From f2d2c04ffab984c73f5e1b1ee8058c9fcfe0df4c Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Fri, 11 Oct 2024 16:07:45 -0400
Subject: [PATCH 01/53] Fix docs issues that break Docusaurus builds (#47491)

Backports #47471

- Add index pages to top-level docs sections. These pages do not appear
  in the sidebar of the current docs engine, but are required for the
  Docusaurus site to render properly. We can build them into fully
  developed introductory pages in subsequent changes.
---
 docs/pages/admin-guides/admin-guides.mdx               | 6 ++++++
 docs/pages/connect-your-client/connect-your-client.mdx | 6 ++++++
 docs/pages/enroll-resources/enroll-resources.mdx       | 6 ++++++
 docs/pages/reference/reference.mdx                     | 6 ++++++
 4 files changed, 24 insertions(+)
 create mode 100644 docs/pages/admin-guides/admin-guides.mdx
 create mode 100644 docs/pages/connect-your-client/connect-your-client.mdx
 create mode 100644 docs/pages/enroll-resources/enroll-resources.mdx
 create mode 100644 docs/pages/reference/reference.mdx

diff --git a/docs/pages/admin-guides/admin-guides.mdx b/docs/pages/admin-guides/admin-guides.mdx
new file mode 100644
index 0000000000000..6ee7b110f6d83
--- /dev/null
+++ b/docs/pages/admin-guides/admin-guides.mdx
@@ -0,0 +1,6 @@
+---
+title: Teleport Admin Guides
+description: Provides step-by-step instructions for completing administrative tasks in Teleport.
+---
+
+(!toc!)
diff --git a/docs/pages/connect-your-client/connect-your-client.mdx b/docs/pages/connect-your-client/connect-your-client.mdx
new file mode 100644
index 0000000000000..844e0a9d842dc
--- /dev/null
+++ b/docs/pages/connect-your-client/connect-your-client.mdx
@@ -0,0 +1,6 @@
+---
+title: Teleport User Guides
+description: Provides instructions to help users connect to infrastructure resources with Teleport.
+---
+
+(!toc!)
diff --git a/docs/pages/enroll-resources/enroll-resources.mdx b/docs/pages/enroll-resources/enroll-resources.mdx
new file mode 100644
index 0000000000000..6d0f6ab1192d4
--- /dev/null
+++ b/docs/pages/enroll-resources/enroll-resources.mdx
@@ -0,0 +1,6 @@
+---
+title: Enrolling Teleport Resources
+description: Provides step-by-step instructions for enrolling servers, databases, and other infrastructure resources with your Teleport cluster.
+---
+
+(!toc!)
diff --git a/docs/pages/reference/reference.mdx b/docs/pages/reference/reference.mdx
new file mode 100644
index 0000000000000..6b28695deeb91
--- /dev/null
+++ b/docs/pages/reference/reference.mdx
@@ -0,0 +1,6 @@
+---
+title: Teleport Reference Guides
+description: Provides comprehensive information on configuration fields, Teleport commands, and other ways of interacting with Teleport.
+---
+
+(!toc!)

From 90f1479c1669e3198231be2dd84b3c7e6523ebfe Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Mon, 14 Oct 2024 07:35:37 -0600
Subject: [PATCH 02/53] tctl: add a --with-secrets flag to tctl tokens ls
 (#47547)

Show the "safe name" for tokens by default, which is the name of
the token for non-sensitive join tokens, and a redacted version
of the name for shared secret tokens.

Note: for --format=json or --format=yaml we currently maintain
the original behavior (always show the raw token contents).
The tctl get tokens command has also not been touched - it
continues to return the raw token resource from the backend.

Updates #47254
---
 tool/tctl/common/token_command.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/tool/tctl/common/token_command.go b/tool/tctl/common/token_command.go
index d096dd5a440e2..0eac663eef2cd 100644
--- a/tool/tctl/common/token_command.go
+++ b/tool/tctl/common/token_command.go
@@ -60,6 +60,8 @@ Use this token to add an MDM service to Teleport.
 type TokensCommand struct {
 	config *servicecfg.Config
 
+	withSecrets bool
+
 	// format is the output format, e.g. text or json
 	format string
 
@@ -134,6 +136,7 @@ func (c *TokensCommand) Initialize(app *kingpin.Application, config *servicecfg.
 	// "tctl tokens ls"
 	c.tokenList = tokens.Command("ls", "List node and user invitation tokens.")
 	c.tokenList.Flag("format", "Output format, 'text', 'json' or 'yaml'").EnumVar(&c.format, formats...)
+	c.tokenList.Flag("with-secrets", "Do not redact join tokens").BoolVar(&c.withSecrets)
 
 	if c.stdout == nil {
 		c.stdout = os.Stdout
@@ -382,6 +385,11 @@ func (c *TokensCommand) List(ctx context.Context, client *authclient.Client) err
 	// Sort by expire time.
 	sort.Slice(tokens, func(i, j int) bool { return tokens[i].Expiry().Unix() < tokens[j].Expiry().Unix() })
 
+	nameFunc := (types.ProvisionToken).GetSafeName
+	if c.withSecrets {
+		nameFunc = (types.ProvisionToken).GetName
+	}
+
 	switch c.format {
 	case teleport.JSON:
 		err := utils.WriteJSONArray(c.stdout, tokens)
@@ -395,7 +403,7 @@ func (c *TokensCommand) List(ctx context.Context, client *authclient.Client) err
 		}
 	case teleport.Text:
 		for _, token := range tokens {
-			fmt.Fprintln(c.stdout, token.GetName())
+			fmt.Fprintln(c.stdout, nameFunc(token))
 		}
 	default:
 		tokensView := func() string {
@@ -403,12 +411,12 @@ func (c *TokensCommand) List(ctx context.Context, client *authclient.Client) err
 			now := time.Now()
 			for _, t := range tokens {
 				expiry := "never"
-				if !t.Expiry().IsZero() {
+				if !t.Expiry().IsZero() && t.Expiry().Unix() != 0 {
 					exptime := t.Expiry().Format(time.RFC822)
 					expdur := t.Expiry().Sub(now).Round(time.Second)
 					expiry = fmt.Sprintf("%s (%s)", exptime, expdur.String())
 				}
-				table.AddRow([]string{t.GetName(), t.GetRoles().String(), printMetadataLabels(t.GetMetadata().Labels), expiry})
+				table.AddRow([]string{nameFunc(t), t.GetRoles().String(), printMetadataLabels(t.GetMetadata().Labels), expiry})
 			}
 			return table.AsBuffer().String()
 		}

From 3f39c0d9ea827916368af8a9842402f164f29b5b Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 14 Oct 2024 19:18:30 -0400
Subject: [PATCH 03/53] [v14] docs: include description as optional field for
 app config reference (#47537)

* docs: include description as optional field for app config reference

* docs: include amazon linux 2023 in supported enhanced logging
---
 .../server-access/guides/bpf-session-recording.mdx              | 2 +-
 docs/pages/includes/config-reference/app-service.yaml           | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx b/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx
index 8a05e1b4cefc2..eef05d0216272 100644
--- a/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx
+++ b/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx
@@ -88,7 +88,7 @@ Teleport supports enhanced session recording with BPF on `amd64` and `arm64` arc
 | Fedora                  | 33             | 5.8+           |
 | Arch Linux              | 2020.09.01     | 5.8.5+         |
 | Flatcar                 | 2765.2.2       | 5.10.25+       |
-| Amazon Linux            | 2              | 5.10+          |
+| Amazon Linux            | 2 and 2023     | 5.10+          |
 
 - (!docs/pages/includes/tctl.mdx!)
 
diff --git a/docs/pages/includes/config-reference/app-service.yaml b/docs/pages/includes/config-reference/app-service.yaml
index 079c1d7379528..b3e7b12edf0f8 100644
--- a/docs/pages/includes/config-reference/app-service.yaml
+++ b/docs/pages/includes/config-reference/app-service.yaml
@@ -22,6 +22,8 @@ app_service:
       # Optional: For access to cloud provider APIs, specify the cloud
       # provider. Allowed values are "AWS", "Azure", and "GCP".
       cloud: ""
+      # Optional: Free-form description of the application.
+      description: "Kubernetes Dashboard to development cluster"
       # URI of Application. For TCP applications
       # use tcp, ex: tcp://localhost:5432.
       uri: "http://10.0.1.27:8000"

From bf8b4eab634f2ec34df05986d48fef05b762851e Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Tue, 15 Oct 2024 07:48:15 -0600
Subject: [PATCH 04/53] Fix active session filtering for legacy sessions
 (#47562)

This code never worked correctly, but mostly went unnoticed because
it is only triggered when using legacy roles prior to RoleV5.

Prior to moderated sessions, RBAC for viewing active sessions was
based on whether or not you could join a session as the OS login
that is being used, along with a pseudo-resource of kind "ssh_session".

With moderated sessions we introduced more flexible RBAC semantics
that allow you to join sessions in different modes (peer, observer,
moderator), even if you don't actually have permission to start
sessions.

In #11223 we decided that we need to support both types of RBAC checks
(legacy checks against the "ssh_session" resource, and newer checks
against the session_tracker and join_sessions policies). The code that
was doing the legacy checks was flawed for two reasons:

1. It used (types.SessionTracker).GetKind() (which will always be
   "session_tracker") instead of
   (types.SessionTracker).GetSessionKind().
2. When checking whether the session was SSH, it was checking for
   the legacy "ssh_session" value, instead of the "ssh" value that
   session trackers actually use.
---
 api/types/constants.go           |  5 ++++-
 api/types/session_tracker.go     |  5 +++++
 lib/auth/auth_with_roles.go      | 10 ++++-----
 lib/auth/auth_with_roles_test.go | 36 +++++++++++++++++++++++++++++++-
 4 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/api/types/constants.go b/api/types/constants.go
index 23e733a1d99db..66ea9bbb614a2 100644
--- a/api/types/constants.go
+++ b/api/types/constants.go
@@ -106,7 +106,10 @@ const (
 	// KindSession is a recorded SSH session.
 	KindSession = "session"
 
-	// KindSSHSession is an active SSH session.
+	// KindSSHSession represents an active SSH session in early versions of Teleport
+	// prior to the introduction of moderated sessions. Note that ssh_session is not
+	// a "real" resource, and it is never used as the "session kind" value in the
+	// session_tracker resource.
 	KindSSHSession = "ssh_session"
 
 	// KindWebSession is a web session resource
diff --git a/api/types/session_tracker.go b/api/types/session_tracker.go
index 2d205ca31e8ff..8574c092db114 100644
--- a/api/types/session_tracker.go
+++ b/api/types/session_tracker.go
@@ -28,7 +28,12 @@ import (
 // SessionKind is a type of session.
 type SessionKind string
 
+// These represent the possible values for the kind field in session trackers.
 const (
+	// SSHSessionKind is the kind used for session tracking with the
+	// session_tracker resource used in Teleport 9+. Note that it is
+	// different from the legacy [types.KindSSHSession] value that was
+	// used prior to the introduction of moderated sessions.
 	SSHSessionKind            SessionKind = "ssh"
 	KubernetesSessionKind     SessionKind = "k8s"
 	DatabaseSessionKind       SessionKind = "db"
diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go
index 36eb6f9975386..2bb1961df3839 100644
--- a/lib/auth/auth_with_roles.go
+++ b/lib/auth/auth_with_roles.go
@@ -417,12 +417,12 @@ func (a *ServerWithRoles) CreateSessionTracker(ctx context.Context, tracker type
 	return tracker, nil
 }
 
-func (a *ServerWithRoles) filterSessionTracker(ctx context.Context, joinerRoles []types.Role, tracker types.SessionTracker, verb string) bool {
+func (a *ServerWithRoles) filterSessionTracker(joinerRoles []types.Role, tracker types.SessionTracker, verb string) bool {
 	// Apply RFD 45 RBAC rules to the session if it's SSH.
 	// This is a bit of a hack. It converts to the old legacy format
 	// which we don't have all data for, luckily the fields we don't have aren't made available
 	// to the RBAC filter anyway.
-	if tracker.GetKind() == types.KindSSHSession {
+	if tracker.GetSessionKind() == types.SSHSessionKind {
 		ruleCtx := &services.Context{User: a.context.User}
 		ruleCtx.SSHSession = &session.Session{
 			Kind:           tracker.GetSessionKind(),
@@ -573,7 +573,7 @@ func (a *ServerWithRoles) GetSessionTracker(ctx context.Context, sessionID strin
 		return nil, trace.Wrap(err)
 	}
 
-	ok := a.filterSessionTracker(ctx, joinerRoles, tracker, types.VerbRead)
+	ok := a.filterSessionTracker(joinerRoles, tracker, types.VerbRead)
 	if !ok {
 		return nil, trace.NotFound("session %v not found", sessionID)
 	}
@@ -600,7 +600,7 @@ func (a *ServerWithRoles) GetActiveSessionTrackers(ctx context.Context) ([]types
 	}
 
 	for _, sess := range sessions {
-		ok := a.filterSessionTracker(ctx, joinerRoles, sess, types.VerbList)
+		ok := a.filterSessionTracker(joinerRoles, sess, types.VerbList)
 		if ok {
 			filteredSessions = append(filteredSessions, sess)
 		}
@@ -628,7 +628,7 @@ func (a *ServerWithRoles) GetActiveSessionTrackersWithFilter(ctx context.Context
 	}
 
 	for _, sess := range sessions {
-		ok := a.filterSessionTracker(ctx, joinerRoles, sess, types.VerbList)
+		ok := a.filterSessionTracker(joinerRoles, sess, types.VerbList)
 		if ok {
 			filteredSessions = append(filteredSessions, sess)
 		}
diff --git a/lib/auth/auth_with_roles_test.go b/lib/auth/auth_with_roles_test.go
index d97f64aa3d759..4d45cf82cd5a5 100644
--- a/lib/auth/auth_with_roles_test.go
+++ b/lib/auth/auth_with_roles_test.go
@@ -5387,7 +5387,41 @@ func TestGetActiveSessionTrackers(t *testing.T) {
 		require.NoError(t, err)
 
 		return getActiveSessionsTestCase{"no access with match expression", tracker, role, false}
-	}()}
+	}(), func() getActiveSessionsTestCase {
+		tracker, err := types.NewSessionTracker(types.SessionTrackerSpecV1{
+			SessionID: "1",
+			Kind:      string(types.SSHSessionKind),
+		})
+		require.NoError(t, err)
+
+		role, err := types.NewRoleWithVersion("dev", types.V3, types.RoleSpecV6{
+			Allow: types.RoleConditions{
+				AppLabels:        types.Labels{"*": []string{"*"}},
+				DatabaseLabels:   types.Labels{"*": []string{"*"}},
+				KubernetesLabels: types.Labels{"*": []string{"*"}},
+				KubernetesResources: []types.KubernetesResource{
+					{Kind: types.KindKubePod, Name: "*", Namespace: "*", Verbs: []string{"*"}},
+				},
+				NodeLabels:           types.Labels{"*": []string{"*"}},
+				NodeLabelsExpression: `contains(user.spec.traits["cluster_ids"], labels["cluster_id"]) || contains(user.spec.traits["sub"], labels["owner"])`,
+				Logins:               []string{"{{external.sub}}"},
+				WindowsDesktopLabels: types.Labels{"cluster_id": []string{"{{external.cluster_ids}}"}},
+				WindowsDesktopLogins: []string{"{{external.sub}}", "{{external.windows_logins}}"},
+			},
+			Deny: types.RoleConditions{
+				Rules: []types.Rule{
+					{
+						Resources: []string{types.KindDatabaseServer, types.KindAppServer, types.KindSession, types.KindSSHSession, types.KindKubeService, types.KindSessionTracker},
+						Verbs:     []string{"list", "read"},
+					},
+				},
+			},
+		})
+		require.NoError(t, err)
+
+		return getActiveSessionsTestCase{"filter bug v3 role", tracker, role, false}
+	}(),
+	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {

From ac878f31b0c3ed8fa09cc374447623f37b684770 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:12:18 +0000
Subject: [PATCH 05/53] Fix backends with prefixes (#47238) (#47490)

#46701 incorrectly changed how the prefixes for the etcd and dynamo
backends were applied and removed. In addition, the backend lock
key was not being constructed correctly and caused acquisition of
locks to fail on a cluster that had been upgraded.

Tests have been added to ensure that keys are now being constructed
correctly in all cases. Additionally, backend/helpers.go was moved
to backed/lock.go to better described what functionality the file
contains.

Backends with prefixes (etcd, dynamo) were incorrectly constructing
the key for locks. In addition the prefixes were not being trimmed
correctly which broke CAS operations.
---
 lib/backend/dynamo/dynamodbbk.go              |  2 +-
 lib/backend/dynamo/dynamodbbk_test.go         | 19 +++++++++++++
 lib/backend/etcdbk/etcd.go                    |  6 ++---
 lib/backend/etcdbk/etcd_test.go               | 27 +++++++++++++++++++
 lib/backend/{helpers.go => lock.go}           |  0
 lib/backend/{helpers_test.go => lock_test.go} | 15 +++++++++++
 6 files changed, 65 insertions(+), 4 deletions(-)
 rename lib/backend/{helpers.go => lock.go} (100%)
 rename lib/backend/{helpers_test.go => lock_test.go} (88%)

diff --git a/lib/backend/dynamo/dynamodbbk.go b/lib/backend/dynamo/dynamodbbk.go
index 3aef1d04b7c2d..44772550310a9 100644
--- a/lib/backend/dynamo/dynamodbbk.go
+++ b/lib/backend/dynamo/dynamodbbk.go
@@ -837,7 +837,7 @@ const (
 // prependPrefix adds leading 'teleport/' to the key for backwards compatibility
 // with previous implementation of DynamoDB backend
 func prependPrefix(key backend.Key) string {
-	return keyPrefix + string(key)
+	return keyPrefix + key.String()
 }
 
 // trimPrefix removes leading 'teleport' from the key
diff --git a/lib/backend/dynamo/dynamodbbk_test.go b/lib/backend/dynamo/dynamodbbk_test.go
index 0688990279d77..ce0420e00f1fc 100644
--- a/lib/backend/dynamo/dynamodbbk_test.go
+++ b/lib/backend/dynamo/dynamodbbk_test.go
@@ -29,6 +29,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	log "github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/lib/backend"
@@ -214,3 +215,21 @@ func TestCreateTable(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyPrefix(t *testing.T) {
+	t.Run("leading separator in key", func(t *testing.T) {
+		prefixed := prependPrefix(backend.NewKey("test", "llama"))
+		assert.Equal(t, "teleport/test/llama", prefixed)
+
+		key := trimPrefix(prefixed)
+		assert.Equal(t, "/test/llama", key.String())
+	})
+
+	t.Run("no leading separator in key", func(t *testing.T) {
+		prefixed := prependPrefix(backend.Key(".locks/test/llama"))
+		assert.Equal(t, "teleport.locks/test/llama", prefixed)
+
+		key := trimPrefix(prefixed)
+		assert.Equal(t, ".locks/test/llama", key.String())
+	})
+}
diff --git a/lib/backend/etcdbk/etcd.go b/lib/backend/etcdbk/etcd.go
index 68e0e7267f668..02cd015e7c1fc 100644
--- a/lib/backend/etcdbk/etcd.go
+++ b/lib/backend/etcdbk/etcd.go
@@ -1016,10 +1016,10 @@ func fromType(eventType mvccpb.Event_EventType) types.OpType {
 	}
 }
 
-func (b *EtcdBackend) trimPrefix(in backend.Key) backend.Key {
-	return in.TrimPrefix(backend.Key(b.cfg.Key))
+func (b *EtcdBackend) trimPrefix(in []byte) backend.Key {
+	return backend.Key(in).TrimPrefix(backend.Key(b.cfg.Key))
 }
 
 func (b *EtcdBackend) prependPrefix(in backend.Key) string {
-	return b.cfg.Key + string(in)
+	return b.cfg.Key + in.String()
 }
diff --git a/lib/backend/etcdbk/etcd_test.go b/lib/backend/etcdbk/etcd_test.go
index df1f76f1326ef..bd48c7184be3d 100644
--- a/lib/backend/etcdbk/etcd_test.go
+++ b/lib/backend/etcdbk/etcd_test.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/lib/backend"
@@ -255,3 +256,29 @@ func etcdTestEndpoint() string {
 	}
 	return "https://127.0.0.1:2379"
 }
+
+func TestKeyPrefix(t *testing.T) {
+	prefixes := []string{"teleport", "/teleport", "/teleport/"}
+
+	for _, prefix := range prefixes {
+		t.Run("prefix="+prefix, func(t *testing.T) {
+			bk := EtcdBackend{cfg: &Config{Key: prefix}}
+
+			t.Run("leading separator in key", func(t *testing.T) {
+				prefixed := bk.prependPrefix(backend.NewKey("test", "llama"))
+				assert.Equal(t, prefix+"/test/llama", prefixed)
+
+				key := bk.trimPrefix([]byte(prefixed))
+				assert.Equal(t, "/test/llama", key.String())
+			})
+
+			t.Run("no leading separator in key", func(t *testing.T) {
+				prefixed := bk.prependPrefix(backend.Key(".locks/test/llama"))
+				assert.Equal(t, prefix+".locks/test/llama", prefixed)
+
+				key := bk.trimPrefix([]byte(prefixed))
+				assert.Equal(t, ".locks/test/llama", key.String())
+			})
+		})
+	}
+}
diff --git a/lib/backend/helpers.go b/lib/backend/lock.go
similarity index 100%
rename from lib/backend/helpers.go
rename to lib/backend/lock.go
diff --git a/lib/backend/helpers_test.go b/lib/backend/lock_test.go
similarity index 88%
rename from lib/backend/helpers_test.go
rename to lib/backend/lock_test.go
index 496c476d674ca..822ede66236f0 100644
--- a/lib/backend/helpers_test.go
+++ b/lib/backend/lock_test.go
@@ -21,9 +21,24 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+func TestLockKey(t *testing.T) {
+	t.Run("empty parts", func(t *testing.T) {
+		key := lockKey()
+		assert.Equal(t, ".locks", key.String())
+		assert.Equal(t, [][]byte{[]byte(".locks")}, key.Components())
+	})
+
+	t.Run("with parts", func(t *testing.T) {
+		key := lockKey("test", "llama")
+		assert.Equal(t, ".locks/test/llama", key.String())
+		assert.Equal(t, [][]byte{[]byte(".locks"), []byte("test"), []byte("llama")}, key.Components())
+	})
+}
+
 func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 	type mockBackend struct {
 		Backend

From 58d8daa34cfc74ef7f81dfe2e7a478b393320822 Mon Sep 17 00:00:00 2001
From: Vadym Popov <vadym.popov@goteleport.com>
Date: Tue, 15 Oct 2024 11:06:50 -0400
Subject: [PATCH 06/53] [v14] Add filesystem lock for unix and windows
 platforms (#47196)

* Add filesystem lock for unix and windows platforms

* Add non-blocking flag

* Replace lock with gofrs/flock
---
 lib/utils/fs.go      | 22 ++++++++++++++++++-
 lib/utils/fs_test.go | 52 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/lib/utils/fs.go b/lib/utils/fs.go
index 36322877f83b3..49254628f0ac4 100644
--- a/lib/utils/fs.go
+++ b/lib/utils/fs.go
@@ -201,6 +201,16 @@ func FSTryWriteLock(filePath string) (unlock func() error, err error) {
 	return fileLock.Unlock, nil
 }
 
+// FSWriteLock tries to grab write lock and block if lock is already acquired by someone else.
+func FSWriteLock(filePath string) (unlock func() error, err error) {
+	fileLock := flock.New(getPlatformLockFilePath(filePath))
+	if err := fileLock.Lock(); err != nil {
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	return fileLock.Unlock, nil
+}
+
 // FSTryWriteLockTimeout tries to grab write lock, it's doing it until locks is acquired, or timeout is expired,
 // or context is expired.
 func FSTryWriteLockTimeout(ctx context.Context, filePath string, timeout time.Duration) (unlock func() error, err error) {
@@ -214,7 +224,7 @@ func FSTryWriteLockTimeout(ctx context.Context, filePath string, timeout time.Du
 	return fileLock.Unlock, nil
 }
 
-// FSTryReadLock tries to grab write lock, returns ErrUnsuccessfulLockTry
+// FSTryReadLock tries to grab shared lock, returns ErrUnsuccessfulLockTry
 // if lock is already acquired by someone else
 func FSTryReadLock(filePath string) (unlock func() error, err error) {
 	fileLock := flock.New(getPlatformLockFilePath(filePath))
@@ -229,6 +239,16 @@ func FSTryReadLock(filePath string) (unlock func() error, err error) {
 	return fileLock.Unlock, nil
 }
 
+// FSReadLock tries to grab shared lock and block if lock is already acquired by someone else.
+func FSReadLock(filePath string) (unlock func() error, err error) {
+	fileLock := flock.New(getPlatformLockFilePath(filePath))
+	if err := fileLock.RLock(); err != nil {
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	return fileLock.Unlock, nil
+}
+
 // FSTryReadLockTimeout tries to grab read lock, it's doing it until locks is acquired, or timeout is expired,
 // or context is expired.
 func FSTryReadLockTimeout(ctx context.Context, filePath string, timeout time.Duration) (unlock func() error, err error) {
diff --git a/lib/utils/fs_test.go b/lib/utils/fs_test.go
index dc352df644fff..e4d192f3d2d79 100644
--- a/lib/utils/fs_test.go
+++ b/lib/utils/fs_test.go
@@ -18,9 +18,11 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path/filepath"
 	"runtime"
+	"sync/atomic"
 	"testing"
 	"time"
 
@@ -326,6 +328,56 @@ func TestLocks(t *testing.T) {
 	require.NoError(t, unlock())
 }
 
+// TestLockWithBlocking verifies that second lock call is blocked until first is released.
+func TestLockWithBlocking(t *testing.T) {
+	var locked atomic.Bool
+
+	lockFile := filepath.Join(os.TempDir(), ".lock")
+	t.Cleanup(func() {
+		require.NoError(t, os.Remove(lockFile))
+	})
+
+	// Acquire first lock should not return any error.
+	unlock, err := FSWriteLock(lockFile)
+	require.NoError(t, err)
+	locked.Store(true)
+
+	signal := make(chan struct{})
+	errChan := make(chan error)
+	go func() {
+		signal <- struct{}{}
+		unlock, err := FSWriteLock(lockFile)
+		if err != nil {
+			errChan <- err
+			return
+		}
+		if locked.Load() {
+			errChan <- fmt.Errorf("first lock is still acquired, second lock must be blocking")
+			return
+		}
+		if err := unlock(); err != nil {
+			errChan <- err
+			return
+		}
+		signal <- struct{}{}
+	}()
+
+	<-signal
+	// We have to wait till next lock is reached to ensure we block execution of goroutine.
+	// Since this is system call we can't track if the function reach blocking state already.
+	time.Sleep(100 * time.Millisecond)
+	locked.Store(false)
+	require.NoError(t, unlock())
+
+	select {
+	case err := <-errChan:
+		require.NoError(t, err)
+	case <-signal:
+	case <-time.After(5 * time.Second):
+		require.Fail(t, "second lock is not released")
+	}
+}
+
 func TestOverwriteFile(t *testing.T) {
 	have := []byte("Sensitive Information")
 	fName := filepath.Join(t.TempDir(), "teleport-overwrite-file-test")

From ce0fe10e9ec40acf3c1706557cbc40cc4320ee92 Mon Sep 17 00:00:00 2001
From: Forrest <30576607+fspmarshall@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:08:15 -0700
Subject: [PATCH 07/53] high level event exporter & cursor helpers (#47370)

---
 lib/events/export/cursor.go          | 276 +++++++++++++++++
 lib/events/export/cursor_test.go     | 243 +++++++++++++++
 lib/events/export/date_exporter.go   |  18 ++
 lib/events/export/exporter.go        | 440 +++++++++++++++++++++++++++
 lib/events/export/exporter_test.go   | 163 ++++++++++
 lib/events/export/helpers.go         |  27 ++
 tool/tctl/common/loadtest_command.go | 145 ++++-----
 7 files changed, 1233 insertions(+), 79 deletions(-)
 create mode 100644 lib/events/export/cursor.go
 create mode 100644 lib/events/export/cursor_test.go
 create mode 100644 lib/events/export/exporter.go
 create mode 100644 lib/events/export/exporter_test.go
 create mode 100644 lib/events/export/helpers.go

diff --git a/lib/events/export/cursor.go b/lib/events/export/cursor.go
new file mode 100644
index 0000000000000..8dff088d00831
--- /dev/null
+++ b/lib/events/export/cursor.go
@@ -0,0 +1,276 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package export
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+	"slices"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gravitational/trace"
+
+	"github.com/gravitational/teleport"
+)
+
+const (
+	// completedName is the completed file name
+	completedName = "completed-chunks"
+
+	// chunkSuffix is the suffix for per-chunk cursor files
+	chunkSuffix = ".chunk"
+)
+
+// CursorConfig configures a cursor.
+type CursorConfig struct {
+	// Dir is the cursor directory. This directory will be created if it does not exist
+	// and should not be used for any other purpose.
+	Dir string
+}
+
+// CheckAndSetDefaults validates configuration and sets default values for optional parameters.
+func (c *CursorConfig) CheckAndSetDefaults() error {
+	if c.Dir == "" {
+		return trace.BadParameter("missing required parameter Dir in CursorConfig")
+	}
+
+	return nil
+}
+
+// Cursor manages an event export cursor directory and keeps a copy of its state in-memory,
+// improving the efficiency of updates by only writing diffs to disk. the cursor directory
+// contains a sub-directory per date. each date's state is tracked using an append-only list
+// of completed chunks, along with a per-chunk cursor file. cursor directories are not intended
+// for true concurrent use, but concurrent use in the context of a graceful restart won't have
+// any consequences more dire than duplicate events.
+type Cursor struct {
+	cfg   CursorConfig
+	mu    sync.Mutex
+	state ExporterState
+}
+
+// NewCursor creates a new cursor, loading any preexisting state from disk.
+func NewCursor(cfg CursorConfig) (*Cursor, error) {
+	if err := cfg.CheckAndSetDefaults(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	state, err := loadInitialState(cfg.Dir)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return &Cursor{
+		cfg:   cfg,
+		state: *state,
+	}, nil
+}
+
+// GetState gets the current state as seen by this cursor.
+func (c *Cursor) GetState() ExporterState {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	return c.state.Clone()
+}
+
+// Sync synchronizes the cursor's in-memory state with the provided state, writing any diffs to disk.
+func (c *Cursor) Sync(newState ExporterState) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	for d, s := range newState.Dates {
+		if err := c.syncDate(d, s); err != nil {
+			return trace.Wrap(err)
+		}
+	}
+
+	for d := range c.state.Dates {
+		if _, ok := newState.Dates[d]; !ok {
+			if err := c.deleteDate(d); err != nil {
+				return trace.Wrap(err)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *Cursor) syncDate(date time.Time, state DateExporterState) error {
+	// ensure date directory exists. the existence of the date directory
+	// is meaningful even if it contains no files.
+	dateDir := filepath.Join(c.cfg.Dir, date.Format(time.DateOnly))
+	if err := os.MkdirAll(dateDir, teleport.SharedDirMode); err != nil {
+		return trace.ConvertSystemError(err)
+	}
+
+	// open completed file in append mode
+	completedFile, err := os.OpenFile(filepath.Join(dateDir, completedName), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return trace.ConvertSystemError(err)
+	}
+	defer completedFile.Close()
+
+	current, ok := c.state.Dates[date]
+	if !ok {
+		current = DateExporterState{
+			Cursors: make(map[string]string),
+		}
+	}
+	defer func() {
+		c.state.Dates[date] = current
+	}()
+
+	for _, chunk := range state.Completed {
+		if slices.Contains(current.Completed, chunk) {
+			// already written to disk
+			continue
+		}
+
+		// add chunk to completed file
+		if _, err := fmt.Fprintln(completedFile, chunk); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// ensure chunk is flushed to disk successfully before removing the cursor file
+		// and updating in-memory state.
+		if err := completedFile.Sync(); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// delete cursor file if it exists
+		if err := os.Remove(filepath.Join(dateDir, chunk+chunkSuffix)); err != nil && !os.IsNotExist(err) {
+			return trace.ConvertSystemError(err)
+		}
+
+		// update current state
+		current.Completed = append(current.Completed, chunk)
+		delete(current.Cursors, chunk)
+	}
+
+	for chunk, cursor := range state.Cursors {
+		if current.Cursors[chunk] == cursor {
+			continue
+		}
+
+		// write cursor file
+		if err := os.WriteFile(filepath.Join(dateDir, chunk+chunkSuffix), []byte(cursor), 0644); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// update current state
+		current.Cursors[chunk] = cursor
+	}
+
+	return nil
+}
+
+func (c *Cursor) deleteDate(date time.Time) error {
+	if _, ok := c.state.Dates[date]; !ok {
+		return nil
+	}
+
+	// delete the date directory and all its contents
+	if err := os.RemoveAll(filepath.Join(c.cfg.Dir, date.Format(time.DateOnly))); err != nil {
+		return trace.ConvertSystemError(err)
+	}
+
+	delete(c.state.Dates, date)
+
+	return nil
+}
+
+func loadInitialState(dir string) (*ExporterState, error) {
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState),
+	}
+	// list subdirectories of the cursors v2 directory
+	entries, err := os.ReadDir(dir)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return &state, nil
+		}
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			// ignore non-directories
+			continue
+		}
+
+		// attempt to parse dir name as date
+		date, err := time.Parse(time.DateOnly, entry.Name())
+		if err != nil {
+			// ignore non-date directories
+			continue
+		}
+
+		dateState := DateExporterState{
+			Cursors: make(map[string]string),
+		}
+
+		dateEntries, err := os.ReadDir(filepath.Join(dir, entry.Name()))
+		if err != nil {
+			return nil, trace.ConvertSystemError(err)
+		}
+
+		for _, dateEntry := range dateEntries {
+			if dateEntry.IsDir() {
+				continue
+			}
+
+			if dateEntry.Name() == completedName {
+				// load the completed file
+				b, err := os.ReadFile(filepath.Join(dir, entry.Name(), completedName))
+				if err != nil {
+					return nil, trace.ConvertSystemError(err)
+				}
+
+				// split the completed file into whitespace-separated chunks
+				dateState.Completed = strings.Fields(string(b))
+				continue
+			}
+
+			if !strings.HasSuffix(dateEntry.Name(), chunkSuffix) {
+				continue
+			}
+
+			chunk := strings.TrimSuffix(dateEntry.Name(), chunkSuffix)
+			b, err := os.ReadFile(filepath.Join(dir, entry.Name(), dateEntry.Name()))
+			if err != nil {
+				return nil, trace.ConvertSystemError(err)
+			}
+
+			if cc := bytes.TrimSpace(b); len(cc) != 0 {
+				dateState.Cursors[chunk] = string(cc)
+			}
+		}
+
+		// note that some dates may not contain any chunks. we still want to track the
+		// fact that these dates have had their dirs initialized since that still indicates
+		// how far we've gotten in the export process.
+		state.Dates[date] = dateState
+	}
+
+	return &state, nil
+}
diff --git a/lib/events/export/cursor_test.go b/lib/events/export/cursor_test.go
new file mode 100644
index 0000000000000..9853141139345
--- /dev/null
+++ b/lib/events/export/cursor_test.go
@@ -0,0 +1,243 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package export
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport"
+)
+
+// testState is a helper for easily/cleanly representing a cursor/exporter state as a literal when
+// writing tests. the values of the inner mapping are generally strings, but some helpers support
+// using []string for the completed key.
+type testState map[string]map[string]any
+
+// writeRawState writes the test state to a directory structure. unlike `newState`, this helper
+// is designed to inject non-conforming data, so it will accept non-date dir names and expects a string
+// value for the completed key.
+func writeRawState(t *testing.T, dir string, ts testState) {
+	for d, s := range ts {
+		dateDir := filepath.Join(dir, d)
+		require.NoError(t, os.MkdirAll(dateDir, teleport.SharedDirMode))
+
+		for k, v := range s {
+			fileName := filepath.Join(dateDir, k)
+			require.NoError(t, os.WriteFile(fileName, []byte(v.(string)), 0644))
+		}
+	}
+}
+
+// newState converts a testState into a real ExporterState. this helper only works
+// with a well-formed testState.
+func newState(t *testing.T, ts testState) ExporterState {
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState),
+	}
+	for d, s := range ts {
+		date, err := time.Parse(time.DateOnly, d)
+		require.NoError(t, err)
+
+		dateState := DateExporterState{
+			Cursors:   make(map[string]string),
+			Completed: []string{}, // avoids require.Equal rejecting nil slices as unequal to empty slices
+		}
+
+	Entries:
+		for k, v := range s {
+			if k == completedName {
+				dateState.Completed = v.([]string)
+				continue Entries
+			}
+			dateState.Cursors[k] = v.(string)
+		}
+
+		state.Dates[date] = dateState
+	}
+	return state
+}
+
+func syncAndVerifyState(t *testing.T, cursor *Cursor, ts testState) {
+	state := newState(t, ts)
+
+	// sync the state
+	require.NoError(t, cursor.Sync(state))
+
+	// verify in-memory state is as expected
+	require.Equal(t, state, cursor.GetState())
+
+	// attempt to load the state from disk
+	loaded, err := NewCursor(CursorConfig{
+		Dir: cursor.cfg.Dir,
+	})
+	require.NoError(t, err)
+
+	// verify that the loaded state is the same as the original state
+	require.Equal(t, state, loaded.GetState())
+}
+
+// verifyRawState asserts that the raw state on disk matches the provided test state. chunk names
+// need to be suffixed to match and the completed key should be a string.
+func verifyRawState(t *testing.T, dir string, ts testState) {
+	for d, s := range ts {
+		dateDir := filepath.Join(dir, d)
+		for k, v := range s {
+			fileName := filepath.Join(dateDir, k)
+			data, err := os.ReadFile(fileName)
+			require.NoError(t, err)
+
+			require.Equal(t, v.(string), string(data))
+		}
+	}
+}
+
+// TestCursorBasics verifies basic syncing/loading of cursor state.
+func TestCursorBasics(t *testing.T) {
+	dir := t.TempDir()
+
+	cursor, err := NewCursor(CursorConfig{
+		Dir: dir,
+	})
+	require.NoError(t, err)
+	state := cursor.GetState()
+	require.True(t, state.IsEmpty())
+
+	// sync and verify a typical state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1", "chunk2"},
+		},
+		"2021-01-02": {
+			completedName: []string{"chunk1", "chunk2"},
+			"chunk3":      "cursor1",
+			"chunk4":      "cursor2",
+		},
+		"2021-01-03": {
+			"chunk3": "cursor1",
+			"chunk4": "cursor2",
+		},
+		"2021-01-04": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "chunk1\nchunk2\n",
+		},
+		"2021-01-02": {
+			completedName:          "chunk1\nchunk2\n",
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+		},
+		"2021-01-03": {
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+		},
+		"2021-01-04": {},
+	})
+
+	// sync and verify updated state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1", "chunk2", "chunk3"},
+		},
+		"2021-01-02": {
+			completedName: []string{"chunk1", "chunk2"},
+			"chunk3":      "cursor1",
+			"chunk4":      "cursor2",
+			"chunk5":      "cursor4",
+		},
+		"2021-01-03": {
+			"chunk3": "cursor2",
+			"chunk4": "cursor3",
+		},
+		"2021-01-04": {},
+		"2021-01-05": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "chunk1\nchunk2\nchunk3\n",
+		},
+		"2021-01-02": {
+			completedName:          "chunk1\nchunk2\n",
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+			"chunk5" + chunkSuffix: "cursor4",
+		},
+		"2021-01-03": {
+			"chunk3" + chunkSuffix: "cursor2",
+			"chunk4" + chunkSuffix: "cursor3",
+		},
+		"2021-01-04": {},
+		"2021-01-05": {},
+	})
+
+	// sync & verify heavily truncated state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-05": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-05": {},
+	})
+}
+
+func TestCursorBadState(t *testing.T) {
+	dir := t.TempDir()
+
+	writeRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "\n\nchunk1\n\n", // extra whitespace should be ignored
+		},
+		"not-a-date": {
+			completedName: "chunk1",
+			"no-suffix":   "cursor1", // unknown suffix should be ignored
+		},
+		"2021-01-02": {
+			completedName:          "\n", // whitespace-only completed file should count as empty
+			"chunk1" + chunkSuffix: "cursor1",
+			"chunk2" + chunkSuffix: "cursor2\n", // extra whitespace should be ignored
+			"chunk3" + chunkSuffix: " ",         // whitespace-only cursor file should count as empty
+			"no-suffix":            "cursor3",   // unknown suffix should be ignored
+		},
+	})
+
+	expected := newState(t, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1"},
+		},
+		"2021-01-02": {
+			"chunk1": "cursor1",
+			"chunk2": "cursor2",
+		},
+	})
+
+	loaded, err := NewCursor(CursorConfig{
+		Dir: dir,
+	})
+	require.NoError(t, err)
+
+	// verify that the loaded state is the same as expected state
+	require.Equal(t, expected, loaded.GetState())
+}
diff --git a/lib/events/export/date_exporter.go b/lib/events/export/date_exporter.go
index cee3e3a36278c..698c67d8c156e 100644
--- a/lib/events/export/date_exporter.go
+++ b/lib/events/export/date_exporter.go
@@ -117,6 +117,24 @@ type DateExporterState struct {
 	Cursors map[string]string
 }
 
+// IsEmpty returns true if no state is defined.
+func (s *DateExporterState) IsEmpty() bool {
+	return len(s.Completed) == 0 && len(s.Cursors) == 0
+}
+
+// Clone returns a deep copy of the date exporter state.
+func (s *DateExporterState) Clone() DateExporterState {
+	cloned := DateExporterState{
+		Completed: make([]string, len(s.Completed)),
+		Cursors:   make(map[string]string, len(s.Cursors)),
+	}
+	copy(cloned.Completed, s.Completed)
+	for chunk, cursor := range s.Cursors {
+		cloned.Cursors[chunk] = cursor
+	}
+	return cloned
+}
+
 // DateExporter is a utility for exporting events for a given date using the chunked event export APIs. Note that
 // it is specifically designed to prioritize performance and ensure that events aren't missed. It may not yield events
 // in time order, and does not provide a mechanism to decide when export for a given date should be considered complete,
diff --git a/lib/events/export/exporter.go b/lib/events/export/exporter.go
new file mode 100644
index 0000000000000..9506a80b81adc
--- /dev/null
+++ b/lib/events/export/exporter.go
@@ -0,0 +1,440 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package export
+
+import (
+	"context"
+	"log/slog"
+	"slices"
+	"sync"
+	"time"
+
+	"github.com/gravitational/trace"
+	"golang.org/x/time/rate"
+
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+	"github.com/gravitational/teleport/api/utils/retryutils"
+	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/lib/utils/interval"
+)
+
+type ExporterState struct {
+	// Dates is a map of dates to their respective state. Note that an empty
+	// state for a date is still meaningful and either indicates that the date
+	// itself contains no events, or that no progress has been made against that
+	// date yet.
+	Dates map[time.Time]DateExporterState
+}
+
+// IsEmpty returns true if no state is defined.
+func (s *ExporterState) IsEmpty() bool {
+	return len(s.Dates) == 0
+}
+
+// Clone creates a deep copy of the exporter state.
+func (s *ExporterState) Clone() ExporterState {
+	out := ExporterState{
+		Dates: make(map[time.Time]DateExporterState, len(s.Dates)),
+	}
+	for date, state := range s.Dates {
+		out.Dates[date] = state.Clone()
+	}
+	return out
+}
+
+// ExporterConfig configured an exporter.
+type ExporterConfig struct {
+	// Client is the audit event client used to fetch and export events.
+	Client Client
+	// StartDate is the date from which to start exporting events.
+	StartDate time.Time
+	// Export is the callback used to export events. Must be safe for concurrent use if
+	// the Concurrency parameter is greater than 1.
+	Export func(ctx context.Context, event *auditlogpb.ExportEventUnstructured) error
+	// OnIdle is an optional callback that gets invoked periodically when the exporter is idle. Note that it is
+	// safe to close the exporter or inspect its state from within this callback, but waiting on the exporter's
+	// Done channel within this callback will deadlock. This callback is an asynchronous signal and additional
+	// events may be discovered concurrently with its invocation.
+	OnIdle func(ctx context.Context)
+	// PreviousState is an optional parameter used to resume from a previous date export run.
+	PreviousState ExporterState
+	// Concurrency sets the maximum number of event chunks that will be processed concurrently
+	// for a given date (defaults to 1). Note that the total number of inflight chunk processing
+	// may be up to Conurrency * (BacklogSize + 1).
+	Concurrency int
+	// BacklogSize optionally overrides the default size of the export backlog (i.e. the number of
+	// previous dates for which polling continues after initial idleness). default is 1.
+	BacklogSize int
+	// MaxBackoff optionally overrides the default maximum backoff applied when errors are hit.
+	MaxBackoff time.Duration
+	// PollInterval optionally overrides the default poll interval used to fetch event chunks.
+	PollInterval time.Duration
+}
+
+// CheckAndSetDefaults validates configuration and sets default values for optional parameters.
+func (cfg *ExporterConfig) CheckAndSetDefaults() error {
+	if cfg.Client == nil {
+		return trace.BadParameter("missing required parameter Client in ExporterConfig")
+	}
+	if cfg.StartDate.IsZero() {
+		return trace.BadParameter("missing required parameter StartDate in ExporterConfig")
+	}
+	if cfg.Export == nil {
+		return trace.BadParameter("missing required parameter Export in ExporterConfig")
+	}
+	if cfg.Concurrency == 0 {
+		cfg.Concurrency = 1
+	}
+	if cfg.BacklogSize == 0 {
+		cfg.BacklogSize = 1
+	}
+	if cfg.MaxBackoff == 0 {
+		cfg.MaxBackoff = 90 * time.Second
+	}
+	if cfg.PollInterval == 0 {
+		cfg.PollInterval = 16 * time.Second
+	}
+	return nil
+}
+
+// Exporter is a utility for exporting events starting from a given date using the chunked event export APIs. Note that
+// it is specifically designed to prioritize performance and ensure that events aren't missed. Events may not be yielded
+// in time order. Export of events is performed by consuming all currently available events for a given date, then moving
+// to the next date. In order to account for replication delays, a backlog of previous dates are also polled.
+type Exporter struct {
+	cfg         ExporterConfig
+	mu          sync.Mutex
+	current     *DateExporter
+	currentDate time.Time
+	previous    map[time.Time]*DateExporter
+	cancel      context.CancelFunc
+	idle        chan struct{}
+	done        chan struct{}
+}
+
+// NewExporter creates a new exporter and begins background processing of events. Processing will continue indefinitely
+// until Exporter.Close is called.
+func NewExporter(cfg ExporterConfig) (*Exporter, error) {
+	if err := cfg.CheckAndSetDefaults(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	e := &Exporter{
+		cfg:      cfg,
+		cancel:   cancel,
+		idle:     make(chan struct{}, 1),
+		done:     make(chan struct{}),
+		previous: make(map[time.Time]*DateExporter, len(cfg.PreviousState.Dates)),
+	}
+
+	// start initial event processing
+	var initError error
+	e.withLock(func() {
+		var resumed int
+		for date, state := range cfg.PreviousState.Dates {
+			date = normalizeDate(date)
+			if cfg.StartDate.After(date) {
+				// skip dates that are older than the start date
+				continue
+			}
+			if err := e.resumeExportLocked(ctx, date, state); err != nil {
+				initError = err
+				return
+			}
+			slog.InfoContext(ctx, "resumed event export", "date", date.Format(time.DateOnly))
+			resumed++
+		}
+
+		if resumed == 0 {
+			// no previous state at/after start date, start at the beginning
+			if err := e.startExportLocked(ctx, cfg.StartDate); err != nil {
+				initError = err
+				return
+			}
+			slog.InfoContext(ctx, "started event export", "date", cfg.StartDate.Format(time.DateOnly))
+		}
+	})
+	if initError != nil {
+		e.Close()
+		return nil, trace.Wrap(initError)
+	}
+
+	go e.run(ctx)
+	return e, nil
+
+}
+
+// Close terminates all event processing. Note that shutdown is asynchronous. Any operation that needs to wait for export to fully
+// terminate should wait on Done after calling Close.
+func (e *Exporter) Close() {
+	e.cancel()
+}
+
+// Done provides a channel that will be closed when the exporter has completed processing all inflight dates. When saving the
+// final state of the exporter for future resumption, this channel must be waited upon before state is loaded. Note that the date
+// exporter never termiantes unless Close is called, so waiting on Done is only meaningful after Close has been called.
+func (e *Exporter) Done() <-chan struct{} {
+	return e.done
+}
+
+// GetState loads the current state of the exporter. Note that there may be concurrent export operations
+// in progress, meaning that by the time state is observed it may already be outdated.
+func (e *Exporter) GetState() ExporterState {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState, len(e.previous)+1),
+	}
+
+	// Add the current date state.
+	state.Dates[e.currentDate] = e.current.GetState()
+
+	for date, exporter := range e.previous {
+		state.Dates[date] = exporter.GetState()
+	}
+
+	return state
+}
+
+func (e *Exporter) run(ctx context.Context) {
+	defer func() {
+		// on exit we close all date exporters and block on their completion
+		// before signaling that we are done.
+		var doneChans []<-chan struct{}
+		e.withLock(func() {
+			doneChans = make([]<-chan struct{}, 0, len(e.previous)+1)
+			e.current.Close()
+			doneChans = append(doneChans, e.current.Done())
+			for _, exporter := range e.previous {
+				exporter.Close()
+				doneChans = append(doneChans, exporter.Done())
+			}
+		})
+
+		for _, done := range doneChans {
+			<-done
+		}
+		close(e.done)
+	}()
+
+	poll := interval.New(interval.Config{
+		Duration:      e.cfg.PollInterval,
+		FirstDuration: utils.FullJitter(e.cfg.PollInterval / 2),
+		Jitter:        retryutils.NewSeventhJitter(),
+	})
+	defer poll.Stop()
+
+	logLimiter := rate.NewLimiter(rate.Every(time.Minute), 1)
+
+	for {
+		idle, err := e.poll(ctx)
+		if err != nil && logLimiter.Allow() {
+			var dates []string
+			e.withLock(func() {
+				dates = make([]string, 0, len(e.previous)+1)
+				dates = append(dates, e.currentDate.Format(time.DateOnly))
+				for date := range e.previous {
+					dates = append(dates, date.Format(time.DateOnly))
+				}
+			})
+			slices.Sort(dates)
+			slog.WarnContext(ctx, "event export poll failed", "error", err, "dates", dates)
+		}
+
+		if idle && e.cfg.OnIdle != nil {
+			e.cfg.OnIdle(ctx)
+		}
+
+		select {
+		case <-e.idle:
+		case <-poll.Next():
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+// poll advances the exporter to the next date if the current date is idle and in the past, and prunes any idle exporters that
+// are outside of the target backlog range. if the exporter is caught up with the current date and all sub-exporters are idle,
+// poll returns true. otherwise, poll returns false.
+func (e *Exporter) poll(ctx context.Context) (bool, error) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	var caughtUp bool
+	if e.current.IsIdle() {
+		if normalizeDate(time.Now()).After(e.currentDate) {
+			nextDate := e.currentDate.AddDate(0, 0, 1)
+			// current date is idle and in the past, advance to the next date
+			if err := e.startExportLocked(ctx, nextDate); err != nil {
+				return false, trace.Wrap(err)
+			}
+			slog.InfoContext(ctx, "advanced to next event export target", "date", nextDate.Format(time.DateOnly))
+		} else {
+			caughtUp = true
+		}
+	}
+
+	// prune any dangling exporters that appear idle
+	e.pruneBacklogLocked(ctx)
+
+	if !caughtUp {
+		return false, nil
+	}
+
+	// check if all backlog exporters are idle
+	for _, exporter := range e.previous {
+		if !exporter.IsIdle() {
+			return false, nil
+		}
+	}
+
+	// all exporters are idle and we are caught up with the current date
+	return true, nil
+}
+
+// pruneBacklogLocked prunes any idle exporters that are outside of the target backlog range.
+func (e *Exporter) pruneBacklogLocked(ctx context.Context) {
+	if len(e.previous) <= e.cfg.BacklogSize {
+		return
+	}
+
+	dates := make([]time.Time, 0, len(e.previous))
+	for date := range e.previous {
+		dates = append(dates, date)
+	}
+
+	// sort dates with most recent first
+	slices.SortFunc(dates, func(a, b time.Time) int {
+		if a.After(b) {
+			return -1
+		}
+		if b.After(a) {
+			return 1
+		}
+		return 0
+	})
+
+	// close any idle exporters that are older than the backlog size
+	for _, date := range dates[e.cfg.BacklogSize:] {
+		if !e.previous[date].IsIdle() {
+			continue
+		}
+
+		e.previous[date].Close()
+
+		doneC := e.previous[date].Done()
+
+		var closing bool
+		e.withoutLock(func() {
+			select {
+			case <-doneC:
+			case <-ctx.Done():
+				closing = true
+			}
+		})
+
+		if closing {
+			return
+		}
+
+		delete(e.previous, date)
+
+		slog.InfoContext(ctx, "halted historical event export", "date", date.Format(time.DateOnly))
+	}
+}
+
+// startExport starts export of events for the given date.
+func (e *Exporter) startExportLocked(ctx context.Context, date time.Time) error {
+	return e.resumeExportLocked(ctx, date, DateExporterState{})
+}
+
+// resumeExport resumes export of events for the given date with the given state.
+func (e *Exporter) resumeExportLocked(ctx context.Context, date time.Time, state DateExporterState) error {
+	date = normalizeDate(date)
+
+	// check if the date is already being exported
+	if _, ok := e.previous[date]; ok || e.currentDate.Equal(date) {
+		return nil
+	}
+
+	onIdle := func(ctx context.Context) {
+		var isCurrent bool
+		e.withLock(func() {
+			isCurrent = e.currentDate.Equal(date)
+		})
+		if !isCurrent {
+			// idle callbacks from an exporter in the backlog
+			// can be ignored.
+			return
+		}
+
+		// current date is idle, wake up the poll loop
+		select {
+		case e.idle <- struct{}{}:
+		default:
+		}
+	}
+
+	// set up exporter
+	exporter, err := NewDateExporter(DateExporterConfig{
+		Client:        e.cfg.Client,
+		Date:          date,
+		Export:        e.cfg.Export,
+		OnIdle:        onIdle,
+		PreviousState: state,
+		Concurrency:   e.cfg.Concurrency,
+		MaxBackoff:    e.cfg.MaxBackoff,
+		PollInterval:  e.cfg.PollInterval,
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	// if a current export is in progress and is newer than this export,
+	// add this export to the backlog.
+	if e.current != nil && e.currentDate.After(date) {
+		// historical export is being started, add to backlog
+		e.previous[date] = exporter
+		return nil
+	}
+
+	// bump previous export to backlog
+	if e.current != nil {
+		e.previous[e.currentDate] = e.current
+	}
+	e.current = exporter
+	e.currentDate = date
+
+	return nil
+}
+
+func (e *Exporter) withLock(fn func()) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	fn()
+}
+
+func (e *Exporter) withoutLock(fn func()) {
+	e.mu.Unlock()
+	defer e.mu.Lock()
+	fn()
+}
diff --git a/lib/events/export/exporter_test.go b/lib/events/export/exporter_test.go
new file mode 100644
index 0000000000000..436cd3ecccf52
--- /dev/null
+++ b/lib/events/export/exporter_test.go
@@ -0,0 +1,163 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package export
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+)
+
+const day = time.Hour * 24
+
+// TestExporterBasics tests the basic functionality of the exporter with and without random flake.
+func TestExporterBasics(t *testing.T) {
+	t.Parallel()
+
+	now := normalizeDate(time.Now())
+	startDate := now.Add(-7 * day)
+
+	for _, randomFlake := range []bool{false, true} {
+
+		// empty case verified export of a time range larger than backlog size with no events in it.
+		t.Run(fmt.Sprintf("case=empty,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  []*auditlogpb.ExportEventUnstructured{},
+			})
+		})
+
+		// sparse case verifies export of a time range with gaps larger than the backlog size.
+		t.Run(fmt.Sprintf("case=sparse,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			var allEvents []*auditlogpb.ExportEventUnstructured
+			allEvents = append(allEvents, addEvents(t, clt, startDate, 1, 1)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(4*day), 3, 2)...)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  allEvents,
+			})
+		})
+
+		// dense case verifies export of a time range with many events in every date.
+		t.Run(fmt.Sprintf("case=dense,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			var allEvents []*auditlogpb.ExportEventUnstructured
+			allEvents = append(allEvents, addEvents(t, clt, startDate, 100, 1)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(day), 50, 2)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(2*day), 5, 20)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(3*day), 20, 5)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(4*day), 14, 7)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(5*day), 7, 14)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(6*day), 1, 100)...)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  allEvents,
+			})
+		})
+	}
+}
+
+// addEvents is a helper for generating events in tests. It both inserts the specified event chunks/counts into the fake client
+// and returns the generated events for comparison.
+func addEvents(t *testing.T, clt *fakeClient, date time.Time, chunks, eventsPerChunk int) []*auditlogpb.ExportEventUnstructured {
+	var allEvents []*auditlogpb.ExportEventUnstructured
+	for i := 0; i < chunks; i++ {
+		chunk := makeEventChunk(t, date, eventsPerChunk)
+		allEvents = append(allEvents, chunk...)
+		clt.addChunk(date.Format(time.DateOnly), uuid.NewString(), chunk)
+	}
+
+	return allEvents
+}
+
+type exportTestCase struct {
+	clt       Client
+	startDate time.Time
+	expected  []*auditlogpb.ExportEventUnstructured
+}
+
+// testExportAll verifies that the expected events are exported by the exporter given
+// the supplied client state.
+func testExportAll(t *testing.T, tc exportTestCase) {
+	var exportedMu sync.Mutex
+	var exported []*auditlogpb.ExportEventUnstructured
+
+	exportFn := func(ctx context.Context, event *auditlogpb.ExportEventUnstructured) error {
+		exportedMu.Lock()
+		defer exportedMu.Unlock()
+		exported = append(exported, event)
+		return nil
+	}
+
+	getExported := func() []*auditlogpb.ExportEventUnstructured {
+		exportedMu.Lock()
+		defer exportedMu.Unlock()
+		return append([]*auditlogpb.ExportEventUnstructured(nil), exported...)
+	}
+
+	var idleOnce sync.Once
+	idleCh := make(chan struct{})
+
+	exporter, err := NewExporter(ExporterConfig{
+		Client:       tc.clt,
+		StartDate:    tc.startDate,
+		Export:       exportFn,
+		OnIdle:       func(_ context.Context) { idleOnce.Do(func() { close(idleCh) }) },
+		Concurrency:  2,
+		BacklogSize:  2,
+		MaxBackoff:   600 * time.Millisecond,
+		PollInterval: 200 * time.Millisecond,
+	})
+	require.NoError(t, err)
+	defer exporter.Close()
+
+	timeout := time.After(30 * time.Second)
+	select {
+	case <-idleCh:
+	case <-timeout:
+		require.FailNow(t, "timeout waiting for exporter to become idle")
+	}
+
+	require.ElementsMatch(t, tc.expected, getExported())
+}
diff --git a/lib/events/export/helpers.go b/lib/events/export/helpers.go
new file mode 100644
index 0000000000000..35f7fe0997fd5
--- /dev/null
+++ b/lib/events/export/helpers.go
@@ -0,0 +1,27 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package export
+
+import "time"
+
+// normalizeDate normalizes a timestamp to the beginning of the day in UTC.
+func normalizeDate(t time.Time) time.Time {
+	t = t.UTC()
+	return time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, time.UTC)
+}
diff --git a/tool/tctl/common/loadtest_command.go b/tool/tctl/common/loadtest_command.go
index 2aa72c816dee1..a764d954103db 100644
--- a/tool/tctl/common/loadtest_command.go
+++ b/tool/tctl/common/loadtest_command.go
@@ -19,6 +19,7 @@ package common
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"os"
 	"os/signal"
 	"runtime"
@@ -31,12 +32,12 @@ import (
 	"github.com/google/uuid"
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
-	"google.golang.org/protobuf/types/known/timestamppb"
 
 	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/lib/auth/authclient"
 	"github.com/gravitational/teleport/lib/cache"
+	"github.com/gravitational/teleport/lib/events/export"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/utils"
 )
@@ -83,7 +84,7 @@ func (c *LoadtestCommand) Initialize(app *kingpin.Application, config *servicecf
 
 	c.auditEvents = loadtest.Command("export-audit-events", "Bulk export audit events").Hidden()
 	c.auditEvents.Flag("date", "Date to dump events for").StringVar(&c.date)
-	c.auditEvents.Flag("cursor", "Cursor to start from").StringVar(&c.cursor)
+	c.auditEvents.Flag("cursor", "Specify an optional cursor directory").StringVar(&c.cursor)
 }
 
 // TryRun takes the CLI command as an argument (like "loadtest node-heartbeats") and executes it.
@@ -303,6 +304,9 @@ func printEvent(ekind string, rsc types.Resource) {
 }
 
 func (c *LoadtestCommand) AuditEvents(ctx context.Context, client *authclient.Client) error {
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
 	date := time.Now()
 	if c.date != "" {
 		var err error
@@ -315,6 +319,8 @@ func (c *LoadtestCommand) AuditEvents(ctx context.Context, client *authclient.Cl
 	outch := make(chan *auditlogpb.ExportEventUnstructured, 1024)
 	defer close(outch)
 
+	var eventsProcessed atomic.Uint64
+
 	go func() {
 		for event := range outch {
 			s, err := utils.FastMarshal(event.Event.Unstructured)
@@ -322,96 +328,77 @@ func (c *LoadtestCommand) AuditEvents(ctx context.Context, client *authclient.Cl
 				panic(err)
 			}
 			fmt.Println(string(s))
+			eventsProcessed.Add(1)
 		}
 	}()
 
-	chunksProcessed := make(map[string]struct{})
+	exportFn := func(ctx context.Context, event *auditlogpb.ExportEventUnstructured) error {
+		select {
+		case outch <- event:
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+		return nil
+	}
 
-Outer:
-	for {
-		chunks := client.GetEventExportChunks(ctx, &auditlogpb.GetEventExportChunksRequest{
-			Date: timestamppb.New(date),
+	var cursor *export.Cursor
+	if c.cursor != "" {
+		var err error
+		cursor, err = export.NewCursor(export.CursorConfig{
+			Dir: c.cursor,
 		})
+		if err != nil {
+			return trace.Wrap(err)
+		}
+	}
 
-	Chunks:
-		for chunks.Next() {
-			if _, ok := chunksProcessed[chunks.Item().Chunk]; ok {
-				log.WithFields(log.Fields{
-					"date":  date.Format(time.DateOnly),
-					"chunk": chunks.Item().Chunk,
-				}).Info("skipping already processed chunk")
-				continue Chunks
-			}
-
-			var cursor string
-		ProcessChunk:
-			for {
-
-				eventStream := client.ExportUnstructuredEvents(ctx, &auditlogpb.ExportUnstructuredEventsRequest{
-					Date:   timestamppb.New(date),
-					Chunk:  chunks.Item().Chunk,
-					Cursor: cursor,
-				})
+	var state export.ExporterState
+	if cursor != nil {
+		state = cursor.GetState()
+	}
 
-			Events:
-				for eventStream.Next() {
-					cursor = eventStream.Item().Cursor
-					select {
-					case outch <- eventStream.Item():
-						continue Events
-					default:
-						log.Warn("backpressure in event stream")
-					}
+	exporter, err := export.NewExporter(export.ExporterConfig{
+		Client:        client,
+		StartDate:     date,
+		PreviousState: state,
+		Export:        exportFn,
+		Concurrency:   3,
+		BacklogSize:   1,
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	defer exporter.Close()
 
-					select {
-					case outch <- eventStream.Item():
-					case <-ctx.Done():
-						return nil
-					}
-				}
+	if cursor != nil {
+		go func() {
+			syncTicker := time.NewTicker(time.Millisecond * 666)
+			defer syncTicker.Stop()
 
-				if err := eventStream.Done(); err != nil {
-					log.WithFields(log.Fields{
-						"date":  date.Format(time.DateOnly),
-						"chunk": chunks.Item().Chunk,
-						"error": err,
-					}).Error("event stream failed, will attempt to reestablish")
-					continue ProcessChunk
+			for {
+				select {
+				case <-ctx.Done():
+					return
+				case <-syncTicker.C:
+					cursor.Sync(exporter.GetState())
 				}
-
-				chunksProcessed[chunks.Item().Chunk] = struct{}{}
-				break ProcessChunk
 			}
-		}
+		}()
+	}
 
-		if err := chunks.Done(); err != nil {
-			log.WithFields(log.Fields{
-				"date":  date.Format(time.DateOnly),
-				"error": err,
-			}).Error("event chunk stream failed, will attempt to reestablish")
-			continue Outer
-		}
+	logTicker := time.NewTicker(time.Minute)
 
-		nextDate := date.AddDate(0, 0, 1)
-		if nextDate.After(time.Now()) {
-			delay := utils.SeventhJitter(time.Second * 7)
-			log.WithFields(log.Fields{
-				"date":  date.Format(time.DateOnly),
-				"delay": delay,
-			}).Info("finished processing known event chunks for current date, will re-poll after delay")
-			select {
-			case <-time.After(delay):
-			case <-ctx.Done():
-				return nil
-			}
-			continue Outer
+	var prevEventsProcessed uint64
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-logTicker.C:
+			processed := eventsProcessed.Load()
+			slog.InfoContext(ctx, "event processing", "total", processed, "per_minute", processed-prevEventsProcessed)
+			prevEventsProcessed = processed
+		case <-exporter.Done():
+			return trace.Errorf("exporter exited unexpected with state: %+v", exporter.GetState())
 		}
-
-		log.WithFields(log.Fields{
-			"date": date.Format(time.DateOnly),
-			"next": nextDate.Format(time.DateOnly),
-		}).Info("finished processing known event chunks for historical date, moving to next")
-		date = nextDate
-		clear(chunksProcessed)
 	}
 }

From 3d83c1f17698c91f95ee9851cd1262370e2528aa Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Tue, 15 Oct 2024 14:58:44 -0400
Subject: [PATCH 08/53] [v14] docs: update database faq (#47591)

* docs: update database faq

* docs: verbiage update on db faq

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>

---------

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---
 .../pages/enroll-resources/database-access/faq.mdx | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/docs/pages/enroll-resources/database-access/faq.mdx b/docs/pages/enroll-resources/database-access/faq.mdx
index 762048a8e8507..59ab92704e03f 100644
--- a/docs/pages/enroll-resources/database-access/faq.mdx
+++ b/docs/pages/enroll-resources/database-access/faq.mdx
@@ -16,6 +16,7 @@ The Teleport Database Service currently supports the following protocols:
 - MongoDB
 - MySQL
 - Oracle
+- OpenSearch
 - PostgreSQL
 - Redis
 - Snowflake
@@ -58,17 +59,14 @@ This is useful when the Teleport Web UI is running behind an L7 load balancer
 (e.g. ALB in AWS), in which case the PostgreSQL/MySQL proxy needs to be exposed
 on a plain TCP load balancer (e.g. NLB in AWS).
 
+Using [TLS routing](../../reference/architecture/tls-routing.mdx) for the Teleport Proxy Service allows for all 
+database connections with the web public address.
+
 </TabItem>
 <TabItem scope={["cloud","team"]} label="Cloud-Hosted">
 
-In Teleport Enterprise Cloud, the Proxy Service uses the following ports for
-Database Service client traffic:
-
-|Configuration setting|Port|
-|---|---|
-|`mysql_public_addr`|`3036`|
-|`postgres_public_addr`|`443`|
-|`mongo_public_addr`|`443`|
+In Teleport Enterprise (Cloud), database connections use the web public address
+since [TLS routing](../../reference/architecture/tls-routing.mdx) is applied.
 
 </TabItem>
 </Tabs>

From cbaab9d66c6bb7d74d4479f81dd8c46a95511afc Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Tue, 15 Oct 2024 15:10:49 -0400
Subject: [PATCH 09/53] Add `tctl request create` to the reference (#47407)

---
 docs/pages/reference/cli/tctl.mdx | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/docs/pages/reference/cli/tctl.mdx b/docs/pages/reference/cli/tctl.mdx
index 1f06ae3064fe9..b18943770aa97 100644
--- a/docs/pages/reference/cli/tctl.mdx
+++ b/docs/pages/reference/cli/tctl.mdx
@@ -825,6 +825,45 @@ $ tctl request approve [token]
 $ tctl request approve request-id-1, request-id-2
 ```
 
+## tctl request create
+
+Create a pending Access Request.
+
+```code
+$ tctl request create <username>
+```
+
+### Arguments
+
+- `<username>` - Name of target user (required).
+
+### Flags
+
+| Name | Default Value(s) | Allowed Value(s) | Description |
+| - | - | - | - |
+|`roles`|none|Comma-separated list of strings|Roles to be requested|
+|`resource`|none|Comma-separated list of strings|Resource IDs to be requested|
+|`reason`|none|String|Optional reason message|
+|`dry-run`|none|Boolean|Don't actually generate the Access Request|
+
+Use the `dry-run` flag if you want to validate whether Teleport can create an
+Access Request for the user in the `username` argument, given the user's static
+roles.
+
+### Global flags
+
+These flags are available for all commands `--debug, --config`. Run
+`tctl help <subcommand>` or see the [Global Flags section](#tctl-global-flags).
+
+### Examples
+
+Create an Access Request for user `myuser` for the `prod` role, providing a
+reason:
+
+```code
+$ tctl request create myuser --roles=prod --reason="Fix an outage"
+```
+
 ## tctl request deny
 
 Denies a user's request:

From 6ab05bb500d1b9f1bef8b240b864cdda500f9306 Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Tue, 15 Oct 2024 15:29:33 -0400
Subject: [PATCH 10/53] [v14] Add a guide to metrics for monitoring Teleport
 (#47411)

* Add a guide to metrics for monitoring Teleport

Closes #40664

This change turns the Metrics guide in `admin-guides` into a conceptual
guide to the most important metrics for monitoring a Teleport cluster.

Since Agent metrics have inconsistent comprehensiveness across Teleport
services--and to reduce the scope of this change--this guide focuses on
self-hosted clusters.

To make this a conceptual guide instead of a reference, this change
removes the reference table from the `admin-guides` metrics page. There
is already a table in the dedicated metrics reference guide.

Note that, while the new metrics guide is specific to self-hosted
clusters, this change does not move the guide to the subsection of Admin
Guides related to self-hosting Teleport. Doing this would mean having
one subsection of Admin Guides for diagnostics-related guides and one
subsection for self-hosted-specific diagnostics, which is potentially
confusing. We may also want to add Agent-specific metrics eventually.

Finally, this change does not include alert thresholds for the metrics
it describes. We can define these in a subsequent change.

* Respond to evanfreed feedback

- Describe `backend_write_requests_failed_precondition_total`
- Include the precondition metric in the write availability formula.
- Turn the `registered_servers` discussion into a discussion of Teleport
  instance version, since it's not possible to group this metric by
  service and subtract the count of Auth Service/Proxy Service instances
  from the count of all registered services.
---
 .../management/diagnostics/metrics.mdx        | 199 +++++++++++++++++-
 1 file changed, 189 insertions(+), 10 deletions(-)

diff --git a/docs/pages/admin-guides/management/diagnostics/metrics.mdx b/docs/pages/admin-guides/management/diagnostics/metrics.mdx
index bbea5111e27bd..3888390bcd795 100644
--- a/docs/pages/admin-guides/management/diagnostics/metrics.mdx
+++ b/docs/pages/admin-guides/management/diagnostics/metrics.mdx
@@ -1,11 +1,20 @@
 ---
-title: Metrics
-description: How to enable and consume metrics
+title: Key Metrics for Self-Hosted Clusters
+description: Describes important metrics to monitor if you are self-hosting Teleport.
+tocDepth: 3
 ---
 
-Teleport exposes metrics for all of its components, helping you get insight
-into the state of your cluster. This guide explains the metrics that you can
-collect from your Teleport cluster.
+This guide explains the metrics you should use to get started monitoring your
+self-hosted Teleport cluster, focusing on metrics reported by the Auth Service
+and Proxy Service. If you use Teleport Enterprise (Cloud), the Teleport team
+monitors and responds to these metrics for you.
+
+For a reference of all available metrics, see the [Teleport Metrics
+Reference](../../../reference/monitoring/metrics.mdx).
+
+This guide assumes that you already monitor compute resources on all instances
+that run the Teleport Auth Service and Proxy Service (e.g., CPU, memory, disk,
+bandwidth, and open file descriptors).
 
 ## Enabling metrics
 
@@ -14,12 +23,182 @@ collect from your Teleport cluster.
 This will enable the `http://127.0.0.1:3000/metrics` endpoint, which serves the
 metrics that Teleport tracks. It is compatible with [Prometheus](https://prometheus.io/) collectors.
 
-The following metrics are available:
+## Backend operations
+
+A Teleport cluster cannot function if the Auth Service does not have a healthy
+cluster state backend. You need to track the ability of the Auth Service to read
+from and write to its backend. 
+
+The Auth Service can connect to [several possible
+backends](../../../reference/backends.mdx). In addition to Teleport backend
+metrics, you should set up monitoring for your backend of choice so that, if
+these metrics show problematic values, you can correlate them with metrics on
+your backend infrastructure.
+
+### Backend operation throughput and availability
+
+On each backend operation, the Auth Service increments a metric. Backend
+operation metrics have the following format:
+
+```text
+teleport_backend_<METRIC_NAME>[_failed]_total
+```
+
+If an operation results in an error, the Auth Service adds the `_failed` segment
+to the metric name. For example, successfully creating a record increments the
+`teleport_backend_write_requests_total` metric. If the create operation fails,
+the Auth Service increments `teleport_backend_write_requests_failed_total`
+instead.
+
+The following backend operation metrics are available:
+
+|Operation|Incremented metric name|
+|---|---|
+|Create an item|`write_requests`|
+|Modify an item, creating it if it does not exist|`write_requests`|
+|Update an item|`write_requests`|
+|Conditionally update an item if versions match|`write_requests`|
+|List a range of items|`batch_read_requests`|
+|Get a single item|`read_requests`|
+|Compare and swap items|`write_requests`|
+|Delete an item|`write_requests`|
+|Conditionally delete an item if versions match|`write_requests`|
+|Write a batch of updates atomically, failing the write if any update fails|Both `write_requests` and `atomic_write_requests`|
+|Delete a range of items|`batch_write_requests`|
+|Update the keepalive status of an item|`write_requests`|
+
+During failed backend writes, a Teleport process also increments the
+`backend_write_requests_failed_precondition_total` metric if the cause of the
+failure is expected. For example, the metric increments during a create
+operation if a record already exists, during an update or delete operation if
+the record is not found, and during an atomic write if the resource was modified
+concurrently. All of these conditions can hold in a well-functioning Teleport
+cluster. 
+
+`backend_write_requests_failed_precondition_total`  increments whenever
+`backend_write_requests_failed_total` increments, and you can use it to
+distinguish potentially expected write failures from unexpected, problematic
+ones.
+
+You can use backend operation metrics to define an availability formula, i.e.,
+the percentage of reads or writes that succeeded. For example, in Prometheus,
+you can define a query similar to the following. This takes the percentage of
+write requests that failed for unexpected reasons and subtracts it from 1 to get
+a percentage of successful writes:
+
+```
+1- (sum(rate(backend_write_requests_failed_total -sum(rate(teleport_backend_write_requests_failed_precondition_total)) / sum(rate(backend_write_requests_total))
+```
+
+If your backend begins to appear unavailable, you can investigate your backend
+infrastructure.
+
+### Backend operation performance
+
+To help you track backend operation performance, the Auth Service also exposes
+Prometheus [histogram metrics](https://prometheus.io/docs/practices/histograms/)
+for read and write operations:
+
+- `teleport_backend_read_seconds_bucket`
+- `teleport_backend_write_seconds_bucket`
+- `teleport_backend_batch_write_seconds_bucket`
+- `teleport_backend_batch_read_seconds_bucket`
+- `teleport_backend_atomic_write_seconds_bucket`
+
+The backend throughput metrics discussed in the previous section map on to
+latency metrics. Whenever the Auth Service increments one of the throughput
+metrics, it reports one of the corresponding latency metrics. See the table
+below for which throughput metrics map to which latency metrics. Each metric
+name excludes the standard prefixes and suffixes.
+
+|Throughput|Latency|
+|---|---|
+|`read_requests`|`read_seconds_bucket`|
+|`read_requests`|`write_seconds_bucket`|
+|`batch_read_requests`|`batch_write_seconds_bucket`|
+|`batch_write_requests`|`batch_read_seconds_bucket`|
+|`atomic_write_requests`|`atomic_write_seconds_bucket`|
+
+## Agents and connected resources
+
+To enable users to access most infrastructure with Teleport, you must join a
+[Teleport Agent](../../../enroll-resources/agents/agents.mdx) to your Teleport
+cluster and configure it to proxy your infrastructure. In a typical setup, an
+Agent establishes an SSH reverse tunnel with the Proxy Service. User traffic to
+Teleport-protected resources flows through the Proxy Service, an Agent, and
+finally the infrastructure resource the Agent proxies. Return traffic from the
+resource takes this path in reverse.
+
+### Number of connected resources by type
+
+Teleport-connected resources periodically send heartbeat (keepalive) messages to
+the Auth Service. The Auth Service uses these heartbeats to track the number of
+Teleport-protected resources by type with the `teleport_connected_resources`
+metric. 
+
+The Auth Service tracks this metric for the following resources:
+
+- SSH servers
+- Kubernetes clusters
+- Applications
+- Databases
+- Teleport Database Service instances
+- Windows desktops
+
+You can use this metric to:
+- Compare the number of resources that are protected by Teleport with those that
+  are not so you can plan your Teleport rollout.
+- Correlate changes in Teleport usage with resource utilization on Auth Service
+  and Proxy Service compute instances to determine scaling needs.
+
+You can include this query in your Grafana configuration to break this metric
+down by resource type:
+
+```text
+sum(teleport_connected_resources) by (type)
+```
+
+### Reverse tunnels by type
+
+Every Teleport service that starts up establishes an SSH reverse tunnel to the
+Proxy Service. (Self-hosted clusters can configure Agent services to connect to
+the Auth Service directly without establishing a reverse tunnel.) The Proxy
+Service tracks the number of reverse tunnels using the metric,
+`teleport_reverse_tunnels_connected`.
+
+With an improperly scaled Proxy Service pool, the Proxy Service can become a
+bottleneck for traffic to Teleport-protected resources. If Proxy Service
+instances display heavy utilization of compute resources while the number of
+connected infrastructure resources is high, you can consider scaling out your
+Proxy Service pool and using [Proxy Peering](../operations/proxy-peering.mdx).
+
+Use the following Grafana query to track the maximum number of reverse tunnels
+by type over a given interval:
+
+```text
+max(teleport_reverse_tunnels_connected) by (type))
+```
+
+## Teleport instance versions
+
+At regular intervals (around 7 seconds with jitter), the Auth Service refreshes
+its count of registered Teleport instances, including Agents and Teleport
+processes that run the Auth Service and Proxy Service. You can measure this
+count with the metric, `teleport_registered_servers`. To get the number of
+registered instances by version, you can use this query in Grafana:
 
-<Notice scope={["cloud"]} type="tip">
+```text
+sum by (version)(teleport_registered_servers)
+```
 
-    Teleport Cloud does not expose monitoring endpoints for the Auth Service and Proxy Service.
+You can use this metric to tell how many of your registered Teleport instances
+are behind the version of the Auth Service and Proxy Service, which can help you
+identify any that are at risk of violating the Teleport [version compatibility
+guarantees](../../../upgrading/overview.mdx). 
 
-</Notice>
+We strongly encourage self-hosted Teleport users to enroll their Agents in
+automatic updates. You can track the count of Teleport Agents that are not
+enrolled in automatic updates using the metric, `teleport_enrolled_in_upgrades`.
+[Read the documentation](../../../upgrading.mdx) for how to enroll Agents in
+automatic updates.
 
-(!docs/pages/includes/metrics.mdx!)
\ No newline at end of file

From 9179d2e8313832679255b164787683323778e039 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Tue, 15 Oct 2024 20:47:29 +0000
Subject: [PATCH 11/53] Prep for upcoming backend.Key type change (#46675)
 (#47483)

Adds a (Key) IsZero method to determine if a key is populated. Some
Backend implementations today validate keys before operations via
a `len(key) == 0` check, however, that will no longer work once the
key is migrated.

Starts migrating the backend.LockConfiguration away from prepopulating
the lock name to passing in a list of components. There were a few
locks constructing a portion of the name manually, which will not
work when the key type is changed.
---
 lib/auth/init.go                              |  6 +--
 lib/backend/key.go                            |  5 ++
 lib/backend/key_test.go                       |  7 +++
 lib/backend/lock.go                           | 19 +++++--
 lib/backend/lock_test.go                      | 51 ++++++++++---------
 lib/backend/test/suite.go                     | 14 ++---
 lib/events/athena/consumer.go                 |  4 +-
 lib/services/local/access.go                  |  6 +--
 lib/services/local/access_list.go             |  9 ++--
 lib/services/local/externalauditstorage.go    | 18 +++----
 lib/services/local/generic/generic.go         | 10 ++--
 lib/services/local/generic/generic_test.go    |  2 +-
 lib/services/local/integrations.go            |  6 +--
 .../local/saml_idp_service_provider.go        |  4 +-
 14 files changed, 92 insertions(+), 69 deletions(-)

diff --git a/lib/auth/init.go b/lib/auth/init.go
index 491a3629f3793..737f1566ac416 100644
--- a/lib/auth/init.go
+++ b/lib/auth/init.go
@@ -311,9 +311,9 @@ func Init(ctx context.Context, cfg InitConfig, opts ...ServerOption) (*Server, e
 	if err := backend.RunWhileLocked(ctx,
 		backend.RunWhileLockedConfig{
 			LockConfiguration: backend.LockConfiguration{
-				Backend:  cfg.Backend,
-				LockName: domainName,
-				TTL:      30 * time.Second,
+				Backend:            cfg.Backend,
+				LockNameComponents: []string{domainName},
+				TTL:                30 * time.Second,
 			},
 			RefreshLockInterval: 20 * time.Second,
 		}, func(ctx context.Context) error {
diff --git a/lib/backend/key.go b/lib/backend/key.go
index 4c7f25c604edc..1dcb213d5c93e 100644
--- a/lib/backend/key.go
+++ b/lib/backend/key.go
@@ -52,6 +52,11 @@ func (k Key) String() string {
 	return string(k)
 }
 
+// IsZero reports whether k represents the zero key.
+func (k Key) IsZero() bool {
+	return len(k) == 0
+}
+
 // HasPrefix reports whether the key begins with prefix.
 func (k Key) HasPrefix(prefix Key) bool {
 	return bytes.HasPrefix(k, prefix)
diff --git a/lib/backend/key_test.go b/lib/backend/key_test.go
index d554fb6922357..894c39f49aff0 100644
--- a/lib/backend/key_test.go
+++ b/lib/backend/key_test.go
@@ -473,3 +473,10 @@ func TestKeyCompare(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyIsZero(t *testing.T) {
+	assert.True(t, backend.Key{}.IsZero())
+	assert.True(t, backend.NewKey().IsZero())
+	assert.False(t, backend.NewKey("a", "b").IsZero())
+	assert.False(t, backend.ExactKey("a", "b").IsZero())
+}
diff --git a/lib/backend/lock.go b/lib/backend/lock.go
index f9eae94437032..220f1f7a315e2 100644
--- a/lib/backend/lock.go
+++ b/lib/backend/lock.go
@@ -50,8 +50,14 @@ func randomID() ([]byte, error) {
 }
 
 type LockConfiguration struct {
-	Backend  Backend
+	// Backend to create the lock in.
+	Backend Backend
+	// LockName the precomputed lock name.
+	// TODO(tross) DELETE WHEN teleport.e is updated to use LockNameComponents.
 	LockName string
+	// LockNameComponents are subcomponents to be used when constructing
+	// the lock name.
+	LockNameComponents []string
 	// TTL defines when lock will be released automatically
 	TTL time.Duration
 	// RetryInterval defines interval which is used to retry locking after
@@ -63,9 +69,14 @@ func (l *LockConfiguration) CheckAndSetDefaults() error {
 	if l.Backend == nil {
 		return trace.BadParameter("missing Backend")
 	}
-	if l.LockName == "" {
-		return trace.BadParameter("missing LockName")
+	if l.LockName == "" && len(l.LockNameComponents) == 0 {
+		return trace.BadParameter("missing LockName/LockNameComponents")
 	}
+
+	if len(l.LockNameComponents) == 0 {
+		l.LockNameComponents = []string{l.LockName}
+	}
+
 	if l.TTL == 0 {
 		return trace.BadParameter("missing TTL")
 	}
@@ -81,7 +92,7 @@ func AcquireLock(ctx context.Context, cfg LockConfiguration) (Lock, error) {
 	if err != nil {
 		return Lock{}, trace.Wrap(err)
 	}
-	key := lockKey(cfg.LockName)
+	key := lockKey(cfg.LockNameComponents...)
 	id, err := randomID()
 	if err != nil {
 		return Lock{}, trace.Wrap(err)
diff --git a/lib/backend/lock_test.go b/lib/backend/lock_test.go
index 822ede66236f0..a9c807a2ec0fd 100644
--- a/lib/backend/lock_test.go
+++ b/lib/backend/lock_test.go
@@ -51,30 +51,30 @@ func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 		{
 			name: "minimum valid",
 			in: LockConfiguration{
-				Backend:  mockBackend{},
-				LockName: "lock",
-				TTL:      30 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
 			},
 			want: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 250 * time.Millisecond,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      250 * time.Millisecond,
 			},
 		},
 		{
 			name: "set RetryAcquireLockTimeout",
 			in: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 10 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      10 * time.Second,
 			},
 			want: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 10 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      10 * time.Second,
 			},
 		},
 		{
@@ -95,9 +95,9 @@ func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 		{
 			name: "missing TTL",
 			in: LockConfiguration{
-				Backend:  mockBackend{},
-				LockName: "lock",
-				TTL:      0,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                0,
 			},
 			wantErr: "missing TTL",
 		},
@@ -124,9 +124,9 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 	ttl := 1 * time.Minute
 	minimumValidConfig := RunWhileLockedConfig{
 		LockConfiguration: LockConfiguration{
-			Backend:  mockBackend{},
-			LockName: lockName,
-			TTL:      ttl,
+			Backend:            mockBackend{},
+			LockNameComponents: []string{lockName},
+			TTL:                ttl,
 		},
 	}
 	tests := []struct {
@@ -142,10 +142,10 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 			},
 			want: RunWhileLockedConfig{
 				LockConfiguration: LockConfiguration{
-					Backend:       mockBackend{},
-					LockName:      lockName,
-					TTL:           ttl,
-					RetryInterval: 250 * time.Millisecond,
+					Backend:            mockBackend{},
+					LockNameComponents: []string{lockName},
+					TTL:                ttl,
+					RetryInterval:      250 * time.Millisecond,
 				},
 				ReleaseCtxTimeout: time.Second,
 				// defaults to halft of TTL.
@@ -157,6 +157,7 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 			input: func() RunWhileLockedConfig {
 				cfg := minimumValidConfig
 				cfg.LockName = ""
+				cfg.LockNameComponents = nil
 				return cfg
 			},
 			wantErr: "missing LockName",
diff --git a/lib/backend/test/suite.go b/lib/backend/test/suite.go
index 950e3a025e738..5597ccd1d051b 100644
--- a/lib/backend/test/suite.go
+++ b/lib/backend/test/suite.go
@@ -833,7 +833,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	defer requireNoAsyncErrors()
 
 	// Given a lock named `tok1` on the backend...
-	lock, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 
 	//  When I asynchronously release the lock...
@@ -848,7 +848,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	}()
 
 	// ...and simultaneously attempt to create a new lock with the same name
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 
 	// expect that the asynchronous Release() has executed - we're using the
 	// change in the value of the marker value as a proxy for the Release().
@@ -860,7 +860,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	require.NoError(t, lock.Release(ctx, uut))
 
 	// Given a lock with the same name as previously-existing, manually-released lock
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 	atomic.StoreInt32(&marker, 7)
 
@@ -875,7 +875,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	}()
 
 	// ...and simultaneously try to acquire another lock with the same name
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 
 	// expect that the asynchronous Release() has executed - we're using the
 	// change in the value of the marker value as a proxy for the call to
@@ -889,9 +889,9 @@ func testLocking(t *testing.T, newBackend Constructor) {
 
 	// Given a pair of locks named `tok1` and `tok2`
 	y := int32(0)
-	lock1, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock1, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
-	lock2, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok2, TTL: ttl})
+	lock2, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok2}, TTL: ttl})
 	require.NoError(t, err)
 
 	//  When I asynchronously release the locks...
@@ -908,7 +908,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 		}
 	}()
 
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 	require.Equal(t, int32(15), atomic.LoadInt32(&y))
 	require.NoError(t, lock.Release(ctx, uut))
diff --git a/lib/events/athena/consumer.go b/lib/events/athena/consumer.go
index 2332667f4b213..df1a27f909a73 100644
--- a/lib/events/athena/consumer.go
+++ b/lib/events/athena/consumer.go
@@ -253,8 +253,8 @@ func (c *consumer) runContinuouslyOnSingleAuth(ctx context.Context, eventsProces
 		default:
 			err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 				LockConfiguration: backend.LockConfiguration{
-					Backend:  c.backend,
-					LockName: "athena_lock",
+					Backend:            c.backend,
+					LockNameComponents: []string{"athena_lock"},
 					// TTL is higher then batchMaxInterval because we want to optimize
 					// for low backend writes.
 					TTL: 5 * c.batchMaxInterval,
diff --git a/lib/services/local/access.go b/lib/services/local/access.go
index d985d81e17af9..2afb234647341 100644
--- a/lib/services/local/access.go
+++ b/lib/services/local/access.go
@@ -327,9 +327,9 @@ func (s *AccessService) DeleteAllLocks(ctx context.Context) error {
 func (s *AccessService) ReplaceRemoteLocks(ctx context.Context, clusterName string, newRemoteLocks []types.Lock) error {
 	return backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.Backend,
-			LockName: "ReplaceRemoteLocks/" + clusterName,
-			TTL:      time.Minute,
+			Backend:            s.Backend,
+			LockNameComponents: []string{"ReplaceRemoteLocks", clusterName},
+			TTL:                time.Minute,
 		},
 	}, func(ctx context.Context) error {
 		remoteLocksKey := backend.ExactKey(locksPrefix, clusterName)
diff --git a/lib/services/local/access_list.go b/lib/services/local/access_list.go
index 5a155327c7611..19e7c76d49343 100644
--- a/lib/services/local/access_list.go
+++ b/lib/services/local/access_list.go
@@ -18,7 +18,6 @@ package local
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
@@ -196,7 +195,7 @@ func (a *AccessListService) runOpWithLock(ctx context.Context, accessList *acces
 
 	var err error
 	if feature := modules.GetModules().Features(); !feature.IGSEnabled() {
-		err = a.service.RunWhileLocked(ctx, "createAccessListLimitLock", accessListLockTTL, func(ctx context.Context, _ backend.Backend) error {
+		err = a.service.RunWhileLocked(ctx, []string{"createAccessListLimitLock"}, accessListLockTTL, func(ctx context.Context, _ backend.Backend) error {
 			if err := a.VerifyAccessListCreateLimit(ctx, accessList.GetName()); err != nil {
 				return trace.Wrap(err)
 			}
@@ -453,7 +452,7 @@ func (a *AccessListService) UpsertAccessListWithMembers(ctx context.Context, acc
 
 	var err error
 	if feature := modules.GetModules().Features(); !feature.IGSEnabled() {
-		err = a.service.RunWhileLocked(ctx, "createAccessListWithMembersLimitLock", accessListLockTTL, func(ctx context.Context, _ backend.Backend) error {
+		err = a.service.RunWhileLocked(ctx, []string{"createAccessListWithMembersLimitLock"}, accessListLockTTL, func(ctx context.Context, _ backend.Backend) error {
 			if err := a.VerifyAccessListCreateLimit(ctx, accessList.GetName()); err != nil {
 				return trace.Wrap(err)
 			}
@@ -638,8 +637,8 @@ func (a *AccessListService) DeleteAllAccessListReviews(ctx context.Context) erro
 	return trace.Wrap(a.reviewService.DeleteAllResources(ctx))
 }
 
-func lockName(accessListName string) string {
-	return strings.Join([]string{"access_list", accessListName}, string(backend.Separator))
+func lockName(accessListName string) []string {
+	return []string{"access_list", accessListName}
 }
 
 // VerifyAccessListCreateLimit ensures creating access list is limited to no more than 1 (updating is allowed).
diff --git a/lib/services/local/externalauditstorage.go b/lib/services/local/externalauditstorage.go
index f42e0ec33fca8..9f6d3bc04921a 100644
--- a/lib/services/local/externalauditstorage.go
+++ b/lib/services/local/externalauditstorage.go
@@ -83,9 +83,9 @@ func (s *ExternalAuditStorageService) CreateDraftExternalAuditStorage(ctx contex
 	var lease *backend.Lease
 	err = backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.backend,
-			LockName: externalAuditStorageLockName,
-			TTL:      externalAuditStorageLockTTL,
+			Backend:            s.backend,
+			LockNameComponents: []string{externalAuditStorageLockName},
+			TTL:                externalAuditStorageLockTTL,
 		},
 	}, func(ctx context.Context) error {
 		// Check that the referenced AWS OIDC integration actually exists.
@@ -122,9 +122,9 @@ func (s *ExternalAuditStorageService) UpsertDraftExternalAuditStorage(ctx contex
 	var lease *backend.Lease
 	err = backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.backend,
-			LockName: externalAuditStorageLockName,
-			TTL:      externalAuditStorageLockTTL,
+			Backend:            s.backend,
+			LockNameComponents: []string{externalAuditStorageLockName},
+			TTL:                externalAuditStorageLockTTL,
 		},
 	}, func(ctx context.Context) error {
 		// Check that the referenced AWS OIDC integration actually exists.
@@ -185,9 +185,9 @@ func (s *ExternalAuditStorageService) GetClusterExternalAuditStorage(ctx context
 func (s *ExternalAuditStorageService) PromoteToClusterExternalAuditStorage(ctx context.Context) error {
 	err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.backend,
-			LockName: externalAuditStorageLockName,
-			TTL:      externalAuditStorageLockTTL,
+			Backend:            s.backend,
+			LockNameComponents: []string{externalAuditStorageLockName},
+			TTL:                externalAuditStorageLockTTL,
 		},
 	}, func(ctx context.Context) error {
 		draft, err := s.GetDraftExternalAuditStorage(ctx)
diff --git a/lib/services/local/generic/generic.go b/lib/services/local/generic/generic.go
index 3682b7946aa20..2f4940fe69e0d 100644
--- a/lib/services/local/generic/generic.go
+++ b/lib/services/local/generic/generic.go
@@ -421,14 +421,14 @@ func (s *Service[T]) MakeKey(name string) backend.Key {
 }
 
 // RunWhileLocked will run the given function in a backend lock. This is a wrapper around the backend.RunWhileLocked function.
-func (s *Service[T]) RunWhileLocked(ctx context.Context, lockName string, ttl time.Duration, fn func(context.Context, backend.Backend) error) error {
+func (s *Service[T]) RunWhileLocked(ctx context.Context, lockNameComponents []string, ttl time.Duration, fn func(context.Context, backend.Backend) error) error {
 	return trace.Wrap(backend.RunWhileLocked(ctx,
 		backend.RunWhileLockedConfig{
 			LockConfiguration: backend.LockConfiguration{
-				Backend:       s.backend,
-				LockName:      lockName,
-				TTL:           ttl,
-				RetryInterval: s.runWhileLockedRetryInterval,
+				Backend:            s.backend,
+				LockNameComponents: lockNameComponents,
+				TTL:                ttl,
+				RetryInterval:      s.runWhileLockedRetryInterval,
 			},
 		}, func(ctx context.Context) error {
 			return fn(ctx, s.backend)
diff --git a/lib/services/local/generic/generic_test.go b/lib/services/local/generic/generic_test.go
index a530dca746616..2b6d267db212f 100644
--- a/lib/services/local/generic/generic_test.go
+++ b/lib/services/local/generic/generic_test.go
@@ -256,7 +256,7 @@ func TestGenericCRUD(t *testing.T) {
 	require.ErrorIs(t, err, trace.NotFound(`generic resource "doesnotexist" doesn't exist`))
 
 	// Test running while locked.
-	err = service.RunWhileLocked(ctx, "test-lock", time.Second*5, func(ctx context.Context, backend backend.Backend) error {
+	err = service.RunWhileLocked(ctx, []string{"test-lock"}, time.Second*5, func(ctx context.Context, backend backend.Backend) error {
 		item, err := backend.Get(ctx, service.MakeKey(r1.GetName()))
 		require.NoError(t, err)
 
diff --git a/lib/services/local/integrations.go b/lib/services/local/integrations.go
index 5d8f340b9bde5..9eb7c9099c098 100644
--- a/lib/services/local/integrations.go
+++ b/lib/services/local/integrations.go
@@ -124,9 +124,9 @@ func (s *IntegrationsService) DeleteIntegration(ctx context.Context, name string
 	// so that no new EAS integrations can be concurrently created.
 	err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.backend,
-			LockName: externalAuditStorageLockName,
-			TTL:      externalAuditStorageLockTTL,
+			Backend:            s.backend,
+			LockNameComponents: []string{externalAuditStorageLockName},
+			TTL:                externalAuditStorageLockTTL,
 		},
 	}, func(ctx context.Context) error {
 		if err := notReferencedByEAS(ctx, s.backend, name); err != nil {
diff --git a/lib/services/local/saml_idp_service_provider.go b/lib/services/local/saml_idp_service_provider.go
index adeb0f9cecb1e..0c7f624d9e601 100644
--- a/lib/services/local/saml_idp_service_provider.go
+++ b/lib/services/local/saml_idp_service_provider.go
@@ -143,7 +143,7 @@ func (s *SAMLIdPServiceProviderService) CreateSAMLIdPServiceProvider(ctx context
 		return trace.Wrap(err)
 	}
 
-	return trace.Wrap(s.svc.RunWhileLocked(ctx, samlIDPServiceProviderModifyLock, samlIDPServiceProviderModifyLockTTL,
+	return trace.Wrap(s.svc.RunWhileLocked(ctx, []string{samlIDPServiceProviderModifyLock}, samlIDPServiceProviderModifyLockTTL,
 		func(ctx context.Context, backend backend.Backend) error {
 			if err := s.ensureEntityIDIsUnique(ctx, sp); err != nil {
 				return trace.Wrap(err)
@@ -181,7 +181,7 @@ func (s *SAMLIdPServiceProviderService) UpdateSAMLIdPServiceProvider(ctx context
 		return trace.Wrap(err)
 	}
 
-	return trace.Wrap(s.svc.RunWhileLocked(ctx, samlIDPServiceProviderModifyLock, samlIDPServiceProviderModifyLockTTL,
+	return trace.Wrap(s.svc.RunWhileLocked(ctx, []string{samlIDPServiceProviderModifyLock}, samlIDPServiceProviderModifyLockTTL,
 		func(ctx context.Context, backend backend.Backend) error {
 			if err := s.ensureEntityIDIsUnique(ctx, sp); err != nil {
 				return trace.Wrap(err)

From 9de80bd654204ffa42d6c9235c96799070d13f52 Mon Sep 17 00:00:00 2001
From: Leszek Charkiewicz <lcharkiewicz@users.noreply.github.com>
Date: Wed, 16 Oct 2024 15:24:54 +0200
Subject: [PATCH 12/53] [v14] Add support for custom SQS consumer lock and
 disabling consumer (#47612)

* Add support for custom SQS consumer lock and disabling consumer

* Update lib/events/athena/athena.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Use LockNameComponents for constructing a lock name

* Add a test for disabled consumer

* Fix URI in disabled consumer test

* Address feedback about ConsumerLockName being a single string

* Update lib/events/athena/athena.go

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>

* Make linter happy

---------

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
---
 lib/events/athena/athena.go      | 45 ++++++++++++++++++++++++--------
 lib/events/athena/athena_test.go |  6 ++++-
 lib/events/athena/consumer.go    |  8 +++++-
 lib/service/service_test.go      | 10 +++++++
 4 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/lib/events/athena/athena.go b/lib/events/athena/athena.go
index 493cc09d9063e..5b6a30f6bab72 100644
--- a/lib/events/athena/athena.go
+++ b/lib/events/athena/athena.go
@@ -122,6 +122,12 @@ type Config struct {
 	BatchMaxItems int
 	// BatchMaxInterval defined interval at which parquet files will be created (optional).
 	BatchMaxInterval time.Duration
+	// ConsumerLockName defines a name of a SQS consumer lock (optional).
+	// If provided, it will be prefixed with "athena/" to avoid accidental
+	// collision with existing locks.
+	ConsumerLockName string
+	// ConsumerDisabled defines if SQS consumer should be disabled (optional).
+	ConsumerDisabled bool
 
 	// Clock is a clock interface, used in tests.
 	Clock clockwork.Clock
@@ -414,6 +420,16 @@ func (cfg *Config) SetFromURL(url *url.URL) error {
 		}
 		cfg.BatchMaxInterval = dur
 	}
+	if consumerLockName := url.Query().Get("consumerLockName"); consumerLockName != "" {
+		cfg.ConsumerLockName = consumerLockName
+	}
+	if val := url.Query().Get("consumerDisabled"); val != "" {
+		boolVal, err := strconv.ParseBool(val)
+		if err != nil {
+			return trace.BadParameter("invalid consumerDisabled value: %v", err)
+		}
+		cfg.ConsumerDisabled = boolVal
+	}
 
 	return nil
 }
@@ -481,20 +497,23 @@ func New(ctx context.Context, cfg Config) (*Log, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	consumerCtx, consumerCancel := context.WithCancel(ctx)
-
-	consumer, err := newConsumer(cfg, consumerCancel)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
 	l := &Log{
-		publisher:      newPublisherFromAthenaConfig(cfg),
-		querier:        querier,
-		consumerCloser: consumer,
+		publisher: newPublisherFromAthenaConfig(cfg),
+		querier:   querier,
 	}
 
-	go consumer.run(consumerCtx)
+	if !cfg.ConsumerDisabled {
+		consumerCtx, consumerCancel := context.WithCancel(ctx)
+
+		consumer, err := newConsumer(cfg, consumerCancel)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+
+		l.consumerCloser = consumer
+
+		go consumer.run(consumerCtx)
+	}
 
 	return l, nil
 }
@@ -524,6 +543,10 @@ func (l *Log) Close() error {
 	return trace.Wrap(l.consumerCloser.Close())
 }
 
+func (l *Log) IsConsumerDisabled() bool {
+	return l.consumerCloser == nil
+}
+
 var isAlphanumericOrUnderscoreRe = regexp.MustCompile("^[a-zA-Z0-9_]+$")
 
 func isAlphanumericOrUnderscore(s string) bool {
diff --git a/lib/events/athena/athena_test.go b/lib/events/athena/athena_test.go
index fb908c5aeb3de..baa4430db6a0d 100644
--- a/lib/events/athena/athena_test.go
+++ b/lib/events/athena/athena_test.go
@@ -89,13 +89,15 @@ func TestConfig_SetFromURL(t *testing.T) {
 		},
 		{
 			name: "params to batcher",
-			url:  "athena://db.tbl/?queueURL=https://queueURL&batchMaxItems=1000&batchMaxInterval=10s",
+			url:  "athena://db.tbl/?queueURL=https://queueURL&batchMaxItems=1000&batchMaxInterval=10s&consumerLockName=mylock&consumerDisabled=true",
 			want: Config{
 				TableName:        "tbl",
 				Database:         "db",
 				QueueURL:         "https://queueURL",
 				BatchMaxItems:    1000,
 				BatchMaxInterval: 10 * time.Second,
+				ConsumerLockName: "mylock",
+				ConsumerDisabled: true,
 			},
 		},
 		{
@@ -183,6 +185,7 @@ func TestConfig_CheckAndSetDefaults(t *testing.T) {
 				GetQueryResultsInterval:    100 * time.Millisecond,
 				BatchMaxItems:              20000,
 				BatchMaxInterval:           1 * time.Minute,
+				ConsumerLockName:           "",
 				PublisherConsumerAWSConfig: dummyAWSCfg,
 				StorerQuerierAWSConfig:     dummyAWSCfg,
 				Backend:                    mockBackend{},
@@ -208,6 +211,7 @@ func TestConfig_CheckAndSetDefaults(t *testing.T) {
 				GetQueryResultsInterval:    100 * time.Millisecond,
 				BatchMaxItems:              20000,
 				BatchMaxInterval:           1 * time.Minute,
+				ConsumerLockName:           "",
 				PublisherConsumerAWSConfig: dummyAWSCfg,
 				StorerQuerierAWSConfig:     dummyAWSCfg,
 				Backend:                    mockBackend{},
diff --git a/lib/events/athena/consumer.go b/lib/events/athena/consumer.go
index df1a27f909a73..2b0417ec07a44 100644
--- a/lib/events/athena/consumer.go
+++ b/lib/events/athena/consumer.go
@@ -75,6 +75,7 @@ type consumer struct {
 	storeLocationBucket string
 	batchMaxItems       int
 	batchMaxInterval    time.Duration
+	consumerLockName    string
 
 	// perDateFileParquetWriter returns file writer per date.
 	// Added in config to allow testing.
@@ -153,6 +154,7 @@ func newConsumer(cfg Config, cancelFn context.CancelFunc) (*consumer, error) {
 		storeLocationBucket: cfg.locationS3Bucket,
 		batchMaxItems:       cfg.BatchMaxItems,
 		batchMaxInterval:    cfg.BatchMaxInterval,
+		consumerLockName:    cfg.ConsumerLockName,
 		collectConfig:       collectCfg,
 		sqsDeleter:          sqsClient,
 		queueURL:            cfg.QueueURL,
@@ -251,10 +253,14 @@ func (c *consumer) runContinuouslyOnSingleAuth(ctx context.Context, eventsProces
 		case <-ctx.Done():
 			return
 		default:
+			lockName := []string{"athena", c.consumerLockName}
+			if c.consumerLockName == "" {
+				lockName = []string{"athena_lock"}
+			}
 			err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 				LockConfiguration: backend.LockConfiguration{
 					Backend:            c.backend,
-					LockNameComponents: []string{"athena_lock"},
+					LockNameComponents: lockName,
 					// TTL is higher then batchMaxInterval because we want to optimize
 					// for low backend writes.
 					TTL: 5 * c.batchMaxInterval,
diff --git a/lib/service/service_test.go b/lib/service/service_test.go
index 9162d5b46c686..a735e325d1e9a 100644
--- a/lib/service/service_test.go
+++ b/lib/service/service_test.go
@@ -530,6 +530,16 @@ func TestAthenaAuditLogSetup(t *testing.T) {
 				require.True(t, ok, "invalid logger type, got %T", v)
 			},
 		},
+		{
+			name:          "valid athena config with disabled consumer",
+			uris:          []string{sampleAthenaURI + "&consumerDisabled=true"},
+			externalAudit: externalAuditStorageDisabled,
+			wantFn: func(t *testing.T, alog events.AuditLogger) {
+				v, ok := alog.(*athena.Log)
+				require.True(t, ok, "invalid logger type, got %T", v)
+				require.True(t, v.IsConsumerDisabled(), "consumer is not disabled")
+			},
+		},
 		{
 			name:          "config with rate limit - should use events.SearchEventsLimiter",
 			uris:          []string{sampleAthenaURI + "&limiterRefillAmount=3&limiterBurst=2"},

From 1f17c4872439785da273d0e9a3ebdb00e5798f36 Mon Sep 17 00:00:00 2001
From: Grzegorz Zdunek <gzdunek@users.noreply.github.com>
Date: Wed, 16 Oct 2024 15:59:34 +0200
Subject: [PATCH 13/53] Load appropriate TLS config for clusters (#40293)
 (#47625)

Updates the proxy.Client to allow loading specific tls.Config for
individual clusters. This prevents issues when trying to access
leaf resources via the root cluster if WithAllCAs is not set.

(cherry picked from commit ad26913c71710fa3fd1ac2b53360936ce08986c6)

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
---
 api/client/proxy/client.go      | 62 +++++++++++++++++++++------------
 api/client/proxy/client_test.go |  4 ++-
 integration/integration_test.go |  3 +-
 lib/client/api.go               | 31 +++++++++++------
 lib/client/cluster_client.go    | 13 +++++--
 5 files changed, 77 insertions(+), 36 deletions(-)

diff --git a/api/client/proxy/client.go b/api/client/proxy/client.go
index 179c7ad0383fd..f8237c0f0c3aa 100644
--- a/api/client/proxy/client.go
+++ b/api/client/proxy/client.go
@@ -48,8 +48,8 @@ type ClientConfig struct {
 	ProxyAddress string
 	// TLSRoutingEnabled indicates if the cluster is using TLS Routing.
 	TLSRoutingEnabled bool
-	// TLSConfig contains the tls.Config required for mTLS connections.
-	TLSConfig *tls.Config
+	// TLSConfigFunc produces the [tls.Config] required for mTLS connections to a specific cluster.
+	TLSConfigFunc func(cluster string) (*tls.Config, error)
 	// UnaryInterceptors are optional [grpc.UnaryClientInterceptor] to apply
 	// to the gRPC client.
 	UnaryInterceptors []grpc.UnaryClientInterceptor
@@ -76,9 +76,9 @@ type ClientConfig struct {
 
 	// The below items are intended to be used by tests to connect without mTLS.
 	// The gRPC transport credentials to use when establishing the connection to proxy.
-	creds func() credentials.TransportCredentials
+	creds func(cluster string) (credentials.TransportCredentials, error)
 	// The client credentials to use when establishing the connection to auth.
-	clientCreds func() client.Credentials
+	clientCreds func(cluster string) (client.Credentials, error)
 }
 
 // CheckAndSetDefaults ensures required options are present and
@@ -93,13 +93,21 @@ func (c *ClientConfig) CheckAndSetDefaults() error {
 	if c.DialTimeout <= 0 {
 		c.DialTimeout = defaults.DefaultIOTimeout
 	}
-	if c.TLSConfig != nil {
-		c.clientCreds = func() client.Credentials {
-			return client.LoadTLS(c.TLSConfig.Clone())
+	if c.TLSConfigFunc != nil {
+		c.clientCreds = func(cluster string) (client.Credentials, error) {
+			cfg, err := c.TLSConfigFunc(cluster)
+			if err != nil {
+				return nil, trace.Wrap(err)
+			}
+
+			return client.LoadTLS(cfg), nil
 		}
-		c.creds = func() credentials.TransportCredentials {
-			tlsCfg := c.TLSConfig.Clone()
-			if !slices.Contains(c.TLSConfig.NextProtos, protocolProxySSHGRPC) {
+		c.creds = func(cluster string) (credentials.TransportCredentials, error) {
+			tlsCfg, err := c.TLSConfigFunc(cluster)
+			if err != nil {
+				return nil, trace.Wrap(err)
+			}
+			if !slices.Contains(tlsCfg.NextProtos, protocolProxySSHGRPC) {
 				tlsCfg.NextProtos = append(tlsCfg.NextProtos, protocolProxySSHGRPC)
 			}
 
@@ -114,14 +122,14 @@ func (c *ClientConfig) CheckAndSetDefaults() error {
 				}
 			}
 
-			return credentials.NewTLS(tlsCfg)
+			return credentials.NewTLS(tlsCfg), nil
 		}
 	} else {
-		c.clientCreds = func() client.Credentials {
-			return insecureCredentials{}
+		c.clientCreds = func(cluster string) (client.Credentials, error) {
+			return insecureCredentials{}, nil
 		}
-		c.creds = func() credentials.TransportCredentials {
-			return insecure.NewCredentials()
+		c.creds = func(cluster string) (credentials.TransportCredentials, error) {
+			return insecure.NewCredentials(), nil
 		}
 	}
 
@@ -266,12 +274,18 @@ func newGRPCClient(ctx context.Context, cfg *ClientConfig) (_ *Client, err error
 	defer cancel()
 
 	c := &clusterName{}
+
+	creds, err := cfg.creds("")
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
 	conn, err := grpc.DialContext(
 		dialCtx,
 		cfg.ProxyAddress,
 		append([]grpc.DialOption{
 			grpc.WithContextDialer(newDialerForGRPCClient(ctx, cfg)),
-			grpc.WithTransportCredentials(&clusterCredentials{TransportCredentials: cfg.creds(), clusterName: c}),
+			grpc.WithTransportCredentials(&clusterCredentials{TransportCredentials: creds, clusterName: c}),
 			grpc.WithChainUnaryInterceptor(
 				append(cfg.UnaryInterceptors,
 					//nolint:staticcheck // SA1019. There is a data race in the stats.Handler that is replacing
@@ -362,22 +376,27 @@ type ClusterDetails struct {
 // Auth server in the provided cluster via [client.New] or similar. The [client.Config]
 // returned will have the correct credentials and dialer set based on the ClientConfig
 // that was provided to create this Client.
-func (c *Client) ClientConfig(ctx context.Context, cluster string) client.Config {
+func (c *Client) ClientConfig(ctx context.Context, cluster string) (client.Config, error) {
+	creds, err := c.cfg.clientCreds(cluster)
+	if err != nil {
+		return client.Config{}, trace.Wrap(err)
+	}
+
 	if c.cfg.TLSRoutingEnabled {
 		return client.Config{
 			Context:                    ctx,
 			Addrs:                      []string{c.cfg.ProxyAddress},
-			Credentials:                []client.Credentials{c.cfg.clientCreds()},
+			Credentials:                []client.Credentials{creds},
 			ALPNSNIAuthDialClusterName: cluster,
 			CircuitBreakerConfig:       breaker.NoopBreakerConfig(),
 			ALPNConnUpgradeRequired:    c.cfg.ALPNConnUpgradeRequired,
 			DialOpts:                   c.cfg.DialOpts,
-		}
+		}, nil
 	}
 
 	return client.Config{
 		Context:              ctx,
-		Credentials:          []client.Credentials{c.cfg.clientCreds()},
+		Credentials:          []client.Credentials{creds},
 		CircuitBreakerConfig: breaker.NoopBreakerConfig(),
 		DialInBackground:     true,
 		Dialer: client.ContextDialerFunc(func(dialCtx context.Context, _ string, _ string) (net.Conn, error) {
@@ -385,8 +404,7 @@ func (c *Client) ClientConfig(ctx context.Context, cluster string) client.Config
 			return conn, trace.Wrap(err)
 		}),
 		DialOpts: c.cfg.DialOpts,
-	}
-
+	}, nil
 }
 
 // DialHost establishes a connection to the `target` in cluster named `cluster`. If a keyring
diff --git a/api/client/proxy/client_test.go b/api/client/proxy/client_test.go
index 2897fed37cdab..2859ee8909bca 100644
--- a/api/client/proxy/client_test.go
+++ b/api/client/proxy/client_test.go
@@ -507,7 +507,9 @@ func TestClient_DialCluster(t *testing.T) {
 			require.NoError(t, err)
 			t.Cleanup(func() { require.NoError(t, clt.Close()) })
 
-			authCfg := clt.ClientConfig(ctx, "cluster")
+			authCfg, err := clt.ClientConfig(ctx, "cluster")
+			require.NoError(t, err)
+
 			authCfg.DialOpts = []grpc.DialOption{
 				grpc.WithTransportCredentials(insecure.NewCredentials()),
 				grpc.WithReturnConnectionError(),
diff --git a/integration/integration_test.go b/integration/integration_test.go
index ad169976b5eef..e163329276273 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -1662,7 +1662,8 @@ func testIPPropagation(t *testing.T, suite *integrationTestSuite) {
 		// The above dialer does not work clt.AuthClient as it requires a
 		// custom transport from ProxyClient when TLS routing is disabled.
 		// Recreating the authClient without the above dialer.
-		authClientCfg := clt.ProxyClient.ClientConfig(ctx, clusterName)
+		authClientCfg, err := clt.ProxyClient.ClientConfig(ctx, clusterName)
+		require.NoError(t, err)
 		authClientCfg.DialOpts = nil
 		authClient, err := authclient.NewClient(authClientCfg)
 		require.NoError(t, err)
diff --git a/lib/client/api.go b/lib/client/api.go
index 25211825118db..70ed835477379 100644
--- a/lib/client/api.go
+++ b/lib/client/api.go
@@ -1520,7 +1520,12 @@ func (tc *TeleportClient) NewTracingClient(ctx context.Context) (*apitracing.Cli
 		return nil, trace.Wrap(err)
 	}
 
-	tracingClient, err := client.NewTracingClient(ctx, clusterClient.ProxyClient.ClientConfig(ctx, clusterClient.ClusterName()))
+	cfg, err := clusterClient.ProxyClient.ClientConfig(ctx, clusterClient.ClusterName())
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	tracingClient, err := client.NewTracingClient(ctx, cfg)
 	return tracingClient, trace.Wrap(err)
 }
 
@@ -2899,15 +2904,18 @@ func (tc *TeleportClient) ConnectToCluster(ctx context.Context) (_ *ClusterClien
 		return nil, trace.Wrap(err)
 	}
 
-	tlsConfig, err := tc.LoadTLSConfig()
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
 	pclt, err := proxyclient.NewClient(ctx, proxyclient.ClientConfig{
-		ProxyAddress:       cfg.proxyAddress,
-		TLSRoutingEnabled:  tc.TLSRoutingEnabled,
-		TLSConfig:          tlsConfig,
+		ProxyAddress:      cfg.proxyAddress,
+		TLSRoutingEnabled: tc.TLSRoutingEnabled,
+		TLSConfigFunc: func(cluster string) (*tls.Config, error) {
+			if cluster == "" {
+				tlsCfg, err := tc.LoadTLSConfig()
+				return tlsCfg, trace.Wrap(err)
+			}
+
+			tlsCfg, err := tc.LoadTLSConfigForClusters([]string{cluster})
+			return tlsCfg, trace.Wrap(err)
+		},
 		DialOpts:           tc.Config.DialOpts,
 		UnaryInterceptors:  []grpc.UnaryClientInterceptor{interceptors.GRPCClientUnaryErrorInterceptor},
 		StreamInterceptors: []grpc.StreamClientInterceptor{interceptors.GRPCClientStreamErrorInterceptor},
@@ -2930,7 +2938,10 @@ func (tc *TeleportClient) ConnectToCluster(ctx context.Context) (_ *ClusterClien
 		cluster = connected
 	}
 
-	authClientCfg := pclt.ClientConfig(ctx, cluster)
+	authClientCfg, err := pclt.ClientConfig(ctx, cluster)
+	if err != nil {
+		return nil, trace.NewAggregate(err, pclt.Close())
+	}
 	authClientCfg.PromptAdminRequestMFA = tc.NewMFAPrompt(mfa.WithHintBeforePrompt(mfa.AdminMFAHintBeforePrompt))
 	authClient, err := authclient.NewClient(authClientCfg)
 	if err != nil {
diff --git a/lib/client/cluster_client.go b/lib/client/cluster_client.go
index 5c9327d1ab78f..e66315d165c69 100644
--- a/lib/client/cluster_client.go
+++ b/lib/client/cluster_client.go
@@ -69,7 +69,11 @@ func (c *ClusterClient) ConnectToCluster(ctx context.Context, clusterName string
 		return c.CurrentCluster(), nil
 	}
 
-	clientConfig := c.ProxyClient.ClientConfig(ctx, clusterName)
+	clientConfig, err := c.ProxyClient.ClientConfig(ctx, clusterName)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
 	authClient, err := authclient.NewClient(clientConfig)
 	return authClient, trace.Wrap(err)
 }
@@ -128,7 +132,12 @@ func (c *ClusterClient) SessionSSHConfig(ctx context.Context, user string, targe
 
 	mfaClt := c
 	if target.Cluster != rootClusterName {
-		authClient, err := authclient.NewClient(c.ProxyClient.ClientConfig(ctx, rootClusterName))
+		cfg, err := c.ProxyClient.ClientConfig(ctx, rootClusterName)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+
+		authClient, err := authclient.NewClient(cfg)
 		if err != nil {
 			return nil, trace.Wrap(MFARequiredUnknown(err))
 		}

From ff0d651ff73e3865754b174da01843b02357ab37 Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Wed, 16 Oct 2024 16:00:57 +0100
Subject: [PATCH 14/53] [aws] exclude session recordings from S3 sync in
 `teleport-renew-cert` (#47623)

This PR excludes `records` directory from the sync when renewing the letsencrypt certificate.
When doing the wildcard sync, `aws sync` downloads the `records` folder which contains audit logs for the cluster which causes failures because of no space left on the disk.
The certbot hook `teleport-upload-cert` doesn't use the `--delete` flag so the records are never purged from S3 on upload

Fixes #27884

Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
---
 assets/aws/files/bin/teleport-renew-cert | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assets/aws/files/bin/teleport-renew-cert b/assets/aws/files/bin/teleport-renew-cert
index b0d3ec9824a0a..13b8c03dce89b 100755
--- a/assets/aws/files/bin/teleport-renew-cert
+++ b/assets/aws/files/bin/teleport-renew-cert
@@ -17,7 +17,7 @@ if [ ! -f /etc/teleport.d/role.auth ] && [ ! -f /etc/teleport.d/role.all ]; then
 fi
 
 # Fetching certbot state
-aws s3 sync --exact-timestamps "s3://${TELEPORT_S3_BUCKET}" /etc/letsencrypt/ --sse=AES256
+aws s3 sync '--exclude=records/*' --exact-timestamps "s3://${TELEPORT_S3_BUCKET}" /etc/letsencrypt/ --sse=AES256
 
 # s3 does not support symlinks, we have to create them after the sync, else certbot will fail.
 # live/ symlinks point to the latest archive/<domain>/<object>XX.pem where XX is incremented at each cert-renewal.

From 97dc48e9177fec245435ab4f67fbd19e68c818d4 Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Wed, 16 Oct 2024 19:14:44 +0100
Subject: [PATCH 15/53] [v14] [gcp] support project discovery (#47566)

* [gcp] support project discovery

This PR extends Teleport discovery service to be able to support find all GKE and VM servers in every project a user has access to.

```
discovery_service:
  enabled: true
  discovery_group: "test"
  gcp:
  - types: ["gke"]
    locations: ["*"]
    project_ids: ["*"]
    tags:
     '*': '*'
```

* simplify docs by adding examples
---
 api/types/matchers_gcp.go                     |   4 +-
 api/types/matchers_gcp_test.go                |   4 +-
 .../discovery/google-cloud.mdx                |  14 +-
 lib/cloud/clients.go                          |  16 +++
 lib/cloud/gcp/projects.go                     | 105 +++++++++++++++
 lib/config/configuration_test.go              |  47 +++++++
 lib/srv/discovery/discovery.go                |  28 ++--
 lib/srv/discovery/discovery_test.go           | 124 +++++++++++++++++-
 lib/srv/discovery/fetchers/gke.go             |  51 ++++++-
 lib/srv/discovery/fetchers/gke_test.go        |  89 +++++++++++--
 lib/srv/server/gcp_watcher.go                 |  40 +++++-
 11 files changed, 482 insertions(+), 40 deletions(-)
 create mode 100644 lib/cloud/gcp/projects.go

diff --git a/api/types/matchers_gcp.go b/api/types/matchers_gcp.go
index 095aef9386449..20eec0d6d89c1 100644
--- a/api/types/matchers_gcp.go
+++ b/api/types/matchers_gcp.go
@@ -101,8 +101,8 @@ func (m *GCPMatcher) CheckAndSetDefaults() error {
 		m.Locations = []string{Wildcard}
 	}
 
-	if slices.Contains(m.ProjectIDs, Wildcard) {
-		return trace.BadParameter("GCP discovery service project_ids does not support wildcards; please specify at least one value in project_ids.")
+	if slices.Contains(m.ProjectIDs, Wildcard) && len(m.ProjectIDs) > 1 {
+		return trace.BadParameter("GCP discovery service either supports wildcard project_ids or multiple values, but not both.")
 	}
 	if len(m.ProjectIDs) == 0 {
 		return trace.BadParameter("GCP discovery service project_ids does cannot be empty; please specify at least one value in project_ids.")
diff --git a/api/types/matchers_gcp_test.go b/api/types/matchers_gcp_test.go
index 46eb18fe248d3..f56c93172b654 100644
--- a/api/types/matchers_gcp_test.go
+++ b/api/types/matchers_gcp_test.go
@@ -92,12 +92,12 @@ func TestGCPMatcherCheckAndSetDefaults(t *testing.T) {
 			errCheck: isBadParameterErr,
 		},
 		{
-			name: "wildcard is invalid for project ids",
+			name: "wildcard is valid for project ids",
 			in: &GCPMatcher{
 				Types:      []string{"gce"},
 				ProjectIDs: []string{"*"},
 			},
-			errCheck: isBadParameterErr,
+			errCheck: require.NoError,
 		},
 		{
 			name: "invalid type",
diff --git a/docs/pages/enroll-resources/kubernetes-access/discovery/google-cloud.mdx b/docs/pages/enroll-resources/kubernetes-access/discovery/google-cloud.mdx
index 1e54ead88ae09..83f892516dd79 100644
--- a/docs/pages/enroll-resources/kubernetes-access/discovery/google-cloud.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/discovery/google-cloud.mdx
@@ -452,8 +452,18 @@ value, `gke`.
 #### `discovery_service.gcp[0].project_ids`
 
 In your matcher, replace `myproject` with the ID of your Google Cloud project.
-The `project_ids` field must include at least one value, and it must not be the
-wildcard character (`*`).
+
+Ensure that the `project_ids` field follows these rules:
+- It must include at least one value.
+- It must not combine the wildcard character (`*`) with other values.
+
+##### Examples of valid configurations
+- `["p1", "p2"]`
+- `["*"]`
+- `["p1"]`
+
+##### Example of an invalid configuration
+- `["p1", "*"]`
 
 #### `discovery_service.gcp[0].locations`
 
diff --git a/lib/cloud/clients.go b/lib/cloud/clients.go
index 48ccacbca296d..a01ce81692a18 100644
--- a/lib/cloud/clients.go
+++ b/lib/cloud/clients.go
@@ -98,6 +98,8 @@ type GCPClients interface {
 	GetGCPSQLAdminClient(context.Context) (gcp.SQLAdminClient, error)
 	// GetGCPGKEClient returns GKE client.
 	GetGCPGKEClient(context.Context) (gcp.GKEClient, error)
+	// GetGCPProjectsClient returns Projects client.
+	GetGCPProjectsClient(context.Context) (gcp.ProjectsClient, error)
 	// GetGCPInstancesClient returns instances client.
 	GetGCPInstancesClient(context.Context) (gcp.InstancesClient, error)
 }
@@ -255,6 +257,7 @@ func NewClients(opts ...ClientsOption) (Clients, error) {
 		gcpClients: gcpClients{
 			gcpSQLAdmin:  newClientCache[gcp.SQLAdminClient](gcp.NewSQLAdminClient),
 			gcpGKE:       newClientCache[gcp.GKEClient](gcp.NewGKEClient),
+			gcpProjects:  newClientCache[gcp.ProjectsClient](gcp.NewProjectsClient),
 			gcpInstances: newClientCache[gcp.InstancesClient](gcp.NewInstancesClient),
 		},
 		azureClients: azClients,
@@ -313,6 +316,8 @@ type gcpClients struct {
 	gcpSQLAdmin *clientCache[gcp.SQLAdminClient]
 	// gcpGKE is the cached GCP Cloud GKE client.
 	gcpGKE *clientCache[gcp.GKEClient]
+	// gcpProjects is the cached GCP Cloud Projects client.
+	gcpProjects *clientCache[gcp.ProjectsClient]
 	// gcpInstances is the cached GCP instances client.
 	gcpInstances *clientCache[gcp.InstancesClient]
 }
@@ -639,6 +644,11 @@ func (c *cloudClients) GetGCPGKEClient(ctx context.Context) (gcp.GKEClient, erro
 	return c.gcpGKE.GetClient(ctx)
 }
 
+// GetGCPProjectsClient returns Project client.
+func (c *cloudClients) GetGCPProjectsClient(ctx context.Context) (gcp.ProjectsClient, error) {
+	return c.gcpProjects.GetClient(ctx)
+}
+
 // GetGCPInstancesClient returns instances client.
 func (c *cloudClients) GetGCPInstancesClient(ctx context.Context) (gcp.InstancesClient, error) {
 	return c.gcpInstances.GetClient(ctx)
@@ -982,6 +992,7 @@ type TestCloudClients struct {
 	STS                     stsiface.STSAPI
 	GCPSQL                  gcp.SQLAdminClient
 	GCPGKE                  gcp.GKEClient
+	GCPProjects             gcp.ProjectsClient
 	GCPInstances            gcp.InstancesClient
 	EC2                     ec2iface.EC2API
 	SSM                     ssmiface.SSMAPI
@@ -1178,6 +1189,11 @@ func (c *TestCloudClients) GetGCPGKEClient(ctx context.Context) (gcp.GKEClient,
 	return c.GCPGKE, nil
 }
 
+// GetGCPGKEClient returns GKE client.
+func (c *TestCloudClients) GetGCPProjectsClient(ctx context.Context) (gcp.ProjectsClient, error) {
+	return c.GCPProjects, nil
+}
+
 // GetGCPInstancesClient returns instances client.
 func (c *TestCloudClients) GetGCPInstancesClient(ctx context.Context) (gcp.InstancesClient, error) {
 	return c.GCPInstances, nil
diff --git a/lib/cloud/gcp/projects.go b/lib/cloud/gcp/projects.go
new file mode 100644
index 0000000000000..ee5b178be9f9c
--- /dev/null
+++ b/lib/cloud/gcp/projects.go
@@ -0,0 +1,105 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package gcp
+
+import (
+	"context"
+
+	"github.com/gravitational/trace"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+// Project is a GCP project.
+type Project struct {
+	// ID is the project ID.
+	ID string
+	// Name is the project name.
+	Name string
+}
+
+// ProjectsClient is an interface to interact with GCP Projects API.
+type ProjectsClient interface {
+	// ListProjects lists the GCP projects that the authenticated user has access to.
+	ListProjects(ctx context.Context) ([]Project, error)
+}
+
+// ProjectsClientConfig is the client configuration for ProjectsClient.
+type ProjectsClientConfig struct {
+	// Client is the GCP client for resourcemanager service.
+	Client *cloudresourcemanager.Service
+}
+
+// CheckAndSetDefaults check and set defaults for ProjectsClientConfig.
+func (c *ProjectsClientConfig) CheckAndSetDefaults(ctx context.Context) (err error) {
+	if c.Client == nil {
+		c.Client, err = cloudresourcemanager.NewService(ctx)
+		if err != nil {
+			return trace.Wrap(err)
+		}
+	}
+	return nil
+}
+
+// NewProjectsClient returns a ProjectsClient interface wrapping resourcemanager.ProjectsClient
+// for interacting with GCP Projects API.
+func NewProjectsClient(ctx context.Context) (ProjectsClient, error) {
+	var cfg ProjectsClientConfig
+	client, err := NewProjectsClientWithConfig(ctx, cfg)
+	return client, trace.Wrap(err)
+}
+
+// NewProjectsClientWithConfig returns a ProjectsClient interface wrapping resourcemanager.ProjectsClient
+// for interacting with GCP Projects API.
+func NewProjectsClientWithConfig(ctx context.Context, cfg ProjectsClientConfig) (ProjectsClient, error) {
+	if err := cfg.CheckAndSetDefaults(ctx); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return &projectsClient{cfg}, nil
+}
+
+type projectsClient struct {
+	ProjectsClientConfig
+}
+
+// ListProjects lists the GCP Projects that the authenticated user has access to.
+func (g *projectsClient) ListProjects(ctx context.Context) ([]Project, error) {
+
+	var pageToken string
+	var projects []Project
+	for {
+		projectsCall, err := g.Client.Projects.List().PageToken(pageToken).Do()
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		for _, project := range projectsCall.Projects {
+			projects = append(projects,
+				Project{
+					ID:   project.ProjectId,
+					Name: project.Name,
+				},
+			)
+		}
+		if projectsCall.NextPageToken == "" {
+			break
+		}
+		pageToken = projectsCall.NextPageToken
+	}
+
+	return projects, nil
+}
diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go
index 835f02a09313d..23f3e0152b0fd 100644
--- a/lib/config/configuration_test.go
+++ b/lib/config/configuration_test.go
@@ -4346,6 +4346,53 @@ func TestDiscoveryConfig(t *testing.T) {
 				ProjectIDs: []string{"p1", "p2"},
 			}},
 		},
+		{
+			desc:          "GCP section is filled with wildcard project ids",
+			expectError:   require.NoError,
+			expectEnabled: require.True,
+			mutate: func(cfg cfgMap) {
+				cfg["discovery_service"].(cfgMap)["enabled"] = "yes"
+				cfg["discovery_service"].(cfgMap)["gcp"] = []cfgMap{
+					{
+						"types":     []string{"gke"},
+						"locations": []string{"eucentral1"},
+						"tags": cfgMap{
+							"discover_teleport": "yes",
+						},
+						"project_ids": []string{"*"},
+					},
+				}
+			},
+			expectedGCPMatchers: []types.GCPMatcher{{
+				Types:     []string{"gke"},
+				Locations: []string{"eucentral1"},
+				Labels: map[string]apiutils.Strings{
+					"discover_teleport": []string{"yes"},
+				},
+				Tags: map[string]apiutils.Strings{
+					"discover_teleport": []string{"yes"},
+				},
+				ProjectIDs: []string{"*"},
+			}},
+		},
+		{
+			desc:          "GCP section mixes wildcard and specific project ids",
+			expectError:   require.Error,
+			expectEnabled: require.True,
+			mutate: func(cfg cfgMap) {
+				cfg["discovery_service"].(cfgMap)["enabled"] = "yes"
+				cfg["discovery_service"].(cfgMap)["gcp"] = []cfgMap{
+					{
+						"types":     []string{"gke"},
+						"locations": []string{"eucentral1"},
+						"tags": cfgMap{
+							"discover_teleport": "yes",
+						},
+						"project_ids": []string{"p1", "*"},
+					},
+				}
+			},
+		},
 		{
 			desc:          "GCP section is filled with installer",
 			expectError:   require.NoError,
diff --git a/lib/srv/discovery/discovery.go b/lib/srv/discovery/discovery.go
index 6f612c763b249..78fc1937e92b7 100644
--- a/lib/srv/discovery/discovery.go
+++ b/lib/srv/discovery/discovery.go
@@ -562,7 +562,12 @@ func (s *Server) gcpServerFetchersFromMatchers(ctx context.Context, matchers []t
 		return nil, trace.Wrap(err)
 	}
 
-	return server.MatchersToGCPInstanceFetchers(serverMatchers, client), nil
+	projectsClient, err := s.CloudClients.GetGCPProjectsClient(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return server.MatchersToGCPInstanceFetchers(serverMatchers, client, projectsClient), nil
 }
 
 // databaseFetchersFromMatchers converts Matchers into a set of Database Fetchers.
@@ -704,19 +709,26 @@ func (s *Server) initGCPWatchers(ctx context.Context, matchers []types.GCPMatche
 	if err != nil {
 		return trace.Wrap(err)
 	}
+	projectClient, err := s.CloudClients.GetGCPProjectsClient(ctx)
+	if err != nil {
+		return trace.Wrap(err, "unable to create gcp project client")
+	}
 	for _, matcher := range otherMatchers {
 		for _, projectID := range matcher.ProjectIDs {
 			for _, location := range matcher.Locations {
 				for _, t := range matcher.Types {
 					switch t {
 					case types.GCPMatcherKubernetes:
-						fetcher, err := fetchers.NewGKEFetcher(fetchers.GKEFetcherConfig{
-							Client:       kubeClient,
-							Location:     location,
-							FilterLabels: matcher.GetLabels(),
-							ProjectID:    projectID,
-							Log:          s.Log,
-						})
+						fetcher, err := fetchers.NewGKEFetcher(
+							ctx,
+							fetchers.GKEFetcherConfig{
+								GKEClient:     kubeClient,
+								ProjectClient: projectClient,
+								Location:      location,
+								FilterLabels:  matcher.GetLabels(),
+								ProjectID:     projectID,
+								Log:           s.Log,
+							})
 						if err != nil {
 							return trace.Wrap(err)
 						}
diff --git a/lib/srv/discovery/discovery_test.go b/lib/srv/discovery/discovery_test.go
index f8997975aa575..dcbefc5e0290f 100644
--- a/lib/srv/discovery/discovery_test.go
+++ b/lib/srv/discovery/discovery_test.go
@@ -950,6 +950,24 @@ func TestDiscoveryInCloudKube(t *testing.T) {
 			},
 			wantEvents: 2,
 		},
+		{
+			name:                 "no clusters in auth server, import 3 prod clusters from GKE across multiple projects",
+			existingKubeClusters: []types.KubeCluster{},
+			gcpMatchers: []types.GCPMatcher{
+				{
+					Types:      []string{"gke"},
+					Locations:  []string{"*"},
+					ProjectIDs: []string{"*"},
+					Tags:       map[string]utils.Strings{"env": {"prod"}},
+				},
+			},
+			expectedClustersToExistInAuth: []types.KubeCluster{
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[0], mainDiscoveryGroup),
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[1], mainDiscoveryGroup),
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[4], mainDiscoveryGroup),
+			},
+			wantEvents: 3,
+		},
 	}
 
 	for _, tc := range tcs {
@@ -963,6 +981,7 @@ func TestDiscoveryInCloudKube(t *testing.T) {
 				AzureAKSClient: newPopulatedAKSMock(),
 				EKS:            newPopulatedEKSMock(),
 				GCPGKE:         newPopulatedGCPMock(),
+				GCPProjects:    newPopulatedGCPProjectsMock(),
 			}
 
 			ctx := context.Background()
@@ -1447,6 +1466,28 @@ var gkeMockClusters = []gcp.GKECluster{
 		Location:    "central-1",
 		Description: "desc1",
 	},
+	{
+		Name:   "cluster5",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "prod",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
+	{
+		Name:   "cluster6",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
 }
 
 func mustConvertGKEToKubeCluster(t *testing.T, gkeCluster gcp.GKECluster, discoveryGroup string) types.KubeCluster {
@@ -1464,7 +1505,15 @@ type mockGKEAPI struct {
 }
 
 func (m *mockGKEAPI) ListClusters(ctx context.Context, projectID string, location string) ([]gcp.GKECluster, error) {
-	return m.clusters, nil
+	var clusters []gcp.GKECluster
+	for _, cluster := range m.clusters {
+		if cluster.ProjectID != projectID {
+			continue
+		}
+		clusters = append(clusters, cluster)
+	}
+
+	return clusters, nil
 }
 
 func TestDiscoveryDatabase(t *testing.T) {
@@ -2377,12 +2426,21 @@ type mockGCPClient struct {
 	vms []*gcp.Instance
 }
 
-func (m *mockGCPClient) ListInstances(_ context.Context, _, _ string) ([]*gcp.Instance, error) {
-	return m.vms, nil
+func (m *mockGCPClient) getVMSForProject(projectID string) []*gcp.Instance {
+	var vms []*gcp.Instance
+	for _, vm := range m.vms {
+		if vm.ProjectID == projectID {
+			vms = append(vms, vm)
+		}
+	}
+	return vms
+}
+func (m *mockGCPClient) ListInstances(_ context.Context, projectID, _ string) ([]*gcp.Instance, error) {
+	return m.getVMSForProject(projectID), nil
 }
 
-func (m *mockGCPClient) StreamInstances(_ context.Context, _, _ string) stream.Stream[*gcp.Instance] {
-	return stream.Slice(m.vms)
+func (m *mockGCPClient) StreamInstances(_ context.Context, projectID, _ string) stream.Stream[*gcp.Instance] {
+	return stream.Slice(m.getVMSForProject(projectID))
 }
 
 func (m *mockGCPClient) GetInstance(_ context.Context, _ *gcp.InstanceRequest) (*gcp.Instance, error) {
@@ -2471,6 +2529,37 @@ func TestGCPVMDiscovery(t *testing.T) {
 			staticMatchers:         defaultStaticMatcher,
 			wantInstalledInstances: []string{"myinstance"},
 		},
+		{
+			name:       "no nodes present, 2 found for different projects",
+			presentVMs: []types.Server{},
+			foundGCPVMs: []*gcp.Instance{
+				{
+					ProjectID: "p1",
+					Zone:      "myzone",
+					Name:      "myinstance1",
+					Labels: map[string]string{
+						"teleport": "yes",
+					},
+				},
+				{
+					ProjectID: "p2",
+					Zone:      "myzone",
+					Name:      "myinstance2",
+					Labels: map[string]string{
+						"teleport": "yes",
+					},
+				},
+			},
+			staticMatchers: Matchers{
+				GCP: []types.GCPMatcher{{
+					Types:      []string{"gce"},
+					ProjectIDs: []string{"*"},
+					Locations:  []string{"myzone"},
+					Labels:     types.Labels{"teleport": {"yes"}},
+				}},
+			},
+			wantInstalledInstances: []string{"myinstance1", "myinstance2"},
+		},
 		{
 			name: "nodes present, instance filtered",
 			presentVMs: []types.Server{
@@ -2556,6 +2645,7 @@ func TestGCPVMDiscovery(t *testing.T) {
 				GCPInstances: &mockGCPClient{
 					vms: tc.foundGCPVMs,
 				},
+				GCPProjects: newPopulatedGCPProjectsMock(),
 			}
 
 			ctx := context.Background()
@@ -2800,3 +2890,27 @@ func (m fakeWatcher) Close() error {
 func (m fakeWatcher) Error() error {
 	return nil
 }
+
+type mockProjectsAPI struct {
+	gcp.ProjectsClient
+	projects []gcp.Project
+}
+
+func (m *mockProjectsAPI) ListProjects(ctx context.Context) ([]gcp.Project, error) {
+	return m.projects, nil
+}
+
+func newPopulatedGCPProjectsMock() *mockProjectsAPI {
+	return &mockProjectsAPI{
+		projects: []gcp.Project{
+			{
+				ID:   "p1",
+				Name: "project1",
+			},
+			{
+				ID:   "p2",
+				Name: "project2",
+			},
+		},
+	}
+}
diff --git a/lib/srv/discovery/fetchers/gke.go b/lib/srv/discovery/fetchers/gke.go
index 402d4233ccdb4..e4988a9ba456c 100644
--- a/lib/srv/discovery/fetchers/gke.go
+++ b/lib/srv/discovery/fetchers/gke.go
@@ -32,8 +32,10 @@ import (
 
 // GKEFetcherConfig configures the GKE fetcher.
 type GKEFetcherConfig struct {
-	// Client is the GCP GKE client.
-	Client gcp.GKEClient
+	// GKEClient is the GCP GKE client.
+	GKEClient gcp.GKEClient
+	// ProjectClient is the GCP project client.
+	ProjectClient gcp.ProjectsClient
 	// ProjectID is the projectID the cluster should belong to.
 	ProjectID string
 	// Location is the GCP's location where the clusters should be located.
@@ -47,9 +49,12 @@ type GKEFetcherConfig struct {
 
 // CheckAndSetDefaults validates and sets the defaults values.
 func (c *GKEFetcherConfig) CheckAndSetDefaults() error {
-	if c.Client == nil {
+	if c.GKEClient == nil {
 		return trace.BadParameter("missing Client field")
 	}
+	if c.ProjectClient == nil {
+		return trace.BadParameter("missing ProjectClient field")
+	}
 	if len(c.Location) == 0 {
 		return trace.BadParameter("missing Location field")
 	}
@@ -70,7 +75,7 @@ type gkeFetcher struct {
 }
 
 // NewGKEFetcher creates a new GKE fetcher configuration.
-func NewGKEFetcher(cfg GKEFetcherConfig) (common.Fetcher, error) {
+func NewGKEFetcher(ctx context.Context, cfg GKEFetcherConfig) (common.Fetcher, error) {
 	if err := cfg.CheckAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -79,19 +84,31 @@ func NewGKEFetcher(cfg GKEFetcherConfig) (common.Fetcher, error) {
 }
 
 func (a *gkeFetcher) Get(ctx context.Context) (types.ResourcesWithLabels, error) {
-	clusters, err := a.getGKEClusters(ctx)
+
+	// Get the project IDs that this fetcher is configured to query.
+	projectIDs, err := a.getProjectIDs(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
+	a.Log.Debugf("Fetching GKE clusters for project IDs: %v", projectIDs)
+	var clusters types.KubeClusters
+	for _, projectID := range projectIDs {
+		lClusters, err := a.getGKEClusters(ctx, projectID)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		clusters = append(clusters, lClusters...)
+	}
+
 	a.rewriteKubeClusters(clusters)
 	return clusters.AsResources(), nil
 }
 
-func (a *gkeFetcher) getGKEClusters(ctx context.Context) (types.KubeClusters, error) {
+func (a *gkeFetcher) getGKEClusters(ctx context.Context, projectID string) (types.KubeClusters, error) {
 	var clusters types.KubeClusters
 
-	gkeClusters, err := a.Client.ListClusters(ctx, a.ProjectID, a.Location)
+	gkeClusters, err := a.GKEClient.ListClusters(ctx, projectID, a.Location)
 	for _, gkeCluster := range gkeClusters {
 		cluster, err := a.getMatchingKubeCluster(gkeCluster)
 		// trace.CompareFailed is returned if the cluster did not match the matcher filtering labels
@@ -157,3 +174,23 @@ func (a *gkeFetcher) getMatchingKubeCluster(gkeCluster gcp.GKECluster) (types.Ku
 
 	return cluster, nil
 }
+
+// getProjectIDs returns the project ids that this fetcher is configured to query.
+// This will make an API call to list project IDs when the fetcher is configured to match "*" projectID,
+// in order to discover and query new projectID.
+// Otherwise, a list containing the fetcher's non-wildcard project is returned.
+func (a *gkeFetcher) getProjectIDs(ctx context.Context) ([]string, error) {
+	if a.ProjectID != types.Wildcard {
+		return []string{a.ProjectID}, nil
+	}
+
+	gcpProjects, err := a.ProjectClient.ListProjects(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	var projectIDs []string
+	for _, prj := range gcpProjects {
+		projectIDs = append(projectIDs, prj.ID)
+	}
+	return projectIDs, nil
+}
diff --git a/lib/srv/discovery/fetchers/gke_test.go b/lib/srv/discovery/fetchers/gke_test.go
index ee5dbfaa43c31..c85f08ba982bf 100644
--- a/lib/srv/discovery/fetchers/gke_test.go
+++ b/lib/srv/discovery/fetchers/gke_test.go
@@ -33,6 +33,7 @@ func TestGKEFetcher(t *testing.T) {
 	type args struct {
 		location     string
 		filterLabels types.Labels
+		projectID    string
 	}
 	tests := []struct {
 		name string
@@ -46,8 +47,9 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					types.Wildcard: []string{types.Wildcard},
 				},
+				projectID: "p1",
 			},
-			want: gkeClustersToResources(t, gkeMockClusters...),
+			want: gkeClustersToResources(t, gkeMockClusters[:4]...),
 		},
 		{
 			name: "list prod clusters",
@@ -56,6 +58,7 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"prod"},
 				},
+				projectID: "p1",
 			},
 			want: gkeClustersToResources(t, gkeMockClusters[:2]...),
 		},
@@ -67,8 +70,9 @@ func TestGKEFetcher(t *testing.T) {
 					"env":      []string{"stg"},
 					"location": []string{"central-1"},
 				},
+				projectID: "p1",
 			},
-			want: gkeClustersToResources(t, gkeMockClusters[2:]...),
+			want: gkeClustersToResources(t, gkeMockClusters[2:4]...),
 		},
 		{
 			name: "filter not found",
@@ -77,6 +81,7 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"none"},
 				},
+				projectID: "p1",
 			},
 			want: gkeClustersToResources(t),
 		},
@@ -88,6 +93,18 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"prod", "stg"},
 				},
+				projectID: "p1",
+			},
+			want: gkeClustersToResources(t, gkeMockClusters[:4]...),
+		},
+		{
+			name: "list everything with wildcard project",
+			args: args{
+				location: "uswest2",
+				filterLabels: types.Labels{
+					"env": []string{"prod", "stg"},
+				},
+				projectID: "*",
 			},
 			want: gkeClustersToResources(t, gkeMockClusters...),
 		},
@@ -95,12 +112,14 @@ func TestGKEFetcher(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg := GKEFetcherConfig{
-				Client:       newPopulatedGCPMock(),
-				FilterLabels: tt.args.filterLabels,
-				Location:     tt.args.location,
-				Log:          logrus.New(),
+				GKEClient:     newPopulatedGCPMock(),
+				ProjectClient: newPopulatedGCPProjectsMock(),
+				FilterLabels:  tt.args.filterLabels,
+				Location:      tt.args.location,
+				ProjectID:     tt.args.projectID,
+				Log:           logrus.New(),
 			}
-			fetcher, err := NewGKEFetcher(cfg)
+			fetcher, err := NewGKEFetcher(context.Background(), cfg)
 			require.NoError(t, err)
 			resources, err := fetcher.Get(context.Background())
 			require.NoError(t, err)
@@ -116,7 +135,15 @@ type mockGKEAPI struct {
 }
 
 func (m *mockGKEAPI) ListClusters(ctx context.Context, projectID string, location string) ([]gcp.GKECluster, error) {
-	return m.clusters, nil
+	var clusters []gcp.GKECluster
+	for _, cluster := range m.clusters {
+		if cluster.ProjectID != projectID {
+			continue
+		}
+		clusters = append(clusters, cluster)
+	}
+
+	return clusters, nil
 }
 
 func newPopulatedGCPMock() *mockGKEAPI {
@@ -170,6 +197,28 @@ var gkeMockClusters = []gcp.GKECluster{
 		Location:    "central-1",
 		Description: "desc1",
 	},
+	{
+		Name:   "cluster5",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
+	{
+		Name:   "cluster6",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
 }
 
 func gkeClustersToResources(t *testing.T, clusters ...gcp.GKECluster) types.ResourcesWithLabels {
@@ -183,3 +232,27 @@ func gkeClustersToResources(t *testing.T, clusters ...gcp.GKECluster) types.Reso
 	}
 	return kubeClusters.AsResources()
 }
+
+type mockProjectsAPI struct {
+	gcp.ProjectsClient
+	projects []gcp.Project
+}
+
+func (m *mockProjectsAPI) ListProjects(ctx context.Context) ([]gcp.Project, error) {
+	return m.projects, nil
+}
+
+func newPopulatedGCPProjectsMock() *mockProjectsAPI {
+	return &mockProjectsAPI{
+		projects: []gcp.Project{
+			{
+				ID:   "p1",
+				Name: "project1",
+			},
+			{
+				ID:   "p2",
+				Name: "project2",
+			},
+		},
+	}
+}
diff --git a/lib/srv/server/gcp_watcher.go b/lib/srv/server/gcp_watcher.go
index 7e3aa35ba360a..2ad34aea49225 100644
--- a/lib/srv/server/gcp_watcher.go
+++ b/lib/srv/server/gcp_watcher.go
@@ -88,13 +88,14 @@ func NewGCPWatcher(ctx context.Context, fetchersFn func() []Fetcher, opts ...Opt
 }
 
 // MatchersToGCPInstanceFetchers converts a list of GCP GCE Matchers into a list of GCP GCE Fetchers.
-func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.InstancesClient) []Fetcher {
+func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.InstancesClient, projectsClient gcp.ProjectsClient) []Fetcher {
 	fetchers := make([]Fetcher, 0, len(matchers))
 
 	for _, matcher := range matchers {
 		fetchers = append(fetchers, newGCPInstanceFetcher(gcpFetcherConfig{
-			Matcher:   matcher,
-			GCPClient: gcpClient,
+			Matcher:        matcher,
+			GCPClient:      gcpClient,
+			projectsClient: projectsClient,
 		}))
 	}
 
@@ -102,8 +103,9 @@ func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.In
 }
 
 type gcpFetcherConfig struct {
-	Matcher   types.GCPMatcher
-	GCPClient gcp.InstancesClient
+	Matcher        types.GCPMatcher
+	GCPClient      gcp.InstancesClient
+	projectsClient gcp.ProjectsClient
 }
 
 type gcpInstanceFetcher struct {
@@ -114,6 +116,7 @@ type gcpInstanceFetcher struct {
 	ServiceAccounts []string
 	Labels          types.Labels
 	Parameters      map[string]string
+	projectsClient  gcp.ProjectsClient
 }
 
 func newGCPInstanceFetcher(cfg gcpFetcherConfig) *gcpInstanceFetcher {
@@ -123,6 +126,7 @@ func newGCPInstanceFetcher(cfg gcpFetcherConfig) *gcpInstanceFetcher {
 		ProjectIDs:      cfg.Matcher.ProjectIDs,
 		ServiceAccounts: cfg.Matcher.ServiceAccounts,
 		Labels:          cfg.Matcher.GetLabels(),
+		projectsClient:  cfg.projectsClient,
 	}
 	if cfg.Matcher.Params != nil {
 		fetcher.Parameters = map[string]string{
@@ -142,7 +146,11 @@ func (*gcpInstanceFetcher) GetMatchingInstances(_ []types.Server, _ bool) ([]Ins
 func (f *gcpInstanceFetcher) GetInstances(ctx context.Context, _ bool) ([]Instances, error) {
 	// Key by project ID, then by zone.
 	instanceMap := make(map[string]map[string][]*gcp.Instance)
-	for _, projectID := range f.ProjectIDs {
+	projectIDs, err := f.getProjectIDs(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	for _, projectID := range projectIDs {
 		instanceMap[projectID] = make(map[string][]*gcp.Instance)
 		for _, zone := range f.Zones {
 			instanceMap[projectID][zone] = make([]*gcp.Instance, 0)
@@ -182,3 +190,23 @@ func (f *gcpInstanceFetcher) GetInstances(ctx context.Context, _ bool) ([]Instan
 
 	return instances, nil
 }
+
+// getProjectIDs returns the project ids that this fetcher is configured to query.
+// This will make an API call to list project IDs when the fetcher is configured to match "*" projectID,
+// in order to discover and query new projectID.
+// Otherwise, a list containing the fetcher's non-wildcard project is returned.
+func (f *gcpInstanceFetcher) getProjectIDs(ctx context.Context) ([]string, error) {
+	if len(f.ProjectIDs) != 1 || len(f.ProjectIDs) == 1 && f.ProjectIDs[0] != types.Wildcard {
+		return f.ProjectIDs, nil
+	}
+
+	gcpProjects, err := f.projectsClient.ListProjects(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	var projectIDs []string
+	for _, prj := range gcpProjects {
+		projectIDs = append(projectIDs, prj.ID)
+	}
+	return projectIDs, nil
+}

From 157e73fc411df5ac9c0e1c3ca225fbfa7b07e2cd Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Thu, 17 Oct 2024 00:08:12 +0000
Subject: [PATCH 16/53] Adds support to Firestore backends for custom databases
 (#47540) (#47585)

Firestore has supported multiple databases in a project for a while
(see https://cloud.google.com/blog/products/databases/manage-multiple-firestore-databases-in-a-project),
however, Teleport only allowed using the default database in the project.
The DatabaseID is now exposed in the file config, and if provided
both the state and events backends will use the appropriate database.

Closes https://github.com/gravitational/teleport/issues/37227.
---
 docs/pages/reference/backends.mdx             |  6 +++-
 lib/backend/firestore/firestorebk.go          | 29 ++++++++++++++-----
 lib/events/firestoreevents/firestoreevents.go |  8 +++--
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/docs/pages/reference/backends.mdx b/docs/pages/reference/backends.mdx
index 2bd9aad5f3aca..8b0b73ecb3465 100644
--- a/docs/pages/reference/backends.mdx
+++ b/docs/pages/reference/backends.mdx
@@ -1270,6 +1270,10 @@ teleport:
     # Name of the Firestore table.
     collection_name: Example_TELEPORT_FIRESTORE_TABLE_NAME
 
+    # An optional database id to use. If not provided the default
+    # database for the project is used.
+    database_id: Example_TELEPORT_FIRESTORE_DATABASE_ID
+
     credentials_path: /var/lib/teleport/gcs_creds
 
     # This setting configures Teleport to send the audit events to three places:
@@ -1278,7 +1282,7 @@ teleport:
     # database table, so attempting to use the same table for both will result in errors.
     # When using highly available storage like Firestore, you should make sure that the list always specifies
     # the High Availability storage method first, as this is what the Teleport web UI uses as its source of events to display.
-    audit_events_uri:  ['firestore://Example_TELEPORT_FIRESTORE_EVENTS_TABLE_NAME', 'file:///var/lib/teleport/audit/events', 'stdout://']
+    audit_events_uri:  ['firestore://Example_TELEPORT_FIRESTORE_EVENTS_TABLE_NAME?projectID=$PROJECT_ID&credentialsPath=$CREDENTIALS_PATH&databaseID=$DATABASE_ID', 'file:///var/lib/teleport/audit/events', 'stdout://']
 
     # This setting configures Teleport to save the recorded sessions in GCP storage:
     audit_sessions_uri: gs://Example_TELEPORT_GCS_BUCKET/records
diff --git a/lib/backend/firestore/firestorebk.go b/lib/backend/firestore/firestorebk.go
index 3056b245c6ae9..c7483aede60f8 100644
--- a/lib/backend/firestore/firestorebk.go
+++ b/lib/backend/firestore/firestorebk.go
@@ -16,6 +16,7 @@ package firestore
 
 import (
 	"bytes"
+	"cmp"
 	"context"
 	"encoding/base64"
 	"errors"
@@ -57,6 +58,9 @@ type Config struct {
 	DisableExpiredDocumentPurge bool `json:"disable_expired_document_purge,omitempty"`
 	// EndPoint is used to point the Firestore clients at emulated Firestore storage.
 	EndPoint string `json:"endpoint,omitempty"`
+	// DatabaseID is the identifier of a specific Firestore database to use. If not specified, the
+	// default database for the ProjectID is used.
+	DatabaseID string `json:"database_id,omitempty"`
 }
 
 type backendConfig struct {
@@ -265,14 +269,14 @@ func (t ownerCredentials) GetRequestMetadata(context.Context, ...string) (map[st
 func (t ownerCredentials) RequireTransportSecurity() bool { return false }
 
 // CreateFirestoreClients creates a firestore admin and normal client given the supplied parameters
-func CreateFirestoreClients(ctx context.Context, projectID string, endPoint string, credentialsFile string) (*apiv1.FirestoreAdminClient, *firestore.Client, error) {
+func CreateFirestoreClients(ctx context.Context, projectID, database string, endpoint string, credentialsFile string) (*apiv1.FirestoreAdminClient, *firestore.Client, error) {
 	var args []option.ClientOption
 
-	if endPoint != "" {
+	if endpoint != "" {
 		args = append(args,
 			option.WithTelemetryDisabled(),
 			option.WithoutAuthentication(),
-			option.WithEndpoint(endPoint),
+			option.WithEndpoint(endpoint),
 			option.WithGRPCDialOption(grpc.WithTransportCredentials(insecure.NewCredentials())),
 			option.WithGRPCDialOption(grpc.WithPerRPCCredentials(ownerCredentials{})),
 		)
@@ -280,11 +284,21 @@ func CreateFirestoreClients(ctx context.Context, projectID string, endPoint stri
 		args = append(args, option.WithCredentialsFile(credentialsFile))
 	}
 
-	firestoreClient, err := firestore.NewClient(ctx, projectID, args...)
+	firestoreAdminClient, err := apiv1.NewFirestoreAdminClient(ctx, args...)
 	if err != nil {
 		return nil, nil, ConvertGRPCError(err)
 	}
-	firestoreAdminClient, err := apiv1.NewFirestoreAdminClient(ctx, args...)
+
+	if database == "" {
+		firestoreClient, err := firestore.NewClient(ctx, projectID, args...)
+		if err != nil {
+			return nil, nil, ConvertGRPCError(err)
+		}
+
+		return firestoreAdminClient, firestoreClient, nil
+	}
+
+	firestoreClient, err := firestore.NewClientWithDatabase(ctx, projectID, database, args...)
 	if err != nil {
 		return nil, nil, ConvertGRPCError(err)
 	}
@@ -328,7 +342,7 @@ func New(ctx context.Context, params backend.Params, options Options) (*Backend,
 	}
 
 	closeCtx, cancel := context.WithCancel(ctx)
-	firestoreAdminClient, firestoreClient, err := CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.EndPoint, cfg.CredentialsPath)
+	firestoreAdminClient, firestoreClient, err := CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.DatabaseID, cfg.EndPoint, cfg.CredentialsPath)
 	if err != nil {
 		cancel()
 		return nil, trace.Wrap(err)
@@ -886,7 +900,8 @@ func ConvertGRPCError(err error, args ...interface{}) error {
 }
 
 func (b *Backend) getIndexParent() string {
-	return "projects/" + b.ProjectID + "/databases/(default)/collectionGroups/" + b.CollectionName
+	database := cmp.Or(b.backendConfig.Config.DatabaseID, "(default)")
+	return "projects/" + b.ProjectID + "/databases/" + database + "/collectionGroups/" + b.CollectionName
 }
 
 func (b *Backend) ensureIndexes(adminSvc *apiv1.FirestoreAdminClient) error {
diff --git a/lib/events/firestoreevents/firestoreevents.go b/lib/events/firestoreevents/firestoreevents.go
index 8caea7ac46e73..fe6ab9a0e267c 100644
--- a/lib/events/firestoreevents/firestoreevents.go
+++ b/lib/events/firestoreevents/firestoreevents.go
@@ -15,6 +15,7 @@
 package firestoreevents
 
 import (
+	"cmp"
 	"context"
 	"encoding/json"
 	"errors"
@@ -198,6 +199,8 @@ func (cfg *EventsConfig) SetFromURL(url *url.URL) error {
 	}
 	cfg.ProjectID = projectIDParamString
 
+	cfg.DatabaseID = url.Query().Get("databaseID")
+
 	eventRetentionPeriodParamString := url.Query().Get(eventRetentionPeriodPropertyKey)
 	if eventRetentionPeriodParamString == "" {
 		cfg.RetentionPeriod = defaultEventRetentionPeriod
@@ -282,7 +285,7 @@ func New(cfg EventsConfig) (*Log, error) {
 	})
 	l.Info("Initializing event backend.")
 	closeCtx, cancel := context.WithCancel(context.Background())
-	firestoreAdminClient, firestoreClient, err := firestorebk.CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.EndPoint, cfg.CredentialsPath)
+	firestoreAdminClient, firestoreClient, err := firestorebk.CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.DatabaseID, cfg.EndPoint, cfg.CredentialsPath)
 	if err != nil {
 		cancel()
 		return nil, trace.Wrap(err)
@@ -572,7 +575,8 @@ type searchEventsFilter struct {
 }
 
 func (l *Log) getIndexParent() string {
-	return "projects/" + l.ProjectID + "/databases/(default)/collectionGroups/" + l.CollectionName
+	database := cmp.Or(l.Config.DatabaseID, "(default)")
+	return "projects/" + l.ProjectID + "/databases/" + database + "/collectionGroups/" + l.CollectionName
 }
 
 func (l *Log) ensureIndexes(adminSvc *apiv1.FirestoreAdminClient) error {

From b6fa86012bdedb4b5ab04ed606961e0bb5136f0a Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Thu, 17 Oct 2024 08:55:50 -0400
Subject: [PATCH 17/53] Clarify lookups of Microsoft IdP attributes (#47597)

Closes #19118

Edit the Role Reference, Azure AD, and AD FS guides to explain that you
must use bracket notation to look up Azure AD and AD FS attributes in
roles.
---
 .../admin-guides/access-controls/sso/adfs.mdx |  7 +++---
 .../access-controls/sso/azuread.mdx           | 24 ++++++++++++++-----
 .../pages/reference/access-controls/roles.mdx | 10 ++++++--
 3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/docs/pages/admin-guides/access-controls/sso/adfs.mdx b/docs/pages/admin-guides/access-controls/sso/adfs.mdx
index b75d19bc9b374..d65c7e22bce02 100644
--- a/docs/pages/admin-guides/access-controls/sso/adfs.mdx
+++ b/docs/pages/admin-guides/access-controls/sso/adfs.mdx
@@ -130,9 +130,10 @@ The login
 <nobr>`{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}`</nobr>
 configures Teleport to look at the
 `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname`
-ADFS claim and use that field as an allowed login for each user. Note the
-double quotes (`"`) and square brackets (`[]`) around the claim name—these are
-important.
+attribute and use that field as an allowed login for each user. Since the name
+of the attribute contains characters besides letters, numbers, and underscores,
+you must use double quotes (`"`) and square brackets (`[]`) around the name of
+the attribute.
 
 ## Step 3/3. Create a SAML connector
 
diff --git a/docs/pages/admin-guides/access-controls/sso/azuread.mdx b/docs/pages/admin-guides/access-controls/sso/azuread.mdx
index 3d488c583bcd9..44cd2ba25d8fa 100644
--- a/docs/pages/admin-guides/access-controls/sso/azuread.mdx
+++ b/docs/pages/admin-guides/access-controls/sso/azuread.mdx
@@ -173,10 +173,7 @@ $ tctl create -f azure-connector.yaml
 Create a Teleport role resource that will use external username data from the
 Azure AD connector to determine which Linux logins to allow on a host.
 
-Users with the following `dev` role are only allowed to log in to nodes with
-the `access: relaxed` Teleport label. They can log in as either `ubuntu` or a
-username that is passed in from the Azure AD connector. Users with this role can't
-obtain admin access to Teleport.
+Create a file called `dev.yaml` with the following content:
 
 ```yaml
 kind: role
@@ -187,12 +184,27 @@ spec:
   options:
     max_session_ttl: 24h
   allow:
-    logins: [ "{{external.username}}", ubuntu ]
+    # only allow login as either ubuntu or the 'windowsaccountname' claim
+    logins: [ '{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}', ubuntu ]
     node_labels:
       access: relaxed
 ```
 
-Replace `ubuntu` with the Linux login available on your servers.
+Users with the `dev` role are only allowed to log in to nodes with the `access:
+relaxed` Teleport label. They can log in as either `ubuntu` or a username that
+is passed in from the Azure AD connector using the `windowsaccountname`
+attribute.
+
+The login
+<nobr>`{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}`</nobr>
+configures Teleport to look at the
+`http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname`
+attribute and use that field as an allowed login for each user. Since the name
+of the attribute contains characters besides letters, numbers, and underscores,
+you must use double quotes (`"`) and square brackets (`[]`) around the name of
+the attribute.
+
+Create the role:
 
