hB#FC^gP$vEzt
zO-(awRKI_I_LPtqP%OJ>?T$0?%p`pJ+Z@T+6<pJiU?QId-^0`_K4zk7ziBOX{=cdp
zc6p>wx~U5?3DGT8C#PysQ;OlJJ)&FP@mi=68HzI8{;EPEyq6E71yx1>m_=Sj)S|eO
zEnc-sDQ7wu^wqzV|0sN}dUoE8FIYXB0JxLzYk@jOwB5Viq9+3Hj;-(l5X$t6kR)<V
zL~l&VqqZ;>-u<r@Cc7Dd0)eEhq1qa6HR9*84JN2FD15ojr(nKk1;Yc<Qed}B+UQ!I
z4*WZr?B^4LA_24lqC>&%?}bZY1m7p84;TIS+V#|_So7b%cL!VJ9O9XZGK$)<C$AOP
zKo`i^fIy)`kvpHJz;hi6q%^Jlw)NB_A|qdM2JowaQ|{85K{1R7U~_+UkzO}wHLg#p
z`;rHUb=<(8krl<q#d$P-lg$YQU3~TTAw9Ve6O#-LO+JB({X0zNDkgCaU)5$yc!iBZ
zc$%3RrrqV%IWv{V12=drgj+@Kshl%XTYHGFD1QN~RS#jE#afZq8s;2f57Z%NWJny!
zDPjDiYY#@1J*p84X>rZ_-uv%WcYg(SF38RI^$OL-8R}`*zb;9u7g$*}QOXljj!LTw
z7C#ngyxc(?vE0Y=Sr}Th$GfYPz;yotc&9CXED{}(XnzkXm#M*+Z}lB{il7O}jVZvV
znoJ~80`-TgH#>@j@yycFl8(nsK$akIm2jFln|Tz&+aI{zeltr;(4Sdcwa8xBK<yue
z@0(JDH|=8oOBTRR5wwN3cQhJOgl9&}7XAMgAdg<*|9-_-sW0J;bMGq9EEHd;wggC~
zP^a)iYytxVN$Wf*^$4$>I(CFrgl28OO7Xw9DjUS0V4jiSfym!rr!n7-ymKe8!VHDh
zG_}{ls5dMCY;A?&f-mcmf<F3aCfiLUYVF;wVex8HloZp{(u$nNUAGAk%}>%>Y^0;F
zT#*v%44O*M8BeqREX}Mcz*3}quR{Vs(cCs|iYVSi`j5(az_itB(#U{2PsbxWg3_VB
z0GFh%01=;8+S=N7-9u6ZS5V$QDa#^dDs#xKC#+n=uM~ysS#HKQ))ibF#*ItIbm-Zt
zTu)bYrabr23>mInkPX+lzt^DoDIWUz4>=4_N5tK_rF0s&f89eQFE!hy>{gIDYx;?k
z2|&H~?=vPdbDsh9I9_wBudU@(%l%$V2CN_^u)kVy)J=HWChcnGkOL$j0)g#9xX|e=
z=r|(5YzLkjAzYl<LR2scTfyn*KxRQ}v>7Zs2oVlP5mDUA$^*m4Rqxp<hjxnG&oz=9
zOh4P1Ni?uC0BfX?9I>6J3sMP7OGeW?L0-M98Lb{p{CX-<$o1xo^+eT*?|nr=@WhQv
z8H39QlbxeSC74LZy}o%<Q(MdYjP)0SI*PvR>512G#9nOwzA-0+1~gJ<%q#dD>kTw1
z*eqyjM$8*w$H53r1f0QN_(H|GIm%d%v=Wt9w~b_=ll<c+PoN{;Zj>J~<Qx=OY;1ay
z9a2PP)1IC5(msFx9((!nR@gZrN)+a1E;HDa`POtr6X^#r<-#F50_0(VY`2PhoI4qL
zvw14~LIrNzEe&kB^z`(#IsHIYE?<7z`nyAj&wFfZR8*eczyAT0q%1#fw6LMHhp>67
zFLHhWU?Oik<m<au4ctOb7|e@jNKRr%93#iiq2^1;g;o_9^_B)`IhsD0ti{~Q6*u4Q
zYeNUaj&y4LCCcapWW}c4Nd`yjG*yAI>ku{}9r=1^A*=ymh0&0mJ3c^LG|N{G>yg3_
zV)rxp;QoQ)Avq+(E3E`CC;vxd`gQj6_s{yUN|1P2E?V>*@gf6g1h48z;!9=3Mb!o>
zQUYxSHo(<Z3;A`gUOT&sGUgE^ZY46sk_yJ;{FLnw>0D@-w#3uZybBbmd;~j~d6(aA
z6ehsqDJrCbeR<Lg7G%K_PMmbzZ1w8l-wt=R7gRpK@yY=#A~8Djvp+{P(Zk*vSPr=s
z;Z<+YfmQ?E4ONvl^b|s}%2_<*LnP?@34Q@f3UwFu#=d&+AiV%VRtEF~Y#T;E)tfB{
zDxBbhN#0F@v`<zjWGH6m=3-AYN>On+DLCpbv<VPn{K;x|4VN0qKc)MoknDgDN7kc{
z%Ze1(D#uK3KkpLq3a8mYaiedYMN~i{Lk2S|kTv=QkQVdZ;iZzwV)_OKd%%UMz}QIj
z1&3#Z1qR9-87V05s(Taq^wM&m512bodDx@JQ;l0(1RqXh@p#Vmgt$07)hCW0KQwL5
z1W+_)701N|p^8kJMO5>W=t>By%E`^0FsV$!>;2Huass?{)~mer4Xpe`n+<TZ^qTNt
z#bOY;|IxZ@ZbSe&kToLGva@f2EIZv40&vJVUgOg|j#a^ozhA#Sej}#;MlR90b7#Zi
zrQ}ydMfac-plRqYAP(?x*KMDzU}zXotcx%MX055I$<@J@*$$|tlUhXfqlIFe<;zdy
ztw&&m5VHP9p^V-sgvbzqyk+y-9VI*C)kdRBt9DO9QkRa?_f!L`L8x<W40bcjy~8%3
zI!a2SVSzBlF~<V*x#C(+?~8mybo7fI8%4UWGBVVrPW8YcnKO_u-M-&W^tiXQ)6+~&
zK!^eMp`oj!==UWcm^^z^WRuOXeZx-^tQeD{IYDU`uAZE(&-C$|n}7FxK|wS8eSHDa
z2tm%e%EP!Q){&NmOP6vEC3pBGFZ=*x0320#3n7P|L@gABZ-h#3Hu?AkoI>PG^hF`D
zTM*PmZ_YIwNDk-ZMI#DF_d4$PVg<=#GuN{!R(`Q}cK%5oX$L}l{`GKzD{zM_^6XvB
zh_#5W(lRn`71`YfF7P_RbEL|`bJl{K3qWvgpyt7f86uHU$Jr}H0g2dUa2HsEMM`wc
z=tG%9d%l*3brt>3XbZaUR-wBVwpB$%VfHy>$l~$7Skp*ID9hh`w;rI7@(!0iXis9@
z3-^I~>lpO~Gq{F(g_k7OkWgNLUG*Bzk*uJ>=51`R?}Yv3-jV*N@d2oY=1v^U)}y9=
z+BAWdsuy2y$^YlY7k~$?JYCfD2p!n2l&zFNs3ZB44wf6m|BJFWkIS+D*1yk4g-S9u
z%2>#pqR5pgQ^^=5LR1t=3Q@_BDN@Fg3JEDx5}`X8id!Nf850c>Whz5G?@zvaKl|CQ
z=l93&`s3dBzQ0_<d4A5dj&-bK9ZN36*GSWyd&mC=ZsT)LT)Spounn-LOZG0zzI!*F
z1yLY?ld4Umfvive!Ysq!rTeJsA%)N~Ktp<Ni-~!IoOi$B?1u_+7BBnEN$bxtCR^JB
z6+E|hP@V?3A&R$-FusTXE&olX0VPo#B!d;fnVuJ)PBPVU^G7`Zt4zs9*rVyq>uB~A
z^V*0eQg#dRea@w%48zL0pr<68%XRYNo0rd?3a3-IuAV+9=q3L2X{A6Gw9=oLb8X$F
z0|#t<yYuARC^sU$lS0=F6R9pgW!khbR$IX06J^+h3#Fz|#2Uv9_ZG*WI(1<=uv)s*
zSW*NmfMyXr;>`K<2(64FkT>E`z!yen&r7I~*+RBAsRbLMXs_@+`c7ArlWh8Xoo)&^
zGI7b%vl|YoSZ)<11VX=DD~+tzGf~&oHfG)aXAs``E-484FP;eN;a!S@3VZ{|%&BR$
zQOv-?MCF|O^W+VDP=}H8d{?i=k-6XOq~mlJfkV`4u5Qm4hD;WQ4Cw5UhKU;$?MP%X
zNQN!nGp?k(yyu@@z^V4zM&sD!mOg#zWtJnb+%no?qh0>^h3RcNbTFaCK>e+|`vCim
zX1BlNl%6nU=FIo6U-xItXw9kLzsCf4688!8&p_}*q#ZkUv}x03w~pESM#MFGm66L9
zY{nL&rzdZ)x6!Czwm|&!okP0vI92AywJPXoheO5f!a_loBvtfh>jUOAnJ!_wPodzU
z5rX7_jmNy`g{0p1j>TesiBPRAJ=H>LvB5enY*d@c;YO!271o)*0(j6#!rvHWa*k8#
z%8@S08#9M6Keb_l1>;r(;ofJ@%1LEIxDo-wx>%kmWOb+3x5@3}$?6}kIJlxp1CdSb
zDD53ZcopNG^d9N2=aq{cnhX;W{jltwg%?+amyS;G*diqI=g(L3pzqkeose%S>YrvD
z5t%VAT=*<kf4Ovq;R?bdKln=U&xYFSuHB28xtQ?e39B{>H4-7=nIPqj3kT^Oe<6H?
zPg*O=Tc~k|$Tq0H)>>F(0v^k~p69R;sqMN6O|liD?$5(*ovO($KL<&B6@rz7gnLc{
zae1=y?k%RGWHKo%ht%r5a^=#`UFPcUHbI)er6a2uN9c6ySWC@$BHevKJJ0?x^h)pw
z@SNT`r{yyHbA1B!=(r9fl+r8;)FV&8(J(Uu|GLQ0@%5)q{_pOz%PCHt9ih~!Ronv?
z6f|(#O$W2TAS3f59k;?(J-c>Yi17pml8cK+1Q)ctyc{Ec{tKg)K=XCx^R8^;RD;|Z
zk=dE`#%0M8Y_iq^!Hauu>YmOZ>hBV*W}n9cCkU}(9eq8cEYL`z?5`O8+5g0(L!K3n
zdTx-($SBeny(ZFZrf=9KlN=u}H1{Q*SRhiOyRKcaYL!a!=4*b}dH`IxG~>o8S*QuP
z=M({6f~-W7YVtUTM{c&^{zHcf(RvU*xc;m%L0<qMzUj`K178W&k^6%YN=8HdhpMW?
zn3!sOG&~~c-ijc<v>kv7<(=u8<Fn73_dPH%E}u^CWOF8d6~b~Trq^;IaNq#OHxEo(
z^<m}?AIom)!RX5Mls3rnZg|I*AF9;v-~Tf>l2`~SucvhV$rB&c6+GVWzSI#L^pzIi
zBv(9x_I&fer<~#W^E>ap-F0$mNYjCXTc54(YqS{Jz_9(q@cmM#C^`_kQ|p0GrV3l*
zXgT7Z(|eE!hY-vUOu~ce?CI0$gX6ptD6IVCEudbu9^kZp`0&AGN-cfxU3y!&8ru)7
zW2-I2Rg(9gn!Ej)2hy9_yP6rvUEEck|JCCoCyWoDp?St3cJ}#e@K=N}4t~gFnx%Ad
z3<{&U*~QN;G)wQg<hXZ2vV-f|9={N0srLggX<4X2(zNaeQRd<0)pkVi&YfRBe-3%R
z481uJw&W}_;+Q{wzUEIRXUSWT(D9vM4D2!%0HXGk8Wf)>H_hG&ekQW=7(je8?Bwp~
zn0H52U~)D2HQ~Fw__<6D&=@pIy#q5cMr~8c$8a8dG#~rj7@@U}%fC78oSHmlhzM7{
zqg}hTc$-^huY}nHx^y|pP2kU#OzYGsN~kEX7RR9d%Jd;5^sKC7`wGo3Ih6bE*VYN2
z<KVdsfiTkW+H&T{SgFi9R?*Rmk7p35;7p2?ghz7{Kmy20+wZNYa0V<GO+CT}u!yLr
z$*YX`O@X2Xl(fjr4N9w;qtES+Vz_?aRrXq_$?rLEK!1^M<FY3Tup1YbhIT9UqXkO&
z2U?rdBdo_8AcVZdmG!?;GnYlAPgpwh%*m4!Aqs1X_oNVaAmXq1{>Wt|HBZXz+ojMm
z3IBf2`Dh&PoHNC~-0L#E8?N?h?$P#=O*kHQ2TxG>rvnKJOQA5brH66NT)LvHu>)a}
zj$T29voBa-<Aa}3Z}<UDO$0V3hNoS=yi0TN>3x4f^gnd#egDL%`1lVM74#YR@7p)N
zFY400ZdnV?cT^rrljcwF0b7(c9y(rpcxL3W2X?6obP!2nGoR!g`@n@@LI(@$c-2;|
zkOI@Uz(LBTy2o)6qi<psqdXWcVD@AMWxL#v<f(6=#^k`w^-Z!5U%FI>GDWDsl>H`d
zBhAB~pPnW-G3^kk<T_Fv5_q=*e>?DP<llVy)NlO=R9`pzZB@fqOc53u+N}t=?c+y}
zsAR|YeU4;^m<X2N_+mmbmulvW8SUzxQavM0>Qgimtr_71wZQ7;J8m*M*iC8Vj2WwF
z1(uAvQas+=?p*Vp7g2t6U;n>)9?eE<>DX*@8x0K{M4#e~Qr+-P&z=fOleMLF52!i1
zfo^Mxxw)+9L-volZW7y~Zfn=0`$OQj(j$U`Q&Us3N4IW9k8@~S(O+hWkdk8B%$Z^z
z0Gs?w52!7FmV!${6>7unyLR=ZacF2bjP@(W1n1m~jB_rzho?^<I|)h3ph1`r;g4PV
z{{7=XcY+Bi@j`vi4=5c_e2+9}OSj6sFlkITbrl`cl$+^Y-+3>3xKfAC0hKk?9Q5No
zwA)JZNDI5%?xJ9$2b2S0v!afhTSulvJ-^~jfE#7&9k66U!8g*{2^h<O=PtSbSW9_s
zQ+EwQow)`l=YH2}ujl4kJ2*t<IEkri7WP;VVl3jsZ4EFD7er1@4g^Vd0sV70Pa|8Y
zYd}1gpJU8tf-O=mT!3v`lwA1o<x4)lWFp^h-|wxn;NA6YJ9qEV<MO3Tu1lBN&ze>F
zBHi}N@37tzx;P(ex4ZKs3~&VZL7K{`bKrUOFU#wk<2o$-f?2WeqMNM$(|W!ve>fX4
zo|M;dph73&X5xhpVNQ3ZyjyP@JxrIwE(|Fs=bk=Y&1508y}lNGr$^gN(81lR?-HCj
zBr9*(OCBZH{2rce?x0^9Kde1FJ*ww!dR5>u9i2!#&IL)5-7H*b#NH+;-5I|^u3FQ?
zuJ$;9lflwWci*Mf-Z-(q{bC>OAuGg|Ig-zG#SN+@yc+{f7=+#+>_MlW+;waiSsolL
z<e;eA>0q6HD=;!4H9(t@(2m5WUmZfGyLXTc_4@Ew6bR^W4dyJG=-?pyF38X-N=kUn
zMhiai=I1dgQpvc;`LTQb(xp4c>mA=7r-<Typ!dJ9Qup0Ij{VVCouJz+7|r$&rEji?
z0yrgx8-~<dv01YhmsSQ<7`E7E9mj60AnmcbQgqk9bCvEcw8psdROUZ;I6OUnQW@5*
zGZ)0Mtokp{X?#2(fwe7<82Kjmtw*bi3-^FQgCejr8rznU#KnL4^N*R>DG{K-1$5!o
zR~K()2eznoWPAR;(f4C#&x$p^5Hj;W$IQg-A=<QwBuhs#&-bk<Cgx4Iv{A;1R>R08
zk9u05?L0p)Cd|MUrRL2w8ma%|<GLL+-7)6_GqxP-YiP{qR=vI2BtVq_$s1*}s3n>-
zC)xq1#kdn3&*}Q1^9a$y_#K=ib|-^<Pwi?7|NWo0?+7Et9YlZh2u7DO7ljhLACkc-
z6>~h7kTaN66R3&lEVzf0;_s&Z{k!XE^`dlfVk7_wdca`+3;(4BxJF@27iL=II6s(T
zT3j3)F}g>|e1e-R)B4X(&wlu@2C1#s&2eqLS;6d*aHb0z2UlleuqeR(GqsHs{5FOc
zS*ynDxasCAU%q~2H>5%E*kghX()zn#!Dbvp(^1nvZHqT8qzQtNktBm7AX2t|(#aCP
zppnG>{<ovkb~nibYMJ07EJBe9L3B^WeN%eYUggW|rYSxD4nkA5P0^7z-45A9zXsia
zXx4;rayaFp<Si&zg_kv;lndPfxaDQ)Fmd7z%26q)k)?9T@EcC)Osnub5FWdkJv2)`
z3UdhI=E)VOgGF!s<gTtAnEshIXO6ap#y04(y_jM03vARm70iG3F6dculW(|1Ri^^$
zHEe~^e+Y)~@!u;MeHd#CMtheyJOAK<9$nW=8WVIroOh7rK!#7z*`NvKC!8p8Iyrl`
zU)23LaUbFv52&<grh~%^Rw?`YH!uz|Epl@c@rQwyc6Q>1(8w30r`>-V5rY&qo~NjS
z>cY$pzY@~_u8Pqg@3ESTD}u;`gefky%h2bIvzT|zrlyM76=bxa#8xd^vOH}clw?87
zvvw>~NG_ZnM?2y_^RQFsCuy_w1EK<2igzM)Hny}}8@o9HyJA_NMU{-OaFDUFi0#ri
zjFb4Gyt2*yZfWOVYyN)Oe;Ry<^)N|OB9BIb&?$A>vUgiYUXt}{tlcH0Kt0xv;T6U-
zkyuX0{MG5VDMRTFg1UXzt`(PZ^WQTQpr;f#_82R5s#pw&`hf44&Z4q{ZO`_z0`_nH
z%IJd4wI%_-|Av{*4G+q{@=PHR4%Qy(2}t9l5GSSwEg9uhXE%Mi5fqI$R0K++W^a|7
z8uZ^Fv!VP)l*m74&b(Fn1;cvgQlT;&GODrYU`Tp=YUhUT2NV?*Y1(D@{Q@MDgiqy;
zG>tT8NQnO3qvigvph(mlfE8CZ<v2Yo_X3^qL_S$gm#+xz8v1fHA*>lc_JBMFJ9==^
z2`Z{bpJ+PTUxH&MKam6(NdR%4+LgbBZ^XR)5N+#8lXeO=hXbK`E1Io)M(hiPvE`-N
zv7=FKq${mbvg4VIbzFIs$BD`c8}*b_gN_lUXHrkmf>dbwwX#qw242;ErmZci5aXwF
z3B;pD9ZOB!zpj`1Hd+?V1IuW0Z2Ty8UiNjc^A}6^Nc;Q?v=KwJr%4?#F_{a_b6&g}
zUyyfyyDccyd0HcP#ZQ!?H$!KOJs1##_$%zIFm%8B@}-#UqB+-GRdv_)?eN=@EQ{Wy
zO#HcGC@nCIQ%*Ro$i8AbDN*yoMKJ|HQwxm`)Y$o1z>d&%r$(Y#>D8|v0J7wuK}n$_
zv>P*RKZ8a6!{ukZj8Wz}a}3+IVEhzmF~Jv?*XbF57<UkRVCh#S-GCI<?<ClE7^H7v
zZ4L7w$%0_yoOk&`u@$nC+px|&<9sJ=C`o1)WOGN48N-Cm9bgA#2vR=&3EJVGPoEyF
zaB0z#)sl!02u39Zk4hF5h<_RG_O0mb?Bw^%tLb$DG$+-!0otjn)10F8lIi8~HTtby
zRun1PM`fRh?<s9I$V3|vwBABKkQ74utpfe=B-)gT&WzRZ@!yL2;Zh2fShBF@k%=o0
zxys8|;2maJR`kYDK$6{k?PnX1$|zLgyo_s%Y;h4=ZobZC-AO@MVUs5zj^R~a1pDMf
zt^r-FTJnMnKlrJic)WZ*oyac-&JEn#AEuOEo5n|Z;x8!~qLA2Q!;>7{lsud_lc$(C
z57@0ncgbmoma46*!%p+`$_;K_V5IW{FIaFewFfV0yZd(U+R5~U;6Ac_*MG22auTu_
z6&0167ZOqEz&rxJ+3x6+(niV~Dadb97+q+3?8i=>8ZQE`svNi`1$Dk2u@hb#-XXHW
zFxruk<L^+wJ6bxxdoh6!6$StIhRpo)<9*afY|DGI;;CCI^U@Lbpk}T|Pm|pB2M(kb
z&PYj0683{vuMRKpcy<T$jq%TvsHOqK;Ar!DaOi*DGkIkb*~B!2HU(0k$93bLJbZ|l
z>T^xa(O&HWJbfwJsWv%(>-kKD<zBX41RIz?L^KdA+;KY20lQSiH{XV!LNhoOE9lc3
zWkEQdGboKNh}N>}{P_=_{=Q1Ha5efuri+5I_Wbri972Wu@vw%>Vz!+fCh5+cac0W5
z1_!^u^Jsz9^zY+o-%wZaZ8T9c-?5dVwON^zvJF!j!+F=PAjqXt;{jcTI!6e>GHq#l
z-bX6tv}h3nQP9fo;7pyJku-2)jEAHzWT?wRjm;HVZ#rsdoH~6v)qSnB8AHMxOpK_W
z_##sy$9#u4d0$>Gq$fbRy=Q4*Q`)!#ifj@|ofe!a9$1yfv788eM>p5@Tr;9iP!{XC
z(kLpFi<=k>VZTCRqV=lnscayaM&d_f&mGrz*ITk_CK!Q9?(Tget>a9a$?lfJXMBGM
zJpfn8s9+kJhP(H2b6N69w}&YRmDEp9&PHKfKVZQ8<U*&IrEYHjE>0#be7@OXZ>V~Q
zM0pEgjbLhuX2=(Mi@Bs5`#MOn=6vTQR@=O;s8~yAq%@im*(}=1W$DtQqN0gIk5r(#
z&2AaGX4qU-k?@g_|Dg3=y^tG$F|MYjdQ<m5bu%7nH!$Mf%p`k7xwdw2xAcH7GF(4x
z8ip^D0gyyy?8h`0sN>eHn{s6?*O2i2Y)P|b;UITtMxH7(Bly%;k8HnVUqnRF>+&<)
zAo><)sWgLo#Q!VhrNDg5x$LzKAd}}oRu0(!1tDfnUtYDhv;=TVHSybecIjlkZk)Mj
zQ^2U+zpo#c;(l&L!s*i$IQRf$^UEt6SkHw14DgvcV{O1<#wEpEZB*1NW&uv+!Z#}u
zhO++w<inU{{H*8=^fDOMLo_Gg6eC=+9Q)(Ane(<fd#SiAbLZ+FxN9|G!jg0A8CSuk
z0*JAuA)$6d<FKDqQKh0(UH#S)N}fC@b}0~FI;t_%wNFI5nJi!<d|)B4`<K7;Ofk~>
z6JPY}N5~ci7?>r=*?!>eJA_;6^7EH05n18qM@HFz?m5kud))7n(s5(vQ%)cfD&jn2
zH0vPINw2F6pmQ;dh`xX^;H+uW#KtHAKQwPGI8Vsva|w0z_S<jU!InRz`36n6Z{4I_
zA#SL|Fkzv~N@z)4GsmVcoCOoIvza6qI$}w(pZ63c*iX?7;VuZthD!qZ^4G6lCIc=h
zN!eO3wA9<67=?M@u`k@69FNc(e+IZd*Z=W_Cv^M;7sT^Ii;fqZE*i$ve^s~NrkH^_
zB=QUW8<tV+J9Zqms>`8MiHY8gCN$U;GzFQ<>bUhTeSCa=@UTpw#qYEw(^2&E>GTzv
z4;@;E!47$^OB4++Y-7bJAV-$n!1opecHzmO`27XbK*hfIlsAQn1KF1&PS*vrW<`Xx
z@dTjReV{WJN3~?*irS#DS2?0<*RBX6_$M#uB))g%cb>xAZ*l1|8nS($L2te%W^c5k
zrs|Bo1;ty#9S4P>qh#c17xJIze;X^9>;MW9m<jkkeS2mR{U{2(Okez6A4_L~h|f|d
zJg2l0O=hm0F!b4HzM)vU$aX|PFg-eeTfoCc2%eWnhZylboPPwPBW$fe+o_HJ@tHGj
z@9yj)@x__y$R+{-#gGl`E3pC$B(yUI`rUt5w~~1TV+%g^*oFGLA1LfxjWmPD=I7;w
zc<!Up+Y=92dC~Jjf>%TRdd*;OD9FcN4{uZ*HuK449};aRx6c%X#y;sNi&GkCjHUL_
z_nJh+r-9cIhcK#29wfH;*-V`pdid}#hy;Zq%Q0hg7_LRq#|`+X-A;yy{=Fi|JzDhC
z6XGGf(;V{c3T6Ii9QY<(rnSv;iq`Vs*(Cfe_l$eQkk27`mtX|CaNvy9og5r#lxjw0
z2xPzlm$(R?3f-6RwTR*#XJC%>GOLl&c&;-8lIQ2`5($&y8-zvlppP@u(6Ewf8p$bm
zV4+#*rd00yMw~4SZqE}l=c4a}SuHv^*-#OETGHev9JgxTJjQffGBjaIQtlZx3I3-I
zWTx47P8!-#Fkc+2SDl>?96HqVn%Q})i!Jjs!58np)KNJ8{CM#d)7E58;ju|EOsz0Y
zN5x5xo*!|I?h_M|F{V3|iQPLYl%(hs5t}xn-lLJpQqE~Qn--v<L4ob=Gl9o0OiyXl
zs4VZ7ePz7|bliz*!VP>!Zy<wwi*2WPRAG`F7uIB~v}p_fNKa@r@<$F2{Gh0@^)f_M
zx&!)JeE-OcI}y5wRDRMz;Vk6z+E+}{x3RS)#IDx*_Uh@3HSSj(q{0RLJMxsNyv*y{
z=y%OV56W_a%pdX%cdEX5%<RLFk#KOc4IdMys4NANk%pqmiJk%7$w!FQUG0B_Aalf)
zfm;R8NbNEH|Jw;l_iym~WBhl2G0zyJfSa)y{RR%Ll~2))UL~u?A-doMl>9R$w8QgM
zM|*h-!tElOjpSi@3#HB10b4%h567VM#6bYM6$Mo2P3L4|3)ORNTer4QlOJj`4J`9v
zxvghN99RG%j&FimNkwB|H^fzbV&yg9!}0tqdPCeDYy$VKyMTo-H3yF3d?zFfl#Y}P
zq5qDWFnRLwqhb56hULvC8N9f*-WU6EA|!MTB6J-8k>`pNaB`P|71k8c0##Vuuw&wy
z^L<@Wn`L)zEv4jQ@l2(mYrf9llCX*t?U4e$97UH~O*K!Swb~7|3A5tvVWOa{tSorE
z4<(d^hV8M2uY@tBqD7YgaOSe{dy0)Yy3p4&QBV)?KT@$VyzwM2Z}sQb8`7+(yjW)z
zeqlQ;7TQsf!ycZQ)#<?9*!*(BxqcLPcVmvzT#`Sf0_T+9ByWLSDIVtZ=kkE=1o<1@
zIqjhFQ7VdO2tglT_j}ocjfTxDyauoR>XKyT=62@Dk-40^n<`jUQSOmziL0y<1tKs!
z>1y;$(7+$MF~xvcOOm*X-9Xoz{K>{my8|q~Fj>p80ya;FF5J1{aC}071524vKKc2X
z7tD6*F>KhJ-w#xzJRt|Qn`qFMabJ=uc)x_G%t7gLYUvZAHQ^8%f6rvCcn6{=l8^`k
zTS#Y1wHsWrn-k5~)kY^K_MM$BEIZ{bum_%Sg{HM7;F}eVSB_hs*T2_`YLiR!isa1K
z=BH-IK}di;_qyeQSF1Zjx3AoFa?i61x!z+MRBV2O^{PXKUx54rv~{KqW5$l%eqa(h
z3_T@GY0N1*dReGpx7ga`<e4*w4XKj<#bN$T7-Pp1ydNg{gd(#&p4nKUpR|^1ICkz_
zNQF|85tJAJ#nsQFspKMNq+R-;-lG9ck5a^IzOTJKRj*xmJJIUEa)}2GTF&G}4YfHr
zj%{2nXEOf}oh5`-J?CEk@6HnGMIqh&|Dv}P%3;FjqSlpw3p;@2$PwIp3eQlS72l?a
zm$v|chfOB@PEy-M^^zuFKP0P6FAY!Ng^?n^dw0otA@7n$9g9ARf`eKl_iZ&{i;gqT
z-E_;4SV89Mm@=*W127@jpqqdonL?S@PuyOpR>`)y8X7%ke=*u{W$&Y`tWoP;bscJ%
zOXW1#oMq>GPIUUOo>X?x=$in{ZbeK6(28bfQurnsUTX5yTrGZk6@9hyDDgNfp<NqC
zWnn&v*|3C<^7Fq`S9gxjeC!mqIK5l@9W$Jp*ZI+97%#>rif@alp{>uJ*?Ei<vriWX
z;BJ9>4%9nKp9r$bbWhH*CPwdRZP1xgiMlU(`9rmLK^)>)CO|xuWeoy8#*_m&($H%4
z`Aq^IH!5npOs_&36Pc(3_MG^G2Bu<;(v;Hh`M$osu0N;H-z_Mh7i`$Oci5b{RLq52
zuxakNlc?~sgQGI52Qrt%&fW|faJy+r_+{^mlgjw^U;h8wR?qvMijJ0j%{Z1EIwQWM
zUlS{GgY!Vd>ifWmo<k4Z?XDD<^=4e*wlm&sq6ZKkN%K2)?aIA>KZ7I=zrwI(c}dAv
zu0Ba`Z%}ynGakCg!-t_88G9Nh(Aaby-@P07jn%LAWgTby!1N1UEYZe#q+#g88`9(>
zq^fxLzSj%!4S=F#A^DsqJJrpe;*(>C2U~G>sEyy-kDWek%J`qB<4d~j?LY0>Thtx*
z5T0=!O1jE~MQXLZH9^e-^{&+xw+z&~v7vdOT8qszc4+`SoP4Wm{0sToZZNX6af(3;
z)LvMk1zYL1+<P)1q5JY9ai-($qM8~zdh{%N`&L@UxT6FM;1@z#H3;}0oh?U@F24f=
zv3uJ#oYqiau0rY&IdLnlRy+zn*a5|UU}k9{4t0mDcnyW}G}S$#<hk)ZhgiS?IUhY0
zpU#;>?6x#Bm1h}9VT#h!^e*OL-->UxjIlX*;J`(?nvJ72dHm$BMckAeC%+#reE7S>
zL9#CbE&?j18wd6d4{J`xn|_-=bC%{&Y(X35`tUfglIF@DTh)n$<3ISciJo2NwU$gY
zWBT-pjOi3Wty@31qmdBP4F9oDup`hUEYCZgoN}1?2I5HpD;;W5mFQe7_3WmP1iZX7
zyE6f&pw3^+mlWI5@($N^p7lQlZ1#kmnM1RgrID3O&?Gr&d0w7Ei-_B69DxW`r%jtt
z*HU1La}p@2YQo|}z>T~MoFbbiQ4aK;Tc6Xe`<~<nj}MK0^Z!oQl=^)9J6*%IiY*-d
z=SAyRy?eK30_OGK&`h!v#2Yz($&$+m1~dGl)(ti{zgF+t{n8EeJ#L4hh+OsScw+e~
zJ;H`k*Wjx2-uvMhpQ-A%G!zb@FjI)Me)8Y}xxGcJR!m79H=Ux$x1&Xj(E^KA1iY20
zgpb>Ec7$ArJ*M=tuB}@mh8HZ_W+4aOtv&SmJI|uJISUpRt@8HfVX^(XVI74$ih!K>
zG&v_snMAi6#vD`!B%X_|h0p^D`SA4`yO0Fx7)akx>o~ggjI$&PwZF@9v2gliht{nJ
z;1&8kLuvo%k4+5vG8E0VAq)Sajs^w%p`XV>_f(M9>6NRLs8m^7g<IGmVh^hF#s<#I
z&%r9}wsM};Gxk;A0CkKd?Zr;c%`JJGqEplKPrvnQ3pk?AilE)kI3}>hoW8D*Hl}nE
zPM@_S(2E^=;38%}KEG)iJQiZU9gVA!NG5!)UGv-6ui#KxOQ(_Kc<6h=8Ca$tDP5SL
zwHU6@PD;^&w2&H{K^~!_nw()nBnrmuy)Xl~x0q5?xK{{O|Bwj;vSx~k`Q;O8`YdA#
z3FP*Ve>ds#_z5+q=tN7No3q~hh5@6R<9|ArlqBpN0cHg;GF|Mh|A5`8CT^q@NO?x$
z6D2)gkR%{F1EdD3W>yhHs(keC?6C*aPt{Q=naFd2vQWfqN<YU6TgjzKV@t&avpsLo
zi=a=leLG#HGpA1<HQn=2T}ghrrAucbGZ#N<xGypBl1N;2z+*o0*<l0>XU~43FAAr8
zGWY0V!WFQh6hmeko#UHX&FT#SD!8s$=K>%>^!_@mNH;mcusLH^wYW+1#T0QJJ$JfC
z`zs9lv{h64jK2=PS-&`O;?w>!xg%VN24i?ec?~ovK3cp#=7Ct{Fr3yppTy3v#OSQ=
z*5O7%CQPSVNCW@tuNrf*&^tn{umS>zO+Y1oPt%#u8SObrsJUq?GVk9%o077(Vo09>
z?0sjT7X?GWu)nROwwwsa6pr;|w%jugfwB=#4Q_wr-n~fjZc;$B(bD<_A#br!ffY7W
znahwZZY-z+t{{>WrbXzRF}!iGvpXFdJ7!gv&5xi)P`fat#r=z()N#7F?NV(g+Laup
zP9yw=@zfnmNcc#Tu*~altR%hLFj=TqY`V2DZ87E7wD9YLiSa09;5%f)yVu!ZYa5`t
z0PY!X6Xt7V>mm!pFgF1lJW1kmY;SBBNn?QFn1l)XnEhOoPb{priBx*_n3m5oHdf$V
z2f<|n(|&UF-#H(fk;H<77*!y=EU<`vi)NprhJl72HRrR@jOe06=Kg#GzcSH|Fg1_y
zj|!U>uSrB?6LuONGadJZ5zyM&TAE{sU3|fz;_+W1h?+KJ4C=jT(`H^?kPM(b{#B;c
zt7p%l++D~_wga&C?R_(MJM`Y91<;Q$@CJULertrg#<sXPXAh5R*ok(1he_G;e>;V4
za7VNXNV3xvr%24qQvUEjJ$Uc{3Lx6l`pf6l!>~Uzjr9BV-JK_fx<=-k)o2VH{dD?_
z8B@|Gz|$}gMGcvomGu_Y*Yw-2y2cUfY1ET-0m|Yk83cS0PhfNksDzda6D=oIyUe5W
z&#o3MRGBEahyjI-PTU&KeMe;lRJ8$3{+hDh*>=Aaap&V_&wiq>K{IgN6u)y@+Yvky
zJ2eL30MwS@^Hqo6)56W0|F@fO&_{RoMY1e-fbY2eTY)Vivea|uqD}W|3uO!FlL7~k
zwDegx>4|=4b=_}J2TyO<?YE4syn~3!8b*h(g%EdfYC`i13LH{ggexHl%9l{U*`6X=
zzu~M<<Sn9`isn*&xtFQmHCtU=Y%s}(GwmeW^6o7=J?H1=ZRp=oxozTvvGeBnqnD=(
zB1XMZ`Y1nA$g{wr4Ez4-)mNBYY`+6%TZfE$2;gYYuxGPb6FCbt`Z*^~Y|&Hl_iunW
zp<M@dpl^q=Tr>EV(?C>H)H)k8MGFi;vi+yll58o>$t!7TPg!hGq1P5>4J}boifdSt
ztL<1afIk~NY9eV~OkctuxQodV#Tw!^0c$ZWbtfmFfM@4OYvImx&ilgo^M}x7(<mD%
z9}70)Uo6zXK`P&ulg7%+XU~~4Nsaxw6yvlIxWwRkl~m48E4Hs5aCCJ1XK^x*3EPr8
z&aNCF1*GI28UBk!HYyMq1*Z?XC^r0;7GMU~=a{MLBIN!QD-_j!a169fPQM)|yuz93
zIf9@fEaxygpXn+_ThTI-7KI%+K(FKhVdH1N*yG24quHZUrfx?0Nxkf59D$_z<jE9&
z>p(q%4TsgX8_k%2yYE!_2IRGGMSup<T9%V14-UW#mQyuo)C@n#W+0_c5w=hyWqSV^
z_zL0Pmgi!0dejtIH+5=RH~u~dKcARP>r)xoM<IWfIEtZ=7=B0+Z8(kN80;||MEqe{
z2oop&{tKGlQDKwh!w?TJZIQDxdK>&B?d=f`Zp=IgU?EzcvR0HPh`H0*(DM)>(96Qw
z2p}6+G5QhEvWSmGS|g;LV@|yp(`AZ_OBoa$?Zw84Lv1N!0710HnG+`#vn-l+6;D0s
zP?)K#TBQR*Whm?5q#gz3&t@WoBiS`JXHPI`2kG-cEZ@A(<pN!z_PyDF86o>QF8a)o
zY>X)S_(e<EwN2xtV738E4a<pe!8&H&;p9t(cdhwEwB~_9iEtz)rn8`dZwWx1%Fr%_
z&4>{rXwfM&^*PtDTX@@n;!x}|2Eji8F9axg3s8a|eCYJJrcyH-2M0O=6IQk8MN@s3
z#-R78fK*g>@OT~JU1gT=^|v`QDJe!IYZOdBRd88sr=_(N4|N1gy!aPhPEL>Nr^rbq
zmc&bP0kt?T&Fy5ZLF_b@zCn0Y=uN1CJ)?ZW%Wph&@5G5+gBCo_&o{$bCnIA-K{?ug
zF+((LjVH%bbjnD^Wiq}-_F(fUL{uj*b{BA;6M4eaT5+nqeFQ&=xELBb5LYxN4}ZEd
zKR*@YKL%}=FK4jTSv4rXeyCjZAA*+~11&sW93}DC?cd*C2!u@Kxsf%!yL2h$L0}CE
z8vjVP`Y}RRu<f-!IN~+P2l|u*EpGvV5VEQggG6qdI799R{rY`Eib(S@j)IK}v%TT0
z=&xN%dZy5N)(qY<PeW>}LvC2J7ZWIi0r=t|*#pBdB67No#Wd(3n))x{tD$;ALz7?t
z6h4Kjv})y?T*#>zGOA^?HWppb#)QfE6DJsGgBPaLRz5}NbmZ~4xZZiYz0fld93Y)_
z)|K=@bHZh>B2qoaAZyg9w;VWtF`4hs03#y;KH^1gBTsQ|?ylcH2wt`itdo}>+1lA%
z=F`#1qZ$UrlRbvBsNpo1Tb#5J{t!vWh3h566KgyoNBGZWc8PK>ZzM6l#F|MNb{74h
z$xrM2baH?pE7mzTl%~9RlRXU#u5^Z#6{BlR?z+<wcXdTRI&r+C6v9x{jG&*bg|RE`
z;onTH0sUq-w3(y|?p}&%GtUDV0^KM-Bw)WN@8_{pkV|0&Z2CsFX6UW%pmiLaj;4kN
z(ldNP+@GG?@XSq;psH}DgF*=JKmR&ZNV{UY=S-<Xd%|c7=OmC~p1N}5Ob0AeC7xJF
z5Xfhbm}E6%{W4L2tt*?FxAAQB!eu@}%kAH{)%daky~gfO1JLn&6B7BC79JDiWwUvf
z=q;KInR)3b<LSn*o65@Clp8Fp>)c?w6~7SHGFH-WM#;d5i=_i$q{TV8l+TfUl&JTZ
zIW{mEa)A@&i&@b+X3RUnkJGk^s_RJ!FsedJ_46b9JfR_Zl-@Ob=n*iI+MxjO#th5M
zGqdJ9J6o>O)_{V6PGpu<{LA+3p$&VQQCYB+3UE2XDLaIEM}Wt0MFczn1A&f2$Sbuy
zVOqG?U{KzC<42&lG2VxPdN6R9c3Po7*|`%P3MDof^;u6Nnc@lpIxw8ec^-8*a?sfq
zmpO1dPpNjF2)1A*%@5jY)vCc9qk-`IeD2W|&1}SI=t*09`yKJ77O7sVRxzGH=sj>t
zbBLK4n8XO(7DJUZwRydJN4aP6xSr@q{KM!D-6vPvDPf}dKmTS)R?t9^0~g(4nQ~5x
z$2mE!jI3Y@3#EG0H2hySV;DRhr_zY@nn)=Eux%$@FQY_3II65r@4x9gx`J|aK9!Y*
zi+uNtJI+u51e5OW+wVMafX;q*Y-})`KLdIc1w)4(I<p+H!lM0JvH_<~o|IQqWP+t9
zy<iTk*v&Pt0EqUn>8pKmC)pWjduG;~s;XVr+m+1WnlV+<)z1#u>wyEjHz8TetrJzW
zy81|SxChi&93^d4XO2DHDc9XMq?#b>IEp#S;i*&lo<)$-yY{lOES5rN#ii$*sXY~X
z(me>BC5>t3@vMzFN{VTWGs{W3IlaReUR-$Kb`(DsAW#yU?PhGh&dQU!gRHq|iHUSl
zcI<)aqe<sb%we_~Fp#fANf*UtBcump7$*i!`GUN7k{!ao1Et|hdwj}(ChXivNgh_d
zJ=6Bb{C*)+WKs%QJB?+Y6ZAE+Kgr2_@8;yJLCAphe}RP)U$lZ6nUi|LbnA4Wf+HJW
zZhZ2PJ~uo~|FZgYO|AdyQoFv1OZCk<Po0`?+OEsQJ+W7f_D!`re$_Ry{l4%Ak5a6x
zQg#}TZ`r|h`-DZ~eS6KG+S#n|NBZyjw2ZT7mnU}bTUz|>_c6uNbycNbE-%jcb>w~*
zCGtqfdl*WXEjoevW=c{WyK}@a@~6HieoQV-_FTQX7IZLFTlI%M8571Bl??L}IGXz`
zn;DRs>DZq!OUq!*ZxoC}O-->IOlq?#8>EX+><9xswV&t9z1kg;^@e4PsqmrX&RJ2d
z^s>cA-(sv8BMM91S*`x*(C6^*bb=QHDy6(c$G-$iZO;by)sn(`PB2f%18g>^goQmt
z9%SMZCT2rI%2H~j5sPWTas5#iH-Pwg6pfcX7lx%Ytdmw=$cF$~{yc2}tU2;z@BodC
zq&9<hjEv!sMjSjS?C&!CJNd>nRWc;^m1M)^?A+;grA|fq9WwLDbK?^bnQ{4ytzXZ|
zf~KY~ed&o<n9da7p#gG!|G>Pq?bz{PNXWV6ugv*kkR@!nPIz%KkjHNV*N`v8L&T`E
zU9Hh}FKQ6DN9HZK;fVd0FY90`>2-*mf4!aL70Z{06QQ3|n||Mi(+FDPqjFj(1m3!R
z+nLgm31BD1@+nL<kt=!e7YGv(#)2rKRRYnns!@8DHt*}lBHOWJPsAsWT>h;*U!S59
zViN(O&xfmJ^RBEO;QCOIl?cSi=6iJFy5opUP(e<BvCpRyQ5~eOZUiHFwuaQQq+_ZW
zk-vQ#HDaCMB1ZV<=H$GY3--R4oZQt!>uWDk?(o+djtFnL-rc)(qZZ>PX79=m#oL53
zmq&sQ$@WS^>GRcPzX#y8E7NBphL>AyDwT)*4Y8DDSP@%wkFxlHY{ZK@jXX0bTAKGY
z;QBs2B}`Yaw-Z{ye_GlG>XE*G|M^2OInSio;U<!v3nvS?^~gDMo;RM8bC(pjQjnQI
zQlOExDrVcqN$XHrn3tbPO7gTFyLoOG7S+-V4V>4)*k;-^s>N5?)(?7MgcI3+{>YVD
z8FJD#`L%aFC6^ft%Q1G>a$*cEF8Afj`vKs)cVFc04(FJ^uiCVWscHDg7_@MEbmXH~
zkuA8<U=y$sFqS1)4*`?0jjuJS4PVRK?6_G`9Fn(?DPfpO0e1e56X=^+x7u{Qovc4}
zL0KZ52{=|Ze}uDFWKIMHyy*3eA20M&P{g!CxM#$nk9Q7##D|XMnah_fc{ctJ3nj`v
ze86hcYidKD*#nmp7-lLWU$l@Qq+$18GhRV6gh4lw1{DK6K-8AZ5jaG(zua@^&`W%0
zYPC|nGvql(@7K?7y$cben}Xm1s+KT(L`MZ}`Iwb)s^<zTq35wkfaT4AL4lY;NVOZJ
z1@y?0>+FEwy}_pQ9moFgHg!qqJ?_U4Rw$T~3w1ta6r7hd8O}r?gR|Rlj0qMmKEWQ9
zu&`;!9SKTfyp76?>C>>X1F1tTmAdFDg4(g0f>m%TZ6cM8p7p6ko&#8Qe`(i91<^Mq
zm9b|`GrW1rmiG@0x{c?Ap`jb)gM)f<B;XRD$vFC}HKTyv+>=#v8>D-!;nM{R+PbS|
zBD0yync(AH<2KLU{_f&r`}$8hYxNPRL9`(DVtRe`nl*5NLS0>HGvYPTi-<#_5V6#&
z)#|DivR#zYh-{B{9iH-YM<u7Od7#VhUmjT(K?fhQ^Be*)9kF<1gYTY7J;}iW&jO^N
z?8bSs<_Ce7A`-<L7#R|kMd9kX7dPHIIsG)EIJTQyxG=bIw%@<t9qv75GM;kt>bacw
ziC6QqCvB9zdh_^ZPnkRS+Nuwafu6ZqU3&K1rnmJ|YAs4zeWfn!X|PNW$MBVLq2RGv
zgO^Olc$T-_48StL&Gxw%DiM=WP^|kV%$PbA3-f2Bic1%%XUE0Zz#L$?nRa%`svaxG
zjoXTgU8J?XXdpl>76ASbx#2SM^l2^K*jM+yu>>0R*Hw-Lk1#AS0V67E9szFUC`CoZ
zY4w&stMTKT$F@d8R+Xk=i<9YtC87IYEp9oYQvl<Ohrrk`A3YMy7$Blff5!kKD)b!W
zbIvY>CY$>8HoW{4bvCiy1I`&#6qa-_HkiY>j1@)<g+P5IB}-qIX-j&eX3W@!#9`aE
z@#M9)A1LFgg6d)tk^0bkh?t8>R%azKh!ot9K&>u608R9k-V~Zp0K0eWSen>CGJ=Fa
z)dOWiwuJS~rE5nahjB=Z6$5g-l9Fmr)2F%9p(SinENeX*H(`P>?R%#~cZGmUKX>~t
zcNZ4}3pH+}a64iqmdBeei66!QTfRduQb#ipz@tfpfW!duuDen(BtoB7!|Cb<>Ya{{
zzx0Y$b&KZB8Mr#{5rHKNfcoNq@hcZzcvqT#m_P=LmikP2?Kb`x@q@?qUZmL%8U;?b
zH!RcZ+qa6u>=fscgKV1*A?+X}%*lOthL&3WpI^Wn|6kvOiQHE^023cFcQ=#YZfpAk
z#(>nztc*_Fm!-B<ZJy8|F_|;K#N<F&*wUD-;g}X#sF6;Vr-d^5ckF@YlSEeR>M0$q
zUjC3@Mv4elT;lr?aiK<w&7s(h|1mZ)dUXBzQICzF0mk!;_x_>&>84anp&VSqhJt#R
zkJK~c)ovgj($pMnX}Q$Z6}|F*|5!{=J|9Eao9oyg@o0`}lP2@2>>KAQnesYNX?PFS
zdL*?ek2p=3Y<?uC-^%J97Y%ka1byRy>xbt{50MR(ak2oA!jq1)$_=Y4%Af$UP@{<%
z+|M)P-OFOa+)rA*Xj;NQlx8&4cjc!&oCd{-(&m;sTG`E;HfctgFk8F8$>}TfwD;lX
z3<+V#8gt^rtv`=5GvDB$7_23_tJkh^t$#dUzA-RRDexRP<N15u8iM^#j0bI5F=kO(
zN>IOXRm`U#QA(ZPV{ZKT@T^x+tz>t_WHWs7m@zlG2g{$H>uhLv=8{8nw8;<xCI=V7
zs>h^*{c)t{9X;fiUrm9^0;zEk$Szz5LoR}dUHbaKyFrI0CB2otjujE)I3-|dDLz<Q
zIy&oFVqfo_+oxYf@8GoFZj9eOdpe$JRMd@(wfK~~HYIP|az|NS=$5*3=cKnYj*&&W
zDFvEMy!4SLk>TD;lSg0Te+SUHveI2&|Mtf<5Y*52s~lt0*2HIKUaLZu4>3i?)7LzZ
z*vz(;DOrIpXNDOCWe^EwA}t+0VnhS}89bUKSlDHL1Z{1%S{sG6TEtLNKizl+uSL2;
z;seE^XZGj^`WK|9q@~G88&hs%XB#j)(5u%S<c*&!&&bK*1uETb9S0=*{3q)@k3<`J
zx=1^2b-473eN-3Dx1lh?gcN>-+kWc_C8XBHJ?zzO-P-k_eNjgf1q-#dEn@q0rNIkO
zHA!?paY39<M@>Pe7IyH>3e`^LlhovYJlH@8<nj>lkRGpGpX%WfsE4R3;nb-*dTsa-
z>ar$<MQ6bii}!~anatGkH<#8OkB+8g@JLh|n0A(yiium6fqe=yi}tO<CSUBT!lRn*
zN#^siiJU+dH&wPxsO5h`&(6?uby>UU4+2x1CnCX=BJcVJ$y(K}{SHi<{}~>9?Bkym
zrNy4ksw*im{Vq-u>PJjH@jQCF19$)oQ1MS^`uXx@)2b&N)*s)#y&I~%F*C2AK*z|%
zX4HFnJlLwjAhJK%qjwh4fm{6!HELF%V}kps;(SFtIKl|aPKbE~e>wN>i&eVp`rrxI
zT6UrP-=NhrZ+zQ!!jZn}<HvhnMjZwk(X8|T@uuxpM~Xo~MXs*yQfP5`0LT)euh+f_
z-f96a<EGi>H~D9G@!Ppp+N%0}`&xqoQSUKs#U@>5qWDbqM$UU{oKQ9BH^N&?leetj
z!ov-wM<n!O_1P0_<w41bgom^XNWi0u@CkUj^-CX#_?_%*SnC_NZc+FmKQh)~Lj~|T
zfrqgg>Da_TJ@{uEUd+Ryilp2N)Z;_bRMLJaW7x4}^JZcPB+2FUbf6<Gu#3aK`uGm^
z;J<q4|G1o%wywk3f^PSM3-(7%UU|;8jn`=qFf!X-`<7ti%~2L}=b|kTAl9S=#(uoe
z`^T02pAJ)(r7z}5OG!?~?1T9Pln-=SUJa%NyL3&|eAOTvu7@qU)0T9n8Ej0G0x6Q+
ztXX;dF!wb5Gu$Z7H0>U%gZ*PX#@v3hg5QqqEJH#FC>RmTTp5kidY~TFX<qFDk`y*5
zkRPOYzPh*_=m@HQxj&7&$d#r!L(<~X@x;@(;R5whzW3tgsZ6r7*6wVFn?K<YKNX9c
zy*#;qUuu&+()ljR4@4`;$%A~Ro~H-J(i+fhPHr=Y1ZK4;0r?;&dT6hMueZK(^}V!q
z5I2qc)V{}s7DCv_PhkA3-a8#$6gnApWU$-EmeAmE=fb4ROzG=7!}h)T53C;~urj~P
z=y4ab)?TOBL&e=d0|`e!Em54_=Vx}3?~i5NK9CYnN~$}@UQ9b=I0)Raba}M`5Ymrp
z`Mi0`@0*VOX%m6h1KL9VkXzYyx3;>tS&Jug%Lvr<HScz$r-O<c;A!VEQ)E&5XlITS
z((78<eO-WxA!0HxB{3~+HAfVj1NX;3zF=MPormhIHMgPh?5!rJ=7a$bJlX1R73~Tw
zqNf@3>V*pNL~JZ39t@}vbbR12N{+O;0wm;%xI;e858fi7H8dGKSn$hcO0rh)p^{z9
z(WB}b8ndTP9Z0E6Dkki&U;l>(j>{OTqat0NZe<lrMq*XD=<RY)nZK$sUJleYrw>9d
z^%*;M3mZrwr_f8}+)MU+cZd7c$<!<R#S4f2lV^YzF%+YBo{d|TSxedEE#Jh6O+Vwa
zx$nkriFz(Wv~&3j0<EFc0ZxIXcr(!>tDKY9bC%)$bLaXO_EZYgL&S_^WiX+SKTm%=
zRHxJzlt%QQ-b*->Q3X5QmMc5-`MGF{`$?NeY7F%(5i}5oI3(mX4!eW`Z-X+!CR5YY
z<=>Q*b);g_)P&zPPfGqAee&e$zxD}`jK<pWs?zVxDpN#1F%qVbSB|w@H|#=*I|#yW
z+__UhY9MlcxMNXdZE0CbgeQTm^!C2Sg5=kG|473Xjx_FKjbrROHYmt)(j?{f2H*O_
zV4<EQYR)_7XaNgntNMrLRP*dN!-uJ88W|WE2tP4+gRWexR)5VhO~=rWfeav(G3$Mi
zA!7E7C$*9Dw=vkuo7MgLMHTDD7!1#g$g^g9qhTz6{P@9Bs3-3Af8ORM$&y?4gD;Kn
z;4nBkJKKeMeJnIP=w^MFU`XLA*MW>OGW;>$r)kVlU?xo~X=U?GTox>if-Bof!_~ll
z3}cOERE@^4j6Vv55HbUT9cvK14PLkE+&Kp5oq?em6yu;lUw|V{`b`3kDEkf;t<X4l
zl%#X#{uzBociYGqVSO}Y$hlc(5<6Wze*DIR2Obn{U@nIdrjl3pVU4R_Yw%<pw)X2*
zOp|rwpYfNrZVmZtvuW%xhHvN;LE`xQDU<TV$OPZ54$Mk+<A$d51n?Z~(NU~@&%qIa
zzx3PW*r}A-1EDdP*@MNu_C=vWPy1(!JP)7_VRapZogYb?NX2Lr&~*fA1<DOv>%t;i
zn)Vtp<Y{j1GVGBE%8@Bn2iOsW00T=6`p(di4>d-4<&pjn+z7-=PO4IAoCH;p@7nbk
z#E_T~z%q*U->jIU2s$|C`3q`<Du&~D^5~k1xoYx<^Yn9VTfC!J0jT`N+Y1}yAN6M0
zboEEZ(2jr@6IfO2?@VWt(X(bf{X0ZRQ9OL*`<)?bezxV`>1^t@Z7XDf1WE|=Ryw9)
z14rbPOnkoT;Azl5Fci}BmDwjHkR$L9x3WnQ#zfrxl|!T#?dr|Bq>{y>xXFT$O`0aX
z0;vkWaM2pUcM*JL>RSI9Fpi+W1nMxi>`GTC9iHMZKfj5d*i>UDg)%vVA)T~k(a7GA
z_fI)BJ!xY=v?EULp`nd*mYkX%o?P9Ot``){U|OfrFi)4P!(_cvoL(k12>_E6BkZ)r
zZ~nz-o!%^A)EOCR<=sNfkTL>ZxU*Ta07(p7p$(xgLAM|Sy*SALkKYiT7SUG1+6=@2
zP&_l|QYh8T3+2D3*$>4ik0m@Cod8t2g7ml_1&K1jyKh-YcJ?@qfNn;19Y31~o!vnM
zZJCJ}UXrBC=lPl-YIf~}-doJ#lMo%nXNZOt(Ocv83f7ojfq(B=J;GQHdi}PlT=a);
zpLa8rE=4;t<YAAgF(vh<7wMMX?aS2Qw}^x^hw+W$`;cmwEjn<7L&Kedh;hF5RY7w4
zJL5lGZn5Kc3HpbW1_Pi)V&FayvN+%ms|WcZ*6Pux56jqQ4LhV*_PFu!kWFSyVH%B^
z#s@?G*=hfVdPEceJXnenK0si~OjT+fJ`$@M2sVCSt-88&S=glU=%43eQG7B`nh3MJ
ze0it#?H^YMt<D<^x&{V(CNc8F`&=<W)bZhQ9~vuo^-?2yUl~=;fGk)*+^Fck=XN;5
zA0a457B7BJ?}4J1QUp}Na>bf&A8eD3SwtW;_#EGRz<~4c5bUnuMMd>F-u@ciM-ZK7
z5)(=60kSOfEWTWxJ^gP;#ye2U_<#JZZ@*K^;tsOxcFRJy@BAk&^^e`n9(VjNEx?;B
z#a{dF{BZmjcJQDJp=ZGYPr7K8LCSf;P?I-JC$ApZzyI{flOZDhWWAv@9A{_8ZlRTs
zh96h2nLGDL^q-b$ojNVYgbvynmkD?VB?JDtOig}@g9AIT^g4IWTzM>)pNp9U_v}+5
zHb25q)b$so$`${Hxq$0&<HnIx^_2LPECy)wSS!$|V;szuGt3C%WyYGs&ZuQCD$2@G
zJew=2sNmQ5jJyHuW8vLive-1Vxpegbp&ls0$TBqwFJ=N^5R?Lkpy4N2ho_>VLQ{Hy
zr8_=PK&@-Ocf#tL6=%z$f^`^lXKl4rQP7qx*VcR)OLfHyUISEuBMaw-8fW<OR#LPB
z0gIC~m=-J<0@vR#9Ywo=d<48Lhzb@5P=SgNP0*L$LoR4R_6~!E;T9lT$Hi!px3;ul
zV`-u^9DA7=^egX|p5&<|dr|+u$W#%pF3y}jb!x?{j11iOIt}W7=wI5%#t~?^*kqBZ
zbJBGXgONmMM%8#ddGcgsKY%%Ccr65wRT06==G646HV&WyM*f&%U?K<Sf3_krM;Jj5
zzc40x6;&P4hg(n&LCUb*Wbebf$d^y3#(5eBV`?YvW_#}D@Cke^o)vg@3JXpo<7#5|
z-TP#xFZ8ha|6rtG+Juk-?<v;^`tz_4y<r;p#?+1U@OeSP&~9G$e2==cmNaW#hmNJT
zmL!O<4JpDkzKK&%;A1v()8??9HZ6I5Ka|tl&?W<4m4aMpggeDaYD36aYXjl`sqTX|
zZ-#Wh(1h^pMCVD^&kP>y{^M0~AS&ZNjJ^?MNDcSs^8)Lceap@khDrA`Drp5+#7^aD
z;tkTx`$%4vkf9>`16e^IYaw_9l@_UF`h+GGxft{0{tntQM^Q*NhmLh=T(s)w>}&#K
zH`hMqe4$(C&bqf}?nXR84KHtD!16ug;*yeX{rbInH$X1Bh|o{}8Vok<iJ5G&x~{JI
z!duD|X~K(3z&k~0H63kfIOO0r{kgD-i(FiurmW`@Zr?uP>>tXXX#Ju1uTsN^4Q>@j
zL-{w5#4at9Dj<&4MSXecq4;{%WEfZ-r$vi$R3DC_1$Sg(1d=V9fR|di5<b#exqkcl
z6=$j)UEj(D#Is6gWXx;-?7)6B1R%Vr%^{fK<lXC9|D>isWlI>=R#y)k^+J+Y*`2dW
z(hJ}tn2lZN<U~bo>AnBRu}i~;0twm8DOPS_e1bDSzAr#@`n^WO-?W$3Ca`x07arWR
z2KVc?n{=nn#zSNQRQCK>Qs93YJ@*D<cSF5d0yn5{75?b?&=tqWSzE)IbN}@;K$%LH
zIZWiP2G*_df2d@Cp;}wrw|rCX{;)6_i_gBUUA5{0R~6b7`7Ae-3lzt;CSGUGJpa~N
zF8VH4=rD2+zy_$ApZW6q!XV*<6%*Z^2UAEPSG<;jvI>bR@af@8>1Mj1<gBXV)4nH8
zdU_b|9*lcn><AuvNvuw&Hudtrt!c;~Va#|)afw*)Wt1G8Y5Av5QQ_e~!O*-h7#_7g
z!!8_75?@ljoU9Z+v!#*};SQE4g2EQ2i$k8R+N=+XvOla%qpida)uNHf{3R;P7P<4%
zl@%63>;w9WAV3OdOXJASvK5Fo-1xniIhryoxO-T|2}^uQc?_6HUkGJIe<5FC-nDhK
z<|B_B(e+VDNK9PDH9Q~JU3L-88;P_Sr5wAB_wV0QI3Q00{ZJ?5yj&wfcxYs^0BxQ@
z`6mPmX7Q7#kf;?$z_e99zcdKb5u|dwTUVu#+<7Wg02+|XDXwY2_qQvC(6`{;IVo<?
zT?**OCxubDVXX!!mQ|CfmAc?b!CeoFY+|Yt$HMK0UY_BH4?pKJGCarEOyq}i@wj}S
zo9$Y`M*3q!9|9UZ=A?~AJF?!e-?A1;g}xWDptG5(%r<L&D=F|K3N6s9AXUwjLg>$L
z&vZlqJAC+6QZH4bkQOi~cQKr)peo9-@M{%d7)W7051i$ot0Aq%a=z+S#)!h6(d}?r
zM>2+!RzA^kO`<(Vv&32{&c>ioem0Z>n=Z`o#c`vSi$EWk4Mk3a6m!%{Jy{Rj=1w>d
zC8#4_=9FL+g4XoJSyNg-K|zWZYJ!pI)r%~{KM9*07|e4kj)L{G!DozPF~yC8#$YPg
zq_?t(aEqvBe{;S;y5fQ09;sZUheGdl-TL+8{rlTbnX)G`(%sQfwoEx7F=+Bq@LL-g
zM8XWuX|>^;=7F`$LW6i<ZpAx8m_S5QQ3#kaIjY93Q|s13&OzsP%cf1tV>&NdG~m#`
zx$6|AtCV2YNYsMI;@CyC4S4Ei*4pSU!cwq3a%gl8n*AOBfj2=VdFdh#9pjDqlMbpe
zT)1qUX(VEZwfg^RD5$kPet&e}5erHL>=E6UM;$rhM}bTNthzNt-hzd$coLBCp^$v6
z#|F&BX_=Q%<M4hFHR_EUPW*Ac4W+uSLEAf+!hkR;Q5?T}$JoaXE?paWB0iKL$gi@j
zY&9v01RfgMHu{Nx)&_*LFX)zdx{g%p<)sTpf=icLHyX);SR)%>Sf?>8bL1m~{N7B1
zkUrot#jH)^3#9;hWO9s`yLZ5{E%uq_4E9k~fh2h7jRz0zZr1km*x0GI33l(8F5&`h
z*+G7zGuftHyU4*yAERMs&Sdg}kpXj+81|KIMSrHOJm;LF9K6R5b#guI)`JJGmkuQ)
z;DP|!%l-G?by%#EpqV+rNda*gQ(cWvhlh>h^R%5tz*5KtzJ@PNZ214|+$IUwd~?l$
z&*ErB8m6my>GI{rPo8}F-JmOZsgv`Y%tv_1yAnhM?C(tx@Z-heLHuA)+P&dkFQ7>2
z6EqLB;f}&R6U9i{wzh~%kiO2f?WUkM&R|Y@zZRQo5XOPyR<B+?>F^LxVPxfK`Jk*d
zd>6`XIu&`B1Od&yg~r&ZJ6wF6FZhKf{rf5af*a`qY93&2X7-D8jvyE|(8$E3bawjO
z%U-9hTsdskZZ>ev!Xjo+a#N+lKYy+jQio}>-eeVFzrtv}g#m}0skvv!=BWC`+(>Sd
zylvu>KLP70nFkLV1WhD05F2=<UR_UV353(KR=^;Eh(*i?nVch;lsd_)=|S)?zD<+;
z`q-qvGiW?$1C!hVN9<A7Dv$qz?4pjsmp<tqYQzyK4xMB_0<Em%#?72H3mztwiFKl;
z(x!lb0E$XRuF%VXGN?zK*xSt;Gj#6ki^`4^HHSth)de9tQ*K0F0!AtfBT(|u65@!)
z#>D|sRx|2MkL(4+5Ykw*5$uJ5DIEXrs2Cfd3+RVPhkx?;Nlo%j8DQj5sVrT^QtCd)
zn7XmtYi-t;MrM&sU-Q&A%9Zn%sJ<V5mRDa*|9K`?4blyp^F|7r3&Q_LKmFix<ri%u
z?!f`w5^~x6d|*F4j-GmLrp25hlEITOWlFaSP{IC?up9j;vIw?>Rwl?$gmoU!T&AD7
z(pCzES9E`I`GN<gVeTCemh9a-ozub=R!C4F5@BtLi;I!T=1;T=GPrz*Z4jAuu*9(v
z@&#T4Ju+?&bT{VAo7Vtna|&wmvdoK#NoUj<RMEl)KuzAFcwuMS8Ni$KvkV!FV}Wnd
z0?A7k)<tbJ&1?B1>E3~aebkNX>wjNLOx&fXL|MYSI64x@0yq?5k*Wbq=4n##P$Pe`
zUc%Iey}d8hKNX*Xyga?_J?-97!IP+1Z~i=KQOnsHl4<krOPWXlFEOqHbDl4(<es3!
z1_{%@9Ke5KPnPp9KyhWI8{n1XcXNtd8r~|bA|B=4!i7G}dDPKpU0&evZDh3fjK&Of
zY<yVxle3+A9&75=OH^)o={(fHEME3@cB#*6_`*W>{lMi<!)^4)fC{A6yQfW(qEBJ7
zLDz=<;<Lg+8Wa<OntDpc5q-KnioN@lIGye}BtWp1(u-M4IS?&D)!aX1E?>WWBW(SG
zRk`K<*NG}9D2Ueb!Gp8-J#={bu^@NQ<Ce54ry1-;3X`-^cHhaxr6bL>%BKUCF8zRG
zlfQoh=t)CM>#h74HF;%)uKoL;bN+q*iau=6Q!XDGL{^vK&nP-J;=5W}!bU~wgOc-t
zVR=2+G(%3p2g|TmFH?>k;Q>gjtF8S!uLm-4@&nC&G9%C)HyuhKcB$7B%EnL1?FW;^
zQ^p+viyRqG$DRyA-;4ebq$l+{ygRAjJH82p^;9`zb`C7Z)<L`7T0uoowd~X$S|b`=
z&KnvQLVOV8(Ua(!EIUkQ-?{T&Dh;A}l%Q*j8VNDkk5srB;yj8ZMD9GX{{H^$cU*w2
zxg{)L81e>avxO{?;j+@wxajE5ob@o@jyjXQO#cM6n4++8KI)q;f$v)7jX62Jg5h>r
zs+nJ^cs!_wofa(Ug7`T;9wl`NAP|bMl$8q})@3R<9|Ot6{{$i=TmwRh8TAL4Jmm?+
zaEw3zkk(Kh+vq8F4TsGivVM|_A}8v_Q=ToNf#y7ltgV|iji#u}G8_o9Bhu3M++sYv
z*9^)vI{)bn-wr|1p~I#{Pk8(758}eEp^o`(jDIOUfe+|K02LT~429{qZv^<^MH{ts
z>pet~!lzGB9>ZMKkHAiZyD22D@)j_r6o`IQCtM+;fdfH}4%+Nyg;+ecL$TRwGrp+P
zf`NxvP*(hQ;6W-q02D(}7tZxrLKVMcNd=pFBg~}abnY&Qjv+RX;6Dv)nWusxL6h!)
z-)M_QG1Y_C@BS?UtZMV-NC<>jDQl<haG^)&(&gy6bDs(9-OW^g_oGhWxvhGluC5LZ
zMbnm|x{j8|<smr$9st;iGEFZZ(M|5wrArNx0s0_*?x`MNtUx{Hb4-r-K!)&jh|T0t
zzp~@MxE<&TTWmgx?3DG>G-x=B^sZ=U(>%S^heiO!I-6B2W2fTL#Ak@!)QXF^4)H+3
zy%}j*&7J!a2f%LKHr-q>Sb56q*&2*m>ckfu`iC=5hwS+%rGt~+L)S8Rz^8J#Vb4$w
z-C3NxW-&;bM)Em&PhY;US7F)R7ZmsW*&iQ^4orv@t+EK?kK97{HS-c)Zq}VVVFK*H
z{?Y_)^rS-r$1u%ALmi9)2}4=J)p0niwpM}XU7)U_i@SkV>fj{)I8!D^cihJ0V~%i}
z$_Y#VwYPWK$03sJG!k#bOE6X!tH*Glk!SyQu_e=SSJCGT`@}PM0Fq+!W+Alk@!>GT
zx^w~^jckCS-^1FvL5l@j0k=!d!XB_mu~X3^qzPXISXvhT@HIgUz`8iAh_Nv?49MMc
z7Y&oHU00GriT;!oOzG~^+bWKmG6};K51{=f5qLCr>xP9{&#H?^Q{*iwnVqFlKrw_a
z431xzmufv*nT!?~<sdc+Bs))kJ<jp6Z_ECtJci9Wv?iRFEfXO_ORH%AkAjNyWx2#y
z%J!m~{D7+X<Ht)-NuV`}qdWLx*jTb0XEHRhrL;C2K_g;Xu-E`33&~PS8)(WJp7}`x
zOIE+rcE;`Vuy;WswXK++f!wvPH9N&^C9cxM>(IXaOZ;Nq+LMd9Dk?WSPUg}f{^3@u
z*rv6N$FlkQA8+`iM#qrY7z-L>P&qvQeC41l?yv@B=38^2g|JOOGIZsZkuiL8j|`CT
zg>&azo;%W%rx!}-4Ni7o?AAkz>6>M%p4GfS5~(Kd0l~7xo*%&J=PQ-^71jJ&^3B0S
z@xs!6d!wT6JNB>m@L|nMqygo{!}10RWx<br?Y{N``=J~3VX-PW(G0djO$oF|7=J$I
zH1**KyY!iq7@f?2BPVlx8^rar?yf{Hx;SX0XH>eM&lG-#-d0kqYEYJg%$`A}v`h$K
z+|T{%+2!&k@h28^<1zodf71P|gN}|4E)RtxH-a9*^tNtUa@aXlA>m~^b@e3%8!rK!
z#;T2mJdOVpU*Pis;xvyuc^+*o(3Y&t@}htK__T`d1Mn=!@Nf9%ADMB4mG}OayUaXH
zdh|F^-Uki|fVy(T^{QdiN?@$#lNZZf);R+fQR2>!QLNcdfGl^J{ekzCj6`C10%WKd
z6{Pj)2e;TwsS7SWmMe`NQVFY_0`(}fNd25{dJNR$nkF`2OR=8yfZkT3p1_h6=s<e}
zmV|6T>xl3TdRsa3kYu;al;L~<GWqxsV@H@iXTNWNJ2u!BYWEhsU2@j}aL~2uDAyAB
zZg~rqyr=%WR{Je6=D@M3rvPIxIlH!PJH(&}H-tCevEwf137J}8F7B)p;5?4HgBC0A
zdf52@gm6em9@7*Q)eSHDP>KUzRXX;6jT_Iak5B%w<j;!A7(w9qiP~P4f^yi(+cG@G
z)%7o%K`ubN!1;4~`urs9hVaXK)1BiaZ?O(a#Ig;mu{`QOrB3BZ!0D|#pN`}tl)=2n
z&mK*ya`qF@MQOR0d%)`S{d@P4GFJ{cOg<LtX;gykpXy#Z&le?^+`15d?ATkNJo;z2
zuj}j2tw81-sF&s%arah11#HP|O6ntns&4J>^r}J}<)$gkg2&PyHAi;9Z%K=H5`Q%^
zQb${RlDCnX7pRN&&eq+#574aDjr~&f!Ypajx2ZIDp<!u>adW|HZtIpp@sI<MRASvD
z+>HTP&&CUg^qEd2MZ9%Ir|2(?vzEO?!@;QC{o#GKIBz6;t>O`U<$!L@*g|cDUAH!(
zmKF2kTc|kJ(?%NZl&wYz<3~)}11ndM7fpQNCz8&dhq>`I<A9_Th{Y`<idb}>urUZO
z`d=~_jg6U(Y}!!OG}`*B&yJhhw~6Iuvw7S@L)9-z%bs>QxFe#^uwhrKZ^AMsvZt;f
z9lzLx0}s9WcoIo$LTv0!r-AnC=OtWQ8qldbVRrs}M9tqhiu~TsZei#G4jn4InJEil
zfWL-tND4!_51=hNzfiGo+uEM<=L<RT{euJ8;j$t9fn!tBJ!KPpVyaG9L6%3wg0}_@
z#1zYG>_sUuvA4cKQ<>HUkE=^tmevlg?098<mO_ioC?CWQSM>GlM_j{~l(!&^T;aKh
zi8rnqWXK8(<`ed>-$KUL{I2mG4UjQQHBtSE1$(^chX9)_)X+bxi~>{tZ_!LJ7O8+E
z!Qs`4-NzPcU`_hpc$Z%GZ@9)F+5;D>ekKvjZ$O-Jo=^j)r>7&<rqqh}`BGEE&P@tC
zd|2@WqPD`D6VF)9@7_!5)?fIU7y(evYfV$GyV6KpmcX*ui7a{gR5>8WiK&EV==&@6
zu4;zm@E);KPx0VeePV?zN0Y2Re||67Lh*=A(OPQj>-%fwQv56*(jBL0-{WiCGtwG|
zt6HJvNL%r4#Smhid!h3z2Z!MU8aM7h^>b*5SmcG^B8L57FK1d>S^_T^ilSdcR$ZEg
zlKKN{gm}mUd>@w6(zz7BR#OwP4fl9Fc7aQl92w#f=)4oj&Cwi<K_pe4ai|3}Q547w
z%fDgfE^Wm2EiVGJoTts0!9*o3nm328lsi<FpQS(~-+)J`&0VhK&$#>FLAf=DoG-wM
z38EFZZ$fva>p;$|tgeFx@2hl?SQk3Pu>DeWXVZJ_D^<Lpts2LHA(`x$CZ{y8MQKA{
zho+K+qq}=Te0<UKowJj~2rPM(nA6?l7S=oH?EnT(&Rx40hv*(P%R~>40Wda2XrHzR
z2VbSLK@lc8@rYs3F-X{I1!Vzo-Y$z)k`k`3wUx>icT~Q0e0<p2b#GeyV`-#$j{+M_
z00(k;;tKpbDvPJ<1q{Sk;$=mvT4p$u#=X(((81DMKHxDqFkl(wj_~D$ATOIjPm1CN
zhM%j2-otL%v{Bw&^llU6z$j+)j7cl7xZ$htzOTwz`MU-iLTUnncg^|90lC6q*-q^3
zgS(-=gQDc&V9-E(@ew>+{BqLvaKGPA+1iaH3VxScNrZB;+}QU5e^6oL9;k9BrxXOp
z-rBJWkqPKP`7z8X4fFkOn6bYe68H~HCFPnBOw2QtFYAVkU2m)W%B#J-29W)xqC&^m
zRESKVa>1;$arDtFvFm0%lVLDVG|T90ub~kKZ%N;%VFug5c!a^v{7ASgCT2qVy-37R
zj;ty8;M=?2O$?IO1;NO&+cJZOEAA+iTnu$l-DK}-+D%Pe-P6N^pXlM^BXlDSaA#XT
zN=Nr5Nd3(U9C2p4gg#4%+7PB<b-Kc6ttF(*4O&|{InCSjZEO(n0lJ$uZ)W;@^-ELF
zl5AMwS69~L-`o?8+-f}4WWS+9*Ki`8oKfYgs}stZp}Dp{LhM7qt&LjZ^Y`zt?onpu
z<1NRHE2DYH#3~IiQkhPrO7tM2J*tgP(?EN)y`ubnj)#9>1R31-^yR6zhd6g*%U;-X
z?Ew<?ui9Fe`Q$gzHSf1>-@dFURcObNRDt_+I@ygJ*=5L(gL+%(+N`=_B3=92q8@SU
z?%m$dZsz8G7$lNf#ezf|n}ZDHQcn~<kk$qQ%jaBKT}@pD$KiJ2JR7IT9d(1f$WH(+
zv5?$vmC`?!L-bm6J^UCH$~y_)9IPq!_EK8E{C`+`^ROQCzy1G>B&4#3N@B{IilG#h
zB^gPUv9_U6L`9oQN?C_gLWPK|gBGDpn-C){8m&rAC|ZOTY5P8|d_MR6JC5J?kKZ4^
z_i@~F&u3=T^}epx^<2*Le4bDA9S~)N8LMg^RlrRweP>YE3E*99lMx%0j`2sR&FF!U
z;^|*9N!($BphI=cz>32a3D^jToQ^P^L#IWLXmP<c)JR$C*BUqBhT50w;3LmyJ3nb1
zC@J!mc{oMh3Od}&U9firCOOIqGC||Zx@X=I3;0jD3V)&#H51_%bI2|HA1%L?%BN8H
zUT4&Oh=}f0-6yIFfEWY$Z&&pSV7Onn5G5F2ZZ#ZB32z1H`RmuePMB~7&lOZ%D=3`7
z517YUJsA?%3Eve;IA!hC(ioJz1K4;_b&$A4^T_FCHmcfVvS{VcM{Im0Dk_!xg-8In
zo8F6#YFXGEIO$0m8Yk;)()tPJz_hK9F#_BPPXv+JRS4t4hf;$ii;C=Z-~uPQC-Awp
zkU`;|;GVZV7d-f{765(H+8V}P31z%YL>a*hm{m$hF28T3`d|^1uJfm1#rhT9WIVnG
zp$pS0#JV-SB_)M9FfR0x#GSS=(iMvdNE}X8*4wf?EE0XwH#-{ak=4CY!dKpW**T-{
z?&8u??i6!!m5dN#&a-o|G=0`P2TkA>V)b7Ce!0RF2iIkSYlkr%B?SQ;C50=JHyINF
zT)niYN*E{wGN8o7|EN^`JYfdZmUfW6FGV|CwB1D&1A88};zaN&bi#t=!MkUJfenVm
z%=J!9?IymF&YwxWa@>pA6a)gV1+i1N=@FIotB*}BgG#8|nbk({#7h$w)zAAxM8&gT
zMZK(;ei}Y}(bbhe*aGlCO(<V%)+fCEFLoTmmCz#d3+eKh+G^#w1<DU7sUku{dJU!b
z0x0Bv5K5mL|1%Ux?S_pT8PNZU!6m+UN>%Gb<%lmbLb~8V19F8Wdy0vOGhJL}6;JZs
zOPTvq{38lQhlmb_>U2gAXRoJ?EC2_9v0A$qGOK{uU=N1BVtK%+Q<QW(6@UVHB*3a;
z3SYdiB?^(*dHNRonzWw=JBh-=;mEx;V)B7dmJB&!p+G_s^l`$Vt;(ks@;!t<M}v0R
ztZ(0gEzT!HLgLXv@`U&v_rLr?j+uoB_pO6Sem?*rFWfZN%#h+YFWcdIDJp6#<rov%
zcybFsP*s!QV8)xz9U+pUudT0T&oJH{ezNLHz=D3$aU!u2aAL$bXJ`$D5|&pI%{wR_
zQw*Bg+87V5g0!r&$sK~f999nzc|6$#jK{Ncq?+0V*^P~bG;|H4?7~15WB@vb;)c%i
zqB+9YH9xvM-gYw-5kMHDGH7vu)1OQA&3%c-2>cefF}*Vk{~=^zIzQh~h0DmoF=IC}
z%6k6%sGzT+xjMtJ5-Z?f<T#3?md3d~=TM|KkJ1#dhY}Z};bhp=R>YzleJ2M8S(dt#
zT5$NTMn;yq-4w;6gXW5w2JraEO8o~7x)a5?>cGbEJ9p$+u89s2{25<km-FWAF|nay
z)m<GANR~of0wY-WaJ9&^=OqfSh6>`Y;)=?92zm!gal+5<N!^V7|9<*}Yr@^1s3hhS
zSS1{;TUfS^8kX!(c>E7o_zxchy8$-ZM2;HlJ`Jjlm)m>-cTutDqppq%nFq2yLCdB+
ztYa($4T+uQ5{?cInl5!Aa9G7h6E7}0HlhsXTp&Z5#O{}^n_9r_VUUW5Ls?kZcl`X%
zKV_Tl5nMe}W(?_#)!7qJH#KbmS3yrSS4W4rTLyGG5fXyh@m=R>XuQH|f4V&9l1G`4
zAWryzF$E98Lyqmcwcn43mh}WA^n8E_DoDF{SS|r}$SD72wG+vh;()l@U}+DZA-uVb
zjqDu_K+~Tyi$aI8s30$oTEy6Kr)W;^S|KcnQUIG1D7A^^0rFSY()~^}EoBP|woVL*
z6+L<+@Imr*^?(pGPQua^#3>B2KaOQEYrCQ0Gma4)VnKSPXwOftr^aNC0hP*P%33N&
z>gbT`;$?&V3<k1vhU&x5?<IAIc2Oxv8431pD-DEhBZduo94mO7f*g=k^3!Af_s4+=
zQ>DY}camiJJ0Nss|8dk9U!1`DjLq~1h$Hq)E*}BYlx}&PJ?PvE`OnKNEOg2G!jHSY
z+yb}7pyxYEo-#tbbm^_CExl$Q?0K6-)99`!$bE3^2s6eBX`HsPJ^Fckw;U_ddV%mE
z_TcUXhTRxr8CyJme#c%bXBgJsZ><r639XucS?_z2IO9Y$Qr*CV&<@jUJ@v{axuVfs
zR?5R~O!94xpN`{8Fn+=LEvN;4@EVW)JOv5(Z`bpAw|MQ&KJa2xX2XWj*utAkByx%A
zBV9y+2MmHak4sZoZ;?}PJk$dN_kY_U23{kKfAf+v@Fi$he^p7>+d@UUCuM+{(SbT5
zm4cD-jGvSvnF4D$06roTAJ9iojb)|6l3sF9WkHZ%HwyHbIVB|IC2QBleHl)F%Fp5y
zUT_;WY#85*6fh<d$dQ%MYuBuSOP7&xfc)gUevWK!Yn!$%I(%C@2?ER0l{Z&YM)Q*<
zpPr1N>eZFt1De?BU8|=?1r!c5M($NT3faSAGVtuR@w+wU1e(arU5gaSJP0BU>HsNl
zddO{_E-C=4>Q9SI;^!A;IIi`!+Xi7mKANpBL#G7z!2l5-T1muY*hlRs!Kli7_3C>s
zwmdlTWHYe{`g`R{EKccL(HNecH4t~sqerpp5G*m!x7@ll1(cqE#qb^_$GHar|I3l+
zAqhzmJPn*ZS^89#RM?~X<A&fQNOQ~C;EV1{T`H=nBp^a_2~HFYXV)DoeS+AM{3`(D
z5F~;Ew@M_<0=(x||K?lOXc9_&jy&1?Br}r^Q<`S7TCR+%BO^e2;Y3u?dgU5bC3Oss
zpAUr(nwkWQ9Kt@cB+E*dBlX?%0!yV8#ofDD_yrMjp%WL-U8P77of^*d676Rk-<9+R
z&qK_jvlJ}j1@77;dFi4>eHr-FUNjqdB}&t>zI}xCiOg6iDvI)lhWk=nNd!RSF~TD5
zJ6J&hs7`3{kst|(a-Hd13tDeJONKHOsHUN@y`;Rne4dWZ`S$xD{G?UTDIcFl7rnX!
zvDdYFzJ$%p(O#|3iC}`PoQ9oN_!0(G{5d?RsvpbHP>#Xi_}ybmwLNxA^Xv#@JbH>L
zzv%{x7BOeL3%~?jO?B0}+<`rqDc~S;-hw{J&MuO~fCLzeK8%D24uYZ&S;EubRb8LQ
z^w4_x`7QKdIHj3<Po)_r5J!JTt-osR+DuC|L?*Duj@FjF10qvW%31%4FcWZ`FkHPh
zZpxb5jr7D+QB;?sb^pME1aG9~FJIOtI!#J_>hn|Rz#d|OD8(@V`Zl^vKSzM6K)>J~
zxRT2T0Q3}?Z|-#>Zh)=EIF5&d&g(CpJ9mt~iHh=Xo-Zm}WM(E$gRi|P>gm?lk@)s7
zLVQ76UUck<kVC2N1`T?ju->2@k7NN(gKCF0fg2rEh`jXgxu?DTx9HoWqVl%lpKnaq
z{Y&vAy=b*iBXC<8v1%`esAETuGQc_wnGt?xex-QP=@El~e>fITrg?i0EqeLQ{Q~G0
z8<{9hr~sG^F~p*%Zej1kPd4+qD}wpJ&G--RBDJ6$yc8M9*yiYYfz=M0q#ue$=C|Z>
zw0;xaAvNe}pcf)PUIZDbQ&h}l`WS2%%W`Z&H&Nm<mGjh<cbC(iV1eeB^UrBRax5U2
zn$t(>g+~|ffUBcN+(zdN?pu_2ZQvX1N0GY<Kr&4OL`}@qd{<I3tU0;<xuqJ;Ms2Tm
zBKIZTAf=^Un}^=0;R&oQwLfnc6yCpj<9i6g2{`-yFX-U`cf>BP&PW&F5~iEF5yVqY
z(7Zw%wB`t~UdObT<P)$Vsx|E~>oE}0)^#K17d;pqz6xOx(Fj!vz#S`S-<Fkm!a{ui
zB_)=D*NgO@JQ#jI2(RO=UE{O^EjPuiBQtuzCs0(wqJDq9bN%{aCK=HGBGfNvR9}Ws
zAo-XBc0}4PTwYLpka;>}F5Iv62UHVup*cCzCr)H!hh-l0_DT{Ib!V$jRnguMI=tfY
zhV3gAuQ@_tavl#M5|)^L7Gfl#tj^lhK4bA0<F>U?qhKf)qT3-)wh0bq8{X5mcEvkf
z&|h&Nypj%@3;VIOSPjzpco-AA3%;*Rn)N$30lvdAf6IttzcLfppt=f`&7i_3k00|K
z_b7C*T!Ty!UoAdq;>5-;tM+;;TqF1@Dpqg+spq&6<F$>W0zyM6yq35O5ZOp~%<HA+
zLy>oZ5kw`W-l_S%-W2~k8ty3omL51D)=-Ew1L=%nn-7G(&cH&dXl!a{rXVMa;0Rs2
zhB<k}wR-&Nsf`e0Ub%WT!E07|@DTL-XU-tJ`N+ahVFW7s)y8m#zBMV09y9dT3e$vG
z6kr!KU~P>{jS&0o-6C<TM9#CbD#Dv!y2ivL%}T@V!E{yC2Qe|*_Actd2o07lt>qCd
zD+SllkUf5AJ{}$hBoNa26z5Cr(6mM4<V4}We}6qH{8rod?{o(Buz=VHgdO~i_4C5#
z!BxS08j6fZCV;fv&*%Pf<0hF7s(xlN>*GS1{k`YOz#CE(z7MT5VUQBnX69MSTXGdp
zvwzC3-jS<KOf0u;(*i}H=m&<RKe6JLag5=YPr?CeFU?uIVg*w>o`}7XHnb8l!k2PD
zg+Z{FFPAM?;7cdqGoR;UY#iz5N1eECDvR{o7Mw<nM^1h9W`8IpG?AB|%M;-5`73{q
zzK_zD3U7PKycshb5jlWo!0E1DeaiScMGY^1>&JYdo3SfNVQO>YM8o;>eSW(Net-rX
z3VOxFVep=ZRt@S^a-DDtYCxCA1QyM$U<}1l@Mlu5XJDbk%il$mB`pZHC^>xxCl4Y@
zIy#<X0uOnamxnOeg%E*?-HS}@qe#!mjRR4fJZ;*`xBJ7Zg=J4y?QqTt3rnV*hwyi@
z=b7<=FuC(!^@<hDvj1pMI`-tR+qd5pqxBbL)dDm^eb}?IlW)s+e))0<p1u}|PTTUI
z{7L4d2wGO^g*z)_zNH&8R$KEAI6u0&sZ>G(2a<;jWyJgph<=DnkpWTt5~+%d6SlQ;
z3}CK&6mes&ayKX134(MF+Cg$PmZe&^dK)fVR!?sI($bQGM=yF@22PkW$IkA3P0f*i
z|4aoW=;9y4_&M@^|ICt)c^RHdEz%fpkYY%A`GvhzPY3nu*Kc0SL(6nZOJVshDpVph
z2b{q~P{}D%r%JxK8U9C+wQTs(;*t`IEXes;rs?xC8W+sjc5zcpJg5-&iQ<C#L^)`^
zg@rxtdH2?%KVZ{eM&X;(gW&wU9k4p*9&`hQ(H`{o!E3HMa#SQ)@7AsS!a~eL>`UfB
zoFG717Byz{X#CYKeQaiX6G8v8DsBMWt`O^PPSoAFIJ~oW#6R+!1Fh;t2Xn0+O*o3r
z*WU-k-B`17WeFqb`7LzTY?<C(wR}Ll^gZCPJ@YzfmYD5);@a+k9)dFU!p5&SWX?KQ
z_GXp4{?keaewHJ$O<F)<y#!5wfSR2Q3PR~PeAFmjq=&Qv&0jOjsO(7Lq~1rZUt!m~
zGs`_QS0#5#i@N0wJJvbYEqiA3_vvRw1}jJZ=3!&Ac<Ga!w%aByJ9X&F>c1yC-&tvJ
z^_NlOo|nrV&Pdm)Zq2Or$oXtKVb^(I^Bi4wxv^2-_NC7I6!`7O!?jLM_n_-w7w0cn
zz;`6DkDRtaEVWFpwW3&DbRL`l*%6*F@^&h{MV7iOAiE%GHst7Inv>>->%s331vl%M
z_bkF2v1!ur6}PL$#Na4+{OHk5Bc9&C=7UhGTGe0d5g@|4%+NgbPZy`zUt4)o{=?RY
zqn$e}YSD)|jUG1?SCN%B!RTt(vi+s%aA@fI>RM*8vYtJw*-LLBtZ%Ea)lu*tkxYPq
z<Yoo7<6eF?ElOW8u>h}IPGb6KC)u}|cwQea1aXaz!R4XP^0caJE}E6^mfoZ$3$c!u
zA33_K?s~r;#xy^kb5Jwjam*I;HWlez-x?cDlU(TXNLsUJ&UB*ep_+R7R1kp(>l@Y8
z!6Bama8>hvlqCE$HfE&SV__Vjnv$LA;LWUUdt)pnQnMo8I(>1F4wj)arI2ra=-I#j
zQIbT94pxBd+Pzl&C95RqF!(xJm331bKTNGrt)gP%Nw7)htNriC6%EmY<QQ*#v^i#>
z(%?b1_+Q?>y-?;#a&o72&>s-k+I8prMl+EE@fG}qHX9&a_z)`KSc!+jhB3|%Hrw7j
z*vw|zHfJ~a=z-$C>+jhFCMSCu7(Bgb8h<(W>u~)50)KS!UStt<WJ9DfRBDtCyiXK+
ze_g)ZyHs=kMHX?1vRABGld}8$fH*erdSB{u>`7Nafh&b4_2OLrwI(Kl^<PdEN`UoP
z)J2{$Pzi{rz3MgVgkNSA(QFcOo%u}ks{}n~NQfl7XwlUdCC${oTt8oM+Af5hxFhjA
z@mZX~5GIf({ZEWk<13q)lTQz@R&Mn<aztXP+oDY|MSR`7k4^{^F;75#Fl*L4*a6C1
zBqZ$np~D-iyKgEhJ9u<;^?fBrQOy8Ih@$&BzDYXFO`;t4P+-V`d5x88*B(BTgdoEv
zfq{MChj*2gF|55|=7ffGn~ja4#L2T~g(iSC#w`{wB+ibG?e(R7ye3Z_;X#N4)b1+!
zxPj3h8poPi%B&#6D;LB1Nr`^KSt4Iw%85kRwZXLZjv%N+KtTuus77Yxh!aPh!w6wc
z#Tfa#;#CpGI^MnG>+si~RRy^K#P+Ry+^-?<hH&r#<5+ssVf2V&yo@`&T75DqnR+aJ
zo9vyADVIn*l=1{;SmsV#zpcKjqV8*qEf6vhu8wJu$MvQnk)`60;lrt-P${okxbQLH
zjZkObxr6`F{0T!mifAi*FlZtl^Fh-GCdOX@N5jI*c-gAI(*dDbB<=9;(WR15$9XNR
z#yJ?DgNk?WoI1Ym;vd^x?~``1uW(I%G@po9oB1ZX9_Hm4A^H?vf*sf6$5$?v*zeeZ
z!w#ku?)*7jX8<HQ?<bo<_0jg$(e(=MPt^yf_$UgrHtb<_t**ATmbP|jPciyu+YRpE
z>Lp9I!Nl+fJ}&y&hY;NkjY~ax8w)2Up#@Xpz$+q$tcxjbqeZ^YNZLs8v4)$jr1UB{
zq!+Uo-{S`4;qHLAA?E$~`N3v0WF>{xJiooXYkE6pNJ^F!St#E&p4~h*FZeXC5?>Jv
zg<HVDGp896rm~_UoZ*W<I*?uB-bw0kCZqFBJUf4!Zhm+*y?2?<9x6Z*0q`B-uzy_)
z7Uc3|1f7*~P(ql5?79m5!6IJ+tS@qmJ-^=xNyjBk8<2$z+gW(<$dP9ha6h6vMIu>E
zAV`3RqUQGAzUj|;J{`NqkA+F0ug3Pgv)#4n{5WKz)2FA>G=Ysgn2<4wVgQ<x+8?cV
zEXM-w4Y5>C{grq&NX6Z|_s^R*=j#O-9Xb&FO(=swvZ9kc)eMFC(rOafbxOt;AJ@&z
z3z8nS;I6|WnF%^Na{igiLp2VTVilWa5>2|NN#_m3aYmo|eM=`3*?hvIup3G3uC?xW
z`M}}B_*~dB$Z2DPj$m*2v}+sy7PAWoEmI9~j+H04Fa5;CbYM~+J@QGO25^p{)hmFo
ztgIb~xR4~$VO!gev{dua$`Cn7g&MiIx=x=osnSKMObbFr9Px!3g$0E_?Kzwq$C~jn
z`D=@)H^WnxI%u9pi-d_OrCxT2>gnIgn9Bvgf*7OT<pD2TNEx-o1&cxM^MRJ;7olkc
zSe~tcwBZhWd&UN17>Pc8deQP<o4$Pcs8$#pI!3`CGag|-CUZY5S<Ok58aObc;}$xv
zloW*w!J)|}HERluZ08@!WpB3vqoV@C;+c!#m-zZ-&^i8SYz0M59mi<!%a_wMHP?}F
z!9ZrsI`d77#bjv6nF9ii?A}qK%F!Sf;!}mBklmQzRY2L0^BhjO><43*`0%PL2|%fk
z#p?tr06n$C-gM(eZRFCpdMPTV6%?FVs1%btQ0=>#NOT^TFH#f!21_Ok`F5EtDuIR_
zcU%aZ(d%|ZZ2=qxielI~(JhG|4FL(Pg-#F<it%I)7Bfa{r`<0Oq9-88&z>zbFgR&=
zh2+abzol9T{cU(JvW>Eg1Q;&)fE9E6F$o{6c+VFfWTGY}X4mqDxXYJ)pce`YM|OhL
z4ABn|U}ok&No(4!n1ERGXR`LpoJ}Xo!KZR$0u=G6m_DYV`JRP*UGil@!l=$ye7nPk
zRlvJ{6?7Kq>FIN`-dTH|?wQ=>kJ7FlFjA&Fe!{tDQwKVMVBJA<5zO9M9O@-Xo4(@a
zKLDI#WMwg^V#Oks^mf+&+~;D1rXQAs^MijX+Zj-a)@$6odi7vN!hWzN+BINFp-W%f
zPVA({N!uKQ2A@j3Gq11gLg*3i2pC5iESeBiixg86lU!smZ6&X<B*QPPU88?k3fBFL
zKb$5A;vp3g;k%FJHwP4-aT7v%A%dqX?cKXKosp!t;EnX`*^&D|EicPoN0LHuAfbh;
z!JIr0j%4$ob$6}$Ly3GlDmuH-&``qmI4)_Q3nFXu9wXEX=|!(aqo4IQELFHc(=1Zt
z^koYCk8<gIbXa;E)jqbbu<2V*S5TW%q^|2u8gqq;fl~`~^`WwI7c?99gq&^n3kBqo
z>-h<<wN;v3+fZ1{VA4lHK>^UG%Vw;k5=l928<!2tzqoY=dF{jA`jVkF@wSJL@s%We
zPMtZUAuHK?zqg{{f(3nS(=fXoEXGc7W#9C5I2rgT!da7jpf$siYTW9#+uJj^_;y(u
zQ2t=CO>3&mJ`@B+qIu@FFmz*L5)E82s-nKW?3>ZPf|2|6Dk>{CP1`j}@+pwxK}ADa
z&e`=nq5<!V*iC8kRPk!f4P*rz#4<vE{-M^z;~>Tf32kuYns0xtra{Al4R<y5YU`Mh
zp+@Xhn=0;`z~F_~J!$cQ=ru&wpFev>gUS{~9d&hK2h<zm>g#jH_CKQV$ejCgbtSKu
zuCCYNpgp8|88P;_FP3=+Gs2tzLIy$>ftGND^!U@F(ZdG(GHcd|JCj#T7_yD@#`xY~
zHrf;hCMG0Y3Y75am>O4J%x3z7^SOi}K8n;&Sbvx%yE{wIXd5+i0jW$;X5HG?v_HM{
z1IXVg*9VD2Ue~x|pG)r70!bn=veM9EBQtFj*(~_v$xj*=+@|jIYHV$_-?nWOx_!Fc
z0NvVyxWH;^?tua6bh=IzNU-^dHXS{7tkz#OEgUjd^aiIfB*r?7@Y<<-T}2fmDel|+
z8}r;giqx2UbS~&AQaL+)AO8D_73eF0Y<v`DCAWgXAu6En#WPV-9L-vKY3aF9$I~s{
zPoljya&(+wD?IMc_-EGDoev7~HO`#l_(9S~(dL2f3%}o`lMH06pbu#GAqU{oiKakn
zTc;gO%HdR3e%YfG2$)*>K2iRG{cA>sJqhm6zQdV`C@6SZZ@SOl+dB>9h;cSvI{%Ey
zIsImyQMf$vzgmEqGtr1JHzqh`z>dRZ)Xn|39m}5IjE$uvBqXGyhzty+S#7E6BZKEA
z?=(DKd(<(~EOwLCq}$HIzOoepIqHPG4<n`1ZGTV*Z`*bgCeVFI8koaiG5U@EGrWJh
zO8Dq6ArY=pEOYcRqFgb3eEPs1^ZfR%uL5|XugNQ<Is?!)y9SnyJHS(&838>LG<2dk
zM}c@;I=zY8R=Y9x4d-dybb4xpN6m4G1~LawWxalVA45W}k&f<<x%;A3LOX6xC%q8C
zq}peBxVf=us<l>;61qcm$k7So#>HSN2|`U4l)9R19<%N?uO5~_fQv{`XY-!_9EBm<
zoG~+_pqjezK^^ZoSOZuO&w|UY+uk94Al(vi5oa{3exaz<VYiQlC_J`TQVwh7qwn3T
zdp<9N!aU3KP-kano~ZYJOFO#@XU-J7dbJW<2?k9}AJep~x<`a}Jw*bDvWf}{KzKYC
zV_$;^sFR(=cMmrI3p_hmOp6L0jqbtu00)buRfHb(C77pRZ^-YU!hw$^O12SdTg_a}
zKVwJA6V82}jJ&QkpnUp_w)GbDR@^xFd13{plk*H0L_Hzj68vchiY$>sxnQDOU$SVz
z5I{rJ&5T68tUq3K`~LlA1l*j)b*O<L?|wuaBdGAZt3P~bSzIOR5O(5vzi>BCx~y{7
zDNQHnTD3a0*Ie|2`ucD$j(?xRBSeWfkA9FKeOsMc8TYCczyJQes*0447IssaWg~PX
zy^*~7W-<4aTkHjAD0rQ#X;yYNgOv!fSCX@Z6>8g1Qz&)MU4J;;k|q(0vNb;e75YNV
zz>z!DglV*X{6n}wb`;dakus;UP172POY1!ru8je{aW;(Nl+?}28)`!##fhX};ay)h
zrQA;Fh%3&3QE@y3BhZ*4rVH(^XKbSeLl{JY`PW4Wds8)RTgf`y!1yqUiiwg{skOzF
z{U55U;}EH#7$9hj#a4w83sqIs4|b!em?b47Xl*J;8+OWl4#U2kJ-cD{xAPcbSlo|`
zgK0?1&Suv3RB3|4DYPrd+@4w8Wjgwb7wgq_Ye(%TP%#U2TX%zCVvzjsA<$e5E_^~p
z(i5D#)Eo{TK3rN{jFdto>eG*<1!RG)dynXp8A@X3LJIOF-WSF`2zb196kCj^y?5E(
zr;tYs%RoABkN5(9QCD)G`2!H?8@eU^`pE265)(<9B0P8x04)-^gZCXbh(O}7TRX7p
z5db7>N-Qm-d49ZhR0D8*2>BmQ-%07j2pFYa4m7@*o0J^+fKmtxu;c#z)^<tH4CuOr
zg~z*h&zBK1u;><3YZxH<?vJd0lUfJ?7GPac97;^V&RUGd&p{J^V|*@ont~F#-t>n&
zUy~XR&Pu>gBn6QQ4S|<igYl|WL&bgZi$F#iNvUwyC}D|-Nh1drks5Fw<9T)ds+8BX
z?qTQ8!=#sut@rIE^m}PusP257mvunLC4?bw^G;9yIq*WWL~fa_uAYE6!Ox(|W#t=$
zYiI)SqufI=N72+zT>P^26<6iy)4K_U1P~@X7E=Y3MPAG(Zkcj#FFKhE@EmK_j3_OY
zmXsVu7k>IQ+fh+@SbDTu>IsO2@QLmvb=c9#X)p3)rnYX}r~xA6Zhfq+ZSQx%blSv;
z>r740pE<)@g>PxX)|aC>>lhf&pgWDi!iEX!6ix@`Z!9!safgFu<vu3+Sp1^};y~Vv
zuuhE)ymE!yZM9_!++ZcQvA9%I)<%f!!lzD1ECOU*i*^4-s9J>!x=nqmkvgEP1T7|-
zFq{;A_3G=FY2)|n!2`O15eU=5H&>OGlxT)-_hRtbv!yN++@A8Gxcoa3qt95Oojmz9
zc5xreXWlb*iz@E!cQcTZjjlK@CrYcBACU+07#AyRWHWOE+~tD@v*LzsO684WC;FsG
z#bf;hj)>Qss^YBr76YMJ@zHHk$M}X%g=nIw$7UKUjv-aZgdzQpJ&}6O3m`+cuy3;I
zV6k0}jvLWy5Xa7*JJ)`5V4CxP02Yxk>zKE&kw@m-s8U<l2}HW=dq&<2r~{s)6lnOy
zczffQ=4N^ed?hPfl)_Vma3Op&QHA*#DKiYe0R<x&-$>a}d%Ws74CQI<@noP6Vd)#X
zc}PzhGmgUy{MRdx4VxP6uE?l#xPATEh>;_a%N{z`CVKGGg-IlG7&dmS1#cFBA%-ic
z6+p_c<N`O24;vXwFy)bBmwV;%Wp*$xCqEHB+RS)T3_#H@7x;{Ds-hU+rK6n!-isde
zA7ICOAkS7>PBY-*MPaiW>&r-qWI0Feo4xiMPN159nDJmQgIWSzi3{?XGi%s~9=Cf-
z6rmjr0z)`Wi>n~0k#$ipBx{CTXSRSmMCPKdmrnr}{`meqo{*4Px3658$yhz235s!!
z2gWO|<wk?&z7JWbL|=&sS?doMQSTn5CC^X^p(Hq%k56ylCSF%Z?XX^qoZ*SN5p@*|
zTw0oUz4g`IptlS5?tOUr^zUB7oHgYdcv*qmQ5=%L$`+n{{tht;3w4CF%{M@32Xp|A
z`uOqVva;j_jR<IPSw{!F7K(vj2!g_^ja-RrfE*A2OX>>=G>BcOxw*1bj{tU3hgYp$
zO?xQ}JTWnh)9X2V55bkA=M*@M`f1=weoY8_rl*3FrggR)J9&USPOyRi5mo0*o9Cmz
zJ*dqPvvB7+cbU_!3%g=K)KILjBwUu=k_m=vi%H_0=Ux+((FmXqaX&P1zutEwpkjUd
zYCi_?|3PC1I0?vOGjk3QDT9airM|#n!FpcF|5y`DgTW2voN!ASKq4kvwVO$Aa!8pX
zG8L~*@_F048hEj5rmz7$0-3y>iiUUY$0mG^cmR~NlTQm<^tg{O98#}_9z_BQ)DCsY
zZQ?!_y;2S{#@_iHj)^2p@-dfhcs*ZT)`+@M=&{D@V)p|#Gj*z*oZM|x0~{aH7$#6)
z180mvs8gt>`6f*imcU)0et_AeDwiVJHsUz)4hm_|xBCPFb@lYBFLf`i8rfbUQsu69
zj1UBHUT3M@>|m$?ruf-)lXo0CPV)gfPoGZ8OC;-d8!xZ7CwS9Hu3WRG3j@m^<})cQ
zXo2|U!+hH;VgOsf2EWs}eE$ydsV*z2eYYWqR|hT|tg+x2Hxm^o)6l>F&IDZa!-qn{
zOBO-O4|q<0T(RasAF&<*9mk;$uO}l1OBv1O;8UEMv3|P#xVQ{l1X%)dt^+jDHxB&C
z3ZX1b1HYND#ToG2HW{eIZ~|Ah8e|#fFF1Ilz6?PCq*EAy*U;GQEm;N<;yjU%#@xwt
z^M?*jPAsvxaq}ks6PyvIb}q_v;w{%cLqj9}WW6Z;MLjvx5JIf_^)QjsQHa%>H+N|d
z<eifP0ww1Pt3qM9an{g5eoDUKy7@7NcGqWlBf6Sl!KyZe3v6^|f$n~_r$s{nv$%3V
zrPT9djW3yCJ*dD-8xRoAiKwp5`~lQc##r2p8L>dRKtH_w7*l{w!z|n}PfpbR>^(?L
zRv4wmI_o@U%wxyWvplof&2U;u%Dlupp#X?;e5V{TLsAsXK&(^wNhxnTSOLLZzH~h|
zdZfwCe;D`R>hZscxOZ<gS+R7~AWa?@hmGR$OJgG=Ae<43CqPwp&dOf7wJDUdOe*<G
zc;vX_w5up{X6pLOyw%p$nHv&ag;Ej?*ik<}YUTGv4?G1z7=(aA?%}@94d&+iNHZL;
zt#iM&N{js`cF7u17xGvc&WI-haE`H^aYm91ssX(T&ckK0HHiDp+9JWjd!bTbsaA`@
zzI`dAIM5AUUENTl5i&CPZY-3Ufa@hm8ChCcDo`#0*l%PEE@G95NrmCxJFqNurCCH;
zBMkYDnH}k<$CMr;ilL#SsvWD;geG42hz|w3m}u&C2r>~=8lwpeo`2QQp#DR1+<-V3
z(S-+s6UM!f$m5F;TDq<40zs+v(<dbfB}8wC^iik0d2>9Y61DvBv13#D4=o-rW#b5<
z1mlpdxrTS$fu|4Ao_$d0$nhDYaNkT8kBaI>sC;RzTK_6RD@-AG1ji?ZU$+kf%WzTZ
z^N8+JkZ(NMOj*lVOF?d~1B5mqdgaZ3FskVlFLma(t3VX+YIx26+3c>Tr^l8i@H?t-
zG7RJoA9C%FA~Q?NaQ+GVi^i5#vRU#P8XaNzGT0%d(OzgwYF(a@7nIngIpTt3L-@!J
zkd-`yjS$1iya574S@utE7kks{KYYLkv=dB=WGkjGD`|k<18=CfRqbA!G2TL+h$j+7
z2w89~n(E9BJBG!0p5ngS?Cpv3J4_ovHC{1kNYF&g9DQq9wl)EP76)_?ZY6d{v7iG2
zVrB+GPIuqlny{OF9D(onq?yofFr4LpwvEHb8_ug#C#`G33UIUz<Xkq(gbVZn@PqfT
zNUQ|Fr8pC(f`ZPmsb%5913fE)l>H1q`xk5(J!TBl0lQ?Lp(b;4D^6OKN0LE653mPp
zUQ{&oFl#KKq3yY2v^_kBF<cQt6AS|ZWF>@+ZcmT@&rMr-WA%2TAh(zmGGG-A08=(L
z&+4y;@28r;pn@84_q8OnuT1zuR$~@H(!=HgsDZlkUR<2YFTYUHMiAvU2@(cum;C*u
zOC1#h4Z#{EeCYP1Ufuk_)Fi4L2I>&H+>42!`tBm(FpFtnZmv3gdQN>^k>t}J>8>a(
zz$dc`Vj4Xth(h_BHys^qj&{~FCGeDCR0bjJW(aIK&Ey=6j(D&VKBxlGM!)DW!LInS
z$7z+)*2+H>pD`XJEEEONVRj~F?x5cLF*TxVy^pS-rN!kzTu!e&I)Y^Z$P?TeSzi!6
ztX*4OSvku6;FR9~J?b{-&wM*=^1JZ81C`oLe0ezkdVa>EM@X96kWb-#gW(IrO>_Pk
zV@QLMbOZqbXscxt+hYKy&zvd9`IjLLjHDkyDamO%c$;Zazv0gL3SrZ<X**#PINJ}Q
zIFm+K|4DKp!g4V<+T_xAm41vKd;BMj=zU3YK%pu!W~^^_GG9eAS~HyB0AK<R3g`-1
zBFx61BL>>2a~{c0AvWaa<$cr%V0G2MwY5n&r||kPVXgq7bWSL)VKa$@fItc?1u1NE
zViy2xa3OFCNF+`y$)4>3M1N~nB+Fjc(5Z8byjn7{XdHL!c;~QYhZy&&<0B^%T@Mlu
zOg9rd>S1jEhKMILUou%2MSmRr;`BHgAQBv}s-7aPRk#=Z8@qY?`)9Tm?iAjZRMbs1
z2+sL>qmTF7clQOoqu_q16e#G&`H4~sZc{li+LFtBlKZYdvxGXZql3jNk6*k<Lhb>J
z)UY&PArb2{YDTpFw{P!wyK#Zc1OP$Mc>xGX-RJ4yp^XTA<5_tdQXm&W(+hr1xTGUe
z6EddC>oIf|jhT42T7VrfPPF0ftl6_81ZT?7b24{#ySOL^8Zwy%0(rZTHoUBIz~5*g
zqoZZ?1Be|TE=u^2KbW|6K4F1S5j8IIQ9hKX^u>Ijs7{`ICDL)1B1q&m0)a8I#X4{>
z5f^fkS(kXnP|m!dv!)@VqXA{(Vm-GBu$`vncc?JB0<PUkWBrB=&>P?Bs^KNJEKL^_
z5|vGb^SDhInO38fnStZStXbOOSn3JUkYQ!@S+g!svC--SadB6k)j!-PY^j!9hLr<9
z6~HGf^<aZR_?0VIBnlg+`H)6v4^&hNy<-1j%A>#7{NVdFR7qeh+&exzeF3|wg;{yg
zfn+uB-!-f(ym*(6G*_Qn2NEcC7$b&H9c6^}KmQz1VAv$+YQa*f5q<ukRCL}m`R~k3
zs_%mLtMc|SKOl=Fn+gr^h8am_MGkM-SSK};&;|-mOs9)sYNys&8|Hncnp!|m5LY>V
z2!^}HQ&m;FV7%yfStE^Ic;-_$o^;Ep8}4B%@&g%#U~S+srxSrzLs3i>@=7$wEpR!m
zuDXm6z$;Mx^(!=)A>5b2t0z-R2+NiE{PN3HatQXRSy{(R-8vsouyW7%lX&H3zh!=x
z+gIad%E<%@CQozmd_eH!mX9EzAEs*NAP|N$LIHjYii(c($cZ@tPA8C7edJf?PCj*i
z1l109s`YYXM~@a9bg~PJhj-(XM5P;^=|Kqu#lv5T`*^Q9g?eq=NCjq5U2ArE<xLW@
zCO9sXH#yC<^3g$6>;8k>$P#F#Mzc<c__%LW2Vogl7DM%~jUC+$TC^BV7{!AxLHJVm
zG8efDvJPGw3Y(U@)w;oR(Ipe0aE>CFo@QIqfgq}U%Gx^cN$^j~8wz$d5g{|snlNFZ
ziAg|daWi^Kk)%6yX@X1r224IcERdB$4aLNKp+sW&_;fj`OwxeAkuoYM2pH@EhQpT9
z29F#W^!%Ob>>#Q}vh|Ag!i#OYP`WfR`Xb)9@2_->vt}V_4Sa6Z)QqHvdp;)<zkuuz
z^*&|3NQ-$em%WhMxOsTEp2&Ie0+sxt%td)IYnqlr;@}aP{iQ~8@{iFwM|n=85F0-}
zUrRy$`l5kbJ}g4%ucV}bIwAWDSprA`$>c&MP60AL4F(#6cpH-5Bw#vX#SLb`<#CLF
z570UADkgp3uO!hkAd-NngKau>^-W8Oyl)9<Oj@3h)6($#;nZ{)o{<I<cW?}bm6Vk~
z)YUz-E1Lr>+;FXA0lhFcf%kNwzlXd#O&A5oiLtsV{1+TSA&w6lR#aMATT{ar>~8I(
z3&LhV{m%pw233J%<L=+D-@U!y;_c{YdY#*Ni5f(V>&`ZZEv3XbkE3B+Y#)(#H*NWs
z*4C)@wVs}Hf3O`%bMoZB96QJg48IDyA{fe<Fa(`UZXu~skoHu6*R2l-p`ju?6kN2T
z;KI@K;K3(kTy5d*V+{w<At?MOP7Dunhrp#?u&h3qO^`sXkHi|O)Ypo120eU16lveX
z-|n=vO`<YjL92L~xS#x?+UHigL3H4k6GDcJ0dZw8k-R0STLpootu3C91YzzGuh5(9
z$m;^~CF%LI4S&{M2qMlUvv;Rl>n<&;s;bl-`|fvPD!oLWbQu71F994l$8$!Y^5ZOq
zRnh;(Bb9X86X1N0+R>B5EVsPd9}vL_G?>bmXwR#Qc&zCMmo?oqKCSGH_$mGclrQlM
z_K;cRJv4BHCtO;22qX_4Q}y3}7BE$YS(e%{YZp3t$nR!ee`n`E>|eZLAoxIJ9a8V@
zg3@iShj>}UC|YA#Ioc5-lCtsnXY~sY#S^Pbi;5_^&{ZnRgar9PA2352A0{vIw&kmU
zIc(&e<ymAPZB<oN40qg%@)BJS#~R)|^x(umL#C`)87W@<tzYU@B0Wk2daji#cVqt{
z;e&GG4=6)&szK&^5)?oZ>is{vPOv(J(g^njxsy{?F$>T6reH$G!QE9wF+Xk`k`LtM
zZ{NJp0V@*IA2M`kSy>tN3BymC=M}<?Em$N@%?FEI+@&tK3lL*G*bIf1)nns_5iBrc
z1cNV&D8@^z%R*?$eADPFaEFJ?Z$?c*{;|70<1r--f#E}UA+2AM>HIZdn-&&PmoI-^
zyzFToOPg?$i8h_<&CFijHl!mbW)^FGr<R4V1oj`&eUji35Fm@MH~_uoMV*QXqy2d0
z<c1BKprR7T;RY=M_F}1E#85Z1ZeAVV^9l+MDLw=BI-DgdKlJo(@E<S#{u`w!H4z#E
z@P##NT0pOu7qLX_q$Uf($SZR`2O^A}_i6}+@s3OGlbSW{2-GQ@LiW=$2}jZ`u~qJ(
z)}d29$4;ua{I<E29BSe3tE&ZWUs-u8F-4e9Rh(<+E|J8P8qE?q4Hk2f)DWCSUb>{t
z{1F`qubQK_wy4X5U!C>mJ<!aAK*?JWznqW{!Rw}uxMRpdOqRcNW`CjS;n5+}^R@d^
z-ZGdIEliT(@M~h?z##{M$y%{yv>!%@Az@*DT?1-5%5gy?u`@(Omf>ML%=(ftU*#<O
zegX_9OdWx^<TSRvh{kxg>*{p$9^4?yV3@fEUoVbQ?xo!>+wAOsYp$A1<eP1^n?I`v
z1cHphDr;f#?M?RkR<PJK5r!Gmd2S5-5M$}3F=T)^NCXQC;Pq$C8J~0Kj-}8=3C6!%
zk#P7I3_3XfCJPU~rgKbBqbixR_wPjKJ3c=1dH<@vlbaD8e`uU^+rHmiKrU!2NA?5G
z32VT9^xeCEf?N}llKS=QM`-D3meom|_fCY(^Gw7}se9|2+316!(Zcskm!a%6TC#+r
zL}cT^A@TjZWT4X=dEa!0ic8W5=f}jxQUt>V<Q5ccU3!kMix(hUeef<$A=mNPx({4m
zOQn84Hg-&ie+A<{mWt@-!E4-vnLp|?j_kJupVIW`Hx^&dPwLRTi-L<)+4qer9A}8+
zsR_a0hsw{p^VeVVE%;wUB@R$IWed~m`T0TXk6oTlX>lk^v%jnfwHU83<XFeX>YIq%
zKoj`@5NMIO#*eRJa>eX|)=UR57!Co8jGyM^1%firGZ53*OVEZVG2jL?*7S{y&CSVJ
zB{BM?**Gla(xvp05-dG{dt*LZ3lWAEGu%U&Uj5P2r^-EZU4KryDWwN&2k1tvfK?I-
z7Y0&+b4!;v3vYOz!Q8i9yBIe5Nal_Y8)$hQ;1<#12aOVbbW`I61Ut9Qlh2kG_saEW
zV8QXN8QNh`J*vl;7<E7yM;$+d*yw1zr6yFvTeUDt*=A{(*4EL>GKu&)bwufV&2o%s
zcxkb<4d<$3_NNf^__|=naW7Qnfrtvln(dr0RsiC)Ul6nvBqW;kgghnQ-$u$uYPUM0
z#2|77E*UiV=cfgQ&fZz#L<-@0c>$?K?yAm|bw{8?%S`aI-M*bRh@JwJ+l>XCVTE48
z3HNpc<E6U;wo5}B2WZ)`W8UvfLZaKEy(9_o;lT3O)2Ctd<fdLv_8m8sT#wV``hx|V
zms>skuNI(7@Mkb<Fh@C$+F@$?Pp$nUW+uWtb$WXrV`%+lRu&o|+-@cVW^Z~VMz#gQ
zqcm>G*IdVNFWFj{F2GTkmyLq!f$LyQOZn;$-PB#6$mts6F5kKH^669f4#i)8Wq;1e
z(vMA1z<MNZ#;?hk-zlWIWEw?zn}OlvV9T^G-@ehplme8ZDXd80rV%zM2ouOD94tQk
z4G(zg)GU6o<HOWcFA&AUo+f!d`@cQ+)vqS-*Ax`jEV<I$&1l{nWGdBrpuROik7rhe
z{(gf87$5(gb|AEBhNxp3-JcUhGmR4!LhDue$)|q+X;4+6!^D!|JvcjMc+H>dXZ-*a
zC3ez{lQBRGF+@Kb5MaquAM2Y8O7WAUL&Q9Xl9vvvxO|Zp!6vV;5X*c1(I{G>xcrY6
zRJk}RTVTNoSi`oU7+O=H9GdR)v;(Q*x<-o96c1)py2p3+ku8B|rolwm>>=9?BZ7qI
z@?y{M>;GIvtG3C`u3T##!=7e(M{w;|l#vkYeLG4)g8)reMFm6*<OAh&bm8_LJJ{E{
zGPru3QP`aOn2hVoG`;QfLxnZiD{q<=kc;>65aqoGUWSI@z0*<9CGYhgsvMt`gauQC
zYyN=7JrDQq@8x)CFT4izQE`Yhe?t-i#2~`b(BY#)xQ9+87c(N@;c5b!ZVNG)<KmE3
z^#!r^x|F>H%y!@+@ul^X$Bp}fD<fA3210({tsS-xj4pzZ&4B=)=T9dkCW6ZeT>q+7
zLG}HrTSfzCs8xW~*Ow<Jaj?;CHpJe&i~sGn*4EEYJP;-&W(Z0$T7yt)t!NGQL>U>?
zIS@H&xZf-YT3h`ct=^$S;!1&(lEQ}yRZ#|Jh4^;3Bi|<b#;scbH>Btn7ln0DgzMb-
z_egGEEI3CTz_2R5FO3rjJzg+;sJQ!!`LHMqY%)0LEoc}2@aRINc6&*0-7LN>y&!X#
z6hhFatZvWq^6yJ=gAN40V&TJs%y7OypdmI<_>gCjn^1#rRzTNEscWKIOK^}!FqB2Z
zCBD?G#F0T$5U68Ej?{e3x^syaIUPew3L9!z=#%A!hH7eRA>bVf{!CF1j*D#{E7XND
zM8a<g?1lEeIsLw^G=lUYM-Ldw{1Rw5VaQE9kbxx43KDr5T{wGIdz~jTQrXnYr4qiu
zCXl5~7(!6uq_Jaf_;52eLNNnY{T()hxrCWRI97fVJ}8Y`687CqrQo8;x*UZ+XsAjQ
zvTNrybsCK8Haek3cJ}t1KBqa!h!RK|W>O1Trvr5mD;`mp%CHS;WUca7ukLbIr!C}W
z#!f7Y*|Ip;%Ywqh_m35$L<?53Tm&5u&@0u=nF|-n-*+5LY3Ds8ssJFQ?rj4Pq^!xC
z!~8|7^@0=zW*nTIaa*8_H83|9ygIHKhvCuHHP7yVfl?s((+y-EJdP<vsq;ZQ2*o^P
z2TfCp(aeU1Qfk#&Y^F#K?rxPbS1~^S9XST)7yWb~<po|>%0bKmH15#>A{K6UMGEyk
zF97H*UTT7Pa0Cwf9@lT)WbISH^LNk!bQdrssu!DpCm1=qo}4T{E$5k)#)d&SpF6ET
zC)i|YYbSkc<_?3NI;Ggz*o2@SOTi+*s%y93i4%Oe&vN!#wg@XbvJ1V=_|pN$dafxh
zE{59-i{cgZ>ihv##}Q$PAne<V7fTgoXf`xa17v?e+@cipT;2yg6arRV&!;GY%mI8U
zzcizV-GB?E3I&m!HH(esm(R)93G^fS23UYmva&?xHjIM!B6Yu2p_@ifO1(!jv)jc*
zL89MfoUCaOX>Fr-{b_<*Gk6pjj`;UUi&KG9fQI?WNX3w<s#;s_8cDD3a1pT{6&eF;
zd4rtE2}XTbP^`i`#*1Qe`k11`w}XL!D}wLuLJE3x;e3nO6C3BSz+EfbjloxXne0L^
z;MecvN-%o(a9tH}z_dt<RZgn5OAGoB12LN>DP9HGN^?)7<aL3$rc*XEAksLuSw;H;
zR&Y}G;020D=>>aJw$GXKM;aQkTV9q^jZhQ`zCoxnTso&Oi^$_8223F#9?l*<dbHt$
zlN4--gLmwx(=#3P7%u;JeSH)i-<q5MFh@o3%aEg{M*St_NPNIhZ?aM7>!pU{;#{a1
zW}NE!8U6s`(uQ{Wn_zLxZ{rbmJNuD`1n`A!!b4W@Rv{P>=Wt(*o*PP)O8*CR!tMi?
z`|E+m1>t?ovq<rNN0?vh)oVX<JV<s_)2cR!;<HLiHzIG~s0)KXe9kYpx>69BeEPHj
zuCnDRG7aPkBc`rXV^E#Uq}ES-$%K^@Uj#mO_#rN0p+IQt+M;YmK`2b;>fRMR{W)?Z
zjhN`@bq{u|-??+zn4lQIO70#+fuI6;eT^NV4i1g{325+~$XWe-sKZIYO_W(Y-8b1+
z#|v-GHI5UR1n@om<^(P;Z7fVT%PRy=X6jOMvh~`&#1w5vb`W!lX2>r|@o$6{G8T1h
zPnQdO&VVydlKK96wzZ5OKZCM#Uy0$Fix<1&TuQ*#JupK95Zk-A16T#%x;O-lMko8r
zgbhUeJD2-f+g@FvqM#m_tEClcwo^(BRToolqr5K~Q-FJ)<DlfCa1WRAMEEWe^@H9J
zJh=c(N=vl?cOd%^N3kpV)6#Q<bGB0dL$-%VCq*;)jw0nQIw|U^yC*K8J4g5!zHyFO
z%HB{Ul#d@bwH+#YiVqvd6+Sam+f~(L=s8`l6j~N+7r_&L6s?9Z4Gmq7?+@n1JGX61
zuuS(+ZCxdMg)f$9>MX2=B=OB~4X)7Xxwo_f*Z_`ukUmGaUUv!qOp13jOP^8CLJ^Ju
zgy0jk5qn|`cUefq+GkLP<42B!ust4BoEgSom8}2~cUUb+FeiX~%2?L%0P+Da#jZDS
z0c8z?(VPGH<4L)o=Vlp6dF#vl<X7g{iS_vR2trQw2LOgWu+kLq|3JAR`gIh%`1gVw
zWy(<DYLyv8xL9u?&6RrViXpNf(i0e9y=}1VO)_BNxvp)&RETW`&)}Ml96KhcTKLXp
z7kU*eV0+{-)MlSGH^P@eJ;2UFedK#yxpZlhmt4#Yc=D9l3=UDk<mcz(+k((&)QAz+
zu3Y)2b!$JtYl7*<FwI@_Sz!Y{4lL6dW0<5uQ1U+4f~_ajubp)dSJ!}&2h0m2qMEW&
z!44E*4O}kMh=i7*Lwzrdc{>tBf%kzn5-Qg|xZ13h;_ea14B8m76s1A#!FXRv_yY15
z-w?IBvt9KoVQe*pHV&u@V3XPCwM=dCpiG~OAz17Ah|i=Q`0-1qQG@AphQC63OcyC&
zT@Wzs_=q8`@{}pIn8;BwkP^_kw0`-5^sZq`EU}tl2HqZE{XAy-%lu9hCH389k%deO
zlx57U9ecXF=EgaGwBV&fj$XtN4Kib@cOG&2>5Yf}BY^SlwUc|z<LA|2ZjoO^!^0mD
zW?J+L`FnaFkOs<NR?nQF1msn1FGqI1p2=m3T54SK8_SQ3Bl6t8K1GH=5yqCG=DGbI
zAh3&Pej9A>hxse%brj&OO-=Ck@3@WRk`dE3U_T$fB~vQfT2K=C;&XC}tO|`8{B|d^
zE)o(PTpz$y$N~-`^;6<o#ZA$MMn<@5aGz_GKaiDVg_a8Uncb783y19`hWO0fqM%1P
z2QNJfBp069JV&*m@6-`I_)~nl;M1qk1D!T|Nr{LZhfoY5bUA$eBU#anZjEz{ZHgTV
z-i@!0;2TeYR^}12ZU?|N#bVS(+3$3GRDn?INTZROVSOXi5}X~<W~GtP5XtZuN*ON1
zAPGox--y`FPyQs&Zd|{fV?(X@@}e#_r7tNAE3Gbc;zmv{_pp8LG`wkn8s_X!fm*&n
z?|LSa?vMC%e5|fH?IJ@=2??R;mh}7V;rJcPfEf#-ZcB(gq5v;0{lMZqMtNUlSduw7
zFQC+{Roq5(4q5A27nW{$9^cWP&Mw?_8cJ<&0ZjQ%xiKmvIAVGl?Wh3v2!*rc>Y=!Z
z0AO^^ltMt*z-MPNLWQ1I@d3#JUjo_*3R$O7h|<{Hc7<UTSanKI=1&R4bfff&n&{0l
zin~tY(r&*qQdU7>-p-PH7YAv&(g~wn>e39WbF~-V#qYQVFvxy~IDoDnZ8alY^!?)f
z`bDG`Cxn%CgFOn$d+QMqXG20j!8S1vz-7T{nN!<EoqJ@dhOPy;8~`@Cd|vS3YTe&o
z6K;9_l=dEBul0mQd9<Oli4DcEi%m>q^kwLIsfVSm_Y#iaI)>oLRY{Y|bH`^d#>w9u
zE3Gm50U%~w#!(iyO2FJ_o!5#T`I*7jwwC&ht5**zjTPoSix58Ydmk|2pO$9%_{d;X
zHmn`O0)YDeU+QBQm+t)Xa*)$_Z1bs#s2P!Qw7U9Jo$(^`fGAZlRQj}K6*vA#r2`xX
zkeFvqJ#`wWJ9KefrBeBRd$dPHEWwGHY{wAw<2y5jz-G%A2fEKC_|=ZUtt(L)JnBPL
z)r;)xt;qtemu^W|$*<kl&j*FHj)Js`BzIl51b+!Okg@fR@oZ>A-zS^tp~uL`SfWUU
z_^z+(!p!|M{S<W!{SZT|GufU;zJ3FklAN4exRb1(;@<pMdx&5W#A0?Z$K-~-V7J5N
z<;#kSY^<#pD+jd~o#oxZXp7?ggu>jC%xmH&s1{*y%;FvPAJY<qnT7EBj78Ujvom?f
zi-%b_Uk3*o;vHQj?--bK66<m)pcH03N-SHkefwXeCv+NU@@VLAy|uOCUxGw{eeL@H
zFmCrlXGlH6s?b9H>uZB&>>sbBgq;B3%9~3}fk#o$QC$L(s`?*?d&}rJ)|{^Ye;uKl
zlX^8g+!ApQoY4IFf_Oz3n(3V6>^89MjV31~cP=##Ak_6MS3smqQ}$|MEhUUO#W`u3
z91fykVVnUg3I6>R82f4K?^-bmo@|F(^Ilj98d>_|vIA7TgO5HoZ+&#-#tqq_Lj`#w
zK_o?TS~!o_5g7of508MRxpDjTuvvNix*0U<jZVaoUZRQ%lt_?=_@LZ1M?XSEoBH|$
zvdt04I*VPggvxyL$68h~LnAEkrWIxrG!K2YSxrq1D@@RDsUtT6gF~T>+!_HVXpfB^
z<CZ)gDnu)*2}c+H_|bgJ*S8OYNoX5JM?-L+!jP9=cF6?at-L#e!%cSGe9l2pQM^hk
z-W%x|8CA8lFG}vi+Cvx#;F((jzRf<0h`BZ?M}>!{mGqudEL--)C*2a3ko}kc*D1P$
zjE!4Se|3oohT~#le7*JO>c5WI=T=q5cn9W<4NIs=y~innAksWcpN69?G5k$VPLzLr
z^b<lEwgm039&sqa7RdHh|NdKa`uA22AR07*6v%XesaSqJpV3*mT>8$UlVg}>c@1J1
zedETFjs1l)Je#$$%qHq6d}i1Ji6j|Ke537Jpy#@}tjx@6_PF6%0wi5st)i%?=GC>g
zz+xMUaIX5c^9JjhHOY|LR_1LTZ8Lln>ELRDQNv3308AYo#k;Kp8l|XcVs4H@5!Z+=
zXk95uxX!HJo%L6e;tWbYDsleLu-(oa+d^u{@e;dHd~M}HjZ*M0%+IfFJcB6f!)dgM
zN)js(4s=fI`1&+Sh=9z7u*L+qjCL5O-jZM!z`ja+tTHn>G#@^HW^Zxv>2YzVf`cP)
z#9$AOa*$T;_%P$oTLu!rh^;gTyfnCy?%KV3^U}>CYMpo{55nd+|Hki^AL;k!pPRST
zyVHb;>0@J<<^Bbo+3hVS=N>qb<PwjF$zRcM+qOx*>A+$VK1>Kii%&I69Ht)tIE4=l
z@b!3!e;LF=NP!F>;n;<q35MH!E||HLjcaSLUE6y<61V)yn3|qRJBe?VN<T*2lUmF$
zI8zmfFdFPDgJ+iyqDmE2EN{dpRam+9?HlFE#c8j%>g(@6c5EO=gr85xHfh*zZ%eHr
zm;-fcGs=0pn@zG1449>$SG(|-WiBY8yzuvk(`xA-W_%H!eU2Ip9=bN@-?gtQB;lIs
z>mfXBrJDL;Ral{+pdiTfz%J$j$fFB|d;_fKcS-oHTfaWWoJ(9N^Nui(TDqb7$pns{
zgb((Lczoc70o_)4Pk|XQF@0VqCKQp$p*9DvCkjHsGc`fIxo>tqwp|YU4Yjl5;mV87
zWsWuw7GZjdmg`8HJ=1um1(x@W4G<8E>F;wZkV>+X6C^3CEG$05>D$>ED+SU_(87LT
zrx2yUyji!H2&k%}_Y#^hN(E#Cd-cMm3toZiW4C^+sllng)uGQ3^bEYk;LjRkTV197
zGwHCw62f%7E~J0yn<gu%tf;7mvpBjOz$zC9hYE+@=K;P?pFf|4GLcS8KorA;<pQ!Y
zTmm~Wwc*UsU(A|S`m$V{f}8t7AUxdNiRfdn7<Kp4sxM-_FL47h3iguAC4AUUtt3IT
zIHPKYLJ6*r<-kuZ)!@=eV4>-<lGjwWq3fgJoMBri+#ZGl4JQD8xFpPchN7o>89_Vs
z;Vy!<*ERCh_HElxDjzePKte`%!;m_}uAkZcGaM3LA~-|Az5-v}GqZ{zi@(zKfdx=S
zVtLJs1%4x`dxMcY5-#&H7I`gMu|i!{H9I3?3y3)^vek>{vr`wLX6L;F&qeV1-l0%V
zux|mDN7c*>D?J)vp~=->pbJld-zZApXO`)%K5w3az6?6Xw>$seqkS6$=_u6;Rk>Op
zWPiwPy}d>5CkF)@E?iz)Syjb`AcNVT|L{Xm02Z>y!gkv>R=K-|8o*valT%WLuFZ|q
zK3~X+i(}az>-+y_O0QJ;=agP|!G|uh@<-F{g~N04BgdK>xloDAV+Yog%*?Tx4izN4
znkajhz@Q-9-WN-cm2u3XXJ-(PY7Q%8l$coGe5|U<f8VQD@}Vc2Vc6QCngKr;o+!vs
zJAdisO@3g_=g;^wrd3922{(;dOv)=p+K~(juRyBn^ZjnmMc!{8J#CKU{sA_i)54d4
z<3NC>m1PVA4=KHoH!r)#|NlGjr&Mwuu8d-vwgYGi>Du)1<1^k&Xbi43qw*JgCjR+{
z8V~Uluq0+6j3cgZ_4?E}LfkjTwovt5YWv!r<Mzca4c~c@>`B@#1Rs$3f-H?(BBsyD
zC2c2!jdUfyXFPebi1DI?f#W?urk90k^!3k-wfnos5hO;?6jEM(cE`4xn$x;We#=C9
z*Yg^G4Dd~FY-(at%i=isdR^fdRWv<xA%E0$=>6%YJm@b>;_%6$-1X1IotEJeII9>t
zO?oZN^gQn7L_@CP)QKY?l?n+K`3ind>$h+=kg;5b7RUZkQ3kZ*QDQ_V;5mC0v^PJN
zXbM@y`GnMqwtFAU*30eNCr_9_iQ@$KshUqWw=i*z<)Qnwlosrvfm>6PJuY=?dKV*e
zQnt&0$&Nqpz94gpIa4HJEHvM;g<tEt?^ee19Wdpyt5RbVkWLl6{NEfVxn%WZ=SK(n
zGYk_p!}<ioRjqQ%`I(dx9L84H<h%vR#sZKCEI<e@dz@=?50vfhJiD%G5ExY6)Zg__
zJW5MT^Ooc#*Se=6t>R4@C@qb-A{+~ciqpj_|EbVeU9v&mTvAkX^5Vs}bPh=3kdb={
z%5EY6+MA?p!VXpnD(nS-nv+5u4xK(d-2GXvIL!M+X<G@)v~)1ctdA)y9n`W2V?yLX
zWNqp%paqW8+l;GM`n)8ppTRR7=$AwY>)x_>B+F)j0(oJuKvdVzpm9JfRr55|cLV-C
zh)vK7@P+~NxKphWq=EF2^0!!A?-@M|!4QMd!_ILBN&DWHDmlU2p^pxMD1`K72)L2M
zA|-qXUx-%kQrQv#=}s7i)xzi)Zffnxk0=xkS~vdS-e}LAYlfnPn@+ggYNwNKP&4|*
zk|5=mA?o89C78a9ZUCzuc6r~OGTV+5NzKyq?c2tf%}>bar6nau!vxwgs`~)Fj7U<M
zIGF5QJ3{dP0qi<}T8|9LkH=3x^?uvfOf=;RnhuJ91>hsd+g|17*6dz1Bo11eUrRa)
zAJg1D)d>G1RaIe<6uDzA{wGV9Zt+m&;ejrqDn5YZ9LOW8lwq4)E-r%eqW7HpH%2nw
z0A9s>;anu&)V9>W0$z6N6#NLckC#WZud)Ywz;5);l`CSt=>Y48OGot*b@?YJoj9h{
zJ+|Mx*r`*?%Kpfm<l{8aGJLoDDJ5~2V@jXaS6s5L9i>PFzoe)%aiZdpiQ^O{CYP1P
z3>=fH`@y5VR66P3-UA2z*w?j7I>ar<!#tzc*R!q<MWPUKZqSYE*9Bc4`8V^)6F<j?
zcJtY_jW@i&<dT;!#d?2whnAQ4Na@IGgu}3U5^ldrW+44yF!w`6h1$%SfFoD0drcid
zVq9)5WJMkzn~|d9;>PBbM8Y4?Ei)K*HoN4(ssaEd!wD-HfP!~nK8P)OZ2de?KKLDD
z0UeBUk9<Gb4JLW(;vPVHRSAO~tXxHZSXf?;Wi1dm-DMY-7+9U6A%8NRT&k`e(5=qZ
zLgz7I4!zN@Uq4{L!GD$E7{W>FB=Hafo17Xxf5y;O`?g`Z1Odk!5)u&Q%W+k%26??2
zlgf!BJqUBIE-n~DF@g|sUfbu*&(SUd={2067B8-5IDooTtT%fxFm>GvQ^uE@Ul8AW
zOL#=Yx1YI2PHHwNA6P=?jbBFlwV*j%vEtJ8jTGDTBd`fD;d90VtI}2cv1!w#*tz#H
zGytK2W0Rljevd{etJA12vTVq|q3TP{DK~!WBb;15l6^AN#C<=0{=D}0-x0g;V)2`V
zZL6ow9@E|c>(9|7yII@Gg7<-)@S6=+y!ld9S?NX(3Ez+EfZeXwu!21lclfi$f3*Nk
z+II;tNM6BCNi2~plizJOM<4wGXF+A>^dSL11>{`97B;%D{|pgk76>KTDLXq7w_2=f
zi+B00g~kFG#19PQ$mhxCP}%;H8PqP;6^Xye9-_gAl0*4U!3)1K>h(8&ysoUM)4<VM
zTUv084E=Y;^TpyBjlk{fq?@f3*QaL{gz(+fXh~;)(tHDRl|2MI0sTN{5h6dV5A({H
z+V94gk2K8#6`DOeacyz3J^{{d`}WIjE=*%_Lm(qT7=i*)*qOsx2w^UT$VNRk)HA97
zuUJBYHa$-m`RwN~0kKS-B%*2>uQ+~u(1i<jfZ25pvP&qhz%D5g;cigpU1YwRw<uKp
zpKifR3`X2Pn+@O(-J5@7hYrR)Tl)Yb@TKXP$?7Ls3L>U$|I;8MBO?PVe=c&dN7T*F
zFaiLivX`#qh3x;Ib7$bEr}(|Seet429P}l>j2kCxR-=q32mv*zYoG6yX44t!D|`?6
zE@0sQ45F2T^T1t<xn@olyx7fBiGc$tv;0~LNK&y|UnWxS+=!&=qu<!Hdi6hmiHkil
zZz7~8sshfow6q{4nneRu87KOmCve;tn+H%>&JnX6A@T!<g8HGFs3%}$NxkdF%M?i<
z*gd-zky0_%H_3SnEebRadJ8PUxC<!s)ZP`KZ$osAV>t|y-0Oq<Mu^nLZ{KR`>;EvE
zkoDxzqutnE@nlF&pax{?866`O@hRx}c&`9KKvvfUW`;c`#+cZz#g6Z-DB+W9(?pSv
zMQD9pUDx+2X+i-h`_opw5Tz31s-$WGM_gd%i6$I!i3`Tn?!>404B!wz7`8feAl+0=
z5=>YV$C5*vm>ES-bm(nwAxQOn^n&Tbsa~0zxy$sMgcvTp%<`Ntv2B|DPg$8fu<hey
zN9ay;K}aA1=O>YV|JjL50Ez(;2}f<?<rkZF7&%uy>dVi8u>)8=+GVq1;;G}uCEN1p
z5Pw94`7n@n5+5^6qHJy3>HaYjc-kVp`#*TU=zBs|mJ!_}Rj<Cx6_5?mF{z&X!Xr`F
zzBg&Yq)E`OLewJR42{_+9Y&c2<TgxBPG`PLqA<ucWlhJuTihT7LPBx$<~WA2&~V%*
zia#vC$2vcjITaW<Zu)c!6BD&Vw%2`7_JB9q*)<TbD6s+zslFyWE&t!U)9A?DHM8*!
zngG3wO_8yYI1-h&X8w8~t`{nVuzklg0lCHu-i`I6rV<mOd%w5i(?=7>=ljQNzsX8|
z;GBU~;ukER@hlcl9n=ce0BOiN-#>87xK3a}(28<-fP@4KCm!x?I~nu;IIbO!c`AHm
zMr+ZjqQPQp^-)F!=O9$Ra5YoYFu&YjZA@PHVf0?cj~~np68AHB%RnLu0;-Sl`?mP)
z$X;S1Ifq<^<--2?esgkgnd0B^DmAyZj$QoFsH&m@>^F{idyY4{t)k-M|9yp(&;4xw
zVMP)c;h}nmebCUpd=ra;Z+u09I2T5^XOJT6L`^pi#iJ|hxSSh>VGSksr|9T(faUSq
z8$Ny<Rk@q;0_ZQM@3k8@_I!P}gtJGv6Vsfw5VZ&pFOBEAsVzh!!b$hXg|&G;p_+r_
zMWVADMgbzhlBP~i^Z}-d{{a61D;GuKP^-BBV}VR(o%pvKd}cZ`W+25xQ`+{7Y&3{?
zOS;<F)X={3DrID2Rl<gy)$`~7i;9YPG<5KVq$H2syYDiSM?}1taqjOU3orB5$Hm0~
zP|}m*xR+tyi_;sj8&(R1T6*0?@0*(m=oEfgCxE>xX3tj&WVP5<Yio+wth#lgr_5nc
zQvn(<>nJTHHA_uRwji8e1S*W09^{$<-yhMvXF-E-IL3eO{VOKOoA_Ha#?0Zb_+_uM
z->qA=I0oAc?3*Y3Kd*437o9gfMLUQCWjbOOHSO~jrc0N?KuD~zGh4ADhSf7XOiJWR
zj>12~*YNK0zZqKMmwR%wpC8{z2qXQnco?HF*^I>X%J?Z2V<SM{!@AOiO}b$zOl$Of
z)OI22<MCid5A3mI!mEl3#n|ybPNRy(X#+hJG}5xJGCE5NM`uDPpc=r$r|qg(tUt@i
zVYvX@sxXkDX}@;EhTpuZI1tQ{qJvqMH0Uth8gCdsS>=Y;|D@{FBpx=}Iq;LsY{MQQ
zh~w$QNL%XKkrtsq;=q$a9S9oJ&@k`8*&9{8GNQS=OgN&)0fBYyGilOIm^lV}Q~2jP
zvk|76tXdV3S~N-A*R97UQE=ePbbR}qfg2Z&BmaH>Ph<Z(1ufcVi%*BEvokx+CJZ@>
zY>HC`;Ypbmq_e82b>V~|Y;L85h5`ea7aG-Z<J8+WQB=m<y=!bzjaw8H8gm~@jExKO
z^CQ0f1>FE~0y;&gTW(^RFD3imtgz3P`zt8M7c7{uHEZIODL9A=$fu#HO1}XIHvl2?
zO-SX9JWq7PcuX(bCtGD?%EO>z+qe41@I#fHg;A_)EiLr|lgXYZY)ZmG!^+y)UnTmc
z<-3#fBYOX5&JcWHExCvOMl$2sb#8RH%amANea5XULFn>reL;;#_Ed;l?CrbJxbc3T
z-T9-vom+rx0rjYgs;cqwxP?l)N<1e`94v7F>RKpd@JZ_!KT9G1yRATE37;yE>aAP0
z#KM#9+*wad4T#qmOyXcR>!0TZ)H_EO{_CI3fKpKFN}{R<cqmi`ZkKD<j(pi7gol_I
zst;tZy4z=D{nNJc_<m+gND8$4i0f*`?o=4{zqiriS?-9V3pYQDmuY-a)6jrHAl8P7
zNK(*)HwzL2Zl2EG?*XR$;z7@|vrnMP9XGCWar<!Ia_(MIe7xzyJ%L@8oMirqGZd5h
z+yRc7T3YDF$sJ$5er3|2^ySN)9iGNjs}+8JN09-$i^PvTS*f6Z=)u0jkB9qb5<2K|
z`2Z<Vg@HC+iiru_T16AZck1Zad&QGEJjdGmkeAII!|}&`G~}R{h}(%tNvK}|hHmEI
z$f)3-2^xi-Vw4uv=Z7SpA`t4jF_C8e73Co)%HrWhywMb{jLJW4RLt6JWz|%f(N9tw
zUlhQmjDUIi_|o)zI!5p^L`Fn7vR-d%zekpua*+s8Nd+vSMRGT@6jlBOOetWWAXoS>
zwMLB2%~fNc4%#k0#DGbYj+&0BflEPoO?P7G!5aZZ2gO3o^Qx|!Dusa|?$^*jbCw!Z
zI>b|KkT#Kws6Ff+%cjp4Sy_O+Rj|@>^770uOv+)k$`ra7LL;Q7S<L1|+#E4|P6rJf
zk)4RG`_~V)D*XNO<=npvp^`a>L^K`0$tkS5!(jmp8IG3t@Ty-~u4XMu?aObx^hWap
zF4RD!?20%#uIETD+oRJ(b|6Y^q?QD!;9iHw=lvhH-aDY@{eS;|Ata%)lA=Xsk`7U!
zBq1StM2kX{)i5e8QdB}IJ9{UUh)QV~4H+d$Q=Cf0Nt)l=GoSbGuU~(h_c`z5)T`(7
z@wkucy6)HAg@IEIUEKu2FQQCcCyA6g2vaINVl7XcFBF5CW1tVs*Q|L-@td99Pk)iK
za~vSX?l>|%V4IZKKTN%2-qp7+J2>^F0IMrebU%>Ba)m6(IybPl<;z*!eL&F;z{1#%
ze_9UN35?AbxfIbc-TkEUU~E$02EmIFbPJo-^8(yG*=c)cRW#G19AE~T?DGqtO<BVk
znOnunQ?cc58MEKX4tw5)(Q~95NF<)Jn2WB|=)bAkNyN5RR`+4lz@(^JS=G_y&r>-y
zA?DV(Bd2R3p>WR-LGahw+HLZEKTr{Z6*F=5y^#Sv(%IW|*0IL0mh^iWL{awZ*Nn*v
zUsOiTf#e_dz_<SFJZ#K(FJ*ODY3Z?3r+NvYxrHoDwiTw#s~@^uq<Fn{%@}@wwa3lX
z{5!53;E0cnAJLQwF14&aV-=JSZ6HhoSC`t!^213S@TN?GZy<Rf{Uvts#Vf-}nW0)h
znm$`P7?5JP2(Xb*d?B|gIawcjVpSPBQuJLNf4&YE_ry_?P)p|FwLzKl0|Y2fA2y2)
z>u`tChi$BgzyU~M)`oCcbC^U5ZS|G+z7T&Y>mzF{?ZFkmq}H=~1s77il!VKd1s4y_
zC9ksol#YGKNzkP5c2|L>h<)~4j6wnz2%Z3a4WA5+EU}s<Fs)!bE!!7o?C^e3kZ?{g
zhnAI-Gn?`dzc+~7W6Qui;pD6}WZ}p8xICusjekv72qqa<X_qnzSJ6LF9)546fkfLR
z_~Y`0Mzy1XAv`J^o!u=2QWVfUQQEv*)7zaF!Vp<IWrn-31lj{nCA3vEXiQLMR6q0u
z%5COUaA2s-_~L_rQ7MXl#Ns77dgtQBx#T747<?u%c9{93ZJeJWe}=hlUrSm4=cEnF
zFCnV5W^0Y$S-jYAhsO!hLf!<&A0RD#VVi@6g@@QIMJeK5)XM6lB$1dta|v37ch|%n
zHB_d^V8{c8i!+JlS-x*i{UBt%SWt=SGqw$jdUm3<FE5Vs*?D=@HAk8R3Kq_a`;Wb>
zi;ateczL5cTRE6sGX31yBci}`q|aPXjQ5WfcQsi+>I(4pk3j0d38R^0aDaC}BbxsA
z#f18#m!Z(+ez3`cFD8t;>!W|UhlY*Ad}`=W)afmO6bO`wyCaa527h?KWC!t+_rPDV
zCRx8?h4YRwp#{8h8J!S<Ifi9~R~ogFRdej)p<ddUK0Ae?hSN_84p<IcgkKNG6wO(%
zDn;aq*|RrLa?%WN--j>P-vzHu&>#_l3}obtl}w>N=L5bST5cfqtK#M0@-1*b*XFGH
z_BJms1x$NqKyFG(Bp;N!_w?!6wUWMc5G-qCgV&okGM+%Q7hx@#1;Pvti#%49GCMwE
z1a5EhejfRA_cl`QCr_v^>#vRnmfXr9>x~<$S(@?enP#u3Bf=txkdQo<MiLIuE)IFu
zd9FhR(ZFB2J)2vOA3s-&%hOq~`>&(nT6GgMVdm=y7ljlEOO^;Rj5GbcQ9y*Ms|~N1
zX1;jAFeTlUiCaDoF=>Flq7=E0FEAdm6vW1UDu?j0ppYx{V;3)CmlUy2te`;L#{h>q
z$Z237B&y|a(QCq{K}IZFx^&Sf7D40^GtpLEdyEBfF;_soJNIM949T|z1#?g7@FOK(
zUcAoMLx5V&1dB9K8~Q#<W-N=oj}t>9M}aDt!fT=R<agtXq+uPlLbryW#Ew54%yRZc
z%y>n=)YjT+idS`6*(BkCA)i2IOM+o@Pq)Y2!75tslTrDvWn=W8y^VuhqyL~}C@NZ4
zeuxi=+>S>GyPx?<cnleP_U@$|yB^3%%4?0@{h+3$xtUa@C{B}id=?`U_83H22kw>o
z$d;qTj&?i?S}C27h){t}8WBLK|Mlw^zZt(e?;IZqhIux&e?{Mls*ad`JXA{Dn;X8b
zwFwie#~gaTqNDqJp2v9xckCW%$m(NACU-gz7AOxFuz<?V3WTW!?J*!srr~9Av{cXq
z89P*Yu7m)DjFt{3i6WD?euRm_V#!EVhQJKwU?Iz3D|WxapupZndnP8R!6^Cp!u>U4
zLMe)P$`v-@=)9PamVaceyzIdgrItOI4Up%KCR7Z(OqAeqQKlh*%=x)<5AY%dGXG%G
zaC}oULjvS5Ovci({u97Clf9JP$c0`VwUPiTXWHd@Q#Rz|rgm3n)YB;H>=iDYKd(_a
zcZo=3qNy4R#-ku7XRy3jU&{Nr70}2g^-9*oxG^2$`gp0hCno>_5%Ott8@pS0d9W3Y
zzki1WesO$=hXH{#<fgXS9`H=&PL#x%DLk)RTV9TfrqO3%wFj8o+jO-@ZRc>_WBlwp
z;Actsj4QczTCR_qh%D?WjCi!4=_RDHM*_alXdIg)Plt%F%Az>5iUb_}<x34Zj=U9y
z@iH?P{QC46aFmzIDoi3|X2-!Dj*fz|muBbMHE~}{0uKNR4JqdrFhx1|+FxHi6p3UX
zqSuQps2h+eGF){T1QaOaFPZ@m)Uo;n*_V9Cf6EsKm1q6t6@u*tR7+R_@kQ~`&;<md
z=*iwqS?2Rt$LG+qyS`L|wYYu`nPpSopJ>>$(B{X+nr%#=(Wh{H+bx!xO}S0VCZ+LL
zPBO_9{RMgpJnOOZw4yj<ZIhoNga><_i1SkzvMj14i#}i+6Fd=mwB_5qx+Z3gA*zL)
zJeAqz4B{c7<l*BW=Lj50z!jQS{_NZF#93%Snx6g&3T=54cgpxZVDOX-OY;yut9}WM
zhacirs#)25HBz>P+)K*Q-QSmD2>>Z@sV4gO%asr87IVbd_0_Ot5p^_w56L}hl=#x-
zE*`;3bLBP^8C=J24vaX*J+F7>T*0FFb(ez#7oOCP=(A^s=?+_{D1~~HNyk~Ar&F3^
zdT?pFU@1cX_`M8j3&h#h(o!i9%u<#L36zRqTK`A;DZ!zhN4xh^>=uR|kYVxByIaWG
zpj_gf#G+9hrF3JHH8n48E6&Z;kNzGB4gUJww#co;M3}{kyXZ@~&QcI$rexaPEkqJf
zx^ipPn{%d9s9ss+g&T&D@-iGu`Tvf>@gW`$dep|x!k315P|S(N^`-uFgQ$mdTpY)$
zO+3+9OJLYOMJeSu<p*x*Q+HKK?QS8(QouX%7EwsEd5yopy_O0CTj#dR<uEK8v(KUi
z-(+QlL7+Q;C+t1KV8+O0hYZ1Cv%TFdT&H#)hEK+-fC)#Oihcn5lHAaxQ?>*ZWROYu
zu7IHywOh7zJ&?mQ?(AkTmNEVrlS>2-4$cLaC#*ww2pbR3?e(3%fVNVohC#_Gaex2!
zABtplz-FDAbZ|$7Eru~OI`{7&Moxw*-0R|EQuSyN2nDDb<Pu%*zd*_<8?{+TK^fcB
z)P$Oa;KqEG0;AW6)XCmgYx$HfsRc2aXJ6LU-^~B7Npx!i^t0KpVMwEfWDK_*>~Y6)
z3ts`mHknTs!zX0BV&1!VG%Iy1m%bJ!FIIIRr9}8%orVKQVL;$8q%isE579CKXpmSB
zXQQq@{m+H2qBB9kK|D7tx$z@M8hs|;ms0O!3@}uEQe9h%FFa5N8T!&T?k%dV9&HX*
z-SB^pv_{;yTNrvHZ5v2oHuI8CHta=9?!yZHPyCqYZes)nbFdyMT*XGFE3OqnMbUjL
z#rF}@&oF))D6`38vq9049Qj_iZrqs1PC6Nfaf9Z!&m`riq<B5r4~~yi5rkp%{G+p^
z%4=)guy6a`2;%%?dsz?Yr+)qVp-`m*HM_kFGKD}}<~~SwSn=DpR4B8fw_{ArwZOCE
zCzl%~AAXDU$49?Ap@@N1M)Fa4Iv+skizChaRLJY{#3fFPj;^MKJ9ln94FF$QWFMG0
zGcp%7G!zuwmD&^mcjCmiw6u_-EM<qu%6|F!b^Sey0|<;bqZx_61c}A|{a&7)2(0Uc
zR&8H>>P&z<q~|&B-t8xG{?~E{bROh~01VYfb;MbN7=b@o^1DBv15pM-9*$#yT~f$-
z`cKl{*?|eaI#bjnL*<DY8ae6d2buaHV$xlLw8rItDBZld#@zgf<X~=*veyIJS+eH1
z=*VtYhS-FU4K|jSle_q5*d=D>$@T!W+VXw>+*BCynPd0y(eAOkTZju-#wiCMx^%w0
zjPG0i`q60A;twA^Ldlb&5pXG#R)tGTb<K6YylwsJ)y-IHRV9|pt4h2i82rtjzvb2X
zo+66@T@N@?w9!OBCo$XzwhVH{b;gOr>rp*$EpmJG`R{0XK6HLjUlbSrsIBFR8h>u5
zD4}hUK9679;&tnW4IK*Z+&~{EY?`NL;13h_c+#AQ%hi{#*W=Q_m(xPfCUR;iWGF(Y
zytLM9ECvyvUNji=RQbdX8a=ih8>(5qVj>kb21Ykn`2jNvS9Nu?w5V4@h;p5}`lBf&
z598y5-OmF^fT_ar@Oyy$ak-Fq$qyL<ewm5Cu!-F(L7TK|m;I(qz=#v?hiYC%Kmj<Z
z=ho^14N5dDirpGPcR(d^y+!}ZAS!CankIHhdD24Kn1+mpwMDZ@<KPdN)MR~nE#p3m
zgDOA|#z;XYYHJ(sJZi;S1;le^n(NSs$vtW8A!RJXl;fuMM0^x524y4_{*5(0tJ2@)
z=8~18n3(w92yX(o3}uXQj`EKYJ@j)h_d&yXtq|2n8xJ(2d1iz6T-YMUm@)NR9LM!y
z+>(QDEOA)U_<nRWru%5h0^4qiM0xuA_dj80G^2{l&5&UTQL<|+M*svVE8}P(e9;$B
zIbFEW<xc@^1Ix837YrJ|C`pNPa&YMZM-4rB(#UKrbs>6uJ}Ezz`^4NcUu|0JN9Z8p
zhFK67^Q2~?VBx>xz3?}vuT*c9pDyLn^i`N<gOe*;V?KWTPD)Xgp;J>7r=B?k)hi>@
zToyRv^qDi<Zu(<2%lErzDj@BdL)p$;9q(uH6bw$90q}!<ctbPca?lJ#|MoS%Fh$3=
zgiW@#YHho>pQ-}E;^6ba%f5*LyK9_*DdIn%YkGY~C$u0+q=J8R_!Ng>_kAQgHA$3^
zd_Z_fJw)L<ts|~vy!;;2E6TW6)9@oVsZNdN%u(t8C&T|=0w~!=@GAd2okBJxrQ50$
zdOe?UGG2;ycz#oAU)m<@euv!(nzDU%<*kPL`qyNh%8p_xEK;E3&Yddr)h%U>+OzP5
z=pJFwEy;zAfo=8a!#NB9)gV+Tmo+ufv+nlX_M2RUWF3-8TU)!8KZL@T`){ZW1?hx8
z9LjuL-LhZ3!d-B2Pao<}&N5+=rpWhEHq8O!lLRxHq3f6^;BOkjGpX+25a~++5qj;p
z_D#?PFyf8?<otOLLuFR*uE9S8@~_jS8@pZN1pFb4>Rh7yn>RbSBMf{DwVY+)i&q|H
zG51m{^!F?&in|Y;GI?htyc`t41^25HQG=Tgj?TuHVGC#UKZxu6;K4XeaBrdDy%&mw
zxBO2FP&ssEv%p?mIYKhXlYi6YisqXRPsKwU&rDNYg>18|veGE6ASm+`Jr)pP<Tmn$
z_p9y-%hxPqB@zQ5kM@&Di2T7DypN|_%3k@?;{ixD-|THVLBXzaHP8fSJ*CG$H1+gC
zXk>S{P&d<4*bE+GV?E5~*A66|z$fRo1s=D$Ivv{mKSZzJ%QDVIXOzxu2tC9#Vt%Dk
z{s;B)y?Yw)R2bpf$9YLwwA(oh1tIW6IwJV?F($BmI~L%`r#>aP?lcJ1Bc|?es!L}1
zU~7af>sHOppHTPm9f($VQCzxYh`DFJkGA~LnTnDT<9Tu?jvd>9z6@&C=3>u3$C*8$
zKev0j1=pnWpZdyqC|-+<Q~?3z%FqfipN4IJ`PL^ime>acZHPku4?eP%A*Tt;r{^Rm
zUqFvIV}|?YLC<QweJiP`*v~g7A|N8ga8T!L(M+)BJYj_r_5P5@@3b{$ljx9T!I|Dq
zOdMViCbp{L+WGS{cNS;;`nAjE`lMq`!GZL!X#E$(Eo5WDy1kSf3^452(a=<g)Eajr
z$+08-j3Svew5wGCZunAG=4HRtAnO{~8Qw~EruTt*U4PdqG^mYsJvfXQ)3@(YOP>)8
z(k$QrGqepn!n#MmD1;N?8?Q{M%o-h%Qd(+7%KIMhfOkN)=SxQ?f`vd_f#hUMS_75x
zY-Zk(L$fSu53@f&PQk`pW*p$xve515QBx+T!5;Vmfak){In4U(#Tf?0BMQ;Al1$M6
zGf&9hlXGTl@0OJ(e!oLLK1?du7#t`77q~usw%XYdds+1|YnHVzV4<!~z61Z@)SY|Z
z{~mY-ScL!^eET+4TYD4((A9^0`wtp4os2~NMS?;In4ULK$Sofk-_&-g`*N@OK+@f0
zJP6^#Dkm#N8mN0re}$bbdbJAsm8pSgi-Q~ArU#F9Et8bN)ATf<R-hEC3ntM}P>9oN
zK-bhe&sUW}Ne^iAlY>Ehg*xFNdb~vU8ER?=_oN9WH(V-Kmnf?4;m-i%xToP9)-PFS
z^+;s7z!^yG7;s&=(q*YWT?BJ6ETX$kfF}(A*wHI9DU_WJti1be4fR`Iem?xySSmf}
zw2v2cj&l|XB}9--N1KI1rl+Sc+R4Yhr$_bt->BAk*h}IBhb7AD;1dHVSIWCa3yQ}>
z_uW-xGI{oYH?RTr^6xYx9SUQ|YiKOuh<^A$oO#!O^*mbx1#}f;NumOP38hAVy$O3B
z2=tewWio4oa3!E$so(Waqr-Y|7mFJgPCcX$23d~oTOJq?s|O@y(@euoQUx(0u~VFE
zTJAsO1l<>m29)+)%3it;k~8W}CUHT^C~D~Qx#qG?nP{_UaOpI(Z^-SYk{g45A=^n{
z#NVnUsW8^_5Ic|i)x(b%K@BLoR`c9B+eQ!Z;`vU`2MV@(_wEck4KwAjBS-pfJkpK-
zhXZdjeUfIMo~sHwA`Jz!kYku()gN4+VNrrZLBZ5&g|U2;C9bYhWpoVyEFX!g193KD
zeu9zbqM|$K9XltBXnNJ@3K(@mimd=qNOz?5uf{|PCT4Pb_m%NOn1N>K`*1w~`(Uzm
z;2yYksE(4#N|Nq>RG{=nufq-vAw)e*Nce>E3ZC|~`GM`Q>TeDiD*qWiTcftQxAj}W
zpf$;%bWWa$(O5RkF)G5tWGaNo{QEI66khVOviJBK?C|j*0fD==qm0~05hrwUE_EJ{
zvecHaw1sm=gaw_TlHjlWJup5hL6S#y_&@$TW;MW90nVUJrf|e<Z!8;YVbQsh9dm%@
zM#mf<&SW>GDU$%IZZ<olBz#_EWxc1=itevF3<^c?=^HYHxxq_x0}v*gH#gI(>!MNt
zWA^hyLXP+1$&z|jsR`3uP&-=d_4YA>LWUsck@)~FQnDERV(JQY>9NWysfYMIX#H>u
zX@t{bwjfNo`zvaeD@>)8mNtCLQ)4EBQc3y0n`xg)My(srMWm6*Eu*YJ9+QebLO7tC
zEsaZYNWonol30>UXy@6);64kc1AzcAL2*Q%hK^=-{OzPbU_UHTP1stmuV2Dx=W%De
zuUgVY!UxkZEYf78q&zGivTlY!Oo9p<|A_m5L&uL00};E~B1V>%$LlE_%8YA99TOHF
z4q=@GqB`1dte8G;n~y*{RL?zS7acksnhXl~*2vEvh0%Bl6~6NeFFUP|Ob&o=!NBZo
zYmPZ^K%a97<PU%Ws2dmOOwWh`Dn(DXu3cq^b|73V$j?WRxM|z`i90JzY~pNyDrs!{
z>5LsQ;y>O9J-9G#JEv`e`J=Z*MNcvHVRGu-yMYCLg1-@+|8{r8+29pZQ`!Rq<a&ub
zu5YG3;L>Nj?@*QbMn%@z+WM+buP{Yg4f?oF(TByD=DHGc#4P$A)lX~^QPkD_l$?Bk
zR-Nnp{CNej37=i>`NU6^v15Dd2ccV_%>{A#hjOgfg`@9zVoKu7S~F}~02T#K&S+Kf
zyLWW7z<NNZC=T)Zr=GC0wq9axz94!7?ath}z4{)E$jG0A!tNSN!Cy{CM6%-6%I&}~
z1Zk_NeCa#ifBaaFEz$k`ijpZ@MOZ1xfEz&JxLh4M!e+a$joro#@*mJ!W8y^m5m_g}
zcokv>{$R%U#Ov2tKLMwT7*5zHav(Uc=kVdhJOxWxUL+Z?70%jaPiKR=m~It(4m3w~
zc$fHpCrEZGRkX;?z*BT`+{5}`UgK^UPT#h5tAMi5Ao<4pVHtpcjjUXWOM@daO772|
zJ<zos{0k~_Kf_WNW%;Wl2}*H9cyNp1eHf$#IF@x=Z!>2-=rlzOJv4*&Kpa3dfv4*h
z9wmK41^^k7DiMULTyI&}F@@M@p5U^WIoBaynG;Od`&&J-Xbv%gwmU^5fqj9OmQVeM
zURc}{X$7U_sKB!NCeYgX#>TBxdR<q+4oaq=M3D4zJ<TW<c1D=;@M+SEhYC*ROWq>=
zp}4?&!syQX?(ZMBKkFP}@UXnMvYHo;g8Fu3BmuwV`**={f8wv70Dxb<d_l9pL=f<C
z0dH8mQ&&%o&y1VehL@y&h8J|EPF)bZ`-X~2urX~^c5^lvAMk@#b&7qyqi_p*N5;kd
zZgCgXL~uSfvaxsXI;@<%{mNL{x(O4mt{Q*(Bi|4Pi^olxw~$4@Bxp+_UwkL--N7pY
za%J4OfQ{#H9_C`b$J91xb*&BU1VxcpS0xn{>+)rhxF3bhaG(C#JZ5A8R}Msrw3Z%L
zn|7|ft0>8ls6y&Qh<8a>Jk8wQ(n64ddYIvi$!;wMMujyEx#WL%+sGOqo99JE!+b5l
zVTd{Wf8w6l|8k!*{@q@6;P@qaNbA~+?;6BE4@FEnmaSj!j#&_ATYcQP(-M(5k<tyE
ztc2lKM^Og+O@%Bt%<npCztA%^)etLW;!McFE7&@L{V<4$RV>E{RVfG@L5t7JU(-9z
z2!4WeNbPnbb%Tw`sce+l%VWK_gy2pX1jdoI6@_f%r*q;0zV{It!huL1tu?|hS$pB7
z=-lShDVXyZ#|+Z-KU5q(1{V-=8YxOuC7y<^-{1T;Cr8Rt5u6rf6fB67QzPLCS_sVz
zk0Lj3A@nvQzCkh*04(7;LBFl{Ux{j2Jne8wiRPq9bJitIeMjGAUz9+olN~b2+j1qe
zIF6N6mA2a~0Hz5`T*8cvri?iNHq0~?cJ*NVU}7S<N>5n%EkJWl?6|%5bo?CunToeo
z$IN3Fe6u=z_>4U|8r{iOWJ1jwQv~_M6=lY4=)kyjFT5<W>Ly5b%A#h{2+wG5Qkga_
z9EbprKub$#=$7j7*=ParKf<y(CnH1L^E@966gD;{hB)vEy9li9p&Ws*=IBv9d;z2*
z(!c>S53_6gb|ec%W}%s2nP|EMYgKYKZyl+{wSpT<P!P`sZRK0S<$}sweU|8f!{%RL
z2z(c7B9=`GYm)D~LI>n9IY({*gy662cqCu~sxmVjwfWtR#qXLf4<8ozqpAu^^izkj
z)LwIH=#o>e%~&r8WtIe!<qjN3zSnjA|MzA^p64M*D1lJ>-M@EF(2i?q4Jfd(eL%sO
z;a=b0FBP>QT2FS@1CH+9vxi&7$_9Jym%PbD_m0}qQcVV2wdC|pstrN?eT=Ip5a-}E
z78Wz{Ddj;B<_Zc<tvazOj0&z2_b=FOt}B1#SwNbHI2J>;z||p=B~xJbxA?5Gj2{CW
z+Du1vnoD~r9y)WTjiGS_nITg7*U0J=M)2{Irm)cwn)cbXzYSWC3~p$rB-uj|{}cdk
zmXKhxmsL>Uy400W)5`ENbx?)y%)uogB41}^ZKH9gVCk=Am?j0XO)8IsIi`xBNkn;b
zN<lh=VP2xt3?v#{z?(OFA2GT~_01~z_;{vXCQZD@bL2T)SagjF9l_vCDIgswdHH}>
z8t1er2C#U0gL%lDqHDc8F)UPKw+C~SYZKk}8_Wu~S@QepV4=LBv%7shw~8Kx90^F!
zrnMc@ro%^$_$b<8noF9Zg62gbqPS@9WpDw0W;z2brO$hlE?%Ubn5oE<F-=_(Af#NL
zE)NEAOi!5=M4<-{FcbLAw_wLAy`Qk#jFyiV0oCTWn8_jFZi>!2kfV%oRs$r2Euq9O
z?lylqF#anK2&iedvvbF_WSnYfW9ba}>AE{sP#2*T7nhXec^Mvk`{6_2R1G7%6AGaY
z((<~|zIFa?9^V9a7oIf}k-C_@LmQ(E<cM11EPD2=srtBsD<3*q;=zG8R|TeNFCZB~
z{<*P%L24Q-m}SRk21}RRmsZaKdN~k1)_sJABs~?m<O~*I*hEs1Yejq}WRe-+SOACn
z4>n;sjYG+&1cRg6p`rxU=I<?JO&2a?XroWRe#3WWlLcws$f#OFDODA3ZVk3v*RY*E
z@g^2m*y7DDYaZ%0aZhSoYa1J_Q^hqYd?&8qr>Fb(B8n;d){_ug*IQXioKVHRMI%+t
z2<H9!l*Cp}ivohrp6#3Bh}G7;G5{wH$rKHfj(K5#Yf7QQA{Xs>JSC65+Vb0Ap6Mwr
zcO1ia2ag8aM97^;yZLeG<qGoh_?`{i1{9UDC99Q#F$u8VvgPKbOP~f12nC2a&t*N4
zPXrGG@dLDCSaU0WhH-H#R;_Zq=+L~knU_Ni2hPZaWdiu$ii&|qEQ^Y=@*i^zi7NPp
zxPle%o8YU3!c>@{Sh+GEKMt%&;Oe=2=k)e22a&rW*yHhuEM!pvLoW5--A%r)GY}jx
z7R(7p*hh~aBWj*0RbE{kuypKs`v8Lr!dWC#LjBVNl{r4-(H{MpoG!@y!08~kNYZ8B
z4=o-#sGCS5x9V1~S9%#a7^4<?F*3k=8c5>SGYz<aX}$DKA5eA>Ly_g>>TcP(6)Oy*
zcNaj;SrDaSFm&)Dm7Zurp@feBu>%H?7ppc=jqXM+%dkHEym0T^ei!rTm^pNY4C5Qp
zk};Ar^;reQ8ldT@0WTOZ!eo9<$5D;txM*pX(^);_fz!rbUy}Q4Fe?S>8EvB2Wo8nd
z!QcYNSFLIt7M=9UtR7Pr(`WQ>gp@eKKQ4>0f`XRZ6S^V}-s1lXas?BY<kzniV3(_x
zvKyV?d*n!;z6bZRx|2}|dIin`x{O@A2W&6f?Lfp~)#(t%QvLi6ST^xSt=&IvM}g>z
z;+rZj{m&d>YR2N@`AN>R*IE3a;@#(MtSUelGiNdzWv$#zzBjN81w(V8pt0lG&X}e%
zHU3{a>nlBld)ssyod?A-Wjvb)ft+$f=B|t1;lnT_whC9T9yC-2Vn(NkYdhHS#az5V
zz9P4g#!VxDJNT8#Mz&FM7qkALd8qAAonAWR{QHj|8QTVeQEN5=Py*KL{5E9josN!x
zBn}1lXG3WmJSeOvj~vq%8y>Pqj@>ST;Jqcrb1(47O6r>+O-@BbAks!K2UaWVOI4+P
ziyi6+q2qBF^)rNnWo?HY;)@TFM>8Su8T{kefVrgS_50tGF^5hT(`RJtqHa}9O&|Rn
z-rvY^k0#138@6)oT1ovy6c>SV9zxw`@%=HZou&qq;Fa6AQ4Hy4FIzb-_Q?~4KPWb+
z2(VI$j*4P?yXmKEa%T{dvN><3waAF=nRI)bK*0pzgTr{E>$h)zez;vl!iOqo)|Etf
zU#`HLbF=&V8FJ+bzr1J5t4yj;#xQ-WS=~fcO6d=OJ9Gc1%uIY2Ii7TT6wF7yok|-)
z;`UUuIapr*tJ`~4As?q5c)*>-5-Ij&gdm-f894B=E~egH^cS&QzA44}A~t-IJtp0%
z9#7!WF#l5D#4k?1^f6X7kRo>doiUm5Yy`idAdOLE@4KR+NPiI&B(<h<b-tyoEj@A^
z@EdA|9eXd;mskD!FH^KE#}ID+{j!M~N2sj8{P}j;IywmX;keuI7XvAyzbyN)cHX=(
zP+pWOY{%t}tYM+_ut2t|c%DAJ7Vt(-FG&OK%{N}Z<%V;L;v_$&rg}?C%Ex~D!13Y|
zF*IA0lQYw`mCwZekrKn}p=ZyYGgz2|`NF>JDbr}3jIR%q@zcthFhO|fFYtnWMC!lR
zc;~$LfD1;NEANAOh<jEQFFCtocqGgKXdk5ph#`5{G9m)UeWeqRsZhnl#2C1RT+6iG
zuKkH%MeF~%b1COT=1lkp29FxX^V&g)4}SXhYK0Vd7Vd?!?_{qtGrP}w<Q8z@P!)!s
za^;&72ZNn|f^w6U=^0dtH+auCI_fI<o6(D=+Y}$4pX_B&xce!|At+VA<vvRmOk{yX
z9l?_Xi8bH_T~xa}(Q^~+q3JU+GlK)+<tVR6I~#3mOsbXuAqW&6bF|z{+FT%51ZaT#
zVL1_9C4nQi^Mt9ypinv$d#|ZskRvc=abR&A<D_f3Ai>7)+jt$(D!CCxkt4tmoY7H2
z!=0=9l<EdAJ>kWo3n};Ft*{HSl>Obic3m=&=D}qQ2PJmLL!XLQ=m4-_n|U_WSoP@d
zcOq-w16@QG*XW?(fNVExSUl{~&a65bi3=U(KjtY1)4M2&zxnV%Z8&4aq_};ksm0C7
z?l9YQ|774_jg35HR<bhsg)@#~A9xl1AmF`~wKYW`EhLI0@e~c$9fIFFIS-`bU2$=7
zetuO&MR)y0J9cRP8T2bVk=b<=W_0|9)7#qHbU>t7H3;d*(<A}V&@+#`aH{RYr%%^$
zI801fMsnxs)vI_4vg-ZJ89fyhuZAI`ze?uq?DabATfC!~MV1B&a1s!e0pF8ppq8M_
z!?!}$V(f$*fL$iD2!SkAWzv*`6TH`S!2<IKcG8k5u=SJ`vj(M_2H_$JrmrQ3G?6)8
zewgm|-(5$phhzjXv2HP0xDZ|bK}BP3=BH2czLw&ilnZE%(h7c}3q;EHPqhVLQ(|I=
zIO8am|NYRQ8Ox}eXm(+6V0vKuSftWPOTAM{_zl@?g?HaMj7)F+xH`#MK~@$<-g?6Z
zk|V1~)*!>6?-%wi=m%k{6n_fx5Z}3sQv(}fe}Foas}KsL#CSVO=k~a`%#<>W_nJ7!
zpW)N;FJJ8J?Nx(~d6Lj%k<|jPVExiOc!4-5X3#=GRNVIC<A+C`X11puqY3ZfsrX`l
zZ(b&j0SJgHCYe><`L)(y(#AdN@?AR9Qw192%^WN44hrSBwxB3@#lot<x=%%FH$Wl=
zLqop5^fXl|adI!JI8Vil)YNi7%aFP`uJke3t8fzyi^an>^T_z)v)grS9st#Zj$ecD
z1E`hAq9pEV*#xR>X&(d^X{?Iq7Q5B(61_lS@{(VVCN(W_m7EY?4pRaGvLW)DeZ?3_
zmuJ=|mda5&({W^yAnxDi^}`GNGk$y@&-1WMN5}NA`LsKq3^7;SGbrv0B4R1AK85w}
z<YOr@f@7eeGRvpCdn)pR0fh4Qy*6^MeMHECoC%syQBs2NKL6!z>h%|&POz-YM_7-z
zI2K`okD@SL(Hd|(eym<-PQa<Nz2}I8X+^g+xH}>GrXEJ+&YA-cMLRTw97UE=f^20J
z-PWQyzp!W&Gc7P$zH|QhW4$D4z*jT~$;pf);Zg|WMq8hjGZ%LnqB&AV^bknFnfD~@
zfekJA>5~;0P&Z2-DTbloNXalI{3)oStf$RGDqjXMCS4jUxD{MsnPv<Lo#`At66YOS
zqxmksneZ0rmS{OB<H_CJ5oDld*B6(3{W{!9tf2di`1m0QQ}}&R2C8gQJw;X%(+8=P
z5`)@i`O76h`HvsNp|9Y8`3#Xqx_F)kqDCZQ(|d!sCnmxR7xqK*=~^>(gMImA02DR=
z@(`~CMMU)0&*6Dr|DowSKh0H1!0&4*SUFEb-U2QH<qf4Y0-iXqHq>Fr^=aCbx2)ep
zIEKIyj2k9T-e_UW0R^|ARvFI<Ym2y~U4vz1^WVR3<Q0&{e7(J^zI~&B+QU3>-S~M6
z7{dgk>a>pDj5Ipq8ASm;#J0t_L>Vf#Jvc})Y-eW|aId7lWD0kg=o;wnKWXAbfTJrj
z5_%zOoc*=A=v-GpVzmjUAjHRjKN&{J*1px&<yBSMAA1KYTO6Om$hVSE8a%hq;M9@n
zsp;-_xxZk5=KLYPB?Mu#6;QPh{UOGxl*QD^K|@t;PInuFqXGi=(~nt>L9WD<zp!wA
z!L27x&a_VK;l<0D6Pc@Z^E+-jX2m{P^RHPCOL;<_;kFg7hJ>6Ektb~tg#qkm_(~Ll
z5KPOLzh~GT6%)DuXwz~!y_9u<eJ3>xdmbsQXh*mT-mjo=hHePV9C485jh$aUBqb+D
zF~Z5wqm=_L<_LpuQBdVF5}DOke-Szv&}d89%90XHG}yz6Es!8M%J@KJ5vEj!4n-Co
znDdJ29x&VgIYur5ZF?3u>*z?$xzorqZNFA@IU{huiQx<a50C)2TR8m<QzT45(be3#
zD?4!9pa?E}`!8B9N@4&MWA!Jn65^f$*xtuc`xBp#0xoFYWDYn8uap=n*Q|3hW=xwV
z=WF>w7zry^_$mwlqa2zPz%eFQa;zJqZ3?}vum5`ae_8+}cQ1N&H2*iYVi{EfIDCFu
z2H_5mrRQb!S`LQUBeeeau$RHVfQ6DLxK1i@(7TI~8JcOQa%A8x86U=tnAzg;7gKm<
zDQ=H7>FAEp2_tl;0KI+d7KIF>jXV*ZthltKy9=QDii>AVpYHZb4?@so?_SP64SIT7
z8h?g$2apXMgur`4z^*O$Ui@@62xZI|Otk_q#-SE8t=m2u^yPm^5U2I_p1eOouk1-#
zG87_%YsXK?PVjxD+e2g_lM`PwaP+}wY;%Di*!zxLiSkiMEh^V+cGXV8ZOwM;)&<$q
zQvl7%_xsXj1^3_-Q^$albC!W<;C!US_@`h8iq-V=bj%RW1P325ioD+2krUnZ0J@v|
z^z|>iIG1#Pd>e=|%#wn0Eq34nH<C9+_~E*t0|)g3TcG^=$$>haZ5&^8;_Q68G?Q!}
z6%p27qNWY#DTNYMTs%o5;MKzmf<GKrbIC9WQ0gt0pOt+olBu1DA!Gq)B*)UO!V1)#
zI{_Udr#kl#r72RhGFz+Cabh+vZ?2J14_`|gHEAumHo$4=k30r|N-tcxrcXcH&;*e}
z)jU6bb;L|Xx<z!P!GQ=9XrqFr7|;-}e&|@TYt@%N!iewWs^XiYCr-?zitI#=XL0#H
zd<fkW^^`=e*CII|x6nTg&rzH)Rp#ZD^6AsQ{FAbzRbZUuixyeXdje;~#O!Zt{^yT9
z!eCr^7;_40zQarAm0oOZTWMy-3i21vpN~*cVJpTz;g*X1&yIFhGunsF08|&74yYIs
zKlT{$SkN~t-v(l1JoHlQEe7@&IX`qL1Kf?V+~6fC>!t~6)vKWa@;?_&_`iJLoh}9R
zfyMMG8ieeM<#idWWc=P@HAo$RnMFc^QPm9`+JI2Nd#Hd3(8J{APv_@!@wkAGbnp!g
z4k8#-3kCGT37jS1cAO?a%1A(-=V_q>?~Ts`Yeiv24aI1BW>4fbxpqPf8NH?`erHc#
z%Z8V`<ogmL9<brPJn!^rc|sSrJFsM;+VH<!<qYQy$1Saoy}FNA6A176mfhMyy%JVS
zB}sK`A!~GD5gFom$_)w-0TP=$S%7&dIB^jJ=5>23<as?^U95`$d-#=Q|9c60^$lS_
zV&jYvNlQb{oOxoKJ<O&d9#EINdhngf`Q_`@9j&fSe)g=ZzElq{_T;uLwpI=%(V7w$
zUkn(0eY6Wxh%ZjUFGFABR628dpWeM^U04J{X*gY&6r3`}nb$0PE(CAfWwgX{3;O}5
zdTc6-du>jPiQoKg%*Htrql8G9w2NsqAJscx$7qMj%iyTF83>VpT^Nl0Szk}BGxWka
zno7iyWdst*%t_m|*D_55YXNEpiSx(7Srn!P6~n?zdSkYM?|T2tFECKpW_9eTfz*So
zg_Fa5dPu+Bk63~mV`kbeCohk(B`7p>j@x9oG@w4*1cIYkM}v_CSnh*BqZyFcVPP&9
zm3}YvkL=oc_T36U{pZ|S`CN$sHc^U}XJTh=)>O3KL5GWp)}T9V4P(U(Bn#jO)YBYu
zO18i{+i7ipO}O?dsj7M#T&T=GCm56<?x=U}EwY|`<HJNMDcE!xE8ZyICObQ@{Usmm
z#<H6(uC8dnGka1v6JNoff`>E_%MNy8H5mn{&<71VNnMaPyyTiNXEOI8LME5yE-jMX
zL^D$;3@l``z*%nI^s;PXZ}h99;-t{9i*+uopg<4=VJA;I@oTaxJiUy6)W&lM^$qS1
zd{4-E<~{^nq_#XQ=TU$Ef9E_w{}OaCA`LP37Pxhg`cH8V!!;M=zJA^3Z9<nYaP2(Z
zqR*cfn5&)y0xv9VfkYw#a%lzS3DqY5JSX2XOwzZ6icC-M35-2xoN`ZSGnz}v!M^g^
zB7La?GsD<=gyMAv<#@cHXLz!AikU=kNl<ui6n15;6UC@ZL|T%C227j=7Dx*a@sa^@
zNBEe9SXnbTw4<C~f}cwH>wsw^7ANSQ2_V?nQYRj%c4JNz5H51wbh9;2_qlem#~htN
zZ1BZCcNfW)BD3WvviebO`S*UPT~3@j#ndU|qppkzgD+lc{(?toKFv2;CQ7=Dp6IEl
zW0`(O&WNmnNCD9Tp`T%iU=0&#pT*g;dyNk2CKS-Zmq(_B?3LD~vu9s^^r#tT10a-=
z0$mx9a0`)#d0tCl^yg<oLpUcozEU-1?!0-dE$rhjA-Zw}=!97a#+z~Pc%GHTnEioY
ziQQN5UEmsUG#m-@WM+2p@?|_pd}v@~{G`O-hMo{pc&Nv((s7bDK%Lf_n<FrSf3dQ(
zWKM($)qedJg3x1LFWc_nqWhHfYMrzL0<!vD-T(LTEd~Hng8gke%S4sobb4|RMPowQ
zix=NHUNo!_pM)pwJtiOwBGnQCh2i8%**X_ti2^lLrn8vGrg_Mx?<Tg7nb6^0{n>V9
z|AG&qx(HDh8N~tL&Wn4FTJZc%)kVcIukSmVFN$)OPWF5<CH20<pnKJil<$}sE{^It
zXi=Bh`i4vQEUc0`mN2}sEj#43x9UtSiLbwt4}Lm*YU-qkJHOg&tlf9?@ZnNNZDtcN
zvi%LMh<$=XJ}zAZ28<wISVdv}$kcP)ShqhW=cbz*_d2{jY6d6<H+p19L8806{c<{+
znnbH}qez27l*G<e_;R~MewUQjMvUI`vA7h|?M$m`vh%K}+cxHln2U(!w;wlXthRRk
z+qb*u%8{2MnGuF97cH`z)s;cAf(M(HkOX<<w8+4|g^%ZnTE#MK=pzOG7FlsR?!CA%
z*tbqv$H{^)0$5<xA$7<8mPVmh*}fc50XmwcTm$2ChUx7=eufs5^~lPMHE3=z@L1nP
zc)fy+D_>30EL{{<g~0SM*HZl`6<~uYJNr>r$bBF=RKlg+vwS55D|g00xSaGVtRGwR
z*luzJjyO{Rg&>(pc0?LCie0*Topar09<<!NSx#0Kq07fNqjQjkBT1nX?X5Hb)9B5c
zSFc!+J``WuR)%x_B`Q%%?h75>AAKxUpup_8x|aNYI&aXr$HGY;ru$GYT1NN(?C3?>
z>Y@MQ=k+D2i;Ul;yLa6YNKj<a+)(=esxJ5mga9KAbL22zZ5fM4h1*Z#H(5>CV~0r=
z6*RVXU^=l{He*E!UUgfXQF-RQdBd+32P{mBpZo0>IOdTdlX~<M*6bMA0R`AkZUIVu
z7Rt_EcW4cCe6c?-+0DQA@f|56_u_2f$7J97lJNJ*N}=IP&drq`%f;%vSu~IQC+IuO
zMhyURLYYDHismQk@>Kejn5&Mn#lb=NKWO%xupnRb(9?7a-p={61T%Q<%;}RSncrjz
zw7R_f0r|Kn`WC-wBC}7R2W(|N7~>d^8bnmR_@?$C|K~QEaLnHO+zWf{otZ_``*GDn
z<!gUwG!NlHaP4P_vkC_&egoBmictVNg%+8aQM3$-c>UC+z7(R5Biq)tgWZV~-Ng>=
zqSn@x<KEM;Vme6iGkDmrtP)4Yv6#+z<oa_X#UPnluro+YE3HrLXcwlXLGc8Is5e2g
zfXI(T<LJN;SwIMG-@3<6xcIO>*xz|OWNilC5$+%J^X_@;zFW0#(f?VKB|ltSOASnY
zfuWGU`7NPgM%2QSw3@)8B?wFgYKbwl4cw{-o^$1MJ@y&{4WU+)S=(JSO%mToaBf}z
zFg81~8R>0cV}y;SD;NuHHAK5$ip0I4){jarQuG!ER#0^k{gl0#G$x*-kjCe%-nALQ
z6iRl~clZndLb>c^NDEoWa`w`+KLGV*nTpQ2>ca>A@3@MyOX4vH3qoQ9>>`5_WbY{x
zCxTn3gk*wPCct#lhqJ%#?AdiJnc{)9<7+v2tt+eC(MoKzw4BH;3oyT@(g9sW2>`7K
zT!rr{bOsSqveVKkiK;f5e>k4RcH$Ft33fvKeX_dJuxYzSO}E*O!jZM4ju6uvnzEfb
zd`EOSBNv1VbuLV{bqzfQ9*M$xB$w&*-xys$LQAy_DfH|uYMOl-1rPPy$5kFbtT3Gg
z?Fn+i1V@o^9;Nmv2UC*Uft2B1l~~HVBOb>(<bj+Uo~(_A?Co$@QVAl`O<Lj1>B15L
zo{lIe?^2ZycX8F^R09xZg3og+q|h=-Kqp323TMtNIK3Gw9%2sNvx`3<DNzbFA@QO<
zjf2jMqm!ow`SGytZT-^2a#Mzg>O#aNB*?foVQQU}XEsoEV0K4FzI=wdN4ySaF-j=V
z>ja<I8=2{4yC=Li>cC%MlcY@dEj_I=Gcu~)-3+C85hm?khhL_z_?FtG>Jn+5b3yog
z%O7lAI_Buh3c;LX^5jO&Ilu2r@pm6S^cy<))`bh4^nMVq@GFMmB;y5P8YR3fuJhv^
z6^92b_Y&P1(z#Mb)DigHs($*|V<{!_EN4mb=t59Wuw+Jo)kaKzy{zCSvJdZ8AC*Jk
zEQr3D*G1VcCb2@KnnBOXpLxBJ<%(8BpnX4%8DHXF5c3o|)}dHw$MliLmGT<SAU`kS
z`qIr@7qD-f9?k(4$4t76;DVY6SBzNOks8kg3wkydi7Sl^`Bqzd=kjG%s?vb&rGDea
zk{i(86EhmR^OmVmV8!BW1$j-)DS1(j3?f+iFB*xSJ$s^2=F2*J)ogKO`AX!G$&;5a
zTQ)Fo%A`p;e}!&>XAcSi2DH6{@O3vZ@MQdy=H&X)8w~Up9&;sZu)T*Gm>L5hu`t2R
z@wJ91F@W3819!igZq)4?WyfixS8FFpih?de@$lfWm0?E*jDZV>p8kzvOsUOu<))wZ
zyy;zlKuGUsfoFLZbQO80Jk3JfwfeEs*1t37XxSUXD$v97i{c4W#1q!GWMNZrZY6{+
z1HTvsx>e;|Ag0DDox(K72C5s!?7izuBa&TLh}?!CDa7~XO;*=^6S&{Uog_paS^x5h
zNrOPVgp)S*uerEr8(f3&fN-RzUodoIMu{VM=Y9eN&?N<~cA`X5KLK|KFTs(Gb<RLc
zwye^|U!1+YI71^p<i!9Mg@%L(t7412Q}a{-`KfJb#2gI_o)OIJe#VvJj-e_;z`0rT
zua}hP&%cIuXVxNx5U|6wcjDt+F|0%~5t7NAiEY$M4k62)s7LZ>j(YSPHZJQER02qo
zFl<V*3ZP4(#C?sZy6;DfNF*ghT(Tng3{o&iTBTrPk_W9JJsJVe-Ow-<#Dct$dU|N+
z%dN9Y4ok^t+6da5QzmY#T^%|yJ$dDV&f|9`G%zrmpZjnv2au(^g5ZZWwZMxIFDF?E
zPm8LT&Yr`0r{h8M;BSAhj^+9D?nCbhHhtWTOB>j&LAGTHoCA;xzYU|8s2z})2m=80
z+2BnJPia;VM6I%JZ}l1LmCQ0Uo2ZpUn5|)_2eYb7_&T!`;17t}SoIBzI7bQRA(Y09
zcG1^9Vk<Jth_GD|Sd^5`6O*>}9UxIbY9u!CQys^OiDq;o@o`p&s=`JzRn=<RSoEa8
z%TSGkRN^j$i;1bJkvI)rRDr#pnub;CA+S6OA*h6yoy-3(749-Z2`TKm!MB&Uj{Fr@
zC`xPiAo-y~_Y%mlspo?TA`@C^Ex84)1s@9vz<~BAKIkIadLGp<nheTyKmvTmrn3Ny
zK9ngtCue6mM5M!8P}`l?_d-_ddUf8yg$^ATp-M@bynW(m;ncAYi#x4T&rh<_JVn}A
zAG3Mjsn&BLL;8<2fk2$a=m06SyJ<$n4&-iiymBlD+Ja2Fh-6NlIa9+9GGYL>9v~0=
z3!o>CMn@ob@#{Hv*7Y5hV#oYeSP|NIZ%LVT$iFVnAFT92Cc400!sl6uBRj7jf|wv;
zZoJgzZxK7wb^u}r9zNrhb$Y)pGU>xbHn<?ACam0|j-foFL81|%yL4N6UnJ^9b~ugd
z8IS~#2tuBFEpJc=OJnH5kOwm>lOt|lxsqlTMRG!$et4m*yu3Zlp@T!Vm0-AK#Li@{
z>B$!#$P5%cxFNC5i#;_?m69K5yZPG1YC5=FJwgHK6o#1Pdsm>JU-=L>FF|R|7!z|H
zoKjfqMGw2y&4<o??D})$iFta?weoIi-#K+4h-wSMQ!O;e$HLMU)~|2<s8!TrA=nHt
z7mITNbqz23?9`pYy5#ZWQG3WLVWj(~aqu1SzYC;1OiKx=yyA7(D5K{@2q4%T5%USE
z{-<-$<h^;Lsje=pX(Uy^z1Afx7flll9C(6pXP9^VxY+u<Y#I7JVI-uvdC#qN=FuCE
zT)DE*%<K)ndfj#Ub>{5^*Guml?kYtYTkP+%wCR99au0p+n2yXlvJW@P3J>Od85Zy9
zNXqaal9lv@C^xVpEizUo&*J%vP1aUc#8VP<VWYRCC@Fg!VmU<1wAHFI9OO*+j=zx<
zM)@0?jJS(Yg%XGyn1Q-C7u&2soGzR(n73>H9Z*HYZfR<&d)-Q-$(3=ivkS^7>X!Al
zwA^JwlBIa3$gt6j2O2UmO3TQw!+(o%O&F@S?MtUPe9}hA0e3{ZjDaX|4x>9*t1hf&
zplBwKt>Umg-S-EQc-GZCtWXfiAw43D+?$In<J!fGr3Vb~esY>;2}VwpibN)5%1`<g
zUijP^J;BJDuPUJd1B3!5ls4dR8P3VgjpB5XH?_2Wp@MO-;XkHE{H57lWPAjKk2lC~
z>nnw&?=m7&rxlkVW(JkuWAOhxa;l-tI`|xTN*y;|FkT9gmHwbo{C6xW4UUL-sq>Xv
z$O$qvb2a$e$mUFBnE>NWycoJGro)wkkxT7n;+z5iu&FhEFrSGCI)x3Snj7XZ(Xwl2
z50UXpN@da))RdqQMtF#*JlOOqmYXVidS^^V;yw%<Qko1T0L2LXlDY=&tFfVCKCRi0
zP^JHixC+9mZg^U+WE^QIN550EckYh)PN&P1E4Y-m)M3!QX}fO#=TK{KaqDpu=EQ7L
z>njQh=X4>?M`t=r*Ts=(crGx`Xba}fWta%vM+*}Ax(w#B1ZhG_Nu8;><A68<1Nvt^
zU*pxD*8g-$4R>kbU;;NndR~cQlHv`K0Bjtqe|W$5hGz52KA|||k>Cm?B*Vv#t-ERS
z-x}C~y>mDOjy5nb(Wxe!8DJ)!snO{%_x!FM-@cEIo-4`Pl<gx!{Mu~Z5Bpz)*W%+&
zbFN*>o95>ydGMgt(x8ERgG0^Go+3(`Py&e0QJyk+au#}8YH^P)-3U~i#ey5BPEX%2
zsN4P$HZ==-xmgg7>W0H6@znE+?I#aS%$P$3jQ&Cv>(@mqR~p;@op>4%OFIsBot>~V
zjmZP?*3rMA?#Oe>u`uF%$rN%r5e^@!p|%~4^g9ZD1Nd68TC5He8`|1Zg~Gt|#fyh(
zz%hXfQyZ~!L<&gF3ZzifI9k|psOcjsEZWfdwS`2`XxK#Px2CyHZ6Y6G%Hfx<e!B@F
zR;hM~_=VX(B>0Mb4eTh0Rddk&G5Fr)jv4fLJfn}OG1n!!-M)GiCm<&T^cNN#>X^Yc
zE|zE>;>U7t`+o&UuB@&$v3IEXeL1E${k>Z;vt1;d>_X4mcVVd5QZ(`D<+c-iT#j7S
z6EgAr`!X$SAkE-RTGn(LlmyH6n>nW;eYmji8TBg54<hDW##Y{fg8TLvfm}H;uO{zm
zprM&39bb-q-8%#B8R(4imhnBj4y<>3^CrraJjRp#BS(8kpc|DisB}lXWRGqR4%cJj
zd0()yf8<V?RKi<`4O;_R$iPv+UAR3YD}05@CQ?hG{q0}K8pBv5SynAPdir2>w^n>P
zxJX9!#gBI1Olky|jv3R=zvRWJ#bS9Rp?eath2Bgf%ADWl%h&(@{IorgUfQ)|lA<><
z3OWr~i}ib15|`xC!>gWu>n+$YP<|xIuG`m7W)a($<hr-p8i|vtdYLR+T~CAAbxYXE
z*ss}xI-<8Oqy&RvEM2x^yq+W0;Mn2o60=EuOf-OZsj1CjucY((RGg=}wsd6P1m$4J
z)nXroS<(;4ZNH=@EXfWO&lz)KOkIl$Xb#Chst`LUF}GrB9AI;OdkW(g!q%Z0euvwK
zk%HR4Yj>oI>RLvZg$;(0RSSQDL^QMY7aL+@c2vx>+K0x8r{j|TG8wKH+xQ6Cz&0n}
zL^QC^+rNr;+&&PN9i%jignp<#-yyhZenP_FhBcy)%u9LSTzWUI={8ZORTcP#@|Df+
zj=Vc~4WZ^qbW><qpIYLWVUugEhI-`ibE{qn{bKuk3AYr9W+a?OB%az=rY-L7vxO2$
z-olNqD}8`|r|4-&rj3<zBTkz5NXV2?2n;}ywdRo3Xd2%g?`|whZ2~EXyD@0<Xg46N
zu7Oke<+qn-NIzA00BlVVA(#8rQ}QLBa{-|XC^nePn$&$u7p_ASNY|h2o|Vpa1450?
zv}rQJZM~OnUiZA8!nCDdqCRt-Ip9r|fvejSnvTw{TPF22LG13ytUQe9kX%Q0u;6E=
z&i43ETw0DKTsZU#qZruyGJ)5CbcGo?3ZIb6XTAh_bXalEgn4C2yP9^1j@!|QDBK5$
z8=#E2#Boh^DRs5*mWp`Iyb9@J_{8Z`r~cu)Htn3_IQ~rNQ{EfD>mT*fnc_!~Jb-wm
zHlYky`*h!smI&v8gC?x2uBezDz=lV@xO*jA!4>G2u+LCS15DXK!IIi|(yezsRqIVR
z9c{#VPUfO@yH&jTyu79f_m_Wdo0*Pym>B@8ee>o?{P4NeWVX6_{9|tUg#4;qkF-y$
zNta>~jY1uLOf^ZLL0d2*zzwDV7vZw1Y3bt91UxKl000NYy2X7Yk-Dxo&B80{H+%ck
zh2zOKf}(%v-cJ~ZXllwN8U;VMvTVy?Xb<x3P(2GVK1SR2i_-c1`}g4dba<2b7Q=Dk
z+IV1pK1mb#-oX#1O$Aq3zJcgdri=;*puuIYg8eb7E9!UYGLD~z-n4)?2PRK7CQlx;
zYD@iD39l_l=)$f6+cM%@ZF8NP0ECt+jaYzEB5I6}QRG~mIXPYGi>#@f!%Rjt#?etE
z6+i7Qv0z{mu3d_vxrX{nB`9B>t+{EP=)ov)<M(&|vcjM{_qRT4h!WK&O?6t}@Pz^W
zdiDClN^I$pIA4l}@#c??%NCo}JmHlP7NrZ($>ZJd`~$AT*zXKNY+|(!hmOe_6WXmM
zoGz8r)~aiCP#uvle<eN}sxx}LnwqVhUH+TPLuR}}Q^Q_WPbrpF1Al4qI9XS{dv_lR
ziD~Q+6qZHwl{Y@UnG}~l$b~dTi}LYY4{8QuGs+^u&+gs-(8ArgLBIrHQ1QhKtOY)S
zqMbekZqa09|C^Ke5%=-yv}#3KBvw0%A+dYVpH?l%r)X{2dEjNf^-#w|+`!pfC{@OA
zH`;B#_20cZEH`e%+iHcCu3M3$lHp}D(1<lfsuXTd@6rte08-F-2a)yspY!wRg;w%V
z4@s+BI-?*;>`^2UfB9!4Eg`*GesNRa7p4OFjRv^P_{!;ohw+lSar^f3rx)^vlO-r9
zr%iMNq2&^dh!qq&h|^L9S1e!^>jJA#P5K)03(AK8mTk&*0C`ZP6NW1~HoZ$q1T4$H
zTuEGyG&<5ySJ#B~2k{*GjI{vH^k_&<e;z3pZ0%6CYo5|&do~nS<GJg?zE|mddnXue
zRAilI(RY$s^gO-1h{gAIUP!2+P}Xs&Q=Hfi_lK<inX?uTn2^G!;rDqE7pInnmIFT%
z7Lm0ouX{K{j7Ma^RDRc%#m5+9ZfOx#rt%Au>~T;Gb=oZQh)ud_SDl3Faxp+T$yF9}
zw=$lB^?w>f%jg1(=AK)z0pec(I<+*6FKg*y62|8rsNgLUB}@Vq!rEqMe*lJJoR@*)
zMWgr)K(z87bC(4QO8qy#GZ@b_meNoLQ;xa*NL#UZF?0jeD!<VeE+K_x@!9cS6y!6{
z18vDuoq?3De0SJ=0nE@ISQo2S;u!oijstbYQB`c^F}-Sb-LcOYSiB!%iDTw0TsQ%x
z2ZjBsTyEDHDX0EJypogDWsto-Qy(a=Whb>RxM4MY7}vfobY-vGa3bZI{nbNnUb`k(
zYH`d_x-2-`xnC9y9fBsRos_J*NFUzOm|%j!m=jkaA9REdSLj-y!5wH#r);Ah0*ePC
zoZI2Ede{ePkE2_;Ctc57>;f)EXDqL`XMmC+Rgza!7m<gdqpPAfnt5P1Yikt)yH{Zo
z;jaOV$#qayQ?#@|^%am#0OHTTng^aU6?~_M7j{vvN*t*TptBk3__*`#5Xn06BzGk0
zGJd<*BD+bgYf^S8pu)<*-9=49Xyrg9{4;Hg3=I{%+2*T-jrJzB?xL!-w4cZ|@uv99
zhz@vnBAGqk>kJ7G@Hh(GgAtzux3-Tsld%&}3Hpt88tHr*rD)^ZJB~#IJv#nkz5TU4
zri;#m0P<4NC8=q#c;^y93&8`LI7R`G6hWTDQ3#UiuEXE<5{ZfzQtuEs4UCP9DtYpZ
z!O(BOvoJo2R0YEKV%|4OSYVI*jO=4woeeq2?6P?aH_Ia9B0yHM#hO*CDE08Y;g@*)
zCabq7=lZGe@EzKxDb=h4hgQG2{1Vs*Uj`nbv;ny#q-nwy@`ndc{sAXMBoceP^XpN>
zO$2&EBTXC7H5~_dgXAn!zn8WEsqq}p2&WBeJ1iAWbq|igOrSv(F&g$Eq*{he<!8(Z
zF4RFVxGFWBAGHhjACXAau4c}4rj6jCbx?AMa?K@v=znZa1B>TZ&0l#{T#0FS@-C@-
z-_;Q`fzuw7jWtf0aEy7G{Bdy&n~WeT{=X)eU=b*U=IW?G9=h{GXa>bEz;5;z!lLc#
za34J-!Ni8j{aAG=m+8z$J^(%Q6J!{Gm7Bf_-?Hv8v5jj?QwX%i4#s!4*G$=DOSI@%
z%mSQ|A@OT#F`}+d!?xJNLv-s9ZDk<_{6NJmq1|J~R=s5@=dH_^|DjX*`yuQ6j~qc`
znAVqCvi!Vbch(N!V@hv$Kxz*Lltm;B*B)LIx0f1vFJj3B@qoNh?@VuOdREu(^Ps{p
ziynJsLA!pZ2P!Hm8Xz(IV?3W!)QaLK>e)b@ZxY$t`L0VDTB7h6+P{A^!aVz5+Qfb|
z;xrmOp*MC9h{Y=2j7IH+ed3e1x=w{;0^b1YyKS!g_RjgAwB>UC&%@a{_CVO~CBk<<
z1h-Tkq1O`#t`@?aw7~$04TL-{-{YmxG;o6Kn*ky;k4;Gvfmn&X%u_)c$ubs*f6e>p
zs5Z!A>T6<eoj)&9VwB~}_wR>mN>_K^yduXH*}-$v8GG-s7f7Ty+kWz1Ixb9u;E43a
zqwwU!KjWW&F!}sd`*|<7?2V}uZx`p*RtNP^|F-S;anlN_c+>d0cyZPX!Q}S+x}r48
zS3rl)%`*|6-Inr<U_K_OHw1!h`bMtES%v=nchU@Z>DEKh8#D_I0|+isDM)9QcuuI1
zClsAax@t1%)T{sHqESUool;$4{F@{`REZD*m&t#+I>zvtx&GIRA3uJSm#fx{<9FHR
z#5rT4fc@L@({|bI-`_@kT+GU0%GAFGqqtkn)zKG;>=gPQjAY?0Tt<-*j1TUAWGqGR
zd+Gb(ey%TzK5@e0Fy9e?Y8fCe@VknN3O3XQ_Kg%(xCTNbQIA&C)NEycLXB7#(fRS*
zVr*;<rj%^`6m3fq>SJJRYT8%n?Z=*9g(a_iDJpRC|EsST@L#eTz!+a(RfrELJ~X_g
zz?D4C4OwqKFSTL^fG{~{)Yz7eWwx|CQ8VuKEVtXdId-$3z<O*=w~9hq&Qqj#K%oGd
zJ$T^2*$LltM~+N;^-8kijgutl4nGFYwz4%*0y{K6Lrv!C78fXabDIt}ofI|*yy;*_
z-*|JZAxjYY4T?N}KIiNok!YGO_9dXTbc}9Xm6B&Z!ku+2>AL*kypv%HgVJ8VK4Pd$
zEWa5upC&-_X~Z%!GlMsUAHWPtP9;VAG#$#DTOYjb+&f?I<ZKlrq5Q<uMsSwu&yR&>
z@OFg4U{O*Tu~vYA3|XTjIea>z>SlTssyBM7=ff-ndQP{JSVc!pIw$%PVT#9Z8I5`Q
zV)o@ktt8$;v^hFC4U$Qz*a7CpV2Zm-c-NEv*47@Cx^eezXtli`?BVzc6N=maJUAJ&
z@X}WP@rgxp*SW9zh-Ri*MeW+POUi%=!P14xAQGg64G0;=+oz5DgbwN6tW?rQtd+vU
zwd$dJzr7jZodZqX^szAd?v}697Z@3B%sH>WH6qr!|J9IEmD_jZ^L)K^Wc-|KYrJdR
zQw^`?0g;TjzgGK)#LS_8nwk(jFnr?-%!?)+*a8fuVyMKM;$nCBBcK&CI^*SMt;nR$
z&JG`cg?T4@7Es!%hrTRv6kDg|nQpAUKruXMp_r&{XZQ?vH{e7c1AH!9hW#9THRTxt
zD!0}>X}-FrVQO`r+os!kk3`pejx_qaNoUw-8XU^B0eYEd<LhYBYvvlPU8o=7fETS<
zGt}WyuHC*B7tiWAV@Xqg(DwId(5-!~P11Xd&a-ff*1S%(P9^4-AF;=jz8`GHP#nbG
z*WiNjzIH38m0>VafH_Ex`s#Q!Px9C=C#o9Us*F9(t)jGb1eE2<(LO)#oDYFSSpR6(
zrU-{UxSvqYDZ9_B4)Pf*6om$ai>Cg*seVKOQ#h!C_wNTOJpi00O*49RDA~f;Nt&M}
zeu1hO_P2M!q&_0iYM++k!f(P&2`&)Q)#yHbj_~gf`ufIhZ6MdEc*D=4;^A4dn3o{3
z{Lb1{ix(?pj_c5wW&mUjOU@O7WPI`jnxU(M4U`A<ET$Es1{_AOLdr%odMJ?<L=S0X
z$T?$9++b9JfU5BNi$Cjg7vL{=azw+JV!B2c7hvgLL)ydxH*Fe;5C_Iv3m4f%qkwTk
zMlQhBx1<k$4%((`XT3<+2{?L`eMm_si6=f%EYcMgql27*HUdO4+K(SVSZE%TTLRt$
zLj*#Kal(%{lairJ6m{3g9buEs;Nin3n93O{4<5fST55)L5hH9*#aC?+B?Te{nKC(o
ztC7I9qcW%16s#hTnR|yRpzb^i08G7@SiC@;c7&9YU+W(?xa{)+m^RZh)A(WC_6q8@
z15W}n`WoyrXneG_(4Bony(7dro(P5VN-!q#It`^ZO(Ww8qiy^<<5B%=Co|=iiscKG
zTdNFOtv#0iccba*Xf`i0ZpjiQIXRZHW&hq*IDJcf$BaX3AD?Wn-xL|M>*2fhjwdWa
zocDq^Cwy>fah`$GYhz{S*Inzzu7+qhc8vQW;}98U{f}i?8_>inIClsjG_6!IT5?Pv
z2P9iam4R`tk-M2$RJ6|Ayp68OU=Yqbvm$eSC5Idf3tLH=J$~E<t@njRC{nz;<0}nM
zPRF4$X3XJC_Iz(N4cB5M5`|)q-neX200L29v;&X68nYOKDsp?1G8R1dEK>~cXotQW
zudY5aBojePWuaU`<Zx;0rXDT~xK_Qt9Rb~l5{43&WF){3D8NvVjZ?&zj`z8KeFp{O
zN)IYl`o<sHeek^yzW`N?6dDs^0sJ!=DOmhF<n@xjnF*&^7)Dn|IPBI#GO3&4Hj`5O
zKlc~RpU?PqKydKlE$N$O;_bFi_D@>q?Qomqa`oD^jK}W{k|0!#7tsu{My>HT4@=sB
zW{r!nR{aB#P~M}-$R)2<`AuCO5~gqxTOKqqQHfE#ef_Ne@vFY)9q^8bMiL~bA+GUz
zB762L+6w^@U$dsA_0LY27S@KTTb>(Pc~&ZA%JTljV-7{9I25*r<lm%9-)v|1WrEM|
zm&$wRmaGW~)IM`ud%peF73z*UhbCDT?paoy_ck{d^Ena%zuHHPT?|GkDte5K&t7d4
zkP*}WtnK`vN9H#v8`~T)95y`m(lYCRE_8fu`d(QHvN&=_r2$!X+Fj7diPmWh&BF8G
zvc-zplVjoR%q0qmy!KM&l8xG3+}+)+5`sSNrbMA(P0-mRSa^8nK%vx~#I(;lh!N>V
zR7Cxic2&F>sEfOTKK`OCi@J90(8~&r$$sK>!cVP9leVm>Iou|JS4Uu+)YuVLlIstC
zWpYZYSzr|ePh#qDdX4G|HsDGbfXTVcWV-Ieyo#IV?kzP_iauf74DOM>xBP=y&0#(H
zu9Glj@|G$p_Wu-?S|AfmA4~h?u(f8)j@(lFLEB!&jQz3NIx;{)_eDuJ=uR0H)XG;U
z)x)2OD{-hA8g{6Mu0h~=>(;)i9Hn~O5gTj9m>wJmUx~l{k|kbG?5{fwEU@f#-CWur
zVfKXe6Vlp>x8dOHtG(vw{_wE929oP*Uc^b1R@W8Ab_`hcSmH<M?8akjFZ}<%FP`rh
zhcedNM1?OhI~S878@xqLH~ZvdxzM`VK^by>y3_6FZrQSe9pn*45hx?4{WCd2cyvJa
zR>e0NN13?g1DjWsyqo$~MJc`Q0jLu&*zED)ZaP0+d|++qK`AyFeAyAdYnp<RfYJ{2
z=re#?q`P|PW1CEwaU}#a*2wf9tmFoh{C!N_6yu_KezGYaN^-yL(meIbdCvvv2ytAI
z$lm_u50;yozaFfZP&^IH!oWBqFx4ftY1^5X6-c-gy`j$QKY2TFmAY>P*!8h}ImIv;
z<ZAWDanA;iuiUulx>JSuzXGRxCq{~<O>s0(HRV;Yd&l@uqmVWcT1nOUYw%us^X}bq
zx7h<j!eVY_^!*o<0Bqp*0K54yH;oN8uV9+7@4=M9j6(nI9dQvdE~dVC7vAV=&@^dB
zYC%cwV)xhwdk6pT(SI5g8<w=s(8<h7Ju1dLKB-1A%X{m;%euRTC-mO>)pq>G&YPjO
zqWa@9<t?fWP4`BSa}2gD>ryx0^kcVL=k8}95@4OP*boTGbNKLgxQVd-tjkgIrtota
zO6@3Ru(e6ke-=#J-R^7Fg7ts_gk-XC;LGE=y@r~}Jihyd?vk9}N;5>d1n^+R`d%QZ
z$(Ja@oIBe0+poy4lpSZ;_aLn2T-|#S#FhKZ;}a%uE@|2px@^gkvi+Ghn$XQwxDYTu
z_`1tY1KKUaJL0kF=@uWNET+6T96izRri#Xz>Tb_gu3p_x>xvIe?wgI$_w6Q5@ekW_
zq>pX$%OkP<lJ5Gal-vR!e|v2)bsLQZE=_)D(Q_kv8jND_Yt$$^TH&Q*mX*HbtXmG2
zZ*MGgXeyG`X$34!UxzI9dfO(8DK;`Yp`%N-Qu{pnn%AzU^y5})aY@{Rjsdp6)q{fE
zR@qF*)EWMCywR&Ur%i7xn{WS9)ygzKc3sTng(1!tYFckS_mj4*@h%@deeUhW5rO@p
ztkt}6Ei)k<Ha-2^wZ6~WH<N|#9>FejHTp`b*su_bZW^SThRIe68b4-<tBOCq7VuCT
zy(y7m+8L(K7ja03E?T=bK<e39=RgJjPl@j5k}W==#eP{qM*2p?b-Aalqu`wbPs@Om
z&xbq8);MvIN5CswCs?Eu6c!2==VQkL+fe&Rtr+qZR~gi$)M!FY*D`g6qM}IJH+IXw
z?UP4tmpM=n>-0rE*niN@Xra7wXXctnNY?|*4D|y{IK?7KRDBy&3b=cWQ;^a`vO(RF
z|3})NN9DM`;s5Y$N{Ag{XGlsyilm}JB~y~L6VX6IvrLsJl`TWNl8_R~R0#<UG#6qU
zQdB4ul87W@rQ!FwvOnMTtY>|nwVr1^_aC1RTiy3{U)THnKF{+wj`KKoP0#&$aoLU+
zrY4F9lY2E5T4~7k`PApxr5k_B9x=h-@AbM@BW79|<tbl@bX%hM+QWR^vQtq9CBr6F