 ```code
 $ tctl create dev.yaml
diff --git a/docs/pages/reference/access-controls/roles.mdx b/docs/pages/reference/access-controls/roles.mdx
index 267c8c03057b6..48737637e5552 100644
--- a/docs/pages/reference/access-controls/roles.mdx
+++ b/docs/pages/reference/access-controls/roles.mdx
@@ -558,7 +558,6 @@ logins:
    - '{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}'
 ```
 
-
 In role templates, you can refer to these variables using the following two
 formats, where `trait` is the name of the trait:
 
@@ -570,7 +569,14 @@ attribute or OIDC claim called `trait`.
 
 You can specify an external trait in dot syntax if it begins with a letter and
 contains only letters, numbers, and underscores. Otherwise, you must use bracket
-syntax to specify a trait.
+syntax to specify a trait. 
+
+When using Azure AD or ADFS as your IdP, you must use bracket notation, as these
+IdPs assign attribute keys to URLs such as the following:
+
+```text
+http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+```
 
 Common examples of external traits available through an identity provider
 include the following:

From 4ddc0690b27a5c5190d55d31cd96b930e89c8f8e Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Thu, 17 Oct 2024 14:00:14 -0300
Subject: [PATCH 18/53] Check bounds of tpm.EKs() slice before indexing
 (#47669)

---
 lib/tpm/tpm.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/tpm/tpm.go b/lib/tpm/tpm.go
index b720df596a822..6175efdedb018 100644
--- a/lib/tpm/tpm.go
+++ b/lib/tpm/tpm.go
@@ -125,6 +125,11 @@ func QueryWithTPM(
 	if err != nil {
 		return nil, trace.Wrap(err, "querying EKs")
 	}
+	// Be a good citizen and check the slice bounds. This is not expected to
+	// happen.
+	if len(eks) == 0 {
+		return nil, trace.BadParameter("no endorsement keys found in tpm")
+	}
 
 	// The first EK returned by `go-attestation` will be an RSA based EK key or
 	// EK cert. On Windows, ECC certs may also be returned following this. At

From c786a24819c360eff6ccc81f0b0c275dfd6512f1 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Thu, 17 Oct 2024 19:33:02 +0000
Subject: [PATCH 19/53] Display more user friendly error for invalid os logins
 in Web UI (#47420) (#47603)

Host resolution no longer happens prior to connections in the Web
UI and all dial attempts are by UUID. When an invalid login is
attempted the error message constructed only contained the info
provided to the dial request: a login and a Host UUID. To make
this error more user friendly access denied errors are now
augmented with the hostname if the user has permissions to that
host and the error occurs only due to an invalid login.

Closes https://github.com/gravitational/teleport/issues/23719
---
 lib/web/apiserver_test.go |  4 ++++
 lib/web/terminal.go       | 17 +++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/lib/web/apiserver_test.go b/lib/web/apiserver_test.go
index 2c77ee51a0e3a..f038cf502625c 100644
--- a/lib/web/apiserver_test.go
+++ b/lib/web/apiserver_test.go
@@ -7451,6 +7451,10 @@ type authProviderMock struct {
 	server types.ServerV2
 }
 
+func (mock authProviderMock) ListUnifiedResources(ctx context.Context, req *authproto.ListUnifiedResourcesRequest) (*authproto.ListUnifiedResourcesResponse, error) {
+	return nil, nil
+}
+
 func (mock authProviderMock) GetNodes(ctx context.Context, n string) ([]types.Server, error) {
 	return []types.Server{&mock.server}, nil
 }
diff --git a/lib/web/terminal.go b/lib/web/terminal.go
index 2117a79a639ac..690e6884fce0a 100644
--- a/lib/web/terminal.go
+++ b/lib/web/terminal.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"net/http"
@@ -100,6 +101,7 @@ type AuthProvider interface {
 	IsMFARequired(ctx context.Context, req *authproto.IsMFARequiredRequest) (*authproto.IsMFARequiredResponse, error)
 	GenerateUserSingleUseCerts(ctx context.Context) (authproto.AuthService_GenerateUserSingleUseCertsClient, error)
 	MaintainSessionPresence(ctx context.Context) (authproto.AuthService_MaintainSessionPresenceClient, error)
+	ListUnifiedResources(ctx context.Context, req *authproto.ListUnifiedResourcesRequest) (*authproto.ListUnifiedResourcesResponse, error)
 }
 
 // NewTerminal creates a web-based terminal based on WebSockets and returns a
@@ -885,6 +887,21 @@ func (t *sshBaseHandler) connectToNode(ctx context.Context, ws terminal.WSConn,
 		// The close error is ignored instead of using [trace.NewAggregate] because
 		// aggregate errors do not allow error inspection with things like [trace.IsAccessDenied].
 		_ = conn.Close()
+
+		// Since connection attempts are made via UUID and not hostname, any access denied errors
+		// will not contain the resolved host address. To provide an easier troubleshooting experience
+		// for users, attempt to resolve the hostname of the server and augment the error message with it.
+		if trace.IsAccessDenied(err) {
+			if resp, err := t.authProvider.ListUnifiedResources(ctx, &authproto.ListUnifiedResourcesRequest{
+				SortBy:              types.SortBy{Field: types.ResourceKind},
+				Kinds:               []string{types.KindNode},
+				Limit:               1,
+				PredicateExpression: fmt.Sprintf(`resource.metadata.name == "%s"`, t.sessionData.ServerID),
+			}); err == nil && len(resp.Resources) > 0 {
+				return nil, trace.AccessDenied("access denied to %q connecting to %v", sshConfig.User, resp.Resources[0].GetNode().GetHostname())
+			}
+		}
+
 		return nil, trace.Wrap(err)
 	}
 

From 3e4ee24509ce39fe28f9abcf595a1b5230e70736 Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Thu, 17 Oct 2024 17:45:54 -0300
Subject: [PATCH 20/53] [v14] chore: Bump e/ reference (#47688)

---
 e | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e b/e
index 633e4577a551c..93725f2cb251a 160000
--- a/e
+++ b/e
@@ -1 +1 @@
-Subproject commit 633e4577a551c2d8ddd4564f932c012cf74e33ce
+Subproject commit 93725f2cb251a4a590afee935c63a9809c77f1f8

From 2c5f0c0aa484725f70015c4379016781ee30a4e3 Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Fri, 18 Oct 2024 12:45:34 -0300
Subject: [PATCH 21/53] fix: Avoid needless user escalation during auto-enroll
 (#47676) (#47697)

---
 lib/devicetrust/enroll/auto_enroll.go      | 19 ++++++++++---------
 lib/devicetrust/enroll/auto_enroll_test.go |  1 -
 lib/devicetrust/enroll/enroll.go           | 11 ++++++++++-
 3 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/lib/devicetrust/enroll/auto_enroll.go b/lib/devicetrust/enroll/auto_enroll.go
index 7eaf469ac4452..d6b9588198d51 100644
--- a/lib/devicetrust/enroll/auto_enroll.go
+++ b/lib/devicetrust/enroll/auto_enroll.go
@@ -20,22 +20,18 @@ import (
 	"github.com/gravitational/trace"
 
 	devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
-	"github.com/gravitational/teleport/lib/devicetrust/native"
 )
 
 // AutoEnrollCeremony is the auto-enrollment version of [Ceremony].
 type AutoEnrollCeremony struct {
 	*Ceremony
-
-	CollectDeviceData func() (*devicepb.DeviceCollectedData, error)
 }
 
 // NewAutoEnrollCeremony creates a new [AutoEnrollCeremony] based on the regular
 // ceremony provided by [NewCeremony].
 func NewAutoEnrollCeremony() *AutoEnrollCeremony {
 	return &AutoEnrollCeremony{
-		Ceremony:          NewCeremony(),
-		CollectDeviceData: native.CollectDeviceData,
+		Ceremony: NewCeremony(),
 	}
 }
 
@@ -49,18 +45,23 @@ func AutoEnroll(ctx context.Context, devicesClient devicepb.DeviceTrustServiceCl
 // [devicepb.DeviceTrustServiceClient.CreateDeviceEnrollToken] and enrolls the
 // device using a regular [Ceremony].
 func (c *AutoEnrollCeremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient) (*devicepb.Device, error) {
-	cd, err := c.CollectDeviceData()
+	// Creating the init message straight away aborts the process cleanly if the
+	// device cannot create the device key (for example, if it lacks a TPM).
+	// This avoids a situation where we ask for escalation, like a sudo prompt or
+	// admin credentials, then fail a few steps after the prompt.
+	init, err := c.EnrollDeviceInit()
 	if err != nil {
-		return nil, trace.Wrap(err, "collecting device data")
+		return nil, trace.Wrap(err)
 	}
 
 	token, err := devicesClient.CreateDeviceEnrollToken(ctx, &devicepb.CreateDeviceEnrollTokenRequest{
-		DeviceData: cd,
+		DeviceData: init.DeviceData,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err, "creating auto-token")
 	}
+	init.Token = token.Token
 
-	dev, err := c.Ceremony.Run(ctx, devicesClient, false, token.Token)
+	dev, err := c.run(ctx, devicesClient, false /* debug */, init)
 	return dev, trace.Wrap(err)
 }
diff --git a/lib/devicetrust/enroll/auto_enroll_test.go b/lib/devicetrust/enroll/auto_enroll_test.go
index 292268cc5ba7c..71a958274bdb6 100644
--- a/lib/devicetrust/enroll/auto_enroll_test.go
+++ b/lib/devicetrust/enroll/auto_enroll_test.go
@@ -55,7 +55,6 @@ func TestAutoEnrollCeremony_Run(t *testing.T) {
 					SignChallenge:           test.dev.SignChallenge,
 					SolveTPMEnrollChallenge: test.dev.SolveTPMEnrollChallenge,
 				},
-				CollectDeviceData: test.dev.CollectDeviceData,
 			}
 
 			dev, err := c.Run(ctx, devices)
diff --git a/lib/devicetrust/enroll/enroll.go b/lib/devicetrust/enroll/enroll.go
index cd36a170b2a4d..b96d1fdc102de 100644
--- a/lib/devicetrust/enroll/enroll.go
+++ b/lib/devicetrust/enroll/enroll.go
@@ -182,6 +182,15 @@ func (c *Ceremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustSe
 	}
 	init.Token = enrollToken
 
+	return c.run(ctx, devicesClient, debug, init)
+}
+
+func (c *Ceremony) run(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient, debug bool, init *devicepb.EnrollDeviceInit) (*devicepb.Device, error) {
+	// Sanity check.
+	if init.GetToken() == "" {
+		return nil, trace.BadParameter("enroll init message lacks enrollment token")
+	}
+
 	// 1. Init.
 	stream, err := devicesClient.EnrollDevice(ctx)
 	if err != nil {
@@ -201,7 +210,7 @@ func (c *Ceremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustSe
 	// Unimplemented errors are not expected to happen after this point.
 
 	// 2. Challenge.
-	switch osType {
+	switch c.GetDeviceOSType() {
 	case devicepb.OSType_OS_TYPE_MACOS:
 		err = c.enrollDeviceMacOS(stream, resp)
 		// err handled below

From 6f2fdf7c238f5ddfbfcc5c1ece750a58d2fbff4c Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Fri, 18 Oct 2024 18:32:12 -0300
Subject: [PATCH 22/53] [v14] feat: Disable auto-enroll via environment
 variable (#47718)

* feat: Disable auto-enroll via environment variable

* Fix TestAutoEnroll_disabledByEnv flakiness (#47723)

* Fix TestAutoEnroll_disabledByEnv flakiness

* Use t.Setenv

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>

---------

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>

---------

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
---
 lib/devicetrust/enroll/auto_enroll.go      | 14 ++++++++++++++
 lib/devicetrust/enroll/auto_enroll_test.go |  7 +++++++
 2 files changed, 21 insertions(+)

diff --git a/lib/devicetrust/enroll/auto_enroll.go b/lib/devicetrust/enroll/auto_enroll.go
index d6b9588198d51..75ead77630d58 100644
--- a/lib/devicetrust/enroll/auto_enroll.go
+++ b/lib/devicetrust/enroll/auto_enroll.go
@@ -16,12 +16,21 @@ package enroll
 
 import (
 	"context"
+	"errors"
+	"os"
+	"strconv"
 
 	"github.com/gravitational/trace"
 
 	devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
 )
 
+// ErrAutoEnrollDisabled signifies that auto-enroll is disabled in the current
+// device.
+// Setting the TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1 environment disables
+// auto-enroll.
+var ErrAutoEnrollDisabled = errors.New("auto-enroll disabled")
+
 // AutoEnrollCeremony is the auto-enrollment version of [Ceremony].
 type AutoEnrollCeremony struct {
 	*Ceremony
@@ -45,6 +54,11 @@ func AutoEnroll(ctx context.Context, devicesClient devicepb.DeviceTrustServiceCl
 // [devicepb.DeviceTrustServiceClient.CreateDeviceEnrollToken] and enrolls the
 // device using a regular [Ceremony].
 func (c *AutoEnrollCeremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient) (*devicepb.Device, error) {
+	const autoEnrollDisabledKey = "TELEPORT_DEVICE_AUTO_ENROLL_DISABLED"
+	if disabled, _ := strconv.ParseBool(os.Getenv(autoEnrollDisabledKey)); disabled {
+		return nil, trace.Wrap(ErrAutoEnrollDisabled)
+	}
+
 	// Creating the init message straight away aborts the process cleanly if the
 	// device cannot create the device key (for example, if it lacks a TPM).
 	// This avoids a situation where we ask for escalation, like a sudo prompt or
diff --git a/lib/devicetrust/enroll/auto_enroll_test.go b/lib/devicetrust/enroll/auto_enroll_test.go
index 71a958274bdb6..e8a788dc31da8 100644
--- a/lib/devicetrust/enroll/auto_enroll_test.go
+++ b/lib/devicetrust/enroll/auto_enroll_test.go
@@ -63,3 +63,10 @@ func TestAutoEnrollCeremony_Run(t *testing.T) {
 		})
 	}
 }
+
+func TestAutoEnroll_disabledByEnv(t *testing.T) {
+	t.Setenv("TELEPORT_DEVICE_AUTO_ENROLL_DISABLED", "1")
+
+	_, err := enroll.AutoEnroll(context.Background(), nil /* devicesClient */)
+	assert.ErrorIs(t, err, enroll.ErrAutoEnrollDisabled, "AutoEnroll() error mismatch")
+}

From 59e4c0b0e7cfd318f8dd79771c593a28b7740dbd Mon Sep 17 00:00:00 2001
From: Grzegorz Zdunek <gzdunek@users.noreply.github.com>
Date: Mon, 21 Oct 2024 15:35:25 +0200
Subject: [PATCH 23/53] Replace logo in webauthn graphics (#47739) (#47746)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Replace webauthn graphics with a new logo

* `Login to` -> `Log in to`

* Run the svg through ImageOptim

---------

Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>

(cherry picked from commit 27d888eacab570be8080bdf690c383c78e67ecf3)
---
 .../ui/ClusterConnect/ClusterLogin/ClusterLogin.tsx    |  2 +-
 .../ClusterLogin/FormLogin/PromptWebauthn/hardware.svg | 10 +---------
 web/packages/teleterm/src/ui/Search/SearchBar.test.tsx |  2 +-
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/ClusterLogin.tsx b/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/ClusterLogin.tsx
index cf26965964b71..c3de0e250a4e3 100644
--- a/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/ClusterLogin.tsx
+++ b/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/ClusterLogin.tsx
@@ -57,7 +57,7 @@ export function ClusterLoginPresentation({
     <>
       <DialogHeader px={4} pt={4} mb={0}>
         <Text typography="h4">
-          Login to <b>{title}</b>
+          Log in to <b>{title}</b>
         </Text>
         <ButtonIcon ml="auto" p={3} onClick={onCloseDialog} aria-label="Close">
           <Icons.Cross size="medium" />
diff --git a/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/FormLogin/PromptWebauthn/hardware.svg b/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/FormLogin/PromptWebauthn/hardware.svg
index 57a457f62f97c..a60e9e7513ddb 100644
--- a/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/FormLogin/PromptWebauthn/hardware.svg
+++ b/web/packages/teleterm/src/ui/ClusterConnect/ClusterLogin/FormLogin/PromptWebauthn/hardware.svg
@@ -1,9 +1 @@
-<svg width="328" height="239" viewBox="0 0 328 239" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<rect x="0.5" width="327" height="239" fill="url(#pattern0)"/>
-<defs>
-<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
-<use xlink:href="#image0_1854_9160" transform="translate(0 -0.000712053) scale(0.00150602 0.00206054)"/>
-</pattern>
-<image id="image0_1854_9160" width="664" height="486" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApgAAAHmCAYAAADX8f7lAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAACmKADAAQAAAABAAAB5gAAAABhNehfAABAAElEQVR4Aey9B5Qdx5UlGJnflbdwBW8ID8LSgSRI0HsvkNtqSa2WodTqVrd6Z2d3z87ZWfaZPWd355yd6bM90rQo0y21PClRNCJFUSJBErQAaEDCe4+qQnn/7d4XmZEZmT/z+1/1CxUB1I+IF++9iHiZP/P+F44xFZQFlAWUBZQFlAWUBZQFlAWUBUpoAa2EupQqZQFlAWUBZQFlgUlvgVQqpT366D+EOjs7wvHaVGgoGQzqyUAwOJYIxIO6HogmAqyKsVQyoSWTQU3X4yktGkjFgqmkrgdT8eRYokqLxOOJkUQ9q4mHw8FY18Kl0V3ffTyuaVpq0htIdUBZIAcLKICZg5EUi7KAsoCygLLA5LbA1q1PVA2wc3UhVlMXZ8m6JEvVJVPJep2xOiC+OqYla7WUVp3SWISlUuFy9RZ1xfDiHdN1bTTJtFEdfymWHGUpNpzStWEtFRhiifiwFg4NVUeiAyNzEoO7n3wyVq72KL3KAuWygAKY5bKs0qssoCygLKAsMG4WeOKJJ/SX3+lrGhlJtOp6qhU4bhoAXKuW0hvxogOITAbHrTElrkjjIFQbgPOzH3+9CU3r0eOsJxQKdc9vae556qknoiWuUqlTFijaAgpgFm1CpUBZQFlAWUBZYLwssG3brwLH+t+eoY2MzkroAJAEIjXWmkylWuAFhENy6oWUBs+npnVrSdajA3wSAA2nWNf86a0deYDPcuEBNSVg6t2SvMfluqGmqDlVt5UFlAWUBZQFSmUBmgt5xU1fa00FArNZQpsNpDIHL61ZoAdKVcelrocDz1SqPZpKtmuJWPvgaPDCsd1P9ldQvxUAraCLUcqmKIBZSmsqXcoCygLKAsoCBVtg27Ynwie7OxfGkmweS7LZmBc5G17JSMEKp6hgMpnM2HMacmea1g6+dj2ZvDAW0Nr3v/lkO4QqBexVSjsy2lEVZraAApiZ7aNKlQWUBZQFlAXKZAGaN/m7VzvmxIPaIi2ZWpxiqblTdZi7GBNnA5S56Aaio8VHp5MaOxWIaqc+iu08y3bvjuciOw48CnCOg5FLXYUCmKW2qNKnLKAsoCygLOBrgU1bH5+mB4KLEgkGQMkWlXPFtm8jJnlBKQBlVhNoLInrcz6ZYKd0FjvVnRw4deadp0azyo0PgwKc42PnompRALMo8ylhZQFlAWUBZYFsFrhy6zewICe5iiUDK1OpJFZ4q5CvBcYFVGZpVIppnTpLnkomEie7U/1HKwRwKrCZ5bpNVLECmBNleVWvsoCygLLAJWyBDbf9zWwWS6zCkPdKdLP5Eu5q2bpWCaDSv3PYNRRD6kxLHBoe0g4d2v1klz/vuJUosDlups5ekQKY2W2kOJQFlAWUBZQFcrDApju+1cZi0csTSbZSS6UacxBRLB4WqGxg6dFgg9TDmHYopcUP7Xmj7xRjT2VeaeSrpiQFCmiWxIzFKVEAszj7KWllAWUBZYEpbQE6IWco0AFQqW/A0YmzprQxCuz8RAJK2gqqwGb7imk6G8NC9qNJFj/UM9J5+Nzu52nu5kSCvoms29dOl3pByW+sS91gqn/KAsoCygJT3QIESjbf9PcLoqnYBqalVql9KQu7I8YTWJYDSObSa372eoqdTqUS+8cuduw9ePC5IZfceIK/8azL1c2pl1UAc+pdc9VjZQFlAWWBgixw++3/U21XdHgDTs3ZAAVqXmVBVmRsPIDlRAHKTCYhsJlKsRNaIv5J1+n+A2fOPDXmw19uIFhu/T7dmlpkBTCn1vVWvVUWUBZQFsjbApu2/rtpqdTIZqaxtcpbmbf5LIFyAstKBJRWxz0Smq4lQD4cH4t+sve944cY2+43Z7OcYLCcuj16PbVICmBOreuteqssoCygLJCzBa7Z+q2FY6noZkyfW5qzkGJMs0A5gOVkA5RpRpEJGhvGfpsfj470fHjkw6cyrUYvFyAsl165l1MurQDmlLvkqsPKAsoCygL+FqDTdV7Y3r0qmYpdi7euWrTjb6qsJZMMWJYTD+QM4DSWOs0SyQ8/7u/fy/Y+lekkoZx1Zr1QNkM5dNrap1iqnDfUFDOl6q6ywNS2ADwqOuZY+Q1zTW3jTILeb9v2q8CxrtfXpZLJGzBPrmESNLlimyiA5fXXXD7jyg1LZycxaXXnhwfPvv3+vouFNLqE3soC3/mZvtZ6IV0SMv6ATtOiuBc/isXG3j/w/o+xBVLG4K8no5hnYSl1eVYwVYgF3mxTxTyqn8oCygLZLICXXw14/hP+rsPfUfz9BwDNE4hVmAQWII/ls693XY6VJzdi+UnTJGhyRTdRgMv/+z9++Yb1a5fQJvNWeH/3wU/+4//1o7ctQpZECYBllnd8JuCYpXEFFWcFo57gDsTD8Vh05/73/pWeL9mCp45sQh7lpdLjoXpqkLLcfFPDCKqXygLKAoVbAC/Br0L6a5KGnQCYfyXlVbICLUDg5Yobv7kmpSdvRLqlAps46ZokwOVffem+NQ/cvZl+cKWFX/7mje3/8rPfH0wrMAl0XfzKcqBnkM0MJvGdzSCbQ80+LOhPFqCWEXQ6ZNHCrlgstnPfxQsfsSMvxXyqFGSHrCAWEJdKTwFVT26RjFd2cndNtV5ZQFlgnCww21VPmyuvshVkAQIwG2755qqNW//m60kt8RDyClwWeX0IWApwSaquvWrVMj+VW65ds9yrjK4L/XmVZaGRjPiTWAlQyn9GEQFJryAJljTpVRfR7ErkNqaBYNEvzg+o2hoMhu5c3zbv79Zc/5UbZq69vdrWk5YSsmkFeRKktuYpOcXZg1O8/6r7ygLKAsVb4CWouBd/4kH8u+JVKg1+Fti2bVvgyBHWMhxgLVo82spSektSY4hT9QAoVUzTqnTEKU2rxtkpiFkVth8MspQ2iq1hgis2Pdqm6Xq1xvQY3vNYRJGKMy0wounBkYAeGMYpLCMpPTAS0AJRvzYoumEBGVTKNmmoq/Gdw9pQV+0oKwJUylUinQbOeLkTzLlEPLMFgVyXJi2r18+rXbAF5Nz9sPxg4vnCkilWrTP9xpmNizZP2/zVD0aive8e2/3UIBrhVa+Q8ypztds3Wwodvsov1QIFMC/VK6v6pSwwThbAi+J9vBe+hOpoSPAw8n8ap6ovuWrWr3+waUQPzE8l43Pxqp2n4y+ls3l4bc7D23EeMPz0jw5GCaBoLCG6jxey/OqEIH9F07uaAiIjmWKpBNFyw40aI/DJRpiuD+Ca9uu63gcg2q8HAn0Ao/TXHwhE+gFe3YiAar3kgx+4pI5f7OnvntPW6unJv9jd3008pQGW6ab3Am5UX3rwAZLpKtNFs1F0H91czh98ym03wCYJyA1ygc1UKhwIaNfU17Zcufa6L+2JxnreOvD+M70Qkr8RvFZ8lAIkkg4v3aIOFUsWEAaXSCqpLKAsoCygLFAuC5AH8tPDycWpVHJ5kqWWw7O4Au+s5XglrwDqmF6uesuiV9MS8IR2wyPapevBTi0Q7AoEg526Hu4CEB0pS50TrDQTsBRNe+CuzfP/6sv33SXycvxfvv3r519+ddd5mZYh7XpHy2ALiAkhgyyKXEDPKW6IpnAJMwQvES92C/p5FRJNC6QDszQhf/BJKmzQSTkKTgWwRgJHUn7UP9j15omPfjtg8PgCwvT2mAI5RsXK51jN5GXLeGNN3m6plisLKAsoC0y8BTZv3lbdO5ZYl0gmNuJdvxE+xI1aSluNODzxrStvC+ABHdT0wHldD53TQ6HzejB8PhgMk3dp0oZcwKXo3Nf+4t6V9911zbXBoM5HCsfGYtFfP//WWz/6+cuHBU+G2PVutmFeZlCZBVC6wKStNb0lQE+uNqTzeFEg5Au8nHAQ0m7Qmc7gqSsr0NS1OEYBdp3r7Hzr4sHnhs12eupCmR/dq3tuWjGybl2XXL6gG+iSs4LqkLKAsoCyQJEWoCHPVeseXg2v5Ba85jcTmMQblLySgSJVXzrimjasa4ELeiB0NhAInQpGak7B+zla6R3MB1jKfWluqg9ftWn59BTfB/PQxe6e/mwrn13vZBsC+gPLDKBSApS2JqOFQEauuuSWly/tBqAOTOkLOP09m06w6dBGPYyyeOK9iyc73jl37vkxs1deoNCLlqsRipHNtY5JyTchN9iktJRqtLKAsoCygGSB1du2hRNH4pvwgtuCRQdbsAT4OrxpmiUWlcxuAaxFCnRgPufJQChyMhiqOokhdjG0mV16HDgKBZfUNPrRkWMTXXw2HMwKLG1WVOgc7hZFuC9d+r1alamtQpOXHNFcwC6NzR8gomEOgObQJACnk+jgF1VlAprwpo9g6Pz1PW99fxf4Sd5TRwa6qCZT7Kczk8wlXZbDTXdJ9191TllAWUBZIGcLrN6wbVUsGb8T3sk7IXQ9EESmbVJy1qsYbQvomt7NAqGjwXDkcCBcezyAE13s0vFNFQouywcsJRAoMJ8EKgWJrAS04/N+l3Rwc8pSpn1zB8amgCvCyi8XBVkHSkTei4c32pK1JATQJKUWkTLpOjICTY1dHB0ZfuXgrp8cIWkEqy4ja3360S0Gn0Shcj7qJjfZ5wac3J1SrVcWUBZQFiiFBTZt2tY4FIvdmmQagco78D7CSm4Vxs0CWESEnZVO6cHgkUC45nAoFGkfr7rHF1zaIM/bYymBQsFqAkuRJbsA3Xi80yVZeUW2G0TKilxG9tZrMKHCzKDKAQgh4wCfcmE6WKQahH6L0xNspstmAJrwmmtH+3v6Xzn+6c/p6E6/9vvRqVmZQqFymXROyjKPm3FS9kM1WllAWUBZoCQWWLnp4bZEIvUwSyUfgcIt2OJHbedWEssWrwT7eGJrpND+QKhmXzBcfRJAoSwv8zKDS+m9a6O6jMDSZgMcSmiObEZQaXLKYFIWxiWBAaX2FH+N/DQIoMjLLbSInOMaOgoc11bIyxzWIiGLmH4/+AFN2DuZSMR3d5/oeM2cn+moz+yHF82vizK9UDlZx6RPj8uNNemtpDqgLKAscElbYOWGhxckkgCVLPkIAOW16Kx6Nlb4FQdAGNID4QOYt7kPi4WOEWAoRZMLAZc5Dom77imjuTkBS5e3EujFpcvDSylApWSVdDnJYtJQu0QtPil7HF3a0AkbiAmQmAY400GjkBMixQBNpmuDybGRP3z63o/3onl2e5xt9aM7uZy5QmScGiZ5znWTTvLeqOYrCygLKAvkaAHaj/Ljw/HP4Yy/v8Gb4IocxRRbJVpA00fg2dwXqm54E0cJ9hTaxPEBlzbiSweXJlAULDkDS1PABSpxX6e/47MASeyCkC5TgEF1j/mRDjUewFMAR2uepQU2BZR0gk3BL0rzA5qWFDWLD5uPjXW8lGGj9kIAYyEyDjNN5kxJbqTJbADVdmUBZYGpZQHyNq1Y/9A2xP+Apz82OVfhkrEA5mzidKEPIjX1b2ArpP58+lUmcCm9YwVqpFFh9wbp+QBLAQBzBJU+gDILkJTabVgR0xMC2FQ/DMhq7OGaYlGcGRXFFkzWmVKmvTOCKl/g6QKcAjzmAjYFrwUZhS6b4GiTz7A5Ds1i8WQq+QZWm7+DvtgXzL6RHHpscsZUITIZFU6WwrSbaLI0XLVTWUBZQFkgXwvcddc3I0fOnvoV5O7PV1bxTx4LAL9FQ9WNPwtHao7n0urxApfpwJJaB8AooExGj6UELLN5Kl2gMgOYxA4+ARy3qLcAQLbgLPoWHAnaktL1evgKwxg+DuNgAAEqLbjmsinUA2xqqSgOCUfMoloyOQCbduOAgW4A0O5EItmNuaNiN4A0wJUGOgVANCviAFLUnsGr6QCaQoeQ8/Co2kDTYuIXBCC6Y2i0/4WjO39x1tVXo9yDmIWU1ucs/JdEsQKYl8RlVJ1QFlAWyGaBtWs/XzvKBp7FavBbsvGq8kvCAvFwTeOvwpHag5l6ky+4JA94Jn1mmckjkGMWr2WuwJKUU/3CeSkPgWcHldjTPlCLKQTztYA+Fw7JVgDIFoDe2hz6UzQL7DYEANoNh2dXKpE8E4/HTiWTiSHqkaw8E9gUANLp1RTg0B4+Jz5BzTZs7gcyYRdsnZnYseft77+B9tkX0miso81y+zOkC5HJoK7yi3L5olR+L1QLlQWUBZQFMlhg69Yngud6PnoNL5PrM7CpokvNAjibOhJp+EWouu6Qu2v5AkuSx/2T7Z1pltt4JN1raeogFglYAn1IukU9YBJ1UlLmyQwouS64J6sDofA8bF6/IBAIzMfYfIvbDhOaT5F3M3EqEY+fTMSip/HjT5xfb4GxrIBTIEnu2aSME2hS/wQLB5t2xqqDePyAJuo/39fb/6zPlkYOHaQnS8iXP4u6yi6WbujKbqhqnbKAsoCyQKEWWL7+wb9LJlP/WKi8kpu8FqCtjarrZv5/ekC3jmkcD3CZEViSOQEQOcaUQSM3M4HL3ICla+ibv8+xb2hTMBJZHQjql2maPh0qJ8t7Hhgv2ZmIJ4/Ex8b2JlNxcW69BcocYFMMgRsdTFkoMhvQFHIeQNMGmXQhLIYU7qFEIpZ89dN3vvceCqz2EBeCO29Q/T/z5ffXVOElk+XGq3AzquYpCygLVKoF1q59aMaIljoEF0VjpbZRtau8FgiGqt+sqmv+I9WSL7jMwWtJas13KUFGZBB4wvrI1WtpyHOvJWFMSy8USR5LN7BEZVWBcGRFMBxajaHv2Va1kziBofRz8WhsbyIaO4DFRHRevQXMsgJNC2SSAZweTQs2OoCmzUMSNtC0uA2yljrZ1zv07KlPftZHBClYbZNomZL58mfSVbFlgYptmWqYsoCygLJACSzQOGvFf8Eb47oSqFIqJqkFUsnEHD1QvQdezFGAh3x74QKLDnEqM8szgEsqomptr6UEHrnHEjrAYMyvxOQ/rtPQy4GlAVAJWIKL1wm3Gka/Q5eFq6q34O8ODIOTx7Le0bpJnKG+oE9LQpHIFYFQaAZ6jbVCqT6N4J+BGoHiyRRkG/xpHAxyaAlTIk80MgAH+0gZGaLQpYAeQ4aTqdBIULn9A8HgJBoC1ddYXRVZN332qq6OM3u6DLJRJqVzSdqV5cI9SXmmRCcn6bVRzVYWUBYo0gJbt36x6lx3TwdeE5fMi7dIk0xZ8VCo5tVQTcPr+Rggi/dSen96gUsCPggcXCZ42sSZkhzxgOq1cMfXY6nhxMzw2lC46kpob+B1TJ2P/lh0dGdsLLoHRouj24QAMZgteSBNzyQMm3XY3ICkAa7DGBGX9JBy69eI05NJdTKWeG/PjqPwim83Lr5BNHQZ6Vw+8+XPRWfF8CgPZsVcCtUQZQFlgVJbINy88Da4O75Uar1K3+SzAIZcI6FI7e5cWz7e4BJIg4CnAT5NcCl5LFGih0NVVVdEqqrvCwRDy8EbybUvlxBfJBAILg6Gw2uxJB5nPSY7AQOThNLIfobL0vRMki3hyeSQkQq4ZdO9mdyTyb2gAJEGFziNy+D0ZFIthhLDnvrcmQunLa5unnes98KBMdPGhqCZySHKlz8HlZXDogBm5VwL1RJlAWWBElugZdbKx+CGuLnEapW6yWiBVKo6GKndAdBASCFjKBpcmq7KXIbEU0mOWgygYQ6Hy8ASC0yqwuGaqwEs78dKcAyDY1/KKR7IBrDFQrhy12taIIgFQZ0AkwkDApIpyTNsA00LZHIaGY+AJje5/WGDTM4gg0wn0JRFWEN1pH5d06wNHRfPftBNggicwUjm9Jkvf05KK4FJAcxKuAqqDcoCygJlsUDrzOVfg+K1ZVGulE4aC5gjnTi6PPyJrgeHMzU8N3ApECRBFe4VM1UC1IgBU4BFk4sAhAkiCPiA6pxriTwNoVMZlRoxzbEMR6quilRXP6QHAougIWhWoiJhAdgEtpkfCoc3wMOL7TWTF8i4uXszucn5hwFOyfbwZFpIlRfx2uzrbNFMuVQoENAun7ngikD7qd0nzKZZTKKpWeJ8+bOoq4xiBTAr4zqoVigLKAuUwQLTZq78FtQuKINqpXKSWMAEl7y1OK/8oB4M+55Vnju4NIClDTpIPcAJR5QGWJTApVHGQaYFLvmQLm9U+nA49kEPz6+qrXkEi1xWQky9p7mhMn1ocGiSRzO8HAPmXVjU1Ucgk/5onJxfG3kRkDVkbgJKfm2ESxM04iUxPmRuYz/jehsFZmvsQsbmz5x/RVt9eMah7u4jdPnlMpN9akXqxp1a11v1VllgSlmgZebyJ9BhtT3RlLrqdmdlcElUjKaeDIYi520OO5UvuLQlKWWCS05MyZ5Lo4x7LZMEODgIJeBjsJKX01oZDueZXoeh8NtDVZGbAGZqOI/6yNkCZLNgKLQGXs1mHFN5Ds5MnJdOIJPMbQJHsr1jbia/FPgQMWfwBZlGY3xBZmuormn5tDmLj3Se2UdbK3GlOXYgH94cVU4smwKYE2t/VbuygLJAmSywbdu2QHt34v+BergjVJhqFnCDS+o/jkq8EAxXH3fbomTg0jksjmrIQyZ5LcX2Q+aQuDUcjvHwcFVkY6S65kG0sc3dPpXPzwKw4XS+EEhjcWzc3k6+TANoEjC0gaYxN5PypN89L5OuHf3h8SF5Mg0vJvH7gszaYKB6bdPsy89cPPORe79MEswUeEsyMUymMgUwJ9PVUm1VFlAWyNkCWvXqeTiG7t/lLKAYL30L6HpvKFxzQO5oFnBJrHjp04gnQRB5viVRAECoyAKMHHaYIIHAiQQuuR7Ba8+11PRgQ1Vd7WdwRvg64Bg1z5LMWoJAtjRWnIcWAGSexGLzMQNk0uXBtfEcMneDTGpI/iAT9YRQ+doZ8zcMdpz6APNCp2YwvwhTs/Oq18oCygKXrgWWbXxgC3bKe+PS7aHqmZ8FvLyXxIt1MydqGmb8i5DLAi7N96MXuCTQgWCCSx4JAMkBSXZgCWlsaBnCRuI1dwPCVnF9FfCRiMVYNDrKoqOjLJlIMCycATYz40QSJyHR9pPkDQ5iyoHOAjp2odQDPMbQNAtXVbFwuIphc/QK6I3ZhBQbjY0NvxiLxY6CQq5H+CW5/xJXIUAX03fPTCrjQyA+J//gHuL6uKfTqM7MGxlsWvDux29+7xXkHHSj1PczH15fJRNdoH4tTfQVUPUrCygLlMUCWkJbwAfGyqJdKa1UC1jve48GoqxJkJE2AaSgOGJHmdNzWTy4pBXiVVXVN2ARD22WPiEhBeA4OjzERoYGASbHWHQMoBJ/SYDJUgQMUzOsgjf+qiKsuraOVdXUAoxOwIwVAPhQVc3DejC+c3R05A0NiJmmJ3CQCe9zitZR4TeBATRxfTXaWlNHlg5VQo5AJnmpBciUDET3Bu4lsNHPDAOKImEBRNxm16zd8tW6PW8efhabsudqXLr/LB1SdZMqqQDmpLpcqrHKAsoCuVogqWkLMMk/V3bFdwlYgL/nM/YjWU/AkjBBRjarEJtUIlhZ7p1EjrAEAAePOC4hDgKeBEUQUyTofPicSgxgGtACjaHamvt0TR/fM8PxXRgZHmYjg/1seHAA6SF4JqkH5QkEVEdHhvifqIHAZTVAZk1dPauua0Aa65hk8wrGMsUE6Ktra+fEhoafT6QS/bgmhifTBI90zWjVFdMzgMwkTv6hcuEBRVv5DeW8+ZwAMaWtWXf90pqhC9W/OnLkpWiZuldxatUczIq7JKpBygLKAqWwwLQZK7+A1/zGUuhSOi4ZC2CXoqoP4EbL9JI3AaUBvmyAaQDEIsClhnmWiyM1NY/inO3m8bIogcmuC+fZhdMnWV9XJweXsSi6PxE/vlAn1U1t6u++yHo6O7jXlIbWQ+HxOZgI17OeVpoDXHcmk8le+qUB1yQ+CVQaHkhj8Y9J5giY3xLmB90H4ONCnCRdSkObRJCSWnOkvnlxqmnlgaH2PTGpwC/pVu7HV7F0BTAr9tKohikLKAsUY4GWWSu+CfklxehQspPHAk4Hkn+7gTD364Gg3+pe86VeGnBJXkvTk6lhe6TV4erq+4BXyj45MTo6wroB3toBKnsvdrAx5HO1j7/lSl9CbaK29fd0sb7uLhaPxxnmpTIchVn6ymSNGhYAhUIrUH0/PK2d+YBMY4A/HWRKP0RQE7+N0gAipuzU11dFlkcalx3u6/iEtjHKFtJ0ZBOopHIFMCvpaqi2KAsoC5TMAq2zVvzvUNZaMoVKUcVaIB/whMUpxwPBcLtHZ3zAJee0VosT9DRBI6UgA4rHsLgYEgeThrmIV4YiVbcibeATJMoRBvt62YVTx9nFC+fYKOZWlmo+ZTna6tbJh9TR5l54WYf6+zjIpAVDZQzYFjVIR2/GEon4uTxApgEf+bV3ejJzAZm4WWqqq8KrZ85ddaT99J6Mp0qVse/jonpSo+NxsZCqpJwWKPb+o2eCCsoCaRYA4NCWrXtwBAXjM+6W1gJFGE8L5AMwg6GqV8M1TW+42pcBXAJEclRpzLkkOQfApPl7hDFNt5UxN5OAJw9apLp2a3kX88AN19PDutvP8+Fms95LIqJFQi0z21hDM80oECYtfdcS8fjOsZGh7dCMFeP26nKqCbUaK8z5vF36fYA1QZyPkpiPSYH/bLDn9eJ+NN9NvMBMc07rA0uIhuPR5I8/fe/7HRbRP+Gpw5+9MkqUB7MyrsNUaAU9Hdx/xfbbrU/ki9Wr5Ce5BX7x3MHZqVT8f57k3VDNz8EC1rs8B15i0XStJxiuOehip2cHgvEelzxRFrgUpeAQvIiBLLEOyKLxhT8GuMRSIh2rpu8GuFzPVZf6AxiGhpXPnzyG+YxdDF64Utcw4fqoT+SVpSF0WpVeVV0N65vmL2HrdF2foweDTRiixzZGtBs+1YHr6Dkn00CTVD2OBDJ4jCbh00zgBjKaxyMzbVDEJ+6ZUCCorZrWtuFIx9kPhgTdJ/bU4cNbMWQFMCvmUlxyDaEvhPw3nh2U6xXp8axf1TXBFpg2a9laAI8vTXAzVPUVaAGN6aPBSM3HUtPoGYFAbkrCLwIcGFkDc/od/4g5lsbpPMAjdAY5h6ikIVBdU/8wFq8s51pK/EGLZM4eP8KBF+1VeakH6iMNmw/09mCfzeqyLAgCyJyB3dFnJeKxgwB/hBxhVi+Qab1S+PXmINNY9EOXATRONi8JNBl5mWiW8XslH5BpyU2WBIfik6Wxqp0VbwH6Eom/SmusaJccV1obVXtKZYFUclGpVCk9lWuBfL2XvCeppLUXJvL0PEDwApcAF0TmXkkOBkxe0KnAnHfJxU1wac671MLVtfdiS57FvKyEH7QJ+nnMsTxz9NAlNxyei5lon07qO9mAbFHqgFOVFtO1g15+RjzXL/1wMG4TflPwe4E81/zOIR6esFvk+qFCBeb9Y/NQCjtu1gTD+hfWXP2VGc6StJynfBpXBREUwKygizFJm0I3vfibbF0Q7faKJ1tfVHudFljkzKqcsoBhAZxF0wBsmPbucwICE1xChMMJCxw4wSUBDOG5FIt6cJ74rTiisMSeyxTf0uf4gb1soKd7yl9KsgHZgrY54tC/hBaha0fXECq9QSb9sDDuCnpvkIPbBTKp3AjGPeVCnqJQivMAmZJU5SfTvmSV32TVwgqxAH2JrC9ShbSplM0Q/RNxKXUrXWW2AB7pC8tchVI/wRYoyHtJbU6xQDI51oCU+fxyAwAbIBB45CCS9zUXcFl9LbbY2cDZS/QRj0XZ6cOHWOe505NqVXiJuu+rhladk03INmSjUga6hlhgtBk600CmgS2le8RdMb+d3OXWPWbec24hui21avJkXrblL6ell1oUX3mLo4ISCmBW0MWYJE2hG3xS3eQlsqvot4hLpFapKYcF4FZaVA69SuelYQGcFGgOkxsvftt7aQIDIgNcWrCA5uIRsjCHxT08lxrO316H7Y+uL6WFBjHv8OTB/Th1Z7CUai8pXWQbshHZqpQhGI5cj2u6FjodIJNfe/P+YIzm3Rp7nfJ7xRxO5yCU3zMQRjDaZd1NZt7ZWvxgwo8ZrbqWRT63eNPj9APIL3jK+zFPJF0BzIm0/uSrezxvbKpL/FWipUTb5LgS2zlF26QtnqIdnxLdLth7ya2TYslYrMUY5pQBgGk6EzzwiD+DsoJLFgyGlwYjkdtLZnysHLp47gw7h4U8l+Lq8JLZyVRENiJbkc3wI6Bk6uma0rWFQhtkImODTNtTSTQHyOStMMptkJm5aQQyob2+oTbwudmbHseS+ckdFMCc3NdvvFovQFSp6hP6MsVyXZn45DJZZiLScltEeiLaMaXr3LTp8RDeMfOmtBFU57NYwPBgOl/8eLmngUtTjey5NElizmUQq4+xspkvDMlSaU7FfEj8yEGcxOO1F3xOKqYsE9nsNGxXwiFzDdf2Hlzj6TCqATJNLyUHmdzS/Kah573HfEzOIH1wCEp5zi8VOJKpVLJ1Rk3gs6tXb/M70iijvEPZBGYUwJxA40+Sqkt1I5Me8Veurgv9clyuunLVK7eF0iqU2QLDia6FeNSrZ1uZ7TxR6ovzXhqtxgucdu6Wgu2Jkohm0gAFFqDgQ+cmv8bC4Zq6+/FkC6bL5U+hVdKnDh/AkHi2bRHz1z1VJMh2ZEOyZUmChl2R6BqnkjbYk4fCudcxO8i0f8zkCDJZcnawpeVRxrZN2mfZpG14SW4cpSSbBYoFRDK4ylaXKJdl3GnBk0/s1kH5iQzu9kxkWy7JupPJpDp//JK8sqXoFGAiQjIZb7Ff+KZejhGMeZcWmKR5dKb3knMJYGGI0Ck9t2GSHYbbiw8EjE4fJu9b6bffKb51k0sD2ZBsWTKgjmscqamjKRD2UDnuBX6f8PuGfnBYwNFlLPvHS9o95+KkrDFMbhUsXrul5SEr50xM9LvM2RqPnAKYHkZRpKI9jQJE+ZlSlHvFfjJE9+J30zLJi7JCZIRsqeNKakup+zYh+lJ6cvGEVKwqLbsFivNeGuCSNzLFJA8mAIAfuKQC/OdAwgSXYq/LUCRyOba0WV2KTg/197Oz2N9RzbcshTUNHWRLsinZthQBK8tX0TUnXWJ6BKUtkEkZc2EP0TjctH6Q2CCTs/Ebjqfo+Z8xgGHV2hu+flNGpgotVACzQi/MBDYr6w2foW0k6ycvyvzKZbUyr5yWefzSMr9I+/EKuuCTY1E23rHcBpEe7zZM7vpSaoHP5L6A49D6VKoGq8SznFNPyNJYISxaJIBFQNemhUJVtwh6MXF/bxc7e+IIvKockhSjalxl4Y0b1/oKqYxsSrYlG5ci0DUP6AGaj2kEC0Ai6xoqFyw2ljQoBXgxcRZp6vo1W77Cwa2ldxIkSjJvZBL0UzWxvBbI9KTxK/OjZ2ppNhnJReFQ4yXnxysE3TLZ+IVcOWJ3W6iOiWxPOfpYSp1qiLyU1qwQXaXyXhpHAMILlYg160G9nQMAAAWCd/hSmd810+MkMJ8EJPQUzbusp3mX9py8Am001N/LLpw8adRcoI5yiFVVR9i0adPYtOktbPqMaayhvpafA15VVcWqqyKsqqaKhSNhXnV0LMrGxsYw5zHGRqNjbGxkjPX29LHurm7W1dXD//p6+2notxxNza4T9ZKNAQxZbYN8iFN20TQOPh+z9v6xgf5/S2qpqE7H0OPeSGkBPnbOdNw3mFRBcnQv0U8U7sWj+4jK+LH1QisnUobuuazGCWrB+1Zf/3jv3h1PnhYacpWV+Mc1aX6ZxrVOVVnlWqCQ+8FPxovuRRPWyFQmeLzibF/MbOVCZ658hfILuXLF+ba/XO2YcL1L1z34Cd5maya8IaoBJbVAcQDF/noYCAAoMVL3dKi6dn86wCQgQNAA3sskwQXjjHExNI5TXm7GcOmmYjs3MjjIzhw/jLUjBDQmLuAMbtY2eyZbvGQBmzdvDps2cxqrq6staYOSiSS7cL6DnT55hp3E3+nTZ9jYaGk3R8/WYBzdyeYuWsqq6+qysWYtx3nlu8dGhv9EjBxkagF+g+F8KGxlSVMzCVZSzFiAwCOVc6Rp0IiO+9nko5w3wIS3k+vgHPiA03g4kRz4wSc7ftYraH6yUvmEJQt9qU9Yg1XFZbNAvveCH78X3U1z5x2dWr16tW/53r17HV84h6CdycaTrZw05cJj12ikCpFx6yhVvpLaUqo+ZdWDZ7a2bP1DQ3h6T/o95LJ2dooxFA4wnV8FATCD4apXI1WNb4kN1cFlPncAMAlUEsYkGtJiaFzXgzOq6mq/gIKippdFR0f4djqJRGJCrmJTcyO7bOkitmjRArZg0TzLGzlejSFo1X6hnR0/eort23sQaTrysfwhEAiweZctZ9h6qLjKcHeMDo/8OBmPdnCASdoAInEDGXcGB4Ym6ATNwJZOkGkATBK0biXnjUoqXQCTuAE5Lw5eOPWDI0deEgg9TY74KiH4vsgroXGqDeNmgXzvAzd/XnkvAIkhFreOrJ2PRCK+X6wsQNRXDpVmKhNtyoVH8FKcL78sW450pbWnZH1ce/XDc0dGEvIQUsl0K0UTZ4HCwSW12b7dBbgkaiAQ/qiqtvl5ApCAeebzx+W95OIWwMQxK/WfhSdsDpELDTEMIxt7NY7vavEIhrRXrlrG1q1fzebMz78LKRyYPTo6yv9GRhCPRJkOq4WrwiwSjnCQSnWIofN87NPV2c32fnqA//V0y865fLTkxhsMhTjIDKHNxQR4ns+ODA38DDoAIAH7hBeTbrgAeR4JOGL0nJdT0gkwqW4DZPoDTOLxApm4Ww9+/MZ3f0XlZrBvckGpgDjvl3oFtFk1ofQWyPU+8OJz0+S8lXaDSi9AGY/HLf5cuhgMBj2/VH7AMwPo9NRjtiFTmWhmLjyCV8SFyAjZUseV1Jai+rZ83cM3JVOJV4tSooQrzgKFA0znrS0DTE0PnK6pbf4RDVCDy3z2wHNJizXSvZdaKBxeE4pU31WMcWjRyalD+0u3R2MOjVmwaD5bD1C5AuAyEMSAbZbQh/mTHZ1d7GJHF+vsvMguIk2gbwxzLXMJQdTR0tLMWqY1s9bWFtbS2oR5nNPZzFkzaIg3azh39jx7753d7OD+8i18wjnjbP6ylYymBxQTYmMjL8Wi0U9IhwCZ6KLkxcwMMgv1YvI2p1KvfrzjybfM9jtvdJM40VEOl3uim6jqL7MFcr0HvPhkmmdaBpYyqPQCk160TH33A5he9BKCzly/yLnyyV0sREaWL2W6ktqSc7+WrX/wcXhavpuzgGKseAsUDi6pa/ZtLINLKkF+sKq+9R/BYT67ACxdQ+PER8PjYKiuqm/4MmRqiFZouHDqOOvv6S5UPC+55SsuY9fdcDWb1TYzoxwtwDlx/BQ7dvQkO3nsFBseGcnIX2gheTfnYo7ngoXz2PyFc1hb2yymkQvUJxDQff+9D9hHH3zKYmXYG7ShuYXNmr/Ip/bcyFjhMzw6MPgDHD46km2o3DkXk/Qb8ysLB5lYWz4W/8me979/AsrsG51UV0jwv7oV0kDVjLJaIJ/r7+aV82npbMDSC0zi172sJ6eO4xdo2hfLC2B60bxAp/Jyepo9zcaeXBVAXL72gf8M59O/r4CmqCaUyAKFA0znbesGmPROjtRP/8946GCsmkYyyW1pLuyhtttzL7VITc3tgUBoXTFd6uvuYu2nTxSjIifZFauXsS1brmHTsVjHL3S0d7I9H+1lhw8d495JP75y0qurq+FVXcpWr1kBwDnXt6pRDMfvfP9D9u5bu0oONGfOW8gaW1p9686lIJGIfTw2PPwH8PoMlWeei0l1GCDT8qY6b1yUew6TkxwW/QyPDT555L2fDlAWfxUV8n6hV1TrVWOKtUCu19/NJ+dFWsRMgEsvj6UAlm4wicnulny+ncLE7bQvlht4egFMN80LcFJbfEBnWp2udmcrJ/ZceGS1+fLLsqVOV1JbrL4tW/fgM3hYP2gRVGLSW6AUANMLXJJhIjXN39MCQaww8fde4lkys6q2/gtgL/gZRYt66PhCGiIvV1h82UJ22+1bWSu2FvIKI8Mj7NNPDnBgOV6Larza4UWrr69jKwGMN2xc69v+gf5B9tof30Qf9nupKIhGQ+Tzl64odtFPanRo4Me4tvzw+PShcno/Gd7KHL2Yns9WP5AJ9Hnm4ze6fsTYUxOzYiyD5Qv+wmTQqYomhwVyvfZuPjkv0jwWwJK6L8ClAJQiFsBSBpSCJpsNLxWhWyb7/pIjJjeodANPd7kbYLrzpNMLdPoATmL3fDBQAUKmMoMjNx7BK+Jc9ArecsYV0Y6l6x7YC0uvKmdHle7xs0ApwCW11g9gBsN1zwQjVUAs/t7Lqtq6B3Q9sKzQXhOoLOe8SwJnt96xlQM0rzZ2tl9kO958z5zTWHEYJK3JSy5bxDZfd6WvV5PmaL7y++3s7JnzabKFEGg+5gLMx6RtjAoNyWTi0OjQ4LOQL8iLifvcfH7yNng+S30BJjVaS7378RtPvkL1U7ZSgudLvFIap9pRNgvket3dfHJepHkswGWuwFKASjeQFPRce+4Gje4vobtcBp3uMi+A6aYpwJnTlZmQh9zWrV+sOtfd2495UUVvgJ1TLxVT2S1gvXfzrsm+BQlcUsB9YWoxY0R6OPxGuKphh9/cS+x3OQ37Xv4lBMXzztSRe9R59jTruQgnaYkDnl9s0xXr2I03X+e5crv9fCfb8cY77OCBIyWueXzUzcLenJuvvdIXOH+0ew975eXXSzJs3jxtBps+Z14xHUuNDQ/9C46nvEhKHF7MEq0od7/b3I1NJFI//fTtJ4+66ROZL/hLM5GNVnUXbYFcrrubR86LNI+9wKWfx5IApACVMpgUNHfPZHqmL5hc5gaOchnpl8tlwOkuo7wbYLrzXoCT5JSXk6zAg3iri3xZ4g13fXN6amDoG0P9XU+UpQKldEIsUCqAaYNL6oYEMAOBveHaxmf9517W3l3MeePYjJudPHTArrNEVqTV2Q88cjcW8MxI00gey+2vvon5lcfTyvIl0MKcxqZG1ox9M/GsY8FQgAUDQb4anfbwHB4aYSNYFDSM4ff+vgE2NDScbxVZ+WfPnsVuvfMmLBBqS+Ol1e3P/vpFdu7chbSy/AgavJgrGH5M5CcmcQNc7gXIfBEkpxeTb75uD5PjpYlyBNe2RbjXzRuzQC9mig0Gm9v+effzT5T+Ikj9zCcpgEI+Mop3clsg12vu5hN5EZMVNBlcClApYgKQYijcC1gK8ChiUiinKZ8puIEj8co0OS2DSjefXFYs4CTdXqBTAU6yjHiz83TJPjbc9M11qWT87vjI4Oqx0f4/L5lipWhCLWC9b/NuhfM3jefwOGfBbjKafiFc3/xDljDPHKdV5Ai0clwPBJowPP4V3LUFj52ePnyQjQwP5t2DTAIrVy9n995/G8O2SQ62eDTGXt/+DtuJldd43jrKcsnQopt582azedgjc+782ax1WguOh6zKRdTiIcBJC4g6Oi5y0Hfi6AmAz1GrvJjEqstXsJtvuYE1NDpP4qGTkN54/R329pvv0/uj4Cqqa+rYvKXLC5aHjzs5OtD//WQqxTfytLyYrtN9cIN5AkyqGO1HBwoEmJDXA8FDH27/9i8K70RpJWWwUFrNSlulWiCXa+7mEXkRU994mgAmDYsLUEmx8EwSuBRpfG94mmISdscyjdIUBI+Rsz9l4CioMk1OU7mcl9MysPSjk7wMOmUZKnN7NL1oXoCT+HxAZ7YnZLZyUp0LD/GJkC+/kCsmLrrOu+76ZqR9NHEPtiXix0KODfZeG4sN31FMo5Rs5VgA3/8CG2PLpYNLUolyzgK/pqZFq+ua/18+BZOeafbKcSwAqrmjmJXj/V0X2YUzJwvsQ7oYnkPsNsy13Hhl+mJ2Ggb/w+9fZQN9+YHZ5pYmtgqruFdhj8xMq87TW5M75fy5dnbsyHE+VE/HRRYTgqEgu/HGa9nV112RpubMqbPs1798jg3Bm1pomDV3AWto9V99n02v14pyvPDMfTFz9WJav2fsG9msWH5P+bVFD4Re/HD7f9vlVz6edP6yH88KVV0TaoFcrrebR86LNI/9wKXbaymDTAKNAji6Y9Myoo5cDeX4EspfwHzTMniUZakhcpkMON1llHeDTneeeLxApw/gJHZHH4kghUxlgi0XHsFLcb78smy+6YLqunrrN+dGU8mH4WtqEhWODHTdn4iPFX1GtNCn4om1QHkApnm7AbyKG6+quvHbcP0M8HmY6DL3XuqBengvH0c2+87kHmbCcCk7sX8vo7gUoRFD1I9suzdtT0taGf67Z//ADh3KfepdGJ7PdRtWs8vXrUrTV4q2ZtJB3s2PP/yUfbpnP4bWC/ds0rZG9z94d5o3k/bO/OXPfsMuXuzJ1AzfMkyHYAtXroZTIejLk6UggcU+T2LRz4BjX8wcvZi453Fb+gNMqtv9bnK3J6AH46mk/r0P3/ynTnfZeOfzfZmPd/tUfaW1QC7XW+bxSnNaPuBSBpKUFn/UtdaZm5aGa+o3pvTAggDTZmEzh+GYlurR4rHzQwPdO/q7PjmbwQTiHcFZXF88q0yme6W9aKJOGVjKfDKdeGXQ6S7zAphumgKc1vtemN4zpntn09ZvXI9z2bYCB8v3Jxvu7/hSMhFf4CmoiJPKArjOBbbXlktf3EMqUc5ZbIAZjtT+XA9GTsrey3B17Q34jl5TYCNYBxb29JZoYc+MmdPZZz//CKupdc4PPHv6HHvm6d+x/n7aAjF7qK2rZVdetZ5tvGI9hr6zH5OYTCRZX18f9snsZ70AbsOYXxkHYI5j7mUiHscP6RCrra1m1TXVvG3TcHJPM07wySWQ7o8+/IS9veN9PnczFxk3T1VVhN159y2Mhs7lEB2Nsqefeo6dwKbxhYQmLPiZUcSCH4zivRsdGXqD6raGyemukxb7UJlzyyJjGyOi497HHcpBpn0zU4EZ5PeQoMkx3j+EQs9+8Nq3f5iNV5YrR9rxgC5HBUpnxVgg12st+ERMHRBpHgtwSQU4m5Z/E8hLKYbECQRQnmL6Iz6Rprih9fJ5tU1tf4dfiVtRtJC+RUYFohrxvaJ8shPC+5KJ6MfR2OhbPec+fj8WG3D/9BUC7l93OdPlL2IuaRlEyvxo8FTydlr2pX6XMHjqvfqubzaMjcQfwqN4gVddg73n/xfcK863sBejolW8BfCcKLCNtlym4XEbXuJFH4r8MRSu3SUBTK2mruHreJjUF9KIBE6dOXbgU0ZzA4sNNB/ysT97iJ/3Let67+1d7LU/7chprmUEZ4VvuWEzu+KqDXDU8se1rMpKE4A8eeIMO3P6LDt98gxrx2KhfK8DDWFPn97KT+lZtHgeW7R4YVrbrQqRIBsR0HwL8ydpkVAhYd2GNezue291bDNEel984Y/cW5qvTtquaPGKNbgvCtyMIpUaGB7s/2fqngNgkuk1ApLGvs14u3nOxYTNwWNdJ/uGNjvift949Y+DTKa/8uHr337Hq3y8aOKNPl71qXomzgK5XGuZR6QdsQwuab6lmHPpBy7xXbGAZkPD4tb6GZc9gYnID+MrFBHfHKpApMk8hueBKKJqoiLgu6mltHiKJY4nEsm9iWR011h/747ujt2HDAb6/tq/BEHjar1oXJ3Na1Uv83qlvWiibj/QKdOJ9xL2dlp2FDYpMrb0XbH1b9ckU/G7AQw8Vx0k4rG6kYFOdYJPkQavFPF8gY3dbuuW4c8RGUhaTxk8fCwupPVg+KNwpOZl0kHD46FQaEGoquYxW2d+qYvnzrDuTr7ndn6CLu7Lli5mjzx6n+P88CjOA3/umd+zQwdz23poPcDX1lu2wMNY7dJuZIeHh9mBvUfYvr0H2CmAylIHAjqz57RhnudStubyVb6LhhLxBLZUepe9g9N6MLycdzPo+MnPPHo/VoE7PbM//uEvOWDOV2HL9Jls2uy5+YpZ/LGRoV/G4vGTRNC1IP+loY3jMDnZXWN6PBhk333/T9/usho2zgnXG3yca1fVjacFcrnWgkfE1D6RTlsxng+4nLnw2uuD4cYnoQ77atDj3RdGSjahqg1ei0j4UZAopqCzfgy5HMRK4o8So6M72/uO7Ej2neUr+ahYAoVCIhuNxLx4LTlJp0Vz1eXwZMr8xCeDThlwusso7x5Od+e9htdJzmdOp9Uv4vEIxZaTymw6PKr1Js3e9Hh1W13gHjyhV3pzGNT42NDi0eG+v8jEo8omjwUKA5j2bZfr8DhcdPj+6mcjNQ0/IXAJC+FYyNq7MLrCF47lazGac3l8/yeMhoCLCTTs+8CDdznO6qb5lj//6W/YBSyayRZaWpvZAw/dzdrmzPRkPX+2nb3zzk52aP+RnLygnkryJOI5x5atWMI2blrHFizy3nOyq7Obvfi7P3IPap7qGW3d9NhnH2RNWLgkwssv/ont3vmxyOYck6d30crLC56LifvgU2xZ9BIq9PBiuhb7ZN6uiNps39hmD9zvE5NsRQQwKYDv1O7Xvv2jbPyWYIkTAjyUWK1SV2EWyOU6yzwi7YiF95KAJfWP4lgspovhcBHLXktKz1p405eDkdr/M8WSIeOrgu8LfWU0od6wFuU4mWdFjjJIi6yIOY/5vbOFTKqeRF1nMU6/L56I7savybc7zrz1Eb5kxi9J23NJ/FyJ6wtoKuZfUJEWsS+glHWItIipIhlUUt6vrFjASbq9QKcP4CR2q2+UcYVCy4SaTPKCxzO+fPPjy/WQfg9AQK14YHoygjg23Ls5NjZ8p1+5ok8eCxQGLql/9q2WPjxuliGy/JcAlxSwdHwsUtv8jwbADIRq6uv+GmTnHkCcM/tHV/s51nXhfHbGDBw12C7ob//Hx+FZtdcX9WN1+M//7WnW1dWdQdIoWrtuNeYm3syC4fQh3hNHT/JTfcrhrczaMIlh7rw5bMuNV7NFSxZKVDv5zo6d7PXX3sob/JLtHt52H5u/aC7rxR6ZP/rBzwteVd46qw1rBGbbjcovFR3u68fisVRMDJOTuO3FLO8wufy8xI+l3+969Z/ez6/5peGm17UKl74FcrnOgkfEZBWR5t5L+ZQe2XuJ4XELZLrB5YwlNzwSDtZ9B3Q8LaGONNrvAW55QRKVUbFNEyliFRyUNJUIXULIlIRfAv9ABIil9wgw5UgqlTyMZZ2fJuLR94e6z7/Z27ufvwlkoAfNQqMDAAq6F69Myzctg05ZVqajbsewOuXlcrdHk8rdtBIBTss2VIdHKLacq1y48IuRpnnhO3EN17rrkB+cctnIIFaQx9QKctkmkzU93gCTvvLhmob/jrf/QDgcWY2jI+8pxHbktTy+fw8eMfkP8cr1NTY2sL/+1lcsUtfFbvaznzyddQuiMDZFv+eeW9lK16IXUtTb1cNe+cP2kmy+bjWsBAkCmnfcfRObOQsDW65A2w799ukXWf9A/nMzGxrr2eDAUN4AVW4CeVwXrVybcd6qzO9Ox8fGXohGR/cDYBrubHgq8QZzLPahPPc1enox/edhUl3y+8JdN+XFsxIP5VikJvjt9176p34vvnLSpDd2OatRuifYAtmus1wu0o5Y9l7K4FJ4LSnGny4DzGlzrtkUqWt+DvMmI3zwieAHeS1Nz4FsE6pMoBNRMZVzEc5ocnB5TjA+ZKBpM/MyATIpNnGnUT1KzTraU4nEQexd9gEWDr174fzu9/RodIyEXV9e3rRcabK8LJNLWgaOMj/plMsoL3s63WVugOnOewFO0unj5RSXhljkkC9dyPrJsdWbv7wEq1Pvw5X3XWAhHpxCGcXDfe1fxdytwidNycpUekItUBjAtG8p3+Fx6hWePRan+RwiSihS8xTmYp6oqqn7DDZYX1SIAfq6u1j76ROFiKbJbLlxM9t05Xp2Fudu/+7Z32fdrJxWiD/22YfSTvahxS6vv/Y2e++d3QUBXzrJp23OLDZz5gxWV1fDqJ6amhrM6azi4C0WjfOjGmPY5J0W6dAG652dF9nFzi6McOUGtOn7fAVWt99407Vpm8fTHNGnf/4cO3PmXJqNxoMwc95C1tjSWlBVYmUdiQAAQABJREFUyUTixOjw4FMQLnaY3Lpl5Ya43w9yGaUdz0lN2/fh9u887eYpd958z5a7GqV/Ai2QyzWWeUTaigW4pD4QuJQBptt7KUAmWLXZy+58Ew/7FfZwFamk74pQjaQcDFejwIIeXJK8SHJ5z++fXSJAqSRDJAr8ZYYMz2oslkqkTmA16SfJ2MhuzOl74+KFD44anA7QySt0fcGtRnjRZVq2tFxOdcvgUS6T6cRXDOAkeS/QmQfgtPpPuqTgRycWq2zm2s/XzGqovR2e6cslWd+k/PCkHzXDfRf+N8QFDWv6VqIKJsQCpQCYEow0+4Bbjd9tZon1I9fIY0P110NV9Xuq6+v/BgLm0yG/7p8+ilN7BvPb6Dy/Gry5ab7ln/35w4z2ypRDT3cPe+apF9iFC7lvh0jfqyWXLWDLll/GZs9tY9NnFLbpOJm3A/UeOnSEHcQ8T9r/Mlsgr+NDj9zD5uA0ITnQAqBf/+p5duTwMZk8LunqOpzus2R5oXWlRvr6/hvQ5chED5NTB7C49qe7X/0n631WaKfykSvoi5RPBYp3wi2Q7Rq7yykvaDwWANMNLslrSQCTXvDijwAmyc9adPO3gqHIfxAIwvYqmNqpgKM8JPBfVGjzoxyBs/EUcbhLeQGEBd3M04AEV2jIyB5MonMqRGTcaUryyK6T19inYQFRksU+TIyO7Ow4e+iNePzCoAz0IGQ1wIvuRaOKBF3EMi1TWgaWsizJyGUy4HSXuT2aVO6muQFnkWDTshHVJYfV13/t8pCm3455s95LXWVmKS1AJobGWzFE/rdSkUpOYguUHmCatx6PfACmru+vqm89FK6ueaAQ08WiUb64pxDZYmRmzZ7JPvu5R9JWZ3/y0V728kuvsSjalUuYAzB5+dpVWO29PE1XLvLZePp6+9n+vYfYrvc+zDjkTd/prTdfz65xndSD07rYC8++zD7Zsy9bVSUvp8U+7mM5c60kOjL8bDweO8gBJgnRMHmJVpO7n/3uNonno6CDv3vJ9K3//amnHs3NtSwEi4j5a7gIeSVa+RbIdo3lcpG2YgEuqZtugCm8l8JraYJMDjjnrrh7D2DXLJIjZTa6oJmRxuC1qwBMoJuuReIXciI2dIkcxRQEp5kWxTLZ0gRuCVVyVrNO0T6hlatO1w5NGo6aTZ7Wkol98WR098jo0Fvdp9/hyxRdX3iuMlca1Sfz5pPGg0Q0nzdblnWXyaDTXeYGmO58DoDT0Q7TfLxN0ofFs+KqLzSHQ1X3wqgL5TZLvFmT9BAdGxlYHRsdeDQrs2KYFBYoJ8A04SV/1hjGMCiYxnOxfnrb6UAwtKEQI3W3n2cXL4zvMO407Df5hb98LA0QvvbHN7Hdz86curFo8QJ2A4amCWDmE8irSM9KeSFSLvI0ZE8g8Z0duzIuWCIP6kOfucexRRPpf+6Zl/gpQLnUVSqeabNms5aZ+dlH1I3t0z4cGxl+hfLCiwm7lWQeZrZnJj0b3UFjwdc+eP2f3nTTy5V3v0/LVY/SO3EWyHaN5XJKizyPBcB0g0vyXhKgFB5MCWTqsxbeeAdWjf8bdZmUCERhezFB4UCPSsBhpUnCCEKONwIkk1MUI5Y4RNKqSWKTkha4JGnUKV5kVL0I6fWIkvRY8EJ8OIkFRNgmaU88NrZzoOfEG4M9xztcDwBip3p5bGqz0hLdi+aQk3h96TJ4lPllOrUhV8CZJ9i0+mD2kyKJtkm//Nr1m/Vg8AZ4JuylsmCS2yrJZkxiueat8djIloxMqnDSWEB8L3NvsH1rOZ4xlgKUcxYLXiJvyFgUuM8bZ83r1TW9xRLLI3ECG6tHx/j07TykCmdtbm5in//SY5gXWWspIfD2Ao6NzMXLRxu4b735OjZvgf+0ZTJRZ0cn9pE8x86ePo8TfXrZEDZjHxwc4vMuRcXYNxTTa8KsBSf5zJg+jU3DXxs8q35bJJEc6d698yPMD93BxnDyjleYO3c2exTzSuVTh8iT+auf/5Ydxdnm4xXCkQhbiI3XCwm4l7tGBvt/CNmJn4eJRtDemEkt9J2Ptv+jtY1fIf3KVUZ6teYqovgmkQWyXV+5XKStWIBL6q8MMGlrIgKXBDIFsKQYbBx0zll21y+xt9xNJGf4KyllB6MCKkGgDCVkkElPHxP1WcXEi8BZjaT5aWizSITfiImCEHYJ8SFzs5yzoNyo3vCgutgddbrLSI2gyTFGQS4AdB5IxqMfxuKDb1849sH7mjYWkwAUsfMg0SjP6V40KpTpIi1iv3Kiy8BS5neX+QFON8CU87Jn02MY3eon1bV68+cWBgKYa8lS0ynvFdzt8+KRaaODnV/AhPolMk2lJ6cF8geX1E/7FiOAaYFGywQo5yxmiQkuiWiQ8b3XA6xp5jxLIp/E6MgQO3XoQD4iRfESqPzil/6MNTQ3WHoIXP7q589mBV600vzW225k6zd5T3UmAHccWxnt+WQfO3LoGECzN/izKs6QoHYuXb4Ef4vZkiULYeN0j9oQwOorL29n+z496Klp2vQWHJO5jdXV20CavKc//dFT47rwZ/6yFQC6dhs8G+tDHB4a/A42Rh0UHkxis4fJvbYrMpwQ+C7w25N8n2Yw8yLrfB/YVDuF576dMVOarn36wWvf+U1aQRkIrrdzGWpQKifSAtmur1wu0hTztACYMriEx5IDSwKY5hC5PAeT0oF5K+49DB11dsctSMcf6KScf1M4qrO5qFaBDy0es5g3yJQTabOZkgIkhaBwFDq+kkYhtYbDW9TPiwUPim3dhloqctOoxI9uSNmfgg+gKQoQfjyVxAKiVHTn0EDnjt7zHx93gSneEi8aafSiy7R80jLgdOuWy3IBnLmAzWWb7musqp55Gx6WYsY876ttqfSU3J/0UpuCM8j/V5w5l9f8TVtapSrJAtY7Na9G2bdSOsA0y3hkA0pDvZ3H2eOstsn3N0/G1nS3X8Dw+NmMPKUqJMDw+b/YxubAAykCwZBnsAjmwAF67PoH2hLogYfuTFsMRBK0Wvu9t3ezPZi7SV7KUoeGhnp21TUbscn6Ws/9OT/5eC97CUc7eq08pzPOvwBAXVVtH+JF7f3BP/+EDQyMz6KqabPmYJicz/jK2zQxbFcUi47uy30epnh54T3DvxAWSLRvdLMV2Z6RXgCTRJOB1A8+fvWfy37Ter078zagEqhYC2S6vnKZO+2576V7U3XyWgoPJr4H9C3QZi+44X69qu57Mizz8ilQhda3RQBNmUhp/Jom16KbTHJEo2CkRc6g2Z8kbzIRURK0h8uJx2DiLyfxo5HT7HpkcUmNrJJYeBDlIvajo4oebK3DTyCKR0fe7Tx96G1aQCT4XQ8PUpcVZIKF87l5hS4R+5UTXQaYgl+meYFOGWSKNHk2A4E5Ia1xwfVo+VWYu2oOh1sPTKrOai9lvIJog1dZIj7WNjbU83WvMkWbfBYoJ8A04STuOHHL2QCztrEVe2H67oyV0ZBnjh5mOHs6I0+pCm+9/UZ21eZNDnUv/PZltgcALVPYcuM1bMvWa9NYxkbG2Lvv7GI7sfgm1wVBaUryIFQDJF6PLZjoXHTzEWtJt5/vZE8/9Rzr6+mzaCJBc0T//AvbGJ11LgKdl/7THz9d1F6XQle2GGfTs7lLlmZj8yxPxuJ7RkeHfu8AmPTcCxCQ5K9Nvj8mfyrmuR9mpmcjNcYPYELu1Afbv/Ovng0uIdEx/6mEepWqibeAH+oSLZPLRZpinp4xYwZ5KPmWROTBBJB0rBTHi4DzmrHxLQHIbJq58u+wUm6VqMSIhXobsFkVEQOeNPSo51BSFNA7QHoCCQ2i2NAr9BFVvDQEJ8kLLjOW8gZsNVjwZYO4WUhp/FHOpFhKRF7EVCDSvLkmp6CJWCgQeRGDXo2pBHM1PXiFHqp6sGHa3G80TVu2raF1yeaGpiWzQ1VN0eGBc51CLW+n2eRMNJSBlddCHzxhXif6RcyvI8m700RDcJQLPbI83QvESDQqp5juFcT0sOdlFFfNvHZNoKoFi280Gr7WOTMJ8mtlWYzzc7L/hy3q4sERkeuTibgaHnfZZapmxfc6vf/i+WCXyJQaAEyvIVyb2ztF93zH2VP0ZfBmKCF1xcql7NY7tzo0bv/TDrYLcxn9An0/77znFnbNtVemsZDX8Bc4evL4sZMF7ZGZpjAHAt4l7NiRE+wIzlKfOWsmq2+wB7poGHwtVrIfwxA9DZ3LYaB/kF0438HWrLVPjG1samABeHRPHIf9yxywEpy1zJhFD9b8a9K1SDw6tht3CKQhj/FxroUySINAOnmKf5qFdkWcYGelVLb2ZChvnL3gqo7zJ3delNSVPKkAZslNWjEK/e9Ko4lyuUhTbJ05LobDBbikIXECE/RHfIgpz/8ojz+9cfryfwB+aDC+M6BYCVGFQXE/jum7xkEmfYFdhSQpk+S8rZXqoiBTKI0/TjLppMhMUmQN3guaQQQPGDkvfyQYSfDLQVLFVYq8OyYZQcsiTyCsCRuWLcUCmBuxL9/nm6ev+Hr99KV3NTQvWlPXOKcee1x0R0d6aAyLWir/kWqeNx8qoozT3TTzGvIykaZYTlOhnKe0pIeXCUApyiiubbt2Xm3L8oc0LUhvtYjRLNKGlBmMnGUVua1GUfqnqNtREhsZvAmwttlBVJkpaQHjm+rRdbrN0oJJBDDEnDRWXV/Q2h6GjbRZX1dZ39G85bTBOW1HJHvwDmOOJJ217Rcw0sAewL6Sa9c5f++Pjoyy537zEnt7x/ueQ9J++kpJHxwc5l5XjHawufNnW6qpf6tWL+eglxYTyYEWGdE1nr/QXpg0b8Ec8J5i/f35n/Yj686axn1SW1+P7YrwOMsz4MFVFcPiT4gl+D1qQkmOVenJZ8+xRO/wbuXzJnmBWZP1nDTzjsjzuSg4UCiSaTHu+7brr/z3u/fte8rzG5ImUABBAcwCjDZJRPzvLPmNn57WyHtJx0K6516aYIO8mQJo0s8v/hMMZXrLvKvXhcM1f02/04wgYmExZ55y9IUTVPN3ndEiXkgf4stlxDJFyJF2wUVpq0uCwR1bzKKAJCyi1Xzx5RRcIhacIk81CppUu9UvolEQ/IJX5KlM0GQ+szwMC82Cl3N9IFh1T03djK83TV/+542tS25oaFm8sLp2hj7Q29GOZVhchdlmEhXqRVrEvAo3H11b8/o6QCUxCzrpFGmKJR2cp3HGFTMb29bdE9RCW9EhrEDArWF0zKxbNAmKTGHBQPUg2AxG3v1pi6EER/PVxKODdyFJ96AKU9wC9CSxhsHzsEUgGGaRAofH+3F6z8iQNaslj1rzY73n3tv4iTpCioaRf/Gz32QEiA8+dBdbiX0t5XAWK8L/7V9/xc6fuyCTs6ZpqHXGzOls9uwZbO7cOWwhtjeaM2cm34i9ubWJVWGlNRwQjtXl2ZTiGcKBZCdO/7ls6SLa0YKLcJC5yhtknjp1hs3DXNImaVN5Gj7/cPen9AzKVmVR5aFQmNXUFTaNIpFMYipUcoi/7QyAabxn+LvSeHxZD+g0gEnN5o9Gz+ej9Sj16B3ZJEN5dffw6cELJ94v2/5a9oQGj8Yp0qS1gOeNmKU3WWUIVMgeK0kfyWqR6ob7OE180SUvoM1LrMaDQP60y41iY8icOPGVhAj2qeNSBl4RGoyvnaDZOUOzMeyNNDlcRVuoImoCD5b/ktcj6Ebz+W9JyKIlaIAQsesSOoxYlAuq4BOxKBd5wSdiUS7ygk/Eohx5MkcbACf93Rypi7BFa+6IYmz6aAInEMXjY7sG+jp2DHZ+egK6uBgeMLh03OtM6kklBTl281n8JCvLizTF5OGmuHHm+pbahrlb8IZYgeOYqVKuW0/hBzsFzCjnsS7aQBeDOmI0DAzIWRiRZETbiM03xKKD63B11DPM10JTvSCn2wh7LYYKNtTwUJk9Z2jZoiUL2CrpfHF6Pj3z9O/YKOZP+gXagsh9Jjl5PJ956vmMoFTWR5u4rwLQm7dwDmvDUZG57HlJi29OHjvNjmHY/cC+Q2wsh1XoB/YfZgPwQP7Z5z7DwlXGYVyR6gjb9j88yH74vZ86hsvxYGLP/uZF9rW//ktr+yLaD/TqzRtz3vtT7mM+abrWrfkISLwBbH+FpxwcAQj0XKS5lvTY45havKB4qePDfkY6yCXLaKnklq1bn/ho+/Yn4iVTKilSHkzJGJdQ0nix+3dILhdpHmPlOH/Ty8Pj8GTSYh4q5x4sfMmJh9KOIfKW1hX/B8gzOKzh2vDBf6HRg54TeItsuMazUomRJ17OI4uLIsSkydZmpOVXiV0mcyItCkQshDiANMAmL+JtBjvRiYCHGqVFEClLXBQQK/6oXPCIWLDI+VLJQ3cADZyuaYHVeiB8W01t85fh5fzLhtbLbm5sWbKstrEtMjo42J5IDNNDhJ5Z1BzRFIoz0nCdHZ5LEiZaTcuShumzr7w5XNd6F4Z1phs6Ld08YdiDHqD0h9uGU+nTTFiGFZYj7VbbeMb1IdrKoqN9D6Ahhe0d4lKqshNvAdxTBTTClnE/V2RlNpdMNdKhqlqcRW6vUE7n8KdcPHeGvgv+DEWWkFePjoGUV1Dvev9D9vGHn/pqXrt+Nbvl9hsd5TTf8lkMiyfoF2CGQNsY0Wrv+x+4g22+/io+fE0rwHOdn0p7YtLxksuwPdFVV29kzS2NOJu8C2B4NEOtjK8GP378JAe0YhoA7a05D8dGfvLxfoeNsdiUjQyP8C2QhNL58+eyPXv2FrWtktDlF+MXNZ+H6VeeiY7tny4mErHTuFPorYJPc7wO0zOMx51x9/Knor8H07MK6xHqWUoVGs9an+JITB8ZPn9iZ1lWlCuA6WP1SU7OdEfJZe605/C4BDD48Dhsw8ElxfjjYFOvntvU0NL2H3lePG+plNL8BpeJoEHUXblBpU8RjCGv9C8IV2rJkx75T0gbVIPXoIGLGF0kq4wXSQxmkurnQ2+QM9J+9Rl0Q5/xKVclp6mU1NOfHNx5WUZOk0wWeVpANA/zOa8MBKsfapi24BsN05c90ti69Or6pvmzwzXTxob7z9LkMXSJ1yrU8Vii8arkfG3rkvqZc6+8vqa+7R6AWsx8NwGkocbUY2TMZpomN0Gm0REwcB6rAcaFsXppFFLtrkBtSURHFiRio1idroKygGEB5xPFxyomGKS7TAQaHg9g+DPfkMCClS6c4FPOQNv6rJYWttBil1/DC0nD0V6BziV/DJuTy6uHjx0+wX776xczrrYOBgMAlFezh3F6Du1dWVVT7aU+L5oe0LGQZwa74sr1fB/LU6fO+rabFA8OYD9RrAxfu241nxdLNDqfnMC1e2P1Cxc62KLF81Fu7AVK/Q0FQmU9r5x+SDRNgyeXA0BqXR4hxYbi8eghknAATMrwIXPj7jUeevyHuPV8NGrxfRzyd1KmlpjPbl8WfBfa5tz+lV3nd7+Q+deHrwb/AjW85G+byVrifyf69yirDIFMj+FxIae1zb7sEXz/cD8RCbesGRlVWqDB0QLDZ2g86gWHiPGtMfAGKeJEoZDyIOCPhq4pUDEFiUPK8SK7kHOBxoVMSYqMUVuUEpSEJqHMZKWvP8EjCqLIzHJVXmnBy4VMOZHmVZoZvzQVC73utJ+MTJdlcP2C6MNiAM7FgXDNfTXhGrZw1QODqVTiUCIR3YO/d4c6T+zo7z/RjQcS2HlvuTqRb5i+rrmudfZV4UB4JcrhvTasSEM9aCd4IaPjxQd5/O4wmw5dZjfABiFpeIgPmdvD5dReqphiM5AOOc/J1Lbo2NBNgknFygKZLZB2CznYA/C6FRJiY5m9coXolGV0bP5OoE8Or7yM88V9hp0JSNz34J2O4xU72jvZb379QkZwSaf63AuPZXNLk1yVI00Lbs6dOc8627uwT+YQG8RQOH05Q5heQCftzJw1nc3CqnDaGN3t7aRFVBuvWMcWLprPnv7lc+wiPJp+4SzqeOl3f2T33I+zGMxwxVXr+UbsZ047nWy0b+ZXv/EXgo2t37gGC5feK+uCH7rmgaC98t2qPEsCYJtWkXk+z4Qo7tKM5YKv5DFGgfQjH9OCzLdLrVsBzFJb9BLTJ4bKRbfo5U5piuU/PVB1G+fhpdL3hOe5gAkzRJko4NCNowh6DVilAr0IoJmiH1co5XiEYl4b/xAylBFp0+eIvEnh7xikeUyMZsJRqaGBy6KbFBPQJchjcvMK0G/Hr0a7Trl+Q4bKKIhq3GnKT5Q88GEd3gYbsXhoox6s+mLz3LWpFnb5+Xgyvg8bwn8Qjw29deHYjt0tc9dMh9fzSk0LX0btTeBa8D3dxBxLzCciS/G+JNFVDhxloGkYm3gskEnMNDdTAplEMgJda3KM8yDMI/IsERtZiGM5F1kElVAWKMQCdNci6PB8FRKio+UFmOs2rIaHzgYz7fDaHdjnv5n61dgfUz5TnIDoUzjdJxMgvfmWLezq667w7H7XxW6295MDbO+nB/gxkZ5MLiJ5QhcuWoA5kZvYgkXzHKXkXf3SV/+c/e75P3C9jkIpQ8P/bW2z2MYr11rUe+67jX3/u//m8IDS0Pt+tE/MNSWP6bUY1v99hpX1lsICE3TNq2rta5KrmpSuVfROF4lE6rpt257Y9dRTTxR+dJOHMRTA9DDKJUziIMDsn5wmEs+7V48LW5D3UgaXgt+MNfys28hRlPHMNsiEKyhPmt21gSRCJk8mB3MQ5t5KrpsUIWFGpENUwYuRF1UZLIZ2S8ACrCaXAJqWIkMLB5nQxP1vpNFQRlxIG7KiXk7iBcaHqdkSobygybwVKA9raLMDemg200O3BoNV8HI+GNP0VA/exRdSLHEuwILHcScMAEdaXYJX0up9SsOsG+BDFBrgUaPd8inLZ1JwIEogkwS4N9MFMuGFofsM5Q6QaemnRGx06BYHQWWUBfwswO80d6FN1DDHEbecmyGnfLTMHsxrryOnkh12vP6unXGlajGkfQM2MJfDH//wOuvr894AnuZKPogtjOgYR3c4f7ad7XjjbXb40HF3UdY8ncRz5PAx/kfD45uvvcKxQInmVz7w8N1sOjyd21/1d5j96ZXX2WWXLbSOw2wF/zUAwm+98Z6jDW+++a4FMKlg3YY1bDvON8+0AMqhIM9ModccD9YwxtZr4Uq2thzAXWi+jehZZ8xW9H/q+Zfk2QVPdrSl+nhX13oUvu/JUCDRchMUKK/EKssChTwpLRk6GtKrOwJYUpmcRpbzz1y85RYUNHBc4FAgqRPPdNNr4GDjGeKV+JETIrxYyHFPplkosXNewSPJ2izEgZzgEQWEk0RFgsYrJG5zDJjosrjJz8nQJ8RFbIrzSKgUZSKmQqFW8MtlgjbR8kDYIXRxBtq2Vkvpd8J7+XXMlfgKTqfYEh0d45sHEti0AKfp1QS/xjFiAgbmXm96QBqglJchRxQeeMIGrAQypQJKCjPAGzOwEcP6TteIwaw+p7AFjJGK/A1g3Wr5i+JeLJ8HcxG2AWqUtuLpbL/IDh444ttKWpATDNue2ONHT7CPPvjEk58Wz3zui4+mgUsCZc8/83v2L9//aUHg0l0ZeVx/ixXftOI9FnU6xq7dcg2fa+mWEXlayPPSi38UWR5v3nwli5irzEXBxc5utn8vn9rISQF4UFevWSGKSx4Xc811Xct/om/Je+CvEAvArnniiSdKiglLqsy/6apkMlog2/A49YkAZyRYjb0I8YgXuEB0lmCB+RvNQlMcKuBDAD3Ba8UE64wgUAVBOHqBGHl8igI7wVOifpIXLEKXQbFzViVUFTHLfxabWadQKGLwWs1H/0RdIrbEoVakRZmIqVoKcl6khQyVi7QoEzGVUZDzIi1kqFykRZmIqYyCnBdpIUPlIi3KEJOXs0UPBDZrAf2zPZ2dn+nuaN86Njw83QEyATQhy/84kvQBmXzLDqooF5CZiNdicY8xFYNkVFAWKNICOnncCwx0Kk25Ai10kcN77+6Ws450AzYA34SFNCLQs+kPL20XWUdMq9K3PfYga8MWRHI4efw0++53/pV9smefTC5Jev/eg+yHT/4M8zdpTaEd7r73VseQvl1ipI7ixJ+D2OpIBNrC6IorN4isFe/e5TzJaN2Gy62yUieKueZYEFnRABMP4aZn3+wqKTpXALPUd2Dl6hMYgVoo0lYsvJfy5uqiK2J4nMCk6cHkciKNrXG2EOJCXogYsZx1pJERNVsQxhYVRUKE8gQy6R8Fux6TAwyUIjrxGvzEaQdbmmhCs5nmXkxTCZEsBQYf18l1m3IOcSNDn4JM/F5BlIuYeLzSk0U+FAjWNLVOW4zTOBZ1Xjj3xQunjv9NZ/uF20eGh2ZwsEneTAE0k7Aq92aCRgdawJuJvtOcTBw5b/BlA5ljo3334SIXv7zV6+Io2tS0gFiLVkDvkz4ruQtQ5RAhL92KVUstWjwWZ7RXpF+4CntAkudOhL2f7GddXd0i64jvx+br8xfNddA+hqfz5z/5tWO/SQdDCTLUnh//yy9YFzyOItC+mo88dj+rr/ef0/ima0ictlCi4X05nDpxhvV29VikWW0z+KbwFqGEiaKuuYZh8koPiYRznkWR7bXvyiIVKfEJt4AfLhENk8tF2orF6T0EJmVAibR8ag8BTPpRQnIU601tqxZHqpq/xRUJbbxGKUNeTP7HC4wPKiZ0xdkkXl5q5wUbkW0vJmVQwgEtYkt3upxNMavi+g1tVgNkJqNBbmYuZc8DpSpp5NfQI6onNVaXuIRTjahGxJl4TXHRGp4VciKuFPlIVTXtRdkxMjzcHI9F24YHBzYMDfTTGeE6is7AKrh0/LcsX19uX0jDctQf3ifiMTqHTyMh7BAd6b8hGY86J6WJQhVPeQvY4wj5mYJWkIer/QFOJm3w3GNKnT3/OBNvPmU0xCsDzL17D7D9nx70VEErze976A4LdGG/RfYbbGPkte8keUWvu8G5Kv39dz/AcZOv8h/nnhWYRNrM/LJlizHH8XIspLmSHz+5YvUytnTpYtaAM8FHsM8l/WUKtLUSnUN+ObZdEntdhsNh1oithvZLnkpZx9DQMJvVNpO1TjPWyBC4pMVHHS5vaAh6FmLbIhGGcBQlbXlU6kAr5JunO72/udaBfTQPAaB2G/eq8UykJyB/f5kvMSMrnoPOZ6D7mSjqFSN3Iu+Os5W7+BvmLb/q2LmjO70n77qYs2XVIp9sFpqi5fLwOEAlv9PdMZmmrm4OtieC55C+KSbiIeDFB7r5t0c2IPHwQouXf2k4jaqQIROv0qQZOoQHk5eAlfsruRjpFPIkAk6pblmrnaaUGawkdJBfjXcXsVCJZCIZZ3HMC0ok4qgKCwPwoKHtN2jIKYBVqLz7qJcDT6glURFIvcjLaTdNlIl4Msk3NLXMxDyrC/BezqJ2Y4/A2v7e3htHh0euaWpufqeqtv49Or0CfdNowiZfPc4XAAXoqtury/miH9FzYta02NjQEux5udWmqpSyQLoFxPPBKKFvUfZA3+VCA3ZaKFQ0o9ySJQsd5Xs+8h+2XrpsEaupqbH4j+C0Hjqz2x1os/Tb77zJQd67Zz/748vbHTR3ZsWKpewqLNSZO6/NXWTl6ZShW2+/kdf73tu72Ycf7PEFrD09vezXv3qeffbzj/BnKCkhME1bJHm1m8rffWeXY77omjUr2adouxz2YRh+6y3XW6TFSxeyN19/x8qXKlHMNQewTPdg0hBOfrcgvTZyu7kL7HQippEX83SB4g6xKQswcTxS1UCktzkZH2lmiVANDr6r1gJadTKlVxnwBLtHJ/kKWHr9Aa/QbtJY9wpaQAuMxFM4VzQYGGKIQxobrElMH8JxS5l/wjlMP64ZgWWoUjmdlqchcvJgitaJtACXQp7y9IfjCm8iXkIOIhjYzlRhQApRRIgBaYmZwwsqlmk2uzHoTY02ygUXf5lwVGfy8noobdQrahH8tkY5ZbZRJpnysThOi8AZwwBMOFothsvsr4lAZqSqBn9V2KC4BoDT/lqRlFyLSMt0QXPH1CyZj/KCR6YLmjseb/lWHOFx7vTJIdwz1uk60ehY5GJHx9bm1sTK2vrG53He3EW03QCZ/MFKaB63Ej7wrDX2yZRWlicTsebY6MgjUtepWyooC5TEAvSDsNCQ7VScQvXKnjjaYuh0Bk/cWqyalsMenNjjFe7GWebiGEYqp/O/X3juD16snEYbnN+LvSjpzPFcA4HEO++9hW3A5vAvv/Qqc+9bKfScPHGa7d61h9H+liJsvvZK9uILr4isI6b+9/cN8E3XqWDRkvmsprqaDY+MWHy9OJu9p7sHQNXwdM6e3caqsUF7Nq+qpSDHRFHXXEulA8wc6qUf2XjX0iN/XALOTF+x+Y6/b3nn5f9qz2cosGb7TViggkoXo1VRf3j7wrRYVJ8dS2qzseVKG5xUrX2p9irG4SAN3SX4izyVoGuYcLzEef/wDjQuL/3cAAe2ZeGPJXOSdwy0PhwzunHrN/CTVhsC+BkAHO1O6cnuQCrUlQgluxtj07orDIBaT1aaf0nbE/HOSR8EIKUs/SoVeR6HQq01AJirBLrkeM/6Ghj+BO8HOMS5p9DULrRyqwoFFhFUQ5doC3FQqfWdcwNNKiMGAoUo47zIUhBpigm+GbqMHOUxtIu5SANYITrGOXL5oKEfOqeWn0uMr2RtXQOGjVqwvx48nZICq92gCbqgSWxmm6g1Nh+Vi7yIZRqlRRDlIs5Ed/MQr6CJOGd53AyNTS3dPd0XLYBJskms/O/uuohxpdRfVNXV/zoQiJyAbnpq4pMukvdPeBzWGxob7nsMGgo7x080XMXKAj4W8H4++TBLZLyEkaNvSGkDbe1TLZ2icxLgCj/YPCuhYWbZ20nngHttLUReTvLoiUA/ll949mXHnpKijOL5C+eyR3EOOB0b6Rf4V1c8xFxMM9umsy986TH2e2yY/gGApFd47+1dbNMVay0v5tp1q9grL29ntHrcK+zDFAHapogCjR4tXbEk7bhMOu3niqsMgEmvBALq8gpzL7350/DOwPVwbyafmx4PD2ZuguPONTISvQaVvlhsxZckwNx06+ONeDctwbjmkme3ty8G2ojQw4BPAMMzofSPBeMyAPDgTZlqQK4Bt+EcWrSQYPjCRA0AumnrN4bhHOzWATzxNbmYSAbbA+HRjt1/fLKvyAvp81XPTyt5L0lCHh6nvAQs5bQ2bc6aB0EIkxDZlACfNReKazKbJT+NLGbSLAVSQKCTB1POzBleTM4A/TbYFKqIjaj8xEJLFAkzbUgabSRei0VKj44Os97uLgyD42IVE1AZgdRheD/rG5pYfWMT7jujRlGviKkakRZtlGmiTDRH5EUs81aKfE1DQ2tvb/coHsIOUEj3Rm9PT6g1FPoMHrPP6MHIUb6ox8eLqSUD+uhQ72egZ4bov4qVBUpuAfO7ma/eJD3TyhDcm5OfOHrStxY6gYc2FxfhIBYCec0JvfLqTYKFx+++tZOdP9fuoInMoiULOLiUFw1RWS+G3Xft/IjRSTvtOB2IFh7RpupN2EppyWWL2crVS9nsOc5h9DvvuRUexDGAvINCvRXT/pw0rL368pWcRgt+5i+cw44ePmHxyIkDmKMpACbR582bkw4wD58EwNxoic3GZu2lB5j0gznl85PYqto7oWHC7CQJupZcv3nb37/2zlP/1XYTF9D2SwZgbt36jbp+lloDMHl5MpbCnW7+6ivPc6AAU/MbswYoqAY/ILGMjwBvjCVjAbZh61+NAVt1YI1DBwbg2/Fl66iPN3eMg8dTxiq8T2JIXHRQgEsz5vyUpr9gpPpW4rNNjGL8Rxk+iNUswUOcaBxoCWbxYOe8YBXsRCca5XkQCYOBwKYMMjkL6TapHODyOkRFtmriJaqhiUvi12iC9VzsxINw2CBk+KSH+dw5OA4NE86n4VSK5mb6LZHCEDp+RuCvB8M0p06dZ2fx8I7HEqy/t5uNYoi9dUYbRoad3kyqRrSF0qJNXrGb9/9n703D6zrONLEDgCRIAgS47/smSqJEiaIW25IsL7K7JXnpRe6Z9DK9ulenZ/JM8iO//C9/8mfyPOkn6UzPTDLjeTr2ZNLpdru9yossS7Jka5coiuK+g+AGAsR+877vV1+dOufei+UCIGEbRd5TVd9edepUfahTp4p5htnJ39TSumhxV3/vda3FNEvtypnenitXMMu57FPzWxb8WzSI6/ksJj/ntb8w0ARa+vouP43Tenam/HPpuRqY9hpgX9NAaMEs2kyENWtWFsTydXK9sB0n5qThKLYaKodV+Din8Mq9fzD74bMvlsmU5yvupz/36cIX6XQkv/Ot72smUv16wsl+j/tQ8vci1knuuX1X9vHHPxw3RyfpU59+PDt+5EThdbaLOPTukehgErZt+9a6DibPHh8eHIp7faYnFrm8c2eLTvOqNascNa1xw/e+Mlp7enZarZseYXgq5g1c6OeU8bNTkfgz7WDSybn/o3+2GyskD1ytZNtRERikGuswplKJU+atZK2wehPeJGID6RE4nSPhlfufXsPXEOfgmpyD43d+8ZLKuWe/+ldX4KhNppD0WTx42uPMtydyAo9Zt+5sMu1wxDGNLxgfKPfP5hsaCbloaT7naFLYUfmsXpTGEokNCTmfEVBSrblKwOhUMvBKGGoKadljiBxHUcCT1qiNix/tXOw6p493SFEvrFixNNt7587sjtt36NzdenQZ/m44cN+d2ejIaHb0xJnsxRdew1/73dmFs6fgZK7FKydMpCN4yaKZCYx4h3tMWBpmO//ChQtb4GCmJsf0Daybal/SsbBpsPeJ+a3tX85nMQPJaNP8Gzeufq5SGd4WmeYSczUwQzXQ8Ewk+ij2YezLpjOsWLEiiuOr2IsX8+13IiIktiRfTRN04ki1g3n/g/cW2F595Y2ar6H5Nfqv/PpT0YEjE88f/8//11fkQBaE1MlwK6WTJ07j9fg/i+ea8+tuzjw+8+1qP+UYHM80bNmC4a9O4DKB06fPxeMnebIPt3MagMPsgV+c9+G3uM0+elq9tuisO91UYo1bGp8mLwVjVG7sJNjRxqa3kU1QN76weODpp7/8o6985XMNf832M+lg3vf5z8+vvLfw7vs+8hcPoerxRN6S+p/gbWqcDGXDFNloB+7ubnodHLP3f+TPBrDW8zza3Hl8k3uutzJ67p1nD3Vl2fcabgTp8ZC01h1LpqFHfg5jTwPctGbTBx8BSCe5kI7B3Te7G7iCVWlczKHEIxbTxpO7U6I0oD9P5p2S2YmlxV00OpU17z3AxJGLFIxpm1MzP4BTOLrhXNIZrBfa2hZlj334/mz37q31SGrCOdO5A3vN8Xf48Insued+ik2GT2crMZO5YOEi2VNmTEtInNvtseM9P5v5Wxdgdf0YQcsH5nVuxwc8G/EF/kk0CtweDvVN8wf7e34DJ/VsGYN9DjVXA9NXA3XWN05EAddYY7eEiZBOmGYlHCcPl/BautYrb+KbMYOaznZyE/P0oxeXseu2HZ5UzNfctcL+A3dhO6B8NcoAXm3/x3//f9f9sruWDMLo5P3tf/qv2Z/8xe/GdYoHsAn8c5g1HcAHS2ngH5vccmjFSitz59IlKboqzdf66RICrlflHphpuHCuK9uK1/wM7e1t+NBnEd5OTektbype6+oLgMlkRpuKFTAZ3pyWQ8DNCZVK25GuH3BD1oONKvyZcjDhTbcc7X72vsqhkUcrlaF8b4ZGS/+zyKfZzspmmL55BI7XAozN+x7Zg8F5z0VMbJ7HOsTzA4P9F4ayofOHX/xSzxhFdJ+lQML1lw5wh9Jjwj3duqj9CXlKSXM3h8+5+Re+peVU4sKtg+pOvpKYhAzRAiSUJjwCkaKz6LDckcz1k8J4nV1uchDPY8sunj8HdfWdy7vv2p09/Mh9WWty/Jpsw2VgcLjSffHy6OUrPT1DA0PXseC7pbml0tLe1ta5Zu3KBYsXtUZjd+7cnG3Zsj77p396Njt67Ey2av3GbP48e+yCObQ0Bi+Vwzx2gjQ/W/mxfqu4E7IbH+L+/n6sTe3EWt+B/c0t809x2yLswr54sP/Gr8O5xPKRuTBXA5OvgbxfIC+fFH9C6stCf1YfOQ6Gs34j2fQ5mNxKKP2w5iKcr3ph+fLO6MCR5tz5C1WkXMrTBifLA9dP8mvrcmA5PvChBwrgf/zqNyftXLoAbkX0+qtvZfv224k6PMJy85YNNT9Aut6DJUTBwVyIv0tpSz2n+uLFbleheCn6kBNZ0cG8iA3d3cEk0ZKO9ul1MGFfowGdXLWDOTMrLRo1sYoPH1ruA/Dn28GkU3P/R/70zsMXvv9RzK8traqFX3gAXbdsFfrTVXCy9i5Y0IojA1qzex75k35UzQXs4XgBDeVCNlg5f+XswYunTj2vtSD1Xo+zOn0W0x1KgKJvI1jLfJzeE6B1+mjvvO1VEmjlacpJDTOagKVBHimEubzCDGYEBrQPJ+Zs+nBicaDFE02nU7OnAcTOq7vrfF3nkl8HfuLxD+h1eGoa2CvHj58ZPnbszDdf/MHf/kvIrDdj3HTPA5/5/c1bNv4lZj7bsLKwaT6+9vz0px7Lnn3uley11w9lq9ZuREcqFzhVoXSs5ICh2Q5L00Q7PJAqKsNSnjQ9k/zcvCq1qZzmWky+8sKShttwh1pGh4dXDQ33/ypuChe1zoW5GrhpNYA/aBrWlX5g07CQhLGtvThncqW7ej9LJ1+5svj69+KFovNFui3bOA+Rh/Jsn2O2bd8kR8zz5892ZQfffs+zDcVv4QMedzApYAvWi9b6wp0OZhraUQfXrtWeF7lUqo8l2EqpHHp7i7OVbeF1eZmu0fzU7vlI7mBiT+CiDZNa9lZkncEcxs9dd3/iX7e9/s3/uXijJqhz1s9gPvixv1yz/yN//hTmODbA7ZlgsX4xyDhIjxXQOBbCyduC8X4L9vDM4HNmy7fe1bRi693XsMatG/BuOFzdiwcHL/WNdF8aPP+aGpE7leUYuui/NC1bfdcWxNuUc6+l/LgA6SD5leR0ANJ0PuVPFoSAxvMpvRgJKIZ87rLayZRw6aMy8AXnlR/0cF/LWoFfTj75xIezHduLk2gnT50bfu21t//Ht1/5p/9CPjiXXpJaYrJXf/z//c2rP87+3Z33PPnZO/bu/p+2bV2/gPofeXi/Nmp/99BpnAaxWiWlAJkXJKVpgtJSp+mUrl76VvFXhkdYwfX3OAGSZ/ouWNDcMjTU/4HR4aGHAJr1fRHrcy78fNUA+6FGw3R/FNy60NZouz21Xnk7bsXq/FU6YXij4qgYb9y4PqaZOHG8eo0m4bft2ckohld++lpM10ps2LA2uwunAh2HvHpfaZ8+eVZ7B/MwCoZ1yev3VOZoeUwf43ZwG6Y0LFmSz846nGsw07Bo8ZirdVLSCaWncs+xHKv2wDMhzbeICJ82zBsc4FT0C41YMGs7dWyEPu9a87lHB0cGP4gReMwZkUYK/ovA4w5iuayVbKQDDg9+2XauI8oWLWxqG92QtW1fP4ivqi/BC7o0Uhm4PDTQd3mg71rP9Rvnrg1cOTPo8to61nw6eGzmAbmHk3QOnDlkYPfClPfj6m4A0KwiCaL3yQyCCJzL84hF5wSUKELF7l5qtpKkhIKeMR07M2A0u37tGo5QK3ZAJGGgPZ/59EezLZvzrTYGBoYqr7z69hs/+NZ/+ixIKC6ILDqYlUprc8eKDZ2LFy1bls1fvBSvwJdWWlqW9g6Mdr7w8rt/dfXa9T+85+7dOo/uw48cyM5fuJQNYZ9N/+jHS8s4TascgDHUSxOX8qTpejwpfCb4B4axBgHbgVJ2veADO5zLh+vT4N05tlzwtlSPbg7+81ED3iYmVxq2Zgv2TqDUWrzjSVuRYEZXqfPHpsscK14wf4FtpTwW0SRwC8NHgM7CTdbrhc6O4mT/pe7qGcxOHOGYhrNnzqXZmF6HTck98MOit96o/0aUM4K/+TtP62Og/ffvw4dAX665ETz3s7yGrYg6sY0Rg2+A7no85obpaegtOZEprr+0lpLHTJZD2cFcnOwpWqZtJM973mgYbZqWNZiNqm+YD/uk3APmnx8H88HHvrDxWtb1mcpIU/5JXcPVM8eY1AD9DwU4VDHtMMyI4mv2pvU4imZDU7YwW9DU2jR/4bKm9srGpmxDNjQ6UukZHRnswWvkXzWe4KqUvRoXiDjv/gnMXRs5hcqWzIgMgMdX5GAtkVGah7FmMjloceDhdt491+q/cvrAQ/sKzmXfjf7Kc8++9G9e+fHf/xvoqbS1rVm8YPGSttbWpe1NrYs65re0yolsyuYtxbohvqsJFuZrWKGTc52Vg4fO/B/9/UO/+dADd67mK/hPYZb0b7/yrWw+BhQvlscsk6cZe405LMU7LoWl6VvFP9DfV39khIHz5uH85zA4cN/RocEBzGgO4oOJoYyTnzivV5uzsyxz4RenBhpzMPP6qe7RiMNTwgelENwJxcxF87xs+dotBexEM/Nbp3d2rDyD2T/GYQ+LFpVmO3u5GqoYOpbkr5D5MWNfXzUNOVYlHxbxxJzyxzipVJ5JzjWVHtavX1vTwSSeazHdwWzHbCM3hue2R2lYmMwwcm08l89MNNT6QLMbazDT0I+PlaYzTOmej1Rqz25Mp4EzIauSrb7vkc+v+8mzf312suJn3Qzm/sf+9KHBbPjj6BTmZi3HuJvjvR4fg7WEwkJFvmmHN19A8MveJOAb3wW4Iytxdu9qfPC7I/bZTNARrN27JxIs6RMKYgMoDirQRlzR73UXiYT4KUsik1W8VgPJ4qG356ocF8+nMWctH3yAbwEs9PTcqPzw+Ve+cuVa/9mttz/5e1lzExZHVdAey+tmnCONnWaEb4cqo9w7CfV77ETXl5Z2HP/zPXu2LFiMr9Pvvmtn9s6hMzpeknXnJS2XwvOx+FDlsDKP06TWOK3jPCbNTPEP9PXlI1BqDDS2tS/C3y/N2dUrF/Ql/1TO9i2InsvM1UDNGvBWXguJR3N0WH/YtOCPnsmGBTgadjpD2bnq6am91Rd1LkrOH2f+Bj6cK4clnXppInBPnXWNrTith3v0eqi3/tHx2HHEk4rLjm6KpIO5NdsSQcuWdmZdXcWZ1sH+XB73ER4rcMujNNT6GIh7cn7/meeye3CE5gmcgvT2W4dSlimnG73nmGvAsdLJGkxYgpbJ7hghd3XylGHya31MTjNzqdHmFs5iTtrBvLVWJ/XBs8Gx1hL732WfmHMuk4ppMAnHjT1rjTD2uk1jMBq0/ioZcC734GGZZ48G0HpbnJAxmWTdAAMlV3mTASswnKyyk0o4Ye4VeaxHMzybriDGnBtN9ADOjqje7OX8BfOyX/olvKUNuodHRirPvfD6D69eHzyNLXTW4NlHL82FRO44yhoqr/cLlpC+pUIn0/uPN989/h+6u7G1KcI9d9+GgQ2DQnAuCTOrY69DkJQwdpzHhDGkeU9LgaFvOj9mH/uxvnJZUB+jefOw4wEmXXqvX8ars4tYqoD+FvdlLszVwIzXgD8YdRRhxr0OZmywL3EZm2ri2EMH3898s/Aj7x3LTmEv3XqB52x74JZC8Q/1AGRfyrclHm4kjpzDGPubBIf1XKvv1JKmLIdfftcLly8VHUb/Wjylf+bbP8z4URHPRv/G155JUVVpfmWfhus9te8bt0T6X/+Xv8n+Acdh1nJCUxmTTTd6zysjI1wkm3bNk1V9S+nxDcde7uIzWSNmxQzmfZ/8l+uu9nc9jRFn6WQLMEc/fTWA1o+uODim7oemM5tYnwOaHYXHhOTqwP3ZoQjYRJiDkmQODnQkBR1fWoktOHoAF/hTWfl6TCei1Dzo9TsM8BdhXHdZ63UKOe7Zd3uWrtN5+ScHu6703HhZjqFEFhzLqAQdeFI6mJo79A6PRvlM5vDQaO+bbx15/8OP3rNz3vyWbO8dOLni+CUMBC2xeGSKjFGbJVQ/SHpMaK30reTv5ULXLFtN2xiam4Zh4yhegaNBFd+OGcHcda4GbnENDA7cyBa321rByZiyYJpfkQ/iFfG/++svYe/Ghdhap3pGMrWtNZnNG+tVuvPYOxLP5XF5j8j588eeyS2vg1w0xixuV9fFXBFSGzetz7gZexrO44Sev/nr/5iC6qbXrC2ezNNV2raoLuM0Ihq951jbWnx37zYl4wj6bRs79HdBcXxx8lsVow9fdPjSd26D/rcnY0P+J85kuKaRdv+jf3Z7ZWDw9+e2H5rGSq0tKvodcI5iWqRwIt2ftHxx9lPbFAa/Bx3VZtFQgj0OytoliHVcUYtInMVJBESGebOKFE4lrCGIJFEa/H17CkPaZjApw7rVcqfo5Nw+6MD+OzybHTl2euTYqa4vjeVc0rGUc8nZgeTncOFMYiiEOag+k3n2wpV/6O7GuVMIu3dtzfrDzILKD1ip5IUie/E9thKaMl4dnkOKMMd7PBP8/VqkT8n0JvuxlhIO5hj7jaa2zqV/sWsAz84tqQB8zNiQXs4Qzp/CRx/1lI7nXJJvJHmmuOVZOVTVZR1/hcc9Dian4bQtKW6VVJbLk3P4IZCHpThesl7gDCw/0vOwe/d29PHVtjp+vHgX+NPATdVvZuC9TmeFJ6Mb22HJwcSKqbxCJiNgNtAOt+ybrBm31MG897G/OIDzYZ7G7M+kp14nW9CfJ/rx1l8ms2njFBuOZN5XBFoD4Cmo6gkgdyP6C+uB+JiQgj89MkjER6cWdxAfIicVu78uD0D5jTWdx0QHacnMS6R1qQHOCKG/v7g3mkGzbB9eUy8Mi+XBWXn73ZPfqedc0nHkLzqVVloqtJ87mwCIzpQEg+IsqKDvvnf8AhMd2AR40QLMtAYq1G9encava0BXpVV8QB1fjl2Ew5lP09PPj0VGA314Pc5vfOamK73+5+LZXQNosw0b2Lp4zM0SGpY7HiO3+fLA7dXKgWPECJxHD+Uv1B3O+HpvvsVhe3u+bjOlSdOnT+dnfq9dtyZbWNpeyWn5sdCZ0/myvaUrlmW33b7T0ZOKl4N36/atkedS9+Ws/EFPRM5QYir3Gk55cfEpbbyl3ldDlbSTe2JOhvOWFfHAY3/xGBa9PjEZY+dop1oDVd5kFAjHw/2NCCt8+IMOC/7VrmqiQE7PJSJjwmBJNhduKH+N7U4W8foj1//STRGOLMhzy1PXKdcyOGhfJeeQPLVnz7aYwZGOw9d7+98yQHQIJTQ6jHQi3aGMnDFB2uiARp6I1kpOrce80NXzgoPXr7MNk1XMUOa0eBSa5j2dltZh5Zg6bhb/CL7+vnD26EglG8Q7ttQ6L+lcPFcDs7MGcIJUw4YtnoBD1rDwMRjTD4LmtdRe6cazxD2MteF4utn5kiXthdOEnD+NTxw7HrPssjaPcYb4i8//JNIy8cRTj2d0FicTeCzmE08+buNCYHzz9XcmI2JaaKdyr7G0P39FPolN1jHpkHamaXpayjQ5IZWmBaMDuyfDc9MdzC9+8YvN+x/786dGKiOPTsbQOdop1YD7Hpxdi2mXWOV2JoDwelykldGmrUyolVMKEuYYIe1SiRRBTIQ84KUgMjEasyyjQLHC9WS62lxIAX3Qb7pccDVwaCj/StGpGPOc8bg9BzznQ4fPfi+fvUwpQzp3LiOyzusOKxbog5Np+fwjoax/YOjIpUs9gq9YgbVfVnwrEsrMchPJX0BJZxBUgDssGhX4mL9Z/P1917MLp9/H3p43ip95pkbNpedqYIZrgN3FREP6XA0O3sAzl3R6ExUCusXtxQ9PJsE6JVKtaQ4S5oWjZ8sCe6/nM7PcWohfjNcKPELSA7e+2LRpg2drxkePnirAt+IkoHqBay678WW3B34U9Nu/+7ns7nvuZP/o4Lox98n87K89mW3etjHS9GN96ss/fiXmb1ai8XuNT3wqw4UvnlDy0FpLLliV8zm10tE5n84wMsJlyagAAEAASURBVDzKdZgTDtOrfRy1GDib/u77XZ/Cw7x/HNI5dJ0amPbX4+lHPPzAJ/9YJbWgqbmStcPt0b6k6hbC4xG7COb5I0DAmMi9pEicis7RdKx8MTr7ntgBpSOHywj6oyTlHehEWNmL/d9qha1Jh3UBG5/39N140+hqzF6WnEs6lu5cetrzQZcbUqXanVhs16F3XDi3PDqRKqYVPK/GRIKXymOiPJ0qdJjHLsLzHk+dv5JdvXw+u3jheDYy90W4V/NcPOtqIG3xZeOAw4M3gD+SGgkLFmLbrXE+jGlE7ng8fclrbR5f2FZjQ/Er2CYoDStWFE//cdyxoyc8qZhHR44VTp88nY0mr9/33nV71dfoKf8//N3XC+s2eT76U5/5ZPYHf/xb2R137Yl7ZToP+/3Va1ZlT37q8ewL/93nsz137HKU4u986wdx7XoBMYMZ3mPe60ZCZWT0Ag7+qD0QJQLrO2P1MWESI5Eys0k4CDuefvqLtf9SqaG69tx6DcLpAN33kT//JCp60gtFp0P3nIxx23esIjgrVT3ySFbZAwIsQjQn0B0aETLDhAM9L4khw7XN/sW50wmfs0mI5HAWLxGIDkfOJ50v52WagV4ZYU4uGgACut42FVs3rRM7L2fOduXvkiIUInzNZa4Vy2bqL9ImLpnx5evyJuwcTIluoUlHf4HtPnhs2PzF2Gh4BE6wzriV2VZWrE0OXOZyFwWYmBQWi58oS/Fp2riLRk2Wn/3lpQun8LVr7XODXcdcPFcDs6IGvIHLmEJGkN7rV7OFbR0NmcpXpz2XLzfE2yjT5UtF55Ef2/T2FV/1d18q2sRN0s/UOM3n5IlTchh9P8xtWuv4g7qm8cMgzkzSOWTgrOS9992dvfj8yzV5qPP/+fJXs1/73FOFj2ToRH72V22VHGclr1y5lrXD+aQD6t17WeBPX3o9e+2VMBdQRs5gfkqvxyuV4zStauzg+BICWmRMO2w2xhiHW94/f2EHbJvQGoWb5mByzSVeiz8wGyvt59wm9qYKcJhi2mF0O9Gyc7j7ofqyXF4eN5Ik1XYjggOEfz7T6I4d/Tzh+Zjk0lyNxYQ7nnGNYHKCgEBPfWmIziaBrsvlklbFNABPhakV0k2Iuy72vOMzi4G2qDAAqzqIGoJLTmaJgrOjtqH98HCFX8LgDVArtvJBbaLgrFWWzcvE21XLEMJYbC86lTiMaYd7TFganDbFO4x0Dvc45WWas5XdF07g69P8FVyZZibyHTgeb92G9dmqtWuyxW1tWSs21tRG0ZjBseAWp6WZhCXOXmbhPWGofnwMrjsH5kCmCvS0+CKZJVxPShNIakfGUFc9mSArF1dWUDufjG+11QpK3iC8lgESHTSHKPYN4CPItReUABjII5h8NtFT5oiCzZbA4beFkvAJnukiq9Lg0TMVLOCffkRxIolwoQVBupL19A5mJ04X3mIGLeNHi9uW3AIHs2jrMjiY6atuWt11vrhN0BqeB/5aWGaeFIsO48mTZ7It22zmctWalZpBvHC+/lfaP3rupehgUtSDH7wv+8lLr2A7str97aF3D2f//t/+5+wzv/JEtiI5OcjNoJO6Fr96gV+jvwCd333mh/VIZhTOe9xowBh0oorXu6wqBAG541kTfauBTU38y2L2OJj7H/vCQ1iD8Oitrpefd/3oKMs9c50ig04+Y3p6D3kJrAr0fVrQga+z4SKdwUw6drK5dvbbDKGzt+clIAVznKjixQYm04JRAP8DMWLzjW1gKPrJQa6GjyCKowfDGM9pO9ZghlC51HP9eZMSX48bqvRq3BkUp2tlCssMClS0G7dFBSkgBnlGIsLAwHDutxSKggFTxUeZMbCnKE+nAssw1oDYQ+x4h6e8TDve4U7nsePpXF48eywbGhp7nz6XM5V405Yt2W137Mm279yZrVm3Lp7dXiWTRjIEI91WA/JqBN5u2DzoK5XYDChyIzC8tfdcVp7K74rB2HKlI8h3SkqoFWr5a6RzuXR8lA+ETh+bdxDreRGT39UZu7UjwR0RKZWI9A52PvHgEspDsNVhIAj0bm9UnKgxxy+h98qnLOeP5UO3RAcwhlCfMY8ERcmQMhBgwCUTF9WdKgYZ/IHM/CiRiLnBP1HURTh/w0Mj2d9++ZsgTfWnOuqn2zo66yNnCHOpNGO6fFn1hzNnscdkGjZuXJ9mC+m33jwYHUwi9mNG8utf+06BJs3Q+Txy+Bieza0Cc+bx/gf3Z8/DCawXzp21PS/337dPDumS0sbptfh4nw6/dyT77refzS6WTgGqRT9TsCnc45HhwaHT0a503BCw/iCFdsmWPgtDZRe/pcFv3IdlxmcwDzz2J3vhXH5iFtbSL5BJ47YDqws4Qt5Hp5WDbn8H4NhQx/p24jytQdWHChDxidB4wQSDCHFh7MGZPQ5wysoDhi3xcFYDAw1lA1B31oXE/jyKj5JwUnid9VG+ZqkXZ/hWMLVuuhLtJUUTmb3MucdPLZhnG+j13eBrLasIevIMLCerQgO3isVMLJRoRBdSKYYSmHeYx4E0wpk3bTmtw+rxc/+7S+dPzKhzuWLVyuyhhz+Y3XnX3Vk7Bm5z2IKltQyG0dFxDCWKzSD03dHBK4lheQshMhJqbc7qHYzk9XsQ5VjC9UuW40JMHs6tBUqR2FybNIS8oniJ1EGf56OnGCijuU7n7SfqdpHWCvLxyluFGxvq0MEh1jMHEpZPlJJPgBtgsf/5pPZLW4wYyLTkZJKwwJxHer7BR4cvrS3xS5bRqp5lFEUFWYhdf5QolOnjzBeP05Jqrx/ZiBUs1EkEBMybh3NwVyzNLiQfpER54yT4KPMDkL7rN2+5yKWLxdffGzatrbLyKo5evHb1etYRjoxctwEz/1iSU+tM8rfeOJh9/BMfjl+Q77379oxrHYeGuJKnduCJOe5gkuKxj34oO3rkOE4jKjq2KTdnOH/84k+zl196LeNazx27tuKtxLqss7Mj46btPKucm79zA/aT+Pjo4JuHsms9N69eU1s9zXsbumsHTTjG+sszeOeT7ykFTn9CqvYpovNZf2YzeRImrH5GCPFELfzaMxe3QPjR8RTMqIN5/2N/tnakUvn0eEbM4SdWA438de2S0Tmzxy0Eup1otQGeOKFVr8ebd3J20wY6kltbt8GgINKEGdoQTLvmmEZCnXzApfSJOB8QNcCRRoMKoxozG+RTEUHo8jAYteCUnHLgeketeQSit6/PqctkM5pf2LpA74Nu3OBEJk3wekWsgTAMzkCp/KSJaaP2ak0NLcNcMmnSNPNl2lqwnKeSdV88iRnXmXktvnX7tuxjn/xktnXHdthplumKuqANBduqAI43Pv2ZBJDLqRZg9Kxnq1vnt1jVj6TrZ7uiE2PSHWG06VV/EADgFju9yws3MJgDbChHLI4zBKG5nBIi4MtPtD/i8blx+bXZ4+PCgkkX6HMHDynAyery6Kcp1DSYQFEHIk+XayWvR9ZLoQxlEUES/7q0PoCx9URuG0nkcwJOO/VHqFc45FEkr7SGwVGSoy6P5TTFa9euaMjBpNyO5StvqoPJM8PpQHYus9nTTZs3Ysl3S9XRiIffez/bf2AfTVTYvnNbVmuLHzqSr7/2dnbggXtEtwBfnO+79058rf1q4KyOTp44nb320zeyffvvEpKbkP/Krz+Z/c3//qWMpxKNFbg2/n3MgPI32wPvbaMB20nx9Xj8KDTKSSYw2HTr+5X1MXgmrHlHocXEdH9BnkofbtbX5EdTWK10fetrUU8Cdt+nPr8Yf/v8BmpgRp3YSZg0R6oawFApz7L8erxm9YR+uWKLcwokbNv24+DEFIPHhbHGUPnI4pSUTgbv/Z1OIALtlw5EguBig55r85gCSBEigJvnYVvGUuCX5YPhL/OBgaGUuUSZZ+FeB8E5bCIp2FmTb3Fbq56L69cxgykL3IwwGJIrgBhpmA6jcYKSCc7JTJpmPlWeplO6eumU/0r3uYzbEU132LBhQ/b5L/xF9gd/9qdwLrl2nCVlHdAq+9FuK7O1NNnLukDCqB1uMWH8F0W4gCrjoUXCDGHaTJfpo2LKgT34Ob4sRo6N8EX9kg0mcVIggsolQbxMLJhUXKlDQo2PSfvlOOLpjMkhA5m0BMJyNUiWime2iCyYFJqacs5HqsKPDAzUqZLlcoJmIiMPb4l+5GGgbkupXLSZIZbT6fEImSqjdttMshjIZKJJCAKXS1qCmB9FgrOZahvIe2yMWbZuvTbJAGbyob1zKRy8GRtOaxp0/NipCJ+HU8nWb6iexXwfr5fTsAsOZr3w05dfK6AefvShMb8OJ/G3v/l9zZI647Lly7Inn/q42p/DfpZj3lPe20bD6MjQicjrr8dvbjOJ6qczgcdqQtsVzUhR+X5+9Nr8X0OnfPMXp0xnLf4MyUKnzO64HABLZibL2HK+Fulothbdcod12K7CBhSyE2IddU5hKevURUCA/8gUuGLSQQLYxQePqDEVirQNRsBy9JC8wCyDnAvv9XFmrw9cifisD6/GGVoXzMuJEwLVp63HqonXJvRce1lafzm2I5o79SuWd2pq9WI3ju6mBi+fl4VlBFCDKdIqZqDhAJwalbKn6SgyFR/Sk+G/0Xs1u96T72WXVFPDyQWtrdmvfO7Xsz/6b7+Qbdxsf7/wnvt9TwWzHPzRZv+xQgyOqxOkTADyvte691X0zs9KptzwozimPZhuoyFdDNGoCFEi6iZpII/yaBttdARJIo3J8TxzesaCnrSOojxjCVdTWLP80hHwFkVOipcRgOvVMgxQXcDGVKf+1pIcklsixjoa0PiSuxV1SAXV4McyUSfT+gV9yOq+uUzmLaC2QOg/wVCPnLWUfSoAoKDR2k/BTQ8fJL8fZjL59GWvukhasgqvyOcvaGw+ZKqOSCjgpKJjR3LfhYxbw0c6qZCjR08WTvTZBgezniPMNY6HD+UO6eK2xdn9D92biqtK87Sef/z7bxTgt+Pr8s/+yi/X1VMgnuWZ9s5lDZcDbXIAB1DgFXke0OTY1BHoepVmIBNvDG0/0Il41l3wx1on31CPZ1hSpPFIJ47/6ne7PoandtvEOeYox6uBqbweryeb/XDEuYOaOkxcHI/Te0iTE1qu2Po5UFonz45etC7cCYsCglpHhmwNmiKFC6U9SPMZxMBRCJEBcP4HfmGN/cv6sC0Gw4IFrYmA3AEsyAyZsZ3HKg7MFNfy2LOsffGC/Z2d7U3snK/R0aUF/Ml2K4DKR6D3M4mVXuZY1MDuFjhpFFkHPxH+IXyLdPlioY90NQ3HW7Ztzf7yf/jvs3vvvx+dN61EaWmM/4JkK7q1LKsPQziZtYFAzCgg2AYtaSlKMClG4k2G8vWLrJRo9tgNMdne1+tcZQpmoJAoIAgyjLSb5qA/KLQcicyxdHZZxYw4TQizUmHZBEPLaKNRu9MUyAwezKHd/FFONBcUHNb4o4NFmyiR+pjiL1ZBSFBH1AOmvBwSIF6yGbNS4eISQ+xZMz/KYTaAjA/6ZDehMghg50VcLk9OZOxWJhCy7AaSPCUJY5vDfw5+FKs8Yh65uGVzvn2Z6Cdxmcqr1EmoiaTHj5+MaSZuv3N3Ic8M1zQePXo8wnk07h131p98egYf07AtePjAB++vucem4xlz3eW3v/69FJTRyeTrcr62/1kOHcsbn9UeHRp5F3U5WrV+v/RqW06Yz26WnU6rvOSOzJ7axPJH+QZjWTTtDuZ9H/3CjpFs9ANjKZ3D3dwawODg/awp1hrL1AZzhNCKRRccKaWbRrNtpPQW7nHKbWnrzPPBL6GgJDJ6nApR2gEeJ7ylZNr5yUACBLTBtEguiqx18eIiGLkL57sFW4RF7zUmeY2ximtswBgOaJSHCZ6mNauW3U1Jp053YaYIjyBHeoZIZdlY64SzahCHojqBBk6vNY8j0liUdZzHBLpYEeCS4hx25SL2yCt82euYxuIPP/6x7Hc///lsCbYcMgvSQqNyQhlVTqYTq/xWmxtIDFNmdy3biZRjCUZ3Emm186gCoIMW8OeIiHeFRCEt20jHQJmMSo+Wocr6SAvqKBhNjrI9BNk53nAkoV0FUubDP2JTnIvz2BxD5mIJhcrNMDhf/+sDnWAAZUpuSKjuBKNBVg9mF/MmHqmi+aKXOkMwKaGBEFFuFVMpP6WRvFiPhKm66eSKxLVSFtuC8UU9kpHIFT95SQed/A+BkoI0wTu21//SGkxjBn4MsgAfqtys0NNzvbA10arVK/Gaf02V+td/Wtya6KEPHaiicQBnMV9/Nd9nkmsxP/nkxx1dN+aHOz/CRz9puO32Xdlv/97nJn00ZCrjVqZ5Lxs/vQef9owMsCKtUboDWfK42Ozql7FEnBCi3Y7BlxDOYBJfJG0dT3z9EozHWQP/2GNfXIhDkeY+6qlRNzMJQoeJdloVasBAVzWpFnir4Gj5TZXF8H9WUrI6dkisMZ5KMZXx54OfK9dTwIshLfa0enhHUgwQxPFXCgbKrxoknE5xMsvivITD4EWL4GA6bcAdP2GzcnxFvmxp2z10/JzNY9Vr6TU5nciyI1kDptnL4n3JZ0c3b1ytRT2nz4R96jSlRFvDL3YdZpIGfya9qpDmYCgsLooDK6JCj+WiyjSkY3B4mnae3p7L+KiHX7lPT3j6N/+b7KOPf8JmNcxDKAgmqACmIQGm8rKsMpgXcynoHvjPSk4G46NwOXJGLg5y+T+nc3JzyKSArFGylEKx2hwMifSgMcdM5PES1MW8M+TyzQLJA5XLc40CkJu6iIRAxvxRtmDEkxBtp/xPKGIDIWP+WHf2g34m+IcDt+oxSRSlH+UKLfkmjTqcUHIpiyhnZiyIoMwouG7RlRioOddObv4LfIhcNCESz5gJJ0KC+fRHXOwNAxPbB2aRVAeyR3IMqXoJIql9zeoVWbKFGTCTCytWNz4DOjlNRl3edHzfPXurxLyLPSivdOdfnXOD823bt1TROeDZ7z5feK3Ok3RuH2PW0/m+98xzGTdCT8OGjeuyP/qT38keeHDsV+0pz2xJT+VeYr/Vq5g9zrcnQqHYNPOyzayDWG8ZRK5/6imUZ9PTT395zCnqaXUwr41eeAIdUeM7kk69zD+XEm7a6/G09uBYNY1iChw79xPsnbjSKV1I88nhjw2KHbUGJOHCM4UopJIEmXy0IDZSJIOIhEQMqY3KH1cMhmK1QdSowzWI42uattIpHSdPnovHSC5f1p70ytERlGEYgPxVtxsq4e5UMi7opOWoO/EZIuLpxK5e0fGJNWtWNPX09GUXLl4HBYykCP+RhxyyPRSANYobwFpVcDAzSDPrP4KiQmaS4GweE1UrTX7ud3kNx0BOR2hpmZf97h//UbZ3n33NyrYhe1EmDfghznUJm2dBLYcHYGuHgQ8URftZQ1ZLBmcuEJE3/IuCicSP7ZVJ4aXAeALalRqxKJFMAsugYMbhVsKG1GBIzrUH2sBPXupRwZByUQRRhEqTsDjeY9KlQc8ekG5TSse05c0eFR4avJxmt0kz/sQesoCQdcRAvEtxOcaTwKVQ5HbJGZQ3zZAluSZb0llwhGhXMJySvVwiSCwQvdhQn0GgnGgTZXyQmzv5VIB8WKKhNJTTpm3bN5j4Bq5LsB/lgtabN4v5zlvvFpzBO/fuyVpaimM+6+yF539aKM0HH65/5gm3BSpvaP7LT35MJ+wUhNTIfP1r386+/Y3vhXZmBFx68PFf+kj2u3/4z7Pb9uzUPajBOqtAvIe8l40GnNldnDZ2QZp5zN0upeL2ROZ04n7pMQgsadqlzIoYfx7OO9z9/fyQ+BpWFVtiDYKJgu792B/fgZ7isYnSz9FNvAaK7a0mX+hGCzjA4CSql41wjVfBKQo82n7Y/BeQjXLJCAMcK8xvfAh98HJv7qHfF5rM7MeDEMHSCztqDgiMPYjfHxcJCJhIEhOGKGVdDuOcHRqQEWmBPsmAgB+V9HKfulAYOu1r1izPli/vhKM5svDkqYsvojyhtvIOQLqogHzFukzNcZPKzmWAm9NKCffds/OpJUvaml5/A7MKV8OWP6oYkrJygt2J+cQwBFdEaZpiRbHyE0iWRILR6WoXF+nxWLRXL52fli2JaOfv4ZX4lu07vGRml+o0GOcGlbK0j8GqPbeWrPyxArweGLPFEew/S1FCKYgZsKBAMpxEsq0huH41dEh1tsgoTaAKCOplyPVbXvicWWpVmkDofFX2RoQlYvkgKxHnTTqHRblRQDCkGFEGf7GcRFM2I5HalRRezwTr5ClQRLqQcGqx8hIA5E2yBlcFOEmOZ8rpxYRLIBXccdIeK9Eprc+hXuubmHAc4mAH+1MvD58hJ+H2VvzXtmhRdvDdYwnjZJKwDH/Q9l67MhmmhmmxDU62YuVynbxDIfya/ODb72W9vcXtxLq6Lmb3Hrg7mx/2BV6K7Y0Iu1hn30+eCsSPhjqXcimLyd2I2cg3sV/meOMReU/hvPJdu7fLHgnAhRur37H3tuwuOMHc0qgPR1vyiMjZGFau34gjMKuXVk3U1sEbN74OB0yvf5qa5qmJNXFYURtUK/dmChgQBPkDIyXFMUig5OLPQQIqJMfDF4inkmmqXD137OXj9URMi4P5iU/867YbQ8O/CSXVe8LU0zwHn3ANjPVAA6emWUMY4OpIAx50fA2O9ZehQyVeNPRDgUHvLJzS2FS7CR7m44BWfVbpzwgJiw8FJRtUKOWs07fhyDrzSCFNIBIbMpE9JlxM3Zgi5MjSqMDGQYPwdEDhKwPSDfbnHdqVqz3ZXXftRie6pOn06QvX+weHLtgYxHrRAy4xlBSl2ZOrvMMV81U6FJfuB+jMueTs5fpVnb+8984dqy5fvpa9+ubx4BhQlJcXad0dwhBC5GhmDZTjVWyWFyC2E5rn0iQDlzSfpoOUiHfc8MgQPuwpvN1xUZOO//m/+J1s++7aa8FVlW4E7Qz2uxLiVZ4S3PGxNoIMkFkIeReNWslZkCrmcgDbKP+xnSik8gpMzBhAZUjq3Rjt6iy+TtPzOXegDnokCyDXT1sKgTe5DCMEYP68/MZHYKkcQZh9WEWeojzmCiECLOF6CjTIeJ1JHkipVaK9/gRBJsoLukVo9CYz6GEGhRE72ZwvJkSQsDhBADHrslEHtC9ShEpiW5N84c00Y2nC8aMtGZev1NqQ3DSMfeVHhdcudVftSTk2V+PYy9gP855779JsbM+169mz3/sRdKt0USjzXC6yfcfWCOPema9iH0s6qbXCieOnsnshtznMiHZgM/ROOImH3n2/FnkBdgU2vfX6QZ0tzqMn07Bw8SJt0H4/XpvfhQ3dV67GH/orlot23rx5OD93Yda+pB0OabtsGx4u7FOeipqR9HxsnL9205ak4U1ODdasnxka7NeRRvrABw4k2p91Q2rDzdb0IFbtsqaDGVtslXI8Z8WbW0VB0+vz1yBvGARDmuBgFve3SqRNi4O5dNO+J6FozKnSROdccpI1wM5wjFCrJQWYHA7Hm+cBpzJIIxwwzGAaAHnhDD5a2Y4cdtAlEh00oN5mGdMkz+e25R05haTBMQV4IQPqmI8JgyXZokxaF0rjzKCVXW4cDPWHDV+M45SIXnS+9LSxyXrvDa25WrasAzO4oxvPnr38ElzLQF7lZJIFdRXcBVZA8sM9opVuaZLGTDBMaG9dsOHhD+57dP68lqYfvXgw69MG6ym51XOsVEeZVl4RDMi65E2joV56Q1stp6xBqtC5BL+rBnZ6j3uudGWD07Ch+hOf+XR2z/798nMom7dEMYwy2wvWq1TR0BoJv4+qd+L9HovW6iPqEEzarK5IXtKQapeoBCBdxh74kAl41yEVQa6lcwHpvQlirPAkDGRqMeQvCTQ7yeUhl0tITp7SBLgrS1FIU4f/XGo5NnwiByVHztp5QmytzFAOVhlkJu6D+IiX4pCL0FD8PB+0SJUXjqII50Uxkl4LxXzQFxksYf0CKSmAsEBAEJ9b/MGZzxGZxNiXwG72uadO1z+RBlLqB/BzWU7vtav1aaYRw9nKg2+/m53FCTo8UrG/f6Cm9LNnzme79+yIr7r5AQ+3cXv/8NGa9JTT09MLnp0Rv2btapw3PowZyvF3lhjAZusH33kPX5mfyNbiHHQeJ1kOPIN83fq1cnw5u7kfs6z33X+PNoe/F8dVPojjJ7vw4VH3xUtl1hnLr+Ls5eJqWyeqcGRw8EcjI8PnSK9Wbg4mp/7Z8AQlTs5X6fU44RbUJtloq4KetSpoDrgZ6y9dG95mLLlt65PPHzv2PRtUHRHiKTuYDz72hY3DldFfKsmdy05TDbgzNIY46x2LBIDZ/UZjdDxmMEf42ptdbYAVX48DwyeAr3nRwzY9gF52DTt8Epdbuksl3BXkJhShPpSwA2c6xSpNAS6EAAZ3gyPCwNXXnFk2cfAIPCbbBQMKgoULF2c3eq9rAKGs7u4r2d47dmYrVnS2XLjQPdLXN3im6GQWHE0X5krrxZDMmUtzLnkrHrz/tt9bvqKz+bU3j2Ynz3THUpm1LoYWeQgwRh7yoqkmDQxguBmM4h8jDnNexM7uMVFpmvlRnGp2qRuzl6pHQhoLe+7cmz3+xBMoZ1qAICuArLGZ+QSxdehK2/Hfy+JNmFgG2swQiihTncYwdo34AMz5LcWr/1I+N5m2W3s1jdTBX9SfWxw1yI6oGCUq0BuZ/kShrPAv1nXkMzrJUtKtzDUb2MoBMVYQRzMbUKKTJ2u2MM96ddkei67eJcjXIynBgd/1uRnE6QdBSMYmFPAuPmaDkczndjDngp3DYtEFLOklh6SpHEKF4L0KKNBoXWYQx/VA0oALbWSaP9Jbm6tky3C84nvvn4IzVXt2L4iqGy3EzhW9166BH8eN3ITA2dbz5/CH4WB9fSwbae4JJ+/QLG7OfubM2ezypdqv9M/jzPEFC+ZnGzflX9fzA6GJOpnUwVOHXvnJ69mZ02fxin4e+tplyf0mRf3AV+mdmMl87dXaSxrrczaGWbioLVuzaXNjzOBCHV8fvNH7dSTz7YnoYMqvZMO0H5saU+XX4+BHU8z/9CFJOeTPShlj+fHwtbkahjaPVvqPnT7+45oNaEoOJuqi6X/7P//xc3hc5z7safj+jM2o9laHhPVfAxVg7DLZaarbtNfj5kAKbO0bNMnrcSLYuvl6HKmPgjmsVqcsExv6cnXGpGeQBsbKCaJUnk9hYWAItKLhxcw1IRGYSGAyyQZ2RTkYA19qpxvLZzak+bqH6zH7envFy475On47d2xqWrmic9PJ011vDw+NDqBmk+eU9RwferekHAeTzLFkhjOXNHr/3dv/dNvW9QuOnzifvf7WcdGRmcFiXtMKEApIwBycEwvJcpJLPy+naABB3nEiDhfCGDxO01RD+PXrl3Fiz9TO/u1c2pn9zh/8PjatxooZNySN3YYAUzWBkK6bXa3QvAH88RnwmGUrB0Jkf0TFRCQlmzWDtG5Mj+mnqVYLJiswUIJ0Gl8UyIQeP9qYFzNYYmRuKwRKP6CUInoa40GA3OYg1rExjhSiB9gMld2GM9lkkL6gFwRmIBEMyNOOcvD6dnjMJ6ZKcOT1+2IcZZmxWM4vo8w2cjjYxTFPErNORjIpdGptmhY1mGhrDOTBz6tY7qQ+5okUlggsanfiDxYhasJxsnirgVnB7hLTxLOteBV8tTvsFDFxthml5Cv0xbArPfVn187tmmmstx7y2FHOQK6RY+jG0clsxQzokfePO2jcmE7sO28dyl7Ba/nr13vxcdKozkb3daH1BBzCV/A360jJ9Vgr3ui547Qfs5fPYfZS64v0PGCGkk3RGjHdLZs5YdNT8/sZfj3O8io0ZdfOHn/pWMgVoik5mP/43fP3YnLmQEHiXGZaa2AsBxOK1EZLCgNMnb/jbewsOJjgLb0e18c/XHuZNeHDnkq+l2nsfE1c2nkLRUOA0gBRMKkaQlv54IWuPKfOLXVBoVgmIwKdLmCLEQcaQpwnYAF0J4WQeTg+sgVrffpv2BY8XRcuZR3ti7NNm9Y2LVo4/64z5y79hLu30K9B7xDGLvUTLCV+0dkMCtypJM4CnUss9m96YN+OP9+5c1PrsRPnspdfeV+DHomqyu+MqhG3n5T4SaoukSpNqPcKaBkrdlwUs7arakTsroUZp7nSfVazmCJo8PIbv/3bWFfFyW9KZd2bIP0RX0MmyVy/0IHeSYkLN9ZvhqNqxu5s+LMj+bKFN6WahSDTb0gnCdVXfbPcPmcsiAQQeFsmlUuy+1JDPw0KFWSLL3g37Z6lYgkhmZdNOIqPtnjGdVqVEZ1DgsTQTGvVBSkIT8yKeXGLyZWaPNoksGVD+fmMs7wWF6xIDHJxkuH8jpcaXEhk/2NxnVQkxHsjK1MEPqsEt9vqV/VJQbLRJEoUZeD/8mUd2aH3cBJOnTWKbkO9mI7KCF4n998ofnBTj/5mwU/iA5zbbtuZLW5bJJX8MIgf9PCM8nplPYwjJ7ds2Zh1dOZzSRswq7kWr8yPHDk2qZneIcyy8kOgt988mL3wo5cRv5udOHEqO4FTh06fPoc9iruy82e7spMnTup89Od/+BJur9+7maulpStWZZ34TSHcGOzr/Uc8XiNae0lB+ewlChDXXtrZ46XX4yhjKCQabf5kMx0Dn5Oxws18PZ7Y0Xz2+MuvJvmYbNjB5J6XfU19/wzFxTTFXJiJGmj89TitUefurZG9PCYr4xpL4Ou8HsesKAYGblq2WZ2ySygMU3wOioOKOmvSit6ZPAY8oDRQ0jb9C0BEJpFUCEW2BBAQVXhxxYvL5rMoUmcLDyefY85itmL9Tz++ZGT+6PEz2RKsEdq1a3PLss7FB853XX57CF+72JFz+rMzebY5Qqc/U02nEuVognPa1NHWtumBe3f8iy1b1s1/99CJ7JXXj5iDAFIvazBLzA4zSW6w5WIhUgaheFtZWpYzkeDsobzO5rFTep6iCBseHMiuXWlw3RmFINyxd2/2occeUzrtC1V5VKgfLn5zmBQ1LjQCQSSMAy6AA8ZLTMokBCHU4/0003bTXIPHxkf5xWAAr0uPo0G5IWKTfCDJJU7HK+OyWCykmS0pNIrcAre1DI/1In4qKVIQbJAAjw9jLpupqJ5k4gn0RbJQZ6S3+qO4NLi+IMbKB4IoLSZyGcbDugJShuREeSrXYrotbyXOqUxKuBJcNjCIcQ5SWhEMgn4wGMsYMPA7BVlj+8GsJx2u8+cbX/+3sK0dH/xcxN/yXJw0OwLLxGMm7953h04volVtOBaSs5QH3zlU9YEQ8eR5Cw4hHcrleMXtgV+w33nHHq3J5MbvjYQb+EOfG7xzjehJfFh05P1jGR1azo6eO3s+3o9GZE+UhxMO67ftxNrZ8uTBRCXw1KShFzBkHCeHtfMWNTtshYU4//OarVAtsebspXHzWg54JiSvDE/z1oekkJuQbsqW7Nn61I9qrcNs2MFcvn3vo2iJO26C+b+wKryjG6MC1E5LeMCsM0NjQxqOELPjfD1OGexu0RE2g/5RZPM/VYnUoMAE23i12ogmCbWWqFKOvMM3ZyHSkog/AhiUxkXPFTNJKGWJsSHH2V2qxfbgwXVG1h9CzmQuwmLugf4b2kvu/SMn2Ulke+/c2bx61bJ7e67fGOrt6z8He/BoYwhCjMicSLMqT3OpAVXht2Prmt/44AfvfKBt8cLmH/34nezw0fOyTdZTCCqLpAwqYogtJ3C4JFhqok/rISQTCAuWC6RkIlVgJo2Sei3lgiwm7Pq17il93MPO+bd+//ez1tJpJmobND+ojG0lAKI9wX7mnZYszIsmMhLK4JyhTllWhpQZWb/fOSLwFSNI81qSFIgxArtblqZomYGsU0d1JAnwgiwQ5NxBAGEASp6ps7SAhiSOFLLfBARKi0x/IoE0xip9zBpbuFqUywjtyatVM47OAVqvTup3mpw5SUW5TLDWAiBGlrDy0CajczKXFMhltMpMhlAeozGKwB3ZXW6VHAcgdp0qB8vN/8HnM5gR63EJCsjDWcx3Dx2PHwYmIieU5DPBmczrV2suUZuQjJkgklN34WJ2B4509LBs+dKMH/G8g22Oao09nPDgK25uccTN2j204vjJfffeqbWaJ/HxzwQmRpx11sRrNm7RWDAFgzCM3PgHNNji7CVbsO+1aq2w5uxlrlcObrlJC533Yzl1OTURmjLPNOSbmlpGDp06+kLV2qqGHMwPPP2vFg33Dv8aDGuIfxoK9AshotZD7gUHjt1gOQSYBiXHB29Gs5ekJxw/tGEbQZlGXxvkjVRagX0MNNpbQdTIWGwi88GGzwG6YUpIHgnmjcboyc6Q56y7N6gkKOkionwy8BcGBKePcS4wgvKE2WUPnBWURpXt4prMtvYOvMloyYYwg3f6zAV8PXo+27BhTdPde3ds6WxfdN9A/1Bf743+LsiWo8mqS3+8F+2LWju3b1396w/ct+dj27et7zj8/ummF15+L7tyzfe6DJbRBgoKWUYqYilv2ZQSaXe0UwbdAgJMjlKhAll2JQONUeW6Y32bMs1eYv1QyE0+eujhD2HAujsy5u3XNUdUTNBGr85gNgwEfcIieAAl4FxGQqz7TaJahARTHxqr6IKEqDeRSAG0zMTwarVl0FBzrqNckS6nCs77ASbAhQr8LoYPkdIyCGkQmZ2BwQ0VsytxmjwfU6KHRArlz/mkhHwGZ5k8pGljSHBIuglOT1bZSUBAymayVekL0onjTxclmFHw+iElHV4GwowTeaRTR1h40jCBEDRYhleKANIfnSDSwLEwIFCbIAOJLSJRM9ZiDuI8766u/CQcUk0mtGJfTfYt/EN2NoVunO7Dj3XSU304O7ka2wpx3WN5qyPazmfn3YOHUZZ+8Vn7RJWhLjdu3pDtvev27NrVazf1q++p1mnHsuXZirX5R0yNyMPExMsjw4NHyKs2yNffTGvikm6SWmBsWrU/7hEHLzWD13VNJIBTmX2tJ3Oi8KHKyPlzx1+q2lqgIQdx9doDnL3cNlHlc3STr4EJ/BXIbrAcAkwDqOPZIyNo4/QExi/FxQ5YfHWODywrd+Cy2wmdItDy6YnBO3OCvK9mbOoKpIGHmFyA8bsUw+TYQJqyxHRMpOKCjjQiHUhglKWYYSdpMCEDvhUnN7QtgaMJyu6Ll7M33zyk88q3bF3XAkdzx/at6x5c2rF4/6K21h3LOtpv6+xYeNuKZUv2bt285pE7btv8oX37dt67Ap+e4lV7049feS87deYSXivxZZzuRagU12j2e1kZpz+nMqjRGgxU7KdSh1t/8BKbSgs8BCFpHRP5LB2wUSe5R3Fyz5VL55hsOHzut34za8VWUB68TLFx0AAFszWY5+SxBG5fNDCwqY0hzTiXUGw/ROaObdAmxqgmJnKwSYs3Kck6DV0/18nYc1FYmnB+I8wxLEcsHGWkBTMyH0QSMhWY6zNdrBLI0DazL2KCEEQFUCFjNCSpAaYWPh801G1xBqcnPMVRjNvraeMhnXMbkfgCzPTQDgBcAMjEozzgwskgpF2qETEbQELkacOIi0kkDIKr/Q+cpCCSQMR8rghCQCqGZUvbs8P4opzPc6NhcXsnZjEv61VzozJmgo/bDTXDC9q8Nd9lkK+9t2zbkr138P1sqM4elFwrefTIcW0v1Lowf+YXIs3thnbdtgMHW/Rhl47GlxfMRHnLMrlUav3WXfD30jtephonX8n6B/r6OHs5XFh7ydZEseZlMjmR2cuayvCMhJZZEy1g+kzWp5ohTHNz37ljL71blj5pB3Nu9rJchTOTLw+SNbTUeiIAs04Qjc3xeEVu2xNBRoDVWX8JPN6RfwCPxQr2tQwuxB4Ug+nK5q42Twpl4lig/ppg/4nBLy6x/LzYAGqSAq+TOIvHLsqtq4JTtQMt9tpQDJA5mRREvNuPTZZxekM7ZjS5R9yVK9ezN15/F87mYZ6M0dQ6f9681SuXLVm9qrNz9SocMLlkUSe+NJ1/oety0xtvH2t6853jOP6xB6/ZR1AXZkHQDjVIMSMDoE8qDUsrGJgzS9KcpxkjiF8JZWtdJJV0FMaApKwBjDj+cj2WxtYa+LK+8X377j1wILv7Hi7dTQJtkB3QRt2MiCYshtQSAwpthABQhkWxPIE3gkVLIBPmCrKkugcQ5s+SlT6QkRyBNI43CKVEgYHGJYsjYHMan2kzKr+6NMSB1O1xjOkB0kWFemFWIOb5Q2NlPuzAGsldTqwXMZE3JJxAzCbKMDk+iC/ckrKdLqYc51J4DxlyiHIctIGKf2QJCOsCGSMlQ94QnsmlRX41lchFaRYg0FuRxbwiBA+WtScZbp+jQWK2gCLIYCO1+gMRkYhaMIvJrXpOn+ZLjMYCHZhFbUtw/Cq+SnfPujFR0851/NhJnfCzcXM+i8ePefZg/8uj+IKcJ+7UCvwi/bVX38wWwklbh+2O0tC+pE2O5h04w5z1d/nS5WwIM8GzKXALpI3bd2O3iwVTMmt4aPCZkZGhUxSitlOYvWSvFz/usRZIh1PN3No6+p/QIi1fyxi2z/HCRGjGk9EoHk9YMzZcf7nMP2kHc272slyFM5OPba6GeOBqtbYAU2eZ47UNUfp6PPyZLjiaOdZmxtfj2v8y+zh6wPl8UCiE1LkwAARk7FDvkM1Q9cneN4eYPHyCTCLpch5KCZoUR/GiCmrC40dOyrKLEsxYKGXrgZ3MHkbk+GzHsoALIOLm4Ui1RXQ2OzqxphAnc1wfyM6cv5IdO34+e+/ImezwkbPZiVOXstNnL2eXr/TiT9gREwURVlaLKdt0BqgyUuImBnxeqpTf6yYSO3X01nKMpUwbpXFYVTkpMAS7PwHuMMS9PVemtP7yyc9+Gl+YLnU1iqnbrSnXsQhU0EgReWkjKzExO8qTHOBVjsDBtKSEe8mqMX1FCdEaEZsOT1KU5KSAYL3sIQHEWbthhoE1zCt/vJq+qAcQhSAzwoNZUa7TVZW4wG72ERT4o8NpBkR4LjcoDvLLcFqvmdEiWaBOIugrltvywQzgMG+TCzdG5PPaKdKztiyU2qeDA7aQTW2ICCaECBwWeT27TSIP/IJpPLc+iI5nDKTxrtXFIibFiuUdWD7ThYMaam9iHmWMkWCfwpNqbtYG7GOYUoXibCTrLZ3J5Ik7++7Zm9GR5H6YtcII9gk9/N7R7Ag2a1+3bi1O4CluUM4v1bfv3Jo9+IH75IQuwgxnH46HHKizGXwtHTMFW7NhU9aG/n0qAd8snB240fstyqg9e6nX42zxE529ZHOrCt6WqxABcCtfj5sJTYs3fPIPnz/7k68Wpvkn5WDOzV7Wu73TC5++1+PoLdVcJ/Z6HB7S5soovyCPPbhShRZPlKOJKA8sAe0o99+cJWcu1pkNR6YpDhApiQvwWDhpyakKuBycp3LHSma7kTlBkoIwygs0XKvJwaGFWxwhzZM6AhJxJBR/MUcsIfwx8tiyfnUekQSgw4wj8Lkcl0mwo1xYBBER6ijQSD0uCUZcvdcuYT3WYCJh4kmeMfz4E09pDdB4HWFBqtdFAeiZ/N6SzEjNavkHJGOWOGdJymVAI2Bp+c+dCSt94HfeJLYygD4qciQ4CzabVMOa1AIkGE6YwVkmKwtRUXxeAGL1Ly1YRIs7F8ANw4Vzm5hx4njbCbB27/qcPCd2wRbneM+70DIdbBVxsVyiEtx0ux6CCrLBxtLK5kQF7TQ6YSGuyBhJk0QtObQjVINMsj+WcV+L4gwnQusuzXSmw1hJHHLL4WS+/762OBRPIxeeEDOME25m23pMluX48ZPZ1SvXdIa4t3OuQeVJPivx2vwE8PVmIfkFOTdT77rYLVp+lZ4GyuMG6ztxPvkDOJ2HX7BvxppNvo5fhN08WjGLSCeJa8Brrf1MZU1HunPZimzFug1TFVXBm5//F/2EPp+3Nhj2vdTaS58FsHas5trY7KVa4FjG+v0ai2aGcU0t188fPvP+S9dSPZNyMNet3f8Abv6uVMBcevproHpgq9IRu9YEA9jUXo9XRobvR2e+zmTmXTOVVSl0YE4WTSkMIuQFrZN5HImThIk0TQU6ghzAmMHIAEfCpqwAdCJR1LkYI21yESJExga2FBrSjFy0x+JOETlfnjITrHuxGZNcEHBlwjCy1pZKWY5h0pkZe5o0NUL5BoAksgedPVe7tA6zBve4oA888ggW/OfHyZUZ2PlNqAN0o4JN/hw4L8EMIkORPW/QUi0A7937WNUj2ZDrql2W6zF4dR0THswJ4kkjLlzCHzJOYIiSgQAGsVG60wdR5u44M+kNEdCafSSMebI63A2zeitgEmG5vHJJSOTl04weKpJaqhz0orRizo2irPCTJRDM+yrbosEpK9sK8iWzxUM55Mc/v2/iFIPxpCKlN+CKMiGcNrhl0keZkibVajxYSWT3gNcmnJGNo2YHBnHSVeNLSaiBb0X6+/r04Y9pnD1XzlTyS/Cdu7bqtblbtmr1Snwpvhd7U57WjKbDyzG3G/opjqbuwhfqbW1tWefSjjKJ8jwicuWqFVjruUmv0u+5767sgYf2Zx969KFs+/bN+MjoiD5Aqsk8RWDbks5s3ZZt1sinIGtkeOjVocHBNyhCs5f+alwA9j7yMjlCzejsJdXZs87ULQyV5gtnj71U+Atswg4mHvCmv/oPX/tVVFY43eUWFuTnXLUPrLWKyftQCw4Y27FQaGxOw95c7lfAG03yepwM4MI6TW6wnn0EmUWUJHGMJNPFCWAoqnKwxwFNHnbNbgVjpT2OdHmCIvizEjDNXKLdkSmhBJcMcby484tJy69xkCKJwLTX8JErwGMVRFVA0LvxQkUGF2ZyUmleHsWOSPQJVM5DXFRZpSPBuCdFIS5b9JaJsp2FgMR8sl+5dL6gYTKZjz3+CQwkxdfjtfmp2Oq5qq7LDKgL0qR0rB7+3LH0vMos0YGAUZDHIlstSrORJnjKl+MkwYHJmUPWI5JY8ASdEj5iZpdrdaznY1sTHbBJLHmBoVxeWUyl/qNTRH1gEi3zJYuMlgQBwYgMCkyYDGUpl8EEggWJAFOUZ0XGtst/afCc225xUb1YRGjUZRmpSPLn9uaayEMzRUu7mKA4ExkIU4NNC3nEp4uR8aMWL6frohj1rNIfiAFM2MS8etXS7H0skWn0CEkJgY52LCe5cZ3rtesf7WjW3vzr1StXs7feOIhX3qvxXOevkHniztLODqxLf2dcoy7i7PDXX3sre/ONd+BID2YdeMtBp3IioQM6eKrQRM47n4i8lIbb0q3HH8NcfzmVgKeod+DG9b9DA6n+sMdmLyF+WtZelptgldm3/vV4MKnSdAMn+hxMDZywg/nV73fvwW6x96XMc+npr4FpfT2uCc2xX4+H9Zd42zbaAef1YXTL6Fbtf146dr95X265EoCPQUBwkEifikKfDZqElGILwR578nPwpECLXR5lSQC5lMaFcQEYcATXDSbd5ZNMdklBXaagE3jplAGeiUxWehEI5lRG4DnETuJx8FQSiip+J82ZvTaJwS8nMHVBAm0SSjfDUF6XI6PD2gMzYZhU8pc+/SksG5iXOH7BlrpSahpZpJad4a6Pc08czeorBDeDBE4Egqg9JPKWgDoq0UkEYAZXrqgi0CdsoSVSqhlkakLOdZIhiCMlk6JOiuwwlxMtJwIhRErrj1LIJLv9giBhwyWCApUiXCTInrhgcrEeUkVBlEoX2itBeuZLN0BFBC/ZTQSvVBpyOQIwBJmSlDbgxWEsIovJSG/3zWqRYshhQXXrNycwxj/RYa/ua7gXQscygFN8gOoEBcT43wLHZCFmMk+ebPwPMlpG2e34o6z36lW9Fg7mzppoEE7hm3Ayh+AAb9m8MTpkZ/H1+MF33puwnXQUj+GEnpdefEUn9lzBxz6sYn5trqNk60ji6T7nz03t0Iey6AXYKWTjzt1a4lTGTTY/MtD/LZzSdJZ8anc+e2nOJUqohMTKySJeg5vP97hGG/GQyxutoxBbG0wANZIToanBNu0gPBotmMF8KRU8L82MlR6tVPD6dC7M3hoorK2NZhahlkNLVl8aiZgYrexhl2qvm5GPzb1IGnNMRBqkIwLgBM4+2vPqr0HqgR19+XEzVjpDHGgsJr3E8+Ky07QLTI1wJqePNJbI2ZHif9IRWFBgtKwWCyVhLJijAgUjWm1yvBSGZI5BUkTiSpHJDRA+l2C8vBp3no+2OjE5NXpKQ0JoedkVUOyUbKYczFM4ZWTTVrxKw9ZEFBuryUoY7zsNt7K7XRZ7x2h25OZGuIO8AXneyyuFaCXBY8j1BwKoUYoXhhC7OAfTUP9ghrZIP3i5yVTC5uxRDhOUFeuRKqSQsfEascshce5ABfEicWoqyduJQVk+LxshXHvJgD5ZtjpvXJMpLC6QVa5boshuZSQ/ISQUhgjkUB9wqtReCEYgvfEpl8sQ1vS4jZIHeFm3lzzcLskw9lDnMsNLY3qC+IQWENlseLMy2E8460RMTuTyDO451TFnsUAf7RSSdc2yOhxA+gDE4Ufbt29dn53BBz/Hjsm/kLZGLvyjbOOOXdmJ997FTGZj658b0TtRHk52PP/cS9l72BPzwAP7sxHkn/3+jybKXkXHLYv4+zGcTQau01y9dpXWZrZhZrGtfRGOr1wsx/KN196u4p8KgJvds65Z51MNeDX+9uDggAyMH/ZAKJqGWpC/GqcewYLzmepF+wq0KbSYRjscl6bIcWtzWD65Eic8zvve974YtwuYUG3f+8gXsG3/8LZba/6c9jo1gDZsAQ0yph2Wx6Fbd48TX49HHDoOsG4f5RmH+KdOm6LUvEmWtnOmHWdJoZ0sxoEuKoGUIMatJKmNFi4/5XEYtXNwMJ2RIiYgQmnDkywAmKgbXDrJ+ayr6oJM2qnBMBga8bIhcAZaKRCDJCErA5JYFEYmQwOFxECLGQCg84MU8tzhIWNBFfKmIdgRbSIUP/ZJJtQISRYEqEzKImWFlCwOHI2GDZs2QHxiCwWFrN9nqqJdiplM6pXkeQglc8IcUUxJHmhVBvKYQnc0PS8mJ0skmJYcYE8G2kCQ631/lZ2xQM5reg0sZisjdZIEF44RRsXbYXdA+pMyOoXauNgCR84oGWqHwPNuSScucjKRZ6jw1S/joJFnlioPhdTp8gUDDcsnFXAmFSgUdrlaShINAPYMCB10ExtCTKhkABrA6g/yAj6ShfsmR9kKYizODgmmlxywmvDQffm9AYTAcHXJpGXbJga2kyKUiULEKyDhAQ8aU4u6JAx6xGtKA7YZMKvLFpwtMop/Dz1wZ3bp0rXs2rVe2dDohY7Ppp23ZaePHMIuDo1/od6o/onwXcS+wF//2ncmQjopGmz9lh3FcZD8zWTgXpcbsB0R63rKoVK5NNDf903IwbpK9RhoQOmHPdxg3eBoV7b2kkr1aBoc7TA0WHteKYskjYRZ83o8GH+j5fIKJOP0fizhmIVrHj4wJn4OOS01MIHX4xPUg16S/WHqRJIzH4Elx1+P40FoQTpuZGYdLkiYCM+QGHQxrK68+KPB2FAhtow/S+yv1WcHQf6I5QKIyIdAcgcJgcMigxVAlkn1R0OAygVVMVGbD6e5PcFONxYIGygDuwpSEiWjvCKKOBvGrFyp7dTLMTNWLw2QrQTm9VBbqteaS2TslAHmKJoT05bglSVnTK4KNllvNKxavdrMliyVCsJZFqtZWeWFDPCgNToerltVC6NY34U6jxqMUngvr26clcjlujzGqla/Z0EB610/GCd2VQKIKSbUC5Nsu/zxbuR3RCQkS0JJv8uTDBPL+maQipB2MtkgWtNHtPSBWLUoQlzwX1/YMonnmzgWSQim8dDrR5sl1OzSkYgoMEH+I0yzlO5cyjbj59HJ/FE2WOwXeKUNQujY5s82rDVDiFYQL5WxJJBT+JGC/JLPUoR/iX1RtqRRDGlEeIleAABAAElEQVTcHmu9Ek+8CycF/itLYoZIRDhrlXVCuMmyjAGa4AXYtk1Gw+2X3A4aG8sIdMv8edmjD9+jV+a5jMZS3Idx08492cLFxS+vG5M2x5XWAOuUdTvVvS4lE+stB/uu/z3azmBt55IdnAU2bfMp670ad0q2xOqAtlYTXk05uyCjo8MrU4vGdTCffvrLLaisvSnTXPrW1AA6O+v5JqEerTTw2F/geT4Xgr28dqMnxd6X7HStI09TUURksbbPR6DKIKIMHWLr0tnPe1/PmIMAg5Nazodht8GhRuzQyOMyiXZDiBRBTJiQGleTlzPLJhlKGcCmhhb4wUO2KhU1gSA1TTIrsJFSOko14JWkO039CKlUT4tfcl2qQaI4jd6ABbAJcVraYw5HLKc0Tf6yDNt9qMogmqr4M7Ot1Co5bFFVAst/kd5tC2odznrP614SKdUcBNwkwwcm3jRnlPZUaHCSJI/0LD9lG0skJ0uuxuQTpDJZOVJ85AMNQ7S3hKBpMo80RqmU6h4pV8s4EDAlBN8mEMb64h+emmQGoX2bQGmQwnKFV9ks0+hIRafNyPkjBZhoG/M8qcnkUNaIXndSFYPbz5lsOrCUQ32Em9PKeuSdBB56CMdFJks2bJW9Ji7ItIzJFjlZ7Od0yFsZrS6UYblYIcQpIpMSgjdr83beQwBBJzIXDIBIcTE4JRjMUrwCowq3SE6jFAacZBmZkXKIhE3SyxtANxT/4HwuXbokO3DgdjJOObRgC7SNO3Zni9uXTFnWnACrAdYl65R1Ox1heHDgO8Ojo/mGoP7qm01EDqESanr19KHdBvy4rlc9ERE+22YvaRg2mZqcg3n80vd3oEYWxVLNJWZhDZjzWN+w4Jg6WTqzqZEr28HOlC2ffa/1v+YMSGbVH1Ohh3aFyApSFMCHThQEe4h9uQMYg8xonNL47EoChzPt9pXSJOGPTJExJkpw4/WrU/HZZ6kZaGecsfA+wRkYF02yfKRzicZAqRZcuuciGAkILNgvA0Tg4EBdJyIVf0ngfXMQYzcjJJlNQAnjxJPpfndUITUSanWpEstTM4dE15JiVptVXZRglgkoicrndIl9API+xXuVoGiMyTVgTX6iSmpVK65WQspygoPjupzf8yGO+gLe83nxDeHsbH/2owB3LIHFWNSED1LdVRI9aEfcEeSRpHQM5RXS0aQzaU7kKPYV5Ay1nE3FPBCAd2EUTuZwNlIhnf3wjtjkuB30JvGrBPm8l7kNKIUZEuvYZjVLlcCS6P5Ux06Zl8xqhvZBkeQySWstT4UMwZKQdWgwCHi2icDHtHgMK4QAKEnCr5lL0PkX5t6mzLEMzoAJxWSmMXKGc9eOTdnWLWFnt6Cn0Yh7627YvitbsnRZoyLm+EINsA5Zl7Zf8dSrZXR45J3Bwf7XIclejQfnUs1M4nPnkjC1GNJYIm+ikVaJElwwPi814Yad7deWgoM5rms/NFK5e7YX6RfYPu872ShjWvWhE3rq10x4PW6kWdMmTdewWccnJm/jGlbQ5m1PPNAI5XhgkWSOBhRQlssRlA0C9dMitDTYIoy6ghRwm1SDGANhsodMCMQFMmcLeSojgcmIRLl4ciqYZCaBFB5abArRCGAwB71CFXt12wgY+IzcChnSZqHJhkFufa4TKI10bhhiIXMKMwl52hElmXziAoMBYp5yDGs3SFJKNCGbq0rwE0u2pOuaghzdt8JNNlnROVF5AfM6DP1pnKAPeRbWSMY2UA5Jaq7LJYy6lKcMqwNrY8SRACHQRzkgU5sOeLfByY3F2oSnGTt/bCexnMSOEXytJOxTOwvtwZZUQiv/K2LNMgEDAUAKP/7VaOMYHTyWUDgssTY8r6WQ1g84ODnHoFlIx4Etf2Ucas7/QAVNMxzeYCbVI83ng0nCUcOSE1q7CKnBbfGYMMqmAPz3+04I8tEUkZssiVDxvaxBKmAJu4C6z+I1PRCrYLKpEP/xa4Yi2h/hoGIVSx7xqCD62k088ww49T8iBh0ciAcf2Jtdujz19Zg0jvW2bst2nB52Nrt4jh8RUeNcmHgNNGUr167Llq+ZHqefetE2uvv7+77BZGoHm6EcyMQhJCw6lymxySnwl9CTys7G2UsWAOu+Cw6m6qJeyX75l7/QCqdidz38HHz6amC89Zdo5KF7HE8n6HwgSElr8zdhdmIDutZ261HtCaIi+8Wh2CQRiEfELHGqAqoswASRhOQhsDNn8AGEaevcCSTOiS32p9I0cjiywUXYQBpE5vopNCVg3kPg8Wwa27hh5aZ9RuoWGKXbrxwJ+Ks2OyBEFS5GGIZGsTk7BVBrLL4QuOC/tDOPwMhVBZDguYWODcTChkvKIBDrsgqYcoybXoC1aLp5ugHUHfTnBhkIebtHqT6nL6ohhX4paZAs6bgx7sQxtnRCTEWmzAQr7zpY5miSpYHnPXU4KdXGgyHOznujnwhCG2QjSRnJW5InftJYqWQaYQxpW7I0ywNKKNJbcs5SIiHrwCMYmOXqIKO1lpi5HMYs4yh+2DpF6WHMYvIYP+Ytxqwm8lU/zHCOkJY/yKEMzobKo6JezG6ybxoJ8mUjZj05q8mCWK2HuqN9KhjyMtTK6Fe/Vx47vF5MUfxJB9PhH1Oso1CdiJDBDQOJYOLztHgCLWHI06Eki2QIxjQAcCQpQ3IkPE+bDg6XpovMpOMs5rwFLdnHPnIAJ9K0BmlTj+ggbcJXz/NwcthcmFgNsK5YZ9PsXF7HaT3/BQ+CPvP3DdXZCnLnUu3Cmk1qqnmaguO5CPjoclXTgxftsCY8FTur05WmFSgqqsfCmDOYF2+M3I6HekwaFzQX36oaqOVNlm0xGrRc9Iqlr8ezbKc3fW8VntdoSia0eXWwFAuiuo9AEEB81VOi3tyhRhj1UKwrlw4OUFLFnALRxm22xHQYWMTuMlI1TBeQJk8wp4sgDhr8x4CrnhOLNQARh6ylA5MJN3oHmQAQkhfAYuECrelyFo/FCiVii5Qsgg1o7KeoX3TAe7140U1OwCb2my1O7Yysy6mFJh2ZGWREozzhsk2L16xDWZcMsXpKxlThvVjGpqtAThjgfn9in57QhxtivIEv6i/VBtEyCRc3zfSBHUz2IQ0lFg1z/QUe0xgswf2D8MAFAUxBnvQAzjx+8cnGN1jmUvJ+BTw47I04nECRx2ccxMHxhDxpoXgQyS43ipZoipTw4DhRP8vFTUZkC23CkAq0ZvmonfMzUMVXxyy/+gLySC5tk4WB3mwFVnL9flj90CgLtJ/BTROdBBqCpU7xljY9TKuMiPN+iRrBS3b+9By6dOYNbtJVNbKfXIYTk+QaKSyg8wlnn2a5SMsQ1owtdhbLyfzGt16se5witE4qLMIawi233ZGdO3E06+0pnMA3KTm/CMRtSzqytZu3Tdt6S9VZpdI/2NfzlZHRio5uih/2EKlHhg1LCTUlNg3m+FW5wEmLJNholRC9Ug1cZuvsJYuCfmreRz7yr7g7/xXmx3Qe8Xfq3Mc9rKXZGdj3KaDDjmmHcbhBK2abN1wcrTg+BBhosOxqm3pM0js49NRipATg1GFb76scLqEzVsqyGimM0gABp8fJpFAa5QoUJKvTNoCxgUAlcntAl3ObTJdBjAYGygwyjNfoojIylIMLCXAfqCzLQZEplCcMpLZOKzE08ClKC5HqisbkQBv+8hK5Gbl+vpxEeYAQF0hVFWIxOTlP1W0wnmib0ZuwIEgDbiCgzCkENj27o6opk5TYKUC4MWqmdfSJJdgRSdz0ALf7wUykiDdddgQ97sgEtjzyBhL4g/gcH1JOluNDmw7Phdg5uxcal9O5VWovqpeiaMqlnZwRlL2cKURgWjOWyJJXUBJ7nnq5FlIR9ZLOYgFFy9e4XF8pJGIk3F6vOMCklzppe9NIaCt2D+FD0Ri8EsZQiqQ8S9A0j+JrasLoaVaG4Tw2a6aTf1xQBdeHyijA9eocrDIJQH4Qw1fftEfrG4WjkRZkD4kRQkQTmJNIppQlhLqYIbnHTEYCVRPyxku4njUw6lkSnTESJ3180NA3umzFAEkJyiM3n0DqppMpGygfkpGx51KKsqXLOrLHHtufPfPMTzQjLDFTvPADFa4lvHzhHF6Zn4F+Fn4ueA2w/axcuz5btjpuguKoqcWVbKj/Rt9/xUdv+qgnOpdwHtl0TDgbjz1khDGXO5dGwSvu2YRuGsoyIbpc8uxMXcsG+Zp8bAeTr8fP3RjeOjuL8PNl1XivxydeWrR9eZbJLCWZo+dYkNSEMQuvxjNbM4EnRI+N4pDhU4Mmr85YrOpWNWBogLLeNRFKPtAHSHysgjgpoMyAV+fPtOvw2GGR0hjCsGEMuEZ+Q0e9BTYqiwZ5OgFG24KQJPJ+wQZBIFQZHrvQhIEVReUUz6AsMg4PQEOb9axRG66MzSRYSTl6CZffAEnwegjaglRFNS7URkoE3i/2YTEGTL2isA1dvI6MOehRHVgpBVf5q8WHUpo9RIf+1TkTaUChLqr6X6PgtbYdrtMlej7Efl8c7QqdLNjtsmMxQkJVSV4ZgCjw656q8RuC7YeBclyWO5leZs5GcuaRgX4nHUjdffDgLTVgBAbn0qYuUcvIB5lEI6P2wpiv1fnxzuAAXoHjNJahYfyGRrCtTku2YMF87AmIGEf/zW/lEgfaDqcRdvIIPb4up8l0CJubWrKRZsiAk0kHlLAKPziiw8nX51DLP4fID044zxp05WiyLP6qXHw0kjqICIH2W/2wbgzocaSJ9x01IqTFoVoFkwwIlmzKQYLVSRpzDE1+fOpoB36SR5Ot6sUgM6Qn2BaeQ9pj1oMBNvE+2z1RCu2zKVu9enn28Ifuzn7w7KvBVnJNPdCBautclnWdPjE3mxmqk7OWqzZszrjP5bQGjKJD/X3/gA/kdK52lXOpJh4bpVpBtf4cbzgyKYRW7tnJxbN59tJLgueKe2EeZr7uDObF/tGdeIJirTjzXHzzawCdoPrNas3eK1ZjcojRoFVXycACzNsiXM2eHaZxsmN2ECEpM9PqXi1hyMBnXOi4A04RcUykATAvFWUxI51IMi7Qk18AJYKUNE2t1vUTKlVSHEg9KtgQKatFSwbKEPg41kTbALOyEUgCV+TCQ97BkpHoUt4uYViSjDBcSackhRsgMWJHKjUEaQ5oDEQziDbEAkSM5exqPKEQOXNKMpm0Vwx43A67gbQnQDRYUyh0y0iDm2ORK4v8zhZQKib7a28woQghKlSLyYyScuHU7vXl9nhMqqQcbr85M4YiiZOzXCoGLoqpTgmTY+XmFXSQSzn8ST+LgX+RAWXSH5jgp0OkmUnKlYNIPsLxJTg49JW2ZjLpQAoBHGhQN1evXMsunL2AuCfrudqDDcCvZzdu3ADX2IHO5pKOdp0V3YFtd1atWZmtXLVcjugoPmppasYPDi4dU853jsK55KDQTL3YwI6OpWby4KGNcg4HttARHcWrEfigoZmBD+Wx8lvZ/V7QOqsbsJbuj7Isplisf7B6K5aJT75k6CYAx3vBC2whKy+U4eCQCoINH8gYwX67g2QSP51ppkMZZI/k8cLaQAUhsImiENnGjavx4c8d2QsvviX4dF1sw/Bd2fUrl7MLZ07NytN/pqusY8nhhumr12/EUZsz87U9pi6/gSMy34cNaNG6q7iveO3NwNutmUYlDBbA+exl4AEc7RI0pFWI9A7wGG2/Ls5pfmbipko8wL6ug4k13HMf98zeO6q+kuahYca0m0uXEq01h7sfqi/LwyitWZDKdiMjaWjfIakcSP11k9DA2bDJOIgXPRHgEJMAyBqekVBBvNiY9tGDSfwjiI8iweWYPIUBBNTOY1ryHPMSj4tiBwCuoDwujNNQogtDi8goR4MK6ZlhcPvdWIMGuYkw1yM6MeIiywKH2c4SUadz2qANEuix+uNNjNigx0Q4lDlP57GnjDZ30kJBvDwBPeloTH7qZjAiXsPQLajDrTpAizoymoBWaSKV5KTNPaoma4nTJYwVuyyNAeX7mDJGRQGIeyJQsDe2BaLpJYa7YE0EllG2UEEQxhvdbZDC9RKeJHHWkh/agJ4f5zAmP3H6AEdyRuBcDOM87NPZmVPns67zXXAm+4GZfBgcHMq6cVILfx7mzWvJVq5ema1btyrbsn0LjvRbJCeYW77ouaatnMWstMAZg210OjW9SWsxE4qrlQ9XVIJo0BHoGWbdqTzkiQMvBPI/+esF4CgYwf+wUv0yL6i1NcrgEyWgExDGdNDrabIJHG6Z3yfiKZOxOZZSYHKdiTGI5BfADZHtqAubaW/KduzYmGHPxOwnLx9UeU3C9FzpWC1e0pldOn8mu3zxwrTLnx4rp18K78eylavxEc/6rLklaTvTp6oyOND/7eHBwTchssq5DK0KKOpmr4yr6JioXneJ9mRNk4RjBJRrQnSF52UMebcahWbf4TbUdDC/+MUvNv/9d7t2OtFcPHM1MN7rcbRRtOGJBNCxo0w/4qE3UZuf/SZGi6b16kmtOyWz/ttjA7V8eqieHSfTJTNiZ87ng0jQGJEngnNU4hOd6yrJ5SMpbsbEhZgwC5aiujwwJ65ghtHo6oSGNhZD///svQeQZtd1Jna7e3JOwATEQQ6DTIAIRGQAo0iKhFZacZUlr0pbW7u2Za8lVy237K11kMtb3rVd3pLWqxVpSRQpUiRFkRBJECQSkYmcMciYnLp7Ore/7zvn3Hff+/+/8wwGg74z/7v3nnzPDe/0fQnl4HNJJY2Dgt2qqLkjeArS8sF6mTID4KVfGmRZHuzmKTFsMZ9Gje0PG0OA0wZL5jQeyq1TmvTwD/FKMaxoYzAEbhp5rI1hpck2J9gRkPCR2kI7TSEHYU4sA0xzMn3YVZCRXidzkmXDnQDMwkXbSIzUUI+6CW5Z/0t7jFXHCGgCFHwhJ3teYjnlnBI5izEMBEali++bBJHdm4hpixXZ7Ma7LVkmjj/sEgqH4FKXw4F7+61d+rTeG6++icve+ZO/Ydqc5CMIbN9+c4d+jzz8ZNqEQHPrmaemU087OS3E7hFt4i5fD3YwLbhEO7H29LCt2PUc4+VyXlpHW7WbCVqNE+RsV/gtXqvEeris3gAOCEDAQwLznwAiq5Y247aj04vB5KpbyOH6JQ9lGs0xxE1Iqgi7WM67mKbJlAc/ZBPv8a4owir2Y7TnvLNPS0sWL0r33PO4fCbCOTowwNqAXbw1J5yY9u3akQ7s2T3nOubI1FmLYWC1ev2GtPaEjXPzucf2Fo0ODRz+W3wT/lmg2weXiis5m/nT0AQdCxFcstJMoiBQPE3scVqfeAfzW3ftOxkL2vzL1Y/p3i+Xt4kN5YxoUuDkjm+Pp+LjrDH+C9IAgZmLLqVETnm2qHq4wMXXYcSVKSRKXMgk0AS0Wudw6XJBIVsLeCk8l0OwAYJetVJPkBGmBjEL6sjF1fZQ2iSxAUCFxThJGXMoRi1EiyhEB545f/VElirRzzxBs9+dnnY7kTIzQCys16UGxBl0ggURgzEHiXGaB6oM9shzS6gDKeqBrzhcmdO5A4E2yqBnu5WQMUCJxLEQcOahx4CoNwFOXwUmRhl9VsoWpikgdDs86LOaXHALQE+Q2YlWoL8ogn0oy3Hggzn6ZjgQmI/4gQb3QPKLOgwqFWAikHwVAeVTTzyb9u/TA62u4ChksOftN3fq98gDj6dzLzgrnXP+WWnxosWwbwSXz7vSAtDwnkz6g/da6p7Hblw2xtga4+VlzS/eo4k2wSHZb/JX02nWJgVpkFcmc7v5kJ1bdQ/nRUUbJeK141rM75BrqrlmgRpGkTZPLSiVOMJQDtqwhTjyKQgNAhLhDwf1MfpNO5nY2T0NL2FfsnhhuvPOR/AHgV1KDzlzkfNy8QlbTknrTtysQHP/7l0YM3OvZy5sna4M7piv2XCCAsu5+hpPexvGh3BZ/Osjw8OvEF9eFtcQyIGlCuxxjolGcKlBRhTHomhsp9NAOrY5YDw6bRtkAXq37F7K5PHqEjn/6GxJm069/EoAT2lBzAPm3AN5LHaWzKWrTF7Hos7VskqK8HDq4ogNOFZ4Lumo1y+PE/Z+6D6xZK/KLIEkpKAgTZwKDrYi4GIqj0ZTMIuidiC5yxLc2AsSC6aidcxVjrygjCJF8Bdiw7KoN5AloXNSEhUUVYI8EWzI0CP/G1ZI+sioDBjkgIURkZNAZdI3eAoDSky0RzkRpayQUugP3gYZKJnqAvBXezrcP7PA5dobb0gL8aQr7eIANL12pO4yqU4bUWjxlQiBM9aolVXAiKxaRFH6AS7tIZdkmAWEMcVyX7hH8OpgcmlTe7ucMhRmRrUINdNjvCjjPwMQSYVyzkBNTkVX9geC/aEAft+ljHdQ8is89slGBpmj6dWXX0t3//in6YXnX04DA4NZ8ztR4M7mDuygvvDsS2kEQe/6DWssmPT251ZzZ7DmS3oCqegfBflyn+Gafg9Xl3nZj/KteRiCWYOHvTvIwxQyHZytJK36w6hQtbkcfAWhtUP0Mp9ChTb9xqcglTTSa8qpU5Sorli+PG3ZvD699vpO+O3IBH8MQJbhoZfVCMgW9PTo/kw+rPVuTLzXdB0eatp02ta0YtXq+q0Uc9wgnAP7Bg/3fQXvi53kgZ6JgksaZf1emZd3LitQo4TxGUOzgalX31XBpZm+6Pqr/pu7nnrqr9q/4xJ/fW21SVNv6HztWPUAzlw8b9Uuj9PWtrucmgmYWKeSgouiLczlWCcJ6opNbamMXR8uzKI3KaTC1KpGixZVnVHJTw1GwZJL5XpuKAIjVWRa1KVD/EZQnjwK0uDO8jit/dSOUtZYnXzIUchV2dtClPF4VtAVRWcHk4DQhvZmD+SzFGS0MlGBwaWzpSK0WV3JtHoIo16WTYBKASLcT4AVhURmUwouQ2SMV2ec0QMmPUTUa24xbKRtSlFwn7HFFRIUWYAXvH3RmTG6g0xjOQRkB6Dg8uU2ig0GswJHWA5g84+9GkzCw2BnbMpxBXoAR1JBj2vE6kmOEW6R5Ry7k6BhQEk2fsqRfHzymy8350M7Dz/waNrx9m5XduxkvG/z8Z89rUv1l191STrl1JPxwA/uvcQT5Lh9U7uWWItwnxx2+eLeTOz38FVHDKi5w2nnVjgQiwG9St/rSXOU6VZ3Zdt+iS7WQlK4JfcrBJZ9xzJTyKRJLFOvUJq/preSLRYdZCF4sCFpaDCJV/Vi7ECO2oVc7QKeT9jzYam169ekWz98dfrBHQ+m3t7+Svgcl3oQXPKJc/4G+vvSwX170qF9+/BmgCNzO8Vcmd/TsyCtXLs2rVq7Pi1ZtnyuxE4oB2Nu/+GB/r+Cc3QDsnYu/WEeDhG71ZJnq0mDSw4HJcjM5QB5XsswJpt0NXxU3oXBpUx/q/8O3oe5r2UHk68n6h0evxVI+Hg+HWkPtI7HSiNw7frAYVrYAm8rnu1eUgDg5MXSaNMEoLyziWB0bCPqV3FxbZkOWT1Fcw4wt8Q5Aa2qZF5UeQolVEfOG1by9DH6kBW1Go0xm5LGMeuh/MzsKlAvQE1Ott5sIm/wh10ElGWjqMvoLFzUxs6TitsRMsVXMIsgiFxFJ9qaBebXykyri8QdYz4P2ZXOmvhCZSU+KBJ2VbCD2TfDHczrb8B9UbGD6X6GEpNe2UO9ZS1O+rInOtYbajgf0iWf6EAkf1Ke/ZPgqjkusgEglCAZoYMVAaJa/grvQgUDQgCLlG2W/hBmsoKM8znTMeCAZMn36694eRCU4eI3L4ErqERgiYd67HvgI/rSzuM/eyr99J6HUu+hvhB7TOYMNF95+fW0d8/+tBFPn3Mn2y7+895GJFwuNx/CDwAYDHA4JPuIZER6YrmctwFnTpzhCyhh4AgJeT0NgPMZP2XI/SaAdgRCEMhR9IkKET4AyGN0CEEIJi1xbg9hskv0otQfnSLGekgL+X8RLpVvPW0TPit5CEHm5E/4U81sEi+fL8cO4Drcu7hk6TLZMYJAk+PuWEg9eE3WylVr9B7LjafgYTKUafPRSLj1ZPtQf+/X4Au9wX5ug8u8e6mh0mwPxkpbeJOOdY6rd2MaGh5/9u3tD+5vecjnrb6hU/HqiXdnq95lPcH7q2aWOvNx2csyI0Atdzapc3wcbwggGU+GRu1raWb1ZdTrnA884YZolk2TpKBsC78tpjpBULCmkSjEX8kMXAFukrHeSGFj2GwkwUhis9PYpFzFfMICKFPkQsGWYblgotocScEk7d7+LFxIHNzQKugAdTSiVEGYaEugyS+PbAeT2q0i+sEMcKBTQ175YEoptSqbLDFG0dmnk5lNPMUjRdv41ASSQ4GTxW69UBo/BkXd+WQb/CCZqEQ/G0dFZ72IeqzTeVwaZfiJCmNcSrkrjOU/6BQAiFWtoGDZZ9KqYw5eop2B8r4LMOlY5nkEcaTax7kzjl09IhRYYh5yR5NrgF0eH039fX3p3rseSLt37Q3J74r8jdfeTN/55t50zQ1Xps1b8MJrPF1ufTScuhl0ygl44pxvesF9itoQAqwbDwkpFDVnOQ+97+MFcPZfnGTD/+5uEoon95p8bveClv3NMvvau9/loz8AMLgISKYUD/1AMfoIfFxuY9sTPNrJ9HtOnUVyuNsUNoqI34OnUgaZbDf+L1m6JPGzko8/+WJ6/PEXK/oQdCRytGP56jX6UTweZkn9vYf0O9zbe9R2N7lLuXTFirQMXyjib9GSd+AxDwy5kaHhu4cG+u+DK9TlUw0uW7smFiAIqjo+yGI4RX3a+bt195INxdzWk+QtAWZXz4JTsSJM2xnzDEfXA1h0uXRVSfdYVlWs5GWFOwta6gTs6jodZ7kavnOlzTyhJIjD8mkzFHUvSQzRVQH8WYQYM0oWBY55MEYOkM1bnmTEhnqVGywEEG6nplJUoVyMhWgTFMcaU0EVxVKN85gHzI9hV6WkMrjWVTIawkp5Ii0BYRTJTA59zRRU8jdkcYkTLBDuKHIRFGDylolw81YJnUFZSmAl9bru0Gonb/NSq+RoUYUxN5jFlJfX7NymaI35JA+GaGWmA94amGWU8rSXT7UagGFtYX7Ik++9bST3To7+jLrskG45w8yiCaqaIXwghomXwfVtccy/0RFeFucO5kh648230gP3PJwGB/XJY9G+mw58TdIdt9+VLrz4vHTJZRfCg2g3Ak22m0EmL5kzUNOXfvgydgRjPM1oM4e+o7OQy6fevS1+zg4BAWm8PwJs3UnN9DlIAFDJ4wCWQ6YIAChFaD4I4AYAL5gmmSpmJmyPNyCYvaSi7XbvKWXzk5q62kqjIFOvdZLRqCJCvXjbWenEE9amu+95DK+YOrr31jKw428NXvnDxIBzaHAQvwF8vmZAOcszvYeTl+kXLV6i38IllvO+ynckoFQL7YC+6h0+fPhbIyPDrwPC4YC/ddC5U70sTob8xLgPKoAgV7IozZPXo1rlGH8dcRUVp0eWVYLfNWV872gFjW0JMAE77V3TihkaetEFp6++7TM3btt04tp1+/f3Hvr7Hz38LH5vzVDcEWHDmPVVria+DQx0LbGi87bAtdYtwQ7KibHQcm5wfS/WeK6HjRRqiUBZGRZNV8M54xjkxsyl3WDk5c/gVRlLsoMCI6VRCRYYpmLAKQnlsJc8xFsKrdRdQgNOWpadBwWVK9LCTGKYSqRB4hgtjLrZFNKdn8CWBBgb36KCtC1AWRBQimJZlHCEwV2HAUlisRN3jsJ/gjofysYR/I6cQUb9WYoZE8KlJUB10abdeqLCRJ9ZM7LUfDJXp1Ofj9nMaeKIyCArSJJ8YNI41qHVyaq1PgQ02N27cf4o50wLpf9RHhZYGzgBu7BDieCSfcVgkjuWfM8lL4sj6OIT4y88/xLut3wM+OBuSn931Gn/E7g38xBe8n7NB96XEi538oXsPMmM44lgunOc787ETqb6EL5hi/WeTJbBb/3DHLuB7n9m4Xt6oumnmGLhPgQNWhLJLz4qEREL5FcGKvxDR3kVuQhJYUDiULQVSJwuLzgIU0+zgGTtCVvFG2uji6aObj5/DLZNmzakT378uvSTux9Lb7+D99pGwGltqI68b1PvYsWY5R9BHLu8nWOM4xmpu3sB+hJvB0Aw1I3dSb5JoAc34XKn8lhLuNf5Zb6GCA/O6QZYBZY08hgMLo81383EnuHRLt1IWxsJV/zO/7Nw7LlHt8xE4LuF5xO3Xn3y7/76J27t6cHsQDrlpBPSRRduPff8c0699//4D9947Gi140hcHq/ZHtFf8/J4GjsXiypWOFvxbHHmIom5xsWwXDuzQF8dcx2FZvwLElGZKErT0iuWMpgygI75AB6RNNX4SYHgSDohOCCXwW8ngqD09oDJIDjR4J+dQGhZlXK5zuoEGVsxBV0lQvIILk+asi0wRKotBVNTjuo4SGWhl3LFZrCqFUYqHFF0APtEZTJ4mSiruRzi5i5RHZOd9K3GvrSUC6pWJ95qp4cI9g5TlqVaVQ/fZWnwpbXJIXksej18bWd4c4BrqI9v0xjjwtVmS0p7NH7AbG0oMcZFuOa0drcQQCK2pE/kF+Q6OfMEHSdpBpt4EvvJJ55JTz72TKX6OCi9giffuRN7w03XYNdqMe7xxTsyF9B3WHLhF3YPv18OL3EHCT7BUWuP+ZX4cjcwxk24xuod1iryQqbmCcaF9XeMMOsTygkZLPN9o0zUbrrBj0quE0lBJOPgBlL9ijxGIklcGchMngTgQDmywIyxjS6RjKfF8M+HbnlfeuKpF9NjuGTOAO5YSQwUj8VgcXr+6cJLMg7fMzw4+FN1Aw5HMLjsaBrGmw+KjiQZ8W7fvVRD8FID5rV92IXPPX0SZkINllt9HBRWrFi64Nf/4UdujuCybNKtt7zv/dsu3LqmhB2rZQxWrlm1xGWJS58BbZGKul8eN9R4OkMFIC0oMLAdjb1VOrExPyKv+BTLFhaRgots/BN3zK9MV8khirUaSkIcIQE80Gat78rLMm0mSyFF+iuIYYOKtYDUlQciBAaV59lISrYUFNItPFpOIA/MYVyLr2lwOFo0LoyZMbNQAK1oJ0/DZKzoqThDXIbxCCMaowjKptoWZVMBeOfFabS0gf3PTqWewjLzh8PMBrZK1KKjfUyZT35ELQBeNy6AUddPUqiQtPhJEJmaqcSRFnj9yEsmA9TECAYMgZlBCky34PACAkfxkYb/o56DS3v9EHeEHn348eMuuAxP80XtP7j9Tl1u5aXW0WHufqHtcI52cBHU6UXy8JHeAwpn2a277MuQYjlHBv8x5b4mH+rqLZTJoyklMh1iNIivPGiskkQ/nPBwf6WWVAgzTpOX9QroyBgfqFI3+ZiThDt4NEIQAPVOUKOytjmOdjJQJR1pyLPtgjPTJz9xXVqEQHw+zY0HcKXupf7Dvf/vpMFlDzuDCxlDH+Y4oktZU5raZXGStu08jJG2cBN+fB7RYt1gW9vBHBwf3nx8Ntda9b5Lz1m/fNliRdbNduKm1O4brr7o5CeefHl/E3e061hEuQRNIYFOkSXuJs/JeVv/EMZtQ8DhU7lc2G1hLNkwB7gAFqAsslYgAeeLEwY91WJUFRinKeaWsxppMJpwR9VEG8aPBbmd5CtbaXOcYCRALqgsCQtMhGmiI5SsavwEVGzeRKczajs6TwmKsuxoyobQUgrt1wmNTCGrRW8gQ3KVm7SGTOmAMMhR80VuwmlTGBDqiGZ5tkl+RAeo56kHqbrH0ermVBwdnxWjnv1gnMGQSWhlxWcCst2OqGS4giDI+rzArBjgWa5rDbuD3c810G+QgjU4gLO+1JgEmWTiwLp2NJXbuy35cI++1INAiy9Nf+6ZF3N757KwZOnidPHF56cNG9alNevWpJV4D+NCPMG8EE/78/2VfPqb79Tcu/dA2rdnX3rmmReOyINF/PzknT+8J938oQ+krkW+U4mn6PkNcz74091jO71juMzaxTUJu5oa1XKi/VGm1xzFgIZ/q76OURUw+jx3ixc4LpliDFlfMcilHOvPqm/RPU7tw8TXEdJJdjzoA6HixUHjHvL54A93ZE0AGfifhIS4DtXJw1kDHNvrRvOWgFUr8U14XFh87NEn04knn4UnqhebvPnjdD1wcOhw/x241/I5MKpT2u5aUqqiyCqwJIi9J7BfPjeaKkhEn0mmM5OFyWFWmenxuNi9VOPHWy+RY4Jv5qWd4zWtWrF0wncgLFuK73odhaQTz/T12CrVgQ+ju8LHGbGk5erZNX467v1aouVN04ELLWYGmbViEmhi7JIV4YavRAWNBABZqY1STD+doCXbllTJAFE1VUOqy3QBxLv0IDBDMtQIsx5QyfygZqBLvVEnHj+TyWOcGFCC/QZxImQ1NS1IEiBVAq0ukMnNevwEJR+5IyWubqzJkhTjrPSjbgxZR1Wo2lDB3HQ0XmxARO6nNJ3Q2NeEB67kn26ZMuRs5tnhXkBGS6ibSbQky4XC93UKrxlfbABQElNmj3IMBPdryM90gRd3MLlt6hdHZAarB1tTfzbAC5rPkKMeEVN4m5fE+VAPvKDgkq+IGU0vvfhKeuKxp8KaOc9v+eD16ZJLz+8gtwpatmzB28qQLrtiW/p3//Y/dqCfHZgvZr/3Jw+k6256fxqBf/m+zAUaFziF45I5Py2pu3hYhZ94PyY+RCml3p15wLB7YiyFVRrL3lE2OkjEknUmS/R/mUwu1wij09oHEgazih1QrnGQH0zEiRZ9Sks4kM0e4hUvYqoXdFlI0HOE4PYQVOMtD7TARAFHBACHDuxOfYf2pfWbTsNXbE6CTvNH2Yb5cjsP4I7m4ZGHhg/334OH9vPTcm2DS7o0Jna1ItH9EwaXldZan+ServBWwnjpiGvSHj/BJVo2Pt56iRzOxTsmjt/0wCPP78Ia0TGEfvLZ7TuO7dbr3jWtSaWd9QZZzZYq/VVd0Y+ls8UHiAG5yHKeocYC/zMvkuELQC6G2IqeC7YWbaLwU4aDUQRd5EZj4kiJxRrKtPga0AVEhXykiyNLJiubj2qYT1gpoOImnJg4NfAkYYm84g+AEYYapyqykg5gBlNVgnzg5VtvGwENlopcJWDD0CBUQ0q5ZfuNKEhNvwnAoipC8wPEBpEDolqX3DBnKlX2GWWGIvKEI4nDP9ol2xwedV4+ltcAjxM72y+8eGkdfjSWKlDmj/8ja+dRylIw4PTG5S2mDbKVUCQFCyxQqCWSBJk1yw0IxQ06WqZWkg//+AUee2E65QDCS8P68VviO9ND9z8aqo5IfvIp07sQtWLF8rQOO51HKr2y/fX06ENPKLhmsMeAXD7mH73ymdeFY/cQWMFoFyBKNjbcr/QtBXliST/BvQyY5oJ6G70UOBBm3koEqBA4aGD4eGGFRfBxnEsdBwULnFTkJRwZc5Iy149lpJgfzE0+ciMkVngGl8SKFjnH0K43X0qvPPtw6j2wR3LmD509gPn1wmB//58ODvTfGcElA0sFl9yJ7PgwD9+dxV6w3lTY2GHnknQYM6CfDy7piwlTV+MezNtu++Ii/LW9YUKmdznyrR17Bn58z2OPtGvGy9vffvXv/v4BfS6qHf5owTB+tfRMrg90Oj9PcHm8esBHl8ch+3TK5RyxdTFUoaZF0RdDVx7rpBZVh1lGbklA7jJCFPNYeFmkaKd2rUAHMJhAICqr86hSqUZlHkwzcy7IShTnRebUaTaLyWhwNP2sBtyZnII1QYiOxHKQZXguVLigL3L5GYboxER4dkbBX9DnItFBoobQgAoYKKO3k1uYaDlbCir+zzqzdOEoI3gqzAxKcHjYoxMkpVKwfsSZHZmoUEF6mmfWhhQSUAZxPOmyDfYLVgYgsTEg+YEIQg4C2UX9KAfc6eQTlqmStCwU6iWzYGuxjzgy5NyZoYeqOC0lEhW9hgiBFAOrgf7D6X68iijrJ90cp0W4CLMeX42Zbtq42V5ZM12+qdI/9fiz6fXX37JgmwGmgnA+Uc93gzKYtIAy5PFRAPqJ/uSPvZSTrx8WjGWoCiVMZOQHxuAsVanqeuthEar3bOypTn6sZ8HpQ8vHjcuCgZLPMYddUIYf/MU9mdiWzfaTjjtVpGLZNidZ7hG92Um5bHFXGhzoS2+8/ETa/uxD6dD+nUTMp8oDGEYjzwwcPvyfBvp7v46n3vnZKwWVZWDJaaofX0yg+y0ZVPLHESJPa9eyOwJRdWCMHlOGsahUBJfkFb9R1I/ox464OiUk8t7d4y3h+bUvfvGL9iQ127b9wE67XnK8NbTRnv/p3/7lgwcPHR645YZLL+P9mINDw0OPPv7is3/07796f4P0WKrW1tcJDesQoELAGiyjqyteW7w5vTBztJxhlbMyckuWc65wkW9NBVBF0DuIIkpQSKQMlrmkSw2JDEBUTlwRKEBZOxrARCMyq0gnechUJvK3KBHQqWRNphC76y/FiCADyO+K2tAqeArpblOcKK1tBJIgmEOW52w8VSixEHAH1TKeAK0PM6V3gKQLiJIM8BzluExXEzXNCsdODA6Tly3I8OjoOM3SViaNO9hpNdS9lJdmmkqYEzTtDc485NlYJO6E11K7AREkNVoDys7AU5CXA2TnDlhGXvczL4UTr/ubEaTo5ekMmhBM2bfFR9J99z6Eex8HaqbNdWXjxhNmJHLzphPT00/ylrUjl+6768G09lMfTCtwryGHs17HjgOfIrf3Y2IM41wLt8Gt9CY7lH6mTegV71/WyhTjSDAQR5Cm/glCwLs51pBLXMALmQGnHpu/lQ1hC5k1f8VnzLLP9TJ0tHeqA8eGIEkWSZ2Gf3SEjeYFo9M4hnCRitO4eRw83Jve3P40nsrfntZtPC2tXoM/CDo5JPMetwVsWI48NTw0cN/YiD7zqK5TUMkmxw4kixxAivZjVVFF9MKBRuEdeVSQAOFZYsKY8XomqOGNqjq+54NLd8W3HnpzSX7IZ3ykB9dV7P1WlauOz9L/9SfffIK/DevXLN69Z/9RfcvtDO+/7NgRXJow2rkmIflClesGxQrOHZRztTJynnER8wWcyy0XO84hCsnlgPkiFmtZTDWX7Bk5fc55UTXXw7L4gGNQwLotoyrInvq1cdiiVbxAuXhwmCoZZEAt4ASjSnAzZ8OsfTSOiW218MQgVY112YeD8gCIDwfVcWBepgZdnMYCnP1GoUxhfxhrUJcfFdJ5WXQsh8RAOB5w9SWqZr9bAD3qcp3sCt4me4iZwzxOorE+e5eagdQD2+QO90nQ10wATu0Jf5HNneJsEGMlG8E1bquE8yWjcmlVckmmqBKQ+wYI8jpZ8LHKUw7zcd5L6F9rGRul71H3S+Ocl889/ULa+fauSvYRKm3ePLMAc9MM+abTjEE8WHTf3Q+mmz9yfeoaVSjG7RuMT7yEnW/LRD/yjgUGgkwaL+gDjovsfuAdDR/bPOZwiDL7wrnFJznR/8LFCmQKRG8MzidhRIqfYzeGAQNAkQYANDQyAldW0euZjzuYfHiJ/7LRMB7htNYj8dHAqPNJISmgHpSR7MiSGcmXor/9yjNpz1vb8b3xU9LqtRvxsBRD9fdEGhodGXlyZGjgfux852/b5sCSLvDgUr0Y8aAWCFZ8oWAJrg20eKpKdjn6PpdtplNB0SWq1g8YqwVPHdesHZc7l0Ujl471LM4BJgKfI3uNpFB8rBSPdnA5u3Zb8GgysKopsmxzeTyUFJfHCcKwP8NGPqaWZh+hvkADwUXcphMXSMepQC4CJpo3BY3IqAA/ZspNZlNCnBQ07wsRlT4stIA3+WidoM5T4rX2EwsgzY8cRU9WKnlMA+E6FcBso9ExCA1tMgwterO1EB30DqpXUZNR5IIuIs3ZTo0sM7hC0ZCuIqlKgQyInTzDVOWmpBDg2CAK1hnmFJOTdKHmwGiKrCzbGeUWeuMI/8f6rnrQQjyHFFNNt+rGz1FdpqiFPSE/nK1ZgIFmAQSoKkKIYQUSAoYad6DMNpfM4B1G4QU8gPuDPQgsRvHjpfHeQ/3pqcePzrsuN26e2YWoTTPkK/08lfLbb+5Mr770Wjr9zNN0zu7CpfJxbFvGzi9O9vI13R0vYKdc7hC3+wPEZmxdc4yb6LSW4eZ9GW8NyEMrBgrExRiRThIED1VBIHtbNOBhH4dtFl54nXzAE0bRYzKEAArxRF4RQYXoAsmcOEuuHhWDYPcu7Xz9ed2nuXLNhrRq7aa0fOX0b41w8cdyhsvgo9vHRoafGhoawRb76HAY2y6wJA4eKnYtI3K0ngl8QKvgssKTBmPIXZ4pBeahU8IYqLqpE9F7CD7Y11UFmJhs62ISvYd8cEw1FWM61pPSrgzDAM7lkqBWLuJQnAZFj52UxQBvJLeveYprOBvyAi1SX+wokMg28yVkkKSeYm4VJgYIhJqurj9WTVJSvzggWCrrQlULiRJXyBRjOyYTbDpdXpBlfS16SsHe/KBxeaoGmRld+CmIhAjOljyWLSLEEQBU1DdlF+cylOYGoJBVSIJLalEllgpqfWsP1pAPP/Yv5c4ikb1FRLTJ5cpca1xdkxAEecH54sRvp/GKJcZqDMvWS+YVLY1qrvfZrPCrG64qxr9GIGAEm80sZCNRkVBECl7EjhMuDqjCjJSs87I4AybtYmJ37md43+XwCO41PAppCy51zyQtxmuM1uJBn31798+EfVo8jzz4WNpy8ua0uHsJgi5eLuYPIsZ4H6J9r53vh+RyqD6GP7UbqJ6Bf21Zq3dNYQFjAy6Vtlzm3gQFy0jAWfxApT4vhKgOGmsiNzmi97HAcWI2mDyBQ43L1qhxehsZ0AO7JJdqsixaYDYIJMawIyrEW/IWUIAAvJf14N4dqXf/HrzmaENaiiBz6arV+IjSEud4d2bY8NqFoPLJkeHhp/DAUx9akZs+tcCS7WZwGKuFPFbftQySgoYg9LXrOnLB5fG+e0k/ji1YuCjvYGKOr889SOx8mnMPzPXlcRqIPou1hzOjKof1XJxT19lYFBeI2ClEqrlHQCxgWjpNqK92nGt2og7RrJvwmIahyqFeBZGJhjwu0lyUgcpg6uQ/BxrKeMXHQ4cUcjuQyGZXFDaGzWJpM9BDlKHMNmqXdWFi8JX6xRjcyKMYtN4EgimVSWX5FaWQDWjYKKJM6AX2VaYFjA3zPsr0KphHQxtZ4gRmMODNgGwrFnDeJlK9v6YucNJa3M5QtZ1aoc2aa2azqd4ZDq7kCsBxZZg4CVe5kXK0MAW8OnUYPvSJykhB6wWQ5FIMCmOTfSyGfPNtIOlnL6PAwJEWCMg+RHmMl8YRdeodl4DRjjEElvwqy9t4Tc/rr70ZAo5YvhgP91x+xUVp7Qwe8Amjbrr5mnTnHffi/ZhHNsjs7x9Ij+OTkpdfeTECR1wypq/gNK4R7AN2D8cKvdyNExPHOf0cN8mp3DJZinER44j9g77I447dpK6jLvYRKwYStw+gUnSUOTa5i1omBr+Bh4Eum+ZKKeqGp1iqIjzuD86SSBtyiZegUgvLFM5UjebMHziQ8NOOvft367cQ3wJfsnxlWrx0RVqI747H3DI5x+QRX04dexOfoXx1eHjoBexa8omm3MxaUEnz291nKThXhdbAkqgcLk7vfkuyZjtYaSb4dkJ8k/69EFyqzWNjePMuEp8gf2HnjpVNR8zXjxUPaJukbgwugdehVsNIj9Uo02OBO8NOjL58cTqICgcv55M2FzwkWxCLeeOLcbWiGo7kgRKjDpQBvBZsUxCxr04OBhKNY/MMloXk45wlMgxEyaVWKKIjZZmgg1GySfxGEDbKXoAoq0xBykXIlvEQaHnJn42lgCDLQJccxrqSkB8sskBAaEN7w/+Vf122GECofnEpzHIDahVSu58qmWaK8YpNjTEBhA4e7u9HNuMAkzqZ4kQetuVlN5zuPjJLvEnOpz4LH7YSmPwYE972TCYsBeHHvvc6yVRjAcA4PTu7sCL1zs18Wb4VIigwIegp0gtll8DFRxj+8/UyDETsNUVjuDT+tFRM9/DRj9+cTjxxQ3rhuZfTU089n/bvz7ec1UQtWbxY3/2+7PKLEnchZ5POO/+sdO55Z6Vn8eL1n/z4px1fvs5g9uyzz0jnXnBWWoZPHf7NN76XDuL749NJLzz7Yjp/27lpOe5T1J/A6Fvdx+pznzvB+OKa9xsk08m4/UDjhL5nPfoJZU0PgJiI4gKQ1wHWkbybc5DHtYbzTjuLPr/IY8Q4osi+Drp8r6VRGJnrUQVtEK1sEzOlC6UdWWkzs2NMyVYE2bLXaZUJUSgyBQ4IqWArScJ2wIYHB/Q7lHbJD4uWLEuLli1XwLkIwWfNYaWMo1fGNBl7G4Hkq2NDw6+OjI7gDS7jfAik1qRaYFkElTSTXstRo4K8CCHzyiOagOagtAJkXejnXC5C0QLW6hiMlQnxrRyQfDw+Md6uoYSNjVuAuX3XznWdaObhR8cDGN+2EtXVZRgGs5dBV48sweG8AVfwaTDJHU+ncDr6Gpo1cEoRRsExU2yeGW3gM0OY4ABWy2mZ6SQtpDK3xPloS6MfqVRoW8JViTkbBhkBCI04SwvxLjuTkTLzWvui3jBfXgt1IcZYTZdZaxrdzMpRTf2lASGshSYQdZ+TlXaox+R00kmjMYThBUiITGtkcayab36NOms5sQh+wgYHB/KSm/FTLcDofEnbGuANoatMs53A2UbTH/SOLjQZPpobdlcEwLvdhFV0rofI6GwnICb6OELPOD1XdRJTnunP5xqrGtIIvAyvQWg1ZfloB3cyCYMJ2pHqSjt37uoYpFVCW0tXXX15uuzybUKcdPKmdOMt12gn9Omnn0vPPPUCgs2Dwm0949T0iU99KK1cqY9mtAqaAYQuYKB59jlnpLvu/Gm6776H0a6xxNcfneNB5Zm4f1LBn8v/zM9/LH3pz742re9oj+CWgWefek7t5MvXx7GLSX/Sjwq+POhiJ7Mb2CfsH9oX/RddbTAbGmYSOqHRd+QNGdG/5KN07WRSGGVTDwtFkk2E8T+Y2M/ktYQCBxkPKoZuETuOWdhPfVioIYDtNDFoPxd1GUQIeSU085uuOBoXazGGxRNoISoatmnwcJ9+h9JO3W6wcv3Gu5csXTGAWw/W8YcFYB2inyOzyTQ2dgit24tbR/TDH1978bDOG5gocT+lN9YaUAsq1RZ7V6WK4ZFYsWYZWFIm/OP6Qyih7NDOCeNgQnw7zvdUcEkHjCULMDGw18PL7XwyD5sjD7wjl8ex6mAanIw9lWVcNK2LfQFFd8ciqRMl5wsDAM0bO1HGokU+ozU4F1nDVQtt6/ApxxPL1B+Lni32WkeB0aIOmbGQx2JsU5w8xl/NecBCfBNd1sFZprAx2k3SaIfRhR7WQgFLlc8yRaBLfTWkSTe5rceK3Xwhnwa/kDi4oeEfs9VtC1pVg7YEttNJvLcYztCYSHjRx+gY3hszw4Rm5vU5muyOtnFS4elH9nnbBB5Zr3HgFM0OEwVwLsM4WDVA1AXx8USW1ns1zQ/ZjjwuHR4DxPVnNLfVIhGnn7VPz/ngwPsvdXkcO5nPIICabtqCgPKmW65tYeNT3vzdfMt16S08KLP/wMF0PgLBydLOHXvS3n3708EDh9KhQ31p8aJFafmKpWk5Ph+55aQTE1+y3i4xgGRge/Z5Z+ghpTPPPDX1LGj/tLKC4JuuSXf84O52ojrCnn/2pXTBheemxQvsiz5crHg/Jt5ViG6z3WFW9Qoj72V1idYq9DK6nT0W60ruVcB1VYDy8C+PT9FmKtQ4bkCDYFY0RMW4YTE6XnpMFhXq++HiRAUGGRk0oRpDB2jZJhUs+1hhPT8lTyIkBdQlo0F1lFCWaFvbxDZYsvkctYKhIZtjdHigf2d3d8/zoC4FLOzp7lmHp9IRbPasRLi1CA3CRz67F+GPwkVo90JIXQRx+uIdmjQE5iEEzMPw1RB6bAgNHUKXDeGvjUPYnUQgqad9EwAAQABJREFUObwXDo5AksYVhoWt8EluqMOK3UroMJ6I/3JwlwFZZtAKEzKCrKmDxuTBkYloQJbn1tSy+eCy5o6Ole7usR5dIh/pSus7Us0jjkkPFKc62Gc1zIpqsXCrcco7OxpAJJdJJs6gGjFXSfvvOKezFV08JODSbylyr3bM2tBRNPTZaQRl1KvgoLBLJoA/ixCjNLmICpdpTJ6IcLD1A7oki3XDMDdYnTE0ODklhCjlFRzVICaGZBmZCxWsLoYcIKcHvO9KP4vdZQAegZqY2h1E2kYBaKO/o9+aVP19h3HtdXwW899PvLSrIbzWp+hv7lyyzUGXdzKd1ZpRCIlOo+xIQIc/Qn6cIwIuUviN/wSTbwGlAop3uVmTFIvLDkEvBmMjQhLVH3Yyyi8HxwlbD/aQBkK5w9V78FDiZxKnk5bgcvNnPvPR1MPduwnS5i0nJv46pbfwtaAn8a3zZ/FqpMkuXW/GC9bPOmdruvSyC9sGm/E5yU66An71NZenV/HFnhfxGcyppmF8E/2ll15BkHkO3hkDn/KJcjCPodwNR2q8oK+sy8wn7GuOIXZh7r9CYR4yjPaQ2GfejQUVhwDksrM8aVySNmDS6+PHabgzrfHksmlRkJOkkmYlk2nwcmySR3a6DcRpN5N5i7HW7hwbVUrcKsucquCOGV+3TNRSznciKUVOQ4fw+p+3+XNciPXqlLNKpr1JvsbYEkwGNgJCr0O5yYnYrxZYeic0aEUacoJPNHV69H1lY77OXnRh2NTI0VcFXwPZofqe27l0P4x2LbAAM42MrSlGZgc3zYOPlAcw1ttNZIfpvqMKz3ikegURK4aLiLO4PI4zHdDjW7loxclcf9ljHmkhw1ThbNF6440jhsCg5+osvGi5wFKkL7TUrrLJiIWznLomNsyXNsnnghnN5px1DHKWqDVgwWuSiHEBrWtuoEyAk9mSXdrUtLPSEFqpu4QGXN6QhcLKJ9b2sM7NB9DaYfZmbK0QLQygzJehKhm47JxM6PgWFQVfzX5zRbCTzSj5dZmDs3r5Lfsw+ozyebLMa7fbp/FHjzZps/20hjYGQFUArJ5dgKrkB12QO0GTvz7GoQPyjN/km1aU2VeS5Xa43DiXuBkk1C8HlqojuNT4hXYGSP57+aVXTck0jh/75AfxAu2ZX6Xcv/9QuuP7d6VncA/lVBODUf7uwxeGrrzyknT1dVfgXk5tUE1VRKb75Kc/kv7kP3w59fbylt6ppVfgJ973mbrpR4wd6yaNIfVGMR/YLew/JgNbWZ1HOLsx953I7EA4/gWv8bNOQfiFTFYpQGKFkLyKzuX4kkuK4CWhTBC7rZnSCWHUq1cZkd5T2FnuZmoJjyYFYc4dEeuKlGckCsCHAQ6uRFmpYuGti/4ZxVKEl9kTXqxY2tBNBuoYSJIxgsCGECg2nREcxiTMQWA4wBiDPsiz3ApQawP6t6hnIgor4A2jvIp+nJSmyfleDS7pB7xmzAJMXCJYWfN700vz9Vl5YO4uj+eJz9kQiwBXxapcWYqrSz04W41O6f7avK5Sks8jFrlIGq5SoQVX89EW0jBFgWLbKUhgxS8TmyaDRFSZTOGBSDNrlp2JMp4ma+kgKuhkKFtQpXINzmXwWBuDsiEfEmhNSCqxudyWNWOr5gddZZKaR7DJNx7ZFhgi1ZaCqSlHdRzEXuiVXPK53NwKQcbx8utVhdRpF23NDdnhR9cfZrit1R8trsbHQKw91uPwQpPd+Qku3zkYgWFW43TRiKwv9KPtZVKfw68aN0Cwh5Wyr63O3qeN1EOIBSoo6e832IunyIm3y+M4PQP1+iuvm6wpHk/feko677wzp0jdSnbfvQ+nH//oPvv0Yit6Usjw8HC6554H0yOPPpk++/MfTaedfvKkPE2CZcuWpBtuvDp9529/2ER1rO/ZvS8dwOV+viJpDLtd3LnkTiauxmIccEZY7/KdmHrSHJIIZfJlyqYG/e+0QpYHiIj5W6wq6if2ZR5/TqdAj/Klp8C7fGniGKGtlMyiqFkPOwBUzeTELaUCRlyj8QMISSGE4NI+0bYcTG5uvLmioqIxkWRfVEyN1UJGdW+j4L5xMWFgWImbeqlDMEkBsMRaED4RMHo2gFGvVAZfUEwWWJIT/Vx4K3MKVUluX5oPLtv7ZSIo9rfskSZMiZn/2TyRhnncLD0QS10hRjuURT0usZbrR6BHh8+LYixcXLRZ5jIYSyGneLku2RmeC6stREFPWTFFmdfmqxQ5vWWh2vOY25FXaOkpeEgR9jFnUk6aTFfJ4fLDWkYZAw00RNSRE6QTAlFFWTDS1aSAAJJNLstMlhvGIC3KRQIu5UYffDXxBbsV4WkpQ2ulAAfmALb4moTxE40LY2bMLBRAK1rvG2ZwcPAg/vhZ2kI0bQD1WI8pl36UkOsnrB+MVAYYByxCO3Sipww2y80OUrpEbnE6YybWfBBysj+AsWSclM3EcSyXgNVNdA8ZwPTZaCcHfWX+4tFYKYeXSi2YRE5WXSlg8Ev6lHbv3J36+g6TdMrppptb77ucCjNf5s6Ajvc/6rveU2GagOYwvpf+F3/+N+nBBx6bgKoz6qJLLkjr163tTNAGsx2Xye0WA77qiQ/7IJj0XOOe44h86j76PnoFUMLYByLQQRoEQ8ngAoGUvUhYSQdZMf4oB3hS8Uct1Ey+4AXYyiAUHwEsO9zCRNchODAc1EHjY5EmqGiKhLeHwyhwKsk0to75gpcK2v1I0tWt99vTsvzr6sG74HtwyQyB5xz8KEu/UgeeZ+IrTvXr4R4IZnt8Hzx06jvhDH65EuhO2GwjX8PPH78bnr8d3gNaxov8K8R5wgvo65x4p2f1Y4/kX5C35OhjbKzHitSCbgvgruWxsHN57VUXbPgX/+wfvO+XPnfTzP9ybdvCqQHHukftW+TYLF8Z94JNjXWeaq48gNHPlWKGyXkjDi0vneOkh7XljGItlQ4q084OpyKXRQEAU51I/Nwi7Uii4st7gLVAc3G15LmvmBns2NbMFYa0EMOmYB4X6sEatHUpRhqMhsuUdQEVY0EOn0t22MrczQccOLm1EsQSk4kwTfmEY9W2/jMG4zIJfnSeGswr1g8WqMg+moN/pRTaX/nfravMDUMhMRSV3JRn8P6+Xn4Yu/g+fTuLJobJleGgIIX4GDMGMgKZiEaZ/2md2VWjFSkwVYdUsqSsaJ7XpSM6kRU5joVKL2utiYYaTYWLeuVzTlGzGTgzGeQsxBYUg0vg+JAP3n254+0dlbgplLh7OdE9lZ1EUOXXv/K36fkXXu5EMiM439/599+7M3FX85prr5iWjG5s1b0fPN/59venzPfWGzvTJZdZV/BUjv86aAyw9+lqAPOY9z7Q+BHcVFU9ZnXjCZykWgX8NqdMUH0+Wc+SmuGIuhVGUbcNFRutGmJuWNhFPOHRhtBILWYb1mSU9fMxauMcQCTSYARJj6MNMZWjGCiZKTRbreUoIwHlAo9oTak4D0FKJSDOLU42aVbbGCyoW4K0kpAea01hR0nZulNJvlZ+9GkhsyaBDAWO1daEPp2UppULY8b27Nqhjirspg9csvH3/+ltn8YtGBoUZ249acP/+Edf/unRNGIB/gTovummLy5AcDkHuxhH0/RjQ9f7rzh//W984aPnXXjeabM6SbdpjQYF4RgfudyGDlNFq1xG+f0zZOKfgPi+fJXshO7ikEWgaYst6IjiD4xaWFnRNCMngx77p7LTkEBzWWaS2ISE1ZED4SlomFOIZURm9QQLRdnEcOkl1lJVCoiIsgAtDQSVv4LfCF0HaKijZicEkLVMlU5iKl+Q0CACm2gC+GOKPOt3QCXQ6HCMNhqFtV2WEEADYWjzZCiFxJUNIL2E4BB51hKFrjQw0D/rd1+atFDoeaMaGmmL9SfNrftQdtInhV/YVrUXQ1z7GC4oxLPKcm67+6ES46VgaORRpQhLdYjVKIN/rKknRMYS20E8NtPww6zDH3RGnxKf3J5OutRfSTQdHtLe+aN75zy4LG340Q/vSc/hSe/ppgu2nZP4fs6ppv37DqQhfKectxLFK4O0psjH3vd0LpLgzOVtgawv5HwycK2ofs5mhDpyltm/kCUw+TB+bFy6XGa6ti2xqJi0aqq5dGbS6yTYnuviD1XCzVbahECnvlxXYxek0m9cVZsoY9opZkDkbQRgB9NOEQy+8IvdQ+UY7Bzw/MUO41Tz4Mu574YqXHddOjVBtgJD5pZgLb2jn3YpzbK6bSEi81b8lII+VTKJmdiqQJMkKp1y9MOkNO14j5XgkrZ98IZLz47gkvVLLzrzHOZHO3WPLJ9/wfpMnP7Lt33wrC/+iy987rZPX3/j//LF3/6Fj9x8xZZ2cub0/kv8Nck/KDH6uXIg2Z+XVd2ghsHT4+Pjbd+8XC471SVzTU5OUEl3BVkTF8kSZmVASc4KC/zPvEgZX8CsGNIqetspApyoyJAbRdAhZ9FpKlmwD8q4NARlnSaYjNX4jJL2y3zyOrOdRColDjY2qedJiroqv4QMIYLSiKImzlwhrkh2IgoAT3a01QTEjl6DJYg9B5aGkigIrSE1OqJGxkYHRodH5uDjxTYGwm+mCEaEfgHcIMHMwOY4KQ3kmCzPw1ann+1f0OY+cceHTPqR/3KnypFQ7maYY1mhhCwlV4PfyF1WZnd6sQYvkCjy4R/u+jFgmmrS+yXPnf4VrOfwAvZ7735wqmpmTPfNb9w+7S/7LMTrjPgS9qkm9tsO3FbApK5kns/x8SezI0XEMmnRN2RoJJNhYabRmVwji94FHzvYUyUF4wzjhT8lILgrS2n838IkMGVWKdtFOR6gGjuoKDYPbuciTPpKKSZPbWkFV8qKksRQVAGzYolpYuno5o97E/xFgDbdPPiZN2XnjqWdOaBkudRSC3jrCJdZbyR8rmTQYMg04Kl1UUaUBQaWx0NwyTbt2o3XWBTp0MG+Wr1AHbEi1sOu7sODi+bvv5yBiz90k7YdNFu7e7q6P/7hqy6YgZgJWCx47EyQVykjaVwex/fHJ1jhtVwWC5EFSXb6Bo7TMVIuE26LE2ayZmtehElLFH4ljGsmfzV5khvz3ZmCP3LowTvU0sDhw+kQHgA4sHdv2rN7V9q14+208+23sEP0JvI30y789uzakfbt2yO6vr4+neCz1FKNytYYO9JcUpp9Wt9RDnvN5hAgMlJ6IeDGH9ia3gCSNMiCPcspcEFf5OZnC6zESqMoq9WhBRfx/iNUtGLKQKIHDh20t3WTZjZJhpkAqjLToK+A1w0qlJGGPP5PPJIhoLW1NN3pY5yKnuIIRyIpDQgbnJxA+2VAvZ71k1+JkjjeKYu09TmBGkD+xx13L10nihine7UTZ3ImP/IP0AMdvtLTiRvvLU0/uP3HndBzCmfAfAd2MqeT+Jqm6QTZlL1rxy7bBeYL1zH3uTVcvbievo6BYEX2GUExbynDksFtELDvJkhYZ2ysGA37gvXod8qWVorBjmROrJPObQh41MnDn2hkukaMyCSbCCatp5m6tnYaQXU0u8DirBWmfSmkRl6nMutwpAX5V6dhrV1wOBVYG0mFHuosdygVDtZ2UBGYRowot5c667LhTyWDBlOm8Z7K9Y6FmQaWFHgs7VxGA//4S3/3xLPPv/7i2Oj42N69h/b8uz/+5o8Dd7Ry7OKPLxgfGl5us+FoqT0+9AwMDA6VLek/PMjvOc9F0uynIAz6XO4o2M5zQvvf+k7aja/3xMLcyh3BFea6rXPIeRmSi6Rw1NxczKo/PoW0xY6LdMWjcjbbzOcVh/YLY6UAr/vGJdsBBJX9aWgIl8t4kplh4ouQFy5ajK+PLEnLli1NPQvx2pVme6Ba67t00D60GjS0M5sf+mVmGwGBr7wml6nVTXLSChFMFOqANrTsA6kFlShBI9tYFz2gYg9mVQrjgQ8BlVWhnH52hgyaswLHAFP2Y+Vo14FxSWTDgmyumNlejKsshM1xCs/EjnJTvMHJ6+qyopqGQOY8sHbvH8DBz+vgSBzl3jSzhBElAQqGeHl3TC80F/EUDyPDI+nP/tNX0+du+2Q6+ZRNU+J69JEn89d8yHDF+y5KJ+CzkmG//F9VssxoBQE02/rJCeHE6DfOvR/h8nuk5555Mb2G76mfckrbizRBphzrYvr6176TXsE7MaeTDuzvlX5dxQCjrMK6YbMAHcHgT1/8qVYuyhdddIr3V+4/RSkTWCH51EA9nP8mwHJKRp0gc5Z2I+kjUrtm2Zx5jb0aN65aYMg2UZAbdMRTttddo3N1znJzSzkkrwa8yS1ENElbQjGj5Yie06T4sCmRwWQztRDWTjY1avRBg7+FuYGvsdcq6Osp09YYUTkWA8uwsb9/YPSf/cH//X20D9Oh6a+gOrL5SNfY+AJ8CXYJXgpxZDUdh9L/5Evfve+//ae/sG7FiqXL9+4/tP+Pv/TdR5rNnOzyOPp9io4HHWc+dikxGyqe9vwYUKM8E6zQ6pupOY9yJZtqyx6XS/vHupZQnnDwT4stWI0b/LQAOJuXFQ3HMHm5xqmMQuRUFmtfOdT51OTh/t7Uj51HBpVzlXiiHxw8rN+hg/vSggUL01J8uWTZshUINhd4Y+gLtopeYTtot9nZzIG2trCgRGorx9EkUJKLB4moAmCMxsZuN8agdngQkZfcFdj8RqHOKIeyjl84t2QQtwtgWXQs0NKx0cHBoek96kvWDsksNVtLkgpelYSnvQEiIJrkzEIV+CiWzSSp+cSYrA+dEplczDlD2S7fKHF0Mo1tVYMvIzIpCw6FHAaUBpAXVQQAc4LzgWp68bWc6aZ+PLn951/66/SxT3wwbbv43AnZ2Wa+TqhMZ5x1ejoLv7lKw/hjrwwwKZeX40/5xZ+bUMWevQfS1/7iW2nP3n0T0rVD9h46hB1M7yi0ke3UD8TRfZYTYRLiC015XDjc+hzUEGBDzTkpEICQx6r6ziGxXjFnMrkh1OyI9dAe16F86uHfGHq3pPiyApMinMmiTNceYlllGXBbgU3EVI5uZnvS0BPYFmLcg9km0FOoVl4NC/6Z5G3kS0xLPEgoTyydE/qkgW8rpEHTWR4x6Itp0ZfSjuXgsrSz1W8l9siWu3EiXjDa1bPEdrqOrLLjTfqDjzy39xd/6998+eSTNix75dUd0z+rTOiQqfwdaTSYIbFeZoldY11n834wYTgvtdi0kGV6BZKo8aSsMgqceTppuwKJIJBCRccyT6pW4cIZS4Ctbb74uiRbRcmD+/9GRvClk4MILvvAM5W2Gt9MjyMjw7iEvh+/A2npsmVp+cpV2N3EQwjWSGUhW+5CJdwWOVrpqSplASEIefiNxKKUz7xSliXNDVC5QeOwYAkSCQVQpyOxl/aAKjMQjopoUCzI4HfcJDg+pfejZr0dChwBodTKhSrotnFhRtm4ADX+sLATrQiCHaYaHUWGJ3leEa2jaEaca0wGdHjQHfWQ42DgjTlEhCtCjs0PCHZEhlMZklroMmgi5fBHeOCkE2OZX/CZScL3OtO3vnm7LrHzE42d0ltv7YCO3k7oIwbf/vJr+INtGC9hb3tbt3Ys/xo7lwOHZ/aHYi9e6zQ2NoK+7VFA1gN/67U9FvHA0Rjx2kmGx3lfI5L6NQaVAOwPrkMxEjlWREgsEvi8/1QzMQCRCMnrViFvMU4JDF7QiRRLl3HakebRnBiPJsdtIa/L98ztJIMJZxZj2HinfmQ7Y9y2lVH6iWLp17YxGpHYYZztstxRNuVPLbBDe8yxZFFqK7RBE7Sdc/hn2jyltHdLcFna/E6Uu7sXjGEHc3zJbMfSO2H8saAT750bn+PgMtYeLjS5HG2t+smXqgDgL858eZyXktL46eIppxHnqkQSWBdd/E0fqpAXdCAPduWUQJioeGSBMrmYmmyjd5wI8Mp3nEQPItDr72U8Xsc5yRHOuGPapx8vn69euy4tjMvnpWZritocYFpr4OrkFZAqD2prnXkiMxoymi0kDhJcSTdZlZxmiX4N6bLHAGIzn2etgEUZTFkFvt7T119+G7ipYnp1KpVNYRfyrBcoGdVJJNsfhpGvQWcNkgwLHAyfp4brjQDBTuzZGJ3GbKZQsMHJS5uyjEJtPp+5HXksO2/oYZW0NE+zLaQD0IfdyNkk7k7uxg7gp/BVnEXcbW+kF5/f3oAcnSrv+3z++ZfTNjwh3kyPPPxEuv17d2JfPBakJsUU6vAdvwC0Bt9KZ2Jv8Y8oOpl7g/Q13wCjII4V0jReCWPdZjjhwal+Br36XVydD9HfJUUeEwRi7GgkuX57wtz0xbhyq0FcH2OCyw5vG2X5OKM4KzugNGAG5ZrNMruT3AkCLbwmcwaqC5YJZBdUZRF2V51XItpHwh1oa4y1CvqoLc/ll5y97spLz9mEBx/H7r3/mTefenZ7x/vT54PLmksnrOC9wKMLsEBiB3M+zbUHJrs8PnV9mOhct5uXLTpcHsfnMJZhnp4g+VwitE7ECsb5Nfm6oSfL81REATK0AFIMBeMg9ZqvUuJSeUogPRdM02NLBu9NO4DLh5i3ndYQyp1GWrd2WVq90k5GZBsYHsUn76a+ezQ0OKCHhJYtX5lWrVmbunF/VyRb56zNYW6cDNQqtK9K1k47qulA4eTiHiFp4SZjI7EQRBIU3MijWNNhYEo16iJICjnAhY20X/4nueRQLgpOOzhweIUEzckBtrjNZZslOuyQDVTvBdCz7GyVFY52owEnBYD87/ZXJ3Jis2JTR0JPhit4AVc/hF52bIh3x+Ux63LCXuZmr+njLRjGa21QHfKond/Xnm3iPY8/XHZX+ujHb2oR9cr211pgRwvwKr5O1AwwX3nljfTd79wxJyYMwXfRp/QlvSsP0+3oIz70Q78Txr6KnWkp9z4kn9GohOVG1Lbs2AAg2lNVIsB6kOwVPMZb5KRzVdkO8boeAEFgugln3S0xqcKzEQbVmAN9KV98c3iw9awSKJ1VtUOpbEQHklmCYZc5oUVOtRY3UB3oG1SNKtrbke9/+INfve7Ky8/dFiyf/9QNY7ff+fCD//v/+dXaLW/zgWV4aOp5z/jI6AK8m2vJ7PfDp650ntI8gLlVrWI1p0xlF8BoMGuwAo9WcrB7iQvQ5/lqhUWMKJ9bMZdFTVjFFuq5sOpECj47oVfz0tYCLuy2Ntoiy4qJyotzLPSAs8hAbj+e8ubDDDNJZ25dn666/OR02iknpmUrVqfR8UVpYLAnDY202s8NjWWLR9PCnmGc6HvTG2/uSo8+/kZ6+GdvdlTdj7c3DBzuS2vWbUhLcPmcyRZ7a2cwZvdVTQ6Ucmu/fcdDJ8VwjOclv0DBnbsifO3tYhagetHBbghq8XCWRMLpdgIBcwwxKle/jKfhwcFD+ONnDt8cYUbqpByNjLZBZ9GEasQ5kJn52mV404NduYhQ8jzGGXHGBRkiRN0B5jpUUMhjGqV49Y1ON8CZW6wgVjIyZcHgIRHr/IExzokk5Wyz9zYSzX9daWR0ZuMcomppAV710y4danOP5x0/uCfde+9D7cgF+9SnPpLWNL5x/tW//HY63Om+59FwQF3kwQOtf8At6GlvZ51zajXeysIdYXyWXP7m6KGfNYqss1SjNPaDjXPWLIXV6kb1l/V/4CFOKehY4bSg6CgzL+vR36avwolBNonTbakriLEadoZc7Mcaez5ynDVsFW66B7bcbZiAlW3B7QZKJRnslOtK2FyUqWhiOR0DSrJNwtteMpoyKd/v/santpXBJSXh+dDuW2++/KpXX92x92vf+skrhM0Hl/TC9NNIT88QXrI+v4M5fdcdEY48udtN9LzmRtRAgCcsypkXcesZtkIShDmmLMqeB6PmLmFVUqAAkCiZM9gUmoELCi6SIC2KQSsawkhttPv37Ut93LWcZrr+mtPTNVedhYDyhHSgz+754p1dg5Pcesb4uvcwT3j84RL4hg3pxpvPTx//GBCje9JDD7+YvnvHC1hcC+eBkrvNe3fvhL6VumxurQcCSU02B1j7DawjvV4tY6SUe/xIv/EEaXDiwn8sm2CV/FDRZShBrjvDCuqMAh3t0ChQp5CokBfnDYDw9Z5+IOcswDSd1A0DCpWyIM4rDrdwoSKLEzBpmYI85GRxahNqucFGH84PvpbzI32S+6AKSEKv9V3UTL/JMNqmOllOo7CTRhyL7F8GRUx8E4LdJ6jqrA5LlrZ/UXm7T1Du3rVnQl1D9RdeiPb1N97GrSLTu5x/CA/iNNOSpXN3AWwY92bLpzhEX9Kz6n56GnDWm+FI1ReFdRSEVPWu9ZdBpcCxTmgIR1t/mlwGfz4eAKBdtXhJsKCnLGqsxlpNrKuKezVB5voaeck07XKzPaGkKYhe5K9aC9GuTsRN5lnUm73XImrWNqCPpiTj+qu3nd+i3QEfvPGy87/+t3e/0gk/D5/cA3iMbHAB3va+SH+FT04/TzFFD7xTl8exPDCyOlmrdF4rbNHT8howrUGcg83FqGyg8/lcVaCpaYvFk3woB3e+XO4R1xh2cfbu2Y3dy6nf8L961eL0i5+7HJ/MO11BJS80HpijR6f6BrionZDOu+iE9L6rrkyH9r2evvSV+3GvW/0E2997SDuu60/YlHpiB0luMF9l93nDLROBO670qZwluE447rNMEehgL/OWM4+LL7KKvToBii3kqINYQVfBcDth4+s9h/ur+woKeTMu0imh09RF3Jf/7KmWe7M6bGfEEOw1/UGQGSE4YNHI0FkwlsEEwTlIiY7zXKyUF4G3Czd4VkTH2a9GBxgJwRP/Yj6M4h2Oc5UWt/kSzigCWL6XctpJ9k6bq4XhcH/rfO700E8L8xQAo8PxbLZ7l+sJu4PT14tsinqIB2+XshhIgOuPHqGdQAwEeB1F9q2qyLWiAUURTJmMsoh1gGXOZ6Q6ig/8ccm+i5dSnNcIXA4q0kUgdWVzRCwcUXObspIOYicN+DrwzQrM1s9ZmmpA2VS4etXyli/wRV+vX7tyDj5C0dT43qrj/stB3oPZeif5e8sPR721OOF3mPXVX5OdjTIazNAWGbjV4QysXPXHPPOq6XM6pjbzFgmtWoOcGJJzgWQSe8mv4JL3oA3ppehTfY/l2tVL02//2rWpe/GWNDjUNWdBpYxsc+AOZ9eS09Jv/uapqXt0Z/rjP70r7dpTRbIjOIHv3vFWWn/ixrRg4UKcdMxRaioO4U7mccKp1CjUqJ87VKsoaiUKDQebGkcXjo1i0BUCqC1ubwk7hRaPM8LQOGEi8B/EE/xzv3DWbEeTSptRzvXcutK2IKYrrJGxyMcAtbaFv11I+KNiz54J/oqvTiRzYZTwRIX9yMNX7GipICA6nRpIozlQyaQc/nq65+5y8eBA7TW7ahv/6FmIMTntIFMNkYhZHZbinbLNNDQwg4C3KcTrCxb2mKtpL38eWNLf6ibACK4874yRCWm0AWIe4yFg0cfqVq/UuphykIiiNAWZzB1uWMPLIAKAs9cmsWAA42XVGHkM3aIQwHhZjwCV5aOUzLCJlXV0dwe2qcjswDp1MPp01nr2Hejdt2H9qg2htRwnu/bg/XbzaVYe6Fk0PNSNQT13q+KszHlPM086iTGbKpqIQxv3X6Ivz+Ss08wDdT6xc1WrIUAkGIDNVbPoBi6Q8Y+XQPmjEbbgmiJbpCnP7rfcvXPnlF6SvmhRd/onv/2B9Lv/+HNpuOskBZeF6iNeHBrGbt7YxvTbv/XZ9Du/djXuvan+kh/FDuxufDFoCC9+Z8OszXSVPCuXZffVLOXJiClOKYakBELCbxlL95OECvhjIkDAXBC43cHkBLPZKePEigPt1RnNhON9o/yGYWhqJ3KGMIgMc8s8NMGO2umAdrltJOclZuZNGRG4ceHnT6JF6MSUL6DnBCNl8WiqfA+A+q6gpUZhMUkkHzXOl4LEZQGidji97CA34CI2PD8JyB8/KzgX6TC+YtUurVo1Z3c3tBM/IWzFiuUt+P7DnCNzkxYsWCCXyt9wo/qHFbqabiaMVfqdyTua1QAFjHnAYxxZr+EIhGRAFjk5smx0sV7pYdn6GdisgFBLkoNi2GWCUXfh5BWOLSm+BCQ+yGP7QEIJorODyT7ix7LBEyujhdP5TSxtFljMU33KkfksxGTW2+94+HFWNP/ZUUX6zu33C1eA5ovT9MDg2NggLpPP4Z/d0zRgnrzVAxjs9ZGuVxAVdI3dT7//Ujy4t+c0FkJAnoa+4EmKgKTAHA1CIkQjihkd+FnHPbt2QkxEv53FXHvVqekPfv8X0sLlZ6TDg1Vg15ljahg+Zbpnz3799u3jezYnP/lR//I156Qv/uFtadsFJ2ZFfDJ4D+7LHMaDENVq5icCp8o9BT8aTVCWjiWxBSchXCeWkBFAsvJH1syeCw14MFkeVDoZOrNs0wFCvW/xiqYgrQuYZY162w6f3CaczQrNCuRQFx99IzocaC9+VUBgLom6/ANbFSyynVJK5mYyxSE/Y2lD8Ys/mkI+bwPhLxJLuIVIaqhqFAfeP0ch7NGc5GcTvaDnyF4QWrlqBi8AKEzNNs+gsHp1u+C2nf9nIBwsC/Bapip2CL9DPu33Nrj7fSgYsBx7pTUM9ERR8LezjPyidLqQJzgFYoB6F2f2+jJtdgQy72RCu8mmEMoIOpfnC7SNP5KU1oe0924Of+WAkuW59sSXvvL95+748c8ehNvzSWtkZGzkr79194+/+8MHOj8ZOteGHKfyVo5sGVyAfuM7befTHHlgsvsvsZjEKjOJRtDlYR+kxovuapUxnjZihVpFSnYnCUgtQgC0+0iEkAJYRYSoa/ETEvDWxKBIJ2wuthDMMhPh3OnbtwffEp5kIPXgVUD/5e/dlMYWnDynl8Iff/z59MyzL6W3396jJ/7wbXjcSzmk15qsXr0inbH1lHTxxWendes6Xx3ef2hx+uQnPpIuu+ip9Gd/+bDaxoeBGDRvOHGTvgZEZ7KJdFU0Nco5J5H7JvLwnYQKR/8xwZcSimKTTQIJjz7xvKSjCCSTxRKkyTb0joaKYww4iifIW+45ItfsEhW2+sRk0lgkOc2KVi/KRDuZ7fwAEHUni/Y5OEOtLwIKqiwok3jBMyeNvgsk3cMU4zdOZU1xNkdIh4lpytXwsICGL1y0MA3N5D5JM0HHbRefl2750AcKSFU8/bST0vaXX60AUymFA6dCOwHN6VtPbsGefMrm9OnP3pq+/a3vJ94jOpu0CO+k9RmBYQ+j/RI518EuzGnNBW9Lnh4oqL+K7s822LjHsCh7qOjnGGjSSnhFF91LWRovXPecPo+TkC8CDQUQu3yay4ofs00o8FO2TBxHkur2xZoq5HvwcCSCyHZuLJ8K/1///V899NVv3/XMlZeeuxHvaR695/6ndry1Y8/kOxPtBM/Dah64445/yXswE6fufHrHPdASTWaLsEy1dlHj8vjY+OjZJLIlzVhLpqqMki+IWaoYqaWiysobBZFyRZdReC0LXi2ydwrB5cYTV6Tf+52Ppn29eBVQ56Y2tE2tyoDy/HO3pltufn9avw4xlLdjeGgkvYpvKD/9zMvpy//fd9JFF52Vrr/uiuoBnob4weHutGHztvSH//XG9K//6O+E5b2ke3btSCds3JLflWknGAvmSOTnGVdL38hLxEgGIEpWM5ydrAxCpE5oKuAQYOVRIdITQSE0YJ6bHD+1OR1PXHgV00Hkc/Z5yFAbJkqvm5qHV0RqbFAAxeiEGR/SLG82zakzUcbD8TopOyBvcuRAIShNQgQGIajaUQpI5EYfeqtL+JAXupy0G22zT+2SejwtW74s9fXxQf2ZpZtuuTZdc+0VHZnPOf+sls84diSeQwT/ODzzrK1tJV5w4TlpzdrV6Wtf+bZelt6WaBIgby9YtpxPpMOPMS7C14jHuMkUAZ71G0MzJO8STXmMMeLYz6LxMadgVQRuhBjJagq4S61E+ihTtOunIisqHDTZwhs0xlFtfAElrETTJmpw+1hkGbfl2FLqxG6G0Mf5AT6TR45mM8vAstT78va3+vB7qYTNl2fnAXTuMPt4/h7M2flxLrjzsoIOyWUJbl4eZ2RWBGd+eVykYDydBQrgzI3ZqzyAIigwPBHr54zEK5USAkbZFMSfZQhq9XqfyXZtr7z8pPRf/NanLbg07jk9XnjBWWnbReek9evX4D2Eo/piEBUsXLQgnXnmqdiZvDH91m/8fNq//1D68p//bdq1a++E+vtHTkj/6r/7dOJ9okyjeH3K/r27Cx7zAU8a8av1HNbO8HIwuddQJcYCo6AyiMAdOpBSQoJLjipRjWQUkI6CdCDv72/zCHCDbyZV6TKFNV/QH+Eba7NLl91kwM+z0Kuqt0tjzQUEGU/gCh7IICAOzJE4dUgevmXJfAaBlMmfeAi3lO0LeNBlvOvDHMHr8YItiwk2BiX6h7uNVq5qvU8xM05QWISdz8/d9skJg0uyc4yfcML6CSS1QbFds0yn4yrARE+Mb9myMf3qb/6DdOKm/MzEtDQuR2Deg9sLGOzxn/5GYJ/S29nRJpKwADHPFdGjXuQsRzI+cUgH+aSLIgxMzUGuXOyiM7BprpFoTMa41BACE/n0y8Z50CtW06HxjLpaLEWVrXUNR6bGAKDTb7YaO8kN+GzlT4efgWWn4HI6cuZpp+4BjGS9coKvKcI3yeuTaupi5imn4wEsKFNcQUBXBJKmoyNvF660LMW9YbhEbolKokejrPWLQCHCDKcKouASsQtrkwU3X0XE74pPlG66bmu6+trr0qH+6gQ9Ef1McIcHBtM99zyaXn/97bR3L59jQUIbtmw+IZ111inpXOxursAJ7DOf/mB65JFn0o/ufCDd9vlbja7Dcf/h1em///3Ppn/9v/1NGhwY4et98A3oA2nFqtU4IYR/6T87mZRTiO7L/nZq93TWxpMKpfAfy8JHd1QKKN6UMVfKhQoXqFpudvFMTR1DA/0zuHmvJrBjJYZL+IAnTiacTJQHPHxS1aMtTe+YZ9R2k6BjyFOlOBi3HyHc6FwmlWbxKEQ9jDHJhTSQx+aK89nDbfDnOLfSMDEpUtPRdtXUe6Al+YqV03fzKtxX+flf/FTaeOLUgrPrPnBl+sbXv1uzecKKt2NCmkmQ113//kkoUlqFtv+jX70tfesb30vP4ZaV6STeW6ouIRMKLGP3oxbYy8FsS2PYZL7cThsDeRxSZh4XrLCvQOxy+O5SjRn2K3ARZHJmcqxm+eK0g43hGGsOC7whs3wOJ16mpz3Uk9HSL0vEyT9jCDIaWvLOJdjwzhowy6bPB5SzdOAs2THMLcDEcvmuHkiz9MMxwt4STba3C2c1dJYviwXJ+Dguj4/jgS1LkbPGMhkEQ8GYUQsACywHkXIhATNqYBupS599HNRT1g1UUf3QDWem973/msRLz0cyjeMbyNxdue66yxRU8h6nAdyD+eabO9PTT7+U7rv3sXTjTVembReelS677Dz9pmLPvr7l6Q/++SfSv/w3fyPyg/v3p0VLlmJn014lGYEhTxh0VZmTwVzK01Sk0tEVRZSCyvrGa8HCai7nQijJrGUhTrCjwyO9+Jb09COfUtgEZVrDFMMl/o6KE6lhcSIFoU7kBsDROUNAwKMejguyfM5zRChA1YoWmES7KS5EZF2hg3lDbjzgw1M++zYza5EEMYJKa6OwarBdPkedT5CDZLoP4XDn8ld+/RfSypVT3/k8/8Kz00/vfyS99caOsjWdy5UTOtNMgDn3vDPTSSflv18noEz6fvrPf/4T6a/+4pvpxRdfmZC2RK7SA0QMwKxT7IhVLWyH460Y/YCa44w2VyHWgzjiiXQ66mtUMW4s6COuGg/BYNQxzEiieU5CkIRFhEcqg8MYrnYPKGVBhYSB020TPeSVfKSLeVKOZcLn08QemA8sJ/bP0cJiybQA00f80dJ7XOuZ7FLxRI3HghKrWiZj2GlLGUFFEKpL57706qs0fD2RnRTt72Fb+mxJM3FN4eTOD1WQxAC2yIqYB0pocuJjlHiI4dCB/eTqmG645rR0xVXXIrhs5e/INEPEsuVL0weuu7zGzS+h8PN4F1xwZnr5ZXwv+fa79HT5jTe8r0Y3WYU7mX/4X92KnczvgXQ8Hdi7J52wabNck09+gDOo0smHHVY0ORdFXPZIvWy9R7FeImNJQkOzMFaIdEA7WpI4vq/vIF/0eUQCTJ0A3c4wN9pfnphpS8BlWpuDWhR+ijYxj2aGgnCMC3S0SQSNfEic6Nk3EIG64CFDO5E1zpBqcsgOxpiWnFEMJpmizQwg+FaiMdlB+SmtXY/v2uOS3HTWgmUz+BrOhz9yY/ryf/4qbgcp1gVZ13p4Dd8LP3jwUA0x1ffULlmyuOMDRzWBRYXu4L2o00knaPeWO8R2OVOXyv1hGMrDf/nX+hZ0BETyPq3mI/sbyKL/SFr2Z2Z12VG3HALxXzJQ4IxksrpR8GgYBrPVOCl1apyI0AwMftaChzIiCR9EDozxx2qWFwzzuTwwH1QeewMBV3sswMR4nr9CfhT6B4tDuSSGxjYw0CmyLL4xHn/Ht55LECNi57Jr/GSuU1yqeCK0RcsXRcCqJYx4p6sBAeVZmCbyrElcJkRZKYBJ9yNOtNjx++HX33h96h+gkKOTnnt2e3oFl8gP4PVEixcvSus3rEnnn3dGWrt2Vdq69aT0K1/4uXRIX0mcvj39oxvTb3zhyvQfv/SAXlvUh0/mLV/JB/bpk/C5uZDnB7qyzEkTJyOWjc98E0cLT9h7XoIMeZwEpkac1i8AGmMlq0ln1CLDOxXrL9933JHKwtw4OZZjxXB2Qs50ha25sYGMHDS56G2PP5DGvG4XGK0/SJzpo6GCUTcA6qAC4R1mgWipLOSAmXMDvOwj/ufDPeNQHuLIuxD3Ea7F2wr27J74Pt/QPDQ0jIfQXkzbtp0ToCnl3FG89WM3p+98+weT0t/+vTsnpWlHwBP3z332o/hDjWN96mkIH1t49pkXpszA3d8TEWAyZzfQn1yLOG66eVsCAk32pV0HAZYTjFQiREYmJNKrG1UmmjKIF7qiUxW0+sf+pTwkz6xHc9VwFVqIkCleyI/57ZaJurRLQkK+GmK2ES6b1SayOZEY6oeQR2g5p+pUx39tPqB8F/Rx1/hhWtmN+KQ1bHkX2H+smTidHYu67VN0fwSojafH8efBaXjdBR6/5CrKZc6WuFjoIvc1VqpV5qIYQC1qrIBaQSaLKAtECUxG3N/fl3gC6ZT4ycdf+eUPI7i000EnujmFw9aXt7+RliCw5P2WmzatTzve3p3+9D//Tfr+9+/V61OWY5dz08ZpPhxRGHnCpvPSJRduEuTQgX3YocIrWdw14SEiS7fZicOEyHv5YL7MArzPWLcTVcETwoOFqFwmMldqRZOA3bWxsSHsOHd+P1MQzjgPAwsBBOHHk6BOhDQRP/rGmoqTK8kJEE0uGg1xSKKP9hXNFDNZKbOAh3jjdndIEWV5weXaN8ODg4KMK+hsHhlffsrYBctsMBDOk53FnbxEzhC3C6+1mt44e9Te9xxmTzm/5NIL0vuvuWLK9NMl/OCHr9dDctPle+KJ57BGTP0LP+vWrdVXs2IA2wcjodX7ln9x835MJgZZ0WtVQagcQDbhFT1K6Dz+YRJ/R0c/m/CQb7ooRybE2HFBnNcTJRv3NnZYJj1ZnF3j2kQarpRVvlKphDfL9EP5a+KPtzrnWfyOt7Ydj+1Bdx1ku/gezPkdzHe4h7FQtCxZDDtjfYvL41Evnx7HynWmVi4euILlxawMVTLKSI3MFj3Skw8YZ3esyyOKCSsi8Yf2T/wFrX/+e7em/b1z+7lr6Z/oAPfdeut1NYorr7xID/x85+9+kn74o/vThz90TQ0/3crQSFf6+c/elJ5+/is4eY6lvkMH08rViNsqp1Ui/WwS5yUiRCaX4qSSKZ3QeiJDM31AgiwQzCUEhxCcZQgRnHh6vJcTfcKnR/gFlZGRzn80ZGFtCzzh0wgmNxRVDumAx72NRuNHsbitYbI7LP6Wslnhskv60JcdXJcTQWLW59Mr1GS4ObFj1Z1c4VHiYmnTFa0bxY828FKuRZl66dvGzSemZ596vsY3UeW1V99Mr+J36qlbJiJri7vlg9emZcuWpB/98B6zpS3V9ID8JOUnPvWhdCFePzTdxEv2P73noWmx0V+81YBfQbIvarmP2WFFp3HmBIg5x1c5zkqlvJeT9ErsIhQt2HMYENoB97ERvBUNBxzGsMadYS20pRyTUbKaZSHF6bMqFCKiJUpjJiOzDkJsLTb+6RzpBxuXrVwt8wEkCxcs2dNK+c5C5ncm31n/z6n28S49bYuVsZxCc6piXph7ABO8Wk0m9AroFFlO+fI41qOxrVmka+HSysXRqlFDTwtKjJXJ5ywsZnobEsAI6dRYwPgUNd5FK9p2h1/+/KXpwOEjuFnWTukEsHV4J+Y//KVPpBumed9lJ5EMnP/xb1ggywCz01eLYkGvnYDoRrpUPi01GMDRjsinRvQZei06LthITBiT2E2GKQiYsPiaUe+kW+QL/aEl45juMQwhn5fDnHai3PbayZBs+DVPklyZ4mcNdUIfqXImHUqZ+NFX+scyYZ4cHdhML6WA5hTis1IDhFzOKD7pa3wQg8BS6hlfKjgCFoD1a9eldp9VzHraFO5EgDjTdPU1l6df+KWfQ6DZ+q3w6cpcs2Z1+ke/8vkZBZfU9ejDT+B1YNq8mLLq008/FdElvliMTtOusPxKP1vPcTboLIUDe8TmkEoOJ2XxTwTVAFBgSAGAW496z3u9ZijYrL8jNw5yyg7poawal/MEZ4WzoQS4s6hFOJglQWc6dGzIDYrZ5DGvIu/u7hlatGzZ7tnInA1v7EQ289nInOc9tjyAP761CMxfIn/n+mXWSwkWqbUISNdoacXibDtFttDa8lg1jotXJJZDueCsxI9EWqCB0VnaOPlVm77eQ8S2TVtPXZNOPWNbW9w7CeSuyGI8qTtXadnK09LJJ63SQxy8FzMnc5OqETzxpBLJTjRWEzg6wAni1MTTqnVGwQyI+NuhMhkLuRIdPIYvGk369Z6FC2fun0Kja7eGRZBNk61tTomsVo82ga3yEWnxy2PS6qVMsik5qSsXiLtA2jCiTPz4cA5/EYKIFjShj3JNdghrlU1e2U0mJAaXlM1LmvrONHXSYAD5roeTT5/ebuTrr7+VHn/sGVc8/eyMM05Nv/tPfiVdf8P70yLcKjLdtHTp0vThW29Iv/O7X0ibt1SfTJ2OnN6D/eknP75/Oixpw4b1eLWTPUHPjWD1EtcfdSB9yp1N+ptiLcSrK7D+UB9aD3k/Ga/YJAUl9J2LsbL3ZQwEkyQ1VAVa+8eSSHnAT3SZuG4NOWI8hXhScE0gi344BM7GHa0CpxlL8iOaFi5ddg/sGW8GeEerfkQbNy/8mPDA+OJu7WAuwLAf6TBXjglD3w1GzPz+y86tQ59Uy027HVAEfHh9W3UNK1P7Aih29mxGFCXT27HftfqRz/mRHe7rnfDJ2F/7wk1p/xy/6/Ktt3fp3Xq8f/JYSXzl0m9+4Yb0r/7nb6f+3l6cHD1+q9ycTx60WV50R9dOIIC5d71pJsBIDcOe5AkrkviNwAUHhnlFF9CBwf4DOIGtjXq7nJdDu3uwezTDJK1+trTA2g0EIkyNh29KFTyxWtusrSWuNUC3kzbPwEbtkkNBbrsB9HdRITB8mMnj7O4uy/ggyHAX4nVdXRCIfwbAfo9i+cEBXdqFXL6qqAe/0049NT3zxNQvk1Ps7d/9UTppy6a0Dg+ozSTx9VkfuOGqdMWVF+P1XC+kF557Kb3y8uv6+EA7efzD4gx8iOCc885KZ5+9dcIXqbfjL2FYi9I3vvHdhAfKSvCk5dPw+UkFNuhb5jbGbfDkoAx+tdHCcQCR6g/2Wq6YHlW9NyWCgDJFRxpc5AVJYPNwKlm9TPtoC1MMI1Uhx3As8D9pTLj+ACGXGkc+hyNTycRJ5pE+dPcsfGP1us13Hmk98/Lf2x4Y7VpiASbuSx+sFs73tlOOfutxO3usOtz64MXMdl/vIZhrVvV6Ii1JWKi22oIMgljPkHMnU2/MzGAuY7Yc25JWX5oNG5hg0tLncsfxCbhitw4kZeL7Lvf3T+9J05K/U/lnjz6LJ2xf0tdLTjttC+5R25xOOQnfBV8484Cok67pwHuH1qVzzlyfnntxD+7HHMB7MfMzVrV+kEz1i/s/XKreM1I/B7n66AlWnVglO70SlCkCXfR7E3m4r2/SGyuX4L2es0q0yU+c8VS3dvUAdzDMCmNDUxjNOsqBdr/kE3cNUdEFubjzBEBNkWVgkWcDAkaOMrnCEsSyWIlzGZndggQLdzIQwWUPpiYfRMGT5YwwcW8mX521GU96T/ldldDGB2O+/vW/S7+G92Iy8G+XGMi9uv21tH/fgXTxZduks0m3FK89uvzybfoN4/vg+/buT/34fGUv36IA/hX42tBKvBSdT4fzE5ATpdfwqdW94D/33DMTX1nUKd1150/Ta6++0QndFs6d1tNPPwVblHb/JT44LjrtZKLvdE9m7kM4FwE9l8syeGODODuYdMTgiWFgSyvqaDPFVOOKlADqaDkJmvdk5kCQvKClXsnw3VVXCyQwLp8567JKFVSzYtdFxUygFbla4LINcwSOXWOLli67d9WGLT+EtTzTzKd5DxwRD2Dmjjx2+x/x1XhpASYDTkKNgX9E1L43hWJx4RrSTO1gTRrUnbfNcjA2PrYIQjbnriu7sJCuxc3rzDxUyWyh1BZQ1Ape4bA4Dg0O6JvjQdvMr8c9jvt7m9DZ1xcvsUt9e/bs1zssH374KX0PnF/oueSic9M5554+eyUzkMCT/G2fvUrfK+/v67MAs8X/5m07ufDUhIRDnGuY+/knzjIiMK6yG0rBDWODmGCSSQkrVhjs7580elyMoEFPxJNthinU5kCTcmRb2chSuLWpOvGCXGfokiaEuCxW3XkWOFiVMrIfy1EteTIiZhEl5KQeEW9YTxdaAEMildVh1GNw6pXlnI9iw4FBD4C8jDvGp8hR6UaQyX/8bvh0Akzq3bljd7r973+SPvaxm1hVUlD5yuvpGTw49AxeaXS433YJH//ZM+njn/5wWo97jTulhQhUT9RT7es7kbSFjyAw5YNDD9z/qPDf+84diZ+LPP/8s7HjeaZeBRaMr2x/Pd1z9wNRnXJ+9rlnpB7sotKv3OVjgN7TvQD8OEXx9UTsb8C4hPJ+Z6Nj2cZP9Lv1ih/ZL0QzV0IBfSKQw6zsczLIXKZ0EkbhJX1UiIMAoikniGSq02tAiCwo/n/23jRIs+s8D7tf9+z7YGYADDDAYCXABQBJgJskiqRM0bKW2BWXnbL9K/mTkv4m+ZNylfkjlUpcqZRdVmRZrsSxypajMEpsmSqZEiWCEkmIC7gBIEEsgxnsy2CZwfT0dPd0d57ned/n3HPv933dPT0zmB7wO933nnPe/bzn3nPe79yN7Qu7mZvTKiksLaTAdSXIfXPbzr0PhWW1iOWlzZu3vbZl586X4NtzNWZSnnjgsnhgEPdfUjafIp8vB/pl0fbuFnqlLo/Dq3diMMyf/Khp1MTwkjGpBjLAuJLJoTSmPPZFlAPGuofIKMeQGMOURGK30mWv/+Jv3YvgcvzKRkhd335bBpg19xJWip5//hWtplypAJP2LODB7OsO7mxeewM/1Pbn5N3OHeyI7JOYyORXnWicaNK/Agap5i9OpOpI7j1bAZ99Rr0uS2qrgqhIKfP84sLZxaWlFZeVOalv2bwVXz3CytY6kw63HEBai9MUTaYsh1HhiVJlY0p7gqpHZ4HZppicIS3rlEtYW4c88Mi/FE69mUU5BLJrXGcxvE1GwtsUfUGZIaToYcACmFdsy++/EI9ok7hBs3/fPn2b+1W8MutC0vcffqTZhy/bXMruzqIAAEAASURBVHvdQVzmfgbvlHy6mcEKZD89/8JLzf/xL3+v+chH7mse+Oh9F/xgUV8e63wK/LFHf9J8/Wvf1iqpaQh/+qkT2qYRbN6Kez7vRgC9HU+w812cDvpMv1q+CYElV0U3bWJgOZ23GEQX8IEpJnaHSvA1H/6hjuiD6CifI6b2OWFmX8Vxv+bQCJng5z/7tShJXdRLOFLsCeB/HGtCECS+pGBGGsKQkh38gbdvVGMbgqzsZQ9qfXghWEMBuub2XHPdN9dAOiGZeOCyegA/CHV5nEqwgrmEFcw8US6r2onwrgfKtNSCV7o83lKphMkNX+/pJQKyKzWM1eUkJYgDc5/X9fpIiImYAebw5GbN7//AXc2bl2H1kvK3bh0fuJ5fWPkb6Lbv/MJi88KLr+DdmAc7qy7GrzdfwGuL/tav3dv8i3/1kF6+vmXL1px0ILE4M7ztKjtHc1oCShlknJzinj5aVPcC6+wx9lkweuLqUFpJsp49oyeQVvycClcvh1RR6AUkHSM5oxYTojElACszruVWzWObgq9tmyH+sWQbLd9iaDwnbwWZAFpsmENqQGgLk5zNHCAT2p8iwQ40UaxkEpYyIpjNvuDpm1eXB3jZOt/dyE+ULsEhXM3kDdJLuPx813vvai40wAS3Vg+Zr5Z4HjyE1wJ9+5vfb95/793NL/3yLzC+XVd69JGfNF/5yjfwtoiVT2i+SeKpJ5/Rti5FYOLnJzfx7QXwWQTw8B8cJ9+xE+BHQHjoh//RpuL/6GB2ZaYoqe8MUX9nP+ZAFueNhIsqD1MdI/Ux1F4qT1rqtirkPD5ls48L49IuV8txnHDbF+0lFSD8lxpYl/LMP8knHrgqPTBVBZhTy9Nzi5ObMC9LP2Jiqscl6xgBA91QvJm8hrcvWMc4JBxuXtLIFJmlMwe4DkL0S76Q5gQp+gAmStKSXQMqtSzg8vi4z8p98hO3ILhc9SqsNK1nxxenj0u8t2wt6U//7CFcVjwm0mvwhZUbDh9sDuMSOzddWuxNCmuRaZobb0QXNA81/CY7A0x2LH2ppELWcrIjgSc1zyUFZZz5WyHqS09WoSEDIWhTP4/owNmzZ3mtccW0dRvuHY3ES2elYuCa82wM289UVoD6E2ugWx9l3XxEePJmk0pgJ88m8VDGADCAmZEzgpEQiLJAXU4SJzzPtM4ET90liCgGOsjhSQkBZOSGb1U4GOZ9g4v47cOHfgg7cGhfc9PRGxt+rvFypvMI+n7wvceaj3z0g82hQ9esS9VD3/jOqsHlugT3mHbu2okA805cDoeP2AkIxOk3dRQ6S75kpInAcBkBKIN1VPQfoqKnPbzqh1lQCM2zQpfUlYMWrEzlHCLI4iQ6zqckS2LqDgj3qdGFoEkE9SkFURxv5Ek9xJXjKcuEOYUa6jNkkk88cOU9gPGPsUYe1Rdiz2K7grk4hRVMBzEXImNCe9EeYAeuKMQjaBL5BesYd48sLS1jdWoEOw+HEWAO5DHAcvCNkU+De8o2m3OCKWZuTp8UTapu9tc+fS/ee9mFXcqaVtjGCFzA99BXSz/4wU9KcElaPqzA7dHH4jN2B/G07j/4e7+q+zpXkzUK/+aZbQ0/i/n8izPN7j15H1ztwMJEYJvinIX3s5+Y15NRzmZgCAJzs8aN/Rh9F3hKFr8KKA+WF9by9R6vEEPKK2A9SvYLTbTN9pm3vxLTWhkUpW4HJCMnWOLcPk+4ZYxLRh+3Pn3iuCajLeExDlmkxxblkBzGpiBWXEwblKVdRVoWrCeq8ZtQq4U0FEDbPYWAaRFfeprOO1jef9/7mldeevWCvm5Tm3Mh5ZehZz0B5jxWQl8/+eaFqFo37Qfvv6fZzFeHIYikr9iPXP1Vf8KXvBzOTmNdn4zvLcmWbobHRVM6iibx6CAgOlalxIs2eUip/gpVkENIN/k4LuJBJBtNZrmSRGDqNDxl6rgZJR8cli2RnYogk93EA++4B/72r33y6N/5mz//id27tu9+4eWTL//T3/7//uKxx0+UoHE1gzZVl8j5Ba7xEcRqkn7K8eu//3JERJ+XxzHG5FAUNG09nY3XE+HX+R0xNPVGJHJyI7jaNOTmZaKYbSmLw56GvtwT1mVnfe7c6MNj166tzdmF8Q8XkPdi07at49/PuIBL3yull3Df24N/Mf7BA66YfPazP7Pu4NK6P/vp9+gSOesOkOTqyv9wMBxbzzBR5kTprY8mS53MLVFAtL3Hch40JMI2e2aGg8Hox5CBYNqCCZ6XJJmwQPSSCuvZQXmqLTnt8Va3mytCXhWiqkKTej2hB45YJGZWIEC7Kz4ogoKQvuRmcPg25Yk9MSZIkYoTKcIpO6dHBnMy0NDKGompkOcrc/4jSNIDP1yhm2p2bN3WvA+3krwTiQHmehIv45dAfj0C1shz45HDzQ03Ho7gkh2DJ/Dj5erwGs5JBYEA8zo/Pco3mKoje/LrQM/9TbY6uCQjYdqhEKNd5CqrY5MGZXV3Tw+PV8mNg0gyynEnw1DzAaJC2EDyrBaJkl8BycYUcPClroBO9hMPvPMeuPf9t+/7r/7BX//c3r079k5ND6ZuuvHQDf/9f/P3fgmvNIvJYg0mDbbEOzBJOjXYNK3HydfANyG5AA9gsNbY1mMpMAwmWQZdxJIVafIa3r6eCIORLnjfqlEzB8jC6IHOAGrgBngMk1EvZdFxgA1TzB41IZuFhdEB5n/21+9ueB/i5UwrvRbl/Pnx92Cem51rvvjFr+LSvh04bCW/7nMY92VebLrh+msRoC3j4YjzuKJHD1aJ7ikuIi4qBaQJClAAPMlYhI8O89SS2WM82ymHk13krQx8vWfl6Bt8W/16IlzRBf/6ohLaQNtlB3aZaA83pghaAkL/yEdkwuZ64Xej0wmCW1CIKzIltzBWSOkMX9ip9q2p2nrYZbjzNoAICOtMoS7LtlGnKmFoD5vFPwZK1cocLwEfxfsmD+MVW5c7vfLy+rpyvXwX0p7t+NLQ/biEz4CSr0fibQQRXE7j3lV6jquYciXK8Cl823mHZHRAUekhtO1Po6LHeGaot/p87CP+6dgCjYhCLyXU5OV4DUmhIAmCj0JqDtZCZsgPFu3xy9M2V9BS5DFtUwpwUph44B30wC988t5bGFjWKq/Zt3vffR+4dc0v5928rf1KFO9KH/8ER61lUu54YP2rlx0x4yvjAtTBMj8jg8eWMRRxBNMgOUaMx70cA32fWEz65AlmktViPMgtzM/jEpVrXR133XVrF3AZan5N0SjRYx/ywSD9R3/8F3jn3/jfTXfecXPzoQ++d5TYC4YtLO8WT9jTelGlnv89k3lC4yTHxLonI+asm6Y75bgvDO3qY43s5+bOrbq07PsvYcPzkLb6/QaydHhnO4lxc4v9BhRM8ieBVzQdaFq64Khke3LSjbbKZ24oMPaEeTu5zo/gI1wTeG2w7Sp2JjfqXIVm7MgtVqRJFMnkDBZ4rx8DCgcOLON3uwInwgb4lIWCKKzUffj+e5udl+BzjrZjVP4KXnPUaeIoohGwl9a58jlC1EgQg+6P/+z9Db8YxOBba7sZYNJl6ldxRmkJD07xl7cDvAi+sr/ZNxiXPI61Ofs41DO0jA0wgBLcsS0PQ517woswepC9aFmWWJiJpM3YfPxF/4dOM1p+4cuCeQzXcUJhkzTxwBX2wOzs3Mh3J7/99uya5ggcxbNf/8N/XF6aPTW1tDh+Jr7Cjf1pUs+1NoxvOcrEyltbrzyxvPyeqHF007CYeZY9lNbjFVGsJ0wDWll5ARxy+BfokMPyuFVCrj6cXYjACmSXLW3DgzPj0riHfL7+0PebZ58df8V3377dzec+9zPjxF4wfOYcnhS+88DQe0IVmECafGr/WzqBgIWnCYT3UdGElbnmG9A5L51nGeJu+8yy5uZmT2NJdcUHdth/mzbFM0BYRXq6iFxPQW2Bds2makqYmra7TQTSRttJVf3AkjAmwVnI45sqxCk17fTMEIR/DhzjKLYWEgeb2LFbdSIvESVYQ6lYVXZDJNN+D5lto2CN+VDgbRgKpVjGosBmPLV/P74b7lsTbNelzPmy9jdev/B7Kdd7aX2ttn/g3vfi3tBDuCI+3UzDHwMcf1qd5G0a8pVfso7+JJ5ORY5Cpx8VyBGWfmbfkyyIItehWHV/Ic/jIbOQASTrbeLxBBiBxiWg8AEVPLSzos9ybQ/Llhf8PHZoUZsiQGY7Ql6LmZQmHnhnPfAHX/zG0zNnu++te/LpF5/5yVPPlaBxJYuwLsb7+Uua2rJn1yTALO64NAUMGN0RpCO2d9lWkSWvUjolr8nap8dxsxyAy82tMT5huCIXRy2NYuZPUTECBg1RMbrF4IZyeUccceRHkqgilO/EG30Z+mP3H2nmFyqTxX3pd/xiDx8CGJUU/GoWaLHHjj3ffOtbj7SAXolfR/nVX/kU7j8c/3R6j2VN1bvvvFYPdbTEmCzsfwDlqape+iwZPOGwOerKpK2bF2GVfU4ClymEEoLp7MyZVV+mXC6Pk3Vq0zE+bLHulLYGPystwLU4vIbhxlt3qefxKDicUOAsodluecATJsdVnkgZCkisoFgXQUkr1wSUhY0IpjqnHVBcgs3KRlq4BARB/tyh+pSXyhFYTvE+w7zX8Jr9+5r7P/YhwN2KUHUp98fxUvYLSTNnz+FDBhcelK5Vx22334J3Zt6p4JKtZpCpFcy8Ekcf4SYT+J7BGpzOsQ9l0oafAENFHiOe/cLNqdRboPhQJU9BF6aAUENosaA6b2UZynNMK6qwIeSy53ksyTKThRbpxo72IokkRaoJCa+Z2Hb+TdLEA1fKAydff2vuv/2H/+IPvvXwE48eO/7yiS995bvf/O/+0e98ea324OpEJ8DcdMPWB84+1XxlrfwTuvV7oIxCGJBKeS3i8ulx8Cxvwhh0Qxk2ORZJEgr1CBbAEO3xinQui43i8B/X/1KQh7cIVxbHvAroQ/fcFLLfgf02vAvzbH65pK+Oq5ibN8dK3KlTZ5r/9KWv9Uk69c986qPresK2I2RE5cjha3DJDq+hKT52gfm4ROcDF91QiDjviJs5cZlLkhAqJX0KKB2LJ/ZmZ1dcvSSjn87H5Po6Lt8ystifAi84GzUl1sE1BeZPpmgvbc3Dv24J6Vo+touAoCh0WU8s/ORSkMtxLFZgrw5RFn2pxDILCYhwIVHh/ZQBzdkhZhWVBUkmAwyQ4cffEgIlSo7TG94F0wCvMOIlc/pJX6dBjQ+6zH3wfc0P8Vqhy5G+8uWv6wtCfJp8P17NtWPXDrxQf7N+WC3hnJnDrS/n8PDeG2++pc9IPvXkcfx29S/aS2vRjTfdgG+j34dPX27SKq6eGkewTR/FQz287xJl+o5+hAfjtUPypIwBxF2lY6KMUnlgdY8vkkRvUV5IdJsEIEjJP7IJdf86p04BkyUYzBfAGhWY3Fs+ZRgEWNgDQNonMhxLbH9Hr5km+cQDV8ADx5975ew/+p/+9dfXo3p6eakbYH7hC3938cOf+o1zOGlXnZjWo/DdyHPpBuMyNHKAqUejtlw5EPcd3Y57vjYLWUYrEGgShASOUgWuSsvNKpNzliGI92WWIDNZKJ+D+LgVzGuvPdi8dRlfT0TTnLbiXZjjAkze98gAk4Hwf/zig3il0sjbRyTq7rtva+65506LvaT5/v28LZb34ml6TNndLgyfAtXzv+pd0jgSQOc4hgLVNYThryW31IDgBdjnsK14/yUnM76zkwnli7s8Thm0BnbFJBmTZTG8HItShx1b0WZuSEJRdalHpuO72+pWDHnIGX6xBAWW0p99YkSITlNSpkXXDhddjymrPmt9KT/Mgw24L5CLctSop58hI1joJVwmx8odz0/Sc1VvAZezf/zYE7bokuV8hdcjP/zxJZO3XkHXXn+o+fgn7sc9l3xSHCu5uBqhl6nDB7x9oPyl33VpHGU+/MOkboGv0u0tIDBZ71rH45Ac8cMCGiTEHRyy2pp5aYm4CgF1shfzP4/voNcqJvuRyBEppAGR7QobWLU9ZkJbjUzQOJnmmOQTD2xkD5zfPNV5yjDP5MHkMvk70msjVgny9USt+qDB0IURrLp0rsvjy3fE4MhJShTB5hFTOQdFDnwGslxVXU6wcN4lSwxy0DHmAZ/l6e3muOz59hGfi7TShXyS/M++8lfNa6+9YfBQfg2+1fzZv/bxIfilAmzGJXe/2Flut+t7CgqYhSH/F2z0LUg896iricZmWCs6+LifnTlzuoWPLm3BirAnteXp6Yu7PA4VOlagnLksgbFsmprnAhvgRrABJBRxl87ktlwBHPmYMlct5YWYmM5THAk78oM1ZbBCQpIUR6JCNDfAmA2lgu9iItAEjwzBDv+8VB5LlxIHEAPLeGpaQRYCLb1gHKt4fNn4vR98P4RSwLsrHbn5hubnfv7jzRRWTtleXRZnoJmbXkSfq5b0O1czfWm8XXWGT+ia3LLbUY0QnnTe5D31E2GshU+FB72Pyujhbi9H91Im/spxwUMCMljP4yLNCBiUiJ40VSKsPaACEdYGndpACimFNWFskdCVVsCTwsQDV4EHBst7Fw4OB5hYwVrTDZxXQQuvuIkYMEaNEQWGAayUh41N3ioOzcvjIsWYdDMLHCw1kAEQAydEcsDyYCcVAhAYyVVqdzlRGiihOp4yV01EXJMblc7NxWXpUbhLDVvpSfIFrGA++sgTzWOPjV+I432cvO/Sl9IvtX2UNxjQH5y64C+6jNuYXia4vRSMipNnHtR9iHjuYXcKnd2hrCefuvH1nh7Uwtt8W/X1Hryj7PkWs85S2kRu2xhHUPgjjs+UTdoOvabw8BUsp/GdBrDh2AobFGj1aLS4QteqyBLE0A5N5gRlPcRQRyouigLj9qhGmuRVTqDEwyadb2k73wzOR3u4lEnRCK40JPh+TNAyyFKQiXuCb7vzluaBj+HVPRdzHyxt2UDpdrTpY594AJ+C3NxsrgNKOIS+Cn/FpXH2L90nt9HHTHQ8aO1/VQEi2iSlD0iPpL6lHJRDvjqHtQBmNY84sgRPFEBVHa+kxUZdoRsVFFROemVBxmJJcZyxKm61jZLjKE6ytIUDAW0lDxP3Rgkw2U08cBV5ALemvPHgg5/vPLjBmREH9eBU5wS4ihr1Tpt6SS+PZyCJQYWjUaQxAery0uINGIV3mYwcHFTFWHaQxBFKEQyBqhQWFQhiMjpqlQUe7kAwYgXz8HW7mrmFWPg26+XM/bWZUTpeePHV5sEHx79MnTx/7Rc+3hw4sOZXeI1SszpswIc46EL4zL63nwt3ry/G+p/9Wpiim7LOibgkwGqJeKHL4vz8/Kr3Urb3X049ww+BpcFF7AUX1OQwzPe0+QiSgRDY/uSKhvh1WZx9BQkwyllwQ/P4c1WzNeWlkcUd6bAILNoWmI53RiplpmAEgJa/lFrmfgnC5C33MYWDzTpCWARPlC9f8EcbaBhssimDaf5kQ/DJCh+axnMtSwg8eZ/i9h3bmu/81fea2dlVn9HqW7Zh6gyS7/3Q+5s73nNbG0Q7mIYPdIlcnRl+0aolrA8fciyLfqj7UeXsX15CFzUZRBr1KGovX5T+bUEJB1uB5dgZyjWWpnrQBFE5HoUAIcBWrTztkvDkURuKDhzfKZ80vDc0qtF+wgwRnjQsTNLEA1ehB3BGde6/ZBMUKdSf9rkK23WVmFwtS1YWd6FRwyA0apy5g4MTNyExcinHwKYBFRUNXgFERbXQVJdziHMmISbNPAIAAytjUbzl5vV957grZe21lb5HzuAS9xyOFfaBD9zZvO+9t4/FXypETHzT0Q9wqCYN9oP7QopYoU/Dr4pDCTeYZbvcufGJYDdy01wGvpzTSNXMneXXe5b1g1GAEbvNm7cgEI7XwUxtwuuJctUMg0CtcQTneFCYzxbjePQqOKVxI5J29v7KpIrGRDCQDGwQtx5/EZQOKJfOk47+Vx8kvs8e1rX7tjVpoAFZTTGAok00BwK5sSzjqIDJijK3BpHxVEbwyLOUi5la0WRwyUvBEKSnzfOexGkEYQcOHmg+/YufbK47fK1EX207fl/805/9OQSXtyu41FPz03iwB8eYHuBhjj8G2PFAD6eedCqc66BOvgtH69jw2AbWoE8WVsO72Q3qpCAhJeWR18dX6Tt1GimYKIUCo+jj1P1oVHQviFSgTLKRj4woUpdKJAmdoVfYxBCXisgDBovhL7CoW0phmRQmHrhqPDBYnh4KMGNCWjp/yifLVdOaq8fQGIVWtTfXeRxxDt1/uXQrBXkIYh6/7mN85AjFATKHrQSyCsqOBVXF5CCzYMlIEt471vRer7pz+/jPN1LMpU5ecRsld6Xg8uDB/c1nPv2RUWyXHDbA9T29Tin9llnoYSTpTiv9kyaQ0DjnRElAIGOiip4lnN3JpG4VHSrIz56d6fWUyDq71pf8ruHU8Q7yElS8gmlRXqk03OYSz4k4JnRTs00ZaJgwG5tnRrhFvMHjab0N1oPR7MVZGQi0mqLkIMDBDelVTgG8mCATWK/6x8WiJwtsj14AjjqDKH7hSatWZJhCeQkwFrmSicI0gv0ldAXZufH2hY//7APN03iq+3E8/DPuPbQg3VDplltvbu69/wPNVtyLzFsC2K54WpwBNQJKBNWMq+EM/tNLytkIPn1f/O9WZb8bnlVjkVMYZBRI1HlMMakf6PvEt/zZn6QB0tRZADQhebzwuA1ICsoseKOv1R4qQMG0ghUWwtleWSVosSzYADNnYZoUJh646jwwNXW+c/8lG6AAc7BlcKofSFx1rXsHDF7t8jgmLI9pI63BIJN40HGmQRDJMaYQ9/jz/kt8zG9pF66qHSIdiTkcKc+Rk0OXUiKF1w4Azb6Jz4EwiLEnDVPylZwgmOrVLtHkbvs7HGCu9D3y2q66zFey8L5Lv0y8xl2OMp8Y5ipUuBFOxb8vh5W+KYpbZzswcjfU/le/EaGJKbtK/R2TJI+k7H6Rzp+bXfXN91vxTWwm2PQiAgG+B4BfzC7qhbzAnYJCGW57OH2yjahbdGrw2VHweQAGdRxzAUqGPF2Mt6HD9YTYIdkGrWqGJdpbr4/7cjqaPnPjsxluGMChx/pNXugBYDBFn/BPa3RotEIMNR7HCQJPmcnXF+FrNaRB3KlVzunFaOEd77lVrzJ69IePNS8893JRs9EK+/btaT74wD1afdXDOwgmGVBy3KBvp+EL+iNaCXj2J49pJj4QFbAIwDrtIw0dJdo4pugd9RnglCBvoUD/MhVoVLkwqBTqxC0qyoxaEgYZ9sHgsDJ7TopkTkhLxeAtcsBHm0KRqEIy9iIjPtmITbtYdBNJX4GJmqSJB64qDyxP7xkarBRgbpre9tb5hav33p+N3wuMJldLQcPxqE+5PFi6M0fPDoqEHJiY9CtZFQ6LSJrcE+tRbEgyCatE8oqmHjBNtX3rO72CeeEvRf/FX/xEw1cHvWMJy1HTmzaXycI+zJ5oferOMkEaaJezm4QynSYsT3ckhkQQi64inZ8/d3ppCZ8QXSExANiMhy6YBtN4PRECgTZheW29ycaLP8TIYsI1wwOWNI43XbfKODwjMCOs+C2PW7fXfK57Pq89FPwhuTwQZMIAF3uG+ejcPJdkRRhenJMF1y3W9vtHAc8bBZkUJyQvC+P8XubtCVQA36M6Bbfzk4j6cYJ8CUEnv3LDNxLw3ZUf+dj9zdFbX8dq5uP4Os9btv6K57xf9C68OP22O26Jb4rjIbe4v5LHFt93yeOUbab/+EOVEXSYzdsF6AO9mJ6+qFL4jQD6iAEbM5Tpk4qOslTnjlvKTihAEeyR1zLdJ7IphYlVvCG/iJHAIOKxOLSSmTxhIyqVDJoZcvIoRsXHGeHSL6MJD8qWh6VJmnjgqvTAmYe//D/jNq1uUoC5dW7v6XPNJMDsuuaS1MoIgoGllC25DTvzt7YBenWRYXiBczO4rR08YwDLMTKHqBiqPGBqYBUGEAGhUQM1NRdAmgGzCKpT1jdhsuinuXw1UB9+uerb8Hm9C0kfvO/u5j3vueVCWC6adn7uHAJMBg/sYk8nFBuO1CSFcjkE+v4mKVJwRzlYkzBmWhHkfKvuTMrm7MwMVyNXDDD97XHy4Kn3Y+a9+Lyd/HNKDQ/A9DjgiY92eEWpY7zsoRU8hoPDAYICVLC29ZBjP9oXwUUZ4UFRwWeGB5ftca+QnrDgYVnBTADD5mT0mUt9kaIvo+5+BbLgIRdMei8mmfWOVOSMsPHPy8XLCLp0nvI2FJzhvEeTpPq2OQLRAd5QtoR7NPkuSb4w/eTJN5onfvQkXsf1uo14x3PeZ3nX3bc3N+OS+Cau2HOD0fr0IxoVq5fwqB56Y3tZzuBS5XQRgmklwOhDvRNT5cqBIJB/AVeBeTrY/SCQ6ZCn1DhsQKS+pciirlDIbmBKiqM0dPiHkFfg4xihdgiTibYz7CcvU5EuwziYJ6SQB30Qm7oV6fYIP9lNPHA1eWBq+sQocxVB8NHyD33q18+AoH1KeRT1TzFstcvja3cNplmOPfU9lmTuXR5PebiNbXlqsLR8pIxRJDUyc2aEacjywEpgGbHMISB1VTjCqlQE4f6JXPGqsM3bb8/V1cte3nYBn3W87toDzad+/oHLblNfwWl8RWjTNFYHMTN1XcseqX0fnAy0PIn1ZbUdWWO6MiIQ4uQdNOfOzq4ahZen8Qd4Y8TU4CQ4u0JrdRdcDlEW2JmQIavci5ly02ytDBFkPjmPABCUYC+qBABOREUfVXJkCkmST/pMqpcKrDNODmzpCokDgwSYvODBR67wfxs0RB2IFOnL5YwoS3sQb0megk09U94sEgAjeWl5Gaubev/sJti5iMBTw8VUc+jaQ83BQwea06dON88df655/rmX9DUe23S58ulNU831hw83R2+5Efm1uOTNNyYgGMbfFAJJtnEKP65UR5k+sF+0iinDiKVb2Hj8XAYdk/bptOKfgkknyjfBTY5uX4QcnkymkNzsnPaHCXWnPMlnH8QPg1Bf41Im6WyCC0QJnf1PGtRrbjY+JMSeJATYA6qrFmOFnNUREBST/cQDV5UHlpsTo+wtS1T4Bf36Uv0anFHUE9hYD2DAqkaUsWRjELF0iXFmSMbS4nmsXuIuWXByHKrHIpYND8bYezDlxK5BllSa0KieWszFevCwVIqpZNOm4cvTp06/swFm+2CKLBy749Pmv/qrn4qHbcZSXR7Ea2/wt1m6D+4sk6B9rgmw9XNbsj3RkyXwRDW7wAQj+4x6lhYX5/DFpVW/3rM1v96DO+HKS0MRJgypaRWusSQJblGI08pPSubE6uPRx1fxj7Une1mZzNZ7qjZ/sbbHR4drxRBwHtpGswWSmQp9T6bUgbDItWFpR+FPueEJQoPA9he61MghwPplOwjIoXMQCB0OfEURAzH80U+kn+KKHs9V1hGDMeFNmfE7VDYgNAOel5X34dOPe/ftbT5w7/uaV1492bzy0ivNa6++3rx9Oo7B4L64/bbtWxXMXofV08M33dhsZQCpy9wILtkOrrYysCQMieGmgs5sl+7dVmfRAaRH82A7V2qjj+05Bpz6lxzSRTLe1awnvqUjPgSQorCrAF8mukXQnEIlXlIZ4pxsSgkwhY+X0v/Ai6Q+ToiUjo5FOgZoqvSDidigC1WT/cQDV7MHtm85/+wo+0uAiQ8D4trL4OgoognsYjwQweMoCRxvMNRojNJsQqJ6ZROX1jCx3KEFz0pAMMQgxYGKdQ1YuTeeCA2OGhFZAVUQBpfgAHjQLbhQtgmfYeSAWK8uvHLynX0n/7Zta7vn83N//eeaPXuuzAL8M8/GB3TKb4z0s/oBu3Ar94QgZ5cLGVXDNScXRJIjCwEtf0oRYvbMGd73suK7bbYg+PaqEZ686N5/OZgO86hnHSmY6z1aU0n0pMzjUIcbGuMJ2+pM49x41SHLQUkXD4T18BiVMO7NHWitVKVPy8ol6yAtXZAF14tgkYXkrtSWUmrL+VPrDz7iyUs7dKbn+SQvML4CkMGZ7MTqJX7k49IzeEE/pWcwcb8i7t9U2xWI0jo+/jfVHL7h+ub6668Dz2Izj89OnkSgyRXOt9+eaWawnZmZ0WdUZeOIHS9Nb9+xvdm1exe2nc1unD8HD17T7EJeAkkGk2gu+4Avh1eFD/HARK5gKrBEZYDL+dlA0KQf6D+2lwMYaehxNg1VB6cBaP0ZnKHP407p/ziA6BrZwV6PIvlRiv9QUERCrxwPZPo+qdWmEAB2JUprU/xgiL6jDT4GqBVVpFRIuai1KlNX4sP+IBBv2hMyKCU41a6uCVQySRMPbGgPYASb/fqXfvO1weC3h+wsAWbTbMZls85L2IeIJ4AL8kAZbzDAlLIk6B7L8bLK0+MgwYLHzUFJETH6eAxqITG4Ed6BAaABrYaKAAjmMsvSQktnDxS/Wz2Hewydnn/hNF5HstzMzVPA5U+vvz503/CQ0gfuf19z+21HhuDvBGDH1qXm6RMzzRZ+IceuzAlEVezo5kDFJKuVKnaA6WVo15+s5XxadSqFJRw5J7zZ2dW/3lPuvxwMFvAKmecgpaP5YvxUW12O8iHpDgW6mrTSCVC5hK7AhO1LARSu9lZ1ibCCWjtpY6Ifal3KFWvFX1Y0U5/rdI9sqsTLpqxX4I5InuayLHf1aR+4sFtl6mTASNvkOEqNezGpi39Y2pQdfAiI92Zi9RkUeO/r1CYEbTlKMOaDnO07Njc33bI9Lq9TDaM6yOWrvBaw8ZVHi+cX9VAO75+cxo/HzbpvmE2gHdiokquQ2Bgsxr2RsVrpy90RGALHgJI8+gcN30cgEHwgOfKiBjDShS8YmIGBTEjuZ75xgcdydoPQgevSianasZkSl7DoP/YdANyYQCBfsihAi3LJPwwti9YwaU+jULAMwZNwSL+4Wr5an8tJoqxtbzG2Rk/KEw9cHR4YLD+L89oHccfmEmAuLc2/rhuyO+hJhR5Y7f5LDIajxo8RzgMdf8330zj+5cXrMLTh8ifFazjLPAS4R53XVBp5MYIVwzgoirCizsFTI7sIKwlZZHBSB5jUvH3LPALMVW/7CyMvYs9nV/74S19bUcINN1zb/NzPfnhFmsuJ3LIZwSW+7x2zo5wodcXdqNHjLSb6hBNWTLZpnbvFVTD4lNVElP0hdJaXBsuL8wvzq36myK8nAu9xqNGb6RkSpKqLzoqgLLRttegKgWKf3vV+oDlUr7woyVbUztShMOFG2/sOEgxvVzTBhg4TXOcESiayItZTT5HDQIxJDQC0Mwx0BIgMYVmSx6Viy6FYigJUaslJWq3+EYmNq4X6YcIqVYKBK5kRCHIFlEAEnXqPPm2BLsD09gDimEpgxGMvq8JFAMhVy0AgIxw6eIzqD9GjgkqJCTocQyDEnjQoKsKU0ricz8GuHOMwUIErCSGbAaR4wMYkX1Ac/qg6dAoVbYsiEFTUJrVbHERBJmV3SEKalLZsWeoQFj3duRI0FMFEcsk3AFUUw2JRaMd+UztSfFcLRQR/B045NL4DbGVOShMPbFwPjH7Ah/aWAHPX7qmTM5fuNp6N64t31LJR0WTfgKCJcQqPjjphhWJpcXC7RzUOSf2BzKRkIj5oMsfIF/XAxkBIIRW1i4S1BCGWzEhamestIi6f50PLlzfAxGt3mi/+0Vfxfe129VQGVTveK/Yrv/xJTFwxcVeod6z41ptvQpcd2RYx1akjOGnQtXInQKbkBFRSdFQSEcqJssWLJ/tDPKIfNOdm8fWe5eUVP620Ce8E5QoYE1afRl8evwj31WZJSb3LJpRDqxCXArzAozrqLTSElLoLlpf0tY+6HEHYsrnUo3KwQgORtDcM9VRnTAGUvqvE8se5V+Qoi8loy4mgitxoM3RKDpAsMzglnWi1FEgYL5Mz0LQkBmyEkJ/yScMg07rSBgohgRBUEIKlgbQZyFifAqIyLqQdDi6ZQyMN44omaXk/qNoLWASgkA8CymuDbLSP7VBCWecolOc9qATLROTF5ZBLU5XyvCkBKoAu0y9BI43EqBo+iVpAgox+CoLIklwGEGO5tKPoT1JCCk0is6UVrbWxzdG3yRX1VB58qECOdSaqUFRCBZvsJh7Y6B5Y3rz87DgbPQI0f/nF33oLB/347+6NkzCBj/KARxwOJKVsQoaUHGNcr1c188KXUOiO2zwKl8FJbC0rCTUApjCX25wlKqt5smyiGPEgiICgFxN2W/h5wQxQDHsZDxdc7vSXf/md5kV8a3yl9Dd+6ZPNLrw65Uqmh3/Ir2PZkcg9+aUbNeHS3bX7ZTCnoCQiziKEM0CVMbvl5tzM2Qv4eg80TA2/ngia0ogxatYC1sxOMbGVEgpEuemG1yLpgzg2uY+/FCM+8XInQ9NnKShq4UXLZm5+58bRGNsinaiXYIU4b6EujAesTuSLgLCCp2080ztnuxRTR/pByoOPw0JciiYPGcNsrmJGiwjHDwOM0HGpGrnueYz7ovEuU8H542F60yb9iFAZ9U24R5Jf05nGpXTeN8knwYmjHH6dSzDA9XJ08PJ1ZKJHvgnvc51mHRvxCgzJh2ARnDCHBsFYZYRnm2m/mhY+RrX1rQJNOiE9ySCTZRJxix0yADP4tdtL/4Cq43f6TI4lf5voS/vbudRIJT2bujMLelSQpDOKKTAMjGMlQKIPKbBaGDWFbGy52UmnpkFoHFcpkhlN558URp0wcYupop0UJx7YyB4YDOb/5s8eHHrBuk0uASZOCBzuy1fuJWu2aIPll/zyeP0QDy/mtD/565ZjmF3cAdR1MUpx6MlBUHkZxsATI5IhtZC2bH6qIyU2TWrkxSbmvoS2vmN7N4j79sMnWtGXofTkkyea737vxytK/tjH7m1uOXrDijSXG7lv10Lz1PGzqab110i9ifacQr/T+9GvQKobahnEtqnUKpK5c7OrPtXky+M4v1+GDBrLu+UqKdLRr7eKVymVSZJ0lFJJos2yuxRI1KYg9bFJT8RfTNwBD/8ED1cstWppedbnvIhOgJQXYFsIxaqTRFUGJrkp0uBoaJhplIMaTAo0SMMOpQBnLCu5QGIAuPUTSMrDV8AxhOOATE6uXWoPGxSsMMDjOzMVgDHM4xPd8XogyuBDNiCNYDSDRwWeWMGeymAx8ggeSxCp1w5BL2RMQ4YCRj41Dl38m8ZL1Bl8yk5+7hJmBQbmQR8DYj7druOabaQRykDFVUtUBQFNIiLnnu1nJj+qip0gFpO0wRt+SDlUSF1ZTUIJLaAaXYDUE3/k8fEbOdoHOnUpxLdUlfTS0OBVVYLCnJayKlF36mffMtGH/KcO/lOpZJlAVJPdxAMb2wM4hJ/7/Oc/P/ZSLUexKun9eFV9Uly/B8b6fEgkxpQcfirUEi+PIxYQkr+Ng6Tex8gUPLUAjlF1nXRRd84JodJqYuca6Uql2bGzG2A+/IMXmu14uOVypDfePN38yZ98Y0XRNx25vvnEx+9bkeadQJ49M24llz2AVFyI3mM5OyaKdS8FoSedwich7c7iiF+cn38bP366HdOSqsQHMrbke0QxOT+NLQ0D2k+P90aAnohVq7JJEz1KzmPGLLw8nHy4kV6TKslFoRpKUSOIRoahhMErGVjy0m7chxgwsQSJ2F0s/CEklMsABq0SKRtMJ83Am58kTFp5qnLTExdtAIc6lhAk60OBwVBJ6YDMRMayEnIHTpIvkXm8wCIGbzrT0HZK1Eoio0AFe6Bj8IdwcwpDxRSCQa56Wp4CT9jBQE8bVjJ1NQK5XpLOwFQRJQNBHggMUmOVkpe3FdDyI09UDDmxikkeNJXtU7/w/lDaRbIod9ouZrUs3ZPyUOMfv9deEouSg10nBU0EopVv5VAQVjIMor1USE7BsFNsDgWU3rUxlAUdy+IKuiwTFlCiU7AEyeTYmQC6VSRdIac9tCFhpBBRSDZUSsU12U08cBV4YHn85XFa35leUBm71HkVNHWjmMhhRwmDWCkbxskCg0nCUXOcpifL9fMdMFwoX24QYFaJA5NGIQ5eMRy1o1qikpzCSWEqgus6+TXMAhiywCHiNEuDc8vN+/g29154vhmfr7/UaWHhfPPFLz7YzC+Mv/K7Y+f25pd53+Wway+1OavKe+i7L2oeGybMHpALw4+xUB2TW7tobR+zF+JPsgjOrujLJpgT5czZM1467ZOUenl6nDyD6WNYpio4FiArDejCO0SrVNwCidIxinYA6MO1xYcy1ttjL2DR1MCEOpZjI674xuAgMolrRS/l86/wmUL82KUc+VLyA2QBQuv4oocgBWXCTG9xRVACvBpGSrafImKDNZKXipnVKcElIFQdu+TXfYv8rYnhgaiwI2QW+ehCxIYIIA1nn4YA6lZwyIAQf9N4EgihJmyKjT9E4vI5g0pwKZilHAargKVOBoMYmtS2aCARxGYCLUcW2ijdOgjieGBdlGob0Gpe2CNycoBAfQacWKMWskQUlhT5Ziw5tIOEVPEDOisChl2UH7YVppEF+izNF0eOmNGGHkfYkzazYkbKMC1hrNMWpyy2XgCgMJhokk88sHE9ML08OL6SdZ2ZBcf2JMBcyVs9HAaxarToITtV0CmyrB7i4c//0Yk/ctEvyzdxrKnHI4/QwcjBSxQppRXXh7LO1FJEhfyCcSdFoBQxdq4n165d3S8Rfu/7T1LkJU1f/vJDzesrfHOZg/6v/I2fb3bg3X1XOu3fPdM8fXzcU3F0Ip3qPK0FKDyee/mauJh8Y0/fJ2uyRVaIVT03O7vqC0L99R6IO4MIQje0IlzoCqpXNTv61laRqThgOX86sZ+4lYmWSBGQqCJMb5iPx6OwFMqtl2IijuM+KUXnFU7xUG3+URh5Qqb5WqGEC1cKLS7UC6tVJ9WzHSZv89CooEQSA+NmO5dPdF6FHrmkbmiog9HQlj6kZPFRroxAOzB0cOOtjEqxNKe2koQBo4NVBZaUhRFFwScDyFyVJI5/0lV+fETfpQnUXvQp2NSMQS30bDFJBXo4YNl+GpeCwtTCQQwSoOGEqGJPCvUtC0jqP9AEWciNSkgMGtCJgLZmn4rbFdhFcsgM+amDMJKEcHGYjQ8ZOpGHbYsUfS1BCaGN8kYQgjI9Ifn2SRB7BTNZw6BSmRQmHrh6PIC3Tpz91lf/t+dXsljDhQkQQkwCTDvjonIvS64iBLMExiAOS920tHwUT4duM5DjFMdpJY9zGsYS1kWMqIUSjXfAShQGVeUQHL/2c2AOIEfdVjjK23fs0AMABv7Rnz7R7Ni2xnaaaYWcNrzvfbc3P/szH2puv+2mZidWKvvpZz7xwebIEby5aQOkx378XLGi9E2BsFD5z2V3ACcgluFrujsmuOwH4khfjgx1SBBLji4rzp9fWNgP4AppEG8AIAWeHkeQUrRjmYplwLXnLuqlegEFNJ4Wqh0piO2JYwpQHl8Jbwut/JyugWonYvpG/hGfTbMc0oVGTesMttA08aOsezStEGQhVwXxBW+rX6UQJ53UyyorFiMaIYCp2ptsohNLlkjKLVIpBKytSlFoMS1y4otg/tKExQoY0VkWjPbymOMmcWg3CwyK9KlJAoUI31B6eE0e0yqagmH6TYcF8KTPF7nHMzghkwGRglUdKyDCf6ubFUrnDrokhDawnCgWcivHBVmUwCc19AL5gpTypchySEY64EMqCdAWANUOUpsARGFH0JNFcpHTdsnQjjIAkGyWI/m4pVzjjVMdFXqRrN7SesHJFRuhrLCWSXpRdl7ApEy6ijzRk2zigQ3pgcXB4EmcJzrMxxlYXlNEggcf/K0zH/r0b8zgBFjx3q5xwt5t8NUe8FmpvXD80FChRcwyklTBWe/yOL7ccTuZOQ7VvSdYR2kf0tZdGsdPuExEgbRUpoHTo6aAASeaadfuPc1bb8ZzYIv4TvLSPBfFrhfuYne05Sge2uHmdGbmbPPKyyebl7CdX1hsPvrRe4y6ovm+XfPN//1NPD1uH8Ea9nZv3kgb6x5IEPkYDMHXwpKXpZQXmSuAFxGELTdnZ/T1nkMpbWTGr/fovYbAIkg51ieCpJTaRpl9mrXWi3k8huAI1mVpOqQ9E6JN2eqkspbwBr1ievvTXKYc4k8DHCyZTsEmKoaHnNLwWNUyMfNU7PaY3h0zBKeB4OnTBaCiTgLTCcNdaaAxzIFgwMgcskWb+zKk2E5cry4wKOVl7kjJzwqDNPJDl0ec6CP0lfQkC7IQ2/o/AakDMtVe0ltPWEe47Eh7OedwNFEbtA967kM3CqTI9pc2SD7sTbEhh7TUGDIYAGbzQRcwESRv0ApSdqYPu8MyKgk3h7JiA7mIQyY+ldN+ZOR2r4S8oga4NFygtBig0EOBlEkhBFI/5bI90UduYytxUpp4YON6YGpx+YnVrBuaXXDZ5KXVmCb4C/EAhhdFlmu7PE7JuIJ1C8cgpxiGOBR50DMGg5ToSMGNKfKKXRDWxV/nHOQKFHwpQrzaJSwHwh1YxdyM1xY5/f4ffBtPmLp26fNdO3c0t99+s16k/ulPf+TSK1inxKePnciO0DxRpNBNclWBuEDHugeyCJAmSM0+QRdU7lP3jWU41/sv1TuGjMr99Dhw5wdTm08g+hgmW+XX5zDDCEjnQG2nXhrI9qhNqIiMOx5zvbqleoI13vzG93OviJFPvFSKzZfMw4NUFnBlxAc1CtCQHRYTf/Ij69gNAfyTPRZCUvCy2iYhUQ2ouNSYALldgSZNt4V6p6WEAScDUhSr2Hio6HBJQboUrjaEKPtDq3AUkOLVXt5LCVrylEQ8U9KxKPmSaaSgQNAIwLiVhqD9tMt/CVcQKBj9Q/pQQV4UxV9Lj3LKJ7plkGmtOgZjYgcVuSiNG8uJKMQAAVfoQ7HIRQJy+lQbSesEJgV94mEZdCkeWSYCUeRGOtEGqoANg0LJIBplkVMHqrEPvsl+4oGrxQM4PxZvv+7ap1eztxptghSPl/DFfpO0igcwiHJ86CfAvE7QR42ojyDF11n242Z6Xf60Ag5IHKBKQplVgRKew1aSJDBrHucK/wgq8XPk1ZAHfolIzoQTtndfe2X22Ik3m52b+aLxn550zZ5zzZ/95YtosH3FttNZchgrI1LQdhDpWsLC1TFZS1KKKpNPZxYcLM2fm1v96z3b4kX4uG/uWSxhtk9NDV0ep/CLSVW7eZxogzzkFGzhmqCrujSqsUEb9ORRSCKfRM0SxNHdmb8LRZAEzrpZNZ3MpWSaiJz2Qltm6gyW6zrFJxu5WE2CKIoYDJKJfeSJAyMhARWjEApo067QR660o5AlAWWwmMlBYNhOYNA5gHTgyeNHf0ArwMlBhHRlw6pn+UPwqXsyU09ITfnJK5QRMJxFJtkSSiQ7WwN8BnlBVPlNGGCTNwrC0x4ion/CdkWClIFENa0/3bbAdfeVP2UodsxVbvOuDdabbWO/yhZLJjVTHx7QwBCLBD2Rhx0sc5Pvie8KpsSgJ26SJh7YwB7AvPLMF77w+fnVTOxcIhfxFFYw+ajgT3m6mMvj41yHwcVDGweXKNfvxeQlr8XmPTHMcADW8BQDahQFISPHJiZeFSMdB+XICSVSVKx0Uh8TVDGYCkd5EK5BnnIKAwrA8bU3fG3R2ZkZyf33f/Tt5rOf+9xPxSHDie1rD+GqgHzE5sNPKLdO4kQSMPcPsZHoSCY7NGqC8FBgQKRDwr1uWqrLvoWyuXMzp0DRRvmtmFLi+w83YVPC64kSUd5/SfMDNvT7MkkvIFP7kz6cAelua8DtIpMWrAvmSzEKVlhO+Oy5c80sbpfgd7W7yRID6po9GMcwG2tFLXfxafqWGPO3JfYlfR/J+H7ddqrdI+g7AsBMmZ3Uq3boO4RdO2oURdAu5pbPdpfzuNYpwkqpi9kwyTIsZSKjYOxAlHR2mP0sGu3MHPpNbryxrFOkqHT8J8CEVBQEqTsRCQawBRQeF4ij5so6g0ySeXFNiuPh28Kw6gsZW/GDbffeXTqvKDXkhnztwdBaAwj+ox+iLECe36m2VWKF5ME2SRMPbHQP4D7tVS+Psw1DAebexekXTzXnN3r7NrR9GFg81oSduseyNjkCeI4nhObXe6I8WLzVyxUEcLyp52tKVh25GCiACcDQSo4aw3I7atU1UxmmOuWYvzSj5aeSPXv2IdA5pwn/B4++3PzK515pZpuN8fANXXG50q7NrzePPv4mvJk+ksPCixFYwnNRVV73W2sTCao+Snr1OWYX8lhG9GPle3CePTuz6q/Gbfw2eqYpfr2nvixqRHV5HFZ3lZhmDbnNF6kb3DYgwGuQQxIHlpa5sDDfvPjci83bp94eLcGEPesJrkEdMlTUWuQ1DRWYbrSymiI53c4x7e7LWV1+n8M6K0tHCCnn6wj2IXIBDKVcl1vmPkRUfWBLPra0kl1isv9UqdoYyFYudQPdIW+xZbwa9UOibt8Qv1Wm/L4rCjjbzpfT33T0pubQdQfTlqAQGrJyyUBiWO7a47Gh+sHi4ybbIv7UVTVvUpx4YMN5YMv2wZoCzKEljAcf/CdvoTXj3r+y4Rp6JQzCRDhqGBgBA93QYnDyDsERaC43WzAq3RBTX4Qxbp8HxzoA8fjYDr40gRt5iY2VL+Y2rvCICrvMjTeP+DloppwUCwCebMUn5PYfOADO4Prtf/WXl/SJchm1wXb7di80v/v/PCZ/0Jv0Y8wP8BAK7W8K+iT8wj5zv7XNiX6hZ7VlRrw4saNcbdTGMv7cg3Oz53a0skaXtm7LJ/AHg9fAOCY6G817oVCaX1I2WO0oQBTcRvqpghtcGlzhzp6dbZ56/KkMLgtlRVHJ7UKljiDbIW4rRoVnIGHFLpbXlHp2qCpJwe2OY43lXjK6J6VH1a+S2sb3cVkvgkHb0ztsBXlswcpyO1TDoltjTMi8Sjxu46/VaBLlHbvJyKPcNlWULlay1YSst1oCEFKG5VhdLUZlyjd5hbRa83EF/fixZ5pjTx0DFbFBwaNapQSR3jYUscJhJ2GhLsmLRtISNkkTD2xkD+A4ffmbf/zPTq/FxqEAk0x4Lcbza2F+t9K8Y5fHawfytoSlpTsxAPFNdRWGZQxgGHk60KxwQOK8TnwMXoIU2hiwOQS3KSRGPahjYJMIUBY8CuUyD6FEZNqyZVuzZ+9e1d5482xz4pkfGfWuy/HlvOZr3/hxs7CQvwqKK+BXOF5BpCaOqNsB6hNUhoNMUtiZbc/wd4t+uySKWcu73Jw/Pz+DSW43ucclPjm+ZWu8IhMX97qvJzJTOevXv3JpUaPyOI6AUQE7NQR12Na2dpiTxxrby9ftvPDcC83ieV5JIYcFSOAw4xiIqcVdKWartaXksLM9ByiuIh8jvaKi0dzqVOqVJDcDdD3qmnNEuZLBYrWxHQqYVxBocgl2RbkrXZWEjkpSUSPNXrWryxcIo8WfBHVZoATESFVjUTYO+vI0CynW31UK98RfgMlcGx0yhCMqZRefBlNnb7JYYR80r7/2RvPqKycLC49qbtKiY4Ea8Qdjaa9USAh2wNdma3wtx0pH7aQy8cCG9ADutfrJWg0rU03NsLzUtC/5qxGT8qoewICh8aQm7C5WRs3jTl4eD/LB8m1R0FCVIlyOYYxAD7K1Io1rGsREUXhj2KspY7il1BrqMnPipBU7D6oJCSYaAAq+tsifkfw3v//dZs/Wd+cDPzOnn20e+wkujefisyYOtD+6Oj3HDFvA5L2hmAMUmcJ/nR5IMSKwHlQ8QZFjZmZm1SsLW7bz9akhbGp6yvdf8j4yGQVMGAcIU1tX9aJ21BqaU4wAFcTNthY0jtgC1oHdNCdfO9ngRfKVtDTZfMpHwCpVJJF65EW++Nqd4WLrGBK8xrccY0om9EmodhDI1DMqgGETSEh64SllIstDRSJUpg3WXwkfbQXYpJ+7riGskYdbjRWVASYAjZKViIgQE9alII19LQD9hMWEAABAAElEQVRl2W2+Ki9KYY91mNX1WmynbGNI2Noj6a5aVoevrZgseELec8efa5awolmrV+hY2sAfS7EFB7Rz6EfFbRCv6au+ajVPShMPbDwPTG3ZuqbL47R8ZIC5aevyT/UK5kpdiuCiHlN6pHUoCToNKCNeT2Sy9gEfvBIOz70uLx1tBVKNhyZC63JQGcLcZQ1gQoeZXWO7NfOY3xqZe+WzcGhULDVRcELYt39/s21bvBP+n/zzP2n27Hx33b+7a8vJ5t//p2dipq2bT5/npKCAM50ZsPDgSCb1jXdVD5QJJmCehEhJCCWemz07dM808XUqrycaNGdxKeKlzv2XfoK8uv+y5r3YMu10iySrB2Cb6naxUtObnPdcsr3dH0fE2q8u19x95WGLKcnpRFjhBMLlWrph5lk5T4nsw9KPIzj6OCscQboyKK1LtWxA/HwAF2F2dOXsirQVPVI/KSO5ZDLXLct00mkkgWQoiX1sjlztTxzhgaPbUkBlc5BZMIUG9ViSPD44dsX4VYwQb20W1Q3JMYFV1uwoR8AYwMXF883pt+LuE5LHTyULICBb53Ylf3CLobS5tL0gJ4WJBzamB3Bevf3wl/7Jml9lOTLA3Dl/7Us4Qx0GbcyWXiar1nl5vBpZhg3jWFagowJUXh5fXjqCUar6fI1HObK67LwW2CuDPMY00Io8+IOT+9YU22SIsaaNPPklFBCOymJgmaYNcD/mIVyW3dqcOj3X/OEffqXZtjU4Lf9qzQ/sOtP87//uMfnRzVej0WY2PfZeyUSb0z2eMJyz/XKb/DbKGxVCsx4nJ8CohyjIXVxcXjg/v9rXe5qmfB4Sr5HAhMiO4NamcsaXkKTFrbPEF2Zz66d+m4sxKgzT54HbLMzNFVExTUcjIrwgKpwyQkLhU4FkdCMy0xLkJDQRCSx0pWDKyMeAu0Qr1dSZIOgJ6lVXkpA4WR5l2R6BevSoPbaKGPKNVJzOSHaTMLdW50WDASYuCBYIbBPPCZPVbLHyD7oRx1HLDQ4wm6RIpqCSavk8Q42sf8wEJ+UUGSy4YpYiMwo6n8kjAwbNvI9TwMhSixCH5RU5CVBGO7PfUt8QeeGbFCYe2BgewJWwRy/EkjLd1EwPPvh5LEMN1hyl1rw/veUR8fgqT493fbV8+4ghCiQedupRrx0sPbBx7iIlN89jMeoFfzvQUmstK3kIRhJ/J1+BP4mp78DBa7GSub353iMvNd/+5jeaTfk1Qgm9CncH8K3x3/m33yuTWfEp21J8zSkCfYEJhxMk3cG5J2gDFgK6/h52RzqSEnLykjDJAy/+sXp5CtWR56vlbebXe/KJ8cFg+mmvXuryuFcvRRxi2IwVBVrwCjlbrXaDph9oGj7ETnfQSX2CdDJuGwk3JKPIyUJHIFEjWV1vBfUE9qrByz15Wy4JA631uOD6CDGSseqOfVlvZrDgrPeqMidQfYwF2CLgWUwO/B6JS+ZCV7rFJsJS0mGmWmEPWyvtltu3QuLJm4Uiy4QmaFVak/qsT8Z6BG1JZv5CXQBBAAaJHpJvQNDHcVLDyE5tkdoS6qwYYJakqzOiHAwvouGl7bAoRMSxKRE8nvXPIzXHB/ATlyMHG56HSPDXuibliQc2mgfwCrwfXohNY+cXzFOT+zB7nsQg6CGoh+lXQTcUbyav4b3L43iw4baQMk6FhrZU1A5GLrUDXSHRgOddDHsc2GJ4a3WFPg2IyToqC74IpjREavBMW8HM6jUHDuKezF3Nlx98ujnx5Peb6as0yLxm95nmt3/34c5DPfIv2qhczrLfwnMxQbo3ko6+ThfZp7XbDIs85HRhbW125oyPnBbYK23bmp+vHzSLeFDveA9NU2DgpVu5pPzaapbruvX3A0/D5ZvaP7WAGp4MPAb5RxQ314u8giGksmSkrGEuBWgVK/u69DfK1ttyrrE0vtMlwM1WnnpCsjHj9BCfqWpjKXb0Fqg5ujlFFZJaL70c3nRuMte7gqqaCSsQiyGxCwzSZCh2Rw+3lKnRikGuPmoJeiVLjQCvRQacYqhKfUxkJbelHS61wbAZmDPVOcppXEsfVO0+7IgDqzakpZiUJh7YKB7AD6tXvvln//SCPsQzNsCcHgyOb5SGbXA7cpTgYMXhaoXUC1DLAz7Ly3vAhff+kN2DVl+Occzj13BQxKBWxuSUUCwBmtRe7QkDY19rqCGUWNdJF3UHUBloCoidiZHznsy9e/c1X/iPjzY//uG3mi2bw75a10Yu7976RvPPf/e7uIEfL72XobCfPmSFOWFZjkJQxRRGT+MPE0tAY46JPiXEUJTaIiX2UvpMNNQ/WJ5fmItH9nuUdZUvg2bC0+PP41DkdeYUJHC1q4LMzspmRXIBRbes5Gy/JlfaDn+gsfHd5RBqOllXW1gQXeUk4WZ0v95izFcLTWajRuRFHgrUUZIVZs4mMZk+amvYF0Zw1uVRrNBl+aluFFUP1mVSoCxQSqBO6bXkHrurI9Fs/HCqoSrXvASYgPAq8fxgcm6Uoa5HbkEW5npQq4adsV3etkZdrT6em+SPzd0h6lp8S9IKypL0idEMHA/TxZBuKMkphgDqd5jrnCil1CVawyb5xAMbzAMIXy5o9ZLmjw0wD2yZOoEz46fqmF/n/ZdjDwMuOcGBHG+QYgGqrQeUn8BZHizeGUMR3e3hya7v5+QzLEUTAhA3Bi7cTEFqJRGwFEFQALkPypqeUlmvYXXdgyUJYuAmh7em2Ymnyw8eurb50leONV//i69eFe/I3LRpuTl35tnmX/4eziH1iduGpiExaJQ/6FsW2FwmAYPWfuHvDIETF3TAFsZgdl8J39kRD+bknz83e2p5abl9e3qHNirTeDfppk35eqKp8vUenODVOayzvT3l29IIgRcAwqdNZSrNLRsax1ZoA76+R9M0haCvqxAkIutjwLXWZLBmczjvK4p6n1pQsNBz8p7ZQcjiRSWdnKtISX20a21phLwEsWcccIbxrVRzOZcuogVgoVSKGS13AYm8sBDMioWOYmhZS8maxMbzROeK0RbGvC2XczLJhCkklhjIOBqjbAl1TeqA6KiliBH2FxUS0Epj19K+wIf+BMls9UVStFwAkEjkHSiAkzTxwEbxwGB572D5kQu1Zuwc88d//M/mcNDzo8uTtKoH6quXGM4VWY54etxy2svjggyWmtuMigGUA42GpionhUYhFpDasikJ9diseYxUNVJl/pJmcqDJmjchNEAGTa0lykERLBwwRWdicmqMXG42b9mKL15c13z/R282v/tvvtjs33W2sG60wr7d55vHHn2s+Q9fegbtqXyBIuse9uVLV9AITUZdB4AWf0CM8v/wAndxXM8lVEJc5DOzM+d6BEPV8nJ1YXpf7xmxSgnpVUuGxK0ZoLaSupqZ1SrUqaDexl4q72uDgM5x28dnnXq4WUeAXWNuisxdDcKyN4cBNRlxFqOAs62afG05/VM3SgcIYJXfiqDagAK8gIKM7tLruLb+SucQqQGicaWVRYg3Q20uWcRmgAnG5h6LxhDYzmKGBTNnQp46SSqoSYRIGmAogj6QHwgelcDblTGKqIK5scgV7KadYUJorKhla18/PeBmdmgnlYkHNpAHMHQce/DB31r1NXl9k8cGmCTEfVzP9Bl+WusYQDT29NpfYAgeSrlH01arOLRcHl9qNmPB7EYRdVRwgMoRaygntQewNgDK4TFEmdWUtq7A68G9AMXLXR9CdsK4SRRGReVoNgdXVsQTQFSAB27P3v3N3MK25n/8X/+4GSw820yveMRB+DuY+B13voboX/3bh5rvP/Z6R3OZjHIZi3VNImilmhhNDh43vOo/+SQl2j/0UAunFDF24o7WiMCxPj87u4av9/jy+OCNqenB0AtJoS0Fak2uVRP90SprMWsqlVbw8OdxgM3CiOOmxOMEBV0qJx1SCTiFEKjsRGF4R1AhCXmUk5vJR0HE1RKEEDNGbUiObCAu+di9FlHnyV5wrg/l6R/BWabPuI1JHfIxNCuCaSRSrMKi0hGYyCAZvRcJ7WNhmJ6YGuu6hNXkZq9hIqLUOF6IMr/JQw5qxUfGMGeqcjCzeUomo0DRBCB0mShIY594ZuLpsLUiapYsx7mN0SH55OJkN2PRSxuLzRQQ4abODDJKyCj7Utkkm3jgCnlgsDR1wZfHaeqK0/301OLxK9Sed1ztpb48zgZwyCgNGReg8tvjA34THqQtNdhcubABxwOd85rbEotN0mEK5i2FS8aSxzCWBacSFATHABnDJbFIJgacl26vueZA869//7HmwT//SrNv10zQXMH9gT2zzY9+9IheQzTvL/T07InJwA1hk9pytL9iIABoU5g2AkpDW3w7G4YM91clUcXFxYVZfL2H9+iOTQNEylu2bAn8VHm5Op4Q7wWT1QM+OvFHrGyOVbIKgu30MeEgWjBOnEw6PtD+ql7uzaR7uBlHeibDoxYHXYoziLlBLTkh3Axx3dTJUYOTIzGlH8lhKRIJgvzNQZSSxRQ6I8bmpByRVmj/MMcwZFgiaBAVKzCOosoKZHoHnNvg9kuWVHQgHRV9TJHBAnlNwLK3joTRFZMGO2ryC6FOpqjqoClN6qNNhtznZQvqElPVqupaZpXaczxsaCVGiTqllw3C5nqcH9TXcvRET6oTD1xxD+CQXWjuvufx9Riy4oubd56/7tnTg1fxNgZ+vnCSRnugWpY0wQW8nggfg7jDbBp9MPzE3MjRyIkDEBNhLrvOvIU5jo1BjzhgKTLFlbJYEBQAPmrxta/ddbKxrDyFavCUokAy1GhhhRrvaNzWvHhy0Pzm73y9+ewnDzd3v/eu5q0zGRiR/x1I1+yebx770TPN738Lb+EqjZIzhrS7DWprxmoDTthuH/hVLjMb/Ryy8FxOkSd0Rcu+CZ/b/0FqMe4rQs/OnDmNrHo/atDW+y24HcF9iPyYX08kGgeR1U9JWNgaVwtaR5mCOt5j2yiHjXCDUm5HKXHZUPPXDwIlS2RmNKGRlXKTGMU8eoq5GSuGLmHUKiE1pcFFSimkkKybp09fq7r2ugP6McCHyF58MR/ItJ+ci8HSipt67rSWWnq/nDQmLXYnwH3Q0VvJMJ9B4ifQguJAamsmRF6TWQ4J63Ih7wJH1jrHU5fCykzifFiXj4iiWAbVZhlTZBAgddiN8xNJwMBzkHxO/D2XZ4NArR4QkS4dF8dnxWgBk3zigQ3ggelB8+OHf+e/XliPKSsGmHwf5oc+8xvP4WS4ZT3C3y08GDxyKOi0qMAwsJTyWl5P1F4eX8IS8tItClE14FAMCq20VOjRaAhRGeQBqqVJaWWuL4MfEKZyy9qhsGCKbEsugCxYPqviF6Gn84rLo3UGXZux2vbVb77ePPhXX2t+5oFDzX333ta8+fbOvvhLVue3xPdsP9N853snmt//4cl2cO80APaq6W5/rb4mrOEsB72a2FZFZC5NPqIL2uQQL6c8yxCT6lHiHp9MXPXHnb+kBPK5wdTmodeLQV92RhVltiouusS+jxQts0CvVqqFPEXKARgtNpdy4ElvGGXocCFbV6zFRy7hUeyTBYpQS3W5R2l0V3Lh6oFbcYnoSSvnVp9v85ZNzcc+dh/i/+jSr/z5XzWnT+NrMJVfxKPhpJKaRTfVeV/+cJ2M2bhKnP0pkEhAUw1hI+WLOGVJphghP47gYd2VavEmRV2umDhqxBg0TCB7Kvvao6e2NGxjQEfS4KkUqChsAfpoC07qtbwIFguhCmmXSUgdjGIL8wwIWZw22osGwa99krnNssOsXaWT2sQDV9wD01umf7BeI1YMMCl0ark5hgDolvUquBr4Lt3lcQ/dMeaUto8JUJeaxcMYpCKyijEpx05U6pFIguoRSMgivh4YA0jaGLBZ14Cb7IFpB0feh+iBPXJyFCpWOqmPoSXmE47y0CgOnkUOIwWOxgIxDxzj8ocefl3bkcM7mp/76I3N/msOItjcKgs6ii+wshlPhe/ZfrZ5+ZU3mi8/9Hxz8i08s0YDmeQQ24e6bKvqIuruoj0ghRCvYpJCcDdNdeyoBzoolko9kZDaqoQDoVwRDCCOJPPIu9ycX7igr/dMP4MJjdaQu5vamS7gXNmM6+TDtF3OFWtUZ9+YcJxAwv1brKah5+mYsoIZzimBpfAkIR2TC0YEdCS4c2wWimQoGQTK6QUwVBh5dKR+m2Om2iziXL/pyA0luCTtLbfe2PzwB7jyFAeB2eWLIVhipSuF1rJb5rok6gBUxO3Rkfi+fnBU5EP8bYuiZW6fNVtrB14LHEHAfqLcsWQ6JigRFEOCqTmBQLejMOFIFJopcBXAiEJEXJ6nKKlmfaPYyA+8UInnqcbjnCZz86FFMSSxu6PNZAem7RRKnKSJBzaEBwaDqdPf/NI/Oz4Y/Oa67Fk1wNy6ZemJ2bnBL6xL+rueacTlcbS5C40ax5m+OwaLy3d4MPRAJDJRcigalcow1UOaXkOYcKbU2JzUGuySpGMQiGLga/lbky07IK6Z33pUpxw31SNrbakNCGUF8/xLZ5v/6z88ifqTzcED25oPvf9Qc+SGvc32HTubhcXNzbn56WZ+wRoLmwo7ti41W7cs4sfQXPMWVoSOP3eq+e5jJ7H6l99Fr5tE2+QQ5LU4wno2dbVwcoiW6/I3ySsBRUUpgFvyOWkGHyWQpwTgiacewSr9LJ49O4Ov9yzj/ajj0+bN+HoPXlHENDXA/Zf5JZ/O13vKwiVD44v/ek/XGravm9QsgAxXXccFgYaiXLVXEmocyPpyCiARQ/gU7XOKMknTajSHtCUmYdLdx5uultHaVQmOoGaMfku55ZZ4lu+FF15ubrzx+ubIkeubRx99Au9cJWMy2yf2herAsVHxXwKo8dZao3NSUkbUlSVzfQyb2nmSRzexwq0odYVHdwGK1bXC74IFm4B1ixGuUylSDZUm+ydlUVScX5USHwDW47zoSOahrEMo01ZiKdRpYPnx5L6jZ2SvznqJkr9tqvs2NRW2IbsmgIkHrpAHlqcexjHsI/aCjVg1wPzGn/z2qx/+9K+fxsG/4oMGF6z5KmHAxF/GkcrkAoPzS1n4ziuIktcRp+7NNAzrl8vLt7Hrcnxqxas7IVbIzDXcElFT12Wy2xQJ4PCW9MCgyAGMWymbw7CKnxJiWIygyGES4U5B07WIXA6ovNKnQdUNpf1lYKUk29wWT75+rvnTv+CV3vZqL4O6vbvxsNDe7Zhgw4rF80vNKyfPIfBcFLMl2Ua3nurEIgJgReDcVBBRUuJkZwHKH6ypfWDThIfuVM52SL4IpKI0E4XQQsrwp03guRt9YmbnvDw+kxFya0O/tC1fri6tU9PP9PGQJlWrPM/XZ7ugOtvEZMvjuCMk4K77VGEwzdTSq1rqUQN3n8CIzLNhLdT0LUQWGNy3s7WADKaqmMcUx+pNEe2xFh4geN++vc3uPbsk8dFHnmgOHbym2YJPe95ww3XN88/hfmCmPN527Nyu4PPNN083r732RnP48LX4Stb+Zhmvm+B9m2+99XZp1003H8a9zVua48eek7zrrz8kPadA8+yzL+CVrrR2uSl0zzynh+6O3HQ9fpRtaZ5+6ngzN8fDDHTQz3tE9+/bg9eMbW5m3j7bvPLKyebs7Dl556abDjfbtm9t3nj9reb1N94KnvTbAdh3zYG9zdunzuCqwUlBd2zfBnkHm927dzTn5uab1155vTl1CrcE2NU0zWUUI7VAlphGkqS97tOgSl4yoJiHmVCS0YqW3P7OP5XK8RpiWgNsUCUndOQ5XR3X/sFIkOfnWm7oDoEW6/Ojb9ekPvHAlfAAjsfF81u2fvdidK8aYFI4VkaeWFxeeuBiFG1U3kt6eTwDSY4ppb1jAlSM+7swoB3i4KKBhQVsUS/cQAoSyArcFo0nhGWmHGFLmYNtDG+FAiQc/MSd5cKvgCgo29BIwiqJQS1+QIOaaA+jKEKu+DXwsgKqQmilAOTE2uIoBwkkSiTB36m3F7QFoggqhIaQrV+WCgIlsxJMSjPITtIAYBJU+8nkhHcumadS2lrYk1h0pCcTYOGKKrhM3TIxjZ07N7fqj7qt2+LzkGB5cTDVzFoF1ZTkGc6AS3R5nOI4wbetTQdYT/FCwIt7jS+A8FbNLbclILBS1gadljEqrwWRzQIAp2uNNrjtbGPANIqwQtdqdYpWekSGHUVQB+tHc/WSAdu5c3PN88+/1Nx2+9GGq5olwEx/7Nq1s3nve+9ozpyZad7Gdvj6a4u62+842nzn2z9sXnrxNcm95egR3FaClf7t25ubEDRu2pRD+tGmOXLTdc03vo6vUmGwufWWI/jK1t5mfh4PhN59e6MfJjDuGAJOPiTKYPf+B+5B4Lu/dQcw78M3IB754eMIVl9ScHn3e29vZs/ONl/+02+ETWwjtg/f/37I3NJ89zuPCX4Eweg9996Fz8WW5fPmrrtua5544ljz5BPHC68KdBBkODlo5HFFlJNIfMwQyLKA3FWUKhIHuElIL1oWIvm4tb5WQpR0ZFNEiir8RANYUYV6y4feKAajTe6ehhRcDFHBEhM6yTagB26+8dCOu+68ae+3vvfEyVOnzqzrwZcN2KyRJuHse+yHf/K/XNQrX9YUYJ5fnH5yMHh3BpgjPbsmoJclu8RdaNQ4zHSpAFg+fydiTw6B7eAU41E18OQg5CCzDKi9kakvvIxctXAP1hjGkl3jb1U2dWtADHkxXFpni6XthHJz2TllOYjq8IsAHMzV+lYueTrJqBRKOVq9LH5otbWl1j7Kqm2jTtK1gW5yMQIJY4Og76DoJXJmCr7kBiyCLHpLNlZUrQHpf+gpK3iQa1VhGNWH1Ln5uVP48bPi5yH5sMimzfH1nmYwverlcZrVTvdpJLPuzFchVi/S2pIcyel4LVAUOlQFUbrXTqj87H4jsejsbFQszeqKQBdM4LoVuZ55HN32uZHJXPPUZZONyN1s22W2TbiF4SZcDmd67rn4dsVzz72sAJMrf7t27UAwWX+IIDgZaJ4/f7751rd+0Mydm2/e94E7mgPX7G8+cM97mldePtnwC0p2xq23Hml+8vgxrTju27+nueeeu/BqsP1YubyhOXH8hWLtffferSDz2Wdf1HE4exbv8EeTPwB6BpdnZs42XGGdRRB8443XNu95z63Nffe9t9GK6IkXFSRu37Edq5X7mjdyFfMgVmMZXDJ4fenlV5s9WKm974N347AaND967CkE0y83O3Zsax74yAfE/9prbzZvvcm7P9Ksfn9lo0aeT6UlKPB4qXwQzqBQCiSuJRbU9dRX93+gaoKEINNhyWryRd6phKJkt1wCgwrjQh7b9Qih9qkN1MHxIQWEtMl+g3ngb//aJ4/+l3//c784vWlqeubs3Nl/+D/8n//h8Sef5Vs+3pVpafP0ty62YSPnm77QfVPXPIPvG696ua7P9y6te2RZpXk5zTjirC+d41IXVhVuY1CjuZ0zkwcnjzHU4rKGKVSGNJvAeW1SR0AtrBB5Xid3kYBCqKn3ZukaUHiS3xqZO1AqHBpgs+ZyMaC2IKUWxko4YJTLwVh3E9pqyGkH5+Ane20f6x2RqpgCOYtmEnFWZCtwvRTtkzVaIYsVypgkavbCJmCpSZ8DTeatK8KQszMzXI1cMVVPj+PWS7yeqJegMhu4ptO8x722KifM8D5U8ThWlOXGOqcZacpKYukEO0IcFQ+LKY5nloM4iSOuIhWMO8NtBvkKsohLCDEkZDKj84CO25vKeXFDAng5ehqvMmCw+NJLr0nMW2+dbt5+Oz6McfRo3Js5Sv7Xv/ZdrFa+qmDuB9+PV9HtwGolg0gmW/z0Uyeax39yrHkTco8/83zz8kuvCn/jDe3qJwG8VP3nX8GHBb73o+YHP/ixBPCS/I1HrpNPKePVV0/iUvfbzeM/PqYVVL5n9Y47j+JS+rwCWMrhaqnTTTfdoCJXYrlaescdN+scfRWXxJ9++tlmHnxv4XL/00/GLS+HDx8KVveLBZXcnmRP8AiLdhrqXOQ6PwlhqvOkAjMPKfnJgoI4yXn8RoqzmUSGRK5DMuWoTDC26Gcf/ZGXDgFJDB0khg5kwcu6U9cgjynGTvKN5YH//Fd/9iMMLmnVzh1bd/z9v/OZezaWhZfQmsHghe/96W/Gr+GLELummYevK8Lp88xF6HlXsiLQ4QiBhOmOgWQdRArcmQZBojqZcOFocITMGm4I1sQcg5KHIOUmClZKzUQEE6lMJEDuLKXGGRYcpnYrWGdZAyHlijz4g5N71rvJEGNNG3nye2SWMmKwBSqVWmZKC+ZWXbKICmWtZLJCeNWAGKTN3KrosdvdElf41Q8ps7Q/SNIpWelmbfu9PkED+Y9dttHNFwB6WpP5I8NE0RQGnHNnZ+Pad1dVp7bV918OBqcGU5sYubCZ3VStTkILlF2ap8dbJRDJ9mCj8o4BWYnMXgoa02XLg49+aB3TqsiSAzedKhYAHGW00ls2ieooaHEsUUSI8T6DhHESxynqii1yTX4Ul7GZGFwStglnP7fnn4/3YHKVEU9riqa/Y1Aqn6Axb5+eiVVLEO3AKiKT3XAeL9Rlxc3VvY6i634E6jmsXC7M51oBj3fw7MWKIxP9+gZWF4tQwN44yXstG9xHuUvg4ydiNZT3jk7hgbJNCJwdMJ7ACifTnj27le/du7v5zGc+1nw6t9sQeDJxxbbWISB3bkwBRIFgbvancwGNFLbH6Go007UQZoGVkOh9IpiohSkVJLgcUynTYmRTHrv+4WhWykgU8vY8UQnnemhA3g4SoXqyn3jgCnlgamnqolcvafqaLpGTEBPYE8tLC3ey/G5Jq91/iRPeo8yam4zBInli6bKttyLwkuVbsIa5hSOLggsOVlSFEZ65BAgHHuSW2EogBRFOJjJMEhJZw9pyDGshmuMaB0CNb+BSmdxSQyT/VUmZdbk1kdK5GRs5BlfBDKUIl5E7WrABRAnPHIkCRyTZA1wEmq3WII9B3FrI3i8TIC7u1PCkaEUlEwC0jduYRBYlyYyAi/6ljfItkGI3oeiSBxknFk08xGNbWl7C13vO72sphkuk37I1Pg+JHytPm0JPj7cVl8bm0G2rxtKsjGj9EqvKoFafMg/OPKJRsSoiWG77SZRpSlB5H3TEB0SU2lmN4azXZ6zhtqPljJItJx1tdL3V1ELEUQR2JfWowk4ASc7LxftztZEPyXDrJz6kc/3hg1qp7ONUr7poGS9oR3SqFdEh2jSE2SJWEpmw4qLcu24ToraZt1mgyEvu53CZ24nHMO8XZeJDP0yvvfpGM4uHfrbjAZ7r8EDQZtzzOYVg+XU8+MN7RpkYeDKx/hYf6umlU29WMJpgBzrv0ffBbkMcPeQ3hfNKqIkp02jnxqne9n+MjTFuBQk1tTLZHcnSqhZh0GhMhzrVYFt7iokIvOSOEaKYFajKSGImaSN54P/94te/XV8i/70vfOWRjWTfJbNlMJi57dqf/9HDzfpeTVTbseYAc8/y+Z/grplfqZl/essRPI5vf05zJqtXNnF5fHl58Q4NMdhp8GElxpwycGkQK4MO8BqtmIOQtEPJxCORoC4CVE51gEapmsNCMsg5bkdLYoBNyko9IUwx/EZ59D6G0xhsxSXhSSvTbL/5ba/rFa1BEKSVMwepyWI7o23FtdnSYCaN6CiDIDig1ShMuCzIhQ+HgKpMaIFsp6auJyhPCeLUn84JlIxCEccBwfg7O/M2Z+AVv96zFcGlJzI8hTf66z3Uo+RQzPVLmbdtsFRDFHCmK8PJ4VIeTUzlmMha9oRJASVznYpkAetgkgBjS6HPXosivRnYL/hryVkyssckeEtJ7EjKBN6Sl78XFhbynsVWHqXsxmofgzU+7MNL4SulLVix5qV2ppnOPZstl9RitxOXvVeiazkQCOJpcSZeCt+PVcc33sJIzzrk7MeDQWyg7xHleHXixEt4UOhWPQHvwPPZ48+Lh7u3z5xpdu7a3iwiGOY9mGMT5HZOJdSVOu712JM5GPRDAoQkF6n4zNwBuoJ8tRTnf00VEm1M5D6PRQeC9hgyHY8jl4lv7Srnax4xpGqxqIitA6nNmZSvsAf+4D/+5Ylvf/fx33u3P+Qz3Uw9/IUv/F2+muWi05oDzAcf/K0zH/z0r5/AyX30orVevQLKyIHBopTVHL2CaHzDytd7QLI8NbgF7yjS4NrGixCHfw9zGqRYxwA1aqKO0agejGyOYa7bJtaJC7j1BAzQJOd4KCqzoxJXWYM/wFG2ZOY1hPz9FHyexDPQpFI5IDmCCDApDREu1wpcNr2VZT3aFsM8yx7yqcUsLqveUx+zBjCayZDbBnrGjrLOKrcm3Y+ZMmUL2ig2spOeO+KLLFtI8DKf0u0uO5Gnl/z0OGTMT09vfjbVFSpaHZUQxbpK2rFhlyqpRRKmYxVtKiuZqcK3M7BHRK22py+CU5gwSh4zZ+bOrCvN70WYHawrZHVra5hFVnlL5pJzE1EAN8DZd310klkNH8LyiuUxvEboxz+OhWbjSU78h+//QHPo0AE8pb0Nr6bCQzdV2rFzB96HGrfj3n7bTcIwWNVDMhXdzrxkThBfJXTkxuuEfeXV1yuq0UVeTuf9lVxJvfnoDc2p02ewArrY7EawyYd52OTXKjnP4fVHd911a8OHe3iJnJfcX3rRX8ga4AGk1xq+LunQtdc0vEzuy/Vc7bwe91++gFsDlpfx65uOoA/tEOf2q+pRiaOC40aQmzXYk6GcT2xnwkoOSJ6H5XQmWUmWWABZsJyoctg3v80NtRWdi0kQUwVaUB2vktNpPOSLz1L7dkzqG8EDz77w2lluG8GWy2IDbvbbumfHw5dK9poDTClcHvwIZ8HRS6X8Ssq5dJfHMWp4pbJuUD2atHB8+OT8tRi9dYe+xhPsYtxRzRWMogVRBmJSaPgpBdRU5o4bkwcoE9V5UHRpg4+DJpPHaA/kAcW+EJDbgSKxyV8Ii7nFopbKuAyowBqybHNS0oj+KJ72lUmpoy/9AJiCOxBR7rCVwURR1qhyVlQ2gPrVMciJr9qPSiUhZHLP8Mlag5V0kWIlAxQ0lSI7BlBi0i4PFhfm5le8PE6JvjwOSSfAyV+bCCB7gWN1/2VY0d3DptbALmpdte5vLopmY8MvEgjzBM3Gu81yb2CCZ6z21tzwdZdQWPuVqCQXKEzpMvRroFf/JDzDYYjxD4BWfxwPtbJWmKluuPFQubTcvooIZiUbs5fwMM55rPTxnkyudj7+eAShlvaZT3+0YZC4DcHfAQR0THz45vx5dHk5iPhKosPNrt07Gz4bpsAPl715KfsZPGSzWuJK4yOP/KR5AK8puhkrqYfxYNBpBJkH+MoiJJaffgpy8sCdnZ3Twz7XX39Q+BO4L5MBqc4T+OpZrHDyvtJrrtnX/PynPqIn0HmpnfIYkG7CZfvjz7xgcSWXMDtPlf7O/dCFm0UfsSKq1y0+L+OAiHOQZORrSS2FmEgtX0WVZHRFZ9hH3f1KyToXAFMX+TSTGApo5YWmgHEfVgV0sp944B33wGD5x1//w39c3cNycRZoPWOtIvbho+drpX330nWGlTHNDBqOL32C5cUm7mMlJkaULhEmYcUFHK1YJtZ0fWmE92EirhF9ghQmxijXFBwLcx6RpGoO6+mKYCqAlNBK6WuvNRZ/gDwm7pqVykmBXYzMNZKIxCOnOgsmvDIhw5gkaO1qS2TosrMuPHeaEFQIqGcOEVRKPXGQOZP6y74AfTtJoWyRSVvUmB7w2dkZPFWxvOIPP94zN+2v94y7PF7O7Cro5AM+lzgxRvXWFS1ndUHwY6xu0ow4tsNfJgu4a+NzHnt1oqxMFsGcQGzsvi590iY+a8rqLo3jKMSEBDM4NyekE1QlVv3uSz7R/TYuQ7MnajLatIBA8fgzEQRy9bAbpDfNcTw4w4doGFxydfMH3/9Rc+wY6HkwVca+jAeIeEzciJXLLZunteL41a9+C1/BwrWTyq7RxeXmxRdewTszH1YwyHdp8vVJfO0Qn0j/2l98B6owplWDwbP5sA/lHfdrkKwIpv3VN76voJQy9u7b3VyHYHRh4TyC46cjuASffGEeG0agN8OqnH1ClpqtkNM+2Vgg4gyOgFUua0ktX0JJRxM8vrFmjbXWtF9Y0FJ1kokX5dpWoaSc8pMQWWijDqdhiDGTfOKBy+2BbYP/n703a9Lsuq7Ebg41ojAQEwmOIMFBAzWQlMKyo9Uiu9tPbneH/aA/YEc4TDkc4Re/mn50hx2MNofuYLgfFR0htKSghqZIkQQIUqQIEqQkDiIJAiA4YijMqMrKqspMr7X2Xufse7/vy8yqykQVgO9U3Xv22Xvttfc5995zT95vOvG3Bxlj1xvZNBBfJn/f+//gUXwI4S1T26ug3a583ASa7H5zSRnzRa5GvA7VS+fWSflW+XCOYQET5x0ytlr6BEjfF5rUKroEAlE8u7kOpfYxhVVwqjXJgRwlJmBKbEfcOhE7pizYRe/LTb1wkYUlWELmvjOHzM4qOsi4QOGQuv9CqJH+3QCFsukBTFxqLmL6y7KEhk/k1GXF74yBgjmGMdCRQfgoQWbd7iRmyDxL1RZOXt+Rl/1AkQ1i8xY9Wqg3zp7tn7IofFVsL4/TY3V9/MhL/OoKpLbKLFJlotwxU8t+274cWv9axyxEvztf6lPN8WYxWgMRqgX7WT5q7G8+j0IzLGDbDcdzJ44lI0zjmhCRnUBCWH3pi+WVJkKMSTedGtB/59sPaktXk6r+Dn5K8rvYjuAJJr/upxWTpdNz+InUr3717/DEdH3gL1zpF3zagAzDffd9rbkuEk6ffmb4wr1f5Vde6ftVGY8Uuh540ef5ywngMXwP55998nOichg1Mp8tvNf8u999UBtfeuf4bOYHiEZ4J0O/qWGeLoO06wvtDInL0pK5TFj0xJcmu9UJIOeB7HMidS7mi7ZoyrhonGCyL3P03GaGqEPvDnsmHbOPPZat5Qgc9gjgVH74K5//8M8OMs4l311W13bwMvnLu+z18vj+e4cpRSvLrfHcsPDl8Z3jmHDizVEIosktg/l+4dicnGIS5eIrtagtGqeaSs9uzWBkmU2bbbHgWK6rtxm7twJnk8iOsLTIX3oGgSAsBiD6m3SNoDLQZkOKNmctjgLxoqd7jqJQrUJ3uWFX3KF1AAOyXdQimLPzwpYmRq2R5V4DUYH2+c1z8R0vc/is8gIT8MdX8Yk/6GezKS+PA1fsXvGa7cprjnEdZ57LsVnPjpaN2RCDVOItDR7zggnIJSWXtNFbNMym3rOd24iUTg04soiHJh5HwliiXuBgUEDdKdHTUV6sicOminVudqO+FrZHi8tmnCBxPV3Az6bWL2An1Ndyc9tVwJSGOe38Jv7OQcKcVlj6CEQ7lBF/kkUCqI1x4vs7vbi0Ny1ENN8ZRSIbwJ5Rz8un8anDmXhzs7UQAiLtFNqzSu8poHAQYTPUPJa9Y5y7vZgMWL9OMBvIj/Oe+Vxn2GW1HIGXcAR2Vle/eNDhLnmBed3WK/9lckwCnjIm4+3HkhP1qBkYTBWYN8rCU1+ufhEvj8dnLTgptcmI0bCxsk43NTSo8yzvyUkYgRNPjIApKP06WdlYdcSyzY32wETXOSlClYUTYUMS1mwQJHd/+zQIFHahzrJqBIkbRfqzQpnRaSZmLLNm7Wa4dXLotZzLRXcs7Bwr+J0HKTK6WNgWLZTtLGjxCaEhKuXTcqJtXLygVKxcTBHBTKgjj44pG9gunt98AX/8XEfTosKvgNHXygCwsrq/X+8RV/v+y2BGXES/5Mt/QVrZgYmVN1fdYNVjjaoQcSQwBhhgvWTOgW6DTVw/AyaUk6bjho8GNCPQYq0P8EwYYgE0i1y5syMMFG0Pma0CkNVtOpdCNUpWzcvtsHb+2ra8Z810WJTClDlNUPNoCxKqXfaJ4irYDqjV5Hio+7RR6eABHZHSlwS6PuTUzDRxo9aboEQYWgGUJ4XX1lwe4hTT9dS5BICpxacwU2w1R40Y4JiTgeNYuMpaaOTSnvA3/uAZp+kYDbQUliPwko0AztEff/PzH3v0oANe0kvkDM6Xyd/zgQ/+CH8m33nQyVzDfJgyouBANNk6LikxPXR9WYfWT49jkn5bTCOAenYxCQyyJYsqM8LRixXCOdkHuASlruCJ68VGA7qlS4qOZsdQUijs2OuWMmSjtlNui6ZmMV9LtYdKiRxGyV8N99QWgiBrArfO0SdENBeTXyaP5UpgI2Z/ZpAMLY/iHuMsBxMzD3jEXTblZFCOlCtD2sJJjbgxuh8dT/czZ/A7ffjmGnvNq+uv9+jriSYgRE/yWDyyfVDLyEmo0qz96eq4+Za2U4Nq5jLyCibHT6NI2nnD2SincQ2O4+uWz1u2K6W9XTdaO6ai2vt5Ti5flxOHRjQrVKR529o64U8++fTwV5+6T6f8LIM10ZuvfPmb7VeCFjoAWuOaYddayaUXjo1zlc/sFDhLFell4JH3DNZWRWNjmuy0DUhkNDaYp1G0PG1haMvh66ml+RgiX2OpnFe4eAQjSHQ+A149FAGAZjdF4sIX3a3dqATGL+vlCBzyCOBhxYE/vWTKl7zAjH6u/T2et9wZ8strv9fL45gM6uW+S+eA08qyPKXkymO+P98etIrtLZ3QYTzbwAKRWk56ygI1FV6UyCYQwwSTWBKn2c036mYI3JypzwbUlYDqaPu24omwW4DI+Hi7FtC80dprhGJjVKaRwq/4kw/kscxMtPoEWWDWGU1mOoxCtHZbqsLf78uMXLkAsRPlpE6a1gY1I7HopVwa2HENSOYgY+oaJ5XjMi8XwqVXjfeondvAm9V2L/71Hvi9uLKyxp+CueRPj+8e4RKtPhGYiIchKXjTneo6O8BtdOkMLI8zi07+VlVU2Bfu0z896jEWLXdzTpdGN3ZHAmnJk6CdCyO1QY0FwgIHWGbQgLZuJwXfP3luc9MszcfxAxZM/MoibqOi6wOaMvijuGgYMvKbaaSXnZmA5FS4nWQV1pKmsuHGAUZ4UxMCQ8vP/qlvg9JIaejXMFsKKPKMMB64sAuHeQGB2jAlPGK4QbYg6OcTnWkP3xwUhU1aVZVntMhEzMi4x5cDw8zkGlTL/XIEDm0E8LOQD3z+IzPv5T+IeJf1cOPtt97yj7i8JrPaQaRzLXOUx5J7pImxmZkmsMJ8M9zw0ys0efIqyFRxsrN3m2QbHr658iSL7BKgbn5QULew0JjBRhjrGlHSeBINMGMKyTA1DpTR7P6hqaDQyB90trBuXuiIJ/RxgExWCSR6lEDaTURSB0hTVOxPgBjHsFh4ljwWudND/gloBA48CjZq+AalhRTgrZ9AbW9tbeJnAXf/eiLE6l9PtPowbo4MGsWfEG9XdLERIX3o0P/ul4czWS650g0aXuo9x6KUCINeI9zsVoApMrtGQTk3cnPbu7SDASg9ense7wyf4Ta4nQlM8+htA10nQQeYcbYmBiWraOTe7hPWESYaBeHrg4d4zvUhJHco82KGpe4TbBWanIK0UddiBNsEHV40yUDBWz86ARrvdYbazy4jcip7ockwSrrWmJvyo7U6Gzme2/Lvmk6aUrDVeJZdB0/NmWHZjtksZhpfdjv8lSW5juPPBF4qliPwEozAkbWVQ3l6ydTb7ehS+nH33R86vzqsfu9SfF7G2DYz4Wba5NofzBVd73Xo9P2XOzt3xazCmYXwrDXRJBvVNkEvU9acomLSjCmLNk9orHsCSS1naNusaQQNVUazFeq5iR17y4ieLopl2X6MLx133HKCT4m6dBFzcZNYMyK2TegwqM/0DlooHIxe3FiyJqbhihpj4KdjWmIR06P0GBP3QIWy+UlIi1IAmdOgWgUKHRy3o47bjIIrT+bkf2c3zvDnU9I49nPr2FH+ek9csqvrqzN/cfZM+mUd68p5X0/UMea/nFrd5A5bVOPBGLfQQZ9IGSyOryOzB30IKHLjkLdhb372qTWj1Yhu85zqxdquCYmRe3Q0DJwaoA9VHNEOtIOZE+jmgppeLNMwbk9ZA133BcGDwDHmlsdlimSbHuTfu8xBlnDdP9hsYt2KA0npxuyo0dKt2aBPNYyIIwJVU5h43H/XAS97eAHYTkmTNETPps9gzQjBdsyU5pEqzjfpkJn/tXMfGIbqI5AylWGgYlmWI3DoI4Bz8vH7P/exHxxWoMu+y6wd2cbL5K/Wgttevjzu9WSMxLSlu2VOOdtvHY8W1ZPZxBOMPHJeTRgnqVSLhi9N8wGW9DbAn3Npn5DRkI07GuaVqqfMzYTEh0zekTYbQkNW3DKRGxsTM7PshTbbHY11bNFP2bGLSTlRdhIVGnJIG3VBIKshDuQbRCw0K1H3D/fxOBNJvXgkuGEOKJsI2QfAOsInZWRCg7ltbsTvOE+go6Y/PQ7lRfj8GN8nM7KrUZ5qgrplPAs8KE2E6MeJQ9DDsq/RjF7Lpjs6bsI6XxbnoYVlNSdtZ6/GeTJjKgPU3cva6cKVCG6RaQpotDZULG1BIrTP7SlKyBpWvtNd9WrxITA3tSkzJja291U8/l71uJ3O++ZpweiBDFils3JSOxUNGwLtKk6cMCmNd524UokbbaVtf9unbenJFXyWXNtNBy0gUDkC3XD8cnz6cU0v6tNH82z1a8QUeC53hc9ru0e0ON9tI6/s8uMCFVc0gcuyHIGXcAR21rYO7ekluzHnDrW/3t3/1x9/BE9Tnt8f+uWBwsV/BZd4+GK+mOHAy5+34L2f8bMYGgrOKtxi6plx0aQTCE1chEFHOUQCqODSBBo2aWCVWOlsC0vgJKe/nNJReu9od7Ecf5VT64mxToiU1U668OK0TGkcg5qqrTKRtlOIyd/apNKgwKig0C0qJkp3fWKZWPlT6HlViW4ulB29nR28+9ce0GACgWE3SYtlRtYBtguw2/gal3J+VGyXjx07rgZuRj/B4lJfijj69Z52NSvB7lgkjKczo7bKBXUpInqB42CiWGjGDZeRuOm8aAhGJdo31XLjzbBr+FUb80ngQLXBgkjOBkinuVXECedCkFgeNh26CZ+oC/+8NnXeSOczPWLZ4joDzqmIGHWPOYkvwWxDoSFL/ciesJnKTqzjACyEzBjmKhi1F+WgxHnsxzaiZLfAmtg9in1c00X9nvq6PQkbefQ/UA1T8BG2RoikPL5qVbOSSExU6Er843laD46HXMMNP9ZyB18NrzxlBw9q+40vzQy2rJYjcEgjgHvH6W989t8f6o/ntFvSpfYBNxJ8bGXlHy7V72ri9/qAz+Lcxk8mKw4TB+eQKF6gTl4eBwAvj88rnnZYmyZrVjbTyrYhNMmFN2kI3BLbJsqJvwDFHxRkiarV2VQ1JSB2TOBYtJiJAlFa+M54TPxhdzG76/CPm0XkHqzCezBaAvTixpJ1DWVSWHVrgH8sNhMLnn6TDB3d00rS7JNE7WKxaQRqinZSqtlgNadE/5TNsHH+7LM4oEfmwJpqfR2/3oOf2VPh1xNFiQTw/kuEyWQml3T7eqK6JJtgkuxyKo0bj4OORSwseXjq1syTALyh1puq23xSOxo29owh3EkaR4AJ8UwzCTREcaSpyaar8cJ1ys+2aWb4QxEuBFGqm6JBtwcBvQyFuy9tU1VGyguLrw8CKOvYJLrKJlxItMBQ/DiaytkHWfzRiVGO7rr7t4Ca6upX5TZ85hoZ41qK6yrIDdMRb9gmAORkQucueLyDxQkRE4zk4z/+drwKTHEep120/Y8sevJTnqrDQ/s434ti1POqX8rLETj4EVhZ2b5P67iDp26MV3SnWV/ZedW8TI4DwfmhF/1CT29OfpkWr6DHEoSI7WGrvP+y+lDmbETqrNsdhjaUNHne1tyFnW7gMEcboPTT/USOaTO17s5suFjOuMFkI2oxozYBTdaFlhqWOjKKH0mNEghP7h1XrtpZY6uxUYe1TeAKRgs2p1Y7bWU493BuMyJkvydTXSodiBuUwXFTYMtbunu42ewDwDF2TgoiI3YMaE7qxuXcmTPlJ1rGNrf86XG2V1dWH97Py+NXdHE78F71qFsxSrHvjhzeMsTdMJF4iXG76TXxWacRNbBtwTUNkMApfkI/p+k/YMI0c4nYw/F4bLm5WO826vk5FKc6EKmuNNW/6ZsQgSbNEj1FkWDnWK55DkpGLcw++aYR6Fv90Y822zlWQgqss0jJzk+IEjHXhza61G0E9LIvSQpUmhHWGJPZiBoqtqzpvl3DOeIE/gg6dSq+stYsxNIWtwpywYJtytduJVPDOKpCL3fLETiMEcCZ+djX7vl33zkM7sp5RfcgvDn0KcwsP6qEL1cZCxjOE9MyRwfczAPN9J3R8w/XnWNYXNyhmYuz10yxjjVmHKfByYfFdcJUYae5CbuY0CDQD3dg3UPSz/cShaWjnGmkYGK2KVtX9baxbs6SjZIXGoxFHTfFRR2UgWSevVS5R6dd/qN6N3/wiAoYJUCsGciGEu4hl73GTWNmEIniJkXSYImaiJqxZOx8qGLxGP4tvNPQwhK2NihkG5fNc5unxprZVv/+y9UnwXUQb01ZMDKzsXfTzO0WmbGx69qiCZnnJ8c49FNe22+48YbhhhtukJnYmcKhzuFu452qGexchTKQR+UfLWBphZGbYjGeS3cPW+o7lwHTGiQdNJaTo4UBjrLaKZiNHFS1dvr2ihaUdgDQptwOFrxFHLCkj8al7DOMXdr1UMlhJGwCDRcpSyImmtTuRlObcK5rnl8Aj2Fo1f7PHUEQEgbfETUbJCvlzrvegh86iNsn81NBHWIKMOjJJfwZmn/O6E8agriRlxsKz/3WkGa5W47A4Y3A2pHhs/hDhyfdoZbL/B7MktORta8PF6/ed2J+8H/4V+/+7fe+6x03XH/y1BNPPvv0n/7Fl775mXse+HnJ8ArF2VXjXML5C1TOHHdhJYLXNj2BuDbLvGOcs458gGMz3TyZacKCXhMT7TxX8F+e0ofKUewfC9GmLYLzEEPRW8wERKRpEpIXYFw4GJc1c2EeTkh+TDF8A+VYcVOYMIya4Yd4nLRpiRk7MEptTgKBHPFkGqEDkb8fU4MnHuhgZTxnGm3rm2vgyEEV8kp3NNKjpsQBUs5ZBw2+w3DzzPb21q4LTP16z9H4isyVtZWHcmII9t2+nuiQXx7Pbvdjr4Fg793xVExPDpm5SzukcWsYXveGO4aLWxeHs/ru+RishpE/fFq8sF/+Pgh9vMUDlfnN62ybPvPw4XZ3qjp87WmmxTV9jTaP0b4dMH7F2b6w5nnH4nMwWm3f4kAwtBl3E0jrROS7e5wxFR2oIUEtwWHqamnQDDPTHoH7OFodcwec5V/jOlrUnMrbpUpn4YOF1+Ib3/ym4bpTuGSn53UOntXikFvya/zZ42j7j+60RoDlfjkChzwCuH889LXPfvzhQw4j+iteYL795t/9/g+fvPcMLrZdf+LuMDrzb/7P//H9v/Yrb32Xue988+0n/7cP/vdvvO3Wmz73h3d/7ofWs778919ifkGpXOLDzlOkXx5XWy+d5y0IPw+5srP9tphEPY2YihOcZTJa9sSHNlW6m2SkYvK9gubwDCGWOdRlG0C935CgGlKOJlwQn+pWxgQRpxN6hJiXtISzoME/lPqkSqW5KM8W+k9L0HkJkAtNzeCw+M7bYipoUHigakjLxjtYtr1UDFjkPnVRH+Enl0w43dHntGrRD61z0GA4WNQbZ86+CGnXa8cf7qEHjmubGPwBH0YItv6CRJfCwj1usMC1LLvhSiTQ+dhPaXRDr8aUI4OexwwOROtH1oc733bn8NTpp7RduHCxZZ6j2w77NG4DzhgWKZwLz6++PNao0pQBc5A7id2oqXJHSIrzqUJ2AcNjGsent/X21mnGCFBYp4DTXQPC4HOx1eEvlySZxpnStTaB9Mm69dPH3DESR7o/0AAAQABJREFU1vwotCAm6Fb3xXWzTBXTdgM2cmlmWmMFMFa47sNkSt4CrsdT9Te+5Y3DyZN4jzDaupwMYO1xdv9tS31X9zhyS9wMn/2X9XIEDnAEjqwd+ewB0u1KdcULzLvv/v2t9/3eB7+B53y/u2ukAzb+1+9/7x11cVnpf/9f/9N/8qd/+TePnD17bqvqF8m4sOdNVXN0wPGBZv0Qj59zUD8ufHkcHNtvCXWdVChP6W23Hu2aVjWnrKrBQqkbJEUvbhiclMSl2AUYjJVgMGuja009C3UsSQxpOrfq3iJM7hqA3l4o0mauDjZrtVgOW/pD2Zd/9oeSM7kSQE0HljFB6HKvxXja+d7MWGTMy5KgWIBUWt84ZNUu4+v4QUFw63/a0mljc2PXD/cwxfb1RCsrG/hJr1/s5/2X9NulMMuDKWJSp1sXScwbcLwCU0LlGOzo+BCFsdY48GZNH+pKwXd+3nLbrcOtt982XDh/AS+U8LcdKsjcqcuVWNdWbOe1tuPSZsOkqXy7e5emBGq7T/2U6w4xLm2gssM9LCWTsqdh0cKtgxpdtWscM74AM4OZbtTXc7GxUcj44InjMjLONBQiXdphoa+RkxzwBxEsTDIRM83mKQbnoP6bM+vorzpc6MJfESA2NgpQxpXN6zePkU46EhJc8iJYJRjWcB4exTc4rK/3bzeYuxhs/Y1IfZiDxz5qNSwPRz9nMvCyWo7AoYzAzurq33/1c/+WvwD3kpQrXmAqyyMXvzFcWP8nuFTiSnoJUn/Pr7/j9YvCHD22fux9v/mOW7745W89sQhzoPp5C1Q8vcQ89Ub8aMPJHovD48mL2jqpGWW7sR5S1Fo0Js5mNIsIRvhLEXg9vUzKMqcFybzwLT+zsq5lmp/jB75PqugdU6nuVUaSmuiVrPmD22nVmoixOxclnMjTIFfs5ISdAqtBRC9UsdDRstusUeKGZkCP6ht6oMbu1PVcHDdrxcFOANfw396+sHX+wu6/3gOno8fy5XF8uAc3Vv2J4xxUt8eVucJSMvhydemLbuR0QI3W6Rjy7DHIMYrqN8QcwqzawHkBsTiTIOBx5hPN9SNci+/jZjwN1AI0gzS1pbx9smbizE8ZpJ7vp2NpC+QkYBUWmfsOePWR/vSd8PdxCSJzGBbfdEDusPj8c7v7Z0jFgZx5MWYdY7Ko7VxYs2RA2UMDiiRhNYYlolbGJtAczc/2MAR3iWbzNH/A9RYWJgBMwkIYuedxyv6sxO/Xqq8dRu9oaY9YY00mzYqGzCXOAXp4GDqjlNh5jL2AFBYcOazN0x1owx60plnWyxE41BHAebp19PjqPYcaZELebk0T/SU1H/jsJ57D1fTgJTm9hOCX7OVx9Kl+enxnuIj3X/J2wBmLpc4odaKq+kB6MnRLba3fk8suaHLCktY1nbyuoN1xYdfkRjD95UQ5BddQBUDCRK46+uXk7hhp9iTKpkK1WA7bR2Ucix7mpByF7uRpaSNAUAKbA0BbKGEZJSALrSgpW2XiYoobewAiRsjceywp0zbHPYczfEjbshZBMFKHX+95FsZdr8GjR4/ggWVAMEE8LDo5xQEGWwZKDNrzCDFGNSHTXHHN2zSpza7xQCS2eYPVTZZyGy33nxj6Ma3YKMbG9rwSevuFr3Hdh8eI/+JAxLnUrXHMlKddkaQWCU4gE28+qWe7Pc3s3VD2sUvCwiMOtF2rg46bYyJeIEipvCIQNNmPhnM7gCM8MBoXRprGz3hKmTYW1jo4FMGLTXYZOWahI12Gb7R09ZYZk1D/6c4zk1tMV52VEJ8v4Uc0CvRs9/xTRw78o4/4rCaexyz/0U8J6biFSDt9qSc8NuqizPY5DaqQM4Gq+nGJnpT+EMI4jIFN5xD96SedwjMFbS0RYlQyK+adJbJ1a1kvR+DgRgDn1le/+qmPHMQHRPed1Lx70b6dKxCX2ddr+7Dlb/7Dgws/yHN+8+LmA3/34FNXnkN93RvTpZ4dbfXZIJcS0jNYf+k8Xh7fHt6q6ZEeZRKZzatQcnZSce0pkW3LiTCEFppKOyZf4jjxsUZBbTEUuaeSd4OR0Y1xzJHfTINRozhm9batu1FjRO2Add1Kn+ovRAaRnhN8RRisgekRRyzT8IoBpX3R5o3CJdSjKDapF3ZzHcbuH7zZRnVu40w9wRpXFY75u/bwtwteHn9k9PK4P+Cz708DHtjlXlPU+RXvs43bI2UffwJDZr+n24gmeYgfj2AckK6TPTH9+BQ7zuV2lBAyWt3OLCPTzAjHuPMwTThNjru8M6Y+GVzs6kWnjw6XPrDXLO5962ioc98JwpVo6rjx3M4CQf1BHzsfEXH+q98iaB6tOw2fVGoT680xxIyGKQTkLkqFj8Yt7ZxKuLF4pGsdlrASEXE6f2B7O+xOJvrPTm1jE4ombjwmVKhOf+jDzPHxliEFBUdCNcoEB4mqRgsMHh5Il1EJFFIC5U40Ood5vnLMPM4aP3gyrDb7mWhZL0fggEdgZVjduHF47ZcOmHZPugO74zxwz8ceWl1dOb1nxAMC/PW93/jFt777yPfn0f3RJ+/70sG//3JepF10O8ONmABv1cSSME1gzUVTF1qcYmpx29MPbZr1EkQ92viveSmbqWo6Tl9t3srZ3hOg9Bm+YVoIEqcxI0b8mo8N1hEfBO5j46WFlKiV6ogaGirlG/5s9RI6u8gfxlYjSEzT6ZtV10FBnQ4CYylYMvQKUhRiCcHmmzj9ddNWpPAnf4FKZpsl3RXXN9kenwggCcIq5fy583u8PI73X+av9+A5509xo9rMECSK0q5gPuMpRfqJLsxj3GJdIVssxjnF3scoxbInRoPDPdqAiuCBl1wukI4NlNseVfsqJoxx40ZEyD63W6YEs/vY/M88zDU2goLVtVrMSSft5DgzJmPB1l4mt3sLXATRd0CL6nxR93Oy+0mtpghSYi74h5Oq9aebG0Y28rNfsnOcYGaXogo1ZeC0pR6VSvO1QjW927Ao7TJMtMgu8pAUX2cg49DeOwYEk8uMJv1oepuzP+P+Z0RymifxCkX+5DV91HGGtlQ0OEyY7N0n2ePwJK/6wA7xGJCMBYLPw1DkvgMAwYgKT9+Q2czTU9mPfJeN5Qgc9AisbH/x3ns/dO6gaffia7envYB72XGR4ct41r6yF+4g7f/7//H/3fvnf/XVv3nsiWefOIufQ/nRj5/46Yc//id/Xj9BfiUvjy/KFZMDp5woi95/OWzf5bnLc43bMeNrxjEL6mm7mObZpnC0FadNhkgSshLFTCa52EwpO0NVPt0VpvEbshqKTAKTBNYezKv1PT1o4+ZFmG5q8reFwOAzKzW1mJ86YXIAdCOQJj3bAbB39YTOTcItkzPHIXIL3zDHTSo0saer3U2hmrt2YCCncnNz8znceI6F9/z9+jred4iNZXVov94DeXqA+mUc60q8/7IUxBm1i+nKRfQnbqB540Qkjhf/xZPMfu5x1GLkmA5lVpQpcQssBHH6nG3pqxfaEbKgFDtPLmxclOmc0MmmqHN8Q68skJNjurZDpIA98yYYmxdpSJ9d6EV27qJMze0CBRdRGjWNRzrIn3ITiqGr3b/oZd+HWy6GEHwmfrK1KmOTQUMFQxzJ2LdrOLvk4844RKikzXIMOY867CCIOnNpfaWNHtxxi/PAYx89oj1KO/t1gnQvhvBGn+CkDgZswc46+BWJNuaFOi0RhHqSRTrBGxbowl8Q0cPXDWNYS0cChcgm2qFqtSIRS2FZliNw8CPwzF23feBrB0+7N+PBfMgn45y6eMu3nlt54p/hStr1a1f2Tmv/iI//hz/79vAfhm/v32O/yDmvXi749Z6chkys6QML27s853AepMxaOzcM0MxCI2eYWlfKaqOeOBboi0neVBUa3TAQS3kQrAk1vMVS/LV2oXMzBC6CZLwWu9ocsGN0M0HT/W8WQBmSu3g/Pqf20Cls7RBxpdRUqQ6/4k9u9rUy8o7UHCHoQFhHhxLAImHigJk3FIwJ67gN5Y1SWMrOI5ynbeUoDtjz2OPrifb8a7J9epy0fP9lvhdTUea8PL6gJ4Lv8VbPxFxOhVHSeHZfH/cYleiyrMZNxpsLUZe4UXPE6LczYCE+PPv0s8PG2Y1h6+LFuYeKWI0xBZTwDnmeokebgy3+Oo715HX+hfpAxAmv83eebu8/lj3M0D2nx6pbMN7ZsPceo1pd45KyxgQaQChNbP60t+sLAMuC2N98e9TRJwcDmNcYS+MJgfuwNEOH6RhMEk2CVfzm+LFjR/QLUzffdgv+wItPk+vUUJhklqJzSKvrnYF5nbDudkstmyYoreVuOQIHMgK4Pj7Fb/s5ELJLJDnQBSYewV58zz/7g68NWzvvv8Q8rnE4ZoeZ9SZXYSjW9/dfQrd9FE813sD5qcwnrY/j6ZQ0nGo83bCezjS2kcL4rN1MiOKluydAcadOK08udshjHaPDXxPgRM+I40Kn3XLstkDG0wFz1Dk44qWlxe/+PUHqojg6W07fOrXRkXaz6gOQ3unkzpqgW2e71kMnKvsD7ureF57jvORUgfRC/M2Ns3v+Eeafh0SoZ1bX1p+uaVImU+jKCm0K2qONyWemh3u4jM3qjtMIUx+Z0PdFjXExILOBrQ/LM089NTzx2BPD9hYusnYsYaOchZJ5utbWPep9O4yB41aPrxOCyUwBC9LosC4FdHeSKdr0HocafxHWPqO6jOtIb+Ik2zfnBBjnxfy+NWgTnMFYMW4ZM6kNmuRNVD83+3EzXCyjRufd2FgZnn3m+eH0k0/h+1nfot8hj57QIQNxXilFrRxTydj1awGy8TQCN/cpaOFbissRuNQRwK9Nfe8b93xs9J3gl8pxJfj+2tqVsBTf1esufB2X3MWiumZFXNDzppOmw2TQ5P10on2CfGXnTiw41mP+gKSJJRiqHDdKTT1Jz3DcqLPeddVbRi0z2yisbIJepqw5sQY0FmCUlR/t2JKBLOEYYMi2uKahBJGDd9R3GyMFGaJTZIuxLIdKkNDRED5+ChZ1vy0orfSz7IxCzX7GP3bY/i2VBqbAjSXrHj5UVmMM/HK5lmPKv0XpMcAU2TdGM0uvHQjwfY5nt7a3r1foBTv83vhw9Gi+go5fXkgYPiE+XRD2S7i9PB6CO7cgwgGpaxTK2HijjI0x+vHg5RaXXDoZH265J8EwPIUb+WM/e6wvLknVRlMNBhppkk66Kidap3I9nY2xfXE9RrrlOo5reuME8Gk04jOYdRarol/FIAajZuvul54IqH5lYJ4hFFkqa2guYz+3Q3vxMKmCUdLYuS6mkTj1KcbapwprAz7Nc9oGcOSX3NLVSWkEyqjS7QxnXjwz/OAfH8QvcPE7WaNwTosSWN422q2jGQMUi0jKce6GFMMS6WY8Uy7r5Qhc5gjg3Lqwsnbh05fpfiBu/e50IHTD8MCff+Isvlbl7w6I7pqjwUHrM8C8BSq+/xIf7rmLiXPO6hPNbFc498QizDZPNzHVhNbhaKuFeutYo13dQxOLOeg5nZmJLHxpmg+vpLeBuKQKMBqycUdDLcWpqYkxgZWBI689aKnzOWXF1YBEHGNjaRmTcWW03dFYxxb9lB27GP9E2cmZyCFtJA8Ch4mE08dL3FhoNqJ0ina4j8eZFuprOXt244XanicfPd7fnrkyrM1/ebxcvYgzDSNa3NCqvsrzwh6Mjp2OIcFxRUj85/j5PZk2xvUBLLMqmZ3fPDc8+Ti/CziJfF40B5hYfBJFq+0dPlPoeubhOCmzTZXVDTxXmI/Ugq4QNFQTQLYoqVGc6lAN0E87AzPRLHPjpwvdFrHKue48zq6rLeU5acxBUZXZtSSh8vGbHLcZTic8MsQcYDpHUNt4Klmm7dDKEOMRLJRbCKpG+dnC6zm8iObQnMfi8ieP/gxxot1PqgjEc75dduSkU48UTbZJy01FMzFSj9ysXdbLEbjcEVhfXbtPXyF5uQQH4FduUQfAlhRHjh7924Nju3ymy/+Aj1/3LrH39/7LcNjauVMC5wpMLppjQgw55xDPZ1LKwTs5ZmPehGO7ZyjW1OVslS5CWY2a81wgZYFCt/2RK3PqEzQahKpUOf0dz5BWNydoLPenB8xDuTBWlj4WoQgvTreUChAtaqq2ykTaTiEmemuTisFZFDTEuXsTpTvfh6li/5JXWmDu/SSWFI6eUfn1RHu+NaW8/3JzZW39p+SqBZymq+oF8qFc5rOxPAget0TonEK6E7XOgTgPeI3ADgC306efxpfQ09keJM4eU+ViB8NS72aF2qXWPJzctECDwX4VM18eI92aLvR04Jm6i4HZponbRI02NSyugbIYhrn7Fj+Jzes4c52akqgsvhg5vqUURNHuX4w/Nsac9HaeI6YWzPimGMFGDRMRugDex7bHDSic7a9+O66HvhDC9DTO0c3z53IKsa37tLxGYxj3gvZHr+PBveXQHJfCcgQufwT4jT5vvfWfXvV12KHceb7y6Q8/PazufOfyh+da8sQtaGa9mSsN68v7L7eHrTvwDW2n+l+9mKAwkcRNNvrFyYQ6zz2qK0AwofYYCE9orI2Pqao1k0H0aaIqYsaNXXfYpHJOU394eBZMRrFg57hFLXGqd44d51i0ZPgWJsZvGrJ0AHGbT/o7ImuPf3gAWQfAckugZpCsNRRV2daSHP6x2EwsePqNK3SEpxVSuFO3vbONV8j3+vUefj1RPMHEzehHCMc3aFc6UrJP0HHLwg/+6IouOtvm1ODuvnPsl6IS0ZSNHcbGYdZQ096AEKbpA8tDgw9AlfGki5zSGTKbIswAWUE7KlZPvBtG4dkikBWAKYZiZm9GobEzM0SYlBZF8tjkmnpguLkIX+xqEycAW5QKQPrZnf1ct/hQmGFvluRlgu2AjWNZ7Tj74nQCSZUzJ1rw1jHsMcwrjRsKMmrk+ETfTG9EM5KkKXuMKtF3XNKhHSQiphG8SByGF184gxD4BzdvxHMBGYvIMTuPyw5+2q093Ux25QFbRFNr7LhsLUfgEkdgbWv1qn2wp6Z6KAtMBbh45L4a6FqTcZHPu5KbDhNEk+fmPvHP91+u7GztvJ14TlUsWpCw5cmUIvVg50a1awnyqjumQQ9v1UZZbL3Wna2knu4KDyjR3Cl+erXHOGgrF2JQhG3hIYyGzDGIMkhuuZP3xGZdeBjNmC5tLBhd8OAOT+4NDg39qibQ1HpZEtaY1OGjYPSlHNWo01aavpKTlgU2vydTObYO4OZj/wQ6REYcNs9u8Nd71mResKu/3jOs4OuJ8tPjev+lPz1erlzE2M+v97hHC6JegRr93/Vy4SB4HCH6ZhzXRhg0PhxXbBfxafFaYkyLRnzcyasYZkUiSmgB5GUlG1l4epuxqG1GbStVlAuJLuRQGaWFHqFZrB/RJIWZjI2aHqUQNB9YQD3LBgUN5RZ/hHYjY2misI5OJYcSv4gJbtGKM/1L0xByUt+um8DMciZGHM25UVItGsKCYrw3ofyrKf445QxBiHkawvlJYWdHgC9U3C5eyG81UBwuPIPNdrbrdSGm7DMx7L++U1UG55GNlsxSWI7ApY0Afir12/ff99FHLs3rcNDlNnWwAb75xY88iQvouwfLenXZcOl7llmcyPbOW8MYE0Vf5uRt0gwwc5LJ+abVXQj/mHbIaMdpaOtZk7TWoZJHwlRhR3bFB68eZNEPd8TQhR9zi4kQbTpyU6Hg/KigbF3V28a6OUs2Sl5oKBYsYjLURnlYicaIq0enRf6jOiKNFynmQi3RCRBrBrKhhHvIZU8+PcW0f+YUxztuYMTY3RE3Ns7u+XURx46fcKSd9dX1h91wDa6k3c/lOx+DG59TM+3l1T5JfOK4o2RjhLqhOb7hcrQiDbqRitu0BKqky1g6MdPJMSaO9rBZMRIz6n0CtCCEXHETyknTzPTh+YCaKhaQaME6pz8tQHfPUQjXvncmSVrwHdPzNdr8XjArl+LgFIuqi/UALDogQHv4u+OurHEeJLiNSzuO4Tu3e8RoDM3PhuU0Je8I1hProOZGgZuv0w6RWx2DCJ54WUNGMP7RyuPufPDKVQKCn/b4w5YQ6Ea84S87KbBFxf2yLEfgMkdgZeX8ietP/fVleh+42/y7zwGFOXF0+74DorrqNJ46IpFoccqoieHlT3z1zM7tVUc5FhqcdFA40bDkhMKmVa5n77QMQz/XJHCh3pt1o7S6G9SKAbgQauctnnfGqieV2ymLnXeHuQXgXUu1x5MDZmGp9b1wOMfeAaZEHnMREflYU9xHYvghXhuA0g85Txmm7aSralC092Uyp2pDw01Gosz63Oa5G5NpYeVf71lZWf05Hk1uAGiq7jNdIF7iy+Od6AqleuCYJbasFhD3rnA8uMWe50L8I4PHrKMF1C504dlOaEZlLjWf7lL8HHNiZLMnNMLPyyG87RALFeKEzdSiAVoo28IzHMfuqTObefoZVJ1m5Y7P+FaYl/EpZ+30ZpmIofMCRBlbrpX2GO4J/QJOocY2ZjBHDZVxrqO/xNetNYJl4b6zBMQc7JhyUH8lFQ624enKWOhini/QzHf6JNMIrd/VyPMHnNNoxi7r5QjsZwRWV1bu+Zs/+zd7foh0P1wHgTnUBeaXP/Pvn8Bi6ao8xTzoD/gsHOzy/suVrS2+PI57yXjq4nTV/9JNKSco8voPW9ea1xxQSoNd0zidihiTG/Vpcxp2swv0jCEzdqw1PWrGIyh7QBy5qCLINcR4UkrBJViiReC00O4SE2oQhk6hE1LDMGagw1j3ZpvW0+idz0cGjNMBIIlT1AFwMslmm3HTINazzoEKl7hZUd48d/45vAnzuCALdmtra8P6kfYZoPbp8fkvj2t5e3VfHmc/2Dlt2OFA6lhO+pe3bJ13HmcOYR1GnYM2mrLUxjMUPcM3YkbQlGWfvzOH47oW2sZ0jTj9tJhltMO4Hi0oYWpP7AqvuO2W+tqkPeJTS4m1C+QwWjGqm2+6sPIpXVlGTqOGHVHT0RsPbBYhWiBrd6vJA7u3CjV/1VFWkKzlN1XEMDgN11OaFrOnL4jZjLc/9XrSrv5aa2fW3bOf6z4fu804zjWab9xP1mRBlZLaPKaOEorlfjkClzACKys/+/rnP3r/JXgcOvRQF5jM/mX/FHP86BI9ykd4M3p+v/rO29jnmCTGU4WnH9o9rbR5ihNNbrRqXuPMUyb05kOAHMf8oZMTHQOjVBNHE0uaKEqFHWvmx39a/tKPd0kBuo+b0osWuxwOs0SAEqSR2Lvauuz+a8ImLRNkIYSlz8awNSsNMtddc0mloxgZ/QzX4CLCG0XIjMdCNYud2bYsAyH4h3Hw00yNIUA1T7psbLzAp5G7lvLp8WF1fdXff9l8mFk09nPp7gfTqC9fYEbasCvHqQ0pxrO+NO4eOKBvwDFi5GidFETUkHwo7BdtWlEEomO2Q7vnfsrJIKIyp6n3ZCKAbPk0qrWgASE3l8Zvhes0kKVjyOczqWt366dRygaNyKqT2u6wC2tfjK7nAUmGklU0LnW/gL9xugOsWyQ1WsuW1jeaTWD/ZiSaxYDeahqdx25Vx67TeSvXyEV0dc6FzU8v2/lf+ppeEZx7UJu9K5fScgT2HgGcX1urw4lPor6mTqFDvwPxKSZ+R/kf9x6ily+CH/DBvIEPbuy8edyL8RQSC49AhCXPhYRx7mn3x7Fr0lJZz58qOzJ13KZYtKuqyBRddCvT4pJ4LzjDyvxGxWFmlDa4rgDqWHoCQRt7z+saixEqG3RViRtv8NA3/GmqUamtEWlXQQD2VV7NFUiBsVNn2WjG8JM91ZZpISyhsRywn2s8wdw4195cSZd5xb/eA67nV1bWnwSmRgmXeZOIruT9TS4HPwmVzjNDd5mZa8OO9QQWNjpEmZqtrzUxjVYGaHTRlAANQKGUOc2JSuQcxTqS+8kropgtziu26jblnRkPBkqfkOgfXGFyJq4TtaCp2LBxzcNNMO5YYHRuoZizF4BAClmanDpyw0TagjJ6Tg1k5uC8GqhxT7hMrJrOSZCOVHOzVjUUgidG1ayrPON67UDzSMOcSCQyEwSC8zml+AMJQjvAjow5Bv7eOl/YjZKe7haW9XIELnEE8MMc9z5w7/9z+hLdDh1+6AtM9mB7e+XeuPoOvT8HEgA34Eu+1re3tu7ERHKUCUwnjlzGQE+Lraw9QUFCRM5lrttcywmqTT32dRSnWfW0sQR/yNmuf13bxXETYsZ2h6XdOcOn5wUHg8WLtmty2WdGlqLYudBjcUJq9DjRjPVewiJsH5WpLxMbs0Wq1HGTPzoSPHETYEM+UrJRGKpsZpuJt5x1PMmMhujgv7V18dzW1tau77/kaedf78HfK+3p5eyv93AgosS6El9PVArOw9quckEdpMgQ3DjuHLvk5smsAci2YdlsNmLoBrsyTzfD0yxa6txmzWDUhdYeWTN+LZNmNQVH1YAZ+Hn6MWraokecfwynkCmIT4rwafZMV9piDxT3VhpYaprcTAc3xe8G6lF/YJQ9feZXdM7iU6qNKb1tAzegRWPLnJqJdD9JPvDitnHC19QUvJk+jNwzB1sluxGQbnRbFOPjZReza/JR52xJZ+StYaFN9hCkk/MoSKObCsIDyuNT/7CZ4pbt5QjMHQG8NP4vf+/Wr8y1XWVle7PXYebBT5S/9/c++He4ht5zmHH2y437r6aDCX6ebgLJ5hx/LDDfbgLXRPOGW9uVkHpPQX1SwiRTHOSvNnYVVIlGsllN4ghTfcSxVdR2AV8ufZEfMiiumgDddly1sWPdikGO0AxFMMYqRo0FA2Myp+o9RUdAI1gbYd1if6EVJNNGMPdZ2ZCKZWbMbYDN4YTjjiooC0RrPbTx3Y7Pwbzr+y+P4rsv/bcNvmqivf8yiHMR2f4k3OtW1IByP8xdXA4c0TxXHEyHoQySTyQfnmld/GgqnrYsrHWe1oGvSMcpx8Vmqxyr1tMR9qxhH3PM1pF9nMmwpqP9lA4aTqumvb6+Ptxxx22N0vlsntscnnv+xWFz8zzghamRNJcmTE3uj/vBU1uHpHksEhyv2KtzmqsqkM6++Flkcmm22H1Cst517fZoUsoRIY5bLUot85O+yg3YIowg5tJvhvvcrQgPnucIcItJdT9KnhA6HKg2WLxm0rF1sCW2FJYjsOsI4NzZ2tla+7MPfehDc960t6vrS2J8SRaY7MmJG0/du/HcC7+GS+sli/mSjGAGQb/u5NzFCYbFMusoljrCNyA8odIXXGiesdledkM7lkAGOAKBBdQyMG6eHXjcbTwv2l2M6abveaQsZfBzscRps8yNbUI1hxzkN43vdnAxq/FoWaOAPTeo67g0WTTgVKzKGTyxD67YV012KwcgbgUgSuBosaK7cjNEMhG0p++QJZBvGhxH8m9unN1zxXf8WK4/V4YLa2vrj3rECn2qggrhphBDF9bI65J9FpLRwHNCibDz44TiuZDUscvxLpoQw7U7Z5uJUnTCU5h5uj6QbjdHApnknOIY1TRFekHWToUKXijPMrsf6lTxczzaj+MnQn/rt95drGNxY2Nz+O63fzD85KePwVA9LY/xtaX4hDkRyBT36QlwIllpPOFNndVZ95gO1DVNItbBRzRWBnLUYoNFcWyJemQKVNA7TvODMA8MZTD1s3bUnTbpkcgElOL6ppal+3B+jZYvudHp387HmE/Dt/OKbLlbjsAeI8CXxr/Or4S8RsueN72DypsfnceN9pp8jHulfdzZ3r5t2N66MSaoPsn0yWZehPFkomkNKvtw/vEc5InJ7Ta5j2jJN+bs5jn6qQptxWECjM0qay5GWz7WpT9xKpVvZg1DY0Omw7QixiSBtcdobk832rj5nhe3B8dpnkKbNV1bZRQVwuQAtAWn82kHwK7VEzo3HT5h/jJ2fPhr6/z5C6+x96K6f8Bn5VFQ6dd7Zl4e993KJJOvJ8IfAYu6a48DrnmDRMg5G2+93FrxCeXaBmZcsy4yRTIUlpm2aVjHsSsejEWPwlnxlGmy2bX1rHk6t1O6AIpI2JxCREc5q8aXpjGq05w+/czwox/9XNvjjz+Fp5cXhhMnjg/v++1fG37nd34T12Sdvh3HdfAwpoviw+w8rHc99rS21kRga6cYmEoAnwLVY6HsYKyTg9ew1BMiQxuXFcqDzlaExBY30UKQteS5cABagLEQ/pWg2+N8izZx3hi9zZkZUH90Sp9epZ/EqjudeiktR2DXEcDi8ufX6kvjTvwlfZp4+8m1Lz+xsfW+7Z2dk07glVDvbG2/jVNGTI9aKo66xamJE09MUW51iP2E0kwznmw8+bDWrMWZyErRmJ01i9vRisjWGRPZCFtMyg5to5i0+oaYkRosEDwZiqX4607cnmo0lsxpXm5VZ3wQ5u1m1FVZEFRI7FYlxzImvObxURfFGPk3XfEnH/uqo5VorgiaIwQdCOucjCM00uTgd1+exa/37NwyQYyaR44cHVbXYsGwutp/vUegmV/vacudEcecBrM+1KJjpPEoYfJcKZoQfdL0syv0GEKWMPeUUz1FBxj7qT3avppGpOFj6pl8g6zyUXY7nHMPZaMZGfZu2G9KrNOLwQhooGF45JGfDT/9yS9aIjw73vlLdw2/9EtvG16Hl9Hf+a47h+9/j2/VrZlWeURXqeGThfGyT2NPA+bU0/EzJAl4HBdBDB3VmUM7q8lTxoHYhHS3pmhCt+0lVe5Rp2Putsowtdu5C/IGAKJ2Fk0uIv03nl+90HwCH1O4roNknWPu1YWl/dU9AjjPtrZPrH7yWn1p3Een/gls3aHVn/rURzZXVtfuO7QAV4kYH+F4Q0wqfYLiHORtmlYsZ2a10mCmsd+iSXrsTzSLpybW1slQbGzTVrCGpkoTHXXYenwYG45C5pg42pqfHAFZWMJ/1lxyymBEMrAnX7UYS/qaHxQtRVrDM2rL4cRW80+kdUJq/NOnD0A4cy9wxphnd3jikmbj7Nnxbx92tia1T49Ts89f71l88S62tIAHJKiLPEB1w7jwDAkVF3zR1gmlMSuDwzw4ZthCm4PW1USo2Mv1VJ80Oeyx0KSulRY7NUyQJUNWrLloluy00OBCSIuhCiJwYQmgKTgwzR8+fgqfA9BZ3FG6o/BNVt/DgvLRR38GaWV417veNpy8jn+r90ROnjw+vPWtbxp+/Td+CQvQtw433nQ97NFF0r35zXcMd9315mENf5ndcMOp4Vd+9e3DrwH7JujjCdswXH/qOvm+/e1vGfi9rLWw/fa73jK88513DkeOTp5PZBq+LDLt6r4vWX4mUd8i/xnnAEI9G4l9pZabxr1CPK4yANBKBfUxa1rm1M6hlMmR5xHPOJ3twvGs53mfLoyRvhxnjXVcIM1/Jh36LMtyBOaMAM6VL3zzU9fuS+NOeTJDWH149Vtv+d0HfvjEPf8FIuz5kuHhZXGFzHqZst0WOL+8gbOYJ4i4tbEdEwyjdZvlqol8iGexvz88wZpzU85jMU8RWJVsj6K4rSkubZ4qGSf1Is12hA8TEalmHX2BD+6MlPWOYjY7E6QsLQysCmMF7VJkzTYZXCwHnpGM55B7Pna3zURK6RpXjKBzZs0jQXwwRzz7Vx3z8fjz0+CU6a0VgYFKszaSyenalN06f24j7vLZnlf513sQ6HHc+18EBl+grmVIh5eXxxEqomgtGTj8kVMjV7lzHILEQB7hduPMOGyP09olAY3r1B7su2nd0al7b6fk4dGJDUaeNLsUW1U7CPE2pK9NE3VhDotxJJA8ceBRHKkI4laUFH/w/UeGO+98A36ifmW47bbXDI+eia9X5eLx13/zV4b1NaLC6Zd/+S4tSr//vUegGwYuPl9z843DrbfdrKegjRr617/u9uH++/9+2Dh3bnjHO+4c+IEjvNo0PPzQj+XL3Zvf8vrhV9/9juF5fOCIeYzGMMmccuNu3rsL9GPaut54rHR8yBJXYZpZCReCvEIse+dAlRHKZ2qYSbIDRn6Fu03EZBY8SCLvzJbnvXyQe55vTWNi2ss5KKoaZykvR2DOCOBs+8l/+/7bv/zAvXOM15jqpXvUkR2/++7f3zqyvvrpa2wcriydnW19vyFvpNw00eQEP52/ajvmma7hNMp/nj059+iGzeygLnOR8uUcHIswNQPU/M3rOqIZGTGsYw0cqxSJo6diQse8zEQbX5rWoo96G4izv3RoqDaAni7W0cGFsgmsCxx57UGLYwoNg+JqQKjp2DgWMaoypM1cNRpl91N27GL8E2UnZyKHwkCxFuDPX9h8Hu/B3PUtIXxp/MjRI/JcWcWXq6+Wy3K3l8dtqzF3kdGXaYa7oPdn6selUnOgYrC0uOTBwsYbrY6TbLzdhr5FIgW3cE11b9jsSG4Twc3tWgeJNQXZaTNOR1pBLxZ7R6u3rTer7bO1kbbEtaQFpYPAxHVIaUanJnnSfubsxnDhot6iq6eQZOXTyN98769icbk6fPtbDw6f+tQXhi/c+9XhHBaLv/zLb9eikjiX17725uEfv/PgcN8X7h9++MNHpb7j9bcPN2HxSe4fP/pz6bggreXOO9+o5iMPY9HZLsJR1rJTE8e6es+TJx2kH/9R3a7njmmRmmDOqgiZe270Nt3o3DJtdZWPMoA0KS0f6EVoOwhKZzksZFBwdCRP/3RiOzZ5Fz+zLevlCCwcAXxedOXIDX9yrb807vzLncyqw6/v/9zHfoAr9MHDj3T4ETBX9NeQOOl4ctHsEhON5yLPY66pn18SwQoTUExYEkNOc5u4KIyKHFOT4Ll2+nkjLnnSRSxWo+ZcSIQmT02gXL5BYwwZAhA626CXJ3EqFIpTantloHG0+O9/eEKtXDJdWSErduqCwTeKAgTYrNaybZm17RTi6VtoqReQwSVDb8fQjPeA4eXxffx6T//+dbyFhG+qGxWEyID9cu3SCIrGYssUeSDt0n+JGJv+LxNn9upBdMNNHVEfyHoOB2zP9BivhJdcdbY53gyhj+OMoSvoWzlp8cJwqu9e+5OUF0jMt9BrTgfwoTHB+alzlne88y34o29lePyx01ow4mdJh2eeeX548MEfy/56LB5r+eEPHh1+8IMfDU8//dzw3W/9YLhwIfhuuvF69ffhR36sc//UqZN42hkvNt100w1ayBL7k58+zosjNhJXGU2NvXY16jw5RzgrIjweWmTW8yLdCVWhoIYDWaFZqR03a9NLqY787W5AelLNzf6uPdHMnj5ExFCIMjvioYm5pGMEtsMsWTMvheUItBFYW//zBz77f/Er714W5SV/idyjgonx05ubm2/DRdcXaDZenZpXvuYF5MSf5pE8mwpnDeB4H8frxEgf+xW+YgwNTMnCKY5iUgax2qFJmDR8nhHBwiO86B9tzj3MxnMQsU1OvdK1UqxCSVq86/HGWTEgg3RPxe/NiI+haDDdDSIv6rrBTsnppmoGMIO8itV6qyo2dO6u0xQDw0gIf4mCW+pojy/NlT2Q1T9I88hHcDlRT+esa1/Cfdg8uxErgO41Ix07FhC4nFldXeX3zzCdcSlPH4ErdmU1xr6ELXdfIdlAySoaVcFhwsEpyXeMDiY8Z5w7pB+l0JGHcPNV16k+MAUpESjHJWUlYDtL8VKsBktDnvqL3E2DujNZosoyj+Tco+mACeSnx0/kwvKF58/Af2e48cYbxM/3XP7zf/Fftph8mZuF76usCW47KGycvM6ePQeOI/ii/yPK58UXN4bHHz89vO51tw18inn6yWfw8vgbSKX3gG5dLG8rjgtONu9Ej51q5O8uhFSCyyHbnkOmg6DrqzM4Rqvn2GuEkScMLd2RobFBCG/uOTMbFu3EKaZlAo0KnU8r/egC+tNZwC76iJEMxWmkWTaWI9BGAOfQN7/xuY98tyleBsJL/Lijj8hXPv3hp3HdfblrXjoJN7k5V/eC+ByhBS9FYkrhzLG9srrzjCclzTNgjzmkL8DiqU7EoK1OR1V2Fk4wJjgSpoYi/eHETfNc1tNJLrjITg9voR3vjUGtoWE7S5oUPmOTSvEBIatez8ohVU7pKpupefPwnTjtURFlUDXIe2KzLjyMZkwXj4kyKwnEYtKxiJ7lsjUsXn4G+ejpg8fSaddOuy8g2d7a3ry4dXHPX+/xAnNYWW1frq73X/q8a1fp5LxtevQmEvQw9M6l5pLOebPso9aYYRzqMZhxIyjPX6VJWW0OILa0QSjyDEtgi5retShMUSR7OdI2GsnapcrWRb2YJ+1w5ZEhw2KWMWe0xh67XiKEZiK33naj3n9Jjueee0FUfHrJ8uILZ4bH8BTT20/xfZkPPvij+DT6JDn3S7zyzuEHjraHHnpU2jvuuH247roTw5ve9DqeZ8MjD/8E+oiXbvMrBxjFHTXGfjq9096q+fgZbTunxpRsETuLn+BmAN1u/9ZjxsJ4tzakLnc/BaUBB7ad4jJHMP6xxa2VIjbdUliOAEYAp8lTK+/6jb96uQ3GVXuCqYF618Uvrf5g/dfxRvJdb8LXwqDyXs53PUUZt4Zh7QlY9TU0WlJ6osSEoRuqJqPZJzecZsZzilue0jgx5mRkJCFpln+6tHmKgmaz8Asws7Yj5VqSwHYtAuHb6sSmuyrsxI6dJkj0V29kz1qMskUqLbcWNslam2xVJ4a0KtKMvY9Lj+FJXENAb1EyEf6f8ps3+mJrzSR08UdC9R/dTtqxBlo3HgfGy+MbL/KljPFrkzSXcvTY0XaTWVnD+y8nhayh6qtJSV58jvAdM1IfaoPpRYoel0y4RW1n/uRE4LURx4ojfamFZ0D3o8S4riubUc7L7YaR04y2me3XFAsEnQqw6dJJzHxWM46t9DcH3dWe8OEJ9/Dud79L7Gfw4Z7Hn3hK5/YLL54ZTl1/HX6SdHv4zrf39+4jZ6GBy4Yywo5NPrV8AR/muR7v73zv+35NH/p57BdP6mmnEvCF5gtPSuwmx9lNco57bIesPeewOQVOri2aR3zCz2hHNNnF0Rg3kmk8pwSAz+tURXLqM8/sjDlKJpCxeIQhuX2+skmb7g2dNDqkhKpyKb/aRwDnyhZe5v3jr33if4r3sbyMBuRq3JHa8DzwiU9c2NkePtMU14SweEgwMXiO4gzRZHww4/szqTdrzC++HdZJJaem5lpcoMtZSRInsrR6ModZ/lBb5VoTvGd1sTuS6xYSAnm9WU9cKXZDrRiAC6F2ZsbhsB6uZKztUFAnT1qjCEixCWmYVtXep2pLre/FzTn6CNAU2ZqLiMjHmuI+EsPPNwWgazfkPGXY4fsvRxzzGseOtfdfXsQTzEeBmRIhVjnX5tnnEV+SbvE5vxcNk+1bngtWTJ1n9BzPGMo4Ejya5KiDOyVxexYz1QSn8b3uaSTCJzVrbcASNCnmr6YqK22D4FvECdO0GT0mV+VTOxXH8NL1a197y/CBD/zOcFN+9dDffeO7WFDyz96d4bFf4G9c1Lfhwzv+aiK2j+Al8je/BV9BVD84Nglf86zxCXsoP0F+Mz78w/IwP9zj4nFzm7XmHWXetOascZpxJCTSDqj7mU9gZyCkt0xiR7ZD5t5bRTVkJWlKI2nkGWm20OsszwWirPZLoJqyj3lMRDs/ne8SC1G0NHY1ISOW9at5BHB+fPZr936cb5162ZWr+wQTw/WN+z7+j+/5vQ/iT+6dd7x8Rk/TXnsf5vraie9f2Nl6YWd75/qc1zT7caqIOYc3kLh1chKxfjqVuG20xyNuuekvJvCCWPORa4DVZsyik1KT2TQqM3NERrJMPQvadjG0mByD68XwDCGXGLgxZBtAyxqMACNJ2kHodhMYxAGVSO4I7AlEnI5j39XNqTcgXJ/5Fh7hKleNEbKj2NKjBAuTjqdvDIrNd8EgVyJAbp+/sJ9f78n3X66s/QS/zHCeMUdfT7SPtR9yqSlXWV3ABDWjc9+utGaXZ57waBw85v24xHHow+XYTq7zWGPE3vXUw4eCnrZVXWek1RbIoxMJepuSh0162KuYWyDpRgY47Fq0TFGo6vZbv/1u/Gzkr8qzLULQ2sQHfP7h7783PHH6acXkKfgjfOr7TXiP5K233KRF6LPPPj+c2zinryPi+zDX8f2VDz/807lZsC8uNT71P/nJY/quzKNHjw58Svrkk4i5qLQJCADLxIJI41XJ1dsaeQ4p8Ebo3PCkk1Bx2q0BGcQNG6MehbepkhjQdMHj89KsgmUuuvLQV53t6jPnu04edrSho9lcRrBul6/AzblClvKrdATwd+EPH7jnY199uXZ/H7evw+/ayRtP/QUuvHOHH2n/EUY3bY7SzEuSMXSYMzij4JNKa/fHyq7HqFOFJhFOMjDH4qjjKBFrvCYwIWmJ1tgnkXZAzblJ8xM9IkgK5GAx2HLwyqQd7dyoTwLeuZyH3dMEQzBCH57MkAswALzomvi4KQfyGEsxWUbxm9521iWBIre+E8EUCGVRHNQaIGlga1YaQln2zSV1jmhk9DNcg4sIbxRX8PUw+PWenZ347qHkmVbrR470L7JeXXl4ZJ853/ptS+eiTr+ie6k/PZ7JekzY5FjEP8pxK9WoYNeOCRzoU/2SCsMFb2z0uZxS/Sq/cgDh/Li02gK5nUiQaZqUyjsxtVOAp/+uuOZoVMSPfTPGGYWB4+LyHD4V/gReDud3T37ur/9m4Hsrp0G+8qVv6P2Wm5vn9ZTzdXjv5IULF4fv4uuIHlmwuGS02k1d8pkI9VvbW8NzeJmc5ZHyfZhSTHd17KqNRByT7G5U2ag4y04oITrL6Uy9SMJgmN2iI7DJPGNtR7nhKVQY/bhVXaqsHpncIWBaBwU0ijU26PQHAgZ35CI/QoynosoGLOtX6Qi8eOHIdZ98Off9qj/B5ODxd8rf9y/+l0/tXNj6767yYHoeKWlwetO02z847llAT4bStn7k6yvDxXfubO28KcxJ5TUA5g3ecqll4TTCm3GjonKmBMrqqX+bDROmmzgoNV9RN1PGfM1/hBtn6PxUaygSXKiKGH2SAjvg9fQyKUfzKGl690sGi+IbMrVHhrEsiRElbxuLDCNv5tVKPnVQ24bg5l5dKDVhRlFmgLYYMpiB5byDp0dn93y/TP31HnxIo33AR/wMEWyQ+h8zIRlx5TXf03clJboe4xZLypDJ2aWIoLOf47YwoAeS9aWXxbzBZVbjnElvE+ccII4NQZJ7c7HZYCk0WxNGrpNG85b+RTwl/NM/+QyycHZQJ4/p2iLFimS8iMUg33/5nW//cDh2DH/bAMinnVEAxv8v3Hd/TzgtzOCee/42Wy2c+nU93td52603Dxf51UQ//rl0k7DNT4KTm7nYYd3VsdBoSAiOseHerfokN6zhJ2oDR41iD3HmeLW8HCRxrqZqx1WdE03NS6vI7H8fBqDV4BwFxmzSTw8fHKxl1xRL4dU4Avjw8Or60f/0zc/832dezt2/srvLAfb8gc9+9Ft4n9D3DopyrxsnLmzPE3NC7mdY0h9QTRd44nRk7SiexK7iz/351Fr+5ATsxWWdvOzl2on5mU742Mo6b+kQOXeR2rXneSrtz7zw/UtJG/7RoDwtUx3aWkunv82OS3fozM7FpQoVlklhP9YGxxo9+cNNZBbnjqeJfCN2O5xanOSo3Y6wHhW2xr5MbFYTKOrljwDBkzcINOQjJb4N99y5Uxl6YdV+vWdlOI03yem7zUYvj9Nz1/MUMa+huxNT4bjzjOM/DkWMUQwBNdNxlUVOsMghMXOBwbPfPSnmbVP/nmfkrUQUHzsanV9xrLz2lwvhUOiUTpCxxX0ikoGlnFNsmpgySuOZ6LvBGPyBg6eYm+f5VUIF3AhEF6YUayUY3SC88x1vlelRLC4v4gNEVC8svMi8EcRxU3Ed+VHVNYGY3SeCFWg5nprtxDn2HuVEk8zUdpzVXVMi2kiV3QqQZ0XlIsTbuI9NSya4wBOu9g4eYlCyGl++YVrulyOAt0v99QOf/bc/frmPxH5WUi9ZH289cuIvcd3t+cXUL1VCo5s3R2rmZUuuLr16kv15/NXxH7F4fU4T7W6JYtbhHMPJh4V1zjmtDn0sIilPi/HUt7kc8miOB5sWV9rBVoFTQrXNypqbM6xyOCalGqK1qzydt/2ljL4VnJxFjd1I70bxF7ju5FgUjhljQEP1NmN3qP5EGtG9utStjddjKgUXB/CHDl9E/eL29ja+eHBx4Ycu+L42lpWVtYfyD54I5/OsXZ2jc2wnHmgW3eIw4N4fbheK3U3M2BuHj0MQIwF1dgc1l41pbnWcikVLhZSoqTbvJAN7TNQLm8ZPa9O7JgExPTBazIfHuZ7sDSdw24UvoHQhaRbqbbNuXHewFzPCU22uDmnj1zgcIPHUU+Xx7/2hpRAVkRbTqIaNv2v+xje9dsC5PDykryYiapfi4+eaY6bjScZeHKdrdpGqq7hKD6Zt0jRydq469xiGqPtuVKh13UUS8fKZ6HluhL4gmJt5JPqqoHNcC5l+Z5ucY92wlF5VI7C6852X8/su67Fqt7CqvFryZ/A4eGd9/S+vVvyMG3PF6D1t/XahdWabZ1LPdaZmjbWdtbXVp9eOHP1DPIl6JGCeubJmxQlHkxIEzDJGMD6Dc2Nh3W2Ueouyb0Y+iJ7POXF5q3PWOJIjjKOMozuTGjfxUGmCtDvaRFnH3CQrjP2DT3qBE0+MIRTa4x8aWBLcRia0AKZAexC4jy02LaRErVRNJU9oRNH9pW674LSL/M3DGkHiGAQu0tzB17ic2fNljePHjrcoSHD+y+NaHMbRRQT8NvmistiyyIP6vZ7y7+Zr22j42MDmJ5nExAjF8jLkGDEenzgu6ZQjKWU4xiHNoaXKxR5uL6rtOsW7TXvdrG98MmJXT6Y0EmvfGT8TJGCh3TjVRLGEk1vU6HKA2gvXxtcEolCcEESa2OxStKyVybs0mY7xKG+euzB8+tNfGv7zX947bOArkWy328Jak06SSoYnnbNwOLVZkZm2ZhUclD7MC5tmXZ9A5rRPwffjRmUfHkOYoQ6tFUJRmZvbrQ6DzaxVQMLlo9uag9R9JgyEquKFTjh9+/B+0PNN3mX1KhyB1Sfffuvr/vyV0vHLuzMdYu+/yW+qX137ziGGaNSX9nQH0xpHC0+XxoOG1vQp0crqi6tHj929unbkzzCVnFZATzhstAlHlthhxsm5iGYV19mcVJ6ajEUb/+3D+UpzO8yaRFG73YVKSb4xZ7fO0U9VaCsOE2BsVlnzjtBjh82hiFOpfLqD2MCaxoashiITY5LA2sOTeQFHfvRIUC57oKGiecrFrGqUnVFUCZMDsHluY9cP9xDf33+5srG6uvYz6q6wLErzCml3d69j4KHjzTKOfTy18fLSLY1wOrJi4tyk8klkg8NfRu/sQqpK53aldnzj5MtcnI/JXMOZYmmartcJ4OlM3v2Vyph/LiWPqkq0qCMZL5hqj5KIWVeeACo9qbO9jfd0bm5s4qXxrd37Oe2YxgwkdfxqPMhtbpBvSWDKxUTpW/x1zbYJZcah4+XTuSlxq3SUrVfapKsAtkuJc7inY3a91J0NLTVFmgrJMRzyLPwUqaO/Fpkl1lJ8lY0A3ll1ZH34o7vv/pC+TeSV0Ptr4kM+04E8fuuR/3zuye07cdXt+jLj1G/a5hMavrxzGYVTQlz7C5xh5HyESqshfWURfjBSOr6PDuLK6vr69/Gexx9sXdh6w/nzm7++s33xdUeOHr0BecXvsZGbRPjHycVLTAavhYn0hGorkPYTihMv1G2yhK9U0GlOro0GMnvw1WiRh2NOs2KbwbpeyKqCgpNyTKCEEqwpWE7EpyprOsspDYIVOfxDa7nWtEQ7YvX+NwvoieBuVXLcyM1i/0QR2Yox8k8t47Af0u3snMcHIl7THBYIR/On/uD4SP6hE5SX/PL4+M+dGi55q+pwZA9GDsJO+wPBBod1m8Be4mzgOcJjFSSSCakulMRhCfwAAEAASURBVMeunWQXqVIQ5rZdTDnV92Cw+LqRkz3MELX9Z6wTxUJc6xwRdPLIJH/lMSRMsU/7GOZo7k1au7oyjMbGf3zlDNfnlBpg5D1p6FhOdNn01LMLxEgcMAZEwqVqR7EQuEvOV50pdmdinNuj7tBoRZUNRm3/ESzjhEsipDOJF5CYLaDSnJicfD6h+d+DUmItxVfPCKwOa5+8/3MffeqV1OPFd6er2Muv3P3hjbWVnb+4iilk6FUujHK2aCrMDmtjHR9t+inm2MbfNN9ZO7L2sxMnT/7VseMn//jsCy986/QTTz7zzNNPn37hxRceu3D+wvOMgYIAvKHEYoWTl7eM3KqynGm6Nu2Bx35z5lbhA2HXOk1SF3nYGrW7a2a3Uds9HbIb0vf4BafFY+ZoOtTNj4QTznEuNDp+BVrHOvTeiztJmJORPb+gDHz3D57QpruYm39GIsJeZ87q13vGTnbO+ih+exxv4lYL779sL4/7Az5wzhCJQXvehZonzYT9pW0yUZ6z+ocGa/73xhtplcdPgAgsRdCJzmaqdx1VAxfXTssI0s2j7Pri0U7QeR7B2P0cIWvTsEbhAmg+i4FEWdaItjUW1fafiZcu9qx2HQfSilfCwp1zUxyQiY+7JDT/QgIbOGZ1s5514arqWZlARsyCJqcQb6ENe1JWFWRnWziSaqYaEcDK9qTk0WgmztiClX5KQ6V0WQPFJkn1RxTsmn8yRsz/tC/Lq3EEVtbWvvTAvR89sA85XytjOO++dU3k9vV7/t33d1ZX//6wk+ECcEGMOfqO5cBhbkhM6stoerGAN7qZfmdtff2FG2+5+d5b7njdH5687rofbZ0/f+rp00+eevznPx9OP/HY8OzTTw1n8VvCFy9eAHFQc88t56EiU2NthIibN3XhFRMamNDUwgq1ZXlohiPWxZzhH1rbO2/EpR46mWmLplJKd5mwY83c1MZQNZka/seWDKIRMMAwjiyw00Ada4FQu1DfbTH1B96Lydr/5g0h7N2/j3/6Z4jmg7Zl14Rsnj1bm+k1rtqnx/GDHqtrWGDOK4vPy3noS9YdxPsvI2gczzj3OPrxR5LGD8PJ2jdUytLLkcMkABHY4sjxCMwtNhDobS5wf0rSVZoav+uJcuDCy5NIG0mIjmK/ad3soBJ6DqUx4zria9/DtMWV4zSfgLem7REuRj5obGnQEAIYOUIjFHRSp01AGNgMrnCdu9dFRYLc7GxwprE7D601OJpQccbluRZZhJ1IbxCjUKEy4bAadfNpQhqn7VT3+SsUDZb9VCT9IQ2JjZhcEMfnf3jo1IEYp1Dml1WGWlavghHA6fHwA5/7yD2vxK5eky+Re6Bv2rnt088PT7wNl+X11l1qfQUvk7dQfFKEm+Qelz4WkivbnC4w/+AJ586W8fTFJNJXSusrw/nVEye/eOzEiS9t71x4/YvPvvgvz2+eO4mvtsH3J+JD9M9zTlrRz7zhJfXhCJ54HTt+XE+9TMrkOE31SZZtaliI4o2dVS7sYGK73A/bxJYI+WCHUqNYNncgHCNakUkjV9xkyZh82TTVcomXphmKeoIgYxMTgSpoqRPV0zbr5NHxkmxjI8jY75EWDerknXK0wiW86BNexLnYRp38s4a8c37z/E3GLarL+y9/huO8me4d3v4m4W00C88p6YvOtpZ4V4C3+3b1wUvstEbBY9VrPpXJc19xKbMQz3FVC7tposTRRr1cKKhBRZEh7l3sOEZSy2K6aMWeOpber2grCSYkSqNcGxOc4d91lHRECK/Bx5BJK3LveUQsu0/AvWlApjZpAuecJxY3E6Fm6nw2ed3EYJXFMvWjQoMnHR3MgoRYWiO3cYNJAGkeG92ekEya4dtOIDv32O62otA5wyk5G7tbO3xKCTvHq+d7O2/lFyQ6/yGKnoA6qA46J14JvRRfeSPwzLHbjv8xzo1X5JFvt7Jr8bjde++HzuHR8Z8ddm67H9zpEOFEoAo3fFUxX7QUMW20E2XeU8xhyJfXk3Z1Ze0XR9eP4CtBTg7XX3/9cN2pU8PxE8cH/rwbvzj5DD6Q/OzTTw98yvnEY78Ynn7qNH6y7QV8Fc75NrG14E3IFFT1hR3nY90f06w5jrOjZsPmDIGABLV6nl3OMLAmnjVKuorFatSKL7MsUACvDcp0VSpplpKyCrGWDUgnq1ttoHE0lGU01B4Lu/SxCE0w8NZOaRzHrNYagQ/3PAt8fPeQiSc1nmLr2Eq9uvKQn3DrXME51XsZJwjbeaqMmHAzixRH2qvQ8CAgdIxLT8s3VGcVowl7QtwmBbfwxxWCnzWkLOoON02v7dA1c6SS4Byr49T4pqXOekrS12GnrA1AGrPY3+1W11QgL8TJwWCiKGd8SlDtejsKuFi4mzShceRZi516VKABKyemIa3LZJlbFIY7lJk5JtR1OEOzaJ88aWY+CzlnKMa+Nis90uRGfcvHLjRaJkAlPI/gl7j6UQkeTyw+LQRvkwv/4EoKVIqFjlRdty6lV/wI4EM9qytb/5FvCXyl9vWafoLJQX/g8x956D3v/5+/jIv8v7oKB4EziaYE3tBxwyzTwzQbTvl4Lre6hRc+6TV6iolJBN9AWZ5i0htTy87O9vbx7Z2tE2Zbw0vqa6tYo+TnkOEzbOELjre2LmLbGi5sbvJLvAf+eBv/dl7Hx87W8ZTz2NFjw/HjR/F93Wuioi0WRzE/MnNPnuxEk1Mfi4E6kwrltBbU8/DpN3FX/MKi+Bgyw9hWzqoBtKH52NAUEBjfQNYs1lkf2q6nPYrHwBoxoFGPslkjDv062uNrLX69h08jdy3H8TTaZXVt/SHLo3rff83OW3qOmOY2Du7l8aTXmOF8ywFtH/LRKqCPnJNZdBl5rE9ed3Lgzx32Y5aSh55ElO3A9mWUqfu0XSl5rLsdknJJTTdUl4JP9ST/ep6NHNWo4LG1hm4WKqd5JEUehgbtsImTDfYzZbZFALnyTRhajBCKoy5wByiwOapinS+mj46JJ7bJYLa8iG2NMZ1N1rZUmpCWaRtqzlWnTp0UoE3rwPHcFlz5ZP890cDQR2S82IxIsM6JlVksq1fUCKzgGxl37v7aZz8R3zLziupb78w1v8Bkqv/6/a/9/Cc//8TrsR67s6e+f2k/L5PPWwD2CLyR10+jY2W0iml2G08x8VI4LJo+jec8MpkqOK+UqQN+K1tkXLlwYeuusc0sUXPCWl9f02YLPxnPrw7ZuohFJ55yXsBTzo386kU+/eHTz6NYcB49hoWnvm8R4Z0Q0lYymY3n/agzcwUiioVAy26zrsUY1Fxn6w6UPmkyg02+H0gPpdZUaFDvwaOtz9MkosJM0YzcMohytWx7bXffqnVM0cPA+K3bmYBV3TDLtXluc89vPTh23H9LrDyLD/o8jUh4Qlk61daMRXetvjzOAcMwaCw1aFRMS4xcHz+69LELdLS9hLv5tluH5597ftjGH1YujDFTTDPXOIOeUUzd3Taw0saywQjU9aTRCNir10ZXHlp1DaBuR3gK6BQTKRiVC8QRDzgcrzklr+ltZ53LoAaVYEBq7WeQ2w0GQZeHAbvVdbzymmIWLOYz/2408qkTBM8mOM7zJa/GeGTs0Sy5dtwRnEoDiuHm227G/HpMJv89qPMXWHyDCMaFI2wHKEf9B6VUtkcItRzLySzrV+YIrKx+6muf/ejDr8zO9V6121lXXXvShz70oe0tfAIbF+wLVzM7PoLcPT6mM882CWyLh/Jhn8aB0cdXF72rtfcpcMF8FC/PnDhxYjh13Sm9tH7y5HVYTB7TxHbh/PnhhReeH546fXr4+c9/Njz5+OPDc08/M/D7v7e2+fNxKOhJTHLR1JxPsQmhj6lPBismtSdJ1iStdajkkDBV2HEg4z6Bo8q7gO4S0sa0DLHNyXRKf3GNG2RKQPiPwdSxVIJYZFvrcWjehrLOQ95vFvZiHYV+2xcvnsET5l3fK4zfG8dNKR5Nr5SXx8XCRWQrcVki/LX98jjy9ZjpYPGA6aDZwFtuPEmnuoNTRhWFxhhhSkePHhlue+1taYvKccoghYEOl12CrXJGJrOE40UxUHlejPo76yaNc7eZp7tPeS8SbZtfV4Y4d6lpPJDZXlTszRGO/sWg9T7N97afeVs7hdGhBmg+C705XskiJzYih7SWVuIWVvC1K2ktT/BUNxPDKb52BRltY1370DagDangL3C94U1vwCmgJeUIxkCKC1vcLjjK1JTYKdJCjBEiknOjXAqvwBHAHx/3f/Pej379Fdi1mS69LBaYzPof8Cs/x9aO/RGu1f5YY6Y7ixX7eVmQTzHnMKRuOlTAUoWFwdQSH8YIW+Wbx4+nNK+tmMuR+dcyn3Jygcn3cp7CezlP6b2cJwa+T4hPPM9unB2ee/bZ4YlfPKb3cz715JPDC88/i5fbN2CPLraJlTcBbq14gnTdDBDo68366gud3VArBuBCqM3plRjsRSNL6IyjnTbhw06VCvVjwYpJ3YDQ+8bAm3XGq+b0lKWFC0BkazCNAThz9syef/wcxQe1jMdPRf5QiWQsVmBCOnPPwYKyOHPW2bBrvZ/rYFeCiTF6j/HwgdWBAkjnEDuU49ZOLthy+GLBEwtQ32jjZrsy3HzLLcMdb3j96NeGPNp0T4oQrHA9yXFxM7Kn3XyuaVlExxyNG/Wbfaz9XBxYFh5pZZBkjXOun3PtKC6utMCyyX6EdJi1SK0q25kPOwmqrbmMBKIUKgXSWed65NAaCWztscDI2rjbT2kOiA9ZV8xk7A3ZnU69aRD7UKuhsoIIyijX33DD8K5ffsewjleKeI4bUutAYp/2iIL9aE5Fk8Awggf/TNIIlsIrbQRwr37oX73/9s+80vq1qD8vi5fInfxXPv/hn733A//rp3Z2Lvw31l0rNeaJnG9549/ivJHtliGnj5xOQofX1o9j8bfrh0Ka9yUKesrJp6ZYYLJwAtu6iJfV+dI638uJDwnhy9+HMy/Euzk5Ya7jydExvKx+5CgWpkfz1OCkqJmPqdcuVJkR3DXqWdC2i6HFpMGBnTdIwoz3rXslDbwpWmb4NkfLToWcw18ig3CzwTLblFliUVNxrZuw2kNQNGRTw6yVKwznzp3Nd80mcE7lT4/D+/zK2tGfEtKecDc8z5+yyNz95fHmZWHeHzG2HUbNv03WPNYeXgfKNv8AYuGxpTxe6MgQ+nZ8wvGmm2/EH0vXDc8+88ywcXZDbwtpEBIGbTtgtVnNlEclgTq36sFNUKY7cmFDlwHqbnfEGehIYbz9aaxh98eSTnQ2kYmpQxEPdNPDsAjffNLXfvPzoRYIVYkopym5ejFDMPIPCUrWBgfYoBCFDNwZlfVE1btrQ49IKZ7PUoJ/DnD3od6l+ncvJ8joLPZdwXfW8o/3G2+6cbjpNTcyECJwXiKGXC7N04rsEvTNlLHhJxV3pgDhNn6iY1lemSOAuf707SfW/hNfkX1l9nC2Vy+rBSbT/8Y9/+8Dv/mBP3jjyvb2b8x2Z3cNF117/bIPb9AovuRN2KYBGcezijG9bq/5hoqLCP6yTweEdOHCJvswo5/iDqLNaZTvzeTm0t7Lme/n5Fck6WuShuf0lUjrR9awPj068FdnjuC9nGttMm3DYSrUmi5Ruztoty5TTijNKauiSS6h1M2IImdv+6eP1KRpAgzGmrTGb7KdWJcEitzu2QlhW2lpByXjsCikn/5QgVsN/uK5eP7inr/e077/cmXlEQwlPg2WBYtI0ZaHkmyXppGM5Uyoq3LDvJTCDj585j9iRnE1gDF4TlK3cjR8S4+ecCxxs20D3jtF/Tr+QLrl9ttH1MFKVUpW5ND4NPVRopm68dAFJXOzuzChVhK+zJPWa5aGN7QzRE/tZ73z6XhLOHcQXH9AQdU+HAU5xqiPHD2Yp/NlDFmjYzQD4J5E03v7YQC0IBIH/dt4GVH947iYI+rAtePn0y/drI8s4THJR97QYYYVHT41qTrdIwRMHj+7B1xZA8M+8MoIDhModvYviLBXwKjN2WwSMmPgKNVzkOZRXhOFxj9TMK6fb6mZ5tNyht3dEZQ7KHAy8Kc5l+WVNwI4whsnTu38/+y9CZBcx5ke+F7dfaO70Y3uBggC4C1KlHhIntFJSnN4ZizNrNca27PS2rsTM7Pr8TjW4VjbsbGOZcRubISvkbykSI3G8owkUpSGo5OCTh7gTQoASZHiBR44CPQBdKPR91XH/t+f+efLenW/qu6uqn4JVGXmn/+Vf756+Xee9/3o8B07qoE9b6OF2pTOxzw8H5nek8tmRrZWbbzY7D8+yAvSm32scy+VSn5UQDGiSM6cCtFcdmMDG3y2LVQe5UzTKOcGH5UEJelQcJ5yT9IaJEz3Yvq98DUsL3790jSvacqz06irK8Wag1BhZIBJVM+rOl9dKB2O5uC9pA0ACeEkAhDbwV+uxSmhihoqEBk6NuHCHPJYoYNXXcrKysolKs9fNGiLpHScRobN9HQszrvHefTSXnvJf5jASFbAc8SGs2BmDYYN2540NpnZjkueFsozUEakAqmY7tYZwh2/FMDesHseE2QAsagEQZvKWEw/IKbY4sSqyAMkejFX8FeB21u3u8A4ttodSYWnHBLluHgSgS/sZbWD5JkXfXnODtVJSAEXBCtlQDrBOFQPQ0bMhc7AfEQGLnQMUFBlf0kXsz2Yca21HPXcswgtWLUMfg1w/gDUBabihEEgSNEllEDdCcL4zE19GQS/LlTAZfgCnUVDWT5nl3iJk8g6MXuNSGkTDC0jMFicbWbNOikCfHtZQ6ieAVBSHfCqQlARvrWwPH0EgTkC3aCZh4BIV+mUkDC0lwWoWdNxN3bfE4fvmG2vmlWuTUs6mHQ+ZvrWW/+3v6F9pn9MP28sbNv2AD9AuY7cZah3DbSCA+Edup6nZzqXHcwDbHMGL+Wio5yYWidHAlPsOCIJH2d+nrA1Pm1cScTpMHg6vzOqj0ny3p5SKXqxypsYL2D9DsZbWfoZE4NEel62pKbVZAICLQftjDJ/oTMCgAFhgswUGoa0dJiikCqHLnZAJ8Mg+rLvLwf9ytKiD9umVOkU7+bndC7mxt6yCZg1O5IKF3nlV9obf2Anv1b5cqhzt9nmF25SLk0nGaAHZudC27hACR+AcbnX5jqxZsrRQR7sVFsBD8GfU9VUUEbQGEysAPztjZBpBfzm0yzErHiePfkkXeNrdUgbRaDycKYgBryRQCwOFiWR02KFXkEBV3gm1s1mloIwL2BrBcGX/ml2yjETZhSbemqBnBe1gCeEQkNsGZVjVQibe/WFXJHtMVCYwph00r9n004gkUqDTFdcOHEs5YhRTrHiSGn+r54lJjfvC+QoKAU0PgDgqIAwoTiZgEoQGwue6JRXrusKGwNP6gMcVQVWjMsAk8B6M0KeRKoScWJWhEEJ03JKVSJXcFGfTYEMVWJleUnYh3FbWADHEbl/++xDd5xti+rUWImWdDBRxyNHPn/pplv/2bfpt/oHtdS5jmlyI4ZeWvQOV68eA6QEvSLUu8IGFk/T4OvGcC6TbXr78yhnAu5O8bWcaZoi3VjacFacZcehcTzgY1oTxyRh3RKO8lCB37iURKyDlYTh8osUvv2y1+9ghWde1poXO5nCGLHI8yMWwxGY6gxYFSKHTjZ1HkeNRFPEa+tra7uFQ6lY1l9ShzNB3uNKwdpL9posL7MUIw9uq+ZBy6TMCKoPJxLBSVvBwhId+t/Ti8uLTDdqGMFeCMZP0DaDVfFPdegKhw2tCfLanIsNJ40seZUVfMNPFwsWJNmBTQ1dtAUNnUbyHC2h0vRi8Xx29JyQBP06ULRA8GDCxXsmqdSiUY6lZs4R0dN/r16S9gkmxuwYagHiaHJWseCksb/G85crJBKsvCJtFiii5HlSlY4CVTnQKcb4vbAdkFeFhjUnNJ6OFIrYjRAUmSK02wQoDIUABAIgZZ44U45CsZrCY/tYtlaEShJkaI4qJgcPMJQigBPXCaVGCSrQOnOkixQ+vilofZgPMZB24Ty+pB7MnKEsC6nzk1PgECRIVYLQbgrNe999Zf9tH37Pftp1Hzv+izfOPfToc5ObIqiJmdI85Q9+/tAXTzSxipuqWtM7OOVq/9yRu9688eN/eoSG124th9egMvyA1dugAQw3NtLvawCbLWeB12+lUU5yuBx8yPfgl3GcNxDRtDqm1mkkL0Y3F/EIpbwStVURmXcvD0mAHkAxu2oC816mLEOkmFCZgIH4ksBMdEbSEgPsMRAq0YNLqVjy3M8wf5TknMXFBUx7lF2qoc4xVQ463UyF3eMqFKy9ZFfDG71Uw5iikiaqyQkVSWVjGnXGqeaBwhxtwBkZ3adopeOlHJQ2ikuCTe45XuwKoEz31DIiZppD08naROn6hZ0I0GIpq0rw6CAInpQrqFUgAC1fCMBHOSZQDU6I5qsZCV/BV2CCIsHPqtB7dVWi8vmIeI7NMw4WGs8gyPNJ/OifyFe6ERI9nOJIgcRga309As1Q/4CEj4Z6I6PMQKyt7Cg8gSv28OigM+Xow2WasWpPrZsqZhIuJt1kLaayG0EtfVUbgIjqK4qacp9dUa7lqwSLUXZg2yAvSEgqhmJnLmF9wIQkI6KgcpLw6mHolQRCIA70H22gAnP0JBodFKqpJ+iBqgP+WMeGtkChjt9wIHkViP7of/zt637vtz/44UiUF8w6t33khltu/dB7Xv53/+9XnqhA2j7F0ciRYw9/4fn2qVDtNWl8b1W7DnVRPPfQnY/TT/uNuphsAzGtv7x8G8Ruikg1yknnctK6zO7uLhrR6uHjkjCCid3pOBR+ZVkdk3RhatKZnDjrTJ8/78zN0TFJtLEoixc+/uNli3c0fTjCFwJGFkxalcmLWcCcBz2CeBgqR9/CWACGSgAaR/BUuWBBLyNfU6CMbmBaoV34AxaToskOOqNUQiQSe6v42svyP0Ua8ZLagZWdZtbUuRXARGal2I3GAzuY0+d9Iy6kZklFdAEig0OGhC2V40RQZARBFXCZ5+4AhZ4HIOlyqR9wAFKNRSk0Gn0UdmEsdPzgGYXAluh0nkcaha8mEE6GXhLcRCAkDE4jJlacBhJrx3nAPLgwUDGwGFO8Nq6B1kuXKU75dJxDffXHlBqGGgK7WMEUA44M6cYRklq2mEdZ2FBoRQkKXQkJ5fKPmUAXEMMOKqJvTcYp9SWjfJxjPbQMECEpAXkCGJNacP4FoEB/lDzYWUBMLBQmhr6sHzFgkytClgPRLAv1EAqtmo4UVLEgHOApXJRzYFqBC9Rwk8fUWZyveNKZcCyI6Yzdplm8+a5rDvTazqUoe8uNV1//9z/54QOSb+eYJvKOP//wFx5r5zpWU7fyvVo1HLYZBx1rnzv8HfpNn99mVaoX72ajtKaxt3qC1sLECxujnHIuJ+5Yh+MJBzROo5h0n6aDw+CXFxedixdnnKlzdM/61IQzS/esLy4s8MYi6RRQc7yS0RmrV7N6MZs+AAjIyHub88jYAAbii4L3YvfSBQwIz+tQ0N9xJ6OpOU/pS9MzC9QllT1mCqMaHXQ2KQfXHafRQvOcgq23X0c5iPyDxLpdlbCVJRbBf66lpsehF11ZGbhzevvNt9iirCgZSSmMb/pIm4nxpFmQ549GI1xFSTZXDKCWSatS+1t11tJCWppixoT4omDkiDyv+xdaxtN6eXwYavxU5QwSO/lHXoiss5Nnw9YbmAgoUx8IQFBwpPBc4IMgjibzx2OgHUuMsOGfPItIyQeMlV4EQZqxKGkpgrSdJxQVfHYRnlJPIIlOkM3/WVWxmlAAEeqSltCbcJS+Sgwx0XxID8UGKPzx+LMw1hNcVVC/dYMD1iA0CIqfKQcRZOuP4iHfIAS92BtMwJDB/AWdWW+rCMUaqlDZroTAtlMsuNzKo0xZCIwQdMw4ipbLkTcKEBdV5EzQpRhBA/2+A/+RGFRmKbqP/Mq79snIpR/nAzdec7kf1m55OuP4tWMP3/XDdqtXkPq09BS5VJg2/ax+6FP/+t6V+YU/pB9rRccNnW2l44qE92bE2XTuIF1Cbr3iNkNKc/GM0OafSIJ2oWu18Irlqy5xRJL+rKZXnVVsIKJjktAhwElNWMckxaLkYKEXoc6MR0wsC+IlzZ0Q+FtwZPMDCiEdsY0IGIKUqRxw7I4MMiBrYX5+cm1trezUODjg4Htx7siRU7c3yM5x+IvW2kuwFql2TPKLwgWHbFW2XPBKxXQU1UqpskrwpaVFujd8xUkl6QpMdOJEAHXZeZIKScNoLRkHjJGwgi/rtafgED3zlTwxUDRgjHbSBZY5gC98UawwhYEQqALBM6VSjAJK69oV6m0IFaKQSWvyMwOmYhctwN+szEaIRZ7hzQw0JXhZami+QiqGyBsV9CiJMI+pXaLSqhpKCL7pN6cojAS2BRwsLtFg5BFk6hllTEdfhhIJxYxx/V95xRaeaVsQkP7MDzEluDoMUPqwfw40TSR5EJnnB/gWf8D5uWUgCqRuVCvKsgyUWTSERHkw5RQyrJfKKuswCkrAn2IRCxxuf8UYaM7bb3irZxhQw5frxmgRfHOEaCxW8i9hcjyNtZpD28ZqQe18pjc39G2K0dQ7PpR8EFrNMk9+/z8suE7nPfRKg4fS5CG3r4OueEzRVY84voZ+kN6Lr8k1b5R6eMuUHeWkpTsbG3REEu2qnL14kW4gGncmxyeci9PnncU5GuVcQzPTbxj/6ZP31sJPGx9ATe+CPAIKgG2QANQBcLtM0vRUIUkBspaXl84vzs9VvIEJ98J3080fCMRhNhZLvsanCnBeaahGJa2XUeXRS64ZM23QVzyRWiUnOHAHNUPT5GxNMo7qpEkxGEo+oifyKDJ5nWFiBTdlKKIMk+hydNII6LrxTwJcAc6hmD5wa3SSGXh8FKZmJ+RgqAL4g9AKLEfKNaInX3ES/qKVkU34YMmOBCGJ/mDPdqJCwATOdRUFQEePBcu39JGaGZVQRjzsvMgvGMFU6lrcdJLgoDHBMFOcpMwjhzzYUjtN0BOPsBaMP/5UmdZfE3IxfWk0oiF6+nCAHWAjZQRVb6Jj2zECmOjA/FAoAInBT9IUgzf4QiLhKjtbREhaWaa06Fl7sEBBHh5lWE8NRMQfBQcdiGAd0EoRaLTFVL1IN8YlHOC9/sor9B0sxBKJi8EoG0/15LOvnKNlT6h2QfjFL0+eLQC2C4BmUXud4W/glJt2qVK99aD7rtonTJx6ennfNe8/k8tE3kM/67LOc4nn3zYGv1dsAKUJpn439LKScvXOUK9YoAMHZer9oo8o4ldOlkctXdp5fBuVd9JQugMnBI4Wpo6x+zoajfEh5+Be/CcKEe0ZcIAy7BHHyCVvCFJrODECCHPzwfB0LA5uIMKaziWaTke8QXlcdxnF+UEu3SujrK+MhDS/vm2b2QilygUOXN3mlFqcm5uYn7s0TMmyzxeo+wcGuG0pmYvHU9+h+8dpaJbqAoag5r9ylS6AMUOsiQdI60zPqX5RMxAFBcF7FAuKGCAjqMVLFXT+0uS12UymrxxOyTJS8eCV1+QV2zqhApzXP5mSNfEVaNeAO2Gm15bwN6fg5SkAmQWIEKCgSKnuvwBLmV7rwqWKDARW0AjgR0luSsu7setv6q6b0i4DQ8lLLEKYLzLCV9tPyiUWTVgRASJWinkQqYcH4ZSwhXykTXuRvoCpasNabA0fNcylS4wiCgW8GCQJsZ/GY3lA1TK4/sCVgKTgckLpI8WImYbLCFFwSY5O5ulfSOdBuAYiG6yQZkOAl3Dz8PNSutjjoQG63YQt6gmeXj2pPloG1qY/9Xjw/S+9u4afSXX2NoWTOXX+4urwUH/myoOy+09Z67UT77z1H++4vy3v4KY2vdjnuF89cuQ/Bv5DPe+ZapNMWzmYaJPxt47O7z10y3ma1rmesiXfDKbfLt2QxWjVGwKM+S3BxMbBpLNeUK5wsixb59V7hTxGws31ZbOZjxQTC5ZwBqJ0rzicTTidUYpved97nY54t7OW3qBRvcDL5YqJbGoYGU8dewQHnOyANZ3xeIzP2oRzjv46Qzsv02QX3Km+RGs6lzFlS9PsaRr9xNs75tKkvPLcTIfhVRoSECRWucJvunYnk125OHNhlhxaTItXInB66Vo5jFAj0PKA49F44gUzemmcS06gi5GHhe5d9GCAq8AVQJJxNZAjemYKYHY50t6j6i/x8kvz0/vTG+ujHqT61Mz0tPO+m252ItROxUzjyRdVi5hPOnRw4B4ZOMqhKOjgNTl36KymxiUr2pxN2uKn0FWJ+guQpVS0EbNgYu8LMBsOvTkP9lRVr0wDCAwcPLdemc1P6eWNaiFPH2pivFVUKfBVSvISG05+5v68IGqHV5Tx82EyNBknLNsaRCQ8OFKcU2CRYmHo9gc/nQSSQdd6qiLl0DITAvAzocsRyTOiQOCAoGNhyFn60o4yYxCBovXQPTJND0QKujbGv2eYplf6MBqLtfNCJ3pKVQ13Vhr1gxDo5zhHn3zKOXP6tGZYe7Rr9/6H44lk08zePXP01cnxyYvnyBZrkxdmp3/84LEXPnf3t56rvWbNT0Gj8HORWPqrTz/8xeC7tJq/moE0bIs1mP6aH3vk7tdvuu1//SHdz9jIO8ut9wO/IfLEljtI0L4mknYeH8ojrJChvwSd69+jj4Fx3kXnmy87F6ZnnQsX6HN+1pmZuUinNMkrrAKzNiguWMtJnYes4VQxjXDqY5JwRiOCGiFWh8Hj2ks47yqI3RBL80oaeea9sjB36RLdhU2jljmMXFYM3bSpqVPvHKfdnafoms0jNL7KwogrvCZKe44kYOxCytpMLcEbvawosm6EeKJramU5+Pvx7NnTzoFDV7EeeZakn4r8MSdwY2r0rHkUKscOlm4G0KLDzkOjMuMkUJlyyICj+Ak+/CfgFchX3Iyjx79mIEMOs1F8NBpHUoyM1kanSLoeqZICLveQmF4z1mktS+ckMnqyQgJVMatFSVU3j17JUsLYVqCFzVBvHx8z/SxwibUoqTWDOUO8wFr4sXzOaj0UobK/ZgIS/B1Nj7i0A/NAMasN/RQuWBcLCm6VMgnx03YWPUGLdsn7G8smY0QPGyn1PIEGTJnYqKAwld6sO/PClypRdqHaWjKUfRSGgGEPtr+uuMdBREGGDqQDZmaO/vxZgdQck6zVjs4e3CbWVOGRx1+YxKeplGq8MovdXbmvPnH4S3ONZ936HNvSwUSzPPfI3cdvufWf92RymY/6m6lxG3zoVQPP0n9Tj+lx8iTT+x1v3uzBPGiFzNho/hnevb2dDj5XHNrLlNlM1pmZXXBmpi+R03nRmTo/Q8f/LFbg2j7FeJHDgcRHAo0Q861DuH0oTbcP4bYZfFboH+0fQu/CI6OJBDmdOEqJzuXEWZWuG1/P5tIrGRompl3uaboCMkV0uGO8qpE96NK7a5fToUcuaXv2mXg8+S1yLtPUoVjT4iWcS+Vlqt5MKuPNxPvgBqFsoprpcTDo6h04SdPkZXmVK/z5U487lx+6kjpO1XWysuiRKQG7cECHjqBjgec5KFzOWHlfoNRcOMHOmAEIkQCUHMVfOQyKWXH5og8rq1HyhEtGyCWvB4/91fMUFURbH8seUqxjsYcPrN0bVFvqh5jdGIVKf0mjzNCTQpBY4FCCSrcJEwo7xcX7zrMBZTQ/tg+lVbVZAjhqVpBJafzXdlEMGcBJYEKkqIA8gqgheQX14FqEB8gj8OwAvhy0IHEEbXWAo9AEiSiEziJHRTx75xVov5SI5HlmwYqf5soEqhWEE4QoxxOxQlCC3zxxwlldCT74mEh2nKa210wV6/B78y1AgwfL2Uz0azvxCshqrev1ytVStBDesSN3HrnpY/+sh15BN9aiNjuCtRDk4aqxTPq1+15bBHBpGCuX25+HXiEzNjJYFiNCU6pDu/v4c+21lzMu7g8/TyOcDz1yjP46zjhwQs3LsCy39igsNcqJ8zgxuglb0HpDeqnjk/dix5FDZY8dKmUhrBnt6e2jZQ1qdNSNRF+Ox5I/yUViG+iKvDWX5ZxLjzs9J3aHYacNUiM7la6egSnSeYmumPIO7TSSKidmZ2hEfXLcGaZlV0Z1qgIUl67PrgScIYOHDtouNOK8nxCnNI6gCgy87GCNDzHY6+gVFmNr+Uq0R8+sxPQqU6iboJMinmxxHvjxMuqocqWxsJU3g7ARZLGHx1PrC0/JQlYuFQCKr3GERADrLaVA0/I13PBS4Dzeogti6MO6SAxCogGZkqkYiHyJudWBh4ZnZAuP4UqKVSUGiEPMHqhC0YhSVyJGHRQ7rbeXRzVZX3ngiJqTRAMSlkcJQy54xr6qhPEIXz29nNDEujpAUMIogaDouF3Yxp48lBQ+f7qceOAM4Ed++lPmEvQrkeo+GZQ2pAtoAddZozf5Pccfv+NCQA47gozHTNq5pp+6bfgwbaw40Zg6Kuexal72yCZNg2Qz6cvoXSTzsxXZpFIJp7+/pyKeHwEjcxjRg9OTSnU4t37sFud3f/c250MfvNG56srLyRHq9pO0dR6dDuyBDUSNDjFaE7qLNvMM7N4tzuVaNJZ4gHZm/4AW065z98c+JXqzIs5lnkKqx6OOXfVY3uhlHla1mWpHL4UfjYScknSQ+Mkjj1C/mykg9Tt8BgGdMXfIBqISDKekNoOYA0bhTpxicQKQAAz/VEevTUeRwaESCewEGZnU0Vt43O3bAEprFRQ5GOIjoiAbOFq6KhBJqmpKL4FpQqHXYGTBGM8pPsxT+IoTBKGaTtULGaWQBksxc7O/FJYN0Wl/AckESPj5KQQOHLuuYgGJmYEQE7JfjF8A+OI5wOiqGmFlCKFRzP9VnjkhqRTQigIAR5hZcBo0puHAkwEEKwjCiAoUG2INRpTHR8M8Mi5VhRCIh4M/Fi5orAA2KugCkDBAfZ96+y06A9h3WYGQVBl39+5+u0rUEK0BFqCW26AtufcePXJX8CmfBujRCizaegQTDXD77bdnb/7jP/5W9o34Z2k4TxYz1to25j1BHYBJCxO4nfTQeXDLD7XXXxLWQaGpJvZPj1dDIzjj49OSdPaNDTlJclZ3D/Y5Msq5urZOazlpWv08HQHEn1k+FsgQtWFiA6OXJUJPb+85ckK76WikXpoedzdoFDhLU4/+gOaHs5qiQ+OT9PHWc0ZWo9HIc+RcHqXdLt65kpWcy4DHEpEeqofyK1hHvrOr/7W1lUVsjgsU0FFOnH3HGdt3gOnRsasfherikYbSDEPHLEH/pKRcumCNSATKSVDdu06DxmIBVjwQRXC2DBcraSJKiSGYn46J6YvlUCQEAKFMgo9OOSNKhqAgVk0DPSlwsVczyMjjCXzgESJbS8swrxmdV5UTOwoHUHi2URyoTPRXFVZOG4tQzJgadRXewk7Xn9WhL6UDITEcyBpRR6CHfCE38jUDpS0yCoPLtU6A5oknZqbOKKTAnInU8BccpZLWX/MW9XSZULFMFkQpzciTwwUkSYg8W2oFdBEREopM/ZvnQxRjDRUvlgdiZHVdpV2R9fShDYo0u/TjBx5gUUG/6NSRWcw+BKUP6WqzAC2uSufczH3PHrnjbG2UOxO77R1MNOvxL31p41c//S/vW59e+5/oOJv8RY2B251eV+xZZsxrhlmVWH+Jslwme6gWcXU5mJPKwRwc6GXn0i83RedvXrZ3mD+sG728L9HaTTidcDinpmboXtx5P1kL512+srJUBZKdqR/TWsyFhNMdpw5kxHWzo7lsbiyTzoyQo5lCI0doBDRvVNB1lulopVM0UnkyHo1jlHzd7BRHX1LCuTQ6FHEuafRK9VQGKVgiT88qWfQPjL566eLZNap3skqSArSf/fCw85k//GM+bos7cu5oFZpUTSpoHBjNBZ0vOwaCADj3ygrAnbN02mwmckHQMBa+yAAf4/roXyij4UvndQQpSiw7MCqrYEJoCbCKlb6GHTsPipGiY0ezUEHl8BFLXRV2lBSakiMOEOpibASW9Mox7ChfqJVyaoXeeJCaj2z6KaTTleICJRNJkS8x+IE3PR9aL9BJq6k6i01Qoi5D8KRxeyCrUCXieqgyhSt6ajSw4sCyCRu4qp3zMTiHr3ywcSz5gDBwEpX8xsRfJuo/I7EdiRfL8vOEGMNHJbgOmj9DtL3kb0GluXZiSfZx2tgzc8EbCABprSHV3feLWmlC/GAWoEcgHcu59/380S+eCsZh51HtCAcTzfr0/Z9bodt+vrY0N/dZypZ0Mull4nuV1PJQKFp6uRTwyGZy/QTHhpGqQoTOdBzdU/Ga66K8FpdWnIUFdRxXtU4qXqb9u3r4c/WVlzHfhx4+5kySo4n1intoLeh5Sq/RyGcrhmKjkVIPumHnApxLTGGTT7juRN0zETd62qEZ9Wg8SQMX2Q766qRHg+58pJQbW6L2WSKbLfG94sJI7wKnxi/pXMLn5FDWuTRY3E8JicQktyhcyoPGkXhiI5nqeWV1eb6mNcu2vFW6W/65nz/jvP9XP6KdACo1Pwj5WWj1qQPmIGD9s5FsQSXh3FgEjAeAJjAdvOJKuKpQd+mERnnNg50Hka/xEQHEZQyjDFhI0HI8h4vZmXoSawpgoAjMq8TopxkxT3zpAq2nLuVIOVDQRztzogfFZiRNYTIfmxtXAmVKIQ9L11ccOCOeMYBPH3qFiSiAWb5KMD8uM+1A5VTGZCYleU9PhQUmKpjd4Hl28aSKVbgelizw8drYYJlqFtjKQ2E6kSBgsbFlJqW8KGrHRCzPBZ4rRQNOnk78vAGP3t34hQIfMtWvVTRX7Tl/6ZLzsx/92JYQKN23ayx0MANZrjYiascN+t2Rc3nnqdoodzb2jnEw0cy47ef66z/91ejA4Gfppz9UW9MXTpeWpfetv8xl04fK4vsKh3bvounXYM1zzpoeH/XtQveJKZnd2Eg7Fy7O8ajd4OAu5zd+7e8w7tz8kjNNxyRNTc2ywzkzO0fvWLxGmztgyrtUoPNGT8G55G6BfDvqH3SF1NFCOZdvuVkmp5Icx4iprHEu/Y4lBLETCEdRuhfr5P8iziVIVNge51Kk9/QPv1CPgwk+z9HIzIFDB52hEVqRwtYSk0ks0nQsz4/u6RUWvqkDR5nnESgCnWcMdOKKQExtmFtdOsPgCkgwjhMAwkDL10qbSGjkqWC+WiaTGrYq4bFjDVUVDG/hZoiM4yIlnuMDHKmcLiWQGhkUbC9mxwd1FFmeIozEnKSMIKKBoDFAgB5bL0WI4mQxELh56ilnSzn2Sk92hgknj87jyClhYURDIdJTOcKKpyLBD1OwoT/9IyKlv6ZRkUIHKpWrX6BHx0TAEIGIUazxkWDnEPXVSIi5XTQNq2jhgR3zJWFKfYWvnEwRxFg0k5V2vnXfffyHu4IE+6ZzL890dvc1xeHqwWrQGlT0WGy40cjXn3/4C6dbQ+Pm0TKYB9M8+tesycsv37+054bPfnWkrxMjmdWca2jeDvSyMGkRzLPk5lVFOcsPzV9/6RwUmmri0ZGSg6wVyScm1LQL1l1iijxImJic4akw0I7RGk4Jfb1dDj5XHFLLWeGITvMRSZecqQszzhTRNeMoZ7kD6js6Uidp1CHndyypztwrUbPDsYQJOO93LFFAD4Zv1JKhip7KjNtYwrmkzotxQUXBTitIDd9BpseFfd+ukVOz58+co0PX1TlYUlBj/MC3vsVT5QnaZIZRMQ7y6+GOW1WSO2DkxVPQMcPZDGxZn3TDKI+tQheXAPyVGQXb/EwNN68E2F5OUroZ+GdPaWkVXzHgnr5IiwCVUHkhVmVSb4NJSMCwtdeY7NiwfWwFFLImF96Kh/a4rPoIJ4rJ1oJdciRTc5VqsCjol/eIkq6aEZezNPAW7lomRkThdNE/Pz/oouolAglDMeNY2U2ogOPxZjtpdC2J65bHDxJRX4sFO4pMQLKpgPGZrRbMkaqraQuLHqQKbtVUyo19tJ4Qb9Vb6ek4Rx580DlHa5XrDb39I0/UyyOkr2AB112PxuJfP/7gfzlTATMsLmKBxm+rLSKkyUDu0tSLG9GhsVe6Er1XkG7dPv3kdSFgneeXoaTN+kvrVcKvE/0+QRrvX+DTNTBOLJtd/3VKGz9DmJeKb77xGrq5pvYTc3DY+NHnXuPOYP++YWcfrbMMEl59/bRz6ZI6T/PG917pdHakirKhjS1OT0+ns4em8+F03nDDVc4VV1zmDA8P8C72WVrHab2Ki/LYCuDqavENPtSJre0a2v1I1Ew7q1FL0ombljqgss4lNzRalVsaTc4Z3fQM9g5RxzWQ/AQAzwuec8mFXoEvxbr4YMWy+Z1sMYzysFwuu7iyNEfXrQYPOGsWG36uuuY6mjLE6LA2KMVI20HyMEqe7srDsFGBQIy0+Uy531EhEmYmpJCAjwZqclFE5DNvxlQIxFU7IJrAZsPcfHJByzopRKYSWVQmKhi1GaBloJwdLiTyg+IJRqIAkt6vSjk8KGONDRZTeMI8poBZcIurwimwrwJL2wBfBVU5JV9BkJZ/5g0oNlAqeqItHUAtfBmdyngzDcU2uZJC3wSEHA6IOCkcNFjgsKv+xzYCb0Vg6FUeTIkIAoFj6IWfohPLG2mCKPi6gHlyGehV4Wsvv+z85PBhxbCOb9pMODW6/131z7HXoUPbk5JzGcs69x575M76/xpoe2MVr2D5Hq04TVtAx48/sDKzMfNVeglMSIWoozfvDIHVGvN7z0eUyaUvJ1DVo8VdXSk6TD3QcYQ8dc3nXpLAatdf+tTl7MTEDMfJZNwZ7K9tFFRGOA8c3OukOjudDrrVpmdXr3PTTe9yLrts1EnS8UlbGXDYeqlA00ynybnU485VOJcYgfRPicMJZRh+Tsp5pAcJD5PnXKKIf20VnUt0bwWBOveicD9iPaOXwqt/92WvR2PJunemTk1O0jqz75MVYF7VOXudLqe420XF8OEfH5wbdMr0QZ5hFHsJnQaKBcboGhuI4USLQrDif3AwxMkgGHAYT/EwAO1Y4TXAahALxRQJHViISrOGVh4KQQv5BxX40bDlAWgCK8h/DKrRQSXXFGtFpczAkSj6qlLOGFTCh0XpOoGE9UFMMHbepL4Es6th7AEiCkKncoQLOqbVJRaC1B2x+gX4GBAuZOXJgz4Gptsd/FF/XYZyCdymKNMBKZUjPpSQDxdDEAH4x4ifENIEwkeCkogcETM+0lQDkq1sjxIlAeXml8iCmEqVasasn8FXdYPU02+/yVPj4F5voLvHH6+XR0hfxgI08EAXNd9z9LG7QueyjJkqFVXt9FRi1CLl+i2htD379P2rsQP/9Gu9lyU+Qy+FsdJ1sOa9fUh43xiQOKi+9Zd0PNJBg1NFYmzEm5KuAj0P5ZzePY6F5kE3CV2km4FwjBECT9XjRRogjOupeox87B0bdm5839WGy9z8oppap+sup2jX+szFS2ZK3iA1KLG+XnpjEl0deVKJ8TmXUc6jyyC/UHcpxRxLJvYcS2TJWkWmxLmE+SFFHZdJa8+TwfgKGhrhXIrs/t1jP5uePPkZyQeNT7990nn0oZ86H/3Eb1Lfrp4j6aA9A6BLphzKdacOXHZSSDB37lTM+JbZCtb36ccUG7pYFtgpKq0+OGgkq0LsbEke/FlP4LFE+lY0eXiCb8cK3SeC6mHDmb2lAxWKXWxWnNZlIMfjInhcJ2LhrcUUAcLB4i8g8JC0bgfJmlgQhNySDxxTf01voTELyQs/lUf9NWONwO0JJAbTF7e1MhvqZvPBNL7I5TSV2vz4ORG9uYzZaRWEEyEAB1mti9gSiGxPpYZGAhToRmGDows4kjYxz5i2iw1n/Qh7/OxZ5+tf+SrT1fsViyXGB4Yv/2W9fEL64hagdl/NxSP3PPuzO8aLY4TQai2w0xzMArucOvXXa1fGfutrnWP7P0NvkZLnZNKLQt5Wigc5kflupz/HQwxMQ/c1HCwQXAYwOlb+9p4ypI6MPA7RmZdyq0w5/GJl4+Pe5QT1jIJOagcTMvw3EvXRYe/4yFpOjDLOXJznO9bP48pL2rG+TLvhGxEydE1kiZDr7Oo6SXvF0f0gcOxW7VwWOpZgogYqNU+VEf4oRgdp5RmBwVxY5IsePQu/CMImgHYN7n1jfvb8q+trS9fVy/51mhbEDUq/9nc/yZvGpN/mjpiYw5VEkI5ZnAAGa+eDEewv+TnSL8x08PyTg4PCQMbmDl47SjY50oVGxc/VhirNRD9DDzQOGl9INNw4JpqXenUAiRAYRxHgKZDXii7VfL3I2MQD5dWPRYgtDI6ygZJCMiyniuXoPJfbtLo6hk0p22sEw98QqITUX9rFn1dYRA3Z3GYeAzaPZIFCFfQ2+6CAgcoGOqtg4KU0kr/zzc8GYM3YFmdkKTJwM3hIiv5KpMKWugBGhjUyVV00I6hC/xiXQG+/ecL55tfu4TvHwbfOkB0YOfCD7Xgn1Kl3q5AvppLZe5766V3nW0XhZtZzxzuYaJw33/zR+oH0rff27bvqD+i1oM7oUa1m3kFeI9IrKt+XpCL92iqA056fbGaQXny7PPryKVz9ODIU7HiiubklZ0k7ZfU4huN6ehyd3+hIMF1mLy04yyveusfR0fJOM+4C3zPczx/HOcRGWl5edU6dnnSOHX+Fd1ziuCT9Ci9vRKsUHbTpKCw4ktFY7Hw8nlrSYOrHqMfQm3nKj1rCKfScPvQnxk3Uo5zKywRnD490sdQ3FBZMa2JF1XYkjRy9FPF79l75o3dOvXQFPcR1r2k4+eabzg++/U3nt37v7ztkcxKBDlgFMYB0yIAqx4pT9GVhslPCCAYsnb6iYZfEctyIOxrIPDnA1hL1z1acDgOHWAqig2hqykVh4aPQIYSDyMLvB0GBWQnOSxVUMWF7Cih8ekyElun1Y2PDGNF8KYliJVQYMiXPaRKm1TMxO0WGh8b31IQBVKmuh0EVOGRYfI08drzAT0F4pBnEmp3kxfGV16fPDIROBMTf4GkBig1aBQDkKGagQoC6yEJNtpn+CZpfor8+hIvAnJgPEzJA0atydbwS2ovyJAPSOMn8QKPwJAH9X3z+eXruvyMFdcepzl3He/uGz9XNKGRQxAKRS13dWbpb/IuzRQpDUAALmF4uAG2rkZiffzHFT506sr40efZeemmdyS8v4jVqBPuVYnqJOqfH4WRFY8GaZVxPj0O9oA4mdoDP6APWd9Md57h2MkiQ6XHQDtAaThzsXmvo7KSbcsjxpGOEnGRHh9PR3U3rOTudRDLJN+hU41TRzTwlxRKfk7owkHNJDxT6RG+dJZxLNB03H7oz06XR4yG9skGAaMIpHahzK1sulNXYQXBriZMdPXPUmT1YC0053Inxcefrf/Vl5+I0Le9Ep8wds/ezRIeMf4AoqE7BdNKr2xZBGkUceU4ZOx5F8AD3XC9KE3tWQSut2SlZWh4i0Yc1swk0XUFk1KbaEAOh9xJSP6HUNaCI5flkwMnBB7zUY6Q1pcdDLRNQNRNuEmssFsuMdYHoA8fNOG9UJvhCX9g+VAI9NK6kQQmVDRwJ4EBflNGvxEznE57IN/gK2zAQOOMpg7BcRqMvwCFM2YJzSlWNwHDUzSBqfMrzD5Y1NeKYim2sOFMeiCpCoZIDWgKCKfPVKFxxKANMHUj2xvoaO5aNdC4jkegc/dHXsN+jqBvGvAxqurOv66+eOHx36Fw28IEI5sk0UIFmYkUjmRu/mL14LzkIp2y96OWjXykaWmJ6HK8fYOjjiThNL6dDNq9K6aCOIfiKUwfHrK/Pvzm+kmRVzqOXeKlTGKvjqCQZBQWfoGdxglbqhDQCdiTjekY4mdhARFPcTop2uOPe9Sg5o3k9DeGXczCTHZge112DdQwR5BTdyMOeo3L6qHHZsVS+ZHnHkp4B3f3k/dw0jKUVfNEjV7a8gGCTAMPpiwKmAABAAElEQVRjVz6bSHa/1ij2OIj9/nu/5rz03FEalcbSBVQTPxX+ubAYrjj95GA2Np3VqQPBYOaTMSc4NCYgSR/++RKucndMqcb3S/fKlVqWHlzELhOYWog6KSDIxD/CwUfJ1XrpSFEIgdbRaKRK5akxdiAw8yMeXCaOmxbP3hMrTc4VcPUHIvPEanxMPfP0swjS8Dw1wATlPhy2KcGUDPomFJgEeZHM9ScI118eZ7ACS8ZiK2l0UIpTSEkrCL4FMjTgLYHlswL4QrtJCWdVxoIpLFVmfqLgxzwEHXUkgKYTPIYRiuRRrGrj0lFtk85/vetuHr1UXBrx7WZ2j1x5fzyRWm0Et5CHZ4GIGxl3etN/jXOyPWiYaoQF8nq8RjBsUR7eK+Xl+zMvPvbkffQXd5FOld7oBQOa+JuYQgGcQLlsgl5A+2qxiX+tYrW0G7SGEedRIoxVmI4ux3OczrGUUGlaW/D88Todaj4zQwew6xBUn0w6S2drVviDknoVuonHiWGUk85chMPZ0UWjnKkk9wk4tqlYoJfKSldXJ58gQB0h+gfuQnhqvOhmHvxU8p1LdkJl1JKFSC+qJFLb624JtOanZmQprMJvrU9hQRHIZo1e2qJG91/7nUgkph4uu6CO9FOPPep84yv/zZmekkMcyCyeh8AdN35Y+CgzUkqbUxmVvlWC4coJUDBx6Nj5YDILl3UGoXwAQFocBKsE8vCBXuw+II+UhjOV+iKIsGEAdJZ/yvEAnWbFGGBNGEyId4VKwClDkusM3TUuIpRJLGnkMbKGf+rxBAVryLQqBwgQKUcfwPDhPGIEgvOIJtKsKBI6FGkXoVX1VPyYPZMoCUorpFVFeCRTaSKc82PUHRD6ggqcJpiMtCJvf5Sa+CY4FchHRGhzcbkhVOiahjT0lCYUZRvGxReEETOGGoUIxLKUc82MqAzFK6vLzo8PP+B8+a67nNkZ7z3KOHV+9eza/VBv/1C4o7lOO/rJqfc+PdwR+drxB76krr7zI4T5uixger26uLQd8cuZXzz5F99ynMwzVVXNLKLKx6YX4356G9GwWnWhl86T7O6m2wgDhElyDOmedabcOxpsFzpetrIxp7MjyddGBlDF4UPa8eKmgCn2oIe9Y3e5HLlUix50PzhNrced1ZXSf+yTQ3qKugV7apxcQM9BpA7Dd3B6EecSSvEvCGUeLdmRg9I57yemjKIKin7X4lwWZbAJQIyaDO+96ps0elx6O34AuQvz8863vvF158cPfMu5dJEO9jceQj4z25liL4KL0aWTOWF5pPTzloer4Wx0ICEoEkREx24ppbVDRjw0Gy5RdHgSkFIUoGLXwvZe4ATZechB0GTGcVFQZgeWIMGH08SXSYwsj16TER708z4CZ8eNekrR0gjWCB5cKFQMiWaKnBThEU0g+wN0Yr1UAaPo+hZD95OzPqp6HgMmxBd9dAQZrJPG5dZBfbVu4mgyDlMqWxTIY94eW385/1JRH9RB1wM4wlfpK2VgRrZRESOhrfFPi3HWVledo8885dz5n/7cOf7Mz/3i6s4nOnpe3rP3mifrZhQyyLeAGzmxy9lz749+dIe3WSAfI8zVaYGdsskH746aw4tPfPnB9330j+bp5fKbNjEGK/F6UjA1dCl5c3sPHTRNG3wO2XSV0o2YSsaI1h465DxImJ6ec9bpZh6EenQ5Z+0eH6U7zIt2vlUoKEcuVYFagIKDvjc2SvtDiVTqJBFJHyExtaq1+5tHNuEgFnEujd/oOZZQghwAzcsgMBhflQLZydOjEjKVb8XopajR3Ts4nt448I3pyVP/A423Vf1Hk9CXi0+/fZLOCDzpjO3f7/zKBz/kDA6NcN3gWMAiMCk/Q8YZAJA46jwbzUqzY2ILxC+VkUDivQrIPWEsA+GEOGrK2SHhSg5FmoVyLZARXsBBsOQogKCIBIXnkSk48tAFOegnj5DgCS+J7ToIDDEcTTCReiGlXCGFZfTX9pQ8lwJGCdhcAueRsWCcpS9pE8bW/BQDSIUawkfpACDrJWDmAdawN+GwDGV7QRG4cYJZuMLhpPlCQkslYmkOJIQvl2vGes6JnWvblkJnqmsAwgdywF9Z7tLsrPPKi79wnnz0MSdd+qQKRRTwOx7vOLnvwHtosCMMDbVAznnhd28b+sHtt99eZO6xoZJ2NLOd4mAGbWR3Y+apY5He9y/QZpP/Lpt1Y3SRrLz/iKe8qjR7r4xx6EV0sBbB9ay/nNAbfPbsadAmobGAV1XSyxejqRKCTo+DXo5cEl61xBhVKBNyPV09p7hcrb1Uo5f21HiNziW1tep1FFNbtAW3wV6aOrmKOB62Sm2lcymydw2OvZXJrn9n9vzZ/55g1u9AMOqLx8+ccb5NH4w+v+/mm5xDV1/j9O4acKKRqHJohD08AEiHycUb4LRCgEvDgWDGgWB8djOYzsAZUeFLI2hqxQPfukDgRiwSdtBZcYxAp1DyGQgfm1Rg/BhJnWwESovOwJG0Ug7UJIPplCzl4CHNbh1ZRElgOqLHlLzwMLJ9co3ugIOVRuQkweSRB5hh+KKg0HRGiLwCxvF/cZ00kJ1cZkh8oacga/1MXovAEgGuHxUYnZkGOiIhdRWdhKHir+ym9BabcIU8NLAgXllnbm7OOXvqlHPs6M/ppqrN3cxN511OjB264T76rRdf52PrF6artkDUjT527NE7jzz/WNUkIWJAC4QOprwPlQHl3SUxQ1cuPHGio/8D90SSnb9PL5rCK3aK/A2Uy6aH6I1U9RU42C09PFT1aUZ5zT1LB6OvrKjRuro25oyrO8zhvIwEHAXFDvS1NW/nNkYwg4S5ee/IpSD0a2ulHcxYNDYZiceWqTNBj0ObdTwHD32Ut1xSwQHj8cgS6y2pE9Q91+aPWsIW2+FcShsMDh14iZZiROemxz9FZmnoSKbISKc3nGPPPssfwC67fL9z4Iornf6BQaent89J0VrbaDRKg80xz/kAovgPXnMCqp0M/UNHU3EjCzJjMKk4YXYJSjFmBsdDmpnTGo5yVgJE+q3BI4k2E4ELAhN5X4Kq0Uw9BF6IiTqJ0yRUFDMB1UJAhhA10OrpR9VGETkyUmhGMRlJYyLSMoHP8oW/LpM/t8WOYhDl4lKOEIwe4KEUZi5iX8QKDKcRvyeh8LBZT7QHoUIWxHPQFZH2EfbKHlSoyxnXEFFObEkwmnfiZTkZWtOODWkL85eci7SecmL8nHPilVfpGLitWaqHw9Rp5PJr9MdWOH2rWrcB324uEnUPH3v4zucawCxkUYUFdoKDab9KqjBJcZSFC0+Ndwxe85Vk6rJ/mMtlvOG9YusvaXqWXsAHi3MqDh3ZMxjYcbCnpIOOGK7QesVLc+rucTi6cHiDhHHtpIJ2cKAv0H3qoJ2wptmRrzWs65uIitHp6fH8oqJT4/koXs7zYKiddbdVm3NJnaDd3XmsK6S207kU1Yb2HHwhGkksX7xwiv7gygU7x0qYVRG/c/qMg0+xECFHM06nCqhQyqR4BZQqK8Y1hLWkBcTDFeX9b/4KjwBcWFwIsN0hkUy9NXr5e79Bp2WUXuOz3Uq2mHx6FNKxmPu3P3/oCydaTPWWVncnOJhBG8j/enLmJl6ac3tnv7a7//p/QBPldCB7/vpLLYjpaHPKoVoEB3UMIUOcsXo2CZ3Th6uD31jQ6XGiPWc5mEF3oUMHezc78rWEDboaEmswS4VUV/fb7ODRSG3B6CUTwVksNXrpOYZFnMsKXRhxDehYQq1mcC7ZPPQ1MLT3RDwW+8r5ybf/cS6bKRzVF8RNjnH4/lqJkwI2WXTIPrRAwy2Q6uj5xdiB93yPfuvhtHiDrBtx3eVEJHnf0w99bnPXNDRI33Zikzfs0k4Vq7IuthNppw352tqaSwu4+QNgevb06pnXHv2Gk0m/zkjix3jrLzF6mST/ZMwwqSIR1MHkI4HoikWEejbmTFiOYdBp9tXVdQc3+EgIWidcG3nhQvBTcVbLTI/THe3LHR0dk1pH5RAWjF6qUnogikyNq7Kd7FxK+/b073ln38Eb7o4lUqcEFsahBUILBLGAu7FrcPSBfYfe++3QuQxiv5I0s3Rm8n97+uHQuSxpoU0s2OkOZjHTGkfz+uuvN2kbMRqdz46/cfh72fW1vDMpeAc5psczmctptqXqOeZddCh6Bx0WHiTYRwIFHXnEaN8kHQmE0N3d4fTQcUlBgn0oejJJxxPRDT5BwiTdQ15uBLISz7XV0tNciYS+vUdv7hFecCZV2hu9lDIvVqOXtTqXGLVsl5FLzxYqlUx1LVx+5c1/3dW3+1GCyJ9bfrQwH1ogtEAJC0Rj8enR/df95e6RK46VQAnBASxA7/R3Ir17vvz0Tz6nOrcAPEKS+izQ7g5mUQexCpMV0JHD49Kh3S5i0JOT4Y6/+ZNHNzYWHyRA3tQo7TY8VIUMgxLUMQQDWX/Jm4R2B9skdJ5GCzFqiLB31FteyoAavmwHcxS3ABXuNqiKm30LUFUEFhLOzUyXuR6SDmM/qZ29EqOX5afGa3EuG+FYNtO0uGXmvCTqObrv2odHLrvuL2PxRDgNlWedMBNaoJQF3HRX3+CRy6+65e6ungG6PzUMjbIAbRB7qdfdQweo3741u7IapXib8dnJazBtJ1LSEptmtqfHBWg7mRNvPvTCwGU3XezsGvld8qg64Xg6uexBwa0mDjolTV6uORJodM9A4DV69sacoEcl5eiQ94kp7w/FoNPjsFc9Dma56XFinevo6T5FhuJmkfWX1OjW6CUXqS+za9xbd6kKzN9leX9YWJRts9bSrlOlNM7KpI7yL2em3r55fnbqE/Q7CTYUXklQWB5aoMUtkEh2vkkjloc7u/u8l2aL16lp1I9Gjjz38Bceaxp9drAiO9nBLNvsmB7H+ks/EjuQBLTjmTPHz6527f3KwN4bPpXJZm8ir6Pqi8DjdNPN7sE+v5iq8vaRQKN1bMwZ12do8ijocH9Vsv1I5+mayrQ+pB0jlyMBjyfCTnbsaA8a1sucfxmPx8bj0fhKUd7W5hs4nMaFtJDV6KUpCZ1LyzaSxGgmpvr6hva/eHHy7Q8szV/8IF04sG2bgESvMA4t0AwWIMfyjf7BvY/R+uUzzaBPO+lA755M1HW/e/ThL7zcTvVq5bq0s4NZ4BzW01D+6XHwsp3MxcWzy/Ovnrl/7KpPfFCd31adNL7pJhJM1XPj3oHmPCVdncg8rMXFZWdhQc0i7CHnMuiUrBz0DuZYe5kkxzlIkB3xQWgxEFn2eKIE394D1vnOofEZ/SOVtWsBB6t2qubaIR5Efz8NOfLrdL3dE9k9mWemL5z80PLCxQ+mN9aDLTT2Mw/zoQVayAJ0dW0umeo8t2tg7+HuXUPjLaR666jquktxJ/rNZx+542zrKN3+mrazgxm09fK8PUyRy5Q4GNppLYDxxdkk9+JgLYLHAo70Qcb4+AUW1b+rx8Hd4UFC3vFEday/tI8n2jsW7HB16G+v46y1Put0wHuWbtsoFVKdXW/nTY/TFDg1nnYIlZeJPKdKTo8z96JOZBDnMqhDX6qOzQaPxKLp4dErH3VGnUcXZqduXpq78Bsrqwsp+oOt2VQN9Qkt0EALuA6dZ+l0dPWe3jWw/2/jyaQ66qOBEkJWygL03p3KOolvPnvk88GPHgmNuSkW2KkOJjuF2qKSltgptXtcnEjQ2WnKMm3Hrn19dL3IzVgbWW0I6mCu0kHiciRQ0HWT0NEeMQzKZ2lp1Zmnm3ckjI4OSbKmeIOm2C/MzNVEYyOXu72HHLmljq6u4gvpqxh1pPauvlFtpUqk292xLFZtmhY83rlr90trC5d+fX1t8QMb66t069Oys7G+5mQy6WIkISy0QEtYgEYp6XKKBDuVcCxpM+F8MtX33Xiq+62WqECrKum6r7hXv/d7L3zpT7zr41q1Lm2od7s6mMZZDNpmcv6l0Nsjl+JcIpY04bk9PftuJeey6uOJ+KabVEJE1BRPWNPjQTfUZNJZZ+r8LMvFUUmdncFmMMcn1UgqGCWpPgP9PTXVRZAnaZMQNgsFDeXuHzfHE5kRSy2l2PR4ydFLRi6qYLWjlzvRsbTbk+4BXu/sHTwcX0ucWF9Z+r2Ozh5erwz/PUNXRKbT6pB83PtMvzn6OfGtWDaLMB1aYNssgN8vnEmXL2mIONF4jBzLOE2MeF2pG4u/0tE58H26Zar4eu9t0769BFMn/8hzR+563DnSXvVqp9p4v4p2qlXwuhQ4pnAssf5SWIpDKTHgko7FO24TvGrioI4heJ+bUE5dgtY6DgbcJDR53jtvsr5D2r21oEFHZO06VWM7P04GxxOlS4+CJVIdBdPjHg/f9LhXwClq36JOpaCFzqVYovo4nux5IxpL/cXK4sV/RDcB7SUbOnTEEX+q5xJihhZoJgu42Xiy42fJzl1PNZNWbaeL66zFo5HvhNc+Nn/LmvGb5le1YRoaZ5E4SlriktPjkC6jmOJQanqmBcyNRG8DXrUhqFOHUT6M9iHwJiHqnIMEe73jWMB1kzh3cvKCd9JGPQ7m5ITHp9b6rJe5vYd4ZTt7ek77eZLVcjQcUdZ59Gjq+6ns9JFLz45eKhKNz3f17fkyTS0+70HDVGiBFrQAriPs7Ptq6FxubttRJzsTcTJfDp3LzbVzo7jX12s2Sosm4yPT49jgI6qJU+mPdbk7OHbzDeSvVr34MJlMOIMDvcK+pvjCzCUH6xUR6jsYXY084qikoYFgh7TDucRUOwJGoYIeT4T1pCtlbuBhAWW+VsscTxSLx8dj0SjOPirhTPqcTP5V+GAlZFczehk6lyWMp8CZVM/u78YSnT+kP/fCnT9lTRUWNqMFIm50MtU9+Bd0BNHJZtSvfXRy3+h1hr58/MiXptunTu1dk3acIjdOYSOartLxRCIjkez6hKSrieuZHjcHkcOhGw22Y3uOzptcXlbnTdZzVJK9FhTneWLKPkgwdQpCTG7jOm0UKRWSyeTbUiaHq3OeHUnvbyzlV0bznFD6g8LO22lhWTYOncuy5jGFqa5dz66txi9urMz9IwK243vJ1DVMtI8FaO3lyVT37nsj0Ui4yWQzmxWHpz905+PV/EG/mWqEvGuzgNe71kbXjthlHdMS0+O8/hKjmm4k8fFajFLPVLJMbe+mEdCg500KD+jcCF3AJ+iUP2htfZCvJcC5LLc5qLOz26y/ZL7YxOMLPF3ug3nZ8Gfi2WLzUnSv+RvJjt6v01B42FlvnplDzg2ygBuNvdXZM3RP6Fw2yKBF2NB7eYX2UN3zPN3MEzqXRQzU5KCd3HOKQykxr7+0p8f9TmWR6XHQuqnesX7yMG+stq15KjngmZMYdcToI0J9Dl39G3PmF5acxSVvo2RQR3V9fcOZqet4otKjlxE3spDs7MSOqDynkhpOr7+0psJL7h5ncxd8VXrhhaOXBSarCMCxLolU373kZK5XRA4RQgtskwUikcSJrt7he52IW3pn4Tbp1jZiXfecG8986eiDd5sZqLap2w6pSLs5mMZZLNF+lcoLyMo5meJw9vUfvI38laptOTS4y0nQ8RZBgj2VHHT9pTpvUp1JW89RSePWUUkpOp6oP+DxRBOTMxgJDmIOpim3/pIOOD4pjAunx6WEbtLxkiZFOtlK2WmDEyYab4FEqvNksrPva67jlv7LofFiQ46hBaqyAG1Oey3VN/ANQg7XDFdlsdqRopHIsSuHbv3r4w9+KfjByLWLDSkabIFgXk6DlWgCdmUdT7+TSfoafDiZkWht0+OjAddNwk4yldyRStbn0OnzJutZC2of0l5XncjBDBpwI0ymzPFEHZ3e8UQsI5weD2rqLaWLJzrP0BGY962vXvosjTVXfbbslioZCttxFojEYm93dO/+Jv3xo3Y27jgLbG6F6a/4jWgu+oNjj9z50jHnC5srLOS+6RYoNnCz6UKbQIA4iBIXPZ4IG3zgQNr6WnmBu9FI7FYbp1J6bGx3JZSi5eTo0sHo6iif0YA8wHhiwnPoxsaq3viep1M6nXHOT3s3c42NBKsTDV3m6ZMnpIrMWvmd55lUd88pPxtqOD0a6Xv8OWtNmfsJrXw4PW4ZY5OSGMmMJ7p+uknsQ7ahBWqzgBu5lOocuJ9++6FzWZvlqsImu04lYpEvHX/szpeqIgiRmt4Cvh626fUtp6A4fOVwypYVW38pBJZjaQ5WpzJ3996bbiJvZUDwKsUdHSkHt+YECefp1h04dghB1zuCVkZBU3RUUtBbdyboHE44vAhuxHVG91RtAqaRr5nZebouMPhyu3LXQ9LxROdikSg2jND6BZ/jaJ1/qfzK/I0/1N72lLidFtXDeAssQFPlz9AMwYtbICoUEVqgtAVo41lHZ983ItHYcmmksCSoBehipOO9zjDOt/RGP4IyC+maxgI7aYq8lANaCm4aSZxLiVEg6Vii+zaDWEVibx3T4+cm1PFfEXLogp43eXF2wcE95ghB7x4H7cS4dxQZztDEWZpBgr2mtFZ6+IDra6WX6dm39zBvmR43f1a5GJ4OncdaDb/F+J3dg99bXjg/lM1mRrdYdCgutABbIJHoeiCa6JgIzdFgC9CtPE409sDxh+54pcGcQ3ZNYAHT1TaBLlulQkWHUhTB2ssS6y+ZB5zMaCRe0/mXdU1t67WKQ0P9TjwWbFnauOUY1rNucmLSczDr4mNN14vdq43X19fLbg7q6io8+NhzKKt59IvjVJoer1b/EK9KC9BO3URX/zdoZ3k4elSlyUK0xlkgFk8+k+js/UXjOIacYAE64WO8q8v50vOhc9m2D0TxHrRtq5tXMeNoXn/99S6mx6UUTmWl+8cJ1+3puXyQ5ofpBp/qAo6tGRkONpW8uLjiLCyo/rUR0+M8rT0S7JB23LqzvOKNHAZ1MDE1jinyoKHc+kuy9Xwy1QkvuHCE0poeZ9k1Hk9USd/weKJKFqq9nK6TvJTo6Plu7ZQhRWiB4BagHZzjya7dPwnOIaQsagHXeerQ0Mf+6onDd88WLQ+BbWGBdpkiN85hPa2CqyHt6yFtXjIlLjHKOnZd9nGKqpY9PLTLiQUdedTT45AbdJOQ7dDhqKR44KOSvNHLjg46nmhXD9SqOfBmo7yljrWxKHf/eDyRMmen5a2/9P1J5cuyAtTGtlNqp2tTMMRuqAUSye7X02vLr2Yz6esayjhkFlqgqAXcbLKj7wH6ezTc1FPUPrUDaff9QsJNfOeZI58/9bxzd+0MQoqWskCx/rWlKlClsqWcwFJwZgtn0nYoCcj4Ao8lknAwqw71rHmU9Zfd3R1Ob09X1TJtRNuhC+qkgp+9C310NNgudPAZt6bZka8l0B8CtOGp9BnHqc6Okw6NGJsg6y89QAXH0aI1NGFiuy2Q6ur/If0IveHz7VYolN+2FojGEs/GEqnxtq3gFlcs4kRfTQ4nvwjncotFh+K2yQLtMoLZcPPJ2kswLuFkRuj2no/VIjiog5lJZx3sIEcIfBwQ0Z6zzpsMyge37kxbt+4Ena4nmzoTk+rIJa5YjV/lRi/p74B0V2f3aT9Lcky0U6mcR5PnrG+XuZ9Y5yutvwynx0sYrkFgOuR6njZbPJFeX6lp7XODxIdsdooFXHcl1bXrkZ1S3c2sJ710N2Lx2I+PPXjH85spJ+TdfBbYqcM05FuogPWXkkZc7frL3XvffzOh77Jpy6W7uzqcnp7OciglyybPz5gjgUbHgq2bhEM3qafZu7pSTl9fwFFQ69aduo4nIicVzmrQUG79Jb3MzkZilY8nYtm+kU2yk3ZCudROB1U1pGuwBeKdu54JN/w02KghuzwL0MjlU7T+Mhwpz7NK7RnqXN/p7na+GDqXtduuHSjaYQQzz0Es0ih2uZ02qPb5lwIkP6NgBzlg+AAnkeiuaQSlnilpObcyGo06I0PBNglNT5NDt6GmlBt1h/nQblpT2oB1nGLzamP4gNhBXiokkyVu7+E/p/BVabRyp/7dVcqizQWP0j3lsXjHk+n15V9vLs1CbdrCAnRaQbyD/ogJQ3ALuE426kYfOfrwHU9VmvUJLiSkbHYL7OSetKiziQazp8etBjT4cDIjsfjHrbKKyaBT0mCMu7oRRob7nUg0WJPZ6x331nPrjrVuMuj0OOoybk3XI19LwNmXcDJLhY7ubrPBR3Co8fIIkGdL8lclh1O4lI/D6fHy9mlkKW2+OEodV+m/MhopLOS1oywQi6eO4o+YHVXpBlaWfpdTiWjiL+m6xydD57KBhm1BVsG8lRasaLUq+48nkhFLTc9OZnf/wWHKv7tantFYxNlDzmGQMDe35CwtrTJp0DWcIJbzL+Gg7gl4VJK6dceb1g6qz+rqujNLB74HDeVu7yEn71IqlcKC1bK39xSTTW1tO6F2uhh6CNtGC9DyjLVoNP7yNqoQim5PC+Ri8Z7n2rNqm10rF+/cx68YuvW/PvvQf5nabGkh/+a3QDtMkddqZTMSWWz9ZTFmfiezu3fvx4vhlYJhWrsRI49Bp7ZXVladS3OLrB4cXTi8QcK5ce8WL1x52Rfwykt7F3oQPdbIQS0VEsnk20V3j5sqW6OVvvWXpXgKPPxrXCzRHHE00Xk8nV6/sTm0CbVoBwtEIrGTsUTsUjvUZUvr4DrnI8nE947/5PMTx527tlR0KKx5LbATHcy81ii2/hII/mly28l0Y8na1l+O7s6TWUtGRh57e7scbM4JEuzrGIOOOkLu+PgFI76+Ky89PoZhlYkMHU2UyZQ+niiZ6jrpZ+VNjxsv0/FSfuzSJX7MML+9FognO9/ZWJm/mM1lgy1M3l71Q+lNaAGaHn+hCdVqXpWw1tKJPnFw6KOP33//72eaV9FQs+2wwE5yMM3IZSVD286kP53NpqJ0xdVHK/Gwy4PedJOmTTnTM+qP6b0NcFKhU1AHk6e16QYfCUHrlMvSbvap4McTra6q5QKiR37sprt7us4QrHB627q9x3M4QW2NaOYzqym3Vesv6VD7xGd//xPX0i75yDe/deS1iamZcgapqQ4tiRyNv+Wk10IHsyUbr/mUjqa63mo+rZpTIzo0fYIuLH7g6JE7J485dzankqFW22qBdncwSzmVpeB5jWE5lwZ/+LJ3f4CQqr66Ro08duTxrTYzQY5YlhwyhKCOIY3EOpPnlUPXS8ck4bikIMGe1o5EXGfPnmDHJV2g44k29G72IHrQiHNJsngyfoaOFuHhzeK395R2JqmtbafUTrO8Zpgej8fjkTv//Z9+amCgh43/q7dc+64/+hef/5v5xaXSQ7olrdUeBXRP9Fvr6bX3t0dtwlpspwVcNzoVjUTVWqLtVKTJZVNnmKYt4kd+96PDz9x+++3hLUdN3l7bqV67O5g129Y/Ne5nEI131TQ9vncs+PT4uQk1lYwrHXEkUJBw/sIluvFGzVzUc1SS6AIdhob6nXgDrrystT4Y/VxfL+1gJpKFt/fQy1A7i97UN6fM/eO2Fh6ODW2W9M3vvWJAnEvoRH8w9HzkQ+8ZOfyTZ842i45brQddCXpyfWWBOjl1KMBWyw/ltY8F6BD/cPSyYnNGTnZ2Z3/wxOG7Zl94uCJyiLDDLRA6mNU/ADyKGY3GanIwR4MeCUR6yajhyJ4BB4eaBwmyhhO0QTcJYRQVo6kS6jmeaMK6U134VRuzc1kwtuhRd3R1ve3lrFTJ6XELp47kVk2P01ra5Wwml41EXeMJv3P2wo4ecaHzwlbpt3GB/vjYU0cThqShBZxYNHEmNENxC+TobNBINPfT5x76wovFMUJoaIFCC5iOqrCovSH+HeSorf+IIr8F+nZfOUZr9q71w0vlcQh50JHHWVrviHWPCPWMPMr5lxhxHA44Cjo9TaOg1rR20Ol6ezd7KZuVg5dbfxmNxS4mE8k5oi88nqgcUxC0wPQ4qnDm3IXl+7/3+KNraxura+sb64d/+uxTL7781o7f8RqNxML7ois842FxZQu4icREZaydh0FrLZ/vGEp+4bmH7g6dy53X/HXVuNVHMIMN69VgMvI9jIxk18jHayB1RmnkEesVg4Rz49OGLKhDt7i47CwsLDMfjIIGHWkTJxWMsJMd60qDBHs3exD6cvePxxOJk3nrJOUIIvMnlLX+0kyPW7Ay+8qD6LpZNH99309O4LNZ/FuSLzuY4XFFLdl2zaI0jdDFYokd/8ea3Rz0Pp2KZp0fHn3srndseJgOLVCtBUz3Wy1Bu+JVWnuJekejiV+rpf5BHUPIkKnkgf5eJ5VM1CLW4J6b8M6trEcX29kdHQm2uQdK1eNgpvl4otLryVMdhdPj5NoXX39pLFR/IqjTXr/kkINYIBoLR57EFmEczAIRNzoZjLINqVyHLjGI/fhTtw7/ZehctmH7bmGVWn0Ec8tMlUkm43Q80UfKLAEs0CXoUT40/elMX5xnfhgxRD6ZiBfwrwQQJxV4o6NDldCLluMWofn5JVMW1FHl3exTnsNrGFaZWCt3PJHrbHR1dZ7FAet5u8fBu8L6y1aZHq/STDsSLZLomHKWL+GnGWy6YEdaLay0bQFayxs6mPwDcp9PJzoffv6n/2npWLiJx35EwnQAC4QOZpVGGx68/r3Ug1U9N9zf3+N0pJJVcs9Hm8TIoz41552z5x186PxDOhqon695rGYXdyaddabO48ZEx2FdOoKNgtpOKkbrgl4zeR7rOPVu9vzaVpcr52Am4onT+ngi5f+36fR4dZbaeVi4N5qOmJnN5TLheZg7r/kbUmMasdvRDiZNh59xk4mf4Caehhg0ZBJagCwQOpj6MSDnKWdv8pGnA+v6sA4zGu+8QWDVxPUcjH6uyE5rbPrB57XXz/CO8kGaOse6ymG6V3xod1/B+srJ8zO4jYhVrWfX97ily/DQLicW8Hgi2RFfje38OHRTCx1PVOZ6yFTqpJ8mnB73W6S9824kcp5+wKGD2d7NvGm1i8bi5zeNeRMzpv6NDlt2Hnru0btebWI1Q9Va1AKhg1mi4cSxlGK6o/Y9kq4mDnokEEYuJyfLTyXjPMhpOrAcH+eVk3zPOXar455xOJ0Du3ppvWP9m4SyGTqk/YJ1PFEdtwnZI6HV2M/GWV8r7VwCr7Orh4xQZDlxhelxW0aYbm0LRNzYVNbZqPqEh9aubah9Yy3gZqOxVPD7axurzJZwc93IvONmH//Ux4afDw9L3xKT70ghoYNpNXs0Gs2V2ezTbaGWTeJgdIwwBglYe4k1l7UEOIJTdE4lPi++9BYfgq7mih2HdRnoq4WdwcUUO6baJQR1mpeWVpw5ax2n8Ks2Ljc9HolGpxNJPp5IsSs3PQ4M9kPt3eNGCzGZAeCPDJMJE01tATceveDs2PuMmrppml45Okd11om4O+Ppcd0luq3o8e7s4HNHHrk9/dwjTd88oYItbIEd62C+/PLLuWJnYdpT5ZaDgbOK1HU4VTQ2rkL8zgOPOcN04w3WTQ4PDTh9VR7tU89In6i2Ya11VLo8zqObe2h0c4RGObu7OwW1bGyPgnZ3d+DmmLL4pQrtY45K4ZSDr62Wub2HbnLRtOb8y5LT4+J8CgGtfdAeZznxYVkLWICmOKdq+7OsBSoVqrglFnDdWNtPj9M7cYWud3wyemX66LEv3RX+VLbkyQqF7FgHs9qml6ly8kRW6EdadaDDsHlzDjboIKRSCeXk0ZpJbJSBw1Ys2EcCFSsPAlujKeYz70zxB/SdnSl2fEeHB51hcoBLbUayHcxtO55oY4PWkpb27Ts6ycHchunx8HiiIE/i5tFEYskZ2kOeoYOpopsnJeTcjhagWZB2djDppq/I01cMDx2///7b151wZ3g7PsJNW6fQwSzSNHrk0viTyJOT8yJNof9BEfSqQLiV5/SZKf6AoKNDOXkjNLo5TKOKOI5ohUbqsJFns8Py8qpz8uQEfyALo6tweodphBPrOBM0xT9PB7Qv0tS2hKDT4zx9f95bxyn8qo3X1kqPXtINE+ud3X2FhwAXWY5ZQR79/ZAfrNHr/IIw15QWoAOqMq4TvZhzMsHO42rKWoVKbYUF3EhbbvCZpQtln7pi920v3H//72ee3wpDhjJCC/gs0OoOJhwD4wj66lYuW5EOU+WyCxuMMunln9NB6+V41lSGaxNPnZrgDwgxotmZStXEo1HIWB+Jz4k3yVdzXdok1O3ErXM3I9GIA0c4SJi6kL+Os1Ye5a6HjCUSp0ldLBI10+P5/K01lEVv78nHDnOtbQH6zV6gkyBCB7O1m3HLtY/E4m20wSdyIZJzn/jkx3e/jM07zzl3b7k9Q4GhBcQCre5gSj0Cx8lk0oxe4bYYBHujj4xkzZw7/svRQ584R8V7GanBX4uLKw4+2x5oWeLF2fxR1D20ljQaq31YEHWpZ01plnTZKHM8USqZejtvepycSPprQ7en0hf5Ypr7Dlivyezh9HhN5toyZDoLk45OCJeXbZnB20NQLh5NlD+2oxXq6brnom7uiaMP33kCfdbxx1pB6VDHdrdAsb63nepsnEeqlJ3mOmKjT7HKYvRSHEspJ1gmm9n4ouR3Uhx0ehw2Gq9w5FI5O66Xu72HCDt7ut8uSl/17m9+/Is+A0X5hsCmtkAkGvPO5mpqTUPlmsYCbmSupXeQ59xTsbhzz/NH7vrysUfuft3fbzWNnUNFdqQFduIIJhyKqqbV4WjKSBfF7sXZ1746tPuGf5lzcsHmi1v0EQt6UDtGZBdoLWfQUG79ZSQWuxBPJGkBu+8PB/MnU/Dp8fAlHbTFtpkuRg5m6SW726xcKL4ZLUA3gLXmHyVu5ETCiTzx7KN3nG1Gu4Y6hRaABXaigyktbxzNYtPkQMIaTHE2EGcWpxfTu5b/RTTWcY8wafcYRxr1BDyeqNiNRLXYq5yDSW1mpsf5/nE5gohHL5WXGU6P12Lt1seNx5LT5Y/kb/06hjVorAWikUgLOZhujjbuvJyKZ5946qdfaOed741t5JDbtlnAjPdsmwZbK7hgOrTUNLmohVFMpOFg4jN99pkf5bLpHbNyemx0UExRc1zP+ssNHE+UKXM8UUcnpsfz2tNbf2mNXpbUeqc9+iUN0TYFNBq1RicL5C8gbpvahRXZDAvQDW1N72DSe22F5tye6nMTdzz3yF3ffuqnXwydy814GEKeDbfAThjBNCOVlvUEJjEXxWIxdlhksw+AuJ8cjqVF60yeevT/Gjlwa5I6tP/Zhrdjemxkd6Bq4QYg7CAPGsrd3kM7x9c6enqx4You5rHahn1Gz3HkVI27x/1tHVT/kG6bLBCJzNBfJj3bJD0U22oWiMSb18GkjTv0+jram9nzypEjt++Mm4Za7fkJ9S1rgZ3gYJY1AAr1rT4OTckWrM2Ew0GjmDxdDlysxcSGn6nTj/7rof0fPh2LJf9PgsVR1m6Bzv3kczGD1At3mOMMzKBhvcz5l7T28lSeI5i3e1xJ9EYz8zWQNbUamveHQz5mmGtFC0RoTR3txjvQirqHOm+9BWLxeFPtIHedSDoXcX8ZScSOHv/J5ye23iKhxNACjbNAOziYeaOQNZimKF2xUUysxYST6R/NvHDmiS/0DV7/k1TP0O2uG/m7NchuCVRyxpzHn37RGeED2AecXX3dVes9MR78vQ17r5c5niiZ6nqTFCk8+5JHmq0RzZLaeqOcJVHCgpa0AM0qBD/VvyVrHCod3ALuRiQanw9O3zhK+oP5Io1dHE8OJ154+v7PNcF5dY2rW8hp51qgHRzMalrPdibtNGg57x/FhKOJqXI4lSIgb9RMA+dmXn5zbsb57K6R97wr6vb8L7S7+dNRIhaaVo7h6I2PT/MH9Ugm6bpLfdtPpTvN67l/vNzmHlIjtzR96vbe7tRgLtH5bjcSU3P4Pp9xM6bH8UfGTgm//3u3Hnr3tZeP/PK105N/890jxY+DakJjRPhMw7B/bsKmaTqV3IgbfA1PQ2pDfwy77hv0Xjl67KH/7+1i/UtDxIRMQgtskwWM87RN8hsltpp62DjF0u7111/PcEyVk3PJH3KyXDiZiDE9LjHS9ocqwvmNyK6+js69/0csGv9sPJGgGZg43YpDB0q0oXMid5qP8P3qg3T9pbrpaH5hyTn8o6cDt+3c7CVnZaXE8UZu7qXs8qu/jpcxfbL9+z8w3JscusZNpq6hU9Zp7R3BeXQTLRLN0SJNbhp8U3vhjwkKDNRpBcF3pRd8O7ahV3sv9Sf/5Heu/72/98EPC+S7P3jqib/4yuGXJd/McXp9bXh1aeZPm1nHULfmsAD9MfJqZ+/ub2y1NvTiWqZ3zfORaPex4w/++7mtlh/KCy2wVRZoi5E2MpZ/VLKY/WwcO21w9SgmO5nlpsoxsicBTok4mgRz49lLc+nFS/9mPTZyR2Sl55M0ZffbBH5/lK7CwfWLyuFMUhyDQyNsWjL232ne20N3mu/pd9Lp0ru/q6no6tpqSbRcLvuQdgTRhrlL7xydnI9Exgn28OD+D+/r7Oq7NuLGrsk5sZTtXHoMd84opFfn2lI333j1QZuC8y3iYMZiCUyRF/1923UK06EFohE3+DqeQOaLnKQrPF44NPzRV3A/eCAWIVFogRayQLs4mPWYXDojju2pcj1Njk09KOMA5xIjWYjFuZQyQaHYjaQnzzrO5BeJ8Isb0c6eeHboxkw6eeNKLvJhN+q+18m5ffFEzInHEnzvd4JGOWlq3ceqtbIYucSnnrC+tu7QJfAlWWQz6w/CRdROZl586dzTZxai0VNU/OPB/R8/kEgm3+VEElfTHwAJ/BVQkqnFrxzOTik7P31p7rK9u82VqMi3TN0jbpp+ffP0EPW1jM6hottjgUh809fr0ntqKhtxXurq7n7pye//Bz5C67hz5/bUN5QaWmCLLdDaQ2j5xqq2LjaepPPiYlPlEIXpcXu6XGAygmnHWjWeNqc080e5gcdG9kajXe9z3fgt2Yj7ITq/7+qIE0nG9CgnHM54nKbWoztrxO3SpVlndbn4Gjqy0Wxm5eV30UsbZ0dl4WSSs8+xTudo53uWPoDn8AfC+vpgpP/QdVdFsx3XkWN/FbmZUWqDAmcT9Lptikb4o2KnBBqFTv27f/WZj+0bHRw9OzEz8X//53senZqaLT2s3GSGWZ678E+z2Y2DTaZWqE6TWSDZueuv4snOU41WizZ8zuec7C87ErkXwzMrG23dkF8rWUAcnlbSuZyu1dTHximWZlg1TiYUgdMIx1OcR9vJFBihmXKkhc5OEy4tCdp/jRtNvS8Xjf0KrST8AKFeFqWrJuhYHp5aT9B6zhg5nuQMgUXbBYxcTk1NFnH/VFVdJ/fN7OprfwZnkD62Y5mFQwk4LUHgNJxLfOSWJoxMj43dHO/bf8O1iXjiXcTxkNU+ZiS0lFF3koNZygatAl9ZnPlUZmPt5lbRN9RzeyxA6y//nF66jRmdp7N5nazzajKSfPHpRz53Gu+i7alVKDW0QPNYoN08lWrq48ex85LmGE6mnI0pm37QdDKSKWlxVMTRRF5gvpj5CozoDR7S4Icg5ZlMd2eiY/CGXCx1o+NEP0hu1Y2ENUA7h3jjEG0h4jhG6znbIczPzTnLS6Wn2DOZ1d+Jpk/9HCbCC5ycPtvJLBi9FAcTzqW2D2JOD13/6Y7hvl3XxSLOtbTm4XKClh2iDB3M1nnCVpcufSS9vvxrraNxqOlWW4BmQ9Kdu0b+n7ocQdfJEp83ctHMS32Z0RPhYehb3YqhvGa3gHFqml3RGvSrpk5+HDufl7ZHMqGD39EETKbNkYZzKI6m5MvFVGY7mUBl+eJkSh4FgLnuwJCT6r/JdWI3RdzohwhyHb3kOtQGIqznVFPrNPIJkpYJOPfy4nTZSzVecdZe+xhVqKhziY6i3Ogl6LQx/LFz5ZW/FU+O7r8ilnOvocHhq3JOLmUbLnQubWs0f3ptZeHdG6sLn25+TUMNt8sCtLB+uqtv5I4g8ukF/Y4Tib+Y3B19JTyzMogFQ5qdYgHbmWqXOldbJz+enc9LF3MyYSw4m4jLjWiiXJzFYrHAgEeB+VWAGd0EL5rcd2XWTd1EZ0K+n9Zx/goNxh2IRN0o1nDyWk5a14lRz4jbnE5nlhZGzly44GTo3NFSwc2t/ZPc+snDcCTlgxFM+ojDiRHMHNWXdwiVG73UMgocTQ13r/vgH16WiEWvoaPcr6bWGwgdzFKt0pzw9Prq2OrSxT9pTu1CrZrBApFo7I3O3uF7qtOFprsjzmkaCTiRdZKvvXDk85eqowuxQgvsbAsYZ6XNzFBtvfx4dl7SEjvlHE04mbChHMwueXEC/XmBl4p1ezBPwakEQzlws9lEMtIx8p6I2/G+SDT6QTr38SaCD8d4Sh3T6jguCSOdmFo31dPstzYivZzZmZmyN/dQrb7vrL3+h+RYmilxcTKxqQdOpr2xR5xL1ERPj/udSckDxU4jnxduvvVfDUYiK1dnMjk6+sjdR+jba7A87cJMMQtkM5mO5fmpf1usLISFFoAFYvHEs6nu3T8saQ3XXaeyNyOxyOuJ/vib4UhlSUuFBaEFSlqgXTvLWurlx7XzBelyTiasLI5kJUcTuOI4+uNiZYBRYH0EX4E8D7EYXGDpSG9/PD50I/3lfqPrROkQbffdtLOlCyObsmMdxybReZ2a7eZHZCvn0sVZci7XygmbyK2e/wTdpHYeI5biWCL2j14in0qleAQTm3uKrb3Ugmyn0k4X08OU3/zJ2zuzizNXRbK5qzNO5kpqjLa8g76YEVoNtnhp8t/SUUUdraZ3qO/WWIB2j/+YdpHn3QZBS40WIhH3dZpROXHF0K0nw7Mqt6YtQintawHbgWq3WtZSNz+unS9Ii5MJg9mbgJC3p82RF0cTaXE+xekrBZNyiYEnaYkBo2B0qwJegJuLjh2IJjrJ4YzdQkdrfJDmgQ7RC5YGNzG6qTYQISbHTUlr4PcGrbm8NHuR7FP6zEuq3bSbWfxkbuMsrlOr6Fxi5FJGL33OJTQXR1FiqY0/L3CJi5bfeuvtsXnn/AFadXAol3UOkv33CEEYb78Fluam/iSXzYxtvyahBs1ogURHz32JVM9r9IfqFC0rej0Td048/7M7x5tR11Cn0AKtagHjdLRqBSroXUv9/Lh2vmi6GkcT+oljWa2zCRrbYSyWLgYDHQWjq4VTDGZwBS+XS8UiHUPX09Q6OZ2RX8m60fcT4Qg5beR1aocTzidNtXtSWGbVX5lM2llcXHRWlkpcBSmcXGcqt7H8j93MmRerdS5B6nMwxTmUGCil0ijzBxvXX5aX59HN5ZkDbmaDjj9yD1Jhfx5CmNlSCywtXPiHufQGjqMKQ2iBAgvEO3s+k0jtPhyupywwTQgILdAwCxjHo2Ecm4tRrfUrhm/DiqbLOZowh4xqIi3OJtLicNowcfb8uDa8xrTR2aYj/sXgBbBMtL8nHu+/kQ6Epw/tWnfcG+iv/l7/ek5y7KBy0YBNPOtra87ayirdMY5D1Mv7bXTe5YO5tZl/7jjT0+WcSwgrtvZys0cvi1bSB7z51/5NXyS9cJAGaA/RoVUHqLjbhxJmN9ECK0sXfyOzvvqhTRQRsm5hCwx0dPc9++y98y1chVD10AJNbwHjUDS9psEVrLWOxfD9MDtv0sUcTahtO5h22nYsxdkEvg33OYWmzIbbadBLXmIbhjQFo7ONI/BiMBAZeJxvIaKzOeM300LID9PapavIEUxg/SaOR6IjQIBOutJKRfKw0hsbnK/0RUcEvUU3sPy5u/7WN4Gr11maqXGSwTvGUYa037kE3Fp7KV6sxCgulUZZsWDjFyuvGnbjb/3ZUHTNOUg2OUjHIB0gTZJVE4eINVtgdWn+A+n1xd+pmTAkaHsL0Pvq4okXvzvY9hUNKxhaYJstYByNbdZjs8XXWs9i+H5YybztaKJisk4TadvBtNO2Uwm8Wh1O0BgHMECaSLg+Ng+BUZzH24brMlq5ue+6SDR1Yy4a/zt0vM8HiBntuC5/eDloCW+BHK4jTnb9e7n1t79PTqVxKOFgyqdG55LVwhcFcRIlVlAPLnl/7Mf3lwfO33777ZHvPDY5GstGDpI3vp9uMNrnP3szMPOQkC2wsbZw1drywmdCc4QW8FuAHMzj5GDe4oeH+dACoQUaawG/k9RY7s3Frda6lsL3w8vmq3U2YSrb4UTedjpth9Nf5nMK8+ikTGLQVpMmNFMvG9+G+3khLwG3EEU7d19Nh8GP0EjndSR1mA7iBM+Im8ucpB2+b2ecjXF37Z0XyYnMgA7OpMTiWCIW5xIxyu2RS+Rl3SXSVRxLBLRqnMdqcMCr7gD73nLbnwxm3eReN7dxGZloL60qGCY1TRvULWSHMUin13avLsz82Q6rdljdaizgut964xff/QfVoIY4oQVCCwS3QOmFc8F5tgulOBj+Tt4PlzzqDdy8vLUekM/RlLuxqzESOZwGDc6V7XDCybKczoIyyynkMnHeAK8mLfWw8QmWVz9fmdEViVhsadFZX3pOG8OcNwfZYiCaSKclnTSeoEcqQSe6CawBziXY2kHE2zB/uhocP03gvK4zrjHC5xdg9OlP3544PTW9N+1maHTT3UfrUil2wmN3YJwqQiySCA/DrsJOOxGF/s49uRPrHdY5tMBWW8DvPG21/K2WF7S+5eiKlVWE+Uc2YQh7Kh15/4imH2Y7nCizHE5ki45k+uHIW85oVWk/DfI6FKu3lBmnTZxIFEhaHEobZjuXcKhRBhhGLJEuMnIJsMjxxyhDELjKFf+uBqc45SZCf/U3/+XAWnp1H91ftI/aHo4nHY0UjnKWMvnS7MT/TksPws1VpQy0Q+F0tNifnnjhe3ft0OqH1Q4tsGUWKOcQbJkS2yConnqXoy1VVjW8GscT9vI7n/58OefTX2Y7mHaZDYdMf74UDPBSQRxKlBdLi1OJcqRLOZYol9HgEtPiQPE7iv48cPyhGhw/zbbkb/7jv4hn33xxLOpE9tA1myNkr2FMreecbDgzQS2yPDf1R7SpCmuBwxBawLNAJPr33njh24c9QJgKLRBaYDMsUMrx2QxZzcaz3rpXoi9XXqqsAF7M4YQhax3tBI3tPFY72umnQz6Io2k7k+Bh5+FI2jDJy1pLlNmjlshbu8WRRRDH0B+rUq9c8qVioS9V3tRwtA3Wc9Kuqz0ZN7Mnl4nsoRUIe8jx7G1qxTdBuZWF6U9n0uvv3gTWIcsWtkDMibzn1Re/88sWrkKoemiBlrDATh7pgCNR4NDV0GriiJTiIeVg6ccpVWbDmc5ewym6wemU0TuBVRPXsqYT/MQhlVFEy7FkPaUcuLbDiHy5IA4kcGw6gYs85Is5lqCz7GLbTNISAxXBn1fQwu9q8QopmwSi7SnrOV8WtejmodRc5MIejHbSXd3kdLrkdGZptNNp23cAndsarsOUByCMjQWyPf2nTSZMhBYILbBpFvA7PpsmqMkZN8oO1fCphFOuvGjZZo1yos3KjXTabWo5nzY4L207kygQhxJpcSpteEDnEiz8jqI/D5xioVq8YrQtB5PRzlw2NkTr0gaz2dyAG3EHCD5Alfn/2zufHymKKI5Xdc/M7qKzwiJRRE8G1hhlCRuiBCGYeDBEZf0BwZvxwEmN/gVu4sGjR2/GG8oIgr9vIiQSRFgxImHXoCAYZJEfEtxlZrvLV5Mttqa2a6Zntrune+bbyaa6ql699+rTndnv1PSPzF+7WJ66vq48ffOZzB0YJBwbATwDMza0cAwC8wh07OrFvJnWb5DCIlC81R82r1cJlHq+lI0abNqa/dJO2QT2aat5ymfTd6yrgfoqp2yTIlBfqVRC0BSeZBqUm3IbWCpfslMXmzZhKe20uerxbPtyiN4n67YtrJ1tfObajdXOmvzlXex/TF4amHHdAcfzBnzuDHDhZ0p80gP/sYJZc1RRobdqnQUFEACBZAgo4ZJMtGxEiYNJMz7D2NazCeyLcpVTHUZdeKq2sKUuRP196gAACGJJREFUKOUYJSrNfXUpgCYspYkuBm37pp2s2zbdh80G7bMETPHpcb6Unmu6mJ5i2k8nX5FgpuKL60y5vGz65uXXcOBAQBGgL1X7xk/se17VUYIACMRHIBX/COKbXkueldgIFGoteawVRNJFPd8qvgoVZGva6D4D+wyBVvUd9lpOKf7Mu9Rnk7O1q9ytpS4opZFeV6JStht563PT96Vpo7q0wRYBgVJptExuLs7+zfO4fttbffz6VHG67PQ7vl/0cm6R+16/EE6RVhWLvvD76Wmoi+YNjLiB5/PXI3YJdxknQDe7nc34FJA+CGSGAASm/VApwRIk8OyjwvUo39K6kX/dVnkPGmPa6TaBfYZ4q/om0ali3C7lHeu6ALzd0eJOkC9dVEq3Rm5m/npd31cZBbWpPrNsxtYci3oAgcOl96aoWf5dCuiuNm3bttudmPy+mC+UizMeCVBvpp8OxJ30ctA+eqh8ry9L16HSpzo9YF6Igs2Xrd3lvEx3kU3RWDyg3gapy9ppBfNcl00Z0wWBthGAwGyMXgoQXaw1HtGcRZDAaRTPHBNkX8/G7JMZV30Ywq7lazkbITAFpbQ3Y8/60HPV92W3Wbe1zbpCkRYCpdJ2+XpQeY1kqOsk5fvbPz/Get3/Jvu45/RVmNfrsFwvd2f6ZqQYFV6fz9xeR4he8pmjmzlyPhNUOpcF8+j1m9hAgD7kHAhMnAcgkBSBIGGSVOysxmkHs1ZihhlTz6ZeX1V4LvQAWgSldGsKR7MeZGNrk+22LcivzRbtGSSwcvXW/ZT2cxlMHSnHQIBWMB+jazB/iME1XIIACBgEsIJpAAlR1UVJXREWwldYEz2mHBMmbpgxpo3uO6jvdn8dcShtmt1ssYLag9pkPFu7LZdm7W1+0J5qAvxM86dGqieE5BZCINdH5wM2EACBJAhAYC6Msi5Swoi+hUWbG63HVa2N4ocd08guqF/loJd6PmHHyPE222bb9Vyw360EHHaC+d06ecxbJ8A5uzB+bJd8CQE2EACBBAhAYEYH2RRAusCKLordkxlfWdbLwzZGjtXH1bNTcVSpxtnG2NrVeFU2smvUr/yYZavjTD+oZ4AAz7sHxa2ZDGSKFOMmQG9R/S7uGPAPAiAwR8CZ28VexASkkNH/InYf2p2eg9oPM1jZ6mWr48L6CGOnbMLkYtrIsdi6iMD40T1n6BvPj100ZUzVQsBxnY8tXWgGARCIgQAEZgxQLS6VMFKlxSyRZpWDXoYJrNsH7S/Uh228Hstm06hd+sDWjQQc9nY3ThtzniMgv2S8vHX1F3Mt2AMBEIibgPo5M+448N+YQNqORRryiUoURuWn8VGERSoJrBwa+Yyeh/lsKpNDUnETEHT3+OO4ezxuzPAPArUEsIJZy6OdNSmCzL+05RO3UIt6/spfOzkidgoI8IL7JqUxnYJUkELCBEhcfgBxmTB0hAMBIgCBme7TQAkkVaYhW5VLvdKWZ70xsi/KLWp/UeYGXwkTqF6L6fIXqm/2STg2wrWPAN05/s3SRfnX25cBIoNA9xKAwMzWsQ8SaGmcQVCeSQk+FTuNXJBTGwmMj+37mjnO03Ttx402poHQyRH4JL+qsPXw4ZJ8bSk2EACBhAlAYCYMPIZwSlCpMoYQmXGZlIjNDBAkWktgYmzvQTfvbqaHcJ2s7UGtUwjQquVNWql+Z81gYcfJUqncKfPCPEAgawTScCNH1phlLd9uOMYQllk7K9uc7/DwzvwNb3In3fjzhhBiVZvTQfhoCEyTuHz/Dqfw7thYaTIal/ACAiDQKoFuEB+tsunkcZ1w3CEqO/kMTWhuJC754PDIE8zj20lsvkQn1b0JhUaYSAhwn3PxHWfO7kVObg+EZSRQ4QQEIiHQCUIjEhBwUvPmnjTjgLBM89HJcG6jo6POR/tPbPQ9sV0w8SJN5Z4MT6eDU+fy5Z+HuCN2F3oW7fnlyK6/O3iymBoIZJYABGZmD10iiafh/ICgTORQI4hOoCo29/20yfPZCH312kKrmyv1fuwnTIDzKS7Yt8wRX+bzhb0nj5YuJpwBwoEACDRJIA0CosmUYZ4yAlGcQxCRKTuoSKeWwCPDIw/SK823cCa2CME2U29vrQVqkRPg7DfO+Ndc8K+WD9x14MCBD/Ec08ghwyEIxEcgCnEQX3bwDAIgAAIpI7B+/ba+f6bKT9JrEZ5igm8SnK2hFU43ZWlmLx3OJ+kf0iH6tnkgx91vTv20ZyJ7k0DGIAACigAEpiKBEgRAAARaIDC44dUiu3F1AwmjjYyLTXTj0Dpy09OCqy4bwv8kXgfpTTsHhcMPTRz/9FSXAcB0QaCjCUBgdvThxeRAAASSJrB58yu9F69dXesJPkwfsGtpdXMtXcf5MP20nks6l9TEo9VJyuU4PUaI/pzj9ADmo6fG9p5NTX5IBARAIHICEJiRI4VDEAABEKglIEXnX9f+fZQLMewzf4gx/hB9+A7SaufyWsvM16bpuskJugv/NInJX6WY7Onhx34+svd85meGCYAACDRFAAKzKVwwBgEQAIHoCMif1/nUlVXMF4O+YIN0TedKWu18gCLcT9d43kdCrRBdtGg8kYC8wpggwcjP00/cvwvGT9MFqKcp7/EdI2vO0R348jFC2EAABLqcAARml58AmD4IgEA6CciHwA8NvbCskuf3i4q3QnBnhc/E3fShvZiu91wiSxJ6S2h/MYk+Wd5BMyFBKvLUV7D/JC+fIykqZEOvUeQVEoa36Gf86yQUr1LbNfJTLemO+auCUxvnF2k18rzLcxf6e9gFvNs7necLsgKBtBGgzxNsIAACIAACnUhAvhKzUpkq3CrmneV5v7Js2c1KqVTyOnGumBMIgEC6CPwPTxVl/Mo4A8IAAAAASUVORK5CYII="/>