z`bvz>wp{nVba2PT*?O+Iy@G6X<hI)1)KWNDCL9`rA265zS|~O3(2ZA2Da0Aji!q_u
zacaphLsJ|l_5|fhEu?}X#v^yXp;I|R)1xG?k5umML8x4TH$O)rdSYK<GEq?9K*}Q@
zcquDEm70pcN%H+P#*{Ea!Xqw7(eTxB`=(XptrYRk&nv`Ti2(zKMgdU;0wA%S_FEJN
z9Z`2SN1RkWc>_!u`XX2UVkk%h#81NIzih<cuxY@h2M#H4EL0REnWV`<4ey#R_k1?%
z%`F9a2Wyi1BS$7Q%?W<4OqIug^PMzLQ!#_faC%8g%w<NykD-zGLig@n20Z)I``W|<
zbN7s8-c5h6lWMz@|8yPl-~By^9i*S1-um6tg*E*pt0o739BVy?McRMCV8=l_=KZ;D
zx|n2wWuaaXXKd9i(r<gqJAQe^(P2Uu9XIILev_`l!fblg#)o_QkMIHpW_!~T4RAq5
z1<{HHQBCAQ+}}*^SM;6LHXq5F$^Bop05PyMEHtEs<lM{Xd_b%<JXF)E<OE&T_8WfP
z9u{Bv9tdx!<FQu+a^DLXbaf~Pm?ngc)KX)NDY(V8Yu-?G;wO2muY#p@yp&^1JE`>S
z?Fm~SxxGQomnz%<aRC{=rhTmncxWzBy-*F;d{oCmc%L!_-9>hG8^xoA(h%9qmsE({
z!Di{5Jao`1H?n;1^$&(=xC}OY2U)-)q@+YpobPV?Hs{y*xL>wg8+);K=IG8^6(mI3
zFKdq;KhAKGz?ebf+~>+2o%7~YVTE${Cx5-M>euaOR`(J=AYigFc$C@=)6oJlo<O0o
zDE8@u_{R?x3-=}I<E3lWj>lGUD;PKcUfu6w;kCcL7OUipB^esiG5v;0gAh~Uv$PD~
zv2>|iLH483E#M#1*naW)ueIShXFjXk;;=D3Ha0zdVqN+MkB613MN@o))Tq2Xbl<*<
zApJ!}wpZ2!kx`N&XB_x-Va~0+Haf4irl&sK8+`b8&<$$-B}*Q_+)>b@J-c=VNhyyM
zfZ;vOX%i#wQQ3HG+C)A(xNjj1c{~c=+uff2@yyrz_N2N^8Capd4w-r(IT>9jxX3sj
zHV6#*Bc}6yy#<$+gw_qb4jrzC_6wXUkofyg8#{I_1UTg9_2bnVWbL4opGRp?MKYj?
zkt~!fsH^&#^zg|X-uP~_@3c8&?ZMJJLt_J<r8-MJ-Z$gWePoU_E6`O8`t0kIPuCH&
z3pgYMCTIm_XU$iu{Z5-FdK+MQfE1U(V04D#g@?pNU?k$6B1(u9e0l8^vsI{M<fl0-
zIKR^|I8;woMh2L`N!bAm{AOsyBi}&(ee%=#HAxNhPqOY#BGquyAq4~bOY5tF&Hi2U
zg{6fwwCq7edi~SC*6i7}9Q%Zov3y)$-oz_6<R4#b&NU@%M{h!G1*i4Rk*;>{+jMNX
z+^5n@Ug0u5_a%Fcz4-V39Cx1|u@Yi8?%i7e?EKeX8`)_DSQ=HIS|CETnbNveF6YdC
zmB)iNYEO_`;I`Sa>e0hp&9_DNKh8;4En?Wy7WCanLkOZH{wtPv*n_57Em#@&qqA{H
zOXsDrNtK;Ol0nb*jkqCt=S{;Y&A=#A;$r^w=W8%x6)pRsOlL-mb)W}g8)b+6xqg<(
zQG}9+3H;kzm%QHG5x2du=rudl&F%RkjRhjnM%<g_10m2Q2M@NOG4uKJwpTZLgKqw~
zpTfu}`mLzS(UuM}PRW_HGFKN48l!rZ71_<bCuhdZfEaLN{U8wS*!i{FiPZ-mcl0J1
z5$&BQFK>_N{CcqYM*Ew8Sy-IGNzMN9XQ5nW{O0N>eYRL#T8_RPrdiPDf~_KgME-=a
zSj;Y0M=>8mk+zD^xA6Mz{rfjB_I7m)iQ>!Rd?DBXSX%x>*hNnV1AFLMU9jeD-lV6>
zqP9)sBDDHqN1{l{1z-2(jpCx?$_;07Pve;eN|D?9n9<>XXPk_UmHpv1Nb_iW`y;Sk
zJAvF?tiuqNpxF%KAR8YSZX^h;yyoif#j8=%{uiVkF&28kWZ^<ucAVYZlpD&<^wI1m
z$~%SF0PZmS#w!-F>XG}Lj}XJo<G$OXJs6Rv657~p+#sBjHgJl2D{d%I70K*=v)-tO
z$f!iHmQ1o9*Pwi6HG-bzd<jwSqrC!FE`WU&7#PKav>tGKz%-$7h#zNSo+S7G5h(I7
zg$EIk#+O-Co}lFh;<O1X+h(d`LpWPrOGjr+AUY^j3=rBT?BnNV3nCR>2G@Zn*kaev
zN5X?p$<e-Y`{qrMiZ^w2o#apAC)v_~>1N{xJ3E4A=1Kgg;4`>RssMYq0w<67cui*f
zpbWzh55SZc$f@GNVHn~|OOJ0*?<RU_DQq`h0Saizq5c+|n(i}>gM46UOm8{dfoHfs
zpRPO_)79DX3&9`GIb)eQS?srZQ8eEw-R%fExZpzEwWX#@czb(aOG%kZ0BOqTCdyCl
z_utP2fpGX^KQ{~uvgDQeU_yK=67MPznifu97!IR}vp}`y{7+?kfMFWB7;ljzq06OK
zW#A-1MGuqYX^PCRo-H4WXwquFa5a7Z`;<G-x>~yowKlvI{rG~n0O<v~%bL)wzkc9h
zdYU{#eNazPz)ERBj?QazH&|Kn4MDK6ehr0pI~FJ;Zd-34W$PK{*-I3l8Svi&>CVHY
zY5C5YO&q{HckolX@nF0cGprIds!z>C-N!t;%Kx<v><=L}g3<z52<lIYO~|Rd_8(XX
zfFQkugCi^|2~hRRKgIrg20h^_+PGDmM=**0ZB6q`Oca0pyYYWofDonu!<h17jk1^B
zVDJT${{Os#fe%MM&Dm>Vn~>bnZSTc2KN=FJZ^RJv)Ujj7@aH4=!s4HaQDjS9f9Yo_
zYDQCtx(Cd@c{%f}1miB9ej-0FPDFA7l?fA8rBvXo1t?4hE6~`}ROf?y3(!u(cRs!m
zfZ6}9nLebO=-pr#rI-5nCjq6OiRmTMkAws^*6Ahkn+pzeoZw3D80i?z>HGFQK!Jh8
z#sg^y<1A*+nIjh{=;WB6z&J+vaDGhTng^WJyGtUG`I=R$ns!EtbDspVpO<16!_f8-
zx{rLyixCcFl?>teW4QV|!T@wB0TE{B#tpX7bkujOQcutC2+tVhhed#`d>^(BFhbCM
zc8_154dL*PY`lq=Dn6oM6}mR3PxpRwW<Kc+2qGE<A{e(VT6gOelJKE->@N$tQU`~n
zHZ~@wA2Ls~`uTI^7jJkNPkPn;ZsfYTWchN;O+LasA%-JGlaWgWv>G^OE^-|O`pD=f
zp%n4nfP|9N7IzgSK$3<q9t^iWU{wzj7d&QThK+NbaA_D1(%bz41uq`dsOR;ZN=65k
zkaghU03Tb9{+O6btNf!>z<EM9Ia1q>mhK{hJ^$O|PQQ~jmLsz98X3>T%uE=V<;|%Q
zVjK(<kR#x<tF_Sizq{0>mf}+%64BQ`zqV@q`pFZ2#oibfE}+9xri9<C9WYGoP1f4p
zB9V-2NIB#nt8^%-d+zm!ci?CEulR;SS(CqWBDc9Gb`u%g?)~3Fze)S7j;7|}<SF<}
zJiWBa{0?uU{l6pZr9RzU*jW&2o~brK_@V)89*(&FEWVmSWspE$|JNlUE(bM(E@&;t
zyrbh5q;yT=?o(Tvn%?U0`}rvbW380|xWp6u#vUFIC1p$u;Yv>|rtu*xD5&Dns##EK
ztcUj=t>mph7%H2t3-(aLdL(!=u`o!Ihz87fB{lVCcUn$XbYX-mSF9MY$cuy1>u=ZH
z0#jJh#G~5r$4Z)abD2zGc$W9#cH*3JbE01mn*zBJhdom4TC9}0AaJqKfsptClGh((
zp||*Bn3@8e!l;}pDl)*yjN^>GlepBWLa$oMFcjJF_|!<;me*NG_ohvYd^)L1rDNoV
zavE!>ap~9<N=}wJWRy*=&uq^LvQ=%)>ce*#7Ie5fZ?ACk;?fs1cK@6*utPr`^(R;n
zM<B1Yoyci0c8Df~g)}}%u7+oU%*yh3FYnNuWPlkf4{3H|(834IxzT|{M`!xAZwo9T
zwFXkaz)RAQ3|?HYJq2`RQH{5Ogo_ab)JDSiY+wO~I32umQ*augC<H%3KWrQ_Sw#gN
zQ75?2P`t^s9M?ve)`QZqF)^Vrug@~v6%E%j<ghEVy=R6XaK_kWTsnrLQ&9sw?GUt*
zP1HzF=MT~28V7ohJDU0${RoH1SU+E2NY|R){fEzXTkre}_3SX6<Xs(>o~!*w3>&s<
z&mO57xP!W)qx0Mv%g;YSm%O)uhy+s$$6f1+*?0xlH6@p3bExp<1sss97)f(WOJ-<w
zn{vFs4v)cs&#YTJ(I9TGdmv+<1w#-MBXc<iq0y8n1O4aIrRAaBdOUA?s%9>A7AC@T
zPxtZFbw*m-cqtQL{;4c@C$d|)Ti6E0;FD5dXE*tXi6Z@aud&^m7t%>=gz#9Vyp(&u
z<)Wi{?9Ng6>4lEHFaL@3CUh=OuAXr?3~UAJK&L>qGFJjU==t-wruOkYKb9MPB|Y8Y
z@-jXW)dV&IPVVlv7<+BHFFbtUkJxOKqk{MZ4O*Kj8@WN)rZEGL7IjbtvJc@Lb{6FK
z#a!H&ddl^&vV9u~2F;0qGI{p%_AlGz?BGBxJwIgf`0@F!LnL+?o_y#;^y?n>ohOZD
z!ll-3O^2qb^#3A^b>8sGFmQi%wr*ph#K*m{tlF^TAN$#&=H@Q%)r|;>pI2FWV?`+*
zLK`L#Ofj8lklVw&Kkk$~5XSW$*7w@hcYVS`r|va`Y~b`gF~M)wt$*)CfwkB!bmoOo
zQvfJ`Wnb#l_0B?;o$pPEr>Q1)?nm8>d~XV|l`B`GntehNt*n|$<%S-&c>!YJ7kix$
z_gxYq9u9+J(vLF!xvle9Z0zJqIdRq9i8Hr;ZXY<RGo^j0`LbpIX5~_8JndY=$KtTe
zfK?JqWJd^vL%DJ}u`z-4KwRPLepH^g^eI*}{K(<lJSrdW@AVP+R~1gdk-&%(9`=QV
z@Ze}Yqa%x9gtsUC9mR}Ma*WGH7rY`OBN@Tr;@rriG4NH8*1|(J;KnPAfSLTj!r|ZP
z(o#IgbYFUP(Qdfg`@(cz);v-Ao)W!#SPS?)r9(h@Y_sP!Rva#K<ow;g7Ceaga(qpX
z6H^g-kYPz~D$?v2)H!hGG1u!`x953(wEn{~Vl`(VyWZNu0(bGL<P;>L2xKuWAy$2v
zgDD?^haAK^bXD=}wtamYYB5NRE9^m1=GTogf%pvmMUNX5r=l2~C=QaV{W+*gIuoc{
zZ{C;?h{$3w9THGWya0k2g7<tcofog08?IJ+czOym1lFx<2ku0J#kIOuraB|Q@C|3i
zI!_q4nfciKnwxK<U;DpLr-AdOBSRAfT@filEvH0nZN%Zj_5w8B-PMvKiK7eAFyB4h
z!*=}SzPq|F8cufjSTK~w8;pVGAt6*<qg3q-7#9rgpMO60a#j;r9|$6jEPpJb!B%@X
z#n1lX*xwyF5~MG-Ka&1gq(|SseH$qwL!$?K(E;~4JG+uc?K@!0yWf65tQb9$?g2rj
zuj6%rW-(OGyd^g}|5@HZLnNXEXxf}O$nf27DM%!Q-|j)@(&t&1D?VbVi$0ljiq2E4
z9w+JR%lbqU(gFqu{g1!9`zSNRQa8ift{io2ORtx`DREoqHAN?eS(gjkgQMd#4myM%
zw1_Uy(I9$N7jijV1y55Dz69(O3D0joU8tmBTYY>MMX8=7pgl4rQ0H&?2^K*$AuaKT
zNTkqRxYt=aoUjyoaWTE#DdV8xPxFMcW4EsEuRI<A_VFJdriq_qkI=0&XWqO8)25JS
zNDB@5)iS|_^5I4_Q_vKAqDIg#YNk#Qy}S*J^_9f)^YtNe-zax^O^9a`$n+7=6LIj8
z($dAWJnw7dgCCi83wS`q!-S8Zt791{1xsXwbi$zbtf4YO$fpa^P@Mj~wnnmS=)c#K
z8QugU;=PlAN^teF*+dXO2``errQp?uGcm$1-QlE!@N>h7%usO8YxY#9aBV{mx67oN
z4tzo*1=*|wezfb<JYczaF=p5J`%dmsdKnpzce}YEF;p_7YuU1SRtA%R?boac+(Whi
z6QgqyA10_v){2X(tG`_?*D!@^2zVnyVW_W9R%ufS&o9~^z`BAL`w8L?M1>xNySmH=
z-xU5fYVHMFXaLS5XlYIaf2Ui#&p_dQ0$KDB=H94ONw&kiCh=Yh0#QspD}IvHjGe(A
zS=9h6N73mWl`j}8F;As#o<l$G^$_m05qZLGb}kZs#s9t*O&GKc33<*tbSWTDnEU%+
zP#t*HOAw<2+ju9$mA>cJLN)5Et>RgqeK|}EMKBYm5N*)mH1qVsGckOGsE?6}$!zid
z!_<1p9XfuTv17YpZGhm*A3eH0MrbBM+S|64J^0T*#`w)N&bZ9)R7%h#HhMl{M7}Np
zgGeuV;fvM4EDH(2y3wQ{$SaolklNYW$~11ZTtV_n3FxMob?#hWp~Wm<HVkEef>87k
zxhZ)cnX<S7)@1v(4AOc3k0erI?}mRQ*^dHAlb=Xe5Y4z0P`n>EMKpS#p!_+Y?(xp7
z>c((BJuefmmWewb8$oYhHdrXpbGJ)nq0rKS3os}gSOx9D4Ox!V8Zjc_#vTytYy_?0
z==o?ic_qcvLr~Em1ZBdHSN;5#@<dzi{}lK9$jgp_EC*!)brHU@vc5h6ZDr+h)_PZ_
z&lvRJA^3P;7*67h3=h<U`R;ITIY=V60$`zvAUhzX<$((=@){aTGPM>M`}*nz&8F$}
zFP+s2g1}EuD9INrA1n%x1pepj$MJoHK<UW-pjmMAasiH!!sb{;!^Hx%8|DZcG@CY2
z9~}Vv*|tr4=u7Ox><jyD+47S{B#ux3C_M&f&?U&XdsJj2kJS&zt56`ZZ(LmJU%!@D
zcsoxq9Ub_jNLPrjCar$U7gOW!DRQW06qV3H$(qHodR#*Yx$!J=<A7LUFdaQSgeF>y
zPM$sc6hRl%P3{y!KISTpR<xffMY!N)3;>%_@sSm~V4|ZOCB4-WLHjygM~CEQQ-%#h
z;HwRRH<9%?54sZ1`H3M-UqgiJedWGkKSJMJm$dSonfAX;vLYD+*bBN?pzgQE_B1;E
zkP82EB&THU(Ysyq%Le-FA00Hib!LWNZ}N6vLzHNL7#dL(>gZT|o7^sW#L4X^hR_5-
zBQjc_7M2R|DS7C}S~6zAXo8BhrYXCtZVK8-Z@AHYAbF(n=JcJX-{BA@t9MP_jfq=Q
za`IKi+r;&=3^ao*$<EFutI}D`vM?w5+c`S!$xH2;qomfM#_!>EHEjhX$lTME{~y-^
z;!^+6fwd9{VYLv#_w^?PD9lA`r=XyquAaK?Ai;FF+?n|Jx9IFBI8K@o-qLY6;U>u~
z76epsw4^IG{drU83sxon|44Zvs+;9G4}}hywL#f;r(u}~y~z2-mQZN_qfyJTO8V7;
zKU*&TyF}{XzekY0nnbDYFilvTSVoF~mnA)KcIOHCb8HrOiEm8)U$i>COpCjJuF2W{
z3m>Guzp^+c2phDM_($G&wf|1r?Y}UGB0xW_=5!$d(yV_8H}tUiEPCzflSBraNQgM<
z4jnso|Cu+cYKp4x(#))^F@b;<G#y4T$dZi)GmaL>!2v~OPg8TSRm?GJYYU&auV0^h
z@nQ!>j9f5Q;^fLW_{=vkxsaF$R70j7Z#EvJ;d*z(tQ5Z&*<iSLt^pjGO2aYs8^}X<
z_VV7k6&oD>of%x5vIMjNa#Sj_d@&MSM@cPjdF);-2_jYyJlC)5La|jnY#%t;wmD1Q
zGAT|aJ~=roZ?M)u@Mx|dZ6<F;uMDkh3=y13LWUM;OZrWXLMsf9E{DAZU*_~g;Uej{
zU>_14)b6imcNYl~#;459__2kQ(@=n3nzKNO$>v`ly-D*f3hAfSkez8)uhIhNimJ}f
z<T|nGvJjgT7)rst#!Kn{rVbezyla}EY?6D^*tjTU^2CWBN)w7%V5sO@s)lQAI)m2$
zpw|AvRj1$PqI6x4g~BXxj3w+Qvxf#6qF*oQ!Iq>rB`V_ic+JKg00p+_uFfK+UZj@`
zbG^of8zGYP?sxfAP4K{6k5`TV*l6r%cCiefdPHq)U&Habx+DL9mp*BpX#e=))0A*k
z5MLd`v!v^B&o^)aj-J2)mR&vjqw^Z}xOYA!EFF8*7GO_D)tv|ZxC-%@m*>A>!zHr)
zusg$8Lz=>AJ|7JlRTOrEb>sz9S<dQ}aCwEt*pPC8=vlodCxg_@5y!3POE20dw6(MZ
zX*g{&2g1W&`3OxDJa?APz>J#!XfG#&1MyW6PF(I+#gV^55~1L&9&piEtl6$y8CE+L
z^**@|LP|aVj*(d-X~p>pha<Il`&LF~erv2=+5A<Z`S%*RZpqmBEefNs3HviD?B50+
zp-iA;<BJSJ1_9RI{UF)nOMmJ+d7)47=CPro5<hD2nc_4f%lHI^<_Ct}3Jgar1M}R`
z*zzojaK?Co9&#3-e-RNH2y6vGaJ|a~&KgmP&|*7UFjm0|g?bIh4b@e4;mHlSqln8<
z=vB=nCHRK@nDes5Pg?ccB1C<T7>R#9)4lK6@#0Gd&fY(B_A#C1NeKhe(mmbIFI~5Y
zvE++_A6Gsu)h^e5ywpG8lv(doQ}OXiXZQZ|_n5DT_6I6R-1%zXd32nj+zE*t&F$Hr
z@2>dppz7y<94Gh3m97IZq&-Pi^R)TPy~$Y_84XV_&&u1dZpIFS6Qzc>7qhc%5-sQ~
zq<|>uesr))|2M!MhW`Sg(dQ>jdY6&G%6lq^+__^uRy;_|El!Ayu$EojRzG)}b+!hg
zr-r=G?ezb&wxoIwiZd4s*preH6E<rAyjZtf{@mhQ<SMpvrg*_pZBb0nIa`p#`7-8(
z38oFk;(sYcR5pGQqH3N$nGUH~TwE>6H<%9rgP9W(F<lfO2rx_J-g#`p_JIs8?av>o
z`>a+iOZm5VTz2-cw#5UT?}LRVT68d6H+o<tI~@NKy>$mT546XKmDN(hP*=tlTaF*B
zy}B2;cc3I7o1u8<+@mZw@K$E=(l%f2LYvG%pl$1g8zx5T;nEm!ulAO!WxI5Z<+Ml7
zqOD#33LdwLR;E#lPMR6TnKy{)rNja*Hd1!OSVimWGwp*}sRGFyP*BO-$$L0>)kfmc
zLYI(`<y1l=1YER-hXhY!F_*8f`3WWyxSvaKvBKHOv*uQRm#a~lEB-oZh9KQ}0PyGv
z8=H|>(3d|$<tZOXW4crKL&mk3O)OU)s`1Ct(USB721}xTVJymmr10}H#SSR|tBFrQ
zy-B<@qvqmmOUja$mltmFeRar6IPBo7kB6%qSHPFGZR+MIb4pg?!riYu0-Sl`fxCCR
z$ku<Ht7(@XfHHJg+Y*}<D>|60S%0KEMy4zjA!%H<r*g=N^LA=S5YRLECt7XoU7$8@
zBqA(qpr<l5hy7_jMQ~nojNR@<5E&Jg&~6g{KuoD?{+5@@zMEfK+DNdmETLdSCYZy|
zN{Fo{!?$R}QU=ou@=vgS<!~b!RzQEOm`t$hhFH<`&(GH9ZO5}F&U`u7Ry3{pY<WGY
zVNnY%8$xf(jBSjBz(DwH&cai>!5>Xc(bi{&>mCiB;^#RgCn+OsXqxwd<lI){@q-0x
zIub{v2#y0HQc6TkrpRtnWA@hvtO<=hlXJeA12B07&^=+jK4<N^bxEC7WUsUX@DQX7
zQEE<1&XynCS4W%T;Omo$;91>t{jD+{sE+0I#?7+0ZmP5dPADW@oUqQ@(k#Uuoy-|y
z3diL7c$nAb&7caXcxsxw!9r=tR8d)|6OTF?e*>l*0{;2x=}(&UiKQ7`#m(THC4-Bs
zoTZ_lu!inkr3hoG4bXawVj8fg=GCjqbSdw2MiL%AZp-6`Tb;bX7+R;OtjH;R9#S2>
z4}ECEA-&djr<Wdo!}}n<A(w&|0oQ{*3hEM17rk(1)_BLRRBH^^qZb_b+jDm}6AA|M
z64&G@11J&yj`#Z#JW!OH#R5@TnVSu9R2HNwr>ZIh2c-7#3s=)Riv$3`xpakX%P{-Q
zekiCiY&zhJ259@6n1tZHw7E2;+X*S8sEk*}tjhrbd;Ei5qWlZOEP^QHxR0WytPc4z
zE-C2!-|%v~3|Ap;iLYh9kyutr9qpFiW?^Y5l{2RXh_)fKV#`dC>QrKpdt}r_xGV=~
zz}W3SFoCh97l)>I0E3S9M*pMQlSS_g5ZKMw8r`27>_mj>r@o(`FNY!uotuR_FN9F&
z++Un%3uD5!5`5w{-w&H&A4u8*jQQ)^d;H1g&{wiJK};k=@@Q6^e^i@NX7kRCmH~AS
zFljriyxhKC`FKBJ@aMya@${-_Q`MFMye(5coCqwTI!zkZS|su|BwZ!fNV5hl`u5X_
zK`S+j^xMy9!H9VS0x>JWJdw7nPa(6riH?u^T`C>lfYuQOPQzhh=r(94?Nu~1H=_+z
z-y;xn$;rt%IWy$mKweaalVm?}1_w#l)kOfl>_eGp(dS%&ohtaX=XH)oDu%O9T++00
zNvG+WQ$u$Yj@Sk|o2s(6a!56l9P1{!KkE2@*UL0Pv+-r_Q<h~B$DLiCU<fJntGvjH
zlzd%V8#nbXy4iUBT2jp8zv;|?aWo0g74yRWk{7L0lO|4FoM>Sjw}}}a7+wrlwG+wR
zEG}+@m#z%&IwS{l)d=}gjO2b`SRm$V353<P&vUWA0Q6#-=rI?8I`%YPiTELA`AsOL
z)X!api1|`<Z$m|S_1jrsrWB#Q3XpPiAez3~qw8~*U$)=HC=j_b$ZhYessGsc4})(5
z(r0xw(R}U++PgUGN`)K$FZK4*C)0#dPVYZ4lK)xd6Xr4!*FK;@Px-&7xKm}`cKPq<
z7Cd`q?f9~cioCphNz&3%C-sG6b{0IPPshlJ@KRcqNsFrEbyc~Wc!MZKz-LuHed^)y
zMI?IL_rI^n7f&b^Jk4ZflV!E=K8_jM?s;5Xjt8+m=lfCsUme9hqR-jnnJkzR_cP`b
zBJY(ufBW)<jeT(b7Z%e9?=E)!#0%6s@58u0gJ*Q>@zYMSn=$~!gNARRrXqn+^PI~k
z_t?C<oAyp41^bi=mgfCf^F-cE&2y;8!PK!(ah=)`G=i@-uzKn~d^ieFJ#yspj0zl~
zRXF!$+z~ee;7s!z`Z*i-PYut$qPHJ8C<S9ChN@s}{@sUUilU9^Pozhj3I5l0(*(OK
znFlzV^C}and~0UCK#E7-c;&rq+i-~u8#e-%pIE^x*t$1wJnSK*90nA3(OkN(xJ_7@
zJa!f)9HUhvhYFL?iO>1<VO*^57pUeBv1{m==~_SoyJ+-)amXR89fO~6R>M>Z<^tND
zcPlEEX9c^I>CcC{CS6^kG{h5WLSePvucVqyVj@+a|F)PxLaBzvIJr0E5{L|dh47MR
zP{FvT%tGeaY#rA}LgJ8d94u(u04~H~gEt_mRiFQ!DWW@^+`ebx{4r_LgUU*J11lh>
zS_?=DfgxF-+6`17mr_&9Oh&x@+G2nC+N@GOef@u*o?p8u@rAp%9GEc3GFDB;00x|$
z6a7@vuKgs;dQ>h~e%x<zHlogjGN*XdPGc@~NdZ3hWTz$C_K^c^R1Cb9l@&Z&K4|v!
znx@p9Ioa7!Ao?SweY<)Cl=(?EpG!Iiu#M_%%;w%ARqOxGr0$XTB8=m-Lt#7>0(E_x
z%@STbdW1cA2R1EZ1C8PyaZST?$EB%X?kKZok&O*OjrtylCCzGKj=P)NAtQxA$x&f-
zFJGRJC3FMYTPQ^=Q+7~0;--1jW&Nbw+~CX6X#g)>z5ux^6c3{0+F?+#Y6}m%(5Ru6
z7{M9;!K0U$n0ay9CsIQY%gWX1!`VN9k{LEta>IIvbbFI&=a<6Y0=YtlEL&z){l<g1
z*MRs#VGyBqLWJ=VlesEe*<5*?>g|H*MRByog1qf?P3E<I3HJL%jV*Djm?%U0U~2>4
z3zb8>DJo^m{skwu?=_&Lv<Gj4XEqcME<Ba%t|raEgDCv?-reTH^zjO%THmSUs~2mU
zuzC7OGNhep>LQQjr21ff(S$Yhc;9*(W!ShcTNYI?&9C)+LYc`+bR&ufomH93{!d@0
zCx<xQ$MEn^^dbni)Spl0ra{&UjiUASXMa3d>A#&8?basaxG&t9?mL(yv7^Aw>24ka
zt#;Oh{qv7DwiHVynnO+QEVzVng^ta(W>TtwhH!2`j&FlcpzSGW1~Ee=ZGJjA8vk2u
zWCJ^!z)xZ7Pp&|}RNuzZjP7OWaSWXWxlpS>cUIx};^#v!hT=)|87$tDltgz_F&5;y
zx@~chD;|X<Q+q2Zy>9X@8|TbtwJ+~x;G@NR`ZVT5#>VQ?*Sn=^>uoy|^2~xCl-y>M
zDZbu$-1uV+_|asmRHM4(90yJ_q8*Np66uZu52s|KBIpDn22z7s{>%x3&=O-M&YoDm
zHk1tjC?64)VE{oc&;Po*-m||<*+7b<t>1ZZ{?zg#m4>tA!%^?K<UVl0gwx2_82<x0
zmIepSw)o2yKMkr&g71gho!?3qHRk@h=+#f-mJTcoGO72s85&3{G5(#H!s*2pzuNHB
zO*8B^9iqHkVzYXw3ZDFk^{K-dlJo4+svc?XpHnJ`;N-h>KvnH~53t#*=Ax)LhTC|n
zuyCLuqpQFrsd&R^S0a7H`CK|gR*gF(H%oik?N7HM8JTJzY1r<1lPZWd*2k?=7jbZL
z>T)heZ&w)<1QLMDA`q6uEv!@cH@e1nnNHn&R1%i%djAoc?{1@;`IXg}TYBgkV<C$i
zHcvl>Sd54N{`S4vO}h+dE(~>Vw-tHJ92B&MAH}o)kLXcc2YO8U7+>7le6HMOc<AFv
ze1(7koZAj@u<UpBNp^V>-&Z5lLrd|HI5%KVY0I$drLVuXlpRb>Qg=paa!}FvDik2q
zkmj_~Ye<KXo>(N&uVQUuqa1lJ&OFg<y!x^%ZvIAQF9u4woK)uDG>;b9U#4$`)6S;7
z8Lc73%ckig`Im*eLLU8@**$3XmxA81CTP_K4OVhqNuq^POlLY`f2IWL*xwW{x(@O2
z*^Oht!)H^5FS#)fh!-cW`tT%<YFhsxtENd8*KRsG;!2Mc#5k+gsC$!5A-!GKUa?~P
z_i`NbaFJ>_DM*s>!d3M{;2`VYcG>S2E^xW6^%L8FfMj-pwR2;YJT!)^XM3~ktYXIn
zh<%qh*Rerh``4}=``y6L=b@}%`5YP+hQ<k(5+|J%;-Z&YfmBY<Qc_d#NR^O~5GI}A
zkcrg@>8VM~;3yUH9Z0*!xBb68oW~Z9xU+_#MBA=hMNO5S{<yff*v@z3#wKb;QUQ&H
zRw@3E@GjMB|F*cjS->VRLcl1fXZQLEE1_8?MWPaL{#-l_R5;Fj)uSC-83&6B5{rYm
ztWlOf;Tc2@UzP7;o?YEAHV~-bTYdS0EJ&$R9^trg0*h`iVpS44t9Oq$kJhN+d>2t5
zvkh=hK-n{F0KI30iul+gCh1NOPl3f)>vx<E(>ry`r^Q!~|DICOeMdl{ea^2>S;#rd
z!-~-%6&EMeuNoRWXU3rW#6KJNtm+A=FVNpI(`zM7zv8c&yh$!))SXI*bgHYa2fjTl
zzkZ%eS|)`^rSd#$pkbVf0LFE+*=JvOlYF}yBrWYE3t{Q3;I`7{mRQ>Dokf|G%jO*R
zoZq?co>ks8q0m$d;vVssGi)ZI<gmYNGii&5hq`ngpSM1*eQDkda^X7%#<n(4+>)bQ
zi-;H!d5_VNNDs>Vj4(VIuI{wo&lh|FWFJYvr+H%hSTpa-e<Jck`-9S98shdj@)g01
zG^ira-=6|#=LoZ_D;yj!*goIk@`{0ps4=EbU)HHYk7{Gi&nggj&q|~o&_`8=*FfT+
zJ9+n-9Z$~jlQNer!{q1843)-iCnA_1!^=uG57iW9or|*Nq)6~J<2Z9cPT#Oj^?0HE
zK*KZU&P*pv`!{8_JStK|P#Vj!F0RP2@@aQuZxPopsl^%7o0!-tm}%>z4H~gzl$0T-
z-N8F(p*5zD`@w-ll21Dy(aPmyl~K<5@3FIj)hAj>83JyD`SsV!-oRewzMJ0=x+ew&
z1#YW3pPcJ*X{arh?l^~u%eiS<j~|TBP@i3f81KA&+iFVdcg`m#tX=`-+CSg;!?ThM
zW8K=d-=QTx<P|=7A~X}WHsEl|0i`r)QWYkiBi3iH+91XQPenv$@Z>v02xDtH;Q^`U
z>yhcv?d4P-B04^gqz!d%;ft{G0)&b6?uSJk@DMcrgjaq9&77}1luj1X86k!?!5YHb
zDg=&?xJzI(+-spEFastg98?{3`kgI}{+;KmJ21I<aCF+DJZ8?eFv9T63fH@<4UO#W
zU!wv1UV{k7@pD@zC1&;3I+^w#I8JzS3XL4F=XMR;gkJ2TP*d0X6*4RRT55?Aii7(m
z>i6|f?A^Qf&S$BuEiHIoj__sP{lDbi-=C3659wP-53K-#?B6d4IA2!0+zNtZlxP9l
z<;ua$QG_xe2Y4rOYWD#5MB1a$)3HN4Z=rN<&Pg-uQCW11uy1dMTErxAR^ALuo=N3e
z8(4fCiDNrI9+|DdIg79T+xS&m{uBU#^z<sCtm!W<17KMt!dPQg#c;-m%{MZ_PvObd
z^mHUZw`=}069c<jU$e$R6i_$xmTk98dDKFTQ$&ys*BY(;r|8`+G-I(Yp{E!t#Ov{G
zq>cZ+v~ikR!j=S<{cx3pAH_HW!{+&?OmWFdL`4fz<8*bZbclc<9XzY!FB&GwcM~?l
zChlD%H$}=Yx3j}%ab5TLX>2c9zvco;3f(PuM+_LHd$yV{u#!=Ekk0LuOU4goCd-E>
z7X$Z$8q*kE;-r4k?CD=5kx@FtHd|AKLBcqZO=86<{KVViJ$eQVV4&MyHa5?nK6P?#
zxfwZ@u?)EU?woqQj~royEN#kDRFTeblbbb#+@-C1uXq1QOW*`K)g-1@)bRq(m7)_;
zU_3-ZX72HacODoM)xCW?+!xvA3*dDLLB+;nNZWi^Br2BTN_b_0dchV^oPW>4g?5>Z
zjoW8iM6~cYVi3OPj@MVfgq1)So>*X(Xu%>EN~!$Ln)>?6=PRbqO`mCgzMO7lJ4@mX
zE9BWYWHxn!awqnPI&PsPgP|Z<m;gZpX#RD+yr^C73n|>TpD(uPXvqR$pxe&>hCZ0{
zix6xgxS6L08OOP}3o~Ua*>V9vAQ=}p7pdR92lN%4$eOC=*vtXJLnE(>IW`Eq7Czd}
z9)KkWQ3#z#zuzWe*Dg$p4i-!r9{S_PANpv%JvJGW@zZb`FkwQ(-B`a?XUG`5Qp+-g
z;!tb)^yxY}BR+20vIQ7q9_8=n`^5Gr!3-Ad45`Ap`q`j2GRn&?jn>eBQ^*p~4?lXr
zM^ga?IAS!Fe+UD6q9C>n?!ph}2XMsWkaN%O36x*-v)OgDE&xNAgB3LF6zeazlm7Q9
z0JBtu>lQn5*6iN?xu7>tzF5{iS^eDg)p|Q^(Lwj!^_ouR=))vjz_LBX#GvVLX5V7O
zgM15$5imjcH8zwwwYA7@8Hoaj)apwUS=>{nmfBhJc;NKW@g_Lq%2q`1CJIwLN9)Lm
zMA87PtcUzdh#EM2hkfkZr;jk$c;dvVPj&DKT-X5CybKrdL4#g@_`q<}t>|9&8RLF&
z;dk+`D(rLkZm}%V$hirncrw^snnuo!7^Tcl3zCOKp0#YExEW~^_@7MF6j4BnfVGGA
zm(@EK??_=>IR$lI_4c2(+|;8*l#F1vFaWAct~X31vzdE3MsIs&=oFEtsOjg=WTtZ|
zDLrZ&B;J!kw`k#rQJ`kalyezyEcb?^ylnC+!+(P(=kER90z4$JvYXLjt7E+evXj&D
z_9zL(-8*;QBV#02jkaES#z)KJ-F~z2BlUc*StwzDSq%Iideg&io5)T~OhVc~e2Ut)
z=<x89FXSVP31xlcQ0p3=+#juZ?8p(u&^~Iq(_Iv$#m;&mw8^#3=bOaDZ-G2xf*X-u
zm}%JX@grLf!^^iHK9HU?{xe%%Dt?`0<h||Z<frn?nQRCnlC+c~HNtqULVWw9o&j}x
z&Bl9d+~|DKtAC$9ckbRrid2?5Qft#q;2=<-_unWW*synMzaTC{gP)pWPIYfhfp@<m
z*1u!E_%KX}<1x;|u>T}9G|go3_s+`*&VKs({?`Nh2=%k2nb~IwzhOb$MBbW&5k?8C
zKNU0(G%F4djdwoTVLo?B3YJpXQ?(K?SvYeU^{9o}eAE=avf{zW$e#~%8vm{RvM;M=
znkb&u0k6{n0H%P-yyoJwKIj{wOdOECkKjlNvCj71h#zdhB*b_WOWe+dm@W)yN$`q;
z5<u}=QeK{R`fJbMAc@H>NKvY0@O@Wn(<|8X5k`?6)P22i;|4eQ{0rCh>lbw-+G$Y9
zipvQ>qIN8N^Ma)AwVys6=Z$4#ifWpky8WQ$Ac7~$Ap84He8x2gyxiLQS#xtUxuWwn
z+S<W*Uf0!O_Or|I74;Q&bhgU%`L>3N2V?a8k7q6oPVvQi5^}V#b`xdd+2skwC(Wco
zT3!cFJ}W9Z_J%-Xu2MFy%zk%tm^)e)lmX0wgtS4*M+fuC%+%6r91P(2_KuG8WY`z!
z-VP$wKP(z5OG-{SUrtMtfj)Sz)?K7J#zmwWL(&m@uNEKK`B_aABSXb|CT;a$<~)5-
z2&t4KjD?Y@v>6!+BjVJ%>9>8}X&P*m#0M${N{rH7R;q?s13K04@KtZDaA3p48>Sl(
zpn0PD#EGsnrAmki9yS&TQG&1}!83u}k_iqV7-T8v^l9WY?3K-y@zoQwwE#IJFyPK|
zfycBxjW_ohu!rFtkE2JxHlHqiug_SZ_+8P`R9~St-^J=P9O%IV)6Gu0H!yJ|X9CKN
zJ9EZJ;Q)mU?l7*dADE*WqYfE?Rma$accAR)V&g$tW&eCTd)~Za#$IZ~_7QpXDl_~<
zEfA03C|`nOM|EtRIlVFW)~F%j-NwAHBPQ{F(UnW8sc*&Q(Bze!w3+nBfC1@OuCzkd
z!4Alx4r5T0z{eTUbo160xQ#NWQX?uiAV6ejghxz#Ey}6D{rt6Fa9R%B&$+x%iq?1p
z%gdFQf{R%t{rL8cT(w*;AuOyorTilCDej>Y{9*J^;=g`;VP(1Z?)BMCVsdM!Fr%yJ
ze4u@3<j4yLZ;_<M9o!K7vr1@Xd~pw5pSWDv<eax|&(a$rELXfwJtPv{7X$B&8nm-u
zI`d3`LHw!zz#azd*-TxYe(W<LR6dYHDoUH&Nzb#sj53C`{(;d<h^o@8ggID-;!6t5
zNqIT(XTTZPjH}zgWYfbE(yIC8<#;Kdr%Zhl>v<B&MZKGe;#6&It4WavD?=pJD6$~L
zuU2iFICbj5=t(|oI~u4QuN4t?D91<m`(4nOq8;LhGHa%G%*7n3u#}X|)UB*V^s%cO
zzMA>ZbZS4+E#K{3@vz4UX5)!sRm+C~>HZ;{6HI=&%vfyDFZ$Pnqc)>l**eH-Pa@oK
zDcB+D0P18*v{}$^l#PID;(hw|-Bx+9U(fC_LtTcP#UBFRcW5x$ovpgZy=YXBk~>42
zwIn}&3%n9FCsG!iZbE20QQ8uVW5NsS*O25<&!eTc&s96)ZWd?W)Z!a`7+V`jL!#vA
z?V~^zTBr61(0a9DI@OU&TBVT*0dtQ0Uo7^7wY@}k0@d!($3uI@=+Sn}sIX{ixepK%
zRCWEj_Sqr3*(YtO;}9G_YB8KU<POR>q{YQ`69@MVnte*fKt*a!XcJCqh=pROZ!}aG
zgiO&aX(@JPEpUtFJzX28u9^)UZ8K@wipb$1CrjT`)>Nu!AALUj&i*@V`u6NjdI^Zv
zK1^BVli$PFIXw)n#t(B65-g;QjHQhK07kHqwlc2`Ty`HhlI@235>P1!QUg8-6KBfK
zEg0^S)=Kd;+G<25ht8w-9_LQPq1C0J^Spa#0zq_<&zxO`NCV@v1QZgPmVtq2$@)cD
z$VhT}pXvk2!53wsMA;;b?mJ$Bk_SqH8`AUYvT8+xHxmXDRj{A~EOS#0WsWek6@>km
z#Ni>lmk_K+f-wWInd#(v@8&cFzAamB)dH7<dEK5Le$rxT-i@M?2*j7UO}9p9=S@+k
zh+4nHVD!-7v=Q*kbUw`%$Md{otMnO)1>B}V3-U|5vIq>})<Poj%}K%G<>DWYTye>+
z0JueCic8uyDo){_lp-i_M$Xul$|(ornpP||WC(3Ak<7qr+vKa~k1ZUzirNu;4i`Xp
zX~VC8wUuW<9?=m95=b-g0)+#ltH?1AGu|4<^=K^<@vXlauF~QkZ=nRin%DAnM4A=)
zqc|;p{K)<MI*19VG>|3{ufA_4l_n*)HSL(wBnJdq5IQ)9pSDn<*MC{6Q+S6cEnI?`
zEH!k$AUI~i%HG1)Kq1tX+i^W2`mNhIFLr37j3`r$dK&Q9Cfoa=U1LDE9uQIw;ww6T
zRd-^_hVY9yoj_;wX2iW`{wfB@<Ah{2;qiP|!)^xW(>BGd+GTi|%ncX~x$@%0UP#=8
zcq+w65^ctyaZ(Nq#+?pGyPirlCW>~<#}}s3gL*hJ5?j>UHBCUivuDpH&-XIHN*W(`
zh-gGL&AyDudk*TTk%KaYnww}cIqkMH1t)@7(i=r#{gBvp%>-IaIw@9qB3H&Gx#axU
zm+ufPeOo<VKKvap1i8<u%geyhitpZiBw^#<{Ay3qo&A;hkGa$Ml@t`L;vS+Gvap0l
z4zIqbay&z8nWOZH;CFQ7pm9F>p#gN4=b2``dw@(ULW%R`+)WqlnB#{Iop~`rR<<+Q
zzy179^IjrVOZBvewLNK-S_j{S3JV@3-t<i$Kmh`ecE5TrffmHBoG*C)Uo%Hn`^;dt
zQRbe#jbGHmAmIqsD(J}>61IM44n;6Cj7~Y&X>v!Dl|PdHk@p7fhX&X;T*C#0Zgevh
zCw9Ec>xT6diBtzbm7UN*%{Ckhq^47;8f3bQ)&dw3-cJ3v_UO-n1F<a}QuJj#``PE!
zu0PLSkC0R&JC7MwIC1HP={UjeQIrtb`F(ydK$Lk9@cQZk#!W09rtNWdwtNPsBdOna
zL4v+Ssa&XP2MrQnQO@y(N9ww|0)}axc<5fOxym{l^HHLgErC#$P6fn6R95g;lxaY+
zxW>Byd5E;1vECSC##fN|p*?;2w+~Mm83-S^pJEf$oJ-?F4Pa8ke<6Xi$1S1S6F6b3
zOL*QiB)rLMe%)^|-k2p7H2z}7d-Oas5>|g~JV-FA|De5lPn33cCND$0Vt;v=PcLuy
zYq6*<-l^mYBP>^pAFTQ0XjGI@&ZVnYpHv$hEppgm=Rj%On<&FeWoq-8^Ll!*$!6oV
zwTDraO8#b1Q%4L99*chfjg|q!gbGZcIWY)k{&6DKA*!=}vtpGCC*HOd#xOiuFxk^k
z?|0?M&l+SouWdMIo(NA=-SnQJqe4*QRXl0Nj2!%aH#4u?+0ijUHr_lD^Q8sG#%E{g
z#nSurZ2kmN<zBykdeKbfp{^^?jFPXqz_pZt4X>geQU6u@4wr8FqkrkwYs3~m(W6yB
zz@CIpb}d2(4B}npdc=f2msG4O+di!9JY^-QP3#N*q5q?O+N1a1fIZl5f9(;z$nl}S
z>B+~a&FD2}+Xe1tS}FWw1J(NV>wnkFXu3s(hAt%d6#U%1XAeBY;cZ2AUn7jidX55W
z=>PkIlZ0oPVM8YUoj}9-ZiH^C=g^J^rBl+?eQwl1^XN9@ZieEq#p4#4>LX99A!Ksl
zsY?k-wDF;%6Cyv#l+aN#tj3LI#2C-f-NogRe<QeMg`1|vI_dwN=ltI1!8CX9OH%+l
z!}MB>@}@EEQDKlR`z0^9z)oVATHra`U*A7iE?p|r!mr+QfBP+1JWeDM+dEqxx43%c
z{BMVh$L3ac_t4+~7A6CM4Zic}v0B6?1*pQ`QbujfUcW{f;4#EnD9&_(O&%T}KhuSG
zpII{jlN|pK0bR1BxwSP~yB8{oHEYh8CxSG*CANI`i8FULGb<s%kl1&3--u}!=}EnO
z`Qf8M)diHD1N_!^_s}A=@)DF8B8jixzvDrC%}7D*sSj@sFhL8`&YUjB$$P^*hu$K)
z^xyYQ7a?qXMf?)ku-k|jU~u2vCp$ded)axR>Gs5n&)&L*e9<YM@*n`eo1qO--fY^+
zj`>g{aNr)2_qztNshTK7nEoEtCg@da>y3q_p)C%8#v4hDr?d_U!4;&P2m7RT?GEeZ
zSyZ1V&Af$t(*Zfa^ZaYV3JkaiQHFsA$0tHg#B8Y@p-Hk^k~n*rSovcx%Wdj^tnPI(
zTOtsGOtSgda{&E#2cUh#Yo!Y$hPd-H*|x0}OEGadP<C77jNYT{z<rL#7{?6?E<{BC
zwU+C~#UC3bv7SBO-DWrl6ZV$m<z#rLSwT&qZb?h?{N*q}RB{Z%6wV$;idl?oNKod=
z;{>`W+(;cOvX~!4%z=jJaM20ijH|_o+5S^#DwVvxM(x?;jUv%h;E$JEAEJIo!b{F<
zYpW7@j|%qt>YMgWh=p$2Z`{5;2NChT+P=F^0eT{Y13=Wz&CIMs_nY^kswx*li9B0{
zLBe3q?@fXju+C9cx@#8C13NvK&dIsW_#gu9j}7F>(W%4>$JRx9EwlA$bbQ72ler?^
zBS(Vm(az&{nkHWm+1<i=H;bnJArqH^CDw#f*w8W1nl=&t+oBgQ+CeE=(_GEW=#dqS
z4mApp!&nJ8mllrx_?JIfpPZD$6FyVFq+w4oybm0NpRUFoemADT4#6abe-1QhOj^>n
zzUFHSPZRKbs)s>nIGB%g$knto@{*GE>nBy+x}^xdIQ(9m)!9v%8P~xne70_#Ft~4q
zjj8z7Z|}mbl9nn(kY#B|ucTWO=d5b%Xe_L(&Q-(NOhs)1v+0mR-rlQwH+Y)M%jl~_
zW<4!xQE>J4ZYRzU`^`;SNm14P5(tQ_EyeIccKHA_^wFlntH*dzFCuMX%4SkVHAnA>
zu-&~?M41C4j6FGDesy|-1p`!*888b05@GT|=wCsI)o+)fwe_j%s-6GS0$9H~sCv<;
z<H*<NB_*RHj7cxosvU{{6dDxtFbr^s@j^ikvomq|`iJ7FZ17AOBq2XOe?C!fz3}8j
zNpS?;?52ydlOyku$0tf%XiuP--yEGrOw0?!J9YPutX35q3wZGMl#LyOBc81ASqJ)s
z*7ZG{^KBd`>;?#B#W<I==zFzR*496%%wQ!Tx;Ah;(Tl%%bFdHyFSlAfp@%l|zyZVZ
ztI>v6QQnW1^u^<<wMn?$*OWpM5*(R!=jVgoly1zQvM^w`YyO(d%(G{mexm!hQ@GTu
zf55zsQDHxc;L;x>j1;gXV7HuE>hS0Xgu^eevTKx%l&sGV00n+!2^m;!<m|@S9&=7q
zGQ99Np^@?39+Wl$8T)=_T}jA0mpnUFX;S>w0)anoD*Q996SENuAHFLL_O}`olIpm1
zEDVAUh7oV}%?%E|htrkzk6WV51N0F9TYh|=@fG(8g5l{=k=~lL^AH|ADXKRY>ycj~
z+<(6)?cd_!pWnX=5|x68V}wLmgksEq$?}5CNMNwzpMNs$0d4~=2QIyb3hbmq=Dl*M
zI-7W%DnF@@V37?n=Y>us+&B)bu_z~w+bth{_S&^5r7eg}3+*=ooJu^t2wT55DCiZ;
zu3q)6Tf0e$=B$SW$L;-$?4qLF^vjo>KP}J=aE5=Qb4zXP*jgZ55_vK_s5O@RVr!Qt
zP~bVlN~Fffa>aT8fA}@O>fN4DjjV6=`t|;J@e1KJ363`ZCfUMTwF;6%L4<&#yzcJ4
z>k4X`LX@rR(OD909>*4u>r$Yg@=_iO_hw$}j^P>yQ$aHW8(emg*~}S|$v35pq)LU*
zZ*Afb;Z7#VCq8_cen?Vui`heVC?)&ulAk`kIq7N@-c9wT?$2G!sNjjw)apoT$?eg)
z{c33$Xb1$d8ROJ&qcdNpO&A{PMHvMTn>wR68C6dqqcZq~^9+i>6Sw@v3Y|{_gJzp2
zGP1B8)V(ZBpS4bKO|_;=8aU{mf7F`4*|AdS3=F$nvthcM=Cj9-mwxR&BGe$*>(ld!
zl9K)V_rLu3@p-PJ(5VU4^uxZ9GF_M0jd-{6ry;4977`$jYaHfuBvIzW4?F<G_ZU4Y
z%yGl^w{Pk7G)sx(VJ0d?p7S|+RL$1R>=MT24Kogo7Xal&$IAptSTO0JajD6hBNx()
zu~{u`d^HIf?Qe<h{WCAXZjnJVo)W5PoW6c1+%IX>cAoCHF`eI&{XNYFw2r9fC~sJI
zhhxZA;EN3Cj_t%ZlYt7<!TQZFdn``qQIbZ~8)mcrf)>>d>je$MET-uwFbP6!`DPz+
z4Rv*FS}2Pz@#uJ6ytr@M6I4P-Qoq$OT5VR+T9C%Xm{8d5JvaJ@i$@_F^2-M5_V3gS
zyPeX-6ptK`ka4^0q)N1PUnXxBv1Q{m)0hhWJM~D;{$dP6lTdf|-mP0gs$h_X5V1s#
z%&`rbLmTKA38+8CC4lFp9sLb_R;fy()G8d3BnCfx?AV3ss^?!b5q_XoAwY!RSpzOI
zDCiA9A%8f0cz5SYp+$}?s9qhNH6{&MWLxTYaGnY1*jp`ntzkw8c{>bV*4GaoI@F<U
z#qr)C1-gKfY!DVQM;F_jKjVhLc$)rt2{H^XEM27k{bNPxvuDq4+&KMJO0zo>7m-Xi
z&Zb|_U{z54)P4Mj3<uKEuHHlRvQJUyz8~*PZ@=7}QG{M5W9!#=6UEb->IaMzaJHeI
zL*^`2!#+o5Z8Iq$en#-@Q*_<aZwWJX$F5-;cxdEGzaxeAxW`Eu_Uzs*bS_iRhI6N;
zRr{Wn6%YanaW0cq)P<+XKyWtp3tcEaL0K8Mud<c0_o(q-9>_p7ti3sfC}$kUz&Gg7
z8lGmXejbwYdI$Qa&u(0gl{p0%xeMy9?5&&ITfYMwVK9Il7tf79^D0`m^kZXV_1d3P
z-Zpu2ulW*1?XPCVnImJ1iP(c*&~(m_hT_7)S}1+%j7?*|hf0a=5889%<j@1_;t(S;
zr_Yq6X^s@yp;pd*<nOJm+mO#SR6{cW#H|zh`O`05GDBTl>NG*^$OY0G?gSMofE7Oz
z^TTrGc27=ou^L8lTzql8b`u3KN5kq%UUBKhn`qNPE24a%u%?N?=cw9A*-uQYu(P~6
zOJx+Z+@p`mYyfpcV+6UxqxN)n5s6+%KOQFLG!1RsJx)CevVc`W_ui{LvT&ODo8`c!
zQ7VB(d|+^KK>#oZc5B#1(T$Do2M7J@4Cue1tDX-z@d6i6n(HYwqtQm&^4yK%9zj(`
zWf0)Zd~Q`fd)B*GulLG(+YA3(Nue4x+?w8}c-lxA#!9|S0?%2(mR)#IU1ac6;5%nb
zk%nD$h|=ySvL)@+M0)D*i6~hOZg0L~#iYS~sp`QzFG!Jhc>+G4^D4S`@AO;K#cA$d
zUYY{TGIZ77LV0OmUD!29lcqS0KP8!0!`KxURZV0G^dbjJ!eFC(1&-PpM9MDEHkHQy
zaZ;4KRfuD-%NX`tI|^0d<ZvS(Bzhi59gwG)r2R2+x+-sy@~9`QH)%v_IXS65%A771
zQStEp{ToQ&F=O7D!<xrvQ;%W_1dGlSG%f~d*y2~^ZqJe`<@YZNzki1YP@I7}EPkya
z*<a2yhO@t&CpLHE$iBT#hTd2D9X8{;H=KJVm`If4D`O={j1~$ie`Xjn4=+lPr>kBj
zNrMO<aYS<@6i-ad3_cvihKul<N28;G!gR*Y69u?Sq)p6E$pUUPHolt>>t}rWp^4Dm
z9JRvNH#@viLrv|`_3Nn4r7A<&5{4%)(VSbu_=tB^m*x$~PqEJP+fL-V%~I^5XBT*X
zFSkSm#V2r<D@5K)EDY4})?LA7f8a&55lHRL!WTZw7uFqf#6<AqoSfG-XeXzN!7xGm
z_v%I;xz3hie@2{~pL)|+{A9XdY2_H8bwgB4OWXWJi`*ZTt^x@m${YzaIVgzb%I!ij
z{W*klNU!blENG?0!kiJ?0kOq@1{VsIUss<&{?vcEHnpa}(UuHh=~BlD|4RUg0g`U7
z^yJ&X(ko)^lP@9oz)*ubcHeOVXaNPMm4#9{)Fw!Q%k>L<z6M)Ap0Y)tZJ`K|!M=MZ
zEi3Ea{CQQHRgw&0=-~eSqb0?;112W-fqWK5toucC!)fMFE{b(uZSv${&XryPru>Mw
zT;;4}dJrL6W2SGEmz%9TlnrmK)A3sj`R<KEH&Lb_s#Y9*@D7F(eq^8Q86q@R_#}2@
z4jllh(NR$IFnC|Qvw7OgDlW#wRZZ;+w2`7oRt^&_jK&XU(20#w1gEqkDf?V|ZT%d_
zlCJCcOa*!sV3+c<RABiSn&@)-2`vuyk7+H|=^$URA}MsF6TBpeo1?k|tcglM=#&^U
zH^lDpGBRgD7!DDnXb@*!geH5mBy;v&keO9gb+Ep^{P^MbwP+fW<33ZT;e)NWqyiN8
z5W#~Ked&4d;U8Oc+M|9fNa^93>_)=~0UpT=8o7Fo$F}Ou_G+lI#2ai)Vct_&nbT{=
zRW{K=Dy7g@RI**j0^EpXeEH*=>!Nu8@p$La+XxU|{~6&9iKX}ZxX5M7L(A>)q^WdG
z=9<TAX;t)`e>Ij^SzA|!Ys3yos1Pt4dXy%QnPR*0=iQ+q?c2l<YzhUIrCyblNLA11
zNo}0>m!2<2B=Yd4kGHq5W>nDw<fkxa1EaYLdi!Hv<#6^RV^GsGYk^LbGGzSqg%?IL
z$1xokHmTB6VeHr`NABa0p?S+g=EX#7(Yukfl8{CsN!5OSdG$QZ7!dAxI$?o<Nh;%u
z7Wz^rknEpLsRu-GBAfUOlBZ0`qW9|~1M!XvNTuOkx>$P4`o4ViiWU%b=@}?SL0%W$
zr}0)?4&UR-^$egJ6Nnqc)h~uTaCkK2BrjgffUHBSf4c_n4pgG`%D=Ea`u~!!J^RIa
zb02m#BR}e`R303i0V`%<F*x$x3@kDlWEr_^cmL0ozB79{8Mk+FwS-#$WjYrxb9q1v
zsHd0(P7I^uF|)07#&+u$<lN<yl+y#aE^FNsuk@sr3s!9#@qH6iUS(Tsh6Zcc<p&_n
zaEf0tqWE$1xIgGVWJJ`wdEBHZ$uAr$oc~2frq0s=_*$Cf<+)``<UPUgI3{Mi$Y9zj
zu>i+SpPp;M^H2i1TKRRfIHFR2JtFZ=9GYoFWq7~fTwHN^b?-elKuXE8ElhASl0)6G
z_*W=-wp?J(UcH>Hpyesa84ev{Gimf_EN>)6Xe!T`VXG8@?M#2B8W-3xP&K+QXIT@(
z>!wZGzRjv>-)d?30_FvqKN~=z19>G2tVqU}n(Bc%F>t>?k59tl<NEdMR@ocVtZbJq
zMdv}z=oqtT7Q)Y<hx$UlZcI$f+Y;~HY&Zfo@6N0Ua$S@mP^~EHp`EpzspkaZSn(j^
z8Ne9uq)qj1)UHUEu6`Z1vo-!#x#h|w6d)EBzEGbY+S~d3%B$5j>2vj3@QMJxl<tFr
z7%B=)#e+0}mbrWfgvNj`&4=!Yx#C;fnx}Y19X+~0Jj1U&v(F$Va|sg;b#=~Nl%DEf
z0xd!cGSSu2Wm6($v(V+$MD05|unpQIen9`n7t8j#@=fB$%FAD;I>{0%{ga+Zaa@%i
zr`lwBg-Q<MuQCs!rtFmb0)6M)o#r8oA%Y8)R8*FnFDKYi1y<I5Yiin>UMZMhA_zWv
z)~NK<%B=d^smrp47k>_&Ry8`1(_mgHM)#mlY5Mb(LQyv?824&uqwTn7Lu;(tHo}fh
z$J*?d1Vofze6>v3eTwxMzKKWfl`Crf`US(Zm)a$pC}I;tiV{B{F;R--JSJ*13u>nj
zuiTM1A)t{AE@bg}dU%i^IJ#C9zS<xzhfKP%)Rjq+^TbbfNG$58kT&yK>{BFHJ_j*9
z?m^#Cgj;3Xlia@Dfa4wufl3*VC%HhuYcX(tU|`RMB8~EelOh+lK(uOOU(4|f#(X9|
zkF-KZP3?-twDV&oOmP1EvVh-S7xHkG?hRm0c*lkq?_)7BG>awYg!ElYlDEjyq20~;
z>+)fp8yWw%)aSaUoWkhQ!pH)j&NFX`P?HKDKHLZs$Ac5|VSW)b6Ydm=vrd{#hu-E^
zn3_n6P6+n=C5rH6CJPq$@UfI5b3>#bMqfo@OxG%~{0pP)+p$$WF#xY!aXIY>!H!W5
zckVjpgJqMpq)oP5vErhI5=lGC)v(*815P|Pn53dIHqZ^8gy4wGhI5gEk#i&d?u!Ig
z>6X_w`_z1BN>`j48!nMJ!XnXv=8X7V+v=mDcPGtkUw$&eQ8Q|ttKP&h`U4F2E>rG!
zb8r!2B78;`#Nl*hUT>w{_^5cODDx1RcoO<b>WiXY0=848JVNLiUa)A9tk$MAj(7%^
zv~#*U^~M~JtFZX1Qr@LP&Sn3?o#(98v)-DmTuE@aATvvbLq~tzHjbA1aZe7NnnX@O
zQ(TL0E?Olch01PSEy*tPO>iZnZ35_J@9a}NmviOy9C=K1xEgJT7(ZH_p7`2L8BLjG
zb`mkBwD~=8=gg_xGgl2sHccVulzeul&kbHF6<VF;m#*Ts^ya&;osvRD!wH6HgQ9sQ
z^8507(gZ2PvSr%`pU7&Vldh{QM(AdzCoJW3YQ<|A8CV-z_-wRw*>#+UX1<5Rf@(--
z!^;50_{2nKG7-LX<v}0o`Ty^|$}eBPHWbI$e30Dil<*#MvlA@{Y6lAK{|b8xZSL}7
z^?w9)qV@lspe`Dfo)kuUd-B$?38-4Mvqldu-au<2b(Z#miGq(j@!84EP5ppLu;b(6
z^upqQq}w;5vqTJ3RZ$^Kl|pG#Cff_@wMn7d3D-e=cUAWL7hq%r5|wvu2;MjWco;a=
z(M`LLCqSBwpcXDN6Pq)o-KGiaArvz+1&W$0;72LonW6W9vzXp?jRcTuTy*Z?<L5U=
zFE$VB5XPes;Lt!L*#g5ANa%WDetkkh9Xo@hW9*>$u+CJ`5Kx+KPfrZ%?f3sXK@E&L
z?SSLvDM--KLks=xa2+#e7N9p#U$oa*`pyRI#Hy;QP!nozdc)dgn^(cyB2vo5fN1EJ
zZ&NnCeS1ZtWBI_-`UBXc=tyWeLG+3zUWSbyT5R-b8HL=neoPmb0~uFxT-$N}_<*{Z
z6Q2x=$FJsgVIgU;*v?lZ2teRn6f|%UI~L$)L&kIZOrTF<0{%bH(t!^W1z%;x?!wA3
zbFJ=c&Fj}t0EzF5?%X-T*iIH!;*13tuL=^Ug^qE8C{9=R7(IgC-t75@cEf4ucys54
zy~n7YG30Z85_1#=3F1MJYbZRb1%Lnqvt?PN{Wl)3F<NK$p|+MCR{Qd$s!Q4UBKzaW
z3Fi7u9Ilm8;AVaQOrh*N;0?}Uz&1)5>IH}UQI|odlrEFN*HjGOLHo1za!elR(U6wd
z-POM<tFCeUWOt`=g04K*cPk?>5~a2p;*Z7@iU(H~#R!vwf44tRRV%BAj=ES=aYds%
zYz$8G_wJp~c>i2f@(JW|52;@s<P-oC%@f)(aI!*GQ!)&3hfvIC-*;X3Uq$dhA>1gJ
z!rXGj)?Jc+JKvxSyH|B4uA1aRS+@3>`#wdeh&<w{oEUPtkv$+BUKcOYvcNTNtBcw4
z?dresfo*g;v7G5>*~pisIzPVdryIawH<+jUkN>Z{@^RPZjdW$<dQ9wYr8~Lo*)xGB
zgBsz*SQ2{A&K5Lt#pns749Sm^IY2zzuYf1?0S$JVX8U!krRZ<WWVI2&?F$NGuq@~7
zfge+QacGiCA>e-Ke~+V%nZ&TTu}6-ykc0yarEMw|F0TJ?TC9?KS4Zg3XEJ%ro>v4)
z(Dz3O^g0hi6Db}P#z_qgj$3*jou=bh#$*-=nK!AhEQbleAyTtTroSjm3hk$)T|GR2
z1d+^{jqCEueV5_GVM4M0KdyNXa5z=P_h+<Cw*G7s%D0`3!!_NOF^D}a0+_1tDdbwF
z&=Si_#+?cP2B=GF>%}pNYm(vKf~|#Au$-v;gvZ}-{Ww!Yi@x7N%;L-aWxMQbAJGY|
zr`27>=8gWqoLn5cx7C(yD`3Qr$HyPv##h+>n*rCJ%~t0K7$Yw)E{E<(Q!_ooh$_a=
zh(e-nEYawN&^ZrNFjX6t4P<q54r5#aCmkH$_JFqfeJ#4du(+J*z{=?vqLXIJP-7jL
zfEr9tjq+N=viT&SGT*+n(TW%yJh1OBK<l#Z*Qt=_{_Zt?`TnfMIiM&8sG&#>u8b@n
zebVgg((|BbFpSz$XNW{8f>r_4A|b`C;tD(k1TWmwus%|KcLnZ;0eWz^pD6#>Z>_R-
zU+S!OA`#Y$!;$~!9yn*~Ich7lAD%X1!dNJtsZVVmk)4AoI+7Wn+Ffk2$b%-&n$xpH
zCC13-sB_!ez7|tQSJ_`GsQi9!a^7>MGr_``GRhCb=g(LZu*NE<tm5(nNa;lgs$JxC
zzybNH2;3GY!2ckK#S_A4-R(;G0ekS8S%zfc1)ju$?_FJOEwOV^Ry+6ytDmDrcr+4%
z+{yiSKaK!Bh&(PV9eVK)0+|n~VBhpO$DcX#uIwT{H%tkJQ)$>QFAC7Qjtv&Cm_1Cf
z7_OnjP~U`{D_0&B6o93Q3^xC_a?bG%!iidEN2S9Vh0Z;pbbv@S`1jL_QNqT<G$A2A
z-enpZGD`S)NlPh{qLff`Uj)k$p1~>@O78HwpQS*-V1DmSM#SH;wY9NPT_-KdAN~8C
z#3(|xA>5%brH7!w?+blgKBR)tvnVYrEZ%(jG)h)>(dmbk?ey6>1Uw#?w@+ZJGt>B<
zd9C&5NoZfBIEKM_&Rc1UmpuQ8-s~W+nSe)?|1G^$sEQb-Nw9s)NkRkO!^4ZYD;&=Y
zk4?Xvv#E#3+kMsVHQaf6>3Pc}t2DcUzyBZ3-UO`Xwf*~E84`*RQZ~X4nL-(&VTXjI
z87VR)D|020v=uf<n-CF^(ja3?WQc87NGeTRBxGoiq%uT$Ki6vC|NsAapXYdw_juNE
zAA9echP8gb>vvt}`JGPTPvQh#HO#5K7Ffg<EFh!oSd1GE#aP0>kHp({(#kCrw1GpQ
zaUUBTfK6ky=}FzegUwTKk`8_Oc6<4l=X`h2?&|821>aix`_L9=lT~t=E|+Y7Stib;
zMbO|=`m-ai2<z5LGAWt2eR~Y#HyKRS@x;Ey{KStpBl;4hHv*rW5FuF5mmcujymIAx
zR#(GQ>~whc=l9);R_TmE>INg2j5{t!^;@7r;Z8RG33GuI{THpjh1v5j*UR#(TzWqX
zbMu@KGLZkA5p8$aZ=}R?mS7GT3DCLon)BUkQb#fCP41-^9`_s!DD&*>TKuGaxQawZ
z4V!<(!uUNHKM#MPD)|0M(!o0r6%&*OCak-$7^zcBOpdi;0Ij2v7FJ#tUvkF?cJSNm
z5ftN=Q6#rcSIVNJUoP}S<RC_S#}=^zK+hq9WC9j4FP9rr`h%}iTra+OSQYs_@^j`X
zAm*l918OFE^vr@fIjjD=iOZrzqj-LB>HKE=6M}+R3F=thR7Tl~1xnjZ`3l`%C2ro7
zZCOoSH;<((R<&VQf_dFAX*lkdjOSZ2^u21DTQ>*p`|}qQ1qJK1CtYd}Nz<&mTd7UW
zT_8K>&^CH<{HnB5vJWY1?GhcTyynaw7g^ZWetsM8b*+2Eow_vLw1<MJ-_~O_Ss^o9
zDYmg}b^cx7FZ+BSedm8Ug_%#YrN3X8(@pZ@1Z3adUSqULwu`p09^QZ7y@CQSq6L7D
z3Pa{36tK^*m#n$f=j=SDh+W<MWrY1JEO)_X5J)Jbi?6Ku4qjfFfilPs@dM%niVEp>
zE)0cEeHn^G5ekUgm4H4|t%lzQcJ<k~QN8zhMTsM`Ga*%oh#sY@`{xHIbjO;Ue2%-R
zmQF*-GGue$eql{+H-5r|S>by35gX9d!(TBqRikHO`=B)GKe@YHWB3}cMtl9iga6PN
zSLmk4JMOUEG};CmQhxpHJMb!4AGJe?k_BgrwbR*ds&#M%frE=KY%s)&!LjGlyo_dO
zOZn5}8rX@meNk*-dXBxIJ-%O?$X$lm@o}Lm4w|Khy`N`Tt4EN^0<w~D(Kg|rpqGkt
zR|`smdF!mABI8+lU(aU|>K#{b&Vkz6+Hk|CPg8Q8xp3i6)mI-rEXaHLJDAVI<q=o@
zqXl4>kQVp8BY~irKYzY7*lD=$mMtQYqwM+?su_anq4`-wsCvx@rgT;;<EdlaS!|)=
zA)$#?-)0-kCE~z}4D7d)i1_K5{${<;q&_{q{vIc41#}lYw3I@*bODrliUGN?vy(1d
zQ0=f?agK?qDG)6VSvvhjB#S)Tws~^_)3hxPb9z;lmF2}=<IL=dpvUcso<=Yz3xgKP
zQ38Juv&I3tUET~-kGpzxJO`xCx*<@p+M(aReiiMsF`4cq@OzEb?2z}7K-E8mdDuco
zl62X~6WM2U7W4@zdXb=_prplV_7i~@I@<%`;W}y^_$9(&xHB+NFYDMgHc?MvbEtO}
z&x-_1BclZ)!m28tf<`b|mWG?ML;tr;$dSm-H}TLuID@-gGS6hDwSz;<&~<U^lTV-i
zJ1s35mv-ZwjF7$|d-ukq`*rWI{hT2aRX7<NYstPB1zOgInB5E5JkfOl6`J`Db?d<m
zVJE<@s@A*rBvSmfL#KP2H81q_{ee2<IXobJLAeIODdUmEg9kl6tS<47yK`)jr0z58
z>V2`S3QAg8Nhv3F_g~$^yN2FBz2Vqc?XP@Xp|Fq3c1%1JztMd{>&pbWGF|1}yDI6D
zBNh%eHlxulRK7nY#Vg#mTQ{;U+q44rf3cSQgA7ccTbq9>hK;wmF14O$s@at8(iIad
z0ft0ta$}6(fXNGJI?OES(D*qCczIO=?!;cPh@`=zHSmmXBXJ4;*qkGA#ZUQ3%qb{L
zybc`#ysEFEQqoHyzi&g(=IWWg+zJ)TYx%$Iu$zS*lzJV(u#gwVj~_Q~PXB%MUFj}A
zaPCH(I(2XB>@_R^yK9<M4PCmN?0e$)agnJd-7-?v=O5$@S+2Ir+ot}Ec$w83M}(2l
zPl_wHcj(tZRrEDfzMrd#vR$gB51Or5Z4L<lKXJwXfVQImNwLA1GK)&&VK&RTORrwv
z5V_>!<N%|i-OP*VB3Xqr>&|Cy4xJM3QvF*eDE~f}=K>NAJxJd-;@}M6cbhoC!O`kl
zIZ)&-Xkl{Y4(6|EeiOD3SEYHu-C;dudcPKqckZrX(?)~^OpS<W|E#OF)g%@PC49=u
zFI1N_QHTN1V^^lXOQ2Id7aOat>vEebf<}iLhSx*S$?vhys+tn&8(Sdt(wyd1@mS3J
z@Qgv*zlnqQa5tHwA!)62q!XBT3SJA2=efL1js?CzUYdPVL5IuB-K5VieM-%j%E&>!
zgPI0~^c;Dl*}{f<3n>#XY$!n*NEhz45TR4t$r6+s0`@ijiB1b)Yi@93rR7*r+!x%P
z<0%@@@1IvSS-%P|?98aTk0?|ctM${^&wm2QBB)Aq;GzkKFpMjpX(fpV^=01hCIqzV
zcyN~CrKR32FQ1#&%bMs-UWy}+MDStx{ASvrps;886?ReAuU|*@Vm|O6m(CIsT=xDG
zP*p=VgAXdHs6<cf>3`@Ea_Yl*dj_Lc;g#+U=F+Ek@0L`RrK5Y<E9e}25Uv;+x4kuZ
zE+xS0)b0JXP9uj_bT6VDrm-*o%M;YX^+FFr0D(J~_Z=GHEd97L5tMk4p<xMz?)a4U
zTJ#&#j{3uQ3NCE-ZdPjWmc_yC8#(#e%^6>HD}HN84$nQ>xYK9P?n(b!BC$~U+)Ghc
z6PWY3zIzY$lqF1zetKzHN3p#SYactn?BxC4<JU&=ZZO@Ro(KnNyOW;aG9z&wx#)5X
z&hYM^^O0a_X|ab=<dBnVS1I!;P_8h=c-x)s*T831G#=pS5Y>(cn5>wz;N2tVqk!U5
zY$g8b`)L((r}af#RJdZ6zC>cT<Tr28Zb`Cw$p(`ucKE{-af<Top$@Aw>9cev=6A9e
zCHr$#{xA>Oap|V2M2rzB!V=pUC7p9|u7!7h_DdD+N5$@4yL`TV`nA(K7#w#_nvAku
zV?KmK<FYeqo41$T?k!AD)(8twM~M@kcDS4fGs$y!mQ}Lig9iJP!%+!>M0C!7heZLY
z?V_X}Eq8lY@eQBLXa}%@n~7ifF@|`Mc>9x3$?p;3%Q}d;Dioe4jYunCeh`U(`p#H|
zW5in<LWzz=VF_d6iPV_b6LQ)X?e4AQWbcAQ^oa0Ib`!0<`3dYI>|6r^S$sQG2{e9s
zzz13GXlnkL!5kOEdN9c?R~UWu{DmblptDiV7Qz{fd7cr3#c!tryEykOzbim6U~=Zx
zGE^I(++X4uJ;kAq!1AAhf`j5(N4~@X1H%FSoZ>j~Xx4`(m(Q#&z7Q3)1gB}}@^%uJ
zQ)kPm*_CkuETqvW7YbaBG|GuV7Kd-YTw6a<MP2s=k9xjHC)hRRaZ((I><HvVhfiVf
z*U{5E@L`zvH6kfZ>}@f##%%QBQ*vN<L-K1)8Q68v3EDe(vb97qi*~_~V;sld=#4T?
zIoumm_gaC-borr@@|K3#B##Cl3-sST<-wcvVwlDjggCxn+qQ4mjVcL<%Xx<71B3&!
z`qL**Ai=Q4QG`{{j>(=0Kc8a2MI_(aGcQ?Fa3NJd=OGk30lyDFFS&hsm}8O~Cq(*`
zpHLcwr9tYF$TZP4K4U=3R5LT|2WYneqNegZkvvJAEwnM}Bp&>P=FwlbKbSu6`J+c8
zpsErI7%i)}v6*l${tlYe?c;HU$ZI-7hJ33ya{_F#T=?<!ur%Fv#PFFpEb+)74&<kC
zyBMTWGB7EgYoZTDi9A4W%l>rkEV#uOBcl-`R)e8AI0VbIO%n>(6?l!cX_n;t;PVrD
znA-gFsQjr?FTCDLZ=B%e<7Id?nK$(Cp+%xYri*U;f^ZNZHdpwBt+4sp4=;8BMkS-3
z@v4_<``md~N8*U)`K=N+KbE|b7FDb#<h)Bd*V$z~l~euwK_>thb_j--3Y862y1j}k
z4Rd!DbJUJae-8O0C}_#WxvVPjogbUQB(+0#wO+%c*G4?<i1|{v_h>A}+KGPS*FaxL
zW_wMl>srXHYC><a-xZyID(dO6lT&=^Tun?QC$iC%VgpY>)>?26N?o97Trmr6l2A54
zc5uu;c7{-*IQ>*#|9b6sS^@TD$Ulu>voCZq>lph~Iq!T#``&%~*3{Hwm(@x;#2WT8
zHAjo@<`!!;nD1dN8bIi{xb$nN2PMU;mA(~!RaevaE1(y~JiI-3O`#g*#@_xoOj7>u
zQoYe-xa9D0-qHSyGW=l)(lSa5>~PN4ncWDJq};jl`NBTTuwf0@oQP|Gmu!XeJ;qR%
zF~wX&gg1Vvtwlb`)Ge$|>#zNw2_<2!N9cWm;zxI9bV(WXZ+ZE~%KRa5cHzg58@WDI
zXHk2+v()J~X_C`mwFOt#{uXB^VlpEphN-ScD_Jst;1&+dV4o*ULIF?a0hu!k<<rzJ
z4YK=C**uQdu3mNG8#(tNdr64oiW5*#89<84R3+;;y8=h?UroKiT<*DEX4hF^QS6vF
zwqHLNo)<I4*8WcrGF!9ti<4`qcqS<l;tbybYi#2*u}$LGC0>(Ln`n+2-WuJxUlV3v
z05wlmAIRVN;#<^qbO&eYzCJ$%M~O2YBJFHDSPhJ}uCA_Z{WX#INwT05W%0zDYpHzL
zHboVRRI*L0-yoVW80V8C!q-d^^K+Q>UjF6{BPm_R9<4^=(XCq^T}0!}8j7AI$5mKH
zW+|MX<qF$J#1gv{bPj4Ub|QhU3|2GKR_)WrvZ*&S?&vrDC`cf28*g@$=ndkLX5{-=
zzeg7!7)?)#(II^D8MA6R*2Jbwb|IGC4ZsV0=jVn7dLR~hqWd5eq!7};JRBgn0rF*{
z?ZM4LtKl>v`Ewt*D4?zP@7~SXtR9wGjaB4>JAX&x!UaX{G+Ai^<Gi$%^7yAn<k9<)
zHgS(m7|&M1uH?3U{ilaV#?Zc+&FXFm0fy1hxin0bF}}iNPDNIv_OW;=mw%d4T#C~b
z?lRSynRX5tQ6=x_aJrhZ;n*j8OZ;8m!Ga*VC<ktic&p4?n8=t<7-eK`wID#cA_>jn
z02>B0G`kOR`drlb9y`<F7MSaL7HpQg9pB>|y3LgLIH<f5^y0>>zeRFyrMvU&bts(+
z9DyN~v^cw@GDk9o|M|ymzI|1Bxw#TuGvpx;Q1j0w_C^&YB~_(1Jmb+i4^xPNpxeoR
z<{Yr#=pLGn`%57f3l3${Fl!tMAop?$A$EbPy`x*_{Ix<aoR)?G2b=>k%dJDd(D{;N
ztLM0Y;z1O1(=T7R@Uga*<j^S~@RgoR2rP0;G@=Sy?GZ&ik4h$3_0yB(C+z1>vRZZ1
z9dx^@{w$l0v~D+Rvb`2)2=(@0HQWadn&Tq1%du&9F^zpSK}+km{`;(guJe3cM!V>|
zR#v^woxIqo2WQyNtZpn`ij?I<HWR7n$s5nNmRNPB2P00j7F_7=Uw^TRU4I0#Gjfmw
zs&?%7<BFohMBbgR;3gn-K5ZGaVp|4V66Q_YFAW^d#GQYttvy-EqM6ps6bwG9qg6ry
zqCOJ+!o!Dl-35uHq=lG(Wgc^-I#GkTG%DBFY({m6Gf6q7OV6H+uzy)y?L0G{=YqZT
zb?TU%L#X%E8!5cH1R;YP`IG&RQC&7go3AtbDNAA0r<xjxB;1f?pOwXFFHGf(M#HlZ
zd#cYn8KXGCOKeem(z18#G0c4WbZd;Jt4qSse}~?G#spX|uY!1cwlzeukmyMk+T_3;
zCfv@_@)4II_I^s>pMZ;B`Pn3(8XIp#VCk4xSX#QUsF^-Kg3_JGWB-0JxRuLL_09@i
zEUH=rFonk}-9zVHTQ9r?_)*xs28U$|H~Xq$J*h9p`#F^9fFnY|vgsM8Vr*~~$D8Ei
z*6@|nmPj^EHaou0)@#5iY5nZ$SnFbYbW>A1eZ4q!>sFj;v=5Gbru||n#-gLRlAAQz
zDXaf^;DDWe%!LbUxdVJCuD2ZGWQ?7)H;jUQ|Nf`IGV{Nk<K_~`er9#hl0=82hYl6;
zQ%8ic*FB|#*RVhWu<J+7eG*?s*_T$4j5<oY7hiY$cpnW79aW|Ay|JlpIp=h3H1<VC
zuRAAR>EVsbjWCSH&hf?A8$UYw`Kuk<*E;71hcsyn<$GVm@1&*dD$=G}yHYXTQZFuw
z@KcazFJ@W8@}&2@n4<>-NG9{wS7{wL<sC+f1_1%A<XN>@^G`w!W<(=LniufpY&UiF
za>94=Jl!O^w#?2>TU@aDMLm7EsBbN_6R!N;TVj$KIB&2dr#IL|+ji|zeO?l#?@r%`
zSioJ(=)~ic@MsaC8(oiP`GxjMMX5+?z;M}$2^5bT+WNokXJ{BvJp5bME_qQy(p$8R
z2v7m$>DXo)b?}wn42Z-OyEWYtNirNZ{G)OO8wc48lp+XCm+GoFJl*qmK5(4%nT8wW
z#3I^7>+n85E)QyrCb!&DMe=aIkIy%L2<mltUFM|!<1bx_o0d35$+}Cq?6#2z2wt8r
z@L9pzx2Lh3@VasuTY8TGX>Tv|)e=eYBl!J(s(^%fRO|lN{&h-9P-oFW96Ek{fvrDd
z+bDkgH??Hi=16XlXo9MKh}!P(R#aM*>mJPmb&5Kk%PkslL7p1>VpbCuj9LMqLlbM>
z+18>d-I?PStcfg*udeOs7Q_?CYYh^_*^Co_6yV8_1wJV*E?n`fL0~yldu-%r<LlBV
zh;L}|xy2eMI!t7AD}rr&EQ$fvGeye8jOg?)Hvr~<chRHb65*h`xh_UDT`eEAAsJU9
zC-$$}+Qm<w7WL^xRa03ov~2UE%uKYdC<aI1WB>GeS6Eol(PgwE&s*q){5(Df1P|2l
z<MRtsixffOioYJmd4$0V^BAj)L?VbNFm#iSEde``$2k-!_AyWwzA(gG;4X7y`eTov
z0uCKcQoXMOXdydN>~aC}7cNmFMv7X;^pAjm)>;I<XbOgfi_R;QX`;)ZG_I_gZ~6y$
z>nM;wizGS9xQO{{3rjF49zxJ~t$~bw{oqNU-oGh7ua$d`&&kc*Cz=}z_F{<#zyN3#
zz4Tq%gaW#Lu{zF&9Xs|6Ku~*Q4&ja>t!C_<0N!2O$q5CIBU($;f5k~WVZxCQ!y<*R
zGc7wigdZ3=mJ&!rT#5mEbL^#h;ZRr*PVs~bsvOspm|Sjo6E7O}GD{r<SOi!*UA^!;
z;=<gsfE5-nGYZ{Wvt%!1%h^SDNVBDE2&{oMHdni%$p4*ixme_{j{lNUvI%I5!9^%)
z&^mnF;S6CHXII>Bo`NJvPqg1$GEZ<OCUFPu+}RAnz(b|7Il;SHXP-Hs-pJ7V&vp5#
zx|Y=H+q#Jk*MSj8N#dW?Ssmw?{$V~azVz5jegQ^Q{F2pK9(4D%Ek9cs`4u%$2}3ah
zxL>M}Ll)Hrm{yTzU6#(|9`sU9#|*AHPzA;vu{7@|(u}iS#r|s7vUF$G7?%P~`2yL#
zw8aw)49M8^KlE_-2NcG9$lbVz;BpK5c+@;MG`&YEynSLxR@QLp?2DtRUwm5LML0#^
zJ$GRmVJC2uN#$Q8R(Q^SS~LG0XOIp{Wo&4%vA76n8pRtGkW|wP@G~%prVZfa;@C-s
zb}UKVn(7!uQ%En((^+2z^!jG~1i9PfTz00!B#6--$lm;N|M~mp*Rsw5TN^oC;Xfe4
zPl+wBXz;LM7SpG9nM17ES%(Bp*ef`{o4%s(S8Ug=D!H@f*!M7gd21M*@`3JJIbHKd
zbv2umSEaF*)=B9NS~!z_{a_;l-#<;BZEU2k??qt?D#9?~Yfg#*T3vT3X|X?!8Siq+
zCJs$=OB~2gdx>sODy;}W9jn1N*1l{Nyy5^FWpv`Kp~f(AC=TxpInX1X=ZZ#k;>7P1
z1C$(_e*U<|rzMogPq4>8b+{r|HP0N_mGNf+*jvu*APjVnDR0(8p^4_7#yk8KyEgfy
z!P%2&H;~XeMxj!_H2Oz7N5BB4Mh-qWgBGB@7OZ23?b}org9hs^h{|OUp#zbThYrQt
z#WM-0(qyVgY?Qe(o8??YmMiiWoS9&;unO$%l^G0~&>lDt%z5llysuZCMjXu|35br+
zZlAJbmIY7k__h5|%a@dF!N*@OR7b;+>wH}Ef#`+?Og?V1V#Q|@JJ71@R@M(4Akk|L
z#R!zoeaqkald=ym4l4v$p>y);2tQxYfvHosV+{{oF6~2`FQmwnD|R~F#nh!Eq*aU@
z>Fwchl+nI^Kj=o7MSj*!$6m+2;4}SrZ(~0vW8$Zmam?Xn#a*>=((fi<F5`Re#a%`h
zr&*OKaoofGMbZiDfk=Ek7LlapdC6#p5Ylpi9v@Yd__r6p#aT*o_A@yz6$6o^-rIx)
zHfiI>NQN1ZKZ6FGaCvu)i-GCdj1?5{@~|O8Fn3WB=7tC<3C0wN2J#JXT^-q@vwx?G
z<_3}vn!X}{V^_cu*e4|8U7gRQ<ATH7&Sel`w|<if#=wv?&Dr3u&D)ZpJ#}I!(X@cQ
zRX)Etv7}cQ(?4cJH&O+pY^Vlelt{EiJ^qAAxyFcc<$lha2oQ9_GVvvF24iZ)IpLib
z@r#~}CeevpCt%g3qvi3SR5a74-zQjsVSwlR3Ot4l=MPoW;ZI;hqjjFM8lZ?Ajg1Bk
zdI$dPYqU^MPpv4~7GKn8N|a~_wLVkgK;?H0QRX;@-1mP%Qal|#uq%4M3iRL{R5xzk
zba!;>U^NSo2aI~0&Kv-Zw8fQm6KifPS^KCCsz<F$7i-z}`%97XgT&yztIR-vQBGOU
zY0*#BYVsYFj*Ze4E1t|<)7B;az>GIsV?NRQ|CACK%}hKZ?Q|x{PnMuahXfpgP9wt1
zk(>XTl3PM8M~+=(1|hOIOJ)q~F~|LczWbp&6RN2XjJ!YePVKPI{O@;lC<h2%(tL9;
za>8S&3}X?duD3iCLJLn6Sy7VV{BEI{ZwRLXQxnaV04T=<OkFK``w}vZYc8|~CMNzr
z?bXiZ(61cgbmq0MmhyyGpz4#Y_us6)IG3VjrLGarAw5se>8n0jD1G~sITGyfJVeLW
zS}yIUZ@weKW@asVyZ&15PVZnh8ft6fiiU3MHPPqOQfdVe!pVadXD4M;W?31<<=h1e
zEWM@8JMs6<om>7hP2?g77<Yw6@LL2pRK>IqxN4#%{sJPbXuVK#EDB2LyCy18*r&YO
zYx&ovEWY@aO$y&96bg&ew3aSM<E%62*mo9~$2BM5ODv3U)}!(?>8DN;2>j#cOE!>&
zb~mLq`76xQZw}Qv_u~ieo_)Mw<S)j4lgMRb?}eihuqjrkxWo)sU3I4sJ%t{`kWF0I
z89bOF9b$|ztpV?|IAPAnlrgO$6};lt&YA-w#Vfcbk!4DEkbi8sG~+GGEEwc`yP2Zv
zMWL9#oM}9(UOarc_SV-|LDDL}A^C?^SZEWPesS(Fd4$^$3s(Sccb|^2_vvx@e)eLf
zvxY&ipkzF8Vj(l_muL40`0k3QKYP~kB@yl0Y~#xsOO75mP|qzVyheYe2zL~VT|m{`
zQ#NG{1J80&K@Ge=Sa_RBvdHfhui9Fsbj&k1{{vTGr*4QX@~@t|(>hp5i-rTZb_jA&
zhhx4FSG0IJA*JBhh!}<qA0C&L;MqJ8Nne2eHx>f*b!-<hxhAXVa2#=tz)k<ytlx)t
zV!DFN#Bkw$AtHd*`RPJijGk!TWwje-kZjI#`;>y4t_v|dOO9}E{)tTF>-ooX@kZZC
z9eNGX83nF;-@!)ol3W!kPMQ#G!fISK{8aes0C9Ii+dC$K-iurF^(&h&2WVL1S^0U$
z=Fc`w__cZ|qadaF+V-D_2&8rX>n~H{;dOrkWzfGBtXYVD6UwUoDf96z0Zo>W>`SIv
zdo31o11L;G86V{a6?M~R_6{oYsi|Aospnr=37$qV&9W@I1x_jk+!z}%pq;x(hP1(w
zU9aB1cgpKfN%1{={*{L>eyv-^m|(~?q7~_ZA)e+IZB~#tDpBuiFX!{}M*0V;Kil5j
zG5o>>-5*C?V#ozPnsshV{6`|)b}08+?0bTHH1Ed7i;juf&A+@H7zotJElPLsC1<H%
z)y08b+k4$IVSiIjha<~<;g`#%Jw}}&h-)xM4>#<-YYHH_#yaLwMcw(@Qq|r{c+>WC
z-5{u+mKg!_VRs`JZtXK+ec=72RA!exZx$8&Op);Unp%ROSg!cv2&J5n+S)tfZ6uzQ
z&NA86Q61e-l~*QZ&37*9j5%*DaA0~yYptc|TpOF;v)id@XgKB_Uur<b7Wpe(lgsYI
z7BP2LnMX#C3JP8>iL~SlbxM50Rc0}k0wKHCbXRJ_VHTA;*U@pT<p$`O%x(YHg-NVJ
z`W4YN$@Xy&Boq`T_12I?`iLLg71?WrB{gk%ExNQln&X%Y(J0%OuXX?MSY^rZZq)pZ
ztOk+tMtd&jQsM;3!ST`9ZI_Cax|by(HJ;W^5_#>fO?)*TMvz-f>Y*)Pjfi<QK%&{|
zxHqp}U1EM;x+M&i9%eRw*Z-ZN3J<5Wf;}pkhqX_E`>pr%f2E_SbYnWQ@kC(e03%WF
z)r%duLXcbGe^E1@ii#qUreqi2-HY$`+#M2vua4(j;PH}K0~zR!7MX%Yj_kYgxa3rj
z&cY?yKv<z51Ks)~jZ!^jHCWyjKXie%F`zR!&v_x59m%Yn@y?@`3nYaS(d5kkq<<=`
zWL4k|pa+$k*3e#~C;N%($Lt=G!hH5}-n*Lt3sv<J(rg~<l;;UHalB)(YQ#g!-$zzh
zm2v)_LrNWAb(6RU)x}Ge<b7NL-86~M;|dbDnCJt*`b)&m(l$0UG$HH()hd6Kpdjp7
z>U-!mMK5mBdUNfowpvTk&h_Zw^;3UOyvQZIdxj?ali<iMLN0CJxwD<3q7gj^D2Cvc
zmM(qGNjcklfl5C)v2%`sIJl`F(=F&b;g0k^)7cG%uy>}eAvCON-AI;*+kNo^6ND&)
zowvEMDAnPdQw8FcHEYCJWEKn1O(V#@=khtfgk&VxYH9TBIgWUhp$TTC9i9I}=xA)6
z>0H`YV)70#79>sSg+&2O7%^NeQg(;;6746mA7?35fY270F(tzE9^F#K{kY$muK|sd
zzvS1shM4nlSA(h~wm%L%if<g6hK;|V<}*NrKua8TxR6Pp_qhak(h^j9Uzc~_UXURL
z>1Y~J+<;W=F#mHb3SFjOp;!`2Sp(x&E+r7h{KAlf=hPtT<j=bQSZXE+0+Gbrw3^6v
zCw5s1x1Pi1ve#HSIo+Tjq<ozk)WeJ9f_s+i!x`jYDDPl)7wNjKTebQs4Ew#vl;@C6
zFzeC1yU-HC6EMgO?1p>>;K%(R;vEyokKe~|)}43pn00L5epg6Hk(*x1w83h-K`m^u
zH&t7_pz}a{+b5(aftO#;qn1T$^8`F{p*)F}Cl29)4?8cXDGCw{vE-gO$`XL)kt-9<
z{c<gRfEV>2$*J)>VS?hDY@>Ru`7}Z{u&%hLg8!l0&!00Nc>uPX=Z0WRTW~%QjG=HD
zv4^IkBr+RQ{Qa_8_IZ2RI{6NN?_M8v$5)k=Gn(E#V<-U7k9|jVvg#Rug~w`m1U%i^
zYfi8wh(?h6vs<v=1l?as;@Oc7_wL_cN5+Y#=OnMn19m#I0QtwbDigOy+Cq2e3Jlg{
z2va?Jc!*;SFPFGhUEmhb2c+MC)jtk+1u5k<Jpc7eqJ=~uebNelRu=PPA|u7X9rk_?
zeu2l^Jr>$Ro<v=Z2y1_6Xq@JWNk084MiJjST{US-8Hzw4JZ-W4mi`5)V1uFFKC4E{
zZkP`@4)*u=#|N%n=h0d`=K}l5nV#stwtF~jF&j<^CRsZE;B(G&dCMOjUbJe}O*F4$
zo1#p?+7D9+%ttv>^;e7SXTEIP<7umUeZsm?;Rv)hO$kEp<Sl^xgQ`@UspYL`X2F4<
ztlY4A^*M(GjDj_U<P;bQ{4TY)fq3}N0e3cj`xJd{yUsUZ>yYm2yQRL1)@x)qDThb`
zA+fKjYUUPx`7o{5wD>9h6n>p{+HS6PO#RR2;$!e}tk5_6TUuz>QAM%6AV9fr{ya)I
zAsX5Dg^tpNOHb`vi(m3(dHFxwWm1;#7eS4F-PzYKXFF+JP;UQZXP^K49CnVA*K;8a
z4$~}rIna4CruV3K+G~jitStzSzrTc}9;}(B_t>AQ?;wSJn5`$>w2C+=N|IpTuy}$}
zo|9=$=8UwOEit~ZtEQ&=qD9sX8#Sr4NZSKqvdtKDe4_VWRU5C8l`QzU>a$Yoe?J}S
z0*T~?NInZEE5K~(R9f%on3&`Ab5ezQ6XSIWH$GczK0IplElFYSLPNY7xcjoR(OVK-
zf;=kw-5iy*o}L2(=|Q`ivNBSraM=Zkp;BtIjYM#gSDXnE#{(BIQQ70#v-pK^XE||E
zyG8BhHmRE8K|1A-K%P)=unHUFrYHm&)f4i|oEIFm7(TL<WOxpH;g{;C)4VZ)yV5B6
zPbaqRzX_Z@Hwe_v_ngj*1^wSoo$8<HFkkkovGEDjS1(@NUVJgobP;xCz#NS~!@{O1
z5vS5WP*;5q>^f=RV4kqNK%qEG#CVo%y_9#1T0umlHF3Ef2A$;LS}<MqgUqXxHT3=<
z>G#_Y>O!fpO65(db%<CZ={F`yl6q6fPx35Rl^@#T*nL|`$Mb6-no5UNKhVv!*J49G
z=e`E4h7vJ<3(2!T*|3nN$2!s}<_7*bX8EJ?R{2sdGKr36#kjsE@47On53mMjhwal!
zhhQjh?oR$Y;(CNzL@^Jhy^h`K^XIYJ@4yit<?Nnz_Tg{`n?Q0D_$Lq7zUEF=wqzq=
za+TIx@vHe%yi^jojGAC89lgwqrC!teG0@pC`Fkcoq#BHzs^ThrBeED+FZQa$1viV+
z(zX|CguSY%0hAGJOz~#?0{>Us&XK$S*W8ZAw{CO6>*!dJPx!$~#MwD=x*%|;aHi7S
zYmnlKDG;cKUf>$3I8Gz@oOdXDV}E~DTp-qzvLwj_90xMDz_?>@mMfAm1CbxSJUFGB
znj}A<cKK_Nd;}jpn>JmVJB;xHEMo9YYt80LCfJr9-m-%x8z}_i>S?$!Sh7{pV#TMc
z_2}{F$e4_hk`iRRgVhw<wgo1yJO>cN1aQx4G)LWJL{PEl5gzBa<-~5NDJ8BN_J^VE
ziHdp5LF(VUSz{I_LiN_A)@L4V+PHD<e9^IN0@!DToz?jB|APzq(+k+{Kc`e&dm#dI
z@9X>VcbY?%e<2}3uOM~`qwbQ)B5tad4Unj@a&_~$wXG$^l=)0Bab)(!lWy4b;e+O`
zn)ob6^fP=hStR<ECei=J29+6}Qb63r8_d^B(~wxq<9Kj$D;IR|2NTPAU`(u`!#EC#
zjL2~ph`11_{l1=%@<Ae*GNwO<fbrw6Ds(Jj6a@GzNyW~YpunL=j?D9Fr7JO6LV#5W
znb#dV5|H0si_o4v9y{12<_=>rr~4mmh#l<Awx!#h&JZt++doDG)zCSTOHJY+Cq9Tl
z+g5h~PM=<wtsse=kx&487LoY|$RO86ax@FGYNC5`eqa|?e$HZ{$;oXgOGvZ${^`w3
z6c%_6Q^rWmQU2vyk0Z_KI39iU;sCFn41^`<AjP(|zX+sWg{0aT$$@OiMK5Xx8J9X`
z!}lNG#MlOjqwagZ_Bp4rA|@tR#{8W%+eEx1>=Y)MJWgV^jpN>-Rdjir0#(J;6m)G{
z{cbhb_wsufgzkJs1Qk2-X(G6LV>c$_py2Uy|G1hf(6%M0^YHKd{w0uCNlRNo1$A44
zB?4bZP81f87PpmdYXmW#XK+3ZYT<zRxwijOEkD_jp=Z=Ov=x1Wo<|E#UbzO^nL2V6
zqRrZ5;>@65g3?~4XEI&lTg%u(tJ!Fi7oxACvL&q~I5i<M(uExe;ZSgxy2PX|prxia
zqLMgcapV(Vj4+B>jw8XXn<;a-H3yB9_`hv0cf*)OU~*^lcX4THGbQ->s+;0{R0`7#
z@4AHN3p|`j$-fx+{_`OI(V$L+vJF`eANC%%S|AC|eaT2Y*78|nk8+4&iifZxkF2ol
zb4uYkVZSFR1$rWb@Y3*q(>lHCAo?jxp5D20(l5D4w&5l|cn<cUwD{68zHFyK_Id?>
z?SB7~K9VNntaJ?AJ%5EYqdPbj6*q7*m~PPE2l-jYFqqq~IVs!#wCR;%PC?~}Yp$|~
zu`CO2rf{><+YD9P4S)5JfTMk(>^xq|i4HTpJMkGME<!g<5FLue=a5w?9?Vbe*1~Wd
zKF0!JEL+rC+5>qOtJP7CEc%_?hI%?Fx{I6!h^sv8Q~abzGi0sA8GT?`mCtZNNWy6o
zQ&mCl*t$y2^C*L?<Wa12>DH|d;Z-hCGA1*H43t-E!L9z)U2@y=#h%{$fB)u_1ya;^
z$($(EN(@R45G0wus*viT?j#vnMlVGVIo9SS2tSA+W8zBHp}zFy%&ig8J|B(IBSnye
z%+yNrCW1)mHTocb;A~uTdK!z)xFxanqcQ4rP1#oIYyUegdX=`^196_33_{b4cgDts
zVu8U%5yy_zFX1Hgq&_MsLRHV~G^Jh>*1txg*iaS%5k?wn(`WX9CZX$FV~o-r<u+sl
zs!T^XfzbPqB_gM;zD#sx^%b^s2aJzadRh046MtBb%tw#*X1QuM6iae0^|BQ~Z;Tae
zM)b2f{xn>m;B(zvIL>(<scq4Ozy&rc0QIo@CC(idGs7xENGIl9nqvGDu1Fw#P5aLb
z)c}Q8(YDI7`6JwK7Sa8i8tda`L=%S)?a02br=b#-$sj0j#^nrhX{@HyTzGZuNx$zr
zVDy8t3)1P$<zvK%zu?og6>*=&TN;VEg9l;6HSi`344w;J4`{da{Br{NB%lBkj)hue
z=R+T@ch<YD|2QvBN`YJPF8K`5=7f@*E{0zqL~2e|2IV82FQb|ck>uH?6(u{k9Z)Ty
zB+Hi<C0#3OXa5FT2EY8jl4~qSwCxDZib7^vSRm&UQI0dB_h)i=yg|7fmFtVKmil|2
z-w#r(5}KaT0GbbU<SVJE8_L*1w~~s>pv(lXCo8X*4_r@%m#62-!`_N+w;<~fuA}&}
zHA+I~oVGYEJsnstKISmRAWsui!_6UZp}Nc1GhT?<79>D%N-w4VMrqgN4|q#)Dubrv
zP2z184G(n!99D8NmDQ{h7p?(}x9F0XgFCRRoEd?h232Ka2HE4_AV%ZhjHzi=Kkc|Q
zO|*G&eepw-o-pv*EoS-k-e*3gK%@%tAf&&a;x>T|P6XFurVvRGtT#?Hw+Cku3Z#UQ
zLx2gn%7NnqT5&ySAD$jyrpV#ZY|s9cs0Vm-`PgI&@It_X=!-i9;((EhiihWLW!}3d
zPAGqo*8Be8Q6^4uVfiha);E~jhM-xoj9P@gnGT=PjX*=Or{)anF>%6#UT2*-YU{+$
zpT|HtR{a({=XGDc6oruXXCG$=Ch6FI<&PkV-tXWl>@HkAE~XxMKUMRnQMoTt?*~`P
zJa&+a%_X|?Ya=PrV#-t`1JC}ZZH6yx`4$>mUPMv?#&TL};2N*uX#fb;4#oGxw06jx
zuuRbner&Ukj)@rqp^Yn-EMZ^?2tCW=>e`ne>J4Racg+C_LNX{jTZzQZMY~4o?cnqg
zs2<bufY3GBPT14R9cMTaPy>-AOx#>4#nx1dKlvf-p!(|;vjqzGr5#=b@fF@xg=qY?
zeQ>({gBi9ug9c6G*<U(3{sBe~JOF&Z{`hmkI!2Ed=@@nJU;!F8CP2mZ?F+hm=#VP|
zF3W0TcZX@Hu$o@ieGC3HBgYB-jUe+m%orm6!AUxKmihuB_6diZDzqcoZ6JJR+F4uI
zqU;cNlDn@yt8MWRwGQzQ$Q!jw8yb3_N}}N8<aSLjkk^UqiL}MivZ2o3QJQ{&q%6-^
zQ=Bw}klBnf;`Lfs4dJ)>jqQwTOrth2as?e>B`r0VNMyZoCU)!AEz7$e(T$Owp4vn*
zDeVFdnoEWUIgKb~H4sWAP9C;72;Xtz#-)UAJG57Lxts=gPsJb3>!cBjS8hzfP@}vW
z-Uk{WGdp`L+n78w1Ii`N4%(4PrGLHX{g(cOBM<{;`~v{x{Fi3Jc?xdl=gW~z)}#K*
zUbfxCpOYWQ<3(QY^oVN(ED@T0B=1jQ`+VJtK<W{V^w|#AqECI}HiTz`<&TVuz+403
zy@`$e>&43i$?!mj1pTYFkJ#wxy619M*y+SMpN;LzE?V<6`MjSm#6N!-m!1D1D}RFn
z^Is;THe{IWF9rv|)gnsyupAMxxP#Ci^r3feMNQxVc#xePHY0lR#qmsO7&q<<+anzW
zJAFldT&Uj<G9K7&U{G?PP^i%ec-PzV2p6m#$U%}4YXI5XCoVoQw_`x#NIZiWa?=*T
zC<KG_YgqjHxZDytQuVVkbQ2<)<i8aNk;Uwb#!K(1HhtyCYybMI^}8>qCavC#2+5ew
zWFUTgy*Te|?Ch4VSTS8pXM|u1R7F)T=At#fgbmj?`;x={uIuH7rzj{$Hvf>o0cGR~
z7WZOP8Lbe|A<d&zy8&Sb528r|zNP)60jkVMMLZ=eDO!PdT$uZXW7=j=chDx)ttE<*
zoWHOHn*_ni;6C#z&(R7<9oEX^rbri#NnEVLc{4}WgBA_RZeE)r=-F7dO^!^t_i~Sp
zH%mxru(cf3DK}fQp=Tasr$+D&>G_I*hv89~o!Iml*bpG3=`)une~57B(UFi^jYswF
zOTt2tmlIzqb6lm{jF*L`#cHCZCTy;MkB$gBvS=65SL-E>2iLlDd98w*R_OhIR$jTY
zejMD@)vI$;Z}NDXp0rAB0(lWk>-m(ECE@8{%@U0cY-izP5*-9Ued-iz(#(6r@a?82
z55v2zzR>ZuTK@V?f8rG4RqNafV~`i76=Lv5;qbQzMB&y4>BQSLbZ(49@LZm2LtDv|
z;~<1Tw@*)xevH$a&nD_s-98)Y+EF68+0fqy{wd9HUwD1PtT?;J2f7fvPqCLX$=<=?
zaRjB7y4foGw56lHhBLDnsU{1!^_J<J83vR{Svjy;n+TU^0q!Nrk?GC}h37bRKu8%!
z6*+Q9OT`~~jp#6HDGoyRUg2lGEs;L6AGe&KSTWfEB!Y32(fT7%PVKlEE(t#>oL;0B
z(Nf7tgdO&p-pF3Iu3r5CGT+kOhAp*|xZJxP63B!;f{v5@OioECCpcbbL=2Ux1u2*K
zVL#lUc+wEp_8?#-jsoEylmAqG2Fi(?f3FV=J9&@Vo>gt?E&thUmX|NlJF}-FGnboU
z@?)u`DPQy(d}y8#_x*k1sYG%fT~g$?KQrF|6!L(c6m*7eArB6otp6fZvUYM884Exw
zSAiizvInl6G~WO5_fb)0bmejn45jo-xp9RXM6KS^8F9trY)1bcL13&O07aHBX9^aL
zp%}CasP{Nx&M*H(MWjw2#9KuAq^x+CQC-E+>;+%Sa|5szDu}H)v>oeBV&W|Lk*)wY
zy?RZM=Erj4^56I&CNi?OsEA1SLm%?@bnn}j-vt1lI<8_VXC<Q8jEpmmg4@QZqszcz
zuvALE`Kg!MN@7D%=hSeZ3iaAUWh&Nwfq%09(VRTJe}C8AmjD{gV2c{Tt|*E<-`p*$
zt+e}tfyj)Rd-fpS`tym2M2I*fL@;qVB%_M2q`St*v}BT!#Bm$_D&z_KYKYu+q72|5
z`E;WB#~H_<kdV$tvmO!gDwV+@9y+^+bMnx>eHS5p%qop1PCP2KJ*DPNtxYm%ET~01
zj80(9n<AH0DvFhqA%eWP-HH{Y>&u-cYvee<fB1;leT}T@;QTS@)?gl(1X5X;s2P$G
z)gow+uY&ta1u;ks{`^J))ks&<TMU~iTN9U(oBO|$4snOEgISGA`F5M78|5fuVY0se
z`bHkRFK?BRk%7a=HdTr6CwL4tM}~6(Tp%;~`t@sk+H%w(JPhP{Z3Z)9y8w~H9A233
zLGoO{9k99qfmWJg8sgKhOz1MPr$t78D;Rbl*Tlr(CG=);#x5%ZJL6NC`#47H0xXTI
z0LC3@V8B#wU!t|_pE8TEy1E*{zw5^lC1%sGF~Gc#d2o-h1o#3OwZvDPce-Y(G>^`~
zA%XKd<vI~c^kuZ@2@Pl;ASF1)*){20hCg}x?j0M>Dp<1oBBA7CEwBslS0cr|zP`7<
zG@lJ%x-&sQNMhbmwDNE`I63)Zb$In^F{}lS-GGRlJ9h9R<2@*x3#9Iwwn+Soi0~vV
zcW#O&BcYKLd7dHcL@<teeOHeCj&K-Pub|5ONL5A_h?1d57RqJ|;?@aLn0Hw)f}PJM
zZE3Y31P`@4_4&GM&zM^Nj%z()=+L7WE}X}VdJOO+H+LvC=u@3$X1as=5tyBuJ4#zS
zhJ7aG1qC+Fxs@<U2)W2s$jq#QR^TEamJB|?{EjztSm0L0SJy=W3!4w52L7<8<+1U1
zP2<Z!XmDa3B?^f*Hj$*nGf&ZX!EXW3;lg!Wv0`3z{OSXjK3o2u(EVcuzb-jV$uB0Z
zKY4PbQPc|*)>OR0ZxF6?3||kj?n*`$o`tQ!-r|`|sm^u>I&uBCw~nnP`Agx2IOUG%
zE^4LKhNnc*0NxOJjp=~T7^_M_g=9jccl-!u=ip@XTDR_r7|Z@rI;rVSn|AHmnVMrV
zy7~R=E}J-!XfaD&`~T#)FvM-*1#yGBk@P7DvDjCXV1a)kSkl{wW!-=W?i<meaoMeE
zRU7`J1;CN)TV2|^6-64GWcVPA^6ZV=N;u8`c37-AP32a&#Ai9@kIW~{u3(1!1>toF
zqCbsS=(_8);~=vSYkXTg6S57<bk#ANGT)XsHtd0pi2{4j9J{h#;Dxy&<6zk`do&~k
zn5iODZVi$6*8;6NCa<2gW$&In5Pzq~F+26Lz@U`0mj3IZ=ycTQ?m2iPfX%q?n<)QC
z48i?R<FG?2%!bs8UJBHAlwIcw+wZ)aTaXOQ5Vt}yVZ?|><W)0DvIss57T~{(6=OS~
zJyG`Z;=OU<Q?`T%dCWQwkAyAL28&}OvZvU3*)RD)6|@E4eEkaUClUQ(e^*+%d@khW
z2u7t6Gjr04{>Yt3HKNdvaHjYp<)A64gg@d;;~Qw=3RUh`-k>(-*`aMm{eXm%sZFUr
z0|4>(Z|ubPq}76nqN0aSAl!^X3^`(Is<GD!To<sahe13*7|^{iu$&trL??8|MaTaZ
z%$-C}NZ17(mLAAZS@p}=x*-`Dh%*@sMIBj(#~gvVC|?O7$!U9b?#2G>O`r*YAQY2C
z*AvG;Nz5omb~w9-A~m3J{u;09VlSj&!gEtBOZXW;YfEfvyd{g!>Dqdxn%7}*y>R(*
z74ZX9GGyFebGg&1GCm;SE($i&$&=A7&>OfjT#RlAgMsxK1?y><0yw4rQ&wC;wpQc2
z>#yX96{zci@9u*ohtIP^ZQlHyQ$SHsactJV*!Djh8o1KdfT{9?Y3na7t~W-fEb%`i
z;kj}-2d&1arCITSZ8`IpSdRZ*lm~i!zeaSHJhb1m$)JQ{O8qnQ*v`$p_-bKuV^2A9
z+L!*sf5*wxxd+7FQN9njzDt);JTLfjsunik*JtZ2tVeDwpKzR`i`ig)!_|B-u!J-K
ziOTEs-^jD)__)FtwEzWStTs1ydvz8VOrZs~b<?GVn!ae!OSDcx6XQ?I0Jl4C6_rw!
zhzsLmXryDJK}CbjPJt#hd@&cA6RqF?zgVwxOAVvpZ+dbr4I;9?oyxszX3ixqgk|c#
z={7kKTnWY7Z`M;gAilEO%-@~7d2>tN>HmgU-PCEk;tV6%(vp(uWqeCy=N37A_&uOT
zB`w+69b`R+w*azk{Q=Qw&)tg7{UVp9^!@k4^e0Fte1eCzy!iUH1y0P*K(i%OIe3sG
zqyGgvmjk5K*3~^_(7N~mNop;hqB15n){USIU?-tg7d2;O^lel)d;$aHsT78G2?dDr
zFj$J?C&%VrG@S926{KMtpX5VP(jBlXB~L-(_M14Iwqo$SaN%|<jOXLnUX18WAz>hM
zI2{fO+|#j#D7Sm@P+VT#xny3_6t-SD%DV<w1}_w0h1<@bUt_qMKo%c6yL|d;SZd8l
z<M7ypQ1Dbd5;y6#vYTEwqJvG%Z$t<ObsI-F(5B{C0-_E{@|46E?EyslrhQq5?U7WP
z4&0x{7UVrgjS&QWkp-lHX6w#rxf<c7%pI2B#D9$@Y6A94UNc*8r*Av70O?-rqC6^G
z&lR_ggpTLMtd?u?wXa67HV~7xwzi?+&6ADHXW_gB)>J9b0visfldr9x#=&M|xc6My
z-iDh*$cak9@Srq<tv^N1v1a^a-n`;FIWGL;1i!vBxgG>@vwMp^h+80O?kkWYBef1w
zaS1Pb)4ZhSR#|w;m*(HMw%Tu^INfS&C#!Y+9g|MIYSX2APuZNrS8maF9j65)ChvVZ
zf7*PRPT{<1RVlj@?f<r)db-2jR}#B6Q+nU)VSdkbV5;$>FUJ>-Xs@a|eos+d=f3v`
z)f~(IJ|*k^cVDA-9!Zq>XY!bQVq49gLF}0B9%5DSOrAMW>1lxIO#sMC*%DOBz)WjE
zZ0)2;B#ppLd3x&Y898_`K~}hI164t+UaqZ7SuV-h1h-9VDkxr%+CD^<<Wa}nZWgOH
zP*oIKfRl87XyY5R*;T01Ly(y1{tTUM#B`+#i@tM0vel?O6>*{;Kd!y|8R3j(qVv|q
ziZfhd^(!LLl(@?s)zo0u7EL;uWklt`X{B7o@#=>j0A!Xd9=WEK-Fbkj65iF#4VBB(
zPn<Y$KG#hSnk~8f1glF<D=Z_(Xh#_sq|k|5yrZK$C~x6e=Es>z%wBNp*f9=7_63lz
zLCm8qEiKjk3V=Cj-K#+JfrvnfmD<!#twSj>G5~p+>3mt{(o3{cP?b=P%nrgsZfYKI
zXv6wz#{kevesX95#>S4+L!^tuS9pt2C{{eXc6pI69lMj$G1HScMZg^yZ<Ul}chX8k
z`QN;;3Lhl^AI|x-#b_JLYB{3}7X8)c?pM+=(HMN%I0@0Sh(72;cD&r0?Q4|!=mh(8
zEWeYdRmO8`A!Ki6tZ=s@x4^bV))nG~*}wGe%||^J5kahlThfN@m4;gy^@xXwwz<Fb
z5<00kyLgdtUVvF9#k*#;dMa^eOkaj($c~9QhL3UZ;Cs41ar<1~+I$Q9c<n}~5p(1U
zb8>!gE4_O4*lM%TyXE+b-|dGjfC;jUYz^JNA7Aw{&%Gb8nQ>is3lPdk@<(MI{7sIY
zp>U70t9<)bTdjl2lGt@G7>Wz-U^SRgYVzN~H5q5n=?BL!Jp|ZapO8U4g23ds2uf{m
zz*iztUUb7wM}OS7j6Z4OC3*`*MYfas8o|L2%PEr8KfmuKV$KRVcLjt!YKdarli!w1
z<T0KxW4C;`A&(2ipMd{FMk(4}jr5RSW8P8)V1FIh)jA-BY+J;VaCKkm>-F{!xi*}!
z#)}yNcDF{=q>M49@}LqGjivRk5M;Vt61!_>Dt(nsoluPNwB(3TrZcnqvWQ|rx48~r
zZIbUrUeQ20A6{KS<3jHXIW+LIdO9B19~3k7wkd@oH3g~AB3}!OJ*Fok7Zd+Fwf{bo
ze$WAKx1C$XMsst8bCv8uN==?x;DB$O5Soc!(6WvgGNgj~Cb)0_EG+e5qz@P?Pj~(%
zbBW4uMnwP)wE)xuyH=tMKRRZ)CC{=-+0C0b5mh<I<vxD=iFZN)q`OCGfe?@XK&^l2
z$`!08f}hP(?D%5xmKn2W<KNiK89)PyG@8z=xi(}gkD+xxRXtY?w!~JyOW2ohAH6-h
zjeiVjV9dMy2qMN+((irY)CZ>yIpeWR?|FVES%*gB)VYf25mmHUc8OJQ-@57<VPP^d
zx^?>W6tdNl5$|S~-<-}J9&~U<#mj|cFZBq5P2Rb)U07yf!MWeu2ZY`y*F_kVA&+45
zczDbni#du!?x|OxiA`hYx_zTXkj0=WTkTNf0<&}uUU4tlTX9+<MV-%r5K|krvE9!!
zBxN#c`Dg%hj-seqic;ZIK4TDe;DA*%*yQMxu?4U@%(jXhx;ai$%{m0A|MyJq`TL=B
zsL*+#OJ-vfyIwl;Mn+<3s`bcY$U4J9wr@^vCAp!+X=_0}@D$*kymfF)goPiWl8c`_
z85N;sQpT9u3!E<(FUA?Iq@X|O7&{~ji;kJ#KX8(e@M~$=Nw)a1d@3Ex_!!6QpRp|t
z8niQ|mq_(moeqMJAI_yd^)=WG@j-~GyYCsgS<`mjyeI6n`1<j2vg^0k0?5GO3t_m(
zK&Ar-c0zTrr?VbM@Gs}Q+qyjD+t1883f9p@LnDQ(+8EbM3b%n=FpkG{Kia)RTm8Cu
zC#`61Z}aHs-lEZ^s;{?|DlCW3gRWI~o>I;8M8^*)g*%Fi58Kh02mF9mPr>`_kw5nC
z9l;?zWXMU^qwiP(NWU1to}R98^C#hHPpGp*mqCUbg$O(VGiS@rtV#iZV^alR93^zI
zbvxjB(}8oDa{U5Snw`kipr^mXDq0WO?$iy{jud=mQPw&K0Yw39`6p9i%Ck1N*P^1Q
zGXi@d6hOXLTU9f(*6jRHWElj$ad}`*^G~4h%_w6!#$V-EYpG^260v_B@`zfDG?n9S
zLhrq~KRC7GGVHp~GW?KtCM0*%YpBNr`Zt>>o4DSLb<M37!+Ft(IK<h}R^_*02+*kl
zDJ{;bdhNR{X$(C&Z09<1ozSR2>hVu@AZ~9T1J8RGE)JP#Zhkv(5oMg<wH3MQE)+f%
z%N2&hpZI=6?KCQ)ZN7&67qnJUt#?qoVVQ%m?0^dhC?ndYi4DWd9oEaZB~eT1WM&#A
z4bNt;n;QvzVd}>13x>wVrRC#2R+aH^%Z-0gW~bY0ao4h3*ZgzgPI=`mo4BO-OR395
zw2q6*3pCM(fgK}#?lLN}HSEINVTJTy{8@N1jgC}LBj&Py3YlqU(}oQJw~Z|*1QU^V
zKXK@g*@<ghjCyIdz4OMieP@qhqq=fstOnE3q8;DlUBZ58j>G|~f>AvFuASLe#{9GL
zGi%|<qgLU`loPrUt@LK*&mEk0V0&0Y*~w1zgItN<jyN(Zf@4CwOjN`k-G{gsPr=&L
zQgj8zHWMKR2){OMv6la#F6_5|x)m(j$|s|lZT#$Sp*fI5cDmru&14C~*a^NB5$Q(+
zyvm=?`|IjZlYqPmPecj62x$l#J0b+@8riJ8*Xt+b(OV^{a!6@BgN;V&7&d%<x@Uh5
z&yDnv2qN$Z+!p_TI2khjieJ!v0=kK)`id$1_*z1)c^86d5&vKAl2DmBB5azO*`woz
zN9A8*4W7k9Z2))uU%p1X19VgJDj}F()*(RPD$J2Jxl1tTKQi|)u(>=s4wEt-2X^33
z4Gqf}+v9&o4Akb24ZqU_f+t{Tkl)rf|28byBoF)p1%qfNh72pW3F5*!gAKddFM=Sk
zSiW3n4~g?Yf1$0(F4Ij`#9}|VphM@*f~;ZyX7`T_OKI}MY+|}~F%!vWt&dFv7q@Lf
zJ5hMGrzGbS#OiPY2rIyM<rd$p$0%EmSl$_kR+Rk^6x=5?m>DzFx3tYOs)0{gQ6Im2
zp_nzFJ-g_9`#8UGtBOzORjAJ!?2Zb;Ai}cQCOQ6dD~aQ25Q6NZ<3j%HhtDde81igp
z>`n09mv9%l`#Yb=K5wt3L5quio)S=R%4nFJqn2l2rbeB}rhW9liir3`^W;LY5Zru4
zA##omiP>>UHf4ZSdbq(rrp#>Op@R?54(-tV%pNf?FbTMC-*-_#`KRyvt-b#a0UoeD
zK=z&LRMSvbmyl!@ZJ|98*%c|NhRcdB^zYw)d~aq=EYWcL&W5q49`O_Q{LXarDh$I)
zq*15*Znz{{==Uv}ofj-{Ow;hjnQhX*b{iWJIgALK2zo*?q>d|RxSg_LUqTUr>}G-s
z)+a|<4d$GR4U-<*x0!+*uQBA4=^tiM^BA-PF?G%99HC)EbBP#^g}y!1)X0{KWuKBy
z?i)LJFkx{g<A+1fqMn{QWs0h4?DlZXg~6X^W@crH$aM38xJg#AMId6X2tzyo+yo6!
zjg5eq^p`KY^ym@8NUHCrCT;zBBR*Kw6bJ<$%rLbMK9in<&ZGKBX!fnVfN+UXiD8{2
z8vDr(^!6rSh#`)iA{~KTqE+L-XE_=1SI&#uLSQ)lYDl%SZ^i7ZNqyFksY-p=!l8(B
z?(!3=GEe1@3{3_A|Gdt*O_pjx>0));gV4ld#$4v;ww;XvZ6rE$=akcO9s1<SliO=i
za7Hi4di3Z67NVOsn*eo|j()-kNj}c%6)T8!P-$`|0J^YdTX=VzSn(BMosKe|KvqM)
ze(}ncKDsWFUrd6RKz7`sJVRN=)nPs5Kb~Q~>NULzCrzWK4{-x%MK)}>h3efx8&2`l
zmoGK>aovFKN-d*r>MqMjcv)4Y*|qE983Va4CLW01BJUXbe$C;;$jVv;-p`3fDof)0
z>P^g*p=b)duOp+5al&W0u-Yo~DU|q$)o={`12=Bk^mur~{Occ}J<=9)o?6dl1TH<^
z*}g9@a~6rIe_DYw#s~cLsV_*!XBubCwjnb2XupaJG!Q9b_S}F#)T36j@emO2dNOq%
zsQWxDk0(~^KD$Tl*D&rA5dvLJ{m4!;=toNF-IsO?uZLeMD`0QQ$rr{d$Uu{z?L^Y6
zh+!i{oI~j|N(Cb>Df4kpHvlt@1$LTYyQsaGU&7``d{+F=>PdahQ@_^RB3{J9j#z^-
zIpvM*P3Ts-IRIzt*|;%4JZe!qJWufo0-0vMJtM6v3s{v$j~qev`FM@@+O?!^7jfs^
zCzhnxq$c4i$O!@DXs-n*nV)z2_H96*%66MKZ8~)DAS_>OcyQ91(gj-w&{Yo%EMK^^
z3h<kJ*)3NZu9iu1)C7o#%S67{XjAV6-(d(9dl~2)`xp;F;@uuVuIwC1G-3wtm?fqo
z`{&7%E~Xelt8Qe)4?g%HHg<5+K|joF>lg%2d_1|~$fq$S@C;gyBwdZ3u0V?Nd}cQN
zzmgURh)<~B3S<j@D_vd9lun*^qp;?EGrE>JFm^?-AW>HwvdpLkZ+0O_IP^Xx{LqMb
zkw!1$^UL<OHnEK?kT%zyXvSI@DnC`^Z+&O>yUxt#WfYs&#u{$K4i(MM+Qz$><K|@$
z;n&e#_PF67GFQ}5e*VNSBz5T#v~0#g-~-O~M*V?7X&pLsBJ2?kf+n}H!V{DPs8Tx+
zLpT$BK=zQk-Mz2Hajv(eugZ7*H1-^<erR#_A3DSa;bl+)psS>H(CD0$@4=!cCxQGn
z(+D-x#Gn7Aoqx;=!p;Sr?3%S$ewd-aG#O)MW3!%1$F5vIYb-juva+&@Gcc6*9zB8w
z^7QmP?MR=>h{tk&OdH}27b_vBt9lA{+=T7P?ECIN{#fhbQB`t%TnQLC+mn(OxvKO&
zF+FOSMccbU3SZ*mGvVfkQEvdX`DK%Re6Ce|cl&3JIDFY(>2*XtkGuQK?(dL))DO2x
z-}}qVpA$U}f5J1JpPye@YQJz|C&{ck=;G<dI8YzSD+7#r{;v24Tl*SqeQ;oi*+SyK
z?btBZV8dxL3p9NR-Ls|c?JPJwo_L-(q5`o_8r&`|g^}D$cSrOZl{!u1*khj>0jw!}
z5v0O~jTtat32$}BFDqoloQWEpMuM(q@X&#mkxj%oVi2)f&}TD+EsUQI;N3*Zr+M^a
zDmNS=zF<4x-to1Tlk`8&H}vqR!$^i>LOf^i0XhdOv5NCa&J~y`Y2ma>zIc(D%J+e_
z2}Z^%O%}THNXv7l7i{P)2^WT59!0t@d1d2xPSLr22g#oJ0)xAbiC0kDu!7I&xbTK!
z&W^z@%M(6{#5nR#$*CkGh^nJWoq3vc`qU<%M}7OAK%zy<Q5p0q;ry*ri@9&`g%8SV
zfesN+b&A?z{Y5{zNL5%SeCu<k@jOR<sHv>3zUf`FK)P*2G=2;M@`yMfTI&Lqyf0r;
ziLPsS4Di{ID#K*|+rptUuQNt+QK~p;>di`;En8!@yJ2|-Z`s%Ks1SbB8a#@q^*EOJ
z+_nl}s@ki;>#(CRh6KVPJY~xxN)kBCxWj;ox7Uu8KC9JO6tT!ZW(oHhyHjlJAM&Sg
z*r7+SJElk?Z_#-!hol512`*ehBM#_QGJa-}AKo&EaX3Kt*ZU^NG%ouSsO;#``SxRy
z6(VyPh7H&t1`q%R3XCjgu}Hqpzsw#<)2#2OaNjOfB0+({YU3_1l|Mkr#-AjS#|y5S
zSa+=IDG{&;yBDp75Xmrhb34#nx1h8c%ocp`fN|ciWlIePh;!QCkv_nLp<Lqiz!RXB
z*BUv!C;ltvU)v;K7{jbO@kanU|LPDb`)g~PB|3~@w1J8Hzrx=_B9_>~(NRAT&qZQe
z@L=&<=A)1d2$&4&DXQ6|9#^Mz;?GU0nHTIv(@cr8`0^9^$8{9L<teK-FrRKr=guLV
z+oMI-I8?;?i61qdY7glJNb2&{s~>re;I}BX5Dym7b~@|}Msm~Pni%xUZqC%beAnSh
zst+C$C{$5v=Tx=?eEP?+(#SMiy=c)L`P=Q(@`I!b$h{;3Fqqy}-Zh0Os-lA#7i?Dc
z_HBC0H46ScI<MmJBZbI<=`&|uUstA>N4%|w!u>5kk+x2JwtyBCod299x^w;=yWjH6
z-CcfMO98s@B?oT-^|DIDB@_Wv;%h*wdpaaK>O;qh%3b0l7cje6@E|g22JSfm5>{7?
z-fZ~>U8}isu`ruVo0h?CMS~lY$9J_59A6j0&%+BEM10_2AMB(c3IAiP#UOr-Bq#9R
zn@^|&UcY&RV>n6RD{u=hnp>{^i)O+PAtGq^A;QMwT@$GCPNdtBeuyTCI^Jg<yQVw;
z?h(Y|cUM0m2Qz0Ga)uC)mr>Tml+>;Y?1bvgl(2N3RmseGLnipNxR?a?#?o%$J-CTH
zXOm@gPUw&!124*RkMmnc+k9h&5m`hJbVbOy2%1)YivC#O;+j{se!SDptY`HkY};6$
zEke#qzoTP#0>>rCM<~k#rQ4AKObjBzdD<&od>?88*UL}%OE3aN%$aX4J$X;rpq>~l
zh>plwVZj*wdc6-79>QD)heGx-k?T%OMpc!&`ZuCS-;;-!`G#&CVJ3Ke|1M#fO(giz
zdMTHQti*l$v{aRd=vo4evU;_pOq93-yY@=Q<P&T**>H7UjEdIj8#j)Lz}!9OcG*~2
zQR>yt7aG^~K5%V&_Erh#o6a>*b-SsxqvH%E>x2Tf=f2HfGl&yfrk)BLi>47uKxYBT
zDFsr~do2Kdu%8hzdejnGt{p`q0YSi-Ljc%VOul!&wy1eP+x{D|9*6vrr%5W{;cq~8
zUqIP&-t^shcO4&p{rbjNK_mI>E7i~2#L*BD{#F+AB#A_B;Poh3Js~5p>nZ@Msb|76
zNz#HmqEQ@8J9PIe$JoxDJLgE%c1_`2+e|FKav9amk>kfLyQesfD3XsF2+w@8p)$Yy
z)R87P0dCB)FDXb&Y~@%e`I}U~7QD>OG1~diu`4eTXH|Lb0FYW*ZT`thO3%Kmk7ydu
z`lOZG&Yx$p{-XteV(H9~FFPH~*@(FH_bj}$bo$bzv<CKr)$)~e#RNsFnjN*mU1DR?
zm86Z@jr@>)s*ng=J^&YJOT}lS{9Qq6SFpgjwsL!nY^dN@OjOo}^!9(tyLiXLN>j_J
zVlitLY7P)-hF@=O{%KZ5QNGf1lBz~Kn$&`g6<lGu_ZfzTQW@Yr(-75m$B($h6a>&i
z#(Ge;f_IC|q)VKy5X|a{&J4T4v@l#%DOLyJv~37Y^%D#l2Jics)M1YoP8LLIEYl4&
z&nYdk%(DB-ui-j`fA8phq429pQ=187plO;!s`s;J2p98weyhW^d;HijCmS2ngIDdY
zG1%}E=O;zu-@1Nm76RvWcShI9GFMfC`KFRzp?)GXbO{Pi=jLZ0H@CLxNQv<UlNC7r
z6Cf$}5u(9zN=y4LJPv5n)^9G33T!D|ceUBBke>yHDecag{0ZpFT6PXlUF812cO;)W
z^_SZZQWQmisM5ttmrl8kgu*##brnY)WPy4*t_K1WY#KP%nLM)Wmkk|mtKp%hDSM72
zKxE)}Mvr4BdB9$sqs9z78oXvU59ZRDg>`J@c8O|&H(2gSY|iw7T`6(dOf({ni1~J)
znt8K_4;w~MnfX8x+YjVAenARPwqX3uw#~~{tt#=q-X?1r`cV)M1{3E_&BYNjk8M3C
z2|ExQqX+Ao9+%t*O5`hycrh5_ugF9$=$88P`OyzVrhKoajGF3d<btd2e&*Q6OImbc
z3yQpa!`*)`9_1C#zf!1Z5$!b9bk@T^`W>k_xHMSA>C>lqa1H%_z;Wl_zmL>8sNy|)
z)p4;`>Cm7<!Trn{SIW-1^%MKkmd{6S-ZadcuAn#7AY!jZX7mGRX~|oEe+k8x`XoqG
zsGGd1Nw&#9u!asAgb47it{=;YE+_xs&HSc~aSG3IP!s69qhypWCp+_k)PG6BZOi10
zGkHjCPtxtd$nv6v`H&mc&J}4u(j)<^1kzSxabwoDp`M;6WzW^%K_;zv&pe`CccGU^
zLn)y90>%Z?)afv9hrw#B_z_{k!GHu^Z%+-(&g#`7Eh{KZzCnYCblT~GQ8enz3C!P-
zf=s-{kgT64=$zT68&dCPW$|3$J7>BM(qdkW-^1b3UW?hW<>P&@w6LwNJ;JDPccE39
zF2byFDu_t_XQ$gl`b<ERg(it!h`m7&fP}&lga;0);j9wd0*~*gravF&s7X$PjmL2c
zsmUtCY~OrfXu@(35B25~%|E7%2qW5uj2Wd-<HnsCq4>GBc9i1_f{pz(g03*SsdG6H
z1frfrzOWx;{rGj174eLp-gI`Lo?cR9BomOWm#eUa#=W^kUAnTq&WDnnBsY9UbR=+e
z6~;Gj+}QJ$EjzIt71dkXV9ec=4SJmyUsUh;N#C2K={P%w#yq~ut(r&JApSE@85>^x
zQ;xpXNuR5zGw`WfXcKr<v?lw(gVCFUT-Z#bnon`+ydhEPAI#wVu2q|UAc*JM!ED-3
zg>scfB=WsWwzVheu!H#R@bakTz%IiorbNaCA<X~dkH{FSR)@Fgc(&IvJ(*K}>@}UX
zRq{l_$8%F__Hi8K&NN$i%a<X2amFR#;X|C8<M=Q?Mn3D?HFEk|Z*L+d^dGzF@z_$e
zW+8kUWpHff7z68T8t6ziUf#o5RjHI|%D;G-2<M=GFDi`+HTfUN{dCG#vD_vnkCVM`
z!H)9<jJgCL;@m4Mj|2sE49Qqx&{KT5|62ujeFZ&{$$1*LIa4S_-Oejq1qq0rPK0GL
zl{V7z?2?j*3Ixjk^;hw<XW9TOJ9mzuB;{q|K~?H+CT5EL4@g*ieK!FkurU4y3M~Fu
zxXHvH|4-nTV(j6IO+eaZFJ4@5FB%bprh=E7AA6eozbGK(WwiLiN&)1K0s4Vato`(<
zt2|l`wO#O@J^2-$7Vnn*zj0l`nTr8f{|9Kdb?ep%o0hbW)3z7CCbm28Eo+zQNp&Qb
zLIBGij0qcBh)fS+Rg5;(|51@|vHtDDUQCdpZ5#K*ob)QoGj;X#XY>0ID6%A7dF$3@
z*gM+wruF+Ozp%5LmHx9feuf;Nmv$7FeGs??Fd3Nj<>cf+fyfC&Z_L|Ys?*o#L@9e3
zEn>GarrD*3^erVK+qdoqn>EFI?W;6`%(CC%DHv->55#p-65IYtYFGgPpd3HlVNQpT
z45BgFpImiEb&F;XjgHoTHhf#`V&T3DekK@ciC!yl8{VNP7sC=FO8r1o*|WzTTbmh)
z>zDa%Sn?H%{iaTBJD^GQ4<-Wy_O%fJad-EjJTCUhg6#}ZMS`6QJ&XeC@{{+_C?mjJ
zV`J~t2bZ7kqej+yRn<^crK?UKTIM{(9>xP_Gs-hUC=BDH;ford5=~46kv~)a(LF=Z
zJ48W9CbY1toyD-pCQH4Pp6<%XD7$5r?Rx(IM|Iup5NQcXFq4EyB4nu6-e1sV*heWa
z42Rt~`~M;C&EslbzwqyEIx>fZjEN)}(twbJkWw^Jh=fFh%uPs$WD1p3(yUCSC>bh|
zp;Cz=6jDwSMN)d+cg}Bmey`{6XTQF$^YT4M?Y-~MeXo11YhBm1va4Bkf}Y1wC?+J8
z<j<2POhDAY;3=AQfDM&Xy)3I3J}Hq%>mC5kJ@mi9xeZmRsi{bMHBtlp>nfR{$!7;I
zlI`6at=Q4bvKz_CH0ib0{V#xbmC6540Iz1FGtph6NiJ1&`0z~TV&R{{v}R>rwDHK~
znPS0asccU_a)zEB+98mUxJB1IrO7X31Lw_JvMvQCI7kZnnjHjeHGi(USwZNCT^7C|
zkcVcRmrE0CWI0gmsmgb0`$?ejK;YasL%<^7J$+x~%OX`)S~7`yJQ|%-(pR~GZmvWX
zg;uUX_kiWEAK;%(b4f<!({XNEAN8ha3y1;cH(dHV`B5!0>n4dHTx|_hTisRuy~q+`
zXeseDA3d7u*4rRz$;i63_4g^4d+4$g^%6<eNl}rSpmEm{R{d_*gq?7efK!`JV+4gM
zZHU{>^9y{!|6O9%QYY)g2vFBM`u_%XRhw=h^ph?vFOQfyX&c+o<LFfM^6QEH5G{}#
z8+%)QE>0ZNluy@yTm{sZ#jZVR(7Sv0T*MlDlFBtYI(N8QwHv>tkqpl_*@v<a1bW&n
zQT>7Bqugt#g2hP<#Li#uuzImYWnm8FYAJd8P7zi(QX-7f4?C}Iro4<MRzo#Zw|mEj
z&6Sde$>6Kl=P%xCwz=^9&R3IoB<|1YlIg4<&IoxtkPgZYwz;93uu45}SL-HE%0oyN
zio$UzRZcJtKx=iWD%_q@f$2=O77ecvZ%|=DltCAaaVgM7WRGLg=X33#!<fgwDp#43
z{~`4+mOC<};c9%mj8xl(s(k&Y-1lbfaxN^W09>0gc`~`4Z#i2kGA^d#%F-VK{RlRL
zOn0ZVb`S!qqXbz0KeF~8F6ft?H;syNE9~DBGg&%kX@>KAsmP~4ek>Z^Q+0+MGcA%j
zlrb*s5>(+BQ{^VP;~6%XUE>)6Z3SfRv(wGs;9w*MJ#|?ynmT#m-hcA#gx<vP&8#%n
zkyv|@Vbf!^9oO`O%0PG)Pd957kLxZ-AKs-yM~yO!DX4V12`^V#SJ~xy!<6TRC8A7@
zR~D(BH@72NaAs!Ak2TNp&bOQfV=}JlIdorV=gCdAK%>+%oOW0cribtogBCd8Xg~nI
z29Nan2`Z$Ea2$tG_R`Lp8=u3{Fg^r<9(3XsHa5@5q*J>fTw``Jt}c?2dFjtH-zZSI
zEJ9LJUe&s&|67=Ia)b%<P76Jxz4bOjqU5AhwqBw9mJGh3y0Y-n8}doqD*q2q*X&z<
zLs~)PrCXx*wG(?@y<h*Xt2t@pm8_jGkDf6EX53fOyYT=FXf1M=;{_&s*7(TLZ~Tpw
z8X09P=-b9h0vcKSTtzcrfUK-udwl1aF(vppqfeuWcH+9KJ*ra0uyyV_hC%~YtkToF
z59r)w684xa6r1IE^7_EZQkOG?DGgNbr1hFBAo8>@t$_B9mgYAUF)BoQD1!LTO-RSo
zv@CGD{lAIF;SxP%4k6rfej5`gNw27um%_qWxUi3gzhOHS+Ow9j^)wzaOTo!$5nS>c
zH-5qI$CZUXTYW>_T3`JwNIeN<g)hnisztoliOCBdIjxoZ2!q9|&uoISLVYK-PggVG
zHIZ^d>Mt_Q%J%e7^G|N^r0YV*92+aBfAmK^yA2xHuV2g{#vbB~TFn?PdWZOHau<I1
zFw<p&b6tUjse!(JmcZU8FQtB>W3oK{5_kUjZO#4kb#?E}8sq|BsaxfrxRR0*ZosgQ
zuNFjFMc=$}gD%wz!T9=3Ch50x4Iiw*+6L`O@Fm|chI!>(woV(rpo-dX=~df<Oo!#6
z8Y@BOcnn-od##`wRzbpG)Y4L}ZUKTB@kY?2z>1(~6E~4Qo-Inn^ww;O`L%5YX<8z#
z=h$CyGFyDIoy7Zob~gIt*ys+4T|#)uyv_QvW)8?<AE9%?ido}Z@DP(G%}5Y;73<U#
z#!R)Om4AF@40*_e9wjB3ngn3TV4kX2Y3JS!zu#ijLalQ2s5Dzd&p_5c@znPdT_yhE
z|0mij8C62DDSEf8bzoqu^-1~~a<`h_&=07!czgPxEuez3ud6`D5}W^WlWyF+iQD!S
z2rJw%CEHs0D>O#8argA~_b-ZW0BN-Q!o3gJz@W7W0H$dHmECozLQ$5tZrvK{4n~(z
zQxQR99GTk%51BJ1yPzX+NU&Exr#mm!=q16CtC1GM28jKNC1n!Jq1=J7kHidxen)%g
zLM<U(dLFmrk#PN#+_^~CjXnc1Qs~S=O#0J{*!=V7&+(SYoTY2;j)R7f#Sf_yJC>`3
zu^YSq!l%D0$`V!Y65t44z_I*3|Dz1E!<3kOjGU!y+qSevd9`rGQjk3HdPIsBbMWEg
z$E1f-XL-vp-SWBJ!Bz?_w;l1!5p<0bl0e1&AMacTYR+o;jqb4#P#Q7_&>aoz{|4mM
z)z;c-jj)qWy4?bV>vXzcti+y4fx^ul;WgttO?fe`SWf`}FksC)eJP<uB)bF3qODG5
zz;+jrkL?J!ak3)6rIhEJNbKfg^ry`wb!_(g>gquQ2bS>HzzlBTW5C)PL_8l1l?JV%
zX#LRaev`7}gt85()*Yv%#@YU#f3+molCgO6{;bGb4bKSh)^XD&8?C_mX*O5r^Yi*k
zwKy}ceWmd7<MkKA;xiGyHJzhClXyDo8&CQ(1bd~^d>hQHjE(USd{aN-Za`WKF`u8A
z7LoUw)53s=3WOimu6^g$5G<NG8p8qKzvP6ZQ9fd0^T=tm@mlT+@lO6XF_xi@e)I6*
znmg{Tz(H{6XhwcS|MZu$c3zamaQavf+Ozp6OxB(X#t)=2F0gxk>;FD$_!qis>;~bj
z#IED^<MR&a(+7&E-_saBz$1TBF8DO8ByMcrZ~qc^u%~odx~#`v5S?}gnn7s7YJoE!
zy(=r@+VExnpoKN?8#fHrIjvfQ;q5f;K#dZwH0)rvZ?A`<)?9bVt#22dcSX{$XGORK
zm|-xT?0@@cY$)^qb_{6<{tMJ0kDorp&vK<!lzD_80Y^v_#e7R%?)P!6sAV(`mJzS-
z-Lt`bi{6Jn`vjQL?`fyt3dl<0FOs%gxl%!wn?r_v0+>dPQz{c@=%pXVP{J1o>$hkP
z$h&c;dHK6BZQM5kV~}$}d=n)(C4PC$cC!2yVo~_B3MUvT4n@nZuTV3=v5LvtkWexh
z*iIWyR7zSc<xN|h`9>g*tWXKw0RfD-xeO+kByt)v;VE1&z7w{D*d~*1sPSYnh<k7$
z9l^fEI8=a;;d*js{(AFEf?d%UPzzCDm9c<C%P*X1`mc_TjvQ#ed0i?a&z~=i2y(S#
zS_<>$NPwATa>q$8R_K+)Qtfo)`7r0i&p>n89e0u%sP0M0$!dWz`96maA4dB~bqCIX
zcVT$mny~+#MgCrjR`NysZ^Jl2^pxrVuP~2VAr(07zwKx*4{HvG6&n7Q170Zz`LiT=
z6(%H|J9X+eWoLW~oHP!sH(qODY`>QOs?T&R3Y<S^9NF8<wxK%ZoPMdS%yL?qV``@^
z2M69sHn#O&QzS{BM8X1VMJB{NxDiT9cC=`d=5{n42jvK202>vL>hR5L-u?Hv`}`zU
zQD)FU^7DJQVA5EDF9Pe*w*$AUF1$1-uOi;I-lzq4h{a<fm%!_tDyY5aw1OS?*&iM>
zRa;*EE=LR!4clpjR^X}5La4_rCPyTJp~R~cdN5`J<Hz^bP|jzPXa)pHW+WAZ+C%)x
ze)jBm#bL|;W`E~+kqsIT`^<x82sY_E$T@W+*48{f|66o>4TH3AVQj$@O=~@`?!Ojc
z{1BMQWE+IPQhtIQe|N&^U{{oV@5#=<P*!OjlLeg-pDca|XcC78Nj=wP@YcVpfil-T
z22dEONIR%wEj_@llKg=GnpX@(JU7+Nl`uyKbOvo?hLUvi;U0jHE6E=&ggiQHarwb+
zr_Ks)HY1U{C;&Rp<d4k64+dlTo&O@usy%*#QiqX7a@Q?-1)V($4XAUmfV)?&%vc78
z9Z26P8AvH8d;H<sSUrasU3D!Bcw4@Llogx9sMob_-CD3p|8LcX)@C)aOr;VW0|Z+^
z*+0L37oH#xy%E7@J1vzohf*E%wzw@A#ge)xHg8JGV)A+WOO=W1!rpx8anPf|@&~u!
z&C(Cp!7jy9p^s=?(KC~~50L;yJ<u`99yO9@m1tg&SgS^wL4C^)nchCF9;279Aa%ZS
zd{yCO6*jkbOE-q<M<>?Y!hR}Ecc8(}WiHOnSYmZ42EY{GR-J7#EyUQ=-U#~A*RNv_
z<71hPi%jQY96Ns3R;+mOrJ};`<Vlb1>4}Hyx$A&}9$XeTKO|8$XVCHEHZNS+uQXZv
zUC%zFT1F2me+7Ot*48(11jo!HtsXRqJ$Uc(t>|jZ<DVle<g$W8FS_D?M^?Xjl@eW@
zNOu!@(x*h`5NHNWVM+{OQ(8S+Z4QiBS^F{elM_K*>WX6;{_Hm&hKn_!ks_icjGbO3
zhN=WFhiwzKV9pfg%PPTC9%y0mi1?SAu-`l;%vH;@u6PI(W~^3j_qJER82v^ISD^WN
zdU|2^4ohR)bcG6C?!HBX!>mFtvnJX8On_z9!}49ax_fY-TmGB5Hj88GA#XG}lki4P
zdLV{w+g0rZ;crL`O%>#TPaBf?Pmq9`Mwvuw<-R1#OskuR`?OD{nw)S15-V~w<(bix
zBFfj=wOjnTo^$Kz?vU4g`_-sFeYu(UoknVd{Dc3DJ{{wx)+Ti7#SZd3tlX)EI&S)U
z%{9`Z%3tNw|59{45@R!sdBrlNe-$__%22&Bkp~w{2sv1j-~2)G>TQktg+Hnj7ffzy
zT2*>`yw|*l&w$do^%Ugh(Fsas8BD-<@u_(Xq>RuS#@@{fEAn}U3s`6k59Gp4{OSs(
zhME?5Pe1IMebU!=ezRzD0B0ljsaP=!I9^}BW7CJ`_YZqkeqR5l@fUe0O!A2E@XBqo
znts9oRNd+Pi>4y!rris;Rc%5)wBNG+>E+k8n^%JvQ{F~z-kg7<4Psn<-_2&3m&ol%
zCl>hB-7Yo1v=kq|b$yr`*@{kTw~9RL3ub|H!|b;-ZP-vb>P+utrrbgB%_*R^0#6Pa
zG>8j9_(SK6%iV8#GcqRH9QRt8Ix95LXFfIETZl1vZqOJ~iIBC!D@UD#85f#aL{>3u
z=+Hjb={emd!4FS2DZkOoFpbd6KV&MPMNE^*n|frC%Bk5yix?sUh|sx=$OkQLPT<<Y
z4c3?glb<hdWcO24R7BMFBTZlkNar$s-KY}}JNvwXyz+L_4bK|ik8R~-mjLIV(hu|U
z_P)hsK~~85$+Wpb*RP7M{OobH6@}6EYWDMz-f2jgJ(<`{4qNg4Mnkb1uJ_*Oo)+JB
zYlg1FB#*GDksJ_>om$oW6}P&|UUdtb7hc=&Mmsb@jcgvV?1qLBF2{e8g6d_yqo#6j
zdX*Yo&%H6(wed`2_29`qnb=2|LLNeW#vE}9*}TkcP~<CDG``*2jVohypJw{6i1y*C
znHA-GI6pi2@dYS>kdR}NM3g(BXh^!bO1SBrpctXcCz`Y8*_?W715ilPyw)e$nVP~N
zxOx2*y7JtKr?@DRHkTh+{+s*o@W5(@edq;RgwOl=to=bcd4F3}G&0%C;R8Pp>IP1`
z!l^%Y?%{v}uKI&~Vxm6GE(k>dks}9X<~=DQRV{OKNaugj{;jJUz>Ed6&FaB5kg4F`
zHGK<E-o|WlTc^q=KrYzOPkHSwdW0m}43AE$M=m^7P3?qs?_gu4$Ti(@pNYs_y8xq*
z<xcZ<(O}AbqlPA&iehMUQ`7W<`|!Omf6~i-4X8>DhANyUmP|*4AMIMV(&&{TGA}ME
zF-(NGqN}TGU$=BHX-MVi7WNT7lMsP+eU42$JkSP-@fL1;E+#*NaO-@2?^;Mco;9S!
zl=R`zGnhi0{qlGD)aEr#i;tyh@7KCCCzCArR`i;)T&0Hk)W^iZ$m0c{+FH2lN9vwl
zI@5@@mb#qo11cNub0gneT{(B@(t%TqyuHSZ81a&gp6j-WYZh1M@#}E(9<Q~&5n%%H
zlf{6pK{VhG7)@};NbCM-vc`3M=e5A~TezlEqL7EooHc7TG*q*ZQ-+rVbWwGTJsk1e
z3j$+{I?HmfG;v(ap0A8{+aXU{+leMOm<$0JL=75#@TywN!=^hJJ%qicfuisY%)QbI
zR|oX|?-}i$U2{Dl!Ep9$iW$LvV<%EMY;gLcX4(#HZvb<Jmyrf|9EFt_I4`ro+Cw_+
zOmE$)|G@=lw@%`JQiwoFG=(m~ZYGEvi4*7g5~aq1xhE+HR&-fvSL3uZGQ>jeNJhe*
zEuO6^BMILbHrSF1zJ8?*P(!}0vcz5QD=iIl`osyw^oW6*_zp3d2sYu^o9?4@M($p*
z(SbrWauRnJHqf+kA`kslK9K3qg+Y3_DAoBFmUwXEXr7-qbB2P~Cj5KrWj$O}xa@C>
zdwtc3HL{P-%oF*M#PR?$pF)2=_~1AJiW(J)#?A98I%^TAPoxLKSym04ttPsgTO)S`
ziehV&s%i~Hx=IS_h=_6$cPhT%iG4{$*aMvKwY4eTKGDQB?gXs?6u)8ob$-k)fo~&Z
z_(IWMRs2&7)&qp1486R5tWNA1KR=fGE!jm<k61nSuR$2Iyse_mEeCfcckU(H>Ii>&
z$jWNkq#t<k;spshIgBg&cj2l*!PjAILdO&1(5d~@0_UC(LmEuE&mKN{WOZ#-7r_dX
zjLpV-6QUA1Gbz)cakf(W=I-OKK=XsMNGqLh+VXQlX@5~2cJ0uC;(B>YQ|}{yq|w<4
z-8UbTRPKWV$ZsKcfkNu{G^_$cfn~>e+N)NsY|$%-Zl9cwZpaH#UjisPk>Fv;n?7`u
ze^0|ibNqPg#PtL6D%6*VulWsq1$NR-|GqfZ0_Vu>HC0{$nGNrFBDSh@+Z@NGw_U4H
zK`|p2(k+M~@J5A`R`?0~^JAa130_5h3-y(>c?DEGl<gJ_JLHVfONhnsNZ6fF$~rj#
zEx5}HyJe4~EEb3m_r9qz85(}Wlo*EHp{Ch~o5x^;IezQE3tPBhb~@wyRA?cyD|o#1
zfE*xWePv~F&kUXhao~(AUS1spSGRM=jxc&34=b1<cIP5~=Z`P1AC-S^(Z~e1+Bo4X
zS-cCgkf{i*D9C0Hwb4>=KQ)G;c)?tX1W<S!+4T<h0oClJch%k>LvmITXA6%ft3(f<
zwr$Q$lDaIr<arT7l!D3zt}f@b@WCPt!@th3c#P^n!7>{|(}fQe>=-6M9Y@&XDs6zo
zR1XVjL2~l0PRSNv^(u!ln6w_1whQ25hRfnDNwHr7YKwJ7;36=9En*O{>^Kk>wTUom
zV>x>r$^heM=fI{f@KJ4=VCBu5<W$FI#&~r0k?Z2rpQAT1@HQSoQ`X<;FtFZ#nf`|J
z)Robv1t$}fCsFmpno>fWdIw-L^kbz{8DtGa9=<th_5akg@PUA!AX7&~tXBB>_w%%a
zkBJNlPb+418I&)$#%_HA+(DO(LLHM}?y%p890h&vpUU+l4M<(^3@`krOUnoQ#mVP4
z&Wk`)b?MEh@ps!;_cW+5l);Y40d)E|R<d#v{S@P7cBz)AFG5(ux4xvf3}}cnUDTw|
zS3slWMqSZ*`~4SXuNV`qsy$?g4YC#Qsb?Mw&Zyxcrb|#VtsM7~M2RU_Sx#CSh?#|A
z3fS-YC2OMuXBL9p3Y_fi<1<J|AQqKvlns73ZfBe=joTpChBalw^U?*Wbj}O%4<LQ3
zr6IoHh^J0z;yz{mY>Y(b1Y;ta&=AbShK~RMtS@NIYHKTRw}C#^L7pTiX9H}yN%HR@
z+dh8Z*7%L`likBT1W`F5u(m{By{=jXmN-cT=!rwlXp(6;r{4z948SE;+&{c#7+qQQ
zX<V&@fiKTvi&+Kccn|=VV}<3kK(V6aR`R}mGtm;et{^czltEduOnIdH&I^K|9_ac=
zWLvS88K&BXV#b_5yeqdq--8M+wzdcrc}G?8>CCbY`|eTe{NcKd%B)pt_$-Ui>;I+H
zX?g&wh2hUBWI5|JtyE-v224WS8B-gBtJPmry?oORBrZJ_4X}YTprQO4eiPtiXhZbI
zU;!=BT`2wj3uqy{@F>pB8IYy0QKWolWD^J`P^&ho^W8dc87JMN$B+{bqhGGl=qvX_
z46?du-B460Sf2|olEPM2P)vL}13OT6Ht;sifb5ENX5%?H?A@~m`FHdilLiy+5$+-2
zA|RU>{jlg7HMbK+;azvM))|SJCK3mR-}s+7BQ`~NUQ|1vajtprT36;wz`UXlfdkF~
zFE7hmI}>o9bG1zyu$mE)f0aNt7Jq@^<AOIjB)ZDEyC?+yzx&HYTTKfrZq68zYrWTA
z2%aLG9uc+;|2==qCqupep%^iduvxTG@Uu~Es){|*Rbr2)BH|$|LxvzRzE76NJUEjQ
zZ5n9U0Fq;6efWlu3(1o11K5wN)DdaCB%FSlOC*TDa)p6pt2A7&&tg^@K+Ef-jnhY;
zh6e^{y8p?l%=C2QR`gUk#t6i*W`d-~{9KeFqyn##Pj@^s)eW_M3Q`|fkzfj4x(xGJ
z%n+<Edos(qz@IxgfMkv>UVLlU_}99IrCmC9yh(Pucr=|WX?a_2Kayl-6fmz={1tgy
zVutV5EF76!EmwH@igsiBme#J*9l)Os@<feLD{wb4CSnS#r~gkWlXvt2x}xpd@8>vk
z7U}p_-nmBq+C=;NO_y=u?-zApCL(u=$&gmT?Sk)b_3xVJ69OxkTfTPFRTiIG!Yxc<
za^#xE!0Cd0`6t=DXBBnKkYf*CzWhZiEq{D0G<DR7`_n>JL{_e)`e!S!A=s&c6Dr&D
zyqT7LpX>SczG6Z=?OZ_u@y3mMcJn7acu`_BxW=TC37Mt(jw+g2g@xMy#GICx7x+vM
z<`x+HkTWcXYrT4f+`kT-2*HizfNdiM6{>?gu*Ep%DF31@|Mko_Ot*h>i&P?S6ha6O
zX;Rn95nCcBZ2h;-0Q4sCrU)6dxH#)v)Z{&Ni52L5692cZ`udO~9m$45t>Dzol={Vu
z^-0#kqL2*8tY}2jUK8)W=9P(%GoP$#-?pu>5!#%EDqo(39l}<A&YTVf6IN!O<P$IO
ziPC7Q^||yvI`J{lCnJqCXtqy{fp}NBeNox!rHMxOPfm^z1o=L;rK%XhczSr?Jh84M
zWg-+vkYny#Zbcq8J<OPo-kzB+<$OZ))>>5l7)k?h((B_vLD?TRjVy>Gz0Pqf1aBvO
zuFc+7xG?#7z3(5AmL9sYDhqYmr{BM?HE9xdcjiUM^b=y<9U1@hN>Y#hhrE%Ex=>?8
z-qXNT<78s|CXw3s1_Vr6{j~o;pIO3odc%U`^)D{(mcD9}(J}3Gbkq{VY2L}^_D*7C
z1@7ygowS5Mb%;+-nMxUrEqChQpD>bw03r|hRRv?xfA7^6ZGjg+L6@_ErG-@J^azrI
z;NtCB&yCexs;%!<{pPo(D?B}$gr?%vE5>@xipYcgcUbFqcU=OEMc_QLBPF^I<NEeO
zSO`_H)@}1AC#}ky<9>c?)Q5!z+1FjFbo;pFx2?g$YjS)G_i2jkSPal6^r@?MYYrG_
z5Tmb=`7#;;Ed`johqjJ!$<EKCnu-c?NI*Nt7aW$ByME@I@0WM)?ta(=_+&UG5Y?ZH
zb$=IMdyDB^TvS}YzTN$&e>OU#llGZcUL3`bUE{Y45+{v+_QKz<i<5*i`>7cVGMI<t
zXHYa76az46VGK!md7+7Y^Yo!T%<My+zo)oEs?MkqKvk_idF<{E^3Vc2j`EfJYdI+?
zD5Mn@LWkBGJoqh<Z_DiIQKn2m>AR$Yf9Wq|VXII$FkVZR{I_yU&uH!Gp-pItlOdzr
zY^<OiL`8H?b%p1R8x!k(ZYR7zp{Sf!n?H+dj%(&m-Ari93LY51rjHGZ)-I^DE@*!I
z`Rl`cc_WEk7kIHi4Nsh8>pnu#_mC!JH|Zf;(|rJ}8ogu1t^TVu<h%_OuR%raDy>e=
z)=XU=$2g9(wCOOCtux376g-%lnm1|OhmiuA)DPRlnesRadzHotc;w}$y9ymMODQTo
z_wGk(7E!cOMH5#y2Kg+Am=`Q63H$%0Sle**7&y<jH^;A*2=c?9ZFjXQ-#T!m3p#s<
zWo%shV;#y@`SiPYcT3;1xq_A-p2pA~4*{>YXe}`|&cQ~nVwq61$pIdrM(DEfw11_V
zdQmmty2HA4U6EDNf`EQYY-371rizrf@Lc;(-tI^_W;%3#TK9u9;L56M^?UM3Zn&9C
zbiwWDX1~H|1HQF&m#qfQhS*^3Qr9c*V19u8`t9p$Po0V1Iq@lej4e{Pk#%NKL(h#}
zeh;BN)jmNi^0QaeyLA1`(#n=q0>a>OVJX-eqB%lpr)-w%9d+NjlP7_(628Fs-WT`C
ziOhH*4MWT;o^8mjaAFGIU=K_-L*#c7LO4*hdGxqAnXq0K3=d(xfv(g<L~a8h$}*)L
zb?D63^Yt)F*`|Ojst^9z3E$4SPDU}eVTNF%x6m&TPYe15C12dn0T;#gLKgA2zC{yh
zgET#Vz(H0SBE=tCU?1MU|8(i3w2X`?iT0X}AF;C`L+YBJwcj(+NW|<0Z|(&v+DNMJ
z)Gh^Rz3(6y<%@3&ChP3)ObS3U1G0+oV2VS9@7m1UxB>Y~msV97PI1U7V+XHz=(gW&
z1g8WpLv0=yBYJ4=HOeYPSPLSyRqS&xT%Bd1wLfjq<z>?#O$Zh`T{N1tg$@ywGre!i
zc7C^TooV36a`Wi$IT?~=XAc%u{>$wxeHHB{r~>BLqzK?v$2}LXUZ^C~(9qz2^{FF4
z{npbGayf%`Qv2?Klr>NN@nuq6)HRnr^?@^I>q_m~ATw>|49C6h52V{?m0b)gGJj>6
z&@iDgGA1FmsOaXb*w8OGrQ0i&>gdR1bWoDIy6u5`+i@jRzgU0&_^?C24sYw4(u_8h
zXH6`em_F3v=@gvRkwfEv2jb)-UBr|<o8EWt-ep=T38=6!Sr7&4r5G-cdc@nCHrK^x
zN5<@bo}aH|31i9hNMUB?td$Q&Z`7IV()W3y^^L`Ukn1;wN1T~+{^m`&p93tf*zDV6
zi>QWvJtlV4VRZKyibpkpaoe}rZuaGxQ1C(JlzlRV1f0%kRMZ-PCX=T-9z8WM`L<4S
zcw4*RM+}BxfNnCTBB_l9Bh+iuaHYBm?w~Fw#LF}psm7@%ZN~W_t=ZnA{f-k;S6gXj
ze<d61+_|&N_s+LzJ#p<ke{Q}bWn^5EE7oBg3rKB{J^=SUj4{y}5}sQVXXrea(hb+e
zp*==W)uy&tQ#v_qQ1!K>R$mugY^{ALpc9=z%gBR4$wQ8PB0-|dml@-|aYBER8_N4=
zkEp8A=O=GSUOf8ek00x^Ca3X%Si`OzJ0dQ_{x&nSoccOTl@Clof|qPWu3i7G!x?l*
z58P{35Js~Q!r?@x*c79+!d5dfB}te0BeZ}HW#Fzu7)vZt$28ad&$hTmrb>O74o|20
z<e07s9>PYHgk)smMcl%TwuLla^i&)A#bOZ=n80(=r(L#IJ+?2tvs2oh-MhC9HfEZd
zT|0L+b#6C5;CR*|nma+`R_fD+_`Cd}JMeWJ)9O=e)=5-mVGF1SYGft^&de*HbP-ZB
z^SrKIQwy9|`0N>X&*IC=cH7u26l>qFsk50?GKnxM0+?DAm6hZC9s~8hy0wej2Cj&*
z7+l81L0w=Nnu~G;Qyk23^&7WVy?ZyUF+Z|;^M!*ODhLgq+*YTWg)B%`9<=?pv+VfJ
z+J}7auHLx$*n7h-hq_6OucLIKj*7mh6uXg{6Y~?;=XvYo1cEFC?28v0ge{o5uW75E
zU?Vs>MqYX}UJ`7AX-~hg%kEIDkhJ8aKa|os(6zqrPQVjrsDvWs7)89Bjk65Xn9-H}
zm}8KE>nkc3VFBIHn)6HLP3vLTs&<zDh+UBiIjyLKQWD8b(QWtqd{=}p3LsEyGj1aF
zz}cs9lFa9_1X{)7+X|TgIV%Ll&4ytJ!&7Oz*xOf2>|`Gow3XQHqF$Htt6E|r{2vT=
z-%D`daGahoWW*RR9C;=JT2WE(SOE78&rM!rVX=(_y2=l?{QWeA$4E=Dn=JT?Yn~0Y
zc}$^M(|QyhEK@eO37!JsPp9`4)bTwIp5)sF1sM%FMrILOAqej7^U8qlEe=PSsCcbd
zwaWAK?!KDq&ZMUPAu4j1m?5A*B-}brC?yD596?;e;)}k_q)0Y<-)(^BG>djqK1)6g
z5r&#rqZo>DnQucQ<Kl3I8nkA)V~)hF<@MyFpz9I=?KRs=v|1<qrJ3i12&oAfk@r*i
zwi3ybexgmuYrsjW6*{mmwm`Mra0M_FK6?IbT`+ayrF9+%`pMs>pSaL?u3Cl46M*DD
zzP<UE%aBR62C@4Ku42+ssQu!dDi#PeqU66$|B(-bZ!Tq!r<GvrP`8AL(Y<S{h8C5Y
z#7Twig#oZCbJK-RGiUdmEq^%zUE6o$55|9|^oUR6ex&Q)Un+TmYb&A@<Rt#W2u7<F
zxrX=~>Tfy5NLWB<aOlYq0@9oge{EAFIdLFL(3d`<`CGnRU|r-xhO7DUK*@j0QFY<s
zMF<ot36!u=h|AD}Z_@S&XPS=t(^k(Pw7iL3H{4`dOJqwt9bsY3Np;fWt^9Z^oktj_
zDV~Uee_+>van^6&2J^@Ic;l#ipu9TJhYXuFTD_m_%{G?2y_R%iHl|m36D2t#u*#q8
zTyKnHP0l7zls=QUUlwWsXRo(vG7^qwz+b(s#9h<e#3XImSal&Rbs90&qD6116CjvS
z9|JaEByh;fOI?Uaoksk}KZxJWhT7-psWovT4FLyMr+?R3d3`xar(6GR)$2Se$j|T3
zxCk&EAUmQc@qez7QPB7e18cG0cE1iJFIHIR(UK%b`5{B@J%9d#i<Ddi<l1(e^KDk>
zdi%{9Eh`j%cA*N>xkXz|Jf52q{(C%f!+RVg<3Bi~<w<`%xJP@G_??ov=(sph>Ihjd
zK6V7(mTed`Iy$`N%Sk>t(%wfWh%PY<FcTstlSgr)&3*WAP9B42?nHF@Z#y;m0H47|
z3NldqU0>e_z|)s8+nrap3(nwJw{6{uH_yvc(59P1t3p~AE5Sz}O7$p|LW~gxOgoI-
zA8_Tdhqh87{{C{uW_uL-8GN*MYnpkucgKD73KXuZ`8@{K?OD9m-k$LvN2IxcOe>q0
zl;;%|M&wn1pcn@<v*(%khlSFi3<A}&+}w~{yPG#}as{Ms&yjO{-NNa5>xQu8uj8N8
zbGvr%e_xR*+`MTyv<FYa)WQON2Zfp92`a^1HYqxTaX>&uXl7;xogllsY-@{m;ei@(
z49JJd-YT+>C=wj1lutYadY&GdE6oMR;I&SPh1;evjQ|?Fbn$1a4E-yCpa{-Z%DxyK
zY6iq=p35#b@>f6j;^{j_nXsg*EEHO?PZbqcUP3yGCCT8_VmoSMQ(9IQy0y1XtGE{B
z^;?d{iSLvud_$5rcD1C)(^%<ZT--;&{JPEa4-bc0>C;D%p$chfI0+t!x_B{tJU)JC
zH&vGo?eT70x87ceMlo~0yUcOIS?mIAQf3SRskDAzdo?vxo5gpWfT5>_#cAD;$S1RY
zZ5p{ht>VI50}wnYmfAsMj?Laa`JAb8YzwfXsJH3HD=Zi|gS&Oyn-@ZCfAj&!3$(R+
z*)Qim@EQy;6U34QxI;w+{s^ad>L1lDGsIEJA-dOO`tsk90vtRz2Y6Nk)`=v3*g&7t
z#Pl;~&cIAMbA}3^MkmAJwm1KAIiuCbNePDsI!{T_FrX3C%|G%7@o@U~gEMTHe_>`8
z_H15=F{^rD%mxTgE3;%!((#3D$JKP<qHfb>FZ}FC!#RVcDXiij=C(>eG;C((Tclk8
z&6V@TKY8&<lX3xp($d(5{i*`OKek*s>NGI92pcEj)rj=6r8i6O#6CGR|L3hyii)c+
zQceHC4ayiNT-la!!X3`;{QP#~80eqMOMEfj!1euL4H1ugCM~hXuD|o7!Gm$H2<kJa
zZ{HmVOKg7QeWb^gxQ>+49=Yu|_r5AahuShIBE6opn<BKWyoXzmp42;4H7X!Dm+9MI
zxg63DdtP{~gT(!z?KsT<+-zttYr?!HQKPDVff(YUt-Y4U*Evbfzpj4krRi)nSo$o?
z@a=x{N1w(iEy~oZnpIQQIt`&T>Xyom_Yb-cXnFm!clTa8iX5)O!sbtz{}eH2W(+Rc
zj~)rvhp+G2?9=s|v~9Gi3jP~JJK{MnKsMU0Cck<-i`o*X(CV#;$^7}d%i9drW`v@K
zhctazL@-(d+>ZC{(+9P1%<Ft|hp$@-Np~>DfpUZbrmRNUzAVw9I6TR4$T9K{^00Ld
z4kV)Mmo3ZrC-cW8+^dADYI_O>=dVt8uvkkiHu2o7X&GP+7q$-E$1aH(a01S>AUrtt
z`?>aBBCB8UJdTHf8r8nI;3IzP=X`y`zD2f_=cZQ4$N`&~N}JvV5NA1GA-$f^NBZaO
zmFzWrAx<kK4F_w)b+xg~bBKYF5wv7HNbuEUjAG=J(W6fva{K2?N>kFE2pwhLR5Ck0
z1vGa*jkU5hzqR}f@Pzq0^15KQXYiqku8rG)|By~^x<RaY<wi#|r^3mm5!6-DSDy)5
zfT%XX3IR_bOAug`?+)z&n-L-NTng^0eG|?zNa$*pBORUAQNE)vhXC?!EGH;1kcSr-
z5O7Eu18=+ziPYUFBRX_gbJ}3)5K<MLi1}7lf`oGxbQ=JeiRy|cTwp}d3Q*MZ$|$Aq
zFFkZLs~Of~!myx)D)Z*d!8TA85MERBzD1+lQF6*NXX>d|$y;CrFk1}}nVlkg=wQ&@
zEarXVj1&_cjr{S?<;?NqsF!iWwrQk4$`If2llQ|x$;-{XyVpVQNdKs<Pw(JNfF!L{
zd9Lc?f8;&dm#aG)59m2iZSStl-3NhSIdlFU9GHtTL;v&<*i_iX54LGU<3PJ&_n28D
z@AqZ_8P8|w5SxrDhulpm@$Kh3bp`if{wMADuJ}~e+Tl6(#)2r$#MX@)<?rK-uV=kZ
zl3xz*5-A-H0^;@XVN^`abg4zO?e+AY|4i;Dshha5bOs8fO})GhJtKwWp!5(h2(=|B
z2KL~%RQ)cbM_1tbim?N6PF0<pI_iduRZu9S(+lH~7k`b!pulNCthn6+?-0sqtM=O4
zpFDi`?r8wC+T_s*uV(_cibBVV%lpJbM!4YKH9}Pz8bNN@sTo7?=6pBgc}7OqyTlt@
zs+<Wf1pdH3DJQ|K`7_&f)Y6nbnanQf!n|9+qzU~oTp>ZiNy66FW9q*+H?pswVHH_+
zvNNZN;p(b=PPT`2$NLHK6a{p#4%CqI!LC+6cd7NymvLWTMv*=Ymdu$k%``eXIyRQx
zZ4*tagEh2G8ez(xF;FBkD<~i;!X2lkCF!G<RJ=cY=ulvb)|YhLhd1A;Vec5GsJGJE
z7agsfVWm&J#UivwyP1Op@hcYk7UdZ_8loeLh>+&VcOczVQ*L}vmU)x3<@2d4S5#F?
zUcOwUB%^E*Qs2`azR%b5t(O$DYgwy;)F)eYxLtBOU@Iu-mZ$_c#7u2r-5_{yx8@ZT
z414;-UHZ6w7+`bK(u`)!6c;}OcJFYRjxcpL)(DxprDfK#u_V%`0|MrT7^CLxRl}`7
za~SOdhh9t&l-5mpmC@|)=lARP@BRDsy?cv2hj8v!Q|ozpO42cs{TDA%=utS#lm2uT
znk5@xw6qjkhq;C40_M}>8aTz$A*c!x9}YL|vr8jir6NEbHusctnHw|qXoVqa^qpIS
z#MyMx(MfD35RH1TE2Sg0?|gh+>%CF`fp7Qkuj)Q%2~`S>Wwx%&?L2u8_5`d&Ehv*)
z4SG7wfL?_hYxs{`F%%O&Le*6AX_C$?Go{oTzQ;YIB@(6IP|A)Bnp#41#p=U_8FZ|i
z|I<i$v6#DgfcFXtd|w=SWC}5dbnwfUl54AtaCe{x0W=DAC~p$pOH?=PUhzUhzIpRT
zhsm@up>ZqS1Erx)_WAK+gI5*#5ENM`@G`jS{qT2cQ_PsIDH}`E`4U72y@))(x}vc=
zzRnRDOs6jgGi(||J1_)9QBhOVoPNH+n*=Z@=Dgc9(ubvNoViZ)&N=6^*NG8mT);Iy
zmpN<n$qvw987SJN%kuK_YCb7sEMA<{E#=s;`4LJ!JnWjbYN+RPrv<hsEn}MQ{$U&-
zmFdN|)?ON8nf88u>y!H=pmb=L*7Q6>D~nfA$ll;iIJ$5H#tfZ6=}4?qb!9{pU7U37
zo3NDBnbZ8Uw$&%Cp*`j-Ui?ZF$k6Gug9i2JAqY|lF@3kRWnqJNPy_$s@UT|6n#~@%
zV3NYT1q+~*ntUGKS@3PMvdGrWi_5>0EP*57k_yF_Genz%KO?*2pZ2${diUxzrMVC+
zrU9Q2q@w1l`gHHUkz@iuhsz=+_I<1R+0ijE4A&*qF;FzgzmK5@kIpzbuIY_ivv+xq
z=~C~!x@Id~$Lpn;Og_Dy&U;jq$8Bh*34zUmp8oCq9PZGNJBcvECg2ij)5!TC`@i&R
z&+0vkU;-97Q-W`<%pYO%o60#HAaz|34<ADM!74&uAbQIyO#r{N_O+Vtea|BSWA99_
z+R!D~WG*Q~c6Mgn>X|e5otJ%$VQ0~rXJl?nysqtVN@WoS`Y-?dY9pb`NxIKX;l>;e
z2BT9HZn<OK4Uku71$=VSfmig){0uzBwP!nS;<#~FySRPk8S|#_(hcU$72;h>%OaxN
zg#~NS8Vs7UGv9pI8Znwz=+L%*eT$t<WYw!M6;gODExFqo)F%)Xcr)fZIK|g(m)MP7
z+)p8F$Ay}q_B;;zG5ukxU~pAhoU~dab%2b_g{|#A@-RrGMtmuq`^0wK4*34|nJ2ih
zV+KeDNlOR+NQ?#hz!}?l-=bV!xi=19lcq(Sq~Bz096Whr_qdsbu~wkzGY<d!_Kh*$
zg<O-vB6sg@m3oEeLu)O;?GMAzc9DH?bJKtitC*1wcS+I(g&U>M_C<1-nw@?GLjl_o
zlF6o*tAh#>j~jMMaryn6p-~TQZ!+>BDGAHFYsI&VHh((^1}O3#&Oc1b?K{rkD$P8V
z$iQ8)kf0lI0^za(y>@gMBqLMXA?|J$t?rALmOi?kRYiBjKJ)DDT|ehlZLj0AjX1T|
z-mnpnh<J2B7<QOhDaUy86-boVoN#tbIe$A|*QGonGEz!@Mq|MsqpgOA+jp5eXU+%}
zT2=cnM~Ce8%X#rJvV=qqv*LZ9KB}c004aIR0PkJprIyTX_U2ZUzfa{uPG6rVk!TA=
zWlm=bS}(7Th>@zRr&7WaA^0~R*Fz9*<RYd&h<@-D;~rFX6i)!c)73sU`@;1HH_hsu
z|F8ng8>Gr;qA=R6<5-&BAz{fNv&o!MXlY_#T+y#BI{QJuJluk(H7DCRxSa00L3k{t
zwRg7Kc(8}OIs}6Rm#*wVsIxvBMxJV%CdC}4MO9`E6E}avrct_>TzmpnLN>p_@!5}y
zO-w?c4P;ap_FXoOB>r@T^w;gLKhk$9qi(s=dK4Q4YW0$lnX!(cqX)db&0d+Q+^wU@
zx^vgAo@H1CZ6YhO+2vA0rEX|oF!Va(B<EDE{0=CEVtv-e-k0`yN^7B_<ZB&#y?*W5
zwKeN@c=@#9L<~7b=25g;x&HU^S@rm#*e!-r+P-hAP9qIl1q%c4!`|L-cWgHAzpU+C
zKNhcbaxJ>V+s`cp^n-Z~FMV-qK&@?O=VX(p1_cdrt;U0h5(V1GE|YUFfT~#Z=RYH{
z=Rw~@euPs(u}b07&fRXLuh8hOizq)gcYf8D%OnxVI{#@Z-rTEc*9S-F4)&K~5M9>t
z*tdHQOzG`h24N7!iv0a-e~ppj#vOm*`s>@uguMG)K&JEODrNgrRa8V>-#Ti{7>iem
z$7T~6>qjOPB{+81Eh#CnZ=MvXq7*i^#aO|uG|HqnNLD_c2q#3CJC-S%TkjWbb7lKo
zE9+t>y?Ip+dNkr@-;psJ_Kdfg{HI+=?6--C%4h;)_0Ns`^ZgpTnjiIi5qJHzx~?5F
zeyyEr+Ff}~KhHtf@D#ZAGC60mWD&W|rf9Dqi^_h<_`HX2ja=wbLz!;B-|X5#m4q6&
z6sE47GQNArdvJ?l00qi%YK*nGT4%a5wf@-boV)!bIV!p#j(7L8^V%{*y(?hA*Nu=x
z6CDf-m;f-)XFQS~0+twR|N8Z<)D2#Ng^(giSWt_+W2Bv(-3uMt`SXuaf-jxF7Y}?t
zKf^O)m(y`{nAG$w)7Z)i(Z|MIJA3=+AD=5|SaMTm*r=XsFEwVIM?`Bm+N-MCDk}fd
z*|bkoqgt`~ZDH+#Q|^)rrb^@bbY_+?1<tM=JGz(Qk8<wRDbHCGF(7e1K0-#{(eZN8
z4Ko?F`3hlvTe|DQ$*=Q0jhY-Uk+JIPhYudyoeCG!e1Yp!LacrAn)u-y;(8_|RDe&R
zgP0g)>d&Osi-&^7`TfhC&M&b4ZH5);mZ~}liInDslK!0Uvu9OKJOpeQ4`UKchCtn*
zw}3Nqaq$h|Hi=H9e##U6!>{wNW*w*W<9anQQ4n^!=SuH$4hxP9O3S;i9CtwZEJRe`
z^YnVw;r{*me7(s7x(@sp5gXftKTzbYlXy{B8ymaF=mQEBuFqu-;N{Da)z7*}f<Fsh
zLXNpi^>El!<cUe!s?V)T-XK8A;(&20vj{&mZlnL%D@sXXt46~`QD1#f5@B`ZNJf{|
z(g=5Jw4D@3dd)RPwBSX!zD}y-HPND<BTYS^F*9XfZODB$b|IJ4$LAm@JM+=}mKhqD
zOlhuv1-D7}a1b`cHXVARq*^wX#C(4mIO`*X>j!H{U*J)K@faC(+x9iB_hbs<E}c93
z2aw%Iiozr~R;k43FMot<_v)HF#V#L(N4CQVBu{kp(ytws>)Y1>cu?GF5jm!e9pIo_
zqs_zy0pT8D;G8FgfZ0mTr$&oNR4~i&@$u15Hc-S1uik%X%_7EC7joTV&@p-zQ?!UF
zhK5f-{aY|W>l>RsK+P0r*ppRP76P6!ktD;$Fi@+2!IOQgv2#;AvC+V)|1hwk7A)Ff
z=C3AO3I?v+c?Jd-Hw@gpRrmrrgj0O8C-tQK{QduMgTX;`^B>ouY)32DQA)h%l(_Fq
z2oLu(P>cyIBXv^1wfOF%&ZTY}%ZrJ)APRlA9W(m@p&0d#d#o*eS!T-V2^*r=CCTPh
zho^x>M~P`Zb|bT@hi|&!3~u10)kJROpCvqoiiAoVZ&&hArU~dTwg^_}>{u;Y%S?$R
z6S1TP%ql?^T(oF}>>&ooj8FJ}NT`W5HD$-BMK0X%707`k9=kkx#9cac=u67XaF@#B
zGGZ2*4p=&eBMOF{cu1QLu^}Ku7lYd!B%kDjv0;2K-=8Pw{lWyNaMfI?{wh-}&Y<2t
znGBVF#ztQXkD4$WcguV!c@Z_6qrCV`mX=<hp9%V<pW6ODq=DziYx~e<q>yScxh&lj
zkLK%%|Lf?hSHD3Q;0ur#(v!NDkidt;PCEgLkBbp}6}Z7d$j|<O!Nu*!YFKW1%(~qb
z?E<@z=|6j>47vGjXJJ(b7EId<^bf@&5^2mBU=-s0i--l3G=IFw`dOqkB<>_7IPn6$
zQ?|1adrC{|9Dc<nr=W0@2Q?Efh_-fieWayxv~OqgYiKjUw4!dEqO6>ipC3OWTTJhx
zeKU3IdOnNx-_^?ajpBXe-n%&k1+<ItKxH0^S+Y!H=0B|3lOHsh@k9U4O<33NBEz`Y
zb~vF>J|kx6(5Vx!^oH!t#aW0=@t!nWuz-i=*eP%xb3d2H+vT<t%w*nyS0-G_rsD@D
z^0mOinvEoTU%rh*tCPU)9cI?J!c@9#mwTS&A7vS@M3Z3X&<pQw%%0lA{&#f`_op%F
z8wm@XWT_A?Sz3Ba92SBgh;9`~1*EYbhL^hohmc~xuX~c6-3(5bdMqG-$n=8Ct9uy<
z`7I_}z`J2Fp?LE%o~Jie)bIO@6CQ*MlEx{}qiNeDsOgSCWin~}_-&$I(_EL6m)A*3
z>IK4+goG{0D`|ePeBD8Pfr+6Hi~sRRNYFNJ+GO9XE}B<{39!Q;OJsf6L<kf&ci<`w
zh`Si^zzJ;MzI|yZykNg^D{&!I<)Z+<0{8)F;C@dz`|X>3^SWYdSPH<Iph_tCv0p_p
zg<pc2eZJC)6=e<QuJXP3-z`ctW#1tlpPU+aw$z3NM;0+1K}~eJbgbs51mRAD@AoBU
zya;<BDl|vOuaHbUJNJEd?w5$yWt3yk=a^N}T^D`t2O`r0+fA!heFRS^7~QjIJrVlL
zo7+KLB|z7__=B(SFxf+}LrFTP9Y!<EY|6)v59>GO|6Yu%(h{s#XkfDSqhe#hBVvk{
z=44T>B(o}TDA?U>_CzB*|8f=!Y`n;;v`J`iP^eqP^<SfIxn#*}{_ky?<m|k}Y^MvN
zEI&YU1p%zDyse#GeQkvaYFJWw_y<cF#E0=VHzsKRph@kS|6_CIfEeT=$Mkdj09vRF
zdqYDNQt|5Dz-+QB*DB>abeB6h#bYz_Iif#h#8?$sN$|%1@o8-N)PUCM80K=>ikktb
zV(Wu)liNR9>x5$Nj0=hw^bu#7fQz3A7nn19fL3QVf@?(RnwQMLCy79aOY69l2_2;N
zqt(>%($j}dnG)FN-!EUDmVe*k<W!`&-w2|y+*DU*7azRKAAxm^nA$d<LYM4y?OIX$
z2?q7-LF>fEb4JwNG5<Q~HupZ5U%Zjr`yVg6NCHn&ni(rOZP`*qC}wmeCI(1+;T*sz
z^3WW!m=-$<H2y6WDQsiK9tY7o3-SS<E7}`IgK?7UWWMd>$*)+&*RPwH62(Z|%;`%D
zc>a(A7_7$W|Ni4gxUmxN#jz2*kL<H}8&>dLY1pB|UWT*RrAyWC-d(|vZ1TC-MXKIf
z8%x_(SUc2T!AMIp#W2IZB>j}8;0?_DgS)$Z+Ni{5(6Ba|JCwBhS0V6W+^lQEz3N-n
zZ~w(kk?yxf-5+AVsj1A~yLQE|3+8r}*zF-$w(BH|-_rF}3Y;94R*S7h`xSh$=nPvc
z;=%<yx8qmM3XY}ICC0>(VQ>F3l5WU<W6!!w{=n`QNYh0x=0z2avXV&f+2AD=LMKK~
zL0}jjInib@*z4g_>e^5-+#?6%C!k+mB$bnb2Rex26ooZ%6b5*3cv=;4l=~ue$$YVC
zEtW2M6}3KBKKN`?oFs=k8KD4^hlGDC{HM%M@2%7C<K8z$+=#jthw%MkV%8F<1OAOX
z7@R#;Vkib~_2}_z&u|>$@H3b|u{~_q2R1ifRi<Oc-Mh;noY|LO&sec`TKl`p#)2lJ
zV4Lk>3`WBH3{g;E%QTAu_@@jCEDlYn&?e6>eu*Moo$<4uVef*FBl>N#{ukWGU3AcS
zn!Fu9c>AEL#Hkg1V__;f?t>nnI?Nv|CUi^|ZRt<0r#wnsE|zFYb?Y_gb8&k*xNn;S
zkO=czi?;><Y{Kx~vT9X$P|zE)iC-Ml5Mz*}+&kx0f>$t|gv!z!K>_F1zy2f<zlwQH
zRnwuynd#{0AgL=JhE)9tzCVYgH*MTFf4$Szt$I=}^<P6O#3x&)IY~`Tlve)pF6><p
zwS@Ka_BLevESU17)vXJcw9=81N4vImZ2&BZ5X|8haQq5u%Rhej02`gA#f#$No`Y@y
zt@0DUANT88)ZXvnAB)>?D~Xh><v99N__d^tRbhPb)TzxZD$5Srl5wF={58m61`S^c
zcL3`{gHR@FJv-Si@7Xh8aGqn{3J4HOX>c5@b$gVDo{+5pxhKHi|GJx^=*-qa4bTca
z$43jz#TAa|*3U(sPzzCoe(!qplMW73pa}CrG2ZIx>K^y%dcI>`(#n+y#CnvbgkMs_
zI?(jGCH@aM)DIr?p$X04>ZeajaO)17xBA*ka+9jFnv%D9w)XZnxt}-;z+!^mYiinv
z+J~!?d9xVsnB=XnR2Vf%q_^nNAKG?hveI8U-W|0kkIzo*DUT~DLTU1iWvf=*Up98}
zk|iRlKf7{m1Z1Gzc;2sG9f85>x^?|!W!aZ%9@3{D4IA+i`}vZn^D80t8ooKSP-Q9a
z26yJfL-ny^`}{T5IXV1S%$P17IrPC~Ch_TM^j!rq4heb3DWl*nIHxXq=mW%VJ0J58
zqX35(#qP&sJ~=s0OoGkL86m}7H_s=l5aP|6F$1r`=luuIhp0yONGqtq3GBB3!y-`F
zF&QeJUbDDiYwPNm{}}b@W&YK8t7b;=di)8jnXM#qKQpszt8zk3CoDbJAgs7|X*KyH
zu*j=ai2o_wGvwNm>)jb8TI~IcezbGf_*%3Uj$udVe{id~a%Cga0B_vbkrz~Qs%W$0
zD9M1MHVZa%+*kVkJt=3Hrx?t*A;qTS-n(Dx>O>;}RjV*DvhAcr5Bk*c<HAQ5pU~1Z
zKj|X%a}k4;zSenjXCzENE^!}yv0}5v!w=s$$;uxUG{%k70#WH?L-?k_MX0DOK2&tW
zpBdgUv@+JL={sP+lk)Efx+Y@SM!xf5(Q0BscU{i=bmGjKH5CZ#<|&G4Md2xddgb=Y
zN=n$|(&%Rf?!8IhYHD(yKX<MFD&JMAV@Gr&v=K~7gbwte+V`l(1s68G1>}71IDzIE
zsUW|R+iAKK)-DkT*We8f2IXOFXZH#0zFq5S1_qt?-u;9!+GThZ!>p;7Kq|bS7I-9z
z{Ze1E0^sT27pfjPR3d<mBGD=Tj*Mo%v?b=tZB}1>*Jh})ib_08IyJRJhYvHcP{c}2
z2VJQqq?lf_=(zuFyTQCjyLWH)&}XDfR(@O8o(r42h$b!ty<OUH^Nr^*H6tQXLDW0D
zg4Xj+WLz|l<X-sW%NY_Pue$&FZHfPH>)=-PO}1R>>T=%tVU`OQvct!JIO{yrIC+mz
z5m`yiepO%nC9ov%NUI$|lE9~7*y2)?J$Hx4g@=D6UNG9rw>T;;j>KeGQ1*rs7l{g1
zJ=a?J8OV0;J}oqtq;x*ulcgn^4%dJ7s$y^fiW#1XCk+~O7ni1gQrpMGE~#nTQ)EQ(
zT!dr&419|U3JWcMEfP&%Z#^1~3*yx+lkv_SAb(-;0k8rZmkda8{z-8n6+&Pg(VE+T
z83VrQH*XrOoDh?>8|pHC%`+yJz-^gdq~Y(`_~zL#Obv7QjA^8rDosv5af;X!kr%Kq
z8AkaCOA@wy(zxoyohQReC7;O3UNG@QmqCMb$wZ}fNn+=(@7%TP{e+ROwd6rw`+?c^
z?Q6I9u9C8{y<t)84)a56Es*kLj|VxQB}EmfaXF#EzVLr7_0X|nk+>{dcJ$P#=buaj
zu6Z|NZtfx*yhvyx&v!*pdvQczmc;G~lnn5Fvlw&aH=()b1u9yfppUE2t5+o9v|)>f
z8%cB`^3scXbvr7i$Zskmf0sF(;om1u#(u2@XsYyr9c})lZ<V(41%2c_(hK5FFtrpj
zM238h-d1x&TGuPAni%J2uxinwzNrKoq@L!bCH<BvtOhNY3ZX=XLBvS6Z+0fn?t~pW
zzX`QEoStb?0uWEOH{v#rDZPMWh3*Zv5A=$C6QMI++-|O;Bhj7xtI&*r70_N%R{E;F
zywfWB^_cx>)1(Rt#~W6KqN<e&A!WO+SoM5z%)6q5)I0&A0c4$ccycd<5@}r;E_DvE
zsYMAIV<a=RpEQjz9@OYsT2b+`dq)e5gv(eu7`auPRly(O2%poq@>eG!1lDS50n80f
zn?3;!zjjbH!3hO4k|*{XKX8cxz3@u<ThSMIa~p6iaK;e6(`c*fhv!9*hhnQA-K5rD
z;?#vus3YawM^*Pm?wdD*<eh*B!ZYI!L(BU9i`0=@GpkDZvjf}|(h+>-=*kT0)^0HY
zNjH*hUNMP$^7unrkd7U8YpH8>KM@ZntfPTSJRwt=CIwv$Ny<}yjhGwl6Ua5ly=mal
zcSH~VPy6;b2wqvVW?52X+SmTB+YfAT8U7?aea1$z?UF3(T1ud>{&cisk_?4kddCwF
zP2-J~PI_kc81Lww-c&lB9@6~}r@R^lX5=+f#U*H0nGd{Z+2!og(niJlY7&NLuWrSE
zY^Rfdv2dvinJq1cT{Lc9tyr_UB?eGt;WA5mi2|dtyqp^w8wPy^g;1~rE^3;XhQp<9
zs*r4wVsbeG&B1=7F0G;-1_Ql#sed3j5S2W^Ys;28nnzzd2VLH-!W>JA5|?fr+U{XN
zJD&@jhx7QlSsxDl0VzjGFVnp{c-HPQ_9FC2$=_I9Qab?7DU)eG%zN6AqI|+S#s~no
zCY2VEv;oXoUA7-~a0VtfxX{R+ew2~78jDuc>7f;C)OV`b8_8{~dg60ocblQ-^D1~A
zyj_#w_0(DD2fORi=NP2W{L%jT;s7dZ<x%w+7nM{V+HQiAut{?Ik%PJRs9mk%AFi!N
zxrfSa+qJ7rvjwK$EvI2mV~oM&utu2pIFZVj+|bN5uk~961YJS!FZgt@$V?V4Ov11;
zVL88lyN%vId#?~~h<JFT@+hOah%u<Fw152yWpWvh)y_%4gPT^M@YS^=JQ(_{xkBD_
z-fc{k4VMByjaM?tJ8kWf$B)<Lo}US#nRL|HV16-3%yJq4sud%DAfSHv;sqmto$*m%
zPTZvn7i?+d!cP6kkj}h43gR01+#%O4-rZd?dGke^ANAp$vHQ#a2N&Q%u2Sh70L-<C
zZ&dqf>zqfWtKeZOYq(|Gw#=qwHKAEXy$@voQLGx<hfx88Dy04QL7a|$0&LG9$Kc(|
zcIzDV_m58c4Zgf*Piu;Y4CfSD&p;bq?w}m9D#u@4?XC0Kde?yWg>5~Som(z>{|&xg
z#^CJ|Eh-#MJ{j;gGul3pCc(-X+%<fGvC~O#7pT3dsj2qmUE4{V<{0*`wp_I6<*i*9
zd|#)t&P4~h0G_7mM^A8WhSaU_^aoa2|C4R67M}XQ*!J&BNH0kkD1pd_z;8&e0f(}3
zHMB|+l9FC<^WVKofLhD+8l>nj*=Vt@>>9#chky1?8*)r{`t;9}j(V2&g<c1iLo1Tr
zOHxujpyDjiAi7bpMtc8ZM$osGucbUl7+yto%5u@~Har_MXU8M{3}iczv}}KdjfSHl
zD?McLiOV=p@)yaR)~^>PSDYUD?(dr?Wsk+X`LUWa>@)N5*XG$wqT-!JbBhq@tMAg(
zu*GE-qlxe1XqS@0G-HO#7VYq)$?GmHX8qC(BX%en`eTF{wKZk!XKTr*-(!N!uYDY~
zp}jcr`vL=BlaXt{iX8=AYa5t31t^3!9V@GT^69qY;G98qi`D$Y-Ak|{mood(5Vy6m
zyF{mVUTw8Mb(2u*Z`~T6S3v;*hYep%<8#Bq52}`wl#DvFdg18Puu~YaJr6P>d3fJ(
z?=f}Zd9t$IjV&#;5Eu}IQ3u=GYta`1Oe-C)&UHU|!-;z+&}XfifA$2awAO?PZwp4y
zb}Bd*gd=tB?Q6Nw#!*Ymx{7`v2_!V2yN`mp%Bg?ilF0i0Q~ju(u5N49%^yxtpGKWk
zPuZEp64yxCdgK7l8$R|+qHSpV;S{8>`76CeB^5K}g!jO~fVVH%!l3CCU_2L0RWZBG
z*Uoz9h{^<c*lYiIs~;*EkxN8Kny?=dA;=2?D}tps^6euh%qQU>g5u-{D{A@JKI{~_
zg~mr1!9jwF#ANl@KH#!Yi6C9q-@vcaE~dB6$mUMcTjGm+hi>@h-b$i1V)W^?wzflk
z^`Q`v)u{(|mBbD^HXGChZ8>vcPcV4VhK^DC8M24TciZSj#>YG1sX!bhIteYgY7%fl
zn=S2IOXBCzj1LJ}j;tiB|6DmIp7Q@CERZvFStw?kgM<LJ$Bl8<4}<>0#=XAUTw-TD
zYuD7>HF3d*5HQ~$*ELlJrB1r-6|UAgIDzgXc6IPAZUBuW>>H{309gei=a}b2;RMsM
zmH||#ev9sz4VGp$1Fc1xy;Sf(7D}gl;6VG(Lw<1QPH<e@yxil^h2W9??yxqUV0vow
zlISShY2|2Xe9FQAcE80wU>Y)W8o=?_uRnKMAc@~k_=vSkh~`2COkHwqm7$J~JLp(Z
zTzklg2>yZPp_nqBgc}Zk02f2_u?l`|BsZgBy5IxxAxfIq2R07T&T7e$CPEN;I4)%@
zYOYVYCh%pX7VTQ!<s$(n4mb3lad;6q@KW=(ve|8Pu7PiSx+?UVjh~|c%Lyw*Bj*8W
zInHljYtbNL`sl*k(+gix!_nR4NHL*-`h)rzPBj4d!D9q^GD)a?jr9lHNG#8X*43=N
zL;k>p(Zq#EOeLLRPT4w!*yiS5nX-9;(<kE@Gury<SG~Me&UGR7@VQ;>gZF;6s~*nb
zj;j#$=Bmd!Qif+I)bP!pScY_RH}ak_q(j%PPvI9nd6Hq#i^`D<4E{R}@Q`nBhSMAZ
z?30pb*qhB2{t^vHxLkBC>_PomF^N)z-5Ut&ffiy*6!mg~(s>~5-8!&hk}m(J?cC>u
z!fe6bno^f%jMOeVx-#*NtI5HKSy>HmWT*jYh%$oMKryXKU9O5N)IPZw!HUVO-*I$1
zQnZSGcgT+m?$ki>STn?u?a|ig(w^ZLGsinlT6%kyAHu7p-hp^zRX9P9rMSY62Yi7B
zB9?01$B)JlAUb-X%Bi9+PbADKjj#4chY%BbE67-bxw;OQ;^L0X7*bVo%L<Q`uTj5Y
zO-GvA8ya>w{m6IrP%eemyRpD{3p)iRZ-3f1SGMxV8o4<*b=`GwCZ08mNs^56<J}oD
zMdBm<a{;|A{GC@U^BMt`862}mtPBBhd&)?O&R%>U-o1SbiMQ2E=n)U;ieYgKZv^+j
z14ftv+MwY~9d&FrpPM3%g$CE9FjQrbxG;q9@_ottsGU2LUWrEyx9WgV_d^*7`AJ21
z$#e`$XwNJPiTl<T*@yd&6*e|Kh%EyLF15bH&JaGnOgN-4qcbHfHG`p}4zWn!$j=Vc
za309M>ow1rdu5g}LKTRC=xfu+BkMO{0Mx*_&Zn6+je$$x`jsntNlRY_?ewiD0~CF<
zq(E5MOtkG$40_U+NkmN0MciYmBFjl^VhY62`<L+0R#w)(u@7eM!iylHqHCC5PeDL*
zk?Yq_!Go3~@Gjm|e<|i075FYW!VCPS6cW-D+y0W^6LQ#AUHhki{6Gn_E6j*8%go^V
z&ln>353_Mdy|i^~6-_XdOue>kylkul&aBw=`AjL2!ZMCg`VD#LSll$oMkAlOQU(+L
zpWSv;@H6=G@>)buQ62XPCsN@=bMvOpOw)!|$yc!V`AMh9XwDq@>#$R6VA-Vqz#%UD
z!UZTNTlo9L41n-)s;cvo!OkSXdl}i})Q(E58)iJ)wpsl4?JCLH$FN%)$OVQzw@Ikc
z&%yVPih5VGovlX9Q<9lS#{?_y^m?SG1E#v3%`7W;{+z*DHx@6ouo!;g;r7XpK*|r`
z^;B|;t#hDwqm$Fg*+WgED>LJeW2erJ!3aJy6lYuZJpw5}hk}pzH>#X|v}5u>U52#=
zlO>TOFd-Xve1}E~7-R{(@}?<x0Ps<v;!BK)s&VxiVI-_IFmlN>i?P@ic;q0*RcE$G
zaOh@^#+EG%L!oj63Mjm|9ViLiswpGHPM*Ybbg@4*l?q-O)ZN2M;M`|rd1aT+9eVuy
z`5__3N-`Y@v9vhzm+owWpah3!t(~16?LGdvZr$Mx`H5b2T%ppsx*=aVA%NciagRX%
zs4re8Cl=MiuVjQHwiXn1X_K?X=ak`dM*JjC#|sg80vZOPr??aGlo1hJ&o~H}!~>vl
zbN@}@4hN~O_{Ud2qm4T)0|rWRD!8dB3jtK=eZ=&*?f6dD4HuV|7fS{TO7w=Q0RMKj
z!$bzs-T)ojC0@Tdh?<s15N`&-D22bq^-PIK3dEo%cqdhC0+$b}VlRu9WZ=Mo&%(#O
z<eWN5uhUEhae%fLIc6|eC|MOf54;&!Q2t3Jt)^x|kXe|_p@+bI@gkJ`WV%;H2t*ex
z!kef;(-n{a5IQ0{x}!WeKjvAK7#~VY$6>OCPnnG~sV3Q^D0*A28HW1(VfS(pAg^KI
z5MSG$PbP6dah7vq*zn<V!xnVh_iUQE0kWl!h;yiIqBd+&JP$XV><ZLunvzVZEWx2)
zzX0$qDh#7xu+{*>2E|>xC@9@rvb3GS+t-(*{L1KUouBAJBkM0)tKS=%mx%Lf`H28G
zTi#g5N`%PuL;*diQShgP-<8g!UswVOJ(B=ipMU|kv^=p8+3e_O-0wD5A@6KOhQ>N9
zTxh_pzq{QQyqvkgm|LjD)d<n~=tE&A+fcHCYFZT^6sn5Hn8ttvXI&e{1txJo5SMd<
z`PPFyT<hPpH)Q^yqzc0~UYAlAot6QYVaO2a8!j&F16aQ6-_Qp}#&=R7Y{8mk%a)<(
zAu3oeS`>w$7)IyoUW|oHi+@V@#K+~|`7~4|0G<G|e5?kjxfopBd9aZ89@K`LZF6W|
z1&Hg{DQt#HZs<Of`%Y4n={VK7p2?SQC~bUacieXs*N;o74bVoPBJQ6TA#};3N6&-m
z&oxBQ<`-nu;GQ<eNK|Iz>963nQmxX}4vmey#UKdqv>Q{7bjja9jqf<Dza%Gvrl=Nd
zuM1*IP_WwamN7V-*SdC(VW`1-1;wJc0DK4chdtkcWCQ{ajy?x!xNY#ZfVzsY6FDM}
z-SbUP4YUj8#2SC>$8)y8)SjC+qH)k)-P+e?TxEDgt8;n?OTPDs2-F(b0<zr{JcPgj
z_W9z)FhN1NV40%OFPJx{%`mP_79~f_mCX4e3U79Xg6YmqE08e*JkiQYyn0n`>@pqD
ze!9L(mzD_5Bgc^JNU1OmRS|!S4j96~%cjbI`_JPjNL5wWWR~&Eat_|rk@`9ZYVwfo
zD&%F|2cLcfdx!cQ=!g-g-1bCD?rex$8fUgz?SM&oa0czNwRbn8V(~Px=oA+dzv_12
zytVU8KL={N$W<?~vPxEX-{$5S@@lpZPPU|v^tkF-z9WYYeXpy#1>R25Pf6*!mug@F
zT3B!ty3#8d4aO-Doown!`j4>YG30`56W$dWpiYEfd350^!ywJVn+nTXPz4NF=?-n*
zzP)gvZ#f-l(g1$@sO?{%PEco%#ZIcWFu^y8XI0~G@Z_0)&w`y$8;(8tKy(@~bWqN)
z|A(<R53BKS-~E?_Wv<LaR6>d}ho~g;6iHEuWJn?;(Il23Ns>945)vtzOQ|Sxk(5T2
zh@_GRH0;;S=ezele*2%_I*!NlJT$Cz-|zbx&hxy^t1DwoRBhZ?zJ?va4RC@zJEyDq
zA#tS8M)t+sLlp)ddXXgofC&V9eSLi#rv>-I0$1pEDok(;5{Dhxi*|!+$h7z_uOb;n
z8pq2+p<Rk4&z3w<U&r=A;t##NSdpP!G~{YirtHD@i^<$8nO`bTt@jmV#2D=n-4`Ae
zmg5O~AKuox4$gS%YKkin#5B`J`8oMLy6N_rrR4L^!+oZbPsx<Tv18B0BeP(hj_p_*
znLZY34B~TdfCOBBh-?o}gB+fvw?H_LO`xA2dx-3ugn6;;ns`Lhu8<*S&%Uv+TURc6
zhu7y4w4^dxsDAmZCrv@rIjqdX!!A!*S(!T$_yAa@GI4y!_4>Sdf4MtDVF<P3%~58j
zUXn8zCqAQYz7i);W|%&*@O<FFeBCBs+mluJ*>b+n3`ZQm(5|k&9-*#SahR_)LV7`i
zyNOb}21p@A`U!_skR(kBqg6uFR?n&8(XWg&R6oQ0FlGHsw?mm*w3_=;;w`w5iEcsL
zM{okOA@flx2*wlN?`aD&prxr08EI^DS&_#I`L4HXW(@O1-jDEx?gJ4H;f_C{egwKD
z(vIaLaM;3AgGikQm=uMZI{$mZgi1({&fOR>eVEp^)O`AIfqy*n+;sBhAGAntdFuqN
zR~l9##HqTO_)0Z4HWEIWuYifX{Uy%eqWtj5lixEb_j3KXa|{0QQDskvv_hLdWy&Uq
zoQewXfs=o53XjZwY*|CW!HwYNySpa|(ps~aeHt1c%yFfF$%?-_%jqM0gs?n_@8+T}
zePM_+a2$4E6a8!v4p9cLSaHtZe;SdNzuB^7kgROd=h^`|>)ZB|YY5){#C}S_vuB%_
z_~X<V1HJ?dzqZags%3@a+~VFB>?EKRxtv9KmS+}j=%^fr9O+X_5oqUWx!t&IAQdM)
z?rkWljT<K+|2@??nbSdfF14G)aA{s%oQL^&psD|tQ@p>vd0m^0XJIRWOo<FU`3QKn
zt=-W%dzQ}}Wo{3<7MPtxG3CrW7g~&|oGX6wTVdb{_bR?Z{fyu7<Dm%TsC|$11MNzx
zq<-S`w1WR2DiMTVyge38sKkyT`!z;?6xpx08rx5CJY-v0DmM(Ibwb$}L6X+JyRh&@
zS7FZl`JKCWpDi9`7Ja;L4AQ|Si`4Aw2J*hD_wQf781=&jeSD|}$D_CB1eErq1Gd=m
zOUS<)t*!CEDBhc#tVfk(XqZXdr?El(gGIEQhdm1n2QqHIpxdDy^76D$=F66aBX^Qy
zK%DoCTODS?JF$J{P8{)l`jNLcVkNMftR7G&zyyQ)(USz60wNAQ1jDIx<T82?6-y?o
z2>4&YtZ~cUYiL`cJ;DKQkhd`^@AO*6!g5dccvBK?T6-H&8h4eq-tAE7=g$o|FKb^~
z+*A=<@W1IYn7$@eoEE`uXmgCE5pOQXbp6env3Rqjf7WqpnL2uO26p+2ZUlb}Xgb9B
z<p1Uwv93d__4EI5jT?Vzm=30-gkZUTL8*EK<q3u1VC1-ZD$2?qA<ECcnllY0!KF)g
z>sjU#&)^Ji@m7;rS$Vlh(RIOqj`^JP=YJzl*S^#`rbh>u)4wGQ3aLSETiKb*ATw~s
zk56wy^s$@L6&F|D#Bf#^R%BG;fZls(r5`hZp@_amG=6U?-m;z6#wZ+f$$^TfO%7I-
z1b#%G9w?Ua(1&m9(mvqk%{l64{v*|P`!NSPD%c!tE4|jq#0$k&A;IRoeiLl0A<3ZR
z=rxM*RjOHo$tq=XH(z%#s`u>v3&7#oVvvT^2pgWK$JSAwR*VWUm(_cgxaDS3UDg)Z
z9vI)Hug9Xbml#-Ek4Vr$@g~XOko9T<YHUB{L2<6IUqO5&v9-nY^-{)%Z)8rJI<>lB
zR_nbwpog1+H!wvPk4l6_cit{d4eI#_H_Ml7sHToObM|cCUcJ~(VH7cjc4BGFdR^>2
z7A!z-mX+H1Kr*hZ*bKtA8ygw9y!eUUr&a*Dc7V;mLekUGWfS#yVK6Uvc$mf~(eARM
zTV?Fn?SQhX-Feb6TCJi#iH>$eS_KU|XpE(_>rIdOr|y}IENj=D15QDR7#jy{%2^W9
zVHt>olS+HB1^x49FjWHBDzfvL<WuDKcpkG7$fB;QXt2hF*Y{H58S@1}rNx*R_v7Sq
zZjbO$wuFU;V^m_h`o7otoA)f7p9m84W9$Km{Snah!g0{zXZwvRzz%3*kHk?m7e(0g
zNnl3%PSe$;zbZ6sG@hkYlhR}b>MeTLnD2dqre4UQ(qmN_gpYgIRk8LStj64RV*I#q
z6>Qyr0wO|F+vHY9bP(yOj22$i!lYzY)}z@BqWPm2mXo8Y-0|g&usWnZJ#@q*v==F~
zs+$$A(<ie?hQY??Wy@8mJU5k6W3n76B$~0j>XXZaMlxPgRTw^FfS}s8zt{D?#{f-2
zp(!n$SvH#+^n(s3V&iKiODFV$;I{6<Xwb9!b|^=Ri{h7I!j8*=d(IXstDdZ%+I;u+
z?Rdx`y*b9l#=B#!xerZ-_l}@82iCbcp8uwtAYxd?BhXJsCBuK!YQ<thc(T5H`TCXa
z+g-OBwb3*xE^y2{@B4=+5vThfCLF&29pX0Jx@qorxUuVtM~|-2VPCuU2n_Sqt$AQU
zFW0MeID7uQl7x&ZqeoRfXsV;IQLtvaKe#v@6>CkM?{C)?17Z}B-_WED(Y`iy>u|E1
zfeP68YgUpi>+P}RwcSD0KNz`g>K;=(`_$q&YMEQgl5S<i?b^C~n$4pA{rlfq&?}&^
zLNm(2=;ClbPiIAmAz#iAFkRp}YZ*|n_M42IZy8MtuBKwZPcL#$Wt+<kqU+oKp_4`e
zhEt_8&j??M)$+n67kAF00*7pCd=R{Zl7u$-nUOkrIdPV;&FhWh5qUbtu_>_oliA`d
z%>YjMt7p%aT636;UW~nbm4-B%ivQHJN{-$pn`~e%Fnzf^r@F6!kq(UiUcg;0tRORU
z+~mpUa_|<giP*6*s}F0@J4e(2SrO!iMWQl(OM#%T6y&_hY0sXElXo2Kd&$RV47Wle
zgC|~#bWl~)evD`zcR&A3r^DL@Q&C7IlXoQn$1w`AwuTIf$UFroz%;y0A5r-U+6Z$A
zlYYFF>Pmuol%p00U#uux9?R-Cli)F47C7$SjoX58%RF~aD-!V(f2<w;LUIY)BbJ+)
z9hDh7Zrltp{S#F_FDPGRny8R?HU(2!6fu*cJ)Y|z_eYoXq40)na51sav`A62>E@4)
zucO!BiE^))vF=EscEbE&0v2_uZM4~z`#-3E5y_{2X4Q7tkBH)I7OrMzX7&(EQ+3t7
zoRn2=(|vE`W2>>~LFiMMZXyFU@jx=-u9n^2ycbeiBI$xR?^J*Z*1LRU9F`UK<EJI?
z&~37b|4qfNS&{NOGn2BBKHu!B+S`UzAF1KTYQcqLby$~GzsWm_&y(N?<U$yImz5Rt
zA~Dcm`Y;Ldh2AZdmoeC2`C@L3)j<6tMN%?)955xH4|%loOHAX|TUp(_Q;ACQ_{o#{
zn?cK#B&_l}bA7g$7LYgDLzvk_m4nPmMvqTAFA$cz+o82+zg8znSvq5<%q^*TpJFs#
zZw_5JCwE%`MjM|fS}rQdc~ol*Atmu)9@$b({vD<QiON!+tI)Gk4>`GI{rh!kkH1Ah
zoaUH8_G1KID;ux`9U~=ZkD0g}=&*rIue>#ESJ9e<Rz)cfw~7_7iQL5!b@}N>ET`X6
zxT+Fz<iQ6e)f|)85piE{6+J!}8`<m8z9TuEuZDDXm~J**cEHT((vpmh52SyzjH!C%
zYtd;|JH5%5bevE4`JNj$LvkTzN0q$hmVxi?f$y>Yjx9^Av%aO?sWQ>Nf&yp6h>ops
zg0>zMpWA*r&lU=XUYZ8>ytd1f-WfSLj#Y)zFotaY4Z#XD26)cKID)#pz5TV<8~MWI
ziViH|?xVwlN%It(n3!nSAHI^tPrgPip|Z<?22c4Pz&ke<`W@6n?zWnGm|*(nYe%0c
z9T!jH+lEb;&}%^B5s51;Sl6yzlqnx-=v*{4jr02q+r~n4a+BldSMr+&juhCWpTP|c
z45wY1v`vWy>G9)sTcIXDgZPjh5iKPCe&6=8yg;H^Ssm>^;aO7BmC#T-_;H4JGv2*p
zKSnQOxxHJw<|vmKEzf&mHMTH)WJm7w*4P=y1MYZPlqM(C<+>j@@L1Elb6?6K@3hjy
z+8Ca<z`&XLs?Pw2g$a&f?ptkbAKyJku%3E7C};%j0w0CpaZ(J;G6@OLf=zfvM!n*C
zuU@zAKpM{D9on^9Bdo6EEcGe8%T({G#WYq&ZZCn;i;L58NQvYp73#E>J@4aF7Xvc}
zVFTFru=y)M(V)rOui3@(Gpnn&j~onIMxglC&H0-J4Ij3XRHPl#G{=vpZn|f3du#Kb
z&Qm&o=@>iF#{&^D_7%dE5mgL<LD(@gdh~HOGs|VmPI`De6|mIt<7v3)Zshv)v$nC(
zBBD)Aefe?}PdcC~8Zz5&_%m1|J)t+pFB}Y%1J8E)e8z9XjA7uhy<)qT0%o-(B@{)`
zTMA;y+tk)g>+jP944P#3@a@}^DaD9qB_R6VN70IdSiv!@LP_D^5Q+bcT{kKL^56w9
zRqqQ?6AwR+-S~Rv|7ZaWKDvg@V47sI|00-O7-wwwh;b0TXR0N0&L|HbI6L4q%v^ue
zyoqjZ#h0}81b-EHBW&+*Rvo3Px)MitoPb<AT$bRLNGm#kY1(Vo#skrj5SYJ(yeVE~
z;hGavUt6nXUw-_-0~bOM9Uzwbdzes;ZwRPNA0(<QN43d$ub{W2{=9bQjte_vY2fMn
zRLrJVNnS=Bn$}zW2hcKr>XEFgWF8Zp4fOS~vA+QTBvGe*eb;W<q?!Q+zMB8OxA@{5
zWpI?$XS$HFAWY}u=xfEQ1RU}{)j0C)O}l>M;?qnEl~Y~@biG;o0OB9a`UZKYm2GF7
zsddTE3j9rMYKboJPT#g+a-w}UKPjn=Mb*o<Z+lkdrN4UBt#jvqr9mbx2yB+{w5Xl}
z$UC-pHTE^ax=K^iJhTs{rk*=*u_zs{IC?ND_lJw(IR8}tv9Wv5@o~6AC)c~5oNIkd
zMKtBOq_zv^j-6!IM30=3s}v)^uii(Flz78N@lhDT?-}`hDC@c-A_@{*oXpMT-RLfT
zm211$SX<LAxZ*I3${y7(Ae^@LMV;%=*D5M=EG$U1xRRrA!P(HMF__whv8r-*Y(=JC
z_xCq<bevS5Cc^3SI|y08Yl0HSp(Dq3{T8Lu+9gb?p^*DJef3+x3h2_*-N{AwXgg^P
zI>!eKfl1Bz355#n8lw~^KT4b}a*G<&H@{QK$GBHnr?}ArlzmT2Qw;Mu{)_tj%A|6;
zfU)$!gY6IKQ9UwubuS{~aUo_P{fl4hZr!ySPG@acC4mR~&*@8+$eL<@Cb;G(7)dfH
z9`##3Ft!nSGK4v65B;S^Ms?NI7>xTi-5=iV#kejB>97oR0W4MOHgHnLn>R|8_M(j&
zr~v3Xlq}fLPS<oSDk>^2PAHK6)K%Poj^kcHw2al(&`1X>;(=poAH)E~0@TejA|r#|
z!^b8Nm?lsDMK;5h2F*PQywYJ=rF%*->I$U3*hpye?<gQ>Dw={t)lM}f2Z*OUjS%-_
z+EsFKadDnUNui9(Twu*8S_IlfhO)m?aj??{?6h<YR2k8`i6crMCs0s4#*M#!@7cY(
zowW4fd`xn`LtOLBGw=JbY`a@im%Wj)j+WPZwYmI<=wlk^aOdG8xuqM{t~G>=x^zjS
zU_9ezE->Ys_ie@lopM~=?PKEN2K4Pakg?ockG<b-AOq$xCKj;|0)jA2qfC_14kQxO
zEpd9Gw~VTW2Eo&H=-_XEJh*ccA0OOH?F$gblMc6yex|j%=i}rK<J~8|&CZSr4;Q~!
zad<az4w%}bSzPUgl?jGHXcX+4h%{i5o^=Tnm;4G|IE(Y==HsLF%E1R|Wpj=X28rgi
zZrubxe$rBDfJ9eopN5a<r#g9&8}p?}YUxTW3+)Y+<*X67qhIMN7WW0M<c!Z;G^nla
z?3-NpTesvUcXWn-<R;dr_H@d~&AkQVvi+hemd(6K#i?#I7g&?=fu5KXYCLZT?3GmC
zT6z{GHcNA)`%|$zet93gCK5|9Mj#F0#q%A3Mc5bAaXD+T(ni?K<Bbg?0%&yq#bj%O
zJUvL~u3c@t+e)=|aQ2qIyvyg^y$hiORYV`O7zS<y@}q=MavI&639=oZ7oA<&uIVre
zFhadhX0tGiKhYd4U(Ss&RO#tc(H-KXhlf7ZVtl8^YD<0cFv>wVFYhe#;m^}2PY(O-
z+5=k4HEPVH<b$bT9eREcv%Hf)a!3leF#*M5<^)E<EzbkLA!g^~^gUP+)dz6D+zuvy
zy*J5&dWa>=ku@=D;k$)}rWxjZ>0z^?3H&>ng0W+Na9iwVk9k<*7|&?bKRWGRt6-0?
zY}w%pw^lA%6mspFK77u@hl1VJxdrh9d&RiOc_?qcW1LaCB#3RalrVY5W_tym<@p(%
zmf`B^-3DYeF*gsTvU&^vfG>lvQ1~bqv_@22Y?m6hZ_rJfWB9c8*+(xwgF;x)*FP_#
z0W+|2>AdG4!~^sU20J{&{0R<wTgl7ABWd`DGWu*B?an%f8tuSlXH9vh@&!C<5DuV7
z<1tHGiL;7OR1-Bp<_K^&!_3i4+0vn<tw1bYHtnyu#f)hc!UhxlCwzR863cs*_l7}Q
z?n&d06&6bvXMTJZ2%bP&C4jy`R5Q13J+m6iGSz6akSDoyH0$ygr-<a(w<NXe0L%;<
zku+HAhUSHWhjZ<5?ASrABSSmD3-F4)gvyS#h869@2u`nG*C6Ev`iY_EM3d*R>4O@J
zg&35k--d1fmDk+dJhP<{`#0Jrcio%8!O#EN8YSgYcII__FO{(k0?*pg5`*!MWx<mF
z2$%-nOP5+9y?Dm8u@xLMW*Z|A2xhAr8i)pG95y}Z>7B+x>-l_qIut4wUd%JzA*c^z
zSPrK-sO;HFKEl8e6&0gDs;6>)O>V0&6NiF$Xjf?D#KcyR;%g*hf%FhQoS+#O)Rrcp
ztC{JATugu#0~e;qRH=;L6CjAD8EF*g(JO6)F~BZFimqM5ZX}0x><j_8X7y?rkoTY%
zsf=~pL7EZVO<kbkL9D2T-n_awK(O23Rd8b8zGTWa9%AqzNOnYvkM0;sxf*ck2z#)!
zGu3w^j;*Myw8eYr)NQ4;B9RgwrB|Om8s@QYd7u#M=6<mkc0ut2FAu0~Xu#xOa587X
z7Mf&sM>tt;c-w>c#~!$ZrgTiN8S)TTFTq@N?7*aigX=-j&%Th!UVm95mmeQH`ph}$
zFvYxom(K0^p}GwdQHZhtiDC(|Wxm##iwd;zOO|Y7TA7i~C+t}T)jxb#fN;fPZolZK
zE_Z_J01g#s*2h8JT>j_3H<-6}>^b3ipL;NI?)>?lPZka0R^rt{G=rOZmELLZswb2_
z2+VR<*tgB7>ckt^dr=qW@v?(U-Pcq1?ro=V4qy6pA7M?Hg5=(S$FcrzuGLXOBigyk
zcEsNa|6Py`pkOw(ww!eK;@k?~;dA}q!GqjW^%eK7fnaxOzn1z0iwP)nyY8b!=A90u
zKtaApPe0?JWZvhW-DvqaZUpTl+GB7F=C+1b+F!d)37>kjANr{Ve)hJ~S%egFNNZCq
z9l&Di8|_89;wx~ELnO>_3VQI~y@yrW$EyEhDl^u?tOzP?-T*+)w1kFJ)Xk1liyhkU
zUqXI7c`_VjAFO=){jYz;v=KdGd1>D<mJ&uHV7HkR*o}#|PpeNG7;UbQXqpKcA5uIg
zi2(<Q&F%Dd-1ipd{hi6N;79By;U4;op&0YO&`YGN$Elnt#^U{zpQgt6@jt1RFbRFL
z=$7Zc-3O<qquT+?2t=j%z#KQW1r1Wyo);ArJ$$$tLvqxHlx|EIQPfSlT<Vij4Ai8c
zuKu0305nFi#{yK`wYZOO7IhU>+oA-nNn_?ttVm8`fz1~bSkpe7G5W*%|EUXV17C2`
z0rpiQ1MhRnq0{9kh=|2==2ZXuiE}@jW6Jv#wG+&}^z_<y8(5B35>o2J2L&!s<u#G0
zXo#BH{L93*GT=dq7kY?ehYy!SaE|}+^$77~+HufoUg7t-S{X)UIUQ|nS6FHeBjs%n
z?>c<k?<EK$O&;u-z>t80l4$SXp<6814Dx0J-VlNrqXxHc=RaMsbK&U1e;57I#fz()
zo#VMFbXnK@pJxjhmO7DI0kx@8+qYR+SM1td-k_qQBGVw}t_w3K)idNjlhq8h(dS-J
zW0@y7ugLW{ESR)XZgF?%*8R?&9m%Y~%k?}K^R+a-V17V=8_Y5;1o+FBvyE*UN<2fu
z9)o1C1&}HAd)Ma3(W8%wK&xf-$b>nWiw4b!cc@%BwFhD9RsPODU(0)_+!<`}hf-7a
z{UQY!MqQ>c%ev^*4K>t5!V!AV?tmUcNT(cnE1_dzR!5pJ)2r9N8S(^*G<EeY^qX%M
zE&MHTwVW&R5fCQO&?3KyqehRm<6xYK&t`ZSk`M<-h!8`={W2@jEE1-D)WlS#6cO}<
zML$E}<yNZ=lJ$60Rk+i*x^#H8R%ENoXR{;3dHqNn(O$A)!Poao$$zP!YG-Rp^Q(Mw
zzIn%v`*vDhvtSM>nT~pT=7p}|T<pJa!ED2@ck9+|*nsgKScJl)NhS*ydOfwm6=x4|
zocsLILS`e+LVT;*xN*J<hH03D>K=JIMB+Gg6_?z`CfGi6;{e)EWKIsfE3cQn+TFol
z<(r<zUP|lv&6#=a1fvF`(W<Zirus}GH?K&myvou$P7*G>&~KTP99dbtqNIbF0rSxR
z8oeMkh?FNWU{0-ZK-l|8ro+Q-5X@jVq_*<Re8A4YWaRQ2*G8P)w~uu6j`}RnZ`R#6
zm9Ju|>uz(ESZ%MdbnbP}{k#7<J!j0{?c~&b;G}9YE^q}Tly#9;E82b@pphyn3Nm8i
z8#F3cy$t*G_FejBBxrqoPXU5Xzg6n2_zD(RQtnJLc}zoR&+Bt{%&E0mJV}4@d1$AH
zyR0{FW-_d46r)%x@2~d?|G`}-`gcUK6I)x<G&B;K#DmD#>arDtn+CV=&v2;hu^e-C
z^$_fmXc4&{e=sFMYoXHfS@#VEo+SN463Mme*I5mY#t>H}XP9{8H3i|;h65^!{ip6;
zN^E%lK1O~V%7el1wv<Vy=7GAgdGKK_4au?e;FAEdywzd89@B6b=-aY%#*DVD*M}`Q
zyVrITViIn$J;MXZpVBY2-dW+Y(~y*(*z{vQ`4`lPAsTe077z9ucp!PXlTsNPbMFJH
z2mAEit!rFq^3iV*9v2MDOiR1Li61_E12i^&Lo12Koa?k@$Y+i)+F#-YqawX}of24X
zxGqAER}>XHs=MTjjN=Q2aiD0c7^W0D5C7q<led;CS0~a+ZQz&SqWjc})~Q(SZsfMB
z38i+8^oPe<zaWRehC!*=$!W+S;hEIcaA<1WCOLle=mLZh1J=;gfW{Q^A9M#Sg1ZtN
zJYPXZMvq$I`|SlzCsCtNw&*5*z|N$k$J6>RnV$hMY^9?jBk{y-;)X~G5IGMSp|GUT
z5o5WZMP>_|fF;l-(MW*xGVDVoLhlK+ij&CUG*(&<Qv6s_@`DnSfKDySW6Qm13Z(rT
z`GcF?rTvWg^VKF!j06DT027%>&M2NI4OQ|HB*WVdDLlQ-WrU9<B(g>Mz++HsG(TYO
zJ-u;UrZ%;`u+%-}XMH_S2BYwkF^|-Hl9{=K=aozY;X^|rzCu0T`GPKz&89EHIM~UP
zD4q~Y<ZP}-k0Psw$VDb96B3w88c}GE9)?CnkJsN91T-?aQClxPsjQW}icuck#_2hi
z1+-%&A+%2)>hJd52favK;WPZJY4;9&`uE4bky5NWmM5w_xaw=!e^F@bF66Wl2ur3s
zF)QiO?>_j3gc+3czP_2D0PKUrg*S^sJz@NK`|Xj__Ddo-2NnC;b!L{54)FbE2MlXW
zO!{Jb%hN?DdlHo&yL0~Z=~n=|FBd$1JQLYKqM2;QtjZ%YB^rAmxx8dpdXQ=w`s_1p
zNwQzBn*pTveKN7mzs3$S`0MUJG|0SNx9KMqHZzSZz5>xxG79L7iRgFldT;&pE>}SL
z96gyN)C0zw?dVBv0*h>olioC+3q^t0B7&2ccx2k<Q>7TSRBPe@x$;M@(FxzZ4;b@q
zzxCYI-DCB{aUyrw-B%Op?CeY`V<G5o+tt<9{`qPuY^V^<>V}*ARCV>#OOfH>JZg#(
z+EJw52TI>>7FMlPR8;)h+B8E9&xLMo*`yYF8J<^tF}ow2kGzhJoq|CO>u-u3za?bS
zp?v+i=`VG_{iXauMlZMn7B|wm?`DX)OZ(CR$NDveGTk6KbV!)@ecq0lw)^kDq2tVZ
z|DGDTV`3RW67@n-?~P>*r~s=L&A_p@)sVSfWKS6TkmPP&x#Awh80W`eKemK*(-Stt
zJ9=__dB7h&2vF)caG$bYEF33`q+9omL0plX3_j8a+@|F8Oj^ZJ+86pNhFd*70T5Zd
zn4(*v!+sFwhVSxjo-~~(YX;07gF_d%I!*?Ee*Nk?XzJNH%Fq|#VMS2KiW2G5Uj^hZ
zFXw>h>EdJ_vYIqRCE_b6NRc);7ZuNu^7DF;mewJzjdXa|zsCBy<Kv@CjA41va00Rq
z#EH1&OXlz<Yla*+(t7x!&_Y^F($>_Ze`=j6<~&w+&qq{40_t&$!q>&#emrY-Hb#Yo
zozr%SwR3iMp8C%J$=!s6!oosVSmopz)YZSx5lU(Y({pjzM+|hMq+?d+!<uO7$?BqZ
zhvJBS0BVxF|0>erdbnst-3_D7^XtKw1bkHH>g$b-QsW2*`3vq-?h>Y9bxo%FFA{{w
z!ml;nU(o#p@YCFn4!VbupN(@5I!kN|1J5Jfm_`c(9(HmZm#u%UyLVkvwsnc2A^HcB
z&8NF~7Oc$6BV|2uJtRK)4%@(@^Cy)3HVJ>R_HffrK}Bj-nG0lG*y^u)_!3dQ#bnm3
zgZO0zEsJODIP!t^OG+=69y=h=CV(nP(4VrfdDx;0D%%rt6bV!Ovhc8%6P+{Xe(+9m
z^>W^M$A4nC*>d3Z)FU|s*&l-c1_*_l5fMgAwOhG1HLq{73G%Ga1QuZkvtLV3jdntd
zm{=nP?uc*-z3lTM;0{`oQQKQiFb4Z=;wx-zTRg@Pg(+Y)1`h7gW4~Kw*<XA(XDwP!
zu%wP@7C^DI9m$oH>pHu>U$Aqc9eN^Yxczn9Rz)|XbvK#nGv{NgIyLgBdk&ZZXghp6
z%g5#~x1M2+VMSagV+*n1HwwB{>>xP~a^`kGVfgSvF0y@0E=q&Y-Cvv5jeRAp5xttT
zS14|#N~T?J8U^^v2}*8Wdls8lP#}2Rd5!)%|0=z_e3j({Q{|RdN|FpX2^a$W23+uA
z^I12p+*vA7rqRQ!S1k`D>T1w~O232E6NY>{bLGi%6I<jYIn6I951TGIx0uT1ZZia!
zNm>n~N%HjclXUd>W&V1bSb85`VBX$~VMItebOOln8W8xgEUkDo@_EQ`$kX89#JkR?
zs+H%Qjd?QbY4_PVz_bU99i>VHd!94Pc~W3CcxZeqtbnV+ijJCicb)iy(b5A+tAU9+
z3F{?~#LF_T(b3*-HJZBpU0agYBu0$rdE|*k4>B!kHLczUU7|4c5G(Q{d@A~B^MDgz
zxIoNJnWP=Y)tTzAC{d?%)Qkd7YmdUp6z`N`Ix(Nt5f0ONa?L*~va^}?sm5(X@{#dm
z37-jXxTj$)V_H^*@D#p(KbZ=4QVabIh*Qd-Z0OzjFFb-HxUxg<%{tHECvco357HR=
zEww0l^=Pp)_(%`^cOhgpY#YNL2G&gc{j&P5ESm-X-~gYsp4tT|W}_iD|C`fMhN_-8
zB8)`Y?5?54LrEf2DrG~|p~dq&8aL_q3~n#UU=C>J#l_nY2{l&j{-fIA@9SwP=t|f&
z7rC);OXJ6%oQh3{@cQ8h54`P0Na;~|t%-_?YtXCs$6F}8f~H~CXB)^Ky<f+z0wk>m
zY_Lcnnn4|YgZ#Ftb%@|7C0ho6B!Kh&7%Xn`50S$w2Ls^}bXuXsCj}Ev2DN_4ub6vp
z1WyElTSQ@$5+A$-p&H^c2ZxFES{M+OShPi|B53PcEKXG(OInQ+XBX4vjWhyu`b+?k
z5=)Le07#vsua7~MUu*YgSRo<~Nnm69+<KL#bB{}&^r*XYXo#p&_Eur}hWV4$mWD*Z
zB?ufjfAkCm8U4b0asvjKV$_wdzWtq}B!kmEv$rxb4<*6iJM>i`49>_lBgeETxm!RF
zJ^Y<(G7OkZwqGK3!)6&z5r}>9&RAJJ;+zwPhZJ2PwE)2wS@`%|SsH|R3XDFvtm~na
zpqn=xTbd>pJ~)_t1OhgvXCEnsFL8H3?eM~Fa^lsi$pr;2U@plugpah;*AbDCKa9_!
zzm0LMxoYRUdGj|wp#zNdUvx$-Q(RA#a)&KR!409ko7T_qiBKzC@ytTN<<{)57N`7v
z8Jfn}C__R{BfqPU1*C~D>Y~wfyfN?N^+o=wKO7$mk`$DY%HGfxyv|HzQkd6*AC4&Y
zx0xSSLbtJP-RSaJ(o@#D+v6!di8(KX+w>=#a~6#7Hqp2rf`OQLMJ<tg32MJB$|g1@
zhEaLUo90KCH>)ynOS6F>k%yLNl(VsT(V}i~Ri&owI&?s9r3sY;cL@^3$pau}8fEju
zKfzVKCP~koDA>F(^gymgqWc8T1@Hl;;efiP?f#+Mq9qKuQV0XM^CgIq{S6i(KNMOk
z>W_ilI`|Eo|8c^emKp4M`v35fjWXqTPkdCKqnGdT`+7<n9sN!B_1k3FAOhm?+{wG4
zV_;9;9OWYy<{wWhwPm3tNrx#Ym7eYQQ_8~r3f&)Bb%hl+w3Ub%LCg@uk}!CM#YUBK
z%!F+QMn)da5!BU;+6e+<CfP7*j3#q#{<;t7FfBE;QyR$LdDO+Ks+M(qm!FgqOCwF*
zl%-nS2)B78?k+ysbCYWtcW!i*mU7ouYS+F!-*W95I&?=sc`RDa!}hkiEe|o<O+(;w
z2;r-I{Us_vv!--TrrKDc`}bT7=~chK$Hnf*aQ94nn*C&ihK5DNCTz_5aa<9<{^bcr
z_`U2cCaa;dqtEe;uADS^vP;F(6y!*$Ee?QzNSpFO85Z4uH$Y<ur#f;NlT7(hHtrSo
zF+57n#kQG-?lN+~z@^|kgV~zLldXD6^}>mVQ&W<KULy4I5{xIABBD?`bZEAj*+4hl
zJ$u*y)Z_13fXS%vpZE^3I}17~6CJP#Kp$h-;;n*{j;mD7F1P{c5O^zrR5g{!di6?u
z>eP6WcYgYTw9-?jPq%N^4m~hKqi7b$sB9Ma(Ym*~(o^fR?FH%L8Kuod>Jm`nf4$r2
zoT(`mUE4N^r`D8)wh`&5Q2V0`m-5Pa7|9;spld*B*u0T#AG1JIO)bW33r+3XwahF=
zKIxo=>B(Qy7kZot6DO8D@T7fG`qK;kZ}@_<3K>sUk0##_*{*&X?3E5$0dqPQ^CZu1
zKIi9`es0`s1?(AH$$|tHq5QM9PFjB$ITFyYpuwzu;7I{eoT%#EFn4U<qkt8~R-uVj
zQeGT|$Ce<PVm9xl(GwfN3E>FBghat1V-^l||MdMkyE67Jyqh%>FQ?y)jgb3R%v<`$
z+aPo$G68*d4yOiS0Q#_7$=<5Mp5>bak}|~nxz29sM%CyIefK&TSXeOUB*|l8Fkli0
zAXF8z;;1I-<b9=A*Y=>B^4Y&>)$h;OpfmpM2!O{YKHhG*9UPpZ`hq@yHDuM*cEyd9
zNi8+osX<7z@M~lgB^zVX4x|x63Fj%jH%rafruo-*N=>b^-~9H2zhxi9!2R%T_nB|r
zy;}vEAxRQn0r=kS=!lt_@Zz=ryZqhaQ}N}C$I(lZcU;%4oTnfY+OOx#)Vt<!<gw|O
zeRLH#yK4*!JF|&zPg5g^@iq{t;#W&WvFzz+&Mqp_;S{ePt15Dp_In8}rlG1z$z_5!
z`67Nk_a`uVgebNh@Nc85;3)=w1So2{awTk#<j@@6e~q_0+~P=@a};woZ(d#+)MRtG
zm<d97ou$o#n<`PN0WW*oIitaLbxoiJ$Dk_Agv5>Y^{fCInj<gXqwC<aSA6_9c;<*>
z#5+jY++)SF1DD1vGMW{*G|~FiaBed)h2@=OHOHhwK(emt_PfW4GsGs~lR((*N?3=(
zhhr2;QrhnNF=>(gJ^FsaHBP;RAd6+HC<u*n`?<dg{WkzXr1z=q8-=j{2!5NSNRUl1
z3eprGhG-?*-2|K-&@gYEq3EZw9nNe;Yk5S-Rv?>VMMe^Xg0Nb$wXsnf$j6AqpdY@B
z!`hO#k9v_dLhcwYlrtP1qm$jR8KLusN~b(bu-0CjF`10ZHN$ykRXN)#cnExalRD+6
z93^++DfaB;%U;JIf1PR8e&2lraT$oW-xR@c`QtuyCRjDu9#D~eckQ^tm?YF{tdn*%
z=o7yoIy0Z3MO6p>Ks`cd!Gp=<$ghONAC=J~GM;|8SX?D=Mn%HdA2R^SEv0n8lc!AC
zKIsCYtKOam7QWX|paY|&BTgY(Bb0Raefll)1_FvBe2MlAweo3SD=KQ_m@X1VB}w8>
zo(L^yauSqWpO`oMX;Lv@wu=i0D5bFn!}FSDxNMnKm<cp0`XVsL9=q4H6IC0b^W`_N
z)`%U80Ol0EI?>w759>aG?n*~g>~b$k6gm5G&YO;OKl2<2g<#`gZ{IVj`XGqVLuJRy
zngPPV<jmwck-&~IaLJs;?MIIX3)T!)&d=RQX<P(aQprny$HwY4J~kuB!N>&AVm`~t
z+DT)lv)xSea~Yc>aY-eO0R;;q?b&x*udiYJOOz`Mp)%*z)vJ1fXcS?0XrLJ%AGoP{
za!J@u?Ka1I5Ar^A=gSfERY}87BFX4EIdcIBpLZHZt7I!C#WdNyR{dzBc=E!9CWycO
zUbBYzqQr|FG;)8E!CxobFK5?&{l(=*Pugf2T3r6-SqJd|z(iapz}OH5agK3M(3t8s
z1uS=wa05@2)HuSqQa$VoG|)}Q*4huh1ClG`IcO;q%wH~AWy?P1B=16A7yAsOjAl9@
zxrQW3GCl%Y#Qj7iYGAN>bYGw@-V5YwrQ6iXJJb@4De;y-J%L^*SBV}tCp<ejLaA2J
zVhiBN*RLzFzv$neKcVMj^{8hb^*%2Lr7?7SWgznx)D=e21<A=uT3UW2K2Cy%{xDyh
z*-o5zLotg;-L=tfy6M$`0H)92jK71o{PokhgN8()NG@liU*Eg66l<jK-_<MGdbb$0
z$bw<DR7AFJkxZb0RfJC13FS~zPaWq|BXE1qpATs|lvc{mWZIU%L765_18#xUGz?nC
z9>;}CSh?}V{`a-HzWVRhBjVw4qxgN)=P*BxT`w$l7JReqnwSzJmie7OkN%VadI%N#
z)M({+^KGT1^apKa2HnmHH&$S-19>z=ym*7mS|j1;eK|RD$d9HbXiFj`O_o&fTu|7B
zR`Fad0--}F?E@V)$pE&PkkPvz8a{LI9qtV0n@JhM0{7k4w(Ii;&K)L9z(6ySV@e*w
zt1;bQs{s(;%_0E)J@S7kx;Y=QqiI^qn?OVltE;%BX%t31TekH6eglHJM?W{<0&-Jv
zJx9bRqJlv2EBkV?@RakMCs)Fyk%e>iJ;?c;!uz$KVxF)1h$#5`M_K2I*_s>`){Pmc
z&~kyES~Y=g%#8G;l|8cc2t)24G#_J@OqgXm2b6{|*2i#z$sZz!i?efrwV_Bc9D3(l
z5{T&IzdIo9Re0MQ=cB*+xkRKun4pZ}CD-S;ukU^tlwhgX&vFJ!>?V=%7{F92#l7zr
zc?roJgKicBUifPnTg7{LbX@MKl%SY^C^>&mJX8fY@2`6scnPAi+cw#>i&pWViJp&_
z8W=qMbSm)mMm}K9)j0kvITl;N^U$d!8Z2<yv}PWE6rOg(nSP1rZn?XZP4!e=TEV)?
z+vL9x6sGhiD1^7G@RfbvM_P1TI&x{)#fyc;Lw?zek{EDMfGBtFjNq+5Y2?Fx{`6_N
zvGH29QKi0vJSvu9od@#HU8f(-DR`b^wtSiDPKw&(8Ugovm)%PSe}EsKHqk6nKH<Wt
zdI|?{K2lg3j}#?#&tm{jXay(&QisKT&6s%~*qc5~zi^%x<&@Xq!ymTC*u1-~DCYqJ
z&%pw4#5mx<&^5eud)aDC5W=uKepy<h{OeU$(Z*e5V_rnW5-IwlnuP=6u_3WrJ7dQF
zXzf%cIWQ1`J!NCi+Ojd92=Yp$Ji2s!u*AEku7YW$)nkR<#*H#((h>1c{YrE=CnoX(
zWM#(yuoO2EPmWboo$~SF>)f#8S+L**kqw@ku}EGZTLW(3`Y9@300*w{PN%hLzs#Q6
zPhR0Y+KB8=PTZpf9?taZ#BbZUZo*y-;q^u6T~l#xD*Ee4#(WFM1Vn~sia(2G6ESjS
zxS)Saol{sE3&gDAfxO`)G2Inj6twvNMnn)sdCu|z(}{l$bXSa6uqtt!9>#OuK<puL
z4kkk->Gly^Bd&T4n$};D>#eUKbB#Tiy3axf0hVM=wB%zDLrIb-$Nr57=4{4oXH4YM
zW1&3uJQ0Ws8SwpPK|RejJ>Z<N+N@kbNC1MYp;3h|i6C1gMNlho<MKRQ1`qR%v3e@E
z?Jl8<#&H+6_O@Ld1%X4Z!1EvOJz#*ROi5xucm858`%W~>VM0vJ%$ne|K{dHQ_#;?W
zQm&)pP%0HPdiW?P%Y~f=sz4fd*w61-Vd2Hcmj6~j;TVP2dCAtMZ5%uu#PcXsAwPI}
zg#y`XY@SW2c@aP|N|OtxPou|K`EQ3Uegbo~MsW9jeVC;n(q~l=5>X1Aj4z!;<qDK%
z2+O}QybF#<faOIM$stkRZi%NZ@DFF2g^Zk$J9jD>!R)PW<_L#EA5#2*P8(?gIt7j$
zBEABOfh9|T_N=pR88z9|x<=t`#V)p2mvj=*6e96JX_ucrl`YUgL0{4|3+sUH(SOlD
zDoOA!s46Y>J$_u_Z*KX#-_=;8k7A~cUOD;X%_3=0hAEb<!rlDdg47A-7?xu?Idl5-
zHW;h|9nP79hrUcV##@QqBufx-U_TBV0&#96BS8;R?;;<<QIgm2VZ%s)btv&XdyiVW
zWXZWHJ2%B`PE-SBrt=gQ8i25%OrsrST7LWXu}8aNE6`0?OQ5vT#s>I|PIRu8EaQl+
zSbg$R_I6_gg@fwqs-5tRb)xW(pY0~mTSz4VCg8!~K;Q`r`}NM$6L?s#Z>Neh!;lv*
zq@tgN-$C!qeTOZ~C9^R=hxXrQ?b;r)vc;c253h`mJx8jfahj*qS#)jx^D_2YSZ{d!
zQs&W1H?c^@VAZNuR%0KJsub%sw7XP!@eckq|NIy<G`wG~ziSev7wuFHJb)w<GM4HP
z=7D+_RrFsG?||#Kd(1XBf53fazDZwc6zfj7?vNJA+3ogDqQIbJeZz>nHKwCQv4y4@
zf^_S|zN&`HH}<7ZB&G?7JznaYHhtwO#-ol-L@X`kp$~H2^H|!R6)*-ISDyX6?^8??
zU0rbUgFNE-*7_#Cwwm^UyZKMOu$%T4p*bWMR-B5J@st{Af-GfjQiD^5VbX>HV!Sq-
zQASY30B+ALY>$iM3(K(TyD}Kt&~{=_o|DrEBPW%_3~|c!?yOH`Fi!&AI{S0cWTb5S
zla8M`qcLKHqKp_xjYZTJbCg>EN#TZVQ3rJ#)=PA`nZjF6f@Yz(4UHxc3u8odA4pLc
zbYMgP#%Jk^82QI(X($MRTU^teK#)T-12I)UhhnpOi0@ONkSRb1(KW$5R~$-wUw5O?
z0d#_KAN|iY3>;#hGi@-vXuEa?xB|$id4cc<F6~4Iz}K%IW_%G8P_VEhtF+kb6gYw>
zlaJ5;T%MToqT~AzlKD^BsS1S2XycM4HADkI7osTU`agJ-ulW~v$FeDsI7s=wD}ERB
z3!=O5u&@!MMpeFG=vo<dIHHvHIE8ROAuqb13<%yj1}G-lZVgt*;N%2AFzcfc+~5S)
z=9QB!rW7j=8^*+Q(5+h##Iu)2db*mwM>RvI7@9`zB4HojqK!)C{?6Ar?M3#xU}gk!
z@gWb>)3*{ebJh+Yj(L^}t{m8#?Mli8%t4g+C@pP%-@)?o@bWpYT0=(MX_m^!L;v>b
z?3hwQKkx4~^SrgSe(bo17#kq4IIOfDUO#EbkhOT6aI|=z^!z>gwSIazfJoKEJ5*i%
zC^s(;snP>^Z&*fMO(}~XTsnaZ35P#1R5=M;I><Zw&W)d})<f)#f$I06e~@BAJCWiA
za)JhgNz(|o))u%hVG2w|Wg|Lj3zs<J8dzjri}`27r|4C2_@Hm#bgsWo+F=d?fJ8r)
z>dO%fMwmOI?`5ZRC-Y&x@9$dZfL~SVEF*)MV;&_E(}N-avD>~~aIn2mNv4kk$Y%|k
zX`c}BmGbh9o3EK^yw?yt01e6_V$h6`5M9~Lf{1VKCgT^zZrNk{q76_ien(D49&NsK
z={}<vkVz^p>KvhLv&kl5GV%#OLn}t9Ih(lmSIA1_<m7kUMGbrTevL?^7uqV%A#U>G
zo5fdXJMJbFU^RHg!ZqpoC@gdN6`<mq^R`X~4Am=V8QzKEF{sW)F2>e|q!kwv^ZJW@
zrvqboc7f?yo{(~=zz}G&)ElE+I1e7i(z_GKkKddh{h9#~y(_TdfCTIqV#J`u{KH{=
z%e)ou^YYdP>#vG)=;~(7rZ!M$x|SnHo>6<!BO(DHwa&bexnkryjtN7sjhdEtMbY@o
zJy;o61P;LZ9rA&k$6F?6LF_R?nsatm-d#Wz5^G^W0c;AwAYol9?lc={En5o_p0WlW
zf15dfxqUYM>_5{69_3F>mpp}E8wTv{MtNhjYE@xJEhaynqS>na_6?Hpm$4P*8nI6r
z=@P4QBP#d@CW2!4(P#$I(h<K3ItC%Ne25rmub9q4tk~&5a#7>Lh+uE;bRPJB8JRRM
zqX)lIQo?d8&|5y)flPxXOXe<Euz9To1p`YiL5a!2cY=cEGHgH;_w{8bn__PRniiau
zLP7@h=z--IH9Ry|M`=CgA$pHSb;Y_kv^UV@6a5~L^&}Y_hH7(iElkecK@+^wz=4qg
zckJ5ru_@QUTjt0A4^hRyo^F-Dv%2K1OC)blFHvwX|3%l}%3@8j10p7e9i_&Z8~<c6
z;4Cq)v$F#=M{`Jp$4ms!u}4+&|D^=!orm~^!4lPT3%1<tl1G<aZXk8WI(IZ?1#%wY
z1e<OzXPXe3)~qR}{l$hxVXR=54q(rYw4TuyK37zzjn(G1LmEJV35y%ZRwQfYB|m<~
z>0|F4p}OtwF!Z9X0)c>SFEy^;{xq|)PDT$^aSzv^@bI_)ESX>|d2%Sp9oH$HK$xX>
zII*^?UwCG2Zht4>2TvI`9t<3WbPE(}?iGWa%@e)TGEwbBMSU*1PG)P!3IVAaA|oar
zB$<Zx|3S<8|L7@#9!{^x4zYL{YF_^b6S*OhMyDrqj_i)1HBq(>Z{9?mE;NZ2{w$*R
z(5Dg0$;4tqK>{6ov;$Z;{d7xiU59a-1;3tBX1%_am*a7F2Sc{tBoYfOo}$&3E%@CR
zb^PL@rhbOv^a2pq*|UxS+>|RN8eBVGtGxlt=7G9yb?DrwlU&Su{*7dL5ln&Jnx6y@
z_dGrQkgK^!BqJ&{ZzFRD*QxjKf6=XxCh2f4u*-^@yKAd04+rI|w}(eR#^v0cpenGX
zz{Zc0yHHuKUE$E;rGex7zf4VS?<S;_|65j3FoT6LCR6t=7$)rCqkRRuWTVFp+9em{
zfo^VY4AxQ4^*{u;>e6VeS@5ByAC{_YGE`@qSpt%%#F_Kw2UkYeCZ1mt_pN~(%Hsg%
z?%3J$@x9Pch{2fvp^=ded0gOIXU_C#JuR!p)5TTcGlF0A)hh>f6f3sW#L__mnDN&(
zce}JX-if$ITgQ0=!@^l=E5jPLw+lCK-O7aC8D{G6_N}YT)0{NPk?Pq0T&1zBhyLa_
zYu)S7*8(ZuUiIL&w@!<$_<e3Jfe5E0vPCdYaY`|F0HZ#Ru8*G!WiM}f^1wwzB{!t%
z&zUh%8#uUMKdgh?EWJBQOKFdG<Qn6qkX*xjj*!K-ptl(4u)$zJ4doGJm(#c6;xTyl
z6gTqRlmEq0o}O;h^eC+k<N>F%$7V=AJ2`6UQpAFmMLKTryoV&cOL)iRW1vU7G(7(z
z2A8dq!N^kc5JMB{4wM3_!8qZv$7$SZymYDM*mKD>qP_J3+i5w?wW+USPdT~mJa(`k
zgWvb8uLt^SnWcV4i^b@q2>ix6_6a%B<KioQhASCHkB&CM^fRRx(5Ul*S6H?mlfl(X
ze1*8seZWM4e#|MKN9_PcOc-~y=}*@v2mldqR?lzJ%w<qS&{mx~5+&pDh`Ts3GT-4~
z<-MZR)LGpQ?UyMT{OjPK>f-(X-ELJjlL3iRxbPup1Ai^<AK3sPLtJ8tI?<x#u7S=)
zMbXmNWDPEruxt@`7-4x=_wJW?6o@L1jka-~z(G2)%<Jb*p|r<r2oOH6bG3atlLI?Y
zJ_sHR(o#vOsn;n&F!IYubaSJ`OZZ(c*ql%qDlVfUD7FjTekP@u8J5FGv%x|UAr8XE
zreuCskGwuriMt0%ANCv5*_*gdPI{O}-kX{FZ|_29?q>SarzGAGySVD1b3oy~QfSZo
zG~%9v%g=JzgoC3KNq{~PHum<oT?HS=V`b-oyG75d$o)#CWTz2R7fTDi9{P={M-g8N
z8p16Fssr6v1<(?4nL)$)wCAXYEX=)&INDS~2X@s#+gQ5&<dc*8tx#O86eX;X$oS0R
z?2aEZCTYtjIRpMD>au{>GJ48#9sd{}sKRD*Xql^pDAs#$%w0Lt96L5THF+`7K&4IX
z;phpinHOMsU<KNi=g*NG{?N2^Yas$TwiYyv96dtT;Yu@SpvjA(ga!pRLwtp{=|d&h
z*a@eDg1}S2DZ081aj4qj;xespEZdpfJ6@t&U@-*YwP>7h9wIC#kkr)j^7EUrhV<HX
zHP<l<+c3p&ax~}j+o1>u{1)#X^<8y8^qx+4(c*M4Pi@8;NQd%)7%!U~y2W5C9dKT^
zE!g=-+bO#1LSxVRe63+WFt1FJxE2B<)MVt`Ve{LX&jzNPe2HZ1vxeFVy8fx&qk?jT
z@2*RpfDg_*rVMs046!6_0E#D|(7wOqw9QN{irKLN@rYqdEjHQAwec$LVJa4br;HwL
zKpolAefb%*$t$gz;B@tS%a)YDQ8Jz@yf$n&v<@r!$t*7+8XrC?Ou?{_ffsPI9W99f
z4<o%tC8?pY*lKF|O9V)|OXXY>A?lg`P;i@%o*B3M--)H>RMk@vVY;s@`?JYdl9AZj
z;u+;!;b=@D!BA0C7N1Va{R5UPQP3Bt)A~AX#><m&g|WU2U-$3ZS3Ev)er4|8OAopt
zk<m`;wVs5CNX;ZB$DzM%Je#?2nKv2PyY+Nf;Kmy7Om4HRo<NDT4Gp{96j9NAeNKC9
z6E{#C(afB%E4fO2RcrB~;@K<Ks#;hR&SVws(ZYXO-|nF|<d-A*x#gEw|IMf5Re-<w
zhg)O5BLXl9dw_Ef$-~X9mHv1)D0<E}#bm}RFVhJ)_jpgdotcU|it&mSF+8%6P=pdn
zaj-iG9Gcxe{Vtt8?LcIvBxddm0LBWF(VjhF+dG>zbSRJ#NQ!wsa(gL;lVIRNgxQ%J
zH`pE8xw&Zf!LVN2^h@rV552H~nG0+Bh!ZcynHd=!NFV3S-0etR@+On60L=8DH*c16
z=VptEA+0I9sF*i$(K%&=B+3yg)>V_dKxHUJi>>G620QdRvqtNC6vo69BM%>bAX@`f
z62SRU%T#+=MBl9JkyRgTa_9xU8vO}X8aT||;Na)2+kQ9J1b~-mr&p8ANU?Wr+(@&C
zYgv8JmSLm4gF&0IEyHvcgz?>2Y+=#y&Cyg7#rktYX!<T(7`RPsy)ZmJa%7i^lkAu&
zV6PcoX5Xr+1d!3EMro@8hU09AwQ53E05u{k@&b}Unqw)SEX=(S2jb+F8&?U1*@%vb
zMgM1VnCb)lAD0UhKq|ZcuMLYf1vu>7zWs#N#WiFSsyj9!%$q*lT~Fv!#CNOuGrE2E
z?qaNePM)0Q)gRZ>X-!%Go3r<x7kKOD&7Ak|4;(sFYjKpuZ`bzi^n090I{V(|W}zzl
zo%lSAKKIAqYz)xgSQ||v0R$PJZaGcV?tHXo^7ngNhNRTzYSb4}eKQ`ux^po#!X8J*
z>elEy?IpH}D_N1rzU6>`8A?6^bm!tikL+0~e`%=DvZA%((k)ZXg5@G$ljN9rZ2J6b
z_E@2S6NP)?f~zFKs&nwSFVrC1$eN|SMGB)J>Yz2y4g%JowqbnYn3q?t-J>q1m4e4Y
zOoLP5lc&p~hf7W+)EF}Ts23(Pga>b39Pu5L0OBO>lhv03dH3P#8?{Bcy1REz_I=7M
zM9PLI<(<f1)FQRDwSj)ABn*DRs%6WR)$)SIJ)CQk=$`_`k6kMfQ2s$c$glV99|!}?
z2%xcMYP#Fv{b_rQd9|AhTc!S4%7JLP%h15w=bNzUz_TIHzrX0iA!-~YAC=L8N}p)t
zNJBv%_rJ7@L><nh6sKV@qsAc5V@rB?VfWgmO_t*}O3i&TM+<GiVi{lp(D7HTs=x%1
zT1?hlz4|6U|7aAwt<}0OO=?5_M+>lSjpl&183Q1nruZjpet(Y$u-4Pbqc&}@8~N`u
zB%S|hKS`?BfE#2VOUr%JvLMx2A6c!!b%_dK;_05<Ofkh>1()K#E&`F5L+}nt6$~w&
zG;*q#J=hMgq0{^`6UchS$lm7`yvxqU4{-bJLDRdpX%<LJoBD-2eO!&J_vdVmJa{k_
z-aKma`(&%Jj26%l174-^yBJ|RR_K)7w0VEw2=*F~Ac-#cIX6<~;>aWseB{RBL#BRa
z0NdO_d0s7+6Ny~uDuu}w5H(zeDAu{gGeedz0rnjp4uv6l031ab;Ci(<qGB&dYiux1
zY*Owh&wt}5A?02z*wJbYsctqI`3@$DYKXd!6X(X@Bb*D({4Tv>)Q^@MHzFeYg<A}v
zgCBX@Bn<PMc?#=M2vO9$$;iMoxZT84P^0!*9BmLsWGQKB8?ZN2>TJBg!9f^PqTmc5
zA_1P1l|`TcrWe?`KGIy85kG|y<$hArdO1f<@AEb{cMs48!@6dPt^g0yC+&S+#?yuF
zX*DMDBu#7rDw>qBz{+HBB9M^~B<&1ru%L~=_n=xzQwYSJ5{mX;?4+G{`8mo?><w(C
zrQ5e3G{t_-!iA%T4xMRect2AP<w(Y_*k<YBKry27pj>q`Sv`tjZ0`{$^*WT|o*NNB
zSy+(hW|6x>B+@rrz8q@6GyHzJ$$w*l15Cp=z6QbE^U%4}++xOz6#B^3N5_cFGkC6%
z;?Ph{v3WO=#pqNkotmz8;1}uc;>hyoe4?rXwy+#!e%}tcE(VynE5gU2%Y=|C-v@wA
zWs|^Vf<U1tXG)s6JVjv{1uy&ITy{pc!b3w3lNcS;uNEY@nBs6sshX3i)6%$>L7F!U
zJBl(&WyKPH0^t!t$1pd>9v@=bU{QuYe|zo54V2~VT*o+b80IRu{W|U;XhZHGjj9ii
zj&7v&`1@l9bV2Km&o)z2Gng|B-|<D}zf0hU-jIe(VD<r5SwqJ5!H2OOIYn^YZ&of?
zgLab24OKY2*i12yV>y8ono#vAr0FT@aOCtz+}9?$?dkj9dm9Cg4mpDpy(3OVg@uJp
z8uF93E3^C!ZU_y6|E05DUS0hcLG>?~J9oMmNfT8w?r6JQhl%zU&RV{lwN|B^FZ`|<
z-n4f6@4d#IICF*v?+?aAh@>7CC6I^MZ(Ii+31dlH!GxpF92Q;OFi@e?6klQ48{GxE
z(*$1@zW-b_apFYGj9Q?(oK|J4an5*^7qYroK#<&1(Hj!#@B-@FuOHUOixxe_4|k5T
z<&0GrJ|XVq8}=@`kLa2Xq#^!Fr~ls8hFs7_9uP1ewmEXKHhj;;qXu?LTYFI6-I$ok
zf4}kgsZ)<jYnWDt2~xwgzS2Io-+yl*jEw6{KS(9ZNCs(hQJ&x>12<t{075=Q@5zf7
zBVk4|>${1{BT%XHQ<#Rx%+DWLX_h<qzn^lBk<wb;2lde}q_?C+meFK7EDU&!KLZ^P
z8A3*nXhU463TM;7o;zqyps`ul%8EkBL{RJbS^@R?$KU;|Ark!62{1AD{K><agEKOz
zhj7%TrkxL+lDiOU6FbRSvr@@|6gKLW_Isq5D<c*{Q_bT`_Fl%3pYy>4{^-74oF$1A
zY99J4Lsuu!s{nTg`mKpOe#${gWIurA$DDkKi@nDz*Q`;j?1@T&>I5<!{0&R4Pt?|M
z!rX;$UzRv@dyD-6wU<sAOBU4|P?riCNfHCj7#p^1QGfi?bs*Pd&OC5O_I(Ktzvy_+
za|;R+-4fX!K@cZQID;ZY&uS|wPr`5az}8!j+b6KDi?T)?1v6aon>lw}9^Uc(dqkds
zsI`90QX@z)SV{XiPfMPYqq2FTY5x4FgQ~dN1+jKB|2q$9nN$swJOl}*-i~Qrzj0&!
zn81r(I0NXoI-{4tbPYQ0-Mf0ekK-b>hT;G$hZVL)1_sP`*3zlNom~$yVe4GS*1x8;
zZt!N23!M*NwwoV^tZLN7M9d$ww*2bgkB`vvc>tj<QTfw1$gPG!ee@t4q#T{N!}_uE
zZT^mqh<-Z5({nI}Yro&Re*Ja!jR4IA`WY>rAPjueex^}DXp1q&He^jem@r%=-Z11l
z|IT;|>$(Xm@N52yTG_0?P*cO5IIZm;#olQ)X+xbU1fG`GFi)1Z(Yg=e<b$xz)|)Yl
zs?%<QmVEcrLiPyex;&S+AJ&G2gU_FJI@WQhjM$CksbuKD6HA4WVBuOnXtzpH2zW6u
z+=`HZ#B?^cG1__h<VpMTRk0^=AIJHD946hNLvT>gm~$_9_yq@7nsNvW#~jYqszg`3
z!z<V=dBp&V8h#vVwCA`Em*dvne=n6i9puvWPh}Kj@qD$wdVwnBwI=}C7wm0i;RC^o
zMLyh<hY{x|dLfRD8*Luaf-jflca9*X{EaL%ni$P0O8(AvQo^A)W+l~W+Nwb_0$!t<
zVpBko$5W|{fYA5fP=q&)aMu-g>B8Jsa8JWc7XO`<Gn`Rmh-M6xGKe{Qvjvz6$_7Kj
zabw1W;pfFeKcxOm*4cCC;O5<nAHg{ROT2j_=d_2nL=%B)l(n*0*W1X%gw=OpX*}mJ
zrNY>o{r~)yMz?SNyG(j!H&j<`)_ADy@?~L|l0yB#Sv{A??pre6J;%wikJqf`^L?GX
z+pT>px7Jhc@xBLo-&Ddb_YKWx=Wr(S;r9f${Nc5)w(fFRv0C;~?XUfZChu7P{hZSV
zhfn!V-(y78=aSdor#kJ|B^8?C7nd(qB{?l^wt@^!;b=>b#(uXPl8TKD1sOMq8Z?~~
zpPo*d&JwurQ7b>9!Q5$Qi>ily3pKh&N--&Kf&Y{VIyyxv6RA<*qfwZ#){7~!3k*6a
zD2Q%|`)fI1Acle(gcVkVOXRFw#4;Ez&D%C=ZJ)k;3DZUap>`-GEHV<KBs`L2^=^iS
z9={xF|7EF}%7|ZIgYS0Hn0dv3bq_a5>Qe4F?kG)~)K{z3=)Akk6gZL<8zF~~AexM1
z27nDzg13`xAd9O}2o%wwCK|mRN23T?jmn8HB^C9ij|mI}V&rdf-@k_eWpQ=(Cn+zZ
zkc&rdz3I~I)HNpHR{W^o@X&e8m3ZFw=OAO-N-{g8AWrGtDs4b<!^=4&9-$pDjv^{J
zl;y9}b*M+U=fc8kn`}aS|K_H_zC4cXJ$j{E2AO``!wPN?e}tI@RGa%`(2Ny1*D_?W
ziO`Sdje!dDnB))TEKDxfty$x9{P^YIlMFitv~Hi^Lov2=WN)oWli>B9m;InH-@8{t
zA<s<S*AG7RtUW2i_3YE9ExF+yNvl7M*Hb3FGsn3{8G#mXI~_N1B3gkyeUSIAKlQe^
zW%~9-%*-_Q%xQC}YG^oaZX*IRY;-JE-I-F6c7nlq%4kYwGMM-ZU}xWr?N<~t(T<u!
zT~#%f0eW^o!Ul%Sb0R`f15i2#oto8Idxwch4zY-qjN<W-48gBc$Bw(%bZe&WeeBpQ
z@yoMgW-MO#HBoo%DbsZ`zi7^AEmW;inXzU5jPpzTAeOca>#JkGVAu{=nR$Wto&{)6
ze)xB+QS{+Ht3NhVuSicvB9&ck;e@OALu(z(1zD5m<@Ce*sCz>2yg+<d2Kv3EafX{-
zjvEqh<Cn9mqa!;u+r7h6LSI<e=pz@g(yPO8RD*NoH8nSL`0JdbGk=F*sy|)KwD-}I
zTxfXsu0;`aQf~tg!q9K9`e>-p?-2G5>WY`hzoscrKZCgMkgx~RTjo5|nL&27pB6#@
zq4V(S{JPqFf_gq{ckymo<^qxW#)hL-=XP<>s(s@99bBPZYOXs3BC@{tysUqDT<YV;
zJ||c?uP6alm^BZ4g4Tc5w0Qx;>MSmYJ-c)7>QBEbZd*_7I;j{HsJJkw^S8K?%^RSE
zuWGOG>RA1^3>AsqGFDM$HwlFYfX%F_mDE=<dd&O5oH9^-ctcBLUw+l2M+%Yzrd@8?
zJv}j0e1*_k`Vt>G$???pH0d&W3~G$dS6*2}>(NtD`ONd6WTZ-8ccnmvddXb<{glhV
z@}H#D1_kD3GQTzK4eu<6a3mVQP{sF?lhX_FoG~+HSC-&X5gp4yS4i0j_5Cf|*Z-u;
zpL2kz6$J^usd|`gAo1Jh)WIsN6VNaQ=@<O{7Y@q0v3RgVrf%}rcX#|yu+_cjKOyL|
zl$XhtQ@sKcFV<CM%_==M_G9GuYa@2b%FB<!C-TF6htG2YrtfGTEZS&=el}O~XY9Fe
z6klWlC|kgrYg|xgI-Xo%-*98Q6&w$M#8s<~Wt(7{CM37W7IZy9D++*gLdVE?Sn+h^
z{swruz@0U^x=a;DkJ7ZXq$Io!?@7)?c=m4CsaB>&BkGW-_Z~E8(Uy`TGs$s%r7Pxh
ztB?tV8*a1zf^2bH^@pTQ5i8d^9Eph7Nx>iK>g?P^Y@U1SLt6@PeAVyXapPfQgXdDG
zUvaAG>F8IFw(5j|x(kg>?(eJztGs?+`<nS`ehgue_*&BnMQ!Hv^6}#`x{6#OyIsOx
zwQdhSb^DWG1}8aIUyf{n3uO#Hef@p@dW6;JzQly^_w7(#3A<B@ThW`&iGc@aBsrpv
zy$C=gj9DDiq>fv4r;xj!XxQem>}Y0JIGKzyGgr-o`En(nzGdOyuOoXuPfZ=h&XS;I
zR0KRR0T*JDwli)hG0@c&8Rd|}Nhp`#u>?D3Tt`@(3Z-nsyi9w=WzXv*NaoGdKi4?E
z9jqxiPG!E+Q1ukYzaC=}I3hK|Vp*e$?ds`EgL*1T<lA?}o6sXblloR0;DY7=Aa*pJ
zDpvqKR?zpEw(su+qMw4paZJi0AuK*Sx=rGzF5}zI$igX4tT<KC&^VAKB8Y%LwDPEU
zB@W!EXdxq3Y`-6azMuvGoVPk>Ow!x+4>p^jI?ub`Z!dkLf+Yv@PiJkKxAN_#ow~XY
zspsc5_uXi<x2jWy;G%Zw)B%BE3HR<)U-ohPZUl0t0Wq;#_0Zq<=iGQf_=Sw*$xDJF
zn+76QB7k+H*tK=Jr2(Ee*JA#eyW5GP1CL&*X^WC1C}hM_D8Oy254LB2<rRaC&xtRK
zD+18eul&V14R`6XPeG!mc&F+&r5fD7O$F-jMW+1}>ED?H^7!0fSQcB@HD`YIq{-7|
z`s<xQ!JljR<&AOBvc^Lv6vVggKKWd0U5Be#YPzQ0;ipz~j2T~R9jAIN9@ypk<F^M>
zirF<2v`p12IAa|k-_^>}%d0x~8tZY%{RcnlM?$i!M|83MIs;*Lka8(hM)6v(>qTuB
z!M(9ED$YRVTAjH-^gzJcJpbjaeWz*<QXNd$SGwd@#sA}>y0k7{HDtPsWmqHsKleA!
z+5mi2N_AxP77X)ET0LpXl)|`Oi%nZerIVCo;~MajRuJRcP8Ipb`GIS5|Haev#1MCX
z_n~5)ynlaN>*1$pQt%z1XPZ^ER@5KfXb8;%6+T8@ny0JS<TsTGBitwA<69a_yW_M{
zUZwUUMc0qXs;0$&tx(Em&YhcE;3uecuZEmA#HJS?gdj6@21%|aY^;7d7r6+ZEes@q
z=)y)CS?RDfDeb3fzNy~#$a0M9gA>zE<T}^B)TFAS8riXI*;^>C*_cEW&m15%T?S5+
z7c2&VmpS|D$d~*(groK4enzW0+XnVi+qwKyd5rGbUTfz3O^~aag^0hd((i=AVMM?A
zG5IEKiXz%vSsqN@_0+i$-e74FcI}$<h7ky6u}aWwU00j=PKZj0&GmVtq62z-t&wW4
zV}oe`9h-kgM7H3eUBd{8O{*1gp)zTjB!d>(+GXNIzl9ZX!-fuJW5jIJMe23e-6?YB
z1x~VUZ?x!7v8N0+$N?@z23j9)ZoI8E+Y*--wXNA9^1l*IM$T$=@zJz?BUzqEB|#c@
zyKPto6dn7j==O?nwhf^12bL#7^qR*xWSy?~>RVf1|2^Z%{^H+2Zg1y@EKQ`AL6?89
z0-_`yb?LzhTA<8{ULn7?v178iAiHkvM{a&z+LekPY*!qkrDbXw@;YCc6Bs_EBjiH(
zZ@8@R0_j-iI%3tD&!-<-F4=j0qV2rkq7ZW}LeD-0hEapQKM48VfIc=aa+G&kO4PLP
z^OeMU#?8F-YrJvk={J|DVjjIT$nNGf7KYrxqalca!QiaM7hT%7Z4C(4U`Bg5e!5jd
z#ZujKS>uu0t(znRNz((|r)*<%6)xAAd&_Ipztk);7#e*y4e2K2kZCKz9(;dM4|KnE
z-(=*}Mc==E-ShjWwQV!lIz7``jq_=xoM&v)i|trKWH<Oi`{-^1w(0EIfAxPc_9jp@
z|9$&!NJ6nA%~GZ^MUf$?Y{?W7iIOpC5K0*v(2SH>rbH>F3=LEi%8-y!B14ii5JDuX
z^ZIh%&;MCxopaV{t>^dLzx!sl_x^r{_xrl8_jQ4AP^LXDS!*>CdCJ0}^AQSPT$bZ;
z{h&%u!J7t8JhB2tAxpLlUSZBivi}&4h0o;9A?Olz>|E7VnJ7^bW7<)33Unh%i|3tB
z9y~aCPoKX22c}nXl9CDxUo<T$>CwUou<k<N#clv}ie87{jfoo^8})r;-O^wFQ<HB3
zjHGQpKmXB!9+wszKXN2ku}>W`E_M-#zXITOR7UsA^pqjEBYZxSSQp*aK6Enoce%`j
z|5V$umn_;k_K+;39=WkGQHpw!LK)95)M-y%3*!X6dRf6b&Y7dhq3rBQrvg}v;=TUr
zO>o|voSanekqW!4=FEvo?1Oy>N|gw6oAO4A8I^(#fg3F3GzmWq8Fo{*|KH=?A=$IB
z8}0&mIXQlJE1kZ7s;P_n1XzL=Aa5pPLS2g*6Im&l6xdi+miZONe6Ft#)hY;o6E@YZ
z8PaOgSxGBpr`z&-EwTp%h&7#hxi0D?#wP9P57l{xvjPGpL$%42j?veLcOJ8738Qi4
zS1<?4sACNrm-%^m%bN_Jp5V`cGRmYB=*xR}wsI5IsN6kULK(qk9-kiayQ4^4HYZn!
z<yyD?F5ZB?!%0a_vALc<_9uG<gSDuW05>w(MIM{`ahFH8MC*yCYRebZ;kE&&C#e}N
z*Wp5fH@^nwgg6WBQD!sUZk!yA)h!L+ikR(?Q}s93@1`cYW8q6{fRHEYXA%=?AUi2l
z88+0yp&QaW+Eo@&1FqY+aaHnjKEtM$_}Z@@t7hkI#ZnPS`;{vP{Kx>|zO?oHho7Mu
z(#XFp&r#(;^)__RBsQ>d>sIKZvW8_*7E^y`x>32q#OzxsC&@kAdB;WSCOEm&MxJ`h
ztBvJu>5K596iLHgww5>-Md#t}k=h7>O_j_X%Z&+l!uKRto-1zbH+R^V69wE~zE@QH
zP~37$e5N+#T!&z~W3LB$n~oDfr%s)YAMK@?TjegK6RN2hVpGd5W2%O%W@lJO_D!@;
zi*LhiMb;JHL-Z3DX$C+u;Tpk5Cik7gjf8v+?ie@jbtcNfJt^RMR2qC!>clu;)^Bc}
z>*SPhoBvLjP(+Cb6uYsuX!5yv>V#s%M*5T`uj<}dy#^=|OS7hiyM1sbiB8D3?NHwp
zckQ>NA5-HGJUG4K&uda$Pun=uOgU5Z8mT_)1kknG?Pj^h>$l&z6~41*ZD7*%z?XBZ
zULTUOX^Qx!TtY5N1>h^P3nGL0C;BkhCIpkbEd-Zr3Y=UN6ar&A&aI+U+;IIIlqA*z
z&iS69L*CBz`qMJeth=6)jGb;MRmGi1H_3?>oy4BMZ1}gc2R}3`tbUcD-x{<<xbr8J
zpG_%m&gdHe*nx;6wJPJz2@s|FCaL;2N`lWxVbZbKA%TbT?Cae3dm!Q5?swu#@EEhw
zE0-<LMfWaGa`CpSoYf^j+;4Q|<;#{Nc079~1lyD~)1|!gy2ob!+H+Cgz34t1KjhmB
zCc+f~vT^R9d!)I$worw?Io?GDt`UaYF`q)!@$PodT0EFZDp5^}q=LP?az?zQ?+0EO
zCGX?1CkR7jqZlhU?fZ*7oRr3uddm6^>f`4~YXV6#mhIX?J;r@1I~(05bF5`kj(Lm|
zE(pb>4+F_no7X4gqsL?Yr}nE>ku9QAW|wj`Bf~k@@WYfdpSOACdOZL9@goZ4j{X+V
zevM<Mlzxt#+F!-k$FSrQwZg4$c}|TS5>Mxyn`eK13d4g*SxR<44<@;NWVJFTPPt_i
z8P@NG+q>YCV><%*O8ISX@l`X0Tk!~8vC7^azlHW6!uO=uB#!3NZL}lVQ_vB%-M!FX
z?HV#k^YO;QOaxM8K`PR+1XUHA9C0W*)td67jZ>K}LGc9C?5+B>R#RbDTkG%7v=VE%
z_z*fL&L2N+9Frf-P<YW&*^FR+hO+-_WR~TPgbWL0h)2e@;?TIt#o9>GLi5Gad;d(h
zkcH<PK{pGtyneAy&ovB(?`>su3$QPYHu_yu+1~sMtDdl)Ftl>qSAvO$e&-#GCv1lx
z3m=MeCfyAk2i{=$1U~;HrQ*_pk0fTPswU``mfpWVxNqO(NE`yg`Z_Oa0$&m4W!T7I
z<mzG7wYBM7*cc_hx!(M6s=0apC2C$qeQakvdjF-dvG<6jHxLz{J2;=&3Q{)cLg0T|
z5$8)zgq<<VygT#v1K2ZwY%Lcj&I9}c`UUAo?^tkc(<N5T1_7fubKrM&Tg!#}KiGV&
z*PB1bK?N$i+p27u;{8Ze(lX9*tf1Tlo2JPGil)f~qPMqKakbuPZZ7kD?aYo-Qk{hA
z{X&Z?K2i;vQsxZcyn_&u>k`m(JM4G5oR}dbLEG?j_|Tzhpl7X?^l0zaMSusB%bC*1
zrlua+-NvmlVC#}5FQa<HQPgww`;SFLfa#Vkm>FXkLHw-tl1obQt`bX!B2aL(PD=V6
zdd*lare{0NT!&<*&#OXzN2+DK`}T`LAbypO&eJ22yIa;#C)0EP-Eb6Na|Sr4W?Z~z
zF;oGcOiNodCce0hzZ+PKP47Z3gQ>R0W5!$oR#mBJW+(UWQTTojcIu~2xGY_}cJ{H~
z*eCr=S+h^a``TMIeHG>ID_@kA0jAm7wo&01FIaSZEEn>cHM4pfYiWMyc|pM>HR#9B
zMA8Pp|L1MxqapY7G`9FW=KQ(DxvB@IGXpbl&G45)Ob^ZQnKdV`puiZbx#vTo=M8o%
zJ!abXrqk+Cu#W<f^+;~p+-+~%K9Xw7**Vv?jq(5(Oobqon##&a2?AP7(ZX0t<)eik
zKhXID0v2vrg9_~^83*a|g9kBpQY<r|KQ8vd7T&Y#{kLDl3`4x)rE&Le&=2oY6D4qT
z%7fkGD?iQE($Ki^>eY#l&sR%>Kx$y<#BM7tUtoiW!(tno=~>f_^k_(7v%9)#s0ZF&
z&f@LXJl$x_?oGBNiF@-liyID_P3xet5u?{>w7T4z(}v5p9Nrl8^rlZ^T`$+{ES<G~
zb`8&BYLD@{<(H1+R51BP6UdEdR~e3ED_3{ZyFa=wrzE-Dd!3gz&9{rbZ0_;~Ci`Sc
z6}tqa=pM>oz@(%udYN8C<g}qZAB(^gN~X`B^XhkU#?NdE?f!R9$lOGRU{n5*xu2$=
zxh4<>^y&^*v#wvC&{}&&N~zzg$~a2v;_<s}*Z)@wFk9PDI>h7dCct6d_pvPwhHuWf
zv<~yTsqtc$$CdBTXo+`LwkKyy`Ppg9b6iG_-gxF4IX;lPL04CFXCrt&;tHpHoDHXs
zzk<DAtZ!RuO`F*<dJ#_avbbBcV=u2bIyjgG9@%*t3a+P3xs|qj2HLHST@Eb`vnl<3
zn<8$s(NskWBEjzX$J%L2Y(V37YHnP&?#3Vq+HeXKW%HyVf!C<?Q|9jVd{|BYYpC8m
z_SrBU9R{B)g~sM9ihz`YLWB!+V956YNfs~e(ftb|6(6E*1538cJ%e$8k2!PtG>M*Q
zfsY(NZZ4(WPF78A`hKvgJJBG^kgG*^WWCiG`;F@PZe(n`*M}nede#VK5E9EQ@;m$W
zBXw_(e3zHUc6s=_F%RSZ`1tOH*ra5<FJ+R8AmS<7^85B$U(H!;{Q&3wp7mowbr`v+
zzt#_twbZU3@*Xy1D%D@}wyW9s`Efu}gO%O0va&kmJ&*5@365ip!9vB%@(eFyYBIGI
zyS4Wi6itZTmQ(R2tGlzgJF`JL<(V{zzhB!2jZv>f^iy>2mw(=)M`uGLHoCb*Jv`IO
zv`3#lef}7a3wDK&a*;)itY@fqr()eYNzsN|o)5EAuUxt7J?5RgPm6ad;ymuk+r0-o
zn?#1;^cYL)-Jr|$2=3SA`Y+PCt9~BcLW$-|_IuWSw>vk{%mH&FGc9aR5;U=RNz;8r
zO7;j5q-C#OT}O*v?4_muhWmuqW;nk9a6`BlfY2R>e(E?%G>~VF{+4pmtP0x!0sxi)
zUUGgS-x1och=}L(SjK0qP~{1Rq}jf0$l?K@d2aEEBaz>gIrcs^r%1FWfA$HRUr8L=
zZ1<gEVaBBK{#cy8Xx53J0p4?722J0Z23*fmrFO9Eouh)prc7xm=>Mrgzo5!{Gh1?+
z4An2#RDL1W%BHez!-fqdjo01EI_eEo+ghCQIxKoZ@x+h75O&sy7TRCDHo2>*{|=>1
zg~BU(TEL0f7z14Hw0<IrV5-xI<H-+~j<|SX$lj@rBXhBMkdl<Nh}~Q{$>a6}%u$4#
z(kKhu7XD6`P%Ey~6V#24jlhxeT{>pnq3Z_^d%L(ZM@ZSV&iEuiO3`H}>S?ax4^m^M
z!Mk&ALwl?NSLc$pUb^&D>zQp~(@ahMe_T9B+B9V^rzaIG;KcUi?yb}c7@mKG1;!<e
z2l9s+%5l6OzPyFu{i@sbD_Y05c(m@}Mv5oF+=vkfG}8KtpO8hI+528HnR|{ev0~vV
zvk~|S^Rr^oqfP@?q+MF_u*%)(j6HF>+>t+aHdu^2nF*mWBlF}s$Qn+RJPUhw4;$+T
zKd7_6e4VxFrBbJP+;-_#uL8t!FLBXwUxT1P5L~^g6!rmuz$n);;TkDx<_`KB`9n#{
z0H_d)ASFdOqM7xQZM$~OfC}2OrI|knIYv1!tDB$dEb0U9Cy0$KU>v(?X(~pt>$0FA
zm5zL#-XUUAfQB@;2sG!14}_IGhSq#i=L=hzsxJ~g)wT@(<GyR&4E5MM)zt2G^mH^t
zXjS$7S=1@he#?nj9279Xqs15B2}?q!kKfI)-pwAgU1n*U?JA!^ISAQp;wWZwA0Uo=
z^eBsGLFpy<_8d46o#;#1L<>mawUJJhs1O2vOvK_H$;s<WtY<9~)X$?`?>~6(@x_(l
zUcJ$x6wCN|l_Ec?v>L?})Be0%-R?}wfig3#2CVAo!iggMh?}(nD;8e1H+i1j);dGA
z*ZKJgZXcCSjx%?d;qx~OQVDA*;uEKrtSyNz;n$auSRl%!i=&<zjdoEmOt6`>M*+WB
zbc_C?`pc7e*=?Fi?=sOCh$JsjRAi(HqrDOmZz}!vPp4cxJo-$ph!^HV6$FD9&>*;_
zKZx*Ujk93|)mJ55(6`}FtF#NeBQt4v|G$4#Wefs|QUxJf8i^ZXhHjlZ6C=krg+}Yg
zmoIToBiK$2#=u7BuAktqL~4DnZ52d0`~-+AYHO#7as@@e%a=an1sp$q9C%3iGWmdX
zgK9-Gm4fU<-z@U84LX;?kAMG~grkMMgF`ox0~oR7lz^HmDP7_V?zn{-2&}9!FClP}
z$e(*sT*G%=d{9OBdpU)*nOGTgk!<hYd)(g_+E&nsw@^{B7r9EGK0=r@T?gZXS%d<k
z#Q{LUn=>(~>rQXV-TO=p8(dQ2pt&^Zvk<LC-XIG(<o4UJ)qhu;gvs@sDt93i2Y!m)
z55k+mLI*%zLnO3Q9HR7{+Q%LyJ?-4EJRQ*H5`l)Q`}s0d#(hseYT!|`O;pC4xU2u~
zv7Cy!2wKkB&>J3=5{Al`IVOh0Tp2WFHV$3ul2^&Xj1<KTmThX?Vs*|l0O<Jr@$O9G
zUj_22pjsF#sZ^Ex`+*;uT=o8)78?2x3wTcK6x4N)J<<VUM%5VLv(zF#fU?Ny<W4B%
z%uK&Z=Hx6^INq_Nwhk59;Lto}%zxfnyPFm3cmi)eeG-~{_zeQ(5iEC-l!OdrU@e99
zB^W7x2hF_1XAnHHhYe!_{`}em;S+0(s!ZZ;fc!!v+Nb>Q6XGrnz`h*m4Q+qytP==2
z1Z`mN-ZMqH9CnwO@7e^!Pm6%AR){pD1a8*<`$$gLW}Y<g<f=p9RlH08@28cJ4dra5
z>%Rb;yXgsJALAIjM_){C4$-MpfG=S~PNM-K*K?q`_Mk!MjJN)Mb4PV^=+xA@F;RVX
z@%ewt)p48S1IN%kdl+p$Nwy61bAZVC`Q<9K8kn`mvJZZKC|wJmz(ggEzTu=rPk3%?
z{SmAV#bl!^Pv$7b<cz{Kr=5PJ321h3I=eKIqIBZKn^Q&zegv$p#Y}ty?X+PlDl_ND
z*RNY(Bd`^lm5r}+Ar2w{C8SkU(Hn6auq4=|$C;3wDDqt0G^H<}2NgtCB3oUZDHO&M
z`DJUOmh=<Uc>Fxhp-PUn92As;H5rrKd>Girg<KKHve<n<mBOk(MZ|d;#qw(+JMI8B
zt6Xb|HmUK@rHwAWvbe^t^*+Xk-zwReNdy1Aw23i&2n}TcTW*4(AtZKyi2WqcgysV$
zNkiHTz&1^8bY(L>MGQ6}x<U5|MHFK+llRv&O84yN`1uK#AL}zd11YO>m~rtZfLgRh
z7CHOeoQ-UFE6$6AMYVnQt;z-&LwjTrP2pP#RuTa`bBBg7Es*UXk@7fg4@%>Tpgv&C
z_bVHm*OxyXq`yg9MT7a}x9;g+-;7aHjXgQ@T*5Z~(4ErZvVRmWZ#VY)@;$2ArC-j&
z(F!1Ymr_$@yLKHiXb@taW`uA+p!co=?7eHFqohP(jZivpw*8V$W08y+T`YxccbLMi
zgn2X=%3^H|4Gk6*BLra5L5q-U>?(eq=6XzLh7h+gX?Niyu2j6vQoA+$__1N#y113;
zsrG2qsQ9@;8(qx&ChHsq{I-W0ZL~CS{jj<`t9Q9Dx8At?U`6qpsJO1qPlEL#h9Ygy
z{GLBNyJn8dkzrP<m8$J!e<)slZTnR8rZ(ZiXuZd)ZMOXUG=YWL;UIVGo;L8}RN7ds
zoW>93SKT^j+Pk=*(IqIkrmjrb;!5Kjj@({O0~Zb4Z>U~?aU$=Pf)1Q&zP5bytf^Cj
z1Lde^7U^tcfcTF7**zn4b!&Opa<i3GRmU&AA)(Oqy*es0o5cChRR`l2o1b>=ZFp@2
z7wn}4i-ynlb}v3FhoVcca1%+hEYD6!T$VP^b$6!`vdJrrHH~s&3rvz-@&G500SFpU
z5%Qs3d-l+`{$}ZXSKDE$33^Z7;U^#7@hKanCmUU9-T<N@D+fU-@^A?6+x<dt_v3!n
z?<UxLqm3KTBSbFr*F1E-o8gnEPMzwlTC`4AU!Qj~0p-%&;WpME*gD(u?3uOm@!D@R
z$GJTC9~+kOWAv9p@evIY&R>T8p7!Ork$3aMqzM2$rqU?wD<5KE;X_a?%WUw_p~ark
zKkO(9c^_i&ExhJI9_MXTU^aG?(I{_gymoMwUUB03#fx9q7Z5Cc_e#$|vFPyd=;RVI
z;bBTaQAf{@ic~<NxkzWsh!GdFWZOADE-|3KTKw_XaZPE=^({+ZOTD(#AE|C4o3+xo
zrxD{^+0RpBnVsjp;CCDO{26-)VR#IqPrhxxBa<fGD_l!EfwK^<D&RJVC`ZSof8tA&
zRi0UHrE?gX`KeEdQ-t{j8Z9jHr}f`QJy2WtGI>=PwGC3=c-ve^G`>qlCM>jtLym(s
z)srX0!HsenI**2xft>h{mBs6&XDzl|w8-nj(_zPh{8ai{`CS%?1w2Y|iI<>AAH#5~
zkUh<04t-)xjgm-ok#+<^HuO57<*+oEjKkP(Dg`OXJ8z8{3)lAYOV5gm+`+D4fuy4-
z;G7-KGj`F}AEbL)p7j!MtEvEt8G<_j1qKCHg9Fyq;;02Fj&mr?I<_a|Pzd+sAfN1$
z#mS75`&GE>9wGh()d(hBUtZnowf953t#e56dDYZ&U3UApIN9D6d8D3_Q=Qs9&`@4#
zz8!PGsGWEN$QWpyVQ{FEu_@)h!A*-Z^_}~;&9hoU6J7;NrR}ZoavwI?#VhnfALT#K
z=KoAN!llujIflPlEe=d@t^}#c);|>|opF~rm&b>Bi)^$zC|uBh;+NyL+%H*sv9+k8
zcBE;#&x?CC=z(y}5W<g;hY(r~MhHs2D=aMb(f-q?TZelR08b0RC4rW)8W@mDsp`Xr
zOezuN9bt|b7~IebzEeE+PhDT>w-kWUk8doR*`F?9q|s)?=NNCDpE5VblDJUB!&Z}C
zlPuk}>n>~^>^gxi{%`FQGed&UDz24Bl~Cj7P+~KjsH20F3q}r8?{Ax~acAr|P>Gl-
zGtN|7p8mrsM}1Pa;(?fT-CSxqWlAL;*5=q0hM2nJVvb)X)V+&4No4O9lgr1|JuRk)
zasc`ZRu}i>ul{45hw!Np5pfhF7kcyU7q_BTFTRGm|3p;!XSl&Apff8Jcg$$``BQMy
zhE7<%9LEm^bfFo}V?P=ehHXaP{rg85Iu;AdtSOG)rs+@5btp12^4PIVoZP99fD_{f
zq<GFagaN|z#5kMz0X{CNwn5W5Sy)VIi+sDP#BBe*^xmXpn@XU<xCR+yl>Rw^;~Far
zL$4+aox_#=wJF>+y6Z-}>8limmz{b`0R=i<W+$5+6Ti|+wyylk-838aE;BQ)nMR^?
z0b@LnU&VfKeR39;+w?7s&YruHJ`I<0tqQMkUa0@7Aegs_awC1=%JdAGv%|V|m>u~e
zY0KJv6C6H7*`yyWc5cLfMI@%j6-%S&8FX-ZfOz{x5RY^7rd#nO^~3^tO2sbp7MAC7
zzw&RBO-&I}B4D#FT}m}k(B-IM4%;T@WGuZJz6e~Qp5E4}Hnh>yqN523CpAlJ`#J`$
zS^SH1O2c{Tz)&CD{=lj25E%dv4%*z-I^l4BjF0wiCEfO#Lgu_Bc~*H<?k#`*ObrSA
z?0io%rS+g@C+B1$)plqgCJh?{B^n|!;DE4-#R;NmtIB7BT}0^#v}AY*6;$I9y{t1i
z*9M+Di*HUcd8gU}Od%b`NwL2RU!BK>4FkVTQgPS3D$EHwF4}YKm@QmjTo3At_|I@a
zv+G_52TMb)d#9?_WU9mr{%)J_)VcRy?s-HsW$rD*9D}W_Mu)4*Y}S^!K(_E$OW|mh
zj$#|_?Lo)EX}$MY;Hade3#%riPK-ggg8V8?UBzdHReqC7adt(RYwE0o`3XoH<iy2m
za@i~W{1G}N*m`*S>N*YyGPTZ+m;JIUeyH`~n_ITU&faQ${mNeT<VFj-@>HhIZ{6CF
zUxk-pUw>pA(?8)=a1w;ZN_qHA3j&C?#<Q25BdFBBD2ubr9)W2woj-20ZHMxM?<fgO
zrG@zI4QrP!eM8mnyw2u$>%^Se#;;#b`)CK7_Qh(q@B=l8t^Z^8XT#b5^$dEdshQVT
z-$~v9JCmqa{~C>mzXiC!>)Z?LzmA-mIKSYCZU;@uL(}O*nRRSG5hvu$_vk<4JvFb&
zf0gNfwQ@710mJkeuOH6)t4@n|H@8h}tXO#<KCZ|n^yy75*=5X*OGhyR<JjkPc1PJu
z)9tJ})ZV-ibn8ZZ{-Z|&d!bG86Y($x4&ZbgsjpwMV)us1y5=oUm#FrKNY|2n8`Q_=
zackO|reRjYDqSqv0*%v3T<3GQs)sRc7AHR5QxFE*OfG$+ct&bi!sr{r<1a6=llsu^
zq|sp6=+N&+5`*fRlblnx0Fg;f^bZWg0~Ven{44$~ii(P%cVnd(VG%GBfUFjPf8x`;
zF}7na5{pgeZxnuB10Po_caxQcP4|UPL;wbQJw0KC23|zcQSk0ApQlfo77`YAVd9~I
z5Ko8mHyfV3BMFtF8ovjt&~x)xF$Ux60X(In*oH+X(=vjJ-{0WLA`#n{uG}yULeF)+
znH}x|u5w~9|9P4b%3U=va~BOTmJ~ZORZB_A(wi*Jl+dDVA8#%P{i~uVi@0U)ILJ68
z1#18VJD@d?@Smyt-Z7~`zHDFep@6Nu$|(BZY&n(K$4)6h*aL+IM}QN!&V=x*!GoRo
z$Wkh2XNC%QpD}kIF5}9-jQwt6E8l+mwgV#~%;O)XIxT8Ro!CQ8u7Q=u{6BzM2Aeke
z&wj^q&dOoB*IE-ApUqELsJlr|(`v_B#*B{}wA_xHn6DDt>fWeyzU!vuxcjoPp&k*g
z9)br#<sDhWhhqm03_Jix&B#{^vu&w{#$k7{w4&`?%)B>5bswVS7$s&yhdwympUo{u
z9nkLZ94IbFkl}<#gYrahDotqyfTJI!6|WJr60LVZrQnhs8yWRqOoz+21fbMj$YM>s
zX35DnxbVvHrIbND{Ehyi#mlZaFlpy+fvLieBx>VE)Oqx}`eU{Bj6!~U+GmKx3@k>0
zA91wAU*m>VPgz6L%8^M9D>eO5#90UoL}U7*BpfQI$1s!ed%sQT>yIB-`&*<QQe^PH
zjjm<%+Sg>LrE*CkW!kHC{&_&SNKy{fu(I+(LgfHFh!*80Oaw{<f|8Dci2bvn4+RXe
zn291>9d0D2#jT3FEWg5vTT0)iQ!@7l@0J0GRzZ=Xt=%Lvn7ZdPYMeACC^cCqeb6bo
z5q>9e03kl4Ha%zHnqyns@}{-FO}xz=>%%riX;ys?PS@|xyppsg#zy}h+;SxuGdNbO
z)0Z4VTHReF487-71wJv$cre-kInB?nC{7Ic8$@k)dQlmmO4t4()y4YQx8J{h)q^;_
zBp?!1!^8ai<ck+il^`}m%VBvg1r<g01>p#$Oa1mMrJ0!tWoZ30FD9&LtqKoOo2YfV
z;WA=*u5|o~{(_`%-V#4VU$`#?{P+XOT_(^6l?`69#CRp1coFf?fyk^1A2nItg4^o$
zf@ENy-DD&*Af$y)vvG>#Xwz4bdlEB4(a=fk$Jx?{YTfn|B4RB?$1jY<)(<!@y@R%R
z617okBi_GpA?GMsj+hS=-zzB*oYep7SDEwe-r8r%{WonCoo=TxrQFjE$Ba3QtmWkh
z%*ZZEk9#Z{@!oDMp94);sM>90%#)>^jAxOY3jM^<5x;QZ|Iq?P6pcir14laV1QIc-
z3g$+MnTwQXP|}@xkACi~cYE1!I0S|df5l})N9+O&p|6b?^eN~)Hnq{hO(1ynlA(LA
z@vTTquK`KLIWgh2s-ohU)z3y;n-OI}%3DZ5wY7_<timpR`d_d#v=cuVu)XmizVvL-
z)ZFD1Ps=F-Na>*?<E$Sj-v!aF!=vN$cr@+<_D+p^^~Ju`zDHR`iOxN3tEjs+rlkf-
zNbvvT2!dTuS-E|)?PHUi?_>U6s=GZE=jdK^bIC)yS^NI|*$EeaO-q^Q8G1n{b@S?k
z=(xDxKMGT%1v`2QOC$x49wi-`TzY$Cu;_Af@>VK}bj+d}VMywxo@EJ2u>@77s@Cdd
zeiB$gCU=CL`{$ZSvJfCyn5T#|E)S0R^2-Z8iyyl#0v<m<_a&oImxjl~3aq<sdG0`-
zeTG3LIeJ0@yuSs5R;jy8OS|l1M#ARO@_@8!03s>P6bLC7d^kXD2)h)-NwR3^W2KBN
zSdeZQT(qsYpx$;N;U})eZ>deoz5@6c)j@u!YneXYrZQn-70<OSY#N#|20@&>OL;{5
zLYy#V13CH9Mi+Uy(GKU;F^t8#{=!y9i0&L_3|5!gtjBN%%tJtjF@lD?!^U2WP~c0p
zz?R{wgt3c5Ji;0@GrWESTk@hkBoP^$t1hkD+99;hr1raHkAD`1HFs!$q<#II-A1u3
z1ngX`M&dPle21Hyg2)&=2F!`mEBFG|&kV%9=sm&&`_iQv>YX$^`RW0AUcP#TUCmsE
z8rgcdcWpN@nfds%Zh1-gBwm341KRQR3^t(P>N!%$U85Jwf~zZ@3?A{KRZ%I)$>Tu^
z%?EDf>IK?b?dnQ|WJ%kYDKX{)`>mhXN@m+T<rFRbha`(?eg`yio~RcgbGOMGj9(>C
z*<G_NW+@iQ+1b99mX=(KOf7%vWS8MF==Ja0ic2*7!IBSB?paz24lRG`VjcyYO|-4=
z5o+0M%lR1B-h&ZZJLpCHr^Hj5ARFCjlKRf0R(3EjcN&|2|Lz(fc7GCnr$oOp>3-P_
z%rnD(ZJ%m%@KF4r2K~6UqZ87sPR>VMzjbTZfLnA(1VMq@I8`eromsM5<;r=R#MV!l
zpG9IY;e<sxI4PEJcJx+Li(5aavCXnpcR}|r-<{@ub~Sa`aIko3){s1~6_FSSFWMen
zg5&e|CJBq-2#2Y{D-GYBlV>W;v5~tP>juH-u4~(23iZM|&U7!Ts3EPDsG5$#uyGrn
zOaBljWRjz=g~jL$(*~|ccKGw;Sek{T+$6Tfsm3Kt9!yHerr1{41s#YHP8H`bH)M5n
zDgNhNGLP%D1`H5T6&?|t)c8+3uC1%M#qY-lb%~Alsn=k3khOx4OGznMv6)e<hHu|&
zv%J#ND&sBB!3tic#ITDcz&x|nFvmHynH3M@iXvugavLfTK0%_}q{`dhSxXFsBEjbj
z%qtzIth+<=+mM=ZlHaiH5wtV`V#sLNuJEseyGQRh+<L}gW-hj9GjZue7WdErjU83w
z&;bJiHe8t6zl)5_HILdJuMaY@<2`O(9?2zf9V<*!%2L#}=$M|756udr3Yd9hgkW{Q
zX>!)A69&YW`<c((d+gZwWw#{hT1OwlY@M;ash2Cm&8NlNT~S$oJnPqcRjyQZ7thpg
z(@adZC9T!78|IiRRph7HeR68N5bilI56KxS<cSAi2e010Q?e$v?rES+BKY1ZAGzf$
zAHBy-Dy7*O24RWYV+Z(ZvLbk5PiU?o(~TlO<0b)?Sr<@zd$^gaP1?na>!{`6s=SP{
zDe$<*$rQ_p;Z(5pO>dTc+TGAwHZj!kVbZ>`rlgABCCC4(1>m~|c(!+r!;TF4QOeJa
z+EgVHvLe;S4i(shFEB$Nw|=;P^ALXWzHP0XP(tW!^l&!lcOcitb$tvsJ%;)~BDwqQ
z9ZIR~^V<qYQb3Ce4$sP>Mw{SSS4_FgnEZ~Tvg&bjrBmC@T@FQW1S|?zJ6OM6hmf5+
z5hYr)JI&P{x6ONQz-t?>e=p-|+4IyMjPh7`Dv^ni(`S@CXex-99rF*v3VZr-Fs4Ib
z;jyxwNjhwA$^njFPDYgxOC<&Y;|mE-OR~H+Gt*FJeh79=k-i(K@#4kDNJH>XwXHxV
ziz88ZeidCfFu~V0X+qKyCb(SWRs=<!)4vB3CxRU<ug{N-&5xSG4zYVX#dq}@S<)TU
zjq)&P?bE<%2NNr6YU1W6P<guTu{f1<vv(4^pfudK$1tlEmBy=#LJqZ<H<?Bn**W-1
zGC9FegftAgJ%(Mpspv|Z#fx8)NQi3*Y@IL}LEwDlu}<LhU(Vaug*>)stls~#uEd29
zWNf4dAAEbS9(2gJ=?f~5-A^|P^(x94kV}F*P5ZjhfpZXec=%uF*ds2ud1AkyPLEH;
zUH0VIy+R>^!Ni}Y$}sTSK6m2_6tE%h-J53~b^ZS2oVDl5l-kBU`C|KHWJOP&^bxyK
zIGgUE_iXdA?!S?c?F<gap(>}t*r5s^=oZi(VG}r1;fc;oX8Kp~F@)6f5sM-pIt-ED
z$$`VvxDlG~D2t^PG)T_-EiUR#%od2+EtvV(!7d=uV41TXjBL{V*Q8iWJF4wg8&`zA
zT-cn)N%v1hHaib89~Ro_`<Dh=g_Buz>Wi1mUeaQ;(aUJb;DZPz36kvV550QBAz5%|
z`iV3W8+_}UUR?rss*G0jc`k-k(&J>|abNZRy#Zv7=ZTyM<Q2d;WxvykS*V<P_illx
z3|qZwLi=z3naUFB-SH~r0||qZgmbbHq@(bTI5>TB#swZA!^zasV}1TKaYgf;J5?9c
z@+sZoWj12wx<3zE*>A@VVaA8SU-!JzW}SEc4RYoW1<`ouD(!~cf6EBhMPOpQrmhWA
z*wwJ(bW>#yGdQ6*SuBwdP$9qHU}~Dn;=ro(T}8zu{(aJ&fyQ&V7yxEzMBEs9JVKKO
z_C4#Qp)ymmYHC7GQG_{%X`pu2ko|e4kq15-!2U8TReFUH;TrHkhm|X5M(7PNG*qiT
z;q1j+%->gAs)qOnVeY@|j2<c~&dZivV%NHJcEU$bmX?#;ZZxPo6#)Z*0wX;8NT`ej
zi=qm%U*Wk(uIaBGfP{n@vO_w8Uo1@&b|`o>Qvey+be%eOgc_xRMdnfV>=~nyMMz<?
zLKCH^ncif!H|fCiOzxdKPp|ayl>VPrTY*&(x{_U}R<Q1QcB!A31Unr%TkJ?7Yz)<B
z_wP}1C6rGP**`p?^WRT$!x80as$-#8Lxek7uNg4m3?+B)569bS>|gp=%FFuipOjef
z_VZ`t$<xZ2lO8i}+`=e};)FTEiy88c{{9iAp1!_qEK?3zP%?iDXjgR3ZLr|YX<b3V
z_8`$d-Z#lj;=d0?7g!PP5+yz@j%G3CPLxG(j*vrZq{6lVNF*~Me(j{)QvdyscXBCU
zK@<2q>peXuLyR$cEg0PW`wd-pXs`fMXhdf_PS$DppXX&Scuu2&z%bF$9pZaS3TH<_
zC|1XR1IS98F*!H)KDI*bKQoyUaYF#(<;2uD3cGGE*oOroKqcn_!{DU}PEZgw6b1Cu
z(A<AO%vheV1y8Z%YWLr-s}dJ@!msg~_{o*V9C`HFvz#c@ogTub7_(;RUrBkwTGe(E
zj>mC`!gB!sJz7U_hM)W&1aG730lB5han=hKXp5xliiL;^mhu+UC<_Q?)eoy_h-iQG
zb#=$Nzq<$3L+J~xtRde8`!#-;RzRM6={`^A6i8u+=+?PMjO=X}alh~0x%23VW$nZ6
zCakJ--aawQg=7Vo@VTXD|Nat*;^A~cBcGn*HE7s`K|io0t}3Kig7QB-orn~s5fNH4
zy}sfgd(mXTkRiJ?q?tbzA)+;v7M#A1kNZYd)r{tb3^|82YZjM}ek$qbWewVZnQq2t
z{u)20baioTp-{%Zp!(fA$kPg{YG!>|zB<E(1-P*S>-Ny)k3NQt&8+Fg3>+ptVygSH
zeI7J4_w0=-_YZ})j<);nsZ{6B&Y>)aH*IQa624Q&0h$gt?!gC1swIc-Z7>MFL?zh~
zlZOy;18WGh*e2iGTJk@u)5K2Wa6aZnkCtDe&*n>@=z9ikMO`c>iIcA*+>6NBYgrBl
zC~apQBR?psn88I8jCAFkpK*Vrclc}DUy^xv{q#-VQE=OhgHH0mO@0Nn+=nxk%ku}P
zl#!OB)giQ<M2EZw4~jpjkYJC~1FK44-xU*_yZ_JPCuQeh#K@qVOYzP-K7J!wzx&Uh
zFVvRbiOy+}j(it6ap>^Xn}~NoJ}fIOy@?0Pw|XllhvM@$9sOKST>KI0f6wV|jQYFu
z@>L{+=SrOW&9CG@E^$T&cSSv9j^NR=rvk6^K-CUjHnd5!vmQ`IeX?sPpq!eLp1EBo
zljOpM&v&ofUGP7f%!_V<`xP<=qb=GBh<W-F(%j0Tr}YH$0Fb%v{hJBP;wuq%-f=TB
z=Zv7)E^T!LzIpsLJ{5g2kb^f)ZI-S~*3pjOjmxBx(*&EY5@z@cMRT~Qh<X0PJzsM7
zN;M@$@l0kM9g=xOFJMB$*6x-&x9qsU!}4<~lIO*Snx!odjT0%Y$#L<|-wyGczeQzN
zNiO_h;y7;Qd4l9<IQeWm6d=D9dAwMYm(PS}oh14wVl<CtcFQ0GaxDKu-du`V67C#y
zl-C#U*6lmu)4z+sLJI+YJj!1_-PpKP4u5uW%6?<jPCQEnPUxOvyC4yqCGy8ibWppy
zy(H=mP->l<x3f)4ddJPB$H%&zW=l6ZA8?cSmx(QLYL+AY3BtwcF<bsL>5Aicxc~H>
zjjq;q%ZPynwqWX$DuHqN_tn)GY*Oo3J(L;EjtRps75;y4G+1T$|KVt$A6y5)^Z&=t
zz<G0M#?Cv;^yRodSt2<M42?VXEP1(y^HHnFNJ}#(yB5v;oyFaPR;*d0E-&v<b-&lO
z4+v7C+x_2&$W4!nv>oRD|DzlqDVF#ayg6V4&Im?!ODk9TUfcloyOZ@i+4x%~^w$md
zaZaXc2g?EWRQ1{9XD0h^MHIIK(ikJAB3oOQ(s>4RSU#+b=G1tp@1I_61#_1g+-ID-
zzf4ft<;zswhjo~H?=*1#v`n_rVvY#`lHY^XlX3HK>z;WO3%8eFLU`llb#0N(Y@~wH
z(ihXxFgc5UL=z|y12W--iwy-i<URdv-dMPID)a^Q-1n(CXz<%<+yQ~sO$1G2+q3W%
zXpR^Wesk%yEsZ<3?1R4Ke6y$&A2Am^5gQk6g1-9No^*&QE-yGG*DRGQL(s*649(1i
zi61ak2Vju0CfDE=_Y1@{@IIm~YXQU2s!HzwL+Z3SkQ&Y3V(Qd;v@Kw_l+-t>zrkUw
zU6kxLh<75`enLQ+n{x_qq_O0Bg_z=!Lp4ER$jUd9rZT;KV=!EsIO-y7PMN;n49>}z
z`SXS)h`awaJZR#ZZ)%6^pJq}2-Hq8D|2xWGCy6Fi<bUPLPvl4!-!ZSvP~O%S8><d7
z-|eghmq7gzxeY+ZNImy3$kU_hZ;Ztu3{7clY)aw{veLI4A7E21q(VtY@&5MiqaoXF
za;hSeQ*Zy4d8Vf1q@m!Aj-FobiHoANW_&+XW&h~1FYnnca$@uW1A8IAt9|o^z=R|>
zO_i*K9|6`^Y6cJg!VW4+8#jLZe%E;`<;tkHduVcTFN?njB>!yV?X8sjrk^0olW}qW
z_KPoN!H(W(Jb=9hn?~u68B-eUP-)5icV-zzK>v#~v#FY};?!s71M!bL{II)}j5v!g
zDZ%jFllK299JXaFM?S|?q{bMy;LbY)VbzrV&fB(Uxqz{XYXF*JyO7u>-jnTg>h8wG
z9yaB@v~&*TSIt{Sy>%`tVKnR1OuE)hF_m<5!O6f*agj(|!-L-RBtM@xcl!Q{hdh6G
zJGH@l;L-Zp8TY#))+@P4$bhGm0yefiou#WGyuN5kYetxxxk&sU{>rI?IQV-xq$p2L
zBt~jxrhCk$%Vw#4MD}V5K6!`3!~ZgCz2>DP6q}TnEU=2g&w;_Z87qcfDU{e8*zV1f
ze#XXaK#M4VP+~+!Lw+t3M)koeQX7Sc7!G4if6S83jnqL0(XcU43RDHNvVQ4#73;pt
zPGnTlYL?}K1)CT%{gcgrwBOAUkl*_H*rU<w>u1lROqv}@xnePfWkYizgejped3t!7
z=Urs)A~A-@^OkXXLyCK`V8BvJooX5W&^gTf5>P@srV7V1C}Xi?+=^6=i;rq<-&f|j
za=P9MS@$J>jvr*x+wfZcY8XO5NDev_T*lIofI;fUZ=IvBT^8Q;xW3DL)}qr3t^~Iw
z+cYO*vOA-te9`neO^k~+6!!byv{b6a@jb^3dZmwcnEPZ)Wy!&Fg7D<u)IWEanKV9?
z-bntiz8Ub^_V?C6=jb`{Vq=I6p81`g*Ho1$#c$m0H+*=3(7(4r*(}Qm{9CE*<iGf1
z9b?I84fIK3BvY-KHKQ1#NXh!Z8OC}G7WI|hks*}<GnIIPyELa+>1!_%B>`5sb89aL
z)eYV+VBXr=!TD7^B)M?^`Z0*Q1YmZ?(OB{no8jm1_E-a2XoH-RPoU5xfD$g{P6sMx
zbB;Sfrph~7xL^S~V8ZaUMvPd;ntS)tt)JlTT&i>2DSZ|M5QVLK`Zd7ox-3h@t`ns}
zXAxShVA@4cG+(~lS9&?#hhyVj2&3t45Ef2OgC5<Vls~52Ya}j{T(<bN3;YfnUuCg}
z?1*T`Njf784gWxQYPeE-tJTg_-sGt=A0a$-#NqtZSJrl0K_}$IB{pxLU3HkNDczU%
ztEYDv@EJ&$HnVfruC~;9tlPcItfq@h55_268vI?zW5E>qe6qf_2C;)mku0{Lz`zZF
zQnas_)KD!CRiG{g=(O=3xc^s0PAC6xU=vKWkT+)#K8wbE&Ka}9I-;h(@vHdiw=$5d
zAMO8ij;S;r;fljU6Xy-iAH=@p4}B<|Jvr+BH}nC7YJ!R;unM92X=;88X%y~N_W|-A
z*X_Ff7Hu`n9sc2{cKt2rFgI*SyHnjUkA=txC@63_GT^IJ8)y^VJw2KF?vwBkSO#%z
zZDl1?&S72?>d=c7$5#we5nY1PFwO-MsCVz))H1$&N~ExYRS`%HyXj2*sXrdILhC7{
z^vtV3m?bBskZ6{cVs0*~Eznn&lM><EyR(+(hyXlf+BX8<q|{XXA7kz<x*FJ1K>_cQ
z%}AZ%h1qPB&=l93_UBj8vyao#5^N&rxQ>r@wRxx$Z!=kS)ApeXF6hahr3qGs?D3N8
z2D0lEc}A<^#Ec%Qecbs|aG%K}riIT#H3vFfQM$$>c^Z}mi(iC1bog2Oq*L|p+fu3v
zVqjtywZ_vXU@xHRI`K|?mzGiU@AlHXH&RAI|1CE$a#3NFt^PIKHR;^d->}{X$frse
z18zVYPZQPL@5S@61Re4pGk87-q=aA)0JD~_`NNT~G+}Dy*jQOv$sjX0n`HZT>czK>
zH;SXe=eJQ7wcn1Q35RQD7-`FI6%<_H@<e5NE<eA$#G8@re?A0@<JDZrMwX7^SB{K$
zQ10_PF>B^X=?>MI_(3r-aNwZ>7%D~r<A)Dl%d^I7>gG*|{7JUuHJbxjH@GoPe6NgP
zWg4U{HAvhyyX>a7UHu<pYQ}}js4bxZFuA)$f+Nzoxm8}Jv|lL9Hg5ch5QG?FAEG1-
z3~V$+j{S#_$XE647xcfse@#Ys-FxMv%WOA`#QDTfF+Cv4#Sb!J*}m=8Q#!^Lr2fD0
z7U@aw7W+R~e)bLB9EGBQwIv;e?n<R_b-m>XCP0Zm<t~Kv8$bRxO1wT|M=r`hYbQQ}
zY2QNNf9B5~F25w`JZw+PCG1czEKi-DI$M#d<COE4_$7GF;iJG8Ez@<`2qkWwti%p7
zLa^eG{Ar2v%Q?BYz9H_M%2Li@$qDdCSY6m%aKh-4yMsgwa7Pv}O~;-FbH&>M6`kj1
zI#{nV9K>YQ4UgnkCD~r-rs;3I$7%o1Q6@4=`e_*x7I=Id=TWtLI%2$>oXX74S!V*J
z&$ZdQnRW=hrpJD}F!AKFR2xBf^Z2pFOYi3_RO+clnsG?UE>vI0s|kI<h=pIx(9rQQ
zYt_?k78G=^extdNk<&EE$W9lEYCnB?<dDpQ1ldifP+QJb93;wM4lqgZYdWX6IQewr
z5{=XvFffhY%G+eF84O0v1O~iu{d(N$xHdUaXH1(G^=e3ukoFxq47bbh-#DOuf5#;Q
zt@LQm%Z??^*?C9eHDd~-CqF(tx$Cto7vzdG#S;ThDqF^I9&iHSk>cU*PGr?Cn?xhG
zx00z>*Jk~?Q)3l1^UP1X&Z#$Vwn%(=&h#AL=KehS5K|PE96vPAlVC1*hKtM3wrjk>
z+u~STj7Q;u1;JYLxxwD3{e(aZOEWszD`)8l{`TQ~E_>!6`}f$qb?cM&fE=ghd@ZqF
zg7z1l-iP#8q<G&_oSraOI|6v5torjWX-P>*kdqHx{LU+4=q*xKPNxAz^ix;58u*rm
zgdv){y5@e+yWG506r~yR3x>|;*e45}0W6ahEBSh96NhMP$E}@I*X3S`q(oaJTa-%C
z7EIutvWyu$fa}o#Z$?I=Y_MNGX%e(iHH|P1E(o^yK-veVGyK|k&6>_sANC1^sj{KT
zD+@~l1W_p|A77?_V=;uf32SRLIj3BxPz8hcPNjRt+lJAM!}+)8ew0|T_wRIg{$FGy
zbO3K3@fcPdjVmoZJVrhG*+Igjz8zhp;4$mlR1w72tDvZeklF=or_A8Z)%N<_!K;LE
zzz?9YZk*wq_N3cmH!*NOGhCI^vMCP)>lht7XJFF(Bba<8E=f3?SfWTG+QP2?-s4i&
z+}6owjaX{rvH`2@`|S+ADw6Ld-^=Zdy2kuLS4BTp&nU^TD4ze)=E_pLZ3_~{#_#Bm
z>Nr_a`SPl5{<58awYX(R{;`zSb$+Awy1>{g{Mi1ji_<%WZ~Sz<`rc=635l#Cjyb%1
z(MSe~xTsJK^xvPyjr?4g_Xz6~GOIKlL|upq1`s*Dc{iYAOG^u~%~dmJKBRE_H_}(n
z-S1d14}?27Bm|!j!HbeVIUp%WzzeArQdbR@$dJHB{)%vW3%6u-^$Mk@G&|hn`p1&H
zZTnG8TF~3KeYb9<QjD>L7oucPRZ-y(&m!$^)PxDwSN_H|l0xv}^VR5kDI^)18aZ+#
zBa)HdCAKMGRI6!_jZq-fySGdZ|2nbn-mz-4h%!Zkc&YRFGgPN(hR5R1oB=Yy<Up7T
z|MSPo)6<i+K?{ebI&J+mDww#01RMeUgMwx(y1bGzp6hva^*jlW4HlU@*3=0Nps|k^
zIvYF-xr%)$yq+qI?|8}&Cxx8q_HsgZH)BT6nHOI^;EM93kZ_oBe1+0z$H%7*&0VPB
z&o{{^;+syA+b)3H`2fhUu@rVyy?-ybLC`5;0kmHnHFUv6lS3;tw|^8YrtR!P9$tjt
z1Y_@Utlc)9&d%14XBIl9@LD{Aly9D<5-A;6?aMFOY!w_yoAe)`M8RF1YW03z-XL_!
zuQIRX{y=6xfbp#nyQjyz9aGL^s*;Kd18*$1#KhMfB<z9-$3~6J;^)Gwet0ZMh#+FL
zxP+C8#iKo!n}-Sby&9nfuVyfihG3(n0u)d<tCp%u7#!fGQeOraBoCACf`=X?2r3+(
zL0^T*h_+sPL_3M2(OoXt+DQGv!o#LRASljE={`1Aa@+Rp?IH_GpFGKb@Ic=6BNLza
zRC8qGY$N>u(CLIU={j2(gC~oeH3|u)Y0y=|Zlb4WBhO*-nCE@{#bR-;wIBK0;I%jc
zGBku>#nfJM+tQ|0XOVwX&z}xe3glb^h!D)$dVCII2I;ZPpCrjwg-E6t_zIrY&cvFu
zl{DNX8-{^NV9!j+!JvX2L^sS06&s}%M?&rd^P{5%85y0-v&Wk8@`9l}CzcaGeDTzp
zY5B(_PPzVzqo=)Z_y%x7oGDKXhJgvgz_``??huoDATE<f3?=ac^1af@yzgFK5U%0N
zZSe>h!ksYz&dOT+w!Q`yp39L>C#^}@N#KeI^L$JexqgSeKuH7)m{#?J_KY~Wi&Z~p
z!x;?}dvy&XJ5Q2pn!0b;3t^H)PtVe82J_C51<*s~c#YYl;h{6$vu<8;`elMh;e4P|
zZPS)qT0VK+yaP24Ik~z7oQ{td>S`K|)YVHCEqYm8oXe6scD`$hG5ls?;>_45oFSaJ
zHA54q#7TptjE>sCal4RDnbEbuSW!Zv_g#)Sk(jTE8<;PbN}7LiWpeZP5X9OP)`SFL
zIBakt3CM+(g@~Hi*ixIV4PEson<h*gJ(u5o{yH6Fs9Dc00X<%jm^>zP&m;ztE?D+Y
zi$oy6_!H=D)1AOTDf)wudcjTW%o*ZzafDpG`g~lRBPQ9z6sC3BE0p6HQGmzXUS6@Q
z<?X8E>IV@5?;SF{UHuz6J*L@*4IfZbp6!d49?6Z-eeka68#ccSl(r@HXKzszQ#+El
z$Qi<^7~m4vE_@dV%ZAp7|Il6#bbvvuAJYLfJQM_mHfcoO%_FCiG|<RR{`nkkAesdQ
zI4$TPYthz*VgiXLQTSBuw>vCDRs_(Dy<U3DlMSoHQKFoSyLZdXn2|5^#_(?0!KYSG
zU?N2&#!snmqJ%_|+Jr402nR8kFzw_tWSvSE4{t+tOe4;7t9lraKp9vwR$|*)-0a;O
zf^duHaZs933iWugb;}kky-0^=Nt2$yKmY7=z}|s8p$#D~lbGY?XXV;HBGH%TMi-S(
z2c~10i9*uDiI2fJ=tzp)y-y#p`3BqiCtC9$9|z`NtJkjW|J4Fe;!`aMX;74-X+K<L
z_+p7?%kbj{`S$A%r*e<pk`fxeoMLP|eiHSsZm3uB>FrK<4O<)Xnid;t7c4=BTxtR0
zBcKi@kCo2J#QbEanM-n0?pA0l-UDgn{0P?JT-!*j_D_vw28x^H^b^mCY^&_nW)~v)
z_U@g-Lk`M;LgNs<wtf3e1ZN~p26tl?t~ZIZr*>gmjCuetR29m<5N~S9i$YtTa^QLk
zXacGq(r+hsZR4sUbq<Qa7E54Py&lsT9KLyTqE|>Ecp>-*W^;a5E$jrUpR*K1&fT5-
zR|gPra&4G_;XL5_xx!Szk)u#|HXXA2OjNuA_-GXATk}}+v>zGFK`2!;{kbQ7j9rOC
zZ5?iu>^2hM5HJm{8SfqjnE59^aP^N%N^Xxh|0+2@h{4QU<$ZEub{?_^NPAU%XXuSH
z)MVpVeQ3`E?%2LvfEep_gtS6pd0*zr(E(nMkFR6Eci&jM(L5_j(&4@`oQGpb5VA}U
zk%Y-A@xc8JFP6uQaap|@%zZggmVEUPizl${e)cR_w0wjTEAqq@FW1l=JH#d?CaYI}
z#K}cVB+bx0Mr6h4Uwwa=w3G8{@5~IDNSZsnVbEomaCuc#Tb3iATrjCWrO$nw^bwW<
zatPBH4FhS3Q!W(1sGCm*wcoD6awUEtC1u|73i3e6LR`12O_#f#sgw~TYKB_r?7Ceh
zgaAA|MqDs&(3`%P4xf+$A$yYI%ry3cBt;^|osOeagu*S4n`cw~{iP$8uUJ7FSW#7V
zaNoYZRjsaEiI2Dv?Ua!KU%qT}Wle8k1HNh>VNS#%KdTel1uo-wV?B9c>q&Kma9SKZ
zE0&~2A{Vc$C|VnH{=6ZfL71x$+<=!}Cmr?Hq1#QEOZ(1o%ke_MP*=$v!l;&&6)wpQ
z4g|n+IPv9b4UUzkUoe1=C?tQl2n`{Z!|Ayxd`}atN0Uho)*w0oS=lN`FPeT~QvVjt
z1qyETkfo-a8h9P9WuTrNtQ$N2?33EWS882z_vXE$^m+E;ML!hf2R0cl=1!x#zJ0ia
z{($rVJG&ECk0jbK`0FxveFyITJ-;FYuKm5uBt(AHA`6DDT2=j2<r+r<*eU^9))p3^
ziCCxdgUog#&`QklSM?f_?FBvy+TY8|i(eJIXObbsO!YT8vCu9!I$mYTPn*{H#4JVq
zBQ(j3hG8lglK(6oj<TmPzaIXs`xgG6gvnKMy7_)$Vq=$NZg^N)dU%##>O31f2(;03
z%I|A{b;Q;%O|7D;3j1*QzyZ;T;HA{wz#&|#u-}|vC!yL2h-_LoUoYYhjNWl$UjUn*
zlJ6xkuJ4K&dw;MwCU&qsx|EU<UFg^pvX{~dxt+r>juTF`Bj)5n$AeE}YNxrq>Jw{P
zDR6>UQ+SPrNqeOeYbHbC@dTbcSr14DP&9M;bml+b_B0KdF?DJa-xjeHWn<3R^NdlF
zQ^nZ;NwI8XWM%QoKpheCXtENKeq4c^Fhu%1E#nfp`{+@(vvBAVAwsCs4zLs+0KW!w
zWnKD9ehu{xwa<lx$!6D{^M={8+~`NSjUpnPoSm6w`N9(y^|IYV^Uku3UUdK2Ln4kq
z6?gYBJ{kUc@|h<v>A-5kRR%8K-yxkc>1k2XzNTW{T447+1S9|cURzmRy%Ag&;_OhL
zj8rY&C8!E}G=T7xyLVyx`7=)>-)o8%XV%r$65o{aG|;qfJ-r-Tk($h<Kq!j_v5>ae
zqXnQ{{q!WZ`-xeg&?vxC&Ypb_;mVEQAjKVoF8s#qp)~-7PENgzyq-OHu$nUY^yuC}
z<diB}jb$2{+NevHbu+HLo1`V*<rr7=(WBBK{f!KksQ5j5cPg<r<~`s!e^sLsxWnl`
zxx-hF{>>efD}|ie28y1`mx_q<F<5qzJfDaez}jj%IWd<ttA^_)*QbW>y|+lnELiI5
zN-VOrk7^Hu>7z!SXXPg(<XmAgAIiZAEDfz#lLA~cRV?2<&0`OdjSnp>sW1jiES>iA
zSj6f9nTLXNZcDm7B}g2FiMWoD(c&M6dmd3s=}yiG+*6>x{~vBM`UgQ_i(DA^zA#-R
zW`Jhq2?MJoOCoDDayh>_Zz=o)clDy(rhS?Ef)9rAO|j(+uaSQf-KFNfFjaQ!81N|W
zdRCJs-=_Pkudi2@k;<xK=}SlPk6mMO`Y=_$mP4xi^`JS7!8?sQnwdGiaN;(}5e6n3
zcvk<cCbs3S;%jCP2?shtMS8^zkDki%mIO|TuPoA4StJsvs%DbvKKj_JvM(eHjghS8
zu%ftTv>+7F+dF?2M-Fu!wJEAH(#D3A?YW@lg3$N1l5r$o)!@oU0K0z6lmeF#6-I@`
zmgQ@sY{qWeaddsppd2R1V?f;xPPekQ?n9G;l*F`vfS@)+XjFClQRGV03zYQ0gT<4n
zN!hTkOIKZxL{g)|nDNe?)030<oIGOgFBl1qNn_QIU_j5>ydX*bdSugyu7?igfk{W9
z#4&%s2_+IE5=&Xh({4)Q_kjCgTt6|!lA{kRSwIil9~2{cXpULMf0ofs9O&owGhoTh
zI1n<*Qx})5Z*H_JY)nb)ZP1`Txw;~|!NO~Un(dxPU|!h+q*{9@`)$`bhvzzWwFn=E
zD&!XyHsB8}*Rmir8{iTY+Q;R`tJk-&RvR^B(TBP^aFYI`jR^6fd9B%~!Fu%<^=SXt
z(`~F8)jJ}ZW5<S+?GR-UXt;apGh(1x_X`Qa^aneQ1IjOhn~iJ;<q88k2P;omDNq0^
zD$J%HEZPN<Lcx3H%nFWhP7E3`#0GKm>Zr6Dq`18R>j{T9FgTiDbv8PB)8@^~lr~^s
zeC;MZEtvx}*=#YYCZ2q#Xv>#3+vB=&haq=e_}ZPaKE#xT6ue1r%ZC8PO6TH5k?}wf
zqx}PpSZL>7SaSkXu2zN?uM<HxcIgd?Iexgjh5s$^8k8t@sJ3#msi%dIn&ju`;5qLB
z)z;%<^rV&&_2Cx5*pkUVx=C<}d-m>3Mt$$svv==MQCXJvRysc7;RI`wzI&M&8+I}p
z4Z_a_wzfkmmGa!RjmGbJXjW~zJa}>686yT|eP7kZV-&lNPh$s;n3SX=zIWq>;FeL}
zX9c|VyuoB0X7L;A%eRi-N=3j$1}B-Cl0v+vtxI5=6i$z(<ITuO?<PyHf7>qG=LD9r
z+6TbUq2{aJz4NLqf8N;GNY4P_X0NxIS3O<d!^Qf~?gXSFj^JRs7|z>tuw)-8G~yay
z3prQR(!<0!Fn9B<5yEq6<@Uu*<QiuOoIXuzOB6tvuCB74eQ=WzLn7Hp8zulW1}>vF
zduunv)HL`CbezoMOrOz5zW931@$g8All2)Gg-4Vx!}YsFoRpX1ZqnaSyK=ua1W{Z~
z5(fPy7Sq9PGdmN~XVtaCa9;Xb#}|c}GbTj=b32lUuY==>d-~~NdQX$w$H_<bzUy%2
z+b~_5r%9GOrnN&VAY@cStO5lnD40#%Mm@7zMZZhVMb2o3;d<_i@&+ar#-v$qu}^9_
zU=#J}cx9v}@!<Z%qB+bMNikIV6Jj5(x*~SAuFUVc>}0LkCx^C{fkJ8eqmkBn{hse>
zqI7yjhEL&1`t^sSxuG=uamox3Yx?ZR{kP}ZH#oeC4A#FVg<(;Oqn!9&LBVIv1!T}G
z6)%@2@m;>vdf9)&u$F}lOK-K6Og?>Unznq>f=lf+zcUO{s6ac4wFDPP;SBMlNw>G+
zE%~-Fnql?Q3w^}eT3S=CDHf`m8f~>d%8@ovI>h&>#)|sEhbJ{WPx-sVQqJ4Ogw1g|
zwV~d~{#WPb4cw2T|K?J5@7k4*T>p5*?+-7od`7fJ@BHP3h~CM@MVWQH>=_^a^`2U!
zJC!?r^JNHQ9W*WUB7AEY_<c?ISxJb8sK-N1q!Xbc*oR(g{mRp^#QhaBewALtLm^$$
z--31P?JW$<KB?ureJjggrx3^?(uBR(0Od<xiWe<8iflozS29*ys(>}8l>==**fb}<
zy=iK?evzg>rpe-|UJ-{FS|u_-&A>xi^8l%6fH0t3JAW2|Ei4_8yLOK^l$}^Qd#Wv-
zg6RvV)=mk`ufmBtj6M}ar)f>Y053A?><t!wHIgrSGFtV-+TDfwzU#IZas;>t@Q!c<
zzkSiD2LVAw9R?q)MXJaYyD5^i7M$Hfh7G&@`SZcc_K%3Hq5#PRUglfdAS3j9^7MO|
zOOv0o%fJTz)J-6-+aDfYxpkeOeTZ`CIkBQU{c*NOHP-7*<uQMt*X6`8lV)eo*s=#5
zd^1scY5H@EiNt@wC#>w>KAGD&Ks<c-1(=CBEB^R@TlMPtR+3le&+DD~H1+$c+kSbD
z+$~rjG<{8{#Y0@*(`v~mmC!u<!SKX7nhHT-JLHSPb|dTqoMTWK2%B5iUo05Bio|bM
zXy!-lFO3R6nfAOU#ZE?|zn~R-zWN7)<fI65e{KBnaiMxxsY35_ad98ZQitg3%4OT1
z`f!d?r8NJhZ^_iQMNS;BoZaYnK?mx4A<;L`ru7P63L*%1?wZzs?A}y5<j|0HZf-nc
z6xBN&cUo^Z5vi-MadfPysA!0p@U)}^vLjfXU!P642_4e(aZpp${kJYH=v^U)W^=wT
z84{3Z|Mr{uT<rrewiWyD?z}>*v9qJ&jcmk13~3+9Ricyw3ZlPOaJ`wiCQU64xZY=G
z?JB>#sS_tI!{3X8k#9;CGEGKC-uG#K{;q=RF~>G-ru3%?<~nXZ8Kb7myHiw*1qD`8
zic3rkEsZ<<YyV_>Ll4fKqPv%>YEtI#WqtkrU8Z|?uoxo-0s_R$j=<!=F*=_4_6<@#
z@`U{L{S@p<ffaW{#Zln7Q=L{XU3!t)g`<ZRooa1DX%$!2&}=UetW|k^GjiKoBR&!x
z{RsC&Vm}`|SVRJp_}<@;F|*>2oFE<s-V9CheN!u=!=aqw=2a*^xci&TNF`xMEqt&1
zzG2hpycKwb2ads+ky1)<u)+pw@Zc`px|vCb%vLaPc%UTZx0ge|PoE2?PJN+pJESX#
z5kT4o3ybh3vuiFi43wN-H(jIlL=ST5`A3+)g*!SAcx9K)SmgKebhN3OSnXZt@}r@_
zNdd5o?6L>N#ot+I)S7DDs+mcnrg=MZYU;<yhx(1A#`Ay7`3bwpEsg=yT6_EAkK?%_
zwN~yZzhES9Su|a(_vYK-ZoB()@?>HYc$r%QeNaS=#)&*S7cReP{fpT94aPYbz4BTy
z**goWm!!LQ%(=+BO`DDIq~?eKJMY@<yJ~&<%br@ZAe<_@?gT1i1d3UdN!Qlh7TmV@
zkGu=Yau_`l*`_5+p%y&2^5ima?-syjEaGXd_@9}XAN9hDvw`mgJ~BWIcgdL1+b5<>
zOfhCfaoKZ;B5nXTDTeP3-*KBjFd<cpqk(OiIJ0jva-Q$yy%ySRNK8l=k3$Qp=Y>1y
zQRe;Ge;FXWbK6$C6xz>CQ<|=y?NQz7R_RcV!Wau}+D*tl1=;1vi;sHu*J`;((@Xvy
ze21mB{ODu#m|^faytGbF+ik0!;qbFZLBz-@i-W||%buFWu6#adfLZ>#B?e|af~2So
zPWFFo^mw6?vNCl&Q!8F)xA=zxtv3~WSn|aNJ#^SLdt^7j2-$&uK1U9c@NlKB`iE1J
z3)asdzpa#Ih6k|26Qk5@klB-ln=dmXoUk~y^jzv_1MV}rkoXH1w493#-WSMgyadbV
z${)o#1D?72N{H5iAc7r3?|HCt&5N1f1gjn%Mbz`2**nmksw#ba<_%8h<h$_AGrY*l
zW2F{z;X?V-IRH5wSQG6e+O)7l1$eQzy21SI839V<I<I&ExJNaywAh4Bzju9Yt<&=5
zUkQn*?CO#q04K|-bLLDX3gCCC1wUvxiS!l*Vn~CfdZsi`?n-<JMLaIi%a`M|S-EO$
zBMNnaL6Nx8hRRCtwJ#jB&HkYonZ?n67sg=9Lk*2>H<n6F_24?A*m!{48d`-S7C=*A
zP!9Y5Qs5~H1}2E<<|i$xt*?Jod-nBh7vg$LE*v{eG@M{kL*>-eTY+}=m4J)v<<<O_
zJrj1{*RLaFUSQf?7-FKe4tSC}o_)#5;R+DN@oK8o-lRR~E+`4Y?L`z;Sy?{ZXt28F
zS+;r+R6>km(^x06!I_2g{%!O^c5!C>xpUr)TN1gcm}Gju|HQKxQZDq<4L4h0PquIU
zCJ{coDWbg|L9@TP?$9h&r3#e-H4y7tQ%~<}@{9=^MQl$D`9|sK?F<d|=4>ske@EXz
zD~<b@k<shduNP-^=F#=@vyG;Yka+waT`NCTS0|BL%6<V`VgJnClj%B_lY;Am*0AZ2
z>U>I8ZYeN{v$G>lhKJv<*Q+`r+$(xxKX=Jc96LpFo7c?(`KAq2`FvE`3!v-uJSJkw
z%Y81RBh6%sl1fxk(#ZU8_za<gZF)nnDnBArK^y4)IqWe6n>k}fKZ98>ARw%hZ(#)s
zo=p(J@UjBBc)H!E&z_BC)HGd6z;vjw|Gt3PoH@D^CQJbOU`CmJ{^ZHX(W4L5Sh!M`
zbuylt0TN4H>~Fy{qJD3Q`Td;QG$7zM{T?+UKUIAgB`{F`7ous>zgMq=)Lcf$a{Bh&
zkyAm<>I@akA*5wsee5dg74S!qn3ozhWJu14-FfyXZM|!KYCM>iDun?>l4FQV6f14C
zbXSUzuK!{pHPj=_@s)F?*Fqedm1Pu^Lx?K4Arn110|%OAHN1<-$Y6F%S<|#{OL_TH
zzQ-kVGW+_|T`;Fae|GTXNhZj(3J&n-G(p_?^xL}S(m<lP0R#J;ad@t_Jm)3a!xQ7y
zn`Pa6cbXRjgX0DF`irAXG@9y&*&c<70lO4a7Jd+^+|vht^cZ{5j01;~yPIAF>0r8;
z)Ii3QoU5cX)#G%V=)}g`BV;t^EnN6(Sn3e501rHTDByGdNWF$HU&3wY^H`U@x%PL&
z$RG&h3fm)~ws~7d%H*(#gyb=*I5x+X*`t+d?zsTXOikZxjN@8cd*04Xu%9#b%{qLz
z6u!Sot|t$r?|+g_$D#H*!5Ie$!Y>>&c<{d0n*ia2;1l8io?ci|Zq#7(0o)y1xS)Oe
zia10YwpcCZoz^gE1=0Xjf%N;&mCwkY4K)7ys^$zc_3Kwj1CBB3X^tgy`cSC{egG1V
z+x+z%e4xR-;+gP(_zqCGN=E_B`&+oWCen#UMO9q+e0)}{FhY$c3~~cNr|C!U_7Wyj
zI{XVaH2A+LJM*v}_qN^t%t=x$WsD-TM3GdK6q!PXqS7ElMTk%;gff&wDUwuTQ7Vl>
zQY1+-M3W>GDHT$r_UE?N^B()%$9|7v@BVn+=UvaD-|xP^-)lIp^E|KKf>n545E~w$
z^lFV9d7s@>3^?gKlA0NIFrxgV;Ih|v^huVMQY=VhL5A+qr3)n=kAS~!bkOfwOkQv8
zevzBIfr!J$*jhY_*ERUxJ%#~GmMxQzkYH-uhrJ&$G0PVpSN{<Sn=ZXu0KE8NUO@2r
zQN|yge-dtq$?r-Hppoze!1V|tkRRP#c<<T!b{(AQGMR5ucy~9aKy%E%W66kZFD!NI
zgzcHsMhAz;XCGV47j8|l%{>8>$E=Cz1Y{mHXivMX`v{ZXHq9>O49p&KdyJgLMK?ki
zz)H(^@-!0Zd?|T?r0|j{7NT+%-(dD}9Dvq&m+T6JEhT)L8xk$syWi+H_SC1^+WGu>
zk;sve%}2@>2B@Td{q?OK4PRs3W`r3<r!1*EEQP1{ThK>=tHGRCGn6$}U4sU865Z(D
zVj<`qJYz>ro3;xc4>Wb&|NZsfWC?HAfv2TpB&O1<qrylo^}x3aAe%K)(lRot%u}cn
zl54rRCA~2u@OjK%#N-QSptWST`_;41gq1R7og|SJ2JV*)(whPKgXv}B`baVa=mGNx
ziHx183%Rn>G&RNlEK5VzpK94%^rYKy8vXzJOQ|~{PtkB=PxBf={O$9;6g7I6m;-V9
zDL+*wPiC#|<^n^CXjZzr4G$~mpdO|4sBykA_!ol{YLeJ%*QmMPa}n$&hY)}U|KN4h
z_4y|}I<J)Io`n?t*|V?U*?<{lsZQZ!Og*R#Gu>u*aErhg+0wWvY$9m_iYIpr9~m>V
zbUfmbuH>&fbNVzMOLy7*db@msot+@I#78LCHg@Ip`<Su-yf)P_rzrWW?2jPObHZbG
zv~w4MY6$tVj%CoFP{;7-nM9P1n$1X&|GrCm^}>aM2NlyCI2Vjkj#``Y$V$Hxa#D9T
z+E`jvkl)xfmt0FvS3*xGyonk)X!ZAo+VtP?t!4@QJLpPaQ;D-g6M~LN(N5vzq%VfV
z6Z?Qa>+DMscNmD_dU~F~&Aa(das14eZo2NDnTO}5!wW`2-E>FLvvYZI5mwx6|6Q^q
zbKLT=rydH^3{Kw8DWy9e*fx<%IYy+@+k9p9I^l@GZus+|ZX*n%!^Y4;%X~pzRU^4l
z-$aaXd~*luQXEstu88f=BzL%@F@SJ{{;r~^ypzbYY>bpVg$<s-<C(FrR8K|4FQ=+;
z=S}*1;ti%bk55mESo@3S76-Tp_yh`47(n{Sy*)#p4w}3wdFYgl%b1Sm)q$kSq`<@f
z#(TbS=)&@0%w{N_%#y>f7=`bCFU6|=?1)0-G21DR1M4uf!VfhjGSW*J?=dbkipIr~
zHbsB~luPmLL#@YGXuGebe&$#P1yKoxhx>2c`h8-=d_EtvplMJ@l53CTy+=dqCFOod
z`Pl5NUh4)PTfw{A@%u1RV1k+ovg*uz-Ds-$gmq6yHV=f9=(d`{DuZCA?C22bLiizj
zr<&KJcTjr#9C_$Fj$%^TxqyJ-@jIx%#T2Q;F$fsu-!N^Wv|db%`IoAy2!Q(V@InVy
zdyfNGS0!!4-m>K-c<qJszv-7p#ot1V0(9CENVp0K8OZXP_&uzPWE|3Py$3=oF~z;Q
zNCc^Im5O31zjlES=heY6^gepjA#D#5YRm=u0Y(GABYHNz%*CYXqpIT|$PDKl9;Nbt
zO_OYM?=Y#{mwlk+<<tMLS+6Sp#IPAxe<t+(CYbArF`I9jItu>7o{hy98R4-oKAJuU
z>i}y2dRT3O+mO~bPS(~=WDt%87iB&7=z3z}*~uG>^SV>Sark7XEBPDJYxWh7N-Ak0
zeE|~2&>yh4c7Nt#6B7W_Kp6!-7t33l@9<~%Nl0OB;EC)XFGBc~f(*L3nTLSqWa8(#
zK7%!mpEzO6%UZGGpw!qgW2D8p@(k(4PQE&qQ$_zcMO~dhM)nI|95vVpZis?tuKvtr
z-Y@U--DK=v&fMSq7K==>CSrNmN6tqdh6@Q%U||)v!yBZS;^P4Xa|%FNa%~^B?+}SB
zbg6WObsf~SSUJF^qr2P%8?U9uk*)Yq0aR_Yx2N=Ms9o7mBA~AnRZVsCFVJ|SaRxz~
zICkvcED;ztP8jg%j@m~<ctK6{<TZ(D8#kK&iLlVod+%oEmvlOgdCjC;PMIorz~src
z@uqcy<lN#BLvyiLEMLyW<Cw5Yt?gzbRUWPL%Y;4Djj+3(ISfB&O(K%9Zz6$c(=QUM
z;Ix^Uu`vms$(oNJv2W^fc(q7VYev{mIXMhRGQdzErscU*>-_%qjQW)pnkD3B%a<b|
zoJ?=kxchAK@V?@dN_&8?_&*Ho64$@Pf9;qsnJyyZkRp^;&rWBY%p3&hOR%(Lq>hat
z6rAGX%#OF^OKFGMzKstr1Qa;In2nKcR8+z!n1X^#@|u|=@t^_RHa7p_hzAS&#bO4$
z-+BM{3hq>`cfl=#%SrvvVjMtGiT+tw3Z$T*%gWo^uD*VLE?c+4Nh?Nm06h$Dk=qZI
z2wp~I)*;$@z~LBFlAKe>E?!F936;)}3^ZZJbNLyvRDoDB#Kl1@Dr&j0v7YmUC#QhJ
zDeABz=_e;AIY2d1D5y(Wy~DWiYpYwE@%qB%FSmcy!)a44h2D>SGT+{Q!v-eQRQvqk
z#K!5pbop{p<(W<*1urSE9R|K|(E#T=`6w004xlYoML)}^l{1f@3dwH1uU5w}@EQmd
zi3tguFitynevJ9@uKzS8Ph>HWTof|7XT~=ZA`}`+o{~VfaB&%>Ik4s}(_DU{QdmcE
zt|beMg=OxH&3K%19m0USPM&=J<O%Yzd-ml5Nr_{iT*~lv<diAo)HC;NpqB9?__Ylh
zlyWw|mq?)(!aQgU6lnD@2~jt0EmNCuWup7I+ci66^%#@B=CKnWcx}RJ_HW;yBXnBO
z%1Zh-!YSEHgG?z`US7Wb(dkZMgZE25W=@!$tv|0zqfaK+j=8(eo}VW%BcY@Bsryov
zhT;74ts5TFiOxNH<`Web=oMuT5uZ{iX5rA@x-P{26f!f2$gu%x7s;G0_ko^R6@fX?
zwb#n4ud&~l(Zj0Pqoa`~!?ayCcFNeXoRM7g@Y>qux2uC05Z-<hV*O+TZU}BPy@KOr
z-pEeJy>qH4ImU2lb*^av@Dd+V94<yh-K%uUPC1@y3ptGI!?Lg>hp><kn4sO(Z<*<m
zRsB_<s|@pp2Z8f}o*)CoY+G0zfltKk*!x_Tb7#&BI+WG3PaoVeTP_SJFMUpVBp8c8
z8>RIq3S5Nr<}R(1<_!ueq}U%puc+>oWIhUwsm2~jk?sx-$G<#GTAaK*x)e+d%H!7@
z!mT#%J{z`js;v9NZqto^Mi&4BIXStRMq!nftc32%<7dy75z&}P>_VL(=xbZ>NJBbX
z1YwS@gjU4zMiy}Z^YHZ4)CYUMhi>jSWXKG<+JVQQBUit9qw72va)bz!C_IL91N94p
z8F~@iWadReA$+Lwc~@cC74F4nSat(r0n?Gys~=-dy>TN}Uc<KRDW~=(Kmjwdgb<b&
zmxX_VC&@hRo)Wq}peOl4X#{%#gQ_%R+p0hTX12*c$Kk<X!Yx4%{o)0G;NjZMmdb#2
zf0|)3de);XB7_(pZ{|ILZ>)3s=FPGvPn_U|IK|3(KDNO`o}ntgoD4#Oy-)`-BXiB*
zsE<z}+zt%`HIbLSogLmOVQT9o-HRv2-ng-wcS)|dK*7#oU~)S?{qNXVUpy)h0Q05@
zOc@y&TrORO)7rZP25$wBGIOZp-GfxA_?)+FK?!lx&+lbX(MU~6k*KXlnSUS6(QOxt
zz(hF8vns`PM>X-XDX~~e_T&jEpGp}ZHjTK0t&yRF4o*Fcc_gwZqWP83X`v$$Imi|z
z)24}(sVVU}ZoDh27<u)o;2lTS0I|5W>+9_M7IX*7rg7(mc?$PzencVsDrYRAy`&CW
zXB%l9CH5Zn^<^2r$gl!|PekQg=)<-I9opp@Cul%P5LYiOrNo-cY-8!tfQAeyJwpG^
z{m??aRV1B3NC1Z5)Zg*C<mtq@BXX&#V<ghZ%!o<=3BUn84t@sabMOqnPZ%+^gGlg(
zQZ|$npuIUooS-BkNK~R_!B~I<ux`5+5R6#SgHG~B9Fl`vC~N&5okUV9;A&Kx-;QTh
zvXP>nqL+35P$Q;Eq;M!{NP0PYT3aT~oI1j_^03rhl@XZHAfIC_PT6|lYY#7#ABVTG
zn;5A9!(#q1mx8bVfh>S{*m(jL?K)7we7)yIu}DD%o|CS2+u?cAOmhEi)u~u{Qi6vV
zND^DW0&*!c_|{ms!`hAMU^N5@XkzUkI}c_!7<JE!Vo`yjS3`)D<@==l&tt{H$sZHg
z(#W$DFh4?pw=eg<Lny68o<>;Tuxo@L@6FWD<0niAeAUjqElzh)30@$_j^n+$iRCP%
zXC}7x7pFj{qire4kAuxG%d{f#kZGTMbZ)&Z{iHYJc)sMH9dUZ2krsVh)+4P#R=8$F
zP0E#=oSf*$NXiChWXoJ&#`wf;`5s{fCW}2c8;b7qgE1^TiLiv^WJ&7bKR;PPiJ;W8
z#FEq}Ik>yG6F<xzceP%#Mu^`Dd*D(!IZX^TGJzP<5mjhM0Zkl`85PX+dXS&LeCg8R
z0W6al5Oz}1c@n-ed}6A}Mb{0?F~p#sfzi{Yb7v_%d>N!eJ4X2%%CB#imdHX}_VLpv
z#y78MWO3srXOZ3a)tJ-ikk$K>>?p66E?z7eHI+g&5=r%!FDkc3AUTDlmDEg9r;44*
zt)Dy@cnhFsj@WXj+09ojgK`jvxLvnz59wfVM$v(5!#tZh=uBl>rvNt#z_icTZ$uvo
zwUA6J!10@J`6dyCb|8cT%JsRlN7D#uCO!jIEJteYhIJb^4(#8*1)Q;=!KrcWIu<Ae
zFK};fYyG3jrI}TbdNZ_y!d>Qe>J<&mP<QSD7zS+8FF<F+9%OU;b^6tvMb0ij5o~a~
ziHFIM>AQ6+#YJ}Z1Z{p|rjNsR<kKg9E0L)1$rDeu8k-8-ysk@>p@T9DG--Z~j!oEI
zZK;Y=4ejg!DFWH1x~}8H3g(EB^?EAOMJV<aC#x`QC&7#;5)52mLR=tI^Fx8mbAkN8
ze^OdAiTFHiuYUi7q)RB^+xeKr6Z(Q%)>dR>P}~u9c~B)hHMew#99&<zC}Aas(OJVN
zV@Pen#MTbTiPT{qouW7h9uy$~v8rnD*)wN;k!5+=Y>GX>`}N!ermB1MzwvmVl!H0(
zqv(ZP5Hc?rhI58M!!GmOI)XL%XFc^N7bq`eI{ypBKteVC_qW_y6F%3i9A8AUNK@^X
zLvM+`#I?0)E&n>@C|{iK2UaR*m8VY4S)|(Kqxz;Y!KFhG(}c~in5X9I`ishgh9HmZ
z36KYET3;+bOh;$<@Gc!nofRX`pMQfkQ!+Rs1m1AF0sL@!J4(i!qXUGE9x5Rg14N>C
zBrDxGo-Ktj)eGh`QlWG(?S7nO-dk{RG38U#<a9jVW@Jn{Hd~EWoD9tgNK71z4=R2e
zt_Oa1FbWn(B(A?`oFCyu5+5(E7zwBN5Egnr7&L(UmaUtlH3=(x2#tfWDcB82_4LV;
zRO&3u8gJt|LL6GpE2D4Y24uXvv29@^Fa=o2RLWFT%PdzH_6p>0df!dt+1#mDdY64M
zmKiux57l(`u2G;dxQA%CpX8yhTwVeiHdOu#M$)0U@{0dJ)FBHnza!l+96|tyv4S>0
z56nO+*ugsPXKU=_U-CwV09r!4E=VS<(xhRjq&j2%UwV-1B{Q@R7F4^$HZkFC<X_>>
zxp9-)TEA*Neq_uMiF)Stp~nqjdj~^EGN%+|Z_#b4$NRjXdj-a5f!b!g2$WM<-PTw&
z2Z)Wjqq0NBJu0?F;yQCYyEXQ$NYM%yo?ybq%W%H%>|oRTPoGNo{xrkviO>&hMtcbJ
zY;1c{%}p4tYofJ032hX=L=~*ZRi{qvBPlsjQ(APsbnn+#PeZt{D$2^Cn1>4-UfoR-
zCG6`?hCs@Sk8gxC`I6Pt&NYi6!gHt5f6RUOJjcr}<|@lWvMAkfr@e6b@-#qudMp7=
z+Lr8lr=p?*@57d}W|sQP(tZ0+x}f%YOn|?C<(oH7%o8b|?&R(g>Hey<4Qt&y;b2Y`
zoE1`&ukezd3<1XFr|}v!29-+CY2jz|s_N?uvOO*BOJ-tm2V5YFzRa5v>DV#cFrINo
z=`Ds28wM(ah|8TZ0m3V`MBo0F*vdo%ZnvHtSfS%zF^<A&nwKxp89<m826-HAnV0)I
zi#*k7ycC}DCRl@@D}bm9o&+nx6`;y0d#WD6h(tmHTPW5@pQq*Ex-AVXK3W<=wU(45
zh;mxp+TrlS%3}Agf%Byu_pBxYBW1ijAWZT1AnZ~an2#L*ofEXW)_3-5^sVx$whx38
zdEo+dFxb@IMs!oF$#CQh&0%|W(F5<LAQ4txfoSlHNaXZtbd@Dg)(SsL=?QcIh=#@^
z$Jf|ZAM1HCI2eB#51cp<;0+uw03y42s#7N1TS^}KS<KmpA?zm@rTJk!`x3zowqYa%
z;R8jR0wv)2QpNTvGk(1&kti_{gIp>Um_rRaZ&G^Gs={key<TSX6SSJlfWX&0aLlgs
zn+!yVm6cOvf&v4Hb(}h$ge$*G0E(VSKfaWA!K0&{!6^xdJ2xLh3~ZAs(_6BesAhs@
zj><gIDw+SzG=}C!{Nf53kE{>FX6m5eO<`Yf*0K7(QH*^ehD(W|aI-?O75yyg+Q1UI
z4+UY1A_{Ti3Pk^DVlpZU-pqDg>OGe2@Le+qDU26JBr{^f`ah3|5b3u$o!r!dTWG9h
z#wNJL@80ztGQ?L!sdRef)SMHBkzCc1l2r^Y39~pt5fnW<JZ6Md_!upA-MJG^&u9&e
z7CtQVKZb(%NA@lZ7kKe-YOZ5F&X#tgg$r>!5)aDT)BHJ@!-aDRpr%qX8`(a;EI;?$
znlcHXSVK$eFZsy*ylP@;e;B)px8@HH<xz30>1Lu?RRR^oq1uqI;fif7)vB<_19Ht6
zWrIrEV>riO4Jy`T4{6>sfiVp}<B%tih|ysP0(Yvm?c1j;*@an0ieqUrRTiNPk{ne$
zkTr~g2zr7`hF!5G!L3MNtn&I_YQYPH0>1=shoj|$C%Btr^ka18n;8>OPeIK8f`P@M
zLvwJL6u!2_P`>tG6g#O1Za~X`-I+=7tAHZOU8Vq?SJ#4cK}WFLUEs^+^7ls$dtq<i
zr;ndeik_9(@trkb!+(nUzZCtId?npSs=)=ywUs$BkEwG-h2`A2A31}8PZwyn1r3>H
z)5mq{p_hFiebW%(oRYznVfaZQ#ji888Y|;7nHdGRDb)+^OirBS(DxzhTi-fqaEuMF
zf_B5u;osH3e-O1JGfC>_uF-8WoH^I_Hq?LaZ~y}Xi%5DIHid+%mSI%lj~@c%$Hy;m
z+tYdMDL6dBH*4BG4dxXfJYn<39<}6fhG_V<2}!3$K|Tm{4uLR1uOy?kXg2%o>D~EC
z&3;P0xwcz1&K8}M?XxI+G1upZ!PgwAov%6pOxSW$iS10X^YZhdT_hek(yK6>`wwbK
zmq|)6i@7-bF2*KbW5FH8!l_oG(UHA)QTWlB><!*e3yjzKg*EP-B(iolfA$gJYw`l;
z6?@v1SoRjC@!|$NCofR-oB;*9*$hXyk#xk-=)Pa^_HPC_Je3x={uZ-sZIzDA-X?%M
zV#m)X6@FBB+0~~1{pzn~u5!1NZpbiCrDz74oafd|VF44~epmRsGser7ITX~FtU>~W
z9*%oAqg3Xag#hG%nRq>67Bhqbz|xZ2E2TGipd+xf@j8e4H=I?<xKlwvE+i2E2p>Vs
zH39Te7uND&fLVNwJ`MVjRn-X0fwKI3M8q~YUyaeA#U?SUP}*F+HlsLceZdfktcen8
z6DP89$Z7j_ni6oefs<_X*_p9(zT~0ntS3Qe3q?3Kb_S(9#fkU1m}}QM5Y5p|BOwPH
zMz=`BZm{Y8g+a0Agb9*gYOkAgrk6T4c$%?+LDb5ZlLzMCxpOB!zmDKe)DG*tgDdmd
z1Ke%$n)?!L=^$;=gtDmFYq5brw~^h$KEePxlDr^PQ?_C`kJ!q}3i##HvcD;3DOVYg
z<gG?(1(6_@(n*I|&Z(`o4Y!948#epcz^MPmq8@Si4~zO<L6%2ec*|#vWOdC1JIAi?
zHFQ;F4rEaHrwpFeHbQmCa$RqL>eRHf%B(Gjv%q{iXR)vOs+#+Jz*op=Fjoqav%k2I
zXY&gRq8E>b&p-&JUvt)!S418NSF*TySLyL%#}+PFa1_coz%RQWr(URH9zI%81Qe}7
z7qM`m^3<s&iH+c83q~$&4)rdYMtRr*W_M<KZGAn-&8Dpuik+fY@}}~VtNGvuJY)<Q
z#zyr+tN=zZXHHH_OA7&!EW<NgeEB)e?%Upc7()CjhaKqDgYp*6o!i*d1n~^qbmx9}
zl`N4UurX4Cs>xC^)^p)WxuhR0DQt^`oA3F?GCt1l9!NLFlHJMGjMfmtxi6r68#R9-
zCX$v4f<&PW19w+2%`F_p3*B+ifW=BJ{&o@t2eW2xkI=9%TH#0QuCs%jph@L|!dox;
z8DqOM-#L#>)D<*9oN{DFs8~ME=^kcn58sfl28xChZ=8?*s$090cAhAblz+X3G4s(i
zN`GFS`XKo&6n7lbjcFD?#U8Hp%nl9-p+`zAn=q-(WazBI`L?+#2M~2(DLq~})8xU!
zhnh&MxpJIU_8VNk{*`J)Z0_6l?+qdfLDBQxZ|&K$;RXNAe%-p};&oI6C;~{?1dMB!
zFV7TqXklqKX4<qgdA;O6ZqK>zpcn}C>XU9@fMPp-|J;s9E_^W~G1-3o&_?}^O1iRm
zG}@1UoXZpfa&do=cGQ8&NE5Jpxomq}Qpt;Z_YB~U-h8-`wYrju-^gL!$#2HVv1_`r
z54uZfJ%C!7DV#lqu1l9KLl}yOFEk{glXL}CfcGz7#8Rc)nK)iWWzo%AHpVon^ENWa
zg%x!FtNmJ{x38~UQs$x}!RMh5#jmv9g+-m<h>|(~Cyw?s4GliStulNai%b38Z8-#-
ztO@OyCu|#oq;_cP|3=at{un*b)29jVcYGW^dj8)9lE*bjCd9?Y%Yl^{Kl>*`R(==M
zdE?9GB`EjcH6g+`!m#<ch#SO9zJfmYOg>Sie^|jNrTZp#Os4MXXumc7*oMg^{HqNm
z0KtF9Tu;iN+!8x*_s$(%&CvFm!r_0e(?GZvc+mZ@Bs#T~jX7uy$K~)Fmjbec$>_cq
z%uebrQMhY~b#2m>@uYzN8=2d)z`^aqqXF1{!cg!!j=>~&!-)2kBVFrYevff~JkRFk
z(=gdSBik%DDE>X2CkH?bW9RivX~*~!fujnbD|<_c;n>Z7GCt2gdkMZTQhIc`Z*O@w
zD>M}kf40ETP)yIT?RxhC_9khA4;Nf?RM*rXth)Z#<n=^A;%@76icidIN$Vs7aym^S
zi^A<mg0sVb_A7qYc_qttw-@QwmBct{oaOtAAFx@!epI{v;yELw#PD*X;nOKi2oLY1
z=q!{Vr_OV~-I_<RFuC7v+wE>_+3J6=j+LAWQUuadnN~_8N6N^Hi=IT?`5o)IlYEL<
z!MO3`*#p%8qL;DO1j3(~qT5J`wvhXbWR7e~$?CY<&hn3jLtJpn#IJ$1A^#@}Jiq?$
zwbzUPEIaeUhT|1kP7Mb>3k!(dkeIiD4qn^o_b&~6n!|r+;Mvuwunxo&8&4Tw*a0%L
z4QZ#>VrKdzLAeR$qhHTox)f(Wsf-^&?I9KpLVWngg{xP~#z%e|&Q?<xI&&Cbq1tgv
zX_2|z;?t`*w|24NqEZKECnzy=GCT%^fR1<*9nD<z^HZmd>nIq(`BB+<gS8{GjXV@I
z;_vJ=Em5sAdkC^M66qLVx`nP(z8drzgk)ko+n#oT)2i1QO)yk?${({`8INFBMllkX
zn~L7P6(7f9%|%8okF%Z?-D1rS)l$wcWNS862-9sy$!(+L0T8-@b}xx5{_N=~a=RFO
z?ckzU-X4*+V8W~$`eL%ymyMe?wHs)$0uuukxA|MPOwwbUE3@A2`<IxQ9O~FGY+u11
zZsdNcyGN=)h1?E~W!3Qe_p$>Aj@@|F`t<lov=}^+abqX0`iE?9D`Z!Oi*BuDyzHN?
ztv=%Y2Ohg`tBUYWY4t%(n{2U<u7U2hByf11pQ@{ah@~`UeZ~K{g2)W*wNf(lrsRQd
zs1JI$Fwus`#khLlz)v7`YvNQ!tn~~jrsd@DP|}%`5}1t^?(nHx>+@5#!sz@n&~$D0
zHa5V#VAG&Gi=^99EC)dnft~`>WZwFf-5){bqYS3#dU}T9L(z+Q=-O)*+=X4>t@L)T
zyLUJ3)J}_ZTuPq-8h)8BfwGmF)l=mHFl>`BBD@NsGMzuOZcyW*+dU-uKau;tP|tzH
z#1z}MzQ=oh$$l_W_~J0Y-sT;f82pHjui!Ph??X!DhE|h%r7YO2G&!m01v!$L{K!d^
zcVILdsFDrL8e-4HT-vaCv!7*PYq6E8F?Ko_zHiymNbJEE?@Xx9x2C4IUt9A>u6_+g
zkjCcZds8Q4-=n$;-bao+D=h3OA@RJZ=)V23!nWLDszWr>28(~JdbQQriL3)Oc|9dX
z*a~N#xoXhN0dt2cY~g#e!yt21s7%G{RV{%_GJco#bk;=njB5Y~&6j=~{t_oO2WEfe
z-EM_`=gJ_TR%Tde&0rQUFCWV2aqi}W9yR+5mI+)3Y^d`dL(|3h?iTGdO1;UrKb1a9
z7KYoxSf9H9rhq$hXh6WT^(unr!OEoa_YXvF@&mrOSR`$fJ!lP%y^Tp9DGZr6_@}fU
zm>u_A#<J<y|G`>sHTfS|>o^51WUIg&Kb`+@0k~i+@Ifj7y%A(BJ6Pxck->gG_5Y8-
z{<Y8l%wYFwcQLvC4GOz&*?%bPTbOL)!0=DD8+-O-Cz<GL*Hl8*EQm~M*gEZ?>W3h)
zdY3v+m<ANX;B@!bT}OB4?fY!QG7}TQ2P>%~JaYb`MJe&|g)d(0p@k~jpKGyj;W73p
zQrj{#<FKK<0p0WwFaU7@*!Mk}G%hF)C6*Ur%iHHKQQYs}pT&_>YG3)JNpGQxi%a44
z|B>SU=C84bF=a-B7knD2T;J~dE9>js*&b7Po!o%V0186(%Wm@8I~y<qYCK}Kg}2^c
z)A<sxB`b(cO;KL7uyinbqV$(lCMGV-{HfFvy1M@ScDcoxo6mgdr2*Z(w~JSW{n#ys
z<=u)G(W7D(f`uF6n<cx7uLi9P3z@5<N@2$@1T>(C$zS*D=TBgTAr(G$GF5?xVvBEO
zLn!b^vT`ChsZe^$wrv5X>GKB6oF;kPn?@60@{FT{vRhul(ub2AcD>4&>@k0F`VL!V
zox`2Okh)fEt%6srWMniU_QHj`?1klnItI*t4311^&~Loyaex2thzK>}UCZe%qJ}!*
z(LPRjq*k`0q2yFe-@DN6z<dpF#`Kk{zaCLlS-IER)OGd=@BDRiz^TRei|&$s&gl=6
zZc*-$WWRnH+pd9u<Xj);=Wlm%vTIJW&gnO35U>UQ?cR%WJUz<3VvSMwIUA(=ZLgb2
z7vY2weilYNT(V+?-0j)rWR~Csd`dOYH~}9B9R%r3cfHJj0Zbz_7#&~OFX}l%OOts4
zb{}EI-lM6RD3AI7^OKJVP;pAlW3;5&h$mVCyI9(S0`hE0d02o4eL2S>#Uu9y(p6Bq
zYu$UEo(d=mYgqjE=7Tza2289VV4B>}ov4wpAomJW?a0XIfpgzu`XCl&`nss7nJY~K
zh48|Q94)lMq5Yv-Igf;c(_)c+zRS<gHE()7r7{f2s!TMw)WO(}+L@2}c7D~HkOO^s
z_PqS}-<;QZ7_5qk*;SlA|4c}W)KFMwGu}9h|CYQ~(bmIB*RpKl>FCgnvgPY72=2;}
zomjMW|K&2&S*)SjutCv_W(Vd}Lw7h6E!wRX!cY}t_te?5H*u)q%gM<15ItE*Ieuq7
z$Y77GiEZnYD5f^QUf?|J$;yQ+eIbeh3$fC+9mJwE%>^Svh8Rdm+8VO@P%#*<5@;S{
z#?0lQGt1!(Vd=Nsb!}G*Fa8Wne*p?FOAU{0?|7A7kb3b%vh|w)FC{54dA%=kWPS_|
zBFB1Posi%yo8DRO>Xn4i;ulQoldM<Drl)#)4_mQ9I(@WU<R!7r;fHiRk01Y$wX6PS
z+FV_)zISRnGA&huADNFDe!LbY>_%Wy^+}UfqWX6+k>A{Buw=i%g9Y{r10G?N2G|$6
zdFj)ZG<!(i8%Ma*HJXLDqp+fZ0;CYead;am)H(sS$-ILgmxKLa*Xm-ItvyyX1eo!+
zf=(efiTiyv@*`Ln(p;pr<HwVp5|?a4*9QL2gqA9ngzK2DDvI$B2>AN#8?9v<a2|wW
z9gp_$_j9WeQIl5$P9$7D%D#Iqu6nT<$Xe^|$)F&{G;4xP34kqUCcb?6GG%?bi9fBX
zb6v@lEeFOf5hmW43GwThEv?RQSN`*H`|xr3Ij+Fy8J48w4d=Nx^Lg{af_YvEoT|5u
zX=^BaL2vlWl-f?b*=_=boOXr{uy}N2)UP5MR1R86yTk3k8~sJ)gDC761T8X1>j1_u
z>FKTz`K}IUNT+uE&yEG%bySO*ZL771WT5Auf|_*ynKcVdxKlt6$`4_V@gWkEk|>fw
zSl$yAB|CH|rT*^rvz1&r$V!scu>>H92Bth-VaD;*dY-VbD)j7GZU964NLb$W^{Xu`
zlxxrPUV8rfMF-H&gYa?I@-&Y>2CafmMx@!aWc7*__p2KDm9#e`1k&ot@qskxIxg>>
zG}ys)cfz9`k9e<8qrjAf?Lgi47hcXf9trIdks^dvJ{5_a_4Ezbw6Uyn)&0jzy_m_C
zq=W=4Y?^++O2PGM&6<d-`#+^h51-9oIne-fV!*ZQ_z48$!WtH+0O*97{XmgSNx|cL
z?%XlT%8r!8p&v`&1EXJNXaO+OHa+&nKsEuKJc%<D<0Co%02%mMsphd)t9agn{(au+
zpy&UzTSKSs##KpLO3KQ{hTvCxN@Ym0HMCO77ryhp17MK^71#o8g9H^j6&jEm*VtrI
z^9%}fEPObpJ$f9P;3}@WXwerQd2w+umzl-Xs;W;hW**;baTk$$_kVx!eZeZ1L5@dz
zTX98&hX9`!UH!Pg9v3Zsjg5F+4^-Xk1!nE9|215%9IUM!9>*zlo;Z23;N3!!OmEs0
zPf*9no1?Lkc*Q^j(HoGp!w|nwwW+*Z(LXP@MuwIEQh6ioi_yAsL~cL;wq8-?%PqC5
zv%!f9*}cENV$%z7^zknDK1j?T-F@sSO%g!QDHA5p%C{n$1VfS1W9<%?u8k^ht$bh6
z`9V^pM)tx@5rszcUM^gC8Z1Yt1R#BN<#iC3MQ1e>lcpcuqEUwDl38imGN;FJ@3y|I
zx50*!TT77#mwASp#vfwdC<O&i{b9M9lSR5OyQM*C0IcdHcjP<Z5bgY6$sgqpDN2``
zn7{+viogdKSa1CceTV6bF}%8(^!bR+`d5_i!0noi&TCEILa2w36KZ71!+{6ECZx1j
zkMjN^g>e(t_ZR;5a@~3J4#PkM1>)?Mo_n!}RDf!YA3A+FKne%Mr2lLvV`}{%h;cmd
z(LO1hb;^ltQGfNZM8k5@wM`K&7>{%%G>SuqatNBX^2}?F>?=d@&2RBU079dHW(TTD
zA*?Ryehep?%^-4dFWZ>efv<n;T6_>d=<wOG=F66SYir%+vtth}8{w<+x9g3Q5Hk6e
zXm`*<*D=OOkR;8>&ir$iJnMy%3gHsg{f;eLsOmqzxbl*}tmJi{b@(X>EfFBr^L-B1
z;Kz&3Y0nfBh@5}_ZId^LR)>M??bOu%iq79Z!EG?{x&NlJauTkZ466bE<|alwzEjo6
zSEOC7!H*b9T5~0Q6NLxp<(LhIvI?2PZK94&1xz`@_dS~=3&F7%6!59fLQ^bDi1X5V
z6b(c-EQb`SS`v8m5GA}8Q+870>91LAY<vTAW9Ar8lx!1R7i&dbyg1BDMn>j=Z30`B
z`-N3Yh>p)Nz0%X!fS24?+@Of<G`0+_3%MgjOFUz}XGb6bVn;1*NqL%qD_#^8!K+~>
ztUzMHa(ZOOU_~!wEpwP>x!X^b?$=fLT$)mVeg&!`bq<5t6D2>F*AX$OnbjFzgRL>q
z1u6g8(gLyUf#w8}ZokfH<7&3v_m%&JP9jfJT%>ElM){#D4~ZaypG_U+#T-Cd?{1o~
zZ>V$HmB?%9P5j*yy)CV+Xc1SFNH+dX?r}gb4OpBTyAFUI2pmZ`>{%fqTl9Jtdp_?Y
zq9R(NwerjxJvV&@ULhX8IyYJM`KtP{JIg^(4Al+^1Zo;JEaaXi-*U_VCxMi+==8+Q
z2M<PTYqNH$9p{0$b1(NgC@wnQGxeW+6Vt`d<TwBL0h@(kUoT*dSf0GhkRfpGlnQ@A
zpk_+TJmN{mhgb^b$pd2;YEh=ZfuUT+!FNOc0J+IL9O#(-M~38;Q4NqMP<uC1!eelX
zcc}8p1pT6!$X3MvJs}ZTVDNP~zvDGE2j*GDPrKnJu%uB?G6ERk^V&zBWZsVnucy>l
z6&3I-T3K8?DFM$H+7WU3h>3Ap5kq8sn!oL_Q_7p_Y6fJ<7$`wa*+o!*gH%craCJYi
zz2`q6_I&h`rAvGD?)|&z{d^QL)R<6PiBK)$WZ)^DMYzTThF)Uxr3650_3Cz_v6!M}
zsF5(>VEhjHK}zKb&YT&3@#1W-(kq*R)hWi}4;97;=Hu8CLqbAyE=&xF0E|+`39m3=
zPR+ylQ6K`ynodKerB5OgGyWq6TU%L8w0$7;ISR;)G!nZi=^<1@Zm-SfzK62z-M`Oh
zxVW?wQ#kmyE6vQpv|M~S*9HdDG0>v4K|+&|n3(-@yNk=vNj6^nyVMN8-`Q=?p3BQV
zfouQ^F}S4FAmiD(_fZq+9<+)XDSVP|wgBCvnO>5T9~M2kC-6O3o(Hl4{=g8@<}<|L
zcSI?%aI&w}t}z}bCc?Z2NO2N=q}KR_0w>>s{zZ6|@lmQZmC_UQ%YnXZ?e{Xq%w+Xy
zlzelPWazmBoVN58kD>E6Vbzo9$ydQN?28>46kum66CbP@CN-~xL6|?_gS~(H;dqrT
zteA)MlfgwNq+VSkt;kYkXg_oaG`l2qA>1kao3-DJI*?TfoW);DrD--v-QLFLY2DVB
zh)W>d!b!@#e}5!{jiSm#ube8v-GF}mp!9rv_iowZ#R|3FB9W@-pY-Cs8eJT1g!JYa
zD0<mA@SxJEWdz~Hw7%q&i7e@~gHQ`Ok<sOELh{N(&%oCy;f?k5_7S!qs;*rdB~);R
zgZ|02ExX|VUWVfXsRQR8Tjai`C4;AKGB-9pVb!za2DT_!)SCC69#Mh^4RH*}<9TLg
zC3J`c$!ZTEIZ#J<;c)9fW&o+fV`Ghk%M>X-D*RZQ@H|B~j*x`~1Mq3nit+u%u#6c0
z))5X-7AKiEa5I0N7`8)L<_hJhTMP4d#agHKMZ0(3pg;x=L~Gs70Yq{0h?;He*m*@;
z_zgX_{?VV}$Fm#e0Rn4(^d&Mf3Fu8HC7YX?3Zfouvs5V4{3h1RgCfOi#T(+1o0N2F
zd*2RW$q>M`pRX_Y3&%GJoGK{Pv$yDY*V9<6^W!O{2b@A#&$R0z)3a(bSL}B%Q`+Hg
zMMXfFnEepp3jNn@_uq%5h^4r5I{?MHx!AmXA!Fk8gu${9YgpBlegD4Xz{!RyS58w?
zTl(h-{rmYnI|_=6(+JpK=XXNF@s^1J{5c`%=tUI9H4y@^dZG9j=0)&i5OedU+o)eZ
zcTup6WL~SFpnx$-YU)n<4-DH*Y+o!AjqwlI&Rt$Z48v_iQ2)pUFjG+(H*S^~JPxZf
zg((w34Tyu{K>~TLwA3uM4Arid)|rmPw6p<cK{gQd;Cl6q{qp7wy7(-Q!&#MR-lX*C
zlfx#hIp`#4TpO$4pSS(4F*_n~0b#K38^N7XlGy;IW!RVAX!|9EJJ+iSQn31zDRm)c
z`aDwsnkB_hZSu8Z)#@N{;@;oB#=ZWq<N1>BLGtwpbRWyn6l3hi%njlW{y7YD5J%^c
z(mb;%B6bVpFoJ*4^XF_nq6(Z4lxGvaQ~NcCMc5T%Zb_cbv{LX|Ro0`vs%jfd;L4w9
zplP!2zL)4;Mfkq^9so}+Z8Y8Uz6a)w&=F0w_c>{l5e~e@4fo<0vV-NZ$3vaN3|IZr
z1n~x>VHwTWLMCYxbh6NMQ*S~Ix2@N7sW<lzTVx*=&C5CR^VRpmOh>5`O;g=@z8rvq
z(?|LnnywuzNg7c1PZQP_3jCm9{w)=K5jKtPJI_At2j53Z4`A@FN+;3oiQ)&gzRm8*
zI39DuHa2;-H37Sh7&VH&5Q1^U^g7;$RT{n&7LJa}I(~IUY4#>!{SRe9-+D(|#Fg_q
zdX&)@i>0H8Nq&BQ4qdv43<r{~wHR;iZfzQI<Q}q8jw`wih>+St3SPeKm!AFdF3^Y2
z=H|3zcUR0_v~!iPdihUDv{U<BM@q0>_#^12w!aCk1TVUNMw-%!`bskK-}@5)4T^Hs
zc_$5R{(bQ`lI%V&uEoZ-hyNTecg0}t?AhHn{@%$n)9ka9Db0YTC0?is3GM$7;vT)<
z8Xpa;Vmh|=%^QV;+izqo+#OgG*zorHd5To=p`DBTACzJJdLn;auOJ4dJ7MzOeJ@BE
zMvoRwX^}Y_9AE8kXlTIjspm`K`ztF`FrEqs00y2Z2Gh_#*EV%RZ_h{QLNP~kg}Fty
zQ26xeU2%#q$UI+w1O+J#9V~WJb+f?=&~NJ*Hr%)ZW~9F8G|DM$S%(Y)?5^FrSHp-Z
zEL@W8Pr<;k_^gIKiQ~$Z!5JAk{)QA6LnqrEcUZ$ym%OSbVf&GMNbdu)1Re{0v5jgl
zpbW+!lx8~HKb>^igK%&4YTulyo?Sa*RvC~>MG6upNU9miI{hY+wIdex;v2){y_jUq
z)S!;3nzd@MnBvF)pAk=K{b;A<cI~LRd-nqSO7h;@WSF$h-HGHF&WY0=yeCwro&&V2
z@aRxBhXJtC!s6K4&seCw%IMlzar}5}=GWf+{!fN98X2%*^1uUng@2}~xEky$>+jhN
zMN!Bz)L8tq9$<_lbd``ehWLS8QOlFGq*|Lff^a=lOyd;Bj{QWVOP9;7SCYZ#8*&P*
zNy?>5Vv33UKG>XaTIPMcq>1eYo*mUt;20tIYh7=$f*Z|MVLfj2`SZumo!i7-6(JwW
zbb4vAcRUSjV|6xMVg8GZ4>P5w*bn=E_xN^Wm{RO{N5_I5tLc3DB;nBZYu0xG3MKz>
zUo0*C^1F@ZyV6fis~n*CoZ6L_JHGs$%tr)v*!z@xZzDL_xY(rNxaY)Rzj7<D1~PF@
zRs6GAf+6uR-cLR5Der=wLtv*^A9(CyY%DvM?`2pH^gK6n`EuI8{Y(WRi9r=J4QFo)
zl@4^Wp|Y|`5Zp)#Ny(y4XxCJOISXRpFdv6`fm?)Ofz4oxIA-(LL1{hSXnBn}SsY7=
zBx>6qKUizivv==P+x0sR=^UY)%>j=9=>y|QkQ5gwxKmF0;L(F%CWlGGSDI)5RKi=z
zX|2Olemfxr&=M&HzZvx$_^-(5nKz`3h@l%%b$k5&NvV$S5*|z(wvhoV5s_dw=>MIA
za3=qQlZN?(p!{{H8*R2V;W46L^yB+?+2BE&A%xLz-F*)aL|~MVD!JXT0r*d}c9SR5
z(EkoE=p?#~Pk|G9Q}S)&+XHVFiW60ZB2Qc#RW~A<kOyT<H2+fcDqmu3ZVs%EsdwD7
zB!WU)*^9e(_2S;g_BoV=CnkRma2{5BJxj2UWV1??sKQ@EWr+?881FpxaYAux(>-mR
zRJ1@eR$I?L$FE;hS!<7Op-rtw+1p%7Or#)3p{eujMIE@A&hvIgYH&v5T~A{L$3mgx
z2_=kG^ou$gD!Z^C;`S1F!|vR=yWfc`*az;A?q8~pwF68NI$oTNelNZxa(+bvM0IV(
zNn0B(pbHGR%v^^zKU=?PldqKViWTP|A?jUX3aUR0CTT;*_@=3Q>Q)CL3$(Io0K4ed
zx9?fbL6XliW9YEZV|GE60AGU`&0!Vy8z?$&w!ci)8(!QK29%W1H06Q;cggcPBHca>
z5%YH^n@&!Len!GZ#o?eV%|W`Sex6Xzjpe_y>?x-T%x&H~GgN?l)4<vjxwf=WL~!O_
zG)JZ@R|;RIfoj&ryt*wtZh1&tw^C|7zWx!x5*(SGU0s{e4;Ufap~Z5jX~$js%f55u
zz$bc%i9x&$#N*J<Z;_juw!h)Y?MN8n_a=pS?qpbr4sW;@%=G5yff$3c`sQo<{J69F
z!x}xt@G*|bYstCZ6qqi<=SZUGH)|0WO@d=5#AwVdC5O(?CUV1G-s$QptaPRJIqc_$
zJNU`%o;J^*#~OT)816+S0uk#W-h}kTV06zh>tJ@ky-e^$_@~~`V~}?bmX2P#M(o;K
zI|$2yE@pMXx(d+!lr3(Y%xF>5v%|>cRTso4;fuMRB;o1s|0w7f3l)3y+I^Tj4Bh;A
z?mL230b=o+HwTx>BnxGmYu1i_7NfQp2>YUVqb<LF;itf64!jJk*T3i_n%@0gtnOJb
z9R8$A?Px^tQE-Y7Es6)4-`v^Aa2UoeDV&vcz<T^38$M0p@u2KGUjlxBV5Gf3xl;v;
z-uX)PpFZIMnMphaMqV?2s`a*mYvnB#B?F4!i$EDshDrg7FK?KFAEKw_TKRs+eiU5j
z+8fkD1RLqgOIsHeJM1trdQ4>u;q1UTKKKH_YS*I{(G+E*N~F8!QG<-L&zlXP)_^;T
z1}+6&2J8%e6>M|9VwID|%0oo~l}@Sj2Twmb<2!)_mF5!3JR-|$_b!jay%f}}MnnBf
zZ!OKvqTStLg3x7Ci2JymLZ(?$!;@9;BIck_2aH*{vY6UTzX&gO-UHX~UeS@KRINBP
z#KpA~9`n~tQ5R^=U3y^Q4Z)=Xgk-Ce6M_ES7vE<~h4Y`2(}5f`LEO_&31lM|&+Ghr
zU@k{aG*+cNd(6s?FE<p4w(KpFbv_IH1J{&HwpLzDBr;q<+Qz1iN>I@K{ShwsOz%&M
zf53XIDdch5Q7#LQx9xod;4OdLtCpo5DytF=>2eShQ7SP!0cfWwMPtTh<c2$U{O}~>
zoMU;J*{A&7N=r)}#FChpbB5)7m{b(g=u;uPKJ|IS-KYH}j3JwuzrrQU`0{h^clwPR
z2(OSTUIf(zlbjuatm=W%5Rqpp*tMn|co76>isYibv@|D2<1v7x4n0`g3I3t~6cm&&
zs7Y7w5@Gyit-DTWr(47Z#Gr^xk+-(jvfjoq-Y|jp_aKFD#s{29G~$aObEQV7jkB<j
zUlDxb5~H3G^8?W|TAxWucBGg<NQ2J^=NLd-W$akM0DUo($DaX=2>d*9q>A*O8|yp_
zroMmsRt5zoY>Kcj4+usp9m8ft6jJBy9Z>*5hjj3*xtV7#2yN`20k~QWrJCJOxk@L`
zL`At)7wy41j*Wg`(5X|9?Oe$EybtOq!DJVXJYlj`>s#WRni_8lzqP8t&YII<*wReU
ze<l5PMXAg3OD~r+P+KIdQn3YA6Cr+*e@K93n~SZ9m;;e+(2SM_q@UCA7*hJ|lu<N>
z5gend+T+IAQ<9SR{y5rV2>jv0I-i5edw^$eLpK1G<&)E5Uk!|YYxy0yEv#9*44BZ+
zIMMh|QdK=M*AQtOP^@z{z09=1k{*Y8(lzaaX~GY_G@Jph7=HVW>~Th=K{CYAII(f|
zShw+?B>%$&IK^sVMujDtDoRVSOAp2*DKL;zBFMcl-s{&dC2&55iWAI|B^14~DoFvL
z1^@}T9M1L~oQ7aVa_EOecDW};@Y$jJQ?R)VdclbXB<E2GF6@Zh8WzoBZUrD=Z897|
z6(<4AiVbWqTP~hU49`=6G(-o?Hc&LoABbnF1?=q<u(NnGU(WQir%&}`A9fejyd?(7
zZ^3-5^Ij==`9JURd@VH=MG-XKiOnaoDp?EQKLr$FuM{j>FC?qKN^@i^(E5BS;#6$f
zxRHg>OF3#(*i=I}g%eZ>90nf*l@ovz1sCPQCJ$|${h$oMRy0ao)168};1BScc({T`
zXFO#?N0d-#PkDtYF(Wegp9c>e3Il%wd}6S7PxbYXI}abiV54WsXWUCw&zL3Q*c^D|
z<awlQ)Kg4H@t)pfUyYfM#fp9<O9ndk;{`*?kGp<7V7r2VLqkGI+My#9$CNBYkYC?x
zr!uSHo${W1;_X@AgSMcfTBjq;{kLXvlyX4syRB(4F#*`Qsxy&?olT;|t)KoFbb+_q
zv%t8$SW3)`k3_7(H8^=mjDVDTMP20yn93YM#Fo{(+n^)gLYVCb1PGQ;^!Xs-Y`tPp
z@Ujy<6sI$A;i-#BO4bkSIgNu<Xh+^@`T6|{Wt}kb0zPW%|G*-%PcI1xeKC0*cXJ`I
z==Rw{q9klEP-HR(hW{u`hc-lS(IOQc9m@;9Aul}!HiGCgYGFuZbTq;>M*mt6t*{^Y
zgX2F_Cewr(MRRG>k7@FW#llHk?8$U*ZR(b1!77oV^70m|S5MekE}P!(<bshZAhh@_
zut<@7Nasv(aP3_mgMm~Rpa8`N^$93B)A83#OWTDkk0uhP>5H$M)VrTwzkgcRn?nMF
z3gUx+$O~VgAe?y5P77!Zg5wgpE1J9;q=p6i;^X2>**4j+0U0PM4agV9i9u0y<4y~u
zY5tu#hit)okJQ%DAr)?VBrw=8f6!jMroHxPKvVe%dR+JUbJuMqnNv1HBipxsKkvW^
zl?2ujbARf(>+wFp6a-fowRH>d@MgBa4Al1fQZ9%{c;1X0PhOox3_o{t!ANla<iOFC
z*T1QVc#SZRk-WwAO@4w68$Zq8zdOd<J+3&5ijAg6uo}T}k_`_ZkJ}0hj~%aFSw@Ks
zwVyswirL!z39&XND^aErXX7?9_RUd$ERA$04rO$1*Y@kBgi|gE6C=oFTwYX0yPrP3
zA!?JbdOVR3^(2)059~dA&YV7j)ECU3U;EP1gT=%i_AasW4(;7L6QURI66rH+bp95q
zL^HF~fA=8x+PRh*dw6s}ZS9qQE7(xU#&tM%l}W)>P<I@;v;O8Vuxfmcc&9EBL;NsP
z_yz}@Z?$dfR%%}|bmfrIq8rkG@O#ht>{qW^K+$kEr8$OdL-KvbfHPk9l&!2Wd<mpC
zL^ZgQC^TUjsxt(pzVJVj-!8$zB1Z^n7B1w5S8o@*+HQi|ERzbCtHs<!!cTlcg7Mk-
zhj(eS$%g$U4t`4q+QE8=TZ5Gp`DDb1wM>Drn>p^TgiznJOxExW#-c`s;L=CHkc3?c
zLlF6#n#aUv2ipx7EcpCLCJ4YL=jVx_pv~20V8uSS3_eWFf?q0iD2r!knQZNR`aw&Y
zc|CLrCNU#aRK9%pP}I75)u6Xrc2vfEMW`s`f-m={K{XFPn%>Zn0v6WbF}uXK?NEqp
zQS+ih&IhkeZ%p(U?a^Ih@Fqy;2yUnZV=i4X#J)^i{Dif3*Up(l5^4dy2-ytoF@VUu
z4-eZDTecmHA7oCHcem@KWK9`DXvPVt9NiZP%gzfYyLH~%@ae@kGqcit`#OL8VH9P|
zToU&vh~vBrT(?+)#`_raoBB%UXb(>ft5GkJVtg+T8TRE38CvG*QZqCA_3MS*m3V^6
z9XS;irnB~8U$4d7>`_&yKS4xvz6IiRL+jv@P+=tAvnTw{%^NqKaO^KXQnj5kJKPIn
zB>L%+XJX9Y<Ki&((JOtSFS&(C&f$~N<8Id-UAm%bLfIEg$E5T~?Qb1dnA+>e+YFd7
z)42aU>$(p47hkjQ-D6@BBY@d^+m5mtK(B`WP<zN`VmlO!I@|roplEXN7M>S{57$MG
z#bE1)cR;FH5lj|kSF5dzE@D`6A<b&YnKRG^4Z;_re^d(K3Dorf!jKST68Ai^>9)jH
zi1q9VYRFEDhjg6eXt)^&eP*)xPPRdaH!@$^Qvg_SMiQJ#^{b2(`s)ncA+MsLfy_C{
zV2^*!gQ`Y;k5+P6r&IGNC)q?Zcj3a{g&LWDk`*p<tw--YPppU7V7GDOZdX?_1i-+m
z<i@Mi6U>?!lm|NYf4VncUh1q`S#EdO@3hUV>*0v(0RvG}yH4Octho3xw0fZm0g1#<
z)3&J!AjO^0FN?LZD!E>t>*~m+jCYa7_50YPi^y)&1B;nKv!b6-`!Fr-nxcwgo(&}|
zhsu!X5^#!u!_L6ZZ_QkuuWBO-LR*{{m3&<uMg%$?`W(qQY}_chU+z-=dt0E?mfm3s
zbNh_2tE7-1RdD;U#meH0;ah=rgocqi#a0H?$i;W4j&I%MuW;XkvlXT=Jrh$Lzm|V4
zSX^a4y-I(~*q{-;HJ2MP<&mg`AD1p)j-|v!gb+uL<nh0(?cdYi@aT~vh?4z|9V5z)
zA2%+*dLl|sifi`;peg6h39$2sm-jGzNHgD*lAbtv8ZQdU<FR91(^HGyvTW1Xx9g#-
zEl9Ff*VTtz_i_%c{Ofu1;?CB*0T3eSVvO6TySHf^&|^i?i5EudoGrwaLnm6@VWPuO
zxJU1S&hQU|^`FjV9Tn9AW$Q6bGFp4n`(DY?f&~kt@!|JH6l7B!OWwi5zpoxeo(P+^
zZ5@@%5jo`(bpx066@L#sjYmos1CDhfR})F`7s}1H{)`dGwjFKNI-#u}(8k;I)llwS
zxS)y*gbrH#_D@EWUhI%4;p>82vf-W0cL<DnwEs=~q(2p$kH(JmCD{=&?{25MXM+Qh
z9;OzQpD8IWSO}EnCpXGDSe)gX)2=wg56BD-l&|R}O!HrWpHNJ0zqm#6&^G9}u&c;3
z-MSs1&8J}q(%G=oY2kU+58?xYunK0-moHEnSc}&Wra1ouL*dP@wV^X@PUe#_XQk-F
zw+w&>^7X6BJ^ULzei)Xvh|J8AE=`|RW>j(PYkF2rpM!eg2r>lh7P6S>BVI_2Ys8ae
z1UCF48ck%&l#D`sb$iv4C4j@?6qX>4ELHjNp}E}leCW{fKD{d#sm52m4|APoWORRC
z+_V70v9o%XApL&JY8Of)rcq-YB*w`M@%sV%&MV;Mkql`$U?0D%jB;7a5DeM<banOQ
zW138nH`f)sr{iUB&4|BNx$MiS!aNZHbYbp+tD2BSzj9_7O<~+mGTY?faMDp*B$AHw
zIHFurk6P7Niof}<@onKrA#J~ZTi)Ec1oxv;r`~`0;wQB#*<nCNXLYS5=%HAiMv8;z
zMNL4t0h+|L;DgB^tsPe>viY%>r(Ywl(+)D_gYr#<qQR)>^l7o!c1j&v2Zsd_g;dd}
z7kuC@vH*qhwOc<2yZ8qSU0;Jjvz4QC*tzDLOK>p3TaUK<lWi3=TCs3u;^cYkTk#s{
z<Ck-7RnojT>CXW_Sf5Dg1<4S!KuV9aN{2|+lMTqtE_$%?w%fE0WnL0ve@+X71rRb?
zD6w#`nIvhQ3eZd>HxDA@b{*9YUw))SEqfnr2|-5xw$k8gKVR1)R)Tp7P$*4Xrd5fW
zcudTT$%xMZ^-0OE)3!m&+Qmq*O`H+}pndW{<w=wLGp*d(S_(@`F*u@ih)h~n+FIyi
z-xBwI-GM&yWM&nIgzbvCI8=~mQT(%q@A7xbYGKq45IZks&ZH1l-4fYX^%bTDIXOLC
z1)m}~<4u<AMOa{GH@dk6B@-NvYhIn%y*8IE?E$$b7yp{RoCS4$Ij&zn93!z&G#|?H
zXLY4#M<>t|F`|~2l#hPXj~|QX&#&5E?+TH$w_Xjf@T;W`J5beMeskj@{$K`TJ>9#+
zA--9<)P8v58KnJs?8@`CY^p1r%2c4maVMl&v2ZN@8|DLY<k~jjsL(n>`S!PzYUN=|
zukrd`(W$_UBE@MI@1%<*rN1#lNNA)a(=8+1=A%A2DkBmEM=YHD?e4=kl^oMG%y;0F
zd2z+GM!i17-fjFkV9+1|8-2GVMa{*rK&lrRW+?-tH1q3DXLU5|?`A^0#*kGmt=45u
zcv6{c>2UF{K%&Ei9iVa1*VpCii3yS265iQNIJ?jtA|v%}uh+HJWKVIc$hWwsaWZCa
zSyCtrI^xd0eRl!10Ed}qMLtsrRCCs%6sBZTHqJ)F90BX()f!B1uvuuZ3;|q=h#20i
z!D@(iDw^>c+duWCOndsYB!0~t!lBphkJg;J*+=_tVPEPHKL)JRckODWMSQ3^8fR>3
zJ?AILz*~OIYn*!i%c~!EVHGNPp-l3e{=K<*wiq?UqPWLkHqv^O=yjXr%nUBxGdWCr
z6LTK~V4hjks2n>{Vt{H_MaC$e(;XY5GNx~q4&I$qeeABbwszNRaX#^lL|L!nR!x3U
ze>rQ0TE2bvj*T>BtFj(H#&EVNY{IHUu|Zdbp=EXSfhrmlGU}`IUy85Kv300>WKqg>
zU=tfJl2Wo|rRAV4?KP=KB-Q~8I)2Gj(iV?-AKNzmWKI>%=n7siO!NJED`F5nyk&yJ
z>?|m>2I{4c{fx}Bew3FjKRT;;-~)@&Yr?Q#<o(RdPGG5*FEeANa$Q_BbNdn+RE@#)
zq?~;Rzy`N(-O9Lzl8b*v4rvP-Nl%Ou-{*MdTXZ7tY{sdm;PrQ%KqLg${4-Izly98@
zw8m)o4A~llZI||I0v{9So<XZS)fnSq{bVNi9e^V_7pN>}owUnoVRy`>#KgX?8*Oa%
zwWp6AJ~Y|a=2uWV>-E@JNt#oxfA*KTALMebHG?|#-@NH+HMQ)+yLa9W&2uWA22V{e
zy-GCmaCu+aJo&NJM7GyYW<w5%_w(}cg7=Z~s--Jde9(bxO1YvJ-Y{RR>%KR?gPD^u
z%X`ilL(~bTLX*PbEA{nY+Ylg+AjN?kP0}nqRMfo0!^PX|^o%{bDa!ElBS+$}SGpy+
z=1Se7)FdnVsjgwk9(}#6dyeg%zEFCQ*m!l0o80_%n>=Thuz72rZFX~(k-sgOJ^WHq
zcvl;UKM=P89_qn)1jZ8e3n=-R@#9arD*=Ph6#Khp)Xj+~#7}-FlB3MKP-7|9KJ((T
zhOFU+fzrn1*c7Wq_vX`b#ZXuC;>wfkO`sof-t*yIy^MG@ch|Hn+CzrYztdC#?w&n6
zm?f<Qz6TrUs);-ekEic5!YGep;DkP4{Xq0WdYvnl#xGw@aOqZS6&&*>cA6vhNK9Gz
zElknl%$+hvsRm!g)`Gmh^+P2SMvmIKls8VPzPI8J5W~>brx*^=EJ~$&#LSW75fmDF
zEI*&lbgJH^fQmJU{W3B-NG4Qo@%Fu5zkZD)x?{Fq`8*daR2a};=9O6V*(H5bfm8~<
zT?gqwnH9xR20Qum_5ZI2-?H9z;)(v<_%sX^p;e|HloJrI;lef&{o7H~hguvuM83kr
zC-X$|)V{J+i#s=}PMm0(w2>0<+6?zLJ2)c0MHD~qGPQ9whJZdd<HwE!tc2qeO%bT=
zFp~Q<>)`bJAoX8gDhD{%A7)w4QE%@Sh?<xt4PhzUxr$heZ02@UemJ;mZP<bDDjHxc
zO4zp>x6OkGa;mO<I=era_+1vXx<u@5^BI|fuSx4s@tFFgr>8ToVnODcfswC<O$8pS
z`-1Ghx1v(Zt>l|G+o&z~ZO1ER+F&DwZ&ucbwOHh7ujQ0j%`V~t9p$%x4FD<SYsV=n
zW|Bnj#U{(!on;+WR1^R`TOZjVXI)_-K*c+L&H{G<6_C=?A6Cea(o9bsGt6Tx(t4aL
zP%TK8PN?G_tTPxA5!Wmce;zZQ97NS-mh<9nCTVor<I>`_pNx*G_k+%<veCkVR>ka&
zSJHaWHqfXoS-jZJF)xfGFF#}k_bPKiL}cVUf~n)seW?d!481ww54O&=%;r4&03YDZ
zT5a5TgCZk#SH2T?H<R~$>sJ$7;@py$KATPHttfb~2@?#X=&y^O&l}}(&uZ#zP@9#S
z<vs^sZFBm+naD>QUj_lA>tgZMWvZjt*mINCbU!=1%lRvIU*6e>N}fM<&5hHkq@a78
zn|t}%HC7Me5H+hK{qaQZRl9?*@fhm_YAA9Mzn={|R`I57niUr7H6VUL63^KBk(LT-
z9HWhHU(QE7`$%a?-%Doze<GG`9nLjUurQq}J7*Xj8Pu)xs~nISPWjyO8N0t38X47t
z%G9|<C`<^t0?mH#;Ia!h*BtX3G*wbD5p;+EEq7!)F5TFF$;~QyE2lri4{|U*qg`E7
zs0x-Xd#A&A2X!tp;O(<!b)i&?y+eDRbgZS7NM<(qb@L?gIj_zs%0*tgrh|2j+<};T
ztr1nPhn)sJ<Fmj9_@|aC|1wr%0_^aaVu0o1u47XlJ3*ZB2(5(4Qxx*Me$LC_N;6C%
z^lEfETKfd#vIF5aYu6YNm)@>eK7LlQdTPaT8Kf?BJ^ZC3ZbUvK!N$1`0KsqgUTc!O
z{rM#7GNJ~h`KxEl-nEB#e0(}$h+n?}1AG9AT`ie}R*@C6Dq;D@htTr~{vJ!7m!s&+
z!kY{0HBv}a+4j||&-wZa`-`Rxehi-q8cyjMoZ%w7Y&B6BQrEWn6<kMHlO#Q;18cU)
z<K_fwWSqIc+=qlnDZq|t?lzxgpU*hIoI&gkF0GY-2M@Q372&|G<3^8`7&@bk49Fzp
z)ygwO)289<hd#iDJ%7XJPoHkxvE#$gZpprqLp`QkR)4(@X5ql;yAzoo(%&#==%y2u
zTrpZq>)H6!b(_}@gv4dWax{#F{SDcnNjbzWQRN-xz%&aNE!w;#lE(3`@x^eCz|OnQ
zCmlShY6Ogs8*gg0VFTu)tb}{OnBMBTwb_xd%``kQBXsWOjNUnjy*dR2eXbOrQ~dCZ
zK%1Q0USC~Sxuv?ttnkHnL!1f;`2;N|)qg>0ghJW1hSY}kA2*&cij50|Izuf8vW4w1
zr<=Z+0<C1m*<_s?k0mUbH|y$pa)?0_LPN{xBwMa4lMRQbg*(7PJkh{RhT$YdEEo;(
zv-<t}xtAiK@;MC98Rq}Ma_?1pmN)5&Szj>|+62XSpFi`J@K^Je@7%neaw8X~C~#a=
z$)KF7t!YHuzS>$vQRD)$-(O;0fEM%8Y5_4os?S2;D0aZ@j9&#pZ8)vFNVgZ^v(fX*
z0h@j@G8f<~%}V!l9#e75gOvgrgN;HI*%%L`kUaWiO?4U6X<_M3;`j{~PAy%120u*B
z{4zRM;Iw#qPgGZ@7$BnJ7<0kP{XDT6)dfu25ryo`QCH`hikVFwl%98|ygW3gs`%9_
z!Y3o7+dxM}liFb`Nzg)LcS6&;JzpXj%$ljX#^4FVhUu-C#6X%2-*mF=O?fK&uH5b-
zij=5#>306eJp4yoT!g*w+ZE)$mACYkkbtwE9C^Gi=p5aZ__e9SV+-IHcAekcG6FJS
zZeCv2hn_B47LF}llhjY@t{|!LI==D<0W~3`t1$S^dq3|&1g`MF3{=R!PuQ881GF;F
z*{2+GET-t7vc&3DtNvz<7Vd90ty_WzO}1MMGEVlw>I-9_!2<@23H;S?kCv7J6_Bui
z=_kEcRATXyl9Cd13D|d7b;s6yuNH|;bb;S$@tlbb7k;h0LC&73?hf_=7&DCdyzkB*
z`zxeGUO$#fS5=z>c3EX|mO3M~VB|xK&W;EAsKZfP#?%^Tjk<I!ylcV%3ukbLM~@!^
z2FQFeSi1E3pwL1@agaY=?N|X<(b3_Tk{LV@jHKAF#i3+U07=XT)A54W7Ek*Q9_$7f
zH^3KTwfi{iFpTXlai12sTTnn(kzsFvJzLz+)O7ghQDA!P6lWwqy6W{PWC~N>S{hKO
zp=YPq2YT(M0Lg3?AE>tOD4<kywBV|UA<4#d>qdqTSv!AY)+j^GSv@s-%6WX?(=8{%
z;p`U^vo_w;Lfz#aJJ^s2xMA4`k%4NoUz%2;gSAQATK1lg#tVDev{ot@aE^c{Z5VhC
za=JMo?X7mr4u*8`OHXhVgSL+cn3rkuJ(0#DKot61iLX;NWP`{q%w(N2zv?sH0KEoL
z$4mY+Ryxf61x9r3`4VV@M$9scmN*-*#(7>8b<Hcj4!4a$Bf(e9Gpv`nKplXR$(dp#
z%{q2Fpl<@A?3z53LHwm3_nir%tX*YhhJl`;fx%izb&HAVn|dq74uc|o=h36_!-uay
z5hYMa(Y>Oag%tm$8rcGWu}EnX0uVaNW4^vPE(}63hpZZTWt{6wEnyu8S~F7WE4gQ?
zaDP9&fB)hFx3HNh48IyH0%5x=koW?dzasEH<_hI%9`3l7n%csnF|OSNWtOnHea8+4
zoXt&5!q!!nwBwSxestEtZ;zY_pB(Ir$~S#W)j^Cz=~2SMEUV8XUB8}}n>%UZ#1^JH
z)X!@Z`m*Lw*h1V~Hz)%YMm3Wz9BXWU)3Id0vRPH=GiTej>##6cTaF&HU#=A;h28q~
zKRCi4o#zbmN9%?W&O5Yj#>T3Mq6ku{SWIvDSC#X0e^w>s0XoV?X0fC%uu5VD01!TE
z*i+!(?UiZe9aY>ckV5oEgVyrg_@C#9(SyNdSr+%0MV!nxEIv2V`GMC&4z?Xt+1MhG
zPgW(Oz$nYk7A!e_hHdM`TN*UUCL5HLU#J*5<nl7m!UP@wgm>aO{W76oYi*J8$8VA>
zQTU@9QYF7^z{57Shygsr3|gRbY)Ia)0Zzo2*uYYfFJ|q(NT%?qN67&H{Mo~7;eG(>
zT1(4L2#nLAD^DJ{Fhu(B0XDkRIILd%8g3|ue+~ZXr4n+bJGR5Sri=w$4ls)5O7RpS
zG$7wZbe5c$h=IU7bi77iL~ZZ>@LJGjJ&kWo+^Ic-h8vX$oyJeKLorvck`tx$fVch_
zaIo^F{R+)=PL*}*Mm{IG%;k~ABw8TT?&(AuS_g(x^ABb+TqSvS?a|{`Yb*ZJ^EE^H
z4A_HLk+?YVl*+LE;NtL|pMI403>)yTq)m@NKLa5J(-ErP=q^X53AU0((epjjUch*<
zuI)}at>8u4zDW7#AzL~@)|Gt_!@X{7rZsr-1h?i62>n=cI1JCMbix{ez{M{VDBniW
z`@8qPfvOVA6o12;>?ci2yKt*L<3C)0G-!|9V@9{mokee|yZ&>yZycxpVY&8VGc#B2
z5SLUC4HUZRG8EE_Ps)Vo!`PO}t@ajsNG7`6Yg#@&qJBWyxY@9elfGYybO5mB>>w9B
zvC0o+CA^^7V)S{ejDn8~pi13i{voAPmnZxGm3_tDg9tuj21U&eX!S@LCaI~RY#!CI
zt}ym8r<KJ79=G6y8p46m)Z9%(pp2ZmXc1(>i)^0=XZ`253hm@*U@%s8`EM1#AaOCV
z<6EQq1JRPa)Td5Gc?TZ`Ayu$fCtbfD|9;mCh+YT7Vy0Ojr}pa82U-gZN=E<y!RjeC
zi8*S#=~YC+@1UQ&d-uPXIuEd(`}X~Rr4o`dLWnXl8%9!Sh$3Xmh-6cW7Sd8AT2|#I
zWh5gh8X8nW$cSjDB$Og4Qrf@Q$9+G?|L-_{&v8G`?^fUM=ktDF<GjxEyl|kW45?F#
zgSy06qda!{GNf84d}upe&m9dUr~re#N4)Il*uaEm<E<6FMbj1kd)dibC#~Y}u3ujU
z7^qYHn47?SW!R%DUW<fHb$&NqJ}BQ!TL*xgS6uuIbE`ozuq(erQ!uY$X_=wtu_VD?
z58qXq0`?>b(6pd48FpNfaX+~ZSf-6IKxcmN#=1_jI{yim-tzbzE53sVBddc5A-7_h
zGS0S^Fm0rueLd%m59r^&cF(lx=GA(7BDcQ9NGe!DWjv|Z>5Gf6^0c44d|Ar3!i9?`
z^D;047dcWN5*rBb?U3mfuh#139@gc*FB-j*`5ookkL4|RMIwAlNogTj4)5n16eREF
za+w#V;CIN}X_ge#&f#4Xi)zHOE%-sH+uvS8RLE|Fsx0<O=Esf?))w~saw_P!KoRgN
z$4i?zZ=8Ly<OdZG&n9WTabz{9q*%`@_EbShV7`d>$8UQikmvN=wVtzXj`j+?qcCQ@
zCtmRbC&T1~(*$XT!jam2_}~K6@2D8ffx?4=8W>W*_Z3Fs3sNSq{xLXs3RiS=BdTC8
za^Tve-J2NCAFnz3&=QI<4pn$ZVb*(Ys@<cK5)3Hjzitz&{YCgY+yy%(MtM;eNrnj!
zf-Ap%eX8AU=w@n6#(4ACn2jqABO0b(tFn7RAlhne{k(iPBR9mjdOou^ZQh(fm|>#q
z*3p)joUBk(+Sho<ndkhf3P`-Yv0`MK#hm06peuS0a!(tOs9D}BjG37$RJnHgGv{BO
zvinYuzAZdUl2Od9Tkoh&cqp@$g9(*D29OfJ&o_&CK6M17RrmtDJa14PGzgSCexIAa
z))4bx1C7X^fpVj3SANz@%D{NrGJ_`$UI0n-r@$~Q|7hSYVWPDMrAV0VBQ4Q!QLc_4
z_sRL*18ye8$;63vV2U(CJ8!JwxUyN~$>!UzKSuPEhR9;8HA&$+p8udcSrCIp<gakz
z6Y4-cCA}|SvBKm^chnLbaM=9p+eE*%+~964r*{oMi}X#=Gmw?bn7nf4_)5b|)I_?S
z@BFJT4a)|GBZrM`kWj!@gfqb8k>BDi3xkxg*T?S{zR<`6NjLI;UB&Oy50U~#Ov%(7
zIdXH|$A?S``Fg<%`|T%xQ5^`jm|SzHnrZu+m}PB-@6JQ7Ec`deh-7;*J%b{}%2Dc3
z5=dD$zzAxNvr}voPt85$y2o7p#FJ^fYfyc~02IC}ZEa%+W5czR8El}08?J4B7IO+G
z7}HvV{4*>Hii)O8o{ZjO$<?J@2P^R1{=4J9;AZphQKSRPF6s5X%U>F_P@BPp)YfjM
zj2E~YYqg;g0R+K~9pbf+<V_NAaEPZp8-BkskE_I6ziU%E0|^RwrFZY%D~*P0!m@y;
z&%UasProwFVkj?^c{{t(Xz*tBUN&-(2;Pi-@X!57L27BEJ7r40fUIv-RW9wVpf#nH
zeU$|3*s5HW>Rq7v2Ms(PEE`U}fS3|G%~X~tsEmk~Qi9t=i9FPcw1_^(^Lul5(Vs>C
z2_e6r&k|ISd-nW+3(M#R0FBkG;~zD^$!4_9A3hoW@P4yDrBO>gC_T&I5ekE;Z(GAO
zS|o6oAcsC5^9j+EB4EN8={b>2)PKqS<zoo7ovsA*JQx#1H(^K^5h0M4OH0!Ljg=t4
zpJIpI=|{2Rc%;CKNBP*TMq_NqP0P_cw`hx%<bxe@R|N-C0z094W?q>nr|rKR7$$Xk
z-dfn4Bu7sF+Jy^o2qEAL(jWGf@eBRqpOo2xiP`@xr4W#btH4#JZ*Iyrml)zXWHOtV
za7m#B)<`IP^JWrp8Ft9g*ynjbyQ<JKXid3#1yl<pfe1D_P5;jq;ZGH$vZj_6s8V6r
zpGbKzVpR;70$<a=d=_;ej5SIg$Q%6T)~=b1)o#VcdQ8o<%-DRJ`;xLFU$uMpqfC9V
zql}%DU1p1dhvEjohgy(iQ4EF#{rUyN>0<ay3&P?}Vf(`CP_dj7e0TS8OwU~9CC+3@
za#*w(xKYz`NHf<B`s4j~nKN$=9wP%l%Fq(loO<Puv~iqYM}?@hrGIpaqqL9VJHD16
z%|hUVsRSo8c8w>Ek@4R?*U7=*VcvnDvs9OK{_tFvvM|ZZi%cprNNeGR>0&vV>55as
zk3vs}H4P`1P$8uRP=sGZ*>=!0;V4j~8eAdKT)r&Xq6WLBgD}%Ie;r~GxAtE{+Lu6$
zFW<d)+BuR?-lFcD9|E>k+JufTvrJ5mE{N=&AI3s2O7Mf(j8+)H9n9u!gq%D%JgJ$|
zkICl!a%%t2r7h4Pg+1;u%>I?UC<>rY*|x!t9fVns^Sq(5F;AtGDAcLayXTh@Ur;3B
z5I~u2kpvr)=;ZZHARYqgFk_e-!R*9~{U(Al2F_I!@m}93cZ6lo3l{hroR?Z#SjqJ8
zL-J@Uzt@C2z7V6uXAov6M|oCpzx<eyP(6>6H__KGqa9dvZ+{a7IZ4L}Kvgw(_44Hn
zz+oiGp<W3#r8T@G9@djjl}#L1ASoU)TLkxj8o@)czooAloPuHzeDUFf2T<^g#_1pN
zvJS!~%Y{CJXd>f%0y6<nlPABW^h}i-+s26EM(gT!@cQ@?${oFi=r~$&7C4S;R1;yp
z@m8qGl9CFc6n_>AxKZxPRp;a0X@%I$eU?|vTHw(gnCC$ETt+^m<v}u$WWZbZh_~1x
zc8vBh#0_N6G*`CkDSyLZsdkD%U~q6&-d9Wku<hu*609(SRepDh!7Vqokzg%+_H`$!
z^;_vizsga$Uw-4^kIG6~xz+7U+ONbrTCz5=U(p7-gRYVze}>B%NK0Nkf8GP%0IeNC
z!NDrGTrmX#`1i^_as0SpMKl#OYk2OLqus)%^iC@bHo@DzAtY=MpBeTUH>j+c()}HA
zob6}5d<gk^Lmy|exNZ;U$yMh7H;(wdmruhGf-r@m`}{)g5SJ8J@DV=)JBcR5p}2s`
zau#<9X#W5U5Mv+U1%QD_TFWB@nv9>;pK(O_Fm83iJR_qnN+>qMuU-{kCDPu8$+OyP
z#B>p@?m&)?P@6YG4PUe0Q(UZ!4*y?jinQbgxC_|k3@2nWazM8UN<}DPpQbZ^56Yzt
z8F~1dVFV%IfDRR?X(S-t47dtM0Llj+vQM-;O9k1#moYZ5KQpZ6=6z+&l<(Sme-01o
z`=M@6^|u*{0fP1O<FlXX-?0v)&Eegf&A1vFX*5)}x#2s4(s^aglwDSu^fOFkdn6wu
zMydvn{bNS43nBduh<ODip}=0*u_JclDYQzHCWV|i195NB9ajJ$VhbE04$Yb8&<a=#
z&hc^UXy>N%icUjzMOE6~;nto8GNgPnlkhF<QRG0Ft3XOX_F&X8|58&2Js*=oDM4X4
z4O|{ASTCP~>CW5{<ST50lS?`<B6L9qlv&VeaOv#C>7sq-s5QA{nrCPkp&uji7MO0d
z94tXS=yvG3HHrek>>uwqUL2Q=q-3AhNz9T8$)BQVq>2hb%p^J(u>dW=PB!3C_c%H^
z(aX#Sby~mro!C&!1R4ZOY6t{RsDWT&@YTkwS&z_>u-i*j<-`-1JNL^W??Jo89QD$|
zQA=6r7r`8dKfk{h36rvqc*-RULs*Ig>_Gq8C<5_kZJfa7EON+~=Vw&bbZ{g270~aP
z&su4o!6-ioc^Jo2a6l<*<~Boulx?5<{@qzyMtaA7^&te#nd4*I1R0Z!cX}gF#F{)W
z=u9G}3T0Ze@DA)>W+$wF<PTC4f%VoDE6RDeY0DPq!pIi7Db>UJf-;KmfZ3Q}l{|1t
zO^OZvLqU}MIGT{Td<+@1_1mi|ZNHM(!WNvZU#=dJNdc$3dDDhD7oY6zT^Gg+{PW}7
zTO!en$L7xeK*D1Na455kd2sh2N^EAmh)4qhN-=fiJ^IZC7N;irPVnNygRVyOogmVa
zrofEdCPf4*m@}eGn|#K;;7#g+5_aCm+wd>=ZIF>r$noC#M(Yxgsi`f4FTQfSIdK>X
zI?hm4MU&|rFSA=PECt|zWp}2H8&}N;i*lc%WpLi2_caU?z!h<}9kV7Zvn=k;5(QBe
zIasQDcOj72Fd#2^O6Y_a!wW80I?Tq#=2&ANkxw%8UBW-@o{!;ihjBOX>Sk^sg&<Lx
z<3v*kn*gr|tDjRvdi_5~mt>OfK=9gl%&?PyXjm7dd<<&U!5sjX`#4C1H5iRJQ)A%I
zzlk)R?tlCDpamk)R^93scHIstx4z~UQXa7i5yA;#iYzv@jFUg}95%o0(aGuRBq0#_
zzU>o*<>5bPe5Vhsy{Wsw>D-3IsGbUwDm!AG!gkFcQJR^qa`3&gk$$I$LJ5hh`mzrW
zjOr%8bli@0u`8-2#_rhEcVM!a{37vjhowdx-6XeY^pX1E^=o@S{`GOjnRV^5mhN5)
zUo;*Za>r?c-EQv(XNyN8h%{~a$-VaX^@U-9VFdeo35)zA3m6a7y>`C|=@MHda)wc4
zE*yyEQDzyA`+I-54(<av$8^~;2WI%t>9Bg~Wp9`kc<R(-$~wMAFCYA&B};QVrOSVg
zzFPt!<g$OiSpdO}-@;2t*fE%mZ0i`33cf`vS3a>&C)=}qyJZ3(EJ=ei#J|R{le1Is
z_$ygB)ukoDrHPL3cIb-ISFNA<nL@g!7Q$4F_dsyvNwOr?Q2BYNPGZYTIcZtWkt>d)
zYt{_%n~er91p9SLl5kIj!-P|)VBo$C+1bkNPbE_S)2o(f%{zn(#kmwVWTkZ(-#MqB
ze$BhF^oK+77@%lxy9!`PIYZo<e^yHXUDf57l-=RWP%5L<#Bafj>&mC0gITg<B9`am
z)I>F1`f)}w7QI!?I_#>q&Zwmug^cDgUy^lzoBa3E@^4Pj>|Ys-TMFEB^ync*46Rxz
zuQ-?)5)$o1J!eJ`h_wJ~r`uNsGK&iz_Hj77j>5w&_#|oMARdtfCPsH<K1Yk4ICCb2
zOGGHI$Qw+)ih003xB6ZLRc<sv6^5`?;!QIy1|zbqlN1uJ$=h}MN|gl9Ely1r#FO*U
zOG;e%*x~tgrvS!IoH#?7Ktt5jW-kh>ei#3Z^vDM%`X$E1Xd(W`0RnA%k#jpx4^{{9
ziHSd&w7T4(R^!y*q^$^>u6s`s!Z&CyGYt%|CEugC+L@vDN*V=*M%Y$6hfftX%RV-j
zNPqeA2c8?81}P=wV{B|>H%qchi=&mA7LAL`3dn~hCf$o7mUHjngx)1llUl4MZ>v_k
z$+Vv{(eiW2<$0ueKWxqkFwC9#z{G89D=SLyKkbu5NBN4vGIaLBA|JNuj^C04d7e(0
zReUrqbP1%Rg2sOQEx;~_BN;oN$#8oi+F>14l~LQNCjv<LgY;YUxwXF~`pe3y1H1Da
znf?I`IdG!izklDlL&kjuRu`QBddL+D3`XE+z`YjdeThUKWibt>SP{z!YH|4F=j%&F
z`g&$vCof=~b!KM9k-1A2FD`J+rsVuYYm0=6K|*DiTRVJ-2Rq*l^Fp3QGCLa*f<GHP
z9r8ju%WWWf)c-jlDq*HwhHpACjW;7~SsF5*XFm_0lGs>{88c7|ZDYa!kjlZ1sa6-w
zBY$2A4<DK^kQ68qohAEKFCR~hCM#wAf_7#STuF4^d^-S$-o{>S%Ye!NA(E4u;r1!&
zx)$F{r)lN%FXAdJS>jnT9QFXnvffZYdP0i^^L|!4BelT{4tJqP(v4#{nIJ(4w{A6W
zdcw;@seF%`gu0w%kgZY(fFF<wSFO@!Nj<hKb0Yvh>n<vZny;+A`+iji5;<%u80<(0
zDn<A9OuE>sSD8r)+b6h2Qc7?t2*N{#gbDN)Q+xf$g2F<)dXRC?29D^`1+Hn@d|}P_
zi2hX3Qs-%i@j!rbJ(mHw!TAriTJ$+l{SBlRAA4Ux*8O*>gCNYoSStJcB`+_-J$vp@
z=rbSVF8=U;6zIef_{FeEIK0qVl!pz&;0JABrM>pJWj#cayYtVnS5bONKb~>zLYAlr
zV(1Gjlj58bEcq1Bn1ni&EW`=d+45qLepW%Eb?LnlD(lS54Pfse71r|AI6iO!rOq=C
z^pe#aa_hnc13vV;kq8xz96oIEP}aa~PLA`RKYt+AZDeXdKj>s<SA=&DKCMOv8Lx47
z5nf|lej1Dcr<h-RSV!~|P=w(<oF-5X;S*?R)Ir{hIjbU)Qc4Z~YnCLkVOWPcQA0(=
zd-g@>@>cIt>05-5bin`mORQiJ@<{v5rpjuC;PCD&RAjT+tIW*cNFRB=fd2R_X^#$`
zryFZYOF~R%O`Er8m$Z$4t%8c^`a%73S=s@5K@uO_cVsUgnphIR2cwTim^MID#cj3#
zYXK&r1miiwdli{q?bLtkP^a<~7$o}MJYkD;lH4@-uKV_B7aa^I((-^Q2b;kVJO0#N
z{F3?2j*SV;)E5*%IAIETCMpu7)$Uo$$&-D23^{R#%!I-P<mhy^&U7$bW`%%vWGk^f
zVjos89VYQ`F>n^OVs#}id(oUhGFfHs$C)w<;FJNL(tS>65vtx$Ep2TO_qzB+qJ6rL
z&6~cFDtP}C{c`q0`M~KNT=$vA#!Pm;(N+?S43(iT3p=(r%Lim`1as^0gT{Y`)W$)G
z5@rH1;-?Ii0h(E}H)rl#FvJa0$Jn`p<{gckcls7sSLe>2w3RYf<z)LzQ~Xg?)dVbz
zlbwfYpRmb0mUEF|sBmn7l&C&Awqjyptedgu+*!}vB6NK_=?&Fi8{-R3DN6>_*1gBH
zfRZyDi$+n78>{l@?O50GVnz(;IgJB_0)pBl7_=CWu%(L<y2Rl;rK+a(vSI0t9b**(
zjHHA*iC*b1UYeVpE>dD0f|*ku6BH0*J*pDa1vD-6bi1_HynN8JISy_u7!3^+p$L#N
zGptAdkPr994x#-eSD|=NG+6@>>%NvX!S)C^>+0&rdz2K6$^=4d(Qz6$+RGnhwfoNa
zV^Sm=gby5R>VmE=zPi*a@bF>dGvn9uS11(D{__titje;o_14xs5??h3vc5YpBj34d
z<j9d|+EDAFn=eeT9@wEE7CyzZ_*4Mpl85ZR_SU5E&H@_js&8hthY>1Dq>avb^u4H`
z`B=c}yzDu~#_n^@Sh3jC%IGZh=pY#t*k1{h%9&)Ez>_DLhAtR>|8h^4nE)K;&aJhu
z7+Q35AT<mNY@X(?@6MaYRD?W(LGoai=i+)DxILr^+QOiqe?mfPZ3bxb8N#<9D>R2E
z%!%dtGX@G_5jUyP$7c?FwD6hV%xQIEiu<lkoP!zA%rayMyq4%lgU%%*Mvkngth}@N
zxdOx~A>W^N1afI)lMRzRK_>ce==kvv-W@Rh#)Yp0VYpk5PB}XIHBZ$DlQX5zM=i<m
z;8Tc79KZ^>77)sr#q(2Et}LYP;wb}+uFN_ATlJYnCO(0L`0vUu!vpAopnEZ*6cD(I
z7oj`IZ^<9)Ni%<$B|t!v6N1%VGM2zJ#d~f9b&DW*0Q~ena^$1YOi}%+z?7dR{J4;i
z0(yzR=|Pk}ka!0-kntg5hyI-Ruo7GHqT@`e0mm8{9#L5C(|WAf(B9@;@sfEgT`L8L
zQXH;0960YohaAtp0BZpRWK;LKSzY%Stq^tx2~%~zbqXU8^JnK2G_A}G3;=1_o&Gsy
zrd2SrW*DucHP~hh<A|1f(V2eOJ62S`Ip&3W8WH*dz%x{-s4nY6*Yn7x<(E4gY8uYs
z!guc!lnh6n7$E(KA;z=ziO}lX<7Rvn^7_2f#|b&xw?EytpV=_u3(Aq|Rq+^d+d4YZ
z<O_*}bwFA@r%8(S>D}9otU`jXur!xC|M8<Gjp>+E&DDhy0UF;Ygs^~R{rdBGTySlv
z|JW*bMl!tAQ`gBAUe@*#cev=H&KW!^7A)aXcFcGXQh-yZz-iuMJivTFVz7b@tXIK<
zP)Z4Z)kPO)leGpbu>$PHnl`lJi7T_eGF737D!bKAYtM3Any3;?RRM7TR6I|`?xW;Q
z;YlYxQKU4$OnEW}hD7Gt)L9h0G<}2s1TS8)NFmwm%xL`OK(TPA|Cj=)aS%qxiGZ4b
z3*$zN5EMV83W^Ep94njT<x7_`-&}!kX8#p)ie+b{4iu1sWFR6A9xy;ybtjClDz`?t
zBi_Kcl$!N!YHG|dax(mw&-V!9K3ouXg}^JYhuMSnkq%~m$pMMlKwsZyG|12rUj#fQ
zIj~L-K4lU^4$4TPFNRhWGp=zGdNu;-hd+DfEnd8vSu!OMkx|$7gZq&qPa$n-uaXCj
zNW`0sE|{X0c`@!ntt4if7rBTPC}})5T|=|ZZ)e`cIu1_PgKqdRG9~<6Q6Z#%Bevo3
z-?WPY(E-pSU<!<bDf-Gn@7K<?%oy5xG%z$Kh~Y0Q@IQ$C%*jC#h}mKPbPjKHFOHu=
z%gk5DRyv+u{_x?$h@2xLHc_>F`@C`I(|U9MHZ(0w&E;Hl&4LD)D%lK5m{b_fn#J){
z4$pDzl=1}v2mf7Suu1;-wW+v_@(#AZK0WI#*Kq&b*UhyDh#_68e|Vn`6YZpBfHXgr
z1|6`J3}}_j8^L0PR>zq`PE*4tfkjI5DJX1v8fA}Q#zNdW=<S_bRnHTq+GF^LtAYCM
z1G602!#7kk$54Oil5tKWPCTJ~FE~cQpxRL`lrZ=9W7}#%*)+veR9i?jh#s9voEV%Q
z*>f|@T{vab7Pz~()qR|`cI|s|BPd$aD|yjfsm}G`2qL*1?YGQUt-=|=P&wk#C5r5g
zn>JA~!Poott?23mmwf2jz)@)Q!aG+*@Cgo~1N!(;IWVuV;RR)?oB`og@LVunTFfGc
zegr7{J|$ltaFY4?N?sTbJ~(goqxx!%c<Dgj{u%~M*>V=eZL+aRvnrgRZ}iFmyOOB1
z*H!h*e7K<8j5Q0D+Fo-lITsuuSp(h^k&pPtD$ev5Y;t;sr7L^M7(=G}_g7HBOUTH!
z?!dW*Utbs|nWFY&u@O=^*C~yJLLf%a3|(Da*F*_-QHD$Y+9Srp-={de<TmnW#fnDS
zJ6ddtOvH6xm!4j0fZIK8W#A2p(|7OMrPRx(wfohZ7S2_yX#k(xvE#a)fn||SL0c>r
zl~>+v__Z04I-#RRjEF~LhFqFb&u&znj`KC03{Tf8Dn-I8S!Kh50u~jLNBEjfwzd{6
zfz)dQ2Mid$=8n3$dM%MdZ0|&dOVpbM4d-~&?8if>+SG9~B*ctP6NfTTGRI3hHXKUo
zl=yBRD!WiY>+q*mfA;K0K%cmxOq_VaEps37XdtWLq4m)dz~2ruy&)QEOOG@gD4mtS
ze4b~+=%?AzNP+Qekz?`6s*8dt%fyNFTdI|M`_!O-Q|T@k-;yzQ@b3i}uY2f$w0vy}
zY`#+C#9A6F>RO{M&U;NA#_!2d6BLA_N1G?@o;82IHCPjW()K@QG=kEUrsy6M4Jd*j
zhA>72i`qVY>h;n?KuV+)r}cO4%1np?QOS$-nqJnw>0sH8m|>wl!>!#{mKqjc{f|a9
zEWnPBi%YOB0;kCQ^;EynPhqkUl4(5n3sg3gQMg%csNK>h7Mu`^C324AkN1MTvFoHx
z?&&1=eu60*J;$lJ<;xBdqy=w+$=gpd>vwuu-&H7$<m7hQ+xM{_>h9;iFLKJwYp>VA
z^I*U7tHQPKmzZ}~tT%y>MD-#}-~W}I5+EZZRoHG&D@$LE5{r(JDz*cP8846%3<NU$
zY#M`{;Uh-S22uL1-}Vcv_vV_U1G29n8g5QR60PJ#(33N04H-Rt>{xhfkEjT+OBy7v
zToVr<K@|(P+Uff{q2Fh+zH3kCYJa-NEgLrqrYyWy*vze4#Y7ngichJ*UVsrAIsZ&v
z+chviv^f(6y^ij0)!_9<9jcBA{IjAW6HwiwM{y(oJ~|Y?k-|n8wo4CC#=J;HWeOs0
ztMERT(StF`5@s+A5fSz}IJmU_(P+>em1juZ%p@=-!F8&Xuuy{%0=UWgA9*=B+Wg_i
zjJXIlTetq%gfr;+I~_RCAeiC8zzb$S)8w&ZyDKflrD}tRU+nqZs%OJ+dNf<cjDoi~
z5P1iG_;E;sIg{@aj~_dxK|jf(uck{`EVDv#$2YDPd4?VW`7#Fpq;`{x>$l3+u?dg&
z1>DsM{uta=u;_>F#fyrc*LT@PO+EwL3Lpa#A#)bYscjDj{)#|Z@w>K`(=BYaiLub<
z@KU#;MIj=gnnf69raQ&1rnn*W@unfWZod58r|3h<{x-RMwW1fxk3w|9Ujb&<`j$ga
zBAt9)rM)xpJP_t7v}rh9wtl<Gcsh<3=-Q;mgJ5!qPYWey3xEwE-j>x?;AEVq=TDxL
zSr-UPH4vmwOv@T@r@@-ITmYW>Qk0AvE)I;*$Rsofu-YN%GHcpeXrNYOLpcg~BIMz&
zOQSQ*M#6rGhn|2T;{Gp4$G29(0&1F)na#>hupkOB5b`fedW)odEh38=1PRe!03lZK
z^X?lXFEh}vDA~AS!!LfU>d9D)SA&C1=gs?^^AsiyL|`^7){-mve4HdWz8qa_X)Gm1
z^*I7xo*fwcPOiu7*@y6~lkslhF2st_EWzF*PodBNT><|#5VQtI3aRP6aNnO|nuNR~
zAd58!KJjdgdkcr;>(}iNxuy%7%Itdg_smE?G<bnvYvst8S+;j?<|%`2yPr7GTQQ)c
z?o*c?{gK(<vHK#^z`{~RES~rzWNgrKx;_N{yjekcewpd7z$~W-Y2%ZLiy=ky`gIEG
zl96B&e+P~LTb73o6$NCm3D0Npaevjpd6uXvf?XawkNC4mH=%0qa)$8qQ8sR8?Rx&a
z<f-+iy)A`+3GJ9?OClk52^~4G%kAj5585I?|5|FxW>TLt^mv7s0RiT@vuAM$_Z&Z?
zo`!znko)t$BvcvhjFucr;ZBxJh}`F9>M-Vy>KeD2bqS%@f-)?G{7I;Xj;ExAXzX&^
zz>yvAHMA<f?U)>2hgzP(H7{@Zxi>g;>QWU|r|5E<Xjv%vsedS&&%Jp`lT4?F`KD(^
zOhUriSW5{5ytaH3Z`cL~1+h<0+A9#-i-QJLv5xv%`0H?ldC#2V+Jp*z2+#-Or^L88
z_DVn;-rrpBlQ>^A)J*7E$P${1jpxt*PNPk;>ignLG$U7HJ6>J5S&56S=b(p<XTRZi
z6_u>!(^v2QomiukK5Z1!G?l_A-Sw~DQZPAtCPo=b6~WbJ(v@KWmvbHqRO1&wAB!%J
z7NE^CTL6)$`LsX5@xB~_hP}<f9vbZ}zWu4%$9a~BAvDf#eW+QvnojAq9!+9Gf~K8E
zF5y$ji!I;J$6*e~`9Oi6Iqg8au#cgl%J$v_%q9r(QCq-q)P@hIgnBsb{-&CzCrs+H
zU9EC;qDWJyX-eC*z9@bkd2OAeY!?ug*;4CQ_p#t2fK8d%t*B8m2c*003**z^utSwG