-</defs>
-</svg>
+<svg fill="none" height="250" viewBox="0 0 350 250" width="350" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><filter id="a" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="206.608" width="128.614" x="35.5017" y="33.2144"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" result="hardAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset/><feGaussianBlur stdDeviation="5.38753"/><feColorMatrix type="matrix" values="0 0 0 0 0.0196078 0 0 0 0 0.0196078 0 0 0 0 0.0196078 0 0 0 0.2 0"/><feBlend in2="BackgroundImageFix" mode="normal" result="effect1_dropShadow_9_535"/><feBlend in="SourceGraphic" in2="effect1_dropShadow_9_535" mode="normal" result="shape"/></filter><filter id="b" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="216.2" width="307.354" x="29.5827" y="9.80316"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" result="hardAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset/><feGaussianBlur stdDeviation="1.3582"/><feColorMatrix type="matrix" values="0 0 0 0 0.639216 0 0 0 0 0.654902 0 0 0 0 0.717647 0 0 0 0.25 0"/><feBlend in2="BackgroundImageFix" mode="normal" result="effect1_dropShadow_9_535"/><feBlend in="SourceGraphic" in2="effect1_dropShadow_9_535" mode="normal" result="shape"/></filter><filter id="c" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="49.0156" width="49.0156" x="174.492" y="80.4922"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" result="hardAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset/><feGaussianBlur stdDeviation="2.25389"/><feColorMatrix type="matrix" values="0 0 0 0 0.0862745 0 0 0 0 0.101961 0 0 0 0 0.156863 0 0 0 0.35 0"/><feBlend in2="BackgroundImageFix" mode="normal" result="effect1_dropShadow_9_535"/><feBlend in="SourceGraphic" in2="effect1_dropShadow_9_535" mode="normal" result="shape"/></filter><filter id="d" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse" height="99.9677" width="99.9677" x="222.107" y="8.98615"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" result="hardAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset/><feGaussianBlur stdDeviation="5.61816"/><feColorMatrix type="matrix" values="0 0 0 0 0.0196078 0 0 0 0 0.0196078 0 0 0 0 0.0196078 0 0 0 0.2 0"/><feBlend in2="BackgroundImageFix" mode="normal" result="effect1_dropShadow_9_535"/><feBlend in="SourceGraphic" in2="effect1_dropShadow_9_535" mode="normal" result="shape"/></filter><linearGradient id="e" gradientUnits="userSpaceOnUse" x1="15.5674" x2="135.688" y1="197.18" y2="76.2984"><stop offset="0" stop-color="#303e68" stop-opacity="0"/><stop offset=".232881" stop-color="#303e68" stop-opacity=".077707"/><stop offset=".596368" stop-color="#303e68" stop-opacity=".290587"/><stop offset="1" stop-color="#303e68" stop-opacity=".6"/></linearGradient><linearGradient id="f" gradientUnits="userSpaceOnUse" x1="134" x2="251" y1="203" y2="121"><stop offset="0" stop-color="#303e68" stop-opacity=".6"/><stop offset=".403632" stop-color="#303e68" stop-opacity=".290587"/><stop offset=".767119" stop-color="#303e68" stop-opacity=".077707"/><stop offset="1" stop-color="#303e68" stop-opacity="0"/></linearGradient><linearGradient id="g"><stop offset="0" stop-color="#44527a" stop-opacity="0"/><stop offset=".0850421" stop-color="#44527a" stop-opacity=".102268"/><stop offset=".303978" stop-color="#44527a" stop-opacity=".319935"/><stop offset=".527598" stop-color="#44527a" stop-opacity=".476013"/><stop offset=".756823" stop-color="#44527a" stop-opacity=".569308"/><stop offset="1" stop-color="#44527a" stop-opacity=".6"/></linearGradient><linearGradient id="h" gradientUnits="userSpaceOnUse" x1="101.243" x2="238.242" xlink:href="#g" y1="189.257" y2="122.738"/><linearGradient id="i" gradientUnits="userSpaceOnUse" x1="129.096" x2="210.334" xlink:href="#g" y1="193.637" y2="161.086"/><clipPath id="j"><path d="m0 0h350v250h-350z"/></clipPath><g clip-path="url(#j)"><path d="m28.0375 63.0799c20.0246-13.8153 39.9096 5.2306 83.3525.0702 60.422-7.1772 66.966-54.80286 123.329-58.75409 6.823-.47831 50.865-2.88 80.925 28.61699 26.174 27.4265 25.353 63.3783 25.177 71.099-1.574 68.868-72.372 108.003-75.631 109.723-1.191.629-2.126 1.106-2.762 1.43-78.819 40.172-197.1621 16.017-236.703-47.299-21.73706-34.808-23.27201-87.2348 2.3125-104.8861z" fill="#303e68" opacity=".17"/><g filter="url(#a)"><path d="m153.034 65.272-33.884 113.887c-.24.711-1.066 2.854-3.322 4.366-2.749 1.841-5.625 1.407-6.251 1.297-16.8105-3.742-33.6206-7.484-50.4307-11.226-1.4559-.567-2.9115-1.134-4.3674-1.701 17.2416 3.769 34.4833 7.539 51.7251 11.309 3.556.767 7.368-1.645 8.479-5.368l33.884-113.8864c.866-2.9339-.189-5.8455-2.423-7.3236-.367-.2444-.767-.4445-1.2-.6112l3.334 1.078c3.556.7779 5.567 4.4563 4.456 8.1792z" fill="#252e4f"/><path d="m84.6841 228.889-30.9657-6.603c-3.8405-.819-6.0884-4.596-4.9953-8.393l12.2001-42.381c1.0931-3.797 5.1297-6.233 8.9702-5.415l30.9656 6.604c3.841.818 6.088 4.595 4.995 8.392l-12.1998 42.381c-1.0931 3.797-5.1296 6.234-8.9701 5.415z" fill="#0d1435"/><path d="m85.9404 228.889-30.9657-6.603c-3.8405-.819-6.0884-4.596-4.9953-8.393l12.2002-42.381c1.093-3.797 5.1296-6.233 8.9701-5.415l30.9653 6.604c3.841.818 6.089 4.595 4.996 8.392l-12.2004 42.381c-1.0931 3.797-5.1297 6.234-8.9702 5.415z" fill="#0d1435"/><path d="m82.5142 227.868-30.9657-6.603c-3.8405-.819-6.0884-4.596-4.9953-8.393l12.2001-42.381c1.0931-3.797 5.1297-6.234 8.9702-5.415l30.9657 6.603c3.8408.819 6.0888 4.596 4.9948 8.393l-12.1997 42.381c-1.0931 3.797-5.1296 6.234-8.9701 5.415z" fill="#252e4f"/><path d="m103.498 181.145c-.823 3.011-1.634 6.023-2.456 9.023-2.5006-.555-5.0121-1.1-7.5126-1.655-2.3116-.512-4.634-1.023-6.9456-1.534-.5112-.111-1.0223-.222-1.5335-.333-2.3116-.512-4.6232-1.023-6.9345-1.534-.4447-.089-.8891-.189-1.3336-.289-2.3116-.511-4.6232-1.022-6.9348-1.522-2.0335-.456-4.0673-.901-6.101-1.345l-2.0447-.534-.0222.078c-1.9114-.422-3.8231-.844-5.7342-1.267.7444-2.945 1.4889-5.89 2.2226-8.823 15.1136 3.245 30.2163 6.49 45.3301 9.735z" fill="#1b2243"/><path d="m63.7464 181.956c-.6889-.156-1.378-.311-2.0669-.456l.0223-.078z" fill="#572dd1"/><path d="m68.617 183.026c-3.2349 11.171-6.4698 22.342-9.7047 33.514l-6.868-1.789 9.6352-33.251c.6889.152 1.378.304 2.0669.456 1.6235.357 3.2471.713 4.8706 1.07z" fill="#7e8493"/><path d="m93.5294 188.513-9.6905 33.628-6.8678-1.778 9.6127-33.384c2.3116.511 4.634 1.022 6.9456 1.534z" fill="#7e8493"/><path d="m76.7822 184.823-8.5906 29.583-6.8678-1.778 8.5236-29.327c2.3116.5 4.6232 1.011 6.9348 1.522z" fill="#7e8493"/><path d="m85.0503 186.646-8.6794 29.894-6.8678-1.789 8.6126-29.639c2.3114.511 4.623 1.022 6.9346 1.534z" fill="#7e8493"/><path d="m145.316 56.1004c-.366-.2444-.766-.4445-1.2-.6112-.267-.1-.544-.1778-.833-.2445l-51.0204-11.113c-3.5561-.7669-7.3792 1.6447-8.4905 5.3676l-33.8726 113.8867c-1.1113 3.723.8891 7.401 4.4452 8.179l2.1339.467 48.8974 10.646c3.556.767 7.368-1.645 8.479-5.367l33.884-113.887c.867-2.9339-.189-5.8455-2.423-7.3236zm-25.582 15.8584c-1.7 4.3674-6.123 6.7123-9.89 5.2565-3.757-1.467-5.446-6.19-3.746-10.5463 1.69-4.3563 6.113-6.7123 9.88-5.2454s5.445 6.1788 3.756 10.5352z" fill="#252e4f"/><path d="m145.316 56.1004c-.366-.2444-.766-.4445-1.2-.6112-.267-.1-.544-.1778-.833-.2445l-51.0204-11.113c-3.5561-.7669-7.3792 1.6447-8.4905 5.3676l-33.8726 113.8867c-1.1113 3.723.8891 7.401 4.4452 8.179l2.1339.467 48.8974 10.646c3.556.767 7.368-1.645 8.479-5.367l33.884-113.887c.867-2.9339-.189-5.8455-2.423-7.3236zm-25.582 15.8584c-1.7 4.3674-6.123 6.7123-9.89 5.2565-3.757-1.467-5.446-6.19-3.746-10.5463 1.69-4.3563 6.113-6.7123 9.88-5.2454s5.445 6.1788 3.756 10.5352z" fill="url(#e)" opacity=".6"/><path d="m151.906 64.7464-33.883 113.8866c-.241.711-1.067 2.855-3.323 4.366-2.749 1.841-5.624 1.407-6.251 1.297-16.8101-3.742-33.6202-7.483-50.4304-11.225-1.4558-.568-2.9114-1.135-4.3673-1.702 17.2415 3.77 34.4833 7.539 51.7247 11.309 3.556.767 7.368-1.645 8.479-5.367l33.884-113.887c.867-2.9339-.189-5.8455-2.423-7.3236-.366-.2444-.766-.4445-1.2-.6112l3.334 1.078c3.556.7779 5.568 4.4563 4.456 8.1792z" fill="#0d1435"/><path d="m115.278 58.2119c-5.246-2.0337-11.191.6891-13.291 6.09-2.1009 5.4009.455 11.4242 5.7 13.4579 1.934.7557 3.968.8557 5.868.4112.022 0 .045 0 .056-.0112 3.178-.7556 5.99-3.0561 7.312-6.39.022-.0333.034-.0666.045-.1 2.1-5.4009-.456-11.4242-5.69-13.4579zm4.456 13.7469c-1.7 4.3674-6.123 6.7123-9.89 5.2565-3.757-1.467-5.446-6.19-3.746-10.5463 1.69-4.3563 6.113-6.7123 9.88-5.2454s5.445 6.1788 3.756 10.5352z" fill="#0d1435"/><path d="m116.278 59.9122c-4.434-1.7225-9.591.8669-11.502 5.8011-1.912 4.923.133 10.3128 4.578 12.0354 1.378.5334 2.812.6557 4.201.4223.022 0 .045 0 .056-.0112 3.089-.5334 5.934-2.8227 7.246-6.201.022-.0667.044-.1222.066-.189 1.789-4.8786-.256-10.1573-4.645-11.8576zm-6.434 17.3031c-3.757-1.467-5.446-6.19-3.746-10.5463 1.69-4.3563 6.113-6.7123 9.88-5.2454s5.445 6.1788 3.756 10.5352c-1.7 4.3674-6.123 6.7123-9.89 5.2565z" fill="#7e8493"/><path d="m113.081 127.474c3.871-9.968-.837-21.095-10.515-24.853-9.6781-3.7584-20.6615 1.276-24.5322 11.245-3.8708 9.968.837 21.095 10.515 24.853 9.6781 3.758 20.6612-1.276 24.5322-11.245z" fill="#0d1435"/><path d="m112.683 128.5c3.639-9.373-.56-19.749-9.379-23.173-8.8201-3.425-18.9206 1.398-22.5604 10.771-3.6398 9.374.5594 19.749 9.3791 23.174s18.9203-1.398 22.5603-10.772z" fill="#ffea83"/><path d="m112.683 128.5c3.639-9.373-.56-19.749-9.379-23.173-8.8201-3.425-18.9206 1.398-22.5604 10.771-3.6398 9.374.5594 19.749 9.3791 23.174s18.9203-1.398 22.5603-10.772z" fill="#7e8493"/><g fill="#0d1435"><path d="m92.7356 113.088 3.6742.993.3033 7.348 4.8939-6.322 3.575.794-10.8244 14.267-3.8397-.795 3.0453-3.939z"/><path d="m101.65 111.885c-.07 0-.141-.026-.194-.079-.225-.22-.706-.611-1.421-.77-.716-.157-1.326-.004-1.625.103-.1457.049-.305-.024-.3551-.168-.0515-.145.0228-.303.167-.356.434-.155 1.1199-.301 1.9351-.122.805.18 1.362.598 1.687.917.109.107.111.283.005.392-.055.056-.128.083-.199.083z"/><path d="m102.7 110.506c-.07 0-.141-.027-.196-.08-.334-.33-1.053-.908-2.12-1.078-.8753-.14-1.6007.049-2.0574.231-.1396.055-.3035-.012-.3612-.154-.0576-.143.0122-.305.1548-.361.522-.209 1.3551-.424 2.3518-.265 1.219.195 2.041.855 2.424 1.231.109.108.109.284.001.393-.053.056-.126.083-.197.083z"/><path d="m103.815 109.293c-.07 0-.138-.026-.192-.078-.453-.435-1.424-1.199-2.852-1.43-1.1607-.189-2.1379.051-2.7494.286-.1381.053-.3035-.017-.3582-.16-.0546-.143.0167-.304.1609-.359.6753-.259 1.7542-.523 3.0347-.315 1.578.254 2.65 1.098 3.149 1.578.111.106.114.282.008.393-.055.057-.128.085-.201.085z"/></g></g><g fill="#fff" filter="url(#b)" opacity=".8"><path d="m40.8943 94.3597c1.0911 0 1.9757-.8845 1.9757-1.9757 0-1.0911-.8846-1.9757-1.9757-1.9757-1.0912 0-1.9757.8846-1.9757 1.9757 0 1.0912.8845 1.9757 1.9757 1.9757z"/><path d="m34.2748 155.276c1.0912 0 1.9757-.885 1.9757-1.976s-.8845-1.975-1.9757-1.975c-1.0911 0-1.9757.884-1.9757 1.975s.8846 1.976 1.9757 1.976z"/><path d="m298.561 107.507c1.091 0 1.976-.884 1.976-1.976 0-1.091-.885-1.975-1.976-1.975s-1.976.884-1.976 1.975c0 1.092.885 1.976 1.976 1.976z"/><path d="m246.082 16.471c1.091 0 1.975-.8846 1.975-1.9757 0-1.0912-.884-1.9757-1.975-1.9757s-1.976.8845-1.976 1.9757c0 1.0911.885 1.9757 1.976 1.9757z"/><path d="m49.3109 102.872c.633 0 1.1461-.513 1.1461-1.146s-.5131-1.146-1.1461-1.146c-.6329 0-1.146.513-1.146 1.146s.5131 1.146 1.146 1.146z"/><path d="m128.107 211.313c.633 0 1.146-.513 1.146-1.146s-.513-1.146-1.146-1.146-1.146.513-1.146 1.146.513 1.146 1.146 1.146z"/><path d="m140.838 223.287c.633 0 1.146-.513 1.146-1.146s-.513-1.146-1.146-1.146-1.146.513-1.146 1.146.513 1.146 1.146 1.146z"/><path d="m303.78 143.446c.633 0 1.146-.513 1.146-1.146s-.513-1.146-1.146-1.146-1.146.513-1.146 1.146.513 1.146 1.146 1.146z"/><path d="m332.766 118.687c.803 0 1.454-.651 1.454-1.454s-.651-1.454-1.454-1.454-1.454.651-1.454 1.454.651 1.454 1.454 1.454z"/><path d="m277.644 181.626c.998 0 1.808-.809 1.808-1.808 0-.998-.81-1.807-1.808-1.807s-1.808.809-1.808 1.807c0 .999.81 1.808 1.808 1.808z"/><path d="m325.419 101.821c.633 0 1.147-.513 1.147-1.146s-.514-1.1462-1.147-1.1462c-.632 0-1.146.5132-1.146 1.1462s.514 1.146 1.146 1.146z"/><path d="m146.9 15.0733c.633 0 1.146-.5131 1.146-1.1461 0-.6329-.513-1.146-1.146-1.146s-1.146.5131-1.146 1.146c0 .633.513 1.1461 1.146 1.1461z"/></g><path d="m261.392 90.7662h-2.638c-1.577 0-2.855 1.2779-2.855 2.8543v17.5365c0 1.577 1.278 2.855 2.855 2.855h2.638c1.576 0 2.854-1.278 2.854-2.855v-17.5365c0-1.5764-1.278-2.8543-2.854-2.8543z" fill="#1b2243"/><path d="m247.086 64.7426-48.869.5839-48.869-.5839s10.262-5.1023 12.263-14.6368c1.445-6.8636 2.948-19.0018 3.676-25.2337.287-2.4793 1.962-4.5758 4.317-5.3895 6.921-2.4027 16.733-4.8534 28.613-4.9873 11.88.1339 21.692 2.5846 28.613 4.9873 2.355.8137 4.03 2.9102 4.317 5.3895.728 6.2319 2.231 18.3701 3.676 25.2337 2.001 9.5345 12.263 14.6368 12.263 14.6368z" fill="#4a5688"/><path d="m247.086 195.593-48.869-.584-48.869.584s10.262 5.102 12.263 14.637c1.445 6.863 2.948 19.002 3.676 25.233.287 2.48 1.962 4.576 4.317 5.39 6.921 2.403 16.733 4.853 28.613 4.987 11.88-.134 21.692-2.584 28.613-4.987 2.355-.814 4.03-2.91 4.317-5.39.728-6.231 2.231-18.37 3.676-25.233 2.001-9.535 12.263-14.637 12.263-14.637z" fill="#4a5688"/><path d="m238.864 62.7397h-81.294c-10.842 0-19.632 8.7897-19.632 19.6325v95.5908c0 10.843 8.79 19.633 19.632 19.633h81.294c10.843 0 19.632-8.79 19.632-19.633v-95.5908c0-10.8428-8.789-19.6325-19.632-19.6325z" fill="#0d142d"/><path d="m234.886 68.0158h-73.337c-9.059 0-16.403 7.3436-16.403 16.4024v91.4988c0 9.059 7.344 16.403 16.403 16.403h73.337c9.058 0 16.402-7.344 16.402-16.403v-91.4988c0-9.0588-7.344-16.4024-16.402-16.4024z" fill="#e1e5ed"/><path d="m234.886 68.0158h-73.337c-9.059 0-16.403 7.3436-16.403 16.4024v91.4988c0 9.059 7.344 16.403 16.403 16.403h73.337c9.058 0 16.402-7.344 16.402-16.403v-91.4988c0-9.0588-7.344-16.4024-16.402-16.4024z" fill="url(#f)"/><g opacity=".7"><path d="m238.071 131.574h-78.942c-1.728 0-3.129 1.401-3.129 3.129v14.567c0 1.728 1.401 3.129 3.129 3.129h78.942c1.728 0 3.129-1.401 3.129-3.129v-14.567c0-1.728-1.401-3.129-3.129-3.129z" fill="#4a5688"/><path d="m238.071 131.574h-78.942c-1.728 0-3.129 1.401-3.129 3.129v14.567c0 1.728 1.401 3.129 3.129 3.129h78.942c1.728 0 3.129-1.401 3.129-3.129v-14.567c0-1.728-1.401-3.129-3.129-3.129z" fill="url(#h)"/></g><g opacity=".7"><path d="m238.071 155.375h-78.942c-1.728 0-3.129 1.401-3.129 3.129v14.567c0 1.728 1.401 3.129 3.129 3.129h78.942c1.728 0 3.129-1.401 3.129-3.129v-14.567c0-1.728-1.401-3.129-3.129-3.129z" fill="#4a5688"/><path d="m238.071 155.375h-78.942c-1.728 0-3.129 1.401-3.129 3.129v14.567c0 1.728 1.401 3.129 3.129 3.129h78.942c1.728 0 3.129-1.401 3.129-3.129v-14.567c0-1.728-1.401-3.129-3.129-3.129z" fill="url(#i)"/></g><path d="m183.502 146.036h-1.248c-.14 0-.256-.034-.348-.102-.088-.072-.152-.16-.192-.264l-.648-1.77h-3.594l-.648 1.77c-.032.092-.096.176-.192.252-.092.076-.206.114-.342.114h-1.254l3.408-8.676h1.65zm-5.616-3.276h2.766l-1.056-2.886c-.048-.128-.102-.278-.162-.45-.056-.176-.112-.366-.168-.57-.056.204-.112.394-.168.57-.052.176-.104.33-.156.462zm6.426 5.286v-8.166h.906c.096 0 .178.022.246.066s.112.112.132.204l.12.57c.248-.284.532-.514.852-.69.324-.176.702-.264 1.134-.264.336 0 .642.07.918.21.28.14.52.344.72.612.204.264.36.592.468.984.112.388.168.834.168 1.338 0 .46-.062.886-.186 1.278s-.302.732-.534 1.02c-.228.288-.506.514-.834.678-.324.16-.688.24-1.092.24-.348 0-.644-.052-.888-.156-.24-.108-.456-.256-.648-.444v2.52zm2.88-7.11c-.308 0-.572.066-.792.198-.216.128-.418.31-.606.546v2.76c.168.208.35.354.546.438.2.08.414.12.642.12.224 0 .426-.042.606-.126.184-.084.338-.212.462-.384.128-.172.226-.388.294-.648.068-.264.102-.574.102-.93 0-.36-.03-.664-.09-.912-.056-.252-.138-.456-.246-.612s-.24-.27-.396-.342c-.152-.072-.326-.108-.522-.108zm3.905 7.11v-8.166h.906c.096 0 .178.022.246.066s.112.112.132.204l.12.57c.248-.284.532-.514.852-.69.324-.176.702-.264 1.134-.264.336 0 .642.07.918.21.28.14.52.344.72.612.204.264.36.592.468.984.112.388.168.834.168 1.338 0 .46-.062.886-.186 1.278s-.302.732-.534 1.02c-.228.288-.506.514-.834.678-.324.16-.688.24-1.092.24-.348 0-.644-.052-.888-.156-.24-.108-.456-.256-.648-.444v2.52zm2.88-7.11c-.308 0-.572.066-.792.198-.216.128-.418.31-.606.546v2.76c.168.208.35.354.546.438.2.08.414.12.642.12.224 0 .426-.042.606-.126.184-.084.338-.212.462-.384.128-.172.226-.388.294-.648.068-.264.102-.574.102-.93 0-.36-.03-.664-.09-.912-.056-.252-.138-.456-.246-.612s-.24-.27-.396-.342c-.152-.072-.326-.108-.522-.108zm3.905 5.1v-6.156h.87c.152 0 .258.028.318.084s.1.152.12.288l.09.744c.22-.38.478-.68.774-.9s.628-.33.996-.33c.304 0 .556.07.756.21l-.192 1.11c-.012.072-.038.124-.078.156-.04.028-.094.042-.162.042-.06 0-.142-.014-.246-.042s-.242-.042-.414-.042c-.308 0-.572.086-.792.258-.22.168-.406.416-.558.744v3.834zm7.526-6.252c.46 0 .876.074 1.248.222.376.148.696.358.96.63s.468.604.612.996.216.83.216 1.314c0 .488-.072.928-.216 1.32s-.348.726-.612 1.002-.584.488-.96.636c-.372.148-.788.222-1.248.222s-.878-.074-1.254-.222-.698-.36-.966-.636c-.264-.276-.47-.61-.618-1.002-.144-.392-.216-.832-.216-1.32 0-.484.072-.922.216-1.314.148-.392.354-.724.618-.996.268-.272.59-.482.966-.63s.794-.222 1.254-.222zm0 5.202c.512 0 .89-.172 1.134-.516.248-.344.372-.848.372-1.512s-.124-1.17-.372-1.518c-.244-.348-.622-.522-1.134-.522-.52 0-.904.176-1.152.528-.248.348-.372.852-.372 1.512s.124 1.164.372 1.512c.248.344.632.516 1.152.516zm7.077 1.05h-1.344l-2.448-6.156h1.23c.108 0 .198.026.27.078.076.052.128.118.156.198l1.188 3.288c.068.192.124.38.168.564.048.184.09.368.126.552.036-.184.076-.368.12-.552.048-.184.108-.372.18-.564l1.218-3.288c.028-.08.078-.146.15-.198s.158-.078.258-.078h1.17zm5.66-6.252c.388 0 .744.062 1.068.186.328.124.61.306.846.546.236.236.42.528.552.876.132.344.198.738.198 1.182 0 .112-.006.206-.018.282-.008.072-.026.13-.054.174-.024.04-.058.07-.102.09-.044.016-.1.024-.168.024h-3.804c.044.632.214 1.096.51 1.392s.688.444 1.176.444c.24 0 .446-.028.618-.084.176-.056.328-.118.456-.186.132-.068.246-.13.342-.186.1-.056.196-.084.288-.084.06 0 .112.012.156.036s.082.058.114.102l.432.54c-.164.192-.348.354-.552.486-.204.128-.418.232-.642.312-.22.076-.446.13-.678.162-.228.032-.45.048-.666.048-.428 0-.826-.07-1.194-.21-.368-.144-.688-.354-.96-.63-.272-.28-.486-.624-.642-1.032-.156-.412-.234-.888-.234-1.428 0-.42.068-.814.204-1.182.136-.372.33-.694.582-.966.256-.276.566-.494.93-.654.368-.16.782-.24 1.242-.24zm.03 1.062c-.432 0-.77.122-1.014.366s-.4.59-.468 1.038h2.784c0-.192-.026-.372-.078-.54-.052-.172-.132-.322-.24-.45s-.244-.228-.408-.3c-.164-.076-.356-.114-.576-.114z" fill="#bcc9d8"/><path d="m192.58 165.179c0 .636-.106 1.22-.318 1.752s-.51.99-.894 1.374-.846.682-1.386.894-1.138.318-1.794.318h-3.312v-8.676h3.312c.656 0 1.254.108 1.794.324.54.212 1.002.51 1.386.894.384.38.682.836.894 1.368s.318 1.116.318 1.752zm-1.65 0c0-.476-.064-.902-.192-1.278-.128-.38-.31-.7-.546-.96-.236-.264-.524-.466-.864-.606-.336-.14-.716-.21-1.14-.21h-1.686v6.108h1.686c.424 0 .804-.07 1.14-.21.34-.14.628-.34.864-.6.236-.264.418-.584.546-.96.128-.38.192-.808.192-1.284zm5.371-1.914c.388 0 .744.062 1.068.186.328.124.61.306.846.546.236.236.42.528.552.876.132.344.198.738.198 1.182 0 .112-.006.206-.018.282-.008.072-.026.13-.054.174-.024.04-.058.07-.102.09-.044.016-.1.024-.168.024h-3.804c.044.632.214 1.096.51 1.392s.688.444 1.176.444c.24 0 .446-.028.618-.084.176-.056.328-.118.456-.186.132-.068.246-.13.342-.186.1-.056.196-.084.288-.084.06 0 .112.012.156.036s.082.058.114.102l.432.54c-.164.192-.348.354-.552.486-.204.128-.418.232-.642.312-.22.076-.446.13-.678.162-.228.032-.45.048-.666.048-.428 0-.826-.07-1.194-.21-.368-.144-.688-.354-.96-.63-.272-.28-.486-.624-.642-1.032-.156-.412-.234-.888-.234-1.428 0-.42.068-.814.204-1.182.136-.372.33-.694.582-.966.256-.276.566-.494.93-.654.368-.16.782-.24 1.242-.24zm.03 1.062c-.432 0-.77.122-1.014.366s-.4.59-.468 1.038h2.784c0-.192-.026-.372-.078-.54-.052-.172-.132-.322-.24-.45s-.244-.228-.408-.3c-.164-.076-.356-.114-.576-.114zm3.836 5.19v-6.156h.906c.192 0 .318.09.378.27l.102.486c.124-.128.254-.244.39-.348.14-.104.286-.194.438-.27.156-.076.322-.134.498-.174s.368-.06.576-.06c.336 0 .634.058.894.174.26.112.476.272.648.48.176.204.308.45.396.738.092.284.138.598.138.942v3.918h-1.482v-3.918c0-.376-.088-.666-.264-.87-.172-.208-.432-.312-.78-.312-.256 0-.496.058-.72.174s-.436.274-.636.474v4.452zm8.793 1.692c-.044.104-.102.182-.174.234-.068.056-.174.084-.318.084h-1.104l1.152-2.466-2.49-5.7h1.296c.12 0 .212.028.276.084s.112.12.144.192l1.314 3.192c.044.104.082.212.114.324s.06.224.084.336c.032-.116.066-.228.102-.336.04-.108.082-.218.126-.33l1.236-3.186c.032-.08.084-.146.156-.198.076-.052.16-.078.252-.078h1.188z" fill="#bcc9d8"/><g filter="url(#c)"><path d="m199 125c11.046 0 20-8.954 20-20 0-11.0457-8.954-20-20-20s-20 8.9543-20 20c0 11.046 8.954 20 20 20z" fill="#252e4f"/></g><g clip-rule="evenodd" fill="#bcc9d8" fill-rule="evenodd" opacity=".8"><path d="m193.241 105.001c0-3.088 2.516-5.5999 5.609-5.6001 3.092.0002 5.609 2.5121 5.609 5.6001s-2.516 5.599-5.609 5.599-5.609-2.511-5.609-5.599zm2.309 0c0 1.814 1.481 3.29 3.3 3.29 1.82 0 3.3-1.476 3.3-3.29 0-1.815-1.481-3.291-3.301-3.291-1.819 0-3.299 1.476-3.299 3.291z"/><path d="m209.418 106.63 2.73 2.325c.094.067.163.165.193.277s.021.232-.027.337c-.556 1.683-1.516 3.281-2.701 4.606-.149.17-.352.244-.552.19l-.074-.025-3.439-1.177c-.755.608-1.599 1.11-2.499 1.49l-.341.137-.682 3.5c-.024.114-.082.219-.167.3-.084.08-.192.133-.307.152-.891.162-1.783.258-2.701.258-.919 0-1.81-.096-2.702-.258-.103-.017-.2-.06-.28-.127s-.141-.155-.175-.253l-.019-.072-.681-3.5c-.927-.348-1.799-.829-2.59-1.424l-.251-.203-3.439 1.177c-.222.095-.458.026-.626-.165-1.184-1.325-2.145-2.923-2.701-4.606-.042-.093-.054-.198-.035-.299s.068-.193.141-.266l.061-.049 2.729-2.325c-.092-.537-.134-1.082-.127-1.627 0-.436.018-.883.075-1.31l.052-.315-2.73-2.323c-.095-.067-.164-.166-.194-.278s-.021-.231.027-.336c.556-1.6821 1.516-3.2824 2.701-4.6092.064-.0802.15-.1406.248-.1747.098-.033.203-.0385.303-.0142l.076.0241 3.439 1.175c.766-.6232 1.619-1.1288 2.532-1.5025l.309-.1231.681-3.4976c.024-.1154.082-.2198.166-.3011.085-.0802.193-.133.308-.1506 1.783-.3561 3.619-.3561 5.402 0l.001.0011c.103.0154.2.0593.28.1264.08.067.14.1539.174.2528l.02.0726.681 3.4974c.911.3496 1.77.8222 2.554 1.4047l.285.221 3.441-1.1739c.222-.0967.458-.0274.625.1626 1.183 1.3268 2.145 2.9271 2.702 4.6092.042.093.055.197.035.299-.019.1-.068.193-.141.265l-.06.05-2.73 2.322c.097.518.126 1.08.126 1.626 0 .44-.019.885-.076 1.312zm-18.777-1.629c0 4.524 3.675 8.192 8.209 8.192s8.209-3.668 8.209-8.192-3.675-8.1927-8.21-8.193c-4.535.0003-8.208 3.669-8.208 8.193z"/></g><g filter="url(#d)"><path d="m272.091 97.7175c21.399 0 38.747-17.3478 38.747-38.7475s-17.348-38.7475-38.747-38.7475c-21.4 0-38.748 17.3478-38.748 38.7475s17.348 38.7475 38.748 38.7475z" fill="#334368"/><path d="m272.091 90.5142c17.421 0 31.544-14.1228 31.544-31.5442s-14.123-31.5442-31.544-31.5442c-17.422 0-31.544 14.1228-31.544 31.5442s14.122 31.5442 31.544 31.5442z" fill="#0d1435"/><g fill="#bcc9d8" opacity=".7"><path d="m252.906 47.2821c-.232 0-.466-.0869-.646-.2606-.372-.3568-.384-.9477-.027-1.3191 1.992-2.0724 9.371-8.8396 20.677-8.9152.065 0 .13-.0006.195-.0006 10.385 0 17.379 5.5641 19.915 7.9675.374.3548.39.945.035 1.319-.356.3747-.945.3893-1.319.0352-2.372-2.2495-8.918-7.4555-18.632-7.4555-.06 0-.12 0-.181.0006-10.576.0703-17.481 6.4031-19.345 8.3422-.183.1904-.427.2865-.672.2865z"/><path d="m251.803 64.3565h-.01c-.516-.0066-.929-.4291-.922-.9444.069-5.8062 2.423-11.2416 6.627-15.3036 4.129-3.9898 9.441-6.1053 15.072-5.9966 11.199.2467 20.308 9.3503 20.741 20.7252.02.5147-.382.9477-.897.9676-.517.0159-.947-.3826-.968-.8973-.394-10.3901-8.704-18.7051-18.917-18.9306-5.134-.1021-9.969 1.8324-13.736 5.4733-3.842 3.7131-5.993 8.6797-6.057 13.9846-.005.5113-.422.9218-.933.9218z"/><path d="m283.492 81.149c-.019 0-.036-.0007-.055-.002-2.956-.1658-8.556-1.1221-12.828-5.6563-3.348-3.5533-6.83-10.6229-4.088-15.2161.411-.6871 1.598-2.3583 3.76-3.054 2.126-.6857 4.568-.2679 6.218 1.0631 1.694 1.3648 1.911 3.1475 2.102 4.7206.164 1.3422.304 2.5015 1.292 3.357 1.504 1.3038 4.253 1.4384 5.765.2799 1.528-1.1699 1.819-3.8843.823-7.6432-1.087-4.0939-4.3-7.6426-8.384-9.2634-4.757-1.8868-10.462-.9915-14.537 2.28-3.507 2.8186-5.371 7.043-5.541 12.5561-.086 2.7642.453 5.4945 1.605 8.1174.207.4715-.008 1.022-.479 1.2289-.467.2069-1.02-.006-1.23-.4795-1.262-2.8782-1.855-5.8811-1.761-8.9245.187-6.0827 2.285-10.7774 6.238-13.9534 4.586-3.684 11.023-4.6887 16.392-2.5592 4.624 1.835 8.264 5.8638 9.5 10.5161 1.541 5.8148.04 8.433-1.491 9.6062-2.224 1.7004-5.939 1.5386-8.123-.3515-1.53-1.3263-1.737-3.0347-1.92-4.5415-.171-1.3973-.317-2.6036-1.421-3.4936-1.158-.9331-2.956-1.2289-4.478-.7395-1.601.5153-2.493 1.841-2.728 2.235-2.009 3.365.431 9.3575 3.844 12.9792 3.829 4.0633 8.896 4.9228 11.576 5.074.514.0285.908.4689.879.9835-.028.4967-.44.8807-.93.8807z"/><path d="m270.565 81.1536c-.166 0-.334-.0444-.485-.1379-2.21-1.3536-7.504-5.2518-8.957-12.2006-.437-2.0838-1.595-7.6174 2.108-12.1947 2.639-3.2589 6.745-4.9759 10.755-4.4851 3.497.4331 6.28 2.1069 7.837 4.7139 1.549 2.5937 1.418 5.2697 1.202 6.6332-.081.5093-.573.8535-1.068.7753-.509-.0803-.855-.5584-.776-1.0671.178-1.1148.288-3.296-.96-5.3851-1.255-2.1016-3.551-3.4578-6.462-3.8186-3.32-.4025-6.875 1.087-9.076 3.8074-3.148 3.8882-2.121 8.7918-1.735 10.6381 1.306 6.2386 6.104 9.7661 8.105 10.993.44.2692.578.8435.309 1.2826-.176.2871-.483.4456-.797.4456z"/><path d="m284.162 75.6014c-1.711 0-3.949-.3296-6.236-1.5949-1.261-.6977-4.353-2.7469-5.773-6.6889-.507-1.4079-.748-2.8961-.717-4.4215.011-.5153.495-.9523.953-.9132.514.0107.923.4371.912.9517-.026 1.2965.178 2.5586.608 3.7503 1.205 3.3458 3.842 5.0926 4.921 5.6888 2.368 1.3105 4.682 1.4458 6.206 1.329.493-.0464.961.3442 1.001.8582.04.5133-.345.9623-.858 1.0014-.312.0245-.653.0391-1.017.0391z"/></g></g></g></svg>
\ No newline at end of file
diff --git a/web/packages/teleterm/src/ui/Search/SearchBar.test.tsx b/web/packages/teleterm/src/ui/Search/SearchBar.test.tsx
index 8e495c28d893b..02f7dce66c785 100644
--- a/web/packages/teleterm/src/ui/Search/SearchBar.test.tsx
+++ b/web/packages/teleterm/src/ui/Search/SearchBar.test.tsx
@@ -305,7 +305,7 @@ it('shows a login modal when a request to a cluster from the current workspace f
   await waitFor(() => {
     expect(screen.getByTestId('Modal')).toBeInTheDocument();
   });
-  expect(screen.getByTestId('Modal')).toHaveTextContent('Login to');
+  expect(screen.getByTestId('Modal')).toHaveTextContent('Log in to');
 
   // Verify that the search bar stays open after closing the modal.
   screen.getByLabelText('Close').click();

From 5aed8c06e4e8eb6f894d44d0ccb3c447488e0674 Mon Sep 17 00:00:00 2001
From: Gus Luxton <gus@goteleport.com>
Date: Mon, 21 Oct 2024 17:15:20 -0300
Subject: [PATCH 24/53] teleport-cluster: set automountServiceAccountToken to
 false on ServiceAccounts when using newer Kubernetes distributions (#47701)

---
 .../templates/auth/serviceaccount.yaml        |  4 ++++
 .../templates/proxy/serviceaccount.yaml       |  4 ++++
 .../tests/auth_serviceaccount_test.yaml       | 22 +++++++++++++++++++
 .../tests/proxy_serviceaccount_test.yaml      | 22 +++++++++++++++++++
 4 files changed, 52 insertions(+)

diff --git a/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml b/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
index 0eb96f032e54c..d060ea83844ff 100644
--- a/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
+++ b/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
+{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
 {{- if $auth.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -19,4 +20,7 @@ metadata:
     azure.workload.identity/client-id: "{{ $auth.azure.clientID }}"
     {{- end }}
   {{- end -}}
+{{- if $projectedServiceAccountToken }}
+automountServiceAccountToken: false
+{{- end }}
 {{- end }}
diff --git a/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml b/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
index 7f5ecd8c2d6f4..4e26c23852c91 100644
--- a/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
+++ b/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
+{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
 {{- if $proxy.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -13,4 +14,7 @@ metadata:
 {{- if $proxy.annotations.serviceAccount }}
   annotations: {{- toYaml $proxy.annotations.serviceAccount | nindent 4 }}
 {{- end -}}
+{{- if $projectedServiceAccountToken }}
+automountServiceAccountToken: false
+{{- end }}
 {{- end }}
diff --git a/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml b/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
index 49e279933a97b..2165131bac9f4 100644
--- a/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
+++ b/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
@@ -50,3 +50,25 @@ tests:
       - equal:
           path: metadata.labels.baz
           value: overridden
+
+  - it: does not set automountServiceAccountToken if cluster version is <1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 18
+    asserts:
+      - notEqual:
+          path: automountServiceAccountToken
+          value: false
+
+  - it: sets automountServiceAccountToken to false if cluster version is >=1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 20
+    asserts:
+      - equal:
+          path: automountServiceAccountToken
+          value: false
diff --git a/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml b/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
index 70198bd939021..fe3dee41bbc00 100644
--- a/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
+++ b/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
@@ -40,3 +40,25 @@ tests:
       - equal:
           path: metadata.labels.baz
           value: overridden
+
+  - it: does not set automountServiceAccountToken if cluster version is <1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 18
+    asserts:
+      - notEqual:
+          path: automountServiceAccountToken
+          value: false
+
+  - it: sets automountServiceAccountToken to false if cluster version is >=1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 20
+    asserts:
+      - equal:
+          path: automountServiceAccountToken
+          value: false

From c0076f785b1b244ad18185e80f6873ddac7b73cf Mon Sep 17 00:00:00 2001
From: Marco Dinis <marco.dinis@goteleport.com>
Date: Tue, 22 Oct 2024 14:30:28 +0100
Subject: [PATCH 25/53] Discover Wizard: drop v13 edge case for Kube Access
 (#47794)

---
 .../src/Discover/Kubernetes/HelmChart/HelmChart.tsx       | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/web/packages/teleport/src/Discover/Kubernetes/HelmChart/HelmChart.tsx b/web/packages/teleport/src/Discover/Kubernetes/HelmChart/HelmChart.tsx
index fd253f8fc06f8..5996aa5db3dcc 100644
--- a/web/packages/teleport/src/Discover/Kubernetes/HelmChart/HelmChart.tsx
+++ b/web/packages/teleport/src/Discover/Kubernetes/HelmChart/HelmChart.tsx
@@ -350,14 +350,6 @@ const generateCmd = (data: {
     // AutomaticUpgradesTargetVersion contains a v, eg, v13.4.2.
     // However, helm chart expects no 'v', eg, 13.4.2.
     deployVersion = data.automaticUpgradesTargetVersion.replace(/^v/, '');
-
-    // TODO(marco): remove when stable/cloud moves to v14
-    // For v13 releases of the helm chart, we must remove the App role.
-    // We get the following error otherwise:
-    // Error: INSTALLATION FAILED: execution error at (teleport-kube-agent/templates/statefulset.yaml:26:28): at least one of 'apps' and 'appResources' is required in chart values when app role is enabled, see README
-    if (deployVersion.startsWith('13.')) {
-      roles = ['Kube'];
-    }
   }
 
   const yamlRoles = roles.join(',').toLowerCase();

From 913f401f4012d4b8d9ce6c96fdb8994d98055e93 Mon Sep 17 00:00:00 2001
From: Gus Luxton <gus@goteleport.com>
Date: Tue, 22 Oct 2024 10:39:08 -0300
Subject: [PATCH 26/53] [v14] docs: Fix username attribute transformation in
 Azure AD guide (#47800)

* docs: Fix username attribute transformation in Azure AD guide

* Value -> Transformation
---
 docs/img/azuread/azuread-8c-usernameclaim.png | Bin 221189 -> 163647 bytes
 .../access-controls/sso/azuread.mdx           |  10 +++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/img/azuread/azuread-8c-usernameclaim.png b/docs/img/azuread/azuread-8c-usernameclaim.png
index c4522140a05e5ec6f55e607f03367c8be91d8305..884df14c9eca109e19a225b521da4da480a8c380 100644
GIT binary patch
literal 163647
zcmagG1zc2H_diT2EhQ!0N(~{+(B0kLh~yAMgLESyT_Vz5(h}0GbW3*+F~mFG``mn<
z|NDc(XZD<PcCEekUiDo>s3=KeqP;+agM-7Am61?`gL~=?2ls>y<tgmW>?nv7_JL$A
zswfHvR~?6bXZi&8ozh%JO%V>xiyjUxAQ%qr7IrIO2M*4S4GwP41P+cr6%LNjDYIEs
z5ca^qQb*QGQ4x+2Rz`tCfX9VHgq7f7zi?r;a7e$E;ox8`!G4euLgA2MpSZ9;gIxH(
z-pob#<IShuxrl$1pV0lPB&sehD+~KnH+QkLbO6~nx@v#c-GGBbu(#FFan(^&;5T=)
zXEn8OG_zy{+dKWL0w)OOhZXHDT}>&$_HP|P{9qvUZ*TC!%D-*{s40JY#nlc-t)r+y
zDemZENy*L1#>z%5ghok8Dd=Kh#jhqI^`GjnZ$N4rS63%~0Kmh;gVlqR)zQToz|P0V
z2Vmm>aB#4|-e3WFI=GsGSsXw#zc=znI}(;4a~E4DS6fF1%3tl8nmM|;0;#Egb@b=Y
z@8h%t+y2#)1L!}~f=v+c>j{9Jl@0K}s=3-){XeSxdh&a<-{$pucY?nf;}>^)>*%8H
zWNL0H#4h+-`+vXn*WiACTg4V^`BqoL)*iM7u!#t<bF%aNr`Eq8{ky6r$kIjJ(H>UQ
zRp_r({7>b-Km2#a-x}8WTc6xqe1GrrZ;$>~_1Bd7m0fIM-I@NP`LEgi*S-I|F9`Ux
zAb(q+-&g;)yRhXKLK6i1$x1?KQLU#i))#@3l@Qec!yjZJXHH2FegiO5wp}$}JVVfm
zL<|3@R=^r%g7_S#U{>T*T|}}vAU9wV>EL<tXG%$&T^Str_stiv&v#Eo(kyFaA@zrj
zYX<&tw21>2XUfa1Zc0aOwiS$cFHqy*{<s3bx3&F7R@0RRO&|BoJa5h{n_PDjHu~QO
zA;|_H$^7?4DT(q)@qO*tCt4AN|6JG>NYU};#~<2;%N9~}!d8Q@V*Xdn03@|YxNq4>
z)MMuffAs(91%lKnI~n)FQNi38-5-Pc<LU3iq-B7Q1P;h%Y*WMIQvP<K$RSA8ReOvY
zr_DKjfS5Na{V|e1hxA)vKsLZk*=2I8>Cb7Xk-^h!eM$L(owU}?=1_dpP}BX_H2$pY
zWQdbH3o=|%GQ#*{L?Q;LL^yqZnS~q&JexY{Zr)98m=%ft9Or+CD&hjGooMjMll(uU
zr3}=N{))nH6@l(lxzMP-^yGhbDuOWc1UAo^Z}uCKe=ZL#7ko=mklT5u=OHwqnc{8E
z|EB9A(o4vf2&arcp00+{ugZTpts7&#T^wHppZ<?IiXgm_f>9?jZ#&}8byh=!Z~SWB
zLsqMRIrCNM&o%mUG_Zof3al%Gm8%qO=|5<`8Wf=4U#)#vKV}FRZ-%UY`G2fNge0s#
zv-cJPGr+($2EgESK4ArPAL9a{uY#Yo^1<ch_@3WBnXtDmHyJ;G5MVsz1}LIyP|j>Q
zxSHLl_-akn6j69|{^Y!tRJ%sr<DMa_V}Yp<U=XpNSKRRMfrijxWk5dmPOunaHtYNc
z<^N!qUu+Y&|3TzqIMDl{?PU-F>4!_?QBS0L=Do6I|BH^*jJnI&HCpDovr2z1^phI@
z&-cC@sAK6qio$}PjT>Y{&W1`z?ho#j8uvD(Pe466eYC!hith%-J~ePbM|VM(_xCbt
zIgG0iYst(H&T=QHKPZ#d(jGT+zLR6!yxnvzzFX6Z;Po*&4jT_TbS_l_m*pgc_z<Wi
z`0WXJun7-27c{MX^}I0~LFHSQK4>a=y+Fa8l|U|hl=2xb|I<2;_eP8{*3cSfieNVG
zPxjuh^OTR@j6CSh7a}?seCF6MJ)X`x$0a+m2r>)X3vKSJR6<LNogW8^z02?ET{8*`
zG$WW`JRmE!+7p3yHo!o$nRcW+bbrN_&|tsN?|uACHUYHMA44weXFvcjqO~5)Y<kar
zGXE!I{MtX1Q#djyM8F4W#h>lm$MGA3&#9--tfHqjGFb{Y6uAbzx2kauB=XTtKbQc*
z!)KX=6>?YsZIggb!*57G^thal8$t_e`@55CTcUg&%+>B@%B?rj1VGTTluUs!!{(0+
z`)m^)Z6wRnVa4)F8t1OY07HS4#)xr=LlImqZWYC^W(mCh)2=R6{x`Jz@`JC3tUCvQ
z?0pK>L$6vkcU#hGfO4(13|sY``-PA~0gLW>LJ^M7@-*8O5xi6AmPrJAj_@s=c3T6*
zP*>H{%-sU@kxa;v*V3K4k}5#q?U5n<w4eIP8ijQIY$B`ui(P#{<*N@5gXq<=A#W$^
zKAtaXJz0=@gWBhQv7@S6YZX(zO>H~n#$z+CGWkh%{pD3X4l(g7RaMnkMmqTqNgS4~
zAa{+er>L}e@Zng#&<kf2>=uvX5B|w;7hO>RI(0zB<M+FpZ8guIr+ww<_iKGQpWe>Z
zOml1hc~t#gc$e~vXFI(;Bfi(7;WNrfgp6=(95&)go^<xitj#d;@~0Rnj`vLQzf#5v
zPC=!wwua=>{q!O(Zty#9_C(6*;a0x7Y%ojP__-<<;ag&1hlSS$=A>}nxuCo8-S$@l
zyav@|2^TB(Sa-_uR>P>d|Elp9HC@_d7dc_nY^yMO2pA7K{<aE5NAWv<5CR)nNoFT-
zcyjdY@wVPZcbZQo&YDBSliu-I9^zK_VTD(S`^)<sOSgo@?OMAq^Sqs<9J}=4o-U?W
z&Zg$Fn~KytDu+wlUTF9RF8{cUr!4r&_ZD*Ljxr=mIfr_%&<OZ2o_LV;MO2B`a`1Uy
zvQh@Wrjgf;r8F_mzbTU_@-f(1ey70n?CR^Qu{^^?`(rJt^+h9^{@pc}*U^0Bj?Wlq
zucV_sV9DR0;n%I2&qp8QI+9wC#800#$ts3=awsH7XMNeRO<CbE08}jG<YhC&y_eUn
z7#v+Elw|Rl_b06EA2@Gc(#Jlt&Nzb;&&bBu#@aAAGQTR_?)}cWRzbK^zsh?8>FHkj
z++iQgBe)qNpL-AScvdUSx<Yj^q~DI|(-<GuyK*&<$uqvmv;R1C^$_EIzAw&}moZE5
z^1F#Q!O8vk<x)6Pp@}B}E@&7D5rd3~hSi%`{O2I5spPsqgO`AIu6e~h7-Se2&G)5|
zHw+*?$|R`VyD+S6=xE+iX^t>=wcoH)B`i)JPT=LFu!+Dk5aqF%%=l)vLHPq&qS)M|
zto-Iuv&)#SZ_bii73KsAw@iq|xy8C>zx18eR)1<8c~6Ud2TteClh<y0SJ@|EX8jg-
zd*-}8b4dbvfk62bR@<@i_cT)dsqE$n_jjG{U9!eLYbQIXn3%~A_r}S}(lH4YOU+O8
zJ%Sp9QHC09Ca8%8ZE~M|-zv^eX3}<l-u*pJ>JM4*yNHeFNBNX$jYWU(6d*|L2;hGk
z;?XHF`W1R6pVREAiIQLw5PpdT2*ApCo^-?s*=@#_>#b*{ZX_6?y^32XZqrw35o^z|
z5KU15+FG2@Yz(P?ztT-ypaWUPQwR`V@vd3Ko;LJsY)0>X#~tbJ`|f$d?K%?ISlXC(
zzK?BB-+@};xt0HI^C&_0LVv^~Zq62!p`Qd%AXm(sN@3X;IyTUq=spy?PUy<_#c!ga
zsIK@08U3hVY#L)2{Pj=8z4ptq9Z<)W3B0ILa50JU9!Mn9t6o%yI9F(^-NM_qc2S=`
zDrq=NRLICn;mi{Cz3=_t{vw9WanJrlwtQ;lTcBm5P}ouQ?e^S!lO_1OnAdrK+R)@f
z>5>^evT8VLXCnzAw(+P^KO(!=jdK)y#p!;P8NUYQJlhOWid`{Dx}?$lX6~gR^~RXC
zsbu}jFzzL8g%I>T0cdWScSW7XAO$cmBBFQO`Y5HENm<9Yo0fj|tIs8gW2tvbB{T^x
zXd7WAh<v6C^6gUKb+sZ+md^c(UE;U$Qj3|HFerNW!X*%2+W-+`Y>^(HwOA+i!b^ba
zah15!)2LaX(x)=J)OHWC6Lnjr=*BFvA?Q+9BsL*si}blSE2q!cQ|`gzbAjyi?2sNJ
zPAWYU42lkZdJlC9E-l~Mhfhhv$wq$r1VB{HgDe&`Ezg)$p07l~Nf|~<v~g2|ugu9=
z%c35mZ<S;CyqWWm$2L<A&3mOmWxl)nEyVq)c8)`3>(HoE#I8b|&SRzw%@}h@HyMo|
zoE`qcu8j2d9gF#GKUIua9iOHZw7xtv;yB4f)%J9rE<Rn+DW^``Ael1SwOf9@)e^8m
z$O#cv5h@*qZbwfcUmZu-GO-RJFlx{oY_k+@QgOxJ)~vYS6;|&1%b~Q_g6Y#L&Src|
zdMHpN9fm3-GQFpcABMx#^)@`>6tM%@mc?}R>VRuaKNiJC!{lQJ_s>sA@{Al*2Cv08
zYx}oZ&?6^4XdMHYLh>m%J!TT!y!pFE+wUSR#*TzvA6%{YW|aA^4<OJut#v&qR);Fd
zFMhdNmI@>Tlg-Sx^4&Tbf+B)ey!7AvC^F@4!U*`<?6yx^<||NYHK0~d<_47mgQfXA
zAejUt$IVby+v(OOU!IwN$n5~6cc~&>)_V4YVX_urq%XqRtt8nhr#Hqq{xay?>ht)?
zsBfrWRNoq_BpPD}L}zIl(bzQZ*ZICl5QsBLz)GATYhR{mjGm>>lWXm)_8=H5!)xha
zg9h+vP+m~Ja&5?%92`eRA5?GLp2m}KlRiY*DYq`AT97kqEsu==^3b%#V0I%w*-@h-
zny|<jU)q;$j^nM5bj+4tt);Jg;mILzXH$)E^I>y-7FgJOVqf$4LvrLzJnoo-T#A<B
z^P>+jZ#c&No(0eI74@V(T%Nzec~$G?uo#5jGB!A?6=JEjK&{5>&3}{Ateu+49qP@d
zt+?Ua@bgP+5&encEZJh^c>^tXYHslLc`U9YTf~h_OlATVt)9VGx9Mwe2JFa;p~)be
ze7DrXh%qK3oJ}$NC=)~Kl|XRc_lk;<I1ay?ecUdM*jW!9=vW*tt}Z};r_gLBc3OQ5
zNtchU7pzozXIJI@;>Uw)3qfAGMtF9e<Vwvf5~lGz#Lal*a&~1pZr=mN=LnFZxvV|*
z{A^3al{o*1;%%~52Kh>Lq+DJ4sf;smSvE--Lue-nVq&g+sipRq*^5iya6yxz5ecVf
zPW<_`S)@B=3rt#2YH7WSSB=7^NyneOLW<a=Vm4476BFxGK;gvpqLlL~kRV3k>3-m)
zcfjJh8%;g#xcBVxc)lFQR<^?BRd}n|M2#&h-N;-fX?OLh{T^HfZKeo}ZaRWg-OpY@
zH)!aHW*8GxrRranRbu@VLLxEWx;kDS^N_tB;k)ptwLTQQeG(=hG*?lH>~>04dN!d&
z#)!GHw7Vw|?Zb7woVV!2zVZY*i#4&la2&BKZIFV^VyZ|lC7Yv*?BnGZtI_rB;8fp5
zE}uiUUVGGri?s;|cB8u-vzwXs^Qh)DAnCOe#N%yjG*=`!)n#4ulY)_)k)5E!a+O;?
z>%5p4TE2AvV9^PARmb5y&D>!v_0bzeyl$1oX>$-?eh0OExj-SV!C}EFi&y>wvs$?x
zmt6)^AP%oLHyaMAm~-WFo8{!jz+{2E_CPATyU_I4(SE&u*+m12l(&})68ucKl<Vtb
zzswLk&5!P_$#0hjd)W`Cg8j8N+0Sn8x+k?gJ&07{phEVlGTE(Mgj#elw^#$|I4|Cg
zn$y)G%P`PUZ+LNv5g4FT<ZoSEEUaRSH(apTd17y9Wdj_G8~xYnakYS94lpH<_QKu`
zh3*Dfl3yvRv62c*B;Jv4#9G)!rQ)s<!ld829*tYaYE${iPfjAWdN(QiqPw{|TUaW}
z5JUmUYYR{@(%zJ6lJ-QPN`Vh%H^-KlhA^|FeV4ZLJ3)D8Ds}<bEKe|uu&8QD;!%yD
z(*I>e=wHEYeu-Ua3E6{G9}avteo$Vq2D^TppQ~_AN<Zk`Aia%4m785}+(=NUw4Z!O
zAsEm)2O%6PX}mRe5zZwORL@At4Y}j)MQ9`V0WAih+LrZT&vr9rsw@ZM=)umz6hPEt
zC0b8ZJ#^Go6=#g8EGs=KVAX2axT9@J8`P@XyDbnbJE(mW(T;VMG)P^aG!6;!3T<9_
zum9m?AUwpY`)*#Kq)9H<!M|eIbG^1l|F){4QPSUEpyYUuQ}|$p9246F@6AJMIwa^&
z_xiKAY9D8GH7YeXeKK@rtn9}7Ha26QedxytbC1WcgdYLe>#KVA2BKYMuYI&Fw!r$E
z_iyfcK;x>Y-=uQ6#|kPND8b%PhhEEJuI;bDj8DDj;AQ50@_Q>c9=dnS9A+)U5rXBC
z;B~Sfb2b98>#(&JPmzd=m6GxBllboAr>zSnD`9<Lo(7dmj?c<8*x16?_eB^sMCSr)
z<WT3glw&XUo|yIbaXk*G*m8L``sB8nhBA!_MF#<jR@^SXTM<jVG(hAf0+5A!Vt4v!
zb)^u;l_UN@>%A&@k}UGsPk0snO)KJK;e$g!7=xeqxK-|!@($<WYE#;B@fX}r98B!H
zC9l=r`Asy^To8HHIU5aRivqQIwqH-F``nE17|TPe*mCYu@dGF~YT=J)1D{i?e3U>%
zMU|a*ih1Q~E6DPPd*csB25or2Bk=+6>o_MC@WPZm=Yvo|2%7psUwy>pvpq%2mbG$!
z1zgh_Q0X9_iI{nwQf(xAp2=z!Ty<eGnz$u>EVfaZUT4OJGQJ;1!}{!#du~o7cyJC8
zXHy{d89i0#zz~&V2OSPh#*=~mbu(-iY@=a^#(5;Pq(*fk>>}%f_8Q&S;u~luN#|dG
z1QBA!>ep(A7^_gsZrWAyk&Kb6H^$02*$0!Whtjp`MUMyBgAMRC^I9p3if&k=_(s=X
z$#TcCYqhCJ=~lD`pEU3XBL!1%SOxRFr4fu}50(^rz=t*s3)S}cemk`x!Rz{5E-sf^
zt)DydPPR*`!n)D3;DAHPlT*|LUE(0EfZo>Bu^3x+nR(pLTVOe<Z(HC;vDNU^p_QAl
z)1$&DZm>kKn^v|$cRE4Rvo~VEdoC<y(C9Vu>CPI9@8b6sjZ{IRY!<MsiJEt9`h`*v
zvTCkE(5dcM50^ZzSoWJZ13EVF!nbc~L$%mB?4XDjV<trVhtr~pB_0{%>#C+J+jc;W
z5Z`VPmLr=_Ar3Ci*k|_W97r|FCUz+0gIDdB=%&vxE1EkTI->Y4!+t`W!Nr&#lMD|6
z156vWl51_Nt%JP$=1a&{gZI0x1|4>Ida^C$TpKeQt5=K|^7b+1t=|VR*1hb>=J5y8
z0>*$v#x*);8nXM6v9Ij%L7t*J98XU%&Bjg&q=AvZqATIe0W>Pqj>ERStqE#@)>KM*
zQ|7o*sw8Sbl9*ys`I6EO1|vIcme_pKLvH4*IgJVV;M+U1OXmm;|H?(Zmu+ZNgy+nB
zjP&27%Jmxi_ohlO=BR0CEW2+n)uy7Z5Rpn>B{Jv&OAT8Zm<^kM%tPvH>}FVXYrX0Z
zgsY4pM-dPSCatnBNorJiFJ8ZWxjXso;XAIU*ux#?=X<pRx&2$~vFzl_{po=c%~Ff2
zqb0QxSKH!>TOTNy$MxR3uS~YPlfo9q%WXCOkA7{2tvc+YIwf9i`?5!Zo<8LMM~i%-
zGEBiwqh?8|o}fLCf5Bz9S7pNIvJt=H4^<pB4u23}_i(`fsdad6g^b0he1N&{CZMX?
z@(Fy3t5#va*Q6UlG?XLU(bz5c;dr)Md|O3~h^OUnp;3ElEXNvu$z`ZKfz!I~%T96S
z;{&vEIGsz~UHb6DPr69?{b_qz-`mvqvQ8%~EHZvtbVBBM;2tqQ_#|LsBtv;H=@m`E
zsp^>MbeZlYC(Of;R|%b+NbSJGdb#CJ4u*g>BZ;LkipupH2f2M39Ptc56`4&JoLVIs
zvYW&jh8z~*HyJ-jgEo6HNj3uZ@R(`s!xz;%+P^NmIa+MGP3v^FUuZ~v_XK_SVg2z*
z^pe-U{X1)vnR@q;7x!5`D`NPJTJcsR>FBKq(QAALE$%VQ#tjNz5oe6@r4)0<NMd95
z@AdO<oeySJ=jv<|`Ra{+@?-YZ*-q~5D`aq&&)B(;`q;0ZZ4T8quS?Cf`?egY<RHE=
zcv<#S_XDe;)L;?|4L+0BnQN+>U-z8fLs8L7-SXbxDLXCst>Lr+u^Tj(G2qqpy^%K%
z$K&rl$aoP!)M#>`9K~Guf;xO7c8)oMgJ3{p^<$i1Kv1hD?0{w)GZ<nps|4L0Scc8k
zN-A1(V%L1LznntC=^;l!mpbUAMekA~W{T(X5-UhguWHbrw#$C`av`s4UIGA+am1JE
zwPzTED!Ck194|{9WuM_Q_UP`23Vg}l-oMTcFDhP!sl5YDCcz|7q1sp{GkS`sLOY?&
z=B-dx=kB`iB1?#kRD@5DP`l95sw}Wke%yUj7U#`l!w=mZ>Ufx<P=Hf<t1l60p<MX{
zNQ$A%q#Qafzg2Dz^+S2iLNB?CDx~1_VJxN797u|{Q%{Lu625O1&E}?{i1gG9o7Kq?
zWO*jIMwsFU6)^T`7dLUhNQsQtVwwpSQFx#(M0J4(mLO4V$lMgkQdKK=rJJwUWHw&b
zT`E|qG^t0gv3L^U*7`3p&!Z0>L=ADUDg^E7itx7gb*z+%EB^GN(!n3W;q3huBKpRY
z;3ucm1Bmvv5kV|#=>*8R9^baO!XJB6u3t3jA2gnHy~?xii@${jAfe3M8nELlSJ2;1
zM$YGn+E2Bc?;OHl3x@CRv%emB9m+n+a*{GaLS}|@sX)O-zR+gs>=V;9(ed8<!3`~Z
zxz`Ug+N1aGRV!-CD|lpc?qGH{=`RYieg0C)%VIXW4(MT_zSu$RkgoL+dzK_@toKJ`
z_=A`o1=xuuDCaLIy4iNxk55P&7RbJR^rtz<7P&SICY$NN*>x-W4lileYJJ$p(C4+!
zUCvUCyq)p+LFtqpBJzB`2~;>$9!CD=r}lwvi+j1x?SPDKjYWi8rZ?T|*BZ;j91_Z(
z7Oq5*c5e=9wI;qRd!#^*T9o<SF|LRz$}~%-Cm*M@%|qheRdKp(prmoTl}vr`ev-Ib
ziAj{pFueq=YBLN$+@Dw{?z_zJ!j5Q9y$*5RpPqWY8*w$D-d@)*f=2(?@o>vT{Msq^
zRb)Ns?E~}-7C8CFc%{W=x213+!R}5%zk7Js8%x6Av8=1FU3-Q9v2WqHm4-$CwTF}M
zY9Mkw?{kbRY=pjCQAFS6ZkP{d;C$>VK@y#CaAEHoW25MG^*Ise7H6@3Wwz$w$yzsu
zgmWrz!JAh+90#n$q+Rir%v!5An%F#o@}+*$n|i^Uo^?IS*KQ?R#U<aezeN!anYaOa
zdzDjP`WGJ$R+&<yQQN@|MVU1Ab!57?o5`C)DMRLQ?hTMRZGN{sW<cw;8S`<$^>PQ+
zGDXSx@$6XOB{8SfPTVWwS_t4i>)chbamBBt*op;q2s(QDezmKXpe=o;C)!>NU)fPn
zIcF5>rkuIr3AIn-zx4LdWVyf~;Z`__{{9cYA0;1ZG%-*whZVaMSqy7${n1u!@F!18
z>euCTS;f|vXeU8;@pd#K7uuewiV^+&ZnpQBcE!tYvp>63(SA0a#0}+{3L2o)GQoY$
z=M{@pM0w(VX1Po+PqjCTd487q38Y*_O_(4oUUML6C|<vf(Djw-LM3R-UCtt>hW|a}
zX+gKWrYR&kb+Zz95T;GoRY0}!RP5m^;uFjMfu9W`m6nbB=@X-Z_);hYHY+gakLtig
z<sPcJvJt!UZlh3joPWYkfghXG2Jf806Ce5W&fb!0G`)n_!gm?JbE8=Lv6fNQ0UF7i
zKmTgv5y?Nc%@j8jrij)%Z(Rvf2Y%nH4g?#|#h;a~jiAXXC9nBrq2+^X2OIIV<uS*^
zeENn-iSzr2z-D6cuN$s5zS&WmMF$jz0$F4-_;noka2JB`x{e(1sqwCID_?M~ZX%w7
zU=AofQV1>D{6bx2pW853A2l;6hIwiSn+vv-@=JKMv2gbAqN>RzPMh~H%sG1{euVH^
z41=pas4S<spL0VN_G!2Hkur4SKExk9E|j_CWlfu5335yb2ZP%5L(u9;j!67K@udTa
z0YUN-4%tSWSp9^Iq~v1bRGC>zB!kP@9ha?d4zjN-iZn-lg~-UV{b>A_LZMEYawX7!
zOjQ(7f!wAkg__DFW?eP!p0Dz7kdYZ<`IUA6uOO;IVLS9lpq5dyL@T*w5bs;gh*mar
zdoVdE7JRYy)zR7cSO-|Jk`K8j3ecXqgH1au#LPaYUj}yGov$x#)A44y!SzxhHj)5z
zTqK;4GO}ovXgHI0xNOSpF7Dz;r}-jMixrM$9Y~VTtc{GXr&(K^{*)xY%IIqMz3uNr
zMBc3Kqu`O0ZEp3tjKn2>>baRdd4)|b56s>@($-Nxp$&h@i=2&U3=6Sn*?w<M#_-#>
zx1Fmgs4U^|oTLpKUoYiAnt%yFaM`=<eJ(mPh)+eKb{;bF&lc5Umja!4mS)Ssab(fr
zYhXIw_N(O<zqo*H?ABYDAN`|o!nqrq1Sg70HpW4=+GBUC$r|;*2bPRNMrN9SguEme
zOpvlgkSJQl&12;+o;?}QeVn_6dl6xWuh7uRR{WMnL1SdaODYPj03^UrcyNiJ+lPdE
zP&iWP>Oc%-KjLvegx;0+c}z|kx17$!$pQ_~dx*?YBAy(R<IN8wt;e{nE1C|rvM>~(
za<{TLybVE14mDRS0;rRx(6!dZr=T<uHxxBqPLSg!cE{WG*|#4}wEB<kpek-SaeRyf
zYUH$)i&Q>woX?0*CB-s|(k!A=_?X_<czEcg$3t}}RWx9(OkmRiT+;UNmc1nF%D7f8
zidPkOjU<p+vm`VQnt^X6VBBbt-HyC%)ika4$4*D{%<<D$nYh-=RhaN&1EOQUFzHXR
zpg-*^i4SyWA<qs8j!x?zK?st0+bC<7xiA~1l8Evc9#=iUsF2DN)Hq&3UT|?FxsY$n
zaiTSo<lRhhN(_qW!|YLN^n3xOFJYf^K#4))L?G(bJcrs=hWSXdZS0&`XIG4@urEWz
z!7dA-h!d8*oP<WcRi<(lwQ=Y=VbU)#@)lc(du%U=v%{;j_qQ*#xKsxli^r=_8f`E-
zaKNT?`CfCmb!b>$n9;^mhL1lNrz{RZ4(A1wZfem4Hn|njA1>D8w48OIY<9qSd~nAq
z3mv#z;YQ7~0prC1N@Xyl<IW{=>@#J82?zPw#II<H=UND1K`L6eRpVH1G=$HTf?!(o
zDWfT3Vn0P3QJy3d^pwK)I?z|0a=i7Xmn4?sZ7vxY0eISz=tXgRJl6iO#}qcMo@*lN
z>9_+uo0?ha->-ZeqjEJByPIVn^C$c=re3Wk3G6(EJVgKn!*S*y+~l{dFZR(Gq~PSP
zu5GYn8p<t+hucG(0#~`gC;DfH9xLdr$tTRY!$e&HX?EO}R<?uHulq8EeD!WGb`QZ0
zPUTqw!X*p6KzB}0yAw*7m<hL?UY|TFSoc#}LMF;9T&IbXd3>lu6QiBSyegdPo&ZGU
zl^eBr57h#_d-rB!E)^D@SbLK=xA}W4xixO>Kq6lmx3_*He3w#)9Su28cMGp~$V0Yw
zJAQ~hlkt+BulI-*zpi*Z_OIMm0e{9+mZ!N8yxlQB>)=^V3e&H5(GVBtmzMhHX4;^I
zTYLJ5h0)m;Yy-*>)(IxRV3HK{jyEC3vrj#F%fT*}-40C2)W&1zX9++pRn~tVi?23>
zIkCb`zYConDg_G3Va$C5af*~(+xHRQ=+H$8T}myU9jyBFPXvwIqh9WGB3(s+GL2sD
z9B0IwL0g#n9;6uK#&X`gD_$8xE+`ue!K*maX@!c2+P-!#d~nq=0-$&VsmM4MvGIT?
zn5Y^JhDLtc^w$S|noAa1WCSc{X)AvQUVVo*G%rGPd#=p{870^)cVS#C>q4a(CO%`N
zM8>Ayy)A;CFFQ(G<~ASO{n()FAqk!o<v0%0R6?VbxUx{xeE59jC-4!(Oey`G9+QgF
zv*wF|e3q)fh5kmWiIfhdV3gxxhH;q3*^h=6j2r5B6f&xd69V3ZC~>y*vSq=QOEo^!
zx|QssQm8@1J(-vH1dgvGKcg}pSZ0;qq_K2d@{}u_sfv{`IFZ3y&iB~)IP@_Pnzf{k
z-(eZZAt~N@!Awc<yf+UP&zM<344+K=0s7hS<AIshbvRg?SR&I{(<q;uv4>KSOS^bc
zs&YhNL#m*|_$0R3dia^AY>eTM#sfDvbQaUnP&2%%opDhcXX+?!kOs+JA8ws`&-1q(
zPStLbDVqH`ox<^Z-UjxA^ImVFi%Nv%xxEoRFF-J!o0PY*LO8<*7Q!IEdcX2)9qz5f
zxtN-`XGneK^8$awk|G~Y|Cdw<nb-)Iu$Yb;(D)JD%zelDtuNgdr=VN6LAz=DD=`4W
z2c%f#U8co)&jF9*Rp;MvO9mnlt4r&^aq0lxJ9G-5@}<PDY`cH!L<u@-I9Tv6-tN9%
z@b(xOKFejAd4Ep?y#<=PmsB}76}UWLaDYuO93?t#J!ylQpP`)W-Zg!nCz1bnd5ihN
zCa)9B<x@^CwS@Os_~ALtMJ~w|k3-qH{q??DZ*<zm07FZ^y0UQjxlQUVmxe?7;9$_x
zyzb~GP*AE1v_>(bfxlH<My75?51ngnvCbBc-3-0Lbm#*Me_SlzGf(Sy!kuL8TUi|K
z{#KaYR}!y^S-$>0vCrXrd*u6#lL9gQa9>;wrRC5EF3HITLjk&ny2kk`_gSs@eCsM)
zlxR_no3$_sI&a9%N;S+8P<qFVPX`NVs7ul-rRFkRmLmX|FiDn~t|@<{0g-eSllz`f
z^&!*~CR=}}iF2Ja{TeUul+VKCl`ocdh0f8J;HzX2ty(RXQjEOau5N)r*<=t(s6AeV
z!vKYR85F^^6EAM9J51NjNwB9UE)>%v7~A_Ug25GqH*p1RY)+cOw@6Z+bbaK7@JT>x
zL2Ceq)o{@_s*UGoRy0!4KgM1`8nMt5h1$Fa03CNfi(=!$P_R-3JT9&mKgp^$J+@0}
zk!@6oIWT&&e!N~5#uGD}s}bHj?IW)posilj+Z(4^oPTEV<fHAQUnOse7@O}+vNow_
z-aHe|4J!Was87zRZzkV40}CtPGk1H1oYSDyhpu=+RKBW%uEQGP#~<tQ`)m&XfZ>QF
z;Id`&XAAnglih(2mca2Ic8zcJjE%Pwn4D##tkYAbqmEX0tj)-Ll6p-%(;WV6WOM&n
zntPJbDx3a!^IbXg9Nooy^>7uwVL;U16hs<hv>>zdsh~|U90i-{;OQx%SzHrs?Q6H;
z2HlUORE_cI*5QNta6wgwr{-cA)co6nJDYt^D2Tc?L@WZ+xQEpU=N~$IR$VW*t`pU-
zcGVVBC<O2u=?UyL?<>p@zGn-gkZTJUHJGH1L(g{;Ce`TX8@4M%gx|LeWB?247fz(O
z1gTC$i+DEz0(LgrKf`nZyu!4}LN`H%%3?Or%EfhEC$W{`bL(vB4Z_<}Yg^m%O@}Pk
zC0ZjMBi=yB!gpV;8Osm6{$lOokOy-z)9iQw)Wi`s!8icpX^G<0bp)G@`H!<5o-~1F
zQs6)^M~kTo!C1E$-B)rx5FddusNBj{c)ARE@cHF0EBL4cG6m|tB2g;2V{hSdjP~tc
zH*frL$4uLs8gV@Pku~pZHQ11U@r780so=XS<TE)-trcB!Y_Om9PsZ#*h99#b)<l=l
z+sJ#HgGpM?vfF91Dm{a8F+LthD<b060GHyfW1G%%Ugm+2^Ex2a(^=hUGtinBVe$LD
zV1Hn4PlTgD4_I`u>}-ZbBXi!jUi!Y`sL#^2v{Iq~us~Sva+7+TpquWc<JH^{y=x}c
zH@APQFa6LymNb)ax+Qu~%80R4$bu$|%tda}+9!{7LhZUO$7$caj|m8lR{a={<DG;T
z(@j|=e$c67&vUhcU_~Lu*X-}DoH>FYKMT^fA-Gg1CWMQpkm-wVV+5>ZDYp&B>$jEr
z>Be(bb)*nJAHGR6kLWpFTU+BNd^#G2bnqSrN9&q)Bkg8y2vA;;%Zi(eZ1xMwp@*4R
z+aLIDT&Jr1Q3B9L1{c_qm57u$f5IWAL~ahfItGOUv1?CGEmDIWKe}L1ArW9CUiZaO
zG|~@sK#%nMOaZU3kXpurvQFy2;+~I!3;ALB6~5+>gE@#|AmKY4ui<AXLMI>D-XRD&
zBn+{g#tIQL>D3kKCMUIrY5!R1a1TngCiJetTBdV2CV{dqPoKV}SxjHT{)l<wd=R>Q
z5W};gF*X>a#V)wInzuC~CN7@LFr>m17Tcl-b#7d74x_usB{kbJj}yj`KiDl7yCcp+
zzC1ag>cH&ECKmV<EZH)fn0hsqNmDV@-!IeIM|68H*Wp*)`i_nMVsA=5ten%0@b0!$
zxf<D&AqJ**qpF*w!5p(F|I#LsC|6}qP`UGv4R9q7I`s#&S1JyY&jUhlVA}dx`C|1O
zY6sULv3J;d{f}nKl#YAND^5~;37X#gD{qtWzB-_saw#bOY<pCJj}Y_`RmK&QVaw|{
zaJw%To+z*@do;c9h%UUh%Vs$&o@Feppg$BeBss%bHRst#xRKs$ne)8+NVyHy^OWc;
zf3<e~`pM04muB+g%Ql*{rbbX|!+QWKAIoaiyGMY>wzo)IR1j0zUTgu>uiU?)F8fE6
z#trdFC|@vfizzPFHownS!hwLNY-DlcS0LR+14YobMKNwfY{{ot6i*8YW?BRfeae}4
z=9CwAcVN^k62$wLm4XF}iSb8vLEA(^?%lvnU?}0hGkgd#)$s87?+QPP`O!8t6%0i~
zye!qr1|Kz6fk!yS36k8-{YncG!|+VIBhEH9cgTLoRwpHVss01=vo-wvjhteavW>51
zgR!>~n`jKFhP(X8n3!2inn{2)D)k5|{)?*CTctJV6CC9IUbY7+VWMF1ACh3Ma7iNc
zn7oJ1ht18@7XobU$tvdgsQK1=*Lq&f6h#y{?1bx7w^4R;pZyTeEhES&fT;MDr7OzO
zjzrQE$SwVrw^1vmu<+%icp<=!3g49YaBE*+^Kky454l-rYpv@n0@uBPqNS+MW@DVG
zsA9%|M6h9TJ+0+%D>>6m@ZO#J>V2X677%C8VbmO`aYjHtu>5r{5Z?{>1Ne}0Th8yM
zI#{AoYpXHK-MZ;8oI#jBmt!ylQ&Jmx$TLBEb;XmF#{Ryy_=B}wLb`j9Thvc+U$#0P
zmtQ{KoySQWMkW}xxHG=DZh^6N%sRtI<JYItMoV6oJ&D%A0v_Xe;$ec^fkJOJw`Y83
z$qJy=zJ2a24s%!{Isi^xa?_05(AkTxLF|e55c6n;h_>N&2P78t4*+8!CfD>=-MBZP
z=)>8j?lStDn)Cd)Tc9*d@eeMpUC3~3r()8o7$+xfT=vSK`#igk)a<t^Qb*Waj1^ap
zOPBd*YywGU)RYU;=A_!B#30vPgPy%~1Sn4*78fEM>E}zum~p9oR!Gyayxi|2V4-rI
z{gzErqP%HN_R4EfcE@8}ycQncex+eV^?0I>Jc{lj6-_aN``6KO<wM;2q>)Nk*~X^m
zV6jR4xF*i{sCkk8ABOQKdJ{q)tx6-7Qtk3ds$~UFwH)DiNEYXDAnE&lw-X2#eNW<~
zQ|zD|rCj)pR}_HikiNGX8ziVJOE*v3L)l6jD*E~>Z9bq|f<efc9fk55$t=(ao!)Pq
z<7WSGF%=9U(0U0A9JN#)f#|n9`V*_Rg^bx8V4}ts3&yF5r`U9Nx^H|4aP5XA9G;_m
zev+gUfHe%}oPLEv);m0k)x{&!j`6NWSaojZboofyr`I4F|Djj<f-cBx)n1|cic846
z_#W&yV^xXQ&)-|%BKNvunYr*xYvet9If4J85n889In0BX0z-=oCeX>drhHb;pl|cO
znpi7rzlZ3TX23|F5Qz`$_+qMAQ=ZB1CKrkYm0?in+W?D|fvat>j6Fy^&v?b388wm8
zq~@|ppan~i@c3oolMgP179OG#vhwbkt1apK;ez=^G0xm$j!^A3s86j?EJMcMo(Rdw
ziFY_Zw&}{Pbi<sc#@kx&`qHYKKwGeL8{4x+p3w7pO$#2K=`$wt5_Rx`-H;LCJ`6SK
zx`7oL8F|JC(J0xt58?J`2|>emC**VCHD%~Q$7>%q;wwDkuUWv)NR2-0Y4wMk_gMPw
zPy3Tj$tRyZ;F1Vp9*SWik@$oG4Fz7X81QlnB+)P=;&@jn{?m+0qJ=Z<Ljl%1G)ex_
zqEc+M<CAE6K>q=A2M{9MJe8E|bA;?vnV?{Xw!ZE^ej3*<t@%I*gUyS)Md$~bV|@H3
zm<-r}xm3N>mXiADwEG4U88oj8K66+OCh1V4AU)lXiiq;W)0_N!$@;@A;mdX{&|+u&
zinJ?+575J;faYBj#9A5WbF=<|W@34(-4}Y00beP8Ap7QgYvA4a({5l7?PD-1UP1Di
z5Qs#O+lYcqgg?{++mYPx$oyad+<y3h(>hwaux+u-dhF=pgK&9|f}>Wh2)tv9Su!#%
z0ek70)~Q9m?B)nA^ubdguHy_5`5Ax7_4?a0$+Vyc=&^9^3%gx=1DQ%O=)^zWt2!u@
zt|Wq9louuuhb9~km!t|FLB3SKZ5=0U8)M+FcsPr?h93u!;1defo54^XCYw!97t*ho
zFvxWi^vK(F884C4cmBfG<pAtT&J~1gT7gg>r}@*n#YFA6qQ&(n24*ybryU$lmzUl>
zEI0;o6K{LLOozk}bV9v8Drpt(<gs<uDME0_*WMVi(r=Wdll9386|EA|&jilt=l8{v
zPPe9lyz&@dr>;dF@*qFcphC-{!c%o<e9gF%Q&{B&;g6`!ex+_zIfB#;l-Q;W#UOnx
z<9$l$|KmsTiU7D$zfsA^C$I8sIi1q>`_l&{y}Ygv(iy*TIyqkVk{Co}h(Khdk#{I*
z$P9PFJk8K|z9q{}m&aj`kqa!(kVQ{-m=n?Cc+T9Onh>w6=3msS$93A?VPE)?ZE|{&
zH=C%JQ$f4Kli-s>p&`q_t^95)v3}r-!H~bB*2X7i!K2Y_MnIn@z8TYO%$Qi!3f0Oz
z$rLqz8TuK>P(!u{muC3mG3V1UqYWI;Ca3c0s9V{4@fRs$j5q5<?wsEQ{DR!z$Po?~
z>Qj`3h>I(IZfY!JeYj0c$;?7NoQ2r5%au7`WD9nO`7`q@ZD5G*K6A9%W0-d7?0ORW
z`B!v<QQJLqCNgq<v&fu#u}O!TntSNxeB0a*anEt7d5Uz)nYg6Ozg)MrcV4?t$?%m%
z|Et$J0zo!(L`QjK$gS~4ew+B7?b?8}&u4O&Y9G_8VV=yLMYVRpWCg=oW@5d`vb{~1
zc}Kbc!Q5EU>ky((B84<bVtC)1=qN`*3)y<+<UY8#7<KryiQHXUNXL>oqvYdjTub~t
zHw6y$lNN&1?CyMd2HgQsp!M+1#BI&6yPT2vYUOZ&1;F#jf+nC9n{lek%@lU}o&^RQ
z00^_9J)ZF?qZRk;7k6GWe+q5cXo=I+aL6Em?RCs(d7_+m15On23qx@<;%sg=p@;HO
zA6Up{9Imu%r}*88Sfni%o(dWs7y)6LpfvM)i=gzA`k897Y@1Tm7I(h+5}oRg<|H=?
z2Y5drStqU4-V^~(ke(_-cDVwFzY8UWgog6F$B^($S7$vZdH)^<^$oYqQC?wGzzl{M
zn)~kLRJHf^C|Rt%Kgo?|5f{q)Udn#Y^Vj;V;Oe&v1T=e8NV$#JW}n-V4CtrsLE9^+
z8!y&WtsCFdNcXEICk`emrm`)olBO(5$09a~{sU9{O5tnbxOp>DATk0r62%XB+x*$Y
zNsoYShCiiVpai{2osDXo<D$74Nsh=!mb69S+1Xr&Fg?;VD_vLX#bi_<H{r1tABZ31
zN>!G@jsm=gUV^|lslHZopKR4@OHvS5eAHo~S^H#DF)~Ytiu1J6f?TcDh`m0wI=%9T
ziF_&4*hZ2D2Bl2Oa(&=iz%v`Nh{MBBA8ryJ3Ga_EA*04>)M~SG=mFF@T0=hWsB9Zi
z$`Lx;;XGr%KkdVn)~z=CMz-+4O}TS<aFdy@2MgF+WFPW%Dxrt~E)Lg=W(pmR``oMS
zX{Yap68NMry17{O>SSUmgew3u87Avi@Dp{S-J!8RrTIgnmTHd&lbOzLwsUr?B0p0H
ze;JJvdc)mB`zJYIg+LAQuPNi^tkkJUIX_PI+Nt{fo`57Gf;8WV6}7p9J)I{m(w8nr
zMMb4nYo#c?Qxl50Cx19!Pv?7!Q3F1uR_BsU`4u|I+=q4deVHGnv;h`F$PvThCm>%|
z?Tw>2h7H}rkysF1^_<mU7FYewP~ze4Msufn`D`MLLPs+U6DmWmm`$r$s*!Ba<T4mb
zCV<prZPKrft1VvfLZL)jN=h#b7DkW?dl7WP>AuL@bUr#iE#%MC>4Np1=gs`Kx@GI0
zf6NOmq^l#CP^vznNQKGw!4=DI^D9(>27c)`iEe<k&P#(a>r0?WY9ra8et)(jDrOxF
ztF6Rrp7oj-4R`+mpXuoN_-c%HAtY;F-+p^EtH$ck7+1#c<BX9n3>f#KyP74P=lhs-
zyU)!9$nJ_(qRsE#7~g|e5+s=N4<H?O84?1Hm%@r7N@LQqU8ym0ko1?o2p_l~{?(8%
zB~<^d&Ej<+ud(UzvXU~&>nhh>HF=-TjEBZ0cm2$Tm?8Moeh*{xp7@;Y(J8#^{wCat
zJus(&85Z%GL)lX59gh*`?9FL7PW9dwbeKe;RZM^F{5+ow#hBA-xGI=jI)v9jqzFV3
zoPDjwwkZDH0|g$23Vc71NUwV}b`XRNL$l|kjqtKiMYcXZAnRq;QG|O3kqW_l#726R
zFXO6ym_#@~x@--<ilGR<zYo*FBV<yk%8gd<DuzPCxAE4_7sZs1g?#IZ2vR^*tp9*f
zA)&*2$CCT|a*zu>?9pxdMFM4IQ|$lB6%)b5Mp0d+a7RatI4p}9IDW>hoDDHGjcujh
zx{k;8&>uZauYWVp|2_wW-t#at;^qS*&-i%WvB11rSeDBb3$0;z8?hZQYp-%?a{d;E
zuxH&&<D{CF5Za@O8|SUBEW-6U*c$CtD^wy&<MNKxDAt=YQmo8>+Y|oY1$yYg3&CgB
z>93B#M3Fvj=g|<lJIU8kI7nWovt`Pcl4RJcOF^z#ZdN4OUA`xd(}WSzB6*#hNIpdf
z!f66|(hY3AZ&>g>do$DC<^x^2BJakS&v_*{vyAa^r3XMiP+Hlxb!l*t{sQO~-O6bZ
zZZY%$sHJ|ijYsvfH4W;WIyzKq-=R!AS$H*@3B74t84F$(26bsCYsWHl_APgaRP4qI
z9BG(hZ@&qg@+;%R`rx)dot#!{HI%6AuIjmL#_0-bps+Lch@*h`8vJ#({o2f*XyHzK
z!3RiQ+1I3aHVc72<UyLcl=!+~e<Z~PAXP9RWIrHrSVHKgmnb$0L@IE6SPh$L30V!|
zsU;%~l)+|(=q}$@5AWN&AuwR4r&|%bG2U_Y3z=YqMdS?(n6RX?{T?b)|7HpS4Y(=9
zb$0i54);|GtI_1oxU{O+=x`MTE%Z`;q!jWoAv=3-JyCrD_qW;+dvUTbxXqKivNJ}Z
zqeX%2*h}qDQXmXKRIiPeU5T5Qmw>$m!~dLOkny=lC}r|erEyp$-QAqYo4VNt24kQ1
z4Yg5RSrwv{dfX1%x*4CzJL3;BvmZr41qbT0bgqtJHe8LgZ`@cmuvB~tUqh^dL6m-c
zUyN4>jIsues0xRv(Q@OU7dxK1aevX`m)iFgmLD0Hh}`(63h021kece6@v0V3ee|#x
zZWfm@b@>J8bInG4xm!40&<RCcYq$BwUjIFz1N#6e)0zKWTjK%6Kej?o&@a3?5_J|2
z6nfl21`F7078`uicl+?yZukRv7%!rNb3(o-P}Dpy`cJUW9cpmBBSRh|hF+mkR)N$=
z`nx+;l+G|GEztJx`!V6i;R!Gp{3VIea9*|dmlpc(3q=b7W1XPPBlP~y{81S-1bU5(
zd)m*#?XF=?-Q3+@=86kqFXix=kQP-pPHx;f#Rjs0-e3EwsQ)pa-v{=I7CzKjUiMay
z=Wh>T!?zi)%7b}v5ks<bo0$&&Odb7mh5^E`fo#QLU;TadpS%!Oe1$a$SoB^-5duE=
zLLmdy`O=qMo1=-+gGEmEbn?jwp_nh^U>3XDef=52pKJAJ!9ft#to!;B$cX)q@dQwt
zh}F-TrgA`W_m8lCo89Q;PzqoOW)sqx_eK|=Bh1?Un@%vwRpI1X$6-Fz{(Ay}0|o+2
z^1b_?DZLfQ2*YzA;G(1v;vZfAIop2~zGBJ;n2lk2?|ZKO4+i=(_4c>I4C1du*lxoO
zu77aCzgqn5>tYpBYVCGt+oi1kTCMe10*ijb4qnJ7%=brQf{8`dr(-$704D9S_?pc@
z*+7IR2@mhUPyffn|IRfiVh9oR5K^F*1`Kt#{-vkR_Pb2bQ%pLTgo$-AhG}*0aq;mt
zi_~f?WM8R&j?RxJ=~Om3%538Be-JFqH*9uSd|kZ_%d?!^Sq_Cs5aOkW)lNs*p)iVu
z(Qo+wN8evmQE1a=YfZbKdRA=LR)0~<7L<H5U4mb_s4u!A<ZH3eP#(LaEO`3qVs~Li
zwKs+&<Le?H2$n5F3oA=kZ}<Aqf-nF7=<C#tD|40!R4??SU|X!Wo9V^%LJ&&DcYKLZ
zV3=*BS*q2PSCK;~{}0{rzuOBHNr(b|FH}xRWKd2&zcKK8Txt}$0x_TxAv7+!L|q&|
zmMr@9kxdq>TYDZgZI7_B{+*-#<lMgstD)5KHl~X{su@7L4|Q1R=bDo7K~K7{V~`N2
z0t8jo$OQJ3DKGzimj6}vZz<{(+6b~obBInWKIiquezi%I68|v$|LbV@ec8iF0%^|=
ziZ%BMblbd=j}$E|KE2iHFe=e1-KzG`t~5&i1x|&&nW<obCBxM>_?92c*UL|r8L>dI
z4pLyEVyEO=Bz_7EhbkKsib-eKJevZBE&I*+SSmz5nX!C72k5OeU8&Dds#Tt_)Z!su
zJXuiCyvHdPa>D_pV==r9J6LMbh8(X{wk1UpGSSm%QtVBYlao7H|M9;77@E#EPTjs_
z3V0|@7oR&Ux5`p;OUuC6`4j9kRLhsb9C%L?_RE-ddFb+7k~&)S{PcN#d*m6p;7bzj
zvYA5($-{)7-{fVQTsAkXrnF$XXB!!T(+$krqobx4Yj9kk*Kd5Fk&Y!#=3w+!Dv(Pq
z@VPll;Bj0ISm40NTPOd8)|C6eY@410+|z~S_P(`Wfk8#n=>}&ibn|l*FK1;#BJn@z
z)^5REO$4Q^M}714b`~&u)MaO!O4Kj+1=pL~4F|H}|BLx$tPrY`<0bY)e#h!5DrE?b
zl+Gfm+Q4+t=`;$jq6p(^Yna}Bw#z_cIgmg%?R=CxKCa?v-H%<YRo-k)C=s6x6THd5
zdsmO9<96sL^FF6Q?2QJkay|J+ZR6x<VorW{(OF_Xmtchq{wY<5m4NV*`2cu5m8z5s
zw{Uu(m*DyrzgjHn2|~P%c!#CtbZQn}h3vC}dV8%3gC=TY|NCT&7rf)ozv(^mef0G_
z=?sIpTlC<z?xAfzt1Cap+;p(UcZHy5DCP|Hw1xqH+#kS{sC}Pb=Xz(5nND;Lo9ctw
zJq7mxO=+wyY#5)0Q%{2kN?_hp);Qq&+<^=8dy<_HLgS?Pcx-9De<!^Do8u|zP-%6E
zc)+@|K(qFnTe~<hG}ecf<Mvu2n9ip;$f*3>pWAy{0cMB9h6Vg+^Y*CR=GvZx0d-*@
zBe%~=_eSm4Khf2f^t$v1QpSTKvEz*VcIoE6IOn@%>gqPR6uh=Qi`PEgNIgs6{n3<I
zeB}1)pF?;`85ROyAf>Cr@6x?-B-{05#sWfjtB9z_*jx3L?Xi~)0QTcNSO~!dB`7<X
z`~Z1-CMgwpjL{J$`+ZNpNu(8I3;ff>|L-Fn3Gdf_?38S9oG}XP;vl>`Uu-&aD%G-5
z2e3~(e2){>vot;IF1r-bTD_lacC#ZZDO1VosxgPU->i0HT_6d?N<)qP_#~TMBTi$T
z8(Ux|nqlyXO-xeQSn|+>5eLeq)j=(LKAoW8BF@p!K{p3;S&&AFfvjBUhop6e*rA<?
ze9QGvOs(WNjT|8g5}G=ZT+j0up0azZCx=O|^raw&OAO|Heh!9VbH}zfm)gb=O-~O1
zF!SKz5c=*pi=IXZXn|Qgtlb*b=(z2w;<e+1n9KI)VezXtOB-nIST8SRjr3~8qvKhY
z`^FBA?iZ6lk=IdibiKd}kL6!p6h<-%PYJoAad()T)d?K8_5!opj1kFrpWA)|mc9h@
zF+T4D67iV@zqX%O_?3KqoV2L?e;n8YVwAGqvVUO%oO^<$ptl*7<`KZ(umP))$Bv6S
z4NRTAIhMnzve`a0QG%Bj-xK&iR;B!Biy9Sbl6nm`4#`ib#bAO^>uKvlGyca?$)OK#
z)H))#CgSX7Yb>Ki^UYttO!>A^^ov2J`%g0OsXyxg_J0&JT`e#Cf9!o_Se4t_u7og=
znv|lz1f&E}O1eYol<o%Ulm=-~DQQ6vB&0i}8>G9tyF1Td?Y;KWz4o`y`E&k#*X57t
zRG9A^?|7f_jJrlJ2aMfmlf`42Ypm2fO98Q7@A4EyuGCB=E8D#Ct(cIBWr@yKeh!In
z&uqPSHnvaD#XsZ$n-$s4N9#0nk}pwAXSy?)tQ!#5hAPWSwoLDiOx1dL2;(i5^D9>Z
z*SyLS#J5blKJOFQ3uSfAi0RG<daMvI=%&<YeIMbWl{i1#rl`H#|FA&sb1fLdMdru+
zre8i#H7J_{dME4~_4AQ8{|~hZ9$xf*3%XlZD5>|cAH$Vjy12fO&lv6>^k>W^({6kL
zDy!m4%%^|>jhv>TjZHrX`q=3H)DC4~^DC-X@&)(IpF%|d&_*A-bIdqi>yfzi1S>!V
z3Y`?dq#>=9#)))k!xsu)Xbp*z#H-j=GbMUTSAF_PaFzcdm&Ek$?3K4$i(yZKx#H1&
zpD=Ne53C5mOB$FdVkB?V2uijs4Z7pUFbYu2kZX^kz)ump8Awx@S0wuxK^<O8nR6BB
zgqicII-4X#8!S>e)oqmrqYKi?6NYztBCwog{9N8`6i$#*<o^z6{<5_Gv-*%IL&!6X
zFrV+wDdvFr5(CwKoh}*aewEDqQZZZk`LWEKZK$Oup8#9&zcWxFv0E5<4}BC44D2_C
z!m|Oem^t4~WVhOzq--zq?so!87@u{J)9t)?2^e1<20k{2#=#tS`HR++r=5(<TT5LU
zw~2h*&i0pz8p6glG^?GP$0rMH{lOqKKZ~e7-0z4w39r>dm`cPy>7DuUh}q^I%Xh6b
ziH{`4!FgJ>o+>3#(DGYrhB>ip5?qIx8g*@<^AOEcplVqY#Q6!|kMu%?EG5x03+YtX
z)-i<t+Ol~Hk%lhnO7G1#r-B8eQ2!_P)ZE%Yn&{57Tk%Rq*-VRLnLKb~&?si(?!Nr;
zPoBlFGe&3W8_KD+QuBQC`%1B7)`Las<r4nq#FhLhd?Llx3$5%`TATJ<Ia=jb^|Hje
z0u^=%mUp?LNswY?9Ji05s@)bh7c(2jk|7&ydUn9S;)cnkn2-0$A`mN81|UcV6VpC9
zl*`<QBRGq;HU#D4=%kagdkdxUxxIEugKn6V8{;J(?%TJF0y_lv6Jj6|_n&1_T}o)+
zdCy&MhdlP+zkO#Be7K%_f(_#z?O)jR;1?j@k|9(}!JIo0fZ<WL=d^>A4PWKNb2-U<
zX0@b5#v}|-z{5F(O3!0wcE<I7Vlm$g^sp6xaC0Yak%9{M;$<*JQ`WcEV5iM*l{07i
zD-MJN(Lrt(@kvYY+$=H$$kSqPZ^cIsLaS+cHUix+ua4?pm-C)5sF<?{Y+i)MQOBTr
z1y9WOE!=mOK{jZ?X>&s>`|s_h9F?a&mdkd{1?=Y+s*t5FM)UI*>~Ak)yhpEs2slgK
z%w4%$V+4gV97Z(yvsG*}UZ)2ycE-LY9?wxzI=d>Hab*tw>IOIqTL^a>)*z@b+j4IF
z2@gig3-k;C&7=E;Dtv#qU?Qwhcrz~8K7et$%2|e?SP13A)6yA2w%foEZ-u<5SN)D?
zYAb8+yzbs(8}}Cp=XPnho2XsxpODMS9Q8x6B-S**^ap#e_<y?>B%XsWNmQC(j<1Tr
zV##x+pORMOI>so>6PKTl!6C2mb#?jXJWB!ZPa?oBT)_{|!I7!8TWC}{-^%k_q=O$?
zAl^JJjY;&k;IX!EK6I5Yh0LN3R(e`1kOs#p?6ay(vX6Q{Q4ncL*sl*p3i#e@&U`TA
zbr0`pdzxficH>B{1{rh*+XMg@IL_!?3BMx@e=8tfo_ynr>q57fdwQWuR<X&{ctOv|
zE#j`zYf-xpto-<=-_Zt<y=%#X88_L=cmb)G6z@mT&x|*{{M?ASETJad_{zXtG-SpR
zm8gl+M(A6Lz8G6DQEsib6^Eipr<5E2EvO6$bGRYm8+|YV07w@`%@uz`ivGR}@cc?1
zYNjjQm;CbX-0-B|B+DtH$@V2RYD9F;_0>gAqXRY8a%!|@acQ^-g;BS9a2nQd7rsxz
z_0>6hLt^aT;c<Q_e{5MiU)tk_kumf3#h;AMgHP)B-ZmbCU15rSmj70>`$!zC<=k$?
zc(qFz*S<)rGECTXBscOlji>LM@KxzU+LK;OVHMB+%V^5MdFrDq7_t>x65oFsBBkt)
zVd%iu0lLQwm7+8<JC#PHqtv%s<DYokkW{K1W%;(qi{$_^Ot|8FeYR3uhS89jqyD2m
zz1Q2;-`^o(Z=scQ{b+4U4e4o5Ea+o78z#@zO~Gzq=}fbF=^G|*ekMA>ahSwsE>YkS
zp#i&z2qMn6Z2;jpbYGNu|6!>uOb`kE5pA_Iw<S@jbtBT7;o?BtC(1HnxOC6e%FK&$
z7eN1_$ZdIxTUQ^2Ed70B`P)08pCRONMwnkGQ@LCwbp;n%Fq>kPKw;G-D*6K~egp89
z$+r{c1?%L7{QkSU$|KkygNL{0OO|hlZu5I;eyYh0YJgxq5%jAfFuh?|dWgW#Jlab3
zDn=o%L+T5MXgH-L;YA;YPag28C<}yq6Ch;S2F;K&HEFv!B)v?x`JVWy_0CBN5!y+w
z(oOllp=W=a+j6L$LO3o0{Ty-k0JQr8F(mj;Xcwx3q$(0n`E2EFmuiXrVw-faQ6M`~
z2dzq>h<GG{F{l|tTNRCdKQ8Wndfqhsu_Qt2XvE@;`4ylrqW3#vzgB<Tw9gOb5?C0l
zNfz5JP^++$q6AN4m`c%#NMxqM*3cnG`>T)m)WBflucuY-<x4m*`p)Wb+eL7x5tH|Q
zbCc!|AnRl_88mj0t=rJ3u!|&izx<gMfOHJBA$X4P4-Z=KE^w}3Y4+1kPYwV|%l)c0
z$Ur1<I-4VEdxb>9dBx4{HqGeoz51{3kTZF{P>Q5DV8_|AdqAg&yBIoFX%w>fGfv50
z*86KjJd$hMLtMNP@qU{6B-IiVRo6gM;?NbNjwq2Ic6*=hdwhgoJ;X{v%)YN^J5|X`
z#+~3cJbqm4Rr+>wG<Sc6FnscdtvDbb$n)mINd=LlhZfZRWXwV2(tEcE{q_izd$><X
zUcSf0DvQArX$0j6VU23zAD5@@fyi}*qTjwLo?XeSl&c;Fps)>0_Xl+9<zGEe^LWLo
z9{;Bz>p93rqVRz`1I|j|g6*Fms3Ox2+QY|PpP9=_e+c~9bVGUJU-cFcn}ZK11Fq!v
z+;2^O2dDomIU;Z1yHAa&r{V}UFE@sB2Et!XKL^0*&07ffccoMtJj)@K{~<i>uLr{l
z0b6@N47X}cXKO+fNL=jJ2USc4v#FcqgNc2-#=bT5cYR?J=DE3K65eTOY)qA3>knqM
z`1L;h$Jdjii1;nf?(TS`zQ=>-;j}rutk6!<2bl7#o^sfqWvGr54kxoqvoT^UTG_z^
zzoknmXydOd`vt_KmVBo(DR+*6XmyQ*PSAe%kXL3E<sDwufBfjb-mD9Hb^CL>!5$}9
z@+!r~Nwk_(%Ewz1RIS0Vq3YYkIzo1CTr7%)0-fMRM8(m1sy3aI$$z?ce~$Pq!sDq;
zSx0ZdZ|Cq_tA-X#%m@GkAj#&9{)tDF^Pt4Ym>*{`862l_`Vf>p{IB0Dft%V5*=z+9
z1qI9XKVjj&jKb~EK%c-ZZ=yutZiM|O`0}r>4*r!7iv4vI$A{Hd<6l7auejuIuRZxt
zWd8Tp{_h}w+5NwR@c(lVQc#N@|EFh{PY#RCW--6>;>>8Q$jCwNi`UlgO8s8w6V>9F
z7Zo?|KjT=nk`DuQrIWSw$^Kq0QAqD3rR%1OVc(x-Ann>!{;iye;2~bCR=%p;j8OKt
zVf?6;S-!PN{_pEB2<4pZv$YNSJaY1KfBiR{aP|@0<yKsb<`%BYsqz0q38JCoE1<%g
z;d=Y!&zk?YHs@cz|H<+0!{3V1uSNG?uRY}@K<+0^jngK_zhC!n)$fn;D6=`o^lt_9
zKm9c$2IR=fyB>_%|2A0v@nXJ?HX8l<9Y|zRHbF>(djh9Y_ZQCS?^~4ideP4{#MWOo
znRr~2g>=;8J=KdW`t?Wtd_6BfqM=Sx^ef%Z*N&xJx+$%4-YS<zRDLw9mO8EB;53y;
z$mx9O`075;f%6P?suZQlXUP4u9!E@E7%kAVxp50x+@neeO;6lTm_3F!zat=hy;LUR
zIbnf*2ptBLMfof3`6d*b!?r$Ut_tp>2z`KdD>~8N2V47>EgxaeBD3Vf6rL)zdt-8w
z1DFZ3CAU!e*NMe11%^CyhUD!pEi0NQ(0{h~r+Tb*y-t_<xjj{xs$8H82s0K9MPT)N
z&HOS7>`D3sdW0MO#IMeeD9FjlU!KqHq}<ZuKsWKTi`hg3G(Pr6ov}<EUmS*`01|o5
z$yI+b;&B;h@vUyF556Y}FRR$0$1j98GP8$Aa*nFrXRIzrU^XtVHmcDdQ#=rxf-oAb
zj|CdXWK<f@=^~}db7@5~w4l*C5Tp0#mis{?=8?GnT$Q%Sush<WnujmV^(-<)vV(-s
z59=3^Nhmg=VxB4mkZ@9Hrc1RI>~YMMct1HN_ko2_{5A3P$$K*uOzV+L-LE*_%;bIn
zLO^AU%B@oUP2ZE(SJxNV)qrU8<9~Yi)tgE>AtFg|Cj7*&#!^E9nBomiTZz>sM5_yR
zn$o>6(WbePiB&|ys4|j@t~NgLHTs>ja|-%3ZH)84c+^7@MV}ozKC<n-Wgs(aYRP(d
zXT)#2(Q3fi3Y>An!+jSWNZYHRgbDrGF@i}Q%7*wV<l(at#k@}zQwi^1dw&xS=}(x*
z8p#eCunv@s1zEW=`UHR7RVX=Pu4Xlj2d&Cu3Wd|+!?l48`>G)MDo5+7#;u9cpEO5)
za>hSD$z>@%6OXVaE|c@c;jld~p0r;1GF-5XJ(8nF<#AIj%V^L^ew*v@9`EVTeS;2t
zas8Cs!ov_=J4ov1OgH?hP(XS<ldVi9x2&lG7PmoMT4j-)M&8@tl58dOVHr)9T}^=t
z$swT?-W#(pyS09Cux&PoH6gyb%^6tih?YiWd8$YoE$ELSn)A6N#ntzoqKh)S?efQL
zm1<QC7{?Qb8MhD~q@~Jl$%}cl*A1C<IMkK<?`hO>vp*X@Gq!#zml7}?;&FMzEml(I
zumfY(ajo1wS(c1Tkx3G;IpIE0Hp^+r&5?I0t(--`BqlqZ<a|Te3}by_5zYq>F`F!x
zl_KPQUa~P*P^C|=DfCK6#Ciz@x5P9$US4kiNNpESX57Os&ki=M5d}C}zI-zIcxk?;
z%WXK6iFfrXy=-s54#%loG0WO0y<N@EI#cz?#AdJIWr!X|OPy$YBXl^!)~MRYVHx;N
zP2g6qTY`@8a~*bxf2l*B`c(9Woksm7rVl(FalX&$0YiEm_NxLaith*Uf8EbeAw<xR
zX5Wy243-?%i><PATE`7;hwaJ!^1UmY%~e^Vb9B;Ko0Xqryw|7U(?-EAfN#2Wpr5lr
zDD&5t-1BWj4tGx8OC<7Wh($jqn<zCOO73n~$V!!-;i)hm+yMgH+>ix8eq~IndT8#T
zg1pWzoDRwFk29S_meSstj}^Wo#(}|}zfP0rGjN~@Tk}4di5?J}^_=yJ=SbrXPj>~;
ztcOtpnUfK293~O>?X7lwP!^Un)Qc)=4ovp#>rC_3SXV0FZcqZWDEegDMJZ8la<ss!
zhh&LpDBH=lE9WLF59J&VHDw2g1aTdai_OO5Z21$QhZ%2*3>o!B4xQ}uay>rwzAkAU
z@S?YX%z;>jgX3~~>u|(*N$s5k?)KNqPFLJbCs@Nfk<s?2;*LVP@m|kl=h=8b9U6fN
z;5#ttw~@FE?&0UbEQZ8_jPP886OEDQ_YQiv(<fMgmUU?f!Z1D%<Na2NRx8cMcZzP8
z_Qmj5enIZEO*vh8ptF%+_@%6XOl&@q=UyQitAUoMWj>mZ5#XpINJ9QXk331p?<5)3
zy&JhJfYv~mDjNQ(p`k&)YrJ-GMQi!z$?NntaLXq%9=3<>$D1n74Yp(Zc(>l?4L8*L
zmzmMKx}LoUnb^|qaz7|~hhutpMlPag&jb_J`UF4l#<2(+dqN(g`y_bLaA6(yBrqwR
zqyy|`-wWFx5V@;tCt%mISk%*cuUn(sN~hW~d_Q9Ca`juq=7wcWp8-)LrwH&&EIJG=
z14&GB54-y$Th=p(nwHyD5YGy+_)SC$CfC=}T5Lx;?&H&i{fQDQTgZZ6jc)&tx%JjX
zAP$vXcTjWf)$?bn#i5Drm$JK2wXEKC2ua8=p0<H+f<H2>EM9;<s~qbcRriIUzbf(K
zo@YH1(vL>JDo!DP@r$KsE&1-ERL0YsGP_k4*AvoqKK#}SZd}49VxQKg)4sADRQJ{%
zFjGvEkXM>xd<rbq5<61FqjPy$;~`7vDrwoTdl}CB-)>KOF8{WzqL#Shg;`Zby6jk_
z4R!8iea}6;4ej^~;3dJs`7WRFsaR<qgG;h=CDzD!m9=e-!uG76LgTs;n`#q@6lq>Y
zL?i$#!7oiRdrcq)h~6idXmjKAKLX48us(Ig@r!s-VF}>YcOd!I`1m^vZdfEy15R*I
zmNdH1sK>&WPw)!diH$9jp-eT{s~Dl?vkw`&cDGhBGljXek8|i(K<SM7DS2n6R_pzJ
zY8rrfhi*;it;bYMM}fh`k$&69&dO-ion7tR`~2F!E{@cUzz3!b)_XiZ>w{PCm&j-1
z>VQqv;K#i+V;-z9tYNs@7@5|u(yxLeSZ7=XIe7L1CT+yEVRqFQhqn?@(e8Nmqw*!w
z%O*!SOHs%Gez-Op#zH8oAdL89NGecP%l9p)7U-H(C66xLY5YYMCBhG1gP5p|<^0b7
zcB4%?m+{L;W<UmW)JFOaflA1rupM&`1cm4H8hy7q-t-7|wqGB%HB-uvQ!vbwF`!?}
zcib#!)xSL5V-%-=`bT#HbM7ZInw=mjCen%Zit#FiY6eU}3}9uGbS~4;z26XC09G86
zB$PAyk3h31wSvYt0YN><6>|<QJKcJFob4b@;KH5VTCxMaZ_$v@na$GCIZ!p^FnT<N
z{;|)trn+N2z8$G&3Fl-z8^~rn%g4_Xzmm9PFtcS}EjE;?YR7_i8I(9tW<H{@Q(YFu
z-n4@)@FKgHneNpE9MCijpEYk9{07U2sK6%(RNM{kMc_Ex6dg12G5Y06CnpW1^MDhs
z)Z@KTUkO?TL_WoIXVeh^%RR~$Q-11rK)z{x{o@pbd9Oju+sc^c7eZ1sCRj8ZBT0X<
zqmlM)zCE`)e5)8O5<z8Id=gS^aemlm9>eJKt#U0bt}{*3FC_@eyE}pV>8+^N?N%>|
zk?PZHWnEH!%xyl7FGad`%A=s}RK$Zqj_1i;d9s=|H|4OuSPS<hP21Be*!jAp2SoU+
zp4SMlay*hJc$Lp%*Y>a*`v^?b456<A+k)kizcw2Uh?_8;SF8LMqY>?W3oTd&9;w^h
zzj>m{Eg-bY<$V6QUaV3Xa;b=#R0OPM0V79|bXuC%CoOR_C(RRuuPNwf4o_xa6Vz&@
z+0V6hH}Zn7JTCYAr@>Md|BZ`*1+-<Uas1a`ogJo91*y9dd3*ZoR4MT5f$8Mqx5=6?
zY`3z+#9Pb=g(~0m%qEszrwR>dDX7x~zM;!#^0ZAE(2|pXd4wE49b}m3wq|)rtM=SE
zJC3)9eK>}ND~P@AnIC;*%hR^Om#3m1vr;1+e$%CqoI>#HZ*2nbN$F~3>0W8!u3PlR
z7I!)S1=WENeBrOoB__8lIsll$>eQBj6kx%%5Qz5M5%C&w_7H-Gn%-CgcUwBWkn!bn
zic%5>s6gx7vttt)k7kxgwH1J<4r;#K-nFpa4)sT9&kVK52aI0^y#)IrW~A{Hxf$zF
z7%znM%k2(h<xcw-&JbMriMQf`H4{BOV87y72dP6{PAB%TlW&QO1mtZbkDK#t!@X3G
zO#I1Ar6}VDYlmhaO)?TJ-5ckS+H$Kt0hJPy)M>36fxE(-hK)0)PCeX5N6Pza>4~ca
zxi(Afg+Oo4?zEmlQX7-bkZ#<U?BxvbcINcHj;YFThm7*RT`9lr{Sc|(o}GSwfbQM=
ztyLy@R8Pc86!fDc@DMF)QHl${AA)x%zU#mw{+K_rVSJAQkEQsPnWUGWZ$qbLA3uJa
zdNI&vN#yJAFaAhvm0`f|g3X1<M|vV(r@AwNTU@DCZOyXwAQ+bhm&l@R>cQgp+2VjK
z2g5l?;n9{#YDz|498%IMve}EVO_Ril8Ti5NA7U}+_m$5RzQ1V2mhtW83Zw0^1ozK#
zpd|oV_cPcoHwki<TIfXQ34rC2Lc(+x|IA`~e`>I#6n^`n<U(5`UX@{mLHvRzH@xm<
zj1!eD>pfjCu^5Ms{hJhVj#NQJ`9}!KVvpcHT!&-Be}aeaCnXhuK>CTq8$b0^7ubnk
zt*~}*ZG+yhbozMb)M;m$)xmIkawn+yY|0h`r9Ai!mn~R=zw-`j3J0C5uvm`KmRU?k
z+#IcDu+|S?vfDc!ZBhg07almeC*yTl?&kOsbr1pbr(4}q+y&Lw6{>^>IP#-yAT~$@
z&}E0$yRK$a%Ux;-$327r+%M&&3PD(c7!bFb-?&d#y(v0Abvl`H$nkIbb$1K=!z9Tl
z+;upDKMHF1^g^`j*a*R7Y7@Mp+k=(o{fXiAebIPw(Zz>s!eRh*G)G}OrwXMmdR}00
zQ_r*mD*8D>5`m6Gf0`r#wX(B|%SK?+>D~geOH~Y?+vQ^5vELq9)#<=f8<oj&ca6zN
ze7!{5)<jBDnwGO4Z?`_DSchIt+Fc&5y^d^LNO<PpM_s1ncQm?n(lbL2)qtQ8F^X_F
zY{Am}KdfAom?}k{hRbFDC?iCFOy48Dh+dhI5Ox};O?NuZYrA`S_Eq=po0%l<7eIwk
z_Vjf{#Noz_7SGioldz!n!(Si*K3uZdb`J#qSfd_K1mwj`vG)(<1c|N6TB#}?;lDE)
z%2W{ax#L!s%+vve(_gS6gMPaR)84rl`g-Cu6@`AgtdY<_t!!;k_jE|eWo4deRyls+
z5%l}Yg8J4iK&IOVW{1}IlU&rH^jkixvZ%m{044ODDGFbxXk>dUC&SkSgo8_;P>ehx
zVZ)nF(PYg~ua&+K1ms)ww?XG>qWx;ec*zEvNjKv!tv?*Ll^BUcGYkiH3c?~KY&aHh
zKFk88PA=lp@hJ+m;!|_&WG|Rqra=+92k*w?DBNx&g}+*0!F3?xuIxb8d!+I&r2P-b
zK_HF~9Zz6?KULgjbCf|eg00|?n7;1*JY(@m*Y#iP_B+Jn`=0bTF7MDA;CVc<^veyo
z>DfpRV_3e2%=C@T_USb}vVvsp8jQ~q`V4YD;YdV=xtwCZ>&3w>K>n6Gic_=l(dDm|
z4-R`*@{VQzWC7`^Mn&;X(B;ct))78<eiCS!t~9izITH>_50B|X5OYSv#}p?blte`$
zHwg<vsmt>Jx48d*LvUsVNhtY+G~uC+y9@~&a72L_526GxKamN)XpFg)*@+}PA{5kB
zDE0t7wAJULAXLa<&LT`d5B6Y_MZKcjb|pAlqv#dYL(DEX5Fj*Oib+nxV|`gZS>wj}
z!h!l0tpN0n?>f&Y`!AE}cko>Z8NRQjXr<m8SrvEh_&92%Cvn543dH~Qq0o~Z1hT-m
z;hav(#a7P%H=}>B+{L0VV*L4u>|;?7YndYTWn9Vi4Ly)%B<Xj?$O4Ye$P@?gX4_NY
zLs?4Vz{KQbe@zFrb`Rx2IA~o{&zxJfto2P>wch?t47~+`sv+8uAUD_$19P$<;9-fM
z;V!o&2!c-Y`Q3Z>2T%Bn(X^L8J_PAy-|R*Jgb<}#V(Q;wVV6iWUKTDE$rG`|`4$(F
zjQ(g4z*d#*53~kROWZK<d$m51OFeG%!*nRe43GrIgJ`g^6z#-kNL4@EH~APzIBY=r
z=Ya4nQiVR(aAwc<NIXALNNV$-=Ys!j8bjXQx!(HVfl%3=>^o|^HO~Cy0NFB&O7xS^
z2X5$N67|LIFB1y1jX8<$5Q&vgxY_vVD^suo0B-VHw>3CN1+a8-RJbo6&P#x!WK@a*
z2v~E;6-8f7O-?ohp*s+kK=>9j=-1*&J`(UiT|)h-UY(HboAkOQ+2lk0jXGnVFSwt*
z#3q+`a(1v3?YKAp6J&@kf-O7aVtNukHi;ExR~)C({z?zsS)@^d2U1UgXgHN<qhF96
zp#xWKa-7?NJ@Qp2wR%dx{tFILjY_*H7`KZU5Z`<wxCf*A=NJf~!V@cIJT?WIT;?pL
zmme0E_<zN3g)HHr&byY{N-D)r7cOpY=DhLsoYNH1@bx2r6+s%vUg8}{?^>t!>KPnO
zyX=V0HTc?NQ8tETg-Tx>Zw<icEUS;A<j4m^<JqhSQ_P4=nR3JV@==t1VLsMONcHJE
z;~PB0;y=b<{Y&~3<r1ISWIwZ9$*GpTAuF#5A{~6_llXP?>f)rNth<gFS=5~hJp{)7
zI0VKMAx7-}eTRZd;oD}~t*#ZE0#ICzCi~+}cni=lnY`zgJ^px5_Ya6RnG=q+%ps*l
zxN$Yuv-Nk0VEtpLg)XKLWHA^8wQ-Tg2bt_pJ2B>K$qcVe!L80%hIlS^_Aa8Jdz5ep
zOcY>3N0tZnSLgQ6@ROdSS<aIU4uH_v!y2%1-A@ZIKK8<F(PvZ2QN`mGY@VG1s&H7B
zEzoBb+HWXkDD_Ys;s|I~A9Qo>A5U0rxRG%U0>3mfnd227F5`p@oF?XORJqeZ8b*-s
z763X2%o)Z|^O8Mou9T+TPBgSuFjtT#z()V;!AEVP1e}<dRwr(k<Lu|H$`T$G19xiZ
z@5iqIBy)}49-?5x>=;D41HqqlB}@4-1ZBjyc;%u_rI<83-~7QDn;=2@JHj5;)xu~t
zQV51wt@VQ6Ht`&?wWO}r_O_)Erejvpv>*la>!hP{Y)u{R2x}9&8S>MQPYYueRvGmC
zXAwe(i_jaOojy*Dmah%R5e-3(o<L7}qB{*y&Goo+I3c_3IrRW3*~!j>_!(Ra>O=b&
z#?+o7jFF`zL1g<l9I9Z`o-&|(3mCKDXml%b*wMT?7%lkbwE@vV-XruT;&PPf<q`dq
zqH5P{Z_do+eVlR3YB?2=tx|Z8OE25c1*OLiK)34`MIvFz!(BDQz#y6BGg*Cp-Vyn<
z4CDomjJ%y30QW0$p*2`ENx+x<!;~#{r1h2)5yztKPG)}aD#A%^^&HQ1-ss$T%avM%
z#6vYaM~nt+N(t?!3-|u44!_sRTaf-8rl%E-%PstP>f=ixouEzyn*oSg0=<2456C&*
zP$!I$X<9r7Ti7Fgr?EnVl6SW2gVfKkl?6ZLXjCeO79oY7#(clo$g3@$^=3Tu6z%xT
zY<iA$hj42~!2nDi#GGDS=j;U}0uVzaOycTEQNApXGY^VyO}A|!Fez4}hYx@EPT2)(
zZ~qiuopPDQm+l9;0!=#o1k?Ob28mpfUG6l>C>(MTl0=W|9~K`>Q7#H8WBs3a9pr=7
z_?Z>oD4X@XPxpvEQQ0?p2&J)qpbH@~Wh-XJ&vl?;8qZv~6nMw5GSSf?9x?>sVN;ao
z*Q<?z&J-DiVAvW734VNVHID#?r0468OW6=Kg4>h_I<_}({T~s+55HsTK%Bg_*(?Ig
zRuLBXdGYgfQ1hN%vW&2vx*hfji|LEJ;Y<jqfiGwYU_I7jUV1giZ_J7>P|1&YFSytH
zcw;25QDEGCNQw^O9Nx(1k@qNkABHX|nkH8{CTq499RPI(4cc10Z{3E2whb$=UV_1q
zc=jTLvHsNamC$<cBb%*?qjQ!1bO$<>)P^{c6hbbKd_q=>DoLNQB9}7PlPiZ(^Y5=;
z{_xgCD`%M<8eQ<1GFWH{I=>Xm_n~*x(%3jgDlpwo5#1L;Nn1rm!lWW|-BPlCS?m7H
zi$W2;3#f8a$}2_~V0!o)Hx&*8ykKiW6-}r0savCB98u>rW{>ytFPs~M+&J!6L%0)B
zx7$HN*=ebT7U}#*Yv2EwMym7Yivg<%aW>8}KQ~rARshK;I1wxHe9Kni{Q|lZ1Wxe-
zF>j50wz8}Xr}kqa7|pI1pPEDs2r!!1I7M$H=cSzAJ7z~~z#J!aVyluRkun=E7L`=r
z4#iZ!Pupd5*-7n%AtMqm>>-AAnLzRBlRg9*LGYmRv&?q{*#Z1=v_3=u^diojT=3dZ
ziMmI`63ROuE(G<_XmCYK{*D~YCQdh;4HCbVXRodgdVCqP>2S>Y^>c>%5bjk}7$<&W
zY&mOCzGb``A*v6dIx$opSR^vC-rdcmcEp}j27So)mo#L@U$Lu#XLY>Qg+qvWhewEV
znaPg%zWSs;<e~(NTKYx(C<!Hg<03cq=z=5ZlR7<kS9)2@K4e{jCUM77(g@Nf3P<6)
z&5b`dpH@X*2eJ&?IG*536GOQ3XO|Dy&w4~X`E(5KPDA%T^4s~;`ET462&r@tJ9E2+
zuRp@{OnJQ`rK(=fZZ=q6;ClI!O75&tj0LXkP*3A{>%!YLdA;P#l<E<)mJ^=gK%B>g
zdDMO9^CRM~J<JLIx4lNaH`32dcH6_FJ`I$o?1d|#a0tljt}3<)?1*V0yw^f5?VUGQ
z4j`xZ;eI#<7IM;~iMdE)%MU|W1JxHdDW5B-tcfrPSme{B6VoP^+9SoCikoF8Dzge)
zQ+7IL6o5$kQF8UB6=uTg9vKMtty=opq!XGpyLTuz6|UIGJXU5&{Os@}j7jnR{bz<#
zw6``ceqM|S5OgdG^tNv13z)z4EWfjVSc&CqvhhL!%=M?u542WAEg>(|O3lJR%*ZP1
zWLMGyTIF8KL+yQ>@Uob9O=>$a<gJ!I8;pLeounKj4(RK8$*chUcAh7mho{_SIK!|e
zrA5~yrnDoda_!v7f8>pViZs_TJ!=o|jf{!5a_bFqCW3LzBGFNkO>1+qHRLz#eZ|~u
zLFDXo_u?=gFIJ8BboBrECjNm>IU|f#xfRIkjS(2`t^iLYT7rmT7?Q#6WZm`bGd-@%
zkB+`uP$W`pzFtqZcfFqA-|PYK37tm2K)?*(f#PaI(LuZ}3_s>;%}^c22o2(6oJSoW
zk#!nBCTS58oHv$RyS<`hA{`G+Y@MF{iQw7lc&c1xX&l>k&Lpw{ZT>`cg2He7C|C8U
z%vHYR{T9<+$%A`{tno8QFqrBpzgqx-maD8Z>r`&3|KRcskJf(H#T}Ri+sbar1s@8C
z_9Gq`;jF5p_XCc_)eFdpIQo(X#GC378jKN|ABqa`GsXR3P53bPMw<6RLaVae;SsAv
za@N-PQaCcY0Gkl`=+VZA8R^5WV_y@kd=~TCe%k!tmBmV$h`0h^wQ9Gbczl(^wdRLT
zoO@TX2wj{@(B*iO6bzt3f~%G?tMz}OrDvHv=}$Hp77;d*7HE2K1E3HJKT)dyZcwYD
z@Yc<(eIVXCTo4?;cq~P4VPv#vtljB%GH}uu5MC&hUNnStNasl$vuTtjs}|I!q5WgN
z9&rWw5<S@+pJm67F`j`sE{#p}Rg%zcG#J$`T3rkY4?ZR=f}Jq{cQ>N&K~LuygZW1`
zpBY2iV|FY0F*C{<NzRS_i3zov;s*}d_W2fFf!-T;yh0Tgy{K^ZbCo+bFWv<hcP)7T
zba8~%<3O(X?=T5OzCjJaqGvJ;#?eLKQ558*cZ{4pZx-V1Mz12vCPm3Hf4tA(L*Te!
z#<5|W7}XKM_pw)xZk_M6fDU!Nz@Rgt?><j&F^DlP1{%$mH)dnWKd7Tn^8`yD_B=02
zYTIySUuM^7_pb0U4uBe;R%uO^t)QMa*t=*t_1BG;T!_)-Xes4s48cr{XTEy++lSwO
zxRu8wPwy3)VYc04s+6~uJW*!ZQLg1K3$sI&#H;qnhcsSc===;wtLWV}{dSKE8F)U5
z<iE?v=Bd?^WH*v<{5LxRAr6GK02y9L8<E&2)h2Ql0dY5%Z}l038*+9R3od*MG=OE(
zeu1iv+<b!tQt>N5T`E1P2TwfB@0d01W5qO03sKXjgDO)k5hcQpM4VF{;(JojA`(Lk
zc75*XElzsM=rCLP`QuT(3)6;?_RKonI_0(syeqUf+Cni=!l&30Bw`ug<V83gET3iE
z+iQy1BQGRI=JJk@ePcvNK32xCGF3xZI~TUFww7@hPn{}8#J|m$ch1toP1$4Nk*)sn
zInzWZ8_6oU=%*&!jnut&?cr1*$H880zP+lD*Q@I;9V5YlYyK!BeiTiFWaqPG)Q!1U
z2m2`N`Gtl*Gr6U#sy|;4J&wg{pZ%eSHo}DlGq9|^Y9Uyy_r9o@bT(i2B5{ws4#P<Y
zu1t4TK_5Rp2tmsJB_CU{YN5Vm?T?;>vzi`~?z#_s)4DB=WHh>Qd+kiEBY<{f&uXYW
z0+~ThQFwg`MoaBc1@;GWPFq~=mm<7$IU}VxUaFq>sD`NbJELjVoh*s3vF6Er6d=)t
zwZq51A>_Z8RBR{;xM91b^Y{!6*ZO=AMtI+=(y!OAL}(#UMJAk(7!V)Dil&p_NdU68
zv;9QnB}N;`Ajt?ms1msior~m@v`nfEI4TqV%M~61A!F$}W{#g{3@e{TLAyc&h`1y*
z$%L;O22hg5cU4NwVvkon@x4(rAmqEJ1(>h>4*Y)_<Fun+2|T&i*4aegormJ>#{!~8
zti}f&DM*C~5hG?}Q0V-v)LLv?B_fbZdDU&prM9YLp`~3W%WU;+&hf(>%Kp&XExG3|
z!trWrq(J7?wfYqSj2miq?z$Ts6KY{d4B7JA3NDT1s8<=5V-HS~ilgC0fA|=fa-zv;
z1`|A@D6*ts`I7Cg@BVNCxn~8h^FAAW*gJMHTX|``eo^N09a#r4!5Yk`0jKQE4MUj;
z9fzGsg{0}sQOn`lJwmm-eI5{Kpy8h^l%z0P%A)$i#`lHkb&Ctiv`&8ZSfNRhYu@=(
zvVpkT6IL#S>?kH-DSjfymAayyFyQWadAmF8`s_xnRboztLnXD}{7~n?gUh)I+csI=
z-*dnJrGWr1JXa-1)SF@NTJ?+ec2RNyS3uB`NfHuHY7Cb@E6Q=8sH4O?0_k9&K3G?$
zPnS*{*5o~YfJFIpBwOWMnF`fVA2Q`6R=;s-JE!MQQHfO;kE`-ZdflS4u?io!iFsI#
z>J+DZ<#mfpRZg?idWa~CJd93`oi$z9IL(j|B#^lr)`}$V3Z=x<q|(O3gdD<!AvLH1
z=CwE-TIC0wM{|qml}fV|7LUg{^rbf%Wjz<-6o#P<9~*n4SPxEor`*P>xJOz@@(Mf!
zU8+Mf_Qn1WdU7=?i$#1<oLw-<JP6cSfIQ}<ivWm&Rz+pU_pXMb<P`xQ{hK7Ts=5dB
z1dfV;_+#QbWpNbZr{}a^kC;ZVDG|Ew9g5(>+-6-v5x~2<%y6{XOftoWuT|~`OlK5R
zmG<F4)^4mrCcaF2{@H)_bk#nF%Pwfw0tgvC1%^|a^dxevJ6RuZK0Gtn#J`ewqLLW_
zgKN@JCpI0<4Ko`n$}keP*^<PMnPax-mp?zb;ODU4{ND0fNiJ0?mAlO<$YFK2q(-Ut
zWR>CD()5*!T#dTZp5jSIb}SR1?`u@$Uqb#!{b|D@OG#^ADN>sv01-Pj<t_nHqgv*8
z+xy*Hoaf5Bguw0|?;fQ~G_UycQ>q<)rD(Y8$?H6Kw^;5A*0mEst+mP2tZq!7^RXdj
z)VV%<pL_<r7LfzPt`vX`G4e0*GoGbe?V!si2ugltk)=b%eIfZvQp>Ni=#SU=P>4eT
zvYzK1xFo9LCK!2*f1RGBVo0GFO#wUFMhwKi{0;-M7nHJh4o-KvL73ae!Mp5kgA0Fe
z!6Pm<dQwc!JH&^cfw~tmV#6$?8kpI=ddCZ5^~heRJhM2g7V29|^5Ar;3B;T+swh9w
z1{r>RZ)1eU9dPXJs{O84DE#$ud2jb(v*!rj{*2jZKL3dSsNvBz!$mK_Gc7hcNFVYX
zIx$52<%j!`z-6swa;DK-;^{W`xeggg7IS%~CVPTJlV6^J*fEOV>|R@C>!Ep68`Iqo
zhT=x#B`Bsftu|64b6}_$@L}LdbT1&3mLFSLXtxm{CUpep<BJ==4|Ps|e$Gfb4&Ppj
zP=K7k-8Q#CQ-JJ$2QwBh^KW)wpv}rrJzAI3@Fn$`8-H|k(8K818`587gsE17$(v29
z5vi=-{eb0#>9m0RwNu0kSr{KwXV<KN6-VHiU)9eG-%$Uu$b2S66p>pUmLy44j4KN?
zzcnb4q}t_Z@P}QfG_sdOY@vaD0P~B}WKC{+OwGQ>Xg>Hp$==bJLewq?yT(s$VZYlJ
zSMp2&zu6PPW3ctTmu1bBlsk-B?z7vNyk%>_B{-+_yxE?`%@6yt^9eWrT6Ke?ZSH^<
zS(689Q@1l=SrcYibEZluajJm2@0c*J`~mOjs{&!1#RvZ*K5$9_6?7`8+E?2=$CfD9
zOP*Ooskg*;*CP@L!6K6hu6V+FB#Xo(zz24YM>}=yI)xWNeOAFixy8V5VF}^)<AA>L
zGKG3cbYn2hJ)EqGFJS_Cav!~P)1Eo1#UiJMgbw;5<5IQ+IqJ?lu<5U3YW8U@vJh4a
zupJJx-FSO5Jm=|ST373KK7ujLwyW;-0Ih{k-a8#VH!yVBv_Mm7*TSn63sD%Nq$v1=
zbr*rmrBT_++{+W?nUNM1Imjs_+~auikjWsdDbKec^w4Phk>!_nO|aLz0F``>xng+U
za&)JFk^l1alLR-_WhDldGZaP*oxIcwIzZfE3BPIGB%>GqxUfFt5t$x*bM?*gV<T_<
z!wHM&Lq!4eM;;-KAMc)Zktm-#+`L0MUf6`yyZLO4`iQ=8LpBUt;TPFSs@wFpPbP*F
zz5&rR!xY0?ypGFrnoY<aT2|7W*cRW26;6~FdH&1-fc-1v<5!r5&k-6xq{zvfjDbi<
zMh|ulyLXCm)mnYF6hnvyQG@FTNWo55Do%Hvg&f3E`3EeDq*zrfkXXFXm9zpb?e<;P
z&8{6146@N71l^B6t#9y=28V0;DMUi+Y9*yQ7@UZD?H95U9Eb6D9vK~7PWXvhNEF6x
z+zWr-!bt_}B<`P^l^z4%HEoKX^`Mb*WW63${{4sw&#i&M#-rJQ$}x*5HY2#9Mtc}x
z67oeI+broqCrRfiRrgn-7JM1vG>;oZvZAR)I;L8pXM)%)p#mXf$^T_VV?}I`*sOmZ
zG^;0s6rnOggu?#BRzA42Z_MlIA-*Bhv2Ca~pj<q>6_UUKH4P;|v5eNU;ikvg#5!q%
z=VkP<M$LRzw6^)JZs#5IuPn;HgsuO4LGlR)QbcbN7LVgE4L>JvC#g;<fh*&Hk96}s
z7h!1Y6QI?aV}u!Tz7!$zVe~qCP|>O4VsRTd;h9ef@>f(&Oxv@?vnOtS5@P>@Phw7z
zL<0E!F0_AmU<a5XLYJSGC)G5ZD`O#rJ(gB}y>k8U*Yu|p_4a)}a!S&_OKAW84&YjF
zT^{fJSZMoi-}axsIf1(h>A!vGKmHpDBhFVNX?-3SLeBrOD*W?8_=>53q<CBl9`WCJ
zpuhhW8jI2t-08hC`uFQh=JDio*lxR3ECQjM&E+Wr;BAJHx0aVF!IB&S!Z*ZA0G<OV
z99d$d5c)yLr0b!8A#pibmNZWUf>J`;5OU8^jU2`MXLtLX!rRBN-wS){e|pTHEdx$|
zri62WcfB6NnX~){pl}0ea!l>44Wj*v74!TqR@cYtDG_TQXn)ZI2&Sc5O7-CK%=VTe
zA_p5(Sv<Uu54UJnLuB1|Suz9Q`;)7Fg`Oc(;{_~G!jn_4*BLZw-8C>=oPPQR5$FT_
zuD|Lf>e=zcPJ?~bq|+jKuilaU!@{3xkMJaDhHNOKlGo<N$H{qiS~Y7<)Zc13({_Z+
zM5|ovh>a9lFy_B^S>%!l=8(ghJ)o2O@*E@TkI()Bgwa;KcM1Ph96)8D_X@V3N$adA
ze&D<tryCOa=#K+}N$eoE=WkTlZ#^C>G>XO`s)-uRc+EN0S9^2)6l4TNh2LC~dHY|I
zgE6&MO(YP#gBYyoK@+s16;+in-;NnMNg-IsCRMLqejst4UHx2BDY3n?XF$y2q+Dvl
zmJ9{a|4yPueNqd{KO~R1E{^E`nwmo5w}vTL)j#;@q*1-pmOr>|D{eRmyHew63DsgV
zY8VXNyV!fI$Rqq#eY{Bhn)(zmQ2h`j{ip9o9Q5Z@#TC<qaf#e%*)FH>W_9jZU*3`1
zMZsoQ#0UVN42L!U_RqU1v$+?7_LpQV`2`%=sxoGOgi7?W0H*uv%>ucFKeXxP33Wz^
z!;ye*LsnU3AoH9p(%;in*=-eg-9&+MN-Cqj`S6V@n@XrJYyb-}am{6?E#Wv;5(tx_
zx?ukJ;*)aTZkRlc#YviUdkXYglb><H*#3Mz_!cR(g@`s}V;DEEH-<5rV3)6^VT+qi
z$D6ScbXwEn=zrW5a9XqI9d??~4=b(2$ajm76Af=Jv>YNQTDc``P65TK_SVT+3?#ph
z8)V9pK621Exm@idWB0g@zjeR?l4E73cdv}`ty$tF>$T#&1$1sjjp(N*i9d^_1*2?t
zI(VOpe<ruq*IwG~nX?7_>e)&Y3U&Im<ou?q55qeB%oLEpEDq<W0X7yR{USJE#6aKm
zn%%cEh?Ei<n^;83<M<XlworX|()%u6Rl+QPZ4f;ne02fr!%2U9y<=kMW95v0fHmsE
zvp{Drmu5$;Qf+Adj@=o4{He{U{B`~(v#|=v+r$_dd;bXr9WJ-=7eC|Z5?xQ{{4q8p
zzA(P@Lnp{AJNl<M!2c*&ckWiSF1qll(5mn8Pe6Gz3L-YrMDj)$cEyQLlxneO;|%+<
z5?6;tAV{~xc8?J*ug2Q$=3cHliF48M3=2L@;HfEoo}m6{QF`6zd)r*N)2ir?VKV;|
z5okxxTcf*7h7!?n)2#N9<$LpDVUJ&?f-|}6v0KK=EU7j|at7R<-I)67cN4l*2Z2mS
zD!o@BQNXo+@qu^(kes9&!<L}{2sl-vqh%HHS(yQQMuW?8>(WN4&$Jm4AV8-uYw`_)
zZc~1wEyX58Xn4hJ6l*>Kl#6UcT~!aO|AcEbe5eEUF2y<M5$Szr`fKoXZq)P|S(z`r
z$76KbCkMx9)Qras)DSzq)z$s+W`J&KmXt0-_FI~IrL)2-G~(wm<w0g3iSnLGwhw`l
zsuv<kicsLEPt2w)N^c30Yi^5U&^=1~Cx>>b)(Tw98lSq1h<^^O<Q*b!JZWTc=?J9_
z-bQsp8gfr$m0s@tLI$v(f#msU$vBa~lMfw%3)dfTgO6_ye*_@yxl?fs2C&+$epgMQ
zy>&DqdaVOJjXH;WzyqMY`&4edP*FS+YIh$i!DIJvJ(FeM{7b+c8b0JPiy6#Sc)dQD
zOL4L@gV{gl+j2lIf)MaEQV<*%=Gy&A=92I}ijWgn!ICejm*IZpXm862-y%sqIA80w
z%61@qr~wA*`<vIx89z@KspZ;o;#dt@kGI^<_xATc`C}4`0k13t2-w>nR<q3bc`WE$
zh-=v<%;H_v2$TTo9A-W^1l)!nYZGLjPpOb_s=4ha$#=w#N}D?#qRq@Nyjd{%MpMT!
zSipMd%j2y_>?$LAtz0hh)_MDr^#axE#+%Rkl&J54tXe_o2At$~XphfiI2gPB!(k`k
zINm!w;VJqFZBs!2`LR&S$_zO8o$f>QCH2KIaVU%VL^}!|%&KdBh@azb(jFH||DDIi
zOTDw$ScyegxV-)^;bjx}n(lojSh7C2^Y^v!lFUlo=>=G1MrynGpZA2bhO}QX(YI~&
z&gNs=fLNAP-}m5Ntg}vuM^o!<piVz<k;i8m1>(x3>8Z+3Y}UH$HmCW|C%}P-<<v>v
zMf#GldEH$#{NiaYBK;daMAON;CwhH)HbG!{E9%eO)v%Voj*}>K8lbdxX_fRnq)DDo
zseP_qP6B||e$rZSPQx=0*c6`p@&k2GY&JYy0N}AVs-DFb>Gvg|4wtquJ17V3fT~qd
zJ;qBphzVmOIT?(*xV7azi(}nz6=t_t9_+&EK72RszP~6M_|0Z#(S3)T_e`eFWGA88
z%Ss<ets)nHhEI%JOjIZ^X5{O>8Ayw)d_R!njhq^KPstDE(#_?>gr|*3k5~!>U6>XE
z7r_+LS*To!)qo})g;*4t;&-OT`MO9dx#F}Qb_N6G$98IbejLYhlkd|$(9O^uY#iap
zXbo=xDTmx-yGVl%iaieqrOIBYYVf9d)33ko`e0}Uc`0F?Lofk0`j)~hnR~QhHn6~Q
zM)QZ&wO38Tz5BFJfQE8-V%H!y6<E<bay1gXCSMZ+qs;X6;!m8hYSZYN8mnnB8ajL<
zr+1x4anCh4>Pv2R>k;a&_PaTEAh~phA?oVBsCf5nHDW#a=$q}Ww$7QUm2#^ryv-jB
zl>~2K_~}U}Z|4E5VJsL<Z!&BA%j*-o<8V3;o(Y!X`XhH44O8Hn#XE_hP6eS2r5i1T
zoK@Z0%dE;VEV~#@_JOu~B_7vj!d6vKM_J-{;_nO3<iCfOsD_S^^&j-0!Bz-KX{kOE
z)Ais<XPr3&ot|+0xS6e~;mIK-4k2WJOs7x_iF||B!>qote1=#+l+;-@glzzF(3ljC
z`fIJV^<)xQho!oX-u1o@+hhM=RO+-n&vBP`GJGfc3F$*d{d`!a&#>+Ah}5Y!&}nr-
zfSHwPa1!g!#qwY6%R46c>FMcGQ8S|>_{y#+?$ob6v!jU~&--w~V_dI`Ei_`;tdkEn
z$2ur=NoHEX0%$*iAfF3U7Nrm{^VotL1Z1cEnATH86FB4}WXwk?9i6uc0x6nT=jT)c
zwe?J^Ad$e?t2%f*ovdI5xRf?r$?+l|AXA<*$YKz%+eApOQcw)yoAxEAy3Q1QyGH3t
zk=z(|<_`P(0_3$N!gfGga`&-3@NyrP=7`1ABa^NnVLnW5?6cn*e~HRR{W`T@XI-Z6
zGv?j7Hjp@z=cL26>!(^_7i;K?asu=lVwla{jg5lzvcYa{$73sn+VycPt1d_D%+Byc
zSAtfIdW;u9LtC2=FjHY(xyAL>LS}2-d*u^L;LI8{{9CJvNAUVry2FQZY9;HIZah!j
zW%`Ek1n$1w8J1McKJ93E;Dymm;ApowDC?4t1m}1g(BPu4?R7q3SvxcV9Y#+kF<Z@_
z+y6<$;}!fPYJK=h{{Hhz!9-SYio#rt$;2xcTWu}2bkG1sK4daF?;skXL&Ss-w+-m$
zcFY*|gas4TMk51zNKhg@{|65I9^gq@q_Y1q_t`14DQ>#jIm6n6Drc~y;_a5|Lyki#
z`GKTKXt#OYJ5Mhcg!vwjqe6BY6JYCFPSp~8^>U<DX-AX$h}$F>?u4qmzOx{1WAqXr
zeWiIUkf-eW0X_J=7L(;#`q}&Pf{863-<6u3*}TThHV|^Yjzy@us$8`<ZY?yJ37G26
z#frzV-BC@Xf?zq!H(9HsZrkG9XeYzED_3%-;6q-hlikWQ!Q=ZbA7J~`TN7@n9bHaM
z%pCH*(SjJHMhov|2}f6g*fon@j0ozxb$?!Yu6*0!6Gwq(pul$pk@iJmku&louxUeV
z;TalTLni+vt@_u@y@Mj84e$8c6)0NdDy4{?@wm$6RKT`?T+I9%>~w)7mc_i{x_YrE
zRrRt?h*3bWKJ=6b=jZO=o?Oxt$>9t6@R-WCJF+-&l_~4O#G<wCyls+4r4<YkALnz9
z%qJW~fL>Ixppl}Aki~2=g*RsNdb`qcsjpGE(0ag-2wOthENha0?Y^?v5;LMTN_ghR
z(5Um_YKAYhqcq=(I_18el|+x+5z@mt_eYG%(h#Xw4h0so(eI5Mk|n52rJ^WIl(;I1
zJZ>d*`M|X^HC>z6MME6$W+2PK^4a5ubQlt1?tuFpe+@s^ML)g9WN4DqT6_K2^h^=2
z0@|vYB;d4`;`8H}h(iR#jhOp0xg1-nuGXL3`7mTUY(f`xy*}<~K2;$(USgToj2tg0
zu_ypo_HZ$$BJGR!ksciuOZL8|$wk=yyOgy<KqODraif}amm}ijVh;HkM|WZ^Us>GI
zgyndL`R59x_%Ycf{sE9s&fV=)dy|{Ra%lXOTd?%Ib+&4WYRJGiCgtKv_k~6X&ItGR
zhaU&a_qcFs%!VacYB6My!|t^rC#|dvq=T!&=%os_ya@i%Uzi%A{ielnW7yoy<11zW
z8&r30Y`HVk6!l~%txGKhJhp{qYjP9Zh#`Q8hoKX!>-nrgbna=I%XWcu^k-UGrh8ZO
z&HAMrH+n6>M@!60n~(N(oaB;pUq0*RNAm)iDH6O-t!fkHAJe13H1k15nDHJ|K&KlV
z-F;x!DkZ%(`Qt+kF^lDN$_6`uf9~#i$JjxOYL7d2A+HfBcAQb`<z0`}Mzvb^FPg8?
zSF*31mMpOY+7X`|3oR9O=-mPkzy9$Q5vuFzlJs@n=f)!XG)HEJdybZ=!-$5XGo<x_
z%dwFQz!;2{+mm14rf!gpv1dzeuy6>AR5|V`^dF2@Z0_pNRlm@hao8jW<WwoScvL4Y
zyE=>6pfWav7&*0;f4V^Gs~`f?o+mzn-on^uXxcIFe52th`|>m@X)LKc)S`D}runZQ
zHc;^&W~%=vjImOJY#d%+P`EOm%^%RcAoi)ulr2h|_UqN@&UU{-DrEsOi++W$B1Avd
zzWQ3t>T`}_g6Ua*2off)l5(a{!O}i=Z30{KKr3dxi?Ds~gLAapx%d=EqGOACue*g(
zPR00foJPU-t9ig_j$0_62O2-b@bKR6e8;xmjy0)?Qi}-nvmGfH#o1!;4%&UcyKDS?
zL#J{`HEV;h=w1=>95}PUgZZW<C~notbeFb0ny$9S{q5#%Tv_`#=J8(hgCo09recO^
z1gMVHREpBvxA#D!6wl!{K8yy_FK5B>f@(fm>rWeKn2BYwTpy*W)vP}y#phENNTi>n
zTWvMzQhPCSg52;#mp8wo-L^ZHS!voz`=ifExt2Br4_U3SsWp73gD!4OPpBplr1gn_
z(=m^ZL)~9StPlqyB#;91KHtfP|Eu7tn6gz~7+AYDjv;Hvjc&mkaGDwu4x7CO043>7
zW)cYE@2$807|*ZmeSrwig+@x|&4^*tLok)Zs}**|j_Ucqseae28}OCxQ6v&iXp0kz
zu1O34w8-}a2XbBeO2A2b^Y2kkB+giM1e5;N7~<=LZ`5sO+bY8k?5AVD+6ACEjAjmH
z$r~38ITM8^I(iekAu;ELI+<33pq>i4jc6=A89(=}gJI<j)sdXmNM^OS)fu}R>d#I+
z<GJY<#=Lt~zj?q?8*|ps^J-zd?)q12rdJ^D<($<A$w;wKUUb4xBAaY+1YEDVL9n9O
zcTr8f7-iu&f;`_0@ds{{iwsz1%n%+3>wUTZL)ce9Rk^KeOLs^K($XDDcSs{3sWb>E
z;R2EFP*9{hq?GRN?nWBvM!K8DKbQOLefK`+-20Ega4Z#Zt?!%PobUTS#S%uJywiB1
z!%Z8sl9xBp5!tt120a!x`?GA%P>h~{%ztBRPt;=5?5?A@!*`ZgOz_M0QGvR<+`ji(
zxx$KOVE&Zy&VGK8+_)nBGiAR)AWQ1IOJX6fy?O(3G0&t$Qy!~LZmXIXvYz->o{2z?
z^@f9Nb(AYc#Lbc1bNEIkj?FnV{vaUp=FpTf^vUr|t+4&o7wC(ek$?#kv27#_qS9zH
z_3IBJE?ZtrQz5geo$p=^rD-=bKsM>BTd&!a6ZnQ0{3)d7DORG*e<E9us3m(5yV20m
zw*{epyx{>U0b27SrtjnG7Y%5tu@AoZq0sox@N7+^+u_cK&Q!h)2VsTJU2xtGFLR#-
z9YhqzD3q7+p^8Y51e9$Adn`;WfEA$IyGIhnpklDrv4Q`V6Wo5S5E$}{Dg+v>))1ca
zzblph7}PELi!((ddbV|99i<)7+I>hXdTz-r!uYY+y!(S+)u~gCtySl8w!0wb>Myk1
zDTE?qrKr2BZRydkHgAOSRl}Igm~~ymS>j$*^3g8y60yYW?=IwVLJqRUq4xvn(Z-yC
z^{r*DkY1zv>GN1I*B!m;lD!95fK9wsEM{fA!{3-ilW&tO;+2`Vtn8VmU%NvC|Dw;g
z%s@a_@`dM3<JiE8F5{apv7DW{8=a33ki9eX)2oY{3DIE(%Oh<l?4f_+(D*9fkqDqG
zs(dD3O0R35xis_`A5=Mi15$d_Kf?R(_)#a3);oL=ake!qdSnqfj;HIHxJ`DM40ZuX
z0ey+dwWviSZ!YE8B%E;R;;l)A4%dPnY3R6vW}Z3Lu8p@F4W!Zi-D>y!fXM3!(XeeK
zbAP36-tAgV=h8ym?WrQ&eU|GLkIec|vS~0oBqKzrVSOZgM~3y#fR{e@{@@F_!u!r>
z(A;;t65RrTtQf_n{VXgpZ*H~{W+LsAs#U4yBJzdb&ON!NP4-Jz6!Trecm&hFtpBVZ
z()vq>v-*-VtERUN6#cy04irC9%DNFOc($FTt_7^-IAEit))4RGrZHna?7dI_!O5da
zz|YodsKui}Rt&&4WZ6$1qfYk;Q|+$$k)b$Aby{Y9$*u3TRsJht;w^WB$F(E3(;gXs
z7K5-AL3)h8sIQ1tPj|4{bL!H?nlRN5`j68J`YVfdOhzbMHNjkFT2h@l)~^9H2fAU>
zb2{rv@uyo0UPWV(4Vl8_u_Pnc{_8(8h3_d%(eL1Ij1sP^QN_F8O`=_<MbuI5CmT~{
zMM%C`=_^XEYCld71>_2wgH1cy6WH9*e7A|^^#=M(*^I1_QktZ$M5;Ff+PjWbZ3+e-
zLRMTy+)B?m!LR3?U#!5;*p){%WGAzGXvCkk&iPk5L8<fS%bZPLUzmflL708FKbl^h
zV{lQjDRT?z+2#)^U6;xo(XJ}TfroD<W{V~R3etnLxpS`J9?b&d<h41ch4F^A$2jLi
z!lROw_m?g=Hi;LFKXO`C6H!wjo;@t_N>1GeDzo0er8ct@pcf&Qb(SZAbaI)>SgFnW
zue3ppa2?289?VxSt=JI~P3BU_-7|C_M7|f82)kMSV2;b#(*O0Zk?CJA5T)<A@Fi5e
zrj9$gKJ1c!({!pO_ed@Bez%|_)bf2jX;R?%&IgLIJl(9qWbrQA$MojpB$8Y$VOc0O
zc(|3hjlCj%v>S7^j^Q7JAELD?e&x5*i-Fc?bmmpfO3j4Lpx|e9Kh*%t;M=ns#5!Dk
zVgyN@7E;Th<hclbHIuJp9iUwSKBR0bowtuPH45V%TMVMV69u{ys<Ds3xaJ4`4+{p<
z>UvY~I1Kbekn2zP(G|m~V&1cD(0fc6#J)+nIt}s3UXh!!D~Fu?sK`%*^>g5QmIpd)
zpRvK*htHU$8tGPteU={XjhAJ)&!sgSU0q5B@JsI{>GDB(oEE(HZDRrbb{zi~zXj^o
zXqB~6fr9#4nGmv^hLN4Nx)(wc9;>-N#k`zPy&S$y;-a!E#zL8%YF2YQn^*TLy{_m8
zBFaI#`_3FSsdecwFKjqRlY${ErgeK;MWg_j>uJIv0B`n>Z*yL7+ZUMz27R;Y#s^`P
zjO9CJLt>-Gh=AWu1BCS9ip=%%t4xvlm30T6&=)wb_UA=@s$)>kLbY~^^c$GPLMgr>
zbu}B%gd{UKQvjEApk(`{zkG?f&y%zQ?9Zm92i_Gmcv4}{)w!uKdmi{ueWy4=!6Lr+
zHmE|RHJKY7?6vJacqRK0W|L<uPi3yN_vQM(8ADkha>50Y@s(NJt>-6<+Pn@D?SGX%
z+8Yz>7L^5u=R2u^9}<Eoi6)I2nJv<}t!jy?ZN>^PyPp{5TTx8QKT;bP2fS8?NccQ`
zXAjOM@XyCZFLi>%;ubM;JHq&`xov{^!Y_j}aso=0{Ca)?g2)yZwUSOEuZ@Gl_Eh*c
znzY`OQ604B0NWj%5pvwhw}116{IN`~b{_qL`<%qye8Y8ZfdL~|^ZuBx@rt@s@WyHJ
zz{m?yrG#f{__ds?+poufi(jM13{h|YLz$iv%CWWP-o0gq)0{7Jb}ZS-Hm5&`JTUW@
z-?Cuzq6<?lR*Y(X@|HrziD8N5u-a$wFW_GK26WkM3!di<gJvU@%B19H*0EVxZ0)3H
z79s%`SU6OAkZzZ;3`L8tkc>HP8;6TVG<?qr<;+AYM4SAHZ?Y;mnS(sijaR3QVU@XT
z!i}ZoSheS$DIv6dYl+X%T!8C$uxRCwXaUP(i-D-Uxx1_Y6Ol~bf|=LPPNSwObX|U=
z4xusc=z@VUPo3qsXgKf``N_{O$Ud54^Tvr1DN`A!Va!tT((bPxj@CMi9j}qHg=uB0
zN_@z3>-)?(wY_wC)0R5$OQKpqFShB1TZ@u3qz>R&l`H7|Jj<Id@KA8zkKabI7|u^n
zB0eMb7dAzO<2UQo@Ud7OVqVZ0csQQn)#M33#3M{&1Q$%hIYe3}wmtIW6gNJ(Y+a}S
zaK^I<n)qSC_%Mm*dMyG>TXs;}Rk>_EP+G9+JnaAG8-x26k?a<~8^9tuRd-Zc!t>D1
z4e)3lrF>r6+r&Ds72@BEgB=}@1mK*h%V8)@_N!AEO7s2+t}DGt!uR>=lw3&`GqmTr
z+FFfZ?3wIdxh^Gf2Q-h7Kx;T7`Jm=qiqEfY&;t9)JBmdf6p^k#=7C&rT=$sC#utHi
zX@9OM*M^zUV2IE}(WvvYpj<n)57wo%t+F`Tbb|%NC{d`u>Eud1M|iFNJ<C4*u3~+U
z%}V)??O<G2WXMU(_`pK+>|W#X2x6v(>h|IS+4}7C#**#CgQK6bs=hSB-*=8T_^kqL
zY75Y#KX|PWA2Ox#woHeZwt4u389+(=6=u~Bm`fhM>z>tsXX||JPquwFtTVYGiDrMG
z+R}uELC8v_DRw0XoECpY%stKAFchB*^cspx^=+-`s_8823rBi_Eo&oL)<2u)KKPN|
z><mb-7X$BgP{?ZN{MN)3p*1VJ59DgTlkdpS1d3c~W%#Rt2PpfEi(b!+Lt>^*6zB?g
z({W;MQ9iQHs*Zi{`v!a9eHQVX{TW)5smIif-d#}1;z(Ate6u(ROKH{IM1!i8Wl-M>
zXVA>$b4d)VC#O);%+=Cd>XwPOq&AQ|cq4pQx~fb#X^c&IP5$RUUEg@qCcRlgiQpB0
z0~d$|O#aHyDlYhz0T_dr{0`Uzg}a_^*I666Lu)YUgx*O~<tLXt``D}uHX?T557pHn
zK1~i<g|SDR+6^QLEKYBkQkQc_!OBP{f}>g12?bCTYzYyE2PBJVx&CGp`V3QZT8_!Z
zbGwud(ma>=aM2UVS2Q^8-2fm_Wo$R{2^aG)Q^ZSU--oqq?_~xIq$KZoSsd5L>ViaW
zM%4Y)H3vE11DGY^4l@S=^FvhmbL^Qj9S8l7)@Ly?NRbK^NuM%a*Iq>M%3JH7A2n>0
zUXPf<3d8=NUfLVi62$y3Pab(&6{pD}FzHnXg7LBJMsscU(b=ljT@%04{C?W<VdsY7
zNo{BA(d)Jq0n(VRE{|~W_jCZeu1$8K08uaEsekEQvupD~fs9*&N-WVOXsK?l{}V&x
zLb;^tUob!J6(R`yq3Mfdiv&EYUf`>$8Sxg<pw7p~*AxFZHVVX^(nS=p%h^5)dWaa7
zKet^ROD1fq8bPnf3~2VaIMH<sE=Q>!bTQC_6GIKUcMzOjo%RI0TkOTJxmv7wo6M|c
z%>>#UjlmdIVRYI^0yGn(4Bd&~M~Hh1O$=6(`I>2nINiXtxP0RU2sZ?#A)+{hX<bGu
z$3tO@BjbpzD+1eFrbb@ib~XYR!NUQ+CUEcMnje7Fl}6hG6f|k3-|%eIzr(Ztm@B{*
z<^etK<9d|l+rJ0e{8gy@+Y7`LP|_@xnf~8?#=j>Qs7|mh<d(qp-XGZU|Me@bJNRDT
zp%AwJ#6@5q>hE7vvoO!ZbM<Dpe|u~H<+tJoXw}j?K#t<|s{LT8)OLvyTXq>BBwxt5
zfRxR3&DKqtNpB`QUT>yCC>=9k<=-#O-zPACy!N>V`-uRmtyfAGmWN5kK@|3R*(eYY
z^nRDer>UPpNZUwY=%5f|2t)e6KJo8%?0$^6wRUKJ*IjL2gjj5^E~H^?t57PVNy@bI
zm!~=rM{ew-)9#OX5d+gs#d&NSIy0`6Bh_gEAz+Uc_#6?CI2o_c_M+V{j}?I%wN01f
zRG*?r`xhpVSCCwQ`RD?GLv)_?7ZH!OpTU4un;96C1{AK#1u;P06$v1X=}KTjBLQq5
zzW4ryH{M;J*<4<%sH_gB`QZsUlJ&%KeY31nWY@2!tr>>`K;*SmP&63#b_0>v8bE)Z
zf0t96Ys#@b-_sZP-l<uvO6?OEDq3>qi-aMcuT!!Lba5|-y?`weKrcRnVp4cig9B_-
zEZ66|kq<ZwVd*Cxr@MKNy#CA0`*Q|c9p$aqkqnM(20!FmM)fSEZ~(O-^AA7HQt3+;
zaicZORC*4)bVT9<Wl+y6ZML;~q6EtJOhNTP`z%67A)1*DJi4*KW+O0*+3oZwBZ^&J
zW_E7QW4CWwI;ZG!k(YBYImbnFxs%GbIRY1hvL#<|x*j0HGR1&8G6IZ6ukc>W1V3c5
zTdt>DVNe?WDnVcfvK|3nRTJQHbZGeWQFCr*TQ<&>6_E32aehgG7+m|0*rfCTC=P3a
zzGR1i%(V_;<7tm0v*gmMXrk6Z>dqQaPx{)WlIP!f!_~4+fZIZ2^RlWlmsTN3=jwc$
z0T2MAdek$wxcyh#FY+`BnDd}e-Pol(`N&LoACxZRPGCu55HIAEyjufg$e1L;ufqzk
zv|P{kXim2#&ow(K|BuyI$gudl1f^ARcclW>)nowki3kBjq5vAtgGC>Wf|pOJdcUir
z7=WNh#<*fV0Cdm-wP2IWe6FS<47>sotslHKaY9aSVZ0Z_nSOton7$Z}Sm4dG?Sb?}
z%~CAYoxBmxeR0VYF-4&)^Z8B*O2-0tKkU@^hRA?tyxVC6GL~>TzdaDd&+#P(lM8ur
zz&N=nAF-pI=3QjX2a=ei0-&_xRvME-(vJgyBU|@Tla?HC=2rq{AK5lDMc<$H#k^B-
z`32GsC1cq1E%DtJFA?C@BQ3|vZJ$`2S(EVFdh2PJDx^^R6{OhrN?8p2bhvW)a*zc0
z0h2?sml#l0(>^BCt}ijbHK|v0twSBeY90!{m%|Xj0<Z$`G?PI)<H%4+5gjR7z&T30
z(hZXoS$Ok*T+}q#W;y}4{I+et)=ee=X+W{{8p(Vin2@YVZHU|cjF-4pfdP#dtKRny
zDZsDqIu|?5;w-7Abksif{r0^62XevO56RS0o_H$Jh8wYVE2lHtar_@%FepqGEKmtK
zx+-i8>c8sv+ytcT%8gf*P)<pe`7=@D8Qj+3-(^Xf#69CNqq`*jG!Z*o^a1~uZT9Go
z_=RbJUb{TjbXU;f{cS^$h}Q|u>3FRJX-|GVC3To?fmxo`PXunjLjlDqArRQa&Ng`&
zYWEbi_GuQWNu9gx{?v34x}2$X?*j2X>_9eO3%vhd&f)k|>lA?SOqFC|W(_^-9KDQO
zc0ZK+)_@V<IxQ2-1TY@vdR_M%{k%$cA@?aoj>~@<5d7mh;<_U0v7arn9m63YZ}BzW
z=@d6FbuR^v7V5iw-CqJkmZRlMdp2B~>G}@s+s~BlsSFa~Ea@`A39h6^YDT5pnY~_W
zAc{o)W7UYUL_Fg-mVp<w3XVVE@=~dUVy|Vk)BX;tsZJ25C#*c`<7kQk1+n6<=X7QO
ziLy4qd^g_=(oxufPJKKjf^L4&OuGo07rUP4t<O#o)kZp!Ad6DtZRDh3KuMfj<#Bxy
zQ|~e#`I(SeE-QrG;Sz8}PDb2G4$+#*>d%IyL#Ryok*CxNxv?FefAI2)X4miKee3V%
z2V;%>f3L#B&H+sPOA2Q8JMk;fpsw}C@^w_Mf#tti^`h*AHmirlC-@9M1kgZBDtrR{
zRUxQ^7MPE4=QX@;Tw8w#s#$KuW!y^VFm>S>&wR;X)zT1tcA)&e%?}*cKF#>vlaF@N
z(7Vhlz<4=3%o_48s0E=^X5b~a)1WmWp3N6l!%8KWF4i9|9>Z@h0`EtRh-6e?$Y;J=
z*I_H^tuckzEw>+P5`dwf><wT(uw-czK5>>MV$o8<V_a&ec3q#=&7UgS2^yQ4Kd}iJ
z)$nabyni=o$dK@8X5=BopjJ2GKQWDeoUXBW2O{{Jt%U$KWlLs$GAtfVM)s+`fY<Ek
z)z?WB>Io`jGu4_$51$+)wv(a_?Cus+xyMQzaG7tRn5U1GFM*E88&U7+;_jp`=DTT)
zY#lWxx3ykEa^F(D8a@*o-c<maUO|Udjvg>Fia@hkHGmNRK+j)->}vB{=xJ?UBW^Di
z^<3B}%6vGdfA#whX3v*aD<KQ)X!vv^U2C63r&0a`)c*5)3KL&M^G}$H<Tg`)WgMSq
z$#)m&)$CYFZ}a6(QV1CGT4nYvIoN}<nK`>ylDcF#i4m)(dI~W8s9bU7(&}-*VE|Yp
ztVI5TQu9gj_+F<D2Y}`h1MG<8$3t^-Ye~u(L(p?ZzlWb|JR>V7;c~B@1;Ym1-jSK>
zk01g|6B+YHZFbHBL#9y>dr|fgUHc+Q4KT~xrFH?CBJrG_diM(8t7<$OuDGwO7QX9F
zvX2z2(GYr;g#lNCKc+@1ak$mbbbj+5|50oGRd-QMA(|l9nNdA_)Wau<L@wewro9WY
zEqegt2BtzTwVC1Nk(e5vJX?e^g75~L^b>8K7H2^Gm@YA`E4Q5Xb)oUah~5Q19A5ce
zO*_aJ$lpHSnU>m^@5z5RPvCXu5pB`W(5^dMZP(Ga9R}t_elS82c=TEPz?1-xrZ6g%
z<GD2#nT~;>#&`4Jt&t`}v7Q*VMDcu|4%IuP3G1Z^lWeUm1V}F!ZhQ_n`tHxC1{-f^
zXC~*SvzdS4^Lp4n-_NVztiE8u5@I)df%dL#Mi*AV{V^#4$L-0lFxVmWzkQ`CP<67H
zQO~sjGRjH&T5pqf56J1-&Z`4<czv>(d7GtevLU%>Lvg;df(IAVbxxt|=LZMFF0^><
zp&U(LNI5`?VXV8$v7Cx#mIMNhu9qAXsOoKgP31%u<b#gJPTN45M&`?y86cvCgBTi1
z6>0*QHHjN$h1G%t9<7{_RoCw)2o=*OO$u2apx_AV<60YF41EN+TIj+a%Xu3KG<6Qg
znS*>W3NA-FZE6X%psrAN>8HS`r`5MXWee~m-{t#$4Y2$K(RDy{^Dk$qWbjdCSlmnz
z2i(&3+S?5v;q`SRr@X0K0~FFokQVjvDz4^#iO;c>Zl*H{{T70tzFsg7FZ&#FM=ymi
z8sOz1X`epU<WZUg*7(+a)Q~CsQ^tcpIVwv$z+ye!1pM1K94Cu>9TY4)h5xnd@aOYU
z?VHArL$C+VKS~uw<1M;t?q$L{n^S@R><0c?p?|%g!n^Mr8ApwWl_2#$F0%jFYW}ec
z9Z-vx1Zczm?@#xikGZr7Xi**=_N)y5|9cc~6P%*|{lEOH%Lr_T!M)3oU1|UIBK)%^
z?w~M0fGtgc;MBhVwbl&vcxGvf|9`!2e-0nwqNor1xYbUuj~rNySl<BYPSDH)0c1h<
zox;d~Pm_2c>ZTW}z{N(`B}2qFy4)sUc5Be+&ctC*KimgJK>6^R%=!-tvHy55T3}su
z_3Bi}pLc}nIX>s3kW;EZ=+&Y3U8qiky`Xx)G)@d=xl_UN-|uypc-(y>;wnz50rJ1w
zoBi|C|M@w+x6#@iJz{tMX|eRjrUf{v>)#%5UpJG#0Hi;%>LckwQRhM-m1xFF0y%sY
zW(!3|3Zw}6&xj>@RqAJ}c<=x-4`1tx=>dGh)r&*ZWpJuoJJ{PtCJERp0OD5$&;doT
zzTl4C3H{pyA50TK4#AJp{^RO@Ed+qOaHjptCx$I+%2uo<kUa3`2%#3yHNTNviq}Q)
zo3DJv%fa^NPxRg86Wcc$I{MC&`}Pz=%`OkGxvlQ>f4!VgM%J>!nS(1i7sn^&vHY$S
zFZ?2RGMk#PS36AD<v0*n0?a|LPPgBIlLW9usQO~qqu1G9c7wQ(2b+!mFr8}VgAD;(
z4*nARh(Dn=LL}c_N`TRp&nQ2OX#J6G0R}p@U=;VS`I5G0_9{C`M2B7NHw>p_`IL&u
zj_ob=_)C|UJ-ZZ>Z#>>&iok>2HRi2;om}P4bcR$w5giCHdFFHm_McwRDz2@H-E}Wg
zi^<2ZzDSzbkoo(Q)&$o2g;^`!pMU1_TD%!ma6*d5Y$Bs!*l&TrEq|=~cWy=@1F%y6
zJ2_m4xNao|bAFR8FR@9ng+XprPn|?kC1`yB)&wjs{os`QI+%Q$sFeIfo?azh0rnj_
z@qeyLZ$xQeanAfd4_yr6msC>`XE5(EnS)CGHSSq-g@4+a9G>|h66p`x_+yWK^6630
zGNxtjFR1QkZ}f9C>l^`V{IM{qs3H+Z43Zb?lc#!rr?MjYiua3;8UMF32NfS4khmw)
zW_-7Pn39wId~`#4bSwSd4SG{!6BtS%5@FgE0))pZ)@I>vkOW+DYuU0XL?%q7bx(X6
zTU+yQ+DyE{Z7BKP&V~WasC1>VZ13UG%P&z`!G82$qwzs~3arBY1<A?&Bd=K65FSRR
zrcP{d2%(TASSPDzS))&mc5VpS!kJK8?*`E=-SiNNl$HwJs<%Bbm<zb_w(PdP5jrtk
zzFp?_yy4g1?+&MVUiFMz!0qhIsN;RR6#$&P0?G(MSrxgi0AaCB7{M6Cp%o6149;YS
z)4YN~5@5^%T8RY}ZP5Kr-0aWQZCH?ExTD@2cEN+LfZooZ8}8adf^k1&?vKq+S`EJB
z+os)N@qbnzk4Su`QTF7(BLovGc*@Mb>Chx;T+1vv0%T`2(Q9_G7=SMxRbY7l8r`Ks
z4?$xk(pgt8A<HXJfkX&DMbFVGNpJs5*rz=T^zXep(`6Yij@Mz2_Dm(PG3}1*Qu$tq
z_crOp-`Ld_<GvNUuoG~>d>{fI2}1!m@%WC*sy<``MKbKM1d};zg~tI7KTxhDQ$Wl3
zPN%D>bzx%w-}zhp^<EvkN{;=;;B@Y9kB+m;4LlkdO#K*r7hFK4QdsT`w#vhQ$P$1}
z9;HmmCm&GMgdMy$ofU+Jcm{P?dn<MPVzJk*l;iia;uEOsoh)+y`o{MCzn3PsHmLcc
zm#VpIN;@0QOAV$RCps*~i8MHrFmAKeag^=7w2g^@L|CY%*c_Sgd$}M9U|@1qfki=s
zf<tkjxxOh2C_=AJ;<%1LT%+JmvUG0eJWSyB0lht6z&*vE>I8^uH2N9~Vx_D1>F^}j
zDB<%rvRhFoH6p}_*dqv8?ud%oWPus?hT>A|)9;W4QEsaVCEZA7&Ai_16xo2<sWPQc
zT0uk{rMs~#_Y=j9_6@Zup1u~v&=Yue_D4sETY@%R#$b{{8S>Xb^7|~;duC+w%{-z?
zN>~0xes<rrc>pag9z05+aCkb;%Jr{h?IB&y-W?3pED7lM#?L{&DZh1Fd91}^Fl`PX
zgOwAHRzVC!UKqj*lI*R;06iMop#A~PUOip)j7(saGJ0V(8J)xtv<cItE@jnqb&4TL
z0!Z`ZK=Tm}JOz4yTY38~Ip3O{x=y9d9CJLkMGPp1eqMF<c3?bsH8kJwsK`Km>CsbK
zsgIbIyWQKzJJXMQ0N1Dhb9t}@0i~Q_=<7_?n)l0qw6_uMpEN0wtRtACLnpD?^MJB7
zsOqJ8UyL%a(>32_sAd6<9I;@NN3N<#adbIa52y4Z+sqQqMmp&11!@W<!0WRd&!>*-
zF4D}a1a+G<J7Xt|s6DT_IeEjbm0t~WtE?jIf*HE(b943sW8rT_pRRHC6agO%L@oK?
zz5@aG5hz;;&8G)|H!pv9zEDMuJUDc?!mxU{A`37BEvEFribE>5jKPK)(dG6}-zG;b
z<TyepMPht=by?KXr7JygGxwUIw-Ep;u(P)>i%uk5_4A=}g5J2u|4M$I!m`a1Agty#
ze(Jcl^TK80s}rpu)V*>W$pb7gNwheWwW%N9mXo<NfU|^z{!n99)L?Gq-{yd)6=r9U
z!aLwakG2;ZfJ1@0$FPGj$?j|j`eyVzH~90Q@!tc_v8h7+CVJpRGij4QLtb$0)Ck5@
z*`fC*{SQ0cu1<1xj!vS0u>xDQ6WLtT6bkX~e1)Q0kdMCn8X<Bxvg7Yb<plw=o(@Jn
zF$6dt!;JN=UXDhO#d>YDxE2;{AepdTb(C0i9~3r<=5Nfo4kR2S4Ds(w>dBff{A;_H
z_JD7^<CeW$S-bx~`@i^i`UBwFy;;n=PQ|I_^GQ&N|G;Yti*Tb4mejB)A=V2N{)#3%
za1X<bk6w*t29JRG2G60}%j3J!7mr<ZmC>IfCi2*4ewR;_IiPnl+WlELx4iel-$cd8
zr^F!cel<W1zAG=Ed#Q_XT%9G^J)!!8ITvyZb{F|L&a`B`zfq|bBN$W)>tKf7CuMMA
zt~W(>?4+V5-{0Rrg&G<)Kk;9TWvi*fSkA}YM(KAj{&Z<|$kt;oDEtVR^8HG?It9JU
z?m@-74uxGV|69{^Qe>P|g=lwSZ%(3p(s}Ofs)Z9?_oeBHS_hVRF)tsYcOS8D<snjo
z58aV5i5aJ|vJ%GLF6^<)75$?0?Ho34vtAmo{)%ke0nAh|bR}Ldm*>{u(GF+jVeZ_Q
zDOfpQV1e6-BLH**=#^Cskyi+XP@$8l=VZZk4y)cpz}XgjqIX;aFeH=-A*Kdi_Y;#!
zdUW^1t#ztjhl@6?6We+&GF3Wk^NRdhfLUmP@hrPvoL{jw?mUQR$U}lhWvvz!)lS=h
z(YNc~Ocs7!{JDKCC8q!O%AnFZ2Xk}5aH3$r=(DwAAd~V#z6gAUK>t+4`}kcvN^3m6
z61G=oi4a6dIbe-=divtf59ig+l%ci9$=<kn=(yhFe~oH?Rt_ZzNZs0yzq$^N28g*_
z!xfMMzGD<og$K&+)hw>bQwWH9>k3)0;_ClRw_b31&F^vb<Whc4Z1GIv6C03-M*xE6
zvzHZbK_z;!w&R{AI*2f6cL#^?{+MJms}Ckg>{gM=u!<e5?T11?Y#wRO@Ft`g--~%X
zwqPWTf3W}f<a*j7rOy}X_|(CBMLwQ6I^Uo{#@6%eR}}lgf+1gES+s5c`Bs7e%z%>i
zAgvc@yb}F-WgtZU%)t{E*{&Nm#ll;Z%JYv>9QZ3@t`M<3dyMmYzydp(sd90fNo%?(
zOB{C}-jeWIXD91r8#X0-t~@EFV4$z&yibtyYSu@@yxva4R@^H`ts%i$dnt~y1TSm}
zYj$t0c59XtcNFt(n9M@lRFd7N!xH`n@%+K=aAU))27b`s&TyQaFPPm;o$9-t2-g2L
z4R1tS#Dap0yqP2v_x<+!O9y>p@cdVPjti4P<s_z`q9%3+9&N6l(Cn3lzhO#-aw$=n
za(m63f#~|kq3@;B=K4UpCi_V-vR!?y2p5wxXSPANN?dG%S`IQ_s_7)~e#%w^8&xFE
zx~pBV{u$>wxsXVP{RVrfNrz#n%Q5{nZu+Vqe=7h4Hcu}8#bc%hA@UdmWny<X>KGy*
zsJ=kd0_gq2VbtaNijg;GFha4ss~!%nt5KPTC>^Q@0tz&{4{);?o1lVfF4a2`hbx_z
z4=MdAP#NmZccL>5c}FMPp3}*^wE5Bc;U$$_)Z;gEwGJ=8>(sBRyr^`qv0f-qe+iaq
zVp|@PB#!lX?zrH|*P%15+J1NNeY(8a^-|S^RIH2pn@f|)HU`W|)czE!+CMAYLQRSl
zb93F&44Ww3Z*2r~>wOcR*f0x;IK2_wtOH{Q@=n{JW#3z=skqGg;x7_%@k0Af1E}X%
zS6_u7h3}l*%yKVYBEJs?b-zJvt{a*Og*3bKqQquPO`btRZPPiViPCdevVcf^+{Jqs
z{YSr`7Urwtm;ph5s*n;O(s<eY*uZgc(67i(RcsLr=@5JQ{+_x&?TzlCkE~%R#oh5S
zg!rZoal<0A_6!g}=s;70b#mP5xp4D`@j0#wK>I$`Z-mhNrQ!|jMD!%#Gq?*CqYplC
zWNAfHPT^%6!8_#G|B#1`8u<b?&rz9=VbbLto`V+BZ-;HxDbG~;yv6@XxNDC#mi<Eg
zUG}irH!r9_v%VXEeq?5SHcclGth>=^ab*x;;^Nr-%hPtI<ax+zzH4fMTtA@KQ?&uM
znLm$HudKpRD57dKok29l266?9*lE-Ll)M{q0`7B9=4@Y%t?^OnLX*xfOdwY?rZ#0_
ze8tB?Mh?>#8w_HVq_R1b;wB5#Wu3a1Iqd%Q0;theHVSATUI3O_k|Q6ADp7x}F_Og>
zDM;MFEn$CbLL1Bn`&z_{4-<aFxWwiMNxpJFB+(f8EiS0qDI_~CEsmp7QHnxeD)4iC
zY*KMfz5@le`uEuCvqfq@k45z+36JTl)(nYk@0L77NpwUR*)s(fiWb1C+aQ}vMvJa|
z`U(GF(+4#Y>X0pNJ(O~%94KCHGoN1bU1MnmHvx0r5^$UqvCNO|SE$W`x;0NSu_N{;
zvj)X)PI>!-PAH&Lmoso*Eb15oACr-#;bJfUYN3q!*TKey#C^d2DXZ;UhC2L116+Xc
zD3hx{=xa_Y0;14g*Dl?QExlH+iwz+2=^rXc4Yy%q_l66Y)mTkD?q}l35b{QQm+_(n
z@$-NO(v}nX8P^gQ!f|ECsVq8;REVv%%JH@?sB1dkT(LX~505^L13q2OkP0Z`5e-B*
z{nx(zYY*c9gPZip%k>|Boz>D@@TgY4@_59p!6c7MP7fUck%2+E#Nbh(@DcLjuC@}{
za<Flvo^bJQ2vA9Fx&hu?WtHOLM^?#@=3_)i#|){-<;sAmKVL~mkLW&9r+KHJ=nbHx
zI3E+@>t#1>?Kh3LcTx~sb16kpC85pBL09opZZJHVrwP4>K!0>Ha}HIWB8fpA_r+B>
zj^_8TdUHRwgP4Az^6hl`k)+;4vf@E6Jj3>-r2awMp$^uqH%jY#oP!m+4?eRjGJO<u
z@>>>V;e=;#a#5T1vR$j<QKc7+o@N4%=0RGxxHPpYm9p@(M-QaCa-zdSGE0Co>zm;3
z9*v0gAl}-r!ZjLGduiaH<@i42XeFLdPwE-zT{6RjC=kR$ZgbvU6O1%*^^oJW9TQAE
zSDxJ%iq-Z~h&kw?^h4VXBd-5|?RL4!i7qde$;Q7?-Zy7biRAQ#zB{;k(NGLnAD7#p
z2a*Vj+v$r(H6QbHBA1}SD~>a3-ue$p6%yVkx7aV}{2Iv^$TfI`NQ&uoZsf%TA-{2J
zZi*!ly}B@k(K^tjrldY0jaSHqAHEd<oa?<df7CHCGIv7OO?xa8buf8w2xd_6fKH@n
znBeCFZhGZ5I`x1N?(P>trsrc1z5y!tuVOn?HFMUwEz+f*UnIIMf7Hhls0#Rt=DvLD
z#%DUS(ggvr9y-YH8&y#@&_Js8(+by9OA?^xNlf+KJ#&O6g%-m)-<iWDXv>0~y>dJ+
z9qVNrRef{fPNx+z*w5ZTVzQnkkJv1IdR6hfs0fLsJl+Ngoq#hhf~GDsaDCUKO{?>d
zIe^cm1l48{|5F@xVTC_uA7B{w1koT@y1O`z%XE_tF_gE+beiG0z#ACwJ27<?$KOJW
zc_amV_;st8)YAPuX@od;b2SPq6OANS=#>+;s>bdkBSCgeBGB;@K$}^nyu}~1w$HfV
zVaRNV6cHz672rX0lIVersq}i9l-{vFvG8o><{C=^y$dE_xywalmI12GFnhQ(oe3rg
zoRUeJq0aF-+jrBfXRactWMmv;iPPpsm}#j8Ts7jrxG{H{hKpAi_vW#`ou3m9uzIsQ
ze)!nn`5^O_p+iihcpQFq5?dOpn5W^^`r+>VA5>n?r=2cKfZmp0&-j1%+o@BaacWnm
z3+tj~q4x{!P!ljTa$cbrs$SH|jmm)^XEn!M*f&c+v!)H>J6mia<+^8fzTb2|UYY#b
zEQw#Vi&JkcRzBz5vd+NIstV!a?F@~*YAjN|?to|(l*&(|uA6xpObd?!Mv>vH{SQPf
z&LFi~;Q9SJQMqo95lC`$+6+VqtK}-&GBoIOfUEd2fASCy4wK?Z=X{BncJDE=*C<gA
zu2*p46SXubk%Gt?m#MJ0l2DnnVK-Zu^6gw4k5%R%SA|<_)(!vb;<!U0SNXQ`u8}X(
zp5#p{Ib=^Su0uKBpPAQxP<<<$r}UMW%jC5R)iG%wV3?ztJBNSM8hH3}M|#2Kcn!ba
z8op#i3}e$h-ckF`gC@y9jl+~5|K32uf~3pP6h=wOSRbuc5P8?0(+*$P%8szkb+hYi
zHKb=(sOt36Co8U`&S`&h+@IM$Z#>^&r|VTgm%|^kf^6l*0mCoZ9!bK2e_L!3h!i5O
zw2w1~hP$*tH{9@rTqq=DH&hR2Tl3jRir#I6l2b09H$1D~;-0vC4*8lwul$flo}k)s
zV=QqASYbsrT%T<t4#AZ5AZ@u9CS0mMDtK8j0%@da$7D^_frcCzh;O20e-$7Kr10tS
zG2TLP{It@(8eLcC=B=F6vB?*_^kb}1-%Y~6H#m_OL;5l8ac8@x5$2Lf*nUfs9+h(*
zh0CWT5=0PWe{j?@lU6V|ZTjwl->S=o7FP=qMvnrH8NDBbhHiG=O?BnGa%_12oL3$G
z6REB;ULKfZeY83IC<>DieP+{bRMJinw5dIE*IV57`+j<0`2>GO=9O1|a)%Z$L8@H5
zB-7I^GY>AxbpF_OVC`SS#DVQ>{?PcI8L$WFYBlE?mloXlK|^UrvhD2I9JcUHb*Z&c
z6jhf9FE3MAW^p=D`iz<fOy!2NSTL!ZJxPSLf>wdaDB-FgMm|zICI?xw8-kbmfP?V@
zAL17jA{FvLZrlek?6;%ZassFv{O71M>nXOTSB2_Xg=dTjTpqR91KR3qZ|ux*5f(2W
z+l{>XYLBw=LHjwNt#hE}SJbU1otibVMb<hV;2|KQUT^nqRhTZYr!KgiUpQ}9s=NH+
zbo7t)bIN}VR#O_=yIF@{BQKirePiiePxscg4N9B5f}I9B6d&A@rFc{eS(vu*-VOSB
z2<cJYS?see=4UtZd%jkafIh*C7$H|+OdUaGW%Mmq;6o0ELzN4pdL9AKtN;=*{O}%;
zKVp*Gy@L+!c?^oq?={YOH18b=xz8uY&zuXDJq~qSPeO<dddBC>SY|oS%x1Zdw0G+K
z2Xt`o3O}`Uqet{EN#xHtzBmEh@J8SK$oE5(=h;SZmwR=_52I?#2b|vX>Nq!(HaQ1f
z&eoJ2HMPS*d?B2WTp=XSwL^MdJ@lnueaN=44-=R>UrpF$^hQ_6x07{)gl+a`(L8V8
zP%*S^_8GDWG}Z^hc{9(qH`_kh9cL$Cpl<lJZB0u{d0R>LQ?eha9u5m><a!^eK7MC!
ze<22Eo2U?iO$ilgx3rx`eu_i;G`w}I6-yT#O_~T^J~@PrT#-InB^J7I)g!>Gv!8Dn
zA@TOKKaFz7t#ng@y!^-E_;+94211=>fKfhWL$gh>kA1ifMJd5pQ7x6UZTeYa8qjBn
z!wxh{Q>lgQOK-XI;pqhTc8lBnXJi>gaYH-UlQwYPZzK09Gfv0`ljRhWeZ6ficwo}n
zJpMpWdO2CI^p(7_pC(YH(2Ql!?@2f(^Uv7`%p5vWVjKp#alhZhh2$aXV%wy$m6K2i
zc;4WcA$O21m)5_ii8!(z%MKrNXIOmk%cgFg(`v4^f_JjUp22|)9YZ&XwA#{dwLf0H
zC>Yos{<@TW$s$W$edy1_l)S662$`uQ|Lo6Lyy=f;((DcG^mvIjhf@e|a_@9^R963M
z>nZVUN;*4%0xXuvf?O|ZNl?ggdF|$AROJd!)^@ihYqC&NH&W2yMmkgZTGLS2TXAxI
zAfe^~)@X^t1HLvL&ZQ1iy$xbrIlP~jt&ndjV!PCb{bj@ov^tZm%V&yh^PjI5IG}q6
zb?9D-pflDuw{fOMy0%5wDDZzzF*}p3-PB0$@$*{%%rSbdW7-Xl^$T>P_{hGf&-9PY
zkReuF^?HOM7Qx~-u0Vm-JaicGG^pPz1OfVOy#yB@064%##_P-cP1k~cG4Z{_@~1IP
zcODJ}J|86NKh2amQJ&LNY;j#FUCi41-W{0!C<5cDLMV(HCe=uiU*fFy$-HZ>12f+^
zY1yXXCPW7rSR#(le<pD08ISUq8M~Twx;k<qM4v@_WA|gmb-uINc3-G`1)l*L^}qnI
zuT2stBSJlA#B0Rq;zS1D&d+|7eu5le!x8+VTDS4hX5uX`M>QLvNK3f!)e7x!o%K7W
zlU=n-$2Ph*nosPiKl;|X4MJH~=3P~d@t^zY2GdD2o4DzQb{I*Z1vSM#w#XirPk8cX
zOu=L)j>|XHLE;5)GFpLu8#z{_J+$`rhpC^>CocFewn{fK-u^)4yV-hHB^6)^|8sk+
zCMXYWRs|OWbAkk*+oR5G#mg{4Q}sixj6@!r%wF%8GA%#q&SRIg8){1!$yh)vLlmUn
z9-dN1a*+g&$m+qQ_^czq$vGfRnr+pnUtj5cm~iMj-NSXTySp1{S3?VJW=25Aa;GYe
zU;>5(?jjeYb54~cQh?b;UrR|N08(DkxLI@ylR7;vM-Hm&-XFj}O%jha2rTohR;2Vg
zNlVVF=xjYcom?2!d1vT;Si`DUEG~NwX>QUG$CK(Tq=6kiAcs^ZaLjqzCYbHqaj}nL
z(0#+RzWPuD4Pi1HH|f~NuW`boeut~ITJCyhR3+n^+Jv}mFdvr2n6nA|xfO2Rz-vzo
zcRqLjPQ<PGg2Z*>#=Rkt0o&_$wE?57T}<-fk3N85uvUT52689emNgXn>f~}{yh_(T
zEx8EHSV&o_&A2ZTsa*$FYP%Ldrlv@6#k;2-E}f%bNjKgMKsc(KI#4!pznAd#0=Tic
z7@=!-&-Z>j7yMlDhxZga!aFt3;<=-5ZjLoTwH)-sa;n)p&o>v4{|ZeZgQ0nxPJh58
z>0)qY-V)Tm!DiHt%~A4V7yDC<Y;k(@09BDTgO_<>0v)0_F(u%GUJzH&U)6x%l_tB}
zWe7aeHR&WPw9~1+$*yn33v{<$D}r4MjIuYurL7C~Y`5L2aeQ*OWfpx~ko;%9yJZr$
zu24WVI8Fiiu6NUqEpCbo8gd<ghfbD*5+=IHJfMw*@wTcDA%ZqWD_>{H5+jMTlQK)`
zNBQ}J)hdKF>?T+!21Rrc1s2#fA>eUUPO;LL=t^wAtyQ4sP(K|Hs;e_I6FPsL*?Oei
z(6g`0gJS$K^qt;bv4daBnG0zSI3YiT5|8d4hs_lmFIc+PIojN+4KV>?=Wy*hmWg&L
zn(FS|o6x;N(>hZkm)q@$98;VcIv+-5qlFq>Xik&xs@VHmL*rzWtyK1(&KkZJ@Ou@{
zS{?(j_vn?LU8Y-I=*AC_JCHM!ytt*;;M#EqSSKxJR)WcfX9nA>fm|sfZWHmVk+&cM
z_d1sOGWU-5SV%D6S1>z>_t7{1PRtFmA+B?)mcccc<TbIC!Zb)w?)-g7(wgw@`PR64
zO3_6DUP3D6je&&W)H&@%uxWm{@4&f6mk8D*0srOmgF4po?OAoNw67d04%QEeU9PS>
zAY?cC%lnUomj_&IArFq5Z(4l*%s`{QpK7LZGPz;*5r9JXsqO_O|6Fos0n4Y98Ft3{
zCpPoo<KKhp08^<ncG+Rv`73PYR$Y#A$8a1&XdoY)A+)9D=`q21YohD?3FSQZCMCPJ
zJDvS{e>lDJog1msag2BKzHJk-1SWR<{kKF8s{*DKNOqwuK2Pc^_LzuJ_3lkqs)k6y
ztHq0ltRB8PyylR*&B=N-laqLKN!mlFpUzMH42{cmu@;L+1Y9AC=w|ZFy5=o7$VPy+
zQH`<b2gFGk(5WM(gdxT-P247yk#+98nH}U_nhxmLI4`E))_P>y03#~OM>D^|4*Y>I
zX;Zu@p>M_WFd0f|{&hHRDJkHIwhGsxYL~j}>tlWZO~UZsg6AM|`4WO)lSZjhi1zii
zJ(SYWsDS9c4^K!D(u7zb8?hGJuKR~E16!{q+m44n7tCJoesrXm-Ijetv1fDmTNwj*
zS@=f%$(tUY0z!Wl(LM}c?#+gO=i7S`!(o_tNCVJL>IF;+GUg8l6Brf7>dmBv(Bx$U
zXZ4{(Xqzs*X(#4GQ#hX_4{F&EGNS4#iJdRN`Szi<h~ah(v;Gy2&3qy;8RI5}VsnVi
zezHgelfAdDNMa`&?2%QSu(pX-OIE>^<vzR9e|YPvkh$BythzN@w_ilLLxbhQc<kQF
z|8hf(*)^SeC4k3~(aQ7EA%U5zH^!x{I(>^(QOO#g(c#Nef6p)D{+ZM`W~m3_U%PWR
zU3BtWe-@VXhx;HPce~L;RWp_1GmP70jBR|^{^GQxGr=*trT_Z0R{j?bo6Z1tY*L6m
ze{n|ZjDNZkDt3Rx_1RXvu5N9@({l5H1S_>w2|b(ki=trL$x)&^tH-GxGb+s!S4T~@
zhw02h%-Xrx5Sj-dPPn*oGqK&%)AQjm{0i@$b$g;~A#!W6>FtazMT_P@1YPs8If!#8
ze8lePbEDsd9aC9+`U4V5`UE(lI_(j(4~h?OozPR@&Kp%7qT|k_0{NZgC(WwCI_|@O
zPrk%(%#}3u-a7C@!nfs}@FaY1lgy=j-mi3Gf!Pj3+{H6e{K=!?I=y!SlRSB=UQi~I
zs@+loQctC22eH&YuB)H3SQLn2<8q&fyLbXL9AN-O?5V4;l5ebcIXQm2`;*?Lc0CQV
z_qim4?Tqk3)!Vs8W_>ZyYTslNtHslFPyOea75}2GfOIOZ#T7O|C4YMu_rNDWBGs!&
z^vJGj5a-*QN)Xj|5QpY`h4yMRNq48t>r0cvWMWUJS1qyOWm>I_3)v`-9RlK>Mm~4T
z43~dZGT-h>@T=-iK8koMCd*{mdGUy7c!)jN1qNZQqQV!@>mOiT;S6@x66AbrmC<UM
zqt!t={W=FexV~+<*Y+U%Ef>gQMWkbSs_BQm3R%tj<JiU`Ad$@Wx{rH_JAdpJ{C8+s
z99}J{*{jH2=J1p4#ozx@0u7k7>JW;&rmjErJ=?oP?af*w5Xtrtc6y34B9#}wjUxqe
zRExBp059sJ7sqJ>NQZoqLCW{?Xxrg^K1>2-z$+jnJ6e*Zyte*g{hxF$D$Dz+r3{u|
zIYNGWA^vL>F5brzH#!#excc1m3CD!3k;3@gz~OY#@PXL@pOgmmx+W6Qf2t}29T81r
z>qzV*|Nj1I7p36An2Nx?m8H0q=|yRja0;`gb0TU9a1+9k?6;u*vqkxn_!TC8!XOUz
zTCuJq;1APGL(2(r4Z(P~7eS=)_H5>;94%9s8cxv&Sj0R$&Tzjx;_a!J0}@!ku9UQ$
z6Ng@`;DF%AXco#C<ToSV!($CSUzl`3_thHTjM9Tzy?QMF#i(YC5O|NFDfje#VNr4|
zAL97a{6$##>qTHCB2<_9b29-DRPe<Ee~kJtC{m8vN&(8tpRb4tCW;I>c7Ik)de`9)
z82u)+N#n!ogxvx4%WBO=G6pw|m{=247d1IJpJZX;Uzi32)E*x-qFmJC?hy!9K^BNq
zdMVoHo4c6ZfU<!Nm?%eEq<Cnp6zP0e2G!1YknK>IdYD~izwr!g5(f?~{|j+V+!^&k
zdfKllu<6dT{49mbl)fiL%qy(K=nzc;XsN7Z%~Wu?g~1043_*k?rtS9Mve&-@HOLDP
z$3_ccIO>&)4W7^)`~aRgTVpwE>jR1KETw>%xLpD4|ASu(nm+sA$g0hx@S<vG{6bql
zGs^mtcyz(YdRu8-^!H8mrncQ2rmpC3_Pw2Na9aaBkO)w!`S_y3wD|(g2dR6MBCZ;2
zyavuoNPxl=pQ+#I{sK6m(M&xO0YvwN5DpzLSgh93`Tz?Uz-T$W1EAFVHLy9&)iD6B
zNFABLJL!Uekt~({eorH@a=RIH>I%T1=lSXd=1}kRU*p?1+x5qBIk3jL0Xwn`x$sBu
z+GfuLT#mkz@!N{)r?hPKc=TrnT`pcm0)=@`6jLO!`a+{eU9B)IM2Gthc=GY!*i>Wa
zWi8b&-mHQ&maa9{V;K1g7Ksk(m7}J+Ta{Atfh|Ek#(+a(Of)>&FmSsS0iOSL+@mtI
zruijiFNJN|U%S-5y%3&8bkE&^S=XHWI?jMefD?Ei6wK4#%q6UWJr+n_L}q&JJKvfj
z(7pg5QxYd0l718NS7o0h!l;blnGEXvjeIaL5&{($z3v*LoYx5DlZ9(y$_!(nSBjO^
z(~lku@G8cz*1mpyTr6_9ky7f?XWo)N2O>pZ6UiLIQr7yHH`(#8sY2NC_PF2LVpEE;
zg7P;qz2h^|r%&FzzNA7&RB;G;zl^weLOx}MwN;z6rl&>&?o<zU**%wis0fUI5i+`N
zrwD|79%xDlPvn7inZ<S-d9BOCp3<*bUmL7?q{0Rm4*bT}>l4m$Q52K93?YBpN32mn
z)sR$n0wQw3_o{h4AO)}wm>X)qA)4XrStUn_sG4Jv3u;`8ljsDB*Bk<n^-V%n(Qs$5
zU|K~`^<x^@kg;p>y<jZ^*I#s+2UH(}zfOWHKXCj#RB;-RVpt^-)Khn|0TGGb<9LAY
zr&tv0;%CR<2T>|CN=cZE&1b-gtSiO^MB;!W`QuB<!gC`YzhmDGOje6#WYc2y%hYxW
zv2H&h9vvey&Y>b07%A|Sg5a4W_EaU`o}vg-bkZ^EJ`}v`id;>^k5%Lo|861lCm}WP
z3U-fumOJ)SQ$XlXF#AjMClF0HJk~G}68tPR3dYq$PJ5O_`{|P!m+XRX=dxZTeel2|
zGba2n*Nnz#PjIAqT-WK>oh6+2KORCIDgJ6obPr(i8Tt}vW4UG++7!JY?@9g&hd4DT
z?Qy0`EU^EQ`y9ozR{H{1T6D_-2uqQ%$g*vWsEHuHGonCMM*FSl&LG)!i%EYL<IT?N
zdyrYDor_QTTo^^08%Zwql%;p#%`;bk`4-k_4)=pe#MPa-!gA7)-Yx~;(Vy|Wt@?n(
zt4;>zL%F5`6}W^!x&AKO1yv`>M}Ys(3sTBX8qtts0Ht#^QbjZzWCGMi@u<p(zwrUl
z7dA7wnmuIrELfkZ83!;Pu<rm~oTP~Bi7L`(mLDbfGmNQL<GC5PR3r)n?Wn$*YPlM4
z=g(#BCf~}f$WTLOM1T~qGu{Uesh4H8Dvh`$DNPv606rgiBVpy6K4DKHp;<?zSDnD5
z6xD;(j2&ONDXddp=V}!sXyj_h6J8d7euqB$$#)l|sulKk#l_+Q&N~C0LX>JBbCgGi
za9gf+Q6bS&)wA>MNfq#3>5Cf95;`Y*xKWNkAQB@3qwc{G93p1gW{%C?3cptz%~mM6
zkXGZ>77N=-5Jx}8kZO78r4;oV(|Rb!l?mxT4#K}Ndes8Nl?-uCS5yRZBfiUm9*S>b
z?mF;3%}4e?8vr~Lu^BvSdX`xDIfchc3xx^&>Ch^ZSZ}9tVut$0;FT6{l=$tH2VEjB
zB;0rbOWO>KsGdsa-t|En_Bz|vPO0@J`gE~fr2EYwgE`mxWWYyI=))v?qS_nH0nuB?
zA9nNt<*TBaKRoDFCO$N2=1q2Q@mML(2A`RiK)@jVs%+xie8=!~JMVKcmw7m(<8!pH
zO9(mNv+aE@$c)qv^(q4qQ~mPse$%q3BGndF3Qu+~lC=jQw2W#C-}?w|uYL!Gh;0vE
zk%BSoek@8%u<Ee*C0SDQ%lldksxr+U#E73UP+7H-;4_d3eoZ{;h!614NdRWAFWGR@
znoHJFanY0|A68ZEf~%Sr@#rb~SFtEITuyH~dIA~MMe)T5>{5V1&9%0ovHxtwS_x>D
zM2(5UWt@Jy&{)v>aGOZwasPvL)DNV3ZFF2555&0;eURu^LFn_u2Hp`6iY%8V!{&qQ
zQfbIR$)KvJAuzG!vnX&}e1@eU(vQ{4m^2CM6;!>>rRh}`m`@@mCkKa75Eqb79H-TM
zJ|2&o#{Q3z<&WB>xs72_y^jKu53sk^gLmgU9h8MGPh$<guM6!9b7JW9ms?LOjB<c!
z*7+AYtdR*~B*pPuI1Jlv_W{;dV23p9(*#NJ(X@d-4$PyO6FxrWL7gp?NFDa6z>Sj7
zdEEw|n(~5pcj1m@y3!%>C3+fJ?>9r%i?t_v<FgqBY6nvtV>0^<41OqHY*quh=cn6z
z!*(B^IG*6d%Gq{ll)rBFr6Zy@^sLEteC*Nreva4bXFp+RYf(Z980IwB$2WHI$eeS*
zS~99FT<`QW{W`}MY+^ghq{G)n1F)=YpA6K!56SH>!<y4O^k)e>_C8~uAE}xHVeX6k
zM{Vm1wGMrIuCpI`-$G_8(DB~GXAmGB+U0}vPZ_7QY9A_5>{ZaqOcWer*avi|{78Rl
z2F`$yS_i9&{2Y^H{AV%G`WVJ!lV}6YP=cQ6D6r{Ob9M)z$9xJ7ItCgtE0K){dcKnP
z{Z;I7*p<=_d}jEZTKW(iL-t&XZ9h~*)}?xs^Ehm2XufTEh%v<dzr`{(M=CdO^inMP
zuk~Bm8}c1eibh9dD2Rv?L$Xw^mQY}Gaf$g?O)keNRAv~2%&USQ@z4tA7nujqO>U^L
z+XkAE6xu;g4qf!nZLbgkP4M3N=6oA#Yh|>y0s$Wvw`K1&(97AmSW6%xReh%T-tu&i
zMJDGJp+Z{lTw{x2nxr@x+Dzdb6gmT`)onf5XSeN>0@I{GD56orG688(fBbqQWP7a0
z@D5H9TPKdcBWKk%bH+pGqj(Qotf|Y<>JMTbYNjk}5g}x^9Z_(l9f|_Zl5C{VmI-D9
z(k@;Dn%m<S=LIu0=U+@HCPXp5ER$*R7LV-AR28uhCAlR|Saz2JnNGq>+?FepA&T-D
zU?idKHQ|c-ncS(wRCbm|N3<r$O-~>(1vuO~m|BK@)lH&QQ6STiPNQUO6m;041@#~|
z$CDGBbm8}vZ61I2>wg}0|0<q+82rSC31uk<YwFZ;t+{<V-Ojh@YLxnsvc7N~LU1Qh
z*e6mk6=K=H)?dH1vA91MiqEiz@Wys&g<vB+jZMsUm`Xle_(NG7E&6*mjfv_-pP)+M
zDDt#3Ar1?eeQ27;>qyvAB9;U>4)z9;hEsbWE2G=&oZlk&7TlT6ADqz^AGJvCbccVV
z=zeC!uL|pFnwja1m`v7yHhofG=Z>mU$r-6|d6ByisEQv3A@An%9(Fup#>vzF0#>I3
z&TLEzIy1k7K@bt!D^S23jjD*DE$_V=NYD&|JQ<>?_9^>+jJ*X^Ra^HytaPY=bcZxZ
z2+}E_Qi34e(%s!43X+o24bt5qCEeZK-68d@bMI^1`u)E#9E=0PIs5Fh_Fi*7^9fK!
z6V3RPJ%q8G)I>wVb_fAm*%#O^a&QZru%0K<fp|}C=G+!IVT|z=CmM`8E>w$kc}%rN
zV76#oaxv*T1qY5Yiv)biWGtY%n5Zk?-@|>Ip#9Z=K6SqH$-lW;L*4?(cXS7XPNG`Z
z>493?=~QQX^aid5*x+wfF5j%m+CBYQ5pvB=V|>{0y&EHux3CyyA>P7~^Yq3c!FSer
zVk<&ABWPpKk#%)_9FeDKok9On&^T1I4i9cGswK(v<fTRW-65~Lz=hXPX7B~kQv>&j
z9>(!OfD%rre@L&(E(GCpg(}4JwDpsn&!Fc(M$zZoZVpBBzmS#|@bq+Gu@E{1S2%?4
zJwo<S-nVjWp%V1#M0o<!Q{R{|D5WJx<nJ#oH}Fn_G*=$X`?8bGM%dn8G#6t?^#%&H
znukRwr-vIqT8(7O4d$t^2TnmhkPd1fYooP_s|Ci0l)y)M<h%6e#u-YE+T%fSuD*cP
z*?>x(LIkhDxmK?dK$9Eg_s3?G-;&~C=|@>)sXG}};d)N3rYQ--p5V~y!K^y<)S$nC
z4PEDQ(zu`lRExSTzGzSt)(-C*zpWo{+}-8Nk<Y_RtGyI7J0gQs^njj@QT7RU<|O(r
zxsb3s6pG{ow9QD)SV$Em928bxT<BQk{b#iZEnhsG69!VBbCopLfsj1eGzl7SxCh}m
z3i(FeiQpjHD~q(#74{fynM*+k@unUFAc7XRwk&w2iQ=OYH`z_kwoDofrui{cf~-@8
zu&v>|oT>iS2MX3;4mWVoC`st$2zn<8`Pgrj39X%3c6pOe90$oah7ZuQ0Ql_~TjN0h
zs%pKyn8(dMUc`{C*$CZ3t``8xa?DF{h*($go$&ezWy?h>%Z>3k;Y=2RaQ@*>bUOiC
zl5hnW-9|v@fAF11^yfkYP?n=(Fen<-vN`gP%Up1Ea!E)Hh?zBOv-V5|Bilw}?c!HV
zxk=L}o)mf*PFEHM5c8|&DTX|Vlz;8L)(#5A6%dB149hS#pYi|+yJgWcY5V5-GJ-1T
z^;giFGSI~V%YZELvVqhWk5tsEIJH+BlrsUx!t1lBbhThe@DY^bQXu=AB4}My)f~Y=
z{FVC&cN-CNc?MR2N<!{Jr>il7y0?sq-K;!dX0f_>ciJghKft=X{9eU>6<-610{75A
zH1MYk0ja%TDYIY^HoYqOC`FJdI<f_3Cp^8~&P;^{c8ca>X#YfTh(^rRFCGwcl1a4%
zGd9=b=lfebTCIheWpvl<jTT8FE>54z9fhIre{YYF2jE!fv?AJlyyLPAh-#DG#rBOj
zDY<6ReJr8JDrKYWD|1;F<qYQ&aCiV^BaR-2S8O*PPpWT_B*-<xiYA#sr8b9qK(MU*
z=AP;H7jKVQp}^Q`%ca%@>6JkC&UVxzc}^Iyd>~fL{)QTaj6to51=A(Yi|+3YU}|8j
za=bV8f^T;mFhMqf?+a+~PvGAkH;BPH&Qe1^!{b<dmwexRCdg+vl4Vb;%%5+5@t(Yt
zv`rN<eLSixd}OrUE9p~K^I6r$`m-)al6k?GE&wr}&e=McbHB}F4w$!M;b`O~a&7b)
zq0KRw07e}Cpfr=7MVf4xX0q!JJ~Tl11+ZD<0|`ndv8w)gtS}G7e{9D*4<O*dJNtQu
zOG0zDHg+*04dm%#l37@+rD<3*`+oM>Z99f_!HF=Y1?%i^#4NtaBfV|KD^6`y@^n@+
zAD+kG8%NMr&9t9Y28Xr%0q8U=y*cH%nRs!HR!QfaaudJ-t?{rBiBLb5t*6RX;duUY
zClS?C$erwOjX3z0#|#Q(Bv8d5ti;mt869?l3$?VDY)Zq*YlEWu&$5FL99ZmHTwmhj
z3{MRa@X)02L}>q^a{uQO{r(e}7bJQXxDx*(Q+j@Rb%)txUY)hlLG-n&8v*~n9LAr2
z?a`oJw(Vz<Ng|a{n=i2T$<%}Z<&R$$7)KPCfW(LwD(Kw*kKGs46VG72Y+J_VJ|K2m
z=U8O;&zJdmsKRbgHcMC+eP}OU{-+@K=k?V15Fmz%tlfWX_Mcb{2RnNSr~H78#~(tH
zfBj1K*c0dGIoZxS2NUF=9lBwFihx8M>v1R$VezbfDs+ZGwju)V2#)8RI__kSlPQ&8
zGF$~<jp-VDsR~}_Ge<=sotmG=@RtXuWB^2e*3vBT<Aivwi#5<%#vPRy_C7wH;g|1#
z7U=^bkQH!MgmT#$>B~<4q__UBV)?Ux@qF>z!)%%e*U0XlR-V7LZ-2gcJ%A~L_o9nM
ze!S}6ilE=Vb<hEyhojDyiGO;v|6?hhCkU9#v3Fqo91;9Fp(G~1pSE{-Wa58W$pRSU
zA(WEJG_v_|0MzTIO3f^8qr#a$_{YaDAdDa|5XSrBL6%yknQ)Aj+F#y*??V{7-SK=z
z?u*Sc#+gbHzoA~ipH$BOtr&r0N-zR*xj+`)6ScDY>xc33&R17g!;x3ID2$K)^2C2R
z)j!UTZxc8*eoa)tLjV4e{P?{;{+RanJe;44_wNq`Fem|ljKSwf@JB$+-~aosXIy%s
z+4#TL?ay<c!UUPq?En9hBX|B!JN#qGG(N0!KFg=uYw|(10*L4svpv}>O~bmg<>}SO
zXy(3;Ax9{Hg8*6Sz>JFcJzg@lEg$1E#vL_8KKt6G7MWis_zu*Y(|xXAXVQ~eOtWuy
z=83_)0H=lKtx$9$fLq9=c2$clm*7l+9fUjDS0g!MF%2oBRO#cmDPi5dFsB<%^M?+q
zFq@-}3bV$;{rWRC{ERLmOo`m}WF2-t-*N&Bcr6}8{b+0QA0L8mB+T<5JeoOoeq}I;
z-m`QAuxx0u(0iDU8rREm2!07n9Eiwgh6E3nJJNMJWI}lyk)$Tj#JKHGb7`}I@ex6?
zUCP^)8KJM}F1aFo7d<Mr#PWO?kY(b40RxB}q5z&+F3BfaJ!;bT))D&k#!=y*fJ^Uv
zp^YSwM>6aN;#%A(#Z)G>iZQ=#J7lnTE6bJYO`?Gjk??AF!ebDR;i#z!8M1D$WWb98
zv32%6oPG_U)<TCIBT&uiKzug<_6s@2Dc#)Aq%YNuM|$rj{jwv@T)0(pt>DFoYl!96
znk^yK?_;PPZkv!%)5&v_ev~7}g%ZJH(qAha0s3yODyP-5F9_12{>TMj^#|6x8gG10
zqR}*1TiAY{*O&96r1N`wjHlk8;eB00n6#Q+a9wM-Mblcuvb<fUj^@;UpC%gr9AFbG
zc+Hbfjdf-wZ4cXs+sK{Ex2;C0?XP+iE6kWb`lO3P611%Lc6t4<8S{CLx=S*)mHjZe
z%crYtfnZiyXE0%)yxe4#9*_tlK$c7=fVy;!G9(8<Rw{@IPb|0oK5PiV-FZ%iW%KLV
zO%w}U5}bEA6(;@oZ^MD1ofr_l>ws}->(lAy0Pv9nKsP0J;3AT_Pn#e5i!Ned$u3W?
z!QgzhGvXG8<0EeYMG-}~l$a5mE*{wq>NyIz>^FL52VQTyy-a|B#HxE4*zZq{5F<4r
zZ5DiGFpLK?+Kyed8k^bqJFpWmPjhU$EtgtGZ1kHo%eAhZluS3TZ4Xk?oNgTbOcmj%
zXw+%x9hEEkO%zWAX3w>9=_Jw5MWCceJWsYp#SR`8I6OVVXE$r7v?dk}r+ys*)Od{8
z-E*Y7H1c-QUm-pV9Sd_PvE=S``V+O{?$;DK3I&mptF!OF>Q3Y5&L<SR-|{)mUP+pR
z%mOfkc&t=hYfxefByNTiW!9N#PtVE$!?g0y0woBSE^=$a!-1_b7+`Ci)4_dWK-Z?`
z_yuFowQn{t!Sz&0?ogx3N@>sXv_5dHAL3s@WP4lx6-dknp9amZYEHFW<G&5I?1Q+`
z^P%sXG}jH&IGpaV9;s=sp2hktU;*l99TnH!HwSf&V6Bd->FFVm_>$CzwN`T1bjrF4
zWB^&4h1MkSx0m$AN9HLnNXH#Da_kQRv-1sg2f?-!AE>WEz;Q*qn`NPu|CSm(0Mm<8
z(GJW3!*s=?I<sV{dQ=m~)}VSfWWww;Z{0-SCb*wE;*96Mv*{UsGX3*r586HRdL@zP
zxIQRu_!zXy@gl4kys6KFSWljBnZGorez(GIVX*U!iQnc*h_1!u*QMZV2E%g=Q~bZ(
zx6#{&iGIHEX^ge!zE(+-1Fc*x2`-B+kX{i|J~gg?eAc7r7Jr(EDHXIm;dKuhOJMKo
zS^e?etz5`4aE%j>$d-G`CIw{Dx?naHGgqO(uXb)E{WU=%mQM||;iSzU+%wG<AO$r#
zWxyCL6a8TF4zb&3a$tDaUk$=w!Xc>GW93qtlcz?*)VNnCBoprQNv!6h5+IadqqDiU
z_5!)|ro|6E%{-A$@X+b_{Eg8_J|TGzkqL7rUBJOkg)tI_reb*WXPM96KnoRBiNOWf
zxWgiX)KwrCDS4zVfRGLZs19AfzrWc9WF@f3?okYCgKQzphKCpz0G73yNlR5j$c>+$
zeE@}=h1C<=L0YnIc-afQ0wq3kynaaaDp!}swJ{Js*V(GVh~bq_aAvW@BTp(Hfm=7%
z<)xtbx)_F=Ra7C9t9O3D0uD_f9%a_O?`o!P<f|;X-Oiwr9*z&k4Fian$#u_EDK{HB
zl->s}Fwbtwcjh4QZ5r@A%dRXstHpad8)`V@HsU;^oGNVJ8O;CcQ-X#IDag#QoH5@I
zXpdm|;4)a0%4#zH60@~ZN~_zBU|rwCuL=%vr~bnwItDeBR01o~6+a|i>ky1&wp{Vg
z>UE!gIw^SlX2N;+a?hQF*zNdJIpH)xzh2Y3zK)P&p)vxH?|G&n=a5W1CEurB2XpkH
zVMnhmD6t(cm7tjyON;<vck5K$BoX`c+#3Zi2QzcU|8VXeE-gqbYRtD3;(As8qz|9x
z#Wn$i;07XhM_jnwj_($=0cL}fx@nEMd=}aDcUYb|3r0qb`Z!wMZC>J?z69PEdtDA@
zkBA6&mmIJr*nq`2>12f?`dEe*xBjkbDm{|4laF1`I>|4iEYv)N2C+=dMz6tA!xGfB
zl{d#2$1<Gn;F=HdIa=<1mZ-Kw4n#frRhE&2qK%uXCTTSm7>yWl72}N<f3D~|>+*!Y
zRD1NTNin|K)>iPrrDD=MD7}-IGUbe056^0W4<bTz(#HZtUOxR`Z*HdKFZ?#O!=l$4
zD%pBHZr}W3-D|SJ6Pkz`TNNst!uu<tFGVT9^9kWGM4Y>8lhz^Ky~%9xNa<IlPK7Td
z5Gr0#^#xt!DywUmqc%}zKA?MxpAqrepglBqRq2SQtDx5?dWMAy+yDJOengk*(rPb_
z=6I5pkm*upqWdU440Bt`GG4R!K+3o3I~={#ez`6O7i-mbK;koF=gtSwFdM-MrPfGW
zv*dZt6nHGYDi!vz&%A8!gG&g`z?o>0x+6~_eGKta!``mg8>dNq?p|>J8R;DnGdArD
z-^>2@fw2(O_Y*Jx%Q^`x8H3m^OgkRQDa}iq*||p-@quSOlcauNfnqex(NOlG;;gQ$
z_4`AyJliey_7}vi+nab|yYi1!Hh7IzvPWd{T^w;)R-Mc0Z7`p3&vxI%k_PjcYCbAJ
zfXn(wQ;Ar1DEGBKd)+gI;9{QBZki)@#}Zi=XV&D~5!6Q#>Y8es-83<ZHy$!qZHaE9
z`WUP4oo|BqufH%VIhZgpp?%E6q*Lg~9x+Y>RF}<Oj7TL^Ma2;|Mg&cl%C)75JH`Zx
z@|>_A6FOwwhMnCqd*e?yKYk;i4rH2zjA7ET^GRPS=Hu$~|7tFLCt>zg^nj?JwAu!_
zAf;_g$Lox7L01YsfQAi#GC%6h6tcU<jY|YIlGbKLdsp*$rUWWo31H04Bh!@t;gt?9
zL?}Q_6Gi}Yd%oK%mS|n9hgzQK>WwNrjY|C-Q&&lr=u2*ob0{HR2XjI1=?M3Ib*Hg>
z6ii%_^;QFEw!C`&hw@i?Of3~>91OedOzt7IqIf>MXFgfL!jO!F&5&y-8Tb?p#ylqx
zOx&MDa|i>JDsooibil@C;r_1uY*xB;dl*$gFB)=bV2{f}#sjk$b*BqmTdjA8`h5ul
z6-{88M5<Jxi>?a)C5qi#-IJ~+1jcMCH;r0Gai&sB9H89$gm<UING#alaxkw5*TB4E
z2n=12?$B>H%TerZxQ*oGoGh`W?w5}`QwLOVJbGAjkAao+GJviNTf^nGT3_Qe0Xh9y
z9q4J7t*+s=Fc5aXf&KNO(aRc0IGs>BqggT|8>1?$4W`NG-Qd}+SGr49YWCh|eOn^b
zZsY<a5*n5A+%B?**L7D`uN8<B>}Ip%#KmCva`s)a59IHcEjMyO^@@OVScXThqeX)l
zl~%b1KsI4ap@d1{$;;Na)W8QW=6()Qz<qxvfTWE%1DlyU-VHKG30gjvmw2f-#f+jP
zdu3x9_G&0N@ak+Y6Zz_rc-wOd>a$fUNqyd}#0(%o;*b8U-hJ6%lJ*<LNu@U{RnCR6
zL{KzeC{BcdnSz1!AP3ryz0{NH!yT;C>2DdF7321|0u$aM!a3WGWFx7e?h@OciSFM;
z)n@Nqo~kHRD7JgWCfn^y!TV_}(9VB*<@b=HmYPB)SJ7jOMFqz^cImz$efGpT3L7K+
z)SUaJq<<9k>nl$q@Hx1X^h8S!Q)}h&TptfrzjSDP4bSW`-}C_Mb)zV-;qa!;+2_Va
zZt3OJO2)E$M$&f6k*`vT+0;hEL9B&F>(unjUstq&8>$co!hH{58KpW}?UCJT1)1>T
z06=1W{y^FAs__zq6;32y_7IlVH_lLNqCmRnt%uL+ihQofvsw2!YR>HS>(;4D_5A57
zwU0#lbD&<dClWgqNUyLh(qpNMhQ?5po>%OM<c-}`zqvFQ>}GlCgM?|jwS%pWU;)YY
zJno-ObZ0qpRlJwSZrK-Sb)@GJ5ya9{mB^^UH>Nd;U9t)2w0E`NExHb(@PA3^tWFj3
zjAg&I9BB+1I^zpBw>Z(mlx=V8LYAJLyH|?yOqIfyeJlX$SAe%bDcQW}0(vwCuLq%)
zu2d<PcHD37FTz$(K%zW=M#*BHVm?{h@l?45U4ZAK9GyZoKC!}c9J^2o6bEsxdvc}g
z3(a4*MsaN}zn5(Z##Gsz7=>s{!7J*#3)NX}e~qHkoJ~pYM@Y5aH#uH(Tf+3rV=t1D
z0e<ln2^Jbu?iBG#FWXX!-xALo1%c6~cD<I57aBE|68G*Syp^eBG-&-uXv0&^2f;q;
zN$)7Ah2Xam#>&pm(kT@$=cfhpZx}3w%7p=%aHP4U3tpvp9G`YZ>xp2pr#GA^QiZcd
z%I$TZ95J`_16V3%atnf1qkiSBhM6c?O$u)g^{oK9a!^=(v3ytl`SL8v^?SC}x7bVd
zP7IoO$?8*(e!DT**1I8_d3^3}#@zfY#@n>vnh1w()cvgJ^5*WS=<Rf^p}%ukAnv2}
z^V}ww0P~pgY`Hu#={pPciQG~|w)|_N(TlUu*0Z~3Q_OSjj6&~SQq3;J@N{Llj;<We
zW+rzfEA#K_!@YgP`OPrzqoOpbIk?^8|8~3OgNZ{T?lu~3|Ac4EM9=I*L>YMNR>#||
zKF;<V2;w1yaP{_WGYJz&RM~k;h4<d}^}$<_k!pBmd=hC1)vtDvXFCer4X}gmH&t3;
zO|>G^(D*~}@=`exg=Q^Uh5kB)?<TgTg_FCd9j(2O(OL8wpf)76vverDE%V-2)Fe8d
zDn-R|#A1H}R3zh4C&0&m_0PxY^SU^CG?+FjGH>4Q7e<xlfjBM-Zi)^zFgMs=LM8z1
zDBNx5>CQRGgTu22z4L82Z@Whhu%W(vcDUMA@G<iG@-(Z4VOfw9L*5v3xWwx-O9+_J
zR;zx^Q!ne(t0|X$Rr_|@YhkENT)*u2B1NCkZ{5{A=(YM&!^z>1zSYOEpw;%R4-de7
zVq^`bRjB;@`~|V<K<W~5nOZjQIWkh7r&0!KC#qDNC$RBqcN>HnSLh;hL>?>-3u<PS
z+4m9As8yGK7@VbQ{Dx1SG8Vwr^rvMGxTSegi#O1^?5n_iZJwT~=I!-+J#oabQS!fR
zXvp0R0ooH-cgB8(QGrF)ekFnu<B_rgO6yKwa=#qzSOO}JVK0aKfOH~#CIYA<gB6(z
z8E~CsEjA5M28%7C<msFb{9SZ&wF}21xb2Aq_f1>s)&X%U2eGBhGl#RqiCVezvqU1B
z<g^+RDK!_&0c{dTQ<Kh)a+&U7n&@EG5|s?#Euf1hdmtLQ{W%$V5nxe9JW7b)X7JIm
zggAeaDFM9tyRvBbPN6KH@dpT+v)rOmSyy_Po=;3c?5|8^yExv|qNkVycsKiqp5&|Q
za6Vi2(3|glgq|LI9*l>Zwo^y>yw_o=DbK~{FvEl^3c2-7A3w0#T^Z#1G5)#2s=SNO
zZkKz!d7Vx!Mf65X2mk%sy40!{5r7v(E1#RTLt;K&sI|JspP~BwGSo%?H2x5fRoX%C
zDjr>|OK!K#ksZ=Bu8oh};5&P!IWSSD!tPkJI(1lKS#b&&nmJ@SHXC<fKU))^O|+Gy
zzKZ7pv9~&P6^|1722$H#KISFVIl)dHze8N25Nv`uY{l1wk&mp@7|m6ZozZThpw($T
z-e?t>u{OGRr~g8jqM!)1i38v$hPn2OJQiy2Dz1Td&HJqwM05At7eAn4;2I#X0Ie&f
zQ?y=`_I8rc>{pQtf)Cg|9X&^xfvws;M}M{)G?W@JW|TVekHz7!2tGP^K`aIcP-?a@
z(V9y&b~~ZUd$o^L*x+kngCtTj5y(!*s~3uPKN{7Zlru0iT|dBD1x2vITNy>e*;*fx
zdKgv85$1gBAVThJOBNHpa=`c;sAz5r!cEmh4Wj~9)rT|tXjTi0BBo!h(m!TjSq7uc
zVPe+(@B&yiX>$z_JcOFTU&y;X#H4L+xC`Cgw8^dKdDwWsvBh~7&)~v36Zm>8e<ls!
zG1Y~><*^k848A$xfXJxN0=e_-Gv8J0JZ3iQCz+9;C#bw>;)UtdGv-8K4{$!+j%3SI
z@z*HJE(URc8$%TZ0vCa`AdW0sw}*Z1USzi1Y&dAYw5ECVKIsSAlD5nq9h2;DWm}3O
z>R!A*!Dog2c(Tju^kwBG$O%ca&U}?$!JQ|=r#|gqWUEwQrd9_}iZ$LKs9}7)KYbRr
zWZ0jSyggkdy9b87Ps5HGYf0u}9VdW%mXl-aL#cV2IWZ`mj*DiyEY01Arq3p0)<C9&
zLaE>U?l(fdD``vv2leC430a8QRy>r(1HhK_abzotz@(FJpE4f_@oW7S?`qj_y2Iyo
zrfsuJi_hU}zcm~Iu^tE3aL3gRoZoC080@-xk3%NUR%0y7zx`wfc&<y56w^2faKE?I
zKG3vTTz4hn_(}D@`%qdzeHUlDk8BO=a+kO^&;?||Tu;|IE2w?ZYGf=%!l3b`(3%07
zFGZ7<6pCEgrbl0b?Go9|+owcC&g@Y8xg(WAzTq!4BDQ+?aGg0kT<eXOjWPx{;rH^5
zJ`bUNxzs>6;7&VuS2fUpR3TCGnK2()pWbi3yv>PxpZwwaTtTqQbdmMvj3DO&P;A3Q
z@>vY6i)y+$3|$2_eH<9NMmi&H2?h%SU(m5-!m`}QnQT|35}sqo)Y&1Zp@)E8(qgU*
z2`M(%RB_kY;dHqpUcB0FD<6wpD{E_;h39hpG9X%9ES1$d_(*$ds#w>b^^1m725wF~
zn1W}0qgf3cH`(>F_B~i~TokV|P$y_`MB1(PeW{^Ur$;u3z4Z%>F^5{XxKBWU2KvyT
zdqcl2F_IY6{pBD8bLtNY1JLwe%(X{hK6J#Mddsdl)U4yF&Ls>Mt$*liMy1z$-@2rA
z+{Gq3FG_Xi8xlRNP-s6!Z6yk<J>%hUer9ncRfc#}udJn{w-r@s6cm}&od3%iO?W~H
zxaq$1`&#+CBT08qHg0^a*NsI`T0>Y3WzLe%w>fgh0{Xc0eurwI?t){y`=I1!gY%yc
zNQ!|}m8v+AG${C2JM{Cn31Bp7-W2Q5IL=ne_y<6BVF&C@=tC_Mi?lLZN&E&4&mi;%
zs@QO+#{D@X`yJpHD5bnJrVp~ed`qpn0W&d;NFxol&GVP@r2q^<e=!x*zGB3`9Kg>b
z`SSr0I~W2Go#ATU{(A8r7=I|3yi8PSbBq3E+|Yn72&N$i_~Qx>o9BEB@U$Vk^Z)%r
zmHTa83UGf$;2k^k+n8$e%M;t6FvwAnQFuZ)13*i;404b^S-B8k{8rA~K|Bw=gTbrY
z84(7^Ru^eXw9YPGp8|g#hwxJ<`Q#;n3ea87VDfTg6t{^6Uj90apT`3T@v(PiDjhB1
zZoY3ZLKI`z6iUmlA6D9KMdqrNJb!g{v6i|W>H6#3{eGf<J{CwLL*<qUTxGt$3T&>5
zT`$=nAx_J~9butdl6WA>BNKx`RXD-zyWz%IMR4w1q2Oq~+S%vl?PfEG5H1;<JMT+i
zXHI$_k2O3fo~sIb0VFK`eD;5Pz=H;p;Go-gb#b&jM8x~X(1Ya$5M?V*|A)&tlQF#e
z!YZnGEHL10Jyb6Q@3@(jnbNW^7000k)w>(Qp7X}<;nE7puPf?DU;g{Yp91GeowW^^
zcR3jJZ>XEzwc+Z%y1mg5g@}59@s3dsI#AqP0IXwpkji$G6>Zo1{&_+}YaqTHslw&V
zWGJZ++?@S>i1PN-nmDJ+Ia35LiXUU_|7Dr$Nfptc9XK(RCaR4Ki0+@qQ?J@zKWcu{
zCcD5d8HY{nWVO=!7|=v1ftEO8yhvL-0EhXFr*vwoN+<}%mXccm#9XMY&=8mla7RSP
zpXaPB1}iKKV(t%Sq26?4)YiM(6R4N9I*Uk+=}L;QcQcq@9izo1sRb~nJ^AAA640zR
zPsvEGZg&qjw^|l#9-MbZbj2jF8a@fWz<FUHVJgzyBm0%zd^Q{?7bf0Tf2#uivo5{_
zOk<$DeCIUl&D#ARM#g`3z~HOz9nZGxZQQ3ur6yD5J;pvL7`)WMPG}KD+Vx|U5F{47
zhc!8Cfa`}?>2`ruIy?mG;z)FiA)Z(o!(_ZreKuEB=}0_^mWI<>hn?B|J73baM{$<u
z5(>F}e%zt*#$YIwJ%izFZZs{;wq{Z(&XZ;Q$FkKnG^R)1XLBVJ)oMj9RU`$%ev2}d
z(t=rPTZBL&;t=v=7oPfdB9j*;Qj!sqh8~9sB+z|7CK17YtV)eZ7d~dk{5(9GNy{bV
zi2<_NJ{-!8@)2`T%+t9@i1i$$wx{=ZijUYsMQ6aUENQ&R>mm?`Z~E!`T1P8!U}3)k
zOl8a4p;ZcZ2yhZJjUw1>O`O4RTFo-?+HHRxy;zCL8mxEap7|io5zD9Bsbe^iQiVYu
zqS5B_L>f+ORs;z<RE9!h#IZN#DNFnKd)Ldna-XV5mlI6KZ>o<f)k)wVY>(A~T^m8Q
zYJq3LdS`Nk#B~4Pmh|t-yGe-TeUbb=ij;`PsHcw<h=olz9MWrK+Y%Q+;Q}g1EF3!d
z+<WCxu?HP(#1QV((*&t9qY?5KL2*wk7hyPU)<cdrM^r%ZkSqeqMViMk>|tPo6AR0b
zT$#{MhyX;eP9T_oxc?oVjCq$4&>JRc3c4hr@L#=De|hUApmlJPBpAve`cMhvU$iD)
zTx2FLANBEvfg})7KLzzqGc|TyKzYFc4fkN!E@|CxqS)tD0aWyyuA8MnbigYAiTMpw
z*_&c(3$tVc4-w?=&!#HDuo5TP5ZGaU0%{r~OKRT5Xa^7i7XGQmeix5oiW&^-3ME*?
zlD8+U4RELAL2m2{K%l!I;*K`r%=OQ&5_o6=@!3CxXUTN7AfoHs-drE<R5ULGh-a)C
z5TvO<Lo>7lJS97;%Zzn_TixQ?8dcrb?InU@WB1<eiDJ7M<wmRk*^HMox}A}7UDW2E
ziFmDqX%+I*touUvylZb-w+>yh*C0C3n4loBaB5P>yk)gFmd;qdAQJG9*Q?&YMU__r
zk;t!+Ga_>2#lc+F)`YWIKkRJoR$vDC=Aez)^ANsRZ-?umtq{n#ixTivtvS|0@XYHd
zz)2Z!{hzZOj}uga8`K2rpEXvkM-<k+r|mAt^@KPI2fID|SBGb?K<;_IL@R-h<Qh$n
zrSb_bz~oi@JW-<`Tzj~gqg9PCX}?agSFiG7t6>K}91alDWpq)nJd-|qN?d7$lD`ZQ
zI2(Y+I@hAGPU>)z3k7-(;iLEW2x%e15?2#oWS=81FchFt1$d?H`D)xx3v6S{v#*MD
zKlzGeFgm#<Bc&3%e^)yCbd$SLajS5xllM9f#6Tg5Hg<w>CSa)1$AAp=XBXQgQo37_
zj~R4P!trTjGHgbqLYR_iOYC;1H)Kx7yARMQvlpR17A&>hhJfjeI6(O1NWGsh)*Tnq
zR+h&&h)bU~Ai;l30F6x+6oM}3!N{W+uJe!*0bD{2P_$=OsE#FKm{oi38WFtUkL?1#
zs#N4FGq7fq7XkO0y1ljlOC?)DL>SK$<Kgu?IR(WlouVKYSMn-jXAp??^A)+J)m;tp
zeO#XlMqQPSl@f)&zb&Fo7fUY6a8*<iyimxoGgT_lD`P-<oA^U-{IB~n_+dTSK7dm>
zsnFuY*)`~#;#?OWPZzf1n}=Is_JuH~(ki2h!+R+*jDH|&rgbt|0OaPa-A3;ZHZ{6O
zdU-097HBHM6@}EE+jH3Sk@Wh#s!r1xwsat`F=}_J09X$gx);7wVsfvq*7U|N|0>yy
zgODr!EEKr2)?iRjM=`p)J${h$h)!BvK<RFjuF!{jXo`4(Hvo?V&k8Ok3#Ceuh4d(m
z(c>qrEAbH+G&1XPjflnedqgvoqA@K`?E?7aw-saD1}nLd{T;f7%MmH!sLosg)>k3I
z`c<*$j_!00g?RNKi(YryC3ZkWFlHf``9wYODmGnue+SzP@L9`6D*vxN6M{s1ct#?l
zcsd?krE<<gFCqnUkpON*u=%j(lyDM@VJx?cAv_RBEo%3hkXvOQk-+r;*=d;{nTQvy
zMaXA%DWV>4AC%mWs1@m@exB&ucG6eU4Fb7MuvjG0SoiQx^OQH2JL9Jm=Uno&`K>7h
zI$&U-`F0P16KN$CEN3t1AVQYjv?{|w<=`Ty4&EbRYQRi|kCdR1O&{br1N?62TyGPn
z&=ye}Y_q{Qs3?na*Op^X33hpj^UAIh{IQuZFWv{pvQsYs@Vadl@_2fHlfrONCp%5-
zt?I0jACRT(eur-*_JYcBJ~P`qyg!E6I|MKyV}ENP!TPO~`{!en2mxu+W}%(Vn%2A~
zc(WN24mX_8DQeAAeDMg7?uj^U>q9C1<{h~_?j3A>ARa)FvAOkxc8cp%bQc(Sr^p!_
zXp0h#!BGx1rWf*t^8Gy+N5E(d1(|pFV|qg)-&DN6pXh89uXt7RgxDL6gi7&WOPsl0
zl!2%UxnsycvF#2;D<B1o5XLip7mXp$V)H&1vY5j{Lj>=(Pxjy$Ut)P2`xJ!cjmi5N
zncka;C~bj2_V+#NUmnkEq5HC$O~;}8ctIw2D3Sx-^)YOw*=l6FJ;_3McSqv11?~}1
zYu94J=)QlZv)~15)z#u{+4*s$>x4-^|4xO8PxmyW+62=U3oMpVZsTJPV52KIh#sTJ
z2`W&GmLfr3YBd>H<%#ZimKWa7xalg-_PUSk+^5R(luLnyA{Qe8Jzz{vZ6-%{g>yDw
zPS#dg6I0_S9DIn_fR2Aoq6HWionKrokQi2Ga-&O#44CC}$0;cXC;}^v1t`(~<vsnr
zRg=WQkfj&HTN_T6Dsf~ktCa!uoai3oWqbP9n}>kdlWxDKju)#31|WymXQ}Bj-;i3L
zXouMcM#~hgt`DZ?M4As5dgdyZ$&}-7;k1~8z143x|2kiX)zXawkVi%Uz136~U|XB-
zO*_Lo26ObKJn1U3<#G(&D$LXZn~cNDOMvnt+Vt(3K>sU{7LxAz;X(Ela2c&m;=^EF
zY7L4&!t6Az@^!&{jE9<|w_YJMVziRucD+26Ec9qlC!`uk7BE|ym5Sc_aE?h1zcm2n
znS&Kl#2Z?wDL!(wx_F~@bu=1_5emmVE-Vg(31@(zw^3zL0Pa*;kJ;U(IpWO~wVzj2
zwEbx@^J8}Mvwr;f;Ew0Zwbq^230MHt?D)i61BwxGkgmDB$pzk~*JlPpnM})c$4S2p
zi^lgZ{HZp6xO5q`rZMc7Qc5G$lK6nQ?3d#g09>f0_;2ae0<FHtwgu(eRI+S=h#9&_
zDcaN!JYJ);du*dTAsDUqr-8NrBJv$tI-7OY(B8U7_(b?}Somm!yx*vU$hjgAElu&}
z>LT5&&gqHvcN+*NNjd-Cjh=6*@f77tPAPa_{j|3g2}seUz!xPF+&d)ll1FpZ^U~)R
z^PMYp8;22I2H`#uc(JhwSU+9EFe-!3<7}bPc`}WS`WeML%NN!Z)a>>q9|O(zLuPgO
z61|@6{1Ya26}ZQ>uQLMZl}n}J?yVQxH+y0>n^c<me|JwIfDPEfwA*?0Xi&f=3pvUZ
zkaT23KFVbX>zF~H6nixqnY574%--xt)qp?+vc{EWiof}xuX!@;fu<EO0>T}h(}b{s
z;D%TxeL?P1us1`J!+0YtBT>3;fOq}!b~H<9D|JKMNB_c7G-ahqQ*O{)l0Om4y^U5B
zM%$rc%}5TUs=WaGln5|I6a_VokO|ZnTz*mJGe2m|w~xC2B%t{+-Ie0^G>NhHcRfQ%
z=ySMPv<CLlwpmC~`F}9TelCWe4;%;}yi0=N39270WP>)9CMH*}=Q!)ysM>(HHm!5q
zaHZ70-8%Ox5n;@&4l7@@-u&O4;h&fAGYY^t{Nk(l`_=m&kI5JTj6k+mwb1_mxcb50
zle~c{5_;VDuLp>Lpjv-bVWRl;6+;~VUde1Ig%pE`KW3D$-_2SH+XU*5_xwlCEX)Sj
ze8S}{O$UEp4h`sHcRnV7;=GHlpmvi5>P0ZoYgiedj}fk;l=wf#m5_7l*$$z{l1<?*
zIQ;#{=MgCYAv6G&<-+FFpf4)&86P15{$C}r#K35v?FGriZ&S0sAIgvJ9uUI;_3**w
z_8;)a-(Tymr`1K+qmzi(Q-|fBTi)M)vd@7a4aO2*N~C^_SO5ElvX2HnBo~;_p8q<=
zUq5eHB0;^hwCUvg+d6R(Zvd+82Shw1;0g){1S9yVb3m&j2T`~WSu)ILFS&pnL3sq5
z>7?f6v0N+A60Zzrg&i*XD^UPK18{+<)$943yra_-DOoXcmHnbpjqM*hd~nR22;Sfr
zj>})?+SB6Uc%`Lxu0{pl_@oaqcBF#3>(g-;Jz;Yw>BZqM>S_R<WB^q^qFu4=RxKUS
z?}mXA8BT?g9yjrH9Yk>PQ3<_&a9_O4B0{aqD%}Pm4SwnlPfAnz%-Cf$VB?AL>OBwz
zRrBWLXlM~0g`nRw749U>=qZ2lAQkJ!?!VD^eI+3LUI~3~?LS?U{#Zw-2ytAtVnBhE
zNdd&llvJ<cP!(k%{lbt;ngs5%9bbK57^y;ez3;u;m8gM)L5+F<H_;?SRjAqMQe}G-
zd5%jF5<w=S9y(r>IDHFuymgeGg2TQ5?=M^-eI<~zEQssEWw)DR_-oq!zgvQ5`>Xkm
zYYlZBeij1aU)M(^+LzZ$j~n5OozEDuPI|cqOBBq(XXdNY@xdAaTNxVeIO+x(jxX-P
zcy=Em<Yr%hl3APy_Cmfrs%%ySf1*lb<Q^k<F(PVbX};3p*Sfm|Kkqnyu4zD+M%B{o
z^Axa$AHYY~|1~-xL?mhTs{ywotjpfM>&vqf9J3OLh8{pJpTIR)!+xR|#N2CZJSO%&
z0G9&r&8js(?58Nu&IPRj&<Bz=QDuLdu-p};0dBevb>bkQB|B5)9aTqbX%Gf3h~4Pn
zhlu}yi^L4Sh2~ds)=^<4^=>j6*$gC^IijR1FdAF|5|5_`a_Zr=jz=2~At+{362vcp
z30~X31!a9dtb@uK7)!<|)Cwa8KGq%@%U61|!J-2Y;6du!kX4|f7nvwC&Wz);RetiB
z3m9%b#gaxW%Yr1FME1n4fRu#(Bl%nhO9=30!cJ6y&7d06lkv&~ooaO?l!C(T>RhmM
zXR=HjZ2oiyi60p!Kz|E*a+r<^cz`8*n#nM6)5i5tWS5>?AXx6x5YX=T*a0J-W%t|5
z#Bhe|7-Q90rXp8O<Zsgq*7f;#$V|g(B~E3K5KYe1zVV_Zgi0_{Q-4SycHH2={9du>
ztylt&W7$Oi>fScKX~wJgR@)v@l(FW-)`xkOT00oW-kkhrs$`z{&jJQ$06!uM$Sn{m
z0fDqH8Z+Ou(#*PIT~H_?*CDqF-qJO9M5>ZYm*Vd?6bBd>vfS;C1m1?3#z#1GH9xl`
zlDmm$g`EWY-awJ^t^N|elZcu=w-|o6hs<A70&s>S0Z0u&N^BKfFHeSi&Olt|%Q-$*
zuX|-Lf~C^scP3-lfK%>8XSgJA47f7JAmgpJkFwjD6bDF)E--Hx{CcaPYzA?llVa4C
zdsFv3kYr~;6AbkR%Z#x-RjRh0PuzhWjH|Mykj?0}I^D)K1e($9nUWW3{UG07^k{3$
zoFtyh9+-;dDbw(NJ%47mGrJ^%>dCo!BH9)-Sg7?#mw1{7oE0i!*Yo6ZSay30`>`@(
z_AJ?oeBf^KT$$CJ66CCe>L)lpzih3fl!(JIx%U}7S?8f{mrbn!@)IE8p#ihnU3&;|
zvHNrK5jTKg%4>AD*m|sQzXPl|4LG$xs9s8?7Rhuqg5K}5=W%(?jmIh>fG7XWc^Iu{
zt=6JZ_qIUR2R9Pqz(W*ZDU*$q?;{8eU;TDFfaPf1TzwXBxXMnw52Z0i94pF!tm#<<
zZ*mW@ZQNjnt+C<ptn*-sh`7Qb6w6qn2Fepx!eLhGm)!Q7<Qxj8Jerr+pNpO|<0NT%
zSrxcm+BpSTNU8%&Tp=N6foZ!z48F*L$1iYdDdEGh((1I{R`=~uWy#-RYJp`kR2HlI
zA5wqa_rSCe_Aa$kQoHBi0`Src;jOXHNy!97V(X$_j>!{w+7-GtA&m9ssy9#k*HK|=
zZx1pP1K(=K=c;@aJaWI<cp+z}b>Ide6FxATE;QH^9q@*NhQI$txAky^PG>2j=di0_
zNEJ&U(fzcFfZOSfTRfW@@Dh02S|k!7DlIIS{7~L9aqaaG8wPJd-A#2bp)0*=siI~b
z^u^*)-wKHLevWqPzk17L7%CtLo&Lfilv}|}ss61`kp1=h!0eV7;DLj6JEWK^Ffi0Z
z-I~-tS+AWLfOqX`Az3we%hdUqLOiOYe1|*j?KiO}T1^hPyiVZ~*DDGTH-gtDPhb0t
z+iCk?5_vYktWg6C*X;9VJ`CPns0t716fn1JjwsXVcso-7tQyROV!r0c;Mh}2C8T{M
z3P2odU!)Kp`IwtoMMOGQprIfl1;*7U%4*vAb%^NhOry#*P2)rE-%tp7407{%=uDIP
z|KYeI@CKp@dBf*S!2RpC4<mGkp<1&D+8EI#13w4uWl2WQu<fL5>&$13q=;tVS;LAF
zNi6-aK?V_v$uNK}-&((~6ST0b{PY?YQ?NPlimf|JKulnJ&j1;Vw$P~YoCFMaF%-)L
zuozU6rV3rE`m8tm_>E6S^QH_EIXsZLE3Lfc(7u1bL|ZIxsD?4?WYVuBLVgtkA}c#-
z6{$g~{OSoVwxd5bJhiZ<DC|X#B2uF+;dJ8)n3z{)sBQqAsWi5g1-wF*m9AugUhYdU
zlh#$u{T2xjCu2MeSrl2ZNZRx`EQa%7UiuO-9Bd~;Xti4(*4zD{oi-ZTG!IK%h2&=<
zo+I)fF=)Eux;lUmb7itDr`YL)wrt%IL{8a$#RkDiwnwL@Q%{?x(%&ry-FHlY*`4z0
zI(n1vk2K!>N(A9?a2?=rT>cKqASB$u+KNA{u_T70c}-@}jgdymfCR(PTE97_Fj|0;
zeO~E!6uIhrIg;v(vUHP|SNryR)8Z9GIFA&y^!zRiV42v2WS}O(F?4B0phK2y^4x>0
znx~5ID!UH&gNz6F7v>Q8UU@#F=THLheRbg_7`qTrLs3A?igZAi`ow&e$5unWK;1Pp
z>E*tFlD?NLDQKK2duU~rDHPC3kv+NVKF~<NYV^_vc7&}W>Qt$y+;oMM-}Tz16)H%3
z=H#gFar;KY*gKpr_k>+~#$fkqgzyK$tI`3`&?@BW8Rg9|<5!qUs(Yc0|Cn$%G$Dc_
z^PR?>xIbKwghip0w1qpgtouLtdt~Oc%PJeB))%q~ynd)$^&&oz-ti-e+S}K}NP(Xo
zy?_;MyGzeuHd{+Gk}dz*7&*Kno+=n<_oeXM_ivzAgv333S^+(E88C+j#`zTE5}!H;
zDd#5bj?gI(8!UFNbY-UrKEHQ_0wo?J?DuekZ`#T6;hE!ie7aBgw^ym7WQBNEVsVw0
zC;I^97N^l3SPWNejcE-tnW+{5Sr?=h_Ha?!5ZMDxP{`{?FRDMfUx~iRk|~S1;?OO2
z;kNnG@NMcCmt~~0O|IRP3LtrAG>adl-rZ9y=AfXLh&!pBC@^Z}18kFtN-b{!rUPe-
zctyV1?m1cFu>x3LjWG!V5(rQ~Fawg%Vg0tWj}oQgm3J@a#+reQXi{e;fd|t~oXR-e
zJFmivgI|kg&$NdAXQA|?@~x+wzi=<B-}Tw~eGbVZ4}}}B#jLo^bF^Ku*s-a*6Z4d-
zJ~B^P6fm1@+&2a(1X~GMr0*W|@w0oSIdi=PvKPpn0L=2}0sM%m_@P#fr2%%VNd);@
zfs?I5nKq@{{al{T$j6z6zJxH4>L#3CN$gCaKskM?zaAnxh?V3?0c_1L&TRS@V7#!o
z03me=G<x;sYMwm?{Qnv;mnEwn&;Vd{C*BG;GF@*UF_N3tUkw6&)`U5R?(FG-fHu*?
zCg41tJAN4a+RcZ&FuM~-0;&h5fI-P{mdaSV!=c?x@2TZ3n6WL3L6uY;tyTvuOfrI-
zC!RZ%dA-Z#W?uwuWf+4g*NjSqooUFpw6$KJ9pmPSrQ8xFN|9r+?Wy{Nck9Ao@IP?n
zPw@i%V}y?`4LJFJt6e-T(7u2S>Cr8qB#&m>QLv3J2PL<m+2VjeaqW4E8Cn4>7H^>{
zWIDsz<3<5=R-j;~@yB8a2O~wlOou1FT1SnSds#Voz_zn%P`9hpDW=pAW_J?A-1KaY
zJb8O=LD&pR{<IfoyUH2B0<OBpaB)-s<Wpqm>i5Ke6!HfHrTz7rqdA!()wnC&V1ByX
z-{^ffW8eH{0*0a`RxW$}9GFRDb-o9iC-SN3J)*PIWF9XGW_fO$E&W8d?2j}mW_z=B
zhXWsokubDBNK7Yy#5W`P?6t%S5triojA1U%ql;%1w;P_p(|d(g0Qm_^02xgFCaP4s
zn88uSO59YGx|@>ro(FgM3y!b8W6Kzor`{{_v7>pcK@U|CUVUa#uP0)C=^p{edSy&_
z-*=>yD$L@mBe(jK>w@|wUMZgD`8>$Aole(YW7rk-vMSN*4KZ@NrJ*FIZh`sjO#jh&
z`jSJMBXTOQ=3n)pXCZ2#Sse%%o?x4<^$>lIj=fs5@MyW|oBtr7dTCqAz6Q7!xkWnc
z4^LdsE0O}=Um?mHrq^8X3?AH<2BW3Xw7f=jM?ogcSgZ-l#g-kXhQUNKD?Ocqw>fUv
z^N>_|EYq?2x`x2X5YoAI9HTL(w#typHflUQF#x}mNf<4)=G0_;9aCImHJudZvftDx
z?_urZ#3HZkL$?K`h<=s*UVg3q+l})JITqwo77DXk2j#EE3M^-x5hJF!-_1aziE_P8
zZ=BN6%-19vYK>$sfQ1W46IuG8rnZUk4DBZH)&vfwl%31v&~`;Wj^J~>6w7{-W%7wc
zg?sih^UWo$8DaSZ&zr)d(y9F?S?a0pd5(^UWag+FQ5C2;K*C_C-h$Ih{ps&Yh^9B?
zan{KG42sB&>1y%z#$83)g3-w)Wkzm;`L6JFvq={3kQ;kq*%03z3e1a{b&nTSqbPVm
zdS4KiQZaueNRQ2n&>W?Fh65W^)6_=mWg;s-AUhHec4&Y|&T{4nP`2|@+0qYoG=BjU
zP~#C>n9MM*QjcIb+5h-tJq=zq@apxE@^z*xD7mf69v-8&|3Tb#OX$SsZy!f3SpzMO
z*SGU8WPgy9bO1@oMYFxITkz(HR59ZU_{~|3v}k&!OISdSX<-MxMMNTKLAJs^2J=B&
z$K9$mazQVc-3g}vHzuq?pRIyIq;P1+XrAU%+==;2H3jIa`pajuFFCp<ToseAj5iyq
zJHk{!;aX*QD2vyXxgRhh8=ElL)C@DWS7oh#{{zNik1Fp8{^S+!$lW<bW^K5xd$tyY
zaeS`I5rLM_+O$;_wxB~uy>et5-)gCIF=%@w5>zwN3u363ll)X*{D~AVE9pF+8OL6r
zQCVCZ&J}B2b5&W)+8^{Mt<xyyR{GsN{pyPn@`u3n2euO;Kn{V*$a$Fwu>L5;1Q5VQ
zfC%V9wG<F&?(mPs=m?!KoVS<LIuRz}4V3(b_k~LOgK*x$RZ9gZ-mCzQ-*}~e0197(
zJUSD;Sm$%d{CSCq158NVYYG7sBK}7Q&uB~QR4Anz9ENiy3Sz)LLfdFvQrZGIkpFr`
zdQt^8xc4?CmPT9G|K+m=yN@P<^gwghU$G~U&IREwWhV*-0c*6s{omido%aJ3Xdk-k
zcTUH@zUV(ODBu$Sc{^@!oNoWmU!{r>*rswijpKowOJR=&(5C9{#&H&#&2R~7t^wMR
zkulJJKCQnk5j|L>NIQ%*7fTWLBkM=b;kyUrer+v9xmQc?@BWpPTWT(}WNgofohC8x
z@kN5WSf`%j^UY;(a$v}R!c?sv`}Y&_V@D>Rmj!6uIR+I3?{knrxJPtV7I1On3>lhc
zfzT>2E`y}wB@gif?>0!MDW9uK3cM*I&iKy-z<lpEEy?frXuJBn_E^RC_2!EED?CgI
za-W>ms9{8Cq7Rw*vk{M}%sZ#O$I_Z>g$9B7|6q;k;Y)t12O<A)&gVNQQJd%5!vZ}@
z{y?Ml5Ft*H5NCYICRS=T^IRrf4D;;@i+*o=f3gtB({u}~zpjVOIeiopqSYU^<2^EH
z6iVjrJWae+*p%X>sFH0B>zjMYu<`I4;^h0OfyAi2_Du1<u7r}?&X$-giWi3tW)u!M
zBR?%>x%s750*Q4tu}2f4rYg+EfppP3?dWey;>Wi{n0H&Z9p9u)pdel)*45kz%Qk}M
zxETx#r-wR3BO?t=V)ccBLr9?}OSYkbL-6`SO$+2qNiV;oQIkRq&diXKX3@`39K@f|
z+t+fNbniY;x#~OW?vBS_OSp_(=(U=2p7j=p!|oT5D#<7i-Qlub27X4!?ER_mxs4=h
z3KavUWe>!TkqweECkw9!TaK4;4_wMEpm`^s-G|$#t`0QIv6V&@xN{fg?_Ycap^mrx
z0uzx;pWX3Pq}gvevNi3`5cF0c8>t6<Qpd7r*m9Hxm9UXBn-!vPp?+WU+;*8@tex(Y
zO4<Y0!`Kz7l@Dc^x{@{1_2w-xMd}S3bxUSnSo*FvcSll(j<+rSnFH@YA&_|d{-sC|
z#IqJH$R^!KAVJ-NwFw}SoWYt92qsDb$7!HeR0o`Qdxl!T%I^d>+vUTRt^`L*!<4P=
zR5n``9cW&s-0Hjx_n`x~MQz|J`;lI;PyiVHVXZyryH*Rd4$N%)+v|aEJrZHoCzhyQ
zW((f&Jg2h&lHe@q`nc{G-nPtPQ!UYT9KMkR2URRaC0YQ$ARCWJN5%6PIz<QIkox#z
ze4<KlAR9g*s}a~LP~Smx%rle)QFDPnI;@PxZUi)|ufhS*<9WIAt=XD(UjjOIfw(|l
zd~t>LEUIip;Dp2TdKE_*d7@gKsk8QLnzWTixXUXkXVatVgw0g;duk8IpC;-^M6Z{x
zkoJJd%X^oZf<(eSinJB30=3K2Pyo^OW6d30&?)4G0F<Z`;K9q$`U#&HozAM3E|13^
zL^7z+0={s>!s=XeYH*~VMcJ!8!n60iJZCwtYKZ^yGa#`vF@Q0JEQ+@!4a0NpQ88sk
zBAorHZC|v{4b+s^=<ee`-z>cS%%=u&D%GFpbW;cOo_;15!{FIRby)TdAmW{bGoHSi
z&VTcnA&OBglB<swd({oNS^}m_cmzCAJN~NEC#5gm<H2~GG9NJ+8GuKluLLIAq~7uS
zp~1p)UQ#%x*=RT6?+kosx%DFMY8bA$+%BTuc_JvrpAa^`*c#;0V2ouRFYcc;@X!SH
zf5Nv{ebHX9x5zPNhEt;@Jd~6WCxeT_m9WM+H!9IkV82OuUfLH@KL$qlk-(Eke6{;7
z-$<j_KbM1m3nodRip#YQCj$)XeyoRjZh=hI$GOd+>e3g_bh^N&V3M@9?1x_LGEqF0
zJyB^Gb{|fy8e>@Ho068m?G414Va@bQ0r1I&pvu#q)P;b84irF6{-+ingPs^iZRCaW
z_n6iU67kM@5&;>$#Ml9Ya@6RC@qoZ|0Xn4<5hksCcqj$&Y3-QqCZVi|Y*J4ww?g*k
zBrT9X@wW8w0`9xxy53m!0z?^Cx+-gyNErt=`WJt{fIZJ2&sQYyIt^HYijQsXYlc@x
z2x;A$yziAf@?}PG*l|PqPidy>%V5G8FxP^8pat%D`XX<S7YQL@G7ucx7n(?sUU+u6
zk;yBhgm=3AIF`K&lys&{tIa6<;eKJ1Vi!o5Jop=jc`D`OXLJ%y`4Smtecl;ktw3Pd
zIbprF4A@+efOrs{fErDqadTB{IP@G?()vMccCi4@E_$~|$7wn|9GD5bWU#)=t5R-~
zP;I+7?+FdqPRh)jd1=edDB{5Am#52CH4#*D3INpDjLvL~55#91PvFUviVwZ7r|h2}
zI|_q+$oE;HSf{G5cW4ex64!pZc2ndEuv4clUOP_ipXt(^n0%bd?jJT?z*KAFj#tUr
zrdbZ03kE@P@1lsA@;{&uKWV%2h0M`k;pSu}I8BbGe$CnnaGW0ynDSqlb>2G}-kUW8
zgr?$|fU4BGHd?uSg50(!w+9drB|24*cz#?}nnBT9tB!zgrM6r0Dq{=HA9l`CJT@#L
zxCFNpv{kG`eDxdw=M5D~Y#&4mli>Q{cxGT$vs%(}$k-S#&rUDX6LrBBZsL4w4MKYB
z(m+CF_8Z6T^7+A8UT5G<_cV0Kg&2^cHaOpdRg4lvOED=cai-9e8%rxkD>Y@q&uzCI
z4n%4I{6-ls=jNR^G0#z%GvDb*n*)vITx+UsC(I?EGp#n%zuf7eq1+Hp*L~We)LjNv
zFWrH+=rRZlDz;dF8n9$o6e^^$7%}RoJ=F5zwVX$mL`SPchXNVP6^&@_BY8BLrM>Op
zb8fLFpcvWAUfUXtAQgK5vchaH_Kq{0$_x-Z?_4O%*|-+?$B&(L6)f*m%$5#`cZ-<0
z4ria_y3FQ8xlB|P5HhZU&AJ$bUOV;<1MhWa!-144o2Msiz|_qwQ_5Z9w)qri(0>!p
zqd$e$<G8j!WXkGl+!B}5DBQI`3P22zk&ji{&kw$i`)}4cyK6<=CuWm4KIow0-Qj~!
z7I!Agi%z&sj0;ok6Zt|(1fir{(c(F*Zen!AoiC;0S)NNNp7@joji%dvuaSsllPg`5
zo2l;WdWZORGC{@ZivNn~Sv^x?SjKjZ)kU$5`>pFn|AM69KykXMSBV-(Y|$A^6Fsd-
zP7KUI+8&{6SB54IG)uoHVG3mu^I)er*l9f6wAWr|db}tl*t{Osz`dd^0QYgC%T-aH
zl(+cz83e%pt|z?8yZ>;rSLpjL&!vg!rK3W@YazYf&kI^cfWUBn|9I;xA~O(AfRNiR
z?*4ilzq`88@D~QW{hHgGONb5I>E}#|iy5~Hq3`NaEORfe?bGHM^?7J^vW^AM&hmU>
z44Ga8D?op^hIe@c#sU#rV+B)t72g?H-E#~q>-*5DBqQO8UHW^M5dUR`h(o!FE}dS7
z?Cmi3C4OyCKgWOS6p+h$H<Y~_Hmg#Z?LH3q_kMxk$kd$Cal@UJrEdS6w&yiy0wiWg
zs%+SoW$@`iRjJrTiEbGgydePPZ?+bQ8O)v=yWY73%d-pM%F7*8iKQUzWi=c~OD7EP
zA9IL!^E)xS0M^lAFE?TQL`5B#3bn%6)c=3XeP>)#S+}<!f~W|Jf`Swqh%}X6f`B45
zpr9fkMUmd5LqZi5M5Xr<I!JG!H&JO)L#P1)ij)vS1VWJh?#wfmJM-N8`Ta6KoEekD
zIs5Fr*7~=qIroO@A_xx<d<$TNj6dfWH}C)&XlXuq2|ZkSBS0ONwg-TQi0zHTL6x2x
z!O{Jtro8cT-U)y@(HEOH-7W3AQ=yx!nJC2etuI}nzI570oT@g9yqfz+uCsKyH6i4l
zL;y!Q_Tg3EW<|Yf%hG`&Lj#|bYb~oaZ?<u~s^;1)xNAGf2r1{7D1Kc{QF)}#$6E$k
z>q}fCy*C{C`Z#6S<~_f>fRW4NcH54`KdM9-85q_zS_E9|>AA7Bw77*Aj)zzj6&O}w
z$+tI`+qk}M5d+(Q82ePXR$8JIkySmw<;V6OTVK9$QzHc(Fz-pQLyuccSpX=`%~NI4
zhVXXQ@K(Zds_6V+`CQJBM(8?_LdRjX^PhZARcO9HOpM)?=_8Ky@|?;w!`9a{4}D?y
zXQ2hkD_xrH<BOv;&VkVN4EG&rCFec(BuBnGdf@<T1KcB`=5{qY^Oh4UR2cawGk&=-
zC~K8e<Sb~>lT?~(PWn2f85v^<tWkKNoxaoBAkb*o=v#kX#M-$Cqa>$bBguZ5x2{u8
zcFG=Rs}cc90W$ic@252at2jErqVS=&)X&dQ-oN8^8}Jd<GCv2aWWmm2$e8Mr-%z9n
z2cQ^1NY1T_`Zcml<(v{Qs!=RlXo)o{<C{Ltqj3pDLq^s14p$IR&W?A3X<bO$<9V(&
z`1B?!w!Z!{x3{XNSzkn4bbT!4MJ6L8L&tsL))K^t=YPH2*xddyGk%%fH)tJoxXDRD
z{ef(LG;q@>H>-l&BQH%b7tli!#bW*Z_Nm5S%OVVB93Hl=h3EhhnU(iCanfRP(m|W(
znKM^@*dAh4a#Ov0wi_DUlxjNY;$2}qRF<nR21%@YPMQGye61T7K$)*7bXY7dR6w8R
z-cD1j?6DrS8S(6Ks3Xr>k5wi^@op>MRBP;E^YisBJn|>Qul3MeSaUcAG`TKGnO;26
zUy7S(54a?4P?9m)IP<OHELL@DaRbf?U&EgLSvLQtjQONQ)%38mf0=_6;?OYlj&=VH
zwHoJd?blZ}@x@~@o?=R`jk-{;V}N~WOpjsh0~u(}ieo5enIqa9K3v;V59&*3RX=XR
zJxeuGcLwm5kbDNB6=Ae?$f&EH<h2ijy2d_yz}B~dHHai+-rzBx>GsMpIQ1N1EJzON
z9!l$tl$CRm%pEVF(K<M8NR63((m5+=E)Z4VBlVPk3Y&Zr%ZvhMzY47R7Ci}kfYwx&
zXv1WvV`ZHj&Y`PPg(ltq5)DLabOuVoAvP#cJ)U#NZ1rwpx6NSwmVo4svrEJ|DBo2p
zE$A>?OH+?HZx~@Ri1fM;Ah3ylT;hp!aN!`PyILi?=bhj;l6^3^nYgZ0+-n9LUYlo)
zYfscm+`B458>+JciR;w_*_B<5;u3rtF#?9?T%r34LDB?I5c*u#au{G<*}?5_4i$A#
zB4gJ2H6LeZUyqy1@(QMTy9d{WoCnzjZiXD8?R=WWXQ0p=C5Nt4X0VwfY@&UU+R!<C
zoJ?a3NKqOgIV4=`*&;G=e6(zLpNtnRpS!vLw*KenVy1$HK+ek-&>9Y0hyKe;$$H@U
zW(JA?Wl|RYL7HC<uYb6A5%oUUePjM(=r>_Bes-9i*)Es`x|(fzben_@z2;#537u_u
zIfEE@G!i&mr~>e8rfSls+#ex<oj1`rB6!Vxf9TeR1vAZOPTUCv&D5NybwlFq<(~4l
z``WffJVN(TFB{0~7<C(8nRKAbbp@(HImI;&*{AaNiyk~`6G0(f@#_{MLocXCVqi(w
zQ^)d1L!b4ick$7uhsgBIG<zLSpNZo7bJlI$cDJQ^k(%?T?7u``P<<AXR!k2Hd@<>f
zjC*+TFLs=>E7qPm9RnQAW0~yr4@sP!b&9RGs|L+#L)=ld$R3${NZkS*<ghit!e-RP
zHX+z{bmb)3y;pC^XApZ|Q`IG3B4pJFP3XSLH|XMZfuM@cbUdH9(51JulOUj{E#<ly
z)iC;@VG%@7k?ryZav|klv%R2})LtGUl9o%C{FUR)X>pf#^B$UjG+1G^C>}p$eKR2T
z)$s#_RRGEN*vl4U_#eDxo=4#_t9A+V$QVGi5;>CaQRKfoCU=@`C$k&q-8bUXBo_jv
z`)KQqb!6*G%;_T!bqcLeb&VCnAxB3F_yUphFZdd^?svX9?K?6YBs*BVSH|HiPrNmJ
zSXR2PD%%T%6w$Ae1I4X1@qVanFgHhzGU&}e<~-dR5|3t|Uc32C=dmHp*TDB8Vm263
zSi&v-JSBYJ@?B(4P}F1&?b|Qcygo7Vc+Utob4vFFlZ#whdsO4D_!n;Ww@fvh1FQ%E
z)`nT7Oa>qfI$Bwa9{YsL3g<Jum1u;nDJkObO_UJ^>iO;w0exWEI2B)PN^ga7v`~u@
zIKB9V#9hjN^J}g`smnE|ozqfJH=CjmnquCF&*w6XKMS37&Wd{Sig_eZ6EABxYlu8r
zsE&UVQs&mpR+m^wz`V*nhn~bpIY0BIZLB<BgCpckpNH<+1v8w|j9)Q$muUT2gmAjf
ztaH``4;Z$6jqY+plfxN5%&}k`X_y>>&rGQytMy~8myToBF?z~6Jyv6DBgoiLFsUu^
zabF`c@(L!GztR2I)Iy%S@!*e(BN?Y)ZT11WMy302HVq+jyRPhi>AtjG<ce`vQW>Vq
zhqe}Evn1RD@X2-3J(@RPALUt!vf-&}%D&oP%8(=jPd3|J822vXdlt;XXUk>QDQm4u
z&#x4gZHER$j$eOPW^+$>reisqEWp+1=atCW-3c9jR67}7Q~H5JCx=EPu`;N;cEB~E
z)HL|H=#ZMBh+J@tRMoSq32vI5pH!L6z=#Zie2}nUGrBTE$ru@H)hK6wzDfdM=ZL65
zg1$zZ5<2x>18nUZXh13qSel}TplHX1II9G4e5`RRUA|ZV{XtyZWoaKwHk92?D-txd
zqn^fO0{<k?3@rk_4anBw0YV)S(~BGomEJce!5l#aTNtG(7su=b!N4sZy?*GlG5w63
zhCaJCkJ_>3Al~n~pl{(4RnI7A>7HRaZZ}ao2-}slfB4*eVl^_f5Dz9Uw#1SEI>umT
zlf$`XFW<6_j&ivW?coaxryxCZ6J2i@GMgrL0Zs8lI8fGnro<CbNGqe6_G?0E-o+F6
z3Y$r6BcVU5e13Vs9apXe$4o_&x3m7|4Ct@JZ28`Mhh|Q?OBJd_O8G|^fg~UZ&ue5x
zY9h&t@nh(Xq^s^uGOQ40l|GJ1>6lQRB&<RYd``?X`%O<K@1TZd%?|NNFt^tEIMCU8
z2==9YOf2i9k-8Pic@j500A^x^{O8Qx;=ZIo1QCUXGM~DE<B|zn9EgHCgn++P-N4oT
z12&;;w8F#dG#W??<-91qtUDiHUVHp0hzal1TR%wO_Qv<P=z4b*HsaXFz_EeHlwzL1
z*I&~KM?gW)#MufcdrqRGmXX!>vTe~7-mz(P(bV0?SWs+yHX8B8wXm91sH(;S0$1cq
z=jw0QAkvMywJEX&`Pm#zf)3dF^d`PLf{=W(m~Q2wc8N}{TeX)b?&Ih6AkLZiJ_fOq
zMk=@uNt4&zXQ-&C%nRxyo&ZYn3YgIqTErS)HQA71m8$}EW{CGBmwUP#<vC`ZES0fg
zL-{Rm!{peDo!%>}z0-glfKP|GrWD*UB&`l{-b$zxEBNZwwG`!B)hLG`hT9VxCS%#_
z&s|iP6R^{-Dl?V9S?slEC`gz|ZXL$K2@Oqo_qbw>8XChur$0J9NbKk0Dfuy|yR+yh
z<9eW?d8Y^2A$jMYb4BnxsxOC4W%J#!t3T?o$Y~*u$B(WupN3dR35c4`S(fBH9KA+X
zd>tY)b%NlyO489%LuYq?Be-M3^+YTZUZ*;=n>bszgP>G`wT|zeA<!3HO71djgeKHq
zrnvsKzGeGN<DBE{54-FT{?iM9`ap7C=B!BX2o{1La$th$P76tgc?L=t#jbZ7eookZ
zODU&r-ZBA?zP|uxBX0O)zq6zCIi>xO8z4>PWkTvp5fks5m7!g=V473GIyf<B0hytr
z<qQX!58K+#prL%eQV_6X3t#m}u}Q9VNkRaZ>#^m5Bu{K{g1P$G9O;l#3|^Ka|JHtv
zM=@TS2fqyI%Y5AB8*?KC-({~fme%dLK=}ORV7WE%1>5|FSF>aMAjwzzit{yMi~Dv1
zdGXMZBS+98^|vfJHfwO*ClhuDhSO65u`X#T$|?{G@4~j>wGgiB_WNU(N?q%#7${FC
z#HSbJmzX#0VJEMy*Ph*>|JLQ)w1C_SueUtpF6Lz0ai<1QzEAUBF(}!nSNP`uiHas&
zoxAk98wof~iz^wNX6{4Pc@7sETkMA<q<7b}r%$h19!hnfV~nvL%uhV*KbNUR#Ja6(
zevS(~bh3;{cl3-UUdnSJ^T;)HV-%Uk^)+p<sH-~2Mel0)@cNoJ#>EP#%y^!XjDxue
zhMCg_^B((Pft$RL>td{s47Z$0VS*_K4O7q-HCrai1Uly~Gm6wFj5P_ZPq-V$(Pf*G
zEEmKHDCT5;PP@A*tZNm@FUaFTwy5R4B@iBUMM5i*r?7^Kd(rP1dDhW~YdqR2@rHF3
zJh@%NChS&#*xOdFn2JE*4&_jbm@~MD=X%j0sEph(q_URA0T|Ms?MVk<>c!bHIHU~$
z>PE=-`*n63$(yqFW2nN@Ad=>gUARS~@Fe37Vs&ik?0=c5EKyT6krq9h3?$;Od>J-*
zIGA@Y(w^wfI``o%wgvJ%(c#H_9}$AbnRGy)C6oaf!c)4vI%It+N=pvM2XqwC?lSHy
z45x4pm=m4>ulSDUO7t2pG~q%@0;iHDTXnk9>(9D7o1=#lrG>&m&VD=cBT2+UlRedX
ztf(PV)avaeu!+jwq}g2CQhUk3aaqh}FyeA_{>XA$((6v;P}&6NZWfW3qh2yaZ$nVb
zr~$iUR-J}5_B3#E_1oGW*~<+q9I-E3h~XA1IpNx)Ix3Y&g>|_za&YK<uG$Ma?n#m1
z_}-CaA5n%g7kv&%Hn@)~&w;g73tyWTg}}!jYn=ZdLw(A%*fM=rFHvT^iH@b=lzJSB
zGeYa|AW3owYPX0kO>+piz533qpQVY4&XA>aR8aO?)axtC8Zs_PbnXl1a_m!dXr$P`
z2ZML?`MIZ<H&WTTJb;984$Qo+Kxjk9#KhVQ13F?sGmgmBLyHLMT^hV1bB+4WLGt{P
z=EHiS42h%|y*i=xmrcT*;j6>8{AHP%0xe}cv7jJT4S0;ZVEXxHxE06Pr(;ySsnhmF
z0Hnx6FVQt~R-HnFi}%~35#9P=8;RNKOAFY|k4pGsOAE@P9xa~~)`}CbjK4O4k7d~u
z9GQ+Cx=sI|qOtMd&8s8Rok9<IcMnTaajb_+uZ|Zl$%kq(|HMCjXqgn8o-Xn0*u7og
zLBDrT4f@yl_n&`!()MRCmrMeTU)7z1Aq<?DFBgv3QLP^P2VN5-L`6W|Nad|Xjxzo#
zR^>Gg&rde)E)Hsz@Md4XLk5NZAD{e>Blo6)pNZCq?;|JvJ^T6nT|rh<&mdQK=u3S6
zU3UH6KDZB2)4<dH+Oq%mZv*Q=<1o|WE1Z_!&cBw*pO<-uiF<_kfULOE?~niYPmlGv
z9W^9=eiD<JzZZS_!viPBy{XT7+bAZm8k>RI_7ZTkk9=6;MA6tzlO8RNlp6XZigs|`
zXx!c)*bt<9TX3f7%U~*U)xR@VxU(!v-E1yJ#tf)dBCg(`?TDPC;@fFI9|4qPLHAlQ
zfBb5n6sTb2PtA;PdH()Q-cRsdv6<D_Sm+d161IMMSKNO55~VIv4%uez|7x;YX+Lq<
zH3hD@yJ_Q4vf;kco%FI;bt-SrXRPI$D)Y=>D}!C?+^DqcO)gE;Mr{%}n3j#@d%b&y
z^7sHX=r0jEfO5it8l&U$J^q>aoRqRv;fK{sduJsTe?1rf2j@!!pZeE}UiP22aXASi
z-;5RA`nAWWU;0k0umPg78=01<^pyvLc~yhrw)4038olC?Hj}%RW~Gl_(!#D4dp)35
ziw$;ihIx~73r#<To(~v|zV1u4WdtYBOK*Bqb;AEMTl&Q153nZ{kUpFVO|0w(;}|gP
z|KaOcRW-tsEbSI?gN{+Hsd%d`W&fPY@0aIsp&zXWtgGl;FYAW<A=<kkm2Umzycl4l
z{&S@=iTMNa@5muAtb-XS<!GhE0Bas~Fql;b<5mX)P92fICXY{Hq%(#Ut(wYNv7zJ<
zl#AV$1CB{Er0=hCwNiG@J+(N{lPtpv?6jgmV=~IUo~6!e)|cwv55{^MxEwCCsrL@w
zW})FAoFNJ*bvrT*aGXTj{C6C`-i0Z9mZx+ugz(BEq&7_xfluGPyXQZ@Mo{K^P3M`H
z&*V=WuwOVSU;Op2BX%8t1?=G5blqY?kMY#10peFyi0Zv;R)OoA?*f63M{7AAgh!9y
zEUbq}U1)Lp(K00fQ(k7g{!k6%A>#FBA<OHNzMWw7p9wVe5!}tb8LWbO^$(n8KVKXz
zw^+AzTKPn;*8r<HBT=kx0cvbWr((j$cDD&CkcDBBM*Ja178cS3MO?r_V92E~*s|q&
z<vDz{oMthXVJuitj>aZ{L>}=ui527pnWGIFAMTl{hF^Oz;FX=dEw|=ATIN{}C~?}r
zulo|H<c~pL<j&pxb6nxB$jt-LR$0<w4Rgw6*K<Gjdv}%h^s@qS*RPLo0wR+DWt^+{
z;?U>@@Q?^s=He6VPH5!0@$yLNwBEdnrIOCs3QN@Zr=s1%Mpn1g=d41{<`g`v(FWBs
zk3-|A!lw6HmZ;UZ3f6PWj-APQ$gzpVYVsD_;<&(zu?ljRkJq=SDCH;pHCDpO7B+!i
zr9%+&Pzwul#ksv!jvf2s*~fxdsex=g0th)Nue}+Fi3Hp}`_tmK)uOfoDz)QklK{em
z!3)^F>y@|qn!ao~EPwPjKJwne|9dO;6%L@!2b(!lu4~@E`E&DmY?SJPQ@(Jc_03n!
z8MhzbAEBmt4zC%JM6Wo0z0lvVMQ84}G6;yOUXcs$5(Nw@HI8yhPU-QcGgAZyU^>%D
z4vV*0c-Z(j%SF`mkw%Ifltobgl(lO@D->8nzE|Ean@C5qwnFb3aD`=Yy!6Hj>p`~I
zHn<qIH1=G*GPloR!0Nom*}mlmX^-Z=ui}XoLE)Bx+3-1;>xP@DCR!^e_`U%@`g8@`
zKOfq$lYLh`d?rYbf)ZO^%7==-G0_U*Vifs#n)r|Kg|$C??^V>}T;_o~hjOvj2k65i
z;}no3xRs{`bp6o)2Oi~=@b_1~;Qcc7Fru^j0IHpZVSZlDm5BuS6{EFy+4ZDCdqP4*
z+Wq`#l4YtgeB*@ur1YieM0!P~?B~%T(AXDuMZFCyI~Da)Ji&G=LDQ3X6@L8UkwXh-
zWZdo^k|TxXd`YabtwgVnJBNBtARRLZJ8@Ue?j0a=U-kcWHcXYvuk+3(n)E7H9q@Xr
zo~q3F{3_gQS5oiT&zClcgBqxmkw-W-8&r$Ml@}U*qyyxbXvui+;CIpQfDYfkhxefb
z{r1Wx_fd77H=y|9)LE^XLml$Jwuk%LC(d>CMcHYh5RinS|Fj49QazTxmaP{zR3<2M
zdfpUI@C#w#D7GaprjjDT-V{N?i3Ek%%w{$t`In#nx>P@T8XB;<u`v9wWaJVATixx)
zI;qNIH%pXHQmVAS{y+IM$J=ACH+}0^_0x!7NhCC9Oy5P?uTI8E!Y(<)Uv+gOj-GFT
zd7sTvkBtF-6&>e!`i|?Xa?>xKgF1t7J!zRjtFiHmsu7uFyGh}uD8H_~12Hbyk(WCf
zc9Y}WV7U4GVx_i?SM8gPL!B^i*UJGZ;Y8GF-|e$N{Sw~B<@+H-i>ww9YnSmkN|3)T
zlp_|fkS7|ozziIyyDyoucVU075-OUnNI#jWa>1u*3}jj3Z~NJQykelcRl+OobqGoI
z>+Yw@Pt4&zvo^pwK=R>YOep03pw36BNQ@<@gvr$JvYpWB(+kh<U3=1Q!s;+ytpK)p
z+Z<NGBXUQz0O_8vjn2{PjMUnVz1Gw7COgLhKX8mAk=K`XG5~@RWe5XJB>)jbt;Zh#
zUk<^KFOOE>F1CeijV5i~SEFJ+GGwB~5xL@2grmx(T5L=4P^9>3H|>*T`+YuIvOcBr
zqCAMR2gx_LhW$ByZDDs<J<3`m#YZw4;6@&42p}{X*RcW&AHv89V0{`*F_NQrh>SG{
z$adaH@OXFotPFhWy?+EStN6R$S<=qczDQ3&^cKf-dk|9mq4x?e1Hd#A3<^3yhZEfu
zFH)!5bRLblF((m!0b`I;SrdjABD#6@?hI+-VU&&gyw4fWv1{g_QW|GzkGq;d5}iXF
z<-mr$&+uOvGH@8hhV<OQNvQ_NfpdhVb;0qj$L|^`D9?}iJ8F33?y2N!;@)h?13#b2
z_dD_dLT24c8iExFhJ}V{+XMiF;zmj-g^?0l{X^s0#$hG>ibHCv*`3I7SgAjUcZ#5a
zxMvgmuM+_z94Z3P&DO{Ocdp#NPaK3aM}mA+bs^_3BpVUVzVZs|&utKx3bx);X}<>Q
zo-L7+`8`TLq|PJ9+L;>CJ5)4n^wtVAb;{I(dAhOm%)Fmxp@|xKpZiz5Cgw7A+T1gZ
z8dx(`z9?$v&x(*Ao(er0f8$rt!W49Xx>T?);{v^X!tuklmejwBghJ|H&Fx<&uiL(-
z95ma2eCD*aaF1Q!)zJR$jusR)C=Csb3gE|iVHEe@^!N8Cdwjsmf<QATz#uWG(mJ{2
zdC{G_tuC-Pgk#LCjZCOi4keS9k5X^c@ZAmEN9}WbegZFo`(YoeGMGI#4cN>bKt-a|
z3tx}-tESBcNXwVi4Pk8=^Yg!!8EB%pnWCHg8{E~|Bpi-me-*pSD%>_h1;?b>2n`vm
z${+awAbZmL(_PfQP&v{0RqN@Om8UgtD}%+J7&u^ebq!ZyOp|UbAAsK5n%rAFzq#JS
z`TKoj3i71X<$I_5sDFL2zsey=1+IyQ0kWF!c_Ri(Pyf7GKM!h0ZNIDVuix5kW&Hl2
z`U3|^9<RT1{#-8qsr;wxk8zJUS9$fH;r-`_{M^349`;EcT*LB;DM<MI-7x&~r~mDv
zm|h<!vuH9FFED0(ZJ>hw;}gE8`0Wz%efMwWU#PYUZn~Vo`SVxgE;{&}#2fZktA-7w
zWJ3V^7sB-4PaQ~D4IWClU|vx!O^xDB+5vRxGoXJfE%O#V^v7@Ld&n|%?$yE|P|U%1
zv;~_vo33d8-Mk(AB=%Q7SVbYNam=IEY2f45|E0IpI2_h0n0=k<|GO4zT&x+<1k$3x
zF@6@<tAtps9wh96J9JDxCHk+&o^Jepa&7@I0XjjIw+-W_*nI)ppbo%Z+R+z|KKpaE
z{Q02k<-fiYf7B8@Q)Y`RyPeN>FE8ruy9ZYXW>BT6hIN(K9F`u|<>#Wa)tAO=GEA%P
zU;~Z9@_%#Vpi%e?uug-L-UH<*H*ZKvwcRvD$^q!%_K94&=C<S2cYwl*8<<x_0-Z}s
zw0T>t8%Surn;>Cx8Cd;=DRT)<$C4ZRr_3nvCfnbqwS025_)+_`C*}~5MHARqS_ZZs
zg;<$8;ecuG(Z}t%fXlgP-00>0m=!31?Kif|wPretflG;~)l$3MyZ_Sh1_}9JqJvZN
zvH^F!f&g(}N;)I!aT^Sle0pC*`U&Wz;~yxFhhkd_{1HCJ>#^YM`h+>000P~kfwD%e
z6vR%0D<?nD{)6!Lwe%`8*bS7Y<{YQL0ckHKTwHkMs2CGo9r()OoHqK+a!rMhlO4zV
zJue`4thAzpk|zNiYD)CHimYs_-1vjI=3@h_&q7tce!8>!ifjN+uS*BzjJk<Qs@D$%
z_tOybf(sh+O(E^TcMMpq-Rhi2We^@&F}?Y3h_S2xC1ce*gLO|-U<@=-{Ij}n<0UTN
zejO0s$-!^SB5d?{><(}Od%!-AqD4U96c;VQhAq-sHLj%y(Azw)BA_O_%6q$FVS2^0
z*eKlkz2EK*L26l(4z4I2`g~|A#dmj<wnV?eo&$5aYyA#4m~3DBG3Ma?aI9(&>xCDb
zy#J=nreR|?ahB)pXD}8N^~^ShHl4u%81fsXwS}x8hXL*3^|rQf^gm`6ls{e-44c29
zvpsmQ;qW>rS)wtn3o0NRU3PFml1e>RApGX6kQuZah}t#aX)_@IrW8-%D4X{p1X+cQ
zq6D&e!<^}g*WC`Y2!t^J_b4D|X&D_FeU*JaLBgSE5nD0VRm%rlK#B_<mVPj52TGyX
z6a4yJnUAD}*3G)DB~V5x3C}czN!vT?kI>9~6`7hl#%!?^=JCS4{0jj7NuS>7N|fjY
zlvIQw5W*vIu3&9nO6>9x0p4$+%ECx6nrI)WQ;gtIwVsn9peg2hBjSZ1c?Kz5&bxzd
z-cR?0BCWCLu^r=I0H)&EyP4*m)}aRa&Rv@H#RNJHZ(#BgT`>DV!gd7U7aS4|$DQJg
z=tBy1Sc^fS*Z3Yh{R`aOuVr^XF;^AV0~lZfNX0wsVWK=LVef^m!$|K64C;n79k58%
z>_h~FtsV;0=eRG<9SC+&$)dRk0F93MW&qYl<(|1~MqkgXO2yU8ITUz4nAPEM-`()L
zxjG%WkvWR8q1C-MJ!DFUGXw;|GDH`^VpPYB!tA%^Qkn>k(s-PdUG%6Hh(leJ(wf89
zgXVB#b#7F|;v$%9Ak1pL8l;pd?!iaTNLq#tt2)nl%dPKn^x0Ji7&mIT7_Lhh^@cAb
zfoW`NbXR!~+IjXR171mZ3NJONs+1$w87mm6G<$}Sw4Q8qEiHL$?`jAP+Xavu&?*fM
z?W})kA~?MAano0np*75IV%;>LSe!a9Hl_rGCQe?2nD4xmwXj8799(f}<k~dIZt*O}
zwGII({NZlmmw0pz!J%;76M`g$hER!meCMV}RDc84x5{aHyo5M%QrIrhxqfr2!Fo_l
zuk1-_rb_q+9|vUBC>t8PF)MMm$$hC8K;6eN?zi^rE@(vcAw5e#VcovEL2Gw%rF^M)
zYilC&>6dee$p`BRn+~FLdrp`{ZPHfy<V-d+anv_uY0WEsh#0VX+kkNP+ioE_>*&z$
z!sypAyM2*q1_5aly(#R6v_w5z7|f@b*i|LYbF9FqN^iYgpo|TG=IR7UEqn^7xRZoy
z7IhTHV+em5`@#WU!APFH*^cSSwFaSUR{a+!Q!g-WsA_m$4(rzU+)Azjkf0CP6BjpY
zCqSZ87AS$-C>mL_$wu$mV8Xps<Y_MXPVmZGRiPXilI{vq?D&MY$Q7&wqEqRn3zCG>
zfHqdYLpE^2cDc{ulCcRG<xa-yZ^DF0aox*?S6R>1HSIN8eN3dpSiwtk-HF1Bu#bTZ
z%-&v)VakIrvL1ex)3`YnSQP?_9<Krivx^RE!$_W8o?d<oY2hT2t4;&~dV|l@fs7mx
z5|fK2dv>^{tAa#VoUM+&wXiZ|-BRzd&@4XVexZdO<5@_orO8y-s8O#%?_i-#&z+5r
zvb@$1wkX{9R`yDtx$U($T+M^Bo2v9U+4MCSD}x_iD($mrs3!}<>1#JbxMYORE5BXo
zLSKa<cYp!ixfh36E4S<iO41Aw7#a@h&@<tT*B2i35&%K3SoQF*Uba@stkm3mjm3P)
z7j2~F9r#(<%t<QZ>%HPC2jSvIGT465L+Fs}=3QYv#@>8mmBf-&9%#}fz#ijG;2Dsb
z+m&<8+hOQSg#yLelN|c@Qgd=Uc0YiSe37VTIp;Q4KU(d`ya6a>vSSNUaF93<0k|l)
zL%%d`mFefuXB&d9??g_~_nv0!wVpADG1Goh&L;Z^5cpet|IAOW;<3ZPWgBGHw$hc*
zM9>-bpc?@ZIR;QmDw+>5WIta^wB~;b+1O-fA0o!ypF30R!??zCcuwLwzX(eYK(zzb
z5LQD4HTACexQ|;smJ^h&Zx=zBY?{mz^_I7Ip*NuHyKdxNn5&u}yHV*X_I`R>roryf
z2@6Y;Vebs}6ZxjjKg+wHlNRtW6{&aCpAkRWi}j(wWF_7I6!cZ5`v~wCF&-+M<QB2$
zjxpxdKvJC|a7+uq6f^>E@ZT?rSZ><3X0;OL6oe_48jax0pYg&<weV~!JGbj>J0i0B
zD-C7fcQk~LTc;`qh_cOh9A`2SsuvP-AMY(8@PQ~17t!Xkgye5RAi+|cwg2U)w~f|m
zL9o?Ewn7s|Jf}4-Ul5dzBQwty?X_f6eBnmDLx2sa5So|4_ASSH`NSNMM`pD~Y9*|j
z5)7MRkDO73F3w=QGsf0`025TXgRH^Bcb~l|dy0CT3#z7VIkRBGu_>z)%m=xr%KgX%
z^J6)ob7|8*EGgnR4#t9E)`o8pxC#-QApwz)(Q7y`xD<Cy+=UONzM-vi#Uvln47i@K
zqTNf6>Ex+*PA8k7<U?5?z4IG@U~sa(-t#a!_wtNv`q+|4!$~ow<NYm94LS8sTT%0L
zXb7`Ha=HMivoZ~|fo`sZoo{lwy+Hmz4&JD4Q*O>%-Q_q~+1DoF-Lz;k0qn;edOtR8
zOE;4aHT2p~OlO4J?t|{XyJ?Wo%-=x&-dk?y<PGU6{C0Pu#OP!&aJB4AZJxwTX3AAP
zTdsZhy10#LNa{h`TX1=_D#+wbcFB)k*=7!&v;@8%tC!JmmHnIx#VHloD<y6OHZ&r2
zGVOcg^=6wbV)B;r>h9aYiVvGRo5d{Q!1?)IlhkG(v7S~z*r@u_VU`5W;@NcrUyHz_
zJJ?m3Z=LR~r+IBA8=J=Kf?d(<P+<&k%Wti9LvjCWiB-dC(#1w}N=y_yJ80ZV=Q36;
z0XeVXydJ#cp@jRlh3%GE#hAMJ1Lqiy;y7wRGD!sB)r^p2YeTT{1xn~kxEHsfRXX(^
zjxxfTybKqtw9;?AWgjyVuMJr$2YQ*s1+0Je=9)1}LtJjIUeXDL+TGW}jZY?7`LqYn
zA60~_7j}sfxi2|ANq0u=`q5HK#M$AxF|n36SWg7RzzwdujcwQ~oGxI;*xVe$4vZ^s
zm^=eHpxLDHj(YNa>)bwavlk81LA|Ls)fd(MneUu9W!z}juAwR>iP#B*E-k~EOAw8x
z(<jkeGhYJLUpx#S9<Rdsv}G%zPdLEr>G4VL=JpYG(wfa7y_P5fY5aJ2y8lZ+h*NsP
zT(<=J0)iv(ukLLe7MFyaZVfqY+S{!qw-IHj#t&J)n{PBh+t!;bgCC7uC;C|^(C~`B
zP29Dg_uNPe<ScUon1?CcU)*}&!OBdpFvj_2FKQtpw}1R%rgNQ;gL%)ibw(}<IHuad
zEqYR}Pp%qd;D5l5JW38|o2<Q)>b*5=H&$Upn8}0$eYorpw=Xo?4J~Q~%kYc2_&UHx
z<m1-v^ZO1Dno4Wm7B?9e$KAC_fI+WsQ4oU(G24N5+LLP%12|ls)zOL{E6Jrzx!J>L
zY(p9yoHRKLMk<7l^dA<w8G2-)Eim5Kv@oPaF}XeczZIDmnFOuIlLGjS8|y`^jMo&$
z--Vy2AP5MgaP3ro*6ZdWe%(gJl69~&Vsd%z#j`YAAur??e+Hv3jmz;?<gc-_<Y7k!
z#mkzXD_4wMW3IUm+enq{$(MAKir~a_R>$P`p+fw(Q{NX}J^!rrexE0!+>cbKMFv`5
z)U}VbL9WVuo35K4*64yO+p+_$_jd5o$1SpJGw>_(AC^D}x9lolxlm0W5S?0Fik`-5
z!=o*UAGG9lN3vPaoUDx}pl@e6r_a|re+7VoT}9}1pREyv#>HN}xvA#;UrBLKXE#<b
z<C)VB%YcEP_mUK9wTAW<=}fNaH%lfpF2Lq#EX*@i4ro1sK7ei7UsbsH@y!y^U7|rB
z8+K@>v*WPvKqTNljmmfIdT$Yiq=nwfjVtXxyL7z2#xT}q>Z74c0|19c-baLJWws2P
z9>kxiU+qm6_qMwE%pSv%!+;67pc<j_BKRcXhtj58Ju$S1SsPSU_lMWl*7=+0OQdG}
z>lrbs78;klBSDgkj8>CyqnAa0COuoe5Qx!2m?BSlKmY|_Ejw}2S5UWm@}xePrq9!-
z@ASSwF&i;;+n;#F%Rs7s1RDb=!~UQX|JnfLxw9!dfV0D_pGlik*Bg<(roCYbYdrVK
zQtD7$g0WAHPl+q(ZHUbmp;ujg-AnzY=sI(+M9i$v7t~6(AJw(B^~r8Ysz^Iw_H~$a
zvZUj28Fig>D{HnKK-2HhT#!7m6meDO*1CaAA?wJvlFr-(^_VV*`tgez-#m+RldZ2C
zbYj<bC){sjmYhBX&p*Ad-m^R#;p!D1WH~kw;Kr+VrjV;bIPjzN!B71D08AU5MmgH{
zARwmjffw$6demh!1{W#2ejF;D^>c={%bU|2TWxica|#xXb;=<<=u!t@g<&IHU?W|`
z^Oil{#Wf`!!KGk&(kk^6WGF;OYshvqNp*Rb<Ga99Xwr3e?3(7c@zFgPEsmOSH8Z!%
zXJ?I7rgc=f=}qip*8>Mt`<?sq)mJe5ZHD!|{%4cNCh#(7Ai*e$q|EF^I&)0>qCZO0
zO^T+>ym-xOCwyrghDd&XC0z3PYV~f+x6h{s*e}%+wGQ6H=sntLz4dLKKXdx&o>8rD
zUGfHavgAa>lNUD*o|A6NkkFm4_S6?*LkFtIl$d_sxYin~qx{5}LPL?@u+lzbtu^gF
zNjNi_H*)lkk<Q=GHz-2>`#aUByx<?LtFyi3I9Jh=P%x8Ff+yRK)=Pao881j$vgEk*
zP*`>exNua)A2vA~4IHvCqpPz$43!=LRU>;hdMUV{r!zR!B4IOJP%1Y6LjlHGnQfRL
zV&PVz&z#^F9s@)`G>JqXW@bBgVhR{;9@H}do)hT-BkQ=aVe-(tJ#1sV-V<H!1O|@;
zCClD7w|PFu@XmT)nco((aQnU*sFN%_cg#>CR%+5Z?7iVNv#v`rQ0XqvLwcA4dS<T(
zLBmpCkVD6I#X)DW6p$wq3AlHrNXnQbIDzxUMYWhC<UTtu!Gv_%Xw}%c6Rs{WC+Stv
zy<r=mL)1u;?C3#UcR<*MHcENSo0RO>z`dZZbDA@`TSnEE;S5fmbT=0@Grr$Vl~+hS
z?%+)0v+5%74m1sLavrWjR4_NY6nz}K-d6sIhR17TCs^JUaj(L?KzQ;r)H|;U=cz$N
zj6CqU(h!_jkNE`D<aVur|H}@VF#!SBD+J{BF$WH_jJSwSGHwWcI0}Sc#~Mbor#skY
z6^)N-0eVuIIYVhtFwaQ(w4mjJWW$38pWe)rw7n@@1^n|@*>_hoi7byV9!rWJ9(OG;
z>;LqM#|#ZA8#wZL=?(wX-RS0rmJDF>P64j=>w=I_(fuKGP5A3Pm?dPWF3pk~6~Qod
z+OJx@Bao}oG-}?1L;6;Sjuu1^Scry$nPD9FCz@O^4yminUQK8+X#_6k7@^_iCyJN9
zBr}6r`f)E~Lb^t;F)ZA7ZDG)9=*=rMsI6p<#;<!`0Ff|Ngv;(r55-+)>6tIJTlPTo
zgA+^pNM0bBhI7R!fVQl4ARl5ro;AnIrJk*^uGXS<a^^?rw78vto=A2)3p9%ioLN_3
zTW;FK7FH!VBTiC^S1Tz>ViMMA2raQ<s0ZZp(d>5ga*Ip72;};LRINsQ*)_)xG%}6x
z<>6$6rB#2&z2Z9`-}K&BWSL|u=GodAEmVb~J5{ddAWmP80dVti20ttLyt_DMN(`c=
zSX!eGDnFLu2>?<8&w&8P(q@1sVGq0Rv<vk)Ci`qJ)8U3H@?8i+_xf|xg`MZRqp3Fz
zs{k>=;R=id$V&!0?MNamEPfzWKdJQb2XG?mTb()#mdYX1)hnzUE6J#+0DY&IA~E6R
z=LuH%E%aW}tHf_Mkvzqp#YARPMP5!NkF&b|nv4G)G^Wx25F3e<e<oBW$!bvV4#Ts(
zu^@Lc7=;7*lNxA$7VBwesZF0fuW}b(!S*zSWNVGpdq!%ca7Gmyx0(G|T<z_C(Yj@u
zjI~46y`p2-9Xgth&DBxXGO(82$aKMz8!ZGlEmG*2$FZEfw~FZ3Psu6B>^h_!y}z@G
zcW5tpbb}H|OMX^hB)bhP$Xg~F?+Y5Jg3P~}i_U3Ci(V}yVSQ^y%vWbH%R0JOA&)<}
zRqj~aDN22ihP4kNg|SiMTIw&J94@n5KF7}FQEVeorvfM9;-uMryt|#2&XHsU|6u75
zeQTDw>8KkQX5>0pUu$Q+7Xo9bFLYdSE_ad_cS%XZW%v4|?pk=HC@UT!e`^o}+-tN=
z7ARyZ5etJh?Z=rVQSV<Pw8ZvJ44%>HMWlFWD#Dh)FW^H?W5<;))Iik<7}syl=@&^`
z3+nOLeH)W=s7hju4j~fIQYoV+yCP}xkvY?^ra3NVsm|m!xFUzcv%d`}(=$JJYBh7N
zM45EaP1MOaWI0arq!WhI?S@WRu~qj6aw=a$Yw~8rmhbiT5QGQvEw0PtI6-u;gQ)2q
zgRO;uFI_HJ8CU717d=kiYjSiJBDsXtkS*X(?4xTWGTmcU0~+G2dAhx~73LPT2$zCX
zFhd$MN$(jlWncanir|EP@%By1OCrDA#IDIKb`o_}+7hok>T?JwXY_U*au)E~=n>Gb
zZVzdg#-Gxm7}(m4xmUZhFCg9FiiTIC4gh<aRRL5f9FVscJbP*W4O=ixP}6H9B<wjc
zD6L~12wLd=`2*?=D$Jwlxwb;_jsi%DE<69&+m{C&g+n+Xm*b&VTH#&Ex5Z!e+cw}O
zu3WiY_Oc(Z!rufW=BJ6%1r0YK1<6Y8V;`*#cY=o1iwZJGOUrq+ImOS!wB|W7OL*=k
zhq@Ac7HAo3JeCG#Iz4Z;jc<Gj<a#pOrHAlebcJ)|%q5)`;YF@SA=>`pk;VWb&CqDp
z+`U+kuREEpKy9p@g4+bcHP-bwN&V4M)3&Y=3wk^Gk2*Crif!h1asZ|nC@Gf+QBIH^
z;LR+3^6=iMDnU>z)z_E(((R^<*(wDFuN}y8k?=X9R<iU(%18nd(^rXJ4o6y8`ZDiB
zPafRa9+b@d+PTh~N%)X32X6a=vA_xeB=L<;6MvL2FGOzl0m66pMM+)|sVr=l#%Z?3
z*cG#tw)gTSBfEL4VgL0EdknTY!{IH*2^?+d+5d9eRsA0vTYU9oZ1f1_xaN+aX6t)*
zZ}qfiKS>|xDZ5pMj{Ax`)4?B4->C_Jl$LtCr$f1X`V2+y;d`fjYfKd+DD=FhpKuI-
z2(J1g*nz2m09w@kfJX2G1|jV~z@xwCV*YVV-)-2c;w1NxDR2-slOq+O`v(X(?gSJG
zyU+tftirM4a6u-3HIcj2l6l^GZFlgx3-mD$4jn!9{Vh;rz<I1n=D;-VPGNrzVXiBF
z8VxJ>1K|G)!Uv?98&hENvaWuEp8VrQxEi<+|7zab=}%NqbV?vfV^0+f(jN;d9TVZy
z0E8e@yRGes5-_;$lp$_Q6d{`Mp`B|Rc*ghDw(?`YF}c5gohdh}{^|+)4`=?aZK@B`
zB;B=Jy5aiwGvFIX>W0=?Fj|d|NBkFr%H`07H$BOv!vC&(f6rO=QSBXKT3jyXt@v-S
z&#$%!by>cISHEWTUx?!Gts9Imi~$<ByOt^be|;gh{sDl!^GnFw`12zE`8T%t<xAR{
z5Cbp&zRQ1p%`bTBX8yirgyoF6#ee;;e_y+wFZjM6!;zSOFOlEHqrc@zKshWNU;Jx@
z{%;rdy?9?U=N?R({oiZ+*EMl76;g<h(TU0b=l$G0sj@h^@Q&g4CH(ahP~+Ru*Pkoo
z-4j$N8@~C`YWth~;wOKG`BI8V){&y*dxs8OSXJ-DjZU-Py8Mrca8R&(r14SJ{+sma
z+6Tsd@f*Mkz)KT65jzfmRSB7m{J!!w<A{NP|9N|vto#8zdd#i~#`AjK*N5+q`#R3&
z|G7qIA~(;wNJ1gDP_7u?8B7EBy7L&&wSP^bDU09o7%(NV{n6`=JR>0U$F;rJqRw<&
zWxg=@Yfb&}>A(Kn)w5uo@c?u0|LYb{@q%^c^DOf>vEv`Nk@81w9-4#XPtT>de$lu7
z$94YwH?}W;b*2?|_xFupy6_!9N*!INMJPTaj=|pma_X4ZAj<O3?@;D06=~-Gb)E8y
zEWm}fM!=v}VBl5^NNv7+x8T&m%KU>qKsbz-a4(t|9I!%P1l~@l(y>d#X|M-qH(;1o
z^wHV<wXTVmhUaV!II}hKycnyZNR7NEp06=g;}1}R42;+Dya1y;GMN6i{m1RtI@awU
z(~M5UhV{>&jwK+vT`o~mWD!EfH3G3hMiB+0Wom<Yp@C&Q<-d28bR9tVb+Io0wIKk~
zF7QE!0XkC*8-*-M$H*B446BR*&C+!40I(i@fyrpZQ3OD#IY6}y#21$%F5O9grwgOA
zt_CWCH@}TMO5iGhHUyjx?sIx@6FEjq=kL)L=?li|%4wAFx}1yQewye<>j|7mzQ#9!
z{0JFCFn8;%7q=UOWq(Zk;W;h|4)jaSi0`RgEBon=s^n;L0D`81lk^uWtI48d0i&|J
z*UY=-KMocA#xtMtf;W3y)o|g~&lh(4((S6H)pSNdz;BEKwgz|Pb~AH8Ws3=gzw){V
zJU9)#3PAx}z(ATuCI5kIp0Nc)!K^($D#W_G(_^%sLgl8P@-x^fpqJhfoiF!%Zvxsm
zRgZ-b32HW#UDppcdzUG!7$Go${0j;&{n~Sogqtt`-h%x1IN=&a#!W)kcSsqey-k~q
zcgmqM<u|N<5p^D`m;fh3?UgTq=PTCV*|O(yU@<`^T6ak!zm`~#88ta%{i6DXSk;u6
z3m`wqI(v<A02m&P#4G_Ib13e*zBAy2g18(Kjahw_0ic9Fl=L;?6x3-gFLZtfXc19h
zj;|8@jqif5|F$;h^7LvRzu2yE&M`C_?azt;<`I047KYOs!iEYB`02=8VH)e^5nr>F
zp)msMqh^~fz?*FJ$%24AY}Ar?v9QU!JE6>GI3)s1IDq|eUBQ(#8#qNdg%-4WZ$6k8
z?L?Zt!>5;?37owrby74RRzFo3Dm3KxSKgnco%Pv`J=wQ!Ji77GN802QgjZ2Rq~On6
zCPwrJ+aDJW2!dA7tw!#}uv<gt&i5}jc&5lfcI$5Fk5i3XOF-Vn54VLx*YJq@iaa2t
z0b!0mgD$$RZRX<z>fIB4zW6`<FWNuOCY?ed0{6C8Lm^r?sf*z79hKJ3(X>mfG4Hm9
z1MDzOheE@a(72NMH2hqTfb)`};QDx^=E^L?f`SJC$xzNfdX%?1?hjwDQR;OCsR=72
z+5Y9ep@h{jIT5*p>=b@&WYAnv9#tH;?)FMM11P(?CwWFxu{Zf2wjdGWcKQ~j^Kmx#
z;lfC~M3Fj}-38b+^>n3(SX62NNu;4M!z3O9rT7IEi`t&DHPm{c@oO7&ygOBQc2c#Y
z!Y0$K^ZqgEXT-*>`!BuLlYxDJoZ{GqsTnwEZ)YC;x%YC%9GrjA$Re1a4zz<$fIh$S
zUdsByMbHU{v5DoqHhMTP;E+Hq6rfrM5NM)Xe0g$+UMVp8s7t2RKx!mxCjzhWUQKu4
z)}fIg+F^8M;xGKK<~RNqfi)|}<K1A6<$t1om7D<mBcT<hO+k)eid!P!V6;<s2P@Zj
z+DQN&bi&ej{5J@YVV7*cK7e}b`{U7bue3JX5Mpr6CCtvwI+Pt7#Uf~sa5&mIlY#=u
zff|!%^T#JrNZ#6F`B0%v)w<GHTFZZsKw1(}7`UpG0z-#>@xg+7>aev#n9#zmwY!<#
z?5IHUcSmZu(9koQC2eM(z;a=#b|WNs_3e0XIq3A#vF&4&b^1hmZ<Fx{&x5e@1v_s~
zi|EU3{4j+#qNjopZK8IwRRK*E{<A4Q+o~XT>MTH<DhKD|6k(hLtG#N>UC_8IX%J!2
zYgFO(vtF70$p9KxtE;qI^qQ+ro14UXZ>oTx^iNV%mJU7i%sv%!B8El&`9~e<AN79e
zky^WoP6W1Xv<dtA*sRQYob|O6<;iW?Rd2~3PD|TXC+Cb=vnS11FMm;nED~SzppB$~
z|8u<IlB_Fn*T4R5Q=@nO8lKn|z$iB_z{0_=IaW+{jyGsVul-lo!xVVn<&h2SF4vs^
ziAGwlB>7N#cIJzZG!~=0f7b-#dQ@O5RFY=+G(R;8TP|s=F{!fOp@l1G>u~?ac%qr@
zn)jwCYN`)lI#0HRn=od84OvkP%c-G-ksi+wb#gGZAbe#&$l!6St))$?ecx*z3V`X)
z$<S|^%BwE#H@|}O?J6OlUWal(pI*9h<;qAS$QKcqWaKbkPZqPeU#HRb)p9)ZRkFm=
zTneFHm#tnvOLqA=2k&FhCAp=Xe@SQ9HE>e2M9gix*DXaoRxp-LOU?=#S`kpww284P
zo4;Qx#UN>AkdkjOJcRcNwj9$+krP~H6^MHAnguk%6*KF6IyZ@pjD?c^hz|t)G49ap
zrx`%r<9py%LTL>tiDITf_PXM`OTDpFcQ#vh>hfvXOP7)#d%y>x;{W66QRda62IowC
z)FVS_pj-%>2&h>$U$>}V5u+e*f~%U-W!PT2)@&<?LEl#2SUG9SWUzl|W0f@wxSWi^
zz#er0wrhyAOf&5D1f~oP*IY3!>~WMf65Rc3kae7t>)&u)9qcihS-W?O%_PBMfnW`r
z04(w@vgN?ZTf3yl3nF~{YqD7^`pUrMY_T#?!miAplaN+!y~d`~b{W33h?+i+K0N>2
z(4uz<qWwKBa1pts8fprhQ<wC9cL&Rg@&V$Q4E+GfFDKnodCPE<AI6kDI_b&Jc|SS*
z+E0!inwOt}NmSArCn=9r5^lC-ql~T%cXJS>eM@WR=Y-gTP*Y*qb9{H-g+*P-9b^$a
zQv2gwgD=vuR=i>UovW2vWnVCDglOu(J4aKvZf#M{mTlkE$+}nWskuHov4j`OP`+=O
z5Bk@Py_PR-8PVN#hn>Q;KqvNgcpww!L**{lL1EH46sMpQg8Fxhj2bQ{!1&;mi)8!V
z2Kb&qo1O%6IH<D0s(hB`<U_wqjre}@0t&Wv{Xp8uKcw^ux#L|2^Z^$hsIA6Fu2#}%
z+M!o__<++EaxNUCQnkdNoXw|wjTE)Pj%P+6QG1hSb=79Dz)U;KE)v8xB<|DntP9CD
zKvOJ{;70w}o1HPjRUq}?fe?mSxoXfa1i@}lVJ`@jfo1;l!0pUp*r1N*hvyCAxo*3D
zb!#SrUUjzH{rjpBTgXh1!iylf==Z`g`M1$dU``NDI^B=AW!BJtWDJ<lR_k@XdvaSw
z_^18%HIq(=(rWXUH$CZyh+nlil&d4tZr2&p?Y099c{}zq%9`X%XkpOGvA;yN{y#2F
zslVqHr-2P1OtieVX`M9wF0P*rAC_e0;s8V`LwHjZtU5DFSa*o#_QEJhLHgwjV0Pi2
zT&E6l$!4a~Zn)hS66xv9FK)C(f3)HVpk+Yv4UOaLa>NG1SsEfI4Ar8A>?RjZ$t`{5
zEdBsY12iT5xsr8L<*DG!cXjxrl!QgCYcJ$j>Q|dXjUykMpLxv-U8qgF5m4J_TuYji
z?x{^{xP>INbXBuzcC4Go$#`!6xN0$ESDa7@-4D?RlA{P(8HvbNg7`&qZYEDE1{E8V
z%v)=0l@=LwJRHEdWx|rN@%!f`!#X>R8q|1JXvY44$I-;q3`8h!FSCU)3YO+~A;i@4
zbn}G(-CV@f|G<F(FgkIV#2=Ct3W=HRPEbRgdqK#sjaMerpI6>3E$-2|sw?kJM5JOx
z04?!(x#UPb?aKA-)VdQwq%hh0S;6(I<T1AzXM}^jwwLw3ydrvm3QKGk`Ki<8r!ekl
zVdEY&4^$~fsqGdzy}1xfjYqB4b=*wL0}&945amC85jTSV`N{9E1pPTLGS-UmA-*_E
z{_K3-PY6AwpieY_%O1VE)5HQjnaL`>wzLv!e3UJ)x#2M=#3vk}sTY4VC~(L$*tAyV
z3YvDGVwpU0iknjH^Jpg6!bfSw`sz_piu$BydD!TssMWaup^}BT<G-*cQ`_p-*%|1%
zo{5WhKHNl90S#pYrgx|e5+Q0Bc{HSGe->V8Feoah(y;B@Q?+yh_dOY+r_w(EdDf@T
zK7ksj)^3hs|Fa6{^p0cKh^GMoJX$A5>s83d>0Ni9*)FR(Yhb)V$ftE{6fq67;<m`a
z?K~*ezBrcujxaJL-V#q6#(zK0b{HCQVP1A@y;Jz&d;G&>A@AD`XX?^D)uyGjtl5#z
zW6rG<O2~{Dg-9F4(e~;jAi_iAOv-dtzIncXV<4`Zt(9mVFa^q`2t<mHdD|H@A_5bs
z-J6JQ!6{{q;U%wQX8;4K5^||wZuJ+HIY^6|?K^7OQLK9U%@^iGYKZmD<eu7eq-@*o
zE`mwJgyKHY5*nhH!RL=0?f~&70fp0ec4$_101U6B*x*;wO{1fDxyNMUe?UZxw28#f
zzW|~^01zb<sp_2Rju(-6Fh~!5uhQA_n)O+?d(*2|m38aAU_N{kDz8(7tFZ?3D_e|e
zjyOXcV5u314rWEhbnCJ7=MSav4JX|-?~y+2kX1Fn8LEHz?mJ8PVXNDQ_#wwOwdg~K
zkVj7SP10(Mb|=In@gyg*aNzTAc0@FD!hDVve)GOkY$)1>oUF6FZP<1WR*HQs9&I2W
zBT)6WBYVv9wsIR^;`Z1H6jp5^<6`V+G1;wuD%w3U2@z$zJXe%@HE8ix6~c{xxrq4~
z@$1%na;I`<<l^l^16J0n+^ewq1~70C`~d%TNN^rHAqIH}%oPLylah%bxC)%Y&Ur<F
ziawm{)|)E<Zo^kt>7Cm@8%)cOTL=MB<mCjD*G8lP7YA5rNl;B+&ENRWXp}M*H=&q!
zK7DlsTRSCb_4TG|BAGK%(dyMUFrp~27JVCTbTC=U^ku`Tq_a0}bv(w_scRr78hpV!
z#=SsIz*NPOdA^Tjsasgtw~ecwoA%|j2#`pL$5vNp|MUVdsi<3=Y|^4QdO_4d^TN%*
zE*5cYwtih<eTib<Kz>;2f;(PkFCubZchdmkC_3^bNmts%13eUpq0w|XBMKP?j$mVv
z5oP^_M%O9QPK(~8=(fE36;vM3iVf9XElT8TGv-Tu?!%g3hy??uY&$}S3pRh2qS#A<
zxZg(#vfZQ*Ozo;@zcz{CYt(zS<it&BCTw7*?nO<vg^Y>1n{`H)=MVViHooB$Q<H8Q
zQ#G<0>3h?5{{!hZ=B$p!ZOal|X{J&e-tpNDx7I@52FIyayojg0kJ)|>CxWV|H5s`Y
zP`CF(G=)<}p1!AnKmM2_&;E1v;eYVZg|JjCU&4?;=2ytp3~g~c@K?)%;_thyf$Cj_
zT6f`U&QT&^9B;Xa1Z18LkP)=FkgzgW-g`ZEYpJfcaozrP_8m6S9|ky3Zr}!TGs+J$
z3&6B%UE!0?U(ll#A7~m~rQQ2QJTJQ(1Imkbd~wrRU>_Bo3rfXhzS_9M$P{m~Rf(gF
z3)2el$LyqVk0ISH_c#U~zDBd8jQQZ5zav|Qj*%^<jbbUXky<~5Oude#b>Y2yIiZAp
zja~&2;3T)C63}4mJ=ja$b|xoXy7L%N;4-`=S4nGgDQ#nS!!|d8fl5a{lnu^eLu>|c
z6%32t&}yTj7_ZspX;>&+jI6Z-CQ<4BY&r8aE+Zvh`fFC}K#cLu;(4&yX}7#7&!9Rd
z*dv7<y=A;sPbyR`Cj*40y^iNnhEnfG5R+LpCjmu|)~&PlPu&mJgjBhLs&H;RXU^He
zx3-Y%Gq9Q!Gw!)Evg!&_7iV_tCl>1geMrUCSwj=JXupHf<>f9UaRTzS9TM^^_yqkz
z#kYdaU(+O}lmoVmT+EBF1R?*Ay|;|2GX2|zk=#gaK?DUhn^qc8=|(_WS~^5Ty1P>)
zr9?`UZlpV<Q@XpuO*cFzGov%}zwhV1zq}vb56@b&Tzfe)?2GHH-+BCwa3<YA<&d$O
z{zC`<#|3ec=^x4$kpU#FI`=7lV8Bm%O+_~yGbb<RexeS%t|qlf_YHI2^^NC02xiu*
zHT`K>$ArM|5aVuXW@B%2ctsGj1GAxvl=<>VLm;WXUNBDbLGe3Vq$6M&G|saqq9MK_
z{#SD&uooG#(zGOiqs~b-GoB}E23NUvt~G?LNC=OP=EY0;k-hIHdn-?UI%*To8Ye=B
zGYx``6K*}I?8dZV9-e{y6g&f2RAg^R4kjIeYBFyAA@E|N*jDHTM6g>wcJFk@jZG(m
z(3{c)Vq@KB0}XEdRdRuL*Ub69rY+p|#>&r`xFo*Yr;@kSgbV19)pD+F0j^)ij(9!h
zYI$f|?27x4@lSD0+{5zF>v<yxe}c(*HFn?tG-_l9niicvwR0_-{s4H5MFzNbt}AA-
zb-H@KKFU^8UWdP1k(W@*%gY1Rf`CWnm&ZyOD8HZKPmIaSkvWXV!F<iQg@@aEkvy(8
z7vN%;`^|g3@lAgL+Fs>U0K?pNRVn^Yk%1R6VFpMO586&j`2BqlU&h&q`{fiCotnRX
z+h1tbuQmI}BX|+t0SI*yIa1YsF@62#BYvS2yjPa7TFCSpm;B>3dFr4&Iky?hKY0F6
z0KZUXR`$GGs(`N4t)m#@pFaj#j)m5-BK_bQ0ZkZ3I;;XKG*RR?$_6cuyGD{VVVx0@
zdD?YrWlglfaWnTbA^-Xbg79z1J|-Y_*2A7^0=M)ZX#cD%*6Usvxcbc0U(y3v*L;3Q
z#_w+rWcbJA{w=7!zPfAHI4gexOm<b=1pB|Quzx`&g1iKujpTUG1i60oO8yB-|9Y_U
zDu4-3Y9(=qzyCMz{WpAnJ)@-IR!X5pXNOzQbG^5I!KYrtw=92@R5)w{t+#(<i_D5K
zJ%`M~A#l9?(9#{;29EgO=*^#>KzG96pN$T$QOa3Vo5?M!KbtoVANkB5|EdxH9&&gZ
zn#97Lfh44}|9PC@V2<5%H2t*-{`1TKc$Vg3&>#7Di8?CqUmors&k98YX!`Sd1I7Po
z{(;8=X!<@~{pGLs@#~%b^F4drhX8*EWLVsP8J~Z?ZZ;<H?EilhPW^xAO#y&*X%FO0
z^8fBF{rbB=Z!kRfXA2+vkE1hy{MMlIhLzqG5R!xeE{X)O`dbjT`C1YTVzXjE&sz$p
zbEsuL757(K*#E0twj(~fzorNrs};EH_g|lL-48+i_0^zHBagb>9sdFdf9U|_3C}P%
zu$y+&pc*(~J=hq|jS{#zSHvafrUtQnF##}V34r`F0rF|2c9I7zxCO@m==n6~>@4!Z
zkFTxby8~_E*C2CJ*?SX)H}D*>gE!YSI;Vq@5z{?^(^Zjc^jSLo(F+h609&UxsnpIO
zEckoMgHQ9pp6JeCanlmgD+O`1HhcYZetxP4TlZ$StQ`M=^y_TV*Oyx4o7cv!u6;FC
z0BUY%1bvAPc0SW%OYnrIzJdu+pn0yt<8(1@XEdy}=RCCUU1@vr?V67TD^h1Hy0YqI
z#^XhJwl=u%^&->$bDN#bBj|(ip*n9@h9;o=-te~7y(TO6+WZeTF6_^(9*!0PySoP`
zh^FUa#CqObz;~F!X_ptCw7+TWvPUf$DFGTLMlPo>JEQr2oH^#1YxTEIsX4o!z9?v#
zt}qBFHXo8abw4pI&<#CuZg?{P-<Y)i-j0r`!}`)ow)-TR)E~tF4ETv~$;Rmn&Iz;d
zgm3Y#7YYVw%*f9*?r!*EUMmZL{YK$+<R-`vqp{oIX8}Qv5M#w&Ub1{zz+M2%!Hw9J
zjb<Px2S(2}z%e$FRlIx3RNX@Komp!*RkHcYpbLl&wal&orl5Rj1>=@LNjuSF$zY?x
zns$q+@(Ns<!-1!RUzM@rmX#}W+_cz#uqwT-iX84(Dnwe4dI+jlDu#vid?gW*y!wDn
znM_GR_9Ni~WuWf|Z}@!*rl~3L&wZS$qoeJbrp@W?DdtHs2ZYP<W=|K7MYn_h#MDXm
z9`C>MDG*t=95eNMKe7pQ0^5x0JFf8k&-~*x8NnoH@3+60jF{s;exsCBSp^>6cC%0W
zn^7lys$_JSH`;C|(7IC_Db<o20RPbsu1*)IU+_1NcNUz_%4X6e7A)?))k&OGfP3&8
zkA3rlca4EuS89*iYK3p2R#QLYxr$^|VKG2SIlOhiD;YJo1s0syP{2pPfRSteL{qfQ
zk*@<gnZY2xpP#y=LY5P$U{>X@L65L)jJK3twHfY;l|2ZX$N>Hy9~g{qr*!(iJbejX
ztgKx@f2xhq1Jy%5t?4XfsgvWc>&`WH*(#qJ5PD7fr8SAn@)onoR~ydG=MGX)A4tcF
zjPv0Tffnq}yX<LFXZBk;C$pS~o6}}l#ycjX1?09mqcL<2%$Y|~RQX}bZyEme@_r|K
z{Qdy#!K~hAHHVr91;_!ghi@KRHW|ZbQ@~R21GNl2sEzkH)6&VHb}IQVsLZ1J!ayPw
zD6)Nm$OW`(&+?K${}D2^+5a_w`zUlL%qffaRTxo*L%#O)JY1Xc@a&2ckh{a8P8}%Y
zw%SMGg|J=fAiT?Co@4uZMtcQI63o;I<NCM^uyn1r)|HJjMI)tww~Y$n^!6cHKpC{<
zLK2h2<!Cef6x>Q`T~A6ldVtyW;@+pE_M9=BYmr^$PaetJpZMJ>o8`g;?>%{wVzc$f
ztqB;zfw<BLrA!6mxfI#0anPK)WjtN&SN(OIS?MIC(tZtJ*B!X}MtEG*1OnDL^|fig
zl|gIPiAp#~D3xfDj<qFm;k#WgmE~IT&Aa-UZaBBho3Sc~eAoQOI_3OYanQx21%pV?
zgkKSDi4A0IQ2;G$2ffd0_RcrmIZ7eU+G{lrkcD;->9|sW0OyFQD*H}g5RcLogZ96T
zOCn~qZ6OB28{gGiW7P|a41&jZ=6mh7f27GUU`2g~GN>?4!7g%i>a?GjO%lKKfXcR<
zZzAaFHS*#Yd!iIw#sv$GX9CFA51&QQ5IQz&Dhi9wJIvTkth6P${}Ap~TMAapkk>PT
zrR}=XP|p$9oum~$G9DkiEd?}s#p&IF<Q|cFO#vE9YIg<Py{AJDMho?&j<%;>ZbUPw
zZ@yslsJ-K?UTm7$TydK5h1Xm18Hk@V>{x7fo|w{ji%&x%<n61z={2hWQVAV~Y{w9D
zxS`}-oumZO&%cO<U(UGEd1P6-JT@6F9v8WNy3iY|J__>avNV+w#X;uSAWQ{Z6r+J_
z&w3@WWFDamUmIBW{NJWB;wIEFQ*UzfoY&75%RIT2pVqpDH}repEs+3s4G<fPTjwut
z91|su%j@91UZh#EI~)cfS1m6P$#|gs#aB5|#R;pSFP%=K<V`AkCXDWe!HR4^-;Vj(
z4_PgM!9I2AF`bzs?O@WX+>h?_L9ei08Qz*TLzyVF3DCa7prXXmtpSdp?sY7dGSlgt
z6?7Krss@6ar5-cdE`_^?ClXkEX{>b~Rls3t?Mu!JGHs3SPfx-DmK*y<^TY25rN1(T
z%PA~Xo<?)JZ>p8YT1dzZiuOX*tQrlj+6K;g1p<`Zb!YZ&)@?2<Ik}A)c`ii!@qbm{
zL~Zmn3cazmK1ZM+j3?|WwC^|_rd?&frJy%F-VWksZSR*e#<DZWeN-DCXd!){ZU|)1
z@%A**A0@CzF_j>X4M4QZNH#=uxd%Z5F#v5j8iy*ovCIg%gNG3wZI2Y$fB~jDT)oov
zEp9jZodSS#exi4dm3AU(NaVHan(JB{aOU}XlgOw{6q8__BguuV)mA<DhDEYOcsz>~
z<T)!9Z>-R4>dUg1?GbC;z-YwgvRDj9$UXHIm3w4~$;cb49G4^5>Ey(ORl?u-KiZM?
zAeHK6NXHn2ox+4cHS_e#)HgoNFi#>>(0PZa_r?#;TqsMwc}v8SnDT6|lp2yYL$57O
zA({nJx5!>pHt$q13Hw5JOW(2XR8G7lXf>?rSlEc+NP>St*}CgxMxS#AmcDI+&l%o6
zF!^?AIvj7oAz3^>u~A5#KjWqsA5CQXo$9O?<GH7Gz{)B|bqo*1!=9kf8?#vqyBJ7o
zpLtJ&)tGsr?*ojaz!38+)ffZgBBuJ|AH93Seu6&GS0IVtaP;X1>Sz142J4sw`)gz%
z1uQX(TmZ2yR7**<@3`4qN|ol(#tmU^|G*_mxH(;Bk(4{Um#@#<cDMM2(~;nDVeb}@
z<W??#>3H@C>GZl`HmFeH4;u5CA`L^CT2j%>8q6SwaVL{Sh4#<%DX#+IYaMpDlg*0y
zz}sx$toa*(jZfcky1A<pmg9TY1Bb)KDtEV~vt$7^Jtq{U-EX?3ry*=chm2q=D^gN8
z!PLW0HkTMBvU~F^wL{tWOK3|22R_6eS#Ge&>Y8A&x6*^z90sh!HfDH^FDw=K&iw;g
zfLGPhK>0D#H=9=6XIbtnsS>e2(o3gR_-$7|^Ew|(d_xZxI7A2p99Vq)k=of7$7bL>
zalxR)vK+@oBNoI#^NM(OZp#Tfn817E5G1ExQw|<1lJikNYH>?sgRjT)S^;}1`j?MG
z$pvZ;#jM>B16lQizZ13cA--IN7)Ac|DEWy1&T_Vc_9|uy`JnGs;k!5=u0P0(Dw6@;
zF$tAk_r1yS?E7yJ0+AETwU+v!;dIeBsEWjwyW>^{`BOM<-e$aitu8hY50xCZ4JoiV
zWZP-di*~NG1q=#VeXtmDjq#`>$lIoA3+$+fbG53(_)k|2ve$wCZH}EBL-+-s9pHg%
zXTD?Z-B_W!HX_+nqF6XT-&MC`qh(YzpK;HK#no>OVFEpD<(0imY|=g*xaZO#o}$sZ
z<ul|zPl-7{By-)%-Ok?i%!5bH9f(6eit3G&XLbG)box6lFTt6!*qL984^gAgJH}-_
zD0|>cx*r;6z@mQ<rHe`;u%nu84nMDl?|#PB-r}~k&1%BIhkFsxdCuTKoe_O%;gnBl
ztQXrV2Y_op`?@lNT~9x!)j~#HjD-u|XpM_Qi9>T7+sr;tS`kt}sE&-~{p05QzqTT>
z%;nu`=+6jfC8<HaF@zvs;d;#4wE+nQE1{fY))|lLQOl8G5EV#_9LiQr_*DIMyLI;I
z??8J;He@}8%?1j;ls=!!2wE9hx6{K2Su!38;C+y?ypkmKgeFY%{XLlgq>q4D@FUe^
z1c}Qk%m{<)B@`XU?u*#_w7tX6y?w=C{+kr0+b4_z3Khw-%tUSx+~f%dbEz`(snj<^
zZ>~x5fN-0PzY`qzLA9bnr`GlvIvy+~eXQ7+Jt+;?m$uF|8G`&C{Iy_-56fF+hEb<C
zN^~2};b+g%dEd{zMb!qhBzX?Y`DZ}yj8fdhCbS7kiHc&g36+Ya^yi5pE~%j8InCtN
z*+a40o_sd#%upgIT4{Gy3S=IoFm|RUa#Y=3<Ui)87eZXOS&nMS?7+!YW{Nd-e}noi
zyK}KLv4A$HUT$CFigi1VY)`2-XYGs`QBWSvdL`gZ=V#PK0AqVi4-4m8@`zQT^3u=M
z_V8W7O`(g=>$PpJqtU3^9LQ}l*7L_!2~r?!SwS{{T;@WI;lSK@3GF0iQ=vjSc+>}~
z3aG>VdehP<zHYTv3zd03b`ZvbY}LFDpd$kbguYoarhF>AOKwma$=gD>WQ!&;*H;Ot
zOU6^AFK}L`UA3pejw<MLm~J4yS$HO>l^aH1eKw;tbrsj4h;}i$1xg!hF~3w1el<sK
zU09*P_h{mEjv+s+6+0a;7LiyhEE2SY3X_4F#8+7zXYUR_ngHjI;?{^Yl4^Nek&ou*
zrQdx*UwdpU%UtlNCBCDV%H=iEk9~C`niJg@10xRD>SpyOn{Zn<YS8C=(t6Fhki41V
z%t}#l$`lB7DFBFN2O%L7)tlms^)gfXtxTT<5aSv|9hfAjKS9anNz_B;E<Qi$Ed(6b
z4=PwAs_ZtR=dHAph(xVCRqurKs>!cR4>mnUIt(S}Q)!J6Owu`HOHSlU-|qRUN1#K7
zvdj40k=>u4zqm={%PPs{v^!6(-E={3G2r~v=Gkm4Gd)Ym!#Z~_jjK8l;^ayfl_PfF
zo2m1VyTW|}VwWog-E0#3i1OY>uHS2nXJh_Ir<8na=QC>03|JaDVQ(`mur--8FgU}c
zIQ%NNDf;d<J>CJZ(%KbPc^(_Bd(lFJd{DqfKk;e9)#FVOK19KlPKC=+o*mQd`GR^7
z>4R^$4uKoKVt?%z`BYx442Qlg?HON$&EPY#p#6VcoehT_E5vhHXg|xW?J6$<a%Os>
zg$ZP~8~$|f&v%cF`!VKFbYHz?vA#sR#A<aHPd;-{Y}%j88|L|0O{M4_m-U?<qQc7C
zuTo`CRujU)Q74;tol+n1GXT5a(6LFeuF3x@<2yxm-`2ZWKLaDm12nU5>-jJCUj4|7
zSZG)BeM&5#_r>*jS%_%hs^-izjr(VK{P=aHDTYHL30%>q-tjr!G#>w1mu;|4y){u%
zRGE=6e`voxdGdmpoTw#DzZrr%?62{VX7z&iRWY`*K(j7Hi^F-J*x!=9zMT4x6VH(b
zGP`%Rk-uS5h~b15Jol;#;0A_Qmu{!YcrJNWaqIpa=E@uniM*%&IO7*TJ+2hx!o){7
ztg4MM@V<g_Yz=A+Y_<A1^l?c?S$LF=sV2J^l-H+_w8dJ7WD?0H$~q0~*dM9pO;$23
zS2^^;#?qH>PJp%pwNh&&hYmj<d8E^u0Jo1K)RU9X8%KZ@$e>KBuPm%F1EuLG{PF@r
zBKBxHf=24nU9S)$c|w!VnKgum1qSMg{Lr0KA+39uVfA|i_1#v)?la}=5aP^fXQ{Bx
z{hovg^=iR9qDkIfozI_#fZddb(s8z;`X&H%0^{Yspl;58$2#?kPlYO#TFlTw9vglk
zgyT0qS0=Axn^i`gs4+>u^LqMfHg*(c2hHOMadfa2k?u@p_jCF}F2AV>LvMW3Ui@NM
zl!W*)+JJ1X0^X>5QT*vA;SdXUE3uT{q;@K-xhmQG-9i~u`{TqkU)7S<5QjU-7jjY*
z;m<&%P*;f?a>JtxEWzZXWU`LSla;VYm2gJ5bp<;+$Dm)B`S{#knrX$ZdNb?79Q#c?
zntH?pv0I*6t+b`hbTLnXN8RoFY7&Sz0*Zb3{%GthslK$RM}0*zcSw^jbHL|-g{L0G
zC<Y5f$pzdjVx*AuNdxy|QsLK6_Vs!!z;y#<(Y?}r>r*1iczL3D7nAp?*6D168y}u4
zOt|aRWrvdKP_VfE98s~7zRfjzL!5YAXtEybjP0_}K)j?(s?;>ZWOCpfM8JIQ<vYEB
zp$3YylF_9tyE*4X%Q_TFJV(LNL0%<@QWx5u_vlTYJnfZ81j;aL@z@vPq9#lJkgO-=
zhvDxr{7w2k`Y59^9g?b0yy+hf<SXZAJqnOSLS?sX(7cXgaMVTdFF0I9K^}T+C);)4
z>wKkn65Jp1d(o13ji_%nw6_q%*3l<p=wu*lZzdvJcdtCu{oF*-qDhL7jOE^PI9R&+
z;?6zTjAagTelsbDvOQ9C(vYU9&+tee#SQQBEIn9wbKJO{muJG~OQ}&{8GhN|#iEPY
zE+nZPozI*Bhx}T_`~y<Q(em-=+}>KtShwSbS?&Pd4iRvWmYhBy<E8N<=V2Xj&a0MB
zH=klj5ex1e)XX=|r;n`2j-e8ljm;LGpX($`gbBOD_fqbS*Yg%O$MBzN!dV}mE|VOj
z?gWV{%gxTcrF5UOVO`|;BMY`Z`zey#hbGEX0avfEA{^y5b>iJ^5cZ^aGn@FbE{H6>
zGwdi`$mdj{=#>mZ$_olYo+}`()-D0!>S{*qVu>R^4qvJ7IJwCpbt5y65jChBx`34M
z%I#40)1&80?Q2FQ4U!{yQ;P%l9=~i3ymgv}+tDS$2nb+<$g;Xy@*Zuo4X117uG2~K
z9Ija^*~==M4Gu^;O`~5t9MD<F7U!*uXe~lF_#=CtQ`ocHS^7HKO!b<96MF_SS#71r
zQEx#i=N}dZy$SC_UCz`WUwN*N>`p%aQzJU(1(VgCIzqkjWT2!&Z;z*Wf0#I0;9dhq
zrO}4Ec|UZ#p`5FtwQ}O!wy+-la=hsb{b0E_F8ivsMzu74+U~TND&_$%7h(dtpMKUD
z)eBV^&-XzD21J{NM=1~Ra-T@`>xaZGtfC6b3DM-}GQV~Jd>J<sew$@R^})tq*FZYR
z^XNLk8|<k_Qs*tcg7U&n%5!BDr;X=u{aGPo1E_O7w)b7r82o002Ht|#fmund_0r9;
zQoHxHLU<PUATJQI59?4UbOk-VR{CPu(`81SG5hh(b|#9|cJNQxF;-lbfZLbx0{Y3U
z2l<;@^_k%TIDwkSWZ2VC4(806v%*P;wormNL{K*Zm;;-bx{BRlR8o7dg^+kr{W|&6
z(Q~QIhRE45R6N!|K?q&B{)x5Q#l6DTf%9o)ZPT`qBD>Bz-AG^VVk5_tjreUiHJ<p+
z3B7&y)8q3>DS)gGpzScX+VCS{JaxfxAEHn$om*73$-R$Zrk=;%?v^rhWqg+c^Of2~
z&QZ7vcRrSFoZ4+DX=ev0h(1;Jvh>?4v}!`%x?#82rspQJhMC2&AM6YjrPvkH^^TFt
zQnHAp|8@1QHxa3y*;*{&(hkLVM}lPWApE=X>dvU(R(*u1*eYg@w!}{xUZzFH{n6Iu
z2+hnPA_E8E(3(V!jpIi28!ZsN>0&lJ1Qn8iL^T`lj^CbM?X1f{ix%0%SHS}xa-G}G
zlehHm{+WsFNavYuLPsyBq1LbeeIK7g7oK7|Ui}m#b|hC@^K?4fDdNldOqd;Rj_vNT
z7#J?3b+4l<TDvW@#MwidzP(&~I9BQwP><p;-;4=z91LEb1_``uYLOX#PsDLvnoVb}
z=b{w&1j3gzl0^foRF(I}bNIdjb!xK3aS-WaN&ib$=@G58<@W&`vzY`+JX3--;Lf5l
zrPRp+vJt|bnAJZ1PEpEhi}-A}@WT!Y;eG^e3So4fadQQL^6yN_XuWvfc_yM&j(2#+
z5X0PcMIP^Rj^k$Y*G(?#)#Y?8REW;0YhvXw*(ciWiE#srItTbSU1ML^{z<9xD0HtT
zM>us1r%vaVEKc1<5R%W#GiZT)^b<2~Ei%|6p}Wo4`xr22l5Y8q1;-`|d!T~joDHN7
zD?AB}1F<8BZ2m)p5nO_?>AlggDQ{yZiXg<Ea<X;x4uwVBiSC?fy1jAihK&c^$MotU
z@(J|AxWjtKT|~d9*8n;QkPAJhjAg|f1PPHh?x=Tz42?qhJzp5>`_#rm8kLp1dpA%F
zYP))4HX09jV|OfN^zxt$K?SEhJa-QcLeH?D4b|Kr79MOsXdw&3u)n~noptkO1Z<N7
z$^i4z_&NSO)E7qFBi^G~v44trpc^oS=wnz<4!L{QwZ?u(ulYw<F?f?B{z%^wN0ycL
z1fTti2-c=SzBoM$Kh+sgtXSJ^lM@Jr`hGe&UXa_TXvDg!%~&4pFE6??&tpw(Do^oa
z6Fq-|^69%(68ZA66*HbibkY0Nlg&<7K6th<QBf;5cgg3MDI1UL0WcMp$*ZS}L-J^l
zBN!wG<XO{l^BN!`3+VPzwHTtBpd81RHuqDQ3M@@WS9%bUMd@za>qSAR5^zi8^1HZA
zIEHfmmakbI`%wd8NhZ=*Y^Y8JXmEYg8qS(VfsWfY@}>>dbff`h14<H#ePMl~0GdaW
zmCxiQoV=96lGuXQ#pBR!ay8(i9(EGNsMztts<9Qr<##9W+i6a*VXh#LCwq@9nT1yg
zi6^aENB5Xyy$Akq)~5Bq!lOeeB!D6uqea7~;D#4On*)LUkm9V`%wqki%6WaOIpRsf
z4rS<V>#fErjFlF1hzv&mcQxTC0!;r(R-I)dwTY7r*}=GpjYgjUQeRF3t05ysZ2e?5
z*X>4D7&hMLdPS4rE&;>Lo3WJ^NmQa6P2zY5?iSPLnht@wfsXndnmW2JBLcqhV==;h
z?d<+0L?caF9&DqLHoxxT`B+{f{6P~N)?b|Be`C1$cWyN2i);HhAJh(0*nl>fAsIaJ
zCG4<C9<-<`mHi2QqYFu@^){Eyczi!Rj+R}T^qIr7FhF#8O{vOJH$mT%s}#S!Ra0E2
zrO=+j7hARkeb}RDjw$C>6c0wkm4Fo)tr^Mp(%Q(VmmAgSY$gB$FW!QCMm6!y^rsI0
z1tmfl9qU=Jn`(G7b1~;*cdy{pC*f%G*j-ar#B*pIb-@iNZ9`D!PV+Q5m)MQUDsCu^
zCZFD>&0_<Rm%_*9s_ZM6948cqp9L08eN^A32i{vHn0^SA-L&z>!0zHt`rO0Es{&8i
znkkd>a}@Y05=p3<JhzD)yAeNSM&(;R)f3O3+cZMKt3yjz$*k8X%DwpMR)w?{!Mh>T
zs^#wohVK4;U~|6!>#Fe4#j4%a2DyGb+aldJ648g6dx!$BS@d2WU#k7@U3S)2iA9!y
z{D~Q1?+$I=Jyay$0Q=9MW&IQ;@7eHCWyI{xpKvD#MGq6?r0mPIAtGDvnu^pYF{Kb6
z#OVVi_A25Pn^I3L^2r`r#wU349*%;=M9r<Wv0&Ih=7sUgvu=vb)?j(x2r@qBpiFZn
zt)$5k`{O?5OplL5E)!vz9NOH8iH{sOp6s3<E6iw-GhU~ki^2VFPTjUMQX*@_MlRaG
zaaug^91&k1G|q`@D1Q({`o+F#lae#8P6tm*l%m+GhRXv`BBzwkk3;HGAr5}chtLP`
z*Y#mi--lTJcYG~@LGlyxYLPA>3D$jMU$Q`QC}OAVuAS!7`#P;wxuFK<M>9O@7B12?
zSO$7sqlF9QDkY^2<ThSVpK6Xoun!J;juwe8=?InAGQPOT;n!4!L-m-6nBzyZg<f5~
z@aR>5FtS?o@U06e3Fmzw;dpq{dQi~Rx~5bfZ+Xk<QAPB-J4~;fw&CK_dmqd8T<(sb
ziNfMFAg>@;5RuUV&pQ;Jsu49ITt>66@MHo_ut(Tnw#nhYK<aWj!NOKPqUgU-Yr%4A
zPm<s`W!ZSK;M)G=NlPf!oi4mxwZt;5FtY5MZDfVoOW4keQ=*+2yN}A*_e6{Mc;9nu
zO&$>bFpN@a<6c~DA8c?_qmWymy2}*|X8bW^kwsn}Snx4rD>ph&8_0c7T5^9*iBtVB
zPqX3+AChz;UeG&voolL7cifYk!U7a?eAU!j{_^Tj^q%_^bb4QW@u{4#6I9Xd;AuJX
ziCBo9asX6pl?2AE8(;8|h8v(Q<Y`oixjc#Iap*DY`KTuOx!mfavVMW;9eyA_ovdk+
zckjlFZ?B?2$7Ze1U@WS&i{#BE$dMS}7%VdE+_v$Uexe5Y*#L=E{_;T2<g7HeGPd1d
zF*DS5Z2)U`lkvo*@MRk!#1ljVh*00x9G$zs6hgs+z;EC0K||${^IxdRX!J9Cp5)Rt
zK_FGam%5AGutA^MQDGq5jb^t^p~R$KE~t>Tfh-K*Puy^3l})uo|6!Y>WnNlv3IM;P
z{GNVUCSOu++diY6EvIFo@e#CU*>exiFuTLe7fgaM{!PSYiHPXyitBzuUs|EkHUp&0
zzKN^p3e)k@e7gD>2uWtaiwrAvJA0zVWF#xT4RayM`@OU{A)IHEA8!6pvi#~v(0azb
zH2#qizSJ4h4(Ng}qw#6niMb!O88}bd3)$z;4;~l$=MC3_V1>P2foq@BZ}L-0CcqJI
zXwtC;E{C@qj5;=5T*M9ePROq6xKXZNg-fRO9`ztBJJ~ua>&9UrI1*=1Ft2;((+nE2
z0Vm$N1)w}6W5)8v{ZOi!aa_B!=KcJ9cX^0Q08VK-UM>`7LiZN`wI-9<xUIVD=x5P4
z5iZzvmMEvC9k+aU6L=h6vt=q}Ixyi8I;IFJ3Br<PB;~zzeQQaVA!Yt{gFb;?Bx9g7
zI-L3GuE!f(Fyb3t6qC&Bc8aa8>HQin8FQY97~V`HYEu=<ziG(azqZdj!WO@t9lR=u
zD#Dpd##71w+pxV~Qhl<E(U!2ltv#GGw#Y=7hU2l&U>W?0p*kCQU@kvG6{R5V`Rc};
zCZLGkn<#uq*+0w_S3>Ln8j?|}%&Fks+qOOsXM@LvH{T4v*QMsS3#YC|U8^rrjt+T+
zbLx5J=x-P|`5&B)PH8y|zr0ZGD*UutzihP5U)7<Fs4Q@JNjsa?CGhUE9j1_`FRR~`
zPMczY3Bjx7fP+EfAFJnXkeGlglyS{dX0?ohI~(x8JOwV#dYnd6P=Drzxu?n5FmZBQ
zPb9bzjr>)V%tp~dh1{S#Mrf|7crh5_e_=}Cw8KT-u0@W0c!s}`$1-Utc>h+l<sRAz
zvcf3-odD_uKq-(YN|Q01`|^F=cxBK$K)ukl0-Kama4Ls8`RHhEK=nGWYYRAsfbg+4
zaJfmb&sCR%d}6Y<h*&XpQ0EiU%F}#t9qSx<|G7eFfIM@B%~GWKRAnb!l6zLC3W#zB
zgZjZ_9i5sHxS?ceIb|wWl}@*4q=%3dbNU^eVBNVX%#JpcXPz+5ZQ55b*VNy|5O+4B
z^FtO>j^v5?2hQHRxab^(r$-wMQS_>qO3iG-a`Fe&pEw!9>ltKqfB0G{l&Bx9a7&&i
z_>X!O7}ENFN)Lff<4pS^=67BmPvBY*K<17$@EY#Gc!Bz+w54!mz3|B9>XI+2XwyAx
zE)9N@f;_k?Zs_pR^+ju81MAPQZ)kff#<y~FPDyaZ@W}ZGTjx3*k4Yc5;#q{vvUZ`t
z;D|fB&5tr{LVIl>&u0Tn+DX`3=ZvKXFizd~SM@%RBxG(FpYZO9=p<Wdjjp&#IjMYC
z8hIirBj?XGclAbhg?t1PRmCy1!6xuGia_ZVyYAICZdZpLE%J4gfRT6%^Vd2SbfnTn
zB|EE@iFJExH!{+B+hubP=M5Q!FJj+PmqTIlV5b`F%1i3@z;@Torj>f$ekwHXRk@x&
z$!B}4tb`i#*SQ$9i-OqPj<cS%Lf97M3plscZ5BAGp)kzqz)^w^tsC@*zKd#e$re?k
z1hC~!u74a7YP8UJeLR~(-zE0$ir=S6SUnb0B5xO$H<ZtU$D-vXy=^evt@|1F(?MjD
zcF<@XmOy@;!OYYujxV^)Fvq>1q+=6Hyv|FBU-k3fAK*wg-tpZCEBN=nsixBvB`@}D
zGe9N(>7pwGitqwyq-lT1iT}&pNBvGtlumc&gR1}jDW0gpp`b|bGw2Tg=U-}DA>Ve^
z-XZ8}a$&-R|CBhnNvPdv;NZ~b_x`q>YS+Wx%_r~$G1B!mrPVRKY`AiNFP-1D;(vaC
zJ_3&|#I6r|GJm%0{_lT6ics$#`i?0!z5V<3{kc2WZ-~I3&o^6dj`okNcsiy0^Gos{
z-*7$p?l3$1aCsAx`NL+w-_6y(e#6-c%-i&uqQHZlj>losahrcM>|g&)Bi0QF-!U$!
z=AF6BZ$xXGAlIGcN4(kZJB-9^>MhHo$8C{gF=}OXiM&o<%E$%W8AD-wAAqu45=cdK
z#;q)M|GQt%Yb357>pfpS2R{rnb^khQ9BFi$Nzcx~EHx%_>f&yOLHNWroe;BL*WS9*
zgunKwe-E?-d=SEFB$tuAEcnmg{=feWJqK?RRY37j;(s5ZWHC?u|Mz46-%AigzMcua
zSfAa`j|=00=b-sa?E!L)Z+Du*&*`DoL%>Wb;A)VM9|FF~OXEY?$()n{l>hg|{Ksnl
zi7CJNJO{?-OkH>J<SFn6pXK9H-pj&A>WE=r@aQ^jO1Ga&-UVHR{X#NcM|j^FzuW0`
zsu-Ng{row|<6yj~JCjY5PGl@IuOO<o-yBVTAtGpH1PaxWGu2%6HS;pXF~HNXodRwE
zYD)|%Ibk3~OJky;P@&>Sz(d`7q@>FA{;yR^Ir7@uQ&lU9RS1<6JFXsty*8)Lf45x!
z{B^uW-V3ITY*<c_0}lg}6wv&1HUjJ{8ofr}ZH8}yZ;^b1XoKs*K`6t<?lC658jRI=
zAT<hvLGcW=ipkM<gR)gZHi?@FNOtfFJQn<M9=`4q)T%Y!yYrTiLB*5%{wUyC*{+WY
z{oLE@WUyLj8QK^~lZo=UJP`*}t(-EQ;R&C!qourg6t+#}0<gto?N!SHVcLVWf%G!m
zHDw;zjrwxo|7m5<1qzn$Zvq(9q=52ruh%G%Yj33&Yq(ZtsRx)YXZR%ou}DXcR+S;}
z&;mAIGe5o>$vsQted;M9V5wVo$GHGx^}cFzqX|TP<<T9xV0D!8mVkE~3ybG;e~S*h
z=13rb5Aa*7Mv&r?@!k)<_aw3@;L2)!13X%~&jR|do$k;5?%#j<5+Jh-6{Wjh<bUt&
zmAm)o_3Gn1K+I_eY{!?<)79E#m^t&H1UEeSX1M#ENT&@H@=Hg?11a`f-1rp2sAb(@
zP3U?};108CUsvYWc4Px6cTDKbpknWPRc0|W45RcK^0CxkUNYZq<05#h{>W*sn}aXJ
z&kF3@l-J}DwbojLjbSF|y=;&`9LzD@w_#Cp5Iwupv)pAL$U(+!8|i*=+9643oeT2G
zwzDKZq&!=SDXeQtfBZ(xE$-b)PeO##-tu**!y?cPrE#i7>msp41EM9y7<nF=?=I+<
zCW<PWx)p-#38}7+Y}eca754pr9fJFK4;;|tvPghY0&q-3VYN~vH$*TtJ`O1a_}yIQ
zCuMh#*5bx{=(LsqyA)8vnaY{HSLb^2VK-8WI-C;iGMzT#O10N!(>$%2@_P0{j!;8j
ze3WiyhfxXijP&4UIXeUoV*tvH(Za7OQb%1br$d|%VQBvz4#C&>kaJv9Nbk$8k4b3W
zc&MZnsN_<s&$qlggXnrOuFjI0-;&7ry9<cg|D0w5PWHC<=7BxTj}jA*VWfv491Via
z8naO5(u7Z}6>444)`qIeltZF`ux{PnByt7ITpe%qDxoX!f-zsZbaTwGE$k-^FiWo_
zv+m#D8qo01=H(Q?C1(b};>Z#Z)WkGoC2C;{au$IMhBjd0YD*T#1(<OWS8m72)7qfI
z-rpQj1XQTcWmcLq2jp<ToEx5S^l6o8#U*3Rj{{kOlE9lb_aaeczSSWRA3DQYR*&6^
zgO}w10;NKMuh)CN(L?G(K}!<O&vhVzO&H`qEDS#0WoV#R&7=ed>^9>^)g)kfjLa=y
z(*?=^Quuqtwub{8juagIfF~mp?h2S<Tm82I?^etI{AnDA#fR@6Ed3M9@wmjC68_jQ
z#_|^dHV1YW=(|fXI+7fAX34nN23LSN3W8R%r)!<|(rkZD%K(~aO4-hEim@U{glHKq
z-MA_GHF?H^MKS&I)m9@8s-xCYdqgWegK}0%<b7?;Z!2vSGufw5G(8~mjgeg^hU){5
zErmNwni-uMWp8M-s%-ncUk|+MwoRlxv-<J_ycQ+3=ERNxlU#G3GSH0!4}$$Hf_A_V
zq%*~Y3S=<@zu^cojk0zf4=!Ip(z60`|Fx6P^LwOKFi(r?DgyBi-?L9qo9{lG{bsr9
zKEz3l8gY8-Bb!0x9jlY8(*vF(Uj2XVnGjiI7QP@7RPsPHs5Np?7}R<8fE6@L4-{>I
zYj`+F`O}fp188JI8Zw?AcZrEfLz>gxorm)vcePxe!fjweNi>lh@&L-ZJzZn+ZV6nN
z9v<b_6=!&nTuX7ohv>zj=GLId5_7pNlmToD+*RVlLtz~t1D8RE-h#?;44ar$eugoi
zoOLsRJja=5P_d?554SfMoFQ+#ko1A0`jIUegfCcGHlaKV4<a9Y&kZCjkX~ca5#R@{
zaetI6$x>eWhM(QnS})`iMI^y^mwVsEgj9|Jv=>qxhH@1(T7qCqfM}nTp7rg`lBAn7
zFu)i_ZWJeX%lVGvxK>{Dj*$Mfkl8usO56*u`FsEj+neKbl96p%ib<V)Gi7G#Qg4>R
zA1PttTttRN(Ad0Mn%k>4)8WJe4oTtDHD{|P$$-MEo^x!_f}MToW`}!OvctMkyu%Sp
zZBbi&>MD5bSq^b;GkB!mEC)<pw3xc=wg>yyvjaM8P?OVLLK7ca58el+o>)r{_PVIr
zvR3Q7Hx7WfeNb5L0v%^@MW^LvW3HB}wouZ@c^CeH{6z@9AKX@G)p#naBoAxu=EzR{
z4HVnZD0<}&EOn=n`Kr&6H8zILQeGG8J5L;NvVd^WrOqfq%{VAoYu4U~0;XuTN^T^u
zi!&)Cz)7OVd#JfERcWuh$CZ&^1CGjd1B<UcXdyS2HwrhzT(5~xUaB9Fc%2b<C9Xk6
zJIL(SqnZQlguQkuihouPUNK^Vm@vIY5EDK<@cgS-Wdc@5p+LDA*lXq3jXI8PC(Er=
zM(o~<{4iV>D^^akZe9Hb&I}DhwY90Ln6DS3g_W94m}_QBV6`Y#7~96~_VgRBs$vQb
zyXPq7?avKVyF2B4TO05gF;g!!)r-nRys4B8r}WExI3Vjp_`>kj(<w#|^=~gRr^MdM
zrKyoKggAYFM_8F-lP>GbNK^j8uHZ{`r0q$b7EeNl7Kf##;S9sqjd@~sFf-DLCx&YC
zj-nFZ?;`rEKt4;(M9{r8*PhnP-S^C@iAr*<L3eXUqK-ZcO@SlAHWptzF)JN@a0*DD
zxfdOZ(&S~z(B^mebhhM4BRMBZn7ZaB3+3Y_W+q#T$vyGwSqP`fP+)nZVHfGRKj@y<
z#kDo|H9#3-(~=p%Z8h(!oQI05l_p%X_HbWuujt<J<!2ROhnzdXkWZJM1;C&FC7HNK
zg&kI=#5#V9MI8nDJ$1V|{Yz<E-e`LX>lH8~;6Y{Q0ZuBLEDpU!M=gG*-IrSK`)#*s
zf_Jtit-2?ij-5AUeXM=1FHGKW&t8=gBK{^s;|y)J((B%I`oTp-Lgs@9;ICq{VCIfl
zqF3q1ByW2eT$wWh=)8%U9PL-y6Br!1^;y6cqxTN!$|4|hprQS*o6ukPp>k@(4?dTm
zj-~b{I%;0$u8&1VJdLj!-Z!feE-fKzd|R|oq~@{T?%M!^QqoZXBIpd$w;X1eaz$*q
z6F5fblOEfo9g=qB>RUC1aiAsF4(Dhy5zxtoY18N2seUuN<XKH)&z>lDUjznoRD^d$
zS7N5xe6J@#orWG3n5SKU%+!(?QJ{A)obyKWcAB-*^84zOz-gt)a?2ZQu358b*ll+$
z-PuFlf-}!)k4OS=z3gN^Z%<W94$uZO^->fE9N`K(QxwNz+C<ZZCgG|+**Y?gCJNY4
zTW(*{p_BPh6(+S3qvIZaooo%LMhof}6{QYa<Eaym<zcL}Kjr1g8ookc8i-Oaae~I(
zhCIz$eBd>q{iR&F)z?_W@v)0q4ffrKtK6#j+^3yU3^BM%M?em14Uo|6nsh=M{dFx!
ztWg=`i*KtoHEsb^jGxB>!h9>Nx$@)`Rnod#oCzt$Tnm{xHZVsNYh8QvE-ZU=&yKe2
z*7KYXLgUL<jw}K+1z2@Lr!sBK|1~iGF5JTEO@!eJYTU9Tr2G^Q_Th`8KL^s*nyzM1
z#E+kt3fg*gf8?LSx4G_?bOIZ*l$d3v@S9VwIDCzLKC_vvD<zmLMt78WyYeI`hY%P*
ziMWd`(wn0R)Hemo3jq86MTLSiA0w!Pjb<X19w@Gv1@b}a(4`WV&1!7jcs!=VzhW%h
z6>8GPXbp9j%{K74KTB_Wj8Dk~sw-rxj4wBR0;<KJLhwG<Wb6L=<!-w`omuZN`xfkt
zT#Zr*FK;xN!jd3RdEF^Wla8g#RWFNX%7QiLanlFAupG-&q_b1C7_%lu8!BtB^Ena8
zc$P#_bBELWO~3^x4jEMy0AgpGQP~xnke_|c1<o5pS#bvUAQqu1aK^5WV351Qx5gbT
z8FrH!G9y9^IwIREW`IS$Byb%u1V!EHWSot5fnWpDihv<~Yl;0zj~O3^#Wdi^6xfGT
za$OnUpd)Uq9_xl^q%pp*7MD$G4NY351VgglMDs`WCWs(dW!uZz|G4D%8nwnD8(*hV
z*>3SC)@A=F)j!I+BZ<#Tzq|l`kDezBYW&Z((;p9g*Y7om`z`#S(&eGX=BU<Nic$@|
z^}LG{V26E_I3L>TE)FN~72mS4PG-nPcUiIDn*j3ArpET!EtKa5pdROr!L_fwy2MaP
z5JJIN-+fWEA^~{Dc1|E}<@HW$*5Y@`&Cx=;Tn1I<s$4PwcULXkTj<&xiP+l2+aU(P
zt|#%6BV%YP=YevC9{eyzqfF&JA3bk~bixzm_xFafRBYa0$<aD;bjLp)$Q||RNE$lV
zgdcXD@5#NW)vo}_!eYS3d2_J$y{VwQx0W*H4-I-FIeGN(9K}}L`IQ(|biBKiKm{<|
z_zW|yRaV~ZxRQLu8Wf+YPv1vNipFI)33i>??Y=D20%4+}G2}e<(z9cR(kHN+)y_Z*
zv`)PZWOma^h0z*iro$Tm(<$rlR`+s5WuaJn<c%<BrY>fO3D@oi*w?~%#{2$6mb?S%
zJ5YM9p<h~+F@ARJhCImaap|d~Kjfxi=Ygpd&|CWb3upQZjsif=HGx|k*9$|N59i(^
zY&Ix+T5q4*(fSaNr>a;3&c+hMQq&jgB*4O4_CEo&cl-xR7Wuh;O(syjsE4VQTY4SV
z3JITaTFtM%p`WfZohVg?Qg%Z4=$GrRBe_cA;AM&rda)pnJ-R+p0O>(t<JVY!u}E)K
znE+g}5~IMebZcBlb(k(N^%=I|w%^Z4ky$}dHwHVq+~*$Xv2z00{nnU13&-3X{;>;R
z1Ify~AJ&iJ7wpD^t0XSUHMJmVcx!7QQ_+YGIl2bF`H3S8hvd+Qd3zu|AJ^C@e~)ql
z6oCERb4!N8TWG^c9potvsu^lRSbU?Sm3G;OoX!(IG0M6ZC*Sb&mC}2(2JP%rRC3kt
z3d*y&8Foj@%(@kut|`zJu8<QR;w3&u@E4I(_rhC<3$a#omTZ4C%Iq%U7SesIOAqOw
zdTDV_moGml3B;7md{gw}_l3X0zH-n7@|A~A`I&0??31_+4gV-xz2KPD6GuU#Pe~!X
z_Usc-x79TRIs*QYozDb~sArkIHagYSO&$I7$)vv0Y5x^~lz>aW<Kw&qcD{Hey*zj&
zxD})#3FEc&B-MG=_Fn+;odn=`m(=eqAm->fq&(j4i%~!OiVB%DRc&8?KGhzkvGO%k
zAlwV(bYpi~GM?4n^>LdPay}(EGnKuucr_ARp|sg%RrWt}O;j_LH*BtN36iL{wv?}f
zA^29JbJg3AI?hr)b%-b}6x~zT9j`GdlRmZkP#IgNfT!_u!}-%w;98a%yvzCy#^)~$
z<o#uOOPVWVd1e}3M%c{^fjj}Yu;P!AEILA};)(E&W5Xn+WgtG<goS>Qa5s`J12iJW
z6>rX~fV2v;+^PKO3O9|VL#snb6Aso0snqLW-Y1avha);Rk#v%xZZa976AvA>b*?Gt
z?W_1VnLw>^`soIh;{iM#whQq~QO;LU_A5Hmd~cN=b>GK?CGJzeluZl2yYiCI<6ngJ
z=VXf0)hCPJxYIy2wDt!0L=>rxZ0L-fN&2;BXY-BGW|Tsn2P}vO@~d$#QJ`Lyn=7VB
zB=@*fBRM6?=f5ag25iEEK@}}>aQS(jXz&M3U7gt00k^Lw;>39~@l=oNkG;|JCn|h*
zcBn)WnXaL=gf76LS2<s}axNLgaZ^35wu)LhOx}92>j7;{LP;n?vKSJc&7(J?g21af
zr*(6xDpYl*LfFh(8@pK8$+PUao`=B6qT&VF*n8TX|AN8f-~NM_Obsr!WQmV{W|OjS
zV{`PIxT=eY1sy+sVm=DLmdUk8q)QYncc&<(hg4!(hXp0EKCjKt5T_JXa-cW$cc(Z^
zc}~%)S@ZNB!_I0cJ{7mac8Uf(C|(C9z;r5j-#eDZI%l*yGA>otoO}moZ6rV6b)any
z&Cf|WV-_k}d%nv67H~K=`4j0GQx3Nwi@y3CNkAf1PE0WWQDlU7KsD2kVVzg+gWh_N
z&3lhD$Nvpl;}E##y#y3x6*k@wbliK4t0;1+!lGWRH}J?DRF-Rw_BlOz&K2MDEsu8L
zo558CBfSDbcO-->G7X~d`v_$aKXfcGXu2Y^K~O*1SDMzs91Ny~SRewu8W@(kKeAnD
z2xy3g!nC-7N!(Yl;K)}paqDEc6UE`cKu92a@l|(M|3Q3ZCjG68e7XU2?@txm@&cjw
zd#8tIJz9!d=wfwQ8ztgL=IWd5gbli*2y%cY7*RMD<O6^P|FNV}x=D&#0IuvjN%MEW
z`ECP@>%oy{fAXynxN(PPKj{ax=#2B5B@74|YV)f<a0_%UEm-HqIWIfAOdD`q{3S#I
zpgDY9@Z3u4^x=;K5{{RRzB}e|)yy1gw_e$u>>7TMbE|8Q-8kXZo<er@5?;*m?TcX1
zanIDQsVrX}bn(g)Ny+5#Kl&-qXK>+gR0q8qk??nS=&wpwjSecbv}5_w3vYuR2W1Z>
z3yYrmF0ZY$Z2U^Xo!zT?Manc1p@tFu?rH!KeGz@{`S!!D=natLOCPE6lJEmnp++cl
z&@1L<wKDv*qseOwS|C}B0?FOks=QLZJEfro3cW<=y6(&S#?P{>Iq&|A3FF0G<Y+wc
zLM(Ka1cbSj598DKGH6=lMYH550nb>mT19OWXnR-{B#|ev+8_E3ae83#;n7;rq;j6y
zr!9>#^L89NMLY^L9pC;vSXC@W%r#Ol`_{86Uofq!wz+Zxi)#&0;Y9??sh^=gzrZ%$
z>x|GSHJiEhqe<<8DkyGevw_?CP&CI*E%E%5P}h@Ya$lRGmAyi4%NJZ(jV%D>wYzxX
zAMgsa>@#_ViA?hKl@d6OKLA<zRO(Q6$(R(MF1yR2>Dt#_(r8sYO<%O^lQAP}#Ow`1
zF{hx#?idzE=?8sWj{1Q=$skFluzQ%r5v--`#o(Gz*tBB%*Ma-1k>c%DZ?ZPFS3QYn
z>R)Vhn&y|T0`WW_hlsS%AG1uBbDXI0;`noe&E&9n!hmbsucezQlmOB~R?CXCr$iqh
z`}(eLHHfi0<t43lt>(*z`b=U99|}>}I#ca`#<6Ct=xloVvp4Qwh0osN^cC5khfa(L
zlAghw@jF#;Ei-)EapWIB5JJkePJIYOUc%P^+fmd<f9FGa3vjfnm@&75`@vTjcLm*q
z5^jy-&O)|j^~r$`1Goqe7)oYE0E`)<O$boGfLZ5*^r0papm<TZFe>B?KiZl|Cs&jB
zT3x&~V>5f<ZJB?pjb`ymP1nXY70Y53FxS`Sfvc%xjv6sX(H)$tlNIu3S+(S}3V74-
zk%U-0-xh**P0Wu~dH0`ZSn8!~1_Qm=Kx+~ZQ*b3)Z+ohm(l~+|xUrq;G#Y>SiRt8h
zp!XY|F)Di5p4Ezh!rOL($Nv1|t82sKjRri@y}72VHsH>Cz($o6x>MXD0&mj_#PEZz
z+b^`>;BzUw6q3+W46!K{S;9ayf;>YU`g2ygj4*G>_-=Xo-CW!0CP5tp4#{no7iYHa
z&-Tr#zt-plB8pm&d3rN!z*@X<1`LC<0}?;9*?-^ru_X0@UAzZr&Q&Jq7vc4H@hhlC
zEm%m$m`K?3_U~Fun*bRR^3b2ur3Jc;ll*$?@MNU~l?zi((c?_Ur7e>FAg|+T`D7Nl
zRkBc%82#iMf^0^A=g)J!0!DA}UfnhyFMh_IZCNss$0drZSa?k#H!gbh4cPCVyzt9<
zO8i5+#wBj*N8VPM_hhI*Flnk^=;!6vkN0(q$5RTG9|7a9hK&Gn|MuL8vXu8X9n{tR
za;6Fm0uqU=Hz|VFV{`^_SbKqH^c(62X8K30zTfES#lN;k1q#8#q(5>#3&o(w0pNLV
zVWGms*U*$VQCYI_ryeU1g7=dlZA@e74lJ<(GhE_^Km}yjb|gX#_#Tp+m0u<nDAKSc
zZ8fT11>cqzz6A@s;bGaEC7KE{&@~M30Fb%dl}H0jF^W2Bk9VaK=m^lRGiCv(tA191
zoWGno;69SrA;c!SE$kcOhh~@f9K#01rR$piDH+7$qi@#aK}z8lRW9~h{q|S4*9#$7
zZzCLyV0GyU|9b!=;FGt?-4`lz)Jr5mD}p*#qhwGYZMXUMeR)B0EI<HT^$J8{y9TIB
z($^Q;>pGa1Zs~JC_@JKL_STCczN)ys=!;0gAw2s#NxSp0JVz{3*c4I|#m2d4w-<3m
zub@u4Pz%=ln@bF<TWDCzCM>s2;d0o3ryC>ZlyUq}d@9yiWSe*KyO*1GcJy@5m*xis
zAp3J5S&o9!Q03(2Tp?<2l1@uVRNZn<l=A_pH%?=H#duZ}Ln=`4M)wsO^}?jeiFXDd
zS~W6p7KZ)vb!gsL%i#)6bb7L!v}zhr7I+hF8l2{nYE1iruZ7$j0c-E|4NQFrj;Nov
zlCgt@OuhS1`qNCutkcwN0%CfOL;}`HKaTbvPCV&QTub5SfX3@Cv<4G6Vm3hE<-Y3f
zT>=&k9s6tSDUN`(t_keD6@KEqOU_G~uIB1ZV~&oC98rYT@zNWu$PH^!@b>@5z9#{%
zh63XtM=r&9I!s?AuV4^{YfOSXRV4Kno@*(EG%uAM&6MK?#9A@5mx+w`<JsIQr&X(D
zwRRNe+I4|rNhHAKI$qJBE_KB!#?0lq`rSkhB_H)aASsT)6aFY%?g_$cl-y5FjL5{W
zC&0@bqC{={DqQbL$fP0-0A7Z=D}I?f%xa%)#u`K*jkg+|DY`~G2pMd(97EtKA6aY$
zafUR2QuAfSJ&(>i{d(gCTW=7$LeqDNh0BE|1xJha=o!gS*+xImcrX;EBoU5d8(w?c
zfi3}sis96F$v1_!0vb;&!fz`pbX>ULQY<a!#&O${@CF9y;kH#l8ffKU0(|H#7cx$=
z4S=S@NFx>XV}r|P>BH_)$ND*ct8yDBK@Sd3z$L=xHiL@hh)AA<0pgobMkzJD=si>l
zHBhgmO2<CTa%VdMSgn@7<r~O`s*DyEB<4NBWR*_q)b^Y60sVnG6M*ZF-cfMxFY{6j
zCa?vnYgO6~&25DF;M-_{3_9Dj@yD9WNDo`T|9P+fy-xv#gJ&XNes9Hc_y<8G<TgcL
zBGAwI<Kz;KKx%Y3SRIpsdgGL8E!le2>tb^$>7rol$9#EubA!kiHVXPE2S2Kp4r~I2
zMtkCEikO+zi$9Jr0n?j-jic@90V&7T`f0bL*jX<#-yQEiuq_7Vyqp*Y6>iZ)KP;lv
zt#?1`@?&bdo^v4Pags-Z`h3;_o*fN3VUo$-Xen=o=w;`+H|KuJk2qrMk!cIDLhcth
z>x>LY`KB=_l!sxH^Gm<isO;+|X)F>7^I1~l3Jap>O1u@nIoDG_E*zdc#|xHp>Jd>^
zK}fYg0Wq6?M!dv>gUX#vuGH%Edrw}&zrQDpx|ihsrN&);ZiXl1WVJ)P+Q}tRM%6F!
zvr#QUY=!p?-iX)#$##IkAbmx2yzw;u++4INkay-=B0$if;8JsDMq_!&k3^E02hUOT
zMs&d>?w4}xC%z$0lu;J>KrvRiCMXXT#h}d!#f5!2E=}Tquv@(q0Qe!bb4&VV8XRO3
zg%>rz(9%in^l*&|D>A(o-1NRQm4g+b2AqEK;!YllpK*HS8UZ%sz&5zYwDS_yZn@F0
zDrYIZ@Y9ldKo~_A!NcAf;&y0fDxws}x5BdZf7pA^u%@;rd{hw>4@wagm8vL+(ouSq
zCL*AqfOJHfG$BBMP()Nfng~cINEMOZ6Pi+@v`8-@1PKso0tASV0C#gdmUDjRJokUU
z-TPdg#}CWxHhb;avu4ejdFP#oE1Fa7iNgN10NK4taB-8rK^U7<>0N4uWQjPt13_HD
zOLoN)nDD%KFXdB`0PFFc%O!UtC9Tx1e-KyUuoAhiB9RZ<0kGITmZ&ol&gY)psZUA1
z^xhcTiZS%4HC<kpP2OHWI70J>k^fM#eTScVP^~T;p0^Dl{xZ~o!iwn*anwF1+hwF>
zMLO2QZXW&mWdv+j1UIbpDmgKI8K8vFuVVD=m<Jj$-0)A%4ZZt0_yjglG+^7e9Zs`h
ztG@|Z;!>wS!Xf@?_5dN0Gniq}I&Q1ZuXs5Fq~e^E?zpis1-sF%U*I7rGYRwNP!56J
zxul?zKTrTPqOyn4J>>(f(Tn;aB3KO=2aZ(Uc_u36Io`NmpxFZDwUFTVp+v>58err(
zd~LyRqu)T<ygM>gM%I)4l(Gx54AE8dXKea+llSrTexLQHWz4O!zZ~$!cCK5ZWlaZ~
zJVI+?KdpAiG!51OfuK9MN2hb#>VZ}XrqdT0Vu8L1v$a>mY`6K;?{=krY-_S26`Gbh
zqos$7U1L;2CziUFJ^1^CfTAscAx2yK-6Kou_WIm9o0o@ZQM59<b))&lUVZ$gr792(
zOLJG_$aq|;)h^e{P7IIs%QD-p>oim7$<II|hD@5`u{xhiMQL|LLDM&N?j8^*%DL8P
z-I1W--FEzy9Go-*W4uE}w6M>UErh-Gl?gg@v}YsW)g{2seIQIL!Wgtr<GmWm;;RXy
zG2{=?eh`1KWKjbYJzveKb8tDe>6W(W2l|a>;=6c0UfvbVpcumYCldChA}#Y{QWxA0
zdA->vSgyVpV;shK_6h3U)rY=0psL1vD<G!#>Z-B$>9;BeY5#zG;$x!~w$9te3a@k{
zI1e#iT<}w4RNt`){m}7}iCcPI>Eaowhvl*S_jDnP9SQQLbaJ~!_ApRH|Ad;Jfu~$`
zNIXQg_)=WHWav%6+<?b-o|`D0nxAM1TS2+##ilQJG$A^=`-%(*4!aBuCyjY_HuHUZ
zXILHN*Rg7T<jQ*z?SKz%|KZ&Z7?W4*PNb;`Ja~ld!E;ymd!YFkkZDzps&bmw7l1tm
z;voWAmQ8A~h*<^QEL%%VG0;)!^rr<0RE}2P+uPY5^WvMeI*Fq9^xvECEsn^@Hk_+p
zUa$?5IN~RT^zogtp6(j$>^GHr{XfB=b^t)yGUosKD9IZ6{4aiz-N-qB7=1)K@h46U
z?00s7<(kFUXViEG4%u7xRbMbdYXAbKQYSdBSpTeiV7zc60CVu5PXdl_G~^jcmtDr<
zr-zwul-qUH`1zh*@SYA4KP3hbaVyc&Skiusmn*vYGQ#B2xS^0qb$V0pS(Q{FPXPPy
z;VSgv?Q@!+mb2@MJVZ`TCjof?MFjD+<)c(v^Qfly%_8iMlliw|!QaBfyHowLixBG!
zx%zYAm?=@IeJSBg;wuv}ea7JkbY#@SN(1G(VaL*kh#AzwX}`H|z`oSzS4-vgw=CZ8
z8NJ`ev@E-*zOdeAjbE$r=eGBc!D9&3amXmhlJD=6{l{H@{`DyxaO=kw`-$_vaC$!u
zdOzRkuR)_+;B|ahosit4@yDdNdojP><RfEXt`78ILIm*ECC&kI-YY6D3jP$sUC0uE
zXN^71r%OE(_8)9UjAy9L3>QA9NP+A+Vyt!*;QJrN;$y=1BkT0^Y|KYgIm+lu4qc04
zf^f)sSrDGj|8oobPF2PDj`~!qz#UhR@Lw(&;68i#QvqSj*8mTeLck$Mpg@OldN+Z(
z?b7?t_ZwHGRk@|}_F%aA$~n1Gfgke#%>9Ai5Y6B;xi?I$i!<HaJykB|!!=gwl3X2p
zz(?^?-giw0U^=}382Yh0w%<>#zkR_+nvd^C8T0dhuR!0OS^wcvN(lcHAOzrk!l!tv
zw3&l!QltIvh@|KHnyOD9`=5i^Pig%eC`#@g)!5RmXea*qK>vKzAD{RLfGT}X{bxAh
zC)wA(4jAbH4BFvf-Uz+FC}VzmvA@nJzpf|)FM9UF|LmH-KJAamK2_e;zONeC*#86V
zV@w~iy8e^x<lhzG&$)kn2|#lndG$zsk68bj*Ds~`Ib~sBRh`-s>;Ff@8hG92*^krK
z?k5Z^*0KP+b4$pR6!u@s^_QMK)}aO(>0$N!bmF*W?@rtEw*S(z@w*qs@t0rjS}gpg
z&&p(|EMTx2{<K&evM&LPRr~I(m&w1XnPm#F7@sXOH_!faPy3<RzowvQvAaX41(W}4
z3I4jy70#SK#N4XGnEP8X#lKDfxERO;+<S^0|H}dWFFg+w)&`)-rxcV@IQ~sWf1fh-
zE`ry>y*ldu-gbPH1dN9zh1%8UzvlSsI^!we-oWm!^8c~~f3C&v16u6vMz<&2|0lu?
zydJnX`ERnNb)W_kF#G@>FdpcINrUR6P$*drRrptDm7iP8$FToRe--VRLYD5_vpd@A
z`kPX|XZ+=i?QZM<TljnPUC=(z0q!~w9{bq##+76DOE0xCzg_dz%KNr`NEb*?SjY?j
zG2pf*8^p=M&w5V^bUao5wzIua1vJerdK%cS{<?1Y;xUu^LX4>OdUpPoAg32{o)7=5
zi4Oe2`|<*aXE<QoqL_hAck3WoW%%shRJoebqKkutYxL*V`VXD@_1C~972vU6(#9#5
z|Mm;t7i=}7;`Q5LPs%q}fR`Y86ku*a;|B|moHhKKI{y&h&>c(xAe7^<`HB$$;gbbW
zIc!!)+i>vz^-HxksL$2iIMihIFaBKMmvj4=tbu}=Qtw`#8n?A~&7thZqSkHv=KgDU
z?X;A3IoYS$>T?l}Kyuh&lt=4K`-*k@>U!-4-FbikeV~5OV+tU&)Brqg>yOPEC!YWq
zxwdqr18bg0v$`w*f%4w32z8^X(Dc0Lf~2V9x23_wFW$9(iFWA*5V%5Kc0J?G_*2+F
z2X8dS0mk(>AV01VyuLU!x<Nc9a!n;s!X@nj+tUFP08@JwK!&~s!e)lb9FoQ6baKi8
zr+DC=gy<{wJ%(hn);0hW{@`1&<yrA7vTnOTP6_8xTK90u23-i$+$_JVDVV`}@)I-*
zi11#?Wl(tkV3Ce+`D~|bE%7VmFLOM8_q-x9&0zWcO2RMA`{AQpi{1Aza}nre2Xv3%
zZh65nXr&}8={2qx5;;HOU2fM+<#itbuj?BC2ki3N<yO{0t!sV|ppAQ}`>d}0$oqRC
z;dKrq=Z&d&Xm+bDR09CP$whXT-o2db2kF}gvNI_3^$rCB2fg)6^-Mh-O){Ka(7%kI
znJVC(n6;F(S^Y0UpY}EtB9gOr3%5)xYYnt`DW^{FKn8gC06fuYKEvXd3#clcai?f5
ze=0u1w=V&fSj4;FIEPC|Mu8sU?vm9266yLjWg~Un3cFha=|V88@xxWpv&73mJVTH3
zy?Sp9*B{fj90Bm^XOqR9V*}{fdz=P~jB{H!Cf{i!3#N{_5ZqHopjYgVX~YZG)eRY`
z!+{n4xg=BF<69YUc-iG9eZRGv@gToAE^vwIoJw)qVBtM(`!RoG-JF|zh6<p~@KGQ;
zy$kc&rQ4*Up?e|W$kps<fW>`E><wj6siXy<Hvoln#rQ#<;)uB+W}fR@yL71lYTcM9
za(SGSPxrwGS2k&{Ta}l_iUIs|TS2nKnz!o-Kj(KVKuPT3E~59;hi4n<gku*p-@UXg
z0cb<KjoGmP=ka9UXT4X#x37Ipm8qIY?#PSuYg$bOGW1IIY#j_Zc`#mfv-X3s1K>>`
z6Ec(KyE|tZSZphi5)ULp9uD|F^j8}qHjkEjfZ2zm$N-X6Z*aoKZ*1&y!tE8lv>(Ob
zfOnw7^-<5-G9W4CH*-NPv>$99c=ONNHkMa1*n_9cuD{p<$};vze0c({T=*U@Y}Dq`
zoW5DQ)2IZwUHqQhBP0s}Fpp<}a8$IQDV(O7DeCZ9l~W(%`}6b+c(hZvT<SM+*3X9)
zQHPobr1HC5R-&%dn4;MCd}FOc_T?Ea`<<4wdwKHqQVr1f<gBRYf)Fg~?OcvR^BV=*
zt~(QrGOxHH;<J4<VSVrK=>cWe8Kl|Be%9s#A)*&<#KtOJ>Pr*}VFw;QV125+U(iHS
zs56$A{%IV5dYv6rjQrx^v75SuZT96gXcVQ%dC*?rK50=nTxt_txi~VrWM}bEf{hH6
zQ`X)GT@Tg2d&!_j%5!1DpsuL?PMYNH2a|7a_q?@Kz6Wrc`q2WN4&Jm3)Mo<ak^0(6
z0MXtjV0A43H4d<~V*nZ{SCsaV$DQi>DEUo8n~ntM)TZ+qF>L?>yF~U0&@u6xfKmCE
z1txI<pz$zhV9>#KGU3o<SZa=o*U7IwqR;1PsE}XYV2rWWdLPI7@_NhD0lqeNKJ)q%
z4m#X4PzgX)7_fEK0EuBHHWp@fB$m;B8*K<Me;GChw6EUuX-)y?WG?_EBNDyXS3g`7
zuJB_PU1`ET_az1X$Gr$F)=YP-aWmTY*y2{sP5Z>`r!2D6<6Qu8ia?nSGFmIS>XQz)
z`fTzlK*{;#t}C|QV_ttm&lc#hR%(gm*;q$amRfx91=_O26^hw*u?ehRaT&WtD)Cu6
zlL%zQ=ahnC_dgGM*;B2-EO1PbF*%d^@m#+`&z2>>)h8ip%ULv7Gx=PubrfE1vU=tG
zE`@EWVd$9z2mmX7(32G^&G}MqN>N-mI0+gc$f#Z%xiKstEWYlOHgNVEmju%hitux$
zZrKVYZ)p7%(5mq;tZhLmVAiwnTGZI=PNh%h!_NBv^~;UX`AeUe%RxBpIu;H&MxR$a
z8W~Y8A3my<TF;B~nN%11qH-!sYQ4J0?mk{)Mntv0%5HyvT4$&Fdi3KsQXwjOR&4vr
z;DM(nL!5WZ37o#F-py1yI$Up+D=#6b&bTx1R_ddy2x(e+B)c|YyrSIb8I?)R!-@xY
z(&UsII471z1`e$Jh_VCt9^jnD%%gpPSLtut{qBClm_|GP9KtZwPgQc(^SvQ}wpY(H
zD|knbnDSv;t1m2aNm9S_265vZ>+DkLy^{OS>I3PO4oS?hia$ILgueR5vhKdq?>BYS
zd$Qkgbg0BAA&;~+_(XoGEt=c*vG9FZX>wIt8=1CJH{x*6#j8#ucLelno*!)Tr#-#&
zIuLRATG|I;9$9URu#*CP?c-i_;aZPYIZgcf-YzHF1m3a-(Axv(LI6%DbhdPyZJ<z3
z9Ws>8c+IFY32IDUdl6jq?ry$4gXPm;$S#kHKuVe8aOteDAJB$p&>Fy;z9F<mB-^<F
zy-y22TTNMqmtMU=eWatdE^=<rC0)7yf_92wTP-OKzw%C69-wdg?sY2;@c?IaM<{1k
z<PT;3vFlyuI>P+;kr;T)7bsUM;#x37!#pO}7mc;Wo(Bh`Z(bK2eXCGdD{Zlh^KqO0
zRA~N;?nIw8ZT9m=Zva$&^zJ@8^`KkE&npOg@Z)0u;A>EIO_1~HgM6ccB$S!<I}_z%
z-Rv7ui|TeFt3fG3AFKmQ4i}0%$%J0JgnU^7q!wmm)#HUsdsKNI7<Xs1+&od&frEk%
zOZifXO|FXo<Rtn}rjX{1$M2=xAl>!4I<&jXQ>tBG0f>m>0=kCs8<SRk@&Iuh@*x&B
zvFLH<y_f5U<<sqx(9F-_PHi<mJvCYg^|@zte6DIg9g<%IMt|By)PXU{+nK6y;swU-
zYA0SS$^}Hxg4JCCvL;hDUTwBi$U)YiyV_~zLt`ZGM&&o3n7kKA<H?Ny7^ot2<Tq4+
z>bLiDx2C(cG=XR_Hy}!|v5f9{M8OkdiB#3gcj~>d&%3?`t<lbL9{G41a1GXAa(7Y$
zmzF!brZ?B-VQUSQOQ4I@Z>C=YeS<h5{v~tK=VUPQp~q*B<~LoBJ~!_H05O7}z(Kf5
z!Kggh2C6a%N54cLo<qkfzpC0)l{8S!H9g--Z`wLLIb!TmcLD0B-(+^75mq&LyYJ%d
z)DZyBv>=)4`RHfxovVWh$T23!Tu5R3p(H;KXo`lsk6FouHqM(0Yb<sh{xO;~yA3Sk
z?&cdfAb|;HTnDI{-LKM~@}^Ky%<Ow}PW0{i2D{C}@EZ`%nS=86aYP0haUk=iRG$V&
zr_YLk2iKX=5|%R8NH+@@-&ay)+~vtk;+~6clZ8rC{rUP*6(3qzZwOaopR=sfv>r@T
z5st|}I1jiLyIl{h`b$HY*zbQr@5n+b4daw8E+{`g0vnuae=W6EukC&7gQ$%!B9Edf
z@w&)R5Ga9)6{@G`K8i4@al40GEg{Xf$yOI~lTZC1J_1UyjHy#NwGJDDu#W%h2Lh($
z*eTHm#gyD;8m}dwcfl<>Mj#*XrACiyWXK6%W*uR@09j`f^_X)Rf#)a(N5XdTTIV%-
zvP6NXejslrJX>=<nMB*$Z~W}J@>pz+R`QLolbzYh!Rsp(Z94~qpfmt19W7M<65#6?
z4qmC|5VN_Nnu!BI26IyN29@s-Fvfc?p|%;)X#iXMjbXQ`J9aRXsNJ|CI!AwT#3%9Y
zRBT|xDUoaE)Iu%}7MjOE`(XLjok@3jw306FRz?w@8AO*f4()bbfG~9?$!P|Q9>|3v
z!o{@;tN}Rn+GfW+v26EQ(UmS4!i-h<rKd|bTu*EssfqC4w12uHdE>lPEF%bLpS-b6
zCU^|V3@$kfNvEbrxqSjMa1W;1fW{X5rN%t?ghQU}0LS>8YHrK=&$T3!2*kwVeW@g6
z|5vTPaX(HbGhUkBUW>o#Jy~{I_|ePrHxs^GYHCyG40x~nHt`y*98huDmkgx+;sB_O
z27qU#zIMcHX&rFaXs-x|2<%ew)&mW?CRFKNSiL+|DxaMU8-L{7y=L0vKYMLWKhMoN
z5vYKomtp~$Q|K*t4g+oC1kQ7roH7$;BLeP4#lB~YK*Z&Ge4%N!0Wz&8UCHmb24T!E
z3)s`N-yi@7_FYq}AFzux8&GwPRM1DU^f82M0StcG<_&}_fI1YW)3*cAgomcLMMyBT
z?fSR7o*HmQnj56h&=tr^3=uwmVd!8MLdct{hTV&-uqEWkef+j{#Vr;n@KheD+!}ay
ztNt3zRe~S~NFWh(@J&a8RD=y@TPLMsr7Q{B{vjxMGFk1YM;TC`^N=TpfgioQA(oN?
zJ;ZX1T+uB~KRk~>VKuHNZf66|v`#nA{uTxbVg7ZDK8xSNBBIvl4o7jydZoK~J^Pj=
z^?j8;=J|Qj?Om!c_vJ8wx!?948P%iGp#rL2D|=JaA}Ja`r{f%)55QJ>m-OnqPTDB8
za|dXq!TIR*agT{c*7LNqwAa5}2vxbQqIidzIpp4v++6Uf4c4wlX}HgcQ+;A*gC|1o
z)8~4r$(}fV+pSAO@ns6g#A4Wbdu@LBj1Q*^03u678+q1OKqUxu{-)@D%v|}_{JVMp
z*WO!>cOEc<e6S@=hPE!xj5riI1u0(ESz=2_$tC;Gya^WHc}2y`R6OiR?1U>skfkEQ
zgC-y?W+clQm$VYcK~u0Pgg?9y;l=k_A#IV_^o3R{PyAV<&G*G0|G;Y1A8w%44map>
z71PEtboY-PwU-*a;c+Uk_F1AcaI&kU>E((k^cHNtGngsMPN1e`<WhXxIB_A}8aZ*7
z^M>-{efz1tUjzmWOo4XZrCriZ9+@Xuwt43+ImF%7x1YFb_Cm3>7+txh%}vFFksP1z
zjLeJcEDlUdP@{IqnCeJB-d?%AInQt=drJV8H6PDYdOGKb2wKT=YZ@;6Ts16j?RjxR
zq&KOOYhI$$e_HQe)MjUs@b|}BEHg4L+>@PC;`?)EKWEc;jVWY6)i%vrjcoD;v-9=K
zGf@WS3yObD_wD5+MFc=$V~PJc_df>~7XzKD(3Mh4jR%6yfQO>*`-q@tZvrjyl*;A{
z;o7+KVL2xP(`L@#19nKc$`y@#NuSS)2?&bE@K<&p-jxjS{IG(@07rY}-As$Wg!S=w
z$o3pWk7K|u3Rx$FT$qg`rtaRSKmL(U$WeZS6LK{-&1bH>Q<6%KbEny?lPB3x)T#H%
z*<XSUyP;TYds`!!;k&Sl4G&K~)~>qcZAhw<_`-~#fxsThGk<^l&ljqoamVVz4|YI*
z%H*E|VVeCP()h+d-}u`{{P_dG;H?1Hklx;J{FLmTJbqj4d;0Oiob2hx-__#(xAF+I
z&UtB||HEzvs$P6FWEm{*u_p1vKLk`<OyfCh9dDo5qRY*v)gF8E>0icqiSgJB_>b6N
z4-6JWm<OCr7od=Tuznh#83%$fxrsny9%Z}P6LJ5r<%X}Q-LaMD`*W<%{*O}r^)+l#
z9$O&8^WErf{+GGu*PwbLr>W~?bn?d={A1RN7OjVA*E^~&RW<&;OZ@!Yz@YKfd9I<d
zy@~vi@&9`zV)MT7)Ae39&<Cx~v$iG@R!2|vKS9C+vT76>b4Ab+gl+qjk(n%ft*tX?
zGrLM0j7*eR>=pm8O+}Z<K}OmypL)oiyzOIXqGc7&LXKf|ZUAqx_@wX&zFV}1b+Shx
z^1fX8mSjw@?}AY(m(>lQ_}46r$RvjqH8>nL%4l)9Em*x7Ic>{p(%(@}dgGB+_IBMV
z%shgR3Gj`s?fN?xlMnr+fEG#AUG)>|(?N&QdPltwDJ6Vn$%1K)+uO>?sq4}}dS_7k
zH0#(_@eZeuGrgQ9*INhOO>e|xEipHWuX8)y*LB%FqH4QxqfZDK@Wn;%^rN{8RpKb$
z8D!_i?EO#5XInNm)|v#pFCMROIh{#qU-Z94%moz^$Yl2;Y~}2TmO^u=n--j7Yb##o
z;TW+_EE(t|=U=-Cr6&ZBNQ<+36c^`~R3~-S?QDAntTZ6ZYl;t#%mz?w1MEp*Rihr5
zYfy}P5(7xqEP?JgOSHmj3@ABFH~oz{Z1XiFiIW|q3gK8z0{TJM2M|8BpOnm<nPx3V
z&PK9GC^q|IDGzD~>quyf?>sVITxXM{;87-60>!L%_9h3Ap=I$yQ~7lkLKxgPcRU%v
zGk|S(Niu~?DkB3dQ;A1S_i-QNDsHBuUFToE>$v~BlNxwIWBj87-cf!hAi&8Ph7E-0
z2Y620?KJOQ3TvQHrhAHN(+LyXOEc}sSfSb)g3Cc|?eXC#^Ri)k;#Hn_`^KTm0u49I
z+L;F)R+@n0_FD;TD6so&Yjy6hfi~`!r1P4&gP2*8d1E-rM*ipwgVt(`Ijo)FiE+}!
zMpm&yUsf*i;=K*aa8XEY7AJy}r~k*K&XIgU4BK`*Ymz`uOR-#luQmvQ2C*azKBz0I
z-N3J(!)t-%8STt0o-n)-3TrRr7o0M@bC-pMOxo@=Pqxy#+!xxzJZM}oycX&pahad=
z1@=IsW7#Xi8rntxO^;!G@q;W`VHmK2ohVaZ;#yZwvJ1PvJ+U}D{vmKgk2iamH!Y)X
zGT^v6hLOPB3``hP%f~K)e0VuF&ON3e%8FdfUDJ*gQRK!l@4hehI(!7KMK3d!VFa_Y
zJ|!VRq4?=I;kUlFCu?zTg{WSg*XYcJCWGoVn9d~b3#1CP{$u6SwI3Ft_|##_be}^K
z&ZWYWI8>o;6n>*(^5j%m5!%g&#kpmQbAYm94izuxy;72QxH*;3AiXg+9aH2_`NHh;
z(I@{(0~!?k1_3Q(3IK0bbZXW=G9fM-ICcB3o=CphF7Nmu44X^vbSNVm=-3O^;|te6
z8qWH1?>oujg4w8zNV>{VVlw;SWSH*{8OFJ_n}S9fu~8Ue?DXl*@y8qaQ1SfGL1h7f
zLIl>%gV?XUGeB9b(^;I~B)a#0GNzZT2({>jd!p@n7MNtE*Tj(Q?W7DOCu-CiSv&n!
zM;7Fmzz_y)EJjThV+Gz_pll^(3iN|f>mr?^48{*{cY5{^XK~XhE<NF*j9kJRz!^m2
z$?4q_(e9p7TurM|rKO$*wgL@DlqFv^xL5CIhCCQ$^v0V)Eub<%zvESp)RQnPxK{`2
zUY~40_wc6*4mpyC)FTD%m!Ap|bk;Y)TXqhx7LLezHy!d1v;Dxf9M7tkpCOZUbkKwk
zeW6yLc_%c&9RwrqG>19cr<DxPb!JO+INz7vsmA(fjdmyK#gc3D@pcF9&Q4F19N!7W
z@T0R6gABR_I^WouVpMiWWxDgBxw6g`R~k+rS{vj&f;=BwLU>f6dz)!UcHS|1?$*r2
zfUegL;=xdeGU{$8M!^p~%`i(p*~wYvR<`m-`xW&IO*11rugUhw@6*a6;YV;;g{u=!
zHpPjl6HlCcqhvHQ<ujtT69(v$<-gsxanJK;YpJ?Y)tQEJto!h8u~cQuB+am}T3I@P
z^G^N6nNe@<#Z_%haE&~Os9w>oP`OWz(=BzOdiab}JZ}m8``Eep79D^0vXL9@g2JAC
z?YD85p@AlCdzkB4A>As+Wx1Q2i7R+mzmXGKEw#0HrUyr(W0dRN@sJ^^yR|1Bc81md
z2}8G5&*9IM(mO@T+0x<CkjWRBQw&j7g4HFaMI7}DO(W7ix^7+er-BT3GU#34<a*C!
zBmd#-WL(Y~Zx0s%U!FMz!(@gfF4yuJHGqc6br^AS{j`9&LdEbrq0&x1`iWds4uQ<>
zro=qI|9#(uA6x*+j)#`XnpNKJpf6<Tfa7Mpa&mRqjuvtx9g}sCKFqI)j|DRlNyOc0
za46bbnocz4ulC=WYC|Pw_DWY=a|`%7;7~=*!mAwW_Z!pB>?n~_-54~tYN^cb^I}<n
z%}=<sXE|N$H!iP6d8KyC)MD?^BevIa`jXP^)6xc_ha^<axZKNd=m=d`$99V4u#yu$
z#|G58HJ7_3y|7PHBgw&3$XkhnIetJ}ITQ!l^FE5x(>x{jL;<`N<<cq{pc&Z0t(#v8
z(bY`j<sl8J6<rt5ifnjPu8N$EAA4OnJT)SHPom;!I~ndQ*XsV!J>K0U^h%<~d6-PZ
znq5t~i{CnyGp=%~rgPEW*h_7Mq!pX7pq}ez-sb`KYujj*!E3q8*2^xkViUaj1;7%l
zMOz`B<a^f74z0tzH(-c&gZN@+8I%%ATW~O)Bss0(09EjF&-FAviFo5enSC|A!b)&H
zpwPWGDGzt)U)XtFkUW^%_-KJpnNYEkuA#kAWjDo)qbVssxNc>m3W@28YhI{F9loLn
z^w>vwkT0wILZ?Rsk$K<-PQ9vp4W=)BDC}e$8uU&U<J)y22Mvn<CTFDFBL0O?D}c03
z*lKgNH)lch&qWzldJmj*h-8OYZI+~YAe|=Icq$QyY}TjRFt73!FgV%7C4$B{w^dvu
z(Mf_36zm%5wEc<bZ0D?ln(4ByYxgcQZ2*0dJUE4uR}Cw9n=e@udSyXMkx*kVUlc~{
zQh-AIM$9{$%w9%XMfp!QB@el@Zu56BTgjtAFA{7EF+-J^9xjuiSHg|Kej!+o6ke6O
zqL>^e+)Fepp=0yQ$wp2pYQR4Nyz|bX?5gqa?rvlFiQk>`)rBVjomxc^(3MCW1dxi`
zbQ)a&bM35T<tG~~Lau?f<&h2t#9a4RC2y~_Bxi+*>nzYeR6qnQa5FN4ClLX!GLe)f
zh00#4z-Uti&`su@<*oweu@u2`h?cL_v`j4QScSf-0G##W>cq!>O_F?ls{WCvorP8}
z^(=d}alR)U$nDA7op9(*^>o9|Qk6IoqbmVo^)TXWDcd);mMS(PD0#m=`rP%U;(%{=
z;YUjNm!S&@+Obmc+=7qUzojjrmbr_IjpwT5rlIXj4Lje^C<!LT7r1d1un9!gwrLub
zH=k6^1)ACxa)cJF4B(uHJP){${D`fv>JeggvN&`nn76!_!{zk4<aoKb<SS#WEKW~7
zH!O)ba){d8t;y7?cXI$$X^&%Nc7WPG8n5YO(PdG)-Br!S!Lp=HUI3x!(w5)H7uC*c
z6d0ILq6o}!LW0-pztJHotWB?)c7zJPIXCV(6AU&<r-($+_DoHM&Z>dshA#_VQAMk;
zkET(vB~#kpI1OhMo||E^!7bEj8W+_#x+-xS#ZKC*jL$3V__t3#gUWb18d5y*V@OuG
zp~!917MjWGmuIF<3vEqSUrrwMo61_pnbdE+LP2_bPR@Hdvbr+K`NPk8*q)qkX{ddK
zwZTX@Ry_X96_jm8YNxT`Y!5*17jhQbr&C2znI}=vXqdxLu9Wq}AVIsq`M1z-=4d^6
zA1~HMGQ#%#AZ2FgvQb!*e5n<Twnm>=q#&EWh!=6eG<o4R)Z5>@B{;wE`%=MY$B4qA
zJpCOZ%aTP5Xb+y1n|DawG7*Y*7C<ZRo*37y>0rW0p$w`7>22CUjO6rR>RL=1B$WFT
zvy}xOj*)`OT3aI+T+foBX;rsTf4sw#Qur1%c}6%RB#^W>n*D7=r_6_P==gm%kD)o_
zF8ANfs%?-Q-;t{+fLpG&cn^~o<F~i0flmrS&-fGJd78y`XOE#=sc%}b%1RVK4?$f`
ziGiG{=q`mFAU|JaKYw{0T(_2>rB3f_EwfoX|A{xi)r=Slg$@=fd&|#fH(F+0RBwnS
zMU=30`v?>Th&V6c%$H*k<--TrN$0*uk1c=84>lXECBtpYdn4#RbT2;q)?Aq&#D<%i
z=g7a`Al6;k3zse7te$~&vvRL=vd9E%&QwA^56MqttkXj!GwLqZtsRVV+@1%sRFcWV
z7>s~NBB|J>oq=tjc50aQ3PA^fxn4(38QX{;`PIIb^Ok~C#o<dX=SbPHMq+}c@U33x
zD+|j780j%NiBIiI^(@&|?H^bo3WQ29VXtqxGGEKOXhp5JgEQ5!AK1vnR7`J-Uhr2S
zmZFjh6u#xI`|=!Gzwf2(EnlaP-nw7j>|^DlZ^gz+^kF3g``aPJ8=1-FL-j(V;6d@1
z#}Fw;$3WL1%!(;2t0*4K%ED0)(+Ejud;McQwxzxjQwc|TMsdu^o_j4t2(waPn(aUm
zMjb1*XO5o1rUn&mtz#<Y9h1*)g)Vbr9(3*ZL26-Z1qY&xV|3)fA+wxigJnsBcyP~9
zJ^%9-Pga~_^nJ2-fRCVFpPzhuIOq*SgKwG5xhmf-mfq0ujr<1p`*0Ii?5zdvbE=m=
z4K5a&k-Zbv-mrHACXY5NjOEymLs#qJtjC?#372UesZGRDNiNRUlkuz?fho}tLLGQA
z4T3*iL&n3^ZIEelZn#u%<ftdgiCY5WOZ>DpXs+M}aP$a@HkhY)^<O8Bn1`nX^e<Ww
zeOq}WPkFD!Yo8*^cL$3J!7EZ*zv9dq8s8$x$V_!J%7zunlEn<9E~EWNUpdAWBLkis
zqH|_rRcJNd=xpGSn$1W?S*oXkm1VZm6r|x>Y4|6O4G75qN#aO!Uz_D*eGT7aw?>|3
zqGt+(kSrnYZuTzTu-?y~Jm@(Dj;b!-;;@d4O;Z<jYt7Dtx+KflJ}9W#@_dk67s*z$
z@Eoo-on<WDOXM0^4uFhYUHmrt(VQ$7-lb_Xi1E~sG3($qBj<{adLT!m^PTJASHmr5
z1!u$wUhOXhoug{+L$N5=2_4@kUrzFD4L5iUg!yzrqLag$(y&#+o~GW`zC3H5CULC&
zR1vdaZJtM{oBDPUWjn)jmExDN!oD+@tmf~vYQ0$AGpV+&xxuXiBbTLW3+~v*^H<Bx
z*AvI1^?F6Sw5s%R(jl(g*>H^d`sRkYQOq|EY|E8~fJy6RkNt2%&iiM`9KMz^+Tro-
z#DH8gG(FwU^`^eNG82y#ZU=}&q3gX&jJr-<9q6qUnDh{BW8(`~pu~ViWDlkKddTo6
z9}x{<!VuA7YWGu|jZTeu*UeP<gK=_WxZ+PJllKZ=LG!?Yp*z!m0y1Wn;d~#$uce@{
z+~(<1QZUtrBsv7tR<jG4Qah-#=HQ8*n>|8o5^mNb{`hKgeY6BV;D$`<kUTkiZ1Ma6
z+ACXT8|Ax0sS_Jn6ZFUwTS*d19irDP_&B1mX8gKV;K-l$>(z?7(q^0$>?Wl1qu6@9
zB`e=LbG(UyQT&B=`7wX7X(mMG5O2%&+4bDpLeYgaQ}{{_f8T|vMbbC1XnPLVQ`jLj
ztJJ7PiD^GlN{tn{Wr#N_zSP^1GdRW72~G&vvY8CE^k(lMCoD%oM7GATt_!%#n=V_e
zd5fj3k|mfwa-HN?b1PFs_=U_#hF3c(nY|BX``+wCG)sE6$Y%JT%RZ^#w4v4z5x(Hs
zn8yv@A${I(SSHgcfNw$^@u`YtUB%%}a*>HHn<F!o{wo+YB=7U#=YR!T?}CUTs+4dC
zy-$A>Sw~x@zz7cPR-CW(NG4zX6eP>G<mRsA4uKJyCvXN^x@pMtt@|mLTQ=8%G6fxw
zCBWIPD_RRf3id?5uy5TK8mRE?I)+l~AU;PCoNR|(k{1kK`(q=j7PVV940z4^oe$h5
zm9Uj`MDs`=iXg@sMmo2laKgBK(Nz%Vq`_QCT!f$cm~-Y$SN>2x#RV~L^YCQ7YJ@*;
zj~r;a0+A#M{)8Ij+O;8wg<6H{0(~g^XO<~32#S?V=oP?Wikty*Q(|Tot0!-W2>l8l
zvInjPpx2Gd--ha6c15`0U-RSB!r>yBEh?jNY~a`O9@u^q{5pds`h&ZkEXHbZRrXCa
z+@lts0K<~}wFfgtl)8^<`G&vN*wCH{(rGBHqZ3WjJ7#LuOmNW#pI3jOFN9u=j&~XJ
zM4c>%bbA3;!fNkSlciv+<VH<#rvPbw54s+$Cc&md=9TwQarZ_`w!k{6{hnkdw42I^
z4Ei)H7_|*K!^;uEUL-ufC|@9h32kFRmo~H4myCA5v+ayij~9SVo{k+$1W1kqTr(Uh
zC9-5d+^Pmb(HY_0?1l+hVM<yrkQGhz8m0;!dZRV0^U625@%V`2;7m2|`@?4CYcr-r
z-4PmDpZo46zd=F|(8IIX&mg-)-PB$PnokJM8EzZ$ns4=aAYg-GZnXr}OmObb>eI`p
zWg=ARpm)j`>DgB~yDfZbKm#Gy%-5mJ`r&OBK3HX_Ex16sK@)DR%c396QL!>Z^w2kP
zE~ha|vn6A%Y<ZIfqu7me%^G@VOh0u`-2@)*SN=XBt`e#)>zi0E7@^Gzn_`W<ZyLEM
zIS}fVz0XKyQ{Ak@o7r?jl_l2I);DV?>ZbZ!s%@H$#s+9?j5I6S*&E>#HSn~X-6jiB
zP}dU#i*3Ww1DWfFJ~W}(lau&jOWEB%v1(AMmmOIyf#kvxI6dykY?94OHDm~Hcf7W5
zR;k((R$&-SNxNDe`Ev!z&#>HQh?`v}qeY4B5HDzSUR%uQo$BVeGlQ(o<#l6t?$)$@
zURa+Ar<4w`@DiPPaRk4p!jW^TRoT%K_a1atSdGY4@<q0rLT5&ZIWh$HE!VT#5wAr{
z3e*P+H%_^IUMoXMY1^=JxQ{Lh_`eTsV#Bl=BOu75_s2w>*&NJDJEff*qA)3*TBtZf
zLM>5#Mj|(oLlespRmAS;`tSpJXr1y7Ou>_s=6%c0gy9coLPmyKo33;z+(*9{u<34@
zl^BC*856nzvWC3uHPToKddT&S473MXhr$<kbtlbFq2zMV`c){q3Qs9|d8<C#FH&|5
zZrYn{>Bt)USn^_C+{1;c2@3z5xUM7IRr@%(V`f6w2!=a8@0`Lq3c+kSk*cFi9a`3X
z&!babsV6RNz3iJ4S&w(sW*2yRPW4{K+U+c5U6yS06+6F~NSqk31P#UmwR>#~126FY
zNCeC<h0x7(N3_e&PBaE0OuH$@o0PFt&hF}$DMH$+@yC|ua=tM<lu$J%>S?&{$3oQ2
z##C5X$rOCX@t4C{b;8GYPB(DLUB1{uRDdi5*)Xw8!|a2#3<&;C3M6@ojG&>)i?D;}
zD;=UL@f<bnDW6!8*wEw1{h?o7UAdm9#T@q1x>HZv>bsg7U=K$=v=!e$n$F(S4$^g>
zjngx^6NO*S5Zb)XRE;8#0vzNw+JWOmX4qG7_8}**o-F6ZT-wGKnitjAll1y@O!g(p
z*_J!J2G&xV8UbSRC?f3D2GvaxiOnzsC-1IDEj@8sXF2?Z^O*-<*o(;CmR<}-4R9g{
z0puQYVj#Lu11Z{uJo$pqoobrZuYcy~db60|IW86!o?Mw0Rd~w8gwuPyGQD`;XdXS1
z4#6?kxD)fdu+C%Y84keT>d6*e&~;zyO<wUClkqLZKyZn~_*ezpq90VSR~F5Xqi7^M
zXqU{eRde(Y|3_6?EHkZQQ4-x`FLHJ*a_ixopb(7P2*=*w0M7^y+pI%=oso!Iz6n9F
zKVUQEY>}@2kf{cD3ac%tM}QthHY`n#X~@lxHK)Oyu>qfu-$JdfnL&X~V~VoukB<YF
zqm(7mk2OJ|X`quV81BaC10o`|koQTuyAwIPPq%=b4Uq=Nv!gi`q~rpGa<Mx;AmU6{
zS^q@h*^Smn*{+XX$V!n#uR^^nV46L}sHJqQGrdn0bIOkG5EkV%??tFl0<%WkYp%IA
z>duIMJcX;A+(5Wqj#O2UUSC<?c((jLk@mb=yf<_9^1#N@i$Z;D1!bPW=gWga4a6Gl
zdUNOL?h}^o66^04ZLb!M`j;DjJY;>5?F)R7ex5?<l2Y#2<l`GBV*9r2vXpS?i?nh9
zJP>*yOd#0h0K?faEkz`!!aO#b*YurS-hV2K@>tsfj!vPQ3puq7GxV%L&qtD|E{W|@
zJ%ZSJZpzxBAxi;Uz_0<{MW`4q1z=@=!a-hp1!hm1FGL)g@YIuS$|OTagmP?mYQHAV
zOSt0fWDlH8+wZn%3wC~OZd2Z(IBNRsm3#0b2?4R4k06f9^>+;AS)ZF$AoY{J2ssey
zq>Koqa`o1z^9wqJy034pd-TfYbo;CnTX!&-DWIlgV@$ybC2z&ky7gJX1vAz;(iv|o
zHfgyfNLe*ojkHx!F#`E(hNOVMh)%k$hy|~Z@H9cIA-UpO$De-oCX!XAAe}&pA?W(@
z&6w&(C2oI=%DP2iCKs^vLdk-g9(q+>6N%S2HTP%L?JS2brnb5A&Wp*rJ^-(-g9t0F
zjZ?j*tLWGuMiKrfg`1`xx!qfA5uNy(^EXE8Mjgr)DEj<Wqf#TU-X#-qjz0>Un#oZ*
zh+c+4S)P;9*WfaQWqCsJ=QCD;?{QfkTpTv+eE1jJQyK;pP%F5Z&+JrEkai6$)OLeE
zJa%3}2M*Vs!aUC-JJ)&UM(3gkaz;}gdgYU$>BJ8^+u`_eU`9S)*w4D02wGS7ri^({
zf4wk;^oC%{j5)^EJ~bS*N+PQ7!@t@x`$C!gc6kKX(@a#UCr1LE+jU~@t>Z;o%ORxX
z?swyJMRjjC2B1P(0%vwc<T)1>gcf?_llkMbF=VftI;<xSb2W4suk~ThpRY=Ifn*FG
z>XAbf(G_wy(VRfU)JC12t{zOCZi+XB)rincLrBIFNQ^;24=6~5WO!E>iS|a|5CuTc
z><bOwc%9N8;cAU%sXla1h*J#(r}?1`^S|^Jn4`{RVL&@Rxib9(G*+1ex(Oa~k|a--
zx<|nQ2#((n))>qlMyZ?k0w<x7xGtCFl1<7!2&w8DTY=g(Mnc=c*p-45iLVm4=hoga
z<_gEar)CR@-l^f~y$HRq(XrT|wB_0Ywzn`!&ahK^X6SpL+^aJXLZ!@mkbHbcFW!`)
zRp!v*m|+ajCd?AKe=~J(tx(7H9b3Txc%E@9ZJKih&N5TrRnM{wIl{m}m&MJ`MR86$
zlSC{fBJ(mY=vS?I%X8xK%;yMR^U4HwKVC(P=|5&#ou&useryvqZx!jEvL)lkJ7-H-
zZL3(kS4b2NaAvD=EjGhq^s1kc&nJ=^Q78q0&XUQ&E5nNHIz=4YcJew|-g09;$T0*)
zSuS&;SO9Gxk{RSO>x566t~IxWRR_uFnsne_pOps_Vx86Jh`dh>(6MQ#FaCZLltLL;
zgVq#rW%j<giCu&nP9{D$aV&jBmGtQL*vuRsOgpR)n{oMNUe1opT2iHIS3~y6JC>&k
zF1gV~=iP+7^Eg3_gm-7=$HWMpaVqH%(DCP5M{1iC!z-&BPtV(rzL7~h&f=cYe^Z;T
zT_#6iY%>)nH?#FQ@2ZjeZ5FUDA{Esghl+%-56jNSs9!~nPTXGfA-(g{u}j<FRIf12
zRGqKwi4_vo61S6L_fSX_Mfk9SI}oa?V_VngZAiwiElKJzeC;aO^~(qq?+KD_Z}s&v
z4CV^+M0k0@Byf(KT3p~MTL@a$tXcR<DKT&!8)IW^y5De&?~opT!JcnuTk>c?1|BOJ
zXAEsUpLx|_tV-uf7#mk7b_%{`wWI4Z8fIm;P~}6)-1xBSjfukz`w11`@K+`>{HeYC
zU3>Z$#{;hK$JjA#uJ}c|q^*~5Cl%FAeO{Co4G1v)<NB(@+LzSnkK3{x;wHM!Eu&nT
z-eW~}oJl#|sSi^cnoHy(H@0-0MOHf%OnWLVyw#=sbuOr)TczEuJ*?O$?^`q^YzrPz
zm4|$xS=<DFIt1;m4-lcT1fB6rX7j8~0Nk6JBSB;2)Sz`%1sC;R5Be`I9Cb~R@&T)C
zK1Ijv!a#j?Q*7w-p1s1(ItiH4#lhTgJTGW_w9fg|b-+X?gg<^Q7t<{&_#@VEm@!1=
zOr~a{*Xu@`C~p<ki{BQCIKLqS`0vZ2&cPl*I(rA4j8&UeC$G;Jm0Uw@@=_gfwVi|L
z%au6^Fz&pGpbPF^RB>nS5mJRt7h!fLr{i=I`)fUeJ(6cK<$3}r6SeD4z@ye|Q24BI
zu=z+zGVF7Rv-(6==S;AC8wWI#E}quScc~GSWUSk0Th&K``0RraTULEj2wCHI2<RO2
zY%6ZYNC02zHxH6<gd3BWbh?~`QkscJa%8p;7^iMer`6V?)E*Uu9ar@kok)0TsIBJv
z_?zTxrKvCr6_d%(umjy|>L%k0i@HUaE4*h;ZuR9JIxf*5w>Z*w#x^epT$gZh$E!i7
zqVPU!hw>yM*^i<A?J#%$u)oXbB{`7AMmfbm!Z=s4tG&|C-A5idLx67gZ!C(@IoHkC
z+aNiiy(jHUl_H%ad>#NX!RboVQ-uw!FPy5>=$as3Hs#W+!CtG&JG;re=F~n;E#zCN
z?HHu9kYn&?!8~}qmv*z#>_qRGJnL)JK^YfrHylSs8G4e;ue$PjxMPNdrV0-?B(Jjy
z>7c1p!QxF>vv0|k(=mup9H|+^XSUO?*CS1=UN4*n0y+g~g)L7c`$+euK)WzGQ#NYW
zhhPwCnPYl?GmVfs{61!VOXvo<lXgOl(S5Kl&M@mUKRJC%xBMdHD=yN>EH#p~n|+vo
zQ*by3wmgZJYn3P4@+sEzZ|0Yy6$)j#wp~sIkGbAA-(Ga@@Iq8+yBPDfindmYIKJ4@
zbcd|Ha6ck5SIdgBGND#*ds#eL%|cF-d|khooGW4O)1<G(PuR`jY0DTLo=O(lj4R1X
zBWvM++-vFZltPq!R6jwB+&z?Q>W)t3<Em06-^?DWV&{-xSdiW9$nftCv1F3nX^iT!
zm){~q5m2eqUK>0zz6nlVrM=<H00qraBLtl2x5I#R&X}56pRKM57-3MqMbMlbx?*Nz
z{mdFgjG(Ploo|w4NqYFg`50DqI&R0~8ia`0%%f}as=O6@VQwp{@5N;!8$$9xouoks
z4(WR_bzUWZfmRfV9C9XimH6m2EVrTn#m1+qlgR0yFL<vFkfVC9H~q_8nHf2-!YM>^
zziv7&>@#JPVoNve+f-e*q%mKPtPR71tjvjheb;7c%L`hh?5Q6@;NbRNJc$GM)YYn+
zVXVd!5~SYXdW2ii;xo%kKxM<EP}PO=e;p%a&(lnk8pS<>-T75U**SKeYl&==dIPA<
z;{@rO%O0I;X^A_oV3&IWlR5vwPKjxM=yg}i3Gz<4DKpElbBm-L-U@V&iUpV1GUrHj
zNCN!)=j_kmLiIFbd{T_yifJ6a+Pw1Ux?}b93oTj9S5u5srgt|^9SSEdR=M=P<^x}4
zF&+0MhiLXbBZb{R=JXgFfPwpwrP{tBq85f~EqC-rWa6+?H%!W3SZLwT@Ioq1`)oHq
z3slGob9QwV)|FKrS10(l8A2DgUcX^?4N<6(U!i0=WZJQ>Au$SNS3@*ZF25aJyY7o@
zXM=JB2bP(Kiw6{>A@7qb2(^BwX@Ns2((B`kV=E+o&eZl9jEN3Gn?Wp!4l9HvSFZ<q
zDL#77QkPftei;JoZXIa1oO=i6sKZ$Kg<7alcT9Y=&Z-VcF^=)$F&%p0Y?#3c^HP0*
z6HZ;ONkvcv)P#F`qoSvGX6eIh8Jjnk7|f+=Osk4y##<I!u(RtN<^JGy@i83js9GID
zOt<g`^2El%e46kyllQst8qK*0+pv3=qnuD%IUegLsw#r86DwYPg8S5#><I45vSv5}
zv9?5-Ffv8)9uoF|R>h=9j1i>=2vz>rDa(@g4I7R0_6lwfAxu}EtDDwKI|WGrp|@%=
z-;Ax>UC{RRMiON<kR;oczCyZ;5T2hA&S8jsu&U>XD2WO;$f{=E(kmJ+-IDF7uVxq7
zI$du5!a}FK+!rOG9(6gIw-qUHW`eA)d&>>5Pw2`^p&npTsv7)chna|WmRZ#pArl+^
za0)YV4zysK2}e39P;j2oOiRYL{lO9j=+g1Bp%G5p&gW@YSBh9eeR`cFhe90?+y@fJ
z+ks&uW+0QG^Pc3r!-?Te2$;x)_P(C2fyzrCtgtU~KhPN5^Nf_TB05P}HUr!|$_7X_
zlb@=odqU{-*)-0<#mGyQiIO(c158rp1oB3nF?=@;KupR-CJ7HQ)1$p7?bnREOh_A5
zmX%*+>+ldyWbf?uN$6jTyf+-+m@smCVKL?am9Nh4kdOxjRXQ|D<oek=d&dw-^(5m+
zv-}}mbqijq1GgojC)h4_%}yLl9$W<L8XFMC)?61|IK4M)I>9|sIw_Y^zUAS{QTGVq
z!$L#Mi4X*<3yOU}N=VbVc$K&6NhqNN&meuM6Xn>&O3;%#G^2ev0KbSYH0CYS9pBU|
z^7duD6={34#rx6w13N1~Dk#!iBsFyOK8I_E4-TyD;<+>T*?VBIQ-5b`nm58p9qo;a
zF16fV+|8#NvzUTWbx-6@f0hY6eX+Rj`VFy1H3FjFw`Jibn$1+IDN8iz+b9{PAotXI
ztk!$c0jTrt1ek-8?v-&=zx;L!*nC0pxp>sT4VG{O9IGIBuA?4o29fY21o&7<VXGWm
z;JKk;&o(CT=~E3CDk?*4+ud_dFf`V!<iLBc=o?vhrD>-Ws7Zia&+c^379uFn5elRh
z;clBdAi4}CgzCEQuNuW4x@xY$Qg<$aiRH7wO#u#lWBcLIQtb_r;p@w~(2edx5Eq37
z?}-=z^PvtSr)Tw^-bpcjQ73ho##vqJ5*AirSe=|g*ai&haucklK4`sV<f3{xPS{Ki
zZ7-AN3N{LoS7*7^eO0r{I1N~GHd`EbTE8u>_SM}taSwm(!ZiNE`DMoC{85j-R19Re
z5jMIL#ZrZwmIf0{d6MqJ3slF`n?0rH{6A88swLQ=B3D)g+f~S!U6Z+sRt;`PWR^cC
zv{t&#9tCH=Hfsm4Tv|56hlX3rD(-WxB$S)aft6&YnWrMRHa=c2NhwKHyPP4}Rj`_4
zUd5tKjGzjdK8+j*wJlc}*1wJnn2YCujJEfNSl7#WFr1#6W1;<wU4uYx%8}YRn<i|+
z<mz1?l8FPXvZCxloMU*g4C@)~*{`eWeiMmUYj#!+fk&XK0ILHm6TwRJ_huatGWACx
z3laL|oIAtjNzn()hnrz+h)^&2E@6+&uvPww1{A4zo#!d9ld#GBC(GAj0~=l(Iw^GS
zQ3g$u5w6eCJi+WjIZ|mLinwFa3|l$IJ%`Aaj#-5Sw@}U{q(Gzl$Pi!70fBXa!7M*p
z$7H6ZBw(vHb(dkqDFB%!F#`bU_v;)YX2f;K9R@UT`d-)&A8Vll9=7eljnPSmp-P4D
zQ^upUv9@=(1Xon5?&5Os=7O3m`GcCKSDn&e_Th)h!9n?3wPvKam?Q+!DBG{=Mg!(3
z_tGuK5WEPkgZ(t!168i8uq!WK%ae2Uv${ttb8@|$O{l?L@VUs!69YDRR~M%9taYdl
zZ=$b@#MC~QTlWl-i&+i@n$s(IdX?GyQQ0a+d*M4!Nq84=D||;Q=65J=*ex#nCCr0V
z_41<6UF-7@*_s)_iO*e#Z`3Dq8c)ZM4J=d-Mmt@OTkHW<O>CTC+7~h4yqjx(CN&@2
zQJz@=xIu|s`WF}ypA{K?u{-Sk@tH)GK%O9wMtpHW#9{ZrhCMXYkk_kcDt*6W5`d@E
z(W*3TFFU@XP~On^n;fa<2gGzF<hW%L%?;Rt<mqz>Y=L}qj)@$SoXGvsUxEDDp<Wj#
zhx>Ms&{&rDpYH7b)RiMQEkaM8S|5ThOJBZPG~(}ON>T&7h{On-gj33smG4PGLqjT<
ztFd8ej^=kX8~*@RO@5{GSz<9B;*0m2Z7s;327-`3XSO@IWo$7!LL(gT_p3jGle^gA
zKsNvb<|ZTc9h~@&|NiHV{lGiFGYF*mtHkDSzyJN0+JHOS7AJprEB|}r9TvugJTsa<
zet+=aA9WG9gRd&)Z{PE8Pr7BQSe)x~;^OZg{BJiXrkenFjB0ED=esI;0IxcCH+|pV
z|KAU6;GQu4{^9mCV^1@FuP*qt^7b@iPc!y3V{bS4wF>sO*56#4Jz?w#<L|E24_|jr
zGxjuNPc!xoYQH&8d&1Zg#!tA+-v)b{v8Ne-Q;47L_MT?!X~v#r>;;5>t%AMi_-}6Y
zo-p==@$V^~J<a%krWs17@x%M}$v9}JDBao1uKkK#>^We+ww}Gb>u+mnPZ)c``1h@6
zPc!y3V^1^o9I)S3!JaVogz@htVNWymG~@qBGnRHx@TyZ%^P)$_ce1kuY>nt>Dvv3u
zHotgs=zh2zwbd0Kj)}lCR#!xpUnY2A1HC@79yZ_^J7smgStYE>=j^#qT=S_5X$&E1
z$5sDO3B84K0?+%Fp-X#v@SD#U#l$c!uV6A|7&y_tA(!PU14iOsCN)RZmIh1J_;1vu
ziQ+JGRO5gC`@TTf<I-Gb+gHEvWk1s8e_df@xwYQRUHqT_u9z;EzL1AX{BQheGfk}A
zGA;kF1KiJ0`d@>$bQd9Wo;?2zf_2?*ts_fC_nTV&<Hz>I@TVyE#IPrZUq)h28}_te
zPaF1jihtYu_iV$SZP>F7d$wWEHvE=L`O_r)gm&zi$UPIeXCn7Z<erJ#Gm(4Ir~OoW
zLAXC{;hq@w#PDlN*wcnRZP?R>e>ezxi(+q4>@AADMe&bJ^8b4lg&`;AXG%PfkMY~Q
z`L-;L?bqW!V?W;qff~net>3)=(39uSsZ+OVkADmkJPl9fSNVIWh;~)E(P?xux~%L!
zv*0;*6o<vKKS&GwS{T2A3%id?=ls9gyZWf4(llO<jvBi<>Q0X4#7<7>j83-eOqz<+
z&ZMWBv}X4t<Y!|JItVy}B1&M4jZA8}ohEDZ1M95Qm~JW>6sTa$*eWTTZGJ$4Xo@Bv
zih_a{_nKZbJpQ+T4u8Fe``+i{_dLJnc{uMq7w{;b_Co2q(J?svgSSCzQtBcKHad$R
zV}NJ*@O{BYHqw!B7(9yqt9#AU9m@_`_zT9%@Lq*-JiM!G!{-66eX%)7^y8ZojqC4S
z0gYzoP5BLqCHB*Qg96G#5Q>_~M=3#2Y6@P!77TPMPI1R5u7&pn&wKf|V(JnlKe4e2
z9XnCdW*-Wxc3E3O1s~hrV_~j$r|(|ojo@!E@9Z{D>7CRGmS*inkR8K2DwJ+l-&Y=3
zp(*Ns;BAD@rZNFsIAr}L#RszLRe?es-{0S`<I)=&B{V3`2NWkuO%1bP{p#~5{~s9%
zKz?}Ost$p>T?|>*uKLxrT&$*?&M`h|rd*tN@av-;rihDwufpUk5_k&v{lx7GTZ>v!
zYjsCCj-Bo*St%8o_qUwEDRjDFeSCMzTpR2J5G~7`Ehb44)IPlgr22DxFmE{2lux`!
zDTO<~h9<pb3&`i|P1=<rXcuzGDyo!I)jX2lAbu8!sBAWVUn1Fe>ppqm(9K!w>nI9t
zTmOit{_@+mpjIHLw+;n5h~c!Ec5E!&-)hJny0UC3Dsl5-|A_k=#@Q8*=qaw`*~(jv
zkyBli?bu!f(5Pc8%AbX5W{pKbsv~cL@5z-`2XG4Z5|TMGVC*<DK3ksT%IuNSM$kCm
zkiSZp2~ft9;w`EwJrS%@7dH<lL8(B$VncGsFS{^-5tjonl_53<>qs49u}A)!p*olw
z%>`Z%77+_DY0$k+Nt7+K(|?SRR}_F$Jl6F+e;{Z2QML2EOr-ZYwl4xVdB)U_o22J5
zn8rMdS{-;2Y!nywPHlnQ7JO(En%>zXza%paC#vKKt*V@%$P*EobW_p1e{K6Xgwv8m
zLd}E(d6V%b>8Gla9CBkB`_v5cW>j3=c-j-<Bwx=d8mQ+1Bz+4z<=C!_qRN}ebH6OE
zCg*ZE88%^yaGm@r^;2_(4bE9%@F7)*$%Ug2bMXds?!(%6!#F=LzV_YcUAU^!EaBjX
z<&_UcJ48Sgbw+0^#^Refz>ulglb|^t<xA^{%-ktD7$6%6)t1>x8jzGoiK3(2$t%(#
z2`*XThe`kZL19kPYUjBzp(w?lfftg5C0{Z8z2IMy_tuoSJ^v0z<Ru+5#eBj;*=2BW
z(cI}<!E@XA#z>0#2J2^vY35eySW6?%WSUdSxC*{o%mDG(;BB}g6vh=;2hZEY^lN|F
z9k&x|bf^P^vALqB=<FDpx~&JuYU}y+!A}$**AKm*EX!cH-%ykALb%A?gTL@6;@Ca4
z|Jh>X?!d$;e&k8b6NC_bCejSstAzvX9!s(3dxF{36Fy-1Y9mQ+IFA})^>^a|?Nl_Y
zdH8mNBs`9NSJlU^!i6Tq@+RN~$O-(2uDc)thny3Zlcondm{GCWhJQ<d6ipU#V6u6r
z>8NU^RWYB=oFtA{gq+M~dU9`GLR+A^p9%JIYJ}`QR3-DR0^%~&X)K@9EjnR%7)^K~
zQ;mnWd^MrjN(g8=gXPJic@kG?8ZCJC#bvQxM*PMI<Qm0K*{Sbr4Heq*?)S#h+BCB{
z)R!#XBgUvWNl_RFG%S#1kOIin0x+DT1S@j}FMgzXiP;@@g=ico+WrYoFKE?ijjpw$
zS;i|E&U`D-8%LRlkJe}F$F`JGwYCx*ALV=AVLKNQ9iXibCUMmBhSsEz0i2X8nnQEH
zPNvC!=1iN#uMlX@Ti5mllK&2srkSII=S}vFGvevm0e!d$jY1`Bwc3YBTL+J1B9VwA
zkw~5P82nu4b^fE1`~#T<Y=qG@Z)aD%wAz@;bd4t;HV&w%OMH72<ZCjtmXyCMYqdzC
z3YWBP0XdG4+tv}+1b$bkY*D?mk>@<d$Q8{_LFPbYJK;6B7hg^M_74y^7WDt){sdnz
zY>93Km1eQ)7S%4tbTwV=$IW!HT+r*mxwJ6Jw|K)b&aNf`Y-&MX;ZBwonzglk0S=_a
z^{D)HCPIl`7X*%aFH1cRu6*$WOxef&pe5I4tIcWoYW!c_UwHW}3sc%%2ZIP0XvHJp
z35WBBH<eYuGu+bAWC){W3+UfCEd{ht_-7qtVyQRX%i#5&Zmf_`lELROr%v7I6p0)c
zJp$7zIy*b>_V@R@+~w-ugD4H%S7-+g2In5SScDI9WB*yfX?t(VE+0S1>z!?FjKaV^
z<>^uWx{Yf$>^cI%h0f|P-Vm-mOGAfTb8h1eXmG-B?+~&r<7w7IcLEW&V|Z=6q1_q$
z4R9ikZLVt&2xiL*!NwLA7_tr}^M=oh!BDZLSs$6zS}qbk1AToUw`k34G$pV=xGrD0
zinHjdYXo_MzB)Nr)U378T;5rs{6|ew>dO0c&E~Bx-f;r6JdF(feLSj6@c8lLmk#Oc
z$dzyb<P`RI%3jM#wTfd8nC%V4Tw1^y6IZV;r6efCWP2o=8zi%CoZkd~4jqj6?9N{j
GzWX1R!Zn8g

literal 221189
zcmeFZbyStj_cwe%1*8!{x>S(vPC-SGl5RM_p}RW;L|P;y1*E&Xqy(g-yQEv1L%f4}
zf4|=Aeb#!{Z>{(F?{{1hbIrA9X3w4-pS_15IT>*bR3cOe1cD*)@|ipYg6au@AQPb=
zffi+%us-nZtE-}_y*$*3!rIo#(8L@@VeeuMqkuV^7(yV<lNNFsn0_qi@LgKRH;*tq
zNU}m?CNUf@GNhk+7b|x1<VxU9?!xaDVL~x#Ka;!)F&IdDo*N_;#uq1njP=>E`hl=@
z2FHiEJ9&FA!n9pZR{a|$1v8iLf0!#P(I$T0AlZ1QmpoPW5p^Y@q9Jx0vB0fdVQ;;z
z^@}$ZgLo6NYi~G8!z18T)KjySad#t;kO*&W-1<a*TM@S_4!X$_mdRQzyB;+zntWXT
z@B*QGN3Ft-AnFzbg7C&fOiWHfOzfXEft4hBL<+ua6(MQY(Rh`icz=sxF(Q?3;`#Ho
z9OYCLJkf%IT)(aioq^Ak5;ivXHPJ9V8I(yi6CE6^@ou+ZVXHi#dH#TQ-%BF(c?fdn
zrL)tn%?aincb*id+dc1GwHMUU_ifLVC=cIZe<5gQ@V&==#QR#R)y{pUwR5bFr~jwW
z$?BQ{D)lXQL>u4rfamp31sY7&6HkKD^BHK{R@;`4v?5L;H%oi05?^7$T?~i68m<JT
zw~6KiFEbg!#2zP8h0*4|IJ-*hL0x6+Gp*>GJo&*Ka=$zpRyaiR6g61Y7X^WBBl{C7
znvFWAyp(~l@cII|;{{cXfvr;W*Aj0c#g}2^7g(N7X81HT)1P17Lunj8?tFqhc}E>%
z>Po0`d-N{0Gg4uBSkvfjLm>$(`|@#|fhG)1O(zZ)tm<imfMolw2ohS6Asq(9U86&3
z7u`L4l%kr3iW8f2h(S)?A%?XzN=Wn*x0$7xhM9&-x6GM2tY8M);`s*0Xdrv8CP2ni
zrKR}vtt^<J23C47CT9z4Abb#rfUvVQRNo9{PoW1hGO-k-+O2D%qA)QKq*CFOW|6iQ
zgBhE=bhU*kxXLK%yPE0q8c+!fp$a(j0Rk2<dnkpog}J32pR*v<FS>l-=bL6`DvDoS
z?9BwJRHfx8#H?&#6dX((Oe~DgolP9ssDw}{1Z)iq`Q)Fy_(KBxCP-y$Z*R@V%<Sak
z#N@=zWMyl_%*xBl%gn;Y%*MtDdNA6#SlUCK87=J|-jMiB;~C6O-`2$1-o(n1;)W(v
z&&t7GkctXCr}$@n7S__z{~>Q__lFCBAI#2BYi3p^7G?_z=D**tvw!Xgi2Rw*|M3kw
zMQ~J^<zaSK4z~KR=Z-K-`-gv%5SNga`wxYiB^jAmSpQlSVBWt5GtmD}KWhhD^Iv@o
z^qFDiFbhD`4$P1BU;XV(4FAilf6eXY$*<-7JrOY6f9U_K_djd@)fx1XmgakArSEVv
zsKhfts+;-p8CdC?81Vi2(Gbc5)#HXi8TB}Mc^Nra^f(xK4S4hzxw+X`VFnxqoGk2Y
zf02@~w6lj=>cehG0pd(1fQ}vu8#gyQl%0{4SC5sE!vMz32;~G6d0~1SY&-@$Tzc&6
zf02;2H33oyHUE27H>3;zDHs<gE0m2}kI|5eSC5gy5UR(>!^y$T$jZ%Qz{$?T%A>~y
z{YC0#ANZciNeEK0F|qu&Ma~>*Z)jy}AxI?+)u)hE`0o=%6APGvJ@kfatXw?2tgNi;
zTpVoNTx`5t|Lvp<v$X>fcSDqwg^8Wx*AoMMz88Qb6iAMV1=I+}Y;9@u>%q;w@PX9;
z&O&bl6;S@w4i>{FW($MbTiGgFS(yt`-AtC^hU9-9OM~-d0JVocgWAKuXe?~(d@S62
ztgMQxTzu?Yd@O8?ES!8SfAzOAFfnxb|LT2ndME^b@A*p;J21Y>ucqHeN&#l``?ue}
znw$JOOB58pP6Z!S|MwE?ppGzuU-JaCem~MThFTiIfcp3&um7~0{2ye26UxcO%Av>3
z2<0|l2jaxa3S_~Mh0%bW+rWT@1FFyYXI1~9Zf9j^?*z4lJv9P+1iS+B`HNQ+PkwJ9
z?Y}4EWDL96AHXq279bb@;TXpsjxqmPG4qYq_-Dxi%>OT@2>j~smzn|Z{cZ#53ur^;
z|ER-1Oal}CzxnyI8UHtjprH8QLH<Yl{a<$dFT4In9QYq~{$J_(Uv~YEIPgE}{J+xm
z{~Nnd{~J)jEP)&31i~c~Pe&9GY9Z;p5`PA{zWMj5Au9^B+_iqGW(R?w;okg5fW#*f
zfJS6{3F+s^tH@}0k8TZAqoG3}6cCALPZgafw`QE26=2s$d;IBcyZDo(v~E~Wapaz6
zc4LjvXQNPUY~nwkHjhX}q@#H2y~k$o@D(;T4C`a%!1sm|nW0CkC*tu@p9Lj`Bz)j@
zTG}x`z=yZrrBA|k75?@1Q*4oEzdrU4N{$K&hi!c+-c}J`;onBU#KbgLrTXhrTX6fS
zcVdm~@1|Onx%(P*GaQFGL+j(ZziIrTG}UFm_7%oPsNwte*Jp>Q@}hb0J6nKv*7_x1
z66VF=Bb>iJoVR@`L@>RhU;XaAR_KzhF$3$KD;!#H8=#rv#{H}BYcYzbu1~iiHJW{+
z6u%~tR+n6mDx0%D8}$42-(M|hT2GX1J$;`4o|01!@yw)iqRARAi}KZ@zt%)mJM+Vq
z_Xpd@5XPr}x(ep#W-G1@9SV!hM+wLM-8pTlH{#?&!j<2jiOMLdu?&q4WMwoFUi_<H
zfJoNRdX_8AA5JNZbimbLrOLK8oy~sydzM6qAEh!=HfC5HNPn+!a3-_VG-dQ^1rGar
zlBO>W*gksZI{me3H($mPe(5~-(nXrT*n`7)AMg?|?(`1+@8+2bD|d^Arqb?De{az<
z3?EIVSTX9TlE;765~eVsn^~YxuThus_YBt@2iEN&kjDxCY~_oQyZ&s45`PoJh}L8p
zyPk`HJpQxZsA0znSu=$O_KSb_^Pm22AB}OM;qu2@T?7A~{_OzK6kBf{y?@wIP?|Hv
z=r4HY`ES0V)@Wir#XfA2{V3IePx))uH2xPBx7qSaF_A?6mV|7|h%SQ&G+&CC>pxpm
zJEo|-9hLe=jDJtr^yP>A<3E#iiu(Dqw>#4%Ry}6n-<`65m?QpK;@J4TErYeFzgb0e
z??&WAgjf0hYzXVxzn33Hx!LtD<u~W-#d9QC%J_!r6Rvu5|Fr#nG8}>8+dTh=D>GVF
z_7++%=!Q)!x}AOx{rhX$ltk9hQ|c(zQ;8Gm3S|+`AWVN#Qer=%4-cvyrFDMSQ1#?X
z2(?N05xW+lljf(~>5V+)yVj?mm@91gibKE>ZREUC&TIl-(F5K6-d_UrT8t`o^I?i4
z*PWT*WOedzt?QN6*R*2$A&%zQrYvEzbk8(pXwTp9jTj56CwZT0V(8fo7pr`o-%Wew
zop7)4_#0dU_hZhBygS?o5VSz##Rg>eor%g*8a4mI;B*M2N1XEueM9|5hH#%?yic!+
z?f&d7A%dxqsHC4{G3no_`10=a(lOR2-ruuPrWl{WWFwsFi1+@8^F(fwr8=4(GsMbP
zw#t9C+}hY4@kNDGXJrW`r@D${BT`lA@BpfJQ5oV@q2wtKJsrb|hO<y3&xbIC-lP&;
zRSNzeq#g1jvNA_9|B_sP3KSq7avS!1tam0O8fxeXdt{8nXpw(5nxpaiA6Z?dmyH-V
zP~3yCIK70-?yj~r%r@6oJ|v{?S8m8%DAE_*bLOui60AyfP71gqZ1y}yS>z<6YR^jj
z?u$wX+*Z7RrAmPe5^K5cLD~U?Tk&=CErv|h%){$p7>{F2@7(SU6DgDo9NRtUsCsCn
zGq4n%Eh;6P7^Xky|Nf*3%er|msCRxdt++N>EYhE#mJc5?!21<vb=FvW-Oj2mCeVoM
z(c5bwp&Y`UJUwrRt{{f`6Ae^IGuW@I@=C)Kqx+^f9Q=roy+Mf1H-aBJdD}+n<3F|g
z9Z@O<@Rhd1ZFn={Tq*D%d*6#BoHL`uGgjSd>kRNsN=~0qH(v6i)zDe^!%3srz7gK@
zcG{`()QSa?bo~wR{@hOHdna_ywp3{6V;D1pML$AVh-h9TW4kFaP4wh(Rhw6edjX;A
z?SybYiwDoC*c3vOTV#0l)yw$IUXk81<;0KF_T?34FTP6AG=4-!4zHstIjhk<v|6E>
zJzk7?2IgQRR6>x>U!5+S%}!j3P`@92KJ}fga{6DpXJ6L^b9y=Pc?*C*d<b-*5Dmjb
z#zB;UwZrS>XyckJ3v9A0=9S)$T2}qB>EGYMv+1t!V%ZARH1tYe?f0}N5)~PBUny!z
zyhecFV`61nPsd!#X5d8ReP48z!ZEyv411cVH_yp<5tcMNEkoIww%{|ccAG&cG6?KO
z6^x(SLiS55y*@+07Gz%C^zP4*=<uMqt0dZ;qJyCJ>Ueeeb^Uk4d}Wscn=f6XD|Kif
zLzr1X;mmR>0;AGn%y_8j0qJ~~gHvh<8JfxqR<(6S$Zf0A%un|cQGg6s?w=}~+`b^x
zQe3Yc)&A-usV}gaUn6%`Q+QEhx>JH~?4X3^(aV!)Ss8XOh_<7wyD#+Pb0Wt|B=ezV
z&2qK-L7We4ABm+vB9uQpeO5cURVgRSzrU-C#n1J_f~d7Ip1*U0ZIsTL?Y88zVe8Ks
z84HK&L*wN(4_A7Vg4N0l^|}_@#~aKZ*xK5T|M3sNxv`gJ`ym+3))y-Qn=Cg8P8tt$
zu`|@~9uD8UIMZI+2pVlX#<NWER3*npvsKVbYa9MDL&R@mG~#<#BWiD`#+-)^#u+bj
zwmVMceyKtYnXl{g8~E0vZCgWo>9O$X!&7YUHUSK(@2{-sUxof~_t<-$j=Q%J_9*|F
z23e!y4Mnq(i+IH<+KfQSnIxGfT7PG@gU!ne9`qf|Bb65W4)S$Xn-}DXO5HGmxmH}+
za=XBkU_{zGM9&O!_lIgoSU;IbJC@+PeL3j0gzp&Odpc8POHP&32$0{c$>2iPsnqOx
zZiv&G=;XI?EUx0lTi7^+*s1@HB`uUV>#$M05E<f8(VP6r>S@Lxa^B=A?|c&6V}Nx4
zfe)cNI-_I#RIfxw$#A`kq0Ec<ia+l=UF!03Zuz(~FP46-^LV+td@@p#cCS8iEgDHM
zQ(M_JyK*rZ(aJlU8G*s+DKcI<QcGA)34HDXbyX5_>LIGIRi7M4)*^!f-8-lZgX;7q
z`C$pis~0#ZaxDY<GO}L*eSy??wqj;JRXeiCrsKg${_sVZfqo=mw50#hrdLZ%+3F`;
z`?cX5Ty5utJJmHcWj6m9tF=N(nIp?{tTb8$;f{LVvdza^tQ_C)#9B4!r!7%D9ntOE
z%Ed2g6gFOpTACE(ug(abo77B!72^ecDr^Cd7Cz<k^tG+VEEZ^WjoWCEC-aagykRBA
zwO(7!bka;HB$`3-DWj76GzwkV4{_aYn!75%nxk80>&o#*xM7<$Qz}8|bUyOy(RjrU
zg>D!)Ru}F<#KGc7$}W@JXI_SjQ;|MgjPT`Dd$KsEp!ma17GdN!XS~HYyQ!N9ka5yv
zX5}-|ky+BFu)97cEn~>>d`te8$#L8qkU=%myv^Deb>F?idu6N)d>Wx%@0Hf>{ZP%=
zjz1Hx?QQ7?<cpW4AA9n^&<VUwoUyf=`s=3eF*#?%K3KGsOnq`fj74sAr{iQ#@8RqU
zcP+Um2i^_$i&pwtkQIbV&um6&ic*8agZ=utkKu55Ygf*(r)q3uq|cWxUtHaUsA}Qn
zbB&}a?gG&mPn9x9O!t4j*{`-<@O7Tr7rt&QOyV!GfMZryR~JYAcRx~x)+vnG<y->1
zJGbLjqIVb`L@Dwl$e}~xgtA>JJF&6&&Ao)~cWRqZ&pPtt?o~?1YU3glN($&G3m)a^
z6Uv!w(mcXW(V$cAcF*<?Hu&22NxV4905bL=RX#Z|9g!UC@Xn_cZ5KG_6#WEY=GxVj
zB0lQlOmpVlqBttn?B(nqSU5Wd6*J`Pv(;qdUg;tiZs!zUWdm8X;2iKFsbg7PSx>5N
z+byrXSe$z$W1!@MjwZ|85;WeO6~ipI*;W#zKc2KJXW&!Kth2doVN(N?4TqzVQhz|V
z+_v3Sea(pL#f;nxJ0~YzxDX$KSfGIEev=Zt%IF3%x_&Y|d}LLl%8`+u21o5GWMT1n
zfKbk)%*ADu+M0rUI1zdHOr2wi&wrUk729)!C%k)Pnld&dY0Z^NaQ!F;J3--{ve5C`
z<X4=_cwUVQwi8WJRx0)p>ylV~0}bx`xeh$|T5oP~quyxuoUk2&>F$wyK5gJQAY0<=
zUWXz&^K=guMB*lIE+VM7ZJtdHBVvR-!&`i&iSzy^#~R6xw`8G7d&Xue!7Xp&b9W_m
zIAO-uQ8v%3fuzNNac9SI#9F6KIc6N4UGH9nFntLc2N@(p*W3IHKGc2hpHfG^XbvmY
z)!db%;W#K2_fZc_uR^uiGer1~TE0fO^#-26v(z}yoj3hx)ojnn9Ea&~o;72|?a=9H
zAiHm8DP{1*nB}Lee<)J|y(eyy<GotzOhH+7Uv#3p2J&eTftY#u-6o4bA3polfQs><
zlaii&V7zp~kuJND)cS6)OXnfp5Vg7Vv#k%K?|V=Y+bU~5<ck7rnB+$?m=XC9iNh)9
zFb?r>p<KbHy*f@YWY3;c9X`2qMcucCyMeCrz<;8Y4`JL!5G!l(u(P2l53xZkagcrd
z?)C-gx3E@O@}I4>!Mt)NxASWv{DK5G8#iLt57*uib(}Fj&cptgvrEkEaMIS6tgVMP
zn?X~yXHPRlH`g%Giz}Se6YzpYcX`6RUaRYV53rC31Azqr<&Jpt&0M$TJ8haW`_}Ll
z71vMq;k}~M-x!{{%g_?Jji)9x-MZN;S#kgN&i3UGi(av|HV?%@HKXyhd`SlB+wKYy
z@wZH=z0O;`8!FSR!}^>DPbCD{Wt5}xR__%if`RGf%A?K(oI76?On?HO)gv~-GqDkP
zA-pp8RW4m)qGXO{_^wS&1`lZ#*5`23T}ylhMz5XGwcCk7%pJRt{?&kg{9efD#yh^^
z>Z6vA<0gsv6@GH^+*k9Sdx(}AfiOeNzW@Yn&q--i?YgLF)90IL=sscv(ij&}lDCr4
z(FoCvMs2rDKDE}N`;N+?>PCqyEP!*{jhOC%@L0Q8zNf&!OTObUGd+j1<*cKnq^pwi
z{i0N$Digz)J5ozMXMybjyTDo<9ZX<dVb8Ezog7HKZu$(CvtY_B9w>qwV!mWpL1zVI
z4deR9qU1YNVCRgNH@&qfW!CVv-pI+;sW*kefoI;N|IV7Pk-!m^5Q)pFqZyxx6V+fP
zH$+%9dt>VJ&!v#Z58f;C5SmTz1gclhr{XiA0OP)T<bFSPW8iz|>{dKGQ<fq+Rk-mc
z5>OXc()2B<UqylE@|MEsvFjcFg^4~g<r51frIXsc3uo<5qYL8&q9oO7-ouEDwMe{r
z;CPl}W!KU5XGRO>@o(3aknYq|WK$?!EhU5|a4lAh=>&?VX73*)3A*9$@9!(e4zAl%
zP`!Vjk`j0_>lTagbOaw4SAV}zW3cMKu8RE_i-BPDiS5H5(Q7OwZtvCB3hIl*Z!eMt
zHGeN}T_49y#>&tPAdb>V8{&Swcs~PDydsK863wRRRrEOCWnw8<%tX(*`w4N%WpY3(
zGxu|3G#%%{Ynlg3m5<&*5h3HQO60fKXUFf>>7YN4(3sik;D3DK!YbiUnWrDA{3*ve
z1!!HkHtO>fxmCIXg*;pq7c06(+JwS!doM^cI0vfd)h^DDn6mC)PsBkWsw@oH78hHr
zdeVs#OWazc!dJkWo$g-~Nd(B+`!=fo7`~N*U$uMFc(qSa{Q;iVaKZKYhgtD_watba
zat6B2HS8*$gYT(3I^-KUzIWH9yM<|%2hO?m?5i0;v&U})JR*dZlY3tnM&bjf|0~^h
zWt7_IpJV59Fz!~rPh+dQ94lS=()!xRLSJl84(&lO{P;j@J<g-;XZhln#N)*|uTK1h
z{R$gHD3=KNPXzC!sQ3k+%#N#($uY9+TO>D{YN~K$<kenTLz7>Z5N-CTeFxH95{GhI
z!gvo_3z_4MiYvR@e&Z&z)ypS*;aIA5(`ywzhiq-76FTP=g}3iXDQ2qY@A2hSJpc+9
z!_fVVQDAP-=0e^{mVtcaE5p2%vmo<j{M#kg?@EYs*Nk_jQn1=1Mho%6E^RdKmF(z+
zO>76SHW?M;_FYuD6eQ8yvwg*Ctdy^6GNL=E^AUuTx+7~HRT;uUWt3!hOi9U1)_vz_
zI0~$<7qUe|PI>X^Lidk|atDQ`Mak7Kx12m8cx-Ly%lArR1)Q?n?*&-CO2dv-FfAq1
z9gVaX80xxZmSSnHATkg?Nz$LRWpKLNXHW)HPU&wEhbxpAX+AmU&Z{#)+gx%5mKYaP
ze7)007W1<n{2+Biy+3U8OmEJ)qRR8a12`RqSCN=NMa9s&a7oXQt(b*h^=eu()MCS_
zP;W+LEzidF<`q9${cvMv@V16^eN$K`GS*6YP;2N4)P#|}!+gScSQ;h#_n#Kvv0RNk
z+mFwx$2!i`8`br47Z@n|;_*t>aA8J})^G_Yg4xBhVBJA8=tc8sLD0CIB|nA*GpFZx
zuKuT6Ow>7_zN4I8DaN!Z?#6r!W6vm?RH|;uRt$W=Me}Z{eBF_LnT;fI;I?dGcp%W(
zif&Hk#KcrgW$-!o`jS_|n40c+cQVOkV)Hu$H(w%orVQL}A>%B1p&qr#G_>#DmyWP@
zAXct6H}1~+KmqHsx_c8$T1hmHT<YxWM)_{$CSB8PUFwDrtdxy?e>KHRZ@$@wQ+q6?
zH{nbIjq_zyTAKCG9}?9ybqgh(WJZ1*a!psYcsaDR?@wIdr@9xfmT<5M-V)>B@Yt<z
zT--t&H+HH?OQT8@bVFM0PwK3;S(@M0zjUQ+mP|oGMc4ED2lE)zdX9bj>#jd@*=KN|
z2Amz=5S%M^!)_c2tSW0(xZXA396=pz%c3iYF$H61MS(u;dm08D2&H`2^zSIn?iK<u
zDSh~2DK{E_0iS7+<CDo9B7v&cu9xK7vhCy2cNZUg2G5|zarExpzSgU_!Grq=FF%Yf
z*nh|Hm^=YCXsz;*BsyC8VM*s(E=yxI{KGCKlfjcf<7XexxYW{dy=UjdgHvV2Gth4(
z)P3?|*N5ek_Zw<VTY0;v=6{U!Oqh&Q>{JK#<6)0~*CF!bfs;TDL&{VjFTdOzqVJPv
zyvAiuzHcZl8r^%>K9B{iTV^99i7rJQ8X&T?Q|zAK(bcF($;)}HS8Zq<XI8K!>*kN{
zr%pKL@KDUc@wz494tQN2oxFOoXRs)T{hZSwKwRxkJ219bMIkNmXuNo%Mc+}3PaHn0
zt(9ej3zC^_1{8+UAq`m?WV7l%4<R_;B3OHy#qaV-HoI&j#~s6`F}-TTsMeL=A3gk|
zBHre~C1Z)amQr?wF9DzVx_-DL454vM3Xz$<ZyevyR=&H9E(P#(>u!~1i(O3D)#=_-
z9b*TKrFz8)oBDHiOfnsneV)dM&-cVqBx}%tPqVM8!Og0f@g0Srf~jw-6F?w8mG#$#
zUemS$1{*G^StQedFmu4PMVj?+J^Mqdj)D=od7-c{4Buq`O`BO>|J4)Nwm*qLDccJY
zH}^z5z(+j69=b)+FuMC<DWe2^GeC_3)2`=C%w5)<kifL6Y@%+x9-Kc(+#j3N2j(H@
zmjnQ-JRT&xYzKmUI}%9_2e;|rqa$w<0=v#5cXV|;zYiC=fz7e;TUD!du87`h5U;Kv
zsf4kk_J<w1OBcfI3`|vLwuR2gr(2Z5#>8JM902g<$}kcrgwZLvi%qj1KMzbgKv&}Z
zvk^Rwq=yEw7AAAcB)s8KekMG)I_AgKH)g+At83ADxalL>3ny!CH%$wz&S=v+_NUa}
z84f1^mIPwHcGPM=<@OI~pC)%;Q9=iENnLUE-0d5zrg`^5y)kvfKl%$vS80Gqd?38i
z;)I=evE)*n446uR=`ZaJB*e+uzOkOt`TNJChqXQPdhaFCJu3I@n)d*oeU_X~KF`aS
z=E{Tz#>>Dh&ymh84>x1tk-6B}*ovKYtu8+J6Ws>!YPxv1-sm?%0v>C~ix7ga8~kBz
z*26pzX=`qC?2(n#VA|v3oteOWTx#9Zy#?o!hLgRf(1d|J6=tqUttWhZM4O|9?LD|1
z>Eb7r&f6m@CAQ1qFC`^&4@*4GkDrU^>iSP<X=<{VpIUP<{eyMRC>gL3esEgk0KVy}
zvbsM#b=~mBWmF|iP-;S;MzwBF9JVtr;Vmm<EBtw2`fhw%VE?TS_e*#Loq!z$mcRWi
z*ZHSc+Ci9DOyM0F26%;^vv1&vCqPZQ)&!|W(pQN1k-f5_1b(`TydrQw%`30Wavm>!
z7y}?>S?;F{bp+;UCB1Hj?~8Q`YD$Ig74R@Bei{MgjFxb;@CrC6(*1Xqt|y7Jh_Cm}
zxwI!TuXRt81Zl@l<Z%;5;jK9giL%3igy-CLEdU4A8|eZ;3z;TaC^4a_c|&|4JuO|A
ziEH>Y-J5jz0ASgBMI*glJXjb^IZVy)<3_WlZX7qKTOyY+TCi7(pc-$*gzK2<;bXt+
zR@DExp$brw$Ow&hAX=Ws4SJ{HE%bIV`@_P?UFm%h1tSopP@pvXLeEiA!msWJ18Vc&
z6gj`BqpP}3{ffB1+o+VEZ5nEFH1#&*-hTCyK@>yi6aaZx;e(Je$#lCg!}+Dsh>^Uh
zD3)5kx{1T|6f!Bi*3YTQj=+)ysYMjI`wv$<ux;CGugxOXH&=W6wOBB(-zfc~Q@g3U
zn0g(+6{NB`5DPP6hS%?BBAF#yh7|ipzN8-z$-vnI0HXVm5mF-|j=@3s2yje-5I#vX
zgr>%3@z*XzTSx#G+TDo_ZHR2Y%EV(=aQ<PKKKs?n*u<Y)c`t)UR*#^O3l`H1%ENV}
z=DcAi&lLs25IiDm7xqNzN2fIM?Q=)&I@@~Gt43OnOqjEh<c*^0@q?JIbJ<Bf?q~)m
z(Zy;-;?<xk$E>&T^K}_ARk)(QjpQL>MI%v?B3{k;R`_xbhp$?DkALeefPQz3-T#==
zF|SnewoiGgym8H(GgELeyr1kR?#W<)mo01NRwtPbnPjUQ*6F9(ScwYWWO2h>oGobJ
zL)?USKGgvGJZB8=s2IL?KifgohML&w_^5D5KaHsfnGcC?aTCYK*-2J%f;SVJ(#~qW
zpmFx}kW#qJjN{e&15OYUKhd5d?3)36zcF|>paZFnd4+3Mj!&-^K<3B>CrlamlR|mL
z5FcfgCo3N>kpT}M#9dH3k;X#8KBqDyxc&x2Us(1lV>^ICt$#;g!C^)(m3J?!$gRFH
zp2Wu{e*L0RchtEM8#q+#l(;`>`daO|4G``gt11zVsEsC|*=<7dLN}`))0BZ&(aVF;
zW6Q=sPobnXg93tf-QA4rrjR$|STwg9D!6bq{vfq!RLxlcm%e{RcL&=`YHR(@bIzVb
zFE=U$lJw7&Zab_?4k3(ir<Z0b=7hLZJLx^Nbca_v_=-dbfmCQVf(6emaKs%7%gkJ7
zVCUKrw6W0s;8X(bV^0Yh2yWHmAUyRfvX`8jvJMM=wB%3#Uc?DoF;RQ*w69>VHtdOY
zJrob4;C%d?jX^&T02BMT_@*p{I&}eKI&RSzHi0#+N4Y<?LEaD@)O~Ud2<n|5n(%mR
zC{~bduB-&;c&de4HJuT~GHD?~-uPFv)a^DHRS-S-M=1>^y#(F}0>~cDye1a1d_|Q!
z6{mY7Y^D=W7Eb%6(CcVq^#*wy=#i$sjfzxd+g@4HVe$fFh)&W4IMD>>w;@i*yviY_
z29@9HQxOb@ijk`6_S;)Km?wHvYCaZ^sAjAVyrBlwoWStrz2L^D-*$IkNbj4fr&PX5
z^x)9SFFxvhD^gYr`BbzA%dW4!e&O@ue%kVK>>7(pk&yl3Qhu}5l4x%x5tg-*UJt?2
zhXk~6jY5*j3QbjX2$}gx$cQXamh9C}>-Y(~rUs4cX<&{Y%$jRcvW$P}B%{$WV^ZEc
z|0(C{pX-z9Nj&x}F+kv}bkK{PZgn%Sp=ST2v}42{nNK4VsPTl2$XIuFtIp4LcOtw|
zhk9g5=jj8cz#iI#5rv1oJ-lb*<-$X^x9i5(E1CkqUdwFrg?2F4%eE0^ZFp9eoeei*
zN)l>sZ!_|4yM*g@qHZgW36SDd^VZ-YB`8WY0N4hA`_^+ORpz;$E5<*|&!SONsyuMx
zC9}#RUt$X`=Tc!ia#C8XDW&r?!hJ_Cg^MPVpN|Gf5&khY-^Z;a7>1xLNB`iF3`Xnb
ziA#b%5}qv~zA(N)rPt>xvXR*WQR_@G?_1hiD{AzsK>$<XaaJHV+yDV%!WAw<fDnR*
zvqg_xi}4D~O9QU&0uIdErI}%bMnjMzRz2)&%j7EB4RW+Ry?_drc_gY=y8KfMaH#nJ
z>yQa;A3xjSWjAxd=w?yy{>A($wc&_PL*jkIF(R79cN@!b**%*+PCF+p$E#xPT!SEK
zaZZnW#r}|G)%ZmQ-UF3nP9!FpBQC6#cx5JS$H`;U!hqZq085ZRMoa>bcUyOj!a4li
z)T~_n$QUv?7RT-?h~aoHO7~Si?u*w>=nIhGy}c^tj1j_Dgfh6MhgYe-9=D%nYly)(
zDC6djCGJB8?~isnXaZkZw!84)s8a>4jJ6lXrfVy#Bek}mlwJwnZU=I>1zgCY?UygU
zP7{wShw8egss}Q6)7=AsMq=#vPR=cN`jDd-kj^VU@Ruv|7^WS-A;(~`JeYX1XxelY
zuk93F^`k_D_3$pl_Tv>-E2~1IuQ|+0FRzDX#O<s*Wi->RNo8xiBz-b`#I!=S&XQ3W
zN||O#&&c>(N-E@shgO}V{;kMfB5uo&q7~+5AHSxh=9ak<=dODkW}_h(V*g|cok&5J
z9?P?P`KQ~4|86jg4DZDy?o<3&Vu0U|Hl9cLS44Dc+{3HvR`GI6mu-h3ad0C&wSp10
zLNnB#=HKJu_@-2v_SsK9V8P;0CxDoaceEk^|7zMrtBD+B*Xlh}?4#L-inY&7S~C(Q
zp5W)rdmKlQYd*@wcR;njpM}$qOfBf|-YFuEUdD2H#-1e5HqaJ*e`%?o20wV@@!am}
zE#U|25t&87h($A5SnL3HEX<O$5_?7NCNTUZqi<5U!W?xLq5>-@<ZfysaAzynf@@4D
zE`XysgrtUv;%Rt~On}S+{mGRnTfv4?IC9HG;ZK|Xaw^R;-4M>?u#RGD*VN3}u)9FD
zfc&d(!%}>l1svo%?A1v8KPqdBiCWUi#N6owQ2{=@x+RaAGPhkR4iT;&1?kRzxZ;Cd
zp^Tj+yF;+13Z2fE_SHQTewAxSLVVn0qC0I*EXB^Ax#U?KSkf@2`Sq!2;ZZYGx(_$g
zC*!R3b6)b3A8hX9bE}m{;<O1xKZ5j|1D6pEkfa;7zGZ%_GMuDX@2-$_IAoa+&)_<F
zIMk>(wRHB7QH$>OI^>fTt`RE-o{}u(L2V<Mb6OJdcOeXR{vtDbL?NMwcgkp%>K;iT
zFb?u)!&c@#4evT?KFKPzXtX36Y8OKv?G=o9y<jthN$BTpH4JSZ*$9C`ST<j;dy)am
zOT)kB7eg0Hfph`!peV|TwSPXGuU9~zEY-~}+;mn$a4R)1o$lI4#Gz<Orjxj61mulx
zaU-uEoPiV0>7IW38_8C<*PK~UpmbptFvA3wuLNEc29*(wGWFZn&DG2y@8DO$6^OlV
zvpRUE{6I%ZpCpDi4u{K{Z@=Pf*kN1F{s5IPdIuk$kOA54BVjq<K&CbRj0xCV^(|Ua
z<6XI(cil*AF<p+MUQnqXE(ii*c?J2?yJ$E{2`}`|JlOL*{)v8ZW&~rHbpn=qVrN)4
zEwVv*k4%=|_r1rXNgT^=-84|ck*?2gvT_Dj12x{Cd<?Lc%CnXv9GJet%{C0YDBuNR
z|4?SFhpzY7c&R)FASTLjanyw#*MNc6L_07#mhtWqZq$tgz(=I7xf-I5wz+p8*_(?r
zlCihvg#(haAdBdx0e|{T&7Uz8lb}?+HdIe4^P=Hn4t}1Fy6wnks)f>_iE-lB6g8U4
zY9e1as$sdZ*~^dwDWviPr{?`Qsxs>_rKsk9IW#EykY~+j2KNWa+Ej#bbxlEbNtIr%
zsmfcc73-xEUu%tu_Z<jxy&N%ZInb12R=4v-va?7*z6S?-@3_I-cAEGLQ#9dRE1DV8
zT2^L~Cl4t=)EA?CJWpkf!X@((`RHIE0!X0i9j#1-7QQ_z<{Z6_@;f=nd^fc>v1@XZ
z0hFa4p~H~MqV}wCYParaWz?Ks$OhT{;O()WpaP?epptb&s2RaSG|7go5CuexdR_WH
zdMG=q2fTVHD?>hw4x?n@`5`4lqLP=7q)N$ER(ZIR4SWEYT+EyX0j^nf<ZIs_?gx#!
z&fAdr)wE~*x-^N>Pi`PR;MwWQTQS$4co&`Cx~;&;D@)MP*WKqM5B+|=5&nJ2#bm;f
zSC#ZuEr;#>JXejOQCZjXCG03{%d`2)%dD|>5hItUmXeP=NR(-oTw*DDJXi;$gWgQb
z8{9YD^vKW2+eBcdxzp$-fI^P3*M5U<Eu?5dL_jz?$?&eN!bwA!hw17a?LGLYot6Nd
zrc=#i&;B!h?yc(NaG>6s#PQ>lK3BA1b6j1VaD2uyE<TuZ7kCZuwr`5T`aK|<TX5VH
z|EEBNVfI>-TQ=V%chTnlh6xStcIDHt7h#LxRF;O>3ksIs>f+UX8C7g;gkJjt7og1`
zHvZ`PXXlq5!G<<+2@tI#f!JWN^{SCzd^$t9Xi2J*#jI1s&I+z>;?=qZp;>yjw^Dc?
z1Wn<2APqdYp77)XuH7R!7aOPD3BeXSlUE<Fo=Nii+_|P3CHZ5yvp6>q>&8vYjV`*y
z&@h62RF3><E)%iBVhmr&W5{g1^6gveXV2cGJ8ZIeb|V6>@J^OY(wEDVIi2NB%h~#m
z7%!hWe3|MD4E;|E-9A>W#GMzS`~9<u8O)<6mbvxaa?gJEXNeO<{_bVlCor}NQk9mr
zq1Uh1ALJ*?#58emNOi3*<%_`BZR2Geh(G2OVqXA!N={WZh|*p++gmX?*#Dj10=15@
z5xz+~txJIf^YEz4p51KX1Pa#m1BFaa_bIUyUb+H;`0s1C6DGgLK$1=F^xtGhJt!Zm
zJl0yz3CcS1z%lrl;qIf3d;{Qfy6ki}9$J}xXSPz$_8iTRLBxsyFuK@_ipx6<Cc3$?
zT_1V^a@8{xNHzE^muw|_k83F9HlVGi&^?fD0%$D?h@ue&REXVdUQu1uu@eGkU@;vb
zChN$dBvveAP&tQ4)#81ZcZrtZzC8_=yDbF<TG%GNS)ovhAJhVbt2#}>u>3_{s9D-+
zy!6M$n43}tdcs#{KXHUv<4$|$)Z#c*b$t4;v47eq&r3wn1y@KbbTJi2Eai>bpc7<q
zFq0qVe=B?-%DT0xswwsTWMnz3tmML;3s|U*_np4qM1{Z+8F$4j&!Dr^I_ms6td0Pn
zROzL3#;Jl2Jq!U=f=Rg#X4#Yc>nl4CM7Vnp+_1!X@7ZoTx#xg94oJr4dr=eY&hGlX
zZfbi-sX{J5@>7AqQpVE6@e-DOd>3NI{6lwYL?BOp{5`H3*BxPm`QFCaIG|I2i}lg#
zb8t)lgm{ROnJ}50(}IK6<Jfg|G&Du7fID%Ad5Td7FaRio7X-DItbL)gSY5?}Q?knX
zrSz?Py)3?dfp9$c<VJIWdKC`-J~LZVBfcv&G^cKZbA7G!yrdJ}8~w5qx^lX#hpBze
zc^8ZbBFfq6=n%Z?vFz`i;szha?L!SW9pQC!3}JUU1<6M{9AedU?37epbX2a{Wf@LQ
z$*8Elu%5NjqM(`SAGj^l<!l&<=zcQr@6+*`kzbxSQdcL!+?vx_aI_*PH-H(AUb#io
z3w-$Sp?PYG7}Y;bd-7F=eCnr9klEQ;2R4m&k{P1f+GGNPf>0|R?%jo-2M3?zqnmqr
z&?GZTwI`+XMyQyXu~7Ye@ra34Q~G*({D29{$}&pIuPZOVzq7MbTvlc#XHhU>`dUs7
zQlXB)&CSij$2V(p`8<7)f}g)meX2+~FESxP!^opRsH4=a;(E=V?}vd=>tNU2zP`TS
zMWR$xwNZp$k}L48I50d$l_L&ibf4_ya9nmaywDdT%WHeo^;$<qYVzZ4!bxPFPgcgu
z<QsQtMz&+QF=!9f8bg7@>s+h9tn=uoA{8;y#J?B^$f<>j6Pm}DrzQ<WZL4eaW3-^Y
z!BjIN+I^ykj?+<_8IAI>nNp*vA2i-<XdP-sCscLc>w{9-Piw`u{ZPq*f{Ry9N)s*H
z#`pFZ=nAwU2hrNv1o$iOZpxw-rMLjt46+nLa6ybsrj_|G35@epgQEd*#o=W?E6M1O
zQ3+SD(7eOT5CM{o2x%1l2*YpYwapta7v5;)8J%*uffD^v{4{FbjWpwv_BY33!58Lx
z5liG(#DP<du`t$_Y?Jz=6uUXPOV@^IXM>~@l-;>9gx<R)U3hFOFfvFA-c74Wxut$K
zo<5<%{U|&^g!^${!yuwY(F$~OfkTrX?J0RUt!Qlf>(jHG4(E~tqtJfb=NXlERDQm)
z2YD9BF7~?<Q!4kS3xl`0US2->rbp28-EpMDc{XA?Y|{snwp8yK+LdeF5Bf&Mm{vAY
zoha{H7<#Bv2|}B3b*42nwKY#!XQ9&I3a*NptaL<X$Ah+9y9u5Y)sR<Rbhq8cp+_zr
z&({D{_sL&&#-nD2^D9nHifZA@H9f0!^|td8Jw7G3w-PT8BcoYCDFs8Am7jXeP12(L
z$WFve$F07G|4st4iWD&jHu6EiN|dY1LQkv7xQa5TAjr$f7KC@6l4+}Q*1ircT0$M^
z(C?nC5yO@<OO;j7uX9cNSS3iNijN^euB#)Ii$mweAFVGxGuPK0FgD_-a^kK!vsoBm
z3c!OKB@9v=YsrO&XI~$JNc4F72?Ga~Gx>NEIbn)H^Vrxi3p|XJ|B)3ruim54{Ii<L
zsV69ieTlq&=>TXDq9hBtdl%F`uxL;-FrY)B76T;;Gy-QoqO7g0v+Wzy)YMe#9HsrI
zG&rn$BEtnUuM<VmTT1lBOI!{NHF>;d^OI_wc6~5O`R0RYl0{S#xRgA#KrW@&YEJ0c
z%sWw0QN%Q>88!{CmoHJie3_&GW5^00pkG{E<c@gW^t*2Myzt!9^>;it-ftP86x;Jk
z7f-jCa)fvnXm~w$cdwtYMXf=^)%KiNiHMZRYVC@m+3#FvJze@rZn&TaG=%-m@Lh|k
zN-_BHHmmM@v-%|oouDA;=Ge8~&vV9aSGGr}po(b|wF--fgJ65As;E4r+;WDfH2`BQ
ze3O?~wZitXObTyko=RbJd;6Uvey5I*k7d~R?<-n)oNq+a^Vpxt`A@-5$h`}->NbkP
z4-WRGlIMyo;9Qyww(aIk_FDrufNE!4iT=X!vQkC=FbC0v%_++<`FMEsxN2KRNBoh|
zg9i_8BOxs`3Z0}{r8HI-$&&N%u6s?ZDJs4JMJl3sLn-916u%4C_I7{!Fl~e-c!<sC
zuwm{1UtC<YzUUXWS!|mFStluf*8YK&%X7iEaB^ozgX>XgjgGqMiO(%^(bc~5?ROy|
zZ5t`d3ybZ+Z-at-f`ieJFiGBmxDz{euFA^FAN+lQe&K6G_wL*z?HYGNjjF46Vu4r*
zcQ$Sz-rCn~Lf-$`7KC#5ZseBTYF`py&!)}smReb7rP&zf_LNieyf}G*a>nW;Nsr_1
zq<^-?YeNfq*obW2z-I~EgZ>6ht^J=pxV@Gd!25XjF8CX`lxf|TSJa@KF{T=O+4<em
zYo~^F?_}&+j*F5KVXDfawb8>32jta9E4TUWMZ(Dh_r9_Bk80>9{;9*s<{D8xJ<!JR
zAbP9NFlW}%?|6mz_M75Em5k>>FN)9GPo<+a1fZUnN2MMGQkl%8lam++fp?}yk4=qJ
zWktwsS)?*ZH%yEaG9GJ`A9L<3RqdX%fY2?sA{iuz^G?L0rE$ph<TENfy!UHbhlUMD
z410n(a!|)8n-?m#{JcwZL==9SS<xMUs<XD@)*ivo5pm7!W$TLAbddt~yw64w_7fil
zGM^?MBVfMmp{-c2W@ZKm_naWvo3mEL;tg|5q3KveP?Qsj&Y4N}vVAdfMQ6*z!S|Gp
zLFuBvDvJED#i%LkX*zD3NVpF)-b6&Wp`j|8Vt6u`7og1ZF9L{E6keI{c%=yb2n?Ef
z4-%*2uAH*@EV&<g9%aQ8Ne5ghkazB%(3G_etb(X7j+5t;D8X0x3|$d&J=ffH{^X6d
zFrdbyW)pnHBF~xQIxHmGidj@nYo3_dCmSzVgx|Q|_$H~i49HoQhB4DIS5Ml<o>M9}
z*O@@+pi7Q<o91;5Nf!LcyXE^AGSy^zcCQzE8--4P$`L{4pP5GzTukrD7V@kdn{9;5
zQpVh(>r6vy7dkmOBdLdbTMPxtkj@7y!J-+OF8PP@Q5S)iF}7|N+eIPMq=gr)M9P)K
z)}S=8$r~%jP$`=tXLP|@V&c!DWBXWNzX+RVi*)QZ?HSQGp?IcbeNVpF(AV2DpiELD
zv~WrNW4VW-AuUneD;3<}e#U|_4_hx>qeD!aF90yOtp1Sm!c1p#L1)P9y@r}8hpoye
z+;PfPC_fZv%dZ@VCa*I3>vFyrxyXdcIREU*dgS-9&T0G0tEJAVa<T&D;Ok2(G5;y?
zP@+5BPF1EB8o;kO-kJ#287*K(t9==!kAnlGv$;@<zr?Y(|I~Jp0~EE6ZRp>-x7d#L
zUdmy2_SQpkH*^~to73IRqK9;J@;~=i`%_xa4pxf|d;8<KJou7bH`XO}qF$u8L_QQR
zhPJvU3ORIdl!CgGx8dQPsbWn_t0^i=mnSq!Iaw){yyFUTa^AZ!Ocg{o%AxK2XtTug
z(zTw=<le0N0pmrfWs(8P`aV#+#>U1O{ch{uAAgJI9MaRJr)S3%4<or51hOU;RA$&8
zQ025;kM%Y*G;+E~eu}apv8t*{ZEr|kczvphIRJw=EQ&^UzJPm<1I-r?AAhke2=}F|
zEIXR#s6&d7+j0Jn%E_szbhEL-)6G+xdiW0i`_zj3Z&D=uj`usmNZUK4iAxN+<XIU^
zrA<s|M+>xqQ<Sd_DoU-O01!)~!okA}I%>M`&3M(+DuyMD4*B}+YcrOxyVcNDw5x}u
zr6s;!%HZIjYNI)!<MyQ5dM$=UBS^8W4U{~jmc6>sb-9N&F_Sac5bX-n$M{UDa;bt~
zWAyParc3mZ!>-Sa{ErTIg&|B#OmVz+NR<{dbTt?tcRyYVW3M!y2<eIvZa%$>+Xe^a
z#(O(;yQ(C1g*r`Pn`1@#Ju$rm!cfFnPk53fefj8!YNf+w(T%pvuwYWsA`<bR&r*~l
zfKWG_=Srt|jfr2El+VGB8^}F9Jymb!!l-FnVR5oM73kr10&V%?kAhO&kV5>=jUpv+
z>DH7J*EQUM2j?Gp4A|D}YXQXP#P*TtWVO^(T3(U^(NVh}`BRalaZz@Pcm8^LGzc86
z%rrRL2C{q>dX~M0BqLs{@+;A_UW8aQ!RI!rE>i}d<L|=hGhZg6mW4L$pYb6P!I#60
z$_fgvy<$V6D<|hNKSfZ!dH+G>z}uGsQWo}k$vLEPMpST{W%cy|R^in7rjC)bYtRHo
z(Xy7z>!5A3$;>3FD{VW<EcK~%bDGWsj|Q9Nq?knuWJ|@wWUj79<_by0GFo!oFqZqp
z_FQ*8z@3lc%lO7$rJn%h|8fCEz`sr~WlP$3qE?_+SpjuKdgBJ5^xa0MX>uyBFK=jc
z)y6z7lN2IEwx&XPNEoTDXZN@YR5{!fA`8rPiPdl0yW0T&E_14m`O8mzC(WLslPlv;
z%0~{Y5-^)@DrR>`!WgQzJyvCi`*%NVA`H>y&ya+8CCD5!uB>+`cNUMxa^c5vVl+(I
z_Cn)`JZIW98O~pk+ZuyhKXL-+w{`r7-$$O5%gvOC6trgcoR`eKrp28)NHJI<;5vJn
zf|@Fuq$|{?h6`Z+#mJ|6(XtRjg<6#pzQT&Gipe4sJ4Pmzs7)S?IOSl@?eLf)*3eF;
zGt`QsnwiSnbq5u(gOO?8w{KA%h^3tHC4FkW4kcrBnd=C>E;~E$!S%WZe}m#;jV8sn
z_Oq)n1tFLD6T`l^*Crx`^{1!KQUt=<Y;R5TK&TEqybdiTIA_=m?icQ?ud%aG-C?i4
z98HKu%IKzNU}yu%hQ;M4oQp9fD#~xQGb~3wV+5}!cIlvBsNl8NBq*-GI@n?dg(C96
z-+R|dMjSMhB|B%+Df{f%ZR!wmX2Q?r#vZN*nbOY7(Lr1mX3B=t9RerhBm&L@8@3r4
z8P3-YC&jug?s=*GQ?T9HITrVExdc(SWvvF=J4@Q`2*L&GO6eBkz;OEy7%Ac5;Vt+-
zNUj1CwrcS`TXdwMre6G*l~U^R?aX9^uKsxAGZK5uOwXnGz&guvD;CH~^zeIKk-R`B
z4;UX;#r~6$nhBzocEu}_ihl!^qJQ=i#w8q<Dl7O=3W*o;^%o$1omIyAjNQfR-6;&_
zau5c4tKi@0(Ineok<uU<FiUy9Ui4+?)!q<qPikb7ez2)Su0`3{oHw|du%{?~={XEa
zznxS{+n4q1ByD)xD<edKxnccLeEKX?jgvvaS69&70bB*)FI1`5DZtz7BU_41Cl@eA
zA3Q>JyqCo_=gEjAZiS~ly$bL75&(i<M&;Vv5U8nY^b3)o%niKITJF)4!5{7z-_i1P
zjt)Rk@FYWRkStbaP}R04>wU*%-%(swf~+LsYqNWjk2A?eHg4CK42?gS-7w3iILPm^
zxjx=8_^i&eBQ53<LnnmfHvUvinYu)AagYBVY}!f7cSGp54W)!Xx6@;dq(0B73W1V)
z%ib#;l9guCqQ$tb&dTSS0XZEA^Q#9F@8K=qs|~aBAH?dLk72>#X{ot=Hs+IFeQhfF
z24?~OC6XC93}MTlq*iKF=is0%VzdKQb9YN3GO^>Ne=W`QdhZkU<zW0%My+<P<WgZJ
z+mD1^pT{P6OXxP-1d7a#Yy<(iWpF`i#%o?Mih8>6fi;`A*uQb^87TAv8Q?|_Z@-a^
z+yEGQG$FXv#1%+@;IXVHM$U1_-fDpn2`ajNYOm`r_lTJ+I>TH;&G-V6!t!_m7|(m0
zEi{ue><o#cn$y>L%WB7LJj6nuPCce6{nkf|^zpem@M7c(9C2^!{)p#!q?%Jtm{fqD
z#|r162k7uwxPVj@JfVr*%%jdsL%OJr=-$wPk(j%z9X|>msd|N}zvWD=QZ=)X5E<}m