zig>6>6*r6RcN!&)^}e3*lpx0a`0h~IHvR3@4=J{7Np6LX*H%4pvk8e>CzY@_^K+?=
zWS6#aPUYU9i$GyibV6m8(lK>w&d~Ro9ydAyBDz5ep^Ba<#U#Hr;nX_J^cw5yadxOF
zbJUOA-}-0KoH<WkzwR}#_V}q&4^M2zYmraCar0)@eiY^8V5s%DS-y*&E>6`$zzzl|
zC`_=~h5cuE_oT78RIqXeT(ru~ryF8gqOD~tGtYu9aSKQ0kl}926D>O#RFX8LB|kAO
zpDAoe7>DMXcFE>IOELHB)b9l{MVF_BZR+7$SGvV;bFcdr>aNfhycW)#+wIq5){kM?
z0r~!P&#7P>JH}#FJGmTZH5!T8Qm7$sC)|(ns0v<jxd+RZy=1>R^;lC8JuRtEns37V
z9~ML{!74&lP-3@u+t%psykOaS%~LD=QFVNiWzmBNUXz{5+h5Z$Yjn5B4$FJ{RwICF
zSJ=iZb=l>M<H?lW_Y~$aYK411C1n#<*wB9N>(W~DJMG13RysvDIFhn``&!$X#5^Ck
zIpFRFb;c_znMFjE79{AtJ=k_SW>#u!{$ccNXia1dXkIIKMumsXoj)HxOr|*fHLXIp
zG|Vr#4~^HKKYIr81(IjgL1*7iIWFp@rviw4j3wDZXAc&E%!u(@j81$~a<a15xoLY}
zKc8R~Upl_?z+WKk#gweemW>!Q=H2G?i>>DNOi+AFe5S|YKTWZ1WfDxECQO$#CA}6>
zF|rrcZr3aSe=7C|O;#V7_xn1(OwJ(6dCZ^Y=Dhs;b$4t#3A8U}+6Y22-_518Mb7fg
zmy)fmpHh8Wi&NfmqWwGZCrwZJ&EE@eXW^H-V1dkaN80fMhYw%()ip1+^%vd+azx5H
z%CiLc4J5c-1I(PwYlg}&bSGcYLKQu0deELQ)#!1<>p3PS6W#twaP>iQ_Il|Jjd@fY
z`l5XQ<PfY@-PnxC+a~tV<yX|rc(o+7n__0$?;mfn6PA=5$=H15mg2TwLb8=cWP;;!
z`iW~8uV8@oq+uy*AUIS2*x0CX&>A5z#8ut#UwCz?m<JpfGh*xN)kp9C)7<>k$K8#Y
zFJ@-!LT%v@0-*ppEW!BduN$93<SMum<RGdTE<s3!1@!>7mC%}hj<FJnci+9@UT>;w
zJW|Q<#={poeWm%)ms)@Hhf}09j_sR#J5ns2QH>g4AHI?}GkdnM7wh?f5e1r(6fIIp
zP$i*{64_{Itab)a>foFZa<FLsi*Ju9{{TfohOE}v{?D(KdFgjPmzAB5h&X8NCy)eq
z#u~aAM-LySoWf-`p>!R&cz5*aU#E6CI82A2K-GegL~M~3#nWu5*anFy!Tu|P57@<7
z@9QG$sO0wt1_lyR)}KhZ(>3b0mc48jr1w-Qgk9@~+zl=swY4{|^w_DLc!tJ1iMb=6
zh#?`A?2~&_P3xCN9{3Tp^PZI()%msOa(Pqcwcp*~j{6Ri{TEqT-ZzUvocHc!y9QiA
zS0o$YnT(YPS5(9lYUQnZIDcRP0G&#ATXo5q-`R2=&bYaUYf5&pTEEU3U!5Ck?>5t2
z(nm755qgAgDVF_whv?2=%1)I-+#}H*@$or5Vbk0#Y4TkJEG2#ljdm{bt)fA`M~)as
z@oD^9CKRI}-`~+b{Z~F$Xu|1f*su}pm^}2Es;qoqCG46idRbCU!AN;v0?ZAi09^or
zx>zaA&-)2-_w0Et?KINh!b3u)<rvY>RLDhDX*yfrl+bNp)SvA1JGg0cTGp{Dfp^67
z)pUx0I9O@F?~H>X%fBw)xY3q9xn}B`)ATA(4zTBlUY)oAtLm1MnQL@U`(&GBoiNEr
z8dB6KGkeu4mUI^~qsJXo-^jz^jpv$=#rlJwok%D>XjTe`BM7+Z;#JZy*7D(|FOEyt
z(19m@LUPY<fA36>d$*H+-D-;v93)5B7NxHLSv9!xP%nxblw+U>xW)OFJgw*==3!xF
zg>UIcT!uiv&eLORXzZd+8e9^&X|rd+ja6QO^yq(k&^EYST(v)awrnY{s5owX2_%gD
z%?3HKB28p4?CEQOkO?gW^TJ)XUukqfRzaclyRp%&zLIIiQmPjmf12VndWxnWG1?H&
zX~mthKae3G%`BsyL>FFCP!JLtdUsQ{yjKpGDgUn|wagFuLf2Ea6XJH}4M38(S@nTJ
z|Ne*j1|B=ca!sD!HY=-fW5x*LT`8g6E%ZWHM^gvpL0HGSkdOV&8)nLdOPAu-XG-RI
znhEYsh`gZ_zj*nwgE<c$j_E{FSKo}CbITYSzv?hQb0ot8fMCOhR!qkVM#eDfP?~uN
zk~pvyHvt0_a5Mpnc35_%;fAf<CYTqp22}Mz_k8nafRE3syu8^RPLFmQ1^Z`eXPV#Z
zGw8ymBAqC#mb!`?w0t`29C+r6`XKGYo|yf@Bb%5%pdI!RUKWmaQS-e*@7hyMTc5iL
zX8bL67gzCOQ*>IY0<wu770r6{Tp}X1`|j@-?UuhbAuTGXu2ifO=L)Vw&!WG#(N^8I
zB89p3jWtQVSTkSu2b}ol_VFKU2x_cj5vVf^Ed{Y{#{r}@wR`s4NChkd4N5pL*vGIL
ze{+WOl?xpmHBG+)1&&GRwiN%6J9qww_6CdE5P?oVl3g6nm>Q&!4_eURPQM0m0DD=f
z9gCmNA0X+evF-J6-dSEw4!pcG>?tRPGOme_cK~DFaT=Tj421y5ZD$P&^CjlU$M-f+
z?z8T*|BU@w2`U2qALiEnq}k08P@M@h8Hs-CMVRhOO=+u7&l|>WzomHt3k6ywxPd#x
zaAw=s_RnSj9p4U}HMtKT9*kGA(pD~-wJT<mi19q^5IzMS7SEpPy^DKY(K7VK3c;=!
z^LPLea3+X0gsOt%lLbz)gUypQf0c4+_Bf2zGAvs3Lmk>!!T>q%e_KkLQc7kLuhq<8
z_!7{+H~fa<9oIeB-@!}Fpb`MzS~I5zJ&2l4qKk@S!*(oYAd3jn)Tsq4_8rL<TFC*S
zdkc539G~z`-oSX~%un?5j7WHvR;B7q_5K+d=}*ix$Q(pY7>9<+vC%i)W-`&k@0E$Q
zN7g42Z;aee03D$GEJ?lfrCZU%uzm*Ab;-hA33X5+F>9Qr$kwjv_r3dCAXO|kiib<U
zT#~GZ24bA<*Dm2(^lIK+Ouqd>y~85udiX^Pp#GI>*D3}*{1)n3sDpA^Yf!YxOfeo0
zIz(%khEwOhuBr_m)_J@W#3_m_GzGB9K)3oWl_t7Dt9kMC>HT|$!WWJrqEcp|c}CbL
zY4A8R(=)>&)wNBbEm7J*?bW+?`@X!OLLRK45v%Dup>qbK3^EbL>=&bQ=3nW{1E7J8
z6h32@^!+PxR!`ek|G2PlK+z1vdd;-z!GKt-gL~dI)!ms@LaC{=RkxoDLC{=AQ8W@<
z19}04$zZgM3pFSOXiW*=L=<WQpe&Z<z}jR<G2%V1g#-dhCw=`+$BZAyU)-$TA4UMv
zmc7V1Vd94?XO-Df{IJ+GZPzEsgrf14Bd9#KA!dbpN|UV_$@5{w^Q@64Qr0xViG(s|
zv0=k)w*S#jIH@fbiKA1`Sxvaa%EcsSk*I-(TcD|ejtk`H+tqN%Xfi69nN7%fC7aam
zrbQ<Ao+gSy143ZsF-!CnotpblzH%}2RynzhPaTb?yJed|LE`|>e=xF#WN&bVBg8n9
z4=}vf9E_o1rWX~p@LyY3?>o{N9Kx!3Y~^$c!hZ+#XJHAo;l3OdiLno2X_6g=VDHK!
z61Y}CPJCZeCnqP5*0-H<<_D(8Y!x=Km)Qc_(Su=2$jtPBzf}D)#?4wBN*W@t<e0ZE
z&XUm^3bd!R1z=YIIUj#~AUVvYN(#NZUyD>PkydnHdl06a&NhHrjrJeIYoTO80O#Le
z<uj{t25n+f%5P#33NHjGfI^UZa7&{Y?Xp(J-A8YzxP$}|?saA+=WpP%PqYp|`9)AK
zVLAYW!O1N>_!O6VfG}d?OFY4}r%pw>^HbGUv`@@GBjvedhMGAWo+v1Iya!~&;lX$4
zD<1=k)p<9wd#z7sXsCxr2C@v5c_GX<m$KGy^k|>ZTk-Lmc3%EkQ^W2DL?HQ#rbEP`
zY~=uaH>G)rynLDV<erL++Qk08v~FrEZ#~G#iOEusuvYKyORoe6_$NmOcbQGou}x%M
zO$CCV`RArJfo<pH=6<@z3@Be<l~A2%4SMnZy|6*8=#^i7S?6>$+kaPWwUKaip=kD;
z^dR-eyMltp7V4Ok@_mUA_}+0M7{5_2$r*s16}+B57`Gy;-YdKoGC4<?!AqfCXHbMi
z0tyj^{*MD9Gw~S3KEfIw4t&@F4(=sLXdlQdV}^^HnH_G5noBN%#u6+sC3>>)76!@8
z8XMp4EQnE3QP~0`8#XeN8<@Q@4@8x#{}XlUE?T~PGiBC>4Y}oAJ&H5)wi`%6)e<a2
zSKgNN&SZBP4Beq#K>uWZIRnntS-TZ7^5a)6g;Odgr@=jC=nFgr7O-g5Dt=FHs<Was
z5LqiA3ZMX(ix0DResxpmcu#-8W)v<fSFK8J!`0zBeGS6LUT5Y$k06sz<EIfZiS_(U
zj=9_i-(8|)(ZBnN>U&cNQob<d8;r3lipma!3%OO4+1Lh4ork<cOAgZk?l%;iQ0r~m
z;2YlMRh^w`ms}i3t$>UT)iL*+rBJ|R%+_{p*pQi^e)IS|cnsgahn_wyl+{3h=y2Aj
zT&umbJ7+YLh{2)Cy?nr1zgZ!ty$r0&MCidGWjIuVPyLodV?;SF|7mW*AUJ_mFf*j2
z|HkmLDY0jdW5)C5%sGv;*5EPLFITU29oT3x@&vF1UkDMQW6HDQ;x$O=R(uz>LgnV#
z;jv=%GC3s$$P*D}b5j%JC?`9Y9*i=W7vdR%X9WikPRnhbc#rp);7`Mce}<$)s|gr?
z)W?S<P;#2n2fDA7`S0Nk!72(S1uesiXU||BTE6sk8b4;t{YN;5Y^3!5JGFf7ctvF$
zV^$XwldLgOSGT2hC-ej5Qu9Bok#zC{PvZs<lGdvf+*5|ygJ*-?X-F;N;^Hv+5aEmg
zte!N<o(^GpZ$(i_r(d@_F`dl0iT@DuVo6Vr9yjO1yJ<Wy3G}bPWd*yM5y(g8LWy>s
z;lyqZ{-nE71iCd2;S2A~^ZmZD`#w(!Da4RyLH)ZCrUifS?(*YU<3aaVbESYyq?FHA
zSWjks;=R_Cmq*;Vfv9FP)S0mKP9Hkm`O%F};qE$W)F={F6B(WS-MaJW+=vNT(mdx4
zo(|9!WeuQjf_mfDQ|=^fjc))?LU@g+0>Hbst#e-xNznKV7Y0kVuWwex>&4(oCTxLX
z>fqmv)6KHtN=j~qsX|kglf(>P*nK#O<1A=V32B@p`os?=#iClV{{*1kFwZ#n2)a!X
zl9en!(-O@vL`sP^)l1ex4>3~J!6rTa8wE6_u#ukve$@=V1m!BVBkW?;9anDN6c%JI
zUD{{eCvj`~;xy+*Y;=4w?RR1<1wDf6Auy|oi-kLu7UlRa1+l5_lQ(@XV}m^k6GYSg
z8zwiah<T`^mr~ri6$%mGP3k<qhjJAF5MsL>qwa#0y?g``xuVoXm|06NT)YTZjB0T=
zdJ7;y-l9NtIy?15wgRO+qZWcT6$Qe-`}tct<<d(C>f29QJ=r(OMesiY*{Hdt1&Dzl
z$XWp0&suL)!24vk4GZ!%6Iv+iruiv|-v6hR4`0pjl2VJH$0!4}C4e40OD<N-Z8qeP
zG*Mp1=--+(RF<?u%dm&M$>|6>c@m!HDeEUh8O<rpe0Y8iyak$9Ea_q)i;Ow-ZrGxp
z_Iz&!{v1=9i?jVc0+zEqM%XQeU5o3=@iN|mYZtUJ)St*=sRsA-n;=U4&-Fm>3;qTD
z`t=*;b$LPPK1?vYazLUP7#)-yqpFJ0`u!vGPfsZ4QgW~f!B|3wNr#y5Q#d<Trh?!J
zV8_IsFU4~@GMHM(jh_N%8Q_Tw(bn3kHSeK#s-=Ymjji6rR~TtebsJAoKwPZ}M``CZ
zI957-vw<gkXfGMY@7+5!;G=~5l>gM0l|qfdJ?*Yk&vX`rv8=*`jmFR*;F=^R1|Tew
zm6Dbmrl}b;`yzI#Fz)JoicfhGd33Ry;7o!Aa7HvVHS=D-{%48}jtjkHywA|Z(B27y
zJ}i(>1RR2zO*`nJr^O~S(=mL^P&OxlW%6J-v5U>kA+y<6za(0T{Tr>MheAyHT5<U%
zX!V^tf-Nrv7>)xV{z{jwUpI-&{q^e?Nsgg_hu$c_Y%41gl%b%Gevp;*tD>vaVX`Q{
zfrgSDoNQphED`_mr%W#@9^%@M6yX~gKrq-G_%)qfdx}Gb&=9|ho_;pNBBuQa<pXQQ
z&z`LY;=#%W5(_*L@Q1aA-9$F&?a>%jTq*n?7vKh`x1}gbh;n45`C!8b{4dx*RKtqN
z1zw@kgeUwPkO(0(|D{(3rQk9lu5=P6)}lp9BSx?eiEcp7z^n%Q@OxWcDgwk@yY}?V
z7UhKi9dMiY^W9WqNhlRDp_-s;C9yeO#k~D;I0`SUkFcHL{yuVisxQSCH8M10j~1hB
z<~C1qa%77vz4eCHj<aN|?(TfWO*?itvjbb-h|e3IR<+e%dFuvrkOVzQL<LZ!K)jNd
z&p~r)fX~Rm$vS8Tp+~gUSM>&Gu1UGIIf3&Em{t%ywetg*-_YucFgd`Xjt>TMjDDzk
zyZd|hzuH^eOvYj>k0Iwq)uYqb-}j>ZPa&~gyGB+M_#2pZleZ4|$%~|EU*`&2J=U$G
z2Io)be4;e`3Fb@I=#k3GUL913d23Ivz<@!8oCIHVaQ@r350|SS4-8D-y@L2i%_=bO
zr0fdIIw?cl1v}xj(J4_QsH+ENSU^u8hfnzNvr{L^7aHTo(3*q`WBK5)Ac4Udsby>^
zJtXX7++V5uwXsy8E2mhcq+F4s)LHcF?*d%)zz=oohaFDWB9NKC&t0`<&Aj2g$RbpD
zye8l%<lTp4DL#S3{xzH6z!j`q>s=bm_C!c2L#FSWgh2y2h8_}wTZq{(UOQl@RouD+
z1jb8+YyC58h?_4!4s}VvF8C;rJb{?^5|?3U)&KehqB^LQYrXp48pOilSWwUcV`Duj
zxXE@Mqr(JIFNoHeSAx?oN%qsD9$ta)VCbP~X-}Sfb79s|svOBZHBX_44MekX>eMXd
zV?-^S^62`^x)Z#GEp3>MjUPXMp?<?aYHDI5BhvC)>?7iwbMEm-a)d-t^AYuHGzpaQ
zuI104|2GSN))pp`mHJnGt^T3^z=7-7sK=f^sPmyNQB2ft+!$|Ai5LnVqEH#^W=uFA
zslsGU&FH8o8Vr1$|4{Pp9kMTs<nAH>-US6*6kgW2b@x(Hq3X=K_=+(*t*#Z=8?TP%
z1Y?riAT{azJt!)>NFsEPAYkR~i@2!7T*xed9?v`rx^0wFVlG$e+VY$d4A~<ucA9^G
zQFPh6DE}V9fmGM4E>6lVDq3x7dNX@6xB>K5zAKG{DXW{IdlBEEwv>Xo6JPf9-|qIB
zMjELhdO!4gy?i=WJ0D~_7;laWfy@E~i-{+VTP^FqEUviZgWe$*bp@*|b?XRK>5CH!
zoJ(Q1Jt>s4&3{h2D(}94wK~EF3O~xg1vMiu4lYgPF(^pewrugfk)2Eu(>KcZ<{U!3
zL|T>EZffqxFQ$HkTpXW0Fg*b~6kC21Hxh#aoZxy~ak#Co*6Ew{UskrgoL$-=3Tauo
zTJ#32aoE@ri>~xE8n+!g8tqTIaL*2-u`${r;PGl|2&LfpJStu!9~TQ+NR3Sh!g%Gx
zJtiARp;FfE0ZjmpX7aMq%<N855^uRj+}qn8=^6X~ZXk76wX6xAIr4;@0aXT#pOjL?
zqp4BCKxzI-i9t*`J8sQmYzvVD(1~<Ul3;FH#Q;0g?0&;?dJX7rG`d`H$E4$^stZAX
zaswFM@)*LVI|mWaX=C5LdwScf(}(|RFOfOV4Vaj#$%h2WVpKsOlQXdTk%Ima6BGQ7
ze(wo!5i|oqL3wD4wbn&YM+3RgOi{5=ZUba&6<m-GNqa24HXXJ*Qrh0VPpIa9`1Wn}
zvSph#Zj7UCVa!R7`K+LT*>nqS1nKk3`YWQ=UeEse0*ERva4;dd{-Vj0Iu9<x^CH&L
z?LpLO*szi^fY$(&{-tJkueO1Hvr|~)3vUJ9L_<x<H}wBm9nG^%n58pgpjd$^mfu-l
zMh}Mw>IE94L98nR^FYTg?8`u{MTtatp>Nbh62Xj+z(leJmE17`3!vEd-911NPMkUg
zDS&(S6|CUhS?jG^DL4L=%dKiu{{Dp{*zlv2&P~u)2`=f3%}TDqIJ5zafDJ;Cm3qY1
zVlMfxp+R-jC>&k15PAU({N2h&fH@%3L%NUp=D)kyMM_?DYWQ~UsV>lv*@T!MUhka9
zTw=}lii$`35TsWFOp~hw_kGmSEukA2wek*K+gqQs<h1m|=bSS@kG>Y2Dp&jO;+~}J
zcux3uHb_BZVD~pY4ls-7`G@8cNlF9=!o9MWAOs?;{Pl9ZE8Gk1N$Ly#bt4dV*mB<Z
zdGC_!w!kAY+C<_rQ9cGjNp^oHy;fMp*U~Wl^gK#CI8p@s??a-mUq2HX`kaq-5d!O7
z)KoBJ_<jIG=FwXi!85u<S~+p@WZ@CRn&M%x9fnbC&x_yfl7rGIg}aE0Gt}P(mI7ac
zu45HSC!znC?)>PNRHv;y|1Fu^JJhtb|H-gGW@f*XxtcL0D^@%6M$+5dK6hc^C_ZGL
zZV~9h@7-IA^H5tRP{dHD?<a{Z)CpJ5oFXMLB#@Al#Gsuiksv{s8}WMUq;rM^{Yvia
zV)O4k5Ud?Nk!~_R2!mGz1sSBHrmAWxFeaURaH76gj$-wXZh9-wes1u5Du}`&hZqov
zk1UA19Xg8C4a}3*u64|~6$Gp06PM0v#ZQFWd@if(o_KFHjrGt=Pgnylk1%2NNn_Ha
z2d?t{`l-lDJ?p~bi+5?F;TOW>O3fwI{d4EiZbrE@aT$p=V*!DDd^CD;B*9wX*~F=p
zzJ7iDpMS`FP)gpk<KkA|A25*`!_BP&F5Y(*Xu5cC!w5HCvZv=^XdM*^Y39NOOIO!>
zl#aj*Ma2#@<h63^Vwg_yhqVC1EA_;;5l!L1$Hd3GG*q7^k@edS{zme$*B<Ph*~Tut
zrDNVcc`_Px6cLEv@ugE|cb4|)bu3-Inw(wCm16ov7J@Xa;3qg3S*W8TFA9c>Ljbf|
zCu7x<U4jWi=4y`#c>6M8T9LjE%nR!_FlQd;_?O9rE>L9EvN!xr3<$EG7V2^jsd!Xf
zZR#|6-HGLla|;YkGQa<x_&BO`FeSkHp2KCOXy>i$eh^jwwv@a;)M9NqA(#ny-bvIv
z9RefPIxLZZAFUb581@XUB~O3!=mD~_F>J7`7|jSy(zA{QCG>cR;6O1cjvA~!be8hW
z7{wCzg$qAe$Md48R#c7|GaEueSCzHR3|*g(AuAhQp;I-kh~<XRfD0y_(A%x7qTnl<
z9uN=jL7(1CX>kZ-70J1<f@jJUn7FWL9=R3F7_O`=*3#+BE-XpeXJ=I9O$~!*;Kb{4
z^74G8*-{Qm*Up+H^i%~e`2bn2=ux+JjP7!gwHH@?M)1U+wVufS8M-R#!tLKqCkyOG
zg;99GZETK$h;F1$t=9bK55oxciPnENmA-u?PA3c|U5xQk+uX?9*vL#r#{q)ON}06)
zEvL_@Ac_-Mt_hLaPwz6!h|TjcRF?ONiD53mj`3~l6kB#mC=Dk;GR^%vLPv#9#RNCl
zZ2-IFN)dH&sLa=_fuU4f0UPKTBq{1^NaVjv=4gi^#=~e8O%a84tlBH|($3m79-jr*
z34#Xci0VJrRp){#izdjf)?l=F;xH6KMMfT&;qZ0oIh7}3TP!SOhYS&tw6!&DIP;mj
z(0A~fH@`gR!nQvy@(Xsx^4Mz+s(t9fYY-m^Rze8JmXETCoC;N%Yf8k5j`nv5AKjaa
zdfb%injt%sPyS7CeM+zNmSG>pTm5$PTF6~Mos+P7n89Jap-c#_xZo~_GS&BPC_^wM
zFX+2qlpcCygstmlOr8u-e$qPEs`LblQ9!a@w8~4iHQqSFqbzE9MyLQvDOjOSt4u62
z+ZV;?aCiCKoj1iqor|D#apuqozZ;Z@B5}e5o=rSE9^mkjnW}1PXz+f(l16ug0o35>
z`@mB<IjHgoPThw8@d&?nuU%LI8!&{4G-d=jz`%P~>z<w`)3c{ADn)h_x_~XM<*6cv
zA&~F3*w~m3m8IS)d?gyI3VFOVE6Zr^T+)*jblZ}!2x&cM>T!?t@0B^Ld#0`ZS8EJH
zO8Kr{g}#^x4DX$+#JgsGD1^dD3p6}v7C7xz^*Rlm9j}oqT$*SyD0>pd-*S0r%2rVg
zOY!C(4-dBib@8_g{bSiW0Zw;<lAeE^48r;4T``h7cTTbK<zV+2+ktC9ion*`og~$x
zhl8CRxE<wm9fA(3Ib3HM>THFj4SY*9veNGSAq>a>*L?(MMTLc-SamT6{xY97dzwr0
zQedd}@6UZX)hG!d%%*arMqr}Vo0k!^DS}bHfXq_fl;TQfsx0o_^^tVv_bo`|($d_B
z+Tb{RA+(OzAhuWv6$!0zTwHaNRHw=je56P7HAvG`OuN?IfDJRzC;~;*n7$?f7zh;v
z1qTM^<mba#wBhG)oG>6bp_EuhO+~FAGyUzNozSiPdt5-M5%f2F34a0Wzph=&+V^(K
z8HkTX018&5aDUxXVQYZHgF;3{O#{lKBx2g};e+k(ugi?rIJ@JYPl1nLK=S&`LsU56
zNAF8Z!xHCPTwJfC%^qaG`4hgT5URk?_bxsKa}r(kjT_%NkzhSs_;|S1=iW#o)?AT3
zQRuNDno_dHj`qhEciucJ%)O}9tg_kKacxUyaf_jg*+o`<WfojsmJif?i@SA;O(?1W
zlUy;99lnNeMj?=H9coG{0|g{fXwDBcIInJU>$&;G3m49YhVJTMsPK2Y^3%tUV@e!u
zQ@GC?$!`y7i4^Gt6DNAK&}Fgk9?Ore0a;5%^?{U0AwSHE7)WisUbM*c7T(2BB-ul4
zSKgsWp(O4lTnhpMU5oP_hqW0&FKX_A^^nF8Iba#;h-P!3rWH>+WbzJq(=lB{SQhTt
z%8lS}aBDd#@a`#PdfVeXcTZMcUUBN~;f>|+unJzZe19CS?+N#h{Z*@hET5sAJ!0KN
zwMpT;UUy=yIl+dp9v=BMMH1nHuSU#|Lm|$0fk(&^I8Aibj_U;0flW))m!cl*%_Yad
z;G$j>G<$5*qu6nZ+wGe6g%z(9th5M1o(4AnOSav;yO;gK@O2(d(e7P1{Df7{8}o)$
znt?>fC3sD4&{g=B_Pw9$YN{o6aUGE8j)xmaY<YDx+m*Ey6vaeaXbUbczDhKt9>IQZ
z8Wg&OPb-L6Ms_dc3@AEJ1O**hcDSXtf?or$2Op37L*q;laLc^F#=QV+oihdw9PnL^
zEmz4&hc!g=m@Cza{ALqJ1V1N1*_rOcMMAhk@k#XH^CKYOH5p(N3{Zz;kB+^o_Us%J
zoTMnB6HniNn)>5ut3AE1zbwnqzASvp=V#)+pM_MekGi*aIrB_y#E6G!BRRihME-E#
z>j8Qbt{3+hgw7*;@m2mZv@5Xam1LRy`%|G<qu6Zg^f}sn3S&#u+Y*EEH?!?EXppb$
zJCGzw{3`oqt~cLjNWXrKL<WRz2`9G689-o9!D<Ax6K0S=!P@U04XEGHr`sm_Zcc~}
zWZiFd<XEe;vD%^jBVx^Jp6-1X6BlPsJ*N9fq9Y5G3c>+Wi!u&JopY!0Oa}Phe#ZNp
zdsSRqU0(j1IFG)^p&_=Q4dT%euoZj~ap=&2(|`*=x=e)Rw7(vn?jDDYhcjCRxPSF*
z*x>mWx=KkM_VwM^&Kj<mx5vrM(WtO~XzANv9|U7)aR2^$V8rp%E9wAH*B{kkux@EY
z9KyhRYJfrT@#EK6{j($8{VkY)$=tc%NbL1WqGHCte$K*UQRXR3f_HH%2vN^M#hk}W
zdX|0ts=%!6!-t&0tX@)HA3l7by5{RC;U^1-@bu(pfC}C+8dqvV`iIuT1L~b)_UTkA
zTR9G(tQ|Pm<>VT8>X5BsQnnLX0AmO4FL?EC5xj1Cc&e$m*x1t)o(vFpkAL`Vg78wJ
z=b!J?62xl`@9c5w>_BYt3k#FxKY@OP^BEPE|26P6R-u=#yAs}G>eQrvTWpFc%s1dg
zcH7=}3dAQmwE6!`dXk?00k_UU?Z)B@%*_7K?tm;(1qzLVK@V;MRo}n7bIJx-OpFK~
zKYvbsxeNux=+hd}2Wf`!eK|4x`u07Tq%CsyNPqaSoJ+wTg?S@!5G%;f&u3m{Y<%V7
z_#spyutzYQx3v7obV8W!Zht$56w2$qJ-&k}wXhnGAv=W-a1xp={<C$zLHJk>Cqdzk
zFso%m2}gq53E~qa!Do!QsS?w(+0fE^W)b%Rv3*)+No#3DfXd1rsgOuJ5RRy=YMT0k
zI-EX!T-eU4t)oM$26YDT6_Dlki&IPB6aiMy&{JfU#79JinCxM)3iXoy3MmQfm?%sT
zXfA|#)3#I#J$Hvg`YR~97{Q_n#3NJLOBHAfssu|^^|QELXaA>;);sqm4<rLBAm5t?
z7W@C$qT3V%)Mx~nf!g+04j!D<^7Ak2Al6z2BMxv0GGv@u7(z>?(V&*l`<-L!FH!JA
zzrd}Ja>?}c1opNbpQ?F>M$y1PdD^u71a)DCzhD9Hv1aS8aQsddjyj3EoucpHRyJtm
z5?1M-g2$~?PFE)+t-ZUiZ~y+r=NH0clIY)c3qyEpv49wx;bkT#E!jcvxO;ax^;BbH
z2f>-3mta-68>rmX)IhSWD{x4tyn+HhN!zt`&$wL@9D=JCU#`ZJ2S88huVjmx!yjt?
zK?$jt#`DY&v2)+~_GEK*#@)FS;-IQJmY~lYp0EMe48+XK5tM+UypAwQ=}6Txf_KL>
znBXwOwUsSSFSM_onm2NoS4_mA*b?8OA1@z>H=0YB7#eOQBpvV<lamssSoquWix2Lu
zvS(U5eK=Q<(#nNBMv<D0J2&7a1*izNhcGpXD?w~y7K0pqH-wr$3Np4`Io{jgQt3${
z{$C?Vn)Pf>GQT;$5Io^bV4xu5VA%Sq%AUPlPzo7=Hk9*P@wuG@&0I$3z%AjaKnFNI
z4>X0iOa|cTvjFC~?DCPOrY|WMIpmZEBx?SF@`&1j&IF0V&gpMGjMlEb2Q1ENrkOK6
ze`}qZJ4<T)i3?0$<+3y~YoDuGJRD?J1f4F3V26giXI8EvgDx0JK89Zxd_2P9PX1iG
za)k}*?L>68@(3Flm5<>+*wblUCt<i0dV<l$s#V)9E${D@n<WzUM``<pm9Yo?ZeG86
z(+$*S`}Q$K58}JS&nu`|rGN2NK@b$ZCXg*EBQ{6J{Js)XWq@k#TMwtO<{<icn#>9P
zrLEKkjRcd-`owfpPS`nlHaL(0)>yZT;^tVCP#?T92}(yX`t0e`RdHKikz?V_h!2!z
zETw6^s_`4BxyGrv!o2CPJb4GBG^k*pIzx9!tP!?FzksJJYao!Nggl!w<uH0IVCI5?
znCWbNbD$`M^vJXZ=(lFln^*JS0F?oD;Bs8v{sqX0tN=sQa<wbv1^*k*a3ppkfB)Dz
z%d@)?Y?1duRHBV~F>S&5h1?4moH5-G`VEkDc?D~L>4p<cGTBN$>i}uVo<vG~5*!Sl
zg=p|k>tOkN$5y%+Addw8<K^??%1IeDHSLr-R8NG8W@)qQUG4q<_Ms0X4K*@W%@?`P
z@JQS-xz5nasu~kr=*S?joDH<KAHRNO3xP^{AcZXO2Y<_NHvMGZUcIog)5Kny)j&J$
zYl@IOvEwOq-|y{Q2_Po$JtnTi1?DRhF_gO`<-FWnEQnD1);3*JLtDoDJWJp$0M|mG
zeXpLJg6$$PgKxssWgiT35ZE?h;htZEU>~l*3Pf4il59*IL-gLq-Y{IvV_<!_9WBi?
zmUjtNMtyHS7x9|=jyoD0F+7&&;qE~TVkRZt_chs!P6Im*L5skbRPY1--482+v#)>f
zjfutT5BP_m;l}2IhylU{1CD(PkPNJDjXgDYL@ysIS!By<uiv~Ogjew3A&}6Q-oql?
z<HrNqFCJVkg3yT*IPm@B8uK)t3IrX|42Ghqsnft_80J#M=y&05^q(lLtul73NsbaX
z-VJL<VU7&c3b;XzVPwU-(3jXC^uk*ox5fi=(kKG=SvpU-gZm3cMsQyU!!?Z)^PsNd
z|4F+H$_aA<o+FewBx$b-3fOOxgLM$gHh3Lr$egLC&qk&mc+U<83^JOi-@CLAac&%t
zZ`d$hx^?7mcph=0^Ib<RH?!9lj~I3Lu)D-q)#&S2QVvMuC*;MeI_CB5n}6WQ0g0uu
z$CM9S>dW?-Wf&plrD!ZAYy2}cq@&`AnxDI#=ttwhFs-DCcAF>Yy(rfC(%!U%tHq^7
zC2?tRpPW~(Sf!E@ck#~<!KZ=7lL1L`yu5-Rgn^$lom>e<!BmcGz(0b59!-f9fa)#=
zX;UWUNZ093loi*PopjhjJ%lF=I&@^;jD(J`7Ymmxp^q%0_swxa-cKHhhD=6^9fuMB
zm@(Hl9AU$%r*QiqA}w07q_c>h0R6g`kJmH*+m7Ggkysfo?baFuco1?&#?fpXM4C%6
zF*z?@EO-}d%=YQ%4yR`BBu$8JN9*mBv4kRQ>Sqc`uTUU`kp*j6n{H$CMf0$~zov#p
z66UTqA9e2`q3(2WsMLY*jPn;SW)>9e!Bv9VtIy<N3v@F-)zPw;jZ0u2M}dUt27M8O
z41|NPWp2ErW@p%luYgC#X2)4adNM4XJ9Wa9V07ywh8|uER@AXW15pKpFh-JDSk79f
z2}Lt36p*i3B}KhvVu}Rr2+TQa)(F~07+^S<6n`L6!<UFd<ABM=?=N!torgR#KkvF}
z!v@b@F_?4g^sKG5&5)FWSU7t2dm%zB8uf-lcWJP3&#r!94=t@BkU#^Z6j(9iB9B`s
zOl#fqw-f}J8?h9K7(~6H`swTp7wubv>0oUF=I+KJ=VOr#41mT7@<a9}YK}F2b9JV4
zLv~LwQTVG${5}`JuLG>&_t3_n0CvOQwa?568X8Qz*z|q}@d_L+1o136diD&KYI2{8
zU%Nb>G?fwzn)9PFTYA<HX~li_j(;S`6X2038CU8ksi_TNwfoqy>_+z`1Re7B{`K}v
zwN6^=PZKso2neH9K~9MS$REps(NQwJ2Xk;i?aI?pO3R@(z^GMrzyPwwE~+Jh`HaJZ
z70znO);~x4OAZ>bZR)0{m!xl}{*MdLC*!EPmR3m72khA{M89Q#-B>7Be}bq6&g5us
zZ>$rj*h@iJvvbU}%YbqDBNY6E74+bTb<cU7yR-(C-luouEr`;E$&PO>3~DmL@$`Mc
zA6#j%I*F*J?xw8NH!vN%rFNa`-TSXz?ZVIJwf}{Flr!{w<Ja9Aw0E2%6XMtYl^wR7
zkNWwYavbN<ea;eo`Z424>gsy({OEq7oY$|FUCoh5_Z_>u-o<y}knJ`$!H!Y}3=|27
zWp#U$kM-}<N5Fb?Tl|h3K`17;&)hDY{@xhd?rsMmM8RXNQ01MF-oYgWvuQQ)ZarLM
zO8b7b;i7*|>4wPSQBitP(V3ep0g;pOo_RTFuwcNNvaD!26<2O9tb%%r5)bz&uBw-Y
z*f0v`hVB1;P;r=d=6ZhDKrsX<s66WS?8m;y>66!?_uB^e>Kfja@XXNC(IG(o!zLUR
zm6nzk6P*hknLVVFRt_7bp|R-e!PU;QD1Aifxw+U!q6+T0k~Drev#fSc>K}(H`(!Zw
zFmI{f12oUDs+?s*AMq32mi1E?l%J9jGRrNZzQC(^@Sy&sD_)(#_E~x#oKTXo2Ewp=
z1>{s{l@JhM3Mu=REj=22)xQ!5)iGnfM(jDSFI^FxlRkkrOj5pg5Rxyw&*S>eo-6oA
zBHfiAcAdkn{Gs?_MEK`v=Og+<Wd%JCfYm2sM&8Fxk4f(P#YyH|(0M!xA5mFmX3l))
zVSI_DMp$={bOmX4^|Eht8pg(td97?lXbcKWOVd3y_xo;h1wTo<eElANvuz4*jhH^&
zg;s-xXUNuHc{C|BK!U*`Ec>>ETwoG`jy163sTHeH078+|{;aJ9(KnKZ`H89>f*&nV
z)D-1|l2bxb3`ziRxDeRsHt+05Z$Rtt#oXZHE7i5BcUVhsuV`BbwG)^HG4!>}C2zxr
zFD+x6r}pa8ZA8V<`xd${UBu4?{WuX2@Dg&!S(L7NM?!~=*o$nRj{<?4-Q<kU#(xh_
zW-~Z@C?=d9q@W;d=L1*ZVcA|Ei|?AyL_K<RIXqnNjXV}ppBr1kJ<!JrK3E8{Y4A9e
zYyv;-XxPdgD`qrqHM@9jMBmao$I$!=gm0o0i=>=Yz^JRiDZDdX?0j>=yV$L`GLRlI
zKPN|>@L^NPng0wxO!&lX5`2$w)5AncU{GY&#3OHhEsuwg9)VH>So~8R213xTy4qv|
zjS;@E@?S%>#2B}vWcv8=el0s8y;0~xG55>*MDn?tnhHYTd1?D&RoWhOh6k#zXP*yY
zO0>(?mg=TY+D__tm^dIN%$9u&|ABPPBTxE)#-A5gf)gFw8}90xH}!nXVw;H6$sSCT
z5M7uImF0fI6bAetHm0VgLPy71o#n-Tvrl|BmiQFhI!t!j>_y9t!dwAE=L>>=-M9hk
z=JIf7xog>455v~Kx8UATh|q0<4h4p|HI?_vc^f%Y@t^^q0v>s{kmi%go088xSQlt8
zXV2F^3%WZQ0Ym`h!4;ziCvuq|%4q2d|L(AMkm}7*8es>9r&MP2{LuI$BZF}Ll9vX4
zKw1slx8e&U4^CvVbK_1Pkc{^)z82Y?9iMc&##7Y00%Cq=$iq}1wev7SdAen6U`jMi
z0TV(1b+})0b_wg#zU8=Qed0l$#*@gx;zLCR8zRI$*E|z7(r!>C{*B7AN+I($>*?t+
z*rjS*vgE|gn`%EEOqCTEMZFbwIKeDlWWg*vwR_64>%yKi-oCvy3teRQ&fWp(;KIAx
zh1Ez%+EK6X7i=CbU%U1X>0$FaC;}At95~8Cw(<}ZTg$wM;OPSQ$7>QvVZx+Iyd4bb
zcT!VOU2cAH7Nc6Y-$y6?DGy$E*w7Ln$1?-T2HlOwosO_Zm44weemGA&V4GZgRY|s}
z`z93QcpzgLI%CGU*%$A+wB)^izm|Q5<Qn77mt-FUdZAwg?KeHE<uUsr?wNb09PlkT
z&BPu-QRsp+thGh#R4XYe(wQ<Pc=ko5a(^a(+2#@1!}|J$W#{F|v&v%n_C;U3Z*G4@
z7$N^LLxw^G*PUT0qiPOk&ViXwZdqUj!N8!jm+y(2cNPV22~i6HCWhsYR_DFN@TNY7
zZ@2$sk+14wZ1Gt6z<b?2(0;Fex1G!HFUfLR6*w4-rR1)2BCxf=`JuOe2@{+9>VN#p
z$=VdvsaeYHN51}C61cJ7*_u|-?jEOC%`d?%B4%6eNbU)n3IXt8A8s>xP*q(G{5N6p
zWZ+b2ER3lW<AxnS%weUVyLkP&Gf-a5{e}idnu&4pSoH_4RyW>~Pru@|^V03xz5Qk*
zv8`W{voH-GgBP4h3KX^PddZF~R%d5+WTX>zLz13K-)-Bw9DRs^p!_l8X8?guo&Z!(
z@tt&Bn3FC>G;t=3V%{rqpEr`KEio#}H#f9+SztuO2+;?cA%jxCfB?qa7|hrtk>~+@
zeoQgf=lrl3s(4M!arU)~+?j^_EQJOr(jz7$>O&f*-lEqyXuv>}!Wi*TMM(uBC+DCP
zOew<`Ug77|eQU4JH5Iv&zHNii+VHPZHh)e7o(N@u^^Y;|Qtn&Ef)x~xcpTi$4yl^s
zMA=Rv9B7hEAcBB$KWtf7XEdh2uCTI!=sddq%7|y??1$_u0_c@YWR@Ty<K6pI3VH`N
z5T5_NTjJAalZNDJnFlgB-gx)kD~``L)n8g8a5id=<De-LaTbqtIR5`{y>5g$PGiP3
zW9IZfkR@#IdcQ%=ZI(mRXyaSmWuBR*2*5iPGfA{_<S30Z&;9-ULMLroOfMg|p-SPn
z9g)x+>wVh(R2vcqeh5sEA7y2A7Gbhl+H>Sh2%z`Qc;@8PjvwLJvXVnaNagXJo`-7L
zHuzL*%Mv8ljOEyqMkfyl@?nZzrH+sciry6!0Z3$jPZm(CpyJ<vreY$ilH_HTDWo{o
zTJ3n5;9H;abNrjUJV_C<a@q>zV^SjgR4c6ikE!#H>v`}0|3^!^h?LQiy%SkYAuA!P
zq!2=sluFtqgocrHlB~?EtacI+${wXcQAR1FUBCO=IoJ30>yL9?*SXHg=ktEQUeED(
zJ|2%}fV(7ay-~UE&m;X4U4qh#Hw8^bj-5sOi#G)YGoy$1#V2j*aqszBgu0Ir#$qD#
z1*u933X&q}EsL>?+8jf<6WkGhJ?HM-?Iv2T9mSPVvUdyLyK=0eB5LWe%~tLk={e;{
z%ZHX0NAQ)wo>LxFftSS^?CH{dfc=$MmFlWJ9}-&!4ps{(PtqFfS$WF8w_@j51!mI`
zz2X|>=DA+&dSpW8GadJ7AId7_CjVG0+<%{;A1)4@p8RvTXHMX)^>Y-Cxx5yaowpeI
zV6jM4I(`ytgy7&@#tG<Qh&8vAuCS(1?wuv>^w??ut~K{{lJ2UY-t9R4`-zF0uxB$m
z{Cj|&-jy_4h9&<ZB>5#i=~;gSpZ=!CM(K=miVDkrc=ON+lsF{t=#~0R(C5q0F#8w0
z#PdL8;&h-1$d(DV%bBOT<JQaRePR*CDQ*tM9(FMo9kzqLh(u?mc|dZbaYA<T=E)Pm
zeu2fkO)sC?L2U-iF8JVMVS(+sh3+vgtvNwh>2whlJ%66Uh=2hL*h+<+Zbz4YLYLyr
z)6#R#RL;~7%VI4IPFuE}YV6y+r$1Xci6$%z5ajKA$C@K5rN>YGHFerH$6q^PzZLh3
z6$Q-f2JSRR)2gC5pe*xF!t%K}LigCdsD6&Aa<sZmk(0hi)TE_*OG{E|TC@-b&A(f;
zrkUlI8>(^`Yc7i}FWRsB>XvR=z*hO{?%ni@R=4mA9Q0zJ?)}gK&qut&E^wPiEonY#
zts5;-r13hC@#oj*CgIaFDlPfkWpd<V3;>|R0M!r=5FC9CKidhU3gh!)G(V}oUk{G5
zs4%K+t}N(5MNyHXYD7e3Ohst%<L=gm$}70j+irznv;{bYVHee3*_A#gE(I2u3pfQ8
zNxE<PJ667MI=y1F>>mRvMaop-TH-ZRwUa3F$<q7=>cGm{TG$t}PR@fV%i>t*+Kgpy
zZy5Szh*koLkib@7X&v;HRYM@0yexP9Zwxm?BIZ!+e)|ki$Ki^6EcA_HqDIB5X?HZw
z6g7@mdXv}Zj<Kz<U`|SE*IVb9G+IPVWiDLU<MQAhxqR+9?yUzcGmNfd^UlB-DycO4
zSWz6)IC|({wanUIzIB5v+)QPYb?%?}IC0pqEzduW4C%Ug%5=B*nVCKA_nQ2HWryvJ
zA0vREVFwdNqPE~EUH<uVL#~oBOH^h|jO+-W^(fT(=KFTRPLGC%E8Mri6LxBp@tPHG
zi>lJ-r*ObQoBC^y|EZR}=zM72G5m@uK9hmCk8xZj*NIS<F4;2;*1LcWgG4ZlPC&jx
zC<6B?U%%49;RjV0vuVTxQ(Dj07Fh|&rUQtGIrq=u#Cp00k%&8<c^9aTL3T4{E?KK0
zc&kE-*51HxB$bnB@_jdf7>GpmUR{rY&-d$xN1aCO40EPDR63%7ycI||qUw{<zt?$9
zx?$@;H^H~>(sSz4rEqAXSo2bAmiQHmU2w8}7uD)P;;6>pIWHOdlG6ivM_I{^hx)vD
z+g^WccNou0tP>Z(R-hyoXn54?((lfPe7^VYT^~_)TqyP+@aIjfQ=qI;CYhh@R5!dw
z_W>j7)+}}!$vDW<=vQV-x72hk$?0xiB<9Fn>6<xd3yQ!1`3K)k)q?KW&$aWD?Hc_<
zELb-%$KkJMz$4bG!j@H0Qxn#b47v-7LzG7|^^w61Lqql=50VNtX|_|B-%f-+dloRs
zY0H*BY))pX&a54p0&$N28QI=Xzo)|HMbe_8(o!Q<D*=K)z5^+o`u6>f=bksjc-r`n
zG=9jFgS5S|?Sekw5V>-vxeb=-gbT)k?QD3+9LrS&=^*jJQ@49;+ex8IhW;P5=H%&(
z>0hY~I*FK`G&k0*<d0{{Ng*A$V?r*i1Jf)spVi~KzEVdv3=k6iT%BL?>E(PwgceT&
zEOd#R0Mks_ID7~iR795$7t{>L0fDj-whpT9QECqXz$J3oqYVf}`@O9oG#OTdA^DJ@
zUPy?<-~%@H_L>?RXew{5^1we%Bw~%%B3kR<9K40tV%AxNQ)gt_s?4P6<9iD}U3ixK
z)s%W`N~vx>aqPoqH+T1nVy~FbVIywCwIj-Jyj+45g7Wo*%hIaVl#w?jZ`?G`yWbGt
z^tW0BfQKLqY_i)xZMu=<+`_bazu}w@iAj}rgcoj5TzN)iD|KSj{R*b&V<=c-V(@Rn
zlNrRAQZaRsYMt>!-hcGBpuTUEv@{#j*T)bD8@?CAgbFZAq=^yMF<r1Ah%B|Uqi@zr
zdJABAqUD6Z8Q{hi#!nPz1Bzk6_dXI;1bnRG2nMO^=3~>Pg(V3_l;-By18lUD8KCiU
z<fX16f6AGmAie}z%Ed{Y<M!=44u9msho@H`+;tw?l9b?wqz2*-?a8*<D~r#ggE{)d
zY3>VyqlprqlC4HWj`ZAshHd9gc;Qo4A7Ez%vSWc7>M(O`oFNhgXtm*Q_tQw}dTi&Z
z(eOiMn4zT%V*?E@(ZjnKy7Gl3SMMVH2+w0&MfXLGU6TfHMNwW}aMISBc9N|~94zmw
zN$5N2mcZz%s;lGC;y9`0Z;K1!=3fY(bz!ZeV@TeL>AKP3;c_lhVJ-GjQ#+lM6qdIF
zKDD@*7<Ac?k}y3319pvk$QXT%HB+S<*NC!#MX*nJnC3{3`VfI@_fj&%F}FoID=T~)
z1Q%nA0@y-=S`&}KpGTR%6h3*<Wi5*Ad6|#CR8`?9l3DO`_wzX)40}cY^SASC1s{YJ
zM!bG7Q7N)<j;U)_P=efN|IQHz6Lf4<H=FL7(7P_l^7*}cX?^h%aVectTKi_j?Z_XC
zQ(ND3`8mkKFIBgxQ-%2EMKUa?<j8ol(&*8SmmSm)EL@}p?74>>Ffl9ag#Dc?71i+G
zBmW#vwgj5nu&{g7Hvlt;Ud2RS?X9;`bV8)`#>V;L<4M^JSqa^!%&_orMf(pPd~p9h
z2bWo~nYDdT1^FJ^C0>rt!U>1&J2E9^cM+ojoUd}E$ir&#tF30um++MXQ^_c|{UYDc
zCui@7Gcc-xp<LhScp7tX_(v?H@Uw1HkEX&oaG-nHZ6m`%#!OFNy{Zi#)^IJyuj%)M
zLurar2|4s&3~(%T>mUE_HwCP{lL#x3+m9b_MDCY=n@&O``nECjj+3)98n`jBv!)KN
zQrt#@<=<O8^d$oXcHi~7XN2)9ft=m24bC2e4+xg7Lsh?i{>=UniC)<WnYEp^m39wm
zUP$B*3!7%YzxJ!9-QA1l&J{Gd+`a7w+>f~6DF5?D`i;k<L(NR14Qpr=qiKS*KZbOU
z=L4IHFT6PE<1lTpKxGY$Bm4L3Z~3;E4%n~wB1cf*IFOSpI!TI5Sezwt0L{!#Q`W_|
zr-=%KQAyBGE%{j>f{1OYO_&42+rA24>EKxlLEXrXnxG)F!iDU|1^%W+0b4J5Z<+4U
zR8!mOp`G?=7cvXHt9ftd{#qJS*Z1o4-s4<FgKobOcHyGA5nLcAj!`_;qi{3TiGza!
z(z)OqVPb<@3KsQ9JYEjzRl6p*tv*<aW*<ZI3km-1v9)JHj8FjmLNS&pbMA!XnNJWc
z!N?-l=H8OS9>Qy8ybMfu^9M$zWy3OeK9Vvb$TC^N6Rz(ZpXrw);~241h6yY2s)`cf
z5Lpb7x7g)SBdcHvj&7D{1;dV_bYQnH0!p&Qd~z%Z8i|&*KSz%r58j{gy)R>O)Q?Qi
z(3<k!eN%cc{&HO1gG9`TA5kXS8{p2{`T3_K{z#h!??o#YDBc-OFaI1rLIri<&4}#*
zc%%RAh#^3@WSs+c(uhD)ntZxDT6T=o!Cv3mN10h&j2*fBHbXbqDR*A|tewv%{Ff^r
zI46S9&`O`^E~7h)qH+6CEW1mi>iB=6`0ORnCfe!eDD}YY8{RGBYiB#^LGpmPwNYI?
zHnTYD`0<bY0>(s7OG}xSLWdA+p)-s7NGMDIS)qn~SXc;tj*MJZUY_75m?luTwiqAc
zij8_^+7Ly>#|>q$_wVf0aXCF6)R%Zm92C19c-W&y4{;H~&nNzu&4SI*t)PdZPCMDh
zq6fB$T6r1!EKUFjLkvDIEbh9pih&I&?8BnKs|yrH{X6E-Iz50{b~4*F**rioMl~Ub
zv;5`3XNk%Mj~~|*#v`B<96W4oCk`1BUflT_X3jXdcavp}&EbOw`@83n8})l4uy`Gj
zV;0Qv<VVcI@9kFKjNeer!xv@2fQg7sWQ3($pb#AtZa@-(EQ+*nOI$MqugB|GuTDNP
zC2YGC;Y1jkJ>SfMCUFiOJ{)7L?;RPiXJEL3ghNC5{W}vYB#w66BerJ9Dk|c30HVhJ
zU<=(9mtPAr+Y=|GHzvXo<O#zYxHvgfDju*Vlh=cOg4YPsVfw6D`?r|C1AYTz9IdCf
z^-^+HR@S+5L-Y)<=(5>@ek5-H{*=E<4}0|AhxTXS*~_u9v^23`j4|)77CCgHjtXL0
zmf4;4u`{N8WgH4|gOY|qYvbFLGZA+?vq2Y0F*I?A4ViV>C}ohZi-{h_Piz40fQ$r*
z68bxni=bkbc5D~lu08kCVrN&^9~>>rbU3hptPB@U^x1EI+IroF4Hq&p+L$Xvs-MvH
zWFkp|oG@;jg;ArXdYu3gLt+F*rfK2%&UGq4zkzl^FZLmnFNM~+*O9thN>d)Ol|8cs
zVSf!pS8z^M_;(fQ5Y7p&L`kIFv*(xh@3os6C*P+;VZ|u$G4RMFjl!0N1eMjR`-{p!
zal!Ecwa5`{WOFip3bwYqMs{Zs;1oOd$deFhTbi1tPwc&uVKsU#5Dlb-xO!Y>JVB?~
zH5ofCzQRXNI{NAR1BNn_RFsn|zPaf*4-v{0McL_F&Ct$C%)4{n-#Kx!NQ*w<??Z3i
zMf=M5%dh3T0i=FmEI@{P<r!#}2z5nGQ}g1{qmj|kE7q=k^EKjz_D(0R50|MHYSGvU
z@s>JKk<oMc24oMi3vU%Fk?TZ8K+%!pO(+p)=LZ9r<>cm~#}>AoF}4%fc8qIvmp%dS
zh1`Wyf=aypmj{{{{uNC&@Ui{o(&BIQHbk3{>oie}=U(8}apMLAlK7C~Fsc6kJL8KG
zFbH>#6UyCVEQt!1Xa{h2Y4Q2ecTudiWz2{MoMQr_;N$rbHnGSg=~<K8E5^YhR(dhy
z9TJxN<i(3sda;;W_g0*CsrQ7iT)c;ATfV(}eKZjg?#80oh1=zQ8166{Ve!$Kid^?F
zg<gX4;N(0E(RC9<-T>~@Y!uuq7ZEn9Q$CzdTS?W3(=d0-{_={@kY4}aXTK4-6@jZS
zS9kU0#a!n$7`GQ|^GL)KC$_-RBgSQ<t<v?x`lIW<G%*p1jcWG^fhH8}LAQp;hNgPe
z9gB~*tGz2_D!zv%lDdw4&v)WYXLQAAVCL-EaHr`m-o5)MESP?m7IXM8**qUx`os;i
zUM$~&-B|i=&t!2~@}h7cz9><Xz<$N&88Qbemz?dt1(|5E_2f_U>Znn<^mOUBzVcn7
zEH%3B6zoeW2=(=y^bb=@6_s=k+B$`f>F?Bd%B#kWzbtO^j=2tSY^!o=Sl;6Wi)L(G
z2I4i$-x4=SO9VBJ_c$7;^eI`0SQ5X7ph;UBR%FOa3d@D%fYM7(Z8tR)xHlws-XOXW
zNRo7PoNm4ZK$=)!_UfxooEp2!eNh3ZXIb6io38I8|7obSm72{Jg0=p<xY&n#4T@Bq
zclv0cc>4-rK(FOwf{szJ8Q!`zHAVbATywTKvxbGog&_cr93i{CKe>+6?J5&$rk!z~
zW{rxE@6w3B35EE{K74odfAGgxDO<p#pA*2k%C}uSU<u#>=Tw&GylRz4_0xVR0?EEm
z=ZxOU=}!4CaX6U}Xc{@@OpJwCkJjM+%<DTaL0|9KHC_X07*04%j2#i?L@pT^HKGjA
z0qA<PC_6V-Ty*r<v7i(|z=gHYjk^k_I$qQV-MT?3=?x<$Ow-T8((>RI^XLbUAD43B
zh!I49k{-o^8#W^V9wCD<m_PBBwc!~i^CbR@2~r_^QtVhJ85np%{{zPsRFFS^`ur&G
z6!)n8;3IS=TgYuNU8?I;VfLi5^0s13bQ&Zr@-_`rO=(6iQNY6oxsMPQ&gws!0_oM7
zuYrQ!T`NEb4%jQ1sD1e0hR$#8G~F)Dp=k<m#J^iw>PMZ`wKO5R)gYS>3|F`pS5i~6
z1J!JKxkKG|tg;tfunB!`6D%e9UkuO>plfL78B%P6MF8Q#hUhY8!|@R2IZOc=del9e
zW4vkHKQ8hY6B9eJPUws^ZP-TBQwSbd&Y{~issqHlmFj`&CHUAWMSZV5YNK?twFUDz
zFsG+`r_3YF(U}68QDBUwop-N}Zv4Z?PPu;l;K+jC_4OB4dMx=L7l56d71W93B^u4b
zj7nYEzvv+n3{bnsUm~qDw=E`$oOVFr^P05m?OYROiJi~D5~@DUY~4t-z_c28WjxG1
ztb1(7u5xk$(P1rQcXjpqj(Rk^^}|B<GtyyBOnCQ}I|w5RgWXN@-_VYp*j&wc3qq7I
zJt)D71V^TNTSbYWkovm1s4dd(Q2Aj6kVZBO2w<v|La7nHZani<sy^NYJ)?)m@8LJn
z;pae)V;c`=pcTlAY8yVyu}|ADoJEb|;p%#bK9JiE8{Wsy!YV7^){y6Nz#IKP#VAUc
z7G;lG_k7^mFp)>ZX_s@{i{}k<O&#@`7@$!qAvn0_Fp~FWxHl;=(Uc{4W{E#4lhehw
z^J*w*;gkG;gzh+<ewu*?0cr=P#^d3nLY}7CS#g+V8V)dgjoBm*P6~w?WGqVTrN|^X
z4&ZBSXb%~S;T;ON_optpc8%|(DD>KDg7`nG@5w%r1f5@fgi4iX;NM)G#MmE$o#Dki
zRph_;(<1Z1S)iI8)Ueovy%scP{F@AOJeT|UqyaNGWHEaIL={>OkFTm%bd8P6Aos5E
z2|0SC=~wkWzTxSAHUzNFsQQY6fv<;~8`-2r&zG4L$q;$_KfG$vAQakTT*gxlai>nL
zhTR9=8Tsp4=h4s1+N6wX|CSp?<yW1a=+G%qozW}f^TJiSnvr4GIv8mmh#nIUT;9Ia
z`BCnG-$S#1DTv9_Txkc$&Qux5zeFN5iK^kyHd$CSPpbcj5ky}r{}p<%u*^6|)bLOD
zp6sDjJ!H?+&2Dbd6>k;|RqdssGMdI3CJYZsbDXQz(4n(t`B0_;!V`k2qwCtTBi(aI
z0e_iK_ujs3My(9e%Lf40AQuj2?tIIQgLm%GHE9VmpyF-Ywt0FsFxJCzRTO~VBnX;U
z84f7~0ZCCgfe||t?2Kvq@-syuqW4;WvO$9aIc5o@f~c=0w{Po=8|Nimv66m}q(yi(
zZu_-Q7fZ+6(0)L2pps=#6%ha6Zh^>5wf14^Pf4-l>T2JQ;(x3XNTovRF%9m{R(Y5m
zv@;CPx$8LB^#wci>&}$2#^@=uWTf>%w^Kiym9I$m!EgBWG}_}u0aK4d5uOn5hcg`!
zCFz-f&_L=<NB{_@TKr8Xa22);S)LAdkA`7t!LCg4U3gOAOkH-H(uJeUq%$SWmUmSQ
zMHBN~ft}6?oBN33&68M}J#C5q=l@F2qN7R2k6-2AqYV7he2_wk5rn5~=<Nn;@~sQ9
zE~+4!o~Zg07BvqX^*V{jUWhE<v2cfZ$CSf7vkZ-15<A1p5?K}ATJw(K?+qr5;6|pS
z)Mu?(!^M2hM*-oSYiIYU1<i(O;kxrI9(sr(I3<OwnpW^x?r0~u|I)X@Ch%~ky&KV?
z=cHPUm<?QJUt@#GFNVDb4hSD-?^0dQDVeH}Qu0`)2oZuSYo@U!G=6+!%4tmD$gE6b
zsljO6-@bQO2+k3b8Ke|s0Z7FN?%xk=xC<%z&K=lbTcNg<8NC>-+x>qjbq9`<{}}pQ
zhwyD;lFiEkb!qC!#n@#NGvlO~2#N)Xj=%~TC8dnYGj^i(zJvt96=rM04z1H^gd5Nb
zcn~S#QTq`l2=k=BKd@8}Y0i^jtr&UM4tfF<5k$aM2ecCXr2fmD+i&tG3VQ~?+4+p<
zA85fK8jx0|HZN;u(K8FwNE*_1J?`59m{PRY*27A5Ox_ESkmI+A0s4mOiVA&rCq@&;
zN%y>h(;%Y&fCwNkY?S%<nXA@QGT*+9r`c$tA%TyDffsexgU0$7SSFTA{_nFOtGtF`
z&zjY%VO==0j}}TA%hfIB?8R;)IA^4RL6X(LpdmW!5DF-+wP75J3BJ8O%Na}gDJo)P
z<7?-!f7^d&|32yx3Y+-bTtb1)37TJ?<~-JiKfNSj{-_=1f-e$kIsUNg_#s0p!}T)U
z9-{L`h|6GiUzS%{xdi`r)ylfiY!Kk-o9V8p%xUHxKJ2QZ0#)kXo?g?AKWTjX%t^mu
z?gENT&Je|)hK5kzldr)s2p5WBS3zWGI=ac`J+kv|vD0?aV&T*?Y6k3PPxjd{j_i2s
z)LoPTBvKHd>i<RDBYLZL(G<)vZga1E(48`^?i}Z?bLY+-e~MiIeXIDO7ylO%%KFlB
z)~qKf680b+S+eyqJ^dfg){*g+F>rs`Jp4e9v<QSuEc^>LP~L7>xss_fnp7l8_Wo^9
zmfR_%On+Hx|B5Fcuy2uq5qM_BDdRqu$eomBc))!{08~_@l{rc^d=GB5PoC7lOmKGx
z{5z(hTK<*;N=v}tXI%EPmRbqfg>QsNt0gTag4er-pg~pMLB2s$1&D;|WcKkVxcT4M
zP%I^4-xa-+r<>c;moEWaNQj4^ez>`T`+#vBhrp8(Aqv_mxW^MKvCkXt^`ji6#FHx1
zms#jVCLkoPQ0=OB#B4WV19cLtHTZ5`%naDma)k-evm=jI7seUX0!NXS$%VBqvJ-36
z9bfhP8(Xb3o0x0!q1vjS4PgHd%Ms}F$z(M7jC$y<>G8ogL?#FmfX#)V0~w~Z$DXMO
z`(@s(CT0P+XK6@Dc$D#dfk1>+<ATq}-;F6#-*%Z^!QV$BB?{o2Fv7TW>eO9^NwKeH
z$fKqJ^~D5|1{p>_*B6n^uC)<UkCQVe;fjlLf;+!#x8|4O|J9TdZ3!&DWk{hHD^Qks
zLNKlAC2+{+PsF5E@bU}KgWOa9viC-3XW;s6ZPwfd+^GP0c?RISZGOF#pKoBuz(^CS
z((0>kDBiE8<W~2Ld&HWTPZSjbNAkTZ2vpSJ!%X-V!M>dkKitobegPl>5;Jj5aJ%sG
z+K~`EZQ;VP{rhicQSm?HRrcB((Ak|L9-zg>Qji=ljdC{-kjy3O%0Tpjh-zsvmBfk_
zI+=#Cv+l0A{Ncu&q-Sx54+~ULV+rWViQ1z^b@7G|#8<=o(y>A=1AAXEiJj&v_;qBS
z8;0{zcDnTC_ks1mO(nWhWVQ7$l<@6EKI7k$-__aviIcmT*==A%?C_vKZo&kPjc4>`
zNC}v-4`0NBC6i^?t6;{()_R>cXHNfN$vdM0uxE?9u@-~LX}(E(3Bn}o6#fWmY?Q6R
zIY8Bf?$Rr(!W~+KLj|zn4d0Dneqj38kt3CD9DD)g=(;8^`&pWRb3}gRXd`ZxAmUh>
z3}UqSS67j;ni{a@kej{XFvYhy1BSnQ+s^4`7$_Md9IrmRuCkYpKC6B>dKBj7bLP}C
z9}D`9XqJm$%Dl0)6Dl20PA7e~1N;L13i?h=7Hq_6!e&im#uzzbFR(l~WH)DfV35U&
zccd>wmcmC`55rwvs=YK=>$H#6z~@vmokSF{oD0%WNeK(>_}T1#-&NZ_p7$1!<A8Za
zyd^9CzJ0!=eR@riQwlIc%JE3)o_mBxv1iXCN-K1;`0jz(^77tX*aI>%Kv#Fxkx5JV
z@SG$<^)VYPBpmhDSlE<%j&s`Kg#d$E3jh&8^`5CKN2*Z|Qk6q7c9I<L@9&>@OK?Oe
zD)~*G;FIOACq?${8=MaPuzSx497>Xthl@-wa|q8v;Gy4>#UaAXTY7`gP>xoU&#5$<
zIJc9C)=<S}mxDk8D@NEXd;blsQ{<sH&RZy$`7K541}hvfeE6qRRZEY3U`#sh>316V
zH_l_B{a!|Ln^U`a2bdV=Z*1J78|fD=%ytsU4k)5?D*5|nn_m%B7dRzb>UIr%S)|0)
zIkdLXGx<Ul5RvH3ynj_iIkeEUAWdZi04tO|TYMvt2rbaKO*-|hy)<7(D40$b|GQas
zDMcS0e^kHxzMBEPX?e)Cxw*L|C9MDMYw(sa4pUEIlqMT0@OjVNRWzM^kaCr)(qov7
z<C-;|5L-xRH5+s8+^OK<b9fql{)8^VmdttfcVv7gE?%S7^CmK>1g-@|A3Y^iC@J>%
z69^KV1c_cFY*MQ5?#^GYTgTs}b0p+}v#L0E5GFXul#PJ@P&fD@e^*+cOiUcLxMqyv
zC|;wy)MQ$!s)rw`j{t5y8HERx#1R*&t10_speaXSVmHm^`n79JzyMD8!8&Uxl&MQ?
z7{#|Ye;u*$!=6?-5#yUCT+ba^$SI!ZG>Z!hM-Xv5W!!eM-PgCNe#)gbV%TP+!+aiy
z8PJFBef*bPK6*4>QeFNY{v}I<g=NQ%i4BQ2vnm6z5j10lK4WXm@DJfp6OA!0f+xj@
z{bpKPTx={IjiM;>(4neNpANFV3GaxLr?pReGQSGSeJ}qyeQ(~1@5pFT=#Lq5p!i<V
zFmNp*ECG)%DEPDfmQHkmtK}46bIYw?w2!Oyt<#KCD9<H}>Gl=F`Ys+O9+WwS?gJ8R
zxtnZgJtP2;DB99<%a*53H1T5@9kSCZ=MVpm@wP@1{Abs3@>0Q%R(ra;Us^19I`RL=
zT}OdsYHhv0+>PLsn5VnV*H`jh7dinX5McN@e_(f0?vQzrdT?5KxBQSb*@mRn?e}=C
z)5g34@JLPn*14_^7P64DPao`!P9-NFfv7{Lgj5M66rw9I45q|gBko~zN7Y%9?)~i5
zt3`wBCR@3f9#OKnydsY{)cKq5Q*w)o_c-w3`;_GjO-Rt<f7G(pxIP@ID@jTOs|Qn{
zJu*$SGD|32%ATQkOJHlEdxyf8n(i;<pJn1}>hwWYPzHQi*wGpdr2$Q+cMHv_^Xp52
zk5(gAVxz%{1PF?D&rg5kd?2c%nBYv&>!jScadq*~{`>CRT5ey&DxD%5drTIbYQB8`
z?u+{IhrQ=zm;tmWD=zaOs7I8Y6EJAd)SN@+G(U!5Ns#vJ+69UU%dq@iKc}KM^lZXh
zEiw{u+haTSigJ1MQFQtHcQ9a~XzS}SoA^g(1?q(;ia<z$8bptJ^k{a*SKTjr)g%<Q
zF(u@*g8>T}m%st_$XIkvRc7{5JWFAu=tbM_W@IDKil|?~Z^1Zy3HmYTL?RmGR@JvI
zLjRV)#Dz}p)|D$=y&rTLRCt_TJw+I0pcLtlk~S3&#l(*qSl1<sCXupcMrk{(FGN;@
z;2e{!y9saef@WGLPh9n2KLZSi8SseoVrQv_ho*B<Rp0snT~Z9IE=`8SmS`1n9fSDu
z5GC~VZAggJsSJ(@>d@HgKL#DmbY=W3%BEoR-u#NYhM$pk;ZTx*IK{vO*-!|vZ0-R-
z&L7=@3r{DJbMf^(wo9`gJiv}=B4>iceCyWE!LlM#@n=jzV7Sm>UZ$oZI16$^BzR91
z&&oNEEhbfATSinX@m39iOe?tW;ZlZN#&E;i6mYq)(9oS_6yEoE0kH=TAaH(pZtmpU
zIiqr|jGM?*T==;I_fzE)G6^>33uHiEFA3E;DIKeH5-x}Y`5xWj+O@(&5v7+zF#}^m
zgiNlt&}Q72+H(Z2oyHb*A&qRbg)X2Xg`S|~#sKBmg9D~k5zs!Nf{2UI<q880$M@7E
zIPbt#G{6alYFb`uGw%lc>6udse}y1J?LPa^NY=Y^L3VnsXWGIJSyPryGC2a&p~7Jk
zw*loZgRELd>)ZV8sLQ$~vY{5$MhtEf;}=0t>e}q%0J>}uKgmdFex00H=pZIyheTh=
z1O~>uqyZ^M#Ga4l8?lyg6=FRs$3l#Tjy@_t(>!1FWIW#w)4B;7_q@D*T3X0vY~iyM
zwB!@+3GI%0yfO8#+~4b-M=I0nHkV{|w1>A|UUPY|p^v*p(9v3n`T;u|l=c<5{In>$
zSnlSie~%KUsb)XW47vG)nypKiyn-*o2<yR|C;YvrDReT<^ZXdD;5hr9(mkr$Huv^z
zo)-$V-z0VZ1ACh+4kQWd`Jr6m8TkwF1fIkwwcXH1I_b66^A=GcpE<LWRa4im6HJK{
z6XG?Lm9^ZR?g|PI+G`5sw{Le%x)pHZRQ~RpLEk}74k7Wl*-C>7s2wB_=MToj47fQ7
zo5`x#KR5ww^_4T)D|jmkq4H7&l6I)(Xet%M2(3g^i_moF@1%sBKXj#3Zu~ud%DnYT
z5JsWfqS2szTYFE(a`x;!7cbWGK)^-bm6R~7xRZ2|nwFzHk&!agZ3xMX8}5`Xf~5Qo
z@+!O_>{O)k=hP`n-IJf}n|%DZc&M3&XYw$bE}3iBuM3W3tjw7`dsx4Il4ndG!TLUf
zU{wUa2xtneI9u<48KEk2w@!A^(?3L~M;OPY))pLd;=~@^x`{+|sj#w<`9)f*in8N#
zSgr<PS`^^0VZbur8A@4xM54Jnhtz+YaAi#0p;`TV?on;t(@LoTV#L{TpAetpP*nYk
z@|=eZ*G@Km`vyRCdXdS?sC#sx2EsF7D;5?=`koZ>&@)WV-sxK{6no@Cfw*r)EgN-Y
zU5(dTu|Tc<f<x)oFI63#YwxTkzRv2eA}T^XHEZbrr;heEKz6bs-ekxT=nK?#<5)B|
zcqUOJVkz#C@Z!&(#}tK`0eN(U{;NK>8N?MmZ4g(ek2A(r3b%3`2{D*JNqqKD>3(5@
z!2bQ`?X!-|>Q790$Lau>_A9O%GvnmGV}i~a-}RLE8U7+=CEBw#(}fFFn|{hO;7)41
zyG959!(QFHFF<WNfBxj-PdMTHa8iLpLp~*QgSY*v>H^tCN_RcZpkzVZRk6`XQpuW3
z<piL@MSvr`he;6S24@W^EgoN3@vt_69Kp8)UAuYfT;ur#3~(Wh^8IrhwE7&8ms*M8
zA-x{Qh%6Kbvan~5g5Fty8_RWt&Oh}yCq?Jh!0<eJiW^7@N*XDy>2YKv#Qutfh|s)d
z3&}x=l#Yxn*)`p-Zcx7-dfg){nm3<XPk~c0GD<x^^h=Gxd1?Y6hA;kjQ{sliPvqPO
zL5O^xm6V)6ejN8qArYsfMEZmBM%6vEvhN#Z0oYVRMulm?Ab?aHZ|~Ps36W*R*7@jW
ztay~TyMYtq_k=&Ll%(X&H+f*^9eCq_;~-utDJ#oTQWR@8{ug1}J}%Q{p|BI8_y*zr
zGAI6T=CUwWd)j^beuA&ClN=>w(06bcBuAX?sO2H~L(^7d4w)Qmv1ZMH@I134x$<&y
z;S@o;cT?fGQ9AL;!*@Ylil%6T6C-3xzjP)mx$p6~=rP@#H=rgjwP&i}z{5<td^j_G
zY`Z062K4JkKNxT951XbhwyJbjC}eNn7K^wCcZ1EMn>Nqo3V`FLsB{;(!VTWo=gR5!
z>C#W$P54P+Bv{olZ)4yA7ZM5~xZYc~0ovLQ(f52*Q1I;KOMC${dR*xypR)C>n*1j|
zDDjGqsL62D-TfEt^NckIu08+@?7izv&{Jk$R4!2SvB2H27HQ2>@)6IH6}dB>Yxbxr
z&iQPYn0eb#FDh&s<KGN)D~bE&!Pxjc9DIViO3AgYU@B}Eq;U&5pM+}=Sw=afrH|jc
z(q#Xj0g}1?pDFmXX`RdJffy0rExzPyWAm1qNYVko{NQiR;G}!^yjR&F&0_UO`_oeb
zruB|5E-AsS7~5DLB7+X*BoZPupf5!EKs1I7ZS;F$p#O<jyK&jN<;w-jzaM1*wv_yn
zG%yZn#9O7W$Id3~Qi%q53=^^@X+*et=}aHwa+MJL>(?({Eq|rn0txm1zVBJ5-*OY;
zli30=&g!2>s}aet6;vl`9PJdbr^24Uuo5Dte&{M+-;CJUH-zdN?4&Mw(1R@e=+LOi
zQ>XUV);6t|z0af1!h?W`ExqKS9BH_f2q54B^|tbEQ5J8pOEjY76S@q*LPt?|=1^K!
z1RE;6f&@x*H`yuA<^3q~f_4rOMyO^^Ex>LhG;V7Bu!!BeD~d<3boU#DP5!>r{GTBb
zVg#I*Z{B#r%M1F>T$lpOGyAhcZKtUZI$X!~?yWe${m@qeFXjNd9{voORF=QuGP}Lo
z+S<S}2fQ|7p)}Rj<;z`S`|e7cgk!oOi5(>sOr>K6(6M#vgoejKIM>C_I)YJ!iHS%r
zZ&a<<6SO$=Hj^|)yua~>QQh>XvutgBu$G`e>+$RpX>q9PdMrnvy6<<4i%i+kyoG5O
zEvEgvdG!=yLM{2P+d17Rf^$I-AN*|;@F`a}EF=U9;BPLvnPz3ADp(FRq)^iD-*0gw
zO^~vYTo?y|QwmUuhYCYePfuyX=XOMat@iN8!Ic6{0(LSwfjtn4Jo{KFCS_|kY+z$H
z2bQ-6syTGnF#adRWV7Nmt5#9-)(z{nz^St+GA5>hGX-|*sK=NBTPB{@zw%E)Hr{~@
z2S3~H$Z-JSAcIR5*S@(rz|hdnwTba@RQ2?x-neIDsNmW}YG4pA8AGQWH?eHQyvwTI
zLh+vXvq4Hif-u)vlx^VfnF@?CLsw^iN?Zyatw9s!^^+D}{)dVRU42gvPfsXhEc#HB
z-)^C+GiCb^uU5=kBzk?UYs7J^f}?OTN@g^Q(}x!x1Uq(1SGp;ysxPd9qm<)CNZu$*
zW6rDDr_UotJ-+;a*@xLPGJY*@XJ3C-^8NXpoVW~1&EJ5x8yfXZInWRm7!_^f|9!wn
z`_3IlK3f0&{f%3Hh~Mx!)GhHz6_t@t0<*LNpFqwpdyl$INQ|<k$Y(Hg!Z!YOe(fCI
z9DFYLG9<}!wYP)s0I@%Bq2fSQL4|v=k2EYL<EWSz!BJCRfB%U(ViTkSvKyu;^n>uC
z0dvn-e}M%QavkD|$!d7!AM41WW-6maCP<5U#?VgwYO*cDbobrwZS0p`^oR5l^m{HG
zDf1WayZuf<&m2UoD*1k#7v6B~^nhj-#pr`7iiAaE^nTH{$eL!SsHv#*b-y+6gQks2
zaB*E;%dm8+OT<<UIRco9EDcT@>m5-^Ns1zoy!GhuO6k^mnk?X7HmP#>5mR+hSKqnq
zK6l}2NRI*fqC|Mq4Ub<t|DkRpq4MWN25RtO=rmnDJQNfaYuMdIYh6aOOCm(C^%V;R
zoQqj|f2EV&w_BZ;EAPBR2#Cj>n1U6^QFX#psV|*{!@h*pYuU0Rbf}<oDJuiDq<ik5
zI81vX_<GSk00V%JGP8Cb+iQ@;ka4|~SCpndxm%0Zhn8r%xv90cV2eV{46gLz1-yN#
zW&kna`4(SXeEFDdox7)139>bQqsg9;6`>V^pf<ho6i{vBSy}$jH1<Ys-Rd@N9DtJR
z5Wn9nY~eQL`LZ(j`X5fou~X-6L3#!F=N*=R`x?BT0^GCt;N81-De=e~{9wLTEp?Y$
zxoXXt8zdv7yaLbEs&L182M1T+oNlt$;9vtvQF+gpc&xSy<`BzR<F-_k&HU-_IVw`l
znRrc$^!=%kn6JEG(RF;+i3@Bt<;TE)f|e4OhjA+{O)mbfu)bl=9G9a9tknZ}8E{`1
zbh#wW-n@Bq*^=2aXEHo<_VJnMsi!vRWgZL4;dz*qu?;PrZ4!(gnK1E<8aoahKCJjf
z;$zxLZfjN5K=<B8uV}>q?su2GgB4hnpmf+m_Xzkk>@xAD)LlDvP~(|O&Dg=LV=NpM
zoU8pnqyaxkZ7O3HOMRL6_qDQG4>S<-u@rIPod$8l(3Zu{!tqAs#V5dNA|UU!#Gi;C
zIems?FAz!w7Cc%a68JWf-@~!7do+zp@7$5FG`gRJ)B^osjJ@Cc;mb#2Xr0;R6{RLF
zIsCaFht-TR**>FQ2NQ;#7s!GnZ%Pt={#uoIBd6ggJ>9GLMTN2zhA(9du0`mCFaUzv
zEPyObZ;Fblp4ln=xPKXI4xuRmPbU?Juj|XI*^3vAQ948Z;q(Xu9vJJ^3dVP+1{R%P
zyos@Ircp+jP(No38a<lDKewOUX6QXnpUv_)J!gU&nyokG-BHaV)J4DtXu?d6`^J80
zZU=>@e$RI!w3QTb2ap9#l$JJWFIaII#{^vRxN;&9IhCq5#{vF0J_+O5J=}6~OZMYw
z1F;|>2Vl(E8k74TQprj7c{qI}LA5jOrEX%U(?c$#l-FP}87vj~krz?1AuYhE(VOH8
zr%0%jFd<$$ZNO}hDS^KM%0=n`r=2opBBtVyDHxe+_Uh#WdN%y?ZRW>(>2Rz<5k&Sb
zemX=zaZbT-(TVaxw!5~o7(@RyrMaUkVL_4ldZ?-*lNPXPIIwhYIE88$+Bkh+cFt6?
z>Bx`Xw}CLgf&urL=m~qOZNtZn8Ph#H52O}S<9-WW;LN40)yv3;f3%vYI{(b`PNlVj
zci2`etV)B^PG`y180mfYB}7$Uzw+z1G8+ZF`*Gy=QSc;w*sIpLy_fum6m>{h&&Kyf
zLxhd-NM)(7Bm`8zxZ9D<`Mr$kWHxNiTj5f26R<Q5+=fO6BbNUAC}@YQy9!1E6d_y-
z=7yN8yjk<!e_DB)^=SidA0GhGx&D6yo<`u*1q(c=)&Vj2H;74F8FsM}gVN3X_f57<
zae^W3I=@XBG=BUN*DDFypD-@sBYbXIoxuE)c+DK|FP}u9G(!y?8#h}^84vdzzplU~
zaa(gr{Zd=<yA>`j9iVG;TD0CIECzR|cX(w+-u32AEd&PH(5Ho_W`+R|yY%~YLDR2s
zIkQt*Q+o9DecBCzV>P_9;(PZ#lZ!Jl>uPWy5!Q<#3MM<#(wo0nG=JW_85S03Zecqc
zdVJYWEb=TJkqAK)pXE8ook<v(GOaCQOpE`WoQi0#peXZGw}CxvU{M@gZ}K`j!K$jp
zu}zX2n&Uk?EP&D&BlXN#!tyr~#gzUphK?AKg^dsdu}&g@%lwBo=#_`6&SVkb+FHsA
z_x`0h_+m48;s@ifa2IuE*c*z+Vp7i-M(E4(^QFC)uU<V?cf^52c7n1G&zOmm#f%yF
zR_&%WM{<X<o(lc6Ols<Sno6D@&xA44+e}}it2>_0Tt@%H8^vsQ4IU)?m|fk9llRS=
z<M<=lZHWXN2WMKFT{}w<_v`99GX4^Z49^`#&qu@5{X0aS&fcDHAb4<<I0FPt3@51#
zD8wdTo5_Gs#;@PWCr*4z%6$k80PlP>Y7Pkz4Lu|&z%Ivn8e8Z$QB;k8(z_qYRN<2X
z$5Mx)V1fKGd(Iq47JM0!`H7-G{G<6!j!prL)rbr{(qS0dSq%i(eO^@bnhy*-=(A}A
zp^r|Qcg`Udti$+kKAS!os_;zJ)Udn0N%u5&gI{aiJtjo(wBO-6%(zWg*SvKsV4e%$
z9bbp!UAnhnVs7A3BUKFzI9Efb&&>ItBMK0PHrLfpXc+s+i$Fd0ZP7B+)o<rY!YYFS
zC>EAW+3ef0j8hw_gtdF!aN-_2QpSuNDJ?4tk^H-!WzDlC<nuC(0~M^2YWjn@$A+2%
zLyhV;Zde$3dVW|{Ld2YCFWruTp(x>&UUyzn8!96M2BWN^a+MC}ggyTq!{HY|SW#P+
z`mR8+40y3k4mfr>8(xnc>#Cu_=oqFc=z!?x&6|y!9+4o>IAcEX2c!>fbD~RIeZdI4
z7+54vdBM;Il!f;R?*Zfggy4`nRo}khNM0R2j3mwd!wZXs<xk$9G=a=Z@Q+T}y>~BS
z6{Z&-;sC;SYZy*|_GECZ#Sc!`m(3$R4;10fOgB%l{;wsJW^A=55v^-`C#D}PXaDi*
zSGTf<;L{^JvBhTUI&n&^MYqQ>r)(bYIYqjrhq~{pk0lG9ua=ZC^!R64bEDVq+-ZZ>
z1&{RnZa@=9Uqi<02{|0pC-geXg4VlowyESGEKAC615scxDidn<4pvp}`)^Ewn^wY&
zfW?~Gwx+4&7a5ynwtO3?9CY6BCHGnAicDCnSo8-Zs_@~%*4C!clZwU7L3inoSVs2r
z<FHF_z5)3QvYlmCZ57mh`&nar<qFG~RG&Hj@VnP*T=}8pP7e6H^eY>)l^R_mMO|9x
zsg1|p9q_M-QS6;#X<rp3((5+!*`-B-Rxn4VDC9pEqhqqVJ8*sf&&H^^V`c3_@x(9f
z_x#rw98{nAXUv0xW@e7lcc^wBbiw*q%A_aDj%|JGG}q?H*g0wQ-daC6Za(9>^^7-t
z-`q1=`EX=GZN$&@nLkHO?m8p>mHp_?nYFiSHx~|V@O|v#{U>9qS*B-m=6%tueicc<
zW{EsGkldKKxFP!O7x0|LWsKIG>1;t^p{AFDe{cNdXX+sE^oI*cdS?k3GS8*SSmmI1
zXS{JbbO@%3z_vLK4r@!6q3QZsQ<F)|qvfQv`b>X8ONSTA5TzH{*(T&2F7;oy5!KYl
zO&`pe#87&6df8iyU_KdVdYB#b>OjnNAoUrBSX2;BxylV;TiYH$dxK~eb>s*+!BI8*
z#R0W#e;PL({Vp5W+7*o>GoEduf9H*uxu_W#%gT|5j>L4rED7$lAMT+S$3y`lUcA_`
z%&^0?d0lg3HF7L@Rgf3h?3=lg1O<F|81!t^_~vKICGlFI&iYIhWo4$V%z3<|4(!|4
z%V?VyeqektGCZbZB;moUhMed@{gbRJM!v=o3kH=2SC<3~N0*8K`pV@u&WZK-dLA<J
zO{LyIcLMhigV`v`@3^=EN4=KK68_3ahZv}j9SeEZlUWb_6SzKsZ^Ooo?QhO1NH7%w
z#`2@wF<5D@Z7i13uI;;X-@f_imk5V`*L8v;prnWemUCFIcCYSdS6%jEw0Q@8WvaKH
z#<zxB35_17A`)tny6O!S)M|j*kTXdm5I*QmsScMy2;<$&iW~cV&H7h;x67;Fo~b41
z)r!nc&I5QvAPtC!tre?B|AoN2NL)tUf(oYad1FMU@H|#)@Y7($^g07WAPNBr1jgcK
ziK2UvAO&jb>M{=?rK(7brdg3!*K@?;T<fg*Qw7%2{%wb6!!u>~5e<GB4~fZ>U;3Ki
zF)f?Jb=k{GRS#+2{r4zrl*qV8c%JA;fG^qMJ0`nlyLPtkA`APcB_*xgb{^gD)G*+n
zUUY*ycShZJgmuWA?~moFUWyu%b|9D=xSxFrI2qv#L19dWKrNA^<3XXy>wEF^DSa+G
zXeekQ4OjF*{(%V*xq_fevj+A-coQ#dF7FD&Kx!?wDf`t`Fm`3k2M;LCIL0hdAo_vf
zL*nMWJ$kgqxUXh-UaDVPD&!J|cTpC-$GbUtd5tSvE0~v@zPJr13VggErca%^npqT~
zmp+3(3NZ%x70G|=s*+UoGe_GE6U1^x)vwRD*Vkjg66L0&-V(Ojz^law!|>KFtIRWN
z8axl#t5fKL0<hu-3A!lWRO3m_nnWMkdc#SRu!Q3vL(ykH*+c)77NrwbTfM$!u5V^T
zpTgaO%}sm5!^MZOx~S7I@sS52O#{Qj3xtN@;xga1W)FM&GMWH^y+|FY{CyT=++@b|
z0v{xA1v|@*{o9P!(FtWQit9)_&WNSDx@og}sCxk<@MKu$P#4I;(5Pq<172+55+>H;
zWduL}^3|)o#;n`V3|J!q)CuDhBor!x?Rkv!$_ahdW+_WcVB8C^$Nz_}w#~t1R{v+v
z9zXk^YRe(AA?y;0@R@rDTJRFFoMg6$3XQJbIPy!Isl2(>u!@L8NC=^3%SRr9D!A;U
zXXQGZo36_Ny`ke56xiN$)eh3)$h0q0r<Fkd#~-~h8Mghv{{2^jdtz#bcW7+vcp%Y9
z8jPPMB)IY075iYI?9VKOnF~cZy<9h04+M`|muR6eD`Tpi^o&X;FkIUI@Ip2@;i&W5
zv7GM8NxvD)?Og&BAhz8P$E6Tou9NeiSz{qS#oQdWxr{`%QYC}^zk|^S5W}B1v7+&7
z)5K1GiBw7`s*XKz!pgx+*^vvy4P-N<!hso*<K4u>#JrNWZ9Wmy{1a$E6}HHPFUd7?
zlFm<|x1>WO`g8NF2Mhcj)TPu}%7<Nd6jW03fmX{I>YiScR57(IJvV+o(@@OED0C_p
zof>epXhHHRK!9K+M;68JG-n1}DYNaT_@LJtlw9oWXD4v`fVRqyHm@9<*6Gu_<}uKC
zDBQsyrztx!NT$j*wmn{YlyMm=PHhoWhiK*V*i(%+f!n?7=x6FT`?d2H7?f0tj12@Q
zMzR$jQ>blj(-BJtp?Tuhz@8;_1BeL72}XDUFEqLVa?`v2vbu?)5brg#XbibKWHxI7
z3jrxP>S1*T-FV9BS#EB6fhK~wn&h_ATp08jq_Ny^zWw^<IPndOEHqWHI?$4a<-<}Y
z6zw2Cg&P)`nk1$(RjG}>eC^tS=;#k`dYQ4B$XvMs7$RM@{0sZ$q)Ug}q)3}a5>@IX
z01-LWQ5F(S&B%7wtzCP+EQvLkwa%|-mAc6SyFF>U#XMCy$b9P5dK(TDDkuyzynHxO
ze7m0sS8yqV2;6Z`=HX5pH<!ufUt%@&=w$^A&KU7DmTfVfXWHfs0|GLaTptgm4X<E)
zYD>GZBlL&~c1(dLRS(K3V}NDN<~PZFd2|1D%cnl7)~9H^t*uk`eQ$oWr0T&IHY6Ke
zTt&wt9fU{Hk3Vsm7C9SzyuOk@GuNj5d2hW%JjKp`6IP&<<yg@-lXetfCK0Gwhm}V_
z{<(PbrWco--gfEm8#rd*bczsj(kQf&Sq~+ehTVVsxE-M{{TF?Da8S^~^NZit)L^;Y
zm}~^;MVMG(poH@ptp@QNNO~PdEIhBL!y|uLLG-L_Zf|d_uWwzY8L9Q=%^NiEBof{-
z+d;F&bYoHCT3Tp660$YAeKeF-pO}muUG|vB1GVh6Zy0&xU}Pl2_^+D2{&OfNs(rW%
zjr-DCcYIIv@9>i_r8e`onyP%M_U)N2Lk|aqDe1-T*0M-i`q?3_fo^x{@K=R}N~Ubk
zNf0z^9r}hh?0`HPJzu9z=yCp!hfNN=ef=OU*dblsj{f2N-r!^4cpPVQ*P|dbR}SeY
ze8GXt>VL;z+Thd1F$EVcUhF(yU{EEd{w~@gnQ+qbYYAET+k^63+nV%bL*HImC0F?6
z>(oNayQK!Tm#kJzjnH^^Ku?q-yt2v>D{n5(m69-py6c_l(Gl3~+x4&;$rn%6#$8{p
zX}QY4q}bz!5OyOYBkkXu$Fo@=*!dTbCUa_YsaTNy=KR#pkFZ;|Owkc~H#WRPr#VGx
z^>RPKk|69o$jw~|3P7|6OJ(R5YIg0$4Y>oP>uFwIUI@479Qf0TZ(z)#uO&B5oI1ru
zPY79rS<pjZN7-vqP1Q8eZWTKa?cvKjr*0KgPEh+4W=er3_=jf}y?DXQ5t2%KURAP_
ziwiIl{-liu{2TnnIHV6bQOk9MiHx2XXD`FoYpcg_?4*N82JJ_8TS*l71w=wXu%TWl
zDZy~z>7d-RI5`Aq(V|KRvE}*$BP7I?S8m*37Zn{H;8@eLKFSh_&#D<*Hm&|-d$em<
zE?n$^M*IPLv@Dh{CmAqMrv?yaD$&tm(*oOY?Vk91Dv;5|Cr<iO!S9ufa~(#uYWI5=
zVSTzCZzo`gH>g$^Fm&K>Uz;(Y^*F{>kWS*wMy1IdS%MM?xg1uqT0@3>{r0US<4An+
zi?%*BGt?<4+HV*pNSX!&%2I+#2L<e`y5D)8>o~((9&HnRGm63zl23K5Pb0ToL2}JV
zx7_~6)fZjN82EL>bTd_^Uf1IBdeJ0;bg&F}#0X(7Adp_=rzkU<lWe`zDzQg9Yb2Ko
zkd65&WzII->K7~kv;xjBo8O67OS!h0fJ;OItAvHcTbB@9jst<6?-IWiPEJbds2m{u
zQHbJ!{(_F2mrPjmnDMJfW~gc!{?|ZF_=vFKVyCgey=*O3hOszIaG4qcZes_hIcL%f
z9xG#V)GD~EM#DSjLoLc+VoFtp^nqH#Z((agr?<(G?RYT$1k7b1*%)O>#Tm6RVWZE$
zzWb5DTV^$8i!j}W=?hky<KW)B1R}Pnvbm{gC+w+Zufe?n2xDXq@hYaEGWC`K(bt9e
z98#_&v@*Af-`zQf>3a}P`KsaFQ}ZG5glXYcT7X;%JrZ9&+wB`2b{C1JoTTiUX@jjh
z;3|M_Ph%r)Xedh@&!5|v<t-2;w6${_MrMoaMDWm(EoJ28u@wCZDhY5;SL*fM?DseK
z3pKT_iypY!7*t0r5nk_){YOetm(9`ax#v?qdr9|%6DO3CgqKW7g5NqYChmBPZEeB#
z+no1=j9mRtt^Ef4C^C_?H6}t&9zWh|mIxtFd+^{Huy`6&Ixma~@tdO^X$hxJdc(bs
zb=jHUtExy11&<yv;YG*UN-Y-B9t#@B9taR^ibdi8<1tFp3hF3_F@Ivv_&z*h*usZL
z8AOLeNn18)%FLNVC`ch%dG;&uQ(m&<4I@eVkIKpehYk%qbhKNj86}G#+bk$JhtPv^
z1hSIdZ#*%!QreQ>k8sZux_8)B-RNT{UD5Gua>9F9*6dq3oE4h;o_1Yp+vW3yQPtX7
zrDF^Y<6qTh)Fty?jhBn!EvF?~F~2Fl#?qO(rK4yx0Skv&@1ytykl(Vd+twO5ipmo2
zSM3uMYWu$y%OE6w;q`2PcM1#Xph?V<UOm0PXJ0`j29%)k?N_O@n);kg(>!C<=FMnf
z1}l&ZpTB6UKJgy;Ko<$Tls?6?zG6b?p?Vx5<z6OE)V40Pw7mYVY<c2?fPlqE^bG$A
zP2RS>>GLYmkhHzUmJuK9eB8cnHT0#aq*UP$hvj<IjxJd=|BYeM8m}K8K7S6&aiCPC
z>Q!gn%Sz7g-ydm~|9CbY3)!Nf^8vV|gYYp%-o!^_!k(0LZ{p#|$N()104C8o*`{X%
zEsAmlIXOfD@A#l7fgsIT4YXcle0Em<t2oaM@m#e-%b`QuJQj>35r{_^0MI((7<k`t
z%d=v@8we(3-q#Jg+P9b#cYj*@t7OX*Wk)=KIoI3_-aG~Uw046q*Ex<i4Ihu5)qfwK
z)F*lkCiI~(FMs3IWrBkx2ouySx;2nMBDj{c5S~i={SzOLn>L4pR0G4cC_#5@+%SS(
zZEe{ZyQ*6hzYKx+R{%aSQaa1H0*LnX=_(+-oF%+z6J<y0A9_j4Bt-1ivu9tJ<NPXl
z>e~bDli1uk(WCuQ%d_dZqz^#FWo~czHRHyQ56sw<_>K_qQ&r2${p6YfD{JFCZ|>8h
z2Y}W~qy71B`6^fZ`)_HJ<^9#qvDu_Dm6-zz!02GW{pn{tUDE#CxAs$UN>g0N6B-BI
zPr{TjEqES!a5`weV@7ZvC~1QP0VTjEmKstn0QkG|R>Tamy<6$VKZi#yDQr$7^~bp0
zHF1I4lr8*o9rfULg=mPipcq{UgY*9VwTve~f3ffPqY@Mi8MI#*gy<ap6-56`AR4jc
z%86dFjG5RpAucXHA>PPgm%==uZt>jegvJ`OsuK+rU~{?lcnT@5ncqeEm;&evHPeqQ
zXGs>nkJCQg!UDDufFQNoj{@jeO)V`rDRv9XrBh~JguPek69V^e+v~G1$hJ1*U2?M4
zG^q>#ZNaGoD=MbbN5*Y3JKghWW<USOr8R|;-4T_IK}mi7{5M8aO~Z6#L$82hGEIgC
z0U{33f*3EZBnMrZYRNAl9QiOl=IsZWtr+^Z|C6;!*t{8$GNjF$e${<dtMuN>^RrR<
z{tR^V^J^!Xz{zDw2G8_Ic_3DFk;tHGo(qfC+39CcyE&=ZIen=;*U@hkwG59T0b;pd
zt5>_3-n+t}au3PRp)FaZc>?Lx(DP^Dw{_#*m8ELNW>PxBx@5`$-x#V1pQ*f4pjJM?
zvDsyCmJEfiIAaTekTOX_Q&|~i)E|{Gh@uC^&SELEjQ>jRBC;eRPTQ)Rsi_2x3wCJ-
z3o7}IVw#V^GlGw^D+|?EABRWUk+ngVNoe7gu`Y`?gF>OF!N%VCNe*k)G+bTq(d||V
z{AwKV8PxrFWv&c>A`oS>onCBal^mQpCcXwODJTfBe+#<))gbWtkP~H1QIm4p!piTy
zngj7w0feH=R<h#N`?zNI_DF`BDV&%AaLm#E{`~dD24RN?cgT2ajf-DS^~Y&df6sTj
z24E1ykr^BjCKtwY_W<MbKpghhmrH(t*yMI=DO`Du$B7dXFL%>gDN8^ephOrQi49Dc
zq?=YSI~ooqpH-WLOB}T~Uu}YGxe4sMMJs$I(KUJ29tjQ>57MFx<m7#Okl~HrBIrg3
z<Bf|4Lz-v@rYdtTd)XuzOFw)e5!gD5wM*<H+nu+<|GG{_MO-s$MqF<#jhyEs0<QxQ
z5*6-k{q@3^PC@Ff#>JB~V>fTAHOeSW@Vi$1G3nfykXCJn%dgQK0?dNfx0#QDAvcQB
zHTb<tMP)DXUh@ZbLxEtyQe4cj905kr^<?{GK+OuAr!H1K8f{W)bC-owT9+>~+8&2`
z3?D-}GyW)s4zRhKC#w**KYXYMRp*uyF4?G*I5`YpEn!Hc#3l+T<{dzMbTo88ZHW&J
zx;&RPjU+PXp3mIyKP~|G3++3MKiTd9zm%QQ%(RU6VeUZ4>~J2owb0;q=aaL+h6M7M
zZ7lr}18yQg&ep-cUJ2l&#2N<vJto8-iHd^cWU3Rzl)U-G&rY9W4jcKU#?HvsoU&;A
zB4~F~Q#&~z(p)gfB-KSHD!*WpteaEtjFs%CeO^dLRUc`n9oY$^xF58XfC69zfMS&J
z%z;LY9I2%&-L}<k^X8uvXOuEvy^!apj=ZO*7{<np`FPhLAH{-QL1ER^H*IITMv$E7
z&Z+qJ^qIKO>HS^CH23b_Elu-O`j%t1wR4J{wtsIBD)4%mIR3DK-PWO41QaM^#pCLb
z?c3YwJ-{b`;=W|b3A>t+x=}?B94LLF;=2<1Pm>E;Jb*!i&IlennnsiQ_Qhi3YC>}3
zX7x+eAJ;gX>Z<2O!_O@TBoV)Kf?2s}u)|LS%GG05r!7NK?Y#~7J_EhYm@#Z=H1&JZ
z{!&@2shX(|361^*3p_U%9cHU|AG~(-1hlMhO`g1b`KRw9RHzeO%d;WRq;^#sv(6gG
zgfS@#+l|0^g#eykxzz#yi4iit<XKUX!}|4X|9&w&Aa8}Ra){JM+JN%<MRfX?PyKwu
zgWCQQS*z2BNQgBJ3#?1_7o$>^Tzdl^T+44WfMI%CD&(cZ4M?FB!%K%Z5Fi#0Rqf_X
zsU@{w8@gb^8D~65i<wQj`E2&J6;#3?!lf!NCkG09S5xKQiUw4W(4dv|OZ{PwG8B<}
zq*|)E6bj9rshy>yIA~w1s<`GqG{HEb8A9M*hE2_m9r+Eao*|<0Og><siB_a(F3fjE
zQaH7{tXQGv@#Q)DQ+_ARaloRDO#?=`z<emN7=Y8!@u?a|lgAt(FThm+0>(il<aSSl
z-C+IuW+>-7IMQMAjj`O_#PpcJ&-e$nTnrL{&-Tku_Y&f0=YDKqwK@<prPkNtbMB!`
z$U(%2sH{IXlQ6}jD?6)&{NDoIk57P520}*W{6LYZQ0Xvy$m*$NCX5i!GD|xajf6G;
zQpK478K=_j&F=PptJbzn!w8s@G?cb&2N+bBmx3WNQjNfrod~^}M5^DDjv3_2oumzp
zgMPW)N=mFrf%zpTi^9nmpS&3}@bcMfb(!Pu-~8)Lk2d58+=HHM4fOU7)R0)Yq6HQF
zB7xA%90rGuf!!XkOx3t7kxc^D*3V()QL}@Vq*ddzh^wpQ{&`_PfTkFM@fCt)V9FA`
zATSNl(|d{%0t6=EX%_+LC@b>^e93>+Z8jdIw{Ne2bV9o|Sve%f0gsy>6%dzi+%U*D
zmJc-9I!(|j<%Q#CN?Cwa1WX_+h@-ii8T_Gfq!S{<pJLp@dhZ{Do`H|hi!o_EMXh#q
z@p)d=Pfh436Bxh)RDyK#<2~laguuKNjM?!hQSaV;jFyd3&;NV!k%77IX*C)ECb%pl
z8Nd|3)FN<A(=O*>4Y&%yhFMTwX?U@m$tIO^2!bt>?%lfwbayhrJ=nx=CM_)?U|)1J
z%B1?HpKBOw6M>nd2;8>;Nx0#If-%Y?zv&DbG@Zc~Y~T2KX_PB8^hmt^6iNe&L~@A{
zvmrpk$l&}lL5tDM3X#S};WVHnAv~E)+~nqFbKRM}0rqe(jjPA2k%9la2|GEXj3_Zi
zKLAm+?A3?wY4tXA>GeN<vS;;T9&dtTzjY1QUVr%T<SY+9`)D9O7Dw<1`1m9zm9AYW
zJnq^rZHt4n!NZ^y{qf@mzc%>V01ZMZUiA&kvzdUreU;kbPbEsFLzTsTGl>YYmn+0`
z0i`&2a0}Y@2fK{it1vT9=N0!j7}7Q)re8J6Q{e;qZE|Gc0O^hm94%%+*VjYbR1Evr
zp#1p${U=YKelQ*~VnnUyg+$4wYD}n)jGvbD%)4Nq(8nZy3+~gUOO%XCe^Eo{M0dA$
zpF2m~Yhmu}<KubO{Uol$adByETtv$)T&3}D<~BB|5x;9x^?M4_1F=BP6mwK|#G`O~
zcV<5j8Q&6$0c8eQpB;=$lXZ;+VhwixepLAtfRI_!-^>Z<eS7h@j$zHT0aUAX#`-u9
zZe&K8euF58N`;9d4^@76s?ECbhy=iSptc(_G=v?4s!^yJ)~<!oFza-BSXkIEbhOqf
znbEYY)_!>Ekkx5Kgtb7d6y?Xm1Hu`Zsy1_Gq5U3iC(bHx*vCURt!j51klS4gl%A@e
zf;KV|<2F~KPy4H1{>ojtK#`anrifv@ANo(ua_9u5xI>3fS_wEbJ&2}*g8%IQ3!!Cu
zU`Ali1Bop2OVP`h2q^Z)Too8|qesuDy|A=YOo1oCM4y3{wsiD?1J|ggQJreNSv0{!
zss~Swn+4I3ACk3#{Vfa`i_Qw`{W!A!&X3UCQHlM9P>G6i-~D+o2uRAuNCj(0S(IM`
zsjzCIoS_f9&RH=qpp7FMas&AX)RGhgy((QA04bwO&J!;TVlYJpJQVnM4W)b9S0cFP
zwDZi^4uB~e$M(?ZHHwY>w<v|0K{#Mw_@ki#0kIuw3MvOFllPXd-@avp^t8CRg~(02
z%dd@>U_YA;Sza{6Jy=YrgoN|j^llu01*~zwxSbOD*Yq$DBc4=62IA9I|N1b1Hp9q*
zvdVQqSeBRwZfCAD3i3R}wnwWeu>R~6i%d`q&tucPAVj5bq>$mS{C8G<OG_(%dD6@T
zk)oY`oSqClNc|rRm<l0(vT$greVR1jle#f2M6BMb8HJU2C;*#VFIj>vkHH$H;h=7;
zX+Mb&!K#>kXaUy+VtvFt|CklVJD{Z#7dWTXgg%gVNCsisw{xmaBqi;;Uy=Nn`3-al
z41r+T+;Xejg^MaF-2dE+lk-sfQ}tlR^3WxG_>wEk?<zUof>?${qDiSnEGg5`IhN(o
zYbYJOkP?*hYq#&*xicu}Hvb&0EFbk{xCTfm{Sy1~vWx$v8ud1fBt6<^`NbDhvMNO0
zc?VntCr0D+d`x-Z+<G}U90i99(qh15rd&Zndw1ufsoxl=Ew7!g7c~(L)m`k_EIW@X
zk;()IN8?xe#tie?PCIo7{?zN&7jG8M7OeA?mltzLDU!K2{FNUbb6`^|2b-Vo@6uQr
z+m~9dS8jJxWwu<>!!lX4Bw{nS<|+y?ZP9P`Y=QasQcpqt=r>>hR%bhnvjrG}&~cbt
zOtHlwdVBG({JQ^TnhMWga~&QC>@xaU>qUz+8QPCjn$e(3WyC~&>Tz&sd<g2^VmR-H
z0SLOC(v^n$?%#Ru3S@*}h9gWRpZ($|qczSc!RF{u!S395{3Hu|+B;|hKbwY7>O$+~
zK$T?qcaY8{D=|gpy|I~IV%yfv%ii1n1C5c3!w)0`t`g1AKNtf3-D)CV@m7H;6Zg-+
zpySku;9x<$ZEk*t`~VGzd%Y1e_QagazPGXR;4ui;GP5P@Hee>UK@&?q&cFkR7BaiM
ztgIeR2wxT`n*QHIXqaqkJCU7FJUWVd3{Y4AkPbBJDY=`Z&;BQ9GKE<DmTj4BX?gb}
z9rhpkMoFYz`%JWm!d-Xj4j-=A6Z>cEAxX<D`}kS+ahg+F`%qvEHjjX~l_yeHV9CZI
zCIa!gQLZo~WGvv>z5fOWhoZs<iW`BPAc*qQBp8>5$*b!Oe7O25dxn^4z<b!}=&0|I
z^A8*P7!<+Ulib*C@z5;{awuJjp(sOP;5zW$o(!_}vQIp5g8fDuwXd{AD7F9^=GfQ>
zW4uY75Qn0^#>a!=1ZGdPab2$vq3!sa1Y5UTSXl5;SYriuy%iLikIOuux~W}>$?1KU
z39E)P{O6D2I+VMxKArg|K;@?~=uDvke)@#y<`UJUk(yG4?a0`N^h6vD{=m|3s73g5
zhK7a7J>ceS1>6x|+PiX2aLmK=Dhv}~Tnm!WjT`$bOVbhKv`<$j^ysgy%)?cgxdBtI
z!$@Ay3BrD%Ou~MU(8Os;=Z#y+lDe&MbV&OUl4go557lQcz5;2APfHzS)_)%|F45j)
zH(hgZ9Xov*7}yCdDnVAf_xMQz1FjEo)WSfd>#R5_!iBHmzWX7S`r4C5sy(ETW<e?w
zxw+JS3yc;d2KX-Oxu?HV+Lq>N>s?$rcZtBr3S3=3`aX=_)e@$SqbHd*AK=Jg2dN`{
z?C8;vJQeD6DkLyDJgsa_r=v5>9xUBtOs&Rt*jr0CGTWowWq}zzt{~9H$&Tpg|H=;2
z1!U4Je1+L-2sZ`f5NwzFf*u0j0=tZ@2kZ|OR0=p5XomnZ05~LUb6^7vT?A%1CjIvX
z%3Y?A$J`)D3+Mwp4l9~Nh?hyz2HUYO!xF;GAjRK@i&5>#ePnHT$JJ{ACR+Zo#5H4E
z$^46<cst?g2C_qB_sLA5Cc^g**3;YjAA}x1Wq#*v+q+26T23mnKJr~wC8S*oRFwM<
zUMgw-gar@HOGi-&li4ZJ81@IgQh6!|^@M!GPfSdYAT6eqsi`)nb%S%ra`9b%{85yb
z5}!BRA66N!QAdYjPKCKu(5Qz{zp2cj!qXh^++fJo>>K$UrVQ?7)GX?p9tJ7Y&{Efj
z1Zgo5f&Bq{gmVSH4@hn{L<9Ccr7#Gv(Jk#@x&1{wGykmwwX#$Q$7S8;e}4Zyr_zma
z5IG(Nm}%Gk5~lE3C@q=v#?D&Jpo38^SB9}Vd?(x`Ap@C+Y?m+R2A(*7-r0Z8XC<ux
z1Ma<eK{VN)w?bQ*+aOl|axZ5iCx}`9#QXp^N+R*jieR+R_SW(RX=r_4j1JEemH;h^
z`zZoAgbW)g+Xx}T_rsba6jw~(1`mGl-gUyNXgO}EygcO@NUP<{nJVceoSzNO&X(~L
z&?!9CeC6oc>3@Y|Yx_1Ay+hP6yp*A;aMDRqXmzl%(o|K&_$K>$DU|{fFhqoy%PBsv
zd+MaWEV+NAjMP&F5Rq@Ecy=HFGP1B)Ios>}C2LM?kqpZvYBJo%$yNMJG%zk2CHM)*
ztN78wEfJ`PzzKKx?}D<G+?M|PXdcln25Iq9o%FZzwJFUg+xh3n$+}&qV~t?0Bh;q<
zkFNI)<Z}Q2|1X&#tED2NjifEgZkM#{l%kY|qJgB$jMDB%gV64DlBTSXv=o{&td@}w
zLRR0~)%korzrTL|IPdd54PMvvd_KngalhXmu*exbSgKI?@moL+B$TqYZra4&LlO|P
zIQnMLHSmzl9v)-ZuUORWV-z)fVV^kQCD<DuZmo}iDuF2iuqfG@<Kz4Jv|K>J`}cu8
z16o{RY?EC0v>}<;-H(Tv7}l<J<e7*X7W;z8VYL&Zn;$Lt!81tgjiowOJf&oTE!2Sv
zCRH@J2wPdN)7izv*;-m=U;#?=MqH#^<O8Ls=hMD-0Z(2n`+W}|kFx0thm&|$Ru&N+
zzA14j@-!Bd5NxBb6kb&dpO#hX#)$m!vuE??%%KQ>^6Z)PuZvWgyB=)DF-a*z^540!
zFiBzGPdej2PJ7@$6yuQZy-zF41X5`s-5b^W8JNtYM^nJRXV1QNB>Z)mh}3x1k*)X=
zg`@mN#?#do)@RXn_vr(MEiEf6+Mc4{qZWo<EvKkh<?3wz$BY`G9wlK)YO3^+eO#Vi
zy?b+RQ0U!WKKj>dLg#-SpZOt%4F?}PA)VXkL<eyOGn2pn-iob-Uih?FJK`6<-Ntkx
zK<YF@bV$c8-tKCj=)A>P<3Du}yeHl_w~v2eoF;Mkz=%bVozw3f*td^S4!dAThIjz4
z8I{z!V<iL<=Sw*3*xlTn{RKttxeFKAL||LnjoDjSS^k?h4{pezaRsc0C^K~4-L3(8
z5N?>Z7#f;!EI}YB`tVf2*uZk~<O{jqQxUQ8ZGHZ^#f~$)re@EX^Rc3Wg(MHyiAD2C
ztq2jCLbYjmuL9c-cXz%oENtg(6N92Qmhe=;hR8?FlN0l-|F`Un4uwlc*@_*ITX0n{
zwL0bP+`)g-S<r=VD2UJa@L{}}S<xTg5jH)^SgKG4cFYB`iHGHZpw&ks{i-EWXfj06
zLUa|h7^tls{&meQ-JD3tfGM}=rbz05NMu>Jj%6HKD;PNXdF48du<T@nbtHERFt%vr
zcur5S{>f)P9c_tdX4y{?WOWI449q4{FCH_SzsUFA*LU~|slEr8D{|=4YY@cU1a;wx
zM$IGickSL?TxW9f8U-I1GR-=54+)&EOG7CHx%=(gd^9W_O?i?hho62fE~DJNXV2j&
zXDKvESU-#341oFv^AhH|uTj@wM;@mTsmSHPv4mM5lx<X)j6secJBCA{h-~dV=hnoL
z!I~K_>K3Y}sEzL!AMwdMN;72<;rP$~dg1@zA75Sm4%#i$lezRP9li3OJ^Rkvp%As5
zHm&#Y6*g2C=oaCrio!d+@Fd_y@*+X2{xd^qax&FKo^R3KG&$-`2ncck+<ab3(MHj3
zbX#oNL0h0!DkY|o7;P}-qxDt_%#hn&iLyfMmbY$2xx#Z*`m&PTPaxpV!}{eu^Q`%z
z6XG<%DBR@keg&X1Y)JYfG;egLteAlX+&1I{kAvTih?d25o)e%$9Xfm%o{x=<6ZLIM
zBe@L*;K3<unf>_f8{|0Ls?uhSkUNBul&w2A{bt;QG06|zcE&o^j)oVM6_S)#VPs>$
zeCKN0KDMZjWu-)qu+a?EDG2Ez+9&IczW%m~W|9tcEP^ENF<F*ggYuWNUEXzr7ho7Z
zeoTMV)Hb6KT4pnxsoISjK;mzy(|{>|&5E6KiCn?4$Gvpt<)_0G{;$N0t>W)BGP1L^
zh1I7#{$GVv_jYx58Dq+~0{f-G*|=^UbW;M5+ony7b9rtADy7byOCJZ?6+nCyLY!0*
z&R@7NR>iu~l#P^BUZFFi(1KH9Nv+ygd>35}U<En=nWtf!^JXt!t~~7+`)RSSV9m6o
z$bO(ln%rNF$3P;4u7V?ddATsAuS}q-sw!;{B%4`Nrw$)8X8+#3245vzFoStQ4y!YS
zQ^R?nt_QLHiAHJQk*VkAP{>o4^T!5XETAM|GlX^l_v;rr>dv>ly}ayE;?L~|pN>QX
z6OTLBBP?q8O7LhLTRD|f!(6K+cXuG*I?COq5ki#`n1P)<UI-UnR<yPIX|4u|1Ym+!
z)K(I=n#vx|AFUw)8-Y3@6Edo+t84MMSwkYSMO`l(a&}%&D}(wqCzyb-V0rkGPN5@I
zvYrl@Zm)p>6Dr~Sw{ORd7;!k_!R|?CSn1M1*GQ>EQD1$wKx_UG*>`dORYe_3!PWpX
zXx#n=ti7D`Za0Oo{@}r|nm8jjKr<NH$OUjI$j4{+q`=t(1zOOLkNG*r4<39GPwDY<
z1Dv0U-Pj{PpHRlT0Pz71Sc%OUb8=sX1M*0=dbXCiR5f%*>OkYdcO36otr28(=-@#h
zWXc7wX8I_6&%?6#a1bzZIIN%`AWYPi6IE<%ZF6AR(-`ta_<Z_QF(i|GOhvushlIz{
zU;73Ch$3e2&j-Wh67o;tBQc!N70`Rm;BG)XhK8(i@;>|^k!(j$XRbf#%=3z^Ao$Cm
zq;|d%Syf%_^X<*hZt|m@9;u*K6fHnKXx*%>C5=k(`P!xv3T=b4LG6gE7;X&-uAV(P
zK$9qBpfo!<i8Ext?No6?0%2Jr(exI&+f1CRuu<j}QN>o+m+_I9`O}!lckV2br1%9c
ze$KEG{Gvc@dG8=;4V#5Pt^b3D&Wz)z(`p0%uorMwOAk>!2z7zM;sF8*i;4<XwDa=m
zXg1-v&Wx7^t;4wqwJRl!FSR)DWzrwQ0|6e4Kyu9K>a`p%SJ$4EFOv!9<Zp5`^3JHM
zOjG<9ZZ@J^!pUn3KR4YU*M-bs+i?>$JziT(viRb^!=nw!glWg-8Ij<`-^{ZhHGlux
zoa&;A>_s;Qrptfji%?Jm1vRD<Kl+~r3wMFr`5g(I3*dhTW0x_>TxVke3?=r*duWv)
z3TJ~WKc@&At%$c26m&}T1w>kL90BDM-Yf-5=pJ@CoIneq0}KQ#gO3h~0!f&bBra~h
z^Vv}5`Ij!?rI1-%yqqoWo}b`sX&;)B@^8sbHeSBvl2cH!{j`av)f5+OXKx<`IH?q}
z1X?EgWMvKGcouoM4IV$fjd2TeZwgnSE_3xKrrZ7x9ygC7L*atK2$_kI!p`#C++1Id
zv54t0`6tKKzr&DS74_EAr3Uaq*WYBd$K}h|_K{5?HM5!z%z~a$(n!UU5)Kr&fqI71
z5zv#;R|LkDH(FQ<Gzh3DlCj|dU_(Ohl^japlv&DiKm&|~n;o1mHVh-CUw8>N0|<lQ
zTZ?Lk_VdMyfUFfTX+>;e?_OwMa1P2pqiLb#mafj=MbjSAb@mzKax67<XVZYGzbHTX
z?z{lLxTgTHd^tS)DOy3+@g6Tq2JG5pGktoPgK7A*FGKcf%V7a@XbPl#;7ITM^_VO%
zyx{xsPtbqA345(#X)?E!URPI~gd&NmoZ!l3Z;$I}JwOdf8=x{KWn-ZU^#<YeK=0B2
z^t2C;h~S<M(bE%~W+NkUDIgxhup(c-=1t%(gr^?(9!*nRTDEHYiMHJ<Sr{rtx>9Gd
zD^Z0Y=rA*S(it`=ZvZDqX&K8$C0}6ag6yU3_Ij9TGJ$X!Z@}g!5)$`uG$NJ|!?xKT
zBazS3b1#t%(w?$tQ2~56KPCP=AB6h<HG=DrBU^{GwDm<&%h6}z%YrXum)R?fj_Ftj
zW5Q0C!WWf?xTE;x%aH>H1Wh}~iyCp<g~=zi8mV>Nx;@(b*4>0KCJa=wgqpnT=|og?
zhXAMQ6gp#n6vzd*C4QiO<w|8(V^fx%&QdmvNd7>K$N6@sPjF|Nxn?1e6()sT0OT4P
zjX!N#a^g*>M_fgAR8xZTy|Wi4z3Yp20gs6A%i-or`{yf?FD-@#E2NJf|Ak{<jBxT9
zn_$vk9`iNk004yYMKPY9?tm3FY`IjWQCBWqI?mPPKCw7HfBviVv7P1Q*c>+Q$m3T-
z)IR+$7vR;)my{nxgbZ3!Z$c(!5j$NM@_j`h<JvVZidmeq07<ZO!AS%3OpV<p6gFrT
zNYQ7W0}p#&_#Puu4SJp?rQI+w-k$!_ciatqFKBSsI3H+Xsr;j88+@~f)HK1^2C?3V
zk)MhbF3zpIU!II>VN%wO_DTDCqlozkjInYhHuI<H=@`J$u<&q5%s6dHS)#DG&5um9
zHG6e1!=YPU?A5Ee^+P{jxOuYyxRjH?)!Di2r}=U6n<!`f-O)NsDdb2*1R`u=Co>7G
zyBIF=R{3Ic0FpzB+5$|**vP|2rRm@1<;e(>qV?sA7w935^V=gLoY${!wO{f#m!4Zl
z_$Hk4FMM%y;dx9uC+{x(yS7v^bm#YzOKMlzU3x__7NzE5f0rWi_xZvjY5H`?C82{@
zb|x;d<)_5G6T7=g;x?y}m(P0!P^1z0IChPyR4=eLG)j08|4PldNujMIFQ4R9Kd|qC
zrpCr)x7N)cc6$r;7OrB{kR;2zHCw4=7!H%qyzSe@jU4$hBcqh0g>Un*v95g|`EhZO
zB%VC^o>fY0fh<ZsB|BlMoRg7oufG{$?`6vj=amp_8QOsQi;E1%r-OD%8=O`URRQ5w
z!S`s*#V-g*%hQ%!Y{S&T?cSnW>%#54YSRWZ?>h<U($0%47F(Rh{H3Ft7e-0178<E5
zx~9-;S$)BKZOXtS=YIFZm4=;Mv2`Lww;WA_Mr%0Xb>YP}em0Au0Kcp3P-S97QkM%S
zjL$+E_vle`LpX+fv4;sNx^lHOw69AOHb&vpvF7ZYOWfc;BZ`1Q3^tyi$Gx)Xn%EDK
zM`KV7-NSsD_+IjzF#+VQR-0=ON8Y}FfBDiS|1@=^su&i#y86;5m{n-${>{51wsYF+
zU8`Y6GHKCJx)2xF7tPF>=XaKF1T~@9VEET%$0N?cFY}?m4*(kuedeN+dh^DEd`t=;
zVi%uNmJ1!Awwq5w30Q>G5Ui1GN8V`N_E{26HGcEYi3hv-()0anY&1i@h;KlYt?WL~
zK4vFcqyn^PNWYo`r*k2X8rr{O_+@WGT&yZiTRw9pR`u+y1l#$yrzCJTRhLYzE%g|v
zRn^2n<1v^Ey3MX;$&gHOO&L#$&BMR#Am~w=0=3lj%Wu!}H_JRI@sSn~8wO$*wtA_l
zQPa+`F7iM6S|`u*wrK1qc=zj<^eibaXGPPn!D(<Yz@Y>4OBPC|eBGQ#V-rxv4N19K
z*S4@?oqeQ@Zs%vgvZw8&X3v}V^zq};e5t(fz=v2_(Tk<8r#mQGZ2$c{`@3rmySyk5
z%(q&vt}Qo$p-_)7>1BbZKbPF1;<fYQ&{5GX!%mP!%(h~h7J5STPerFkVCXpN1e;0J
z6=Umo+`Oq0cf37n{^F;w`qEEVm&RGY*^5;>8MM{XU%<8wAxteO3Qq|SpAUurA9__T
z8wP>@;g}QTRQ`r^R?o}goLI_tWy(<dFp&|4?UzCc(B>EqEle)4Xe(JTPO5JGOH``b
zRHo|eFP46{J1i`4`M3_PMoKT58c^Vlq3qN>N1Jmh*XYocs(DIh^+EG2NAy8wdPz;j
z&qkLrn)QcDzo{J_DJyn+F@OpgiWLhi=-|m&DIPo~wcYdBZ2V<2dFej`AE*H2W(+nY
zUhIT2DQ-1jg$>i9w%>al>bHP6G3-XKU#Yi@(Ua(@MUv(9P`m|nVlZ%&PtO9{njN(i
zB!H<&CNPxv#f^nYa531xNsfUL!nA~1{oIu+;)W=_@I4Pd!EQVGjM|-_lAnt&5Li*s
z-PEK-JRR#!m-Q~*(V7(q5d2tbxMKZ!afJtloi)85K`fxE#X8~|00BiY6+;y*6TM*Z
z>(0uQUa{W+nQ5-@!FA(+a$PXl%Qo$=t9$RuW^s)$&!qTP`Utw;R42ehP`7z{SQq+z
zmeO{;!#Hc{(#V)Ln&zMrLEN35>yil^g0=L4hxLksq%5C4dlpoAgUSu9LWlHh-mO6o
zQyQY!Iyh1@rcLW~l{x4(eGjW6kNU}7N8w+jgB+@LV!58vU}NJ&<+GM8tmCfAq;1q*
zu`3^@&$ie)Chn3734n*iUUx2Qt>LK32jOjS^4ZtiTY2HX&Juj)24;T&O7+jT&pJX3
zt$(A`Trq9gk|p9$`qA&A9pn2Jho8ye@-c&ZtY8By(aF8GIc!et4K&ZVPa8%k>~*ef
zc<f-*eCAa%?p??`AqkCFh_=0ezHw{#L8Fl)>*-)q21s_eOT^y(hUplr5b5`1QS!s!
zg6fizgC|bNd!$%OcpAwwvx2iI_XGlKj{*^>VR`3_fk2jQ5;<67S+1h3GG(kVmsmCf
z!{Op8Df7KiJqB3n9OoQ&giP#6;Ey2Luo}jg)3ZEJXIaN<>c%{=C$f9*P7vi-n465B
zl23@zAi0o}=pN((`0V(s0uaD3rc0vh*pj#uG5G2moH4wsaEini%cj2?q-LCsXo>jm
z{E)XH`eyiA;7GPei@EKXlkFS>Xy`DK2;+oabkH0g>V??b`k}|#t<^`ao&gsjK${|i
zU*HR5>n@cd8&%=CTI!q@9YCPiayMCEX`|~O(!(Um=T8^q%91aFJ37A=sO}4wD}-g`
zFb-s7O@_7~TJ3v;UxjTn8q9w5=-1DlU12ui`fLhHOtc52HM%00J#fx`{9XVfhy}W;
z%yqRLN}D7fBwKZuQ(zp}zdsJ>71(OS2IhYpp6oC5P=GKBPaq-H*Q^Iu#l<me1-^;;
z4X&f<<1l<FIFd4A1=S1<Lf3V1xLcZ!^nItz?Yx3Ouvm}C&dxB(xVEfhFUpI+p$iTM
zXpMSNv6Vv^`?Z}?0~k&?rTy!f_rax>c4qLP4Ga{kB5TEEkFo0q&~+GZtJSU<+8m=R
zN5KsYra#!1$s&k5KahiMy@4Cper$_5zYFtG_0yyZ?Rpz1RD?`%Z{=XonFK8>ISAL=
zF(<po<Tx0K3xQT;_ptQhg~l#<Q&d!Bm3DyGL_uh+A{Cec_D)!D5KTJrTDNd~phtk)
zbVcxa95jYA0Qd@2U0OZ-bAl)w0h=OiIRW7yt)c0(OlExmpoIvVu&3x$Jarm=nDRl}
z8>@QNXdRg`5T{_wN|5iP_~p>@`sUYKQPTkhu(+KsC|HBHQRYizzfd#+<0E*8W`8a&
z24PwFvr(C&c0fk@XCUDYS%9<%az%Wm4I<axijOZztVFHzn;w=9imnkjF5>Xv?JW&!
zbN6W>Ga{v6i;oCq`0@(92sPGI7)HEbdrQtz#U!eOVhbm5jt+sy?}T+*pFv2W;Dn`D
z_E8_e#4MOa4(o>u9omJM)uqdKv-bJ9i*K!aO)(*kHln|MqlD$bLXk)<s%sDTzx}Od
z7H^#aD<c}qqA?WG)X55aFeAfnNLTJ&m}@s~Y4`3}&_N&!jTw)4W6mW8Oeq(3$bHV=
z<y(BrH#agG@C+>J)YK2JUP;~4BOvVR(ThE<D|j%t2`v~<>yKGEA(5RN*J5^9Sor1D
z%*Gvse{pC<e@1Wz7!<Md9PO89A|mn`=t+G+R7CH?-J~l>KRmKW81v4u0XM7eGYAsb
z67H}!6^aU%8hT<GgABXd->hcDgDtM)cNP^Y!`vZ*&6!!#5co@lr-z4GXqUL%!N}dv
zK53pE&1^lD0K#}0Bq+^%Bzn3T1AprtpQ!Dt4YUaB0IPRqZ1)|Ept-X-0Xv7hmoN1h
zV^BmzL@eaVv7H1#K9I_pGb{PORH{36wDE~BkT@I>0hZ6dbn+R1SHr$Zttj4o&5LMV
z!E#W6F|xs3JF}E4O_TzH7l{z7Rt0H4Leox$74ZoA6}HI~T^Fr9k+mUM!eW!frJ|!0
zRWN_F?&-Tz2XS#&agEkf!d%BZhk6af-kGrB>|FLo<@kul!>$4UeOuE(M$oxJy}6qp
z|Bdh_CuMbYWHiWZ?upUUZEQaCSgaPtrA0vNhRsCy)5LQ^Y{VOB|EMbo7{7fkJLGw^
zZ=i`<hPPU1=~q{Xt=)UeA`FA8EYe+*TOL|#o2!~cDJj~k{FHZD*(2;6IMKc3raze5
zP&faXO?tTLx+yKc?u1LyjTlh|W*cd&b0-%++~<@b3Qx#$<Mj0812g>8<kF`Ag!3BI
zPUM-xI)WgA?<Mx3Ha$R`;lHYE?LV0PW^ZuvE6I?!Cl5l+&rkD;&874gF5s_dy>0(4
zOKqX54ERnABvu-0?1zj4`?S#?%14sCzMsY2FjylHFj-^DG&UgZIZji=5m+>7*RDMW
zB%D57A;>ByIC#PQ`H2|FEndtLo!G?0acn*X<%hY)p#qBMp9DQfSN(tfdYc*0rbTCP
z=~4ymB6K&x@X=&B{E?^w$5AUAMr2b&rSQ{J4Ds4T3;`c`Vkm#pGIP-)nB&SE8dsyB
zf#K4&S2*10XYj(OHGC!PbF+Xm|Cka+)hQ+XBN0MYRu*4v%U|$d$RmN<&B1yax&v4r
z^s9V$iH#LpQNCCMs;7qtn_ibmt_iKXhX-S%zi1YQ^$LlNElvB~0U`56W)2P&;NCRm
zSn|J0e)gUg3p5vepaX*m&S`7h3o~X1dF*)N?XiK5u40=eJq3jAyW4;6NqCKO!Wfbq
zQ#_!@)SlBio*)HwgR_W%7-Pdh+t!dlh!Ek24k1ovlK_I-o7b+*wzKo|KCAM`RdLv<
zUdJACO|7PPy1VU%E{Ww=QjPpxC#J7-o^(i-zr-hK?%VgiVtoP~%bYbQI)KO``7g~j
zQ>RTsQCbp1Nx3d|Qwb0rd78-?W$mq72!k<WWjBX+qf6}U0A{t6@Hj=MrfODg3v^Gy
zZ7FEiF1aW4<^WiAk<$RI`X1=1s`@tB^Qv8RJrxEIop+A9sm4A$q^<9G??wX<Ap-*!
zU>DHh$tpGslFD}A`oRPX3O@juC~@vhkXvl<#<k*XlWB(22tr8H_xGOP-;J(iAEg}7
z#GymHE@>ZKvNt6p#n+F91{NQJzx?2y6ET=0zOPphmj|H|;cMVPCO{yk4BGLgu5;br
z9zY2I5M`IjE*Oz62|U7%B~;WfB?Icj@e!vR0wUFJfc76dg06B>fcSQc|LH0gK=6cX
zH&cROvE}gEol=A1JD`s21(d~UrIH{<k@`xkCY=4x{t3936YJ&ZSPG`|hkku#?Wo@J
zKYb?wxo;tr@N|Zy{k0IP5}}T!mp<be=mkI%5XXf4kY}q2By2__Ys*SW!El&7X;Nce
zLS$wsS%Y$sc_zI$g;4!oM(m?_`LOk<2kNIuvF~&Z9RcNlm34y5usjdV9pWN3h>p~E
zbOG64KDyljJc_>34L;{whEA><Hb_sp&V$LDR?RgcFqDjyH^>ZZE~6jnJTv4r$BL}D
zCGi7?q@$6C-rU?Q_XK$YUE`7&GZbBt0=BK}+<CV+db*{7Q5(s2x3*lAt+SE3gJk4m
zCl-!+a}EM1i0e|ue@06!^$MQ=25(k7|Ka&yUs|v%P$E4|RIh<rYrppbHl)7bpCo(k
zjI^f@l{)Y&&jlomDOfT9Qi|{IBJv{}e@Zd}d3fLcJ|B1U<~;8Cnth`l<uY*bMdAQl
zN8?J-%o*Y}afO%*Rh5_H@I{^7%VcXgW!YD9FxoOHOA2wntQ8zYel7;72#AU^#hC`@
zZ2FWbY%-;O5WmvXW6Win3K2rZM!x_T2JGo;sq#nO3Q_YP^vmeIF>j2OcyF%s$PwSg
zT?=lQGyf-TkreMuZyE|C@7%dtFh>~|omzelC?P?G)k$KCAYqBd+W-33-DmPD=7k1d
ze=QWz-MinSKxaidNIBBIzUL=8U0Vbyi|`b(FVe_Yl#wjRp?1sCGB54|7S1C8VPY7&
z)no$OSr(?Aj*H7dUx$1c{z>y?Bm<nGk{=zW5*zX@t*L=P+97^fteZ;=fH785qN1Ww
zd%0a367ZC(5(|dMA56Z!k25ZJdy;>5`H%bPx0y@i&p+iH`ztax%5=~uGcTq@Aa*I5
z_C3O~R^RBQ_<#o-WacO~c1sGiH)-}gAg)iO(~$a7Usp#^Nc!iPbj4`K`;5dWG5P1+
zyG7`!6QnZ^aND^_s#2<5yUt}?N$tT~w6hbvLh_7m|2NU7O_^tBm!6$6f+pniXQyR}
z!=x-hJ<gtWqIO`AZQas+%*mYuS)g^MLH*=T^N#xUt7mut8oetdWEPuB=g+@IB}0V_
zq3!z3n^Mk*6DUrI4a{fdgH|xX$79PeGx*f<v4Drblsz|j0FONemI8v~pTLc|xwM<(
z>wg!R*2E7yT2q=kP^Ytmm8_~%#YBV9IcG1$_+50cywfOC<lP;0Z|WZDiK@vTvpl+Y
z?<23*>GZ`0-P2R9zVIHV^S0@L7s9SHlg?G{=qS+{d1Iur^YxRIi;-KtOe;GIx(a+l
zhd{5>d(N_I&IXibMx&4TNuE3*L^_&2+pLEB(x*EBcM&JtWElidsxqv$$6gheG!Fxk
z0!|Xt@gY;UCu5t>&Y^ZL6ZgdaylYkUMLOW-mKK^l)KpmNiM>N||87wLXzcg01Fm}Z
z3?xKRPR_6R8V`zW4kLyT;$Gp~@GWna*Gko$N*~Tb!x1rBX8jpGWZ^lAJ7l|%F9=B>
zX@pXWY@#Z`mgo2FdOP?dLU0^}$ShPKknkOC8bpQD+f(1A07v2WiQqC{tdAZ)KFLM7
z@P(0LKkQVjte8tsl9JL1&pSPG(o~pbf<6+H{ExQf7*PD8gV=K7C54XRdr0Zndcrkv
z8{!udBK!Ubvbm%7h79K}yd1aW-mCR|i=~Zw%NH^$=OGQ#*AH`4-)%Ez;X+!Z{wi{S
z-_#=hrb<LTeq5e_!$#>x^xcmA17HP;id9<p><(zmRKK_v$W-p~*+u)?m_v2Q(ux~^
z;0Q%He#*Dkw09b%v{D^?zDQF6F5>00cPK8o5n@VUas=!zW-TC_PZA~IWehhqzEh^k
z-AisAQsGYkfF04vAFk>yevBHEF=%XXhyL&(a?+WM{B_3r2Mrv^f?@1J9n?L*&}+h-
z)%~mDG6f<DWrAO|=6G=sH9RzZ=$6{1zw3w1uzZ!clTA<K&r0%);fFAx0?hql0Jd&B
zb*letC(0{_U3#d)_^3)@`)2S`xdC8edA7@_VJLDD+PS!VIM;^32W8I{2Gh(quU>T?
zGzX-<@<klO>?;)bynY5>IcYn8hGFlS0WQeze3+HRRqgVwh?q~tk&>1M_AeM(SXc-*
zdM@Lw*bs1Q1|s13W`|@mx=^%$M=N*f0u_Z=uO8f4K><5NaqN+u?d;^V4I@svXJl32
z+%!!X)jGbPf>#VPfr3++ktN1`d-g1=5x;(;UqW0%n~5e*x%pSS7N{Q+nK!HEwQ+-Z
z3}~-86Q0NQ8uR;6sS@ite3AQbQy9Sa?KFaVp9oGbO`JeJ!djsr93a=VYyHQr<Jv-n
zHVhoyrpV)<<IQ0On%!W4q2ln-gA5FwzId^ju9nUWp7E|FhX}Q}ikpHCV%Ne%+whEi
zTPN*8cXc<o*j!9XJfC=JW=V23(NJUMt)0LsjnwzTKV^ipJaKat*(z`t8=dCxKL7A;
z?V>~uu>e4D|J}Q!ExEw{-ajk5EB02tp`TGltL|R0$`cVFoRFNO2h)CcoE&*duMeCq
z+R2QVw|@P;T)%L^IihtRk3v&jy&$oT(Xss`-Jd^x5F3Ku9)`><elb?3tNQZAd*9g?
zTKx3zH<S1uTsxa<C6dDFGiIF_HPy;0;H5JvloM95Vyj`TOf6FkJ_>f>_oO|!j;;(A
z7gt5vr(4gSA+6u31o%bt_ds{>(AbG^5zktt8K<-R*GJLcCvt;0MnGsN&Ok-@;?Kxt
z>GREvPX*#rz#a(Rq<@4{`CL0Y+=F;Ek7r`7cTD}_eJJh2q5Xmz81zu6oTeV!&b|#k
zX?tAN<Oy?;VKP0TG=$03kUai{gg~mI30MMr4qS^Mpw#;XIHNb`%FD~W*Mpz=4pX+3
z_S+sbW8jv=eSJh-NM=M%hJ(X?JN22nY;>nipHAp2<TT&Ee>VA!9S4*BqW)_qB6M7`
zs&a(CY;$z@9nhld*AL&&Xw2({yGj54_b*Ml*R!qgC;pJCcdjTrcysz?h0}<{kis>o
zGShlFKt}4N7!2)J@Vj!2;@Ixeyd0G?#``HH5#%WdNJB?rfltJ~_YZlYX2d_*K7P<>
z%voSRVS?s^kbY{r8O>5i^6VJ0P(amY&7|erH;J10I5w1wq9gX`3)&QIqei_Ve)9se
z)8pGM|LoyrF@;XBBh!BVa;|^jIelwE5T}@{3{3<JehURGV+$?-od~@S5qtms9H6Q{
zyH^Gq7(l@Jz#D+wvPlCl<s)$6g9BPx8X6zIEZc4i$ndqI!i&YNeeVw4YSK;`XRq6e
zhejbN30s<*nHDt04Ep`!p%!>$;6`Z|SuM6FBeJDd;~Ub-x1Dgzm3_Rh*ALC5Nm~h(
zYvRv|vv`}dm8geV_L?{z4mE_<SFis5E<ZiiPG(t3@ewYhAjm5y&=3N?IsVxni^16M
zTs&5A%AYw?T3{klYAiB6nV(+w1}cm}rI9|p!<0Q1@u1~2#@p;6&;j;RxG83qv>qBV
z_dLNO;mVaRw_Vq-XGiHtvz;cvjy$;!%2MB5t^NON6Yklp35||TN_xj?X5vF$f4*e}
zqIWo9InQ#9_a`JIAa>Z-Yh>`2xi~7`Cu4e-!<WTrBf>%(t;%`om}DshW#tQVE|K=(
z#}s?dp#db_Q%4|t;^ss;|KKImeBU7VBFjwUzKX=EyJBRK5}o2mGC*rc@F6v!A`>;W
z5kskxIk|2(b;`@+z`MJ23Hl9le&V!g>ktLPOyIQy1krH1Opl<Y=8YngXRgdEN31e?
zw(5mT7w+CYb@Jkc(3;cGq9F4?27zMD$ulau2V%#%N1`dh3+htPYo;FfH1KA)w<T}^
zpzt|6%gz+{MQOHRH-y>#>WKHxWe1i_VajS}mq*;D*{5Pma;Yzi_NDdITwLedS4St7
zX&}uJ<$?)S6Kw>C2(xgoz%rLfzk3Jw`Cl$Te>H}^&Ey0KDv+`4ZRz-s*U@{NIej{*
zY6l`^jxyuw9X~6>Stp3)V!>LU?OBf=4K_2oi@7UgL;K*sY6&n*Br*e!kUf&<+V8|l
z3T||Y_|?;!)>Lj7Jfh&q$kXeg6HM)|w)awKRU9e#$H}~?!f<bgJS9X)OjCfh2tJe^
zjp5tUlt~}U5P!A#Qk&)7-;UWT2aEKAu^R0bHz8eyl87=w5a?<&9y<Pep2^mA?=4_g
zBS-eBJ<_}i6E6sp!9ItfZ}|D7(cvj}?wqk{yuSW=dgMIEV>?5S9O-&!3Uvj?)D!e5
zM2WgXgvlouA@mcRw~(JWR>j}}AZHD#SnZ>>apxjg?D6;8(cUr|%1bsW^B+<RAO7C3
zzOC*u$7fLCtoGETWAAISH54_krKOIM(ZT7%(T(9zBn^nu$v>X4BG0?VBn(m})_shX
zSxRLQ;m-zAGAXLkno1aeRdLpb_`rN@<OAw!CB-N!XSf)06mgsa5TepnTnibwlgjsm
zg@KT4j-S}amU9^2E(y}giZdAjs?(X572=zuV@AI0pd+A1Nq>4UPhH9S>m$l)Z%PyE
z1=sJcAZ7AkMN81OHcD{HZw?Z`GijUuLbL`MU_?pdQr1vAYQ%`7ovj|!N}REAWA|X-
zfr@o8$a79k+}*n!|NV?nnF>w%`~g;3b7*h#it($ZJl?*&g%qsd-v7Qp*nDGe^AXYn
zA|qyWqw&&4Ns(zp4b{nC)UEFLwHf@K(q*gJo=Im!HQ(sb?wrsl$wc?g`#<p~nP32X
ziI_Wfag59z<P8mhwfPVLxcvBl^@6Z$SrHTm2tqZK?H`&(N?9g-vlD&wjrV(cNr(}l
z({o8`D-ILo%jGLqc7pedY?-~i=CY?kr-$5WXAH03&YlW(6jQ9Jm}qlu4r3d-bBqck
z`oz00ET6H+&W_h)Tz|;ooM%jKX+%F$)A!s%C<$nCSXq~~V)WRtROr^{UO}vwHEWo;
zxyT-+ZxE$mky{ua!#}{z@NFqCmLKj@O^pbH@&cgDQxbG(TM`U>1xKGCfkN>yv;#&>
zk_JM+bR1T2K@&a6D3th|5Gf3B+X0XR<;;xdZ9<#JX}bmZBI*D;sWDF}0+~(hC6^fw
zi=Nb#3dj%I!eb+xg5XsDx=7VaK~I^2zsx-~YE#kx07#$nseBZ+lV$+)mb9-s7O*v6
zXEGQEc54(J2#X!E19%pprF;DR{DOkAfV<6nJC-s#q#`yvInKm{z_k-j9i_sT8S`6C
zQeQuKW6uq6EdT3vwY<Q>c(&Sx?cXn>k)+>n^hr(*_<iZTBiKyI7W~~5b_ic|?f}C)
zsw+t`O*x*p2>3*np=v>UwVX<g=@+4H(aklg5sPPld$Zg9@8idjJXUvP@7(ig8$PaV
zZDhKXze<uW48YH)x8`&9742He_Dy^=5f~9^L3!hE-5QDu8aOYU^Z0l{pbCUbQvc%z
z<g(jals`DnJACk9x{>0;O=`QH)~z#vc`9lgc1*Fg-JhJ?$_xZds${5w5KoZ6SroVf
z=tDw)s=H*_G9S`Wjq!IKnHTmU8bmL_k4eAsZEcRFfAhpY!?G*c|L`c`Znwcir3wIS
zB?Y^=xk1U9#1Rz~#+?QKayDOe{d-*A4w_W(YuJYD=E5T9&%OUJ&ZSVKz~4v^nIg<2
z#6z0?@Zn?<3R?o13$_jG!|G23e+xWa;kKMIatzqFZzhaEYSyU8NUE?>pOqUA9y!7;
zlYypbQ;J`_d)K>Lw+04aQ252w4-X%PwAxJwjot0%myXVj78a;Wv_nK=K#_aLQ{2_e
ze3~7fml0D7F}P|{_FyMl>)k5JMJ8o2N2NPtLmcRjxZbWde5NORR(`d%GRHdl_umC?
z-?G0-5P}^cq9k0q2D{9gq8nphdR5kB%X~VmJo#X?$!9qQ1v(K;tH?jn%;#k##y)&6
z?iM`%9$^!4AK12ytxuv`Q1MdFRYvMAg}k(@ZVLMEt2sz|{rgL~i{4dhJhO}xTNDw-
z<mBeM8lBVX5T||+YtTk5y|H>G@@#7GQA@$c@i!ud6NX`<&9b&e&{WO+hnPVz!Q_zx
zbnxiWuT^?~mVjQeuKwr~^w{a$`}fpeOBOA%nLPQbeexI>wdUr<fV$~U77hB;BScZS
z=W`iH5tH7ECb~4yJaN$-x3pB$IpSXJ=Vw8UuAB;t0LtNE*i%Ji8<SP6V|WWdg75i@
zE?Z|Xdf*gs6?vF4l8>&nVmiYp%7+gDNeM*@x1uS!DbK;K-$We~u^bcp!o#~e>+Bi1
zmn)st*<8!HIpkME#gXLXWUOQX5bW&A;}%017vx7%ORa&Tq}4G?Tg7SBs!bZ=;$9xd
zjT=zK%=Ulcsc8ugaCFJbOH;ND-#4j`jlXX%SdF|p?x2K#c8}_Op5ACi)yBrhtYSeq
z{?;6DCqCYdwuB9owihzHT-Iz!^!<I;-(Nz&gZ5nVqigN=p@0C_;es;uV4!YrH;}W^
zr<Z}yALJ+%`qNlCsIy||1Lc@uAIuZOW(<UG8c*1>o*!|1C4rn$J=l?;7&L$^aQ^uk
zrs0$$D5Yi$tRIx)a?sKvKXxKdDJG^w^fX+eA}Y4pmhGjP1FmJhMJXw6aF5u)gC;(Z
zLz#XvRL;%OX#U1rBS74hEMQm@mKE@RF}4(iMMbvf=8W@9c#xIFTceSTl?yY^Wvod&
zV=JN-YoZym0FW|_W03@|V63@U+kKxxe!rU7q%r{)*WZjCn~&vflwHF4^A9pJt*1_9
zIrB0rtB;&!K49U*{q0ke>Ps8y>i(j=bpChk{h9}yN-Zo>soO4QU^oB?7P#EqLlYp=
z2~jMS2MK5k!;6%;9@TU!41OvB&Z#{jzi>Wjh2Z8?=5^o~MD2i<or!R;>M0g+NsTn3
zPI*#Tm>S*oSvE9d!70_$!2hZJj6yvYZUn5Vt*d)Sk|Hd|=(3drDc?_pJ}Vh!3IbdF
zdhY+k-^Q`o@#CZP&DG3b6wRhlUWmHX_yL+lJKCDX4Fha6-8T?)tG^ngs6$7N;DqE>
zRWO`B1hk{QwF&jwb!A8lw0xQ^zaVU4P822X;Lc&hF=(y1Z%0*S<v;8RsID%WWvv}N
zn(d=9TCjG0*42rC<9mnUir?x67QcE0OU0_c8gP*51?>l$(D0>hdCYmm=Z5eYA{Ebf
z;Mqhl?V3M-!}|4^n;?O9^NB>Eay?mBEH3<;e~M{`Y>89(>2v4AGLB1~`ACbAo|en=
z7U>>gt5&X*6i77ELhX+qqyH35J%W1%d*>=DDzfgc1tdMAyZa)9wO7uZAp`VL%p}AE
zN^ot(h+6)<A4nqU+J%OH(4aEjOypWuBgJnA>tzI1B-|%=_vqFQ(1M9l!<9%*2Bc|-
z5PXSdQQ`>d>9OYt*4jQ@m?Y!v;ozXHtb73fR6G=M=z*{hJCqG_Cua<#g$<}zp{hb&
zjvk%m#+Y&SC~`8cNO>DRrGH;zH*GHOz=4yHku%<{(!;4-U0of)1FsHFn&3xA7bvTY
z6c128<QDKx*nY9bm0F?ACi7`CXBHw7BNp=$UBmba-4%YI^t>58t}GusWQf0#kJ0k|
zL_F>-%3)@+&BbRvb8#3sVY(!<@Rj2<OG|&C_fw}}UG;$<FS@uUvVw8(VlTQf5#fL~
z$|IpJ$Xpe$6a^bdxLNM`lZOrsr!RqaPoIhe_$Qnt>JoZ5p7u^tm5&h=;}&E0k$dng
z(nSA;H*0pbzJb9Em}nUePccrgy?_hH=Dwo=%I@E{VIqR=sKEr1=Rf>JfDL3+rpNS>
z+e^|V;61LV?_kc#I4*nRRixqK&lI8zY3@12sB5lgx<%5rVcB$y9LTouj%(J0y5B=&
zYPYLRf+dUx91Dm81SFfDTN6!yWvHv@G3M#PvEF>p=35Xq?cREc)f+X=|NGaiJyx+8
zR5zXQ+94PBYL@%~bt7sj!d?{J2&_GfLpjRy;@6^&nlLIs05~>Xtx?CNG`3m~{;j=z
z`_FIeYMx)4Hg6vgJ!4d0=IXd3pe=k!9P%_q<KIGSijO|HnE#ai_j(aT8QcH`5GQE3
zV9MCeoQZ(z0R^b3mQtX(vLf9FGgj^{e<$UBBvX?3+e>w1)L1NpQi3+H9ry$6mf8gn
z92XJeLsMA70V2sRT=}wri+F>Gyghs>`o_Gh;I1+S=N#>1Bnobb1II_Md8Q7y46%io
zVNsI%dderQ$fER-1-99tMZf&p<KQ#;ee=fbLTSFy*JZNefZVgLaTr&X0Wq}Tz@d*+
z&fUGcZ0giY))y-!&Sby#f4qlT`67G!34`ZsI&kUIkRYpGE<=3QsX}ydC<x{?Hs!gj
ziF=hR_dDC@ep9l?c>pMall=l}7!sahCc+Q`3Q`T(MYp5ND9`imAkQ46@eoy;p0>6i
z02fK`|3phv`|SzSkPfRcqeg8lzt7z6-Mj661GJu?$e@YH`0i_TP37htt}5+ex7)v(
zfAssHYs_E@DOXM=O(CW7taEcp2RccuI7a2R&eb)yNVZkdv-7|s6{V%L+7n~#u<;1|
zw2g}JYFY`;S#*pT>w1d88A*}4LrK%*mDjiCgVL#^TBOm2pctoNU+mchj-BZaWvcoK
z2h}#;!^FJac+2jzv@}Ww)9*z!Ga}}Od@@FEmLv0`m{Xc(_LVI`{ris^Jg1AP&uUd^
zDJeRb$!DH3hJ9~+BQ|l4dB5>1;!8?PE9$}ri{-26{N37mKz;bV$B&V=uclMsLrWTz
z<{pfW9;Ty1cRCyhNAROi08JGvAU^oan>`zsU8Xw@zB=G~NDRiA4q@Ty!A%VbA_1Jk
z!A$|}QxE=*l^&QM7G}G5LmXq6l6!pQpmF28XaczTBFr6awr}_D<D=L27|-VL4S??a
zS;+ImGiV)E)}rknOCfq1ED~;X*Hvlna(o6pBlyy?EUc5z+}hf8_kAVL1E&Di+PNQ8
zeG9Mrb&GXsco)n#H9j$axf@0WTt(s@sx$G|arm6DeXDw+O25LNJ@4~#((w@-0*6j1
zJ_29p)G793OehFYv<IE$22sbE)mnQdm@wnD(N*oOukxX`K8!Wk_zAtW|E{w95^D#B
zONn?gojdeP(Yl!Sk`M>hM*Si#RF0qc=_p__mj<y0w9IZo%$YNvN=nkRvlX^PQ;36Q
z4H!5OJ_v4Cg20bKdp~g4u;SRRz|fY5e9QeliF>0kJ;Tk7swyyp^0Wm)B`F1VvFH@T
zy|?b#1Uh>pDykiuOB^JiSY~E&aBqT)6B!sHMdPi;bEX3@lC8=`G<}N*4H`vvmv;Vq
z@W?@fIz2DuZ55_?&BdrZ)2K(-El7uu>uG^=hOS((0xiv38cRdgUeOCoM+|Y`07S+Z
zBoWAopcQ$p<fnv9mGQe`YYTT3wG>@UBKC72s|;3~e!cxEJH=D;FD54k`i!l1-cD{7
zSN-9mw0!rdv*3mo>;?nn1P+xut&p@Ns_(`#p+225<EyVL1?Z&BF&{X7g&gJJ<{uv?
zlALMg5iWsP>jMpNm7hL!iJ$mQ6YCGULuN|XUgwaEi4N?dAjCE<d-$KR4@Pnndm_(}
z2_q<eb#M^CFv%P?h4Q^|ioHNPK!YJp|EFQr(kf<N0CCKdO(CF+Brj$<9xIuS(ar!u
z+iJeZ$j})#?kyvoe*IR$M)}|(T@?=RkMR%RnNA<y8>s&HEYMZ^L=02!^rIfW%-7GK
zYwPPX^Oy0P7;oR`j4fad-68%Vj4oF7<WzvkgV7SkTVd{rp`IFGV+=SXYO-rPhXSxe
zJ>nf|;oGjOd!0#yk8z@pLrLM^suS4zq#%g$C1;(cR(nx;xoa1iSuk_=Z#~Lar->#u
zR7|rl9od=$0L#HmoBoJ4EPdDkEY?tBP}ef%B(RcQpA`Mv3Rk%R#guR~9^iS;9*^>n
zE|BuQ%0a1NcwINA_7$-!iiH^iffSLh<D-kJ>XP+PY9Agv=mq!D@ih<hZ6F`t0K-sF
z74(jHBC@~p;ScyYwizX(5F~g!h6CWRkYq*o3|dUOV(LJx#?h-9KaKoPrHG?r+agM*
z7cV+lZw2H7fQP&PzPLC#DkUt#K^(L}XaGr>c8-91%53L}r~{XiFMZOu2FJDDragV0
z#rC7OvtK&`?Y}F0;*k)r^Nz)YTCy@PmiFk(bI@F5>G@u1`Vn*4$(0O27Ep(xm^vP=
z8$%=v*iS}B`vM-3TbX38Y<gS&(PNp7VSZ>=AW1NDPtT9mJI>wddAIC%)#A+?*LmMb
z`cY&kztQlxVK0wXdvEqNe&PKBKicR%FDmNb@dOT4O%Mb~CZdNP%M8h2P_UV%3Vx7v
zsb1K!&DL|$3wyUwn;~|hdZmppfvTl@sDK?w)nHiCg3(^v6jx}gz+&py93FX$WEm)f
zE^9sh3J|84djbA)B@z=2iNQec#ZN@DT5=>rK_ckS4Y_jnn>y92bA<T1o*GSS3>zl>
zEizDRCI|-()SzdK`~vDtTaJQ(hNkj^xc?KJl*kJrOsmsb%F4z@D)|j|P6FyYnNI#H
znwo{P1{H)buv`P{HPjImNL$NK{p5q*g|FEag(f)ocT-F<PS*yY<v<*efHsEVVENGn
zMZ_px0;;OM4|=2K<~Cvq0VM`t1l<lm4x0_B<O(*>!51XyV_balO0q}(dDCgrr+5D2
z!CLYVoiTw#wcjMVBGGIPCZ^s~T=c8{qJ!fu5np&U5U@Z|p+k9u<bBTrq&a2f=4QlI
zrHOdk#lXOT0$=tg0&lI2p$|8u;8)Cn#c9UKC?5QlyGktvzpDPcFxme{XKE8h1EDtJ
zcNYD}q@|aqZigu`4-;cbF2Q2aBK7g|=TpQH3UPtoMJs`6ELx5`$4!iNmw0|Za;bdr
zyPV6JyAK`04ffm8qI&tp$DMv!pdsXrA?c$i!yuOUKZ**J+_R-J?!&A?A`9dlih8=-
z&O$su0>IRa8Pt6t86jg_i=LY8I+^u7KJ>#=nL)f~exv<@F74qTmo+bQK72CS#`9L{
zvcd_=yQMB0QTQXQBJLm*b$HpF@0IFc%XQT!7#MXqJ8y!pQ-wTO07fcKD<uTNZ$?RE
zWU(`dZ0~)m9US}|kENuHcV39?vU)J?9m<gn*5W{taMnD}y1yET6-XCDT%OCtd6lqw
znGeV;wA%P;wbY7q;xuDBa1Em&`ho*=-^dy#m;gMWV8;SfAmb!UFvP{O4hAdUCZ6Su
zBv1-?Y_{n8&CR31Ab$MFNN_dY55I%f3i?VVjtf|U{F;8+OtvD<TItS`-Vfe*Gcuv@
ziAeeeq7D(MKvgOErM;=7?}2g4UjxmO2Dj)rM4>etFZjKb|3RTC2p2NWy1M7{23Dvq
zShPsaoE}w8z@lzK&KQuZ+QhDJNT}B@Qw3p&^_X2&)HBmdB%6Ro3O4jGTq-AS&<)XI
z)0iMs<x3dv$ES`RWk)q<ZH5yh2)3E-n>Gy(vI1#Z9g#lUq~Ha(P((yDb-Ob{Z21e-
zP+#Zeydyl-)z%{LzdrrWEBjU_z3oSP)Z8?Qgb+(@vemH0OFHq;Kl##?5<ulbI{jn8
z0C)!Y_|NtH;!|my>9D`oNExA)-p*q;qX9eyTl<X-dmmN(F4M)0^&;pu3cie2{Qo;3
z(<|dtprxs(xDm1q*JCP1sRKVF^VcmcgP7_kUcLnozUh;8+uYlPEA*Mn++sk^M@}Q?
zFV%Ka2}Rmx7|)U%_$#lJa)yvq>xBgqR2D`hq)|Q}_P4cYV>la;H4>XNoUbkVu(V(C
zbbJYGepL&@X8^)1#uJ%s)cod>Mk%%3TdO~e%NaxM*<Do?|LPf#G?Rg?D!9q^cMmb@
zg}4M)!v_K)4Xcsjr?$iccoKra=jCau?PiBVW!l_tUBN@U!3^x;e5c#St@#{fMkBT-
z2Q?*q<1$DHOu>H{>cke_vewyqf6=^oQs#|Us!g18G;F8uXN5FprTdX1hU;Sw{UQU`
z_S;diT3^R_f2N!+L)I!a8in5b7=LD%eFk2PJVPIE8!q|q2lT*B0{7B*vSU;F*Q;qA
zodnJ<tEe{DSN3e_yydQ4$(%p2Vg5U%%aYh<?kbL>`}8zBTh{&aB)yabUiG%!?%QH|
znR*ypsD9G^iowP8KA2-j3hBSbuvN^?!Xif2(PY?0&!qLaH!{A`L{Q4((R*XHX~V)w
z@1U}?nKL@l?E`MyF1wsu7WUD5nA@1N`097a!3QwO=aeukP6C@Lk(cybO4OOWUqiKL
zPdr16_d|;k1Q-x+Z^7(g4GhW7X!3C9g>YZQg@S%l&AL$zJ31!^=}icBq==f1!{Mg!
zDA(AJl4-;aNC-WRvjJ!DI#mmHv@d$;<45bsz>{H8eQhmU(PL+|*l5crmWRA3D3IGQ
zQ4koq<+RIDz%Vd_d$!aACVnz79VY>B3pXku9q`EUH6xWjN`#lMUw>&B+v`NkqM6oE
z3Xd@9A!bmzS$?y-Y7zZ_-?!qoq?uz4TTFeRpjA~bQtuawSA_SMDve;U;g1iKD#PI~
zK;-gp<BDR1^_O1wyHzt@Rj=bANeH#q0=w++2}0r^2+kW1gR+2;+23)K5Dv1R68kuu
z8ggbYGC0aXd4T?+6Z^=IIZG}#-?AC1I|&VMAL=SZNibM)t^^WtNn9XD-Fx&1E`-3R
znIpNd{&oJ`=QnO@E|9&x`O7qFc<A%hfF$4sOXc4j*IE|ScMUAMt5=!!6R9J=)GB<q
zvCH086K3vjz~&NHAsNU0%}?4!hP|(MiC>(wwSpLm{R2iMNc}SmwR-4hrPfZ!{d}Ns
zfbn|oyGh=62XBv?xK(sSz#c$fKbwbhz`WxaT|X>u*(Dc$A3!=pG);+n>w34~7TaR7
zRzOIQdH92Mi#d7(Avi?-J-6B60elT-+k*$?l$8gm$f*a@+r!vHbVtkma?L3ABbP4*
z4F1mQyM8ZeZHV;Xnfuj;>zbK$4C=Sw&n-bU0%i;dB${(D9U8j)ZpyG6Wq)<!m|P<y
zCk)$3;w)bxnXKLCC`nJp&j}+qDL;-SSrWollR}yb<^~ks+)IKsTppMNyf$Y<?dt*I
zx^~Unw{6)1LC_Ya+E~tOoZmM|@pj$ba?R?d<jwa|3%hsx+u>IjKJA=`TUd>QC$X^H
zp+8FADhE$!>17Y9fg!sJ!jAO{75d5g7uIHHWl6U!pJgNyIGnwO&2ib!pI^)TwgrS(
zZTG7iA?wO!n=r<0tbDDnZdXmniqGR}2(0zVQnHhn>w{t14dtqhl|BX4@9O6@Xm2Qc
z?N9s%)QYyzbzeLA<BJnbBNbjr+P|}h1?Ka#`pJ;9*y4nQPNqPKw3Yv0u+bAl`HkGe
zA2d6X0?_Q+K7VOvt`IBN{NruClJ&<f9D6o9EFk+`PTMJue3~p8{ToS1y?yp#V#2lD
zZ3Fw{WsFNekVihF!;i+I9TwNDyvcCTAlW|faV>o7=!fs!v*IZV>5L19bdx_c1rYj2
zdiMA`5b~j>V3{E=V6M~f^Cv?kzB+*K*9;NW_{V3k+|Qe}9<3tpw*2A>%J%v(0}LNy
z0X*yn8HUxcFYQN}O06i!_~Q{5Qw@k;k7IzL@{ZaP392>%d%*yTX{hyhh`f67;;+Qb
z0}Lqt7TDQgsSAyz!n>lio0DgI>YeRBQ3Q-}W;jlmk`+L8%e=kehVS0DZ<X&1ETi=F
z#NyMmAeF-nttr`(qe6QSVv8itbYVCKm6Q%i8re9vkR#^KJz_rsy{upnqH&B0AaAki
z8^*&_151`rw-Tq)^pj<FY(ptz3e?0~FkN)+Yi@KgJpm6g$I8>wlY`p#@D2-lIm&+t
zfv#xe>Zk1T>m2N8=P>XHv%wGwT3~Aor8T~GW~+L2o@B(_{6TY{2i}ai{MtXSVk?&o
za}ogSt%DYM>OUGVVVIpV4O}My+lI%6ln3Q1i|<~&J2BEN@s9ap06!)$j(4<k>Kw1l
zSt_6VY{up-5#@2W^Ti}^y6i6-Ss-;l@A=ek>f>R-VND{sXm9}oS4gFAifs4Yyt$4f
z?s#6KlfN5nG@pa^;#d&Oz7`&8UcD8Ar(3s>26fR(N>ir427rNSO$VH5B>HmG`qEtD
zvxq%e&@UGnR;b>rg?#U>tFJ$O`Eo=^KN!$(Rk*0;!*;{q-g_51c-hylP@9_Tcj~HG
zODJYC8ZB8rLMBkBUq8v>)`mU%_C3?`ZFAhPp&h_~(FnLx$fPDrNM&MkT}u;s0z^Jm
z2X~+<Fl<i@RtfyqwBMZ=<?nIeg@PZ<3sVXgL{9K1kTH}@{-j8cbkFl#VOB4^f+U3!
zV18Jy(8~BQhmRhucJM^$sM4+5)7;zxp`n=g@KK{4vRapNmJAvhWHjj_N6ErM1mhuV
z;J!0p$dKa^5h1^e<*otmSIJ#Nf=2~#PKSLGN-bSHlnxO6*phNFCZ?7WpTdbQj^YSa
zXioXC!nYz309g~L1}Bc@2Rk4^aNDva@D|m9tbnmDc{}COrOtQzOa9Ium0$SkrwT*K
z3#Vn*CNI^rP0CJrQ7^x_U-z>i(v|)+)4Vv3$Wq3hz&HpWw)S*B)_UpN>*^=ZK6acf
zyp=s_Wag^>BF5*hhR^LcTwUmy8{w9FYeKE}JNr!<SFty_vkB}v63g<4wS8sO08Gov
zkFhrE6GW;q6y%r(NeF0-e7X086J#wQ<%<m<Ej-8C2mL>^*JiFXoMtA4N~I@!Hh_kS
zlOc<kIhSZY0ei(&zHCEg5a4~woK+4=dk@Opzlt#K6?yROuX7b!x0j`>!2FEdv>O^3
zZEh+IJQ`=68@A2>Dr7-%eWTXwmo4&Vla(azF7&id*k~Uzwi^Id{6FW;Wih=5;N!b>
zlb>j3=f*HR>g7B<9yWD#<}P8)lf~*<gq)~0@891QRotEXiXi<j-Z&5v1Xg5mw_oQI
z^KS!Uj%HH(=@XlEU-1l*HNJsc#awPs;|g&s05-ViuqUW@A`fMZ6T3!0dB?9yG#;Wp
z8&@XVGJVTYG<Tbnq{cpX?`0v<<(MQI{l0MLPBRzmZSFJ8NfovKl!Gi#esM)FJYNG4
z0Mf)scG0ThJAkL{>pfaDHJ>vF7Hc>q!>*|K%t((@NlJYxu`GVEPz)i3SCsl7!tHxK
z*dy@|Si%f`^~#m(TXeLFz&{GzR>5!ZNgszw<3bfdU^Kh4san%nobh?vf5-`IPQBs(
z=?+~g{34TXN)a@e+cp|@t*%jvTK^v~QhI8=cS*u)dmZGXgh!OTkj?BL<n^5b3`B_X
zVjmlER^uUKBV1Ik`Tq7{umMRx?8v!D1Vn6Ay0_xdnnmSvU9#i%I~Zy+ju}Y^0I$>g
ztKqiZNVf+09&66>@&cWl#l?rCqjQx)LoM1C;J5<fLKrXKASIO7niK#OqhGI*ng>AL
zO@0**hY}wi1ggC6iM|vhaJ@hb_|_dJA<>c*ahZNvH<BC2+IeaoyT+~=L#o(k4@TZk
zfBCJFx8$fk=Af<)CO|m%{&@l|!%Ka8`D`id{%})|Fn4w^@Run~4VF0tcmSEfd;9k5
zM?P@F4VK<f*{+Pd5;7W}-S_$FiB;C3?<?DiGE_Ysa0Zo$vc)Etf&sXT{9KskYt9gb
z9OW$a^)B=X6oM<jjFCN#Tsx-Ik7Tk0cK<6H*RSA-dQ=4iX;LUd1)@pHI84RGplR4&
zH`j1K)Ptk&5(qiPFosV`O29(K_<Mr2?9Jlt!xceqqe1g`+w^v^RI$(dRtYpyV$7V+
z<lvn4960ARkas2=I6?|BHyHmhLLxIB2?^Gg_Rxc}We`jJ`1w;)m<r>xd@HLeOxr%P
zjgBh>gvKAm3$btCjV>-vA3l^V+^s`@9lR;gX9GhB!r|hD3ny!<ut1oB4-f}~#xLdN
zbduPI6$~ZW@t0p>H=l!%&+7Y}bS?q<Idr{5&}vE$u&~yOdc-IC&>ZhT#)BG4;Gp&(
zTyoV)A6Sqsp@)-ufjXOi{gM!vJ~t9=NfZ=MY^ww(&FJ<<vjE_UrjGwdVGd^8vv+S3
zrp2_V{$>e97D@Um)VVJ*2{pRG+Np6$Gq!A|4^e+7_53Q8+9?zFJsA#et0VmBs#|)M
zs-~$^D@6tFu>|<!0<OSOu~>ONHy=3Zu@lvnNZ6PNvIS#i|0jM@$h2<xG8d}fNswXH
zuYZd`Ewya&WM^W5@&1+S4;+ku#95@oSjA!WY7qT#JYCEg{C-aipaCpMaE*pTboGZq
z@|oCJM@GB!b0!d$Nn@C^tM%wX_aWPLla5N-NH`~~pW~i{6qzswq%jo)9P2oV<l*;k
z-;zr&rKT1_bR~X6cr-R<)s0rsOB1a4*}46e_M2Z|RP&43I%kgr*}L{-<-UwjExLDB
zUi_uV#3G<xzajOpyGoi4#6u27H~B0!<fO}dFTE?<6xFf)-$mB~h*wjmuBAwaiEf^k
z8S`(q&t*ZsM_ZU>eyC*)IMNT?lE64S`mCZGAO%vFvM}u4CXKHrgECG#x`}NoJwoO@
zH!?L5CvxL=RMG0eEWJzl-Cx6jIgnDIOlHXprx9=AVIb*(9%6fe?Gupv<!<j~BsOZ)
zeIsm(#y}Jp^iW)%!AJ(2&$m%ZC3HEBZ?|SE*{`#LgP4etpn!pl-Y$Y<MSfy!UQ$&l
z*BrNsDgBu?QWoD>WN_@~KlyUABo(2sNm$SHoX9ZW#@v5v{wbz}0WFTiHG=w(ZhI0E
zJk9srV&gTWHS`JUe~pKDCQ!vn3yYxsKK;2J4l&J&#=}2!5GGkwnLH{5p?S2GJh_EZ
zFTKD>Js9H>P0c7;U2!nEW(_V}u>Y+JN1&5rVkh{44rf|CgHVueH)l>jO*w^#<5XZ)
zu*J7sAS1#@DEM-Xg9%j+z9>B<tYwNZ041_=L_|V}RE?x^U9U-h*rCJ6!^{Bon>BML
zKf_M?T9}*Y1QP%e&1M}|6yOXa*+S>!;pQd?*n6V8<t;K8{9IN>yC)%Z5bXKC=wuP+
z{voNTHkN|-z|LYqw9~M_BH&XqGblbW*`4pg7pN~l1528^ck2c*iU0=LgUyOIXPyfJ
zdq`lkXlrY;vzi%8@&i_oR7A5?!KWv`S42!_Ugh_gntDT+t&(dK{FtjjPq>`D621XX
zOAr)gteKhIyY~^?gt)+Lo?P`yh!T2g7k2+cI=)|<4jOKu&F4dPcKi>wBRw~F7@v*S
z#Z@+mZk;XQW#^yJ=p)He-EG6mlL?e?U-*b(Gnqt}qrQ@{2bw6t%*wKB>ifHO@6MqB
z3PU)+AJJs(0Mv;o{n<hywfdOIsI#yT-oJt?HEy#LLpx^3O=rM<mnM76T(ZQQT(Hwu
zN$$Su1I$^8jYf+2S5njvF~0p&@hCsf$Hax@^pz_^Crl`O@L-^snGbYcbQQcGhV|vn
z8Hv&rA{m`e7%a;rr8p~KUd2R!`~b>B{{lIFn1R8E1j%+p@uPZ+5{0V6Bp6~OO{=89
zXp{9yJZFdQdvk_D=i8XF?)5)nKaOvm>$%=jpvkiCD4K$^zZx{+8^mZ?*%0<JkYpHQ
zHa=D%_`%GerxUkq02`awyo3T{{s7A)m>B4Yg%X}1hITcvEG`QKYgsb7kTC?46oNI0
zLd*jUWouTFS`1l)ER=fxf1j&Mf3*t2l*m7O^ynB$I&N%im-yVt#{pXroD>Xz;5MrF
zP+i?l0_zPR!--M;vYUpifURXG0e5l+8|!(`l;<_>Cp2|SjPJ4w#k`{#Z|p-;&H^#b
zzBCU`4uZS;4<4ZFRULEr>eb(+I-J*@L;pG(6XOOFM`(o}RCssi5~M~4as>b8LUQ{K
zFRyV8Ke>GaROCP?>~C{R#tt98m_WqO>G&Ai2F9{H6uyiUy&K9^c_Cq0V&7Y|Qv0dD
z#Q(j&UKE7%Sfn%<-c<+A-tVt=$@;IJG)#Q5m7{4X=t)R6i}=f=1o{{$;R7osb#()*
zV%gyfr_QYBziC7C^+z(8^!VQU&=kfRn>TI30L+R%`Oo~zVEHni6!TxbGDgI%r$<xQ
zRxlW~K1euDu9Fz$Q72B`tN#4LAP$s(5P*crZ2+Fz{|Pt__DINl-UFY{@%?NfwzzNu
zqBb^%B3psUU4GimRuOp@n1zTGLYi*M(iir`IPr}7NTI$5qGVR>X7a7EdzAaafk(JO
z^6m=-KSK2q&!7W-BHHZw$HK%!h`G9Bz3g6Q#~d_N2{M^R8V@-ya9u%BNP8SF$m_Hx
z*y_^nQ*iROpY}Rgnap?_!UWbX!>7I61NoH4N<1>Exs0InLllQ>@tirQFI>RoMr;jW
zrBUrDD1@P5xc~5>q*!9GF?%HYehPLINa5r`WWI6zdcnz+vI=MahYP132WskW=(2I6
zXpWa_e9PmFJ?40n1r)cX5BZr{>y!B#$dD(ftgI~1k0c}}_S&vseL2ewO@$p>BOW__
zG|pLZ4Zh*uCr>VcrO>mdCu~<LPTaEqCS+x0@hIZqaOt!f-@q{ZzNA!D&c>6;$!Z3)
zt5*|w_+P+zwcXu%^%}w$+{vi{$2jy7lz4n<X6*<}(N1(1h<LegAA^)5wF2VdDADH2
zR?HJ9kHj}b&fH4|;Z0*D9RE7ICg@5sfwYd4CkVW&fdfU;>xBztjko6W^JzTf?mM39
zdodZ3l&ah=WRQ1F&U8G$VVN=m8e*oANt6!*80uPhJD{OZtEhR<fid+t`1mvbmjkwE
z_wJwX%7`Hgt}ZJimkV|MR6<XI*0D*#$jFG0jj9OaRHmjE>F3D~AkRoy!cU!oI)tp>
ziC6F|ODo7Kk?2JC4il4NQ0B+i;H?Y)oII7ZZq$Lufw-xxs1lhg{(TFQ)^FR^%&C<S
zW(=GQWFz9h8&|KUREx>2WdcsuhvoXs0Wa3vMAm}N2NEk{U$gO-e014PFmoml+!m5g
zCYx9_G&NHh5krCSg&PcGpSlZo@d*>!iEebOy~b`_nybkwVtP9&ueSvS#vm7=_Xkp7
z2!23ZnJQZ;`SYJYhu1B-cCi?#4eW!PM8D5*W@wHj>Q=J_*4F)4Q$*(Gpurf}!N9~X
zO!@zAS=)-LcelPV>gT3%yhn^01(C3=s4vEuW-PXBHdmarnU{m)tE=2DiZkGy>+bkW
zPX$53V1wdS5W=SgJzh<Y|DYvtu=OZE4?F_0B-dCm6Fh*vmy^R^Lgu)>B1`^QG;mLo
z$kJ$RoX`YH_^G-&E+!_PUy_y%;wVEEpnjJa*IlYpMt71keK=7a48&=K7c~((fQ{M3
z$Cea$<yKbrXcA1TjtK(MIBxNcNer_eK6FO6Mhyz^pP%np@<prCbN+vCR<7D{#Bu%-
zH2CzD7nta-a&RzW_zJGDbKxL*U<ODcNVoSdDdE`Y^+$o3!m`L2*!e+|A&GPoEEoW%
zrrNX8xo_wv<5x|m#(QDv`XPT%zB8uChV)>heB=FM-^Y(ZVZIqCtmSrKU}n>#bm9<u
z=O{=oVtdTbN<m_m(?@E>8qw0h!3ahZBL#Zk&`@#LC2|LNLWoA56!pr0bYA!KXJLZt
za@@!L{Vlz`SjF&$9ql|2qx5_I{<n6yDv9MZAORA5zz8<1U>D^?>9uz4uhc#_fkIZ&
z8+4y7`0=+xMhbL1#%Uq6&7a@>rZsiI=7AM#76m4o-cs$-62yVR@&TrlgaB!eSuZ|x
z5G|TU27hGIMWp{)Rz?fZ>Fr;tp|P{v-EZ;81PAy_boYMv3<XnXl&e@_BGN&|XVlEf
z=QY^Ovla+Y8=MDyplCCfezM=e>OFtxupbw$M5rMq@uyEm85tEItUPc)*|b<PLQYN&
zD}jtV$$}p<8wPp^*7<0NSop35{{~jCgZQ&yL!oEc^CtN2>w&8&foUA*C&0tFPKpW&
zN5aErPMby*)5615-in9DT?YClQAK5)2qhhUQ~E<Paw$yeE+8s~WcS>9I;1<QPG(z7
ze^F}S5{=CgE;b{~%)p3zgmW@y{WTPSpfr7zx8`QX(Ldp_eL7n08TUh)z4)1#tA4Ml
zV&R<#+0;x}I%SHSfc;UxC*%E}C=`i#;zDhKF$b!n>x&Fff?0~{3~DEc4lct!>SR&B
zU^E%vcq}q<Dd-I%8&VBg9tZ$9Z~Fqa5X~53Su5lEaqgV-gd->yWSCWvj-rhmt*Acs
z?k{@ldKyfJPfna6ne#9(GR6&n)E@vv3|QK6RI<b$Yy?IaVw4U4scP?A;EG~Wpxb6b
zr6i&gRGy@C+LyPUnhIlgFdmZ-Vt$UM^5$0rfp@|y0@`?ttNWC*pmCrB<*S;=C$s_=
zo0NtCrqc_e;_D<VO4+uFG0*-_0DZg|N>0cltgug`Vql!`cH;|8#!ccv6{=a}P20Fx
z{@u0wEgE`q+178|c>ZMtN-SU}{%92262r3eh7Juse7L3U*A3=wSZ(j?Gq$0jVGK(`
z*m=UCV2XtT%sz4RDz1cNg$rsfM?VT`#Gek+#q1_`zcvt-H!U?h1aIYCNo*+k=i0U5
ze`wXbG5~DxQ?3$3J_q4w?b;#1j+{q3PZn18P*dx@F72J7%u0Sz=pllD;(O@O!h!-3
z{w?<X&31>iAbjF|fCk`c8^~|sgBimLqDO>e1Y9yM<^>1RC)g?$1_(Kj5Jv;%$=v{T
zr=C(&Qeu<GQZ6gtIIs&_GA-d<6I-LlZ8;CzJ#^^4kPv5nKc@%{h-5##cQyZW#d?NJ
z>F-mcLmxIzZ$9bl!7|L$xhOOSg1}@R=6Sg}G$hI|B;QP+*<R7-4-0?f+3TOg2!)w^
z)_ejmCcVIU<Pdi40F*IpLH5%DCn#y&QjB2$FD_9Ov+slJLqrxuUZbCB@aj5K149j0
z4+dHK#e3!LQF-wnN!y@eMCEG<3HUGgBA=tjK#N5O%c7-nenxRv*qEs#o2R81>-}Ff
zB6mNXm7%J=d%v^a0LK}3GLWFMWeboH-<|`wW5Z1qEV#+&O2{TGLq;s5(!IO1XVRPe
zd~RK1{nQ3qR+#VIJ7ee02|_wzZ#c@-s(dqW4V-E#UtgwoWfz!z->^@2$a9=4E}*C;
zPf4MEl3lO^|BaX#(PpU#{r?|R=N;GM{{R20kd<tbBqSA)6lEqMQ7S6CAyh`m3N6yG
zM<t~Q4TVHTiFQ&6S=p5eSuLXy{qC1@&gc6(x6ePHbEx<Gx?bb?e5|KYG>`puP7Zh`
zvwA?jC+g~k>YoBw1fLtrc`|nFW}ptdv+Qto0wJ$VE&EZ6nvedM)YasZN(TRxTBQdN
ztx*V21Z}k14q5<Qwt1r+J*Rpga0UFWoS-;*G}F~Yp%{|vapQ>C(F8vmKD_fg?e7f@
zWJJqF23Gq42;oZ52%RIH&8^&1PVNQ+9JtsSqMRW`Q$ERHWtPSWN-5%To<C<ouUBLg
zc!1AtG{ze?jG-lAUJa8;pFHW(p~EqT!SP6$O1gLNY|O&cIF!KP`cCZs&!597Q<p4}
z?s}463PrMlXrhXWM+4su`tP!G&ZBzH$<3wIqCOa3VjlMxeUWTPhoc<z$HKz0;;DA9
zm|+m5Ri~hp5boGthIwJit`K?tytLqLD?2A)j7phK!nt#)Py>IDUcy{nzj}qTj59NB
zc4zh$ma*z7y4^eEJcv4VD)Y{rfP8y$ZpefZyAWCr5LXI&$gpsAWb-t0gynlOfl74T
z@p=HGM2RFO)RUe6uTC65RmF8E2y_F~dNNnpKzx(%p;Q~Wb`k<PhcBT7Q7NJ+5cD7(
z4^)_LDJm$~nYOvjrXEXab5~*9A=^o*$9j3Hk?)Wm+wZ&}TJ#&B<&L0kJM^SI5Muyf
zcM$>(9_-7AEO-iL;&tmrdD3Uq7>4+K`4WNOj6nvC?_`9sw{Kms2?5f87$iAI>;K;Z
zLZ3Fnz<}raPcrD$sHj~@*OI;#Tss3R#kB>bjH4b>5*-*^{@GNbnsK)2je3=NIW-M+
z)53*K0A_s0`D))eh(ygAtSoHH``f@a;+PN~LPW#>>36$0Ki7zW_g{h<uQplJ7<)%C
zL+rzc4uSq+5+PPsQmtOnmZrLJh>Ma)Hfd@6MZ>>18m{>Xn#}xyK87@ah{iyQ=yY@M
zZ~fk_x%+fFvol#KS_xorK<{92oqUPZWAqsVuHmX>m0pu`eU1%CdOg_Vk|iyCc4~#E
zPc{7KYW=4L5NTafYs1wyxVrM;(G!bvWJ;{PR;*f;EkA`;G&7$ok=joXC~7&PL?7X;
zZQ5k8jLTT>4(dkr#KE1s;k^j}PHI7MaUH-izz<i1$I!0-^|LK8xXnmXL4?Z4qW7Gb
zpIxuL{?0-4;7CT?UQYK6#km}80LcXX3>!v$L3hW>*MA+HYxi5v?!-w^Y{Sti0>p&N
zG8&aZ0u5YGXoE}By{yS`8#{aMTx+Ik@7ZHSFg2hb=dX;yL=^%*51k&|Ex>jc=QzHh
z!-kZF@;Kpe$*xlOvjt5^-TVbJFScPkWj$jpHiId{z58v+o%}!4!P6RzALTZN!mTVZ
z;DybD9xny9<IXLzyQH(JghQNvP|#~*H{eDP1eDeCdDQ=qfv4`fkdok?`!09AI}iz2
zLZ${;)O!q-IPBScFK*v{$KT;N4Bt;r%-X;f3YT~ZxB*q^j_y6!4A$ha&^9x&>Ocj(
zC*5kId|n;08X^hE2!a8*1NKYo6jWZrv$Ucu`~TO}Y0LTz&~;U!k>W~DL}&W)-aQ#X
zIP>`)Y5^`>j;LK%!7`aXA$Y^Wa@&)ZaX8<eP4VGFYu=l!dDGY5?Bbr_(pzVbR(D59
z%K*E+(<KA;w7Vp9FII6HaVbY(_)(QTy*nRWu-x=?=CVwKHhZ28H;(FPIOVI#7MCr*
z{)~41aXsbrgac|y4ZnTvk47n#G$u9a{+O!JJQ^yOUEJQ+`JL*K6a8$doT<*oJf?yE
zi2;`JAvAcRPOC#(qk8xcHwM$#*eC|(uaWppt&;A?;=!mQ2;;YW<@svwHqbv)%+~<D
z^0j?N4@_&>7uzzo%gPsu?G;P^fjZkFTw1Gn=fSCI*;!eFz}5Q~U7@+-9k@YuTw|Sq
zF;M7$5x@l>!Tq;w8v!tb4`-||fkr@J`R?gLwP2L2*}*qJ4Kcd1BEHwwGKgW<gyutx
z_9Rs=rS~+&ZmmY_AZiW`>Hb(e@Yx&~IAz&_1uB2@LqQivwVL4B(#SU@$o~up47$Da
zmagkyFaS{GS$e{*goKe*i(<G;>yKdUbOrBt`*3qOB7(PBLfrgLtzSwmo+Q3v;UB6@
zyGzGZI@Z<J66ratFfS*kTbn~y9JfmOoI-BzMM!1eR%4~nqs^3hWR^0ca^Qv!NE9Qg
zP}x%^mN|n!6jb%gX<m`^-0ejCiS~^xE;{nex|vM<v`Ckp6vlLB9?OL(QWq~@?jh)%
zDaI;}-bq5B*<eiO)2Dr!6OMB)>$unyegNrmu(c%^6ap5OpQ@-|w{Ak${Hl7OKayHy
z<h0JN2qLGYwL7qM2?91Y6O=^T_U%c*+>`s3f(%*ir3Ectu9rg0pP{m5&n~)T*KUQ3
zX6X6MhRJD_x1R?*WeyI55+bkUu3tRxr%I)33UKqcZ#iE)2V)K}f3ZE1+7S~F2Up|g
z5rY?BTSMBDl)&`uZok&xI^fjGuSWty_cbgAYVNQhGxml$EKnJ3f9DXG!?dfQfwkZ0
zl)u-Mo*YqAS=qKK82B!e%(?t(j(ac0k5*K18O)7t*X9ttC!_AhElW%JE>4~BmS}UQ
zI=*0DaEq0-2j}x}*Je&YQepF}x%{?a7^!HmvN!=xMRzhNRuuF@;)K7suy|bb`<|{`
z6I@S+9{u|M3A92oZ*2goh$W6QwZ+8!vR^xGWiJJ;fF*=0w{H@?HC0=?p`{NgB)yO}
zLiIZ`({^>9y7Dsemzut&*1$^U*CS-|ubLJ6X!pI=s9AxOX?N<mZn4mbgHax?y32V2
zIuHbMR#*9rGj-mJ4@K&&1QLiiLipGB?|%Z8U-$g|Y52hY{eR(DcfAqc?6j_lM`V_E
zunjWD;xp}ae*?0?aaDf1nAS|N!-4P<VPQA;x#)Stsjg)iJLsBH>B00A6R%%q^$!s;
za&qix7STcd;j`k2kQ*>yzq7Mp4yF9FXUD=%1P0DSDe^T2eopEB_jUqRIUGzIfptj4
zj)ubnMPGde(Q-LBuUjV*J8pLLLoo!QG;PwDF&pU6S$Y2NKUP<tDz_vGWWH!Q9$N^(
zm1zS;41m{TH!fV(1Vt({o|x2PIQBc)Dd>?V@_L-pe_xX*nO>1#t-w@?z<fcNsBq9V
zy#0X*$no`O&gOg&dhq)=*@hMpGyj${S`bo}n8=4sV9*!~VEWM-UecmPa(=eV5=b8E
zt@d&oiICtOgJWBNymZE-pcqRsMOpDEMLw2EEVZDus(0H;lA}#e%s9g}pWJt%kb#Tj
z;g;W@Fz<zr9Ln-m@hIVPYW!lgQ`4-A(e}mVXBQn=M(%ECLcuWtVB)R*aBl>q9aRJJ
zom#y&e$Vm~$Br4QUcAz7u-IRzcwh-MR2?{AfU&Cek|lFg#n#%WR2xOQIY?SVP}8~i
zpR_Uaj>g9SV&sH!bWQvokZQ9uYq8L*s<OZEhvm=Tm@uLL_1AD3Z%W0v+WZURI=fyH
zz@VTlJ(`2ePon=pM4wTb80?*%-u!X6QRybufsuzrH{e|U4;6Z)+L>YpIJ%&;0z~s;
zG&KX9#SLEUfP6J5?dd;R;+@jZYxtVPBD;i$GHL>oElt_bzUBAm+oOuvJVs3v_=J8-
zACh`wG0BSKE2zOxwf}pdxO{t;MKgKBsx?0;binbHVu5o_pIXh!2aGl^AbhTh%<al=
zl$7Sp3FLynJ`dFOKxkl;c5cbYu0#gjy-QoBA}A6jGk(0BAWYf7<5-$#10cW>*C=yA
z3eGZS-KsQ*`S3tK`PJWpOA!sB1PJcIqN1!4=>a5BqPyDH7nv**gO?I!$<-7zq4aD)
zYu-SweQ2>_*&O1e=Ah<qc=%UqZ`tSfaBq9;4iCb1^jp1y+hDDNzJQL;C%j$P0~#=B
z%<0`8qa}9;txLAKxtV&7BGs|Om!X4k4RdhCH*4Bh6B49ze1=7-!QTvZsI?q}w`~Wv
zJ^ck}FP!j-vNFcW+DyUBsR?<GeL_a&-km$ofbzReX>oy{kM5bW<SWmKvPQLA2X_yT
zPurJPras-VU<4BodUx`b^$X=``c;szB&J#b-ig!8l&G6sUU8Ir1eLyE?X6m|f*~&-
zF25xU!8ly!@Q8yovNA>5?q^?d7Vy37o2XJu!)iE5g5EKz9`$%-og3HJ8%3YYGS`%N
zyROu7`Y-z)2qf2*e9GwP6%3_R9mrj?%6zJZw9lLFRf_6@4Nrw9zAK$n<H<p7w+H28
zO3Ka48@}}jBMKJT*i+>5hfiurXS<AkrDtWA;Vl7<r?@?yjgMD-aN*BSB?n#Q%b;%K
z>xX$wkg#2_csFM=WG&{$p|Ms^<o8e;fb`hy;WXDjr9rPB1SC57%Io07OP5XsL9FVI
zyhy0u>S(8@A{_QgWzKE}8krSf0j~oSpQzAvi*%*yRz`A0+qM;GIT`J$zBM?P00osQ
zxHbd#$r4PthQZbkZXp|ur8M(LEd;ts6~xqzmsBVne*Ok-pQFm6o6AK&0M>X_+^VWo
zyLZgl?J+6HPf?&#QMo#?*4pC0b&N~JCAme~1^xrywK=)USAVL!@#)WJv9UHcXQd5$
zn@sW|XSICv&D7Kh>n7;WT2SKFZNN}&miFoA-C}(fjJU0_hUt|-VzzWpg=^3NTfv*<
z&dflGYbK5Iu5$Zh)C}h`=9{Sv>ns=wq7!7SYuH(ko#<A})u<ycv#v&e*uvm1sa(2v
zA<Pw=dNjcbk_mI|`yJ|PVBHI0h3Hj6KL0W^|C^y>Hum^y>|0b^*oi;Cxs}ROVw1|^
z(N9~D!5CYhK1e@Ol~0-8JwEQ>!(m((Q8x?tS+w4M>DP47IRw=MM1^XuC;-?6`=^a;
z5J&NK?lYnm$eDCy`sgV0Y92E37RkKv*m2t&e@ceB&dYwM<3}xLAP-cJ(QXD=1h?=_
zh;sEBSRSd>k5lYzY}*nei-GF^mFQIXJXzg_)~3ncOdW_Q*r+;n83zpHu+i=wyOp%G
zf*x)`3+3hJrlUKcrqI-mD?h&3NTmwbu<y^@jN1}_=)={cZxQ6OxvHRdv~5?W&?40>
zn45thk0;aKt7qQq`9(>1WMOV{`>(>M(U@zdJ$DdEv5AR?&g!n|ZLz;d@x}Ov@tb<=
z&3%xNp&<@`VznaW2a+Kql`<QP&LR|SAQ?d>P^U?zD&fS9(KdPXUDz_ry#zD@90)*y
zge&$j>`jl|rYey2>MJ(9;;1A+{7#i?w8a6+ku#sSyh2J@^}rM*Y;=tiNa10_<Rv4u
zw$xg^U;w6hD{M0GQRb!Yg5aMGI|tzo@){jP+Uaol_Gc3kZWnnFyiw2>2Z9*DSMGc|
zJ<93T{b$b_xeF^dBHcD>Fd2N99MKczo>=)SH%>m;wWRM<F?e@sT(c#0eR-;6w@0eO
zmY_wRG--EF&AQ?q1zr0KHXJL|UV}&FZgh1$9fYCv_m)zRne*Go#l^1)VLgB&1iCs7
zA4>16u`|GrGzB<+i?BkGJb(DZJeLj>3*Lp47EW`O^vrlMmgilT-qo&gd$zqEA=sb^
z{C?!3)d~p#qx{lQO+YC<T65P<wV3;u5<)rHh|}?5hK+ayRiXDo-R<4ld00yu;f~Zu
zd(It@<FcCQwr)4ntQlO+;N0kTk{q4+nYXvL{+U#zgScb0N)-hU?3bR2mG(&S`Gyp-
z-Cy-=C+EbYw6Bpw2*+yMV=H^S=(dJ*JnicI+_OYNkYJIs*oxL6T^s!Ul>GIMGBPor
zUy`=2U6p(~J-wArYm?Mwf?QdA4Vy1>o7r2MF;4B|S!&%n9GerPr^wUxd1zDY)dhe8
z`U*S{)5rLT6QQAwOdddCfp6mN`;6PSSz?N+s?~JRoQTv)vbAw0xK=GZ<Ww#tCc<+3
zWS0qoyv$5%>nYr$_q^}iy~`W@g9Uo--3J)qGc%_)v_OC@7&YNxcJ`TN4aW4qHs4lu
z35D4JdeaWM=xlwLONswkj%vc((s=xtQ~CDyN4_KD+Gl?MGGMQTDx6f-`;hX$dNezu
zCI}gC-lXxGjc$Y4MaMTS1k`e~7DgX!|NN>q&|G&9XZJVOY{=-E8=Nf&UIQPI#Z#B^
z$$&|)67RKZo7`_^+9o}xd5?8BK@zc^*0izzI2lp?^9Kgcz6lAfT`2*fGT*XMWIm6Z
zH|#QhQf66fqx|-_!sMOO2lL3EgYM|$D>?ZizlD-w<CZO?5jxx0M8-egOmqpk-2LH{
zP`RrN9A<GP|9b+3C~=KgFH=ladhIr_@an0cVDj7oW@+w17ye^7M1Zab#wpkpP@wGc
z#OG^BZai~lNJt@&jbZg_0D(%Xo)LYhR@tto2O%k>vtvvmjC6yp@WLrZ%9WM>4Ebjc
zf_)QEsaaThe5LK5vXg5i&}JYSs7n6ImaJPp=Ixd1@c8C3#!N8)Nh)i7yLJa~SoAN#
zy4CvZ-F<ZUqD?+}ieYWt7q)%VP4zH5&ccPek1r{6-fL>HCXr4ECvfJdA?weIJ1pqy
z__Q|)<FrmaVjka1F0jk)RK_YL8vw~6Fa5*6e)$4lyjVJ$dcSw4c4-=o1T4gS-X4Kq
zo6QOp2S677I@?AAj10H+Y{x$@o<BD;=_rnp_<ZjeGn+g;Cx;aJ`VIN|=}&ET*PyhY
z-~=2@2lG~+xm1AFR2)1Y2oWY1<KyKfyC<VbdbMBb2%%$KO6b@yi$lZ%EQ})#rl`pH
ziNUEEngI0NSed23YUSnS@hde3byJ@UKy0Wqc-wa_74x_&ki<bA<GCage~%b7D(_c&
zs1;_0Ozr1Y$yc~t(Yf1PX0s?%JywX;t!=Em%brsCWq?4*i|82FW|Suk{+ww-*)$=%
z#P6Vf=0FxkWO&#{@B@0c?yDYTD9ivHu$ZU*qMKXnTKs?_$@9e>c7(i&^gqpeHN8!E
zK)};{3M78<GK!iPvbK2q(-omNW1<VrdCJkUGa$r2NE5k?_Fh%Ky^V&f=*|{L@r^w`
zphpk=>b+vvFhn4uFS$ozVu(gHj3#R21>+RVWQq|#+Od2qzhT_dnLTqi8z}p`ZlhMm
z#^oR-EU=-4bZAos4U)K#<DFQ4ioP-En!clBoT-Y^y=281<Nm4&7faMQ`?kJSxOnT<
zq$*R9F2TW2yWaIxM_^;^sw;Ql#xfT;JV?x*>&`T&st0?LlE$o;nL=6E&;)@6q!J{;
zMnuc!S#5x)w2_6;Au-yb!0{oNn~ScL^xLBM4NdNhv))XyX!M02WtnY&OJZYjcL8X>
z>uDb5bJFWi3ReU#(0JA?LPg{WJqjsg*JKTwaHp!CcE%X>wx9iQb#)>x&Jd#nSq=3~
z^^Y<qAgQ^3M}-duvdgi-`)OwIQynxY_FdLUIqQy=?%Bx~5q(f$44NG#JV<v?*ZuaA
zvAWZB2ikHgvo`&bo|iir98>7teX6e4TJlmMd>;JCyCp?>AI26?pTH{WT991n_r-d1
z+y3}CURM`Wn)a3XA9ry4+)Sma!eQ4&sO8!sphHJj*G#Iot$-4X=CYKT9ppD<-^o_5
zOzq^G#X>nJu2r8b?s|=D?WN1xyf)*Iz*D;R&CSpeXl-2=3^o!2L;y1?zY+4q7lpm$
z@;xa$yI)>aHC;DPk%()2ESuG`lLP_QFsEP3Uy0L|P0P|fyHvad;X^K`^LRwC5wm_&
z*G9lgiV2G`F;Za;5A2u^2G1HPU$V)?#rsoqc}OqMX(*Z!tkX@Z`(IyOazOU!0h3t7
z-ksX+1SBfZz0Wa$xo@?8>!E-hJ2JTo*jwe5m89L%9P@0@sVoWReq||4bI`v|D7E>_
znZw497n|>i3N^sy@s{-^ou#weN=odzXM;lMZEoj+hg8aIJL`<R;54b0ql!k<X8GRx
zZSX+#N48!yF@hq7*D7T)Gplc-Ab9?1T2)YGg+A@(<}YDzu=h$cOtP85WR|d1^zd(x
zGN!IAUna%o-05?lMuL5|8R296fLJ!RX#6X%2o2H-sgZ+n>fQT0FbY#HCQi(!%c|S@
z(SXTV>suPvw^;Ld7wm*mowWY7;yo^*a)llmC%PfqK!G9!C4XiAJtGERbZGmwbS8qa
zWy=)gbG(z{Y*m(9Y}m)e_Z!gBE@yi{{CcDVUkJ0OVx(@xw>e=#DgYMIi;%|&b)Pmd
zAb>+Co#Gtmgt;zQ(V-!b9@s@rfR9V|CU<nUT5uo6jeUGv4MZdk^`iv?@uaMhi}PDB
zVqHnXfLA#dnC7Y<y@zgU-PzBtL)+6Ss!UPKw`XGMWuLBJXF=;xS6*5meO<Rh$Bw67
zZBbNF`GBrUaz_SA%35d9VkawWxaMTt1qs>$0!yy3PU-rIe>4A@_f!ZQYB>*+WRTr#
zh(07Z1zpAp0$|@l)W+Yew0HN1hdHZOIpiN5m!;&2T667;+zgi!%K&;sCCIt?xylrT
zMsw%(-EBbMCITOzoi@$X@Tx!OpX-bA!{zKF>`~d}cso%$s;1<SALE<08X_J>oG6~X
zxqt*dXP)mrDQf3-j#8G>w7<jZ`qaCBM^Xes%z9t#ML<=8(}<uW?8^fRlNPD;;^76i
z6j62stqi%j{pY>X(pG*o%YzJ?GOkzpmd!K;6g+2NbdOx7RhKN9x#5SqPSebq^wTA*
zR_z}FVK)N}$;wUhxEV00TB-C3^OwevkLu?>XJL6d2QL)nqz&(+&E9bqXlS(e$qd-H
zZzI$(81=@DE!D9nVZJHr<&x}wQf0fu421N#v_R#VD#w;+fS0|Ys;F2--NmiJjesV7
z|CWx&-CkYA7R$&6?~;E%h;=w|iChU{iWl#If>@-^?028nQ&e1ME)1EhmS5JtfdG!Y
zyu2;d58IK2S3wAlI2PfyP68A;!(`eDSJ>*Bx7+i^uB-&;590pq*RQ&=65rd2pr9x<
zxplW3nsu|$ek?ma?w<fYJ*|Q1E%lv+GU^kmI#jF`T-Ky_bG1*jczI$P<)>}gS;SD-
ztPdBhtk|wxek?Q;pBiexe*OD1z#-Ek9l#eJLGGrK#mEpmG}*WG7_{}Fs>=7S8nEHJ
zLq?(p#X_YQy%GWT@D^04bn9y?9}Exk0?+)r^Qb?zb7ZX}k097++?r<ufNwz);J(*T
z6EcWjAt@{Y5ny-+^Nmv5_Uxx&BM4>O^c?2|bF~$S@FR%Ebe-M&VdR$}pV)EWlZfeV
zS;cP%7%MS3yIr<M@^hWEX&2>2GAsJ4N{*vsY4Ai}?gsHAoW4p@)*axel+@Hhdria$
z9JA!yjT2!#*t>g}PqzO28lk61t^+4%Ga}eKqYsfOJ=Qj>?c|g9S0>rI#DL-wVPU?`
z?$ik~DqsLOl7tLONI3Wft&0u#C{HCLO#JIYHKY+1p^FD2I^H}Fg9;Z}bj<hF=W9ea
zv5bEb)#Z$Ll!M~sTKq~@PEORy6X41Gj2)D)d-rx;f4~1=2uxW&7<LfLj=otGLg)hA
zK#RH5K;zpBRIQ>^w1igb-P^YirVF5MgbYA!_#Bvo*i%Mq!u~ogWi+Mo^74^G@Xy8Y
z)wPSd;O@@}VRo>jNe@evUK9yDZeF7K5Q^?Z=J!$eK!eWfr1f-*$ej7vq99yjKl$HP
ztuE}J0a^7LrN<w7A|xng7A<e6ELfbh1Udv7e|ULawDIER1Q0`+H9%h8X1tJ5RHQz3
z?9+SqOvqzRIP&BWn2NNlMkK5RID&axFQJ>f{7rbP8Kpy6?e1Hd{(ump9InA$$iP|n
z_@pKw4Jch{a0<@suV3ngijoeGTVpf!zR^v8pDFu93BMOb>}Ue?hhnziXlo~Ac+f0c
zL2fbM1d%rjg6E1`2w?>l{y)v1Kq+~(REp3_T{h`#ct?KLeLxf@r<bXGjhyQ9U?owJ
zZ%f;L^)0Z!%p6cLitG2zd4y>6=;8YDvFe9UYQ-vlp<BTl!RlD$p8tps1CIJ<+MLx5
zLzG&X`mp*Nn>;oqhSAd;o16=uQR4GBC53MvpWu`g)gccer;-dBqHHw<BAk#3G(X7G
zKe3P72>60x%2UL(WBK99xe`?G<=0*U^bqaIBK<fQ{U@N$M0kKE(`=6t`VpQGHd(YE
zS~~xIBFpJqP3U6CEg|1bu`xmLhIvvRI&{-t9qv{Z8UPzUWA0p599lB&><#PJH?=fv
zU=B$0Y+@}uf4<(rtvlDykPNGoIm*j55#7e^e>F+GTNZWf<g2e72yBr_AQ<<$%N|DX
z5_}EIcd2;;0c6~Rq>Z$(GH<Cc_37P7Mn*~yeGHkp|GmVq%*z=M`GlqQLn<_x3f38g
zk1$OfDVsKK6a)@P!JGSl%-nBcl);!)F!6e<dUiB1!Dp3QIlcfX04y}<zrl$GLCUA@
zrE_}uuf<8$2LEXRX7L+y(nSpz!bS{KG!rk2in>Vkwb2X(7vFVG>9Gcu2nvK}`aK+z
zYr>8lWA{N`^$%|&epkFdpQersA@Y9a%$XZ>!ci+Q8CHN-?ELwnKSUn$d(g4`qnC!N
zLEeJ!>ES=4Al8iC&eEmoo!|3d4w5Ps2c0uA0++~5WUsN1i@dzVx2><@o0+X4{WW%}
zrKRX>gCw5!yBd&0{}i)5=jpzb8jjkt{QdiqvPb_)=@<2$(o*XKW_i2_8AlqbLFOid
zHn;Bz_kc?dIK%jFjP)wOOV<<;YX+}+{`@&5@kv-;u52(_1ZHB$J*5!5So{rBLbXw4
z?#<28xC;ywd(zV>?(g~6N55!r04E}mXz^19{7_IUb}7|n9*ME+Kdz#>i?)0r#1wod
z=mJzv=5ZSV6kY1#7mPTtXAd#ad~QnbPn;_4BzGhwH2_Fiq0u>V<TN><G)=^`(TGD4
z*vTG+x!D@bN!5ibG1CUZ8UgnB?4#n_SZuJrMlCQut?6BV8UJ|{Xcs5;Pfh<%Etby6
zfCgwBG5nY6hQgex6zUd$p-(4Y${RtT02?Z@GM5%iB;|>>DtOOP{)CQ%D_8#%7au?l
zy%Xsrm9xR`e$zuUv#714ul}XgB_na)9=$nJ>~Z>il%6~+*r>_f^H#k<+J7IQ^$`{p
z@O*i4UNkiy(rdyC=G(I~%*dz`Of4<_X2VoG!+E^!%9#rnm~-?Qy0yLI&>s05Lu}_e
zO-ux~m3>!JV?BR9Q{ECCiccTCF-H8AW?CJ?34xu!k1uLy(M%ieXA6Nz#81-o>#LHU
zbFE<97K;NvTcaajWc2Z5us<y>=CD*4ZI{EB%(uG`h=h)ioA-<CbNcSMyt&e~iCd9I
zPDlP;K=&bOhnzNv+=twL2Bq__LY_vKyZ`!fea%?zNTxsd;(Xk1Km2^$47Ju3jB@h1
zKNreB?Y#1Z#Fd}g-ts6bd~*1m(>Mh(!RV;y@b>1~kv~XRb(t=nH-H@O=TdkT+;`C0
zr)p3L{6ab7oYoYBJ6{l{jT1SGI5~NFgl7EW(i0Q5n9QBa*57V?+JzJ|<90@y9=j!d
z46*ji9OImoai=mSE>!LuSr2cUS={LzH?Ss+9FnU`0FOV7-XOc$9Je(BfRDXqGbUXi
z(}I-Xc*cv+WQeh(iI7dF7huIeb3{NSy*$tbT@^#2$t(r;dKCY94l@YuGOvl*(6fg>
zG@=X!X|DhA<IiBL*z*IDJJzEQBF8)}z%s1OnceP=>T(vl2Om}uJxMI<KH7E{l49h}
zxUUAh&wur*rSRi}@vAL+K6v>v`lI2rtNF>PsT`O|%VG_cj!;ygqTQe)@2fA-lM9Ng
zH%e)tnVE#JAZcY0gex${sr64NuDQ~L3_k8?>B4*W;63XICh8<m>M|rRs@MUr#yGkO
z9$|jyR<2{E_!m62zeWyMU9FBhwI;dYQa;5<g5KTfx5L5r%FQPOnD}OQ>Ep)f?WJXL
z8{!jK*d^(=-3GtVIV(wL0%h~hW^?a2e(FnU`pM*WUofuG@Ol9BGOo`h<rNkqO0FZC
zmGcWD$%lRW_H;@MR~J`3KcOM+v1R0l@zUA7I<?yu^19yisf_$GQJ#d2qi=D1QSmXO
z$Hm2=2q_Qd;kQeZyYzJ7y!~bh5{?ntFZ~+3rg_N4zg9|o{u$XJ!^@2aA0{vAEA<Ef
z6LQbKoqUasxV*Yb<;s-tq{Kw;TwpCN;#?@Y|K6{Olu2S!siG1fqRtNyos5qV1HqN&
zyAkJa)Mpu?RL6@>Fce_qqZgFII}JUG*6dPSbnwXq&sV`S&Y*p#qe0cQlGDX#<|u9_
ztY!5Jt#6-3CYki`fyUlk#ws93jy4#)qsRf@73~dW&k8%coqOw=THc*deLNra1VzH>
zvp=04Fi`5#&P56qSBX~5ve77uY3N|=;64-rAA`=>@h=Ki$J-VR(K~nX`PfXaA7AEO
z+&u5_@#CwPFHfRj1$8E4gUoeX*%<KAB{iJ{vW+k)5HOIuUh;k5qw0;m`Xp>jqIG45
z)2m!{E?uS^*o7MxaEo~~d3muS?i0NhA&FF1h4VqO3JPB<DoAAP)VlW5%HEth($+a2
zEh|#%n_3VX{`vN3E{-D2P-#K2&)&LGvx)K_SL&XG$4plGpkbT5rNGDtrfDu;B|ggU
z;G2crkrmykt>iIO^1V}*yxBa#W~6o6-IYn`Ytya_?$BxelLJdewhnG?2|-nqSadon
zxMY5I&`fVj>!jB1FFw4CUG_!!6v{11Dk?iNJQkqZM88Q&Iff#jkg^`b!Wl$@gRfoZ
zKGO0!-2}p(3HbrzLX-p#$3ckdfjA@%bku~5>uDs;8rLo7GpOg-Q(06&uw{c{0&?H-
zl!_uI^quSY&)45@wtgw#!SgjgsHDNG>wd^5fca3*WFeC)EL_bgSGl48ht$pRctm#s
zO?R0P5n!ma=iosg%zc=Z=uhju(ap9Iuv~@UB`3wn?h@mKu!2XfjCIz`@%=+xvwq7K
z+&|@YZW=o!gPx<I49e{PjcPnIh=R0x1H3R*tH1xp@V0J9NZ9LgU6->->$AH~A<O0R
z^Us_V9By!0%vxMjt+F@wVMz(&$J>UlXe%UdtnQ&OUlIN9{rhuy@kGp1m?!=+z&3V9
zGsEd<zP($gB}I|~qbn9A+Ux)ph8Ne=#GaD-Gib;%#I7qKnCS#-OW|GO=HH;1px$V3
zn+QjOgeH5g;zZnhj5>b9b74GJVbzZh#mhOj8^haLOrLpk@TEuBM^Be9yQse6i^I-%
zxiwjx%%^cyVcla0dP5VcnV5Y`<7|s5>9K{9OG5u-5~>-^F^9H=$s$x1V0PTDIa|Di
zO%@|ldT5^?QslTndwQI^PvJm^mKRUQEheYpG9$P26iuCaf7(>td`;HK_spzWP7jUR
zT&+pl=KI8Yz%7rk4qng4JGt82914yCKtusVHQv2B0Zlj}reLDQ@7(b|0@cB#3Y;{F
z907VQdgNqad_=|l<mAv<ESD8~6Skq1r6n~#I}faejlv6m`Rtk2Cv~yv1(cZPC!IMj
zEa$v=n?EtNZa3*^AUun*v)eqi!69+>)8VJ`7RK`eub1y1XBhOLWrTLoMar-f9sk_O
zy?vY7hngbG3wC^0;h_oJKDw8LRi~bbnfT=RbEj`{NnZ~=dHu@r`ZkC8X~PfZ71D^Q
zt6OZ-LE1x1{UnD6k<8rTDi(9j67HDBWOjDJkRc(UJ~2Ays=fQkt|S!JXKy3P00cIk
zs71R;$M83oPh8*y1w=aJzHdOx?yEm&Bt<D9lC?zkXj`o(478yMH5B7HL|;5u5-vC<
zM}sKuF05^8nd&3e{XWUsnDmum4y~Ba+-$wrM|7uU>AYdABp~Zl1-<{GQGVlKtk$)h
zB{Gmgg`LKcNQ>#H^@7zEY_yyMy0#By<iaXf6j?r<r3X$9H;F}ow&Uz==xNX2->n)a
zj2d+xxqD7dB`uZRC4y?MQvjl~q;@s3BERT&#lb0{n`nP!rDuqhxJ#m*qNwvFn4cYr
zV7Zgf$e$@&n0P@%i|Fy83;<YW#y;Xd#?LCw91gbIvvd66>8F-0cKy<=-$XZ!gLy+@
z&t1$^j#Jd;grThuJ$@Xm&dd>gfCxnd79u^zVRTsE2+RfGtUx0+R>f3Xh{=C}!%~y_
zM2=W?Q+CSqzygbS17jnf03@08WvX4T{t1f@sqdoVRb>5g+lsxm#~?EF6jAL{t@PZR
zTWNWzX_0h6R;HOn(lMzE8zV|AqBW|j6hC|!GO+pWrl=WfEgp}ve8j5}1U{Hs0jC(z
zTV*x$*$hD?w6by3zNPkdcIFEg#-VOTJVW=f0h>9yjorW)n+M)LV-rvnA1?yQU#DC&
z2oxO!JmSEdoEXh>D$BK1Z>gepK^>~0sW~`JHEiO;O}CxmlN|B1pI(!lf7m9-PFwZ0
zTcE5`(BrL^5kCPtBm|-E0AdAFE{S2D2Rrck_3KabeOeN<A8nZ#SRZwzw|4Q&j`o|b
zM?JaVhkr2o)?$P$S0{Axrd6S_jW8LA+!UH8Y)${Ksrc(K6G;e|Q2^s4`@f~~m-XX{
zkBW+_N&9sm)27>*^31J9tht;H{)yGrkoqUyGBpEK=3U3z8h7*aI|{YDiizzKe&bWh
zniuwT%OqlZ_s?KQ`L<?_t)ee82xT2*U+<v66U^xfOw7Vy0yq0UyI13f480%So?Z0u
zDkiX75V%%z#h_HqjDV0gH2T4dZnU(xk3EiMY+r1~Il8fF)tiAqK-LWB;EEZRHk})8
zr~)M)!Du^|-s{$-^t7^Sr|&Q9qFxNLLmq_c$HdCoC(OZORl7J_!dC@vp!hOX)aroD
z4m}-~i4M}d6~L)de`I_*66FV2mC^bn%GF}weJ2(bYer8oa)kd=>v`YJ(<G`cHmzQK
zam}Ul#nVr3jeo2*)_U*Mg*rO%PJJFl1}8M!i0@_DX4|hj{%LLl;>;HJ{{CICogju#
z#EP1POdH@*>1@JcQ<jKR!^;PyERmTRO9fu@{(bxF&gv>EG}$iO<QP@5X%jo~BE!4U
zs*^e0;3$*g`CA+Zj3!ZeZ1BSA)u~5HgD?ar9E?R_)nr&wo%-~-7H0e7ul$HG#vP&Z
zI^al6{Kg7nyF;et?-y=*vwYU9j(c;VFm+n4$HyCyL&nX$WTX}1-yDcD>hpLL?K?G#
z#&~SeQk`qG*sP~Vke=n1*^6E~nbt2=&9hlgXbl=uY@na+UNhTX37U&2=dD$Q<_e=W
z?pERa5D9?;r*kV-_jZDc_H%$Vpd7x+GTrR;R?#`U{x$-Oye!@LQ!0gF*t200ee2$K
z+0!FvX6&3$Ng?CqfW{AHbBW9ZGLsVMJ37s+ex5Y!U>-o??YYl^{Oi;Z7Bt$U|37Cn
zO3;HruTyiA(Qzphhx0J7vV&*JlO!>FTBs|GEnoatX}VeLHKVI-(EB}yD-~>jOe*I+
zE{RlLWV^}YkX%{8rlG^5ARG;j>ouHa@N`Byv>_4#Rht{84JMHtkXvyl_*}s@OKUkD
zq-_*k3~3#F-RDAj%*SZ=HU-uVCD+oPe5|ZAc-7QKe@*Y>S92ZoitOaBJlwR*DmcqY
z&w1csOY@mdk1eNrOv<319w6v_+gvu|yjz#?Iyw)k#Zo8REB*J6#eyDB3?BuDKH%JF
zX{-x7lfI*GpcFHReT1_NO&Xn+R!Nj?+BpzUR7pWSju)Ii{cWjgX%G(YxKiUiE#hi$
zdZ-0kG%c=6>9w`}n?8R0dB^eQ)Ov=;oOV1=Vi++hPWk7DiVApf*5hdDz5Dj<I?zuj
zqp_6rqmurBj{T$QMX9Ext7B>oC|AvL93EfdUoT#rM=Y<)AzwI?ub|tFrdQ^u$*eO!
z?l5hK$|cY!8q%FA0P*zx{I!%Ig15+ndqEmuBJ%Sy=%-_rf<PoKG;mr|_W81~qcPE_
z4V0CoEJ>4A3#LY(kt;a6FaAK5hPP31VyzyLm5o~6`tBLA@NyK91)QRSHvlWrhK%0I
zjTU48!yuSE@;_(IMHXOXCP(%mjBFX08b}fXijpT!226H$gU<E5!Uz@wWLS?8#QQ%d
zt6Tc0&y1=kkHxzw`o)ep$Hx{?=us_#i7@4Ehu@yVjxO!urm6++$+eU5KXU~TBjclX
z)QIueOk2hgL8>8(MsF??LJT7M&rA6@yUj2S4Hx9AM3{59i@WW_8)c{XWd+l;MzwCc
zb?tk+Wrrn8r_IS+oV#-EXgSj)xzm4cIQ6n@x9wLz)`i#u^W$FcLg=q>u>G)*sW$gz
zHole+>@E?J?kd7V-Q`~SzoSie8UG5DuY=GHkA3KQN&?j0G`282s0_8Vu24f2of>0;
z84WFOfLWNL@oLNNX5V9YuRUAW-n<%V`{)Yc@OJ&l8n^`z{^aKYIp;$Rg@|x);Xtwu
zOwziUhg63XYK!#b4e!Kpf;fA8GVx}P5EL~vUBzN}{Nr<{zKQow?6Rtbqde|x@jt(=
zi(}Sl({{&;{M4i9yYbPiQCK*l&n3s)OpOuR+7>;Fj@x)yF|Pr0H7y9@iQAQJuHVjF
zE|t;l12v98zYk75vQt-g2ydEpuhY1x#A~7DH}k&ff4n(!UAP!|U}aTd?J@SadbbWr
zJvy#9-^*eqDgb~7hwa8(jba;H^F@@A-V5J7<-nS;i|5Wgm~U@xa+#4s^G=T0KZB_;
zMo_G#DmN+d{cK4}#Y3=jCMST%3UG)}WM$dPKWmyf!o_$`LfjtxTjKel3q(f1Ibj2I
z7ur}<yYxOc%1O<z3%>$XZ17>xKJaLFv36Lks=0n(!CED%&_9f>A+-l-91Nvz?DgGZ
zZSp<(@Wr(esMLo?mtC++x+dG@>_Wqc3s;&yjTOHA=<d6C?tnP+)Q$w|7^KPzHl$vC
z`Qky{jJbvWi_-uoLk#yw`1I*{QY`wGSC_AH6LOWcqW@Ny;`#Z*henn^fc^;UG<iY8
zrA$v}Y5KzF2%--SnilZr?SIQbrAt?>KZl<tI)>2$G1BdgA1-u@{Jl>r^^3kOTkYy-
z{IwXTQAS1?FbL!sARmAw+8gi!Ud1vb%|PXHV^2JuQ#znaVc?qKWAz5wZ}K^M^~RIZ
z4iP3lfBy6W+-5UT!2#ouSM~!?mw|VB{bc;7#kQu83kwW9GwYghS?XACz7|e2wV@~p
zdI}F>=MHSFK@*9WkY_ht+P__2m0yjGkALpzvAeC`GH;GPW{=zlAG&*2ItIoL0{E>Y
zEG<QsWx=kzigN1}M1U|B%XHZ%tW98);N^Mq$~Jxg-07CP?Z@Yi{;$i6f$b~&qs$!<
zN+aSZ`6`DZ8rY71fYX`Y9B!VTOwmK&#hxLZCU}2(wMLI9F%%U-B$E(eq=p=v>RaWy
z)!iL!Of?}Gq(_v!+&R-VyEySfSd_|Rht6l6+5_57peLfUUzY4LHP|lR$#mLdt3z_A
z5+nr0FbC*7E-3ph{abr=FHUsrpAVzNh?g!ydUkvC(!ltMRa5iBV<p#22+1hhI5oih
z+_O3AQVtG9l3f-#elJ-oOZocH=%Zoq3*!!f`8cJOV_bB?IRy|*a@>-JBArdjFfGv)
zRxic?8Gi=5)D{6n(26h(0>wUUB>rrIlfXE@4bWQ%0?Dmffmu3(4}V}i(YOy8=(H%w
zsAK){`lg0eZ&i%uO?nunWejeQ@-DH<6m)IK+WWiAEUH_!Izaj79lJ{`*JXs}ff?cF
zbxm0!WFTDzL#5v!t?w_wow}{fgQ$tBYjdSO_?-WG^vaDV+3y?ZGs~T2{Kwd2coX74
zRSg+|^HcQVgPgncl@*ASYqz!Rkff`Z-tq@7w>}Zp;GngLK#ae{dp`Z>(j%+|)K<yQ
zkWz=vd5316%mA@N!>sqd0SC>@pkj@CbTlqowpjIC1$WaVc$3b9!-&Eaod$i$@C#eG
zK9cnm@7%kGh<Q+8J^><=nijzk+_?kRJUz!i_Kuh!4G{~1$sA`SIcyP^;?AS*hA;#x
z+a2Pt?fo4$&pHx{Uv^UBtcEmt78g%R-ChQaAHi)zv@0F;E`3{4ML=w6j}lf4vu+20
zO?U{}rlE%o3C$S0=9wTo1Lv67>17^86_0~2$D;0P5|9-#@|@~;?e6#Gmh^JE5`BKa
zV0sbse&GpeQrg9xPRHzg41Lv}=!%J+6>MGVh_bR{NBq94k0%x{`WImULr2P#Q21U*
zK9{7WNZXoo*749a^MC5z(!`Q$_o#c%2pFqT_L*MWQ}ozQD|zK;as8<W%lSU>eluCq
z`sM+ZCzf-wE%)m)9E2Cbm8>D%KyD6m6S{O+p&5!129+UW_*f^%0O*LrP+UW<P-#)f
zZ~OW6LUgpY{he;gfgOk4p#f99py4c2#Clu{*Qa*KBJh|+(5I!rZ-U@t=xF8Fl?N0$
z)Ekzhys-$3>6o3!+Qy+aFLkF$gHHDTD@8$P8%A`gspEA%IFfg!5nJ!nfi}Dcr(UMf
ze($WD^?YJxZ8d+fNA9Rp_kWwGZPTY3&6-8B(LQAf)wF#zi_n;pe8_W3{&W~W9%Kxp
z^6m@6D*34phmt$IbL}=^2<22X(gc=ys&p?gC8Y`e8OUzq#*N8K@MSXuN#1ORN-wGQ
z?T?3su1{Igw{HlHn$Cm?*)t@ZC8??@Y3{ynAc%}G6TPkK$=?T#b{ZU&ob1LTqYs0Y
z0nMSff>{ij2`NOXFo)Jes;nV)*4aG6OJ4U9>VEuCUe@8>w%8^5UB<0vnj!XNU@5t=
zYh?dK4qrMwZe9iWGHT_oP;##v<Got{aP#G+XL7vrZ?7dLlE{I-Bb1U8tBtL)n~t_?
zvFe5OToJDGdi%<)wRj?Pz~A3r?f4vvE@N%m#SJ1omRYj!*nZ0C$eiHV?t0-(>7p|J
ztyWthgJ;#+{ArY30bBml`6aGHpI+C}kRHPz)sN>c2K9JpWbAlWgrm;gUwzK@n#NfY
z{$IVCh>ah_nz+cz7HbalIWt;&@v7k$-re}v+p_DnUyBwGFpIx%;&x*K>q%N_h?-ib
z>_k?zqyRJSH*=An@@vE@!{!_l^P4|B0`fjM<BTyA(+9fX8Di@=XFT~7ouYs0!{fL|
zbbpWUXuT0@=+RlnvnuMOWaQoG&maPNT%Tv&YFJ_1^N$cX&t|eynDStk?wX_PFZ3`<
z8{TyL_=B<MY8J}9ITI1F6p8z8kHH$QpZOT`Uu!SyQlI*?vNU3RVb9YAcb_I|1t^|N
z%{{+PTT6N8ML8DLi>yPbbzujg@cPNhJ|4b#%IVy*Nt=l=chp)mJAM~dk<9C18IHrX
zpJ-II7G4Ps`+e}ijMB+QSD!qRE$yAHfyip2sk%=lGx%;_AGQPQ3bV_gCKQ^lu&+d5
zI8|P5tIO1CzU-&%)ia#l$OFvgGlc<}%cXYnPgg?cJ6$u&{P=ggtK6(HTYarp-uje&
zjN2Obe-FRhnODYsJRbo_Y9lLE5;tU#H*!ukH2*>+no7ngvA%W13xlFRGab%2pH#bg
zym$Zp$I*c`rgBIRKI{O;VIVOwWbx9aSo2ppJCEwIdvnd3FI+olDnW3v4`J@cW>uD*
z*gBb13+dE}wL#z!Fi%n!Z>*V!tP#pKJLJZAKy~FqH7{~9s$W<y>fBa)(^HvO>ueEt
z1G1_|KlTctrQ~;FxjV8Y#o@R16It<*{rUHiX*-P@&gIWpQhObek9zOnN(}_&gAePK
zey5$_(8g)~wXbBJ0@pYyRcvB!8dX+b*u@d>z(LDSHz+u`=&xlxmR^O02_nouYa~1B
zaZk9_pt7vY%=ozYKgK#fRJweZjZ=Pau***wxaw<-A-@vninQdu0Mh|I;0}i7vtBgB
z;N0!JJe(-sXp1>-HJt1U_2zY1a;CLrIerALJl51=aF-<~=Z#96Z#-2lZlZn{b?c-L
zU(VH3TYvoWYiCWw)vMnTqm?@YO#xI5|598~QD>tv3YV--vf5$8NM|yKB|M_&5D38P
zw=V8MOh;+yoMAQP$KQ&{66%xur2Cz|cyS6rR|x%ba%5(EmHnp$FyMXmv8=&_11}6|
ziK$w?>YIdn^Ef|SDna%03cMI4t@G8J_p}k@X|d>=C?brH4f|IK;DhrRpOe{DGlK|3
z5@by<!Ccg-&<Rqvxdm7mGI17$o9dA62B7a`S(%N(L7t|Bk2DIE?QU*JQix>$w!wdN
z?btim|GH=g<%_k}lm87$k~ABIT7mVmuNB+h@W6Z^$csx-Bn3r<oz&Rb-3>1-aId`6
zUCPI7;lg~oOAK?M(hbZP>&Ja^#CN|uGENj|wQ3&vHy1{-Zi?lFMcPEtw3H%!gqps~
zvS)BN*A``vfo;kXPyE2Z;3CdBV}`Pl(m#|t8Nqb(!0(}RSn0R8(iyrnV2Y>wg(@i4
z04X2$f5X)RS~G1lAoc!SJaFJ1#4a=kf<Yi$=<R?koJ*ulF<;YV{d)T9zpl@VG-*`Q
zRI@o6`|iI->B>7HpkVsQkbx66pU-vffcWCi(EmBw-+B=YUErO;b>)^}YsmFZ7EEa9
zb0jhoHhok&Y=|9QumQCceO23kjufy&*Q4UwIDV3nl7Vs{#NFFL2Sizx*{J{TxwuU{
zF<)(HEYvnjw|)Ee6{@1<<nK)D=VZu-6f$`f`3m^py?Y}WRtdSoG)|tLIP@1`>}_Hi
zE?Q5ywBRQ9PM@3oVd)!xM!Ghv|5qK<s^~uXq^rX}mizOfrM#Ph!oBwm5X|6$4mLJr
zMDtl%qCIChZlqj;S{WZP8S%M98!3ip11_SH6r;4%)IL)5^Yzs|=ZcHQS!nt<__JH<
zG$aurg|wwY8ND>d2=aCSNoD<vv43UlLay`n{*+c!`RxT8*>}~|&v{1lg@o%eyR9D0
z40}m;Z|)5sIYXr|h80E}h)E}6+hCI3e&v7GeoiaXFJiter6LA~bY8PYTKK^FwzE5}
zf9lwz?VIV$(OB@_B?M4)_sIy>L^zH!rHz1;I@BZ<RRcx&g(WHGirwVF%>PkYs=Hf@
z0+^>$|4%_dzrRZ+z6bC#CFz3)NCK=9VxppKWH<AANs|Oh5RzT1_RLp<H{b}b9Ra;d
zZ@TW~wJ+$2@h4DOV7$4l@!5Z%Ckc&?`M;0~2V9d0`#bnse0ozT<M}732TkVviaILQ
zWy{`hc7og<n<FMxuy$$p0W68y0j2^}0(|zf1w3m^K^fXcm=mT|4I)hWg1(DtWC2t!
z<x@II=zVUD6V)1pk?a549^;W^i%MwHx=!9dxOZ=$p%U=qHZEoM6m~9fF_2;+GkAcc
z4ZxoQFx?3i=lPv7MFO=^oId4^!r}C9SJtrphW{;Lv-VsRWV}brQT8$0315@?kCYZH
z0(FDJ!H}@97dUfh9BFJ3vFrFQ*v%ObK5;9ni8;@QF$z+2Ll3O0TTD_xz_m{G|D|<)
zj0EeVZ$zyLi3=u86**c{Q;apnkZNpfjF^eB8Jy}M@mCndNzMs1pXs}v=+TgGgobwP
zn~D>V8JjUHoZGRXU#J<Uzd==M{zLm;G3%9yqyu52Ivkqu{TwToI27gpi7bu6L^miY
zf8G+q9LGl-5Q&eTLS%CCf>Wj<u;aFkoH<BP@#Bm=?t!Wes+5U<SD3OqYLqjIBBCkd
z6Sfl<XYJV(eYgN+q(Nt*jT_xP16RGwNjpa}8bwvu*t!31*4q$e5AMjLN})$5{T6E}
zq&cvz6NK02=VRcmd6a$jS}b177?O?xXga?9>W98=H;_6|CnH3M$G{x{tt0+kvg}Al
zL3@Z8muZUu?!`Rw_EJ(~%{TBX8waCgP`;nE+rtV4F51<YqMm;hXKml^eZ=ts4fBWu
zZ*h(wChB(Fh<rf_p{%V9F)Bg^tRuOn1cKEqS+(jt5CADE2%c!x8t9DBeo(LAgtJe2
zj)7wUEb#M81(s>&*ZtYiSK2+;_TS?4QtZ`fihE;Z&@+w&0yxG;EL*y?$X*jfP(nbR
zNXct#U9OnTFHA>uMUH9oBU*uhJ$s5lH7sC1Utd=9N2Kvv)~`Qo6y3?!4*#62-_@L3
z;vsUp-T$3bHXP3gz2_MLbF!CMT!J@E167Hj$61n^`U?SxAoSQB#at)+FkpbOcdsGn
z;C`kwrbH5lU4w?9&|_N)0{Do+gw1Oj-k?;_yR!a&`=YKZ^g4Ei099%#HaXzuRJ4B-
zqkIA=MT!jA&Rb+Y^EKu6zpJPiga4e17j8DbfC0G8Y-WCYI*mRuLolyOq<{AIIaRKl
z5s}OHiPAu$|L@n4-wm$_S6Cawxp(RLXO@=ouwlz(If$hM200@yz*7pB?Ay~18vv<O
z92}4BM|SIgvRSr&|4;AVZ$Ux82BM~Y_VOiHBD;(qG4AJU@iF%Q{~n{@XFT}EVbnn6
z!;5t(#H>%I8%}D0JDuUypRbpC^6qz?vj7v=LgH1Qz0s4s82@K)-&Pzy!f?HE=DjiM
zm}<I}Tc0;i{NL$*HC@DAI^xd1X-zvC+jA`;LF8i(I6)5e7lwtLJSpNL{Ef+5>y^-6
zQtv<k1BG!pUBenDMACqLzh%kiLiWR1HgKYwjp)-95p_<wuzF9<u(#F{|2t@cs%cx;
z>u5Y`dyNd~EMPYsFP$P9(g>6Vv*BQYI+Jx;;J7+`+bNX8FxHs<OjUTvxpwO-YQ#(G
zkMaLkEr6(hex3T0Y*%<Qq}FbbO)`Ssh(2OE1vx3$>knK8fW+*ZslM#g`=&p?w;wiq
z>^+-M89<3O*ATQmdc@(sI&86cd3d$EJL&>?e}5IB=k!jQhELdn0AdrOauE|hnD>eH
z)3aA|0=i2UD!N(@R*>iR0!SYI)(=&vL_s_GJFk=1F9)IeZc&DUtsiDZdOWN>IA#d|
z_4G{R!g}<2uw?OR5mD{MFeVF&;Q4Cp1TuM$U|+7JARx$QHA<!7!zBc?iN5+m25GmS
zzkJEBr)qauk&KG0u*$7jjQa!=I$FwqMKU$r#F{0?Etg*nLTqGcSmvVRlGW}W*O+RE
zlo-Otjn3W4ohk@y3w&Z1F03VGWL`I8NnX}k>A#sEKz3;MY&*5Ab$0H0q0>+>K<I71
z>&JAU+L24xH*sxrx9VqMX_=Mq&D-0XEq$a4;|f!rO-#fTL-NdZJ=ll57o#tca!t+e
zyigpzRgpNroNcIGU2fP<bQZPa-jqo`scJx&OvFfR>+%9W7)|b*{BiC6B#er_i>CDS
z)j@ssqB-J>_|2B3s)g8gJ&u>}`I^m)Bt<KH=FD<@>QuTC!aw+u7iKzSiAm2j$~0Ow
zKkhp|LV+9WZ*ZVCsJL`CT^kMm28!b3h!Lcy1mxPu&g$Rn`M{iH`t=((etvMO&B8yl
z<Qz-Mvv;4o3ee6~6gFZCm?*XVp+{aQ7d!S;J|qse@!<6S$D$gT&sam(6y^;BOJMvR
z8M4>lG}?^vYX-=BIg=!WB_qeFt9S9L@NB7@sk39C;KJPBmg}MoWq+3z4<Jj9A#o(Q
zm@MzUN`hF&^`I!V<MyRl5_7Y7u^3kKYM&@@+_6K#Kbs$zy17fuq8FTN;L&$}YOi~x
zL!Ot6KbRz%uRZ<GAq1gA1dw^k06rHT-XN_S)i`f6S*C-g)`HO;cD>7ZH*Mxj|NN*A
zzjWC3uXOd4ddyPl!MVe*lhvzB&M)M~a=zR`$XW#XMgmnAj(23{_}#J-xjDQVipJS*
zojtn{3ykYFW)5?8<X6K?a7kBwV{Z7}hzTL)%N(~)au`W<cu3QW`;K>N_OYkD{2Y@l
zE-sPZ)De!L7?@##0+I<3gJK6_U_i<j{)U4BC3&>L_y|urqk?)O6Mo?~Dsv8<<M(rk
zxIlv^j&|#KAbzeHgrrKFm7@HHX#n9EFB--Br+TB@{@eDN<-_)v#LhG@V6FI%z)d8x
z#B1`&gLyyZSG~l}Iq>PI{WCZfe0K8!`D{TR1Cwivzi!3L*{U4b3ajz^^_J4O=jFFK
zeXya!DxtjwcgD9yqt0m#jffN|l-$;J>k>jk`@uiq@g|{2E-sjx{If|_LlgG|E$y!E
zr$~+3r9bE!<6St0eA0=Ix3#m=?=u-KA4foWa`b#PJeo%gm9RWf8E_pc75@75iyQGo
zxB@Psnwq&L$Q;&+a}0s_FGfas=i3)lxhe-fKQpr{&JBmp7na?6!AR+XVSl~N#B5X7
zTv(W-JZ@ay>_jmM;)gJxj3--gU=#oC)iDg=u!Ejg#S@(g3%Kt3_HAEsn$C8%(h=Tr
zNN_O6Ex82ib>wv(BF;{AZ*rY{@??0pdwu0Bo!-`J!Gz9ZTR>y4aPWOundyQBL}%vP
zXwZnUP3g8de>mB2+l<so=>6B|Y92?*h2B<XdYlsfxJr-Rk<~kYcM-fzV#mlzHy%f)
z>~Mv?fFO{=hs8OtkbDgxg;mfh>4(4;DROZWV46fmR9F8h&0{+$yO%Dl2LZr@RAyZ;
zth}^~+?L<>>p&d1Z@6rTAE6K;Kp&5Huo1TMXT(=rc86(4lSH5Eo@ui|5Ewzb__BS+
zg*4C6R2h{U(bXB1T9A=6P+q3}jp6b#{wA@anbW-WA6p3a;=eBAlqDlurs|fq5fbqW
z(Oy&CZi%0YF>Si47w9Kfooh3ljA|9<nrfAWaqq?Ho|B?Sef;{>M0FtU<fBBaSZqq?
zwD$LCuT%Tz2}W|GCfjVk?x{a(C7j-B=?*4SuyJsLsP36)BkT8ThtXL%6-ASpLG|2o
z1@*J$&W-)Hl<ibo?_WS;E$DGEkg!CLVE$tOeXX*F#-Z>xbhgi~>q9;LZvJ!;@?~ft
z#VbRZxdxsML55X+_bfdLZrsCFY^y~U7VYvbu?)+u8}lTdOq6UZc}mwc<t7k2oK13a
zBL>TVBloU!b^oEZ#l`nc+v*NGRi2qLNaOso+-KI)_AMpIVCYu$OEdPXAClcZ+s-a;
zr`<R;LyM^00pB*aORh-1oId4U(Vvl93fK2i9bY=7(IqJ<_5QujcPHP!JLZ0`K7BBh
z-Gr8d8`(A9Fk@vBDV1kluYgR$gouKmjRNB6%7!M_lom`QFbYhQsS+baM=nSdJXcV^
z!*`GzrXB7fHxoV(mz`KEE?s&HIS9or9Qzsy$=VOJOkmt}YY5};Ks{(&RLJygb93_^
zefwImh}j1xPK@l;smc{xmY^ZdRUk9i4Gul(-UoMZT7xujOp56|s@)u3l4KA!zrgNN
zl)360bU_ws!JCXnF`2?`q5jYze+CWJ(Mg^<#)3!-y81nTny5nqT6c#ejkKAt^Wg4^
zWW?FFHHY7=(hN0<rpGpon}67_?WD4g+m=aZNA{nx{wk@P1F{gfLMeO?!tr9a(_pdL
zj=*uXUhJ6I#Q_o<*T$6v?b}ws*EAe9|1pCZ21oJc(`}~rluB%Vl-bM6tCc6UjW$+S
zmt-1_&DSN)HIZ9OHs9xRVHiXC^@S?Es0P4^xc-@l>VZn>MHBrLEY;(AkvDEq8-Niz
zzCTIG?8=qOXiPOUY?7X1FCf3QXeB`W_HEmo-ou0L=n`Dp-S_LjqJ}F0KX&V%GVOYd
zh)9%Ik(*+ta+t1IF;xBlQ#aajdngUKM~I3(m|WewXmiq>g$#<TY7(9zykIe0vS-NW
z@gfYBcAmV;EBMva<oJG|rhSL-RY&vfcPa0wXoLqh^dIxsf6o(L&la8Pi79|;jw6nu
zWYnEFamfUxuZZ@9c$yQn;7+aNovS!*M~@*UUVK|_e`$fNUvc$DbO0-h<jfb3S5u3>
zc@yyB(BIJ<r^%apJ!@%N`Aw~`pcz+WUGBA&xyd8Sta%N8ZRmfWO!olRK(9TBbif?&
z)>AW)OY`k!g;(pZQjYtc%bi#>6BX{iem!Z_sDt{aGHPDa=B-_`24gE^rP#f&L)WLg
zqSu7nj_r4%pCDuakBRX)0+WyEtO+g*<7dM^iW<2IlLT*$YHD<1>zRYVk30V9>6Z@C
z=Ao=(&h~)=TWiawIdnpnX~L5arhGNx{HmxUaD*|~$BT|KrZz=BTO-SI*XH@1_jYlP
zpS(_At<7B_Z@h(C?}?pFJU?Dr`eg2V*Oc10t7BL#(%HzcUF0!ELqA8Gb8g?LpC{G{
zcI(!S49usXC1pkHN2FQoFWXPS*Y-y)Bj9titTZeqOy6Nc`_-#E?=7T2VV~G*awXA>
zqE+bJc`rwI&%T4SdeWVP&!0TmwP<;?IU_#I7cB}43v0#=K0e~!$|P=57Gk7rY4q&A
z{4K6cvfiXj6rU{K2+Bh5+GF=Flh||f)u>c3oG{Qdi9drlT&{E43)L^x?V1g|Pe@a@
zVx*$FXRywQks}k%p2eBbC2pM)1h@Yx4e2wOpT<XsiF@ZU36mVXbb{B$jaNtk1V>?}
zDI#oz?K2c#^xEZ^S5aq}O04mc4^PkSAO<3C@pdDlPD^^Xxs@33jhgL<oDF!I#=2eO
zd+ZhsTrYeyA+I^yG}8a3kojJQ(xt>WmRI3e$+&D?2!2AyjG|4qQmP{8{9a%G;>M<P
zm^Nno0UYFMO>4hh5H=<fkmJ$(O<c&A;{7uoJ?c5beNfugT5O^sh<LSulKbIWUEmik
z!z&?r$R<|b51gkG1bVb2-E--LjJwPbq@9U2RVh2vPwS?HK&u#V-~f}jkW#OwY(3qw
zyOZ{~ap~(T{5JmqgjoA5affNuXldR!$Q~jLF60-(lQ~7jtf9%BWJ*WN?H2<ozO=9p
zC`)sWxHa~wZ3S!yOz75GT3TtTrK!~)e&^vEQjoTXwmo%x??0_$(a^a*_1X0V-w#>T
z$K9--w3OpkR0+0p5s5>yuJ`(w#(@OA`Z%E!uO#U=j-4yY%h&(<vGz*~<vF7zBRCko
z>S`R;KZQD5JlLi5!bm*2J#o&OHRrJzELrjjnH!JGG1>DX-7ODXQ6Y(@m{Uoy8-3aY
z9UU(23V;dr*u!O^SV$M`FJFG=sQO|<|Mxr(UZO-Rawgg!R=FrCz1G%OA2RDAEf1z6
z3IuWmP*xK;I)3AaGHkJc4euMk0Z}OeWH-70ArlF7C%fE*O~lv+3^fZE_KPr~qm4~X
zO>Oo-ahO%^!e9#&b&>an3Eo93F?-W|qP?T5e%!}8<4@B0^K&NMATo%gP7B6RQ<vT@
z+Zhtl7a0KgNYcrGK~UEqC!8w;jq>GbNts87*z%iHJSYdV%`XN{-n_`?Y++cI#y%X1
z4q5<GTp_~)Ok#0eWamYh$0fG6xwOD2`eA<l?!u}pPlZJut|`n%`^*yp1zs|;gwtNO
zXv(IKL8dB?|0K7(pVG>rmD~}@L*;-TW+%7y`Q_<@4`V3;ZRf_4+b`w3*3M3HZ3*{q
zJ1HrCHpfxuoTCvD#%GGb?C6Qf=h|m`tT}v;kb#Eg-Zz5u;m0!#+P81dSQZTThmJ~p
zI~Z746&16l=cz~457xw($GN728%1NdVy`neNgG?t1g`}Po>7#S84ed1DAn}q7pxv~
zJ$tUR7ft1}SKHVif|Xny&JKV6nIYpklVto)+f40V<MSi6xWmi-CnSr^8qK>WiQ;LL
zc6k-p?%~LpY546^$^9o!u7VJuvdYuuTtkTt+sAj*WMt5*V48vh6)0z-jJgZnGtTHv
zn85ixPEj%Px1ZwF$=MgY&Eq(6(9=J*w3iS>k}#mC&1;8QSNjPWEZk#rluzC-`F*tK
zp@gkirRA<2T{6=DWS2(ul6$R$Z^X?vGT1*@7Qn(WDh*Aw{+9NwBicy_<bN5x>?7Iw
z!CcNyUI0pM6IC9@2-XV<_c{&kv6~5q0HIeJ#Og09$|1HSdM|`r_J_`LkWPL9mm}}-
zH~I%nf%=1seo@Wg2)Os6nojufy}8lmn8_m7rq;XN<c7+88sGhd6B9jO7<*!c2Dh9)
zt~K)DH0Guuu}HXx@C&Y{NBLD2;&ip(BWgW4#$Mde*`?*hfH$xv+ix--B>gLr^-rB0
zzRmz0AKEvA!8`ogyI<ml2Y;&0$V6;=W$kj}i_6QWj_>M41a0F=eRX5yz)UZMB8CmE
zNc_3_a*iXBI;F1V(Y*1YLVe+=bfqVI$O4)BQN4$}d<zL(<5ax(T-Q#EhR%mAIORvE
zsCX++3d~n3Z~-8Qs@R9bfU%no_9#kE5i+RRXI&J*vG8#DwKJ1J0FS&AhjchO#T!NM
zoND|r*o%gcF5;2N#dGeM5|Qw6v0~BEkaf8>P$;8iTa*qYhkZ2)KtG|a%lSSDuEUC^
zxRf!uz%=WJPlhmNQ_2$_a9p~YW~jKGxbLGLRbzY{7T&R3e*!lgFk`S07pbrQj<ubx
zNlN)l{WwN?(xI!5K0VYPIB8o{acO;%I}T8ArIRNwn#UnzGu&lTRp;hXFr4=ac^qE`
z8Ze^IYD9YOlcy*t<<J8v^&s+_*;pYVA+b?W1oi_BXUr5@@7`lnGvX`^GmsAEnOfez
z-y=czc6aWah2z={u-tX{aQBU~M{8+8RDx7!hBAhrmIF=yR5ue1{a-u8p0pm=2C*-Y
zPo}~#{ZsOsfMBmM+yn>6IA?x09nq(A-g?r#!Ow{U4@f?9@}#x9`$V5i?+rH%AOd=|
ztO6SrWy}wG{Fo){0JV@IGtqHc;BBrNFis*D7A&CApvlA+0P}rm!Dl+qrAyWO>}9T9
z1HcLS+H-nkXT8GJ$jSY<GarsYEF9n53=UpzDIH{`{iv=(m^L{xd()klFZ+9Du9q+Q
zfcyOaF?HqvIjwEmzcVBaWJ(exNg|3O(I81eQf)&6G9;Ob3Q0*Sp$Hixl_V)sk`hrQ
zq`AzMkjhYqB=!B4{qFbu{PXN*Z*<>lUBh`E=P@*1gQVav`bc)Q^x(;9ToT+kgmg}r
zJ2lSQ^F!gC7cVl91h^&3p9}02#H{*&>pf1wdX3qczvf?95dFE|v;`j_Bc8dlo5CJs
zwz^}dp}0sM;J)t71x$!IGk5_QZOEGp5Z{QI2}P%^#<kO@MV8rjhm1QmOI+#Tf@N`^
z>t>r~?r=3`v(Vq@em38`|88|>!Gf^*+b?z{`|A%jyfZQ%3+BTd+;l}q7}Km3L^LVj
zkkv8c=@$k~+T6Ir`rXz19q%2D^mr3^VUSfo0-s>8NAT#(LI2~`^Qn#bF8^|)m)Gag
zgg$#Gnw{_D`!XvbHU0fFm~tZy=9Om1f7mzoh-Uu*1G;bRrqZZC`5jG#+MwF@0>AdD
zPkXyvR&VQIDu3q0li#ha^l!3iDpMR&58{@w>O&R%aq+O@p6@E09wh`{RT*`T&3)iW
z;$!5pr%xLj6!u!q810O<NXR6~Jo79oYYFZ6nRQ!f`>`pow;>!TK>xZpGl1q^fh0vL
zi)NTku^sLzC!#rYx@cE%Q{6`?rKCYY3X+V0t#)*n$(f4gTSJbAv!^iY&Jve0$a9(s
z4fW;^RV~pHhO`_Vh2sXa2L|O*BBp!P#hg?+zppAPPV&-ju4%+yjHJ(;>|lI_pgi9h
z6(-m3&@GgMSdLlS3)U5mdsIxeAj8~cE12lI=J*CMHV^Vx@&U$rq16zd$GbKthi=66
zaY*q~Pnmopyj_a@&#(sW`1cO2@&V8|b5b}nt<-J5%&H234{|1T#fxs@zY%`{BC&gZ
zHa22?v$Mv6D<1mZD7leFOq70o1G1!{CAHzl&!4xMT7w6}Q-BlwxaV+tMqhLuzQ5k}
zm+us89z14TkP~Z?Lh4&nQyl_Vx(B`<UB?o6d6f2O_HnFPd+<Hw3)RuwIsTHZP%uF$
z!D=L~{a~6coeipAH93MSe{q!RH5|ceIA|PuPnO(fHPyuA^{s8Bt{`cm3E`mdx%1=m
zs}q#(GM%5sO-;ltyNf~`Eu$kI-|l}nA_#_cu$SjZi?c>UF8GGj=7C+<@hFZS1s#&e
zZWM{m*=j@;th~GcZ$%~(ZeCtN8}A}phtfQ69#``DeX4h#&1Gg!*$FLmuzn?iCO~gK
zDBvp1$g*XfBl?_MleO{-+G3h7W*Gd!j_;;gug3>c%&RNKLnUNaP8lfgeeCXy>GEC_
zKIkBE2mtOPKMgJu)d(l?QlD;Np?5o}j($|rBv^JmAJ%(WLwzDB@b8aT3(T9Z<L&ik
zOIdJ0!`DRDfUJvy+ZJT)4tnoFp}~L)2jyuhbIDv`w3xH>vXweT9}aE)0XG%GV?3s&
z9m>AmBPdCM!;(cqD&mq;yvWa$w~eqnQ<gRErry#$TkCOQ;U(TOdsI0oZG6`&>}JzV
z0B)y$S^|Ip88e>5J=fk|U(~K$;HFsXrgvs)5zOkK`>IZ-?%15}dB95mK_F-LTIRU3
zw-;b`@s=ADX)Bj6cPY5P+}SxjEzPACiO;Zk_Y)6>hfh)1uC1;v5jND-<DzHYRYq)g
zFPdd;6<%RN(r?%XQ=)W2Ljr-T!qb<#ys&fgMpqV=(iZ(%RP%9_5@>1{)?+`3E^faC
zuv>l&{Q{`V-qLcxb>G_h!2Q?T|K=G$VEoj^mLRm$zh;Dwp_1il?x8WaTJF+MP4dHI
zIKd>yWenZ$a6>~Os7z2mT)y1I(atT8{g^HW5IB246v7e#Rt;Ml<d!{scf_RP?HiR2
zwY0RrapFe5keWJgTi=MIuT@|64VlU{#&m}((y#qje52Co1Ap+)0OdksVKOrzxzM|d
zLaKU-5BYUDY3V(G9o1e&jK#gBO;kzT3;FLh{PMw~@eg#tB};D7fvhrB+$s3Y!IsFG
zv-GqOjZVrF(804cw7oc`0oLLO3~I}##T6j)Fs(TLk6<Bin6PO--Js{LD?iK>oV5Rn
zb8n%Wphl%M;Um)e+@1IXEH~PU$=w`%EhlH^RO&EpZ^G21^zpkP55SgN@CaQ={<Afy
z3r5N9xwkWXM&BMjU6@KE$|}~Ac&;~T(wr0H30aM~c~dc2A>iyD>xAW$Ex(3+k5~a9
zD94|cnfCz?3zjuv`>B7*cec+v(vU;f!o)~NO`P(MvtveZE!IIxHcyimAE3s~Pl;~5
z?Lu<WFv00re{u!<vjYcuFFks~>akFlq~{n+o*cO#L^8Lc>i8aB#=*k{p#3N%qG$D9
zACA!X{s+H}VxFs_tz761zR>+^_LT&m-hcF{#K4(wY)w_>MinJVf!eIR3m26)Zv?#t
zK$5=(EVEbbQu+7w^~WP4Upfz87XInEt(&3{PQ^z>s8@b*@x_xvCQc*@1Jp~`E?|iG
z+sFC&GuEDf?Ske|c3ZcPn|KoqlGC+ecGI<;zII|Gn8W?u{Uv&R-f?G1R{Zu3h&%_M
z{MK|#@9R5PV&C+Z0=O45$}(sv9m#mz)W_}IEmr)Qa)rnVHkCD9+WN%)GYMNb<5H>8
zo)Y&;OG*xUoN{9}4C+=mKB$ish`4I+Y5b+$YZ(TNFfceti}5Fb9zQ(1h+BWgq*{EA
zq_cOeQQDUFAax&SNmNuNoN*QwUkZ$qDf3MfEBp_AG+dA~$TwM<gLGU9@qD`Mlr6q^
zai!1*-;&nMqyI*+&`kdz9)JhUb#mflt}Ay+bGDC?*V<{*01j}-Vwgj##C&IR1Esoj
zg7iS6&9Kt5n;fQl8WHLIg`<JwH*kys^+l%Zj2*k9S50Z=In2s9w0dZ2b3;bR$n6<+
zFmG3*XMMXBSSdrm`i#5AN}=?#4D~+6lU_x2CwS8GxRR_BmV8tM<XN-`3mYkZ4ih8R
zxd3`@h^`R5JUQjJtJ|?e8dRroFss|BmGyU6X77NtjVvQTTt)$jG#3}9<=wMOk!ev3
z>E%`OVmaKHU2vjLoto`c|EN%z4sBPNb$#=qBT1Vvg@ll@^!15L`x~xgqTm-*Jdk~K
zrOJp3V|dy8Ngf|gUv>`Of3S2+!J|islxICQ^$yb6mkY5>v96ge6Vn>0jduq~eOST7
z@$^bh;AeOTK=nh1#<FLbs=uXnbt|z5z0|*p)s~<{zwRqlgh)=HDrd)xB`GQoyw<AH
z+%Rl2@M&=)HOuGKpSCvhW#*hXOSPrPk@7yQuVhFRQ1OtH$MJaAlfKd8WL?O2Xp`YV
zKLWq)u21Tetf0TSQMpd992ADLIK7usc=?KvcilF&_LUOm+!7FQNVC2$xEHVmy#mnn
zk<yTCrj`aNuuH^Vrna+X&z$_l+y|yRqZF>EhUf8;MJ}{8$i-SX>aidaBIaoXcW#|)
zi5l(oYhS7ZhJG+co^#T2wbA>6S%4`z+N~K$aySe4`kH3|cNS|>=k~`gMq!z$v2OD=
z!>TvSJ$pLI`}D&k<_W7yUP|G<Hd9=#08TDM?Ydf8%HKV2IB<?{<ltmUb&C}f6{@y#
z+47kH?0PQi#N+1l<htjH(|?m*#=Xz9=Y!>{B}?Ebz>c>}UpVN<qqriM!V6`F7SUEL
zQi$(Yu3l|;mAX^#zGf8;@jc)3xJ?3i<ulWU2GF@MQL?hykG`Ad!H|%TLzx6qo^-+B
zZ0&L5hI)QBPT98WhRV{Xah$)VAEtO(o|@c!{wTIZ^MJGH+72Wi+wrY9=TJZGw`i|S
z>-7;04^O*vIJaiXiov&h8SS6h<IfgerE`42sCI!OW#~gAAzAU|!-qb|*&)x@shlkD
z^ekD1`yXHUFNhM{TynCrmtnb$NO1q7cT87Q22HPn!w%iXTT*c**7D=)#6K`C4H{BM
z;q+2nx<?lNQ9~}y6*x)@{6`AU=XC8jQ`O#@xPzB&%zgN9cj1ld`v(fcGJXH(*LlAJ
zp5aOAoJ<_fixsS_nL1LGA<zNLrizIUI&Y=U;{yffnN%H^#zTj&2cpcV>(7L$U#C%N
zLy%I(DbVeSDwK9^SUetEXjBOGxelhT*MQYGGnMW??*@+El|H<mn26&kNFm%%1uF&)
zg>gfN26%k67$_bf9K^()=}kP_lNQj(<AassbjW)zpLK2B)k9uu2|yhbf|=&#ka9>U
z9(+DInXVL?4%1l={Z|hkO16&AUR&R_6XWxu1zp07eI%+(T^yVAgj^$A+b-K=s&0BP
z-=J2e!#6h?z(B|JqrUtisUEQoH#SU*v({XA<t+`TmRjKb5Z<dV;gna69BYhIR|hck
zf$zr=#CkVK170fv?Q*((b_zfvP|Zb&eYsPII5E`dROA6G5gTlQanc1=NlqpBeYpP7
zrp=QtFCdt56&!33aLPkyEcNyDsjdEUtG6j)RP>RB0|6W0M2O|q8h^q7t2GFpsB_73
zxV+#3f0HL&5)3F_nCHEB>$C}87SfAlx-xjFqnt!-qtIh<;gzIK%N-bj##u{ebCE*o
z_4W0gJv$VVMsPL~?pCT}9+b42Een8Q>A^hqN{GlGcpu>G*Do1)ErI3Y9}eeAA@ZAl
zQxw#i;NWiIQ6|w0*&$E2GhN->)}rkZA8(yNq}0uuktWeFprA*05>@>e$59Q!0gH_r
zicr&_-(#rqU3U6RS2kQISnX~z;^%)CVOA0s7YA#uTz(fqL!cUlfa8lonSzCw7R%l0
z%b6)60$^d9+mM#wjs1VDx3ky(%lq?~^6`73nDkog2P0{luBYx@8_tc_lTVHUitpD=
zBs@}1CFb3*yiv9l+Iw<{@tZkO{0IQ7dvaM5)5lAxsX?Q!xD6R5EicuPde|0nib1FA
zJ?1UeRgSQ*-xjU=)yqZXHY4cAlbO6<=xR1xn-LbTZfuOde;nf0L&5Qk$S5x2sI>LV
zjg7Yxrc1g&iX(SNTge=wVZ(>}{dl$#!UE!~#MUdP=SB8@%8&r5j6ekXgeRn?KU+V)
zQy2huHPejG>tCkd^(kH)YnHV{3mc-c=S&8L#T7};ip9`(Y%Zfe-v!ACDnHz_1fU7i
z4$n`|oBKF?Gl{dF9;)C8eC9Gh;AX2Gbdq;owJM}WP-EiU#>ba-l?WE0<zjQ1Pi^u;
z!Wwe%;(8%V>@;WxD?q^gkJ%G>I>(=RHSDUalTivOp>9{d<!$p9J_=<HzsFGkK}$*y
zAz)vJm$)TSnt-NCzAe$$rmgM@f1QN4UM(H0nQE^Dw{OKL?e^p?7xeMs(-Ytwxf4?U
zZsfcREvHq`P280*1EWVv5){<H!Y5q)`;;$O9~jOy#M~k+Zr;ezdqfYs%DNfE)<Uj>
z5gcCq{{48!7?r-ilSnwx)^=xu5NDmFX*;s&{d=>Ib2kAj-JNyq@?|dQ?qM~wNb@uz
zUcY|LF?RQ^3i*ElmR5`LL@X)U$OXiK`k9+`?OM%1lf3+VJOv&GXJ9hhl0$ZGClOK+
zP_&f8(hpXq4F+iyOv<Tyshr9W3rtxoN5!(WDE;wKOCKxIWyikusarTls1c|>FtTL1
z0A(_b#r<#a@dVBT)}}~AFT=f7thwccC5&dyf5^Lva&q9@Bu<Knq{XL>l8Zh0l+4U-
z_x>*CVN^{#|D<b;{qi&Fp}IL_dY1v1#dZvaFw08m3m<}?bPHm0WMpLd;kW@uwVdv9
z$?5i{_;JInS(*v!Kygvaui7Y>>hC^(USwkv;PjMl4~zOQNDa45Y3b``CXCoNA?mrc
zu{I1aiBeNcg!eirJ_8`L$8;qdVds=bY}02Nos?hv)1T_#zIz+TQIe*FP?N~6J<hHJ
zhW<=KVqTu$)Qd-9Z^=O3(ol}pHkv#@VDC2^1S}{Q9bw$buuM!e_Sjy__?`pDOXs>r
zSa>pHfWO#D1Y!61D=$sluBlhRBypez@mWqPF$BX1i+j~>v@Z3pP71Ml$M;}SCoXcM
zNt<_L(iO)B)cYD(<d>ETs(>WTzeN)tko`#Ibm{czDpWI!{~Rta4MY!#kk-yV`F<n$
zXd+{%k<|r2-!xT5L`Ip#GVg*4l7IJZ446dY2gZ)VhR$1lg`9~%6VjfpQ?M||bnZKX
z8O6kjzbIzGiT&^y0|~|So(T<-9S0xQxU6P2FnM)p10xK(_RkNzk`AJruF~@b*Dsgr
zB0R=jKg6(4!4Z({ge5jbDeBq6=e>1<C}OeO;8%7Olom$LC^)$bSSrjK;C2W;^wO!|
zfsB>h72`|lG$PJ}0s+y;2mNDfs}pO^3xfTjq_xBtZ~-6#q9SJtw|~)IOcGsY&?<_m
zh<$=qyh2J-dUu)aaB796TJqdy|Gnl<(xZ=X=DjRG91{*(=-m2zJ6J-@w)*se)lLU@
zv05tB=_qM1#Dcv1CWQI&V<#YGa+|nLUq?Z6$Pg#KEyx%D%(y(aM)wQ)`YtBj0M6XD
z7+qE~8GWRr?)%|GV)+>d1R67s7a!i#ROP=XlFyoyrp=ZVb@ldQ-1P2xLL8xy(QSz2
zD_A>l?&^P0%!t7S*iDOPpsF_exM`Z=1iDOD#Epmom?Pg=G73t`--R7`191)^A7x^q
zHEY+}FA!gzae(XcVeL2mwinNL{5_MK=FTN)j3`~oVoKU;`GZPz*UUdQ%PiW81C}Ft
zJU5h}-<iBwb})bf_>z>23{@(~o3@q~hCy9L0&<QS-n!9Sc;Mu1pu8kal1LN0H30UG
zH@xBdMGt@eS(V$eujC3CteR?_uQ=wxLp?+635COIDM39XkuyDz;)I3ATXZfs^$C;8
z*;mTt>KDHy^!v+`^R^lz`U(n2l9<Irplo>RKBlJYD|rtj7vz0Td<jK4BT0OPe$lDu
zHhs2;`^tfoQ*h<VSmYu8#v&2K4`OF|{L<pFA)5sGL6Av${K&8xNH%x0E&z>aD)Z_7
zwLDExC(;JI!@<kz2QBBkWQRJ+o&f`%dA(mkG+_aA!CpoY7Icuz$zvI$iK-akV1>u)
z;HsWuX?fp$GG-Pi;<Vm6^IH3SxrN>t&J$g0XVLPp3)z;_RC)zDaZ0Kk<Tk}AHYo%r
zG1*<twa|uP=KU(%G$oZ~Ed0B9S-2rVX@(6z&$x)hZm<hG`<RX*r2e5><_kQLi^NNe
z9zA&ChULVtK<tH3#6wE=`lQdyiBcZF2(=)WR!pMNhhqWPeSSC*jJHYgy#vB3FGw3{
zbs?c_u}Q`yO*S;h<8{P#i@3Wj*-CwvXZX5tb%Z)SWxtp8>Dp-uyh;EVTCoMA4g*T?
zHo2wkW<D?z{JNyG>1!)kZ05>IgMd$|sv+)S-bVL#?SM<O;QA?z3+*^9Etj<m6$*GQ
z$7Y>nHVuu~<4e<1@zv);?hciexmRBPgPsl$oD!Yi`CuWGe0X409pDpsVc8?f8PaqX
zA<{*;2GboNo|%!uXvh+4UWO9Io52L1nr^R>(O{7lYns&pL=IRVTg0jrgz~AoXAj3Z
zGch1NeUSAwGbJ3zra2%_KbLo<V;=|6oz-3_43ZByJJF5rY}2gi7t-=!mE+plsV`5O
zM637R{XYG8^1y3Z28Jt$u9@P~SSox*4027TPNh)gT0#+e;ONm0aPAQm9qxa{9i#GR
zIXS9KTCa6o70cN8MtXXf;>0Wee73ZkB*^-~Z<%<^wYBx&s-D;D!XkiEH^rWmK5M6l
zTug?6c%%@k$_HYBy~x~pJuGtVrL)J?C+|2^{z>+ESDaYadgVMM!**9(_o1rb4WcaY
ztT^ite_5c4M;_^FYu5=GkyRXLp=mRj-~e3;KN|S8vj`AG_%5+USw?qa-qh59iyf~!
z<{>P$PdVw|2mJYkU74HW`t&)vci{HBDgJC~Dhe+iwdO^tOs>0PZb;oG)5Mb31UZ&@
z9sfh}`LqPv@fBtDH|9Tj`M%`L>C?j8gc5DIL2Fb;+seEH!+;LgjL)D+;2q7?h=4)v
zDJ3<7=!jC~LEqWsB#&&5Dx0HN9Fy(t5NF*>JI7wW___bLWz-YQAd*!6$%q{h@u1r6
z{gacAoUgL3FAlYTaUtQX#6FjRK_(ey*Z0^x0{UM@<0`kOy01!D4OFhl(62-S4S@EA
z(|i1QCIT5U8wQV7S3gP-#cj@YA!)<%!fTG>Gto-jO_4g>k0SE;&xO3<CO=T<JIlwy
zp1gLiB)ULZR;h1k!ub*_&&;mmg58szzkN+bPYWndFt`E1&u<f~uvw<{BN%p!l4}4d
zTl;C!Yzw%kj0=d%UM*GZRqdvS?Klx)uD|Rn{t;LV2+%D1D}Rr!i+E7`jWyMv|NQ>y
z^X_+tny<RoBRW&Ssz_-1oA|7}goc4r@<CpnyPF$oFgQ_KKfbU*7vJ0*zJGrqCkQ<&
zyOL9k0-Sn)1NsjYRjY#!yh9&Ds94#B!xqF@b1vCOTebbX-Eq(TWkJDuq_z3K^)UWr
zS(cc;WTXS$3`;|&*z?0U3Dd;w`eoxg1vzO>-m!hn{0%z-0#4{<Z6PfgEQnHOW<eYD
zVKi7^RW}Y_@v-89$yq)&ARxfrUbahj&oaxIVY`PY%LmmhXfOKr+sWoXVrIm_*FZuA
zNJjZ9i&}IRJgJ?Z=+G0a6HZqw<z@W%Qc3l?*vg9d@=l%A#vOb7;ll^aD7M*sr)&j-
zow9cUppuYKNma;H7Oo_vUVidG2B@2<=IclB7?@STXuf6kB&dEIs*zaJt;75t4NMk2
zOZJ5L4;@z_vlwOLdVW83W0Bwcw-^bDL>C-0=5=J8%T?uCl#!Ht<EDqH2PFYa_n<8#
zB}jjh?IF%gbNdLbawGSXG|>E@?5WNAV$3YJKuj>r38aD)f?c0IJC?Vc^Tr8O7~lX;
zD23?*q=OhFTyn}5?7@0E@(y?T?LT;M9O?nXsP(R{`ot12|HW{`B-&flU0wyEkn9Mu
zPq!b@(A4DjU&c=lvHOGxN)y&O0LA=pr282@`}lH<SN#r0L{Rz>z2Z?{8j|k}`(&?z
zt|0&1c|O`o-4|&AX1nmFf!*P?P(_Ekob&8=vUN~d>?@r(b>;N9VM&9wol6uyae0Tw
z{=<jIqlO;5Z>5XNQ)+Lz%ewtmn~JD1)*+Hp?2$_aixd~H6udsLLE_&KnKOAZ##{%|
z&VGJamTYR!VD9(aadx<5<%h4`^iOD>`?7Yu#iKykF@sO!Q;OGejsYc0EA5ncci!Ga
z=KB{}L#ybz&kYK;x7P-vjSytg&1LhccoD;|d2`^={mZBx0C3L63)Ce+BY{bxtw!0S
zM^Yj;8okj+GM3!g!DJNmoq|YKK>>0xiPu!<K|KZ$(spX{7V9sX+;Wg!+l&khwo%9k
zc+f_RJ#w0^$5tfsEw2%|TY3Ao_tK#pjtSRg>Pz-FM<>rK`8a4<$?dP{WA>z6=$W))
z)#=-Ep>?JAhcvrR3LP2hJ<_}&qv8>$O{w3~B&W1aB2k#~P$MIyY%Pt5RtDuN+A1nL
z5G-%>c5`cFoLb#MJKjaK=6TAD>Foev5C_rPIt&#AiHu$SI{sV_+qlig2V8_8peQ~!
zNi2x8As~texZ}vLvX9!GI=QR>ktqzMf94cDvFQ)WK>Q$gU^^5;EH_fFTuDdsx?t33
z4GngDpTD+mIdl1G(3*Cc#_(J@Ih^Ewz+#c@zjIwMg>GXnkp6|E=D|7JB@La9zi{Np
znU2zaejN~6vO2Jt5=6+WRtbYA`boxDpe+jW@(ct_Yeoa|@?yYTd|SVdh!6sF{!nFY
znM`o=b<`hN?{dwEMEst>l~W9aWSomM&YGI9h?0eRQlwn3slR!8g6;W5R<lP*zAARD
z2-D|`T6Xo>^SboamlkT6ccX^zF|4GX0FPv^(`7(U@N{#-H&CH>y^RMaA7nH^EbacL
zi)aaJgs;T_o8Jo>D%uWBqgVU~n;Qxd=jN<BS3|2nW8!`8Q-y87&h@6hDqgJdy!~nR
zni~pZUQ?5>MAx9ZXn#{za(PkB#jO9h04}jBgB$%NWiDo1EEzH`tOgtq^d$XT%4pQB
zbR~^4!FPO(WO>j+Vd=d)KE77aCpoNJzFal@oOJ@PmU2SnU>*RAV8Fl-g7ibk^OQ1-
z?Re9QxyY%w$yfjRl5C}pDGbsnLdmtHH+pznICsuve_LyVMm^{&7REe*Rc9Jv3rZ6c
zv-&t)Q0uhq`Dw$<6kKvK)(Jc0Z9f~!*j2fkAtQ!%i?&XnC_dkC=ft~_7iEgC*jYbP
znWm(fzG$t3(%Sf<xVh`Q)@|JM3O9|p>K#V!LY$7C8a{p!En%OusT8_kj~%qkfhN(X
zDuo!ZXL)%E=g&*FU#Jk8Vxm|YIFOwti+gtJ+!;XIvtfqTsYU2X!VeI}MWRj95bNU=
zUV%~@Si02(NczP@oK6#(C$riv%@3Ro)oG?8JX9uA2>)?p(dz0oY<{xCkgr+ph9=L_
zf#^irTYTQ=wNsxWfrUiq2gMPYZ~HOYc^E^$ji!<}XW~76zeZ1A|3_WPbc1^ssbtO{
zq_t#wYY~SFyz6jt(=#8QC61pt_rqbiit~d!S=S%lzdw62IYYcT{QPUl;yYaRVj?Qd
z;nsXs>RNBV^L|B?lA#YuZfson*G4_0FYH*x_iy42BkYf4M#t)u61Y*-wE4`t!XK;8
zPq{lGrmbOZYI@}lwN!^s{V!6b=Q}6f-rVXj>bXv-*V@-6*$tl?JW777oo~*LrHO8x
z`T8THCm+lpa^S%+U;tke6G6_|>ut%=t-HFM%m~@^%_y-LD~gG<ls|!46Xx^2x;naG
z8{F>>A&P^FGWKr@PhUxa4e@;UluVr`UYTB>6oRv{g|?kjY7><(fBukbj?JqATE7=J
zKTmE>Jx)%E>!!VkGU<aAdd4_qxK7@D)#u%{DR%Q_x-LBPVO2(b`Tgc1F9k=1=6U-K
zH&x8GvXcE#@Gx+mj)VL1jQaP?cj_(2w)*tsA0R51)=u_(kxb*nONrX{W8u(Sb7b|3
zW5ZqGONi8A#u=Tc@EWA+dZ<;t-@e?=B2;t5kIzhZx*(uM*-@894)K;#%;n38i_9%7
zRIF)f?>k?GRJF?ndx<1p{M%z*r@AZt6x=p3R9N(9bWT4BdYf({(w>BL_U42@PUcRc
zQlnz;ALsL}`!-u7&YiTMiyELsB%)GG+_w9(Lg{pko3|v3#nvoUkUYqU`0u+WgrLs=
z+(9~th+b8*W(cjP7}monW#skITc>VXC7bn+D?vR)?W0rw9CzK{7^>dkeIn`e^~?~>
zBj4`{mQS0TJj{=hP+z)$5bVc=Rxhq?k@|aP%-(w05fWIc`tc*6#EJd8ejl!*tt}>6
zzH((^ZQJ`3>w65Id^93r+PRNl-H@yb*MnR#`x)T<Y=yIP{jECceYpS7ov;}!8A@d}
zP}jAToi|X!uVzgJ79wv31?kvE6^SK$IzMM%saeL6<O;8{__EDgx32csn{!LA-sNes
zg3h0jbDk$EYbM@H8TDstbNYKnT~*tP|9!z$HJ_7vIAx?JSMRRTv-@&>4_qXC!Fasb
zd}Q_7<Lw_NNrkF>v)<|ILi9#$-HkTL2AXKQzcGb)#~YlmqD1Rcs1Em$NaUuKwgs9Y
z7^vEgJ%1Sl%b_l(_dc79!|P$uc0pod`n1kiURqpa{3?_Q2y(2q5TZoe0fRV*Wu=O%
z94Vmp<=QMx?WLsDQv~*BdwUP(d(eLV`(%DB9TN-k$RnBV-EX*6cXDUw4TT&c9p2jV
zi%1HNxTN@9<Kp|#!sSxhV>zT!Mltl)YN;}%)3w$rI8M>W51-3IxYkx1R!d#5Hz|%m
zfSJ>Q=D;HE%Cj{p{LlGEFAqH|b5!VpMB)Y1Kd?2R3&=?*j^^6P^d21J_p71g?^Uwu
zhG*txlsq{d%@(9(#kK1Oe%lawdW%%3amK~pE=-h^zPExk<}L4S1czEAVsOKcdit)P
zKq+Lbi|kaCMS+gyTW@KO1jG)-T(C!O5o}VcFfgtCcF{58Y)u#i0L|D0U0v8MWXt0}
z1Ph91$V{SecI#9+9QTHD%~18(GQ}$ub{nph)yW;cpkN-c0M^Z6+G=X=_l&va@}ZCJ
zpOF_|u_$KFF|_(M!CZXM^EAWfJzUnTDz%^D{n}CKQn_8td2!H8;M7&%AGbT&GYpUE
z25Gt{xm&<CQTYZex?=1zcv6<5QoY>Ww{Y)F9Y)2S+mU&-M~Yp@kpqZPE(Ld?!mUv`
z>Z>iy%#WrvI+fgLtZ!^=VtdUt{W&-7g}+x{-$Ap;q<QkB$B!DUkfxG9TV$YpY?fgZ
zm!bK|fs78%{eIZE)dy;Rv=xRD(-d=aLkC``Qr+x9WeT@mvS&{?h)i|#!r;AkYuoy0
z%C_CfH+Gv`Pf@_r((B_<b5$^+m-LK$o5c7fGSjAatwZ>@K`)YfIrLRM-aPdYmwK%a
z7jLy)*JmM0Xo0cDbcM($3RKy;Pcdf|RDGrv#Xqa}eQ~0ALxXoyY3^@@SC>CLJ2HNU
z+7C|&gQ8T&=qW2uMwdCrRN3pGoTf#8v|L~*fB>#vFJwrP3vQ)O5)*IwoO?M1L(Q8v
zf_TW4@(ocO0q1~+rYi6(@Ht?(^{T9_-+jN<!jEVI7>m&o)rb7=yPZBJX=UOu9E};g
z6=`!t+GOu8uQgM8V-uJ%s_=@P+=y0}BIEe+$@@|}E7%Li`Ke78`-gVlE=+@y?vu6i
z6W}?mz_ibpf8d-C95}OW7FnO_>fGVDL<fz4DI~a+1|jx<JQcbJ>QT&!^o$GvSUV$d
z98qcX*?Uo90J%0I<7Io2z;LEaklt*&?ZHB|gN(3(?=97J*(9S7nhLLkUrcVQSvm?=
ztp&da^}Y&CFH_f7u3NwU;<AH1C87%E%$(U-gu4)(OqRKa)si^tUl2?fM(`vB__=+@
zu8-4CuPoB#PTw!LzpTg3NAJKtE+fa`7QZ<2Qo5_v9FO_?d;Fa}SWO6}fTe}HHf&9+
z{h6>+5id*uPR4Md%O{u^WIC4GP7PeI-aOv^)%vY{?2~`&na?D5<<sv+_V+cIwDW$^
zp<AD8#B-ZyWbkQ8tvgbD$q{%C;*6LGBjbUqeC6MJz`#L-!yy6B7*mK^?pL`ni=dE$
z3ji-Y#An>{&mq_;{Qm*#^qLR@8*FYoou2;u!2=1`L@HLAT(FddOa#2$4)xqgrYL%G
zCIg1wLv_wwml;2QOwyc0b~`md@SqyNdBP%!cMWfqjndeja^Y~<74xF$d&HYp)zGZW
z9w9U<N{)$(fM;KwZc~z6+j-F3{-O3$P0|hDLPhs1+vR=6(4a>8+vb~C-wtvQ;`)&g
z2~t)*$Gmyv%m+ZDbtgA-)NP);Xx+Ncv`|=1LRbHhdB`FT%Rf+_vOZ2rCj2|F-+k{5
zBhP{p6Y$voO6}NkJNp)qmMR}#(DKZ3n6h=iQ=){jZXdZ>qc>V^PxPc5NUb_ugv>mC
zZP)<Gg;@>A36BE(gF&kQ4@c$6gU4uTk>QoV*`1aq?<&t@4VvCfMxl!ctY<oaf~gAf
zcMQ_Ii6Bx{*n8-!ROzOxdzjC(n^Z4Uwh6YMJYMOZ+h;2~sNb0Y_`(o*RDQhTA^`2E
zR*nnWDWjRrEgD)2PsMg|Sj?Pv<=4zEzb@WRY{vQNvjb9&{C_uo>a(1~iA`_fsP1;|
z1c06Uhl6-oky$~H>dyTX>Q*#I4@%lJEbjDaG*cyndf_qT;?X8yP6>DG_vcA(YPse3
zXUX<K|46Y9tmn-WpBiAHdLYWTHN-3yFC3&vV%eAI?$L4Hqv5qX(*+0yYBn_$;twFL
zSSxiQ3$fu1a*hjuR0kyZHb)e+mRLEiprmH6w(cxn{aP=(HD$^+?>g^_jQVH$A)?>_
z6(n>>o(8+x-Gfe?Ydjagsww@uYLe#<teE~{m4|Tfx4v|ou(o!f|C$Q%!on~9sTGT9
zDJJW1A8lJx!BD@h&&sFe<>Q$&>FFIMVO!uWXVFn7)b^4Lq)oVS?HaL8k`fYtE6v}&
z1zfkk=GyP^!NZ54%Naq$VhG9P?!arQb>eY@%j9?jsa#9!Mg5a_zz&j=I}A(I`%rF8
z*KXa2N$57XmD;W>Y8!26%k5X1c*sWk4*l?RjzZsV>*}%e!77{!8Klla$1^lzyI;>|
zs%mQ7(iJ3Ve4bnme!yTR&`KA)nL~f|%9VsQ(5@2Bc+I=nb#pHj?-O1{2^ZgqM6*un
zU*oa}PVp@3afeoIhNj9O-KTq5HZ;)M%kI0~aF9RW&ODtSu(6eq#wydIgq}W~M5*gu
zwIYUWK13#C>T58OoS?(vVKo%j^blp{YsTot#W#kI_H$Ty^<Km36SLRf$k~(Yd=)o_
zjnLCE^K$uUdB)zv`g`5~KqDR{Uf&OxVMin^8hJaL>uTo*0>_(NX5h&Y$k+`)O#pw9
zJRk_*bX$^fH8oW*V6Oi05wJYL_6MJnAv>}=kqA#Y04(Hr{E?Y|T0vkzll_a93O018
z!^x|8p2<6)p#^Nh_z1%4z~O!Y9{nOL-o1Hq1%BSEXC5EMr43G(O!&0Bp-9|w!gBfh
zW|@Ol#b-5qc(xxb_0H|i+g6{Zi!j<ePGfTYzlEmt_oA5QqWcYHUJCR7y>=>QzxZXQ
z{NkFJ&brslQ)3O@v{Wy+u_2BvY#4iW*Wvir&j+AsD1Tm5ZK#WV3qWsD_|rwM;HKAC
z!x%zMZEwH3Jo?jzVY5|Pfy&Crptk*KuD}zh*L+~XVZGv_vhLkm@h_m-f^4U!q8@Gp
zVKsVt?&%YxId7hv_T_`*_$|?*Gv^2g0$INNEkzd%hnY(~<3p$>fQA0TteE)*rp!#K
z(>=C;PB0BR9pz?WVNqjoTBcsZ^I7uqlyw71ire*h&?S%D0cJiAQ_hTkt&wtaeHXhg
zyIn*8oq_>OuZ5CDXU|>tV*a+hMsKhEb{DZFjs5gG$698bOE8nFTtuwS4l})Qu2DYt
zzz<gfU2c=r16<2p{|D?D8%LbaqvwA>%iBwH2Xv70FpAHe!&?^B9fl+V1z95k$6+)r
zdW3{>b5o{gUc2TArh#!11FDK7`<3)!%X*FMyBnxXyi1p?P<1iUzf?+2U=9urS;k?g
zTco;opNNlk$&o|X-JdTRxOdmC7Wl|^4WF5kD((NoH)F`__PuYBc*1qBs`0~-*C6{?
zKO)-D5h5?;70<5q^Vt2Vi*082x-|$A1t|Y-+yz2RzXFR<)8JhPEPOrHVb@t|!&_}%
z9|1WhIcB8R70C|a4zEo2T<zo(%@=^>#B2<{w#Zl|ocd>uK`pFd4o}`6hwQ)pK^QUp
zqxbR~VMjtLAFsVW+=MePHYUa_OmPc98txEwcIm|P9NrgM+6nqw&upz`NB!p}11Dn&
z&0PYHgyyPCr#oDHDc>$E%2ZgVA7iUwZ#|xwsLU0|7upnqceN1Zj}QPq!JOe*s_Cxr
z`79l37l@1ax7y3QC$Gq=Hyirn{q*b$3$N0)BRjlF%*)ap)BNlb&nnOEdn<DZsiZ&G
zd;op~Cgv^%{sG1Q{Pu0>^OzyWyU|bqT<BJmu>t7(P@kqIGO$c>oc7mc`1NhSId6AP
z`c9}h<XI|LhTH3(U5TSg<O&z)7fc#)QZBoA6SFh!W+)+a5=`<ThH!rC9(lTUCqJN9
zyKm0uL2Kh>7Tw%j^z?6@qu_a&V3Wr%OXAnS%i%-b)QGRD(UcCFP-z*YWWYM))|8Xz
z^4}mnKaWH5WMt&=P1B?Hi6bA3wgNt3Px0e~z~2=suJOPb&%rJ{$D{}dkzuE*L$k$B
z-LbfcNCq;(QByn1CzlqlVXneI$Vf;iCp$0}sH(aI<B9Hbi99#}9x@nO9Y1Tn$D<##
zlaIm<JN`dDR80w1Ha1f~hMgM@E8u%m6K{w#yafvg7BGw&6Atf{t`oA3*60RiZ#X_o
zjl4$F5NI-&gvp~vv8-91_EcA0-F(}K-}v+}cdyLcihhA#SVtarPnKt*YiP)_7e?P*
z-q<)%<pC*gCAPOco(Yb<ogJY3-*_1qws1p%;eCD4v|xDpFB=0%Uj4cs{IPG1jX*{M
zy`G?oAg7|DA`g8>1BF7WIV1r5bjeMYJ-T<leD&(;TPqPe?Aj-@JmX(CycXM|j5>mY
zr=!6Z^ryDxh3Xa(<n1Xh${02?pu;DDzmbj14<0@G2{TCk0TV9P82g&0A?JpC(At-2
zml?9-ph(^<gFJ8*atoQg|IOirQG^jwv=!)@smd=#&lI>Xdj4({$Uaa0ce*{ND~nW+
z&>8u)vzhsuDcTh7EE8<1<IUU^Z*TpX3}G=f5grfY9Fd4uuQvXkn25+XPAe1uHFTg>
zx1Uf`LJlLyiCic?0$Mjla~vKf(QY0dP=;lsq|nPR_G!8Yn^HhU6czFNf2y)#JMZFC
zzyEzUDe};@DXxWE9R@mm6GQzz!7N8ch+-o8WgNC>EuSZgM8%rc)S6fpkR`P;YTMaU
zzSQniT&B~eVUfpL@x_j)@57Em$xKywRZQo>sfW!xyfZLx_DTI_=xq$tu+8jjI9?#?
zZT#PraWEje8uFcx7YZ!~)>VDo(#!Io;J1dXso)ip;%M_*UovoqNwnbjM>cRgct!2o
zw?522{Mwqj9eKo7Q4ey$uOa-=JK8}$8Gr)D?l}&^T@Us#D}DN3GLiBFFV+XIr747@
zBB4e~%=pb|fbLmjjA25M6Q}v#EDeGTCl4Ju^|vHLLx<6uaEq)D(F;RRE|=Sc=`W+A
zllbI`maJc|Bqt{>B5VzA3($mVJKSDw;84a(oek9Zsy>R!F9fy|1d!n}K~6axlLyaH
z?JXwaNLmlmG29&ZheHd;0`s-=4Wo<*SH#-tln|NqI%Cs5i#Q%`ClR6GPpaLlZEPS^
zRb+16<ZleI8kh)DT#s*TPn*$4_Q`AWbXA3?>-XQ&#g~(%Llx()Sn%+nkm8n_%6s@+
zmUx6Ik+~{ltl|e3Z8dZiw*iu*F1@!KA}bQ<__Jp_iSXcO@8iS*r7$qCYmgJP)o80O
z+<`XC8jA?m5wcsinDL)o;{W@SUEZMeUVsCIzp;>#LJ>&iRIS%TFv;sIlC`-AKeljm
z8E1nb>;;M`jz?6EHUhy>ATdP>wgL$@Vj_4`(2p>40afCfqt3EU_)dw6-P5WY!9s-i
zkM92wS(Mv@`GA6zWeb0nN|O$`fk7x73jPGg5(iFyC8d2eEx1~sj!1T2=jqu@QV~<S
zKD~O0iSW^dM5q!5AxucE%WXm?g(<7rL715oc2w$rcoe5kpFZp}OZd9`PP=)rjD*+P
zkzH1%OHenXmh9|UPHX~X*;L4ab%LCzByozn&!7>)9{OYdKmry}o>kqz;FyA`>E}-v
zU!v{YKHi%*%g$evx@I9RCDf{Lp+T!|I3!=cK4I_NHO|h28C{&WWs&gHr~iKsn^uC-
zp^p))A>N=Dy$-|fOrTzkh~hdAjR<u3Qfn(9q$ETQ#`mjDNmkbQf=eLdk&BEjEoaPt
zhX4Q#vo*Jg>w<UhSCtECao0Yv<r(9pqpcn|U$wU<Y?AMKyblox!i{U4;)oBqn26gA
zZ1p!4G%@PT4!ze@V{ZXHluElk)r9j2$_pL$4kt9oS|D#@#=ssg<eiK-<ZORG@bA5J
zQ@EF|I1bE$0>fa9-1xs+w5W{;*XyYgYmdMR6m2J9!&n&;G%l(-yy7A^1s*+d0#&!*
zu;2XTG#?8$6oFQqz?y!#MxZ$GVWBHkj*3xngaGOz@%+JrP60*Vg#9nPI0dYYP|#za
z#@wK#rG@uIBaN+5@`B4T>FKS!cacajmwTBLw)*qub_Ri2eTMb!4qDSbjtMD?hcOK2
zIENO<lUXdvbH!Zj2OvS(wTlT>dV~DmNdF~$`Wx@>1D_lK<Ia`}bW$jto<4iF(B3}L
z7GIm2FhTl>a74X|Ad}JVVo2|!<g)u<nTnDMs{gK;dGEebhrl3g+AIj%WB|bbvbv35
zlvP&Vrfd4=R4=~ObE*H1IDh5o>V3a%p6rsrtYH)0shm3+5sZg#0|Npzh_>_Z5#l{2
z%p)z0zTKP6h|Mvpa)7>vdgzaiJy(IGFddp_Z{P6g69t#Siid|lTyt}CH?c`XaInh)
zdJA9AWZ-|7igDW>9H_Ho@1WBys1>{%voA3k1?fSkA_$^jGzpbzn)}elm1uKNY{4%g
zRf+DBcryX@V;&(cVqm%)|D1K})-kCGD6fNpM+*2?R;Un@n_aCsY#5fJokY-^uCIMj
z?%gw#H@bGv|9uQ2!9VN9h7~v~iLlngF9M8Pu$bg;CB_hto>?+26fpeXG$_%1Gm;ni
z+3%Y+bN&9N97YZcAAzD-ZnOh-q5=ttvjc4=4-3F>Bk-|kJ69%&>HD**Z-P*ko&QI)
z9a5_>=SlkY_x=z1@BWv_>426aJyb+b`fsKsY4(KJKdPv}PxK^{c@)EYF|2uv+IRNd
z=Tz-qcseqo&9Ed`8PsVG1kmr_pS64}Rkg-nk4C_wIWN^IOVreYuv+=m1}4st3CN2e
zSysZXE&A^&gs1ZFn%~tSXiaeXsPk}{inDoV5w=(eT?L8;)&#te1E<ocbHM~*jh{Jt
z7K)>sNOaPlq4Dflvxq%odDMOU_;~r)m5+~N`0|OCimjHtk=IA#z-i4)l3k2~&;G+I
z;fMeE|9*I|Ni-ZhE{A9<3E|EZkucv2V?C&{+$MTAER5GoK&f(n>E-seZ*#a^p#JXg
z8z02*3Z)i!wP-un8O%}`0@4G<s_N^va>4VFwjeYYDeLKNet2kv)<#rEj|{Ygi?GlC
zU4&!cE}N?0-}4DZSc+qJB)V`1Oxkj^X4N?0=FDAjS0bC^MYNssNl*pgOWsKYZ;ki`
zG`YOe{-3|3<B5fYlT=)hh$6k;fB`e2t%PO(vqof6(NTScP1q}?_3Gb4jAN%0#tukE
zz&=IWt<<rj&d<v$dQd|cxr0O7k557}RPmmy8#WJEiDDu|Tq-KP@qA&mE|FL39ik;o
zzMQj`JkNA2Hr@knwY=E_ua@!NANo^n5wb<}cCz@R^#0rVO*3q4ZNGDTA+?x3Z5rf#
zl$M+y6tEE%)1qCx&w1kZd}oQn&CTx6Au+a-529F0Pi{l?hovnhVh8h>B<;EPu%Lhx
zbb5@#kKVBraVivPk-XA;l~xIQ7RpD8LWX`6*lcwuQn<zlzs%!0V>14)F96)hS+g)R
z?$ZAaHF-|Fz&=$P!j+>EZmxEa%3%IT%p;g2z+eSt{M3fA4|{jV!*1@9q9yDzTr;2l
zLcexk|9<7(Av(qEcj%?@C;gaC(I~3=VoGBkXD!O&XaeLsbJ7okb`G-Vb^2cyr+e^z
zT+RsRjh^0uNq*+$59paN?#M6r>t~wzl>(JWSl4(i>=clL|FhFe{waQHdnfA%_1*pY
zb)9ScQGRPh&S96{vrD_o9yNDypP73DWtZJamhU%duJ+Pglgovsmx{tS<PLJ%^zv1E
z`_Z4TD&Koe>@me(4@W)4e;xIn;HNjPV1EgL@-q+KTecq@lKc8Z<Si_((XF@GtM;Cf
zJ6V*)WQ(qH)|1<7U!<m_=;#@%euarhhj}=%gLY@f>H;@JKgP<9&CLv=ht<xpu-LJ6
zl}Oa3lNj^P+wiFGE!CcQ+b&71RSbAz@V@C!f{c}4cNWMWp`n_iM+bE<h*<wJO&ga=
z7?GUVq;>i??G#d2A}la8O~al<?O@%zch~4Ak&?k8WPUO3R3;Z5e+#$;O-vg_Jy&C|
zK7E#H$tN$$)aV_eeqt2qQjZG?q6mj!bPF{U)AtuCt8BPNtgT~;TttGKy_Vvk?x3E(
z*t~qwfIHhCYVNrQkj)`T&#6{xgjEKnU6()YsD*D`h~-ga2b+=-TO^`o{(j`g*RS~T
zzHJkHh%ZWBl=fr0SUo>Tzuu(xkJW}2d-c9pvv2TSDvVNLAW!TW<L<9r0LNQKJOD?V
z6-PFa;Kj2IxFhPoKHY7=jXd*NiDj5WufF!Yv9Xc=gbAjW{9o5G***8nV%^bXU|R;T
zjO_`2<vI#!E5Bm=)_Cfbi%zkNPRm_7yUOhBsj)>^nsAQ`c70DTLBR%EMcm#=1W!LQ
zdq?L7Tw=|iUkwZkWbz2E%Jq>|`;E6T7yf!p6Q&C0s&L)|X~GtaT33-gXiJO#xt`{m
zrs?zmq`X)G^>^yD9zP5i(5GC!JY?nTlvO3b8Iaen*{ucgk=_<PFA+bUo)2B*V2vC~
zuOu*iSF(d16!00dX65{&Y#7z^_cF>`i&xFux9C~kHf>gW6uD&F^!s^v$PlVK_&!hF
zYBuRagD%h-zx9ZDZ4Q$+>&_kjd}oNZZ>&U>ckk?E$DsgutQwy0%;5Ue*bY{%^OMN#
z65G1(v~KDwf@F7|^8c*|eo+tGxLnUF-Z8#zFqU$KE~F}|kIZ)0vH_~t4h$O>cjZd4
z>NaSUhkjAt3}T=*%m4RsNW{miH~smX@dXQ)2Xz8AsOP3UaT}6D+T+y89n|}?<tpx!
zZGu(=aYv;VZ;5TtL=BC*bd(5UV&jGPppE7|c`|;$ERJHPV^3eaIQWedAr{NvoT}`l
zml?*HBqVa^&L{h6z^*!^25X8;l<S4mWU{sXfwhXwMccq$y{hZ#Rvj3SeTgp>aRmAG
zSBl1b=r!vz;6YeBIP9HpkD8b&jZGqy5Wx8853c%k`06cddA2g@Som~}2o7y}P7dcy
zn33q~D}>eHMB9`%JgRDF^Ko)1jg5`781tZK{F~)nKp!9`;_uYGwjTzWrKKh28cVdY
zCeC|WQ2zY}{{jE&&h`DYx>|gwsxnT<pjT|CV0inT!fUU*_Krw_l+Qo!FM;_!2)9$q
zDC(e-U+0hnZuyJbbH?L+bG8rG_i({W=}^VKu&|)pA)j7z_0PKSZhwK{?~lw{-&%e`
zb{MUA`ND$BD&Qnbw5rOtW-eN<B`*xigju|%J%Q=e>PhpY%D!@>K-Qq^nkrMtXT7nP
z4N=$ZJz>IxmZi)n`OTd~hzPzQRpu9BVZuM1;1ys!d*@DcObl_zuhHk^J415iH`h0}
z(pVrm1F5`IA<DkQpAZkg<Oy7v3I-`;kdxb&bKFK0$#{|uMaf|)s`E%EZAe-u;rK5P
zuGWJLG(c>2cfX8s;_KIksK~UJ1r@nq02Z`fS<#smf;hY~SIVmOItu7)`3102<l@s@
z-|vRJyL!f43w+K+OZXvj?}HDPx+yt7!lZ~(Lh#JhVGo9w9>5vk%8Hq|BQDXh<NX7@
zU=&I5==Z&7I&<o2d*pOwdi0XD)!!wq3_T6cooK6b5=02mdxvhg@Uf<5>Z+A5=o`7h
z^XjOU=a_@XEs;N4(Gb0RhtpFw`-rVOj(bdgdg~ydSN11o)5ezlYIK79-h(9}k{aPy
zO!RS-Fqx-3gc273L^U4O?-A?yA$#`3K3>0a<<Fw&O5r7Q2vdhWwV_q$iUk{JD)OF>
z=R}U}CgMVs_s-dgc?XEqi4Pj1<PzDHhaP1Ux4CfPu@JSPICI)*P8=u7g6GUvN(&K9
z=%3|#{4tsUY7{94`76Cw+y&>#R~&{TQeZ*r$OsFcHYY|&$2yRh+2QlsK4zUxBZ1bB
zjn+KXdUJGO)UAY7Z(V7)zWQqP-3=0V{B;K-!>3OdJl!+(yLYBVoGZs++~;&qO~HGv
zgrjTL!~-YrwvSs!dIBjK=9Wsju6<u>mgJn@$XAn3E8EEsd9=26ua5o`p0qV)_Y^9u
zTHyuZDUo+?O1`fg@E=`C;{-*^JC$INhc>R|p@I9f+-`B0I@_xS@3E!THKof>YF&QO
z`H{0&V}*F|hpWb>an|9%C!D`#-{`(nGIAxV0L{3r!d9UIZk!O=uaihU;vtUZR+j6N
z?5=6RLyfckXa0N)=+6a>h<He?-P+Q!{~NhIYKDfd|2lzU0Nx|Gvy9rIvvV2y6Q9ZQ
z5JW~ddqU^e3qDs;r>BVL{>2J*1@8W4)2C<eU}&gy<APc27SMe9f~wnvMl0y#kk)e1
z`WP-wn)mZV5yPf{QN51=r(rpggdz?;5E<=Z=Bnhs30VQSrl#1frHG?aGaXfr($Idx
z!bnP`iV;S(ZA(T@nUyPZMvZE*^J|mDvfj0_w1XqQb#TN%0}Z|%(&sFvlK@fnU+g31
z*T=pJ@rKp=#YlKyT~)6?X(<@^;)^U!0?;44s@`sx$hH4dS6&*>OljNqxwH}}Yw#3+
zO+ua#{P~7vG+QV~w`UScUEI)2B@<ip!9$-}C=+S8e_HaFI;y{X>DfLpms`HN1lxXj
z`Mv73G`Az(1skt80JrSGQZ*x6y^s-FyBGZNADOPX60d>7%f~5%T5VCgHSX=)0j1KR
zW<xnVwk|&y%cslM>JdD&uOx;5P$q(dbHQ2}6awsGj)$uK>N7V<LWt==>YKee-JaeQ
zy3hRlPn1F=6ks(!Y0^M_LtK#vp_K|WNs~$e+K&(r7Qu!#GgENXho7e<9Wb(M<8gu|
zcAE8Qdx3lOaHC!?PtPR$uS*wc1)T?g-;W;cDX6t+9ptn9=&gqmT}%_p01fyhU|Ie9
z*Zzen!Ul{BDy}&PgAvGxMaQYSL>|6K?}yzrT{cl}ExmlyEVk*F4_+b5$1)I@I<a93
z2Ez2Qkcna@$%dN2S&oV92cK+M@}Azg_FT<}T-Oquxi5G1Ej4AIwv}VYx;(ow?A?+b
z3k>zZy(tI})t7SyRqG7@Xztef<I~KE6NEkjLEne?(BZB+$0=|Cg%5las4fCG)y}Fq
zQ*gktDER<(oVvPV^w&;TnP*!b8ygtuN8iaHS|wfyFCzZ=?RQQS0bKPfaq}FeqjPAo
zc~=p!11|wX^^|)0QE*&<(fhXT(&Ui#^^G{!kBgf#>B8cehe;)MReQJ2wvcic1>4|S
zb1+YR(rw_KhvAuM16BwrhP}$@!saE?+Axa<sM)H*OQUiLn%ZS@uWT(EbIODLMtQhv
zIHY?(+<j;|^lMWSNrwu*BHEiP7Be?)+*9*9i0ch3Vf3?w4U7^(!@|_|`4e1qd(E@4
z8`@Dz=&7lR|A-I|5R0<@1<=MbnDInOUcLo5s&jA8d?RR)VCVb$>x`e*zNzUZUVOKf
zfHKq29C~*f6<JyX5+?d%YH-X+^&+W#ZOXqu=>`xY?Oh}@Nh=%=aZa<v+nW2WI4BUi
zzCMnnBl!6<x3XYvtQi7J1TY9jDv2Z$jGC}ywTu^71-`rY?d$pYHX*NU*Up=)U@Zw_
zS`GklX?ZuqR`^c0e=nKCAtA^-Hr!ag#kF;CoOK<)1Cdl-xgDuJ&`1EyXn>jM$+UiM
zZ*Uw4DbF&##Pu5OByjDvwwBB2#zu@_X`|a?v4Z;w28CM&hMM^s;}Mv@^fDt14tvsl
zMk#e>wt4()M^=ZKAzkMAkydkeO7@#L4%hlrT^tl~P(F5SVM*8MrDO^K!5z#yQ{=+Q
zaVaFg@Uq&<UN)R8!PzjPA;Bb;nZzaz_~4OFZ-hx?L(=1w;vF`3SLf$BU)?f!aMNdJ
zOMlmaiglDD{>C_CxcT{hyBpAvuUuOH$Z9x$QNSGv{!ac`uU<JS%bqK9<q&2ZD6jgj
zZ39scFq&Po&gFHLj)&YuB+-~LUzp4Cqm$<0w!PBXnaz)J|D9i9$DgdY`V1>ME&x)%
z-f-`=I(a`B`l>lVeEgfY-wn65%5LlH4jA>5brfC#<{d?sE4K%e+P_n=z{)N3!mh^`
zOw$?jAYC@{aPo}n{*UI)^6?fEfj>s;44Y<Vc3^8cLkCcsx#B~g-PkzX@MiWTJGnjm
z6cjAHuKS|KV@2-z>F1q!>&g}Dixu_@7ovDN@lo6dmuqH)RR?Mgo<)HWh7jvj`n4JD
zyi>uR-mP2|wW6D7fxSJRx8d>g)#jWMQu4k|)t28&dvvAl;@LKVd@8-6oj#8KCA`>m
z_Aw)TZZY0c>(j^iE03zDf{w)K%~w^8M5k$H0oGRQ|AJj&S*I^hR9_V}99#@f?bomB
zJFA*355wlcg!mhP{a(e1!n8B}PfZ;@d$^diwF?XtO6|qb+i$OT82yvx>1`VitmDm|
zG5o;J?Gx?>xald5tH2~^ocmQw+YfyOA6^dfsrIF_qL<D42@0W9m4}biG8U5?wZO{G
zPBN-*eP{Asy6j+%a^PDqm3eTmjrX0>+CKxvuQ^I|B9#$FK&K{eSz3JM*jsju9pnOf
zg0B77>6HF%!zG21R+I&Jbc>lE55wndQ18h`U3_bpoxOT>(t7dOynR!DwMzxw1x86-
zRT32Ghjk3&tPA5YY~Nj+V#wTzj06S_nTsw~G)z<sTQG_u_8K~zNaKQnf?z2H8S&1~
ze0Mc$KGfbRXN}ug42?_ASaW`VFleZ*h9{t?sEE>s&j9M?sXwSasXEh%P6=F@V%5PF
zGgBTAw;DTbSAaS);eB_fYu)%lrMB0s1`q<4Q&a&qb?86}-%3?_y*&ApHrGW5PxIcc
zM;VaP6~-1}V-R5(e|5pA1$|jcaPVfeX{i*BTBSDb!t}xWh94v#W&rSmubUbT7Wsep
zTf}it(>{U)=R4yF$0@#sWfCbMH=td^&&r3I0j2>iSUsOiSVPwucjH>8bFoCFFaSM#
zROx(!+doO%p3oWQB?js~sc9mT2jGb*i%jiN`stLIY;Wz0w%IY~RvGSyR7xHXTvZsk
zr@+NrwRf}?f(4MG3Wytc6O_Ll(#9Nyau)oWCO}Dq7n8%HMLk}{hdk3$w1k2P?E$r*
zS<K3px8=`d_{vg}Pg%?{I(P-GOy9ngbNr%)BF}`n&EdvZHZFPD1XxmrU%h@kxP3k-
z*&)LXN@|-Q3^Q&#b$-SXEJ}NPkIfDaFpGs&hvChs4ZS+(2TmuiSeog8$$8w$Q6GOd
z`MJkwYiR7=P_~-pkCF<QBIJGx&fO2|f{x#}rg4jNK!f0zA?!Er*~@g(?Cz_ETgLNU
zY>t<M;L^@KNWQIWaB;@3D)Bb9v-R=gbjV>Dy1f$;+L~I&c3&w((p%VQq)1iguSYVq
zS3{d9(yu!8)HqKt0I=0?-#1pzw1I&R^o$2ykND<Pn0+eeNN1P23ez$=z1dH=<gU<6
z(vDasxP@cA%}Q&1cVzK_PbR4G^t?XG|B4p4T_`ONR(7z}m<8Rf%-JT0N1+~1|Gc{6
zTU3W}loP|1ygQXra-&XvAAsw~2Yy`D`lVHgy@r}uwLXSUP@yW<-(%9x@88cj6aY=`
z;SlZ<yhUWpn^F&TPE#^XdR;fWkGhe2x@0>%>gY&w82`lB+^L*!^v0Dd8>mU%Hphv!
z7Zw)MEo6=FlWN--29Yr4`_-cp)-S>z$XIzlgRhVr9H)t)wYL{E%o}2&r)*D_`5Txf
zoxc5U)--`3(cFwxgTwW8gCct=`$|Dt<?I9yqIf!B5l8KMLT6Pm&S#9lU|hjVhM@o;
zLDV=gj{N)lf<NIU7%j|hQ@}wVV!9P+0D}jw8~dkAzBf2?D*y*66gWfwUHAgiiu@K(
zUD6zmVHAvG_SB#60o3|@D!!yKtal#h*{WijtoGG>4z)>@CNxWK6Si{27r8(@_4ZCT
zRbe2Bfjhqf(z{6?n>tZ;*zcS-S?ZIhHtcGvZc5v}*mdNt)&*)u3g+9`DL7OwByeQy
zCGX5dN%JTd+0=a{5%v%Yh9BfNh@-2lY`S*n^lqo{u=;5^YnG0@G((U8{|wjSV`%LG
zr00Z~E{%5In_J__(@#$)$z;IunbA)i;thPAJX9XefX>Vf&h>_m7m3%XKb^W$YIXO$
zi*eMgfmZqUnclkZ9Li`wXfH3juclsyq)y<n`Hze|P{|oH?l{Iad2s4Jd}1(e+`*e8
zBaXER8q|?lLs|~(=J8qUAIlX41v&d`->`QF_3hi`#juv^>FIVV;Uu+=LIT)YhaH%)
zQWYqIeC3b{6VQxfwZYYo4QhM|O@Gs={^$S5S*idCFafQ0<6x~`d9U`{u-+l@@$rId
zZ}`xr^|KSpKEqt#pSjpZju<iIR*cpe!JUm9nD%?#qlz7kB!DfJMB3xEzEX#84Ia>S
zevwY9hn!f2eAX%Ho+HqkAq5+;HIQjg-@biC)_PH(PB!N&1*^Ga{j6?cK-q_~hmy;%
zbYsZDQ>Vf%x}Vp*ZL7hI*D!AM1cazheNIUG0VL17(ZwC2f?9aY>8sy4+|@f9@$sZu
zeU9rz5I_>PVN@s2^-CocKZ85nxmj=`PhsMfPTO6)s?rC{H7Iw{fzRgbF;FCOPtIAQ
z_5Dj_)P~GTD$k}Z+ul5X1n!)EHm#(^+wP5BAy>J~ApJv;eq64=xWgy@fed!2;ra=?
z_Bps8(G0!)jv2betDf(No4xUG<19edJggRJ?n`z<gND)Io^rllDS3g74mCu<H{6fy
znqyP-;xy+Al#hotb_;#P%<mNWLln(~Fm3hrCKZvkf@@_3)H&K`ftRK2oM9FVU@B}u
zJ@=&)OHdL8evc5xY+wL1>s4Qh2f#8KN(PWLFK9ztj3;{Pzv5`(IQE6^nRad84Dr8d
z7NKUbi!SEwV_t$DdB#DtP<d?=mGCONa#%x~C%@*8fQ{p@bM=|S=>GezrmuUYA9D}s
z#uwln`Uoh;LL*f)|FGWOw{Cj6fm++;=8issfB5O8SxYaUHgoM%I<BeT8FJt_p9sw>
zEL}w+aRjdWYSQyI(ZSz*anI2$T6eEmtfnwkikT+bj*^<$6R<R(PMYnVw=?nCSL_kb
zQ-WO}At{LuFTK>+67<FdI8BXT;nH1I>T$Ij`Mq&hwf9!qBn}c17NBE3yX|LG^j^AP
zg_b;3I=g;-+4%^(!!Fzbt!Lf{pQBH<R+@s;Vx`O5etXTlZ`7ht!}&1xc^<LDe4Z(m
zut;JQ$Kd2};L{J>#YT(>u^xn)$bVyg;lloN!0nY+^tnt2<1jxrS00HC^SDDp#Ie<r
zNR*En7-*!BlPgq<RP(Oa>|%=udPpp*r+Vf5q9Xy$he$6>9)bC$U2W`|JR(JMm|G_S
z4b0EiR8{R_w%J-EBFg7$9=8R>P5WSMS>XbczItV%W%TiGb;%vQ(Ym8}4hJptAxZje
zEQ=17>k8IJWMpKc!~_{BhcR7(r@NU-)vgfoH!UWWk#v6b%9X~(A#T1EE;{$`-J5&d
z0^%u)(!z4ij2Y1m8-77@s5#p&=2pteg25IUFJTIYqz~|Y$oOQ$&^KAln{#HE>bYK=
zaU@_^z}=riWoOIk%^Ui;m&ut+m#mWJooLy`!N*g!8o!Q%5+$Z;u30@f1n+YCB)>RO
z_36{>y8T<;J?v)@`~nr(L;o6KFpk3Q_3i{=J9I9=2sO>3aJhlk?1tKoR}9QKO$37_
zMCZ(3e^QB1r&fti1mb-3<VpLVpOsCIan*rlQ}|7Y`32^EM&S)SqwREeCz;tGQ@AX}
z^2fQTCJ)|Mtp3W%<=S)R0Rk=yH)J%h{OHm5PnsiUg(;-2e){`Wl*DeEHU+mQ19z%=
zTiy2kL)&Mi?&0npvTtAT$nUNP{8@sUmt$gf5Eqtzck|nS(y9i`-vnCJ>@9TRK~4Y+
zd}c48?d#XkCH|9G_P#>9_4jWqlQtqp)^Z(5)0a4h%n_X!1!-~2N0Tm!L@v$5uF#A!
z2Hnw~uH`dYWSlgwq1pRedy1Rb`30l+`@AvEnmtX-)0qu-FfV6m({{1Ws7Y=T^-3>0
z#US$D(kZ{=E#o2QM4|l!Y_?KAWUlICczf07)6TsUq~;}4bI1K|pm-ucs;RG@A^51u
zyIn4{$BjESFYmVbA%}}Pw@Rpj;P4)!DiYC{9y(<DEC&E_u9=3g`Bxl#0cSrge{4%-
zm8|{(44>wDiLw9wNwB>%_0I5Ss^n+uJ9X=E0vM>&)sst=I1sMbks~K<d_N0fAC-Zv
zM^lnw-ux_sTE=51^6zUQX_k18VjV`qyZMW^P21A&UZU9Xgf<vB{Rs1o8Rq8OOOA0M
zm|I#VkMI-9JJAIzbp~G5U%)i1j$2T?{ef?v7AmvG@bsew>Tga$^Cy+?vzewJ^+{wq
zj~#oUI9X!bsHPdZFZJgi?75cUIO&_>67DNjE3E#@sB9`<Q+dl^?AWgycx=J(3Za5B
zLrQ9+r{|!_n;T(8Fd825GfzlzgMC4$QK%Uat_rZBPUM%@d2BZS1aN7x_5D^qWs%5A
zBZ3F#o%#CFqt%eb_#BK5gZKPV|3(g-)cl{-#<lk6l&tGFFcpNf!MKUy<wvty`M^>w
zmFrio;Bm$HgUZ46081oqr=61au93qEH_b?zS5sa7*k~@mQq}mIg$pG6>%Vaip`-$h
zgC0#qLG6#T9ta<tGl5V8bdKXc_K&!lAIxKvy<pTlYMb!Hxi+19ehT~DY#cm@3AM$m
zvG_QgIn%|p$StN%STIDGDL2#}l$4Ca6ie}v!K6tiHnd)0YR2a({O1HoElrnfH5^fY
zZt+>CqX1iq=X}WG9YCzWoMKY(=Ix>GZlR+^+wU!9t>hmYmwVUR^`Y{sYYS0%;Hz;H
z3xJcB-2x<~nS|!%PLC}DAKbNJbs^-OUf0970}rvU{~uLv0+!?2wtrt4GDVpaB_WxU
z3Y8=Y5g|%chD?<yG^eaGgoF$klE{!$LYhk|2_a2}2Bk=7lrr}HF6&wEfBT;8-PZd&
zYgyfQ*L9x9upj%rAB$@J{sg!EniXPludb6txAHq4D_1IBjug$yI%lMM)8?N8Y#{gY
zB-Q0|Y<A!20xIQu_%NMelbC4PscUAJzSUR|lmp;?Cj)4Ri(QG|?RLM#DTVh0p&p`&
z+tos|$GNsK+$_pl@Do_=<i1JU)bDw0&dF+)5LiVRv2^YVoh=F@MqJ&!<cgN}e_Vj}
zorqOM_m>2LPD9%N3CiFbxhQUP7t4Q;6j0Zn3kvGkZa0*-CvBD4y_2n^n-^f6UF85R
zokRZd-MjW?ZS4fM;ouD!6T{&4x!<c^M`iY(@me_lLQp&dl;gbz5YKq}K(5X=B)rp*
z2b1RK$M1bySlG{csAP$XB7M<Gqs!Eu6r0Tiyn2l{25~Dk1KRQx<bKU58!_8y(@7Rv
zKrsS!?y(O#ZT*~C{SM;dsPSlQ9kXt6HDB2l_hsGGEdJh$Rre{l#O-V?wU$m!Ehzp1
z3jRz6l!Zz2r7+?RXa&P*b_W-+EwOrL5*Q2QSW`1Il$9=UoEhx#oe2hG`aNa`hV5N2
z5o255I?{_+*$wK4u{R_>++F$$_o^HiN^z3ejq$jO7F&MeIw{35Ui)%~!}7rykI^D@
z6NXVCF-DhiF>eB+f^~$69P3f*+{T;`S2V9G9(pb1{$;kJ+-9*FzFd4Id(DA^GiGFs
z3tg_HYtA-{uCZRE+v{x$t*laP3r02eKN=7~bJK49ruqzy)GtV?b!IhteYD0+yf|{A
z{mYwh6zNxF2MV=&_9VvWWepQ)N9z5Fc~$3U?0;|(D}>02Oq+Q*Al%2heE@&}Vu25T
zp%I>|Cd-$dtI1`US@DRLGLLwBQ31yX@M>{@2IJRW^X#(^la9vyrcQu+)kfp=cJVz$
zJ=G1@Eh1<mRZKOYbEY~u7s9DLGxx@<4iz(2QZF9=xOLT(uYq27BPp+OF$q>Xzx}rG
zF)~Nm4-DkXR8W`)|62JqSMjnC6>hX2DbpqtS%$oZbj4Vebr_hIuUorzW6Wy?3-DC$
zz1%Ikw<O7BI}9xor_7dlYI1&*FiJ;Ns5~<>JC5@4n+ea9Ys5fN+?lhX9)tJt^74m6
zy6tZ5-&;XJ+!aB7|H2}O)8jm6CfMB$rM70)4*}Ct!Xl#I$4KMuE1Wh#EW?HcQ)iWy
z!2~^SBEYp)(EKs|007cA1*6j>%D$~Ta^wiuwE)#%>B5D;19rgNJ9d0cd~@#ZQr006
z=aPv{e0BVYajm7aq}%>$?sj->&(1!3s0c7>LqGv$!gNag=<t@E7gGif`0MDoTkqG|
zdpnB=UDWHUy1FS>&M^i+c1o~je=8?_>*!3fD{~JZ+qfn+zpjZkCzWpAn@{2-!cIC_
z%hGB%IOG6kRJZvqgbq9PGaTaX1JptnRzjDkJ56LuI}v^S=U#P>Bekz}R9~$TmuM5n
zwA&R~N(dCL_{mF5xw#gmFLgv}>a^mRV=s*X$2GOIETW3Ql6eZ$kke-si=BT2v}(`V
z&!2y#oPR$UT^IjQhyC$5lA;`TP1e=Ya>cjDPe}@HZJ#UTv!XHTVOzKL`)5bdI&lTj
zclTY)($@UX#xFG(z(hpI>tiV+FomNvl4EPD;0*2H&^9snqgtkTic9V)^{@kC;BU>%
zK~uJ`V`Va8PW+9+i#}loRX%?w3kk5zU-&uFB0{XuXk+if6hfIFG@l<W-J{2@wqu-x
z2OaOOAvf@kH`_0(k+i6Loj(!=&d!=X!Ou{!tX=c?pMT^0;JDyHztDSmAl{)vj#&DJ
z)Bs0?;6dkuE<D)^7eTyp$k^Mo$M%%;K6>U%0=!D%6~hnyFoe<5^9Y3B6uvpReEWPl
zF;V+Z9ltMjj3T3qCRK052Ub_TPstnFZnv{Gj$z43Neuh)F=cU&%2_9ID^XK4H<=)H
zaR2@d_S65eZCmx&LnjW-X@b7GP8EcjNYO|6CO{WtlE!7U&*3+2^y%CI%>l!}TtK>z
zCi14o)r3zRC{}G$mzVEeF2ZM}gc$S%OxW}@5wrCj8QD2w-xDI9gkX4Sf`&#+^xClY
zgzpy+_cF7xkdQ;s(6~G1FX`9)!rO$=#Vhz8>u!ex-vof*R;fIra->X21OmyoWRvXX
zryjGQ@W9Cx*-y~9sY@_`?!9-FSURe%!uyNSgX~_IxZI>Wc15*8M!bMCx&WCSa>j1x
z-8f+L3#6zW({D0Bo%EjrX530y$r)$)0>RIs=y*nYvJZ|zM8uXiZStTE6};fl;XbWh
zU<nyb9jzqxJ4|E#@<j&4SWMmY`VLQqC#Dhsyz}_+yQc4T^Q91(e8r#{_EGANkG=d1
z8E*QGoiDHFSfrf8y9XtG{pha%VSmdr9{4KRRa!wk_Bq8pQ_Z(r^{bq&l6gk8SEm7L
zHnW|bTY1^9W48pKJ^T1W6YkWEV=pw^O-oa?r^O~L6TBha;mSSy>#C(;rku%j(dKHW
zrG&TD)#fH9UVUJi!aowZMpyI7eJrS<1};~cJ3YZJZ#dJS@PZ%Tzia&WNcP`BZ8d6C
zR{<~Om6LlH*TR2NmCD<oE_m@|Azk7pajg(LU`Fr@7Cb{tKoJ9dgw_tzOgbtjn=&d8
z8obUJ$~%5JLo<6G=bKBMXNVjoDu8ih!m=5MRCr1&?x{-6e@2?+IGp5eUztngZ93{V
z;H4baY$7RK*MJ!?oG?>IGrW>1R?^G(^MV&2IEXX;^l2@O2HCwXuC7mExkDue{$=Mo
z-84Xk_xG}npdlZ)<QMKthE>4wy<4{$q2j<Q#RN~jM4n{mgdY6%%i6v~_ES{mV9ZDx
z{_lyX074<zCql{e=GgtB&4g0Jyf;oGoPLQ$|3acA7Oj4U;O!huJ{ea($o07QQJ50o
zsmft%V!K{is$e+Rwg2k$syJooUiii>TBL^GB72=f<EU94a*<T>C`vY}Tl8*usuz9c
z?^V@P{BzJMYW(QY6JOQW<KaO1ILE@Z4I5OxABVt2yUoT;NEtjE?3SHfUCH-B^QmIu
z8KEdscKw}u<Mg}kHpDg|-7Q7?kl`B64(1(LYbFCHIJu7JZ6tX~RNBHNs0bf+M)6_o
zzdEsY4c2e>=VW{@OiN44%oG#x@vH39U?Jl8@liCbWCkp|!LN3wm(#40av-i^f=6Rd
z89^+Z$$V@1^3-nGXkyy$N!|GgKeII;&~zzc6{wl5B(q=oG-Qj3IM`bRELkA|NH++5
zG&Ychk(P6Hzf$Xxoe&Zno!v)P)|qeKGQM>AcC0~I@RsM?E;r7k@Nn8nbLPVY$5W4K
zd$tbsUD^%a7iQ}p-JS-12w0%Y)D{5};I>!KwYC?#6q-)mGfS~lE^b(Xfm27J_2*9@
z%0=hzue-f$%t=_u>`7v}3*|8~k$r&9E-sAh`}arraJ`4T7UA;twa+v^O#HGRK2)7E
ze(c!hmKKO^Q`z>2IXH6Fg9qmVET@l(q^Y}5AVi<22F{t1jy&ws4siou`3Fd2dtH5~
zkkjm5zj;%1{Dq>=-n|u#xLAZsMEyGKJgdrU!#{z`;-7zweKI}aQ>Qdo#-M+*T&h8z
zfDx!_#*Y00Ul8UV!Z>Q^UC(-@XwX{6+`3gm8eh}xg~37)(b`&oal7M*iwkikb=$>-
zU^LmcPoH1R&;69lBjyFFqSp8F@}l1Iay6~s$HOj1<PMc$-LA9M%I1rk`zY*owySr(
zul$jZqIkjwO)>aBWu%lLwH&;zvuBqRSy*wktt5tD4>}9JG%$skGV>N-qiq@ShRfpm
z?Q<AA3BLKV*S%|(E@Vw{0Tls4LSS7rqnx@8a}|uxYm{cL#aPZsoOJA*VY!uLEW5X-
zx9^d~ay~%q12Az-f7qmG9N=WyWB>b^z0Llfn+^<J&<0H2S!3Eb<Weq%z4O9M6QJ!t
zQ6Xad0!QI1p}~A%8&hX(D)PT?<jH=erspdUmsZo&Q#sfp{iajw=ot|vg+1>0vkrom
zSo45s&fy=X7iSMU1IHlv87ND_X?x?_S89gpv}-7o@z_i4zin(ZY-Oz=-o{~faqdAS
zS*~!MVX2l@0^=eRCvhJsr<X-D1t5J|K~^Rv&uLO(yPe%ZOM#Y&tj*rp5>`byZ(t%v
z^TE5L4o*|W*&78|$|Zj#Ah(|*s5J-mSkFp`40|55YW7{8uhS6eb`3)o7p=POQo3+h
z{N9crZ@a)4raFE$e{@rZkUV?N9LzeU{Ik4AN=dGPbV9{X4d|J=I;A^3BR>>&s^8ez
zc{7LgqL^p<PHNloB2#Swu9ReY#s)9d8NWxPPP#u;M`dG$MzbSUxm&vDuAe-0s=Q|+
zgFumjl$=-oYd%SwJ_6Wg<wZS3ul8wh4aF4zJO#lEul3mNve=`~-@5gtzyAU@8wNic
zp+Et2@X#T2hjxsCtfJPd%JS_9=FSHb^AAA%L2fjsf|f&s&BizuQC?k;l#f}a5=qNo
zd>WxG+=qfDB@~>*cCz?I9Z^j!=<#HIee26oG5t9oyGt58WN&(ThfbZuDxj<F^`I*(
z11;-HlD-{o(>p3GwzqiDZ5szj3L@ZsEm7CKRTZhUK())v4YJUi7`smWOOjlhM=`e$
z-m+III5;>cC>aVIygnudfr0bJmJ>W!zth;<EJlQErC*{d1-v$6e@~_df*|L2^4PH#
z<fVkt`}!1Th|mn?F^=Sq1(RsC6U16hnub^7Zs&h9ql?RT3W1v2PsU(j2@K6Is<CW7
zZH9!Pe6W$Y+g(u1+I_7{Ma3V!2AaUX!eP-gR_AjbPj!_-adbHaqiV<CfqRR>SXPfS
zosMaEY98GX+e^LnZG{~29V;*JB4*w!%toRMK2OM-cbK$)dY&dEaGjb5T+#-wt}y)u
zu`iJIjCb!UXxf`&NgzO*lxaWz-Vrm`WQ7IdQA^5a#-8${W;DbD&9kiE5`j7}uSQFH
zS*^{*lYw_yx4`~f8qV&tJroPU&p?rI8))TQZL69dRWz6Zk&4R0!a{b$Fv7wSDk84;
zM&p^Yl7>!rZR~NN-D)d~N3WxO&e-0R82wO+a|{&-6cM^eQBnU%=S_?@q*QbMG_Xxz
zyY{9{ypVh(v4qPWlug5Wam*M^EQe%Wq;4HwX>{l2;W1ZV74*4W->=`ns>_yFjXJDL
z^)P6<|MY3(ojdt&-kc3|2Fwl&48-5l1CcG<L{+xI;eOCnJSA_nUUC}YBTERVL)jKk
zK;O$l1YLl!54Y`vQQxjJE&C^4FQ|bRM0|v_b0EE3MmjBdIq|c6^Bn}`LxzMP9&C30
zp>><^g(QV#5dmKbpkmXjD8n=zbuhoFdcJ(a-80WV;4DZ>rK_qcv+FMLtzC@A`;&|F
zW|h4CV*XouZSR`A<EK~7aVk@6(J1pd)Blq0P?gyc<CjGAN|~9vZ1U<GVWnlOU#{rQ
z)gcOhdAg~Cs=?ynlO~;_g8$1cS?$UcoVsajygr_wAXIPb_%7`PqSTBhG7R*DIJcH@
z6B>AHf)_*aijg#;yh-BV#O-um<9F*lr<q}Jd##{`^ZBpqt97Dd_h-n}(Cy983Fiz$
zO~~luaQ=+Sm@#l9$ednn@CE2yVK1E5c8Y{Rfr)d@84bZp6zENZnz|iJZwM<)xOkXs
zTj!~j_xCxxicnVH6N);+S0L(oDQ@G%ypN1I3?^Vs39Y?nt2QMJ>6ib&F2iq&@hreH
z-f0w16XNF*<yn(RxlM!kc%>@1+(f&=F}?;4IK4qTAdZoH+Y9`e@@1;|g*4R2dZ}`5
zZ+fFiL7zS<-(pAoVSts4f3B}z7<lUB3T*=jRxHMwQsUlSb9Tqm<vgxMVRyiJIF0|-
z?h2E)UciQmbxKE{AG?T2o~gTg5;)4%w-Am&HTbo_u+UTkmZ8C<(Vdog?2$&8!CWKn
z{nQ-fmyyyMzt3C`sE;Xq-S{GM@o<aAFGU%URznwUjCdvEH<vd_6jYVc2Acud2XZ`&
zDOiRooa<UV&>pCMe&9C{zc9bFm5k~3%~N)3dhdt!feqSUFOI?$O?6&WQBiX(<P@!-
z!{;K4K0#xAhXieP^al0UJd?5?5@oeh;f#t?NonaxbLtR{BMU%?Nis)Qd?>Dg62Dhd
zzSbSDcl~6;yJUq%z@qOVC3XC9RmR=d$DS3#Vdk-{TV(tD8lCybH_<edXLUMzr&aUJ
zjHOEzgVcs^$vuAbaY$ip%Jkahb{o(3zjS`6%3Q1Ku^TFL=C1v|Ki55Zxvu?#3BEH<
zA30)jHE*DNXrksum=IkBS`;t~aRo8PZet29dEp-`DlRS!FHb%BDe`&6>xku(bj003
zaE5*<N=aUsYh-kPG5b+*1Z`}*zgTXmQ%SPhBtJto0`6&h8aSc7u=VrH39HW|^-XI~
z*MU5-@YfN;OB)NWWB)fA-^h_S{U+l}alX_1pcI!T$v<w4mIOgp-fNX?@r<a11i3%j
z*yRgCbQuyam_Hf!eVlkRnl6LzLcwEtwGm~O?^sr;Piv??K5{YI-bG;<i^t?!4h&U!
zGWXz7+kLaidav(pnmd1zwfD){OYAzHUd6~?@WOK7?MRe5gL>?HxpSG-4i5Xhrh8*2
zph`G=b+Wd0tX)x$wxVN?BIY=0ES58XKgxJi<#EWzBGVwBsOG|xryPSu<sRFTstoos
zMpn({AzBEI4`>I}j{<fJmX|jmj$icN`mX(e&wm)p;?RF(LGaUcqDC?adJ4#bWFJvm
z4wzb4=*WbmIsWOJ<b8Y<8D9ec&BAlf4;v5K!hyJuZ<)PmCyPFUpH0fOwEO+Uu7JN@
z3)x)~Di3(3;c_y~z)8cUUh?DdkuC?X99q#M#<8WlLz%_gH%YS1gQhQQT$DU>=oYI{
zk7pfv|0(%=f*s6)pr@O<0^o;j2QI#tHGbXc+8=nuu?qQ)%c7dd`t5seXNu6UKn?7r
zmEGk_q_XeUY-8p=zhYPIEF$Um9udqwM%{4Zy^Sj8x;*&l_R{dJB?5e+kcRLUZiKTD
zteaN%UCdW@JpwQFbz&%-QQ9;8CeiS(D%RI2Ey}Bj!Fzjws!YCr|Ml57esR+zgbb@P
z{gRmJ2QDt%Xl&bwu0ixF67He0cz881YWm#J`?leV6YoVmvFQMYI%{>&T9@3u{rXi5
zcq_FKUhw%Bv0JQ3ZHBTARfVC6XU2CwM{Itv;SNZ}u})gXsaI--xd$ESxM=alqOe|L
zzkjo92g>>n8YIl-Alb$p=~TFrZ;!3~$R=i?E_BhrK7to1j#4|G+LCgS*aIqVrxM1Z
z4m`UKW{T6jspFd+>sI~i5<ND%%h}_^kJ842i)$i}Z`w&a;JZm<K;wF=@LJpKStWe+
z07t2^{`>a(*4pa-)~=$R7TP)cC0TmfEb6f?;iqKMmWa!ncI7X8*7NxA@h4omj68Th
z$@HYZY);FDEg^{&kNcrLGr8LPZ08Nhc8jlaJz=o|?=mphd;Q9Ay=T2WJw1yp74CY2
zs_bh+HrY<l(a{kEMkN_+tKBXk5RoFnuT}b~zx~iKuF%tL=~AnBhmO*1kV;vrf$7PL
zSIhGj4jed8(3?J8VnWYvN-~;fyZ?zVD4<Y>S_NfFLZDEln!eXx|6U?|IZn}vF73?>
zr!TM{gb9RFCH7g4IAc>;ccKc*tPo?uE06t)!dR0tld!#3Z9vjz7EY|3Vs2{H-LlX7
z%Nk+w;+;Y_L(?T%m583~`e_f7c6K~HJ-mQLB;!um-FhDoHzs2K%n|(#HkAFVf_wLm
znyl2tC(U6inlA62h!(u<*N17ua-t~d?tb3cnZ^ZkS}nG0a@n}t%6I3FZ#{GRXr6_Y
zEeNWny;itC{m^7wD(<EL-OAsfo<dtgKD;??6RR*O+;Gl==omDg?sk((*itrl7k#3J
zhija*H{nVZ&NAXgiTf(Xs`^W&X0_LdDcI_ybnZt>V831Y;3dQEt^r98nz(+xW$?8>
zLAS169kI;@a}GnD@cF-c4wzWtF{7mD*bB{RHP@bXest{A^`+tqKV-VIMq|w9>am^n
z)>^~HtNM1@crbxmn)#sS=HgaHV-|tII?}eQopy=_7F6kj1yFW9o&JC9D!Om!LbvjA
z+B>^+tFC4O;)KsXw=ogVo{89ac*_A_-`&fj(><wgad_IGetbwLTP+J#Dht;Zo3}BH
z)1EvT`6=@RaSaarm9r;w@6bhT_zvB%*=Ob^$;qjhX!PBqzYUL2sdOlkG3cP3cW`B(
zke{CF=4fb$d?`cqGy7mVwn=T+JSSJfl;mF+>ZnL=UOegqumsOmtY-H7Q_y!}UmHmT
z4#;Tb{E&xU>Af$oduu;xwW`7ZF4Hc+WU+P84~cVbP&!{a#`gOB`$dluRld0H`nmtg
z6ApTLI6fpQJI!Q!)I-eK*H^xG?<Rz8xgW(<m{YX0dhIl$ID}Z8_fgKs$r8~%Ac9+S
z4W0*)lJP4oU)|lrHfn3W+}P}Mr%rYHGi69?zx@2AXRl>6w>=sA>l)Y8e$5*1*fq=<
zCgoln8=tFPvrMjQQ;CQ7$~j`%rI-}cu3cr$>;kXky?fHvDPgdmm)C@E;I&V_#vPz;
zKK}|-3wR51e9!y2oYdZj4`-wC2G}WVww3b}nRKnG1Rp@uCNgYG`<u6Kd&^H@XUAJc
zbjtnN>>ju44Y3r+Yf<SZI(GW(^XJbyKVn=gC8)k?f18r~d1^a_Jx67SSVVl|;b9!G
z^R=aSw#_*6n-{KKt41#8d+3mQv=Lq~Mo~rYa!(B5OF8Y>p?*8N6Itl~&1ZD$>~-E7
z=-qCh)LtMI>dsxvxE$gK-CgYb%VtowgOSq@+&^^3>$;=j>S$;3D=eNV82K9iQ()@d
zZ*|H)PgLoW(9~*-8aGaKm0x!MN9s(2F*k}`d-d&G_4%{ZJ42bj7jud8#H7R*k<ViN
zH$2)w5v!)wOGLpT*$Kky!*A`<-!)wLcm<c?DN~kR%Ei8i6b=W9$>FS7SuB-gO+r6l
znuAOpVZa$(R=aIIL4<AZJy&}_W!JA(dcIfo-*|WfE9ZPNqJ0EDVl(gp-8(Q$#8LHP
zG%o?-?(e7%9;962-L~~Udw)C``~BLKK~JgiS86+Qu2I$}W%f=!c>c1)gtC%JePT}D
zb(v5z<)7=#mv0&9tG!>l`I=Sw{pi6*fsJUk-!v{)*Emx9WBQD%dEzEm3yU8JDQSxl
z$~+04)<*e;C`zeTanj0r0=`~!1!q$60a%973RfJdmb?2e3Y?erno^TG4nTs!XxiL7
z&?4gLqem9lQoD3TuM$ZNrg4K$1Ij+4Zg&qsRnAWgWccn)Xn@u4;OL04VAQINyC9J?
zYE>UTq*IvT7H}WL9*++^nxT{Nw}E5&y1q9T{Ue6;%9ft?OO=(`altYRB^kho<T;9L
zX0FK3@HWZ<oSU@iwauKjjiL;bh+z?N7k7IAHd+2pRS@3*Mh4JO30CI(LVs5wbW8tQ
z5K}F8Q^oe!$y<*5NeTc}XF7z3Nsi5$N1et{kP#0t^N_DEh#dejWWxy!injM+J7?X0
z6fpuflj@X?8^?*D%i_jbqr~%Nx)-zCbsy@r(rHhQ{<38QgbP4efLnqWKf0o#0vHes
z2VNMUJYx`cO=7JAST6`riw7$x)K*n3S+Qce`_F3Of4%_rrM2SYVLFrS{{7Y!sjhpJ
zCQWi;7AbgTWEfP>X#L~6f4>auqB<qfa16OQ>`y<#rmr6t%WiMQi-rDh#QCiIA$z(g
zZ`$eL&^RL4UH{Gk&HVM7%V$m9QVON11#7zwl9KxVcP%Ek)H~(gRv)9Wv!(m~;g>gA
z9r|(Tf~`l`nBzwd4LCjUdeP0TpIf5-vA=GpzHLm|&`$c_est^6LwViodGpu~c9S7W
z*FAW7#{np3_ob~G>pQWS77TqPHmFBuXS{1b__y9+B=+8PZM2XI{zVW1={?^rzKvI~
z{1d2~wVytXmJ!+dqNV>Mw=};=*{f>lS*c4qJ9Q%jodsz(G?c7b=xfkx(4a$|!uW?n
zPfANEPoF1xvNRZOz1(5#*Zy&H&th$UFcS$p&zhGQl5{Y;s0HMjvF$EYrdtQAR!d3-
zEmxJInaY7BhKUm;Jk$X4K808L%=#lcDlZO=Y{9_uyiR<G7-TdGddy$BQW3_4j_Km=
znk#7-!Cq+k`y9+vmHZ9<yzSX{rXKY0Jxj265Z7EX-|`*Fi1kK{L-q;tq8BU!qK_hI
zYR<7Ar?EDqzF+BU_l>DLhpz_IXu4p|qSLQmcbuMg^30h7s{--j0JxeUr46@(oh!Rn
zna`O6zjg#(#;g`w@Evub1lZLBHnXX#f2HhIb$&sdVNX*%YRgTGzo7nXd1DN1jJg3c
zGiT#lCypP#=a(iSP?K)HFyg^Yt(1Lm)pBw+!HhjVOG7S)ON8)gO<c!221?j3ji~cl
z^6B|MYD;??ZV3PGo&vX*AjV=5-+`{D+n%gCr%<te{`}oV(e;-=vo%}S%UJfFw_4-q
z;3SEx5gI{j=PWi{*5iGr5#1fE=NgGU!QklyKNc<fqie2m`+GMFtGbg?XN|9gE9B<u
zCD=7x+L*Gv@`y*>Vc;1&#FpJ^=u+`}vE3Ib*tCY1k{2A60Um&qq9#5*F5je~G(q{Z
zjg32sjyN6CRgp_jD`XDyPFu<D;f$~RHthuz)YKQ`Sw=8WLO}k2M>enSuq&=NhUvA=
z>-BNv3z|P^u$%`_9uqD>u}{}e%}0ivdFy5#P-}Dr6oa<BZu&4I>>Que?Om(;RQ2M<
z7jfeYv@dV0>3P!IeQ(bke^~#Ru5@sz&@i@*kSEJarLR=%n&E~Ya{^Em9L-_L%kuM=
zck|av(s+K|ca^M2YMLIrN@<7IR7FK$b6pqUTtQqVEPGRob2vWWQa2MzZ~BTIs*=JT
zwp1$}rOZ1myS1+a8hQ>OQ>5pI>O2^pb5<x2g?ly&4omN2jpO7kd#>WTqsF`}E!lkR
zdWv0e1miU&@(VrByq&v8wfzfAzBV=F{g37by+aFM?|yUc7n;QP?N2JoiL0TA)aY(1
zFx|Xjy|}rjh{f(tfIJv_=q&fo9e9S-pRMB$otD0on3<9B^5sk1k=ZbCUp9$!pn4W6
zSGEl#1k}0CF~kCzoWrsc?q_Vw^MO{UzY4cxs4X==&*k{w=X}oaQqN1$4E%C}w9$zs
zG8<%Q1re|R!AvSE&tP#A)lXX6rQrpDQ7WTHdq4I!X0o|wVDP<<k_L;fj7&1^+--Wo
z=!+?A$HDtpG`{-_n`x9?c(cDH9VR-8C{KhpJgfA#yP$&Qz&Wo;_HEETjnaL^IAj$q
zs9-SfSy+@e5O2+YM=cj>yE>WNnB&B{`XlqNrmy*>-@@~m0t<$h&eBDk)ntX|G=6$7
z4J^Y<&-gsvdt*iXEph-3^B3~$2AwEL@fi4EI?Upe9hCm`S6%z4Pw`xtveXPnSDUpe
zK72qQ#FPyitzB(@JQ!`Yj49>i{_BIUfQ!z@_KnCC-!&F#4C`Cr@nVP7D4*eq`$ijh
zEK5S&h_~+Yt_IsHAa>KQY$<Cpj^6ubTul5;$QG1&1s}TlEn0l!hj{YjO?LZ?-HR%;
z>S;P$Q_?xjrkt8h=e?`oR3Yo2=MeF-o2cT%)$>TnC?$INc8E<J)u$`&A}OzVE7V03
zl2W^nhDG1v7F@fHpWGcRCm|uRCAy<Wx*Fv-Dp!q2sr{0n|GkxVyBQO7&hQ-aL+b3S
zEVap##ihRDn)w3Qv?NGElQ?jI_RZVH(NdIMU;~fk(`F~o5Ei^u_PuF<Q-QjiG2`Tq
zJ3tM>KQ--ux{!Ngx^DVk3Im37d#)v(S%p;tgiUOp{`&ajK6oJ3w75Y-WC7WfpX#~;
zJRPPrksq>B+zPx6H9khZj~Aa-xS52|b<b+dp-prcd$+1icl<wpsEW!;Q>5Azqt2Z^
zEw<*g;}C@qTq8(jw;zrb(A${Avej(%uw!fy{tYo2C<uWzLqZ5G7cZ{<^Xoe^ZBVY=
z+VcyRIORNjsxV=-kKrYjq`zV643{MT!ZUH;n<EwaKch~)U;UY71!T|b1+EO&>^eQE
zk#fLT>y#DY1%L#-B(1;#I|(AA8&u~NI>!%B1p%ZwuF4Ra807JeOO{seJ{J%`B};2-
zcfug5Xu%ov><#Md1lX;oihUM2`MJMHiOlKpf1exJK5`aRYVI-W)Xjs2_dA%@rs=e2
z$Q~RTOIbGt4FKx3oS$;PgU0u}{kvN0H;7A2=?)mHRD{T@nJ03Kix~2~&1Q&xamwz(
z|9-8&8H%JzT6qZpUzf{^Bm@-v`_gwOjP6k^KMSUEpRUp7Pgbht+iK{@r{5$f!ivXt
ztI#!zwE7E{5n2J*!~Fbxv2L9f;N$cE|Ms!KJwEzFQcAAzTk57$&@!?ZJr)<-k-M$3
zsL7r$iDT{9vkx;echYn*B)d{P@#I6m8s+)tW{X}m5BP1$zTAf5WzZz?k*&dh&v73r
za%Cn_fd!T!B|Cx8AfzW-M2s6d7Lz^HO<|@L38Ve9M3WOx3idKFjf1N2q?k$l7S0WQ
zF^j0^4}zRUUV+4s|0ev?vsrS5mQ-qX!sxF9AP`G>mvaICdYTBrS62`G=}(;KD^7Rr
z1>#s&10F`ze)!O#K@-;<Vq=q4RMbXk1;(w6T`%SCUlqs&^3O_--S^kp^FV=UhQ%jN
zm+;SmN%Gb+!H(>r_|j6;igKYS+uH~sTPHxYE`|3G8%hwMQDBc3RRqyu^od6xJP^{`
z3(OcNNQGa!MipAAjU(AJFs5`>QJ(_OqNCuBM_An#7t!R**ZcE-53UW`4_KQ10?Toy
zy6rR@cj_lxd`8>-M6=K`+F;t22>3G(4h{IbOFn2mlwM|a<ux^3cjjYOv6;O0ukbs5
z1sig4?eb20j<fS$htltbe6%I(8^J4Q9h}bX@ep0ujFsB*?K8i0ZU))mzc_?3iTM7f
zVmPl?g0l)v(S`WC3(r$M+i0$#?&vBiDq@Wxn9%VYJEng%4-1Be{qsNW;21Hxph;lb
z1dl-w*UtplLz%~tp>O97bi%a1#<OQb%z&3oWmfm&sQ4V>y>|RxB-xj<?$Zt}y_<=>
zaz8b1&6A^a;U>Y(Q1Cx>{`_WDS%z{(DHa&z?_Fimv8utDS~dy!C0(8IEe}@m(Sb6~
z;PCtT`$KdUykG&vZRjUPSs}t{(-q{TZ0EfeeOY|r1|H(4G%Ya5+nu?(JYn<{<$6Fb
zQ5u1D7OGwb*XAK6)LdyXVLUEn>rHqKaK*?jN`lw358XPngWm0+$rC3<Mq0!?VjDI|
z`ucSvMHx6=Pjhpl%Y%>Lz$9_184`)-1dE8m%*@Ntmz~|H(SEgZrr6E<;^klW%8RSK
zR_&58?i5$t$K;hI#(1J45|~6xUR17$yMAk_U$#ov;hVPdUiY2zwmLe#-#QtdL#MWb
z-wl+fOmV^Ah$=dTO=P(nbUgngVIE<i)TL`z*G|u7P3Jc9kbdr}-J_={cZ$%**mjFF
zdVs+^LVNq3;_=_zTJ+CPsmE0g^dc1@03VU$D<T%l3`A#OUKy847s@Vy6pr&A{iDZ^
ziyXdyZd#Kk^HACe_ue%;j0K;-WsC!N8C!Qk0&snJf$an-_K(yVJArSGJ!HVQkTD)`
zr}ST!+YS|N=<uJ{YT4#r%g;Bh7}8@OD|B8!ONv|`+e18jo;+g`ifq9~wnExu_7&LG
zDIJ&E<8n#!*)1tO4`!n6`omj;F7ySzr7c^gp;P5D#lC?Z+POoA|BF#=(wm(w`^>)z
z@w4Bb^BQ(bIT4J}Abq@IqQZHD<UmOb{KJd>tKKyN`>C#;jpynPEu@w4uc`HkUC1_>
ztG&Z`XT}T(ff5`KfM?JAU(6Si#o#gOQt5KbCI5|!`>*`7D9q;eD`i*Q9PLqeV$Cig
zF!Mu(1v`FuihI1#<=3Kb<nXx^wt@53nVRO4=?RZj4la-lKu=bTOJ%tU#Uk4Tjr(QT
z#=NF>PmGTTWyd)HQ1Bc+!wTqQtZ%MN<L8vVS<KkdAg@z|NDTh_ay^+3OlhE+fS79H
z^t&=(0kx)R--3ND%Dd`UiOfOJ9wHt%Iy-b}xP(A@tL+V^50u2)x`u8}5ZDPx76q{Y
ztFcOSG>%x>MlyFkPsPkLbNY2bj3`g^{);FbI+E^iGO*3N(p}IS(+?xE^c@u6jJNq1
zKSP{!u`uf@Ff;qW9TLcRo!?i2q}3WFeMXFfi;6`Aegrc&Y^cV}4({!mO`Bk=`hA$L
zJwjv{|GzVI|2Q!i_li`$AEW;c;^wo<i@Hd&#FKc4HTGkwB@>ubZ1@wraC=X@&mlG{
zL1e?788u?WzQ<LF&de1V7WZ+dBc_VmFuXsJG4TJTxHd&4rPcI~77?1Ns`V@xLH((8
zl%IHQIk`>13D6^J(vmv=cb;n}%?VJSlUMR$`pC;2EnXQdo4Ib`^T+kwRBkOXxU2HE
zZ_hzqDz0n0D772)@T8wtyR|WTA;<6Pg^b-1YWzaot?iGqr%q~dWvI#cMHW`ira2F*
zOLAz`{SaE7^we$lJmo~FBeMp3bnvW-%x}Dj1^Q~nXs|qfJ~%yZ9X`NzQOOuUVr$Dj
zfaT0<OiXZI1s38~UCv6n-FZm9`O4Y@GWwl|eD&nt9=IiG0$c~>0HD@4bao^gQK*is
z^~W8@cHdBlw<GaQDsyiyP~8epoo1>TPuQ0p{pJgRU|W&QSno7wy8psDSo`BcWou^#
zu|R`hLCGGB{q=-8HT}*S{Q?t}eE3)i0k$k9A$2A00Es0EGBUtY<iJ8)meh9l9`F$3
z=mOinJowMASkQsU>0!9&vmshg9<_C9ericp+r;j)-@o}F7O<DPej4lP*+#27Q>D*d
zA0Oa!8hXtqPlx(E?=AhomfzJ!rroK>eS7t~So8_`JBoTu0#01qWS*JkSqYA3dyHO~
z2aos?2^lpW=LRk*u-lAd1tKnWkB|se3ybY7l!XYFZ99JwnFJLTa3s^J9E_E*q;{pS
zeVCC+#2$#a3G4%(0LWtA^6h+NTyKHh@Yk1L9C0^Vy!hRO^<9FWLCR}BT=a1VbZyL|
zS6DB?Wpd&(op<t4xf}4Ro!S+TKI};e-^uS-6awl|ZV8LWG|G98J~7#U-wkQJw_Xs_
zT}}o3ZXVa)*8o;h{kTc2{+esl3wtWmEu~eJt?j)Glvb%lZ|PxMjByiNA7~n3mPYXZ
zpfzAFK22Bm4|c=NojE&Ok{S#R41A0(Ye6bbZTr1Nz$j+KZy(~GxNqr%k%S^E1?c8@
zQR7b0ao77zDpmA6!OR`v5A!U9Ws})Q@biJOavq~~7$snUum)tMxTn~6_ZGdbxT{cG
z+-NHt6Q@p@@@j*+>%2PgfT%jnyw-)I0T5#wgQicwr{hj+6Td%#+H2n@;#u*rvY&#2
zF5c&Lt$^fW&u_08;Hw@qe}u~x1TOR$Rq~=!5Yw%NZ?1m*{Hlr4?M?$wN#nSdzQK4z
zM70v+b+8<g9_&fuj#y^uG3VFCF)7Vqb$`V9hgCz$VNcG0xbu6U=o+$U!5;k~ryh6o
zqL;BRO*(z|50s}XC4VrpOL~mG!>tXuN^o)(o=4%gsGBs@88T-_q25`iCA<yaTNISe
zS*MO47pwHz;izx3-tpQ|uR3QHwOC2+-11M(x`PHv*OO9O<lIXVLuxgg>su%LJL?A5
zO>l#*h~IGA&u^cWw}C;_xK(YPd~N22`|0U))YbBy6oKPYe;vCn`~3vEG?+3r8Daat
zl0_dkoo_8I{X2I+{*$xr)X9^sA0mZ%angH_T!iW;%xU486_o29i(Y;hZ}WXn#8M{g
zUtNEblq~MryTBZ%tK1I11m%Oex~WQ^njKn96?>Tpcn=Eu(sAs81$E<b)oTDw&OFF+
zwdGU}{38zh^MLtbrZ80A5X|RY!L{|py=z6E$eiN#xw=-$!{(29S(keD64^)_uST&y
zfZngevboQz92%T;j*Sr6yze9Fr@$@1u=;fTBll?L$)okkxE06PW|nUymbgv%vS*9{
z$r#BS&LM80qtVRVX@H0`ke?NhjkLP9>W<$5LF6+!mAdS6#SMARr;GX_7yMA`Qt0@(
zb&0nfA>TO}4p;7_<UO5x^tj?z$0C@WR@WX0f`3+1Ur$!z)j7P*XfKF#_Y)_oEa#tf
z7WBC5oRONKXpo-V2e5Q^{rGsbGWu~9OIL^ZXKN%+3Nw98(C~-4T=VId!{kAA8GQwv
zl=*!w<(jhrO~7@i$3E{-Eh%pL;w~C)L+x;z9_JZ><i3xjq`lLkOuTPq_ki0eYmlyQ
zr9M%uR6ICyPjmmp1pK=}W>M@Pnv9*(&WA4PEuwoHwwu-b;(_y;9_%O4S^u{GyMo6C
zxc~broYEjnRyi!3W__pCT{nJGC#)6!RDKJdgx#-}6Fg}!YHBX-w{fuUZ@N|R2U+ZH
z-EQWr>)mw^WxZ|84+dKzl5Djoynty3g*Wd=N$Fx-+{>R^IuLD1G0&%EnO%(nULYjV
z%Z3%$zSx&T&>3?Qiw*v^OI9!@M>&(qhMCn=TE94b^4W*H_mNo1l=_YqDnES4D+~yA
zudFzfw$jAR9{FL2U+gP;X501STJXX5!=DF~q<LJ+32j*9B>%ExpR|>**rLso9IA}!
zT7gC|Jw2k@GHjO8(J{+zWoV~_hT1UA02727EV<D}QnZJaJnzCjc-(cayZM%EcA7j0
zGC6{c(gxbMOF2tegkyNN6#q}}yIZ!pyX$N!W1V^h#$+d5AC+%?cogLgCiO?0+?OmV
zz*<#D?iEA}rbNJI$?tO3HNgsnv^~o~p=ZzOZz5-VWX~BlBq00YV(WMhbMu#!5n)$N
zpV?T)8!TG%f(*RD`r-*><ZgBMz@ZYJmv*ba%)4#2*nOKPX4A01J5BHX`Qh#*cGdi=
z$+a4|?LMy^zf&pc9sNLE(4p@Mlgd9iFPd{@-;csn{uNBN(7@%at2qn+*wFfb46_Vs
zYqrhxhzP1K78~Gt#eX+8GHPtq9*&DBashUWb?=T(*?c6Mtjaxj&<+*vmv3Fz6Ir;n
zW2~duYd=~Awg>LO%LXGWrK3j@O#%1=X4TrpzCl@zv~g^ot|W16U=WhgOQ!<TK)OUR
zwg$vOO7arlO*A&9=#?*+(K+O5zxR=ye@8)5V?XUuMpGbhOP0*6x~Oz?|J|?;Fw;q{
zjpN3T92ru=BA^^hh;Z<_{fb}iaTRA>!T&>eiHI<g_}@FkyXyvb`1$=i>RboEstDqY
z!j}U+QFb{n&0H&cg`V9Y|7F*mqLh@^eeoQgdUwINA0AcuQ0zjZ6bs&*?%cWa1-~u1
z7c&76y9=(#=jTP~x7s>w0>!hikZV5fYGz>2VUxRw$q|;Ql&J|OMQNq(@|~==km2$x
z2Ep!J9ew1n$JM+!1EUIT8MhU`NuKj!7c#5Y;;97or3`RToui8QwQ=O)E6!Qql5S#)
zzcThs_M(#p_V!~o%?}I?#(wb*tspo=X%)c$IL2}Okg`}NUav13KuWfDF7N2CjpkNy
z$dKK|x9c&fB4^L5Q@BY89PD1d+sPd?<KykF0;NEHkyVJvA$jdW?G!|2Pylw09}+zL
z=<E$`J|xbKW?vQg?>}Y9yfr`HM$6af_ge7gK=paEqJ@KPSGuqX_RG}%5lfkmTC^B$
zS(HqXn0I*OLv}$M8*>YH*1hNNKoK5Mw%}}zp~r!!AGmp;S5r|_d$H!knS?IbW^HsT
zu#Ks7T89w`OanniR(3<|8vr3xH}XC9{VYNCZRl#?RFgk);>7Lb?}3{3aSl~ocNQsY
zXq>>tUs+jeP><K!{iqVQoB6me3Nr;bqToQ{g%o_!*_=B?kAT`szw8EMzk6w@0HnGe
zE;&Ffe^xo5qogD|6w$O;PnpLrQoQ(|P6zhye+kTzo^{aRBK3u?dlCi(TPC?-du$!`
zXA7aR`E`o<m`JnVRSr`MvYJ;x!6*oqAFrtiCsNnlopo+*hw+h`J=8y{jzx~`vcHsc
z>h#a@pI7%ieE5*398~kDn`d{QZ#(N|gqXyYy}!VQFG<N459SW*^?J0Mb(yF2&#LeR
zQ6-yC%^p@8v6VtM>s@?HC&%^C=EZpv9kOO!UW8~gKr`ja6%e-IVfq~TNA(`fQ=)F%
zC{FRvcClAGjlGD=T&Mz@YN3yoh*RuSfvm<ZI0H-S)Ts~hp6JD1>t?4^0D%9VT_MV?
z-UL?wcYxOq^S2zwNI~hNtARlV>cm=kYb&c=Ah+1M+o<6YRI(Y$A5vg-UALwa+kb!$
ztI=Vzy`ta2nMw;OPl*y-g{V3vaZYtXKaYUl?QBxPh0XDW8my(fj}NEDU_)@C4{Lz0
zn_j1Gy=z-g!$6jH<8noeMTF7ic3wOzOkYmtyeDSI`M**Ql84#iowk9>!{gH-8T|$A
zpIG*66j4;}@ar#*{^xh6JSd`k_`o2*fB*jdhYk(18_{apFcil6#y3-P^L(>yF!tdU
zd2Ij5{zP#kUjB~uedAB}9|)Wl{8?1oDe<4WV%D)}jvoDZjZOpsOXKP`6tHkZs&^qM
z{r%l`1kEGtyZpu1C7zpU$D61O^Nq~=I4rDVdAPJr@UyF%`ZpJh*Hh_}P`3I)t1bV-
zGtEqAKv-=~vh+XN)*jnDcKY=5HBgwkF1xn1CSVW^CVN%-X<v3dPw=wNHb+Cw_7OVm
zIolJ=$DoeGdZs8j5G=yA#O;S$t9!~Tdq=GxAU@l5Er`c}!;c3BR$H+d!Q9d^C@_!<
z@~FCcL(3@yg7As;^jNl=;Mw+vj*3of7Fwl_cQ)j*u8@3!WkatK0}MM4u{h-F_h$OF
zY%*UPYv(rnyosj_^=-d{?c28pJql=hflxW=yk6&p*XG<!8@r$h6B~ka$=rweqU&w#
z6wS;H>X6uuWf7ojKGuvbwbz96R+5;M!s?Lm)bokwUeBrv^F4bLvNaZc)y=Nfv698h
zA_^gO0QN5nF(I_QF5g;NRRvwOg(=FjsV&7KyVv=hA60!UHq;<SLk$m^$8NUVZc=gg
zKP~_u29{N6D<^yWxRX_g5tajknQ7GW!LKIz$k-O&Ea^LSCZu+}#a-UslkhW~AveLw
z?Mn=>iJK2nDeH;b6@6s(WZV2Wb8G+o@~t%mk>g}K*A!%xg5o$9f4p?SGtk4{72@}$
zrQyk2mi_^?UU&O@Op#T4FOVqR;NauOZDQXLeD^RPp@PRd=fzVzvEI{Gg328GD9!MS
zt`H~tJW?Mm@E}A31!mSkx*iEFvkqofz&FXd=}#{%OO<@SE98n5&{MN#(~feXke`Vy
zt*r}nwElix`ket3fNfSQR?KrKf=4wC2{M%;d4?}6Red7c#-?T@p;LL4mP2J{aR~)%
z4@GtL9TYn#I)G;>+Qui<|I;$-`P0LP`I#36Tl<*wzRePnOSyrFdU2`Qm%eb>vUqx2
zMr1$a?u!V43x;B*<F`>H8SBA6%wBWq@yw-~cVF2L>H!Lk#PRsE54amPlbtckBrAV;
z6YKfTZxTM2y?XaHi?CP{RbB<oa6H}7EdMwU3Q@*69hgsy)@pmNQS|vUg)L3I`R<n8
zd=!RLuU18}yxSs^Q3vMg5?%$i!*e1k(-;9z=clH&fjmKOr}DpCV4J;T1tW2|hs=+V
z^jvp~UdGev^TcxDVp@7?*2z>Gdm}sRFE~Y`R{QGq)eyVg&xgJ*MImaG{UQcOq40u!
z{rk7~D%m_D&yIpH#v+-!L{wy581u@;%>LHDn6IAq`1T43AlyU~6$%@A=Ir`+G>o`C
zRa`!0Wg8bn{bDF=H_Ok6*^t|g#H29sVCFyZqiyAGEd2!M0oPJA;VV~OfJ1li$08Sd
zaCWG;%R20TWEo>24p~4ls6%KXk1<B0vSWxL+J8eO8a`STJHgwpK0}|TX+}~jHm%(g
zuku(c(;Fg1WJCWe-}w~490WOpYQ>vl12(7ASWv|ZE7j#By!sF?Z{3;@{0!j|5ItQ(
zyj9c|s+ri$B}*e$OxaOw!p87Zk0lg=u$P1{b=UQz_+1*VF>F|<gj4S!K5`xHon{)#
zXjF(F_rn^2hj1+-qN8wZJMkP^GQ}JP8J^}~DHjOiLOns5X<K{IeGifVQipNYDRA(u
zJers228$u5otNRI@&;$kvtMY<ZH!B(+u8}IE4vKwF_Gs2YiOV}`r6cV7S`enGdc>B
zHKJ675oNk{{OFBK{d|3wrMOQS$&VmlVmfKBDYRlVC!xqNOJu8Y`KLHkK1AB9b`Fx9
zb-|}*8<`s=n^QUA9MkNs(ZbgEPX-8`(fN%X%OSRH|78L&RlC5%i&vC!WT<k$boWNc
z=znDNuSMT_^JUbDuEO6v8jA7ZrlW9zH(a?=kxu#-ur=2<#zMj?z5K|e!|3E7T!~0o
zCW;Uch@*S9??nX7jN7*H3j|n^=8%np1_sg5<~Vs!*vjFiKjZT_KE4MZuUtjh0@}u_
z0!i6Woj|m*y}_o3`B#Vfmz>&pncR-zMo|0`X<F;bwc~RLcT~9&dhlMs0HG655(xNZ
z(VNc;F=2Prl`B`S7uens>}Str=LUpYZeH}4p?sv)-;X?DW+mapKtO%ROm4o$>e_hG
zTeAIjGuvYw<5yT&TB0G73o(%$Fn}8P%<<!*7F$ibfqEXGia`){ElUkV76$p<aOTXT
zzGw1nW6)=~Yx~OR`*nX>;ByAg*aOV7G9NrR7N*9hgrsIobs~D@--_&W`_&kk&I0qL
z24uv;=e`s42!z;S5chPkpn^<+v3s(Wxa5T8Cv?xik{k%C5e`0lIpz~6zX7USJ{3s|
zV2175wNrR!rQ~BW)SIiQ_2964Hv!DYzWRXpIE$gcfU{@6gZkih_4vBmr|%q99yToL
zXKkXX3$t+M97GxhkAr&mZZF_^g75y-Jc^#bCJ3%TM&fKVG!$b(NHzX)8h-_Mm=>IV
zB+DHcOBl-A1_^!KDebLq?}=fkbI607<dU7Fs!|EI(y_@|Vb3K)KN@IWHDobGy52F%
z?_xN}x(2Q~ycf0u96yeA@k@J09tKUpoD~varOsQpk}@5$IH*H4HNWlYZ?&P?Lj0w^
z7H>DRKv6M>6`;*up?C05N)vX5muv<Q<SS$KCHZ&Z6x=W7MUL@!6kjKW2{@Pi;KpK{
zCyx2Xj5+jrKRn^$zC(O!yuL(U`}h#YrRq`QM|1^Mo|`zol}FD7YpU~X8z?}!hk3@T
z<@N&j9=1&ks@2u|2pCtY;z)%517y|26_K!`p>zC(E;y!T)X~{oiXH;yY`#AqaDJGm
z3{EfQo)6vg<=?2*mPvNI+vO``3tGmZ{t)EEOVntt9DqZTynwtA?vgosV)8!HMq;&>
zW~0XNtQ0JZNi`DotbLoIC_@tTcQxY{f4nFDMl$-<A$Se}b||o>7ci|c?#h)1n`7HE
z7_g;0=2QSyn5c*oZH%40MBi)iR}lod44!Q0EBnoX9(siQZiIT=by;MaK#xx1diDW-
z6<k5pMvTbPezER$1gqhwanVAns9d8Yvnfc)vi^`-&h=&+D^~a2EqfYxfBVc%q?S^*
z@%Z{bdlto?^N%-Tw6Eo#b<o$><wKBDz0$xTN~)@WoCASFO;q||Wntq{gcrln*#@is
z9fEU2&By!|!?qXDuJ;gqPda%KZm@j|7$bd<U%Om{pr5d<>`QFfu7=G1aG5az#;Y)L
zMf?lUZ2pbJeXw{DB(lL&G>3$^OJ!VE*2WoA{GD;$o!iTO<#*ateLyFKPX^ycFYoQH
z_2tzvhH0W@HNkzUsVO|j`Uz$qsav8VBLP%vADtMT$~LO3UmrV9J^fHlGxXyU`k@t(
z)P9_#+c$0;%KnvVcbyh~O3+hs3YAu3N$u9jT+kMN3Mr5RR`8;aQ|UA8<?3iL0I~CH
zw<9@8t~bp=J3*GLuU(gflnciKfH20WHCrd6?0Kg!5z-)J5|-nJlC0cyr;QqAORUmS
zhzhCs%yz9PgB_@miGMb?x9!#ZF@q`RIk1zD_D4qLo|k_irM>C3dR@%$!O}-(<J~%J
zx1L^tw$j%f<OPZla&5g?tx-bPfL~3#RZe>yTf;QQH-K*g(Y~_3n<h3%EH@YHT8ju!
za+{8g96d_YrF+Os^sH?04EffBU!^C%%0J>@9{{s<IN^@jmCdf%ixyFx0rWEml<d@L
z@hbfgjswcoX@xa^#!^p#C67;OT|L9BG8@}b(OU|cM^;;I%G1L}msdxdo6gGE+ly_E
z-RoymkHiuSzd}(gAas_J8aABq{P67SR#Cvj++gK*mX_m0VG)Ik<v26ug!o?*cW5y1
zy+Xi=^+7j*(84#T!fY>G%Iz%RULoNm!}sq-=<D6U5ql&~-)_yirNQJz?ewvLfb7Y`
zg_ns=QJ66#$!}(|2=|5w@tfy;r>naM$?r?gRcvnHa~{r|qQ787m}ytooRR{g%d<K3
z+TtTYdBq%7R!T~8sIu}p2=2V_{Ra-fCgMmApBsO8(3D0DRav~SIy$N0!9Xfs0K<pb
z*^~)D+~QVF0#X+NL(EkzJ;l04{Ibll39<@H5=9BO#7a6&(`*<o0;?N1nK)4#E1oXm
zgN!3vbH**d3nHm1%fjycJS%WmKzjtFV6rsRM*`uA1!kDIG%_%n-6g(k!KSR0s-mtt
z>Fd4o_qaY^Sf+|j&gJ@|FzVBu{rhLVYoJ1+Z%>BJa6M11dDN-LkY?zbrfsX};Ifg1
z{!nT$OBtcbfMYnsvuXAnUsPZvbNbdMMzCT9d)4SqbCl;%V~|)D=xS(bong6cp980?
zTz%E;oZXG4Pfr8TXOD)9g{394Gu_s=-gJm;>O?xd;kly2`rS!In`6Zl9dHlbDH1RX
zLTMw~2R3*3wzIl;TCRuH#kMLFnVm%^zkSw`vR+@`^Sq)D2Gu=#a;!TsABLWk9W~WE
z%{<0-iLLGR$5pFuzoHs|4E;BOzGdLRuLTB?Y<OuIO)2Pz@!iFkYKyBuNr6N*NJpc`
zjU#MVQKT`;b%*~au*fsod<^tLNE_W_vnYKtwhzfSJyM!P;}mK{A{a3*(4_1OVmie0
zq_EQDBQ}|+Q9;_0JbvCay!5?%-(Vm8RrCo|2G?$KFFBpOvcl-!fUdBKh%Fe%usDc!
zD*CQJu7XB(>;PGsuJqi`M3N9lK*`*sHSS?IZZOUenQ05KOJ>Id$%pr023KX_!f2*I
zf_e1nj?K0x&uFC>xAE-fj!(uVmr(X$o4OSw)?3{ms&KKX?=G~13!Y`8#?!8{^5c8h
zmn59f88>>gNE+m4&>rp7vcxHzg8;M&oH|waG6xB<3L8=&5#XA|Tc-#CK*E3k?<5L;
zQD!ZQD~~ww9HoVmW0oNxg>gl>530is=VsM?hutq`+c-=!X?quPE%9#Y`YcN-JGMfM
zi~1?0d#rcmI8DvFbOWVTJI#|_cd}<Hx%8js0m?*9vTEfvSi;ROs~jl&1rRh~k{@rq
zrK!g#nu;SWwHs?_3r85AsZ0sGa6xg8egj8KtdoWh?<gqG3#`B2Z9KO9$E57a*!KqL
zEX1`*G9YgB600@d((Kr9<^(8q#hIC3aZEyj*6`tLxde`hCCTT$eqj6%{mR~S$i~~E
z@M6geZb+D^MN8%^W-=0Qf!|HVg<KNiA_3FvOF5RQKWnumy|;0m8g~Fg3-yQs;<8Zw
z_}l1K7Ld1mU9;^q*$mw9{TDpmMf!_|-qMwsF87Jj`e7bTjl@0pCUZLCjHre8x|VBH
z@;5mF-o&1+D&xn0XmHNY9NavTaa{dNP?<m`1ck|=EGMCmW<*qMEzhPQLY!@kY4(iw
zk^Yq?`IgI16}{SqKKVBGAI_(WJR}ESSt_kFy*7b`onW!njU8z!I{+f={o%r->NNfy
z&AkSM8vV&2ARjq*u9$z-v+ZYDWdYDSGM!f*i<tu6(o+<5umqxqHfrqfVD;D}<aaD#
zcrj!(+sG@^c&LN(YQ<X1$7AopJhn=6O6k$i;ZXI^z1JkVBCy63W()lrzW(}41Fm-7
zqc2pKB*wbc71Pv6+#^4P9iy`ryNa&*@~{fyo96@RXtAIgM#YY?Zj~@=^0)%*vuxZ!
zLn*wCwyK7ADlU&o)?#y6&G3K8U23O`TlxrOB)zE+_c{o+N!ysF!<GRJ3Y)U)<Ty($
z(r-<*xQGI9Yy507JeBeBpdit@tYra?&6l!jd6ifaZwKz>QVb2+0`88~dAe23!-p3V
zntO2$VqV#Mt{Hi0mV-)7<XGn*dHsl`<1G{J#KpBTh5EW=0wHacZS%d}m78CL&LOFT
zpi7)y-Z$i`0f*n%xVsDR9pK8$WP?8^vpsu5o?ji!ex1dsed)U2`DZd#@-qxCU=nI~
zHE+twdq`6<K)@?1R;w-ZV72VB5qK@>p8Sg!bm7&8(mf)XI+%G2at79VSnTNja{J==
zli3caxMyp5Cx6C;@P5jp3VN!*N)g`fn%;CI>6Ffpv&ep$OY++f@O!}7TsU<1*nS6>
zhBr4gT?$GrED8^u<~Vca9=8w!r4WUHPh(p;uA?Dl@fn2Z<$}tXG0+pIvGuj?&&c^#
z7b_i&^G_b;eIWbE@IDSj_ewnfGzE)LR^PsC7Y41uI{WB~!_RHS2Qr;n9I)WkXYkwd
zsBE3VrI)n&>?|sL_gMxr7*?t?*GE?Ql)3-lTdPa|eCyJv3e|!m$D=k4F%hM9wbC=M
zWp90E$(C!US|jDAPw)#VE=){J0OcQs^Dx)gZq__2-?Jx~c37`D%pShaJ#^pzux83U
z<)JM_H<pfm8*1Eni0KG1e`i!Vhyjhh5yH<t&!W&d0g!%)>({PaWhTM;y2Cok6Gyn*
zIe5%8&!gbnKFXgJo)IbUQbrz2YbOL`4=b9`r>55d{hZw^V#!x$<|&WTu4r(^>fc^-
z@!XyXP0hAz*A5p)%sNj-^a8*1KXm99W+Z$HafaNZS7ia{si+9cGS6|w7XbK@<q#?O
zS-Ke9(2xVrP*RZvz5*&8F=O#4>F*+x06KGw8BaZqS)JKc*gEa4^!93n0x=vbtl#&N
zrGrbue>1BW3ugpjQ*AP9!VmYZTt$gOU;GD)76K)nPhV5rRrLM#yVah-xaG#Oi8aI3
zn!a&)tX)4|zH{deZ8wV`l$+WjMfZ3+TicXBKkP=8uwR>$G5_jB7UPnG5EXRt!YBs)
zDIt$sRhH-^{l>DVe)VoB8EoK1AC&|ZaoKerP0qFiBPO^O4#7Sr=XFzO?eLFX=U&;T
zK#*(}TQ)E*Zro+L1CZphD+3HD#gOY{vHo4+L>Zm-k+toUc~B$Rh3?VwHP&W=SC;-2
z#ATd?t5zj2QksutuKo@i7VIqf<V$9KbxBQ!d2@(FDN#P>?rME8cl@g_j<$|#D{ep2
z#nICBt-}~fB&uQIUisGZo_}1_ZjTGQnO-h>E#V{imy6Oddtuo3fRWNJ)e6}m*Dl@F
zb8_q)ZLY(jaU>Z?<_pX+-GkEhnYMIsh~+E?2Fj{^%unAkIOM_8sZK!}c7-%DVW%L=
z(N_eVKK%+(0gsD9Bu;u9#q^H&6#y~AAJ+(aP?M?jHg3MW?vVe11MR$+8{;(qBMmUE
zb4aKAbfdiDcce*lg5!Jn7AM|Jh}v=gT|)|~ip8p{Gxj6KWnZo6oJylS2VA&#{14=@
zfU#kP7S>1t>5M$TeO~6BcI3nf4G1w1hylA6N?`sqa`fn*98#zplmKNeALOskIoZfg
zS&kg$sgyuy12O5!`RRRb{s&PhK}L@2zpF8O1eh^zVZ`=d@SW-ijab%?I4$k66Am7K
z?CkujqX{6MZFOy=7SUz3dDE)%leb+oP&z%$Q}ie$c1^93>EC}6^g?hwkXE2oPL{v!
z50-<im0nTTNf7q~;em88^P=e}u>0+&9+R!d3oE0|k*N?gaZKCDa5~#YYg<JI1JJey
zA#OhV?wf7e`0TKDwD}6QjEApIdHOaz{9T852%4*-<E)k&Uh5*xZjUXHW-tp^4`hXY
zG8q*#BtjydCwd2}UhL-r4vi~!h=-v_>%}zsFK;)_>2)VB)Y`mtCW7NAv-#aK9L*rJ
z+|1G(-ACWQY{t`xpLeAeduQ2Bg7FM=a$@$d72{%&Jq+H}Dz0{vo{jf#pvzt!0qwPD
zSJBHCLIAZJ{!(8QKzS!3e|`SkL^oJucM}yC4Gk;xXtC@S0Eh47N##CW8BvKlPoD28
zgg;lFYGyNpeG=r%e!Y96_ePJ$OlP6F`Rt$94U|6OPevq|Z>8n-?Z(fB(`dIprD{*Z
zarOCc?}z4jaG>iFj`lU8ljB<Jhg4&B0&#5Pw9I#>YB<O&6ET`MZ`kN7IQO{F%Z0k#
zgu8P6`Wf|&i>UARrFZGkLxHh9qQGp!YjX}IO9%awH5FumR>iQNUs&`i1oZiA=IY#(
z%1=_d_j?<3k(Q=b2^)HE;M0kR&JbPU-y}U2*9Vi0AqcS~1|~YqSc{EZ6CHrOz#B0%
zJVi@|WK+#gM@afbsYov?KiCO38>Ti`zIxhvg5Wf)iTm^OmSo74P`XdJ2Pv*Tn$!Wu
zX{G&N?PwbUUkwz(16Ry+^>r7sKJQ*Xg11OVsIW=H-}+xRLreEPTA~_<Ly+?NhKy}K
z=*KarNhs6#*ad;A^bO@GcnC!>TNr4w9M`|htuC3n%NPKjp~xy3B8e-GW3ZLN5TEB|
zULJdU+CHM%nTTw7-iqLP(mL97Ma)c}^e8Z4UTYC?7<<!uT8du{hRl%Ulf{n;*!bpQ
z#yftIj)I@znivZfY+%vIkrY%#YxnCT@bH90iItD!bzKpXg+Q5qT(rjH3o$V<sN21M
z-<a7=aGzao#5TNyxx-V#B(VI&<jxBp>TJcmhfqZCuPB27>T7#VwVD6mWyMyvWd`ff
z73H@sQS)~qDqBSX7bLdiHvpw5h?8}NU`{mVN<gbTfQhn)z*Q&h@O$2S6HXh!%tI*t
zIN{>M37qCZHQjYjMPgmbatO!(!U|1ShknhV_rolozT8H6yRX45l7WcDck_TJ1AWy%
ziAs64LlI>LBSE@CrUd~vmR!vfYdjyuS1YMAy5FA2i0s<R1^Rp=UKxl;I71w{048dP
z?5|GObp^u#<FY^EZ&=+0tsH@ohD;FoiC`L`=hDmR>M&vM(xDv!*q|We<V@Qb_B^$_
zN8m;EK}2OqeCZCrQEUg9L&owkKq;ZA%mP9ZRwa%Wxueh9Lz{2})vt_RF>V?owgK-)
z_457f=*A8dDwdb_-vF_g;ec{UK^OTG<Wwpl8cnqmG3*s9ibXKt0!ml?ka|puL^&ld
ze8!jlyi}$Cv0`(F4mFcN#G-P-sL@>M=(%a0yLc!3K;*QJiOH0BR96FVT%u0m2~wtm
z7>Hh^r6ASh>U<-6#Qxcj9<{@f{d@8DXW~va1_<cYDAZEP_uiis#m{@WUc{&M_Zy;t
z-rsZR!{QEXX}o^@z;S<i2tJZOI@&vps}e`m$G4SO3Cu!aNdzE1AnBiLY>bq5LAGi7
zUzml;b<YjuO|fs-N*uj9^8mqv8{5BMKTi2X1ZNhH1`hE#GD%E%eC|ai%wfw?O17IF
zTlK!O64T|WO;0Am)^Y82>apm2PG+ZhOe7V9QJy{S304U$huJ;0d!2;Dl2W+0x2E?y
z*ij(M1Eaef(%#2-LHh2$<l<apu6N=`pI(KENeu%^3K3AecPM1?Y}7WryouU_zowOM
zg(sF+a{k;ocp`+;T>90&ga$0%;#Wkbm*2FA7}Vp#wpw`}nbymH>Cy)2Q=Qmx*!a+L
z%AomFKB&Akluz~&{l%E#2wS-tyrylF2eE=-bu_T5=!dgMKW*LZV7J;SuqoI_=9rkX
z?ovN*o`r#k9y0?OBB$^Lf}==@fx*QdI^j8!cd`SA26qGJ)Sd$2U*ev<W)p<S#CG?f
zS#suQ-4`ds(DbM*(Fid9`dd^ah!8J7RQ#@t$RIAfqKMQ}WK=|Kfx<a?vNKsce>oE~
z&PDcxrN<JX)WGDZimYXAk}PEGcMXUGCj4KCA|95#ZnZzC9C%%qLqp;6VP(TdgGMIf
z$tMyk$W&pm3@r#7%OaM-j887AayZ%$SvnY|KC){RS11yPeAWB!xbvQvxtuuw(dRZ}
zP645U2u-|eV28ntrQsr;Bhn+e#5ks^ilsNb64ybv$I63a#`FK<0<0J3isf5*u&mc^
z-A~1x0`4cGOxQ7rhr*;pEMCQ<*Fd>Qf2NjDV53%5S;@ie$UyHKq#wFz8Fcn?a=0Z<
z!+{UTpKagu)b;}0c^u!x3k<D-C$(EoMn>js$yYgfd8BQe`CJD4oYt(AgM_NU|1s+g
zylo;fa8m}b&$eW92ibMbnMG*Hqy=K8Xvo^sH1uE$n_@N32Ax0O11>+g#x^G5@W}#F
zr0D9=);dlcdhU(?Uj!nKvC)Vs8X_${bmEF}w2hoMYP<G&%m6Vj94^!OulW&?7kcrX
zTP&u*CNptM4WU__qk4bt$Z@v)yf;$NZxdIFLSv2>hvIpen`2oyxHqz+zW)oF7xBCb
zvXeGL!aJX{Ztm>au(?HF*Ex^63hugth1q%GdWwKgg3N#cA9IT>Oik|)-s$vVvLs4;
zV_GXG4!{;`0@-1Fr?KPzBkj%OvE19X??dxktJF%Oxg<rB=1CDkkr0uPP)ah>w3=4M
zl0+eCq9kN2NtzKQBpK37hEj@B(fd8L*8RT!JfHXZJWqdI_jRvp<vbn7Z`k*3--e0(
zyoTU^y*I7{A3&(g8m6U|_!P2>#Izz?+bRYJp~1nds1#DR1k@c|o)=G|WAW7(#gNq}
zT(A22c($gYJbjP%;dJuH-!Zae2He6SC2g4{RtL;?rmm&(wf}ck6-sWKiHQe@0K|bo
zl9K4=lcS<+!5E)!`w^>gMgrtobBHCWDL+%b^%iis2S`iXgp!mI1nA)5b5xbkt|m-q
z->es;|M|U?ye{EvE?RaAxc3;!cNSwU<rUF|;z{04xa^2`>)A4Mk<;e(#yPFnAp=KI
zSJ$b+Y)(5yKWt!sPj|j@!A-HeWW#z*I=bXsQ9zVv5D{sR2IrU3pJ<|f0`VW*RXCRQ
z5pa|OB{kv7VS$6piwxD%r-c`=wwj+tt(r8hFSA%?`a@)8aZjTDl&$-x9p(AGi27x4
zZ(<WN47Q0tq1!J=+qLnH7U?%Hoy18ek+Wh21m4f90c@ZULRTyA`5KCQ#pTyd)8P~G
zthh*XY=nMv5%A~@3`R=!U}l88%^{`#{x_c*#F6r#|8AKRw_jpW`)0G9-Ffh628#y|
zVqqwTmv!r8W17h5lreurs~=Y`p9W|CO$~EZR1hewUdFqX(7t0aSN`4&6|9Xi$OwhV
zu)6Ew&S0u5-p&2|D5HrBKFZl-v-c&HwLnz09>Y>ZDy17fmRy}~V>;Fyr4DhX(T1{2
z40iRM3!6!pUpew<u2?Dai42=KwQZBMW=OShfM);65Jvpzvyl}000wb?)VOSXdI@2a
znwoGjDynJ?K*^2y$ZZXxxv!e(Qv=6Xymy-=5UdVl3*_g8;KnUIJjccqg!JSPdwyVn
z*z@te-(}*X;R(LW_4DR9$IU2l@xfLVut_}QY^)mAiu@1nYVQqLSO2}}GzBiYYDh0`
z*=B!(7WNu8w*oilSR(`p0`<AasvqJt*uU!E(P<XOP?3?bE0em2V^WgaCE7{e#UgL{
zrsbl=i<hTO5X2G+fbz{JjAWAOks7BfDP3w0zJsjA75ghZy}xNJ|Gogve?*ehD9~9D
z$@cXs2;|-l83IYler`l2=Mbof=+!4su4>LFJd2qIUVBu7Gu=PbXY66NNI=ZK*#KbB
zZxjY`eicSPo#h@2PrfhDRI@)5%IrT^jq2L|e15^S0JxxeL_#Sjg+2IKqM$1%F)_gq
zMDS?H_$r7oGxT8M1fbHJEl%S`$cSi-;p_e&KfkM>ymGQsL+zw-;})MQ;=DgJBAypo
z3%uOEY(#rySP&n^u!%bEK;RTOo6G%lnI-Fg4&ERkI;l=C)gldAXs2~Ulq0WR4b6Iu
zCe}z{(CVu$<EKyOVf7QBI2g(|wcVjKm6(samUiU##qPaF><$(3%nOR{0w2j-{z8NS
zK;R>{qB0ySi)x5Lw6X6bC_x%Y@}!QniSF1JsRl0pr%zm6H3`Yj<#H6j_ue{Zyk@Ar
z(6RIx<#vw4PFXQ+U0Q7SVSh9<R-f?3S^Q9UrDvi}G`Tz<oHL`YVZye@=k=4DN^t~z
z--hq-isAh{jw+fa|E;s;)f(ztcG8(;qx*CG`}UIl?DXnR_jZj*b@kEE(EB!pz5WrC
z-WQGBJg=$${@tqmM?8Lt;~0ZH=nzaDo>7!eoAwpBh?<bPv#*cnCl1V!qcn$MF8>A*
z!yUlE%o1(1820D%HC($k5=!mNaJu{{D^t+iff%ojP!_dCncma{k2$vIh|^XCSTyes
zCRRTPWAe&j)4R(;M@Lwh#WgN`8t4s(+$?S+?`k!{378SuV}m$oJG_5b&bj6O`+7;K
zJ;-^v5sZ8Ez1v)j0|pGp$YmU)XBKh#^vJSrq<fcr1BHQF(a^}kfrX8nJiwpDNp{)8
zSz;LX$9H*DZ_v#QqDLFs%3{M?uRo09%_;$(1(@^hKiTe@ad@s~k625RL6_GVUn|ed
z!42+#^RU4hl?cp0_ZI1fzKUa#pPY8N!0wCQ3yG5qQqE2|*)=d{k+&l4$-P!hY>Snj
z+1c8Tb&P`@==8N=7v$14c#`yXjN@8!uKl+Brl5p2uWVH-94WnXfj2F&PF}W0VNeX$
zZSr<SXaI!eHlO*!;Tp{dZaGFV?5Bbn7a)|6|A7DWM9}7+)8JoJ(`m=PpIa#Dy_}tu
z-$$%4F&X@`sSYYCoGe}}EN(jBKKov~%!CJ8vq>lANq?%*VSF$5=UYoS|G(GM5X~v3
zmhwj>VT`Ib<tk@Ka;%xyl*PsZtuvR|czIU1o^uUx5Mf7-yphQyTE46=$A0~zQ@h;L
zeyr`mC^)I~&0o7xKlKwtMW@o>Y-?ue8P7^)A7Zn^9r-W@q0&uDImsSn-?q2btv>s*
zWLH*`pZhgFU}-G~yQ2?H8;gVR#l;%h<=?bY$y>@EBeTF@`PcsL$mnLy{lJ!U{6OfE
zdYBofO<4t6x55*lbnpDvlA+_!m?Wo7EB!knVpx+S_cISPH8oh(y?3u(Fwk*a@EO2=
z<h~_AZqUI!s_wWWj5xRdnuE#^i1J|%AV4M?=TSmT+z+7+dBDtinzK_6%&F~`di(ek
zkDEUI=_m_@K}jYTnIx5cW2m=m^%RQit?v<*YnC^>h`n4n^0`Xl$_qZw#FCp}&N4O~
z-ZBr;=pMB-9G`aEhcUx{zwJQu^`pt*O8RGjhc+n<)_guFTyNdw@~K1oifY6dL-$M1
zHlh)qm}C5G`yNc2zS<dlTYp0yCd{tC{xYQ&5HaYj-)HMQBit>cBy)u32kmY0FcOGc
zS5$;p_~w^l<DctPhU7%}XZ1a5qA(ZiL0`XsfhK}GaX@>Y6d-BB!OP1#b2L}Qy^9dj
zA=-z?l(%V*#=XT!XVd_54;*Mlz1M`Oob@_jMHAAZ_j?qDizW%T;3F0{FB<tr+Qt{o
zqJ|;L@2kc1>l=~uL>vF4S*#oQ3vBM!nNKK*<BWYkKr&u6z{0GIvjY`TAMKbwQ<zTI
zopyNCpHXKYZM<AGHdwfX&kMI=ZM4Rj5z+DS-V!1M;6cM^U!S*7=;N2nKX}(lH7p~{
zVyo`a!(m}{vO0~^j^@JbsTiPiAE?n$6pl1rIYyFc^5wof9Q(}E4k<H7kG_*W8wwVB
z!a<`El~h+Vzt3J3m7Hb=KP39c0<lxcJ^`3g=8?AQgUigEC9Heo9;0gNEHpR@Z@(PA
zf7<vFO)Y>l_OHQ>c(IT$=iEnE=lG!vjcZx*9owXWszSuKKV-W`<a6}=R-2`4Ei6Ai
zyE!N(v+@1}8nhpVIDcJEp0^T&@A}tMf!dLx@avh_85YVqtp4;IqcF#xySopt+f;Ya
z?D9j06tCxV!=|k3<M<P}3I@yhQ-hB1s}|h@0|>0hJ+n<J+oLzcCus=GZ}hj5RcoUx
zrsZU0PC6PxtQV$%KT{Y-6h5r^W7q(Z9^42v2Ut(R@Z<ZuyGJ>83Yw!Ogt-y<V$byh
z9qr&=8YU(t47ZNvj`^Y1b{Y@ymi-^El#b)9w)zAv!Y=|@Ot9qY5q&E+ZWKdNs0J+J
zwMXuLv>d*yVP70wDazA5K3T!-CcYbI?;(EtlRD;&?oJ?7w_kE@02Aa_!%@Sz6x|HK
ze3_qj{Lp2WL2g>Zx6b$f+uOK!UjYlu>ux@WlEo)x?6Jl^j*b(BEB@=^qN6vbtvWm6
zZaFswEp^VAXhck_pZuk|4OIAz{PT^Mm-lXD>X+<yPv|Ejqx)TkZp!(T&W9i0E^KH1
z<CxA_e%3K-?)J9XuBVnZMX>q#*KL$n^hJhuF2|-(?@wkccIjR4L-ZVXS~ywkfd8Sp
zD4mJUqzB(WO)F??%96g6C>Q1-9gwe@;0~^&;OYaEpmj}mY+!uFECL!_vIMa)kr`HI
zDF8%pTD|EMP}z94qQq<)sT2Nlo8P2Y*Lh!O)><~X!}V9<A}jM)z4aj!m#zD5zpR`U
zUN+b9CtYGrM)wO{uk&k8A4(<K>@y==kJjB;k8M!80rn~KUx$>!O1=KwI?1k_JYy^O
z+>akQwn;h9<2g%mY>>iHmIGz-T9UQK?h?_xz3wfyx6F&}v(FmWAt0eqyL1_bz;tGW
zfbt4_nuhm{XkM@Z?NMoG6l>eYT>E87%JBz8dcYUBnH@^kqwvQH7UJApu_m?yxR4!`
zmR@ghi=Jy$+~UP6d+2@jKjFg#cU3tq{j2>}#W6sx7V+O;yL#QN76W}WE=1$m6nu8l
z^|DAYq+n9`vjLl8inYVub(oJrz#{%!8Oggx5s3})OZH3tXuL3a+Uhjc*dLCwl8j;^
z9gof>f;MG*`ZK+))E{SL@~^GU9VGwxa`}5hi_2WWWebz7v-*@pD6CHV%H!Nx9MOEx
z(7-@Vdg;{rp2**t4jj#~N&dv8)9ltgXEagJbFRwb>snTB06dkPMdex0$1MB)edqj0
zt+07%{tLrIxP_?fe%-(e)kg*x%2V^8?oHmWvg_uunBwbuH~lO!QFsE4Oytj-nwmoT
z@6w0id!&JstgHor6hntrFmn>gMwv2a3bJjJT3cH)HmOs01s^$bjiZBmoCcG3H|U@^
z{;;vNrev?=>i(6<9gA6s!>!%j@!)OTHg(jfj=~A=4{1>TQXGm8xaka6d-v&NxaGw@
zcsz1CQ|r_YM8lTTQT|{Tu>3_~-z0$3yPo%6^I^&1L&b}(Wr&Q~`|q8mYbHqxkH$I+
zhfbXMP?@LRWOz>3MPm5exuk=8C;JkVwYqi5)}SKQZ5;$DpAY8DckSIzUH?SecHP+=
z<+XSNSBfetxakOv-aPD}b&o|D?>*>jydwR_>xi5q-f+E*Z$+2X)lJR)YOS|Qrq5!m
zqaewkjK@jwBH0Ew5mZ!EP;26JpE@>BYc$TL18FajUU&g1D~DVJa;5>TFNq&E!zy{2
zC!-OTB2WiTwfwq7Uvv-{fUz*Q9`_cTs%}+rOJ|Y60fP|wJ%$g3<@dRRs^Xe5g4Mgt
z*;5gCU}k8def6%`+km8X12ZXty%6O_#v~^nsXd|HyQb6gE$4`I+p9X!$M6$9OY*1d
zA7s$I=)ZsZ_-yG5Z-pE5^Y*!0SK`5(@halu+i1Yk0mFuo+(FV8Ox+KoiApjwBsC*2
zCz&NWHZYA+4v#*##SHNd{{`byR_G%;``vXJ!ZbC`1)gI%0ul}WiGocW^uwkSQ8X;Y
zI1Y*n*2;|7eZuru`rHhBGa#DX5sfmSwK3EMVmO973e3)h#<Vgg?3!d6bQ?p)jk|vR
zee=>8%J<Bo4UJZ;AodS_4rmPpi)t8XMIW)noEaX+lB-Or*tc(=m?<JMZD2F(E3xo)
zWNQ5ekq1>34p&f_Xin%1c*mNfVemapOrSrjm{Z_BvtV8=3M}dg;N~CX08#ST+t;AP
zRoW~<c@_KbTA|K^cxh%f0V(%~+Un}XeuI!%U60xZ)ew0yxB-Qat#ZhRGZtDgSK0wx
zhm=r=_ivq*zpj9hH80Z)!0wx6dR>tmGa?FX;YRgmjxKy;D4*Z$jgth(&}N2m-P}Rn
zT7T6l$RBsAKT}p6(T==niOUm5BYdk*+2-~obzKB-xdJ=xL_XRq+3w|ubePvm2%zos
z7vpypjxe9@0Uqd*C1=e4=+RzEEgh9qS^-F0xChz8qvvjbF^64Gj*Vs}1i7dTx*R}x
z;fMRxpQBsiX#T#4*2x<eK-w;@#kNHlzW$AYB6SaHT$FD7L)J>i8-Ob6BXMp#*w!*f
zRHk&_QgY4^=9`Fvp86GV*Xm|PN;I-?nz>QdyZC*08#&I?nRkh#V`?Pl5^jB1KZj?7
z>Ch(mh#<UG)!An&$iQ7Rk{jkkI^g}|Cr=t%eqz#;=yE9DGZlE_kLi`|@J9A>xF@9>
zp!;{&0iJc?SyRZm6DtY$W#+)>?b<na6m1iXE{Z8Hp7N*>98zw->_)G$&`c}sfh`2U
zRMS|zYXKDfw`7XQ-YvJ1b9>saQ&B3!KiSNPSlA(=J%9W8Ve=)LTm|_+$mfp_Xb^}z
z<oeT<uCMR)7RZi~!te9Yh=o+A8fQY_avDSvO=p-s0o7BqA!i5|8Fs3-URO?o<bGVq
zeXA)!r~o{*dP*W(P`k|Byf-d*9fb3H9A}F@QfJS;VJeN3W`@9kWY@(SQ^<deOhn3k
zx;y0&N49Dht^Bi1BjGN8`}Pf?uS-K^>*o5tEUax$*L{ori1{#2(csKx5dt(sfKLwE
znEqNalPQ`UQY<pJh0i9ZZb-<zOkf!~$qqZzPNCQv=g;Q3P89jq%b#0*(z8xyVi{4^
zm2Ym!H<$PM_Hv)Xp!L-4@XLQcthhLCbLQOt45s~m{Yh;3ig<X1re;LrNJ=uI#pe?d
z==(Up_$H5Zy>qmV;-m|NT(zM9*O=WEYd(~HVO``oq(HNUn=#eJoUeWA9^OasoT;u^
z%v5CkjV&znPJmQnnIr}_a|@}4`OSvu!(~L9BfANY5}J7~DDH1L$-}B<0`B3jsA*+C
zwGH3B?Df91^+jI`77t_m2uAT+j&e%Fn)!%W&du7JUrk%ZlnEpd|A3KTibv3jb?(~L
zOkt3``_#d`lFbmUBL_aJ9m#>j(GMkrsa73R$7BXni_>SZ@jF?5D7(YWKseaC6P{h9
zMY!+O;#bUl#lB8Bw89L;8NX#{73$8$gAO)9nCjZKtF+&}vNBVF&Cm2Ab%_%tP|o8!
zXuPl<;>kh{_5J6cNtkP2`@w_v6RP5LD>zyt#8{YrU&emXoS3am`(v*hQV(K?MM${b
zpPVk3qxozD4CA0c>La0ciU-J367erCxKCUXIZ+7fqAQv>WO%Zu`l!vgL3>}>1(0HM
zt0HATN2W*|1tT7EbtJEC*(f7W{A0&N4`g9Jwk}X_uX$`n;__GLp46S~IomjkGZ+Fy
zW1@z2@H+$wfGJifrbG|}%czh1Ll89_%#0B$jSSP((J_<{;uu2nM~gW!Z9RP9mF9yO
z^v%jM55xBOi8xASw7>$Hx)E?ojMig-x8vhSCjl=@gJ|eBr+|B@E8j$Jy51skxj~$%
z-LZN5&N0@xgGA|HIW~ngE@*a$!DW&~dJ?_1!fIoZ$$rxm*`MSU4IRpaU2D5o<e>iJ
zJu<`|uAq>If6<sNz>tEd%aS?<?sLa#a!9Z}UYPu}51VxK^ehr>x(niV;l$^)`0zTZ
z&Y}3dZD<%aaNrop9=L!E7&vgPYFOtEJ56Kzbnh-9Z1Ca|>ih2?YtH<3Xxoap-N|Kg
z9<yb!gSG9;RW#bY2`<OfA-zf04X*g*pE0ZN-xnN)b#1GVvb7%EW$@m+YZj~P&sTpS
zi4B?hV}%rpqvuN^6DyQ28{}TBNUXSDv3zxr#e~fh3s&_%+V5*`Np%}3w=R3vguHEQ
zo1Xb~+oq(+atE?Mx2&(Km;w@*FLSK=#FqTD%?qg^Dar6w$i;j?{M`xa@{^rY#=Jf!
zM{9ULrsQeq=^crXxH)B}Drd%6B{%g!1uEg_x;-1;h;-;q9i~mY48NVqqfq6+!>FPf
zrg9<$Jw&IfzJ92z>~#h;*!V_Wa9b$WHK)(R166fZKO|*qwm7~dKYZ3@4g@GTFK+D2
zzoNY<qbV3#@z<}A=p8_*f{y3Ej1&oP2Tsc!7@47=`!3C4WqG+|%23cakVPA}F)aN@
zDj<InJ5I|HM1A0N_VhKEhNRD&HS1__aEBeFG@6^s9L)u=fo&?vopOfv-!GixE`)c+
zDiVz+bKka4FXpl=`*pN7wm~$E#C?&5#yv((E98qgK#;GX3;V%olaQ3r^u!Djbwf$~
zbD%@;hiT9j`@)k40Cv3KFzqp@zWJ(EEU3_{BlE|nm_DQXr74(}Q~4nEAsh0j!b)Y(
zx<~_0#wY7mMe;R}m*z9iL-WNdPCop3#<gT<m|8_Hw9Lzm-?aSuYjX}^w8yY)jY0PJ
zX?au5k3IrS`sO_fE+CPOsdDH%4*ONK&?<am<PSZ#EJ|0pC{Ltg8W{zLhd<*tBJ$?(
z`7AcU1KE3V*+WorikDNnWlxt*op8XWzXZP)8z!48K$C1T3d^73&r3^#I0^9qVICtV
zC1P>4YU^LTcy!Wk1Xe=Gl1MVGSrMJ4<XvkQs!HbQu2WhUY*Jk{*FA%r3`r#PtWp2{
zHq1%LiwB)cJltDx;)D~IgHsZ8^>Y`rJ%D~OcF&zSn=guj&hhD!AxiEyrysQNd^>RL
zXY~BnzrE_&Xeu9ccmu<J;Smp(t3N>Eb`)$u&$HsWGTzrbK%MDekwXd&lR7;j^1n7W
z$Hm63-CG>c`5m4-o4za%vL8O&wl`?24)Su6F9)NY6dy7c7m(&rVE(LkcZ_z`*49SF
z66hbb#o1YY{P=|Af#P>94^F9!I<G$BR~1C&K((r+BqWU8lm)rOv(d)w+I=_B2%cxi
zwXq2?+K~tT`3Ds<2NJ6dfx5@lt~>gvDUS3tUu{FTj_F+}@=)u6XcR@}7f*Ugq`_e%
zR`|TTW5wW>%9CFvi5*#?$&amGaOR<+;CZs#xKqfQXjf!afseDgsq4=Se^_XAE%~Cy
zMzbegVW$V}`I4S!jYnuXI1q1q%6O3gfj$gx)@)hRUIMj;p0+l{YXS3&&t#p$9XxL+
zhJvzrjfeLm`bloYh?^xPUqfVis&&gyQgYiGK=Lg|BfQ4hEsD1&RiRVC#`N&;P?~U|
z<Bs(7AE>X1u%C%=24*;_DrWqk78|$>=&(`}oSJ`5rgo%d0`aM=oI7(SJpDayxMU{h
z-0tPj%4AIIKupYp^y6IGM~+A)MpwQJ1u3N?iQl!WqbDA9%D|_b<vZuUc>7j#Kj!CR
z=_BokK!TTzC~G!Km{L*jRlA)@1i>cEb4CZ|bm=SGKgjp$e_Q}Oh`Wn3QpsE#pe2xN
zP986E^v7Qy1L6LW@z@sl%w0X{sJIfKzD0S9)>Y`iU=(i>Z_V}V|5Pw}#7pw__QrCW
zW{C@Tif(*S4a}|q($aM=UykU%pX(WWvAe#VQeA4FdfVi$`8@jEUzaS*l47lUE}8iB
z@7^|}q8jVX=Yi-mhoN2`8|Wu9E0qBwURxtZU>QgXuHG@Fn|5)3N-OT&J7@__<2c%6
zuKKMdLz3(ETI|ypmlZt4KG%KNMGO5W6E-Z7S=Mt=+pC1EULEIaYv0doYf?OOoGXk7
zPFY!57Urn&6fKSromQ?a4Vqx=)=;?>mrqQo2k{sb29>ZRS0+`34DG}_ce4AUHYz-h
znyCH`G6g8ePc5=hX6nTSbMvlBcYC068!$Fc$Bel5t4syY^dg&>l7>b!De)*=evJ1R
z6GzPPHi|VO_mjM7+5j#9WzRcSn}M#MM)c_07hI%XvS@ZNeiu&Dk2B2;ybK~jJ;pbN
z`9<|E&V_GeQpMWFu*kp^@E-E=`p#5u{DHD7n@24lF4a*~raO1zOkjMAY)@yeM8_`t
zI2!DP7*S8sP?mD=+Cx%VnwnhQ-SJ^s2KA3U%R=3)CI;B~HPimPQrNKeC_{*P=YOI>
zS`sN*i~{ImTMpnYU_{la<uPAEctM?{fQDRN-jrNMaEB>hAA8qk%YyBcj;rmybWc-R
zXlfrb8=JGlA=+PU8nod^7ptDIPW$vx)tzSMnOMiLZuK<}{aB+w>G`Z(nuT}B)_MEb
zAoUd>)~=gt_2cfNlUDYjeR}o;)#dqe_ES5mw8qWJsC!hOv&O_>W!c__Z5cmO4A;1Y
z7?nLf%p;sNW5(2Xqt36qLgc%Eyz*q_ar8qbmn?S@D^GW<d4Q$-tDm?Q_Ae5zqR=SL
znc3?e4o$SF1B3PL5gi+gz4pfXUC3Ae?0qjzajvrdh=_a=mRv{^e)jQcP*hD>SsA5X
z=I4jAR!wrJjnu(u;}|jK{#j=Dx*9|)$jg66O@)4%`XbqMVjzzS)18pk+a;1AKfXYk
z(Yen^UZ4c?)v~X6>Pj+~r25;cs>7GzqY0O=ns7V8dpwlAZ$m5G#bdgRu{bi>D%z2U
z&mJ0<#WS;PJoIp8)z?oVa{Ph;o3%0;x_en!`(_wZEshn4lKQnq8Iv&DYii1|d+Oh^
za5VP4ZfJN8L(EMKq$^EW50&AmS(dL9Esvr6z(6bO`ZBq5x4azf1D~v6&2Y}dimxy^
z(x^$bpBcrmq5RbJoa9EE5|}Ag2D~{z;6Af50IZ`?K6W{Eb+6v?!EMjo{kAIRyi0HX
z61OmE+`cu@Ywe}4|7iM9Vz8(5VsiAD!Rgn}>qX4%EznsuRnZb``})kC3tEMDak!l^
z26K?7L5V~)s-nAi(ITIZH@m9n0*^9^dUF1dNJHGa7jH($i&L9V4d4CfU`OkcL2H1j
zK{PA6xVgCa_&yC<P!*}Er#E&J-N9mE_%DAc$eB{<Nx2$lpBKvo<ke;W^s=jXIu&=Q
zXVn_AuVT-iR|+ewhnSYt;RcPPX64~wSvo&8id0rAzoebj(Po$9vC456;*SN!;fz1&
zYW^8#ANrv%vZuiP@ps0bQJwBVDC#K;7^_2SAh>DF*N-5xeS~`H9;)}^{G8=$V`KH}
z`XNT9p6<8<T=>bCQBTYs1)CN$P3>3CeJ^()6pKau=i#OI1I_7tl*R*B3CmWjxO<ig
z4SR{^mrp$=tDH9pjly(tx7w+jmX_lZGuJO|n(5;k9O?M&LrMDTB?E1f3ZsH8>%X5S
z8b*yN6zEOu1JU&X)uO9N$Ghh{Vmy2x31QQwhG~@^yH20y+ALC$`SZ`OjLgmCZ9oJ8
zn0p;!^PRQ-PE$$*%Z9UO7O*`!&21<fd69wtxgvfO-Q&{>3Ol%{YHMl=J3vtnUxtS?
zOAzH_;p4`R?IOrpdukNznGE(QoP;};ATJImXW*PSrO2Kkwss`(6}HvWQ<96HJ(Cf#
z2P<`%5-?C?HVKxBN}t(K4l1EYT>A(_v$J$W3PQ65m6oCW+IildHHBjYF~rnc@lC<_
zRQfANl<E|u+`2?@fY^OQaC<D4=uNI=a4D|MvnGjp@fv3mYJ8?PM{_})c`}0Dkq8BL
zlE|b*N-sUZwl+aJI~!D=3hW@K6eBUVrb+zlm+#(XU&CdZAysAN2`#wtI=Vw#CO@@M
z*fslOj^3K<|GtZqfTmW{Xr-`7RrQI>sCBr#H|9F)I;UOZh-c=_WTcv-OQg1v$7mFr
z-FvvQX9|8=7cL|kYSN`5V97Qv&dOQ`0z=c%Q|i0uPqQ;&eNQxOhhWveMAx(Ruv+$=
zfi${rVuOC+fPD4T9#nykR37M!(4Ww<qPHmMjf?vy{1ij1^Zo9p27N+q%!wWH{1GO;
z@<G%=$HI&66+R&c<lFOG-BpK7bvSbQ^0bwszQUb4!Ra<&JvAz2HvZR13kTtV6nj)h
z|1s1u+@fiquTy)3M&S;99c#fv_R~uymJz@6cWRtOnT4=p>n+C_u70la7fYU;cm12Q
z1*QYc0$g33sf<;PE}pumawvdZ=K&BZj%pa1rR}$lZ0y~%`_F|L$JED5<+;C)w%F%i
zkhm!0`PRB0DFHmz?2BAzZC^8g(a->9SXfwasNjXrMNr=N5%=B&an;ygkhxWtupW2x
zpAGAooul;hn0>-1W~;_x{7W8mq9Zs>Bl3^blzVakU!vUVp7>qcS`&FxcmX<5k7anv
zIDxY9%qj1S(a~DEx@#)|pXLyaOCMcS6nK`J1=h5(6wqgld?HnT-lhsHssLz?Ju}8+
z7=0Z3FGNy#XqnxJA`0HX6Ap<@0Ka)r+$XeExT|%E-DS0I-89;iTeofjHHubc8W}ne
zhj75vm~x#d`QxmtbCr>^=qR$S)KOI7A(j`b%@eI#ZeT!KB3@5$wzPcj=SAdQ`t*3}
z{pd>uW=bV9cVjmWnHj3lH3o}I1|~iJOEs}_{sv&57`Q1RBmWNH7|nAY&2uIwo0(|H
zWsT=4=UilNy-rnl`tjN2>#L<#IxOFvSC+Z`7X(G-@Si__=7t}CVB|D61}qXcii%Kz
z_ZN~yWRlan%1NQ^oikoxU%uq!<VXlR=kG{>SroD-VM3xUoFV{MP_~f+G%;N8=2Qh(
z&y%~4&4Y-Q@%CFeZhQ9ZNp>r}^)-kRFok979}}7qqT|-~)3Yv}$^c#`H#jj}#pvh6
zd#w61Q=z*y?}*N}u&4yxFLrQ+Jqa}?WYS6vEF(ERfUnVlrcq)CM)c9Z>ysuGH0PGy
zPn;RJ$Y?3`s*E1w<ak1(YW)0J>&?Pcy)f1H2zLOK;GzEdUXsZ_=aba;=9X=wdcrFv
zaOqqr)eVECOz*`l1U$kSQH&`L(q=^U9buS)X|f%L5lwMlI|}HuL;(#P4SqrF95squ
zAeKw)$bH*fQ?wW(vennGVTgP6>i0YQ2iSBe+k4`w#_WN?4(n50pAMCgA=Fr5MV>*=
zvWMCo6IK`*C3dar-(*zjw$x*?3Hg%ZvjdbqMy(WC_c6h2(1sr$%*x{5=cSHU^97K)
zo0Y}XKJYRdg&7W;2FS`lPEtiTuzGBE(QB0El+MD7ni@|G20@E~=1s<<5^tt2=)`2(
zzx_3q$Sr+vy6Wz|v`{QE=tpUhvWNH+{J?u$y|syagf;8P&1ijh#-F#qI1l8G$ATOy
z|3sgCQ8gq8npH^|$w`8bVU7~0IT{xbdHGs6clERBQP>h+zkHG0zX$-2?unoJMw^AA
znj^|5`O66=#7Sf@;Z6E6vMxKRdiWTA3L>DYhKBstpJvaQgHo*t+G!Hm;PyxisA+Se
z_`3<2M&c~2HUDNlgztKpfOWd1%R5cZ?h#4FPiV!YqwsnnLZou-6g8ed2bItXRf*=8
zx7nJ@y4g^1B_PEA9Q_g}R%K=7Y}x#0&*n^?ycr*av;AxvO^TMU`*P<62ZeN<p-FUX
z<dZex4Ve2j^qEa`XX%8UgAo&;Inmf36*TSHRBtB<!3QogU-i#fYhT{l^CpP`N_EhZ
zvF|zvD8jKaL-v7#z4$Wy>ON|jrdBpw4{9}ycgk>dka<}A__SCSNvgjGVZYXj3A5Y*
zLWHGtix>_-4S(Z6EcDo~TWOuItopz)DcR#LO9}=Z(z^l`dtY(8VG@ho$MosnP-S3v
z6;7=@WtIxK*B~V~$NeX4PP{y~?@nC4?doA$zXTv}*kyEUe!fmdEc3Ue`j3+?9$xw3
z!w2v|CG9&)at~Bzu6>Xi?K(I;RgOi-41upPW)pNh4SmTeGu!~4`2rz%Y}_+)wY0vg
zuQ-iR*XJ;p>Df5?=O!yB+bXwv@aFJ9#^WEqNK_q3B<e;Re%I;K6XIa+p;LTKPqQu&
zS<h*?vE+-&<MNrTW!7)$sn8xZ^FB2;Dr;wnU*+1`i7DgNdMPiR<(;S0nz{Lw&3b&c
zJ-2eM0;eCo*}{kgo;`o_ZY?T6QESz|zm=hfmDMYb1d4n`5uo%dmAdtZ+W9@VpAJk}
z1f&5$)~?oc_~%+jnM4n$bW5`D56C~E9cfDSk0qG7MrRQ(sSZvlj5@#e!o`a^OO{Lt
zJ)Q^G9Gd0Zw*i;mczRUDlBhJLwF%-f=MOCbjN^A)Al23945BsbFBH|_&IB7^lbdQA
z4H0{!%u)$g%<GuPENu|@Ix}uP9XK@uLgz9`(J~3?(1Fu)Tiygl#r@$GCsNlT*HZNE
zQ#&;nAL=QU-d0v4LqgZ$1xHz(@6n)`8s)HZ!*Uz>i4$WPY2^Lov^yy&>89oIB#GO<
ztc;_cH$lMyrRm}+YOGlLWDw#JCqi{1zEppqq>jpyp~%W!PaZQC7MVCyG+=sjBhN5Z
zvpsP7*NipY9lC>8{@JgerF~~fpf^>qGlJ52+gDOu(O0~Em<G}J)~}6$Jw%$3B5B#m
zBhWMK+ebK%^uz~u-%(>=?f~VAUDdmbI6?-g1%BkGzIgM7j5FmWJ%>QORqi?LzKCu2
z``$HiP>e<Vx^Y*pU`q5OpdJN~>B=u2pks8BY;Oi1(9F(XxG-|9fe13)vapr{LYwH6
z*FMX7H1E)-42`5QojY|B8+kyEcu2S+R8l4uL%_iJfrLf@U2FZKs)Vrd1n9TVz9Ozh
z;2#=jis+8Qepi&e@lc<2`ZB!?o#*=-dT-mA_4?+oS2|s2E1?fkqhc#L%RHtS>m3_b
zCUP`#jc%|&Cs|yhQW@CeE)@V*tK5MO0;fS^06II~*vl>Ae0KQY-@2aGT_y??JohhK
z@CLf<zzafvv)EY((Cj1zDC2T3JVFhP-$%PuKLQqslbl2Rp=7Fec9|(sXhZfNWI7;q
z^XYF6_An$L!i{=m)hJl}P%r1i*$lFR9wTTjT?();K>!IG-1#<|Z38#AR9=_9e*CpY
zZK|C!GF?DYOu)^5zYj7`Vbd#HFV7&pa`p1%NnGa%COTFnnDz<t!DTqpB~B(M8!8N1
zF1dEj;8d1kQqrg;uR*TgfK~Z9jb?n);il)__UT32P2S_Zv?E8f*WxEDa8ZII|3U^%
zC#72Bz7-D)GR%dO*RG*&>$c~XSJx4gR}>-~8PuG3hX-slV>Nba{{8Ugh<a}5(LiUv
zeU-xX+(lazCuiplVoDBck}w<P>cCyQ7G@;GER&-K{A2$jHZxlx|3yE>t^f1THtU4X
zOu^-wQ38%d#SVnz7#VdD=t*<mvb{U*K!vcrHW@BSp6Z6q>iR?sw2vIt)I+P+`1gq=
z=76+thqZUDPg%a8=MwWLi3aB_6c(;7E;hm2-j~EjEE*}X19n$$nVFITGR?+^vl>hk
zBckj>qp(EbtgE@k8@O|$`uEb?@an~jlZNuJe(BXkdDMZ^cA<Jpmtrtdl=-W*0bs;W
zVP{8y`51}4f|3Z7o>{zJWk@@jV0?gPeZ4~4_mMr{<C|CV__2ql=bW%zj0LMY{P_0+
z3NNgf(D+w=bzk&}Oss_AM|1hP+dJ;yxRaXFOK>bp{?yboCLU-R@*8(D0|T152S<Wo
z#2!DMH)-{m0;QX=moI-UnkTxc>HYUWKmvv<I&aw`$`QaXPA$_cQqi)>irZkbxdfJ@
zV5!{k23u*h_j}xwZiwZ$cBFx_>9JBYgd;j+^}4)F9N4FAS+~5T1DkOgF;Tbre|be<
zF`dB32`S2~b%yshEj_-x`$OQ)x94Ps=y2LT^fc3jbI><J2dPi$@2Ao6moHP4_e`@l
zGeBk<bodCc^7ob&(ps+r3Q_wnZFt9$;Dk;Y1M2jI?lJW0AQmvDTb*>xJAW~x7<`8k
z2-?Xs?XQiEoWWF^BQ}v}Lq?Roen41QIUr^{@f$^_;feZZO?mI$yLWHkULZ}K`W^z*
z4!>;*{79=Cd`K<T?s8)Zjy^BZ5+4cLu_(;FDGd*AGZqLOA`F4bOz0;oyD{}VWJwE@
zG<VHQ6HqCMHtD9OW%Nk}-`YX?q5qy!zBz9jA%#~tT3E=2oF6}Y_zN&$o%-*za=?Oh
zuf4ekHH%!_+*E%~aqG<B@*`Sp)ot&wLr~wnWh!5Wqa-l*E!0Juk&(>y5pcBYEv|E@
zvQdMjZi=P|*mZRfbc+DYD-zfCl+yD-FtKUVrbgd7YIcboI^#D;^0dpE7(Cb4gz__2
z{w3C*9M_YlO`DcsvD(OpLnN8U4DPvfZp+z=7xM}VHZx(O#F%n_sXm@ENc>)7?j+_?
z;auv2!bfDsBR*OVpz_kmcaXanoC-3^Tq~k<Gc)1ObSb|-ByCk6foXyTqG125EiNuV
zJm)!^g8VU3f*e@b06jx^0Wcz}RxuXS98J&=GqPbnMgcP*AIB%7{tk4jE$}=2wk_h!
zu4v!u-A35tJ$TStpu0hz2NO9Qk3kf8D}QO)+1WAc<;(^bVK5+i{de49q7WrlOIbpI
zt6iQFU?cr!$hzrs=7cNsg?Uv<!}xu?j3}91J>7VK_~jqXd!(W(YY-_XKX>jnx=*M&
zl}kD918TzQUUGik=D!Os-n}!?*I!U2Mfz~6N<tCoII6rBm`j|7fbvj_RBoV%HJx7n
zTif-09|k2@tmaFqizFB%45^*sgh$cK$2E?`*5<Sv-UCKP8b!&0fq@7XdiClg^uHO}
z1o{XBzKv>?s~2Wqp5Z;dVz>V;#StXZ!kZ(lTtr_oLd3WN`Y;Y(+P>GH7=!v>W4Kx8
za<#C~AVh~;r^}f03lIWrdoqFpp1KH}K}<MfNdYOKYVBlRW758VUt<E6nEe-q-tDu1
zri}(Wn&z+L4nuj!bfewI_+P7f`xfF;hJ|8)CS5cwY-tCrvxpsG_92(1-EKdJM*Vx)
zPQ5|Fg9Zx;Yj!ydUi?^4P6(WNJ9u55dak0E&mmleK-xG!DSpX8i_ponspT98slRjy
zBQH$q;OScae~$fSJy&31hx->e)3kTX=|@~$T}8aolMGc{-aKamjXf(VaYq;+ki_Id
zwearUJ32)=W;Q!=vz4{(qL~9$x)$*bk4|-Lp8($x?{nW5KV7@ciGq%XTe1F;nke2a
zC*?Jm|8R8M-yc@Np<<*TQ#H8+>`<8^XdG<&L&SHtwTgNkPjHDmJ#9~HDfse57dZ4b
zPq*D@iOYp_?5p|HXUqthW5KCCi4kJl>dX_t!Og^AoQ;YKK6<pH5Rw0jW^jYzS&mNu
zE1Q!gb?6m!#!f&ykPyTFoixeT8Arm<Yu})Tiz+*)|Dw{AS*%89U|vyGeRhee2r}IB
z7a8`gi}rD8Dso~K928F{aB>jxs2X}vKo$OzYaNj(32euz8c5aIKd!E}R`URWY)nkL
z^V<WNnVI(60yGVcjkEeJ-j87!qngkvgs~|W@zZpdE?H7n7<tg%3)DcT=jFqhycyfi
zT)`nBZx4$#b5z1)fz;|4y2Gd%#x|p$sy4p3*%9qgkqct90=w+>JLliHQw^b!|23+G
zYa-4lX2#Gy`*%Z@SSE+CB6#d)kv#UkzW(W&DV#4(PU5tpG;*v_yoIjODeeoM)ANVp
z_dN}tbNe=&bjR+6w+^KFCM7;TzSO&Sw^P-}F#+<n{=fmC?6td?oIPb_XZq3J^3NFz
zk*P;rg?3xAM~KcnGU$%2>7Nz4ZPD<4hcaVqC)jS<6mj(E;;|z|E}BsEP2>XHi+kq@
zCxR6fWfTKpn>iOd0xEP}6P>uN^<Chru!-wPo1+Yis$ps~&97DN00UuF>GZ>%qe|yZ
z&o)ci*-wDe1yyA7n!f7#qdz1j-&bSkz?et3h!o$vDjp|B6tqmJm+FU?ZaCRTKu{H8
zw7X_mq<z_j9lZtHj(7pcNJc%~Iq63e<EXrQaom5l?g1eo_NqqD6Rf+=nm6DMhQgvM
zLFE^n0VBPZZh<S~OBfg&irA|Ggl4{cxpn9X#389|9Dt`!-zq2w7{7|`wC5Hj_KaDx
z!m75v4KmJdfm2(*UUXF;+DqjZLcn{~pF`?&p}8#@DR_K-Fs-y;y68zdGyI=BpX;^Z
z3><3>@_p2EVSLGUrWat~qkUohaNoh(K__dQDP}nP%ze%{84|%i{{F*=1CE>*wg|r?
zI;nJ*8msRm)8*ve@x>`MMkY+)Ik~at;WqG}8o!2f_qTkuYyRgL)e$)=;o;`+A{YQH
z%<rhyEv4V!^waB3f#HC6zR6mI**#W8gL|pyhRMwAEQpvw_XN$qHT5MaJwJKaZa*l@
z$HR;}1@w0QaEe=QD*m`TIlX%l8&>)g_?Qr}=07e$w@@86K@dV53*7)xH!f?#LPAAu
zI}d+X<DUZuO5NqC3F4S2DJj{|##0QKoX1#SM;cCB(#|pMkOq%K<o+wZ`SPT=c%?jc
zq8H$$U%eW-YM@sJ`5H_OLV8O|5DZY;<ke^2nWCDfG7p2TT$92J#lyi;)oo1fl*ITR
zLE4?gA(3s&7oel{DW*{oQUdY2>iRrnPROVhkp+&?<L+>srdO|D!=tlrqj(N&bzlhx
z*z5TndKz|(VUW!>t#xbHPTu-(1C%OB^~np1LWX;?9&LYQ5X`dNV7uGN4=-N8aO{+H
z*_%wOn<~8roZt0!ax+!_s!7Hp1CDJ}%b%EGu{3UGkT$u@h}{^0<+XJ_LBOuY8U2`I
zp4uCA9uZ(9yda&1yYSo_ZN}>sX)K+I03N#InV*c<ZMz1UU^U3K!onRQExkT@Ja->U
zAkXKPxU}N1+Q$2Bhy4mDUQ#t%pa?-kL<@Q36bG_tY%{~><P0zBh(az8+2v&Z0cdRo
z&;$v!S+|b&LyrUcH5Cz^%4g6(U90Z>|2lBjD#0jY|F{3R046#{J(bKna1bhO8?%IC
zx9sHo@+<d!4zBgurl7umcj-f?2~0tXPyVEGSifvrQpaW_ijfjGF!?3Xly{q#y^d%K
zsPCg3qpI>FRs%8_8!z70$=Jw<R|-3juu0YJ?XK=m@D}gXo@+;An$&m7?RlFd21kZH
z*koUOl>0m>VM6*)w@%piZ%}p1aIG6uv>L_ru^-y7M{KQ2Kr;^gSkAMNa#?0(HVYG{
zq$Vl0Qt9i76DCZV_2oux?!k(=mQ2Oq^l%X;ZMB0fG&+;Ch_3k*5vpdtm~GvDr`mP@
zZFY-eb3-B2K204peaZA&XoHo??}!|_P~X-+lvOKLenIZdtF%Zs@{68G@yEmgDyH}I
z<NAh0e#iS}XT?Q{9Y_JIoSA(dD)k;v?>$Bga<wgA54ziB&{*?GgOIin=tTg<;Crww
zxU+FRE-9I&B>s6+c;#4^&91Hk58fRuH<eg)ioav)RyBFG;z=&t08NBWq%v=ctw-^N
z6^!Pjlx_aj-%HCXMz}7uSVxV&lloD1-!eIstFF5Gc>I~eUo8C@yv@w4@Z^nwBg~Gq
z7V8nhGWGm<E<aVd?F)b8fYsZFj{P)+Xu&T1<&SNBI#|GpzzmZl3)(wdyUT=6mi`3k
z7-#*MhDh^~`uCf8eJuC>QZI|jSP^_Lm?Yn@*89eWhR6KOC$?@y8aGWkJ+z956{xWs
z9Jbb{sMVa0spyuMmQI$j!fJd&{dZ^+@Z&!8KWh(srGOXpq@!U~045W*3?Za$c^gpR
zgUT<WPyO;?Zja_#-RYLp!ld6mHO7eo-ZnoU?8mRM=N>i0G|@ki#XK%9PM9@OEB88z
zUR(dKM^|qfF>O6@x^isHxe#Tnnw$L!{JLl$kt%H-86NqjEo#@UU7UA@@~(6$?-z|x
zXnk(4z_~nne*44cLNvU=kdWy4mL+OMU#R9*nVXl6J6_|yLQWD?PRY-ldz<?sA~4Xp
zCJYgFH>h%z%!;_8TWN+uGqzW-$YA?1pCL&vi6zFn&%eI6TgG|K`BoY6VK}O+=`H_@
z`9bgdo67vn0R)00vc|qvI98J)vEz%q*?09eSp0ztYOwxZw4bw|Wn<gXT<~B5MGa#Y
zI<{2vG>BFgY3Y|v({+xSo0;W4zF#=1BWI57kDU|!rmm0=vi+gXWFSu!`A$IT%evsk
zzy+yMHNjTi85Wyd?A|!#HJcrF&a0ez>5Fd{sXuSbKKwu@-?qj_v;zV69^Q{S68!{j
z0@QXeeCV!{T5^h;et!J)X>xf(8G}oPjXQULr7x*Bv-A?v?!GYO8#ZqnK~Il3m4*%+
zm;zGkJm5g?TZ=1BH<NF`Jiu=a6x&)XbAy-J8sC~f5$^k49uxOd3H_z>nmdr{NKcEd
z+tW`iUyrjM=HiqLsRc#JJoM5v)i!YojU-Vh4-;ACrE6lCPUQ8f-ryJXi{etHM-pa>
zI2jy?xR|z9<>U~B__X3e-(mCGULpz4$?5(52%rrYii3l^=iHyvNI3n$j(+7d9eyya
z2nKIcGmew<dhF1lk1!dhS~StY?xD%-AZjYJQ4az;NU+5E_VveNA0wAAb0<;h=`aFc
zm-dLBbLW1S>zo7lkD#DQP8QAOnI2hig2DJnHhs_6!Qatl=E7}AmYDM%J5?fDP11UU
zZ%J2c0vNR1emkI_a05tzPh_Mfnw+7t=Gx?d|D&VmD=_hRM8s;qw#ako6LE6m%cD=D
za|6IvRLn0Z&_7e~w7eW69QauXpp-&j`VoGt4^04@?fhOi7H)zM<>v;T_W0*Zr<1{P
zFtRURg|~%`2BS_OiRX`lz;vq15T)eB$@p2!4xj0Iz~3K9v+cT<sb{e=;9ttz{CaOp
z%zD-WhfiSOa*7Yl(cl>G>35)Dbsgq2Um4TB)$&1bpBMyO8YbP`*ocZ0n~3QiI39KT
zx&CQkfeILZE9_F(>C;?c%fIu4s@~N0qruE{!r%-K`VEe$@{|713`FY`!HK~iWh~wu
zpFblm*E=_$TPM7MK(+IJnt;uNi-5n_l&*7|!5;U@upn2x9v{p_T$O_G9qgB79EFWb
zw>b@@^@yV~{y#6-Rz4D3WE<R9z*d^iz9Ov!8;@0!rqR0PX>v+)<71lfIT}F++rv*I
z@X#Sk!{OamZZ00WyPwsI&%d1|{7221BL><Fmk4y@70`>KA3#T%cp;WU$kjE{ekQL<
z3=W63p)=O{s1pg2Y&MR#t51W}PLXC~YkU+XN^tid=4PkG3v<F4urRf3H%j0xJ3v|R
z68uY{;!t?_``TJl;29~Y8TN%|F%b^YX(po-mMWu!Nh=d~w|>0vn`5D_4<(g?TVoGv
z!`<CIv6BEo0Cu$YaPC{y4=sxBZz+Tn6(k{-@S8E4E7Zknn~I(4l>R}&lE#z!@}!(R
zcKuY+keWQ>n%LeYb}A~m;*f$sg7Lv25n_6WnCRK37xJhj(`~QZZDF)Z<SwJYlE(uV
z(D{d6=KI0`F^bVTRP*7(34WQXsxAWiXS6@9(dQO)w@zEO5V6IX*z%2yOB;fz7&%2#
z$0pG5GU6B>53L5_Lj1hj)WfH$hun*s_z<I<`){3j)6f6=Alj9VH{e)2tEeCn4oWk}
z%_1u?9l%X5Dn6(+?;%<su~RTNe{kY_4mUMnYS;ep^JA*^x@c|>v7==aw$kXLiN3M%
zG_NmqFiao2w*M9qp;4Ey|Gn2mx<*9AMG_Xj`}y+(LLBs!>Js=g2!E$zB~+@kmu(E_
zEWB#Qj7<=^dg77zcW>*G;I)v*B-I^D6C<O=FqLjo`%0>l{Q3hXgwnG`vIb)km}a<d
z*+M!6h3sq$Q+Xf0JtQy`&#jo%#?pm%Q3<-wa5rI-oI7Y4>U2b2H8Q~EQ<pP~8!oQ=
zix=x5DY;!0Q-)J9|Gl4`t)vV5cv?<$I<z_d5ug%Uh=l0Az^e@pyc1V1aU0DA*bS|<
z##(aUrQ5^5Rle(^MA@=WB%#2=5fBIrgY?a7UABdi#;5Md#3Glu5sHC1h~${4vowZC
zN{$ZFE|o%qcZI2KRqXuXkgTs8#dO{Qk)C#)bv-1grn(vz@uI@Q6Sp?=37_}!3H=8T
zepgo~Eh}63?+XotAO-v4S$&k~Y(wj1l`wtsWc{&$lWVv)McX{Apy6s#9iW7im>+A@
zwM!Rl;JOM7)tG>CckASekK!I%)}{xnF&p%t938s9rBfl;C0lRaoL~^G@=OJeJEMyt
zmsq1&Hrf5S9b=7tK)B)kgq@ZPjglbW;?QhH<T_eflUp}{$Y6Oc-PDbvOue1&08lxV
zYE*DSXH`D$)w_2Dh=Vnge9TfO84yN_e^$pGY;8y{0|eOfENI2TF}bN2r6(RSM}+`F
z3({O}*UnUt62CMr@Cj27c<EE++&T-2it#LFOe3ks4drEIWO4%Ic$^=gaWEJ)G=!9r
zs4_%KAZP?J<1aw{adQL;$q`}$k%j6@?ttkvkA%`#*3m{NfAHm}#1#k5+EUd^T^~qp
zL+yd#Q}R;(v53bicq4QHxTAn|5u1a=A;Ql2FB%$f1v4zlQ7ipesCGULo5KZwCPTjb
z!8fBU1QAIwrAnO?q^<R5j8Tk;w$fFIXh2{N)M<z4PRgGL{4<Q)wGP(Ck1d(J&Z7e=
z)#X@%!5zYfieiko6=$AiZqH-{O$!WheFoS831U-#E60|mmp;MK<ul`0u-J2k@}!J3
z`o<(Pn*#@e!b%8<7uk45&aWcZrblJu^-HvYDoDAPI(Z8>GCQi`*)zrxFy&Vp8+R4N
zYXtEdhJiySTkX~yeIM#P7{J6J>vik0-a12uj=0t)4yA4|ht+{=!VCqe#Co?nq)Xtj
zAy}0LXr9=7H_zG0$!=NlA(-96hCLtZ?JFH#x_og_vY3(3OV?mbQtU!6Ws$gmU~qKG
zVa?HC#x&+U&?7+`JnTc7hFaKmn{x_MIebS0N!ORRI!7CZ1_l-}%t+k7vSKRPDY$xb
zG~ei9H}Q{do!UXlo%7BvyR8E)_0Hdaz~}(0S9&Irl}RqHUtcUow-^`@@CjG~RmzFg
z{r8W?W=_lP|7HI_pRoCV*#EIz>~H1vI+f+dtbhUHk>Fq~O6PfeydlEZurPRPl07<y
ztU0Fhc#-}QqZnOHO*<kCCXVUZsY9LrX!ddL&ephz>Rf&lK3Eie8odWw__y4W4B#&v
zIn~l7PT={B?$?cX#W|AQYe}s2%z5hqPs(YZD_U80;OHPV#Z=7x5NS9vDio7ck<XgO
zqA`$EXYSHRN_q6$xlA>%?r;3+0JD*?aw}<9jtZ;fB&{;R^8erzlmvUda>WB~pMR^_
zym8~I;pH%O$X)*awJC`N>fi#DpOH~f_wL-GoAmbnfq{<gAJ^a(1<ua1yG^+eewKZg
zm>Z2Bu9nt_uv(e8G~h{`-2fR6T?X{ve(ct(7w%o`JP?1ruo*pefe|Uy_4Tt6{D_$Y
zy3}B2+Qt!K00o{Ita8W(zVq2>(M&9@Ml81gM;ZH;IK5Ho6!@4ci9tX4)o>4~B3Gw5
z-*r)>))8Mtj?EiK>_ET(=xDiI*TLg__3H4ULzlMy+7?ygI`bKv8IptM%$~hyq&^PM
z+!Dt|ga+%$c>CAu?HD&>;BM&JjxuH@4mUM6440l9w65VhAA&TLmB`m(h(`&_*+_Od
z?QBue7Nqgix%FxnSM_Q-aeG{v?BC!Hy`)uj<b%q}%f;tTpTloHs;hW4m^s+pY0j-5
zAFfjO{A8CDMK#gX<l;pD$&Z=dSD4Ys2hE%@1G1+1=>D6hAE(yEhMySSA{XwA4W2H|
z{8BVjcPESHh}-QRTOHCXA)eH2q}01($B(aS$a?+iRVDTgjiJ2;w=tBMxE4wgoXq+t
zUL8d+jGvXI#wI4mOcX>9G)M-VKbQ<Nns4!G!)PO9Hg*bpLjBS``}XD9D7zi7mt8_&
z)AXSaVJ_s9!y9DeP3;d;o%jqa9K}vY5Y?ssD_;H!4r~caHp`oST&F~U@~a%{1qYSV
zjtj!t_%-{kGG+arp5bJV*45R0_&}WKDcEqpZ1{kKOfqpA@_r0-C^}@IM2rzZeYr5G
z&mk|M^8~inj&z1eA&3T5jpLPzpK#rgJSKV#dNn!p**68+zL}m(sWrBGKNih-DN<aE
zo~$|O>zfR*Q}=S^Uw(!2H&B?+2SwG`PFU(T$LE_k!$T%5dM4iBga_gB!eN+iM)}n7
z2CByp|Hs~wP3G-e>M;k&ObJu&Q_IAh!}<)gt7xW&_j_uwFlocJyc305XC`jnb@6d&
zb7si-x5s9CI@1VczrOfp#7`b2eu%-XtDV^gL;FAvMj^*Pd}>h7hw|IC(%F&r{VTc{
z6@KUdUvslywD1y)5dLN2JAQ7s1T2Kx)A?eD#%3+65>)<N&UKk~uu=pu-Qxd_WdHn5