z%S;3lxU6!mHHI>!2P@1}*6c^};?&dRN7gEO<Ag}p*VmOiH4P1sw7o7J5?bAn%tkLl
z*4B*kdOpOAZUx#RAMeKIqZ@Ipm~l9}d~xo|O^TiX$Dx7@8A7j|-&}5@qr6$7_VJ^$
z$#ihF%fSk%-IlQfpOokIC4ZW1ih#{M9nZ7p(d67ledfj--*=-c)ER{?_HL2z9lH5V
z3+H*A=XArxyM6B*l(-&km<n>y(%uDi{uLclEU@lCB~%6CO1QG(ed?xbvc;vPyu)!^
z8kzawoTw@fhPp9$f9Y~hu~C0AonU5hF}AS#wctM`?K_G}7+!3LCXY}MfAA&k6ef4b
zNP^np`Vp1u$4(%HMtxwZ3vTroJTRj~5mC$}!mXrU2rgZJ<~RM}G&{LfqDP!C@1gW~
z{F^GLthYMYtFdd=0+}dcDxHfyut5MD!-w|!64;3$#jd@zNbo!BAFdkrtcQ`!xODp3
zz42H<1*oqwjYt8WHLaRIsMz_mUQf)WQfOxvp<gMH(S<qp4BGzDoOM3(eNhW2T{Ldk
zqrOR3)E2(pTr8e<MzU2@H+Dc|dXzJ;S*O91l8q&Qi0=4BB&s<Iq`WF*k%O<vPW92j
zeJUm-Ecu_Drz^Ws0>$4>+ZRD?hf3Y0R923MhY=gd4A_7I+9$+W5}uzkY^E?4kj-L}
zzkLA^nyR(HEvs#r4l&`5PlH=1hZj5emLH^NwoI8jL4vb4*N&+Ed(SKM@Wc>$(Ym6C
z`=EXv7;ec5#J<P()8XGW^d5H^@w<Hrm-w3YD&isa(P$t6NF+<I&NQEU*|vKm#HqYv
z#>{Bh4)$vA4AI05WC~8d!Q3a>&zEmh7tjE#B<$4=?E{mIr4%X=3HN*~9d!2D)8+g?
zE&KdFj0aTKf2lNcxru+cvhI7e-(P6rk77N4u=GGUbHQmy(goMmRq0$)TLu*!!wzq1
zP>yjJfBDv7>s0ke=_qX_8ol6>AJ1aiuk)3jlqo5NFBOI+wl(QYMZN(S%?37Z1DsoL
zZ9_G<vpc7n>UQ6|=1ydJQ0$ITAair=6BH=vwxkd)+TM!iA3GJef!_C3-+fa|U*e9e
zj`&Q@Ulv@U>dJ<8sq$<t=E}G?U;MJY`ABxPbU!8Z?pxXfZ5{x30Fi>OkgsDbUMS8j
zxoG7AoKt`BxwEbs2cHMAzkesY4M^jF`f+fr%~ywM<<sR@<YG-)MtB2{qq|o(formH
zD*+M&R7XXU+@e1K6+&g$>7WF<-(f%d*i43TK%KM|Qyg!!S_@RieTkF4t2f84xx^$;
zSTq2#Sqo7<9ebumQRMVDm+NlGixh|{N8+cDNVOv4`+kOC3#=j~Ym$fC-EEhPPD+q%
z$6G3x>7ZEpq|C(G7=~uA@NR4$f?c^s4V*Rc*EyJUq28C=r~`Ue(yW@=%iJ#quB&Mb
zb}-Q4y!hb4LC47Oy+=P{7J)HXA?*>#vPx^)^fuy~7)2(kq2JGxU|};~klwoDCI>eP
zL4-K_Hr~R?BJakJVD(CFBwETHF*D8hzB+T<cs5~l{m=zITF|6?KK|o}0YDb4{iixZ
zJZ3X<?DOaVm~zeS%Fz)*8jMWl+`Lgb=iZRry%`=9lq1(L0N@M+AD?KU<4(MuyrXyk
z#jqHx$<?1O{y)5Z2UJsA*DZ<_DK=~f*af7C^sa~q2uPPMAf15HTLOxJf`B5ug(AHv
zEwq4&6hV3?Kq%6scS7K;sQ2E_`@izPG2VC?2=V0P<eYu>US-a?R``V%YtI!GJ=nhf
z?OVi+`vytAQ&2VZgt)mPgXS?PzxkIIpbeL@ifZ2MS{PBom1tqCP7$`2NdG4Kiu0;Q
z%ZaN|LSx|q$f@84T77Frw5a=b^!M$YOqzGe?;ftr_6M!a5NG)O+7RU8bA;JSSq|)T
zbzSGZ7w^0hFLjuiLf}cs!_v6Bs_S@Q&e-|Omy7EHarsXSvxF;DcvLM6pMQFBr1HsR
zYmzxV0nbL9Eetfm$VyC#DRrnI1ZZY@3-VeS&;J!h@H{H?7CXI}dDl5dmB1ZNOci6l
zLOTLwmaq_;wmELv2tdshC_>)dTKQDc3Bp9Q==ZDM4^E(KzYHH+x#1sr{`+;KsTwL5
zMquI|?A$XH{=m)v;5JmsPAnr-{JRLode)W|p*|zmC4rf|*Bkp>8uvCmKLEthVBbE2
zgy^!wQDC{Y=6VJJY&v9H^&M6I;ITI2@+QzyZriSrU!Gp8tZVWAVy2W~c<&_5H;zNW
zL_2n^%v1dC56G^pWe8849ZbIstN-i987R)vGjqzwrBHk8;;R4Yy|`Z+s{YYOP~n}L
zH>3n26ih*sSMt3TFoceQdsT~&u#fg#l_5(FCZiw8&t>$+K`-b{WEDY#`Xqj4<s_fD
z<~8HjykE>G-yy5Z@K)lnZ>vec8lFU0&d917i?r%VttjW7DAmyXF@I6fVGC`y3-y*P
zHWnaG1?=@|XRzvNVwrcyVk3wGcHLu!Qo0DQ{Pc9B2RVr3R3`aR1(=g#XXSikE|S0t
z5PXLB<AuH)>{61wbZyMcZui*PhL6#Sr-N`yU&Y0o1X;{Sg+Gj?RTsHyaB~Y19USzI
zUhYvB6$n?eCbooLABXz9b!!d#V*fCk4+~0GUWSVi^0Od6BNU<&r)-5QqO$jc8ZtAM
z1I~{h3Y4LC@@CsMPqJT%T+@OZA5B?-7CsQ_T0gCU-r%Mg&VB$Oh@oQtP1~C9C{cq`
z#ez1fnooq@fxWB(Dm5LueU9%kV8Pw<3hcaFZ?E;N6}~!nJt}#t{IH1~;`<9fX%^4}
z#^R$7oNM`U%3{*c`pJ)e7oMhJ?lA}oujl$}Wog$SH(oG0Xg5g!a|zQ<Av0s$FdBq*
zm2ln0s`oO?^=?0PDu289_|QpKhSR1?o5?hbHI35{I*Sz+4m-FDH`D0RXY@F9dG{90
zmh?jn?S8WPA*n)D-M19>12bZ;-5$LbjZ-eK8=ciD<+PuwnP1Kq&bGpr%Pp=BRr+-G
zu2L}wpUT0m3Pxf~cL@nCF&>hXlr)%XPYa@5D73~0n6;URr)3V%yx&}%@ly~bQp!bg
zLz@OE6iQT$RWCp_LrsRg!mx(AjJPVq>tze|hVw(g%uwQK>-AX0%8GsLTP&ME)nhj|
z;cOkOuT_7kdXYkwn&H>h%W7!bsTy<~;INNvZ9Ua8B%Pf2A<1DseK=1Njy`}~qyI`M
zL%MOgZ@ZB&lOL;|`)P(_F!=QMTZ}$5BLG@X^cGkY5M+ShT&U-mJ}>V6ZF{LnEJzuF
zF>N`jC!@lIXh|?Ch~>L<X%BL)g3<pB&n-(!R!H@sRYS|*<}&2>oK}6Z^D7+{O$yS|
z)hTGVXAmFVWv}?*Gk4v*J(U78*H>I=Ahb1K$;Azl-_J-u2p;4aQ=zt<c^+Lsi}6xZ
zS947Bi635`^Yf+f<1}l%7BsE5R?k6eWie3ZrQx2hmezu++258TCza9|Q^k8%POhrh
zc6@&HBw8zTnb4uGr{9v0W5FF@Khb>z>$>8dk#UV(yX^j`Zx~qO2l*2gc2n&KDZF;S
zeED*Hc&UkXwsbMsZTZL@|4p%?($Yi-+k^_OYce%%B;obYVm?uP)(LP^Rs=)kqD0A0
zpRQ({N3Kq$0KA(v-yN7NFA11;gO#mK`bMDq8S|Y89#`spGz^pgHv>bZjdj^;T|wkk
zQhtZOM$EMWu4l{kFLT+SMtQRl60RsB&LdvIRxqZKzk?9-aoNvai{eE%JI6{=nIHD7
zyS%wKW9)$-%1Gdz%G&#neNfg+v`F;r*iUuyep1K@Zs9DpcrvdqTsQV@jDTivXpV(A
zgaTcV<(2}ci%+|*eT?_vP44`#&)x$9W&U(PVP2LO(v8i)p0#D5`shk@vm9^-nGor7
zK&)D2hOc*hmvl(JVxVu>0o&bhjBe)`t6DDC3WOYe;eB-mwI<u|$<CtNDdS^XLk<(3
z3yzF^S2I?&@+00g?oG+W=!~C}Vm+g~P%mvFg!A!QFlzI#Dv9=cbt|i5q&XN=%A~@I
zwkq-^?|p-HLTn#?yu1VH@;(HS{;*II&y|(cAZ-ksoL=C8FOywSl{k&_&O7kL@QoKT
zBe;Hk6IpGp4NU{IevrfO5i~|qCG|n^iY5ctlDyS4i#0DnL(oZl-8OE9Dh3DaVc$Tx
zXX(jpWfgsGZDZqft-Y#!>QL%*KIgW&{#oS*-D}?Cb5OXTd%m?Ms~`@WKw*+K_5H&=
z^yX-+?)qp%I(-cYxzD;LMSQnwBPkC8U&;+>cRC~^i;6KKf-)*4dzXi@MibBIk3HPc
z6jE5Gcyg<Kf7Z8jLWJlT=7}6<LY7uRFSdmE!43aLuv)L8iB9SYFKvn<Uk8*{h7DNh
z11TJwQDjkHjLT%~dT*eCd^N5rV8Z)-`f0JmZr0d(s*yDxn$6+fQno6Yx|#&PFNf`+
zU~=AGv3prNHh_YX<Ip*CyG@EWqqyeQQ>%7Tj!yh6aWGQeUS?TxHJoXpkEX3(rsH-f
zaRcCUP4K4Ydv<^T9fSj3Pw;o1*Staw6^Iu$D!rhzpMUL+?emQuS%yS!^Jb;-tu==E
zPmIT+)K1|uT<OP0--&-AWX)%O36uw$A1=_%*tUN|y|{sDJiu9koRtCNv0ZZ%+>-vB
ztQ^ZSt;NWzltff%joq7pS(2OEkU$ws<ZT^atYZmK;5m4u3ux(r1?{N^84VZScsGwj
z>Gkl{%WA;<4o8@vL(1kbcvRjxKY+qibi67>L?{ZvoH<dT3Otrt=K2x5Tj?o%M6b$$
z+FhG*u?6CCN=ixvv4o^B-Or1(VhK=Tz`1p|v!Q`%P9gRc-+)`&@Q9TpKHaV#?Y4Ou
z)n7t|+*}UHd@(*W^i(6yM2qr#b+vR8{|7^YgWt_KDIdyD-aClfIl9=vv1G<2T8h2B
z80$d$ip-ksadeKF5MrQAn(N2+;o)alMmZnKK6&mRAuzskPs5rHeLk~t+SS$7ZhC;e
zzjRG}ZC0eYz|ZalH$VRa?ds)<sbyT4UhE4bfo9N;qx{R4mpKo|zG?8=uAUXNn`n;P
zT*ml?JzV@w^X20iGT^NAdlqRYfHeDV2nlC=P<Vo<@P%8Of>s0SK_r$%d+TxC@n}Kh
zJ|ba_FV=e0#%{V(u5Z7H%WAM&nV+BEchRLquJW#Jyf@W}N=G7t+u>5jxle!qTXyc-
zwQJWYQ8)g=xo)!$T$9^K0!z$xUu2bR=)<KkHYfMRNB3M-R9W@PcbhcEX0$$l0;?-_
zGrhDFUfaUBq9=x|TIIXpfbUytnj(Zwa+LE^1C?)}6>wVUM4QRC_v_)$pFekDtdHb2
zGbprX^O`8NpHYivY`>%0<K5{Fp6I=66T_=BJTjJg#o7V#F@gXD>#?b+_`f(X?nU(%
zHnqU2y8UP(?*cRf0zfK4ErWKpBORR#@?9v;eJ0=R{sA#lKY%+gm4q+<VL%`0)El1`
zMi1R(3O3IU4ec0=ug*}Fx29aad}bFEXuSB!EP0U+%0F=zn^iSNINltCl$5#WK5YxN
zT-lFHm2W`xc0kMNm`8c;cY@J*ukL82Xa!avH1>lSEmi4M7L>|mFkimQ(H;lv@MpIf
zHgCoBYdN<`g&4=fD0Z3#kTp`OqdSc5c<Eca&mTDoy`#S#V0spuq<Mn**<NOfyZh<n
zK6qppXlYDuciJ<TzGtbO>P<V8kWEo^d{;<<-X1fhTSxC6J{o!O>7!X9@eS3X#+XM}
z?gdFNx`;A3KjI&cb)6Mi>l1oA|8+bSdF#vG(|i4Ff8=XD;h0q_H#1Wj7j!8$!E#~8
zm}{2umugRYd7Uz+Wz?smR11Ekys=ratUX%HR&4GwxhOcqpn+fP3w1avkeGjLqppE(
zG+jq7tV*r)oJ8+Nq+EYuj8tQ)k=t`rcysrht&EE^Mk!!?@~MRZcjBI&yjF!#i>@~}
z1cPSO8qBE$EWDW0)WW+)ysU!)M<+`q%JDU!muDITGe`$fyZs{DMs1DR)^0P+ZKgpu
zV_A8_H|t2kJ57C2lV_}xgfAQ>atIlrtUN2(t}7i(yktTT#tf^|+z_Hpn%8-5wV#jQ
zEdH3Fwe2j9p4pT<67MZv(JX8_c3(rd>00IZ(;FM14)h|4<TVsr7kFP#hb#qgUe-RE
ze2zYw;{3ImtQBSf(x>rKrMnUny_e_(BXa1a8Yk|RCrxYfxRqEd#9l8T)Sga?`KBH&
zv3D-QK0Pgxrl}$b6;N-h)$6kUN-1zWEitb|>izdB)SX_``YY;~I^`Gosrq)Q(FLDX
za>lCGhGvQ|J8pN><*z-s<K!~uB)5*RZ2p$$N9?0zsxlg4b@P^U8UA{xkj)LThMkvX
zSwAFQpZh3ste69XW5eLGwzk|ZU%I3c?kaZiqE46N^q3-Qt>1C_gLI&5(CSQo#sF3%
z&yLrs?>3|R;>#J7dbV~Np$0#$xIN%Hhpr#ywXZwg5V7Q4!%HK=eRFNV5#43Dy*a&N
z-j<vN&7|A}YsBuwX6`*S<{G>+(!huCq;X%@_w%M?uq@>Wt4~T|bRXu)7*12ZYOh)o
zP-xGAU6xvz#^VdEAiPOeP6+@S+)Xe=L3I1U+bbe)Zg}L#%Amwa<8R;U>y<H9I*2eY
ztG=R_qM9WtlEm_>92^Qn!pc&K+s3#atFnQ?@LnS;jF!4yM+@)$sU~-nB$lwuytqxz
zYxe??+#(lMq3nO==|*Db9ItgJWSk;(rFN6)UAper?p4W#V|rsxG#V!{V8N%4c6jci
zYRzjBnJdVFB8xkYcw`u&-vsR*|L)zpLv@1r)+Vm~Cpk9m%0=;FQ!N~zGNZs^`t*Cc
z)2Gv*(%coH-tLxpk}=1qJ`}gFS9d;Qy!rgf1PY7jU+FKkNNzYfA?aUwiMTZ5*xpjV
zH0(A~?Y|Pa*RJ|o#MA)R2hl&)5XEit<v<PrTWq3`^Yn{JW3*xlUe`j%xCzELUcx72
zBk#xOwbW9}Fk!Tq`%}$)OAX74hA16<t?iLjdM?z;r`)nJ1;s96NX0#7F4tB3j;OLb
zTA(da_zJHYaC;;B8KF%e8QFd2XvPWVmvK!Oo*!M-I9GV*MRvuDQEpkStQUvvi}URQ
z=X|e4PWoPrQth@l#b6Gmz`j5sm7$r)`-)n*aw2H|?yE$;=Cn)Z&jreiB`Jd^9{Zr8
zRC0G7X6T6AP84eIoW>iQP4(WBn^H=-=Sg<d!b?ZxwS${Vs#O4si@@sVL2otD%<r2U
zvwDqeG25;FPeyGR+XE@6Oq&l;6q%pgqqJGaNx@~pyI{L9>sO4rj6|nuG{k57U%1xi
z_9~D<B&^^=bA+4hG)?sO9M7Tbq_+BDXWi4HG|zobh}vF!{_$nnk>NM}dHhrf5*_Dy
zD+qjoeTwrMnUrERB#VVRcMCzc2i17nN660Jz+U=kg(H@JZ4teV$=@2a|Lkebpz~uq
zJGV7|l2(*sjyg?oq<RW!0C+9CAK%;<z`B;PSBN;y`oyB4Yh8gEZZ#pWhW&jOlU!uC
zNwBP(bO%q@de_>Bg0SLurCvqFmMO7^9@_<`Z>0L;?dEz;5gYD~v)K-Be<#Kg83Z5E
zEi+56`Bx}Z!Ng`|y+^vyrL$#~<0H5ahCYbb!S$moToZYNH*(_#kej{xPz-{0wbLt<
z>1*xX5BhJIt9XUC(TH-#*KP)=>m<1>EEJwLywTbwvRjM;(O&DoyjelCFG-e<%ATLk
zb;m;n7S?6yAGkI9#=vv+Qrb<=eP@Ipy?~ZY(~4_tv;8Q>wgwT`&Ev}&$5YzUKoH}c
zW!;sHjh0VQQdUMx*StDCLcF2wRAg106o&A4a>wOPv2cBz?E3~ZOx+BCrX{V~FmqXj
zPtkyp*EKY(2-KeaIpNNQ6J2^7pNWb@Bs2R|#@|mnH~mci^__zrJG!$P3XE0)@yCj-
zsG_2hIcBBPgGL?;cV(StJi+Scur$ikk)m<@Ejg2+yRNOuRh#~xcUqC1kHpDTm{J<U
zU51w`gD66!a+p31r>^g#IX!%2omqNEGr#uYJT!~x;Fax}AG#>B;z$AC1t23UtE_3B
zuB4<K92ArQ5e;r%y!7IkTIJx?8KL8){`I4|Y+`ovad_hB=qR&@h)!Bsnv5JXe+v2j
zpn_2!MmNzE37;Q?ELh=DRwX?tBc>hcA$m1fv$i|9MRuK%&34iA@$ra_Po8G97v^pI
zx}T)0Wob4yO`c%WV&N^E$ZYY}pUAx;XGtzbla%5btb^JZEv&)VjLNK(&Zzk_x>r~g
zEmU(+k@Xin@kA82O{z3$SuHq=IrcqCK@94eo2M@>F1k^Wv2wdChx>`<L|M-|TRA&g
zlR_Z6^`3k)WgZJPyVqkmo-T)s&NecInP@m4EZk^IQ%*4;U!~(V9W0oIy7<-FR_F{0
z50AR9Lyv27GoO7_cqY0lSjDbL0zD9tDxWjgm5WBTMElopmq^U8@KIkJr*D6$jbVRz
zpv6bxSokS%k0f-RdQHV#+r_Rbb332jldRI{x9W#kc?^-EmzXcKH{0@kxo%4KtPUyL
zYQG-lCel$5AZ6TUzu$)YdnNbi*hyBtZOg!t(ZXQC^w{Z~x$N57yMYg*CH+pAw~o9$
zPD_i-{*icD)^e>S!*R}oq3wfV&GMXrSVwY0RQ{8ZJ2@I`<d?ysy?Ik*BEDAmWnr?f
z&j1%I;;ME{jkT+5x}p=NV{mk|TT4w$XsEH)Ks=IQ;8{%ptvqW-Z8qG5_fwyJ&*n~;
zaW^0Oytk@w?ZmSE`#qoXMu)1StkMtLZgMetnvP6$<e_s+8l8fvPCYI~RBK7g$jf)W
zlMZBFEH>#VRbZq#!=2haSSfyYDQIDl57E2sMst^i>j66(8#GsPNmC#^5sX2ZROh#W
z3goC>sVp52OCe$={8Ua;+M-ivNZ7+Dv2yLw*RKy(eW~shm1ykl!~DE0WVCPkmF9wK
zH#e?%>oc|IvTB504t3jqU#UVaJ$`RxOz*~0#Gz*&(kU=zlT%-&O6oLpFuZ|ESqFCW
zc!)zxAtUrA#YgOGb0zvwDoQ04jPK;&SGS~?+R}$OzD>T=pr#9CpV+4Jwfx+L)2hT`
zRc@!o*H1ma)_$I7x15O*u!zNFOIz}YbQV*SdvhIQV93_5^q%(TGj?r9uJ(+d;WoYh
z$@PhD>{#Q{H`7j7?&$zwhzDH0aYOlrN#py5XthXf>GCYi`=y~f?t`IdbPgZhO?j?t
z$>F0Xk=o_pmgS&CbN7aUfq@(KfM96IXu+%j*G5wEJGB>tBnZ@L4de-e`wa{YkOL-B
zya;Z<v>S-?l^4c80%gu)J*#a$)h=yV9iZ$(O)oPe9OzP<ax`Y!NQCm>!G#h#7n!<U
zX!5n7pxt@9WdQN^L;HQOFN-eCTQ|{|8FcwI?h7l!$kGZr?o{rsUqe3F)kw1`EY|#X
zP{B3+5n<2a0~pMU?A&pNVa{bcOv%07amOXqY?+3F-rL@colIE_L9y&SLu9AYWjj|M
zZD$dEwu}6*U2l6}^A@B0-5{GKHblexx5Mj}f&3!<Spm1`w_bVYcDR2e!+mVpSQ?8x
zw545O9)gJb`tc??xeX;VGxM1nF2RVwduBH%@!Jo-92v$lI>m@0H7i`#^|N%b=_&z2
zRrL>eQt@%^)l=&WBT2dV=;-LU3I#CDdKzT)j`D<6(W6JF@X@HvN&GcI!OcDn4ZmE6
z8O<!6QZ-K>$`+Wo8NfO25>v2#TD!0^LL5-{^rk}ObPT<!6rD@dzx7aUC-pR~>K4!H
zqQ+2=tS`+M8k(FFDoweIM=h6X=C3nL9QaE2bF{=SkFrhV&GURh$KE=<`yA()+dfk}
z{VMO<JE_7Xxy~`YaqaEu9Qc+u)fq0ZCz=DI3ng@sw%DWZ<_+6tlNg%X-u!UmDZ6y9
zVdQg%FuQiv@Wn6qJhB673U*nE`*ZwTDjbOk=z!RkPj5H4*wUP}iz2JMrukMbs$31q
z9AaXWmX<DA?X@UC5jPLjVXX1l^g@Lh8hK-yobItwLJ)5jB5*o(J1Gk2&iDEfehm-D
z>;yYf6%C8E*#(Zp^yZl;yy@9rj~jV=g_e$q_8478J$var_AuF(jki0}Rb>^#h`|a3
zvBjk$xW)JHIV%E|zPx-ZYE5@q!`@wf;qoCvBXryO^XDV^7xZ<ID;=BD%agsiMzS9e
z;6*d!==jWL%ba(i#Rhhd%H)18z`QCLIx++UtgDTc5m=KYXsGEvLu~(=bt*;!&qNO$
z*>XN#pGy(y66V&lhwNi%WXD;TglqLS!^2zgLJ<;A6Y_ln&m~^<ptzPBDM7Av=f>d!
zGM@Wr77lC$zY7dQWda3m0b~h-y@U_-q1w4)VEd+d#6kXqDp@H+nRjMJB%ng}TCYs0
z-lV&PK}@S<J^0X9m~B`SaOS$rJ9u{%^pZO?1uJjT_Pq+$W%Z`9Pb<xaedg)YlcLts
zHpQ0pTKSe~x>%PGr!via(<94kcR`I765BRjx;bTGx6)^k4=xb9v?`=K?h=o6U7Kj)
zsK^|Tbr+4R8A5zrY(Kt}mpO~aG!>SCKNOv-#8alz-qiRNIs6JpJ<`*Q;+k&lao<)L
z+G%*b0Bx-yN*#R=T6Hcu1(+$&zAo2l7J_yKjAeJ>WPgf+_-5=4lK{j9Xi&2uQgK0q
zp_oKWYnD7|1~6=lJm&cf&dZ8(<H4~*wxlUjIJ&)u&B(~ur9s8y>h+fLCXmofH44oQ
z-%0;s+Y8HwzP%i|-^j>lGOtOr%_0Xo#WQFRvX_#j?9%pB#YB%4MmobCOYi}!7Ge-g
z=+1eD_g+_ZVGpay%Piw`|8+;}&^b5JUI(_f80&MtKcv|8^D+v&yu2m@gl3nSni?BB
z+nJSx>j=v;(>z*{Vle1NbWEM#p)ZhsfA@^_*(Y-#)(S_DU6E(ajlpC-aX1<+k6SF5
z?quQP>q<eo?YQF!_PQ^nUlxwy3av)3q<^<9VS;a&IV0*;q?WCn)RI`^)IWQbV@*<;
z2RlrGTkObCpPV0pC2j)2itaRf>DD5P2;_7cV}7mchE!uTKTlkIW07wnues>Sn)#2S
zCy^o+p~ej^Sebwrvq&yV&yNZ}cRJVKnS*Y^QJ>}KJcoqPwSu*Hx>eTCGAt@8gH{i9
zI^WQF@Z+u~Tbp8E9ri6hBfa%LpSFmHTCpJ!X_ALdp1_Gh=BB*8c(S4~Ltla*%4gXf
z=TFDCZ)L0TTOI3L6w7q<s^o(Q;i$FRizSm|QHW{B{rvNJ5<UUC)4D_g9@*=In}IGL
zH!P<?KK%~F4=lv;`zM;X^v;T*ga^l~w|<T{8I#y$s!djv4o@-qfM>52c8mSo>;a}S
zd%CZ<dj|SeLm<rfTGZCY#<Ko~uf`Q8P(lkvABmPdSlVxeGjb0+D{ujWn<?lov7cVv
zFhOthDJTWiTl537;Y*Lk47k+KUG}HrwM-4~et;{He#_9tQL#0=R330vAc0M*aL@Mc
zQ{IRLfV_Oq?ue(ovegW7_|eVY#*OSP1kp(0XmN20xywD6mFAGvBKkoOvND6gpC}E4
zS6#3)o6D10N%&)RQyLEChkb}S>B?<N<S5j)-)m*@$p@HZ={EBwLlgqkdhTY2e%>Ay
z%qP!%CrcY%$4eMF9n4-*H%K714v``v4Bl--(JC@|069*N-R`xxDdY_n%%)hIVYH{G
zN7sF0d8KQ5WqsuB)>I0JY0hvCI^arv{IH}dLV6$`8d+IoZ*w~5CM!f~CfK@8rKMO-
zQ=2?8{r+O8x6E1j4WYKKt`%l=d(x79B>1e4HDaBz56vAM3PVxLEqje1EudOI+8Xji
zUbfX^o5&OAE`}toY+k_BH#BrCj@BclA*47pKjJbU?^D*<kL-$x6mcy?ydLh!Gg)bs
z<(R5Esrw!=Z6|0io1?3`NsP;kH5$)QPRT}W;C8lBY;0{s#?CD5|2YP61_xD|P2$sI
zH*Rp>-_d|?l!FILVWUn76U2)e5d&dWv;CzCA2<E{{Z$`5dWTReE}bivh4wLuVc9yz
z&zwodx~@))D2NtP#UA2i)69S0u$#}ensTP^gEDwg#VpN&;2;}uyc^N~1Z%in0&3QM
z5XGkXs3Ox<%{bYc`gG>BprhJ!XO?Q7vE0l6Rtuh%rhW?&aUDpY8F1IbBiCZ2`oUb0
z^8A&FC!PSx#(jBryQ)1vv3jVox5B-GgvTVwim`Njux^ff+EtQ*M#=1~x$mSTt8;e*
z;tI`ra*a0oF9w=UH0yseWBk!uAe%T_ETyi4ED&^@O}OLF-jNi>tJDz5V?X@mAabqW
z7`rxGO3M5Ygu<ELeOuvB&yfv2vbXWzk4NYJ(gH|HM~WiSLs_@O1RZ{))<^M%2;sA!
zTEY~BR5Efav67&sj#ayR_il*00#k;GM*Jo9AcQmIBvvyxDG6^%RbAcKP&UFX2(6o|
z<)R|Qehxhu?Y%f~aeHm_XeIT_u0BQo+$tUfBb^RWrP<i4(}gSGG1TteyC+Wg0Vqh<
z!;b>C1I^I_)+$9$%ElrsR=!?EcXxu%(uS!_b60F(VTA|sp9?h;89Wxt9g#e{g!n2s
zm%kiSFo*Hd#T@)DunA&H@aXl^i}e-M_v)ciZ2h`QwE(glK%MHjhaE7-(;#5jB^C<N
zw_FUb4&;JMXWqv~NB^)F?LIBGjk2HV4dHvv<rYe7-k18JtE9bM1-n>>{`;yPnC&%F
zD;QJ&l<k!FS+AX67h5z_h|-<5V&rEUB#Q8w1zos!k!ZySOFxdjQp>tjj$X)NxwL<M
zVU5slyc~Yr9L&qhfTfpL(JC;=M60d@BU!oV^~cQtJI@aut1sB8<4@tJR#n%_VpdKG
z>D?X~9$pS~FH3_g|0FgCEd50J!ie)lCLfcCOFDRLDYPL_N*=HMZ3V?8A4MA99K8DT
z)I3z)t2kh+`i1La<WpeI9iHDdFf?4L(@S3O7=s3h>KSTTo(`1s)IPdS3zxyiZuX6R
z@?mIwKU7Jag>X`Hu8a^nTQnkH(JOMpIhXW|UcjZjP?VK5vv$?6#=oteLr;4Z3;rym
zZXIv8)G*bWWKpa`x&+y&lE#>oUW=S-7cL~I5X^e>(?C@H4i*Z#A^{RV>|z)*X+poh
z?I<8p|L$34+uNOaA1*P4-@b{A<&00I;^FnLHgi9(MTJ3Mzr(UVLp^6mnQ+r{ziTiR
zooHVQp7FLy;CzO5P>I7#I>%0)65oK6;Tyti%g8?D=3G;IlB~Ly)OweKQxVeH|1Q4z
zT}jw>S%^@KJeywmEx3YfHWh4|h3%OddG>%mV)tovg4Yk9rcb^a>!zffEFS_$j05F3
z$AeS=;+Vl3PcK$0Dk@e5NTbV<1rGf#Kv?&VQ-(D}@pS?7@(ysvHaLRp3`6+FT7|{p
zcd_HH+SdyV-6F3Z>Bt~-xNCefvmWiZ=qA+p0@{cOA$sjdH?e74%&GP;+h$h<w2=5=
z;3-N^O{kEiS-bIo8!T9!aYLu;9M+ny%&KP8X7WSL6|<GdoObAAg|BX?FY20K*wE}l
z!dF4eRxYKM;G24OW-45oMe8r6L2$Uaj7QT(nYB;axdc0x;*rjCEEyZN*SoN(CW=l@
zMZf0oeV*gn<@N6$jMJ0;e}C8UwUOzK6^ERr9jmooZaK(B+qj#cSk4N5M#smmoj?E7
z@BY5lwl@1g@m%UljLk!68q$PW8JW&lvDUmMT8{D(P8q2QwAk4u%18^u<+pP~Jd_5}
zd&$;feaEuzwcP`F2!Qfk*VsvB77EhRl`#Rs(^VOg^`YrnnAzePC<RC?N4nr<4RL`u
z?7r_k*X5K!V$>dsUS*no5Go(bpJv{X&YZ0)QdL!z29prpmJJDJo!yVTyu1SIIo%}s
zdu_m?jW#-FINW<R)tQw6bqLIYf{_9<KGD%<;e#b2G&Jh!zNr|iC9}3E!O~RaC?C`W
z&2xxp8bO@ot2(o^LPA56M`{AT9vQwrJE`4~t)q4Q!*%nX+>oh`j2a2PyJ(|OBM7%B
ziTQ-9Gd-p10s=kh8hObE<~6BbjpXdAXd7gBB6j_DR%D;P<+7emHq(5xwTCp=D$f}W
zkXcvfk1-8^TjUvv-!DR1uH_F3qj&8l?EsH+cLfeWlOEC|RkP0uV~pL7gqCap>et18
zZiHWZm?8FjO_3Y<YeSrQIG=Sks6(u@x(aoK_L06%hV<|_XLRb$&B2t)p@-bRwy=bU
z?JQqyh!TR+77)d3G==GreDAy_9_#A3@5Ha2;C+uYLhrQ&SCW8<su#bus&K+`Y_)9?
z$zYGkY0FPj4haexURe`%UH#G0eLZpIBl((ZKVBs94r$1r?)`lzxR|rlr`2|y_Wtzi
zIM39cxaT{eu>I3Z6*w%f+)|&O^a<3Tlg%T}R<<cB1Z=h902oXjv%Uu#8yhmBkHraV
zGs+GQ4sQs)Fa0}OlNhgEx#IoLXT9)}xiIlFuON#%+EZws0m_mo^(b{cWJuhv_!iFU
zSzmF|z^^FsJ`b3|DeT$+$u^$;g_x1{h}J)4bISXC8~16dpO@i5Q5_NPq&P#MITcss
z7nX`Bb)dZR`vS>mJ@ij;u_~c{-aZzOVU(Ll#lY;!27X32DjDw6f8l5zA2}QhSnEoM
zx<&pEKaPBGk_MQHY+DoiiRPO~!a#aa5&yo!zYp(0@dYN36$ZyeDdDZpd4aUqBX0YA
zXP3)vF~yM4u`$4{4eKC01MY>EfgwIMl?enxqy<88@Sy(dzs@o>j<x>6$WKoZH@tOt
z+Ct>FqbBW;Y6&-6{}hE0(_g#){`)Mda)@c&D)LI=uL1k}<@>w%DK3itYvbW)iepH@
zOJ8$Y@BEs+fA9Wt7HEX39$q&)weR9z6aDwghrdu(zOKy8w4MAF#sB>-vcqM!zOEir
z(E&YC5N@VCj`h-|+hC6=ssGspp6!Xh?@g9kl0DV^snBh@kdgN2Q6;OIl}Z||{D<4S
zlaiBD0Rx}vC=EmraCn<ff4o;kBh=_C=c{KQn|y;;Za~MbWFzOSKtDg_m8lN$PJBzE
zR7gyWjxll9r;pqXHh}3shCExkHgKpelvN`E@?Tx@{nW$5e;hM4h{90hno4z3r4P+?
za+DRTP1M53To*Zw=&9G+_uAU$^(8_gBd6@6ULIrY?0zy5t|;#DZ5@ZVtlt4^SwdWW
zO3QNpr)mECu)ASQ1z0+FMO9hda2(Js?w|Eo#ylCRzThdE^lb1x+0#5E)W|JDJP+CJ
zKW5_R`_nJAaf2DCqS#uNgaEcPQ{&icBwM%`I%0S5^|1QU0(Mxhe;c2lZ@GV2;OyS>
z=zuyWn?onH-9C=NIIPUMyVu>@RoDIE%|%2#&;%KPocwKRe!fjS1kA=I=63D|TgAAL
zs=APC_WTzmR)$Ap%K`(#*o{KTMjt{%OF=`^<vLfM0X7*h8wnzTrWs<8)4y1Rzb;u-
zH&y>s$l@2$Fh5xv&`Kx-{tqG)>O69${oeYfA3bn94?oUOlD;eZpU0NEepyOl?mkpw
z44=9crt~&~&vISO=LT2!<$rb}Jv+yAoPA}Me}^&T>(DDo<Wd9QWpgNOaWnqQbpGD`
z086sji9IMaJGcr&{YiH1!L@SK_J#>^VPl+O^!kSnNj5*OD#W%!jh;+&O#UUvRP2{0
z6eE%~%n3Ui<7j(uYf3^s$|)4pY+_;+->MsC9HwEx3OX-7x<9ZVtQz>EcEG;t>_qog
zMzeoC%Qku4*u(^C|K2+OWdnYli&5jyV<weNe90WGDwNvhKU#qAWH!;ezg;zso}Orv
zQcaPkN3Rt;`g#<%D2gRa%wTpjh7I#sWg&@eP7k>j5*eEAX=VmlLf2j#H^^S(qIBa!
zvot4Han|ZiPEH>P4PZrt=E`Oi2Z|I8S0-`lN;ky^!Rv9uz#uWsOM6G!vvphxOj~YY
z`W>Pob)R_Q$4QPCAY+r>QtO=7*4BJ?eEFf(IY8rpSu=+)a32*zCS=&5rdy<>r>SCH
zyFQF<=@bUC>Xot$;}u3uaY$prE<ql4AGny4mM4b~w4}BqswUo{LT_@*DeJit3$~X=
z!#11hb|xO*sosk$wCa$7_jHA*>!xM*mxOE}mq}~gs$Vcmt5gkQhQ;t5xHBa`a_j9X
zsrXVYx~w2=xG7HH$P&Pku(5R;FDYk?Rab`nbY~&LxG6Fzx=r9@u;g>8i2=gwTb0B4
zrN%4fY}!TQFmy!^Ga=|s0BFo?{lyVqU*E;<HON{E461Az(0mGF+v_96g>T-xDOs$$
z){&`UOLa#00dND%b1c87(62u-a{8|#^;P5S2X1h++9NSm45Ors6f!Er!!g4^xz_%*
zzLB==ek+X2@&xLp2l~>=be96vv7_9Ong)_c`62Dc5iwBUIrUaS6avKZ4A7FJn>r@#
zrh3L>+jzRPwZ1!uZM~P2*hjO<M56QtkaHqQ@7_&pFN_p8&czxK+-5h%c^(hO8DQ$0
znz~?lu6)`*H;uC{U)YF-JZ1%2510?e-2}g}kk$ZbM?ytY^rUU`4A`jUK~I{=)m=o9
zXNNCOE^&l1U%&pLn`qgSD+x@00?ExPSLl@3b;!DJB|=apLlo^UbAAhOLN>(88y!|)
zmPM+u&Nm1T@oZw2st+DKDE>ww<dt*E7EJ;decacC{7>KLEcC}Ltv?}98$Eht`uVw!
zFE$iLHuAb{a(4M<q^(h@!)!Ztt$%vq-utD+dUw&2mf)W~S{3^ObH=-HSkax*ehV;m
zq}WAxZPcL@enNnoc>a73`#(OXF2qQ~MkTIDA?IGb%FZrw%jvO3V)OXrhOQhf6S_g3
z!PTdNu4DIJ2F!$Nx%>={u8GSBfy3sRigjHc@?i{i(nf*yVc+uHxN>vKC8GY~BkWd+
z*v9+*8<F$Po~XS@nZ2@)#CEo9U6xy<+<LbG%s(SwP^1^3W&(5VYtz<t!dM%L=&-AO
zi1rk{YzDaP6b=&zYJ8kh)HoPAsQGKFJ#ul2dXw_qVszVfZ-q5_b9Hj2t>7ELiz1Hr
zECAJHf*@K=K@qK%m?xBj7~I{0jGJN`gnl7KzbBuEk|89ow8#iY>D+tDVLA>Gy@iNr
z#jwc8bh#+ELqSn|0H{aQk17ER^C<H2q1PgBqg)loS3fT`P1nA;h{Du=6HZ?ksc~i9
z(TT?3w^LT<@Os~Qot>Re+RN*?Z5Nko<|Wr6pkE7*OS?#+hLB&L)57r4g17HrjZ7Dh
z$FeEnpv0Jj_-sz5pm&Sbzzk=I<yXuzX<%6+WR;ECN#6_S{50nZ-HvL4A@qKEjA5~~
zVzMoH3d)zuO8;0yOtj#w&wm|%75>Sp_H}&WsNV@TP!GGfl#nb0!)T?{D;2XnHN0Tl
zi2Es<=Z{=$C&8|m7=S(S1O<6{H8tb0y+$yn(oZt#S>pJN!&r;ptLvu5Vnyu7V;s|@
z0_lzeByNv8spodn#J4t~WH~V~A4ym>AiR3%Pu0z%0Rmyk0DD{^g2&+dUH?-8N?BT%
z)slX_9YK-7rO}+W6pJd~QBggg#rwUsC6`b!Gli)F8eq4)t;*tk5Fb-HX7KJiA_F>q
zTvsqfCFgM#X=<NDrRe*CbQI61-09!1EVL%M03xH3p~jYjILWachHwTk;cf>v$a)iJ
zORdY!@K|NOfB*i_6!bk#yoz>fb&#H_@;eE`u6G~M`<I(o;838Z8m*|L6m*u_2V%mc
zo;>48#+`7(Qex0$S#JH$x6#jT!@W<J4iw7<<lc2pRSf@=TRU@s?(Gm>JLk*F$&nDL
zGzfVa>;dNMcolKO_s0?mD1t;4Xxz)7Jpv2~7D{YaD4UiH_Z^7VS}SQ3^0WLPM!%L*
zmSB-xy!vbr6f-@>UR$J$gD_X24j;Ok%NnN79ow<8p#o7ZE~P*bUTJ6~aUaeW3SEL>
z<pz`Q&j)vdUFp<Ha%c+aie6QRqc0Oou3Wo*T@e-v+=w=qCvKY6B5(lr2rkJkZCess
znGDu-iX*4YKq%+(B$ULr10=IV{R=GoJ@)4yBxb2y*H};B0-U*d@VtcOv?y^|IcElv
zF46Tt^1#J%q%|AYgLZZK6y-dViug%);!n3H<q>^}2c%TWDe_Atfsl5Gq|O1xsFi12
z5f3FY%i12+Dk{MwazbQ&&{G#TgR98tMv4&$Ci#zBD(o6~x_XUom3<GAU2bLENv-ye
z>Mj&}9b}+Y4n93+mos0#Tb}6p<7^U22jRT5(%ri+vdb1_u!I2u@HvlOR-0{aIqTjK
zX5X9>*zWb`8%R~xbM1F<S5CQiu-ji#WnW81cDW`==tXkBcl^&VL*V=qkh|kgN0NkD
zfFv}MQ{O=RMpx)K3~C?)pXnH0PZfk##T%_9_7>p$QoCP$fR*Ah-tX7}zzPt+azQE(
zV-PFEh|-XznB%Sp2}O<mPNja2X)uLP<#{PHRzuy`&9!N3Ezz|~8f+mbY5i+*CxW<5
zo8$aMV=EfM;{!ucnetsa>OTq(9z1x4zq!20bAQ{`EDjKlA-sqU`>FY^J134@ig+_C
za%@<~5ud1<(PavKy>-`gnBZbSR+X0}D=W9c1khg_-gv9QfdJ!ZS{Iy_u8S=}AWcnE
z8C)%cy2O>O;cn`>&+y<%#I}YsfGcUTz=4vZo1IYZymV#s`*-c-Ez+{q4J#vg&9QGA
zKEor^CxvpV`(3R+auHyF*k9tsmcA9oH7r$CSDSx-kwEUnh+MwTW6{}{*vCoff9m>Y
z0&zs*N{g@6QnFkm&-4mc&mV!QN8{xk+vuIZy13s$BPo)|Xc?No;R+*!x^6JFkJ_Zk
z;R;V8g-P?5B)A(Wmp(>_t7;EcsUV=XUS9RpmJwoM(FD8pK1(QgR)o%QX{>?v<jL_a
zo)39q&J`vVKGZ$?hGbfiBXieyov!~98vW?vpXvTk$%{(?8$TzC^u@k$S(~&F^WIf!
zT5QuHlVjf`x@P&|DJCgics##iAJrL^@7mazLR?v=<efWHofoEZEL(1og5PNr&`(Mg
zPrpU3lvD@MCxRg{gNscn`IRF7zW*LO0Ncce8l~kL5zm6`2n1DwirYDoe(lL}QHSb&
zroE9o3^-~=(FB#6%U7>TnVFf%$jYh8nEQhII^TT<g@ErWb8s#F_+>cX8Xw<{04fKu
z5%0O5ILiUt5>)rf$jPai%X|``=YO5aCbl)WBtS3t2ycyDcj~umYY?TEf@FS6a25o7
zy`heitsN<=2M<yq>S-A6EuC4O$OySMLoOy2$S~q)+}5gg!nRirG}cVHqS-Gjvmu#d
z;riIYNlDV}2wJ}FUmCwCrar|NxH{8oQD{utCl<w*rbAdwD*X3VQ%b~p>(_EOc(9Sv
zQ)X9`mqI`#vb+8Sn`WwXpn{T$%5rgTU?}T{eyN-RED%G`aH9<tk_uEZw^sYpVT}tY
zgCQn{K|fI%gRy*(Vr%P%0BA*ngo^9s>}WzAiIR=Yq9miEW+ZVDPv47K6DT!;#)2?D
zO*OW_%HbAC4*CSU_I*oN>s_z*%N`bXEeBK%w~tmvsViHjo+x^4T0rOM3LQ7o>UpRx
z35lGFKyouPr*#u+s=qj4`B?HCW^fk34w~b$v0V=v#1VfO%t3d`%KNGBWN1OpHZ(MJ
z27+V2Ukjx`K8ehR99x>D_Pzk5r-6vgRjg`(c?U)9heyW7=40PZNAfvZMFc#p_le_?
zPS?pO#1k4J1dXyTPjeh_78?A7+K=6X;x+AV&LMvJ@@4((x-;uFAmgeYC6#q2eG8-)
zf}Tk(U)wcL)LF=f-Ns(vaydc5{}6*F5{zTo_be?#kmRTNW(T-%f2=$4U4WBu$|;8$
zsg}H*29X|OV{2)*h<cW$5nU1g<K~YZXC-80e7&jYmDqRLcn@iD=2X_OMtaGkMYHxZ
zI*CJ-5L*akAamO4ry!~+KBj^Xf~YO0v>$v|uZ}15qJ^DX3x&D3a{G2u*W1E*K~^H`
zmUCP0sE#G>#r%N*=|8=ET610KOdiR-Wn))0v-B#qpDjY)DT|tb8KCfsPkcj<w={ww
zfX-Pb`*$YWQg|%8n+-fK0zi0%$DB2+{<2AeG6`<$gZ3-EPmpe{mq@~qT7-dtp?!~0
z*w;}T=9Y+5p!+8w)><^%k%B5YErt^(#=4%w@;_-EM_jyk(bFcgDO$i#3w2%NZbaK3
zCwTvQMDj*O(!jNho1Q*Sdr&g1HL_w56ciMI$Rw}?FmZrN{AOJT%8GT#ze69J6fNuN
z6yt_SW)_yIXC+`-_aa{R6+*oVBuBUsVBgKZ)V=}KwgA+>?5RRP=r%n?4}^}12BT_o
z3>#|it~qO2*C%64dz7F(49kKO<d(w;)r26^xzksHpiLlUj*}}nuWZl!aiT1~5Vyo9
zo2BO(6MuAOMUmDT*CqA`oO%G&LOi%OdF*xh__qi{t?em`oD5LK>f(|ZWoUY#4YubR
zq8^$9Wl1q0+X(_mChL7ta6^FRl1Xm@n)BQ8wQI%(2}m>$Iqfly1FBXdNa-xuvd*M;
zXPK5hHUZi32kI4<@I<9EP9g1~^Ssb(5vXv5gtWj7FEGuuVRFp7vXL#sSV8+b-WvuG
zxcE}Oe)|rnust(QvjbRMq1)##FC`0c5ZpH*FY(6|f*?Li6{uJR!us}3`Py{Z(YHqt
z^%z9IX7-2<#wxnYXkw?pR55}<)+pv*w@xuUnOWNAZjg~i$m(tD>8_@61kiM+UW?Mu
z=jw&_*-s`(7LovNUycgO-Vef$2R+6GinS@IsMvD*Pu7>u7t^HN_*5u-?S``733k>(
zBqXNETcaGP81+i;Rist-`<rxpR;-u>>VpSctlbG(xDtpoEtbaQj2u`)?B)Nk6XKFX
zkNF>Ir~&c}7|!Z#n7{uER({b9ESzBUn<K#^6Aq<_Fa<H2?=Qe#cR2v5+BS|xj@gPy
zOS9+LLqc@T!EL~0nhksg!QP5g&vVZ*6VVTvr^zrq)Pl1fv`T7$0CYDmu)k~bnrq+Y
z+;h<G+dU~3po7O>|JQAMc7sxax<0otX(uytAI%x<AG{LY)Km}1EdQH~IyiZI9Iu``
zRyR;g^lJ`^L^tdrx58xALxSdk+uyxUZ49tknzvUiHuKXi3u01YUFr&FArZI}a7x$G
zp&>JqRW620Qb$lP1y=fA%Rbiu8$Zx5AarbOa$Wjcl^Hp7rV5CTQGC;ock>vmbB_JS
z@P97_mEG|n0yvZSzlrY%UCiVk#JBf12ulCA#CNj5|2yIv&wFF+zr}jT&~bCC1PX74
zUy*mJEfj?X14AgCXVTPZjas79ao8~OeUX}tbX_yY6=t1`nas;=GW%osr<&f%_#*A?
zZQlJ}KT^QZ8-bh~z|tN&cC1+xN|T0oPCagn=HoVLq@%Sun^QcdiCp}8wa}iVlJKRi
zCvR17b3^(wh$Pou-!yMHgDfzX``FmPNhz}M<t?Zb;<^yKoddQ(rAuc|Dxk>13@ny3
zK(v+*7>bfez<)IW?^!b*ra4NdQ)q};mu8{6N^twBDV*E`<s#n!^;v=Qrx)Tit(ot{
zSt*0p2eufsMMPmvix|Jsgu;h}5x3#5S35x2TY)P8LwM|}=-FVyol+@=j*m*=DXPeS
zuPwz>)03$zSNq~_k^_F#kk~hAmkue&t~m}~UbUPpBVRp)t}D?V+^?W%P4m#>39plS
zO0ZU%5by2XJ^s=HFt|;eCvmEC<q3(2D~+XdKh;Ya{WsoTodz9K`<p~5#B}B7&%Tyo
z4t@OCtwl74c{E6Jj?aIf0TW=`B$fj)@x5R4@1GX&!Uxt2gS{wkFV#FYNLalUX7*Dt
z{7~eDZ`MI`#oqb<%HXPlNWBmTgb1zB75JK;j$Zp|9`kln^bKuZ>j7<!^7SBI#I}4Q
zC@KnEA9lYV(kyj|xdXAGGFf)pWP4(uXflspRzcR90}7J!zOj7F;u*=l@qxz5FjpK7
zJ3KQ`@-XVfV}k9A)JCDd`6JR~_3+@5Q-+A}J!`!Izl<J06x3($c0T=1F1WR%FDWIJ
zfpS9@Y|B|x)pX^&9=F?Ce=>uw&|_xa9~>G9tzS4ha`g1Tt`!5yD*2HBt~1zSZXhW}
z$bseBHCg+qPDM8?c*`Com;xf0e$Yj?V-&1$NK3+#(yq8W)_ir);I3diMWjwJH0kYC
z`E&>hd^6M)psgLL8i!=9!o$P47~Si0m)jJ?%+|7XAlnR=kLHhm-Fz5MO5M%v(}IqR
z*~N-RO#09Dw+Hjzp|<{BsP|_NY~4=EbK9_ybDFprXamIt9HDF`FagOtD13j*%}9Hz
z0H6AmlTzSb+avD#W<~v04K74T)&l5r3`jfw$AdPql9Tezu8`_7XWIf2;ZXu&mw&Mx
z9u#Su18+Yn>`D6X5S_mce*ZjB-qJSFJ2dAWWa?sNnnczzOYF+!+mhu~Av)}GE-`6h
z@Tb3_NhAEYqKgP68Nsk<PCxjMQzIi2_cDr1rp)lD-Fo@Z=Kq$xWO+ZlZMv}KQrb1{
zj&VgqCbQNDnMID5gDZp|K-WTEzy2us_veWhGrwA)47uHWmE{#e3uBJ!%t9471EF~E
zH*fsco+_qZA7ZJ!cZaBg0f0g;Bv^&WKN&DG6(<;f#Xcoxap%WZuIQ=|w#oOIE(~8b
z$7R!d9{lS_KmVp42c}N{$i~ZaKwzcklxrp$>AA&&FFsyMw2u+W05dd&TT=sq{<;Ue
zLHx4v|1~nZ_bEErtZwLGhvObhU!OKaVfQpNG)P*&&y^PeZb||`q$5pP3dC)cN8vN>
ze|3McQV{!}^GWS5uKmECU!*MQ+~ZiTZB?+<Z0vmfi<u^Eg@?!B_s9I-IVnBg{QCdj
zzYiFAEyM;a?fhZfNc)54=9AJdoyy-klO3?~)<4d=@;{+UN%SVugQ@<Z$DDsgv1DX7
zK^y?{{&+q1kN62FO);O!q1XDSUj2(l6@Lv@CFpqF{eM3A=d(S0AfK7Xa_&C<uNOWw
zD4yCy@#jX5L6z`{w)4`VM%OR=`3l+1y1%MLDmhOb`SV4ObH)HAhZ@Dm?)*6`U`S|X
z3jgNUf4$4Y_tU38`75|8zWUrtM85gAnZGn*{~Z5Q250BnSO4Bh>tUqvAGh$=?t6qt
zbmqSQV6T5||I|3dbYSDs{IP$IN_uv#_UGCTPyTB9=L=*iWYlnx|DFx!)K1Mw|5jA}
z{RZ*ZLYQ{K#%~GOKbs$O$>p8<_a~BlY8ZNad=DzOPw4MGe?AePXL+@9=@$q8&nx14
zA8LfcuwEz4=Kp-$Yy_kDVC+vKnC#p-(CF{mOU)u*{gLUyYC8-eZF~^S=2L%w6EJ1Z
z89^{!-Sqk7e;yy6AJC=tksyu2zi%jM6efWk{rCRz$!082t@2xLOFF`CAB>3^F%u!9
zi_YG<VYTnqgpH$o?(I`+k3i}OWqVEW1Rk6+<N^HxFf(S6HvDI`MMwu0Z_Z_{AOAnw
zyril5RaWHVahu(uzt&=%w5ihzZ!A)xdB3~&---{oPMbnhC+{fwNk$dIzkOwhH(ggK
z`sT0qFp;MO#<ZlH;Vp1MNKG+|s7+#lZ8Jj#a6!k7x&L0{qgS1gC6|uCmj#g?_p8&p
zsMWiCaCbNHbEeNCDq(eSQfB|nRF9@UehC$Czt2i{Xzme(yVS8)Af{NxC;bVGl7X1v
zEVb09wa*9s>*AHt-}7IT7s~nx3O<+qk>C70A=0lsP+dnVCfF@TRr&Dt-<y9uc@_@R
zl?S2r?8IN9z<*wTrq0y!`%M4ZxP!(LsIAj~;K@)|C*>U{Jx(yuzq-|vc%Nzh#1YBU
zzP{zu;=7F2eaR(ne)KxzPQi4pNb>$`tdB=?ZhTVG@ri*X?wCoLw_Do>1io`i?>}xj
zw5_eq(U#X_8ykJBK4wnhc7tcI+}~eo@z*yc!Qb|LvjR=BE>Cpkru2Vo{_APG-DF<u
z2}=sVK}nAib#33k8nip{Wqla?%?ob~pqh4~D~FLTd7u9s&+zb5>l+)NK7ESsq2Jj^
z!tWw0X^gJ+`;X(U(PpXD4_^J%5TFGM&Hi^kd2;eheq$v~;ByRSO{8rfu*P5Law^y(
zLqkLB22&0KwIu)$pb6BHo%Mh5yr957Phhq0ZOY+1O98TdVlQ7z<=T!@1Gv>$axX(|
z;FN&PCA#|O(2RZ1U`sN83E}fS_z~Gh&;|}oPJXRE|LZyuN^d2$h_i%nt^YnbJC5!O
zcgAgPO!m#`J$voTO`f6m?%nI;J|IlykrH<D%Dr$hXlwvDN`DtIAv2Q_luvisl$Dgo
z$Yhd^LQp$DKR+1t;>83*K8olP&5tVUG=ln{ex^?fwoTE=sR;?Y;c{MoePkRaEhF<e
znECB4vWlDy@*{7KtlRbr!W+)wb2O>aRO+bj{2qG8=xytxl&Ifd{nJk_m_O$MxQ}l#
zv=+U1{rWC4P9|2$6Fi@(*!ucrBbEXK0=$*d_K>maZqd4|{&3b?^8t9nV8aprxu<Hc
z7;!nTWvdJCL@p{i0Ih+v-qIjDO&+YlI6m)+MH1${#c!*4W<=4I*w2`6-nd;8fXSbM
z9;&2fsFIH!T{1A>Xg`x&h6|Q~cERC+0F{lb;k)8Ya&)hRDW|D~Lt9lc575mf053Js
z98Z4X;)TPfPrt;Y2(%n!oKNZfe)mqCg$^KxUf$k)2sx?n>rPxSFRvCOa>KuT)817C
zj?;Bji_F8iTw^yKU6kwUma?+)^DdZDYe;wgCtLhL7d%IuKYwL>|Gs_0*y5$ghK(<*
zS^?ok^+$w9XthP0HN#_F7mpi+vY&j0h70?+#7CMV=4Va`9!8^9dk{SiHcCeUrHYai
zVhWM5#Ft|mM+>cS-k|hya&gx0&7UMA-RZrDP7YT|zn$+%K^uGv|M1wx#$f#S38$xo
zTvH!}R&VRu1XYX?K{@%}9Z0UAgH-*Rq^r#3qX%7Se|Nm#u~1c2B_q?*(|e$)nR|0q
z@p^rzU%Kn8yHya=GR!=?4DK^jYFV2MWYCfF_yY}%gG;w=ZC+$zIzToLwWGNoeh=H3
ziEoo_;ao;GiPnyF!C(1pH<ytu-kW79dp*&=r^^~<IiLGoQcC5(00YP=B~(>u1I})o
ze0lKYsl#V{Vb~7TpE!AP1PJijZ{KbYbYwhsbo4=2FhW=RN8I@tY8h3)EyuN(9yxw|
z4|F_&^)&n=;zp6(#?dk?wgn`Kc2mb6t#-5PzN&;CO|N4@sHCn+*-dpH1e)-$_tlEy
zjDZ##8+Y&BZKv0hJ_tiaMpnqndq<)O=KTeBc53ODFQEgrC#<C{BKhI7XDOwmq!Niy
zf<F2A+*?acyI_Fyx7HV4%OoWjL9yNI*RMVDOd1Ex2UIC3>0dx|EWh5X0s^N~<YRBk
zTTyEg^6%hL#KD;vL?JzhT^@@Ho{5NvU}9%~rZC+((OP`ynFS?|j-KAXwN>d|3Ls9|
zqdLcWC0IhvU3w>W>FCQA9=@dOz3K5?xZvy?De=?a%xXoPDT=SkpEvHYX>n^RM;;bl
zq9sioE5(~PcL8cjMz+0;nqM?G%m0=n8}@jnmj_PybALZQ1jR*<hn{hYab4KmI^85h
zTuKmaQX<|^N>Up7{`D<%wYuq`#%noaIW#@(chmFp;Nal>=>-!LlabaW*&>@!E*V)F
z81?7!H*cEum+(+fP&{53mSkF7@)~WDjFE7b{2y$61zc78w)LWsR#HI1pu3e$6+u7=
zB}GzN>F!X%Ktw=V8U*Q10THP~Nry-a8|nV$K1a{J?|qNox#-=(j<x20#+YM{iG!p-
z2L=6a2-EDM2B;&*@Wh&cRi=60xO`3}Ndl+Dye>p*su1*N$oGTEf4ex3zjS7ge10ga
z#0gaOariFFCj+m#jyKnvK)#OdMDCB>B*O^JG@w(#4Zeuf@v5MT+l)J$48$*2_X@VO
zv_UC;!^uH-hb?H)5KnR4=fD=gNGUEp$9p>-8@X4$s`u`yBQ3a>=)P(YifP<h5>)7a
z79PGaPgnSTu`iuvm)ez|0Vy)=5EXMnrSKWNOn%<MTZfN0I6JoVrJrrCg=qlerU0C@
z-q0j{p7!=+E>KBpQS7%)YB@PREP}Nd#wQ?FlQL)(Y*v3_er9KFBoLb1_?`Lp>gkgV
z4ZoE>5}bQ-)%@$*s7t3O)=or5z9pY5Poc@u0)svqJ^olMW5%#laBsThc~IlmcdnC4
zP)PDg^YhDEk|JW%l*HE7)_uZL<_|xQwOQtc=&v83R>$zb63(mcE{-Lns$EP|O1YDR
z8a*`(zLTTSlO(w@wr;I(YUco4k%$X|v<PZ3TLT<K^LoQE%V-<$9D;`7f(RZ22Mw&;
z=ZNkodeqMXZaJgF;yHNOH(n*576~sP>KYpU>-EP}c{&Lv?P)zyhx8)l<$F_kf{Ojr
zzWeaQ{SDWhdKLj3rzkHkR~n-eaAHFyiZ%c@FmI5N{eAn|XvL4*8-k^_g=iyr{sc3H
z_u4upYo6<JIhq&2mt3u?O4~o^wSWoU-U2;QaC0-@PQoH06r7xdsCZA#C428wb=dmu
zjAX$Py&gOLfQVj<>`H4ZTFnia9y9Cgt<kaHB0O{UO|q0NZTGuA;!Xj8Zm_X&nND@3
zq8KEfeforLT-CVqGgXu0<%_p$*oq*DM~FB)cBXuD2>ghTHcNMq>gidyvok*i&%sF*
zb9f*P!Nl-zD(~&?$)Vf9l7&iA%g%+dkDkLk5b8@eH|1?qBKic@>%{RO#9m_Xz&|-T
z5%WF}x=k+~HU5siR@$Cn_2&<<U+WEv=jbDvj00cB#5{$Aa%N>`oe>i+lx|R{q*ws7
zwWsR6`*QA*ft9$djr+fTO<^-ydPdT7yZQU`=UB+rVjmU*0|WX9lT8j*;34U``I$mW
zdcs>C!?E?F7N`iFped6#+@Tf?QbfMz&Q4q;B_;hDx5+c#?M({du60t<6Ez)nw)v=#
ziWfJ9(6}4^4gEs(-iH^(#p$3;iueI%O`ath6QNI}r`zJ1sPm+z*xyHO{gO+btn2IU
zAw9pe1cpow54wS*OOfX;!#zDc!WB(T&FQ5LwHa^}2;zH+Y%%sS-oAailEU}Q;qE#X
zQdw1<W<OQW#>q>)v$W2Lh>A{F1Zx-AX--5{o@9`>EMzf*b))YlbXi-0mVEx`@;~0e
zDy5CUcd{^54FQi^J<a;>j=`5c_xh)XkNg40lFJ)RtFG34I|VF++RbiyqT?Rlphvm|
zRE|@g)Ib_(hW^sVq^F}Q306{4QdCED*7V@%u^K+3)c$~51j9BP?7d6&r3&x^4=J~}
z`Te<c)3<g8@^V4FJVhX7pbo7IyD*V_-EGN}^}NDq@Q%s8`&y;z?>{Lpe-?Yth<Kgs
zQ-hx%pSLhIeJ~%fROz&Iu3op6=8}>GI!2{Ceyg*lW^kW7>vhy|5xj9)ZZ3hgwsv-<
zlnPf$-pTfeMe_GPjr5?M{kiYYVPym@vzLJRR~oOqzIHkBpkU&*{QHHnIhqfLyA9la
z<zxl@yqO`ewLD0-IqAy?DGqgJgOIxb1D!Z7jEvtqY-f~1ZGKmy!a$^srm^x34)NfG
zPs7022UkYR{Bo<$+aC&#dsNREx+Y#FMjW>19?d051i#JboY|*Chw1ru(u|R4k-&Gm
z-@ZR5q^xNNp;_Q8O+%2_+bU7xhe?!g-@Z*l*!@=ROo%*~X%2R9acL9mIil{7*fd%l
zsiOl&pIOsz`s-GKkpSN=7mkyWh@17!m>bYO6<e})*ZQf^=cVfERWY9<8W1nM_*HNF
zcvo)G5%To6*S5|2PNJiunWH;;Ggax1jyek~q1P8eL_*%3ZjPf7EXS<by*8LvF|vt&
zX31A_&z*p`PAKj|#6MX`w!fY5k-K!L)b@Qf_L|=r&e<ijmZGHR4tC1ncYkBl!`-C1
zwB9VA^DVj0<KoV<RE(v{<7wcNA(&WL{4T5a5SgP4w?JD{f<oX6S(i32NO}k@zI(%?
z$5DH76wa$CtAwC7Hkv{ieXwPy$MsK#jaVu!#de|}Ib)kfno9%hyh5^r0mk(?_PdH>
zZWi4&X)ZK7jabe685vnm%ZD>=Q6KFbuBY{~B5*PBG5TQKTB+tFa!{MNYI6G}<c3ew
zmP6c!bq=xprsE3nH=l-mt_7dKb^ljnM>5d1jj!ftJ_}~_%C4!HpL@_1Kb5MTw*g#3
z1VLL`P$+55()aA2_p9ADbl!?RPFpO&Lm~v+KA4-1??t?bi3$GE*-%se)lwxvWP;6U
z6tG_y*Up@5kByCGtsM$AR(&-5A#sgHpyXTC@8r(zuYnw1lP?1~kk$!#Y_IwYW~mKZ
z*BxHn%E=nEGEN<|y1x<q`)3gu{Q0<td%IW}cb-N>5Sf~rh6RM~5C2mAaM;^&NmUym
zBw2d~K9E_I70;@SRv=D=V&|Q-uawm3tRp0FPW=l`%ddGT_WrsRJ!8dpRFlfn)U-HM
zKnEb|%NGu<a{_7-8<%ZtY^)}RfrJ&A>F(wRxrRKP5%qg-H54`DR6?RITw@XtICuYk
z8Qu*F0vrKBffq?Hqc#_M!as!S^ECWenYw2?_+rI?5wh>;hS-NMJb%5myy5zHM)jRC
z6%&?c$IUO#he&y==qP=-UsVMvr*6lQqNu^y)_X@kV%hG#LHoNGoj=}gu6b5C(U(cy
zB9^w$)Y4)GZ+iax`5S7t$dl6DbsU4u9ug%5o_hW)Q+kv&JNpo+=2$3u{KN$p0X}Yt
z;~&*I%)2qtp4%eQ1bFhv*Umk~rXu=xpK3~8^A9h{&kvN%%&z$C?_1;>R8Ya;VTtXt
zDr3p25WZ{MS)fQbQ>L5|pu!Ru8j5G=@kl_s&@dR{oy5sElSS%t0Sn2V490<Y!{S`{
z2q@X8&#g3PWB6l~@z9Zxg@M@p<tta>-mR~!=q;S+mf1XdQe9Ic{#rR>#CB2s4O9n8
zn;<h&G?!oxPM?P@<_m6_r@WB4p75N9Xpr&Z-RJ21qna2}U^VH({K-zWw|r;OqNb37
z2Ia;la~%w@T^?0;mb|sQIvGjH`G&Bif=+tft`?#Ml~hBi(B_eCc5|~_pW_I<1uH93
z&1+axiTk_!F37Rpi%#vKE7dKq%XW=aYGL@DR5&Gr&LCraSme{D?CXq8!$zmcWCzgQ
zr)!Hi9|(NRoNn7;`f{xvP_&)fLKl^czQy>Eiy?mG?axg>r;A3=Lx{&P|Fm~LM83RQ
zY?wj2FVqlp7o#@~CiLwOBv!5&<qS9>PheY&+g|F~y~A~4IjtV3>)fo4+$6*vDx@2p
zw%O!`7}{UFXr;@=#f4gR>^U!iH9^L};L|xKyvwCEx9~lKn$>tHe>kW&3sP4GdVWl(
z#Q5(IUXzq0MtZw@3OBkB52(*+a%dHFYUK^CUjF^*B5z2qiaT7IeiW9f#*eN=(IIeE
z^7p@*4n2$Ee36ty0!1Kr0Y4zqG&RYJnpRzuW&}=mb>Hq)aAOh&i|Km{jTlD<E4*T!
zJ6z|;$x%m+J;sMoiKwlud`CJ^Pi$V%51cVp?dTfB(Z#}2(W!Z@ytX=}mYbKi(HF`H
zxmg-WEx2v_p31LJdIzchK&QJFyK72gMkeJ@KnmMmxpL)RxlJ6Z23{JP@U0LCcHfj+
zuidW(QDFroB}`<}!&*d1V(Ufrvju;wQzpo1OQRAJK0I?Oj$7^*m8WTztk_vdQ9nP>
z6*(yN^dBEW`?TsyGLiQ)fPD;F)s6{&SG5=Ke(CH)r^|@n8FJRynb7O7#Ra*cdaDKo
znTv`VQFx4>)~!z(kM;?X#Skq?hX=lOLltFZl(`{El8$YwPr%*4&LPB!vMoLUI>-d_
zH4QtXT(Cw+M)RiNl`9z<yTk9so`r?c4g*K&86<G%y>W%LAi#uz%W?6ih~y@SF~F0L
zl(4egj=xOcojYii4sLu8Z;vpU&~Co6l<&m#ENd2>kyXymDOCbO0MpmFb&E=VtMCe^
z#m9hVxsWPHjNBLd^xwdVhV40WyCCk-@<-M}r#;RqYo8xSc+Q@g*#?fxN}b`i6h5R8
zG&~-&OHIy!hTE!=hsQO9Nl2*lW~rzCIL=I2VPT=Ap`s$r(CK#Uh_e}0b*hz#$wS($
z;HmjhZNSgmfQKC#>3d3y+}mrydn;i^0KH^l#BF`THT47k*Q%`p)FSdCKHlT*p@gH7
zs8>P`FNMuW?a16U*k?{|=v%he>GAWrxkG+OM~Bj8U9BDVZR@<txxPw=<<{*azn7X1
zd?spvn?~EeAej-;@JDudaL!S36@a9Z9nRw7Vz@0APj|-5AbEfp_4UP<m)=VKq|`vE
zgQj%L!FKbyL14|0r>CHKHxSkE5Q)Q8-^X)PzQKI&VSN@lm7Axtha#7pA<91xSNN%m
zDACA=dsUcMuCyY40Rfn``}1^idw;!tGaSeX33>Z-Ml57*VPUGo7KEP4YFxNUKl1aN
z`{w56A_$Pu-)?q`BYxMfN6Ou};R})Y!DQ_&#v*3C?+N=!b7)ppD9U4Z%|JbGkd2*P
z7DlD&o)<#T3h~=sIX&n7$QWn@_evMZqgP5{VIDb)3dNfQz?j%74WE)D=<*VR1(-8g
zW>sY+ej(|qv>(*@nmRh^mG^cdV0L(MNR^sR()*xvzlY=cb4*0;Ah_t?fPi~|VwH#9
zmJsbd%Q9VbjsN%8XD+D8Bit65S0~E|;j_?CoiOel91zGyl3ut*fk(<<Q+f=31j<+@
z5(Wu;@DDK7575T#w^LWdXn+lxy}L6$F|pBiozVo`Qi>)AKQ!s1$F_G#8$H*%Yz2N!
zRv1Y`^@R@3z8~~LrH2d1%MMd^KT7WW;Q|!#(eLjXMX!WxHJnv&fBe^FD21RHe;58N
zq^xXPau^Iwvj(UPaQfpD8*C3<0B`+%?7j&v#td1~kX}jfJ{BG^x`h7dx^CzNLlQJ%
z4rH*m8w;_Vs>jlw7*F}!(_Wl$>+h1R5#)Cwe3-Whm7*9=g@CV!Ah5@cb$WRoS4MQs
z0}93$u0LrhSn3=3Y!95?iMvw45r>UM5P_zmh6?ncra9Bo*_|j(*a=HyiRg9^^kINu
zJ6Oy(iTEuEnm;($I*<5aV9A{YECz_+vp`oD7`2d<^+&0!4%Uc@Q~wS|w#|)M?&qE=
zhz`^!r5juSHt`9Q_X3Xs-;@-+h%+#63J9hFr5RL>lnVdJQr5@C{vM)oXA`;*BO&2;
zJfjr@d!5;~qoqy0%`L%2X~xqin8s;Y9+Ykz8qzL}QsKzkre}mGQRA|H7LzSx49o-|
zH3E^NV^Q658+P47sRi|9GgE<Z-RE~R8*p(~I)6L?xgXtZiA;M}9Z^xPdqreDl85hP
z#h(>AXWf={JM?H3Io_vbu(lmOaw(6=Sy5F`sCb?ctavO%c*E>lnKdhLYq1fxm4Xq=
zzO-P=xQeN`OSLei^gL)-L_`FVorlc%?5ks6awmI2S(7~o3hP8}?EykUs^}wyOGM*0
zD18(Lq`#%4Sm7kSot>RM?=D6++o2V?*5$1&rx{1(h8JYm<@UU~3yD`9Vaev@c=NrC
zFk@08tQ5Lmz~&iSymxxyiG@tWG94Wsk97QF=V6Oc(Kjx?u-rDu{Np)|osZY^W?%$}
z_|$s2Oex)8J1<x%{jAS`l`#AV5o_lA_m*%(CRLqDQt|>IdT5N-RA9umZXU|p&)wZ2
zp5auMKYkJeW~(>(0agerD-(bK;LOjT#H6IpStjObBXMEO8KB3YtgI|`;{qvVW#tzy
zUy|Iq#R(_;L(_0xRT<@34aZ%@VQB=hPxQ?kx!?&|8DM+r1_g38E<U2$UwJq=<*lp;
zzI1-+V`uxk7|!6_(bc7BWyJxdJ>0@GIyyShojHS6u;n-{I~#veN-B+c8sov2xmX97
z1XOt^cGkYjNAIm6ATP35@_<!rw8n<>KbgDXqWc>&^Hg!%JB)x&uTY?E4M=XNCo42P
zZWm}@;@Ocvn6hsTkI|Y#*CH+CSk1<JLGW+HrAxz+#Aosr%yhs4uVJmBlZ9znH}|Dn
z{Zq&e_MG}I!kIUosy{Buwougi9d50p;$g{F+PwOM-FTS3R8Ul$h&hg;;m0&IH1rY`
zl0A?D%yrlEiLZjw>5H#b4xZ9nT+3gTSbo3HL*-;CZ$9)Pu=}YCP&8hi&Z*z)*QQ?8
zmS>R%8?%Kp2fqvbe>xo(Urr~Tb}HPyO#&<XU|o26S{mQOPxw3KEG!%x$`rWu6UJZT
zXG}u=_(HIh`0|mGskRN1c8A%$$LMPJWU>gF4x58IeIV*3@+SsOP#(x7Q^D=seKM%l
zq8twIKkV5vIe4Yo+FDv}zpSZDAI5`}sR@F2e|2p?A7f@^#RF;>)$wfwCvhPcv+gm2
zo3DQxW;T1t$B#|Pz6IBB-aNDV^XFLxDWY>{rq|Y*{?oTvOJZC$=;`ddwbvKAZr9GY
zN<Uh+)E_Fb4O`YIPx8+nfUJr5zi0+H7h!S|5)#<Hiy$CIUM&0P41DN^6@r+4+IeQ-
zz1|t-_$BkG^@?YZZU28?Rw{RLC;;`KLYQ9O_;%50s>%SJXIxGbe-xJd?mxTY|4p7>
z+_+rSYgGpSRT_nOu?h@)n^6mqdb)U9Tx=xv|NnW$j}OY!s;7jt_e!clr1EleUnC|H
zGcq!MHZAr%@vs)6rI+%ef!BwjKL60rcH5DjI6(__O-*e08Q|q7*$bt4hRLNiGWzDr
z>g&@3n#}j><#p7+-R}wGk3oC|2jDhn`OwM9%Lgw3_4N~w9A_q*FMLmOOS@UV0m;wH
z#6<L3FOx<;j8&)KALGv-xLn_`yKceWNth*sE%x{scg{f0%*n}#2I(L+`}_Obyiah*
zo9U@Jdm!O^A^~%m5mN(HRDg&ER8)upmcKmS4GiVfJ2}&fi(%~yo~ua>L-2WE#uP!+
z)OyCKj%uI$AmHHOP&Y8>nr5BQ4t@3do*R>zo22yk1*GV~+w0L%YrlRy(XVwo3)_`%
z+^7uTJaeX~q%2U6P_)!$<Q&W`%fKCu&btAkG7*3|k(eoG@D(^Gh^PwgRhe-@fC}GG
zljbJyNrH8jc{&9F$;n31#6IYY)2E@ax9*!<;EF1#%*GdYS#8YdjD7Lu4KB5X#oqp*
z$?CWE-drutNv^*QC;NU;(VNujJCVNvl)qKqEBRwiVQVSy2vXh9C#0oYpe;Heo<g^o
z7%u`%(TN&Y5Vy>0yYQiw9vX!p-}Df*Ni}Y>w`r$!5b^x^bwI}oI&Wm$sjRMkh?;JK
z55gC3WMDuXql|+%+l7b4Q+ZEss=vA;WWb1N;KoF{*)ow}ifjSa|MqaQMxBkqJoY|-
zJov=Kt*<gVX}wP&n}Q|mH95}GCySR}v&R%gcW!*DWbLh&$3wTF<R^dbwloF0eUBWD
z%woJ2#OS++0fi(5sni}59VF=R6)!P`!Tr*K4=eO!oj&C2aue!z%l2&Fg*%4oPvuWt
zN&MFAg;ZmtRyv*~cfm1g-T65d>=&WQ5gZ#!O;1mchPPk6I!8f4A(J;){LxNBz9m`J
z*v&OZ6Bdk+AdvXMK$V|TIz|d1kx`8cF>spE0{y*!-}F^eQBlF}WLaQ?_eor|s-{|P
z;J}s$-RlVENR~gEyH{kii{l@R_p1mc!w|C9!T(8Z@^Vy-O3o*czKjG86n;NwGex9y
zCqmf5Qmn^}yB~)}yW{RWEiV40G~p}POz8y_Ep$KecA`}Ov{f4Lq{Lj;xR3{beY*Kp
z?9n-K6LJ{1!a&dkzCRXTn(B%Oh%v#A)e}E~jC1SV?s#xpVeLIN-9Mep_)?6!HB46o
z=sqSylhs^(O8lq2;uL!SUMJrJtNv~cD7bK?69R!s#k{oyy9TZ^xMK^%Rlc)<;sVwI
zjNFS%sh{b|Bm?3YIuQjieIeD1JItb@)R1e#a1MK^E;md=5SQsjg5f@W1Jgv8fGPNy
zP;DS$5%O6M584wuniCrWm~;t(775aeBPD%=x>UNoEv)+ipizK~<>3^kuSs9Iio+Vk
z*s!#{JtK!KPGpgaKO}#+KJDi^<w*(*;M;FS9D13ymd2=iq<2@h7u<yyyk0c@;~K3-
zB?9#~zVebXJu&0DbFoCjAjdrY-(Y}2H6*Y{V)+!VMx)^8vJQqUNG3En%upp)p$|rB
zNP1r26B|%EApLQ@;^bDC%Xu`SDVIEtZl$%i<H0PMJgmcsG9tYO#LRRU>MJTPo>gSA
z%G{!qT%m3AZsH@Qzs=K<die^;74~(Hy-lcc09uA^678!MQzGID)iE)Y3_fnA(bk?Z
z%2#T4em(RnVm~iv9?`J`mn0-nKML+2Ks+{VfBShWD)=<~I|+Ou*uUYTv*-Js+j$t_
zNjt{hL}b8P3%i0%t?n8cMt%CE0IWB_i{*G?TVNFh8X+cjOaPCwylnLi*7?F%B}+v{
zpJfn%4Kx(M|DEfCKqarOO$89o18ZwSXdILR+I1h7xGPw?uC_MbX|W^|I0Y9uISFC-
zs@GCT%w-h~+j4#F`TSYN-TkV*zJ70-B4PS=NpUfN5}@7w5NfH${(f?ZvkuU{sgjOS
z4u%9`?#B;iX=%nMRrD|<BG>tb+t}9D`>yw0URVzfz7`$~fbJRy4miM0P;fR|KgV=R
zZ^J7H2nf80j>dv#0mgnBa9E4V%IbcIaC31{bbkb+flp#NQk>DT(+@shURRe^Kv2-w
z%nZlX)wN{d3<6a@2<w3pg4SzDM#dF=1A{(T;RtV%hTCZK8tq!o=qN382k?oA^0#Y2
z9OXq^+@k?=NM_~6D!_HaUs%?O51a`J2&Pw8iQo$D#b?iF>u6~O!!}n6DylT-HNr+?
z)URIwH8qE-6Dyy;9XYttE8m&i&P@g?#Jx%f3<P~a?4dyAHZlQVbT6FxCES&*2q!lW
zkLJQe#(-<CBGuBMdCLR{A~mleMJA9LiHcX&rSGl`9M!&f^)3Rq4ut)X!JW~eo)Go&
z*jc{f(H#>L0}%YZPeudV_R_w-*f=<;P_maL-GvoQpyzd#(f90~rxYg`Cul-N!S0*f
zTn==Iisdzs({`Z(!22xyI3)o5A6)eS%DAjw6_CBirr%Zf%+C*TIz#fonT{idz~XkY
zlCB5slVV4(kZ=*GD20Ru<|Nb1Jq@d#oQL*38#}jbR#akds>$`ey*-(WF9+OfpB;J4
z=!#vt%FM?0`KXux=gSA*D4?c(SM~qfegFF{Uie?SMbDvX*Rx2~H~=vrr$!KPZ!{t{
z_v(fxN-Ri=OG+X$jjEpDpm){7uz7G%=TmZ4aN!t$g+n}@oZC5f?i?^W&LH@NgyaFq
zgM)*6@HpVzW~Irn7K%wiV%+9!DZ3!`iO{<#dX54TS|NPM>!FI^UnYg-6GT27AU+4f
zVlBdc7!>^oq+tydjUU-jBA;<UpASe{J>EkZLkS<AxzZ9Ba-7TTP2L+E0nJ4M1XiZ-
z!t1A~vjy$LbkeysGniC`4+&w1ay}~~V+LX&4NSDER-`LuG{Z|Mwn(n@)Rdo)QB#M4
zP6KV32^<wPeE<2!tjr|L!=I(2BaBqK6rc3!RRGXfgMx$4<8TlcrbEI4MqsuzDG8a3
zQWX6o0WpssUntS#woM6e!Bc-8ZY>3(^NAsD9-cOsZ_&`!W>M+<@<k3(FZe=d)#;8A
zQBg|J;j;8acRJyjFflRt9HwQYa=Lm+Hx2d5dg4j0Ot>-Ln%5`uWxDsiCW&yzh_Za*
z8~CK4-IcNRulyr;bhFb<zNn6N#_%-^50@ubskrWip->LSqed&I&DCYrik)@W979kZ
zAnvl*pH(<=d_k;;(TLlSD_#Utn`gG?x%GlynA+G7nKx`xff!0;`6i(Lu$50UI;I8&
znV!K0i3Ew{{q>&qB0L7Z_}I9(rz7@taO}dBHYekcUFt>!z@tPPd1z=F=-Usi6n<|w
z^&Vo2r~=`Rzq=(nuFlS_)J8r}*Csq^y7Kb#Kkahr%z{}6xN|Z3Y-uFM7>0*GL%nL+
z@HuIXEyI<D$@x2C9~dM(f8qX#kH6E*UF`4!P3^Rr&Z#Lz=&6F)$SNt}mfKA{gO8lf
z6vKY-AQ8OFyTn9ed;8}QLSM(kq=IJvROS<~3^0%j*PLYF9s`{QtQ+0kO8>c(m(gJ=
zkoqJJ;4Rq5j<#k5@**^h4}J*Uy$5SEfqp)XsGWYIR%3ix{ES-5QWx`9PQyu5RFs@q
z>j7*$4|h;CFff>bfDI`qxY?&6;zQxjo}DXu868ay{u!O<fE?H4ovHjK5E5hK;tEo@
z=nroekgy>4j~_pxd)5e?+s4*bMX_A~<LR$Hnadn40_O@F)2X{B{`w2;;fg+fJe&I@
z{#8OkI1D6#i*|E&m*t2-w~)cfLT3RCo(#thg9*0S9;nyDi^J8>(ASTEbt9HSv_~+>
zkJ{N0xzEqf%G$nq0`;{6j4}|N7f>ke-rrn!4C7s?UGOV2b90wVM;d@DQEmW8+D9NK
zFgGqOFB1SECsh@Gt;l&rTjF@Dzxf*MRfDYP-5Rs0F^0XpJ&;Wx0H&s-_=z5S<o2L`
zZWsJ=7l+NzFPtR#NT%O34<kh&DDV+R4ktF1c&@|JItfY1mx(dKfuSU+ke;npOnwqy
z|Jp>ZCUpj}94qJc*j|f#w@Pnnz8o+n>9G~0nMoKfeobtsT1`!jcWZfq4u=5e)vH&4
zY?4(}8Oq*cG?nyOrO8xFW}zR0&O~rv`XykRIe@G@3=0q-s4u0D(tZ}|S7A;S>YtI(
zi4m|tJwV^&smZ#}U0tnX_C0MCJ5$W>eSM7+0YQ=2{Ms)k+*wrAwD>LO5;WhxRasNl
z?;Vv~8xvp^rRG&j3;-!gXcVJ`6kf!}hE908q{HVp_1>mLrlGq`UI2>NhHMlB5NOh_
z_as>^jFFs=JO2$voS-!}nJ9>tP+>!<C0mf4-55lj)DFb4pv~2>LdJLWiReH~FR`bV
z*scf3g^p1odk~~+i<dMSD>CgH3_>PqTriONZqEk8WFQv)kFR(E@5#-2LLZT=qNJpP
z0`3r^^8v5`5c>6Usp=0vh8?xNtqA#QK}^4?z<Iz~Bf+UX&9omYCkB}#Ha0eNYGGq*
zi)I}`hYFGL@~YK9m87M~;hXIr9ug+90Vsfvj|&0Meu_@3AH2uM6_3S>0s?=rO%LgV
zVG1ACudl8~fH4Dt3M_?zQG4Jm1zCfnk<M1W#+3qdvr0f@Q`bRWX4)T*!4FU$J|k(H
z{jQy^cmhH~^l|zp|0RM@0?HYF04ZZeK;BQo|1iihY!0qFEK)~hj;_P;mRsx}9;P-n
zHcqqZ0BD&dlubKt5RP&SOa*bgy9J@;<mAvkTa&}o%uE&%0J(SQ0)mK00n{3@1*XB@
zKL(WsI3$-@Skgd=Tj{XhQV9L~zzPkr)`!av8ZL5>YhSs7V^ya64FIfjm^A`%M6g`d
zucoG^s16#$u+i(YO$~g%f$uGaYQ%!WMl}yPB?&;H+2H$N2s7CF0wW{u>N;qsQUtdE
z{uNw*J(GANI-J98$h_$!ulbtC0YUP?m*kMtp8c6M;@r!+MhC`KP;@%o(rSawJdjlY
z((~HtYj<#Vrku9`5?<u6#SG{J-79uF!$2cN-`(8}2yGT>E?Uj_wBFn8@aG8Px2{u=
zyZe!dPK2l>gjgQjAdBid1i5!Kc=~jb6MBq$@YBemTqLKC4=DhdNaI|`-6G3A)^D)m
z9^K7+tR}&n4~Z;SkQ9t=K6PL3p<cs-iL7&m?)zq++KoOzKei9B>zTK)zPklv2l~ZM
z=h0|_iTg%Ihnw>}5wq!|+fZG-e}CEQus}@nVD=WT@hB(nC1GJoPMr^*-twC$8jTl~
zM5A%>4bcBc^VBI!sw)D4@wxf=**S>bmSn$<m$Ddxzq{}M(BWHZrB>Xn7<f%_Lse65
z5D2DjzzT&ujTp$+gk7J4L0KK|Q%Rqr89bzMylRur4fSAB;(wfwu<Vh3(ruo>Q#n;V
zV5;zWY*~IA89CDr!Ukw!<t$Jx%nN5gLD7ODAIpzH(vGMpm()=gI5*5yzyU}%&fFf9
z!Z4sA>ka<8#Y{v<NC;xo*Gr?&W_(nTV_cUI2uU|UO=FfGT?DbJi8Dn@^SO72R>={C
zRE|1m3_SBW-G%0gl$h6^gT^9xFU}Dpg!a|;LziFPK=sO#o=IhfXPt>(JhTOY47RNt
zX}i0|9o0}TGr>v=%jeAUAv8E`&`*fm$pYzaJ`KOYwl-YAfX@2xa&VmEmIfkAP)G<Z
zF`g}rE-x3CkY_F6?$kJ*+f8<N5A#OMLu5r{sGryZ!L{Sq)WU*LUeeRU<C$FYfpre4
z^KziCAJ2GB!val+6h`CZ<fM)GtL`I*31O=n!QD+iSHE`GOhEgu(&;Ak&i3xE;MG$I
zZEsP{n=HPNX9oY+f`8oG`>qzTrUt+KcDLTHatjJ8y3>=xD1%t;1X034g{=CcXTa2$
z!ZJ$S&qaBHK0=3Myp%~M+l?i_fdIq8L}tJ9UOYbVX5(kZfYuvEN*;q14V1r71#s!_
z$<{@Ag1sohX1raqP&9U4`W>CyZBlz5uqS!1T}{sg)_CpNPhY=&p_t&*F8oVN`~tAQ
zS=8blI{8|!tZ;f6X5UQjn+^;n40cHXMJF0Tm;4dOYcO%$`@wOcy9L-t-y;M6r{S!f
z2Q2fBi2P=1p6<?Nw3QbH!va>w?qFkA7!-24!-e_z3N9`pzzJ2*YTRPxk`Z+(@Tn2z
z6j~ncBkd$c2!iGCkIL+)7{IluLz|b;`-Mv0;E?Crjm$Lj#S-(@Z}Su<T<q*;4Tput
z3ye`bz=8)5sEntO^t7s`rllo)rs?Csma053Gld9<mJ6v7pa!FB50+tKe0)pPhMD;!
zJ|F113R@b8i;G9k+;4HnpDD}9sjj9)6CWYWI6xOZH8=ZCj!=y>pb62onHDrhU0q!`
zDRkA7Jv~lrh2_&(GoI=5o<<pWngIS-blYa0D=roQu<;%UOKhhXPP((*WY^phYAt$Y
zVc_3AcK(2(Za6RZ>tr&32r4Hu+J2Ir^F+vl=Afr?Q@J^CLGejQaFNR_S0+EMJYl}A
zBMYCO66l@R6%~UQ+rNzJ;&-iJrG+ePHDa|u7GhdzDBj?rv|bfHoHviz2wG}pzuc}l
zty=z?yc=DmZrb2;{J{12J`^fE@fP<cDj{EjB3TR)01?}9w*2T=*Gq4`m_@YRByA5O
za4UY!wi-QL=)QpX#TC{+%Sxg(I{anigMqj$=WP6k@$tLcBzc`9rWq4itC*QgsA+7J
z!N$g(ZVo0yxAGx{L?=PeVwZqcP1;J%og9bNZ~VZzrO`qOwL&0*awb@}Kna2-*(=b#
zR=9uvJc92}JFPTLihxl-(V?@l11X{%2aTKP0PEJHJ);(P)tB{h?=?9J1oy!D@d3Iu
zH8qvVxPxwVLL`z0&<}*7nQ~q38yG|ao&a2y$J>Lw^^ZR5Pv2tX5z4pIjm}XwHQ1uW
zyK?Sk;IJq?!^pUk_u=_xk&%i{PELXHF9GIuUh8p4IB@vcRT^iksO`PoH2R^!@bu*P
zqgf{v1nSGItd}6fNl8g94(1K38YCa~HFea}RC6feyO2Pb3h^^S!>$E|WLDjY_};kK
z*i3*v0dw0tSrTq9xsMt^uK*D|eZ$VnOPzGp=j5bptp`$eSc!1s=IttzVFh11*vD%e
zh&xoBFQrllXrLpk+T;anP;bTKU^+`mY<YQEcg3^9R?n!<v6@9kXIM8G4>07gsAqCY
z9wB`|2i`G;)Z9EYS~OoF=~ZqGiOUoBz$9`6_<QTkD==g55Dc!2CpjVE6831j<Oa4q
z)gP?-pFf?{`Yf=x*A|p22bCjT1s7Rg-aw;@dxwXxl#&}zM;XA<;64TACIXuX-Oe4b
zDl1AVD-(t`5@bb+T13PZE5Jqszy})K@^C&NL;pCO=M3e9hL(&Y<@v5hmW}InIh<QL
zz7zV*$+VG5*}v}T-T2%K%ZD5w(f-ud2J<B;Fek!#`&}dCAN)>>>ZPE<;^+4Hv14jW
zyj`X}ZE=a9q>c07wpBn#OYX2KjZ!YJ_t+r)P^HvXOYg9zW42q%?f{gU!6{`v4KQy4
za1Yd>N(Bq*j(c;}J6ZOEj<&jb32}MXbOEcjh&V5Z3+0dkK=l9=LOuNw@FH}Fnv3h}
zs{4y>GU==Hp*1Em{t`3ouLGmKg9%bI$8(gEF)+}efy|vd=b+CQIY|wrNZOYONO*+^
zd<<(`R0l$>zR$f+Fj7ycG#UO>glT86WxPHr7nixX9(OREZG6Qj8bWer_wK`j6{D%-
zncYB0ebL-lKp3erA>VB3nPLPKqzx1xo)**YhC~n<IFu$9u5*_?R##WA8>7musTTf&
zzWwv3hU5Exm~ZQy&yt~USV3`QW7(QJ);csqMJj#72d)@jM)Y!-)SmmVxtrO8R#2Lt
zdAwjqa!emeODRAtlCP?3dinume2^B;LI#CTK!EN_A_kQ$MGZ8##|)qx*he;#`IazQ
zxU617Z?WIuTCYTNGTbpTO!<RGbMLLy5po!%Xo1WQ@B%o{1dw8`j#ZGFv_<$swwC?M
z)K>ltUG+$Pj>THimFNx_pHMe6v~!tAIK#R8{O4_=n+)XSmx83Qu(0~794$1&tU;D0
z(u4j$M3DY=O}(wTy*+8L92#Q*N=&)zq4SfVY`(rfT!1IdkT<<ZPJRvm#rv$4kXN^1
zKQ>GN0SBr(%ZVER(8pp``Q1N4J}C3kt<~OzkZd`;*5>eoPV~gq#qHN9jg--^4~7NK
zBjb5h!^!tgTvy}WJU!*1M40>h@@>Nd<GMBDkOiUj<9#<!M}#$Z&h-p7!bC0cUP*&z
zl?w9nbDis@f`I)?XFQrTQ4`#|0EFFUtd`JlDe?<aPWS-)rTqj7G6wRh(D#jH7#;&n
z6pYcp=*V>0=`raPw~;^Sj>j2HPE5$t*q!|PaSOOnbHx8U;IacJ?+(f42g1igyIJf{
zoSZ0{nGPEDw6tQ>Gl~E%1#~Shn;^|+(dsUgufZJmV|k5~%*`{^WzljnX=cQs<K3N|
zf#6%WvvTt67yHML;E?NmxIFd^L@+{b#qwYv`T6<1P^9A)@B;T0oIwPmv|)C6=AhMC
zMn+NuU3z~gs3$P6wac&{QZy<nh9?-Z9#@C6(Cj`;Sz4_H%__N?kdP2aplBmA`&zON
z%0=_Xb*Du7858O+u6EU)PK=MkorwY|;4_q3+k+S#rKx#$_?)x|;6??1NycM6l&i@W
zEDgVA;!`OOCy_8likjhbOTclPY==1I0k$6?9nb>8MBeZi=vw>c6%;PZdo84O#~IvC
z?_-+xB0|DAG>4r82Ys#kcRYkU!>M`YSfU3H(tV}BjgAuheD(H)`hv$nj}5qY#19}6
zNG0D&B+aH>H2&=92&nDXkoxFXuY#VvpOl(x-U59s1gUmjk3uUaZ;jk2(54HP!bq9e
zUQy4~Bw$`Y_=Q3>{-Wdza*5yh(g}evf8+<4gu~ot4Ztrb0&#;kLjDXP`~h+30c~XO
z^$MA)H-N1dQD-kH4XiBKX*$BXiTpC<89<+dtg}g5^@X!T%xSs@!lR--I41*ggQO4!
zLJES>8(eEe^5f_1>_u#iw6wIZI~foy#P4u#XbTB#J+iCHJa;kx82RH_Y}oR^tO9s?
zLk2S_*{^Ze!X7wE!xbz)@HfsO()MNcLrRRjnt;{wm6<0DP|*lnXDr6_yL3Hjd}t+;
z)OgUV5Tg<1m}tFyLu@li@rNtAh(hC}piD?y(4_P9^aPw<+f7VMTl*KgZGaT&j10aP
z56wI?Z8y3F!9_Fg4<3{s+LL}fM^~M+z8HwxiC59D*Y7eQ27Bver*)&#2opktPmF`u
zOqCOZ#fnsYg@J$<aXEyfp<C;`@vJcu_)Jq@Pptbh9I27&#`jY6kCeN<e3mQ>-8kJd
zQ7vd`rJHob8p9(f^gaD48r^w{`cAriZEf54*zCyxNWyZ}t^w@V<bA_cnvXJfqTV~9
z!xqPN>0+&6^;`mOMFBvW+WGg`HGjQ3`YRl2ry1h^1rD#>0=f<Lkqt=<&AJ7=!!`iP
zP(9M8OqVXn(-iA5+6fYIE(hKX@vkPN=E0|I0wxH_g=?2JHw3bvF(a39S9-vjI&eB9
zNri<xS0-1J1I8+D0(L(&6--E71Ugm5m3x_s=JLt&ZyKU!dcb``$^%c11>mii`>)F&
zl^G5uF+1BD4y|%%ngjFCqAs+y&TC%)UC(QT-G$^G>aOPXkkkfPCqP)Z`*SQ5?EYDK
zER2VNYY<kR%2$O9D%i&pwy$XL!7(QSbv7lac>^m}*4CncJ%iD!MLq#A9$SO~6#9^k
zeurRC;U&4P#S7G1g&1BFfb!|+#uks;i@Ks1rFpL5W!$-Mols^oa;Gv0f{z%~3vAN{
z0P}@~;pgjB+@_ctFEYkL|EO+xX{l!Ab#(V?bTnS{l$I#ZYZ)uq`99xQtWm{8XiP@Q
z-~3WTdqRJ0OPU7$hxoyaY{Yp<f`-!_I-XB$X{!f^Iq%<NLz24(5`?OD-+#m!oo)7o
z1>9#K6w3X$4IN|v8Kx($g3JLL=fS|j4IA1;RrZ-5?yRBH&_|D!R41sdXoWpW9iAH$
zJ&=Og6Xslw_~__B#bmFDIKj;Dp#%Z5T$IN_sSX((-KFYvL+F_RSC$HgAD9^aK*7gE
zKuMeR=%ACg*#Zmti-UREal}DGu&C%XwBdA;i5}({DbbS`V}(;CtSWEuq5EUJ-za0S
z=+xg9i5{IPnuInf3f_GD_;o!aBOn(#Ha}Uf+x?KeZ2kB#{~MnB0kFv-PV)AtAHt=#
zQ-C@weN;#zX}#rhuyGwda)zD(oD}<?wb)`(+MrcxpXGzpQ#?<S{SSmIpb^>F*}3vT
zb0>c#0J=ZS+}vHO0_du^*$sMMfQ|tEssL}c+-3w5>TBcAE_ir&>A5B$T-@9sl*dd&
z&KaXTv%YTsWCUh%m|>z2y5&GYYy#!K;8dFgj~KP-A^GHxm8HX%Grsn&Mj-Nn9z^Tv
zc76P~sW(-AW^wV}x~-KE?d#XCAAsqh$sUk!;G~1?k&%%x9j(pH1;Hhq9<Oo)vqn2B
zkaEF*<{2apkb|fGwOFvzH411%Dx}n5k&)=?5+-b+4TuYGIF%Pb?}JQ^W2o+oVNVSp
zOA0W5I8<oFOH`LHy>ozTZB0%?!=^bh0o#knz77MBRazPZ4DJDrF4!?OU=C)3?jpX2
zvc(WWfqAGADIsACB!ZBgpj(I_l{w)44tiT*z&(IwE3m84!*#v12u%1zsx8r?yX~3>
z5@I72O)EX5uI;IpGf*b?n73{ptZw#fj1@LKT>9$@;&*!3P`Iq${^g6Z+XS>Izxw)0
zP5O9>e0i;0d(9Ddb?!;&qY2!N4N*BiA0Hp|kc!e60X}|EULG161<w=(Y;`O|J71qY
z*UDWmzo1}aa@-vaCIMsNt*9#xEcgqDi^9w;sfu3#HhsS|si8qS^S1YSfRto_^kwLF
z;tm0`xuxZ<({14?YWw<a78bRn2*4qxyf%gF_vfv#ad8P|e)jgNLnCn(>bo+AimWVF
zsr@|@ujB1u6sVU|oIu&sM#x*sr0X+IuJ*8x6=<zVzH9f5@m+%D{Gl|25+H#Hr51OM
zvae4A{AkmfK}``1skwO`Ha5$J08k06`ow`uAaesq7uVYcC#&tb^vUHQ4GaUyEocg3
zBK1eJghva~GqwJII_3Z5xqXs~XtHu+*1dn2S@8q>&P#vcKvUFwL0n7>XvmsEM52hq
z-gKZG6P6#@EIKH+kV<o@hz{csae5u>??ZaP5%X}o@-aR>KG_=$fPj19fi$o!0D)~^
z4cG8Pdwr-OF-E$}fE26{eZ`<+gB?;$fUK@i9te#m!9AhBaDn;d4KM_NTR_}1;)1v~
zMH{A*|GQ8ayn}9ib18H;Q)jbhwi^cP@9V|Pf(+LsczgGh;1x6Opc@rTOb9${j^kk_
zbbqIFvXTNC8XB^bSDsJ6u{1^Xk4q6{(Iu(DG@hb78_=2nkA+iU40$`?zuCJkD<#r*
zVS~6Ouz<Kr??d$;WM&K1*h+O}<@8h5Br*dv=;#MY+1l8UojZ3icX|Z6JgKJu?-Qn~
z!3PTp3VNH*<JF)C6d5Eab&Sp`ELmS@^>E^1bO)dDtU~_bCNI&214fMo{sBnFzZw-G
z0CrMpC1Cp*lS=rhCRE_db_rzM!M`!u@dM2P89Mq%1zmQQDVRysH7zybyp`wS>u|2S
z^^-T7kPrnBR^&tj7i7GS6q&d7Q7xDFA(2*EQ3XSp@+wiN428CU#-ih2;k*xz_OcXL
zoL0Y`@r9>^S@z~qFyY4AJniY}N;8|h^+Ab=M+YCjd>WoPScekk-f_$G#qlaZI7%9e
zn{gH=;Q;W4q(?_vPP8-n()VZekooAaQ9#ojO;1^`*W>ZRXq7W()>Y$){T|Bb+YF^(
zaBcyNU&$?&s3q6q^Wi%vU#Z@Sx&Jw06hJ$wGs8ZAy?^?-vy)u1VQaS++}q~-|IXzo
zym4=&3DbveF>G!2NMrQ|4=P2_Fsq0X9f8I!nx!arqj0`BWVs|_rW_(dujN9Tc3vuU
zXsyD~d^;zne8(Ge&;o#~@Yz%VSX#wHz4|6-?+o2@sIt+1)Y@{}&T6$cE63-Fc)52L
z09?e-Ck6tPUwC*pABDTECI=-TZs^V(G^b#Y3!hSY-E@izI<Js8OwZ5bX3@@M=xJ$c
z20;@HCMH`tI&%6B-GMg>D5VB)2q6BS$Fa4izH9piTpt#mlROJ7Y|y2dtYd+|3co}_
zO^u$IhjE!SrlK6juN@sgR|$@ez8jeP*Q6aZ-X4Ekz(8aTs^eE1T)zYy>wHAXB=LPZ
zEa)Yr_H`&;H^@79l-mPJh(^BJp5O*|Jt``I{;F%mp&X+O75^8u%T~7`9{tr1JXV9q
z^7{I+o&E$ZNG5=-2~EtFmKOB%>9z+WH8myk)hjr_H3YhZgQH_!i6nFoUcP;c4-pJ_
z=#v9=rI0D;e9-rY2_hKEUl~^d<O%)6h8j_jnb8I}uRH<h<b75~(`}wm7&sd_{L)qL
z>-eM?c(^TUM+&<s)hD}y4)r<1A*aIIy6JuREhdY;fPSEY0g#&1`|s$xxOOhYqailW
z2gJ?{XqvrYHp9FnzRMrxplWJ7>jJqwz)QIbc`X5J!@^>LW#UbR;8xBQgTq3ocf$o(
zT<Q-rBq7TSw{G2n%dq@mSM~b!_Ax3JrzcOWw)k>jE_KDDY$nmN1eykY?g^J-l<AzF
z7o!KA%We0CK4bw1O>0I6OhCC8rR-o%LbPqQ%)7Lwetx)x7G`G7cUOdiA|r``05yQx
zad=|o;0Y9*DJQz+t72j)&_doeob2v~tKw3-biCA3RI##oPX3Qp!r%4E*6HemyFSJC
zDIRK=N0gK8MY9@)ESZ8V5#_qzdW1q3iG9gm0|P2uUj_s?RXLv*9Z>1Mxz1rVd3}<a
z;2Ayv<`Xtd5Y_!$Cf*=Dbis83N4Clv27w)1qy&@Wj=y?Im3;D?VuaZ(W$65>UwjEv
zB5e<<&&z4&{jx}Qtot(~hn&_9GF^B(oz}0|-tEtP#%ik-6IsH8<9lZU);JqIY-@oD
zKYlusKwRSG)si$8aUa3L=H=xP743q%b>#m9kbl4TmAt%hnGaii0n2?0$JgpFB24TQ
z*M#;MGrHUhyGmxb52YB6I#M3wK7yfZ5aq{)v0!x1QX^f7Pf$?a+?)jfF|?+^<1xrx
zikfnpK8jsM9vCNE^h9NM|H}FBX8`eE6S1O}C3^rV4MdIQEvI!qJA^^9VPF>^7UdYz
zsR4;eApN^xWGj97{J9ahBwKH8UOor>mBue$o)N>q$p8G(?7AGlgl~g;F>OKT-aQ(-
z@k$IJ33go%`1p|@UAn{6I&58Aud*VCnEW|U2SK<c^;#Mm{X_}Qp4A{my*Dxv?%d|K
zKFPDc4>cbdHq1<HTu)U8!g@+&B@I|=E&hMMqNeR9g=8Z1EOZ&PFd;dRa`jJwAJ7!%
zL;a6Wil3V^nQ@0*FCZ-J0Z=KRRQL~3?9a8=AiiSO`-dO-=Rx$J8eN&192m%*>5l#%
z|NZ!%ziVv2RL&s7mZjWdM-z+x`wjm2yYO4!5@?cP^B@0TFK~8HKjiDqf643o`8D_;
zH%74k{eS=U7vTgZe1rklM_}dudP0q^jHqqXw*P|!eKAc}h76mg`24>H5Ef=tnDF>9
zn%%%-R3Gv7E!~ZqH)SD@K^mKzG0}LXvuzZZT8d*VkL6JQdAi7Ks!E><1kZkM)@Bw<
z;XM@-dmjGCJ^|vFk%K|MOqUu{aOT?8_*A1!56iyZph%@p3)0D_==bjY?oLh+xMc-(
zwS(LLd>G9@$)#bPt|#7|@u$mr+8i-t*ci$gcaAjvj*DnAT3wwaFD6{-K{oM#05qoo
zx@E7erNPk=F`m$d>>ZYzeQK5B%)GlX)~fRESr6y1k3oFA$wN=h2<tJw$Q%E8b$YDd
zwD@f82Y+i9z5D_&T#@-Uhr;#iScqw{$KphdsF$~QUvmrA&W`E>W8*W(=Z=mhKs_Cf
zM}@JC@Z0)MPvq_Fc#uXQ4uTAaJY+#5*$TpqJ7G3l5?<6Z?E46Ei=6#PS2rcAgvgdQ
zp?TyB4e?hHvfO24a}X>ci;doVylT$iqG*1pM&=BHDi&;QmLldajk!V>6V~G^b&8&1
zTBeaD1ClxuT!jE&U55XYZE8fGDwgN}_}kvos;y=MaDdh#h-gi>E%upAOFOZBIXK<N
zk!{?u9YZ%q!~8E@QmTy#4yXF~_-St6`xMh7`gdn!C@Zhll?b<0lmuwrDL;<EB%^ut
zlu^wh%s+j7U)Q+6*F=QpZ1Sns3EDFaGC!Qof=G7x+!?)~e=Nr8h_~2`+v4x*Hz*8^
zoIQtmkR}VkM9h2Q0yn<1O59EK_ir#6`6~m_>~Hw6cY-HmH4ql5su}#MBz)tb?eb&Y
zU9-Sdl!j=6MXuw1hm%*SC=Sv)*g>B#<s@TrOI}3ezh3{{a^mmT#lb~uDD`b}aB~x{
z*9)G7c0EMb7M)x5N}x{9@qP`edar{HiH~bWKF5rK(qXwbp1APiVzV$wTwyeH$;79h
zq_ItSt94_7xq|V*(U9rKwd3yz0(;T_x#|f2_pB65^W%R;F4E#p!foz%p8tC`#JMB;
zr9CsGi-1<N<_=oJ_M<?80_l|#Z<WMrI3S&fo^}suI5AHr*YdZMp8AxtC*kBQ&>qzn
zRm3lv-FqPTi^6TYM`448b;=QbXk));K^m^G26xuU*qhg?|CP3B3UccgA*rdUmTU9c
z?6QoAdV?$$@M3TQ#YB_Cn{f!gp%h|l?x+jgZe3{V>@K|nf@zJT<B0fm@#fBMimcg9
zK6bV^VzvL6zMm$?56$)8M^2pYJKAYT+Cx|kT4GeeLXJwD^@3H`bzi|XtQGO1L8jYd
z@_K<2Lpvs-F<fY}`KAjRI{^w8TL&KXL-C9^DKw}6__M7H0&xhp;TOTX#Ln3J0wN-~
znVII6f4%Q;>@ys@RLpN9e-4?R9WbX9sq?%kXD2OFGx!+svrVVxD~&NreAIdAI?4Cm
zCi$?M^P#xgD<&H{x5NyD+wrANS5TYDi;rOD+W5LU8JHhS{U(Wus%mGgJ*1rg2jfC<
zLqkhj%>OhjTPbHlEfXN*4G#EJ@bxmg6zOG!=*hD}h-l&Y<etJeju_>?4M-zKuf&5A
zd9d^DY7D~`1_F%Q=GCi?MWAewf8Su=pAk4CE5ilyAJb@}NTL>{AIQY*j6v(m+<Px|
zs2b+QaecI5>gFPBJk_mz{)K$NdG52ZO2RctqzK0N+}uj@H-DC)PzFe2v8)Tc!WjgN
z&Ul1L{Oe>wKyc`~w%haq)LagSJGKSRfSAMn(}21<EXV_mAE<AfS8X`3;y)QJlC?Il
zyG?>6eN_pyZ`6`>Iw-6}mIIr)g8clF5#-YKNDjy8EGB$6+dT(pQl&t3aIeaWk`98N
z6%hn<HhfI<nf)(_K0D;w*}qvrLavT2dmH4rtCio|)f&4mh?BuY-vwD&n%Q-uN9`bo
za1jW^9Q7nikI$H!XW%uN0eNL}e-i^KcX0uR9X&9SbW2gaqddI4q@c%L`!XqorS$H@
zhp#H%y?(2?5Li7FJbv9xS*mtbWdqK*z)wdJep26{$#&n5Pd=GZU?B1L=~64giA=m`
zQ=-2|7tUOtut8nVUjDWsw`QV0_AEi<06I)f`;H6BT!7WIHY*bLmD|=3h|dH2tu;jr
z9Dl9ILu@pC+18{b%D^8=1Y=WE%>r5Xo-rB?>g3ZwekCNA_bsFYZ#Zi%Z8$#5g!=_o
z2|*q{v_l1uoz;lE`0~bsd;Nh@k`fYb8UHw#?9nU_7!tdfs|*ML4iW)!)?c0jnT_Ua
z^67a1b98h3lf?tdt?Q(`7Rd}ZHaVS>fk+C|Gf3mFADq+Qzo%<4z?ICH@(C2Q=w>>y
z!WImRNnt5NpO=@;(&TV37Dw`Q673JCc+4@8OxJRr{+(#o%O*efRVJ+63d#C*2|n(4
zv9LH7$u+)cQ_HvZu&`DcPl|va*S4I_iZ6>KuGOo+MbPLg3kxp5WRO+SNLo?stWM~x
zvDe>v@@wwtb=w0^Ccx>xedK%rMDes>LeL|yv-yUi_8Kk!LDRJ0TR?jW78XVVQ|jT@
zMSi#4y4`O%)^R{PyEvUCZ27<}xUtcB(1oF`t!<C}0XLwdA<Xhe?#5wo&dy?E+>zOC
z=l-wJs$3t@@3UmIw3u=E3?U>Jbbqw(GG3z)xGxDIfr*Fb!<{IgSAtx(i)F!Bu~{ei
z?yVbP)Um*s-zuK~>WCY8%nU;w`%ldVAMdYk_nBE#lOQ?!er;lHc%5om(~E&i^*zm0
z_wv&*Qhb$Ox~=`nvIRkYCcc@cW0Ce2I1p*U1<o8y1Q7W88q_$o#wTMI&1WGt<E7_W
z)e_rYv)^s~1r*6VxpiY?ai~r_P>RzZE(`E||2|mO?O_Jut`{#!CMH(Bx#qh@pO%(p
z^{EQoFeIen0wF_DULthn0RTHBcQMK%wEwu!zrPDN!T=Tq0^@xj-kkdK#whn4X27tl
zAZbrV+66HO8GVr6Awiff&s{usPMOpY7zWsg*ww2|pFf8It%d{gCrkwL1et@NGy5#-
zH`@Fc$BTD!7WGvoU+Q~Iy+M4qxy!mU1mfc3XOG$MPS4F@BbBrahQ`j+6xo<M7cS7d
znLwZ{TiiF&GC@y0Xc%NB)pe^&W*Dd@|N0#@(WbrVj;1IgeuahhWr>0Io<>JC*3{@!
zPb2-hj@$9_Y7!PM$tToshzZOGAe!f^Grdv%-8<m-zZ-g7duZ|y0~xt`^`T!xTn>AF
zegT@24`JeQGRT|AA2<*=f+q&x+-lH$eNr;Ws44))ns2;6CuF}Cg3cOY73;P329T$L
z$@T}p`Guu5=rIWxNmc+gH8@B8HP16aDG2B$set4H8&3&1IXnggtssptJv|MiE|1w@
zYD2OLn89d)$H=H$&O`g$a%K|KpxT9-pNtKdwP?OO%yB#x<tB!?AqBx$bLciE3<<4?
z+D~%1ik}Ja1DJ;i!qZ3ok9>SWeioc+ZlyLk&fU*%-M+2#xiviOSyc1sv5^UIBGa6$
z?dukxm?z26#59^BncXJ{@B<u9E{CGG*z6WicxHeHflqu!R?~?hUg%K(e9Xp{bh8}W
zLZ61=LW97ZIQH7Qu@oR!0RQq+3}<zFfr<q=2+w$2>r5&#FpLxMma>CWAF=Vs?{?Ju
z6}$fa5qdhFiT06CczY?1Kb~KKxF90J%OoYmkZEpy#ZG7F#0`j#fN=m5j~IFJ_Vwi`
z91s%&a^c{p6y!t09~3Y0h>$FuU$Pu6Wd|}dXk_Mydd_{{P1odT{m~iwm|2XbOFupp
z;)L$l0+62<664~|49|Z++5C8F&cpM=D(efwB^dbwMZbukAh+?G^;m+Af?%$xuu2+m
zJ+g{UC;$PiDHXV4SnYL&^cO?~AXhuMaeaGZf}MP-#jo@_qmZ3~02?nk^bWgBQY;=4
z79LLC9tJamEq#4wXGpPBjJ!4!-zFrijQ1=bet}sJSjaf+DUB%uBK~D-gy@<u3|}A6
zBUqQ{;AHb`-p<Z#qm}wrWUJdy&!t!%gXSN%Qj3a86~d_)09bRZGLdE|6ut6;1a_O9
zbw0jUJLZ<|xWL2LUnvDJM@uka6MBTTB_whhH1{O7O&{vqQc?L7Q^Yr3?@c!{a=*yc
z;crVQvnwbwfO-}9u`gf0&c4<?;W@h<t$bzi+sEi`Pfp<3Y7RJmYWsxNKP09T4g%|`
ztgyt0Q#sw#hEZy8#>~vrk6HIgps$Udnh_JbCiT%)nKl6lbIu&MZ0H#L!v(nM?^t5K
zIFNH`b@in1lM6UhNMkE~j%gp-eM)&8-G<t+!-Ad+n&1Q5*t~ck@s|V`xET#RTsZpg
z3UQE=WgZtv2@bsuhx*{#vSZE-c&dlmywVLiz_5J^eKr%g2;XYW1SgXP6j>Y1e|%wl
z4CB)q&PpEFCgb)*kjBwATmU7SL!?g!Mi*dbGi59m)^MtPJFF2;Nnt`K(}|AJ9j5nc
z_c*s;tEly{s1dKMr6pTi)P+!Up01+l&7Rg`faWCmQE)yI_m;AR9Ux-Q7S=Z>*w=n2
z>4L<H-{;5;EjU2l_I#LqeYA}8P2rv)=Z#y=c19p1Hnbx70lch_eiZ>ELYUyV_gt$+
z*}<d<rB44JU*7?aW#9LIQbx!sdxaLFgp!>?W$(Q+GLvMx%p@xnO1A8s?7a(-?7c$S
zviJXc_H@7R{oK#<{;#9sxXX>}yw3BtzTeNH2fbXE_EAE;)YtcSPsMDsR__s4A8d-o
zY{2=auEIIa94A%cwhl$^^iLi$LzCnv?8^9f#8&<daAqrAPKt|jv0S;LklGGhBMVuI
zEGXj1sJ8_pFk3NlZvz84V6O=pU;^i|Xdwq$XpM)D=CUZMYO)XUUgLBq7ZqO?-QYgN
zuhh2~PyKy=t$^Eyf1)(4jERYG#X0Jb-(y%K+Zs~Ty&w(XU!dMOeatZgiq<Bu5PZty
zv8}hvJpxV=Uy7wCmX>ndgL#*l(Qsox2&JG4fz&iNOL45MwS-@hi4$Q+XJZrCkdG3g
z0pNktKF`1;gzV<cn;KR7f|Xr*+C%*Y)1e#_T}7O*rJOz9CHf|%D^7aOmY#KcKleFz
zVwU?N^nWLX6N)VR<Q4`Cl^5y>DY?j(Q{ghm4tBTt1`l^PER7iAzQlzVkJ6^AR$<0O
zF6lsiJ?WEkItx=!$-My*bbFj&s(lEEbLu8@Bc6c~SqLT+!}wq*hg0OuHQD7=U<43t
z%=K`rIeg9PtL?-Jtln2Ldv_9ZfGVA{PU6?Jgp1C-mXF>h7K!GQwgiW~t-Oa5*!zy(
zpN&rK?(IzlUZx6M<X@gD1=xzJ6&f)O^EgN(mwzp=wB|>*opLrsEa0Tc@1o*p1x_~g
zZ8TkE^z>QEn~TNLtIy-~1FU(rrb0JDWbsHCnkqs?DVI&Y%$GbKa0Dt`WP3hPzh*j)
zh#=Iwi;Ygm>B<5FecrV*2=s;f%R&5g6OJyNbC<=bEvi8M|JN&VF8tS(yxP&KyD*n3
zD=T|TRo-J97qR1ajh$fCLDI0r9G6FfgVrBM-*BfLDRb-_Of7v!2k!+jQH|s093*);
zEG^N!9ax2qOT!>|B}d{Ra|(tZ4vA(j<~1bS&h>x|BOjvrP#(}m(0lk+?rk#jox_2{
zVofe(b--*2B*0>UlH^!CK?X3DIr>~fgM(`uiZ9gE)?%U3Xkdf^{0Fkz5EJQYiAtBN
z+-d6@*GI)bC}8(}g$z!(<6v3|ksI<dvHMkOF>~?qu$BN-sJ^$In3?MGBp3{U?5qCQ
z^w`9ZttyRbYnR-0o8cO5+bXn8hy3`O&k85Zr%G(Vp)>$3)lb<=zeXHeNr77fVAA8o
zL5dp#1Kabt)nH<1-R~*KAegWveK|aH1Y%a{pjP{tZ4V#Qyss!mt%e<SFoqT-5WFb%
zJ2TZUYiMgu?eBmiUFk*K$EwNivse(%f^fU^p#v%o%$%{%1O1Kso>`^0OT(o;J8|yp
zn_FQ?j|=c3ibbEm8v~4LR1+d|{ub2wh*;ZxDwsaB3!Z93E?u~A;qlKw3eyx*0AXu8
zlcdNfC~%ILbB*SU79q_8Bl&3=v&{%cWfYId&ks-=fMZ*uClgqpF&`eL*=jOfkc+M9
zS$PPf7eU-sYS%58SW){Ec-;Mi0}1ZsPafLz5*5FE3C<k8@Wr-WbIQ$SQ3TR)`Zcuc
z;gLI&Fh0ZDh0`t&kZ=)Rn_=JIJEDN(>(pEtI=X<klikL?aD3Nc3OQ-Bv}8V7al>kH
z;YHL-Zyqzb`QsjpqEB>mM4Ttz%Z<;bE2koe4{jw91dAaV@g0$PCr|Hr$Bkt^w3>T1
z-<LDBGI5LFW&Pr4oX`o3?eKew$kj`6QkzWup|F|O!h=4xOX3+8Mn+8E9||pbdSRE-
zFs8cbR`$<o7atyj=L{3|@mx0zu)d7O7qT>&P+w$?(qB^WVGUPWePC!_T3V|<I(QCd
zy-8?LtNZ8A#ZY*G`!STazB1?Qp?-xi5ej?6_DAbLIN=>rFfp|5P9uW})v(#!=9x(&
zbF`eJ3kyofcG;097W#>yU;|~~1o_z1`>oMiu>84Huakq@M?gtG|H4Q)9&*KTiT?4A
ze#QMd8O_SQ_S+53%}H=xF`wwf23~4^wJj4&xReS}8ncd=z7|GpK#Q*HVRZM6yugfD
zVEc(Dg5^)l*Z^ny9YQz`3x|P?HW;*t{posiv4yuNVNMhHZ7ahkJOl;Q2>_|Y4Gj~(
z4&fq@tnh(zB<|r+1={^%%#e$S;%aarKvlWSkPri&C#Qjp=?6Z?6Ts#ahdF*3f%j2;
z8^OqVJd|?DTRb7H$R5x<Zz)2@gk-5eg6!h>cro+7Ua1xH2`;zF`vE0YB_$d^z9koo
zch>2?IjsFizI8Mm8HWQuT~~v3uo1C5RxFQxv(v|iR3PedXaS3=hF_)jGx+EP&{R{4
zxMG!7js7(CwQl{)1F5Qwl#;RWNPSAkfyB8<>I((TRozro4)y1IBy@9^K}Zu|0$vM7
zZ+B<GyufG&>b!<E3%I1zB@g#K{3C`NiE9Hpubi0zHy$wNURr#waIs-)I43*w;r0r1
zjJ3Cqk6%TF&?-G&2L`GGt&OIJVbWIMSY)b#dqryF2Y@!Rx3V>7pHH_I&VgK#vh{rB
zR;*e~l*zJu?Ah<%znd3+fdk;jxhk+R3SZ~=S&@k?QpJ8Tb|v*jy*$ftH@A&+4<gZk
zi<Pz<I9N>j6z|t^)cW@zA3O{Fl<2*>V%+rDaIialQg|Ny+&jJR>R_mIWQh`ZpQ#Ww
ztU$jHJb0)CHf+X<WasrRv9o_;7j@js;wKKKy`l7VUpsx~;0JsYWLx?4ZlA;V1~TU5
z_4y$wdJ^8{IFMpbK!2n0pvPFkA%qN;V^WW!1IO%5isLuIBB@+sEZ<nF5Y5?a{O}@>
z>V~9BC$*w_+>yMXq>!|}^77W&V4=W<$KIFglRH9;9NgbkMYApA;2k0;C@2EvVdLP;
zi4!yn8LeW&_s%nxdZDoidBv(fX2Xgv1W|!vw{Vkg|5vNg&Xju<Z`1}CWTa<ae&At>
z4g(_R9(l0xrD_GjU&9Bem(6?V7#X>O;A6qb_M6rb3{}H%&%;Sqw_&P4%AX7*-7x$w
zgiIa7Tc-l_B|%kBMdd7nOl36WAAC*lITzv|I>s|sv@<iGD^357vAPQ28dw%sBXDpJ
zb5x6*yUyoZeTnMP>f46%W8FfiX~6V3_nC7nEK2O*-YP6%X)I!YT(*8UP1rj>zq-&s
zBnLFM4<(~DHOS$ueJliJFPFu#1#r}5^kg<n!(~4oC_`$1e9a@OV&W7C77pU#-lGB$
zmo!;Sy|02!I_hP~r5O()l8A`VtCj-%0!H6INzpW-b?6(2Jb}JnV~{cQI|c>@v^Ew+
zACgwOZ1rjZAADuzoozraIOnS7*b9LZF~~fykT|zrY<e!~q3ze8BJ>C4Zo3OG`P-s*
z64cbV;BOV1gZN0sC9mmeAeND&$oFLwIIqpDY^jg%^d;q3S|7m!MN|eRst#wgvwzxv
zdl1+qW;zb4x?BT$U;aFdDA+;yLX~S*8J5ot8VdGguv&m_=;xQYNLq?REZ;mUv?eXA
zyFltK^ERW!mx}xmStR4=eCT{<QmWb*?=>|OX_V;qhT9Pwy|k1)>8PpAWgXn0fAgr=
zSR$0HH8Qsb9Nr5DsgQl%6rL)F`D@MiA!K|uL1|f4y-89et8OrC8#lme4#t5uY%S20
zL&ibdW8@6_oD!&w%n&h9F25nO2ad3o`zb`v-2q>yvO=X}{$P*&@&4YURdp!qz7E<>
z!Y<kewAkq?Nw67B#ca-xq29!k^YS7GM7_Pela@fE+};6MW(f^ds%jh%Zw`m^u%H>O
zH7_eG%RRZ#*SMvjXW5%YDJq|%w{{Aw0}5MCo;<l>dJo4FoID8K!R3BIpppRaZ$wO7
z+^w|3?0cG`fN|3c=EJ<gf@27jRu;mkYB^db#KIj84z^Ow-6MGU_!?&kDeJVRJfJK0
zO$rJig81PhWkB%$=f&>78@dh5zMdz<H*O4Q%_=EE0syWU-^K?4QgQ1Qj@)OhuA3_D
zrz5FQM>Ha8eo_c(6@w+dH#AV1$8HF;D=`OfK%eL-+u(`01&FmnFQ4t<#WP^W>>)5M
z*WNz)NJ}e9?d{CRd>DR;sKv}DGI|J5(uwoPb@Td|z|4#wD6C((Yf-w%Amo&%R`V>%
zMPLz*2~e#^X106z==Ex+Mn=wQy-#@$Fy^!Qju>^>)q`C+TXUSR59X3mV>sR=r_Tuw
zW8yD5l$-WS%DV?$Sj-eD+SOry3F2T7$$F89ya~xSZcfk_Ri%p)btEnjjq;NSq*OD<
zbc2_^CJ`>0C|$VgpF+l}M-@3`(-fZf1;28>M>!tK1{Ajwn1w)77Tmk(KD`z#)QTD!
z&wPE4M~k@A9$5{r;1-X_N>5WO9&375w!e>w;!gaq8x<<aB<Q$QQR4Q?m)+^3ezk|u
zl{KJsGD3iEmIa213A!LyUx~Ho4+rsM?Atmz{I}{mPC~OKD{nOyYQgR5qdln87#TU4
zf^p=@wg+-_U1LN5WBv-znkV}e6?=Ba)q$x=Y^1~?bNzA@+SA-`p+L_8K#b_z-B)6q
zv*ZR1J}-<bojqa~5IzV1zg{gi7V(63d}R3uE^&8u7c4p86sK4i*hKXZ?pE093Za~>
zd~{lI6{L0~NNp|cqut$m=kT$KfOK@0{BA(?_TQ*miaq(D*@1o&7_s=lHl^NrBdwr%
zK)6jsg$(rPsM{ElLG<K;9Q|dxAz8Fz`X--ZHx^C>jiMi6uO@*ygTrC(`~4BoeZfec
zl5snjIWDj4z{5aH$L8DnyXn)QnbI<W2ojBI8-{B(gU>(=S=mf+JV9qRy}hJwrjcp`
zS2?^XKRs!5<Jx7R79CX`ovc@W`Mk0W(iv+w!B5z{y}YnMliM)AFgdAZ6a#(RoL?T(
z3S;<x0L9)J=n(Y{Nj&}G>L>3IG|Kfssnyn$^7*V%r&jT1lk2PV53<WKM<O%s``l<Z
z_shF$3Gh6j31RQIF69o6r;XF5Uv%ybw+|1~L*;cx_U=t1@x;S<)jD^_DMQmb7|Yv5
zw(7gikvyJhSDWw=bP4RuISK2F$_eA+{F2?C+=)3NM{%Y>X>C=e_wW1u={@i}{CfXJ
zaqCl9eTLmfb=&*1_l?0b85Mqk%m0aSMYYaI-VYK@mdEXPN!Wz(wPH>duryVt$i}RX
zt<h?-5E2l!xCbvRzWb58W%#tCna46iQ#%vea0BNd96+IH*e3%g91iZ90--o%&?5hq
z0LX8c(7U?gRnF7#S)KLBVaLR5y7YnWk`#GyH15^3A=B$57rtNm;qD0sKocKay<hY<
zkUTM}zNhd8cqrQe+8e`mE3;+8vai8D{bKpifjW9X_kE)&9S43UP#e__4VBl0#D#?^
z<}6Y)mTA)T+{BV^tr5eVd3AfrmT%WP<{m*-87*UoW`Rg|%i|ev&;xN#e}9E1gsF@v
z$C$}vS=>_+9QuWK_=fu3>-oya#wlf$$X>N5<)Ld9D!(?A*eO&;bF~JdQ2Y{5<IbYH
zpS|J$H8EJ+X-gGoqK?B&j?kBDr|L*%hw+Atap^t}VQ|AjE`-F1f$WFlz35!h+eM|A
zu-voPdVA5wYMOFbRK#U?^ud$~$20MfX-?J;ZfJfp*w3^zz2yo0KnWDRy24V9C;@@V
z-0DMi#}wfZGPgtZMry?Y_iPA>>92IXj*cOea795e3DqXzxmi{9Vs-{wL3Y{$8o&^N
z2yDmG$XEEz{Md5Gu8irmXZiVdZ<lv|UE$?rcOYU<9~R5N5Dk{v<55CB0)IQu%D`B!
z_VecxTgzk3UI%-v?jdZn`j4EWI!w+L0+{@<uK5hBaNn)9Dvz72{JLgDN*8ye;p83u
zOH&m*GhX}~cxn$e-MAnnxVhqIKtv}}q1DdJ&#xgA`TPt%HUw0jtt#R?_v(#+<#Y(c
zO$yrW^!Bpjh(4sD0LURdqNhI@6m`vYa4@cq1?(9>IUZQGjSbo%A3r~f=e<Ge>#4;1
z9}5a4poONSq->#klzzeW_3G7v*W*z^L2c}!#d0C0{ih@RjIXb)JaNrbD&lE=Ppmdg
zd>GwbOAtf<MS5hWU$)eVOSKVBL%^@QbMKzGk&(FHh7?e&W3o%4BO;!{$`xK>E$%(1
z6D7dcqs_%O@rHPF^V1!9f2abtEk3`b9bwvB7+}S9Z;utmgWi326yxrvup{7v*K;R6
z4I*<`-8uSbeA{HJ5aME<w;DqH54465&znAaPXhu@06H}ObJ{O+VgjF7gk+$8uc^0P
zjzc+Xr2g=}wXqMNf+_>EVS_-p(IDDg-`s4%>q<@1E#EYH@qMD+KbCz(nI}zjkqz56
z^POK~((E^&;v3rJ9F;<3tnQ%_R9o`<Zf8{4cVw~t>aT#$VpJk*LqIkT+4rB@#%u$~
zdUUYGgv7Vj+dHd4kA=KI$>ZS5b*OAL0z?6IJC0b5emp_Ko6_W_W@>7h=fRIN7yN_n
z%9Se@H&Rn@oJE#kkwJH3q^4wbirf5as}WcXpFMkC#9;(Hn-LW(vBv4PM75DDzLe6+
zC!8M|7P~bUGnA@lG7Lg>!v+*Y4Aq7_nS(pWvi081FD<K)VBNYG7p299l(X1>Y)@u~
z?K|*5U)aIgWJBu9&rry1y*JDSn{Aue?81Uh&Q{W>2n)+(z^v}*gRdNea4`@kAR<C7
zYUr)@HB~&}qVm^N#Orq(Km;sg^f?|7tfGzZKJ{=DfR}jC5*~@)lCEsD)|)#3kbFH|
zncs1f9x)jA^wQek=jX>(a35fqKRmb^W30O;r1TQl&vwx<+{Wi2xiKr8Mp;<b)mamE
z@<l3Ia;5pf#+$|&J0N!=FD?hL1;YmS{KCse8IFH{21%L)rYoxt2up>iZVnZz@2vV1
z+4}3m5;DaVL5m}+Zcb$$?9kGOc1al6xtK&Ar|C3@SseFBE7*BpF;*pvj6=gVQozp&
zHo4$xc_U*+94kJD?k^f8&Rr>~HmOe*RTf`EQ-f3cT3?ySd*YcBVBG*Qt#Zy<T7$}F
zx7;Z?X`|vZU)}gX_!_@r`@5C*Ui0-vm>=@PHcEIL3ru6{0Yf-?ZMUCzk?Y2^btWd<
z4X<2|^Uz}D0?E6Y1?FR6p`VWrdz$IauVtv=avjU{F$WSlHeEA~k1CmRd$U#DuUwNP
z%Ie094)lytK?4|!A)ksD#t1%nT@q(XI`ZY+_20N3r*T8UI^Tw{j@H99>B}2f2)(EW
zJ+O#zk;jX>=CoT}x~iHtL*w|prkX>s5SR5I393?{Ic=QwEW|QlY@Yiz8}<@3oX=X}
zPH34x-(cIUHR5ISnOi*@<+O}B*PV*z>w~hPdz*~=u<tf;NJ!|?ThF-ls%mh~1@{ed
zm?Y;EF?a6}yxy0k`rjwSlHpR%B)7T?<Q<ir{GMidy_;QafUz4vYBOrSi)Uey+?@)t
z<;m9>+V@Tnd~NP63M;9A%^ldeP;19S`x{N5QptCl96I%Ix+N(H_2W>lujjT|cw=#5
zo9(izzZ6Z<;r1E{_rv$VsDsm06GR)tmBsAqxvLVHYJze9_C}vR*ixQdvWF~kx9tfT
zG?VR9(OaP%_w4!Tw6FtS0Rh^nrjYa^d)M+9_7`i-JTxYQA_jMiqu(wB-DSuc-}L4t
zN+zeickZEUE%hq_jfuAVvlmQvRg{^O-H9m{M=Q$#$P7UjpcAFfpwU_fO-=)APj>1I
zVA=l|!+4gso2*NL+7h7m8;B}yl_KjH_%cOn#Da=)dd&R-u4Ko%trJ$fSH&Xys*e<)
za|N^S;6CHwNTKw+Z8o%EYk|YNx+J));;OG;HnTq)$Ek&-g1QX#=|>7V6wRo#ND(vL
z1SS`BS->{)3%7U25j!1gY;tb8&wP8daNz6Lf<WoJ@TqvO{!BY4Hv#BJ8=z33iX=Hf
zn!@>4%&fw?ZE`z_p`mh2Xsa0+&jsOC{T9bZ>~?#5d(;j8$M_H<7@dR*9QN==>EF}b
zThrneyUxRNipiZ<y6sm+$I(Fghg0BBj3Ok+$DA?f&^AtUCrP1^OIlk^aN=J1d11}s
zemS6K#w{v68`W^*2AJH>no3d}$MPp(s*4_AT8)G>Joa!P)}6rz>ZoOx&)-<3JrcL}
z5Atnv&%m(;g+H1?;}p&{pCsC6_(Px~#T*f&uf34$ZC3{(Ps5_DjLa3Q{)hXk%`U#a
zI#8)&M_selN--`iEv*N@2ufg$N(&0LT&;~2_v~B#Aq*39bI(yZH?)4Cr{4^jf5et_
zbo~Q^7A9&IYm<R|hl~%t#$(|U(LV!G_=JTM|87M$9n2h~hxfoKvLW5Fbw~~u7Z<j+
zKJY;~0Xtpu7KhsS9t8(j#)gz{Eiq3St~53?^|i%6CuR_=>sVF=fa4UDW7J=(nZT?|
zK|{qC&ecdwfBsaS$3YqF!*<qm294>DeN(?rmB0GAoi_B!hgk4NRMM-Y9Ucb9ox45U
zl?yW5Io3Y+oNdk8qidl_u^s`X<iy@G#xvk^l1x%~4^#P*`KO=*H6AGwgV}Bb%~1nu
z<71h)YFYzFu$cQ_A9KkZUheAdKCORg7aLSkTqyj|9^(Uw#CRCWVBJG{%n7RQjLORu
zt4;4TKAJNl1`W^p8h(cHeCu-9EjSM~jfnd$1S;J^lV040ijN^OpgaHw=r>s-Jcz90
zTOTYyD8>YbAcjiU4K%_6nB&*>H;PMSL0VK8`wlAXo($m8A^-*4Qcxg8dLq?>f`c7G
z_}rUhbV{7a09)DyQP)cA<!Z36qA2~Pv+CiZqq{4lL_S8$U|?zH5BCq<ao=6H{${ZZ
zo!=>Nb8*>P>`zZB+28a%0g;E0<WchY2GRNR=b>n?|CZc(#jM>5riF|%<|<-7LPt!i
z|04YXiVX^vJF)_H4X3bLIH`|MPCkd(1V0WxcWXIPudcfM$!a7ld+cHVjTPHN1jNc?
zpe`#rjUMtmDu8VO|4^Clr!eeT!eAkAEQ=|B%+@86yS)?8inqB;6?yVKZt{|ug~jvf
zF-|I<cilm}*nBB6Z=ZV>S~gxXf-$RglM+>RN(R$r7gpb9QDqqWI-Wi#W)VL)mgjo_
zUPDd!k6$_5;p@H2H)t?XC$X~Ts_K?aoPx$Ut!`W&v!EY~A71<p;}J4)EP9wID9+(N
z29G5;7l_YBGl@o2ZKYKnc5X&>NsCIyAS>`A2JOS8lk?DnhswVO^5v@ce`Tum7QyjO
z^}(24e<}=x&C%1o!yXDhn+Zz~5T-@hPJt&9SFiGRmyg0s1DvUOHtupw4#v?^)^_jG
zfnpDpYV+$m$u6P7W=lHzyVYY2KmA}FL2q7LP|$5}QE7i=>K-)+2hWX!hRy@s1(-p2
zOu>5>uU=Imy6xK7K?3pTC4<e+$a1SgXm}V+np*G3OTk$dwOKtn*c61etIlNq=4yqr
zR+q-HuLLbqC}T)9h)jN{?<omJcD?{22mDJ*Z4h_R^)yT`375^kc3eI*x7Zr3beVT&
zl8xf61$N$*`=3bdbgis{sMmi^P5Ho6Ff=vYY?~T;B@$}BK^X9{t?$R(jSNu?4J}QC
zz|#jWKi`L4=Ll*l?Rop>(9Qx2d*4plW!c?+jirfBa(mH3jrm>S!$Xv6_~f8md$|(A
zkFM+&_O<X8LGx^m^K!a%Y;rr?TSI_-R{HQigaiiz(?<$m>DAddx`u@UAXKdU9&|f2
zTxnPSqD}XhM=4(uPS+XxFjKu70X>3l{ScKS*iPXO905U75=({ZZ8L^}cA00=YFbiS
zYB;hh3jELM`*YwISl7>;gnHsb>!rC)BGAI2oC2(WxVg!|CGO!98(d}OF7h!)u$_6Y
z#I~@2quBo7FD}5sN*&?l*R%_&$|lhLfN}#^EfD5-dCm2rr63R~h9NwP&2b4u>7nR<
zDsw)Q!W!rtz)<jox(b#?VnRaIGZN#=K(_smjLyl<q~?tMit{+<re?=woCe-b{t%SQ
z<IauV<6@Qfimh&9g-UXHS8KxTsEKb=OH~ci_T`Hzjszh#{kv;DQ7xq`ppjz*j)SxF
zqyB3jBv`ezvysnHXMpGjgbb$_TL>ek_T2IKaG-vk+1a!Pa3LW8(9+W@zd>jV`L4dD
z(aJzrNi;OIlkUDcAMOzXE+XJQcSl;bk?^FxXLh#kTWtUN7C1ibYJiD@%~;h*ZEbD-
zxf3g#cY$(lGjh*6EQ}jy6w+3&pvWAqpz$Bpxk1Zk;R~2U{ijc9Y9HlM4{Kv%1sxTl
zElSRYtPkkAi=yy=Lrt|d1_G1zJ;^_r-om+(!ES^orxx7m)Ux%ICu*4h&VM5??GAb~
z6o<E@RRK=*a6dPg-%#=}srmmqiI;+L|7}=m%?r^}c2`A6fM7n=eb!9RDN&0T2%7Ti
zZY}NYP12RFHzCk*#-C|2#&OgH+;qbz9kNnSBR+p+wxFF$i!_R{BS?6=4sUD#hBOoc
zi<Y-<A8!hw34ZZ{6dhiTTcUZj>Af6WT#_KU446jy>EJ7a#Oqfd_B@FNnzUzR3`%@U
z=*wM&A9ww<i1%a1Qb?`|Wdonq9(^<(d{d>h323wdbLRo^10A%{4!}PRKNnrse|*Me
zWnp2M(~u8XdH<RXMaL-4@LfG-=27*0o5xW>C*Ht^l&q77{ESe#&cz3=8^4U-iZLDH
z;VTeeBj-+gBR3VqPMo9Ef7fCPjoCztS5UH&n6--mFXT6?mRi)Kj;DtPWm<6Rf|nog
zqMt8g#F8X~`}<Yq{d{#A0ROB1!EO9CRbC(JoSILc@Igu5Uucg9&RSRqz^MKC_GX20
zsqdn7gZi$Yp8y&lVgL+Ux9%@9Z|8J8t}?(<iG@6VU=hM;dm}zSnc0>oQHvja5Gq^y
z6;C+P)IM(Grn=%=c)Sn39f$KdFp=s93$gf}CyyhjYX;=B?O0ubzOpna5PG2#q&O`d
z+*UJYOu{`599s5Y>RSJzo7+G5i)J4Wh`(egqYp?1#M#3m7L{M0G1x1z-Ud}2FlbLA
z)ZCK}mvlZp3zl|}yz@ySh><U&+ZtTcR}M%-AzrjnGJ5R~1^+kcf4#jIh>Zl_uF4Ij
zp7yMHA+zr!aBPAtL+0t98Ct>oY_0~DUs1)8RX`-RSDU{TENss85K31a0#~}v%m<jx
zOUsyh=U`>|J>JuP;mC@5y-6w_zww^NrQMCpRPDUgY1n3qFC6S<Xy({zuIanCLP6kt
z22@PXMPY8jA24jlD=wauK+_OtCxEP~QQ#6zUBdjT2l9+6(X3NSM#j8iTaaN(BVxZN
zX_+4Y(ahW8S3(ZAn4lSog#a4x=BfiNq(!z$CJTU!4)5koh=AO((K$&%)z=EbLGuZ(
z*h&|p^&i|<u3gJfoUIgQp(7+2qd0b*Q}+Fe<pZzS_NyNsSP__U81r6HHeswd67zcZ
z)~_TwIux2Ic^p^i25>SS7{jS8KTrM^k+sR^cV214!O)&M)pHW8jrxnMIe?bu5BsfM
zWp)h1@bEBtj9s7a3q^HG@(nd;qc7v}Sn*iUBsNY8BNMQuSy)^we#<FXz7?@v1SHHx
z!rc5$>E;>?+PsO}+Oe^?;5!|F09)Z>8$8ey#AfdE8*a9x;%WRj)|w%$Y%gPF>jy{8
zmBdp$6Hr2663f7r<qYr}p=!Ir$7cdFN%1YdHv(4s0pbayEm7F9umt>ga0$3nFk8Zl
z`>Ai=UYDu<6j2!Mh05C2g-U6t{JT=+rvS`(7Ep@DTta1sARzBHFf+qb@0&62N;xUu
z_|x0;OH_X6GYhYIN5Y3Il3eZQMZ|7fV7>hC{6$PIFrcDnYZ9u+pnn+uDv4&7FV~;)
z<c^;ui^$Q={%@M|JlqkGM1kW@5k3lI)1m`jQR09_yZ6!Wu@7JT*Gp0N{}x8cnX~k`
z{Y|`pE+_wb@x4+?SHVH&)_=Sdznl-hr|K0Kz4SMlD!MlQex=PQHM?B>Em8RAPbzXk
z7w^6InY?p<ee>V{Yrzk<nJv{B{doU;W$YZksUW+Nqr(1g9Nxb!_V#aq7Bd2NtwoXy
zjwU_wh-YutsG0HKz=FRnrspcmAJ9+{cq3vII9jh30ki<A1oRFTzLM!>Ye$y3!;z}U
z8omO~%>1B;j~fb%p>@NW$UKJpLznjF6BoUNoP*bQ&MM$xdhZ|YuaN)^3lBlJbl?yh
z+Suq#ZnCAPZ+kQnAYxz)7dQWVF#pGA9O*tGk{or}0^NeMG%KI0=O0&BJ2)%1sAoin
zt51sg`_20E_p}*h_HYo#S!$18KtN`1G+uKP@=PbgyII{FkUDj|8q2x+?{V}`_od?M
zi*08h+~Zxn#llucRvqXz^3PYs1Y|N>WH>^)M7oL=hg=z8K|ne30nYXQPTWLX_K<<O
z`KL@x@0A`btz44O*fU&1yI0XA*CGy@`S2UDfwcivGTnPLGmvO;M^5f(csK>nMADUG
zqoSU7rOKh?TLb}O6H37ZXp)+m`iB+f|KuJI0jZb*wt86Oq@Y-WY*|0Zr(zN0po8im
z0nQ9}?#bLXQX+@#5f8j^(Gw8MB)d4*(|Aapfqs!xpUsGYjZIGR$^Q>K)@kxa^84YN
zckWzF%+dFEq_cgzG>ijnOReQCU{XOS47`!#3K&8J=ohic)BQD){`|MI>tC8rOOWx5
z`%%#vjaJC7fGaHvJ3GOAFOJb<gJWz)4)Ei2P7tCjXXsbpxZ>eC75(y6pYIhIGBq<}
z6%wL{8&_4u0Os1LC9)0}nB(Fqp-gtzP$xHGp(i6#w_B}~_)hh`eqewGMA}_+K?xBM
zXNik;c+kGTkhXK;+d%2kQT6!;%Sjs_w^Wr&<ErCN?LU|wV$|z8&x498Et2!{THgpg
zAV<!ue=~U#6*XtIwxv(E(x;C>>2LGBN6b0u?BUxs16Q-OsnUv<g5O=Mhl9PPE)=HF
zq={`WLi_4e7{9|~xaQeMGxO(ARTGr%U)z#tDBTWAHF_bagBLIxKp-3BMYFwttO?+-
zA8@<So=YYpP`<Ku*buNI5ST4++i?^aI_3#QgW6#Uxrp^pgp(X`2r(K#DX?d=J#PzY
zRaB^?mb0&z>IV06Wg<({WhlGC`hO<>pTEdU!K?<I(4Dg{wfIKLkG>{sJ8o6;gDgPp
zl70xd{v<#GsLALN)U>Eu{h{Ea+n9sH!|ln|MlG6Z7M7gJm;l>j2-GKZOfv7D15T6=
z7dMumo~x%(IdkECa>``z^)WGvd(YJ>q4%$`ri=hq?hxWUeGm0Q&M6>4Wd23}?0M&v
z#amRh80K>5-M%YXwMe}V+~1DmLd#<f@g2|uNmOo@`_%f16?%yP^?V!f_={eMR`<ZU
zl(e%W+gut#tNOO+8^@}(_MZY4@MGcKn>Ucm)`x|F-iVBnGNnNFcae4jc1rMYn1IGK
zJPQeM6A_6MWy09>#}{@0bnqf9mKZ9`kG6fp?O&oM)Rf4*y}jX!A(~8I>JAU^42+Bt
z?JKgikD%i64-F-O4s{Uh!)TKRxnkMtPt9X`32r|bsvz3`Wq`KU_x6`D)rs0$OOR&f
z?pOGa89^2vXK3BBnSMU(4*1(rp=}<-pmuhRti;Cst&jSvSGIvS<EpBvR#wbU0FMto
zFv^vOe(TDEAxiMh?JGYju`>>XD@6GRlo6EtPUB!wI)(C|vvlb^D_u8PfO-jS6F*l%
zM_=8lAaFurh7t_utl}JN)CgeXT14#OpYMYzDs(qu!*25X2{_6$4<f2f?EuH?Efp!5
z?X5=%Xu2^}2_QubgFGN4d=@K+F5Za2rx(l`zc#LGnE>t3ygMyyTY&4D8j<<>nkxlh
zO~0vqH2};S*KONDpb6NmM<l@o2+(wcsR02{RM6yG_&G9YPD;0Zs4`m?;Vzhc|M}JG
z&VC0eun=Fo2!sx54&RqDVB?`AYm4rSt8PfVuB$%E+J=S$*wz$44>7gf4q8%rn5mO)
zn*(mEgy&FZFEklZ?jev!{h*KJu_sIlG!MixEJ-p!e+)dwg6WQW3HIH3ul-|nPyC>K
zVK=J~<L>zQaYJ+|9Q(in15{-yGw#Vs$G~ZeSn$bGUD*c4V5ynOc<$qae#Vc-pw9=t
z5p$$Fd58nX-1+uYGnhj(<~_iA$fv<G2&if-pvypUHV*adI#BGaw&ot8;RTKM!2toz
zD(W|}sx&^5da_IR9v;J6{h1nPi2mvlyHk3u)^M7KsSQwlOOK?#lssu<PgixOk8r&@
zP97B$G4`-lDYRuRe*d1OyfirpAhGo7#$Ti)3mi=?EiI!N|BMG6K(-8f@gjcfjda8%
zGM~FBdj(enyp*uBe-57{BD(V6+x^uI*bNGc^sC%(nnIa!9Ym1v+1U$RV5_ISyaO2K
zZ-No!s>i_|#9t%hujEBf`TX|eW%TgK&1gTzC6`(C-29(=COciaN(RBc3VV3rrYvaA
zaKS6~I0Cl(6hP!sPdNbN_0`#@Cqe1jrDY5KE$G}3i&4ZYygXrBon4p<-XNo~D@EIb
zeSPXg{VJ}O-!IzjK%n2`FW4ntyncNgd2`L07J`5qu0lKAjo&h2d-wb2Qzka=y2lCc
zoK%xt%W2;{fxy}xI1Q^{$0;CWbJwi;GgUPM)^`S9JYYz_B;G}h`2WkDIn|K~G&g~H
zdU^(E%fRNmG~CJF)%H;D--#wm_SZR8m-E3}oCMq?Vs^EhoDc<^ry?TZf(Wm@UFQyw
zGTDDD%F|{V?^1_(uUx4CrSH?D7wV9Yn1BDXx<>xw-lM)(VPRfF#Wu`8)yQ*nN?CFu
zTc?c>zmy!^vbijKNUaC<tczyqFgX6`$Vt1O4zlAD0*DPz&UW3hGoqsUmZHGo<-c)*
zSwuvSh?J91du)@Mh9U%Rj+S!S&~A}`U-xHo;YIh+12~!wzZEv)N~y@*C2zp%N<jf@
zFpzBI@bJ*;*ax4!`|neaA)7~{u8xdU_J_?_`+TpS+4Zs%4PKN8Q48ak9Sql1?=5>&
z@GQ%is(ij`+4ytmyeU{NmD-X^2<+b@W25ln{TcOkjH%1*3vZVnxn4(e{ZgCTa>th7
z*pA#-Uxlci-pb~$7KbWs?m>!cmfcxzXLn)$O}rgIF5s`4qeBBqZJ_aM)yp}#8XxRB
zz*63G!&=T+?bNHw4pla<RVTWX7F{G`5)98x4E}I0`sboM9S6&|#wE!U2#{E5dy+)X
z!@2-Tjl8`%y2osR0RHnE1+Z;C+n1%v#~Jm&em^uM&Ds#pmCA0Q8XR1xm#L88y|OKR
z>QwfGi;D|5YC$0Hr%#_q^{OL#7F~_RvFT~Aw>ZQYClWHgQ6O>8xPtC#ahX7BH|nb{
z&j%av<2bk|J_fn7bs)9kc3cvA{P2;I2iJx3l;%|*WZw2#s<NxY1-v{bJ<Xq`!nSA#
z<kmO54_I>aD%mScL9pMd6|vpYMpXV}v1PRk7rFQPYu`@U#d&|R8z=it%|FO(b^VVy
z*dm&*LF6Z%K;+?(l^`E(D0&nGxF0iI2Q127#ajV7&7zOKUzurt%X*v@WVLfWxg-Ga
zR5-0-U#O_GkI@5Ww3*M$HG1S84Yj!+H^H~X2a=}eLv;WkmI(Us#moj=u84?;J~n;k
z+y@fsE$|*?Dz+J^ixn<kjZ3`%^*gL6{=qM+C;C5}V^`0)6eJ1_-pBJZ(X)Q4PyFoM
z9iUIdyne%O@+`l@!ZVAWj1%=8(KjHnYK3KhWH~AL9|!w1gWD`*_kK4qpNH<6Rse%&
zru|*02bX);n-`wdhgv7hW|st-zW}3IJPveZ+a?PdAkx>sw~Q5WXYUxF-MepL<lW$V
z9DU+zGaa*v@SI-zKd0az2%Vam;)~4$0?hP{I4~MagcCGqer_)7RRR-^c)=gMc`xdg
z@e&0Gy@2;}HQb6%O;x{CbO2862qGvbNW^&cw(%R8^Bf<(Uhp&;lKjUZEKVT*&e`1`
z93I#$h;LvZA!5)67RLA`+4e#h3?_j9*8Qo@EKU1hf*A1HlPDYIv*<>U<9K+tAZell
z1HUb<Jfo?pZVK!L%}<ix<BI_ZQ#IQc@5M>az<`Bt%g5s9g6M%7$#dT;(&2av(!`8U
zMI#-{=Mj^wr2&Q;ZY7_#B<!sIu}~+<k6h@Po$0rmGBm#rt16FcQM(<mSpAxz(x<Hl
zc5psstcpc<cK0MLg0QgE`LXMjRk(yVB!vTfQ3GMy%x+I@HLCUSZ(-Mrlrw{p+A1V2
zxqYN;5=0Szt{@1=-@xcrr^<~6F|ake93<-U@!g73|5xS``wL=DT#>D0r>URaJceh`
zm4bP0HI$v5jfJ35U<w9jz=;hpIrkNZ@OjlEr~h*8;p`U_uxl<TuAV|#A~*wa)~Eo5
znz#|N7CxX}H?=|6Yh34h;-Y$vP^>5>1P-}Sd1Tz_8yF}RM9tDm`ZZ*B)=1#|ny5V6
zUMB)xy(i%7o<}2<fg`S)zdoH~N$iN#xYPt^_$wa!{AeuIavw=bN($l$$SHIfz}OUQ
z#m)>hl7LkBxnd40*2P<|LzzS=*}bIClJ9pHq+Y3lq!r2XQp4bKK^9il&T@5-_tVst
zSf~a+Pt?C|rEz~~wA_)YEsF0H^0i=AzK%qX{1mx?wRLc6M=UcpbHb<IRQ`XiXq~C|
z!Z}W3Ea-YasB%1B`gX2)f><^RUl%k21$eUb^egUC7e1Pg5}9>G-)vROe*V}U-RoT=
zJ^<B_y%9#NLSG88%YHvYFx|k^yC>H9jvb7jzCU6tgkh#Bz<<NAGqDj?Ipnoh2YgQO
ztuk)ywHB9HBtLi0+-*icP>_(h6KEUE>jPB>#ZXHyc4uiS8{bHhDhCK*qpt9lk+`>H
zyxsOQvLAi9n4-W-)6?O4Co1Xt^s_FsYgI=#cXoAkQBxrhW90`pBw@#?Q{?EZg2H$z
zPWGK*rHeyMYrAF4dP7T}^pD6-4(<-l@BZV|R-B}8@r+WM1%}eT9>e$)60*?xZ*AuC
zCx>AuDj#nzX*0J?z*T(ZV@G`b{f!5^*=WOSU<R+WzR_2JHvyv+9%MWvPPFAU+c5;>
ziUPPKwD`zM=~5tcsVq6W@+It%nvfVlL))=CmX-7j+GijMKsi+w>`}OA>luZdJRc~h
z){KqmTb9Ab3&-OG+9A+otaEFA8`no_8U)?P=G{!L(lCm81cCD~>XL8N_<Sdd3sTR(
z?J-Rw0XsuAH)o?Xrxh;W?&#3{S)&m(9UZ92sz~eJN^pW3Iti2Hq(h5kcYglOpWl)L
z8$Gz>;4l%l6xqK|+_#}|a8$+!Kszjo09j7N0fq`<BJfKBHdM)}zptM^e8O6%Ndp_1
z<W~x=(1K=|5`gkFtwQ#;wzlVuF3Bk=lTZ@fxf_;f5e~-ug<ufI-pCs9?3sv#9|c$u
zC3X<{{F_15ZLxq3FrPN!&QQ<gdK{po109Q+rlzM-=l{6@!@p0!REEX7;ZbRH_J3=u
zt&@=k-exI64RQYYQsho)alQK6t>hnz>TQ)az>^S9jRVw-^gmt{@?bbggSsgF$18DC
z_7WwBPu#+P@6>H8nFwpHLgDituOF<?h&ZEm@wC;6|M;cQXf~2NOMbJ>W)#E(X?fun
zlkpIz1EJvHe}3Zi2+-?%$aE~#Y41h*)8fXX6|~6s{&Q_2%s(58mFL3l91rt$M=iA!
znF9&$HdG&zXXcS@YC6M`xOE##La(0UMsTi6^oG8lxRdIQ+gPRISYpI)#j*Uvac_Ko
z<JuSe<&P=RziuB>5Tx*^?W+jGJF~D~Qne=PbQ~(qv$AA)y!UV4h<-Z`D`j9fg($`E
zr}vjv&hzXFkB@00I(^0)NAoV1B3r>%?@VN?9|jsA@CT#`SGc(+<j~*$*DH}kj>z-B
zrPreOj4P6({I^HNU*G-Lf8jBmB~S3Zb5`lRSfkPJe(s;A+$lAKk?(r=OYdrquuJfG
z3GeO7HZi3PB1B<Sj3k9(U9s4LjhBZbc-bOcVzDK;-&|!us070VB<xz~G?6iSkU;X4
z)5aVH60cMG2wL|~lTA2L(@pcyL>!CWtk07F+9(q{UfwzDeW&*2pP|1__Gx}TbN8Wc
zXwOmZd_Ej3#S=VrxTp@ndmoA=wBgjy;46qitIxx;JuXA+ioH&V4BOYooK@^ThQS<$
zFWe=rvA93<7Z!RrUV{a${}kr1q6)76SUpvCLl8`#evi2y1&MG^0Y4@{pZ=W&N}$5P
zE79oS+_mcZ--9|)ejs7|Y@5)*X|Mcr#Pe5j!w(~6Vrz>#D-I6Fy3<t1DWvDI5WR|s
ziQ2Wt!y$JYcktL&i0+CjMbRS)WBmxvkh<hn+4Mk~%6Bvxnr|r+Iw!cui#sie&_n}O
zq1d8;gMrbnb1mV@jPHQaQU|BU)#`G`3D<h6+4fk8M~|)|;Fm^_G}1IaWLs^L^sk}Y
zX?8O~A#d`Jf0w(EzR{Xs^zU@eU6tVVXSKLvv&ie(FZo|ia+fHcd$y)IbTbDj+7@os
zS10!y|AFs+Ph(jpCRkd+bS8+VA1rDRlZOSEBdmu@qYOs*{9|J$i5Y~RF$fkB)^?(8
z<e4l@D>#y(uif{bryo7p_%n)`NN`bOtRME2uU-e}l_&Yyj6}NG290UaR(1(R>fWod
zZ8iq6|BOjqaVT3x<mK9?6!BA_|2r|&3<wDmas~43i5P{x$IO%hKz>QHg4*-L-qtjS
zS|TisR#tz#Wx)NbZ&|9V<NvHPy9(6kl9Sk>Dx-8hx=84@fff549i4%6=v>~>hjrJt
z#ro@(L?WcDZ9}dr>O>f&1e9I066eo+=@OBen%bM|7_7P8>^;312JkFk!yGcVxlWB8
zUHMBTAIGcqXGu#8#s0k_ua{bsPGE6KrPOp*5D{-(_fe#&+!8oyI89Tw<aGAZ)VF7}
zR*zklcT3m(z@Zj$tMdolPqM3JZR^b*{c0pEDGh!a7ss@)u#jipS8et9&*%CM`w8qu
z&%7#ZWB<0aDt6NSB=czvV@tEOQn;8Pk6gKw<j;EW1sze5tjbruu||3#qknM$o}QFn
z?rEdp8DCxw)lyUQBL^RO0t$}05%-hen}>e&Ests5#Gf($3Kkn!N?zB>|L=(ZeKqWo
z#5flWeU@Q2j$rH|Jhz^1q#;S7?V^H*Sgp8++^W4B=P(4jAR3d>lc`Rd3z05{8yTt(
z^($#X0wi>2Z30ygqhrb7a32RQLnU1ypJnEYK7ycMh4HUyHFOT*prCvahuxFprF;W$
zU-Mjg*mbHN2L#`=od(WYiR*RWlZrv0L}C>Xh&qX`>Wv|H&WfK<Eq-E@|AzB#p@Awg
z=)^?wzPlRtV>HXYMw%U&Jh-$oN_{G{*=Xix>JPnQw*)RQL^U4j&HnV-q^_--h#@-q
zx$Mwo7-yi^@w?4ZJI$f4n4!Xk)J!!iY82aWA~nhSqOi-Zh<&N2-ReO+174j^umOoj
zRYjS@ywT+QyBZ&yxO+=-n~H&quQ$s?N{Z-@&1>aCT1fq;ulNr0JwBzS&N*8nup4{K
zbsi%ln=l_c)XvhXjKXWVP&4(F8BHMpsN|v5z{`{3IOH%Ju4QXuAt^F3xS;z9H63AP
zsY9dsUbE@qavki#^kEWBp?K4MYQDB4iW?3c1|}xD3!=B6j0@(ru|Yi1XgxWGcO+GE
zz-t2+6z{4kkzHU&3kwTZIm1#XVth_x@ozhAn$y7C7B;MCFuputs!m%*S%xa*jU3^$
zOWv^)<vxZebSW?`UOG!{picIst>ycTQ1~vx^6Eze+6Q_DFWe_o%_^MN&VvZ=lF*i=
zJ7Kc)?B($&$kDuN@@SM1MCR-3>&3+3KzzeSphDHFatmNr%{cwem^Ih>vK+Ci(;1kD
zg;`mU+Vz4(duhD(*2C{BhENzz<oV;l3SC|7tiQEd3nuN47(l%hub9;Ikd8;vte+38
z<Kc!P5R~BB=phPag1EkZ92V=Yxtq-F-SCqB{_Al!NtQ6Y^D%(<z|BEhq`vwX3cayv
zjA+i@_ILi6gfO!6@=-xd0uJm&I2nw>&&e63grBoh)^@-()~r1P2(T_}SAc?5S9j+r
z{9`vLzwK{EiHh6>KT|#gZo%3L2GjEs)V%sz$b7D-RDZ$a`z;ioUUQIcUSdGMu;xHA
z?!tdwe@%%~xscdzI<J{Ics6ydlXDA{j}yb$96$*OpW?UdElE<%jOeej9@5Sof{XQo
z+7*mbb*#kWb_O;lXKK8TA)e4GKfUuowN)kimLW<+87#66jL6oih31iyE_?W7o!{Da
zdUL1-IG{kBFK-Hm=7+PrIohFmm9ECMbrOwFj_xKa$wY0_Ezo)dgAB^qD8*>mSV%sj
zJ5!(O)CJk5@me2ltNsqAFD|({`Pfh(LnKib&B}G&tK{wBQ0Sw@iYL_dGO<D@09?6P
zG}K$^>PW;SLSMaqmC|~!h?8<&1!mGE-6A3+&!R^kN>5K)H*}SLA)bIBuaVd8RevLw
zcKUBsr#>j5f9nmqD)n%hQtXtVwez!6hM%27iVt_~g`8rsmTUE=1xCju!>>$eT!O`S
z9L^&O<&V<0s)BR%&P}XL)YIm|QG*01eV-l5=0!wM1mabStUZ16+9$HJ=g(Gj?e=7-
z5&|iZL#<iDqo|VK`Qees{=vbSu-6h`aT4gZ(>?-$ICXw2TU+&@Mo=s;{jw#1xy8zw
zrCBaF#Rmuhxb-je=Q9X8UaXf{%2a0+;UeZS`_fBYEc@;n;OVmYqyEr517`K~-M1pN
zOhe8}F?Y_^!R-{yaPU|e#{&J+;U}Zb=u&}9Y{8<34RsQ>*h_$^&344pgEt9t_`Upx
zwb&nRMsW4rH&pY7st7394TiT*G}=@G{yQ-z06<=Lqxa5QzH5hG)efxVB0L#c7dZY7
zk5jN-SZ2Ewt!veCGg@i{x38Xihrm4}8eh7-;8&`~@yGdWx%phnLtw({+YC{?*vR(I
zNCRZWIU{Z?(EP-P)R>$Ryq`_#mnf4)t}h~pdO>e;-p`*uYk{B&J$D?bPzEVgV`HR6
zVGTMELKmO?c=f@!`3WM1cOliye_n!xY_Q1kf=c#rPsm=#<0eeYh5iea?a1Nbp%v+$
zK>#P>|0xs_>m1ECv=A{L?j+zbyiT$V)jNg^cE9+}tw+$Sf7!`#0j5whQvTc=m?+J5
zgWVT>Vv6;~2b21?lXv#Un!sED3yBtZayvB61=O>R$m<?~=KWuRz1vt=SOEP>s&um=
zH3g|1z6J>zm&B)<h)eA1sUDSLe?!T>@TC3h*j3Uzf%S)lBr*!uC8b?_&8bZZ106)u
z%@7YmM#kth!>JVy7_ipV_w#_K7TfHw!n$Q@s-GaYIG8pT@73#cS+7D2_*D%?WZ>qM
z!9%nIs_KS@hIpmqdtm7Bxv%KD^`K0qSuyai&hTHv2X~z`m2`5j!ZI{7^M^=9ssTGU
z!A#4CczFIKn|hDT7d(%IgzdoKZ+(8O`c9;7fvId;j39|92^|5V@$n&Zk<Abn5eWf7
z9n`Xh0G%oR<O1jk48utS!8F?(J6|IRB#u*0b1z$Hb>H6G9J9DI3%e?Qg*_e^O_Byk
zq^Y(NfbxM4T7}U-i*){V9GGn-j+co(=e{&FHue#?b`8iUjcc<Vc3Vrj!7Zi5He+@3
zU~umVcmb%X`DQM>`b<hrAGAlZH09CY4xkHeMBydH@+S;#I{=&ZF}u=Lxb2|O;_Yv(
zXL&70>4C(Dc%uD28JdyVOsLVJQ82q()v^R=A|xZzGYY%;f}FPdW1iUJU~igc7j`ln
z{vNtccNa{eCHs6Y=Wx|D$=!hukOc3YWGo${N;YPSF%^|RckbLoFDC|NJHl3AK2mnF
zYI~B<a36>-=-05YiW72kLkD{cJL@{Ro3BaVyXOrMBe2<5c|{l@Ax}~^Fv{8HmW@jD
zXArNft{9$eYpW9H<UkQ*g(L>mSz&i~_n2AIo+8B4PeQh#v5{)dS*b5SW3YI-B~of}
z(BUiWgY=<(@S$`{-DsfNM_yCVWn1=vSSsLa1k7>~k-jsL90qV_?}a~B->+gK^Ma5c
zUnyT!VPS>{%7`@8Ov)_FzTN|x@J0T+va;|LN%w7bnPH<VwCM4MmgtSD=10HwckCAi
zD(R5X45bHwlp%FfE3OlMF2vyVQV)b5#Si!If^`Ugvx5?YBYZC4J%sm`{Sa7ER#Nhv
z7KM9^KB8P3VYtVnP0*t#@fg8_xj;$DXK1A(yGKn()X@6=EC2#^ZEZ5fZ*q)*FNqHj
zXXDbyk<ngJHtYpcIJ{t?YId6|^429vp1)cJ>ufhX_TN0@xho-`g*Ro<1VyP=csL()
ztos$>@&L$fd&A9;`|{;VN6MFFp=y}56Vt6!XpC8mz%^jj`J~R0A!1PYC|0@c$QN;j
z(%%RI@SC5X_cPD>D<-?D>!d$&7RV!@wrP=lr~?K3{9Gx<)OHKA+S}T{bi~p(o@z0W
z;ouxsS64@Rni?Mg+XoIfIE2D^a{^FIu<p4m8O)eXk+VIu^%;%>r(>mV`x1HyApGt#
zm!1;SBytDCHB9idf>pSn<H0)z4^eOMDgy&!azZN3x_GZ+XTtAcAvAAk(jc(3iT`N&
zYmWmQU(d@>lK`-hZ3vrBZQI)dUhLa2-X;VdokePndaYyn?jJ1;20)buK<7>T6ElU2
z#Wr~OhK1|vkFzwY=;8R;6IEPVdP6O1pAfJTiAVJQ{$t0G?i}S=pUOxT=qXAoT6QMl
zz#8XU97zS%!eJ2+=NB^l2xsb{asn@?y6<Bc%-SIdG5O{)tn4U|3&&={=6shQpTSaI
z`EdW1WhvOf0gvVu-h~U<hHy;RC^tQMxHD@TGhboeX+-^+D>%P8sME<EEO+asI&EyI
zg$HGw7@^S$MUmGF(h*hJk*1*9l?hgbMBf?fyBpWi9w?sTNs*^|DjT~m2&WW$1e{tJ
z%Z|2_+MVGs5`c}$ZP+LP1V7*5{%F1W2ta(93E|wO;<58apS~vG*yKVR&%DxOvyBF-
zqF$E~a46zXJ51*3R{wgC?hzX$Xv?^}zLd<j*l_n1H^jPbZ|l^PGE4|bNl9JOuEL&f
z32!a3rNq~DGBdNZ46IhmmJDZCC0O@BOFZbiJ{$o;t_Iv*ZpTr#1l{%+VIQDCV<XqB
zM}thi@M663JVpcz<LFoSbH8@HnrqH*XLa4bY8upTt?|+61hlw0D$WB;`1muq)kv9y
z*}H|&0`=`!^xnILl$Ph-EVr%dq`nR$Z9=NH=1zK%S7<YLcb!J7IbzrDgT;o$`tq1O
zYj^hG5}##X0*D57M&qvAT+DnN1#sI<A8(Ah(owX$oE%rT{W!P@jaRwwA>-fEyI|&Y
zM$LfVUY+YF>o#iWV?M}g4bSZRIJns!gFqMurCol$)*9W<x#yipBY=$HLDOF!Qs_Xt
z0|!Q^9#Xh-0Mdtp2MpLw=o)K;7v|W8%;Hb<_m?}y<uS$xI6_+e5gL38$eJe<36~Sm
z)5NI^CR^_Rnb0Q&AXKKE?g9H#NlBpUTm`lFPoKx7JNeRg@3K8S_c{@>G#>8vb6?V`
zzy|;gj3C@*oeyV!20+SC{nt<Uq6gil5YmHfZXmu8BT)Jb$)Dc_BT52TN`vWM?C$Pr
z<h$JfC=4QTPQW><>cq3OJJ4A|5a_2|?OTNsWXy%eSvFIv$U=8C6}CgHi#{}*S|5>k
zBGl0FG`wkv%QOM}?__RSAZ#cm-=hE!htP|2gZ&|xJW|H)?d}rv2}fvB6lXp5Wia_5
zBNOurMalrnCZ(fNk6-+a`t5DU>mBTx558wZ?S&5aZ$P;+DJn02wo(R&2=im5mA?j`
z^q57$J^jjjYkbxb(1QwR`~HEUDR^%E<z^%RHlW9NF8xx1Tes@PMMI1Wysw-;ukVq!
z^^$$~R3__dWfc%Wo%i)IHZmeOou!rk2nUJ_L%`x+p5x<C%&~K9j^bNF5a1SkwCp2>
z9hQG-+7B=j$fhI4L=K&;XjbVHba&YjhkW2Gx&<>|6cWU7d=D?51{4(=p{Aj&gW1ED
zt53*m4Znk$hAs5nT+i4-7dRSQ_~umaEeXEqOY?$d7(`;kFn-Wt9kn+EIL^Ul7R*5W
zNYU_cY;0_RLry9yD+AxGwrlNK`?wiU?4bt)>uFc2ZLI3W+`VlB2n<19-z;YG_;EZ;
z!}k*&$>XO#e+}tr&Gr?TK}w&R3g5M-%6J!k%+F6XoUlcI6_C2<u3LS@->X_YR0(*7
z-<+3l%K$z;F+(((Lj;aOVvt<(c~at{wi=7Cg)3yi!|8Xt?I#Z)U(GNX^6h7dOUf(`
zFW#lt{a94=6fQP{macwzMpg&7d2rOzD6(RMWhi>t_y*8;MBT;|`TZe3hr(3<?F7d0
z2&KbLfTaobv;g_h(&(|UJHBB#N#oPget^2P#a(Ce52YvDTt0Y)4;ZP<{_*Y%)yz-r
zuSPFa*bf(@&Y(rs+I-@jV1so^JWe+1nnXd$mlrQtAXyzBY*3?@HzBi_MnJ&fYkv{6
z2e1*F;fjFx8nNh=%_b;J>=yd%V#YL~o`>MXP|;2B5aR}k3mDE~P*K<}a8ZD+Ue))r
z>EyJTHK9~<ad~e5)T2Y)g>2pS25^QNJ1#08{guG!*jFb}K|#k3`vZu!XYmyWXBnuI
zlf-ujN}PVOcw-;S_lWt0he1m*fX^R3ntKNKc6|LUk5+AmcJaQSyX)>c8+1-Bj!(P0
z=MuK&e;!;$e2ozWwPfr5Jmx<O0i0J@!tl?jB>yqHfA*sbg)E1%xFmt=K=#|#^!c9}
zutQ&{8FZxs3Oity{IoHUauR5e_(TLA^EoF8>j6T2IM;pGYM??hspU(#%l<Yu<T4#c
zG)fGZ(YDy#C2gRQYx0<lqkD9zJ=Ma(qMsp{8y#zpy%7jaP{YBG=@0b_t~D>wIeeBc
zUV@W=Z?h@`?b;W~+lc3T6&fVo=;yGg?b3xR_lrEa4^&~pY~6bagG$)-wQl|4wlPV9
zfGW%w_yE3e$&e&3#<6|F_7EGXi5@5betEU|w~uU)5thLnk|A#Dzg#7uqH-E{oyl{8
zRq}fY7gWGd^7fa`>jS$Dx~*q;czDK!9*s2Po$@%KfRrPOrGovdPc9t-Ys<;i8A`}C
zs39@4OX_O{i^#b1_h+Q0Q6lcRE?YlYiR|ru`g6qyVj<TK)~=tIi_-bgyb4*A2r}K`
zUcwZRmO-7-JAF%Gx#_@8Ma9cIZd6YX<-~&<tM3*`JW*9Twmbx!H3D(UZ|mE$upH{E
zPNd@E;(10pSHa~(hF|1pv_uh~yDXT-2ND-8boxY`RuC8n5bROkYdr+^7SLk~Uv2~u
z_XC{^SS<$Mp<(#CkGrV}8U~zm-Oi`RqxkK}O=aSqg3Nf*xA=O_)~}mTNf#Ea!R&!W
zz9HqyJ9MRmF(eK}qI&MAM%m*Na4I3Aq6-AnoVF`QcrB&Q3@FBHRvqvFk142K6#8zb
zku<loTz%yA-AYw#ZAfnbeA5#CA7SqSj%DBf0iQ@@tL)GoBovVyMNv^%nIQ>DvLY*4
zCDdJ!Yz=#rEo4MdD0@d486jlze$M-O?&o>_?{U1xdmYd5++<zXb^gxZ@B96HKjUQM
zD>wmam503W;FH@zwK%5)0SK5J_p%V2S?k%k622nY`PMuoQ-*_s!(n)mm!OTSU!h^5
zJDT-yhvAp{m%`+0hv8J(w}hmmeI5uJ&9-ShbMrKeltv!QW9oMs$A+kRO_SRi?bU_X
z=8Bo8-DL^$CoA$EYrNPr&~?ZFK%pmP!qJB~?$9s-W|V}b{oZ938@S~X1P>1n!)Lll
zwq}=u2M)7?y;XhhiRXr)Fc3T#!b;o$)&`6J`o$^d=99Sw!#`#?M5pl#3hO3{W`J4Y
zrgPe`@Y3A|54A9%in-pk*ev5*+g`up^c=9-W!KNW+Cm$1*?BBK>^dJe&hwv*uaICy
z<>667SQanNPUoDFYke#)Y17~E;@!}3KoAA?m+9-r$9dRBjx>Dw!~g;)g1vnG{r&5{
zB~-^Lfp4DH8LO9LRgmtfr^kJ{{@DfvE~)N98=m{GJ$4RDS#8EY`I24>D}|28sbEgl
zO!9^^Vjr5-fWV;lxa4Am_GlB{4$gg$b{0$LO~2&p<2m0)6J&qp<6pbJU<7VZc#}2H
zw%e4X@eUu_dEf(o%D)ihfZ^}o+R9n2Thc3@<&0(mqnPi>zl(%9#qAFX4X5ro=u;1C
z%E^+Gp$sFT(9u7g8Jk4R79Eh7Rg!!zSs<QdiUbSkd%RvkhR0x=;dTPGOlsAQUtLE~
z`w31iQ+2nRggLr*T_|S1ozl7?qk5s|-Op7eAJ35rlrQG6fY@9vD8D?pJ3k&}(a^Oz
z!t2o<_3hjAC9-|Zo32P~GuXEAE?v`UtI-x42s`Szx9!K3KNa!kRnZ6t-RvKoFjm^e
zV1DgdaCEU)ksA^nH!Ef?{Tcs$Ti54)bNM~HDe4q~PK4lYn_Rb7Nsh?uSUD{L#5kl?
z@)|nSkf}``)C4qHw5`jq8w8A;cHLdVs_9BvgDI?O#mY~(OifDe)EtkH_bgE!-lU=3
zA0>V(c#`+hieIGQx4Ia4W7@JOd(TpuW^tlOWA}@ZbWyZ^R^cy85aT5a>$Os}Kij+W
z%V`=3>#Y4&3u;Ih;ns8S?9C}2{1l$TdT+l@`W6_d@0JOHFDhT@=haWweouH_*<auE
z>D2c&uIXA~ZWA@U;+gT$?FP(ycI~qKRKHYtlKeee+M%TCb8(pY?#8<ZNWkQb45b3s
z2`yu+Xt-dr9EOR<MkCv=FE)5AXVDNBr{a&36TLIhGW*<wBak0_+vCApN!=s+!8#m}
z$?jrfLlR4e52Uy{z`UV>8j>`pZ=L1k2aU^a&i=7?<bBDys5u^noX9x%k`a%eh@j?h
ztg}Y_%-v@Xy!!r@pNoUHChpKIT&r(u+oPyIxckDh`>1wE|74P+J0s&=7v;es5Y5CX
z!h%tbuLqMRFC1O^@|`E5t8M_wLFAk~afO$oaEp|KhU8oj*CAzE_v8+T@{Cd|gE_)W
z>5&A*g_x_w*;`=7CAs@?MX%e$DPTSjUi<uMkP5cayApLCs5uIs|Cx!;gfDN4wJCDa
zExZ~&*?|qAO(f<4*<-fZ3D5lO9*P>81v#>Bu>WFCy0p9so1pe)f%2=cW5|nEk6n@q
z8i`I=VrGqg^K}oaxlWG)*Cm%JsX40%amLyIsdhQE@<`7HJ+1dmN=7iY7WxacXD5$Q
z%jSx`BS5Ep&O|-d`o5i>CEkStSc77$(>t%*z^hcOtdgtbwKA0v!MAJI%ZAn@NzG2T
zS%H&ghH^d$>b*X8_ZjH_P(@*sH{!N}Vnf{Le06Z5Mpk@FNp5E1zWY3zHa&mKUSO|s
z(`GE+Zo<41=8Y741%(e=w-^jbl0~&Ew}vB6OcWB*M=WNwW7C1qkYf#^Mm1=})GUUU
z;+>J~tpRIy>*i!?g$rrU*lCXVeecOBekNu^hvH#;Jk?PD=9Ub0N{@(@@F@3OtJIot
z_f4;s{&Y@c`$eQs6L0*hnkM+wUY>*ffB#tcA?_y|HboBz$MPfTPv+OudG)k$wbQ5B
zTvI;q$wVTX4<r*bI$1!PpUU0}y%BStH_S{oQ>6Y8E>7zO#&fbWTVmLj_g{GZg5@6O
z&(vpP<fwfW&wiV`aAkPS2WHBQHFj@djPb)IGP{<2koxg96D`RlK=TWF39zP&6B5)+
zeK49&5`0Frg}&sTww_r|qVb54xiJ3)9Qt7RwJ1J}q$-6V`{wwM4WG9bBy(qCxS(gA
zBAFgIVsIIS2LQw?LZzBX=gLcTsE@&$ou%uo+t0s5GN5nYhNA$e6(?!`@R=_5_HAde
zIw8GY9YHNhVyB$?kALGWj)oT$XMHF%{xvd;S2z9#{?V)8mv!}#rl1H24pu(*Rqg51
zXYoeeu2Qy@yLau{CL+ROngu=T>8<R6B%atcIeQ#vSNUnZ=6smV;Ag5D=Wl9)`6(`B
zRsJRGrS=nc<dE~nSU;#`19W-RmyQit)=ZxA@|E&I{$}(lZ5}H*+7f{XIb!AEpg+Iq
zyd?bV;of+#HTNc9ZtpwZEGPuAF3M^;xUp<O<;$*;#C}+Q+J+!Iw#o~&>Bglc+H-#O
z(XvY4qNJhSynSN7Vw#@z{NiZF*@7G9X^sJ|GqfS`@fx{TFObYHfMnR-j~%<Y?pfZI
z+dyjv3e*kZ;Jr*uKiz%$qQ_W!+L(8qd5U&sZf@P2LwnvH3>X2pOcwq0$3;XrPmiM|
z{#5uuy~g#_)BvBt&}f(G7`yu-wG*PHa<md3*lslCrUzy49QMH$*phwQ`PbH;&4N$E
zpOtH>G`|ESW>D(EOF*~n{#a0l571uzt+@jmn+0mR3*G56-XOo|@@1f=)UjiK?51Cx
z&WDQ*>?EhVcQaPqR|LY%GIWc|uGMyHgW;QG3oZYuMER;GK(xM^>K)}5HmaTc<|4&V
z`?${TtrPo3A6Yfe6!Yvi4}Pp3S&%W*4V&8qf^njrxz%MqRMkHgFT9`&WMjX3%o|Ny
z$?VK!E5n=CjEBxMop;=1*v5C+_X@;;V;2-91@>gAN5{VMJsy|-2z|$20O97R%rp}<
z`tH09<C70&N5y%T`E_&p`Gku@l)SCtaD*(M4FuNow)pLhD3w#Eva4L7XOSrqt;-0Q
zoOH7Z6CidWRBc4-FYPB4+~U@QlH(z=9+l{Zk;dr_KH>ArE%`>(Pdd}+j0UP7#8tou
z)@0kUe9K1p>pxqWA+_+!vJ;P58n@|CD~^ws+L1HbcK`l;=Z={6P92@OiIE`*!``4K
ze~U|3JVIZ*d})HYZCkNLo<`2WqGdnMW~xbW9tT%F3OtR!yDa=35OwcxxX&ZOUgY#^
z-Gk=$OPMD8KV%k~bp{LP()8X}XU~ZBO_3my>*Lq)gTiK2@8D8LwVvVF&;diAO!MgR
zgqAl-e<q^2hv*w6h5{24RmyJ-e7=7E@!qqFL)j#Zswr?BH2;#8lf{Zxed(x|wup-z
zRD`9M=%q=PsH0WoQZ%7}ze&UcFTUdT9U2j<nJWRuwu31aC*>R?=l)yk_#dN|0%1_v
zn1Xl)N|uKuCfc2Pvym?_WJh*nmo6z78}oA<h@^o8u#NSz{$8q?qqlG0oa(1Wo3vMx
z#-_V4sBYrR6M=o5YcAXW<|4%KV8Xf)NqK)i;xD`koBf9iQ18EZ`aZDqzA4b4MeGL|
zB4zEBha8}GdMay?UNwU|W8UTI>y7>Y!3+1=dZEABP*(3t&wdg6gwzmX0ZCM?g;wYl
zF2NP;Cm)}9rj>u(wC6gSIFtEB$5D;uHcmc1e^@ep8$8S%cEG6V*<4Mjc3;s%wqWOr
zgaotqzXzbHO=%GU)j3snA&h0Lvv|pPtSd{&ERuDHAALw3+Ag~{HUFTLCI3Y!gIWOr
z|GxlOpPGGuUl-^+Iyxm>C#pXto!>)209h4ka2V-)^AF^vn`HGJkeg*Ui*f!%a>gfm
z{o7Wz);KDI#Xn!#gHyCKT9WsoE<Hu6_M06ySCP{q2i(l%S%vP^Odv6HdU$wnF4b}d
zO+kJxAj3C4=m)5cATUBynjZXYM{46r+>#VbbQQQJ?-!*Tn&jP6+Tka6_e4UWmfALv
z!)$qG=S<ej>&ogWoY=Bf7pL>|s)(YlJKXqpUq=^XXr5yx=fA!Wl#(yi0(!&>@_@d6
zr=s=H*wGB{nzVZ_47Sk_k84_@986q7A85o*9WsBdXuL<QR*y7a2Y}H$(ovAOJn_rW
z#8B?BG=;Oz=u_|Yw2W^A3d~E>_t9Q>b;DTYxGd#^TOVG>#`6glE!L&{Ww}6STW)po
zWJb1kjF!OAGSzOC>QE7^WU%U?<q|=mO1xWLsY%aA$r~~8t0YA$#qW7_u-TV*Ux)^f
zBKN+EktfrxV*Pz?ac+#oeJ^$uW$PsURahV4Dy8UbTO==D`u%4~x8OPYJ0o<<15MYk
zgkj3DLGh(x^IR@07~XvtroY;unJF+oqGj8wykuL-7EA$XDbF^TqN-d@J-Lv({y@U4
zB?jB11dg8llM1NGc!xx9{n@`?KUZ^TPRY>pP4ac^3?tdOxp2L`Vn5CQ3U;htn0||1
z#=RwlUmBFSg5b_y5w;@kiwuN9`)hMYKaRluEworFj%0o}3p&+z@1(CZykm#Tgf)2f
zTK8`qYMF$4$%U5^bJStd<y(zO8fG08A0O3B^w@N|Q<;6YLi0;@hiG-Dx}AH`=hI)P
z=o~0?KN3arca^vc?7cE|?WKQ@HWy_Qd*8lET6!g2`1I+OZ8JZSLnGyQ6_I@8{R7yC
zZ1tS}{DCN+Pim;hbbt<^eFYAqQNO<gW-I~2!PSC9(t1BfkOv8{xlF{+@7K%L9db)p
zUZ4SxNzMd(eW|bYyuFK|H`&6?ST<_prmn-icnlrnmqIOT&~p(itMoMY!kbsz5}{zo
zV%R|`Um8I?Hk@t${{S(S;1yK?NKrjnhP9)vr-XH8=CQ=tW?R#Y|39eGhh0iw<Ht+k
zu*FaZiMy?>ZR_C!zwYqvP>+#gORjlqlPI=*y8*2`3Cxh}+m4(Rz$Ge3J%6Ph;m3P{
z?bhoey9yoJ0jJRx#@(-8(K0i0T&rW|J-DuDZp?jX>w|}J+hEu9;P+xqgI0{M@2>mz
zA3u4Ttkar$uPOV&ArcL2b$1hSxKbv_kd*A+;%v_rO;ebm)Vw>0Yjx*#q0gUG&D7ti
zMS4E)jtdeTIB3Lm|LVD<cYXB_PYc9_U-(rP2$p(z;ag^4U?|R5qjf&Nq<o%S*wt6T
z=gYn9rt|aX5gq-YyYPgwdRn>=cSm<-x6c#6+El!88qLfKbgC;VVwjRw>lA42pnfnB
z+f_ssHFmh>^F5RAkp|}W!2QSQs9<WXKPkflJVy{)nknTMc6~kj{%rBRWq>==aJUpW
z%FX3Yp->dxUnC+f3OiNGXqk_)>t6N*<)@FN6m%yvH8v{YXvwVV=7kTLU&`oS68&yX
zSzxr<Fch7v1>q>&eSQf(8m2ApdOdB|5vhp01GLO3;h`9p6LtW%D}Cc4<0vb#4p2p0
zcw_M#epBVn$(24nlr-`|Zz$^l{pVlrGrir45Z!KW`Q7%;&MN*)XZGsnj;Yv1Uj<+Y
ziC73M4@~g&`TE99AV8oSu2BBi>k`ca2sJvxY^uF6q1^0IYBW7v;36}>(c7C3N13<P
zsMeG?PHdi--jdkCf$EpEpl-Dj7Q1pW@VUwpc~#5yWUc68zf1CSB!~<BNd4NavV2m7
zMwS?WwL$${husCxTzQCGspT3Y0Cl_Z4lS5<9Gg!c86Hlwk4`?&!^kK&Mfr?`D&iNJ
z-p6?STZ`|$8)nxK;|R&<Fwfq7?+R}UAIrvs3Npdoy{%sUd6B&YiOkNGt_^Z7&;0pa
z{y3@eTYo>L!Xa7`wg*6|^jr~opLb3BJjok*&BfKU=5dl#QQ9Nbm+<Hkg}cJ`Qxcv%
z22illlPG;G15I7Hw0gd1YqFL#iR<INGO8|ac%vh1;t{P93~1|TqeZN9jD*%MLxaUQ
zwIPTePp>Tpfq3@Z)|dlLyZ5G^9$2G5eKwkFqbETzp>hmAb-=LD6gE)}tvXIY(xxv2
z{TTQl?qtDmk>T?*@y0?E9xkp8xWG|GtG-cDyqoEcM?X1FS4*OhkDnY#(N0@DGcD!R
zrIt8$<ZClqW5Q_wN;J#M*S7B!VVNCiZGE;ISuyBFbxTcld}=EEGuoISyq;;8nb1Wu
z1>AJ;%;;qc+mN)*T+*=1MlX+&fW(3xTboq1ZC4uwK}Lstxb&K`n^vydGhi~m?CDv;
z>t=66z;yBLcg>?3jx;D|Ui>W5s}TvbII;1^J>hM2FP$n1uQgA7b6J1JXV;K*4{vIX
zsbOAMir+^zFN+U?L5?mupbu{JIF@y>PZ6eiLe+MLD#4W~r$~Xtsb^wbFV#v7=fz69
zSxVE$35AC?T!p{=eo|XLlyuKEuV!j$N~$QFnV$Yuile9&{X$nMe_ZqX3IEs;kEOBj
zH*gv|zEQVPG8n#kvbWd?ht<hfnJ-ZXLD*0}-RluCZ#1Z1=wKPQ*jJo+YoTO!R%SL!
zdImbN7j{ukGUhgA_o{1ax6snkz6*+wc!)E}thplg-PQpqUELC`r|D{8>AK&41!MTI
zj)uCgP1M|$Ktk-tH*}`K6I_Q5-H#EWAQROvbtWN3)Ho(%`BN-+k4<zL`4-F5*J2Ri
z%fF6^TZR)$@lMsGe+Xak`-PM3PMC__T<E7pQ~X<Y9OH~nQHN-}UU$yqSa*>KE&84f
zT07-Kr!Qe*_60gJB&o+bw>URZ(fk?WTGn)rsTtK}*sy_>Z-~vxUFSa%Jp4{y<xcio
zXP0`^wNTsa2^H4&TMJ(G2Ugp6y@grj*6i4miG`-bvs3_9(QqD^yp`*|WXp=%m7e23
zte*D3)R`!0`f1Dd*Sij1Yx9CGZi9(BqQAG)JK{za<l_GQuN#$=nj9FDcl-CPdiIN2
z=x%b-29^NnOD7{65^JBpe|_QgK_8Ke?-YW(EFehEG#fe-)JnX2_fCQKOmgpunsnew
zio=^4#wbaMEA84xC?XbTehSKj1bd{~mjF6d96m4JU0<O>TaO`%$J%%Gpa`Mlbb{jB
z*`^4dN8r|j`$84VV3J6qNI?b<RH*D7Dn?EKWzL+{Tyy#NsqfYFaq0@~13mK_O6hEn
zOQIAt%_-i&h@Q9HDY^dn-Xwv8#nxeojS2M)!*z!0>dZS-3hC<kWo|zBo*l?8)KVDN
z4vBewp@7mOoLOSYt?bmZ5edS^C7<RTNXElZ%GjWx*7zo3B*c!*ZxaBcq8s}ppM@O-
ztz7@wpyB66u$npBcTT9P?}*U!p8NK;Vypf&ITd^vOlysz-%CG7x<NGUvn$$CD5z!k
ztH<!B+hWtcAQRVJk7E|FeI8jat<_2m)XcXq=CEyh>hvryV7lg?O?g_yH9y}6a%8`v
zr=|Tc>nfOMlcAl)jd3ku&UWJhlVL$ZLc$Iqp|lgh-=B$Fm)F(towIyhwJI#Y=g)Lh
z;Iv;<)XJ^#9vOMC%Dgf0AY*R{5!+R7H=Vy~L#l$F$aA-sxa+4IGC@42db2CGEMlaf
zHcaSq>y4(2EJwqlq?R4fyAQj{77Y(yF=><N&Ayc~E-o&990fQ9p&}FV?cMDa!V5@N
ziM>8I7gt=wn}Y!do~S<j>#yG}<64iG-eey0DLrEAVg72x1$#m?Wqo7S;A!<uqb(V=
zbAMo$cJb>@^NSs*ZPqhw36NjY^h=r>>tO`&!9U>g`Y4tDwg!$z%|W-WH3=GL=w<=_
z!jizjbJim-!<gUiI16QVcJ?}=Yo)h)yL@SB?X6em_Y8!{LS8jl-|MM_z%>lP)AaJ{
z=6;V#T-j=1kyvQeTD-h7tyQyj106#p5^$fi(%Ez-jZb9w&UR+G7fnh8N3QECfWgbc
zS09cB6q_+zP$Y;J{o_WnID<BBeVTsGvChM3U#1iI=G}i^ijzK;5X>v;QSM`qpnmGq
zG2khr4dky&-6x0}zdXe9BGN}ZZ$U*1PUQRcLl)OD*XWz|vDhG$VAK674QkkAP1b8|
zIaixiQ_dwuNAp?f>r;7EosK2n_Z1oj&Hyk~Uc7o`wS1o1xY>4buo^T9pWHMOG;|Z%
z-{Zr0qfm4Je#ZNQqd0_(2;zQ;h-<>aFx~9aXW<)`ew}2JI5OItA>4JM_LqNZghS2B
zLjH-)<Hbwm-s|L3q{RHxu59g?Xxp#3q*-j#`<d-P+-(^X)`w@5c=p|i^fWyEsdav|
zP^((2m7BBu#m3Z<y>~a7vZ@9g&s>b(seCxeCna6{cj`=1yxuD--X5(RH(ob%=Kz&c
z3@bZg*<F}3>GE);nlpJs7fwR7D?4}YyyD(Nylb{@W#L&`N9U_(9XZ#BMhws)8Gi$c
zfyCcOd5kA*jHOLSNkQmBf1t1rT`W&a21oJ(s(*Bs5Rut*&d$z?TK>L7kiKOeT;E@P
zDRxp;UQY@<08PIG{1`YU`RgG7iD2H&z-8GNdY3~KM=r|=iL>F>qorf;DUIQmk&(%~
zF+j(_Bef3XK7r*E<{-yRtVr3;T#@LT!kFCW-niH6ua;<o)-!I2{j$p$lLV0~4Ht=b
zfG9;R`)v{Hcsf%C>_6N-6+kO|S_QOR?U^L)7a7PngYfXXFLs(g{kg>N!J=qsf4ROY
z^mBxGatjUhdeaZzjuMZ%-BQ-PQer(8PcFEdK`E=Kkpdiz`WY-9E3&Lx5A?~VxH9v~
z#LCFSDw=L6I?pmAzAMJ}cyZw5ID{d+hM-MkT@I4Q#=QAvG$>4pZP)N?bPG%is^q}H
zB>&!*%DAj5=gc6U!?Y&zT!$>k(V=zTwQ|w9YJShHM~)P<Mei{#R`s^eOUF#^Ez3cz
zy_-oBJ&y;LwiYo%Zl^wf5^<ZqPQ2S-Yr8Dx@_LeQ-DCMKd)_08^CiX&s)@EK7qmH-
z;0kcu!^1Od?mpn9zOFdB+CRUVrK|6~FNBhY!{d|aK)w7V!bg-F=JDP=6}R5)x3>JI
zB|FEumE9w8WMYDuxH9%_D}(Ua_;qNl))DiIi<E?3PLq2&D1#ddz4L6F0yygbzA;hz
zjg71*Ib{8#H#=U9`yF|m?;n&YHN3DqAN5_veQ|Tj>LPtlkI|9!GWN--=Fikx{h_XJ
z%XJiVnrIIKO`Y;{o@<Vklrg6H2Va~^Ql3lV?u^jtJ62q~;D14){BH;kYg0SjhJESB
z1}i<?AMLro=M=Ss!8yaYc|gho_*{!M(q%22Gx)tn{BjqAR=p33i+`S~3b*PV&^%s!
zFzm3-M9%>!sY3F;lUADLNn6lrK3XL0JiB!->shBeV}hm&1MAjRy)ymza@}&v!3hPA
zLvId(a61?kS~T|8jquqZMv)JzD{hCQ&ZTs;7n~oGsTKy0pBx2Yp1B^)<jwiXI1QHq
z%Qq6OqDuY@taYEka*Ng6XYTkFRubQFhn+ZeLZK+v24E4XxJ5DQp0V_yql5dF(?nHt
zcaaJH5m}A&tr{fXNZdNKiuq!tsVHd$i-Y#4z>|2-QV+$sd?*`G^JnJd99K~Asv8){
zfpyke0Gf{Pg(1v!QPTckxshb$U235MGb0H{eh!Y^M`c9{4KQy7yItwtr2>4UjI2(`
zVj9vOco^&ePYQbABTRW&S!Jp1_8KTH=Sr@^VB)@$eFe9(Gg^Uo=L{oYCEj+;$=q6I
zrPtat%nHxKWEr$mQV9e00%^w%Vr(43ZG5VlT1g5u>K_u_GswTr#}xFWEdF1_I!285
zFej_1muFToxVj(eiTk_M*sY8Cak_>cFck0+=v9tLoqKH+P0eUUq2Ok)W$<&<9T)o{
z61POY&hvY3BO*Gbb9By5)R${ynI4CrpBBpj#s~2$660{1I&jq%#5cQNT?Lf&7%xxd
z+fDE8H#N($`>uSoD<9Ic&=aA%N0);+Sy;Tpt-C0Q3YGgT$!hoBo1TghrIL4=2nP2E
zaLeXHmp|<f9Xjc&$R)x%Aa!p3(}&fP`F$~3)++ZMd}Ctd(I%8PPSfJnAC~dkb0*RU
z$UNIems}`~$*__GhHq)ZPicQUP%r=E)~h0WXH1XJ-t5WI&!ZITh1KvIi_cZqWk7uw
zb@{!MR1_dXlUz!fAviKJ#M9s;p|WQW*+O~!rV)j~Gxv88<n`u@kRyNlG}91QX{y(2
ze0W@L)rq_jW7u(EW{pt(6Iw3EOU_M)gbgYe=sD~f>-ockjmtnmwr6nXJ92}w*V&;Q
z(j$zI$XFTNv@;{!Jdg(cHi$N1+ExYvkHgQd4T3u9EZ2tHJ38Xg>2gXr=tfU}PAQs>
zy!Pkb`woeyXtvC+I+vLY*UZD7KGls~s5zK3WPQ~jt!<0+u9?R+&%z%rv`p{4aB%3_
zZLPS-NX^6t_8(5jZr#uBo?mKlxBU(iE8D~HaX~6#H(!Xa@yw{AaWqtG%T6-dX6+Ld
zS<lxfG}dpz)Z<}>CD~NU$n}j2$)umJUjGP=I5*SjbP{Ry-<p{}Y32$h%|Y{?b*ArK
z`%^~)B9#P=1U>f%%JQgCj=N_F=2+$dA^n{4I3>Qs^VQ1MC3vB5Ml#(-aImqFG^l^X
z=groJt&%P_MW_W<7c9VX8J7rJNGU%Be-2Um!ToKWog6>yWIAjZh>IWl-;<^O%m6hF
zjTt`SuJy=hrEo3GI0{?XFJ&J$K&Rf9p_P*5+`DR^bUQxPnyc6#IIGKB^WOq?#pVK#
za)RD9PO|Q3$T0Q{vLwv~usgiZpV}lA%&L``0hUPO6D<nkfjRlrhT&xCrP)a6{AFa<
z8iy$qR#qlSFfKn#0tCCziNha$a(^wj<=p22{t5ltiITNG8Wa81`W|<GamQ5~qI8o&
z?q-&w?Xj@|^mD1YIV~}IbBTH?&4uIFo3uw$TckP)ujix}X0p#Z*0*RKS71GMcQ3^{
z3a;(?A3iRre6lp9>{l+9Zygx;c)_L4p6TQ5t_3*=pBX+aw4?`VQKUF}Ot^Hcx_+Iy
zLS4pR6y_c}z3`&-V3KD1T)}L2qm_{}WF^Y2>1(qYi#L~MCqk&@4>a9eeND5ng_k$W
zwpY%fk+!Y7kZs3m@bJ)(zgKe#zy`XbEF$K=cTPE4Hzj_N%J8M4Nm?`=3g*=_SqPhz
zTG&6-0w@Hubq=c4XYw559XZvx<I>;y`r<tKLuS*!i$P?NPg1Yjj@+dwYe|vo9DYnZ
z+Jke4PLH%c`^%_zCds&$`EYLThtHqi!yV1RGt6^F?()S+htj;_Ppt|$bDi0&OIbjM
z`j5Ci%gwgx=B8od^Nxv$krWmXP?f1hfcE>Yg6SFgwI!R%pJ0>x+;7{Gy5O0iAGNAu
zDu1;%eNj=ZKDzkn95l+V)q9_)l3tcuX>0zvHcv7~j2=J!aVb*Xll^y_ZrZjO{7du#
zhkmnd-pkegloj1BRcrlOS5-pwC=tueMMZ3;qfmWG;4QIT4Y55|%D^kNjzic0j)wf-
zt9|KfvrpUEi9Qpz@rE9%DNUba)9y3J5Z+wbFo07;#N_RW()2gAZGdtKVtHx8#qH1V
zotO4QYt8!GZgk~mk>0LYxT3e}wq#p1t8VELhh4gmesVcKLJrvc^%3LjWxV1_cwwv`
zKTg9xJeJp}!V5Pc(QC^$?{gi}wpfsWi+yiN@s*`A8r>{Kakoy;2}DfiEeJ0Vm+n2O
zP>o;ct9e-AKLsmw(&Qt<QmD4RUWH0tYuCeq=|Mzge@#(^L~Ck7L@-pi8ZLHyKQAz@
z<$12r7p&J#*S(DjPi9&U%RA86!{{EL>@8UR@jHb2`})Cmk%I7|qG2xU?lv^g4*mYK
zXWZ<Vii#NwQ^`;fNzZRy>f~$|{!(F*GA38A?q6*^DL&R+bvok9{Fetei(UU9kZH3Y
z1D60(Z{j|nIlS^?P;I_7r{_MroUwQr9yA?qGYbCzycJwlrLEY^#uj&tSL=Ofg-USw
z%f|wF$BqeqO^n@{x}olv4b7%V?!NW<Z^F)>6@+*6;n5!fCl0*(P}QQ_SZr1BD{O4+
zYFEJ{V#jkjI99jv+yilg@7!OHOkj_%qEa2!5{hVo{;Hr+k%I@l6D-8Zf#uy!Ow_<b
zquIA_-{kM#uE{mM=0}|1y#Dy{C5SSfn;utd>y&=i(Xp80&Msy>cxv7HUp`@B9Jm9P
zzY0WIn46nSCfwQj=p*SH{OOtOQq;|;5AfdxMH6RG9}s$st)C<<8iDlM-`|guG#G4)
z0Ilg+!;F)6@8Vm%pFcW(_emf1Q3YgoqG33jbZ(cVlvGKBfLDyC+(wHtG0JFAvsUwZ
zV_f7B+kpAH-|gF*nV7UR3T_M>v_TBJtKrbJZ>cc+y5UTrtgH;7riY0Q?2<rSSFuv1
z6KL1+E-t<^FFlyz7IO1R#v{nD0`A@|yQQs7T1Ako$*!d$@L|aio{^E{^P<1C7RK{t
zNj)mYI8!<e(XD^@rVBkUBl7DyMtMI52Fgob%L;UM%1_aU)Q>LC?wxVl>?iNET&Y%E
z53zgvZ<QoX(6rtmBK)yrBsU<ZFM$vKio9>5pC>X2-yY2~hz`B0wGXNqwW#FS8$sK?
z#=uuv4wl&z1m{7Ay;6>gF)hFI=jU}?BcEx>z?1u>mf?U4DI}?CVTX5q{=T9GJ-Ns3
z51WqOpUIwS{k{Bpcz9zN$c!f=Teke^u1i1YwYTeZNs4n({z0P()yK;c(0@;i&fuw}
zWES4iGEft$yx_uDXmhtZ`se{+8PZByAx~%uYf6D$=gkfN#dQP<wqiDMaYQ_p)z$ra
znfFrBmoD*q!msl-W*09KIy$X;JXi-Vgc#zLmc^+SBnik_|G8RO*>w!HU{wgfF+uH;
z$+^bV)cyB)q}QX}#~g6t)bJ((g`&n9mmfu5UY>t(v3q#Bjs*vYq`Zl2k|rIDBw_wl
zJZXlo1UCQ6zZ&y;?Z<0BeHwfDr*%{+M)+A!&}X#`dE7AUz->87e<|a;Y`<2?nU0Q*
z@|Kp|u3r-uW`A|lq)<`90y+qMwQqNrJBrU{+!nrvndBMsA7M5aqY_^5ayvwNUCl6^
z^X#kAn5H1FQZ2gq3#7+<o)d4j<#*=uL4D2GL2E`%8tXL~q}%FEd%8DzZw;t0OI(9}
z$KK8N@>Xl<&z@alEciJ%_$ntAX)i^TR56yNd8Ve7mO32W8WnZC(nde+w3E(J1N0?N
zg&KrtO!R8oLfKv6uOaY6k4;L<zaua(uyI4sVXG!uOdqOXCo}o;TbW+mvD0|_Gqbbz
zx3=C{RC@m4fm*+WzcD=YM4<M14gs~)&_LeoC_(h}^ys;d{di$D4N&4iM1&wyXTqQA
z7I{@SxzE<5WeOuVLJW*%f_Mncip^nj_9u?n#zd_|eX&#8Qdcwmt@KPVV{vl)?dLz~
z+nukN%K5E^`vm-;Y;qDg`fX3$*mc)^p{vXE%E6q$u+L%OTi!QVZ>%w*F|3Y}llA<s
zPD>ajVGk+)8sll=UuqsIY>d>$&3Pb=N&6&jNz{d8{Zmw6M(HA5@2RMJ*x*6~6-GJ_
z?A=QXI<|LEnh>(z%b9TZxT<XMCibPc!;#@j?e35uY66pBT!Vd|H3mn-QyxaG5X1v?
z;U^!JC@U(K9~y5x`Mi8^P$&W}{Oc6NvzMV#%Czn6!L5VcpkL%07+p_AJhotWd5`G7
z<C0EeoP`dn{NTD~=jP<C+0Iu(u}LzKrKNdrUlLx(b-Y{a?|GO(C&Mo=1bfq^>y8T8
zxVI7~j~&%Kw$6`Xb#v)TZb_Fh^T<1}8xP<z%<6TB;1~P&tvWNo`%vUY<@G7O<&l&O
zY=rLzM&dd#vKMu(+k#NzfYy$$yVNR2G#0NgX}R{#Zy;lW5d6c;C)1!OEGfxJG$cD(
zd)$2%U{sLI#%OmlQBbcieB1T{f>Ecds{c^Eak$IJa0f91JN?ud7ko8YTkMj5qZ&!{
zNj1#l!(EoY?@^p{Ml^EA=Z1PF{1{80<1^Ej^*N(0VJ^eh1bWfR+`()#m5KIUpOQa8
zY^qWx6RM^C6C>w`pPw22@@5ZA#6@ql?05R0<^;u}+uXPq@?u}gTd&Bep);6Zw@Y+B
z%96dROFCA}Y)?vgAxhp(nsVaTzOMU&7`2mUs<8Ak?W>u<R=lh9HqWZNu<4t@$(~yi
zvJT6`JGRI<&^}~ky)t)HKW&AKp@+>u#*8l9@b6-X*Wd3;FX=e48R!o+Li#ilFW%SB
zGesg|ZLR*6I(OW{{h3xghp!$3nfh#+p7?!U2_`|ERQQ>wl$N-gm|4@)+`0v+#NDMN
z9VWl4ZX4<8>B#~HBxYKs64I}&`0J3flM|K@C4eAW9t?*;PtD*WhC4I(^>VJI<(w}1
zGydM%8r28svw)+3b>&Li{MU4G^aZHPzJv8MKNM5?CI4Y^{}5crvMGx#>JmNHKRaw$
z!@;=SRS4ImGQ7T9RABE0Ywts%3l|R__V2E)96Zd~(ZK!n;N`E>yE3<lZ7PkfRXFxq
zV6Xh^tXUq>x6;K65Ru-O&%IWW8h(hCGk;T{$KnR)A<ANp#>7JpZN8eSnxxsE(OrZx
z@-is4gaYQ4y-9uDy-rx)!wp8a+J>2>ohqxl3$yG4YQiT<WA2jP`wb6_`CQts+Su4F
zSDwWAPXU3KsXyid#T96kUl5#&|DLtGs&UFL#=d_SJ61Xxfs`Y1c`I4Nq@t~@!?Y!}
zom1@k14-j)TiSC!J(Vtv@*LzP;CvpGZYbZ<AxuDG%TMoNFyC7umfM>8YOjz<>H75{
z!RPh9-q4a}<nJUyiAP)4{4(~O-sn%IjzAuz7%Uio6o<LRuEgd<ArLQgzY%3bwO`ty
zWR0Vde9}%^D77>EitkVn2;4CgoH_D)x?WV{xv*CCTw;{pdf_qd2QsRwGWBxO&Ohmh
zd9zw}Y|YhwgoUQwh7H_o>O7&AuiTltLX_IJ5m-&Ig$!)Hk39z#eE#8wEWk4z6!N@6
zt@!-;b69%^-@daR)-3I=8TvW4uTI|q{kKI1E}V9YWSVb4HlsiLuK3ogj&sRvvJG50
zyr)<m8hG`2?kaQr<H$hw_D=5s^X+1y{9G<{w5nPk4xw0UsB~L)+PCQr<t7u^B`Lp&
zRog3b-BeLri!XGpwT!jTJGS4r>EhD&3P}SNr&JzQ1&KP=Y#v*kRyTm}z=aEQ+h{4*
z9aYfQW{1kfuiJC=E+Xk;PkvW^Dr#0JnZ1-z8+vGFf&Gw#M0Mhq=P+#ySw8hBaZ9oW
zJi4^gYOHEAGBddTzPK;}hv~hB>duW!XJNsAO!#xWFFip#N;qR?L7KC!Y}9WVSbQbE
z)+!-HONprV`M%d%X;Dn!e|rxc@O$*AQNOp^dn+(TE*z(D@b(W3tflXC22i_k<Hn1Z
zF0He*o!EFMK4bBj>dBMJ1_m+$+SxwE#Z=JTtF7>yL{bP$e-UWE&e@q6$&|x}!m#Ft
zS35{y2$G{heW-aLxFGfS@86RiquPI;ms%8)p42AQx2fcgqOw@e%;$~vi;6gL^5jw2
zBEzq_c6nPr_6(#g(!(uPGsUR*(@MI=-UpAL2B7$mlsaO`7%pM5d=rs!3{c;anAE)Y
zsbd3GRSiq?LOVBE47jN07}Dz;Vz9jww2iUHY|mHgyghqqJy#d@AWSI6N?KlCerBwh
z2W_Fno|2a+1aZRBL(Je2j6DyJ7e`U?#k+moV?lmaf0y(Oay?sG8R~ch!`OP^tryua
z;9Jkn&p*b{HT(5W%A$A7z)`R?AjzaAB(G1hbai*T*s+`~u>WqfEx6}XS?Sb5e(1RX
zpVaL#do{GKre857EChEny_Qfu#Btss@!D-}r>ZeA0cTU&-YWD&NS0$GOD`B3A-|l0
z2n`J-ZIGaKJ_~A(nC%xzK0dxNa7D<6>(IaQ50soRtNPbN_F7wJ{q>m-tk^S65H}8g
z=rQS58l>btJ?Mfg#FUKE%fpWXYSQp$6HP4cZ}{BKF*A5$ZqlpBpJqK1cV*qbEwcn5
zoYYzorlq{~4`>vS4PuJf$G={p&#MjFAs{dkHG0R`bAkFs!4`n})eUhKH_!fiI*BK9
zw%}so8L$6XiCO-hoT&_dGo+!bOUuI(;rwe}<v!=_qcI+IV0eYeHOc<-3Q#UQ!pnkp
zFZYPy-}QH<4r;f*A14CS(#8c{_@2|TX|C~bJ&7>Ob2(o9KaOFV?4S>*zC6dad<n1e
z-w&e%MxMj3H~sS|{u`};%<E)L0o;%OeR==$^~A_SmvYEZ3)e<6${E7om+5A3B$(^<
zjEOovLy5N&g+{E$%HrhA%znpiXq6OqKO&9wh7koXX-sbGrK{fOlA7A9s;bui`SS<e
zj33CeJu9yg637#h@CruUT6wwm9>4$jy8!_``}}NGl~6)>fuKYvH10lqw&+aMxz>6l
zxBV)0qJm-J7&R7bv<>=`yh`vCVMVMtB85L8EHfV-6T=L}Ks4cMfy8VU;v%A<D!*A^
z4g(PdhWhkT--b}Es&%&j3WnGmN!LOSp~w{Z4pV5t3!DFcgs$ZJ$76zl+-i=+(|MF^
z(2{o^@9+)eI6x3%yjx%$cJyg@_>+8(8>)03MuiBbg|F=2c2_-$sMsK4Zz}rK+&t?m
zTaSeeQqMZnPM@M>BY4$kymfVTNfQV{vup%(qN6P9kPcw>y(&mVLP7;|>$bE1`t$$%
z|Ge<1<^1l$a=VUj3F_>x{;}`8%Wf2tJtjs*M)R0N87)rZTmPL7GUgD^f&S(U{LhQ$
zby?O$O4?E0zI~hU0w;hMG&VDp|E@LiBiVSY1o!hir6v{Yk0~FU-2eBYEhfWXI`V8o
zcAtJmXlPM<uBkDt{_pZ8fAFZ*DU~fFE2qCg_lh!phlB*jq06VL)8(Bj8X6v0JjRt(
zbwtwRB?}9rUGW762Y*185o{fR12d9TGDMf*GmhGLs&|+kJ_rl*M=?hzAT=9HgGi*b
z!r-J?kDtIO3GUC=;q(B<&-}u|c<81<Lf>~j0@pPpGI9$%lSaFhW1wV39f7IjcErSB
zNhBH-OTB&jHaa=v#*G{3@4>PIh;K+JAT%pJKK?;y=z8>NSdKIp&I`W~3XzY2mmJ(1
z0e9flgPFJv5;Hq@NU34-0=T~)tLOTS8^F1Ylb+~KPfwFi3%#@q^mJg+l7Ej(nCjXs
zE6WQr4{Yre1j<GrFT6Mqu%$G2I-%?W1sD6%HfUBzt=8nES6-g;-TLze2KR9%^`oUD
zK@T*JeZ#{6>lwLavI@t*j>fqV2=jv<gM%csC^|Yi@!ZRMb>jPIDNRjH$v3A9+12=k
z*Bu>wan{!r4jji&@cLB$aY6ye1-jMw?f=&lcS2^?qQ%z0^!2%2($G5zy;5IeLYo06
zTq-|i{;5+-_aK^Yp1i(u_wN3(JNqS%NLS>A3R|@%J%96yJg8V%DUvk3tAZjBKfe{G
z#_$jk5qS^~=bOoy)ZOVB2#grl+o^cKH#RntKz8nx_SbCtg@n|usv8;c!C0A;RN~s6
zO>-5WZ~5)(pI~vf^Ti7|%(uTeaq84M;^wVe6-CO7Xr#-);IQpvWMFvk;DJ|dSOqTT
zxBfA2u*_r6L>2CmQ$Kr_6`~YYjy=`gFTjjD<Qoye1Ie4=h$sbyv(99WT7-o8hmUo)
zVew(LIRCD_{lcEBaFS$k9Os7aAUI$02=tU^yKB|<1Sp{u$R_=1u^h>mCnzFdu6(CX
z3SmU^ziWjNIk%qBeRG)+%c^n!oh=AGEc_VOZDbSBWZ~xr84DgrO}D;_UuoEyeYO2{
z<zWOsnm}6J{~9H`tmr(LKX<*nh{~#}5yM{yLIMmKDB+=w$n+h2y@0Z^OyARqE+?{c
zat6Q#`7Rq*OoGs}dI_^ChUMkydc75QQ0K9*`e6EZ+|^YIJC`p`__UQ@n29{vefle1
zK=N@wd|<&#brSEECQ3uVa1ESO^Ge>bib2ODG?!LsOZD<=1W~fO2nhMCQo=Y0IhD4h
zE9=8gy_%K*6}l4RD<I9u;%nGw$$)O;lsM$JXPMDp{uYRL_ve1W{rfAilV69VAZ=l!
zI>zny22iWtFK}^jkzudsWnav>@+14NfI$l?2&=9&oql>wa`X7_Lo>!2R=o(l(HIm_
zaQRZK!o1wOx>oU?o+A@B3)!~46zS>d<~?#kLX5!4D?v4%nJB&G{0X!<L0WQwDKo6W
zQ)*)E51D!ZidO&cU4a~=3kI@16ak$r&QACPO-@^Z%cI#qGNGBGeR}9fh7n^mUYBDo
zg%>7vX3%2mjkB(!2!yK#65(d}D*o_FzgIPUX0tXl!?j;mgx{Z;_iOtr3=*G0oyX~P
zmL5Jkf9(oH7DW1+AXMR@D}@XmjNHTffd{`!ej=C!H``(xgZ#-o4nI4z+#+E)hI;oK
zIzp*YG>T?D%+nZeevUE1IeUP##RRbi=<9t9%gW%dg5&Z-eZ4>OZIBA`rPR}tNWN$Q
z{U!haoZG}ZkoCL524$O|jD?nZAK?Wanr_)aOf=E`w`E&yf~zcY1QHrw!S5!k&;+hI
z*zmMpnZZVe?M~>3KrjfF(AXSB@D`}lprYD23^(*8Em?xZ{Ndxr+n89QD771^<He>*
z>rJM6R3Of7w3ffVGnC(RnH61{X-+LL9CZE)@X>=H9%CP66O*{MX!tyB2at(?H0T|9
zkzAURQ;P2teYy`o!U~z3gC%16)E<1D{=?EvV`!eBV?3Uwm!qMfK|sL(8ve#5Ro>L>
ztSs`Dg<T%%kq3_+-2ul9RoJela_)sKhllE8RB-E)dnIJOpq4`5Mh$KDUI76`1qA|g
z(`2^&2e3$;k?qUme$CSIF3C3sZ_CckF5hvK9lb%m2kxMfl|TAZ9ci%Jfji@S$AKF#
zu9;H#6eC}1;9m9$c-S6NpAO_QwBWbUf7dQP`chOrc{(+I@52)!xBhH#Sk_?M@^oQ^
z;c8oc(kFgh$SLo|)nh?DzkHe>XWn;+YOzFV>FB(T@2nqge-qX-?$5w=|Ne}_%*5J;
z{epV^!w+}hJ4n<(JA>(685PY#V6N!YD~kLi$}<egVAzC22`@~3FMfaZS#JqjO(f?h
zF;otDzq(DdzR)GqM=D=BwoY4~PUzHAk+WTwXGaLpnRW~^#jHCRTwDr3tNofpytJ%&
z{4xJ#AEldht1?+>;ruCGlcUC)4>9l#X=xgY6dh|D`}xUj=rk*O$|!=k5Bs1_{<U-G
zRsdeWZ|7aVwo1Cq)8hSqZ-aKCq14zIqXjBLMm8nx!t`Z0GAYgkT|vWgYV-&e?o{a+
z{%t4|h=!ce>g#rnWkI77B=0>^%8|}YIiwsTD%}MXuE%h7Tm`RED!^?2qP2C(A*>x1
z)DKT(TwY5?Izb>dwKCU>r^tiLatvW|CReTmpcs^M?KKPnu&0@(#|DW@OS=V()HxSZ
zaanN*Xq1$+OlA>^d$BI^$cIm#$en9OJ1Z3NvDw*`Gd~+ihpYa6(==hX$H&0bLd^n5
z%^%Q#WGTeS^Met#Sb)=?%IZ;az}n6r<@FF|V<a1fNWS+3%AZ>%HfQ&4p8r)eQE7v^
zE(lFIZY`=keBF7o$V=jtcG{c=kv$_oy9bexq?J+D$PoSpIf5sWum3=S9WvK*i<xM^
z{hq3qLx)ujaK^I%nif&rn~*#c$s;dD>@(Q;`Hf8pQP6w%J?6KeDBc$h9jzjU^Q8SR
zxwf6gpJ`L8Lt5!D(zF49I%@{ox6<S+><!?~s~|J6(j0H@Mx_{=&fMcj%E>9OMklP-
z+7c?HU)eB(q9~`t&EfZtlUI97c)?D=o!yf3ZBYt^>UVHA+FqLn>Ml4!^yU`#e+}(j
zkFA7f_C;{V+uPZdJx)45)mZL}AFhgy-Rdy$<@u>j)tBq9G{kPZ?6xM0;;eE3ECYp*
zU)``T&T{X}-FPR)mzuimjdM)?_)ts;obqC}AKXp}784Z#H9idrA=bPFlOBVsn25qW
z2{RB@`J2MH#o^mPB$hwqk+9jQB=EfYei>=xV6C%Nn`RxEZ<z=#4G|C*2$a)g)tf)3
z!+BKuetysQ14j8?86~US6@Ko!*HiC46&YY#8s%5v&(s&=xvH#tB@u5UD)&>-2if4N
z<b%ycvee{x6^Rv-;Gi%4TK~#iXFzRBnxUYdTy+qCNWDD&OSX%5gMyk}-{J%lohcZt
z@75~|z*E22A<?@PiCUg(D|s!GFHvV)JMX_?Hc3A(y$3OA@bS@RaHsTwdV>tk#Q=&*
zLyM+0b!=hh$T*=zee&~Gh#RQMglJR`Fk9FzD$0r+9H}LQX*}lK-_%ti2KUu!*p4|2
zqD}gay99s(O}5`B4{j8LUpG+Y!bt`~9wqG3XQ)37*#wrBmTF&Y!mt>Nr0mt{2qG~#
zz{*dKLM!Jt_~L{DxO1G#G602tPft@2vaU1Os*{%#_5r}SpHZ?%N08Kem?I$7?8KIh
zB^Z^tPROeDBf1;A{Ld|OXstvozwRWGV_y!ge138A(Tqp<dl<Ge9NJ^8>8*~#DCIF?
zxztisQ$8Y1Wz=XCNPP0GTt7xffx0}KPIi^xEk}XNfW<S{;T?lchL(Y$spu+_ko3xQ
zNF3llk9g-O*F@)}#j*%2F!jFg->HbF@@xJFnFB{qV+naK$FVK0)1<f~=e|TqpaD?r
z@@TUFq0buJ{d!z}xoepAYGbk^$2Hk25>Lv264n;2^Ee~HuYaqp@E(w#vHMES{QRfz
zMnY37wMnVGsGwjpyT0)a_kJP45u2r@i9FH|D?3>!{OQw+Rre>>tj{+X>vckCycuQ!
z&2;XR3OYe19TQzAHzz#$>n|3T%#klr{AQn?W=Uz)0zG+89CvUKgMfmb;1s#&rM;Ju
zkXy~?!5+OnHd#&;7!4TfJ}^@mUD3&kU!7Bg@f9R`KR?Y)PO>Dx)juYg7l;G_6B}ww
zzTm!MwPNq&#NK-P^y%jI9!MF6N`73pWNv<R_oF`SdHF8WuO#J#g(s5cnvrZD<pM^e
z+nUE$_twVT_x1Ja7SWg6Ub{>WO4W)}J$p8^fA?<Xw{pwN%MNua&;VaFF`*z4EY?=7
zdYs~%q*=k>tsfzBizg=B1O)|~QZH=sathewr9J!xsdw06NTu4t9V(SeVxMDEPwn26
z050id<>7A7ej|SYJvhUUr+lyVZ6R|FJ;2KSMsIZ|#83Rw2><=xne<KTDEw@HQ^1J#
zoBslRLvd#{iLfm%$Y1>VH73SY9<{{@cp7eS-bg0a*?AykPg`6hCsasp<kNIhVti9l
z<C;UL^?HtT;&KKd_X9A^ZtIA531r{9cW*;SU0WL`Dt#QnrV7~@7WTh2_E_NJi{_jE
zcE`z_o3i*ttQVB-<Q<BGQi+czCFhiVDKo!ZB{~hVUfNk%T>(-Sa_#fO7JEgHUzzEv
z6fU`G8X=~XTkJab<tG)9sGoqUYdg!5ZYN|Y-Gi_k60VsvdY<$`HTs#>Hhwub-NBWC
zfq^)@YhD78$Q8*y2fL)@?7TeBK{*(7y~8HV%Eh&hX>?_~Oj69u?3d~6mw*(crkjp_
z`fKroz!PN2DzdC2BhjX@(9ljl31Mzug*N%u-Nu#0*$V6;6a;1u?|{ZOl(^r@wrpIF
z8hzI<C1YQW&rZgr9)`9Wf5zJ1w7szik#t-7E_NpY7qDM+l>UJHndv}fFyVzAyD^WI
zZxr6B9)Hc#axM`_*uTRNclr4Maml(dpn59eFr)3r@VftV5swK60%4<;@BP87SzKH!
zdij$s4!n&hvK7JFc#a-Yy$hMow{-uEW}w7)AXz#8T{ZdlrHnnaCg$e5&Pb1Nl{BL(
zWH^~zv5mMsefD@VYACU5O_@!H_v~8L(X#*jIEhpGvKVo(e0~ZkR}~2{Ov+*DhO>TJ
z%?1XBYDR+~2lK@nHiCAM<?86wW1d{HXsgFthe}FVoHp(im)LmE`1f<ILCuLq0GVg@
zt8y!^OpP>|&t}IRald^8A_WWAUl`4rqVVmPL*gkEXcuj5NkAe^H9|N!M)ld+TbnPf
zYtPtf)TC`g<}3j-gom6zB+>zASItyiRvw9KKo!=bjU+{1I3GaPxP7HL`ALuaW2cFi
zB{5AhC3t_ohZ%dYRzwmPEiE_D(9lRqN+N{KUaI;<I%hJMhR4HJ^9xw<SSpF9wCtK~
z_Kq()-MFzaCH}BY$7YZk%OI0r1$cntD;DjG+n4`rn16rZdMs*I%#DZXGSWgM0c0T7
zjRXR~v)JdjLY`SYT?MA!8nK{Da;z&pe`cJU=&i<^rq;bWwXL3F{GxZs0CDlEY5b;x
zS~@QT0=EZUBuzHpMH);^Kez*jH})g@!B16amPBoPnCCOiREn3#VX)nr_c@l%q)?>k
z?K{8wJK}2kWz_4f619uD4Gax39Y?jJ%v4VV&=C374B`6EZq1!r*aV>3c0Z0byFvtm
z;f7>ZH8h@%?sFm6`O#XOK5>u~CK?vyaz2ppTwS)u3Tw(Gl7)XjF&?L#riY!}E&STO
zW+V*U^`+<N$6X-lFw6o7faxeprpxqYfO>I9@2qzXDcw1u8uP66Bi_CD4Hg*hk^o<t
zKr~vlFB>wFsbb6-9WbuHH}?`IFP_PAdxNkkpvaxo7HKZ7KCg8?4ZafLbMhD85hU7!
z_7%6@adhW3ntdcT_TR^_VVtG_tX~Cs=eKP>ed?6Rg#QAk<hM;IyT2p+^61<z*_m{G
z1B3m3axnW1+^}g6!jY6sb*C}AQ)lofIZ=1!%!d=|DkR;>e-A^&LOx#A4sg0)LWYte
z_xl<Sd<=L?mVeWyiW~cfx+b4{a@fJ<T)cqK$gjZzb<)?rd2udA%DB);dCWZ2W~+w_
zaDPi0XWB|zN3x%lkhS9(f0d;-Svl|J*CGei5ie3~H@9s>AOL!)dV?b~mS_d<YHeFW
zT>_sotI`bl_hD*1ukgN`j5L1z8a?Vp9t40Cj^S)$7dBcRmYd4&`8E_K?OYi<@O>@{
zMXT2zjak%lgy!uJK)|eRAo!Wl-tXw-gmaHG0@3v7?&PwViRSBbKwQkzH!to4=}8&n
zBZ&5J2jM7+b1sG|L3GQaSeZItHXJkeDjGBN^O)epE@XV=zi&AC5g(#aAC&xzQy0fn
zgn?6pATnn|<XQMUj!(D(yEFBz5iXhE2(4Uea>Kr`T4T$i?ryDZwa|J1jQVzW4Gg(b
zIram~8xT#nd1z%}=s@wP6;n!j5_W8h`Y37=_`5re*hPUq6AdO6*@`jH73`VWKtwmo
zP!Kp9K<x1}<(HH$0=&xcxzKYhe9;SMf%!R|pQp~8VfX*l^1@>RQDEE8omWf0v~u&w
z*pQw6cY1d8L3*_a90Z3rW$EB?7b|)a(O~ql`Y?yP`$@jhnKN~p<_5;ch5Qa2I(Tp<
z{S7FD#nWr6OSWKUQ4rh`*Y?+`7e7$S`G*TY!jx%C0y)^rM!LiBkSqqXZ%=M#W8?Wq
zCI$vKlhzkfO@g$PP7^(b{jSpDztkecEPpr6Rgc)1VxZVpPF+GKJ^#<+Z%~<ftM(Pw
z#?#CFYHc#fxnkfA6ptP|Zn!ByoGO?=pYLV((oJObAWThZi0i1vIbS#JkzOj>G^dqt
z#t^vKM&g0PTzZeANAF}&&jL0=6~rGCvFKR(mm3;bh~&O*{yd0yHg?A4I(+QM69zsJ
z$)wAxp~`=0IswT!*<Gcc{0GBRD?LXVx~I=Ei(?#^4vRdwJiStnmCB#g^z2)ur1VDp
z)OJ5Isk+Yv<FQhswk&JE^)N(w&tisIC5YJGsCRUn_-fAUBM7s|30WoUiK{(txv(dE
zr5i(f6f^Xa<;?QSTkC2+ek?<c%d%z5{vIB|C#rCJCJ9{x8Fo}$&jF`36z+dlIPfV*
zsGNKr6cnUA*@z4eg7i}fKean|9D6&N{XQ$_|LD;s$f(v6B+(0Y(1;j*=@^4^dN=gl
z6dJyJz(3qT<U9P_c-XdQe=akDaU*$<VBz*B)v1%l;D2HuVZoTg8#odg&9j=C>(Jkm
z8y|+igcpEx*(|9fIn)E2s9FKqC<B=_p8UUeN^J7HCGE1#`;pTYCMLHL@%3%GUL`a?
zI3+Meve@;rmD_ByPG)v$0Gv?Z=WDopaZT%IPcaR${Q?2Ik(7(g?3-il!wzWZnBqJ+
zfG^zP0gAK4q;+$v^b&;}uNdv7()o=5f4pzsrg*Hn3$^+6KdH%97F4C{U1KIb{cL=C
z$l~y;Q{kjn5XgR8WUdpv?$V6JH~pf+9rH_pqljxpA_RAl6Lmb!g~WkTdT3jrS~D%9
zTv2K)Dk?HVG!zMJ2gA~T-=jSy9eKTF&>0Yu0Ax~)^N`+km>dUv8y^osr(w3Xy3)2-
z%`YNxs3P%;8DeND71%1<*f;}@2YM);xWWl=ZN3o<5}4js9)tQmv2p;ccrQ$m?d8>@
zq#UnLLPYZpTNcS8r=`?RH@FMyN@VC#WA(m=&g3DWEC7C_lQKIyJJ5*DbI&j2Ou00t
z8}eXiwigX8RGD@V$zoO%5T}Ohhl5%@9-SSO1is99@DgoH>IEtsSvH-AuXg4#LSX|U
z;>J5s;L7(OR(-h<$<!qDhBA=`g*av~fuooVy3P0byT;Vxm1B=XE#BB(hi9-uCD`Zk
zlNCUT+X3tl;D2w=T66=jhM@t*G6@pdT^YvmU2k1B0SO>ex-b-4he;a>@BsJmzP@eg
z<S7R$at`1Nk}wtlz(R%YL&j}hLvY=q7=|fwOJj$Yft|CgqkvdJP$4Dh#z4(*XWqo2
z-qyMCP7e5zlSm$(f**z~)5k;p&l>Ep#B<l0Ixjnwd!@NhywG7>um5+|>1XeNN)aSE
zN6fN|GfHkG0A_rBKkjbAH_Zy#WPpM(_(@x9&u4T8Kr}RJ6L!1Kj@?#f<oR|dceSm+
zjAk>p)`cgk*aNtMKPlSu>J5V(iz<?(_|`1&zKDqDFlxaYR$Waaoonk4n(yD=VDps|
z6E+I6Z7@ZNtXJlPVQ63@rt-=uaD#enPVXjaM;RFzSxJ`?!gI(eRdVw%5cn_gE{ELO
z;$)@Vn^;drh*ja3e(?NknSDQp@x38)khCXLjF}Ckoc&5YdB`Ub$i7k;qqlwgMlMdy
z$Ck36h4T`7dsREMr&lJXgx}wEb?x_DTZ)<2<sE74dgZyc%6a6*3th|C=)?tQ+6x`6
z5f*-7!aj8NrWgheCdgQWz5HL2!kCU>LJ4%A26@Ua=GtmHjCZ+<p6J&8JW$^ex<}U7
za_B{NE|mhrz@YY@f(_J#$guG6ebGhOjZ85t(3`u2jAYW&h)DBF1W*jzU^mmkYW}|S
zuVPVTNp%+F=U?o3>!MeYPW4WO-`xidZD2^?y?YwifY7m?ijm{RY~MA59=@5MA|#j*
z%+3-bf!tIEcl^9oN<4Z3SrUSU*y`RixBw`@;O#7W<Hw1q+Qa5raK2xjX;kkQl_%FP
zHf6BQ?ca~Yn#<ZgBPS5k&X{{)ZWTIjfBOIQ9W&_=JwDj0RkPy%YKIC#HPF;ANUB&C
z@jRL|N{YcNn8qK16+zH;yx{;FvHv$lf1jSN@?z-r-UW<!knl)43RztcUfPZy;kslx
z{Gg2RqUX4C7P6bDp{wojNB$qez62iX{rg*cDY+^sk`!erk|cymsiBg+td&I8vTs94
zlq@xNVl3I0N%p-GLX3T16JzYmjAfXa=X_i4@7~}4`9IIR?!DZZG4owM%Q^4m9Hu+<
zJRY$Zo_R}8n{|KKbgHFQ3|+m$ZK0Ma6IwTChl|l<9y{HDI*<-k@9$z?*35xV_*;y`
zZlKVl*_C?p%%N)FQB#)7)Y%HceE0jiOyG>BR|8?=2fVeJWhY4MV7jRYA6S>N>+@ts
zRuz=m%8;mlME%xs>tSg3%lw9oZJ&h8>7&=eQ}P0!Bmpox-uC95F9;Vi!8;KyHsYF@
zrqSKa`u+~xZK_$^s}wpADf%6F*^xO&*s=yucI@TtnzQ|&sc}sRM7Uirm?5I;Adou8
z<^7at+iro%Jdo2sbuIUY>>VLW{1CbM0Nnt!x#U{k_gEY0o@U>>7a;;bG63$Z=TM**
z`YPP~PK6xe3aDO=A3uJ_#N^m!F$sMr8vvFX=um7>x(_P%AqYN5(V<j46j(T{wQw8-
z%3`Qeh0p^kD){7`cR)&T1mG`7S)nG2u*CgTpc_Hr2Ni}YVR-{lm<z9F8ypifJVBmE
z`q@HykkNQUlxCllQBS#UPRCj6{I&6?_uvp+{U7R}-75cTgIDITYqVEmh9n3q2ynMB
ztN<IPKi{!o^)Lt_hhS`ft*?KMHg?s>FW?aNAqGL6Sr|2?CdSW&G}9+Gs;!$IA{3Dr
zpW(OwCb$IZRWOZtC7a}_RkAW6ym#SQ(1I<fw$@z9@Yd7<9Xr_Cp;3?&l;Vt+$ekDg
z`UCVvZ=kofl0(QH>shD?y`7%Bi>>U_K<Lo1H<9H-$Jol;cKoyH2M`lCpzD13wstwg
z%@7U4UKARoq+xdS=+U|Pc|j6&B27~z9nnJTC*O$ZloS_NXo!@<yXgUO4uUAr)?zSL
zfd=2Fq(sI;>322He=f>D189(7ZT0*(@Xtnbf3i!V8bprwB#p}dkGSyfUqcLGk5aqv
zSFDCmH`mV@YJC6BokKTB${PQgub0R|`xl-~I1ce~alUMg<V9$p!!BpQoLLR2Mi<+E
zy}9m>B&ezvr<$PnqS*Zz_a86jKi*3AR^y-sGyg9~?y}*kRGZA-hx(siR9BKj$by@g
z64h!C{%QyJ=VX8V6iSAj4k#s|Wx+RByN<vYl3Vt1a;|5Bo7=VjAK(A;SNzpqGMuV~
zpRMggpGB3(Fb&OCsEGaPH1_vjkPq-Fv1`#l*ccyn6jUI+`BoRe(jo)mB!hkYOadYN
zq8=6z6LD%LKW#B}R}B3$JT9ok!R2L!9hWr5_<94H75)8)@4Qhb0yix_tO0gV?2dh2
zX6@;(D*xGm=jU0gcBgKSyc%4mR+sQw`w^03c)$LG-eB$+gPOGI!V|SruR~kE%R_NM
zP)PuJ0%ZL>-|zSS{D@}r8sC3+t^9pf*2raqar-|Xs?Nu@u7|<%v!2=C*Wk}DqtO~^
zzHa|ZJIY4j7nz=D{Izj$^Z)!@wq`EG%<!J$AH%rrX>iJpw}!j7t*n#?h-kc5`16{<
zIt8N*g%UW=G3@H+ftsYgeD&z1V1f3$Kh>}6vX9ZIX+{74OVO+xvMc1N<+DIB#5M8r
zL5|$V$u$&oeY)OqS^c-m;-_~1&q0?RBy?ViFTA;K(CVNm$rv53!<D1{_n|#q`*v}S
zMl!xMQ{+!FKio{~>=@0@^gMLFPW>MW4>GkDKlodB{_{@_#MI4=a#udcJz>xl)eXQ;
zq&XMVj>yvgJPbrBf6eYdMC(5vWiAsHwJ8im^@FK7F;JHK&n@`JPx5Ba{=XIqQCi&i
z=h*-8Q&sBNo2!RLPtN}1FaG{@6bo203q|CAQ=uIQy2^KQBS_)u{_pEcGR(BJ@5wHn
ze~$j2KkG!ng^_yc@LiRE4#q!+7Gg9}nym4!EB@ytwh$H1Ln+?>_imUA*MIq8Qg+3v
z3A%dy{z8NO7yg28S;xxCdP_&gm$ZA=uJ@q3gv}ASttSwK%DjS}NnyD4Ol|w+y`y10
z((nZtIAj&f;AwI!W?_0X|9KPCX{u~&+)1M@5vqPKS=Q%3d&W5t9fyeV;1ORCbZBeW
z-0Cbu_9p@k$mwPE<c}v~5!yAEV*Lylz{m7xnQdFQ-g*vf`eAu_?6EgYOoE@n{>nbg
z#3sD{=NgoF_VM?##db4(i_>x+DU+(R7F=ymEy(N16V0w-dtuR?zrM>w7&b;wWiY+G
zwEpF#&wtiCmwI64?=;6_ztqId8hWRuK8(n3sIPw(5pnxv{iX{aA<4uR9ZuF0*}?=$
zrNf|#1(ZfalD7EH2w8xHaNkFEe<6A;Z*0pTl5XT9Z93sGZu#J=*`HOy8Yg?f<Dsma
zJK}Jd)|og1YVpgUsBpsfZ~|W4R?>)gBhaf3ZqnoGejtc3G3(Vf^k6x5><R?=1$|y}
z^)^#vvtZ*}OTk0R-*eF;ia#Zz2zhnBgLVz{y7B%M44K|PH4+Qn6gMUFmi!(^<I}-l
z&H$x)b0o*Ueal~l2p~m4TsTLsM}-zPmY2DL<b$p^4f<T^@+i3kJ<9Fd0nrBBl%|=y
z8h=HzM=#FG^Dpl@9J=MjCzaJ||2q}W5gqMeCSb!qa~Qf)8Vi1(bzPW*xz-V=fdZhC
ztKce+l+8wvjz0nZkfODe0LKLDn1SZ+`C=UhS=x(Mz-ZPnK@HqPA|e6N3f93d*w^W_
z%LcM?Cb9p~y(0r<LG(1=M)(7#;Z<(<*oz7m2U5#_-25{Sty2LyXF6XKD0dMzPzL#)
z3X=wO$WjT9&2e{fIty?baDS{!S4+aY0aIEBZThx>Zo*GF%#(Mk(vPvxbxdI9I+0~$
zY`h6t)H9vG=yvWqG|dKh05)YrB?n31X{)NfizG;?p<QdvjfbGCezan<55PJ^XO*MK
z0<g~&lQIO}2Ey;P62EE7J3%t7{|K0TP$(3{l-_}XDiHx?4_hCAw_kd-Xz%`Q5!W_D
z0ZJ!l*GfDdX#=ie9|HtC;3Atq$Op<mWW0fyyE>%)?t8%3p@sV;Fy7h67-j-0hp@%3
zf<~-bAQp`H3_vyj4&I50qr0)9QY#`C6)OKik8GakNPjifpliyl09qRneP%^KET^V~
z60D-7=Q8z6+KgP-(CQ{@`(P$-hKcpsW`5UUt&OH93atCK=G6o~fC}g-8}Zbb6hTm;
zAU#^|-8;<mvA36N0CXp{wc8-5lAcUXOyvDOp$V|?g~K7SF7~2r>DsIiNE^E_fJGBH
zcwhEB!c<t1@(*;5ES-m<bEj^f{`^_w2yFcz`AktS5P^$mx5xnS0)_{4$%uVCaugDq
zLMR#{vS~|YW$OmWCOdCmL0^L~i$i2>`-PjIA%_K&0F-r?ZkY<i8#jYQ^%96pZ{{Sa
zq;_h7q&+^tdPwUVw9`U!IfP6P>DF@~2MwNCYZ+y8q@{J1Ub!Cx=|i&S<^bq!piH#;
zynKmzX<6tZaX?Jc=yiDb*5~p2va+m9yHeOd30c1;zTm{Q?$FVro8#hmua-ycaAakL
zmIR3NQK=6}0J6M&kRYD*;Qddv-TTY)+$aOda&$L1V<6g*3cz5KwCu@!3RcgbI!yD<
z!)!K!8#g`Q1fl7b`p``Bz~Dox-Ty7(+YVwS(Rl;Ruf;`ERr|Xhv^G)<I57WN$RkYw
zdqkeGmWf;32J3tnY$9<3kSBNy{}wX1yaK@!C}EkHiXCYCLPOb`i)>A%1}k`EHaOn<
z)|D;&$@}5pwdc@tm}jt<{TW-OJoK!Uf4mFJ!j+WQ08AQqwhfq`Kt4t9g0=m<<E#Nf
zZN<d2&y9S3zVFnsI;@QAnS6a;AyXr-kug1pTRQ9e>eYO^w&C}=I0fl?SoeHEC}RG6
zTV*Bg4q2d`$KkVxVKdjhu6znBqI>|oY&95k>+Pn(a9))_STZ3Q<XWknAdo&OIo6Vr
zl51=AIM7{-kcy~}Ke+*7cz14y*R<*Vx}$zPxSRl>X!g=`5%5We^vu)q{r%c|z&A`<
z7#W$rGOiGL2J$3+Ic&}=aVRs9o-@s(Tkr|y92gRz-Xu=C9_XQ`Ae+!Jp}(5pI?q0L
zt;h*w;yzl<f;cpUs&dMYtxse9Yp<w|7aZz%{}QO_?8|f60G*sIk50<Tg5+kbVRapk
z!_=+st8aXgw>)rXloe(`^3T6ne$acQrF2Wr`^QHB8@xFwcgb?$hafmgQ#uHeomrQC
zmjpl*PzAOT1T}UN1whd?)4nm9!2#nN2!!jDvOXw(%*M&-$--r~dJl@0?~`$OJ0MpK
z;}m>*X$58A)B%N+b+kihhj)qN>~|lYG2&D`Oj8g@`;d%=JE0956iMTP!XhrcOSC2N
zW}FA(6wS{xe||iBBz&<!5(+0ZOX1~D=<I-gEtx9-j3K3C!225KI0!s&&D$bU?o5FM
z)_RaJUE?)Bl1qJDd#|08ajS?qRZwuevw{a~&3TKHQ&Ve<seZIu1BFpDPmt=pX#3{+
z8L{fn?5ks^E-6)Ld=_B0*{`;%Xrfr}M|^qWCE`Vau%dmt)CN;<htJqZXjNzDh@D~&
z=$Lv-S{*sdL+I-MR`tNC4@ST&sfb=GkBue`pIdS<uiL^S1gUV19AuywP-b^BjD^ch
zPC3BYDC03V6Fi1&irR+p<|oL4Mcyus($QH%$Dp||^2ib~JfVBEmSSuV4K4YL*2e<j
z)!FQ~gSOVHQk>vyi?fGz$>{(nn*$T7cr^zktJQ0}_?7nIfVUQ?Wf$@Dd-0l2bBS#{
zr#FYPpe$PVAV&~jccRbE=uT%)QeCUC=z<Ov=IM_Us_PmXJ77b&pM8tm{=ry!aY+mf
zck1#|XHjE6EwQZMN_*Cz%<txTAky}z<6`K`BdiTrNtL~?E@w~oKI~VK2l?fAX~5lf
z$@J5JL_YWOPNS4%vj6p0tabTq{`B@VprK61zU`N~xDQbKHaHFBEf*k^*U5}j%hal>
zsv?>ydVBBSj@L{t7rU4qvsXm#P*g(_Wc2;+uDfq%Y909^bN{O?oO8+1>n<w1adBp(
z^IXOzCR~$lRN^t@ih%I<<A@H2-e6%my5nHepi>!o!H4-_+mpFtOnaWBs>`4L{KlVC
zvSZrcy0bRu4FA!iU@Nqj3dNps{s1udag^_i7j62E{fSdk>d+S|ac5$(IUvf^cWtLf
zBEG0A)wz#wY@TRKO@Jac2I7Q}826j9uH@HM_f%p0vZL!yP)FwOqM@1khi;23v+1Kj
zAQ2;y+>VyZsMglH0{@USnI-ICfEK&^*$GalJxyO1n6B1&qngvMixwlLlbz`}MSm`W
zQ~3e0dxi7VfsRajQiJ3q08niprF0zVG=j2uz|Cr3HBHg!M;9oCi6p>87vkkLfX#cN
ziC4?qW4Sryun;P0_padZ@DzwQB%p1gs)U(<u&^?T&=Az{pfyGHNPFzv4Y<09mF5Ec
z?hm()o3&3IY)`qZfP`P5p*7CwCX>}^dG3{>Lh4C=*=tWXJX9P<23Xo{aUIwkbh5vj
z-#)$<Zkk|{fvo-1@@qVeGTy9zMf?=G%P3ki%}y|rKE?%a$-JGTsGjVe!fuFbiX+?Q
znb`-%n_YScgb#A*Kj>s~in|1B$KJMiF2_^IkQ<Q#DB2-SFY$xJY)|HF`KlI>EzRmQ
zY#U7M<r{y&wD@T3nEDypd2hV6;r^-GL84t9(ax85a2+yb3Z+3}^KhWF2=gw0n@0_*
z67dliVZ`n^kdd%|zfP{{-GCtimr)H0qZr7U2nLZ9)sbpw2;|*)YDP3-mR8|<KToH9
zdfsZH7iXANb1(bWo_+gFHD23EN5ceZTq;`oaQ9gZ*C}KJKSQ6rH<W{)sNyhef@?;p
zWHrwNBD?C#7d;K^D4~!4A@uK4d_O<ss|Fe`&E74&S20Ow>Pv4Hp2r3?j|61(uScG4
z28pb=_nce23XeUp?>3B*)5Z(;Dbv09!WfKjmyE^oR{QCmc5@fnW)@1zE79?rF2!do
zZsGQxnE94157XnyL9_;dkiKjdmfar`K^^u^fk<?jY}f{>@s?bC64!+W5&e=0#>_*0
zRHTe!fc9KYEOo4;2CorOMu|w~L-|NnPc~Iw@1fIum{&YO4X0<eeedzte0i{&8rAqO
zMTWgCy#kzwq`~a<8)rVh0V1V!T+GN1|IS@y5t=W`BE#(EY-uKl;$>?b+2DSGjpkhv
zdNHCdOcV#*)z`0<$EQSxH9SzaSvZJZNOg3|9SowimuRcN_&}dD{&3JGB>^zP=n*%q
zOuf`F1NX~t!Ng+Lk?PIz(p0eJoXb-=)wbu8uN>4Y$!9H&S$Xhnj@cbhW7D>jHyAz5
z(qm=v-RToQUa;XOL9-!+n|$;7FPy7xK}WclwbOGMsQ8*yFz^;xO}cX)ILn$-S5|=r
zyaAtk2xrJgY>G?hIrpf7?;)yh7t4NWa%n)-y=+rhxm`3DEuiI<f%A$nN=>it9%cOT
z(I@6-R#Oeis4k=J+L}Nw8c}znsVNE;u5dC9(c;HChX@rB5jr32BC@S2+*Q(Cm#liA
zp5OrXGzxRtrcFS0?NPEgKHW&s92ktA!p8~lW2BuiTT07kqw2kX^v0@abg$6>@Q&oq
zB)mDWi8>_?mH`uq$oPIFrDw5B(%FgTWSoIE$ZHNf$g@n^Zy2=MD<iK4w;Xi(7(N5?
z^RC5g%sbE|3Rl+54Q(1uP2RHa)3u=5AM7{Jg~8Zq+pR*LXI9!HYM_TJwRzCh2Amjs
zopaZ;gFpAGH=p)UT<eiQr-nd3ztf)EK!!ECY1)V!F6q~l%oie}ucJbC{_KPv&+ttJ
zcsl?VxrhW6sBvYUtFGSaHY0rU<jrSW<OvcRiHv?%93c4qoucLB585g5pp-J}&5!1L
zI5<$YX+YBFj8#jVf7acB{&qS3)J1Wc{|eI+W#G-~_Zdi^D>VyPVPkt^!24zCScP>i
zbnBg>L});rR~C1x7kq+ZVyckEEEVCwanBj2?BT&!zs-GbJBjm*+ob^CIPiot2`Br!
zDCoA(0oo!9kD7s_hsE7~WhM{`EaBk)`rSwkzW(;I!ZSB|rt{W<1%vzv^|k79U&Y!A
zL7<7ROLpGIyt8Ax*{Jj)7SonvqB7DwPZBK^)|I0>NtVgkXar0QLm_%`_h$Zr$v4mx
zqhxIBrF?6i^w&){QECe@_i@f(qHN)SQTJS~AD=oyi0$)E2zzHx=IWXmag+JTA1#1x
z{H1M_nf6|%ekcQr9Gd-1OZ&)*NV_RW+4pPqme>)$vr~iLfgn9yYq|%c*Zv(@@M2TO
zJ7-ap=}whx^YdvO>e}#QMJKR{K=gRULD|rkXU^d$g^ZAoLw3?6iCI0%rLFs7ER$OW
zeJby+Sr+sf7xa!kIt#r}5`~ij_lnwV;)VL;{-VzPJ?EBVldi97V91ot`u0rSrS<X$
z9iI$cbn@PRF64x+7Gwv_5PBGQ7vOGEB~F}Z*m}-xvZLQb^TZOz@|mdXpb&2ZD++dY
zS`vyt!_D|AR`#I5Gy%Qb#EWxnCWSfYeE47on`>fHQe7k_9yY3Oi!-#x$WGFZ8$6$=
z?5fQw9&s&AH77|mwLK?3SvT*+R@A`LXPy&Luf18?_#c++wCwvK@y_*X<>oZm*b3Ek
zdzc;(_233Gv$BR&-D@tHy`ho!!mN08MyqJ=>#p2d_RrSnL9~!<B}?76Z{$cGHq{1G
zp0kh6Yo@#Sh$O_vYpizY;<`yLK-QvfRL~ZWR+|(_R881MKpg@7M;?8Sj12~HDg`}x
z)|z^HZy`9Sw<_SOx42a?&}9O*S)^9NImPHo$no1Pgwn<A?4DBRoPY=S1;oYGVS3@`
zr;G}EDK$Jk`gpkx4cdIoU6dL%j!c>jT%Ey-HGt@|px+^?{C1vF>cdp$ED!RyYGNW>
z8?$!U68(s0qE1|SuZe+jN})zNURS~w>8m_n#VUZ#HNbmW#jI=fIXDwMVi599x?muU
zySKpHkXKf61Kj%a?kj0)w{h+?y|80sBK1c7{ZmDrSdF!f$ha7qK-z&M2x;6Jt)tG@
z@Yv`(fbMM5!8Krj+E^s}9(|hB&QjxFat_fa0S&~QXuYI+T+tQQ-ReilMJRcvrmd*4
zD<ML|a>*c(<C^x!p*M&zqBPS_+fVouEh<>uCc?^29T+4s>zHUS*lcGO5=JRD<(#Be
zi<61ac8iI*@%``-h&Hk&>Na4V6+wEBM0f`+dOL)_IDG%Ijayd#f?IoCh)&+ASu@Wq
zJAY(c)Tiuvz7_X{#LT?2QDRx3=yL){D71Vfst9W*0}l<Yq+#ldKaJMypN2KQ7OpFB
z@*m#PGb)04`-S9$aK)M#PGeG|(392RQxE6}%4FubA)uSVa4TC?{IDPKmsG->Vyqmi
zDV3)$D+CR=szAg_b`e={-$|k!8q4CFNQKrlCXItN^UEtM`|l3H*X(bV_1Gqqk1ja}
zqU3ur$fe!GzQW?Mi)#1SMD~?i6&^TT8%N}RFfBmgjm5P-A-7`2V*6qSnMfbWT8@a0
zMpuzr7jWgLdKjzoS7@^}Jhu8Bun)lwkOtrIlv~Br^!Y2DLEA1;j?~+oD7EZX_E_eg
zH?8Yluhr%E;>}n3yiF)eOSC~r2*XahEuW-;X{|c<#fz(#2M(kPg$N@%PLcOtdc7=j
zQvG%=`+EAuRwHQ4W!6kg&(lGA6p6GW@#jj1(Nhm!3^&<jb(&%NEnL#h8puw3e8LsH
zdCB6`+gZk_^>L4e80~JZy0NnUR&3bO6_Eipjr^%iOV0^S6oShPG{6#lJ*hdCQ8!|M
zcMcH8lg3){M{gvn8`YG@!7dz4d^U8aJxfy;Zn#p{+gSKc!xsA1ucJ~H#1?)C3UlW(
z*!S&A(aF=VnFlo<5yn)btH%uK+oY2(yJ*bFN~1n;4{|xP?h}~dI+Mrjq+hwu?M9wr
z`oZ9#f=*W4U^R{Jhr>9TV_7-$3%ltY>D~(GslMs+J?l_vnt^7j4_YHczsdS+q6BO2
zJ0&_=kKHDHoZ<33?T4zr1_nQ@E}96A>YlCWom^-1GG|Nh<|)ez`jRXEv01_3NsTt@
zW`K~fFA=|Nn4w4$csNd559p!uEFvt<L?N+Q;0Afs9GRJuX}n4;5Hz)wqb&w%ey~~C
z$_%pAW+jp87F26{gCyD|N}Wc9%F}Hl-KGi-1yi<$A1wFct@I$BWhflH+uGEM&jr`W
zsf$?PuqUX?BWbD$NzI)jHU1?-LxdHu_nx_kwV!Bf{%C^Lq)}P?-j6}H;MzDuNZjK>
zT@e*HdkY%z9kF&tE=|_0qUZA4&@Q%T51fi>IAvRpJjwLP9<i2WXr=Q#>|36P4bu|3
z7UmYJV@`VvoTH5xjn}P7Yx8%!8kMq3Ooq`28DG}0EV5S+V=C)-<fdf8=O6&oZ^{P5
zWB+uSYtSfx5Jtdy=DSeLP-@q%`ME4kj6%EE-s$IismFcM8$dwy>&kg;vo;%8TdB?k
zdDK;mQm{Z=?9d%l%WMVBy>W>_VsSQ@CK%`GghWITZ4DrTG%8$quXHzzVgS`1f}43D
z(Glr(SQ-<XDqIcIy?9YUGvk&Rss(aczZHDNoTpib-{Qn79MJYedC+TFc)i-f!kN))
zZT(#{uJvB_o(amf?Y5hq1wObxK3hTmF0})$#z*!{!-`|=1%~pdEFr9yoUILGz0jxM
zS^2KVuQ<4-OJ<6N@y13nb|-rV(W{xA=j1&)IX;6}1uxM>q_-5tRzAmGXM7`&A#~=t
zyA^Ls$*`f01j_%o1yd<g>Dsk#_8!jBt{~=z3_}1F2^px^+C=w<4<Ep0$=JJ0xpDPH
z*bmMDnuT)MaltlMTnYtrSKsA#;~ge5?EwZ9N3}q2BYz@PW_rzsrmtM%KKtlUCnb<a
zzR`K*B#8d7t;uL=YO_^a;k<DLHd4Z#0#>uP4%14de7(?lI16l8p+?kl^lI+Cs!q(i
zRh>bTYlGztnhoN|k6(j|tqVHGq?`jm$fPZReiL5UYU)Z~kNJ^yv1F)TbUUR73};-^
ztjX@ThUA|iBj{$+xyqlH%ER%l!`TDm&B&8X+J&HLHHDrvn0FmZ{mBsj5sKVE@Z}df
z5N3jw(&uf{lxlg9^RUvJf_dlH%Bx)PzAmfoqCCzJM<zeBk&c!ME!sn08VLj({GBQb
zY`BxKQjsAOx{5Jt&&rh1%|9I~s-5+Ae$(0&^<>WBtEiqlVby1wWupl61?eS_{ju<f
zUBm=~CH5(P$6VTJ2XJkoSEmbH-ZyLjqqXRq`9XGeew5DpA!S_b1UNh-tophxmN9&F
z2AP;d*2L#Q?dxkfcmv1+3C}fHz`*!-+S8tLZ(@JFJdMnhK)W<+0DVi-=X-`9nbs^$
zPc)ZBLF7a(#oujtw*;PtO6p*syn!ZRl$cpC&=y7_aA8M47K%dvLH=Zqmm@EaQB&Mj
z7Q$%moadb0H_t3CkH8Fspt&}~kdZU*7HWv()ns)Q=S}90Q(bX2JhNt{Gqf+e6-&U^
zjL{2G8`&$`0U3>-NubH*9Rj)KDQZQ&%`wzw4Q}}vW*qdE$8t*By-<Bx@gBhMR8aY2
z-oYA7?0-4yq=}Jz{M{?bV=;nL!Xg%Uj)k$UaN~x2hjzlM`YoD~xKC%(&wHt7FzBK&
z?e@Om89}f7R`$J#u6bT$;PLZ)F$dvZnpzcw-(jQ|uMslQpB}b;!v=s6az{Het8Yd@
zr|>3*`<g18hn;qPDD#dT8X6kG4;o@@QFvjfTuB;hY%eXcWoKtk1oO9%X#*?){s*L5
z%wMSFbZ3}gx!*x$*xCm<#Q7|J|GQr^wbJ3^L9WUTow(Ww^hWy`P%^av_(-nzW<jnU
zsPq!R_^R)ypM8;AM;~(#O&0S%uu{wiSINhp_ZCcdkh&;&9FV%FarwlK%c-yja?m5j
z?TS6^R45)T%f}bj*1-7QRv9h5zy6A%;skNs1|&6yEKipD^$3I>TBd-*j5hR6bjadH
zR8XkqHdg)i?SpQl>;288E1HiDOtx=hX$PPqsbIiG9fUDzYHAoU9K@0apK9s_`A%zC
zm#>6^<Nqk+rODU{(OOMQ8@P^u9aY<Zg^smX;lif3_d5!nJEvC@z_aAyuwT->)Kf)%
z@TwYY2d9my?NBZCq80C;u!E3*z}LbV=<5eTr|r|F%aw}$dv<ZA0TvJ`Zyhs+k4gq)
z)#$~NOr+!zvoMFZ$rhH5q-7^=C6!Jn`kfIdPrn7Jmh@ejIQWxN-t}<93lFm`lN)H!
zFCqXGKpxuVxG)d?T6P`i(fqKy!}-0XZUU_#O;fQ10(*Zay7Ne$%wNMR9$Q&u$?rR<
zkOaWKT{hn{WfID_f;}kRAJ!Kt7KJZ`aap6dDFMnxjNF<r9ngElQIq<hVf;XES%JOz
z_3*hQ)#f&{ygD-|uPCI{YVu8ETGv{(%#d+lGG?-mwzftlCbyoxKYkN8UGmI7Yp(h#
z<hi1QosIWxD9;Q<(4*`YvSk^3_AWozSUByHs2zYcayNXv3CJaxn2Wb-y)L=ZH&e7o
za4crfHms3Kt)x1HpOmj-(tEpo<r?Uq3PD`${}+}(uuj)nGHvX02Hja?r+bXM%M-b`
z((U`aX#iAepZ#E6;XctrnI}=tF>l)@=AIho{*0>K;OvZmh;OBAk>Lp`4X()qDp*U9
zNTM15G3sH1*4Er+j}#b}#t7QzOD@g&A(>VvI!_O7UUe>nqwqJIHgBGY^Wl-hjX;O&
z_fR<?3(_MPc}K|m+1OH{GHJSg$)Z91mG+c4L3O#4GuxvYjsnCALk7K8o16x=OQOks
zlC!++n1i3YJ6&pQ3w&UZikv1$Wc?ljW_#h&Cl?y!jZ5E1%t_Y+^>8tq(Q7u&1E)e|
zC#7KnMet1Z)kPEPao7UbsD3YBHv6b2r(Jrvt5ggb8z0#lW!L-E5)ZGBMMlOG;bEQ+
zD-pBl(<=qI{L10it;FEU;gfX06S}7z0HRHYg}+k|3nd!#Qd6}yZPZH!T@-cAlL`Y5
zfdxZYnANI$*|$&Kf(<Yi#LAmCZWK6tSgjNCb*awm-f1PU(ZwnFXaL~S|EQ8BjNBJ}
zBY7vcQYW1zD5PH;4Ax#vXn%8&As-4$m>I+U6*OuLG*i67@lurhN@<YkW5`&hu6{_4
zkL9Ers=zf4`x3l6Jz%l25>QuUw<<<KKUFz`G~y6loaq;aRR;{s2#4Nzv%d%|pU7}L
zb*hD6@-@W8AZXCTkjL%hWtcKlvz3Kb{J|PzgIO3=fJ~Yn_wkNua708ZNCqdqY>Prr
zuqgNf=)|(3Bbqd0ndKgS?y@7Gw+D9mfQT*Ks3t)8)G4?^A$7J~AZ}NK;txB4Er>dD
z#Q%`#T?o{aR8+KebRyv-HK1_m;m4L!4kfUf*g-BGQj+}^Ir$IwQ3H1nNZ=5bd4gdg
z!oK9FyHWlpD5|~D6AKHvnRZ*nt&fSr!pqK?bL_v;zgU5yU7pyZL8u2PFS(y@MsDY?
zhwn+pj@E11fByIP&pl|^0>^AwLbm+-g(vlRKx4n1oc;Uh=THm65To&(x~sFV$kqMW
zC}Fmy;peL#H$9S$UI^p!spQRxQ2mA6A}=tv1kqL}Yw0vxt*xk5M))qr>9M0f|6=HH
z__d?jb3skNR-&KJA^$nwJZdKm{}?++{{7sqUvAn(G(3p7ess6&f1TD%uOd>+13br{
z_YW=1iH;pZQ3-etA`<(-Xudc`m*2m{Xx^i_)2C9R?PoTJyii#BIZER-UuJaSb08Fu
z$9Z1l@A4eJ??su=1CvrfW4$05aV=|OO82++pUED)Y3S6$7F_6Yd7icae%CysS_A2y
zsW(&X>lF@?dXRgbFIg<|+R@INv;VmVg{2qcpS3xU$@*H{PW{R%_$!)vBrz{Kmi#p|
z1bKz|<xZiNnh7}h553bjf@=AKYQOyY&OJnrFJq47xO~E3dCyKC1-N5yBFg|j0NfK2
z9i0g&`D3=9CxHCt(QT>d8*sJ6fAda%zwqSnx8X-uF>6HTLYTvopz?t86EY}0%k5b|
z1~zTgg&0|Bx8?Vq^&#p&>i;0rG->_)$H*^P`VVq$V}8s&I_t+#C=K5NG3t4sFrl7l
zqDG#XCYHCjIYIH^Cr?p!K<Mo!-Q!0d-JWR&w1gNEX1EwxZq=^>J8ja>0Q2up)+4QL
zLmNczJa{feRF0ts6826Iz~0a4E*<Mk*EU45vDOWnp=jtmOk?m<nxuHp&M(GL+Qs+4
zf1ThH;SrNFQThsHGI0Laj=GErv2k!DXIuN#vMrK>0Ydija*}OM4rE)~C~~Z%KdaNw
zRTG17393h~q=Ic#+G*&Cm4I&O&V})0C@P?ta`OVL7)c6$A1VCu#N4afBD9rgw+WIi
z18&F*y;->sGHhS#O!2B!zeBI3Z`#2`fYK)ChAWk_b=V7>-atVb;^{s6p;_F?&vi>s
zPO@aCTo<!Pv9S3yP)@A*505~|07~V*e$C=P-<Kr@Gno!|8~)j`;yxO+MqgDN7l-t3
zq&lFLyCKT;#BR+5Z@yIJFcB(v)FHpVS`&BmEZESRt-4agxW8A*GwzSwuKjy*AfNoP
z9dB_eB5TDL%Y!~m!B~s)%9Y>5--SpwQp(nw4~b6dL(w5e$j<pu!1X}^(X~CXS0A07
zQj|G+Hhky5rytK6j<OT{2Z3xYQ=PN5${!j6<s#Dp<*8SZ?q(2*s0|Tb!wA(jaPD@Z
z)urPguo;gpFbCwU*BaIH_Wf;F%#uKcS~!A|OPIOMnE8QBN%MPSw9-J-@mE#xHlIfK
z?BAa{p{kmulQ$vNiU0Pk4V)#xZ%egZgCHq2(fZNQ&c2^54tP((el5sUz>-u3S&;@T
zuu$$k9TE*B?f{>LTzao`^bLe0?995vKRuAyl31StWn$8}b|=97!a5Gp7JIFwo#vkS
zatLQ3yxn*`<fJJ#qI)%9%Rg6;gYG>u-BYIfFf~=$VJ+OMn0U0`&DLJRdZ3Ts{I+Zm
zoI93-<@)pUQ80MhN}abuAcGg4TZPgSLeO3~>WrlZlw5(5Evb-g>LM5-sf$jX6t(Q9
zraR2^rGn6?Fw2@U;rlYx(SY46$YEBC8fQ1%m0cOWx8h+?0FV4p6kG+J0Nw^sG98N3
z1l@?q6+E5m2}Ymb$jCH_K@Xf?!u~X{ZO)XJgdls4e#tI=6qGE`0_tpWja~xsqWj$i
z+AN%B)PRI8OB)5<w;9B=6Jh=p<JcgEz{1#73G<$7z{Wb$`>bwN7yu@(4I9{p92LQH
zrD;}W6s`7hiWbfo+$PDv!88L+RjAjPb;`KzD&}$7zXpe1+1ne*<|&S-PP;0+J9;(M
z+O1TMK7OQg^3@KHVg>AsC5JcEW)Kz>L}3s>su&Pjj<N=5H<Auo4<K1w1DshQ5d(|B
z%8t#_2X>y&dw(AA8=b7)neLqAnElHZS)V=wT{;1a3#Q$SB2@um4^G)JmginxKf<A5
zL`s}OOi<Om`Jx%m=dbMQPZT&^2VqdS0eaLp)1a(}AkA=Iwe0s`Y#_9I7`oAm_MXr|
z7*=$}1AmvLnduzS61(X%wj(iN6%~$~U2QLVR;%orwdF=Z@#tniM}m&r8ZR0gt*_`v
z2$V%)^XfHx(slKlkKXS+q4y3b1N8g~0epfM0n=A5T{2q;7EFU$V|W^Fh3?A2BlnH)
ze&mEsU#etvK!fA*azdbd3-FF*NoA`uml9~?)(vFxlXYP~==<c{!U3F~{FHCmo;{*~
z<fEOBfjt(c0ePwDw@(D+tNTG?_Qu;39`{@3$0dP!MztW}-Q`y@dB*j7?TKr*0?<ed
zDsNqpi7<^~){wzRo_!n-aQ5;!AD~uS%yAV~eH>7>3336f%L#EP_S+C6QQy^>w7gNS
z`_GDm{CtugE;9-Fg3RX}Awmrg+D^5y+|^qSu+`n|>4p_I8}9-cq_`UAbFh4T8iHSn
z#|NwfbSi*owyL^14HYDQ7q-t6t&rH*W)SS8B_0il8^qy37m#P!+nCOYlv8NWQ#OGu
ziqKX4Eke94!Bz4|8}!jgT%Gkej|5ttH&_{ER{hd>&O`JApDJ>5PutHf7P3(-THd`Z
zwj;)CWzL9o$m%L8dIM}^?j;Af7CRT$Bzp&!^!*oLB76J^-Cdx<lOQT%H#OcK2Axt`
zfS<F;SgK@|-xr66J4YL2(6C6}K<Wb2A8tFA;0|Oul1+i-IRfwj6R%4M#*`Rl0C}n*
zR~#NLtOiVRzv*MgW}C-VkD#qqa~`&m!Ctff*NYYw8Ni*X@T}_CPq*B5D3LWp?>VsN
z9i+xM=13snksK7pj#8+QGioL<XO#fMTAGl}a*&+izI-<`J|Uq!&gcphBy;WOfG<)T
zlvCNa<N}`xN=1M44(?Nzph?Wv?EV!%B;xRJx#4==Kv2%`3e)C`CvMFp&KE;GD@DDE
zX$FX2^Se6BKksYd=CiPE!juildcEuWNPB@b4@zy&oz_^gKp164E44&{m8RN{h<RtN
z<&h3u9=7*13X4``fZvZ3cjX+T6f}!g@4P(VP^t37i7=Q*mdnNoov(-ME2v5!Xbs|n
zW1ozEIqSmG91Z&(v@&Xj(&qZBt`tq##akvu?n+94(yV$^FCM$$rrj`8SQ(CmxO>~~
zYIAz2GjL?r;rY&Rc}SGYr0#n1Jp?&Z@#IX2zcXSX1*oSTI{s~P^*S$$cOGxLJ28;p
z^Y{j$qv$UQLx>x|!Rjjv;+{NtvVEc+p{2n%eTHfSk_{JXDjlQusd2W#a75GD@w?0{
z=z%+kA=-xONQy;-=1J=KgFuasbNaf0B&LkIJVm>K6;p?$6~h;O&ROkQ40j4dD*H*`
zc%^ikwED+YF<@zzZ7vDRrWF?Q`=+T@5+tNcgi`vgIz0wll*LUNU-OlTIlP5YMnW?(
z0U2^xngCKC%A!Ff!qPFrDH<>8gzf-Qa~-8Ya<B!xG>8MFmIx^pls^qG*UA5uvMh)K
zcbPW6wFZJ_i51!sW!Q(u$<ncHyjgL)2f#H-r-67@Wj(GmzA?JQ>BJzQS73(0DDL1H
z*37fFw)xPL`&cuK1xV3idwJ(fSjy#OA5{n+l6L>R5r$8IB;Y8I8fZt(RFKelvcPY^
z1`8;j&DjIhJSF`i5JZ86$$j`&IE##?un<TWyDgHwC-+uq&`aOOsi1mt2#yJ8NYnK(
zmJZ`xs{JKPbIeEbO&=%ESoZ5+(j)JB*PLu;tdRm01Kjjmh$n~1`wgC6LNT*s#<I%2
zHPblZMwl)Dy!hca>`C{x&GezlRD(D<6hy9t2Cmcgh#&?-2H>Kn+%ihcqh^uYB!JQ=
zQ`W(<b!*cG)^kJbRB*K=vo%fvz(twp?-l;a35yA@g0~U|5OQ}aF&V}K;5bMeWq^jB
z*2+i1T|mzPkqAX6S-CSSk}<j-A#q{S=s*@IZjd}Rh@EuD?myeK6($DoqBvd!ALkRK
z&)Y>g;f#xiy}8<;3&x23!oYpp=%AaeXLAghzG|TGX?10VSj4N~H#AR3-VhsBS2e(6
z!Ud8%1T_GEv_`4ZW9(BRKm_nPwVFaj07@9J-v=_Dp!u*9xUUW8yptFZ>)Bd3w!A~R
z5TaiKg^5br%N8f1ugBXAsu)F0&3{g7rjt?nZ&W<72SxbSoQo8&7>E>vYS|0PJ46ip
z3}jtb-VUq<j4Af!*n9_|`hiy)b;&~slIO)DcVbJT|Dk9Q7|~llU4~l?QSMa?g75%F
z{gu)c<3hcbVpY>9eiz@wY;w^K+TY0$q_SWjH$$Ta9Nt*xw7hM(px~-#ifGBwIMLPx
zPze7;K>o_cLPQM*2zkIBFduh*Fiv_#++y2ry}BrsZmD?rvU8bLuZT(2Rs5k8!eam&
z(2PNb5(egpCa|&xCO2=~m||RC!dE1eWRT|hIqW<AY;Ps2qcp*tXNG(=;2{7H>NFRM
zU*}A0QZlUNN7^DBsDxH^Q`1e@RcIce(H(mTD{u6#i<D(Kb1t-^gnUe|Zx|04`o5=)
zecotMX5`xH<fR?o`wAj`2*9!+t=A`?5q8zEA=?47$T@9P6Ua493l)$1T6)nLqmkTb
zsVF1S{;6f~>>n*a8lp~ka(AS<fKcQPd6l0-9eqziKd8Z|7Com?EwE_i0jok8?^bXe
z=x#B2Ve@kXeI}^h*nLbZo${HwkWrUx1r(iiF5t|w2S`A*=gxRAS|J!p`|(2->dRu`
z2s=-~GFWF{0Sv{Glq{evh(?W@`vfQ{4v?Om^Yp0+<QDG%g{7h^+z1!<FI%y_gCC4@
zn!)>tG*A(tx|i-*@=1mQD0-E(F*aOvt>T6IXO1ulqvF6%861;U;ijj%B!L`5NTDr)
zbtLzrP|_2sm$flBj7>;Mzw+(h7xv?;3c_6Lqgs{aoD?rPe(l$IeU@fGU8JR{@%dm0
z7#IIbpvZgsl5s`N>k;-wu|Bt}S6?(cXbb1*;5U+?6H7ROiU5wkfalV*M;#!qLjpDy
z*y%98(>X+R2$f1)e!RI-wm!CEw%aH-?1ZjMqx%YJ9Lv!bR-}2?p4EA_o>e}hy@^*r
z#3^OAbWt~>%O3M?NN;@v3>A`8zxc9Q_AMK)o9GoN@hO6uBdPWA#0ZV;8b7CNHQWT0
zLqfD}lXSu4q@6Tn{t6GVY-wP$Vedc3&-royAvVg}zR_OJ5qJ*T7qdJwMHyZ>di*mi
zN4<N1(DURQ#`~w$_-(z%Ad-%@<(WBuKUHnuQz;VCKw;??K+7dSX9@8Vg5icYC*;{w
zDWMmL$;c|lN0bhnGZ@tKc3INMc`!_#T(s<MW7LXY7=b>bNc`$s&acC6ohBgf;gMIo
znsu=vi+=Dz3#2gV0X47ZincK`m;b1FEVksMYY^A#xwt|QFT03!JZ+ujI#UF7jNhc)
z%8uW)>$}8{B7)QI|19QkibGW($U}5_q)nwO%pOWYYA_`XF5po?1Fah@dz@H0_4gr)
zpnQq;wAW2ddSSAUhRz32(ln%U+^s5YOSolS+Dx@cTg!?emA<hd##s?fT?C1ZFr`D+
z8c~SC*CP8RxlLWAWKlma?Tobpi?ZBM#M2@zsS_3m=Vl6AyRH~z!nr|3NvZgFjeXFS
z#0Id=r+}2~dH$@jvxnXdKt&J`4}*Z@P>o_N<pnZ!=EtC%{eK=Gj{!m@-v3(CaarAF
zliVwvadix&PJ6hxgljd4k6_o|LlyJV&NR!dfVAvf7;V;ZaR0PW@-uAQ!3)hmsMlE)
z5Q^zgq2f+%`WV}kFpN<MFma+4dUvkrGDt27`cfGmng?J5c~eB#<v0_}*A68IufW&1
zmt6aVhtdW6rm-EF!fj}dFSN%}2c&Giq$qMiA@d_-Vln;YN>6D2%n%Fbe~uV1s_O8D
z2Y{5BVVy}kJd`dAlZlIcuj8uc+JSXzi#6FYc3Y~6Xa_2+Oy|wxjaPt%Q7yBDa0#KX
z@S}h{<lV2`g;E3PTj1>3uEPC1&SX^-2IMpxhHf*qG|0Bhf!5+f0fcM@+Bh-MBS$I;
z(qIx7r&imB&&fm%-p#Ek7gJ2Wv2yU@Incg9pS}~h<`MSPvmif6K&s-`WM7L}qZ=31
zfMwjiv)@q}166-h+6Uc&CO<%_D{1$&E`D@Qao1{sz}%WMbmMgmSV5GjP$<n-pF!Ql
z@3%Ot;NxWbuYs4vJCkvYU7l3SO+W4nV~!arC#K`dACy8pyu6-V=kq+*qtn2@iinNC
zD@}u<2$A9@`8{&Wu?NvV*b=BiRm`yee^pKJ?+lb%cro@ZA`=qqs~GwkNd-|S#|3cv
z85=mwU&dLUTb(*|Bz9%YYa6H3g8glEwI7epB8V?2<u0?@PsKvik9pT=;Hr<TN7?jO
zqUEvW=$M;sYe%EcKE8+njVa~R7Ii;TX&Gv_(MqI50!VyhP+7yRGO}y00mhC87+M=Z
z9FV-V!QikTL}yA&x2kNP*69Gn1SZ{OGRpb}6c1ayUjUwU?RY4GsRs-Hhkg^htmGF{
zR!(w;+}hj*ZYXDlA%l3>v?hStW&SyVa<gV9An9fAR?Cr#3q}vI9$=$eA>6S$eMA9t
zGN3igbRmz&5U8V8rOl@JD0!8rGet9$hHcwQQGWo<pX05Q2~=br$*rg=yql2kQ)s9S
z14w9C^R&hIP0%(2<I?0hTc&HeYTXq3bhG@@Td}q^Sf(T%kjD?yLvm>bIs*d*ALSNM
z8O1sdM!ma$-x&<C!<sV*(Hvk`Ck7dU{kC{nsU)Z+bYs$Hzc={SuLa6>bes1K5n@^a
z)d>M<DiW`^tcYPJiz~yQ$C=;^s52$j{Iw=LcEpy;P>r<w_|h#115STmAxJ<M2UN>y
z&`}}{6~t^j2$4Wx-?s-j-aEOI7;A(RsFrcngwrl<0yyJ??u9{nk1w|nsDNi7l10#V
zAQ}6_!1Uu06EpR5!@tx3zo*`inaQb$`$x&n_C=HqX`SLJVUX}@Ls9P{k<R$4XqQQO
zYcBRZ{I&8Q0TIt|n(wpbBt;y~c6XQBUcE?c)!x2WL@l$Y{23-wr$1rT5O*_Ot6aeu
zc-r<l&B5`3j!bl8U_d}epEHT_?c-Cav3_SlG_y2x!s$MUo)SaTtB&`NtBR@GXx;$@
zX&lt(dNV1t1gbz>DRshG-{%#v9w`vjvN}sR8wU9!3%B$&l|_$<Z|-Yrc-M*t@)fO<
z)M(PVwZ@)uKKt1Lg&e{+Fu=XT+e2nS9&StZ^-X(hfPQdh)frGb%pecOPXGK9^VPAw
zSKO;B*wwRc{i{+1BeS-K{jOvvPWsIDI1dn2Dss_DupYc2(0z7rr@`*xI>>e5Lg~uC
zP@kXUC<p*j0Bj-}{HX2{0B849cvS3smzb(SY=Qc=E&h@NDc_wpZV(MYCI;|V2u*Vl
z>dFGDtM|;Vh}#vwyO!2g&7^DlpZoZv1N2MK1L5Rl@T;h5X@w%h3Dk%P5m5d9b`|&(
zX+S&|X9sZ@er2K4r!`>llEE332SZ4YI2EAAI^Zr!$iHt&Dj<$qJbG->YuXDTa$di_
z3HrVdO*7M^GI?LjZ>}leAWa=iZ#N%_#Ete1ltLqg6u=k&Rf1aaN~Jy<00kc7$zF;6
ze-mVSzi0tuNa;BoB@~rQ{hV;ITMsR7`#sL!gCbT-PUH~6^!_~a`=>x84CHS|gI>n`
z_Y0r<oK<oN|JvB#Eqkv2o7?#PSH5RJB+NO{Km4eP>%Ttea(L~1Oa&hh1ulOUf+vT;
z2B-k8_~xg%r@N;YFZLHeFG{PlTdD;esp&&QcSL?I(dXH|15E=oz<rn{ry|Dx<{m_H
z{QP!g>SUKTZNOSNl<0Q^@8Q0xtUkHg`xpJ!)eyM1mb&=o^v^eETTbqU2wyXGR~7)c
z$c=tp%s>VOC~trZ+-uoeeEGzzS=HrVV@zOu-*Y(>8lfza$4##TSCxa_)$al&E${)U
zprkdZ`Sl|3R~BbVJh3}{o(=qZGpK7{JYt=9m%50xnn4?84Uhf$%-1sF3T1z;!0)&2
zv7EVxeSm^YmyC!f{_!}^W_%_Jl5PD@DnYfE0{`&}^6Q?v2=|uU`Y@RBpPT>lJ-}?K
z<o#=nL1@-z5zq$XUk`yEKw#dreo{$u|8thVU*Dtub3^>sWCKcu3HBAb-JjzxoEj)o
zRv!88m(SOpqN)x)k*k=V8i&}R-yfp47b2wxIe#PoOiagL>SiP=fA{Nz@qT(e7FFWN
zMG6&psa~>}z483-@7g1s(=G8;=C@#q=@1WO&7ohaYVV&SzLY~l$~sTdkq2VgmqRoT
zG#dtwYYe)+?-kVo*x0IM`V7b?oS)8^L-CNvlU5mg+Fd#N78z!3DMZ_D{>QKQi#}uj
z^G#=969VeX!;$#wT0I(t>>L{$UPvnKC}PmJh$u6$6sjdA=^#MIRSX#XTnvV5LBl5_
zD}Lt*-^1qbRbXkM`bsU<-<|(ng;;BVg%E8TN;V0>vx%05n-8@%a4%$l3i+rXmwATr
z@-KlQ)A_py(MSGu&9w^=rwX`hWN`N2<`iuCq~cQ<2UVO7^W5BU4uN|h5I_eI1qHPd
zEU#zpb(z~O1*tV5ZGor^h>!$&j6-obN3kK2kSF)&!f$mP2>K(uc$zYy3iWIfJ9C5g
zq+^1Xer45kcXtC){iZD(-K2<9#vhPs?^c11>HxtNeiT@6U!9f&)T`7T+6G$=W~;lK
z&`Rycn=W`TD9Ol$m%&qSSB(zeCXz1tI}Kl^OwkMB4AY6?6|w4n?xTQFisNslbf}Iz
zZWKstt~p4G%wJ2#A^K8Oi|g$5;&>qw5#3@9koFY5FT6L^TcQmvPuna~eXwA{g=g4=
z1m73PZ9`4>)QlDN0aKUj+L?9E$A)MA^DE>AhkiNn;H%^B)85oL{HV|qd$}8`qZX?D
zeDYZ<@mpu9ZC>;ZlYso+!h-zXY1kzIRRVBoS2Qb=_DdL(ZCU6ksb`Tenj4EUIVJQe
zOGWi}UHPpDWjg;<JgNcAb?v`+?m`C$+k)@qrQNT^fV?&U5#CiWXemErYt346Q$bfX
znzsf_LN0JPKmpa=KSLagN}tT{wQ7akD11^5MA>Pw6|<_a^Gq#TAPW+eg%cpdZ?~$g
z3d~2U4Iw5pmT^|Y<N`SX=)4L>k9{{@F0^#2CnV*BZvObt(`Q2ZNx5bnDF|C7WLRE`
zA4N=pK*8imI^#|SJV*ha7Q`e_Rz1(I-@bG7mK<zpTImw_k)C4v^c!!_#sS^r^xOwu
zfDh!BNz#A$vM1<m#)gNf2)qNC-etvs3;-_=toB2~?=aI92L&0gLt3IqNf7{>QVPg9
zIP3y{5UBbV4D4h%RGSWm;4=db4uL)qssYsH`|GhVexaUeb4O-{(4j-;CF0Fe9_Bm%
z@u)#B4XB`8TLQ4hM`1lUTjS=)Kqy}1JM8T2Vrqy64&Y6!&c%9AQDdzNWu002x_}jR
zWE<7wLL~v@&n&vGLWt!XIQY(k(Vzyf0#r*JwOxhH0E!O0=DVz@D8$G2W%6KOzI{6M
zMzovi8cf@>H%X_UO$~HG4NG}t8nnl}v)dtf?E%ydY9%JZ-g{XyP%XOGN*%WL?POWJ
z{<OIKg3J!LlCE3R2Md(Jda4HVZsn(70tVU5Lw&dLhYjb!Cqhs7DJp*Ln266I5VVF{
zX`pB^NmN<laje3FnJK;48f+eEta9P;fSCJZPhOBMb_7#h5MOki+$j4+Kj_4%EL#5B
zhzk&UPVq68{@&uePBQ4r&B!TlK=(;5n$<Q$H|&e20~(_SrpnSWQQdqEKv+Wf;HH>%
zOi2;WVL=n}aQrm^`m0N0NxL1V7hR%(6$Q4a6<iJEA~#6es#ToCubi|V_S{5;(WL=u
zqlRe7K|-<UIr)naB5l|rmws$@sUlX+FyA5->~6;2mfC<0;*@>hH!lrlz}<t+R{&K0
znr-3aRCu&})gWt~f?*>J22%!sP=0_^&E+!He8uLtIC#*YjJ`V8nGD44W%~^}N=FR1
zn;>PKMjzj(NMi)4C}GZ6uV^9+W%dBne@EPm2+At{z&(cW7y|VxIpxcr&4Fn}`!AA-
z;%zC9jiBD50y<{=1d2)|P=s{zGX`9jWI^#J48piUkBVx7s0og-VghmW70hX)F#>3;
znqfYYsgpS3Dudoh5Ce9|tZiIuL55qdVU^R+&ExItswW@#Nz9sZHlPP|Ma#%GaivS6
z$<ik7U^u_;B^y><m0G=h&Ex2=)#i!k2ojdqNvHk}u<jR_Opb;bKpLWMXP4W;%DoUN
z51PO05vOir_CP=jG^}!WcXIB%Q6&U*0S5sYmHH4#gR>jQyf(r*Aq3thfM+x`{5k9D
z>RKR~0c!WOS=&_!)2{OXoD|O#GyTM$bD{SDN)6~6C`ZkQYA5Z#<wi|S29!z^g`^vY
ztphZw-|T>4a|2Mh(op-e2PRqx+h{h$@%P|%MV>KF+Et}2fCzL!=?GG~s(kC@=dbo+
zbEqSUGo(%fwC47`ZV$<qp{fG=Uai|;DWN`SPs_<S{^{ejwFc(v-b8yVG!%(jA&u4E
z%NEE-%Ve$+O`v4h=;Sgo4z4l?S3qx#P!iA>%5JtSGXyGO0(}EMVq&J`v6TC@=gSr+
z(lPH46QXflaI;6nDh{?MQ*d@hN=$C2%rZ2d()yrDRXSKlfhdnf1m=i&Zh>U0*?3$(
z$u4VBjy$IT+ioYQz`$B~9c1ja+26G5D=>Ue)G!t5`(fT~*wW(HWCFwm)St@*crOnG
z%V1gs>%RImsFl+-AGh9Pu<-TLbI9xMr~Wecih$)Rb$ndcj&I~es0Srvz{%*^(}T7x
zGyN-BbrIOOf&LVz2>bI9dlHmIE4!g#G1Es0>gj7dOxitx)0Z3NIeK62?sVhPJ-!!7
zR$*2GiTkFNcseb52Ju1a|M5ZcR<Fu-8$!44oA>U;A1x>4TUF2;j0#QVJ>=nBP#dt^
zKiJPq{g=g11H@iu(zXq(dMtefk7Mshe_MfJg&VdKx(4_)4RcxhX<GP*Yf`;sqN%_Z
zl!Y1=-+#$QooX*BfX-CMJs9E}-XT`h%{!cQKxYZ^j&_2f+hdf+(=#|ZkpGz+A$O;>
z%W}db7Sg9)djTdNHU#yZcL7gobrDwoWsY)Kmf7kZE>ugdihMIza2D*{2(~nlcMMWG
z;@GjE?ig7E*IB&lEKME-)&odUTTT@89Y(n<)Y2z<5_145qIBmz+{C#y)mQWi%Cg5>
zYh|{;oZv%=KWO}>o!0=gYV&p%15B>jXx)KNcz})&@ireS(0;~ZO)sLsJxv=|Zs1JO
z)WjL|-=afo*v6Y*2FUbSV}$z9C;WD_VK{lfRdJk@5GdCH`W3ETDCI|Y`Cw?s&(F`^
z^%z=^C_`AWw=4g5#1eZ5kuvdX+y6>;o+QT{j0K_?l{L7}-luQ?yH=k44UW*Ci1}|H
zq2!qCA4?x|5a5mKul71BVLBH$gu&Zps-3D<Wgb&|UkygKe<$os;9}vemGE18&8q;&
zC<a;3WMv_s6a*)>?ip*5U^%ezyU_AFfpw5Ar(hXQ;Qyn|>|}O{QHJ>|E&E;exXb<f
z@7Q7yAc};xAh^;RlNtD$7X-sOX~z4ykoH7njuDFZhAjv|gn+uzjt&iAW|W4~4R6+*
zx9`|-`f~*Ij(Xj1wG;^qkBPU9_39nn1bwK4i54>t)gEs}56qa)ns22jPhTA1aA(jQ
zGjGl3@jV>+Xo4K`o?W}*vq!4gm$Q#e51?xc_G>0=<~jUpRxmNYt-WuvNxr|rlJ(~^
zS(e$^<>^D<`a@ybsO75~W8PeVco8Yb4#!7kPa(rL-^BhJkUk*Whs~S}#TA_OzOC?V
znd`j9ySeuQ3wx2!mH4eiq5XM_kM2+3t<9T~=9tuR$UIPA+%Z%4K|aH%Q@TSa+bU}H
z#bKx>7Fox~ZhSRzg-+i`YPV>8DBaabnjasQ86=TtZWXrgI!oo}NF)Wb32vq*r!GIt
zT_mt@!A8T;iQ_ont_+2o({~2Y$*t>!o!#d?<@{yb*HCCfB!Rg6an~IF*mXsKgqZuU
zfFj#T1R6vrKsS$a^LN{~L3>81p8Eclr7)2qjADd&m6W)aJ2yniZkH{eSH!v1b8|}U
zN}la2Qh$iGrIk@%b&h_oI#gy%r_-696b!m=3DwftG;>528qsOv?lI^UkC9FY<ufq?
z!imoMFJ5frAfVqKD~-}7jh$eY9VBRKDSQaKzttHi`CpIt7APFY>AyM2^AHo$*&n~l
z;Wc|iT{{Yu37yMV09-ilqQl8F{itmV>j42f`Py2POCZ!xnX9auh2qr2Q}SD&SdSm4
z1Sj-tQn0YtF~D__iCfy?%gx!i@s6^Rfw|so+qQkT8>zm|+-Cw|(48Y;M=qyc`kd(n
zSIEoDMDw(6uBqw|cdM$JSFPZps)P#h%=(7Tt7kYRAF5@X3H?D0dB=EF|LN1Gp|DWW
zVpL|PWgJ9_wW+!Il6=d4D8|nURp~00X#U_a`B}5be>(xcfoT8|b+=yFpuZ>cczgj~
zk9mjF1bq;9Jb2NbSM?24z|H+or(Jahr?}Jq3oY#Vhkcl`<36wdQ$erg4HOYQ^{brQ
z#`AwISMty`7I-cs2$HWPXuXo3=+m1&wp6?Ohn%zLF)1l0OwhBpHG%VIWukDdo4<}y
zb~LJhE3MhRt!N@yG;@79&4G7wx#amBEIK;3<6M`t#VooW<=Q+J3?ePxo6vA8F%`4;
zVZ-$CIf)?VzIK*83wYXk;{l=9P`u^&OzQ;kCIK|Wqb&sA<l(c>TB5+}&1#YE=O=nI
z72bO!*E(($PiptkMMZY+R)0p~cm5m;m6JB-i#zkiI6}YBS(diVGDyo!&<bo|+Br4I
z$^`Wvueh?ZmRT-N&DZo=Q>qO;rahGsJ)t!sXl~|*ukZ{v43yO;_9vqCuPU_+^djYU
zzSCQSZ}+asW_~dLHkVv6XjT4y`1%T{D%Y*+je<d$NQ0CCQc9<Qf`oJ_4bt5W0uqvn
z(j_3>N_U7TNT+l+(p~?0^_+Xpx#JuE9_OIAH=B1q?-OgyHP@W4|0BI76V*M#`*f2J
zBnN*#4oWKP8ZfZ%liaW1t=RMu=79rWPR%LqL+;r9%jV`B-0b+L<dYSR0haXlvLyzW
z!5#yAo5mp;%?Gn+P#^;<_;W&4RRyc7$KV9%p=w5z>kiHv(2n%E_IRW`C8zdhN1|4>
z?oV&@*AG5_66-zTa`Y*aeEO8W(DY?-S87{z&F&ITnb{Ld!ME+!$Nt@?c#mn{E~;@q
zc<|X}>HYTQh10$?De|NI4QJ5hkL7eF;?;1*sjxe~hyrJE0Vh1f6R5zV?hHH&x>J*z
zqVGCDg$7tE7$}Ra`70z`4*5S0lMC~(W@m3qx~fHfOcQE|z!<Suc0M{9=V>Vw`n<bK
zRLhR@*MNXBnj9>)u1_Qzf6MWyy8sK%cc%O1WY9b@6Eic+EqrVqHy-KXrijmaiH@5$
zoHY1?0s`na2HH1IZ@@jB-=2-xb6p~j1k2l(Y_)dF12QNO@x`4i2QxX0UoaD&VOK+X
z^d#1Ny%5s?!i2gNNH@iJ<%_%;J{N-oYs$Cnm6et4gQ9d}d6IVLWB<id|4{o2dzA_r
zoBqMU4E=0yO_x9v0S&c$=u8e54|a!_Q1ehVA1w#%+R0-M$BpYYi_>?(LC9|?%+?)N
zR9&^lj`~v>TC8j$r_&SHk9Wd!2j`9toGI>aIK5TikBg0K#7x9^9atI6d*Vhi8~0nZ
z3Hj3O{fM#?cRRP!VBn8LC<y0$fa2|06l8~i(}J|?x-%ITgmwxlI9*`Y1y%ko6-G8T
zVG_RK%W53VY;0fetdQ@W98MN84D0FWP@TJ_l&!3;In!plbaGp=#IRd2HdjN6TcScN
zr5<X}o2Dfoa3Vf3dQe=foo?3XKjQ$c&xxRgqI3xi3Q+lj{rHP#e5~5Pf4|~;m9cqK
zwPte5{c$Ibz$L^U?pp~DNV#3PLPH*^9(`LnE9<h#RrRxlVU(B1IBw!@jvnTeNJDN^
zwM|J`-?&hTru9&zV6#1ryCsKTY_oiPdY)R+e6X~0{NVIZ*EDMEe0g)M_zgx{D_%A4
z4$t|Wy8r0o!6=aZb~@kk3HW>Z9F(k2-S+EF<|BNarIeuXt;c|+^u`U4()Q7Yj<!h`
zHCqXg=&Tv3SfBoW4fPO=H*ZNsO3$w^6SJUDvAp)UVl$?oZd<4=-_GN@c>QY#aX|Vv
zySzyHzqtTUEaRW&^kHcg+Zp0KBxZ<vFh`6+wtpY&69VuXn{@j5^QUrw3nvifa8ZZ}
zdiDl(-RNMiLTo&L`+0cx_4SiucOAfvQhu3(iu=9DnujJayKm}BEvI}+c|c#-{iN(#
zjoAPS1z0tv-jCS3JF9coZqH-fgS6ih3Sb}FD^|yW?bc`{WSFZVdQby4K5`=15+|SR
z=smp>wwtz>u7E+DY{rhUjt;#fIgbO%sE7!%@kZRio%v2V?A671k=412KNeX`I;3OO
z4_lstM#~u#h$1nW4$9xT?r*ge(pAY&T2|38Qbmf=JU+19vu!xXoDRuCfnIC-fbzqe
zJp+1e(KsLG*Yve)hCU76CXD%ob-B?M=Pp*c4t|L&%ik)JVV49hYi4#DfaUC#&*I;A
zsX5EAJC%T6>x|;z0VN+F8M*5o#l4*Dn<WLES?2~)S3dhkBF;RiPX|%`0MvOy9$N=q
zg^2!J6gF5AA$2l`N<glrdcMDVA|);a)Govdb$a^MSjmZu0k?Ip5&F4vluS&Q;Rhi7
z>oL}#!^gMT*t$+`zc7f`;2Tn#`ji+h(!+ktkr+aRe5R6)EVe=DTf#or)2Y%ymbceA
z*Fe*u6J(M&?aX^X!J2YP{ajafS4VRr2K&_H7p*e!Op*3@0v-pZVzUtdhAwO^4Iu#s
z;%WqSX%q_D9*w(SqOEE{8(FEvN#($AJ6>P_XV9jF&mM#op3-^B(>8)r0<&)O3)n*)
zE)h~Hy7k7zWM$DoJw?1wLqz1Z^7CgDy!1HLS&DV`y|k!WaGLE%)M=tDLBxvToeRJr
z1~n)aOUgAp)|M=Ee&E~86B*h9okQ69s!72Lck=S8T7_*x#=F}sDaay2p+4)if6Y%E
zmCle?u67{|XVgF(fY+;k4dxKTJg`7cn^g?`x!L*tF)Zh!V<zoLcDUhcFKngazI|JA
zN|aJOq}ItYH^zD_cqZ4|J25N(3mS+NbDP|c_6qh$vdxWKumt~7Y?S{V2{Yu+jOc6;
zHKL^NbV^P2R@x%scRK_2sTkm+4x1rzAD!Z9V-wtV2z{{EZ;*3ya_ej_CNR&%aKdw5
zaPEqw2tv~svwPi{SPn8jkY<b|*sFQ%adu1uysdZ6p`$u*)6~J!kFq@ltZU}?2aRFS
zdE{xs)b~vMO4vaI+z&{GOQsKWW+iNXbzzJ#sJ?_gfvU|<Z(G(I-!pcknQM48#q7^S
zy!rk@xyFt3rM^(N{YoE>c=)}>CNDm?fG*;5mC)VW+iyL-@RM-NwS)ldO!7=&kmm<;
zVoGyC<+Lwv>?KqRwO689VSJr>$xWxN0!bg-0O#Mvaz-)hW3lejlq$xQE`1Gcwk>Zx
z!+2P%Cw!yJBgEoX;o2uhj!ws5CHe{jtLE{;S~3v1tncaB(r9AoTw1LJ!-ah9eN2fs
zHicD3nG~a5%97rNp^^lGBa-_s{OV+!Kv)u5ghMzr+-ZE6r>3T~40XNRZ@UG9#(qFu
zd*u+m-BH($h@m<@>H{DLd&VW?dTo&m@rc(m{3x*Ly*bBzG!7K#6q<&Go2Ce;X<CQW
zkcZz>r&j!R@6I<uLPt_Kx-SztsvQzZd*<Jf5iPVc4VeB&JzS0#qEa$RmrZ)>)-8jT
z!EpS)bz##(FJrl4dfv?EMozPN{<$%<D{l90Wp4Q&Y_qOf33WT3;-RDUf&@sh60ZXa
z#IQRJzK|C^$0>Rq1geW*>$XlgZ3#!_m&Qf`aPwk_NQTNFhR@G<*b$*Y531$oTcg>$
zb>k<x0z$!G_Ik?I8{y&k^a72{@MfTg4&Kx~IdbQ>O-;3S@{G;CK}E4J>>36d(C8n5
zKxBYzB_iZrZi|J;l7muafNgdtNRm7P<#iNTx(YEw;B$Be+`RBaR0jNj(0g*#u-MqF
zz>(s;(U*uW)tasycSpIbUPMz8ET&0FNwv((PKFO%z|#}-KHtO~qC;5E@OiV(fCXfN
zpNNTh1_c2J&p>+OSSGX|BQ87p9yp|Yuv>W!A`i^88{&&6ZWRShV^S{5%flp+ZEb%3
zf#@ja<%{{vx5GjJPF2OJ3WPCF?_IRwErvO_I5e14WUQhbHtrgO3^MX)_I;G2h?RZt
zTdw%DN~#`o(W?vyj;KKvb$qpi7<Czs@U9Q9tpe|%qhmq+e-)?|I27SUpq_d<e_IQz
z+|^nBM^W89N;nx@yuGjAISA4JkB;#_{vvM)0^sNZ9q0IIPIK-4@x*`s8s`6q(nFp-
zko51P;-7yin5Aa#{GT$*+HXE#{rPzR{z}U(a2dse<MwIszn|m3?<g~q(&F@K^8b3O
z6YJq+^xuB<|9(UGj+Q$}_$<i&%GqJSTPY~Q`Oe`yiw(v(o{^Ena3jHK1hkAZ6|lhB
z3s$@kkh(iSBa_8wI5JK+O!CE|4oUSoYVIl-1<wrg_1%P<4^(ha>85&T4wb+L@+qs0
zku+&lbnh$c5u@MAynmmM@Mp6KZExSf`wM@qn)LhYyPFMAg8`RG)uff-;bCT=X>ILp
zXy2CYq`rFGBz&S=d3TSDO|`jpVb7OlFxR?)h@f}$Ov6a4W02q4YFdW$@{CXF<_Xvr
zWdcrMn&-5J0;TNaPCtGK58ywrVgdt!smFikCdkDkVN(58Ag4Aedft)p5DCd?y8!gf
zAGF5<Iy)Nb{<EiBE;+Y(2Aylm9IaucBHm)Cm)Y48;0{2sabSy%fq@u^dWdZU6%Bmc
zp-E~I>NT2avUSaO_R6?<uJMV;T}l0M4%L%;>+#r)qBSEb!oePPA*z5(raZGVsM6gh
zK{14!rJ=DwQ|#oFHz}`0g|I?zcp0IKdR_n;z47MrD>M6#i%VMwe^1)K$1o`(h~Nmq
zKhNng_pMv-ueADn)^p%dM~W(}duqO#xJJZ;YCQJz7f!B&NMe1+T*YF_&|=H$65p%#
zO2=i@``Or@2|7oi>*CVqP^K2vp=mV2g`Zy*Mv|AXp2=tCILjX|itm-2;Ha#bqvWd2
zNXhhXVQ_SdbbI)<nVR6AS%)uoi;9{W9mNFh7l8!K8)Z9XmQ#7k#Wr_QwV=Q|mUn~(
znw`rg2mQCTrZD*5J+NM%VDsk4KKxWN6WQ0hSQcF}DNmHTqI3pT&e2mFEU=TVG4#Ga
z=%gE2&;NZSo!&2)O#6WGM<ag&ian$*Tu#^FUQNK@o8!|9BNX0GtB9;;JTDe|{I5gz
zrM?G8q6dN3k0jcDJYEedxt#jLCtw(x_<Wylg{f^a3p2;U72##E8@sL+kA!^q7x+&D
zOe`aax%Z+%L(eEFDXF9X_xHo+Wh$?+7X66_D_vfuI`TdtkZwSuwkfq$CGf@p`b*&L
zXam-Q$ku|SFuWj&R8n`c!4&h=-OrtkiRaFUa1+o282qca*V3i%EPUFBk@tzo&E)bM
zUekW#Nhn+X_ph@6@pR&&7e$D)G_5(@VoDh2Rua;JW_#8jt*t?B*pQ)SZ>Zsb-3lbk
zwfYP~+%Ht&zFKmfP^eDpt?injvWRX8^ZV%HTw7i@LuQs_6aN>2niqCFGMp;aCWQ65
zYC0nS$>Cuukn!%)<$bme4$XeeBgk^Fp2J1eCOr;lq29{SF*6H>fj)-<6!t9eUG}AR
ztAvvUAVNV(nzMA*F|$D(b1(O~H=H@69~<*w4b-6PqEKwO*&4SJrAS+dZVhnc^P$Eg
zK4357wohX)eM<lK1U$Ge37vDtUZoJS0HZNGv5V?L>Uz*H^00OkrS9^tTW}p+;AO_m
z3xAaAXN-zgA!ytpd=SW0=`8TP*yQ!X13gW^ot0NAFwHC1g`>!%k~=jwQ=fiQm`n0-
zJzM#+!ail;P**$x?$lEVg*aSi??HHX4)sJrUb8hi0S)Eli|r8=MQGkbxkvJ}cV}V9
zDj9cG{j&YgqVi5LN%t<@gf$D^+2?(1pwOwUW4WB5Lo@glCi<^mE9%k4j^nj%633HR
zRgM=gmUJWvogbZVbir|qIxg4ZMQMV0Rwdd$H{<krQR=Ia_qUJ(Vdnc-`z4rC2D9^i
zSEz);hb%<`310J_ocIL?`_v?mA2>UP{VYIq+@a>_AL3P^A-uiVh;@$7W$!Yi{C6zM
z;9dZ@nBf%#rhO<>n3y*-$bnNzdDk%U<2YyCPq2&DzyE3RHb(2YQkJ%<HNyl&@vGqm
z{sP)BDbT;oQk?A>|MUgHqF%5hjz8b7p;}Hp%_HaKr**qb!^itsGs41;wP$w6A`D`f
z0hDH`YX?S+%L9FwAi@ky&{9ePiOTZu5&!XXwT{h#`!zoAy^q~bg9Zkap)7R)e5|jG
zefb;vKt>_G{-P&J?jiBbH)5QN2>cjU1wKD$sLCqe@WX<tDqrok*gP=b&b^Q0c5t}T
z=j^ie?aCI!gdL{PKp4o%pXXENjRAzt7Z!27S*`_Ol!d)b<}by6m@RL52)G*T+DYJu
zBX(_owyjKwjhMmE*CAor@LBeD)4^?>74JZo&E(bDn+ImNed^z8BXMsich|VRJ&c|<
zd@WP)u3$peN5(V3ikK5<iizw}DY6uZcUA{*Lk9*1=IPCc)7Ql}qpuSYVTOrepp*+H
zoxu_CI87rtz===sYyX>1h5GGes9NAr*Rosudm2+;ea*J_y#qP6!+c{bEg|pokx;yL
z79>@6r<`#JUINPlmx2Q1%maj`zJ9%wr>m=54^8goqkudIV7sYvxRZf$@q9;tj>i)E
z@=vd=!ooQtjn8_mYY@QG_PWZ%TIWen%8^gm90|es)97b+<8kho^AtUaznk>5lQH9q
zalNnCNJu*KJGNo-uf=z#L$(e0iH5RYn>a-)v%hfJ?d_`^!4$~hxF{a=GNU^+QSNqo
z#E$JkUyg(2U}NJ9|0$PR58UZ$pZ7nju8@ahDGA9W`(T4oBO415&e*qq-E2X)*#ehu
z_C7`So3J9N2cuA+=lG05g9otI`F)ljb~}bDfh(|TCbyt+i$c}aMOZBL(T}1SUpKH9
zQnXdm8wt?fbr~r*`QC`>>c1<sbvAHYis6Va9ObIg(`Sqo2F{2u8|&)O6f)(teBaF1
zdt;$q!jf5Q3H@(;2HUsclN8xVaJD(ee-ZSkdfQPi`>r(=Jb)=F0hXQ^sPTyj87<Q_
zgH?|zG&DqV-N(V1*!2|jc+gQ>ZcFsoF77vByT^Q}l4CtNmoTTo55N$DunK}3LurhY
z681MxWiK>e^$5WC`p|hnn%Ct53hw2#e#e<Gr4Hbjqh3-{pk2hofR??BaMD0lG~Sc(
z&M)Y-xBgrk7{n@6+hT%2CJ5?ZfFrK+gMbi=y`7KvQr~_bPzuO^*G>^8216y{g_Z%5
zbd;Q&gn$);{L$lrwkn+_Nf6ZE-?`?tLIghz4aR69pq^h=mIztUjNPR;aR+piL($u8
zzil!ilF_O=Fda10V>r23(`ClF^4Kyx#u&#M%3g`=Rh|j3gg#u#d-t$qGtkM%NWtyS
za;6zi6&q7<>Q>PD!IJrWjx!{7)HE~{+W^nzsNe_1um}TjK?~5w5)FaN7AHrX1}tYl
z5f=?SjgZ$-a}daM%79zcV<fDsbPPB%6doGt`5;Y->h9f(C;&UqZ|m#B;;jSIa+$Yp
zOJl-)1|pSB4?lhSa+p^h^{kpU9m2XR6BB+FgubN%96jkWXP?HfdVjXI24gBBlLjDP
zTR>KYL~T$GE_FZU3nt+V{BalsI3^>A{>7M+rfjfzdI>?IaIv2)cWrAq+unVw${8P@
z@f-y$EvD_#^M)c@<3iexvW9{H1o-$+!lgw;?P}?phbYpk%s4aP@9rzd_FvZ7?geDg
za>nWch(zH4u&}muZ!Crv1`O3vY^qZ2aSf*X-w&CT4~N9%hNI^h&%o~opc7g9Po7BE
zetCq6B`*HWbb7w4hz<&zKeALX?+V~wnXNd7LQHbx?X<Pc0LP1A&&y|<56&?TV1|yx
zslo0K(qq-fz~MEmJp5HL0F9A$%flX)Q%!SNrL6~6x4=`Xv8kYdnSgik+WLB@&guBO
zw^ZB37cUHWy?n`wLLn;h)!Ua)weh^pYn$y^ogYQzTuNSC1m%F=o0>!DAv$n^x>WR6
zt6k5vBQ9YYF3cEE4*FJ-Ej3oXwjPy+{|F1G%CkV{D+(pZpaF;Hv+9+Tfdg(pjzAvs
zlF49Yit?P>zSx~ig>GD(c(6qb8*>i<AL*H)5-+c_iYIGS;G@?(Lxw5kh>bFk8_Vw4
zhI5H-n;H4avX{YKoJ)^K!*dkv&<Zy6fuKP|0T^&4yKP<j>J7%P;q);$zZ!ab@%T>)
zF(KBRtb{s8z;0FEsuB8mje3w7+%)BeroljRegX4%2#Pm!Tk;LNg}s`Fie1mEs;RAa
zOYsAuCLNm)AAT!7ASDb>GQmv|j|1j`Mr*t`pkH2xu}qefe8*c4z+`N(_0(*g5-~{`
z$e%D6{>VJ*wi#5K4W}{`W^zZlc5s%VZs6&1cnU~8;!8cqYP<%&VpfIEsK>yC**0^u
z64r2ilRm=<r`-?Dn5xQ3CignQb=Hj1_NF9tp}<b1Un|4w`(Iw~7q5VaU$x4o>i~V<
zi#X(FkR--5o1OpmKj#SxY_}2^0uB_O39vArR9hPi{_?8&5ajrkl6|KGA4_@B-^NLC
zai-oyb!}~udGuck*`e?U=;9Z~<gJyVONZbg40vx_Jf~OgNcn<kH%wn;6%{H_UBEV+
z&GCB<ia6_*($bevrgw4--vP5l<gAuR5f{FOJ1a457$zuhy}VD8@@S43x?ok|fXY!-
z?I;iu0WXBfz4eD*nwoUXAENHB>T9<S7PXIPJdUeic$2D_wf_Cv+Y7kW=%}@=tykcX
z1rEyy!UwN!$a3e8<+BFFBV5<*(%oN3kn$=0`MlHVmrOC&z@*|{QkDMjX3d#PbYOpd
z7A!)6!1mNUieYO3_7K=s0WZ8zZF5n-J^nF7sfyXk!JsxrG`t#0GbWHI{Q<B&=*jlX
z{vm-lF8qf7SB8fYg_?pV4<PKgB9s8d%tvX#acgUdn6QR9Tn`FM)gOq60G|2f%U4QX
z`lqWWpTAj?L$|IXqss_@tQ;&xuYUZHKrq_J8Lw6|6#)G{r<i+GH_k~-J$zNDB{w%0
zj0IXt+H%$01yf|}Aaso5auiII_Cs6EkgKWfNNhkROFe{C6|0p2fD&28K=CcnxWvq0
zth%bSW_p^Md23-}!UIf99)hVYRDQ2Oi3U850oR_Y+C3LOzpqT7v(;NCbiTlG^A?Q3
z{IQ-nQn>QPC4D8B_z+y!kn#$wqlgyXxQ(r%?!IEavD$x~)?ILb3?`1U5(U*!aMED~
z347(~wcj{hGX&5L1QP@q@_gZAB2KN`cJfDOY4CD58p_kq)vl+R@(h0N1~9A)LKZX>
zup8C1Ow+-dPF*FC27D<&L**>0a(DFM?@C(7_wH)|D+3DJ02Rn){G%hgPHj}J=l&){
zbL0@-P(gV2u_QQGa5koD^d-0)LTPz#>vKD%i8z>x0K;3EM*1>3OtBk>stmFGA&jY#
zjo;oT_$6H7PhhzSO&RrdXU|(qez8O{q}JAzvV&|6NNLcVcl;9D&8wpVLeAk_jldz}
zL3cf@#6k_^yOE~0M?Ra~mDVdJLTRd3t=&{rby^ULdTg47>_cI7@P0^)#pJN2xz3rW
z19tF?HL>1gyw3ic=mNF<8m&Iy3j&bsIJ5)_uMF;M5QDd$aLCE^1gU6hpG*9EYg7QH
ziyR&e6pAwLfnJ{b85FoBhCB|a=^j!tF$q+DW&_>hsFzT~@`au95~$s-m!-aoi^EAM
zvo1>Tov{K(q;{u<7U(WKYh4rN1%1C09d%x%YZH!D#q%)rl0@I74y-NZfyIt66cwt+
zYUFA0_>ShOT#mO%)_I(_<~_iU9V+o(KBb5wwFR6Sv+HNuAoUT*V^=?qG8x+ORbP{%
zW%a0V=KiriOUyBwq0DKtWq`f57y_`e$>G!`=Dlabb2<Wny-Ih*Xn1&e3pRYo8~c}J
zl0|gZn#jT9=UkSnE3?y9+N80`v#w*eyYG6zN6zKie@pBD!iWigK_2D@SzkWHLPi+d
zwHi(_4!0w8xCa+k6NQ*z+eVI~Ga(6g^2II_-hlH^B~BFy*)FIQ3CAW}wYefvCF0NT
z7y--ktrm2dUKbKvt=tUe7=zeB{kRH+0udnL!R}^HUDM&ci`q<blyBePq3*3Z%pzbl
zDjd~+g!q$2ZJI<vEB+~M#HMssuX5qM3TlvI1a6g3)eOL2ctZIQ`b`HZdz9O|D`2~x
zdDxrTPMbu=W24Ntl~KWX9_K*WCHDP$1B)6+z@UbJGU&@DtgI|-&-#|Gk9TSfZc7`5
z(Rp4%$u5URT^|i!d(OGJRU}H^L7|{mt_$n_nL+=`%~{5m61UExvX4{7#Y*AduL`9>
z&3E7J{JZZjBJa;&Rc$Uq{nx_6;xc*r$)a&pW-&Mlfx-<rYFtk>cJu@)4&GyKr)qFb
z&J0WOA{aPL>O^0cvjA?#6G}iygSdMj5wDnw3t%UF6aUOZ=lR7iqd#FKdYY1_o|LtQ
zj)HD}FL3^<wuSf<$Wn(Jnc;$wt3*{$V1wZfdA0xuL10F9rfK*iMa5KD+Pb?MgEv3I
zasIrlbe`TBBrGh!*>pFo#c@&4GUY9MWkiIxH^!)|l8V}cli5})&JbV{GD~yY%rimk
zdy|`6WmN><1f235KqNY<B%?TrEz*8fW}=skSS7rgQcGrN5uzS(-L<;&<kw3jDBt>Z
z!;u3i(B9ktGYN>j#U|MGTiiLwDH&tt_)!`lZj2hld}~xx%ny=!wC89*`+)|Wp*K`(
zmVhL976sv`hh!WNPOcoBYS^S)*eECs{TSzh`)6S|Qr@8hAtawhqa1*wbF-~z240Dd
zbWZ-eVsPw%A@mo)-2|`z&CgOQa6cU@b=uAx-DWzcvmFLbxlo6RFn1fhxe%8olpn#W
z_9To-{9h1@uFmtHS*~YlM|vtI3!iN-rVKU#Y7Z~*C>>C~bNyoe+ZH4YD=jT0Ad%e|
zt#ZC_>5{KJtpM!aIEs&}U`r2u_YPuuj~n#y#}xM;Jh%qmfW6k*+B{h4`6KpC+R~SS
zKobZRMj>;4&}kKxm#5a&(FV;a-|{}&&P-i84o>a>caxr_kP7=NcH6X&o!)#a){z}W
zHCSlq1sz;BD)^sEk@!MdL_sr8Da)YxC^FAYL5etJ$0CX&9I-pQPYXWda0UPzIvJ*<
zp7Dka{`T6GIUJVCO{h<zG{-)mNyhWYjF%6Um|pXe(tUjEUET0-WzP`1!9f1FE>2+!
zloFd~oJRaZ@YCkn6MR7)1h2e$W5<;Ff|BC0Muw+zNKa|h+p{f1818H<KOgzbS8%3q
z3Af++Bp5OF<J*-X*=Gan2GZl7AmGyhlxLvWHAeaE<`^cX0oy&z8b#Yhziz2`o+}NB
zpzZi&&r$~sl^_*+0X9_RjzhOE>)y|DrUGVW)J-2otR$=$;ABC?cs7f6Fx_&BG6Zy9
zjQ4mF6!#EohPs*X@Eel_r}V6>c>KqER3Hi_t?AIItZ{}#QG?ZFUbB=uJ3D?viZi5T
zCce0!Kme@eLC3rU^mD6U|0@ab?lxe7<CV$v3Q>%`Lp{z?|5QMRoOt1JXR^rn)RdRa
zS)nXwY(`i?kguh%^RsMWehnr(i@H$ef&tmse(|x+(kf!*$HT*uZ@78G(#>IyHIQr@
zawiBM2-wX?v~`NyFW6dJcVoG!R}uL$>bE^|iI?^Y4pI%St(|h(1U-kf-sNZK+I1%C
z&DZr-M`;#2NGt09<^mAIeST7A!93<-9AbyKMZWE1H66qTbjq*NjTBh>*>Bh$sn;+R
zH!AO}jL=CYa5-L0lZ?M-F#@LpQr7G3E&9<W!;rVDI)tx?qd;YVLiJ+1u+d`KcXx>u
zy5&Asn>95ul*7?#Hc=IA^Qkbct7}g*n^ktENS1FRSX6Yd*cG!X9tdx)@2amKKQh+R
zisahHvLvv8blvtb6hbw170v@qoYAI6A(H^Ngop@)V*#e|$Z<Dmm~0Gy#f%LoSR}tY
z8AN^RlkF}3X$mYk_i`}R@^<Lj>jNN5*{=`mv&{+M3D3xw*nH1(eCD}8%hQiOS=GOO
zPK9`5-SG2}ijweAWMF_Dw-#*eE#}7slGWXHwiO^f7q_Wukp*7c<!jfxh&wy~T}Fa5
zk51DN$N|znv)r8Qc3#1-L*))gat$LD8IgQCx9(x?O<Ae)pH>n<?HjG*q~Nnsp8A`X
zB?`zgp@Y^N_$t$)2|8`;W11ZwLV`wj!uYeHW{17JvLaKIc|tzBdk$R_JdP%(*qwKU
z0rq+G_N_;<NXYC^zmbMUw)zSd3US*5eC74<@a+Njag^+PF_4lcTrx6!2z?UbJ;G{5
zQV|z*8k@ALjWxRyc^e?hd?634%Q|3jP|a&!9wp|;7aY8N{W^7VBLPG<!K6ctO>Exs
zS9=w>wsv>vy2s}>o4?;J71Onny^s3vRw!AY{2om^pST|QBpuaD82XBVYxIrCq1|0K
zmU|zG?xMVeJc(7(&h-}XZt(?=x%f#9s$Bo1juW_`DKoh?2k_f`&j;beC6bzqtFW@4
zVD80fuP_?JDG50Wllh5@&B~wx_F+m|3LfFny&&j{ftm-u<^G1Q$yhax^Vu^WWHXq6
zY;Yu1j0?8g^nGs2E6Z=<!+nNI-eIY&0&q52m}pe*=v&Ts2}(lX>H|3=1ZA(l=^}t)
z5Jr!Hch4}pI#U9y_khMsp;~Q4XkN34`#-2<mji{5Q=UQ=o7>)mNZ`Q>Y6z~Ny?kPI
zHRR&8+x0`v1|A9-liE6s9cgeJgfpm}YvB<>htje3<g0Z*fB*VjI>it6t0n$;x9DGc
zoyUbhaZYn>ybcwQaTnT7z9fo~l8~%*(`r;r5bL)cfw`Y*2RFXj{AcqqH)ZI#-SZu4
z{~Fl%?Meg0JRV_Vc@H7%@h6?-UF4OGHRH7;L5)jx(0oK!do+;An!g|Pd$T5MPt%Zu
zvywmEk1@f3g$N=@ew6eiquBLn5SY`ZX=ogC^#uw%e(A3Pa9x9d8DUsF(EITSb|9=3
zLSutj&o5(@7eNugWitV))7|=#0SOv58@O}`Ezhgr2UH;<GU>rvx}EP*V`Gvfv(FC(
zW2gb5qtG9{5TqIqeEuZW{ORdIY1BHpZxZ=+<1urtzAw=y+gLRr7&mWHis#XX^}<b9
z1D6%l%Lyvs@s*P82J4cmSDUx?fCB#*lxCPA=yutf@I}2;t2nu5x7OX+c@dazr49>M
zt*ouFvbh}Tmw~Su@wu7GMfE+<D40!n5xN>k`<!x`X%>3SZ71z0Xz_5_0G7h%N<<Xo
zV?OyWWN^af8P;9toe4A@WTUAab%mt#`rJO$G~#*H8zHO4IiWBMTcx#hTKF`BM0!wJ
zZ1BXuLNmycK8B{C&Y=+qEw$&bIk4GGEcRAUlIyrCoo3@7pce`e&f<KW=8d>3mpYH*
z_za>kiG6Ka6jUY8fQBEf;*hK-10~H9?jIGogSSzo5+rmC5G>zM1puR=wUv~%_w3%v
zsM@b4fT`H!GtUFEAVNijabYtam^!>zYW>EwD9eNSw^U9o5)wsd>9A*FxUqG6e*|@!
z=E4NGk-e<CeI&;}=uYh4j5i*oP5aGhQ-jPHj(<!Zb*(w|Jat~MMqHV@t)Y>QMbOL(
z2^)kD3=xOl%FI}8EYm%HG!dCp%G<EEdr=W-OZX<$sIsJbVc-TEC{H^PGwR;lEI6k|
zVpLmZRwQ;D8xrJbmj|s?r^7%RQ)gH)7#YO-O)aDbEyCrM!IFNri?oo1B)AiusKM4J
zs=701%uDyUM&!|}fNn>j!I#Cf=2|to*XN4nbr-YhIXE~z*cvPG$Y)q+p1S?-srpVV
z<ubYe@zK52#Pi}=pv9nEGoh5NQiBFD9jefy)p65>$+F%76m}PL+}D%XN;v?I0Xtu!
zVSS)bS*G_w>08)*^E|nWrp3v=_1u@4#thXI?ub$IDsQD9t#6?#YPb92_s_1>w{PQT
znX-|sFmupi=bi3kDX++}kLlJcV+UhSJpjBY&}_V$V$}W6RJ@E_#r}tfFp=H~aFF+w
z^3*1s3(fWxJ#AJ;)v%d=9VxA4##hGg{hU2=T$y`Sm_{K^dUy`B&-B~lyks4TJ#S8{
zG!a0Y`Wiwb3T|#<)CXXy0c-=f6pfpkQ<2Ce%VRDGb0$7%^yNObSfjE0`4>rUB4Hhq
za~HbyG(o5i^%8`BT=*<KN2NO<AgY7PUdP;sy#>f9Sye>v8K&V_oj9;nDMQ1P2DyF{
zTRm*X7TI!msj?R(Qm%6JW%x6b-m|bXNv5Q8U7QcjFc#9)i%8R63Lh)>OOQi|vQ9;e
zXU^;pY&$%A7PYoGb_pUfe4%>Jn>TrQNYbQ?vwF)b%J7}tVLJ`ptEflvd$8Jg8xupv
zPy;N+w^Tl7QNWX9I_PeveOxn#^E3BYmmZ{qYHsVkc%cc=mv-1>C?C1T*J@g^8n<KA
zhgv4Ozd=>xPZ>wVN*WJcAO_`%=Ht@8FkJS4%XXvTZG&%t=ERwgX(<#Cl6I#_HGnw^
zAm{7zom2&s3f+27u|_nyQ(G?+5&4&vawL~1;CFnZ1D|0M_0AOACCc4(FkoF*#U<l-
z2|M-mayKh0+1G;xQ*Yflb}I#>VcqB~uFiNvj!4PHMMTVg;*XT>S}fVkj_}x%ewU_C
z)YXN5&b{SP;6AJzO8d5*rI6*bJ4)<Fufj&fv3J#Mq}<yFrwA=4I4&Ni@d&UmC`$sn
zs?>$%dT*v-78kS`l0t0t2%tG2>!E=`E)d!f&^CD|?A^O-#pXjGRasmI&a)tBqMc#|
zrdB^<*riqjgn;@Dq_VHzHI*ovG0ywKkK<8=U?Sw0UVk`vIAnS0*5pj%yomKFep`YF
z07KC8qy>-$)I`G^x4S*D?b(}l)4HK>{&hpn5bE`r-%O!O;30`)#M5u76x&7C{n*TB
z;@520$vz+r!N^)cj<n~>1nTZNw@FAyzO>gPuFRU6A3B3?Ul@G3R$8F*#hG*UnC{*8
zH8(VkANL>8hH2N;n*&yG2gq{D#U^*5v|?mY10Iz4UL$y|$^XOqQ_CBxuv_wxyDb&I
zxWD&lTR~>jZI1M4y-5);Iqjz4l}IjIqW>vA)r-<x{f;HKE|)hUdl%uOf#B`Sm>6P|
zscj}SK%$`lbZoSx|ACd~^TI6mIN9;JQ+el*q2b%p0kIU>*y3DcwQ0UC@c{<g+-Q3?
zpv)Le-IhQ{-BT&Q4z4n~Zk0egfN$hi2fnWDR#%}41#Y#s#RU{SO{jKlTo5{c$-lcb
zrlj@<W6gE)B|%w7{xlqtz3R~&$YEKHc(AUDJuTFjW_IP0|6JEDjgd_i#^+qQ6LC5*
zVn2rQ0jG0eu&YRgeR*`n7eK%1q1BiwXPxh%DcX_ZiP8@fr4id<Vs_ITHOtyYM$zU&
zNo^y5ek}Ey*Y<$S<4zuy>)^K;fa=fN+wWRcg}AEcVWA?cHC~T@6oE^JuaU(X8TQMc
zv_t2_wParxzG<Is|3!T5TElK!NIMT;!%{BUSmbUj2A6NRmr%D??VC7PX<DKkhKX&S
z;_B$>onvHVWOj(%Jpn^X_O+(smHo_>m?uv$R{~O>#!%kW%u}a1tvp=m&BEUy=kSA0
zjhP|Ejlxw4Oh?HZMZvkQsR|NUu99;!@4n}ojW`vYNy{Ch&&eL2dT?n}sB+sakM{d!
zL4JSKr)9b-XF=I&jpro$-|ws#gRQj7+5g3p465EtNX0?-jm>Hw9*W6j@4}Br&TAoL
zyq*;*DyZ5c3@j##@k0zVew_oB<)IRU>Rxx+mvjCD&Re&gpJ}L<pXb^FCORth+7GTm
ztIgWlT5W1;yH6Ic{jYm`gc&*NcC*Wz%13lZQDI@;xKddr49caKSF4ovEIvE7>(<qK
z&yUrt(dx=(Y<XA5KYFw^HvYh#0VH(MAU=XpNaMJ34)bt@{UzuzYz&$=a9OMKU5jGR
zlid}EeDUfvJm5ytf-vw4CW(mu^8Jd6=sy=DILZADF6cw|1jcR>Aghnfk`=SwMn?KU
zHzEfYSNMGSjk#eAfrn!LS4+%j5Yk<K!P|!V`XrkK*ORKCo9`X)|Dyc>J>&w(3PKOj
zwW9AL&s<+DcL18odWJ8C+j{0{J?~t1cQ-`d(kWti9GskZ1lL)^ft&}(N9|FVl60P%
zD=-BQ%XTw54c^4Y213gJ0f>uG(xczpbU>!H7!>;IzJ5K2gB>Wm#?#*9KTntFH)lBd
z|6yv0L&@9u%+C1NAcBA5C07)#tMzqXuf-z2nypg80H*{J(^uFRh4E!6<uTxz6I>-x
z)m)RyQ4DAZW;5I{d9qhY;SE<rfK3n1F%g+n(13Myh!|e=V(l{|)RPD7N#^p4{0xwk
z<3#`?%I|fV2gHgJu}oxHE=t6_M~<tbyvTRR4n8}pxFD2J-hR=C*68H$vlO)DwN%mr
zBlt1+Q~~t^78=m7ulwe+@05vCUxnVEn-Tq4*ZYluI`wMIF|d36Qs-$2`kpg8lhfXV
z<3yrkcX5RG6Gz<VKmn+nrlH|Qaq$)_?)b1UJkW6nESJiV$K>YbhT>(_WmkqUF&XG(
z?t%UpiTDskISoAB!L0=-CC|jL|MLJ;xMTUT8b7fBk_9AJ#Z--d^XBDNAq!~Y8WUT(
zmE?|~P%xc=ZOKx)0=$&p*kjx#cBc_lL_qgH13@uYNi{BeG!z()O&n||?RHmJ6${Qo
zk?n14tm?QE(CsTLUi-~^uOBy)BfK}zUcm+)dU`{(udlDpUVh>QTwI^zWU6Y7{j=P$
z&0m1g1(cHs;2~@&<D2(rjd{Hzo9MM&=fFF?%wY9k`Dh@XR8n4G_TY!k?SI~P8SiW8
z6O9+#$at*?%qvfb6py#A0Zq^cDk7+dc6MwaN)XH}<@@6NOFOBvp(rM;$wv^nqH5nz
zcv&t^i&`4+L(u}t_mOP2w5Shr#(9Y#mpNGsow6PPQvwI6$oLA0i>RvIu@m|&srW6`
zITqdK>y}RGCG2nrZu?O3z>2Sq<`sA00YKW)spmG8<+f4!o^o<0a=bx>)E|eqZ?o+d
zWfHzmQ4#A&i5V}j7cHo`h*mGTT!L8OVEAyPbX^JB2YDay=WOlQ*e+?AnzrJm-Iu8;
zz6&w49|JBc9Ie9KV;uMR!*+%b)huaoR$QjOh$WmCVR>{sn7V9{gsHuZ`RSiI$|IVT
z-)#psuWY2^&}EoIwGVjF0jlOFo*4T+HvBegHxY+nzVPoa0B1{7FKUDBViL%3i4YTe
zn;Dzu<>Y_-om6)e8p<JPO+&-k7&h}O{jg|YkK??GvOxAYWn}`B)#@r|q?}jf2-Uq>
z=n;n;8=CGygnUE%S`_nk8UbxsFMx{aG#i`K+{S`_f)>;+DjSdqGWFNShXO{^1)wDo
zFlnMbc1^lUJx=bdHQzNm+8Me53-m0CZ*RN-U)#Yx^QM&ectGG<fkU9ieYcCvK&ANB
z%JjYaD%Ie#hqQNReQnSN2x2|R+dooCMCBa2%xSIH<E~1+FnN4@5N%(UxKMeD>G{$~
zPtR#63%D3JFLW5NOolwq@p+yDWsqOu4{Uh<xn!ya)cwZidb1LhH#do5IV^|Ap#$A%
ze5y`p%g3l4#L86Q$P9pX!ll-T?=O&Eh_AuKA+YTd4%<N?bGAL<JebP20k~i9={*L=
z+$Fcu6?O+FC+%Y&{od~ks--WlH29*S+B7Z*0u>vJrv&<g_kJ9ogEp%D!5w6*w&ta_
zXA?LqN%;8qps`_dWvRQJui*{FXu4b)?y3nTr4t1yrxkjZtJ3Sbr%~Cr0MEGyC3OyV
zb6h~odooj8HCmgS1+}#)Df2W$IvQ^tSuc~P%R?h=aBwiRp-_%GOyStk;%$fy?14tk
z0BQWigyalui_dnfcMpowy_JZ+ccfMm5<QdmcC@{Qs;v?+8vgOEE^OL_q-Osz+Lfqp
zF4<@waDopi)$xJzHd{n_H6iuiSXZZe#LWwX{!n**e#eX^$A1Ufj}S;0n5U@1h5{88
zm4JpaeEmZJ26-ITP{qZ?jbs}NV6n~2eC6)lyB0P!uK<kcY^R6phTZ(@MBQ1u?3^5A
z&w~PCO6~UQSWO5-=0Mo_He&_-K<5ESsr(G{D`k9j&KLM%6x7tEkA~nqbjE8v=2vGL
zB|j#G$*jrg%dPR6l)m?X4OqNTZO(_4DYFX0ry^#P=nCQ9e^|9i_zGf=xY|yvaMtzB
zsdfvZN&nN_fh&;}Ra^I&jECPCBj!eUSaF>8np|?{g{!Y$DFs9Igf<Sy8yujF`TwO&
zkN+%t07C0OB$FrUrpD9$PwMnx)6k&at$g<s%;$shLV%EUW<7h#0d`i#Lh|1jKQ*eg
zjU!C4DnD7uuJxvTDr}dle@$eC%iTt|_8c~e!?=zvR^Ak<`VBM_p1!l#N9TY2&EYqP
zHYp-*?BhGXixQ8rPJ-4K-xsHw)iL_~y%fTHMF>MIU1oGuH$#NF$?Vn+3RF@|(sC!$
z<ab~Gqew(6dGvD#Rr{N>hWxAyXO@`^PM)M8*7(oUPI*P5AYtNvGIo>vQ-~+y5)t+)
z@<`f9JLD%EL0<Wr*ZTg*Ia2)3Q~&;&$zt<N>JLr--%r45K)c|H0{Z9j#s7T<zE2X9
zgkoZ|*62U$*neL?Ex*9!LZK>S7NVVVe}C|Q{3%0o>+KUwOq6WK`znEd?X`ctkr%z_
z`5|X7Bj%qJ^1rVksac#htX`h-?SE;~@*b2_c{(8p2^=`6wzk%Z>1Axx{3`3qxPQF&
z7WwVBPf!oJdn$gR{e3B6<nA>i15>NF`Rwe>7|!t}Q&KhRLYGoUUJd@)4?yC$r{5L}
z7wGW1*zs`1Uenn4P_+p<OlnTbkxp)iO?)9GWc(@)%SCIbnE&R5Ge9Qte4sChxL&XA
zkYPe&p50%ktPCO4As}b=KmbB`xZS#yc_h_6rz*K+uB3DfR2*JQ)iQE!h&iE22K^!N
z&hp$0(mHjne|vWbdIV2ipx*oW`A<PEJpjs?uZs;klV+^X^Rp7+DBjb+Mdg1g)Lz@9
z*&dl}M4%67BO(TBr}k_hp<hstz)rGBAR%`+>0d)4{}niqcIo!en2;ggOh)l%bd#=D
zK%bMRr>As@nVJiWK?hdn?E4P^7dF+-emL?<aLjUPi)F2-txXGNm|hsJ<V3o8%v#o9
zwcvgE-gyx+&yJXgHy<7XbdLG}6bhzeCEc%Fii*n|v|UhbS?kxR0B|{9vraHFDoShL
z9}mGUz-y0+huaybqe^zr?uk4Uh$?aqG&PMAA{Jx+T&EA;U-L}e1dh!w$A`O`P?Cd=
zEyg}JBwc?YPYo@c!of!$drtW+)+ZllKihl|&0=^^kIql$&#?7OK1@m|HZDeIYIf|)
zTAKCdEX`oNpWg{L9}&x)G3SlH4qjAk2>%H>)Tr&Qhxt9v`3jBykh>w>mpM6TC_uId
zxa~;#viAwWAECZ@g?r%HUo-aZa`~c{n$jEv<qUeYBh^|8CnLhXG+?=m?x7U*XI;!=
z+_*{-h_JEDXMYG785tFv$Y}xvTN&iqIb8PE#7|Q?va;N6_}Vc(5$kxoo|gUoW0$@F
z(jbYNlwL=E)6B%$gb*BENHdoG;Z~>04j?9|mmM9_K)A^N{O9+i*DnYrpqTQvha-L+
zNjzJD;xT;EcY8CplknFJ>8?BfKD&vceS|j!cR@PW^~&Y^^C*kyZ(1%#>*Ip`HBQ^K
zK%zitjys<{y|yb2mFQRdxgIUA3QDipi2h~)Xl3<5y#~rw`TIFlogu487Z9u(rNpJj
z!s;T^+e_ZKGkn&4%cr01=d@(Pj>((&AACrENBr?a=?Bd_ukS=3hKA`X-YPa6k}G?o
zqN`{WURJ^wJsU3`z}rjpE81|+TD+C!k&GC&z;*fj9!o4eH}^p67cU+%v3%KGDlg@+
zZgc$w|G#{&s9#+&>gpVO<58=AvpuR-!Fu}Jm6e~@(vB}4hQ+_l1^fw=d!7KLM+qEP
zu(p*Up!OfCQaL;w$b*+4x{?^Z7eW1FdwO+swTlf<QJ~<`$|SvtW;2aW&I6OnJ8W!<
zp*=v#Cn2{Gl@ybewfck@zIc0=Ns7B2Y#BC!VGA6Yq)-(Xu=SKb?K{XMC5T+I{Gs;_
z-s2V+j%m0bE7XAa>!3%GZND0+>R<x5z2y43b67s30OG2W(j12T7-p^tNMO>4j3J&5
z;D8WJ#)(KVW!Pz&7MYC*laY~`HLZaS#`Dj&o{OFjwE@4&UR-SXk@C7sHEwBjb#=}`
z{ORX3h9Ddi`jM=C`<vydtBXrd)!|e$`>HWm*dvy_N2uS5DkrQzg%TRLAJKi;-O;u-
zWs6yvlwbWV2r_=q2ZkJuhkJLZc-3H<mz%6vgK_WIjgj49YoQ>8<uBhE@|1YDV+)pt
zwu-athP|<pwlpLBTF$ZJ3qMvX&MUVi?XF~0z5Eyi+N9^9V7|ToBkExKUC4;pC6Mmr
zUad|WA0HRwRCjTy^r_;Lhi)jdl3jA9hgHrZ&E4JW8btiS^#;ro6nf29xPV*yJ>?jR
zjI4G)3`Aw+d(L3==PZ3Xo|5A0^Pg$y%^g{Z=F#;paGPr*sM?zh5EFmeYKhyvyO0d^
zm5Nsk_MjUE>h@1U!8#-5U}q)k)hpM~j{qP=j6-FPndrVlJ_z1eZ>=oNrOnT?eqFL3
zbyKmPYqR9O0fl}d{s}pqXxlWJ0DNPZS)ZQgaPA<a;%(IsGKM8gryM9BcIRSg4MIL%
z##?eo?(lGP)-?wtt`|W>U-9)-nmw)GQi7`15sC-*Bti1!>v>gP81VFi-$F&T+pP@^
zLI8_&&OOkl1y;^?QPE8GWS^npsHiCa=+$&SN2#XZOzA|y0`i1&XAd&#URDQZ46~nx
zQXMS}ZLxXd&Rh3-CbStP>`%ltA6t<H`gM$!>>5B$t;A!>13nC3I|(F-G&b`=YEckE
zmd@(SQ7D%;q@i9$w6K7(iq|<K;CfoK4?<k~B29<;b3u#i!;P1;hFy0@Fw+&pp*KVt
zQO%N-V+HQ!Hb|o{f#2<0>LRo5uLd>XD+92ZD}(Dv>4tB>vH8JInmqt(Qjku7(7`cF
z-vT!PUxfX@k~dxa5ooQ_<rOXU87Y}$r%KpW+B-~m<BzB}H6^%Y!;Q&QuPPS{x5>#Z
zbLgbRAv=m*KZp+|MGO~_<pplt&7Bbswg^c`vcUs%|6t#6s4r)*)G}EcQM2_WpNA`X
zFlatnD4JKblWAG=t76qH>c=gblXc(ld(T3XPwC1O=e7VDQ;Nt-NEl)+1?};m8Hj2#
zWRiuC9{ye#xf$X@376OjWK8nHGDd&@)16!JMtrV()~VDBzG3|7`t9mwL&uet$uc;Z
z;1pptv^-3h>{_!b2aER8r~4pg^)h<cE(S!9;#W5<B^#bsyEyjdX^ff1KuQ8OB4R)<
z1(&qm;o^N5$U<k$TCG=qa{>Ap5br5OhTZHUt|BN3i2=ELoO#34DW;3<G*riRCiQ8q
zQIS;Ik^J0`cKOxN!2G%T^gF$zV#spixWS;T`HC-LsZ)rtilrmH@GhsI4;+^7dX0LA
zroI~f!q<STU9GdAEuJ^)ih0$HgYe=0!sm8A;N{?Zeax#qh#n<6Nrk~mB3I1rm~CRq
zc(ysavAe5eVUZ70rAX_T3)T%Z;$;9WfgrCxPbE!1-m%Z23VJW5T%}{M(7Isl81{H$
zCV6-WfbV#)i;D}jC?fR^OL`mbk5TjVci@CO2OGtN7HaQX;W$q{<z0W3ym$ab7aGxp
zg#{wk=5=yOa8-<6TX+PjWrT-77<>e@d%J}!0F;RCzepEn>IF}eAgw&aV;1o$%GWYa
zhhBovkH8BiJZuel{s9Df;Rgxt%cp%(K&$F99<ij@`w3NS)m42s33^jaRdQ4+6l;DB
z2>cO}w0JslCs9g2QR?$1`5*g&+HLTLx(tSuPeNf>BaJI)@KYU2l<$FHXIM)y+)Caf
zX(e0dW#+2&uS`$lkD>s6P1R~p@8`9*?_l4YojG)=KK;eLz4)^s(x^8sQRp1FfRR1_
z<X{<W3jCXXAe<&2a*bqxp18sTJ&Ar;SZT0R%_rtw0srEfBugvBL+q6?k;LOef~BtF
zBdgwDPme~cK<TWEiB@dgd3QF8J`6-Jz3+nP-_+Nju<6K5myQogs)%k?wxjj-64*2r
znhq&aU3Q>JN}8nuy^>HCvtf=1#KD9??Kzc5P<W&ETk5A#PL|JiD!4dOWlq<d$idw=
za2wHRoW8&+)&=!YTcAGZ9L}}|OB=&907R5hG@Ad^{i`E30aNV-L9yV>MaD}+FDlhb
z%yNc|4f}uDQEkD*dlSlH*!76YfXlK=p8+<$jjb(tXzgEZQasA<qS?AD3KF>^75rwE
zlA@dj_sBWk+!4)OTwMhXUutu5^4@QX7$;(RtgNlfG%h)VMVpmr9z|zqM4=OI;yfmD
zR9UnRKMCV&)%y&lnN)j@DG6Wy*cm@=p$g%l6%~6jFvmt<SoFLI_L5{%*osw)&BuzL
z!g&K4b4I}KjbH5+Y2TjLLT3;TBFcd6N9mXgdh2?o%H~+~+e}1dp~tb;y%xm_EezCm
znVDs-sFBGF3k!Q3sBQN&X1s{&uHmM0{p!ZGpQ+Xk%rVu}DEj4UG}IkzAdlS_^sjQ-
zZQDM@MJ$SS98bv)^Y$Eoi5^ak=tn;e2sayg4>v)I|Cn5~D|bLy$F-t(C2*H*eI1{l
z2`YR#i(5bi{B|gqZs}ZXu?T(lG-}wvdaM0IO(OIvMO{BX>#J2)R#paH>gN!8$JsP3
zQ?kT<eDt}XYDZV_o#fA^5lh$g1H)~joM)fEDkr$z8&S>$JydED*1o&%ZZ9qW{9Lx<
zn$qudRPUS%h6K}&zwl@k-&5<7w2%K8U+J5chQ=(5O*<H)tHPMBdZ#64r7A{#J$ZS5
z=8tn`e^v1AXx8qSyHsc)@KLXmkSu@Vb=DmBXuC8$FxJp56vB6q4#N60j?T`+OBHsm
zPj<)pMMDd38hM<n+Gtj&3Vw`*j~Et&ew=6+lP&o*5@agHv;L8b-=c=va5iwkX}hRy
zfAN873!|`t6lisdVv=@<7)l*mDbTrzHQVF0dtS&@i2yO(4;=u26SfpF%A47w0r6&I
zdsFVYQD!JEHJI>S-QnbukS$Rk#mkNpcmz7&Anu)R^3w{lY+LcKI0qsw#VRKX$lhWh
zmtqh#8YvIrvYG#I3cUtyCyvR$^-O_sCUN&biK(?^^Trrstcb8vdGu%>b-Oj^`_M@{
z*KHF8*0{C={yY#8XgUl!hqJ-U00BlfsAjUR#yCP)Vmox}P{Ir*Tm~3ZfI6U2{i}7v
zX))emLlhjNp1QdysP0sB8QUtZ-P7P(9oKL44_;|{aN&>sGv@4J997WT+!}7@{_xya
zELSeX1QicR`tZ1O3sz;4UTcha=&VSq{Y8u?T}h9F?~b26>t!X8Mk^}CyIm+8NHT-y
zV}nrzxC{@`h(b}WG_(JWYxK{TFHyV)13C;tUY?#k-1lWew^mBVW-BztQcD(I?<tRL
zH_jO`eaLG$=s0oRdgQXKP?4I&O5-e$`sO@p-0G85yV|<o%-7*PRfjx_qrG)HKJ|?{
zFZ_dz@1NDmHf926Ac_{Vk}&R@5bSLO{+(!Ov6-!l!AJPewBYbQSZGEiicD0|E+|$}
zi-N`}Maihq7Fc&Bx+H9lMMatQJ690q^_V2KHiyy9Wu2-O6f7Rq9wR|zP=`KvU?E;_
zfF{l!oS1*_(p_{|tqLVU`)Mebwivv#f<!H0Q7f@|ThF2QgIcsWJG*kMNtdhG*}-As
z?C(9}&YKC+B)myy=W06l(QmL<O`87^3%~vV3C(7o#=H-Y&V;@LTF}o81*uwQ<nRdH
zTBEvDF~WZ6D+ES7HXu_)%HtsY{rh>_t#m5v(CBa{g?4@#n#M@IorSd1WKdk2Gq48p
z!6#Pe#F7boIpCEzUEx00^XsSXB~NvFrR4i_u!}%2eW7{*w)Oh<_I_nPt7$(-H&RuH
zxcD!~KKL+;N1o?YWYqjbs(+%v(f7*d^RnQa9XJCngleb9v&5#ur7~$!34PJ?3DlzY
zwxueeHY(kzp&wyZrlgXwrK+v=EbuuxI81Ydw8fG43|LO(&Oeth(^F_6i|4i4dQyE5
zb>9~B@89VbD6?4g+$n<A9o-f#&pbkK9EZtzxXWH$eK4OK!n&5?aR3HDtgZ)OU8JAz
zR90_x%*k-P<#hhJs|(4*@Ra*3>6WeJ`mYtWx8y**22))RoYl)YGW^9gCNu5CoLh$A
zTMN4J;g1@nkf%}pZ@GV!b}QRS+S7{CDV=EE8*?^KQ{4>#InY&gUcBe0iX)w{Yr8Gp
z#c_5`pPZb`{k~6L%0!b%4XPNj6G23?drrC?H<O<(PBc6|iRU4hxS)SSZ_iqw$EErw
z3}~iaD@unG5Y2u&WP|4WC<75C9p5N@3A%Ww+t2de6xx{-yT)Ik)9K3by!k(~pIPhd
zM`#oq08$b9(aw~#yA(Wy`qE!jJ8tU1t|}Z##S|U4Nd%k$`b(EWTHI!oz%y*dm4d0v
zb*Q+d7;L%&W#YD?^b;V0-6e!+#r5XB%}>6}{`5o-FwC=EV!s2)Y3Nq3k_Mr|ILuEv
zc?)#T2MiCqE3Ex@{UhW<ew#7htYJ{v-xSW<TKM4<y|4It#eZ<P3%t-@HK%T(U9bbE
zWn;-%F(~Ih4DEr0C{vYl&L;V{nq_cj!zJ5Z<nRz3<>NDgv-x<AzdhZ}V4jupRA*rU
z1N>y7?urDQnX_5ON>0M8T4lJRwx4<)bsbYfLj&|X)k1$q)^J>y4RL0Pipe(k1m*5I
zl#I-#*T=!4fY#YQ(-<g;>I}u%k4}8b0U)`2O0wy^x}HQrV&Ild?<JhDRT>2Wn!83P
zE|7J+qo%@MygvBB12i?Y62OEpYH1$?Sdwb{2g((Uo7R()3iYK%$&*9}O4^lkpHb=4
z^ujj$v^r#IYAP8nj#@4I&52ZQk#H+f=*QBLicKD~A8m1=AB|3W_dNdOS_R7!?PeO$
z*CUFBuO>=?!>{C@81LoeyvKPiajPSdQ>d_QgDb58<RR2e@@v1~^NDD<?x#@SrKA)*
zjp5gTibVhPT{#wqZ<oE<F>8{nztgi&ir$ut|53o;e8(2H8UK+Y?smqx!qvwkUTTz}
z1|Hv{c#NH^(w}}g8Ylz11{0olQXOF=X`zTvwLfbi3YKIEE|ZokV>M$lQ704U$qCTD
zBnoM;r=n_lJkFjkq+{z_QR?z;4vYI$AqClI=tsmwxo<9^LjGhJk2q^C-c>kss^LzR
zlgKPbTO2-ZocU0(La5E|h<$~LIfSLuh7huZl90ay)?1)BD7fSbE87e#3H=U%1XHOI
z;~0?sk_L5ZOrF%U=W$uW6JR+(b7RHU@n$<Q>+*IYj3mBbNhr&1Kp7l?Z>aBr)ejI`
z00F@oA)~tgsigW~kuG9a6(aS6vE4CoD|xXZ<$JK|iP_C4MM2dryj9QowEEYVi&MvX
zQ@5V}byJS0+SbyjgANLK6Wg)Cdqd*ZJD&X;f9CR@Vdtk5kcUO=1nAXLGfxy~kW*lV
zA!@Y8ur=C1$MIW7B7<CjSl7w%MGUU<bJr8VLC2=zc>4RhW(&EI&rZc14e(SZq;dtN
zx78@ijbQAn4tF?Oqc<PNuQ1Gwlr+s$(4$cQkFK|liz@%W$Juq&wbwut1Pl-b1r-5l
z6>CtWL3$;nm6XQB0MP-Y!2oGSq#H#+C8b6hB}Tfte&+(Z@7>S$#~<QjhPij{y{~va
z&-0w~T>d3Pib-_1I59xf;VD)St9hs3w%*p459m1=>3P}D=DnG2^`zC6q4lUb=PiBe
z61spE9A`YY6D&8*gM5m}>_cFADY|^+%5Ip>7FZ48%d$ES+}NmD9Ix12!%Z>IZM0sU
z_UzeC#24H81?y7F1W&7@z;e{6ZQtoLV^5KewY;Sm4zy4SvsOHZZM19b)n!hzGqA<&
z?@p#_`cxY!=H@uDeF`_HIfNoUi-g$B=)+KZ9mYXsUzP;&BbbgKEfp0K5-L3WC@kEt
z$L|ZHFnpAM|J@t;cUzmTjsr}+<_DAc;n+=Xl{lR{KNfhiyQbtC3p#u7^(ljZBz}Qd
zcwJpguDe~qv&sHmQS;YSR-TDX)l}H`#a8Ga9)noR0y_bc+(^KcIL%~9veo>u4Uw4V
zX5;r8J0r^#AnItel2`FHUA1c3y|Z~Z#>j^g8}JQgVVkzEbF;S1>5UX1S!Z7BRJ^}m
zpfKty<T959hOn(hqwiY@Enlm{X?E;E({jB?VgJ(ioSC=HGrqObc*@-$fW_ms$hl6)
z2c{-Fkv>*(v~ql`9R6$sw_W>fMJG<2fVLz7A-1fJ1^}gv#|dR_vdQFXG-G~ess$j1
z|KtNC{K_&ikBe-)K7~05+Z;urQdwXsZd#X8U7=S*&*Gf$&Q4uD=o-rgtG?JTFALKi
zMNNLUzK&heK6_kzz;)|E&F?AZXhQAAYWMz<xc2*V)_pV22J5y@^$@<R&a_68@!{`-
zLXEbe=t$!}R$6W_i>AN)b`SbK*~}{2$6<WfHddb?k2IUlcaI6tN~TrGBjpksnC4e4
z#2<O$KG{Pw50)u!-QtGJFc^O`%y5->GI^sz47D>Rwy8n0(zZo#gvO%IA6PPhKaoTK
z8=z~75Da&l6@yhBewNklt6rnBR+&5~`wb~B{f)MK4r2#M6@G_xM!`cTU`-_P*tr=z
zT22t(aJu(HdB=Nc@oHlK{`>F8TX|HpW5wZ<+n1FutH^ci*d?!s3r|8r_pHq@sg=t<
za^>-tu{#W!Rl`nG+bFryeQMc!4Tq~uz;hj~x%Z@C%K*{8hcGVR(BvYW-^@t3_-H7P
z>tP2zsQwrGr;UH0sI8eZR-b9>dHx4_nbFD2WHsk)405ohwVv(>0*cmteZ$|WF=&~A
z(6B*K7>h~ea|t&qfNzbC!zF+s%6Mh$l7mDYlmMMlJ1dnYmBtkHw6yH(?C4dSU1k!r
zA}*>Zrd#OY#wfB&dVl=FjaD{Gpzh6Ew}$!FBR*2XSP>B^9vY6(&a&l<HTJlFUv}Kg
zlSHnGSEHcYdF|H}1L+`^uCD9mL#@%(I4y1ELOV8@$ed=u?*X^P9)8a)(=|w~XO_>#
zT9(5_JT1C?ce|*R{v)DSM!Tv#422r)AfWPSp)r}St*kfq^h!-lU5u=@u&~6V<27x1
z0`R8nc%P?nQx=7um6ak~mx^im_|d$bIs&d}R>o-Yv3`N*^Lo_eZV6bf_yfiZBRW8w
zJxgFAoGKMXdI7cFPk3K<28}hUr1PfkBx1-U00a)>eNPl#zeeOWUnM2b7={=?%S#7c
ze!!;b)tb+f!g}PsIzahlzx^n8Grn4CR(AH9DqFN1v6yw0zN~JHz#0g4G?1Pvs3I|n
z=-x{({T>l2Nk+Bk&&A$5@ei1?D<Zsj`$<bXtafa-#D>n78^o;+*gBoFn-xBOwJ{^$
zXeV#B;Ea@BSVWOg@@MpZMA-B4jAzY!-2EEp^4qU{D&AEZ1*dIGr5D6`uovhT`*D-b
zTuGFwPq80w93QzpZU*#~yV6JUQKy_iv0oJOUqfI?c(EWUoU9X2D^@lx3mAk_G+n{|
zA|~UMm37oy`qdNOK${|3GOX!yZ7FQqFH7I&426YMvw+daHtQ^!S&2WdT575}MZY9q
zKfol2ZidDNzi?4<3U)4RPFLv#xts%f*6*fU03G&qxjZT9w|QkhZ!kAEZB7LIL@%n~
zg{6L`RSe|t7_8?%uz?WxA67lZXAYrHpGGfRNmhtgSDBoeib98?4_(biP_yu5`_SKL
zd|NbFQIysF-m`ZcbPYQnOetu)vVj01Be7z`(^OB-j?&qa3yJelhf;M2gS>xRjB=>)
zZc$CWHcRbz@<wkEU1j$5{ptMO{u*R`=%$3cn+t;<D(tEff#%}8g)tiMK$RG%L?=gi
z#6}CR5dXBD$2WCv2NU(k&V?7%_msv)_&;Cx|3Clin*!KU>>J1l(!;-g=Ecyhhqp58
zXaAw4H@7(1WHuhI&MeW_fidd8ejXgcC!|SeH{!n7OzPLWXsv{KMK2!w-`-aHGM0K_
z!S`eFr$wuyvwasy$Z}@Kt%b)$chy61UaDZy{OIW?y#0oya|`#1_~RMj-&K{Ku*FSY
zU-@nEx?PQb6c1Xe4iBy;G0c0siUd+Vgif@7Eaues$b@gQdo1O>hg-7oTW8SwLVsI4
zM_PeMwn){HH_lJQ&Z4ar#H{*>*9sTE5kAE*dG~tvpdj;>svOlPA##go;<L2Dks%qG
zX(M~bi!1R544syI{uhqmDG8^7f=>6LHYHAt&$><lovsvN>Ol-;`t6e<%a*AdaF0`|
zJ@t(T4dyEw-=HN)qnU4sK5q`NDq^RHDiBlJBk<?>v7P(iFMtXbnH}->>tiO4F4y0b
zon+drG+w`Z&nnm7skK_#!<oTLeTaxpKG=gc&WW`qdx-`LuG*irPnk4?-3O!@Z(47A
zr7o$ni+THgQUJfTQT%h6U#G(7HU*aKB@O8k8J^4z4aO-eBYX~e$laed&IAdWM!(Xy
zPF&y8&v99_&0=;D+WZVJ9KZI2I?{JhigEMU|8&VxcPTFYWASjhl#$vr(q`h8AfW#I
zrBr3qYYCKJJRWr!f!MO)E}kKdK+QfMVH?VCY9IftEJ{A&T*fxKMNDwvub=Hhry#T!
zdejo}Nmu(6Uc0K1d32=HTW!J;au;$Kuuk6Viw7qDb?v^1&S;<X6LI)VzoG0a51TWU
z=V!-qrw)o~?)6fcUAa~UVz6y~=f9fp6D{qr38Uf3fn~qb?R!nEnh;42rPrQCP5IRG
zv22u8XVZqx_Rj0%a(eSn;Od0VL*_a0AsVv7G$N2R0)MP7$y80Zlq<E|z|54ba7%yo
zo;}1UXr9Qk{%(<|sN39UCO941_Y@T*%tXY|gGBER_&)0C>!U%jQNuqsa;974p?z{0
z_>%j$&1`Rsbt3bhoStR~3`}yIJhIMyQqR|#L|XZ$bH?DD1Exw)EpSoQ+{-TkDsJ0C
zx9_CB(_H$I#3R)i*2W+clMU+OB4Ug(8<v&s=WZ-H`m{9bZk_;<NnU{DTZ{%Qfs0Ia
z74c})z+*u!QEYxD!``MOR9p);x7tfuR8jY4=;SIV$w!|<OH;@?4{TAU{`KS9?O`A*
z{#G%@xymJX^40O_+qWB3O>Txl+CUu;X!d49xu?_LAmqshZCR9S&3>3S0FjFU*e6)S
zv3Ku62X8cM<xxaJ8ES!VPekY>x%4;f+)Oj-K&Hh)1?3SmQ;$yA@tHJb)&A*p*Uhc_
z$ywIw!Pdg|-q!rYZr0D{KZfO&FSSNk_-c8%C1$Bbx<>@jyDGiQVBp|e0y!?q2n*9)
z$Yqla>y<)SSh(xW#|HQF3lJ4Nr5MG9oO!>9$jsfj0>TD-uM0m3=qh2SZfW9TSH4p*
zrh~F#-Mc^G%Jje;I2dCQuXt#?T(y@0)rafKk6}rP7r*Wdy2&jsjWu{enW&9(u(j@P
zYSe2ae|R`rXH1bK7kGver4IUfChL~tFA{bzGTP_6w3?v=20^A#O;&n+FF2TAUJEp}
zaqOUz37bi9$z>~Csl*-pIT+{K^|M_HakjLL80h}n@4o0oV*qlPt1BHEE8fJK*CJ%q
z*C0re^XRJH?tb$4kEK>=#AmMV!K%p+Vb2p!_9A<G2gL@OWss1%5)nQ)eKEJ4RvFbs
z`yebbPZGWM{Wia8T^PUuW>Je%*l^@}^Xdq!RfOALvI*U_Dqn@7`aqAI2<_uI(G&|>
zX89TOL81ahw27f;o{Ogukr^C`pXa-+k5Qkrh*nMwL9LAc)pZX{&%%mIl-1u}bLNmX
z!Y9aK72%Tmv##m*&LOr8N1eV``kah~1=(?SX3Ms1VPH-mMc^(RY}AlI&j{x!!(>VC
zeNm8!d_vd2r2S~#h4>@_l8?@hU-lR^Mkl{x<hR-$Dn2(ML6r2Xk`xpvN*b_3^2*J1
ziEn-E?Hv|;_^>32^yU6$mnhZIu4oryr#t*tS}M3PG$0+6!^zn?zkbmvxbBB8S>{bA
z_j>Iw6t#^wR1p1aoQY26I;ghK;o?U0&@!#NKu$7m7BfYfALS;m7-M6aeC3Nekm8{p
z4lyxJ#CTtFn#ZG}T@?AQ{PhY-@{aBu1hn`ySeTxHAp)IQxFRn;?rK)mN?x{1qt3J`
zO9gdh$@9YBulKQYFqQED<RKaZP4#fb(jWyabjPkF6)jKON;EUV6Z&i&3fvMs`x@&I
zv&+fJZE-yR8utKwkoe|Cr=|Zj7G53+WKI@)Xgy&0?cJTJo<!2>wQDO-@Q*Q=8%`ox
z1a<Zo=OP{!HqVVqx1^=@?g5<I%He4A#}W3k)$uH4q8y}vW7o(i(?zQ!>bHMQ)taBf
z(8(>z0EGO*=LC;2{JhOP8Bz@>Y=(f(fj02h7=%R-g*7r!HHy>9efu@VsM?e9u=edE
z6_u7F2EZ|G8tOBU7HZUJ*{_RHnvDehzO5b(c|?r#vIH6BmG%wdSKy_7CJ?2OB5Ikm
ztn3=ygiBSqF5&=s`3nUdk2s%v)XFMsb79Y!tng4JijDAk5S1AD?A<qVG7ISv90HGC
zBK;kF9LAhm@Uf@}x^y1RH*9Bf?;KWIp59F7`YzRBoV#`V>!CtLMj_pMxX6H3+bM^B
z7s7*|_H`cA4n{%k+glH+`st_@I`k_ZKYl!<usNOg3{TF)3zXk2O&oHhS;1v#zV0kK
zUF@QsLQ%`Cxvpe`hPbUw&Ky(&<;x;2Q28GPjAIsRr&HiwEy^t1@zrLa<wW+#_cds&
zRFq))^|ioUwZp%k+@3^iiw{DPTAsVHRT-)>d!4V{2(7^hkTp^bD6%p5!HaAV6C0(K
zN<=EjXmf?GW<T;bh?i&f=g?C6K>|37G>gbtF!8(F?r)yzilMNPy!KvH@G6iZDv~IY
z=Qw#>m86w!;KZ=3@C+xOCkk~2NihJ%alSg=$A916f^rNeDf&mRY0@+XQNToJ1bN4<
zM>vfdM!q+h`~nI6C!^%9a0adNz<jqDhw;Kj&3tnBd7_}Ka$svU8pLO6>sTgjADbe2
z7F%bHYZA?#fa%p`8F~>+hM5up>q@Du1dKl_AyFM~D$Fe8{Q|l@o#w3v17b{SA66gT
zz$|(AWGK{Til_|{dn1}p;W^XO(}xcfc#I-{KTn2uB<!;f7coK3T&D`MkS!GStbfks
ztJb4^)$$OEWpu}{k5;3^6Ke^5kuQ><Xsu?kDZ5I2A0DlyE1_sH9TDRA?oYlN?ok;8
z$~);ur%otrSf@CwU!s>-KhpZyM>WCGE~K#j_2pX|g@CtpZQA&JsQt5XZ$>hK2w~Ws
zCu^eJBS{VyX$^}w)7m#5zS7WJ-6w2E^@(8%_OejYW)9e)+$V?S<?U>|R>=Ihct)-0
zDUUKLWh>S@k}8WzQJ;--cY=??hz#}5R+ai3Cx<(?8=`eO3zKvQwLLJFnlq`lQFH$F
z^O(&p;KD0ymnXPN+@h(W7z#bML-Y$mSgPZIJeW`SqfByc>w2BwMl&i?zNRu-+->Di
z4ZED*bX9oWbqk9(NMz#}G#$VE$tpH=NkH`L<Zq-3;ISS%3y}G{m(#u`v~Ky59P_2j
z*e26?c2v1_^gPcxZ#Jn=F)3D;ktYDWh|I`Wr(gQqp_}dqysFTkng^?a&NOtOe9v6O
zKNJ>rBPUfTd^8@7>`O5IGLW>4`MGI6EDZ!KLKN=MG`I_=J;Q_&AqKNFz#tR%G6?7h
zeBQ7+nw4FU)7OKAw`Q9g=B{B&o-g`+Cp*?!5Vf;2F8YaXU>?5^aN9sdJ1y<l{@NJd
zj5AiUFy`xUnoZs~vqQMgbg>h)c@ve`nvrq__xIm;#~5?7!JIBH*{(o(%H+*?y)vLC
zoh1T0eD=S5(b0{Vhc5+DRP&!sIRoz=K5(3~6Kq~H+An^5Pm_I-DZ9)k*&CKsA2*VB
zocLU8+3}I~E-?&Vag2NxVet1+lkyi)0aH~O4HNlHr`8q@#}!%<lo_IAcG)~jrKS78
zk6{CslQ+?YtYPv5uI~&`6ZB^kYd%{hI_(aSbY$=>Ycx#W3*21yy0e<!7Q;67ir=)J
z(MfFHkyVtnRt>QRbw+HV+1k&Mar{idTgN?rh_gqT=gz^IPJp{<yYu5PdhuARRZc?n
zx|AtDvPHRRE}9K-?^;VDT6F?eU?VxSj_Y^t`2gfUQU6gZtX3nBQ%5@AOMA4BH_hj<
zf80lcA4KJkFONQ>GrD54({x<DGvI<V9y#0o+^_OR_YprPEZ@n{(&64};fiq2T@qTh
z+ubsStPYj#-!J$nJQp}f_d}jsd<#iA0s?W3%-pX}QMl}(c%n~$uBFT2`zH>|3$&*2
z^S2Qsu#r|xZ*m_6Z7|@_<*Y$<Vg=T7VO5A$*q<%vc>R&V?aG<Sd3lUtHp4vE-_HDy
zw@?UiMugWoim-XjsL-0JnNM>KOvkQ1E1C{L+f7u+Zn+!u0`6xc<<8G#LVd~kY2$+u
zV1I1bj6EEtdySnvSN&>jjQiR0cPh%Y9X&h`cnuD{3+{Qo0V5O)|Jfw_WPoitvC`sC
z`)ryWgd1r#0fXh`E68C<RSGZ!BY|C$1CCQ&A}w?|lgnf~14*tdB)cuxbZWe(%kAz$
zH52hgzgfM=(8rgMFDrx;8reEb@8|~lcHrTM-6SLU(mi?*3G!hy(~bk5WP6YDpf}Qk
z#&mgt903ehqwnnHeX$9gA7@w4sXL7~)$cD9LcL?57oydn`jrCf!^8INX&e-B8B3=%
zjA1*j>Lcg9tOVnML<YK{nqm|V<FE`z0C@Y+g_P{>dgZx>!Ed4Br8G@q7o1#8ZxLkt
z_ust_TP?nAXJ$yPzcfCvSvpPB(|+`%#kvB`b^ltBt|EYJv)iK{i9F#BKHBJv(6z*0
zRBbrNKLWQU)zo55VNI-Tey@FKpgI3jECS}JheqPjbk!#M0(OcA6U08!SeehbNnKie
zG^sAdn8siJBoH2|+rIfc6FOm+vTk+sOAvsFLQb!Z!8vvw#TbQanK=l=v4^FPeOs#%
zBJLtqm;!?ZqjwX7stMY5@xPV5`;(oa;}U(F^D;UMU%gDnb4^e6yx8onx6RpvBXvs`
z3uWu<@#ihb@RnfUGN;Bf`x%GMrH@Qb=YX+@N*Z5w94Un6yid)i|DDWZ8j<0;)0#kn
zOxB(p$|@Uum$u`A&28OmCr1lMzdf0%za_iRQTG0Cl1101i|qSt*>|zV%up>K_0--6
z9@WoI@MJ1<tX{K59#C>yt7W2oY0wjc=GushC8d>>PUqU&Pux;K<SFHMNYgMXir7I3
z6cU?A_V}Dbv@#Ey78S*BS)Fw4I}hwqtnX@8@*Zh08y_3Y=^3=hEG^QY)b@zcrC<H_
zyT^9Xx<4INu|s2TJAT}CZf00|_O<ru=Z*94cEsFl!YUYEwu2QoA=g2^-Z!S6%$75A
z@m*TUd1Vos%$#{x#T*ConZ@iB;;dF&<grfgs;-?4_E(8)ReDU5KEqx1x<OY@=w#Y{
zhUk}AL;1?aY%+VJT|)mNx<LN?*~wv0GkjM%M#^94G~yL(T8x55-Y{Z%`9_afF&;r9
z57SH*A^EUxxv_Gjva32k*!B^qLkr^qy*!h2JC6Xy(@fc5z|KpO6einV-+QoRqgB-A
zww$`~THTyiIwAi4hPTC_1s!?!kSChtRqrlS6s;(})o38`P~mF2fwDiUVx#ax!`oi&
zel;wyoey`>TSs}HR@0@@j~`_K!8W8=;tCbBRrzo;Vk~JZu~Vh(7A~j_b$D6mF6+y^
z(Jn<Gkhy;ur~1UzQ)3%0q<P7?()IX2jr{<v+Biu@4QYdV^}-UN<Rz$f@%kT#0_L&2
zd?DN^TL|T8XVq*}B8n5su>MZFgBQkpPBO!&aBO6x3Vh#}Jh@Y<=GlBF$;3_v-z~>p
ztqdzeWa6N3nAblw&IIs)DDWKl_hk>y_+3LC;7oX#uO?$8g4hg&Bj+z%I8fE9QKqw;
z?t_%a8u_R5&GT_cj5sVzZ2{=F+FB^i8{M(!iJqG)7&0FmOi!s#HukL_1viq+*4vb=
zhGoZhb}E(NNi{KW2F%UX_xp-U(;{v}Q?LGEQi+f_j&TaUTl)|4jYfyeCq>C?JY{kd
zsDN^*A%*>4x$PIU1NDD6eYD?hsj&P~|4}a(6M@DSEE~j!?j<<3eSG5BPfd|hBUQj+
zWDDTpdVcYl*Y6_zY5<GwKHPWhTBb)kvSMFTSX@@yHaiD)=dgr4+F63NjGisYG5Zlc
z-4=m^YC_Jrs&PssejyGr=0j~|?(M?;S&1@_de;U^K6=pH7qSN+GeU98OqVOSRy-Qt
zuxdI9tB<;;<xtyw7pEX|v`Qycpc%<f(2F@#I14O*Ius1`s3bO|gg!k_H*EBSd3#jT
zlP3(1gscC&&REa0%8B2s;x_A{pF<qTS^`QFdQaH`OKc?8A5S)sFD#waj^F71vADP@
zjI<d^<hzriO;gt0RTOhp-<Hd$B@tZ3R_j~kD<=CW^RB;PUXa5$LLE;+c*}S407_2;
z&ywrb3KF?5ZTKR{zpu`@JB&T<^^THvcP$2nGWwb8mis`su;NTK7%q4DO{Y}I-XS5H
zCK&M#0v&{{<*vTo^Y<}A-#9aLoS?Z9d@CaIBHCB;WKY~2{PvI|#Ib_?^`tcM$bqjt
zZkwQc8$-!@0gJrt^)48#l<X<V`02B!toS(3Z2%1fp=8@87E#o!&OF-jyeZp$w!5`~
zqUEBKZs18vvNUiXtkX|4M43NivaFI|uq2294&XCuc%LQ^S{4+A5!^b9Izp(S68DYr
zci&@sYQcbd@}!LG$dKKhncB?p57+)Zl4Sia?6s35*P7()TKVkcoz(>02+?`E&4+@n
zc;S8-tZRp>uVXIIGc#*kDJ&}fEC>2DoS{LfQ9vhZ-)L<j<#?f2<T#H0qwF5rd6kx}
z%wfZ({_$gz+4MRj&ET_c@xNwX7weB0gy0?#OtiV_5&`bkrbX&%O>a(#+EIb04kF`0
zi=}g$8OA+4JQQsKB|4b~6fdt#sO_oBRF*~p6n7~{o$D!&Z9PBiWu2x*4py~7cH=?>
z_2_L(bf714o8On+@(!@Sgs>{d**RmlG_%2Z;w8$w2qnFD?{PrZVuXtI(dz@oM9*eK
zFjy5lXp^}I_w743J2g%XyT94T&o9!<Q*<wa@5#xj43Tk0extTG&E-@rs!NEoBo2)_
zc@89~PAHypiHS8`Kf?-UH<C3<ZStuzViX`91gSd!%UHsJjsLrDH(UbX`SN>&<u`ln
zu|o`z!L&P_ZyUEC)(#W0buPc&yO!0ayGa9<CuS)*++&xI_&3Dc3Z~S0>u3O~uqq6;
zWxV{M=j}s|P<u%jEh)f^MPqF6kVBiD$GBBbWILC$Ok&5Q<GN$c2e&@7AMcCnpC1=j
zM0;4h+!=KV=Q`Zb4!aPRQisQ;E~o@|RvPR>Pk6ls?6yZy5EdP6ldmoKGO9_9VR-RY
z;_fy|@Gd4=dWUrxrQ=e1W-}e#IFTy)h{s#l&FRxXIY9nX9+a;2vA({(q+i|Bq|Coa
zB$T_>xl&31eXvWE!TWZ%2BLtQT#ekhBzXD`)UfRpXKjAfty#=sA3l7@8*+B3Zrvur
zDt%UKuK;Vxr{3C8=}>WG*93{hoiiNOMDBi3`?F`dKADuMlZXd6-*Glw<Rw}=VO&CZ
z^&B1Vw$Uf?jI*>$UI-LYBv*wc82j<Qu`S)-{I77-?38|@%HGUd=hIrwct3ga983e?
zgeMWmr>`KbzSU@^jA$4w17alwnq#rFBdn|v?;9ud5Xgl9!?C-#xB#Y2Kj)c_hTKL*
z(SViOy1Uh$MLEJQC+gNpFU1$9h%i4UZ@k-{iHmMuJRUtf#b3aUmq_m;Wh?*Os!5Qj
zl~2AC)0+#9LVZv1jqa!4dtKmhkFZQDLRzg|tybB`$!R!N45|d8pS{bxGs>TnlamX$
zdr#sp7FVKqGV=Er#9vxos|P*und#4^nl@klLnPv&<?R!}6!w#$c^-2OANy@=i)!bs
zQcV(Tb+NR9BTd25fgqdU$KboRF7+PA8r-5~@J7qLok){qdM*SDeTba!4=j)h*!RYk
z?YVTziZhF~(uLJpKnUd%>1ZO{e-?S|u5fT=*1w7&$B+157&_{I0Vpd~cj_WOlNXFR
zvYlR({bmT=)$p;N+LxV`uMB~lS|iX!@3PhYzP`Qz0_M=4I}nVOwSO*d3$Dhcx<?LI
zFHm<|rt%c}?dlT^Jncos58RNZOIrcZ|LE|r%I%-UFLg^$4MG42J)zUfuw6Jryjo?1
zR3(7BDl{j`9{7G9GKJl@ey6+BGcnj2aA<Bbik9byKRL_lQv7W3taND|k&8{()3{{@
zdCd>19i`$3Nk*g62-{mYg`8*7`Z9*sBl<UNEeqWC*V4zR?uq3Q91;siL*8ha;D=1!
zk=kQf8;R4wFqgTYUxn7M@$(!?s0+4A2bL6ES$gH?FZGoo!K)U_RWdUs^*OgrpgMMs
z6Jqy;p9jC=?kCnB_@{#O^Mm;P>>g^9|0)+@Uw!gMzifM4t>xVtzy2~U55?3<vsB?t
z&n`@^Up($(S=ml<Sbevm&Oe(n_dpn&#{Tt#qV19YsevrKcRC2gJ2pGXM}p0ZILlRQ
z$LU@dpO8MkjJfzsp-9Z2$tGJ+d#1j*ftLtFx$eQj(7%rlU&Yuj37r=waJj#SP7oA-
zr|D7o>(`In@^VA8*;|)=UW!pbcKgFSONC7IMfm7HI<io_!^wA4R8|sHu~uvBVP@vd
zbFAajC0TYtS6f_PmIeH_e7$q2pO^+2bM^cH?*{0}yQ&l2V4|m91CykUGsXEg-k-AW
zW!y#L)JeF~{+U$~!QzUa#oY%xfAR3>@(e$bKTM5Ot}5t0vh|_!)P7Z94rzUq-lS^P
z9xlQ44o+7dm2+?tMFc!q5mAkK($(RoCEU#%P=8_%E!p<-w(iqL4UDJ?uU#zkxwdY8
zvxecoRTbMhqv|qo^DHyUe&`-H7kDaD?{VADO@7pNnuo7_7!Y=J;Vu)20Sog=Wye8u
zn{Q&8a&Y+a;tu1;(DCFeO&1_JDNR6=lzI=Dt0e(^)vqs0IPY3|e#bZJ@(b?{RhU`K
zEFLErQ@M47#(E%$jRiWS;Y%GU;!#_W5mdybHmSz;Yhm##>ORZrprH5J`x}#51@s=2
zN+sj?dM76*M7&1u>yEPNJ>JT?e(|}}(Vc#Xp@0%(t$yO+1@;MD%iUC~&P_UkM~_xr
z!rV?K5~vlC_ki9OSZsfIIw!|@t>kalkxB21T>q=OpSJ#bz=geM7LVFcPH2C^&-*e`
zR%Q=HYqCs`(W#M*6yrQ2i#YgPh!ZT^j6h?k%QWyLR&gY}$PK-6U6LJx^C8Pi0*Vbh
zEyi1UKk6D+KPU=qVB6b;hBS5K(_%V}&<2G|iO(M(4S`I1#^W8kVDwFWJ$(`xcth8#
zK(h+;D|zL?#2;zz!H5_`*h35;LIh|*T?5Z0go5lZk+;b39!FC<nG#pm9W?aQ%H0no
zB3U8(%sNyrx$u8s=UK&TnYKkVebz=si<oyqeySn|4=Unu)qKl$vz}|PLp?H5saG{x
zBPQkZr2~>A!N|5S-QK3;B0X_h^3#zaIS8wYQYw{VzPmi6-gv)EQc_Yb-J*SqOw7}+
zs;E8KpHgX0W>t-lrC}H9`tjxERA)prr+kKcU*}g@f0y|<kk=&1#VjmFa7!aDAT6!2
zF2Tu7L`1aem6Td_yhi;G0myOyjMb%B#}K!ik<XX_(Fn$S{qV<rQ8az408p-%TB{!I
zRM6XW&~weV(!6Io0m6_X;%au#dP{xW)yDcMY7no2SL}n*60>j$7j!6m(Nq~+L47~#
z(r9$$GHCKzD(0u@*YpU!#QHO7#znGq7xtr!<?nH{a>%Yww$kjT#__(pmXnhct(BY8
z=hE^UWT9utTj=S13<idAnT#S6d>>|}j31fqIpdzyGx)NjjOuszrDZHdEj1)VtSUK=
zI^1j9+!bgytX>lywnG8V5r9Rt<3Z~pk2vavebEP10IJ)kglvK>3J~X+0n56osHyKo
zJQl%6W@>36^7C`c)N7;yj>_WOc(ILkR$`mxGH$!KQE<#@;+xxOUCXYafq_Fc!Qw8O
z{aLdqTe;O+#;%JxjLL<IIVJ0U+9VYyRIOKU7*pMwELnjEG}0$*&h)(LJVEU2s?JOW
z>&B-$d8C`Fg|x+s!$lwD*k~V^j(N07R(xkaU!7QJDS7@pZ;jM8aZRG(21-Cbu!q@?
z`5QpYF(um9-5n!cAYBe1_xqcio#QPO@p*-2G4S_!VR@=ES@O+13d+B!J%_)vXSvj7
z96Z}z#>Jf4)2t=`>S8sT>S7gr5hR{#o*llDwdWlVY3VtAyag`I@Zw69=V64kroe)>
zlGXc@ZiR-e^`V;H#>}(m;chlw0)BsMV`lm~C&`L?8_hfOZY)b@aVT)_G?NG|ZGFTf
zJQm=QpJg`;bUb`$^$y93*fMb{?!?fx*3<YC^2qFXbGI9-Qd%t2Tt}eb$xyumPhG5>
z&>;8uirg`ycoYf<2CV&f*Z#ngr^bPenYQV-#Vjoie^eTxY)a6+G`AhvdG?1q8SDE|
z{gKF%xhv<#(mYuB>P+$C8IK)^(>4qhEd>{J-1+*6pS&(FUMKZ)@2F(=nEhnnRD(+A
za0E3*quNpkN(L}d|IW%mX2C{+Ez8h2MgNas0HD#oEz|s%Fc0uu<M(TxqBT+)yLam*
zcz?k-8u{YJ+F{>A0BJ)849jjeH8nAg6$D13_XqLCoM$-FS4a*IecVHs=+#W+&a1ub
z&z-(VZtK^QlDNCxhYf*6dLxg}6bGqdv$ROm8@-~guL&=?>m`tarE0lUuUoGaRS}-7
zH>~f3bDeoTibxR;qp>}u-`o4v(CBFOz&G>#hxVO2oI4l&_LdfJN*Sh1uuvlhX$r2c
zqphA?9;Qg&Vhb~@<smY&`i@BRyBj^H#%I~aWS}Zr80(HFBnWG8x;P76Be$xaf9lQF
z`!zvB%V{(`AsY^C_JiTR3NO#BV-~enK=j0yvjKvFI9MX@dl55j6k}Wy`-H8r`uQzT
zOSfe5DlKvv4<3|Srg{AYvrt1Eq#e*Xe*M$zVko~9p;SM=ZpSeho7&O0)2u%rU)V-_
z4Rt0;X8jNPP5@1HKfJ9xH#EUTw`~~3IuzREBTDsheOFsH$jPmbhThYD@D79GbM55^
zHIu%wAD;&6)(FLp$<qshWjtZKLxClaS~x1R7sy_&Ow}8>xRnCHZFsfuF0cQEg}RD$
z*A`O6i#uzoQ_aPFJ3o4&bhPO~H`ub8PNUj>gZDW?6hO^D=A>rkIs2g@otu(7)5Qf?
zjYNi9_EEbbSO@eE3R34;3qz>}Iy$oTZ`Ltc?pRY~cv0}q#F<l^?LoZsFBCo}?5Q3P
zlv#gzW#_%fb1QRq-<EPe%pb>m#BG=LVK)tGzh_Lhj;}`G<+N9Yvo@B)f;r-$W!=N+
z@%5(E(F{#Ws+IY8pIOYw4h|&7kjH=i_|=>{v-1^Gb&_G_nm$AuBGu;QJE=pyn)WJK
zvaT8a=Bzf{At@zQ%|*H3%Z3Rn(40Uk4vv5zne-^^lbby2mtuc&zv(&?{_S_4H+y+$
zjCD7JKlHz(GF8B2-Rv|T*!}L^yDeL{c2s<M6&9)$Z|tNu#noYj`b_fQ-%ircbL>CL
z#&&An!RhYZ^~^8)4yv({D6`|qBAd6dpY5Kyacf1pLw0Xn<8#Q{&yzp<@=&g|hE%;@
zRTj{_?DyYCx{N9Q_tU`I{SrLi`FFgu^m$9tOqQQROMAOs!LzW?Q2(p;=i^kD+pmv5
z)xfC~8@Zjg>2YdmYwC|>E7!^O)Lfc<bL}NtXR6cmb%`bFoU7w8OVM>F7sH3SIHY25
zS=KJK?XvPMn&KCXR%Q{jfIQdKLdC^-+SY)qb&*-v`t$GvdXMl%p!>z;y-q@t6BChz
z%S7W<MHbNXPI)rs_TKzMx{0-bh`=)AH|!*{*CklGrI)OVfm|l|v!#haMTET9D=GDk
zU>|vj&rhvY(9!1{lAjXx^kHon3adg*d4%S+p2=)4j}UJ5Z_8F>sGrx2E5VJZiZE|p
z!;*?368A9je+&P9><i~dtKpxf7<=hUkoeVs<IkIJ88fG@WVv2`0jxEs{w)KP`j=Mf
ztCx}fG}&YZKUj><TeJ*eysZDwg!Crlbr;r%Beb$IUiHED)qG|a+$x6+*h_I}A2j-)
z9$uR-gLtk%DgVM}*>A6Hg7>A;wt<&Z{r#Hr3+;;>u}a{ao&^r#oTJm`6SQ6Pun6^y
ztLt%JJA-%H5ZLx*CBC%dNtvCBVd-j?ZZC3+b^#0GYm|KaAMa<v!e;u8XvNeVM81(b
zYKP<*<xdM!Dq4U4&YXK9|1M2~(tQb>78|C`G+w)o5&x6fD;Z*5x7s*=r?4$=a_rlV
zz~j5r&$-N<r=9RIFl><!Ibc3Is;re+%%lE#XLGM|oO%=hK*?}PA2J*B$79M*24^^Z
z7%Ya`NQtv4Y^nDx<oenwxjJVayu2uE^WJbIQZ}7a5C-tFCr-Sr%d)FnUTBkIRMt7u
z<tZpCeEFssw`F3J!?=c}ioJb6h=W<Q*xbaP?5R3qPOY53NeONnm~H%X2MYol%xGDZ
zi!RLKeKwhI(EaRC$Xo7V*jr4pNRuU>9=P_Q@9hW9o-}$(uLIqE=}XUxt_?gbVb$z<
z6aE)VBUKTJQaHU<eA<s$c!xV!W{h}*mvjz$wOL5cw|c4<S)@!n4a3Hg(I~(>JfQgS
zzNhCj=Tla0Ro%Ti_)WIOp;LLqU60%=kov%3;xoOVFI*_#0wJrK-o><zS*V!(Fc#`;
z`>szMYebZ;-ZMVgje7OaJ?mFRj*)?@eaLO{4YX)+3iUh77Mq5j-_y4YH(bpkX~!Z{
zc0vHw)N$uOln{3smVsue!Pu8;ou?o2<mA`3G5zEM$oO*G64RZ_+{_CTW@IEuU2)$y
zcq0}&IPwoEfbZTr9nlDpc3@SG)3kcMX>C@zO#C<y4&S8a&dP{U5P<!LbqXF?8}|0P
z7x`@3vL)=qt(7tJU~3~ksk&*~^n|UqAzdD-(2t6WmBHmQREIatvt?M#S<-c~_23t&
z!F9)OLurthMvLh~`=1xoVz0AE)?Ffn&F|$>Iv^0ig{8%zKU3PYKG|}bQq*W0SZ_8x
zsvI5`c8<)c9QFMO80EZHNLVe!5GGTyj)<07-pgv=YH3fb1L-<$MN>!;(%5D+4&+<(
z73Kg=t%Q$?^%tEUaf+&8DeGSbXcqyV!yRXHs33fTf_mN**Vn7fPnHF97lE4H|GS5B
z?4`qeMh#zsLIo{fIg6XmNVu&x9E<hua0Ja^$n>-eAAN`Dz50#H|GpmGZFjQ{Ze4T#
z=frPE<3H6@n>fMd1o;TZR7kFZ^|R(O1apnrCD*YWIYrN@AcL=0(pKD`Gpht;p&a-t
zz=%fMAJBs|WggNx*4cPgEB+YOEJr%DiQqGRe##Z$L?TU1w0d%P3l;sbJiXX+`><a?
zbB(&8VU&GW=iqY2mnP{J+{3M*&XVKJ%@UY|6>bm3t5URF4vtKF0cQP{e>WN)OGXWm
z3Gl;T5VLi@3Gd)%pPeDR+<x~I?7M#r+;_09ZdXTx(H0Fy`_=2#RDY9j8|{n;^^2=w
zH|%MZzFs_RpFaLf?s^)0Q}>e~s+A6N5nF8nGAdZS7L5fz*}L%qkg<?=#5D!;E)M4T
z70t1#?MIqlN!2^1@_;J$!YsS`!fQ1^$t%_~vgIE-YBKR>oJMM?2`#6Ws->}Mur4`M
z0x6NCv~&@lnNPGLf)aD5fw$8gZ|<yNNHeK?d3FP$uyA(Qns~+YxR7GYhqZ4`A683=
z#7=o*v-m>>o_JW@b;Gg3i`aXW%R~jL)tk}uV-^<s%57o?HQt;$?|a}{X5an7(5q37
zcDv~F^Z8&_2^vJL`dDA)nnttfp`uEK6cZIsJ57L{N1+qCFe7p~IiT#)r8}#s*8dD_
zY)-h^#nnWl<aYdxfO5Wp2kzMx?UI%m01Uxu$ZZjW$mwXrh8@SAO<X^_TLYR2kRtAP
z30!G;<3th{w}$n&e5k`kF|iLN?RR~Bi)>!9I$V(UWTlXuow<vQt0JQShecuG?l@xJ
zugzc`9B!T^i!e|b5KNK9eBex@nR!B*bl46-qofS$Ob+Vk=#MWFWf%RfH*KRi|J@VZ
zs@lkI7?NAu9oj2#^Hy~jsZ#y$lQ2*LJ4dMoKjKS+hehHko}TsHKPuYI4ywGV3U{)*
zNF+VVS`>wPn_i1J%k-^0<JU6$PE}=nH~n<@Oz9x^D9brHSe~edXhm#dm)!Cri-*H3
zew?~*fOqB34U$;Lv{UPQ;T`ls+;0KpX)($u-@srQZz~Wy>|$H_ORhBI3paOkDaO*K
zga!gE%%M}GU6N#N?bM9m!s^S(szliU#dCr&`$Eh-q1FT=go?#<L0NV+f88A$O_bae
zmrRk$U&}0C>84(B%w=ve0@$%atY0dkf3v+tnh>???&D)u#B`DKfA&nB6zjX$3&yN?
zNEZZr(^X&(!nG;XQ=?S$m`#tLv-Cx!Ypkq9#*LJCJ|Jz7Wl3_-Vy~SbKeVu<$^7wn
z!e5+BrgI&?v~=xMaTHPWCqHccxu`Gw774t(?e2lCYktWSmR=u_!L1;-NfD&>|NSBU
z{?UB!_Gkb5BK|*Ma+i16mjApM@=4`K<zqI0Xs7=3j)?c=Z3IsFUi#sOlmF*UKUjQR
zPOUE)`Y+Hppx&e~y#QaeOeyASYTW#F*sIKk|6CmQzg}`R0LBE0<)<&hgq{GLWDU4z
z!VKRVeV#Z0n0$C|#=ej4>hc|;_EnC}ORRg>m{0!Qq$PQG{4x(FfhTMw*JoYy<u=hh
zyGkTHyqfc&Mbq3%=TRs0ZCf)F#};u?mbtSgC#ac$rIWdthCpg@*8@xR=ZZ>8m27NM
z2v7z5UC&2lFseP;@_Y{8X3K^(bn2J!&FrUxmxDvP_wCY=uU3Pjzy0ospWkIAJb0?=
z`wz$zJ&n5}zLrk;o+rUYF*#ka1kt)0zdN*J|4)E#%c`G9AC8xo>knLxxUGq`_kO~g
zOXoSh@$X9qw*D`9n|Pz;ZO~*0+oF-f(jVg2^<%go(h-Z&e_mSnUmkC*3IEw8`Q<<F
zEsU1;(shez*FUdc=QfDvSTch6=hX*v#27V8-TX7s`}x)eP;hk1I~Jef&ll<PhQWnB
z8)F+-a^}B69T8##rLy7X{hxQd8_jGLW~_*^#Q*-}S#H0(D_=X|um5xIj^gp7|3B9o
zvsh&K=Q!8-AAb0LWz_8d-elL6iI)yMQtH2Z`LCaw)6b7>&_{6wkNV4k?B(aH_?<Vr
z{qE(D|F7?aS`Hhj>Go2#^YbHliQDgfn`rj`Z9(?+^HuyV(?7<0{6Dj!#Xsnd*g6s>
z;i*MD_}Aa(N#Irxt|>D~mk#`&H*cYuwH*qn1M~mAQ)TT^$%{exuS2=Mc)RmIN2d!x
z)O&u4W6&%5zq31}$iKU@x053Sz;xfjLY3Dx!`^zQM&nAISt>0crM?$6rH=X9+S<>h
zrI1<5qch3dpQ}4v9v?JVqT+*#QJwl%g5CSGHbY0Z`UE5$qC;80-q+?2%)Bo{HaE0o
z;ie45jo8giWpO$R&0`x#tcVy6P5e%SSTFsbdzSWUZT@36l^%wvjzw|QhO2R##SKRn
zizm2XSL07mU0{QGU2AgcKa#R%e;&dTEBouVEdFQU?@~wUO+SlQKi?EtsHJQdH2C?#
z((e|3eDgg^7x&M5Ati^_V&3&G?fJjn5b@=udMzb_zh0y}?TS?ZE9?FLJQP<qjLsuh
zhJRhn;zwF0iTX7mh1;`;<^OXemSQ3&Ag|5e`G4N|jI4&!S!iid`t^~Pblkzq3778u
z_uMNjI~*AQ-`D$cvG(`t7<6<ZfgiN5CE2I`-<zCAj7%&C`G@|yz+vvy_a4FRyE6WN
zE^sXp`v1pwa>GEw*0F>j{5pS2?b`gSGyTQ?E72m}bTt^Z(Rclw;Mn-{8sLCLz3KRa
z*Rbu8BtKx_;YR<1-~T;ZPX|F2cX`_pHVm81PrCh3gSNNNKuhFkfMe(@m)U66<-I>z
zixOX#Vk&>7uqnyV>+U+{XoOxCd*aCm#fkU2s4+3-IV$aMxPh*<7KlDaHs1|c*!Soh
z2dhi$E{PT0ZvD9&Uw>Tz@t><c+lUFyZB7DX=2V+dBC5>U^GyyQ_*5cPMfF~zhDvEZ
z4v|mwJvY{;*k;(y^1o&a{`{FUY1r@RwVRLx14W#V=qNFlF9~?k5X4m+pS3x?*~#|#
zf*Db?TzE9BsO@BRSfMtB6@xe1hl2N4T6qE^_x*cuQog^m*WVUbX9Y+TU21Dxfv)UZ
zHYc(xS46OVcyICr(jGWRMseA5U#92us}yKfzZ+=j;lrg?8nk}>dW*~w@H&QKJ5&gs
z*CcpeCr^I<d}!^>|D5QFK(!c!6?6`15iunol!tvAn_hXCWsfSIR`8U8)*k)(BE72=
z4r&agLvl`;5QO0qSKVvpThWS?_#=AfX0mGR;nCQ&apTb7{`jd;rZ(02x)_QPGP>1&
zuC3}dt!q>52MQlvlv7^HEWD*La%1()r4?jDvL)?ewxB~w4P{<M<<8gksGW{ZPC)E<
z*D;Byr#4uu5m;O^o;|kPe6zc-SfJ^Um)Nr3myLd3!xL@ya4UEHsjA3bB=9{W#`+qK
zmCUo`P%?;v_?p&n{qvfpdNq{$iY#Zr9_KlB=E{}GlM)iEmg@U0&yglYA??>3y)7L9
z3c&0@{<v!HoI&>d+uh`)1!(pCg#h6ioAX?K%vg#4@YB0%x2s0#6hJaGwT@9e+4$>5
zh6vkcjeR5}5!96r#S|d+$e9NJ-b4B4&{j8S3KCTV^SG-nIj}%XOlfZJH|5cZvz{zp
zxGJ^2pvo}P(Nh~BXuMTmG2D9g7l69?QF?KhV}udFVN^L;oK|di-jY@<JG)}tQQN*O
zF6VW`#6kk4Qz|Ze`Q36aF&@Q+F*v3>q*hc`Sj|vci3%0M>3DGXJ|1#cukVL7%JlgB
zE-h9qWYfo*t?`wJ(G3d~J#bTiH^bae3jj@r7`|II@cbln&1^*24nbnHS#Gumo(@lU
z22piw%(Nkl)b>a1U%h5sCCV!=0-ikKgvU~RFEo~f!ywOo5{Y!5;A<#`8_|P+qlmVn
zb|Gbx)F31gq7Iw3Fl~-`A9e~T9^ObL65GiTbA*F<EYERxu3fuMfQs_q!2`MA$VkU=
z;p+ov&GEpO4OH?=i1M-7)qt7JPC}wh4wF|=nHnsd=N*sPC@b-H*Di7xG>+ZxSH)o1
zqfO_#-fP@^Vl>ZSXe^=EH!gZwB4pookGMPFb3}stWvBTP4h47DF(nx*XQ6!F-rr9F
z(FdPB39*b>sQlt$(PB?vDP$`tvKafPX7S@XtgJ*0){nOMuwCC_A0f@`ICA~o3iH|*
z>6RVGI(T>|EB!}0cT5|h|AhR>lQ-F-oZQwE{cNA3;qTrvJlQj3oA)2mHMG!1EPJZU
zSl{AV<#c~`M49;f1!rgHx-9m+W!75GlRow$<q|8894Q_pifO-N8cZ65avftkg^sZy
znvR2a)C=RW#K31b9I89b5o;`%-Pz+!l_Q2cv~;PN_(twwLqkJ=-#2S0TKzWDfV!mu
z=N`OhV7uIr)xla5`^ELQWeo*M1{6(3fj*L*1I_t93!G+j3PlKHw_TM1b_WI=7d{TF
zI@hK_*etq>G}YDZ1J5!tRAG15Sv&QWY4PiIDOmSAQ`kE1bFffvxUX%jPEXWywo{GQ
zQNQSD@ksRVyyK&e1HY-n)u`8t&cAzzX<^*w06(k*9TtLsU$5gbRZC0qS-hor)@8Nd
zXI0spgakdE;_6BkR|N2^h>)c`H)lknG&%?q<4cgBxyH~XK`$}5wb@pyX3wXXhYI#y
zDCIJN$nT~9vu!&zy?`&31iWPwkN^FQZ9n{gaqlbGJxnqBp%7#K__5qHweeMHaHij?
zu(L;a`J87er!azx!^$ujz|y|hk>Ew%#Ap4v?V(s7z_@CPxt4EO8FVk5uzQgo-g>a1
zZ!^>8m%??)d|r&VBu-Z4NUTimFF%1HL=HoD9ntbuv;pr;ozxs|IdLm#5BEjntcs})
zeX^CWXq#*poCa>>OlYgb&!Q#<Hy{n1*){JtaRl3@TG`)j+>pF@vBuSnB_r|}K@Qk?
zsN6lm%TfiG13*>fS;A^Av1|3Ifuv9{Q@d=+M7gU^7mCk%kF`T3xL;IM!)bbi-%AXz
zR&<D{L$qnVO?v#l1Mdfn2B|vcC$Di&T0(2)t3Elb$_{-6C=Y_cT5EcW=(lf=!U(X6
zs+yo`6;|hJEl6?#6=S@Q2(^<-cY&g@W@}Cid>Bb&LjNechZVBp?j+|~dr0~;F`Vsb
zNa!@+U)cFIL5J~J%Pw#b7Sv;3v(+~88Eu*HTf@MuaG`iBNe*t2qmZ8Yf4Wb888;IV
z>TFaB1n^9m2yasmtMJ%07-KevTTc|SI)#1m;vkXHk0cDhDXq4~5n(Okd~u>Zd^^C3
zV<TZ}`*QDFJ{t+-e}z=DaldXD6Ed0qIH&)LEeZ>%y>^2aswjSJg*-G&HFl?&FJ~F(
z9nc;=PK|aYb)+rrnrhC>n&p422q;<|eW=wdDChv*Jm@$s3JZ_(7P>L>;KfzXOg=i*
zn@TII9OlWo(l^|j8dK8s45zHXKA09%5C2|z3(eE2OM%D0A6OxWMh`*&R+OpX!p1A#
zpFJK=NMc)EX2ZEP`jkN5SQX?3H9yvAc~q7#TK1>bv-LE^d5TY7a@e#<H({Io#FMkd
z{gN$$#GJ&Vl>_U%s`bXoKZ%mAt8u|U0l0)O?8j9163_Fyrey|vR+Zbfp&VZU*WLiM
zY69BGckJx>Y42v2+^|7byAfI64M#Arq7Lh@+SYbJ+J?cy-bs)@o}IW=G8yJXS}vxk
zsv0l{TMITpRZr+(R&tX<QMB!+yuDTCG5^i&VX+a}Q)DWVh4D}xdz37>um20|B!%S2
zt+&!XJY=BRt%vDVD8iyn^4D6d=e(B(kDs{<j-Yn@d5nl6Uzc5<WJj%Lc*_Ea10#|k
zd}>YCjK(~F-O6h?w1u}*9(UjK`o!ghFbA<>*PGc#Y0Mo~MM`n%HS}Cc7XTV5?DSdM
z(p`7+?9s_Z8<L1YY4LFE|4~rzF^bxIYdUuVsT?jl-DjUOKPTK+9pzP*Z2D3o^SfnS
zv#)p9SZ{wh$lS>o%Dwj<R;FmB4(;6X8$pv>CfY~sjZ^CcTRpvoqCT0NVUw-KdQdYK
z+$4l*vXY<s|0rEXXm-tW1l7=@eD^kD1c=;x!rR%?+$TpCr&w1+w4KxT-r>UpYs2`D
zhvD7d@F+Mq_+T!R*&*7vK@T2Ce@>=xyq=(%!+ALxw}yqO7w<-^`MH~{4!w1u#hpam
z0eA^RLt$-BLs^+L*uf>1nIYNs{*@@;6<KEHz(!l63AZ?vnq<?cYH9!D^<}g1(V-zZ
zN|RIkr|yVDt(*Va7730!FV%vTm6i7}KV~zMT6G4wF?GJO4U;WPXi!?8E--tPk212Y
zjkCwPVpKD%qO`SBu2jB~n$oZ4%%1K$xsLJJvyU3el9JJa!2vpThTq@chooj`c(@XK
z4BxDea&<~0Gqqh*3|jKDA+W)aS5m4u-A_C4^zUTVQ8*K4#0uMwMD7)tj%C}AJ+3vx
zQ4X98MFiGaU+0&XEud=ZoCY}&0{27XxnK2Wa<E}w126Q()C2`PcW#QS%x0HwHym6D
z)SnO>va_>yp%nnHc+ypfCW_fTn73?cv$2Cb8l;@aj~~y$5rL-4`qy87U!1p|xqibl
zm8VnPy1YI>fTvu{VXWr~8{d`k@>rqHi<l~elm-Jq{(IAVk<=KO=QpP>c?&W;3}XGG
zeI}0r3yDdw4b+pD3nI>(x;<oXzIy#?{s`DhD!e$giX`VY#ynD5Zw{@e<KS}G6RU!E
zEstsj<<iL|aK<$TObo-BO6foiC?l6uhg%xlx$RAO9QXvltuJ@}qEbxqM-4SJK^>tb
zyd;(pCBfCp&Q;(q=r<>xCLg^r@Ru*QBGn7ve0NE0q7{_wTMu0NAxq;ouDNhfGwYI*
z{rH!bT@u_z&4mT-vRAIyRYz_1=>{<xrsZYbF_fHF*x3e8&ijfiL_b#rgW{U9ElcyB
z@B9=RLWVUkc@H&KWe*8ebVXg=Z}W^Jg{<?^(4MF7W({apj;bn*NMqYS&=EL%so#=R
zi2iL9wzGlbLA@2jWCUW%wr?kgmA@`uW5&wJ7|nd`8rWM|Ka5Mc3@w@or4*XTsUNIr
z{Lo{>*)!2*oy*>NcL%+`Wwc^uil*JDq6ahY88R}W(}xeMZNc7t;?|1JxoL;Ti~c?U
zHf14Y)vqu>4VqBzv~zA9fWe}1$p-N)>BgCZ1x$QKBRXbORI>akQCZF~>+k1b65vGG
z>A@&4mS(9o_klr(>~BY!R*F%QY7Mok>CJ#eE`P)@*O+T}zdsS4xE29)(*0}2_>l2*
z9|;STLX?G`rI3En)03>?X45w7n1re>Ou4(eSA9+J><(VOW~4+QX0&nqbpNfS%^cF2
zLpj)cvRnA!Wc9RdqT24Vpxv9ld(T}AIc6uN;}G|K4~f|K#p5(0zU80wTa|?9Z=|6r
zs*9T1&z}5!DUG_?D;T3GNtlB*+T6?dc9+RYnN~`zwx;#GQABx!<#zYIVM`FP27afH
zB-S0eyib5fK7g#8L5m-XVDprm@@|v+W?A4)txk~V@ZI{u7hkpCuaedA^|{e5s;x@s
z<Hs^>eWuCLipdCBqN1XR*|S_+VQ_R*@#?vI>veU1q`GjLchJV$nwblul;X-u(@%bQ
z0QYNxLcYgX*fTm5HiOEdAt8UUM!+jYg;46OSjQ3z!yBWikxty_C_lf0hz(Nt(0j0H
zsdnSKyJO&aen*n|{Y~&LMh1^<(ChN0EzFJQkfspijheWGI<TKPZ!5}p1n?<DTvW(u
z4LWx1B%&aw5;T#=D8hhGvHPiNw0gK?&NSiLzG_vbkGEf#)AU%>1)1&D8R1WN8&w^0
z$?EIdG2Y)y!Rz}kkDFP>YVn&Lb-Ccu>LJjDP~1B;)i%fH_~uQUtYFII!>uTp++DT*
zY6IaOMT9U~a%2$Gh=B;6{DOnbLN)}#%qwsVKOZ^(1#Cin8O3F~S6~+I+_1tB$fbTw
zF%2Y+5dP|w-}oe!y{EuuPZRh$WRFIY59H+Jt@GCj?1Q5f0KU3JjuQz9YSugVNMKSc
z2S@HxjFfpUQ;IH7YJvQ-y8}zOyH}l+y^Blmr`h0(M?*cw;NCh(J4jlUY1@5O{}p+Y
z*N*XdN^bGB^Al4YQ|mh%fz-qC@o|a1vaW6zDv&-QA@N`Rwz2n+WG08&t-Iq=;kWwn
zWOgCL8=b=Sv-py$*R50h@POXuNrKkl!wHhure#ylL>X4<b3SQJcEH`iR!0K;jZ=Q_
zIa%wjNF^~JX?Z!hB&T}*@Q4T?G2--$TVJWBR(&2-XBhDpns?GxcFfx3MIJe854*Ui
z7g&km`gX9a-xJnINtU$rA589lLA<S)E~(dOqc(j0!2;^7zLwT}wCVP47rVVK_UC|$
zoIZ6b(wG`gY)8mP=BDe61Ev}*@9;a%5XPb~1xRH**0cZS{ZPbFd=a^`Hp$><v@RdN
zAFCpdsRgRgUOWh>X^VSpa%aZ^Yu{xZ+RT)npI_1mHTpgwp}Jlh$nrDy9?q^A6buCf
zlwp;wwvOpcjA<a0y-YRcJAY!4`)<NE%<N*Ws7nqD6EAFVP?MLqwPO9$dOxk7T!6=H
zvlEr7Xm+tiHQ7Qhz87^5&_5y~bw82QYfPJSq+sz`b;I3Vz5DKZrdJ#Husnq#pnf)F
zhrmS$9@A@<yWPH05-?w6{Rq;lov7W!Y0i2OVT`X+frrDppuWZk&nB0CQPM(*5L=@K
zGqI=qDBmUY_{nn=Tecn>9EKYMYK>kEDFWlzoDsK1B1y{En@lmyHTqf(7tybAxu2<2
z0cs8__tbF&FN6qcYfksE@rV#B4{15M7u(m6>ZZE+K@Iu=vO_u8e+uD}iU%*H$zX%A
zV4}jF^(3}8TT)M^x1})3bt^<h9vAT=w0quOl>3+sLs^>jz|_FagkrlUuACV;@=Mo3
z0MW&!k973|s5=mpSa&;@+7=@L^QZA!c0j6V@&(d93sZsb-`x1L-{;@4@#JZPi-e4c
zNi2GUM7&;o+1{+HO1<9k^$%jINSkL*zS1wgE=rvOEY@ys3IXaR!VGmovrGS28dAb)
z@2E0=%G;Y_@`C-C*Yd>>9W`1?+om?B&Vq!{RXhAveQ?eCRbN1l(^#Fdu#EaZ&#m{h
z*Jk&%-vsM(&WHGnbdG%WOX#575}%*p^<bQge8epLw7&$qS>T(*M4n?~oi3`M(B`eH
z&F)|YVu7QU9ZaYDLf~`qImj6eG=|(2ODC*)sy+pUh?xe|e<cu4$4g(5jj1PvX}~4|
zDv2^%{nIXCi1{%QHHHpLdRxuZjUkOWzvlVPw3@+BR>Qyfv_;Z&Ihw*-@yx<{4{xH7
zS1@8k7)3tnGAANBTjeEWKl0<W$Kd<Tp2pRmQNhnlS+Rac7`SMG;%W0kMLc{R356ED
z!(c|n6wZ!!BPIu(uPRZQXC159yVwg8HG$?vHL?EbV`@;$**Cc4`n%R3*%h7nxTgz-
z33kkr`<djFkcM)fUTahxAGhRns8eVeTIif;<Wqk*#ms}xOR>Mx+5Cp~QP^9GPJP^i
zePBP*D(l`lMX*<~jcK&eXdH;<h&=N92iC2hoxm`UhX${t>?*rIbsIBtFxPW_1oTtm
z-4PHlp}~&o9v0_IL{gDHkI*ma>bG}AViYib{An#){@Qkh`(al5)AKBus-s<m>r6~4
zppT&DWn11C@#KcVPzHSSIz}NAKcpmv@qv6GoYbZbMmM*XiA^h%Nd-qEBr<$|&#gM$
zlEJdk@35!g+ndV+4!2qplQGZrMpu1msNFn~UI2i~bRREd?L-WMDMJiPViTt{0xu$z
zdcGqUq=F8ekbcBOTp-eX;;M<%sIf1-P;WknOx{!yR_4&x8NYFZc<j_DbMtl<AQTf3
zq2v<%Rw*!w=<?{1+_p&tj^F&`KhtT5_yb-@k*hZE4al9)fT|$n{rgB;O4EZ#SqVi>
z<)<33-JK>P-4CqXN|?C(b8k9tnsOLXqvH^ZAv_P@@6{t{++f0#BlCoX&kO8n4;yA<
z)x#eUYfx&Fqdb6->L~fMQo%<Q*D><TAQJY0?aBYg*muV@d46x(S~p4^h$2E&aDWVD
z$*v+JAbZIck-Z5!3>RQQKoLYX$exi6VW|knMpk45WQHMx9g;BK^Jv>|Yu`V9d|GP*
zB+qj{_c-S|*SRii4OJdJ*>=U(fR?a5n5itWbsKWgPAE5JS9^QTPA|4+0Mp_sofJX<
z0zfK;K?t)t@BL1TgE1NPA`KozFJMf^PMyl$+N4^Jrl1f|NeQ~h1SB`UECrDiRKa`&
zO@$uI?ouO3B%=c?VgJ5MF{Em|hy<7~gnt!`*-d})HGp<A{-^9zfKdm+Wqiw#IK^ne
ziPrD+sT~&|A^`FBCduU>^TM-lI>mZvKqi<Tk!4XO4S9neMCO5z#pe28Pn(t#;wv3H
z3JK)obFwo)wCT)>;QR*g!|7PK3}cYaZ@R>W3gK2eFzl`UV4H0gfvwfgEB69a@fsN_
zaZj;C5D!L$ux2VpT?ONs7hO+<%(AR{(EDNmJ<CLphGBG7vNr}1L`TXT@$?eEHL4Om
zdC;M(hF<&iZmqlk{Qq@Qt^Wj*35Bt_6`i41I=^eI5a3n5VTWU$py-zg12-QQ`|9P(
zG+7pwq{okcL2|O0juA<SF=}#X)Qtl?@?mL8QLpQQBsG%jgNyIHdoNa6s+$V|cXuVl
zJ{#DTlS^l$0xaK3Z2|);r?1c~3q!`hU`#iA4#jGs28KT&Vc$$wMJSB1Q(ya1hH5f9
zYI(A?$JYp>2!z|od~Pim^4$lSa%5#g_>VG?Dry37&eaNGumW!Y-n^bQWCHV?hFR%=
zZXN4*bvQ@`z`Ptm-C#a&0?=w-Q}{b5yM?7d);b;HYRiraV)UH~+hKje5ZW9b#K-Zz
zOI;$pz5b{>cb0%4VWaet-Qr~DnhbN$2wR0dBxN=fBrjd)c1hBbci&Ovr(Mvc@{;J1
zx4xvncLnqL%}De$<A=z+U}s~S!sqG{Tssgz@&0>Yz?jO7Mw;)^sJXr~6nLb#Y_z%e
z%3_0A(A>GGD9_E+ZA)<JwHn?!<YM6)0NYJAF-=K8&zAA#HuKyqiLI$~E|trYSq8Jm
z30=7{2%x+1u;}7RG506BrFORURv(^>SRFf^`!QOed!xk6bFq$5zuy@s28waiSW18w
z99+2JE=5%rt8CX?z3$Xy12Z)f7@}2R#2=>$ORlcCFKeeks?$x$Q$jvPTFB<kd2gjx
zyo+HC5UU7Iu0TZyd23v@diu}Bq2$NwVEn8EN3fQ2?e4%F9jQ5zMLHnTa$&$*UU|Ed
zeo5v}&ciVP;8k_2M->EG7k84P>?@N7^h!GcR&#zw5&<qnDx8^7f1xi4ad+Byba3N?
zD`D-e@Arg?Ej@_>4;YBYxw$g&d7E%{30S95Oje=_%_<-z4+BA3h0f8`nJs08c7Q-3
z4(c*BfIju8?%qOk9)^^?A5RJ6FbEK>a3hh;&)?r_MniVM8s>_!BxO8WY)`1<6>jZ~
zrk7mVfIRZHbD49l&VpaxV+Dx#Ab)86T2d@(OxCPvfE|HJoO&e^je`|ccq5%nTzu;!
z-*lIUzPV|~@Y)>uBo^Xf&+SL_`e71rSORUn#whF<E32<6KzsuNmaoSu!Vyf|cOpVx
zS`7@Fa*>dcCP`~4<nD1lSljVtq_&kZtghx>i;SFuG*Vj~HE*LARw;tiIhE%nwgcoJ
z8BRvI3Df~%Y)R$B;)=2sxF@+#ON*;6eXzoD(U5tTOYGPS#WBbUt*73geOo*+9u+n(
z@UIwk&A0M5+V|`nA{L_^8)hp_jGkbzSU~i1AvHLIFBX=JJt5)sxVhlXeufpwkp^r!
zp_sB4q7o!-Lk4`)&*OStU)b2{)Wig}|LKz_9l#Fj22}f{HP`{pOcTgMZj{x$$Pp$X
z9(yda2{FVHV8zvqWuEbni1zYj1hkSgA^HrL4X%%aH@EqF2als@=vR&ypj||Xv$+3G
zs@i_g6n?2T=Ff_?%Hs$wJ+0+oAKB%}n%pN(_M$?5DF!%p`gwpX(u?CUAESMECj_T1
zGvgL<@v+J8heOJ)p+ef<#|T=dLESCV7ho&1t9os1w@(S#JY$141@A2V@+F2KX^^IA
zZ8rw~@^pb+Ycy-iw5X`-<qr3@;{zbg>x61*&V<9-?5h6V(IM+4x<L$<R<a7@eu1&)
z(P31qyZ8pNEyPX|Of)ONE@yV}>({T@o}s7sEnac{(FrzYGOf{J%)?b>)|N))@(ieu
ztYnHXG`E06I3BbpkU~*Rb6jKZE=P!%mj!53A61t?+akldvPv;VzZtrX%_V#xZE!FA
zHXG_75(K`F$H1KHawxYxD-_ERgn>zbdIc%O0QP`qou1~<#39P=8emvR!J)(;R}DL_
z6g%$P0?me*rp;PNQVXXv10W($#EG6AbAx)Ck&nq_Y1{M*Wr<d|s=B+4%b#}vXP~=S
zPsnAiR}m@JRePgEFq1hCA3j2U^X@j=*-4E`cSmvRlpOLeB5w?(pCthM;Bj+*7D@XJ
z4_cZ8FYG1g`9~95wP8W7eMNQj@tHGtG;?v2`LUZIc9A?^$+t~U!MV<+t(_LR2zVf(
zd<bG-24UA~bT)0PX+}z3-25fu>%T*5$@TJ=k_&Gi;lN5F0>s^F1LzU(ZU3P|T98OW
zEBL;lZ@4FHx3hB4``Mk+sODYaS)3*zqzOSqu~{pV_}2Pua9Gf@J7B2saWTp@&xL_`
z_Q;VVEvA^Gr{fACAK<_lZxP;Z$tg#&#X;u)<UwI6{Vp^5pH3X(G1R9QTS!D=uhiz3
zR^3yd%#M74J|Q+?5kH0$O)^Z%)<d^7vo%}Y2B7k12{nR#H$&6<>@&adst64_NX5^d
zJ9`!hLBhLzW$Pfr<tQ^?abIo)@;#sV_{4-u&%7g`WMtxs^6O~|gF`Fk)E9Rp0=ol?
zh_f7@p|1e|crASIx+vb}*MZ+}r$p4gSr-R8O6l-vl$xBJ4uU^|I$$LVIdjTh1NEb{
z?rwR8q`ykhwIlN!j7`|UAONhvC*dqCm>%r#m)C3i_U~6yQRxs622m*^*kxR#>$!Cb
z#-)8fkL+7qga-<F9q@$N4L9ID;p?qS8!sJFF#;{io;OKS3~)cilA9@j7#c!#xVgBh
zg8QbDU`4W`SDT%p@5Z9+gZ7D*zCutYVvg8)*rZQsmw^Xp2TEni@KhL%9!-YW9hpGZ
zzD`B)HN^P&T}(uvQco6bD^e~54mo!zhNZNelg*=w*L0K%XY1*%kS@B0Y5)AXw3IAR
z(J(YL-`?0acNx1%bmK)+M}tfuHPhf5=>m|t*b0w$<3XB~X0Mftn?m1G6xY^Vxhv|&
zz%&1%y%_V2PL;=R{y>=&%lG{T;ZJE4M4hX{+f{ilxuO-qO6u!ziW_3yROfh;jpy@n
zOF74U=4B_0ladfz3Cej>6h^~~9p&RWc^(TL?>K$tBC<79LB|()))AaFS`eOV<!$sk
zZW$X}btK-YJLGh}=JYl9--d1JnH|_lwVGASKfQ^~eiI!LF;O!6xvprmtr_5mC4&U2
za?HYh22TA|^s;j#CKT%j5?D~Efb-PTd0Y-bi*LDa&R5v;Tv}Y7eEU0^3Ij*cdj1Va
zR|a14Jr(du`19+SDKr$TzLjj$51?mts!&|AuPHb10nfHvnnxTPaB2tj=f7SCI7A70
z;S3fM#xpo(#6my6dX?=ohfvGIR)DCEFgYb?D|{%m&^;{914~13!27*;jcxoP5y}a<
z5FMeyvNVJvk4@$LdI`0M9;fV1fNM52vWDml(3ZhG1$lXXy{G^`e+Ftf!z!tZo6KT#
zAU{9fOl=;5KEMjpBRSGx-9_@-wc#n)nysc&2p{(T*#?B?b^9`qg#JhMa!-L6R~pPU
zo6+9D`i)v)WN^tIupQD_2pO1wZ>5%#z@o~I8;eu~Wp9i?g=|@D&B*t(TU1SMA4oYP
z$r3(qos%V|WLrb17;+Rz`*=u=*inG0RcAQr^4p(5L5vc0#FgY)0nHIPYH%ZLnMg?M
zWPT%wZF8k7w0sTLdd%q9a)=*ZlB>Y&L!ANdJEz3}R-D1s+6HCP8G_;iq`@uJj7xp-
z#fn&r7uSad5`Q}SytRDDOm2eDQX{)K)ZZe7jut_?A48m&N0^Wf^4O#UfvIyQ^KH%g
z-vq9*{%V?QF;Y4bGHdC8sf~0;phCv6tiBtP2Tx!9JXiuOal3}wv@Yf7tEL4ySFQql
z2dXZ3B(-BhG%s^?O9e|wz!r((zqU1<j;LWq{!#$`k4VvlNzCF|v!hHXi>(rQnxF@j
zO~*ca2!AK99FT&(#qL6LWmG3H>Df`Ix0YFVO<I^6{EEP>kiWB`VA6N@C-_`#9{?Z-
zv=hN-<SE<qnxL&Sbi++n3k`b}M!gau=9U7mUZ-CQTnH%TMv?NH{lg>1<qQdBj*r+b
zEhpR?Tt-wI6TCL^J?!8}=xpYxLM$6mVF-!<InNEz(l`4<N)~5@Y*b|Gefs9s#M)cC
zfUaGAoI@+aLa9c8$i>%4MLLy5U7toJdgix>1GoiA3I_^Vv_n;%R?w3(iQwZsNIC^>
zt}#M@obA}bf=~+K@*5G}dj7A6k=Kx~FV7*J8}dSzz`w5X1Gl0?G(r2z4lgYuGm{K5
z%b!N;0-rolfpTS^j0o)bKtpq-<bA;7wIOBu^z6(dAi;o~&{3d1>_dJB4s0QEE&wCV
zjt`}7@Z0t~i!Xi{gDjcpiq|U-FQN|=_5GM)@(A;vz*M+}0$P>i*9{lJuqPff?-9%*
zj;Q2F`P02jNJxOv@|4=)Liva+CdsXnk=_tXete$X;*BBCm>QbEgoTF#&D*9Wze*a7
zohNcQA99~M1NBT0N41*84vdeDz2K}y@G3Y@kHG;CIUd>o^f!0YG2hN0_7<2b<Ze!1
zINjLN4Ry$7*jVAtsdqjFNY4v63zOG%pV)QF0V@W9{X!+Fa){dIdq6dhlUntPI$%EF
zQp~efp;`^24K^&#fxpuO83+)#G@?LTFCi0p>z)Z2BBRXG%uDy^&o(n;(DUbK26X@&
zZ9;n^37!4cz|4?1>2U+BKTtd44oiVc<#Q|qvX*Yay-cg#r!B?Gz>`?%!E=HNv^ZJ^
z3_Qw7263X+Gu=d|Is9~9MUhusq#b~f%j#t2Kcf6cOqE0j0u%Ji$IH3X0U0jLGKHGM
z>*P}gYOw=uQ;8AT)mQXV^>VfN&UC<?LpO7;d4g{q9Q-%}c_K1Bih*5ST^%W!L2$}-
zdp*wzpLq_ow6@k(Y!B5$Ci3`;$x6OzB52tFYzd9)ccrDJVc>CW-fMt`kgCbmc9o0u
zH^fWl38Wsl(u!C;#Dn^na&7av`QRYAt$6{Lf(hq4FT>LQ*!XtdNAb4pN@o1b#N1YF
zEPmFYMRfS~1mIZd9?O&9bK0c;5>jlydmvKPslu$f(sVCP@d<22nFE#GhVSq?fO(W#
zegOg5Flf7Qk;EDqg2A_ThGWNLS|`_O_3?!@NNpb;#>@@h>PdZ)od|JzKJ9NQc?u6~
zC{QjC!K~!~<E<PH(L}i?kO77rtFb1#xUrbG#j3(O09A;~ji2g8FJAn3Yf5z3|KO~^
zm!tqT)SqZF5??{ppt<5zDWD=*0HHBXeFn}LBDJFw`-bD%#oNHpD$i1#EFQM6nd=(%
z)nkBeG>|~cyq$m7k7*Wydx4tVC|H&<l54L38qmL(58ms&!=Sr>P#%hu+m(Uvg>YTI
zy!{FBC=&wvp$DOqZ%S}nNR2@oqMMeRI3y<p>TxD4Al=1@$ZZ>pKGYZX@87RwVPTQ?
zq2|3rDfEO*BPiw0pEatzD6^wgqiUqZ9?<+pq>WZqoI$558+cxko44YSN)kXHVTgg}
zMK-p_?}d@U6pJoxHRJ4HtwsLl+ZSFf|85-;TS2*CI;`QMVP%=l$l~2~DwX5v)upgC
zw6<aqZ!V}T6uvfwwmwGPoNQ3`{zQZ08Sw@IRh?03k{*oR&kgWLCxjLwnxduP7MKBQ
z_jtnWwAwse;R%1pB+_Bj4D!vhoTodXC7#>90J(s`f3CFquaV85{uCb@a`G*H&I<l^
zjbE08^{OxmA-%3e->qwqR~NjHJvl#F)@5`Y)%t1?2NgPS;ZCR$r4OC{x_xac3ia&C
zP4<YJyYflWHo3((3kB7OB}FewrnWG;wl2d$wwej^K`;BWG!-uONUP@RCYStbE%)oa
zGgpp;MJ>}zTCSL!XZv8X;A5bj7aLXBB24yfi~57IK2$qj5nBJPEcxZES+TC^34gwI
z)c>T#zr23~K|W9e-hwr2yssf3^XZP?ZlmlY<kGvCpxc1=!?VA7cXxcbd*sCJrr1M!
z_m)|NG+T+QcAOJCd*fU@bCMmQ!sx^137}napK3vU<1pQ43mUoE^NnkN--wSc`Qx&;
zV#W5Fz?{Q1=mcaw6hMInM<By%s;DG_=BEf;rv9&^(E^%=hVfg51<?NYI3dy-nrbx$
z1Z|JOM1I_}-Fb=lJIqjM1cnU8@;ipeeI=ao*J1zVY$vFMpgO?<I6Eh&Wt%c<ZfZJ1
za2s0v%ott?k^i5fo%(n6cPU=3pO#Pi{?KH7KOQ%gKzcpirrH3~jhk)TYHDs4#nKML
z2k$$2A=9|l-}yUN_xF9T|JOpo_#DarR_{NcaBKauaFHvLzMFtB8eryJ{!&kE`>B@q
zFR3PnttVVFUL5~xSov~y42GjvH}kue)3>Yneo3SpE%Wiev`7Aa{eA*E_@24THRhr}
zv7*1e^LE!;tNhy*e=<V;dUc27WE1AdpISP9zqo*&R3XjN|NZ~p|MDdPo(bQN*Rf+8
z=1tr?Wq-`yEezj(e8DI$$2_ryGzI1!(_F}F_ZxYio^2H+6d9i|?1G+<5r<bbkSqf`
zAKn<8#4WtO|0etys}0}x%;IVJ`<3s1`NDenc+lnDjo)U?+g)FreXEbBzE7Vm#afc(
z6Y^NK>)Iba{P~~bSII{wrPWB8__1Yd1Nw+m6WKtcPxm`R@$XN1t6VNqScs#y{^5pp
zY{PRf1qtw?zh={)zjB`yJt3a^{~s@O#*f`K>q5|7!#qP6ap?H5>A(lt5v~Pz0?_;8
z)4R`#+(tm{ng0&6uU2*s2lSsQ{Cxx8|FV7wejK$w<<bwYZ^ZOixoo+z|EHB^I4AF$
z`^!Ine&a=UN4h37NF+-C^JVz^MtF}^gz<^CFX?r6lm7Efq;si<m#%Q*$Nq^8?caL-
zDPxYjD>t21^bha;wg$R)rrj6*+g`KP9I^VBL*C!N1d|)6@;`RsY_*LzAQ9((rnj3`
zHs8`oIrT5M#wRD`!w}%`{{0<HDZfA~7Sga729C<N9y$EGQ|mr7O=xX6BP%P=lvZME
z#e%=pIu<=0X*BuiH+CE9ilrHCUO_=L+ZI42NZT|K3gepX0CH493)i{G`{J0jSDPzi
zEm7<Rt<e5HGY7`(Q_0((fC6bbzWo5O*5DJ1DTW>srhq?n{r30W!Cw|I4~_@<X_d)=
z6ucHh@z2>Tfei+Z>=u96;D3Gh4&5jo>2cmR?!}ATC_Xc*(GUB;31cyumE~~KNG+>2
z&=Qp^asyaAq3e!2g3X)SXAT-T6PEas{0{d)8|F9Io^Z4LPU8c0{oAmBRx4MvQd8$5
z*u+;?x&lK<bISsG)wp1Z^@ZByZe^K2jE+KGxwFjCgdMf^GtEP^M4?e=_-Pj?rLv(Q
zC{hEBG|O*<ufOhLon3pVOMYQ_bll+@XvYXa&I$iSi+L1$brn5`ey#w%9Y`(+`An@j
z$lP4zyISNr7u{vYDIlQf+mc`(F9pOs&Q6JY_wGf{w!{l4T&i$om_0EGLf!zxS=o&}
znUhPxK97iSQC&51b`BTzu4B-4xDg4>czKZLSZbdkjxa<h6`?gW*be?{Ypj{z&|;kO
z{C&sDXn|D^N2u|8a%!q2Wyusroe|`3ljeZfZ0GL5)Rw1oq~H1BSHF7%pws|7>L!;A
zAg!{(%>JF7YgQ(sGTzIrWoK>eA%kQIg{TcEm_9O)chvP`p|GK)9CAW+e4=J!DM+D&
z9$Q)PM|Ip%93=71t3BFiwS?57qN*8J@MGw+@w6UCC>1@{Q5C!CRN_EoG3}Nmn3g=0
z`R8tR-w1t;x$VmZZV5i~TVzkW`jzQlBzf+FLXtpjbt%E8BHnjv7i@88A2_pI2rl^9
zp)*oom^!3x*KAih3qoj-NKEz7tPmCELotm9W{+OZCaCG>AQDvo?Z><JfuzO7D_0i7
z<{Qo{Mmt=Md^R{Jwmisn>&~4-=;=`~`IFT2?MZ)m2xLIh2<Jv^+6FK)<-KCScV5iC
z;RVdglYC}!VekRj&|v_Ej9to-(}2ClQW!JAm?5g`(e8t5d%bZ706hb^Qn@OZp}F<f
zX+$UP*|T3!h_G-_rDUE9n`LjP<Z;V5$FX`;*!y#5r@m_p{x#1W#+p10mlz~L4B)Om
zf55>C?9CDi6yB$U+9kD-G^UQxXsbOG7Ol^f^a>YJ8WM#<;`o9Mn56myN7<S#JLuiC
zhV;C@$ngajGC-D>3O7F0bR+99Ebp$g6hP0QZRX<Ds|6jl7jkq{V{3)?AL54DpzG11
z2gF4|yZ#hHW@b}cV=sfYeo}w&YzBOa#G|K(P8xUw9@984my5;81CJ+0=)xsq&4(p+
z15jhk%7nTq)ad&xLn$CT1)racR2U5|RcNrM1u_ZRWIzYYI`hyVFCC&CJ63;_9Xx&B
zyjemd{G;pY;+EFg!86N}0L~Pz%2X@VTtU^YAGg$W9*S{WC&@JE>#pQp;1lrf=SNfP
zffNiI56DxD75NZE0O>@`chU(m6>D=5WyX)7y_<hB`wDI|MD*CNzp6|v0Vx&Fx=d6E
z^IZL!dc~w#%%1EAo23O{{{1+YAZWqRELAc<<mZ8Br3#$pz{<GTSQ{=1<_|TubSv=b
z0E@1iyCx<sJ(}8_=g-$$Q%o8{rh!2v7dF$Ao1QUcfgS=Rz1T6ikO>?^v@;=+@5h-2
zY31prj-MXrDbTbowjJm_=MWPanJ%!sm2KJ_d5J8S2W*8@SK9#(8}dEGnG)KrBBBAz
zE~y2~_$A;|SZG&Z%(TkpK@4~X-#`bYJ<_$n9a^RjYB6fCwhkOTli*bemZnXh(md0%
zPyTkX{7*kU$Qn+p23kwn)Res8W~nt^X|Au3_@T;_AOhwghG8u<X=ALqTEmxYNuY)l
ziJZ9(b0EBjDG?yO45@~Y$?8q)KXr6>>|g}ponsa!>e&qz(VshvnQ%_2)$1E*;#eV_
zFYZP{o^1ks-Wgo->tqH-ygr}_lMaMoUoye+5kkiE^jbI3t@bL%R{~2J+At0nwqGC(
zX3|LL5<;9CAr+xn6H5vU3tfnDo9w7LQD@#q3H!3OrgNX$TW;c9B=8_v+m)e8^4Qf2
zZW36_E*}*+xhGrTT}>WDhql|U)GRB(0Tll8&Z@#Tn4I8Ygcr3By<DVtM96MQB!n^E
zR|!bE+3gd<rv>DJEVn9b5AO?f_JG#F=y^LF#SG-FN1sxw46CRh+Xp`AM!o__yG+wb
z+iw80D{wRrA+W4juF|O(dsx9fvBK)erkG+&@Ft6UQYIpcc(@dyp`gPBZ(uZ40PaJ)
z=@qVXo`w$-goXP&XIq6@1IsS}XDqII-KoX0R2`B7RZ_KeNfZxH<-%(_@H+`59%8<B
z$50kqy%s$>hKT{8GlQ(d=i<ZJT3=C;hgijR;qc-oDo699!d9lu6EaO2tcyHXtyW2H
z0r*+}$B(B7s>$8?V*)JgqRfY?Xl<g%hS<J2*PZ!7Vr#tXZgG0;NC!Q5+^0qwUUrUx
zX0_Q7*{ya?hiRWm^yF3!W!V>xNtU4u)`Ny(vL4Qbk5w5I!i>Bp`jo+xryJy&TLo|D
zJ4LkPg@r$O2sSu4`M$hlAfqfnd5ov3e)>fHQp1|D7@-}%{I5{ytzRoZXr7t$%kzd2
z%dn$KW*ZL^q!Nt07E_}WjPH|dY`}YlPNE(h%z;D+OVHW6Jw7ZYC4~((jN>>Tz^&}6
ziUUqk=|Z1$1cNmxw*ig=5;OpZam4wGs$OfLxtwf@z2c37puByqeS6alO)aS|jp~9S
zyGj=25YdHP7U^<mJyQeB%9Y-arTYo?F|BDyQvMb&8KCq3rDt73Hgq3NZlI1{m}y`&
z_sn$ze>zAaJI<|~1aB+}Z)z4aR7n^i7MbFn&O%ZNfL0?tfwIr$7e{JWm)p@*y#{3t
zNkG9d@s}`xEdwDn0-G!>#Y1vC2M<zaPpQ>i#rSBzFt)2?p1P|6%uzSgR+-={m~LQ<
z0}K@D77F8cnIVg~e!cy?q^C-jzVPRX&)6Dn=W;m86)9_w2EKjp=-5p1`<e0*Xx2t-
zZq26nKm!ccj*6F;eO+B0gS8%j11w4HU|?3)K-Pk(*g`}iG}tfWK2=Ll6Slj+pBt<k
zcCH47YQrHW)>eg7gr=ThTJiI6Pq3kz8ghoxv*tm04P%2|!H}YUs$F=p7v4@H*~IM%
zofMSh-^kv%%FV4rs37xZ+sb!Br;UsGwhza}ix-{sjJyTv>Ac|zm8wR^#IxEYDC0+?
z;So`;@$+kp96rp_qioQ?z;bw`uz#jp!vADfdQ4I~NHAq$$Sjkawnn<qER-7A@Pq_k
zrSGZ}e;t;L61BXsQdKa?6KXAtIP^!_;e?2FoKW`N3+jhCtiJr|70%+Sjs?J3H!H3<
z$(M%trEbt0Z0Va?K0aexB@G)Xhq!-}sT!v%3}&Xhtd6-_XDtp)0FXkOsil_yl4=*U
zOZJr5>R~6+Sn19EWN#u{Bg--qzeOU^$X!)&(EmkyV`DFLSA~NXiP2<hSDvg}CY**6
zWN&B&^#t=0=yH@S44eZ3;mVhtWYN&M<k0SH?Mhj{0f+*?A1ER$MJD(ZD7uh=$H;*8
zfzoK2Qryg<2njIv-9iB4?>orM|B?B<*riJ-*y~Cmx?I_s`h?q}o@!Y`2#$up>p_cR
zYZlWyS?I^*)pYv}#U;GTppe;?LCV&~=7IB<db`AO5gW)D=}=9!yg>L*12~e}AYK|+
z6ql)9BSgyp9mGj6XkO`omJBXf6CkaVg(kM86SP2FY&YGB3}8Lo1Q<-W#-|EcPvgad
zZo|IjO2eP9!ye_Xh8`65<v|j()tM)FD?uma<OXCBR;@MGfyJ$RSiR)PP%oEd|EN>w
z)2-gXnHI8b7HjA`)_Rv@4X0VW`zY$51j~CtIw?eJQet!ED5N0=nH?gRUm1EMCZ5m7
zb8KjxK|COw$_j-ne(T=Q8GO5rcWGkc+ni^8U``NxnjG99K>{r*P!i(qm1v_(U)a3j
zTkT<6BSiHMwZ?CHDc`!)-JLnis2l7~EwV&Rt%go*R&!{IT*;w<u2jpicQ+>486C+D
zP+w<<aV@{|XI{`;gdV=Z%P1tK1zDc4%F|NNRf)_1dWj7=ZGA^SwrP;D^#lphBAaQo
zIf$~LZ>KxCA(xo*Ez$pL!a9sVgMWcME=4MV+gzQ}WppC}PRZ!2bvgq1(A}7&n(QwO
zs(hTSzmK(?<b(PIvDgRj9%v~($vpRYkx863xNK&j8V1ceD}(5E%rATd=nf~uu4&F)
z6%gp5(;4y^m}9BUBg0APP2SYN+6MUh1O3)`a?C)~?YQR#@U%4{w-J9B2fXyoV!XkH
zMjcHaKE5s!-yzn`cs9U0Il!*yH6q{1p^=dY>nS=^$mVk*9JbHcV8!=>xd&`%-(oE$
zi48}T8Wh<OJ~?`bUh<Z}&SW?YM-EfN!D?FG(|(0!sJTBV89;vM+Qhcng1ko6_LhYU
zE-e{W+C(_RJ_F+Y?6WprSoctq+0N7;;W?{Eugm7v23n{8IC|c_wY|By3vcAjj+%i1
zO?o$ko{scbE&?G}lp1+nd<BdwF^?tKqayAFy@sPh_l?7I7O$x@*pZqFmsvY4WkP|=
z?8!NMq)OhAK5Hfc53}%L%Ir1$BxMvB#Dfo;_&tfC0@EPjDztgQfB-rdFQE;+7XSxK
zJty-B3E}C41K>QJ%^$0z3W(ssBq%F<%lh8--4_$c?07*5+QxxUcxSH~B8$0c7i`O$
zU$t`AY$8^!$aPMABE`VxAWhNnUQ4J@T66i#-=$Y%M(D3YMt+>iPbcMX+;LW<a3Q@0
zZpLyk!M6#?XCO?SxB^;98E&lRdqJprI#hBJgWbm8MN_M3Br=5wm}|J@yq_e9Alv<_
z7CE9@Id@F3?4EO+&1G3Wd+wb04S#NkgU;ARaFEmHxK`Hp9Af&q?1AT<34<K!k5xvV
zt*%&~nap&^&7!(W7D0UZN_s%qt{Vgw=Tm2W@OekC_kfzHoRj}YD()cK*GbgbCA-`6
zJd#QuzpS5v2q1d3!Ie!!8mZOzxVaa-YXl1*OC`6eiQ}Oj5C~Xxr3HKBrN+JHQIa^X
z{n4d2hqV}7DMKleoBRV}_Iv1<oelHiJZf6_(pgVQY~+-h7wdvc-UNDRq*i!RWlXfh
zUNU)(yy&<Ueo0-1D_Tg16*?w{t)n2=mX?-P2y;zOi*DD>IWg^es71xold5xi8@kI|
zC19HEL8LO#<$#Iuy|pUrD=K_;hYTwkz<Q5_<#{HDQ6K0JC^;f}L7sX7=R(Tkkhsyh
zIxEEcD4AIB?^WygMmM(rr!9MP@qNP9F>1J2Hm_^-q70T|P!Yd(NfE}~+NUY+7#auL
zxnH#sq<;tE7>8$XN`I&se3;^IY*D{xJOl<cL`@xar$c^Q4I30sm_p*~Z#QS0mK8yW
zEy;fn6IzZmUngM=Zl`{fE8WopYp=zU{OmU5GeO<;^Vh2oimP()iILT1a6n10=n6k-
zJCim48QSQ95LMEF&(JCC)k!!2e48#QAn;22a`!^(TPqQd)k~iz*nI*~iK<><=yCH|
ze<z&dO@N#{UFkH|)DyQ#0+KnTr}MOhO}7jFE+EcjR@@F}5+^tJe5Jl9Dn=0Hq}2&+
zMVIsE=3##YRdhVMT|8TqMpkb=-r9rH<lJ1v8-?B5eITfrfmvL~dF7A5SNVSW>7N>Q
zX6_;6`5}+tH^`@Q4$TcrKce57T^764>3AVwuVjf$-%@z9pk-%wtdgSQV)-oyLJk;6
zUcK5$r!+4nE&XNLo37Z30ib_anPFlaM<Sj71(bbxPi(^M#!23P!MP#qJoPKzXJMPq
z-Ym`QdQ)iF>vSC|U#B2jm&nAD!pqC5uwTjUK+_ggOn?EIqh*~m`|^@HuEPUw;9Dgu
zZr;X>zBqbt7S9RPqp)tWAj!%PLdWj0+JFSdU%A=XKA6|3;Khver3}D<rOrf-rtZiZ
zje&WsT;Zi<_L9v!qf?*-bL-ZGdY<}Z%9*%!87L~Pc6TXfL&r(H2lWy}var0T7e_*Y
zblk{dTVnC)Y~dzk>fM=L0)_*ku`f)Npk?PC0m{4SV%qvMz1ivDeQN;~Kq%#&I(Sk<
z0}?%G60e)|xZ=L>W!Y(tS=6;<Fn|fPvp))kg4qQz9;3A^?=a=)=BJt9EEx)l#X&CO
zm21>fo->(;bvM!rkIb7V_++(9Y-$J%Ilo}>Sw9Tc7|9=LM3%QX<AO!yJo6E%>I4qM
zcrTWOc`=ZAfyDA+z99Fs$zFPT9_P)D8`MI!AA+$x0kuiL*YfW5p*m#2R^|tdyXk%L
zJ&XotYSp7anzF&+OL@6$;EHa!tP`vcX6Bp$yBdRG#i-X1G^w|7_Cc3VSFA9aO<2nO
zw5Z`&ejBdX+GX4O!oy-j)E!(+dJ>IyYF584fbK+>O&9!2_n6a-tz2s&sf33vQU^}X
z5DYe{2ib&c{kUIt{lXr~oFB2C-wVufqtMgo1NO7oK-bUJDU@k!6cx(~!f8L{Y7$1W
zHBRk3#J)1Hh#p9OonYpOL>K05%77c@UNH)J&IUo>l>aG_gh=a#Dtq~+qoMRdk3NG8
zH5^KX{l)fJ$kQ*KKQ9Au%L71K#<j_n`x!W<03d?selr!@;FD{r5Gfz#6D6cv(-M;o
zK|=?f6JtPC;+JqJIx83XS_lst_jK(lG<ZjVm2ZaP_`_r&{fE>EM2#+XK>9S|a4gem
zIJI7TT|I0Vw4-V}+=dmOkJCjRJT3S&ygAedX}<yWP5?5z&3YQLda@AR49Jku#V#lb
zbvq#ECgB)y>$3hE6(NFGq448%gPptG{mQCYXvM<dw9Hl~U_XCF^3tX0*do0--C_h?
zfu6;Sl9DxYnvy2a28KvVOeY1fs@}PC=eZ##MDZ{ffceSyML0E?x-qI<S+Mc*^UL(z
z7F~sjiV8a-#1{Ro9b&j>&0WBTOgv?e%j}rDmtt<Qv2M?XLXc6Xg+kj3*TCRlO$Y|7
z<HU5JLlWGxIN4F;A&mX=fr1pk@suE2fY2S`xU_j<0FDxrN`SNa(GcYGsR|gaM#c7z
z3(c5#NFHg2P9s_f(9~oA#sX1h?a}Ng&+(CfV&}f48`;60`WN!^C!OW30$;yQK49Pq
z8KDFo9T^psG~-8SkN_}j|7!b96l*PI{@-UdGt_UOCUPUekCT66`T`vAy3qHarWR}b
zex87_`1nj+`}JVHcLkh-nGg?f8CBoXHX_J`nctb#h+y7^;ZV1$0n-(;w+P0%pOe+>
z(3zp--gv|23w8iwBN3@K1Yd#)$zRej#m&P$G)+J%#OFl7C~(z+3?$#<lvT(sQURt0
zrwj&AC0RS!3yD@oLc`8i#2Y%L#?`=`5lA<$(0qFO>b<E;j}jmTsM(+ftpO|y8`Ub9
zwjICZ4plD~Qk4`EM{>Xf!B#I72xGOe>&u=85ezJ7djpIbxiul>hRRl(yB-|HLh1Gu
zo37Xn1U`Vy`&lv>%tEa!#y^%a9A~o9x&UOIWZ<5A_q&)7ZbU=JrfSe}KcfrFzT1S@
zJS{m3r@4L?tD!;irYqd~g<h=I+%aNq^6dtr&IX6-A9oW_gn}yIRk}yL*LG>Ichx1_
zNC@LMp*o{Mm#iy*5mV;JlfKE@8tY1b#b;rdtog;neQb5M*W=(mpQ~WAG*m@{xaFqr
zCSqL)jUgJTR+`v}&<Vi*5KwaPg})IJT*|U~yDRn2MO)`xNgs9}I|#JH4x$tEpvT$`
zCvE=WV(6<#X&`UjgCttF&@8wCZQEZI!3LR0Fl9+0VOB9-tdVZ<IMQ*J^5MgW8$`xq
z$1JEtM>oAEA{5z#A3YiN5$*G;hKw=YD-KFD(CgCRC1yWVd6r}nnP<S@B<3}f6$>^g
ziOYuh3u&j6e=!*LoK*~!;Q6Y5u_%u4vJcz^@f$$>vxGF*h%kl_7Xg$^SiWnb{L62r
z4`H5{XqVa<@X2iv!Y}DoxCXaRfYGo3dh!;kZ6*UqITDey@v%^l%AQ~KGL!MIhTcC^
zn^nUFdW@mqwa>9bHTFjN{V6G-BVOcxDamoO{8g5V_2=A}woht@^grf$3ncymw!L4A
zW{bcHj=97gtb@$HEY4&Pywa2aK!xAE<2PFZP7|gaa0+{&pwbQGjk9ywcs;u->E<o3
zKs*UEFeedd3+l6M=D#h?mC9NHTMq>A`pd4ULY=~;{`$wROx41)`HF2HRNIa|u2Sco
zhmu>owOZgG8qMod34q9*JoOr%osf%3g`xLStGzv~A?Sh*vkXvZ0fZXXMktOl8MD&!
z>Iw^1$f4smzLjfcEs@Yvfp6LI1-c6$eI~C!OIiHlVvdrW3TfRCM~<%m+jM&1X{dn&
z7^2lA2_6=S4|cXB^^A><YUJOQMj@UNEt^vSi##N}ck(NrcxgAeLLOGUv?Q^6*RJV#
z%>1Hzo>7gDxmOE7xm}@>ZI@Tf;nJl0l|uFGHTCsl*``A&%Lq1tNCY4Xm~d)BHy}u^
z8g(Uu2Jv)zHq(V09)K+O09eh*!=o%LEDV&j97FdlkD7`an18Bx*O`=jBi~%`UVthH
zr;v~~z@(Nf+85ePv~RCFLk^c3Y2?x4<wdhCwFCm6nL8gyC4+Yva-Wk|l_i&NB@KYa
z$4pmx=}YcSS;#?w3(y7h?_<NFhEYhDd;qJ*hstVwZb_dIh0btNngv8LB4CwwL@Sq?
z@ZVi=o%s+kqx1p4^e2k?m#zs!@*o}ht~j%MJo{aMeGZer$b0?Wp0L=Fc4+xi2#fcb
z)FJfMB!H+6)EzP*JYCe?_G2{c=CrGIrX7KrMaXF^(A*BN3uiC7%yc&r3m%cG^=h`~
z#X?AFw?4V4i#>V_{6wJu0d7mEPN+kgto!E90|XiQ@`ygxH4gl8Zk-ae=>X^kF+kbc
zoL?x9<?NU_a{PE2qoKR%IT^7_D3B(4eO@tkD*qPJ4&ywX1rX-?(@-!OVh8pZDrp(8
zyVVid3nh~1`ac5m4RAwhDR}5B1AQv1)QRRu#8U-Sr+`6Y_q=y*fGoH?I152RJI5Po
zgpi(|;F;AyfwHMa;n~MYxmwwPcPJ8khk3!V#~Q#P++0buVKam4p$fogs{4UkR_D8g
z92?LF_K0OUTO$+cE{n$d*MOWM(yPAOCTdTM-3G@K!*@;UmVkD$cz?YT{O!!Q##Uzm
zve;u?4h5$wN-x3#QcD_eA}GwWh<zq*=-HJ^ms0k=+yfRjfUHFe%*rB2#oM3UqOj$6
zC$hGuudGY`5Lr()?a?*Zr=tJLCtkE6wi=XJf-2)Nb@k<FC7Wa@w?y-i&7oPe%{mV7
zMQ=Wzhq^{C5fuIV0*M{?slM5p?3GXuf!k1%h=gi#6x3g({1W(YI=SC`%mSzu!EO5w
zUb8#*&9#KzgfBaS?(Pk8?dWm;gL@a~>X8MN94h$<%55X7)G)q|)wet2-&H|}jN<0V
z9&oD2=)f~W-(<Y+$Sy1qYGHZy>0aiC&dlWj(8?q_e@YYgI&8p?No8E(wCnID*fd4o
zAj(S1T7!1B^-`(2M$(O4C^a9SYMti-fSGESug*=c1cnNw`_fkNN4<}naA-mUJ^zL`
zO++eU=YGrD`}dE|?*7Ho{sJ#=;u9g<>rx{qzwmq4-#Q56YyOH`P_Q>=&2y=Id`krM
zuEG6Ot#rsU8!w1hs^yPWtHMvW2$IF@tdnT-Lx<+))IU@G_U)w;8<M>6GB_kJ1)}_Q
z{c0FhPq*%i5b~CNCa0f~g6<^xuI>y+lZ0iUKJVV-H_yZWI(Gpvn_l(ZCbMGK_5&CW
zvTW(k0jvkE*SfwN+#zPL5Mgjvew_0Jd_HT-S-Yv{f*sa3?}v(xM3C``-K{%}pi`sB
z10A-1=|Fd)vDB`(v-&zmKs*JR#Sph~K)H*qVUq`3>nv$&wj3XMRPJenLtwD~V2*rS
zXE{ifd;&8g@a7W+b)s2l=jGvl<+fxEUh>jONfRKGKscML-tBq|X*ThuIRl<9t?yIL
zExDy09{A=N(4BxC81}*q@M1)q4Q6iG<>LzZB`>0$C&g8`W+o>74)LHGz>r3)Zf0g_
zAikFk%fv5&2b+;0CoLO!i=i192^^5LAu{SfuLs!0s|oD`Xs4OWpfK833wB{(hq>Ae
z=Xuk}U@xQ_2-&QYFC@j<;0B@9y*Nv~mFG9g@~8$m2pMOHMX%e)0&`mf_@dg8XT~R-
zt}#!Bf;b;2L|(uC0B(Kie=M3<p+f;ua9*C=;HOLe{NVhK9c>Io?+_5-ADoV|ZlHu@
zv;E6e8G(U(+90Z*$uj#(y$^W}`Px1%_a7nG1CJu$&HweaVDE1XHoEM@SEL;~)`QL~
z#vo;#muw(&_k8z1Yuj(x+ap$sPUP)H$n!gP=*slI|BDOY^A&hVxc2|^?E<-pxBHtP
z;Qub=ehrlJLCNx$AEi_`;(BJDdhPD~&Zp2{_kp4e)87}C_=~>p=BiJ*k-zaZP9G8G
zL!SQ%LxAx6^Bu=)%>F>qVgL4FKCM8)`oCYQo7R5@e5+Nn<HO9>|1SOe-?kb@9Iie3
z*9HjRSg`;0T<?|rNQ2s*X!2D1OMKz4_kxQ(;hzI=-jTmv`SZWu9&!^eJfeSnZME~#
z5miWs0v`4L>vi~C6WBu@Aoj_Y{}xQ!u|pE(ap7pX^^X%~3w&0a5RTjrBlwLYr%Pb{
z;S=6U3d5<b^5Z2f*dGt76Yj349Z3}U;Wsvb74@BRRzqk6$&gO<Z$HqLDU;`r;D)oT
z<*iIRSo^GYgx42((twKu9{|{7$NJyza}5hENIk25{~@!*)cv;l?Xt^u#Ll<lUu&#8
zZvvCjaJp-CENfjyMdkND^|z6?iq$?8F!tfUS8fE4iZby3;iWO|$maZy9P{=#$BJbH
zm<?F`&FKI0IwgUa|BXp%34{5cZ<>J$wg6r2f0dWF8UF7JR)l3EW#$KN+5K%NQ}O@s
zBprU@rIUKV|D81x`Es*Qc6DnoSGQbTVNd9|_3yMS&#C%oe!4*RxjXS|EG_DVpPRX-
zy`QDb(QKJYEz%)fjh``;eV4lP+I5F_3HTjKxo_>JiciLj^U|%_>q)y{_ok{kG$ybb
zamn?zt(>z`zi>lH;EyHRrppQcm-ek{n@vd^MkV1!q*=;VWw{ygjJJeuK<~T=TXx;+
zNDN*(-JhZSGc4!(%ZsH?YtLl&$bUB}y&u#V&YmeRaYsFwW5Pv2zX-n(T!HSUQg$^p
za`7f)pEj5;de`n4<jMgTZdV~9({oPBVoG5!K1WQ`=T08mbnSJ;HU)>ztZVN~X%aDp
zan(@mUI-T0=fmR0Kb-UlT?*8=sr<ZR4UYTo0=QF_aTiIuPPq}M8X_=(#la;m=enzh
zCWsrGhZqBRCP^xjBPO^!)s#u>Fb@is?X9VKh<*(^rVs8ZvawF<@BTw2fEt<5<t?i9
zrK7n^P(CbL8~gjh(OA~7dhY(rnip4BEFyIoZ!Rn^{xQq%Ij`lndymyN(SSjt$yc&A
zuDv~Gc=JWpfaLA@#lc?hk^@)Q%LV4%_}nhhi>Q6%qD{+UAqhx>b^?E;we7Cmx7)0Y
z=%hS}>8(!J=v*w1=W=GhBu;u9hLP#GP-7cue8TF)(X@k^eOW9gUk~Jkj0_t=pWVqq
z-MH<xzlZl@r0>@b)>DV3^42uHcN_Z$>*U4`{tVYOvo&j-VQJ$LaY)Sjg!KwcmWtVD
z(e;M)jPxp2W_iMKMdStc3i@ls=Ni6xdN%Dwb?y}ER>}Ml#JBEo4g34V!=HKnSf-AX
z9}0-lM|taOw6Er9pMBTfRW&^FUT6_(z$9o^e73g9;-gE?>gxM*)UR&lHSHK&Zq9Mi
z+tzmLwduINm{sRc9Q*N&7I8D}%pJ2jd%U<^*gdc-7h+k7k+r<xZY@a#rfrvhDW|Ms
zY?bUDT%{+@2JYV=#=S@-GIu@WIm(8*GV;zd$J!R|C(E+<0AEU(WxKJsxalL^-kdwT
zC1u<Cb6|$o^|wh0^{U+Y{fkaQ&AIc~NH*!0JW>nGXIG~l7gMdS7ueY`r5fgPWYa3P
z<-%U`98hbxA(6d6;(>F;8MY#1Kg(YEz7EUEO#7CK-PLhy)6*<2$PMuCZ<A|gVpy4v
z3oaJoRNkIen++rE(eLj~y=T1+?{7=+VYoGuxg&cbOcZN!_F)fKURVQK*khOOEBD{S
zj%jaR)y(^%6P3@Rd06!q(X|0*d;{QF!(tsb4o}F>&iMqd&h~F2@3KiI+Ip@q8=Vs_
z--RP(_e5{F1s<>IR-K!X>9}Hkr+<myY1)6@fJIk#Il<cZ6Eh>RfkIv?3Z{<Z=cqL?
z*3(gX?O#dJrSldkGtbXh8Du}q%lP$XGWCtKLYlDdhj3Zl%sFZIJh$qrY88CTV)1$<
z0_wEFQ28*t`RQ!U{o@rb$KE|<z^wE<yob!|mX1l>>l@D`DoUf~PZjEV4;!T^l3cX>
zo~iM}A%4x|!SMsz2fpo#_Z8licwfkBaIsQ(zWd$D!rLh$2G&MPwEGGJX#`=owJil|
zrJc6Wjk)-;{;~47Y1w161u<0TM^UC}YW?%r%NI)+eH{)x_l6ZR>F_D(-2>{zkQr_y
zxMt<^<6@@INm=ikBP7ge&t7OJHu|P_oHU;fUENdUia%p8urNyf+DLKS3f@LXo@^0S
z56*gw>=_m<>Yu}0N9{kp6yVekZ&;reZ>@|!MKyg`y>U)QyXO!-=Y_=V4r$dpLMtE3
z1j16td-N^+n*$8>42~Wrbq=FWGKsqd!MSt49?sV~V3+Ie`_5)}u)L=Ag*QFh(C{S^
zSNWK0Qx7ZNu2cwHS?7wsJ~hiE&5=hn4NGY!k`nWGd|?)iwvS}%$<$Cv-I?jM?^sXK
zL`6h&RQAU=S7(MxvM7~xXT^I6I;rcM38m2tF7S?lwY+pFwZz$<e)`S{<W{Qa47KQr
zXU^^O_~<nsdXUC&QcEVRJ85fTKL>-#*SY@F{>N>u{T5)HVcP1DAQe8>E|KN?f*xXk
z^&D!6D4%vs4k3Mfrz{&vTZ;>OzNaZ$=H8Qb;}`Tq1`A5bW%jSvGFD=fk*(&q07r(8
zDJkhu>0F`ZKy~f@1Kg?ERspjX)l!mJl=@w(5D}x3nebDwg<}P$xjK~hS@uV}-tH^k
zm1QKXp_mn+4abDU04^nTcHDITSO4BrW@ISkTU#{8I3{{<TDy7zxrxP_m-VW(Y?{M+
z?tT(D$ieZ}>XW42)gs<22CJL_S?0~0_fB+ftkNcU>FPAGiOo{V8v1&0&P4@;W_sRx
zVkH}?4x6}cfv~!Qp!rn6Gc_yS+)6tO=2Z1f^>AakS@pt*SJAm22*Ue|bh}^6>=Fp#
z!cH|mY%vYQ(aVPP7vIIaJZ>)^S!<kuDsJvhQ!3+NsoCw-2lvrjVs?pgUs0#TtLMpn
z)gUH@?yM6LAzpJPOApRbIWHMlyP0y9+|@BK5Y=zJ%fsn>3Vw1k-?%1>p7|4UUg0jw
z!5z$`omVx)e{94u8s>!yrc6#@6{q`OM5LdJxjCJsJF=hdTE1atJTuqetGw=~`aMtR
zRN?Go(92)A<Nko4a%1Uwu98Fs7luAt%UM_;??{@U%UO-i?aJHX%Wv`3w*7I*!5Alv
zyj%B~wDzfYSw%8<-ZFQpK0nv^365>u;&aVj^Y~&KgM-)s$0hGE8|oW2Z0_h#<W^(>
zdO70FSfb#3+ouw5!MdBjWM7}?xIubnZap^7Y<tbe?lhM}#`Otafvh8GFiB{Ytnz9x
zB8NE`kKMNLEzVGVmrYHfQSpLLSIX7`(OeV}o|3fFy*Zi~O_7c)ntjHIBR2!FUl<O~
z_aAolhnaQdt(@C`>1d)z#0?j8*To1Py{ry$BW0FsZ6IH=c5fmRW?{4jCss!Dy>nEk
zOCV-=eZ|c@ad|RL6<3gDo>2Dwi1&8IE&Huk$Zitp{_FJbYpO6dQ>rM3#!0%<!ZUPc
z-GSWcOwZ3q;0aMaH-m(PNsF529`+QN?JCY=@M*#;h`uuS+5JX0MMkq}c1C0*YkW*X
z`v@stx{6WBC|_15AauHIO;da=HDj|J_DC3^V%vmPkJx~a85l!0lva>5ULY{MZq%!W
zP(7Ts;FNk`(`K??Yi`OZYrc0)x{vfi^5_Ihq4mVtWv-#{B$Hi-kkN~YzUg5w%s5I>
zJ(m4~-l}o()||ZL>-}d^yZP6y8t4>PHt-UgOHHQ}=U!RKM5wo3B$+gpiWc3e{R!CE
zx+4-;Oymp6M*_iBx3uvRtLAUi=S&_DI^N$T5?5+H+60G-E;NXh4z?%r2}|y$iP_}K
zol+}=6U$%iYDmTqLlP3-WZnEFVF}%W3zwn_QJx8=m}TqM72vY8%8(I<{kKS<mF5y;
zP4kJ_QflhJh1>K5?pN*l+^j^?DbDb9%jxrwqaB*K<md)^$%$OUHpBwcpL^z0&I||9
z3=Id#C8HZv&edNVo4RK1nV<R!8&3bHiS9(F4BhUG#H*?DYgJj-5-<kjzRm|)24g1U
z^yGF<yiiE^YKqYF_jxbSn`DodTt+ZB99IPN8ux@`_)MtOY1Z62X!5>th}J%CUpl&_
zchiy7kUVMgoK5^wZix1_o8|FTk%%VC<)K=p8uv(+ulkRC%f4;S4%d#!@qG*09UNmy
zyh2%G-t>-@S4bFID%qbT^qKGIAase(SPdtM2{_PxzHkBiyHMp~B$!m1_fzP8=a#>v
zJ-p5Rf^9<itEImovwzZs^SO9TLk*p9pCnd)Y&EsBAUA48+%rmz4_)=rH_u$W>V(no
zISoFaMeeGrw#iH%9$Rkg<m#U8k!-bMqPWT?jXW$A=0-)YXa~-3dlt7howg@ir(D4G
z2ooD7s#`Y92QtSveXZa|3<rGEeN7IMbO+95<Xd50+IcP8qdI%Z_8MfjZPmM0C2X0t
zguSaa9)3=teXWAg!W&kr7OIW<+md7W8Bz+Jcz^24etd;~)sWuIDvmJ9VL2+rb?o@p
zP4)%YkPdEMy^hvOr+iH~%{rL!InXqylD<k$TWf%k(Zluv|235^)~cp#->yTG)74n5
zS%{dutG5zEdR8W$T?>`C)Y3>RgE)w?E3qQd6ORvCT&;@tb>0Al^JT4sf$A*RvNUne
z2w9a{NZj3vijgQ+{bfq@vQbPv61Gv@#$EOw+~1v>y!EMldw#ipjXtzQ%PYG{f;O2K
zsy!7tW*qv0wlYhL#{9w{)%45Mqp{lb-I3geZ{B1OA2jzH1n{pHYRZ3h>>w`jkn^zV
z_PN<=KgAp2;u|T{M*D%)ca^p*&CVw&rNZLd<!h7A>dm_X*gb3+$kiIL<cEa<CUq<X
zAs{e}cuGCmDX>;ODbe1*=lB~fV~fwnHmR16T%J`RQC<<{!9r?l5g-MqZ-XeJ9%jCw
zMwC8!bM@1gG()3)-x_{Ra<C2;N<?Ht3-yu@_fkoM$1LY_vi;VeWm^ro|MsriI|IGv
zp6V5;L*z;BTYGM7%0HK%UHMQP=64o(%Cx_Fc(S;yRWX_0?dCus&R(u_Wuk%|wX<J)
z*@KP{Eh{>VMIQ)<t+|2dH{Z&c>ExGK$Q0tfm_}C@x>i{&bIZ`TAG7wPadvg>YpY?q
zq?d_emE?jv_P5|{`rW=IO~mr;o{q^GwB|%%wK;<y&2?7$P*(@f(H4(ZYYkp0uDa>=
z2MKvA>tCP0incXW4ht8p4tOZP%cAAsz2Mm5Z@~~U&(YiZ1D?h9JH_#ZhWTp)n|z;E
zWc9LZn|(dwmR&d^x^fz@S_IA;JX6bK8U;2K+}NWDs_C3W!g8=ZCaR0<TdccJ^w12&
zaMkP3b+6xOulgc`45tzgt@4n|TiIjy0#{GwT%^5nTz};u=^XXOJyM6g4CeOcs#*h|
zh@@a8x~jdsc3>NmyxRvSA0(8DIo*&Fpqr(q&kmL;P6wPxjQglQmRa~pAKUB<I64er
zmceDIcVgm#yc3#AMV$wHBWZ(MadTNSg_szQl&56vw{?_?F$(FZfau5v;t1r-t%85h
zaVC2wxQS<zmqsf~8OWqmb;}b+J-t59eK|tA{KDRCDy~m&<*VB%ueO>3D-T8YH-30u
zvuo;gn}akObti6{lSq6np5VH;pF@di9mygg!A7aEHz2OE8plT!Tp#99)Wn;8qE0so
zZojB$zi@ddbx#AZTncB!<L(NWSqz@so^w6FeOz^r=GgyEEcf%|hVtFg(mxh;+pY2~
z92%^UOsv(g7(dH5UcTM}m=CwaH{>a$|9g7Eh~+r^4wrUa8lpU_-Rnpi<a6?NNz3%M
zQ3jTWv#s8`ODM{yNPpnX>pbgYnQ&h02*C1Sd<`nvH(p<XHUCINL*36Qb#=MMQa7JV
z0o(eS4dq#kB}aDcat)Z@vWakVI)LOXsb=Hxg(X`iwLcLki~CV+zrH(doAuG^dDt4u
z+DU#9d_zQ-<4t_kR-_<FJjc#4qPw!*6bW<eBU3J3DE(demhOchX{Mp#lJ+qVv!>nb
zX=X^+`7rS0U<}T=RHmJf^=jeHDl9?yJ-Pxe({{GQ_FZ2eS3%gFt<8JaTfU^fvaDm{
zA*tV=0RqP|*p{VFbrmC-%u_|x%l)tNKB421DjuB9f;d9QR<89ESwTJG#Vp-={01<n
zSI$i`2H^QKGR*QP7?||sVPmpD4i11q`g?*q;9&&yu!Jh!&W7yKN~iFlUFB7I08(a?
zjbcaMMf!ZsSX<>5s(r|v_x4MKX7g-T|486I`rc8+X(UhMB7|igeu1}s|A@=0dg#j-
zQD!*%Zuf8JHGJ)E;UN{jD8Q#JRV}A-+u_pY21%kgN9Vdhw2ZYm^>DCWQI|d$C-a<z
zp%Mv!h8B!ktIGj~faCWQY&(|qf#T6|Z?p+RI<MJzj7)a_p|D4H72u8_@6!xqv2|~P
zPw205u!m-0q=g|*6~OcurkYL8)UgU$d0UlKZ`bsidsp{n9?P<3(&&Z&%xpc^yQ;ah
z>Gyff+_p4&g_(YidGBdois3?2QLyJ?K=7nEZ?&eW<{x{tAjpj_cM65a-;G(h>h0yG
zF78m<r+GtO^i{e@Xxy~`tfh)-YbgE6En=E;?&p`OnF?;R39V86*JgG{9N4ds%wY^;
zqy^A|k6!68=lV2D-UeluAImf6t5eu+BcyGb#aI4vP;pCC8d)V44v90Hk{A#L&@>P_
zw1GbKsP;Y`)CkW3iDB>jq+K*7GdHcht6En_c@@)=bD68qvp?Q7A;+e@h|tu+E)>Qu
zq;X7N<(I?1K65!?J{dpE>NX#RG2LxORwI#T>w-l2+~#AK#fRY^bWH+{a_dC=9)^|i
z!E&dz(c9G}mzZRF>QpgvCooDUSVDP*f0eAHG$OCJQK_dFKW@iAGk<JQl6EO%%lV3&
ziMxSf<=86&lUv@lmpxrgHYP*Tg$8=#zs`0N1t;D;l${sG)tU(3TS&a-*jolZs0C$|
zBy-OCg>z}aLzizCSJa1O1V<{d9z7MUyR;TJq>^ARKWy62%D2~doJekXm^v%UJXYg4
zXR=sO)u8o@Q)K;Ckk6*d7B&4euSB%o{>A12#)eVNV8?p=)?xf1aWSP=0(r`L`38$q
ze5aOXC(mG>1`3Df%q%X7+00D6;w|8w*Db@1R&q{XjL}uLwX9H><T8xe<6XV^${^WT
z!$5!g?b0i8U(?ICaS}rwed3PI=^@m}ssG2`dq*{ubz$SoI1V#5WCXDQ8No^wK{|<!
zAR;0nU7CV`N)r(RgajN%>0~T`NQsJobm=9K;2=b45s(@}FbGIVLI@Bb3Hk1onMrux
zcdg$)zkj}OdDqfKZgTJ4=bUHnv-h+2JqIGA!!xa#xD)HAf9qn~wO43&FU_WkfaD3b
zC^A<u;B~lT*f}FjT#>gMZDcX-o>sf!kH4Y|i{mG^F8K73R%92@$~u#*GPgHf3(UN`
z2jAkbaj*K(-MC;xLEVg`<ZcYc@5tMIn7UjlZu-fjn_O&^3*XJ8s<>Vzq){vOyM9r#
z-Ma}LyLPk}+H;xotdh%<D@&6;v91gECltS*54}ZE3%H0ZAbtFWwX?W=gRZF$EE|P|
z)+hN*4)&&UvJz%AgY39{@3Cxq7uBowY4bG$At$&WnIuAVS##5e!INr!%-ZS|dX^fz
z^J)J?-Ck;uX+k^?PI_(|UVMl({Alqy<dE;vD!C3_?}?Z`Zs5Ri?tRfD+aFMs<sSa+
z$fo6v>!NXxKRNwyry#gv(CCikWn>FVuj#RWqwA-+c>f-l!rgSlEe22>Ef;!BmgxNY
zn4H`}w9L+}nY!DKscdX_(SzG-9G6lk{e5vEZLi2upJmL#<FCns)u#Hz13Q4-i&E?!
z1Wv&Dj1MtN0UHX-|74A421P?~6A>|(c85C6gO8OHyl?o%v%~nqQHNE^hnAw{-G-v5
z)Rm3JgX+Vay9jFOUQASMIOk^F#M1jzS|0!|5WYh}pE~`Q$~zypH^s^EKE>drq;4Go
zL}Q21-POt~4eaLf{hmsCX=#dmK^1x_sq{J{P-DM+B)I4(C*WW1+8)|j42h|NlzBzE
z>lUY#Y2%nlNNQT;NPYHrQ56ZqCbzA`zem*NVe)1uqx`!6+k0Asx+bsDzg!F?CNNNC
zvHJ?ZnDBUrxri4KJi8%y?9L7aXV!RRMtq6<4Q$<3xN4Y6b^-;uI{%<ip>z<({^LEf
z%bar2JJtodODl}}j_Y~1Yk$H}0AZ<@v>2bFS0yTz2A}%a&*1KL1tCY9mSqHuOpLZ_
zy)`z+?3BW&8Hfdiuv>#-Qy?`^IXT>1j<M!uZkm3OUD$$InZi!{G9{`HA8yN?9X~Xh
zQ>7eJjCaRuYxOMh@{Y#TF&cs!#UIU4I1Olete-Q-j=R{A!(uTIj2py=fEJuy({2}z
zaRKmKmtmatFt3z6*T?yyD*J8&d^O~KNl1gE;ajwyy@cOt2h6QQKA(zaE76X!tZf6U
zAR1809)@r0tNx>TDyui?&r2vpG}2-de@JgQaKM1c8Zd9N4oG?%Pblm!NXL>~DDb~N
z2UC82G@7SlI@g8|$Bw+)cK1nWz!uKb&{RjY#-Fm6N>#)pbWr2{OOraHV|OgY#WyGW
zMcJZ4&bK+0AB3*Nic;fF?a^%AG9Uw44naUxn>b=cb{B}Hu7A=a!;fk0EWQz^%Ab6o
ze~lh@YA;nWJaj(_KGE$zNn+>!)LeI?;~|%cp@$sQJYF?^@?m@7J+7l7Y_;AXxd;Hm
z>ga6x=v<jt6zxWr{)K0U+`i22yE|&?_hdH%=6}}c{l`r9pxSWgq*F<-wcF5aLrm~8
zs%cAV9|f;ZS=3X7X3ObOZ7CXxfR(akvO`OY`N8G8{yZMYT~zb8ni%MJu4F%{Y#>Vd
z4_~+Bl>5o5`P}BxewQDe>`8T{BKXqc;(T@juX5LgTEJvzvp?oCYk-CG+}<D(NXi~*
z4uEZ4O*U5ip7XVr<U&RtJfb2PgD}{Skno-i{~=Gmc&rpuYQlwiIno`D)!TNvrw6VI
znl*niAtCB#`AEY6uYD8@U6$BNROw(0v+p8CNqq*gfU&alucw(h4AP}Sms$xENcQix
zjNObSI+@v+iivX|ecw=(q#We%1)^%Dpav0V-i1T9`ynS)Bu6PUbioYEtt(Nd{}5{V
zGIznv__o(x_%2=T)u59l5VPfCuTkdMUMl|lumN<j<vOwprmKev*Jgi+QCt4Q-fdKd
zqU^Dq_o>~yIkFXM7`WVSK7JA-RUcHm^fsT}hVHyqJfH{|cXIu<)jH-IN#=6dVnTp9
zSw5Ubtn&@6Tj;`4TXbSa&Dr`p$|j2A8c8ee=5#$MXJxmzICGgoM6-&6kAe#6$HC!}
z;6XmqG+x(<rOx))xo5-x^YlF!ByT=u3rh=HE$6&EMsjm<GYy+11dNWG%Ssxw6Fzo_
zFpAvnHy4=5yV74A_opFS6~Bks7KKB_UL-^<wIW*;R#-qador4rCDOH8hpt~;9a~0h
zEY`jDTNs}#YSs1#KYu?(jXxP!Ukjh^K!_X2pgoDI3HCYV?ay^DW_+3-K7@%)o`JTc
z+KQa0x@y1kI=pm0$OFvVSO)A<71avljvpA$(fVln!@kv#>_e=AP_Tc(ERM*%@VM{`
z2Ij@!PJ7X5)#bDt=Q3N|Y|8#l+KH&5(9bE<AiA!{HKUu>hH4Hb%YU&?(E5^xj|P-^
zUw9NGy$2}H!--pL*<QC&lwdkqABIl{x+Ln=yWhGbDTuz+kP~MO)pk%r+z(_WKTg~T
zDo@y*885#<&$5WDDA%K1uLtSKgylmFy;m>Dro{no@?*1H{labn%Rf;!974xAKm)Cs
z{<>oL7MQa_e!c4HE?IT8_oX;9rO&MRCyjo@#7b~$XH&y{PKIOI07HKTf5_&CxWt5j
zkjj^bY`nkBGU{)yJkkGBHjkLV49iNW)fFAYtz_Fvx{J9WXa5K*SuJs=73%?$VBH^6
zI)~2Z{<Ih!72Iv{sI({L_kU^u=1!z2`nh!F2fV`aM&?pU#LQMA^qDJDPtMiO$1IGU
z&S{#hrLth8B;>0qUPZo;ErKrOhb)g`>VLhk|HYFB`Bu#VATrqZ?-{H*j3Ji*4XLr;
znYBN9>BAB1#CHi&t5eUfh2f4vMCD@+_(CpqWk@pKdulZg8F{&SBYlSPzAhg!jOaxK
zU>+a!OqebUxDL!`j*A_O&+c|r4?R+wj}eoW<}=0+-a)j(5WSsA@#rzPF#vkj+>Srr
z+*K%jvT)l4<6M74PR>K)qaX80()a9)uu8SOH}m&bsy{END>N?wy3XuygU3g?YW8-l
z@DF%)ywd(rK5}aUF<nO<KdgVzMx`E4DCn}gw5e;i{^58HlON}GKUm86ur~wys&Q<7
zP!c=)D5i_aN-p9gPeR5r>`K(a>j<02hqGo1cvrjvUQg3qGSG^=`go^FNO}lA+ER1#
z+wj&->}PxKxbk&|mU5we*jx*hsdtMgGy14_AfM{DwNOTa62ifyI<ab}$2dTlY`SJ(
zS>Gx!{S{XCeQD(+tk!*1%wif{5xAb)hmJkaC5F+|#og>3mOP0OZ;E>;Rf&A^xi=Ei
zu6}ay6@=|N%$d3y%le%%RI`7Rd&zg<KCL(HTb?4wyjHhUmWYsrix;LrjlJk_dUUlG
z-Cp``g9GR%z{2?_Q<2&?KEHk=nS#S2)|?z&+2qycj2*hFJvb+`J!J<a%kou_zK^tG
zL?V1mAMU^C4(@~-amPweyIsm2y4or_S_Oy7IIK9{$o)v^Um4WC(%awP|M3#j@7>7B
z<>^GxtjCHQ`xdI|NjuYg0flhnk|J3R&!qzJXHRZay*<=cvi#z5$e%7X@I?2pnIZrV
z?NXwxG~1m@rB?$v-}m{jNUfjhCtsN$Z|QG)daU%tAJ=O5+I0rq?SGA>iw+msktE>y
zmAXYs9O@DwljeTNG{vuWs;zO4!tY9^XGvAS^i*DMlkwA-AE^+S*lS{Y-!k|$8mo3T
z&Y=TOv$yew6&ES`*tS0&oSJh(%|Z2iD*x0yY&O@GV4k$`@?+H`9IM|+YdU{#>Lu2e
z<MmsgPWr+QZ|tMtN!$DZ;bownpz^#fd^wShE~Y<P9kj03xsMF=4fJ%}b4H7(=n<sH
zD9=^PekAhbZgyOo6dN*Qbc8zBFeR2=YMevlT(+O=JA_fr*f3_#J^MyXT)c0{Vawy-
zcGH97CzJYMul4!MTYb<V0*Jo7QWITzXtGb4$Z$r&^D$moZq0VIei?LC7j6$YuYZLV
z1lJa*CW@-oF-h=db%&oWewoA-IkLkH4UM*&7@w|6v_{<+YtH*Z<afT`h3ES=siBq!
zvttT|vR1>J_ia_X(I1pr(eAusT5CFXgPKSCQ;ipm)8i+cMMGbd(NNE&exw>3p4+XZ
z#9+j(9QiZ&8Hcc$X0bDDna&{ZVCyp-@sLOKjyEd-d$EHsUDnDeE!7(R!)DYExtW@&
z#wwR;)Kp_vA6V*joOX243XZiG!M@<$wI2(T#yJh+#wJ`{hT!uP6?J7^4&gp<7yI&C
zZYcActCQWj?Vs&Y<_ojk1`v6KI>W%7l0LV5ZMp6X9KI7K68t8Av26p~6tX`$s(KMe
z4a<?x9>lOqOfjU#Fg~@<oLKe>PUxkRYdOw_=7dp6FHG^1;@jC8lq2ooA|kc&t);HH
z?BAYmzy9<FnESkZB5ZQ2`e?c8u&lUv@oG!j6I~Q%Y2-bYus7k!V^v)8<DEYx7yHDB
z`(Z<4iybnQUtJA$YPXScTxqE(?w3d1ZhcfzRB}M2`j#`7*t40+J9Iv}44o>ihc4PX
z%iH7NvUedcJ^9a!<JS$_GVrC{4a6g(_ZO;_7r*R}y&Q7znVI`{*Rs5ABh6&Ug>$J6
z$B?cQyGIYk%MM=W0Gep&cyp|-8i;t$Z_qFM;w+g?CIk-2j-D=0hKAv?wjaMcD5b4+
zysFuDb^cn|L@j|;pqA=mT)Dtg)Ivq>D=G3vM(*~NlXEHeyKx<+$!aa_n+X`+>M%qc
zR`OuKgtU3JHdHfI^t_oNSv;q{{$Geb-bL>|cdrNbVKC}#cv9#dl-79x5+G~elaH%-
zRwxF9j%1~gnld#;iThqx;?Iq4*rys_UCD_uObmXgN=dA8*~xx4dqPu#VD9TA5njhh
zsnehz_qp>6=p<k=Ow-e`1~R9LpO)=cS*10Caozdm+92>t=~BY0C#-jQ)xhKn{tISV
zVBZ3hUD09N!BiwN$f?9-Mmwza4kmN3D13U4gIuee^9*-qx_gJR*kvEz_pY<gqAKFs
zL-=^0_rM-h#swMMn{m9_rj*nNK#;qd?(R7YM0b_;2XRu)dx36THJwLGJw1BsOd5Rf
z<I-P{oo|5v$c@kPi*xggi{|Twu(bg&>TWqJ^F_xl+}F)^g^&cstU0`ca;|OzH8!hn
zQVb5=&agmKshvXf<y0OuR$Zu?^RKUB%kYrOjG4h+2#K65i_AuP4|%yx@Vq(uj&}kf
z1mL_EETz+@+UwX6@AcjSh81KoKm$5cHNCAQx8^v+?fj6ZW8KQg&;FAOn@3kfZQlM2
z1jQ?6%FB_?=ZE1rC_Gx(FO>%;KX0XVkr7ozIH}H5=F((Oybmk!jRQBmtG=&g;d|J3
z5p=+?cSUWV2kW%9ys~6NAZ4n$x~iK&-#eHgMvsqXZ~`2U=ad?Lc|^8*t4K_;DrJ3n
zzM;|ube+VIlS|s8f4X`+3yfFxf6o{vybLIcHs?(}kD=|2;tl#My6<<`+_dp^$M+u1
z^Dnlzd%AxTg_quh75jWw@?2~~XJz>Z8{Cqu^FbD&N-5?#WYsH-?`QtDwmE5+v+WL$
zKJbK8In>erj5Zifl1jSRLCVY?U94u6^r(&Ei_vKQ+#CJNvws?#Zc0TDW_545=(LP*
z(Ay@nF;3aZ;AWO6mLw+YxA~GRHgP6GKC(hp1y=RErjJ*l7>f8O+Pcuf`PlnC_w1eT
zTCpj+D~2o;V`=zSo9}&s4o@G-*V1?KZ;y#u>NX%6j<O1wL(SvWm4zBpra6pV1iHaN
zxtNohME$BGz24p(W$x*9#A>KPvaX`o5IMjTu&>&m9+IeW#XNbjZBK_UK#KLQx~7G%
zl($3w5VugGgpM9ch(p)ky0lskA<tcvo@e5l^6|$G*%bIpE#P{~H;(%hx>QP(zB-uh
zeqj2rT_F}(lXbW93tCN4Zth~g>UiKY)haA?mygyf62Z@b29a6j+9L>Ko{&G258;6@
z!G9&$7mb95p2A-hp}m(bz*m+i@-mGBs<(X~-KxGyD?c?6UR9BN%5HgK>fR=wQ8y=h
z{4@<|9PZMphpk*71hKPn6bCOWLf(0$=0i!bZ3*=$>}->Vo-`$QX5H9xSIyQPp7F5{
z8h<31a3t>Ph4YEjNQc#7n<NzA)k$ASvZ%$=-CE1;CNQWWq(}b%v08)fSLl#5m{Sa0
z`bmV#c~`2m>E3T2ui8&;MeP9BD||NHLNV#@H?hgxYL=ed2nBes>QSm2m9g2T8D8YD
z3s&!A0mka;xJ7hzHhoq*SJ}>EuKG$zn2%*0^PLG8nY|wKIqS^jJ=M-rK`pz85&$nS
ziov5rFL4<Y#)fZm!g&`oswAin)jhZLqkNP}w%3`j%L-0Tir`#69<5bL0?d4qBB!Wr
zDto-ccCdxt;p-L~iw0t4?TJWsGk{R-t7r?*i$`ZJ4yw7#@@eVjemkEGxj;GCNHExQ
z1-c-NEyDr2CZV;=O2vgF!4FvY{X0F)tb#w?roDhPv3YJD>VhtMr%%>LpXI;8jy(HJ
zncNi==(y+bSnRT?jo-3e^6ws1NoL-r2WfWt;|{HccFwh7x9sm%?eM5bwyftpuny7b
zP#5!x+ILs932=|8&yL8Cb`Wd`W~_|%y9f6IwCH>(jUF42TjpPbo#;^YfJyd|U6hRZ
zP5iXop3=ukUff<{FfKh6eUy|>^1TqYxS&qOyQm#U1(9BSHF^LU#3boq62`nzso9$o
zVxFEfL9;6)v@I1L45lRdq?{!5_BB^lmRk(-@$4erXuC13v}r=@>d`ZvK04d`?!=p=
z6YX_3^#i4b6#OYZ5bI#yhRc=&a91&=qv6FN8XiQK-2ep`p9w>n>d$A5x=}Y5q4(<Q
z9Nb%VRE$0;U64cSPeqX-rysjZxYVpJ_oL3V+Z1aVbe7+nDbE_|zV4oKo->NeR4pD$
zcOw0`0)0(l^_H$K%}<#*6qL`NanNk-IHoD~wvH{yL8DEJU3T@6@%p`fH=^?ysDpBY
zt=0J3D+xdV_(#|ccYx10p+=fWiPW@;JI)JqY*E~&L_UjHTpTV`WEjnR=*uRHu4wwW
z)9ty-C#(;DC$d`c^7@|K2y+m$hg!<+C{Mop!{4?ADXSTHoBJ6l+MGtL)8G%YeZ%C!
z^?kzpJLih-5sliPU5(|h$Z5YQUi50Iz5)^)Z`G4=`eMK`;x3TZR$Z~TC<9#Bshm3!
zAUkT>XGS+NVdIW@bwx!*RbL;DfwuN{+fP!XqEbo6h71j7x^~WJAXZ!I^hZ2hVDbs6
zI+b#*-2hoA`chd_qvEUED<`)~X=O(NU;$pX7*74=fq{iWcs-yn1%tC(8_x8J#k(nb
zQp7?B+0dX^BA!(O6u7lr>xUfhaj`3^A56GnOUSx&tf2Csm|->TQ(`)_xZ=;IG~=^`
zqKT|f(@`3r5z3W3@@A5HOQNVp+#m`YJUQ=bL!4%~$l6kz^eb~9ADo+c^BZF9PZp<R
zm3)Jr?Ya=s{Cw+%AeBJ&(DH&zlecrE`Cb`5FUCOOcc{aqvTb*vt?|;D+8sLnXZ05=
zcCb!F4X|v--LD~Pi?bRc-MuQMC9GSXRA$A6A`uCm$U(m808KXd2F-?)y(j7BN*N=m
zG*;EI<ar~e7~q|5R9*5h<+;s1({ScIjP@tpGbX@?aV}8J)gszc$xi3LxVeckqR9qx
zZTF#=yMge%oO~W4pL=S9!;QP)P+YBTxF_mRK-YxBrVvfS+}tG3pQ5(CZ|)9GY^KPd
zWw5#&EfX>~5Wj5DT>i6x7<YzN2M}E~=O*>*<`!Ki=PVZ$JyxXEZr_yF%Unvs8&u1!
z2AiuLotN}UA#ym?kJ$sHst*|lkp7IyEP!%WmqmBL-j$9`+g`_&RTR{Sh^Sh{u+O#P
z0jP<5$<r{IYf7QOUvI~HxCMl9Y6)0wsOkXHDos28$yk8Jz;CQKSSi!jAkB<I8cz)D
z#E|+O6FJ9y4SnjCUzvzoIF>u(bKOs{^UHjAn0&~42t?0qCUzK;Fj)5FiU%{Vd5ON&
zeEz*x2jHkS8ue$7{}%R1tjRmJ>|p%6R#>tqGEr6kv?0iSQtGdKiYRZYYogt0!lFrG
z{!3lcQro_i4B!jON1N~=)!h??lXnAN1Kh)x`sU9>{7iEKhW|DuewldoO$hRN*gj6D
z`*i-wSIc+i5W_*55e|6L{**^Dq6Ej|o+i$VtUv5WL%CJk2HdPxm)!7SuNx=I%RQKr
z6nzPCaUj!>BAS_4H`lOui-Gr2yc6mQ_?ca!FbeA&H&^)rb<F3E#0Gy5Wi<<*Tt|B5
zqf<pcahG}zVY%?Ce3Q|c(V$kmihIfQB#u6)DNC7~Epym%MkT(_Y3nol`I+Wwer`oc
z`Cj|Q79w*QDZLba+rg%SUq9X%)AfO;R)p*CyL0hFCm00IJ~@9waTyE50IG_PMP((t
zrp4k9uwnnUqUF&X+hosAN<XTuj^W%xE?C$2IdZOHh;M4K@ncA@;fI0N-KyD-kx!=7
zfgWpwhA)s!701&Im|3u(wBuaBiEi1DWv-aYn(zBMKZ^o}4hy8c#@^s2c-%YZVK;4C
z%4Nm<zsP1HpqlfyhV{yWE~E`>VwOSIb*{q9|HI=4sqP!&qpG>%hgf2F9{+w4K;2B~
z=m-4|b9ETl>n4T0NF<|o;43v}%Hm@yZx+F-N_51|lLzg768Z1|jFXNdf7u4$ufI~d
z3a)l}cCe<E3PfyTM;!qd)tO(Rr|YPM@^uRU0}Cbri;3?2jfsp_QdEg?)T?^(d_3wp
zZL_PNL1=QA+Eiikup~H<H_1)C02m?!F5EngyF5T1Ufo=jCM6n9_49A9Zw;+?5f{%1
zyAl+}8YC#}<Rukek74j>(NTvzoQ}9l(1<(*IGspG^RZX1tPZ9=br@}grR;^(X6@<^
z00?HczuxUr4Rr|xSmL>chXE>hEhwL}%nUO{986s{FOKaCrzPmOI@qSKW|3GTIZ>_`
zx=b*bbk!5#s|EF}xrf+f_a)AZAEZM{5#z)TOIwK7o1;wnjqSF>FD5S<HIMiH<~Tnc
zNj+4hvgd=FI$)re(2ekfs3>4`?ZReaL={(-2Ajv1x*(8fnPF65@rIuOpR_}_ZlBl`
zf&%#0syya{m@Q}E&`MqBAZ8)p7FvV>aqmij)4_xrFu$TYq(6Z45<tm;Oi^K;TYtL$
z^<SOlYbTc}26Hb`N1q~+$40I8wNk;9M;XrFn5hrF8J1RVPIw~+I;Qk6@4!etJ>*4o
zKh%BbHMiddP^h{|5<jlTJu4F=(wv#FaH13i&#Odg`4K9A?Er}q(7yq)pSyGl3}UBI
zSo-$H=^L(qL(2`^hS3de=*XgH=w)qro=jdc90K-`KQUa)u=@qVWe#oQH{ZjD9)@xs
z)kwa1G_6%(^}{g+5VzD1_H`}S0g6GC9emIg_B<crsJ#$dMJPZ!LXrdJf4X`Oi5Tdi
zke6>4_;@D(-D*Uc%r&p~DCRPMP9E9`<PZ!_6#eP$KjD@?`h+;N2Xv+Ko-h`&8Fa^;
z{q`;QvEF8gAIp==H*PmFtefDln=Rel8;SvLNSp1+wjGlWc9?>M*ZA3|EjE!9zh_;#
zRJP<y3j9@$I&y^e-CWj*IUs~#;#wK;%@YnRuYTijW`hT79QOpA2u$4&00+#nRNO1y
zs=(=uy#j=4{-3<qEfc@;neB_5`$~#Q8LLFU;ely<003HQJ*-*_CI*B))8h`R^@?&a
zkjvT?N~Uh%WcYkfMV<PFK>SBbAOVK!(ewnPyM($g<1sDU<B3(xA+YdY@#j|=sUBko
z8eG0S@YKAmi#g)1$cPQ`JK_*BITY6ZW``mQ#ciVoE@X!^9b>3c{Bl6AC_*|J@Xj0;
zi+HR>{izoY)H^wY6W;?KYxPX?A!@9Tn~V9sOo%*N3D*qfMSeR}va3q<Fs^sD_UV((
zd*0P-gPMa0wO^8gTjBH;g1g8F#o^(8i$_55{`VSY72uWuACw_FJ~uKf=F))P0`dyK
z2FV&|5Vy_E@q${^F^O00)ozY|R9!WYi+S_IW?S!fQbv(|J#Vqjy%|7l3HBtD45vdt
zjRrk<Ez~rI+3d$tU!?d%27gXjSZ2s*xL>WR<aK)X5}NSJ9)&9m3>o8DFgb}bGE}m!
zI5Ny{<WPCAI#n>80Ssfz#+=QqI}=vC@XoJ*ba)!C9zh+#kRjOk-8L3Mb6{|2d_Mh>
zBr+FB6C`7hC#3lUBoNEm{20+uuA*$5{iD-w)rmeWWl~5Wl~~Jt`iQVCmH=ejGF561
zGz0$aw#FZAA9M9M)ntVPj#@Xtu<=!`U0t4<N<Hd|V<_)0kS5~7fymo2`L0Z;+x#M_
zX?LW?+r)sKgmiRaf)j<G97EF%<TFEZC-2M+^bw-~FG~~5(h+$mR2ZGjatl3$EFkww
z$J!ppUE}>~_Hbz!yNG@S)zSlh6%Za2p2jKT=t<k6R#)$?Xf*hbcgTZ;x)KmoU{-og
zF>_rc%Z!F+qvc2Yce~|{?+OA*$Wi#NUw|FMzWZ8g0PrHz$Es}!p8}7U5YCfquigYh
zQkQTRG#%Fw$W}!Ir1tP6vCO4TS56MPns?ow#7*>{ZX`B?bPcQ~&?1t?1j7c=^TT07
zWValeV#25VZ5bDstdrM&Db@*g1yZlB7kEI+4QV5{*K7ns2Xzb7Mnl85Z!k*^8CSf3
zj&DchTm^&a9vEzo3y+nlR*BOLDkv^I{Bw9mw57tati`J?)6+i^{;q_GNgX%XtG;JS
z3(-+Fok8TBIr7>S2#&6G6eDvW+Rs~ko*p!*n|k*1*Ej`6W}S-*CiOH0j8`D6fB1d=
zZ5)snn5{rGfo5r^k`pA-@up=QQ0Q>KGf<Mpf1R6|=h4yEjpLNolhm7J!r%LVDVE;j
zm4>5eb2J!Ny_AV;MxZg$6daxT1bfZwobJTaCqUN`ivY-U8gS=p&%<uBTnCa?j7`0E
z+EVH@ig1YQk)tywEl)T5tCP^(`P-iUiH2t}Zvly)<&ckwUUu+_%VcshH7qR5F@RAD
znt+4p0cKl@^P@p9`bf$0UM$7~JTZbBwrB~~PE=DFv7<3~)dVoP@v+6VhH>8_(0}E-
z9f09q;GX&waLb|?j_hEN_|r;dfeqv%2q;PS9L_W@v$$w1efKL)*0A<<j6d^JGDF;D
zxm(_!{nvzRF(2*}+4rtbT3>A#@z>|`E)y&~#^u58^3r04L^$`|734970dwP<s^b3e
zoc3l+7gtk``f*$77<<BBhZe!~2ZoHA+6UbUru;onpI3GPG^ZZz=zhrEVFdTHECn0L
zu8+z{AY`=_fe>6Z@^ZsCo%XIQ?yExXqJBmOwcH)4`kWt*((pwt4OB0D@*JJtKp+5p
zwq2wFU$x&PCTn;j5~vMsz~6s!H-^15Hg?FgMQVrcN{Bh=zErcy2%itofe`~4x~~;6
zsKxJ?mC5wl0mc@x?}fUtFHUomBktz0hgCHAycfwpl0!k=IjxRS9Sr1o37^~twCK)D
zj;jbiZP$xo#mahTaA+T_UH5yOW?WJ02B(D3lOt!$7Zv5G1&w>=;=DE|6%p@711X7P
zMNszZVDi2l93;NQ%<mO?KuSg?az;%75XR~UBx?3Ec@zwqEl7U0%PW(;9Ft`S6V<Tu
zxtN|UQ%k(;mj#e))g>}G<fmMq(Ba_EFS&>SslxYCvXoo%Dr&CR+HI<ye+Ii_0RjW7
zPi!9C^8?gAjN!!j8oV^IK-=ol0jqnVG!IsX0AD(;B=CULBMsNX%H{goR+f|*;Y=wd
zE=GEfD|rS4^8`peyP>o%-j`SZR5?z3j8Yu(hI0>_uzL?XoLLQWtDh;URlz>8GXX%2
z36p@9-r0Bq0kIoMM{T!o{1Z76OR!ezN<u4wI^V```57#93L0EBm@Gc!CEBD4y?GOw
z@c3izOWv(5h}uH3Omb-coOJ)3_CoEcgU!DeXZ)GG9pINAs=g2d@Xi9NJK#>Y&Yc_d
zzn0U7E!tz_umdcKSZdkpId*5esyA9s1$uCmBZ;`ZvS-Y`<op0Uryb?ITHmev)8j9b
zH6IfLumH1xb*Xd!*^9XeWxvg(dSLCuG$G-gX+n~V7f@z$yAH^ra+k9rl1dgTm}6RP
zamDo^Hki1*{DCC<x#{o_4Pvu(k-h_MK6=3cc!yxd5tsv}kIuT9t|ePL<mK*fk^MNW
z27U3wXa)_@Q6fIA1cGOy?e7WBI?BW0)W^`hWtCUGib<)XHIyQ~x3<Im!&+zE0)7FO
zkVw?(h+&;iy~M0-?bDRJ8w3pvj-y;TgKlmr>PS6%pb@JFE2>=WOd-Sf>;z02RIFAx
zJY6hJ<3N!CKPqO_M*VPfDlEjx=<+z2M+JGMk(WpOCxO?`rYfe6tETMg%LotFh|8Pq
zk}klKc3CKG;NO=&Xgyy@YbA6z&!dalBK4-V76R{%f<;nQ(oP{o;N%Nr+~UFXbcR~!
zP*jm8S(UFB4rRR7-|V-XHt`urXfnWr+h-ta0LI!$M>RB5nK4ySm_s7lvQmoTHoKr2
z+o~72jjUUvV}0)cYs7rSmf3}0`CwXW01vt1GEJ+~l5++8?~oJYpGz7wIT1z=4b%Lu
zomvg_w7<k*K^OP>4ID!8DUsuBD$p-u>=H|YALLL~dsQe<cJ=6M*%g40_Z!st#dp0&
zLE}-nH<kipy}qxqaCdIYKvo+Kv=B<Ia@T!)+8^%E4L$`1$9c?ymH9Bn7yo6xjDd>8
zrU&l!5}WREUA(-!$}1~Ro0^(xXlQ8v<lxPZ%CXgI&TQ3u+mSgvckgkbePwp_Va*#H
znrm0WDaDrYAP+Z7FMYtk+u?H$98AcIjn2IPId+CzQIdOH)&;i@$Uqw#`^C@S#`pRu
z{Aj=J?4$mW`41|I7a6U*m5;@;G3NZ0=ipQ!hGJGn9Zsr9<$Qkn1js3zlhrCPwKsA;
z2PArx9830PTpHK~Qi91ckwH2RqvBG-(qI_}I049dmtM7IYST-)7aa^_?<vLR*l0HI
zP}FRG`{0y9%TL?NB>`p*%((#h77w#M7A3PBSJ_lTQX%?4zE;zD`Iy~)Q$K2-K>kw;
zF#V&g5$y0)d;J<$H~soh%ecK3djZ|=W%yJAsRdc2$0?1fovwpRpVWW=(pt7LBhGZg
z<Z{w)V0mG$rX~SM#V>Fcl^wbzz?!7z6?a|H>6PeO+K)WbbW<k-ILNFSXV^o4JdqpT
z$@un>U~Emrb}{`5O}w+&9)sKYyjnd@Ey~jLTrdLzmYHxr4FP>EsRb|zqaCZ3ATTj_
z{xj|A*XdQY^_aRF&SB$PVua-!^H|f4v`$*3xAIjcz#f#`;IT?b{Z~pxXK5>Sss)$$
zVc<}md9*)B)=6sg^p@NhCQg+@e;VJ;T$-cWY5Q<zx3T@e5v}z`7EnI^!l9QodW>E_
zJ_yX*Nk;mW-bnq5QnjGLD`&uYrLdAYwY43rSh1)gKLZOjWRbz%05K9=5F7A1!+R7c
z7j2>@#;aum-iwTSdESaKP^dDlY`+&Md7M$dZkX}&3g~Zn(Vces!94n$H!5o$m!g7Y
zE<k0~6KDyp@mx0#Nm2W=Z*Fyvjw`P$(E<GvdmAOA;Y1E8BUEj?ego1G@N^O)lgdRq
z>H48xJlHgYdieBvggALOdP2WcVH@wWS(E>iUe4R|dgT}~O5I{fFkg%j``#_G2{5%E
z#!41IPx>9LDz=m4CnX|cpJepV$7c-OhA8hds3=lP@A24#?_vD(+Y(DZH&l)S1cWv;
zq^GVwyh?@&!RQ<m%Uhy&$;ONEf_(ua6HCCOT$4+45{rI@JBGEzUfQ<n*B86qRkm`9
zqrn&oBr}1My=;pSmyc?gn&Utb<_jwBc6;;qla=TAW{`?l9uT#<D*7WpWBvC0gY(qd
zo+i)sq#>qc)qoJX8u2Lr$R^1qM7idE2A^tZ=*YZt7b`Je11KIy7z4U8+VK8&=$+Ln
zAf(*nu=Ig?5C1edISCbFf7)%th3L*0QU!_xS0;={{ltm@)>LdY*cWt`fjS+P;oBeg
z$NwNQf97d+Qv>n0=YKDX5RrEjDEh6YZV)v#REu2zJ$E3W_B1pMTM6tQoxPrko!13o
zHWcgADXQ3nY_0uuyNK1<1-$+q1P?z=)dOnC#9;L*Kv7+D-U5+8kt&F@#2wYcttJ!X
z<fv&oa^AM3PaogK-AqE}&_)RigQIeC9o!We|0aqQLCg<z3=B1Z<jt<!_dkn#Fg<=<
zVRG#?feQwUPqp<kYUanl>|gVi;`n@`fyTrA(LgcV?d9V)M03Cj-D~GApHK#CfPuPE
zJ>GIIz;?$vW0UXy9=-uA0hX@sOL$;ph;%a3XU0Eref!}}N#ln%dqhRPlzdHqpEffz
zOmcs)WC*4L8}NSst`>u}C0}OVuZCZ7yh%*g&vtYJQG`_LFMoqYcyuH3#`b4Z=^_0c
zCC_t@qe3{;;IQTUT+Y_aDcA9rE5RH!Y_r$4j91S`DDPg%kS31GNBZQP6p3&)?JnQN
zNO8B%2KP&Q736?LD)U2((XD*IU_ZYQrPTW3!r{;SOAZd16&1%XUApw*`SUj?fuBAz
zy|mdLRPrtPh0)LX*^qaDOSocgcKw0r`@h%mh#21c_#mK;HsCbCdvQ8iu)arx&s_}+
zaQ5%RTBWr#>e^=R;|0M=fX_k`T@BoY_T}mS@v8m7wS^D9UiNHIa?`yt4-H2IYdoB&
zFzt4Im(u|9|7%BtLb5xsulUP*zn%2@=bVU$_lB<hCgp&@e;+3#6`K&7gr4>4R!A;;
z4tRzApX1f}d%r#3CA6{Ci9oRDmU4##YqXqLP-qHm5&F&Rtw1WROQ}_8GpG}Z|Ca9j
zed|1zB=@F^jP(LqmFzcpaZpaq%(4(D^7;F?kX5Rr=)qMo_~!&L3ZYro_gsIt|B|3B
z&tej(2HpQ9yWQVv4PF~Dm9*ca<Rjww1>x<btd&e20_7I~t036>=7eM`&;kIEE%kyu
zWvuWTX5B!?3+*Oll?(hvT>SV`AvtQZu3zHfC4?3Q0s72T{Fy*{tDK83h#GQot;duF
z*Imf!(uh}Tjk$v{c__3pNQ43)^Go}ru}PuDZ(cbcF9k!9zYp)d7tQ|pTSVjnxl}1O
zs<Oe{Ug(NE+atY}%|iI_Ig#WJWZwV1EYAr*{eF`l1ly~LSYb7k?}x322Vk}h4KE#*
z5ZZ*RK@;E!3<VqZiCC3ftosivCWor>1@cBrSsj)D8v5_UMXahc%wq3g*7bJr#e$qT
zq2G`q01vCZ^qg?_*X%cuvmO_0M)hpP9hkQkoYx6>LK48<4LP|kjUJ(0#jF*8s+(qF
zmtcHF@@$`GKR9UeVr?~`uhQk&9T`?v{x8|Hz#6o_k5|4X4<$_Nr8aF8#%$BW{YR2Q
z&AY9H)X%B}Xo0fCrswOF$Fy4`9?(j`l20cR6(lx^i(6zK`R5V99O(c|68!Zjsw!U(
zGKB*x=j7!|mAd5w*I6r=b-ybu*tL|hKYFK-%&sO64WGK(XRHbgPsEh9JV{_v8Y=ho
z2xJoJQT}GC*4ff;rs|ui`diPezL~0Trb;lqee<dSz4*V)tBT+ghh<1-w>2FVc^pN<
zU!D9O1FQT&`RJp5RrhmIA|f~Y2trFHMo<KMwTp-hRbs6d@Jo|ItFART`So=Rtt%G+
zd5w(`a%TG4&jnTqw!#%@2z+n3Y$fE0Yx~0U^AyzO1uOJLK>nmB2~gH>#gAesv`FAc
zH9nWk5EV@QTJ3F?LN^?#+;7h87V<p)mxzhvM8TZj;7@i^V}W`0wc{p*4z*;g6REKl
z3$?a3c`5KLZhoXgrC=1uKNpFJ(9d3+^feKDmR?*mVDSW>N3v5wvW5Jq>Ow3gm!0xJ
z;Egw2A@k1FA6j<?>yVOij4dRb%R?);si1pCUZv#b<)POWr2P6YU(>lT%8x=Ps>XaG
z1Q*=wMto7Xw#F(7R^^Mxd<e9riAYZZ^Nni<AdAxg8P5_L%b^8-n!t@3(J~Ztp-2_Y
z*P5q_s$BuY*|p<lA8FyX@W6@A6s<#ox+S?#D4M$IG-vg7d*y#_kU%2m<+Ze(5qPd6
zqA#&o|9lN#wV%XZhb6k-6pteqqXsi|mV}V+U#<M!lB*%yng1=KuRHvJ;0`w(;kIpc
z0s)4qu*8p?bt1i{7nxgI|8iX*mUIP{*hFLtAR2*vXjSVVw4P;TJ(3s(6I@Y!-6JDc
z5Iu|dPSZW7kRHNtvxCDd8S4PpPq*>NZWD^zhJdxQ$PWc~)xP18mp3K9wj(uoI)e02
zpHd|hur>IE?0qJ<U}#=;<(zd7{j6YMM_%o(z?w75um^+?WCynmVl#yI^@SrHg%+P*
z+A1#S!Ui9#gEc=EQzR5|4J`y2I0@<O(s$T=VI+{-tl)}5zjsX5Pc#>{GNVCNd3ndw
zy9BZ?eK+YVG&zIH2X58<&ym1M4dtW$`2;|xyG>u{h9ZE{NWj{KJM+IqbQo|FR_{Kt
zq&h=zM>dVFz5o>#NxJ|$ZE2loC=`qt)93+A7Ed78NYVa8dXk{OL2IW@5fj|j_i2i!
zaA;4e<)nmSb_>I;mrVSKSO>sLY+}lh0Ab+{m;_es7u+@BX-Zz+N|azs0jo)5uQL-4
z!@@R1t3DEHX<dQ+MIgGif(eao$(`|y7Tj05mz+rE>G6O5_f&%uq)%uY4%8{bf4>sB
zNut~I@TocZLPiE&?_@3|G;pW}y3khMB92<>J>+#0%mMSU_0t2nFfXqyPDAh*)QMUL
zff9%S%C{a%tJ%YNAv->#p>8f@wm_w6G8gX5{~@AHkgbq<69VB)Z35n?0g2_Dt0xMJ
zv~8NcVr6|m*wR~IIgZ@0aDmv>iY8fDVOs=PyEeAK7Dc3bjHiSOtjtIy9hE)od0Gf=
zk%4UWg$!W;M$&xUJz9ikN2JL`va(>jA~HR)^YWlCgyc|u&qA&<6G`iAh#BKK(aM@u
zBs8!IXD?zo5-_ZToZvQ*fpB*?zaw0Lxo@t9$TwF50LV921JsgluEsZ4W6fFu-q1H!
z<Np;`Lji{V{7)^wH@9OA;K2V4-`oyCUwmUYzA+qsqv0FFAqX&Ueq%U<>4a|#$G;X+
zMEW0wqXD)^SH9Z!N8W~|OJ2jBDa^;3na|zMC8Zy2QQADCWOKVZYTFOuf#OD5;v2;c
z#qA|-11nhid@?(;@#M*SKZ`s4d~)a2qekw(s~b(e(vGaC4PIm|Cti=%ErhS|E(c>g
z{c!bK{CYnR7G?S$Ql<fAZT%och-b6Q!^+E1<pdN%1UYYNNnbc*p0V-Vu(o***oKJo
zj#C&(aW!=zHpMP4&($M=>ggdwzFjV9i+h@qD$K#o1g_&?bsq~DTalpDl&ES;?rotW
zo6E&z)04uatK^g2LbO)|tyb@tFne+to0mB!yno8;p*BN9!@w#bI;H4@d$yo0B0Kds
z8N!52EBRbK1trkp%Q<wY@b@z|*2e4kd1ue{DFnr%>K5wqLX^bVG4&Q<J_V&7aIPLM
zEYr@`wrWE|t3)9&lb)uGQYV%Lm}zjfmP}kXZZk88UK&uN_s<bDMRybC+Q`RPPeK{K
z*Z=umL_{emh42w!Z6aV{E|;W4PtlJGk;<=KtgWwR3z2O}Q*_`pVj;5aa#fx#lqgKE
zVS5HdHvapV%Q>tMo<@dkaYB?zQeNJZl+2}+6k*ILsb_kOj|&sA2q$48wtAZoZ5u)M
zI4DP#fI0Dg`1eWu(=(y9!p!SNkJCcj*JUg{p-q@!?=PBq6(-EbDQT$#6&z$`q4bU7
zg_I+LwnQ{_;Btf!cuUKYQRVWl1S0*pShUdhB3SDli*+RZ>%M{Yd4x@E=RUTb5%5Tt
zYue(D3FU8IQ`)308S7+fI;O57E^d85NK9bq*XpGZs6dd{w$?`O!s7-aJCGyPl=NE8
z6CuLwa#fpt_Au5#h;WN_A6Hv&wie>0?Yuo+)anV-^fR{Bk|{@o;GI>gCnu*O#JKer
z<|Pozgn4@3K+O{ZmFl0=pSKqmSC<z`;bi40c#I!Ld1MP=2GELEDK$F6Y^<}CFdJKR
zDq7I~%T+1SQF=}0wnFUdqAoT=MVN@clVTyn+xHh?<<*60_R4%+1&pw^x3-@H^b&3=
zP?(WTRvu>sZMj@h##nD~+COssLn$+b5Zd5t9k`yUp9x%_OsM`|eaCTiVf(D2o++Hf
znbA@Qlvr3M(9oJ18m`mp+!P%ZRK`C>ALynTYio;j;|3txll&i+PB_8WudI&FWz&;{
z5`3;HA?NCCh0WB?)Rb5BZNl_2$J*M+<E#+8bLqefuCYQ1y`cQOQI@w*PVcot`qs4#
zPreRkkggcg#_(<18G)i-&drNS(TTyN91+3{pcOYfe1$35*L_XG+2834asqtx`*_Gv
z&ojGw%>O+XQQuLN6D!2t+g|n%PPkQ0)8Cz2H{awXw5+!V>N~{6d&oixQ~iBn%Ef=5
zAYum?>2(GNuD*c!52ZXTgwWRx)-vnqdPMsAj6zXEn_+w0e!(M>TH6i_XL300ZE6d{
z!ZO(@sgM35Zm~|UZ+IlcVkQK*7C~5B1IQK{Hvrl8|7q!jvwT6VZEjQb*eroEytea@
zwPdU_Q%xQR^RSJ=g#9=7<D2{OFL=MXAK%=Mf59N~&Hec1e*BAuZ|=u8_v4%U@&Cns
zsDBN-BKQL^F0b*oHRT!Mx0Nw!4rP<pxvsT(r3xx!8S53$-<>T98$VUN{cmrN@9A;y
zn7V?xuq)R;u&y@E&euau?u9S@U-cAuZ3%}6JwOET>NA(F(*-Yi{15Ub<yFc9fm7db
zD`mI4&|4vw@hLk06_9#3%E{%O6^c<!+uQt^tT2Hfmy7daTF#jWPACN}8cZ*47M#!v
zWUDO*Y7iTI!7%1O2^hea%@e9vd)?n=7zlrY5EQ8N7w0J)v;0MHThl-|@T#GqkpBxf
z@0fK=8F^}5oYNihr3_e!`m|73Vrp&O)@H$NJ0}#%0yK?<dO(2iOCR+rMM7^9IYtW6
zC=I?q5CV@`SE2Slf=b~i^tBV**h4rh@wN?IU%Z$Eka1D3)&+l(ui739!h;4^&vkXJ
zmupgU*(6m#@63E88w+tUAgOp5^;Eb&|C_uyc*A4AP<J|dG_MsR>8scAoFH*pxP=Ex
zjd)~u*lhI9pD@SR!%ocj;;{4F87=+o#UTUr-+#S0BIkXZVMp6-xRpH;7{1GF{@YbQ
zJRgt1@qlHJ;PAF{x7qFC<^~H^`U@W|nV%n-H{TV5R_kJ_@Y8phJ@{4jCX9X|y&g+7
z5C6PxY%N|4-eYZe`0Kh7iHK1Lh{ek1>+Cm&bcdIEjel4Z+59dm%7l#b1^dV`2gW6_
zH-8tt__aeub{FNnSi{cEF-Oi@%-TD0!5;rb(fIy%1n&FDQP8WY|9>$wz&oa0WUa5`
z#it;rCt#|m6)y%lD#{o(YZXTDTWusPEWp?+qSUPz)=*SbFsYG&#_%%PKS_R-X6a?k
z*X|JMo3h1^9bg)%)=Z4^2q*@b*<lRf|AA^NMl>Or)?#ESadGp-upt+|Q*kINtkY8(
zpDmgZko-4kHf!Q9yHaOp*mmw}wiR&ah<xTGn=A=iwq_G(_^zcazfhAfb}HXO`|D#H
z)X!TtwHX@y(RB#;d@~R=J`IWDuh{OPEG`pwfUhY7#w{)p(4QS^4BALu7(X9IlgH6A
zOq=1jspY@cMk}L4L4B=;v#2H6AlPq+pN91vrtp^{`4-dW$adcMYgo@HQTeK^MeRiV
z>YdaHw*KN(?i)QwEM%!`^!qQ#FyK-+yh$`;sekh!5Q9vxnRWE%9O?!%oV!ZV-|4ps
z?8)N7--F|A&XA(4gb-tG@$(tMOD+&Jg*VM^au{Yh<H7e^fxI&C)~}(5Y|~l|VT6~(
zZsvVkD0`fz%n0`54q|w%W=wT;>LJ`p_b70ycg8$5)F{GvQQVSAnXe(nyR42&5g6Pa
z4s@Kz{~bY(f$=+uF{;7LGCv%xLKUxtW5>E|XN1i&gG&j1Yqo6G1Ri8y3R2<?$Cuyq
z)g8?U?2F`!Ppjf-oxu~CXaYhOF*i;^Es?3Y??ptm-83;gX;q=hedWR@z~(;~KZcsK
z$xck9%iQnim5N01aJFSJ*F1|zg0fdVo1{>W8EY)V5<pvg9rT+{C~lx?Z3wClfr$!V
zVIKmpShYIWs6MS4{)WtqkusQ;$1V1#)*o`_4-jiY7|}~vu#o+@IWsYW7=IB);6Ud~
zCO(CK+Nzo$HH_$M=OADonVEPFeJMuEKpH<+Y1~+{rnMuMSy-6<!nRomjqDR=9f%U0
zr7TnQeihp^_qt$Pl>Do`hQFmq1igONQ|L2)uXpgt6JI6OJ=mUdv!3kK`0IPkswyY*
zeKIwDy0e2G?YZjXSW%}IfAILFvXceR?*8->^upN5A4H$%@Vlkp#IbGLpc`kmp`h>E
z4bW`FGUZcK%>+C=9Kba5^7!Y|N*Mt*2p(ZC)LWH57LMEw-zKfNiN|8JB`}~Xi?3LG
zrdFtNp_u-XM_qNmVL3VHejN!fKKsPX>YJ?2?oNyHZgM`bjw?*Iqmv_5On8%7=-Md-
z-_{gB5^H*dH=u~FQN3xmk5q&rr@nHIaeFEF8$l8>$5X-=W<+UYRbpER9T+%2E^29^
zwPX41vJ_FbcjN6*L?p=wQ-M6?uD`tUMy<@#?E2fc<0Z2Y9(y>b)039lC)P|)I5M%O
zIp>q|ZkQSLw&_&me<gKm2YgzytCAyI73iEqzqmn)PS48YpO2tu4|AEAyM#?TIrGw-
zZJ!5xAm|ik3nFr~*~l~8l@k;4$heUIxo3l027bEn(-ZZc{cA6$Hsp3H#r*Y^FLWx#
z!!Ncy?YdUX)`(dG3YMV@X%Oz*Owgx^nIr8M<lm|odb;B}hgPz$GSi|ndqrW|Z<cXh
zf6IAiMb_|^I;h6G#8&5@4!A6(C9)0~n`bVN3B%8CeZ(zyABqd<xHqvFSHq)i$jrIP
zNYli17rfsJ*$FD6$jz>boX}!hiLX>8dB#>XWzcz8%c>bxUmo5zYSWe~fxmsl>(Zi?
zA$PT9H&cs9i#}%SfAwWdbbBxS*FI-`_coR-JHDQm<#Z~u*Uv%Iz<Ed~lvG}}M-6@n
zEw<*NXdk%MQTP`K*9hMrQt71HbN?CReEuwqLq%hT4aQ5<4{1^FBJe%VKq9Yd6HH!i
z7<yD%s{LBvRNd{xx79ua^GnGX8O2|DkMcd5Hg*$KhQeq(`3LznYS#_lGPu+lCY;EK
zH{-)!BHPUUu+QotUmG`a)$~ZkCRpIt!uQ$%r+kluOZ;h1cG_&e0VG*%=}l+#=LyRa
z7Y(=H<}<o?_(66hz(VKhgSl9#ax`y(G84~0B2Igg12k0l<8Q0Esh-Fw&Jy!JkLiFv
zY9J>Uy2q%FE4rDQQW!~Xcp#mxk|rIHy%Mkd_2D;fe5}ZL|CRG4&kUKw+v!i(og7c#
zH8NM9KQK3#V7LtF-QW>%>Og8?)veo@Sq9&R9;|X5epwwjSsv6m(ahe4nGM9Vm$3d{
zuK5;gS&9SQecabM?0j3wU|goVBm<>EJ+)?d&PV6v$yr;wgPdtZQ6Qlq?n_$1XBWL}
z57+}d66N<fp;+J7@%DK{4d2*dl%g57ix7Tbj(IZy#+^hkKYEFhNC~j<kxuD)n6&iq
zdV~*=;9d}R(_sc0TrjK78C=sl?dX^nQ7<ko{|wks?OFTe;&cw-5<N`TOJ_nFpu{_B
zc!yh$wUov^c<|tf9^4o1@;RJu9lqb?g1n@^JLR+8e0(%>DI4wD7uo3Yg`2zMq9ebs
zY_z~b92T;0LR$MF9><4;2dBW+h;;3(d3iA&hSTFVXFWhCM+66Lacoj|5Ci`qb6H}t
z?M%jAn8u%9ySw4KrG!!btYs%SX|5e7*m<61rs>^-Ysvzi{E&X}?1PvWM}=Hmr-CB(
zx%4%?{CeH(oU{P1JfU|zY8@;j3Uh}8I!+6?<Y%#xMx9Tm46?2YB{Xa8fV}gqjw`i-
zizDdC7tdNq+<UMl68Qg@i#iigQP=heWuxgy7jGE!Nj?L<ZCE;<duaC$T-sNm8~RS<
zDS{>_f;l}Ho3rcR^ScXt=Tm^NA@3MCbstS2BNn{VrF3Wq7hYDgrv`ppo7vCbeSFc%
zx<`QvSeq#D=Gwg!y(1Y|-e1*MItMnL&=~`N5B$j-qDh?&XYAjwc3qB%g@ncDwEVoh
zzaBGy>u#43pBBCd;M=vP6Wx?2(lYb%-sx09-0e@>C#fAf_DjG-$HG3~cfc{5=ry$n
z0OarEDD)aj@ae<YRLaanL$3}&2Z_{LI!)(}3P!C#`+{}iS7WhuiwNK3fP@!^C4@2v
zx3P~e9l&f7%7WE8T3d^Y1AQ+vM3<${7+LHRN)D>n^dS_4a${d^(Q=3NY=Os&OgEr^
zT|>z(^gp)h?-tZLoXxdf%Iy}k0>G7*L7>o$c8LN=wX(K0EFb?0)U_+0VLu+vFtRYz
zy*YB?KfckEfreFEFQo(|)UpIE7a?aJj){uWzWwEb1|l@{w$S@JUtF!Nn?8KF@X`RW
z_(iCDKV(fMU_`}az0DS6#bbm!#L7aV1kM;fqX(yZ+x`v=YeOIN`(>8*8iXT?&yt4%
zNR>VhD!m7O5%;|TG`=Ca+G8yd_H3^=1!vHeAfqQY;Vq;I5h_+%3L(>lRdPOq<ww5a
zn!4tMfGv(txtQdRSWdKcjxG;jjqlpC=h!je^!DsPP<ersGO#Zn18&f}2l6HEtx0D#
zOR2;yO!pag*!QiwM_&+>`F2NVU!PPi9uJcZ`TQWr=vBu-;08xme)~H}#%<D>c$KFB
zSR-QyQe%a~kzZI?Xxgk=w;c;-^a{NK_iQr&f8VKPI+oGQBElfxL(4C}`F+=}T~Qo5
z*6-sR@V?IRJz16$=RqMwM4BIUa2(i_@bCh=5;>LHFE7sQICMU)RRyb*fm)f|B`vLS
z5%^V@vT72HsQdK_k+k#f_RS+BmkV6*&?FV7Jx8+6=uFs^UNtFjtU1<OVBejwSr+(Z
z?fYDuO`!6c2Y;gKm8Y+t#-0*jXBj(OScuZ4^21NtJzmy+2)KOtSC5Xg-Rz+NbT0Td
zqPAQ5s|L%ezk8|H$cYfr=LBymurH&=C>BL!WMsV4F}|U($3ntresS@1czC$?P_>#Y
zYUvYj-mn}4++rku(LF}Z{PcG@a(`zb&nE*jMwWyabm?*(cdoVM_GH%=8qJ6JWmqXj
zZi?{mfT=5ExV|KaHV9Nk@D@q(SszjRv}%E7Xak0}b2aPg#I5?j35T3kCOc0y^viR*
zDqklh=Q`~qWrv;Z9%bZrW%g3HZLB5ZPs`gBJIfeZymdnx>~yH|jTe;-zWg!P+PbIc
zAfTZU>SjoqgH*V}_iO4pVl`FJT9Bte$8qSvlUd2G?;jp030;^1+GC&e0I-!)z8Jvx
zSV(kU({Sy{vn~l+o(rZ`^if+Bi{rG0gWW!EEe@?wGL;7eY}nn3mIb;1lw7i<RQkA{
z)7c}Me#6rFHia>7-n_A^4-Iq-?6IaH7XmtTE+Q|Qo0}UNaw4)!lbetCIqsOigrgkc
z<UoId4E$}86LxT4VC09WsI&m=y=%PFw>mN}p+W7+op;v@KxMFQ|6RK=!g`gL=VUox
zf6Bhku9u*(C;o7Z+^vohufC#cR)^l`%5*Ur(2}MeTNfGAB&F*Rink`ovR*5--G)G1
zxhHo?s|<j{xhF^Wjd!H)1=}=qt5vxK!KQ=QP4%rk(p%)Tx3RI2CRIp^48oPvMwGL*
zLio*S7g*=7(s+g;A>&oQ6%Oc`vDRc&m#=^PpUt=Y`IWWcd1=ny7k>hi(zl<h+Iufd
z-(0Hq+R?(}>s4Ooo=r2B>UHy(V_~S~Gb7;-LMPk^IHNwTuJ-)OefpvAU&rWoDfP)%
z3cbFzwtIH|K1((>wxsLpVhe#K#W7y<I|AY{1&+V~_-1MOTtZT^(`~V!<#UaBRj+`T
zJv;;g|B`oWwogx$%-{DjE$8+&U9+4U0=Kv4_p@?~9eFxEUT%6^Rpu99{;qsJSN!ra
z-|m~6(}DL@oSA8Sd#;Oh{N{HORW-+_SnV#h`gyKC<GJNr`4b<_Kfjt?o4mIV#rLP}
zjXxEin;6u!N$0lsg|8dG{`~s;^`DJNfg-><>{I9WsX<*p*L<`5x>)BlupyInW=0~R
z5Qv<%G5`KPpyGS=|Nq|DUthlm7`GdfkN4f!l<E!2g`nc~^Yiolz!L9h6D#+k_3QP6
rye?k8EDTJ(UYfJcK3nlUF#mV`?^7(x*C$)Q1Eo?=S3j3^P6<r_NfmY~

diff --git a/docs/pages/admin-guides/access-controls/sso/azuread.mdx b/docs/pages/admin-guides/access-controls/sso/azuread.mdx
index 44cd2ba25d8fa..49f395f6e1377 100644
--- a/docs/pages/admin-guides/access-controls/sso/azuread.mdx
+++ b/docs/pages/admin-guides/access-controls/sso/azuread.mdx
@@ -92,14 +92,18 @@ Before you get started, you’ll need:
 
    ![Put in Security group claim](../../../../img/azuread/azuread-8b-groupclaim.png)
 
-1. Add a claim that transforms the format of the Azure AD username to lower case, in order to pass it to
-   Teleport. Set the Source to "Transformation". In the new panel:
+1. (optional) Add a claim that transforms the format of the Azure AD username to lower case, in order to use it inside
+   Teleport roles as the `{{external.username}}` property.
+
+   Set the Source to "Transformation". In the new panel:
 
    - Set the Transformation value to "Extract()"
 
    - Set the Attribute name to `user.userprincipalname`.
 
-   - Set the Value to `ToLowercase()`.
+   - Set the Value to `@`.
+
+   - Click "Add Transformation" and set the Transformation to `ToLowercase()`.
 
      ![Add a transformed username](../../../../img/azuread/azuread-8c-usernameclaim.png)
 

From fe2536c8656f3a73765d71905dc534d94e0e603e Mon Sep 17 00:00:00 2001
From: Gavin Frazar <gavin.frazar@goteleport.com>
Date: Tue, 22 Oct 2024 16:57:58 -0700
Subject: [PATCH 27/53] audit log postgres session PID (#47645)

---
 .../teleport/legacy/types/events/events.proto |    4 +
 api/types/events/events.pb.go                 | 1198 +++++++++--------
 lib/srv/db/audit_test.go                      |    5 +-
 lib/srv/db/common/audit.go                    |    1 +
 lib/srv/db/common/session.go                  |    2 +
 lib/srv/db/postgres/engine.go                 |    2 +
 6 files changed, 628 insertions(+), 584 deletions(-)

diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
index 9b59f0350e743..8dc8fbeab3a72 100644
--- a/api/proto/teleport/legacy/types/events/events.proto
+++ b/api/proto/teleport/legacy/types/events/events.proto
@@ -2751,6 +2751,10 @@ message DatabaseSessionStart {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+  // PostgresPID is the Postgres backend PID that was created for a Postgres
+  // connection. This can be useful for backend process cancellation or
+  // termination and it is not a sensitive or secret value.
+  uint32 PostgresPID = 8 [(gogoproto.jsontag) = "postgres_pid,omitempty"];
 }
 
 // DatabaseSessionQuery is emitted when a user executes a database query.
diff --git a/api/types/events/events.pb.go b/api/types/events/events.pb.go
index 08db3a3842b87..4bb617162401d 100644
--- a/api/types/events/events.pb.go
+++ b/api/types/events/events.pb.go
@@ -4655,7 +4655,11 @@ type DatabaseSessionStart struct {
 	// Status indicates whether the connection was successful or denied.
 	Status `protobuf:"bytes,6,opt,name=Status,proto3,embedded=Status" json:""`
 	// Database contains database related metadata.
-	DatabaseMetadata     `protobuf:"bytes,7,opt,name=Database,proto3,embedded=Database" json:""`
+	DatabaseMetadata `protobuf:"bytes,7,opt,name=Database,proto3,embedded=Database" json:""`
+	// PostgresPID is the Postgres backend PID that was created for a Postgres
+	// connection. This can be useful for backend process cancellation or
+	// termination and it is not a sensitive or secret value.
+	PostgresPID          uint32   `protobuf:"varint,8,opt,name=PostgresPID,proto3" json:"postgres_pid,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -12381,16 +12385,16 @@ func init() {
 }
 
 var fileDescriptor_007ba1c3d6266d56 = []byte{
-	// 13912 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7b, 0x6c, 0x24, 0x47,
-	0x7a, 0x18, 0xce, 0x79, 0xf0, 0x55, 0x7c, 0x0d, 0x6b, 0x5f, 0x2d, 0x6a, 0x77, 0x47, 0x6a, 0xdd,
-	0xad, 0x76, 0x75, 0x2b, 0xee, 0x69, 0x77, 0x4f, 0x3a, 0xe9, 0xa4, 0x93, 0x86, 0x1c, 0x72, 0x39,
-	0x5a, 0x3e, 0x46, 0x3d, 0xdc, 0x5d, 0xe9, 0x1e, 0x1a, 0x37, 0xa7, 0x6b, 0xc9, 0x16, 0x67, 0xba,
-	0xe7, 0xba, 0x7b, 0x96, 0x4b, 0xfd, 0x7e, 0x49, 0x7c, 0x8e, 0x9f, 0xc1, 0xdd, 0xe1, 0xe0, 0x20,
-	0xb0, 0x13, 0x07, 0x88, 0x1f, 0x70, 0xe2, 0x18, 0xb6, 0xcf, 0x76, 0x02, 0xdb, 0x67, 0xc7, 0x88,