z{V=(+N&mF0^r1W#EH`$2q_UMbJg5Np2UH#o87FpUN>U8cI(Jy$;W0f>t=ak8$2Dhe
zfBO0rBe!w0A|bfen?y3lsE>tbO~4L?tX9J0^L9s;ugOSF)~dVI^8Gu_-V>E)UOmeU
zV!WjPo;Y%(ntTvkF;ip`*aS=-kA6Ye0a0V}c%&f=1@p?i6uZ<_f9xK=k30n7227KX
zUd-{huIir_2j><WF0?MWH^)Bt?WRKmxe1no&NekQapOw2#BjPMf+SIIF^*O8B#EA!
zuX&J$m|&Eeh=B#%6W?4ekS6<}zgSCycH>J?<Ld6>lKj^FDXkIBc6$D2Eh}TQL)(nc
z+(GFhF`o{^v;0cJdbk+r`F;w~#`^keRFg_$Z9crEaSgaOCUbwtH@~PFTIY^8L~7{~
zD)RF3axkSS!%)4C@m9o5N@i)HimuV0KFr^}6?MA%;;Z$in1kZ<p#oPH<A#@n-3%3;
zPLtfwOMb{(!^dVKVVgk{Xk8Zp=0a@E;)|D0PE0vnw|;mk<K$(MQ(=Y{O`28ozogKc
zWDdR<aeLe~*=*|$oM{@~>$2jWtoLaB?%M1T!PyYltGA!I^w+Zm!I=w;EbGe-ueG)P
zXYl0HjF{y_5*aL4TtGl%M01CpJ;P}CD3yU;UB~9b3W9RS)cQfN52qpj#*i@|@RoS^
z@Sj$7)Fp%ZM7TR{CMYVVs7B0$(L1iW?PAHnUR~c8o$LGAV{mspFx91%Naf=T>g=z+
z=^m1r0P&~bYh-~P^{>XZyB+5L4{bi8{$JYs5$!Rv0v0XnB&Bz6n=kj@JRJN)7bJn$
z!{c+ehI+ajs=sTgghOp}(ossZ4m$w162FcdbkI*ejitfHhf6Sz27np*jU5s|6w*m6
zA`K>*TpG@dg|0wS6oUqQwk&FKs2A6<M(jdTrwI!ZEvI2Spd(W?%6n`*?NGpE>w7+=
zs1cjM0D|N1l7*)@eDQqn(g_6LJGvMB%i}x22XB6#;d8j|6v9g!DCH!F%-KMpns+Vk
z@?MRtV#McE?;&-?SH}6R`QBSCTLE>|^IvU8SE+Bfe*OB)@JVuV*_KL7<+GtipFC-a
zeLhQmZ6me;g({9Ur&?L+hr%{*0I8T6{(-*8&s!4g!)Hx>nObit<u~|fd}FTYn3Lyn
zSjqRhIi1<FcT*LJQMV5bS37Ogp8yO*PB9r%05AM{oRYgAycOR`itQ;9d*=^7q#Y@?
zMxU>nJU3moOb{6KrPc=wZfDPb<?iASbNM<{WJ(EWe8r&)RG3-42%swS%6Zdv3#AD^
zIOkh3x2~9Px`FEH8y6V{zlQ<>)+i0O3vK&9WzV+&X*@g|7VERH)Vcl8cAnF%Q-}SF
z43;ma?=DTTdamwOpIdxy(>rUATbuf+*`j;)_VS8~jFgJ}@r_Y|)KC{XBhi%#p$d)>
zqr-=b^d}WFXBraSlE3@(=z%Ip#MJYwS<_X$tc|}MzwrM<kY5Xar9XlLOUFlAQZgCD
zFzE;TxJS2cQ2j;);?EOLI>qgMrKQl-b-XU*JP}XAFxb*K6;A5Ee@Jql19T|RLtsyf
z4;KxAbki`52v?zKOqwu2Jn}w$N=O{q^Cd3E5IsaiJ^C3N?G*-VGAtqvAAa@n<z(a?
zX{+@9>T26&v)AujoW9<kpt8Txo{WHCEgD`!x}rHSy>KjYP;x+17c0?b1xzmIh-SUZ
zlAulJ|K}KH*wjIoHP%>OWQO;?aB8Khg{^<J*7XJ5R`!Q)Q`S(6EV5rWU|ce$5OVfP
z{3qrQ<=Qs7Fh*EW9sdS-2oDNc`(?Fn?psI!?NI5jtot5TkNeNAOft*2Jh3L)5chrS
zwI^PJwG0z*FIc{Er6;cd@(j4lnQHT{y#`~%3@?QOXZ^Z$?qUPJwWi4{ZPi?Yf!s!h
zL_R4h`b=R)JxQzMMbpe!0{)@quPx5c@Zhs`e#U*OH0IdcOVhlYH+-w^WT>JG+<$1Y
zA1h$W1rzQbyxK`T<;~FILd$;=zZ#-W{)z3`E{f>F{D_~S@Svq#ut1{55{2L7Qn8s5
zOj0+j1d=9W476CQTKJ)S$))yU-jttD&)w2?e1KL^N5{8x!UORVoNx<D`*_J7&5Nvd
zN8S(nFca6wcXBW)pZfchP<U+m#Ayu>SpDkNEo{*_SW)A^Oihe%PkHM+b?xi5%}4Y?
zORehm<fo@Pfje#}it@7;Jsp3vc;4eLGOV6Q5GEz0a7c4B$QM<#%6*J!I(4|ovFcmM
zP4XU6#k~u&fll0M8eDp}%Gl1FI|bjdQtd(IO1CT~?fE~UuiN-j)Q$BNjf<qD#t%A}
zk&#gnYqrj9H3N^G+vBp;2ufNSruyLd^N6h1o?c!=(A2S_Y%gm^7J{Ww`336I`&bWa
zqd3y}wdLa$AD`LYi{F&0HA^n&m8fPvf4<<K1>uS*&N|ck(AU47f)Yp+{aH@Ez^2)v
z|2zqL%0rJt)$l}#%klK~ZifTE;=ao9eMs%tcoW^FGC#U&34_r{ScmtRkdpFvrZ287
zE3YoG`rjk48%?4<xl|dOx~eZt3Yh?qrl>fniK>}!kr{5CJTstaNa)(!_IK6PUZ<qu
zVW%aj4w0n%a0|a*CjmC|w-+6i{}9ym5dl&jM}?5<GL`x4nLFY;0)uhf?KNumqn<lY
z|7tnYJ4J;llyZo|j2UTEqPpfse--g@R6LM()?JE6E{MHS+R2kQkm^g-_nE4h5i0@*
zlr%}>OdQy$vJ_YvFCQJ;Y7eRuclD~+2I-mytb5<`Gi?8f5D3<Q8Bmyr?p>K5Z4|@)
z8GnFXUCSv?E*MX}cbAU-S#|hGdH0+92^VS6B7vM_xvh{fK%@D)8}n|9$7J^iclC+p
z1_p(&R4uaKz3RMdQypZ=0u^1`eGc+a_mh(!v&ZCG_oO9*-5@qJidky_9}Ag&j-~Z(
zQ^`GQ2qM<ZG!Kl15k~q4sC&ox>`$BkIRwJP!!6?DV`Ha27$zkZLi-Q<;mC>5P>1CE
zcs8Y&z#9mj1aWNk^@ArCHl_AidB_&Fqs{2*B-rP;%tKo(UGlo0Vqqj45LFfsCAqyy
zXeP$u^sA6hPzrCV^}-}Z^u|I*TjvP@Z40z27AmzQ7XLI%P>n#E12i!wLBpmquMh;3
zSHf)gj7x?^{>A&~*d`8zY|@h0Zgl|=6dD$`ME~))2%o~oQ`PbrCheWbObr|qzLd?(
zign|G`6eCR1lI9CJobFwefzquTz!tl6EZGn5p>uG;?TS5#DepYH4qyh`vmop52}UF
z-v8iT5MxYKd+hluuPbJL*+XW~UPVRF?6#MX-TH*<eeKZeId4g0=l0$OpVx{x8tWcz
zs5L!VWy8UXi><?9a|}hP?j3a#>((iZ75_v<uiv@svy$DTlc3a~Tg+J+{H9gnw=nkR
z1tyU5hYLbdYg{mNnEiKOom;^y$HC~*^LC!~`OUqkLqLttkTZ~C+(w2c=mC8<F7+2*
zb`qk(V~qHlrRC-GQoiHZzvW*F<fFhL@S_pmz&Z!o1Xh$g0DsFEunfB6-aay>%a<2%
zi&3RN2$@n1s+sy{Oo3hd=XzY({Nz6_KsO{6;LanyoW&dtYFiaI7S1luGm-XVRET~G
z-g_T`igyWFICbjNG~qb#DzEa;d8y}?t>@R#`}fy*rv;y%R`O9%(Q<5ag0w}m`n(<%
zfS@21{`&Q_EDT|`!7aXb5nyKO(*Ia>zBet;$HZ8l<2;A$<>}$UuzD_u0I)R@=-OSK
zoxOZz?%uhB@c?v*>YO^UPm%c-5A6+{2DVFQQMzBJ-qgh8DV%)7im^s!wEHj|i;^wk
z5#2Wh;}X8w^KB5@F>ye7%KCPSpu~Sa<<?6lR@WBBOd_|CY*axY$bkzIPKBX7qz$YW
z{r&S1xbn2yN3$4qHwEXt{zUa01g%N0S39u&sIF;gjT1w?H1I(YuRXs8HuYwHF1Fy(
z(&aoo06|#g!b!Oc>>AocYVV~wIz+l-B+oT1yr`<W=i|feD+XDbIU5>M@tk`)9u-4O
zbaW1IWGIGKY7d0}zWQg#qtAdq$z+<1RgaUC6XPoXtTS@=pFL~k?;@mP@!QHejahS!
z8dNx6TniWTC&e#Id5W1cEdrUO=(Y^Fw)+axH^BP*mwxSV3~-^;Qi-VK<)@axd8;E&
z3{5}0+ItX22T4iUulwphwHq^CW8oN~0^IlK&aHz>MT5WIKBxpVp3%Me6{nqA;EJ3J
zS>jXqpPx>5)Pd$+as2oY9IIAdnL2&C$>{zew%1*1`U`d{p|rYoDnod3GBQ9WN2!ZL
z*$n0R`3*o4^><kES@-VE4H|_kxe6y69!s}VUBoX(#WP+^zXiR5)ShqxOree8yvTah
zG$45xtem29qw02wDXn@`(znQm>@R5iGqjY#{NC&?EbP7ianOS-;)yB4ajD&R>I0Ii
z+_$E`{yuutc=P7T!rynT#wM^Kf~`tuuwm+DScqv_=$$n#inYXgx2AOqCf?v1%@}$u
zKs0_T=I@i1ThFsx|68pLl#nq@pR;a{G#HqH%S?0hQZUh?O6qhMK1ZLl6*!lXBs$zl
zli~{cLirBG_{D5y*RK1}eW<!l6nW=0;7`!Or$%lk`jX=q=ZDL(S409OeFe~T3rYzI
ze2<j2Ovl~p_e}d-WTb0D<+FFY`tR=~*oBIg5si&rGrRIVAM^zZkcr4=adHfblgJ1A
zGc&hmc#=<U!Q3|}2$Mp&1HjxT<?dT52|M)8)jc|O8%$ILBx_!C9MB@!l$!82cjW(8
zTueR9$mC8IgOB+51~wBH1neR%I{sv2%n_DJsu!sUqE~%LMvkGE*G!>P=gxCt4shRp
z?(?tMV8~+1Ap~NOwIl@YS2_w<Nz~Mc$-E#=ATZ!NfXPodnp-zfe$E_otVKLLX1AJ-
zVzTt#a7LXu;^2APuK7(F0*#l`n?G!KD%-+L@qD99LO&xhpQgp{2T7Th?pLWFKXHiB
zW;lNP1LJ|7=nK#vp>17I<f5i_i+Dw^=6d_ri?MxW<|)iay9N`|$f&~&=7Xu5o>xA~
zz<+l=+b*x1@`UzgYH~m3F#+vtU}jRjQ8m04o{RJJ<4E-K4N|#*w^Fp{nXO*^9M*(@
z%iY&cp9<=l&fadGTouJ3bhbR0tHTovYGF@Np5Oi7bKw^}TNw0SKfi4zO!WBi+1%Gl
zW=#2i2z%4G8u$0@f0>s#Q;4W!j-t#(mN8SIZD=w?X_AymX;2xGifkomLK4c*q)Db~
z6AC3Nh0vr(MIznr%ih2Hb^jjxUw;qw_raH1>$*Olb2!f9I8Ien20M=yo}`IJG62IZ
zM%T$1)sirbLJD*6g*;yyW8)azfaJMz=OQU*d}!mx_5maDe*wE~WauiG&S^Y|Su<y%
z;*Mg%yl(3Es;3La4HUKmr?bU{O?Y-N8Yi3#3kyTRPS6mEOt!CI%L*KrQWpf{WmXAm
zI0vSW_W7{6XrkoeXoPk`#H?z+92d8<@KPZej3-Io?CIG)(%C_#=zijK(XSN}ad)rI
z$7DBl(OoFDYrf{XF1iL6EnZ*M)7KA5dQrSizr@Kx-?_SGO^~@hD&Uig?sS>o^N7OX
zVK>s`LX`Rk9y_+ZtZ$`DWoU?&ih{VRu|0p&?vKI2V^uvLp8(2u<5vN9o!Mo>{kvj$
zbXQ)-Vq#dhH!b8b689t5uTMF2Z;F~)LDB)<6mCK%UhTBB{8U}d$jZAMAbddQ4$On!
zZ12i{`E$FS5(C#1vLHhODu&c6{n-uyw)IP<C=OqPdiJt=>eJ-nB^Q*-^FnQFxpOCL
zj@M2&Sx`fpqVD`nsqMwOWvFP86L@YKHe?8F(5ksBr-(%9juFfO`O~rqH5GP`LZ=Y_
zYIa<IX=&8?Mr+o1NKKtSeW$rOgT5)vor?}0?5bY-jA<F1h<RiSpmN%iHJ4HIC$YSP
z66Vn)=;_$q#70GR$xKX6K2(ew!&FcH%bz#x{W>@3Ht?yKbm$hLBZ*L+Hg)RPFJI)u
z3ggFjmlxV@uY4-$iy~}VX&?j}H1pMhDP9kGJa5kHj6>yoRM_Ki!NyMb28#cFgWJpB
zQ+Q(=8a&JPLTIS$G==XQtE#Kf;^`!(UmCBhjB${P<ewKW0<*ThUGgy@DQQgy$_zEN
zzm3x1te-x88m1$grqS%6{w=MqtUQ#X*hzFdSF84lgUG!e$B=b~hQ6O|m^`%Dd=ty_
zcVRe~>|3?!3B3CT{{}m*1iiqc78101fd9vjCQ)l%m6iEP$xseVyqbRZXggSdcIfOy
z8N8;>^Vw$tyhE9IXs8hIsg0lO&m8U-7G^{W-mznx>RdR+HRf_+iDLh^MS_8#+72nz
z-#lW-ImpP&UF4|zm;ya&fmpLv+h1ks)Vq06n&JjW^-i5SnW&52e7H_^LD>Tk9~daz
znsEWmF3UKazSU8a|CF)b5EY-4G<m{=yH~3dCrWlOw4p4+(9&S?VEHEI6`T|3r(XFC
ziEy0`(^w!9Id+iJ{uM3l9u$bz1b?nv0sY_N;^IOBZ)Ih*eED*EeVnaMHE<cUDEqY5
zMCu$<jA2F0gh5&XJfMQBAMG$nh6}Pei9!qCxv3@O(`ipss;jCTp;MToF{(v`7ViR*
z2rc@NJ*e5f%s?5)CCsZ|3j*Jm&!%=H<l^FKBf8NuFl{kO`$KV>9<PB5n$xMyugT+8
z(`Id_EJL|^c>3J@+qd224hs$@)EAFh*qK=c*-Cvx-^{|IBE}?LyLP2wH^8}2b?%fY
z4Qvl>37oZGQ&U6U7_(g&Hw)|+*MU*|^{m2hh>T3}%a<GU^;IiMii^*$8SlEXe6C2j
zQ`DM`-`%*3j2oKB*p$UAe`6(0@KDx};*vODiW$?xhZ9gmv1G{`|C+FQmXnOq1*!z7
z@V`l@l`+r7MKCXb&($63hyQ-742GJOwH=TqZ_*5rsA|BQv_6jBrEDUBGz2<9*+&Wk
zujeIji3t{h%}zF2F0(6-Y39#fw@2J4A2%Ay#IUdt^QCa?vz)GPJXT(^17HCfVs>Kh
z`BHe@w&)Aq9MiI~XH*?E%JWCW0ilLE%2-{KpptQbMVToEef#$HZ4h{P_;Uu=aWbC{
z$z-o*&19u3{OXJhL*r;p6D>Rnn<i;wswbCGi(Z`Kinf>!26d<f-xgR>Tx%v5#_1s;
z`mU~X>w~g29*N}x6o2fymEFQpi3z=+@rdPp4@{BZG^=G?XZY7&QP=Ga(LCwZ`TD%4
zSHZ7Lr2@L;#p@ah3LbM$9h-`%ixS<u^ocOysG}tpR^Eo^K{?Nvq$IsuvHv84n>xmV
zb+h)WRTmU&21`ls5162+=rz=hK|gDwy`)^s*WvYDR~KvZw=vT*ef?o0=6Or8{);Ch
zZhf$69pr8(BS>x)j;nDhnLSRQK7Gave+F@!l}9b$M2T*0*C+_sqQvrddTILWdR3J@
z-2)VPjdR!=jzr~Naj{JM1#hXdUA;FWv^z0oC1+=Wn5fB2N_oSzH+w&J7l~XtHl=wC
z?w}RGM*-O(bs~MiGvXzK@Zc?vTvw@&v8TS1`C0pAh#m==I~b|6gGvPX^R{hjtj@Ih
zAXO!>6)t`qBHz@~V2qN}w{P}1C8hf(uE=>Ihh-uliPRKRa{0<kJ2KP_+ysPU?K#}p
zhBY|6SZ}m<JGA0QEd*xZrK`H?lMDJufJO-;b5tR8s(}i;TIF`JD`j>OegUWI$o(=F
zs6;-a`a0JhmV8j|FdA8qHI)kdHf$T-EmD8yUN&OD0O)YHkA_d(z6@9@zK!AaPs+^T
zIwt;i+jLu7TXjFrkn9k4p{&1Zl1-t|#`$b=wIsrg@E^>_8#?sCQTC!n`i*s2;f%p+
zcBAu;uiN+Slae$YucLTiKDaF#Q=3wjF1LMmw?E%DVn1$th(Ar7*JqIxt`YuIQig8I
z9!Qw!)~%b#KCF9hxen~H$ktYs<ZOw})Qb(mZd+SKYpgwq(Ir(JkUT9YIIlYabIP*~
z<&_|+Mk%`wIQjUG)e2w=o=OLzI+trsUyV7QV*ibFmM>qv(O<w~v4l4DqP4L2B#~^T
z`U$y<^G91ql!mwn$UZIGblWxx*OPz$O^c^qsoOym5kv-U+Cq{LR(hOV7FE36(#i^{
z?t`Q4u%#(2-@@JFOIcVfZ*LWAhA+rma{9NPex1<w1O<)7&Xt8vkzkhu;uu{7OXi;*
z{swGf<2&M$U+u>f#|Pz-9@_478>v#!-h9<fR>NsvQJmvTbqQmim7%i-Y3rU7R#w!x
znkms|8LwPb_{^M+C-~&aEK7>YNbL_tq!h#+a)+@T^!?fV{d;t3Y4>;S?Uh5MrR|Yt
zn(W)WS+4A=UdmjXcMH{}4Oij|maVrP2uLs{OQN9)tNC8<*MdujZ}@V3QpInk{_<M=
zM=q{u*)b=qIQthE^y$>T;X4WHkaUUIgwuci{2>}E_9q@`SG4`eIAbt5$06uZ$PD<B
z=Pq0@;p{TBTDEG{w=Z7+nv#;7M@mUJm;zfUd(K?ylF{9a56-uC;M}9|Lwp~Y@(;+J
zoYbk)r@1#60`!tm8z(1syQnB=)+K33a5Vw5W{IkL<KmpL7)AA_oCaD6{-j#FLFkvs
z$+l?3@Gk#zx%1ig@81gvI{A}=*RISnNoHnzW6zv~<%$8>*^5grLKm|?qTmHf@c6M~
zni@j}$QM9s!|>7UnWAq4Q+D_-jv?e$T`TUqif;p17h`?iT9d2u`L=~SeqKKsCLdbt
z{%x{<bRJFY-Ny1~bIuexIy;kFS%$PPcib&`$)-(==dgPQB?~xyoXG;4z@TbOomzt)
zTvIOJzVBTQv0Bpi)f^<UV&1~d*4F-}D^B6>4>K2vFUF$GRU@ok^M!!AD^DqjL`_5U
zKlgAthfak_f5lt{FSZnf6(>_DRQVuMDg2#$x$d`7tAWAmetlC<LcUq3;C=Y;wd7<B
zkkqLVpbmmEo0^y;VPEH~nrsXdi(@jmqxeV(J=99%d=T7T2hQPl8416uA3Mc~@r2w`
z`P(0Mvl9xzPBWgI-|WmqqWmri&E`|7fLg6G3`g`$#bIY#{3~KBvu-3w<b>})8r!FC
z#4a~7@-4#@3bMlabx=R2`R$J;NN86qY!FegZf>^gDEgI2-A92-iwA@UstKr0Pl3Q%
zU%w=5Rc}gKM-PG;LMzChbTbUbf9a~axwZ4}kb8LPfQ~SuYMk;~JHh3ry?SLZ#Ypk+
zEPlgRch~j#69uOTe0-%PhuQ9<2v6XuO~*B&+sk+UD`GU(HtpbU0?G_m5w-W7JCTWr
ze<>W7>io8%;+)Pnu6sWT!XzphfZs;?xJ#2NyswN|d0G)rYpc!o^L<644B3LXi1iqj
zbe?aCMlpIo2OcF7+&g)1x<ojD4fF42xwP6Lx!It!Zo)~r3`#2|)ORvdXr<MrP7QGS
zM+&2;XF|STyBCVwZu$hV{PCp=AOF==BvKxB(Qv+X<khR003l&dI*Rh0>&i1Tqt}Yw
zbXOQP3hliL{(R~-3y7ac7MYhE4C>$cctF6jJ2jy148EIb`Pn9tAuLGbUP3v=I>K?>
zRO)-LH)zrM;~v*<=+M2ChaPfYMqL3zh?CxhRGV9B^{4x|e!YQMYhH(KEW6GL9Q*lq
zw{v@$ug^b`pm9u!A5rB)Uj_tD7Q@QZS18PfyO^1nTtFiSo^bi<ts|e^{{r6Mj39_w
z@M0qQg-<UmEZvp)UsqN&1#S?!I7$GGP?}Ov{xlpS*v<kJ$AtP!Xeb<^>gCXL2KDG7
zsiKO$5*K$t*$GxZHgWv~0G=?redk^varjX^rIj!mtbd}-Ps$j~i!$YC51+Y9Fm(b+
zjkfK;|B?C#iamuUGCbJlj~_p-_PG)p8&lL&{~RolE^w8?aXBv_3uh`UD*eRAILUwI
zagf?5wQHW>)EDvHgA8(%dwfDM1r$1LRcGOmETaq8fHRoAh~4!C7EYP9G}Z7l{~o_q
zN&@t^JLMOZuz4+LNdrZyqL%%FhkWN5nsq&#+}FfBf(tx-`a$mle9Ux3dg$szi<K*T
zyUq`I4~PO4A@9TPeiD8(RpOSiuja<a17u}mqq}Jz=I^J|x@l|%l2_E)$&f`jn0(jJ
z4N84__x3${6rF3qJ!?#My*3G2;J`qPO->yV@*fQqv+m9!ccVVM-cB5-3(?W+mHGPL
zm$HYLNM%ezD3-re(S%Z><-!ZZb*(>tIy*Y*G;p6Jk=K^2=^}D3<A8igA2fJya$+L2
z&!zu9L{F^%=xH26MJ>IJ8yQGZ?#X+7xxLxz*qWFX+S-{wJRp4_<b~%RbQEcpiyT(E
zSH@zKcmMwT5bImj)eHG9?)7JN#+5l%up0{BT~q2Y6O(Vm93Urz<$VstZ@$y<fW(IG
z@7p(f2Z!&}Sy9oAe5$#kR>M1u($dl|^7B<tll=F+oWKBxuaFJ-zr--VmU$iX_3f<{
zK=qGn0HiGb0yTp6vSmkneKXKnP;&C!XauN&Gl$LNGc~Q#N$be}itK^`irA%bIWh6%
zy|;2+oFpj;k@E2LWEIH{)&g+C37IC>!`|hdTBtz2J-#f;FmxI}qQn3F5ds?i>Jww6
zq8Bf2Y)~rwEWlvD)9hs-zaBV{1sNvXyh0F47Mb*<k`;5nmF2aBm;>BwXKTySQoafl
z0n+Yz=XGgoVtx_I(=#&Y0d&Uo>e+J+Q)TTBrQIofJI_BK9sS)-L9>&uDQ;(iCjhCC
zA^<sY-mECL=COy0{vCJ3J*C4s1xbtY?vRz3aYt~w-@WtreYLzWE9-!qSpB*Ry9got
zI#8Bal>jdghRl7bHea9k@B4Y&I*%nUdpq$4piLzFPMnxqR_01F;wFz6gfc98Meq$Q
zCXkomYf|~)!>rk}{f5n`r|;7^^<%Bp(xn)Fg9Ux6Ug#9VrCh(hh?U6S{wbRl77B_f
zEYsjsU5$&Qg?D{2zK)e#;8tK=^L~9<fGD!t@m*#e@)@!pQS7g^ZJVNG2VElbC?<E}
zNV+nZ$+PkC8}SSE5#DSTB?SzZ79SnL;?yc%s@{cSMn*dyj1Y;OW)Po8o{Nrl;3pu@
zkr^^%=A1eBMCUzv^a<Sqo!HFH#Aarx=p|b9tur7j!7EN6Cvz$VTY>4*zb$>Tc=2NG
zza{~{B50idJ!X#4W|_XSS^<>Abw5jO&oz8{6ZQy99nYK*50=SEDd{I2&8rMY=jy3)
zGeK0f6HtGFnD$FbUJWqOE1yO|N<yj!yajY>+Dx>a8-CSlEj16WC7kl6#Y_Udbl~6w
znf4(*juej1(3!g;z_O=IiPURqZsyz|7q}Q105N=lm?@9Wl+N?%xPK7nK!f%^>Fywb
zgMbYbq%`N*$IF&un-dr~w{GQDLrKXiHr%nRujBqVKcW}1S*@nFHgVE{<vrai<;IWq
z&iw$iIm(NK&;Eh>@ljX<%dyf1ey4Wn-z*1@irS7mEaPcu>G1h=Jw%Qh`EQuuW`)nU
zUEvGrAHLb4-ow~eVAC_Kd#8E9?#QTpr4Ue5U23xrCkC*MIVWU)+2WE{972r%e;E(#
zKn^5D{dx5mH#3ssJazZb6bm*ns29!8$uppn89rPc+{K}6Z*)a$zs~*o_uma9=wwW%
zD&hBEyo_jpAR>e|Fm!f{{)7;kcPsSKqem1~q#a?isjhRTYg@is-iO0dmttcViQ&U&
z=lHsDGds_h>b%9&Gzc7R#E8j%JoxYyVWXzss|2$Fevw@hSqSq+`b?+9Q0g26Kj~H8
z_omTG(7)iB`K5%L#AnOlvgLj#e)Ve6!iB84=<DVXsSMV_s{{F1wS4(KAJ!|a`W22o
z`SF=qYnj|2Cpt5;pZ4#kFJCUrw=7QRE)U>$F_78p>Lu26=gg4#(G;lko&`guw;CbL
zF@1Du3p>2a(Tn4@&(PNq=`-^Af&w)v860{iG*Sz3>;;<r_U&1JT>dhdNt-KPOIom`
ze3XmPS<_hqH{`rBSD%xbZ{IcTOXupt%Zze5J!|NG*82VLwx84j;FTbx6dcY(Myg0s
zap#Wv0bQW#p|Y<Iw%fI+Lw+>=4Y*sup9(V%MikB?MR67*P0QHs$FlMt_j|L#MVM!$
zj_)e3hC>?KoB2X%F?vzQFZ-A&_v_4Fd(f8!(-;&jQ0!lQ>$pH1-gKMzPTGr5Zl!7K
zCxHMTF@r~;Ae_#NfhfHh*^<ilTpNtJC>01LD4bjv0Z6-r)f<%m^yo)`o_mSKIwe8D
z!9z0+3_S;6)Y~VE{kh#-_1VsWMs54{lc!F-WDW(|Ij<$T+;#b+#Ds(uD^?8j$)bqn
z!FQg|vMZlrxe;=B?``|l51Il#&{Slry1+u_2?PZ6caoudqpiDr6_8YR_;8%RS(eOA
zLE{t4>Y`4aJO#>d-DvzlaFR<*oW@eB$0lSE^k)kh1I%^NV~N}P^)N8H%5z~47A;$`
zVxiatVj!`Bd`FaIv5sE6iSOh?eLi20jrDbn2y4)>J2R>AQ$9di!;gI?&N-&nmamcu
zjgJ>NOu=<BC*0n}?U^;-aTH%epr4tU-N{s7m%BCrgA$a=3MQ+jID_j^Fd@}obuoT&
z$S<3`w}_fX^f>U2u_20I^E;U>z+gyJ?-xR7l9B*GMa&SE@bMld2RXRloS&aYFmSrf
zrW<#f;=7C-$@{*(zS{a}0gB^KJOEB;1W93oQQq92N6oD*Ebz_7Z%N3NhK8@9g|KO0
zB@fRF5vtT6X_m2U-TJJdXgja>Uw~X%{lmeapuvUD5)*5|0K0o|?{8Z-SdIi@JDbCs
zc>A!MavRlB%p$hCWoIAEsh|j{kT%eRc)4cE&G@*aB<aj7?Y?@q_RSh3kOr--wOuCa
zUEAD2QpGij=txDt*!t>K<wB3|yV;?Y=wI>vy&5_;C!dgzVHx)3esR<PhYQfVd-q6X
zO03C;?m<J)_3=xz2pWFGFMjk;(?d@P=#L-!zA9@NS}^+Z*f6<N5Q0dZi#GjKe~hiy
z3mV`xV>fK{OIfHJ<?WbtU&^A|c>Oxm>2mI%sNMwqtE{k8kSyJ_Dg54Bwjmj=v$3-)
z#mhb;DmIq&8+)`pc;c6ZC%%}WpUc*eRRwW>Gxk>S;&3iVRKo~;V?5l{<M-Zf*tn71
z<G;e)e$N-vUADy}9sOxoC}U-5DJ6l-+hSGpA`W49lb`aw0oH5Rp2*(pyPU<zhoo9T
z?;G?D^mLksX$1(5agr)Bfo?982|P*>A15wjmzj$)tH+Jvjwx1GRCr2FP*#rqe4x1F
z2S^>7Vu6%GxZoUlk930>DVA^T+haCd-reKEPQ@0#x<mRQ|5|wELt@S`h^kP%xP0CF
z6RV_N6Hr!3-51och2gS_S99YERkWqbmU4Lur=sig(y_3ZScu?loRs)tvT$xG&s)`C
z@!{O>b<Eqld&uK4;*QA^2OgnWRd@Zhp+XNiRx3zbxbbNoo%5YGIuER=1PNncU>waZ
zjH|pG<JF^fty$B*5C<}B(00S*pmgO}Ff@jCtKjwJdqwo!eeb)6b*Z5S%nOKL%&L0$
z;00>erUtK2l4jPl<4nf7k~LtGUOG&{GLE1Ar$<}4ZC!QWQ+oyXll~8=TBIaEn_Qv|
zfbTBK)Dz<dKKq=3&DA0?)$8-`TiFE^_@2p!8)gRZnb3zD8&^QxSMRAdM%o7?)tF^A
zpql9$f1NR6@y7FpnwkYqZIaAQyXoKD6&W1-N^o0b=7`I*>;U7MrtWK0nW6}TZW>`^
zv<&ELW(tS#`+#khmMb#Y;mPu&-!J=44_Rr|7!x;6WTZmmy65SDq0X`>1+6ucgGPB#
zn1Nv>naMFrIL9Wwx|A_JC{qS;V#neTV~tpeo+<A}KhnIE`Hme`a$WOOu6)yRG%P48
zI-#g#edn)<)BLCSWSLuAM|V>RS6D9PHTmakL4lz^?61wlm`I&*Czlm|OsRGpA9lWn
z|M3@385mLX_=g|=8Q%WOlzvY)HtWM~HeS*gWN*0$055ADEO(f^LY0|BS4``us0DDH
zot5=Aij&RB|G_ErIdbGn(M`^=wEV((Z&HV+#?2lmYkJw<{u-lyDo2_F{smTDD{}6K
zt?M>+>0|bMH6hq!eR2k4Om>l&7oGYwpnA7Q*b7yo)uN`=j$2dM0R9Ul&AZHVRJ>lt
zH02OAu@9>LPA@u8ZFf4*(GV(7=Edoa`rY2f(`hI{sx0k;g_Twp?r9wm4SXqDCG9kd
z{L`VKD>DRZDja_ZcCJ-@B>xl_r=C6Q(c@xVoa>i2`->OjcJo(xYFe5_i2l^MbITx`
z{}#!s57(=ke}Urip7ET9HLcps085<hoC=LXTOAs9I=5ybayttTV6*7f&O7Ssi*rN4
zr-v^Y5pB1&F27T;K?Rd19UXTmRR74=vs9nI^TNahz~JP`LZq*x3me~MkHc3yZOGsA
zAhJqM|9thQ%{*zWS4U2_Je3{Y&0$~HJq45zKXIYKz39vNwN3U`4;(ae1{8G9+fBt#
ziNqVI{+FrGSXGMP0&DYvzWOvY1i*~<X8PPs3&L9KDGK_1-(Hz=1DT2NU+4BV1S932
zYipN}T%;B79w{<pXw1dfQvyqqd<!9cS@|j?Ou@k$u?Nga8_?r`VEc|kD1ADj8fel6
z4DMPR`_c)m-?;Gy+(=SA$(B{7%j%xq5X&=z<%coGqO>45l2)fUoL>_o2oF}CUTDn(
zDjr24){?%a+XVYefD&v#c75;+f|WNLe>FG)G*EOXv6n8jqBw5YwedB6s1|TDA>o2C
zT?fy~y_1#oVN-kSdRXooly>ge(L!LFhe-k}DL#7V{hTk(VCq2i!#-CK;8yacRsg->
z0`c`%pCBF3b8=203Q-o&$i1Cq7XB@N&)dlSz}W2g1*Vpkr9kzQrdXNkILMxnOJy?K
z`o-{*_XCUb72RvROw-SbszSjxj-NPj&oXGKqJZXR`lQ^vDdz=%A-F{_eCs_##l6Qc
zJS!F~xW^+7)4$8B8M`OXDnX<!D_dy}MG)?u-_fJ@wGV=reQj=rQx(5ZA@UFt?5^{^
zbMge)0O@#rPdTlr<Hjuw+ItXCm-2Abs8Lw<_~-QO)91-Q|3u_4OQHz6UtD}Tr=m;O
zt|q3Y6_pKgUS&Aj4_`|$FmT|u9Xn98wiAWTO9ziAToGO<4O>y4U9%@n48YVPDJhIa
zqmZexqa=}xg{MxNHb_|*Nwg`qo%5fo(C&P(5`&7WId_w%nxBd8HZQV(TXXL%FeW1`
zztcmPTPd5jpJ$V*VAY3VSBrNHLk%jV!6RIj1#Ck%D6Fpk{+V@*oHQc0pv_M2XZ~>G
z$H;T#o=2oktD3G_FMFiVjY50-allB$7kU-`sjOEswt&K1C=>jk_GYc0wv_FtrhYxd
zkwA+Tv!0C$-}klqstC`CmyA``52#9H2^l#y+U7X3b$Th?36n5;yS{<@A#)D~3{>*=
z`?BmfsbQ6g^92K9OrF9&rZ;W7yT^UyQD4<huBQ*w2>r*cfvr}TFFSKaZC@7gMIeyC
z@9Si!osmBv?+M)zC7@RL=9nea2QXM-{yGVbbx^;4Z$EvyVpTO$q!EQkgeM_1$RO6i
z%VV!x;kI$@o`h*&$5B&X?>Bbr+D0@N#458-=}`n&3^v<II$t_}G@k)fc-yCUcCSwP
z6X~ECcKq&gak9};ZS^?}eigOey^3@?Vldfy$Bt|9@oOy((Sz0}LA&<K$1PB8GFyBJ
ziI}Y+#=Q_3xdr}I_BB9w=9^E)TI3V<@7%xNSze9R4nlkn{@PXKeygkbdXdusda`o2
z_KfIw(P<4@^lr}t<bhdn-o%)81Uv{K-|wE)_H^bD13i)5!~n$;0Rd<k8lGncqtRto
zJ*==U9rxe5HP>}=pS4V}cp<F0&yE5DcCL+0mXh$ZZraPLY}UlYYOo96vuYT?o~9?a
zm#H6cE_wi|&cY7QuqWasb1uE$>VPnByM@ItS=qKT-*2&I#MZWvZpj+U8~n`k_I?(n
zzwd)-E5RO?Z=(IlWz9TVEHTj0DtK|@QM`kJW<r4REx~mbzr*09>JRWZAW9iQkX*fb
z|5(dmd@4|lAlHF>s=7a)3dhg<&polOU8`-{*(nVy7<*mT7FD(%%O>+NdqrR7MyM^G
zZ6y-Deh<qIkcx5S8jEsRlDtj`VssPzgzwF&7J(H&cQp3fRFg+TymSa*E5_VQ?n(hB
za_mm%7NEBLp@eFte5cj--YCvn3^@G*`eY`i+>Bg+YN6P?C@Gl(A2=hUjaqN9n2A1J
zyZ(3C;M1r3$f#A3^?@>lDgKrq^*uxJB<XR{P=HHCvk@-7!@a}T$LHLPxfJKj#z<C%
zELoELbMIaSNlp@(4{u`ArjdO=g~Qipp#uQip7J7wFJDw2#7w!z#z~AYd(H!6Y1;ii
z*j`uv9AW>)t|{I)x<X^P_UaQz{Yg1-BFN=}=KN)f0XQ;N-@3}a3TiU+`m~*1`R*M$
zi9Or}*VLdM>eK#w#0U#k-b_U|4G>GzH=fM$fEMp73dhCrcsuMV-@SC{VM!zi!)<HC
zwS2s7Q#Y>P#&E@@Q$d{Y9Yux_u*eXx2)^0s8XCdNnP%!v;9V^dgBjp5s;|GN{3hYw
z$0rw((|~^c_UnI<+RAihuka%Hlivkoo+>m^qw+#rTpxMnBTP)l;Qb{0=g~D9o)$>J
zj3NfxJ|$+*v!<$T=hQ6!zw?L4*j<an;1{F3z~qplZ!tFZlrlFn+j8*L%a@8{$65?u
zrH<Fbeocx2AmNdn{-tnf&VVxX?;o-J^boB04u{*GyKW!KmJ<t$TD-Qx90K`(wf`NK
zh|7S%a9Zx)U-)`GJ_0uq6WIhs2?Ck{xr5P+Sl)Z#-Cp#Y?RYRC6;4w!=9{km@0&(k
zMt9DphWHKI4ZV-#RgUsn8i3%Nc|LMFjO2*MU<opUWe>a~t;EFvigQAQNsHXSOe#^n
z7M8ZilMq!i@6!x;4{T|-(Sn6a;z;(qc*yZ2$-ljN8Nh0%fV?op6-<N*-aK!oKsMwD
zw|^SRn{S=`-x;-I^06R5AZTd?7~I+?tgzp*<?VnXz7$Lpp!7vz3I%zuf4!X(vtW>6
zDU}#k1RF#B-hkI6I-$D`)&{tCk^1jUXxlR^f+ov}CMLjg*$uIR-uJFU+}wWtIheX?
zihIkbiRItd)SNzcEW&EYHMmt=RV%AWg_3}67!djU_mwP-)IkL(P8Rk_64LToQbeMN
ztL~L)9%W~*U+-7mk1>f1{s5+?m5jF1&%@ChJV}qSUIL$+rUDJR3)m@9?WxTkS`Y&t
z{zm*OOI|IKeMY7D7n>bjKWr85w%_1h5SqO5X^{r?$YOvXC80C}qRVT#!>|1;6v#a&
z;X%aesu{0lg!;J{i0o2?!9Y~h2SP&`?WWuB#&Bc@R@BL<S9fmNVk3~|Sg2db|6gBM
z=fZrM!()|r`81budPrS$wYSvQ@81bus#*b^=Wo!{!w1))o^gw2IES=q5Kr;TBu#FK
zrgBrU#Z|Zp2B~)ACr_^D%CV2`+uGRrPoK^N1s&Q{u?HrPV0p!Yv6>rBJ9i3jcSF^A
zxE=V4ynDA5M<PHAgZ=__PE_ykhg|6B!9qOVp%FIZ0vWmZ?jZT57y8za3Sh#mnZ#@e
zL+yJ5W@@a4WOVD*AORUu0V1O6l=q4#hd{Vy|9=F+2b?=(3&<;;d+!N3eOjQS5X09@
z3U_TCKVOQ$c)|8&Sc?1NCkl9h8~H@HuC?mvD90uNW$R#k@J~pxySsJI*Cp+AQt=y<
zU};|JQgnvNVgB}JcqTCRYhs})1MW)xdHC=WL79laEG=|-FHW^o)xTe>%7_y%TI(6o
zTyuGGM|m)|s}<5!+v77ch0=^vL;{6qOf>s5{m2;b-^qQ=**vVM1%r@Z8^?HG_6qIK
z4|=O-p98X(Q7-Y7`Ac8F_Txu}UM5ynuVrU-5@}lh7f)`xVT3>jql5$KrQZAv1uw`W
zf6_2K{p>o~?`fBGFTqFuN+qz`g1Hv-<6Sm3)t8z$VnPol#KSl3g#`uN8wNnNKFYVM
zE?KS9)!j97I2gQ;#J-X?8agj0qRL*`&T=6nPpHZF{3S!6ivBN9eaU3}OjD!S{{fsF
zH>!%suP!W9FtfB|gvnOM1!8;!c$S9d>%DaFK%hSfI?vO0VID1f1QDybk$jt)g8JcF
zbC#~DwtCOwiXl8XDv-Y>{6%xUP=W4ziMV=08q<d|fNaJeh5@jmn#}%7R1wOzTJDyW
z-O9*tLG)l)SaAe=n>EP}=!!_Y)X8(>4DpNK=i&lpcn@h8ip3oU;O#s+85x<o*S2u*
z|NCLXS*<{Y46}<X*!KQ}cB=8<KN0tm{h&XJRT?Bqs&8CdgkkvQGkDD4bU<;;bX6q!
zpV)+(hhWIN5KY3aEi>vmYWFnI)jfapD$~%B8ctp%f?<x8RVdUagAdf6@J1M<&9(h_
z6h6z%S3tU)Li@E(c-WWi9{Ua#r6=(4(EIk2^!Gkbd`L_jBp~CsBrWzI@%U&vm@vzM
zb1cKv%$`w_o~jdIM9A^Z&S{d!+mrCih}20(Aq#B0Ia?@h3i2A!GU-`>@&IcXX9Lx*
zZXg!7?Dg!pe=}liAn$G2eAXsvWss2E5AUQs<Q&z@I2XuV?;OqC+c>8ASa+n@m5mLx
zs3~X8o;|e!BS9Q;LmpqyqbdJmAIo^|kt1nz!=63O)OR4;CjctYKCt_XDKvhzs-wQw
zl@!GWzlpxaC{V$xbH_X6CYw1vS*K^(Y=svO?r=WoA)`cKxEWX?F#F1H-*TVF!E9cK
z__=0H!0FS)u@8hxqWLDKBe{^Zi1bY?=;V~sPYEuj8<dVO#s3)xy2U2HD1E3|prlH~
z?SthP2AuczhYr|B6){*G;KHkV9MW`k?_1(?o0AxKdcJ4Z50#aw0#B6_m1p@K9ua<{
z@vmRK`T_R(=o{k&tfdUUJ6in!(cW=p>NbWDAWU15EPkf*g=t>%Z*KDKtJ|x4cdg~i
zjgt-?IIvoKt|D|Pv3l}DaOG*Py<PBYrYv6M(nU>01?_R?`ILR8j6EK;kiGFx@}ory
z4t^`Gp`p>Urw_HG)84&PDrk%ve%u{BV<!W1dI^Q&hllnRISM^R`Rf8$K*aqMtwF;_
ziQfsnHJseWhxNkkr_&*6BT7GX@F2d6^Ct%p3%zvMV#BD6;)w1vriJny*E-y*H&!Tn
ziX-Vaezdf}tb(GU#4K!<3lXtu7Q~#^QxJ_2gi@LV=v?1G&yALT%*kccr=<Vj1|dUk
zn4=Z7##ay`jrY%a{`@(J2Nn(xRRlDB*q}jCQ^Mia7|gl;$`S$KwryUUEI!#S5+iBj
z^Qx3Id~R5QkL<Q=+nK|m4*NEM;lqW)hB7wvmB;pN+uqb&*1dG$!kE&RrKOnWX!<rV
zgMbKpP<MirwRO%U*5@G;5!h?LKzU9E1f12KV56uN0I09{0KC}zD66yuC^N?QvhIY^
zN_952_%_@$%DUQMv}=7MZ(&+CgFlNag%qIK#my`t%5?ZVBHpmXx&zt1pe1AxP-XV-
zZ+IB!BqqbP{VnYy1*Cq5+A_F-tH!)Q0&HQ)D`c~ofGoiPIR$R6`kSZDm%G2^6zE#W
z;}O%$3uwK98+7Zewr-V7lNmacxYqrE1Y&pIb4p>~_6IEBWg88^;tpCbYwPx+%-`g~
z$tL?OEH2YAFIA)g&E#Y=LLih<Ks4qJSDi7#^!kPtH!YsbKMx+Pj?rzoIv4J2PDLnQ
zD*~QKR7s~^#YHozHx5Z&ITh2?)RxjA9fLp6G?VO?A^06JA{K_dK0YJW9i^nCzJMN0
zx!1MV5FI_eWf|MKZqm!OwUyP?hr30uw<XRX)<UNViv>a*5&m0kk@luda1y##Wx;nN
z5O140)Rm`hbFvm6hc|C-ADssfO4n;_JgT|yT4dz>7~NGY*kG~KqZUH=@OiEVV@|w1
zG=u0CwFU@`qDp87O^~pu6zWSp%d#$a9^wbpGLWJ3=e=G*>Sv_+*mC_(=R0B#q{<1|
zMl#G(eB0iV+}eQXg6jx91cL0VG<O@7q<@cp3r|7VFriBO+6+;8jM#%%^2&0A|DpCF
zye<-E?os#_%yiK!7MxqgOqu}|l7HTCuuv5{8i?vwM;AkUQd_6g5~S?ZbG}smf-*BS
zn-^naDS%oIslX;JEmaE21sMU2d~~#(_7F)0N>d<af;eQq2iw>m%KWh;%|ThU?Afz`
z)FlH)iRtRxcxM6vKEvf=+=qAXo*`6#7HXh|Q2~#oz2A#__l#lo%d}TVwEX<Z{opV7
zj<TTy=pqz<TgW`CmMvQ|?D+vH8QNtuX{xuNohBw0zIsJt(~_bnzTG$`D3^<t{nI(-
z=jDcc2iDc<P5|{FQ?WEU>u5RYmh7>7xzC!I`)y@Jj@>Ey7`+J0HdR-sYzXO4a0Hc-
zbQHBtE~5!o@-@DOry~7ywq@TweOM=Bnq+Y~g9oQ<lzwr_Er7^b3Tj-{iXmSGqW6an
zQ%a1DjlusOTK4VTyYN&cDipPE70hsC+ZP{f1Ow2Gjk6h^<NP_}(AYOqrcb{xyRe@G
zye2jKXGtb&I2pGKlwUCa_Ek%l%4zW(l8En#iEqE*Qz0Nok6MTdETQbMsh1ei`hn=4
zT;2WIwOinY%8bpGC9SjEo;l*@`Eblgk;E90>Tj+oyc?#{kiel^-MD`J>GZSb*Q2!r
z*tpAzlslD;(7$bMZCToPa4>NSVZ}|M;Ss#0pjVKm-Zrp>coyv$mmEys)8-0t^<jU1
z+~pr_is5Btb%LRqjOdB}))o*FSn`nphTpd-6&SJek9z}`<mD;DS@Cr33)`fAg|vHE
z4mLBx{jwL~qay5?s1MP*u}xS$X6IiXZ|YxvM;yuczSJ6h2J(c$RU@NTBx3<qI<K^>
zjNCrDfA`7$l(1^qER+s`&c8clc+d(CB6n`giIu0-w2ada9a_S|&A5yh?}y}57qOab
zn1QcgbY|=fsXrq;@KT$a^lfn@poH0#aTKm<F9J~$j-NQO_ErlXA&ZRnNhBWG#nY6P
zwJYQaW}Bxgcy;Y9Lv48H?JoZQm+h9DH{Y&oWIf<tz72GjfMhCaY6;h_-PWj4IKH$Z
z^zy0f?(dy4=~R9pRU~9E<{(z%Q!!H@FHh1-7&m3gam5D=rtzzTDvTYI!A%7(towvp
zShs5Zk?`<xXk_4xsckgVn#v*uVrj$Y*kc4CIF#P~K6&@d;Wc9xlkE~AcEIaV`{s<O
zVD0EsP&?+xR}+1;o`Blt<*gq#(0outW@aXnQ&re)jWRzcrA;@|*3M%)3L=zN?`@nX
zROgQzYZ}*NWkyEIm)bTYP@i%_ShWkVd2ulwBeD<hIQPxjG}v+O*hn4N<1f3UfGd1P
z8dkNHQ8F`Z48C&ix$jjk!~Y87S;0ud$`Dl)P~*dwFNgT&UvL<YIa$qjp;6`*Ro{pq
zI}#Q~E@8zI94pkeJg%Y(fGrtPwGZS)>b{&~$h9N<lPSr`<lYMdLPFATTNwwuDoVG!
zbonxT2g?3}Y{_%ey%8TB-4yt0I49*JUwXojj-tE$6IGbz=WgHAJSGb~=r^x6u{L#C
z)NJ|)3V7$);|0l?;59ih{;9{{t|JQS;IqD%d>lXH&hw8cYGtlZHwLA^<Ko8~&%RZ@
zEK$>2zYQeEMZ|C|7n-eyoM1lx+#8l%Dk!y1-r|mLQn+%!!;i*puJFFKG+^8H4XH(O
zu!oqnVyII)V1N=OqQIoL8|~uK2J-UFPMV&mPuIUZMle5%TNCr86xCkTn!V@~pdL+d
ze{51~l(u-`!hg2ifIEXgH!hDd-$~;pO(}mO^eKAKoeOEQ>;}%8<^$0qM^hyI_`%K#
z3c#l~r_tx35rH+j$3m#+g?UccAoU**XGQr{lw|2n%@dkuDohWVBqbJ5(XCrOqI=G@
z|MU_9XG{wuDG+ACMy4p~4%?C_tLj$`<1>uCXn04J`mj%Uo?y}XFX3?RZO+V}xaPcf
zuRO>P+Kl@?Ol)D=%%yhbOYly8FT=!Ur4f_hmLJ=x;4-@MR2xamc;RU?6B;%wB<zXM
zyH|ArukR-z`a<+kl4iJbM33AwFZk3cVW;K2w`bJ%uBoVrj7%7PV)OrS0U}`}lLK{^
zQ@8Om9ioNP)j{|TXV0C}3ea_aF`OSQN<h*r5#!wv5*&<&AL515vVsB}-jb**zSkC^
zdQy~^pI=c!=M9L9*iAPVD2mC`z<&K0jD{`v%@gzlwF+fpMp$q#1~6QR^5-Bp928IN
zEC774bZ6tqQpK~ahJt8tO^m?D^wL2fO})n~Yw|F@;WQN$hUw@m>$1}sA`GTUw)<oD
zA0Y6vooDys2S(&wOG+A}bt64}9|$$EkN~YI){1(@P;Co6pa5s8?fv?m^eVfgBSIsx
z)$|Y`<+}Qnvb--D9>57!O*A((%|6vr_=zI(u588Lx$`&MU%ZZyiab3#2}-A!>(`H;
z-u03vo|Chr<l2^L<Wm$Ike@hKuY=%RG<9{-2o+VGz;KY-$-~3L>EDky1DU1`t|Gt{
zKlaVdaDiV>801P|3k|)upa3f{$W;6oTJtqqsOCqDB|)-Uiv2N6_@g@&5nPV)Z%*@q
zaTflU4(oIdpIIpKh;BZf1@7f6bLEs~&vv56CSK5H@!^_Iff85U9A%K^<mk8~<n$1c
z$Y_X8n#U8aO@wwnOmvZG84E<=_x9<N-FA5e^#z;ix{a7+0GporXJC&x$;t+4SpBvz
zQe+zI<n*PmkLb%?kDvcy-KlHz^kn8sQL(&`mOH+b5_8&_o0PR?4mi|gQ@V}v;)$wn
zy?>Y>le>)$@5ZW1;dqbyHM5)W>+?_Y!wC%Aww+IM=S4Zy@%UO3(r&^FaCQ9+=~<Yv
zc^z9Z259)NVUGM;<slTj8geQs$2LcNTrbSTR>FRy%kAvJ_u@W{c#vevh)wJvtT(J)
zI9tp3_p+$3o_*);g72WBau|`{w~XP`$l)%D`gf%#>D~XZoA4=6hZ_d;Dg3I=LI|7{
z{d4Yxu*2d-{Mc6^Z~f;Xk@>ZknlY@hjMO_Uv2DaW*E6j?FB+cyooX4VRdTYErZqeH
zsFikX-8vP@y44i6;K&_DQc_d*yneL0`Y!}a)LfbDs$vZOyr}52fe?Pi0uwvMV6H|b
zr6(sPIAYMjl8p$r)VKB3>2@b^C^t8UCHnHYw_QN?FJ@(pXcF1Mm`U)MHS34>F!~La
zQH0L4Ih*7TSp?<6h!JrwZUKk^1M)2d6IE<GW}}P_o<+9j^%SDL{rhkAN=e+3H~wzO
z$^#TL($m8l%ZjdSJeO21_^m0vx-;{^6RZEe-Yz;{SSE;M?WCR;7lS0lL;WauQW!^Z
zPD5R_O@Ph25l)>Jv!vlixuAwNk71)Kro>AXi?P5<Oxy#<k%>?}7KSX33|{eKRCgp}
z8h^>lj2t-+S0HuM?B{VM!}1%W-_$?;Lta%#bo32BE>x+D_ViRAv|sZYt3v03rTy9~
z+xQDdlcfO$iRLGf^dVE_u7SbNzHTus<42R3`bv>|*dC}%UiplQ61qSIWSX7?ibjzc
z=x4D$Krz@CSv6ON?2s3z#7!Q}4JoUFV-MFlY`T>U=U|fMbRO9&f-YfCBP3)p*PM|<
z*!Ax*-OO?`Z`}%eY=TFwZ1N~6F?xXT57&F+P<!i^QI0xodp`+8#n3Xt@@GZLsv;v@
zfKfAcYa)$Ha;HD1Z$BW}!Yt9v`I&tt`?G9u)v%o!BQI7^RP4;e@b>a9km`r>{lG0=
zC%19g<pq{um2ZnxcuTt-I=!IWy3K)pMyvFNlRnE-B88YOKS_5IY+s|in%bbDBIOCw
zLo|52lY=f#irAFtirn+D39CLEfBa&n%7T(!9YMONJWKqO5Ja#R&fj42=hH&$EfUi6
zV%Us8sCFq8t3zmYUt`(<wT|UyUAoAkjkuK%5h0R4Z=ZQKHg=LgcwL%fm~Xm|?BAzv
z-@)R}tTjN`efk@rZsp8_G6PQs1bFB(w_H-biaG!ut5MT^`P1|y)CRzcvR6sb0yPLA
znB>PKl3I(=gL#Z3a;9BXKIkUXUJ97#=t>ZAZQsl&?IVI1knG!|b4N-_*ftvEQn)Kr
zo*nn!E-rSWD`T)!V6uJcD@t_%jF=m4&8_;Qc#K%ry!uD2>zUy2)g=iU&?*2&`t`u5
z`5;_nsP3ts7LA&qoqm;;#Y-yeq8VC|nIAXyxsl|5A$R+N_7;ek^dc&%s`so}O%`@)
zL(rKEeh&M0RI)?Uf5;T1^y3v2I*v`D)E_${+z;Mg-v2|ey-sg+D*?4So13|$PyZiE
zZmpxIq2mWpe*Blh$pd>ZO<5)d1Y5n?FN$lZIC`|%uQX^1JI&0fbgQ$4f%|&-4vtQY
zD-pE6`h;de#}^8vl=s5aD<h<&R9L}IIZN(gaI|l2KEm*e?u<PYya>%z7LdC}c>y>4
zF9ItK`TsA0HR9@r+FD-ZV(Ts0JDB6+Hc!3uv>_GTg5<*QV@$DQ=gwOUXF2%$_upYA
zX2TjQ1xXcXH-HJPcN>5^DI_fWphu1mtR0-bp^tok^149$|HTPi9;n27B2ES_RV3@d
zWtuN$GPCE{ywT&v9nPz?_*GEs*Z0Y_*x25ga22Gz7ZSnv>lE3yh=D*+Alt03%YMvO
zLQ>U+3I&re^PdW7RdN<TccdCjpBeS$%^UD@l0P?<aiPBc&-?dh+ni<^N1?K({gZj+
zJBn<kctnvV+sNF8)g{W!F}QLZZLdN+N@GC!UeyKTCwfBCJY&NnS?^#0(D!)AAy|mA
zir04jpn`8P)K=Y`&7#yi2+d#WRM3YNCuqq@u?FRqr{k{^&mp>;f^_j0;e)r7JQ@i{
zMo*!PfkxErSEdmbM-&Ehy){N@Q+<a_@i4k#e#Own|FXat#n2zhs>Ee*kvLCCw9_ti
z$$MD!;lrXtJFB`>wlI3gp?jTe<Z#EMi#QSl!_%Cu@g1U{ZVc(bNh7aLg`w2v&?sr2
z7-<8=Gi<LgZ}{>>Qye<aEzJC1KcMJLSq&#Omw29U)7itp^RoU>O;=V#zhJ;R*JZXu
z5O3&eE?U$jD7SFkepX>4gH17bVsQV_iH&LY59YgmD{cmOGq0UH<@%~KV-mN1_D<Uz
z=7Vnv1meWvX78LO`gIgTOB2%>*NY>8uYTE6|M7|2f1T)ok0)PWeZ<w&RJ{t5@NW;d
z2r8@oV1afvHh0>(0eXGhozk?)UJaj{7Ul_RlUcML0{+=-4;Ka3(7L;p!Y$fA<zB=I
zK?52VhG^T4b=l1P4$Nx!v^JQeAQ3x!mGk=YqTplPZR_ee%e1xWfxkcibF3g{Fg_^I
zhX6^{F0d{B`b%T^lVV6F$bJBD?1tNuY^8k`xw#(YdeE+8SwVN)Pr|3v9k!_Y!-vs9
zxhSh+lg79D-f_%qlBOI(TU29(cNF)A<+zEQMfI+UC}I>9&sY2!CL<%zL5YBX7Y@Ht
zW(N{rrOuY0HG`J<@#BR_uGpzUEyu=p$_Uft(YZGDcRhb8ebH9cKDnWC)$_G=9(yN4
z?*xKeTK-S`@Ng!>Yp*uAyVcBQO~nw&;oqI1ObV+TUc9icDH!jo?_4~wn|oO`C@L-C
zs|@EEBNUbTdkZK5pS3}c(yz!qw-(kkbNi}E<`s<{L~j;#q?S$RI?+EcG6ZvaV|08K
zju(r?%r(TBS(_pnW>_xcY)CE+C|?)6C-K06E-ns+OBIfv0ZQ;*oB43tROsw$V!R~s
z^G}4Z#Odz2b6Hy%wz%QgVn&}9bPLpI>GN{~VGqU>!Tfz}()eTFr2~&mo?HK2Od-U0
zoB@S2hMty|>^VBn)4R`CR@eV8M(V?8jWJEyY#9OOh_Lq=GgnsTap;`y<?X+}3oFGQ
zKSnY>`^kxvw8`rK<lW8B|6(?v_P&|ZCBq$a26MTalJj=&;}bTY&f1DZZO>s_RTUMT
zkZZ-yp7oc9#UI;Hp<YM1_*o5`Ii^|%yu5&)5O|oF2&!zWd9QRB^B?2uwU52HIMyCk
zh1-`m^9PR=x;Fa4Hyi&Km9<oUfy)58yG7!d$Mg1=v)f}{T{ddR2koviN5tvHyyl5P
zU~tkjHa=IpSnQF%U2v*2v#?k@al)xutiF#gMaC6vqo(w`<$tkJ|M-J2)}Hk2Ys9?Q
z{W?z}cObpxdI_bk;sbIruw<XF<;m9J8<gf!@){TjF8m2r-@MbfWF7ZwPB@9+A-{y<
znGpLGzhM^^jIb2K+S2mAhP5oFT82Txw^@x`8I*g0>G3-?jl#(Zp*<5v+ND+~Fg*F=
z&-E-?YJr$(gPa$X7`3>s3G4fa^4LB8Jni$X+~JC6yKZ{Vr;_e*fV)Hl*8a6}x{{J5
zP9-$Ej}|>D9yD(fU4zk5%DPG`h??N=P0|61Hr2yepRLaVbpYOd@Bis%?y3jQ033q8
z<ay4}nx$;wGBsUm&9?>u<We4(<J?a|8fYqyhujyOsV|%?9UBLS@)X<XY!@V7j6nLr
zDfF%-dEw`3o^AXI4J%6^K%kaI!SQ+i@S!<HG#~TkzO!Ll+m#k7^b5;|=yz0hj<oh6
z=Xduxj!VQthYdr#>cXfTGSbtV8)g0by7uXu(L-1wtfW*BSVsv~_x`=t*vV&;Eppec
z{J#&;);sb^*oElgE{z6AHJ(>C)Zg;iMN24_uc?spV(!fZojK39f5M|Pc8eT;lYB_|
zOEQ<u`2wCXR#9<9_*@OX#l(r1D>jethbM-`&wYdQ>(bD^j%=mrQ@-(}Y+O(G*)S{x
z_Mv14jdoU677Z~)6Z-M_?HYM1S^=p0r>dx&g7k=l2KfZX0^pFeRW)Vy6IB{Z)>zFs
zW!i$5qeR@snpjFRAX{pvYw%A)?8Z)*0Oy=D^#+O(KsF8XBbV_fmr)AR6I@QTFi2**
z1HYJgAK8K&OAA7s^QQ5Kz&Np>9+UUF1s8$z;Jr}LVlg!H%BMcOI7!uXEW5){p*LmV
zF2UJcV@(0RYu6XFiBW6JSn3J=wx0w(evO>lGDpXo#o6JG`wFJwB|T-@v?vpw420t}
zto)9op$^ml)$!(Aiob3f;X8TOKgDxTPY&v>I$Bl;32Q=1tGv^6<_v}farDR^XSML2
zhJOA@DW|K#TbWfYNf`gUs<9U&|J9AX7{#tF`8Q>yoYr)>mv=5;S(NtCbjlRQjucf|
z0cWOJ1bTYj11_F@eF^)swq9rV<g&zHyu6m{+d^N$2555Spie$$TnB5v9WDl-3T_E+
zo_f+w65cm2=J2uh16l!X7heJJ`(hWoEvl#HQ6yObc=OdX<(PKfX}?z%nloc{U0bJl
zCla-S>>_&(tTM?RBON2R++u%^E*lqh8Kk4z!)Oryd~n>mjuXy$lwJ1t=iP^nJ2ksR
z-S}H}yxir4zn=vbKMUCT>ieV5{*CI5xhGZ>C#;;&y0`t##96a!pUhCz3buX{tQr%u
zY9;;X6Kq9jZ~oZ7&SDNaY^ZB<;d--Bz|uc1i{;2MQ}nZrm+g9HGv#G!a#Zq70zE4j
z8NoC1-@T&y-^)JW%|@U{hQJvk(xo^yY?Yy6dInTA+|A1gn;hAk!0z&N-1Bz7KWyCH
z@WNM`Zq9CX;pM>@HdUCpqD)vG?V0KmZVRhBE!WVn{9HwIu-7sAm#3#0wc&$+%{A<2
zQ2Z7;@tb?!<f%6vT^mo6##rjI!@N1oi^OkTpYC|LD(>f(!nW%+vo+)94SXTH!L!eE
z;^6zHEnm*}%rTY^%01L;=x*R=z~EVBU1RFoDvGbx<^;55#`~b4T&|Cy(;18yu~x<l
zVBA2I&rRyL{F0wXX!}ikAD4dxo)!DqF}@pnk_A@iLaKV-HX$VgBODsxbg^HkQJTH4
z)NbZ|*dHY7J-+dYB4ECF{J3#D7FvizRwH+>|8n|5>8R)*H~aLM7LI6_9d3<ATV75s
z7}idsHT0m_gJU=>;_L8U_hs34+X2&ROFlD^C6tDo`>^g%>7dht46l9R5r*js6}!P?
z++VhAgwqi2d-(8>89NO|&7P#BwC~gP9Lh_`G}Q@RQeAIV+*c5}mvoPF=<?+>GNrj+
zZg-+*PV8iM-l^g<E4XrR*sTneW~u|ejqP2HZkh1A_tw_op7MP7sfpwHVdKU{G<tQo
zZM*LBG;DSzOgK`uy7Vc$giZSz7Ud|*$e+iDUP=0pmtaDd?r`Ek!C_ZcNb;EaOG{6u
z0d%rKeeOu?f|+4l-b17ra<FvJZ42o2EORd{Uae-7(eOO2;L3*UXF+UJJekeHJB1SO
zmz*70{L^)(g7U34MyD{|02Zp6TbWwIp_+!x3{%RcWfdaX96W)17mv#D{QDe(_?!{W
zS0W<Vl{-6-?W#Qv+y!3lC&6dt$~udR-RqwKT?h(H@s=UkX4~fo&u91gn^v*d$!|G@
zHd(Od>eZM%%sRn-VO<&agjg$k(kjq0Kijh@<N;v<$|r8r-{FZe?Ti00yXGHwxm6mD
zh`4V76w)+OhcZ*2FnxMb;(|^)OaqlSvCatxgt`qol1tcMWRhG0mb28_<`Ik>`?OHM
zw6IyWi=);&9X4l1F~b7PST5*J2ze$JX_getANzX#l4}gr!0wam2PTJ5B(sFs$gJK7
zZxq42_G5h)YCRd7d)q|2ZU9HYfV;lo(}tUXnL_4e<%r+a*|1#`URe^2@KVD3V#`Lh
z3h#X;&^|$!s_s_!fg(OqdBm$t(SO`QR2ryKFOW#{9VuAo)NPbr!7Ab#{)7crW}BxG
z*9_-v<(TJ8kSL|(sI?W2KkstA9`FZDDlKlk6^#do&htHcZF$PQcK>m-xSB$!g=~a&
z$X{3qnLeltgK8LqNE+xH@O0-7JdwT6re=74r;_~G+TY>9MA2=lUMYe(pnK7kO__}D
z-;wlpuYZei54%s?aLryZ1|o;FPu9IIU$FOuAj)&7Ykfv1#O~;4EfF0=#hu>&p<o#`
z=0PT8eo2+GXMIn=6Yqsi8D%@v%oFwc2FZ*d#qoPh67|qTKy)yQ+XpoWNkF8()%0Px
zH+=m@iXt9M{ydyF(|X-QKvtyBG7^vN8`=9^RNGx1YGarhen0m)whRDK-km9XUig66
z$Y9&&_2FTnh|%(Y=yW^G0D?^7H=cXS`l<a=YYYwR9;^eM0HvYRvPB5Zgtk^sp1ln_
zli3BEoBOt-D51m6C4G1ln)mV>^5|)1q#i&U7P<<C1F|xE#^ubHoo;S%a%zPTClSAW
zY*>9mdx%39_mckEe=ud4H`En?lq)R-#tst_s2A9h{iz3>ZoY*~#fps~!-my5Rc??h
z)zLYoGp=b@*Qp}SpB|;c2q>b%2;l#NTLkUB7#3q1RQ6FaTFaId)9dp)pXL9&VPE^A
z4rL6Z;dd@4w+#8S*6j7+V<J)U%zs})7y{fJCd=WD@4RVoAfO8#D~xHwtZ#8}-F{V!
zq$2T>N-_8ie-bmSi8E)uY&^MtW1xmhtJ-I;Ef~s)I1{CTyE6Wqj3pZaU20;Y87XqY
zouQo&Kv`yo%f_olX>`bYDWkvwftMtQHRU#M#Je$jXR`B5s}^QXlu)RR>|Cl*jzLwQ
z&+AQ|c=V5HgyZ{^%CO6^v4+TQ*IlOdPAD{g{P5w|_kJ_aU^9N=!Ts1rFstkA=g8kT
ziQoHDvT)&j^b06OKDP=9(FlIEySs=b&wH1OM0H*MeFrtH9!wO36;I}TJ_G;e;_7qc
zRp?E`5_Ri4JJg;Ha%Y%g)?L<Nbngd-FlSF_&wcRona1~09Ga2sfECWjJJ(UPL-|;m
z#|#qt!w+9y_;nQB4t}uh-Hk5p+1|dsq4a;aFiyoPi+KrW1+Z_%#RE`Q1Gf)7_;$J=
z@Qx2wQ*?-30G~`}oH|dIdwO#c$Mfn?Xo28DCB>^T?y2QrS{xG9g=osPAY@=V=S&i&
zLw34j?m19ey1xWBn3VFps3sn4Q}9{=a6zZs+q{lvi@gK-Edy`73c=s8G#;_<%bkPS
zT}Aodgx`Z{1b=qajpJmUUd_KkrZwUCQkm;kd{1^I!133HNkFx}a^&-b7q%?ug961Z
z6|88Df55%xN6PdYMyx!Ph_Dmta)gcdMEUb<mdwc!7ADOVL>6?U8D&UHlIE`jbA*Xw
zjgRrF58q2|1s1e=W<?*7<{S?jAxgOis=(FAFk)}p=2nJ@1#G#uOagL6K_6n&qjs+a
zB?A3H#@a1>Tnlq^fa;sQhKk-K?f>uJ@5+&Nz^kJ5dd`S*+T;uVj#wUMi%Gm$VsYvW
zht$TETu*pQpxncIeon28bAzHmvbwy#lPID4KYy;N<33@H^}IH_#>A1*(hRhQ9K^)d
zOA2EZhc=v!19P3b<GRp`<+d<(cVDTfto)8a^7N{}c;TG=8*ohl;=(uv)Y~&GU*@kc
z^g4L3zl6r`&Stsh4{_2y+bJ?i_ZdqLZ%`V6ey?`)Rmc^B@tf-Xo}&DR$Nt=bUn5Bz
zc<&~b)B&^h)o9XDZI;*;-M)RBgAmZVyGVE%NlEt4&TIJ{;NegOUn7Md;K9Xo7QOlA
z{_l(Vok^aefC+y5k<0%_>~9`-A_|B_!V&m~U?*q>DJBY53!4qF1lr7}lkGXu@y&ij
zy!cw@Xx-)Eys<y<?}Ki)A>6^9JMln`{ofEPqJH#WFF6eVHr39IFo1HA>O<BA@eaUy
zQ9rz_tAqemU9*lTv@7lIO(ArM<h}l89r2PS`bvQ$S=XkgOD5%4z)xfi#FQ;}y;3hj
z2cCFRpkq2e8zWp0!!3UTp}Uk&Scv7Bitg~cKTSi!1%b9(dt0(GK*LAIA-EzNeeb>7
zwY55$(8CASp54F4f$1T!TGt8WS_EZ&yPVfC=lYZ!%jq+g<WgqMnNwmpea`E1g(mS+
zdI>nM$_m*KQX*?KOYYqw$LWk?Jy9!i>7tgyq_q)$;%WZ%Q;$D#KIc$$WI4g<Pz!m?
z(>ME6U=rWGb4SV2*D1C0+J9*0{k)+U3*D8%m%?LuAJHyn&H5g7r(W-jb{NQ(#l`1V
zM?Ysi9ew_MOH0emb*}Hc$6`0VDmq>-)=SDK>+X#!MpxUZ0nP+ko$uejznYA1MZ(0u
z?N-xEc%@FwH6QetLlkVA+E23M=NZs8g!id0AUjQ$@s0aXU&9do`7jZHWc|P;a#BQm
zuNh$w_hZ*hloH?HdR=GS-%Aw}eqrzT(Ipcjfon!r`_ct0i!zYEry@XWpPvQ6iGdkL
za}c2oEp4Gf_g=lysY{0IzrhvlRh@k+u6RFw0x<MA&@p<QDF4bQ`=6YCq6FoLEyhE{
zKhHaOj)eX;m~k01Ey+^Yf6qNujQAMWdn!!|{06wK4DK)#*n4@S$X%$wi;u9Ai*B7I
zYMysAZC4|Am>vS%rj)%cMXeq0m3IC9KU{$Q?%OvOeHC_FVcZ}0LBK=ngw@D1f`Asz
zuT2@=bLhdC*w_zNIfVJrLbCx5Jxw;mt}ClOUK+aGOiiXJ*wQ}jwV^s4{=40amQaUO
zx@5v`9`O11K3)fYH*fWRbJM?m3psgm+V1yDi@tKS${f*iPJz5x1mLvu`Ub2zbjF<@
z-Rs^`#Q>(qcre{d{0(P@ZSor9S(O20LP>gn1YJeDU47}R#NXI#SN+EJpZ?Tf=R6h?
zmX*&v;^SlH0&^&M#p0fAzkcmd7Ui1=oJoW+es1OWx7xsQhwiZapbh<hih*losKe}&
zw(U=O6AizmUd^O(9^-{frHhcMR~<`}*b3&btln6Bj#$Qj;3&tgOMA@})u^o01ky@r
zN|!c&TnJTq;R*4$<TnK_=MQ4$QpK+g4Qz}<t%}bEQ^NFSv--E6KWp2{18&bz|HrIK
z!B@uj!u;k!^F5w5wau+v3msM*{cFOYpcx=VWvzl`>ZMCK-1}LVT25~q6X<meDA!h=
z4U(RBHq*D62=lGIwZe#kTKw(KkjEy|L;e(fp|khAi&Z|pbVnDNzP{y~Rc`7(c~5*u
zPjSE;*SfwHKg+L4w!Cf5O==(p`(HnnQSWC^2pi@S|5@J5B+n<S=>&vqo*I;82v!EQ
z^S-@=FENQhyWed9f~R?vRQWt-gIX4%1m)H+nM*01GiA#4jn>s2@@p)omoU*oK1+&h
zWh%$U2-esZ)xK_%d&wx38k!^p4ZvS!nmO*M6u6T{ext_P7`Ugcr&*$2wcB2z-&FZ+
zsD^wk+_(;mw6xV5I=e9V9x`Ht>xYMf%0}7}RK}lqr`hS6lAs-hnJ0iB073s+?h@(+
z4ZGn))9u^2Z3nk-(AWU#lf_$^8vMwxUY8|z*y4ox71eUwdiMx(xOUxhS8|?gieJ|P
zD~OT3FS+rkcsnz~KCNQo=PSz>=7~zVmkP~89xrxVc@unjZ>=&;O23sPZu*hc30Ygc
zVFkv*-qTLhTdD0=XP@@ign*=!`&D?0blqjotC%Y^e2l{=zT$BPcB}V(O2eAHr{4}4
z&EfT)Ad3`)$(bF|SRLF_l|qAg%dUD2je|uS<jM8X&!Kql8ugN^GdYO5KP+Ti{SF2a
zcKt6@T*kbDM&tcg^XQq?13R(9x8(;=)7M}AqJ+U5;ms<vrIQU)zdSiAs3*WrFik{>
zyqeWvYhn`gV()CeiGsDZGG}M<oLIg4D!>fi8XH+2UYa2GgQ&A6rimfG7u-s=coc0~
z59^fG5<`HVSRZlusnCwouKVN~c9+j^YEETndu|w;2RteKqS3Ktlm*;VIjS=*-L-AD
zb$xMumsaTKrw5L-v&3WUynOgsEZ5`b*TH8`ncpm1=~`4!kk3Mw@r;X;1#4}_!~EG8
zxP9X~j(u)q_5FG48P%)Jni0IBtLOfY*SmVk&zyNGdG1Qlj(01?kr}5Rn?x&5W3j@a
z88ckLdiLf7BU31fFhKq8{at$@f~L=Bb|L!O88q7{(}k%p9ZBkoku!J6g$~w?mm!#_
zei6uX{zp!jhV9KZPh`eDOZv#dvx0%rw808q0?*25lqO2>XMbB#RHQ%uhZ1nFa<?ID
zAox6UuWeB~a(UU>kQHN6)54r;#+SAHVM;DGPA-`y<4d+Gslzot`Z*3`L234{S2GaB
zC~1RI)1eV@tW8ZoWfj*vSZTu>y`|!mJ+*<g4Io@s)4wibU9v<Xp)^FHzSnJ}+1dm>
zw#H7mrxLd*oHhln_Q5R}FoitJ;tsGb&@d+}n5?&lV|^i^yD0yKO1kN={3)`i=IL1k
zQ-nG8S86ZA9a(&iPP%~wtPF`h$X@Q?UUH9ef5*<X`ue$#pT}Lggnqn__2e0po~JEq
zo1Jz}O?j}bm3ggWQR@*uzYEP913ySlGT!(NBa8I4icCK~pRsaCiA$?}%S^L?-;`I&
zI}ZL{*(s;BS7Uqo*bGhzH(kSj9^++s`8$oRbW{$dHis&kho!oeW_{i{G%~eZIdqcp
zuT7jmVBmDy7WmztDk}#gOJNj+ZvxJ=FtsPBI)~&@8v&ivr>+t7#S~^(ibBAAWMT{7
ztm5+Q&?ooWcESCGH9pHI>zc{q)5&E{u;(65Y@n#^GQ^>-N_Rpbzs0S!dMtcQ?d_~!
zw60HeYyU0n-$$gk1ig=E4f^%C`OOH)WpvAJKH-`5JSW}rqSrC1&!?qSMi>^`8Xv9y
z=*7Op5?XD)>NCWT9ct+V(!0x3Z=7H7f=^=8FOjCWOmO7-Kcu~PT+jdi@1Gq)Q6xer
zp$G|Sy+bm}tVpGdB%?{gD3o0!GKxwFsg#nm-n~PTlv1H#BpNC$C8KkF^8S3!`Tf4<
zTrTHwIsW*J_gmxjd_Knge!JgBc!Br~S%2pt9w6-v>K~F11o^gB2ifa#62z3$8IH*c
z!uY9U(1E$59TxkPK1_o$b7Zcr$KAKFPeMXQg_oq*%cwV4V{qH==9>{^JBrPdoy4om
z#9~%0j&`@-EyOr6M}+Y<43D;Pbttf^L2%6KJ3!nq7I-!+h7T{rhrcIm6`aB#E9#17
zs4&cCQGhtPBoqnlysNp6j^`?+Yc6}j60EOQqL6r*x@VV_Rp_DG^V&_1$FO`DZrG?c
zMV;+0l2`uj?orud+A|30&?_KgSSOWP7#rW^e~cAi4rR9YO5DYAtOGW3<14R>C}d9R
zLDq*xnnW>c7lSOgq86_2dMHg66G@PNI<)>U7#-fFz2&B!zXjuu>%nk~T2~RzLpX=#
zBw5IM9-_&Ezg|_d#WXVDnV5im*X`V;r+4sE-ErwDx)FsI_ni^DxWy)Gi0C98D2*Sp
zZgr8RijryE<FbL*L`0TOCNk=uzLQm3UK@&xQ*{v*D5J=fABDE@`0sqAtla4`Pc@pR
z0?)x|8X9I-ms@Gh``wV%-Gg<%1FSe<C&KnRBeYe0Cnx8<UZ#`8mbpb4cmHo`bK6=%
zDixKLfjhU)3A`M!O(@j2o7^k^jawvAo`?CS3jt)A4<0C)-OIC4b)1oA9&cL+(pRcn
zVKy1lXmRnpd)v4Jryft*DQSHtvF=R@T*kL*1t3ifI&j)9Uo%*6R39bYf+-0dNZf<%
z37r)qJF6(w!glef|AV&7J_`L=uXBH2-iXgqMvz8E8>gNxE!$!eQFvjoLjB+eUTCMk
zyjZcsAz|~j?%SW;UVcNYe}64%y0Acc`xPgXc8Y?c^VgZqZmrYd`>3B}m8*zNTlYZJ
zMT*;n@hgKF;}Z)0N35hTOke?K*{CASDqG{j%A3S{6&IrCLzmuz`dHK-X>UlkSvx<U
z(;3BKdM>GtX=G7uZtk%}jy7IH3r8JR6SRBfw!=k2c373Reof#t-Fbxru_~18*D?GK
z&Z8h}p$MTFOpcCK0`^iK+&4QG!dT*So2~9Al(GfgD|br^%E+zodkO-3h}iT!nN<FZ
z@$Ms)r<5^kX5&xm+5ZY7M_i4-b3sBrM1~Ypf8Lq&aNQIcAEp#3)b*U0DGEEE#BN2Q
zi3>$_0i2GfLwkCb^mHsPDP^EEUB-aAZAukzW!@?N#yD}&{DOiWU4IoQt0xw3nEI2e
z!b|)>ddTt{7hc}rW2-wWCTOj|xC$tSp1rhHO*nLQA0vb)e7#TjcuG+075sfhYL}b$
z;Qc%vb3)qZ5qouzuA`Gvzn*gnz8fr9FpG4JJtRA~QF*v+R0AK2m{ac_h&qVVi?hu3
z&+7`HlQoMp)&}ydpMXIq;%UL};Mxq!gjZYLQ&OvcVk{`QX@2@NNSEygFf+-6r&WCW
z*_UnGL5U(|k$~&;k{1^(HIV)Y$L0CyGaFaOo0hd03R#wCv*|*H<63k2^oFVD=Z+3)
z=<;`+NX2igGt!##c<TA%TH8BXqbT3RGVt_1Y|%tL?02v0-`l$V232)xsUC$e6u3fr
zUO#X!3D{Wi{ymY$GqKiSvAK@X5%E;(o;dM^{H$5$9T-w;WU3oSwBq?Xlop-V9kCVD
zAHkGeEpW}mj|bJ=TNE=?;JQZ2>W^uBWOwHkft~|Lj%=u?VE%aST3ak6CHEH2lHu9G
zT;IP#JB3iL!j!?HK2B`YxQo;bYMK*rLFV&syrEjKA6cyzz3%<%TN7Q9d~MHXd|IH<
zPxEwL+r(~pJIQ!p7^BsaH-`d=l);G^D(V-b#`g<2bB5R^`Z*?}EiKMTW%ZFu+1cF(
zt6#c#6QMKj!NM*_DBAa0Tew%tXR32!kMmMm9eV{2px9V}(mKlP_^=sKul{L^{WG{J
zSd)=3Ke@5s%vF>v#w%7-EEpr>^U-&9y)?>+vO*9J7}hI7O(TCnqwXz-bLyo-4hr~?
z>*=`<Jm-@5bv8U#-NWgYU$)<ga&?idy_)gqy7z#My*_<=vs}btqDd6a1so(Efcywp
z#HFS0ag|<E#p1Dx?qlSjDN=HbQGlwh!)oy@IP?*2dZk4Q*DjcV3uXks0N-KxF^#06
zc>)A3=#-(P8TWpPR%X_$SIr%e))0Cqr3}9wT5`9CZ=+MyxtHJ-UAuL=Sks(3KVT#0
zdd1$*wzjt5X`6h_CTU};HmAbt;D}WBcT2m*jo~&14>f>Mj+B?i3cGs%stfs+d-tZI
zB1d_bFq#sT^GnyCxsAB4fDEj9Ndd3>m|om;+_i&`b8>iD6J&R9IZ^s>t&x$uWFJ96
zwl(w3n>2i9gcikjtk4<#HC^#p|7U9s<x2FI*NK=Gm_vUMJ<i2Ap`;F=+>3$E!NupN
z%1@qb$6`0ARtIa=(n=k#4BLL=V{^MrJr9IZ?s1{oq)sAiYW(11XijAN@*hJFRzsC&
zZmm`3dC(GrTnP&{@z@*dJMs2o#WLtkU83){{VZMl`q?`tuQ|Q*<^pZa+)?v_xk+v0
zH!dtKh@3#jEyl&5l2@~C4~i~z?<EpaDCd%Lk&+X92=q<0a-}Qx1du6bH6(A&O(qHs
zyQgbt?1roWgWsbrzL-!7ZZ$42p`xJlYWmfdmF<uo$g4x0;^E<exg8Fu%oLuhb1+Vd
z%*b*1i93kR0?M%ACC{s!L3P3=7tW4!0Q*AP|E0M(V%M6h%fHc|GLXi7pX&$|OOVy>
z;;`RNw}hbtr3g1ZKNCZlp))oYI2eSW7-y=DcQjxegn9x6u3f(_7$no=akt{x#MNnb
zN5OwH)je0!>Fi2aXi$>g;DJ~W`r&=sZtbMh`7RNIQ6-~bToAex$p{DCa836Y{uZu<
z!#0)edO1a!PlTKc;I0y*tnevBeI0w@B3VNYlNJvde371(iIJ3~<jho4BcpiB^!-2`
zN9GQclvL#)VZ2pT7IG*l>aRn&{?R&pM?SgVmN@RsmL)YaQ*Xc?gka6)&kKjQ^5AC|
z9A9^=TJI}(@NIr-mW2#uankj+ie7o6$S@h}m8Wg61C_3o^tJL~f4lp-l(te|tx%NI
zUkl)v*QfZUZr{rXqEI0DdiOJp5Hy*LzMtF1W8=Z0Hp=Vi#o5I-UULB@?l7Lcqo#%V
z<V+)Jt=+Eh9+(5vR85>R1>UI({1*gW#kTQq6@|_epXq1MKGq158d>!h4iQ(bTse7C
zJab^NdOhfhX!rf}?6LLRP)TtnF(ziR75UtThV%4=3pEuLPB7g}<)%&Z7jNPjQXYd;
zLg47zeLwZOx|;5%Rfafyf>xMD?t~lcbrPK}_<SQ4t0bN~`vd_HI0ceNPJ+sYjT@_5
zI~dOLr2}=*4Xm2~BM4dm0L%BNvbvGsM#q|(n~_A&9WgdkmC4~RQkO}|%H|}!70*Tn
z7{i75aZlEC!|;bbHDwuw>DX#i^NXQh+#&YJKkV)H$ZI@}{3T_OfVy?<$`SXs5&f|>
z1W2%2jOG?zMdlu;;Wjlxg^FcI@vTEi!tQUKn78gwe#Rb)hPK!K>MaIWuU#9V;kq=u
z06dB)^a*F4xDUufs^6n)I>7qyFd3|iDK@Gq+_m@a_}kRr?USu)*_Dp)Q0}~{iR4qg
z05aiOxJI;L{6g1Wc;gE>30^1h4YF&+(BD)jS145Gi~8x0<;e*nhmyEvW%c-K_%JOu
z%C_esfIaq*c{QGwgjx&0<YI+D^&K}Wre2|grtaAh+&4d|M5sW_vUpUu*c>@xcErW0
z7`*`KF3?%q-6dMz#>#yFoE>1|*!<A|13-|+V6Nl-!_=NS_yap0d${h*!iQ(_rhy8%
zILQNb%Xtk~cRoCk?^gXh>`+AkXW&e=z>_E6o=dv_DEA2Uhra&XJ;flJCp4O{gW*tl
zJAu(Gu%AosB^Wm8hQ2l5Rm5A`5M8eMS>`FsbA|#d>P;J#*`H0~hdat+4>VJbP`mta
zkcqKgKibkdD<@C~vGS0H5m{Sqty#LGTzz-z$EX|^Ma|Mrt$U+2Z_Ih~g8Ds3_hy?2
zF`XyGo0zaTNI{}`jbOIEU(xr*h;EK1_JU|zSD)Tt+!^Lv-&?AiX_#hg(RZGd#U~Do
zA0py8*t0Z#j_a>)pNLbE9nw!!)aJ>zB0h<}s2i<R^$PWAPd1PJ$^oe0wYw>6TtD0M
zz9}=Mc2?(mi!V1e)(du@;X)stTp=2mv<>Y#k@6a{n^xbY-}E|(EV4X+nrw{j;q_65
zxyiUV+&e`-K2X<LUDo7OP|)XwhFr~`ncBbpTH*<?Y87v)c_et_E6N7<<61aPl)uz?
zYF@4TmyFM&7(@JU%H%Zwdab2}cwn<4llei0Sr#d~&doT-GEeGz&{4Bby`#ybz8hEX
ze13VJ*GY;=rx*#{7q;;g#?D>;VLam&*lJ(wR{NzeFiEX8)cK#J+}fWOyOtkHy#X&Z
z-1gG&5T@^ICY^OE;n#5>-o;m0wWaSfMwL<ZX`Op@A9G;4u8oX}0%<QTfQZ1!M@4pN
z<155k@2CRG`+ej;sj4Gy+>rBPtGgvQFzY&0Yd+hH!=ThQUKsn(^%<CD+~%)&ousgR
z9!{S<OwQ|<Ne&(k7=zRE_1jk3>N|=G!?(=M&mtOf;@Xt#tMoIBTM|lm(iQPepr7(y
zAB2*YwgSXLXpki(=dQi_?Sw_Ni>)$&WxJHbMG;Y$P5QKu|APDjr{p0Cy-~n#IBCM9
zCk9q%DeBufXon6Q80*^jULZd_9I|$6m6pTqVxE0wW@h#B#qKj*1z%fXfCRCCE)_1b
zxl54Yp2CzvWjzK-N`7d6(H!>n=tphIlrP6eh{^;Ke^GEMjq$tJNns@?RAfbMDat55
z>^j_SudtLa?T*&`QUAT8Lp^2olKy$<Id2u$3K2mPy4XCr<4IPpJ9kOyTaimEZmgux
z<x))jbZM8_+KsEfW{nH}Fe&cttF5;2uR-|JtSK{pkwF7H{Auj1g!eb1qR<@XZc_`?
zAA58CPkRy1uU!+j^qR`3DLS=72w%2cI0kCvgLe-ACKDsbm>%}p)yU{fLFcQMr)O#n
z$>_<k&g_H2#?VJatYX1hzJF4>rTxMYW(k0Yz<wBFxbzW>SbNKHDSH6RBiG^=w@oNn
z9U!2TqH+crotDzp++w^M#@l81VQ0rOD6ojPHIi+_l#bBJZOm?2Y0N|%inpeiFS@#%
zDkSWAm9seX%(87wEQU0kEn)4Z0U=gTmf7*3`h^KMySa+tY6GX?J%|Ecs(4&4tU|`r
z>m<=&x}puTlAIboTDvdp?ja*_VodIUtB1ZPmp8;8+Tr@<;<#Qma4Gqz-+4f=OX!_~
z{QS}@?_b)T-bDj1f2+V8HIHAr%hTd$`oDoo3%FlLTx{&AYtb#m0c=5#gFB4&t7n%>
z!ai8HngxA_lUNuVs(F@5m6|4OCr|v;`rg^G6o2EqVE$hUD5c5tIteZ?+jutmcDW7M
z9`>tyZlg*hfc+8_XRC~j17O7WV&uxJo}{c?If0%nseGO>JF>HpAkPY(#mBlW_-Szo
zf;(+WDdFOMWgG7pacTL;-CzC!F@qtJW6eFX3XTAp3?lUw=9-B0oHOT5QUw0c?#*%}
z{m}g1e_ew>t@d!R_&{7HXg^Ca8N<n^o86re^}$?PCp%?L!Y53eNb+pyyzevsqyXf#
zULBrY_OSYTz2?(li&1G&1tf;&xJWW@|4Uaip`<q>=*_gsp!8*X)@i)@U*5ui0ari$
z=PkH7dd?mFe9`0-XGj!W0<Qd*;riFDdw+;%%s}x2Q;_L%QR`JkvVuTBFg!?DIWs$!
z-U*<h#U%hnsQT&<-{?(qz!A9V>R?ULjr^Y6zV&v?%qw?w^(lgc(pxT9v(1d2A>ER8
z;3BO5Z)qk8MK4~!pgQ*OeXiE`Tfh4-M^=Pmq6VovNlSfNT`yXB>-q%*7-yP>O-}yO
zRc-@ND?J$B5T??R<Ht$rwPV5nZqK<&tp&pe62{prYnipEsyeem3@ejMFn_}2^x>mN
z^{?)PLku9Fo^4JgOH~}UMv!)hHvzvw@+6)Zq6}|jcAZuDBJtG$21}L<>ErF25`OKP
zx<zaFQbj~4xxw0YsxsUoRi593lbXtjsy+NsZJD;A1PnoCF!VJ+Um?ZNW^j1cPdWt}
z=xnz7kmHc>f*zM!>#f2qiF=vJsRtmEX{j-*Pkofj4vk69`d({hJa!nmh8dOedO;SQ
zwB>HOdGYCtPgy1*5BvYSfyV7HJ0V$_)n(mk<4EIz)#(g&yjJw(wbgjmny1fUG{&ij
zEYit5`EP=v1!Rzh3!;7UuOoPj<Wmo$T6&~R^jh9tIhVS_8X9k=%J>NL9@=1ONX(x;
z;z4peDW-e){rm1*V?yD-@G8MG*rs_8v9LG$ad6`+%Ecu`Lve)_bb|mf{0x9%TU)_m
zMz$7zoc|jJs^EE_yyyA%HR@5X*0kMi>3NDxMIZ@p4_%n=t|d2CLTL@>g5n?2MB$Bw
zvi{mK2+jyJ|7k3~3~8v$VfPX7SR!&5Va*Kq!Ju=)>aSdJ|KXvg)&9#v-DLeA9_pgK
zX7Erq#{Hjps8wg4dYu%e7B^lI!ba0wm=s)Xs^z;Y!(a2WG-g&Kr*3!*q5uWxqwARS
z_fPEKk`|Te{WHzU`2RpQ#gHxfd)<qa+6#{DHNX1AeF(kf5?r9p4OAOd;e6$A_L8U_
z!$-|GjIf_|v#sJ&f7qmXl=BRET#KbX3H?n{&a5c+GUtZmW<yA<LxkbbyvOFVFW+@b
ztyEVi+Km8LlDlV@_nM@oc0cGJH%ecVpMzCQ_z>e+wnaZnQ8cl-;UDBg_8Xx!zg+V)
zKYdM8QiJ)nX1nom)A8l^(HZp;8ckWDKz8(wrd3=$#+~sYe;kyV%nf+ACJbhq=0B}b
zc@lLv{qO5F0!f_EPZtjJpdVcwaCKr)oXD|<(A*5>iw$?%qAl=D9~}7)&(z7d<l^0(
z?Zc<Hg?6txSH8PBXIYqDq51p?XY$h=>EL{-)<NL{4Rui-sbUFfW75TbAmMT@-oA=7
z|Mb_9vhykmhiRw8XCb;XwRGsueAKpZ0w;;9w$zhj-xJBjgR{vZaZmY0tq+%!s?wG8
zkCc4ZzFSrt%3YQ{e4(eW07QS?;N6L~v0!#gK}n3-3phfw0-sFFsj{FwT}X$&;qur#
zwDo_(91ZC7GyV@3;J>p-H(LL1SfuCOiHHkn>vNyJ9;z0MO7W2+J-7-{fLPbW?1+E)
z&gnzzoa(GLnKyexo?+!hUKJe1R|ns`5*o&P_s*?Jf0;#nXKoiNCXzQ|ickBX-gV{}
z?Ln-e{@B|oAm@m0>!f}Kbe#_CA9{yDpxX4Se)P$xI|Q_fYm$1)?ZDkKtYX2d2#mw%
zV<Fm(ZNn#7fI^DcTtT!}A+$d|m-UOKX@a^*wVxl3x`^H@bNva;qQlbku?TNQF^I4)
z$q2II>pb=Tm<4fZZ_YCYJA}GSUeW{J(}fXp7>6@@kd<PTR52+G>=WEb_-U$-@Ji$I
zok?W`NywD;C`WL;PO@6Pn#qRX%y9hp)^%c>P;CIgwa?6PpP*1&mrxS;a)^jd?LU8h
z_#;<{fzsfrOSmQmXti4+K;Sa~Ki0gwjZ2dFI<-K~!3)v{bVlLFpTz*D_WGE!*{cJl
zON%i@H~8FNBt+_8&gN|jD&$P>LJy6&ygpnhTdVo$H2CU>5pT_QkoN-Z67AkKsjR%E
zG#=PVc=TmEuz8XLKV`|Bo5s@=$+HA8V0W;u`t7-o>4@N`Kpn<YyzWwh)i{$Uhypo7
zK}U2LCQtKr$DKp>uxaG>YhSyFnD+cl?(*zeTM(X0P_bm69&#TzqgS!oxdc(PRA=2~
zmBZwKEkF8s=TlEk%CehA5omG1tCmC`dVO`#5Z%X!9h1uet{46Lpn8@dIN9?BYhC5l
zu^%c<XbbcojncbUuFO>$TyXl76JQn7b|f5Xf${^744H!}gfhRf(nof7(Xkx%gvuY%
zr0S_cTcOM(A0QrlVOMG)OIC2>9yF+86$OQ|u08}fHdXSlE31^Ch@`j|CjEcDUVp4Q
zIi)PWJY!ZTYwWI2u@UE~^|d2q6=Y*z6N25h!*x>@`-67-e5$R@R#{w75*ii;_o+5<
z3v*mZG^Rv<ms#`Jr2jm&qWPKTkSuU=)VvYw=NE%|VZbn=q3o6|lL(OM>AADtA6Wb+
zdBJz?E-4<)w4N&eQuk*3wFPqWOII4cd83!HU;K4BY>n=f$5)W77o_7kax$-1BR_hr
z_W8xg_-=f((ZFE?79{99<bsI8qBWgt6!@kXH#Xn?Syg2dX<S=YdF=PESL{nzeFH`i
z+XOn~_Fi=Qo9o0w<aa|!<AYqF^5fVN%n<-N8}4eeooLjcE-=hoV*Qo2oobg-D?Q`u
z(1U-y?;}ztn-RNpOD4aQNZwAw^{v$f<CK(+Tb*N;4NBa=C$MO!<a<&+0q0XY{h)!W
zxxP7}Wc|8z*OmnTV*KK!DF*)E_xD5bTw{G_*3_x7Sn7-&`vKIuopJ;i=R*Elq04Kn
zZTq|10FD;bC~v?yU+F3D`Nz^<dwKR3C_o$pYXD21W@SOz`V5#+Fv#RU`rA*RGF6@e
zUbpeH)uQ}}=jvcg3_LcXD8V#R#z!x7spZAKj6}YS6Lyd18*1ls{{CZ#lu2%WhJG&c
zh(P!Z3Hf__Ldn*<EEcu<5|PH=S%B^qg2Do9658l<O%`a6RS`I8@;&%loS|%W&W!3a
zt>*!@h8~pjDs{+|_1V6G&Dif|v_R*^Kkv^M{$XXdV*tI4bBIclY&eU}LQo=45nR+_
z?Tvf=)i3&rkNzD>|J+7wzyQ0Ls4gPOqE5dZSW9_-2NNJDJ_g){rwqOD-Acg`Qkbzs
z3>gOt9rF`KNdd1TJjLdk1&r8Xf7a|^Z0h8ZSFo_cn@D@xgZP6_g&y0YVP$y1^WGU?
z;ULhh?%&xE|IT$5sRZUQ@@KK}a1#m^!H?gn2K|G+9KJQf^vPct-9a)!10iDb>Cd4X
z*Bv_6x`#*MB!&Z(7*2-Q9=cRtlyR56v$ONOdEP_5?-=f)4CHlVrNvf;gbzpk;W6^s
zZp<Amm=|4$?#n<*V0Q!Ku^g-ABMNI=n~i+*Djx1-<IJ7gUC!(4E(Fq(p&;h1`~8!3
zGB?JX3Y?5jpJveFC6$dJ3((Xmuas$*aP;lGxzyNLNG63f9U<W(G@dlxUT~fi_vzTP
zovs~(u_|MKLU7utvS$K^FvNwzopwZ^eCsb*fVDIvvdw2)#d>y=^RkkTC|ub7$Q;|)
zY?LEhwbxo0`~k5t!uzeh*aEteFe|CdaPsG6ijuwsF*60QZ_=b|X-<&C@ccB6VE00t
z<7j(tsx2=+FVc8+)aAd1ycD(tGtz2PBn0J5%f;8ln{J-$B_5a~;7_T0zTYnbf(UQz
zE!TCQXZb&u#82U6Onp_{0jAe-eE!&h4r>;SJta^c6%-!D{~EMJ<DKimu>+5wZa|mL
zL^l$5h~kdUj^Z?iz>wowTWS3v^(pvE=u&o9cN+(l0~V;)N!aJ^bwr*h4W6&3*HrHT
zp)m&82(Js_yK_VN9!!<(k{f%rwcRz!OZ$MAgFxSGaZjm;fY8nal7e}&yR9ZOAUrM~
z;0I<3yV#~yINZ6bc)TeVkeC)L_*+EJknusv$+_haIeG9g$a81q9U<S(!WW}h&?8K>
zO9M^(kYi370Gst<pP>iG(@f`>!)h}>du)R=lZJx{Zvf<xa}+lL8I+f{vc;0Kmwl|P
zgy6*~aj_P64h_^yRI)pivHt($R#6I`2zTE+8#`*ZlH4axWM(;D5jbBC$JdS$&pX~m
zX@ru@K5`^|jML`&?uLjluI96u;r%8R;rM(vYr{a%?v9B;3N-{sj2cDkUB;U?Z{mMZ
zgCw?tc~>Xi!d;T#qNAOsn(xNdzYPJSAvZEY0nQsDB?WfQJ)3BJN!w#D4G%qgag#&S
z1-`d&gp_Fa!N<I<q{B;haJEp+{(h+Q>8|z^4C^9dBSkTJ6%Z>0yP~^yjR9F&-TkxX
z&Yz7F%{1E=ip3qUjP0LzOCPk7{zzM!oVW!RpjgiXzhy7ZL3tb<6VBW(Kj|q%9BrIB
z)PSfSXmcm#j`qv0q<^l6e3SQm@E3*4J3`X#?ecv#sd@N}Nef{Gx=WH{_H2y@tzk=M
zSA-<w|0oR79L|idGE$o{3^#tjM&-fB3T>~3uicsSlT-g~<jA2zSHoQTIUN01)%xwy
zud<lyxq1XDDk<@H5lCeQE&}o3jDrFT%YJ~}Pb@B>+6eSi!?tkTsj`$aRMy3`^V*Wr
zrZbq<hlTh3dtYx|Q`Foi#hao%eooZT2%53iTlcS#1-AmV3>Pfm%#CV=)0xoC&ELs$
z=TXDUFlh-|xi5fk6LEV&kCPMtU{2Amo?rFpQ}IsWz=c+x8~d5jSHGSIcqS|A?=w^7
z{|YLM_<y>=O^`0Xqw0AOy_>+K6ozlj%~<CHbAc$~t|VG~fsMMiM*1LL7>K4hC$8o*
zmHu*V4wau6;_yCw-fNEUg2%?j)kS4NUl@ach|=vC8O`%>Q8~Yuqna6H$bvBc`6Jwf
zV5gQL-60XH%51)wEU;f4K2!9CJ=Yg~H`P{{zkV0++$GV8xoQ5qiN;HMNr4Ys;bYQY
z7duiM&VDAOpfgy$U(`?(8Tj1h%Gx;{XCRqsX=!0P{84k!B_fBoh5Gj&EZSYwt-q)!
zZk?>UcNgdE1xUN|3jFn+SkU%?*m)X^Kja&B_ioXKsjy+gp4+HMS500g<754gSMTKD
zLyV(-Gh{(5E4<D!(&Qf$cd(|Ij={7?)LBd?eNb%ZKq;xh;|<|M3E;!eUW3XQj3@|L
zM_Ge)B#4>n*9;KJa~S2~eGPZ^Pf@uag!xu#`+NF<9g*+^?4R|K6{Zw7Rsx=`i^)3{
zQC+-=mOuGyj51NUhLek{oqHZgr!tE)zVj-1WA@;3hu4e*eFW-Xb)r_zb)FneOxEo1
zi!+Mly?)?aASip3UC!<ri4v|YVVp~=lcS@n(=J$E;S=)aUKl)8%!$jjc-K*JUA)Sm
zqMMw5CN|FNb9qW&xx|AkdYWqm)ttLkia`*xwB2?iu`fM$H;ne_`5Ohr?Y@r)mT}EY
z*&OxEr~<xwlcD@fk6#)MFM8V*PM$OgAei5{(Og`Y4l?t*iz^VJZ}ZeDmDJ}pL2&*W
zzVCUvuUA!RKlR-GzYGygqprzLGL2rU=$!Hq3<@LzCTezk&<F+6r^h|ST%T>iVD<+S
zljJnbcn9u8;~Ohct*JGfjp;AQGsym=xV|u6<u|rG@kIkHSniTWa09nbEzDtU;$I^o
z;Fo2bZ4cO)96nPdFTlayhkb4w;dAup`<!h=&2X$gwVq~v`RTeCX&*fb1AL(}{fwR=
zSK@w1w<MU3Q!Q}uUbZ<*!Qu{T61_0Lk0rN+tiz^f={wI3BY)!>ciyF9&JxLn*24Nn
zDP@H&#lI*IP`*qmc63QBWj5wo?C4~Y7Fs6^r(K4ZoBu$$f=R2RvP%L!RL!|SEr|gL
zn0WD!bp7<PXX4KXM>oc+;E|8Me@o1PUPH0-lS$RZsT+@eS`(v`gdGq)Dl_EiQETtK
zy0vlwk?vnIrqGH(3TsD>BV?FyJVal=9uhv4rYSkGmN}5AhB|@hnNLG~zpr83Q_#;=
z4aNRntsDr$OoJ5?TGYnz!7bz;2ewP-;>u_{^?cQrQF3!53iDt1w!L@LeGGtlrMNb6
z;sBIk7nju6cOY}z;NE4HY>rxBPD{hMhVCZ1`ZOpPCvCaXFd8SFguPIbA}6yc`_6>n
zoU~{HJ#~7d#iDTULAspfNpsL=IbSp+v(<)pmLMzX8!Kz-e~y^t$Ps_|;X0ss4$92E
zvc=La%fU9+luMw@0>0FRtv^R54h4lER9RR|VGU|S(>$YL0GD~4=p*y=S7^~L`1viv
z$QWs?f|Al_RGfhz-IMNgq3sW%O4Wp{4mAvFiru>?m(MR7DfFn#pC0Y%`L%yV)Z5SW
zE!YYA`1(QvtX{E1v+(shDzUg-{5(3*$fk(`yG>NoezDo)wW%CFuF+F^ir8eIO!}vD
z6_#bt`E*9&V27HDgRQ(QMYD^DdI(S(NA>hb*&cC=IBC(F)YnhiNwp^+6?8kvwL4}k
zLo>-;BfDs@(yBZrnLy5NDU(G!t-VX7e)UQj+A(D9?&kutD{dZnZp-G_rHSbb6+4Jd
z_Si#4eNWfO&6wc=D$M0=uxQaP_yH*;0`;;$ITa5fP>#wnN^w&WN0atWoc}?y*UauC
z;(50UoOcWTS&I6uueV-pMLSL+QkZeX(1UO>fV?Q7KQV%a8AI;a=QHJf`}V!K-AxLj
zeQS+Tv?`VFsegfvFc3qmFwUMi^Za}7q~#HXJTS&P3jWnhKseL!Fwt~)@0BDKK8%cJ
z!EeG>9znjqGyHnE(@xQOxNkxzc7L89VZ(R4Tz?{Qm(kVbm_v3%r&}()u@Zm+n9<HX
z4S^AgHX`F<R5Ub_0oSVqmLOgGPG`O!ItOk*n?J-g#duR$adE7z5eIM~#NN4suh*Ob
znlD-c=8b;Njt%Mq21x}1oYUOA#eE2kN6(5V+1He7kV}%X?RfhkJy2~yABf!wy|vJm
zd~Q8`edw<_F9?N^mg_zzS|qQ2luKRS|DU5+!9!@NpXofR1zq*_qI#Hd1^M}_0=5<L
zDw6vrZpn=Q@3cfSNH5Y;)^(R7n&y!BRQ8XxxzA-<WJ<223g6lEB|IYF@Yzw=A5Rgx
z!=dtr5;<oVEp~4?e8|9HMtM<1te2lBB4Pq@H-v#C_b7tS6MrEO^t5&a1)&GY&UnK3
z06ujlLrZ==L1=tyUl)<M`N9{mXy=Ivp--m2d5$GT_;Uz4FfNT*Wmad3*^>0&^G6o=
ztr8Kj_i`xiPhT+!5iVYs@!i;S_cT$hfv}&;`IuCHKf<UhAg4C?P}z37GvzduJc3^F
zxQp-(1>Gm=L*z!wcxNL=zCprg+}o0SW`M>Qo#wJF5R$zAz*k>V5yJWDtD^cX>LWOR
zVAeTLP`mc~Eh7^tPr!L2qOb!m!vtdyRhP;=<F&OrK^m2Z4-nBA1lX!T$ZyvS6@bd9
zS~|)~bg4*xxy=Xk?K=!{4<N*fdaqOnepIRlk?b_u`-3y(8{FrYt=gON9{58ng9;&G
zJ7j`kX*t$wVmB;6fpy|UE+El`@?%MJe!z&OIwwNqtc5#tRy9>an=z&zSInLM^G^4?
zxm<u8)NJ}zLup2F<}vH$AtNbXe|?M#33Sas{3+#QM0D<;()LNfP=b$Ke%4vNjF=@P
z^Iw?HBCM$8E@YPpaaOy(Iff+(3xLVaqD9TS{aM_xN`YhoR~e>kWFvE{abo@<Gj_u3
z!L9&c>=JLJlRmF@8^=DAXo2o+-oxdP;N*#Uo>{VMBfyUdrk8m$_pNA<voW^#Cb>-c
z%j&K+mpP^Sbl=Y%U9^lL(nqQkZQR^&9T8jv1ljGeE&^GZL1x+1Wq=Eex{sBywnQ+b
z&}TLb0^#H`G#9NlL3HHc?4U1#ZU%}kOl~m+vOnoV$k(T`A40+pjS^8FInQ1D+8+;|
z(<_h0c!;!g)ym*D%~+)^2_?f4-d`ob1zQj9(=z{3*NV^QlJ|;Uhzbq9tRDCGrrse(
zK<*%EtZ0jL5bOsisj8gS_vtJ(GJ=~0@ATT@^GyQL72YvIMtM)_J|@%KOEGHDi8P*Z
zb&tR_D3y{KPk@5o{1HQ^+n%mn1SW<`u9bKOdhSGg-PeXacV$+6*YfzbdF1Ty@bI*I
z`Ffw~sibz$UT6YXOdqPl(|w4fBy-*H=YF^hV1P4S)$pzAPjS@?30m`3I(Y<$T-Z+O
z3NaBoaTgQ0*|WccZmq^TBi&N8e}4==h*DfH{gHcLn>&@{dCb&SbOqJb1t%^2Il&8k
zsm%%4*K_|Td(gQr4Ei+2NyK2ftu2G-mSereWzMl2;R!Flp{l8wg15$4mqs9{!M?xI
zg_`=puc^UycH2I!m|OUh_r9Gldxi_RJN>|Tl>zR7{rfSdAhB|(;)fd5#u5ox*^7RD
z@9K@X&5u3YACcN6WY1squO<E`m9W0^VH(gKmMD<CQ<6eYQT+|nWoTdli;lYr)BqJ2
zH(rcH-(?^EJNqu)cliy77DKS<kRP~!fL4%jf>cag?(EpAd)6iY4~uY1%1lFtt#j9U
zouox(7D}3PG@fLUMHB))q_>S8t*hYQT36C0WW{}4jF$JnH$fxDNTrpdpm*={Q`R#-
zFrW~nzhedn!;(q<yY@9nSsP4I=K|?g{;u8l*VRh~BsUg+H>`cR&sReIlCqoQVa*Sc
zn~aPK0k@$dURf@Pc?A{)^G7sN;U@g%OPA(xT)<JQx<3uV^)<tbf{1P4z&~nt6t84n
zRd_}j;pC7waQo`#>b^JDPv#y3xC1H+U4nf@t=6O+9?~-Iq8DN(Dn@%8t<l>5dv|VU
zDjj4P{+-iXRE~nOrL%zX!#*7y(a>5MH3#=jknvx5gxuT3^7a(pAIf6cw5sZ4RmhgD
zTa`?jcsFFgxW{e-<Hjmu{zym(=f#^KxX&~WDd<WC%8g+RX?n$qJ6wos*S=wj2aFQ+
z8pg(f0|$r=e-{--bqfKKAtUo9A3Y}wK$wStR=~oDG6ZCS9O&xW&W@ihlS9MG2%3Qg
z0-a}t3zz~j7|By$c0upB<7lRTKXar1;u0S5DcBf;>F-bMr>`zg#6X>oHYDtQo~AZl
z&P?&Q#J}d6lF)@5G7TRK?am)7!k!Beie4uv+W)V}f^Kid3<*uQ3|XQ%>w)jO_3J5M
za=xEhfzM9)aS*P<haW$EickVbnyF=fIgnbdcNYBy49Mjl|1MWxqClpiJvR)6?<6Gp
znnr$Yd*gvX6&&a7gyX-he9e+}=1e(`<dNKAZ>_H%y3N_Oz`#J$^-G9h_-wZ(@`8ww
z*fDa*5-qV2Bf3U^KKij;vT#p#^EZcwXfLY2a`h_SOsY16L@WTDHb@_gN&zL{<r;39
zz~j2Dl&$iV6TG(^{94;oX+tase!KdlPWrb5DFlucghcoi3U(GS!l(;s5hz3&FA8q@
z80Bng$*Xv{?p>eimoGShvd&z&b`7yxp<lZunjWu{%zgGv1ONlN^BouVzheSEI5V>{
z>eAMKc9l0|9gG4t$W&R3aA?plp44yz92E+@up!4DPB?RPV(6x3q4Qse6VV*eS<Y4B
zCY;&@Ve<!MhT{|9uvHBxc1o?iPw*fqDGZPQ{vM^dI7ovRgkOq4+xqmxJji)lE?az7
z5p|Gi&hDy+&Yuk)iD!@Nt!Ms#yBSii_18<Y<naztH4?aiR90iW?9(a`i_!zK8lB#`
zHSG&c;dIWdu6wb^Oyir1tE*^o?8FNdD^|8iIPV!_@k1%`K&e!+ZlrOq9z9^RpP0yf
z@PgZ!1HRA}9U@uSrGiCe&JaCJP<Z!lX=fNh4t6Z=UkAGNX;LI*#f=#**p2dcL4nPB
z+tsVPHEqy6T(F>=HQHNF;ACrPs2^Gw_I&1GNV&z08&-xcWi*$$VrRfcis2=qu&_gy
zTy!*9qV`U+p>4w)6DE5u!$X_aRnR3!$UWF0e&Uzo5>C5Q;+G4m@6ktY;8d=!*8bHv
z!2LF>@~<U<H9o&dfj7~rgIIC2H$D1jMVOG>&Nw)&2d&UO{Ik)Z{{2ctNiT8u8zuc4
zBAlOp1}jrP_@vTKDI16BU~xx`mZLs!^#^2E0u7cb05dy&zFNM1;jVY4Z(r;(3%a*g
zT0^6|#Ve_t#_>15i{4L_n7lWj6nMJa5wpm!=Z`hbX`!fmI9#e$9GNTpD(ZW}x`?1f
zH*0tux(AfhIARAk71zbr52-htjo%@yzIQCAYF0ffb3yQL6RUx;vIe3Yj}E0c{2do3
zDoFEq&W5Ro(h-4&_x)fq+f4SqSbnXCTK1Rx__4d(df5F1E7V@pwz3!^Tq@Trkzq8z
z@Du*09pSxucEA;h>l<EFWwiLT&M5Id-gK`M!O?t+mkLA=Y~b$i{pk)FR!8UWs^^_2
zQf8mn^4?~oh?ZRMeceSv%(_kp8TBM||2iW{@dtfZDp|N%`sEk7n?%fuoS(9$c3H#s
z>#p&GAAavCF}eE$#{<_DXLJ`GE0_7}*UPq?$#y#jb?x4@eRt=VISROl>>Tp+&Yfw~
zYUoj(RKQ8DdvT+HAv6|Esg~(oD@Pi93*Y`lGMn4$5g;p2;C8IWfnVo2yw6-QfBqq7
z{kxZ48aKyq<80{LDAp%DGScUlOZV4Ixo{<BogESfA3KWo3gFvki<RvM#4P{A1xU6;
zr($;UN$#<lAqO05)Fo}xj-C$wD}TV{s4cxct=+$W-F9G037I82JD=af@CpDb>Go}L
zk0S%z=H-lNK;I-gfGQnTEW~FJ>X7scl!5+9-{guLUbD-+#I?51?|7pUb>&L;pKY^a
zCP<4NB*Qj1_mg8{Y-Q{qttrxCh|%fUJKhFkzrOj-&8<M07w(1<=~n;6RU^@^&R~ni
zs8N<c!B8W)V+J1So^czDTK1>Q!V?M^b~@;t&Sty=j?tDrh#g_w%a}O}eo&;Ltf$8<
z#SIF6h~)H=w^2s39y-z$A@&T1SLZY{2yWg&GSxPyNaLK4`^n#M&gH5yycoPrCMLQa
z@LObXek!R*9bB#8l(0_M;0vf)Z2P*$n5#dMuRBh;?%L;tqvDIbQscD`Tp2mnym+8U
zjw)n1yr@4a<#d1<xVyXKZU24-0U09t?2Q+8XcsU>=F&NRv8!aTxqxThOqfPutk=oU
z#ZNF~rZsq_&irn)pQ4tQ#a(;2ZWKI5aUusN1OnPt&lrFo6?f?LZEL|kV2L?KyjBZ!
zh*^c=$_|5L77Y^z4P`&W^CiRarEMR$pGG4$cR+A@E2H>@@3EScmZqH~+@XO*awX@~
zUcJ#qhB3FOW=bAC>KQy#|89`<CuB4dx{kFT7}E^!cq!#!(lJFsx9h&QP*8A}_c2{}
zNG}Y{A#8;YbO%B)W!7mmXp;1J`A_p69{cOzijaUg&j*_LHBHmMBCMv5`s6b~&2ezp
zZ1{Spq~wb<k4}htgw|c3LYP98sHC=`nAYT*xzm)6IVVp%XoVqJ$a5P`KxQX+g@M-s
zJ2ZXyay=r#zi6}lrFWnu5Vflxgi_34!+@dU8QH&$&CIrL+O%oQ7VLm_^gp!1!eTEn
zCB)^kA08`pH8E1-V3!Qc*$eBC3*APQJ$~WnuqU_$09?loa#Rg>;9&8}!%7NQcXp7F
zc^bdP#4C^eb45AZN92LZ(>HH|(FD{BVe15Jb>OOw;!Q(d-aA(qV`7#zSgr-;p5l?U
zg6n~!&&1B-4@6mhvE+1{o10hmSy1s{(+!+_4<9)qaBnHHc!pSMf2}W@{n=w&F{J4L
z!>C<Vd2;f-n(1QZiqc+Y)nC7VU&dpCE7LK@eK#D_#oP9;aI{b<oYYfl$v)Hm^A?%S
zdy+e9%7l2cMNiUQP4Y(lxRlMgt~%@y<2~xq>#s<I2$9EL<yTlt;>5-&+T0$m`VhL!
z<J)xS6-yNXlxfn=$gS^>TAjlnw#n__6tV25PlHsf_V3%*B~@WQ)q}Iyc90T_UTeD(
za}{71PFs3>_^jm}{YC`;tv7*De7b=>um#5TN`tdszjg;w%x~&B<FxnW$>V32*gDBf
z29rB{n4uCVHqALO4=~{0+Ghg;*APNfI&M$nd+)7Tw1kNMHZ0ov>)R%=3<?4+5`4QG
z&&<M>(3yF`k0~qXH7@$r(J|qP`H|pdJ4MFoD&n3WedEdafY`XW&m{@bM>7*|-P+1w
zkAW?_;Gcii0aS5{Txp1XwbjF;lOph)ox}izuW19UiTX0$Ilq0?idVCOuAB~9k(d(F
znc{!_L$YN*b1@&y9y!{Q%Fa^b)ek7UD39-zIB{td9ACXKa$12pbM*2#n(5MQ)rgd_
z=`DH7?Lei@AqS*2QWK3=8XMcHpY&Z1TMWh{HNv&$HWz%aj+Z&^K~F8<mpQNI;xW8!
z>(&ngZ+_hyH2bcatJFLFX!%N}@^}?WY3}K#vth#rs&ta7aWYg`gEht(XbrHBu21cg
z@(l|BpiU?fl*k2rlDdg_7Im*M?_x8aLjq`Jb6Rhs1C47|uLc3htu5%|rEA69oSWUu
zZI|{lS)BKe+8>RQ7rC%lX)u}&jFd#yzFa+F+B7E?8(mbSKS@mj>=YJOQCWF4`GWpf
z(31<L&hO!IJmO^2S(Nqk>4VH}2`l<NIuWe|wiJMBC!qf|qVb>^LX)`{wBYxT3cP>R
zexdNAKC|rUWw@5lq+lzwLSV&LRY3&%Yu>O+8g5OTK#Ztrj(*_YD=#mPT@>cWJQScc
z!=w%o_}8v*1at-w1Y*S*Ntet!f3V4In;h$jy$t7w_Id{{^VxNxajC|9KzrqVgWp$H
zPKUe&Yi|+hFj+t@5M&XMj7_=_5k%oSQfs&LTC1pU5RPGk7=1JP$LVv=Pa3`8oAh{;
zw7=7{5gltt_v0=-d}5Ihf|`^kx#SiUtXL4w$%wrwkt8I*zL)2^;uOaRAMe$EJA<FN
zwSNgsNN|B!b|A}s+qOtjaS$s)1sN8P7&~v&zj?Mx!*PUS(^9vZxV=9r-qGHOQ%l_4
zy8-Y;bG2dW@*SX_`jj<L%n$-*RQ>Q_v4?TKoIr{b|AU!{)L@{KNHPkR1C@oGV+;wP
z!#B!baNzz7et87L^qpyFnb2t7pD?{g*DkvHEP<FLuBm?e&(8wv6A^h)4Xk|g){mC2
zb!)tqvRbyLML1_De2C(h;CHzB;(?Qi@Jq+x_a<=TM6M6Q2u!~DX?8aAI?k)u-s28h
zwVRDKcx-OeD_5+W$m=n#)|^0Shr6*hSnn{lQc_alZqND|b+e$bkTCB3p`ljUyj_tO
z{RQV?{>an`ZAw-aa@zh{8u7jLe20%GqUn;x_>zX#>WLAs6nL3yqV@>ejtETQYw~7}
z)ZQ!5)?qdK4>IvOnUwS$e2od}4rk{p-jV+N!aBPI{u_UEDi$LL#BN;MV}zV=uIw(7
zkDtj{5+)8?55i($p#l<Yv420N>OV9HjOPb~SAF>4Ol!k~<{-Hd(TK)H2r2#ekz9d@
zdkcUXAOT<^b$=Zw?OlP>BK$Er^6)+LN*t1@d>=h{z>FwzRm?ixn2cC8%qQpwUYG>r
zy-PPU`27Vp;d2<zn<qq7)3^%c5Yk?@mEK!+M~-O29=&?;ZnvoM{%tn@`v5{t!BFGh
zxw*O$FlvB2hjR~;WZP%X203S;-~|N<>iK?;`2LaI{(aIb-`Ce`K@mZth#YT<ipm!#
z3V`kPJr5r}T9beE7&&EOcimBhLFK1ZH&vV<JabH6Iy2wdpIdzGTA1)L^+$=neEr&1
zy-$eM$_cHsO7!(EU?T`r1MeKq0a3&Z3_fWdpI%|ceydd&+ygzy49kL#Ej(A?;t%HC
zAWMc>N?)s%)(Henr1u(RFrNjn?JQo%U`e6XiaNb8H7iPV+C<DA-%Bmg4{uS9L=rN<
zffAMtqxwN_jSxZAt(Zm8L5TH_Lo7J{2)`=M1*xn<gjYxAzOSj7u*PEb>Y)-6jffYh
zkf5QYr1v@{<ftL<QB`x8CrSs73FVBPESo%~bH7<zA|Xa8Zp}UAIN=q}?j+HBEf^~Y
z0UHDlgnoDL2xF>UUsdHq1hQ70M9ZJ85_c2vw}Ss_6O(bp4HLvg#dX)koP*>ceY|H$
zHDAu`C{Uch1aAglgVb<H==aCyQpD4Y*d$gC&{I^oHQ}u&p2<W(@ws)@r6lM$Jr6v;
zyr_X+M>lPvNJ!bf-?nffo)3UE<2M&5^zlZh`r_q0o6~R!!V0Rn?@vw43?2j#OI=;v
zwp8}_Z}@u5A8MJ%2mZY+24$k5tZ^iL*Ap6%5HP0>TEC#<sr|8!QKS8AFfh+q9muRl
zRXCCP<Jswld%(MQa(?>M-nfWIfBnkM1mo9*+A7ge!v*Y@BGUHF4M`t8N=LKo_yNpn
zy8q|PO_nczUsa_z@CaE9F~qtAyqpKWkve68(%Fwu%0Hi~FgcrlTd%+H)Bg6r+Y9Cg
zIe>6qV!a2N$eWp)Pd2+}$=SbYQ}}g5o)>)(XW*J?e4$NWMd^c^)w!nmP1W83U~oTj
zRS4DbblJX%ye_4+sXtgjj!u#+!$aKlzkg2Wpkoio;V4*klK;WM4hYVRDs)z2IlO**
z-s<-^>@2qCz{#T$;Ix77bgNoNIPd-t(*FL`BjYxlINbk5y>$&T^Jfa^3{D@+g+l-Q
zMaxT8B9aTC17~Lw;PI*X8|RP4h$V1?#-5^9c6D=;sAXk-XRp8?K9*fEcl0t#%eT<!
z=HE&KY~?qS^8&Td8Ff;BtSh5vd#t@NM8rT<-+jO@%FK+~X}@ihhU8bbaH8OFJE(Ro
zZp)l%5T^9P<h&s8;ILCvR8Iv(Qg6&&E;3@Y9HuU&-lkt$$61>vIq58gUprg?Oz^3=
zof6G<KRtcuP$mee>9kWHHBRoP7v#grYPjA$KLvH@V|4TkG;_AHR7{6*gVw#Iy60O8
zv}sP5nwpuz`;%AQ{EZj#>Yl@x7{MLR|J145otVaU@(O2Q=d|igetr`d^#e!xpyS8I
z)+LfJh3Q#LGKQRJTpu*?6jD4oFRd!aHjAGxk<Ewec$d*@T_Pr>Am&EVZvdre!Njwf
zkS$-eN?)k~VBg(cJ*M=@lNx@f2aZFAoQ2kszZ3ud#$cwF-n!`?UmF{RODN_S^CBwK
zxcK<Sv$PMG!7aSXQxw>%4>~AClAJ#I-o2}K(U3&ZhlA|E&pkaoVVa#<)k%;C)n`XX
z$6|#+SsU6RQd9pv=-{Zxw`A^p%-6Sn>JKs9!+K%oFI;%PdSbQD<H6H6=U-vy%S}S*
z7aLPTPYJFJ&KNnX3;UcL%s2NO*2752*(^NRku6F4)r1&c3O_<|DDkMVnB4BxBD1PI
zJG+)@>OlwU;W0T<<f!XA6;o<_s;mUUqZ{A6F6`=6e&X1CS4P>*KfaM(b~7xDXdh7S
z-==X$*hWVNpE?DN$Xh(Wu<*=Rr}vW=)TZrf^Nll;$e(L+1XN1n5*cNiP3+<8U*1*c
z!Nw;B0Qg&%SP$BIFYyzZ&0oJNM5fsm-sD{r6&D|yJ6bH`%A3AYvP<xWO7<lrp^ta|
z{8p^?7u2F5Cu&P8_(a<2a)(g{pCxoDDaUBe#r5e*;ucFwOL)>TX3tZ^=)Uqx1=tT~
zD?ViSlFaWZDE?Yx@(K%KL<wO-hg<P{<)LL;3x<ihhYiDV#jmZd<_INXV^A$~9LXU=
zNC<fEmsjmfe(>%gx2KM+`a+H9OzjDIa?g+U7)t-_N@Ax_$3c09E-PLuggYq>#^4uI
zE8;hdPqcNWxHet}D~G2MlUPe25EE;L9Dzec_Aa?Y_4Q{b2rq2#A*)qHe)9_x({+(P
zXw@n*ua@S|zXU~%JL(H-@F)^gP}zcNc1NQ9yRI>?GtBVY0K6t-5n!D+oxOKp-rYvm
zWSq<S!#nUgId?Q2X4H)v4$jUjig7W&7=2=s*}i)(F9(~vKHjVhmMe+r0Box~C`0JH
zQIU%x{UfxYF)bM9dv&DdF{%Fk2*hPN?AlUa;BpJ8(C}9D^^t3qrKR}z7?3j?vzvC8
zCnO(0B*xe&QzYa7w7tduv3o!^Hiw?TeR|M=U}HVRk~0ehYZA6dT0P~<5+?n)IXvh<
zU2*c!`VAY#D!X8Y7Z*3Si1lzbrAJ73`26sKBZWHiM@#mhaQqypc>|1GgQJtjMvKDi
zuDx#2h!ZnFeYkZcYI(oaUBlVCI8{lDku}Opg0~pAQCn{sgyWKzFGqQyoE0GRb>1BJ
zD-=&-m3|I#p|tel6zo6sPgsQElG?p{cY-xYSDA5##8jJ&)L5p%qz5DC1<Bf%t9*r7
zF`y2I&(XSFY)^N0wTW}{_EmAB)zsWfeQU)EB~_-TZX^`YWsN5lg3Klj8ELrK8T$<q
z&Z^g!us_>PnkB~Qoh%9lxd)z_H(H|n)+(h(Dl}wCiHUwinbYQoWqi4nl$ttX<T{qf
zB2#V5?_16{v%vC&sb&b0n^jSYCL>jCmKqxNkJ(M$^p&44Sr}ZLp#{~h^*$b>w{5F~
zJ?gKuDQ0J#X?453MuJt$DhhhAkV{iH_KEq$2?r1TT4W?<ts9&U!pd!JcoV!zd)BPP
z+qaiadPC<*d7|)h3}=@@PW*-)^`+;}U5?ZJNuh*QeUqz3by&Z9JXXK*Ucy|3qy`}F
zeIYDIvhhZVzbGusIX9&OxAf6P7^xoS-yfOF>EfZ<Ev;Pg;u{9g0cX!<2fR&C)3?hT
z<waO2NnK%K>nVv!n&SR;qylbK4Q#RM<F%B>PJSA?HU`yyB_ApJ@jy!MG#SD-R*cgp
z6|GL<LsZCWUI90UiMctwj{Ey0_5vpzOu;+9o3Rmiq~QP?7w9b-u)3G*h+nHFkLM8K
zPhsF|G)G}O1#3yYLW~v2X;1%t{@d=on>UZQFjRLS2L*H)*07$yPpbQ=C+eql+eaKa
z_q#^d{P9n|^wN^hJ$h*~;nD36Hs=rgF=>^qZr9B}(f*zMx}Ia^<i{u|X$pG|CVO=L
za`lK00^&XCJ7A=`vkluLrZgjCPKVhMB}%6JSuZie54w2KK&h>{ISE2Ua|wS<u{x#q
zyx<v1O1F><t$OyUd4W?gwqujdVw~|Ma}yU7F!@D86K6jdZy#Ayc<Axkh_fN9CO=T}
zim6A?O;aSNWX}izF!v8VtaK!l1vZ=3&JcO_ZYy_#w+zkiV8jwON8zn(dlf6MtlV#8
zEZkUr97O}@TVi2YH<9aI{Ij;MoTN$T#7n$skrv~070<2MWvzn-4g`Y!5=<KEFZ-Fg
z*SV;#v?6Z;(`ihd`)bo1K#m2qosb7(bFC}7rMYR8)0Z!(B|3}2ndhpg>px*5otpFp
zA>&EC_~`3z_JVS-;Bc64H`_Q9A!*gvOEVq1Hgw&nA`MQbCrY0T1hoU_g*dHWe<#;y
z`MVupZu>`HA!YQ|F_A@2R%cv-nKGx4<j=uWX~TL|nEy3~DW>2?Lc8K>(%V1F+0pR=
zU<51<%k4t*s&fRtJd!8GGDeVWjRYZIo!m}%8^EW#fUhpQbqUOR@xmFEdSvoc9L28p
z;DFbIhKn?5W6UaK#}q-{(=~+dR;u#D2WG?+gYpZ;pUr+aGGKe?ri17aK$<T<9V(d9
z(_&A+9qlEP#^`D^I3XL6Ftds07cBGaA94Be=;_mU5V~-50^Ag=w5cbffx$VBc58J~
z%Fu{J4joImyqaTcB}eCY$tN@z(`7~ZXQw&!7M&g6Gen-gX5s>~DPk2YR#n4x*J7UH
zc6`CGXphY})kWm(9Tvb+l0bKo+ILOp^8y?{J{@XsNJMLk^g(l+JlR+jTbzA#{wxZM
zyIY4Mw-fPXuEqxy(P`!^r}Q`^&eNQ#t2lLP{@;IFVoh<uw=W;F&tvm_Qz?UZD;EUr
zkVtznBEsRY5@?9?s_E*NKN<Y1XK*5ovx5IOL_-F>guk|1Pep7^oQ)q1KBNs*S-w}C
z9G~>DLt-g13|U#(d9}~F@fSnni4y|_{0hffvd_E%OyhKhb^RITSxPlGMGTF-=QV-k
zB=S0en^{)VePydrZ`LS05KRq@7sK@EQkf;ZC;<wHQ{bhHt*Nc8sHk|g_3N$GcYgn1
zk-Suz@<z}I1jtwgp6Q?jQ;snk^lRps*VxT@8h7L8J>V9eB32T+@z{TU9(x17rDJn1
zQ;pxe*Za)EZAZpm;Bt-nnrg;<W5CDJpF4kkflZuU>NmZDef*LbnXvQZ2WEjc$OLJ>
zr>uv7DX0&eoiS0Y={JV3>wEWH;nCJ?V`-ZXqVaTNM`(;_K&q7IJc{q3lQd+|Aj-X~
zPmZTEVdMH@j?IB=v`d;DN}<7tVX`ZmTHluTr3q(vX86RoMhTq?_?y8faegg4oPa%g
zPQ-~Cw{EYc4D<>|WN{@6qc{G14Io*s@b76EI+voO?PzI*)x%>>VUZM3l}W3RmK~e^
z1PT$aM^ujCMg06G_CGW9h?Ld;J^<lM@<zifyS~y^U;l8EEj48udM;qk#=R!-pQ89+
zOohCU;J05V`=2iRFuEi{&n9|UwzH4{gYH=8+=N!U{D#nd246p77>=cW2<!IGQyR(_
zP9Mg>>TL;Te6)sQZn@%V!NvXjcTEh+QYRM<i5BGUjRu$mUPx@ScK^{n#amav_N+5(
zrslU3Oa~bU5amW#7*n09j}7ylkG}+``at^an3&b~?B#-U?Npw@{@wf`c~CS&;&1ai
zW?$B5(wn~M%8!Jwl(l;?2{SY_WWc|?srHD~OB$?g+qY|>KRN=dR^RmfJ}Vg?HG%+W
zoZ=GzeImh?LIlGtg6D6VUbp~b@}L#8!=-!t8RmD%P@#H`@18fD6p1OsxT!l|zt(N@
z==^rd;QOGoKuJ_iWl+1)_3oK%hXs@AGc5f2{>v+NQ;#u_0>5VNw~LCq-=lBXve^9o
z#i^7mrPc7{ZdDV0@i{Bbu0616xMyxUf0h1pSJQ_D{SO@wCrMH!?IPQE+u#pTIzKIv
zUHAQr=4=@lAt(uX$bem2e~Jb!AUQE*Z41>gKW9<cbJNR>#-oO%NtT~TAkdwjGqK}J
zutbJRa&BnvE>*R)^XJZ0IsX(eeY%=q$fJzQRW(N6hxQ6tk7<K>qGKf?1*!;D=@98I
zgut@^ON{O3y`4Qg?;P>%Z{J!jS(3{d-J(9&039%C1zh(2!gHC|hz1;OB^orT63nr3
zLFEm{f+Rr<Ia<E0Av4k2=F4r>&g0$kqK?eH%yG19*LRkgoL5V0>-^)=&##9cg8Jyh
zR@b=%H|)+Gr$r5wz`R_Of;-3>_xan_Iy<W#NGCb6*m;z}6~(=1n4b7y$4w|-RT=32
z8qwi{MN|bw9UZKe(?>B{$=@i07NeUF<j6wMyE#>7nIE5^t*+!Ort`11@__)so){@A
zDz1X<%vrLs;q(|1k_imx4#9g}jE1Hru;}7j)bRJQE#qpZ?xu&w=UaZ<xQTYgSqkmR
zGbu%(GPHk~5xc}x&1$V^DE@zdYE{+M)59J7^qnCFAoawnjzQL@O`n)eE(m^f`r@D}
z;BtUN9$5nuY)Sy=Oh~9uV)9_fg5n@0bmB@5Bt!h?T51Z9Wo@7hLzRJGY2KvqXCA$I
zJI=^aL@LMh%9HWN%MLiGxprJh=PhG~1xkt=+50Kb!iG$D9()?i{sMe@z+%=tx5~I;
zxz!dHsW|0Q#{k-n850IT!rs<#J1}8{`m2omx7FMKi9T4f$?Wb}ZSA#L&uzZUz3y1n
zHN=6MCdK~Uepa4v9(#W6*6pna9iAU^=o>FU={CRP=Od>vdbJzYI?EMXFpQ}<OWW;>
zAa-OIF+A&pDe)z^vDZN&Ek+glk|G}y;~*3RvII5IO9B&=r|wCDS1F9HXE|=5nuYHj
z_Y6q^z%(ELi!`2i9`r)*G7i;NRZ()xHO*xH!Qr?p@b;=(pl^>KhCMkrmsW>whwGn>
zbw&GW6SxW-X*kT5rR++eMbtWWLQ-oSRIWUX2@=if5$%ZUVy6JZZ#PXi$P%ANT$jo-
zVEeiKPlx=63n0Y2ss%#6t>bLupcT#zxt6!--Q*h=xw*SfJ-;}Ai9yHEs}hv>Kdw#)
zUll-d96No%o6(P6y=<N|WU;O7O}xXY`M0Xv4C;~ibD_3?{vx>ir_zy`(k4qw70bUx
zHhW`dM$65RTp$JGKWl9b0cn}yX^!ZLw#E<VjB{CaI=Eh;(^hf(+1V8j!W=$5lV!2J
z3JZO5#OBL=qYX5fOjr6DcMJK8Lk)b;=UUj`Dq`Se(Kl{9cgBr3WCURSK=!_#C^AVG
zmo{*=V;S$RUrHL-Z}?1cxfY0{KPo9IffuNDe=T2DkGR_&6FK=KYwhh-bgP(*=bxgu
zpDHc(D*84%OHWiVP0Js+yV7OGj2WAcl%Cydq$c-sbQG_ISySjzMK;$~>k2NDRzT&l
z4V0+P>M1vGE;QZ0sRwL9{{SwvUUGmFV>Z(k`9Q1toXsVdt+vI^ZgOBZ@rtuG$ff|?
zs>6+^_%ExJ%$DIQ3d|wq@<GC32eq%sgATwDvYL9{F>%X*O@A$`X8>iiS(sr-=yHv>
zXCuJ$TDo%O>A0@Jxy<&DMMZ4~8QFY?Es&UT`G@n2ZzgjVBwj8x`f4MP=VIs2IWy?_
z+Z_?2oXyH~X>c?Av&i7N;M*e!4|1wKf)Rd~Dbq13I*Ivy=;v-JIa%fj+e!|KA3c8j
zfr_A+-m3PUMVs#;RT<UqpA7$`i+~nN-=zXzqmof=-CtVhAxFx!fWiH^`oBK6E?v6B
z?pbKNbvLU{RPNP>k-2@ycepCp1pE&9-JAu_o2u~YWPyF*wG=x(HkJO^<??&QGVtVU
z^iOsAWSIYQ<<ku-nXU_TxX`7>QD)<FoK8PrQ5woDX3j6w<G`3pJ?14wsP=uRLXy))
z(NM6x&09r7p&P!6{4!34Y0`q%w~ih%tiP?OU1spBaOv_WMVB+0GQuv=l(`vnxM%d5
zc@#mm4qrd7?&G~b+Tf}KgktBNJB$7-H<fa!lf!UU1g(W84EM^@#aZ<{QMS6*;l9Xu
zX}1u%EHC@=phu6jDelvMO&vFG{u#9%UH<}v@%8mB{W6aM=qq)gI+~Ik>lGW4-CO&}
zou=b^y><PJ&Cd?<jR97+*}E+<l8L@~)0FHd4Cwv*Bz{f0)JapF6>n{6IqK)?MT?G+
zI(mNbX6nc@vcZXb5e!%^FM%>k#SKo#c+z-;2jDnorvR`+Anwt3uwtjp6YU)b!dE?m
zV~N%7J-SR{(qVXxKe1x_+9xM&U$&(F+pzZL-ob~zbe9VMjqEJxJ|a-~{omTt5_zHW
zlBmvHR+%R;;Ml2xvJY#0uK8)oP}A#ww7Kp$`t;fak+?Xp87t|#-0B9s_KWL+HAzpi
zKK{EXY-N!tuHUkS2KOsZS2f&^IyAI%uid2?c9%-)1|{w-COhtWzQTd@yy9Z8akEJ#
zcae<f-t`R)l_PO)&*2v(C4q6PjnvqV1|>_;Gq^AvF*7WTd&ETq)n0tWh)ZYA$ouK5
zh<zuEQ$knz;0;F&sdT$Z|F1lv1r?`D&Nhv?r6~Qw_xQ?1K|PSzS>O4#JN5H$Q_;|W
zSw*v|6>bh!e{Z$S@qXZsh|uKZn3Wn5Pomd|n6AX#gg_V)U^O%}R=$DoBE;D;Kv-;G
zV6<KZnlQjI$GGwOK#sS+INo-slVlkf7`V0fK`YmqVdCN;<$K<B4$Z!%NGVO2TI>!e
z*h~jNNwx}84p8u$HdCaG)Hp!cQ|-BoFocod>r^ln?#zopK^yu8=G`ME>BI?+xV5(}
z_Z>OX`_ec7+x&}a!ey(c*HZvY>C4|uONX9ku;7QNT(@oqh<8S}0zi5sZgqaHKKFM(
zEBz`6+uP=r#{m<Mt}s3jenNUN5fr$VwQS73=#As%Xs;`WWaY++i&BY%(<#_&8)npB
zw(-BVV0rg`mk#&T78Oypr4$kk#ZV>t4DAN8z8_J8o<rp$U4YX29pmzwQ)qvs`Bj9j
zA;utYFnSwd6i0K%d`S>jP$ihK*w;Pm^JBI2Wy%%<I0ld#@S5chk@D%a@D(q_rJDX~
z?iw;rydk8U&XxDB#oS6`ypWzHeg3?4#0h4n5(5YB7i|{Hwr$eLKu9J)Db;#!lHDpA
z8tjPLo&7oT-o2MV0!2k%kyj4yAD*22gE_`x1<>^7e09feJ&ay$U>kC3(qIYL+;h;;
z%@ejOE>apyIfgmCepK>ipYQGMqr9LY8FSm4n7D9|VL(0F3w(CWw(~RZ=KVjDkfa{|
zzPFz;5}EHKQ%HQ<E6bI$`W}6h^yJc6w3!leSjTv!oxZr~9>MDBxnH<11tMMO7)_;x
zh6xi6iLTgfZKP3gb9g@^L$9U*mjzZt&VzUM08iX+N4iB8-&&nvsY22J*Zp^lK0x9F
z153DB3#Cuc3lf1LGpxJvmHYQQXl8j!vmkrJa2Y(=LIBmNV4+r=i2KEPB(6)+3`3Bj
zqPtWwNF(?I<70GW8s!_S59EyckU#FOu5Vj6hTEN<zVV5q`bF|01S}6eI~JakSKYP*
z!Dk=Yet#;W+M7#He!|Bna1vBUK=^TY?qme-XlZIfJg2mI<NIz`negSiFakJ}JMFmD
zDiXAi)ryIUeKAs9w{9K6u6;A41`j@1oId1#u=OU;T=wnWw`P^<-&}?al_naI5YnKO
z3@MT*8c-@CDncpEDoIEv2^9?_6)MdVAxZ<13YQ|06rRti_I{uBuE)C9-uHcVh5vc}
zhU557$3s3c4KuP6(7oe|{hG8iOq<r5KAn0OIk(5QZ4CNYx2_uC)F4aht?{7r_lnM6
z^J7%4LDT#8UFqaxcs@V-*)w7yS)#t)<7wXg{5q!^5jxWI^)VjKqX!S3ocMzPWXK*$
zb($Y_4UG@gt9nbSd;y+p%D=q-Loj&@i;v&xr*ro0ru(!dw_~W$o>Dy$quguQXT=D2
zhlvXmHzP=*@e^q8<=y7~S}ON7*u(mAo7YVb&|;4)PL2bElnKoRFXoAtl-M-yp7Y|7
z$&N2`jUtZaU-}?#>e>+R@^G<^Wc%LSs{s4I#xi5a^xb+wcT@2c+3JEQV?k_Yp9#9O
zY}qnuy{y&`DvKc356uY-KO=3=_(mn#lyT#RdjVcbw9PyZzH4V!56@1r`38t5RD#hB
zt2fpr`*B$@igXRA0;&b7J|Hdf%s?r!DLm#?GuepP7lIE{?9Ieh44HE`bgFc3Pep$I
z4H84hDK+et=Pb~<90U~3Dw2lzS5#*2s>2!emEC!DicYc$y$ru&>VVkU0h>uM@X%t}
zeJgnHGJoB-;0S5AaB*xv47mTKl_#OSS!>uv()ge-&T{P~O&mU)fx~uaK+tcSCzY|o
zIg^BJV=z8++NR2Pi8VzgS<9bXUG&4Zu#UqHP66d3^2I+T=mwdF#e*szw=hdcU9SHH
zNGpJEE%sp>d09=~=`bTzIE&~|xbY7h$U>JwHJ~aZ^Tk->UdkY`;<HGG*a1l;&!X-&
z;q#g(F>d_$himUUIp{@Q2Esy}lwh^|Q7SGR$^jk&iLw*ODx$Z2Ap6$Qz4%*2(cOie
zzpQX|a|4iA`}!D=6d4_(MxE!J9P?UaquX1)fT(o0E_NF?dY3=!<(Axa?!E`MSb3Fn
zz<aSI@MD2HR?-oE{=Al#>EKXVTB=)oSTg6<91vy*S?%^2<8+1N*inj#F$f8mAM*aa
zb^Z(A-sf7poI6C?8BhLfd@FawALcr1AOypzx&*TtEzF=^2+68AMrq5oI7pw84A{(C
zCA5;0oySA)v<3(X=RZX5g$pf(1ql-}4!bJoKEk2S_#8+8f(-X2Hby_@-7*0}Aa7@U
zk95NDBnU-;Ey?@hptZCtM&%C_-N!bYqDX1^O|$F2)9e_V1USXlRij>lh56=I_VNaR
z6?b=cVkj&p?d;w0)6lMBNqfOX*1x;iz<mn@t9(;$CV1(-eNQlOFM$e|lq}ZUK56RI
zM@3dcu}YxsSg}F~mXFZ!-mq@n8@=tFqf2M`Z23s@ipC50kUQ1Hx}K#@d=z5Kr2c*E
z-=aCAC_wl@><W*kfprYua>+8;k)0FG)!v{Jaer}NyuF^OF4HI}S&OtJlT}pie;#$9
zU2(dhMSR9~^ntzxD{dnb$=p?!pj!h6KeuS*iNLV1?HrS!;%?Q2$$Dl!vDdFR(zc>W
zRb0MZiRNEJ<0gd}0M3=mm+f0>HBPgNM~oOj%leV)7tA8YG>*tuA>lHnyrYwhR(r%4
z_?_82tG;?5(tJ0s`Q19L3OatAdwLXzG5>eeC{zT5WKc;Q{gl8*Cev(Xb+^~PXgm1g
zq8uvEXt(CtvY8fUgJS<jYod5>;z7MAdyO8s>U^Ij;{~41$@2mg1qBdX>cnQ<;WX@|
zj15fVZhc&~2^1u#k7T!qe={w`Lhaw*-b#Ch9%k3lwZ#MW%{oT$L^08?pWf}%6^@SR
zSEuvKQJ)|3>t^Q8GbUvN&>o*3tpD%dznPn5*sY67*H4ZDA}waWpY9ofHjSrZU|gj|
z>sjW0zJ5Jz`0$zezV^D-)`A^`Ne!QBYMkuti7@;I=SKd8Z_?F(fIcG<YVMJn00))=
z_lDz&LMb#P1jBhXyR4(HZhlmUUew9LPl_C)XoSZ0070KdQO4lWvRWRIm3xJW_kgvG
zdIYJp3<J*!4}ZrcO66dO$(7=o0|=JWVoPi%0hGMFqC@)r{{(&9_wUF=EG#YKD{uI8
z1+o=>h}a<nS!C3(um4JV*5sV_LgfI_M7!K;j=<V-xw;p0vBWDJ%arJB#q?x4Qw&>F
zY)0nhDGi-EUCPYMbHOl1S&s%<mE3t(b=`le7%_XGdw9hpx@-kMqM`kvQZ$)Qac$o^
z_AXlz%wBcKu5I0S-=iW~+ZGfap2oe;{uHev(CbV?W~b0Iqn#fV?NgmN(f-{g-D=;p
z?fF(>l4}{@horMfFrT=8z0Hc|MB_kxihJ-%4F?na<yKa^<IpIeTxZ@hV8N%U=bRA`
z;7~#YH)P@pl((zU@^LUAFq&-lP{Po^YjFb45$&&^zd!5OL1R#^0`fB9c}4c+w4t!f
zhi*o+frw@!Qe9p%1gk;+P~gVWIuD?aEiNv+QS;4bKGb<o=l=m+2+N=Q=C17(c>TY$
zgS51CQc~otE-Fg68*OZ$30r^~hLR%>9hLs)`+N(l^TU00(1-DLh>#>|BA)z9{BfIG
z|NP=E{evhatk8@Q`{ZQRJu5MEXCJJ>l*0uA5tY6E{6MZBKqtx;rUeL*1JQ1`)6(G9
zWF;l5zI+kiH_n)g_XR%>J0I&Smrn(QOiYcC!_2s=(B8dbyZr;)Ri0BxL6pzb(-ZtF
z*wPhK0z*O^IOJBW$o&)I3*d-Dzxcn-YB&j?WrY|$E>FUWzy|T6(9VFF#?0&_bA)9Z
z99#rG#$E2g0|Yd**HDNYHb5d%MW&N|xBvT!XWuD5K>tO_4PX%3yK|D1bni#GxtFIY
z|6t(v<Hrm);a$g#i@zR+ff>LTg6<3dDjqa0f5yORJ?k!JKR}SP@@2n&jbZ}FD6Vd^
zvB{awjxIAcuH{ZA5ZTrgjLXKvq(lEZ9mPV4jgK7L+dp&FWK|jdX3_v(-4*NBU8o#=
zXYEI-Hie^KC|9y&|BD}^HEaU2)_8CbEu5V#O?AVA3=9bq*|J4($)5WIlg5D7F;j1y
zhle`dt*esmVp_Z)kL}w*m8|lac&wY{vT0MUt9a>@V_{)gt0ps2Q!{%xxK=f#D+D6_
zcb`51fMJ4x>Fd|8Txq--pFN08LHTLAop^{)Ahn&h-x5O^E_~4Aaq;oZ#OyJVe)jqN
zmv6pPT#?3@BUtIDf7%YXR_2mQ2>Ncy`53znkz+XYaglwZCkhJ*nLTID^N=a}H5ui)
zX@B)?V#W_&ybz{>6%|cYRQ$C0%c;KmX2B~7ubK78YbI@=5q+hD#%M811Dte-{F$;%
zOAySy#7E@FD;8Z0ZhsAtxyV9E36C|4kBf7Vva&x8f_EVf9&zOS6B05S$FtYqVZmp)
zn(i1;OkHE+lA`g9A%vU3ND&quUc)fXbEc{?y^Xv6)3`pyA7sab5H5PabLd6&LxtBB
zdu&D0gWViTDl|h&N$(5S7+R5r+FEx19jXp^#Io&LVv&abtEc2>gD3G{`AV2&NL8iw
zs#0>m05g2kM~*}qRDhv!R6*-uGa?rx^_(3fWb(RYDSg@>eDO|>U@9z$%t5&2!LSVd
zXDUz@X=pTaM(!WG_rV8_1j2AACMR<gO`pDeL_Y$Hm~DPxU}opYcUjM$t4*HFPQC^_
z2SF&jO<fuxq_V<D5*{W;lFMJTT0jsA<dO2AciMG#6Xh;n6fT=L@0xwEgZ)Kr7;S2|
zV4EGdV12q(s`mURRNhK!1mS}-eO*)|b#3LxkI`q(<|kzn^3BoIn_08$Pd*9fztoT+
zq6;|hksGT{Fcs5ww;Jz`X^ZCjKO#ZtCMQ8z8S4M|^-stextRLl3GE5b4jhUpR*Sqc
zDLZ*;e9;(l-5}79GPYl_f--m)Lkm)@?uf;P(>shA!?Ls*pF%2`oM@B!DReXN*Zs!{
zxjqRA3!6>p_i}TO5Nxig$!V0b@D6A_i!Xzp1^db&NwHU~@w>~_f6LZ>F~T5$P?)8#
z70=t*81deW@P$sha%EDhvM@gQ-Mcgt)dPB*d$6-hBt%?aCO~*S-U675{$a!k`m<gv
zNDFPO1(<Cs=fi!SpU6gM3CR^^xK$5o=l`x;y=wYxQ93`&l7tDMcpm-30NKQcCw#~L
z@2>*pm<}Ofp+xq^G3CTdm#Fm&7cRty)Q0G4uM`3BD2qZ*o@5xXVYo)n-4#ho9*d10
zE)s`g-~bH^6ux$~9f^pL?caY2DtOx#DDApmo*WUZF@obj(^=85YA?Ut+m!m25fZSj
zKtLaEaY0bO%@Ln8<RCTWG!2c$%KS$!UO4kX7bsqv7BN8H45I+_B{c?uVYO>xaxMPq
z;!Cex=Lvy+3llD0HmWm4hdBmFvjw@(h!N4}&$kh70Dg@*7Qr>Q8K4gTS(oe~W*@^1
z4_wn%eibjKJOligO9;|PrJt#@a~(G*vt1}iNf9J+g^#(+%&c>Mmy~sMpPzurW{ERV
z+EZGOh4gB@+LdB{WUbT+@hAWReg{DV*S$v%VJ7b02A)06(Fx`jd<>G9(8Y+VjY1|@
z@C#fWNqMDk6gq#+-JM<TH*-M>qNZ_pwjo)1^y)RTu#LkK7tHu&{UeI%U}nQr9Qs{p
zMbZw0c5VW4%G%7U)UPySqUw#b0W^C}IahzmP|*CQoa<Z7Y5s@Zf@|#S79q8Gp1&3n
z7dcJMWeLVS5>`6Wq~XH+yGJ=k=`a%###_g-=TN!lNu7cNPcMLAdwuOQmlujfRO1WJ
zbMd7-PvB}jbdW)=g>au(4nE~XlrY|ef`%@Iw}1l-9QNLnJCTOu({b|%<9dPJ=W8r7
zfw(aq{U1HYg+tm-$SjRCG(%@8Oyj({yfSmeps&~axD@5|jL0Fio?GR93OEJI2X+?5
zk<$(Ifv6zes?741y;!ey>*mc+i?5$P5i396cG|AHaxIpnA3hMusHar);zeKa&i7rY
zusGaAS=1mXg06TXQiwiq{lW!dvNHJYETvJ?wFmTAO<hUzuUN>fSj{mrx?O}jQKGGo
z7LXj+h1>qHj0sK~(XV@}>HPUUOFoiv@-E#=)8Uk$A>1+aUNr^5SMF4<p8L(9;M2)K
zyYdHWk~e$*``*3cfA(BZng0kejlYVyFv}O&RqHiKkVB0T$uSwtRpat}$9a5pTD8hA
zgA}x;v`%12c~AP0(>rE>L48Eej$*D8;Y)`N8wSV{^!)dk^XCUkOMBvAV%Xb58R}J5
zG6w`oD!y3wPQ^*xy{kFP;OBM4N&0W3&}y~tRhz3c2)msQ!U1Xop`JH1Wd19(GvM5)
zmg3w55PamRD2f}tys#tRk%H|93fk}+Qufk@`5k-|Kh*!?rbQ8psF2fr)RN0dNlIhK
z-kZ4KYvU|n4ff7HL3Fh@btG8LkIMcIV)V1Dp>}~JgC($!31ijs&o2nkv-D<sEZ?hL
z+e`pQrB@=qS74!#O#%pf#gp?Ox`Ar=Sa7hu5(T!pLks@)$1?tCP9-vFx8_x2gKR_#
z<B>4BeX0sJ>jMu!TB94t-k{$dKj?sfzO#BHGC`@qUguV0pQ0r!{oK>Yrmr4{#EZ_I
z5IbG%|8*WD;juy^0|SNZG=8dHbA*tpHTTWF!-o~KmwzkC$f<CtJANY}p|{a7b|KqN
zKlB!%Uxd4K%GiN!f@Zv3KFgXLnZ2BW+8#u`jt?GZzJv0U3E-k?RDk-kXP4<P(e#hn
z#NB$+7>cK>D|V%o5{0A5_k1pzZCSmCD<*<NVldd(fLEolwPia2yCvOuy0|F@^my?8
z{pla?MPiXb&g#-=2tGs@D+Y#~I5CIGzyJNmvL(p2N5iK>tOd$yGyz~f@OzA;L6wKg
ziOdblQG{W=dUZ1Ab04V6t`~P+uY^Vg`r-hl13=Ho-{fJB@G`#8>2h*1$jiZi009W4
z<>jyFo-@VZLYYl-cyXI1B|3kFHt08b>dVF#=SY7{sF_1W#w8xzvfh+Nn{z<<3d~>h
z3ww_<==z3AbZtHKhtqnLQwE|^a?M+hm_kmR{ZMjs_58C{<DSY7tRrB{%xm_vYYKv#
z_iPo-dX!1SJk5xp(PPFO9d~!)!OXJD7D{=|*dm{2XEWhvhIpNamT)g#CE-Z!k`6f@
z+!lga0Zj}u)IGjlvhUSZYjfb-5ltiae||q?58Cykg+>b(D%PZAz>f<a2g`*EfDovN
z(0zM)Y8{%BnYflgTjh1NvIs*FB(h)TN5nnco>AAt6~{lIZ+OeSXt4ta6qi=NES}7G
zoAiS}C!+HBvtfMTled>wcB-riV&A22t)FArt8L3VA%i1V?)AnyrtCWp{iLLIl0G?)
z`0H>6EO~PVry>(vzFb)(K2buG;>p~`YovJyGpv4Qh2Fk}(h#<wxBrw4Z`D8C;@q{p
z;(<#BSr11#P7{SS=LH2S=Ix{;zxxC2rTsG}si=%N0pI-o-Me>Bp3G}rVfF|SF8)5g
z(rAyl{D5%?TY+~|jqfXwNt4J6)>{4aIF0Dtw#UjHP7f^{5@qZ`H%oU36g`M~)Z83l
zJ@%$AUz$E;OWArMRv{mOtDc85=)h`7K(q%A4%3{94=;H;`G2$kDtX=Cl7pu%y%0h#
z;8Es8hMsi%HWP`TpqCXaA;K6kVH2}S75XAv^j->V$~{Qmx~~B&G~)E>!);!fnrXrw
z_iA`)j{04((ENvlCqn4|Zmb?dHW6#x_80QLb1i9CF#`g?oLhS3hd=1Y7U16d&D0_k
z_FOL8^nLWAxc7uel^<&RBO)SPZ>#9xx;2U89lT>N9C?3Q9lVgwU3+mz#+BVa7s64!
ze)URJ&52$A%Tp_OPusy6^DodD#Kx9x!e{cC&P?#pfF|wO(Mpx8wd%3R)=Tox9-WUn
zMMAAnScpS_Q-hGoZk3)r4&5uSgHQA~3J*nYPk~j^8CT|xwpOpeFpg?8R6O!*i9SAx
zkF&D2gC%%+{$Xzs8w%wWGrY<eIpv`eRbghE=WO#^IUkl7yrJ58TDB>ALS3pi$q2i4
zb#m}(%Ic`mkIF1hDs4ZNNQ_BMdHBQl?R5Si2(?Ox`Yc8dQ1FBNo@X91Q~Z*3n#TC?
zL<h_Jp|GxP#wujemeKC{2vP|?(YUZ&SwuB-SY@iB%!0!rFpew#&G&o*LIFk)sN%l-
z`udP0*<~8(lJW!k^>aa!W!pjl1FiA&1Sx$zc3&kn4wRyQbxz2XQPZc(d|SC@;t;Nd
zC#ygQJehh16LY_rvW|0x>x#mLtJvsRFA0f)Tcc&|9j+D~yU4<=AmAJ084zZ0FixTI
z!ONB|P2KQLBX6Y~isWcJ1@_R4&|7n6&!+N3J_dEDQWjcP|BJJIf|Ak*FY%pvQO_cD
zO8zoHoM?osD{K44^HJ^GN5FZjsW}Uv5JCiu7@him@>OJ<0jl=fIHKrRiN~NeLM{n>
zb;;g-pz#OlA5<wRRLPb7rMXW3@DD!IwL2EX(&92`YGBu-3)tbVN77`kqf`Pm!t*Ry
z_m0dbu+CN7!Uz~Rw`)s9V!HdYDhwh7faT$%Gv-T{^d34n8mj7kGh;R9&7F%GOD{_F
zEf}Ajr?xjOD@sHKVF3M#HER^#dmU=k93ds2L_x~6)~|Y8RWNd$KfI!uO4Kk9>$grL
zLl@1^qO=_dd+_qjRzhX9X!YuIuKOqBq!5fPgl!GB^_nmtkpv0K{INk}vz>@X2Z`2i
ze)X9ZF3i$db8WTkJqkvGMn+C=6(%oW+ZcB8zY!<ELg<ToUfDrRISThHZ?X2ML^!Oc
z75j#{hjH)**DsS5<b5Q_LWqBbvh);^Josh=BzwM32kSc4yJVA_+k;@28RBLAf0x+_
z)wVE^i%%4KVIzZ11l!IDqcF8gB;%8AUQm!kn+@T?S7T!%L5Id!t_Jjs&vJ6O>RLE7
z!0wE#tO$NF9!<xWz2m|0xg$U~c<RwcJH;aR)1?6FWn)1@1kE2*g`fJb9^)a%sgT^j
z+9$r6Dj!tySmD9_`$Lfu;9+O?ul%&h&G+r%?EAKL^zfS*XHgm4m6I{=mkWy3wAjSN
z;Kokoix-!Tvy=C`c<Iu-!A}WrTD4(A0+yPK7w`W*u~o}@_38>Cve46WuTa*25!X%H
zFD{Q!L+cN3#3E&b%$0P&3qp$iYqM#}K}tGOyChkfLaX=zAJ_hMa$@v=3d{X2ZcNJ#
zh&wTb^PE-OH*4VZ&DtQ1c{?`FZU8jdg6_mN^~}~610UeUn)`d&z={)1x4$$ESl4uL
z9bg8%m~iNao0id3P>iZhnPS&2g~wVoRYe8NL`6+)Nx8Ac(Ya=*z_>iP!c0xS(~E$~
z9$VNUH^bYTI{|hEq7nz4TTSsxE-vKQu6f_pK7g9A>fBfx0RO0+?elAOqNB&%9ldRG
zN0k|*icye)B0VVEgy;ZFWA05?V_bt<wp_<%QLX>VWX9KcHO^a#j(Z!^hWl~cVHM;O
z@$V(o)f-!l?k=RJe0v~(`?k*Q)}#-c)FCg>6w255OLXtPl{e(&HJ$57e~I0YhvjwP
z57L7M&AC`YcfjW(Zz|`($Z#(&pswg@6STW@%BA7MnzYt771*L;91%W${e%4jqwD3M
z*u`xeXFsP-oNr+8aoC#t7cWAPr8{KQQ3W7DYWVS^_U<!49B#)i8U5}1SEr;S7V7P9
zw{qnS$sEFl1@A&!aa}(Kn5|st{Fj`+z9CxqOhUr*_wTidtl^)bqe?R2ZD0}pBzXEu
zGBP%nXy=XE;8RRY0F6G~Ni{VxWifibT-RALvIpH4hfza&jz34iEu2q>{&?e!y+d8;
z+I!+`A$NFAvNzZz-~#oOc7zQcViJ0-5{ySfT`OG5Sv8r|lG-uNwfnp`?eFTl7VP)j
zxk@O)sw!w`&+!Vdb{dr`da?XsfSkNyr9nL-j`oZww|t?sEV}2S<j%J{WpJA$BpiNJ
zK22TyNWz$8Cc+R?QNCGq@scGj>e5<c7&i_{D_<BfapgT02faF1c-^Ceny*Y3(=DU>
z1#@`mDi`U*Ar9kwZ&4xV5+*Fbnm>(iHXd5OwS&sgU3c+O388M(RUM}<7OdzmOZj&D
z2b~shGD*KSn~PsA1i0$PS$W;gIblI^zG$%7OyCI#W#vokY)bIQC%maI;B1<VjkK~J
zWHDQMaNa4M$&*brhDqW3AwOE+^YSXYQjg=?+#9fxK5IQ=816SCGa&2i!CKcT;EXCN
zG<n=%Xg8d;XgOv*$<B6jaX}cI&lblSY`=^wyVjTHHUy;{mYO<VPVP>Aet$)y4l=`j
z+=}-#9t}{?ZU~kW(71aMn<?z+RpmtFu?-6#otbzKFmL@+JEJ(<z$ThROC3gyGCeiF
z|ER*rQ>U(-IAs5)jBp+AR+>PB{Iv-yC<Ne;(8k1;c+l6yd%tQNsi1I%3l(nCIBl&5
z3TmpzO$Ve!UI_Zo&1IkZE}4`>X_e~xbI2ZMK~2UU1TYi2KfYz>4s%tZOd?(?IxtxH
zC7lA%Oj2f|>`;+;{5du$sQ_L_;pp28Z<~hHWh~glvu9^&^pf~et1kVVyNUO7l{u+~
zk2;2aVE52ex8Ui^!1_Wne)}>g4d)HvmLPUmO!L?K)%1Q6KTG&gV!CO9VJ^xTy7psb
zWnA+TuCyaJc5J{DNp^Etc{vtw$d!X=^HN79>TWOl^l4DvzE?Pl00jth>Emtx;PK-x
z05veqz~};4Sut0#i%U_=@a65M2r-{8+;)f@@}lQCS`8I<oybv8{qjO^T3QSKTU%7N
zc-bk=1uN$3^{_ah_Z~mCr(mYeBvBO+5NjF%>kI+^0z+*<B1S1Hg>a0&q9WsPt3&F#
z{=J52oqVz?-Mh{DuNNco5-kf|KB{1xl6kI5ku|s~`L5dm0%)RfjzAs&p{vRauphr@
zQ9eWqTT+;O!!bb>(e&1hmdK;^&$QqyH+Oe$WR@|R>t#!y+blxaFlxkzT>GTMS2hV#
zL=cK0J>fc`0y+~EcxUbIN9FVMb)KTdT;H-nx0-%14NtR`6>_$p(No^AeaYzlf!z*w
zz}P>|#$7%p7?u$VEh<jke7;@UDW<Dg3zWqthBh4&dT6Mt2P5pXwOa*tD#5DqP0BZr
zdsUgfxnhX)Q~Q2n<&tA6xBQiah#*jV01${0iLQ2#M;v&<FIjVkzuKjv@7O*P40j>5
zYHUz(4-?-d#7l05I^--SmNo76?YDRDt_0@cqQC`|B+t~S9Tkf^r>;9osE>jl@A7=R
z)kG{;TlhHKY)$6k6|@*kR2DKn<j3abLEvNJ#@E!AnD+bNI)!CYVmtE0=ZQzn?LNEn
zI5pQRJ$s6qE-@KgbhYT}AdAAoY1Ln=5^TTOZv0aGb?na757N)1e@L$GxI`ox;VRzU
z>3yHiU*Eo7bxdM*zaPK6YZ>$UOl$M=1t-@&4WTN{fgnJY2i2bEZhS|C5`Wx)9#O`z
z-*hEpJ|?Jc`T2GEpaZH1slD3GNj?wBy?q`w)o5)p>NH9Y5QFO-^g8ys^Y$$tyPQst
z%$fpsr8|+rTvIj-HGbpw?|JS@U3)zonh?T|BT@oLtxAY&#_eQE;2|Pd+BRe3Bk6V>
zR3nW?6V4xY`t(9gRdw|t{mdit*?PjVFE5`07>z&7FBe>ZE0T1JxNo@<J^4j<MYz7Z
z?i7~ZZg{#gYBjwna6NopbMMX*zf(f<wD<V=F@kXfwqR{->yo~{bDlkaJ|0pBy^%0o
z6-*XdIN~o8`?q7L($wh0*w}0#3@Xa_&Pz|>S1ve<D~W;FE>y2vrp<@D*awD&-h>+D
zdCotV$C?WY4hAbyn?BtO4N`OOUMkzD?Q6J*=?VIZM4Ko!SuuZ*7qKNl!VBH)_xxl3
z#k{B&Liz4gGc=Yw5e=a-hj;*KLrxaWz>5P1diLp)a_w5ayH#obm8(|^gf-3~I$1e+
z`7&C%e*2;UBKXfscl)j#9{y$VbA?fkNX0HKy*8)BSL_{Qa4&FysY#7*^9itL)4qTI
z9{dd35db5)Ob7#EjS6E3WI|8hJ$!yDW-2C;K<g#i$;{kLYRaGk6jiD$4g1{2g+$3h
zh|wH4phmge$&WGg#|0o&3GIy6Bh&3XHG&YhidYp4wXk%QTw(Nbl8156h=*(1LNsA7
zDc#(b^rSBO@#Uz6(gvR+K3kB)a9lB|{5uILGc*_U4$FpHR1xdet=q5we-X_(4bj29
zdrwZ=tf=+7$M4fSq{;15Q@j4vO+ru&5X^%5^oPt|UqZhf=u)U*8m_t)zZXDBd`&bo
z;Uqg_0ZHo|lg~=%zO%NW;ibEr_{*sNI8jCg3aMQ}z%@0wL!5)p^u>=#rB3c}PinR`
z4x1jkn;H+w1L{_N%9KTGS9>1m@uLDJjYr)=v@Oa2nhkGG2pnZsuTJ)Q)J05B94|eD
zEx$Nsb+1Qf)*iW4HG`EjYnET*fz}08DiWxaC1rMD5&2PF6p*$1&5O#g!*Y9RajDqS
z{ARt;Y-(n_ZD$G5J>%sXCQ5@q`g-mL98O#px8~&Z#lfXg7MFg<#$>=lfJq7V&W#&4
zdJM_C1EnLdom{mfM6wqb8X0A9b90q+G{5INLs00ri#K;my)cXjpI$>J-zVVWu$zQ2
z1vZ5&v|)qH-ZGNqKwl9bSY=MIT=b3nW9p}-p4nFKG+#V>rZjb`dA?bvZ*j$4O78r)
zakhhQ@$Ics^z5lR*o$98l9Jmho(^Pk8y6Rj)XdbbD=u@5R+g7%eq3_cXds)p{L`l;
zk8F}ye1!Kb`0XLFplV1A`W5X6Sv0}lbj5lZrY%~$_*}4u_FCHWtTzvP-9GO)SW7G-
z42vZN%Th~ALjH_Ou81M8*@jAlHJdMlCjYFf^L=yOw+!Bh47mUD&SlXaH^>~=q5IWx
z3St|2^8hG{cSX=LoRnzIt(DCeo-BB=0lA8YhY(bF|2|BQO?!|4O%k~So5DG{%QZf}
zbLI}YGtw|rCF=Qks&{$$4n}!f`<Jo`L1ZZfcIptE#azj=ya7+`60YZ*oQ<r<kNLwt
znxQ<|yt$t7G%iiw;Bl|DHd0tYuuuh-=^N7%?iMjNV1-F(*+njhC&w^OcFh@!!UzzM
z-;HXImDq#5!&TdCN-Zx4p&cCd={#LEnE+z?a9sG1>OFfNfK-J>J@RBGtsaup=EfSB
z7Qz8ET)$i<D*1cY*@lMt%N5*`!fvW`iJ5L${C=h0qCSOo-5ib{KQ5q%AY}dap*nK#
zjv1=9oGDDu91t|;&Q)+&5E4VOjg+)BG9HE)a*R1UPnu>_6Mo_SK8fFZQ|A;dO1itQ
zB;!b-*P`DBWpNVjPH*)W>=+o*_TlBWd_Bt)i-S+rBwnlZk$-jFNh&P+G=!9Yrb$G+
z*;py<=o~|i83Ev>BxX(XX`mit@wS%C=wLjGYk|gI(9!b5ud!*_FvT(sDz=?tyWjT0
za>UEKI&tjSr_Y`pd{Tsd9&ym#HhK?vzg+U&98DN?{^;Jl4?KFy6NFwV_S?6u@xQHX
zU+5lKVeGP!Lx*x^AG$c4Kl=IAu;s+9Ter@g8<{*S?XcqO*YMGrW5@RJ_H1iSL)wU+
zh_kR=BQDG)5a|ir$NAz{ukJs52tc671O-1oel5P^(JA*+WEd19O4LK%t}FM2Ay`Z0
znbDNJhCK9Rk^;Vsu3%?dL`Vp%^(s3%VT?SLANSz4ty}TCm)vxlzj}<dwQ%mkd;lGx
z;{br~-m6#8+!63oj9upV2d2>zU!JyYpm)zcXB&ip+5o~IKdvuM+Lyg1Csg&oy!^6}
zgiM)8#UD0|nr_+fKI;3AA5bb)6~)^xTWidv$+JEg67u@Z8%TsJH*Rq4lLOnzA}p`}
zHMZ|$hnq)^9AOi}dvF$u<VhdFxp;^Bi4+nD33)$(>)Nq<-sgB%g}}l{7xFXTTvx6c
zk@+o7vP+^vTVCo$N1HL9ZmA^)IR3m4J5O0nIeeK?VD{-JH`kR_S4#~V^e|d6wkNYU
z1|66ty^wCOxd5RTH8l_NdReF63!r8pL|(mpD=p6ugsI%RsMio|T9-I?FxH8`Z~+?b
zdD$ieVrv{7g;dij%`<yCrLH@a9ibz8z6Dg9cZL#PVzb~Hzj@;Z1b%5i($+D78l7hl
zSQHW#wob<sq0LNjxK1A>#1@nEFlruBiYs~RMqQvZXdFC^xAc@X5_(_g{t7fu4>slY
zH)^R#DS14v$L@R2pEF_}C2d(hPkX5T`Gt3beIO)i9|0f9`#m;`klV}o%$`jGsP_JY
z8&9MsAkO26RydvWnN=4!(qjyF<D#W9NK`o>Oy;APoSnTKsw8d^qN*q5b$E%N^xKoV
zE=^^3qkZ?}_fh-=@@ay$r8W**)i3CI?>t)^fZ|bPWgHucq5$}7n<(dYB?Z|0Lh|5c
z^u7RStlEd=lRfYxV1b7DqObAiRAaeQAt{|ShwLzVIoiYUckpvzGfyf>UhGn2`Dd)7
z=>fy}p9f{Fy0-S}S4-Wm#S@`2mMRrO@j9HJGi%n~S!WQEOx<J_5dbVr2-Nylm&>^Q
zsik}ZD$t9tIk?*8L?qZ*mz1f99xq>44mw!iuW<4s$uDtOineXBnLc5)ssA+3-80UK
zbS}<6-8G@)EhXd0Z6mt{d{}N~HfvePma)Uke{pR!4cAr~5h&Uz$I=5crV3k{2LX+z
zCh*DQMBv=RHwQ41&2XCd&L&88ksiR#+3~wib#frhRy>Nfoazt^w92Z5K47?C?5F`l
zJ|#5d4bV8dxKf5IPbf9TqkvIky=QOlGkM?s+?O*fOSgZbR*Ty$qv0Ak?EaLEH=$6j
z>Tx=@o7-0H<Jtzn?RRk7XUC_@lT*4@@_dvA3FK~7$fdHMW`}kbC3#oAo$A)=Gx2Tm
z%fwsp&kQ~%e&B719uTn=Tc7wM=G^83t8cunwsKdNb9WkoyOMpjz`(#X;s<QkHH(X&
zBzpp?`Um3jkde6rqC!l<w)*CVbtp=>Lr{)=A(gVZ_j&m{^$E$7>~ka8N|Yv^ziU#s
zfY*E<=;?owAmd-h2WVR_z3nlnwFw?v(amwd`Q`&EfQWtdKr~}tc%D3xRRK7v&~5PI
zu|aU0xJZ(WY8*rNKWcsc^y!&FrX{Oz4)}@Ar2n)fPs1hElbT-etsO_yN6dq1Fhi@A
zkIs!X`tdHq8*d#>fhtpoPJ<&9Q-Y+R)nuZoDloi|n>&rD*-d0E@MtF@KE4)C6vBpX
zb7~fs2xnH%`@29eD7L4;M*@{DKvc4FMU~^b8J44ip5k1hBn?`tUDx&EbiLx3DXOX?
z+j5w>Dt*{^^oaRTDXO1tx+XLh%At4vj)-U}LoGn%aicALKYCmIoV#{og%uz8q>p&!
z@@2D?cMN287`0qTWmH;~*{84*&y`R7T4Qs|ty{0|ZCy}JBpYmXarq7~1ksAgA}aWf
z<Sm34ZJ<W5pnwoyin8!10FvjvMT+H0v7<Q$WI)WpT!(-d(^@phywLBKx~?X9V@WG)
zxrF~O1*4aNW(jdP&vwoWmz;f)2pv)9<j%4YNA+=++`4`Hlx0+8r0!}(uHq+GnY)(t
z^y%ZwCE5`aj?U#kf2uyR_&gJlhWp_e4N>X~C~y)W8HxIFg9>^8XvN3ndfE{i*Q|M1
z;o`7y!;iYU7ust*KRN@e1Bz0n^zV#!=qjv-78}ol@)|iF%n8e|^Nfo&8N=jfIc-uj
zG`IQpQqTt2SXg*KwNp*+_V=G6aWN*z^~fMkZ5vL^0s9Fqblhrfefqihx+??YR^+9+
zC2cCZhbneGh+|}ADJR3Kt!KY*O&HDpoE}%-ExPd5_2)LT_hfh^N49T-qKdV>zL*11
z5UFtCLN(r-A2RdHukjlq8TnIN#oi%z<_`hH<R!UR70fG%>JUj0xejoH7|Qv~>fn<%
z$UJ}4CAIoIz7G^@$7FH*BB8FNAP6#W-e)#8`|)GBaU9-AAmX0Q8a?3HFDK4N{66z;
zU8GJWYK;maa3rr&Rc~%Z%YH7Ahf~LWhy%46IciMMQ_9hvop(y6E#H+@u`o=n1~vz5
zQJ75qba5QFCoT^cX%i)CI%*h8>+il)fmEmRejZxZ93OR$&#0FIXX2>A#etW=a_Q2t
zUCUjX7WK=Fxey$a+fVsSwahaVp`7mgY;D@cm^&&Bax;rH=N_QO^b@J79(%Hi;-IQ;
zq1U)Gwy#p%g!2M*S$W^<u@#5ToOhJeQV#ze(-;)rkZ`Hq{Ak&RWtti(7K&kB%Xbv|
z4C~u@5(zGNK6s$te|dWO=QmLk^uoPE4+wZ7lwh>CFbFTdg>)>v288ey-WpAP?)%z?
zN@E@8o{sx}sb`ukIKBE(xq4>5efNus%(M1}^8MzBI}yM`VL@HZy`7wrV!rh~I%oz$
zB0B+AIFMD5cUaj3qxI_51N-)!p?rV1qrthn8#ivCQ%4a;fbLyfG^(mWO`ko&2o3${
z!I-tLBR)sA-Y7;Y{6fdyQeON_Y^->RHpPK`&>avvZriUPKDf{<u(bJLIM5l%D<d|?
zYs|@63U%MVb8BFsfBgJ;EBIhvJ>KD?MU3m&CF0s$3=eKKK7(mlG`D^Ah#SxdTbQMu
znY^Kg@{7F2-a(0p6DVRQ6usZI;LJT?$s;CCx_nu#o0S(l2y?r@oMN2!giKw|e}CFc
zMQ0+rYgJxq=xO(tuO&}HP`i1`UA*$+fA56kM6;SLPKp`(7wo80$+r32ei2-KJ!Pr8
za_LrcFXoX#e?|4K=n~86v59i{FZgawPn5g2?Dqrhl}BzB?h5^sQ03mzrE}+k*u&?~
zj|z0&133>1K1?K%8*~7?3&AoSQk)y=do)tajMSAQZDQ_%1+MPyj}8dK>k<Nw9|!#$
z({CS9*1UFuTS}hgDsE<=mVvXeb!lqWduYX(VMeb72QB969w8@J%4`6SJj(UBYLtO`
zA0kqI(KH9#l>4KuP!p-%<g_2!QEM1E=}$2QKGQWjamHorXJ8zTOE~+cLvd`DR}51B
zb>K)~VE<vmzJB@gxV(;HTY%n~CaTrnCCR8E=B)Ov{UXUpwzH<jR^Ry_Er6Hm?i2Q^
z4ZZOT1*i?r%iGoPYKA4QjXshpsHg{I<c=Ia{&`W+;2dvom1KL3sxDLgazU73DvTVT
zpzL+qlCW)5VUnu&&dVt&u$F-aEA1-B>=C*e@k_#<$@}GIs3{p}Gh2~^>3x#;rDaMF
zS6wT5?Mf}wL&A@hg5HpGhJx;}>^|FTuXz$B#C4?4>=fyIAvX4;io>y|+rMcKRXWpp
zy0m${An^r@WM4J+{wNFFJR<N3`W&ehO975~u|`|As0C*^`8@EIeDPWnep83-Hfo3e
zKHn=uNp9J)WS+0&e504+J!a+}$=KgD3o+h<2j_Nt+ub#C5WeWLii*`vPE1=W5+VU9
zeK@D8&c<~Ra~wNiLQY9Z8x0rTFfp#T(lg`M*4`c$+YP~rjaNgEyzI3d&s`f2!}QM(
zdE6P2D~4r)3IZ{$*;A?6MlUry#I(0k4p37Igpj-39tea#pLN=%c{Qul6o9yAc>Px6
z;2A&uE2pwVj~+Yk5A@l_J>pD$1pZLunx7H4QK6hBl)Gw%i_7F4Duai}g{SSZ*?bk$
zjlH_3M^*h|3yT{d>r6AQdb4^Wy~NGVeeR6f2%P}08&O}gp0W`voLqM9Qx9s72e!`C
zD-Q{0(cC{IBFCN5xJj-<lQh8QDQ&N9L^6P>@zk%q|Mn_g|H!Q!JF!4ORnli1KYA2X
z!yskL=x=*{W=IiFN0K>;;FTLU2KY~N8lse4Yq2QeG(-^M;TrC4v}f=Dag{|4FBe(J
z>?)ejw79eEGGrQbl+mV@=zz|Dv-q(~ZZH2E3yx5=;FyHYLOurwaoShMK<v(W2zibt
zCVqRL)^KxVuW<+bkTGfT`MkW^ccpf_W;&Mtp>qsMN_v{hM@nYGE$@xw$=4G6;q3fk
z<BEoza(f|9sk@lj30#7U6=_1OIT@2C^oC~dPj?Z^O(ZL0CDb<TZUv{Xj&J{Yo8JBP
zf;6)5V84pv7mu6lJRL>l4QD8*4?m<VWSqF0;H<fE1~CaORJEQM5zb0Ll?X(2%Vab5
z#QW~*EN0IbXOeqkK*j<XUf<uNm&aM7^mY~b4|^Uv)dL&jp)3nglfloqxw%|%RZ}O1
z)3_m)efI3xW9MUx3iJj?`qRb>-zi7FYgjf;L(rh{!8)EzM?AxaiA7$CO-RsYq@%7J
z1BYb~JjiobPyQEutE<dCA~>iam{{{O#6hmds;j?(b>}8;?tO@5>cRGJ$v|Rx8|yml
zHzmUGajyLFi|P5yl@xTC6v|p0uQ*I48zTGsl?{s(9J5do-V?H)JtD4I$N*M9Pjkwh
z&rgMT0>Bt<_<gg476f$z_#wP3F;u55FOj>$cd6ZHGB$`E#)z8zd-paKWwgHZkbN-q
zhU^jnfcAMPn6aoI^~Il5d<V^886eRnYv<byd*-%5-25RDOK^dmO?ME98EfLFK(lUC
zZfHe-pztlkgy@B|A3uITvF9DW`$mjQLL@885ZJA-Ian*=%s08a`|B_6(DaN~)wR7E
zM|lfM<>kM~ZsK!NhvC1L3ltsop0Z_<eQ5<{#z)pB&*g&ISQ%mvc)<d!duI~7XWvvS
z!Gwx&qf+xou}}5iU!wsHrOL+-9P{jAT-EYH2CUT^9(5n^Wv~%dR!NBY%+Vh`U_4G|
z`XWfB%L4ALuG*>SUzobAukJ+hWSQ>8$Kf39Gi0JzKSG=P^Y7Z{MLz-LZIGFJh_gfZ
zm5n=54m9^J%b+qWykI^-O{({2F)`IUpApkX2#Q0t31Ib<T04?wA*l->ipURSl0u<a
z7O6Chw-}0ng05I<g|nECk?@%iwj2~mq7i4t3em*r!{dkk3!5G?X52W!w_?Fn7bu>U
z$x2Bl$vZn_%6V2lid|p;)UV~rJ;iE&se3kECMA`XL~}ys7XA|Pow@GDs$ze$n#G1A
zic=mlrhA`05o~@IR9cQroEhh55q@31&0j?&QulO^I@=X1R-{ef+YSYzqKT(xr5YfS
zYQng2*d<>G-?m($C}8K#jsn+11|P)faf8)ocZ^Hhfe8k6yO5?rNpza`z>Qb!)wlBu
zCF|Qw%m5*S;0)!A*5e*xu{IQ@AKPdvM0)%HB<TVN$FT6$54JsAinf)OmtR93;3dSI
zi+w4)>9)?xKX>$Wb_{ZKfYMaj05~vA_4SiZ*sfpy2Sp!2M*)*I^QJOZMuV8EsTDp)
z3SN`|u~5m%vhHXn&Uem@XQy1UtYk(kU!DV~1fefzdT0wlyxnA{#es)nQzV+ls~@p_
zJ^}iQfiF(<?<`EQ1&jxvotYjo;Op%6b0_x`T5-MyM-R(}Gi>JaHNq3c$EY!FTK1`F
z*V36_F1817Q`Hb+{U#}p@}m;O|Jh1vgxU}e2&WpNh^rPCEuWQfXYw0Xy}ELigaBYx
z&YBd~^|pX(@+c0zVt=NsMT`d~jL3&iH)g_wQRC=JfXE<Hfg$zeL`mykyKo|M-o{t%
zM3KMLd&;CqafwYlv0b0BBS*$XTR&sC*TD>kj0W|!iid|y-#-}8@$H=hUH4!tI)43B
zR>k`p&Y1{Seaqv<{9Bl=u&Uuq4^&P^MO0N;`5Iv!lmsXev1#R0e5h;J{kLn)AsJ0I
zydpU{-<VyzjbR@ky^NupjPvE{Jve=o)sw;Y*gK#381HWVq(tM>fJr7i_`r#_P$VQ8
zdp*!uSE#g8E>^#)YGi{guC2~9M4j)JZK`sAzCc1&`;;7p^pZU`D!FI4kT@c!U^X_*
z9v5WLpr;nrLRlabC1wBLudhAm=v->ftzh56G00SaZQBaJKD{(!YfCdS16N=%th(mF
z+VkgU(f@NUOr@ZlH0kI?AqR%thu{Gz0|{fu<jfW?W>4w|9PPAc!GZ<tbkT$JKG#Qf
z-^u;K*M`y+;yW3>WIBc*LP`kOXNS@ij@|z8YOxpKS9Z$TZ*)XEXd|V4I-o~}f)FEZ
z`HDk^pfQ%3*1}4j&f;_dQx=Kym}iUbk2-Rvlkqy+D^2XqUKwveC3ec0^*|pcjjXWt
zZb5IWzuvvrUc2?2kxE4DXpTc7!;)z)q-OPs#*c~%j|6eclgEz(zysh%RxYC{WhHYG
z`rjWYmS!xw%7YaT|9HuIXPnHx_uu-N<;fEPy2&+@hZ&=z2RUXfvWpM~ZgzF0PZBH{
zQj-@>Cp|%cjo}0t{!G0ch?N%@5rjf{>D5_T%Q`Vk(N|=NxjF6rk^iL#2J|3tX;8b(
z*8kB+%qEN*Sh8f8=9Y`pHAp;&(B&Ef{JHpGc_?5j$_uB$iy=tC!CL0deN0o_SC8ON
zrTqfGvisP`63_ZxnX`#LkoMkvJM{-(zzt9^#T$Ma$B__lCM8k^^w^CE11&|8@~&^@
z8C&aPo_<J5k+3$V2qdf4S|Rv%#%~qX<UND%2~1h@j7xGFwIB1%>+9bj7+bnD<mvx%
zF_GMkALg-`6{YHVo^Y`6M%S3bQ<9;RZvW(V&m=#?<pv--JSPzMI{lCZF=k_fm6qnk
z7)s&uTDh_>-U&iQzh8e-oIJv9A4@JR%JIbji8!;v2M>}3s#TvT)fulRUn2GdC92l2
zKJvm?J3}|5Io#m&6p{SAHuhw%A@B4*|HZ#Ae+P7bBEL0E#o_AOoMFmAxQS?fXweow
zg_VN!M4Nl5@&F`|o_D~@S=*RD#8HiEgmMo|63JT?sRpZ8Kloh#M1$)|JW2p7$fbr+
zqJ>?rCe`QhEG%qf3Ky9Q*vJ1+4oh##@o(ALm2-NP^*}93=nL<sAOu@#J^bm|arXe$
zF>0@VK<F#mHqOS`-905K$*en({|)?0h#<f+(4=5GSK%l{fa;W`wd2n#xJH(ls?*Sh
z6(^JS++=6d7Q87g21y(=a3E`%$v_hFNrWD|#FNg==cP*k(Pr57fd>?0gQxiu1gGHF
zwYT(MbL6FDGrQIl2VE2m88Y`x7ZCB4!_=(z)6ufw(DZ(Lo0?g+iNDWNBX^Vs!?0Ac
zggFXDdT=P0?B*YvPty5WH8Ytoy#wF@ynJfgW7A3nL(<0sd%B)>?^3#G5pny|6P1Fq
zXq{hPfcj^`XEY~ovq2}VW>g_91=S?)Lxo(%d7y+pl@5sze&KT6)^hvyZ7PgFSyYO3
z?!w!2dZX6RJUL`Nmza1I_g|I6T;z-Fg$qS(JYHf^Nm7qBJ=~@qR|IoAz2<U%(>Sx1
zQ!09+H8sPo%cx|x*%jqHdGd>*@to=CqjM363kj#zI)K!G*-dS1@>MMUUlc|!tMMdG
zAQ7VF(gq;);(%yQp`aaLgCKGv`Vp|Dm$n1W$ja)JK~($v1x8?1HPki6S#MaiYSwmr
zTi%L^$<gLRdkK3Y%QH<|EQ!xXek}ybq!o931TM<rvQMMQOVa)%P!N}8PLb|B1CKdf
z0gAToHf_y={WE_dOA<h5`lK&k?5kF50I5%%I5GFl8|XBH)ux1lXpgvLA_j3y%*rcl
zVC^V69U>jVT%m1=-@1K!V8#lxm8oz~T(+=O>k*@Gnn7iU_lTmS7E8nK!LFc>D8QM7
zS3zSY9)(p#2yv&Ze{<7qT&qF5KR@)ja`cvQhecxvA-wLi3>ThAPY8oLe3&V`<>=>X
zch3qs0bZYp3$36VeQMU1^}UJ{*{`4I)jbw0zhZHlK(Oz6lTJ5d;wr<W9m5Lb_6VVR
zBPZz4p<dG>Xl<zT6#S6(Qc=2-FdDL8&jbTlxN1(fvCEGfJvw7chx*IhXVo<|heTEU
z#;aG4)cXQ_!e`Gs#M~f4IK05qZ>B`Y?1{Hq^hFqMG`RpjalvT4P8}#78y1WY&QC8~
z8fDD1Z2Sf2)rmDng;Rc80MgQ<v{@OnI!&rpt3IF(CW+pD^CjwFeSQ4~MpAUsirurH
zYl+e8v(w(91jV|WcKe1<q(4BlP@sqRmb97Tx5?z0fZ`PNJ35zmf#}L_Dj{wprL&2v
z6zr?(J#N!5mwN8A9Dj7KeKpY)o&?@jRbcqLp3Vt`2Vz@l%&#JIub@GSSdD^q^?~6F
z&QhJOHs|_gqIMc)e?%jl)Id^ZZKZdROI6AIcmU(7N@DbwmN7$w-a0Au0)=*3cpj#0
zWo5%OE%wBg-vwrER21BntF3j&teD>I(<XI5_cb2lGwGY;L^SCnSk6k*Zg|^4Z||e>
zGI>vxaLv(5N>*2FcN?tsJ3?yxXIHc1Cr*6WtN};XybEipz0FOeN{<`Rg??O<SYajR
zbjvx_s(6c{cWx|q@wVQJ^vCuD+DW=~l3~!zKgKj~pDLfVRB2F6mL8<noI{d9kjg<p
zyXPlZr-kzW18jY7av}0w*F8NxhIZ}I$P!XTIFTs8>CTbV&bVYnzLH2J%<==Ah|d`H
ziGMp;yp+`<9)<h*>U|~)@<HiVhtH=)PQ0plBQ+I|4f;?C+2$$ElrHdG;Q=tyq^Gsk
zN3_9}YO1T#HoAYwU5Oe2iT*VRZ9RKLO6;b)=HHTI-|Zjnhbv~G)s@~d8n0fz27LR%
z6XoDZTa6zO0F=+7ccS3t>ZBB=$#!V?xeCD|H7$<I0eW*+kB(#$mbaD071)?-M|`WU
zW)5JK;Id*bu9`Ls)40AS*OU6n`i6!Y9N-3nXU&>*Btu6-^Qh7{5+t9FMf)s-cY{&O
zPTgQdxCz8BNB6sBrpqBW7jl^Bi&Ly_;qFrHk+TVy?T$CYjks2BL`I6)+#$Mzql%y)
zE)yh;ril@Of#sh+GnU8H#KgBm-G54FP0d>jUuj_0#jmC{eZJr6yLL5sa!IM<$g33Z
ztiCyNScJp2wKq{YaQD6_8KbZ?Va(uT2ItVi+<R2AO5Q*7g=>uQ*dWf=yoG1@X#-_t
zb8c%7)tSjZf!tYP4aq^=Yw%Vt#tntpeYudnd-v=^g(=i9s*Xk!t5spjuJ_*bsc*(p
zRkhEVgEeOJ(9lnbW6X<^(i}oFC=a&%MxR%eJ`*Y}+9e?h$ouNmezK$D7Hy45V2-Jd
zR$Qf(5BQ>MWxrqE-&=&KO-ZTia71XY_4D5O_&XJ8-lqi0zB@&|%v2bdrK-9(O^cq3
zgR827uJWV9_IR*?IGgWzraG#s4QC4hVdGz<27n<@5)%D(>VYk|?t(D2Y+PMwl5%C8
z=dC`EXo~Z(lDjM}bsf5rBl0u<tEs`eXKXV;9YU}v@!Hea=VL!>km1AI+s;7UQ%jCk
z6yy)p80?o5lzUnMF?^TS1JZr_PTKLO2?Rpf`Zn=5^a|ssM=w+wOgi7X_FZwY#*``b
z+=dXuNy>J_jAbuhS2S5;S>~fh`W2%Fdq2Qt*r;+PCa%f-nATB0lfnDFW8-wLp?3if
z8}YgesKlL=&?()+wppCp5%HW_1cYrX^E5q+v-0z&XleaH5%F+Qb^0NbT^C_e#&hR$
z&2pt&GV$oz#l^h#3G$maTtM_S0!ZoX%zxnvTbY06U2oUL$Q_IW+-ffYAmw5XQWGXa
zu~()-GWMUpZ`Qpv*HkO^Q~olaH*~b)+6^08xgRE7JSbukpz2M3!xoKUV!ak*DKEwx
zGUv_tnCe%d_`-^-YeVgCTF39BHa_%RX6`vtL-)5Y$j`u<bz!+zRba=^gaeNI^%rf}
z$U~X#?$dv}pQy%g^xVzAC&oeG%{hG!Rb0#^G&2D?Ua_YF@_+OsC9{HrBtTQ-Ad44C
z`1C00KdWcNvym`!<AR=2j~|s1015g|0UWG8hwbc&#lg0#ivm@G%963f3dtHYyl5L!
z=;oQbAyA0gUK;gpT#1Pc30ca6p`tz!CJyU)g%k%WIAN3mXIzQb&+r({JxO-gUKgDA
z5a|`T?mZ5F`KNy5Opga32&%~kpXPK4JYk|^^7yi<Svti<?aGten&TZD0lW1c^Jt$a
z(2edvvJvs$PG-lu>`4|6+yB7!kR*eyV@<HHvCx)XTVqHs!6~`+*-2l=H^-`~u8c_v
z)A3Hn^XQdrIDwFYLvxt^24PqKl1?yAB0m6+2IK4Wgb7vsgei{w`_pcI_;9B3^gQ}W
zIstA_=tLxU6mwdbzZU+MLoC05Kg`J)m3ZWc<@NP(JNEfJuqB%JGBlIC+0v!^jE-?2
zi8|MP^KPRtDy))+b}{~TczA#$m9Eit3$mR{=_E0$w`xF{^!D#Rbm+Y8$y@joO?_v4
zx5&=R>sNAC@Auvn+yUCd9$c8Yrc&L(Jh6}1L=n?|wN9>aF~ivX@$1*;o~<-jb3XTG
zCg!2%$uE<%Yf=M1lS$yWZb^0aGhVPjA}l*0@xsoCU9_dbC=Ch<)SYrYu_Esjol!i;
z;arYF5<VdM`zHN&v|$1n%{B8;_bLTp!TbX}B-$(%GV5ey&nH)$LQrnLzU97=HmhMT
zrJV~U6>!u;Z>L|Lt!NAY+o|=7*}T=#?&kgD%nZ^t3fXDg(=E~wdQp%{Bff3$q6k9K
zL+FFq*x9bi!vmkhrld|@KNK!bF^@}|=)6zZ+H#^*%>=I=5Tn3#un->KL-@LV`*wch
zFe6M9!Yt0Z5$8;|{`$V!S64T!X6dN$!J6o4=rNc-+(>*LuJrQ@FU@{6f=v!TSQ@NH
z#ujke%n|+26KsJ>a&ws1(B-B1BKx9O%s^XlYGtH3b2#XyHTeOQekAk4WBdSa_r$T0
z6qJ>fHL@S)xzL<&F-Dt?X)R*jGRI<)4bz{bd;3c-KK1rLMgz@WW|N<K1qF3cY%2zU
zb!KgB4AuBHVRcwnt!rMYj$8ZCCvPt7;^rpZBN{uV`_rzdqg-Ma+u032Iu{^3RK-Ck
z!IAF;8Q^t-r`B8MP5J<OEKp}`q_~WRLIeQn2q{zy)+rX0?x2`Lm5jbaz-*9LQ>Fue
z_lTGQmNpqDCXaL)#3+#}<divnh(={Clj*#N^m8tCghikzC&R;)1D|a9_Fj2F4>}(@
zV`mxVpV_9}iY~oV&-_Pk>gNmZ6CE=ootw%#z(hGeV7nkj-v(z1Yb~OXXx35HU!>PU
z6yD+z0+gWI9XEQkAg9{DAKL-IIk+Slk#eHaz=F^vvp%b5{=Zpb*|io5M@h|elw50Z
zZZ(zlAd$#t!jr<-)g3!^;=Pc&#R|H?ESOx|SCVEPO;&Mcl7j~`=ivv>ft))Ge9<v6
z{o16hQh<7;t=#!lK1!QCEFUS}QKy3t9bUDQ6BFsvfd`V)w<Q@!EV#GCrU!|9^l|V)
z*kxdnvDfPR<+7uyUmdHOfALXF<nBj93zufs-VIQ1`l2$jA1LF;c^gi>+>~mCL~qSC
zAsylOz~Z+g2RJ;<J{2C$`N!Mjizbn55H7$s+{x2Hdaet@fdmfW>qcIl(A2<<VDD1B
zWQlH~Y?U@U73&9RM`BweFP8nm(kN~Q2;dhlMuaGMAb8slXRJ!fk*SCfueYL2q4DY3
zi^QJ+14N=yqA*zKWo30Jg^HUAOqxxwi43fsv@~K7zOYB}rPA`4gc%p971v&`dN{vD
zO84BDV8(YvU1G4yST(g1*R_MQm=L2r<hB?2Hp2pVpfbhHY{Dy;=v-abqea6C#23&v
zH7iZs{AJ!yb^!52fAIB|UW@1=Hq1aKd$gwX&zxX#AHKuBTCDa7Dsnz3`Hr7?D6H>p
z#To^VGHYLTppIer11+sDwU?6l^zAVzLt*S_Y+OyAgbkSRVQ4oOv>Y(fJbrWAR}fGK
zT#ywb$5HOh5TT2JHk+)fI<UuXw#7|G%94MNHfS7_8Lg|Ph6a)GQc_`HGe?H^ym{*u
z4>VLVkK^&>{94c2WmA`1S&`C=+dm^ir^e<Sx07Ekt&!@by#`<7(?9T%80ky-EGNSI
zAV^G7bO<XOTy!_CftP|Xl@0=?{rmTuTk92_vPuWX683d;=J7+aI@W8mN<*L#fINBh
z`udMp(#NK(Wj#+0Ayn<&>(?O|XwKz<#Ga3i&RvN16O`s-cOkXy!cXz!Xfgx~x@4c8
zF4Z2~-Y_J|@6y!)KXRs6(c?+<>En*w^_zRmi?fd)Ums68g9p~bLNRY|-{DnhV+y<`
zr;a-i`|A~E`tRVs_=tt<kG5Yq-U53Q_@vh7CQNbn-o2M3qNu7Hw09A@y6o~gy!2Gf
z4jYd&(dpM6xJ1N5?93NCa~4rU0TnRwHT{}poEgCf_&d;77mq63!Bl(nQhc#;`GO?k
zdgMT-S}Wcjk2|Z*t6V$^CT;Ta+wkea2vzF{x;Krn6*T|RGK%_(zRDo2)O^b>i;@W_
z!!aD~)e@jvt@cYyY_P+;Su@P&bcSu;lU4CSLOMe7hUYIAF#CdPX1&cCA6#B`OI`Xf
zfk`_)Zl}Xeat~=OX={<)dSRg3mtuiG`u*i<X`r9%fsy);p+JN&vSgjrh+U$`__$Bc
zaVxnZH4(dzy$Ht(6vk!M!o9S);BQYye`p>kBQu>sg>s^;HnUIhy6eEw1Yc}vy3+MB
z2q~}CaqFh=tcop_c@<o3Zc7b-Ay!QuT2oDEjxDDmi}-B1d*sobvaZGvjI)c~v7VV2
zG?n(7i@=->&wk275FWS4voxRTNhQs9kI+f3Q)%O^U6|7lmzieUc?R3vzK1ZJ21uxB
zYbAdhFoH+TV>O(45>W3NkUUh%?c355dX6d!9ac7e!UXft1DbRrw%wl)_{4s*xo6wX
zZK+5EYt9}F{cs!S43fDx>%*J3PqrJC=uncn*}plx+cD(OR^va{c>okOEhFZ9^Z>5%
zJ&kV0oaGM_j}aM22`OJ6!S(!N%Uxj_Y^z)dAwKA!oxYNWy5DG3WQNU}18pU-5kHrV
z4O&$nf2aCD%E})<A08AnlLX?Rzn(MMb>+&a_V3Q-YtrFvZ2Rfm<}aJMXvXPVW-nmt
zc$61{@pu2(ly0GP9eD)uV@fOzNEN3xkfgkuRguoTPDdmHRGO(N!uiXY2~kjBK9{xX
z@n@LWokyKg$Hn?`5J6J%hen|)`x<j*@=~Y(Kt|uOJOu4R)yw($J>@S;j!Y0!(GaW(
zH`JT%4*X<aq8Z<1;m4Cgr~>nYOyfYc?sS@8y7H!KTJ%?%+~6mx=nv%fQeU1k-S=(F
zh8JhLIC+7^{LvdcIsD<S6As&Y+A`kr`M|}KPjNN8_>}N*S><AQj$pN5qF^REwQzM1
z8MiF$EeC>H5mQvhH#lt{K}-S0iPMGeGrUW(vklX<(-Zc#85t_l5xz?I+FsKT#|*H!
zzn>x!G*Z)EY-_7fQ@u*%QesS_e97D>0^P#Z+?{B$7cUNKkG~PH*+GNoGHF>U?xVwv
z4n17lHR3dv>4K9JXN>4~w0sB{BTCn{ANfXb7cdy%#FE9uRboMvnj8-gfrm^8IV2mF
z);nqA6|(WI0gz_S>2hb31bKwZtgYVzsu9ri<ZeEOYL+)5SC#elVm{kuhRHdYoc)=t
z;0IQ|=xlS+zNOC2SDtR~IS)?i(U_?VGoDPk;?RGJU+$UN2ZZFkl>H*_0Nt6(N-{G$
zWn2xA6Q_FLbH1{s3%$Oe6gy{mET$;wB(qBO^PT5@9IX28``CW_fNbqc>}D)0xpxnV
z*-nkA!vY>vxTvPRVEpI>TH>6~<&K19bo9Lgiw5;`y_L^ZXIM!RMAP%lh7&H|HS5~3
zi*6vE@_1PnhDnp;<3N3kzJeT}81^1R{`f=5)^{7>8`P#wC6k#mSl{7iA=51jzw}xb
z3NGDMCug4sOBI=;Rs_YrTia8&ykpL-j!v{_qZXXhJzcIcX%aG>->0T+{?pRZAk{vb
zyehndpbd%D^msqea}csU6H`;1qt_8$d2C^5n(!4Vj6C1Q^9Mu|m-p3;Z09kqGJeLZ
z8wSW;RU8BmE6web%*4cD(^XK=p^LzTK(qeRT^Jdh%UpJ@)r+l3V}<YegLXOckZ=Ru
zLIF^k5AZk@E8AZ-*r(0mVq!F$YWr91F9Kly1kf_O|NDiQFif+p18mCr`uAh`SIzjz
ztpYwqdxyd#-(BwSHxP^L!M|?9p0&GT!G^%W^?&_=k4O)$2R83({`o$^J!cyI`?(Um
zkweJ)U0?rtr|2dLb${)H!e5l+aWGOPpL>U`d~bI96lkOuD+&9H#9OT3hn6)FE7IRD
zpJ7&OJH>Kzfno`dsdsyT>9*_qCg9n^Cyq7ZK;jrKF)8Q-35R>?RQgQeFZ;AYKCZ=n
zCwxfbHtLh~nX%peNlC=~MBf>zBs`SJzFL1n5&1iJa(N6@`92*wp&zHvjN9FL2GUBV
zzQ;j}duo?pfzQkwuAvbsC+_uN=_0B~s7p>co|jKor*8t|8KIK_)5`v(QtBn0#|EQi
zzjm#jf(!irMCfIQm%%W880<;aS-<|`Hw)pntu+B!tIDP%Lqh#B3oejZa)4;e8zDN@
zgL;|Ab(jvEb<s<9RSgUAAvZWZRf+GASZ){8#excW!u<0!^jM7-8I=SGNK46n-B@~r
zO85V7xf2gNvEx=^`v366HvgQc0jw@#9ms~^3JQR!vo(XVDo|qF#%9QeqK%;Rg?4(&
zSUS_V^`+{Q1XJDWo~UZzQg{6<QRro;FPcSqmYZ9$wceQ;8PAbZD4%ddPB0;1w6=B=
z$wSb|$}c5W=EuAJeCevwPSnNre7t-{i+InTQj=GS*9_@HF&h^fiwJ$xeCky+kU<9L
z8sCiRHS7Q3naj)ac^SHG)YPfLnPmiG?&-4+C(=K|-0P$tub4v3*RvU4n^VV)8N;ti
zq_)NKHA12!l01x?dseofPNlkW{rYyP!qI}&slA3PD(=bo%+RSXnj+nqi-dPuIda%Q
zr9l^nX3RHxmDK({Pwsl#uz4-Vd2kkFZB&K$vRlYySa?(>!B12ZIMq<l;Kbl;;{G`D
z%M>1LS2tVdO`GV;nRi7X5WDlyqfyw}ik7B(PD_~i{*edbY%7r7{#BlAeTHJzjtEa#
z$GwitLYwoj$&S%62r`K%VU{QD1GR<l_LnS)nf#KI^6gu#(WAf6k$B|c{#fe0olb{V
zp2qgCak34cY&*Drpktq{i<d5)cfzwid#cBh|2JFwGWgi3Q(6oehTQvOq8NzK8XAQ4
zJO{U_g+=FX-9S3_ET{*-6ZAX`+n~Ai)#d8(2gEv-a?H_DqpDxr;JoU*0Vf;n9k%;-
zH=J$}Aah?d^me0l{`>M`^BzX4Z`>{YYIikpQb|B;J-m_(h!=H4Qj)Z)qZxues%*v}
z;d?b3+pA|!QtM-uk7+OzCzL}{#h%zk;$z{^*pOy@bl2t!;*-c1a(CADv2j(MI`#aZ
z4^lGRb8b7P<D-WHY-$r2TybvJgV#UNywxuGTvJ2Tu3b<Z#|$SUs7~Qkfh;>ZmpJ<z
zN)K#TG!&fjFR*rid##e;kAP*WQr^CM2TL6{vdT?`j5ea6C}x_<*(Rhv(b2J?i4>yL
zt2MY}lX3c#qn%xUDJj^-ljQpM>vzwV0lUSspNmT5G#Es8y9Xj?P$tUSRlA81MyG)<
z#Bm6FTFd35c&j(p8m9wO4bZ3lW1Nwhu3zt2U8o#%4igoiBf)k*sK=yxBP|=HqGG0S
zRG_HF2SZGAxc8KIWg65UWvzlj)F+{UZh?WA`V`f|rXwd&H1rR)Sh8e}Q>=y>?xvU9
z{hu-wVDy0a;C0{bZmX0ViwYl_BtAI5YhqlHYvYZ^Alvl2N8afdY_ZAjoTD>h#7EdP
znCPb4i%B5DBt#Z8!93Cf2ksVy0%HCe7#^03*^Si*luZDmg_RXFnVq+H8~h>Rqb`aI
z3YYi)l;JDvF#91K**oRLL7@CZVcASppT^9MyG=KoI1@RIgdcRa@okWt_&L*GgcJOq
z=B_;&$}|q^ax}9QN!f1Hq;aXqDROCOWMWfmCJfamnMxOQwi3xD$^BFe$)zdE5;Ib<
zV+w7`VUC8v)}T7c6y?$;tyR;a_W6e0ZU5+W_MHA$e>iiFapv>-zTf+Mp5OC4?=X6P
zWOhL>m&b-)7GW7J;ZATE#7+t6Q;gyMh7XEPI&)?=*Y#%EOFX1p+Iql=4^}(x%!qD;
zoJbf5PGkSci2M&Qk#sDGVd9_yq^98Cw~x$-=O-jkUn-6V;z3ciBZ_zmv!h!ravprP
z5Ai%eGCB0-`s<2SBwa>WMq%HF;ZRIvdVASviVJ70gV;L)!9j!$^f)Z`X)2g*9yIXw
zZ5|sFvIYE_MM$pte#H9pD2FN!iK~^#h&_ie2PUm?qg%(<qSnt(Ze+V^ZsA<%{&oMW
zMbfY+7n!GD@fDxQPX3WiMYxS9(a0QSr-Ac9uPhi69?+hJYRc?_7|c5cQy6rgcRf!R
zUN;!o2V>QV%^jE=y^pfoh+nha|8bf?un=ycmaPFVF6ZL@DA%cpQF<h;&Cbl!WnxsX
zeWY;I4t964?Rmtjj@ZFMN9|zohW(abvV+|<B!5Lam>V8tTtD!=A;)WRrC*PE=8DS)
z#NMTqLa!kA)2a1`Ux5ge4~7`91ooLnfIYYn&sC7JfqH+c#;VeEI91IR<fn1dK=_EJ
zL+!Kj--`q}!bb>lMR2|1F@$$q)9XzmxvdU0gT-iw<<qcnoUlazv+MmJ6e%qxrWfW3
zoZ(bM3|2|m!2j}q^>k=Tq3lVnx&<%}5gN+EBg0U0mZZ4Yjs!gAGEo%e2CpC`TDaHf
zG)nzulQtN2nMN4aVC)WFLw*4veMma)5vLRCEE3L)k1QvSf}Glcc?*o0N|pW03rf>l
zw{8(*1`eh|glr~z)dUQaZ8i;QY$@AZFTBxn-MD1+#e3EdKu=*uAhOKBE`aeeo#f<s
z$=Xp09~7Lx=|EtcxLhJ^TT_qIjdiW}R;{a0TG0$t(=#^%71TLjAP}7VxJ&$Sjs_H^
zC#hg#_jqTXNdo*bF+uXd`e6CY)f?Xh63WkrF=+ILsz$WU2YVmOa!rF>VsiakB@V}R
z1Qm6i{aQ@$Y~~5r_|xZ+e94TH27K<rJqLq>mrIy-c1LTSZZEp?NLo{qj>t!{x+)J6
z@}C{{GhcB4g|(Pq&YjZY;TXJw5ZRj_@lZ&>g>-1yoNKT&GsD@pCD*e5P%3wyGh^J`
z_mvG-$B0u4ps2-m3o43;KB@DG%D*743H%{V@`M-A>o@6Ljz?n|8C4Ep1<po5UBc-?
zTjRjTIKEa*jkg<Plew)xB;O^@5xE|MY&hB(?WG^xGKQI)k>MB~_6dzIrMili>FY-o
zBFZ~8EiKPf8)W{AYalq9PhG63uEr3v1j7kh<u&@npUGlyf6A+_HjoO5JO1YHopauu
zN3Js{lEccrtynAQ9o@^qaioPS+JZ#oF{oBymUZjo{Q^w_#!e)P9=`=!yp1|dqZBZj
zLaA(SK8S|{kj!c^WkLaU>7McsAJ}u|mp`dQpm^M*nb2c*f{pO~#)+e8ntLNk82)iM
z2uFC>bWM|N=Jb`QHj#n>^_&A<+e??q6YE(JqmU@}EA;23$Y8k_nThJ^RZU`4PXFa?
zeZd8-;w>c&*AWw!BHcC&01RP2Ceiqg&P#)NyS3HRBt4~RMxq%l*%3#EOHLf710h8>
zB69+JCIZTrqn*K)lG^Eskn2w<>|T_SrgY3;h&i*$0=50z=PXdSg#@s@EgZE#@t&$I
zP!pu17N{<(FIb=oR{v)Ul)J?^7At?p*{2?s@Y<l0s%>dO&nv{<Y-ixI)q@^ii}){k
zsaBrxA=ZsNaSdT-vY25oI4fn?@%|79P&Yazo5%l%zEscZg1!u`PKQ+$DB_7EQqk3`
zd5qV!-mT_GJ5?g^RUl)|Z@AxXF)(O`U+v2U;sE|ePpsHLL#%iy2-=Osk%H2x<DYhS
z%e>ESMQAAS2Ht?t>d}>o=g$K{-uY&tx5j~!pdqJ_AOoGMt&Ql?{f@XHrGbDhNIY<u
zpA3g2s+doDOxyG|x=lJMGH(bokZOXQ%7v*Ka~U>NYRtg`<a3iq;1f-=0uaCMJ4oAH
znxyQUd>Ysz$Ao0-w^nz4d~{oA_p@gR;e<pBXkC`&$~{*5UIgz0lH?GP^UN|2Q>yL6
z{O>I<avtOkz)=_q1lwextwKq}T@ts8nOIlwBtX8)S&NAXX5kgM|1RY{p#aK*6!Hiu
z(zA~D-n+L=#4$`|4k#q=W@SsT+NbKT`1LSG*87ILsKsB431^J5zrj{SMfG?0GEPO)
z%4X}KX%&f#!}%`IfI;=0C4(w@rbXso8*{9~P`_f58Vx?7d-qHc^V`sX*o~oeDyou;
zZ0&J0KivM9mJvrm`Ik*DvU1j^hvs9Zj=m^IqbT=V6hbWD!uOkU9+b@T_cC*eeLtHZ
z0mABGWK-*sR#y|Vwb-+sVgDG7cF#Qw(1knXz`lLX#&N8PL{&Pkqfn65LKa3<s73uK
z4nlu~6s}?nI#9Ba2x8&n<_04YnqF`R@(u00A|I9ZTRs*-+k`5CxgWqZ5HDCFyZ~MF
zyRO!f-Do<HL^agTw?z~9CZc4r&z+2=s3Bky!FVsNx<;L?@t}qHcwPpscco_5z*yqa
zEs1!eCCf%#Gk6`5J$i2Z|K@djkF^@F5h|gEomFHFTo!R<gvqK4hXo;?Y+V};>4;#!
z7RGL)5I<Dh+&JE@%UYdyO?<7KU8;+tX;ojJ|MLcqbndAPveApzC*HWmfo*@8$&36G
Dxx18Z

literal 0
HcmV?d00001

diff --git a/tools/fedcalls/README.md b/tools/fedcalls/README.md
index e43f95e14a..bb62be4be4 100644
--- a/tools/fedcalls/README.md
+++ b/tools/fedcalls/README.md
@@ -15,10 +15,17 @@ dot -Tpng wire-fedcalls.dot > wire-fedcalls.png
 
 ### links
 
-- `./example.png`
+for users:
+
+- blog post explaining the technology: https://reasonablypolymorphic.com/blog/abusing-constraints/index.html
 - https://sketchviz.com/new
 - https://graphviz.org/doc/info/lang.html
-- `/libs/wire-api/src/Wire/API/MakesFederatedCall.hs`
+
+for developers:
+
+- `./example.png`
+- [MakesFederatedCall.hs (as of 2023-01-16)](https://github.com/wireapp/wire-server/blob/8760b4978ccb039b229d458b7a08136a05e12ff9/libs/wire-api/src/Wire/API/MakesFederatedCall.hs)
+- PRs: https://github.com/wireapp/wire-server/pull/2973, https://github.com/wireapp/wire-server/pull/2940, https://github.com/wireapp/wire-server/pull/2950, https://github.com/wireapp/wire-server/pull/2957
 
 ### swagger-ui
 

From 8c589be1840f312c5d9285b3b9052e6d5af3b7f3 Mon Sep 17 00:00:00 2001
From: fisx <mf@zerobuzz.net>
Date: Mon, 23 Jan 2023 10:02:12 +0100
Subject: [PATCH 20/38] Don't remove global cabal store in 'make full-clean'.
 (#3000)

---
 Makefile | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 9b44c21278..affc632be2 100644
--- a/Makefile
+++ b/Makefile
@@ -52,13 +52,9 @@ install: init
 .PHONY: full-clean
 full-clean: clean
 	rm -rf ~/.cache/hie-bios
-ifdef CABAL_DIR
-	rm -rf $(CABAL_DIR)/store
-else
-	rm -rf ~/.cabal/store
-endif
 	rm -rf ./dist-newstyle ./.env
 	direnv reload
+	@echo -e "\n\n*** NOTE: you may want to also 'rm -rf ~/.cabal/store \$$CABAL_DIR/store', not sure.\n"
 
 .PHONY: clean
 clean:

From a0f44f6cf189c094934c248ef9ab7c6be46bc044 Mon Sep 17 00:00:00 2001
From: jschaul <jschaul@users.noreply.github.com>
Date: Mon, 23 Jan 2023 11:54:46 +0100
Subject: [PATCH 21/38] Prekeys investigation: test (#2694)

* log randomPrekey state of things

* Add an integration test to ensure list of prekeys does not become empty.