-	0x9d, 0x73, 0x10, 0x39, 0x17, 0x07, 0xb6, 0x13, 0x18, 0x41, 0xe2, 0xf0, 0x9c, 0x0b, 0x9c, 0x3f,
-	0x88, 0x04, 0x70, 0x90, 0x43, 0xec, 0x38, 0x4e, 0x10, 0xd4, 0x57, 0xd5, 0xdd, 0x55, 0xfd, 0x18,
-	0x92, 0x4b, 0xca, 0x14, 0x8f, 0xfc, 0x67, 0x97, 0xf3, 0x7d, 0x5f, 0x7d, 0x55, 0xfd, 0xd5, 0x57,
+	// 13933 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7b, 0x70, 0x24, 0xc7,
+	0x79, 0x18, 0x8e, 0x7d, 0xe0, 0xd5, 0x78, 0x2d, 0xfa, 0x5e, 0x43, 0xf0, 0xee, 0x96, 0x1c, 0x4a,
+	0xc7, 0x3b, 0xea, 0x88, 0x13, 0xef, 0x4e, 0xa4, 0x48, 0x91, 0x22, 0x17, 0x58, 0xe0, 0xb0, 0x3c,
+	0x3c, 0x96, 0xb3, 0xb8, 0x3b, 0x52, 0x0f, 0xae, 0x07, 0x3b, 0x7d, 0xc0, 0x10, 0xbb, 0x33, 0xab,
+	0x99, 0xd9, 0xc3, 0x81, 0xbf, 0x5f, 0x12, 0xcb, 0xf1, 0x33, 0x91, 0x54, 0x2a, 0xa7, 0x52, 0x76,
+	0xe2, 0x54, 0xc5, 0x8f, 0x72, 0xe2, 0xb8, 0x6c, 0xcb, 0x76, 0x52, 0xb6, 0x65, 0xc7, 0x15, 0x3b,
+	0x72, 0x2a, 0x74, 0x94, 0xa4, 0x6c, 0x27, 0xe5, 0x4a, 0x25, 0x0e, 0xe4, 0x28, 0xe5, 0xfc, 0x81,
+	0x4a, 0xaa, 0x9c, 0x8a, 0x2a, 0x76, 0x1c, 0x27, 0x95, 0xea, 0xaf, 0x7b, 0x66, 0xba, 0xe7, 0xb1,
+	0x00, 0x0e, 0xa0, 0x41, 0x08, 0xf8, 0xe7, 0x0e, 0xfb, 0x7d, 0x5f, 0x7f, 0xdd, 0xf3, 0xf5, 0xd7,
 	0xef, 0xef, 0x81, 0xae, 0x78, 0xa4, 0x49, 0xda, 0xb6, 0xe3, 0x5d, 0x6b, 0x92, 0x55, 0xbd, 0xb1,
 	0x79, 0xcd, 0xdb, 0x6c, 0x13, 0xf7, 0x1a, 0x79, 0x40, 0x2c, 0xcf, 0xff, 0x6f, 0xb2, 0xed, 0xd8,
 	0x9e, 0x8d, 0xfb, 0xd8, 0xaf, 0x89, 0xd3, 0xab, 0xf6, 0xaa, 0x0d, 0xa0, 0x6b, 0xf4, 0x2f, 0x86,
@@ -12433,7 +12437,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x84, 0x36, 0x5f, 0xd9, 0xde, 0x2a, 0x7e, 0xd8, 0xe1, 0x34, 0xf5, 0xae, 0x6a, 0x97, 0xca, 0x0a,
 	0xcf, 0xa0, 0x01, 0xaa, 0x4d, 0xb7, 0x4d, 0xcb, 0x50, 0xd0, 0x13, 0x99, 0xcb, 0xa3, 0xd7, 0x0b,
 	0x7e, 0xeb, 0x7d, 0xf8, 0xd4, 0xb9, 0xed, 0xad, 0xe2, 0x29, 0xaa, 0x83, 0xf5, 0x75, 0xd3, 0x12,
-	0xa7, 0x88, 0xa0, 0xa8, 0xfa, 0xa7, 0x79, 0x34, 0x4a, 0x85, 0x23, 0xe8, 0x71, 0x89, 0x0e, 0x49,
+	0xa7, 0x88, 0xa0, 0xa8, 0xfa, 0x27, 0x79, 0x34, 0x4a, 0x85, 0x23, 0xe8, 0x71, 0x89, 0x0e, 0x49,
 	0x0a, 0xa1, 0x23, 0xd4, 0x6d, 0xeb, 0x0d, 0xc2, 0x55, 0x1a, 0xd8, 0x59, 0x3e, 0x50, 0x60, 0x17,
 	0xa5, 0xc7, 0x57, 0xd0, 0x00, 0x03, 0x55, 0xca, 0x5c, 0xcb, 0x47, 0xb6, 0xb7, 0x8a, 0x83, 0x2e,
 	0xc0, 0xea, 0xa6, 0xa1, 0x05, 0x68, 0xaa, 0x66, 0xec, 0xef, 0x39, 0xdb, 0xf5, 0x28, 0x73, 0xae,
@@ -12461,7 +12465,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x08, 0x41, 0xb7, 0x1c, 0xbb, 0xd3, 0x76, 0x95, 0x1c, 0xb0, 0x2a, 0x6e, 0x6f, 0x15, 0x1f, 0x17,
 	0x58, 0xad, 0x02, 0x52, 0x5c, 0x49, 0xa3, 0x05, 0xf1, 0x77, 0x67, 0x44, 0x6e, 0x7c, 0x14, 0xe6,
 	0x61, 0x14, 0xbe, 0xe0, 0x8f, 0xc2, 0x54, 0x21, 0x4d, 0x46, 0x4b, 0xf2, 0x41, 0x19, 0x69, 0x46,
-	0x6c, 0x50, 0xc6, 0x6a, 0x9c, 0x98, 0x46, 0x67, 0x12, 0x79, 0xed, 0x49, 0xab, 0xff, 0x38, 0x27,
+	0x6c, 0x50, 0xc6, 0x6a, 0x9c, 0x98, 0x46, 0x67, 0x12, 0x79, 0xed, 0x49, 0xab, 0xff, 0x28, 0x27,
 	0x72, 0xa9, 0xda, 0x46, 0xd0, 0x99, 0x4b, 0x62, 0x67, 0x56, 0x6d, 0x03, 0xb6, 0x4b, 0x99, 0x70,
 	0x11, 0x13, 0x1a, 0xdb, 0xb6, 0x8d, 0xe8, 0xae, 0x29, 0x5e, 0x16, 0xbf, 0x8d, 0xce, 0xc6, 0x80,
 	0x6c, 0xba, 0x66, 0xda, 0x7f, 0x69, 0x7b, 0xab, 0xa8, 0x26, 0x70, 0x8d, 0xce, 0xde, 0x29, 0x5c,
@@ -12522,7 +12526,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x90, 0xc5, 0xd0, 0xf5, 0xf1, 0x49, 0x76, 0xed, 0x4b, 0x89, 0x18, 0x62, 0x6a, 0x94, 0xcf, 0x06,
 	0x7d, 0x1e, 0xfc, 0xd6, 0x78, 0x01, 0xf5, 0x1b, 0xbd, 0x68, 0x98, 0x5f, 0x51, 0xc2, 0x6c, 0x8e,
 	0x5f, 0x0a, 0x2f, 0x7d, 0xf9, 0xf4, 0x15, 0x5c, 0xd3, 0x04, 0xd7, 0x4b, 0xc3, 0x94, 0xd9, 0xef,
-	0x6e, 0x15, 0x33, 0xdb, 0x5b, 0xc5, 0x1e, 0x6d, 0x40, 0x38, 0x54, 0x86, 0xeb, 0x8d, 0xb0, 0xc0,
+	0x6c, 0x15, 0x33, 0xdb, 0x5b, 0xc5, 0x1e, 0x6d, 0x40, 0x38, 0x54, 0x86, 0xeb, 0x8d, 0xb0, 0xc0,
 	0x8a, 0x97, 0x8e, 0x91, 0xb2, 0x6c, 0xfd, 0x79, 0x15, 0xf5, 0xf3, 0x36, 0x70, 0x8d, 0x3b, 0x17,
 	0xde, 0x65, 0x48, 0x57, 0xad, 0x91, 0xd2, 0x7e, 0x29, 0xfc, 0x32, 0xea, 0x63, 0x67, 0x7b, 0x2e,
 	0x80, 0xb3, 0xc9, 0x77, 0x21, 0x91, 0xe2, 0xbc, 0x0c, 0x9e, 0x43, 0x28, 0x3c, 0xd7, 0x07, 0x37,
@@ -12534,7 +12538,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x74, 0xcb, 0x50, 0x06, 0x43, 0x4d, 0x36, 0x19, 0xa6, 0xde, 0x60, 0x28, 0x51, 0x93, 0xe5, 0x42,
 	0xf4, 0x58, 0xce, 0xfb, 0x50, 0x23, 0x0d, 0xdb, 0xa1, 0x7b, 0x01, 0xb8, 0x1c, 0xe4, 0xc7, 0x72,
 	0x97, 0xe1, 0xea, 0x8e, 0x8f, 0x14, 0x37, 0xdb, 0xd1, 0x82, 0xaf, 0xe7, 0x07, 0x86, 0x0a, 0xc3,
-	0xd1, 0xfb, 0x5c, 0xf5, 0x1f, 0xe6, 0xd0, 0x10, 0x27, 0xa5, 0x4b, 0xe9, 0x89, 0x82, 0xef, 0x47,
+	0xd1, 0xfb, 0x5c, 0xf5, 0x1f, 0xe4, 0xd0, 0x10, 0x27, 0xa5, 0x4b, 0xe9, 0x89, 0x82, 0xef, 0x47,
 	0xc1, 0x13, 0x15, 0xb5, 0xef, 0xa0, 0x14, 0x55, 0xfd, 0x42, 0x36, 0x98, 0x8d, 0xaa, 0x8e, 0x69,
 	0xed, 0x6f, 0x36, 0xba, 0x84, 0xd0, 0xf4, 0x5a, 0xc7, 0x5a, 0x67, 0xef, 0x56, 0xd9, 0xf0, 0xdd,
 	0xaa, 0x61, 0x6a, 0x02, 0x06, 0x5f, 0x40, 0xf9, 0x32, 0xe5, 0x4f, 0x7b, 0x66, 0x78, 0x6a, 0xf0,
@@ -12544,7 +12548,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xc0, 0x2a, 0xea, 0x5b, 0xba, 0x7f, 0xdf, 0x25, 0x1e, 0x88, 0x2f, 0x37, 0x85, 0xe8, 0xe4, 0x6c,
 	0x03, 0x44, 0xe3, 0x18, 0xf5, 0x2b, 0x19, 0x7a, 0x7a, 0x71, 0xd7, 0x3d, 0xbb, 0x1d, 0x68, 0xf9,
 	0xbe, 0x44, 0x72, 0x25, 0xdc, 0x57, 0x64, 0xe1, 0x6b, 0xc7, 0xf8, 0xd7, 0xf6, 0xf3, 0xbd, 0x45,
-	0xb8, 0xa3, 0x48, 0xfc, 0xaa, 0xdc, 0x0e, 0x5f, 0xa5, 0xfe, 0x49, 0x16, 0x9d, 0xe3, 0x2d, 0x9e,
+	0xb8, 0xa3, 0x48, 0xfc, 0xaa, 0xdc, 0x0e, 0x5f, 0xa5, 0xfe, 0x71, 0x16, 0x9d, 0xe3, 0x2d, 0x9e,
 	0x6e, 0x9a, 0xed, 0x15, 0x5b, 0x77, 0x0c, 0x8d, 0x34, 0x88, 0xf9, 0x80, 0x1c, 0xcd, 0x81, 0x27,
 	0x0f, 0x9d, 0xfc, 0x3e, 0x86, 0xce, 0x75, 0x38, 0x08, 0x52, 0xc9, 0xc0, 0x85, 0x2f, 0xdb, 0x54,
 	0x14, 0xb6, 0xb7, 0x8a, 0xc3, 0x06, 0x03, 0xc3, 0x95, 0xbf, 0x26, 0x12, 0x51, 0x25, 0x99, 0x27,
@@ -12559,12 +12563,12 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x24, 0xca, 0x57, 0x75, 0x6f, 0x8d, 0xbf, 0x83, 0xc3, 0x9b, 0xf0, 0x7d, 0xb3, 0x49, 0xea, 0x6d,
 	0xdd, 0x5b, 0xd3, 0x00, 0x25, 0xcc, 0x19, 0x08, 0x38, 0x26, 0xcc, 0x19, 0xc2, 0x62, 0x3f, 0xf4,
 	0x44, 0xe6, 0x72, 0x3e, 0x71, 0xb1, 0xff, 0x46, 0x3e, 0x6d, 0x5e, 0xb9, 0xe7, 0x98, 0x1e, 0x39,
-	0xd1, 0xb0, 0x13, 0x0d, 0xdb, 0xa7, 0x86, 0xfd, 0x7e, 0x16, 0x8d, 0x04, 0x87, 0xa6, 0x77, 0x48,
+	0xd1, 0xb0, 0x13, 0x0d, 0xdb, 0xa7, 0x86, 0xfd, 0x5e, 0x16, 0x8d, 0x04, 0x87, 0xa6, 0x77, 0x48,
 	0xe3, 0x70, 0xd6, 0xaa, 0xf0, 0x28, 0x93, 0xdb, 0xf7, 0x51, 0x66, 0x3f, 0x0a, 0xa5, 0x06, 0x57,
 	0x9e, 0x6c, 0x6b, 0x00, 0x12, 0x63, 0x57, 0x9e, 0xc1, 0x45, 0xe7, 0x93, 0xa8, 0x7f, 0x41, 0x7f,
 	0x68, 0xb6, 0x3a, 0x2d, 0xbe, 0x4b, 0x07, 0xbb, 0xae, 0x96, 0xfe, 0x50, 0xf3, 0xe1, 0xea, 0xbf,
 	0xcd, 0xa0, 0x51, 0x2e, 0x54, 0xce, 0x7c, 0x5f, 0x52, 0x0d, 0xa5, 0x93, 0xdd, 0xb7, 0x74, 0x72,
-	0x8f, 0x2e, 0x1d, 0xf5, 0xef, 0xe6, 0x90, 0x32, 0x6b, 0x36, 0xc9, 0xb2, 0xa3, 0x5b, 0xee, 0x7d,
+	0x8f, 0x2e, 0x1d, 0xf5, 0xef, 0xe4, 0x90, 0x32, 0x6b, 0x36, 0xc9, 0xb2, 0xa3, 0x5b, 0xee, 0x7d,
 	0xe2, 0xf0, 0xe3, 0xf4, 0x0c, 0x65, 0xb5, 0xaf, 0x0f, 0x14, 0xa6, 0x94, 0xec, 0x23, 0x4d, 0x29,
 	0x1f, 0x41, 0x83, 0xbc, 0x31, 0x81, 0x4d, 0x21, 0x8c, 0x1a, 0xc7, 0x07, 0x6a, 0x21, 0x9e, 0x12,
 	0x97, 0xda, 0x6d, 0xc7, 0x7e, 0x40, 0x1c, 0xf6, 0x4a, 0xc5, 0x89, 0x75, 0x1f, 0xa8, 0x85, 0x78,
@@ -12573,7 +12577,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xca, 0xb2, 0xbd, 0x61, 0x35, 0x6d, 0x9d, 0x19, 0xbf, 0x0c, 0x30, 0x4a, 0x83, 0xc3, 0xb4, 0x00,
 	0x4b, 0x29, 0xa9, 0xcc, 0xc1, 0xa8, 0x68, 0x20, 0xe4, 0x79, 0x9f, 0xc3, 0xb4, 0x00, 0xab, 0x7e,
 	0x25, 0x4f, 0xb5, 0xd7, 0x35, 0xdf, 0x3d, 0xf6, 0xeb, 0x42, 0x38, 0x60, 0x7a, 0x1f, 0x61, 0xc0,
-	0x1c, 0x9b, 0x0b, 0x3b, 0xf5, 0x4f, 0xfb, 0x11, 0xe2, 0xd2, 0x9f, 0x39, 0x39, 0x1c, 0xee, 0x4f,
+	0x1c, 0x9b, 0x0b, 0x3b, 0xf5, 0x4f, 0xfa, 0x11, 0xe2, 0xd2, 0x9f, 0x39, 0x39, 0x1c, 0xee, 0x4f,
 	0x6b, 0xca, 0x68, 0x7c, 0xc6, 0x5a, 0xd3, 0xad, 0x06, 0x31, 0xc2, 0x6b, 0xcb, 0x3e, 0x18, 0xda,
 	0x60, 0xd3, 0x4b, 0x38, 0x32, 0xbc, 0xb7, 0xd4, 0xe2, 0x05, 0xf0, 0x73, 0x68, 0xa8, 0x62, 0x79,
 	0xc4, 0xd1, 0x1b, 0x9e, 0xf9, 0x80, 0xf0, 0xa9, 0x01, 0x5e, 0x86, 0xcd, 0x10, 0xac, 0x89, 0x34,
@@ -12586,7 +12590,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xd0, 0x54, 0x75, 0x36, 0x18, 0xbd, 0x8f, 0xa1, 0x5c, 0x95, 0x5b, 0x2a, 0xe4, 0xd9, 0x7e, 0xa6,
 	0x6d, 0x1a, 0x1a, 0x85, 0xe1, 0x2b, 0x68, 0x60, 0x1a, 0xcc, 0xdf, 0xf8, 0x2b, 0x62, 0x9e, 0xad,
 	0x7f, 0x0d, 0x80, 0x81, 0x15, 0xac, 0x8f, 0xc6, 0x1f, 0x46, 0xfd, 0x55, 0xc7, 0x5e, 0x75, 0xf4,
-	0x16, 0x5f, 0x83, 0xc1, 0x54, 0xa4, 0xcd, 0x40, 0x9a, 0x8f, 0x53, 0xff, 0x66, 0xc6, 0xdf, 0xb6,
+	0x16, 0x5f, 0x83, 0xc1, 0x54, 0xa4, 0xcd, 0x40, 0x9a, 0x8f, 0x53, 0xff, 0x46, 0xc6, 0xdf, 0xb6,
 	0xd3, 0x12, 0xb5, 0x0e, 0x5c, 0xcd, 0x43, 0xdd, 0x03, 0xac, 0x84, 0xcb, 0x40, 0x9a, 0x8f, 0xc3,
 	0x57, 0x50, 0xef, 0x8c, 0xe3, 0xd8, 0x8e, 0x68, 0x6c, 0x4e, 0x28, 0x40, 0x7c, 0xee, 0x05, 0x0a,
 	0xfc, 0x02, 0x1a, 0x62, 0x73, 0x0e, 0xbb, 0xd1, 0xcc, 0x75, 0x7b, 0x29, 0x15, 0x29, 0xd5, 0xaf,
@@ -12612,11 +12616,11 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xf5, 0xde, 0x52, 0x80, 0xf7, 0x50, 0xb8, 0x31, 0x68, 0x99, 0x9e, 0x47, 0x0c, 0xbe, 0x4a, 0xc0,
 	0x7b, 0xa1, 0xf7, 0x50, 0x8b, 0xe1, 0xf1, 0x55, 0x34, 0x02, 0x30, 0xfe, 0x44, 0xc8, 0xce, 0xc7,
 	0xbc, 0x80, 0xf3, 0x50, 0x93, 0x91, 0xea, 0xd7, 0xc3, 0xd7, 0xe1, 0x79, 0xa2, 0x1f, 0xd5, 0x17,
-	0xc5, 0x0f, 0x48, 0x7f, 0xa9, 0x7f, 0x91, 0x67, 0x2e, 0x20, 0xcc, 0x71, 0xef, 0x30, 0x44, 0x19,
+	0xc5, 0x0f, 0x48, 0x7f, 0xa9, 0x7f, 0x9e, 0x67, 0x2e, 0x20, 0xcc, 0x71, 0xef, 0x30, 0x44, 0x19,
 	0x5e, 0xe9, 0xe6, 0xf6, 0x70, 0xa5, 0x7b, 0x15, 0xf5, 0x2d, 0x10, 0x6f, 0xcd, 0xf6, 0x0d, 0xbf,
 	0xc0, 0x42, 0xaf, 0x05, 0x10, 0xd1, 0x42, 0x8f, 0xd1, 0xe0, 0x75, 0x84, 0x7d, 0xaf, 0xbc, 0xc0,
 	0x10, 0xdb, 0xbf, 0x42, 0x3e, 0x17, 0x3b, 0xa7, 0xd4, 0xc0, 0x25, 0x17, 0x6c, 0xec, 0x4f, 0x07,
-	0x86, 0xde, 0x82, 0x25, 0xd6, 0x9f, 0x6f, 0x15, 0xfb, 0x18, 0x8d, 0x96, 0xc0, 0x16, 0xbf, 0x81,
+	0x86, 0xde, 0x82, 0x25, 0xd6, 0x9f, 0x6d, 0x15, 0xfb, 0x18, 0x8d, 0x96, 0xc0, 0x16, 0xbf, 0x81,
 	0x06, 0x17, 0x66, 0x4b, 0xdc, 0x43, 0x8f, 0x59, 0x45, 0x3c, 0x16, 0x48, 0xd1, 0x47, 0x04, 0x22,
 	0x01, 0x7f, 0x9b, 0xd6, 0x7d, 0x3d, 0xee, 0xa0, 0x17, 0x72, 0xa1, 0xda, 0xc2, 0x3c, 0x77, 0xf8,
 	0xed, 0x42, 0xa0, 0x2d, 0xb2, 0x3f, 0x4f, 0x54, 0x56, 0x0c, 0x1b, 0xd1, 0x96, 0x81, 0x7d, 0x8c,
@@ -12627,11 +12631,11 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x61, 0x2f, 0xf0, 0x23, 0xe7, 0x38, 0x61, 0x45, 0x62, 0xa7, 0x4d, 0x06, 0x06, 0x97, 0x28, 0x66,
 	0x3e, 0x3e, 0xe5, 0xbb, 0xd9, 0x32, 0x97, 0x28, 0x6e, 0x66, 0x2e, 0xf9, 0xb8, 0x85, 0xa4, 0xf8,
 	0x29, 0x94, 0x5b, 0x5e, 0x9e, 0xe7, 0xda, 0x08, 0xee, 0xcd, 0x9e, 0x27, 0xfa, 0x7c, 0x51, 0xac,
-	0xfa, 0x87, 0x59, 0x84, 0xa8, 0xd2, 0x4f, 0x3b, 0x44, 0x3f, 0xa4, 0xc7, 0x9c, 0x29, 0x34, 0xe0,
+	0xfa, 0x07, 0x59, 0x84, 0xa8, 0xd2, 0x4f, 0x3b, 0x44, 0x3f, 0xa4, 0xc7, 0x9c, 0x29, 0x34, 0xe0,
 	0x0b, 0x9c, 0x0f, 0xb8, 0xc0, 0xf2, 0x39, 0xda, 0x11, 0xd1, 0xba, 0x03, 0x2b, 0xf7, 0xa2, 0x6f,
 	0x8c, 0xcb, 0xee, 0x52, 0x61, 0x77, 0x08, 0xc6, 0xb8, 0xbe, 0x09, 0xee, 0x47, 0xd0, 0x20, 0xd7,
 	0x1a, 0x5b, 0xba, 0x43, 0x6d, 0xf8, 0x40, 0x2d, 0xc4, 0x47, 0xd4, 0xb3, 0x6f, 0x1f, 0x93, 0xd9,
-	0x97, 0xb8, 0x78, 0x99, 0x99, 0xfe, 0x91, 0x15, 0xef, 0x81, 0x5d, 0x70, 0xa9, 0xbf, 0x9f, 0x41,
+	0x97, 0xb8, 0x78, 0x99, 0x99, 0xfe, 0x91, 0x15, 0xef, 0x81, 0x5d, 0x70, 0xa9, 0xbf, 0x97, 0x41,
 	0x98, 0x36, 0xab, 0xaa, 0xbb, 0xee, 0x86, 0xed, 0x18, 0xcc, 0x02, 0xf5, 0x50, 0x04, 0x73, 0x70,
 	0x8f, 0x12, 0x5f, 0x1b, 0x40, 0xa7, 0x24, 0xeb, 0xbe, 0x23, 0x3e, 0x9a, 0xae, 0xc8, 0xa3, 0xa9,
 	0x9b, 0x69, 0xfb, 0x87, 0xc4, 0x57, 0x8f, 0x5e, 0xc9, 0xcb, 0x44, 0x78, 0xee, 0x78, 0x16, 0x0d,
@@ -12655,7 +12659,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x0d, 0xa0, 0x14, 0x2b, 0xf8, 0x9b, 0x02, 0x16, 0x5e, 0xee, 0xd8, 0xb6, 0xa5, 0x8c, 0xc6, 0x6a,
 	0x9d, 0x15, 0xbf, 0x6e, 0xc1, 0x79, 0x06, 0xbc, 0xe9, 0xdd, 0xce, 0x4a, 0xe0, 0x71, 0x26, 0xc5,
 	0x2a, 0x90, 0x8b, 0xa8, 0x5f, 0xc9, 0x44, 0x66, 0xc1, 0x43, 0x5c, 0xf4, 0x3e, 0x14, 0x7f, 0x8c,
-	0x8d, 0x4f, 0x4b, 0xea, 0xdf, 0xcb, 0xa2, 0xa1, 0xaa, 0xed, 0x78, 0x3c, 0x2e, 0xc0, 0xd1, 0x5e,
+	0x8d, 0x4f, 0x4b, 0xea, 0xdf, 0xcd, 0xa2, 0xa1, 0xaa, 0xed, 0x78, 0x3c, 0x2e, 0xc0, 0xd1, 0x5e,
 	0x85, 0x84, 0x63, 0x4b, 0x7e, 0x0f, 0xc7, 0x96, 0xf3, 0x28, 0x2f, 0xd8, 0x21, 0xb2, 0xcb, 0x4f,
 	0xc3, 0x70, 0x34, 0x80, 0xaa, 0xdf, 0x99, 0x45, 0xe8, 0xcd, 0xe7, 0x9e, 0x3b, 0xc6, 0x02, 0x52,
 	0x7f, 0x24, 0x83, 0xc6, 0xf8, 0x6d, 0xbc, 0x10, 0x59, 0xa7, 0xdf, 0x7f, 0x47, 0x11, 0xc7, 0x25,
@@ -12663,7 +12667,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xc3, 0xc4, 0x25, 0xc0, 0xa7, 0xc3, 0xcf, 0xfa, 0xef, 0x0c, 0xb9, 0x70, 0xdd, 0xa3, 0x05, 0x66,
 	0x12, 0xdf, 0x1a, 0xd4, 0x5f, 0xca, 0xa3, 0xfc, 0xcc, 0x43, 0xd2, 0x38, 0xe2, 0x5d, 0x23, 0xdc,
 	0x5e, 0xe4, 0xf7, 0x79, 0x7b, 0xf1, 0x28, 0x0f, 0xa7, 0xaf, 0x86, 0xfd, 0xd9, 0x27, 0x57, 0x1f,
-	0xe9, 0xf9, 0x68, 0xf5, 0x7e, 0x4f, 0x1f, 0xbd, 0x77, 0xf7, 0x7f, 0x9e, 0x43, 0xb9, 0xda, 0x74,
+	0xe9, 0xf9, 0x68, 0xf5, 0x7e, 0x4f, 0x1f, 0xbd, 0x77, 0xf7, 0x7f, 0x96, 0x43, 0xb9, 0xda, 0x74,
 	0xf5, 0x44, 0x6f, 0x0e, 0x55, 0x6f, 0xba, 0x3f, 0x4c, 0xa9, 0xc1, 0x5d, 0xf3, 0x40, 0x68, 0x0a,
 	0x16, 0xb9, 0x56, 0xfe, 0x56, 0x0e, 0x8d, 0xd6, 0x66, 0x97, 0xab, 0xc2, 0x75, 0xcf, 0x6d, 0x66,
 	0xae, 0x03, 0x86, 0x23, 0xac, 0x4b, 0xcf, 0xc7, 0xf6, 0x33, 0x77, 0x2a, 0x96, 0xf7, 0xfc, 0xcd,
@@ -12674,7 +12678,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0xe7, 0xec, 0xee, 0x4c, 0xe8, 0x49, 0x65, 0xa8, 0x1d, 0x16, 0x02, 0x66, 0x22, 0x17, 0xfc, 0x16,
 	0x42, 0x6c, 0x8f, 0xb2, 0xcb, 0x68, 0x6d, 0x17, 0x60, 0xdf, 0xcf, 0xb6, 0x96, 0x09, 0x7b, 0x3c,
 	0x81, 0x19, 0x5e, 0x47, 0x85, 0x05, 0xdb, 0x30, 0xef, 0x9b, 0xcc, 0xbe, 0x0a, 0x2a, 0xe8, 0xdb,
-	0xd9, 0xaa, 0x81, 0x6e, 0x25, 0x5b, 0x42, 0xb9, 0xa4, 0x6a, 0x62, 0x8c, 0xd5, 0x7f, 0xda, 0x8b,
+	0xd9, 0xaa, 0x81, 0x6e, 0x25, 0x5b, 0x42, 0xb9, 0xa4, 0x6a, 0x62, 0x8c, 0xd5, 0x7f, 0xd2, 0x8b,
 	0xf2, 0xb4, 0xdb, 0x4f, 0xc6, 0xef, 0x7e, 0xc6, 0x6f, 0x09, 0x15, 0xee, 0xd9, 0xce, 0xba, 0x69,
 	0xad, 0x06, 0xa6, 0xaf, 0xfc, 0x6c, 0x0a, 0xcf, 0xf5, 0x1b, 0x0c, 0x57, 0x0f, 0xac, 0x64, 0xb5,
 	0x18, 0xf9, 0x0e, 0x23, 0xf8, 0x45, 0x84, 0x98, 0x43, 0x2b, 0xd0, 0x0c, 0x84, 0x1e, 0xe9, 0xcc,
@@ -12691,567 +12695,568 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{
 	0x84, 0xeb, 0x72, 0xcd, 0x6e, 0x92, 0xa3, 0xfd, 0x19, 0x07, 0x78, 0x5d, 0xee, 0x0b, 0xe4, 0x00,
 	0xae, 0x52, 0xbe, 0x3d, 0x04, 0xf2, 0xc3, 0x59, 0x74, 0x9a, 0x87, 0x09, 0xe5, 0x87, 0xa3, 0x13,
 	0x5d, 0x49, 0x15, 0xcd, 0x89, 0xd6, 0x70, 0xd1, 0xfc, 0x54, 0x0e, 0x9d, 0x86, 0x60, 0x6a, 0x74,
-	0xcf, 0xf8, 0x6d, 0x30, 0x51, 0xe2, 0x86, 0xfc, 0x42, 0xb3, 0x90, 0xf0, 0x42, 0xf3, 0xe7, 0x5b,
+	0xcf, 0xf8, 0x6d, 0x30, 0x51, 0xe2, 0x86, 0xfc, 0x42, 0xb3, 0x90, 0xf0, 0x42, 0xf3, 0x67, 0x5b,
 	0xc5, 0xe7, 0x57, 0x4d, 0x6f, 0xad, 0xb3, 0x32, 0xd9, 0xb0, 0x5b, 0xd7, 0x56, 0x1d, 0xfd, 0x81,
 	0xc9, 0xde, 0x26, 0xf4, 0xe6, 0xb5, 0x20, 0xe2, 0xb6, 0xde, 0x36, 0x79, 0x2c, 0xee, 0x1a, 0x6c,
 	0xc4, 0x28, 0x57, 0xff, 0x6d, 0xc7, 0x45, 0xe8, 0x75, 0xdb, 0xb4, 0xb8, 0x55, 0x03, 0x5b, 0x85,
 	0x6b, 0x74, 0xf3, 0xfa, 0x8e, 0x6d, 0x5a, 0xf5, 0xa8, 0x69, 0xc3, 0x5e, 0xeb, 0x0b, 0x59, 0x6b,
-	0x42, 0x35, 0xea, 0xbf, 0xc9, 0xa0, 0xc7, 0x64, 0x2d, 0xfe, 0x76, 0x58, 0xd8, 0xfe, 0x76, 0x16,
+	0x42, 0x35, 0xea, 0xbf, 0xc9, 0xa0, 0xc7, 0x64, 0x2d, 0xfe, 0x76, 0x58, 0xd8, 0xfe, 0x56, 0x16,
 	0x9d, 0xb9, 0x05, 0xc2, 0x09, 0x5e, 0x99, 0x4f, 0xe6, 0x2d, 0x3e, 0x38, 0x13, 0x64, 0x73, 0x32,
-	0x71, 0x71, 0xd9, 0xfc, 0x4e, 0x06, 0x9d, 0x5a, 0xaa, 0x94, 0xa7, 0xbf, 0x4d, 0xb4, 0x26, 0xfe,
-	0x3d, 0x47, 0xbb, 0xa7, 0xe1, 0x7b, 0x6a, 0xa5, 0x85, 0xf9, 0x6f, 0xa7, 0xfe, 0x91, 0xbe, 0xe7,
-	0x88, 0xf7, 0xcf, 0x6f, 0xf5, 0xa1, 0xa1, 0xdb, 0x9d, 0x15, 0xc2, 0xdf, 0xfc, 0x8e, 0xf5, 0x81,
-	0xfa, 0x3a, 0x1a, 0xe2, 0x62, 0x80, 0xcb, 0x28, 0x21, 0xf0, 0x08, 0x77, 0x24, 0x65, 0xbe, 0xdd,
-	0x22, 0x11, 0x3e, 0x8f, 0xf2, 0x77, 0x89, 0xb3, 0x22, 0xda, 0xe4, 0x3f, 0x20, 0xce, 0x8a, 0x06,
-	0x50, 0x3c, 0x1f, 0x9a, 0xca, 0x95, 0xaa, 0x15, 0x08, 0x42, 0xcd, 0xef, 0xc1, 0x20, 0xaa, 0x76,
-	0x60, 0x4e, 0xa0, 0xb7, 0x4d, 0x16, 0xbe, 0x5a, 0xf4, 0x07, 0x8a, 0x96, 0xc4, 0x8b, 0x68, 0x5c,
-	0x7c, 0x4f, 0x66, 0x11, 0x98, 0x07, 0x12, 0xd8, 0x25, 0xc5, 0x5e, 0x8e, 0x17, 0xc5, 0xaf, 0xa2,
-	0x61, 0x1f, 0x08, 0x2f, 0xe3, 0x83, 0x61, 0xd8, 0xcf, 0x80, 0x55, 0x24, 0xbc, 0xbb, 0x54, 0x40,
-	0x64, 0x00, 0xb7, 0x3b, 0x28, 0x81, 0x41, 0xc4, 0xd2, 0x40, 0x2a, 0x80, 0x3f, 0x06, 0x0c, 0xda,
-	0xb6, 0xe5, 0x12, 0x78, 0x03, 0x1c, 0x02, 0x83, 0x75, 0x30, 0xc5, 0x73, 0x38, 0x9c, 0xb9, 0x25,
-	0x48, 0x64, 0x78, 0x09, 0xa1, 0xf0, 0xad, 0x86, 0x3b, 0x7f, 0xed, 0xf9, 0x15, 0x49, 0x60, 0x21,
-	0xde, 0xb2, 0x8e, 0x3c, 0xca, 0x2d, 0xab, 0xfa, 0x7b, 0x59, 0x34, 0x54, 0x6a, 0xb7, 0x83, 0xa1,
-	0xf0, 0x2c, 0xea, 0x2b, 0xb5, 0xdb, 0x77, 0xb4, 0x8a, 0x18, 0x06, 0x52, 0x6f, 0xb7, 0xeb, 0x1d,
-	0xc7, 0x14, 0x4d, 0x6d, 0x18, 0x11, 0x9e, 0x46, 0x23, 0xa5, 0x76, 0xbb, 0xda, 0x59, 0x69, 0x9a,
-	0x0d, 0x21, 0xaa, 0x3c, 0x4b, 0x80, 0xd1, 0x6e, 0xd7, 0xdb, 0x80, 0x89, 0xa6, 0x16, 0x90, 0xcb,
-	0xe0, 0xb7, 0xc1, 0x65, 0x9a, 0x07, 0x35, 0x67, 0x61, 0x93, 0xd5, 0x20, 0x00, 0x64, 0xd8, 0xb6,
-	0xc9, 0x80, 0x88, 0x05, 0xca, 0x3c, 0xef, 0x87, 0x1b, 0xa5, 0x15, 0xc5, 0x82, 0x97, 0x87, 0x2c,
-	0xf1, 0x47, 0x51, 0x7f, 0xa9, 0xdd, 0x16, 0xae, 0xf1, 0xe0, 0xad, 0x96, 0x96, 0x8a, 0xf4, 0xb1,
-	0x4f, 0x36, 0xf1, 0x32, 0x1a, 0x95, 0x2b, 0xdb, 0x53, 0xa0, 0xcd, 0x3f, 0xcb, 0xc0, 0x07, 0x1d,
-	0x71, 0x53, 0xb1, 0x1b, 0x28, 0x57, 0x6a, 0xb7, 0xf9, 0x7c, 0x74, 0x2a, 0xa1, 0x3f, 0xa2, 0xee,
-	0x23, 0xa5, 0x76, 0xdb, 0xff, 0x74, 0x66, 0xaa, 0x7a, 0xbc, 0x3e, 0xfd, 0x6b, 0xec, 0xd3, 0x8f,
-	0xb6, 0x3d, 0xa8, 0xfa, 0x4b, 0x39, 0x34, 0x56, 0x6a, 0xb7, 0x4f, 0x02, 0x74, 0x1e, 0x94, 0x93,
-	0xca, 0x73, 0x08, 0x09, 0xd3, 0x63, 0x7f, 0x60, 0xb2, 0x3d, 0x24, 0x4c, 0x8d, 0x4a, 0x46, 0x13,
-	0x88, 0x7c, 0xf5, 0x1b, 0xd8, 0x93, 0xfa, 0x7d, 0x3e, 0x07, 0x53, 0xf1, 0x51, 0x77, 0xb8, 0xff,
-	0xa0, 0x74, 0x1b, 0xef, 0x83, 0xbe, 0x3d, 0xf5, 0xc1, 0x6f, 0x4a, 0x83, 0x07, 0x02, 0x3e, 0x9e,
-	0xf4, 0x42, 0xef, 0xbe, 0xb6, 0xc5, 0xa3, 0xa2, 0x30, 0xb9, 0x17, 0xb0, 0x1f, 0x84, 0x9e, 0xfb,
-	0xa4, 0x37, 0x28, 0xaa, 0x6e, 0x1a, 0x5a, 0x84, 0xd6, 0xef, 0xc3, 0xfe, 0x3d, 0xf5, 0xe1, 0x56,
-	0x16, 0xfc, 0x4e, 0x02, 0x9f, 0xf6, 0xfd, 0x9f, 0x2e, 0xae, 0x21, 0xc4, 0x1e, 0x74, 0x02, 0x6b,
-	0xb1, 0x11, 0xe6, 0xbe, 0xca, 0x62, 0xd3, 0x73, 0xf7, 0xd5, 0x90, 0x24, 0x78, 0x78, 0xce, 0x25,
-	0x3e, 0x3c, 0x5f, 0x41, 0x03, 0x9a, 0xbe, 0xf1, 0x46, 0x87, 0x38, 0x9b, 0x7c, 0x3b, 0xc3, 0x42,
-	0xc6, 0xe8, 0x1b, 0xf5, 0xcf, 0x51, 0xa0, 0x16, 0xa0, 0xb1, 0x1a, 0x38, 0x2e, 0x09, 0x0f, 0x6d,
-	0xec, 0x76, 0x2f, 0x70, 0x57, 0x7a, 0x14, 0x45, 0xc7, 0x2f, 0xa1, 0x5c, 0xe9, 0x5e, 0x8d, 0x4b,
-	0x36, 0xe8, 0xda, 0xd2, 0xbd, 0x1a, 0x97, 0x57, 0x6a, 0xd9, 0x7b, 0x35, 0xf5, 0xf3, 0x59, 0x84,
-	0xe3, 0x94, 0xf8, 0x79, 0x34, 0x08, 0xd0, 0x55, 0xaa, 0x33, 0x62, 0x52, 0xa3, 0x0d, 0xb7, 0xee,
-	0x00, 0x54, 0xda, 0xdc, 0xf9, 0xa4, 0xf8, 0x45, 0xc8, 0xdf, 0xc6, 0xd3, 0x6a, 0x48, 0x49, 0x8d,
-	0x36, 0x5c, 0x3f, 0xe3, 0x59, 0x24, 0x7d, 0x1b, 0x27, 0x86, 0x7d, 0xe1, 0xbd, 0xda, 0x9c, 0xed,
-	0x7a, 0x5c, 0xd4, 0x6c, 0x5f, 0xb8, 0xe1, 0x42, 0x36, 0x2d, 0x69, 0x5f, 0xc8, 0xc8, 0x20, 0x23,
-	0xc0, 0xbd, 0x1a, 0xb3, 0xfe, 0x35, 0x34, 0xbb, 0xe9, 0x6f, 0x28, 0x59, 0x46, 0x80, 0x0d, 0xb7,
-	0xce, 0x2c, 0x87, 0x0d, 0x48, 0x1c, 0x27, 0x65, 0x04, 0x90, 0x4a, 0xa9, 0x5f, 0x1c, 0x40, 0x85,
-	0xb2, 0xee, 0xe9, 0x2b, 0xba, 0x4b, 0x84, 0xd3, 0xf4, 0x98, 0x0f, 0xf3, 0x3f, 0x47, 0x90, 0x83,
-	0xb1, 0x92, 0xf0, 0x35, 0xd1, 0x02, 0xf8, 0x13, 0x21, 0xdf, 0x20, 0x5f, 0x93, 0x98, 0x00, 0x62,
-	0xa5, 0xde, 0xe6, 0x60, 0x2d, 0x46, 0x88, 0xaf, 0xa2, 0x21, 0x1f, 0x46, 0x0f, 0x00, 0xb9, 0x50,
-	0x67, 0x8c, 0x15, 0xba, 0xff, 0xd7, 0x44, 0x34, 0x7e, 0x11, 0x0d, 0xfb, 0x3f, 0x85, 0xad, 0x35,
-	0xcb, 0x66, 0xb1, 0x12, 0x3b, 0x3d, 0x89, 0xa4, 0x62, 0x51, 0x98, 0xdf, 0x7a, 0xa5, 0xa2, 0x91,
-	0x84, 0x11, 0x12, 0x29, 0xfe, 0x1c, 0x1a, 0xf5, 0x7f, 0xf3, 0x03, 0x03, 0xcb, 0xad, 0x71, 0x35,
-	0xc8, 0x4b, 0x17, 0x11, 0xeb, 0xa4, 0x4c, 0xce, 0x8e, 0x0e, 0x8f, 0xfb, 0x39, 0x10, 0x8c, 0x95,
-	0xf8, 0xc9, 0x21, 0x52, 0x01, 0xae, 0xa0, 0x71, 0x1f, 0x12, 0x6a, 0x68, 0x7f, 0x78, 0x62, 0x34,
-	0x56, 0xea, 0x89, 0x4a, 0x1a, 0x2f, 0x85, 0x9b, 0xe8, 0xbc, 0x04, 0x34, 0xdc, 0x35, 0xf3, 0xbe,
-	0xc7, 0x8f, 0x7b, 0x3c, 0x7e, 0x1b, 0x4f, 0x7a, 0x13, 0x70, 0x65, 0x34, 0x7e, 0xf6, 0x2a, 0x39,
-	0xb2, 0x7e, 0x57, 0x6e, 0xb8, 0x86, 0x4e, 0xfb, 0xf8, 0x5b, 0xd3, 0xd5, 0xaa, 0x63, 0xbf, 0x43,
-	0x1a, 0x5e, 0xa5, 0xcc, 0x8f, 0xcb, 0x10, 0xd7, 0xc3, 0x58, 0xa9, 0xaf, 0x36, 0xda, 0x54, 0x29,
-	0x28, 0x4e, 0x66, 0x9e, 0x58, 0x18, 0xdf, 0x45, 0x67, 0x04, 0x78, 0xc5, 0x72, 0x3d, 0xdd, 0x6a,
-	0x90, 0x4a, 0x99, 0x9f, 0xa1, 0xe1, 0x3c, 0xcf, 0xb9, 0x9a, 0x1c, 0x29, 0xb3, 0x4d, 0x2e, 0x8e,
-	0x5f, 0x46, 0x23, 0x3e, 0x82, 0xbd, 0x7f, 0x0c, 0xc1, 0xfb, 0x07, 0x0c, 0x49, 0x63, 0xa5, 0x1e,
-	0x75, 0x52, 0x91, 0x89, 0x45, 0x8d, 0x82, 0xb4, 0xa0, 0xc3, 0x92, 0x46, 0x79, 0x9b, 0xed, 0x44,
-	0x65, 0x84, 0x54, 0xa1, 0xaf, 0x86, 0x1a, 0xb5, 0xe4, 0x98, 0xab, 0x26, 0x3b, 0x49, 0xfb, 0x7e,
-	0x29, 0x2b, 0x75, 0x1b, 0x80, 0x49, 0xfa, 0xc1, 0xc8, 0x27, 0x4a, 0xe8, 0x54, 0x82, 0x8e, 0xed,
-	0xe9, 0xc4, 0xf8, 0x85, 0x6c, 0xd8, 0x88, 0x23, 0x7e, 0x6c, 0x9c, 0x42, 0x03, 0xfe, 0x97, 0xf0,
-	0xcd, 0x83, 0x92, 0x36, 0x34, 0xa3, 0x3c, 0x7c, 0xbc, 0x24, 0x8e, 0x23, 0x7e, 0x94, 0x3c, 0x08,
-	0x71, 0xbc, 0x97, 0x09, 0xc5, 0x71, 0xc4, 0x8f, 0x97, 0xbf, 0x93, 0x0b, 0xe7, 0xa4, 0x93, 0x33,
-	0xe6, 0x41, 0x6d, 0x93, 0x43, 0xf3, 0xa2, 0xbe, 0x3d, 0xf8, 0x87, 0x88, 0xaa, 0xd9, 0xff, 0x88,
-	0xaa, 0xf9, 0x07, 0xf1, 0xfe, 0x64, 0x5b, 0xcf, 0x23, 0xd9, 0x9f, 0x07, 0x30, 0x58, 0xf1, 0xf5,
-	0x70, 0x1d, 0x63, 0x7b, 0xf4, 0x5e, 0x21, 0x3c, 0xca, 0x0a, 0xdf, 0xa2, 0xcb, 0x24, 0xf8, 0xd3,
-	0xe8, 0x9c, 0x04, 0xa8, 0xea, 0x8e, 0xde, 0x22, 0x5e, 0x98, 0xad, 0x05, 0x1c, 0xde, 0xfd, 0xd2,
-	0xf5, 0x76, 0x80, 0x16, 0x33, 0xc0, 0xa4, 0x70, 0x10, 0x94, 0xa3, 0x7f, 0x0f, 0xb6, 0x67, 0xff,
-	0x39, 0x8b, 0x46, 0xaa, 0xb6, 0xeb, 0xad, 0x3a, 0xc4, 0xad, 0xea, 0x8e, 0x4b, 0x8e, 0x6f, 0x8f,
-	0x7e, 0x1c, 0x8d, 0x80, 0xff, 0x65, 0x8b, 0x58, 0x9e, 0x90, 0x16, 0x91, 0x85, 0x6c, 0xf4, 0x11,
-	0x3c, 0x3a, 0xaf, 0x44, 0x88, 0x8b, 0xa8, 0x97, 0xe9, 0x80, 0xe0, 0x15, 0xcb, 0x14, 0x80, 0xc1,
-	0xd5, 0x1f, 0xcf, 0xa1, 0x61, 0x5f, 0xca, 0x53, 0xe6, 0x51, 0xbd, 0xb3, 0x39, 0x5c, 0x21, 0x5f,
-	0x43, 0xa8, 0x6a, 0x3b, 0x9e, 0xde, 0x14, 0x92, 0xab, 0xc3, 0x61, 0xa7, 0x0d, 0x50, 0x56, 0x46,
-	0x20, 0xc1, 0x93, 0x08, 0x09, 0x03, 0xac, 0x1f, 0x06, 0xd8, 0xe8, 0xf6, 0x56, 0x11, 0x85, 0xe3,
-	0x4a, 0x13, 0x28, 0xd4, 0x5f, 0xcb, 0xa2, 0x31, 0xbf, 0x93, 0x66, 0x1e, 0x92, 0x46, 0xc7, 0x3b,
-	0xc6, 0x83, 0x41, 0x96, 0x76, 0xef, 0x8e, 0xd2, 0x56, 0xff, 0x87, 0x30, 0x91, 0x4c, 0x37, 0xed,
-	0x93, 0x89, 0xe4, 0x2f, 0x43, 0xc7, 0xd5, 0xef, 0xce, 0xa1, 0xd3, 0xbe, 0xd4, 0x67, 0x3b, 0x16,
-	0x6c, 0x13, 0xa6, 0xf5, 0x66, 0xf3, 0x38, 0xaf, 0xcb, 0x43, 0xbe, 0x20, 0x96, 0x78, 0x40, 0x03,
-	0x1e, 0x29, 0xfd, 0x3e, 0x07, 0xd7, 0x6d, 0xd3, 0xd0, 0x44, 0x22, 0xfc, 0x2a, 0x1a, 0xf6, 0x7f,
-	0x96, 0x9c, 0x55, 0x7f, 0x31, 0x86, 0x43, 0x7f, 0x50, 0x48, 0x77, 0x24, 0xbf, 0x0d, 0xa9, 0x80,
-	0xfa, 0x5f, 0xfa, 0xd0, 0xc4, 0x3d, 0xd3, 0x32, 0xec, 0x0d, 0xd7, 0x0f, 0xb4, 0x7f, 0xe4, 0x37,
-	0xbd, 0x87, 0x1d, 0x60, 0xff, 0x0d, 0x74, 0x26, 0x2a, 0x52, 0x27, 0x08, 0x7f, 0xc4, 0x7b, 0x67,
-	0x83, 0x11, 0xd4, 0xfd, 0x90, 0xfb, 0xfc, 0xe6, 0x4c, 0x4b, 0x2e, 0x19, 0x8d, 0xd9, 0xdf, 0xbf,
-	0x9b, 0x98, 0xfd, 0xcf, 0xa0, 0xbe, 0xb2, 0xdd, 0xd2, 0x4d, 0xdf, 0x83, 0x0f, 0x46, 0x71, 0x50,
-	0x2f, 0x60, 0x34, 0x4e, 0x41, 0xf9, 0xf3, 0x8a, 0xa1, 0xcb, 0x06, 0x43, 0xfe, 0x7e, 0x81, 0x8e,
-	0x4b, 0x1c, 0x4d, 0x24, 0xc2, 0x36, 0x1a, 0xe1, 0xd5, 0xf1, 0x7b, 0x2e, 0x04, 0xf7, 0x5c, 0x41,
-	0x66, 0xc4, 0x74, 0xb5, 0x9a, 0x94, 0xca, 0xb1, 0x0b, 0x2f, 0x96, 0x4a, 0x80, 0x7f, 0x0c, 0xbb,
-	0xf1, 0xd2, 0x64, 0xfe, 0x82, 0x10, 0x60, 0x92, 0x19, 0x8a, 0x0b, 0x01, 0x66, 0x19, 0x91, 0x08,
-	0xcf, 0xa0, 0xf1, 0x52, 0xb3, 0x69, 0x6f, 0x04, 0x71, 0x86, 0xa8, 0x4a, 0x0c, 0x43, 0xac, 0x55,
-	0xb8, 0x3e, 0xd1, 0x29, 0x12, 0x3e, 0xae, 0xde, 0xe0, 0x68, 0x2d, 0x5e, 0x62, 0xe2, 0x35, 0x84,
-	0xe3, 0x6d, 0xde, 0xd3, 0x05, 0xca, 0x17, 0xb3, 0x08, 0x47, 0xce, 0x21, 0x33, 0xc7, 0x78, 0x3b,
-	0xa5, 0xfe, 0x5c, 0x06, 0x8d, 0xc7, 0xe2, 0x7f, 0xe1, 0x1b, 0x08, 0x31, 0x88, 0x10, 0x77, 0x02,
-	0x1c, 0xb9, 0xc2, 0x98, 0x60, 0x7c, 0x29, 0x09, 0xc9, 0xf0, 0x35, 0x34, 0xc0, 0x7e, 0x05, 0x89,
-	0x3e, 0xa3, 0x45, 0x3a, 0x1d, 0xd3, 0xd0, 0x02, 0xa2, 0xb0, 0x16, 0xb8, 0x89, 0xcb, 0x25, 0x16,
-	0xf1, 0x36, 0xdb, 0x41, 0x2d, 0x94, 0x8c, 0x76, 0xe0, 0x70, 0xd0, 0xe0, 0x92, 0x71, 0x58, 0x5d,
-	0xd7, 0xc7, 0x43, 0xa9, 0xe5, 0x76, 0x0a, 0xa5, 0x16, 0x99, 0x9b, 0x78, 0xec, 0xb4, 0x83, 0x33,
-	0x0f, 0xfd, 0x72, 0x16, 0x8d, 0x05, 0xb5, 0x1e, 0xe2, 0xa5, 0xcf, 0x07, 0x48, 0x24, 0x5f, 0xca,
-	0x20, 0x65, 0xca, 0x6c, 0x36, 0x4d, 0x6b, 0xb5, 0x62, 0xdd, 0xb7, 0x9d, 0x16, 0x4c, 0x1e, 0x87,
-	0x77, 0x3f, 0xa8, 0x7e, 0x5f, 0x06, 0x8d, 0xf3, 0x06, 0x4d, 0xeb, 0x8e, 0x71, 0x78, 0x17, 0xb7,
-	0xd1, 0x96, 0x1c, 0x9e, 0xbe, 0xa8, 0x5f, 0xcd, 0x22, 0x34, 0x6f, 0x37, 0xd6, 0x8f, 0xb8, 0x0d,
-	0xfc, 0x27, 0x76, 0xce, 0x6f, 0x5b, 0x90, 0xf3, 0xdb, 0x2a, 0x19, 0x3f, 0xc3, 0x2d, 0xad, 0x94,
-	0xd2, 0xf1, 0x5d, 0x4d, 0x50, 0xa9, 0x98, 0x40, 0x97, 0x55, 0xba, 0xbd, 0x55, 0xcc, 0x37, 0xed,
-	0xc6, 0xba, 0x06, 0xf4, 0xea, 0x5f, 0x64, 0x98, 0xec, 0x8e, 0xb8, 0x8d, 0xbc, 0xff, 0xf9, 0xf9,
-	0x3d, 0x7e, 0xfe, 0xdf, 0xc8, 0xa0, 0xd3, 0x1a, 0x69, 0xd8, 0x0f, 0x88, 0xb3, 0x39, 0x6d, 0x1b,
-	0xe4, 0x16, 0xb1, 0x88, 0x73, 0x58, 0x23, 0xea, 0x9f, 0x40, 0xb0, 0xc8, 0xb0, 0x31, 0x77, 0x5c,
-	0x62, 0x1c, 0x9d, 0x90, 0xa5, 0xea, 0x3f, 0xee, 0x47, 0x4a, 0xe2, 0x0e, 0xf1, 0xc8, 0xee, 0x8a,
-	0x52, 0xb7, 0xfd, 0xf9, 0x83, 0xda, 0xf6, 0xf7, 0xee, 0x6d, 0xdb, 0xdf, 0xb7, 0xd7, 0x6d, 0x7f,
-	0xff, 0x6e, 0xb6, 0xfd, 0xad, 0xe8, 0xb6, 0x7f, 0x00, 0xb6, 0xfd, 0x37, 0xba, 0x6e, 0xfb, 0x67,
-	0x2c, 0xe3, 0x11, 0x37, 0xfd, 0x47, 0x36, 0x51, 0xc7, 0xa3, 0x9c, 0x56, 0x2e, 0xd3, 0x49, 0xb1,
-	0x61, 0x3b, 0x06, 0x31, 0xf8, 0x21, 0x05, 0x6e, 0xe5, 0x1d, 0x0e, 0xd3, 0x02, 0x6c, 0x2c, 0xeb,
-	0xc9, 0xc8, 0x6e, 0xb2, 0x9e, 0x1c, 0xc0, 0x31, 0xe6, 0x0b, 0x59, 0x34, 0x3e, 0x4d, 0x1c, 0x8f,
-	0x45, 0x04, 0x39, 0x88, 0xa7, 0xe0, 0x12, 0x1a, 0x13, 0x18, 0xc2, 0x8e, 0x5c, 0xc8, 0xd6, 0xdf,
-	0x20, 0x8e, 0x17, 0x7d, 0x1d, 0x8f, 0xd2, 0xd3, 0xea, 0xfd, 0xc8, 0xc3, 0x7c, 0xec, 0x06, 0xd5,
-	0xfb, 0x70, 0x26, 0x48, 0x93, 0xff, 0xd2, 0x02, 0x7a, 0x21, 0x98, 0x70, 0x7e, 0xef, 0xc1, 0x84,
-	0xd5, 0x9f, 0xc9, 0xa0, 0x4b, 0x1a, 0xb1, 0xc8, 0x86, 0xbe, 0xd2, 0x24, 0x42, 0xb3, 0xf8, 0xca,
-	0x40, 0x67, 0x0d, 0xd3, 0x6d, 0xe9, 0x5e, 0x63, 0x6d, 0x5f, 0x32, 0x9a, 0x45, 0xc3, 0xe2, 0xfc,
-	0xb5, 0x87, 0xb9, 0x4d, 0x2a, 0xa7, 0xfe, 0x6a, 0x0e, 0xf5, 0x4f, 0xd9, 0xde, 0xbe, 0x73, 0x7e,
-	0x87, 0x53, 0x7e, 0x76, 0x0f, 0xf7, 0x22, 0x1f, 0x85, 0xca, 0x85, 0x58, 0x80, 0x60, 0x3a, 0xb1,
-	0x62, 0xc7, 0x62, 0x26, 0xfa, 0x64, 0x7b, 0x8c, 0x6b, 0xfd, 0x3c, 0x1a, 0x04, 0x7f, 0x4d, 0xe1,
-	0xe6, 0x12, 0x0c, 0x93, 0x3c, 0x0a, 0x8c, 0xd6, 0x11, 0x92, 0xe2, 0x4f, 0x4b, 0x21, 0x4c, 0xfa,
-	0xf6, 0x1f, 0x07, 0x5b, 0x8c, 0x66, 0x72, 0x60, 0xe1, 0xa6, 0xd5, 0x6f, 0xe5, 0xd1, 0xb0, 0x6f,
-	0x8e, 0x72, 0x48, 0x3d, 0xf8, 0x2c, 0xea, 0x9b, 0xb3, 0x85, 0xb8, 0x86, 0x60, 0xbe, 0xb2, 0x66,
-	0xbb, 0x11, 0xbb, 0x1c, 0x4e, 0x84, 0x6f, 0xa0, 0x81, 0x45, 0xdb, 0x10, 0x8d, 0xaf, 0x60, 0x4c,
-	0x5b, 0xb6, 0x11, 0x73, 0x5e, 0x09, 0x08, 0xf1, 0x25, 0x94, 0x07, 0xbb, 0x35, 0xe1, 0xea, 0x39,
-	0x62, 0xab, 0x06, 0x78, 0x41, 0x37, 0xfa, 0xf6, 0xaa, 0x1b, 0xfd, 0x8f, 0xaa, 0x1b, 0x03, 0x07,
-	0xab, 0x1b, 0x6f, 0xa1, 0x61, 0xa8, 0xc9, 0x8f, 0xdb, 0xbd, 0xf3, 0xf2, 0xf6, 0x18, 0x5f, 0x81,
-	0x46, 0x58, 0xbb, 0x79, 0xf4, 0x6e, 0x58, 0x78, 0x24, 0x56, 0x11, 0xb5, 0x43, 0xfb, 0x50, 0xbb,
-	0x3f, 0xc8, 0xa0, 0xfe, 0x3b, 0xd6, 0xba, 0x65, 0x6f, 0xec, 0x4f, 0xe3, 0x6e, 0xa0, 0x21, 0xce,
-	0x46, 0x98, 0xe3, 0xc1, 0x1f, 0xa9, 0xc3, 0xc0, 0x75, 0xe0, 0xa4, 0x89, 0x54, 0xf8, 0xe5, 0xa0,
-	0x10, 0x98, 0xa6, 0xe6, 0xc2, 0xc8, 0xa0, 0x7e, 0xa1, 0x86, 0x1c, 0xcc, 0x50, 0x24, 0xc7, 0xe7,
-	0x79, 0x16, 0x7b, 0x21, 0x34, 0x0e, 0x6d, 0x0a, 0x4b, 0x62, 0xaf, 0xfe, 0xab, 0x2c, 0x1a, 0x8d,
-	0x5c, 0x3f, 0x3d, 0x83, 0x06, 0xf9, 0xf5, 0x8f, 0xe9, 0x47, 0x57, 0x04, 0xd3, 0xd5, 0x00, 0xa8,
-	0x0d, 0xb0, 0x3f, 0x2b, 0x06, 0xfe, 0x24, 0xea, 0xb7, 0x5d, 0x58, 0x9a, 0xe0, 0x5b, 0x46, 0xc3,
-	0x21, 0xb4, 0x54, 0xa3, 0x6d, 0x67, 0x83, 0x83, 0x93, 0x88, 0x1a, 0x69, 0xbb, 0xf0, 0x69, 0x37,
-	0xd1, 0xa0, 0xee, 0xba, 0xc4, 0xab, 0x7b, 0xfa, 0xaa, 0x18, 0x70, 0x31, 0x00, 0x8a, 0xa3, 0x03,
-	0x80, 0xcb, 0xfa, 0x2a, 0x7e, 0x0d, 0x8d, 0x34, 0x1c, 0x02, 0x8b, 0x97, 0xde, 0xa4, 0xad, 0x14,
-	0x36, 0x97, 0x12, 0x42, 0xbc, 0xf1, 0x0f, 0x11, 0x15, 0x03, 0xdf, 0x45, 0x23, 0xfc, 0x73, 0x98,
-	0xdd, 0x18, 0x0c, 0xb4, 0xd1, 0x70, 0x31, 0x61, 0x22, 0x61, 0x96, 0x63, 0xdc, 0x7c, 0x50, 0x24,
-	0x17, 0xf9, 0x1a, 0x02, 0xa9, 0xfa, 0xf5, 0x0c, 0xdd, 0xf0, 0x50, 0x40, 0x90, 0x10, 0xb3, 0xb5,
-	0x47, 0x5d, 0x69, 0x85, 0x31, 0xef, 0xfb, 0xdc, 0x2e, 0xb3, 0x93, 0xc6, 0xb1, 0x78, 0x12, 0xf5,
-	0x19, 0xe2, 0xdd, 0xcf, 0x59, 0xf9, 0x23, 0xfc, 0x7a, 0x34, 0x4e, 0x85, 0x2f, 0xa3, 0x3c, 0xdd,
-	0xd0, 0x46, 0x0f, 0x7e, 0xe2, 0x1a, 0xa9, 0x01, 0x85, 0xfa, 0x9d, 0x59, 0x34, 0x2c, 0x7c, 0xcd,
-	0xf5, 0x7d, 0x7d, 0xce, 0x4b, 0xbb, 0x6b, 0x26, 0xb7, 0x64, 0x05, 0x58, 0xd0, 0xe4, 0x9b, 0x81,
-	0x28, 0x76, 0xf5, 0x04, 0xc1, 0x05, 0xf3, 0x3c, 0xff, 0xd0, 0xbe, 0xdd, 0x1f, 0x82, 0x28, 0xfd,
-	0xeb, 0xf9, 0x81, 0x6c, 0x21, 0xf7, 0x7a, 0x7e, 0x20, 0x5f, 0xe8, 0x05, 0xdf, 0x78, 0x88, 0x07,
-	0xc5, 0x4e, 0x98, 0xd6, 0x7d, 0x73, 0xf5, 0x88, 0x5b, 0xfe, 0x1d, 0x6c, 0xdc, 0x80, 0x88, 0x6c,
-	0x8e, 0xb8, 0x19, 0xe0, 0xfb, 0x2a, 0x9b, 0x93, 0x14, 0x04, 0x5c, 0x36, 0xff, 0x2e, 0x83, 0x94,
-	0x44, 0xd9, 0x94, 0x0e, 0xe9, 0xe5, 0xfb, 0xe0, 0x12, 0x11, 0x7c, 0x33, 0x8b, 0xc6, 0x2b, 0x96,
-	0x47, 0x56, 0xd9, 0xb9, 0xe7, 0x88, 0x4f, 0x15, 0xb7, 0x59, 0x22, 0x52, 0xfe, 0x31, 0xbc, 0xcf,
-	0x1f, 0x0f, 0x4e, 0x95, 0x21, 0x2a, 0x85, 0x93, 0x58, 0xfa, 0x00, 0x13, 0x14, 0x45, 0x84, 0x7c,
-	0xc4, 0xe7, 0x9c, 0xa3, 0x21, 0xe4, 0x23, 0x3e, 0x79, 0x7d, 0x40, 0x85, 0xfc, 0xdf, 0x33, 0xe8,
-	0x54, 0x42, 0xe5, 0x90, 0xde, 0xaf, 0xb3, 0x02, 0x41, 0x13, 0x32, 0x42, 0x7a, 0xbf, 0xce, 0x0a,
-	0xc4, 0x4b, 0xd0, 0x7c, 0x24, 0x5e, 0x06, 0xd7, 0xa8, 0xa5, 0x4a, 0x79, 0x9a, 0x4b, 0x55, 0x15,
-	0x9c, 0xbc, 0x28, 0x38, 0xe9, 0xcb, 0x02, 0xf7, 0x29, 0xdb, 0x34, 0x1a, 0x11, 0xf7, 0x29, 0x5a,
-	0x06, 0x7f, 0x06, 0x0d, 0x96, 0xde, 0xed, 0x38, 0x04, 0xf8, 0x32, 0x89, 0x7f, 0x28, 0xe0, 0xeb,
-	0x23, 0x92, 0x38, 0x33, 0x4f, 0x30, 0x4a, 0x11, 0xe5, 0x1d, 0x32, 0x54, 0xbf, 0x98, 0x41, 0x13,
-	0xe9, 0xad, 0xc3, 0x1f, 0x45, 0xfd, 0xf4, 0x64, 0x5b, 0xd2, 0x16, 0xf9, 0xa7, 0xb3, 0xa4, 0x1d,
-	0x76, 0x93, 0xd4, 0x75, 0x47, 0xdc, 0x78, 0xfb, 0x64, 0xf8, 0x15, 0x34, 0x54, 0x71, 0xdd, 0x0e,
-	0x71, 0x6a, 0x37, 0xee, 0x68, 0x15, 0x7e, 0xa6, 0x82, 0x3d, 0xbb, 0x09, 0xe0, 0xba, 0x7b, 0x23,
-	0x12, 0x16, 0x41, 0xa4, 0x57, 0xbf, 0x3f, 0x83, 0xce, 0x77, 0xfb, 0x2a, 0x7a, 0x80, 0x5f, 0x26,
-	0x96, 0x6e, 0x79, 0x3c, 0x39, 0x2e, 0x3f, 0xa2, 0x78, 0x00, 0x93, 0x0f, 0x19, 0x01, 0x21, 0x2d,
-	0xc4, 0x6e, 0xc7, 0x82, 0xe7, 0x78, 0x76, 0x93, 0x07, 0xb0, 0x48, 0x21, 0x9f, 0x50, 0xfd, 0xe9,
-	0x37, 0x51, 0xef, 0x92, 0x45, 0x96, 0xee, 0xe3, 0xe7, 0x84, 0x14, 0x6c, 0x7c, 0xa0, 0x8d, 0x8b,
-	0x03, 0x06, 0x10, 0x73, 0x3d, 0x9a, 0x90, 0xa8, 0xed, 0xa6, 0x98, 0x47, 0x8a, 0xab, 0x03, 0x16,
-	0xcb, 0x30, 0xcc, 0x5c, 0x8f, 0x26, 0xe6, 0x9b, 0xba, 0x29, 0xa6, 0x47, 0xe2, 0x9d, 0x2d, 0x95,
-	0x62, 0x18, 0xbf, 0x14, 0x9f, 0x06, 0xe6, 0x93, 0x72, 0x08, 0x45, 0xf7, 0x04, 0x71, 0x8a, 0xb9,
-	0x1e, 0x2d, 0x39, 0xf7, 0xd0, 0xb0, 0x68, 0x18, 0x13, 0x7d, 0x90, 0x13, 0x71, 0x73, 0x3d, 0x9a,
-	0x44, 0x8b, 0x5f, 0x08, 0x12, 0x35, 0xbe, 0x6e, 0x9b, 0x56, 0xd4, 0x3f, 0x52, 0x40, 0xcd, 0xf5,
-	0x68, 0x22, 0xa5, 0x50, 0x69, 0xd5, 0x31, 0x83, 0x2c, 0x6a, 0xd1, 0x4a, 0x01, 0x27, 0x54, 0x0a,
-	0xbf, 0xf1, 0x2b, 0x68, 0x24, 0x70, 0x3c, 0x7d, 0x87, 0x34, 0x3c, 0x7e, 0x25, 0x72, 0x26, 0x52,
-	0x98, 0x21, 0xe7, 0x7a, 0x34, 0x99, 0x1a, 0x5f, 0xf6, 0x53, 0xf4, 0xf3, 0xbb, 0x8e, 0x51, 0x61,
-	0x3a, 0x33, 0xdf, 0xa5, 0x52, 0xf2, 0x53, 0xf8, 0xdf, 0x14, 0x53, 0xb3, 0xf3, 0x0b, 0x0c, 0x1c,
-	0xa9, 0x65, 0xc6, 0x32, 0x68, 0xef, 0x08, 0x0f, 0x47, 0xaf, 0x45, 0x93, 0x18, 0xf3, 0xd4, 0xd8,
-	0x67, 0x23, 0x25, 0x39, 0x76, 0xae, 0x47, 0x8b, 0x26, 0x3d, 0x7e, 0x41, 0x4a, 0xa0, 0xcb, 0x23,
-	0xa0, 0x44, 0xa5, 0x4a, 0x51, 0x82, 0x54, 0x21, 0xd5, 0xee, 0x6b, 0xd1, 0x8c, 0xae, 0x3c, 0xde,
-	0xc9, 0xd9, 0xe4, 0xbc, 0x9f, 0x42, 0xd5, 0x7e, 0x06, 0xd8, 0x17, 0xa4, 0xcc, 0x9b, 0x90, 0xdc,
-	0x3a, 0xa1, 0x6a, 0xdd, 0xd3, 0xc5, 0xaa, 0xd9, 0xf9, 0x52, 0xca, 0x01, 0x09, 0x29, 0x6a, 0xe2,
-	0x1d, 0x0a, 0x38, 0xa1, 0x43, 0x59, 0xbe, 0xc8, 0x17, 0xa4, 0x34, 0x24, 0x3c, 0x07, 0x4d, 0x50,
-	0xa9, 0x80, 0xa2, 0x95, 0x8a, 0x09, 0x4b, 0x6e, 0x8a, 0xd9, 0x39, 0x94, 0x71, 0xb9, 0x83, 0x42,
-	0x0c, 0xed, 0x20, 0x21, 0x8b, 0x47, 0x11, 0x22, 0xff, 0x2b, 0x18, 0xc8, 0x87, 0x82, 0x16, 0x4e,
-	0x57, 0xe7, 0x7a, 0x34, 0xc8, 0x09, 0xa0, 0xb2, 0x9c, 0x12, 0xca, 0x29, 0xa0, 0x18, 0x0e, 0x32,
-	0x9c, 0x3e, 0x24, 0x8d, 0xb9, 0x1e, 0x8d, 0xe5, 0x9b, 0x78, 0x4e, 0x88, 0xde, 0xac, 0x9c, 0x96,
-	0xa7, 0x88, 0x00, 0x41, 0xa7, 0x88, 0x30, 0xc6, 0xf3, 0x6c, 0x3c, 0xc2, 0xb1, 0x72, 0x46, 0x5e,
-	0x51, 0xa3, 0xf8, 0xb9, 0x1e, 0x2d, 0x1e, 0x15, 0xf9, 0x05, 0x29, 0xe8, 0xaf, 0x72, 0x36, 0xe2,
-	0x94, 0x1c, 0xa2, 0xa8, 0xb8, 0xc4, 0xf0, 0xc0, 0x4b, 0x89, 0x69, 0xba, 0x94, 0x73, 0xf2, 0x72,
-	0x9c, 0x40, 0x32, 0xd7, 0xa3, 0x25, 0x26, 0xf8, 0x9a, 0x8e, 0x85, 0xde, 0x55, 0x14, 0xf9, 0xdd,
-	0x32, 0x82, 0x9e, 0xeb, 0xd1, 0x62, 0xc1, 0x7a, 0x6f, 0x8a, 0x31, 0x6f, 0x95, 0xc7, 0xe4, 0x4e,
-	0x0c, 0x31, 0xb4, 0x13, 0x85, 0xd8, 0xb8, 0x37, 0xc5, 0xc0, 0xb0, 0xca, 0x44, 0xbc, 0x54, 0x38,
-	0x73, 0x0a, 0x01, 0x64, 0xb5, 0xe4, 0xe8, 0xa9, 0xca, 0xe3, 0x3c, 0xb8, 0x3e, 0x2f, 0x9f, 0x44,
-	0x33, 0xd7, 0xa3, 0x25, 0x47, 0x5e, 0xd5, 0x92, 0xc3, 0x8e, 0x2a, 0xe7, 0xbb, 0xf1, 0x0c, 0x5a,
-	0x97, 0x1c, 0xb2, 0x54, 0xef, 0x12, 0x04, 0x52, 0xb9, 0x20, 0x47, 0x44, 0x4a, 0x25, 0x9c, 0xeb,
-	0xd1, 0xba, 0x84, 0x92, 0xbc, 0x93, 0x12, 0x91, 0x51, 0xb9, 0x28, 0xe7, 0xd6, 0x48, 0x24, 0x9a,
-	0xeb, 0xd1, 0x52, 0xe2, 0x39, 0xde, 0x49, 0x09, 0x66, 0xa8, 0x14, 0xbb, 0xb2, 0x0d, 0xe4, 0x91,
-	0x12, 0x0a, 0x71, 0x29, 0x31, 0x0e, 0xa0, 0xf2, 0x84, 0xac, 0xba, 0x09, 0x24, 0x54, 0x75, 0x93,
-	0x22, 0x08, 0x2e, 0x25, 0x06, 0xe2, 0x53, 0x9e, 0xec, 0xc2, 0x30, 0x68, 0x63, 0x62, 0x08, 0xbf,
-	0xa5, 0xc4, 0x48, 0x78, 0x8a, 0x2a, 0x33, 0x4c, 0x20, 0xa1, 0x0c, 0x93, 0x62, 0xe8, 0x2d, 0x25,
-	0x86, 0xa2, 0x53, 0x9e, 0xea, 0xc2, 0x30, 0x6c, 0x61, 0x52, 0x10, 0xbb, 0x17, 0xa4, 0x58, 0x70,
-	0xca, 0x87, 0xe4, 0x79, 0x43, 0x40, 0xd1, 0x79, 0x43, 0x8c, 0x1a, 0x37, 0x1d, 0x8b, 0x76, 0xa3,
-	0x7c, 0x58, 0x1e, 0xe6, 0x11, 0x34, 0x1d, 0xe6, 0xd1, 0xf8, 0x38, 0xd3, 0xb1, 0xa8, 0x1f, 0xca,
-	0xa5, 0x34, 0x26, 0x80, 0x96, 0x99, 0xb0, 0x38, 0x21, 0x95, 0x84, 0xb0, 0x13, 0xca, 0xd3, 0xb2,
-	0xcd, 0x5d, 0x8c, 0x60, 0xae, 0x47, 0x4b, 0x08, 0x56, 0xa1, 0x25, 0xfb, 0x58, 0x2a, 0x97, 0xe5,
-	0x61, 0x9b, 0x44, 0x43, 0x87, 0x6d, 0xa2, 0x7f, 0xe6, 0x7c, 0x92, 0x7d, 0xad, 0x72, 0x45, 0xde,
-	0x98, 0xc5, 0x29, 0xe8, 0xc6, 0x2c, 0xc1, 0x2e, 0x57, 0x4b, 0xf6, 0x1a, 0x54, 0x9e, 0xe9, 0xda,
-	0x42, 0xa0, 0x49, 0x68, 0x21, 0x73, 0xa2, 0x0b, 0xf7, 0x4e, 0x77, 0xda, 0x4d, 0x5b, 0x37, 0x94,
-	0x8f, 0x24, 0xee, 0x9d, 0x18, 0x52, 0xd8, 0x3b, 0x31, 0x00, 0x5d, 0xe5, 0x45, 0xfb, 0x53, 0xe5,
-	0xaa, 0xbc, 0xca, 0x8b, 0x38, 0xba, 0xca, 0x4b, 0xb6, 0xaa, 0xd3, 0x31, 0x5b, 0x4d, 0xe5, 0x59,
-	0x59, 0x01, 0x22, 0x68, 0xaa, 0x00, 0x51, 0xeb, 0xce, 0xb7, 0xd3, 0xad, 0x1b, 0x95, 0x49, 0xe0,
-	0xf6, 0x44, 0x90, 0xc3, 0x3d, 0x85, 0x6e, 0xae, 0x47, 0x4b, 0xb7, 0x90, 0xac, 0x24, 0x18, 0x2b,
-	0x2a, 0xd7, 0x64, 0x05, 0x8b, 0x11, 0x50, 0x05, 0x8b, 0x9b, 0x38, 0x56, 0x12, 0xac, 0x0d, 0x95,
-	0x8f, 0xa6, 0xb2, 0x0a, 0xbe, 0x39, 0xc1, 0x46, 0xf1, 0xa6, 0x68, 0x2e, 0xa8, 0x3c, 0x27, 0x2f,
-	0x76, 0x21, 0x86, 0x2e, 0x76, 0x82, 0x59, 0xe1, 0x4d, 0xd1, 0x50, 0x4e, 0xb9, 0x1e, 0x2f, 0x15,
-	0x2e, 0x91, 0x82, 0x41, 0x9d, 0x96, 0x6c, 0x5f, 0xa6, 0xdc, 0x90, 0xb5, 0x2e, 0x89, 0x86, 0x6a,
-	0x5d, 0xa2, 0x6d, 0xda, 0x6c, 0xdc, 0x4c, 0x4c, 0xb9, 0x19, 0xbd, 0x4b, 0x90, 0xf1, 0x74, 0xe7,
-	0x13, 0x33, 0x2d, 0x7b, 0x2d, 0x1a, 0x00, 0x40, 0xf9, 0x58, 0xe4, 0x31, 0x43, 0xc2, 0xd2, 0xfd,
-	0x6d, 0x24, 0x60, 0xc0, 0x6b, 0x51, 0x9f, 0x79, 0xe5, 0xf9, 0x64, 0x0e, 0x81, 0xae, 0x44, 0x7d,
-	0xec, 0x5f, 0x8b, 0xba, 0x99, 0x2b, 0x2f, 0x24, 0x73, 0x08, 0xa4, 0x1b, 0x75, 0x4b, 0x7f, 0x4e,
-	0x08, 0x7c, 0xa7, 0x7c, 0x5c, 0xde, 0x3a, 0x06, 0x08, 0xba, 0x75, 0x0c, 0xc3, 0xe3, 0x3d, 0x27,
-	0x04, 0x8c, 0x53, 0x5e, 0x8c, 0x15, 0x09, 0x1a, 0x2b, 0x84, 0x95, 0x7b, 0x4e, 0x08, 0xb4, 0xa6,
-	0xbc, 0x14, 0x2b, 0x12, 0xb4, 0x4e, 0x08, 0xc7, 0x66, 0x74, 0xf3, 0xc3, 0x51, 0x3e, 0x21, 0x5f,
-	0x71, 0xa4, 0x53, 0xce, 0xf5, 0x68, 0xdd, 0xfc, 0x79, 0xde, 0x4e, 0x37, 0xba, 0x53, 0x5e, 0x96,
-	0x87, 0x70, 0x1a, 0x1d, 0x1d, 0xc2, 0xa9, 0x86, 0x7b, 0xaf, 0x44, 0x7c, 0x72, 0x95, 0x57, 0xe4,
-	0x29, 0x4e, 0x42, 0xd2, 0x29, 0x2e, 0xea, 0xc1, 0x2b, 0x39, 0x9b, 0x2a, 0x9f, 0x94, 0xa7, 0x38,
-	0x11, 0x47, 0xa7, 0x38, 0xc9, 0x31, 0x75, 0x3a, 0xe6, 0x03, 0xa9, 0xbc, 0x2a, 0x4f, 0x71, 0x11,
-	0x34, 0x9d, 0xe2, 0xa2, 0x5e, 0x93, 0xaf, 0x44, 0x5c, 0x01, 0x95, 0xd7, 0x92, 0xdb, 0x0f, 0x48,
-	0xb1, 0xfd, 0xcc, 0x71, 0x50, 0x4b, 0xf6, 0x69, 0x53, 0x4a, 0xf2, 0xf8, 0x4d, 0xa2, 0xa1, 0xe3,
-	0x37, 0xd1, 0x1f, 0x6e, 0x29, 0x31, 0xb3, 0xa5, 0x32, 0xd5, 0xe5, 0xe0, 0x10, 0x6e, 0x45, 0x92,
-	0x72, 0x62, 0x8a, 0x67, 0x64, 0x76, 0x10, 0x9a, 0x4e, 0x39, 0x23, 0xfb, 0xc7, 0xa0, 0x08, 0x3d,
-	0x9d, 0x5d, 0x63, 0x36, 0x60, 0x4a, 0x59, 0x9e, 0x5d, 0x63, 0x04, 0x74, 0x76, 0x8d, 0x5b, 0x8e,
-	0xcd, 0xa2, 0x02, 0xd7, 0x22, 0x66, 0xda, 0x66, 0x5a, 0xab, 0xca, 0x4c, 0xc4, 0xa5, 0x24, 0x82,
-	0xa7, 0xb3, 0x53, 0x14, 0x06, 0xeb, 0x35, 0x83, 0x4d, 0x37, 0xcd, 0xf6, 0x8a, 0xad, 0x3b, 0x46,
-	0x8d, 0x58, 0x86, 0x32, 0x1b, 0x59, 0xaf, 0x13, 0x68, 0x60, 0xbd, 0x4e, 0x80, 0x83, 0xd3, 0x7b,
-	0x04, 0xae, 0x91, 0x06, 0x31, 0x1f, 0x10, 0xe5, 0x16, 0xb0, 0x2d, 0xa6, 0xb1, 0xe5, 0x64, 0x73,
-	0x3d, 0x5a, 0x1a, 0x07, 0xba, 0x57, 0x5f, 0xd8, 0xac, 0xbd, 0x31, 0x1f, 0xb8, 0x51, 0x56, 0x1d,
-	0xd2, 0xd6, 0x1d, 0xa2, 0xcc, 0xc9, 0x7b, 0xf5, 0x44, 0x22, 0xba, 0x57, 0x4f, 0x44, 0xc4, 0xd9,
-	0xfa, 0x63, 0xa1, 0xd2, 0x8d, 0x6d, 0x38, 0x22, 0x92, 0x4b, 0xd3, 0xd9, 0x49, 0x46, 0x50, 0x01,
-	0xcd, 0xdb, 0xd6, 0x2a, 0xdc, 0x54, 0xbc, 0x2e, 0xcf, 0x4e, 0xe9, 0x94, 0x74, 0x76, 0x4a, 0xc7,
-	0x52, 0x55, 0x97, 0xb1, 0x6c, 0x0c, 0xde, 0x96, 0x55, 0x3d, 0x81, 0x84, 0xaa, 0x7a, 0x02, 0x38,
-	0xce, 0x50, 0x23, 0x2e, 0xf1, 0x94, 0xf9, 0x6e, 0x0c, 0x81, 0x24, 0xce, 0x10, 0xc0, 0x71, 0x86,
-	0xb3, 0xc4, 0x6b, 0xac, 0x29, 0x0b, 0xdd, 0x18, 0x02, 0x49, 0x9c, 0x21, 0x80, 0xe9, 0x61, 0x53,
-	0x06, 0x4f, 0x75, 0x9a, 0xeb, 0x7e, 0x9f, 0x2d, 0xca, 0x87, 0xcd, 0x54, 0x42, 0x7a, 0xd8, 0x4c,
-	0x45, 0xe2, 0xef, 0xdf, 0xb5, 0x8d, 0xa2, 0xb2, 0x04, 0x15, 0x4e, 0x86, 0xfb, 0x82, 0xdd, 0x94,
-	0x9a, 0xeb, 0xd1, 0x76, 0x6b, 0x03, 0xf9, 0x91, 0xc0, 0x94, 0x48, 0xa9, 0x42, 0x55, 0x63, 0xc1,
-	0x5d, 0x05, 0x03, 0xcf, 0xf5, 0x68, 0x81, 0xb1, 0xd1, 0x0b, 0x68, 0x08, 0x3e, 0xaa, 0x62, 0x99,
-	0x5e, 0x79, 0x4a, 0x79, 0x43, 0x3e, 0x32, 0x09, 0x28, 0x7a, 0x64, 0x12, 0x7e, 0xd2, 0x49, 0x1c,
-	0x7e, 0xb2, 0x29, 0xa6, 0x3c, 0xa5, 0x68, 0xf2, 0x24, 0x2e, 0x21, 0xe9, 0x24, 0x2e, 0x01, 0x82,
-	0x7a, 0xcb, 0x8e, 0xdd, 0x2e, 0x4f, 0x29, 0xb5, 0x84, 0x7a, 0x19, 0x2a, 0xa8, 0x97, 0xfd, 0x0c,
-	0xea, 0xad, 0xad, 0x75, 0xbc, 0x32, 0xfd, 0xc6, 0xe5, 0x84, 0x7a, 0x7d, 0x64, 0x50, 0xaf, 0x0f,
-	0xa0, 0x53, 0x21, 0x00, 0xaa, 0x8e, 0x4d, 0x27, 0xed, 0xdb, 0x66, 0xb3, 0xa9, 0xdc, 0x91, 0xa7,
-	0xc2, 0x28, 0x9e, 0x4e, 0x85, 0x51, 0x18, 0xdd, 0x7a, 0xb2, 0x56, 0x91, 0x95, 0xce, 0xaa, 0x72,
-	0x57, 0xde, 0x7a, 0x86, 0x18, 0xba, 0xf5, 0x0c, 0x7f, 0xc1, 0xe9, 0x82, 0xfe, 0xd2, 0xc8, 0x7d,
-	0x87, 0xb8, 0x6b, 0xca, 0xbd, 0xc8, 0xe9, 0x42, 0xc0, 0xc1, 0xe9, 0x42, 0xf8, 0x8d, 0x57, 0xd1,
-	0xe3, 0xd2, 0x42, 0xe3, 0xbf, 0x3d, 0xd5, 0x88, 0xee, 0x34, 0xd6, 0x94, 0x37, 0x81, 0xd5, 0x53,
-	0x89, 0x4b, 0x95, 0x4c, 0x3a, 0xd7, 0xa3, 0x75, 0xe3, 0x04, 0xc7, 0xf2, 0x37, 0xe6, 0x59, 0x74,
-	0x1a, 0xad, 0x3a, 0xed, 0x1f, 0x42, 0xdf, 0x8a, 0x1c, 0xcb, 0xe3, 0x24, 0x70, 0x2c, 0x8f, 0x83,
-	0x71, 0x1b, 0x5d, 0x8c, 0x1c, 0xd5, 0x16, 0xf4, 0x26, 0x3d, 0x97, 0x10, 0xa3, 0xaa, 0x37, 0xd6,
-	0x89, 0xa7, 0x7c, 0x0a, 0x78, 0x5f, 0x4a, 0x39, 0xf0, 0x45, 0xa8, 0xe7, 0x7a, 0xb4, 0x1d, 0xf8,
-	0x61, 0x95, 0xe5, 0x4e, 0x54, 0x3e, 0x2d, 0xdf, 0x6f, 0x52, 0xd8, 0x5c, 0x8f, 0xc6, 0xf2, 0x2a,
-	0xbe, 0x8d, 0x94, 0x3b, 0xed, 0x55, 0x47, 0x37, 0x08, 0xdb, 0x68, 0xc1, 0xde, 0x8d, 0x6f, 0x40,
-	0x3f, 0x23, 0xef, 0xd2, 0xd2, 0xe8, 0xe8, 0x2e, 0x2d, 0x0d, 0x47, 0x15, 0x55, 0x0a, 0xc4, 0xaa,
-	0x7c, 0x56, 0x56, 0x54, 0x09, 0x49, 0x15, 0x55, 0x0e, 0xdb, 0xfa, 0x26, 0x3a, 0x1b, 0x9c, 0xe7,
-	0xf9, 0xfa, 0xcb, 0x3a, 0x4d, 0x79, 0x1b, 0xf8, 0x5c, 0x8c, 0x3d, 0x06, 0x48, 0x54, 0x73, 0x3d,
-	0x5a, 0x4a, 0x79, 0xba, 0xe2, 0xc6, 0x62, 0x8c, 0xf3, 0xed, 0xc5, 0x77, 0xc8, 0x2b, 0x6e, 0x0a,
-	0x19, 0x5d, 0x71, 0x53, 0x50, 0x89, 0xcc, 0xb9, 0x50, 0xf5, 0x1d, 0x98, 0x07, 0x32, 0x4d, 0xe3,
-	0x90, 0xc8, 0x9c, 0xef, 0xd4, 0x56, 0x76, 0x60, 0x1e, 0xec, 0xd6, 0xd2, 0x38, 0xe0, 0xcb, 0xa8,
-	0xaf, 0x56, 0x5b, 0xd0, 0x3a, 0x96, 0xd2, 0x88, 0xd8, 0x80, 0x01, 0x74, 0xae, 0x47, 0xe3, 0x78,
-	0xba, 0x0d, 0x9a, 0x69, 0xea, 0xae, 0x67, 0x36, 0x5c, 0x18, 0x31, 0xfe, 0x08, 0x31, 0xe4, 0x6d,
-	0x50, 0x12, 0x0d, 0xdd, 0x06, 0x25, 0xc1, 0xe9, 0x7e, 0x71, 0x5a, 0x77, 0x5d, 0xdd, 0x32, 0x1c,
-	0x7d, 0x0a, 0x96, 0x09, 0x12, 0xb1, 0x94, 0x97, 0xb0, 0x74, 0xbf, 0x28, 0x43, 0xe0, 0xf2, 0xdd,
-	0x87, 0xf8, 0xdb, 0x9c, 0xfb, 0x91, 0xcb, 0xf7, 0x08, 0x1e, 0x2e, 0xdf, 0x23, 0x30, 0xd8, 0x77,
-	0xfa, 0x30, 0x8d, 0xac, 0x9a, 0x90, 0xe9, 0x78, 0x35, 0xb2, 0xef, 0x8c, 0x12, 0xc0, 0xbe, 0x33,
-	0x0a, 0x94, 0x9a, 0xe4, 0x2f, 0xb7, 0x6b, 0x29, 0x4d, 0x0a, 0x57, 0xd9, 0x58, 0x19, 0xba, 0x7e,
-	0x87, 0x83, 0xa3, 0xbc, 0x69, 0xe9, 0x2d, 0xbb, 0x3c, 0xe5, 0x4b, 0xdd, 0x94, 0xd7, 0xef, 0x54,
-	0x42, 0xba, 0x7e, 0xa7, 0x22, 0xe9, 0xec, 0xea, 0x1f, 0xb4, 0xd6, 0x74, 0x87, 0x18, 0x41, 0xfe,
-	0x4f, 0x76, 0x34, 0x7c, 0x47, 0x9e, 0x5d, 0xbb, 0x90, 0xd2, 0xd9, 0xb5, 0x0b, 0x9a, 0x6e, 0xf2,
-	0x92, 0xd1, 0x1a, 0xd1, 0x0d, 0x65, 0x5d, 0xde, 0xe4, 0xa5, 0x53, 0xd2, 0x4d, 0x5e, 0x3a, 0x36,
-	0xfd, 0x73, 0xee, 0x39, 0xa6, 0x47, 0x94, 0xe6, 0x6e, 0x3e, 0x07, 0x48, 0xd3, 0x3f, 0x07, 0xd0,
-	0xf4, 0x40, 0x18, 0xed, 0x90, 0x96, 0x7c, 0x20, 0x8c, 0x77, 0x43, 0xb4, 0x04, 0xdd, 0xb1, 0x70,
-	0x87, 0x09, 0xc5, 0x92, 0x77, 0x2c, 0x1c, 0x4c, 0x77, 0x2c, 0xa1, 0x4b, 0x85, 0x64, 0xa0, 0xaf,
-	0xd8, 0xf2, 0x1a, 0x2a, 0xe2, 0xe8, 0x1a, 0x2a, 0x19, 0xf3, 0xbf, 0x20, 0x59, 0xcf, 0x2a, 0x6d,
-	0x79, 0xd7, 0x21, 0xa0, 0xe8, 0xae, 0x43, 0xb4, 0xb3, 0x9d, 0x46, 0x63, 0xf0, 0x0a, 0xae, 0x75,
-	0x82, 0x77, 0x9c, 0xcf, 0xc9, 0x9f, 0x19, 0x41, 0xd3, 0xcf, 0x8c, 0x80, 0x24, 0x26, 0x7c, 0xda,
-	0x72, 0x52, 0x98, 0x84, 0xf7, 0x83, 0x11, 0x10, 0x9e, 0x47, 0xb8, 0x56, 0x5a, 0x98, 0xaf, 0x18,
-	0x55, 0xf1, 0x89, 0xcc, 0x95, 0x6f, 0x60, 0xe3, 0x14, 0x73, 0x3d, 0x5a, 0x42, 0x39, 0xfc, 0x0e,
-	0x3a, 0xcf, 0xa1, 0xdc, 0x1b, 0x0e, 0x92, 0xa8, 0x19, 0xc1, 0x82, 0xe0, 0xc9, 0xd6, 0x19, 0xdd,
-	0x68, 0xe7, 0x7a, 0xb4, 0xae, 0xbc, 0xd2, 0xeb, 0xe2, 0xeb, 0x43, 0x67, 0x37, 0x75, 0x05, 0x8b,
-	0x44, 0x57, 0x5e, 0xe9, 0x75, 0x71, 0xb9, 0x3f, 0xd8, 0x4d, 0x5d, 0x41, 0x27, 0x74, 0xe5, 0x85,
-	0x5d, 0x54, 0xec, 0x86, 0x2f, 0x35, 0x9b, 0xca, 0x06, 0x54, 0xf7, 0xf4, 0x6e, 0xaa, 0x2b, 0xc1,
-	0x86, 0x73, 0x27, 0x8e, 0x74, 0x96, 0x5e, 0x6a, 0x13, 0xab, 0x26, 0x2d, 0x40, 0x0f, 0xe5, 0x59,
-	0x3a, 0x46, 0x40, 0x67, 0xe9, 0x18, 0x90, 0x0e, 0x28, 0xd1, 0x08, 0x5b, 0xd9, 0x94, 0x07, 0x94,
-	0x88, 0xa3, 0x03, 0x4a, 0x32, 0xd8, 0x5e, 0x42, 0xa7, 0x96, 0xd6, 0x3d, 0xdd, 0xdf, 0x41, 0xba,
-	0xbc, 0x2b, 0xdf, 0x8d, 0x3c, 0x32, 0xc5, 0x49, 0xe0, 0x91, 0x29, 0x0e, 0xa6, 0x63, 0x84, 0x82,
-	0x6b, 0x9b, 0x56, 0x63, 0x56, 0x37, 0x9b, 0x1d, 0x87, 0x28, 0xff, 0x9f, 0x3c, 0x46, 0x22, 0x68,
-	0x3a, 0x46, 0x22, 0x20, 0xba, 0x40, 0x53, 0x50, 0xc9, 0x75, 0xcd, 0x55, 0x8b, 0x9f, 0x2b, 0x3b,
-	0x4d, 0x4f, 0xf9, 0xff, 0xe5, 0x05, 0x3a, 0x89, 0x86, 0x2e, 0xd0, 0x49, 0x70, 0xb8, 0x75, 0x4a,
-	0x48, 0x30, 0xa8, 0xfc, 0x95, 0xc8, 0xad, 0x53, 0x02, 0x0d, 0xdc, 0x3a, 0x25, 0x25, 0x27, 0x9c,
-	0x45, 0x05, 0xb6, 0x27, 0x9b, 0x37, 0x83, 0xb7, 0xea, 0xbf, 0x2a, 0xaf, 0x8f, 0x51, 0x3c, 0x5d,
-	0x1f, 0xa3, 0x30, 0x99, 0x0f, 0xef, 0x82, 0xbf, 0x96, 0xc6, 0x27, 0x90, 0x7f, 0xac, 0x0c, 0xbe,
-	0x25, 0xf2, 0xe1, 0x23, 0xe5, 0x3b, 0x33, 0x69, 0x8c, 0x82, 0xe1, 0x11, 0x2b, 0x24, 0x33, 0xd2,
-	0xc8, 0x03, 0x93, 0x6c, 0x28, 0x9f, 0x4f, 0x65, 0xc4, 0x08, 0x64, 0x46, 0x0c, 0x86, 0xdf, 0x42,
-	0x67, 0x43, 0xd8, 0x02, 0x69, 0xad, 0x04, 0x33, 0xd3, 0x77, 0x65, 0xe4, 0x6d, 0x70, 0x32, 0x19,
-	0xdd, 0x06, 0x27, 0x63, 0x92, 0x58, 0x73, 0xd1, 0xfd, 0xf5, 0x1d, 0x58, 0x07, 0x12, 0x4c, 0x61,
-	0x90, 0xc4, 0x9a, 0x4b, 0xf3, 0xbb, 0x77, 0x60, 0x1d, 0xc8, 0x34, 0x85, 0x01, 0xfe, 0x81, 0x0c,
-	0xba, 0x94, 0x8c, 0x2a, 0x35, 0x9b, 0xb3, 0xb6, 0x13, 0xe2, 0x94, 0xef, 0xc9, 0xc8, 0x17, 0x0d,
-	0xbb, 0x2b, 0x36, 0xd7, 0xa3, 0xed, 0xb2, 0x02, 0xfc, 0x49, 0x34, 0x52, 0xea, 0x18, 0xa6, 0x07,
-	0x0f, 0x6f, 0x74, 0xe3, 0xfc, 0xbd, 0x99, 0xc8, 0x11, 0x47, 0xc4, 0xc2, 0x11, 0x47, 0x04, 0xe0,
-	0xd7, 0xd1, 0x78, 0x8d, 0x34, 0x3a, 0x8e, 0xe9, 0x6d, 0x6a, 0x90, 0x3c, 0x92, 0xf2, 0xf8, 0xbe,
-	0x8c, 0x3c, 0x89, 0xc5, 0x28, 0xe8, 0x24, 0x16, 0x03, 0x62, 0x82, 0x26, 0x66, 0x1e, 0x7a, 0xc4,
-	0xb1, 0xf4, 0x26, 0x54, 0x52, 0xf3, 0x6c, 0x47, 0x5f, 0x25, 0x33, 0x96, 0xbe, 0xd2, 0x24, 0xca,
-	0x17, 0x33, 0xf2, 0xbe, 0x2a, 0x9d, 0x94, 0xee, 0xab, 0xd2, 0xb1, 0x78, 0x0d, 0x3d, 0x9e, 0x84,
-	0x2d, 0x9b, 0x2e, 0xd4, 0xf3, 0xa5, 0x8c, 0xbc, 0xb1, 0xea, 0x42, 0x4b, 0x37, 0x56, 0x5d, 0xd0,
-	0x10, 0x60, 0x3b, 0xc9, 0x2f, 0x44, 0xf9, 0xd1, 0x8c, 0x7c, 0xc9, 0x98, 0x48, 0x35, 0xd7, 0xa3,
-	0xa5, 0xb8, 0x95, 0xdc, 0x4d, 0xf1, 0xa9, 0x50, 0x7e, 0xac, 0x3b, 0xdf, 0x40, 0xe9, 0x53, 0x5c,
-	0x32, 0xee, 0xa6, 0xf8, 0x23, 0x28, 0x3f, 0xde, 0x9d, 0x6f, 0x68, 0x17, 0x91, 0xec, 0xce, 0x50,
-	0x4f, 0xb7, 0xe5, 0x57, 0x7e, 0x22, 0x23, 0x9f, 0xd3, 0xd3, 0x08, 0xe9, 0x39, 0x3d, 0xd5, 0x21,
-	0xe0, 0xf5, 0x04, 0x8b, 0x7a, 0xe5, 0x27, 0x23, 0x5a, 0x18, 0xa3, 0xa0, 0x5a, 0x18, 0x37, 0xc4,
-	0x7f, 0x3d, 0xc1, 0x70, 0x5c, 0xf9, 0xfb, 0xe9, 0xbc, 0x02, 0xa1, 0x26, 0xd8, 0x9b, 0xbf, 0x9e,
-	0x60, 0x1f, 0xad, 0xfc, 0x83, 0x74, 0x5e, 0xe1, 0xf3, 0x6a, 0xdc, 0xac, 0x9a, 0x4e, 0x48, 0x1d,
-	0xcf, 0x66, 0x9c, 0x25, 0x6d, 0xfa, 0xd9, 0xe8, 0x84, 0x94, 0x48, 0x06, 0x13, 0x52, 0x22, 0x26,
-	0x89, 0x35, 0xff, 0xee, 0x9f, 0xdb, 0x81, 0xb5, 0x30, 0x8d, 0x26, 0x62, 0x92, 0x58, 0x73, 0x31,
-	0x7c, 0x65, 0x07, 0xd6, 0xc2, 0x34, 0x9a, 0x88, 0xc1, 0x9f, 0x41, 0xe7, 0x42, 0xcc, 0x5d, 0xe2,
-	0xb8, 0x61, 0xd7, 0xff, 0x7c, 0x46, 0xbe, 0x4a, 0x48, 0xa1, 0x9b, 0xeb, 0xd1, 0xd2, 0x58, 0x24,
-	0x72, 0xe7, 0x42, 0xf9, 0x85, 0x9d, 0xb8, 0x87, 0xb7, 0x20, 0x29, 0xa8, 0x44, 0xee, 0x5c, 0x2e,
-	0xbf, 0xb8, 0x13, 0xf7, 0xf0, 0x1a, 0x24, 0x05, 0x35, 0xd5, 0x8f, 0x7a, 0x61, 0x6f, 0xa7, 0xfe,
-	0x68, 0x06, 0x0d, 0xd7, 0x3c, 0x87, 0xe8, 0x2d, 0xee, 0x97, 0x3c, 0x81, 0x06, 0x98, 0x91, 0x84,
-	0x6f, 0xa7, 0xac, 0x05, 0xbf, 0xf1, 0x25, 0x34, 0x3a, 0xaf, 0xbb, 0x1e, 0x94, 0xac, 0x58, 0x06,
-	0x79, 0x08, 0x06, 0xc2, 0x39, 0x2d, 0x02, 0xc5, 0xf3, 0x8c, 0x8e, 0x95, 0x83, 0x80, 0x10, 0xb9,
-	0x1d, 0xdd, 0x71, 0x07, 0xde, 0xdb, 0x2a, 0xf6, 0x80, 0xf7, 0x6d, 0xa4, 0xac, 0xfa, 0xf5, 0x0c,
-	0x8a, 0x99, 0x6f, 0x3c, 0xba, 0xff, 0xc0, 0x12, 0x1a, 0x8b, 0x04, 0x21, 0xe1, 0x56, 0xce, 0xbb,
-	0x8c, 0x51, 0x12, 0x2d, 0x8d, 0x9f, 0x0e, 0xac, 0x6b, 0xef, 0x68, 0xf3, 0xdc, 0xd5, 0xba, 0x7f,
-	0x7b, 0xab, 0x98, 0xeb, 0x38, 0x4d, 0x4d, 0x40, 0x71, 0x57, 0xc0, 0x7f, 0x54, 0x08, 0x23, 0x2c,
-	0xe0, 0x4b, 0xdc, 0x99, 0x21, 0x13, 0x3a, 0x68, 0x47, 0x12, 0x62, 0x30, 0xe7, 0x85, 0x4f, 0xa2,
-	0xe1, 0x4a, 0xab, 0x4d, 0x1c, 0xd7, 0xb6, 0x74, 0xcf, 0xf6, 0x13, 0xef, 0x81, 0xf3, 0xae, 0x29,
-	0xc0, 0x45, 0x87, 0x52, 0x91, 0x1e, 0x5f, 0xf1, 0xf3, 0x4c, 0xe7, 0x20, 0xb6, 0xc5, 0xa9, 0x84,
-	0x3c, 0xd3, 0x7e, 0xb6, 0xe8, 0x2b, 0xa8, 0xf7, 0x8e, 0xab, 0x83, 0x1d, 0x76, 0x40, 0xda, 0xa1,
-	0x00, 0x91, 0x14, 0x28, 0xf0, 0x55, 0xd4, 0x07, 0xe7, 0x56, 0x57, 0xe9, 0x05, 0x5a, 0x70, 0x1b,
-	0x6f, 0x02, 0x44, 0x74, 0xd2, 0x65, 0x34, 0xf8, 0x36, 0x2a, 0x84, 0x97, 0x72, 0x90, 0x2a, 0xd2,
-	0x8f, 0xb1, 0x09, 0xc9, 0x29, 0xd6, 0x03, 0x1c, 0xcb, 0x31, 0x29, 0xb2, 0x88, 0x15, 0xc4, 0x73,
-	0x68, 0x2c, 0x84, 0x51, 0x11, 0xf9, 0xb1, 0x7d, 0x21, 0x39, 0x8b, 0xc0, 0x8b, 0x8a, 0x53, 0x64,
-	0x15, 0x2d, 0x86, 0x2b, 0xa8, 0xdf, 0xf7, 0x19, 0x1f, 0xd8, 0x51, 0x49, 0x4f, 0x71, 0x9f, 0xf1,
-	0x7e, 0xd1, 0x5b, 0xdc, 0x2f, 0x8f, 0x67, 0xd1, 0xa8, 0x66, 0x77, 0x3c, 0xb2, 0x6c, 0xf3, 0x3b,
-	0x47, 0x1e, 0xfc, 0x11, 0xda, 0xe4, 0x50, 0x4c, 0xdd, 0xb3, 0xfd, 0xdc, 0x1e, 0x62, 0x8e, 0x09,
-	0xb9, 0x14, 0x5e, 0x44, 0xe3, 0xb1, 0xeb, 0x4b, 0x31, 0xe3, 0x86, 0xf0, 0x79, 0x71, 0x66, 0xf1,
-	0xa2, 0xf8, 0x7b, 0x33, 0xa8, 0x6f, 0xd9, 0xd1, 0x4d, 0xcf, 0xe5, 0x26, 0xdc, 0x67, 0x26, 0x37,
-	0x1c, 0xbd, 0x4d, 0xf5, 0x63, 0x12, 0x82, 0x97, 0xdc, 0xd5, 0x9b, 0x1d, 0xe2, 0x4e, 0xdd, 0xa3,
-	0x5f, 0xf7, 0xef, 0xb7, 0x8a, 0x9f, 0xd8, 0x43, 0xfe, 0xef, 0x6b, 0x01, 0x27, 0x56, 0x03, 0x55,
-	0x01, 0x0f, 0xfe, 0x12, 0x55, 0x80, 0xe1, 0xf0, 0x22, 0x42, 0xfc, 0x53, 0x4b, 0xed, 0x36, 0xb7,
-	0x07, 0x17, 0x8c, 0x5d, 0x7d, 0x0c, 0x53, 0xec, 0x40, 0x60, 0x7a, 0x5b, 0x4c, 0x38, 0x2a, 0x70,
-	0xa0, 0x5a, 0xb0, 0xcc, 0x5b, 0xe4, 0x8b, 0x69, 0x24, 0x94, 0xb8, 0xdf, 0xd8, 0x04, 0x21, 0x45,
-	0x8b, 0xe1, 0x15, 0x34, 0xc6, 0xf9, 0x06, 0xd1, 0x18, 0x47, 0xe5, 0x59, 0x21, 0x82, 0x66, 0x4a,
-	0x1b, 0xb4, 0xd1, 0xe0, 0x60, 0xb1, 0x8e, 0x48, 0x09, 0x3c, 0x15, 0x06, 0x8b, 0x87, 0xec, 0xa6,
-	0xca, 0x18, 0x68, 0xec, 0xf9, 0xed, 0xad, 0xa2, 0xe2, 0x97, 0x67, 0x49, 0x51, 0x93, 0x52, 0x9f,
-	0x40, 0x11, 0x91, 0x07, 0xd3, 0xfa, 0x42, 0x02, 0x8f, 0xa8, 0xce, 0xcb, 0x45, 0xf0, 0x34, 0x1a,
-	0x09, 0xcc, 0xd1, 0xee, 0xdc, 0xa9, 0x94, 0xc1, 0xe0, 0x9c, 0xa7, 0xf1, 0x8c, 0x04, 0x7a, 0x14,
-	0x99, 0x48, 0x65, 0x04, 0xcf, 0x14, 0x66, 0x81, 0x1e, 0xf1, 0x4c, 0x69, 0x27, 0x78, 0xa6, 0x54,
-	0xf1, 0x2b, 0x68, 0xa8, 0x74, 0xaf, 0xc6, 0x3d, 0x6e, 0x5c, 0xe5, 0x54, 0x18, 0x61, 0x17, 0xb2,
-	0xdf, 0x70, 0xef, 0x1c, 0xb1, 0xe9, 0x22, 0x3d, 0x9e, 0x41, 0xa3, 0xd2, 0x8b, 0x96, 0xab, 0x9c,
-	0x06, 0x0e, 0x2c, 0x01, 0x29, 0x60, 0xea, 0x3c, 0x07, 0xae, 0x94, 0xe2, 0x47, 0x2e, 0x44, 0xb5,
-	0x86, 0x6e, 0xbf, 0x9b, 0x4d, 0x7b, 0x43, 0x23, 0xe0, 0xdc, 0x03, 0xe6, 0xeb, 0x03, 0x4c, 0x6b,
-	0x0c, 0x8e, 0xaa, 0x3b, 0x0c, 0x27, 0x25, 0x60, 0x92, 0x8b, 0xe1, 0x77, 0x10, 0x86, 0xf8, 0xa6,
-	0xc4, 0xf0, 0x2f, 0x38, 0x2a, 0x65, 0x57, 0x39, 0x0b, 0x41, 0x9c, 0x70, 0xd4, 0xbb, 0xac, 0x52,
-	0x9e, 0xba, 0xc4, 0xa7, 0x8f, 0x8b, 0x3a, 0x2b, 0x55, 0x0f, 0xf2, 0xcf, 0x9a, 0x86, 0xd8, 0xe2,
-	0x04, 0xae, 0x78, 0x03, 0x9d, 0xab, 0x3a, 0xe4, 0x81, 0x69, 0x77, 0x5c, 0x7f, 0xf9, 0xf0, 0xe7,
-	0xad, 0x73, 0x3b, 0xce, 0x5b, 0x4f, 0xf2, 0x8a, 0xcf, 0xb4, 0x1d, 0xf2, 0xa0, 0xee, 0x87, 0xee,
-	0x91, 0x62, 0x5e, 0xa4, 0x71, 0xa7, 0xe2, 0x02, 0xc7, 0x26, 0x0e, 0x37, 0x89, 0xab, 0x28, 0xe1,
-	0x54, 0xcb, 0xfc, 0xb4, 0xcc, 0x00, 0x27, 0x8a, 0x2b, 0x52, 0x0c, 0x6b, 0x08, 0xdf, 0x9a, 0xf6,
-	0x2f, 0xbb, 0x4a, 0x8d, 0x86, 0xdd, 0xb1, 0x3c, 0x57, 0x79, 0x0c, 0x98, 0xa9, 0x54, 0x2c, 0xab,
-	0x8d, 0x20, 0x8c, 0x57, 0x5d, 0xe7, 0x78, 0x51, 0x2c, 0xf1, 0xd2, 0x78, 0x1e, 0x15, 0xaa, 0x8e,
-	0xf9, 0x40, 0xf7, 0xc8, 0x6d, 0xb2, 0x59, 0xb5, 0x9b, 0x66, 0x63, 0x13, 0xac, 0xe8, 0xf9, 0x54,
-	0xd9, 0x66, 0xb8, 0xfa, 0x3a, 0xd9, 0xac, 0xb7, 0x01, 0x2b, 0x2e, 0x2b, 0xd1, 0x92, 0x62, 0x58,
-	0x9d, 0xc7, 0x77, 0x17, 0x56, 0x87, 0xa0, 0x02, 0xbf, 0x2a, 0x7b, 0xe8, 0x11, 0x8b, 0x2e, 0xf5,
-	0x2e, 0xb7, 0x98, 0x57, 0x22, 0x57, 0x6b, 0x01, 0x9e, 0x27, 0x63, 0x62, 0xa3, 0x8c, 0x04, 0x60,
-	0xb1, 0x61, 0xd1, 0x22, 0xea, 0x97, 0x72, 0xe2, 0xd4, 0x89, 0xcf, 0xa3, 0xbc, 0x10, 0xd5, 0x15,
-	0xa2, 0x71, 0x40, 0x04, 0xac, 0x3c, 0x0f, 0xf5, 0x33, 0xc8, 0xb7, 0x1d, 0x81, 0xdb, 0x18, 0x84,
-	0xbc, 0xf7, 0x43, 0x6d, 0x99, 0x86, 0x16, 0x12, 0x40, 0xb8, 0xf1, 0x30, 0x67, 0x65, 0x4e, 0x08,
-	0x37, 0x1e, 0xe6, 0xac, 0x94, 0x32, 0x56, 0x5e, 0x47, 0x43, 0x7c, 0xda, 0x14, 0xa2, 0xd1, 0x40,
-	0xb8, 0x2c, 0x3f, 0x6d, 0x15, 0x8b, 0xc6, 0x25, 0x10, 0xe1, 0x97, 0x20, 0x71, 0x9b, 0xef, 0x92,
-	0xd7, 0x1b, 0x6e, 0x5f, 0xc4, 0x81, 0x1f, 0xc9, 0xdc, 0xe6, 0x7b, 0xe6, 0x4d, 0xa1, 0x11, 0x51,
-	0x93, 0xfc, 0x04, 0x0b, 0x30, 0xe7, 0x49, 0xea, 0xb7, 0x29, 0x65, 0x1d, 0x16, 0x8b, 0xe0, 0x25,
-	0x34, 0x1e, 0x53, 0x1e, 0x1e, 0xbb, 0x06, 0xd2, 0x6d, 0x24, 0x68, 0x9e, 0xb8, 0xa6, 0xc6, 0xca,
-	0xaa, 0xdf, 0x95, 0x8d, 0xad, 0x18, 0x54, 0x30, 0x9c, 0x4a, 0xe8, 0x1c, 0x10, 0x8c, 0xcf, 0x9a,
-	0x09, 0x46, 0x20, 0xc2, 0x97, 0xd1, 0x40, 0x24, 0x77, 0x1b, 0x38, 0x69, 0x06, 0x89, 0xdb, 0x02,
-	0x2c, 0xbe, 0x8e, 0x06, 0xe8, 0xfc, 0x6d, 0x45, 0x62, 0x3e, 0x75, 0x38, 0x4c, 0x9c, 0x70, 0x7d,
-	0x3a, 0x5a, 0x46, 0x8a, 0x2e, 0xec, 0xa7, 0xd8, 0x8a, 0xaf, 0x56, 0x61, 0xec, 0xf4, 0x60, 0xaf,
-	0xd8, 0xbb, 0xd3, 0x5e, 0x51, 0xfd, 0x8d, 0x4c, 0x5c, 0xfb, 0xf1, 0xcd, 0x78, 0xe0, 0x17, 0x96,
-	0x5d, 0xcb, 0x07, 0x8a, 0xb5, 0x06, 0x21, 0x60, 0xa4, 0x10, 0x2e, 0xd9, 0x47, 0x0e, 0xe1, 0x92,
-	0xdb, 0x63, 0x08, 0x17, 0xf5, 0x7f, 0xe7, 0xbb, 0x1a, 0x5c, 0x1c, 0x8a, 0xab, 0xf2, 0x8b, 0xf4,
-	0xbc, 0x43, 0x6b, 0x2f, 0xb9, 0xb1, 0x5d, 0x3b, 0x7b, 0x4f, 0xae, 0xeb, 0x6c, 0xd4, 0xb8, 0x9a,
-	0x4c, 0x29, 0xe6, 0x3a, 0x87, 0xd0, 0x40, 0xf9, 0x84, 0x5c, 0xe7, 0xd1, 0x04, 0x69, 0x62, 0x01,
-	0xfc, 0x31, 0x34, 0x18, 0x66, 0x6d, 0xef, 0x15, 0x02, 0x4d, 0x25, 0x24, 0x6b, 0x0f, 0x29, 0xf1,
-	0x67, 0x51, 0x9f, 0x94, 0xa1, 0xef, 0xda, 0x2e, 0x2c, 0x54, 0x26, 0xc5, 0xf0, 0x85, 0xec, 0xec,
-	0x10, 0xcd, 0xce, 0xc7, 0x99, 0xe2, 0x65, 0x74, 0xaa, 0xea, 0x10, 0x03, 0x6c, 0xa1, 0x66, 0x1e,
-	0xb6, 0x1d, 0x1e, 0x5c, 0x92, 0x0d, 0x60, 0x58, 0x3a, 0xda, 0x3e, 0x9a, 0x2e, 0x6a, 0x1c, 0x2f,
-	0x30, 0x4a, 0x2a, 0x4e, 0xf7, 0x13, 0xac, 0x25, 0xb7, 0xc9, 0xe6, 0x86, 0xed, 0x18, 0x2c, 0xfe,
-	0x22, 0xdf, 0x4f, 0x70, 0x41, 0xaf, 0x73, 0x94, 0xb8, 0x9f, 0x90, 0x0b, 0x4d, 0xbc, 0x88, 0x86,
-	0x1e, 0x35, 0x04, 0xe0, 0x2f, 0x64, 0x53, 0x4c, 0x17, 0x8f, 0x6f, 0xea, 0x86, 0x20, 0x8d, 0x4e,
-	0x6f, 0x4a, 0x1a, 0x9d, 0x6f, 0x65, 0x53, 0xec, 0x32, 0x8f, 0x75, 0xba, 0x8b, 0x40, 0x18, 0x72,
-	0xba, 0x8b, 0x30, 0xd3, 0x88, 0x69, 0x68, 0x22, 0x51, 0x24, 0x31, 0x4e, 0xdf, 0x8e, 0x89, 0x71,
-	0x7e, 0x2a, 0xd7, 0xcd, 0x6e, 0xf5, 0x44, 0xf6, 0x7b, 0x91, 0xfd, 0x75, 0x34, 0x14, 0x48, 0x96,
-	0xa7, 0x39, 0x1e, 0x09, 0x02, 0x8e, 0x32, 0x30, 0x94, 0x11, 0x88, 0xf0, 0x15, 0xd6, 0xd6, 0x9a,
-	0xf9, 0x2e, 0x0b, 0xba, 0x37, 0xc2, 0xc3, 0xa9, 0xe9, 0x9e, 0x5e, 0x77, 0xcd, 0x77, 0x89, 0x16,
-	0xa0, 0xd5, 0x7f, 0x96, 0x4d, 0x34, 0xfe, 0x3d, 0xe9, 0xa3, 0x3d, 0xf4, 0x51, 0x82, 0x10, 0x99,
-	0xd9, 0xf2, 0x89, 0x10, 0xf7, 0x20, 0xc4, 0x3f, 0xc9, 0x26, 0x1a, 0x79, 0x9f, 0x08, 0x71, 0x2f,
-	0xb3, 0xc5, 0x55, 0x34, 0xa8, 0xd9, 0x1b, 0xee, 0x34, 0x9c, 0x59, 0xd8, 0x5c, 0x01, 0x13, 0xb5,
-	0x63, 0x6f, 0xb8, 0x75, 0x38, 0x8d, 0x68, 0x21, 0x81, 0xfa, 0x67, 0xd9, 0x2e, 0x66, 0xf0, 0x27,
-	0x82, 0x7f, 0x3f, 0x97, 0xc8, 0x5f, 0xce, 0x4a, 0x66, 0xf6, 0xc7, 0x3a, 0x6f, 0x5c, 0xad, 0xb1,
-	0x46, 0x5a, 0x7a, 0x34, 0x6f, 0x9c, 0x0b, 0x50, 0x9e, 0x76, 0x26, 0x24, 0x51, 0xbf, 0x9a, 0x8d,
-	0xf8, 0x19, 0x9c, 0xc8, 0x6e, 0xd7, 0xb2, 0x0b, 0xb4, 0x8e, 0xbb, 0x4e, 0x9c, 0x48, 0x6e, 0xb7,
-	0x92, 0xfb, 0xfe, 0x6c, 0xc4, 0xcb, 0xe4, 0xf8, 0xa6, 0x90, 0xfa, 0x6a, 0x36, 0xee, 0x31, 0x73,
-	0x7c, 0x35, 0xe9, 0x2a, 0x1a, 0xe4, 0x72, 0x08, 0x96, 0x0a, 0x36, 0xef, 0x33, 0x20, 0x5c, 0xa0,
-	0x06, 0x04, 0xea, 0xf7, 0x64, 0x91, 0xec, 0xfd, 0x73, 0x4c, 0x75, 0xe8, 0x97, 0xb3, 0xb2, 0xdf,
-	0xd3, 0xf1, 0xd5, 0x9f, 0x49, 0x84, 0x6a, 0x9d, 0x95, 0x06, 0x0f, 0x9b, 0xd5, 0x2b, 0xdc, 0xc0,
-	0x07, 0x50, 0x4d, 0xa0, 0x50, 0xff, 0x4f, 0x36, 0xd1, 0x19, 0xeb, 0xf8, 0x0a, 0xf0, 0x06, 0xdc,
-	0x8a, 0x37, 0xac, 0x70, 0x22, 0x87, 0x4b, 0x48, 0x3a, 0xfe, 0x62, 0xd1, 0xee, 0x7d, 0x42, 0xfc,
-	0xf1, 0x84, 0xed, 0x1a, 0xc4, 0x12, 0x4c, 0x4c, 0xa1, 0x2d, 0x6e, 0xdc, 0xfe, 0x65, 0x76, 0x27,
-	0xdf, 0xb5, 0xe3, 0xbc, 0xaa, 0xf6, 0x57, 0xf5, 0x4d, 0x88, 0xb1, 0x42, 0x7b, 0x62, 0x98, 0xc5,
-	0x62, 0x6f, 0x33, 0x90, 0xf8, 0x22, 0xc6, 0xa9, 0xd4, 0x3f, 0xee, 0x4d, 0x76, 0x9c, 0x3a, 0xbe,
-	0x22, 0x3c, 0x8f, 0xf2, 0x55, 0xdd, 0x5b, 0xe3, 0x9a, 0x0c, 0xaf, 0x75, 0x6d, 0xdd, 0x5b, 0xd3,
-	0x00, 0x8a, 0xaf, 0xa0, 0x01, 0x4d, 0xdf, 0x10, 0x53, 0x87, 0xc3, 0xc5, 0x8e, 0xa3, 0x6f, 0xf0,
-	0xfc, 0xf1, 0x01, 0x1a, 0xab, 0x41, 0x9e, 0x06, 0x76, 0xf3, 0x0d, 0x41, 0xce, 0x59, 0x9e, 0x86,
-	0x20, 0x3b, 0xc3, 0x79, 0x94, 0x9f, 0xb2, 0x8d, 0x4d, 0x30, 0x66, 0x19, 0x66, 0x95, 0xad, 0xd8,
-	0xc6, 0xa6, 0x06, 0x50, 0xfc, 0x03, 0x19, 0xd4, 0x3f, 0x47, 0x74, 0x83, 0x8e, 0x90, 0xc1, 0x6e,
-	0xb6, 0x20, 0x6f, 0x1e, 0x8c, 0x2d, 0xc8, 0xf8, 0x1a, 0xab, 0x4c, 0x54, 0x14, 0x5e, 0x3f, 0xbe,
-	0x85, 0x06, 0xa6, 0x75, 0x8f, 0xac, 0xda, 0xce, 0x26, 0x58, 0xb7, 0x8c, 0x86, 0xd6, 0xa3, 0x92,
-	0xfe, 0xf8, 0x44, 0xec, 0x65, 0xac, 0xc1, 0x7f, 0x69, 0x41, 0x61, 0x2a, 0x16, 0x9e, 0xbf, 0x6d,
-	0x28, 0x14, 0x0b, 0x4b, 0xd4, 0x16, 0xa4, 0x69, 0x0b, 0xae, 0x95, 0x87, 0x93, 0xaf, 0x95, 0x61,
-	0xf7, 0x08, 0x16, 0x70, 0x90, 0x1d, 0x61, 0x04, 0x16, 0x7d, 0xb6, 0x7b, 0x04, 0x28, 0x24, 0x47,
-	0xd0, 0x04, 0x12, 0xf5, 0x1b, 0xbd, 0x28, 0xd1, 0xcd, 0xe2, 0x44, 0xc9, 0x4f, 0x94, 0x3c, 0x54,
-	0xf2, 0x72, 0x4c, 0xc9, 0x27, 0xe2, 0x8e, 0x3b, 0x1f, 0x50, 0x0d, 0xff, 0xa1, 0x7c, 0xcc, 0xed,
-	0xef, 0x78, 0x9f, 0x2e, 0x43, 0xe9, 0xf5, 0xee, 0x28, 0xbd, 0x60, 0x40, 0xf4, 0xed, 0x38, 0x20,
-	0xfa, 0x77, 0x3b, 0x20, 0x06, 0x52, 0x07, 0x44, 0xa8, 0x20, 0x83, 0xa9, 0x0a, 0x52, 0xe1, 0x83,
-	0x06, 0x75, 0xcf, 0xbc, 0x73, 0x7e, 0x7b, 0xab, 0x38, 0x4a, 0x47, 0x53, 0x62, 0xce, 0x1d, 0x60,
-	0xa1, 0x7e, 0x3d, 0xdf, 0xc5, 0x57, 0xf7, 0x50, 0x74, 0xe4, 0x06, 0xca, 0x95, 0xda, 0x6d, 0xae,
-	0x1f, 0xa7, 0x04, 0x37, 0xe1, 0x94, 0x52, 0x94, 0x1a, 0xbf, 0x84, 0x72, 0xa5, 0x7b, 0xb5, 0x68,
-	0xc4, 0xe1, 0xd2, 0xbd, 0x1a, 0xff, 0x92, 0xd4, 0xb2, 0xf7, 0x6a, 0xf8, 0xe5, 0x30, 0xf4, 0xcf,
-	0x5a, 0xc7, 0x5a, 0xe7, 0x07, 0x45, 0x6e, 0x04, 0xeb, 0x5b, 0xda, 0x34, 0x28, 0x8a, 0x1e, 0x17,
-	0x23, 0xb4, 0x11, 0x6d, 0xea, 0xdb, 0xbd, 0x36, 0xf5, 0xef, 0xa8, 0x4d, 0x03, 0xbb, 0xd5, 0xa6,
-	0xc1, 0x5d, 0x68, 0x13, 0xda, 0x51, 0x9b, 0x86, 0xf6, 0xaf, 0x4d, 0x6d, 0x34, 0x11, 0x8f, 0xaf,
-	0x10, 0x68, 0x84, 0x86, 0x70, 0x1c, 0xcb, 0x0d, 0x4b, 0xe0, 0xe9, 0xbf, 0xc3, 0xb0, 0x75, 0x96,
-	0x67, 0x31, 0x9a, 0xa5, 0x50, 0x4b, 0x28, 0xad, 0xfe, 0x42, 0x36, 0x3d, 0x2c, 0xc4, 0xd1, 0x9c,
-	0xe2, 0xbe, 0x23, 0x51, 0x4a, 0x79, 0xd9, 0x21, 0x2a, 0x5d, 0xca, 0x11, 0xb6, 0x49, 0x32, 0xfb,
-	0x5a, 0x26, 0x2d, 0x56, 0xc5, 0xbe, 0x24, 0xf6, 0xe1, 0xb8, 0xb1, 0x1a, 0x58, 0xcf, 0xbb, 0xb2,
-	0x95, 0x5a, 0x34, 0x6d, 0x5f, 0xee, 0x11, 0xd3, 0xf6, 0xfd, 0x46, 0x06, 0x9d, 0xba, 0xdd, 0x59,
-	0x21, 0xdc, 0x38, 0x2d, 0x68, 0xc6, 0x3b, 0x08, 0x51, 0x30, 0x37, 0x62, 0xc9, 0x80, 0x11, 0xcb,
-	0x47, 0xc4, 0x38, 0x13, 0x91, 0x02, 0x93, 0x21, 0x35, 0x33, 0x60, 0xb9, 0xe0, 0x9b, 0x58, 0xae,
-	0x77, 0x56, 0x48, 0x3d, 0x66, 0xc9, 0x22, 0x70, 0x9f, 0x78, 0x85, 0x19, 0xaf, 0x3f, 0xaa, 0xd1,
-	0xc8, 0xcf, 0x65, 0x53, 0x43, 0x7b, 0x1c, 0xd9, 0xcc, 0x0a, 0x9f, 0x4e, 0xec, 0x95, 0x68, 0x86,
-	0x85, 0x04, 0x92, 0x08, 0xc7, 0x24, 0x2e, 0xc9, 0x02, 0x3b, 0xe2, 0xf9, 0x3e, 0xde, 0x57, 0x81,
-	0xfd, 0x5e, 0x26, 0x35, 0x04, 0xcb, 0x51, 0x15, 0x98, 0xfa, 0x5b, 0x59, 0x3f, 0xf2, 0xcb, 0xbe,
-	0x3e, 0xe1, 0x2a, 0x1a, 0xe4, 0xe1, 0xed, 0x65, 0xdb, 0x5a, 0x7e, 0x95, 0x07, 0x57, 0xc3, 0x01,
-	0x01, 0x5d, 0xe6, 0xfd, 0xc8, 0x14, 0x41, 0xa2, 0x47, 0x58, 0xe6, 0x4d, 0x0e, 0xa5, 0xf4, 0x02,
-	0x09, 0x5d, 0xc8, 0x67, 0x1e, 0x9a, 0x1e, 0xec, 0x0a, 0x68, 0x5f, 0xe6, 0xd8, 0x42, 0x4e, 0x1e,
-	0x9a, 0x1e, 0xdb, 0x13, 0x04, 0x68, 0xba, 0x48, 0xd7, 0xc2, 0x6c, 0x66, 0x7c, 0x91, 0x76, 0x79,
-	0x52, 0x37, 0xee, 0xcc, 0x75, 0x15, 0x0d, 0x72, 0x83, 0x55, 0x6e, 0x66, 0xc2, 0x5b, 0xcb, 0x4d,
-	0x5c, 0xa1, 0xb5, 0x01, 0x01, 0xe5, 0xa8, 0x91, 0xd5, 0xd0, 0xb0, 0x0e, 0x38, 0x3a, 0x00, 0xd1,
-	0x38, 0x46, 0xdd, 0xce, 0xc6, 0x03, 0xd0, 0x1c, 0xdf, 0x43, 0xc1, 0x15, 0xd9, 0x58, 0x0d, 0x2c,
-	0x34, 0x61, 0xc3, 0x25, 0xda, 0xca, 0xb2, 0x7d, 0xd7, 0x75, 0x34, 0x70, 0x9b, 0x6c, 0x32, 0xbb,
-	0xca, 0xbe, 0xd0, 0x14, 0x77, 0x9d, 0xc3, 0xc4, 0x1b, 0x4d, 0x9f, 0x4e, 0xfd, 0xf5, 0x6c, 0x3c,
-	0xb4, 0xce, 0xf1, 0x15, 0xf6, 0x47, 0x51, 0x3f, 0x88, 0xb2, 0xe2, 0x5f, 0xa9, 0x83, 0x00, 0x41,
-	0xdc, 0xb2, 0x85, 0xaf, 0x4f, 0xa6, 0xfe, 0x58, 0x5f, 0x34, 0xde, 0xd2, 0xf1, 0x95, 0xde, 0x27,
-	0xd0, 0xd0, 0xb4, 0x6d, 0xb9, 0xa6, 0xeb, 0x11, 0xab, 0xe1, 0x2b, 0xec, 0x63, 0x74, 0xc3, 0xd2,
-	0x08, 0xc1, 0xa2, 0xe7, 0x8d, 0x40, 0xfd, 0x28, 0xca, 0x8b, 0x9f, 0x47, 0x83, 0x20, 0x72, 0xb0,
-	0x43, 0x16, 0xd2, 0xc4, 0xae, 0x50, 0x60, 0xd4, 0x08, 0x39, 0x24, 0xc5, 0x77, 0xd0, 0xc0, 0xf4,
-	0x9a, 0xd9, 0x34, 0x1c, 0x62, 0xf1, 0x7c, 0xe8, 0x4f, 0x26, 0x47, 0xc7, 0x9a, 0x84, 0x7f, 0x81,
-	0x96, 0x35, 0xa7, 0xc1, 0x8b, 0x49, 0xbe, 0x47, 0x1c, 0x36, 0xf1, 0xb7, 0xb2, 0x08, 0x85, 0x05,
-	0xf0, 0x13, 0x28, 0x1b, 0x24, 0xe2, 0x01, 0x33, 0x10, 0x49, 0x83, 0xb2, 0x30, 0x15, 0xf3, 0xb1,
-	0x9d, 0xdd, 0x71, 0x6c, 0xdf, 0x41, 0x7d, 0xec, 0x46, 0x09, 0x2c, 0xb5, 0x85, 0x10, 0x30, 0xa9,
-	0x0d, 0x9e, 0x04, 0x7a, 0x76, 0x58, 0x84, 0x9d, 0x9d, 0x64, 0xf5, 0xcc, 0x98, 0x4d, 0x34, 0x50,
-	0x2f, 0xfc, 0x85, 0x2f, 0xa1, 0x3c, 0x48, 0x31, 0x03, 0xe7, 0x44, 0x70, 0x13, 0x8d, 0xc8, 0x0f,
-	0xf0, 0xb4, 0x9b, 0xa6, 0x6d, 0xcb, 0xa3, 0x55, 0x43, 0xab, 0x87, 0xb9, 0x5c, 0x38, 0x4c, 0x92,
-	0x0b, 0x87, 0xa9, 0xff, 0x22, 0x9b, 0x10, 0x09, 0xec, 0xf8, 0x0e, 0x93, 0x17, 0x11, 0x02, 0x47,
-	0x66, 0x2a, 0x4f, 0xdf, 0x05, 0x02, 0x46, 0x09, 0x30, 0x02, 0xb5, 0x95, 0xb6, 0xf5, 0x21, 0xb1,
-	0xfa, 0xdb, 0x99, 0x58, 0xf8, 0xa8, 0x7d, 0xc9, 0x51, 0xdc, 0xf5, 0x64, 0x1f, 0x71, 0x9b, 0xe8,
-	0xf7, 0x45, 0x6e, 0x6f, 0x7d, 0x21, 0x7f, 0xcb, 0x01, 0xec, 0xfc, 0x0e, 0xf3, 0x5b, 0xbe, 0x91,
-	0x4d, 0x0a, 0xa6, 0x75, 0x34, 0x55, 0x3c, 0xcc, 0x35, 0x9e, 0xdf, 0x43, 0xae, 0xf1, 0xb7, 0xd1,
-	0x58, 0x24, 0xc4, 0x14, 0xcf, 0x8e, 0x75, 0xa9, 0x7b, 0xac, 0xaa, 0x74, 0x17, 0x78, 0x89, 0x4c,
-	0xfd, 0xbf, 0x99, 0xee, 0x01, 0xc6, 0x0e, 0x5d, 0x75, 0x12, 0x04, 0x90, 0xfb, 0xcb, 0x11, 0xc0,
-	0x01, 0x1c, 0x33, 0x8f, 0xb6, 0x00, 0x3e, 0x20, 0x93, 0xc7, 0xfb, 0x2d, 0x80, 0x1f, 0xcb, 0xec,
-	0x18, 0x1f, 0xee, 0xb0, 0x65, 0xa0, 0xfe, 0xc7, 0x4c, 0x62, 0x1c, 0xb7, 0x7d, 0xb5, 0xeb, 0x65,
-	0xd4, 0xc7, 0xcc, 0x56, 0x78, 0xab, 0x84, 0xc8, 0xf7, 0x14, 0x9a, 0x52, 0x9e, 0x97, 0xc1, 0xf3,
-	0xa8, 0x9f, 0xb5, 0xc1, 0x88, 0x66, 0x88, 0x4c, 0x68, 0xa7, 0x91, 0x36, 0x39, 0x72, 0xb4, 0xfa,
-	0x9b, 0x99, 0x58, 0x58, 0xb9, 0x43, 0xfc, 0xb6, 0x70, 0xaa, 0xce, 0xed, 0x7e, 0xaa, 0x56, 0xff,
-	0x28, 0x9b, 0x1c, 0xd5, 0xee, 0x10, 0x3f, 0xe4, 0x20, 0xae, 0xab, 0x1e, 0x6d, 0xdd, 0x5a, 0x46,
-	0xa3, 0xb2, 0x2c, 0xf8, 0xb2, 0x75, 0x31, 0x39, 0xb6, 0x5f, 0x4a, 0x2b, 0x22, 0x3c, 0xd4, 0xf7,
-	0x32, 0xf1, 0x80, 0x7c, 0x87, 0x3e, 0x3f, 0x3d, 0x9a, 0xb6, 0xc8, 0x9f, 0xf2, 0x01, 0x59, 0x6b,
-	0x0e, 0xe2, 0x53, 0x3e, 0x20, 0xab, 0xc6, 0xa3, 0x7d, 0xca, 0x4f, 0x67, 0xd3, 0xe2, 0x19, 0x1e,
-	0xfa, 0x07, 0x7d, 0x4a, 0x14, 0x32, 0x6b, 0x19, 0xff, 0xb4, 0x27, 0xd2, 0x02, 0x08, 0xa6, 0xf0,
-	0x8c, 0xf1, 0x79, 0xb4, 0x31, 0x9e, 0x28, 0xac, 0x0f, 0x88, 0x22, 0x1f, 0x0d, 0x61, 0x7d, 0x40,
-	0x86, 0xca, 0x07, 0x4f, 0x58, 0xbf, 0x9a, 0xdd, 0x6d, 0x10, 0xcd, 0x13, 0xe1, 0xc5, 0x84, 0xf7,
-	0xe5, 0x6c, 0x3c, 0xb8, 0xeb, 0xa1, 0x8b, 0x69, 0x16, 0xf5, 0xf1, 0x30, 0xb3, 0xa9, 0xc2, 0x61,
-	0xf8, 0xb4, 0x1d, 0x0d, 0xff, 0x8e, 0x9b, 0x88, 0x3f, 0x94, 0xec, 0x4e, 0x24, 0x8c, 0x56, 0xfd,
-	0xb3, 0x4c, 0x24, 0x12, 0xea, 0xa1, 0x5c, 0x21, 0x3c, 0xd2, 0x92, 0x84, 0x5f, 0xf1, 0x2f, 0x33,
-	0xf3, 0x91, 0x24, 0x93, 0xc1, 0xf7, 0x94, 0x89, 0xa7, 0x9b, 0xcd, 0x68, 0x79, 0xee, 0x73, 0xff,
-	0xeb, 0x59, 0x34, 0x1e, 0x23, 0xc5, 0x97, 0xa4, 0x28, 0x34, 0x70, 0x2d, 0x19, 0x31, 0xce, 0x66,
-	0xf1, 0x68, 0xf6, 0x70, 0x93, 0x7a, 0x09, 0xe5, 0xcb, 0xfa, 0x26, 0xfb, 0xb6, 0x5e, 0xc6, 0xd2,
-	0xd0, 0x37, 0xc5, 0x1b, 0x37, 0xc0, 0xe3, 0x15, 0x74, 0x86, 0xbd, 0x87, 0x98, 0xb6, 0xb5, 0x6c,
-	0xb6, 0x48, 0xc5, 0x5a, 0x30, 0x9b, 0x4d, 0xd3, 0xe5, 0x8f, 0x66, 0x57, 0xb7, 0xb7, 0x8a, 0x97,
-	0x3d, 0xdb, 0xd3, 0x9b, 0x75, 0xe2, 0x93, 0xd5, 0x3d, 0xb3, 0x45, 0xea, 0xa6, 0x55, 0x6f, 0x01,
-	0xa5, 0xc0, 0x32, 0x99, 0x15, 0xae, 0xb0, 0x2c, 0x98, 0xb5, 0x86, 0x6e, 0x59, 0xc4, 0xa8, 0x58,
-	0x53, 0x9b, 0x1e, 0x61, 0x8f, 0x6d, 0x39, 0x76, 0x25, 0xc8, 0x7c, 0xaf, 0x19, 0x9a, 0x32, 0x5e,
-	0xa1, 0x04, 0x5a, 0x42, 0x21, 0xf5, 0xd7, 0xf2, 0x09, 0x41, 0x70, 0x8f, 0x90, 0xfa, 0xf8, 0x3d,
-	0x9d, 0xdf, 0xa1, 0xa7, 0xaf, 0xa1, 0x7e, 0x1e, 0x67, 0x92, 0x3f, 0x30, 0x80, 0xb1, 0xf8, 0x03,
-	0x06, 0x12, 0x5f, 0x68, 0x38, 0x15, 0x6e, 0xa2, 0x89, 0x65, 0xda, 0x4d, 0xc9, 0x9d, 0xd9, 0xf7,
-	0x08, 0x9d, 0xd9, 0x85, 0x1f, 0x7e, 0x0b, 0x9d, 0x03, 0x6c, 0x42, 0xb7, 0xf6, 0x43, 0x55, 0x10,
-	0x99, 0x89, 0x55, 0x95, 0xdc, 0xb9, 0x69, 0xe5, 0xf1, 0xa7, 0xd0, 0x70, 0x30, 0x40, 0x4c, 0xe2,
-	0xf2, 0x97, 0x8b, 0x2e, 0xe3, 0x8c, 0x85, 0x3d, 0xa3, 0x60, 0x30, 0xd1, 0x92, 0x43, 0x67, 0x49,
-	0xbc, 0xd4, 0xff, 0x90, 0xe9, 0x16, 0xf6, 0xf8, 0xd0, 0x67, 0xe5, 0x57, 0x50, 0xbf, 0xc1, 0x3e,
-	0x8a, 0xeb, 0x54, 0xf7, 0xc0, 0xc8, 0x8c, 0x54, 0xf3, 0xcb, 0xa8, 0x7f, 0x98, 0xe9, 0x1a, 0x6d,
-	0xf9, 0xa8, 0x7f, 0xde, 0x97, 0x73, 0x29, 0x9f, 0xc7, 0x27, 0xd1, 0x2b, 0xa8, 0x60, 0x86, 0x91,
-	0x7c, 0xeb, 0x61, 0x78, 0x27, 0x6d, 0x4c, 0x80, 0xc3, 0xe8, 0xba, 0x89, 0xce, 0xfa, 0x86, 0x85,
-	0x8e, 0x6f, 0x81, 0xe5, 0xd6, 0x3b, 0x8e, 0xc9, 0xc6, 0xa5, 0x76, 0xda, 0x8d, 0x98, 0x67, 0xb9,
-	0x77, 0x1c, 0x93, 0x56, 0xa0, 0x7b, 0x6b, 0xc4, 0xd2, 0xeb, 0x1b, 0xb6, 0xb3, 0x0e, 0xb1, 0x35,
-	0xd9, 0xe0, 0xd4, 0xc6, 0x18, 0xfc, 0x9e, 0x0f, 0xc6, 0x4f, 0xa1, 0x91, 0xd5, 0x66, 0x87, 0x04,
-	0xd1, 0x0c, 0xd9, 0x5b, 0x9f, 0x36, 0x4c, 0x81, 0xc1, 0x0b, 0xc9, 0x05, 0x84, 0x80, 0xc8, 0x83,
-	0x58, 0xd8, 0xf0, 0xb0, 0xa7, 0x0d, 0x52, 0xc8, 0x32, 0xef, 0xae, 0x09, 0xa6, 0xd5, 0x4c, 0x48,
-	0xf5, 0xa6, 0x6d, 0xad, 0xd6, 0x3d, 0xe2, 0xb4, 0xa0, 0xa1, 0x60, 0x9c, 0xa8, 0x9d, 0x05, 0x0a,
-	0x78, 0x3a, 0x71, 0xe7, 0x6d, 0x6b, 0x75, 0x99, 0x38, 0x2d, 0xda, 0xd4, 0xab, 0x08, 0xf3, 0xa6,
-	0x3a, 0x70, 0xe9, 0xc1, 0x3e, 0x0e, 0xec, 0x14, 0x35, 0xfe, 0x11, 0xec, 0x36, 0x04, 0x3e, 0xac,
-	0x88, 0x86, 0x58, 0x48, 0x37, 0x26, 0x34, 0x30, 0x55, 0xd4, 0x10, 0x03, 0x81, 0xbc, 0xce, 0x22,
-	0x6e, 0xbd, 0xc0, 0xac, 0xa6, 0x35, 0xfe, 0x4b, 0xfd, 0x3b, 0xd9, 0xb4, 0x40, 0xc9, 0x47, 0xf5,
-	0x8d, 0x03, 0xcf, 0x21, 0xc4, 0x33, 0x4a, 0xd2, 0xcf, 0x8d, 0x18, 0xb4, 0x86, 0x98, 0x14, 0x1e,
-	0x42, 0x59, 0xf5, 0x0b, 0xd9, 0xb4, 0x50, 0xcf, 0xfb, 0x12, 0x4e, 0xb8, 0xee, 0x64, 0xf7, 0xb0,
-	0xee, 0x1c, 0xbe, 0x38, 0x92, 0x74, 0xe5, 0x68, 0xbf, 0x87, 0x1d, 0xa0, 0x70, 0x7e, 0x24, 0x9b,
-	0x1a, 0x60, 0xfb, 0x44, 0x3a, 0xea, 0x17, 0xb3, 0xa9, 0x01, 0xc2, 0x8f, 0xe5, 0x50, 0x4a, 0xd4,
-	0x96, 0x93, 0xb1, 0xc4, 0x28, 0x9e, 0x59, 0x60, 0xe1, 0x1d, 0x6f, 0x9b, 0x96, 0x81, 0x1f, 0x43,
-	0x67, 0xee, 0xd4, 0x66, 0xb4, 0xfa, 0xed, 0xca, 0x62, 0xb9, 0x7e, 0x67, 0xb1, 0x56, 0x9d, 0x99,
-	0xae, 0xcc, 0x56, 0x66, 0xca, 0x85, 0x1e, 0x7c, 0x0a, 0x8d, 0x85, 0xa8, 0xb9, 0x3b, 0x0b, 0xa5,
-	0xc5, 0x42, 0x06, 0x8f, 0xa3, 0x91, 0x10, 0x38, 0xb5, 0xb4, 0x5c, 0xc8, 0x3e, 0xf3, 0x34, 0x1a,
-	0x82, 0xf5, 0xb5, 0x04, 0xdc, 0xf1, 0x30, 0x1a, 0x58, 0x9a, 0xaa, 0xcd, 0x68, 0x77, 0x81, 0x09,
-	0x42, 0x7d, 0xe5, 0x99, 0x45, 0xca, 0x30, 0xf3, 0xcc, 0xff, 0xca, 0x20, 0x54, 0x9b, 0x5d, 0xae,
-	0x72, 0xc2, 0x21, 0xd4, 0x5f, 0x59, 0xbc, 0x5b, 0x9a, 0xaf, 0x50, 0xba, 0x01, 0x94, 0x5f, 0xaa,
-	0xce, 0xd0, 0x1a, 0x06, 0x51, 0xef, 0xf4, 0xfc, 0x52, 0x6d, 0xa6, 0x90, 0xa5, 0x40, 0x6d, 0xa6,
-	0x54, 0x2e, 0xe4, 0x28, 0xf0, 0x9e, 0x56, 0x59, 0x9e, 0x29, 0xe4, 0xe9, 0x9f, 0xf3, 0xb5, 0xe5,
-	0xd2, 0x72, 0xa1, 0x97, 0xfe, 0x39, 0x0b, 0x7f, 0xf6, 0x51, 0x66, 0xb5, 0x99, 0x65, 0xf8, 0xd1,
-	0x4f, 0x9b, 0x30, 0xeb, 0xff, 0x1a, 0xa0, 0x28, 0xca, 0xba, 0x5c, 0xd1, 0x0a, 0x83, 0xf4, 0x07,
-	0x65, 0x49, 0x7f, 0x20, 0xda, 0x38, 0x6d, 0x66, 0x61, 0xe9, 0xee, 0x4c, 0x61, 0x88, 0xf2, 0x5a,
-	0xb8, 0x4d, 0xc1, 0xc3, 0xf4, 0x4f, 0x6d, 0x81, 0xfe, 0x39, 0x42, 0x39, 0x69, 0x33, 0xa5, 0xf9,
-	0x6a, 0x69, 0x79, 0xae, 0x30, 0x4a, 0xdb, 0x03, 0x3c, 0xc7, 0x58, 0xc9, 0xc5, 0xd2, 0xc2, 0x4c,
-	0xa1, 0xc0, 0x69, 0xca, 0xf3, 0x95, 0xc5, 0xdb, 0x85, 0x71, 0x68, 0xc8, 0x5b, 0x0b, 0xf0, 0x03,
-	0xd3, 0x02, 0xf0, 0xd7, 0xa9, 0x67, 0x3e, 0x83, 0xfa, 0x96, 0x6a, 0x60, 0x39, 0x73, 0x0e, 0x9d,
-	0x5a, 0xaa, 0xd5, 0x97, 0xdf, 0xaa, 0xce, 0x44, 0xe4, 0x3d, 0x8e, 0x46, 0x7c, 0xc4, 0x7c, 0x65,
-	0xf1, 0xce, 0x9b, 0x4c, 0xda, 0x3e, 0x68, 0xa1, 0x34, 0xbd, 0x54, 0x2b, 0x64, 0x69, 0xaf, 0xf8,
-	0xa0, 0x7b, 0x95, 0xc5, 0xf2, 0xd2, 0xbd, 0x5a, 0x21, 0xf7, 0xcc, 0x03, 0x3f, 0xe3, 0xd2, 0x92,
-	0x63, 0xae, 0x9a, 0x16, 0xbe, 0x80, 0x1e, 0x2b, 0xcf, 0xdc, 0xad, 0x4c, 0xcf, 0xd4, 0x97, 0xb4,
-	0xca, 0xad, 0xca, 0x62, 0xa4, 0xa6, 0x33, 0x68, 0x5c, 0x46, 0x97, 0xaa, 0x95, 0x42, 0x06, 0x9f,
-	0x45, 0x58, 0x06, 0xbf, 0x5e, 0x5a, 0x98, 0x2d, 0x64, 0xb1, 0x82, 0x4e, 0xcb, 0xf0, 0xca, 0xe2,
-	0xf2, 0x9d, 0xc5, 0x99, 0x42, 0xee, 0x99, 0x9f, 0xc8, 0xa0, 0x33, 0x89, 0x0e, 0x94, 0x58, 0x45,
-	0x17, 0x67, 0xe6, 0x4b, 0xb5, 0xe5, 0xca, 0x74, 0x6d, 0xa6, 0xa4, 0x4d, 0xcf, 0xd5, 0xa7, 0x4b,
-	0xcb, 0x33, 0xb7, 0x96, 0xb4, 0xb7, 0xea, 0xb7, 0x66, 0x16, 0x67, 0xb4, 0xd2, 0x7c, 0xa1, 0x07,
-	0x3f, 0x85, 0x8a, 0x29, 0x34, 0xb5, 0x99, 0xe9, 0x3b, 0x5a, 0x65, 0xf9, 0xad, 0x42, 0x06, 0x3f,
-	0x89, 0x2e, 0xa4, 0x12, 0xd1, 0xdf, 0x85, 0x2c, 0xbe, 0x88, 0x26, 0xd2, 0x48, 0xde, 0x98, 0x2f,
-	0xe4, 0x9e, 0xf9, 0xe1, 0x0c, 0xc2, 0x71, 0x0f, 0x38, 0xfc, 0x04, 0x3a, 0x4f, 0xf5, 0xa2, 0x9e,
-	0xde, 0xc0, 0x27, 0xd1, 0x85, 0x44, 0x0a, 0xa1, 0x79, 0x45, 0xf4, 0x78, 0x0a, 0x09, 0x6f, 0xdc,
-	0x79, 0xa4, 0x24, 0x13, 0xd0, 0xa6, 0x4d, 0x95, 0xdf, 0xfb, 0x4f, 0x17, 0x7b, 0xde, 0xfb, 0xe6,
-	0xc5, 0xcc, 0xef, 0x7e, 0xf3, 0x62, 0xe6, 0x8f, 0xbe, 0x79, 0x31, 0xf3, 0xa9, 0xeb, 0x7b, 0x71,
-	0x10, 0x64, 0xa3, 0x7f, 0xa5, 0x0f, 0x5c, 0x61, 0x6e, 0xfc, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff,
-	0xac, 0x7f, 0x9a, 0xda, 0xe2, 0x35, 0x01, 0x00,
+	0x71, 0x71, 0xd9, 0xfc, 0xab, 0x0c, 0x3a, 0xb5, 0x54, 0x29, 0x4f, 0x7f, 0x9b, 0x68, 0x4d, 0xfc,
+	0x7b, 0x8e, 0x76, 0x4f, 0xc3, 0xf7, 0xd4, 0x4a, 0x0b, 0xf3, 0xdf, 0x4e, 0xfd, 0x23, 0x7d, 0xcf,
+	0x11, 0xef, 0x9f, 0xdf, 0xea, 0x43, 0x43, 0xb7, 0x3b, 0x2b, 0x84, 0xbf, 0xf9, 0x1d, 0xeb, 0x03,
+	0xf5, 0x75, 0x34, 0xc4, 0xc5, 0x00, 0x97, 0x51, 0x42, 0xe0, 0x11, 0xee, 0x48, 0xca, 0x7c, 0xbb,
+	0x45, 0x22, 0x7c, 0x1e, 0xe5, 0xef, 0x12, 0x67, 0x45, 0xb4, 0xc9, 0x7f, 0x40, 0x9c, 0x15, 0x0d,
+	0xa0, 0x78, 0x3e, 0x34, 0x95, 0x2b, 0x55, 0x2b, 0x10, 0x84, 0x9a, 0xdf, 0x83, 0x41, 0x54, 0xed,
+	0xc0, 0x9c, 0x40, 0x6f, 0x9b, 0x2c, 0x7c, 0xb5, 0xe8, 0x0f, 0x14, 0x2d, 0x89, 0x17, 0xd1, 0xb8,
+	0xf8, 0x9e, 0xcc, 0x22, 0x30, 0x0f, 0x24, 0xb0, 0x4b, 0x8a, 0xbd, 0x1c, 0x2f, 0x8a, 0x5f, 0x45,
+	0xc3, 0x3e, 0x10, 0x5e, 0xc6, 0x07, 0xc3, 0xb0, 0x9f, 0x01, 0xab, 0x48, 0x78, 0x77, 0xa9, 0x80,
+	0xc8, 0x00, 0x6e, 0x77, 0x50, 0x02, 0x83, 0x88, 0xa5, 0x81, 0x54, 0x00, 0x7f, 0x0c, 0x18, 0xb4,
+	0x6d, 0xcb, 0x25, 0xf0, 0x06, 0x38, 0x04, 0x06, 0xeb, 0x60, 0x8a, 0xe7, 0x70, 0x38, 0x73, 0x4b,
+	0x90, 0xc8, 0xf0, 0x12, 0x42, 0xe1, 0x5b, 0x0d, 0x77, 0xfe, 0xda, 0xf3, 0x2b, 0x92, 0xc0, 0x42,
+	0xbc, 0x65, 0x1d, 0x79, 0x94, 0x5b, 0x56, 0xf5, 0x77, 0xb3, 0x68, 0xa8, 0xd4, 0x6e, 0x07, 0x43,
+	0xe1, 0x59, 0xd4, 0x57, 0x6a, 0xb7, 0xef, 0x68, 0x15, 0x31, 0x0c, 0xa4, 0xde, 0x6e, 0xd7, 0x3b,
+	0x8e, 0x29, 0x9a, 0xda, 0x30, 0x22, 0x3c, 0x8d, 0x46, 0x4a, 0xed, 0x76, 0xb5, 0xb3, 0xd2, 0x34,
+	0x1b, 0x42, 0x54, 0x79, 0x96, 0x00, 0xa3, 0xdd, 0xae, 0xb7, 0x01, 0x13, 0x4d, 0x2d, 0x20, 0x97,
+	0xc1, 0x6f, 0x83, 0xcb, 0x34, 0x0f, 0x6a, 0xce, 0xc2, 0x26, 0xab, 0x41, 0x00, 0xc8, 0xb0, 0x6d,
+	0x93, 0x01, 0x11, 0x0b, 0x94, 0x79, 0xde, 0x0f, 0x37, 0x4a, 0x2b, 0x8a, 0x05, 0x2f, 0x0f, 0x59,
+	0xe2, 0x8f, 0xa2, 0xfe, 0x52, 0xbb, 0x2d, 0x5c, 0xe3, 0xc1, 0x5b, 0x2d, 0x2d, 0x15, 0xe9, 0x63,
+	0x9f, 0x6c, 0xe2, 0x65, 0x34, 0x2a, 0x57, 0xb6, 0xa7, 0x40, 0x9b, 0x7f, 0x9a, 0x81, 0x0f, 0x3a,
+	0xe2, 0xa6, 0x62, 0x37, 0x50, 0xae, 0xd4, 0x6e, 0xf3, 0xf9, 0xe8, 0x54, 0x42, 0x7f, 0x44, 0xdd,
+	0x47, 0x4a, 0xed, 0xb6, 0xff, 0xe9, 0xcc, 0x54, 0xf5, 0x78, 0x7d, 0xfa, 0xd7, 0xd8, 0xa7, 0x1f,
+	0x6d, 0x7b, 0x50, 0xf5, 0x97, 0x72, 0x68, 0xac, 0xd4, 0x6e, 0x9f, 0x04, 0xe8, 0x3c, 0x28, 0x27,
+	0x95, 0xe7, 0x10, 0x12, 0xa6, 0xc7, 0xfe, 0xc0, 0x64, 0x7b, 0x48, 0x98, 0x1a, 0x95, 0x8c, 0x26,
+	0x10, 0xf9, 0xea, 0x37, 0xb0, 0x27, 0xf5, 0xfb, 0x7c, 0x0e, 0xa6, 0xe2, 0xa3, 0xee, 0x70, 0xff,
+	0x41, 0xe9, 0x36, 0xde, 0x07, 0x7d, 0x7b, 0xea, 0x83, 0xdf, 0x94, 0x06, 0x0f, 0x04, 0x7c, 0x3c,
+	0xe9, 0x85, 0xde, 0x7d, 0x6d, 0x8b, 0x47, 0x45, 0x61, 0x72, 0x2f, 0x60, 0x3f, 0x08, 0x3d, 0xf7,
+	0x49, 0x6f, 0x50, 0x54, 0xdd, 0x34, 0xb4, 0x08, 0xad, 0xdf, 0x87, 0xfd, 0x7b, 0xea, 0xc3, 0xad,
+	0x2c, 0xf8, 0x9d, 0x04, 0x3e, 0xed, 0xfb, 0x3f, 0x5d, 0x5c, 0x43, 0x88, 0x3d, 0xe8, 0x04, 0xd6,
+	0x62, 0x23, 0xcc, 0x7d, 0x95, 0xc5, 0xa6, 0xe7, 0xee, 0xab, 0x21, 0x49, 0xf0, 0xf0, 0x9c, 0x4b,
+	0x7c, 0x78, 0xbe, 0x82, 0x06, 0x34, 0x7d, 0xe3, 0x8d, 0x0e, 0x71, 0x36, 0xf9, 0x76, 0x86, 0x85,
+	0x8c, 0xd1, 0x37, 0xea, 0x9f, 0xa3, 0x40, 0x2d, 0x40, 0x63, 0x35, 0x70, 0x5c, 0x12, 0x1e, 0xda,
+	0xd8, 0xed, 0x5e, 0xe0, 0xae, 0xf4, 0x28, 0x8a, 0x8e, 0x5f, 0x42, 0xb9, 0xd2, 0xbd, 0x1a, 0x97,
+	0x6c, 0xd0, 0xb5, 0xa5, 0x7b, 0x35, 0x2e, 0xaf, 0xd4, 0xb2, 0xf7, 0x6a, 0xea, 0xe7, 0xb3, 0x08,
+	0xc7, 0x29, 0xf1, 0xf3, 0x68, 0x10, 0xa0, 0xab, 0x54, 0x67, 0xc4, 0xa4, 0x46, 0x1b, 0x6e, 0xdd,
+	0x01, 0xa8, 0xb4, 0xb9, 0xf3, 0x49, 0xf1, 0x8b, 0x90, 0xbf, 0x8d, 0xa7, 0xd5, 0x90, 0x92, 0x1a,
+	0x6d, 0xb8, 0x7e, 0xc6, 0xb3, 0x48, 0xfa, 0x36, 0x4e, 0x0c, 0xfb, 0xc2, 0x7b, 0xb5, 0x39, 0xdb,
+	0xf5, 0xb8, 0xa8, 0xd9, 0xbe, 0x70, 0xc3, 0x85, 0x6c, 0x5a, 0xd2, 0xbe, 0x90, 0x91, 0x41, 0x46,
+	0x80, 0x7b, 0x35, 0x66, 0xfd, 0x6b, 0x68, 0x76, 0xd3, 0xdf, 0x50, 0xb2, 0x8c, 0x00, 0x1b, 0x6e,
+	0x9d, 0x59, 0x0e, 0x1b, 0x90, 0x38, 0x4e, 0xca, 0x08, 0x20, 0x95, 0x52, 0xbf, 0x38, 0x80, 0x0a,
+	0x65, 0xdd, 0xd3, 0x57, 0x74, 0x97, 0x08, 0xa7, 0xe9, 0x31, 0x1f, 0xe6, 0x7f, 0x8e, 0x20, 0x07,
+	0x63, 0x25, 0xe1, 0x6b, 0xa2, 0x05, 0xf0, 0x27, 0x42, 0xbe, 0x41, 0xbe, 0x26, 0x31, 0x01, 0xc4,
+	0x4a, 0xbd, 0xcd, 0xc1, 0x5a, 0x8c, 0x10, 0x5f, 0x45, 0x43, 0x3e, 0x8c, 0x1e, 0x00, 0x72, 0xa1,
+	0xce, 0x18, 0x2b, 0x74, 0xff, 0xaf, 0x89, 0x68, 0xfc, 0x22, 0x1a, 0xf6, 0x7f, 0x0a, 0x5b, 0x6b,
+	0x96, 0xcd, 0x62, 0x25, 0x76, 0x7a, 0x12, 0x49, 0xc5, 0xa2, 0x30, 0xbf, 0xf5, 0x4a, 0x45, 0x23,
+	0x09, 0x23, 0x24, 0x52, 0xfc, 0x39, 0x34, 0xea, 0xff, 0xe6, 0x07, 0x06, 0x96, 0x5b, 0xe3, 0x6a,
+	0x90, 0x97, 0x2e, 0x22, 0xd6, 0x49, 0x99, 0x9c, 0x1d, 0x1d, 0x1e, 0xf7, 0x73, 0x20, 0x18, 0x2b,
+	0xf1, 0x93, 0x43, 0xa4, 0x02, 0x5c, 0x41, 0xe3, 0x3e, 0x24, 0xd4, 0xd0, 0xfe, 0xf0, 0xc4, 0x68,
+	0xac, 0xd4, 0x13, 0x95, 0x34, 0x5e, 0x0a, 0x37, 0xd1, 0x79, 0x09, 0x68, 0xb8, 0x6b, 0xe6, 0x7d,
+	0x8f, 0x1f, 0xf7, 0x78, 0xfc, 0x36, 0x9e, 0xf4, 0x26, 0xe0, 0xca, 0x68, 0xfc, 0xec, 0x55, 0x72,
+	0x64, 0xfd, 0xae, 0xdc, 0x70, 0x0d, 0x9d, 0xf6, 0xf1, 0xb7, 0xa6, 0xab, 0x55, 0xc7, 0x7e, 0x87,
+	0x34, 0xbc, 0x4a, 0x99, 0x1f, 0x97, 0x21, 0xae, 0x87, 0xb1, 0x52, 0x5f, 0x6d, 0xb4, 0xa9, 0x52,
+	0x50, 0x9c, 0xcc, 0x3c, 0xb1, 0x30, 0xbe, 0x8b, 0xce, 0x08, 0xf0, 0x8a, 0xe5, 0x7a, 0xba, 0xd5,
+	0x20, 0x95, 0x32, 0x3f, 0x43, 0xc3, 0x79, 0x9e, 0x73, 0x35, 0x39, 0x52, 0x66, 0x9b, 0x5c, 0x1c,
+	0xbf, 0x8c, 0x46, 0x7c, 0x04, 0x7b, 0xff, 0x18, 0x82, 0xf7, 0x0f, 0x18, 0x92, 0xc6, 0x4a, 0x3d,
+	0xea, 0xa4, 0x22, 0x13, 0x8b, 0x1a, 0x05, 0x69, 0x41, 0x87, 0x25, 0x8d, 0xf2, 0x36, 0xdb, 0x89,
+	0xca, 0x08, 0xa9, 0x42, 0x5f, 0x0d, 0x35, 0x6a, 0xc9, 0x31, 0x57, 0x4d, 0x76, 0x92, 0xf6, 0xfd,
+	0x52, 0x56, 0xea, 0x36, 0x00, 0x93, 0xf4, 0x83, 0x91, 0x4f, 0x94, 0xd0, 0xa9, 0x04, 0x1d, 0xdb,
+	0xd3, 0x89, 0xf1, 0x0b, 0xd9, 0xb0, 0x11, 0x47, 0xfc, 0xd8, 0x38, 0x85, 0x06, 0xfc, 0x2f, 0xe1,
+	0x9b, 0x07, 0x25, 0x6d, 0x68, 0x46, 0x79, 0xf8, 0x78, 0x49, 0x1c, 0x47, 0xfc, 0x28, 0x79, 0x10,
+	0xe2, 0x78, 0x2f, 0x13, 0x8a, 0xe3, 0x88, 0x1f, 0x2f, 0xff, 0x7a, 0x3e, 0x9c, 0x93, 0x4e, 0xce,
+	0x98, 0x07, 0xb5, 0x4d, 0x0e, 0xcd, 0x8b, 0xfa, 0xf6, 0xe0, 0x1f, 0x22, 0xaa, 0x66, 0xff, 0xa3,
+	0xa9, 0x26, 0x7e, 0x19, 0x0d, 0x55, 0x6d, 0xd7, 0x5b, 0x75, 0x88, 0x5b, 0x0d, 0xe2, 0x8f, 0x82,
+	0x6f, 0x51, 0x9b, 0x83, 0xeb, 0x6d, 0x69, 0xf6, 0x17, 0xc9, 0xd5, 0xdf, 0xcf, 0xc5, 0xb4, 0x81,
+	0x6d, 0x5c, 0x8f, 0xa4, 0x36, 0x1c, 0xc0, 0x50, 0xc7, 0xd7, 0xc3, 0x55, 0x90, 0xed, 0xf0, 0x7b,
+	0x85, 0xe0, 0x2a, 0x2b, 0x7c, 0x83, 0x2f, 0x93, 0xe0, 0x4f, 0xa3, 0x73, 0x12, 0xa0, 0xaa, 0x3b,
+	0x7a, 0x8b, 0x78, 0x61, 0xae, 0x17, 0x70, 0x97, 0xf7, 0x4b, 0xd7, 0xdb, 0x01, 0x5a, 0xcc, 0x1f,
+	0x93, 0xc2, 0x41, 0x50, 0xad, 0xfe, 0x3d, 0x58, 0xae, 0xfd, 0xe7, 0x2c, 0x1a, 0x09, 0x3a, 0x5a,
+	0x77, 0x5c, 0x72, 0x7c, 0x7b, 0xf4, 0xe3, 0x68, 0x04, 0xbc, 0x37, 0x5b, 0xc4, 0xf2, 0x84, 0xa4,
+	0x8a, 0x2c, 0xe0, 0xa3, 0x8f, 0xe0, 0xb1, 0x7d, 0x25, 0x42, 0x5c, 0x44, 0xbd, 0x4c, 0x07, 0x04,
+	0x9f, 0x5a, 0xa6, 0x00, 0x0c, 0xae, 0xfe, 0x78, 0x0e, 0x0d, 0xfb, 0x52, 0x9e, 0x32, 0x8f, 0xea,
+	0x8d, 0xcf, 0xe1, 0x0a, 0xf9, 0x1a, 0x42, 0x55, 0xdb, 0xf1, 0xf4, 0xa6, 0x90, 0x9a, 0x1d, 0x8e,
+	0x4a, 0x6d, 0x80, 0xb2, 0x32, 0x02, 0x09, 0x9e, 0x44, 0x48, 0x18, 0x60, 0xfd, 0x30, 0xc0, 0x46,
+	0xb7, 0xb7, 0x8a, 0x28, 0x1c, 0x57, 0x9a, 0x40, 0xa1, 0xfe, 0x5a, 0x16, 0x8d, 0xf9, 0x9d, 0x34,
+	0xf3, 0x90, 0x34, 0x3a, 0xde, 0x31, 0x1e, 0x0c, 0xb2, 0xb4, 0x7b, 0x77, 0x94, 0xb6, 0xfa, 0x3f,
+	0x84, 0x89, 0x64, 0xba, 0x69, 0x9f, 0x4c, 0x24, 0x7f, 0x11, 0x3a, 0xae, 0x7e, 0x77, 0x0e, 0x9d,
+	0xf6, 0xa5, 0x3e, 0xdb, 0xb1, 0x60, 0x93, 0x31, 0xad, 0x37, 0x9b, 0xc7, 0x79, 0x5d, 0x1e, 0xf2,
+	0x05, 0xb1, 0xc4, 0xc3, 0x21, 0xf0, 0x38, 0xeb, 0xf7, 0x39, 0xb8, 0x6e, 0x9b, 0x86, 0x26, 0x12,
+	0xe1, 0x57, 0xd1, 0xb0, 0xff, 0xb3, 0xe4, 0xac, 0xfa, 0x8b, 0x31, 0x5c, 0x19, 0x04, 0x85, 0x74,
+	0x47, 0xf2, 0xfa, 0x90, 0x0a, 0xa8, 0xff, 0xa5, 0x0f, 0x4d, 0xdc, 0x33, 0x2d, 0xc3, 0xde, 0x70,
+	0xfd, 0x30, 0xfd, 0x47, 0x7e, 0xcb, 0x7c, 0xd8, 0xe1, 0xf9, 0xdf, 0x40, 0x67, 0xa2, 0x22, 0x75,
+	0x82, 0xe0, 0x49, 0xbc, 0x77, 0x36, 0x18, 0x41, 0xdd, 0x0f, 0xd8, 0xcf, 0xef, 0xdd, 0xb4, 0xe4,
+	0x92, 0xd1, 0x88, 0xff, 0xfd, 0xbb, 0x89, 0xf8, 0xff, 0x0c, 0xea, 0x2b, 0xdb, 0x2d, 0xdd, 0xf4,
+	0xfd, 0xff, 0x60, 0x14, 0x07, 0xf5, 0x02, 0x46, 0xe3, 0x14, 0x94, 0x3f, 0xaf, 0x18, 0xba, 0x6c,
+	0x30, 0xe4, 0xef, 0x17, 0xe8, 0xb8, 0xc4, 0xd1, 0x44, 0x22, 0x6c, 0xa3, 0x11, 0x5e, 0x1d, 0xbf,
+	0x25, 0x43, 0x70, 0x4b, 0x16, 0xe4, 0x55, 0x4c, 0x57, 0xab, 0x49, 0xa9, 0x1c, 0xbb, 0x2e, 0x63,
+	0x89, 0x08, 0xf8, 0xc7, 0xb0, 0xfb, 0x32, 0x4d, 0xe6, 0x2f, 0x08, 0x01, 0x26, 0x99, 0xa1, 0xb8,
+	0x10, 0x60, 0x96, 0x11, 0x89, 0xf0, 0x0c, 0x1a, 0x2f, 0x35, 0x9b, 0xf6, 0x46, 0x10, 0xa5, 0x88,
+	0xaa, 0xc4, 0x30, 0x44, 0x6a, 0x85, 0xcb, 0x17, 0x9d, 0x22, 0xe1, 0xe3, 0xea, 0x0d, 0x8e, 0xd6,
+	0xe2, 0x25, 0x26, 0x5e, 0x43, 0x38, 0xde, 0xe6, 0x3d, 0x5d, 0xbf, 0x7c, 0x31, 0x8b, 0x70, 0xe4,
+	0x1c, 0x32, 0x73, 0x8c, 0xb7, 0x53, 0xea, 0xcf, 0x65, 0xd0, 0x78, 0x2c, 0x7a, 0x18, 0xbe, 0x81,
+	0x10, 0x83, 0x08, 0x51, 0x2b, 0xc0, 0x0d, 0x2c, 0x8c, 0x28, 0xc6, 0x97, 0x92, 0x90, 0x0c, 0x5f,
+	0x43, 0x03, 0xec, 0x57, 0x90, 0x26, 0x34, 0x5a, 0xa4, 0xd3, 0x31, 0x0d, 0x2d, 0x20, 0x0a, 0x6b,
+	0x81, 0x7b, 0xbc, 0x5c, 0x62, 0x11, 0x6f, 0xb3, 0x1d, 0xd4, 0x42, 0xc9, 0x68, 0x07, 0x0e, 0x07,
+	0x0d, 0x2e, 0x19, 0x87, 0xd5, 0x75, 0x7d, 0x3c, 0x10, 0x5b, 0x6e, 0xa7, 0x40, 0x6c, 0x91, 0xb9,
+	0x89, 0x47, 0x5e, 0x3b, 0x38, 0xe3, 0xd2, 0x2f, 0x67, 0xd1, 0x58, 0x50, 0xeb, 0x21, 0x5e, 0x19,
+	0x7d, 0x80, 0x44, 0xf2, 0xa5, 0x0c, 0x52, 0xa6, 0xcc, 0x66, 0xd3, 0xb4, 0x56, 0x2b, 0xd6, 0x7d,
+	0xdb, 0x69, 0xc1, 0xe4, 0x71, 0x78, 0xb7, 0x8b, 0xea, 0xf7, 0x65, 0xd0, 0x38, 0x6f, 0xd0, 0xb4,
+	0xee, 0x18, 0x87, 0x77, 0xed, 0x1b, 0x6d, 0xc9, 0xe1, 0xe9, 0x8b, 0xfa, 0xd5, 0x2c, 0x42, 0xf3,
+	0x76, 0x63, 0xfd, 0x88, 0x5b, 0xd0, 0x7f, 0x62, 0xe7, 0xec, 0xb8, 0x05, 0x39, 0x3b, 0xae, 0x92,
+	0xf1, 0xf3, 0xe3, 0xd2, 0x4a, 0x29, 0x1d, 0xdf, 0xd5, 0x04, 0x95, 0x8a, 0xe9, 0x77, 0x59, 0xa5,
+	0xdb, 0x5b, 0xc5, 0x7c, 0xd3, 0x6e, 0xac, 0x6b, 0x40, 0xaf, 0xfe, 0x79, 0x86, 0xc9, 0xee, 0x88,
+	0x5b, 0xd8, 0xfb, 0x9f, 0x9f, 0xdf, 0xe3, 0xe7, 0xff, 0xb5, 0x0c, 0x3a, 0xad, 0x91, 0x86, 0xfd,
+	0x80, 0x38, 0x9b, 0xd3, 0xb6, 0x41, 0x6e, 0x11, 0x8b, 0x38, 0x87, 0x35, 0xa2, 0xfe, 0x31, 0x84,
+	0x9a, 0x0c, 0x1b, 0x73, 0xc7, 0x25, 0xc6, 0xd1, 0x09, 0x78, 0xaa, 0xfe, 0xa3, 0x7e, 0xa4, 0x24,
+	0xee, 0x10, 0x8f, 0xec, 0xae, 0x28, 0x75, 0xdb, 0x9f, 0x3f, 0xa8, 0x6d, 0x7f, 0xef, 0xde, 0xb6,
+	0xfd, 0x7d, 0x7b, 0xdd, 0xf6, 0xf7, 0xef, 0x66, 0xdb, 0xdf, 0x8a, 0x6e, 0xfb, 0x07, 0x60, 0xdb,
+	0x7f, 0xa3, 0xeb, 0xb6, 0x7f, 0xc6, 0x32, 0x1e, 0x71, 0xd3, 0x7f, 0x64, 0xd3, 0x7c, 0x3c, 0xca,
+	0x69, 0xe5, 0x32, 0x9d, 0x14, 0x1b, 0xb6, 0x63, 0x10, 0x83, 0x1f, 0x52, 0xe0, 0x56, 0xde, 0xe1,
+	0x30, 0x2d, 0xc0, 0xc6, 0x72, 0xa6, 0x8c, 0xec, 0x26, 0x67, 0xca, 0x01, 0x1c, 0x63, 0xbe, 0x90,
+	0x45, 0xe3, 0xd3, 0xc4, 0xf1, 0x58, 0x3c, 0x91, 0x83, 0x78, 0x48, 0x2e, 0xa1, 0x31, 0x81, 0x21,
+	0xec, 0xc8, 0x85, 0x5c, 0xff, 0x0d, 0xe2, 0x78, 0xd1, 0xb7, 0xf5, 0x28, 0x3d, 0xad, 0xde, 0x8f,
+	0x5b, 0xcc, 0xc7, 0x6e, 0x50, 0xbd, 0x0f, 0x67, 0x82, 0x34, 0xf9, 0x2f, 0x2d, 0xa0, 0x17, 0x42,
+	0x11, 0xe7, 0xf7, 0x1e, 0x8a, 0x58, 0xfd, 0x99, 0x0c, 0xba, 0xa4, 0x11, 0x8b, 0x6c, 0xe8, 0x2b,
+	0x4d, 0x22, 0x34, 0x8b, 0xaf, 0x0c, 0x74, 0xd6, 0x30, 0xdd, 0x96, 0xee, 0x35, 0xd6, 0xf6, 0x25,
+	0xa3, 0x59, 0x34, 0x2c, 0xce, 0x5f, 0x7b, 0x98, 0xdb, 0xa4, 0x72, 0xea, 0xaf, 0xe6, 0x50, 0xff,
+	0x94, 0xed, 0xed, 0x3b, 0x63, 0x78, 0x38, 0xe5, 0x67, 0xf7, 0x70, 0x2f, 0xf2, 0x51, 0xa8, 0x5c,
+	0x88, 0x24, 0x08, 0x86, 0x17, 0x2b, 0x76, 0x2c, 0xe2, 0xa2, 0x4f, 0xb6, 0xc7, 0xa8, 0xd8, 0xcf,
+	0xa3, 0x41, 0xf0, 0xf6, 0x14, 0x6e, 0x2e, 0xc1, 0xac, 0xc9, 0xa3, 0xc0, 0x68, 0x1d, 0x21, 0x29,
+	0xfe, 0xb4, 0x14, 0x00, 0xa5, 0x6f, 0xff, 0x51, 0xb4, 0xc5, 0x58, 0x28, 0x07, 0x16, 0xac, 0x5a,
+	0xfd, 0x56, 0x1e, 0x0d, 0xfb, 0xc6, 0x2c, 0x87, 0xd4, 0x83, 0xcf, 0xa2, 0xbe, 0x39, 0x5b, 0x88,
+	0x8a, 0x08, 0xc6, 0x2f, 0x6b, 0xb6, 0x1b, 0xb1, 0xea, 0xe1, 0x44, 0xf8, 0x06, 0x1a, 0x58, 0xb4,
+	0x0d, 0xd1, 0x74, 0x0b, 0xc6, 0xb4, 0x65, 0x1b, 0x31, 0xd7, 0x97, 0x80, 0x10, 0x5f, 0x42, 0x79,
+	0xb0, 0x7a, 0x13, 0xae, 0x9e, 0x23, 0x96, 0x6e, 0x80, 0x17, 0x74, 0xa3, 0x6f, 0xaf, 0xba, 0xd1,
+	0xff, 0xa8, 0xba, 0x31, 0x70, 0xb0, 0xba, 0xf1, 0x16, 0x1a, 0x86, 0x9a, 0xfc, 0xa8, 0xdf, 0x3b,
+	0x2f, 0x6f, 0x8f, 0xf1, 0x15, 0x68, 0x84, 0xb5, 0x9b, 0xc7, 0xfe, 0x86, 0x85, 0x47, 0x62, 0x15,
+	0x51, 0x3b, 0xb4, 0x0f, 0xb5, 0xfb, 0xfd, 0x0c, 0xea, 0xbf, 0x63, 0xad, 0x5b, 0xf6, 0xc6, 0xfe,
+	0x34, 0xee, 0x06, 0x1a, 0xe2, 0x6c, 0x84, 0x39, 0x1e, 0xbc, 0x99, 0x3a, 0x0c, 0x5c, 0x07, 0x4e,
+	0x9a, 0x48, 0x85, 0x5f, 0x0e, 0x0a, 0x81, 0x61, 0x6b, 0x2e, 0x8c, 0x2b, 0xea, 0x17, 0x6a, 0xc8,
+	0xa1, 0x10, 0x45, 0x72, 0x7c, 0x9e, 0xe7, 0xc0, 0x17, 0x02, 0xeb, 0xd0, 0xa6, 0xb0, 0x14, 0xf8,
+	0xea, 0xbf, 0xcc, 0xa2, 0xd1, 0xc8, 0xf5, 0xd3, 0x33, 0x68, 0x90, 0x5f, 0xff, 0x98, 0x7e, 0x6c,
+	0x46, 0x30, 0x7c, 0x0d, 0x80, 0xda, 0x00, 0xfb, 0xb3, 0x62, 0xe0, 0x4f, 0xa2, 0x7e, 0xdb, 0x85,
+	0xa5, 0x09, 0xbe, 0x65, 0x34, 0x1c, 0x42, 0x4b, 0x35, 0xda, 0x76, 0x36, 0x38, 0x38, 0x89, 0xa8,
+	0x91, 0xb6, 0x0b, 0x9f, 0x76, 0x13, 0x0d, 0xea, 0xae, 0x4b, 0xbc, 0xba, 0xa7, 0xaf, 0x8a, 0xe1,
+	0x1a, 0x03, 0xa0, 0x38, 0x3a, 0x00, 0xb8, 0xac, 0xaf, 0xe2, 0xd7, 0xd0, 0x48, 0xc3, 0x21, 0xb0,
+	0x78, 0xe9, 0x4d, 0xda, 0x4a, 0x61, 0x73, 0x29, 0x21, 0xc4, 0x1b, 0xff, 0x10, 0x51, 0x31, 0xf0,
+	0x5d, 0x34, 0xc2, 0x3f, 0x87, 0x59, 0x9d, 0xc1, 0x40, 0x1b, 0x0d, 0x17, 0x13, 0x26, 0x12, 0x66,
+	0x77, 0xc6, 0x8d, 0x0f, 0x45, 0x72, 0x91, 0xaf, 0x21, 0x90, 0xaa, 0x5f, 0xcf, 0xd0, 0x0d, 0x0f,
+	0x05, 0x04, 0xe9, 0x34, 0x5b, 0x7b, 0xd4, 0x95, 0x56, 0x18, 0x31, 0xbf, 0xcf, 0xed, 0x32, 0x3b,
+	0x69, 0x1c, 0x8b, 0x27, 0x51, 0x9f, 0x21, 0xde, 0xfd, 0x9c, 0x95, 0x3f, 0xc2, 0xaf, 0x47, 0xe3,
+	0x54, 0xf8, 0x32, 0xca, 0xd3, 0x0d, 0x6d, 0xf4, 0xe0, 0x27, 0xae, 0x91, 0x1a, 0x50, 0xa8, 0xdf,
+	0x99, 0x45, 0xc3, 0xc2, 0xd7, 0x5c, 0xdf, 0xd7, 0xe7, 0xbc, 0xb4, 0xbb, 0x66, 0x72, 0x3b, 0x58,
+	0x80, 0x05, 0x4d, 0xbe, 0x19, 0x88, 0x62, 0x57, 0x4f, 0x10, 0x5c, 0x30, 0xcf, 0xf3, 0x0f, 0xed,
+	0xdb, 0xfd, 0x21, 0x88, 0xd2, 0xbf, 0x9e, 0x1f, 0xc8, 0x16, 0x72, 0xaf, 0xe7, 0x07, 0xf2, 0x85,
+	0x5e, 0xf0, 0xac, 0x87, 0x68, 0x52, 0xec, 0x84, 0x69, 0xdd, 0x37, 0x57, 0x8f, 0xb8, 0xdd, 0xe0,
+	0xc1, 0x46, 0x1d, 0x88, 0xc8, 0xe6, 0x88, 0x1b, 0x11, 0xbe, 0xaf, 0xb2, 0x39, 0x49, 0x60, 0xc0,
+	0x65, 0xf3, 0xef, 0x32, 0x48, 0x49, 0x94, 0x4d, 0xe9, 0x90, 0x5e, 0xbe, 0x0f, 0x2e, 0x8d, 0xc1,
+	0x37, 0xb3, 0x68, 0xbc, 0x62, 0x79, 0x64, 0x95, 0x9d, 0x7b, 0x8e, 0xf8, 0x54, 0x71, 0x9b, 0xa5,
+	0x31, 0xe5, 0x1f, 0xc3, 0xfb, 0xfc, 0xf1, 0xe0, 0x54, 0x19, 0xa2, 0x52, 0x38, 0x89, 0xa5, 0x0f,
+	0x30, 0xbd, 0x51, 0x44, 0xc8, 0x47, 0x7c, 0xce, 0x39, 0x1a, 0x42, 0x3e, 0xe2, 0x93, 0xd7, 0x07,
+	0x54, 0xc8, 0xff, 0x3d, 0x83, 0x4e, 0x25, 0x54, 0x0e, 0xc9, 0x01, 0x3b, 0x2b, 0x10, 0x72, 0x21,
+	0x23, 0x24, 0x07, 0xec, 0xac, 0x40, 0xb4, 0x05, 0xcd, 0x47, 0xe2, 0x65, 0x70, 0xac, 0x5a, 0xaa,
+	0x94, 0xa7, 0xb9, 0x54, 0x55, 0xc1, 0x45, 0x8c, 0x82, 0x93, 0xbe, 0x2c, 0x70, 0xbe, 0xb2, 0x4d,
+	0xa3, 0x11, 0x71, 0xbe, 0xa2, 0x65, 0xf0, 0x67, 0xd0, 0x60, 0xe9, 0xdd, 0x8e, 0x43, 0x80, 0x2f,
+	0x93, 0xf8, 0x87, 0x02, 0xbe, 0x3e, 0x22, 0x89, 0x33, 0xf3, 0x23, 0xa3, 0x14, 0x51, 0xde, 0x21,
+	0x43, 0xf5, 0x8b, 0x19, 0x34, 0x91, 0xde, 0x3a, 0xfc, 0x51, 0xd4, 0x4f, 0x4f, 0xb6, 0x25, 0x6d,
+	0x91, 0x7f, 0x3a, 0x4b, 0xf9, 0x61, 0x37, 0x49, 0x5d, 0x77, 0xc4, 0x8d, 0xb7, 0x4f, 0x86, 0x5f,
+	0x41, 0x43, 0x15, 0xd7, 0xed, 0x10, 0xa7, 0x76, 0xe3, 0x8e, 0x56, 0xe1, 0x67, 0x2a, 0xd8, 0xb3,
+	0x9b, 0x00, 0xae, 0xbb, 0x37, 0x22, 0x41, 0x15, 0x44, 0x7a, 0xf5, 0xfb, 0x33, 0xe8, 0x7c, 0xb7,
+	0xaf, 0xa2, 0x07, 0xf8, 0x65, 0x62, 0xe9, 0x96, 0xc7, 0x53, 0xeb, 0xf2, 0x23, 0x8a, 0x07, 0x30,
+	0xf9, 0x90, 0x11, 0x10, 0xd2, 0x42, 0xec, 0x76, 0x2c, 0x78, 0x8e, 0x67, 0x37, 0x79, 0x00, 0x8b,
+	0x14, 0xf2, 0x09, 0xd5, 0x9f, 0x7e, 0x13, 0xf5, 0x2e, 0x59, 0x64, 0xe9, 0x3e, 0x7e, 0x4e, 0x48,
+	0xe0, 0xc6, 0x07, 0xda, 0xb8, 0x38, 0x60, 0x00, 0x31, 0xd7, 0xa3, 0x09, 0x69, 0xde, 0x6e, 0x8a,
+	0x59, 0xa8, 0xb8, 0x3a, 0x60, 0xb1, 0x0c, 0xc3, 0xcc, 0xf5, 0x68, 0x62, 0xb6, 0xaa, 0x9b, 0x62,
+	0x72, 0x25, 0xde, 0xd9, 0x52, 0x29, 0x86, 0xf1, 0x4b, 0xf1, 0x69, 0x60, 0x3e, 0x29, 0x03, 0x51,
+	0x74, 0x4f, 0x10, 0xa7, 0x98, 0xeb, 0xd1, 0x92, 0x33, 0x17, 0x0d, 0x8b, 0x86, 0x31, 0xd1, 0x07,
+	0x39, 0x11, 0x37, 0xd7, 0xa3, 0x49, 0xb4, 0xf8, 0x85, 0x20, 0xcd, 0xe3, 0xeb, 0xb6, 0x69, 0x45,
+	0xbd, 0x2b, 0x05, 0xd4, 0x5c, 0x8f, 0x26, 0x52, 0x0a, 0x95, 0x56, 0x1d, 0x33, 0xc8, 0xc1, 0x16,
+	0xad, 0x14, 0x70, 0x42, 0xa5, 0xf0, 0x1b, 0xbf, 0x82, 0x46, 0x02, 0xb7, 0xd5, 0x77, 0x48, 0xc3,
+	0xe3, 0x57, 0x22, 0x67, 0x22, 0x85, 0x19, 0x72, 0xae, 0x47, 0x93, 0xa9, 0xf1, 0x65, 0x3f, 0xc1,
+	0x3f, 0xbf, 0xeb, 0x18, 0x15, 0xa6, 0x33, 0xf3, 0x5d, 0x2a, 0x25, 0x8e, 0xa7, 0xbd, 0x13, 0xbe,
+	0x1d, 0xf0, 0x0b, 0x0c, 0x1c, 0xa9, 0x65, 0xc6, 0x32, 0x68, 0xef, 0x08, 0x0f, 0x47, 0xaf, 0x45,
+	0x53, 0x20, 0xf3, 0xc4, 0xda, 0x67, 0x23, 0x25, 0x39, 0x76, 0xae, 0x47, 0x8b, 0xa6, 0x4c, 0x7e,
+	0x41, 0x4a, 0xbf, 0xcb, 0xe3, 0xa7, 0x44, 0xa5, 0x4a, 0x51, 0x82, 0x54, 0x21, 0x51, 0xef, 0x6b,
+	0xd1, 0x7c, 0xb0, 0x3c, 0x5a, 0xca, 0xd9, 0xe4, 0xac, 0xa1, 0x42, 0xd5, 0x7e, 0xfe, 0xd8, 0x17,
+	0xa4, 0xbc, 0x9d, 0x90, 0x1a, 0x3b, 0xa1, 0x6a, 0xdd, 0xd3, 0xc5, 0xaa, 0xd9, 0xf9, 0x52, 0xca,
+	0x20, 0x09, 0x09, 0x6e, 0xe2, 0x1d, 0x0a, 0x38, 0xa1, 0x43, 0x59, 0xb6, 0xc9, 0x17, 0xa4, 0x24,
+	0x26, 0x3c, 0x83, 0x4d, 0x50, 0xa9, 0x80, 0xa2, 0x95, 0x8a, 0xe9, 0x4e, 0x6e, 0x8a, 0xb9, 0x3d,
+	0x94, 0x71, 0xb9, 0x83, 0x42, 0x0c, 0xed, 0x20, 0x21, 0x07, 0x48, 0x11, 0xf2, 0x06, 0x28, 0x18,
+	0xc8, 0x87, 0x82, 0x16, 0x4e, 0x57, 0xe7, 0x7a, 0x34, 0xc8, 0x28, 0xa0, 0xb2, 0x8c, 0x14, 0xca,
+	0x29, 0xa0, 0x18, 0x0e, 0xf2, 0xa3, 0x3e, 0x24, 0x8d, 0xb9, 0x1e, 0x8d, 0x65, 0xab, 0x78, 0x4e,
+	0x88, 0xfd, 0xac, 0x9c, 0x96, 0xa7, 0x88, 0x00, 0x41, 0xa7, 0x88, 0x30, 0x42, 0xf4, 0x6c, 0x3c,
+	0x3e, 0xb2, 0x72, 0x46, 0x5e, 0x51, 0xa3, 0xf8, 0xb9, 0x1e, 0x2d, 0x1e, 0x53, 0xf9, 0x05, 0x29,
+	0x64, 0xb0, 0x72, 0x36, 0xe2, 0xd2, 0x1c, 0xa2, 0xa8, 0xb8, 0xc4, 0xe0, 0xc2, 0x4b, 0x89, 0x49,
+	0xbe, 0x94, 0x73, 0xf2, 0x72, 0x9c, 0x40, 0x32, 0xd7, 0xa3, 0x25, 0xa6, 0x07, 0x9b, 0x8e, 0x05,
+	0xee, 0x55, 0x14, 0xf9, 0xdd, 0x32, 0x82, 0x9e, 0xeb, 0xd1, 0x62, 0xa1, 0x7e, 0x6f, 0x8a, 0x11,
+	0x73, 0x95, 0xc7, 0xe4, 0x4e, 0x0c, 0x31, 0xb4, 0x13, 0x85, 0xc8, 0xba, 0x37, 0xc5, 0xb0, 0xb2,
+	0xca, 0x44, 0xbc, 0x54, 0x38, 0x73, 0x0a, 0xe1, 0x67, 0xb5, 0xe4, 0xd8, 0xab, 0xca, 0xe3, 0x3c,
+	0x34, 0x3f, 0x2f, 0x9f, 0x44, 0x33, 0xd7, 0xa3, 0x25, 0xc7, 0x6d, 0xd5, 0x92, 0x83, 0x96, 0x2a,
+	0xe7, 0xbb, 0xf1, 0x0c, 0x5a, 0x97, 0x1c, 0xf0, 0x54, 0xef, 0x12, 0x42, 0x52, 0xb9, 0x20, 0xc7,
+	0x53, 0x4a, 0x25, 0x9c, 0xeb, 0xd1, 0xba, 0x04, 0xa2, 0xbc, 0x93, 0x12, 0xcf, 0x51, 0xb9, 0x28,
+	0x67, 0xe6, 0x48, 0x24, 0x9a, 0xeb, 0xd1, 0x52, 0xa2, 0x41, 0xde, 0x49, 0x09, 0x85, 0xa8, 0x14,
+	0xbb, 0xb2, 0x0d, 0xe4, 0x91, 0x12, 0x48, 0x71, 0x29, 0x31, 0x8a, 0xa0, 0xf2, 0x84, 0xac, 0xba,
+	0x09, 0x24, 0x54, 0x75, 0x93, 0xe2, 0x0f, 0x2e, 0x25, 0x86, 0xf1, 0x53, 0x9e, 0xec, 0xc2, 0x30,
+	0x68, 0x63, 0x62, 0x00, 0xc0, 0xa5, 0xc4, 0x38, 0x7a, 0x8a, 0x2a, 0x33, 0x4c, 0x20, 0xa1, 0x0c,
+	0x93, 0x22, 0xf0, 0x2d, 0x25, 0x06, 0xb2, 0x53, 0x9e, 0xea, 0xc2, 0x30, 0x6c, 0x61, 0x52, 0x08,
+	0xbc, 0x17, 0xa4, 0x48, 0x72, 0xca, 0x87, 0xe4, 0x79, 0x43, 0x40, 0xd1, 0x79, 0x43, 0x8c, 0x39,
+	0x37, 0x1d, 0x8b, 0x95, 0xa3, 0x7c, 0x58, 0x1e, 0xe6, 0x11, 0x34, 0x1d, 0xe6, 0xd1, 0xe8, 0x3a,
+	0xd3, 0xb1, 0x98, 0x21, 0xca, 0xa5, 0x34, 0x26, 0x80, 0x96, 0x99, 0xb0, 0x28, 0x23, 0x95, 0x84,
+	0xa0, 0x15, 0xca, 0xd3, 0xb2, 0xcd, 0x5d, 0x8c, 0x60, 0xae, 0x47, 0x4b, 0x08, 0x75, 0xa1, 0x25,
+	0x7b, 0x68, 0x2a, 0x97, 0xe5, 0x61, 0x9b, 0x44, 0x43, 0x87, 0x6d, 0xa2, 0x77, 0xe7, 0x7c, 0x92,
+	0x7d, 0xad, 0x72, 0x45, 0xde, 0x98, 0xc5, 0x29, 0xe8, 0xc6, 0x2c, 0xc1, 0x2e, 0x57, 0x4b, 0xf6,
+	0x1a, 0x54, 0x9e, 0xe9, 0xda, 0x42, 0xa0, 0x49, 0x68, 0x21, 0x73, 0xa2, 0x0b, 0xf7, 0x4e, 0x77,
+	0xda, 0x4d, 0x5b, 0x37, 0x94, 0x8f, 0x24, 0xee, 0x9d, 0x18, 0x52, 0xd8, 0x3b, 0x31, 0x00, 0x5d,
+	0xe5, 0x45, 0xfb, 0x53, 0xe5, 0xaa, 0xbc, 0xca, 0x8b, 0x38, 0xba, 0xca, 0x4b, 0xb6, 0xaa, 0xd3,
+	0x31, 0x5b, 0x4d, 0xe5, 0x59, 0x59, 0x01, 0x22, 0x68, 0xaa, 0x00, 0x51, 0xeb, 0xce, 0xb7, 0xd3,
+	0xad, 0x1b, 0x95, 0x49, 0xe0, 0xf6, 0x44, 0x90, 0x01, 0x3e, 0x85, 0x6e, 0xae, 0x47, 0x4b, 0xb7,
+	0x90, 0xac, 0x24, 0x18, 0x2b, 0x2a, 0xd7, 0x64, 0x05, 0x8b, 0x11, 0x50, 0x05, 0x8b, 0x9b, 0x38,
+	0x56, 0x12, 0xac, 0x0d, 0x95, 0x8f, 0xa6, 0xb2, 0x0a, 0xbe, 0x39, 0xc1, 0x46, 0xf1, 0xa6, 0x68,
+	0x2e, 0xa8, 0x3c, 0x27, 0x2f, 0x76, 0x21, 0x86, 0x2e, 0x76, 0x82, 0x59, 0xe1, 0x4d, 0xd1, 0x50,
+	0x4e, 0xb9, 0x1e, 0x2f, 0x15, 0x2e, 0x91, 0x82, 0x41, 0x9d, 0x96, 0x6c, 0x5f, 0xa6, 0xdc, 0x90,
+	0xb5, 0x2e, 0x89, 0x86, 0x6a, 0x5d, 0xa2, 0x6d, 0xda, 0x6c, 0xdc, 0x4c, 0x4c, 0xb9, 0x19, 0xbd,
+	0x4b, 0x90, 0xf1, 0x74, 0xe7, 0x13, 0x33, 0x2d, 0x7b, 0x2d, 0x1a, 0x3e, 0x40, 0xf9, 0x58, 0xe4,
+	0x31, 0x43, 0xc2, 0xd2, 0xfd, 0x6d, 0x24, 0xdc, 0xc0, 0x6b, 0x51, 0x8f, 0x7b, 0xe5, 0xf9, 0x64,
+	0x0e, 0x81, 0xae, 0x44, 0x3d, 0xf4, 0x5f, 0x8b, 0x3a, 0xa9, 0x2b, 0x2f, 0x24, 0x73, 0x08, 0xa4,
+	0x1b, 0x75, 0x6a, 0x7f, 0x4e, 0x08, 0x9b, 0xa7, 0x7c, 0x5c, 0xde, 0x3a, 0x06, 0x08, 0xba, 0x75,
+	0x0c, 0x83, 0xeb, 0x3d, 0x27, 0x84, 0x9b, 0x53, 0x5e, 0x8c, 0x15, 0x09, 0x1a, 0x2b, 0x04, 0xa5,
+	0x7b, 0x4e, 0x08, 0xd3, 0xa6, 0xbc, 0x14, 0x2b, 0x12, 0xb4, 0x4e, 0x08, 0xe6, 0x66, 0x74, 0xf3,
+	0xc3, 0x51, 0x3e, 0x21, 0x5f, 0x71, 0xa4, 0x53, 0xce, 0xf5, 0x68, 0xdd, 0xfc, 0x79, 0xde, 0x4e,
+	0x37, 0xba, 0x53, 0x5e, 0x96, 0x87, 0x70, 0x1a, 0x1d, 0x1d, 0xc2, 0xa9, 0x86, 0x7b, 0xaf, 0x44,
+	0x7c, 0x72, 0x95, 0x57, 0xe4, 0x29, 0x4e, 0x42, 0xd2, 0x29, 0x2e, 0xea, 0xc1, 0x2b, 0x39, 0x9b,
+	0x2a, 0x9f, 0x94, 0xa7, 0x38, 0x11, 0x47, 0xa7, 0x38, 0xc9, 0x31, 0x75, 0x3a, 0xe6, 0x03, 0xa9,
+	0xbc, 0x2a, 0x4f, 0x71, 0x11, 0x34, 0x9d, 0xe2, 0xa2, 0x5e, 0x93, 0xaf, 0x44, 0x5c, 0x01, 0x95,
+	0xd7, 0x92, 0xdb, 0x0f, 0x48, 0xb1, 0xfd, 0xcc, 0x71, 0x50, 0x4b, 0xf6, 0x69, 0x53, 0x4a, 0xf2,
+	0xf8, 0x4d, 0xa2, 0xa1, 0xe3, 0x37, 0xd1, 0x1f, 0x6e, 0x29, 0x31, 0x2f, 0xa6, 0x32, 0xd5, 0xe5,
+	0xe0, 0x10, 0x6e, 0x45, 0x92, 0x32, 0x6a, 0x8a, 0x67, 0x64, 0x76, 0x10, 0x9a, 0x4e, 0x39, 0x23,
+	0xfb, 0xc7, 0xa0, 0x08, 0x3d, 0x9d, 0x5d, 0x63, 0x36, 0x60, 0x4a, 0x59, 0x9e, 0x5d, 0x63, 0x04,
+	0x74, 0x76, 0x8d, 0x5b, 0x8e, 0xcd, 0xa2, 0x02, 0xd7, 0x22, 0x66, 0xda, 0x66, 0x5a, 0xab, 0xca,
+	0x4c, 0xc4, 0xa5, 0x24, 0x82, 0xa7, 0xb3, 0x53, 0x14, 0x06, 0xeb, 0x35, 0x83, 0x4d, 0x37, 0xcd,
+	0xf6, 0x8a, 0xad, 0x3b, 0x46, 0x8d, 0x58, 0x86, 0x32, 0x1b, 0x59, 0xaf, 0x13, 0x68, 0x60, 0xbd,
+	0x4e, 0x80, 0x83, 0xd3, 0x7b, 0x04, 0xae, 0x91, 0x06, 0x31, 0x1f, 0x10, 0xe5, 0x16, 0xb0, 0x2d,
+	0xa6, 0xb1, 0xe5, 0x64, 0x73, 0x3d, 0x5a, 0x1a, 0x07, 0xba, 0x57, 0x5f, 0xd8, 0xac, 0xbd, 0x31,
+	0x1f, 0xb8, 0x51, 0x56, 0x1d, 0xd2, 0xd6, 0x1d, 0xa2, 0xcc, 0xc9, 0x7b, 0xf5, 0x44, 0x22, 0xba,
+	0x57, 0x4f, 0x44, 0xc4, 0xd9, 0xfa, 0x63, 0xa1, 0xd2, 0x8d, 0x6d, 0x38, 0x22, 0x92, 0x4b, 0xd3,
+	0xd9, 0x49, 0x46, 0x50, 0x01, 0xcd, 0xdb, 0xd6, 0x2a, 0xdc, 0x54, 0xbc, 0x2e, 0xcf, 0x4e, 0xe9,
+	0x94, 0x74, 0x76, 0x4a, 0xc7, 0x52, 0x55, 0x97, 0xb1, 0x6c, 0x0c, 0xde, 0x96, 0x55, 0x3d, 0x81,
+	0x84, 0xaa, 0x7a, 0x02, 0x38, 0xce, 0x50, 0x23, 0x2e, 0xf1, 0x94, 0xf9, 0x6e, 0x0c, 0x81, 0x24,
+	0xce, 0x10, 0xc0, 0x71, 0x86, 0xb3, 0xc4, 0x6b, 0xac, 0x29, 0x0b, 0xdd, 0x18, 0x02, 0x49, 0x9c,
+	0x21, 0x80, 0xe9, 0x61, 0x53, 0x06, 0x4f, 0x75, 0x9a, 0xeb, 0x7e, 0x9f, 0x2d, 0xca, 0x87, 0xcd,
+	0x54, 0x42, 0x7a, 0xd8, 0x4c, 0x45, 0xe2, 0xef, 0xdf, 0xb5, 0x8d, 0xa2, 0xb2, 0x04, 0x15, 0x4e,
+	0x86, 0xfb, 0x82, 0xdd, 0x94, 0x9a, 0xeb, 0xd1, 0x76, 0x6b, 0x03, 0xf9, 0x91, 0xc0, 0x94, 0x48,
+	0xa9, 0x42, 0x55, 0x63, 0xc1, 0x5d, 0x05, 0x03, 0xcf, 0xf5, 0x68, 0x81, 0xb1, 0xd1, 0x0b, 0x68,
+	0x08, 0x3e, 0xaa, 0x62, 0x99, 0x5e, 0x79, 0x4a, 0x79, 0x43, 0x3e, 0x32, 0x09, 0x28, 0x7a, 0x64,
+	0x12, 0x7e, 0xd2, 0x49, 0x1c, 0x7e, 0xb2, 0x29, 0xa6, 0x3c, 0xa5, 0x68, 0xf2, 0x24, 0x2e, 0x21,
+	0xe9, 0x24, 0x2e, 0x01, 0x82, 0x7a, 0xcb, 0x8e, 0xdd, 0x2e, 0x4f, 0x29, 0xb5, 0x84, 0x7a, 0x19,
+	0x2a, 0xa8, 0x97, 0xfd, 0x0c, 0xea, 0xad, 0xad, 0x75, 0xbc, 0x32, 0xfd, 0xc6, 0xe5, 0x84, 0x7a,
+	0x7d, 0x64, 0x50, 0xaf, 0x0f, 0xa0, 0x53, 0x21, 0x00, 0xaa, 0x8e, 0x4d, 0x27, 0xed, 0xdb, 0x66,
+	0xb3, 0xa9, 0xdc, 0x91, 0xa7, 0xc2, 0x28, 0x9e, 0x4e, 0x85, 0x51, 0x18, 0xdd, 0x7a, 0xb2, 0x56,
+	0x91, 0x95, 0xce, 0xaa, 0x72, 0x57, 0xde, 0x7a, 0x86, 0x18, 0xba, 0xf5, 0x0c, 0x7f, 0xc1, 0xe9,
+	0x82, 0xfe, 0xd2, 0xc8, 0x7d, 0x87, 0xb8, 0x6b, 0xca, 0xbd, 0xc8, 0xe9, 0x42, 0xc0, 0xc1, 0xe9,
+	0x42, 0xf8, 0x8d, 0x57, 0xd1, 0xe3, 0xd2, 0x42, 0xe3, 0xbf, 0x3d, 0xd5, 0x88, 0xee, 0x34, 0xd6,
+	0x94, 0x37, 0x81, 0xd5, 0x53, 0x89, 0x4b, 0x95, 0x4c, 0x3a, 0xd7, 0xa3, 0x75, 0xe3, 0x04, 0xc7,
+	0xf2, 0x37, 0xe6, 0x59, 0x6c, 0x1b, 0xad, 0x3a, 0xed, 0x1f, 0x42, 0xdf, 0x8a, 0x1c, 0xcb, 0xe3,
+	0x24, 0x70, 0x2c, 0x8f, 0x83, 0x71, 0x1b, 0x5d, 0x8c, 0x1c, 0xd5, 0x16, 0xf4, 0x26, 0x3d, 0x97,
+	0x10, 0xa3, 0xaa, 0x37, 0xd6, 0x89, 0xa7, 0x7c, 0x0a, 0x78, 0x5f, 0x4a, 0x39, 0xf0, 0x45, 0xa8,
+	0xe7, 0x7a, 0xb4, 0x1d, 0xf8, 0x61, 0x95, 0x65, 0x5e, 0x54, 0x3e, 0x2d, 0xdf, 0x6f, 0x52, 0xd8,
+	0x5c, 0x8f, 0xc6, 0xb2, 0x32, 0xbe, 0x8d, 0x94, 0x3b, 0xed, 0x55, 0x47, 0x37, 0x08, 0xdb, 0x68,
+	0xc1, 0xde, 0x8d, 0x6f, 0x40, 0x3f, 0x23, 0xef, 0xd2, 0xd2, 0xe8, 0xe8, 0x2e, 0x2d, 0x0d, 0x47,
+	0x15, 0x55, 0x0a, 0xe3, 0xaa, 0x7c, 0x56, 0x56, 0x54, 0x09, 0x49, 0x15, 0x55, 0x0e, 0xfa, 0xfa,
+	0x26, 0x3a, 0x1b, 0x9c, 0xe7, 0xf9, 0xfa, 0xcb, 0x3a, 0x4d, 0x79, 0x1b, 0xf8, 0x5c, 0x8c, 0x3d,
+	0x06, 0x48, 0x54, 0x73, 0x3d, 0x5a, 0x4a, 0x79, 0xba, 0xe2, 0xc6, 0x22, 0x94, 0xf3, 0xed, 0xc5,
+	0x77, 0xc8, 0x2b, 0x6e, 0x0a, 0x19, 0x5d, 0x71, 0x53, 0x50, 0x89, 0xcc, 0xb9, 0x50, 0xf5, 0x1d,
+	0x98, 0x07, 0x32, 0x4d, 0xe3, 0x90, 0xc8, 0x9c, 0xef, 0xd4, 0x56, 0x76, 0x60, 0x1e, 0xec, 0xd6,
+	0xd2, 0x38, 0xe0, 0xcb, 0xa8, 0xaf, 0x56, 0x5b, 0xd0, 0x3a, 0x96, 0xd2, 0x88, 0xd8, 0x80, 0x01,
+	0x74, 0xae, 0x47, 0xe3, 0x78, 0xba, 0x0d, 0x9a, 0x69, 0xea, 0xae, 0x67, 0x36, 0x5c, 0x18, 0x31,
+	0xfe, 0x08, 0x31, 0xe4, 0x6d, 0x50, 0x12, 0x0d, 0xdd, 0x06, 0x25, 0xc1, 0xe9, 0x7e, 0x71, 0x5a,
+	0x77, 0x5d, 0xdd, 0x32, 0x1c, 0x7d, 0x0a, 0x96, 0x09, 0x12, 0xb1, 0x94, 0x97, 0xb0, 0x74, 0xbf,
+	0x28, 0x43, 0xe0, 0xf2, 0xdd, 0x87, 0xf8, 0xdb, 0x9c, 0xfb, 0x91, 0xcb, 0xf7, 0x08, 0x1e, 0x2e,
+	0xdf, 0x23, 0x30, 0xd8, 0x77, 0xfa, 0x30, 0x8d, 0xac, 0x9a, 0x90, 0x27, 0x79, 0x35, 0xb2, 0xef,
+	0x8c, 0x12, 0xc0, 0xbe, 0x33, 0x0a, 0x94, 0x9a, 0xe4, 0x2f, 0xb7, 0x6b, 0x29, 0x4d, 0x0a, 0x57,
+	0xd9, 0x58, 0x19, 0xba, 0x7e, 0x87, 0x83, 0xa3, 0xbc, 0x69, 0xe9, 0x2d, 0xbb, 0x3c, 0xe5, 0x4b,
+	0xdd, 0x94, 0xd7, 0xef, 0x54, 0x42, 0xba, 0x7e, 0xa7, 0x22, 0xe9, 0xec, 0xea, 0x1f, 0xb4, 0xd6,
+	0x74, 0x87, 0x18, 0x41, 0xf6, 0x50, 0x76, 0x34, 0x7c, 0x47, 0x9e, 0x5d, 0xbb, 0x90, 0xd2, 0xd9,
+	0xb5, 0x0b, 0x9a, 0x6e, 0xf2, 0x92, 0xd1, 0x1a, 0xd1, 0x0d, 0x65, 0x5d, 0xde, 0xe4, 0xa5, 0x53,
+	0xd2, 0x4d, 0x5e, 0x3a, 0x36, 0xfd, 0x73, 0xee, 0x39, 0xa6, 0x47, 0x94, 0xe6, 0x6e, 0x3e, 0x07,
+	0x48, 0xd3, 0x3f, 0x07, 0xd0, 0xf4, 0x40, 0x18, 0xed, 0x90, 0x96, 0x7c, 0x20, 0x8c, 0x77, 0x43,
+	0xb4, 0x04, 0xdd, 0xb1, 0x70, 0x87, 0x09, 0xc5, 0x92, 0x77, 0x2c, 0x1c, 0x4c, 0x77, 0x2c, 0xa1,
+	0x4b, 0x85, 0x64, 0xa0, 0xaf, 0xd8, 0xf2, 0x1a, 0x2a, 0xe2, 0xe8, 0x1a, 0x2a, 0x19, 0xf3, 0xbf,
+	0x20, 0x59, 0xcf, 0x2a, 0x6d, 0x79, 0xd7, 0x21, 0xa0, 0xe8, 0xae, 0x43, 0xb4, 0xb3, 0x9d, 0x46,
+	0x63, 0xf0, 0x0a, 0xae, 0x75, 0x82, 0x77, 0x9c, 0xcf, 0xc9, 0x9f, 0x19, 0x41, 0xd3, 0xcf, 0x8c,
+	0x80, 0x24, 0x26, 0x7c, 0xda, 0x72, 0x52, 0x98, 0x84, 0xf7, 0x83, 0x11, 0x10, 0x9e, 0x47, 0xb8,
+	0x56, 0x5a, 0x98, 0xaf, 0x18, 0x55, 0xf1, 0x89, 0xcc, 0x95, 0x6f, 0x60, 0xe3, 0x14, 0x73, 0x3d,
+	0x5a, 0x42, 0x39, 0xfc, 0x0e, 0x3a, 0xcf, 0xa1, 0xdc, 0x1b, 0x0e, 0x52, 0xb0, 0x19, 0xc1, 0x82,
+	0xe0, 0xc9, 0xd6, 0x19, 0xdd, 0x68, 0xe7, 0x7a, 0xb4, 0xae, 0xbc, 0xd2, 0xeb, 0xe2, 0xeb, 0x43,
+	0x67, 0x37, 0x75, 0x05, 0x8b, 0x44, 0x57, 0x5e, 0xe9, 0x75, 0x71, 0xb9, 0x3f, 0xd8, 0x4d, 0x5d,
+	0x41, 0x27, 0x74, 0xe5, 0x85, 0x5d, 0x54, 0xec, 0x86, 0x2f, 0x35, 0x9b, 0xca, 0x06, 0x54, 0xf7,
+	0xf4, 0x6e, 0xaa, 0x2b, 0xc1, 0x86, 0x73, 0x27, 0x8e, 0x74, 0x96, 0x5e, 0x6a, 0x13, 0xab, 0x26,
+	0x2d, 0x40, 0x0f, 0xe5, 0x59, 0x3a, 0x46, 0x40, 0x67, 0xe9, 0x18, 0x90, 0x0e, 0x28, 0xd1, 0x08,
+	0x5b, 0xd9, 0x94, 0x07, 0x94, 0x88, 0xa3, 0x03, 0x4a, 0x32, 0xd8, 0x5e, 0x42, 0xa7, 0x96, 0xd6,
+	0x3d, 0xdd, 0xdf, 0x41, 0xba, 0xbc, 0x2b, 0xdf, 0x8d, 0x3c, 0x32, 0xc5, 0x49, 0xe0, 0x91, 0x29,
+	0x0e, 0xa6, 0x63, 0x84, 0x82, 0x6b, 0x9b, 0x56, 0x63, 0x56, 0x37, 0x9b, 0x1d, 0x87, 0x28, 0xff,
+	0x9f, 0x3c, 0x46, 0x22, 0x68, 0x3a, 0x46, 0x22, 0x20, 0xba, 0x40, 0x53, 0x50, 0xc9, 0x75, 0xcd,
+	0x55, 0x8b, 0x9f, 0x2b, 0x3b, 0x4d, 0x4f, 0xf9, 0xff, 0xe5, 0x05, 0x3a, 0x89, 0x86, 0x2e, 0xd0,
+	0x49, 0x70, 0xb8, 0x75, 0x4a, 0x48, 0x4f, 0xa8, 0xfc, 0xa5, 0xc8, 0xad, 0x53, 0x02, 0x0d, 0xdc,
+	0x3a, 0x25, 0xa5, 0x36, 0x9c, 0x45, 0x05, 0xb6, 0x27, 0x9b, 0x37, 0x83, 0xb7, 0xea, 0xbf, 0x2c,
+	0xaf, 0x8f, 0x51, 0x3c, 0x5d, 0x1f, 0xa3, 0x30, 0x99, 0x0f, 0xef, 0x82, 0xbf, 0x92, 0xc6, 0x27,
+	0x90, 0x7f, 0xac, 0x0c, 0xbe, 0x25, 0xf2, 0xe1, 0x23, 0xe5, 0x3b, 0x33, 0x69, 0x8c, 0x82, 0xe1,
+	0x11, 0x2b, 0x24, 0x33, 0xd2, 0xc8, 0x03, 0x93, 0x6c, 0x28, 0x9f, 0x4f, 0x65, 0xc4, 0x08, 0x64,
+	0x46, 0x0c, 0x86, 0xdf, 0x42, 0x67, 0x43, 0xd8, 0x02, 0x69, 0xad, 0x04, 0x33, 0xd3, 0x77, 0x65,
+	0xe4, 0x6d, 0x70, 0x32, 0x19, 0xdd, 0x06, 0x27, 0x63, 0x92, 0x58, 0x73, 0xd1, 0xfd, 0xd5, 0x1d,
+	0x58, 0x07, 0x12, 0x4c, 0x61, 0x90, 0xc4, 0x9a, 0x4b, 0xf3, 0xbb, 0x77, 0x60, 0x1d, 0xc8, 0x34,
+	0x85, 0x01, 0xfe, 0x81, 0x0c, 0xba, 0x94, 0x8c, 0x2a, 0x35, 0x9b, 0xb3, 0xb6, 0x13, 0xe2, 0x94,
+	0xef, 0xc9, 0xc8, 0x17, 0x0d, 0xbb, 0x2b, 0x36, 0xd7, 0xa3, 0xed, 0xb2, 0x02, 0xfc, 0x49, 0x34,
+	0x52, 0xea, 0x18, 0xa6, 0x07, 0x0f, 0x6f, 0x74, 0xe3, 0xfc, 0xbd, 0x99, 0xc8, 0x11, 0x47, 0xc4,
+	0xc2, 0x11, 0x47, 0x04, 0xe0, 0xd7, 0xd1, 0x78, 0x8d, 0x34, 0x3a, 0x8e, 0xe9, 0x6d, 0x6a, 0x90,
+	0x7a, 0x92, 0xf2, 0xf8, 0xbe, 0x8c, 0x3c, 0x89, 0xc5, 0x28, 0xe8, 0x24, 0x16, 0x03, 0x62, 0x82,
+	0x26, 0x66, 0x1e, 0x7a, 0xc4, 0xb1, 0xf4, 0x26, 0x54, 0x52, 0xf3, 0x6c, 0x47, 0x5f, 0x25, 0x33,
+	0x96, 0xbe, 0xd2, 0x24, 0xca, 0x17, 0x33, 0xf2, 0xbe, 0x2a, 0x9d, 0x94, 0xee, 0xab, 0xd2, 0xb1,
+	0x78, 0x0d, 0x3d, 0x9e, 0x84, 0x2d, 0x9b, 0x2e, 0xd4, 0xf3, 0xa5, 0x8c, 0xbc, 0xb1, 0xea, 0x42,
+	0x4b, 0x37, 0x56, 0x5d, 0xd0, 0x10, 0x9e, 0x3b, 0xc9, 0x2f, 0x44, 0xf9, 0xd1, 0x8c, 0x7c, 0xc9,
+	0x98, 0x48, 0x35, 0xd7, 0xa3, 0xa5, 0xb8, 0x95, 0xdc, 0x4d, 0xf1, 0xa9, 0x50, 0x7e, 0xac, 0x3b,
+	0xdf, 0x40, 0xe9, 0x53, 0x5c, 0x32, 0xee, 0xa6, 0xf8, 0x23, 0x28, 0x3f, 0xde, 0x9d, 0x6f, 0x68,
+	0x17, 0x91, 0xec, 0xce, 0x50, 0x4f, 0xb7, 0xe5, 0x57, 0x7e, 0x22, 0x23, 0x9f, 0xd3, 0xd3, 0x08,
+	0xe9, 0x39, 0x3d, 0xd5, 0x21, 0xe0, 0xf5, 0x04, 0x8b, 0x7a, 0xe5, 0x27, 0x23, 0x5a, 0x18, 0xa3,
+	0xa0, 0x5a, 0x18, 0x37, 0xc4, 0x7f, 0x3d, 0xc1, 0x70, 0x5c, 0xf9, 0x7b, 0xe9, 0xbc, 0x02, 0xa1,
+	0x26, 0xd8, 0x9b, 0xbf, 0x9e, 0x60, 0x1f, 0xad, 0xfc, 0xfd, 0x74, 0x5e, 0xe1, 0xf3, 0x6a, 0xdc,
+	0xac, 0x9a, 0x4e, 0x48, 0x1d, 0xcf, 0x66, 0x9c, 0x25, 0x6d, 0xfa, 0xd9, 0xe8, 0x84, 0x94, 0x48,
+	0x06, 0x13, 0x52, 0x22, 0x26, 0x89, 0x35, 0xff, 0xee, 0x9f, 0xdb, 0x81, 0xb5, 0x30, 0x8d, 0x26,
+	0x62, 0x92, 0x58, 0x73, 0x31, 0x7c, 0x65, 0x07, 0xd6, 0xc2, 0x34, 0x9a, 0x88, 0xc1, 0x9f, 0x41,
+	0xe7, 0x42, 0xcc, 0x5d, 0xe2, 0xb8, 0x61, 0xd7, 0xff, 0x7c, 0x46, 0xbe, 0x4a, 0x48, 0xa1, 0x9b,
+	0xeb, 0xd1, 0xd2, 0x58, 0x24, 0x72, 0xe7, 0x42, 0xf9, 0x85, 0x9d, 0xb8, 0x87, 0xb7, 0x20, 0x29,
+	0xa8, 0x44, 0xee, 0x5c, 0x2e, 0xbf, 0xb8, 0x13, 0xf7, 0xf0, 0x1a, 0x24, 0x05, 0x35, 0xd5, 0x8f,
+	0x7a, 0x61, 0x6f, 0xa7, 0xfe, 0x68, 0x06, 0x0d, 0xd7, 0x3c, 0x87, 0xe8, 0x2d, 0xee, 0x97, 0x3c,
+	0x81, 0x06, 0x98, 0x91, 0x84, 0x6f, 0xa7, 0xac, 0x05, 0xbf, 0xf1, 0x25, 0x34, 0x3a, 0xaf, 0xbb,
+	0x1e, 0x94, 0xac, 0x58, 0x06, 0x79, 0x08, 0x06, 0xc2, 0x39, 0x2d, 0x02, 0xc5, 0xf3, 0x8c, 0x8e,
+	0x95, 0x83, 0x80, 0x10, 0xb9, 0x1d, 0xdd, 0x71, 0x07, 0xde, 0xdb, 0x2a, 0xf6, 0x80, 0xf7, 0x6d,
+	0xa4, 0xac, 0xfa, 0xf5, 0x0c, 0x8a, 0x99, 0x6f, 0x3c, 0xba, 0xff, 0xc0, 0x12, 0x1a, 0x8b, 0x04,
+	0x21, 0xe1, 0x56, 0xce, 0xbb, 0x8c, 0x51, 0x12, 0x2d, 0x8d, 0x9f, 0x0e, 0xac, 0x6b, 0xef, 0x68,
+	0xf3, 0xdc, 0xd5, 0xba, 0x7f, 0x7b, 0xab, 0x98, 0xeb, 0x38, 0x4d, 0x4d, 0x40, 0x71, 0x57, 0xc0,
+	0x7f, 0x58, 0x08, 0x23, 0x2c, 0xe0, 0x4b, 0xdc, 0x99, 0x21, 0x13, 0x3a, 0x68, 0x47, 0xd2, 0x69,
+	0x30, 0xe7, 0x85, 0x4f, 0xa2, 0xe1, 0x4a, 0xab, 0x4d, 0x1c, 0xd7, 0xb6, 0x74, 0xcf, 0xf6, 0xd3,
+	0xf6, 0x81, 0xf3, 0xae, 0x29, 0xc0, 0x45, 0x87, 0x52, 0x91, 0x1e, 0x5f, 0xf1, 0xb3, 0x54, 0xe7,
+	0x20, 0xb6, 0xc5, 0xa9, 0x84, 0x2c, 0xd5, 0x7e, 0xae, 0xe9, 0x2b, 0xa8, 0xf7, 0x8e, 0xab, 0x83,
+	0x1d, 0x76, 0x40, 0xda, 0xa1, 0x00, 0x91, 0x14, 0x28, 0xf0, 0x55, 0xd4, 0x07, 0xe7, 0x56, 0x57,
+	0xe9, 0x05, 0x5a, 0x70, 0x1b, 0x6f, 0x02, 0x44, 0x74, 0xd2, 0x65, 0x34, 0xf8, 0x36, 0x2a, 0x84,
+	0x97, 0x72, 0x90, 0x68, 0xd2, 0x8f, 0xb1, 0x09, 0xa9, 0x2d, 0xd6, 0x03, 0x1c, 0xcb, 0x50, 0x29,
+	0xb2, 0x88, 0x15, 0xc4, 0x73, 0x68, 0x2c, 0x84, 0x51, 0x11, 0xf9, 0xb1, 0x7d, 0x21, 0xb5, 0x8b,
+	0xc0, 0x8b, 0x8a, 0x53, 0x64, 0x15, 0x2d, 0x86, 0x2b, 0xa8, 0xdf, 0xf7, 0x19, 0x1f, 0xd8, 0x51,
+	0x49, 0x4f, 0x71, 0x9f, 0xf1, 0x7e, 0xd1, 0x5b, 0xdc, 0x2f, 0x8f, 0x67, 0xd1, 0xa8, 0x66, 0x77,
+	0x3c, 0xb2, 0x6c, 0xf3, 0x3b, 0x47, 0x1e, 0xfc, 0x11, 0xda, 0xe4, 0x50, 0x4c, 0xdd, 0xb3, 0xfd,
+	0xcc, 0x20, 0x62, 0x86, 0x0a, 0xb9, 0x14, 0x5e, 0x44, 0xe3, 0xb1, 0xeb, 0x4b, 0x31, 0x5f, 0x87,
+	0xf0, 0x79, 0x71, 0x66, 0xf1, 0xa2, 0xf8, 0x7b, 0x33, 0xa8, 0x6f, 0xd9, 0xd1, 0x4d, 0xcf, 0xe5,
+	0x26, 0xdc, 0x67, 0x26, 0x37, 0x1c, 0xbd, 0x4d, 0xf5, 0x63, 0x12, 0x82, 0x97, 0xdc, 0xd5, 0x9b,
+	0x1d, 0xe2, 0x4e, 0xdd, 0xa3, 0x5f, 0xf7, 0xef, 0xb7, 0x8a, 0x9f, 0xd8, 0x43, 0xf6, 0xf0, 0x6b,
+	0x01, 0x27, 0x56, 0x03, 0x55, 0x01, 0x0f, 0xfe, 0x12, 0x55, 0x80, 0xe1, 0xf0, 0x22, 0x42, 0xfc,
+	0x53, 0x4b, 0xed, 0x36, 0xb7, 0x07, 0x17, 0x8c, 0x5d, 0x7d, 0x0c, 0x53, 0xec, 0x40, 0x60, 0x7a,
+	0x5b, 0x4c, 0x57, 0x2a, 0x70, 0xa0, 0x5a, 0xb0, 0xcc, 0x5b, 0xe4, 0x8b, 0x69, 0x24, 0x94, 0xb8,
+	0xdf, 0xd8, 0x04, 0x21, 0x45, 0x8b, 0xe1, 0x15, 0x34, 0xc6, 0xf9, 0x06, 0xd1, 0x18, 0x47, 0xe5,
+	0x59, 0x21, 0x82, 0x66, 0x4a, 0x1b, 0xb4, 0xd1, 0xe0, 0x60, 0xb1, 0x8e, 0x48, 0x09, 0x3c, 0x15,
+	0x06, 0x8b, 0x87, 0xdc, 0xa8, 0xca, 0x18, 0x68, 0xec, 0xf9, 0xed, 0xad, 0xa2, 0xe2, 0x97, 0x67,
+	0x29, 0x55, 0x93, 0x12, 0xa7, 0x40, 0x11, 0x91, 0x07, 0xd3, 0xfa, 0x42, 0x02, 0x8f, 0xa8, 0xce,
+	0xcb, 0x45, 0xf0, 0x34, 0x1a, 0x09, 0xcc, 0xd1, 0xee, 0xdc, 0xa9, 0x94, 0xc1, 0xe0, 0x9c, 0x27,
+	0x01, 0x8d, 0x04, 0x7a, 0x14, 0x99, 0x48, 0x65, 0x04, 0xcf, 0x14, 0x66, 0x81, 0x1e, 0xf1, 0x4c,
+	0x69, 0x27, 0x78, 0xa6, 0x54, 0xf1, 0x2b, 0x68, 0xa8, 0x74, 0xaf, 0xc6, 0x3d, 0x6e, 0x5c, 0xe5,
+	0x54, 0x18, 0x61, 0x17, 0x72, 0xe7, 0x70, 0xef, 0x1c, 0xb1, 0xe9, 0x22, 0x3d, 0x9e, 0x41, 0xa3,
+	0xd2, 0x8b, 0x96, 0xab, 0x9c, 0x06, 0x0e, 0x2c, 0x7d, 0x29, 0x60, 0xea, 0x3c, 0x83, 0xae, 0x94,
+	0x20, 0x48, 0x2e, 0x44, 0xb5, 0x86, 0x6e, 0xbf, 0x9b, 0x4d, 0x7b, 0x43, 0x23, 0xe0, 0xdc, 0x03,
+	0xe6, 0xeb, 0x03, 0x4c, 0x6b, 0x0c, 0x8e, 0xaa, 0x3b, 0x0c, 0x27, 0xa5, 0x6f, 0x92, 0x8b, 0xe1,
+	0x77, 0x10, 0x86, 0xf8, 0xa6, 0xc4, 0xf0, 0x2f, 0x38, 0x2a, 0x65, 0x57, 0x39, 0x0b, 0x41, 0x9c,
+	0x70, 0xd4, 0xbb, 0xac, 0x52, 0x9e, 0xba, 0xc4, 0xa7, 0x8f, 0x8b, 0x3a, 0x2b, 0x55, 0x0f, 0xb2,
+	0xd7, 0x9a, 0x86, 0xd8, 0xe2, 0x04, 0xae, 0x78, 0x03, 0x9d, 0xab, 0x3a, 0xe4, 0x81, 0x69, 0x77,
+	0x5c, 0x7f, 0xf9, 0xf0, 0xe7, 0xad, 0x73, 0x3b, 0xce, 0x5b, 0x4f, 0xf2, 0x8a, 0xcf, 0xb4, 0x1d,
+	0xf2, 0xa0, 0xee, 0x87, 0xee, 0x91, 0x62, 0x5e, 0xa4, 0x71, 0xa7, 0xe2, 0x02, 0xc7, 0x26, 0x0e,
+	0x37, 0x89, 0xab, 0x28, 0xe1, 0x54, 0xcb, 0xfc, 0xb4, 0xcc, 0x00, 0x27, 0x8a, 0x2b, 0x52, 0x0c,
+	0x6b, 0x08, 0xdf, 0x9a, 0xf6, 0x2f, 0xbb, 0x4a, 0x8d, 0x86, 0xdd, 0xb1, 0x3c, 0x57, 0x79, 0x0c,
+	0x98, 0xa9, 0x54, 0x2c, 0xab, 0x8d, 0x20, 0x8c, 0x57, 0x5d, 0xe7, 0x78, 0x51, 0x2c, 0xf1, 0xd2,
+	0x78, 0x1e, 0x15, 0xaa, 0x8e, 0xf9, 0x40, 0xf7, 0xc8, 0x6d, 0xb2, 0x59, 0xb5, 0x9b, 0x66, 0x63,
+	0x13, 0xac, 0xe8, 0xf9, 0x54, 0xd9, 0x66, 0xb8, 0xfa, 0x3a, 0xd9, 0xac, 0xb7, 0x01, 0x2b, 0x2e,
+	0x2b, 0xd1, 0x92, 0x62, 0x58, 0x9d, 0xc7, 0x77, 0x17, 0x56, 0x87, 0xa0, 0x02, 0xbf, 0x2a, 0x7b,
+	0xe8, 0x11, 0x8b, 0x2e, 0xf5, 0x2e, 0xb7, 0x98, 0x57, 0x22, 0x57, 0x6b, 0x01, 0x9e, 0xa7, 0x72,
+	0x62, 0xa3, 0x8c, 0x04, 0x60, 0xb1, 0x61, 0xd1, 0x22, 0xea, 0x97, 0x72, 0xe2, 0xd4, 0x89, 0xcf,
+	0xa3, 0xbc, 0x10, 0xd5, 0x15, 0xa2, 0x71, 0x40, 0x04, 0xac, 0x3c, 0x0f, 0xf5, 0x33, 0xc8, 0xb7,
+	0x1d, 0x81, 0xdb, 0x18, 0x84, 0xbc, 0xf7, 0x43, 0x6d, 0x99, 0x86, 0x16, 0x12, 0x40, 0xb8, 0xf1,
+	0x30, 0xe3, 0x65, 0x4e, 0x08, 0x37, 0x1e, 0x66, 0xbc, 0x94, 0xf2, 0x5d, 0x5e, 0x47, 0x43, 0x7c,
+	0xda, 0x14, 0xa2, 0xd1, 0x40, 0xb8, 0x2c, 0x3f, 0xe9, 0x15, 0x8b, 0xc6, 0x25, 0x10, 0xe1, 0x97,
+	0x20, 0xed, 0x9b, 0xef, 0x92, 0xd7, 0x1b, 0x6e, 0x5f, 0xc4, 0x81, 0x1f, 0xc9, 0xfb, 0xe6, 0x7b,
+	0xe6, 0x4d, 0xa1, 0x11, 0x51, 0x93, 0xfc, 0x04, 0x0b, 0x30, 0xe7, 0x49, 0xea, 0xb7, 0x29, 0xe5,
+	0x2c, 0x16, 0x8b, 0xe0, 0x25, 0x34, 0x1e, 0x53, 0x1e, 0x1e, 0xbb, 0x06, 0xd2, 0x6d, 0x24, 0x68,
+	0x9e, 0xb8, 0xa6, 0xc6, 0xca, 0xaa, 0xdf, 0x95, 0x8d, 0xad, 0x18, 0x54, 0x30, 0x9c, 0x4a, 0xe8,
+	0x1c, 0x10, 0x8c, 0xcf, 0x9a, 0x09, 0x46, 0x20, 0xc2, 0x97, 0xd1, 0x40, 0x24, 0xf3, 0x1b, 0x38,
+	0x69, 0x06, 0x69, 0xdf, 0x02, 0x2c, 0xbe, 0x8e, 0x06, 0xe8, 0xfc, 0x6d, 0x45, 0x62, 0x3e, 0x75,
+	0x38, 0x4c, 0x9c, 0x70, 0x7d, 0x3a, 0x5a, 0x46, 0x8a, 0x2e, 0xec, 0x27, 0xe8, 0x8a, 0xaf, 0x56,
+	0x61, 0xec, 0xf4, 0x60, 0xaf, 0xd8, 0xbb, 0xd3, 0x5e, 0x51, 0xfd, 0x8d, 0x4c, 0x5c, 0xfb, 0xf1,
+	0xcd, 0x78, 0xe0, 0x17, 0x96, 0x9b, 0xcb, 0x07, 0x8a, 0xb5, 0x06, 0x21, 0x60, 0xa4, 0x10, 0x2e,
+	0xd9, 0x47, 0x0e, 0xe1, 0x92, 0xdb, 0x63, 0x08, 0x17, 0xf5, 0x7f, 0xe7, 0xbb, 0x1a, 0x5c, 0x1c,
+	0x8a, 0xab, 0xf2, 0x8b, 0xf4, 0xbc, 0x43, 0x6b, 0x2f, 0xb9, 0xb1, 0x5d, 0x3b, 0x7b, 0x4f, 0xae,
+	0xeb, 0x6c, 0xd4, 0xb8, 0x9a, 0x4c, 0x29, 0x66, 0x4a, 0x87, 0xd0, 0x40, 0xf9, 0x84, 0x4c, 0xe9,
+	0xd1, 0xf4, 0x6a, 0x62, 0x01, 0xfc, 0x31, 0x34, 0x18, 0xe6, 0x7c, 0xef, 0x15, 0x02, 0x4d, 0x25,
+	0xa4, 0x7a, 0x0f, 0x29, 0xf1, 0x67, 0x51, 0x9f, 0x94, 0xdf, 0xef, 0xda, 0x2e, 0x2c, 0x54, 0x26,
+	0xc5, 0xf0, 0x85, 0xec, 0xec, 0x10, 0xcd, 0xed, 0xc7, 0x99, 0xe2, 0x65, 0x74, 0xaa, 0xea, 0x10,
+	0x03, 0x6c, 0xa1, 0x66, 0x1e, 0xb6, 0x1d, 0x1e, 0x5c, 0x92, 0x0d, 0x60, 0x58, 0x3a, 0xda, 0x3e,
+	0x9a, 0x2e, 0x6a, 0x1c, 0x2f, 0x30, 0x4a, 0x2a, 0x4e, 0xf7, 0x13, 0xac, 0x25, 0xb7, 0xc9, 0xe6,
+	0x86, 0xed, 0x18, 0x2c, 0xfe, 0x22, 0xdf, 0x4f, 0x70, 0x41, 0xaf, 0x73, 0x94, 0xb8, 0x9f, 0x90,
+	0x0b, 0x4d, 0xbc, 0x88, 0x86, 0x1e, 0x35, 0x04, 0xe0, 0x2f, 0x64, 0x53, 0x4c, 0x17, 0x8f, 0x6f,
+	0xea, 0x86, 0x20, 0x8d, 0x4e, 0x6f, 0x4a, 0x1a, 0x9d, 0x6f, 0x65, 0x53, 0xec, 0x32, 0x8f, 0x75,
+	0xba, 0x8b, 0x40, 0x18, 0x72, 0xba, 0x8b, 0x30, 0xd3, 0x88, 0x69, 0x68, 0x22, 0x51, 0x24, 0x31,
+	0x4e, 0xdf, 0x8e, 0x89, 0x71, 0x7e, 0x2a, 0xd7, 0xcd, 0x6e, 0xf5, 0x44, 0xf6, 0x7b, 0x91, 0xfd,
+	0x75, 0x34, 0x14, 0x48, 0x96, 0x27, 0x49, 0x1e, 0x09, 0x02, 0x8e, 0x32, 0x30, 0x94, 0x11, 0x88,
+	0xf0, 0x15, 0xd6, 0xd6, 0x9a, 0xf9, 0x2e, 0x0b, 0xba, 0x37, 0xc2, 0xc3, 0xa9, 0xe9, 0x9e, 0x5e,
+	0x77, 0xcd, 0x77, 0x89, 0x16, 0xa0, 0xd5, 0x7f, 0x9a, 0x4d, 0x34, 0xfe, 0x3d, 0xe9, 0xa3, 0x3d,
+	0xf4, 0x51, 0x82, 0x10, 0x99, 0xd9, 0xf2, 0x89, 0x10, 0xf7, 0x20, 0xc4, 0x3f, 0xce, 0x26, 0x1a,
+	0x79, 0x9f, 0x08, 0x71, 0x2f, 0xb3, 0xc5, 0x55, 0x34, 0xa8, 0xd9, 0x1b, 0xee, 0x34, 0x9c, 0x59,
+	0xd8, 0x5c, 0x01, 0x13, 0xb5, 0x63, 0x6f, 0xb8, 0x75, 0x38, 0x8d, 0x68, 0x21, 0x81, 0xfa, 0xa7,
+	0xd9, 0x2e, 0x66, 0xf0, 0x27, 0x82, 0x7f, 0x3f, 0x97, 0xc8, 0x5f, 0xce, 0x4a, 0x66, 0xf6, 0xc7,
+	0x3a, 0x6f, 0x5c, 0xad, 0xb1, 0x46, 0x5a, 0x7a, 0x34, 0x6f, 0x9c, 0x0b, 0x50, 0x9e, 0x76, 0x26,
+	0x24, 0x51, 0xbf, 0x9a, 0x8d, 0xf8, 0x19, 0x9c, 0xc8, 0x6e, 0xd7, 0xb2, 0x0b, 0xb4, 0x8e, 0xbb,
+	0x4e, 0x9c, 0x48, 0x6e, 0xb7, 0x92, 0xfb, 0xfe, 0x6c, 0xc4, 0xcb, 0xe4, 0xf8, 0xa6, 0x90, 0xfa,
+	0x6a, 0x36, 0xee, 0x31, 0x73, 0x7c, 0x35, 0xe9, 0x2a, 0x1a, 0xe4, 0x72, 0x08, 0x96, 0x0a, 0x36,
+	0xef, 0x33, 0x20, 0x5c, 0xa0, 0x06, 0x04, 0xea, 0xf7, 0x64, 0x91, 0xec, 0xfd, 0x73, 0x4c, 0x75,
+	0xe8, 0x97, 0xb3, 0xb2, 0xdf, 0xd3, 0xf1, 0xd5, 0x9f, 0x49, 0x84, 0x6a, 0x9d, 0x95, 0x06, 0x0f,
+	0x9b, 0xd5, 0x2b, 0xdc, 0xc0, 0x07, 0x50, 0x4d, 0xa0, 0x50, 0xff, 0x4f, 0x36, 0xd1, 0x19, 0xeb,
+	0xf8, 0x0a, 0xf0, 0x06, 0xdc, 0x8a, 0x37, 0xac, 0x70, 0x22, 0x87, 0x4b, 0x48, 0x3a, 0xfe, 0x62,
+	0xd1, 0xee, 0x7d, 0x42, 0xfc, 0xf1, 0x84, 0xed, 0x1a, 0xc4, 0x12, 0x4c, 0x4c, 0xa1, 0x2d, 0x6e,
+	0xdc, 0xfe, 0x45, 0x76, 0x27, 0xdf, 0xb5, 0xe3, 0xbc, 0xaa, 0xf6, 0x57, 0xf5, 0x4d, 0x88, 0xb1,
+	0x42, 0x7b, 0x62, 0x98, 0xc5, 0x62, 0x6f, 0x33, 0x90, 0xf8, 0x22, 0xc6, 0xa9, 0xd4, 0x3f, 0xea,
+	0x4d, 0x76, 0x9c, 0x3a, 0xbe, 0x22, 0x3c, 0x8f, 0xf2, 0x55, 0xdd, 0x5b, 0xe3, 0x9a, 0x0c, 0xaf,
+	0x75, 0x6d, 0xdd, 0x5b, 0xd3, 0x00, 0x8a, 0xaf, 0xa0, 0x01, 0x4d, 0xdf, 0x10, 0x53, 0x87, 0xc3,
+	0xc5, 0x8e, 0xa3, 0x6f, 0xf0, 0xfc, 0xf1, 0x01, 0x1a, 0xab, 0x41, 0x9e, 0x06, 0x76, 0xf3, 0x0d,
+	0x41, 0xce, 0x59, 0x9e, 0x86, 0x20, 0x3b, 0xc3, 0x79, 0x94, 0x9f, 0xb2, 0x8d, 0x4d, 0x30, 0x66,
+	0x19, 0x66, 0x95, 0xad, 0xd8, 0xc6, 0xa6, 0x06, 0x50, 0xfc, 0x03, 0x19, 0xd4, 0x3f, 0x47, 0x74,
+	0x83, 0x8e, 0x90, 0xc1, 0x6e, 0xb6, 0x20, 0x6f, 0x1e, 0x8c, 0x2d, 0xc8, 0xf8, 0x1a, 0xab, 0x4c,
+	0x54, 0x14, 0x5e, 0x3f, 0xbe, 0x85, 0x06, 0xa6, 0x75, 0x8f, 0xac, 0xda, 0xce, 0x26, 0x58, 0xb7,
+	0x8c, 0x86, 0xd6, 0xa3, 0x92, 0xfe, 0xf8, 0x44, 0xec, 0x65, 0xac, 0xc1, 0x7f, 0x69, 0x41, 0x61,
+	0x2a, 0x16, 0x9e, 0xbf, 0x6d, 0x28, 0x14, 0x0b, 0x4b, 0xd4, 0x16, 0xa4, 0x69, 0x0b, 0xae, 0x95,
+	0x87, 0x93, 0xaf, 0x95, 0x61, 0xf7, 0x08, 0x16, 0x70, 0x90, 0x1d, 0x61, 0x04, 0x16, 0x7d, 0xb6,
+	0x7b, 0x04, 0x28, 0x24, 0x47, 0xd0, 0x04, 0x12, 0xf5, 0x1b, 0xbd, 0x28, 0xd1, 0xcd, 0xe2, 0x44,
+	0xc9, 0x4f, 0x94, 0x3c, 0x54, 0xf2, 0x72, 0x4c, 0xc9, 0x27, 0xe2, 0x8e, 0x3b, 0x1f, 0x50, 0x0d,
+	0xff, 0xa1, 0x7c, 0xcc, 0xed, 0xef, 0x78, 0x9f, 0x2e, 0x43, 0xe9, 0xf5, 0xee, 0x28, 0xbd, 0x60,
+	0x40, 0xf4, 0xed, 0x38, 0x20, 0xfa, 0x77, 0x3b, 0x20, 0x06, 0x52, 0x07, 0x44, 0xa8, 0x20, 0x83,
+	0xa9, 0x0a, 0x52, 0xe1, 0x83, 0x06, 0x75, 0xcf, 0xbc, 0x73, 0x7e, 0x7b, 0xab, 0x38, 0x4a, 0x47,
+	0x53, 0x62, 0xce, 0x1d, 0x60, 0xa1, 0x7e, 0x3d, 0xdf, 0xc5, 0x57, 0xf7, 0x50, 0x74, 0xe4, 0x06,
+	0xca, 0x95, 0xda, 0x6d, 0xae, 0x1f, 0xa7, 0x04, 0x37, 0xe1, 0x94, 0x52, 0x94, 0x1a, 0xbf, 0x84,
+	0x72, 0xa5, 0x7b, 0xb5, 0x68, 0xc4, 0xe1, 0xd2, 0xbd, 0x1a, 0xff, 0x92, 0xd4, 0xb2, 0xf7, 0x6a,
+	0xf8, 0xe5, 0x30, 0xf4, 0xcf, 0x5a, 0xc7, 0x5a, 0xe7, 0x07, 0x45, 0x6e, 0x04, 0xeb, 0x5b, 0xda,
+	0x34, 0x28, 0x8a, 0x1e, 0x17, 0x23, 0xb4, 0x11, 0x6d, 0xea, 0xdb, 0xbd, 0x36, 0xf5, 0xef, 0xa8,
+	0x4d, 0x03, 0xbb, 0xd5, 0xa6, 0xc1, 0x5d, 0x68, 0x13, 0xda, 0x51, 0x9b, 0x86, 0xf6, 0xaf, 0x4d,
+	0x6d, 0x34, 0x11, 0x8f, 0xaf, 0x10, 0x68, 0x84, 0x86, 0x70, 0x1c, 0xcb, 0x0d, 0x4b, 0xe0, 0xe9,
+	0xbf, 0xc3, 0xb0, 0x75, 0x96, 0x67, 0x31, 0x9a, 0xa5, 0x50, 0x4b, 0x28, 0xad, 0xfe, 0x42, 0x36,
+	0x3d, 0x2c, 0xc4, 0xd1, 0x9c, 0xe2, 0xbe, 0x23, 0x51, 0x4a, 0x79, 0xd9, 0x21, 0x2a, 0x5d, 0xca,
+	0x11, 0xb6, 0x49, 0x32, 0xfb, 0x5a, 0x26, 0x2d, 0x56, 0xc5, 0xbe, 0x24, 0xf6, 0xe1, 0xb8, 0xb1,
+	0x1a, 0x58, 0xcf, 0xbb, 0xb2, 0x95, 0x5a, 0x34, 0x6d, 0x5f, 0xee, 0x11, 0xd3, 0xf6, 0xfd, 0x46,
+	0x06, 0x9d, 0xba, 0xdd, 0x59, 0x21, 0xdc, 0x38, 0x2d, 0x68, 0xc6, 0x3b, 0x08, 0x51, 0x30, 0x37,
+	0x62, 0xc9, 0x80, 0x11, 0xcb, 0x47, 0xc4, 0x38, 0x13, 0x91, 0x02, 0x93, 0x21, 0x35, 0x33, 0x60,
+	0xb9, 0xe0, 0x9b, 0x58, 0xae, 0x77, 0x56, 0x48, 0x3d, 0x66, 0xc9, 0x22, 0x70, 0x9f, 0x78, 0x85,
+	0x19, 0xaf, 0x3f, 0xaa, 0xd1, 0xc8, 0xcf, 0x65, 0x53, 0x43, 0x7b, 0x1c, 0xd9, 0xcc, 0x0a, 0x9f,
+	0x4e, 0xec, 0x95, 0x68, 0x86, 0x85, 0x04, 0x92, 0x08, 0xc7, 0x24, 0x2e, 0xc9, 0x02, 0x3b, 0xe2,
+	0xf9, 0x3e, 0xde, 0x57, 0x81, 0xfd, 0x6e, 0x26, 0x35, 0x04, 0xcb, 0x51, 0x15, 0x98, 0xfa, 0x5b,
+	0x59, 0x3f, 0xf2, 0xcb, 0xbe, 0x3e, 0xe1, 0x2a, 0x1a, 0xe4, 0xe1, 0xed, 0x65, 0xdb, 0x5a, 0x7e,
+	0x95, 0x07, 0x57, 0xc3, 0x01, 0x01, 0x5d, 0xe6, 0xfd, 0xc8, 0x14, 0x41, 0xa2, 0x47, 0x58, 0xe6,
+	0x4d, 0x0e, 0xa5, 0xf4, 0x02, 0x09, 0x5d, 0xc8, 0x67, 0x1e, 0x9a, 0x1e, 0xec, 0x0a, 0x68, 0x5f,
+	0xe6, 0xd8, 0x42, 0x4e, 0x1e, 0x9a, 0x1e, 0xdb, 0x13, 0x04, 0x68, 0xba, 0x48, 0xd7, 0xc2, 0x6c,
+	0x66, 0x7c, 0x91, 0x76, 0x79, 0x52, 0x37, 0xee, 0xcc, 0x75, 0x15, 0x0d, 0x72, 0x83, 0x55, 0x6e,
+	0x66, 0xc2, 0x5b, 0xcb, 0x4d, 0x5c, 0xa1, 0xb5, 0x01, 0x01, 0xe5, 0xa8, 0x91, 0xd5, 0xd0, 0xb0,
+	0x0e, 0x38, 0x3a, 0x00, 0xd1, 0x38, 0x46, 0xdd, 0xce, 0xc6, 0x03, 0xd0, 0x1c, 0xdf, 0x43, 0xc1,
+	0x15, 0xd9, 0x58, 0x0d, 0x2c, 0x34, 0x61, 0xc3, 0x25, 0xda, 0xca, 0xb2, 0x7d, 0xd7, 0x75, 0x34,
+	0x70, 0x9b, 0x6c, 0x32, 0xbb, 0xca, 0xbe, 0xd0, 0x14, 0x77, 0x9d, 0xc3, 0xc4, 0x1b, 0x4d, 0x9f,
+	0x4e, 0xfd, 0xf5, 0x6c, 0x3c, 0xb4, 0xce, 0xf1, 0x15, 0xf6, 0x47, 0x51, 0x3f, 0x88, 0xb2, 0xe2,
+	0x5f, 0xa9, 0x83, 0x00, 0x41, 0xdc, 0xb2, 0x85, 0xaf, 0x4f, 0xa6, 0xfe, 0x58, 0x5f, 0x34, 0xde,
+	0xd2, 0xf1, 0x95, 0xde, 0x27, 0xd0, 0xd0, 0xb4, 0x6d, 0xb9, 0xa6, 0xeb, 0x11, 0xab, 0xe1, 0x2b,
+	0xec, 0x63, 0x74, 0xc3, 0xd2, 0x08, 0xc1, 0xa2, 0xe7, 0x8d, 0x40, 0xfd, 0x28, 0xca, 0x8b, 0x9f,
+	0x47, 0x83, 0x20, 0x72, 0xb0, 0x43, 0x16, 0xd2, 0xc4, 0xae, 0x50, 0x60, 0xd4, 0x08, 0x39, 0x24,
+	0xc5, 0x77, 0xd0, 0xc0, 0xf4, 0x9a, 0xd9, 0x34, 0x1c, 0x62, 0xf1, 0x7c, 0xe8, 0x4f, 0x26, 0x47,
+	0xc7, 0x9a, 0x84, 0x7f, 0x81, 0x96, 0x35, 0xa7, 0xc1, 0x8b, 0x49, 0xbe, 0x47, 0x1c, 0x36, 0xf1,
+	0x37, 0xb3, 0x08, 0x85, 0x05, 0xf0, 0x13, 0x28, 0x1b, 0x24, 0xe2, 0x01, 0x33, 0x10, 0x49, 0x83,
+	0xb2, 0x30, 0x15, 0xf3, 0xb1, 0x9d, 0xdd, 0x71, 0x6c, 0xdf, 0x41, 0x7d, 0xec, 0x46, 0x09, 0x2c,
+	0xb5, 0x85, 0x10, 0x30, 0xa9, 0x0d, 0x9e, 0x04, 0x7a, 0x76, 0x58, 0x84, 0x9d, 0x9d, 0x64, 0xf5,
+	0xcc, 0x98, 0x4d, 0x34, 0x50, 0x2f, 0xfc, 0x85, 0x2f, 0xa1, 0x3c, 0x48, 0x31, 0x03, 0xe7, 0x44,
+	0x70, 0x13, 0x8d, 0xc8, 0x0f, 0xf0, 0xb4, 0x9b, 0xa6, 0x6d, 0xcb, 0xa3, 0x55, 0x43, 0xab, 0x87,
+	0xb9, 0x5c, 0x38, 0x4c, 0x92, 0x0b, 0x87, 0xa9, 0xff, 0x3c, 0x9b, 0x10, 0x09, 0xec, 0xf8, 0x0e,
+	0x93, 0x17, 0x11, 0x02, 0x47, 0x66, 0x2a, 0x4f, 0xdf, 0x05, 0x02, 0x46, 0x09, 0x30, 0x02, 0xb5,
+	0x95, 0xb6, 0xf5, 0x21, 0xb1, 0xfa, 0xdb, 0x99, 0x58, 0xf8, 0xa8, 0x7d, 0xc9, 0x51, 0xdc, 0xf5,
+	0x64, 0x1f, 0x71, 0x9b, 0xe8, 0xf7, 0x45, 0x6e, 0x6f, 0x7d, 0x21, 0x7f, 0xcb, 0x01, 0xec, 0xfc,
+	0x0e, 0xf3, 0x5b, 0xbe, 0x91, 0x4d, 0x0a, 0xa6, 0x75, 0x34, 0x55, 0x3c, 0xcc, 0x35, 0x9e, 0xdf,
+	0x43, 0xae, 0xf1, 0xb7, 0xd1, 0x58, 0x24, 0xc4, 0x14, 0xcf, 0x8e, 0x75, 0xa9, 0x7b, 0xac, 0xaa,
+	0x74, 0x17, 0x78, 0x89, 0x4c, 0xfd, 0xbf, 0x99, 0xee, 0x01, 0xc6, 0x0e, 0x5d, 0x75, 0x12, 0x04,
+	0x90, 0xfb, 0x8b, 0x11, 0xc0, 0x01, 0x1c, 0x33, 0x8f, 0xb6, 0x00, 0x3e, 0x20, 0x93, 0xc7, 0xfb,
+	0x2d, 0x80, 0x1f, 0xcb, 0xec, 0x18, 0x1f, 0xee, 0xb0, 0x65, 0xa0, 0xfe, 0xc7, 0x4c, 0x62, 0x1c,
+	0xb7, 0x7d, 0xb5, 0xeb, 0x65, 0xd4, 0xc7, 0xcc, 0x56, 0x78, 0xab, 0x84, 0xc8, 0xf7, 0x14, 0x9a,
+	0x52, 0x9e, 0x97, 0xc1, 0xf3, 0xa8, 0x9f, 0xb5, 0xc1, 0x88, 0x66, 0x88, 0x4c, 0x68, 0xa7, 0x91,
+	0x36, 0x39, 0x72, 0xb4, 0xfa, 0x9b, 0x99, 0x58, 0x58, 0xb9, 0x43, 0xfc, 0xb6, 0x70, 0xaa, 0xce,
+	0xed, 0x7e, 0xaa, 0x56, 0xff, 0x30, 0x9b, 0x1c, 0xd5, 0xee, 0x10, 0x3f, 0xe4, 0x20, 0xae, 0xab,
+	0x1e, 0x6d, 0xdd, 0x5a, 0x46, 0xa3, 0xb2, 0x2c, 0xf8, 0xb2, 0x75, 0x31, 0x39, 0xb6, 0x5f, 0x4a,
+	0x2b, 0x22, 0x3c, 0xd4, 0xf7, 0x32, 0xf1, 0x80, 0x7c, 0x87, 0x3e, 0x3f, 0x3d, 0x9a, 0xb6, 0xc8,
+	0x9f, 0xf2, 0x01, 0x59, 0x6b, 0x0e, 0xe2, 0x53, 0x3e, 0x20, 0xab, 0xc6, 0xa3, 0x7d, 0xca, 0x4f,
+	0x67, 0xd3, 0xe2, 0x19, 0x1e, 0xfa, 0x07, 0x7d, 0x4a, 0x14, 0x32, 0x6b, 0x19, 0xff, 0xb4, 0x27,
+	0xd2, 0x02, 0x08, 0xa6, 0xf0, 0x8c, 0xf1, 0x79, 0xb4, 0x31, 0x9e, 0x28, 0xac, 0x0f, 0x88, 0x22,
+	0x1f, 0x0d, 0x61, 0x7d, 0x40, 0x86, 0xca, 0x07, 0x4f, 0x58, 0xbf, 0x9a, 0xdd, 0x6d, 0x10, 0xcd,
+	0x13, 0xe1, 0xc5, 0x84, 0xf7, 0xe5, 0x6c, 0x3c, 0xb8, 0xeb, 0xa1, 0x8b, 0x69, 0x16, 0xf5, 0xf1,
+	0x30, 0xb3, 0xa9, 0xc2, 0x61, 0xf8, 0xb4, 0x1d, 0x0d, 0xff, 0x8e, 0x9b, 0x88, 0x3f, 0x94, 0xec,
+	0x4e, 0x24, 0x8c, 0x56, 0xfd, 0xd3, 0x4c, 0x24, 0x12, 0xea, 0xa1, 0x5c, 0x21, 0x3c, 0xd2, 0x92,
+	0x84, 0x5f, 0xf1, 0x2f, 0x33, 0xf3, 0x91, 0x24, 0x93, 0xc1, 0xf7, 0x94, 0x89, 0xa7, 0x9b, 0xcd,
+	0x68, 0x79, 0xee, 0x73, 0xff, 0xeb, 0x59, 0x34, 0x1e, 0x23, 0xc5, 0x97, 0xa4, 0x28, 0x34, 0x70,
+	0x2d, 0x19, 0x31, 0xce, 0x66, 0xf1, 0x68, 0xf6, 0x70, 0x93, 0x7a, 0x09, 0xe5, 0xcb, 0xfa, 0x26,
+	0xfb, 0xb6, 0x5e, 0xc6, 0xd2, 0xd0, 0x37, 0xc5, 0x1b, 0x37, 0xc0, 0xe3, 0x15, 0x74, 0x86, 0xbd,
+	0x87, 0x98, 0xb6, 0xb5, 0x6c, 0xb6, 0x48, 0xc5, 0x5a, 0x30, 0x9b, 0x4d, 0xd3, 0xe5, 0x8f, 0x66,
+	0x57, 0xb7, 0xb7, 0x8a, 0x97, 0x3d, 0xdb, 0xd3, 0x9b, 0x75, 0xe2, 0x93, 0xd5, 0x3d, 0xb3, 0x45,
+	0xea, 0xa6, 0x55, 0x6f, 0x01, 0xa5, 0xc0, 0x32, 0x99, 0x15, 0xae, 0xb0, 0x2c, 0x98, 0xb5, 0x86,
+	0x6e, 0x59, 0xc4, 0xa8, 0x58, 0x53, 0x9b, 0x1e, 0x61, 0x8f, 0x6d, 0x39, 0x76, 0x25, 0xc8, 0x7c,
+	0xaf, 0x19, 0x9a, 0x32, 0x5e, 0xa1, 0x04, 0x5a, 0x42, 0x21, 0xf5, 0xd7, 0xf2, 0x09, 0x41, 0x70,
+	0x8f, 0x90, 0xfa, 0xf8, 0x3d, 0x9d, 0xdf, 0xa1, 0xa7, 0xaf, 0xa1, 0x7e, 0x1e, 0x67, 0x92, 0x3f,
+	0x30, 0x80, 0xb1, 0xf8, 0x03, 0x06, 0x12, 0x5f, 0x68, 0x38, 0x15, 0x6e, 0xa2, 0x89, 0x65, 0xda,
+	0x4d, 0xc9, 0x9d, 0xd9, 0xf7, 0x08, 0x9d, 0xd9, 0x85, 0x1f, 0x7e, 0x0b, 0x9d, 0x03, 0x6c, 0x42,
+	0xb7, 0xf6, 0x43, 0x55, 0x10, 0x99, 0x89, 0x55, 0x95, 0xdc, 0xb9, 0x69, 0xe5, 0xf1, 0xa7, 0xd0,
+	0x70, 0x30, 0x40, 0x4c, 0xe2, 0xf2, 0x97, 0x8b, 0x2e, 0xe3, 0x8c, 0x85, 0x3d, 0xa3, 0x60, 0x30,
+	0xd1, 0x92, 0x43, 0x67, 0x49, 0xbc, 0xd4, 0xff, 0x90, 0xe9, 0x16, 0xf6, 0xf8, 0xd0, 0x67, 0xe5,
+	0x57, 0x50, 0xbf, 0xc1, 0x3e, 0x8a, 0xeb, 0x54, 0xf7, 0xc0, 0xc8, 0x8c, 0x54, 0xf3, 0xcb, 0xa8,
+	0x7f, 0x90, 0xe9, 0x1a, 0x6d, 0xf9, 0xa8, 0x7f, 0xde, 0x97, 0x73, 0x29, 0x9f, 0xc7, 0x27, 0xd1,
+	0x2b, 0xa8, 0x60, 0x86, 0x91, 0x7c, 0xeb, 0x61, 0x78, 0x27, 0x6d, 0x4c, 0x80, 0xc3, 0xe8, 0xba,
+	0x89, 0xce, 0xfa, 0x86, 0x85, 0x8e, 0x6f, 0x81, 0xe5, 0xd6, 0x3b, 0x8e, 0xc9, 0xc6, 0xa5, 0x76,
+	0xda, 0x8d, 0x98, 0x67, 0xb9, 0x77, 0x1c, 0x93, 0x56, 0xa0, 0x7b, 0x6b, 0xc4, 0xd2, 0xeb, 0x1b,
+	0xb6, 0xb3, 0x0e, 0xb1, 0x35, 0xd9, 0xe0, 0xd4, 0xc6, 0x18, 0xfc, 0x9e, 0x0f, 0xc6, 0x4f, 0xa1,
+	0x91, 0xd5, 0x66, 0x87, 0x04, 0xd1, 0x0c, 0xd9, 0x5b, 0x9f, 0x36, 0x4c, 0x81, 0xc1, 0x0b, 0xc9,
+	0x05, 0x84, 0x80, 0xc8, 0x83, 0x58, 0xd8, 0xf0, 0xb0, 0xa7, 0x0d, 0x52, 0xc8, 0x32, 0xef, 0xae,
+	0x09, 0xa6, 0xd5, 0x4c, 0x48, 0xf5, 0xa6, 0x6d, 0xad, 0xd6, 0x3d, 0xe2, 0xb4, 0xa0, 0xa1, 0x60,
+	0x9c, 0xa8, 0x9d, 0x05, 0x0a, 0x78, 0x3a, 0x71, 0xe7, 0x6d, 0x6b, 0x75, 0x99, 0x38, 0x2d, 0xda,
+	0xd4, 0xab, 0x08, 0xf3, 0xa6, 0x3a, 0x70, 0xe9, 0xc1, 0x3e, 0x0e, 0xec, 0x14, 0x35, 0xfe, 0x11,
+	0xec, 0x36, 0x04, 0x3e, 0xac, 0x88, 0x86, 0x58, 0x48, 0x37, 0x26, 0x34, 0x30, 0x55, 0xd4, 0x10,
+	0x03, 0x81, 0xbc, 0xce, 0x22, 0x6e, 0xbd, 0xc0, 0xac, 0xa6, 0x35, 0xfe, 0x4b, 0xfd, 0xdb, 0xd9,
+	0xb4, 0x40, 0xc9, 0x47, 0xf5, 0x8d, 0x03, 0xcf, 0x21, 0xc4, 0x33, 0x4a, 0xd2, 0xcf, 0x8d, 0x18,
+	0xb4, 0x86, 0x98, 0x14, 0x1e, 0x42, 0x59, 0xf5, 0x0b, 0xd9, 0xb4, 0x50, 0xcf, 0xfb, 0x12, 0x4e,
+	0xb8, 0xee, 0x64, 0xf7, 0xb0, 0xee, 0x1c, 0xbe, 0x38, 0x92, 0x74, 0xe5, 0x68, 0xbf, 0x87, 0x1d,
+	0xa0, 0x70, 0x7e, 0x24, 0x9b, 0x1a, 0x60, 0xfb, 0x44, 0x3a, 0xea, 0x17, 0xb3, 0xa9, 0x01, 0xc2,
+	0x8f, 0xe5, 0x50, 0x4a, 0xd4, 0x96, 0x93, 0xb1, 0xc4, 0x28, 0x9e, 0x59, 0x60, 0xe1, 0x1d, 0x6f,
+	0x9b, 0x96, 0x81, 0x1f, 0x43, 0x67, 0xee, 0xd4, 0x66, 0xb4, 0xfa, 0xed, 0xca, 0x62, 0xb9, 0x7e,
+	0x67, 0xb1, 0x56, 0x9d, 0x99, 0xae, 0xcc, 0x56, 0x66, 0xca, 0x85, 0x1e, 0x7c, 0x0a, 0x8d, 0x85,
+	0xa8, 0xb9, 0x3b, 0x0b, 0xa5, 0xc5, 0x42, 0x06, 0x8f, 0xa3, 0x91, 0x10, 0x38, 0xb5, 0xb4, 0x5c,
+	0xc8, 0x3e, 0xf3, 0x34, 0x1a, 0x82, 0xf5, 0xb5, 0x04, 0xdc, 0xf1, 0x30, 0x1a, 0x58, 0x9a, 0xaa,
+	0xcd, 0x68, 0x77, 0x81, 0x09, 0x42, 0x7d, 0xe5, 0x99, 0x45, 0xca, 0x30, 0xf3, 0xcc, 0xff, 0xca,
+	0x20, 0x54, 0x9b, 0x5d, 0xae, 0x72, 0xc2, 0x21, 0xd4, 0x5f, 0x59, 0xbc, 0x5b, 0x9a, 0xaf, 0x50,
+	0xba, 0x01, 0x94, 0x5f, 0xaa, 0xce, 0xd0, 0x1a, 0x06, 0x51, 0xef, 0xf4, 0xfc, 0x52, 0x6d, 0xa6,
+	0x90, 0xa5, 0x40, 0x6d, 0xa6, 0x54, 0x2e, 0xe4, 0x28, 0xf0, 0x9e, 0x56, 0x59, 0x9e, 0x29, 0xe4,
+	0xe9, 0x9f, 0xf3, 0xb5, 0xe5, 0xd2, 0x72, 0xa1, 0x97, 0xfe, 0x39, 0x0b, 0x7f, 0xf6, 0x51, 0x66,
+	0xb5, 0x99, 0x65, 0xf8, 0xd1, 0x4f, 0x9b, 0x30, 0xeb, 0xff, 0x1a, 0xa0, 0x28, 0xca, 0xba, 0x5c,
+	0xd1, 0x0a, 0x83, 0xf4, 0x07, 0x65, 0x49, 0x7f, 0x20, 0xda, 0x38, 0x6d, 0x66, 0x61, 0xe9, 0xee,
+	0x4c, 0x61, 0x88, 0xf2, 0x5a, 0xb8, 0x4d, 0xc1, 0xc3, 0xf4, 0x4f, 0x6d, 0x81, 0xfe, 0x39, 0x42,
+	0x39, 0x69, 0x33, 0xa5, 0xf9, 0x6a, 0x69, 0x79, 0xae, 0x30, 0x4a, 0xdb, 0x03, 0x3c, 0xc7, 0x58,
+	0xc9, 0xc5, 0xd2, 0xc2, 0x4c, 0xa1, 0xc0, 0x69, 0xca, 0xf3, 0x95, 0xc5, 0xdb, 0x85, 0x71, 0x68,
+	0xc8, 0x5b, 0x0b, 0xf0, 0x03, 0xd3, 0x02, 0xf0, 0xd7, 0xa9, 0x67, 0x3e, 0x83, 0xfa, 0x96, 0x6a,
+	0x60, 0x39, 0x73, 0x0e, 0x9d, 0x5a, 0xaa, 0xd5, 0x97, 0xdf, 0xaa, 0xce, 0x44, 0xe4, 0x3d, 0x8e,
+	0x46, 0x7c, 0xc4, 0x7c, 0x65, 0xf1, 0xce, 0x9b, 0x4c, 0xda, 0x3e, 0x68, 0xa1, 0x34, 0xbd, 0x54,
+	0x2b, 0x64, 0x69, 0xaf, 0xf8, 0xa0, 0x7b, 0x95, 0xc5, 0xf2, 0xd2, 0xbd, 0x5a, 0x21, 0xf7, 0xcc,
+	0x03, 0x3f, 0xe3, 0xd2, 0x92, 0x63, 0xae, 0x9a, 0x16, 0xbe, 0x80, 0x1e, 0x2b, 0xcf, 0xdc, 0xad,
+	0x4c, 0xcf, 0xd4, 0x97, 0xb4, 0xca, 0xad, 0xca, 0x62, 0xa4, 0xa6, 0x33, 0x68, 0x5c, 0x46, 0x97,
+	0xaa, 0x95, 0x42, 0x06, 0x9f, 0x45, 0x58, 0x06, 0xbf, 0x5e, 0x5a, 0x98, 0x2d, 0x64, 0xb1, 0x82,
+	0x4e, 0xcb, 0xf0, 0xca, 0xe2, 0xf2, 0x9d, 0xc5, 0x99, 0x42, 0xee, 0x99, 0x9f, 0xc8, 0xa0, 0x33,
+	0x89, 0x0e, 0x94, 0x58, 0x45, 0x17, 0x67, 0xe6, 0x4b, 0xb5, 0xe5, 0xca, 0x74, 0x6d, 0xa6, 0xa4,
+	0x4d, 0xcf, 0xd5, 0xa7, 0x4b, 0xcb, 0x33, 0xb7, 0x96, 0xb4, 0xb7, 0xea, 0xb7, 0x66, 0x16, 0x67,
+	0xb4, 0xd2, 0x7c, 0xa1, 0x07, 0x3f, 0x85, 0x8a, 0x29, 0x34, 0xb5, 0x99, 0xe9, 0x3b, 0x5a, 0x65,
+	0xf9, 0xad, 0x42, 0x06, 0x3f, 0x89, 0x2e, 0xa4, 0x12, 0xd1, 0xdf, 0x85, 0x2c, 0xbe, 0x88, 0x26,
+	0xd2, 0x48, 0xde, 0x98, 0x2f, 0xe4, 0x9e, 0xf9, 0xe1, 0x0c, 0xc2, 0x71, 0x0f, 0x38, 0xfc, 0x04,
+	0x3a, 0x4f, 0xf5, 0xa2, 0x9e, 0xde, 0xc0, 0x27, 0xd1, 0x85, 0x44, 0x0a, 0xa1, 0x79, 0x45, 0xf4,
+	0x78, 0x0a, 0x09, 0x6f, 0xdc, 0x79, 0xa4, 0x24, 0x13, 0xd0, 0xa6, 0x4d, 0x95, 0xdf, 0xfb, 0x4f,
+	0x17, 0x7b, 0xde, 0xfb, 0xe6, 0xc5, 0xcc, 0xef, 0x7c, 0xf3, 0x62, 0xe6, 0x0f, 0xbf, 0x79, 0x31,
+	0xf3, 0xa9, 0xeb, 0x7b, 0x71, 0x10, 0x64, 0xa3, 0x7f, 0xa5, 0x0f, 0x5c, 0x61, 0x6e, 0xfc, 0xbf,
+	0x00, 0x00, 0x00, 0xff, 0xff, 0x0d, 0xb0, 0x44, 0xda, 0x20, 0x36, 0x01, 0x00,
 }
 
 func (m *Metadata) Marshal() (dAtA []byte, err error) {
@@ -19596,6 +19601,11 @@ func (m *DatabaseSessionStart) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
+	if m.PostgresPID != 0 {
+		i = encodeVarintEvents(dAtA, i, uint64(m.PostgresPID))
+		i--
+		dAtA[i] = 0x40
+	}
 	{
 		size, err := m.DatabaseMetadata.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -33338,6 +33348,9 @@ func (m *DatabaseSessionStart) Size() (n int) {
 	n += 1 + l + sovEvents(uint64(l))
 	l = m.DatabaseMetadata.Size()
 	n += 1 + l + sovEvents(uint64(l))
+	if m.PostgresPID != 0 {
+		n += 1 + sovEvents(uint64(m.PostgresPID))
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -57543,6 +57556,25 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 8:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PostgresPID", wireType)
+			}
+			m.PostgresPID = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowEvents
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.PostgresPID |= uint32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipEvents(dAtA[iNdEx:])
diff --git a/lib/srv/db/audit_test.go b/lib/srv/db/audit_test.go
index 6810ebdb9b531..dee1af78791ee 100644
--- a/lib/srv/db/audit_test.go
+++ b/lib/srv/db/audit_test.go
@@ -52,7 +52,10 @@ func TestAuditPostgres(t *testing.T) {
 	// Connect should trigger successful session start event.
 	psql, err := testCtx.postgresClient(ctx, "alice", "postgres", "postgres", "postgres")
 	require.NoError(t, err)
-	requireEvent(t, testCtx, libevents.DatabaseSessionStartCode)
+	startEvt, ok := requireEvent(t, testCtx, libevents.DatabaseSessionStartCode).(*events.DatabaseSessionStart)
+	require.True(t, ok)
+	require.NotNil(t, startEvt)
+	require.NotZero(t, startEvt.PostgresPID)
 
 	// Simple query should trigger the query event.
 	_, err = psql.Exec(ctx, "select 1").ReadAll()
diff --git a/lib/srv/db/common/audit.go b/lib/srv/db/common/audit.go
index 5a92f1480fcb8..ca5c851a164fa 100644
--- a/lib/srv/db/common/audit.go
+++ b/lib/srv/db/common/audit.go
@@ -114,6 +114,7 @@ func (a *audit) OnSessionStart(ctx context.Context, session *Session, sessionErr
 		Status: events.Status{
 			Success: true,
 		},
+		PostgresPID: session.PostgresPID,
 	}
 
 	// If the database session wasn't started successfully, emit
diff --git a/lib/srv/db/common/session.go b/lib/srv/db/common/session.go
index 7f002a40e49ee..c24a16fb8f6b0 100644
--- a/lib/srv/db/common/session.go
+++ b/lib/srv/db/common/session.go
@@ -60,6 +60,8 @@ type Session struct {
 	LockTargets []types.LockTarget
 	// AuthContext is the identity context of the user.
 	AuthContext *authz.Context
+	// PostgresPID is the Postgres backend PID for the session.
+	PostgresPID uint32
 }
 
 // String returns string representation of the session parameters.
diff --git a/lib/srv/db/postgres/engine.go b/lib/srv/db/postgres/engine.go
index 61997bfb06a7a..61d66b21eda32 100644
--- a/lib/srv/db/postgres/engine.go
+++ b/lib/srv/db/postgres/engine.go
@@ -146,6 +146,8 @@ func (e *Engine) HandleConnection(ctx context.Context, sessionCtx *common.Sessio
 		cancelAutoUserLease()
 		return trace.Wrap(err)
 	}
+	sessionCtx.PostgresPID = hijackedConn.PID
+	e.Log = e.Log.WithField("pg_backend_pid", hijackedConn.PID)
 	e.rawServerConn = hijackedConn.Conn
 	// Release the auto-users semaphore now that we've successfully connected.
 	cancelAutoUserLease()

From 7241d39826626b688b32feb0806b211963fcaaea Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Wed, 23 Oct 2024 18:16:17 -0400
Subject: [PATCH 28/53] docs: remove deny in impersonation (#47871)

---
 .../access-controls/guides/impersonation.mdx    | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
index 3d401c4eecf25..0d679c5db3f69 100644
--- a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
+++ b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
@@ -86,11 +86,6 @@ spec:
       users: ['jenkins']
       roles: ['jenkins']
 
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the `role` resource:
@@ -207,12 +202,6 @@ spec:
       where: >
         equals(impersonate_role.metadata.labels["group"], "security") && 
         equals(impersonate_user.metadata.labels["group"], "security")
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 ```code
@@ -283,12 +272,6 @@ spec:
       where: >
         contains(user.spec.traits["group"], impersonate_role.metadata.labels["group"]) && 
         contains(user.spec.traits["group"], impersonate_user.metadata.labels["group"])
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 While user traits typically come from an external identity provider, we can test

From c5efc3792850b19930613dee86eafe2891faeb01 Mon Sep 17 00:00:00 2001
From: Erik Tate <erik.tate@goteleport.com>
Date: Fri, 25 Oct 2024 10:45:07 -0400
Subject: [PATCH 29/53] checking for a valid home directory now ensures that
 the local user has (#47918)

access and child processes fallback to the root directory ("/") in the
case that they do not

Co-authored-by: Tim Ross <tim.ross@goteleport.com>
---
 constants.go                 |   4 ++
 lib/srv/exec_linux_test.go   |  39 +++++++++---
 lib/srv/reexec.go            | 115 ++++++++++++++++++++++++++++-------
 lib/srv/reexec_test.go       |  75 +++++++++++++++++++++++
 lib/srv/regular/sshserver.go |   2 +-
 5 files changed, 204 insertions(+), 31 deletions(-)

diff --git a/constants.go b/constants.go
index 3277b34035fb9..e44ad1aca8913 100644
--- a/constants.go
+++ b/constants.go
@@ -526,6 +526,10 @@ const (
 	// HomeDirNotFound is returned when a the "teleport checkhomedir" command cannot
 	// find the user's home directory.
 	HomeDirNotFound = 254
+	// HomeDirNotAccessible is returned when a the "teleport checkhomedir" command has
+	// found the user's home directory, but the user does NOT have permissions to
+	// access it.
+	HomeDirNotAccessible = 253
 )
 
 // MaxEnvironmentFileLines is the maximum number of lines in a environment file.
diff --git a/lib/srv/exec_linux_test.go b/lib/srv/exec_linux_test.go
index b0e1c6dca1ee1..480b3a202863a 100644
--- a/lib/srv/exec_linux_test.go
+++ b/lib/srv/exec_linux_test.go
@@ -24,6 +24,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"path/filepath"
 	"strconv"
 	"syscall"
 	"testing"
@@ -31,20 +32,47 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/lib/utils/host"
 )
 
 func TestOSCommandPrep(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("This test will be skipped because tests are not being run as root")
+	}
+
 	srv := newMockServer(t)
 	scx := newExecServerContext(t, srv)
 
-	usr, err := user.Current()
+	// because CheckHomeDir now inspects access to the home directory as the actual user after a rexec,
+	// we need to setup a real, non-root user with a valid home directory in order for this test to
+	// exercise the correct paths
+	tempHome := t.TempDir()
+	require.NoError(t, os.Chmod(filepath.Dir(tempHome), 0777))
+
+	username := "test-os-command-prep"
+	scx.Identity.Login = username
+	_, err := host.UserAdd(username, nil, tempHome, "", "")
 	require.NoError(t, err)
+	t.Cleanup(func() {
+		// change homedir back so user deletion doesn't fail
+		changeHomeDir(t, username, tempHome)
+		_, err := host.UserDel(username)
+		require.NoError(t, err)
+	})
 
+	usr, err := user.Lookup(username)
+	require.NoError(t, err)
+
+	uid, err := strconv.Atoi(usr.Uid)
+	require.NoError(t, err)
+
+	require.NoError(t, os.Chown(tempHome, uid, -1))
 	expectedEnv := []string{
 		"LANG=en_US.UTF-8",
-		getDefaultEnvPath(strconv.Itoa(os.Geteuid()), defaultLoginDefsPath),
+		getDefaultEnvPath(usr.Uid, defaultLoginDefsPath),
 		fmt.Sprintf("HOME=%s", usr.HomeDir),
-		fmt.Sprintf("USER=%s", usr.Username),
+		fmt.Sprintf("USER=%s", username),
 		"SHELL=/bin/sh",
 		"SSH_CLIENT=10.0.0.5 4817 3022",
 		"SSH_CONNECTION=10.0.0.5 4817 127.0.0.1 3022",
@@ -97,12 +125,9 @@ func TestOSCommandPrep(t *testing.T) {
 	require.Equal(t, []string{"/bin/sh", "-c", "top"}, cmd.Args)
 	require.Equal(t, syscall.SIGKILL, cmd.SysProcAttr.Pdeathsig)
 
-	if os.Geteuid() != 0 {
-		t.Skip("skipping portion of test which must run as root")
-	}
-
 	// Missing home directory - HOME should still be set to the given
 	// home dir, but the command should set it's CWD to root instead.
+	changeHomeDir(t, username, "/wrong/place")
 	usr.HomeDir = "/wrong/place"
 	root := string(os.PathSeparator)
 	expectedEnv[2] = "HOME=/wrong/place"
diff --git a/lib/srv/reexec.go b/lib/srv/reexec.go
index 9c94dcd4cf31f..e848a5df78851 100644
--- a/lib/srv/reexec.go
+++ b/lib/srv/reexec.go
@@ -610,6 +610,8 @@ func (o *osWrapper) startNewParker(ctx context.Context, credential *syscall.Cred
 	return nil
 }
 
+const rootDirectory = "/"
+
 // RunForward reads in the command to run from the parent process (over a
 // pipe) then port forwards.
 func RunForward() (errw io.Writer, code int, err error) {
@@ -713,16 +715,21 @@ func RunForward() (errw io.Writer, code int, err error) {
 	}
 }
 
-// runCheckHomeDir check's if the active user's $HOME dir exists.
+// runCheckHomeDir checks if the active user's $HOME dir exists and is accessible.
 func runCheckHomeDir() (errw io.Writer, code int, err error) {
-	home, err := os.UserHomeDir()
-	if err != nil {
-		return io.Discard, teleport.HomeDirNotFound, nil
-	}
-	if !utils.IsDir(home) {
-		return io.Discard, teleport.HomeDirNotFound, nil
+	code = teleport.RemoteCommandSuccess
+	if err := hasAccessibleHomeDir(); err != nil {
+		switch {
+		case trace.IsNotFound(err), trace.IsBadParameter(err):
+			code = teleport.HomeDirNotFound
+		case trace.IsAccessDenied(err):
+			code = teleport.HomeDirNotAccessible
+		default:
+			code = teleport.RemoteCommandFailure
+		}
 	}
-	return io.Discard, teleport.RemoteCommandSuccess, nil
+
+	return io.Discard, code, nil
 }
 
 // runPark does nothing, forever.
@@ -896,18 +903,20 @@ func buildCommand(c *ExecCommand, localUser *user.User, tty *os.File, pamEnviron
 	// Set the command's cwd to the user's $HOME, or "/" if
 	// they don't have an existing home dir.
 	// TODO (atburke): Generalize this to support Windows.
-	exists, err := CheckHomeDir(localUser)
+	hasAccess, err := CheckHomeDir(localUser)
 	if err != nil {
 		return nil, trace.Wrap(err)
-	} else if exists {
+	}
+
+	if hasAccess {
 		cmd.Dir = localUser.HomeDir
-	} else if !exists {
+	} else {
 		// Write failure to find home dir to stdout, same as OpenSSH.
-		msg := fmt.Sprintf("Could not set shell's cwd to home directory %q, defaulting to %q\n", localUser.HomeDir, string(os.PathSeparator))
+		msg := fmt.Sprintf("Could not set shell's cwd to home directory %q, defaulting to %q\n", localUser.HomeDir, rootDirectory)
 		if _, err := cmd.Stdout.Write([]byte(msg)); err != nil {
 			return nil, trace.Wrap(err)
 		}
-		cmd.Dir = string(os.PathSeparator)
+		cmd.Dir = rootDirectory
 	}
 
 	// Only set process credentials if the UID/GID of the requesting user are
@@ -1041,16 +1050,73 @@ func copyCommand(ctx *ServerContext, cmdmsg *ExecCommand) {
 	}
 }
 
-// CheckHomeDir checks if the user's home dir exists
+func coerceHomeDirError(usr *user.User, err error) error {
+	if os.IsNotExist(err) {
+		return trace.NotFound("home directory %q not found for user %q", usr.HomeDir, usr.Name)
+	}
+
+	if os.IsPermission(err) {
+		return trace.AccessDenied("%q does not have permission to access %q", usr.Name, usr.HomeDir)
+	}
+
+	return err
+}
+
+// hasAccessibleHomeDir checks if the current user has access to an existing home directory.
+func hasAccessibleHomeDir() error {
+	// this should usually be fetching a cached value
+	currentUser, err := user.Current()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	fi, err := os.Stat(currentUser.HomeDir)
+	if err != nil {
+		return trace.Wrap(coerceHomeDirError(currentUser, err))
+	}
+
+	if !fi.IsDir() {
+		return trace.BadParameter("%q is not a directory", currentUser.HomeDir)
+	}
+
+	cwd, err := os.Getwd()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	// make sure we return to the original working directory
+	defer os.Chdir(cwd)
+
+	// attemping to cd into the target directory is the easiest, cross-platform way to test
+	// whether or not the current user has access
+	if err := os.Chdir(currentUser.HomeDir); err != nil {
+		return trace.Wrap(coerceHomeDirError(currentUser, err))
+	}
+
+	return nil
+}
+
+// CheckHomeDir checks if the user's home directory exists and is accessible to the user. Only catastrophic
+// errors will be returned, which means a missing, inaccessible, or otherwise invalid home directory will result
+// in a return of (false, nil)
 func CheckHomeDir(localUser *user.User) (bool, error) {
-	if fi, err := os.Stat(localUser.HomeDir); err == nil {
-		return fi.IsDir(), nil
+	currentUser, err := user.Current()
+	if err != nil {
+		return false, trace.Wrap(err)
+	}
+
+	// don't spawn a subcommand if already running as the user in question
+	if currentUser.Uid == localUser.Uid {
+		if err := hasAccessibleHomeDir(); err != nil {
+			if trace.IsNotFound(err) || trace.IsAccessDenied(err) || trace.IsBadParameter(err) {
+				return false, nil
+			}
+
+			return false, trace.Wrap(err)
+		}
+
+		return true, nil
 	}
 
-	// In some environments, the user's home directory exists but isn't visible to
-	// root, e.g. /home is mounted to an nfs export with root_squash enabled.
-	// In case we are in that scenario, re-exec teleport as the user to check
-	// if the home dir actually does exist.
 	executable, err := os.Executable()
 	if err != nil {
 		return false, trace.Wrap(err)
@@ -1066,6 +1132,7 @@ func CheckHomeDir(localUser *user.User) (bool, error) {
 		Path: executable,
 		Args: []string{executable, teleport.CheckHomeDirSubCommand},
 		Env:  []string{"HOME=" + localUser.HomeDir},
+		Dir:  rootDirectory,
 		SysProcAttr: &syscall.SysProcAttr{
 			Setsid:     true,
 			Credential: credential,
@@ -1076,11 +1143,13 @@ func CheckHomeDir(localUser *user.User) (bool, error) {
 	reexecCommandOSTweaks(cmd)
 
 	if err := cmd.Run(); err != nil {
-		if cmd.ProcessState.ExitCode() == teleport.HomeDirNotFound {
-			return false, nil
+		if cmd.ProcessState.ExitCode() == teleport.RemoteCommandFailure {
+			return false, trace.Wrap(err)
 		}
-		return false, trace.Wrap(err)
+
+		return false, nil
 	}
+
 	return true, nil
 }
 
diff --git a/lib/srv/reexec_test.go b/lib/srv/reexec_test.go
index 33c3e21e15387..5818c8af2a2f5 100644
--- a/lib/srv/reexec_test.go
+++ b/lib/srv/reexec_test.go
@@ -21,16 +21,20 @@ package srv
 import (
 	"context"
 	"fmt"
+	"os"
 	"os/exec"
 	"os/user"
+	"path/filepath"
 	"strconv"
 	"syscall"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/lib/utils/host"
 )
 
 type stubUser struct {
@@ -173,3 +177,74 @@ func TestStartNewParker(t *testing.T) {
 		})
 	}
 }
+
+func TestRootCheckHomeDir(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("This test will be skipped because tests are not being run as root")
+	}
+
+	tmp := t.TempDir()
+	require.NoError(t, os.Chmod(filepath.Dir(tmp), 0777))
+	require.NoError(t, os.Chmod(tmp, 0777))
+
+	home := filepath.Join(tmp, "home")
+	noAccess := filepath.Join(tmp, "no_access")
+	file := filepath.Join(tmp, "file")
+	notFound := filepath.Join(tmp, "not_found")
+
+	require.NoError(t, os.Mkdir(home, 0700))
+	require.NoError(t, os.Mkdir(noAccess, 0700))
+	_, err := os.Create(file)
+	require.NoError(t, err)
+
+	login := "test-user-check-home-dir"
+	_, err = host.UserAdd(login, nil, home, "", "")
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		// change back to accessible home so deletion works
+		changeHomeDir(t, login, home)
+		_, err := host.UserDel(login)
+		require.NoError(t, err)
+	})
+
+	testUser, err := user.Lookup(login)
+	require.NoError(t, err)
+
+	uid, err := strconv.Atoi(testUser.Uid)
+	require.NoError(t, err)
+
+	gid, err := strconv.Atoi(testUser.Gid)
+	require.NoError(t, err)
+
+	require.NoError(t, os.Chown(home, uid, gid))
+	require.NoError(t, os.Chown(file, uid, gid))
+
+	hasAccess, err := CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.True(t, hasAccess)
+
+	changeHomeDir(t, login, file)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+
+	changeHomeDir(t, login, notFound)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+
+	changeHomeDir(t, login, noAccess)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+}
+
+func changeHomeDir(t *testing.T, username, home string) {
+	usermodBin, err := exec.LookPath("usermod")
+	assert.NoError(t, err, "usermod binary must be present")
+
+	cmd := exec.Command(usermodBin, "--home", home, username)
+	_, err = cmd.CombinedOutput()
+	assert.NoError(t, err, "changing home should not error")
+	assert.Equal(t, 0, cmd.ProcessState.ExitCode(), "changing home should exit 0")
+}
diff --git a/lib/srv/regular/sshserver.go b/lib/srv/regular/sshserver.go
index e2e06f1b80b05..5916e1dbfd20d 100644
--- a/lib/srv/regular/sshserver.go
+++ b/lib/srv/regular/sshserver.go
@@ -1282,7 +1282,7 @@ func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionCont
 	// Create host user.
 	created, userCloser, err := s.termHandlers.SessionRegistry.UpsertHostUser(identityContext)
 	if err != nil {
-		log.Infof("error while creating host users: %s", err)
+		log.Warnf("error while creating host users: %s", err)
 	}
 
 	// Indicate that the user was created by Teleport.

From 25d0715898e940be0a34f8cbb109af0e83df784a Mon Sep 17 00:00:00 2001
From: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Date: Fri, 25 Oct 2024 19:11:43 +0200
Subject: [PATCH 30/53] Fix connected resource counts after keepalive errors
 (#47931) (#47951)

* Fix connected resource counts after keepalive errors

* Log server_id when cleaning up resources
---
 lib/auth/auth.go                 |  4 +--
 lib/inventory/controller.go      | 32 ++++++++++++----------
 lib/inventory/controller_test.go | 47 +++++++++++++++++++++++++++++++-
 3 files changed, 66 insertions(+), 17 deletions(-)

diff --git a/lib/auth/auth.go b/lib/auth/auth.go
index 5cf485c64c09a..c8a53890645e8 100644
--- a/lib/auth/auth.go
+++ b/lib/auth/auth.go
@@ -410,9 +410,9 @@ func NewServer(cfg *InitConfig, opts ...ServerOption) (*Server, error) {
 				log.Warnf("missing connected resources gauge for keep alive %s (this is a bug)", s)
 			}
 		}),
-		inventory.WithOnDisconnect(func(s string) {
+		inventory.WithOnDisconnect(func(s string, c int) {
 			if g, ok := connectedResourceGauges[s]; ok {
-				g.Dec()
+				g.Sub(float64(c))
 			} else {
 				log.Warnf("missing connected resources gauge for keep alive %s (this is a bug)", s)
 			}
diff --git a/lib/inventory/controller.go b/lib/inventory/controller.go
index 953ab8e9fcfc7..5b501cf33e032 100644
--- a/lib/inventory/controller.go
+++ b/lib/inventory/controller.go
@@ -98,7 +98,7 @@ type controllerOptions struct {
 	authID             string
 	instanceHeartbeats bool
 	onConnectFunc      func(string)
-	onDisconnectFunc   func(string)
+	onDisconnectFunc   func(string, int)
 }
 
 func (options *controllerOptions) SetDefaults() {
@@ -125,11 +125,11 @@ func (options *controllerOptions) SetDefaults() {
 	}
 
 	if options.onConnectFunc == nil {
-		options.onConnectFunc = func(s string) {}
+		options.onConnectFunc = func(string) {}
 	}
 
 	if options.onDisconnectFunc == nil {
-		options.onDisconnectFunc = func(s string) {}
+		options.onDisconnectFunc = func(string, int) {}
 	}
 }
 
@@ -159,12 +159,12 @@ func WithOnConnect(f func(heartbeatKind string)) ControllerOption {
 	}
 }
 
-// WithOnDisconnect sets a function to be called every time an existing
-// instance disconnects from the inventory control stream. The value
-// provided to the callback is the keep alive type of the disconnected
-// resource. The callback should return quickly so as not to prevent
-// processing of heartbeats.
-func WithOnDisconnect(f func(heartbeatKind string)) ControllerOption {
+// WithOnDisconnect sets a function to be called every time an existing instance
+// disconnects from the inventory control stream. The values provided to the
+// callback are the keep alive type of the disconnected resource, as well as a
+// count of how many resources disconnected at once. The callback should return
+// quickly so as not to prevent processing of heartbeats.
+func WithOnDisconnect(f func(heartbeatKind string, amount int)) ControllerOption {
 	return func(opts *controllerOptions) {
 		opts.onDisconnectFunc = f
 	}
@@ -204,7 +204,7 @@ type Controller struct {
 	usageReporter      usagereporter.UsageReporter
 	testEvents         chan testEvent
 	onConnectFunc      func(string)
-	onDisconnectFunc   func(string)
+	onDisconnectFunc   func(string, int)
 	closeContext       context.Context
 	cancel             context.CancelFunc
 
@@ -312,7 +312,10 @@ func (c *Controller) handleControlStream(handle *upstreamHandle) {
 
 	defer func() {
 		if handle.goodbye.GetDeleteResources() {
-			log.WithField("apps", len(handle.appServers)).Debug("Cleaning up resources in response to instance termination")
+			log.WithFields(log.Fields{
+				"apps":      len(handle.appServers),
+				"server_id": handle.Hello().ServerID,
+			}).Debug("Cleaning up resources in response to instance termination")
 			for _, app := range handle.appServers {
 				if err := c.auth.DeleteApplicationServer(c.closeContext, apidefaults.Namespace, app.resource.GetHostID(), app.resource.GetName()); err != nil && !trace.IsNotFound(err) {
 					log.Warnf("Failed to remove app server %q on termination: %v.", handle.Hello().ServerID, err)
@@ -328,11 +331,11 @@ func (c *Controller) handleControlStream(handle *upstreamHandle) {
 		handle.ticker.Stop()
 
 		if handle.sshServer != nil {
-			c.onDisconnectFunc(constants.KeepAliveNode)
+			c.onDisconnectFunc(constants.KeepAliveNode, 1)
 		}
 
-		for range handle.appServers {
-			c.onDisconnectFunc(constants.KeepAliveApp)
+		if len(handle.appServers) > 0 {
+			c.onDisconnectFunc(constants.KeepAliveApp, len(handle.appServers))
 		}
 
 		clear(handle.appServers)
@@ -671,6 +674,7 @@ func (c *Controller) keepAliveAppServer(handle *upstreamHandle, now time.Time) e
 
 				if shouldRemove {
 					c.testEvent(appKeepAliveDel)
+					c.onDisconnectFunc(constants.KeepAliveApp, 1)
 					delete(handle.appServers, name)
 				}
 			} else {
diff --git a/lib/inventory/controller_test.go b/lib/inventory/controller_test.go
index d5eab3c9b1efb..03b8b9e67c00a 100644
--- a/lib/inventory/controller_test.go
+++ b/lib/inventory/controller_test.go
@@ -142,11 +142,14 @@ func TestSSHServerBasics(t *testing.T) {
 		expectAddr: wantAddr,
 	}
 
+	rc := &resourceCounter{}
 	controller := NewController(
 		auth,
 		usagereporter.DiscardUsageReporter{},
 		withServerKeepAlive(time.Millisecond*200),
 		withTestEventsChannel(events),
+		WithOnConnect(rc.onConnect),
+		WithOnDisconnect(rc.onDisconnect),
 	)
 	defer controller.Close()
 
@@ -272,6 +275,9 @@ func TestSSHServerBasics(t *testing.T) {
 		t.Fatal("timeout waiting for handle closure")
 	}
 
+	// verify that metrics have been updated correctly
+	require.Zero(t, 0, rc.count())
+
 	// verify that the peer address of the control stream was used to override
 	// zero-value IPs for heartbeats.
 	auth.mu.Lock()
@@ -295,11 +301,14 @@ func TestAppServerBasics(t *testing.T) {
 
 	auth := &fakeAuth{}
 
+	rc := &resourceCounter{}
 	controller := NewController(
 		auth,
 		usagereporter.DiscardUsageReporter{},
 		withServerKeepAlive(time.Millisecond*200),
 		withTestEventsChannel(events),
+		WithOnConnect(rc.onConnect),
+		WithOnDisconnect(rc.onDisconnect),
 	)
 	defer controller.Close()
 
@@ -482,6 +491,9 @@ func TestAppServerBasics(t *testing.T) {
 	case <-closeTimeout:
 		t.Fatal("timeout waiting for handle closure")
 	}
+
+	// verify that metrics have been updated correctly
+	require.Zero(t, rc.count())
 }
 
 // TestInstanceHeartbeat verifies basic expected behaviors for instance heartbeat.
@@ -857,7 +869,6 @@ func TestGoodbye(t *testing.T) {
 }
 
 func TestGetSender(t *testing.T) {
-
 	controller := NewController(
 		&fakeAuth{},
 		usagereporter.DiscardUsageReporter{},
@@ -968,3 +979,37 @@ func awaitEvents(t *testing.T, ch <-chan testEvent, opts ...eventOption) {
 		}
 	}
 }
+
+type resourceCounter struct {
+	mu sync.Mutex
+	c  map[string]int
+}
+
+func (r *resourceCounter) onConnect(typ string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if r.c == nil {
+		r.c = make(map[string]int)
+	}
+	r.c[typ]++
+}
+
+func (r *resourceCounter) onDisconnect(typ string, amount int) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if r.c == nil {
+		r.c = make(map[string]int)
+	}
+	r.c[typ] -= amount
+}
+
+func (r *resourceCounter) count() int {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	var count int
+	for _, v := range r.c {
+		count += v
+	}
+	return count
+}

From 102658f5168bff2985838a8660a5439762990d4d Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Fri, 25 Oct 2024 17:21:07 +0000
Subject: [PATCH 31/53] Prevent racy access to session parties (#47936)

Prefer using session.getParties instead of using session.parties
directly to prevent races when new parties are added. Any functions
that are using session.parties AND are called from another function
that already obtains the lock have been renamed to reflect that
they must only be called if the session lock is held.
---
 lib/srv/sess.go | 46 +++++++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 21 deletions(-)

diff --git a/lib/srv/sess.go b/lib/srv/sess.go
index 94abc49b08c53..26211ee32dca7 100644
--- a/lib/srv/sess.go
+++ b/lib/srv/sess.go
@@ -413,7 +413,9 @@ func (s *SessionRegistry) OpenExecSession(ctx context.Context, channel ssh.Chann
 		return trace.Wrap(err)
 	}
 
-	canStart, _, err := sess.checkIfStart()
+	sess.mu.Lock()
+	canStart, _, err := sess.checkIfStartUnderLock()
+	sess.mu.Unlock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -500,7 +502,7 @@ func (s *SessionRegistry) isApprovedFileTransfer(scx *ServerContext) (bool, erro
 		sess.fileTransferReq = nil
 
 		sess.BroadcastMessage("file transfer request %s denied due to %s attempting to transfer files", req.ID, scx.Identity.TeleportUser)
-		_ = s.NotifyFileTransferRequest(req, FileTransferDenied, scx)
+		_ = s.notifyFileTransferRequestUnderLock(req, FileTransferDenied, scx)
 
 		return false, trace.AccessDenied("Teleport user does not match original requester")
 	}
@@ -533,9 +535,9 @@ const (
 	FileTransferDenied FileTransferRequestEvent = "file_transfer_request_deny"
 )
 
-// NotifyFileTransferRequest is called to notify all members of a party that a file transfer request has been created/approved/denied.
+// notifyFileTransferRequestUnderLock is called to notify all members of a party that a file transfer request has been created/approved/denied.
 // The notification is a global ssh request and requires the client to update its UI state accordingly.
-func (s *SessionRegistry) NotifyFileTransferRequest(req *FileTransferRequest, res FileTransferRequestEvent, scx *ServerContext) error {
+func (s *SessionRegistry) notifyFileTransferRequestUnderLock(req *FileTransferRequest, res FileTransferRequestEvent, scx *ServerContext) error {
 	session := scx.getSession()
 	if session == nil {
 		s.log.Debugf("Unable to notify %s, no session found in context.", res)
@@ -1074,7 +1076,7 @@ func (s *session) emitSessionJoinEvent(ctx *ServerContext) {
 
 	// Notify all members of the party that a new member has joined over the
 	// "x-teleport-event" channel.
-	for _, p := range s.parties {
+	for _, p := range s.getParties() {
 		if len(notifyPartyPayload) == 0 {
 			s.log.Warnf("No join event to send to %v", p.sconn.RemoteAddr())
 			continue
@@ -1092,10 +1094,10 @@ func (s *session) emitSessionJoinEvent(ctx *ServerContext) {
 	}
 }
 
-// emitSessionLeaveEvent emits a session leave event to both the Audit Log as
+// emitSessionLeaveEventUnderLock emits a session leave event to both the Audit Log as
 // well as sending a "x-teleport-event" global request on the SSH connection.
 // Must be called under session Lock.
-func (s *session) emitSessionLeaveEvent(ctx *ServerContext) {
+func (s *session) emitSessionLeaveEventUnderLock(ctx *ServerContext) {
 	sessionLeaveEvent := &apievents.SessionLeave{
 		Metadata: apievents.Metadata{
 			Type:        events.SessionLeaveEvent,
@@ -1289,7 +1291,9 @@ func (s *session) launch() {
 // startInteractive starts a new interactive process (or a shell) in the
 // current session.
 func (s *session) startInteractive(ctx context.Context, scx *ServerContext, p *party) error {
-	canStart, _, err := s.checkIfStart()
+	s.mu.Lock()
+	canStart, _, err := s.checkIfStartUnderLock()
+	s.mu.Unlock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1554,11 +1558,8 @@ func (s *session) startExec(ctx context.Context, channel ssh.Channel, scx *Serve
 }
 
 func (s *session) broadcastResult(r ExecResult) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
 	payload := ssh.Marshal(struct{ C uint32 }{C: uint32(r.Code)})
-	for _, p := range s.parties {
+	for _, p := range s.getParties() {
 		if _, err := p.ch.SendRequest("exit-status", false, payload); err != nil {
 			s.log.Infof("Failed to send exit status for %v: %v", r.Command, err)
 		}
@@ -1566,7 +1567,7 @@ func (s *session) broadcastResult(r ExecResult) {
 }
 
 func (s *session) String() string {
-	return fmt.Sprintf("session(id=%v, parties=%v)", s.id, len(s.parties))
+	return fmt.Sprintf("session(id=%v, parties=%v)", s.id, len(s.getParties()))
 }
 
 // removePartyUnderLock removes the party from the in-memory map that holds all party members
@@ -1592,9 +1593,9 @@ func (s *session) removePartyUnderLock(p *party) error {
 
 	// Emit session leave event to both the Audit Log and over the
 	// "x-teleport-event" channel in the SSH connection.
-	s.emitSessionLeaveEvent(p.ctx)
+	s.emitSessionLeaveEventUnderLock(p.ctx)
 
-	canRun, policyOptions, err := s.checkIfStart()
+	canRun, policyOptions, err := s.checkIfStartUnderLock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1819,7 +1820,7 @@ func (s *session) addFileTransferRequest(params *rsession.FileTransferRequestPar
 	} else {
 		s.BroadcastMessage("User %s would like to upload %s to: %s", params.Requester, params.Filename, params.Location)
 	}
-	err = s.registry.NotifyFileTransferRequest(s.fileTransferReq, FileTransferUpdate, scx)
+	err = s.registry.notifyFileTransferRequestUnderLock(s.fileTransferReq, FileTransferUpdate, scx)
 
 	return trace.Wrap(err)
 }
@@ -1862,7 +1863,7 @@ func (s *session) approveFileTransferRequest(params *rsession.FileTransferDecisi
 	} else {
 		eventType = FileTransferUpdate
 	}
-	err = s.registry.NotifyFileTransferRequest(s.fileTransferReq, eventType, scx)
+	err = s.registry.notifyFileTransferRequestUnderLock(s.fileTransferReq, eventType, scx)
 
 	return trace.Wrap(err)
 }
@@ -1895,12 +1896,15 @@ func (s *session) denyFileTransferRequest(params *rsession.FileTransferDecisionP
 	s.fileTransferReq = nil
 
 	s.BroadcastMessage("%s denied file transfer request %s", scx.Identity.TeleportUser, req.ID)
-	err := s.registry.NotifyFileTransferRequest(req, FileTransferDenied, scx)
+	err := s.registry.notifyFileTransferRequestUnderLock(req, FileTransferDenied, scx)
 
 	return trace.Wrap(err)
 }
 
-func (s *session) checkIfStart() (bool, auth.PolicyOptions, error) {
+// checkIfStartUnderLock determines if any moderation policies associated with
+// the session are satisfied.
+// Must be called under session Lock.
+func (s *session) checkIfStartUnderLock() (bool, auth.PolicyOptions, error) {
 	var participants []auth.SessionAccessContext
 
 	for _, party := range s.parties {
@@ -1939,7 +1943,7 @@ func (s *session) addParty(p *party, mode types.SessionParticipantMode) error {
 	}
 
 	if len(s.parties) == 0 {
-		canStart, _, err := s.checkIfStart()
+		canStart, _, err := s.checkIfStartUnderLock()
 		if err != nil {
 			return trace.Wrap(err)
 		}
@@ -1992,7 +1996,7 @@ func (s *session) addParty(p *party, mode types.SessionParticipantMode) error {
 	}
 
 	if s.tracker.GetState() == types.SessionState_SessionStatePending {
-		canStart, _, err := s.checkIfStart()
+		canStart, _, err := s.checkIfStartUnderLock()
 		if err != nil {
 			return trace.Wrap(err)
 		}

From 5fdae8b51758bf9a2644cbb8315658c79abafeb3 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Fri, 25 Oct 2024 17:21:48 +0000
Subject: [PATCH 32/53] Fix flay TestIntegrations/ProxyHostKeyCheck (#47939)

---
 integration/integration_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/integration/integration_test.go b/integration/integration_test.go
index e163329276273..116d9c1f02c01 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -5052,6 +5052,13 @@ func testProxyHostKeyCheck(t *testing.T, suite *integrationTestSuite) {
 			_, err = clt.UpsertNode(context.Background(), server)
 			require.NoError(t, err)
 
+			// Wait for the node to be visible before continuing.
+			require.EventuallyWithT(t, func(t *assert.CollectT) {
+				found, err := clt.GetNodes(context.Background(), defaults.Namespace)
+				assert.NoError(t, err)
+				assert.Len(t, found, 2)
+			}, 10*time.Second, 100*time.Millisecond)
+
 			_, err = runCommand(t, instance, []string{"echo hello"}, clientConfig, 1)
 
 			// check if we were able to exec the command or not

From 31957409573118710a01a672cbc59d78f8844dcd Mon Sep 17 00:00:00 2001
From: "teleport-post-release-automation[bot]"
 <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Date: Sat, 26 Oct 2024 09:17:14 -0400
Subject: [PATCH 33/53] [auto] docs: Update version to v14.3.32 (#47151)

Co-authored-by: GitHub <noreply@github.com>
---
 docs/config.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/config.json b/docs/config.json
index c7554e98e3095..fd37c89f43fdd 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -206,19 +206,19 @@
     },
     "teleport": {
       "major_version": "14",
-      "version": "14.3.31",
+      "version": "14.3.32",
       "git": "api/14.0.0-gd1e081e",
       "url": "teleport.example.com",
       "golang": "1.21",
       "plugin": {
-        "version": "14.3.31"
+        "version": "14.3.32"
       },
       "helm_repo_url": "https://charts.releases.teleport.dev",
-      "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:14.3.31",
-      "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:14.3.31",
-      "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:14.3.31",
-      "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:14.3.31",
-      "teleport_install_script_url": "https://cdn.teleport.dev/install-v14.3.31.sh"
+      "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:14.3.32",
+      "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:14.3.32",
+      "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:14.3.32",
+      "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:14.3.32",
+      "teleport_install_script_url": "https://cdn.teleport.dev/install-v14.3.32.sh"
     },
     "terraform": {
       "version": "1.0.0"

From 4d6b4bb2f0588c2a20908855b81ff06c7c125ddf Mon Sep 17 00:00:00 2001
From: Marco Dinis <marco.dinis@goteleport.com>
Date: Mon, 28 Oct 2024 10:03:30 +0000
Subject: [PATCH 34/53] [v14] Fix UserContext SSO detection in UI for Okta
 Users (#47944) (#47959)

* Fix UserContext SSO detection in UI for Okta Users (#47944)

* Fix UserContext SSO detection in UI for Okta Users

Okta imported users are not being properly identified as SSO users.
Okta does not set any of the Users' identities and instead only sets the
User.Connector.CreatedBy field.

When building the UserContext, which is used by the WebUI, it was
returning `local` user type for Okta users.

* move usertype check to types.User

* remove User.Status field which only exists on 15+
---
 api/types/user.go              | 10 +++++++---
 lib/web/ui/usercontext.go      |  4 +---
 lib/web/ui/usercontext_test.go | 18 +++++++++++++++++-
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/api/types/user.go b/api/types/user.go
index 8a27369e21532..5769e53fd62b9 100644
--- a/api/types/user.go
+++ b/api/types/user.go
@@ -497,11 +497,15 @@ func (u UserV2) GetGCPServiceAccounts() []string {
 
 // GetUserType indicates if the User was created by an SSO Provider or locally.
 func (u UserV2) GetUserType() UserType {
-	if u.GetCreatedBy().Connector == nil {
-		return UserTypeLocal
+	if u.GetCreatedBy().Connector != nil ||
+		len(u.GetOIDCIdentities()) > 0 ||
+		len(u.GetGithubIdentities()) > 0 ||
+		len(u.GetSAMLIdentities()) > 0 {
+
+		return UserTypeSSO
 	}
 
-	return UserTypeSSO
+	return UserTypeLocal
 }
 
 // IsBot returns true if the user is a bot.
diff --git a/lib/web/ui/usercontext.go b/lib/web/ui/usercontext.go
index 0ccef5c69ba31..cf16947ba82a0 100644
--- a/lib/web/ui/usercontext.go
+++ b/lib/web/ui/usercontext.go
@@ -100,9 +100,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto.
 	authType := authLocal
 
 	// check for any SSO identities
-	isSSO := len(user.GetOIDCIdentities()) > 0 ||
-		len(user.GetGithubIdentities()) > 0 ||
-		len(user.GetSAMLIdentities()) > 0
+	isSSO := user.GetUserType() == types.UserTypeSSO
 
 	if isSSO {
 		// SSO user
diff --git a/lib/web/ui/usercontext_test.go b/lib/web/ui/usercontext_test.go
index 569a42269c26c..cd54e0cccc241 100644
--- a/lib/web/ui/usercontext_test.go
+++ b/lib/web/ui/usercontext_test.go
@@ -61,7 +61,23 @@ func TestNewUserContext(t *testing.T) {
 	user.Spec.GithubIdentities = []types.ExternalIdentity{{ConnectorID: "foo", Username: "bar"}}
 	userContext, err = NewUserContext(user, roleSet, proto.Features{}, true, false)
 	require.NoError(t, err)
-	require.Equal(t, userContext.AuthType, authSSO)
+	require.Equal(t, authSSO, userContext.AuthType)
+
+	// test sso auth type for users with the CreatedBy.Connector field set.
+	// Eg users import from okta do not have any <IdP>Identities, so the CreatedBy.Connector must be checked.
+	userCreatedExternally := &types.UserV2{
+		Metadata: types.Metadata{
+			Name: "root",
+		},
+		Spec: types.UserSpecV2{
+			CreatedBy: types.CreatedBy{
+				Connector: &types.ConnectorRef{},
+			},
+		},
+	}
+	userContext, err = NewUserContext(userCreatedExternally, roleSet, proto.Features{}, true, false)
+	require.NoError(t, err)
+	require.Equal(t, authSSO, userContext.AuthType)
 }
 
 func TestNewUserContextCloud(t *testing.T) {

From cca8ebe5ada9d99c124ce54805511df9db99dbbf Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Tue, 29 Oct 2024 17:09:22 +0000
Subject: [PATCH 35/53] [kube] add server_id to targets when monitoring
 exec/portforward connections (#48078)

This PR adds the target server_id (kubernetes service) when proxy establishes a connection to support kubectl exec and portforward. This allows proxies to terminate early the connection without relying on the upstream to terminate it.
---
 lib/kube/proxy/forwarder.go | 22 +++++++++++++++++-----
 lib/kube/proxy/roundtrip.go |  1 -
 lib/kube/proxy/transport.go | 23 ++++++++++++++++++++---
 3 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/lib/kube/proxy/forwarder.go b/lib/kube/proxy/forwarder.go
index 98160c470d98d..ba0beb4369792 100644
--- a/lib/kube/proxy/forwarder.go
+++ b/lib/kube/proxy/forwarder.go
@@ -2176,7 +2176,7 @@ func (s *clusterSession) close() {
 	}
 }
 
-func (s *clusterSession) monitorConn(conn net.Conn, err error) (net.Conn, error) {
+func (s *clusterSession) monitorConn(conn net.Conn, err error, hostID string) (net.Conn, error) {
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -2191,10 +2191,18 @@ func (s *clusterSession) monitorConn(conn net.Conn, err error) (net.Conn, error)
 		s.connMonitorCancel(err)
 		return nil, trace.Wrap(err)
 	}
-
+	lockTargets := s.LockTargets()
+	// when the target is not a kubernetes_service instance, we don't need to lock it.
+	// the target could be a remote cluster or a local Kubernetes API server. In both cases,
+	// hostID is empty.
+	if hostID != "" {
+		lockTargets = append(lockTargets, types.LockTarget{
+			ServerID: hostID,
+		})
+	}
 	err = srv.StartMonitor(srv.MonitorConfig{
 		LockWatcher:           s.parent.cfg.LockWatcher,
-		LockTargets:           s.LockTargets(),
+		LockTargets:           lockTargets,
 		DisconnectExpiredCert: s.disconnectExpiredCert,
 		ClientIdleTimeout:     s.clientIdleTimeout,
 		Clock:                 s.parent.cfg.Clock,
@@ -2226,12 +2234,16 @@ func (s *clusterSession) getServerMetadata() apievents.ServerMetadata {
 }
 
 func (s *clusterSession) Dial(network, addr string) (net.Conn, error) {
-	return s.monitorConn(s.dial(s.requestContext, network, addr))
+	var hostID string
+	conn, err := s.dial(s.requestContext, network, addr, withHostIDCollection(&hostID))
+	return s.monitorConn(conn, err, hostID)
 }
 
 func (s *clusterSession) DialWithContext(opts ...contextDialerOption) func(ctx context.Context, network, addr string) (net.Conn, error) {
 	return func(ctx context.Context, network, addr string) (net.Conn, error) {
-		return s.monitorConn(s.dial(ctx, network, addr, opts...))
+		var hostID string
+		conn, err := s.dial(ctx, network, addr, append(opts, withHostIDCollection(&hostID))...)
+		return s.monitorConn(conn, err, hostID)
 	}
 }
 
diff --git a/lib/kube/proxy/roundtrip.go b/lib/kube/proxy/roundtrip.go
index f5507170ffecc..9049dabb61488 100644
--- a/lib/kube/proxy/roundtrip.go
+++ b/lib/kube/proxy/roundtrip.go
@@ -110,7 +110,6 @@ func (s *SpdyRoundTripper) Dial(req *http.Request) (net.Conn, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	if err := req.Write(conn); err != nil {
 		conn.Close()
 		return nil, err
diff --git a/lib/kube/proxy/transport.go b/lib/kube/proxy/transport.go
index ec5115501a2d2..e426a30901c12 100644
--- a/lib/kube/proxy/transport.go
+++ b/lib/kube/proxy/transport.go
@@ -493,6 +493,7 @@ func (f *Forwarder) localClusterDialer(kubeClusterName string, opts ...contextDi
 				ProxyIDs: s.GetProxyIDs(),
 			})
 			if err == nil {
+				opt.collect(s.GetHostID())
 				return conn, nil
 			}
 			errs = append(errs, trace.Wrap(err))
@@ -584,13 +585,21 @@ func (f *Forwarder) getContextDialerFunc(s *clusterSession, opts ...contextDiale
 // contextDialerOptions is a set of options that can be used to filter
 // the hosts that the dialer connects to.
 type contextDialerOptions struct {
-	hostID string
+	hostIDFilter  string
+	collectHostID *string
 }
 
 // matches returns true if the host matches the hostID of the dialer options or
 // if the dialer hostID is empty.
 func (c *contextDialerOptions) matches(hostID string) bool {
-	return c.hostID == "" || c.hostID == hostID
+	return c.hostIDFilter == "" || c.hostIDFilter == hostID
+}
+
+// collect sets the hostID that the dialer connected to if collectHostID is not nil.
+func (c *contextDialerOptions) collect(hostID string) {
+	if c.collectHostID != nil {
+		*c.collectHostID = hostID
+	}
 }
 
 // contextDialerOption is a functional option for the contextDialerOptions.
@@ -603,6 +612,14 @@ type contextDialerOption func(*contextDialerOptions)
 // error.
 func withTargetHostID(hostID string) contextDialerOption {
 	return func(o *contextDialerOptions) {
-		o.hostID = hostID
+		o.hostIDFilter = hostID
+	}
+}
+
+// withHostIDCollection is a functional option that sets the hostID of the dialer
+// to the provided pointer.
+func withHostIDCollection(hostID *string) contextDialerOption {
+	return func(o *contextDialerOptions) {
+		o.collectHostID = hostID
 	}
 }

From 039e83ebd604febf57535fc0940ec968f7388567 Mon Sep 17 00:00:00 2001
From: Russell Jones <russjones@users.noreply.github.com>
Date: Tue, 29 Oct 2024 11:14:34 -0700
Subject: [PATCH 36/53] Added support for OpenSSH compatibility flags. (#46879)
 (#48018)

Added support for OpenSSH compatibility flags for interactivity (-t and
-T) and version information (-V). This is for customers that alias "ssh"
to "tsh ssh".
---
 lib/client/session.go       |   7 ---
 tool/tsh/common/tsh.go      |  47 ++++++++++++++-
 tool/tsh/common/tsh_test.go | 115 ++++++++++++++++++++++++++++++++++++
 3 files changed, 160 insertions(+), 9 deletions(-)

diff --git a/lib/client/session.go b/lib/client/session.go
index 0c9ffb7f799f4..bf33ba64fa994 100644
--- a/lib/client/session.go
+++ b/lib/client/session.go
@@ -549,13 +549,6 @@ func (ns *NodeSession) runCommand(ctx context.Context, mode types.SessionPartici
 	)
 	defer span.End()
 
-	// If stdin is not a terminal, refuse to allocate terminal on the server and
-	// fallback to non-interactive mode
-	if interactive && !ns.terminal.IsAttached() {
-		interactive = false
-		fmt.Fprintf(ns.nodeClient.TC.Stderr, "TTY will not be allocated on the server because stdin is not a terminal\n")
-	}
-
 	// Start a interactive session ("exec" request with a TTY).
 	//
 	// Note that because a TTY was allocated, the terminal is in raw mode and any
diff --git a/tool/tsh/common/tsh.go b/tool/tsh/common/tsh.go
index 80d4e8b2b3e5e..c3bce55a74c2d 100644
--- a/tool/tsh/common/tsh.go
+++ b/tool/tsh/common/tsh.go
@@ -43,6 +43,7 @@ import (
 	"github.com/alecthomas/kingpin/v2"
 	"github.com/dustin/go-humanize"
 	"github.com/ghodss/yaml"
+	"github.com/google/uuid"
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"github.com/sirupsen/logrus"
@@ -215,8 +216,17 @@ type CLIConf struct {
 	DatabaseRoles string
 	// AppName specifies proxied application name.
 	AppName string
-	// Interactive, when set to true, launches remote command with the terminal attached
+	// Interactive sessions will allocate a PTY and create interactive "shell"
+	// sessions.
 	Interactive bool
+	// NonInteractive sessions will not allocate a PTY and create
+	// non-interactive "exec" sessions. This variable is needed due to
+	// limitations in kingpin (lack of an inverse short flag) which forces
+	// the registration of both flags.
+	NonInteractive bool
+	// ShowVersion is an OpenSSH compatibility flag that prints out the version
+	// of tsh. Useful for users that alias ssh to "tsh ssh".
+	ShowVersion bool
 	// Quiet mode, -q command (disables progress printing)
 	Quiet bool
 	// Namespace is used to select cluster namespace
@@ -731,7 +741,7 @@ func Run(ctx context.Context, args []string, opts ...CliOption) error {
 	// ssh
 	// Use Interspersed(false) to forward all flags to ssh.
 	ssh := app.Command("ssh", "Run shell or execute a command on a remote SSH node.").Interspersed(false)
-	ssh.Arg("[user@]host", "Remote hostname and the login to use").Required().StringVar(&cf.UserHost)
+	ssh.Arg("[user@]host", "Remote hostname and the login to use, this argument is required").StringVar(&cf.UserHost)
 	ssh.Arg("command", "Command to execute on a remote host").StringsVar(&cf.RemoteCommand)
 	app.Flag("jumphost", "SSH jumphost").Short('J').StringVar(&cf.ProxyJump)
 	ssh.Flag("port", "SSH port on a remote host").Short('p').Int32Var(&cf.NodePort)
@@ -751,6 +761,14 @@ func Run(ctx context.Context, args []string, opts ...CliOption) error {
 	ssh.Flag("participant-req", "Displays a verbose list of required participants in a moderated session.").BoolVar(&cf.displayParticipantRequirements)
 	ssh.Flag("request-reason", "Reason for requesting access").StringVar(&cf.RequestReason)
 	ssh.Flag("disable-access-request", "Disable automatic resource access requests").BoolVar(&cf.disableAccessRequest)
+	// The following flags are OpenSSH compatibility flags. They are used for
+	// users that alias "ssh" to "tsh ssh." The following OpenSSH flags are
+	// implemented. From "man 1 ssh":
+	//
+	// * "-V Display the version number and exit."
+	// * "-T Disable pseudo-terminal allocation."
+	ssh.Flag(uuid.New().String(), "").Short('T').Hidden().BoolVar(&cf.NonInteractive)
+	ssh.Flag(uuid.New().String(), "").Short('V').Hidden().BoolVar(&cf.ShowVersion)
 
 	// Daemon service for teleterm client
 	daemon := app.Command("daemon", "Daemon is the tsh daemon service.").Hidden()
@@ -3483,6 +3501,31 @@ func runLocalCommand(hostLogin string, command []string) error {
 
 // onSSH executes 'tsh ssh' command
 func onSSH(cf *CLIConf) error {
+	// If "tsh ssh -V" is invoked, tsh is in OpenSSH compatibility mode, show
+	// the version and exit.
+	if cf.ShowVersion {
+		modules.GetModules().PrintVersion()
+		return nil
+	}
+
+	// If "tsh ssh" is invoked with the "-t" or "-T" flag, manually validate
+	// "-t" and "-T" flags for "tsh ssh" due to the lack of inverse short flags
+	// in kingpin.
+	if cf.Interactive && cf.NonInteractive {
+		return trace.BadParameter("either -t or -T can be specified, not both")
+	}
+	if cf.NonInteractive {
+		cf.Interactive = false
+	}
+
+	// If "tsh ssh" is invoked the user must specify some host to connect to.
+	// In the past, this was handled by making "UserHost" required in kingpin.
+	// However, to support "tsh ssh -V" this was no longer possible. This
+	// property is how enforced in this function.
+	if cf.UserHost == "" {
+		return trace.BadParameter("required argument '[user@]host' not provided")
+	}
+
 	tc, err := makeClient(cf)
 	if err != nil {
 		return trace.Wrap(err)
diff --git a/tool/tsh/common/tsh_test.go b/tool/tsh/common/tsh_test.go
index 36b767805c398..4301a7ebdffce 100644
--- a/tool/tsh/common/tsh_test.go
+++ b/tool/tsh/common/tsh_test.go
@@ -44,6 +44,7 @@ import (
 	"time"
 
 	"github.com/ghodss/yaml"
+	"github.com/google/uuid"
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -5394,3 +5395,117 @@ func TestFlatten(t *testing.T) {
 	conf.IdentityFileIn = identityPath
 	require.NoError(t, flattenIdentity(&conf), "unexpected error when overwriting a tsh profile")
 }
+
+// TestInteractiveCompatibilityFlags verifies that "tsh ssh -t" and "tsh ssh -T"
+// behave similar to OpenSSH.
+func TestInteractiveCompatibilityFlags(t *testing.T) {
+	// Require the "tty" program exist somewhere in $PATH, otherwise fail.
+	tty, err := exec.LookPath("tty")
+	require.NoError(t, err)
+
+	// Create roles and users that will be used in test.
+	local, err := user.Current()
+	require.NoError(t, err)
+	nodeAccess, err := types.NewRole("foo", types.RoleSpecV6{
+		Allow: types.RoleConditions{
+			Logins:     []string{local.Username},
+			NodeLabels: types.Labels{types.Wildcard: []string{types.Wildcard}},
+		},
+	})
+	require.NoError(t, err)
+	user, err := types.NewUser("bar@example.com")
+	require.NoError(t, err)
+	user.SetRoles([]string{"access", "foo"})
+
+	// Create Auth, Proxy, and Node Service used in tests.
+	hostname := uuid.NewString()
+	connector := mockConnector(t)
+	authProcess, proxyProcess := makeTestServers(t,
+		withBootstrap(connector, nodeAccess, user),
+		withConfig(func(cfg *servicecfg.Config) {
+			cfg.Hostname = hostname
+			cfg.SSH.Enabled = true
+			cfg.SSH.Addr = utils.NetAddr{
+				AddrNetwork: "tcp",
+				Addr:        net.JoinHostPort("127.0.0.1", ports.Pop()),
+			}
+		}))
+
+	// Extract Auth Service and Proxy Service address.
+	authServer := authProcess.GetAuthServer()
+	require.NotNil(t, authServer)
+	proxyAddr, err := proxyProcess.ProxyWebAddr()
+	require.NoError(t, err)
+
+	// Run "tsh login".
+	home := t.TempDir()
+	err = Run(context.Background(), []string{
+		"login",
+		"--insecure",
+		"--debug",
+		"--proxy", proxyAddr.String()},
+		setHomePath(home),
+		setMockSSOLogin(authServer, user, connector.GetName()))
+	require.NoError(t, err)
+
+	// Test compatibility with OpenSSH "-T" and "-t" flags. Note that multiple
+	// -t options is still not supported.
+	//
+	// From "man 1 ssh".
+	//
+	//  -T      Disable pseudo-terminal allocation.
+	//  -t      Force pseudo-terminal allocation. This can be used to execute
+	//          arbitrary screen-based programs on a remote machine, which can
+	//          be very useful, e.g. when implementing menu services. Multiple
+	//          -t options force tty allocation, even if ssh has no local tty.
+	tests := []struct {
+		name        string
+		flag        string
+		assertError require.ErrorAssertionFunc
+	}{
+		{
+			name: "disable pseudo-terminal allocation",
+			flag: "-T",
+			assertError: func(t require.TestingT, err error, i ...interface{}) {
+				var exiterr *exec.ExitError
+				if errors.As(err, &exiterr) {
+					require.Equal(t, 1, exiterr.ExitCode())
+				} else {
+					require.Fail(t, "Non *exec.ExitError type: %T.", err)
+				}
+			},
+		},
+		{
+			name:        "force pseudo-terminal allocation",
+			flag:        "-t",
+			assertError: require.NoError,
+		},
+	}
+
+	// Turn the binary running tests into a fake "tsh" binary so it can
+	// re-execute itself.
+	t.Setenv(types.HomeEnvVar, home)
+	t.Setenv(tshBinMainTestEnv, "1")
+	tshBin, err := os.Executable()
+	require.NoError(t, err)
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			err := exec.Command(tshBin, "ssh", tt.flag, hostname, tty).Run()
+			tt.assertError(t, err)
+		})
+	}
+}
+
+// TestVersionCompatibilityFlags verifies that "tsh ssh -V" returns Teleport
+// version similar to OpenSSH.
+func TestVersionCompatibilityFlags(t *testing.T) {
+	t.Setenv(tshBinMainTestEnv, "1")
+	tshBin, err := os.Executable()
+	require.NoError(t, err)
+
+	output, err := exec.Command(tshBin, "ssh", "-V").CombinedOutput()
+	require.NoError(t, err, output)
+	require.Equal(t, "Teleport CLI", string(bytes.TrimSpace(output)))
+}

From e06404f78c87e611710a3195262c978704035374 Mon Sep 17 00:00:00 2001
From: Marco Dinis <marco.dinis@goteleport.com>
Date: Wed, 30 Oct 2024 08:44:06 +0000
Subject: [PATCH 37/53] Improve message when sortBy field is missing in
 ListUnifiedResources (#47892)

---
 lib/auth/auth_with_roles_test.go | 8 ++++++++
 lib/services/unified_resource.go | 4 +++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/auth/auth_with_roles_test.go b/lib/auth/auth_with_roles_test.go
index 4d45cf82cd5a5..60ab8b4fe0fd4 100644
--- a/lib/auth/auth_with_roles_test.go
+++ b/lib/auth/auth_with_roles_test.go
@@ -4457,6 +4457,14 @@ func TestListUnifiedResources_KindsFilter(t *testing.T) {
 		r := resource.GetDatabaseServer()
 		require.Equal(t, types.KindDatabaseServer, r.GetKind())
 	}
+
+	// Check for invalid sort error message
+	_, err = clt.ListUnifiedResources(ctx, &proto.ListUnifiedResourcesRequest{
+		Kinds:  []string{types.KindDatabase},
+		Limit:  5,
+		SortBy: types.SortBy{},
+	})
+	require.ErrorContains(t, err, "sort field is required")
 }
 
 func TestListUnifiedResources_WithPinnedResources(t *testing.T) {
diff --git a/lib/services/unified_resource.go b/lib/services/unified_resource.go
index 2d17948a6bb89..48885aecb9745 100644
--- a/lib/services/unified_resource.go
+++ b/lib/services/unified_resource.go
@@ -195,8 +195,10 @@ func (c *UnifiedResourceCache) getSortTree(sortField string) (*btree.BTreeG[*ite
 		return c.nameTree, nil
 	case sortByKind:
 		return c.typeTree, nil
+	case "":
+		return nil, trace.BadParameter("sort field is required")
 	default:
-		return nil, trace.NotImplemented("sorting by %v is not supporting in unified resources", sortField)
+		return nil, trace.NotImplemented("sorting by %v is not supported in unified resources", sortField)
 	}
 
 }

From e9209770051ae86b45f5e830d399cb99233756a9 Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Wed, 30 Oct 2024 14:22:12 -0400
Subject: [PATCH 38/53] Restructure docs menu pages (#48151)

Backports #47797

Docusaurus [sidebar
generation](https://docusaurus.io/docs/next/sidebar/autogenerated)
expects category index pages to have one of three file path conventions:

- `section/index.mdx`
- `section/README.mdx`
- `section/section.mdx`

This change standardizes category index paths on the third convention so
Docusaurus sidebar generation succeeds. We can then add checks to the
current docs site to prevent additional menu pages from violating this
convention.

This change also adds redirects to the new category index pages, and
updates internal links to pages that were moved.

Note that this change does not move all relevant menu pages. We still
need to reorganize the `reference/terraform-provider` section. Since
this section is automatically generated, we need another approach to
restructuring it.
---
 CHANGELOG.md                                  | 35 ++++-----
 docs/config.json                              |  2 +-
 .../access-controls/access-controls.mdx       |  8 +-
 .../{ => access-lists}/access-lists.mdx       |  4 +-
 .../access-request-plugins.mdx                |  2 +-
 .../{ => access-requests}/access-requests.mdx | 10 +--
 .../access-requests/oss-role-requests.mdx     |  2 +-
 .../access-requests/resource-requests.mdx     |  4 +-
 .../access-requests/role-requests.mdx         |  2 +-
 .../compliance-frameworks.mdx                 |  4 +-
 .../compliance-frameworks/soc2.mdx            |  8 +-
 .../{ => device-trust}/device-trust.mdx       |  8 +-
 .../device-trust/jamf-integration.mdx         |  2 +-
 .../access-controls/guides/dual-authz.mdx     |  2 +-
 .../access-controls/{ => guides}/guides.mdx   |  0
 .../access-controls/guides/locking.mdx        |  2 +-
 .../admin-guides/access-controls/idps.mdx     | 13 ----
 .../access-controls/idps/idps.mdx             | 13 ++++
 .../access-controls/login-rules/guide.mdx     |  2 +-
 .../{ => login-rules}/login-rules.mdx         |  8 +-
 .../access-controls/{ => sso}/sso.mdx         | 44 +++++------
 docs/pages/admin-guides/api/access-plugin.mdx |  4 +-
 docs/pages/admin-guides/api/api.mdx           |  4 +-
 .../api/automatically-register-agents.mdx     |  6 --
 .../admin-guides/api/getting-started.mdx      |  2 +-
 docs/pages/admin-guides/api/rbac.mdx          |  2 +-
 .../access-graph/self-hosted-helm.mdx         |  2 +-
 .../deploy-a-cluster/deployments.mdx          | 19 -----
 .../aws-ha-autoscale-cluster-terraform.mdx    |  2 +-
 .../aws-starter-cluster-terraform.mdx         |  2 +-
 .../deployments/deployments.mdx               | 19 +++++
 .../helm-deployments.mdx                      | 18 ++---
 .../helm-deployments/kubernetes-cluster.mdx   |  2 +-
 .../deploy-a-cluster/high-availability.mdx    | 12 +--
 .../infrastructure-as-code.mdx                | 20 ++---
 .../infrastructure-as-code/kubernetes.mdx     |  4 +-
 .../teleport-operator.mdx                     |  5 +-
 .../terraform-provider.mdx                    | 10 +--
 .../infrastructure-as-code/terraform.mdx      |  4 +-
 docs/pages/admin-guides/management/admin.mdx  | 30 --------
 .../admin-guides/management/admin/admin.mdx   | 30 ++++++++
 .../management/admin/trustedclusters.mdx      |  4 +-
 .../admin-guides/management/admin/users.mdx   |  2 +-
 .../admin-guides/management/diagnostics.mdx   | 11 ---
 .../management/diagnostics/diagnostics.mdx    | 11 +++
 .../management/diagnostics/metrics.mdx        |  2 +-
 .../export-audit-events.mdx                   |  7 +-
 .../management/external-audit-storage.mdx     |  2 +-
 .../management/guides/ec2-tags.mdx            |  2 +-
 .../management/{ => guides}/guides.mdx        |  7 +-
 .../admin-guides/management/operations.mdx    | 19 -----
 .../management/operations/db-ca-rotation.mdx  |  4 +-
 .../management/operations/operations.mdx      | 16 ++++
 .../management/operations/tls-routing.mdx     |  2 +-
 .../security/reduce-blast-radius.mdx          |  2 +-
 .../management/{ => security}/security.mdx    |  8 +-
 docs/pages/ai-assist.mdx                      |  2 +-
 .../pages/connect-your-client/gui-clients.mdx |  2 +-
 docs/pages/connect-your-client/tsh.mdx        |  2 +-
 .../{ => documentation}/documentation.mdx     | 10 +--
 docs/pages/core-concepts.mdx                  |  2 +-
 .../agents/deploy-agents-terraform.mdx        |  9 ++-
 .../enroll-resources/agents/introduction.mdx  |  4 +-
 .../agents/join-services-to-your-cluster.mdx  | 22 ------
 .../join-services-to-your-cluster/azure.mdx   |  2 +-
 .../join-services-to-your-cluster.mdx         | 22 ++++++
 .../kubernetes.mdx                            |  6 +-
 .../cloud-apis/aws-console.mdx                |  2 +-
 .../application-access/cloud-apis/azure.mdx   |  2 +-
 .../{ => cloud-apis}/cloud-apis.mdx           |  8 +-
 .../cloud-apis/google-cloud.mdx               |  2 +-
 .../application-access/controls.mdx           |  4 +-
 .../enroll-kubernetes-applications.mdx        |  6 +-
 .../kubernetes-applications.mdx               | 26 +++++++
 .../application-access/guides.mdx             | 19 -----
 .../guides/dynamic-registration.mdx           |  5 --
 .../application-access/guides/guides.mdx      | 19 +++++
 .../application-access/introduction.mdx       |  4 +-
 .../application-access/{ => jwt}/jwt.mdx      |  4 +-
 .../application-access/okta.mdx               | 12 ---
 .../application-access/okta/okta.mdx          | 12 +++
 .../database-access/architecture.mdx          |  4 +-
 .../auto-user-provisioning.mdx                | 13 ----
 .../auto-user-provisioning.mdx                | 16 ++++
 .../database-access/database-access.mdx       |  2 +-
 .../enroll-resources/database-access/faq.mdx  |  2 +-
 .../database-access/getting-started.mdx       |  4 +-
 .../guides/aws-cross-account.mdx              |  5 +-
 .../database-access/guides/aws-discovery.mdx  |  4 +-
 .../guides/dynamic-registration.mdx           |  7 +-
 .../database-access/guides/elastic.mdx        |  2 +-
 .../database-access/{ => guides}/guides.mdx   |  1 +
 .../database-access/guides/ha.mdx             |  5 +-
 .../database-access/guides/mysql-cloudsql.mdx |  2 +-
 .../guides/mysql-self-hosted.mdx              |  2 +-
 .../guides/oracle-self-hosted.mdx             |  4 +-
 .../guides/postgres-cloudsql.mdx              |  2 +-
 .../guides/postgres-self-hosted.mdx           |  2 +-
 .../database-access/guides/rds.mdx            |  4 +-
 .../database-access/guides/vitess.mdx         |  2 +-
 .../enroll-resources/database-access/rbac.mdx | 15 ----
 .../rbac/configuring-access.mdx               |  2 +-
 .../database-access/rbac/rbac.mdx             |  8 ++
 .../database-access/troubleshooting.mdx       |  2 +-
 .../kubernetes-access/controls.mdx            |  8 --
 .../{ => discovery}/discovery.mdx             |  6 +-
 .../kubernetes-access/faq.mdx                 |  3 -
 .../kubernetes-access/getting-started.mdx     |  6 +-
 .../kubernetes-access/introduction.mdx        |  4 +-
 .../{ => manage-access}/manage-access.mdx     |  6 +-
 .../kubernetes-access/manage-access/rbac.mdx  |  2 +-
 .../register-clusters.mdx                     | 10 +--
 .../machine-id/access-guides.mdx              | 25 -------
 .../access-guides/access-guides.mdx           | 25 +++++++
 .../machine-id/access-guides/ansible.mdx      |  2 +-
 .../machine-id/access-guides/applications.mdx |  2 +-
 .../machine-id/access-guides/databases.mdx    |  4 +-
 .../machine-id/access-guides/kubernetes.mdx   |  2 +-
 .../machine-id/access-guides/ssh.mdx          |  2 +-
 .../machine-id/access-guides/tctl.mdx         |  2 +-
 .../machine-id/access-guides/terraform.mdx    |  2 +-
 .../machine-id/deployment.mdx                 | 74 -------------------
 .../machine-id/deployment/aws.mdx             |  2 +-
 .../machine-id/deployment/azure.mdx           |  2 +-
 .../machine-id/deployment/circleci.mdx        |  2 +-
 .../machine-id/deployment/deployment.mdx      | 73 ++++++++++++++++++
 .../machine-id/deployment/gcp.mdx             |  2 +-
 .../machine-id/deployment/gitlab.mdx          |  2 +-
 .../machine-id/deployment/kubernetes.mdx      |  4 +-
 .../machine-id/deployment/linux.mdx           |  2 +-
 .../machine-id/getting-started.mdx            |  6 +-
 .../machine-id/introduction.mdx               |  4 +-
 .../server-access/getting-started.mdx         |  2 +-
 .../enroll-resources/server-access/guides.mdx | 22 ------
 .../server-access/guides/guides.mdx           | 22 ++++++
 .../guides/host-user-creation.mdx             |  2 +-
 .../server-access/guides/jetbrains-sftp.mdx   |  4 +-
 .../server-access/guides/openssh.mdx          |  9 ---
 .../server-access/guides/openssh/openssh.mdx  |  9 +++
 .../server-access/guides/vscode.mdx           |  4 +-
 .../server-access/introduction.mdx            |  2 +-
 .../enroll-resources/server-access/rbac.mdx   |  2 +-
 docs/pages/faq.mdx                            |  2 +-
 .../aws-auto-discovery-prerequisite.mdx       |  3 +-
 .../includes/database-access/create-user.mdx  |  4 +-
 .../database-access/db-introduction.mdx       |  2 +-
 .../database-access/guides-next-steps.mdx     |  2 +-
 docs/pages/includes/edition-comparison.mdx    |  5 +-
 .../includes/machine-id/configure-outputs.mdx |  5 +-
 .../machine-id/plugin-prerequisites.mdx       |  5 +-
 docs/pages/index.mdx                          |  8 +-
 docs/pages/installation.mdx                   |  4 +-
 .../access-controls/access-lists.mdx          |  2 +-
 .../pages/reference/access-controls/roles.mdx |  6 +-
 .../database-access-reference/cli.mdx         |  2 +-
 .../architecture/agent-update-management.mdx  |  7 +-
 .../architecture/api-architecture.mdx         |  2 +-
 .../reference/architecture/architecture.mdx   |  4 +-
 .../reference/architecture/authorization.mdx  |  4 +-
 docs/pages/reference/architecture/nodes.mdx   |  2 +-
 .../reference/architecture/tls-routing.mdx    |  2 +-
 docs/pages/reference/{ => cli}/cli.mdx        | 10 +--
 docs/pages/reference/cloud-faq.mdx            |  2 +-
 .../{ => helm-reference}/helm-reference.mdx   | 16 ++--
 .../helm-reference/teleport-cluster.mdx       |  2 +-
 .../helm-reference/teleport-kube-agent.mdx    | 10 +--
 docs/pages/reference/monitoring/audit.mdx     |  2 +-
 docs/pages/reference/predicate-language.mdx   |  2 +-
 docs/pages/reference/resources.mdx            |  8 +-
 docs/pages/upgrading/overview.mdx             |  2 +-
 .../self-hosted-automatic-agent-updates.mdx   |  2 +-
 docs/pages/{ => upgrading}/upgrading.mdx      | 12 +--
 172 files changed, 638 insertions(+), 652 deletions(-)
 rename docs/pages/admin-guides/access-controls/{ => access-lists}/access-lists.mdx (74%)
 rename docs/pages/admin-guides/access-controls/{ => access-request-plugins}/access-request-plugins.mdx (98%)
 rename docs/pages/admin-guides/access-controls/{ => access-requests}/access-requests.mdx (85%)
 rename docs/pages/admin-guides/access-controls/{ => compliance-frameworks}/compliance-frameworks.mdx (83%)
 rename docs/pages/admin-guides/access-controls/{ => device-trust}/device-trust.mdx (94%)
 rename docs/pages/admin-guides/access-controls/{ => guides}/guides.mdx (100%)
 delete mode 100644 docs/pages/admin-guides/access-controls/idps.mdx
 create mode 100644 docs/pages/admin-guides/access-controls/idps/idps.mdx
 rename docs/pages/admin-guides/access-controls/{ => login-rules}/login-rules.mdx (90%)
 rename docs/pages/admin-guides/access-controls/{ => sso}/sso.mdx (89%)
 delete mode 100644 docs/pages/admin-guides/deploy-a-cluster/deployments.mdx
 create mode 100644 docs/pages/admin-guides/deploy-a-cluster/deployments/deployments.mdx
 rename docs/pages/admin-guides/deploy-a-cluster/{ => helm-deployments}/helm-deployments.mdx (55%)
 rename docs/pages/admin-guides/{ => infrastructure-as-code}/infrastructure-as-code.mdx (93%)
 rename docs/pages/admin-guides/infrastructure-as-code/{ => teleport-operator}/teleport-operator.mdx (97%)
 rename docs/pages/admin-guides/infrastructure-as-code/{ => terraform-provider}/terraform-provider.mdx (93%)
 delete mode 100644 docs/pages/admin-guides/management/admin.mdx
 create mode 100644 docs/pages/admin-guides/management/admin/admin.mdx
 delete mode 100644 docs/pages/admin-guides/management/diagnostics.mdx
 create mode 100644 docs/pages/admin-guides/management/diagnostics/diagnostics.mdx
 rename docs/pages/admin-guides/management/{ => export-audit-events}/export-audit-events.mdx (81%)
 rename docs/pages/admin-guides/management/{ => guides}/guides.mdx (68%)
 delete mode 100644 docs/pages/admin-guides/management/operations.mdx
 create mode 100644 docs/pages/admin-guides/management/operations/operations.mdx
 rename docs/pages/admin-guides/management/{ => security}/security.mdx (76%)
 rename docs/pages/contributing/{ => documentation}/documentation.mdx (76%)
 delete mode 100644 docs/pages/enroll-resources/agents/join-services-to-your-cluster.mdx
 create mode 100644 docs/pages/enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx
 rename docs/pages/enroll-resources/application-access/{ => cloud-apis}/cloud-apis.mdx (80%)
 rename docs/pages/enroll-resources/application-access/{ => enroll-kubernetes-applications}/enroll-kubernetes-applications.mdx (80%)
 create mode 100644 docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/kubernetes-applications.mdx
 delete mode 100644 docs/pages/enroll-resources/application-access/guides.mdx
 create mode 100644 docs/pages/enroll-resources/application-access/guides/guides.mdx
 rename docs/pages/enroll-resources/application-access/{ => jwt}/jwt.mdx (62%)
 delete mode 100644 docs/pages/enroll-resources/application-access/okta.mdx
 create mode 100644 docs/pages/enroll-resources/application-access/okta/okta.mdx
 delete mode 100644 docs/pages/enroll-resources/database-access/auto-user-provisioning.mdx
 create mode 100644 docs/pages/enroll-resources/database-access/auto-user-provisioning/auto-user-provisioning.mdx
 rename docs/pages/enroll-resources/database-access/{ => guides}/guides.mdx (99%)
 delete mode 100644 docs/pages/enroll-resources/database-access/rbac.mdx
 create mode 100644 docs/pages/enroll-resources/database-access/rbac/rbac.mdx
 rename docs/pages/enroll-resources/kubernetes-access/{ => discovery}/discovery.mdx (96%)
 rename docs/pages/enroll-resources/kubernetes-access/{ => manage-access}/manage-access.mdx (81%)
 rename docs/pages/enroll-resources/kubernetes-access/{ => register-clusters}/register-clusters.mdx (60%)
 delete mode 100644 docs/pages/enroll-resources/machine-id/access-guides.mdx
 create mode 100644 docs/pages/enroll-resources/machine-id/access-guides/access-guides.mdx
 delete mode 100644 docs/pages/enroll-resources/machine-id/deployment.mdx
 create mode 100644 docs/pages/enroll-resources/machine-id/deployment/deployment.mdx
 delete mode 100644 docs/pages/enroll-resources/server-access/guides.mdx
 create mode 100644 docs/pages/enroll-resources/server-access/guides/guides.mdx
 delete mode 100644 docs/pages/enroll-resources/server-access/guides/openssh.mdx
 create mode 100644 docs/pages/enroll-resources/server-access/guides/openssh/openssh.mdx
 rename docs/pages/reference/{ => cli}/cli.mdx (79%)
 rename docs/pages/reference/{ => helm-reference}/helm-reference.mdx (60%)
 rename docs/pages/{ => upgrading}/upgrading.mdx (77%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b789e53cf89b..49acd47ed4f65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -859,7 +859,8 @@ applications in Kubernetes clusters. When connected to a Kubernetes cluster (or
 deployed as a Helm chart), the Teleport Discovery Service will automatically find
 and enroll web applications with your Teleport cluster.
 
-See documentation [here](docs/pages/enroll-resources/application-access/enroll-kubernetes-applications.mdx).
+See documentation
+[here](docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/kubernetes-applications.mdx).
 
 #### Extended Kubernetes per-resource RBAC
 
@@ -1761,7 +1762,7 @@ This will allow users to view the OpenSSH nodes in Web UI and using `tsh ls`
 and use RBAC to control access to them.
 
 See the updated [OpenSSH integration
-guide](docs/pages/enroll-resources/server-access/guides/openssh.mdx).
+guide](docs/pages/enroll-resources/server-access/guides/openssh/openssh.mdx).
 
 ### Cross-cluster search for Teleport Connect
 
@@ -2962,7 +2963,7 @@ is more than one major version behind them. You can use the `--skip-version-chec
 bypass the version check.
 
 Take a look at component compatibility guarantees in the
-[documentation](docs/pages/upgrading.mdx).
+[documentation](docs/pages/upgrading/upgrading.mdx).
 
 #### HTTP_PROXY for reverse tunnels
 
@@ -3951,7 +3952,7 @@ if err = clt.CreateAccessRequest(ctx, accessRequest); err != nil {
 
 ### Upgrade Notes
 
-Please follow our [standard upgrade procedure](docs/pages/admin-guides/management/admin.mdx) to upgrade your cluster.
+Please follow our [standard upgrade procedure](docs/pages/admin-guides/management/admin/admin.mdx) to upgrade your cluster.
 
 Note, for clusters using GitHub SSO and Trusted Clusters, when upgrading SSO users will lose connectivity to leaf clusters. Local users will not be affected.
 
@@ -4201,8 +4202,8 @@ Teleport 5.0 also iterates on the UI Refresh from 4.3. We've moved the cluster l
 Other updates:
 
 * We now provide local user management via `https://[cluster-url]/web/users`, providing the ability to edit, reset and delete local users.
-* Teleport Node & App Install scripts. This is currently an Enterprise-only feature that provides customers with an installer script. Enterprise customers can enable this feature by modifying the 'token' resource. See note above.
-* We've added a Waiting Room for customers using Access Workflows. [Docs](docs/pages/admin-guides/access-controls/access-request-plugins.mdx)
+* Teleport Node & App Install scripts. This is currently an Enterprise-only feature that provides customers with an 'auto-magic' installer script. Enterprise customers can enable this feature by modifying the 'token' resource. See note above.
+* We've added a Waiting Room for customers using Access Workflows. [Docs](docs/pages/admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx)
 
 ##### Signed RPM and Releases
 
@@ -4236,7 +4237,7 @@ We've added an [API Guide](docs/pages/admin-guides/api/api.mdx) to simply develo
 
 #### Upgrade Notes
 
-Please follow our [standard upgrade procedure](./docs/pages/upgrading.mdx).
+Please follow our [standard upgrade procedure](docs/pages/upgrading/upgrading.mdx).
 
 * Optional: Consider updating `https_key_file` & `https_cert_file` to our new `https_keypairs:` format.
 * Optional: Consider migrating Kubernetes access from `proxy_service` to `kubernetes_service` after the upgrade.
@@ -4380,7 +4381,7 @@ auth_service:
 #### Upgrade Notes
 
 Please follow our [standard upgrade
-procedure](docs/pages/upgrading.mdx).
+procedure](docs/pages/upgrading/upgrading.mdx).
 
 ## 4.3.9
 
@@ -4465,7 +4466,7 @@ Teleport's Web UI now exposes Teleport’s Audit log, letting auditors and admin
 
 ##### Teleport Plugins
 
-Teleport 4.3 introduces four new plugins that work out of the box with [Approval Workflow](docs/pages/admin-guides/access-controls/access-request-plugins.mdx). These plugins allow you to automatically support role escalation with commonly used third party services. The built-in plugins are listed below.
+Teleport 4.3 introduces four new plugins that work out of the box with [Approval Workflow](docs/pages/admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx). These plugins allow you to automatically support role escalation with commonly used third party services. The built-in plugins are listed below.
 
 *   [PagerDuty](docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx)
 *   [Jira](docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-jira.mdx)
@@ -4501,7 +4502,7 @@ Teleport 4.3 introduces four new plugins that work out of the box with [Approval
 #### Upgrade Notes
 
 Always follow the [recommended upgrade
-procedure](./docs/pages/upgrading.mdx) to upgrade to this version.
+procedure](docs/pages/upgrading/upgrading.mdx) to upgrade to this version.
 
 ##### New Signing Algorithm
 
@@ -4542,7 +4543,7 @@ permissions](./docs/pages/enroll-resources/kubernetes-access/controls.mdx).
 The [etcd backend](docs/pages/reference/backends.mdx#etcd) now correctly uses
 the “prefix” config value when storing data. Upgrading from 4.2 to 4.3 will
 migrate the data as needed at startup. Make sure you follow our Teleport
-[upgrade guidance](docs/pages/upgrading.mdx).
+[upgrade guidance](docs/pages/upgrading/upgrading.mdx).
 
 **Note: If you use an etcd backend with a non-default prefix and need to downgrade from 4.3 to 4.2, you should [backup Teleport data and restore it](docs/pages/admin-guides/management/operations/backup-restore.mdx) into the downgraded cluster.**
 
@@ -4665,7 +4666,7 @@ This is a minor Teleport release with a focus on new features and bug fixes.
 ### Improvements
 
 * Alpha: Enhanced Session Recording lets you know what's really happening during a Teleport Session. [#2948](https://github.com/gravitational/teleport/issues/2948)
-* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](docs/pages/admin-guides/access-controls/access-requests.mdx). [#3006](https://github.com/gravitational/teleport/issues/3006)
+* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](docs/pages/admin-guides/access-controls/access-requests/access-requests.mdx). [#3006](https://github.com/gravitational/teleport/issues/3006)
 * Beta: Teleport provides HA Support using Firestore and Google Cloud Storage using Google Cloud Platform. [Read the docs](docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx). [#2821](https://github.com/gravitational/teleport/pull/2821)
 * Remote tctl execution is now possible. [Read the docs](./docs/pages/reference/cli/tctl.mdx). [#1525](https://github.com/gravitational/teleport/issues/1525) [#2991](https://github.com/gravitational/teleport/issues/2991)
 
@@ -4921,7 +4922,7 @@ The lists of improvements and bug fixes above mention only the significant chang
 
 ### Upgrading
 
-Teleport 4.0 is backwards compatible with Teleport 3.2 and later. [Follow the recommended upgrade procedure to upgrade to this version.](docs/pages/upgrading.mdx)
+Teleport 4.0 is backwards compatible with Teleport 3.2 and later. [Follow the recommended upgrade procedure to upgrade to this version.](docs/pages/upgrading/upgrading.mdx)
 
 Note that due to substantial changes between Teleport 3.2 and 4.0, we recommend creating a backup of the backend datastore (DynamoDB, etcd, or dir) before upgrading a cluster to Teleport 4.0 to allow downgrades.
 
@@ -5189,7 +5190,7 @@ on Github for more.
 #### Upgrading to 3.0
 
 Follow the [recommended upgrade
-procedure](docs/pages/upgrading.mdx) to upgrade to this
+procedure](docs/pages/upgrading/upgrading.mdx) to upgrade to this
 version.
 
 **WARNING:** if you are using Teleport with the etcd back-end, make sure your
@@ -5295,7 +5296,7 @@ As always, this release contains several bug fixes. The full list can be seen [h
 #### Upgrading
 
 Follow the [recommended upgrade
-procedure](docs/pages/upgrading.mdx) to upgrade to this
+procedure](docs/pages/upgrading/upgrading.mdx) to upgrade to this
 version.
 
 ## 2.6.9
@@ -5425,7 +5426,7 @@ You can see the full list of 2.6.0 changes [here](https://github.com/gravitation
 #### Upgrading
 
 Follow the [recommended upgrade
-procedure](docs/pages/upgrading.mdx) to upgrade to this
+procedure](docs/pages/upgrading/upgrading.mdx) to upgrade to this
 version.
 
 ## 2.5.7
@@ -5512,7 +5513,7 @@ release, which includes:
 
 * The Teleport daemon now implements built-in connection draining which allows
   zero-downtime upgrades.  [See
-  documentation](docs/pages/upgrading.mdx).
+  documentation](docs/pages/upgrading/upgrading.mdx).
 
 * Dynamic join tokens for new nodes can now be explicitly set via `tctl node add --token`.
   This allows Teleport admins to use an external mechanism for generating
diff --git a/docs/config.json b/docs/config.json
index fd37c89f43fdd..2a59b881febb5 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -22,7 +22,7 @@
         },
         {
           "title": "Upgrading",
-          "slug": "/upgrading/",
+          "slug": "/upgrading/upgrading/",
           "entries": [
             {
               "title": "Compatibility Overview",
diff --git a/docs/pages/admin-guides/access-controls/access-controls.mdx b/docs/pages/admin-guides/access-controls/access-controls.mdx
index fbdb8af924a03..bf510140e1614 100644
--- a/docs/pages/admin-guides/access-controls/access-controls.mdx
+++ b/docs/pages/admin-guides/access-controls/access-controls.mdx
@@ -32,7 +32,7 @@ that specifies access policies for resources in your Teleport cluster.
 Assigning a role to a Teleport user applies the policies listed in the role to
 the user.
 
-See the [Cluster Access and RBAC](./guides.mdx) section for instructions on
+See the [Cluster Access and RBAC](guides/guides.mdx) section for instructions on
 setting up Teleport roles.
 
 ## Integrate with your Single Sign-On provider
@@ -46,7 +46,7 @@ automatically assigns roles to the user based on data provided by the IdP. This
 means that you can implement a fully fledged infrastructure RBAC system based on
 your existing Single Sign-On solution.
 
-Read our [Single Sign-On guide](./sso.mdx) to get started.
+Read our [Single Sign-On guide](sso/sso.mdx) to get started.
 
 ## Enable Access Requests
 
@@ -55,13 +55,13 @@ resources in your infrastructure based on the approval of other users. You can
 set up your RBAC so all privileged access is short lived, and there are no
 longstanding admin roles for attackers to hijack.
 
-[Get started with Access Requests](./access-requests.mdx).
+[Get started with Access Requests](access-requests/access-requests.mdx).
 
 You can integrate Teleport with your existing communication tool, e.g., Slack,
 PagerDuty, or Microsoft Teams, so Teleport users can easily create and approve
 Access Requests.
 
-[Get started with Access Request plugins](access-request-plugins.mdx).
+[Get started with Access Request plugins](access-request-plugins/access-request-plugins.mdx).
 
 ## Achieve compliance
 
diff --git a/docs/pages/admin-guides/access-controls/access-lists.mdx b/docs/pages/admin-guides/access-controls/access-lists/access-lists.mdx
similarity index 74%
rename from docs/pages/admin-guides/access-controls/access-lists.mdx
rename to docs/pages/admin-guides/access-controls/access-lists/access-lists.mdx
index f2b504c966559..c7501f5f6e368 100644
--- a/docs/pages/admin-guides/access-controls/access-lists.mdx
+++ b/docs/pages/admin-guides/access-controls/access-lists/access-lists.mdx
@@ -9,6 +9,6 @@ managed within Teleport. With Access Lists, administrators and access list
 owners can regularly audit and control membership to specific roles and
 traits, which then tie easily back into Teleport's existing RBAC system.
 
-[Getting Started with Access Lists](./access-lists/guide.mdx)
+[Getting Started with Access Lists](guide.mdx)
 
-[Access List Reference](../../reference/access-controls/access-lists.mdx)
+[Access List Reference](../../../reference/access-controls/access-lists.mdx)
diff --git a/docs/pages/admin-guides/access-controls/access-request-plugins.mdx b/docs/pages/admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx
similarity index 98%
rename from docs/pages/admin-guides/access-controls/access-request-plugins.mdx
rename to docs/pages/admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx
index e98548fd80f70..3d9dbd61c1c0c 100644
--- a/docs/pages/admin-guides/access-controls/access-request-plugins.mdx
+++ b/docs/pages/admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx
@@ -55,4 +55,4 @@ workflows by reading our setup guides:
 
 To read more about the architecture of an Access Request plugin, and start
 writing your own, read our [Access Request plugin development
-guide](../api/access-plugin.mdx).
+guide](../../api/access-plugin.mdx).
diff --git a/docs/pages/admin-guides/access-controls/access-requests.mdx b/docs/pages/admin-guides/access-controls/access-requests/access-requests.mdx
similarity index 85%
rename from docs/pages/admin-guides/access-controls/access-requests.mdx
rename to docs/pages/admin-guides/access-controls/access-requests/access-requests.mdx
index 9e820ac3a8a7c..6ca980f2db8c2 100644
--- a/docs/pages/admin-guides/access-controls/access-requests.mdx
+++ b/docs/pages/admin-guides/access-controls/access-requests/access-requests.mdx
@@ -16,7 +16,7 @@ be configured with limited cluster access so they are not high value targets.
 Access Requests are designed to provide temporary permissions to users. If you
 want to grant longstanding permissions to a group of users, with the option to
 renew these permissions after a recurring interval (such as three months),
-consider [Access Lists](access-lists.mdx). 
+consider [Access Lists](../access-lists/access-lists.mdx). 
 
 ## See how Access Requests work
 
@@ -26,12 +26,12 @@ and **Resource Access Requests**.
 With Role Access Requests, engineers can request temporary credentials with
 elevated roles in order to perform critical system-wide tasks.
 
-[Get started with Role Access Requests](./access-requests/role-requests.mdx).
+[Get started with Role Access Requests](role-requests.mdx).
 
 With Resource Access Requests, engineers can easily get access to only the
 individual resources they need, when they need it.
 
-[Get started with Resource Access Requests](./access-requests/resource-requests.mdx).
+[Get started with Resource Access Requests](resource-requests.mdx).
 
 ## Configure Access Requests
 
@@ -44,7 +44,7 @@ including:
 - How many users can approve or deny different kinds of requests.
 
 Read the [Access Request
-Configuration](access-requests/access-request-configuration.mdx) guide for an
+Configuration](access-request-configuration.mdx) guide for an
 overview of the configuration options available for Access Requests.
 
 ## Teleport Community Edition users
@@ -56,6 +56,6 @@ including Resource Access Requests managing Access Requests via the Web UI are
 available in Teleport Enterprise.
 
 For information on how to use Just-in-time Access Requests with Teleport Community 
-Edition, see [Teleport Community Access Requests](./access-requests/oss-role-requests.mdx).
+Edition, see [Teleport Community Access Requests](oss-role-requests.mdx).
 
 
diff --git a/docs/pages/admin-guides/access-controls/access-requests/oss-role-requests.mdx b/docs/pages/admin-guides/access-controls/access-requests/oss-role-requests.mdx
index 7e08b72e09aad..cd364ddc76544 100644
--- a/docs/pages/admin-guides/access-controls/access-requests/oss-role-requests.mdx
+++ b/docs/pages/admin-guides/access-controls/access-requests/oss-role-requests.mdx
@@ -153,7 +153,7 @@ $ tctl request approve \
 
 ## Next Steps
 
-- Learn more about [Access Requests](../access-requests.mdx)
+- Learn more about [Access Requests](access-requests.mdx)
 - See what additional features are available for
   [role requests](./role-requests.mdx) in Teleport Enterprise
 - Request access to [specific resources](./resource-requests.mdx) with Teleport Enterprise
\ No newline at end of file
diff --git a/docs/pages/admin-guides/access-controls/access-requests/resource-requests.mdx b/docs/pages/admin-guides/access-controls/access-requests/resource-requests.mdx
index d377f2d5aac66..a25c57eb0295a 100644
--- a/docs/pages/admin-guides/access-controls/access-requests/resource-requests.mdx
+++ b/docs/pages/admin-guides/access-controls/access-requests/resource-requests.mdx
@@ -165,7 +165,7 @@ However, it prevents you from access any resources belonging to another namespac
 </Details>
 
 Advanced filters and queries are supported. See our
-[filtering reference](../../../reference/cli.mdx) for more information.
+[filtering reference](../../../reference/cli/cli.mdx) for more information.
 
 Try narrowing your search to a specific resource you want to access.
 
@@ -636,4 +636,4 @@ within your organization's existing messaging and project management solutions.
 
 ## Next Steps
 
-- Learn more about [Access Lists](../access-lists.mdx)
+- Learn more about [Access Lists](../access-lists/access-lists.mdx)
diff --git a/docs/pages/admin-guides/access-controls/access-requests/role-requests.mdx b/docs/pages/admin-guides/access-controls/access-requests/role-requests.mdx
index e6d9d16a7b043..cf225d2e7c6b8 100644
--- a/docs/pages/admin-guides/access-controls/access-requests/role-requests.mdx
+++ b/docs/pages/admin-guides/access-controls/access-requests/role-requests.mdx
@@ -170,5 +170,5 @@ just-in-time Access Request workflow for your organization.
 
 Access Lists enable you to assign privileges to groups of users for a fixed
 period of time. Learn more about Access Lists in the
-[documentation](../access-lists.mdx).
+[documentation](../access-lists/access-lists.mdx).
 
diff --git a/docs/pages/admin-guides/access-controls/compliance-frameworks.mdx b/docs/pages/admin-guides/access-controls/compliance-frameworks/compliance-frameworks.mdx
similarity index 83%
rename from docs/pages/admin-guides/access-controls/compliance-frameworks.mdx
rename to docs/pages/admin-guides/access-controls/compliance-frameworks/compliance-frameworks.mdx
index 7bc35e8c84a49..6ee2dcd7f4484 100644
--- a/docs/pages/admin-guides/access-controls/compliance-frameworks.mdx
+++ b/docs/pages/admin-guides/access-controls/compliance-frameworks/compliance-frameworks.mdx
@@ -10,5 +10,5 @@ settings within Teleport.
 
 Follow our guides to see how to use Teleport to achieve compliance:
 
-- [FedRAMP](./compliance-frameworks/fedramp.mdx)
-- [SOC 2](./compliance-frameworks/soc2.mdx)
+- [FedRAMP](fedramp.mdx)
+- [SOC 2](soc2.mdx)
diff --git a/docs/pages/admin-guides/access-controls/compliance-frameworks/soc2.mdx b/docs/pages/admin-guides/access-controls/compliance-frameworks/soc2.mdx
index 784bb3c83edf0..2b2f04847c331 100644
--- a/docs/pages/admin-guides/access-controls/compliance-frameworks/soc2.mdx
+++ b/docs/pages/admin-guides/access-controls/compliance-frameworks/soc2.mdx
@@ -58,16 +58,16 @@ Each principle has many "Points of Focus" which will apply differently to differ
 | CC6.1 - Manages Credentials for Infrastructure and Software | New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use. | [Invite nodes to your cluster with short lived tokens](../../../enroll-resources/agents/join-services-to-your-cluster/join-token.mdx) | 
 | CC6.1 - Uses Encryption to Protect Data | The entity uses encryption to supplement other measures used to protect data at rest, when such protections are deemed appropriate based on assessed risk. | Teleport Audit logs can use DynamoDB encryption at rest. | 
 | CC6.1 - Protects Encryption Keys | Processes are in place to protect encryption keys during generation, storage, use, and destruction. | Teleport acts as a Certificate Authority to issue SSH and x509 user certificates that are signed by the CA and are (by default) short-lived. SSH host certificates are also signed by the CA and rotated automatically  | 
-| CC6.2 - Controls Access Credentials to Protected Assets | Information asset access credentials are created based on an authorization from the system&#39;s asset owner or authorized custodian. | [Request Approval from the command line](../../../reference/cli/tctl.mdx) <br/><br/> [Build Approval Workflows with Access Requests](../../access-controls/access-requests.mdx) <br/><br/> [Use Plugins to send approvals to tools like Slack or Jira](../../access-controls/access-requests.mdx) |
-| CC6.2 - Removes Access to Protected Assets When Appropriate | Processes are in place to remove credential access when an individual no longer requires such access. | [Teleport issues temporary credentials based on an employees role and are revoked upon job change, termination or end of a maintenance window](../../access-controls/access-requests.mdx) | 
+| CC6.2 - Controls Access Credentials to Protected Assets | Information asset access credentials are created based on an authorization from the system&#39;s asset owner or authorized custodian. | [Request Approval from the command line](../../../reference/cli/tctl.mdx) <br/><br/> [Build Approval Workflows with Access Requests](../access-requests/access-requests.mdx) <br/><br/> [Use Plugins to send approvals to tools like Slack or Jira](../access-requests/access-requests.mdx) |
+| CC6.2 - Removes Access to Protected Assets When Appropriate | Processes are in place to remove credential access when an individual no longer requires such access. | [Teleport issues temporary credentials based on an employees role and are revoked upon job change, termination or end of a maintenance window](../access-requests/access-requests.mdx) | 
 | CC6.2 - Reviews Appropriateness of Access Credentials | The appropriateness of access credentials is reviewed on a periodic basis for unnecessary and inappropriate individuals with credentials. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | 
-| CC6.3 - Creates or Modifies Access to Protected Information Assets | Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner. | [Build Approval Workflows with Access Requests](../../access-controls/access-requests.mdx) to get authorization from asset owners. | 
+| CC6.3 - Creates or Modifies Access to Protected Information Assets | Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner. | [Build Approval Workflows with Access Requests](../access-requests/access-requests.mdx) to get authorization from asset owners. | 
 | CC6.3 - Removes Access to Protected Information Assets | Processes are in place to remove access to protected information assets when an individual no longer requires access. | Teleport uses temporary credentials and can be integrated with your version control system or even your HR system to [revoke access with the Access requests API](../../api/api.mdx) | 
 | CC6.3 - Uses Role-Based Access Controls | Role-based access control is utilized to support segregation of incompatible functions. | [Role based access control (&quot;RBAC&quot;) allows Teleport administrators to grant granular access permissions to users.](../access-controls.mdx) | 
 | CC6.3 - Reviews Access Roles and Rules | The appropriateness of access roles and access rules is reviewed on a periodic basis for unnecessary and inappropriate individuals with access and access rules are modified as appropriate. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | 
 | CC6.6 - Restricts Access | The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. | Teleport makes it easy to restrict access to common ports like 21, 22 and instead have users [tunnel to the server](../../../faq.mdx) using Teleport. [Teleport uses the following default ports.](../../../reference/networking.mdx) | 
 | CC6.6 - Protects Identification and Authentication Credentials | Identification and authentication credentials are protected during transmission outside system boundaries. | [Yes, Teleport protects credentials outside your network allowing for Zero Trust network architecture](https://goteleport.com/blog/applying-principles-of-zero-trust-to-ssh/) | 
-| CC6.6 - Requires Additional Authentication or Credentials | Additional authentication information or credentials are required when accessing the system from outside its boundaries. | [Yes, Teleport can manage MFA with TOTP, WebAuthn or U2F Standards or connect to your Identity Provider using SAML, OAUTH or OIDC](../../access-controls/sso.mdx) |
+| CC6.6 - Requires Additional Authentication or Credentials | Additional authentication information or credentials are required when accessing the system from outside its boundaries. | [Yes, Teleport can manage MFA with TOTP, WebAuthn or U2F Standards or connect to your Identity Provider using SAML, OAUTH or OIDC](../sso/sso.mdx) |
 | CC6.6 - Implements Boundary Protection Systems | Boundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts. | [Trusted clusters](../../management/admin/trustedclusters.mdx) | 
 | CC6.7 - Uses Encryption Technologies or Secure Communication Channels to Protect Data | Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. | [Teleport has strong encryption including a FedRAMP compliant FIPS mode](./fedramp.mdx#start-teleport-in-fips-mode) |
 | CC7.2 - Implements Detection Policies, Procedures, and Tools | Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | [Teleport creates detailed SSH Audit Logs with Metadata](../../../reference/monitoring/audit.mdx) <br/><br/> [Use BPF Session Recording to catch malicious program execution](../../../enroll-resources/server-access/guides/bpf-session-recording.mdx) |
diff --git a/docs/pages/admin-guides/access-controls/device-trust.mdx b/docs/pages/admin-guides/access-controls/device-trust/device-trust.mdx
similarity index 94%
rename from docs/pages/admin-guides/access-controls/device-trust.mdx
rename to docs/pages/admin-guides/access-controls/device-trust/device-trust.mdx
index c918933bf3e85..acb1da81d4520 100644
--- a/docs/pages/admin-guides/access-controls/device-trust.mdx
+++ b/docs/pages/admin-guides/access-controls/device-trust/device-trust.mdx
@@ -91,7 +91,7 @@ enforcement and Cluster-wide enforcement.
 
 ## Guides
 
-- [Getting Started with Device Trust](./device-trust/guide.mdx)
-- [Device Management](./device-trust/device-management.mdx)
-- [Enforcing Device Trust](./device-trust/enforcing-device-trust.mdx)
-- [Jamf Pro Integration](./device-trust/jamf-integration.mdx)
+- [Getting Started with Device Trust](guide.mdx)
+- [Device Management](device-management.mdx)
+- [Enforcing Device Trust](enforcing-device-trust.mdx)
+- [Jamf Pro Integration](jamf-integration.mdx)
diff --git a/docs/pages/admin-guides/access-controls/device-trust/jamf-integration.mdx b/docs/pages/admin-guides/access-controls/device-trust/jamf-integration.mdx
index 38a4c553582a4..6bd2d53cbe122 100644
--- a/docs/pages/admin-guides/access-controls/device-trust/jamf-integration.mdx
+++ b/docs/pages/admin-guides/access-controls/device-trust/jamf-integration.mdx
@@ -14,7 +14,7 @@ Teleport if a computer is removed from Jamf Pro.
 Syncing devices from Jamf Pro is an **inventory management** step, equivalent to
 automatically running the corresponding `tctl devices add` commands.
 
-See the [Device Trust guide](../device-trust.mdx) for fundamental Device Trust concepts
+See the [Device Trust guide](device-trust.mdx) for fundamental Device Trust concepts
 and behavior.
 
 <Details title="This integration is hosted on Teleport Cloud" open={false}>
diff --git a/docs/pages/admin-guides/access-controls/guides/dual-authz.mdx b/docs/pages/admin-guides/access-controls/guides/dual-authz.mdx
index a2911d4988df2..74819d3612c15 100644
--- a/docs/pages/admin-guides/access-controls/guides/dual-authz.mdx
+++ b/docs/pages/admin-guides/access-controls/guides/dual-authz.mdx
@@ -14,7 +14,7 @@ In this guide, we will set up Teleport's Just-in-Time Access Requests to require
 the approval of two team members for a privileged role `dbadmin`.
 
 The steps below describe how to use Teleport with Mattermost. You can also
-[integrate with many other providers](../access-requests.mdx).
+[integrate with many other providers](../access-requests/access-requests.mdx).
 
 <Notice type="warning">
 
diff --git a/docs/pages/admin-guides/access-controls/guides.mdx b/docs/pages/admin-guides/access-controls/guides/guides.mdx
similarity index 100%
rename from docs/pages/admin-guides/access-controls/guides.mdx
rename to docs/pages/admin-guides/access-controls/guides/guides.mdx
diff --git a/docs/pages/admin-guides/access-controls/guides/locking.mdx b/docs/pages/admin-guides/access-controls/guides/locking.mdx
index 1141a216a01d6..bb8cef918c4b2 100644
--- a/docs/pages/admin-guides/access-controls/guides/locking.mdx
+++ b/docs/pages/admin-guides/access-controls/guides/locking.mdx
@@ -22,7 +22,7 @@ A lock can target the following objects or attributes:
 - a Teleport agent by the agent's server UUID (effectively unregistering it from the
   cluster)
 - a Windows desktop by the desktop's name
-- an [Access Request](../access-requests.mdx) by UUID
+- an [Access Request](../access-requests/access-requests.mdx) by UUID
 
 ## Prerequisites
 
diff --git a/docs/pages/admin-guides/access-controls/idps.mdx b/docs/pages/admin-guides/access-controls/idps.mdx
deleted file mode 100644
index 347b7840b9391..0000000000000
--- a/docs/pages/admin-guides/access-controls/idps.mdx
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: Configure Teleport as an identity provider
-description: How to set up Teleport's identity provider functionality
----
-
-Users can authenticate to both internal and external applications
-through the use of a built in identity provider in Teleport.
-
-- [SAML Guide](./idps/saml-guide.mdx): A guide for setting up an example application to integration with the SAML identity provider.
-- [SAML Attribute Mapping](./idps/saml-attribute-mapping.mdx): A reference on how attribute mapping works in Teleport and how to
-use it to assert custom user attribute name and values in a SAML response.
-- [Use Teleport's SAML Provider to authenticate with Grafana](./idps/saml-grafana.mdx): Configure Grafana to authenticate using Teleport identities.
-- [SAML Reference](../../reference/access-controls/saml-idp.mdx): A reference for Teleport's SAML identity provider.
diff --git a/docs/pages/admin-guides/access-controls/idps/idps.mdx b/docs/pages/admin-guides/access-controls/idps/idps.mdx
new file mode 100644
index 0000000000000..2c4daa37a4ae8
--- /dev/null
+++ b/docs/pages/admin-guides/access-controls/idps/idps.mdx
@@ -0,0 +1,13 @@
+---
+title: Configure Teleport as an identity provider
+description: How to set up Teleport's identity provider functionality
+---
+
+Users can authenticate to both internal and external applications
+through the use of a built in identity provider in Teleport.
+
+- [SAML Guide](saml-guide.mdx): A guide for setting up an example application to integration with the SAML identity provider.
+- [SAML Attribute Mapping](saml-attribute-mapping.mdx): A reference on how attribute mapping works in Teleport and how to
+use it to assert custom user attribute name and values in a SAML response.
+- [Use Teleport's SAML Provider to authenticate with Grafana](saml-grafana.mdx): Configure Grafana to authenticate using Teleport identities.
+- [SAML Reference](../../../reference/access-controls/saml-idp.mdx): A reference for Teleport's SAML identity provider.
diff --git a/docs/pages/admin-guides/access-controls/login-rules/guide.mdx b/docs/pages/admin-guides/access-controls/login-rules/guide.mdx
index c42a66e4548c3..9ddcc3203a72e 100644
--- a/docs/pages/admin-guides/access-controls/login-rules/guide.mdx
+++ b/docs/pages/admin-guides/access-controls/login-rules/guide.mdx
@@ -17,7 +17,7 @@ cluster on version `11.3.1` or greater.
 
 Login Rules only operate on SSO logins, so make sure you have
 configured an OIDC, SAML, or GitHub connector before you begin.
-Check the [Single Sign-On](../sso.mdx) docs to learn how to set this up.
+Check the [Single Sign-On](../sso/sso.mdx) docs to learn how to set this up.
 
 ## Step 1/5. Configure RBAC
 
diff --git a/docs/pages/admin-guides/access-controls/login-rules.mdx b/docs/pages/admin-guides/access-controls/login-rules/login-rules.mdx
similarity index 90%
rename from docs/pages/admin-guides/access-controls/login-rules.mdx
rename to docs/pages/admin-guides/access-controls/login-rules/login-rules.mdx
index 3b4ca696ae8d6..f1aa1fdb8cb57 100644
--- a/docs/pages/admin-guides/access-controls/login-rules.mdx
+++ b/docs/pages/admin-guides/access-controls/login-rules/login-rules.mdx
@@ -20,7 +20,7 @@ Some use cases for Login Rules are:
   traits will be included in your user's SSH certificates and JWTs, which can
   become too large for some third-party applications to handle.  Login Rules can
   filter out unnecessary traits and keep just the ones you need.
-- When you have multiple [Role Templates](./guides/role-templates.mdx) repeating
+- When you have multiple [Role Templates](../guides/role-templates.mdx) repeating
   the same logic to combine and transform external traits, consider using Login
   Rules to consolidate the logic to one place and simplify your Roles.
 
@@ -43,13 +43,13 @@ traits_map:
     - 'ifelse(external.groups.contains("db-admins"), external.groups.add("db-users"), external.groups)'
 ```
 
-Check out the [Login Rules guide](./login-rules/guide.mdx) for a quick walkthrough
+Check out the [Login Rules guide](guide.mdx) for a quick walkthrough
 that will show you how to write, test, and add the first Login Rule to your
-cluster. See [example Login Rules](./login-rules/guide.mdx#example-login-rules) to
+cluster. See [example Login Rules](guide.mdx) to
 learn how to address common use cases.
 
 When you're ready to take full advantage of Login Rules in your cluster, see the
-[Login Rules Reference](../../reference/access-controls/login-rules.mdx) for details on the expression
+[Login Rules Reference](../../../reference/access-controls/login-rules.mdx) for details on the expression
 language that powers them.
 
 ## FAQ
diff --git a/docs/pages/admin-guides/access-controls/sso.mdx b/docs/pages/admin-guides/access-controls/sso/sso.mdx
similarity index 89%
rename from docs/pages/admin-guides/access-controls/sso.mdx
rename to docs/pages/admin-guides/access-controls/sso/sso.mdx
index 68944e85814a1..f0c336b62e517 100644
--- a/docs/pages/admin-guides/access-controls/sso.mdx
+++ b/docs/pages/admin-guides/access-controls/sso/sso.mdx
@@ -7,15 +7,15 @@ Teleport users can log in to servers, Kubernetes clusters, databases, web
 applications, and Windows desktops through their organization's Single Sign-On
 (SSO) provider.
 