This test should also run for the dynamoDB case, to ensure our
implementation isn't buggy (it probably isn't, but to check for
regressions)

* add another test for last prekey validation

* Add one more test, fix warning from previous test

* logging on startup: log using info level, not warning

* fixup: expected status code is 201, not 200

* remove commented out code

* changelog

* linter? make format doesn't work; or local/CI don't agree
---
 changelog.d/5-internal/pr-2694                |  1 +
 .../src/Wire/API/User/Client/Prekey.hs        |  6 ++
 services/brig/src/Brig/App.hs                 |  8 ++-
 .../brig/test/integration/API/User/Client.hs  | 59 +++++++++++++++++++
 services/brig/test/integration/Util.hs        |  8 ++-
 5 files changed, 79 insertions(+), 3 deletions(-)
 create mode 100644 changelog.d/5-internal/pr-2694

diff --git a/changelog.d/5-internal/pr-2694 b/changelog.d/5-internal/pr-2694
new file mode 100644
index 0000000000..7bd6984179
--- /dev/null
+++ b/changelog.d/5-internal/pr-2694
@@ -0,0 +1 @@
+Add two integration tests arounds last prekeys
diff --git a/libs/wire-api/src/Wire/API/User/Client/Prekey.hs b/libs/wire-api/src/Wire/API/User/Client/Prekey.hs
index 8b29e54afa..cf084c65d8 100644
--- a/libs/wire-api/src/Wire/API/User/Client/Prekey.hs
+++ b/libs/wire-api/src/Wire/API/User/Client/Prekey.hs
@@ -25,6 +25,7 @@ module Wire.API.User.Client.Prekey
     LastPrekey,
     lastPrekey,
     unpackLastPrekey,
+    fakeLastPrekey,
     lastPrekeyId,
     PrekeyBundle (..),
     ClientPrekey (..),
@@ -101,6 +102,11 @@ lastPrekeyId = PrekeyId maxBound
 lastPrekey :: Text -> LastPrekey
 lastPrekey = LastPrekey . Prekey lastPrekeyId
 
+-- for tests only
+-- This fake last prekey has the wrong prekeyId
+fakeLastPrekey :: LastPrekey
+fakeLastPrekey = LastPrekey $ Prekey (PrekeyId 7) "pQABAQcCoQBYIDXdN8VlKb5lbgPmoDPLPyqNIEyShG4oT/DlW0peRRZUA6EAoQBYILLf1TIwSB62q69Ojs/X1tzJ+dYHNAw4QbW/7TC5vSZqBPY="
+
 --------------------------------------------------------------------------------
 -- PrekeyBundle
 
diff --git a/services/brig/src/Brig/App.hs b/services/brig/src/Brig/App.hs
index fb600c55cb..50742a9faf 100644
--- a/services/brig/src/Brig/App.hs
+++ b/services/brig/src/Brig/App.hs
@@ -232,8 +232,12 @@ newEnv o = do
     SqsQueue q -> SqsQueue <$> AWS.getQueueUrl (aws ^. AWS.amazonkaEnv) q
   mSFTEnv <- mapM Calling.mkSFTEnv $ Opt.sft o
   prekeyLocalLock <- case Opt.randomPrekeys o of
-    Just True -> Just <$> newMVar ()
-    _ -> pure Nothing
+    Just True -> do
+      Log.info lgr $ Log.msg (Log.val "randomPrekeys: active")
+      Just <$> newMVar ()
+    _ -> do
+      Log.info lgr $ Log.msg (Log.val "randomPrekeys: not active; using dynamoDB instead.")
+      pure Nothing
   kpLock <- newMVar ()
   pure $!
     Env
diff --git a/services/brig/test/integration/API/User/Client.hs b/services/brig/test/integration/API/User/Client.hs
index d3171c6ee4..77ccdb1e2f 100644
--- a/services/brig/test/integration/API/User/Client.hs
+++ b/services/brig/test/integration/API/User/Client.hs
@@ -50,6 +50,7 @@ import Data.Text.Ascii (AsciiChars (validate))
 import qualified Data.Vector as Vec
 import Imports
 import qualified Network.Wai.Utilities.Error as Error
+import qualified System.Logger as Log
 import Test.QuickCheck (arbitrary, generate)
 import Test.Tasty hiding (Timeout)
 import Test.Tasty.Cannon hiding (Cannon)
@@ -103,6 +104,9 @@ tests _cl _at opts p db b c g =
       test p "get /clients - 200" $ testListClients b,
       test p "get /clients/:client/prekeys - 200" $ testListPrekeyIds b,
       test p "post /clients - 400" $ testTooManyClients opts b,
+      test p "client/prekeys not empty" $ testPrekeysNotEmptyRandomPrekeys opts b,
+      test p "lastprekeys not bogus" $ testRegularPrekeysCannotBeSentAsLastPrekeys b,
+      test p "lastprekeys not bogus during update" $ testRegularPrekeysCannotBeSentAsLastPrekeysDuringUpdate b,
       test p "delete /clients/:client - 200 (pwd)" $ testRemoveClient True b c,
       test p "delete /clients/:client - 200 (no pwd)" $ testRemoveClient False b c,
       test p "delete /clients/:client - 400 (short pwd)" $ testRemoveClientShortPwd b,
@@ -689,6 +693,61 @@ testTooManyClients opts brig = do
       const (Just "too-many-clients") === fmap Error.label . responseJsonMaybe
       const (Just "application/json") === getHeader "Content-Type"
 
+-- Ensure that the list of prekeys for a user does not become empty, and the
+-- last resort prekey keeps being returned if it's the only key left.
+-- Test with featureFlag randomPrekeys=true
+testPrekeysNotEmptyRandomPrekeys :: Opt.Opts -> Brig -> Http ()
+testPrekeysNotEmptyRandomPrekeys opts brig = do
+  -- Run the test for randomPrekeys (not dynamoDB locking)
+  let newOpts = opts {Opt.randomPrekeys = Just True}
+  ensurePrekeysNotEmpty newOpts brig
+
+ensurePrekeysNotEmpty :: Opt.Opts -> Brig -> Http ()
+ensurePrekeysNotEmpty opts brig = withSettingsOverrides opts $ do
+  lgr <- Log.new Log.defSettings
+  uid <- userId <$> randomUser brig
+  -- Create a client with 1 regular prekey and 1 last resort prekey
+  c <- responseJsonError =<< addClient brig uid (defNewClient PermanentClientType [somePrekeys !! 10] (someLastPrekeys !! 10))
+  -- Claim the first regular one
+  _rs1 <- getPreKey brig uid uid (clientId c) <!! const 200 === statusCode
+  -- Claim again; this should give the last resort one
+  rs2 <- getPreKey brig uid uid (clientId c) <!! const 200 === statusCode
+  let pId2 = prekeyId . prekeyData <$> responseJsonMaybe rs2
+  liftIO $ assertEqual "last prekey rs2" (Just lastPrekeyId) pId2
+  liftIO $ Log.warn lgr (Log.msg (Log.val "First claim of last resort successful, claim again..."))
+  -- Claim again; this should (again) give the last resort one
+  rs3 <- getPreKey brig uid uid (clientId c) <!! const 200 === statusCode
+  let pId3 = prekeyId . prekeyData <$> responseJsonMaybe rs3
+  liftIO $ assertEqual "last prekey rs3" (Just lastPrekeyId) pId3
+
+testRegularPrekeysCannotBeSentAsLastPrekeys :: Brig -> Http ()
+testRegularPrekeysCannotBeSentAsLastPrekeys brig = do
+  uid <- userId <$> randomUser brig
+  -- The parser should reject a normal prekey in the lastPrekey field
+  addClient brig uid (defNewClient PermanentClientType [head somePrekeys] fakeLastPrekey) !!! const 400 === statusCode
+
+testRegularPrekeysCannotBeSentAsLastPrekeysDuringUpdate :: Brig -> Http ()
+testRegularPrekeysCannotBeSentAsLastPrekeysDuringUpdate brig = do
+  uid <- userId <$> randomUser brig
+  c <- responseJsonError =<< addClient brig uid (defNewClient PermanentClientType [head somePrekeys] (someLastPrekeys !! 11)) <!! const 201 === statusCode
+  let newPrekey = somePrekeys !! 2
+  let update =
+        defUpdateClient
+          { updateClientPrekeys = [newPrekey],
+            updateClientLastKey = Just fakeLastPrekey,
+            updateClientLabel = Just "label"
+          }
+  -- The parser should reject a normal prekey in the lastPrekey field
+  put
+    ( brig
+        . paths ["clients", toByteString' (clientId c)]
+        . zUser uid
+        . contentJson
+        . body (RequestBodyLBS $ encode update)
+    )
+    !!! const 400
+      === statusCode
+
 -- @END
 
 -- The testRemoveClient test conforms to the following testing standards:
diff --git a/services/brig/test/integration/Util.hs b/services/brig/test/integration/Util.hs
index 37cfac2e5e..9e2b99dc8d 100644
--- a/services/brig/test/integration/Util.hs
+++ b/services/brig/test/integration/Util.hs
@@ -687,7 +687,13 @@ defNewClientWithVerificationCode mbCode ty pks lpk =
       newClientVerificationCode = mbCode
     }
 
-getPreKey :: Brig -> UserId -> UserId -> ClientId -> Http ResponseLBS
+getPreKey ::
+  (MonadIO m, MonadCatch m, MonadFail m, MonadHttp m, HasCallStack) =>
+  Brig ->
+  UserId ->
+  UserId ->
+  ClientId ->
+  m ResponseLBS
 getPreKey brig zusr u c =
   get $
     apiVersion "v1"

From 82a0a5923774821b4a19549fe4dbf58efa89b733 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Dimja=C5=A1evi=C4=87?= <marko.dimjasevic@wire.com>
Date: Tue, 24 Jan 2023 14:10:25 +0100
Subject: [PATCH 22/38] Document a function

---
 services/galley/src/Galley/API/Message.hs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/galley/src/Galley/API/Message.hs b/services/galley/src/Galley/API/Message.hs
index 8f0f2bb178..7484a4c684 100644
--- a/services/galley/src/Galley/API/Message.hs
+++ b/services/galley/src/Galley/API/Message.hs
@@ -553,6 +553,9 @@ sendLocalMessages loc now sender senderClient mconn qcnv botMap metadata localMe
   runMessagePush @t loc qcnv (pushes ^. traversed)
   pure mempty
 
+-- | Send remote messages to the backend given by the domain argument, and
+-- return the set of clients for which sending has failed. In case there was no
+-- failure, the empty set is returned.
 sendRemoteMessages ::
   forall r x.
   (Members '[FederatorAccess, P.TinyLog] r, CallsFed 'Galley "on-message-sent") =>

From 804a3b50837b9368c5b861a604daed4bcb2525d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Dimja=C5=A1evi=C4=87?= <marko.dimjasevic@wire.com>
Date: Tue, 24 Jan 2023 14:11:35 +0100
Subject: [PATCH 23/38] Add a changelog

---
 changelog.d/5-internal/doc-msg-sending | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/5-internal/doc-msg-sending

diff --git a/changelog.d/5-internal/doc-msg-sending b/changelog.d/5-internal/doc-msg-sending
new file mode 100644
index 0000000000..890041edeb
--- /dev/null
+++ b/changelog.d/5-internal/doc-msg-sending
@@ -0,0 +1 @@
+Document in code a function that sends remote Proteus messages

From 89b7ce78c9752f507d26c4fed48f158583e832fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Dimja=C5=A1evi=C4=87?= <marko.dimjasevic@wire.com>
Date: Tue, 24 Jan 2023 14:12:07 +0100
Subject: [PATCH 24/38] Revert "Add a changelog"

This reverts commit 804a3b50837b9368c5b861a604daed4bcb2525d6.
---
 changelog.d/5-internal/doc-msg-sending | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 changelog.d/5-internal/doc-msg-sending

diff --git a/changelog.d/5-internal/doc-msg-sending b/changelog.d/5-internal/doc-msg-sending
deleted file mode 100644
index 890041edeb..0000000000
--- a/changelog.d/5-internal/doc-msg-sending
+++ /dev/null
@@ -1 +0,0 @@
-Document in code a function that sends remote Proteus messages

From 7d322f5e4951f383aa79d51586d7bde1301a1522 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Dimja=C5=A1evi=C4=87?= <marko.dimjasevic@wire.com>
Date: Tue, 24 Jan 2023 14:12:24 +0100
Subject: [PATCH 25/38] Revert "Document a function"

This reverts commit 82a0a5923774821b4a19549fe4dbf58efa89b733.
---
 services/galley/src/Galley/API/Message.hs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/services/galley/src/Galley/API/Message.hs b/services/galley/src/Galley/API/Message.hs
index 7484a4c684..8f0f2bb178 100644
--- a/services/galley/src/Galley/API/Message.hs
+++ b/services/galley/src/Galley/API/Message.hs
@@ -553,9 +553,6 @@ sendLocalMessages loc now sender senderClient mconn qcnv botMap metadata localMe
   runMessagePush @t loc qcnv (pushes ^. traversed)
   pure mempty
 
--- | Send remote messages to the backend given by the domain argument, and
--- return the set of clients for which sending has failed. In case there was no
--- failure, the empty set is returned.
 sendRemoteMessages ::
   forall r x.
   (Members '[FederatorAccess, P.TinyLog] r, CallsFed 'Galley "on-message-sent") =>

From 30f1d44a171003e2c20d5196d06074a587654868 Mon Sep 17 00:00:00 2001
From: Arthur Wolf <wolf.arthur@gmail.com>
Date: Tue, 24 Jan 2023 14:24:13 +0100
Subject: [PATCH 26/38] Changing `helm_vars` to `values` in deeplink docs

Based on current deploy conversation, this is out of date
---
 docs/src/how-to/associate/deeplink.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/how-to/associate/deeplink.md b/docs/src/how-to/associate/deeplink.md
index d3bfc77e27..4c9af0ea21 100644
--- a/docs/src/how-to/associate/deeplink.md
+++ b/docs/src/how-to/associate/deeplink.md
@@ -100,7 +100,7 @@ As of release `2.117.0` from `2021-10-29` (see `release notes<release-notes>`),
 
 ```yaml
 # override values for wire-server
-# (e.g. under ./helm_vars/wire-server/values.yaml)
+# (e.g. under ./values/wire-server/values.yaml)
 nginz:
   nginx_conf:
     deeplink:

From 4d1f02ef86459b881a8667176b4c6c4095bb6ea2 Mon Sep 17 00:00:00 2001
From: Akshay Mankar <akshay@wire.com>
Date: Tue, 24 Jan 2023 15:40:08 +0100
Subject: [PATCH 27/38] Fix kind setup for running end-to-end federation tests
 locally (#3008)

* Add scripts to load nix-built images into kind

* Fix redis-cluster in kind setup

* Update how to use kind

* Changelog

* allow skopeo insecure policy

* fetch AWS secrets from Kubernetes

Co-authored-by: Stefan Berthold <stefan.berthold@wire.com>
---
 Makefile                                      |  8 +++++
 changelog.d/5-internal/kind-fix               |  1 +
 docs/src/developer/developer/how-to.md        | 20 +++++------
 hack/bin/kind-upload-image.sh                 | 33 +++++++++++++++++++
 hack/bin/kind-upload-images.sh                | 33 +++++++++++++++++++
 .../{values.yaml => values.yaml.gotmpl}       |  2 +-
 hack/helmfile-single.yaml                     |  2 +-
 hack/helmfile.yaml                            |  6 ++--
 services/brig/federation-tests.sh             |  7 ++++
 9 files changed, 97 insertions(+), 15 deletions(-)
 create mode 100644 changelog.d/5-internal/kind-fix
 create mode 100755 hack/bin/kind-upload-image.sh
 create mode 100755 hack/bin/kind-upload-images.sh
 rename hack/helm_vars/redis-cluster/{values.yaml => values.yaml.gotmpl} (66%)

diff --git a/Makefile b/Makefile
index affc632be2..7aa65a0e86 100644
--- a/Makefile
+++ b/Makefile
@@ -438,6 +438,14 @@ kind-delete:
 .PHONY: kind-reset
 kind-reset: kind-delete kind-cluster
 
+.PHONY: kind-upload-images
+kind-upload-images:
+	DOCKER_TAG=$(DOCKER_TAG) KIND_CLUSTER_NAME=$(KIND_CLUSTER_NAME) ./hack/bin/kind-upload-images.sh
+
+.PHONY: kind-upload-image
+kind-upload-image-%:
+	DOCKER_TAG=$(DOCKER_TAG) KIND_CLUSTER_NAME=$(KIND_CLUSTER_NAME) ./hack/bin/kind-upload-image.sh wireServer.imagesUnoptimizedNoDocs.$(*)
+
 .local/kind-kubeconfig:
 	mkdir -p $(CURDIR)/.local
 	kind get kubeconfig --name $(KIND_CLUSTER_NAME) > $(CURDIR)/.local/kind-kubeconfig
diff --git a/changelog.d/5-internal/kind-fix b/changelog.d/5-internal/kind-fix
new file mode 100644
index 0000000000..2b7d9f1b3b
--- /dev/null
+++ b/changelog.d/5-internal/kind-fix
@@ -0,0 +1 @@
+Fix kind setup for running end-to-end federation tests locally.
\ No newline at end of file
diff --git a/docs/src/developer/developer/how-to.md b/docs/src/developer/developer/how-to.md
index b900fc4f1f..68250bba21 100644
--- a/docs/src/developer/developer/how-to.md
+++ b/docs/src/developer/developer/how-to.md
@@ -112,21 +112,19 @@ This can be useful to get quicker feedback while working on multi-backend code o
 
 FUTUREWORK: this process is in development (update this section after it's confirmed to work):
 
-##### (i) Build images
+##### Run tests in kind
 
-(FUTUREWORK: implement a convenient shortcut to build images without actually uploading them also)
-```
-make upload-images-dev
-```
+0. Create a local kind cluster with `make kind-cluster`
+1. Upload images in docker-daemon running inside kind with `make kind-upload-images`
 
-##### (ii) Run tests in kind
+   *Note:* First time all the images need to be uploaded. When working on one
+   service it can be selectively uploaded using `make kind-upload-image-<name>`
+   (e.g. `make kind-upload-image-brig`).
+2. Install wire-server using `make kind-integration-setup`.
+3. Run tests using `make kind-integration-test`.
+4. Run end2end integration tests: `make kind-integration-e2e`.
 
-0. Create a local kind cluster with `make kind-cluster`
-1. Install wire-server using `make kind-integration-setup`.
-2. Run tests using `make kind-integration-test`.
-3. Run end2end integration tests: `make kind-integration-e2e`.
 
-* Implement re-tagging development tags as your user tag?
 
 #### 2.4 Deploy your local code to a kubernetes cluster
 
diff --git a/hack/bin/kind-upload-image.sh b/hack/bin/kind-upload-image.sh
new file mode 100755
index 0000000000..61b24c7937
--- /dev/null
+++ b/hack/bin/kind-upload-image.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# This script builds all the images in wireServer.images attribute of
+# $ROOT_DIR/nix/default.nix and uploads them to the docker registry using the
+# repository name specified in the image derivation and tag specified by
+# environment variable "$DOCKER_TAG".
+#
+# If $DOCKER_USER and $DOCKER_PASSWORD are provided, the script will use them to
+# upload the images.
+#
+# This script is intended to be run by CI/CD pipelines.
+
+set -euo pipefail
+
+set -x
+
+# nix attribute under wireServer from "$ROOT_DIR/nix" containing all the images
+readonly IMAGE_ATTR=${1:?$usage}
+
+SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+ROOT_DIR=$(cd -- "$SCRIPT_DIR/../../" &>/dev/null && pwd)
+readonly SCRIPT_DIR ROOT_DIR
+
+tmp_link_store=$(mktemp -d)
+
+image_stream_file="$tmp_link_store/image-stream"
+nix -v --show-trace -L build -f "$ROOT_DIR/nix" "$IMAGE_ATTR" -o "$image_stream_file"
+image_file="$tmp_link_store/image"
+image_file_tagged="$tmp_link_store/image-tagged"
+"$image_stream_file" > "$image_file"
+repo=$(skopeo list-tags "docker-archive://$image_file" | jq -r '.Tags[0] | split(":") | .[0]')
+skopeo copy --insecure-policy --additional-tag "$repo:$DOCKER_TAG" "docker-archive://$image_file" "docker-archive://$image_file_tagged"
+kind load image-archive "$image_file_tagged" --name "$KIND_CLUSTER_NAME"
diff --git a/hack/bin/kind-upload-images.sh b/hack/bin/kind-upload-images.sh
new file mode 100755
index 0000000000..5ba04b7025
--- /dev/null
+++ b/hack/bin/kind-upload-images.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# This script builds all the images in wireServer.images attribute of
+# $ROOT_DIR/nix/default.nix and uploads them to the docker registry using the
+# repository name specified in the image derivation and tag specified by
+# environment variable "$DOCKER_TAG".
+#
+# If $DOCKER_USER and $DOCKER_PASSWORD are provided, the script will use them to
+# upload the images.
+#
+# This script is intended to be run by CI/CD pipelines.
+
+set -euo pipefail
+
+set -x
+
+# nix attribute under wireServer from "$ROOT_DIR/nix" containing all the images
+readonly IMAGES_ATTR="imagesUnoptimizedNoDocs"
+
+SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+ROOT_DIR=$(cd -- "$SCRIPT_DIR/../../" &>/dev/null && pwd)
+readonly SCRIPT_DIR ROOT_DIR
+
+tmp_link_store=$(mktemp -d)
+image_list_file="$tmp_link_store/image-list"
+nix -v --show-trace -L build -f "$ROOT_DIR/nix" wireServer.imagesList -o "$image_list_file"
+
+xargs -I {} -P 10 "$SCRIPT_DIR/kind-upload-image.sh" "wireServer.$IMAGES_ATTR.{}" < "$image_list_file"
+
+for image_name in nginz nginz-disco; do
+    printf '*** Unploading image %s\n' "$image_name"
+    "$SCRIPT_DIR/kind-upload-image.sh" "$image_name"
+done
diff --git a/hack/helm_vars/redis-cluster/values.yaml b/hack/helm_vars/redis-cluster/values.yaml.gotmpl
similarity index 66%
rename from hack/helm_vars/redis-cluster/values.yaml
rename to hack/helm_vars/redis-cluster/values.yaml.gotmpl
index 888fbc0262..5381d26cbd 100644
--- a/hack/helm_vars/redis-cluster/values.yaml
+++ b/hack/helm_vars/redis-cluster/values.yaml.gotmpl
@@ -1,5 +1,5 @@
 global:
-  storageClass: csi-hostpath-sc
+  storageClass: {{ .Values.redisStorageClass }}
 
 redis-cluster:
   persistence:
diff --git a/hack/helmfile-single.yaml b/hack/helmfile-single.yaml
index 790412bf71..3a770ee146 100644
--- a/hack/helmfile-single.yaml
+++ b/hack/helmfile-single.yaml
@@ -37,7 +37,7 @@ releases:
     namespace: '{{ .Values.namespace }}'
     chart: '../.local/charts/redis-cluster'
     values:
-      - './helm_vars/redis-cluster/values.yaml'
+      - './helm_vars/redis-cluster/values.yaml.gotmpl'
 
   - name: '{{ .Values.namespace }}-nginx-ingress-controller'
     namespace: '{{ .Values.namespace }}'
diff --git a/hack/helmfile.yaml b/hack/helmfile.yaml
index 825e49edff..9dd863334c 100644
--- a/hack/helmfile.yaml
+++ b/hack/helmfile.yaml
@@ -19,6 +19,7 @@ environments:
       - namespaceFed2: {{ requiredEnv "NAMESPACE_2" }}
       - federationDomainFed2: {{ requiredEnv "FEDERATION_DOMAIN_2" }}
       - imagePullPolicy: Always
+      - redisStorageClass: csi-hostpath-sc
   kind:
     values:
       - namespace: {{ requiredEnv "NAMESPACE_1" }}
@@ -26,6 +27,7 @@ environments:
       - namespaceFed2: {{ requiredEnv "NAMESPACE_2" }}
       - federationDomainFed2: {{ requiredEnv "FEDERATION_DOMAIN_2" }}
       - imagePullPolicy: Never
+      - redisStorageClass: standard
 
 repositories:
   - name: stable
@@ -59,13 +61,13 @@ releases:
     namespace: '{{ .Values.namespace }}'
     chart: '../.local/charts/redis-cluster'
     values:
-      - './helm_vars/redis-cluster/values.yaml'
+      - './helm_vars/redis-cluster/values.yaml.gotmpl'
 
   - name: '{{ .Values.namespace }}-redis-cluster-2'
     namespace: '{{ .Values.namespaceFed2 }}'
     chart: '../.local/charts/redis-cluster'
     values:
-      - './helm_vars/redis-cluster/values.yaml'
+      - './helm_vars/redis-cluster/values.yaml.gotmpl'
 
   - name: '{{ .Values.namespace }}-nginx-ingress-controller'
     namespace: '{{ .Values.namespace }}'
diff --git a/services/brig/federation-tests.sh b/services/brig/federation-tests.sh
index 6212f75f85..5cea51393d 100755
--- a/services/brig/federation-tests.sh
+++ b/services/brig/federation-tests.sh
@@ -36,5 +36,12 @@ while read -r ip; do
   alsoProxyOptions+=("--also-proxy=${ip}")
 done < <(kubectl get pods -n "$NAMESPACE" -l app=cannon -o json | jq -r '.items[].status.podIPs[].ip')
 
+AWS_ACCESS_KEY_ID="$(kubectl get secret -n "$NAMESPACE" brig -o json | jq -r '.data | map_values(@base64d) | .awsKeyId')"
+export AWS_ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY="$(kubectl get secret -n "$NAMESPACE" brig -o json | jq -r '.data | map_values(@base64d) | .awsSecretKey')"
+export AWS_SECRET_ACCESS_KEY
+AWS_REGION="$(kubectl get deployment -n "$NAMESPACE" brig -o json | jq -r '.spec.template.spec.containers | map(.env | map(select(.name == "AWS_REGION").value))[0][0]')"
+export AWS_REGION
+
 # shellcheck disable=SC2086
 telepresence --namespace "$NAMESPACE" --also-proxy=cassandra-ephemeral ${alsoProxyOptions[*]} --run bash -c "export INTEGRATION_FEDERATION_TESTS=1; ./dist/brig-integration -p federation-end2end-user -i i.yaml -s b.yaml"

From 2ad081960392ffc90d4eb196e7aba74c8ca12da3 Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Wed, 25 Jan 2023 10:27:27 +0100
Subject: [PATCH 28/38] Restructure documentation (#2986)

---
 changelog.d/5-internal/restructure-docs       |   1 +
 docs/.gitignore                               |   3 +
 docs/diagrams/mmdc                            |   1 -
 docs/src/changelog/changelog.md               |   1 +
 docs/src/changelog/index.md                   |   9 +
 docs/src/conf.py                              |   1 +
 .../src/developer/reference/config-options.md |   3 +-
 .../src/developer/reference/spar-braindump.md |  10 +-
 docs/src/how-to/install/index.md              |  24 +-
 .../install/infrastructure-configuration.md}  | 371 +-----------------
 docs/src/index.md                             |  15 +-
 docs/src/release-notes.md                     |  13 -
 .../custom-backend-for-desktop-client.md      |   0
 .../associate/custom-certificates.md          |   0
 .../associate/deeplink.md                     |   0
 .../{how-to => understand}/associate/index.md |   0
 docs/src/understand/block-user-creation.md    |  34 ++
 docs/src/understand/classified-domains.md     |  40 ++
 .../configure-federation.md                   |   2 +-
 docs/src/understand/federation/api.md         |   2 +-
 .../img/legalhold-screencast.gif              | Bin
 .../legalhold-step01-click-customization.png  | Bin
 .../img/legalhold-step02-goto-legalhold.png   | Bin
 .../img/legalhold-step03-click-arrow.png      | Bin
 ...hold-step04-click-manage-configuration.png | Bin
 .../img/legalhold-step05-fill-info.png        | Bin
 docs/src/understand/index.md                  |  12 +-
 .../install => understand}/legalhold.md       |   0
 .../src/{how-to/install => understand}/mls.md |   2 +
 docs/src/understand/overview.md               |   2 +-
 docs/src/understand/searchability.md          | 295 ++++++++++++++
 .../single-sign-on/adfs/fig-00.jpg            | Bin
 .../single-sign-on/adfs/fig-01.jpg            | Bin
 .../single-sign-on/adfs/fig-02.jpg            | Bin
 .../single-sign-on/adfs/fig-03.jpg            | Bin
 .../single-sign-on/adfs/fig-04.jpg            | Bin
 .../single-sign-on/adfs/fig-05.jpg            | Bin
 .../single-sign-on/adfs/fig-06.jpg            | Bin
 .../single-sign-on/adfs/fig-07.jpg            | Bin
 .../single-sign-on/adfs/fig-08.jpg            | Bin
 .../single-sign-on/adfs/fig-09.jpg            | Bin
 .../single-sign-on/adfs/fig-10.jpg            | Bin
 .../single-sign-on/adfs/fig-11.jpg            | Bin
 .../single-sign-on/adfs/main.md               |   0
 .../single-sign-on/azure/01.png               | Bin
 .../single-sign-on/azure/02.png               | Bin
 .../single-sign-on/azure/03.png               | Bin
 .../single-sign-on/azure/04.png               | Bin
 .../single-sign-on/azure/05.png               | Bin
 .../single-sign-on/azure/06.png               | Bin
 .../single-sign-on/azure/07.png               | Bin
 .../single-sign-on/azure/08.png               | Bin
 .../single-sign-on/azure/09.png               | Bin
 .../single-sign-on/azure/10.png               | Bin
 .../single-sign-on/azure/11.png               | Bin
 .../single-sign-on/azure/12.png               | Bin
 .../single-sign-on/azure/13.png               | Bin
 .../single-sign-on/azure/14.png               | Bin
 .../single-sign-on/azure/15.png               | Bin
 .../single-sign-on/azure/main.md              |   0
 .../single-sign-on/centrify/001.png           | Bin
 .../single-sign-on/centrify/002.png           | Bin
 .../single-sign-on/centrify/003.png           | Bin
 .../single-sign-on/centrify/004.png           | Bin
 .../single-sign-on/centrify/005.png           | Bin
 .../single-sign-on/centrify/006.png           | Bin
 .../single-sign-on/centrify/007.png           | Bin
 .../single-sign-on/centrify/008.png           | Bin
 .../single-sign-on/centrify/009.png           | Bin
 .../single-sign-on/centrify/010.png           | Bin
 .../single-sign-on/centrify/011.png           | Bin
 .../single-sign-on/centrify/main.md           |   0
 .../single-sign-on/generic-setup.md           |   0
 .../single-sign-on/index.md                   |   2 +
 .../okta/001-applications-screen.png          | Bin
 .../okta/002-add-application.png              | Bin
 .../okta/003-add-application-1.png            | Bin
 .../okta/004-add-application-step1.png        | Bin
 .../okta/005-add-application-step2.png        | Bin
 .../okta/006-add-application-step3.png        | Bin
 .../okta/007-application-sign-on.png          | Bin
 .../single-sign-on/okta/008-assignment.png    | Bin
 .../single-sign-on/okta/main.md               |   0
 .../single-sign-on/trouble-shooting.md        |   0
 .../Wire_SAML_Flow (lucidchart).svg           |   0
 .../understand/Wire_SAML_Flow.png             | Bin
 .../single-sign-on/understand/main.md         |   0
 .../understand/token-step-01.png              | Bin
 .../understand/token-step-02.png              | Bin
 .../understand/token-step-03.png              | Bin
 .../understand/token-step-04.png              | Bin
 .../understand/token-step-05.png              | Bin
 .../understand/token-step-06.png              | Bin
 .../team-feature-settings.md                  |   0
 nix/default.nix                               |   4 +-
 95 files changed, 428 insertions(+), 419 deletions(-)
 create mode 100644 changelog.d/5-internal/restructure-docs
 delete mode 120000 docs/diagrams/mmdc
 create mode 120000 docs/src/changelog/changelog.md
 create mode 100644 docs/src/changelog/index.md
 rename docs/src/{configuration-options.md => how-to/install/infrastructure-configuration.md} (50%)
 delete mode 100644 docs/src/release-notes.md
 rename docs/src/{how-to => understand}/associate/custom-backend-for-desktop-client.md (100%)
 rename docs/src/{how-to => understand}/associate/custom-certificates.md (100%)
 rename docs/src/{how-to => understand}/associate/deeplink.md (100%)
 rename docs/src/{how-to => understand}/associate/index.md (100%)
 create mode 100644 docs/src/understand/block-user-creation.md
 create mode 100644 docs/src/understand/classified-domains.md
 rename docs/src/{how-to/install => understand}/configure-federation.md (99%)
 rename docs/src/{how-to/install => understand}/img/legalhold-screencast.gif (100%)
 rename docs/src/{how-to/install => understand}/img/legalhold-step01-click-customization.png (100%)
 rename docs/src/{how-to/install => understand}/img/legalhold-step02-goto-legalhold.png (100%)
 rename docs/src/{how-to/install => understand}/img/legalhold-step03-click-arrow.png (100%)
 rename docs/src/{how-to/install => understand}/img/legalhold-step04-click-manage-configuration.png (100%)
 rename docs/src/{how-to/install => understand}/img/legalhold-step05-fill-info.png (100%)
 rename docs/src/{how-to/install => understand}/legalhold.md (100%)
 rename docs/src/{how-to/install => understand}/mls.md (98%)
 create mode 100644 docs/src/understand/searchability.md
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-00.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-01.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-02.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-03.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-04.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-05.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-06.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-07.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-08.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-09.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-10.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/fig-11.jpg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/adfs/main.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/01.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/02.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/03.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/04.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/05.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/06.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/07.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/08.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/09.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/10.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/11.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/12.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/13.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/14.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/15.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/azure/main.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/001.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/002.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/003.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/004.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/005.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/006.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/007.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/008.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/009.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/010.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/011.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/centrify/main.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/generic-setup.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/index.md (92%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/001-applications-screen.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/002-add-application.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/003-add-application-1.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/004-add-application-step1.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/005-add-application-step2.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/006-add-application-step3.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/007-application-sign-on.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/008-assignment.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/okta/main.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/trouble-shooting.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/Wire_SAML_Flow.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/main.md (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-01.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-02.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-03.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-04.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-05.png (100%)
 rename docs/src/{how-to => understand}/single-sign-on/understand/token-step-06.png (100%)
 rename docs/src/{how-to/install => understand}/team-feature-settings.md (100%)

diff --git a/changelog.d/5-internal/restructure-docs b/changelog.d/5-internal/restructure-docs
new file mode 100644
index 0000000000..f9c770a9cc
--- /dev/null
+++ b/changelog.d/5-internal/restructure-docs
@@ -0,0 +1 @@
+Restructure docs.wire.com
diff --git a/docs/.gitignore b/docs/.gitignore
index 4ca8ba1127..2e23a54802 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -6,3 +6,6 @@ build
 
 # direnv - nix derivation
 result
+
+# this is so that the nix build doesn't copy a dangling symlink
+src/changelog/changelog.md
diff --git a/docs/diagrams/mmdc b/docs/diagrams/mmdc
deleted file mode 120000
index df57a81b6b..0000000000
--- a/docs/diagrams/mmdc
+++ /dev/null
@@ -1 +0,0 @@
-./node_modules/.bin/mmdc
\ No newline at end of file
diff --git a/docs/src/changelog/changelog.md b/docs/src/changelog/changelog.md
new file mode 120000
index 0000000000..79b747aee1
--- /dev/null
+++ b/docs/src/changelog/changelog.md
@@ -0,0 +1 @@
+../../../CHANGELOG.md
\ No newline at end of file
diff --git a/docs/src/changelog/index.md b/docs/src/changelog/index.md
new file mode 100644
index 0000000000..8eb248cd07
--- /dev/null
+++ b/docs/src/changelog/index.md
@@ -0,0 +1,9 @@
+# Releases
+
+```{toctree}
+:caption: 'Contents:'
+:glob: true
+:maxdepth: 1
+
+Releases <changelog>
+```
diff --git a/docs/src/conf.py b/docs/src/conf.py
index 750a09f904..c91faf4b90 100644
--- a/docs/src/conf.py
+++ b/docs/src/conf.py
@@ -136,5 +136,6 @@
         "security-responses/log4shell": "2021-12-15_log4shell.html",
         "security-responses/cve-2021-44521": "2022-02-21_cve-2021-44521.html",
         "security-responses/2022-05_website_outage": "2022-05-23_website_outage.html",
+        "how-to/single-sign-on/index": "../../understand/single-sign-on/index.html",
         "how-to/scim/index": "../../understand/single-sign-on/main.html#user-provisioning"
 }
diff --git a/docs/src/developer/reference/config-options.md b/docs/src/developer/reference/config-options.md
index 98eb07ff17..938ddba131 100644
--- a/docs/src/developer/reference/config-options.md
+++ b/docs/src/developer/reference/config-options.md
@@ -30,8 +30,7 @@ production.
 
 ### MLS private key paths
 
-Note: This developer documentation. Documentation for site operators can be found here:
-[Messaging Layer Security (MLS)](../../how-to/install/mls.md).
+Note: This developer documentation. Documentation for site operators can be found here: {ref}`mls-message-layer-security`
 
 The `mlsPrivateKeyPaths` field should contain a mapping from *purposes* and
 signature schemes to file paths of corresponding x509 private keys in PEM
diff --git a/docs/src/developer/reference/spar-braindump.md b/docs/src/developer/reference/spar-braindump.md
index dcee5847e9..05735e98c6 100644
--- a/docs/src/developer/reference/spar-braindump.md
+++ b/docs/src/developer/reference/spar-braindump.md
@@ -1,7 +1,12 @@
 # Spar braindump
 
 Reference: {#SparBrainDump}
-
+/home/stefan/repos/wire-server/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst:147: WARNING: duplicate label trying things out, other instance in /home/stefan/repos/wire-server/docs/src/how-to/install/helm.md
+/home/stefan/repos/wire-server/docs/src/how-to/install/includes/helm_dns-ingress-troubleshooting.inc.rst:170: WARNING: duplicate label troubleshooting, other instance in /home/stefan/repos/wire-server/docs/src/how-to/install/helm.md
+/home/stefan/repos/wire-server/docs/src/developer/reference/config-options.md:33: WARNING: 'myst' reference target not found: ../../how-to/install/mls.md
+/home/stefan/repos/wire-server/docs/src/developer/reference/spar-braindump.md:116: WARNING: 'myst' reference target not found: ../../how-to/single-sign-on/understand/main.rst
+/home/stefan/repos/wire-server/docs/src/how-to/install/ansible-VMs.md:97: WARNING: undefined label: 'checks'
+/home/stefan/repos/wire-server/docs/src/understand/federation/api.md:162: WARNING: 'myst' reference target not found: ../../how-to/install/mls
 _Author: Matthias Fischmann_
 
 ---
@@ -113,7 +118,8 @@ export IDP_ID=...
 
 Copy the new metadata file to one of your spar instances.
 
-Ssh into it.  If you can't, [the sso docs](../../how-to/single-sign-on/understand/main.rst) explain how you can create a
+
+Ssh into it.  If you can't, {ref}`the sso docs <sso-main-documentation>` explain how you can create a
 bearer token if you have the admin's login credentials.  If you follow
 that approach, you need to replace all mentions of `-H'Z-User ...'`
 with `-H'Authorization: Bearer ...'` in the following, and you won't need
diff --git a/docs/src/how-to/install/index.md b/docs/src/how-to/install/index.md
index 2758ad819a..b45b694832 100644
--- a/docs/src/how-to/install/index.md
+++ b/docs/src/how-to/install/index.md
@@ -7,22 +7,22 @@
 How to plan an installation <planning>
 Version requirements <version-requirements>
 dependencies
-(demo) How to install kubernetes <kubernetes>
-(demo) How to install wire-server using Helm <helm>
-(production) Introduction <prod-intro>
-(production) How to install kubernetes and databases <ansible-VMs>
-(production) How to configure AWS services <aws-prod>
-(production) How to install wire-server using Helm <helm-prod>
-(production) How to monitor wire-server <monitoring>
-(production) How to see centralized logs for wire-server <logging>
-Server and team feature settings <team-feature-settings>
-Messaging Layer Security (MLS) <mls>
+
+How to install kubernetes (Demo) <kubernetes>
+How to install wire-server using Helm (Demo) <helm>
+
+Introduction <prod-intro>
+How to install kubernetes and databases <ansible-VMs>
+How to configure AWS services <aws-prod>
+How to install wire-server using Helm <helm-prod>
+Infrastructure configuration <infrastructure-configuration>
+How to monitor wire-server <monitoring>
+How to see centralized logs for wire-server <logging>
+
 Web app settings <web-app-settings>
 sft
 restund
-configure-federation
 tls
-How to install and set up Legal Hold <legalhold>
 Managing authentication with ansible <ansible-authentication>
 Using tinc <ansible-tinc>
 Troubleshooting during installation <troubleshooting>
diff --git a/docs/src/configuration-options.md b/docs/src/how-to/install/infrastructure-configuration.md
similarity index 50%
rename from docs/src/configuration-options.md
rename to docs/src/how-to/install/infrastructure-configuration.md
index 1eeee72383..0e9d9a0029 100644
--- a/docs/src/configuration-options.md
+++ b/docs/src/how-to/install/infrastructure-configuration.md
@@ -1,6 +1,6 @@
 (configuration-options)=
 
-# Part 3 - configuration options in a production setup
+# Infrastructure configuration options
 
 This contains instructions to configure specific aspects of your production setup depending on your needs.
 
@@ -288,39 +288,6 @@ websockets:
   enabled: false
 ```
 
-## Blocking creation of personal users, new teams
-
-### In Brig
-
-There are some unauthenticated end-points that allow arbitrary users on the open internet to do things like create a new team.  This is desired in the cloud, but if you run an on-prem setup that is open to the world, you may want to block this.
-
-Brig has a server option for this:
-
-```yaml
-optSettings:
-  setRestrictUserCreation: true
-```
-
-If `setRestrictUserCreation` is `true`, creating new personal users or new teams on your instance from outside your backend installation is impossible.  (If you want to be more technical: requests to `/register` that create a new personal account or a new team are answered with `403 forbidden`.)
-
-On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in `hack/bin/create_test_team_admins.sh.`
-
-```{note}
-Once the creation of new users and teams has been disabled, it will still be possible to use the [team creation process](https://support.wire.com/hc/en-us/articles/115003858905-Create-a-team) (enter the new team name, email, password, etc), but it will fail/refuse creation late in the creation process (after the «Create team» button is clicked).
-```
-
-### In the WebApp
-
-Another way of disabling user registration is by this webapp setting, in `values.yaml`, changing this value from `true` to `false`:
-
-```yaml
-FEATURE_ENABLE_ACCOUNT_REGISTRATION: "false"
-```
-
-```{note}
-If you only disable the creation of users in the webapp, but do not do so in Brig/the backend, a malicious user would be able to use the API to create users, so make sure to disable both.
-```
-
 ## You may want
 
 - more server resources to ensure
@@ -666,342 +633,6 @@ brig:
             retryAfter: 86400
 ```
 
-## Configuring searchability
-
-You can configure how search is limited or not based on user membership in a given team.
-
-There are two types of searches based on the direction of search:
-
-- **Inbound** searches mean that somebody is searching for you. Configuring the inbound search visibility means that you (or some admin) can configure whether others can find you or not.
-- **Outbound** searches mean that you are searching for somebody. Configuring the outbound search visibility means that some admin can configure whether you can find other users or not.
-
-There are different types of matches:
-
-- **Exact handle** search means that the user is found only if the search query is exactly the user handle (e.g. searching for `mc` will find `@mc` but not `@mccaine`). This search returns zero or one results.
-- **Full text** search means that the user is found if the search query contains some subset of the user display name and handle. (e.g. the query `mar` will find `Marco C`, `Omar`, `@amaro`)
-
-### Searching users on the same backend
-
-Search visibility is controlled by three parameters on the backend:
-
-- A team outbound configuration flag, `TeamSearchVisibility` with possible values `SearchVisibilityStandard`, `SearchVisibilityNoNameOutsideTeam`
-
-  - `SearchVisibilityStandard` means that the user can find other people outside of the team, if the searched-person inbound search allows it
-  - `SearchVisibilityNoNameOutsideTeam` means that the user can not find any user outside the team by full text search (but exact handle search still works)
-
-- A team inbound configuration flag, `SearchVisibilityInbound` with possible values `SearchableByOwnTeam`, `SearchableByAllTeams`
-
-  - `SearchableByOwnTeam` means that the user can be found only by users in their own team.
-  - `SearchableByAllTeams` means that the user can be found by users in any/all teams.
-
-- A server configuration flag `searchSameTeamOnly` with possible values true, false.
-
-  - `Note`: For the same backend, this affects inbound and outbound searches (simply because all teams will be subject to this behavior)
-  - Setting this to `true` means that the all teams on that backend can only find users that belong to their team
-
-These flag are set on the backend and the clients do not need to be aware of them.
-
-The flags will influence the behavior of the search API endpoint; clients will only need to parse the results, that are already filtered for them by the backend.
-
-#### Table of possible outcomes
-
-```{eval-rst}
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Is search-er (`uA`) in team (tA)?  | Is search-ed (`uB`) in a team?  | Backend flag `searchSameTeamOnly`  | Team `tA`'s flag `TeamSearchVisibility`  | Team tB's flag `SearchVisibilityInbound`  | Result of exact search for `uB`  | Result of full-text search for `uB`  |
-+====================================+=================================+====================================+==========================================+===========================================+==================================+======================================+
-| **Search within the same team**                                                                                                                                                                                                                                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, the same team `tA`         | Irrelevant                         | Irrelevant                               | Irrelevant                                | Found                            | Found                                |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| **Outbound search unrestricted**                                                                                                                                                                                                                                           |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByAllTeams`                    | Found                            | Found                                |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByOwnTeam`                     | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| **Outbound search restricted**                                                                                                                                                                                                                                             |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | true                               | Irrelevant                               | Irrelevant                                | Not found                        | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityNoNameOutsideTeam`      | Irrelevant                                | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-| Yes, `tA`                          | No                              | false                              | `SearchVisibilityNoNameOutsideTeam`      | There’s no team B                         | Found                            | Not found                            |
-+------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
-```
-
-#### Changing the configuration on the server
-
-To change the `searchSameTeamOnly` setting on the backend, edit the `values.yaml.gotmpl` file for the wire-server chart at this nested level of the configuration:
-
-```yaml
-brig:
-  # ...
-  config:
-    # ...
-    optSettings:
-      # ...
-      setSearchSameTeamOnly: true
-```
-
-If `setSearchSameTeamOnly` is set to `true` then `TeamSearchVisibility` is forced be in the `SearchVisibilityNoNameOutsideTeam` setting for all teams.
-
-#### Changing the default configuration for all teams
-
-If `setSearchSameTeamOnly` is set to `false`  (or missing from the configuration) then the default value `TeamSearchVisibility` can be configured at this level of the configuration of the `value.yaml.gotmpl` file of the wire-server chart:
-
-```yaml
-galley:
-  #...
-  config:
-    #...
-    settings:
-      #...
-      featureFlags:
-        #...
-        teamSearchVisibility: enabled-by-default
-```
-
-This default value applies to all teams for which no explicit configuration of the `TeamSearchVisibility` has been set.
-
-### Searching users on another (federated) backend
-
-For federated search the table above does not apply, see following table.
-
-```{note}
-Incoming federated searches (i.e. searches from one backend to another) are considered always as being performed from a team user, even if they are performed from a personal user.
-
-This is because the incoming search request does not carry the information whether the user performing the search was in a team or not.
-
-So we have to make one assumption, and we assume that they were in a team.
-```
-
-Allowing search is done at the backend configuration level by the sysadmin:
-
-- Outbound search restrictions (`searchSameTeamOnly`, `TeamSearchVisibility`) do not apply to federated searches
-
-- A configuration setting `FederatedUserSearchPolicy` per federating domain with these possible values:
-
-  - `no_search` The federating backend is not allowed to search any users (either by exact handle or full-text).
-  - `exact_handle_search` The federating backend may only search by exact handle
-  - `full_search` The federating backend may search users by full text search on display name and handle. The search search results are additionally affected by `SearchVisibilityInbound` setting of each team on the backend.
-
-- The `SearchVisibilityInbound` setting applies. Since the default value for teams is `SearchableByOwnTeam` this means that for a team to be full-text searchable by users on a federating backend both
-
-  - `FederatedUserSearchPolicy` needs to be set to to full_search for the federating backend
-  - Any team that wants to be full-text searchable needs to be set to `SearchableByAllTeams`
-
-The configuration value `FederatedUserSearchPolicy` is per federated domain, e.g. in the values of the wire-server chart:
-
-```yaml
-brig:
-  config:
-    optSettings:
-      setFederationDomainConfigs:
-        - domain: a.example.com
-          search_policy: no_search
-        - domain: a.example.com
-          search_policy: full_search
-```
-
-#### Table of possible outcomes
-
-In the following table, user `uA` on backend A is searching for user `uB` on team `tB` on backend B.
-
-Any of the flags set for searching users on the same backend are ignored.
-
-It’s worth nothing that if two users are on two separate backend, they are also guaranteed to be on two separate teams, as teams can not spread across backends.
-
-| Who is searching       | Backend B flag `FederatedUserSearchPolicy` | Team `tB`'s flag `SearchVisibilityInbound` | Result of exact search for `uB` | Result of full-text search for `uB` |
-| ---------------------- | ------------------------------------------ | ------------------------------------------ | ------------------------------- | ----------------------------------- |
-| user `uA` on backend A | `no_search`                                | Irrelevant                                 | Not found                       | Not found                           |
-| user `uA` on backend A | `exact_handle_search`                      | Irrelevant                                 | Found                           | Not found                           |
-| user `uA` on backend A | `full_search`                              | SearchableByOwnTeam                        | Found                           | Not found                           |
-| user `uA` on backend A | `full_search`                              | SearchableByAllTeams                       | Found                           | Found                               |
-
-### Changing the settings for a given team
-
-If you need to change searchabilility for a specific team (rather than the entire backend, as above), you need to make specific calls to the API.
-
-#### Team searchVisibility
-
-The team flag `searchVisibility` affects the outbound search of user searches.
-
-If it is set to `no-name-outside-team` for a team then all users of that team will no longer be able to find users that are not part of their team when searching.
-
-This also includes finding other users by by providing their exact handle. By default it is set to `standard`, which doesn't put any additional restrictions to outbound searches.
-
-The setting can be changed via endpoint (for more details on how to make the API calls with `curl`, read further):
-
-```
-GET /teams/{tid}/search-visibility
-  -- Shows the current TeamSearchVisibility value for the given team
-
-PUT /teams/{tid}/search-visibility
-  -- Set specific search visibility for the team
-
-pull-down-menu "body":
-  "standard"
-  "no-name-outside-team"
-```
-
-The team feature flag `teamSearchVisibility` determines whether it is allowed to change the `searchVisibility` setting or not.
-
-The default is `disabled-by-default`.
-
-```{note}
-Whenever this feature setting is disabled the `searchVisibility` will be reset to standard.
-```
-
-The default setting that applies to all teams on the instance can be defined at configuration
-
-```yaml
-settings:
-  featureFlags:
-    teamSearchVisibility: disabled-by-default # or enabled-by-default
-```
-
-#### TeamFeature searchVisibilityInbound
-
-The team feature flag `searchVisibilityInbound` affects if the team's users are searchable by users from other teams.
-
-The default setting is `searchable-by-own-team` which hides users from search results by users from other teams.
-
-If it is set to `searchable-by-all-teams` then users of this team may be included in the results of search queries by other users.
-
-```{note}
-The configuration of this flag does not affect search results when the search query matches the handle exactly.
-
-If the handle is provdided then any user on the instance can find users.
-```
-
-This team feature flag can only by toggled by site-administrators with direct access to the galley instance (for more details on how to make the API calls with `curl`, read further):
-
-```
-PUT /i/teams/{tid}/features/search-visibility-inbound
-```
-
-With JSON body:
-
-```json
-{"status": "enabled"}
-```
-
-or
-
-```json
-{"status": "disabled"}
-```
-
-Where `enabled` is equivalent to `searchable-by-all-teams` and `disabled` is equivalent to `searchable-by-own-team`.
-
-The default setting that applies to all teams on the instance can be defined at configuration.
-
-```yaml
-searchVisibilityInbound:
-  defaults:
-    status: enabled # OR disabled
-```
-
-Individual teams can overwrite the default setting with API calls as per above.
-
-#### Making the API calls
-
-To make API calls to set an explicit configuration for\` TeamSearchVisibilityInbound\` per team, you first need to know the Team ID, which can be found in the team settings app.
-
-It is an `UUID<https://en.wikipedia.org/wiki/Universally_unique_identifier>` which has format like this  `dcbedf9a-af2a-4f43-9fd5-525953a919e1`.
-
-In the following we will be using this Team ID as an example, please replace it with your own team id.
-
-Next find the name of a `galley` pod by looking at the output of running this command:
-
-```sh
-kubectl -n wire get pods
-```
-
-The output will look something like this:
-
-```
-...
-galley-5f4787fdc7-9l64n   ...
-galley-migrate-data-lzz5j ...
-...
-```
-
-Select any of the galley pods, for example we will use `galley-5f4787fdc7-9l64n`.
-
-Next, set up a port-forwarding from your local machine's port `9000` to the galley's port `8080` by running:
-
-```sh
-kubectl port-forward -n wire galley-5f4787fdc7-9l64n 9000:8080
-```
-
-Keep this command running until the end of these instuctions.
-
-Please run the following commands in a seperate terminal while keeping the terminal which establishes the port-forwarding open.
-
-To see team's current setting run:
-
-```sh
-curl -XGET http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-
-# {"lockStatus":"unlocked","status":"disabled"}
-```
-
-Where `disabled` corresponds to `SearchableByOwnTeam` and enabled corresponds to `SearchableByAllTeams`.
-
-To change the `TeamSearchVisibilityInbound` to `SearchableByAllTeams` for the team run:
-
-```sh
-curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"enabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-```
-
-To change the TeamSearchVisibilityInbound to SearchableByOwnTeam for the team run:
-
-```sh
-curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"disabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
-```
-
-## Configuring classified domains
-
-As a backend administrator, if you want to control which other backends (identified by their domain) are "classified",
-
-change the following `galley` configuration in the `value.yaml.gotmpl` file of the wire-server chart:
-
-```yaml
-galley:
-  replicaCount: 1
-  config:
-  ...
-    featureFlags:
-    ...
-      classifiedDomains:
-        status: enabled
-        config:
-          domains: ["domain-that-is-classified.link"]
-          ...
-```
-
-This is not only a `backend` configuration, but also a `team` configuration/feature.
-
-This means that different combinations of configurations will have different results.
-
-Here is a table to navigate the possible configurations:
-
-| Backend Config enabled/disabled | Backend Config Domains                         | Team Config enabled/disabled | Team Config Domains     | User's view                      |
-| ------------------------------- | ---------------------------------------------- | ---------------------------- | ----------------------- | -------------------------------- |
-| Enabled                         | \[domain1.example.com\]                        | Not configured               | Not configured          | Enabled, \[domain1.example.com\] |
-| Enabled                         | \[domain1.example.com\]\[domain1.example.com\] | Enabled                      | Not configured          | Enabled, \[domain1.example.com\] |
-| Enabled                         | \[domain1.example.com\]                        | Enabled                      | \[domain2.example.com\] | Enabled, Undefined               |
-| Enabled                         | \[domain1.example.com\]                        | Disabled                     | Anything                | Undefined                        |
-| Disabled                        | Anything                                       | Not configured               | Not configured          | Disabled, no domains             |
-| Disabled                        | Anything                                       | Enabled                      | \[domain2.example.com\] | Undefined                        |
-
-The table assumes the following:
-
-- When backend level config says that this feature is enabled, it is illegal to not specify domains at the backend level.
-- When backend level config says that this feature is disabled, the list of domains is ignored.
-- When team level feature is disabled, the accompanying domains are ignored.
-
 ## S3 Addressing Style
 
 S3 can either by addressed in path style, i.e.
diff --git a/docs/src/index.md b/docs/src/index.md
index da0c17e170..bb8d35a63b 100644
--- a/docs/src/index.md
+++ b/docs/src/index.md
@@ -15,24 +15,19 @@ The targeted audience of this documentation is:
 
 If you are a developer, you may want to check out the "Notes for developers" first.
 
-This documentation may be expanded in the future to cover other aspects of Wire.
+Release notes of `wire-server` can be found [here](https://github.com/wireapp/wire-server/releases).
 
 ```{toctree}
 :caption: 'Contents:'
 :glob: true
 :maxdepth: 1
 
-Release notes <release-notes>
-
+Security responses <security-responses/index>
+Release Notes <changelog/index>
 Installation <how-to/install/index>
 Administration <how-to/administrate/index>
-Connecting Wire Clients <how-to/associate/index>
-Optional Configuration <configuration-options>
-Understanding wire-server components <understand/index>
-Single-Sign-On and user provisioning <how-to/single-sign-on/index.rst>
-API documentation <understand/api-client-perspective/index>
-Security responses <security-responses/index>
-Notes for developers <developer/index>
+Reference <understand/index>
+Developers Notes <developer/index>
 ```
 
 % Overview <understand/overview>
diff --git a/docs/src/release-notes.md b/docs/src/release-notes.md
deleted file mode 100644
index 478db87668..0000000000
--- a/docs/src/release-notes.md
+++ /dev/null
@@ -1,13 +0,0 @@
-(release-notes)=
-
-# Release notes
-
-This page previously contained the release notes for the project, and they were manually updated each time a new release was done, due to limitations in Github's «releases» feature.
-
-However, Github since updated the feature, making this page un-necessary.
-
-Go to → [GitHub - wireapp/wire-server: Wire back-end services](https://github.com/wireapp/wire-server/)
-
-→ Look at releases on right hand side. They are shown by date of release. [Release Notes](https://github.com/wireapp/wire-server/releases)
-
-→ Open the CHANGELOG.md. This will give you chart version.
diff --git a/docs/src/how-to/associate/custom-backend-for-desktop-client.md b/docs/src/understand/associate/custom-backend-for-desktop-client.md
similarity index 100%
rename from docs/src/how-to/associate/custom-backend-for-desktop-client.md
rename to docs/src/understand/associate/custom-backend-for-desktop-client.md
diff --git a/docs/src/how-to/associate/custom-certificates.md b/docs/src/understand/associate/custom-certificates.md
similarity index 100%
rename from docs/src/how-to/associate/custom-certificates.md
rename to docs/src/understand/associate/custom-certificates.md
diff --git a/docs/src/how-to/associate/deeplink.md b/docs/src/understand/associate/deeplink.md
similarity index 100%
rename from docs/src/how-to/associate/deeplink.md
rename to docs/src/understand/associate/deeplink.md
diff --git a/docs/src/how-to/associate/index.md b/docs/src/understand/associate/index.md
similarity index 100%
rename from docs/src/how-to/associate/index.md
rename to docs/src/understand/associate/index.md
diff --git a/docs/src/understand/block-user-creation.md b/docs/src/understand/block-user-creation.md
new file mode 100644
index 0000000000..5c1e563aab
--- /dev/null
+++ b/docs/src/understand/block-user-creation.md
@@ -0,0 +1,34 @@
+# Block personal user creation
+
+## In Brig
+
+There are some unauthenticated end-points that allow arbitrary users on the open internet to do things like create a new team.  This is desired in the cloud, but if you run an on-prem setup that is open to the world, you may want to block this.
+
+Brig has a server option for this:
+
+```yaml
+optSettings:
+  setRestrictUserCreation: true
+```
+
+If `setRestrictUserCreation` is `true`, creating new personal users or new teams on your instance from outside your backend installation is impossible.  (If you want to be more technical: requests to `/register` that create a new personal account or a new team are answered with `403 forbidden`.)
+
+On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in `hack/bin/create_test_team_admins.sh.`
+
+```{note}
+Once the creation of new users and teams has been disabled, it will still be possible to use the [team creation process](https://support.wire.com/hc/en-us/articles/115003858905-Create-a-team) (enter the new team name, email, password, etc), but it will fail/refuse creation late in the creation process (after the «Create team» button is clicked).
+```
+
+## In the WebApp
+
+Another way of disabling user registration is by this webapp setting, in `values.yaml`, changing this value from `true` to `false`:
+
+```yaml
+FEATURE_ENABLE_ACCOUNT_REGISTRATION: "false"
+```
+
+```{note}
+If you only disable the creation of users in the webapp, but do not do so in Brig/the backend, a malicious user would be able to use the API to create users, so make sure to disable both.
+```
+
+
diff --git a/docs/src/understand/classified-domains.md b/docs/src/understand/classified-domains.md
new file mode 100644
index 0000000000..5d27945abb
--- /dev/null
+++ b/docs/src/understand/classified-domains.md
@@ -0,0 +1,40 @@
+# Classified Domains
+
+As a backend administrator, if you want to control which other backends (identified by their domain) are "classified",
+
+change the following `galley` configuration in the `value.yaml.gotmpl` file of the wire-server chart:
+
+```yaml
+galley:
+  replicaCount: 1
+  config:
+  ...
+    featureFlags:
+    ...
+      classifiedDomains:
+        status: enabled
+        config:
+          domains: ["domain-that-is-classified.link"]
+          ...
+```
+
+This is not only a `backend` configuration, but also a `team` configuration/feature.
+
+This means that different combinations of configurations will have different results.
+
+Here is a table to navigate the possible configurations:
+
+| Backend Config enabled/disabled | Backend Config Domains                         | Team Config enabled/disabled | Team Config Domains     | User's view                      |
+| ------------------------------- | ---------------------------------------------- | ---------------------------- | ----------------------- | -------------------------------- |
+| Enabled                         | \[domain1.example.com\]                        | Not configured               | Not configured          | Enabled, \[domain1.example.com\] |
+| Enabled                         | \[domain1.example.com\]\[domain1.example.com\] | Enabled                      | Not configured          | Enabled, \[domain1.example.com\] |
+| Enabled                         | \[domain1.example.com\]                        | Enabled                      | \[domain2.example.com\] | Enabled, Undefined               |
+| Enabled                         | \[domain1.example.com\]                        | Disabled                     | Anything                | Undefined                        |
+| Disabled                        | Anything                                       | Not configured               | Not configured          | Disabled, no domains             |
+| Disabled                        | Anything                                       | Enabled                      | \[domain2.example.com\] | Undefined                        |
+
+The table assumes the following:
+
+- When backend level config says that this feature is enabled, it is illegal to not specify domains at the backend level.
+- When backend level config says that this feature is disabled, the list of domains is ignored.
+- When team level feature is disabled, the accompanying domains are ignored.
diff --git a/docs/src/how-to/install/configure-federation.md b/docs/src/understand/configure-federation.md
similarity index 99%
rename from docs/src/how-to/install/configure-federation.md
rename to docs/src/understand/configure-federation.md
index 69396c92b5..6d0042eaad 100644
--- a/docs/src/how-to/install/configure-federation.md
+++ b/docs/src/understand/configure-federation.md
@@ -1,5 +1,5 @@
 (configure-federation)=
-# Configure Wire-Server for Federation
+# Federation
 
 See also {ref}`federation-understand`, which explains the architecture and concepts.
 
diff --git a/docs/src/understand/federation/api.md b/docs/src/understand/federation/api.md
index e48e642294..7b576d9234 100644
--- a/docs/src/understand/federation/api.md
+++ b/docs/src/understand/federation/api.md
@@ -159,7 +159,7 @@ the backend.
 -   `get-user-clients`: Given a list of user ids, return a list of all their clients with public information
 -   `send-connection-action`: Make and also respond to user connection requests
 -   `on-user-deleted-connections`: Notify users that are connected to remote user about that user's deletion
--   `get-mls-clients`: Request all [MLS](../../how-to/install/mls)-capable clients for a given user
+-   `get-mls-clients`: Request all {ref}`MLS <mls-message-layer-security>`-capable clients for a given user
 -   `claim-key-packages`: Claim a previously-uploaded KeyPackage of a remote user. User for adding users to MLS conversations.
 
 See [the brig source
diff --git a/docs/src/how-to/install/img/legalhold-screencast.gif b/docs/src/understand/img/legalhold-screencast.gif
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-screencast.gif
rename to docs/src/understand/img/legalhold-screencast.gif
diff --git a/docs/src/how-to/install/img/legalhold-step01-click-customization.png b/docs/src/understand/img/legalhold-step01-click-customization.png
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-step01-click-customization.png
rename to docs/src/understand/img/legalhold-step01-click-customization.png
diff --git a/docs/src/how-to/install/img/legalhold-step02-goto-legalhold.png b/docs/src/understand/img/legalhold-step02-goto-legalhold.png
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-step02-goto-legalhold.png
rename to docs/src/understand/img/legalhold-step02-goto-legalhold.png
diff --git a/docs/src/how-to/install/img/legalhold-step03-click-arrow.png b/docs/src/understand/img/legalhold-step03-click-arrow.png
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-step03-click-arrow.png
rename to docs/src/understand/img/legalhold-step03-click-arrow.png
diff --git a/docs/src/how-to/install/img/legalhold-step04-click-manage-configuration.png b/docs/src/understand/img/legalhold-step04-click-manage-configuration.png
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-step04-click-manage-configuration.png
rename to docs/src/understand/img/legalhold-step04-click-manage-configuration.png
diff --git a/docs/src/how-to/install/img/legalhold-step05-fill-info.png b/docs/src/understand/img/legalhold-step05-fill-info.png
similarity index 100%
rename from docs/src/how-to/install/img/legalhold-step05-fill-info.png
rename to docs/src/understand/img/legalhold-step05-fill-info.png
diff --git a/docs/src/understand/index.md b/docs/src/understand/index.md
index f7ca56369a..dd9474bceb 100644
--- a/docs/src/understand/index.md
+++ b/docs/src/understand/index.md
@@ -1,17 +1,19 @@
 (understand)=
 
-# Understanding wire-server components
-
-This section is almost empty, more documentation will come soon...
+# Reference
 
 ```{toctree}
 :glob: true
-:maxdepth: 1
+:maxdepth: 2
 
-Overview </understand/overview.rst>
+Architecture Overview </understand/overview.rst>
+Single Sign-On and User Provisioning <single-sign-on/index>
 Audio/video calling, restund servers (TURN/STUN) </understand/restund.rst>
 Conference Calling 2.0 (SFT) </understand/sft.rst>
 Minio </understand/minio.rst>
 Helm </understand/helm.rst>
 Federation </understand/federation/index.rst>
+Connecting Wire Clients <associate/index>
+Client API documentation <api-client-perspective/index>
+*
 ```
diff --git a/docs/src/how-to/install/legalhold.md b/docs/src/understand/legalhold.md
similarity index 100%
rename from docs/src/how-to/install/legalhold.md
rename to docs/src/understand/legalhold.md
diff --git a/docs/src/how-to/install/mls.md b/docs/src/understand/mls.md
similarity index 98%
rename from docs/src/how-to/install/mls.md
rename to docs/src/understand/mls.md
index 9e4543b011..591451a0ab 100644
--- a/docs/src/how-to/install/mls.md
+++ b/docs/src/understand/mls.md
@@ -1,3 +1,5 @@
+(mls-message-layer-security)=
+
 # Messaging Layer Security (MLS)
 
 To enable support for [MLS](https://datatracker.ietf.org/wg/mls/documents/)
diff --git a/docs/src/understand/overview.md b/docs/src/understand/overview.md
index 56f203f707..6926a81280 100644
--- a/docs/src/understand/overview.md
+++ b/docs/src/understand/overview.md
@@ -1,6 +1,6 @@
 (overview)=
 
-# Overview
+# Architecture Overview
 
 ## Introduction
 
diff --git a/docs/src/understand/searchability.md b/docs/src/understand/searchability.md
new file mode 100644
index 0000000000..083faa030f
--- /dev/null
+++ b/docs/src/understand/searchability.md
@@ -0,0 +1,295 @@
+# User Searchability
+
+You can configure how search is limited or not based on user membership in a given team.
+
+There are two types of searches based on the direction of search:
+
+- **Inbound** searches mean that somebody is searching for you. Configuring the inbound search visibility means that you (or some admin) can configure whether others can find you or not.
+- **Outbound** searches mean that you are searching for somebody. Configuring the outbound search visibility means that some admin can configure whether you can find other users or not.
+
+There are different types of matches:
+
+- **Exact handle** search means that the user is found only if the search query is exactly the user handle (e.g. searching for `mc` will find `@mc` but not `@mccaine`). This search returns zero or one results.
+- **Full text** search means that the user is found if the search query contains some subset of the user display name and handle. (e.g. the query `mar` will find `Marco C`, `Omar`, `@amaro`)
+
+## Searching users on the same backend
+
+Search visibility is controlled by three parameters on the backend:
+
+- A team outbound configuration flag, `TeamSearchVisibility` with possible values `SearchVisibilityStandard`, `SearchVisibilityNoNameOutsideTeam`
+
+  - `SearchVisibilityStandard` means that the user can find other people outside of the team, if the searched-person inbound search allows it
+  - `SearchVisibilityNoNameOutsideTeam` means that the user can not find any user outside the team by full text search (but exact handle search still works)
+
+- A team inbound configuration flag, `SearchVisibilityInbound` with possible values `SearchableByOwnTeam`, `SearchableByAllTeams`
+
+  - `SearchableByOwnTeam` means that the user can be found only by users in their own team.
+  - `SearchableByAllTeams` means that the user can be found by users in any/all teams.
+
+- A server configuration flag `searchSameTeamOnly` with possible values true, false.
+
+  - `Note`: For the same backend, this affects inbound and outbound searches (simply because all teams will be subject to this behavior)
+  - Setting this to `true` means that the all teams on that backend can only find users that belong to their team
+
+These flag are set on the backend and the clients do not need to be aware of them.
+
+The flags will influence the behavior of the search API endpoint; clients will only need to parse the results, that are already filtered for them by the backend.
+
+### Table of possible outcomes
+
+```{eval-rst}
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Is search-er (`uA`) in team (tA)?  | Is search-ed (`uB`) in a team?  | Backend flag `searchSameTeamOnly`  | Team `tA`'s flag `TeamSearchVisibility`  | Team tB's flag `SearchVisibilityInbound`  | Result of exact search for `uB`  | Result of full-text search for `uB`  |
++====================================+=================================+====================================+==========================================+===========================================+==================================+======================================+
+| **Search within the same team**                                                                                                                                                                                                                                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, the same team `tA`         | Irrelevant                         | Irrelevant                               | Irrelevant                                | Found                            | Found                                |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| **Outbound search unrestricted**                                                                                                                                                                                                                                           |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByAllTeams`                    | Found                            | Found                                |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityStandard`               | `SearchableByOwnTeam`                     | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| **Outbound search restricted**                                                                                                                                                                                                                                             |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | true                               | Irrelevant                               | Irrelevant                                | Not found                        | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | Yes, another team tB            | false                              | `SearchVisibilityNoNameOutsideTeam`      | Irrelevant                                | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+| Yes, `tA`                          | No                              | false                              | `SearchVisibilityNoNameOutsideTeam`      | There’s no team B                         | Found                            | Not found                            |
++------------------------------------+---------------------------------+------------------------------------+------------------------------------------+-------------------------------------------+----------------------------------+--------------------------------------+
+```
+
+### Changing the configuration on the server
+
+To change the `searchSameTeamOnly` setting on the backend, edit the `values.yaml.gotmpl` file for the wire-server chart at this nested level of the configuration:
+
+```yaml
+brig:
+  # ...
+  config:
+    # ...
+    optSettings:
+      # ...
+      setSearchSameTeamOnly: true
+```
+
+If `setSearchSameTeamOnly` is set to `true` then `TeamSearchVisibility` is forced be in the `SearchVisibilityNoNameOutsideTeam` setting for all teams.
+
+### Changing the default configuration for all teams
+
+If `setSearchSameTeamOnly` is set to `false`  (or missing from the configuration) then the default value `TeamSearchVisibility` can be configured at this level of the configuration of the `value.yaml.gotmpl` file of the wire-server chart:
+
+```yaml
+galley:
+  #...
+  config:
+    #...
+    settings:
+      #...
+      featureFlags:
+        #...
+        teamSearchVisibility: enabled-by-default
+```
+
+This default value applies to all teams for which no explicit configuration of the `TeamSearchVisibility` has been set.
+
+## Searching users on another (federated) backend
+
+For federated search the table above does not apply, see following table.
+
+```{note}
+Incoming federated searches (i.e. searches from one backend to another) are considered always as being performed from a team user, even if they are performed from a personal user.
+
+This is because the incoming search request does not carry the information whether the user performing the search was in a team or not.
+
+So we have to make one assumption, and we assume that they were in a team.
+```
+
+Allowing search is done at the backend configuration level by the sysadmin:
+
+- Outbound search restrictions (`searchSameTeamOnly`, `TeamSearchVisibility`) do not apply to federated searches
+
+- A configuration setting `FederatedUserSearchPolicy` per federating domain with these possible values:
+
+  - `no_search` The federating backend is not allowed to search any users (either by exact handle or full-text).
+  - `exact_handle_search` The federating backend may only search by exact handle
+  - `full_search` The federating backend may search users by full text search on display name and handle. The search search results are additionally affected by `SearchVisibilityInbound` setting of each team on the backend.
+
+- The `SearchVisibilityInbound` setting applies. Since the default value for teams is `SearchableByOwnTeam` this means that for a team to be full-text searchable by users on a federating backend both
+
+  - `FederatedUserSearchPolicy` needs to be set to to full_search for the federating backend
+  - Any team that wants to be full-text searchable needs to be set to `SearchableByAllTeams`
+
+The configuration value `FederatedUserSearchPolicy` is per federated domain, e.g. in the values of the wire-server chart:
+
+```yaml
+brig:
+  config:
+    optSettings:
+      setFederationDomainConfigs:
+        - domain: a.example.com
+          search_policy: no_search
+        - domain: a.example.com
+          search_policy: full_search
+```
+
+### Table of possible outcomes
+
+In the following table, user `uA` on backend A is searching for user `uB` on team `tB` on backend B.
+
+Any of the flags set for searching users on the same backend are ignored.
+
+It’s worth nothing that if two users are on two separate backend, they are also guaranteed to be on two separate teams, as teams can not spread across backends.
+
+| Who is searching       | Backend B flag `FederatedUserSearchPolicy` | Team `tB`'s flag `SearchVisibilityInbound` | Result of exact search for `uB` | Result of full-text search for `uB` |
+| ---------------------- | ------------------------------------------ | ------------------------------------------ | ------------------------------- | ----------------------------------- |
+| user `uA` on backend A | `no_search`                                | Irrelevant                                 | Not found                       | Not found                           |
+| user `uA` on backend A | `exact_handle_search`                      | Irrelevant                                 | Found                           | Not found                           |
+| user `uA` on backend A | `full_search`                              | SearchableByOwnTeam                        | Found                           | Not found                           |
+| user `uA` on backend A | `full_search`                              | SearchableByAllTeams                       | Found                           | Found                               |
+
+## Changing the settings for a given team
+
+If you need to change searchabilility for a specific team (rather than the entire backend, as above), you need to make specific calls to the API.
+
+### Team searchVisibility
+
+The team flag `searchVisibility` affects the outbound search of user searches.
+
+If it is set to `no-name-outside-team` for a team then all users of that team will no longer be able to find users that are not part of their team when searching.
+
+This also includes finding other users by by providing their exact handle. By default it is set to `standard`, which doesn't put any additional restrictions to outbound searches.
+
+The setting can be changed via endpoint (for more details on how to make the API calls with `curl`, read further):
+
+```
+GET /teams/{tid}/search-visibility
+  -- Shows the current TeamSearchVisibility value for the given team
+
+PUT /teams/{tid}/search-visibility
+  -- Set specific search visibility for the team
+
+pull-down-menu "body":
+  "standard"
+  "no-name-outside-team"
+```
+
+The team feature flag `teamSearchVisibility` determines whether it is allowed to change the `searchVisibility` setting or not.
+
+The default is `disabled-by-default`.
+
+```{note}
+Whenever this feature setting is disabled the `searchVisibility` will be reset to standard.
+```
+
+The default setting that applies to all teams on the instance can be defined at configuration
+
+```yaml
+settings:
+  featureFlags:
+    teamSearchVisibility: disabled-by-default # or enabled-by-default
+```
+
+### TeamFeature searchVisibilityInbound
+
+The team feature flag `searchVisibilityInbound` affects if the team's users are searchable by users from other teams.
+
+The default setting is `searchable-by-own-team` which hides users from search results by users from other teams.
+
+If it is set to `searchable-by-all-teams` then users of this team may be included in the results of search queries by other users.
+
+```{note}
+The configuration of this flag does not affect search results when the search query matches the handle exactly.
+
+If the handle is provdided then any user on the instance can find users.
+```
+
+This team feature flag can only by toggled by site-administrators with direct access to the galley instance (for more details on how to make the API calls with `curl`, read further):
+
+```
+PUT /i/teams/{tid}/features/search-visibility-inbound
+```
+
+With JSON body:
+
+```json
+{"status": "enabled"}
+```
+
+or
+
+```json
+{"status": "disabled"}
+```
+
+Where `enabled` is equivalent to `searchable-by-all-teams` and `disabled` is equivalent to `searchable-by-own-team`.
+
+The default setting that applies to all teams on the instance can be defined at configuration.
+
+```yaml
+searchVisibilityInbound:
+  defaults:
+    status: enabled # OR disabled
+```
+
+Individual teams can overwrite the default setting with API calls as per above.
+
+### Making the API calls
+
+To make API calls to set an explicit configuration for\` TeamSearchVisibilityInbound\` per team, you first need to know the Team ID, which can be found in the team settings app.
+
+It is an `UUID<https://en.wikipedia.org/wiki/Universally_unique_identifier>` which has format like this  `dcbedf9a-af2a-4f43-9fd5-525953a919e1`.
+
+In the following we will be using this Team ID as an example, please replace it with your own team id.
+
+Next find the name of a `galley` pod by looking at the output of running this command:
+
+```sh
+kubectl -n wire get pods
+```
+
+The output will look something like this:
+
+```
+...
+galley-5f4787fdc7-9l64n   ...
+galley-migrate-data-lzz5j ...
+...
+```
+
+Select any of the galley pods, for example we will use `galley-5f4787fdc7-9l64n`.
+
+Next, set up a port-forwarding from your local machine's port `9000` to the galley's port `8080` by running:
+
+```sh
+kubectl port-forward -n wire galley-5f4787fdc7-9l64n 9000:8080
+```
+
+Keep this command running until the end of these instuctions.
+
+Please run the following commands in a seperate terminal while keeping the terminal which establishes the port-forwarding open.
+
+To see team's current setting run:
+
+```sh
+curl -XGET http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+
+# {"lockStatus":"unlocked","status":"disabled"}
+```
+
+Where `disabled` corresponds to `SearchableByOwnTeam` and enabled corresponds to `SearchableByAllTeams`.
+
+To change the `TeamSearchVisibilityInbound` to `SearchableByAllTeams` for the team run:
+
+```sh
+curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"enabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+```
+
+To change the TeamSearchVisibilityInbound to SearchableByOwnTeam for the team run:
+
+```sh
+curl -XPUT -H 'Content-Type: application/json' -d "{\"status\": \"disabled\"}" http://localhost:9000/i/teams/dcbedf9a-af2a-4f43-9fd5-525953a919e1/features/searchVisibilityInbound
+```
+
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-00.jpg b/docs/src/understand/single-sign-on/adfs/fig-00.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-00.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-00.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-01.jpg b/docs/src/understand/single-sign-on/adfs/fig-01.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-01.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-01.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-02.jpg b/docs/src/understand/single-sign-on/adfs/fig-02.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-02.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-02.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-03.jpg b/docs/src/understand/single-sign-on/adfs/fig-03.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-03.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-03.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-04.jpg b/docs/src/understand/single-sign-on/adfs/fig-04.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-04.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-04.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-05.jpg b/docs/src/understand/single-sign-on/adfs/fig-05.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-05.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-05.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-06.jpg b/docs/src/understand/single-sign-on/adfs/fig-06.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-06.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-06.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-07.jpg b/docs/src/understand/single-sign-on/adfs/fig-07.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-07.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-07.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-08.jpg b/docs/src/understand/single-sign-on/adfs/fig-08.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-08.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-08.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-09.jpg b/docs/src/understand/single-sign-on/adfs/fig-09.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-09.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-09.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-10.jpg b/docs/src/understand/single-sign-on/adfs/fig-10.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-10.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-10.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/fig-11.jpg b/docs/src/understand/single-sign-on/adfs/fig-11.jpg
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/fig-11.jpg
rename to docs/src/understand/single-sign-on/adfs/fig-11.jpg
diff --git a/docs/src/how-to/single-sign-on/adfs/main.md b/docs/src/understand/single-sign-on/adfs/main.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/adfs/main.md
rename to docs/src/understand/single-sign-on/adfs/main.md
diff --git a/docs/src/how-to/single-sign-on/azure/01.png b/docs/src/understand/single-sign-on/azure/01.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/01.png
rename to docs/src/understand/single-sign-on/azure/01.png
diff --git a/docs/src/how-to/single-sign-on/azure/02.png b/docs/src/understand/single-sign-on/azure/02.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/02.png
rename to docs/src/understand/single-sign-on/azure/02.png
diff --git a/docs/src/how-to/single-sign-on/azure/03.png b/docs/src/understand/single-sign-on/azure/03.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/03.png
rename to docs/src/understand/single-sign-on/azure/03.png
diff --git a/docs/src/how-to/single-sign-on/azure/04.png b/docs/src/understand/single-sign-on/azure/04.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/04.png
rename to docs/src/understand/single-sign-on/azure/04.png
diff --git a/docs/src/how-to/single-sign-on/azure/05.png b/docs/src/understand/single-sign-on/azure/05.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/05.png
rename to docs/src/understand/single-sign-on/azure/05.png
diff --git a/docs/src/how-to/single-sign-on/azure/06.png b/docs/src/understand/single-sign-on/azure/06.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/06.png
rename to docs/src/understand/single-sign-on/azure/06.png
diff --git a/docs/src/how-to/single-sign-on/azure/07.png b/docs/src/understand/single-sign-on/azure/07.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/07.png
rename to docs/src/understand/single-sign-on/azure/07.png
diff --git a/docs/src/how-to/single-sign-on/azure/08.png b/docs/src/understand/single-sign-on/azure/08.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/08.png
rename to docs/src/understand/single-sign-on/azure/08.png
diff --git a/docs/src/how-to/single-sign-on/azure/09.png b/docs/src/understand/single-sign-on/azure/09.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/09.png
rename to docs/src/understand/single-sign-on/azure/09.png
diff --git a/docs/src/how-to/single-sign-on/azure/10.png b/docs/src/understand/single-sign-on/azure/10.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/10.png
rename to docs/src/understand/single-sign-on/azure/10.png
diff --git a/docs/src/how-to/single-sign-on/azure/11.png b/docs/src/understand/single-sign-on/azure/11.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/11.png
rename to docs/src/understand/single-sign-on/azure/11.png
diff --git a/docs/src/how-to/single-sign-on/azure/12.png b/docs/src/understand/single-sign-on/azure/12.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/12.png
rename to docs/src/understand/single-sign-on/azure/12.png
diff --git a/docs/src/how-to/single-sign-on/azure/13.png b/docs/src/understand/single-sign-on/azure/13.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/13.png
rename to docs/src/understand/single-sign-on/azure/13.png
diff --git a/docs/src/how-to/single-sign-on/azure/14.png b/docs/src/understand/single-sign-on/azure/14.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/14.png
rename to docs/src/understand/single-sign-on/azure/14.png
diff --git a/docs/src/how-to/single-sign-on/azure/15.png b/docs/src/understand/single-sign-on/azure/15.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/15.png
rename to docs/src/understand/single-sign-on/azure/15.png
diff --git a/docs/src/how-to/single-sign-on/azure/main.md b/docs/src/understand/single-sign-on/azure/main.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/azure/main.md
rename to docs/src/understand/single-sign-on/azure/main.md
diff --git a/docs/src/how-to/single-sign-on/centrify/001.png b/docs/src/understand/single-sign-on/centrify/001.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/001.png
rename to docs/src/understand/single-sign-on/centrify/001.png
diff --git a/docs/src/how-to/single-sign-on/centrify/002.png b/docs/src/understand/single-sign-on/centrify/002.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/002.png
rename to docs/src/understand/single-sign-on/centrify/002.png
diff --git a/docs/src/how-to/single-sign-on/centrify/003.png b/docs/src/understand/single-sign-on/centrify/003.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/003.png
rename to docs/src/understand/single-sign-on/centrify/003.png
diff --git a/docs/src/how-to/single-sign-on/centrify/004.png b/docs/src/understand/single-sign-on/centrify/004.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/004.png
rename to docs/src/understand/single-sign-on/centrify/004.png
diff --git a/docs/src/how-to/single-sign-on/centrify/005.png b/docs/src/understand/single-sign-on/centrify/005.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/005.png
rename to docs/src/understand/single-sign-on/centrify/005.png
diff --git a/docs/src/how-to/single-sign-on/centrify/006.png b/docs/src/understand/single-sign-on/centrify/006.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/006.png
rename to docs/src/understand/single-sign-on/centrify/006.png
diff --git a/docs/src/how-to/single-sign-on/centrify/007.png b/docs/src/understand/single-sign-on/centrify/007.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/007.png
rename to docs/src/understand/single-sign-on/centrify/007.png
diff --git a/docs/src/how-to/single-sign-on/centrify/008.png b/docs/src/understand/single-sign-on/centrify/008.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/008.png
rename to docs/src/understand/single-sign-on/centrify/008.png
diff --git a/docs/src/how-to/single-sign-on/centrify/009.png b/docs/src/understand/single-sign-on/centrify/009.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/009.png
rename to docs/src/understand/single-sign-on/centrify/009.png
diff --git a/docs/src/how-to/single-sign-on/centrify/010.png b/docs/src/understand/single-sign-on/centrify/010.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/010.png
rename to docs/src/understand/single-sign-on/centrify/010.png
diff --git a/docs/src/how-to/single-sign-on/centrify/011.png b/docs/src/understand/single-sign-on/centrify/011.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/011.png
rename to docs/src/understand/single-sign-on/centrify/011.png
diff --git a/docs/src/how-to/single-sign-on/centrify/main.md b/docs/src/understand/single-sign-on/centrify/main.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/centrify/main.md
rename to docs/src/understand/single-sign-on/centrify/main.md
diff --git a/docs/src/how-to/single-sign-on/generic-setup.md b/docs/src/understand/single-sign-on/generic-setup.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/generic-setup.md
rename to docs/src/understand/single-sign-on/generic-setup.md
diff --git a/docs/src/how-to/single-sign-on/index.md b/docs/src/understand/single-sign-on/index.md
similarity index 92%
rename from docs/src/how-to/single-sign-on/index.md
rename to docs/src/understand/single-sign-on/index.md
index 2cdb939676..01317c99b5 100644
--- a/docs/src/how-to/single-sign-on/index.md
+++ b/docs/src/understand/single-sign-on/index.md
@@ -1,3 +1,5 @@
+(sso-main-documentation)=
+
 # Single Sign-On and User Provisioning
 
 ```{toctree}
diff --git a/docs/src/how-to/single-sign-on/okta/001-applications-screen.png b/docs/src/understand/single-sign-on/okta/001-applications-screen.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/001-applications-screen.png
rename to docs/src/understand/single-sign-on/okta/001-applications-screen.png
diff --git a/docs/src/how-to/single-sign-on/okta/002-add-application.png b/docs/src/understand/single-sign-on/okta/002-add-application.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/002-add-application.png
rename to docs/src/understand/single-sign-on/okta/002-add-application.png
diff --git a/docs/src/how-to/single-sign-on/okta/003-add-application-1.png b/docs/src/understand/single-sign-on/okta/003-add-application-1.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/003-add-application-1.png
rename to docs/src/understand/single-sign-on/okta/003-add-application-1.png
diff --git a/docs/src/how-to/single-sign-on/okta/004-add-application-step1.png b/docs/src/understand/single-sign-on/okta/004-add-application-step1.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/004-add-application-step1.png
rename to docs/src/understand/single-sign-on/okta/004-add-application-step1.png
diff --git a/docs/src/how-to/single-sign-on/okta/005-add-application-step2.png b/docs/src/understand/single-sign-on/okta/005-add-application-step2.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/005-add-application-step2.png
rename to docs/src/understand/single-sign-on/okta/005-add-application-step2.png
diff --git a/docs/src/how-to/single-sign-on/okta/006-add-application-step3.png b/docs/src/understand/single-sign-on/okta/006-add-application-step3.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/006-add-application-step3.png
rename to docs/src/understand/single-sign-on/okta/006-add-application-step3.png
diff --git a/docs/src/how-to/single-sign-on/okta/007-application-sign-on.png b/docs/src/understand/single-sign-on/okta/007-application-sign-on.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/007-application-sign-on.png
rename to docs/src/understand/single-sign-on/okta/007-application-sign-on.png
diff --git a/docs/src/how-to/single-sign-on/okta/008-assignment.png b/docs/src/understand/single-sign-on/okta/008-assignment.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/008-assignment.png
rename to docs/src/understand/single-sign-on/okta/008-assignment.png
diff --git a/docs/src/how-to/single-sign-on/okta/main.md b/docs/src/understand/single-sign-on/okta/main.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/okta/main.md
rename to docs/src/understand/single-sign-on/okta/main.md
diff --git a/docs/src/how-to/single-sign-on/trouble-shooting.md b/docs/src/understand/single-sign-on/trouble-shooting.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/trouble-shooting.md
rename to docs/src/understand/single-sign-on/trouble-shooting.md
diff --git a/docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg b/docs/src/understand/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg
rename to docs/src/understand/single-sign-on/understand/Wire_SAML_Flow (lucidchart).svg
diff --git a/docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow.png b/docs/src/understand/single-sign-on/understand/Wire_SAML_Flow.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/Wire_SAML_Flow.png
rename to docs/src/understand/single-sign-on/understand/Wire_SAML_Flow.png
diff --git a/docs/src/how-to/single-sign-on/understand/main.md b/docs/src/understand/single-sign-on/understand/main.md
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/main.md
rename to docs/src/understand/single-sign-on/understand/main.md
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-01.png b/docs/src/understand/single-sign-on/understand/token-step-01.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-01.png
rename to docs/src/understand/single-sign-on/understand/token-step-01.png
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-02.png b/docs/src/understand/single-sign-on/understand/token-step-02.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-02.png
rename to docs/src/understand/single-sign-on/understand/token-step-02.png
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-03.png b/docs/src/understand/single-sign-on/understand/token-step-03.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-03.png
rename to docs/src/understand/single-sign-on/understand/token-step-03.png
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-04.png b/docs/src/understand/single-sign-on/understand/token-step-04.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-04.png
rename to docs/src/understand/single-sign-on/understand/token-step-04.png
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-05.png b/docs/src/understand/single-sign-on/understand/token-step-05.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-05.png
rename to docs/src/understand/single-sign-on/understand/token-step-05.png
diff --git a/docs/src/how-to/single-sign-on/understand/token-step-06.png b/docs/src/understand/single-sign-on/understand/token-step-06.png
similarity index 100%
rename from docs/src/how-to/single-sign-on/understand/token-step-06.png
rename to docs/src/understand/single-sign-on/understand/token-step-06.png
diff --git a/docs/src/how-to/install/team-feature-settings.md b/docs/src/understand/team-feature-settings.md
similarity index 100%
rename from docs/src/how-to/install/team-feature-settings.md
rename to docs/src/understand/team-feature-settings.md
diff --git a/nix/default.nix b/nix/default.nix
index bd35e4aaf2..c377bf7102 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -49,7 +49,9 @@ let
         nativeBuildInputs = docsPkgs ++ [ pkgs.gnumake ];
       }
       ''
-        cp -r ${pkgs.nix-gitignore.gitignoreSource [] ../docs}/* .
+        cp -rH ${pkgs.nix-gitignore.gitignoreSource [] ../docs}/* .
+        chmod -R +w ./src
+        cp ${../CHANGELOG.md} ./src/changelog/changelog.md
         make docs-all
         mkdir $out
         cp -r build/* $out/

From 0bd7425bae382a630120af2660bfc2fa395a6fa3 Mon Sep 17 00:00:00 2001
From: Stefan Berthold <stefan.berthold@wire.com>
Date: Wed, 25 Jan 2023 11:26:22 +0100
Subject: [PATCH 29/38] fix Makefile kind-restart-all target (#3015)

---
 Makefile                                         | 2 +-
 changelog.d/5-internal/makefile-kind-restart-all | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/5-internal/makefile-kind-restart-all

diff --git a/Makefile b/Makefile
index 7aa65a0e86..28ba398972 100644
--- a/Makefile
+++ b/Makefile
@@ -488,7 +488,7 @@ kind-integration-e2e: .local/kind-kubeconfig
 kind-restart-all: .local/kind-kubeconfig
 	export KUBECONFIG=$(CURDIR)/.local/kind-kubeconfig && \
 	kubectl delete pod -n $(NAMESPACE) -l release=$(NAMESPACE)-wire-server && \
-	kubectl delete pod -n $(NAMESPACE)-fed2 -l release=$(NAMESPACE)-fed2-wire-server
+	kubectl delete pod -n $(NAMESPACE)-fed2 -l release=$(NAMESPACE)-wire-server-2
 
 kind-restart-nginx-ingress: .local/kind-kubeconfig
 	export KUBECONFIG=$(CURDIR)/.local/kind-kubeconfig && \
diff --git a/changelog.d/5-internal/makefile-kind-restart-all b/changelog.d/5-internal/makefile-kind-restart-all
new file mode 100644
index 0000000000..899efa0d8e
--- /dev/null
+++ b/changelog.d/5-internal/makefile-kind-restart-all
@@ -0,0 +1 @@
+Fix Makefile target kind-restart-all.

From 376f4697127b20c2d95d56872eaeca4fd5b7950d Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Wed, 25 Jan 2023 14:42:24 +0100
Subject: [PATCH 30/38] Removed unused old swagger code (#3017)

---
 changelog.d/5-internal/pr-3017             |   1 +
 libs/wire-api/src/Wire/API/Team/Feature.hs | 119 ---------------------
 tools/stern/src/Stern/Swagger.hs           |  96 -----------------
 tools/stern/stern.cabal                    |   1 -
 4 files changed, 1 insertion(+), 216 deletions(-)
 create mode 100644 changelog.d/5-internal/pr-3017
 delete mode 100644 tools/stern/src/Stern/Swagger.hs

diff --git a/changelog.d/5-internal/pr-3017 b/changelog.d/5-internal/pr-3017
new file mode 100644
index 0000000000..7d9245d71d
--- /dev/null
+++ b/changelog.d/5-internal/pr-3017
@@ -0,0 +1 @@
+Unused old swagger code removed from stern and team features
diff --git a/libs/wire-api/src/Wire/API/Team/Feature.hs b/libs/wire-api/src/Wire/API/Team/Feature.hs
index a7d74ad034..e9bbd67aab 100644
--- a/libs/wire-api/src/Wire/API/Team/Feature.hs
+++ b/libs/wire-api/src/Wire/API/Team/Feature.hs
@@ -77,10 +77,6 @@ module Wire.API.Team.Feature
     MLSConfig (..),
     AllFeatureConfigs (..),
     typeFeatureTTL,
-    withStatusModel,
-    withStatusNoLockModel,
-    allFeatureModels,
-    typeFeatureStatus,
     unImplicitLockStatus,
     ImplicitLockStatus (..),
   )
@@ -159,10 +155,6 @@ class IsFeatureConfig cfg where
   type FeatureSymbol cfg :: Symbol
   defFeatureStatus :: WithStatus cfg
 
-  -- | Swagger 1.2 model for stern and wai routes
-  configModel :: Maybe Doc.Model
-  configModel = Nothing
-
   objectSchema ::
     -- | Should be "pure MyFeatureConfig" if the feature doesn't have config,
     -- which results in a trivial empty schema and the "config" field being
@@ -250,20 +242,6 @@ instance (ToSchema cfg, IsFeatureConfig cfg) => ToSchema (WithStatus cfg) where
 instance (Arbitrary cfg, IsFeatureConfig cfg) => Arbitrary (WithStatus cfg) where
   arbitrary = WithStatusBase <$> arbitrary <*> arbitrary <*> arbitrary <*> arbitrary
 
-withStatusModel :: forall cfg. (IsFeatureConfig cfg, KnownSymbol (FeatureSymbol cfg)) => Doc.Model
-withStatusModel =
-  let name = featureName @cfg
-      mbModelCfg = configModel @cfg
-   in Doc.defineModel ("WithStatus." <> name) $ do
-        case mbModelCfg of
-          Nothing -> Doc.description $ "Team feature " <> name <> " that has no configuration beyond the boolean on/off switch."
-          Just modelCfg -> do
-            Doc.description $ "Status and config of " <> name
-            Doc.property "config" (Doc.ref modelCfg) $ Doc.description "config"
-
-        Doc.property "status" typeFeatureStatus $ Doc.description "status"
-        Doc.property "lockStatus" typeLockStatusValue $ Doc.description ""
-
 ----------------------------------------------------------------------
 -- WithStatusPatch
 
@@ -359,19 +337,6 @@ instance (ToSchema cfg, IsFeatureConfig cfg) => ToSchema (WithStatusNoLock cfg)
       inner = schema @cfg
       name = fromMaybe "" (getName (schemaDoc inner)) <> ".WithStatusNoLock"
 
-withStatusNoLockModel :: forall cfg. (IsFeatureConfig cfg, KnownSymbol (FeatureSymbol cfg)) => Doc.Model
-withStatusNoLockModel =
-  let name = featureName @cfg
-      mbModelCfg = configModel @cfg
-   in Doc.defineModel ("WithStatusNoLock." <> name) $ do
-        case mbModelCfg of
-          Nothing -> Doc.description $ "Team feature " <> name <> " that has no configuration beyond the boolean on/off switch."
-          Just modelCfg -> do
-            Doc.description $ "Status and config of " <> name
-            Doc.property "config" (Doc.ref modelCfg) $ Doc.description "config"
-
-        Doc.property "status" typeFeatureStatus $ Doc.description "status"
-
 ----------------------------------------------------------------------
 -- FeatureTTL
 
@@ -491,14 +456,6 @@ data LockStatus = LockStatusLocked | LockStatusUnlocked
 instance FromHttpApiData LockStatus where
   parseUrlPiece = maybeToEither "Invalid lock status" . fromByteString . cs
 
-typeLockStatusValue :: Doc.DataType
-typeLockStatusValue =
-  Doc.string $
-    Doc.enum
-      [ "locked",
-        "unlocked"
-      ]
-
 instance ToSchema LockStatus where
   schema =
     enum @Text "LockStatus" $
@@ -565,57 +522,6 @@ computeFeatureConfigForTeamUser mStatusDb mLockStatusDb defStatus =
   where
     lockStatus = fromMaybe (wsLockStatus defStatus) mLockStatusDb
 
-allFeatureModels :: [Doc.Model]
-allFeatureModels =
-  [ withStatusNoLockModel @LegalholdConfig,
-    withStatusNoLockModel @SSOConfig,
-    withStatusNoLockModel @SearchVisibilityAvailableConfig,
-    withStatusNoLockModel @ValidateSAMLEmailsConfig,
-    withStatusNoLockModel @DigitalSignaturesConfig,
-    withStatusNoLockModel @AppLockConfig,
-    withStatusNoLockModel @FileSharingConfig,
-    withStatusNoLockModel @ClassifiedDomainsConfig,
-    withStatusNoLockModel @ConferenceCallingConfig,
-    withStatusNoLockModel @SelfDeletingMessagesConfig,
-    withStatusNoLockModel @GuestLinksConfig,
-    withStatusNoLockModel @SndFactorPasswordChallengeConfig,
-    withStatusNoLockModel @SearchVisibilityInboundConfig,
-    withStatusNoLockModel @MLSConfig,
-    withStatusNoLockModel @ExposeInvitationURLsToTeamAdminConfig,
-    withStatusModel @LegalholdConfig,
-    withStatusModel @SSOConfig,
-    withStatusModel @SearchVisibilityAvailableConfig,
-    withStatusModel @ValidateSAMLEmailsConfig,
-    withStatusModel @DigitalSignaturesConfig,
-    withStatusModel @AppLockConfig,
-    withStatusModel @FileSharingConfig,
-    withStatusModel @ClassifiedDomainsConfig,
-    withStatusModel @ConferenceCallingConfig,
-    withStatusModel @SelfDeletingMessagesConfig,
-    withStatusModel @GuestLinksConfig,
-    withStatusModel @SndFactorPasswordChallengeConfig,
-    withStatusModel @SearchVisibilityInboundConfig,
-    withStatusModel @MLSConfig,
-    withStatusModel @ExposeInvitationURLsToTeamAdminConfig
-  ]
-    <> catMaybes
-      [ configModel @LegalholdConfig,
-        configModel @SSOConfig,
-        configModel @SearchVisibilityAvailableConfig,
-        configModel @ValidateSAMLEmailsConfig,
-        configModel @DigitalSignaturesConfig,
-        configModel @AppLockConfig,
-        configModel @FileSharingConfig,
-        configModel @ClassifiedDomainsConfig,
-        configModel @ConferenceCallingConfig,
-        configModel @SelfDeletingMessagesConfig,
-        configModel @GuestLinksConfig,
-        configModel @SndFactorPasswordChallengeConfig,
-        configModel @SearchVisibilityInboundConfig,
-        configModel @MLSConfig,
-        configModel @ExposeInvitationURLsToTeamAdminConfig
-      ]
-
 --------------------------------------------------------------------------------
 -- GuestLinks feature
 
@@ -816,9 +722,6 @@ instance IsFeatureConfig ClassifiedDomainsConfig where
       LockStatusUnlocked
       (ClassifiedDomainsConfig [])
       FeatureTTLUnlimited
-  configModel = Just $
-    Doc.defineModel "ClassifiedDomainsConfig" $ do
-      Doc.property "domains" (Doc.array Doc.string') $ Doc.description "domains"
   objectSchema = field "config" schema
 
 ----------------------------------------------------------------------
@@ -848,10 +751,6 @@ instance IsFeatureConfig AppLockConfig where
       LockStatusUnlocked
       (AppLockConfig (EnforceAppLock False) 60)
       FeatureTTLUnlimited
-  configModel = Just $
-    Doc.defineModel "AppLockConfig" $ do
-      Doc.property "enforceAppLock" Doc.bool' $ Doc.description "enforceAppLock"
-      Doc.property "inactivityTimeoutSecs" Doc.int32' $ Doc.description ""
   objectSchema = field "config" schema
 
 newtype EnforceAppLock = EnforceAppLock Bool
@@ -904,9 +803,6 @@ instance IsFeatureConfig SelfDeletingMessagesConfig where
       LockStatusUnlocked
       (SelfDeletingMessagesConfig 0)
       FeatureTTLUnlimited
-  configModel = Just $
-    Doc.defineModel "SelfDeletingMessagesConfig" $ do
-      Doc.property "enforcedTimeoutSeconds" Doc.int32' $ Doc.description "optional; default: `0` (no enforcement)"
   objectSchema = field "config" schema
 
 ----------------------------------------------------------------------
@@ -937,13 +833,6 @@ instance IsFeatureConfig MLSConfig where
      in withStatus FeatureStatusDisabled LockStatusUnlocked config FeatureTTLUnlimited
   objectSchema = field "config" schema
 
-  configModel = Just $
-    Doc.defineModel "MLSConfig" $ do
-      Doc.property "protocolToggleUsers" (Doc.array Doc.string') $ Doc.description "allowlist of users that may change protocols"
-      Doc.property "defaultProtocol" Doc.string' $ Doc.description "default protocol, either \"proteus\" or \"mls\""
-      Doc.property "allowedCipherSuites" (Doc.array Doc.int32') $ Doc.description "cipher suite numbers,  See https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#table-5"
-      Doc.property "defaultCipherSuite" Doc.int32' $ Doc.description "cipher suite number. See https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#table-5"
-
 ----------------------------------------------------------------------
 -- ExposeInvitationURLsToTeamAdminConfig
 
@@ -985,14 +874,6 @@ instance FromHttpApiData FeatureStatus where
 instance ToHttpApiData FeatureStatus where
   toUrlPiece = cs . toByteString'
 
-typeFeatureStatus :: Doc.DataType
-typeFeatureStatus =
-  Doc.string $
-    Doc.enum
-      [ "enabled",
-        "disabled"
-      ]
-
 instance ToSchema FeatureStatus where
   schema =
     enum @Text "FeatureStatus" $
diff --git a/tools/stern/src/Stern/Swagger.hs b/tools/stern/src/Stern/Swagger.hs
deleted file mode 100644
index 97a047c961..0000000000
--- a/tools/stern/src/Stern/Swagger.hs
+++ /dev/null
@@ -1,96 +0,0 @@
-{-# LANGUAGE OverloadedStrings #-}
-
--- This file is part of the Wire Server implementation.
---
--- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
---
--- This program is free software: you can redistribute it and/or modify it under
--- the terms of the GNU Affero General Public License as published by the Free
--- Software Foundation, either version 3 of the License, or (at your option) any
--- later version.
---
--- This program is distributed in the hope that it will be useful, but WITHOUT
--- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
--- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
--- details.
---
--- You should have received a copy of the GNU Affero General Public License along
--- with this program. If not, see <https://www.gnu.org/licenses/>.
-
-module Stern.Swagger where
-
-import Data.String.Conversions
-import Data.Swagger.Build.Api
-import Imports
-import qualified Wire.API.Team.Feature as Feature
-import Wire.API.Team.SearchVisibility (modelTeamSearchVisibility)
-
-sternModels :: [Model]
-sternModels =
-  [ emailUpdate,
-    phoneUpdate,
-    modelTeamSearchVisibility,
-    teamBillingInfo,
-    teamBillingInfoUpdate
-  ]
-    <> Feature.allFeatureModels
-
-emailUpdate :: Model
-emailUpdate = defineModel "EmailUpdate" $ do
-  description "Email Update Data"
-  property "email" string' $
-    description "Email"
-
-phoneUpdate :: Model
-phoneUpdate = defineModel "PhoneUpdate" $ do
-  description "Phone Update Data"
-  property "phone" string' $
-    description "E.164 phone number"
-
-teamBillingInfo :: Model
-teamBillingInfo = defineModel "teamBillingInfo" $ do
-  property "firstname" string' $
-    description "First name of the team owner"
-  property "lastname" string' $
-    description "Last name of the team owner"
-  property "street" string' $
-    description "Street of the company address"
-  property "zip" string' $
-    description "ZIP code of the company address"
-  property "city" string' $
-    description "City of the company address"
-  property "country" string' $
-    description "Country of the company address"
-  property "company" string' $ do
-    description "Name of the company"
-    optional
-  property "state" string' $ do
-    description "State of the company address"
-    optional
-
-teamBillingInfoUpdate :: Model
-teamBillingInfoUpdate = defineModel "teamBillingInfoUpdate" $ do
-  property "firstname" string' $ do
-    description "First name of the team owner (1 - 256 characters)"
-    optional
-  property "lastname" string' $ do
-    description "Last name of the team owner (1 - 256 characters)"
-    optional
-  property "street" string' $ do
-    description "Street of the company address (1 - 256 characters)"
-    optional
-  property "zip" string' $ do
-    description "ZIP code of the company address (1 - 16 characters)"
-    optional
-  property "city" string' $ do
-    description "City of the company address (1 - 256 characters)"
-    optional
-  property "country" string' $ do
-    description "Country of the company address (1 - 256 characters)"
-    optional
-  property "company" string' $ do
-    description "Name of the company (1 - 256 characters)"
-    optional
-  property "state" string' $ do
-    description "State of the company address (1 - 256 characters)"
-    optional
diff --git a/tools/stern/stern.cabal b/tools/stern/stern.cabal
index f7831bfa65..7101c73a9e 100644
--- a/tools/stern/stern.cabal
+++ b/tools/stern/stern.cabal
@@ -23,7 +23,6 @@ library
     Stern.App
     Stern.Intra
     Stern.Options
-    Stern.Swagger
     Stern.Types
 
   other-modules:      Paths_stern

From 246470f7684b5c6a93be4feb0a9e82769b39a605 Mon Sep 17 00:00:00 2001
From: zebot <backend+zebot@wire.com>
Date: Wed, 25 Jan 2023 15:08:54 +0100
Subject: [PATCH 31/38] chore: [charts] Update team-settings version (#3016)

Co-authored-by: Zebot <zebot@users.noreply.github.com>
---
 changelog.d/0-release-notes/team-settings-upgrade | 1 +
 charts/team-settings/values.yaml                  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/0-release-notes/team-settings-upgrade

diff --git a/changelog.d/0-release-notes/team-settings-upgrade b/changelog.d/0-release-notes/team-settings-upgrade
new file mode 100644
index 0000000000..1168c3ea44
--- /dev/null
+++ b/changelog.d/0-release-notes/team-settings-upgrade
@@ -0,0 +1 @@
+Upgrade team-settings version to 4.14.0-v0.31.9-0-bf82b46
diff --git a/charts/team-settings/values.yaml b/charts/team-settings/values.yaml
index 200a9e9683..60ccd89059 100644
--- a/charts/team-settings/values.yaml
+++ b/charts/team-settings/values.yaml
@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/team-settings
-  tag: "4.13.0-v0.31.5-0-4754212"
+  tag: "4.14.0-v0.31.9-0-bf82b46"
 service:
   https:
     externalPort: 443

From f6b2f932d85c0b6b3701160daf3deb483c9627f8 Mon Sep 17 00:00:00 2001
From: Paolo Capriotti <paolo@capriotti.io>
Date: Wed, 25 Jan 2023 15:28:36 +0100
Subject: [PATCH 32/38] Mock combinators (#3014)

* Add mock creation utilities

* Remove Servant-based mocks

* Regenerate nix packages

Co-authored-by: Igor Ranieri Elland <54423+elland@users.noreply.github.com>

* Fold guardComponent

* Move MLS mocks to a separate module

Co-authored-by: Igor Ranieri Elland <54423+elland@users.noreply.github.com>
---
 changelog.d/5-internal/mock-utilities         |   1 +
 services/federator/default.nix                |   1 +
 services/federator/federator.cabal            |   1 +
 .../federator/src/Federator/MockServer.hs     |  86 ++++-
 services/galley/galley.cabal                  |   1 +
 services/galley/test/integration/API.hs       | 328 ++++++++----------
 .../galley/test/integration/API/Federation.hs |  59 ++--
 services/galley/test/integration/API/MLS.hs   | 165 +--------
 .../galley/test/integration/API/MLS/Mocks.hs  |  71 ++++
 .../test/integration/API/MessageTimer.hs      |   4 +-
 services/galley/test/integration/API/Roles.hs |   8 +-
 services/galley/test/integration/API/Util.hs  |  76 +---
 12 files changed, 375 insertions(+), 426 deletions(-)
 create mode 100644 changelog.d/5-internal/mock-utilities
 create mode 100644 services/galley/test/integration/API/MLS/Mocks.hs

diff --git a/changelog.d/5-internal/mock-utilities b/changelog.d/5-internal/mock-utilities
new file mode 100644
index 0000000000..1c08e75164
--- /dev/null
+++ b/changelog.d/5-internal/mock-utilities
@@ -0,0 +1 @@
+Add combinators for creating mocked federator responses in integration tests
diff --git a/services/federator/default.nix b/services/federator/default.nix
index 2704a157dc..f274290059 100644
--- a/services/federator/default.nix
+++ b/services/federator/default.nix
@@ -129,6 +129,7 @@ mkDerivation {
     time-manager
     tinylog
     tls
+    transformers
     types-common
     unix
     uri-bytestring
diff --git a/services/federator/federator.cabal b/services/federator/federator.cabal
index d832332a96..547d3d7536 100644
--- a/services/federator/federator.cabal
+++ b/services/federator/federator.cabal
@@ -140,6 +140,7 @@ library
     , time-manager
     , tinylog
     , tls
+    , transformers
     , types-common
     , unix
     , uri-bytestring
diff --git a/services/federator/src/Federator/MockServer.hs b/services/federator/src/Federator/MockServer.hs
index 38bf0fe8ca..f8f88e5310 100644
--- a/services/federator/src/Federator/MockServer.hs
+++ b/services/federator/src/Federator/MockServer.hs
@@ -1,3 +1,4 @@
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
 {-# LANGUAGE RecordWildCards #-}
 
 -- This file is part of the Wire Server implementation.
@@ -18,17 +19,33 @@
 -- with this program. If not, see <https://www.gnu.org/licenses/>.
 
 module Federator.MockServer
-  ( MockException (..),
+  ( -- * Federator mock server
+    MockException (..),
     withTempMockFederator,
     FederatedRequest (..),
+
+    -- * Mock utilities
+    Mock,
+    runMock,
+    mockReply,
+    mockFail,
+    guardRPC,
+    guardComponent,
+    (~>),
+    getRequest,
+    getRequestRPC,
+    getRequestBody,
   )
 where
 
 import qualified Control.Exception as Exception
 import Control.Exception.Base (throw)
 import Control.Monad.Catch hiding (fromException)
+import Control.Monad.Trans.Except
+import Control.Monad.Trans.Maybe
 import qualified Data.Aeson as Aeson
 import Data.Domain (Domain)
+import qualified Data.Text as Text
 import qualified Data.Text.Lazy as LText
 import Federator.Error
 import Federator.Error.ServerError
@@ -129,3 +146,70 @@ withTempMockFederator headers resp action = do
       (\(_close, port) -> action port)
   calls <- readIORef remoteCalls
   pure (result, calls)
+
+--------------------------------------------------------------------------------
+-- Mock creation utilities
+
+-- | This is a monad that can be used to create mocked responses. It is a very
+-- minimalistic web framework. One can expect a certain request (using
+-- 'guardRPC') and reply accordingly (using 'mockReply'). Multiple possible
+-- requests and responses can be combined using the 'Alternative' instance.  In
+-- simple cases, one can also use the infix '(~>)' combinator, which concisely
+-- binds a request to a hardcoded pure response.
+newtype Mock a = Mock {unMock :: ReaderT FederatedRequest (MaybeT (ExceptT Text IO)) a}
+  deriving newtype (Functor, Applicative, Alternative, Monad, MonadIO)
+
+-- | Convert a mocked response to a function which can be used as input to
+-- 'tempMockFederator'.
+runMock :: (Text -> IO a) -> Mock a -> FederatedRequest -> IO a
+runMock err m req =
+  runExceptT (runMaybeT (runReaderT (unMock m) req)) >>= \case
+    Right Nothing -> err ("unmocked endpoint called: " <> frRPC req)
+    Right (Just x) -> pure x
+    Left e -> err e
+
+-- | Retrieve the current request.
+getRequest :: Mock FederatedRequest
+getRequest = Mock $ ReaderT pure
+
+-- | Retrieve the RPC of the current request.
+getRequestRPC :: Mock Text
+getRequestRPC = frRPC <$> getRequest
+
+-- | Retrieve and deserialise the body of the current request.
+getRequestBody :: Aeson.FromJSON a => Mock a
+getRequestBody = do
+  b <- frBody <$> getRequest
+  case Aeson.eitherDecode b of
+    Left e -> do
+      rpc <- getRequestRPC
+      mockFail ("Parse failure in " <> rpc <> ": " <> Text.pack e)
+    Right x -> pure x
+
+-- | Expect a given RPC. If the current request does not match, the whole
+-- action fails. This can be used in combination with the 'Alternative'
+-- instance to provide responses for multiple requests.
+guardRPC :: Text -> Mock ()
+guardRPC rpc = do
+  rpc' <- getRequestRPC
+  guard (rpc' == rpc)
+
+guardComponent :: Component -> Mock ()
+guardComponent c = do
+  c' <- frComponent <$> getRequest
+  guard (c == c')
+
+-- | Serialise and return a response.
+mockReply :: Aeson.ToJSON a => a -> Mock LByteString
+mockReply = pure . Aeson.encode
+
+-- | Abort the mock with an error.
+mockFail :: Text -> Mock a
+mockFail = Mock . lift . lift . throwE
+
+infixl 5 ~>
+
+-- | Expect a given RPC and simply return a pure response when the current
+-- request matches.
+(~>) :: Aeson.ToJSON a => Text -> a -> Mock LByteString
+(~>) rpc x = guardRPC rpc *> mockReply x
diff --git a/services/galley/galley.cabal b/services/galley/galley.cabal
index 955c3ac159..c7c42b7a87 100644
--- a/services/galley/galley.cabal
+++ b/services/galley/galley.cabal
@@ -375,6 +375,7 @@ executable galley-integration
     API.Federation.Util
     API.MessageTimer
     API.MLS
+    API.MLS.Mocks
     API.MLS.Util
     API.Roles
     API.SQS
diff --git a/services/galley/test/integration/API.hs b/services/galley/test/integration/API.hs
index 7c001655ca..ce291f1ba4 100644
--- a/services/galley/test/integration/API.hs
+++ b/services/galley/test/integration/API.hs
@@ -24,7 +24,6 @@ where
 
 import qualified API.CustomBackend as CustomBackend
 import qualified API.Federation as Federation
-import API.Federation.Util
 import qualified API.MLS
 import qualified API.MessageTimer as MessageTimer
 import qualified API.Roles as Roles
@@ -64,15 +63,14 @@ import qualified Data.Text as T
 import qualified Data.Text.Ascii as Ascii
 import Data.Time.Clock (getCurrentTime)
 import Federator.Discovery (DiscoveryFailure (..))
-import Federator.MockServer (FederatedRequest (..), MockException (..))
+import Federator.MockServer
 import Galley.API.Mapping
 import Galley.Options (optFederator)
 import Galley.Types.Conversations.Intra
 import Galley.Types.Conversations.Members
 import Imports
-import qualified Network.HTTP.Types as HTTP
+import qualified Network.HTTP.Types.Status as HTTP
 import Network.Wai.Utilities.Error
-import Servant hiding (respond)
 import Test.QuickCheck (arbitrary, generate)
 import Test.Tasty
 import Test.Tasty.Cannon (TimeoutUnit (..), (#))
@@ -97,7 +95,6 @@ import Wire.API.Internal.Notification
 import Wire.API.Message
 import qualified Wire.API.Message as Message
 import Wire.API.Routes.MultiTablePaging
-import Wire.API.Routes.Named
 import Wire.API.Routes.Version
 import Wire.API.Routes.Versioned
 import qualified Wire.API.Team.Feature as Public
@@ -340,7 +337,7 @@ postConvWithRemoteUsersOk = do
   let nameMaxSize = T.replicate 256 "a"
   WS.bracketR3 c alice alex amy $ \(wsAlice, wsAlex, wsAmy) -> do
     (rsp, federatedRequests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         postConvQualified alice defNewProteusConv {newConvName = checked nameMaxSize, newConvQualifiedUsers = [qAlex, qAmy, qChad, qCharlie, qDee]}
           <!! const 201 === statusCode
     qcid <- assertConv rsp RegularConv alice qAlice [qAlex, qAmy, qChad, qCharlie, qDee] (Just nameMaxSize) Nothing
@@ -717,23 +714,30 @@ postMessageQualifiedLocalOwningBackendSuccess = do
           ]
 
     let mkPubClient c = PubClient c Nothing
-        brigApi d =
-          mkHandler @(FedApi 'Brig) $
-            Named @"get-user-clients" $ \_ _ ->
-              pure $
-                if
-                    | d == bDomain ->
-                        UserMap . Map.fromList $
-                          [ (qUnqualified bob, Set.singleton (mkPubClient bobClient)),
-                            (qUnqualified bart, Set.fromList (map mkPubClient [bartClient1, bartClient2]))
-                          ]
-                    | d == cDomain -> UserMap (Map.singleton (qUnqualified carl) (Set.singleton (PubClient carlClient Nothing)))
-                    | otherwise -> mempty
-
-        galleyApi _ =
-          mkHandler @(FedApi 'Galley) $ Named @"on-message-sent" $ \_ _ -> pure ()
-
-    (resp2, requests) <- postProteusMessageQualifiedWithMockFederator aliceU aliceClient convId message "data" Message.MismatchReportAll brigApi galleyApi
+        brigMock = do
+          guardRPC "get-user-clients"
+          d <- frTargetDomain <$> getRequest
+          asum
+            [ do
+                guard (d == bDomain)
+
+                mockReply $
+                  UserMap . Map.fromList $
+                    [ (qUnqualified bob, Set.singleton (mkPubClient bobClient)),
+                      (qUnqualified bart, Set.fromList (map mkPubClient [bartClient1, bartClient2]))
+                    ],
+              do
+                guard (d == cDomain)
+                mockReply $
+                  UserMap
+                    ( Map.singleton
+                        (qUnqualified carl)
+                        (Set.singleton (PubClient carlClient Nothing))
+                    )
+            ]
+        galleyMock = "on-message-sent" ~> ()
+
+    (resp2, requests) <- postProteusMessageQualifiedWithMockFederator aliceU aliceClient convId message "data" Message.MismatchReportAll (brigMock <|> galleyMock)
     pure resp2 !!! do
       const 201 === statusCode
       assertMismatchQualified mempty mempty mempty mempty
@@ -835,13 +839,8 @@ postMessageQualifiedLocalOwningBackendMissingClients = do
   let message = [(chadOwningDomain, chadClient, "text-for-chad")]
   -- FUTUREWORK: Mock federator and ensure that message is not propagated to remotes
   WS.bracketR2 cannon bobUnqualified chadUnqualified $ \(wsBob, wsChad) -> do
-    let brigApi _ =
-          mkHandler @(FedApi 'Brig) $
-            Named @"get-user-clients" $ \_ _ ->
-              pure $ UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
-        galleyApi _ = mkHandler @(FedApi 'Galley) EmptyAPI
-
-    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll brigApi galleyApi
+    let mock = "get-user-clients" ~> UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
+    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll mock
 
     pure resp2 !!! do
       const 412 === statusCode
@@ -913,20 +912,17 @@ postMessageQualifiedLocalOwningBackendRedundantAndDeletedClients = do
           ]
 
     -- FUTUREWORK: Mock federator and ensure that a message to Dee is sent
-    let brigApi _ =
-          mkHandler @(FedApi 'Brig) $
-            Named @"get-user-clients" $ \_ getUserClients ->
-              let lookupClients uid
-                    | uid == deeRemoteUnqualified = Just (uid, Set.fromList [PubClient deeClient Nothing])
-                    | uid == nonMemberRemoteUnqualified = Just (uid, Set.fromList [PubClient nonMemberRemoteClient Nothing])
-                    | otherwise = Nothing
-               in pure $ UserMap . Map.fromList . mapMaybe lookupClients $ F.gucUsers getUserClients
-        galleyApi _ =
-          mkHandler @(FedApi 'Galley) $
-            Named @"on-message-sent" $
-              \_ _ -> pure ()
-
-    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll brigApi galleyApi
+    let brigMock = do
+          guardRPC "get-user-clients"
+          getUserClients <- getRequestBody
+          let lookupClients uid
+                | uid == deeRemoteUnqualified = Just (uid, Set.fromList [PubClient deeClient Nothing])
+                | uid == nonMemberRemoteUnqualified = Just (uid, Set.fromList [PubClient nonMemberRemoteClient Nothing])
+                | otherwise = Nothing
+          mockReply $ UserMap . Map.fromList . mapMaybe lookupClients $ F.gucUsers getUserClients
+        galleyMock = "on-message-sent" ~> ()
+
+    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll (brigMock <|> galleyMock)
     pure resp2 !!! do
       const 201 === statusCode
       let expectedRedundant =
@@ -993,18 +989,16 @@ postMessageQualifiedLocalOwningBackendIgnoreMissingClients = do
       defNewProteusConv {newConvQualifiedUsers = [bobOwningDomain, chadOwningDomain, deeRemote]}
   let convId = (`Qualified` owningDomain) . decodeConvId $ resp
 
-  let brigApi _ =
-        mkHandler @(FedApi 'Brig) $
-          Named @"get-user-clients" $ \_ _ ->
-            pure $ UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
-      galleyApi _ = mkHandler @(FedApi 'Galley) EmptyAPI
+  let mock =
+        "get-user-clients" ~>
+          UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
 
   -- Missing Bob, chadClient2 and Dee
   let message = [(chadOwningDomain, chadClient, "text-for-chad")]
   -- FUTUREWORK: Mock federator and ensure that clients of Dee are checked. Also
   -- ensure that message is not propagated to remotes
   WS.bracketR2 cannon bobUnqualified chadUnqualified $ \(wsBob, wsChad) -> do
-    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchIgnoreAll brigApi galleyApi
+    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchIgnoreAll mock
     pure resp2 !!! do
       const 201 === statusCode
       assertMismatchQualified mempty mempty mempty mempty
@@ -1015,7 +1009,7 @@ postMessageQualifiedLocalOwningBackendIgnoreMissingClients = do
 
   -- Another way to ignore all is to report nobody
   WS.bracketR2 cannon bobUnqualified chadUnqualified $ \(wsBob, wsChad) -> do
-    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" (Message.MismatchReportOnly mempty) brigApi galleyApi
+    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" (Message.MismatchReportOnly mempty) mock
     pure resp2 !!! do
       const 201 === statusCode
       assertMismatchQualified mempty mempty mempty mempty
@@ -1034,8 +1028,7 @@ postMessageQualifiedLocalOwningBackendIgnoreMissingClients = do
         message
         "data"
         (Message.MismatchIgnoreOnly (Set.fromList [bobOwningDomain, chadOwningDomain, deeRemote]))
-        brigApi
-        galleyApi
+        mock
     pure resp2 !!! do
       const 201 === statusCode
       assertMismatchQualified mempty mempty mempty mempty
@@ -1055,8 +1048,7 @@ postMessageQualifiedLocalOwningBackendIgnoreMissingClients = do
         message
         "data"
         (Message.MismatchReportOnly (Set.fromList [chadOwningDomain]))
-        brigApi
-        galleyApi
+        mock
     pure resp2 !!! do
       const 412 === statusCode
       let expectedMissing =
@@ -1076,8 +1068,7 @@ postMessageQualifiedLocalOwningBackendIgnoreMissingClients = do
         message
         "data"
         (Message.MismatchReportOnly (Set.fromList [deeRemote]))
-        brigApi
-        galleyApi
+        mock
     pure resp2 !!! do
       const 412 === statusCode
       let expectedMissing =
@@ -1128,16 +1119,15 @@ postMessageQualifiedLocalOwningBackendFailedToSendClients = do
             (deeRemote, deeClient, "text-for-dee")
           ]
 
-    let brigApi _ =
-          mkHandler @(FedApi 'Brig) $
-            Named @"get-user-clients" $ \_ _ ->
-              pure $ UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
-        galleyApi _ =
-          mkHandler @(FedApi 'Galley) $
-            Named @"on-message-sent" $ \_ _ ->
-              throwError err503 {errBody = "Down for maintenance."}
+    let mock =
+          ( "get-user-clients" ~>
+              UserMap (Map.singleton (qUnqualified deeRemote) (Set.singleton (PubClient deeClient Nothing)))
+          )
+            <|> ( guardRPC "on-message-sent"
+                    *> throw (MockErrorResponse HTTP.status503 "Down for maintenance.")
+                )
 
-    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll brigApi galleyApi
+    (resp2, _requests) <- postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll mock
 
     let expectedFailedToSend =
           QualifiedUserClients . Map.fromList $
@@ -1166,16 +1156,12 @@ postMessageQualifiedRemoteOwningBackendFailure = do
   let remoteDomain = Domain "far-away.example.com"
       convId = Qualified convIdUnqualified remoteDomain
 
-  let brigApi _ = mkHandler @(FedApi 'Brig) EmptyAPI
-  let galleyApi _ =
-        mkHandler @(FedApi 'Galley) $
-          Named @"send-message" $
-            callsFed $
-              callsFed $ \_ _ ->
-                throwError err503 {errBody = "Down for maintenance."}
+  let mock =
+        guardRPC "send-message"
+          *> throw (MockErrorResponse HTTP.status503 "Down for maintenance.")
 
   (resp2, _requests) <-
-    postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId [] "data" Message.MismatchReportAll brigApi galleyApi
+    postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId [] "data" Message.MismatchReportAll mock
 
   pure resp2 !!! do
     const 503 === statusCode
@@ -1209,15 +1195,9 @@ postMessageQualifiedRemoteOwningBackendSuccess = do
             Message.mssFailedToSend = mempty
           }
       message = [(bobOwningDomain, bobClient, "text-for-bob"), (deeRemote, deeClient, "text-for-dee")]
-      brigApi _ = mkHandler @(FedApi 'Brig) EmptyAPI
-      galleyApi _ = mkHandler @(FedApi 'Galley) $
-        Named @"send-message" $
-          callsFed $
-            callsFed $ \_ _ ->
-              pure (F.MessageSendResponse (Right mss))
-
+      mock = "send-message" ~> F.MessageSendResponse (Right mss)
   (resp2, _requests) <-
-    postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll brigApi galleyApi
+    postProteusMessageQualifiedWithMockFederator aliceUnqualified aliceClient convId message "data" Message.MismatchReportAll mock
 
   pure resp2 !!! do
     const 201 === statusCode
@@ -1567,7 +1547,7 @@ testAccessUpdateGuestRemoved = do
   c <- view tsCannon
   WS.bracketRN c (map qUnqualified [alice, bob, charlie]) $ \[wsA, wsB, wsC] -> do
     -- conversation access role changes to team only
-    (_, reqs) <- withTempMockFederator (const ()) $ do
+    (_, reqs) <- withTempMockFederator' (mockReply ()) $ do
       putQualifiedAccessUpdate
         (qUnqualified alice)
         (cnvQualifiedId conv)
@@ -2418,7 +2398,7 @@ testAddRemoteMember = do
   connectWithRemoteUser alice remoteBob
 
   (resp, reqs) <-
-    withTempMockFederator (respond remoteBob) $
+    withTempMockFederator' (respond remoteBob) $
       postQualifiedMembers alice (remoteBob :| []) convId
         <!! const 200 === statusCode
   liftIO $ do
@@ -2438,13 +2418,13 @@ testAddRemoteMember = do
     let expected = [OtherMember remoteBob Nothing roleNameWireAdmin]
     assertEqual "other members should include remoteBob" expected actual
   where
-    respond :: Qualified UserId -> FederatedRequest -> Value
-    respond bob req
-      | frComponent req == Brig =
-          toJSON [mkProfile bob (Name "bob")]
-      | frRPC req == "on-new-remote-conversation" =
-          toJSON EmptyResponse
-      | otherwise = toJSON ()
+    respond :: Qualified UserId -> Mock LByteString
+    respond bob =
+      asum
+        [ guardComponent Brig *> mockReply [mkProfile bob (Name "bob")],
+          "on-new-remote-conversation" ~> EmptyResponse,
+          "on-conversation-updated" ~> ()
+        ]
 
 testDeleteTeamConversationWithRemoteMembers :: TestM ()
 testDeleteTeamConversationWithRemoteMembers = do
@@ -2461,13 +2441,10 @@ testDeleteTeamConversationWithRemoteMembers = do
 
   connectWithRemoteUser alice remoteBob
 
-  let brigApi _ = mkHandler @(FedApi 'Brig) EmptyAPI
-      galleyApi _ =
-        mkHandler @(FedApi 'Galley) $
-          (Named @"on-new-remote-conversation" $ \_ _ -> pure EmptyResponse)
-            :<|> (Named @"on-conversation-updated" $ \_ _ -> pure ())
-
-  (_, received) <- withTempServantMockFederator brigApi galleyApi localDomain $ do
+  let mock =
+        ("on-new-remote-conversation" ~> EmptyResponse)
+          <|> ("on-conversation-updated" ~> ())
+  (_, received) <- withTempMockFederator' mock $ do
     postQualifiedMembers alice (remoteBob :| []) convId
       !!! const 200 === statusCode
 
@@ -2539,8 +2516,8 @@ testGetQualifiedRemoteConv = do
           ProtocolProteus
 
   (respAll, _) <-
-    withTempMockFederator
-      (const remoteConversationResponse)
+    withTempMockFederator'
+      (mockReply remoteConversationResponse)
       (getConvQualified aliceId remoteConvId)
 
   conv <- responseJsonUnsafe <$> (pure respAll <!! const 200 === statusCode)
@@ -2568,7 +2545,7 @@ testGetQualifiedRemoteConvNotFoundOnRemote = do
 
   registerRemoteConv remoteConvId bobId Nothing (Set.fromList [aliceAsOtherMember])
 
-  void . withTempMockFederator (const (GetConversationsResponse [])) $ do
+  void . withTempMockFederator' (mockReply (GetConversationsResponse [])) $ do
     getConvQualified aliceId remoteConvId !!! do
       const 404 === statusCode
       const (Just "no-conversation") === view (at "label") . responseJsonUnsafe @Object
@@ -2648,17 +2625,18 @@ testBulkGetQualifiedConvs = do
             remoteConvIdBNotFoundOnRemote,
             remoteConvIdCFailure
           ]
-  (respAll, receivedRequests) <-
-    withTempMockFederator'
-      ( \fedReq -> do
-          let success = pure . encode
-          case frTargetDomain fedReq of
-            d | d == remoteDomainA -> success $ GetConversationsResponse [mockConversationA]
-            d | d == remoteDomainB -> success $ GetConversationsResponse [mockConversationB]
-            d | d == remoteDomainC -> throw (DiscoveryFailureSrvNotAvailable "domainC")
-            _ -> assertFailure $ "Unrecognized domain: " <> show fedReq
-      )
-      (listConvs alice req)
+  (respAll, receivedRequests) <- do
+    let mock = do
+          d <- frTargetDomain <$> getRequest
+          asum
+            [ guard (d == remoteDomainA) *> mockReply (GetConversationsResponse [mockConversationA]),
+              guard (d == remoteDomainB) *> mockReply (GetConversationsResponse [mockConversationB]),
+              guard (d == remoteDomainC) *> liftIO (throw (DiscoveryFailureSrvNotAvailable "domainC")),
+              do
+                r <- getRequest
+                liftIO . assertFailure $ "Unrecognized domain: " <> show r
+            ]
+    withTempMockFederator' mock (listConvs alice req)
   convs <- responseJsonUnsafe <$> (pure respAll <!! const 200 === statusCode)
 
   liftIO $ do
@@ -2910,9 +2888,11 @@ deleteLocalMemberConvLocalQualifiedOk = do
         defNewProteusConv {newConvQualifiedUsers = [qBob, qEve]}
   let qconvId = Qualified convId localDomain
 
-  let mockReturnEve = onlyMockedFederatedBrigResponse [(qEve, "Eve")]
+  let mockReturnEve =
+        mockedFederatedBrigResponse [(qEve, "Eve")]
+          <|> mockReply ()
   (respDel, fedRequests) <-
-    withTempMockFederator mockReturnEve $
+    withTempMockFederator' mockReturnEve $
       deleteMemberQualified alice qBob qconvId
   let [galleyFederatedRequest] = fedRequestsForDomain remoteDomain Galley fedRequests
   assertRemoveUpdate galleyFederatedRequest qconvId qAlice [qUnqualified qEve] qBob
@@ -2947,21 +2927,17 @@ deleteRemoteMemberConvLocalQualifiedOk = do
   connectUsers alice (singleton bob)
   mapM_ (connectWithRemoteUser alice) [qChad, qDee, qEve]
 
-  let mockedResponse fedReq = do
-        let success :: ToJSON a => a -> IO LByteString
-            success = pure . encode
-            getUsersRPC = "get-users-by-ids"
-        case (frTargetDomain fedReq, frRPC fedReq) of
-          (d, mp)
-            | d == remoteDomain1 && mp == getUsersRPC ->
-                success [mkProfile qChad (Name "Chad"), mkProfile qDee (Name "Dee")]
-          (d, mp)
-            | d == remoteDomain2 && mp == getUsersRPC ->
-                success [mkProfile qEve (Name "Eve")]
-          _ -> success ()
-
+  let mockedResponse = do
+        guardRPC "get-users-by-ids"
+        d <- frTargetDomain <$> getRequest
+        asum
+          [ guard (d == remoteDomain1)
+              *> mockReply [mkProfile qChad (Name "Chad"), mkProfile qDee (Name "Dee")],
+            guard (d == remoteDomain2)
+              *> mockReply [mkProfile qEve (Name "Eve")]
+          ]
   (convId, _) <-
-    withTempMockFederator' mockedResponse $
+    withTempMockFederator' (mockedResponse <|> mockReply ()) $
       fmap decodeConvId $
         postConvQualified
           alice
@@ -2970,7 +2946,7 @@ deleteRemoteMemberConvLocalQualifiedOk = do
   let qconvId = Qualified convId localDomain
 
   (respDel, federatedRequests) <-
-    withTempMockFederator' mockedResponse $
+    withTempMockFederator' (mockedResponse <|> mockReply ()) $
       deleteMemberQualified alice qChad qconvId
   liftIO $ do
     statusCode respDel @?= 200
@@ -3002,18 +2978,15 @@ leaveRemoteConvQualifiedOk = do
   let remoteDomain = Domain "faraway.example.com"
       qconv = Qualified conv remoteDomain
       qBob = Qualified bob remoteDomain
-  let mockedFederatedGalleyResponse :: FederatedRequest -> Maybe Value
-      mockedFederatedGalleyResponse req
-        | frComponent req == Galley =
-            Just . toJSON . F.LeaveConversationResponse . Right $ ()
-        | otherwise = Nothing
+  let mockedFederatedGalleyResponse = do
+        guardComponent Galley
+        mockReply (F.LeaveConversationResponse (Right ()))
       mockResponses =
-        joinMockedFederatedResponses
-          (mockedFederatedBrigResponse [(qBob, "Bob")])
-          mockedFederatedGalleyResponse
+        mockedFederatedBrigResponse [(qBob, "Bob")]
+          <|> mockedFederatedGalleyResponse
 
   (resp, fedRequests) <-
-    withTempMockFederator mockResponses $
+    withTempMockFederator' mockResponses $
       deleteMemberQualified alice qAlice qconv
   let leaveRequest =
         fromJust . decode . frBody . Imports.head $
@@ -3033,15 +3006,13 @@ leaveNonExistentRemoteConv = do
   let remoteDomain = Domain "faraway.example.com"
   conv <- randomQualifiedId remoteDomain
 
-  let mockResponses :: FederatedRequest -> Maybe Value
-      mockResponses req
-        | frComponent req == Galley =
-            Just . toJSON . F.LeaveConversationResponse $
-              Left F.RemoveFromConversationErrorNotFound
-        | otherwise = Nothing
+  let mockResponses = do
+        guardComponent Galley
+        mockReply $
+          F.LeaveConversationResponse (Left F.RemoveFromConversationErrorNotFound)
 
   (resp, fedRequests) <-
-    withTempMockFederator mockResponses $
+    withTempMockFederator' mockResponses $
       responseJsonError
         =<< deleteMemberQualified (qUnqualified alice) alice conv
           <!! const 404 === statusCode
@@ -3060,15 +3031,15 @@ leaveRemoteConvDenied = do
   let remoteDomain = Domain "faraway.example.com"
   conv <- randomQualifiedId remoteDomain
 
-  let mockResponses :: FederatedRequest -> Maybe Value
-      mockResponses req
-        | frComponent req == Galley =
-            Just . toJSON . F.LeaveConversationResponse $
-              Left F.RemoveFromConversationErrorRemovalNotAllowed
-        | otherwise = Nothing
+  let mockResponses = do
+        guardComponent Galley
+        mockReply $
+          F.LeaveConversationResponse
+            ( Left F.RemoveFromConversationErrorRemovalNotAllowed
+            )
 
   (resp, fedRequests) <-
-    withTempMockFederator mockResponses $
+    withTempMockFederator' mockResponses $
       responseJsonError
         =<< deleteMemberQualified (qUnqualified alice) alice conv
           <!! const 403 === statusCode
@@ -3177,7 +3148,7 @@ putQualifiedConvRenameWithRemotesOk = do
 
   WS.bracketR c bob $ \wsB -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putQualifiedConversationName bob qconv "gossip++" !!! const 200 === statusCode
 
     req <- assertOne requests
@@ -3497,8 +3468,8 @@ putRemoteConvMemberOk update = do
           [localMemberToOther remoteDomain bobAsLocal]
       remoteConversationResponse = GetConversationsResponse [mockConversation]
   (rs, _) <-
-    withTempMockFederator
-      (const remoteConversationResponse)
+    withTempMockFederator'
+      (mockReply remoteConversationResponse)
       $ getConvQualified alice qconv
         <!! const 200 === statusCode
 
@@ -3621,10 +3592,10 @@ putRemoteReceiptModeOk = do
             cuAction =
               SomeConversationAction (sing @'ConversationReceiptModeUpdateTag) action
           }
-  let mockResponse = const (ConversationUpdateResponseUpdate responseConvUpdate)
+  let mockResponse = mockReply (ConversationUpdateResponseUpdate responseConvUpdate)
 
   WS.bracketR c adam $ \wsAdam -> do
-    (res, federatedRequests) <- withTempMockFederator mockResponse $ do
+    (res, federatedRequests) <- withTempMockFederator' mockResponse $ do
       putQualifiedReceiptMode alice qconv newReceiptMode
         <!! const 200 === statusCode
 
@@ -3661,7 +3632,7 @@ putReceiptModeWithRemotesOk = do
 
   WS.bracketR c bob $ \wsB -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putQualifiedReceiptMode bob qconv (ReceiptMode 43) !!! const 200 === statusCode
 
     req <- assertOne requests
@@ -3887,16 +3858,19 @@ removeUser = do
   runFedClient @"on-conversation-created" fedGalleyClient dDomain $ nc convD1 dory [alexDel]
 
   WS.bracketR3 c alice' alexDel' amy' $ \(wsAlice, wsAlexDel, wsAmy) -> do
-    let handler :: FederatedRequest -> IO LByteString
-        handler freq
-          | frTargetDomain freq == dDomain =
-              throw $ DiscoveryFailureSrvNotAvailable "dDomain"
-          | frTargetDomain freq `elem` [bDomain, cDomain] =
-              case frRPC freq of
-                "leave-conversation" -> pure (encode (F.LeaveConversationResponse (Right ())))
-                "on-conversation-updated" -> pure (encode ())
-                _ -> throw $ MockErrorResponse HTTP.status404 "invalid rpc"
-          | otherwise = throw $ MockErrorResponse HTTP.status500 "unmocked domain"
+    let handler = do
+          d <- frTargetDomain <$> getRequest
+          asum
+            [ do
+                guard (d == dDomain)
+                throw (DiscoveryFailureSrvNotAvailable "dDomain"),
+              do
+                guard (d `elem` [bDomain, cDomain])
+                asum
+                  [ "leave-conversation" ~> F.LeaveConversationResponse (Right ()),
+                    "on-conversation-updated" ~> ()
+                  ]
+            ]
     (_, fedRequests) <-
       withTempMockFederator' handler $
         deleteUser alexDel' !!! const 200 === statusCode
@@ -4037,7 +4011,7 @@ testOne2OneConversationRequest shouldBeLocal actor desired = do
           found <- do
             let rconv = mkProteusConv (qUnqualified convId) (tUnqualified bob) roleNameWireAdmin []
             (resp, _) <-
-              withTempMockFederator (const (F.GetConversationsResponse [rconv])) $
+              withTempMockFederator' (mockReply (F.GetConversationsResponse [rconv])) $
                 getConvQualified (tUnqualified alice) convId
             pure $ statusCode resp == 200
           liftIO $ found @?= ((actor, desired) == (LocalActor, Included))
@@ -4083,15 +4057,15 @@ updateTypingIndicatorToRemoteUserRemoteConv = do
           [localMemberToOther remoteDomain bobAsLocal]
       remoteConversationResponse = GetConversationsResponse [mockConversation]
   void
-    $ withTempMockFederator
-      (const remoteConversationResponse)
+    $ withTempMockFederator'
+      (mockReply remoteConversationResponse)
     $ getConvQualified alice qconv
       <!! const 200 === statusCode
 
   WS.bracketR c alice $ \wsAlice -> do
     -- Started
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from bob to alice
         let tcReq =
               TypingDataUpdateRequest
@@ -4109,7 +4083,7 @@ updateTypingIndicatorToRemoteUserRemoteConv = do
 
     -- stopped
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from bob to alice
         let tcReq =
               TypingDataUpdateRequest
@@ -4145,7 +4119,7 @@ updateTypingIndicatorFromRemoteUser = do
   WS.bracketR c alice $ \wsAlice -> do
     -- Started
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from bob to alice
         let tcReq =
               TypingDataUpdateRequest
@@ -4164,7 +4138,7 @@ updateTypingIndicatorFromRemoteUser = do
 
     -- stopped
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from bob to alice
         let tcReq =
               TypingDataUpdateRequest
@@ -4200,7 +4174,7 @@ updateTypingIndicatorToRemoteUser = do
   WS.bracketR c bob $ \wsBob -> do
     -- started
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from alice to bob
         let tcReq =
               TypingDataUpdateRequest
@@ -4219,7 +4193,7 @@ updateTypingIndicatorToRemoteUser = do
 
     -- stopped
     void $
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- post typing indicator from alice to bob
         let tcReq =
               TypingDataUpdateRequest
diff --git a/services/galley/test/integration/API/Federation.hs b/services/galley/test/integration/API/Federation.hs
index e33915ce83..99e90443ba 100644
--- a/services/galley/test/integration/API/Federation.hs
+++ b/services/galley/test/integration/API/Federation.hs
@@ -22,7 +22,6 @@ import API.Util
 import Bilge hiding (head)
 import Bilge.Assert
 import Control.Lens hiding ((#))
-import Data.Aeson (ToJSON (..))
 import qualified Data.Aeson as A
 import Data.ByteString.Conversion (toByteString')
 import Data.Domain
@@ -41,7 +40,7 @@ import Data.String.Conversions
 import Data.Time.Clock
 import Data.Timeout (TimeoutUnit (..), (#))
 import Data.UUID.V4 (nextRandom)
-import Federator.MockServer (FederatedRequest (..))
+import Federator.MockServer
 import Galley.Types.Conversations.Intra
 import Imports
 import Test.QuickCheck (arbitrary, generate)
@@ -643,21 +642,18 @@ leaveConversationSuccess = do
   connectWithRemoteUser alice qDee
   connectWithRemoteUser alice qEve
 
-  let mockedResponse fedReq = do
-        let success :: ToJSON a => a -> IO LByteString
-            success = pure . A.encode
-            getUsersRPC = "get-users-by-ids"
-        case (frTargetDomain fedReq, frRPC fedReq) of
-          (d, mp)
-            | d == remoteDomain1 && mp == getUsersRPC ->
-                success [mkProfile qChad (Name "Chad"), mkProfile qDee (Name "Dee")]
-          (d, mp)
-            | d == remoteDomain2 && mp == getUsersRPC ->
-                success [mkProfile qEve (Name "Eve")]
-          _ -> success ()
+  let mock = do
+        guardRPC "get-users-by-ids"
+        d <- frTargetDomain <$> getRequest
+        asum
+          [ guard (d == remoteDomain1)
+              *> mockReply [mkProfile qChad (Name "Chad"), mkProfile qDee (Name "Dee")],
+            guard (d == remoteDomain2)
+              *> mockReply [mkProfile qEve (Name "Eve")]
+          ]
 
   (convId, _) <-
-    withTempMockFederator' mockedResponse $
+    withTempMockFederator' (mock <|> mockReply ()) $
       decodeConvId
         <$> postConvQualified
           alice
@@ -668,7 +664,7 @@ leaveConversationSuccess = do
 
   (_, federatedRequests) <-
     WS.bracketR2 c alice bob $ \(wsAlice, wsBob) -> do
-      withTempMockFederator' mockedResponse $ do
+      withTempMockFederator' (mock <|> mockReply ()) $ do
         g <- viewGalley
         let leaveRequest = FedGalley.LeaveConversationRequest convId (qUnqualified qChad)
         respBS <-
@@ -842,12 +838,9 @@ sendMessage = do
   connectWithRemoteUser aliceId bob
   connectWithRemoteUser aliceId chad
   -- conversation
-  let responses1 req
-        | frComponent req == Brig =
-            toJSON [bobProfile, chadProfile]
-        | otherwise = toJSON ()
+  let responses1 = guardComponent Brig *> mockReply [bobProfile, chadProfile]
   (convId, requests1) <-
-    withTempMockFederator responses1 $
+    withTempMockFederator' (responses1 <|> mockReply ()) $
       fmap decodeConvId $
         postConvQualified
           aliceId
@@ -878,16 +871,14 @@ sendMessage = do
             FedGalley.pmsrSender = bobId,
             FedGalley.pmsrRawMessage = Base64ByteString (Protolens.encodeMessage msg)
           }
-  let responses2 req
-        | frComponent req == Brig =
-            toJSON
-              ( Map.fromList
-                  [ (chadId, Set.singleton (PubClient chadClient Nothing)),
-                    (bobId, Set.singleton (PubClient bobClient Nothing))
-                  ]
-              )
-        | otherwise = toJSON ()
-  (_, requests2) <- withTempMockFederator responses2 $ do
+  let mock = do
+        guardComponent Brig
+        mockReply $
+          Map.fromList
+            [ (chadId, Set.singleton (PubClient chadClient Nothing)),
+              (bobId, Set.singleton (PubClient bobClient Nothing))
+            ]
+  (_, requests2) <- withTempMockFederator' (mock <|> mockReply ()) $ do
     WS.bracketR cannon aliceId $ \ws -> do
       g <- viewGalley
       msresp <-
@@ -982,7 +973,7 @@ onUserDeleted = do
         <!! const 201 === statusCode
 
   WS.bracketR2 cannon (tUnqualified alice) (qUnqualified alex) $ \(wsAlice, wsAlex) -> do
-    (resp, rpcCalls) <- withTempMockFederator (const ()) $ do
+    (resp, rpcCalls) <- withTempMockFederator' (mockReply ()) $ do
       let udcn =
             FedGalley.UserDeletedConversationsNotification
               { FedGalley.udcvUser = tUnqualified bob,
@@ -1060,7 +1051,7 @@ updateConversationByRemoteAdmin = do
   let convName = "Test Conv"
   WS.bracketR c alice $ \wsAlice -> do
     (rsp, _federatedRequests) <-
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         postConvQualified alice defNewProteusConv {newConvName = checked convName, newConvQualifiedUsers = [qbob, qcharlie]}
           <!! const 201 === statusCode
 
@@ -1070,7 +1061,7 @@ updateConversationByRemoteAdmin = do
     let action = SomeConversationAction (sing @'ConversationReceiptModeUpdateTag) (ConversationReceiptModeUpdate newReceiptMode)
 
     (_, federatedRequests) <-
-      withTempMockFederator (const ()) $ do
+      withTempMockFederator' (mockReply ()) $ do
         -- promote chad to admin
         putOtherMemberQualified alice qbob (OtherMemberUpdate (Just roleNameWireAdmin)) cnv
           !!! const 200 === statusCode
diff --git a/services/galley/test/integration/API/MLS.hs b/services/galley/test/integration/API/MLS.hs
index 7b94424cd5..ced2f442be 100644
--- a/services/galley/test/integration/API/MLS.hs
+++ b/services/galley/test/integration/API/MLS.hs
@@ -19,6 +19,7 @@
 
 module API.MLS (tests) where
 
+import API.MLS.Mocks
 import API.MLS.Util
 import API.Util
 import Bilge hiding (head)
@@ -59,7 +60,6 @@ import Wire.API.Conversation.Action
 import Wire.API.Conversation.Protocol
 import Wire.API.Conversation.Role
 import Wire.API.Error.Galley
-import Wire.API.Federation.API.Common
 import Wire.API.Federation.API.Galley
 import Wire.API.MLS.Credential
 import Wire.API.MLS.Keys
@@ -69,7 +69,6 @@ import Wire.API.MLS.Welcome
 import Wire.API.Message
 import Wire.API.Routes.MultiTablePaging
 import Wire.API.Routes.Version
-import Wire.API.User.Client
 
 tests :: IO TestSetup -> TestTree
 tests s =
@@ -313,11 +312,6 @@ testRemoteWelcome :: TestM ()
 testRemoteWelcome = do
   [alice, bob] <- createAndConnectUsers [Nothing, Just "bob.example.com"]
 
-  let mockedResponse fedReq =
-        case frRPC fedReq of
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
   runMLSTest $ do
     alice1 <- createMLSClient alice
     _bob1 <- createFakeMLSClient bob
@@ -328,7 +322,7 @@ testRemoteWelcome = do
       Nothing -> assertFailure "Expected welcome message"
       Just w -> pure w
     (_, reqs) <-
-      withTempMockFederator' mockedResponse $
+      withTempMockFederator' welcomeMock $
         postWelcome (ciUser (mpSender commit)) welcome
           !!! const 201 === statusCode
     consumeWelcome welcome
@@ -630,21 +624,9 @@ testAddRemoteUser = do
     [alice1, bob1] <- traverse createMLSClient users
     (_, qcnv) <- setupMLSGroup alice1
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True . ciClient)
-              $ [bob1]
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
     commit <- createAddCommit alice1 [bob]
     (events, reqs) <-
-      withTempMockFederator' mock $
+      withTempMockFederator' (receiveCommitMock [bob1] <|> welcomeMock) $
         sendAndConsumeCommit commit
     pure (events, reqs, qcnv)
 
@@ -820,17 +802,7 @@ testRemoteAppMessage = do
 
     (_, qcnv) <- setupMLSGroup alice1
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "on-mls-message-sent" -> pure (Aeson.encode RemoteMLSMessageOk)
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.singleton
-              $ ClientInfo (ciClient bob1) True
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
+    let mock = receiveCommitMock [bob1] <|> messageSentMock <|> welcomeMock
 
     ((message, events), reqs) <- withTempMockFederator' mock $ do
       void $ createAddCommit alice1 [bob] >>= sendAndConsumeCommit
@@ -905,12 +877,8 @@ testLocalToRemote = do
     -- A notifies B about bob being in the conversation (Join event): step 5
     receiveOnConvUpdated qcnv alice bob
 
-    let mock req = case frRPC req of
-          "send-mls-message" -> pure (Aeson.encode (MLSMessageResponseUpdates []))
-          rpc -> assertFailure $ "unmocked RPC called: " <> T.unpack rpc
-
     (_, reqs) <-
-      withTempMockFederator' mock $
+      withTempMockFederator' sendMessageMock $
         -- bob sends a message: step 12
         sendAndConsumeMessage message
 
@@ -949,12 +917,8 @@ testLocalToRemoteNonMember = do
     -- register remote conversation: step 4
     receiveNewRemoteConv qcnv groupId
 
-    let mock req = case frRPC req of
-          "send-mls-message" -> pure (Aeson.encode (MLSMessageResponseUpdates []))
-          rpc -> assertFailure $ "unmocked RPC called: " <> T.unpack rpc
-
     void $
-      withTempMockFederator' mock $ do
+      withTempMockFederator' sendMessageMock $ do
         galley <- viewGalley
 
         -- bob sends a message: step 12
@@ -1208,20 +1172,8 @@ testRemoteToLocal = do
     kpb <- claimKeyPackages alice1 bob
     mp <- createAddCommit alice1 [bob]
 
-    let mockedResponse fedReq =
-          case frRPC fedReq of
-            "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-            "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-            "on-conversation-updated" -> pure (Aeson.encode ())
-            "get-mls-clients" ->
-              pure
-                . Aeson.encode
-                . Set.singleton
-                $ ClientInfo (ciClient bob1) True
-            "claim-key-packages" -> pure . Aeson.encode $ kpb
-            ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
-    void . withTempMockFederator' mockedResponse $
+    let mock = receiveCommitMock [bob1] <|> welcomeMock <|> claimKeyPackagesMock kpb
+    void . withTempMockFederator' mock $
       sendAndConsumeCommit mp
 
     traverse_ consumeWelcome (mpWelcome mp)
@@ -1266,19 +1218,8 @@ testRemoteToLocalWrongConversation = do
     void $ setupMLSGroup alice1
     mp <- createAddCommit alice1 [bob]
 
-    let mockedResponse fedReq =
-          case frRPC fedReq of
-            "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-            "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-            "on-conversation-updated" -> pure (Aeson.encode ())
-            "get-mls-clients" ->
-              pure
-                . Aeson.encode
-                . Set.singleton
-                $ ClientInfo (ciClient bob1) True
-            ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
-    void . withTempMockFederator' mockedResponse $ sendAndConsumeCommit mp
+    let mock = receiveCommitMock [bob1] <|> welcomeMock
+    void . withTempMockFederator' mock $ sendAndConsumeCommit mp
     traverse_ consumeWelcome (mpWelcome mp)
     message <- createApplicationMessage bob1 "hello from another backend"
 
@@ -1636,19 +1577,7 @@ testBackendRemoveProposalLocalConvRemoteUser = do
     (_, qcnv) <- setupMLSGroup alice1
     commit <- createAddCommit alice1 [bob]
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "on-mls-message-sent" -> pure (Aeson.encode RemoteMLSMessageOk)
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True . ciClient)
-              $ [bob1, bob2]
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
+    let mock = receiveCommitMock [bob1, bob2] <|> welcomeMock <|> messageSentMock
     void . withTempMockFederator' mock $ do
       mlsBracket [alice1] $ \[wsA] -> do
         void $ sendAndConsumeCommit commit
@@ -1813,19 +1742,7 @@ testBackendRemoveProposalLocalConvRemoteLeaver = do
     (_, qcnv) <- setupMLSGroup alice1
     commit <- createAddCommit alice1 [bob]
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "on-mls-message-sent" -> pure (Aeson.encode RemoteMLSMessageOk)
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True . ciClient)
-              $ [bob1, bob2]
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
+    let mock = receiveCommitMock [bob1, bob2] <|> welcomeMock <|> messageSentMock
     bobClients <- getClientsFromGroupState alice1 bob
     void . withTempMockFederator' mock $ do
       mlsBracket [alice1] $ \[wsA] -> void $ do
@@ -1889,21 +1806,8 @@ testBackendRemoveProposalLocalConvRemoteClient = do
     (_, qcnv) <- setupMLSGroup alice1
     commit <- createAddCommit alice1 [bob]
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          "on-mls-message-sent" -> pure (Aeson.encode RemoteMLSMessageOk)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True)
-              $ [ciClient bob1]
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
     [(_, bob1KP)] <- getClientsFromGroupState alice1 bob
-
+    let mock = receiveCommitMock [bob1] <|> welcomeMock <|> messageSentMock
     void . withTempMockFederator' mock $ do
       mlsBracket [alice1] $ \[wsA] -> void $ do
         void $ sendAndConsumeCommit commit
@@ -1957,16 +1861,7 @@ testGetGroupInfoOfRemoteConv = do
     receiveOnConvUpdated qcnv alice bob
 
     let fakeGroupState = "\xde\xad\xbe\xef"
-    let mock req = case frRPC req of
-          "query-group-info" -> do
-            request <- either (assertFailure . ("Parse failure in query-group-info " <>)) pure (Aeson.eitherDecode (frBody req))
-            let uid = ggireqSender request
-            pure . Aeson.encode $
-              if uid == qUnqualified bob
-                then GetGroupInfoResponseState (Base64ByteString fakeGroupState)
-                else GetGroupInfoResponseError ConvNotFound
-          s -> error ("unmocked: " <> T.unpack s)
-
+    let mock = queryGroupStateMock fakeGroupState bob
     (_, reqs) <- withTempMockFederator' mock $ do
       res <-
         fmap responseBody $
@@ -1994,18 +1889,7 @@ testFederatedGetGroupInfo = do
     commit <- createAddCommit alice1 [bob]
     groupState <- assertJust (mpPublicGroupState commit)
 
-    let mock req = case frRPC req of
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True)
-              $ [ciClient bob1]
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
+    let mock = receiveCommitMock [bob1] <|> welcomeMock
     void . withTempMockFederator' mock $ do
       void $ sendAndConsumeCommitBundle commit
 
@@ -2080,9 +1964,7 @@ testAddUserToRemoteConvWithBundle = do
     commit <- createAddCommit bob1 [charlie]
     commitBundle <- createBundle commit
 
-    let mock req = case frRPC req of
-          "send-mls-commit-bundle" -> pure (Aeson.encode (MLSMessageResponseUpdates []))
-          s -> error ("unmocked: " <> T.unpack s)
+    let mock = "send-mls-commit-bundle" ~> MLSMessageResponseUpdates []
     (_, reqs) <- withTempMockFederator' mock $ do
       void $ sendAndConsumeCommitBundle commit
 
@@ -2109,20 +1991,9 @@ testRemoteUserPostsCommitBundle = do
     [alice1, bob1] <- traverse createMLSClient [alice, bob]
     (_, qcnv) <- setupMLSGroup alice1
 
-    let mock req = case frRPC req of
-          "on-conversation-updated" -> pure (Aeson.encode ())
-          "on-new-remote-conversation" -> pure (Aeson.encode EmptyResponse)
-          "get-mls-clients" ->
-            pure
-              . Aeson.encode
-              . Set.fromList
-              . map (flip ClientInfo True . ciClient)
-              $ [bob1]
-          "mls-welcome" -> pure (Aeson.encode MLSWelcomeSent)
-          ms -> assertFailure ("unmocked endpoint called: " <> cs ms)
-
     commit <- createAddCommit alice1 [bob]
-    void $
+    void $ do
+      let mock = receiveCommitMock [bob1] <|> welcomeMock
       withTempMockFederator' mock $ do
         void $ sendAndConsumeCommit commit
         putOtherMemberQualified (qUnqualified alice) bob (OtherMemberUpdate (Just roleNameWireAdmin)) qcnv
diff --git a/services/galley/test/integration/API/MLS/Mocks.hs b/services/galley/test/integration/API/MLS/Mocks.hs
new file mode 100644
index 0000000000..71d1dd6a7e
--- /dev/null
+++ b/services/galley/test/integration/API/MLS/Mocks.hs
@@ -0,0 +1,71 @@
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module API.MLS.Mocks
+  ( receiveCommitMock,
+    messageSentMock,
+    welcomeMock,
+    sendMessageMock,
+    claimKeyPackagesMock,
+    queryGroupStateMock,
+  )
+where
+
+import Data.Id
+import Data.Json.Util
+import Data.Qualified
+import qualified Data.Set as Set
+import Federator.MockServer
+import Imports
+import Wire.API.Error.Galley
+import Wire.API.Federation.API.Common
+import Wire.API.Federation.API.Galley
+import Wire.API.MLS.Credential
+import Wire.API.MLS.KeyPackage
+import Wire.API.User.Client
+
+receiveCommitMock :: [ClientIdentity] -> Mock LByteString
+receiveCommitMock clients =
+  asum
+    [ "on-conversation-updated" ~> (),
+      "on-new-remote-conversation" ~> EmptyResponse,
+      "get-mls-clients" ~>
+        Set.fromList
+          ( map (flip ClientInfo True . ciClient) clients
+          )
+    ]
+
+messageSentMock :: Mock LByteString
+messageSentMock = "on-mls-message-sent" ~> RemoteMLSMessageOk
+
+welcomeMock :: Mock LByteString
+welcomeMock = "mls-welcome" ~> MLSWelcomeSent
+
+sendMessageMock :: Mock LByteString
+sendMessageMock = "send-mls-message" ~> MLSMessageResponseUpdates []
+
+claimKeyPackagesMock :: KeyPackageBundle -> Mock LByteString
+claimKeyPackagesMock kpb = "claim-key-packages" ~> kpb
+
+queryGroupStateMock :: ByteString -> Qualified UserId -> Mock LByteString
+queryGroupStateMock gs qusr = do
+  guardRPC "query-group-info"
+  uid <- ggireqSender <$> getRequestBody
+  mockReply $
+    if uid == qUnqualified qusr
+      then GetGroupInfoResponseState (Base64ByteString gs)
+      else GetGroupInfoResponseError ConvNotFound
diff --git a/services/galley/test/integration/API/MessageTimer.hs b/services/galley/test/integration/API/MessageTimer.hs
index b464c0b0d8..4bc37d317f 100644
--- a/services/galley/test/integration/API/MessageTimer.hs
+++ b/services/galley/test/integration/API/MessageTimer.hs
@@ -32,7 +32,7 @@ import qualified Data.List1 as List1
 import Data.Misc
 import Data.Qualified
 import Data.Singletons
-import Federator.MockServer (FederatedRequest (..))
+import Federator.MockServer
 import Imports hiding (head)
 import Network.Wai.Utilities.Error
 import Test.Tasty
@@ -156,7 +156,7 @@ messageTimerChangeWithRemotes = do
 
   WS.bracketR c bob $ \wsB -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putMessageTimerUpdateQualified bob qconv (ConversationMessageTimerUpdate timer1sec)
           !!! const 200 === statusCode
 
diff --git a/services/galley/test/integration/API/Roles.hs b/services/galley/test/integration/API/Roles.hs
index b5ed4cb27c..72cb40b494 100644
--- a/services/galley/test/integration/API/Roles.hs
+++ b/services/galley/test/integration/API/Roles.hs
@@ -30,7 +30,7 @@ import qualified Data.List1 as List1
 import Data.Qualified
 import qualified Data.Set as Set
 import Data.Singletons
-import Federator.MockServer (FederatedRequest (..))
+import Federator.MockServer
 import Imports
 import Network.Wai.Utilities.Error
 import Test.Tasty
@@ -175,7 +175,7 @@ roleUpdateRemoteMember = do
 
   WS.bracketR c bob $ \wsB -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putOtherMemberQualified
           bob
           qcharlie
@@ -244,7 +244,7 @@ roleUpdateWithRemotes = do
 
   WS.bracketR2 c bob charlie $ \(wsB, wsC) -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putOtherMemberQualified
           bob
           qcharlie
@@ -303,7 +303,7 @@ accessUpdateWithRemotes = do
   let access = ConversationAccessData (Set.singleton CodeAccess) (Set.fromList [TeamMemberAccessRole, NonTeamMemberAccessRole, GuestAccessRole, ServiceAccessRole])
   WS.bracketR2 c bob charlie $ \(wsB, wsC) -> do
     (_, requests) <-
-      withTempMockFederator (const ()) $
+      withTempMockFederator' (mockReply ()) $
         putQualifiedAccessUpdate bob qconv access
           !!! const 200 === statusCode
 
diff --git a/services/galley/test/integration/API/Util.hs b/services/galley/test/integration/API/Util.hs
index 11255a97e0..12a928e19d 100644
--- a/services/galley/test/integration/API/Util.hs
+++ b/services/galley/test/integration/API/Util.hs
@@ -24,6 +24,7 @@ import Bilge.Assert
 import Bilge.TestSession
 import Brig.Types.Connection
 import Brig.Types.Intra (UserAccount (..))
+import Control.Applicative
 import Control.Concurrent.Async
 import Control.Exception (throw)
 import Control.Lens hiding (from, to, uncons, (#), (.=))
@@ -69,7 +70,7 @@ import Data.Time (getCurrentTime)
 import Data.Tuple.Extra
 import qualified Data.UUID as UUID
 import Data.UUID.V4
-import Federator.MockServer (FederatedRequest (..))
+import Federator.MockServer
 import qualified Federator.MockServer as Mock
 import GHC.TypeLits (KnownSymbol)
 import Galley.Intra.User (chunkify)
@@ -719,7 +720,7 @@ postConvWithRemoteUsers ::
   TestM (Response (Maybe LByteString))
 postConvWithRemoteUsers u n =
   fmap fst $
-    withTempMockFederator (const ()) $
+    withTempMockFederator' (mockReply ()) $
       postConvQualified u n {newConvName = setName (newConvName n)}
         <!! const 201
           === statusCode
@@ -839,12 +840,10 @@ postProteusMessageQualifiedWithMockFederator ::
   [(Qualified UserId, ClientId, ByteString)] ->
   ByteString ->
   ClientMismatchStrategy ->
-  (Domain -> ServerT (FedApi 'Brig) Handler) ->
-  (Domain -> ServerT (FedApi 'Galley) Handler) ->
+  Mock LByteString ->
   TestM (ResponseLBS, [FederatedRequest])
-postProteusMessageQualifiedWithMockFederator senderUser senderClient convId recipients dat strat brigApi galleyApi = do
-  localDomain <- viewFederationDomain
-  withTempServantMockFederator brigApi galleyApi localDomain $
+postProteusMessageQualifiedWithMockFederator senderUser senderClient convId recipients dat strat mock =
+  withTempMockFederator' mock $
     postProteusMessageQualified senderUser senderClient convId recipients dat strat
 
 postProteusMessageQualified ::
@@ -2572,48 +2571,21 @@ mkProfile quid name =
 
 -- | Run the given action on a temporary galley instance with access to a mock
 -- federator.
---
--- The `resp :: FederatedRequest -> a` argument can be used to provide a fake
--- federator response (of an arbitrary JSON-serialisable type a) for every
--- expected request.
-withTempMockFederator ::
-  ToJSON a =>
-  (FederatedRequest -> a) ->
-  TestM b ->
-  TestM (b, [FederatedRequest])
-withTempMockFederator resp = withTempMockFederator' $ pure . encode . resp
-
 withTempMockFederator' ::
   (MonadIO m, MonadMask m, HasSettingsOverrides m) =>
-  (FederatedRequest -> IO LByteString) ->
+  Mock LByteString ->
   m b ->
   m (b, [FederatedRequest])
 withTempMockFederator' resp action = do
+  let mock = runMock (assertFailure . Text.unpack) $ do
+        r <- resp
+        pure ("application" // "json", r)
   Mock.withTempMockFederator
     [("Content-Type", "application/json")]
-    ((\r -> pure ("application" // "json", r)) <=< resp)
+    mock
     $ \mockPort -> do
       withSettingsOverrides (\opts -> opts & Opts.optFederator ?~ Endpoint "127.0.0.1" (fromIntegral mockPort)) action
 
--- Start a mock federator. Use provided Servant handler for the mocking function.
-withTempServantMockFederator ::
-  (Domain -> ServerT (FedApi 'Brig) Handler) ->
-  (Domain -> ServerT (FedApi 'Galley) Handler) ->
-  Domain ->
-  TestM b ->
-  TestM (b, [FederatedRequest])
-withTempServantMockFederator brigApi galleyApi originDomain =
-  withTempMockFederator' mock
-  where
-    server :: Domain -> ServerT CombinedBrigAndGalleyAPI Handler
-    server d = brigApi d :<|> galleyApi d
-
-    mock :: FederatedRequest -> IO LByteString
-    mock req =
-      makeFedRequestToServant @CombinedBrigAndGalleyAPI originDomain (server (frTargetDomain req)) req
-
-type CombinedBrigAndGalleyAPI = FedApi 'Brig :<|> FedApi 'Galley
-
 -- Starts a servant Application in Network.Wai.Test session and runs the
 -- FederatedRequest against it.
 makeFedRequestToServant ::
@@ -2772,28 +2744,10 @@ checkTimeout = 3 # Second
 
 -- | The function is used in conjuction with 'withTempMockFederator' to mock
 -- responses by Brig on the mocked side of federation.
-mockedFederatedBrigResponse :: [(Qualified UserId, Text)] -> FederatedRequest -> Maybe Value
-mockedFederatedBrigResponse users req
-  | frComponent req == Brig =
-      Just . toJSON $ [mkProfile mem (Name name) | (mem, name) <- users]
-  | otherwise = Nothing
-
--- | Combine two mocked services such that for a given request a JSON response
--- is produced.
-joinMockedFederatedResponses ::
-  (FederatedRequest -> Maybe Value) ->
-  (FederatedRequest -> Maybe Value) ->
-  FederatedRequest ->
-  Value
-joinMockedFederatedResponses service1 service2 req =
-  fromMaybe (toJSON ()) (service1 req <|> service2 req)
-
--- | Only Brig is mocked.
-onlyMockedFederatedBrigResponse :: [(Qualified UserId, Text)] -> FederatedRequest -> Value
-onlyMockedFederatedBrigResponse users =
-  joinMockedFederatedResponses
-    (mockedFederatedBrigResponse users)
-    (const Nothing)
+mockedFederatedBrigResponse :: [(Qualified UserId, Text)] -> Mock LByteString
+mockedFederatedBrigResponse users = do
+  guardComponent Brig
+  mockReply [mkProfile mem (Name name) | (mem, name) <- users]
 
 fedRequestsForDomain :: HasCallStack => Domain -> Component -> [FederatedRequest] -> [FederatedRequest]
 fedRequestsForDomain domain component =

From 7922ccce9fbe6588f49e82b5645d0aaea9110038 Mon Sep 17 00:00:00 2001
From: zebot <backend+zebot@wire.com>
Date: Wed, 25 Jan 2023 15:40:23 +0100
Subject: [PATCH 33/38] chore: [charts] Update webapp version (#3011)

Co-authored-by: Zebot <zebot@users.noreply.github.com>
---
 changelog.d/0-release-notes/webapp-upgrade | 1 +
 charts/webapp/values.yaml                  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/0-release-notes/webapp-upgrade

diff --git a/changelog.d/0-release-notes/webapp-upgrade b/changelog.d/0-release-notes/webapp-upgrade
new file mode 100644
index 0000000000..60904d9252
--- /dev/null
+++ b/changelog.d/0-release-notes/webapp-upgrade
@@ -0,0 +1 @@
+Upgrade webapp version to 2023-01-24-production.0-v0.31.9-0-17b742f
diff --git a/charts/webapp/values.yaml b/charts/webapp/values.yaml
index 8fd730fb42..015b109ada 100644
--- a/charts/webapp/values.yaml
+++ b/charts/webapp/values.yaml
@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/webapp
-  tag: "2022-12-19-production.0-v0.31.9-0-6b2f2bf"
+  tag: "2023-01-24-production.0-v0.31.9-0-17b742f"
 service:
   https:
     externalPort: 443

From 589a0274b03c5075ac3a3973fd962356ed1a9ceb Mon Sep 17 00:00:00 2001
From: Stefan Matting <smatting@users.noreply.github.com>
Date: Thu, 26 Jan 2023 11:32:01 +0100
Subject: [PATCH 34/38] Github Workflow: dont use environment for secrets
 (#3021)

---
 .github/workflows/ci.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e1b40c398d..707b353c19 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,6 @@ on:
 jobs:
   treefmt:
    name: Run treefmt
-   environment: cachix # for secrets
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
@@ -25,7 +24,6 @@ jobs:
 
   build-docs:
     name: Build docs
-    environment: cachix
     runs-on: ubuntu-latest
     permissions:
       id-token: write

From e345ca3f093fa84d2ecef9e7a6b3095628b5e544 Mon Sep 17 00:00:00 2001
From: Lucendio <github+dev@lucendio.com>
Date: Thu, 26 Jan 2023 12:58:34 +0100
Subject: [PATCH 35/38] charts/galley/configmap: remove duplicate feature flag
 searchVisibilityInbound (#3026)

Accidentally introduced in https://github.com/wireapp/wire-server/pull/2494
---
 charts/galley/templates/configmap.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/charts/galley/templates/configmap.yaml b/charts/galley/templates/configmap.yaml
index a761fb24fd..9962452b0c 100644
--- a/charts/galley/templates/configmap.yaml
+++ b/charts/galley/templates/configmap.yaml
@@ -111,10 +111,6 @@ data:
         conversationGuestLinks:
           {{- toYaml .settings.featureFlags.conversationGuestLinks | nindent 10 }}
         {{- end }}
-        {{- if .settings.featureFlags.searchVisibilityInbound }}
-        searchVisibilityInbound:
-          {{- toYaml .settings.featureFlags.searchVisibilityInbound | nindent 10 }}
-        {{- end }}
         {{- if .settings.featureFlags.mls }}
         mls:
           {{- toYaml .settings.featureFlags.mls | nindent 10 }}

From 0e16249f5b0cc8869afdf37a984295e4c6b0df6e Mon Sep 17 00:00:00 2001
From: jschaul <jschaul@users.noreply.github.com>
Date: Thu, 26 Jan 2023 14:29:19 +0100
Subject: [PATCH 36/38] document helm chart upgrades after k8s version upgrades
 (#3019)

* document helm chart upgrades after k8s version upgrades

* Update docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md

Co-authored-by: Leif Battermann <leif.battermann@wire.com>
---
 .../0-release-notes/chart-compatibility       | 17 ++++++++++++++-
 .../kubernetes/upgrade-cluster/index.md       | 21 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/changelog.d/0-release-notes/chart-compatibility b/changelog.d/0-release-notes/chart-compatibility
index 54bf8bf8d0..bd4607c00d 100644
--- a/changelog.d/0-release-notes/chart-compatibility
+++ b/changelog.d/0-release-notes/chart-compatibility
@@ -1 +1,16 @@
-wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but keep being compatible with older versions of kubernetes).
+wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but remain compatible with older versions of kubernetes).
+
+If you upgrade to this version of helm charts and/or you upgrade your version of kubernetes while wire-server is deployed, you may find that `helm update` or `helmfile apply/sync` gives an error like this:
+
+> Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Ingress" in version "extensions/v1beta1"
+
+In which case you can use the [helm mapkubeapis plugin](https://github.com/helm/helm-mapkubeapis) to upgrade an existing release with the following command:
+
+```sh
+# install plugin version 0.1.0 (more recent may not work)
+helm plugin install --version v0.1.0 https://github.com/helm/helm-mapkubeapis
+# adjust helm release name and namespace as required
+helm mapkubeapis --namespace wire nginx-ingress-services
+```
+
+Alternatively, if a few minutes of downtime are not a problem; you can `helm delete` a release and re-install it again, which will work without the above plugin.
diff --git a/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md b/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
index 739ae7ee2c..062e99ceb8 100644
--- a/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
+++ b/docs/src/how-to/administrate/kubernetes/upgrade-cluster/index.md
@@ -73,3 +73,24 @@ the components, and draining/uncordon nodes.
 ## Kubeadm
 
 Please refer to the *official documentation:* [Upgrading kubeadm clusters](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/)
+
+# Troubleshooting problems arising after kubernetes cluster upgrades
+
+## Helm and kubernetes API changes
+
+If you upgrade to new versions of kubernetes while wire-server is deployed, you may find that after that version update, deploying a new version of wire-server or nginx-ingress-services (or another helm chart we provide) using `helm update` or `helmfile apply/sync` gives an error like this:
+
+> Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Ingress" in version "extensions/v1beta1"
+
+What's happening here is that some [deprecated](https://kubernetes.io/docs/reference/using-api/deprecation-guide/)  kubernetes API versions may potentially have been removed. While we strive to keep maximum compatibility of kubernetes versions in our helm charts, that's not sufficient when doing k8s upgrades while wire-server helm charts are in use: you need to tell a helm release about the difference in API version.
+
+In which case you can use the [helm mapkubeapis plugin](https://github.com/helm/helm-mapkubeapis) to upgrade an existing release with the following command:
+
+```sh
+# install plugin version 0.1.0 (more recent may not work)
+helm plugin install --version v0.1.0 https://github.com/helm/helm-mapkubeapis
+# adjust helm release name and namespace as required
+helm mapkubeapis --namespace wire nginx-ingress-services
+```
+
+Alternatively, if a few minutes of downtime are not a problem; you can `helm delete` a release and re-install it again, which will work without the above plugin.

From 24d754cd641f6df36e9c4438347149b81ef18f95 Mon Sep 17 00:00:00 2001
From: Zebot <zebot@users.noreply.github.com>
Date: Thu, 26 Jan 2023 14:27:01 +0000
Subject: [PATCH 37/38] Add changelog for Release 2023-01-26

---
 CHANGELOG.md                                  | 77 +++++++++++++++++++
 .../0-release-notes/chart-compatibility       | 16 ----
 .../0-release-notes/team-settings-upgrade     |  1 -
 changelog.d/0-release-notes/webapp-upgrade    |  1 -
 .../1-api-changes/get-conversation-v3-leak    |  1 -
 changelog.d/3-bug-fixes/pr-2968               |  1 -
 .../update-inbucket-chart-dependency          |  1 -
 changelog.d/4-docs/copybutton                 |  1 -
 .../4-docs/hook-fedcalls-into-api-docs        |  1 -
 changelog.d/4-docs/pr-2973                    |  1 -
 .../5-internal/k8ssandra-cluster-helm-chart   |  1 -
 changelog.d/5-internal/kind-fix               |  1 -
 .../5-internal/makefile-kind-restart-all      |  1 -
 changelog.d/5-internal/mock-utilities         |  1 -
 changelog.d/5-internal/pr-2694                |  1 -
 changelog.d/5-internal/pr-2965                |  1 -
 changelog.d/5-internal/pr-2991                |  1 -
 changelog.d/5-internal/pr-3017                |  1 -
 changelog.d/5-internal/refactor-writetime     |  1 -
 changelog.d/5-internal/restructure-docs       |  1 -
 changelog.d/5-internal/sqservices-1848        |  1 -
 21 files changed, 77 insertions(+), 35 deletions(-)
 delete mode 100644 changelog.d/0-release-notes/chart-compatibility
 delete mode 100644 changelog.d/0-release-notes/team-settings-upgrade
 delete mode 100644 changelog.d/0-release-notes/webapp-upgrade
 delete mode 100644 changelog.d/1-api-changes/get-conversation-v3-leak
 delete mode 100644 changelog.d/3-bug-fixes/pr-2968
 delete mode 100644 changelog.d/3-bug-fixes/update-inbucket-chart-dependency
 delete mode 100644 changelog.d/4-docs/copybutton
 delete mode 100644 changelog.d/4-docs/hook-fedcalls-into-api-docs
 delete mode 100644 changelog.d/4-docs/pr-2973
 delete mode 100644 changelog.d/5-internal/k8ssandra-cluster-helm-chart
 delete mode 100644 changelog.d/5-internal/kind-fix
 delete mode 100644 changelog.d/5-internal/makefile-kind-restart-all
 delete mode 100644 changelog.d/5-internal/mock-utilities
 delete mode 100644 changelog.d/5-internal/pr-2694
 delete mode 100644 changelog.d/5-internal/pr-2965
 delete mode 100644 changelog.d/5-internal/pr-2991
 delete mode 100644 changelog.d/5-internal/pr-3017
 delete mode 100644 changelog.d/5-internal/refactor-writetime
 delete mode 100644 changelog.d/5-internal/restructure-docs
 delete mode 100644 changelog.d/5-internal/sqservices-1848

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c35bd5ca66..236cd9db33 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,80 @@
+# [2023-01-26] (Chart Release 4.31.0)
+
+## Release notes
+
+
+* wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but remain compatible with older versions of kubernetes).
+
+  If you upgrade to this version of helm charts and/or you upgrade your version of kubernetes while wire-server is deployed, you may find that `helm update` or `helmfile apply/sync` gives an error like this:
+
+  > Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Ingress" in version "extensions/v1beta1"
+
+  In which case you can use the [helm mapkubeapis plugin](https://github.com/helm/helm-mapkubeapis) to upgrade an existing release with the following command:
+
+  ```sh
+  # install plugin version 0.1.0 (more recent may not work)
+  helm plugin install --version v0.1.0 https://github.com/helm/helm-mapkubeapis
+  # adjust helm release name and namespace as required
+  helm mapkubeapis --namespace wire nginx-ingress-services
+  ```
+
+  Alternatively, if a few minutes of downtime are not a problem; you can `helm delete` a release and re-install it again, which will work without the above plugin. (#3002)
+
+* Upgrade team-settings version to 4.14.0-v0.31.9-0-bf82b46 (#2180)
+
+* Upgrade webapp version to 2023-01-24-production.0-v0.31.9-0-17b742f (#2302)
+
+
+## API changes
+
+
+* The unqualified `GET /conversations/:id` endpoint has been removed from API v3, and is restored to the previous behaviour of returning a Conversation using the v2 schema. Similarly, its qualified counterpart `GET /conversations/:domain/:id` now returns a v2 Conversation when accessed through API v2. (#2992)
+
+
+## Bug fixes and other updates
+
+
+* Fix pagination in team user search (make search key unique) (#2968)
+
+* Update `inbucket` (fake smtp server) chart dependency: The prior version relied on an image that has been removed from docker hub. Thus, our own `inbucket` chart could not be deployed anymore. (#2998)
+
+
+## Documentation
+
+
+* Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier. (#PR_NOT_FOUND)
+
+* Hook federated API call documentation into docs.wire.com (manually). (#2988)
+
+* Tool for dumping fed call graphs (dot/graphviz and csv); see README for details (#2973)
+
+
+## Internal changes
+
+
+* Add Helm chart to configure clusters managed by k8ssandra-operator for test environments. (#2981)
+
+* Fix kind setup for running end-to-end federation tests locally. (#3008)
+
+* Fix Makefile target kind-restart-all. (#3015)
+
+* Add combinators for creating mocked federator responses in integration tests (#3014)
+
+* Add two integration tests arounds last prekeys (#2694)
+
+* Fix `make clean` (#2965, #2978)
+
+* Make ID tags more readable by expanding abbreviations to full names. (#2991)
+
+* Unused old swagger code removed from stern and team features (#3017)
+
+* Refactor Writetime from Int64 to wrapper of UTCTime (#2994)
+
+* Restructure docs.wire.com (#2986)
+
+* Fixed flaky team user search integration test (#2996)
+
+
 # [2023-01-12] (Chart Release 4.30.0)
 
 ## Release notes
diff --git a/changelog.d/0-release-notes/chart-compatibility b/changelog.d/0-release-notes/chart-compatibility
deleted file mode 100644
index bd4607c00d..0000000000
--- a/changelog.d/0-release-notes/chart-compatibility
+++ /dev/null
@@ -1,16 +0,0 @@
-wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but remain compatible with older versions of kubernetes).
-
-If you upgrade to this version of helm charts and/or you upgrade your version of kubernetes while wire-server is deployed, you may find that `helm update` or `helmfile apply/sync` gives an error like this:
-
-> Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Ingress" in version "extensions/v1beta1"
-
-In which case you can use the [helm mapkubeapis plugin](https://github.com/helm/helm-mapkubeapis) to upgrade an existing release with the following command:
-
-```sh
-# install plugin version 0.1.0 (more recent may not work)
-helm plugin install --version v0.1.0 https://github.com/helm/helm-mapkubeapis
-# adjust helm release name and namespace as required
-helm mapkubeapis --namespace wire nginx-ingress-services
-```
-
-Alternatively, if a few minutes of downtime are not a problem; you can `helm delete` a release and re-install it again, which will work without the above plugin.
diff --git a/changelog.d/0-release-notes/team-settings-upgrade b/changelog.d/0-release-notes/team-settings-upgrade
deleted file mode 100644
index 1168c3ea44..0000000000
--- a/changelog.d/0-release-notes/team-settings-upgrade
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade team-settings version to 4.14.0-v0.31.9-0-bf82b46
diff --git a/changelog.d/0-release-notes/webapp-upgrade b/changelog.d/0-release-notes/webapp-upgrade
deleted file mode 100644
index 60904d9252..0000000000
--- a/changelog.d/0-release-notes/webapp-upgrade
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade webapp version to 2023-01-24-production.0-v0.31.9-0-17b742f
diff --git a/changelog.d/1-api-changes/get-conversation-v3-leak b/changelog.d/1-api-changes/get-conversation-v3-leak
deleted file mode 100644
index 8f5f313314..0000000000
--- a/changelog.d/1-api-changes/get-conversation-v3-leak
+++ /dev/null
@@ -1 +0,0 @@
-The unqualified `GET /conversations/:id` endpoint has been removed from API v3, and is restored to the previous behaviour of returning a Conversation using the v2 schema. Similarly, its qualified counterpart `GET /conversations/:domain/:id` now returns a v2 Conversation when accessed through API v2.
diff --git a/changelog.d/3-bug-fixes/pr-2968 b/changelog.d/3-bug-fixes/pr-2968
deleted file mode 100644
index e32c978a07..0000000000
--- a/changelog.d/3-bug-fixes/pr-2968
+++ /dev/null
@@ -1 +0,0 @@
-Fix pagination in team user search (make search key unique)
diff --git a/changelog.d/3-bug-fixes/update-inbucket-chart-dependency b/changelog.d/3-bug-fixes/update-inbucket-chart-dependency
deleted file mode 100644
index 63ae2c40a9..0000000000
--- a/changelog.d/3-bug-fixes/update-inbucket-chart-dependency
+++ /dev/null
@@ -1 +0,0 @@
-Update `inbucket` (fake smtp server) chart dependency: The prior version relied on an image that has been removed from docker hub. Thus, our own `inbucket` chart could not be deployed anymore.
diff --git a/changelog.d/4-docs/copybutton b/changelog.d/4-docs/copybutton
deleted file mode 100644
index cef39536e5..0000000000
--- a/changelog.d/4-docs/copybutton
+++ /dev/null
@@ -1 +0,0 @@
-Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier.
diff --git a/changelog.d/4-docs/hook-fedcalls-into-api-docs b/changelog.d/4-docs/hook-fedcalls-into-api-docs
deleted file mode 100644
index 2a6d02a8a3..0000000000
--- a/changelog.d/4-docs/hook-fedcalls-into-api-docs
+++ /dev/null
@@ -1 +0,0 @@
-Hook federated API call documentation into docs.wire.com (manually).
diff --git a/changelog.d/4-docs/pr-2973 b/changelog.d/4-docs/pr-2973
deleted file mode 100644
index 89fbeb8be6..0000000000
--- a/changelog.d/4-docs/pr-2973
+++ /dev/null
@@ -1 +0,0 @@
-Tool for dumping fed call graphs (dot/graphviz and csv); see README for details
\ No newline at end of file
diff --git a/changelog.d/5-internal/k8ssandra-cluster-helm-chart b/changelog.d/5-internal/k8ssandra-cluster-helm-chart
deleted file mode 100644
index ce269c8ef6..0000000000
--- a/changelog.d/5-internal/k8ssandra-cluster-helm-chart
+++ /dev/null
@@ -1 +0,0 @@
-Add Helm chart to configure clusters managed by k8ssandra-operator for test environments.
diff --git a/changelog.d/5-internal/kind-fix b/changelog.d/5-internal/kind-fix
deleted file mode 100644
index 2b7d9f1b3b..0000000000
--- a/changelog.d/5-internal/kind-fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix kind setup for running end-to-end federation tests locally.
\ No newline at end of file
diff --git a/changelog.d/5-internal/makefile-kind-restart-all b/changelog.d/5-internal/makefile-kind-restart-all
deleted file mode 100644
index 899efa0d8e..0000000000
--- a/changelog.d/5-internal/makefile-kind-restart-all
+++ /dev/null
@@ -1 +0,0 @@
-Fix Makefile target kind-restart-all.
diff --git a/changelog.d/5-internal/mock-utilities b/changelog.d/5-internal/mock-utilities
deleted file mode 100644
index 1c08e75164..0000000000
--- a/changelog.d/5-internal/mock-utilities
+++ /dev/null
@@ -1 +0,0 @@
-Add combinators for creating mocked federator responses in integration tests
diff --git a/changelog.d/5-internal/pr-2694 b/changelog.d/5-internal/pr-2694
deleted file mode 100644
index 7bd6984179..0000000000
--- a/changelog.d/5-internal/pr-2694
+++ /dev/null
@@ -1 +0,0 @@
-Add two integration tests arounds last prekeys
diff --git a/changelog.d/5-internal/pr-2965 b/changelog.d/5-internal/pr-2965
deleted file mode 100644
index 9dffecdd84..0000000000
--- a/changelog.d/5-internal/pr-2965
+++ /dev/null
@@ -1 +0,0 @@
-Fix `make clean` (#2965, #2978)
diff --git a/changelog.d/5-internal/pr-2991 b/changelog.d/5-internal/pr-2991
deleted file mode 100644
index 150d50cf30..0000000000
--- a/changelog.d/5-internal/pr-2991
+++ /dev/null
@@ -1 +0,0 @@
-Make ID tags more readable by expanding abbreviations to full names.
diff --git a/changelog.d/5-internal/pr-3017 b/changelog.d/5-internal/pr-3017
deleted file mode 100644
index 7d9245d71d..0000000000
--- a/changelog.d/5-internal/pr-3017
+++ /dev/null
@@ -1 +0,0 @@
-Unused old swagger code removed from stern and team features
diff --git a/changelog.d/5-internal/refactor-writetime b/changelog.d/5-internal/refactor-writetime
deleted file mode 100644
index fb0f680472..0000000000
--- a/changelog.d/5-internal/refactor-writetime
+++ /dev/null
@@ -1 +0,0 @@
-Refactor Writetime from Int64 to wrapper of UTCTime
diff --git a/changelog.d/5-internal/restructure-docs b/changelog.d/5-internal/restructure-docs
deleted file mode 100644
index f9c770a9cc..0000000000
--- a/changelog.d/5-internal/restructure-docs
+++ /dev/null
@@ -1 +0,0 @@
-Restructure docs.wire.com
diff --git a/changelog.d/5-internal/sqservices-1848 b/changelog.d/5-internal/sqservices-1848
deleted file mode 100644
index ed89235a80..0000000000
--- a/changelog.d/5-internal/sqservices-1848
+++ /dev/null
@@ -1 +0,0 @@
-Fixed flaky team user search integration test

From 13640b5d89a114ac8172a078b9dd3a01680abdb0 Mon Sep 17 00:00:00 2001
From: Sven Tennie <sven.tennie@wire.com>
Date: Thu, 26 Jan 2023 15:38:43 +0100
Subject: [PATCH 38/38] Fix CHANGELOG.md

Add missing pull request (PR) id.
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 236cd9db33..f5014c421e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,7 +42,7 @@
 ## Documentation
 
 
-* Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier. (#PR_NOT_FOUND)
+* Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier. (#2900)
 
 * Hook federated API call documentation into docs.wire.com (manually). (#2988)