-- [Azure Active Directory (AD)](./sso/azuread.mdx): Configure Azure Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [Active Directory (ADFS)](./sso/adfs.mdx): Configure Windows Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [Google Workspace](./sso/google-workspace.mdx): Configure Google Workspace SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [GitHub](./sso/github-sso.mdx): Configure GitHub SSO for SSH,
+- [Azure Active Directory (AD)](azuread.mdx): Configure Azure Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [Active Directory (ADFS)](adfs.mdx): Configure Windows Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [Google Workspace](google-workspace.mdx): Configure Google Workspace SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [GitHub](github-sso.mdx): Configure GitHub SSO for SSH,
   Kubernetes, databases, desktops, and web apps.
-- [GitLab](./sso/gitlab.mdx): Configure GitLab SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [OneLogin](./sso/one-login.mdx): Configure OneLogin SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [OIDC](./sso/oidc.mdx): Configure OIDC SSO for SSH, Kubernetes, databases, desktops and web apps.
-- [Okta](./sso/okta.mdx): Configure Okta SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [GitLab](gitlab.mdx): Configure GitLab SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [OneLogin](one-login.mdx): Configure OneLogin SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [OIDC](oidc.mdx): Configure OIDC SSO for SSH, Kubernetes, databases, desktops and web apps.
+- [Okta](okta.mdx): Configure Okta SSO for SSH, Kubernetes, databases, desktops and web apps.
 
 ## How Teleport uses SSO
 
@@ -392,9 +392,9 @@ flow. These provider-specific changes can be enabled by setting the
 values to match your identity provider:
 
 - `adfs` (SAML): Required for compatibility with Active Directory (ADFS); refer
-  to the full [ADFS guide](./sso/adfs.mdx#step-23-create-teleport-roles) for details.
+  to the full [ADFS guide](adfs.mdx) for details.
 - `netiq` (OIDC): Used to enable NetIQ-specific ACR value processing; refer to
-  the [OIDC guide](./sso/oidc.mdx#optional-acr-values) for details.
+  the [OIDC guide](oidc.mdx) for details.
 - `ping` (SAML and OIDC): Required for compatibility with Ping Identity (including
   PingOne and PingFederate).
 - `okta` (OIDC): Required when using Okta as an OIDC provider.
@@ -446,7 +446,7 @@ $ tctl get connectors
 ```
 
 To delete/update connectors, use the usual `tctl rm` and `tctl create` commands
-as described in the [Resources Reference](../../reference/resources.mdx).
+as described in the [Resources Reference](../../../reference/resources.mdx).
 
 If multiple authentication connectors exist, the clients must supply a
 connector name to `tsh login` via `--auth` argument:
@@ -462,10 +462,10 @@ $ tsh --proxy=proxy.example.com login --auth=local --user=admin
 Refer to the following guides to configure authentication connectors of both
 SAML and OIDC types:
 
-- [SSH Authentication with Okta](./sso/okta.mdx)
-- [SSH Authentication with OneLogin](./sso/one-login.mdx)
-- [SSH Authentication with ADFS](./sso/adfs.mdx)
-- [SSH Authentication with OAuth2 / OpenID Connect](./sso/oidc.mdx)
+- [SSH Authentication with Okta](okta.mdx)
+- [SSH Authentication with OneLogin](one-login.mdx)
+- [SSH Authentication with ADFS](adfs.mdx)
+- [SSH Authentication with OAuth2 / OpenID Connect](oidc.mdx)
 
 ## SSO customization
 
@@ -474,11 +474,11 @@ of SSO buttons in the Teleport Web UI.
 
 | Provider | YAML | Example |
 | - | - | - |
-| GitHub | `display: GitHub` | ![github](../../../img/teleport-sso/github@2x.png) |
-| Microsoft | `display: Microsoft` | ![microsoft](../../../img/teleport-sso/microsoft@2x.png) |
-| Google | `display: Google` | ![google](../../../img/teleport-sso/google@2x.png) |
-| BitBucket | `display: Bitbucket` | ![bitbucket](../../../img/teleport-sso/bitbucket@2x.png) |
-| OpenID | `display: Okta` | ![Okta](../../../img/teleport-sso/openId@2x.png) |
+| GitHub | `display: GitHub` | ![github](../../../../img/teleport-sso/github@2x.png) |
+| Microsoft | `display: Microsoft` | ![microsoft](../../../../img/teleport-sso/microsoft@2x.png) |
+| Google | `display: Google` | ![google](../../../../img/teleport-sso/google@2x.png) |
+| BitBucket | `display: Bitbucket` | ![bitbucket](../../../../img/teleport-sso/bitbucket@2x.png) |
+| OpenID | `display: Okta` | ![Okta](../../../../img/teleport-sso/openId@2x.png) |
 
 ## Troubleshooting
 
@@ -506,7 +506,7 @@ If something is not working, we recommend to:
 If you get "access denied" or other login errors, the number one place to check is the Audit
 Log. You can access it in the **Activity** tab of the Teleport Web UI.
 
-![Audit Log Entry for SSO Login error](../../../img/sso/teleportauditlogssofailed.png)
+![Audit Log Entry for SSO Login error](../../../../img/sso/teleportauditlogssofailed.png)
 
 Example of a user being denied because the role `clusteradmin` wasn't set up:
 
@@ -551,5 +551,5 @@ The roles we illustrated in this guide use `external` traits,
 which Teleport replaces with values from the single sign-on provider that the
 user used to authenticate with Teleport. For full details on how variable
 expansion works in Teleport roles, see the  [Teleport Access Controls
-Reference](../../reference/access-controls/roles.mdx).
+Reference](../../../reference/access-controls/roles.mdx).
 
diff --git a/docs/pages/admin-guides/api/access-plugin.mdx b/docs/pages/admin-guides/api/access-plugin.mdx
index c15e7a9c95c11..329885add716d 100644
--- a/docs/pages/admin-guides/api/access-plugin.mdx
+++ b/docs/pages/admin-guides/api/access-plugin.mdx
@@ -3,12 +3,12 @@ title: How to Build an Access Request Plugin
 description: Manage Access Requests using custom workflows with the Teleport API
 ---
 
-With Teleport [Access Requests](../access-controls/access-requests.mdx), you can
+With Teleport [Access Requests](../access-controls/access-requests/access-requests.mdx), you can
 assign Teleport users to less privileged roles by default and allow them to
 temporarily escalate their privileges. Reviewers can grant or deny Access
 Requests within your organization's existing communication workflows (e.g.,
 Slack, email, and PagerDuty) using [Access Request
-plugins](../access-controls/access-request-plugins.mdx).
+plugins](../access-controls/access-request-plugins/access-request-plugins.mdx).
 
 You can use Teleport's API client library to build an Access Request plugin that
 integrates with your organization's unique workflows. 
diff --git a/docs/pages/admin-guides/api/api.mdx b/docs/pages/admin-guides/api/api.mdx
index 7a4233680e87e..c376b1271bfb0 100644
--- a/docs/pages/admin-guides/api/api.mdx
+++ b/docs/pages/admin-guides/api/api.mdx
@@ -11,13 +11,13 @@ cluster. In this section, we will show you how to use Teleport's API.
 
 Teleport has a public [Go
 client](https://pkg.go.dev/github.com/gravitational/teleport/api/client) to
-programatically interact with the API. [tsh and tctl](../../reference/cli.mdx) use
+programatically interact with the API. [tsh and tctl](../../reference/cli/cli.mdx) use
 the same API.
 
 Here is what you can do with the Go Client:
 
  - Integrate with external tools, e.g., to write an [Access Request
-   plugin](../access-controls/access-request-plugins.mdx). Teleport
+   plugin](../access-controls/access-request-plugins/access-request-plugins.mdx). Teleport
    maintains Access Request plugins for tools like Slack, Jira, and Mattermost.
  - Perform CRUD actions on resources, such as roles, authentication connectors,
    and provisioning tokens.
diff --git a/docs/pages/admin-guides/api/automatically-register-agents.mdx b/docs/pages/admin-guides/api/automatically-register-agents.mdx
index 173b93a8f9e03..edbbbd006d5ec 100644
--- a/docs/pages/admin-guides/api/automatically-register-agents.mdx
+++ b/docs/pages/admin-guides/api/automatically-register-agents.mdx
@@ -6,12 +6,6 @@ description: Learn how to use the Teleport API to start agents automatically whe
 You can use Teleport's API to automatically register resources in your
 infrastructure with your Teleport cluster.
 
-Teleport already supports the automatic discovery of [Kubernetes
-clusters](../../enroll-resources/kubernetes-access/discovery.mdx) in AWS, Azure, and Google Cloud,
-as well as [servers](../../enroll-resources/server-access/guides/ec2-discovery.mdx) on Amazon EC2.
-To support other resources and cloud providers, you can use the API to write
-your own workflow.
-
 In this guide, we will demonstrate some libraries you can use to automatically
 register resources with Teleport. We will use an example you can run locally on
 your workstation.
diff --git a/docs/pages/admin-guides/api/getting-started.mdx b/docs/pages/admin-guides/api/getting-started.mdx
index 4f9287fc5e14e..cfdbe207dedc5 100644
--- a/docs/pages/admin-guides/api/getting-started.mdx
+++ b/docs/pages/admin-guides/api/getting-started.mdx
@@ -127,4 +127,4 @@ $ go run main.go
 - Read about Teleport [API architecture](../../reference/architecture/api-architecture.mdx) for an in-depth overview of the API and API clients.
 - Read [API authorization](../../reference/architecture/api-architecture.mdx) to learn more about defining custom roles for your API client.
 - Review the `client` [pkg.go reference documentation](https://pkg.go.dev/github.com/gravitational/teleport/api/client) for more information about working with the Teleport API programmatically.
-- Familiarize yourself with the [admin manual](../management/admin.mdx) to make the best use of the API.
+- Familiarize yourself with the [admin manual](../management/admin/admin.mdx) to make the best use of the API.
diff --git a/docs/pages/admin-guides/api/rbac.mdx b/docs/pages/admin-guides/api/rbac.mdx
index 83e1fe363e3c6..c15efe0a06138 100644
--- a/docs/pages/admin-guides/api/rbac.mdx
+++ b/docs/pages/admin-guides/api/rbac.mdx
@@ -938,7 +938,7 @@ See the links below for guides to fields related to different infrastructure
 resources:
 
 - [Servers](../../enroll-resources/server-access/rbac.mdx)
-- [Databases](../../enroll-resources/database-access/rbac.mdx)
+- [Databases](../../enroll-resources/database-access/rbac/rbac.mdx)
 - [Kubernetes clusters](../../enroll-resources/kubernetes-access/manage-access/rbac.mdx)
 - [Windows Desktops](../../enroll-resources/desktop-access/rbac.mdx)
 - [Applications](../../enroll-resources/application-access/controls.mdx)
diff --git a/docs/pages/admin-guides/deploy-a-cluster/access-graph/self-hosted-helm.mdx b/docs/pages/admin-guides/deploy-a-cluster/access-graph/self-hosted-helm.mdx
index cf346f50edfe0..9451bb2489b92 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/access-graph/self-hosted-helm.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/access-graph/self-hosted-helm.mdx
@@ -24,7 +24,7 @@ to Teleport Enterprise customers.
 - Helm >= (=helm.version=)
 - A running Teleport Enterprise cluster v14.3.6 or later.
   - For the purposes of this guide, we assume that the Teleport cluster is set up
-    [using the `teleport-cluster` Helm chart](../../deploy-a-cluster/helm-deployments.mdx)
+    [using the `teleport-cluster` Helm chart](../helm-deployments/helm-deployments.mdx)
     in the same Kubernetes cluster that will be used to deploy Teleport Access Graph.
 - An updated `license.pem` with Teleport Policy enabled.
 - A PostgreSQL database server v14 or later.
diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments.mdx
deleted file mode 100644
index 706eb1c405ea9..0000000000000
--- a/docs/pages/admin-guides/deploy-a-cluster/deployments.mdx
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: Reference Deployment Guides
-description: Teleport Installation and Configuration Reference Deployment Guides.
-layout: tocless-doc
----
-
-These guides show you how to set up a full self-hosted Teleport deployment on
-the platform of your choice.
-
-- [AWS High Availability Deployment with Terraform](./deployments/aws-ha-autoscale-cluster-terraform.mdx): Deploy HA Teleport with
-  Terraform on AWS.
-- [AWS Single-Instance Deployment with Terraform](./deployments/aws-starter-cluster-terraform.mdx): Deploy Teleport on a single instance with
-  Terraform on AWS.
-- [AWS Multi-Region Proxy
-  Deployment](./deployments/aws-gslb-proxy-peering-ha-deployment.mdx): Deploy HA
-  Teleport with Proxy Service instances in multiple regions for low-latency
-  access.
-- [GCP](./deployments/gcp.mdx): Deploy HA Teleport on GCP.
-- [IBM Cloud](./deployments/ibm.mdx): Deploy HA Teleport on IBM cloud.
diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-ha-autoscale-cluster-terraform.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-ha-autoscale-cluster-terraform.mdx
index b74e7e8b3c141..cad211bff1af8 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-ha-autoscale-cluster-terraform.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-ha-autoscale-cluster-terraform.mdx
@@ -811,7 +811,7 @@ To add new nodes/EC2 servers that you can "SSH into" you'll need to:
 - [Run Teleport - we recommend using systemd](../../management/admin/daemon.mdx)
 - [Set the correct settings in /etc/teleport.yaml](../../../reference/config.mdx)
 - [Add Nodes to the Teleport
-  cluster](../../../enroll-resources/agents/join-services-to-your-cluster.mdx)
+  cluster](../../../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx)
 
 ### Getting the SSH Service join token
 
diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-starter-cluster-terraform.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-starter-cluster-terraform.mdx
index 1d23659ac8845..2c2d66d69b2e3 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-starter-cluster-terraform.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/aws-starter-cluster-terraform.mdx
@@ -726,7 +726,7 @@ To add new nodes/EC2 servers that you can "SSH into" you'll need to:
 - [Run Teleport - we recommend using systemd](../../management/admin/daemon.mdx)
 - [Set the correct settings in /etc/teleport.yaml](../../../reference/config.mdx)
 - [Add Nodes to the Teleport
-  cluster](../../../enroll-resources/agents/join-services-to-your-cluster.mdx)
+  cluster](../../../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx)
 
 ## Troubleshooting
 
diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/deployments.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/deployments.mdx
new file mode 100644
index 0000000000000..a30782f9ca3c4
--- /dev/null
+++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/deployments.mdx
@@ -0,0 +1,19 @@
+---
+title: Reference Deployment Guides
+description: Teleport Installation and Configuration Reference Deployment Guides.
+layout: tocless-doc
+---
+
+These guides show you how to set up a full self-hosted Teleport deployment on
+the platform of your choice.
+
+- [AWS High Availability Deployment with Terraform](aws-ha-autoscale-cluster-terraform.mdx): Deploy HA Teleport with
+  Terraform on AWS.
+- [AWS Single-Instance Deployment with Terraform](aws-starter-cluster-terraform.mdx): Deploy Teleport on a single instance with
+  Terraform on AWS.
+- [AWS Multi-Region Proxy
+  Deployment](aws-gslb-proxy-peering-ha-deployment.mdx): Deploy HA
+  Teleport with Proxy Service instances in multiple regions for low-latency
+  access.
+- [GCP](gcp.mdx): Deploy HA Teleport on GCP.
+- [IBM Cloud](ibm.mdx): Deploy HA Teleport on IBM cloud.
diff --git a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments.mdx b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/helm-deployments.mdx
similarity index 55%
rename from docs/pages/admin-guides/deploy-a-cluster/helm-deployments.mdx
rename to docs/pages/admin-guides/deploy-a-cluster/helm-deployments/helm-deployments.mdx
index fb62933678eea..e35528834cf72 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/helm-deployments.mdx
@@ -15,24 +15,24 @@ order to protect a Kubernetes cluster with Teleport, and it is possible to
 enroll a Kubernetes cluster on Teleport Cloud or by running the Teleport
 Kubernetes Service on a Linux server. For instructions on enrolling a Kubernetes
 cluster with Teleport, read the [Kubernetes
-Access](../../enroll-resources/kubernetes-access/introduction.mdx) documentation.
+Access](../../../enroll-resources/kubernetes-access/introduction.mdx) documentation.
 
 ## Helm deployment guides
 
 These guides show you how to set up a full self-hosted Teleport deployment using
 our `teleport-cluster` Helm chart.
 
-- [Deploy Teleport on Kubernetes](./helm-deployments/kubernetes-cluster.mdx): Run a Teleport cluster in a Kubernetes cluster using
+- [Deploy Teleport on Kubernetes](kubernetes-cluster.mdx): Run a Teleport cluster in a Kubernetes cluster using
   the default configuration. This deployment is a great starting point to try a self-hosted 
   Teleport with minimal resources. 
-- [HA AWS Teleport Cluster](./helm-deployments/aws.mdx): Running an HA Teleport cluster in Kubernetes using an AWS EKS Cluster
-- [HA Azure Teleport Cluster](./helm-deployments/azure.mdx): Running an HA Teleport cluster in Kubernetes using an Azure AKS Cluster
-- [HA GCP Teleport Cluster](./helm-deployments/gcp.mdx): Running an HA Teleport cluster in Kubernetes using a Google Cloud GKE Cluster
-- [DigitalOcean Kubernetes Cluster](./helm-deployments/digitalocean.mdx):
+- [HA AWS Teleport Cluster](aws.mdx): Running an HA Teleport cluster in Kubernetes using an AWS EKS Cluster
+- [HA Azure Teleport Cluster](azure.mdx): Running an HA Teleport cluster in Kubernetes using an Azure AKS Cluster
+- [HA GCP Teleport Cluster](gcp.mdx): Running an HA Teleport cluster in Kubernetes using a Google Cloud GKE Cluster
+- [DigitalOcean Kubernetes Cluster](digitalocean.mdx):
   Running Teleport on DigitalOcean Kubernetes.
-- [Custom Teleport config](./helm-deployments/custom.mdx): Running a Teleport cluster in Kubernetes with a custom Teleport config
+- [Custom Teleport config](custom.mdx): Running a Teleport cluster in Kubernetes with a custom Teleport config
 
 ## Migration Guides
 
-- [Migrating from v11 to v12](./helm-deployments/migration-v12.mdx)
-- [Kubernetes 1.25 and PSP removal](./helm-deployments/migration-kubernetes-1-25-psp.mdx)
+- [Migrating from v11 to v12](migration-v12.mdx)
+- [Kubernetes 1.25 and PSP removal](migration-kubernetes-1-25-psp.mdx)
diff --git a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
index e7af64df52e3b..0152ee196ba3e 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
@@ -369,7 +369,7 @@ cluster.
 - **Set up Single Sign-On:** In this guide, we showed you how to create a local
   user, which is appropriate for demo environments. For a production deployment,
   you should set up Single Sign-On with your provider of choice. See our [Single
-  Sign-On guides](../../access-controls/sso.mdx) for how to do this.
+  Sign-On guides](../../access-controls/sso/sso.mdx) for how to do this.
 - **Configure your Teleport deployment:** To see all of the options you can set
   in the values file for the `teleport-cluster` Helm chart, consult our
   [reference guide](../../../reference/helm-reference/teleport-cluster.mdx).
diff --git a/docs/pages/admin-guides/deploy-a-cluster/high-availability.mdx b/docs/pages/admin-guides/deploy-a-cluster/high-availability.mdx
index 8cb1ef96326d3..88896d5e47d6b 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/high-availability.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/high-availability.mdx
@@ -296,7 +296,7 @@ pod or virtual machine in your group.
 
 If you plan to run Teleport on Kubernetes, the `teleport-cluster` Helm chart
 deploys the Auth Service and Proxy Service pools for you. To see how to use this
-Helm chart, read our [Helm Deployments](helm-deployments.mdx) documentation.
+Helm chart, read our [Helm Deployments](helm-deployments/helm-deployments.mdx) documentation.
 
 </Notice>
 
@@ -353,7 +353,7 @@ Create a configuration file and provide it to each of your Proxy Service
 instances at `/etc/teleport.yaml`. We will explain the required configuration
 fields for a high-availability Teleport deployment below. These are the minimum
 requirements, and when planning your high-availability deployment, you will want
-to follow a more specific [deployment guide](../../index.mdx) for your
+to follow a more specific [deployment guide](deployments/deployments.mdx) for your
 environment. 
 
 #### `proxy_service` and `auth_service`
@@ -467,7 +467,7 @@ Create a configuration file and provide it to each of your Auth Service
 instances at `/etc/teleport.yaml`. We will explain the required configuration
 fields for a high-availability Teleport deployment below. These are the minimum
 requirements, and when planning your high-availability deployment, you will want
-to follow a more specific [deployment guide](../../index.mdx) for your
+to follow a more specific [deployment guide](deployments/deployments.mdx) for your
 environment.
 
 #### `storage`
@@ -540,8 +540,8 @@ deployment, read about how to design your own deployment on Kubernetes or a
 cluster of virtual machines in your cloud of choice:
 
 - [High-availability Teleport Deployments on Kubernetes with
-  Helm](helm-deployments.mdx)
-- [Reference Deployments](deployments.mdx) for running Teleport on a cluster of
+  Helm](helm-deployments/helm-deployments.mdx)
+- [Reference Deployments](deployments/deployments.mdx) for running Teleport on a cluster of
   virtual machines
 
 ### Ensure high performance
@@ -550,7 +550,7 @@ You should also get familiar with how to ensure that your Teleport deployment is
 performing as expected:
 
 - [Scaling a Teleport cluster](../management/operations/scaling.mdx)
-- [Monitoring a Teleport cluster](../management/diagnostics.mdx)
+- [Monitoring a Teleport cluster](../management/diagnostics/diagnostics.mdx)
 
 ### Deploy Teleport services
 
diff --git a/docs/pages/admin-guides/infrastructure-as-code.mdx b/docs/pages/admin-guides/infrastructure-as-code/infrastructure-as-code.mdx
similarity index 93%
rename from docs/pages/admin-guides/infrastructure-as-code.mdx
rename to docs/pages/admin-guides/infrastructure-as-code/infrastructure-as-code.mdx
index 0bb2e06bda487..4097d107b6ba8 100644
--- a/docs/pages/admin-guides/infrastructure-as-code.mdx
+++ b/docs/pages/admin-guides/infrastructure-as-code/infrastructure-as-code.mdx
@@ -27,7 +27,7 @@ There are two ways to configure a Teleport cluster:
 This approach makes it possible to incrementally adjust your Teleport
 configuration without restarting Teleport instances.
 
-![Architecture of dynamic resources](../../img/dynamic-resources.png)
+![Architecture of dynamic resources](../../../img/dynamic-resources.png)
 
 A cluster is composed of different objects (i.e., resources) and there are three
 common operations that can be performed on them: `get` , `create` , and `remove`
@@ -64,7 +64,7 @@ infrastructure-as-code and GitOps approaches.
 
 For more information on Teleport roles, including the `internal.logins`
 trait we use in these example roles, see the [Teleport Access
-Controls Reference](../reference/access-controls/roles.mdx).
+Controls Reference](../../reference/access-controls/roles.mdx).
 
 ### YAML documents with `tctl`
 
@@ -86,7 +86,7 @@ spec:
 
 Since `tctl` works from the local filesystem, you can write commands that apply
 all configuration documents in a directory tree. See the [CLI
-reference](../reference/cli/tctl.mdx) for more information on `tctl`.
+reference](../../reference/cli/tctl.mdx) for more information on `tctl`.
 
 ### Teleport Terraform provider
 
@@ -114,7 +114,7 @@ resource "teleport_role" "developer" {
 ```
 
 [Get started with the Terraform
-provider](infrastructure-as-code/terraform-provider.mdx).
+provider](terraform-provider/terraform-provider.mdx).
 
 ### Teleport Kubernetes Operator
 
@@ -135,7 +135,7 @@ spec:
       'env': 'test'
 ```
 
-[Get started with the Kubernetes Operator](infrastructure-as-code/teleport-operator.mdx).
+[Get started with the Kubernetes Operator](teleport-operator/teleport-operator.mdx).
 
 ## Reconciling the configuration file with dynamic resources
 
@@ -245,16 +245,16 @@ configuration resources with the `teleport.dev/origin=config-file` label.
 ### Configuration references
 
 - For a comprehensive reference of Teleport's static configuration options, read
-  the [Configuration Reference](../reference/config.mdx).
+  the [Configuration Reference](../../reference/config.mdx).
 - To see the dynamic configuration resources available to apply, read the
-  [Configuration Resource Reference](../reference/resources.mdx). There are also
+  [Configuration Resource Reference](../../reference/resources.mdx). There are also
   dedicated configuration resource references for
-  [applications](../reference/agent-services/application-access.mdx) and
-  [databases](../reference/agent-services/database-access-reference/configuration.mdx).
+  [applications](../../reference/agent-services/application-access.mdx) and
+  [databases](../../reference/agent-services/database-access-reference/configuration.mdx).
 
 ### Other ways to use the Teleport API
 
 The Teleport Kubernetes Operator, Terraform provider, and `tctl` are all clients
 of the Teleport Auth Service's gRPC API. To build your own API client to extend
 Teleport for your organization's needs, read our [API
-guides](api/api.mdx).
+guides](../api/api.mdx).
diff --git a/docs/pages/admin-guides/infrastructure-as-code/kubernetes.mdx b/docs/pages/admin-guides/infrastructure-as-code/kubernetes.mdx
index 7f743695be3d4..6186730f756d8 100644
--- a/docs/pages/admin-guides/infrastructure-as-code/kubernetes.mdx
+++ b/docs/pages/admin-guides/infrastructure-as-code/kubernetes.mdx
@@ -39,7 +39,7 @@ This guide is applicable if you self-host Teleport in Kubernetes using the
 
   </Admonition>
 
-- Follow the [Teleport operator guides](teleport-operator.mdx)
+- Follow the [Teleport operator guides](teleport-operator/teleport-operator.mdx)
   to install the Teleport Operator in your Kubernetes cluster.
   Make sure to follow the Enterprise instructions.
 
@@ -245,7 +245,7 @@ logins:
 
 ## Next Steps
 
-- Read the [Teleport Operator Guide](teleport-operator.mdx) to
+- Read the [Teleport Operator Guide](teleport-operator/teleport-operator.mdx) to
   learn more about the Teleport Operator.
 - Read the [Login Rules reference](../../reference/access-controls/login-rules.mdx) to learn mode about the
   Login Rule expression syntax.
diff --git a/docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx b/docs/pages/admin-guides/infrastructure-as-code/teleport-operator/teleport-operator.mdx
similarity index 97%
rename from docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx
rename to docs/pages/admin-guides/infrastructure-as-code/teleport-operator/teleport-operator.mdx
index cf4579641f646..aa240845072a0 100644
--- a/docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx
+++ b/docs/pages/admin-guides/infrastructure-as-code/teleport-operator/teleport-operator.mdx
@@ -271,9 +271,8 @@ Kubernetes cluster or namespace.  Then redeploy the Auth Server pods.  When the
 
 ## Next steps
 
-Helm Chart parameters are documented in the [`teleport-cluster` Helm chart reference](../../reference/helm-reference/teleport-cluster.mdx).
+Helm Chart parameters are documented in the [`teleport-cluster` Helm chart reference](../../../reference/helm-reference/teleport-cluster.mdx).
 
-See the [Helm Deployment guides](../deploy-a-cluster/helm-deployments.mdx) detailing specific setups like running Teleport on AWS or GCP.
+Check out [access controls documentation](../../access-controls/access-controls.mdx)
 
-Check out [access controls documentation](../access-controls/access-controls.mdx)
 
diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/terraform-provider.mdx
similarity index 93%
rename from docs/pages/admin-guides/infrastructure-as-code/terraform-provider.mdx
rename to docs/pages/admin-guides/infrastructure-as-code/terraform-provider/terraform-provider.mdx
index bb9b73d5578f2..da662137e2a98 100644
--- a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider.mdx
+++ b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/terraform-provider.mdx
@@ -11,7 +11,7 @@ This guide demonstrates how to:
 
 For instructions on managing the Teleport dynamic resources as code using
 GitOps, read the guide to using the Teleport Terraform provider with [Spacelift
-and Machine ID](../../enroll-resources/machine-id/deployment/spacelift.mdx).
+and Machine ID](../../../enroll-resources/machine-id/deployment/spacelift.mdx).
 
 ## Prerequisites
 
@@ -31,13 +31,13 @@ and Machine ID](../../enroll-resources/machine-id/deployment/spacelift.mdx).
 Terraform needs a signed identity file from the Teleport cluster certificate
 authority to manage resources in the cluster.
 You can create a local Teleport user for this purpose or you can use the machine identity agent
-[(Machine ID)](../../enroll-resources/machine-id/introduction.mdx) to generate credentials.
+[(Machine ID)](../../../enroll-resources/machine-id/introduction.mdx) to generate credentials.
 
 If you intend to run Terraform from a CI/CD platform, Machine ID is often a better
 option for generating credentials. Machine ID can provision ephemeral short-lived
 certificates that are appropriate for CI/CD workflows instead of using manually-generated
 credentials that have a longer time-to-live (TTL) period. For more information about
-using Machine ID, see the [Machine ID Getting Started Guide](../../enroll-resources/machine-id/getting-started.mdx).
+using Machine ID, see the [Machine ID Getting Started Guide](../../../enroll-resources/machine-id/getting-started.mdx).
 
 To prepare credentials for a local Teleport user:
 
@@ -186,6 +186,6 @@ following command:
 
 ## Next steps
 
-- Explore the full list of supported [Terraform provider resources](../../reference/terraform-provider.mdx).
-- Read more about [impersonation](../access-controls/guides/impersonation.mdx).
+- Explore the full list of supported [Terraform provider resources](../../../reference/terraform-provider.mdx).
+- Read more about [impersonation](../../access-controls/guides/impersonation.mdx).
 
diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform.mdx
index ebf167a520c84..aec689bee696f 100644
--- a/docs/pages/admin-guides/infrastructure-as-code/terraform.mdx
+++ b/docs/pages/admin-guides/infrastructure-as-code/terraform.mdx
@@ -27,7 +27,7 @@ For simplicity, this guide will configure the Terraform provider to use your
 current logged-in user's Teleport credentials obtained from `tsh login`.
 
 <Admonition type="note">
-The [Terraform provider guide](terraform-provider.mdx)
+The [Terraform provider guide](terraform-provider/terraform-provider.mdx)
 includes instructions for configuring a dedicated `terraform` user and role,
 which is a better option when running Terraform in a non-interactive
 environment.
@@ -152,7 +152,7 @@ logins:
 
 ## Next Steps
 
-- Read the [Terraform Guide](terraform-provider.mdx) to
+- Read the [Terraform Guide](terraform-provider/terraform-provider.mdx) to
   learn more about configuring the Terraform provider.
 - Read the [Login Rules reference](../../reference/access-controls/login-rules.mdx) to learn mode about the
   Login Rule expression syntax.
diff --git a/docs/pages/admin-guides/management/admin.mdx b/docs/pages/admin-guides/management/admin.mdx
deleted file mode 100644
index 817618350db8d..0000000000000
--- a/docs/pages/admin-guides/management/admin.mdx
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Cluster Administration Guides
-description: Teleport Cluster Administration Guides.
-layout: tocless-doc
----
-
-The guides in this section show you the fundamentals of setting up and running a
-Teleport cluster. You will learn how to run the `teleport` daemon, manage users
-and resources, and troubleshoot any issues that arise.
-
-If you already understand how to set up a Teleport cluster, consult the
-[Operations](./operations.mdx) section so you can start conducting periodic
-cluster maintenance tasks.
-
-## Run Teleport
-
-- [Teleport Daemon](./admin/daemon.mdx): Set up Teleport as a daemon on Linux with systemd.
-- [Run Teleport with Self-Signed Certificates](./admin/self-signed-certs.mdx): Set up Teleport in a local
-environment without configuring TLS certificates.
-
-## Manage users and resources
-
-- [Trusted Clusters](./admin/trustedclusters.mdx): Connect multiple Teleport clusters using trusted clusters.
-- [Labels](./admin/labels.mdx): Manage resource metadata with labels.
-- [Local Users](./admin/users.mdx): Manage local user accounts.
-
-## Troubleshoot issues
-
-- [Troubleshooting](./admin/troubleshooting.mdx): Collect metrics and diagnostic information from Teleport.
-- [Uninstall Teleport](./admin/uninstall-teleport.mdx): Uninstall Teleport from your system.
diff --git a/docs/pages/admin-guides/management/admin/admin.mdx b/docs/pages/admin-guides/management/admin/admin.mdx
new file mode 100644
index 0000000000000..4e11195231369
--- /dev/null
+++ b/docs/pages/admin-guides/management/admin/admin.mdx
@@ -0,0 +1,30 @@
+---
+title: Cluster Administration Guides
+description: Teleport Cluster Administration Guides.
+layout: tocless-doc
+---
+
+The guides in this section show you the fundamentals of setting up and running a
+Teleport cluster. You will learn how to run the `teleport` daemon, manage users
+and resources, and troubleshoot any issues that arise.
+
+If you already understand how to set up a Teleport cluster, consult the
+[Operations](../operations/operations.mdx) section so you can start conducting periodic
+cluster maintenance tasks.
+
+## Run Teleport
+
+- [Teleport Daemon](daemon.mdx): Set up Teleport as a daemon on Linux with systemd.
+- [Run Teleport with Self-Signed Certificates](self-signed-certs.mdx): Set up Teleport in a local
+environment without configuring TLS certificates.
+
+## Manage users and resources
+
+- [Trusted Clusters](trustedclusters.mdx): Connect multiple Teleport clusters using trusted clusters.
+- [Labels](labels.mdx): Manage resource metadata with labels.
+- [Local Users](users.mdx): Manage local user accounts.
+
+## Troubleshoot issues
+
+- [Troubleshooting](troubleshooting.mdx): Collect metrics and diagnostic information from Teleport.
+- [Uninstall Teleport](uninstall-teleport.mdx): Uninstall Teleport from your system.
diff --git a/docs/pages/admin-guides/management/admin/trustedclusters.mdx b/docs/pages/admin-guides/management/admin/trustedclusters.mdx
index b992196341440..50dde7b22b1a1 100644
--- a/docs/pages/admin-guides/management/admin/trustedclusters.mdx
+++ b/docs/pages/admin-guides/management/admin/trustedclusters.mdx
@@ -110,7 +110,7 @@ configured with a single sign-on identity provider that authenticates her identi
 Based on the information from the identity provider, the root cluster assigns Alice the `full-access` role
 and issues her a certificate. The mapping of single sign-on properties to Teleport roles is configured when
 you add an authentication connector to the Teleport cluster. To learn more about configuring single sign-on
-through an external identity provider, see [Configure Single Sign-on](../../access-controls/sso.mdx).
+through an external identity provider, see [Configure Single Sign-on](../../access-controls/sso/sso.mdx).
 
 Alice receives the certificate that specifies the roles assigned to her in the root cluster. This metadata
 about her roles is contained in the certificate extensions and is protected by the signature of the root 
@@ -167,7 +167,7 @@ To complete the steps in this guide, verify your environment meets the following
 
 - A Teleport SSH server that is joined to the cluster you plan to use as the **leaf cluster**.
   For information about how to enroll a resource in your cluster, see 
-  [Join Services to your Cluster](../../../enroll-resources/agents/join-services-to-your-cluster.mdx).
+  [Join Services to your Cluster](../../../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx).
 
 (!docs/pages/includes/permission-warning.mdx!)
 
diff --git a/docs/pages/admin-guides/management/admin/users.mdx b/docs/pages/admin-guides/management/admin/users.mdx
index 9182c65719387..d6c3b06f1ff7e 100644
--- a/docs/pages/admin-guides/management/admin/users.mdx
+++ b/docs/pages/admin-guides/management/admin/users.mdx
@@ -123,7 +123,7 @@ For all available `tctl` commands and flags, see our [CLI Reference](../../../re
 You can also configure Teleport so that users can log in using an SSO provider.
 For more information, see:
 
-- [Single Sign-On](../../access-controls/sso.mdx)
+- [Single Sign-On](../../access-controls/sso/sso.mdx)
 
 </TabItem>
 <TabItem label="Teleport Community Edition">
diff --git a/docs/pages/admin-guides/management/diagnostics.mdx b/docs/pages/admin-guides/management/diagnostics.mdx
deleted file mode 100644
index dbfe87be11f73..0000000000000
--- a/docs/pages/admin-guides/management/diagnostics.mdx
+++ /dev/null
@@ -1,11 +0,0 @@
----
-title: Monitoring your Cluster
-description: Monitoring your Teleport deployment
-layout: tocless-doc
----
-
-- [Health Monitoring](./diagnostics/monitoring.mdx): How to monitor the health of a Teleport instance.
-- [Metrics](./diagnostics/metrics.mdx): How to enable exporting Prometheus metrics.
-- [Collecting Profiles](./diagnostics/profiles.mdx): How to collect runtime profiling data from a Teleport instance.
-- [Distributed Tracing](./diagnostics/tracing.mdx): How to enable distributed tracing for a Teleport instance.
-
diff --git a/docs/pages/admin-guides/management/diagnostics/diagnostics.mdx b/docs/pages/admin-guides/management/diagnostics/diagnostics.mdx
new file mode 100644
index 0000000000000..8513e6f0b1357
--- /dev/null
+++ b/docs/pages/admin-guides/management/diagnostics/diagnostics.mdx
@@ -0,0 +1,11 @@
+---
+title: Monitoring your Cluster
+description: Monitoring your Teleport deployment
+layout: tocless-doc
+---
+
+- [Health Monitoring](monitoring.mdx): How to monitor the health of a Teleport instance.
+- [Metrics](metrics.mdx): How to enable exporting Prometheus metrics.
+- [Collecting Profiles](profiles.mdx): How to collect runtime profiling data from a Teleport instance.
+- [Distributed Tracing](tracing.mdx): How to enable distributed tracing for a Teleport instance.
+
diff --git a/docs/pages/admin-guides/management/diagnostics/metrics.mdx b/docs/pages/admin-guides/management/diagnostics/metrics.mdx
index 3888390bcd795..f150e4d1fc3f7 100644
--- a/docs/pages/admin-guides/management/diagnostics/metrics.mdx
+++ b/docs/pages/admin-guides/management/diagnostics/metrics.mdx
@@ -199,6 +199,6 @@ guarantees](../../../upgrading/overview.mdx).
 We strongly encourage self-hosted Teleport users to enroll their Agents in
 automatic updates. You can track the count of Teleport Agents that are not
 enrolled in automatic updates using the metric, `teleport_enrolled_in_upgrades`.
-[Read the documentation](../../../upgrading.mdx) for how to enroll Agents in
+[Read the documentation](../../../upgrading/upgrading.mdx) for how to enroll Agents in
 automatic updates.
 
diff --git a/docs/pages/admin-guides/management/export-audit-events.mdx b/docs/pages/admin-guides/management/export-audit-events/export-audit-events.mdx
similarity index 81%
rename from docs/pages/admin-guides/management/export-audit-events.mdx
rename to docs/pages/admin-guides/management/export-audit-events/export-audit-events.mdx
index c287f63bb8c91..8a48fa02922bf 100644
--- a/docs/pages/admin-guides/management/export-audit-events.mdx
+++ b/docs/pages/admin-guides/management/export-audit-events/export-audit-events.mdx
@@ -10,7 +10,7 @@ You can use Teleport's Event Handler plugin to export audit events from Teleport
 so you can store them in a log management platform or custom backend.
 
 If you are new to exporting audit events with Teleport, read [Forwarding Events
-with Fluentd](./export-audit-events/fluentd.mdx) to learn the basics of how our
+with Fluentd](fluentd.mdx) to learn the basics of how our
 Event Handler plugin works. While this guide focuses on Fluentd, the Event
 Handler plugin can export audit events to any endpoint that ingests JSON
 messages via HTTP.
@@ -19,9 +19,10 @@ Next, read our guides to setting up the Event Handler plugin to export audit
 events to your solution of choice:
 
 - [Monitor Teleport Audit Events with the Elastic
-  Stack](./export-audit-events/elastic-stack.mdx): How to configure the Event
+  Stack](elastic-stack.mdx): How to configure the Event
   Handler plugin to forward Teleport audit logs to Logstash for ingestion in
   Elasticsearch so you can explore them in Kibana.
-- [Monitor Teleport Audit Events with Splunk](./export-audit-events/splunk.mdx):
+- [Monitor Teleport Audit Events with Splunk](splunk.mdx):
   How to configure the Event Handler plugin to send logs to Splunk's Universal
   Forwarder so you can explore your audit events in Splunk.
+
diff --git a/docs/pages/admin-guides/management/external-audit-storage.mdx b/docs/pages/admin-guides/management/external-audit-storage.mdx
index 9fc3d4f3f16a0..6f5d9c97d583e 100644
--- a/docs/pages/admin-guides/management/external-audit-storage.mdx
+++ b/docs/pages/admin-guides/management/external-audit-storage.mdx
@@ -154,7 +154,7 @@ recordings will be stored in your S3 bucket, and they will *not* be stored in
 the Teleport Cloud infrastructure.
 
 If you currently use the
-[Event Handler](export-audit-events.mdx) plugin to export
+[Event Handler](export-audit-events/export-audit-events.mdx) plugin to export
 events, it will follow the switch from the old to new backends and new events
 will continue to be exported. Only events emitted after the transition to
 External Audit Storage will be visible in the Teleport UI or accessible to
diff --git a/docs/pages/admin-guides/management/guides/ec2-tags.mdx b/docs/pages/admin-guides/management/guides/ec2-tags.mdx
index e89eddfdcb0e2..6c4c64cb381df 100644
--- a/docs/pages/admin-guides/management/guides/ec2-tags.mdx
+++ b/docs/pages/admin-guides/management/guides/ec2-tags.mdx
@@ -28,7 +28,7 @@ fakehost.example.com 127.0.0.1:3022 env=example,hostname=ip-172-31-53-70,aws/Nam
 
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 - One Teleport agent running on an Amazon EC2 instance. See
-  [our guides](../../../enroll-resources/agents/join-services-to-your-cluster.mdx) for how to set up Teleport agents.
+  [our guides](../../../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx) for how to set up Teleport agents.
 
 ## Enable tags in instance metadata
 
diff --git a/docs/pages/admin-guides/management/guides.mdx b/docs/pages/admin-guides/management/guides/guides.mdx
similarity index 68%
rename from docs/pages/admin-guides/management/guides.mdx
rename to docs/pages/admin-guides/management/guides/guides.mdx
index 66dc8665edf60..5724a24fd2930 100644
--- a/docs/pages/admin-guides/management/guides.mdx
+++ b/docs/pages/admin-guides/management/guides/guides.mdx
@@ -8,8 +8,9 @@ You can integrate Teleport with third-party tools in order to complete various
 tasks in your cluster. These guides describe Teleport integrations that are not
 documented elsewhere:
 
-  - [EC2 tags as Teleport Node labels](./guides/ec2-tags.mdx). How to set up
-    Teleport Node labels based on EC2 tags.
+  - [EC2 tags as Teleport agent labels](ec2-tags.mdx). How to set up
+    Teleport agent labels based on EC2 tags.
   - [Using Teleport's Certificate Authority with
-    GitHub](./guides/ssh-key-extensions.mdx). Use Teleport's short-lived
+    GitHub](ssh-key-extensions.mdx). Use Teleport's short-lived
     certificates with GitHub's Certificate Authority.
+
diff --git a/docs/pages/admin-guides/management/operations.mdx b/docs/pages/admin-guides/management/operations.mdx
deleted file mode 100644
index 602159573383b..0000000000000
--- a/docs/pages/admin-guides/management/operations.mdx
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: Operations
-description: Teleport Operations - Scaling and High-Availability.
-layout: tocless-doc
----
-
-The guides in this section show you how to carry out common administration tasks
-on an already running Teleport cluster.
-
-For guides on the fundamentals of setting up your cluster, you should consult
-the [Cluster Administration Guides](./admin.mdx) section.
-
-- [Scaling](./operations/scaling.mdx): How to configure Teleport for large-scale deployments.
-- [Backup and Restore](./operations/backup-restore.mdx): Backing up and restoring the cluster.
-- [CA Rotation](./operations/ca-rotation.mdx): Rotating Teleport certificate authorities.
-- [Database CA Rotation](./operations/db-ca-rotation.mdx): Rotating Teleport's `db` or `db_client` certificate authorities.
-- [TLS Routing Migration](./operations/tls-routing.mdx): Migrating your Teleport cluster to single-port TLS routing mode.
-- [Proxy Peering Migration](./operations/proxy-peering.mdx): Migrating your Teleport cluster to Proxy Peering mode.
-- [Database CA Migrations](./operations/db-ca-migrations.mdx): Completing Teleport's Database CA migrations.
diff --git a/docs/pages/admin-guides/management/operations/db-ca-rotation.mdx b/docs/pages/admin-guides/management/operations/db-ca-rotation.mdx
index 630167aff1697..2a2a24e5260ed 100644
--- a/docs/pages/admin-guides/management/operations/db-ca-rotation.mdx
+++ b/docs/pages/admin-guides/management/operations/db-ca-rotation.mdx
@@ -128,7 +128,7 @@ You do not need to reconfigure databases at this point if you are rotating only
 the `db` CA, although there is no harm in doing so.
 
 Consult the appropriate
-[Teleport Database Access Guide](../../../enroll-resources/database-access/guides.mdx) for your
+[Teleport Database Access Guide](../../../enroll-resources/database-access/guides/guides.mdx) for your
 databases before proceeding to the `update_clients` rotation phase.
 </Admonition>
 
@@ -172,7 +172,7 @@ lose access** to those databases after transitioning to the `standby` phase in
 this final step.
 
 To avoid down time, consult the appropriate
-[Teleport Database Access Guide](../../../enroll-resources/database-access/guides.mdx) and reconfigure
+[Teleport Database Access Guide](../../../enroll-resources/database-access/guides/guides.mdx) and reconfigure
 your databases before proceeding.
 Otherwise, access may still be restored by reconfiguring your self-hosted
 databases after this step.
diff --git a/docs/pages/admin-guides/management/operations/operations.mdx b/docs/pages/admin-guides/management/operations/operations.mdx
new file mode 100644
index 0000000000000..6225dcaa3bbac
--- /dev/null
+++ b/docs/pages/admin-guides/management/operations/operations.mdx
@@ -0,0 +1,16 @@
+---
+title: Operations
+description: Teleport Operations - Scaling and High-Availability.
+layout: tocless-doc
+---
+
+The guides in this section show you how to carry out common administration tasks
+on an already running Teleport cluster.
+
+- [Scaling](scaling.mdx): How to configure Teleport for large-scale deployments.
+- [Backup and Restore](backup-restore.mdx): Backing up and restoring the cluster.
+- [CA Rotation](ca-rotation.mdx): Rotating Teleport certificate authorities.
+- [Database CA Rotation](db-ca-rotation.mdx): Rotating Teleport's `db` or `db_client` certificate authorities.
+- [TLS Routing Migration](tls-routing.mdx): Migrating your Teleport cluster to single-port TLS routing mode.
+- [Proxy Peering Migration](proxy-peering.mdx): Migrating your Teleport cluster to Proxy Peering mode.
+- [Database CA Migrations](db-ca-migrations.mdx): Completing Teleport's Database CA migrations.
diff --git a/docs/pages/admin-guides/management/operations/tls-routing.mdx b/docs/pages/admin-guides/management/operations/tls-routing.mdx
index 657848187d9e0..d53f75ee4f97c 100644
--- a/docs/pages/admin-guides/management/operations/tls-routing.mdx
+++ b/docs/pages/admin-guides/management/operations/tls-routing.mdx
@@ -42,7 +42,7 @@ $ curl https://mytenant.teleport.sh/webapi/ping | jq '.proxy'
 
 Download Teleport from the [downloads page](https://goteleport.com/download) or
 your enterprise portal and follow the standard [upgrade
-procedure](../../../upgrading.mdx). Make sure to upgrade both root and leaf clusters
+procedure](../../../upgrading/upgrading.mdx). Make sure to upgrade both root and leaf clusters
 as well as `tsh` client.
 
 ## Step 2/7. Enable proxy multiplexing
diff --git a/docs/pages/admin-guides/management/security/reduce-blast-radius.mdx b/docs/pages/admin-guides/management/security/reduce-blast-radius.mdx
index 7397a25ec2bc9..dc20d1bf7643e 100644
--- a/docs/pages/admin-guides/management/security/reduce-blast-radius.mdx
+++ b/docs/pages/admin-guides/management/security/reduce-blast-radius.mdx
@@ -284,7 +284,7 @@ Two `user`s can grant elevated privileges to another `user` temporarily without
 - [Per-session MFA](../../access-controls/guides/per-session-mfa.mdx)
 - [Dual authorization](../../access-controls/guides/dual-authz.mdx)
 - [Role templates, allow/deny rules, and traits](../../access-controls/guides/role-templates.mdx)
-- [Access Requests](../../access-controls/access-requests.mdx)
+- [Access Requests](../../access-controls/access-requests/access-requests.mdx)
 
 ### Background reading
 - [Authentication connectors](../../../reference/access-controls/authentication.mdx)
diff --git a/docs/pages/admin-guides/management/security.mdx b/docs/pages/admin-guides/management/security/security.mdx
similarity index 76%
rename from docs/pages/admin-guides/management/security.mdx
rename to docs/pages/admin-guides/management/security/security.mdx
index 02f0cbf168111..ab9c62e9cc316 100644
--- a/docs/pages/admin-guides/management/security.mdx
+++ b/docs/pages/admin-guides/management/security/security.mdx
@@ -15,10 +15,10 @@ You should note that the security practices covered in this section aren't neces
 examples used in the documentation. Examples in the documentation are primarily intended for demonstration 
 purposes and for development environments.
 
-- [Restrict Access for Privileged Accounts](./security/restrict-privileges.mdx). Learn about potential 
-  risks of allowing privileged access and how to mitigate them.
-- [Reducing the Blast Radius of Attacks](./security/reduce-blast-radius.mdx).
+- [Restrict Access for Privileged Accounts](restrict-privileges.mdx). Learn about potential 
+   risks of allowing privileged access and how to mitigate them.
+- [Reducing the Blast Radius of Attacks](reduce-blast-radius.mdx).
   Prevent attackers from accessing your infrastructure even if they manage to
   obtain passwords or certificates.
-- [Revoking Access](./security/revoking-access.mdx). Revoke access in the event
+- [Revoking Access](revoking-access.mdx). Revoke access in the event
   of a compromise.
diff --git a/docs/pages/ai-assist.mdx b/docs/pages/ai-assist.mdx
index 94bf345c043a1..b7eb60bc754ed 100644
--- a/docs/pages/ai-assist.mdx
+++ b/docs/pages/ai-assist.mdx
@@ -139,4 +139,4 @@ our documentation.
 - [Server Access](enroll-resources/server-access/introduction.mdx)
 - [Access controls](admin-guides/access-controls/getting-started.mdx)
 - [Resource filtering](reference/predicate-language.mdx)
-- [Access Request plugins](admin-guides/access-controls/access-request-plugins.mdx)
+- [Access Request plugins](admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx)
diff --git a/docs/pages/connect-your-client/gui-clients.mdx b/docs/pages/connect-your-client/gui-clients.mdx
index f82a2cd7bc38e..519f9b7acb346 100644
--- a/docs/pages/connect-your-client/gui-clients.mdx
+++ b/docs/pages/connect-your-client/gui-clients.mdx
@@ -14,7 +14,7 @@ work with Teleport.
 
 - (!docs/pages/includes/tctl.mdx!)
 - The Teleport Database Service configured to access a database. See one of our
-  [guides](../enroll-resources/database-access/guides.mdx) for how to set up the Teleport
+  [guides](../enroll-resources/database-access/guides/guides.mdx) for how to set up the Teleport
   Database Service for your database.
 
 ### Get connection information
diff --git a/docs/pages/connect-your-client/tsh.mdx b/docs/pages/connect-your-client/tsh.mdx
index 751985a9025d7..5fbb5c1432eab 100644
--- a/docs/pages/connect-your-client/tsh.mdx
+++ b/docs/pages/connect-your-client/tsh.mdx
@@ -1136,4 +1136,4 @@ To remove `tsh` and associated user data see
 [Uninstalling Teleport](../admin-guides/management/admin/uninstall-teleport.mdx).
 
 ## Further reading
-- [CLI Reference](../reference/cli.mdx).
+- [CLI Reference](../reference/cli/cli.mdx).
diff --git a/docs/pages/contributing/documentation.mdx b/docs/pages/contributing/documentation/documentation.mdx
similarity index 76%
rename from docs/pages/contributing/documentation.mdx
rename to docs/pages/contributing/documentation/documentation.mdx
index e0e994f402dea..5b9ef11a3e155 100644
--- a/docs/pages/contributing/documentation.mdx
+++ b/docs/pages/contributing/documentation/documentation.mdx
@@ -24,14 +24,14 @@ the kind of documentation we want to transform our current documentation into.
 
 </Admonition>
 
-- [How to Contribute to the Teleport Documentation](./documentation/how-to-contribute.mdx) describes 
+- [How to Contribute to the Teleport Documentation](how-to-contribute.mdx) describes 
   how to set up a local environment and contribute changes to the Teleport documentation.
-- [How to Review Documentation Changes](./documentation/reviewing-docs.mdx) explains how to
+- [How to Review Documentation Changes](reviewing-docs.mdx) explains how to
   set up a development server to preview documentation changes so you can review pull
   requests.
-- [Documentation UI Components](./documentation/reference.mdx) provides reference 
+- [Documentation UI Components](reference.mdx) provides reference 
   information for how to include user interface components in Teleport documentation.
-- [Style Guide](./documentation/style-guide.mdx) describes the documentation principles and 
+- [Style Guide](style-guide.mdx) describes the documentation principles and 
   conventions to follow to ensure contributions are consistent and effective.
-- [Creating Documentation Issues](./documentation/issues.mdx) offers guidelines for
+- [Creating Documentation Issues](issues.mdx) offers guidelines for
   creating issues on GitHub to request changes to Teleport documentation.
diff --git a/docs/pages/core-concepts.mdx b/docs/pages/core-concepts.mdx
index 1661824926cfb..1803c40dcdcae 100644
--- a/docs/pages/core-concepts.mdx
+++ b/docs/pages/core-concepts.mdx
@@ -195,7 +195,7 @@ subject of the certificate—including its username and Teleport roles—to
 authorize the user.  
 
 Read more about [local users](reference/access-controls/authentication.mdx) and how [SSO
-authentication works in Teleport](admin-guides/access-controls/sso.mdx).
+authentication works in Teleport](admin-guides/access-controls/sso/sso.mdx).
 
 ### Authentication connector
 
diff --git a/docs/pages/enroll-resources/agents/deploy-agents-terraform.mdx b/docs/pages/enroll-resources/agents/deploy-agents-terraform.mdx
index f696eb9aee750..25c723b9776d2 100644
--- a/docs/pages/enroll-resources/agents/deploy-agents-terraform.mdx
+++ b/docs/pages/enroll-resources/agents/deploy-agents-terraform.mdx
@@ -13,9 +13,10 @@ machines by declaring it as code using Terraform.
 
 There are several methods you can use to join a Teleport agent to your cluster,
 which we discuss in the [Joining Services to your
-Cluster](join-services-to-your-cluster.mdx) guide. In this guide, we will use
-the **join token** method, where the operator stores a secure token on the Auth
-Service, and an agent presents the token in order to join a cluster.
+Cluster](join-services-to-your-cluster/join-services-to-your-cluster.mdx) guide.
+In this guide, we will use the **join token** method, where the operator stores
+a secure token on the Auth Service, and an agent presents the token in order to
+join a cluster.
 
 No matter which join method you use, it will involve the following Terraform
 resources:
@@ -56,7 +57,7 @@ a demo cluster using:
 
 - An identity file for the Teleport Terraform provider. Make sure you are
   familiar with [how to set up the Teleport Terraform
-  provider](../../admin-guides/infrastructure-as-code/terraform-provider.mdx) before
+  provider](../../admin-guides/infrastructure-as-code/terraform-provider/terraform-provider.mdx) before
   following this guide.
 
 - (!docs/pages/includes/tctl.mdx!)
diff --git a/docs/pages/enroll-resources/agents/introduction.mdx b/docs/pages/enroll-resources/agents/introduction.mdx
index 344dc8b656cbc..3d8f8bfb42769 100644
--- a/docs/pages/enroll-resources/agents/introduction.mdx
+++ b/docs/pages/enroll-resources/agents/introduction.mdx
@@ -46,7 +46,7 @@ Teleport agents need to establish trust with the Teleport Auth Service in order
 to join a cluster. There are several ways to join an agent to your Teleport
 cluster, making it possible to automate the join process for your environment.
 Read about the available join methods in our [Join Services to your
-Cluster](./join-services-to-your-cluster.mdx) guides.
+Cluster](join-services-to-your-cluster/join-services-to-your-cluster.mdx) guides.
 
 When a Teleport process first runs, it checks its configuration file to
 determine which services are enabled. Each service then connects separately to
@@ -88,7 +88,7 @@ There are two ways to enroll infrastructure resources with Teleport agents:
 - **Static**: Edit an agent's configuration file to configure a specific
    infrastructure resource to proxy.
 - **Dynamic**: Apply a [configuration
-   resource](../../admin-guides/infrastructure-as-code.mdx) that configures a resource to
+   resource](../../admin-guides/infrastructure-as-code/infrastructure-as-code.mdx) that configures a resource to
    proxy.
 
 The dynamic method allows Teleport to discover resources automatically.  The
diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster.mdx
deleted file mode 100644
index caa23b19d00d1..0000000000000
--- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster.mdx
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Join Services to your Teleport Cluster
-description: How to register the Proxy Service, Database Service, and other Teleport services with your cluster.
----
-
-A **Teleport service** manages access to resources in your infrastructure, such
-as Kubernetes clusters, Windows desktops, internal web applications, and
-databases. A single **Teleport process** can run multiple Teleport services.
-
-There are multiple methods you can use to join a Teleport process to your
-cluster in order to run Teleport services, including an instance of the Proxy
-Service. Choose the method that best suits your infrastructure:
-
-|Method|Description|When to use|
-|------|-----------|-----------|
-|[EC2 Identity Document](./join-services-to-your-cluster/aws-ec2.mdx)|A Teleport process running on an EC2 instance authenticates to your cluster via a signed EC2 instance identity document.|Your Teleport process will run on EC2 and your Teleport cluster is self hosted.|
-|[AWS IAM](./join-services-to-your-cluster/aws-iam.mdx)|A Teleport process uses AWS credentials to join the cluster, whether running on EC2 or not.|At least some of your infrastructure runs on AWS.|
-|[Azure Managed Identity](./join-services-to-your-cluster/azure.mdx)|A Teleport process demonstrates that it runs in your Azure subscription by sending a signed attested data document and access token to the Teleport Auth Service.|Your Teleport process will run on Azure.|
-|[Kubernetes ServiceAccount](./join-services-to-your-cluster/kubernetes.mdx)|A Teleport process uses a Kubernetes-signed proof to establish a trust relationship with your Teleport cluster.|Your Teleport process will run on Kubernetes.|
-|[GCP IAM](./join-services-to-your-cluster/gcp.mdx)|A Teleport process uses a GCP-signed token to establish a trust relationship with your Teleport cluster.|Your Teleport process will run on a GCP VM.|
-|[Join Token](./join-services-to-your-cluster/join-token.mdx)|A Teleport process presents a join token provided when starting the service.|There is no other supported method for your cloud provider.|
-
diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx
index 499c9d0938535..551395ee186bb 100644
--- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx
+++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx
@@ -12,7 +12,7 @@ Azure Virtual Machine. Support for joining a cluster with the Proxy Service
 behind a layer 7 load balancer or reverse proxy is available in Teleport 13.0+.
 
 For other methods of joining a Teleport process to a cluster, see [Joining
-Teleport Services to a Cluster](../join-services-to-your-cluster.mdx).
+Teleport Services to a Cluster](join-services-to-your-cluster.mdx).
 
 ## Prerequisites
 
diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx
new file mode 100644
index 0000000000000..c2443619e1517
--- /dev/null
+++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx
@@ -0,0 +1,22 @@
+---
+title: Join Services to your Teleport Cluster
+description: How to register the Proxy Service, Database Service, and other Teleport services with your cluster.
+---
+
+A **Teleport service** manages access to resources in your infrastructure, such
+as Kubernetes clusters, Windows desktops, internal web applications, and
+databases. A single **Teleport process** can run multiple Teleport services.
+
+There are multiple methods you can use to join a Teleport process to your
+cluster in order to run Teleport services, including an instance of the Proxy
+Service. Choose the method that best suits your infrastructure:
+
+|Method|Description|When to use|
+|------|-----------|-----------|
+|[EC2 Identity Document](aws-ec2.mdx)|A Teleport process running on an EC2 instance authenticates to your cluster via a signed EC2 instance identity document.|Your Teleport process will run on EC2 and your Teleport cluster is self hosted.|
+|[AWS IAM](aws-iam.mdx)|A Teleport process uses AWS credentials to join the cluster, whether running on EC2 or not.|At least some of your infrastructure runs on AWS.|
+|[Azure Managed Identity](azure.mdx)|A Teleport process demonstrates that it runs in your Azure subscription by sending a signed attested data document and access token to the Teleport Auth Service.|Your Teleport process will run on Azure.|
+|[Kubernetes ServiceAccount](kubernetes.mdx)|A Teleport process uses a Kubernetes-signed proof to establish a trust relationship with your Teleport cluster.|Your Teleport process will run on Kubernetes.|
+|[GCP IAM](gcp.mdx)|A Teleport process uses a GCP-signed token to establish a trust relationship with your Teleport cluster.|Your Teleport process will run on a GCP VM.|
+|[Join Token](join-token.mdx)|A Teleport process presents a join token provided when starting the service.|There is no other supported method for your cloud provider.|
+
diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx
index 4372887169ab6..38d70223dbd13 100644
--- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx
+++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx
@@ -27,7 +27,7 @@ as the Auth Service.
 ## Prerequisites
 
 - A running Teleport cluster in Kubernetes. For details on how to set this up,
-  see [Guides for running Teleport using Helm](../../../admin-guides/deploy-a-cluster/helm-deployments.mdx).
+  see [Guides for running Teleport using Helm](../../../admin-guides/deploy-a-cluster/helm-deployments/helm-deployments.mdx).
 - Editor access to the Kubernetes cluster running the Teleport cluster.
   You must be able to create Namespaces and Deployments.
 - A Teleport user with `access` role, or any other role that allows access to
@@ -240,5 +240,5 @@ namespace "teleport-agent" deleted
 
 - The possible values for `teleport-kube-agent` chart are documented
   [in its reference](../../../reference/helm-reference/teleport-kube-agent.mdx).
-- See [Application Access Guides](../../application-access/guides.mdx)
-- See [Database Access Guides](../../database-access/guides.mdx)
+- See [Application Access Guides](../../application-access/guides/guides.mdx)
+- See [Database Access Guides](../../database-access/guides/guides.mdx)
diff --git a/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx b/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx
index b6b3fd16627a3..71ad6cccb8a4c 100644
--- a/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx
+++ b/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx
@@ -809,7 +809,7 @@ applications](../guides/dynamic-registration.mdx).
 This guide shows you how to use the **join token method** to enroll the Teleport
 Application Service in your cluster. This is one of several available methods,
 and we recommend reading the [Join Services to your Teleport
-Cluster](../../agents/join-services-to-your-cluster.mdx) guide to configure the
+Cluster](../../agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx) guide to configure the
 most appropriate method for your environment.
 
 ## Further reading
diff --git a/docs/pages/enroll-resources/application-access/cloud-apis/azure.mdx b/docs/pages/enroll-resources/application-access/cloud-apis/azure.mdx
index e91ad6c96405e..bb4facb76aef8 100644
--- a/docs/pages/enroll-resources/application-access/cloud-apis/azure.mdx
+++ b/docs/pages/enroll-resources/application-access/cloud-apis/azure.mdx
@@ -538,7 +538,7 @@ background and uses it to execute the command.
   longstanding admin roles for attackers to hijack. View our documentation on
   [Role Access
   Requests](../../../admin-guides/access-controls/access-requests/role-requests.mdx) and
-  [Access Request plugins](../../../admin-guides/access-controls/access-request-plugins.mdx).
+  [Access Request plugins](../../../admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx).
 - Consult the Azure documentation for information about [Azure managed
   identities](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview)
   and how to [manage user-assigned managed
diff --git a/docs/pages/enroll-resources/application-access/cloud-apis.mdx b/docs/pages/enroll-resources/application-access/cloud-apis/cloud-apis.mdx
similarity index 80%
rename from docs/pages/enroll-resources/application-access/cloud-apis.mdx
rename to docs/pages/enroll-resources/application-access/cloud-apis/cloud-apis.mdx
index 4a5505b5ef6bc..0a9cc948028cb 100644
--- a/docs/pages/enroll-resources/application-access/cloud-apis.mdx
+++ b/docs/pages/enroll-resources/application-access/cloud-apis/cloud-apis.mdx
@@ -15,8 +15,6 @@ longstanding admin accounts to target.
 
 Learn how to protect your cloud provider APIs with Teleport:
 
-- [AWS (console and CLI applications)](./cloud-apis/aws-console.mdx)
-- [Azure CLI applications](./cloud-apis/azure.mdx)
-- [Google Cloud CLI applications](./cloud-apis/google-cloud.mdx)
-
-
+- [AWS (console and CLI applications)](aws-console.mdx)
+- [Azure CLI applications](azure.mdx)
+- [Google Cloud CLI applications](google-cloud.mdx)
diff --git a/docs/pages/enroll-resources/application-access/cloud-apis/google-cloud.mdx b/docs/pages/enroll-resources/application-access/cloud-apis/google-cloud.mdx
index 4cb993b5c7e29..a48c6d1a8ac04 100644
--- a/docs/pages/enroll-resources/application-access/cloud-apis/google-cloud.mdx
+++ b/docs/pages/enroll-resources/application-access/cloud-apis/google-cloud.mdx
@@ -631,7 +631,7 @@ command.
   temporarily, with no longstanding admin roles for attackers to hijack. View
   our documentation on [Role Access
   Requests](../../../admin-guides/access-controls/access-requests/role-requests.mdx) and [Access
-  Request plugins](../../../admin-guides/access-controls/access-request-plugins.mdx).
+  Request plugins](../../../admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx).
 - You can proxy any `gcloud` or `gsutil` command via Teleport. For a full
   reference of commands, view the Google Cloud documentation for
   [`gcloud`](https://cloud.google.com/sdk/gcloud/reference) and
diff --git a/docs/pages/enroll-resources/application-access/controls.mdx b/docs/pages/enroll-resources/application-access/controls.mdx
index ee3fa03b7f0f6..8ed46d000aa2b 100644
--- a/docs/pages/enroll-resources/application-access/controls.mdx
+++ b/docs/pages/enroll-resources/application-access/controls.mdx
@@ -133,12 +133,12 @@ for more information on enabling access to Azure managed identities.
 ## Next steps
 
 - View access controls [Getting Started](../../admin-guides/access-controls/getting-started.mdx)
-  and other available [guides](../../admin-guides/access-controls/guides.mdx).
+  and other available [guides](../../admin-guides/access-controls/guides/guides.mdx).
 - For full details on how Teleport populates the `internal` and `external`
   traits we illustrated in this guide, see the [Teleport Access
   Controls Reference](../../reference/access-controls/roles.mdx).
 - View access controls [Getting Started](../../admin-guides/access-controls/getting-started.mdx)
-  and other available [guides](../../admin-guides/access-controls/guides.mdx).
+  and other available [guides](../../admin-guides/access-controls/guides/guides.mdx).
 - Learn about using [JWT tokens](./jwt/introduction.mdx) to implement access
   controls in your application.
 - Integrate with your identity provider:
diff --git a/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications.mdx b/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/enroll-kubernetes-applications.mdx
similarity index 80%
rename from docs/pages/enroll-resources/application-access/enroll-kubernetes-applications.mdx
rename to docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/enroll-kubernetes-applications.mdx
index 38f96ec67e768..097a4106c7652 100644
--- a/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications.mdx
+++ b/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/enroll-kubernetes-applications.mdx
@@ -16,11 +16,11 @@ applications, and registers these applications with your cluster. The Teleport
 Application Service then detects the new application resources and proxies user
 traffic to them.
 
-- [Get started](./enroll-kubernetes-applications/get-started.mdx): Set up automatic
+- [Get started](get-started.mdx): Set up automatic
   application discovery with the `teleport-kube-agent` Helm chart.
-- [Architecture](../../reference/architecture/kubernetes-applications-architecture.mdx): Learn how
+- [Architecture](../../../reference/architecture/kubernetes-applications-architecture.mdx): Learn how
   automatic application discovery works.
-- [Reference](../../reference/agent-services/kubernetes-application-discovery.mdx): Consult this guide
+- [Reference](../../../reference/agent-services/kubernetes-application-discovery.mdx): Consult this guide
   for options and Kubernetes annotations you can use to configure automatic
   Kubernetes application discovery.
 
diff --git a/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/kubernetes-applications.mdx b/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/kubernetes-applications.mdx
new file mode 100644
index 0000000000000..097a4106c7652
--- /dev/null
+++ b/docs/pages/enroll-resources/application-access/enroll-kubernetes-applications/kubernetes-applications.mdx
@@ -0,0 +1,26 @@
+---
+title: "Enroll Kubernetes Services as Teleport Applications"
+description: "Teleport can automatically detect applications running in your Kubernetes clusters and register them with Teleport for secure access."
+---
+
+Teleport can automatically detect applications running in your Kubernetes
+clusters and register them with your Teleport cluster. In this setup, users with
+Kubernetes-hosted infrastructure can configure secure access to any new
+applications they deploy with no need for manual intervention beyond the initial
+setup step.
+
+To enroll Kubernetes applications automatically, your Teleport cluster requires
+the Teleport Discovery Service and Teleport Application Service. The Teleport
+Discovery Service queries your Kubernetes clusters to detect running
+applications, and registers these applications with your cluster. The Teleport
+Application Service then detects the new application resources and proxies user
+traffic to them.
+
+- [Get started](get-started.mdx): Set up automatic
+  application discovery with the `teleport-kube-agent` Helm chart.
+- [Architecture](../../../reference/architecture/kubernetes-applications-architecture.mdx): Learn how
+  automatic application discovery works.
+- [Reference](../../../reference/agent-services/kubernetes-application-discovery.mdx): Consult this guide
+  for options and Kubernetes annotations you can use to configure automatic
+  Kubernetes application discovery.
+
diff --git a/docs/pages/enroll-resources/application-access/guides.mdx b/docs/pages/enroll-resources/application-access/guides.mdx
deleted file mode 100644
index 96f2ec2807276..0000000000000
--- a/docs/pages/enroll-resources/application-access/guides.mdx
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: Application Access Guides
-description: Guides for configuring Teleport application access.
-layout: tocless-doc
----
-
-These guides explain how to use the Teleport Application Service, which allows
-your teams to connect to applications within private networks with fine-grained
-RBAC and audit logging.
-
-Manage access to internal applications:
-
-- [Web App Access](./guides/connecting-apps.mdx): How to access web apps with Teleport.
-- [TCP App Access](./guides/tcp.mdx): How to access plain TCP apps with Teleport.
-- [API Access](./guides/api-access.mdx): How to access REST APIs with Teleport.
-- [Dynamic Registration](./guides/dynamic-registration.mdx): Register/unregister apps without restarting Teleport.
-- [Amazon Athena Access](./guides/amazon-athena.mdx): How to access Amazon Athena with Teleport.
-- [Amazon DynamoDB Access](./guides/dynamodb.mdx): How to access Amazon DynamoDB as an application.
-- [Application Access HA](./guides/ha.mdx): How to configure the Teleport Application Service for high availability. 
diff --git a/docs/pages/enroll-resources/application-access/guides/dynamic-registration.mdx b/docs/pages/enroll-resources/application-access/guides/dynamic-registration.mdx
index 3f5b195b5049e..8b1ae98838a9e 100644
--- a/docs/pages/enroll-resources/application-access/guides/dynamic-registration.mdx
+++ b/docs/pages/enroll-resources/application-access/guides/dynamic-registration.mdx
@@ -11,11 +11,6 @@ Application Service instances periodically query the Teleport Auth Service for
 `app` resources, each of which includes the information that the Application
 Service needs to proxy an application. 
 
-Dynamic registration is useful for [managing pools of Application Service
-instances](../../agents/deploy-agents-terraform.mdx). And behind the scenes, the
-Teleport Discovery Service uses dynamic registration to [register Kubernetes
-applications](../enroll-kubernetes-applications.mdx).
-
 ## Required permissions
 
 In order to interact with dynamically registered applications, a user must have
diff --git a/docs/pages/enroll-resources/application-access/guides/guides.mdx b/docs/pages/enroll-resources/application-access/guides/guides.mdx
new file mode 100644
index 0000000000000..3c33e215cd6ff
--- /dev/null
+++ b/docs/pages/enroll-resources/application-access/guides/guides.mdx
@@ -0,0 +1,19 @@
+---
+title: Application Access Guides
+description: Guides for configuring Teleport application access.
+layout: tocless-doc
+---
+
+These guides explain how to use the Teleport Application Service, which allows
+your teams to connect to applications within private networks with fine-grained
+RBAC and audit logging.
+
+Manage access to internal applications:
+
+- [Web App Access](connecting-apps.mdx): How to access web apps with Teleport.
+- [TCP App Access](tcp.mdx): How to access plain TCP apps with Teleport.
+- [API Access](api-access.mdx): How to access REST APIs with Teleport.
+- [Dynamic Registration](dynamic-registration.mdx): Register/unregister apps without restarting Teleport.
+- [Amazon Athena Access](amazon-athena.mdx): How to access Amazon Athena with Teleport.
+- [Amazon DynamoDB Access](dynamodb.mdx): How to access Amazon DynamoDB as an application.
+- [Application Access HA](ha.mdx): How to configure the Teleport Application Service for high availability. 
diff --git a/docs/pages/enroll-resources/application-access/introduction.mdx b/docs/pages/enroll-resources/application-access/introduction.mdx
index d42a4d6e47f92..92636bc8e8fce 100644
--- a/docs/pages/enroll-resources/application-access/introduction.mdx
+++ b/docs/pages/enroll-resources/application-access/introduction.mdx
@@ -56,7 +56,7 @@ These guides explain how to protect internal applications with Teleport:
 ## Automatically enroll Kubernetes applications 
 
 If you are running applications on Kubernetes, you can [enroll them in your
-Teleport cluster automatically](./enroll-kubernetes-applications.mdx).
+Teleport cluster automatically](enroll-kubernetes-applications/enroll-kubernetes-applications.mdx).
 
 ## Teleport-signed JSON Web Tokens
 
@@ -73,4 +73,4 @@ can access Okta applications through the Teleport Web UI and `tsh`, and
 administrators can manage access to these applications by defining RBAC policies
 in Teleport roles.
 
-Learn more about the [Teleport Okta integration](./okta.mdx).
+Learn more about the [Teleport Okta integration](okta/okta.mdx).
diff --git a/docs/pages/enroll-resources/application-access/jwt.mdx b/docs/pages/enroll-resources/application-access/jwt/jwt.mdx
similarity index 62%
rename from docs/pages/enroll-resources/application-access/jwt.mdx
rename to docs/pages/enroll-resources/application-access/jwt/jwt.mdx
index b1574b11aa7a6..aab990bf03f89 100644
--- a/docs/pages/enroll-resources/application-access/jwt.mdx
+++ b/docs/pages/enroll-resources/application-access/jwt/jwt.mdx
@@ -8,5 +8,5 @@ These guides explain how web apps behind the Teleport Application Service can
 leverage Teleport-signed JWT tokens to implement authentication and
 authorization.
 
-- [Introduction](./jwt/introduction.mdx): Introduction to JWT tokens with application access.
-- [Elasticsearch](./jwt/elasticsearch.mdx): How to use JWT authentication with Elasticsearch.
+- [Introduction](introduction.mdx): Introduction to JWT tokens with application access.
+- [Elasticsearch](elasticsearch.mdx): How to use JWT authentication with Elasticsearch.
diff --git a/docs/pages/enroll-resources/application-access/okta.mdx b/docs/pages/enroll-resources/application-access/okta.mdx
deleted file mode 100644
index 11bf968f47bef..0000000000000
--- a/docs/pages/enroll-resources/application-access/okta.mdx
+++ /dev/null
@@ -1,12 +0,0 @@
----
-title: Okta Integration with Application Access
-description: Guides for using Teleport Okta integration.
-layout: tocless-doc
----
-
-Configure Teleport to import and grant access to Okta applications and user groups.
-
-- [Setting up the Okta Service](./okta/guide.mdx): A guide for setting up a simple Okta service in Teleport.
-- [Architecture](./okta/architecture.mdx): The architecture of the Okta service.
-- [Reference](../../reference/agent-services/okta.mdx): A reference for the Okta service.
-
diff --git a/docs/pages/enroll-resources/application-access/okta/okta.mdx b/docs/pages/enroll-resources/application-access/okta/okta.mdx
new file mode 100644
index 0000000000000..00912982f79f1
--- /dev/null
+++ b/docs/pages/enroll-resources/application-access/okta/okta.mdx
@@ -0,0 +1,12 @@
+---
+title: Okta Integration with Application Access
+description: Guides for using Teleport Okta integration.
+layout: tocless-doc
+---
+
+Configure Teleport to import and grant access to Okta applications and user groups.
+
+- [Setting up the Okta Service](guide.mdx): A guide for setting up a simple Okta service in Teleport.
+- [Architecture](architecture.mdx): The architecture of the Okta service.
+- [Reference](../../../reference/agent-services/okta.mdx): A reference for the Okta service.
+
diff --git a/docs/pages/enroll-resources/database-access/architecture.mdx b/docs/pages/enroll-resources/database-access/architecture.mdx
index beeb268bf05cd..53a9f0a42e4fe 100644
--- a/docs/pages/enroll-resources/database-access/architecture.mdx
+++ b/docs/pages/enroll-resources/database-access/architecture.mdx
@@ -128,7 +128,7 @@ databases hosted by AWS.
 Teleport Database Service uses client certificate authentication with self-hosted
 database servers.
 
-See respective [guides](./guides.mdx) for details on configuring client
+See respective [guides](guides/guides.mdx) for details on configuring client
 certificate authentication.
 
 #### Cloud-hosted
@@ -137,7 +137,7 @@ Teleport Database Service uses IAM authentication for Amazon-hosted and
 Google-Cloud-hosted database servers, and uses Active Directory authentication
 for Azure-hosted database servers.
 
-See respective [guides](./guides.mdx) for details on configuring IAM/AD
+See respective [guides](guides/guides.mdx) for details on configuring IAM/AD
 authentication.
 
 ## Discovery
diff --git a/docs/pages/enroll-resources/database-access/auto-user-provisioning.mdx b/docs/pages/enroll-resources/database-access/auto-user-provisioning.mdx
deleted file mode 100644
index f04d14b1278d1..0000000000000
--- a/docs/pages/enroll-resources/database-access/auto-user-provisioning.mdx
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: Database Automatic User Provisioning 
-description: Configure automatic user provisioning for databases.
----
-
-(!docs/pages/includes/database-access/auto-user-provisioning/intro.mdx!)
-
-Currently, automatic user provisioning is supported for the following databases:
-- [Self-hosted and AWS RDS PostgreSQL databases](./auto-user-provisioning/postgres.mdx)
-- [Self-hosted and AWS RDS MySQL databases](./auto-user-provisioning/mysql.mdx)
-- [Self-hosted and AWS RDS MariaDB databases](./auto-user-provisioning/mariadb.mdx)
-- [AWS Redshift databases](./auto-user-provisioning/aws-redshift.mdx)
-- [Self-hosted MongoDB](./auto-user-provisioning/mongodb.mdx)
diff --git a/docs/pages/enroll-resources/database-access/auto-user-provisioning/auto-user-provisioning.mdx b/docs/pages/enroll-resources/database-access/auto-user-provisioning/auto-user-provisioning.mdx
new file mode 100644
index 0000000000000..cfe99bfb4c339
--- /dev/null
+++ b/docs/pages/enroll-resources/database-access/auto-user-provisioning/auto-user-provisioning.mdx
@@ -0,0 +1,16 @@
+---
+title: Database Automatic User Provisioning 
+description: Configure automatic user provisioning for databases.
+---
+
+(!docs/pages/includes/database-access/auto-user-provisioning/intro.mdx!)
+
+Currently, automatic user provisioning is supported for the following databases:
+- [PostgreSQL databases (self-hosted and Amazon RDS)](postgres.mdx)
+- [MySQL databases (self-hosted and Amazon RDS)](mysql.mdx)
+- [MariaDB databases (self-hosted and Amazon RDS)](mariadb.mdx)
+- [Amazon Redshift databases](aws-redshift.mdx)
+- [MongoDB databases (self-hosted)](mongodb.mdx)
+
+
+
diff --git a/docs/pages/enroll-resources/database-access/database-access.mdx b/docs/pages/enroll-resources/database-access/database-access.mdx
index 850266b192d6a..f4dab9b131b02 100644
--- a/docs/pages/enroll-resources/database-access/database-access.mdx
+++ b/docs/pages/enroll-resources/database-access/database-access.mdx
@@ -11,7 +11,7 @@ Some of the things you can do with database access:
 - Enable users to retrieve short-lived database certificates using a Single Sign-On
   flow, thus maintaining their organization-wide identity.
 - Configure role-based access controls for databases and implement custom
-  [Access Request](../../admin-guides/access-controls/access-requests.mdx) workflows.
+  [Access Request](../../admin-guides/access-controls/access-requests/access-requests.mdx) workflows.
 - Capture database activity in the Teleport audit log.
 
 Teleport protects databases through the Teleport Database Service, which is a
diff --git a/docs/pages/enroll-resources/database-access/faq.mdx b/docs/pages/enroll-resources/database-access/faq.mdx
index 59ab92704e03f..eaf628f7fbf4e 100644
--- a/docs/pages/enroll-resources/database-access/faq.mdx
+++ b/docs/pages/enroll-resources/database-access/faq.mdx
@@ -29,7 +29,7 @@ For PostgreSQL and MySQL, the following Cloud-hosted versions are supported in a
 - Google Cloud SQL
 - Azure Database
 
-See the available [guides](./guides.mdx) for all supported configurations.
+See the available [guides](guides/guides.mdx) for all supported configurations.
 
 ## Which PostgreSQL protocol features are not supported?
 
diff --git a/docs/pages/enroll-resources/database-access/getting-started.mdx b/docs/pages/enroll-resources/database-access/getting-started.mdx
index 3249d7ada471e..2ea177df6b973 100644
--- a/docs/pages/enroll-resources/database-access/getting-started.mdx
+++ b/docs/pages/enroll-resources/database-access/getting-started.mdx
@@ -239,8 +239,8 @@ $ tsh db connect --db-user=alice --db-name postgres aurora
 For the next steps, dive deeper into the topics relevant to your Database
 Access use-case, for example:
 
-- Check out configuration [guides](./guides.mdx).
+- Check out configuration [guides](guides/guides.mdx).
 - Learn how to configure [GUI clients](../../connect-your-client/gui-clients.mdx).
-- Learn about database access [role-based access control](./rbac.mdx).
+- Learn about database access [role-based access control](rbac/rbac.mdx).
 - See [frequently asked questions](./faq.mdx).
 
diff --git a/docs/pages/enroll-resources/database-access/guides/aws-cross-account.mdx b/docs/pages/enroll-resources/database-access/guides/aws-cross-account.mdx
index fd8d766c9fc0e..d91eac7e6435d 100644
--- a/docs/pages/enroll-resources/database-access/guides/aws-cross-account.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/aws-cross-account.mdx
@@ -30,8 +30,7 @@ Teleport Database Service to connect to the databases.
 
 This guide does not cover AWS network configuration, because it depends on your
 specific AWS network setup and the kind(s) of AWS databases you wish to connect
-to Teleport. For more information, see:
-[how to connect your database](../guides.mdx#how-to-connect-your-database-to-teleport).
+to Teleport.
 </Admonition>
 
 ## Teleport configuration
@@ -232,4 +231,4 @@ role, then the trust policy might look like:
 
 ## Next steps
 
-- Get started by [connecting](../guides.mdx) your database.
+- Get started by [connecting](../guides/guides.mdx) your database.
diff --git a/docs/pages/enroll-resources/database-access/guides/aws-discovery.mdx b/docs/pages/enroll-resources/database-access/guides/aws-discovery.mdx
index 61cbbe46a30a4..2e72f7c0854e2 100644
--- a/docs/pages/enroll-resources/database-access/guides/aws-discovery.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/aws-discovery.mdx
@@ -168,5 +168,5 @@ tag to the AWS database resource.
 ## Next
 - Learn about [Dynamic Registration](./dynamic-registration.mdx) by the
   Teleport Database Service.
-- Get started by [connecting](../guides.mdx) your database.
-- Connect AWS databases in [external AWS accounts](./aws-cross-account.mdx).
+- Get started by [connecting](../../database-access/guides/guides.mdx) your database.
+
diff --git a/docs/pages/enroll-resources/database-access/guides/dynamic-registration.mdx b/docs/pages/enroll-resources/database-access/guides/dynamic-registration.mdx
index 92e6204aafc3f..4f94ebf80c400 100644
--- a/docs/pages/enroll-resources/database-access/guides/dynamic-registration.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/dynamic-registration.mdx
@@ -121,10 +121,9 @@ $ tctl rm db/example
 ```
 
 Aside from `tctl`, dynamic resources can also be added by:
-- [AWS Discovery](./aws-discovery.mdx)
-- [Terraform Provider](../../../admin-guides/infrastructure-as-code/terraform-provider.mdx)
-- [Kubernetes Operator](../../../admin-guides/infrastructure-as-code/teleport-operator.mdx)
+- [Terraform Provider](../../../admin-guides/infrastructure-as-code/terraform-provider/terraform-provider.mdx)
+- [Kubernetes Operator](../../../admin-guides/infrastructure-as-code/teleport-operator/teleport-operator.mdx)
 - [Teleport API](../../../admin-guides/api/api.mdx)
 
-See [Using Dynamic Resources](../../../admin-guides/infrastructure-as-code.mdx) to learn
+See [Using Dynamic Resources](../../../admin-guides/infrastructure-as-code/infrastructure-as-code.mdx) to learn
 more about managing Teleport's dynamic resources in general.
diff --git a/docs/pages/enroll-resources/database-access/guides/elastic.mdx b/docs/pages/enroll-resources/database-access/guides/elastic.mdx
index e3d95ead8c121..68902e0de0c1c 100644
--- a/docs/pages/enroll-resources/database-access/guides/elastic.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/elastic.mdx
@@ -68,7 +68,7 @@ $ curl -u elastic:your_elasticsearch_password -X POST "https://elasticsearch.exa
 
 <Details title="Role Mapping with wildcards">
 
-In a scenario where Teleport is using [single sign-on](../../../admin-guides/access-controls/sso.mdx) you may want to define a mapping for all users to a role:
+In a scenario where Teleport is using [single sign-on](../../../admin-guides/access-controls/sso/sso.mdx) you may want to define a mapping for all users to a role:
 
 ```code
 $ curl -u elastic:your_elasticsearch_password -X POST "https://elasticsearch.example.com:9200/_security/role_mapping/mapping1?pretty" -H 'Content-Type: application/json' -d'
diff --git a/docs/pages/enroll-resources/database-access/guides.mdx b/docs/pages/enroll-resources/database-access/guides/guides.mdx
similarity index 99%
rename from docs/pages/enroll-resources/database-access/guides.mdx
rename to docs/pages/enroll-resources/database-access/guides/guides.mdx
index 2d552d12d88cc..0368c3001b4e7 100644
--- a/docs/pages/enroll-resources/database-access/guides.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/guides.mdx
@@ -5,3 +5,4 @@ layout: tocless-doc
 ---
 
 (!docs/pages/includes/database-access/guides.mdx!)
+
diff --git a/docs/pages/enroll-resources/database-access/guides/ha.mdx b/docs/pages/enroll-resources/database-access/guides/ha.mdx
index 1445e5ef466f6..54d8aa901f7fa 100644
--- a/docs/pages/enroll-resources/database-access/guides/ha.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/ha.mdx
@@ -133,8 +133,5 @@ you're using to connect.
 
 ## Next steps
 
-- Get started by [connecting](../guides.mdx) your database.
-- Review the [architecture](../architecture.mdx) of the Teleport Database
-  Service.
-
+- Get started by [connecting](guides.mdx) your database.
 
diff --git a/docs/pages/enroll-resources/database-access/guides/mysql-cloudsql.mdx b/docs/pages/enroll-resources/database-access/guides/mysql-cloudsql.mdx
index 2992f6c9bf4af..2eeabe5f1af0d 100644
--- a/docs/pages/enroll-resources/database-access/guides/mysql-cloudsql.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/mysql-cloudsql.mdx
@@ -175,7 +175,7 @@ $ tsh db ls
   type="note"
 >
 You will only be able to see databases that your Teleport role has
-access to. See our [RBAC](../rbac.mdx) guide for more details.
+access to. See our [RBAC](../rbac/rbac.mdx) guide for more details.
 </Notice>
 
 When connecting to the database, use either the database user name or the
diff --git a/docs/pages/enroll-resources/database-access/guides/mysql-self-hosted.mdx b/docs/pages/enroll-resources/database-access/guides/mysql-self-hosted.mdx
index e416a396db94b..543d905a4b87e 100644
--- a/docs/pages/enroll-resources/database-access/guides/mysql-self-hosted.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/mysql-self-hosted.mdx
@@ -190,7 +190,7 @@ $ tsh db ls
 </Tabs>
 
 Note that you will only be able to see databases your role has access to. See
-the [RBAC](../rbac.mdx) guide for more details.
+the [RBAC](../rbac/rbac.mdx) guide for more details.
 
 To retrieve credentials for a database and connect to it:
 
diff --git a/docs/pages/enroll-resources/database-access/guides/oracle-self-hosted.mdx b/docs/pages/enroll-resources/database-access/guides/oracle-self-hosted.mdx
index 20620e7d699f1..48074e7afa2f1 100644
--- a/docs/pages/enroll-resources/database-access/guides/oracle-self-hosted.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/oracle-self-hosted.mdx
@@ -28,7 +28,7 @@ description: How to configure Teleport database access with Oracle.
 
 <Admonition type="tip">
 
-To modify an existing user to provide access to the Database Service, see [Database Access Access Controls](../../database-access/rbac.mdx)
+To modify an existing user to provide access to the Database Service, see [Database Access Access Controls](../rbac/rbac.mdx)
 
 </Admonition>
 
@@ -53,7 +53,7 @@ $ tctl users add \
 </Admonition>
 
 For more detailed information about database access controls and how to restrict
-access see [RBAC](../../database-access/rbac.mdx) documentation.
+access see [RBAC](../rbac/rbac.mdx) documentation.
 
 ## Step 2/6. Create a certificate/key pair and Teleport Oracle Wallet
 
diff --git a/docs/pages/enroll-resources/database-access/guides/postgres-cloudsql.mdx b/docs/pages/enroll-resources/database-access/guides/postgres-cloudsql.mdx
index deeca985bb731..6a12b656eef62 100644
--- a/docs/pages/enroll-resources/database-access/guides/postgres-cloudsql.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/postgres-cloudsql.mdx
@@ -131,7 +131,7 @@ $ tsh db ls
   type="note"
 >
 You will only be able to see databases that your Teleport role has
-access to. See our [RBAC](../rbac.mdx) guide for more details.
+access to. See our [RBAC](../rbac/rbac.mdx) guide for more details.
 </Notice>
 
 When connecting to the database, use the name of the database's service account
diff --git a/docs/pages/enroll-resources/database-access/guides/postgres-self-hosted.mdx b/docs/pages/enroll-resources/database-access/guides/postgres-self-hosted.mdx
index 97a78a71bd8e7..f08b08131c417 100644
--- a/docs/pages/enroll-resources/database-access/guides/postgres-self-hosted.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/postgres-self-hosted.mdx
@@ -139,7 +139,7 @@ $ tsh db ls
 </Tabs>
 
 Note that you will only be able to see databases your role has access to. See
-[RBAC](../rbac.mdx) section for more details.
+[RBAC](../rbac/rbac.mdx) section for more details.
 
 To retrieve credentials for a database and connect to it:
 
diff --git a/docs/pages/enroll-resources/database-access/guides/rds.mdx b/docs/pages/enroll-resources/database-access/guides/rds.mdx
index b3edd742202e8..0a3639a866411 100644
--- a/docs/pages/enroll-resources/database-access/guides/rds.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/rds.mdx
@@ -6,7 +6,7 @@ description: How to configure Teleport database access with AWS RDS and Aurora f
 
 Access to AWS or RDS Aurora databases can be provided by [Teleport Database
 Access](../../../index.mdx). This allows for
-fine-grain access control through [Teleport's RBAC](../rbac.mdx).
+fine-grain access control through [Teleport's RBAC](../rbac/rbac.mdx).
 
 This guide demonstrates how to use Teleport to connect to AWS or RDS Aurora databases.
 
@@ -440,5 +440,5 @@ $ tsh db logout <Var name="postgres-rds" />
 ## Next steps
 
 (!docs/pages/includes/database-access/guides-next-steps.mdx!)
-- Set up [automatic database user provisioning](../auto-user-provisioning.mdx).
+- Set up [automatic database user provisioning](../auto-user-provisioning/auto-user-provisioning.mdx).
 
diff --git a/docs/pages/enroll-resources/database-access/guides/vitess.mdx b/docs/pages/enroll-resources/database-access/guides/vitess.mdx
index daf1b6bc65728..ab4671b754f0b 100644
--- a/docs/pages/enroll-resources/database-access/guides/vitess.mdx
+++ b/docs/pages/enroll-resources/database-access/guides/vitess.mdx
@@ -197,7 +197,7 @@ $ tsh db ls
 </Tabs>
 
 Note that you will only be able to see databases your role has access to. See
-the [RBAC](../rbac.mdx) guide for more details.
+the [RBAC](../rbac/rbac.mdx) guide for more details.
 
 To retrieve credentials for a database and connect to it:
 
diff --git a/docs/pages/enroll-resources/database-access/rbac.mdx b/docs/pages/enroll-resources/database-access/rbac.mdx
deleted file mode 100644
index 3593139bec23c..0000000000000
--- a/docs/pages/enroll-resources/database-access/rbac.mdx
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: Database Access Control Guides
-description: Role-based access control guides for Teleport database access.
----
-
-These guides cover configuring access control policies for database users.
-
-Read the [RBAC](./rbac/configuring-access.mdx) guide to get a general understanding
-of how to configure Teleport roles to grant or deny access to your database users.
-
-The [Automatic User Provisioning](./auto-user-provisioning.mdx) guides explain
-how to get Teleport to create database user accounts on demand for MySQL,
-PostgreSQL, and more.
-
-
diff --git a/docs/pages/enroll-resources/database-access/rbac/configuring-access.mdx b/docs/pages/enroll-resources/database-access/rbac/configuring-access.mdx
index 9f663b0f8eaea..ad927998c8466 100644
--- a/docs/pages/enroll-resources/database-access/rbac/configuring-access.mdx
+++ b/docs/pages/enroll-resources/database-access/rbac/configuring-access.mdx
@@ -99,7 +99,7 @@ is not currently enforced on MySQL connection attempts.
 Similar to other role fields, `db_*` fields support templating variables.
 
 The `external.xyz` traits are replaced with values from external [single
-sign-on](../../../admin-guides/access-controls/sso.mdx) providers. For OIDC, they will be
+sign-on](../../../admin-guides/access-controls/sso/sso.mdx) providers. For OIDC, they will be
 replaced with the value of an "xyz" claim. For SAML, they are replaced 
 with an "xyz" assertion value. 
 
diff --git a/docs/pages/enroll-resources/database-access/rbac/rbac.mdx b/docs/pages/enroll-resources/database-access/rbac/rbac.mdx
new file mode 100644
index 0000000000000..5071c9b2cd2d4
--- /dev/null
+++ b/docs/pages/enroll-resources/database-access/rbac/rbac.mdx
@@ -0,0 +1,8 @@
+---
+title: Database Access Control Guides
+description: Role-based access control guides for Teleport database access.
+---
+
+These guides cover configuring access control policies for database users.
+
+(!toc!)
diff --git a/docs/pages/enroll-resources/database-access/troubleshooting.mdx b/docs/pages/enroll-resources/database-access/troubleshooting.mdx
index 0e32547e81662..fd24ec33816e0 100644
--- a/docs/pages/enroll-resources/database-access/troubleshooting.mdx
+++ b/docs/pages/enroll-resources/database-access/troubleshooting.mdx
@@ -145,7 +145,7 @@ Now Alice can connect to any database in the Teleport cluster using any database
 
 This example is intentionally simple; we could have configured Alice's permissions using more fine-grained control.
 For more detailed information about database access controls and how to restrict
-access see the [RBAC](../database-access/rbac.mdx) documentation.
+access see the [RBAC](rbac/rbac.mdx) documentation.
 
 ## Connection to MySQL database results in "Unknown system variable 'query_cache_size'" error
 
diff --git a/docs/pages/enroll-resources/kubernetes-access/controls.mdx b/docs/pages/enroll-resources/kubernetes-access/controls.mdx
index 235da2e0f7e65..4887bc00bda89 100644
--- a/docs/pages/enroll-resources/kubernetes-access/controls.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/controls.mdx
@@ -336,14 +336,6 @@ Below is a Kubernetes `ClusterRole` that grants the minimum set of permissions
 to enable impersonation, and a `ClusterRoleBinding` that grants these
 permissions to a service account.
 
-<Notice type="tip">
-
-There is usually no need to define these resources manually. The [manual
-methods](./register-clusters.mdx) and [automatic methods](./discovery.mdx) for
-registering Kubernetes clusters with Teleport include steps for setting up the
-Kubernetes RBAC resources that Teleport needs to allow access to clusters.
-
-</Notice>
 
 ```yaml
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/docs/pages/enroll-resources/kubernetes-access/discovery.mdx b/docs/pages/enroll-resources/kubernetes-access/discovery/discovery.mdx
similarity index 96%
rename from docs/pages/enroll-resources/kubernetes-access/discovery.mdx
rename to docs/pages/enroll-resources/kubernetes-access/discovery/discovery.mdx
index 6d5fb3b2f7a0b..944a4a28a363f 100644
--- a/docs/pages/enroll-resources/kubernetes-access/discovery.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/discovery/discovery.mdx
@@ -13,9 +13,9 @@ minimal access permissions.
 
 ## Supported clouds
 
-- [AWS](./discovery/aws.mdx): Discovery for AWS EKS clusters.
-- [Azure](./discovery/azure.mdx): Discovery for Azure AKS clusters.
-- [Google Cloud](./discovery/google-cloud.mdx): Discovery for
+- [AWS](aws.mdx): Discovery for AWS EKS clusters.
+- [Azure](azure.mdx): Discovery for Azure AKS clusters.
+- [Google Cloud](google-cloud.mdx): Discovery for
   Google Kubernetes Engine clusters.
 
 ## How Kubernetes Clusters Discovery works
diff --git a/docs/pages/enroll-resources/kubernetes-access/faq.mdx b/docs/pages/enroll-resources/kubernetes-access/faq.mdx
index 83d6bca552a19..f258b50794633 100644
--- a/docs/pages/enroll-resources/kubernetes-access/faq.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/faq.mdx
@@ -29,6 +29,3 @@ more information and examples.
 Since version 11, Teleport can discover your Kubernetes clusters on AWS, GCP,
 and Azure.
 
-Check out the [Kubernetes Service Discovery Guide](./discovery.mdx) for more
-documentation and examples.
-
diff --git a/docs/pages/enroll-resources/kubernetes-access/getting-started.mdx b/docs/pages/enroll-resources/kubernetes-access/getting-started.mdx
index 6d9a31e9fe1bd..ba466c242dd63 100644
--- a/docs/pages/enroll-resources/kubernetes-access/getting-started.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/getting-started.mdx
@@ -16,7 +16,7 @@ Teleport Kubernetes Service running on the Kubernetes cluster:
 ![Enroll a Kubernetes cluster](../../../img/k8s/enroll-kubernetes.png)
 
 For information about other ways to enroll and discover Kubernetes clusters, see
-[Registering Kubernetes Clusters with Teleport](./register-clusters.mdx).
+[Registering Kubernetes Clusters with Teleport](register-clusters/register-clusters.mdx).
 
 ## Prerequisites
 
@@ -205,9 +205,7 @@ To set up and test access:
 This guide demonstrated how to enroll a Kubernetes cluster by running the
 Teleport Kubernetes Service within the Kubernetes cluster. 
 
-- For information about discovering Kubernetes clusters hosted on cloud providers, see 
-[Kubernetes Cluster Discovery](./discovery.mdx). 
 - To learn about other ways you can register a Kubernetes cluster with Teleport, see 
-[Registering Kubernetes Clusters with Teleport](./register-clusters.mdx).
+[Registering Kubernetes Clusters with Teleport](register-clusters/register-clusters.mdx).
 - For a complete list of the parameters you can configure in the `teleport-kube-agent` 
 helm chart, see the [Chart Reference](../../reference/helm-reference/teleport-kube-agent.mdx).
diff --git a/docs/pages/enroll-resources/kubernetes-access/introduction.mdx b/docs/pages/enroll-resources/kubernetes-access/introduction.mdx
index d936f2213941c..d81444985ac82 100644
--- a/docs/pages/enroll-resources/kubernetes-access/introduction.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/introduction.mdx
@@ -15,7 +15,7 @@ Teleport provides secure access to Kubernetes clusters:
 The guides in this section show you how to protect Kubernetes clusters with
 Teleport. For instructions on self-hosting Teleport Community Edition or
 Teleport Enterprise on Kubernetes, see the [Kubernetes Deployment
-Guides](../../admin-guides/deploy-a-cluster/helm-deployments.mdx).
+Guides](../../admin-guides/deploy-a-cluster/helm-deployments/helm-deployments.mdx).
 
 Here is an example of using Teleport to access a Kubernetes cluster, execute
 commands, and view your `kubectl`  activity in Teleport's audit log:
@@ -36,7 +36,7 @@ your cloud provider. When you create or destroy a Kubernetes cluster, Teleport
 registers or deregisters the cluster so your access controls stay up to date
 with your infrastructure.
 
-[Read our overview](discovery.mdx) of how Teleport automatically discovers
+[Read our overview](discovery/discovery.mdx) of how Teleport automatically discovers
 Kubernetes clusters.
 
 Read our guides to automatically registering Kubernetes clusters with Teleport
diff --git a/docs/pages/enroll-resources/kubernetes-access/manage-access.mdx b/docs/pages/enroll-resources/kubernetes-access/manage-access/manage-access.mdx
similarity index 81%
rename from docs/pages/enroll-resources/kubernetes-access/manage-access.mdx
rename to docs/pages/enroll-resources/kubernetes-access/manage-access/manage-access.mdx
index e44be1e143dd2..219c95250592f 100644
--- a/docs/pages/enroll-resources/kubernetes-access/manage-access.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/manage-access/manage-access.mdx
@@ -6,13 +6,13 @@ description: Use Teleport's sophisticated RBAC and trusted clusters to ensure th
 Once you register a Kubernetes cluster with Teleport, you can apply
 sophisticated policies to manage the way users access your cluster.
 
-Read our [Kubernetes RBAC guide](./manage-access/rbac.mdx) for step-by-step
+Read our [Kubernetes RBAC guide](rbac.mdx) for step-by-step
 instructions on giving your users the correct access to Kubernetes clusters,
 groups, users, and resources.
 
 See how to federate your Kubernetes access controls using [Teleport Trusted
-Clusters](./manage-access/federation.mdx).
+Clusters](federation.mdx).
 
 For a comprehensive reference to configuring access controls in your
 Teleport-registered Kubernetes clusters, see our [Access Controls
-Reference](./controls.mdx).
+Reference](../controls.mdx).
diff --git a/docs/pages/enroll-resources/kubernetes-access/manage-access/rbac.mdx b/docs/pages/enroll-resources/kubernetes-access/manage-access/rbac.mdx
index b97a3379a6319..135079951bcfc 100644
--- a/docs/pages/enroll-resources/kubernetes-access/manage-access/rbac.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/manage-access/rbac.mdx
@@ -450,6 +450,6 @@ Now that you know how to configure Teleport's RBAC system to control access to
 Kubernetes clusters, learn how to set up [Resource Access
 Requests](../../../admin-guides/access-controls/access-requests/resource-requests.mdx)
 for just-in-time access and [Access Request
-plugins](../../../admin-guides/access-controls/access-request-plugins.mdx) so you can manage
+plugins](../../../admin-guides/access-controls/access-request-plugins/access-request-plugins.mdx) so you can manage
 access with your communication workflow of choice.
 
diff --git a/docs/pages/enroll-resources/kubernetes-access/register-clusters.mdx b/docs/pages/enroll-resources/kubernetes-access/register-clusters/register-clusters.mdx
similarity index 60%
rename from docs/pages/enroll-resources/kubernetes-access/register-clusters.mdx
rename to docs/pages/enroll-resources/kubernetes-access/register-clusters/register-clusters.mdx
index 5d84fbc36a5c1..288c18813ffa8 100644
--- a/docs/pages/enroll-resources/kubernetes-access/register-clusters.mdx
+++ b/docs/pages/enroll-resources/kubernetes-access/register-clusters/register-clusters.mdx
@@ -5,16 +5,16 @@ layout: tocless-doc
 ---
 
 In some cases, you will want to register a Kubernetes cluster with Teleport
-manually, rather than letting Teleport [discover the cluster
-automatically](./discovery.mdx). There are a few ways to do this:
+manually, rather than letting Teleport discover the cluster automatically. There
+are a few ways to do this:
 
 - [Deploy the Teleport Kubernetes
-  Service with IAM Joining](./register-clusters/iam-joining.mdx) on your cluster of
+  Service with IAM Joining](iam-joining.mdx) on your cluster of
   choice.
 - Deploy the Teleport Kubernetes Service outside your Kubernetes cluster (e.g.,
   directly  on a virtual machine) and [give it access to a
-  kubeconfig](./register-clusters/static-kubeconfig.mdx).
+  kubeconfig](static-kubeconfig.mdx).
 - Deploy the Teleport Kubernetes Service outside of Kubernetes  and [use dynamic
-  configuration resources](./register-clusters/dynamic-registration.mdx) to
+  configuration resources](dynamic-registration.mdx) to
   register your clusters.
 
diff --git a/docs/pages/enroll-resources/machine-id/access-guides.mdx b/docs/pages/enroll-resources/machine-id/access-guides.mdx
deleted file mode 100644
index 5b38f57dc64c6..0000000000000
--- a/docs/pages/enroll-resources/machine-id/access-guides.mdx
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Access your Infrastructure with Machine ID
-description: How to use Machine ID to enable secure access to Teleport resources.
-layout: tocless-doc
----
-
-These guides cover how to configure a deployed Machine ID to produce credentials
-that can be used for machine to machine access to different Teleport resources.
-
-It is a pre-requisite of these guides that Machine ID has been configured for
-your platform, see the [Deploy Machine ID](./deployment.mdx) guides for information
-on how to do so.
-
-## Resource Access
-
-- [Server Access](./access-guides/ssh.mdx): How to use Machine ID to access servers via SSH.
-- [Kubernetes Access](./access-guides/kubernetes.mdx): How to use Machine ID to access Kubernetes clusters.
-- [Database Access](./access-guides/databases.mdx): How to use Machine ID to access Database servers.
-- [Application Access](./access-guides/applications.mdx): How to use Machine ID to access Applications.
-
-## Specific Tools
-
-- [tctl](./access-guides/tctl.mdx): How to use Machine ID with `tctl` to manage your Teleport configuration.
-- [Teleport Terraform](./access-guides/terraform.mdx): How to use Machine ID with the Teleport Terraform provider to manage your Teleport configuration as IaC.
-- [Ansible](./access-guides/ansible.mdx): How to use Machine ID with Ansible.
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/access-guides.mdx b/docs/pages/enroll-resources/machine-id/access-guides/access-guides.mdx
new file mode 100644
index 0000000000000..a61e9b4b03124
--- /dev/null
+++ b/docs/pages/enroll-resources/machine-id/access-guides/access-guides.mdx
@@ -0,0 +1,25 @@
+---
+title: Access your Infrastructure with Machine ID
+description: How to use Machine ID to enable secure access to Teleport resources.
+layout: tocless-doc
+---
+
+These guides cover how to configure a deployed Machine ID to produce credentials
+that can be used for machine to machine access to different Teleport resources.
+
+It is a pre-requisite of these guides that Machine ID has been configured for
+your platform, see the [Deploy Machine ID](../deployment/deployment.mdx) guides for information
+on how to do so.
+
+## Resource Access
+
+- [Server Access](ssh.mdx): How to use Machine ID to access servers via SSH.
+- [Kubernetes Access](kubernetes.mdx): How to use Machine ID to access Kubernetes clusters.
+- [Database Access](databases.mdx): How to use Machine ID to access Database servers.
+- [Application Access](applications.mdx): How to use Machine ID to access Applications.
+
+## Specific Tools
+
+- [tctl](tctl.mdx): How to use Machine ID with `tctl` to manage your Teleport configuration.
+- [Teleport Terraform](terraform.mdx): How to use Machine ID with the Teleport Terraform provider to manage your Teleport configuration as IaC.
+- [Ansible](ansible.mdx): How to use Machine ID with Ansible.
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx b/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx
index 92518e21d4e75..5894a1bd41b41 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx
@@ -26,7 +26,7 @@ You will need the following tools to use Teleport with Ansible.
 
 - `tbot` must already be installed and configured on the machine that will
   run Ansible. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 - If you followed the above guide, note the `--destination-dir=/opt/machine-id`
   flag, which defines the directory where SSH certificates and OpenSSH configuration
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx
index ea42911de9062..7b0f80449fca7 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx
@@ -20,7 +20,7 @@ used to access an application enrolled in your Teleport cluster.
 - (!docs/pages/includes/tctl.mdx!)
 - `tbot` must already be installed and configured on the machine that will
   access applications. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 ## Step 1/3. Configure RBAC
 
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx
index cffe895247bd6..2ad694b40d283 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx
@@ -23,7 +23,7 @@ used to access a database configured in Teleport.
   follow the [database access getting started guide](../../database-access/getting-started.mdx).
   The Teleport Database Service supports databases like PostgreSQL, MongoDB,
   Redis, and much more. See our [database access
-  guides](../../database-access/guides.mdx) for a complete list.
+  guides](../../database-access/guides/guides.mdx) for a complete list.
 - (!docs/pages/includes/tctl.mdx!)
 - The `tsh` binary must be installed on the machine that will access the
   database. Depending on how `tbot` was installed, this may already be
@@ -31,7 +31,7 @@ used to access a database configured in Teleport.
   details.
 - `tbot` must already be installed and configured on the machine that will
   access the database. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 ## Step 1/4. Configure RBAC
 
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx
index bb76d56c33cbb..9bc2adba2fe58 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx
@@ -28,7 +28,7 @@ used to access a Kubernetes cluster enrolled with your Teleport cluster.
   installation instructions.
 - `tbot` must already be installed and configured on the machine that will
   access Kubernetes clusters. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 - To demonstrate connecting to the Kubernetes cluster, the machine that will
   access Kubernetes clusters will need to have `kubectl` installed. See the
   [Kubernetes documentation](https://kubernetes.io/docs/tasks/tools/) for
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx
index 3a5582b2cbb55..9fcc0cc6b116c 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx
@@ -21,7 +21,7 @@ will cover access using the Teleport CLI `tsh` as well as the OpenSSH client.
 - (!docs/pages/includes/tctl.mdx!)
 - `tbot` must already be installed and configured on the machine that will
   connect to Linux hosts with SSH. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 ## Step 1/3. Configure RBAC
 
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx
index 43999f3bd1356..be80f28a70bed 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx
@@ -18,7 +18,7 @@ then use `tctl` to deploy Teleport roles defined in files.
 - (!docs/pages/includes/tctl.mdx!)
 - `tbot` must already be installed and configured on the machine that will
   use `tctl`. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 ## Step 1/3. Configure RBAC
 
diff --git a/docs/pages/enroll-resources/machine-id/access-guides/terraform.mdx b/docs/pages/enroll-resources/machine-id/access-guides/terraform.mdx
index 1e554afea6158..a697f4cdbc0f1 100644
--- a/docs/pages/enroll-resources/machine-id/access-guides/terraform.mdx
+++ b/docs/pages/enroll-resources/machine-id/access-guides/terraform.mdx
@@ -25,7 +25,7 @@ Terraform Provider and use Terraform to configure a Teleport role.
 
 - `tbot` must already be installed and configured on the machine that will
   run Terraform. For more information, see the
-  [deployment guides](../deployment.mdx).
+  [deployment guides](../deployment/deployment.mdx).
 
 ## Step 1/3. Configure RBAC
 
diff --git a/docs/pages/enroll-resources/machine-id/deployment.mdx b/docs/pages/enroll-resources/machine-id/deployment.mdx
deleted file mode 100644
index b65083201f155..0000000000000
--- a/docs/pages/enroll-resources/machine-id/deployment.mdx
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: Deploy Machine ID
-description: Explains how to deploy Machine ID on your platform and join it to your Teleport cluster.
-tocDepth: 3
----
-
-The first step to set up Machine ID is to deploy the `tbot` binary and join a
-Machine ID bot to your Teleport cluster. You can run the `tbot` binary on a
-number of platforms, from AWS and GitHub Actions to a generic Linux server or
-Kubernetes cluster. This guide shows you how to deploy Machine ID on your
-infrastructure.
-
-## Choosing a deployment method
-
-There are two considerations to make when determining how to deploy Machine ID on
-your infrastructure.
-
-### Your infrastructure
-
-The `tbot` binary runs as a container or on a Linux virtual machine. If you run
-`tbot` on GitHub Actions, you can use one of the ready-made [Teleport GitHub
-Actions workflows](https://github.com/teleport-actions).
-
-### Join method
-
-Machine ID joins your Teleport cluster by using one of the following
-authentication methods:
-
-- **Platform-signed document:** The platform that hosts `tbot`, such as a
-  Kubernetes cluster or Amazon EC2 instance, provides a signed identity document
-  that Teleport can verify using the platform's certificate authority. This is
-  the recommended approach because it avoids the use of shared secrets.
-- **Static join token:** Your Teleport client tool generates a string and stores
-  it on the Teleport Auth Service. Machine ID provides this string when it first
-  connects to your Teleport cluster, demonstrating to the Auth Service that it
-  belongs in the cluster. From then on, Machine ID authenticates to your
-  Teleport cluster with a renewable certificate.
-
-## Deployment guides
-
-The guides in this section show you how to deploy Machine ID and join it
-to your cluster. Choose a guide based on the platform where you intend to run
-Machine ID.
-
-If a specific guide does not exist for your platform, the [Linux
-guide](./deployment/linux.mdx) is compatible with most platforms. For
-custom approaches, you can also read the [Machine ID Reference](../../reference/machine-id/machine-id.mdx)
-and [Architecture](../../reference/architecture/machine-id-architecture.mdx) to plan your deployment.
-
-### Self-hosted infrastructure
-
-Read the following guides for how to deploy Machine ID on your cloud platform or
-on-prem infrastructure.
-
-|Platform|Installation method|Join method|
-|---|---|---|
-|[Linux](./deployment/linux.mdx)|Package manager or TAR archive|Static join token|
-|[GCP](./deployment/gcp.mdx)|Package manager, TAR archive, or Kubernetes pod|Identity document signed by GCP|
-|[AWS](./deployment/aws.mdx)|Package manager, TAR archive, or Kubernetes pod|Identity document signed by AWS|
-|[Azure](./deployment/azure.mdx)|Package manager or TAR archive|Identity document signed by Azure|
-|[Kubernetes](./deployment/kubernetes.mdx)|Kubernetes pod|Identity document signed by your Kubernetes cluster|
-
-### CI/CD
-
-Read the following guides for how to deploy Machine ID on a continuous
-integration and continuous deployment platform
-
-|Platform|Installation method|Join method|
-|---|---|---|
-|[CircleCI](./deployment/circleci.mdx)|TAR archive|CircleCI-signed identity document|
-|[GitLab](./deployment/gitlab.mdx)|TAR archive|GitLab-signed identity document|
-|[GitHub Actions](./deployment/github-actions.mdx)|Teleport job available through the GitHub Actions marketplace|GitHub-signed identity document.|
-|[Jenkins](./deployment/jenkins.mdx)|Package manager or TAR archive|Static join token|
-|[Spacelift](./deployment/spacelift.mdx)|Docker Image|Spacelift-signed identity document|
diff --git a/docs/pages/enroll-resources/machine-id/deployment/aws.mdx b/docs/pages/enroll-resources/machine-id/deployment/aws.mdx
index 2b3693897425d..45b7a3bb61d2b 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/aws.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/aws.mdx
@@ -123,7 +123,7 @@ Replace:
 
 ## Next steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/azure.mdx b/docs/pages/enroll-resources/machine-id/deployment/azure.mdx
index 0567904dadc1e..11178e840732d 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/azure.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/azure.mdx
@@ -124,7 +124,7 @@ Replace:
 
 ## Next steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx b/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx
index 8a759109c66a2..bb255e4a60606 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx
@@ -213,7 +213,7 @@ resources in your Teleport cluster that your CI/CD needs to interact with.
 
 ## Further steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/deployment.mdx b/docs/pages/enroll-resources/machine-id/deployment/deployment.mdx
new file mode 100644
index 0000000000000..da8051effae55
--- /dev/null
+++ b/docs/pages/enroll-resources/machine-id/deployment/deployment.mdx
@@ -0,0 +1,73 @@
+---
+title: Deploy Machine ID
+description: Explains how to deploy Machine ID on your platform and join it to your Teleport cluster.
+tocDepth: 3
+---
+
+The first step to set up Machine ID is to deploy the `tbot` binary and join a
+Machine ID bot to your Teleport cluster. You can run the `tbot` binary on a
+number of platforms, from AWS and GitHub Actions to a generic Linux server or
+Kubernetes cluster. This guide shows you how to deploy Machine ID on your
+infrastructure.
+
+## Choosing a deployment method
+
+There are two considerations to make when determining how to deploy Machine ID on
+your infrastructure.
+
+### Your infrastructure
+
+The `tbot` binary runs as a container or on a Linux virtual machine. If you run
+`tbot` on GitHub Actions, you can use one of the ready-made [Teleport GitHub
+Actions workflows](https://github.com/teleport-actions).
+
+### Join method
+
+Machine ID joins your Teleport cluster by using one of the following
+authentication methods:
+
+- **Platform-signed document:** The platform that hosts `tbot`, such as a
+  Kubernetes cluster or Amazon EC2 instance, provides a signed identity document
+  that Teleport can verify using the platform's certificate authority. This is
+  the recommended approach because it avoids the use of shared secrets.
+- **Static join token:** Your Teleport client tool generates a string and stores
+  it on the Teleport Auth Service. Machine ID provides this string when it first
+  connects to your Teleport cluster, demonstrating to the Auth Service that it
+  belongs in the cluster. From then on, Machine ID authenticates to your
+  Teleport cluster with a renewable certificate.
+
+## Deployment guides
+
+The guides in this section show you how to deploy Machine ID and join it
+to your cluster. Choose a guide based on the platform where you intend to run
+Machine ID.
+
+If a specific guide does not exist for your platform, the [Linux
+guide](linux.mdx) is compatible with most platforms. For
+custom approaches, you can also read the [Machine ID Reference](../../../reference/machine-id/machine-id.mdx)
+and [Architecture](../../../reference/architecture/machine-id-architecture.mdx) to plan your deployment.
+
+### Self-hosted infrastructure
+
+Read the following guides for how to deploy Machine ID on your cloud platform or
+on-prem infrastructure.
+
+| Platform                                  | Installation method                             | Join method                                         |
+|-------------------------------------------|-------------------------------------------------|-----------------------------------------------------|
+| [Linux](linux.mdx)           | Package manager or TAR archive                  | Static join token                                   |
+| [GCP](gcp.mdx)               | Package manager, TAR archive, or Kubernetes pod | Identity document signed by GCP                     |
+| [AWS](aws.mdx)               | Package manager, TAR archive, or Kubernetes pod | Identity document signed by AWS                     |
+| [Azure](azure.mdx)           | Package manager or TAR archive                  | Identity document signed by Azure                   |
+| [Kubernetes](kubernetes.mdx) | Kubernetes pod                                  | Identity document signed by your Kubernetes cluster |
+
+### CI/CD
+
+Read the following guides for how to deploy Machine ID on a continuous
+integration and continuous deployment platform
+
+| Platform                                                                                            | Installation method                                           | Join method                        |
+|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------|------------------------------------|
+| [CircleCI](circleci.mdx)                                                               | TAR archive                                                   | CircleCI-signed identity document  |
+| [GitLab](gitlab.mdx)                                                                   | TAR archive                                                   | GitLab-signed identity document    |
+| [GitHub Actions](github-actions.mdx)                                                   | Teleport job available through the GitHub Actions marketplace | GitHub-signed identity document.   |
+| [Jenkins](jenkins.mdx)                                                                 | Package manager or TAR archive                                | Static join token                  |
diff --git a/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx b/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx
index d0c4da83941c8..e5cf2a5e0f50d 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx
@@ -125,7 +125,7 @@ Replace:
 
 ## Next steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx b/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx
index 24d2b73e4958c..43b08f6d399b1 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx
@@ -179,7 +179,7 @@ failure.
   [GitLab CI reference page.](../../../reference/machine-id/gitlab.mdx)
 - For more information about GitLab itself, read
   [their documentation](https://docs.gitlab.com/ee/ci/).
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx b/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx
index 17c8fc18e6c4c..5c65640d26819 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx
@@ -311,7 +311,7 @@ However, it is not yet producing any useful output.
 
 ## Step 4/4. Configure outputs
 
-Follow one of the [access guides](../access-guides.mdx) to configure an output
+Follow one of the [access guides](../access-guides/access-guides.mdx) to configure an output
 that meets your access needs.
 
 In order to adjust the access guides to work well with Kubernetes, use the
@@ -357,7 +357,7 @@ spec:
 
 ## Next steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/deployment/linux.mdx b/docs/pages/enroll-resources/machine-id/deployment/linux.mdx
index 86f97ac6a04de..8f75891322ff3 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/linux.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/linux.mdx
@@ -112,7 +112,7 @@ $ sudo chown teleport:teleport /var/lib/teleport/bot
 
 ## Next steps
 
-- Follow the [access guides](../access-guides.mdx) to finish configuring `tbot` for
+- Follow the [access guides](../access-guides/access-guides.mdx) to finish configuring `tbot` for
   your environment.
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/getting-started.mdx b/docs/pages/enroll-resources/machine-id/getting-started.mdx
index 6ae666a074f2b..131c97edbbceb 100644
--- a/docs/pages/enroll-resources/machine-id/getting-started.mdx
+++ b/docs/pages/enroll-resources/machine-id/getting-started.mdx
@@ -15,7 +15,7 @@ Here's an overview of what you will do:
 
 This guide covers configuring Machine ID for development and learning purposes.
 For a production-ready configuration of Machine ID, visit the [Deploying Machine
-ID](./deployment.mdx) guides.
+ID](deployment/deployment.mdx) guides.
 
 ## Prerequisites
 
@@ -300,9 +300,9 @@ and controlled with all the familiar Teleport access controls.
 
 - Read the [architecture overview](../../reference/architecture/machine-id-architecture.mdx) to learn about how
   Machine ID works in more detail.
-- Check out the [deployment guides](./deployment.mdx) to learn about
+- Check out the [deployment guides](deployment/deployment.mdx) to learn about
   configuring `tbot` in a production-ready way for your platform.
-- Check out the [access guides](./access-guides.mdx) to learn about configuring
+- Check out the [access guides](access-guides/access-guides.mdx) to learn about configuring
   `tbot` for different use cases than SSH.
 - Read the [configuration reference](../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
diff --git a/docs/pages/enroll-resources/machine-id/introduction.mdx b/docs/pages/enroll-resources/machine-id/introduction.mdx
index 010f60bae65aa..734159446437c 100644
--- a/docs/pages/enroll-resources/machine-id/introduction.mdx
+++ b/docs/pages/enroll-resources/machine-id/introduction.mdx
@@ -73,9 +73,9 @@ For a quickstart non-production introduction to Machine ID, read the
 
 Production-ready guidance on deploying Machine ID is broken out into two parts:
 
-- [Deploying Machine ID](./deployment.mdx): How to install and configure
+- [Deploying Machine ID](deployment/deployment.mdx): How to install and configure
   Machine ID for a specific platform.
-- [Access your Infrastructure with Machine ID](./access-guides.mdx): How to use Machine ID to access
+- [Access your Infrastructure with Machine ID](access-guides/access-guides.mdx): How to use Machine ID to access
   Teleport and Teleport resources.
 
 ## Further reading
diff --git a/docs/pages/enroll-resources/server-access/getting-started.mdx b/docs/pages/enroll-resources/server-access/getting-started.mdx
index 139813b29b00f..669be0463eb53 100644
--- a/docs/pages/enroll-resources/server-access/getting-started.mdx
+++ b/docs/pages/enroll-resources/server-access/getting-started.mdx
@@ -392,7 +392,7 @@ further Getting Started exercises.
 - While this guide shows you how to create a local user in order to access a
   server, you can also enable Teleport users to authenticate through a single
   sign-on provider. Read the
-  [documentation](../../admin-guides/access-controls/sso.mdx) to learn more.
+  [documentation](../../admin-guides/access-controls/sso/sso.mdx) to learn more.
 - Learn more about Teleport `tsh` through the [reference documentation](../../reference/cli/tsh.mdx#tsh-ssh).
 - Learn more about [Teleport servers](../../reference/architecture/nodes.mdx)
 - For a complete list of ports used by Teleport, read the [Networking Guide](../../reference/networking.mdx).
diff --git a/docs/pages/enroll-resources/server-access/guides.mdx b/docs/pages/enroll-resources/server-access/guides.mdx
deleted file mode 100644
index 18a3fbf80ffae..0000000000000
--- a/docs/pages/enroll-resources/server-access/guides.mdx
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Server Access Guides
-description: Teleport server access guides.
-layout: tocless-doc
----
-
-- [Using Teleport with PAM](./guides/ssh-pam.mdx): How to configure Teleport SSH with PAM (Pluggable Authentication Modules).
-- [Agentless OpenSSH Integration](guides/openssh/openssh-agentless.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
-- [Agentless OpenSSH Integration (Manual Installation)](./guides/openssh/openssh-manual-install.mdx): How to use Teleport in agentless mode
-  on systems with OpenSSH and `sshd` that can't run `teleport`.
-- [Recording Proxy Mode](./guides/recording-proxy-mode.mdx): How to use Teleport Recording Proxy Mode to capture activity on OpenSSH servers.
-- [BPF Session Recording](./guides/bpf-session-recording.mdx): How to use BPF to record SSH session commands, modified files and network connections.
-- [Restricted Session](./guides/restricted-session.mdx): How to configure and use Restricted Session to apply security policies to SSH sessions.
-- [Visual Studio Code](./guides/vscode.mdx): How to remotely develop with Visual Studio Code and Teleport.
-- [JetBrains SFTP](./guides/jetbrains-sftp.mdx): How to use a JetBrains IDE to access SFTP with Teleport.
-- [Host User Creation](./guides/host-user-creation.mdx): How to configure Teleport to automatically create transient host users.
-- [Linux Auditing System](./guides/auditd.mdx): How to integrate Teleport with the Linux Auditing System (auditd).
-- [EC2 Instance Discovery](./guides/ec2-discovery.mdx): How to configure Teleport to automatically enroll EC2 instances.
-- [Azure Instance Discovery](./guides/azure-discovery.mdx): How to configure Teleport to automatically enroll Azure virtual machines.
-- [GCP Instance Discovery](./guides/gcp-discovery.mdx): How to configure Teleport to automatically enroll GCP instances.
-- [Using Teleport with Ansible](./guides/ansible.mdx): How to use Ansible with
-  Teleport-issued SSH credentials.
diff --git a/docs/pages/enroll-resources/server-access/guides/guides.mdx b/docs/pages/enroll-resources/server-access/guides/guides.mdx
new file mode 100644
index 0000000000000..53e2cb4c8ed33
--- /dev/null
+++ b/docs/pages/enroll-resources/server-access/guides/guides.mdx
@@ -0,0 +1,22 @@
+---
+title: Server Access Guides
+description: Teleport server access guides.
+layout: tocless-doc
+---
+
+- [Using Teleport with PAM](ssh-pam.mdx): How to configure Teleport SSH with PAM (Pluggable Authentication Modules).
+- [Agentless OpenSSH Integration](openssh/openssh-agentless.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
+- [Agentless OpenSSH Integration (Manual Installation)](openssh/openssh-manual-install.mdx): How to use Teleport in agentless mode
+  on systems with OpenSSH and `sshd` that can't run `teleport`.
+- [Recording Proxy Mode](recording-proxy-mode.mdx): How to use Teleport Recording Proxy Mode to capture activity on OpenSSH servers.
+- [BPF Session Recording](bpf-session-recording.mdx): How to use BPF to record SSH session commands, modified files and network connections.
+- [Restricted Session](restricted-session.mdx): How to configure and use Restricted Session to apply security policies to SSH sessions.
+- [Visual Studio Code](vscode.mdx): How to remotely develop with Visual Studio Code and Teleport.
+- [JetBrains SFTP](jetbrains-sftp.mdx): How to use a JetBrains IDE to access SFTP with Teleport.
+- [Host User Creation](host-user-creation.mdx): How to configure Teleport to automatically create transient host users.
+- [Linux Auditing System](auditd.mdx): How to integrate Teleport with the Linux Auditing System (auditd).
+- [EC2 Instance Discovery](ec2-discovery.mdx): How to configure Teleport to automatically enroll EC2 instances.
+- [Azure Instance Discovery](azure-discovery.mdx): How to configure Teleport to automatically enroll Azure virtual machines.
+- [GCP Instance Discovery](gcp-discovery.mdx): How to configure Teleport to automatically enroll GCP instances.
+- [Using Teleport with Ansible](ansible.mdx): How to use Ansible with
+  Teleport-issued SSH credentials.
diff --git a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx
index 73778804ca847..8ecb5c2cad0cf 100644
--- a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx
+++ b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx
@@ -237,4 +237,4 @@ them to the `teleport-keep` group directly on the hosts you wish to migrate.
 
 ## Next steps
 
-- Configure automatic user provisioning for [database access](../../database-access/auto-user-provisioning.mdx).
+- Configure automatic user provisioning for [database access](../../../index.mdx).
diff --git a/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx b/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx
index a29b79c275ad8..604bb625cd406 100644
--- a/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx
+++ b/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx
@@ -66,8 +66,6 @@ $ ssh user@[server name].[cluster name]
 
 <Admonition type="note">
   Include the port number for OpenSSH servers, by default `22`, or you can experience an error.
-  See the [OpenSSH guide](./openssh.mdx) for more information.
-  Example connecting to a OpenSSH server:
 
   ```code
   $ ssh -p 22 user@[server name].[cluster name]
@@ -128,7 +126,7 @@ After closing the SSH configuration window, you should see `Remote Host` menu in
 ### Using OpenSSH clients
 
 This guide makes use of `tsh config`; refer to the
-[dedicated guide](./openssh.mdx) for additional information.
+[dedicated guide](openssh/openssh.mdx) for additional information.
 
 ## Further reading
 - [JetBrains - Create a remote server configuration](https://www.jetbrains.com/help/idea/creating-a-remote-server-configuration.html#overload)
diff --git a/docs/pages/enroll-resources/server-access/guides/openssh.mdx b/docs/pages/enroll-resources/server-access/guides/openssh.mdx
deleted file mode 100644
index e7632cfd9b097..0000000000000
--- a/docs/pages/enroll-resources/server-access/guides/openssh.mdx
+++ /dev/null
@@ -1,9 +0,0 @@
----
-title: OpenSSH Guides
-description: Teleport Agentless OpenSSH integration guides.
-layout: tocless-doc
----
-
-- [Agentless OpenSSH Integration](openssh/openssh-agentless.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
-- [Agentless OpenSSH Integration (Manual Installation)](./openssh/openssh-manual-install.mdx): How to use Teleport in agentless mode
-  on systems with OpenSSH and `sshd` that can't run `teleport`.
diff --git a/docs/pages/enroll-resources/server-access/guides/openssh/openssh.mdx b/docs/pages/enroll-resources/server-access/guides/openssh/openssh.mdx
new file mode 100644
index 0000000000000..2af40693b1fc5
--- /dev/null
+++ b/docs/pages/enroll-resources/server-access/guides/openssh/openssh.mdx
@@ -0,0 +1,9 @@
+---
+title: OpenSSH Guides
+description: Teleport Agentless OpenSSH integration guides.
+layout: tocless-doc
+---
+
+- [Agentless OpenSSH Integration](openssh-agentless.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
+- [Agentless OpenSSH Integration (Manual Installation)](openssh-manual-install.mdx): How to use Teleport in agentless mode
+  on systems with OpenSSH and `sshd` that can't run `teleport`.
diff --git a/docs/pages/enroll-resources/server-access/guides/vscode.mdx b/docs/pages/enroll-resources/server-access/guides/vscode.mdx
index ae8d33e1d975f..78d13787d754a 100644
--- a/docs/pages/enroll-resources/server-access/guides/vscode.mdx
+++ b/docs/pages/enroll-resources/server-access/guides/vscode.mdx
@@ -151,14 +151,14 @@ The Window Indicator in the bottom left highlights the currently connected remot
 
 It's possible to remotely develop on any OpenSSH host joined to a Teleport
 cluster so long as its host OS is supported by VS Code. Refer to the
-[OpenSSH guide](./openssh.mdx) to configure the remote host to authenticate via
+[OpenSSH guide](openssh/openssh.mdx) to configure the remote host to authenticate via
 Teleport certificates, after which the procedure outlined above can be used to
 connect to the host in VS Code.
 
 ### Using OpenSSH clients
 
 This guide makes use of `tsh config`; refer to the
-[dedicated guide](./openssh.mdx) for additional information.
+[dedicated guide](openssh/openssh.mdx) for additional information.
 
 ## Further reading
 - [VS Code Remote Development](https://code.visualstudio.com/docs/remote/remote-overview)
diff --git a/docs/pages/enroll-resources/server-access/introduction.mdx b/docs/pages/enroll-resources/server-access/introduction.mdx
index a0cef2b718d9b..d40557c143100 100644
--- a/docs/pages/enroll-resources/server-access/introduction.mdx
+++ b/docs/pages/enroll-resources/server-access/introduction.mdx
@@ -25,7 +25,7 @@ Teleport server access is designed for the following kinds of scenarios:
 ## Guides
 
 - [Using Teleport with PAM](./guides/ssh-pam.mdx): How to configure Teleport SSH with PAM (Pluggable Authentication Modules).
-- [Agentless OpenSSH Integration](./guides/openssh.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
+- [Agentless OpenSSH Integration](./guides/openssh/openssh.mdx): How to use Teleport in agentless mode on systems with OpenSSH and `sshd`.
 - [Recording Proxy Mode](./guides/recording-proxy-mode.mdx): How to use Teleport Recording Proxy Mode to capture activity on OpenSSH servers.
 - [BPF Session Recording](./guides/bpf-session-recording.mdx): How to use BPF to record SSH session commands, modified files and network connections.
 - [Restricted Session](./guides/restricted-session.mdx): How to configure and use Restricted Session to apply security policies to SSH sessions.
diff --git a/docs/pages/enroll-resources/server-access/rbac.mdx b/docs/pages/enroll-resources/server-access/rbac.mdx
index 34e21fbfd4daa..31f07b562ae36 100644
--- a/docs/pages/enroll-resources/server-access/rbac.mdx
+++ b/docs/pages/enroll-resources/server-access/rbac.mdx
@@ -71,7 +71,7 @@ spec:
 
 Similar to role fields for accessing other resources in Teleport, server-related fields support template variables.
 
-Variables with the format `{{external.xyz}}` are replaced with values from external [SSO](../../admin-guides/access-controls/sso.mdx)
+Variables with the format `{{external.xyz}}` are replaced with values from external [SSO](../../admin-guides/access-controls/sso/sso.mdx)
 providers. For OIDC logins, `{{external.xyz}}` refers to the "xyz" claim; for
 SAML logins, `{{external.xyz}}` refers to the "xyz" assertion.
 
diff --git a/docs/pages/faq.mdx b/docs/pages/faq.mdx
index 85f422346e383..a99f40ced1c87 100644
--- a/docs/pages/faq.mdx
+++ b/docs/pages/faq.mdx
@@ -29,7 +29,7 @@ functionality without a net addition of an agent on your system.
 ## Can I use OpenSSH with a Teleport cluster?
 
 Yes, this question comes up often and is related to the previous one. Take a
-look at [Using OpenSSH Guide](./enroll-resources/server-access/guides/openssh.mdx).
+look at [Using OpenSSH Guide](index.mdx).
 
 ## Can I connect to nodes behind a firewall?
 
diff --git a/docs/pages/includes/database-access/aws-auto-discovery-prerequisite.mdx b/docs/pages/includes/database-access/aws-auto-discovery-prerequisite.mdx
index f964e69e993d8..d0b7e86b8d9f5 100644
--- a/docs/pages/includes/database-access/aws-auto-discovery-prerequisite.mdx
+++ b/docs/pages/includes/database-access/aws-auto-discovery-prerequisite.mdx
@@ -1,3 +1,2 @@
 A running Teleport Discovery Service if you plan to use [Database
-Auto-Discovery](./../../enroll-resources/database-access/guides/aws-discovery.mdx).
-
+Auto-Discovery](../../enroll-resources/database-access/guides/aws-discovery.mdx).
diff --git a/docs/pages/includes/database-access/create-user.mdx b/docs/pages/includes/database-access/create-user.mdx
index 3f2cf60989bcb..9ea550c3cff8a 100644
--- a/docs/pages/includes/database-access/create-user.mdx
+++ b/docs/pages/includes/database-access/create-user.mdx
@@ -1,6 +1,6 @@
 <Admonition type="tip">
 
-To modify an existing user to provide access to the Database Service, see [Database Access Access Controls](../../enroll-resources/database-access/rbac.mdx)
+To modify an existing user to provide access to the Database Service, see [Database Access Access Controls](../../enroll-resources/database-access/rbac/rbac.mdx)
 
 </Admonition>
 
@@ -40,4 +40,4 @@ $ tctl users add \
 </Admonition>
 
 For more detailed information about database access controls and how to restrict
-access see [RBAC](../../enroll-resources/database-access/rbac.mdx) documentation.
+access see [RBAC](../../enroll-resources/database-access/rbac/rbac.mdx) documentation.
diff --git a/docs/pages/includes/database-access/db-introduction.mdx b/docs/pages/includes/database-access/db-introduction.mdx
index a85170658cdda..b7c55d905a1ee 100644
--- a/docs/pages/includes/database-access/db-introduction.mdx
+++ b/docs/pages/includes/database-access/db-introduction.mdx
@@ -1,6 +1,6 @@
 Teleport can provide secure access to {{ dbName }} via the  [Teleport Database
 Service](../../enroll-resources/database-access/database-access.mdx). This allows for
-fine-grained access control through [Teleport's RBAC](../../enroll-resources/database-access/rbac.mdx).
+fine-grained access control through [Teleport's RBAC](../../enroll-resources/database-access/rbac/rbac.mdx).
 
 In this guide, you will:
 
diff --git a/docs/pages/includes/database-access/guides-next-steps.mdx b/docs/pages/includes/database-access/guides-next-steps.mdx
index cf274a8296cd6..4a14a11079497 100644
--- a/docs/pages/includes/database-access/guides-next-steps.mdx
+++ b/docs/pages/includes/database-access/guides-next-steps.mdx
@@ -1,5 +1,5 @@
 {/* lint ignore list-item-spacing remark-lint */}
-- Learn how to [restrict access](../../enroll-resources/database-access/rbac.mdx) to certain users and databases.
+- Learn how to [restrict access](../../enroll-resources/database-access/rbac/rbac.mdx) to certain users and databases.
 
 {/* lint ignore list-item-spacing remark-lint */}
 - Learn more about [dynamic database registration](../../enroll-resources/database-access/guides/dynamic-registration.mdx).
diff --git a/docs/pages/includes/edition-comparison.mdx b/docs/pages/includes/edition-comparison.mdx
index 9ad0f72662085..4e2c57600b491 100644
--- a/docs/pages/includes/edition-comparison.mdx
+++ b/docs/pages/includes/edition-comparison.mdx
@@ -6,7 +6,7 @@
 |[Hardware Key Support](../admin-guides/access-controls/guides/hardware-key-support.mdx)|✖|✔|✔|
 |[Moderated Sessions](../admin-guides/access-controls/guides/moderated-sessions.mdx)|✖|✔|✔|
 |[Role-Based Access Control](../admin-guides/access-controls/guides/role-templates.mdx)|✔|✔|✔|
-|[Single Sign-On](../admin-guides/access-controls/sso.mdx)|GitHub|GitHub, Google Workspace, OIDC, SAML, Teleport|GitHub, Google Workspace, OIDC, SAML, Teleport|
+|[Single Sign-On](../admin-guides/access-controls/sso/sso.mdx)|GitHub|GitHub, Google Workspace, OIDC, SAML, Teleport|GitHub, Google Workspace, OIDC, SAML, Teleport|
 
 ### Audit logging and session recording
 
@@ -33,8 +33,7 @@ _Available as an add-on to Teleport Enterprise_
 
 ||Community Edition|Enterprise|Cloud|
 |---|---|---|---|
-|Access Monitoring & Response|✖|✔|✔|
-|[Access Lists & Access Reviews](../admin-guides/access-controls/access-lists.mdx)|✖|✔|✔|
+|[Access Lists & Access Reviews](../admin-guides/access-controls/access-lists/access-lists.mdx)|✖|✔|✔|
 |[Device Trust](../admin-guides/access-controls/device-trust/guide.mdx)|✖|✔|✔|
 |[Endpoint Management: Jamf](../admin-guides/access-controls/device-trust/jamf-integration.mdx)|✖|✔|✔|
 |[JIT Access Requests](../admin-guides/access-controls/guides/dual-authz.mdx)|Limited|✔|✔|
diff --git a/docs/pages/includes/machine-id/configure-outputs.mdx b/docs/pages/includes/machine-id/configure-outputs.mdx
index 9020f2b367b25..b002290094ddc 100644
--- a/docs/pages/includes/machine-id/configure-outputs.mdx
+++ b/docs/pages/includes/machine-id/configure-outputs.mdx
@@ -2,5 +2,6 @@ You have now prepared the base configuration for `tbot`. At this point, it
 identifies itself to the Teleport cluster and renews its own credentials but
 does not output any credentials for other applications to use.
 
-Follow one of the [access guides](../../enroll-resources/machine-id/access-guides.mdx) to configure an output
-that meets your access needs.
\ No newline at end of file
+Follow one of the [access
+guides](../../enroll-resources/machine-id/access-guides/access-guides.mdx) to
+configure an output that meets your access needs.
diff --git a/docs/pages/includes/machine-id/plugin-prerequisites.mdx b/docs/pages/includes/machine-id/plugin-prerequisites.mdx
index 88b6390ae2b68..22d43626da035 100644
--- a/docs/pages/includes/machine-id/plugin-prerequisites.mdx
+++ b/docs/pages/includes/machine-id/plugin-prerequisites.mdx
@@ -1,6 +1,5 @@
 **Recommended:** Configure Machine ID to provide short-lived Teleport
 credentials to the plugin. Before following this guide, follow a Machine ID
-[deployment guide](../../enroll-resources/machine-id/deployment.mdx) to run the `tbot` binary on
-your infrastructure.
-
+[deployment guide](../../enroll-resources/machine-id/deployment/deployment.mdx)
+to run the `tbot` binary on your infrastructure.
 
diff --git a/docs/pages/index.mdx b/docs/pages/index.mdx
index bdd32740d8d36..a3d9cbe09af35 100644
--- a/docs/pages/index.mdx
+++ b/docs/pages/index.mdx
@@ -60,7 +60,7 @@ Get started with Teleport Access:
 - [Set up passwordless authentication](admin-guides/access-controls/guides/passwordless.mdx)
   to enable users to access resources with hardware keys, including biometric
   credentials like Touch ID and YubiKey Bio.
-- [Integrate your Single Sign-On provider](admin-guides/access-controls/sso.mdx): Allow users
+- [Integrate your Single Sign-On provider](admin-guides/access-controls/sso/sso.mdx): Allow users
   to access infrastructure resources with IdPs like Okta.
 - [Use Teleport as an identity provider](admin-guides/access-controls/idps/saml-guide.mdx) to
   authenticate to external services.
@@ -84,12 +84,12 @@ restrictions and potential security breaches.
 
 Get started with Teleport Identity:
 
-- [Access Requests](admin-guides/access-controls/access-requests.mdx): Temporarily
+- [Access Requests](admin-guides/access-controls/access-requests/access-requests.mdx): Temporarily
   provision minimal privileges to complete a task.
-- [Access Lists](admin-guides/access-controls/access-lists.mdx): Regularly audit and
+- [Access Lists](admin-guides/access-controls/access-lists/access-lists.mdx): Regularly audit and
   control membership to specific roles and traits, which then tie easily back
   into Teleport's existing RBAC system.
-- [Device Trust](admin-guides/access-controls/device-trust.mdx): Require an up-to-date,
+- [Device Trust](admin-guides/access-controls/device-trust/device-trust.mdx): Require an up-to-date,
   registered device for each authentication by giving every device a
   cryptographic identity. 
 - [Session & Identity Locks](admin-guides/access-controls/guides/locking.mdx): Lock
diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx
index daec8197f9595..bcc9ce212b229 100644
--- a/docs/pages/installation.mdx
+++ b/docs/pages/installation.mdx
@@ -20,7 +20,7 @@ version as the cluster they are connecting to. Teleport servers are compatible
 with clients that are on the same major version or one major version older.
 Teleport servers do not support clients that are on a newer major version.
 
-See our [Upgrading](./upgrading.mdx) guide for more information.
+See our [Upgrading](upgrading/upgrading.mdx) guide for more information.
 
 
 ## Operating system support
@@ -467,7 +467,7 @@ chart.
   and `tctl` you run on your local machine are compatible with the versions
   you run on your infrastructure. Homebrew usually ships the latest release of
   Teleport, which may be incompatible with older versions. See our
-  [compatibility policy](upgrading.mdx) for details.
+  [compatibility policy](upgrading/upgrading.mdx) for details.
 
   To verify versions, log in to your cluster and compare the output of `tctl status`
   against `tsh version` and `tctl version`.
diff --git a/docs/pages/reference/access-controls/access-lists.mdx b/docs/pages/reference/access-controls/access-lists.mdx
index 560505b10501e..e36b2c143bf3e 100644
--- a/docs/pages/reference/access-controls/access-lists.mdx
+++ b/docs/pages/reference/access-controls/access-lists.mdx
@@ -139,4 +139,4 @@ above) and run `tctl create <filename>`. Access Lists can be updated by using `t
 `tctl` also supports a subset of Access List focused commands under the `tctl acl` subcommand.
 Through these you can list Access Lists, get information about a particular Access Lists, and manage
 Access List users. To see more details, run `tctl acl --help`. More detail can be seen in the
-[CLI Reference](../../reference/cli.mdx).
+[CLI Reference](../cli/cli.mdx).
diff --git a/docs/pages/reference/access-controls/roles.mdx b/docs/pages/reference/access-controls/roles.mdx
index 48737637e5552..c0b2b6ee11f51 100644
--- a/docs/pages/reference/access-controls/roles.mdx
+++ b/docs/pages/reference/access-controls/roles.mdx
@@ -22,7 +22,7 @@ resources:
 - [Custom API clients](../../admin-guides/api/rbac.mdx)
 
 To read more about managing dynamic resources, see the [Dynamic
-Resources](../../admin-guides/infrastructure-as-code.mdx) guide.
+Resources](../../admin-guides/infrastructure-as-code/infrastructure-as-code.mdx) guide.
 
 You can view all roles in your cluster on your local workstation by running the
 following commands:
@@ -70,7 +70,7 @@ user:
 | `pin_source_ip` | Enable source IP pinning for SSH certificates. | Logical "OR" i.e. evaluates to "yes" if at least one role requires session termination |
 | `cert_extensions` | Specifies extensions to be included in SSH certificates | |
 | `create_host_user_mode` | Allow users to be automatically created on a host |  Logical "AND" i.e. if all roles matching a server specify host user creation (`off`, `drop`, `keep`), it will evaluate to the option specified by all of the roles. If some roles specify both `drop` or `keep` it will evaluate to `keep`|
-| `create_db_user_mode` | Allow [database user auto provisioning](../../enroll-resources/database-access/auto-user-provisioning.mdx). Options: `off` (disable database user auto-provisioning), `keep` (disables the user at session end, removing the roles and locking it), and `best_effort_drop` (try to drop the user at session end, if it doesn't succeed, fallback to disabling it). | Logical "OR" i.e. if any role allows database user auto-provisioning, it's allowed |
+| `create_db_user_mode` | Allow database user auto provisioning. Options: `off` (disable database user auto-provisioning), `keep` (disables the user at session end, removing the roles and locking it), and `best_effort_drop` (try to drop the user at session end, if it doesn't succeed, fallback to disabling it). | Logical "OR" i.e. if any role allows database user auto-provisioning, it's allowed |
 
 ## Preset roles
 
@@ -438,7 +438,7 @@ Labels for resources enrolled with Teleport:
 |---|---|
 |`app_labels`|[Applications](../../enroll-resources/application-access/controls.mdx)|
 |`cluster_labels`|[Trusted Clusters](../../admin-guides/management/admin/trustedclusters.mdx)|
-|`db_labels`|[Databases](../../enroll-resources/database-access/rbac.mdx)|
+|`db_labels`|[Databases](../../enroll-resources/database-access/rbac/rbac.mdx)|
 |`db_service_labels`|[Database Service](../../enroll-resources/database-access/database-access.mdx) instances|
 |`kubernetes_labels`|[Kubernetes clusters](../../enroll-resources/kubernetes-access/controls.mdx)|
 |`node_labels`|[SSH Servers](../../enroll-resources/server-access/server-access.mdx)|
diff --git a/docs/pages/reference/agent-services/database-access-reference/cli.mdx b/docs/pages/reference/agent-services/database-access-reference/cli.mdx
index 94c68b36c6246..0f8781b0b1cc3 100644
--- a/docs/pages/reference/agent-services/database-access-reference/cli.mdx
+++ b/docs/pages/reference/agent-services/database-access-reference/cli.mdx
@@ -282,7 +282,7 @@ Lists available databases and their connection information.
 $ tsh db ls
 ```
 
-Displays only the databases a user has access to (see [RBAC](../../../enroll-resources/database-access/rbac.mdx)).
+Displays only the databases a user has access to (see [RBAC](../../../enroll-resources/database-access/rbac/rbac.mdx)).
 
 ## tsh db login
 
diff --git a/docs/pages/reference/architecture/agent-update-management.mdx b/docs/pages/reference/architecture/agent-update-management.mdx
index 8c8c3ee1c7508..5234b43235811 100644
--- a/docs/pages/reference/architecture/agent-update-management.mdx
+++ b/docs/pages/reference/architecture/agent-update-management.mdx
@@ -56,7 +56,7 @@ The agent version is subject to the following constraints:
 
 The best practice is to always align the agent version with the Proxy and Auth
 ones. To upgrade Auth and Proxy, follow [the Teleport Cluster upgrade guide
-](../../upgrading.mdx).
+](../../upgrading/upgrading.mdx).
 
 For this reason, all updaters must subscribe to a release channel targeting
 versions that are compatible with their Teleport cluster. Teleport Cloud users
@@ -90,6 +90,5 @@ ensure every agent is healthy and running the correct version.
 Self-hosted users must first [set up self-hosted automatic agent upgrades
 ](../../upgrading/self-hosted-automatic-agent-updates.mdx).
 
-After that, you can set enroll agents in automatic upgrades as part of the
-[upgrading procedure](../../upgrading.mdx).
-
+After that, you can set enroll agents in automatic updates as part of the
+[upgrading procedure](../../upgrading/upgrading.mdx).
diff --git a/docs/pages/reference/architecture/api-architecture.mdx b/docs/pages/reference/architecture/api-architecture.mdx
index 7ebb9bba6541c..c02c311a7d51e 100644
--- a/docs/pages/reference/architecture/api-architecture.mdx
+++ b/docs/pages/reference/architecture/api-architecture.mdx
@@ -53,7 +53,7 @@ The Teleport Go client requires credentials in order to authenticate with a
 Teleport cluster.
 
 Credentials are created by using Credential loaders, which gather certificates
-and data generated by [Teleport CLIs](../cli.mdx).
+and data generated by [Teleport CLIs](../cli/cli.mdx).
 
 Since there are several Credential loaders to choose from with distinct
 benefits, here's a quick breakdown:
diff --git a/docs/pages/reference/architecture/architecture.mdx b/docs/pages/reference/architecture/architecture.mdx
index 965b65ac25524..ebbae3df3961e 100644
--- a/docs/pages/reference/architecture/architecture.mdx
+++ b/docs/pages/reference/architecture/architecture.mdx
@@ -83,7 +83,7 @@ deny access to a resource.
 
 Agents must establish trust with the Teleport Auth Service when first joining a
 cluster, and there is are [variety of
-methods](../../enroll-resources/agents/join-services-to-your-cluster.mdx) that
+methods](../../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx) that
 Agents use for this.
 
 Read about the architecture of Teleport Agent features:
@@ -109,7 +109,7 @@ Instances of the `tbot` binary communicate with the Teleport Auth Service to
 continuously refresh credentials. As with Agents, administrators must deploy
 `tbot` instances on their own infrastructure, including on CI/CD platforms such
 as GitHub Actions, and [join
-them](../../enroll-resources/machine-id/deployment.mdx) to a cluster.
+them](../../enroll-resources/machine-id/deployment/deployment.mdx) to a cluster.
 
 Read more about [Machine ID Architecture](machine-id-architecture.mdx).
 
diff --git a/docs/pages/reference/architecture/authorization.mdx b/docs/pages/reference/architecture/authorization.mdx
index 9f11b2dcf969a..cf2a96a1f359e 100644
--- a/docs/pages/reference/architecture/authorization.mdx
+++ b/docs/pages/reference/architecture/authorization.mdx
@@ -52,7 +52,7 @@ that this cluster trusts. In this case, Teleport activates [trusted cluster mapp
 Local interactive users have a record in Teleport's backend with credentials.
 
 A cluster administrator have to create account entries for every Teleport user with
-[`tctl users add`](../cli.mdx) or API call.
+[`tctl users add`](../cli/cli.mdx) or API call.
 
 Every local Teleport User must be associated with a list of one or more roles.
 This list is called "role mappings".
@@ -394,7 +394,7 @@ spec:
 
 - [Access Control Reference](../access-controls/roles.mdx).
 - [Teleport Predicate Language](../predicate-language.mdx).
-- [Access Requests Guides](../../admin-guides/access-controls/access-requests.mdx)
+- [Access Requests Guides](../../admin-guides/access-controls/access-requests/access-requests.mdx)
 - [Architecture Overview](../../core-concepts.mdx)
 - [Teleport Auth](authentication.mdx)
 - [Teleport Nodes](nodes.mdx)
diff --git a/docs/pages/reference/architecture/nodes.mdx b/docs/pages/reference/architecture/nodes.mdx
index 1ba38ef624de6..3da39b4d11028 100644
--- a/docs/pages/reference/architecture/nodes.mdx
+++ b/docs/pages/reference/architecture/nodes.mdx
@@ -17,7 +17,7 @@ Here is why we recommend Teleport Node service instead of OpenSSH:
 
 Just like with OpenSSH, the `node` service provides SSH access to every node with any clients supporting client SSH certificates:
 
-- [OpenSSH: `ssh`](../../enroll-resources/server-access/guides/openssh.mdx)
+- [OpenSSH: `ssh`](../../enroll-resources/server-access/guides/openssh/openssh.mdx)
 - [Teleport CLI client: `tsh ssh`](../cli/tsh.mdx)
 - [Teleport Proxy UI](./proxy.mdx) accessed via a web browser.
 - Ansible and other SSH compatible clients.
diff --git a/docs/pages/reference/architecture/tls-routing.mdx b/docs/pages/reference/architecture/tls-routing.mdx
index 70d6cb24783ec..cb2410ece8e13 100644
--- a/docs/pages/reference/architecture/tls-routing.mdx
+++ b/docs/pages/reference/architecture/tls-routing.mdx
@@ -77,7 +77,7 @@ which can be used as a `ProxyCommand`.
 Similarly to `tsh ssh`, `tsh proxy ssh` establishes a TLS tunnel to Teleport
 proxy with `teleport-proxy-ssh` ALPN protocol, which `ssh` then connects over.
 
-See the [OpenSSH client](../../enroll-resources/server-access/guides/openssh.mdx) guide for details on
+See the [OpenSSH client](../../index.mdx) guide for details on
 how it's configured.
 
 ## Reverse tunnels
diff --git a/docs/pages/reference/cli.mdx b/docs/pages/reference/cli/cli.mdx
similarity index 79%
rename from docs/pages/reference/cli.mdx
rename to docs/pages/reference/cli/cli.mdx
index 4a6960a7bdfef..68093e7bc6b9b 100644
--- a/docs/pages/reference/cli.mdx
+++ b/docs/pages/reference/cli/cli.mdx
@@ -6,10 +6,10 @@ description: Detailed guide and reference documentation for Teleport's command l
 
 Teleport is made up of four CLI tools.
 
-- [teleport](./cli/teleport.mdx): Supports the Teleport Access Platform by starting and configuring various Teleport services.
-- [tsh](./cli/tsh.mdx): Allows end users to authenticate to Teleport and access resources in a cluster.
-- [tctl](./cli/tctl.mdx): Used to configure the Teleport Auth Service.
-- [tbot](./cli/tbot.mdx): Supports Machine ID, which provides short lived credentials to service accounts (e.g, a CI/CD server).
+- [teleport](teleport.mdx): Supports the Teleport Access Platform by starting and configuring various Teleport services.
+- [tsh](tsh.mdx): Allows end users to authenticate to Teleport and access resources in a cluster.
+- [tctl](tctl.mdx): Used to configure the Teleport Auth Service.
+- [tbot](tbot.mdx): Supports Machine ID, which provides short lived credentials to service accounts (e.g, a CI/CD server).
 
 (!docs/pages/includes/permission-warning.mdx!)
 
@@ -52,7 +52,7 @@ desktops, and Kubernetes clusters using the `--search` and `--query` flags.
 
 The `--search` flag performs a simple fuzzy search on resource fields. For example, `--search=mac` searches for resources containing `mac`.
 
-The `--query` flag allows you to perform more sophisticated searches using a [predicate language](predicate-language.mdx#resource-filtering).
+The `--query` flag allows you to perform more sophisticated searches using a [predicate language](../predicate-language.mdx).
 
 In both cases, you can further refine the results by appending a list of comma-separated labels to the command. For example:
 
diff --git a/docs/pages/reference/cloud-faq.mdx b/docs/pages/reference/cloud-faq.mdx
index 0eb5fa16c5c0d..8922728f96403 100644
--- a/docs/pages/reference/cloud-faq.mdx
+++ b/docs/pages/reference/cloud-faq.mdx
@@ -77,7 +77,7 @@ S3, are established using encryption provided by AWS, both at rest and in transi
 
 You can connect servers, Kubernetes clusters, databases, desktops, and
 applications using [reverse
-tunnels](../enroll-resources/agents/join-services-to-your-cluster.mdx).
+tunnels](../enroll-resources/agents/join-services-to-your-cluster/join-services-to-your-cluster.mdx).
 
 There is no need to open any ports on your infrastructure for inbound traffic.
 
diff --git a/docs/pages/reference/helm-reference.mdx b/docs/pages/reference/helm-reference/helm-reference.mdx
similarity index 60%
rename from docs/pages/reference/helm-reference.mdx
rename to docs/pages/reference/helm-reference/helm-reference.mdx
index 1aece251ec4e6..9f4821b8c6b41 100644
--- a/docs/pages/reference/helm-reference.mdx
+++ b/docs/pages/reference/helm-reference/helm-reference.mdx
@@ -5,26 +5,26 @@ description: Comprehensive lists of configuration values in Teleport's Helm char
 layout: tocless-doc
 ---
 
-- [teleport-cluster](./helm-reference/teleport-cluster.mdx): Deploy the
+- [teleport-cluster](teleport-cluster.mdx): Deploy the
   `teleport` daemon on Kubernetes with preset configurations for the Auth and
   Proxy Services and support for any Teleport service configuration.
-- [teleport-kube-agent](./helm-reference/teleport-kube-agent.mdx): Deploy the
+- [teleport-kube-agent](teleport-kube-agent.mdx): Deploy the
   Teleport Kubernetes Service, Application Service, or Database Service on
   Kubernetes.
-- [teleport-access-graph](./helm-reference/teleport-access-graph.mdx): Deploy the
+- [teleport-access-graph](teleport-access-graph.mdx): Deploy the
   Teleport Access Graph service.
-- [teleport-plugin-event-handler](./helm-reference/teleport-plugin-event-handler.mdx):
+- [teleport-plugin-event-handler](teleport-plugin-event-handler.mdx):
   Deploy the Teleport Event Handler plugin which sends events and session logs
   to Fluentd.
-- [teleport-plugin-jira](./helm-reference/teleport-plugin-jira.mdx): Deploy
+- [teleport-plugin-jira](teleport-plugin-jira.mdx): Deploy
   the Teleport Jira Access Request Plugin, which allows approving of denying
   Access Requests via a Jira Project.
-- [teleport-plugin-pagerduty](./helm-reference/teleport-plugin-pagerduty.mdx):
+- [teleport-plugin-pagerduty](teleport-plugin-pagerduty.mdx):
   Deploy the Teleport PagerDuty Plugin, which allows sending PagerDuty alerts
   when Access Requests are made.
-- [teleport-plugin-mattermost](./helm-reference/teleport-plugin-mattermost.mdx):
+- [teleport-plugin-mattermost](teleport-plugin-mattermost.mdx):
   Deploy the Teleport Mattermost Access Request Plugin, which allows approving
   or denying Access Requests via Mattermost.
-- [teleport-plugin-slack](./helm-reference/teleport-plugin-slack.mdx): Deploy
+- [teleport-plugin-slack](teleport-plugin-slack.mdx): Deploy
   the Teleport Slack Plugin, which allows notifying Slack users and channels
   when Access Requests are made.
diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx
index 56a3b5d6081ab..962e64582c9b1 100644
--- a/docs/pages/reference/helm-reference/teleport-cluster.mdx
+++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx
@@ -256,7 +256,7 @@ Possible values are `local` and `github` for Teleport Community Edition, plus `o
 | `string` | `""`          | No        | `auth_service.authentication.connector_name` |
 
 `authentication.connectorName` sets the default authentication connector.
-[The SSO documentation](../../admin-guides/access-controls/sso.mdx) explains how to create
+[The SSO documentation](../../admin-guides/access-controls/sso/sso.mdx) explains how to create
 authentication connectors for common identity providers. In addition to SSO
 connector names, the following built-in connectors are supported:
 
diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
index 9475c6f76c4da..b78c8124c14f1 100644
--- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
+++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
@@ -20,11 +20,11 @@ This reference details available values for the `teleport-kube-agent` chart.
 
 The `teleport-kube-agent` chart can run any or all of three Teleport services:
 
-| Teleport service                                             | Name for `roles` and `tctl tokens add` | Purpose                                                                                |
-|--------------------------------------------------------------|----------------------------------------|----------------------------------------------------------------------------------------|
-| [`kubernetes_service`](../../enroll-resources/kubernetes-access/introduction.mdx)   | `kube`                                 | Uses Teleport to handle authentication<br/> with and proxy access to a Kubernetes cluster   |
-| [`application_service`](../../enroll-resources/application-access/guides.mdx) | `app`                                  | Uses Teleport to handle authentication<br/> with and proxy access to web-based applications |
-| [`database_service`](../../enroll-resources/database-access/guides.mdx)       | `db`                                   | Uses Teleport to handle authentication<br/> with and proxy access to databases              |
+| Teleport service                                                          | Name for `roles` and `tctl tokens add` | Purpose                                                                                      |
+|---------------------------------------------------------------------------|----------------------------------------|----------------------------------------------------------------------------------------------|
+| [`kubernetes_service`](../../enroll-resources/kubernetes-access/introduction.mdx)          | `kube`                                 | Uses Teleport to handle authentication<br/> with and proxy access to a Kubernetes cluster    |
+| [`application_service`](../../enroll-resources/application-access/guides/guides.mdx)              | `app`                                  | Uses Teleport to handle authentication<br/> with and proxy access to web-based applications  |
+| [`database_service`](../../enroll-resources/database-access/guides/guides.mdx)                    | `db`                                   | Uses Teleport to handle authentication<br/> with and proxy access to databases               |
 
 ### Legacy releases
 
diff --git a/docs/pages/reference/monitoring/audit.mdx b/docs/pages/reference/monitoring/audit.mdx
index d772f076a33ba..c547c3c91e717 100644
--- a/docs/pages/reference/monitoring/audit.mdx
+++ b/docs/pages/reference/monitoring/audit.mdx
@@ -127,7 +127,7 @@ Below are some possible types of audit events.
 This list is not comprehensive. We recommend exporting audit events to a
 platform that automatically parses event payloads so you can group and filter
 them by their `event` key and discover trends. To set up audit event exporting,
-read [Exporting Teleport Audit Events](../../admin-guides/management/export-audit-events.mdx).
+read [Exporting Teleport Audit Events](../../admin-guides/management/export-audit-events/export-audit-events.mdx).
 
 </Notice>
 
diff --git a/docs/pages/reference/predicate-language.mdx b/docs/pages/reference/predicate-language.mdx
index 2da0ce3c7e110..921436f125519 100644
--- a/docs/pages/reference/predicate-language.mdx
+++ b/docs/pages/reference/predicate-language.mdx
@@ -72,7 +72,7 @@ The language also supports the following functions:
 | `split(labels["foo"], ",")`                  | converts a delimited string into a list                    |
 | `contains(split(labels["foo"], ","), "bar")` | determines if a value exists in a list                     |
 
-See some [examples](cli.mdx#filter-examples) of the different ways you can filter resources.
+See some [examples](cli/cli.mdx) of the different ways you can filter resources.
 
 ## Label expressions
 
diff --git a/docs/pages/reference/resources.mdx b/docs/pages/reference/resources.mdx
index 8c9b8a47b7e99..74c8c8830dc6e 100644
--- a/docs/pages/reference/resources.mdx
+++ b/docs/pages/reference/resources.mdx
@@ -6,7 +6,7 @@ description: Reference documentation for Teleport resources
 
 This reference guide lists dynamic resources you can manage with Teleport. For
 more information on dynamic resources, see our guide to [Using Dynamic
-Resources](../admin-guides/infrastructure-as-code.mdx).
+Resources](../admin-guides/infrastructure-as-code/infrastructure-as-code.mdx).
 
 Examples of applying dynamic resources with `tctl`:
 
@@ -51,11 +51,11 @@ Here's the list of resources currently exposed via [`tctl`](./cli/tctl.mdx):
 | - | - |
 | [user](#user) | A user record in the internal Teleport user DB. |
 | [role](#role) | A role assumed by interactive and non-interactive users. |
-| connector | Authentication connectors for [Single Sign-On](../admin-guides/access-controls/sso.mdx) (SSO) for SAML, OIDC and GitHub. |
-| node | A registered SSH node. The same record is displayed via `tctl nodes ls` |
+| connector | Authentication connectors for [Single Sign-On](../admin-guides/access-controls/sso/sso.mdx) (SSO) for SAML, OIDC and GitHub. |
+| node | A registered SSH node. The same record is displayed via `tctl nodes ls`. |
 | windows_desktop | A registered Windows desktop. |
 | cluster | A trusted cluster. See [here](../admin-guides/management/admin/trustedclusters.mdx) for more details on connecting clusters together. |
-| [login_rule](#login-rules) | A Login Rule, see the [Login Rules guide](../admin-guides/access-controls/login-rules.mdx) for more info. |
+| [login_rule](#login-rules) | A Login Rule, see the [Login Rules guide](../admin-guides/access-controls/login-rules/login-rules.mdx) for more info. |
 | [device](#device) | A Teleport Trusted Device, see the [Device Trust guide](../admin-guides/access-controls/device-trust/guide.mdx) for more info. |
 | [ui_config](#ui-config) | Configuration for the Web UI served by the Proxy Service |
 | [cluster_auth_preference](#cluster-auth-preferences) | Configuration for the cluster's auth preferences. |
diff --git a/docs/pages/upgrading/overview.mdx b/docs/pages/upgrading/overview.mdx
index f6fd3c03e0740..0f229ba86f285 100644
--- a/docs/pages/upgrading/overview.mdx
+++ b/docs/pages/upgrading/overview.mdx
@@ -69,5 +69,5 @@ upgrade from v10 to v11.
 
 ## Next steps
 
-Return to the [Upgrading Introduction](../upgrading.mdx) for how to upgrade
+Return to the [Upgrading Introduction](upgrading.mdx) for how to upgrade
 individual components within your Teleport cluster.
diff --git a/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx b/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
index 6bf84210e0900..14746f2b98554 100644
--- a/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
+++ b/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
@@ -10,7 +10,7 @@ clusters.
 Teleport agents run an **upgrader** that queries a **version server** to
 determine whether they are out of date. This guide describes how to set up your
 infrastructure to support automatic upgrades. If you are a Teleport Cloud user
-or run a version server already, return to the [Upgrading](../upgrading.mdx)
+or run a version server already, return to the [Upgrading](upgrading.mdx)
 menu for the appropriate next steps to upgrade Teleport.
 
 The [Automatic Update Architecture](../reference/architecture/agent-update-management.mdx)
diff --git a/docs/pages/upgrading.mdx b/docs/pages/upgrading/upgrading.mdx
similarity index 77%
rename from docs/pages/upgrading.mdx
rename to docs/pages/upgrading/upgrading.mdx
index 45f8cdc811d23..aba4f806e069f 100644
--- a/docs/pages/upgrading.mdx
+++ b/docs/pages/upgrading/upgrading.mdx
@@ -13,7 +13,7 @@ Since Teleport is a distributed system with a number of services that run on
 potentially many hosts, you should take care when upgrading the cluster to
 ensure that all components remain compatible.
 
-The [Upgrading Compatibility Overview](./upgrading/overview.mdx) explains how to
+The [Upgrading Compatibility Overview](overview.mdx) explains how to
 upgrade components in your Teleport cluster to ensure that they communicate as
 expected.
 
@@ -26,13 +26,13 @@ services:
 
 Teleport Cloud:
 
-- [Linux Servers](./upgrading/cloud-linux.mdx)
-- [Kubernetes](./upgrading/cloud-kubernetes.mdx)
+- [Linux Servers](cloud-linux.mdx)
+- [Kubernetes](cloud-kubernetes.mdx)
 
 Self-hosted deployments:
 
-- [Linux Servers](./upgrading/self-hosted-linux.mdx)
-- [Kubernetes](./upgrading/self-hosted-kubernetes.mdx)
+- [Linux Servers](self-hosted-linux.mdx)
+- [Kubernetes](self-hosted-kubernetes.mdx)
 
 ## Automatic agent upgrades
 
@@ -43,6 +43,6 @@ and need to install a new version of Teleport.
 On Teleport Cloud, the version server is managed for you.
 
 If you are running Teleport Enterprise, read the [Self-Hosted Automatic Agent
-Updates](./upgrading/self-hosted-automatic-agent-updates.mdx) guide to set up
+Updates](self-hosted-automatic-agent-updates.mdx) guide to set up
 the version server yourself.
 

From 0175288a237ce1d1deaa9505a0eae6c0605b1fe8 Mon Sep 17 00:00:00 2001
From: Matt Smith <matt.smith@goteleport.com>
Date: Wed, 30 Oct 2024 16:12:48 -0400
Subject: [PATCH 39/53] [16.4.3] bump cloud docs (#48111)

---
 docs/config.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/config.json b/docs/config.json
index 2a59b881febb5..e1d1a0fa1554d 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -162,7 +162,7 @@
       "aws_secret_access_key": "zyxw9876-this-is-an-example"
     },
     "cloud": {
-      "version": "16.4.2",
+      "version": "16.4.3",
       "major_version": "16",
       "sla": {
         "monthly_percentage": "99.9%",

From 039d7a307f61f3ed57d846a5c4c71c1577deff71 Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Wed, 30 Oct 2024 15:28:54 -0600
Subject: [PATCH 40/53] [v14] Fix the RDP licensing flow (#47544)

* Fix the RDP licensing flow on v14

Licenses are stored in-memory, so if the agent restarts it will be
forced to go through the "new license" flow for the first session.

* Store RDP licenses in a LRU cache instead of a HashMap

This ensures memory doesn't grow unbounded if we end up caching
a large number of licenses.
---
 Cargo.lock                                    | 59 ++++++++---
 lib/srv/desktop/rdp/rdpclient/Cargo.toml      |  8 +-
 lib/srv/desktop/rdp/rdpclient/client.go       |  9 +-
 .../desktop/rdp/rdpclient/client_common.go    |  6 +-
 lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs  |  1 +
 lib/srv/desktop/rdp/rdpclient/src/lib.rs      | 97 ++++++++++++++++++-
 lib/srv/desktop/windows_server.go             |  1 +
 7 files changed, 159 insertions(+), 22 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 7148f803bba23..0261bb969c4ed 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -17,6 +17,12 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "allocator-api2"
+version = "0.2.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f"
+
 [[package]]
 name = "asn1-rs"
 version = "0.5.1"
@@ -452,6 +458,12 @@ dependencies = [
  "termcolor",
 ]
 
+[[package]]
+name = "equivalent"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
+
 [[package]]
 name = "errno"
 version = "0.3.1"
@@ -504,6 +516,12 @@ dependencies = [
  "miniz_oxide 0.6.2",
 ]
 
+[[package]]
+name = "foldhash"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f81ec6369c545a7d40e4589b5597581fa1c441fe1cce96dd1de43159910a36a2"
+
 [[package]]
 name = "foreign-types"
 version = "0.5.0"
@@ -566,16 +584,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "gethostname"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1ebd34e35c46e00bb73e81363248d627782724609fe1b6396f553f68fe3862e"
-dependencies = [
- "libc",
- "winapi",
-]
-
 [[package]]
 name = "getrandom"
 version = "0.1.16"
@@ -619,6 +627,17 @@ version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 
+[[package]]
+name = "hashbrown"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash",
+]
+
 [[package]]
 name = "heapless"
 version = "0.7.16"
@@ -685,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
 dependencies = [
  "autocfg",
- "hashbrown",
+ "hashbrown 0.12.3",
 ]
 
 [[package]]
@@ -819,6 +838,15 @@ version = "0.4.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
 
+[[package]]
+name = "lru"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
+dependencies = [
+ "hashbrown 0.15.0",
+]
+
 [[package]]
 name = "md-5"
 version = "0.8.0"
@@ -1218,6 +1246,7 @@ dependencies = [
  "iso7816-tlv",
  "libc",
  "log",
+ "lru",
  "num-derive",
  "num-traits",
  "png",
@@ -1233,12 +1262,11 @@ dependencies = [
 [[package]]
 name = "rdp-rs"
 version = "0.1.0"
-source = "git+https://github.com/gravitational/rdp-rs?rev=edfb5330a11d11eaf36d65e4300555368b4c6b02#edfb5330a11d11eaf36d65e4300555368b4c6b02"
+source = "git+https://github.com/gravitational/rdp-rs?rev=2b0d99cc60c7b6474a1e2224a0bd6b2beca56b63#2b0d99cc60c7b6474a1e2224a0bd6b2beca56b63"
 dependencies = [
  "boring",
  "bufstream",
  "byteorder",
- "gethostname",
  "hmac",
  "indexmap",
  "md-5",
@@ -1251,6 +1279,7 @@ dependencies = [
  "ring",
  "rsa 0.6.1",
  "rustls",
+ "uuid",
  "x509-parser",
  "yasna",
 ]
@@ -1706,9 +1735,9 @@ dependencies = [
 
 [[package]]
 name = "uuid"
-version = "1.4.1"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d"
+checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
 dependencies = [
  "getrandom 0.2.8",
 ]
diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml
index 64d155318516d..d7f696f1be9f7 100644
--- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml
+++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml
@@ -1,7 +1,10 @@
 [package]
 name = "rdp-client"
 version = "0.1.0"
-authors = ["Andrew Lytvynov <andrew@goteleport.com>", "Zac Bergquist <zac@goteleport.com>"]
+authors = [
+    "Andrew Lytvynov <andrew@goteleport.com>",
+    "Zac Bergquist <zac@goteleport.com>",
+]
 edition = "2018"
 
 [lib]
@@ -20,10 +23,11 @@ num-traits = "0.2.16"
 rand = { version = "0.8.5", features = ["getrandom"] }
 rand_chacha = "0.3.1"
 rsa = "0.9.2"
-rdp-rs = { git = "https://github.com/gravitational/rdp-rs", rev = "edfb5330a11d11eaf36d65e4300555368b4c6b02" }
+rdp-rs = { git = "https://github.com/gravitational/rdp-rs", rev = "2b0d99cc60c7b6474a1e2224a0bd6b2beca56b63" }
 uuid = { version = "1.4.1", features = ["v4"] }
 utf16string = "0.2.0"
 png = "0.17.10"
+lru = "0.12.5"
 
 [build-dependencies]
 cbindgen = "0.25.0"
diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go
index 8e4fc0b551af6..7c0bb25556c23 100644
--- a/lib/srv/desktop/rdp/rdpclient/client.go
+++ b/lib/srv/desktop/rdp/rdpclient/client.go
@@ -237,12 +237,14 @@ func (c *Client) connect(ctx context.Context) error {
 		return trace.Wrap(err)
 	}
 
-	// Addr and username strings only need to be valid for the duration of
+	// These strings only need to be valid for the duration of
 	// C.connect_rdp. They are copied on the Rust side and can be freed here.
 	addr := C.CString(c.cfg.Addr)
 	defer C.free(unsafe.Pointer(addr))
 	username := C.CString(c.username)
 	defer C.free(unsafe.Pointer(username))
+	hostID := C.CString(c.cfg.HostID)
+	defer C.free(unsafe.Pointer(hostID))
 
 	cert_der, err := utils.UnsafeSliceData(userCertDER)
 	if err != nil {
@@ -261,8 +263,9 @@ func (c *Client) connect(ctx context.Context) error {
 	res := C.connect_rdp(
 		C.uintptr_t(c.handle),
 		C.CGOConnectParams{
-			go_addr:     addr,
-			go_username: username,
+			go_addr:      addr,
+			go_username:  username,
+			go_client_id: hostID,
 			// cert length and bytes.
 			cert_der_len: C.uint32_t(len(userCertDER)),
 			cert_der:     (*C.uint8_t)(cert_der),
diff --git a/lib/srv/desktop/rdp/rdpclient/client_common.go b/lib/srv/desktop/rdp/rdpclient/client_common.go
index 5763598aa81d4..582d5e798faa4 100644
--- a/lib/srv/desktop/rdp/rdpclient/client_common.go
+++ b/lib/srv/desktop/rdp/rdpclient/client_common.go
@@ -32,10 +32,14 @@ import (
 type Config struct {
 	// Addr is the network address of the RDP server, in the form host:port.
 	Addr string
-	// UserCertGenerator generates user certificates for RDP authentication.
+
+	// GenerateUserCert generates user certificates for RDP authentication.
 	GenerateUserCert GenerateUserCertFn
 	CertTTL          time.Duration
 
+	// HostID uniquely identifies the Teleport agent running the RDP client.
+	HostID string
+
 	// AuthorizeFn is called to authorize a user connecting to a Windows desktop.
 	AuthorizeFn func(login string) error
 
diff --git a/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs b/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs
index 7bbb592d74834..2e5990adcc43c 100644
--- a/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs
+++ b/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs
@@ -749,6 +749,7 @@ enum ClipboardFormat {
 /// Sent as a reply to the format list PDU - used to indicate whether
 /// the format list PDU was processed succesfully.
 #[derive(Debug)]
+#[allow(dead_code)]
 struct FormatListResponsePDU {
     // empty, the only information needed is the flags in the header
 }
diff --git a/lib/srv/desktop/rdp/rdpclient/src/lib.rs b/lib/srv/desktop/rdp/rdpclient/src/lib.rs
index d3e30365266db..7f8e0052c3deb 100644
--- a/lib/srv/desktop/rdp/rdpclient/src/lib.rs
+++ b/lib/srv/desktop/rdp/rdpclient/src/lib.rs
@@ -50,6 +50,7 @@ extern crate log;
 extern crate num_derive;
 
 use errors::try_error;
+use lru::LruCache;
 use rand::Rng;
 use rand::SeedableRng;
 use rdp::core::event::*;
@@ -60,6 +61,7 @@ use rdp::core::mcs;
 use rdp::core::sec;
 use rdp::core::tpkt;
 use rdp::core::x224;
+use rdp::core::LicenseStore;
 use rdp::model::error::{Error as RdpError, RdpError as RdpProtocolError, RdpErrorKind, RdpResult};
 use rdp::model::link::{Link, Stream};
 use rdpdr::path::UnixPath;
@@ -72,8 +74,10 @@ use std::io::ErrorKind;
 use std::io::{Cursor, Read, Write};
 use std::net;
 use std::net::{TcpStream, ToSocketAddrs};
+use std::num::NonZeroUsize;
 use std::os::raw::c_char;
 use std::os::unix::io::AsRawFd;
+use std::sync::OnceLock;
 use std::sync::{Arc, Mutex};
 use std::{mem, ptr, slice, time};
 
@@ -182,6 +186,7 @@ pub unsafe extern "C" fn connect_rdp(go_ref: usize, params: CGOConnectParams) ->
     // Convert from C to Rust types.
     let addr = from_c_string(params.go_addr);
     let username = from_c_string(params.go_username);
+    let client_id = from_c_string(params.go_client_id);
     let cert_der = from_go_array(params.cert_der, params.cert_der_len);
     let key_der = from_go_array(params.key_der, params.key_der_len);
 
@@ -190,6 +195,7 @@ pub unsafe extern "C" fn connect_rdp(go_ref: usize, params: CGOConnectParams) ->
         ConnectParams {
             addr,
             username,
+            client_id,
             cert_der,
             key_der,
             screen_width: params.screen_width,
@@ -230,6 +236,7 @@ const RDPSND_CHANNEL_NAME: &str = "rdpsnd";
 pub struct CGOConnectParams {
     go_addr: *const c_char,
     go_username: *const c_char,
+    go_client_id: *const c_char,
     cert_der_len: u32,
     cert_der: *mut u8,
     key_der_len: u32,
@@ -244,6 +251,7 @@ pub struct CGOConnectParams {
 struct ConnectParams {
     addr: String,
     username: String,
+    client_id: String,
     cert_der: Vec<u8>,
     key_der: Vec<u8>,
     screen_width: u16,
@@ -253,6 +261,8 @@ struct ConnectParams {
     show_desktop_wallpaper: bool,
 }
 
+static LICENSE_STORE: OnceLock<LruLicenseStore> = OnceLock::new();
+
 fn connect_rdp_inner(go_ref: usize, params: ConnectParams) -> Result<Client, ConnectError> {
     // Connect and authenticate.
     let addr = params
@@ -288,7 +298,7 @@ fn connect_rdp_inner(go_ref: usize, params: ConnectParams) -> Result<Client, Con
         static_channels.push(cliprdr::CHANNEL_NAME.to_string())
     }
     mcs.connect(
-        "rdp-rs".to_string(),
+        params.client_id.clone(),
         params.screen_width,
         params.screen_height,
         KeyboardLayout::US,
@@ -302,8 +312,12 @@ fn connect_rdp_inner(go_ref: usize, params: ConnectParams) -> Result<Client, Con
     if !params.show_desktop_wallpaper {
         performance_flags |= sec::ExtendedInfoFlag::PerfDisableWallpaper as u32;
     }
+
+    let license_store = LICENSE_STORE.get_or_init(LruLicenseStore::new);
+
     sec::connect(
         &mut mcs,
+        &params.client_id,
         &domain.to_string(),
         &params.username,
         &pin,
@@ -312,6 +326,7 @@ fn connect_rdp_inner(go_ref: usize, params: ConnectParams) -> Result<Client, Con
         // which is known only to Teleport and unique for each RDP session.
         Some(sec::InfoFlag::InfoPasswordIsScPin as u32 | sec::InfoFlag::InfoMouseHasWheel as u32),
         Some(performance_flags),
+        license_store,
     )?;
     // Client for the "global" channel - video output and user input.
     let global = global::Client::new(
@@ -2048,6 +2063,86 @@ pub struct CGOSharedDirectoryListRequest {
     pub path: *const c_char,
 }
 
+const MAX_SAVED_LICENSES: usize = 256;
+
+/// LruLicenseStore stores licenses in an in-memory LRU cache.
+struct LruLicenseStore {
+    licenses: Mutex<LruCache<LicenseStoreKey, Vec<u8>>>,
+}
+
+impl LruLicenseStore {
+    pub fn new() -> Self {
+        Self {
+            licenses: Mutex::new(LruCache::new(
+                NonZeroUsize::new(MAX_SAVED_LICENSES).unwrap(),
+            )),
+        }
+    }
+}
+
+impl LicenseStore for &LruLicenseStore {
+    fn write_license(
+        &mut self,
+        major: u16,
+        minor: u16,
+        company: &str,
+        issuer: &str,
+        product_id: &str,
+        license: &[u8],
+    ) {
+        info!("Saving {major}.{minor} license from {issuer}");
+        self.licenses.lock().unwrap().put(
+            LicenseStoreKey {
+                major,
+                minor,
+                company: company.to_owned(),
+                issuer: issuer.to_owned(),
+                product_id: product_id.to_owned(),
+            },
+            license.to_vec(),
+        );
+    }
+
+    fn read_license(
+        &self,
+        major: u16,
+        minor: u16,
+        company: &str,
+        issuer: &str,
+        product_id: &str,
+    ) -> Option<Vec<u8>> {
+        let license = self
+            .licenses
+            .lock()
+            .unwrap()
+            .get(&LicenseStoreKey {
+                major,
+                minor,
+                company: company.to_owned(),
+                issuer: issuer.to_owned(),
+                product_id: product_id.to_owned(),
+            })
+            .cloned();
+
+        if license.is_some() {
+            info!("Found existing {major}.{minor} license from {issuer}");
+        } else {
+            info!("No existing {major}.{minor} license from {issuer}");
+        }
+
+        license
+    }
+}
+
+#[derive(PartialEq, Eq, Hash)]
+struct LicenseStoreKey {
+    major: u16,
+    minor: u16,
+    company: String,
+    issuer: String,
+    product_id: String,
+}
+
 // These functions are defined on the Go side. Look for functions with '//export funcname'
 // comments.
 extern "C" {
diff --git a/lib/srv/desktop/windows_server.go b/lib/srv/desktop/windows_server.go
index 07d2cc7ebfd8b..803df2a81a644 100644
--- a/lib/srv/desktop/windows_server.go
+++ b/lib/srv/desktop/windows_server.go
@@ -877,6 +877,7 @@ func (s *WindowsService) connectRDP(ctx context.Context, log logrus.FieldLogger,
 		},
 		CertTTL:               windows.CertTTL,
 		Addr:                  addr.String(),
+		HostID:                s.cfg.Heartbeat.HostUUID,
 		Conn:                  tdpConn,
 		AuthorizeFn:           authorize,
 		AllowClipboard:        authCtx.Checker.DesktopClipboard(),

From 53b8ba85edff1319bf82e2658605c48a910ea5f6 Mon Sep 17 00:00:00 2001
From: Nic Klaassen <nic@goteleport.com>
Date: Wed, 30 Oct 2024 14:56:12 -0700
Subject: [PATCH 41/53] [v14] fix EAS bootstrap script (#48179)

Backport #37068 to branch/v14
---
 lib/integrations/externalauditstorage/bootstrap.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/integrations/externalauditstorage/bootstrap.go b/lib/integrations/externalauditstorage/bootstrap.go
index b32dad2eebae5..3806f601dae1c 100644
--- a/lib/integrations/externalauditstorage/bootstrap.go
+++ b/lib/integrations/externalauditstorage/bootstrap.go
@@ -184,8 +184,7 @@ func createTransientBucket(ctx context.Context, clt BootstrapS3Client, bucketNam
 					Status: s3types.ExpirationStatusEnabled,
 					ID:     aws.String("ExpireNonCurrentVersionsAndDeleteMarkers"),
 					NoncurrentVersionExpiration: &s3types.NoncurrentVersionExpiration{
-						NewerNoncurrentVersions: aws.Int32(0),
-						NoncurrentDays:          aws.Int32(1),
+						NoncurrentDays: aws.Int32(1),
 					},
 					AbortIncompleteMultipartUpload: &s3types.AbortIncompleteMultipartUpload{
 						DaysAfterInitiation: aws.Int32(7),

From 24f3e897ded32c5f08f875d0f0bbefbaa353b661 Mon Sep 17 00:00:00 2001
From: Cam Hutchison <camh@goteleport.com>
Date: Thu, 31 Oct 2024 09:44:21 +1100
Subject: [PATCH 42/53] Release 14.3.33 (#48183)

* Release 14.3.33

* docs: Add "keepalive" to spelling list

"keepalives" was already there, we just need the singular for a
changelog entry.
---
 CHANGELOG.md                                  | 27 ++++++++
 Makefile                                      |  2 +-
 api/version.go                                |  2 +-
 .../macos/tsh/tsh.app/Contents/Info.plist     |  4 +-
 .../macos/tshdev/tsh.app/Contents/Info.plist  |  4 +-
 docs/cspell.json                              |  1 +
 examples/chart/teleport-cluster/Chart.yaml    |  2 +-
 .../charts/teleport-operator/Chart.yaml       |  2 +-
 .../auth_clusterrole_test.yaml.snap           |  4 +-
 .../__snapshot__/auth_config_test.yaml.snap   |  4 +-
 .../auth_deployment_test.yaml.snap            | 10 +--
 .../__snapshot__/proxy_config_test.yaml.snap  |  4 +-
 .../proxy_deployment_test.yaml.snap           | 32 +++++-----
 examples/chart/teleport-kube-agent/Chart.yaml |  2 +-
 .../__snapshot__/deployment_test.yaml.snap    | 58 ++++++++---------
 .../tests/__snapshot__/job_test.yaml.snap     | 10 +--
 .../__snapshot__/statefulset_test.yaml.snap   | 64 +++++++++----------
 .../updater_deployment_test.yaml.snap         |  4 +-
 18 files changed, 132 insertions(+), 104 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 49acd47ed4f65..cb067bbb2682a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,32 @@
 # Changelog
 
+## 14.3.33 (10/30/24)
+
+* Fixed a bug in the External Audit Storage bootstrap script that broke S3 bucket creation. [#48179](https://github.com/gravitational/teleport/pull/48179)
+* During the Set Up Access of the Enroll New Resource flows, Okta users will be asked to change the role instead of entering the principals and getting an error afterwards. [#47959](https://github.com/gravitational/teleport/pull/47959)
+* Fixed `teleport_connected_resource` metric overshooting after keepalive errors. [#47951](https://github.com/gravitational/teleport/pull/47951)
+* Fixed an issue preventing connections with users whose configured home directories were inaccessible. [#47918](https://github.com/gravitational/teleport/pull/47918)
+* Auto-enroll may be locally disabled using the `TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1` environment variable. [#47718](https://github.com/gravitational/teleport/pull/47718)
+* Alter ServiceAccounts in the teleport-cluster Helm chart to automatically disable mounting of service account tokens on newer Kubernetes distributions, helping satisfy security linters. [#47701](https://github.com/gravitational/teleport/pull/47701)
+* Avoid tsh auto-enroll escalation in machines without a TPM. [#47697](https://github.com/gravitational/teleport/pull/47697)
+* Postgres database session start events now include the Postgres backend PID for the session. [#47645](https://github.com/gravitational/teleport/pull/47645)
+* Fixes a bug where Let's Encrypt certificate renewal failed in AMI and HA deployments due to insufficient disk space caused by syncing audit logs. [#47623](https://github.com/gravitational/teleport/pull/47623)
+* Adds support for custom SQS consumer lock name and disabling a consumer. [#47612](https://github.com/gravitational/teleport/pull/47612)
+* Include host name instead of host uuid in error messages when SSH connections are prevented due to an invalid login. [#47603](https://github.com/gravitational/teleport/pull/47603)
+* Allow using a custom database for Firestore backends. [#47585](https://github.com/gravitational/teleport/pull/47585)
+* Extended Teleport Discovery Service to support resource discovery across all projects accessible by the service account. [#47566](https://github.com/gravitational/teleport/pull/47566)
+* Fixed a bug that could allow users to list active sessions even when prohibited by RBAC. [#47562](https://github.com/gravitational/teleport/pull/47562)
+* The `tctl tokens ls` command redacts secret join tokens by default. To include the token values, provide the new `--with-secrets` flag. [#47547](https://github.com/gravitational/teleport/pull/47547)
+* Fixed an issue with the Microsoft license negotiation for RDP sessions. [#47544](https://github.com/gravitational/teleport/pull/47544)
+* Fixed a bug where tsh logout failed to parse flags passed with spaces. [#47461](https://github.com/gravitational/teleport/pull/47461)
+* Added kubeconfig context name to the output table of `tsh proxy kube` command for enhanced clarity. [#47381](https://github.com/gravitational/teleport/pull/47381)
+* Improve error messaging when connections to offline agents are attempted. [#47363](https://github.com/gravitational/teleport/pull/47363)
+* Teleport Connect for Linux now requires glibc 2.31 or later. [#47264](https://github.com/gravitational/teleport/pull/47264)
+* Updates self-hosted db discover flow to generate 2190h TTL certs, not 12h. [#47128](https://github.com/gravitational/teleport/pull/47128)
+
+Enterprise:
+* Device auto-enroll failures are now recorded in the audit log.
+
 ## 14.3.32 (10/03/24)
 
 * Fixes an issue preventing access requests from displaying user friendly resource names. [#47110](https://github.com/gravitational/teleport/pull/47110)
diff --git a/Makefile b/Makefile
index bbfe72a349803..9f2996a8fa96e 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
 #   Stable releases:   "1.0.0"
 #   Pre-releases:      "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
 #   Master/dev branch: "1.0.0-dev"
-VERSION=14.3.32
+VERSION=14.3.33
 
 DOCKER_IMAGE ?= teleport
 
diff --git a/api/version.go b/api/version.go
index 85c33d9532400..b22cecce071de 100644
--- a/api/version.go
+++ b/api/version.go
@@ -3,6 +3,6 @@ package api
 
 import "github.com/coreos/go-semver/semver"
 
-const Version = "14.3.32"
+const Version = "14.3.33"
 
 var SemVersion = semver.New(Version)
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index 6735f8f8479f7..6da038d33d6b0 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
 		<key>CFBundlePackageType</key>
 		<string>APPL</string>
 		<key>CFBundleShortVersionString</key>
-		<string>14.3.32</string>
+		<string>14.3.33</string>
 		<key>CFBundleSupportedPlatforms</key>
 		<array>
 			<string>MacOSX</string>
 		</array>
 		<key>CFBundleVersion</key>
-		<string>14.3.32</string>
+		<string>14.3.33</string>
 		<key>DTCompiler</key>
 		<string>com.apple.compilers.llvm.clang.1_0</string>
 		<key>DTPlatformBuild</key>
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index 9c13203eef9be..9dc8dc8ca0723 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
 		<key>CFBundlePackageType</key>
 		<string>APPL</string>
 		<key>CFBundleShortVersionString</key>
-		<string>14.3.32</string>
+		<string>14.3.33</string>
 		<key>CFBundleSupportedPlatforms</key>
 		<array>
 			<string>MacOSX</string>
 		</array>
 		<key>CFBundleVersion</key>
-		<string>14.3.32</string>
+		<string>14.3.33</string>
 		<key>DTCompiler</key>
 		<string>com.apple.compilers.llvm.clang.1_0</string>
 		<key>DTPlatformBuild</key>
diff --git a/docs/cspell.json b/docs/cspell.json
index 7d5437f292cb9..93d8b6d9825de 100644
--- a/docs/cspell.json
+++ b/docs/cspell.json
@@ -510,6 +510,7 @@
     "jumphost",
     "jwks",
     "jwkset",
+    "keepalive",
     "keepalives",
     "keyfile",
     "keymap",
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index 2bfe5c89f2534..48f3067b105f4 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.32"
+.version: &version "14.3.33"
 
 name: teleport-cluster
 apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 22e452ea60dbe..24ebc3c002392 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.32"
+.version: &version "14.3.33"
 
 name: teleport-operator
 apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
index 9d5b45504687b..729891357908e 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
@@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 14.3.32
-        helm.sh/chart: teleport-cluster-14.3.32
+        app.kubernetes.io/version: 14.3.33
+        helm.sh/chart: teleport-cluster-14.3.33
         teleport.dev/majorVersion: "14"
       name: RELEASE-NAME
     rules:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
index 3acd63f6974fb..f78be8a2a897a 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
@@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 14.3.32
-        helm.sh/chart: teleport-cluster-14.3.32
+        app.kubernetes.io/version: 14.3.33
+        helm.sh/chart: teleport-cluster-14.3.33
         teleport.dev/majorVersion: "14"
       name: RELEASE-NAME-auth
       namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index c610ba967a077..2a7b6e989e597 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
 should add an operator side-car when operator is enabled:
   1: |
-    image: public.ecr.aws/gravitational/teleport-operator:14.3.32
+    image: public.ecr.aws/gravitational/teleport-operator:14.3.33
     imagePullPolicy: IfNotPresent
     livenessProbe:
       httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
index 4e2b7ed924172..2ff5e7bbca6e0 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
@@ -567,8 +567,8 @@ sets clusterDomain on Configmap:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 14.3.32
-        helm.sh/chart: teleport-cluster-14.3.32
+        app.kubernetes.io/version: 14.3.33
+        helm.sh/chart: teleport-cluster-14.3.33
         teleport.dev/majorVersion: "14"
       name: RELEASE-NAME-proxy
       namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index 54434b2169674..9afd89752a83d 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 14.3.32
-        helm.sh/chart: teleport-cluster-14.3.32
+        app.kubernetes.io/version: 14.3.33
+        helm.sh/chart: teleport-cluster-14.3.33
         teleport.dev/majorVersion: "14"
       name: RELEASE-NAME-proxy
       namespace: NAMESPACE
@@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods:
       template:
         metadata:
           annotations:
-            checksum/config: 75a5fce8eb5dc94193c7eaf8a5bbcef77dab3e1b320ab45ff2e8dc5cbbca24bc
+            checksum/config: f7106583f842c0c8420a999ea1f7f57be18184cb5688bb9c59d0cf769a824842
             kubernetes.io/pod: test-annotation
             kubernetes.io/pod-different: 4
           labels:
@@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: teleport-cluster
-            app.kubernetes.io/version: 14.3.32
-            helm.sh/chart: teleport-cluster-14.3.32
+            app.kubernetes.io/version: 14.3.33
+            helm.sh/chart: teleport-cluster-14.3.33
             teleport.dev/majorVersion: "14"
         spec:
           affinity:
@@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods:
           containers:
           - args:
             - --diag-addr=0.0.0.0:3000
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             imagePullPolicy: IfNotPresent
             lifecycle:
               preStop:
@@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods:
             - wait
             - no-resolve
             - RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             name: wait-auth-update
           serviceAccountName: RELEASE-NAME-proxy
           terminationGracePeriodSeconds: 60
@@ -137,7 +137,7 @@ should provision initContainer correctly when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       name: wait-auth-update
     - args:
       - echo test
@@ -194,7 +194,7 @@ should set nodeSelector when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -255,7 +255,7 @@ should set nodeSelector when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       name: wait-auth-update
     nodeSelector:
       environment: security
@@ -306,7 +306,7 @@ should set resources when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -374,7 +374,7 @@ should set resources when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       name: wait-auth-update
     serviceAccountName: RELEASE-NAME-proxy
     terminationGracePeriodSeconds: 60
@@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false
@@ -515,7 +515,7 @@ should set securityContext when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -583,7 +583,7 @@ should set securityContext when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index c342bd60ee3e8..cfbc4678346ac 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.32"
+.version: &version "14.3.33"
 
 name: teleport-kube-agent
 apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index 4dc27e1516e72..5590660e7945c 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade:
               value: "true"
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade:
             value: "true"
           - name: TELEPORT_KUBE_CLUSTER_DOMAIN
             value: cluster.local
-          image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+          image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
           imagePullPolicy: IfNotPresent
           livenessProbe:
             failureThreshold: 6
@@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -495,7 +495,7 @@ should expose diag port if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if
         value: cluster.local
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
         value: http://username:password@my.proxy.host:3128
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade:
         value: cluster.local
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: Always
       livenessProbe:
         failureThreshold: 6
@@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index 07a87fa76c4f8..c678bf20142b0 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -106,7 +106,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
                   fieldPath: metadata.namespace
             - name: RELEASE_NAME
               value: RELEASE-NAME
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             imagePullPolicy: IfNotPresent
             name: post-delete-job
             securityContext:
@@ -134,7 +134,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -162,7 +162,7 @@ should set nodeSelector in post-delete hook:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -192,7 +192,7 @@ should set securityContext in post-delete hook:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index b14ad8269dbe1..d4d2b8b85207f 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -18,7 +18,7 @@ sets Pod annotations when specified:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -88,7 +88,7 @@ sets Pod labels when specified:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -182,7 +182,7 @@ sets StatefulSet labels when specified:
               value: RELEASE-NAME
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -280,7 +280,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -350,7 +350,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -440,7 +440,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
               value: RELEASE-NAME
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+            image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -520,7 +520,7 @@ should add volumeMount for data volume when using StatefulSet:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -590,7 +590,7 @@ should expose diag port:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -660,7 +660,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -744,7 +744,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -826,7 +826,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -896,7 +896,7 @@ should have one replica when replicaCount is not set:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -966,7 +966,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1038,7 +1038,7 @@ should mount extraVolumes and extraVolumeMounts:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1115,7 +1115,7 @@ should mount tls.existingCASecretName and set environment when set in values:
         value: cluster.local
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1197,7 +1197,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
         value: /etc/teleport-tls-ca/ca.pem
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1275,7 +1275,7 @@ should not add emptyDir for data when using StatefulSet:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1345,7 +1345,7 @@ should provision initContainer correctly when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1451,7 +1451,7 @@ should set SecurityContext:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1541,7 +1541,7 @@ should set affinity when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1611,7 +1611,7 @@ should set default serviceAccountName when not set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1694,7 +1694,7 @@ should set environment when extraEnv set in values:
         value: cluster.local
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1834,7 +1834,7 @@ should set imagePullPolicy when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: Always
       livenessProbe:
         failureThreshold: 6
@@ -1904,7 +1904,7 @@ should set nodeSelector if set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1988,7 +1988,7 @@ should set preferred affinity when more than one replica is used:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2058,7 +2058,7 @@ should set probeTimeoutSeconds when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2138,7 +2138,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2208,7 +2208,7 @@ should set resources when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2285,7 +2285,7 @@ should set serviceAccountName when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2355,7 +2355,7 @@ should set storage.requests when set in values and action is an Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2425,7 +2425,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2495,7 +2495,7 @@ should set tolerations when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:14.3.32
+      image: public.ecr.aws/gravitational/teleport-distroless:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index 68dd5827bce9a..b78fdb8ecdec8 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
       - --base-image=public.ecr.aws/gravitational/teleport-distroless
       - --version-server=https://my-custom-version-server/v1
       - --version-channel=custom/preview
-      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.32
+      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -71,7 +71,7 @@ sets the tolerations:
       - --base-image=public.ecr.aws/gravitational/teleport-distroless
       - --version-server=https://my-custom-version-server/v1
       - --version-channel=custom/preview
-      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.32
+      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.33
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6

From 883d52a21b4cfb7cfb53182844fa8c74dc4a4ffd Mon Sep 17 00:00:00 2001
From: "teleport-post-release-automation[bot]"
 <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 00:40:05 +0000
Subject: [PATCH 43/53] [auto] docs: Update version to v14.3.33 (#48190)

Co-authored-by: GitHub <noreply@github.com>
---
 docs/config.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/config.json b/docs/config.json
index e1d1a0fa1554d..dc0f078446b9c 100644
--- a/docs/config.json
+++ b/docs/config.json
@@ -206,19 +206,19 @@
     },
     "teleport": {
       "major_version": "14",
-      "version": "14.3.32",
+      "version": "14.3.33",
       "git": "api/14.0.0-gd1e081e",
       "url": "teleport.example.com",
       "golang": "1.21",
       "plugin": {
-        "version": "14.3.32"
+        "version": "14.3.33"
       },
       "helm_repo_url": "https://charts.releases.teleport.dev",
-      "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:14.3.32",
-      "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:14.3.32",
-      "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:14.3.32",
-      "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:14.3.32",
-      "teleport_install_script_url": "https://cdn.teleport.dev/install-v14.3.32.sh"
+      "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:14.3.33",
+      "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:14.3.33",
+      "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:14.3.33",
+      "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:14.3.33",
+      "teleport_install_script_url": "https://cdn.teleport.dev/install-v14.3.33.sh"
     },
     "terraform": {
       "version": "1.0.0"

From 180d6c3cd848388cbacd3aa1c21011df4ea47238 Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Thu, 31 Oct 2024 10:36:07 -0300
Subject: [PATCH 44/53] [v14] Add auto-enroll troubleshooting to docs (#47700)

* Add auto-enroll troubleshooting to docs (#47681)

* Update version to v14.3.33
---
 .../device-trust/enroll-troubleshooting.mdx   | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/pages/includes/device-trust/enroll-troubleshooting.mdx b/docs/pages/includes/device-trust/enroll-troubleshooting.mdx
index c259d908bfb7b..5a43f0ac39074 100644
--- a/docs/pages/includes/device-trust/enroll-troubleshooting.mdx
+++ b/docs/pages/includes/device-trust/enroll-troubleshooting.mdx
@@ -10,3 +10,25 @@ A trusted device needs to be registered and enrolled before it is recognized by
 Teleport as such. Follow the [registration](../../admin-guides/access-controls/device-trust/device-management.mdx) and
 [enrollment](../../admin-guides/access-controls/device-trust/device-management.mdx) steps
 and make sure to `tsh logout` and `tsh login` after enrollment is done.
+
+### Auto enrollment not working
+
+Auto-enrollment ceremonies, due to their automated nature, are stricter than
+regular enrollment. Additional auto-enrollment checks include:
+
+1. Verifying device profile data, such as data originated from Jamf, against the
+   actual device
+2. Verifying that the device is not enrolled by another user (auto-enroll cannot
+   take devices that are already enrolled)
+
+Check you audit log for clues: look for failed "Device Enroll Token Created"
+events and see the "message" field in the details (auto-enroll audit log details
+available since Teleport v14.3.33).
+
+If you suspect (1) is the issue, compare the actual device against its inventory
+definition (`tsh device collect` executed in the actual device vs `tctl get
+device/<asset_tag>`). Tweaking the device profile, manual enrollment or waiting
+for the next MDM sync may solve the issue.
+
+If you suspect (2), you can unenroll the device using `tctl edit
+device/<asset_tag>` and changing the "enroll_status" field to "not_enrolled".

From 6ae5b4585e2aa8d6ea7e16ea2e093fd99e7756e1 Mon Sep 17 00:00:00 2001
From: Taras <9948629+taraspos@users.noreply.github.com>
Date: Thu, 31 Oct 2024 17:35:10 +0000
Subject: [PATCH 45/53] docs: configure second webhook in "Update docs webhook"
 job (#48219)

---
 .github/workflows/update-docs-webhook.yaml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-docs-webhook.yaml b/.github/workflows/update-docs-webhook.yaml
index 47ff3f4bfb042..6ff9e5703107d 100644
--- a/.github/workflows/update-docs-webhook.yaml
+++ b/.github/workflows/update-docs-webhook.yaml
@@ -1,6 +1,8 @@
 name: Update docs webhook
 on:
   push:
+    paths:
+      - 'docs/**'
     branches:
       - master
       - branch/v*
@@ -11,11 +13,19 @@ jobs:
     name: Update docs webhook
     runs-on: ubuntu-latest
     environment: update-docs
+    strategy:
+      fail-fast: false
+      matrix:
+        webhooks:
+        - url_secret_name: DOCS_DEPLOY_HOOK
+          http_method: GET
+        - url_secret_name: AMPLIFY_DOCS_DEPLOY_HOOK
+          http_method: POST
     steps:
       - name: Call deployment webhook
         env:
-          WEBHOOK_URL: ${{ secrets.DOCS_DEPLOY_HOOK }}
+          WEBHOOK_URL: ${{ secrets[matrix.webhooks.url_secret_name] }}
         run: |
-          if curl --silent --fail --show-error "$WEBHOOK_URL" > /dev/null; then
+          if curl -X ${{ matrix.webhooks.http_method }} --silent --fail --show-error "$WEBHOOK_URL" > /dev/null; then
             echo "Triggered successfully"
           fi

From 84ea1e593dcd9c76e692dc839b3a35edc53052c0 Mon Sep 17 00:00:00 2001
From: Erik Tate <erik.tate@goteleport.com>
Date: Thu, 31 Oct 2024 16:37:36 -0400
Subject: [PATCH 46/53] adding an ending step to host user upsert that removes
 any expirations or password locks for managed teleport users (#48161)

---
 integration/hostuser_test.go | 88 ++++++++++++++++++++++++++++++++++++
 lib/srv/usermgmt.go          | 60 ++++++++++++++++++------
 lib/srv/usermgmt_linux.go    | 16 +++++++
 lib/srv/usermgmt_test.go     |  4 ++
 lib/utils/host/hostusers.go  | 77 +++++++++++++++++++++++++++++++
 5 files changed, 231 insertions(+), 14 deletions(-)

diff --git a/integration/hostuser_test.go b/integration/hostuser_test.go
index e0199470e0539..eb767f72963af 100644
--- a/integration/hostuser_test.go
+++ b/integration/hostuser_test.go
@@ -444,6 +444,94 @@ func TestRootHostUsers(t *testing.T) {
 			})
 		}
 	})
+
+	t.Run("Test expiration removal", func(t *testing.T) {
+		expiredUser := "expired-user"
+		backendExpiredUser := "backend-expired-user"
+		t.Cleanup(func() { cleanupUsersAndGroups([]string{expiredUser, backendExpiredUser}, []string{"test-group"}) })
+
+		defaultBackend, err := srv.DefaultHostUsersBackend()
+		require.NoError(t, err)
+
+		backend := &hostUsersBackendWithExp{HostUsersBackend: defaultBackend}
+		users := srv.NewHostUsers(context.Background(), presence, "host_uuid", srv.WithHostUsersBackend(backend))
+
+		// Make sure the backend actually creates expired users
+		err = backend.CreateUser("backend-expired-user", nil, "", "", "")
+		require.NoError(t, err)
+
+		hasExpirations, _, err := host.UserHasExpirations(backendExpiredUser)
+		require.NoError(t, err)
+		require.True(t, hasExpirations)
+
+		// Upsert a new user which should have the expirations removed
+		_, err = users.UpsertUser(expiredUser, services.HostUsersInfo{
+			Mode: types.CreateHostUserMode_HOST_USER_MODE_KEEP,
+		})
+		require.NoError(t, err)
+
+		hasExpirations, _, err = host.UserHasExpirations(expiredUser)
+		require.NoError(t, err)
+		require.False(t, hasExpirations)
+
+		// Expire existing user so we can test that updates also remove expirations
+		expireUser := func(username string) error {
+			chageBin, err := exec.LookPath("chage")
+			require.NoError(t, err)
+
+			cmd := exec.Command(chageBin, "-E", "1", "-I", "1", "-M", "1", username)
+			return cmd.Run()
+		}
+		require.NoError(t, expireUser(expiredUser))
+		hasExpirations, _, err = host.UserHasExpirations(expiredUser)
+		require.NoError(t, err)
+		require.True(t, hasExpirations)
+
+		// Update user without any changes
+		_, err = users.UpsertUser(expiredUser, services.HostUsersInfo{
+			Mode: types.CreateHostUserMode_HOST_USER_MODE_KEEP,
+		})
+		require.NoError(t, err)
+
+		hasExpirations, _, err = host.UserHasExpirations(expiredUser)
+		require.NoError(t, err)
+		require.False(t, hasExpirations)
+
+		// Reinstate expirations again
+		require.NoError(t, expireUser(expiredUser))
+		hasExpirations, _, err = host.UserHasExpirations(expiredUser)
+		require.NoError(t, err)
+		require.True(t, hasExpirations)
+
+		// Update user with changes
+		_, err = users.UpsertUser(expiredUser, services.HostUsersInfo{
+			Mode:   types.CreateHostUserMode_HOST_USER_MODE_KEEP,
+			Groups: []string{"test-group"},
+		})
+		require.NoError(t, err)
+
+		hasExpirations, _, err = host.UserHasExpirations(expiredUser)
+		require.NoError(t, err)
+		require.False(t, hasExpirations)
+	})
+}
+
+type hostUsersBackendWithExp struct {
+	srv.HostUsersBackend
+}
+
+func (u *hostUsersBackendWithExp) CreateUser(name string, groups []string, home, uid, gid string) error {
+	if err := u.HostUsersBackend.CreateUser(name, groups, home, uid, gid); err != nil {
+		return trace.Wrap(err)
+	}
+
+	chageBin, err := exec.LookPath("chage")
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	cmd := exec.Command(chageBin, "-E", "1", "-I", "1", "-M", "1", name)
+	return cmd.Run()
 }
 
 func TestRootLoginAsHostUser(t *testing.T) {
diff --git a/lib/srv/usermgmt.go b/lib/srv/usermgmt.go
index 5a1bc714afd8f..b114ee5f95658 100644
--- a/lib/srv/usermgmt.go
+++ b/lib/srv/usermgmt.go
@@ -38,26 +38,53 @@ import (
 	"github.com/gravitational/teleport/lib/services/local"
 )
 
-// NewHostUsers initialize a new HostUsers object
-func NewHostUsers(ctx context.Context, storage *local.PresenceService, uuid string) HostUsers {
-	//nolint:staticcheck // SA4023. False positive on macOS.
-	backend, err := newHostUsersBackend()
-	switch {
-	case trace.IsNotImplemented(err):
-		log.Debugf("Skipping host user management: %v", err)
-		return nil
-	case err != nil: //nolint:staticcheck // linter fails on non-linux system as only linux implementation returns useful values.
-		log.Warnf("Error making new HostUsersBackend: %s", err)
-		return nil
+type HostUsersOpt = func(hostUsers *HostUserManagement)
+
+// WithHostUsersBackend injects a custom backend to be used within HostUserManagement
+func WithHostUsersBackend(backend HostUsersBackend) HostUsersOpt {
+	return func(hostUsers *HostUserManagement) {
+		hostUsers.backend = backend
 	}
+}
+
+// DefaultHostUsersBackend returns the default HostUsersBackend for the host operating system
+func DefaultHostUsersBackend() (HostUsersBackend, error) {
+	return newHostUsersBackend()
+}
+
+// NewHostUsers initialize a new HostUsers object
+func NewHostUsers(ctx context.Context, storage *local.PresenceService, uuid string, opts ...HostUsersOpt) HostUsers {
+	// handle fields that must be specified or aren't configurable
 	cancelCtx, cancelFunc := context.WithCancel(ctx)
-	return &HostUserManagement{
-		backend:   backend,
+	hostUsers := &HostUserManagement{
 		ctx:       cancelCtx,
 		cancel:    cancelFunc,
 		storage:   storage,
 		userGrace: time.Second * 30,
 	}
+
+	// set configurable fields that don't have to be specified
+	for _, opt := range opts {
+		opt(hostUsers)
+	}
+
+	// set default values for required fields that don't have to be specified
+	if hostUsers.backend == nil {
+		//nolint:staticcheck // SA4023. False positive on macOS.
+		backend, err := newHostUsersBackend()
+		switch {
+		case trace.IsNotImplemented(err), trace.IsNotFound(err):
+			log.WithError(err).Debug("Skipping host user management")
+			return nil
+		case err != nil: //nolint:staticcheck // linter fails on non-linux system as only linux implementation returns useful values.
+			log.WithError(err).Debug(ctx, "Error making new HostUsersBackend")
+			return nil
+		}
+
+		hostUsers.backend = backend
+	}
+
+	return hostUsers
 }
 
 func NewHostSudoers(uuid string) HostSudoers {
@@ -107,7 +134,10 @@ type HostUsersBackend interface {
 	// CreateHomeDirectory creates the users home directory and copies in /etc/skel
 	CreateHomeDirectory(userHome string, uid, gid string) error
 	// GetDefaultHomeDirectory returns the default home directory path for the given user
-	GetDefaultHomeDirectory(user string) (string, error)
+	GetDefaultHomeDirectory(name string) (string, error)
+	// RemoveExpirations removes any sort of password or account expiration from the user
+	// that may have been placed by password policies.
+	RemoveExpirations(name string) error
 }
 
 type userCloser struct {
@@ -433,6 +463,8 @@ func (u *HostUserManagement) UpsertUser(name string, ui services.HostUsersInfo)
 		}
 	}
 
+	// attempt to remove password expirations from managed users if they've been added
+	defer u.backend.RemoveExpirations(name)
 	if err := u.updateUser(name, ui); err != nil {
 		if !errors.Is(err, user.UnknownUserError(name)) {
 			return nil, trace.Wrap(err)
diff --git a/lib/srv/usermgmt_linux.go b/lib/srv/usermgmt_linux.go
index 2c3fb0ef34b7a..3dfa35c5ae4bd 100644
--- a/lib/srv/usermgmt_linux.go
+++ b/lib/srv/usermgmt_linux.go
@@ -21,6 +21,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strconv"
@@ -47,6 +48,16 @@ type HostSudoersProvisioningBackend struct {
 
 // newHostUsersBackend initializes a new OS specific HostUsersBackend
 func newHostUsersBackend() (HostUsersBackend, error) {
+	var missing []string
+	for _, requiredBin := range []string{"usermod", "useradd", "getent", "groupadd", "visudo", "chage"} {
+		if _, err := exec.LookPath(requiredBin); err != nil {
+			missing = append(missing, requiredBin)
+		}
+	}
+	if len(missing) != 0 {
+		return nil, trace.NotFound("missing required binaries: %s", strings.Join(missing, ","))
+	}
+
 	return &HostUsersProvisioningBackend{}, nil
 }
 
@@ -285,3 +296,8 @@ func (u *HostUsersProvisioningBackend) CreateHomeDirectory(user string, uidS, gi
 
 	return nil
 }
+
+func (u *HostUsersProvisioningBackend) RemoveExpirations(username string) error {
+	_, err := host.RemoveUserExpirations(username)
+	return trace.Wrap(err)
+}
diff --git a/lib/srv/usermgmt_test.go b/lib/srv/usermgmt_test.go
index 10a2e836c62ef..a8c05961de5d0 100644
--- a/lib/srv/usermgmt_test.go
+++ b/lib/srv/usermgmt_test.go
@@ -181,6 +181,10 @@ func (*testHostUserBackend) CheckSudoers(contents []byte) error {
 	return errors.New("invalid")
 }
 
+func (*testHostUserBackend) RemoveExpirations(user string) error {
+	return nil
+}
+
 // WriteSudoersFile implements HostUsersBackend
 func (tm *testHostUserBackend) WriteSudoersFile(user string, entries []byte) error {
 	entry := strings.TrimSpace(string(entries))
diff --git a/lib/utils/host/hostusers.go b/lib/utils/host/hostusers.go
index 8db299a1018b0..614d83d3a339a 100644
--- a/lib/utils/host/hostusers.go
+++ b/lib/utils/host/hostusers.go
@@ -17,6 +17,7 @@ limitations under the License.
 package host
 
 import (
+	"bufio"
 	"bytes"
 	"errors"
 	"os/exec"
@@ -154,6 +155,82 @@ func GetAllUsers() ([]string, int, error) {
 	return users, -1, nil
 }
 
+// UserHasExpirations determines if the given username has an expired password, inactive password, or expired account
+// by parsing the output of 'chage -l <username>'.
+func UserHasExpirations(username string) (bool bool, exitCode int, err error) {
+	chageBin, err := exec.LookPath("chage")
+	if err != nil {
+		return false, -1, trace.NotFound("cannot find chage binary: %s", err)
+	}
+
+	stdout := new(bytes.Buffer)
+	stderr := new(bytes.Buffer)
+	cmd := exec.Command(chageBin, "-l", username)
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+	if err := cmd.Run(); err != nil {
+		return false, cmd.ProcessState.ExitCode(), trace.WrapWithMessage(err, "running chage: %s", stderr.String())
+	}
+
+	scanner := bufio.NewScanner(stdout)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if line == "" {
+			// ignore empty lines
+			continue
+		}
+
+		key, value, validLine := strings.Cut(line, ":")
+		if !validLine {
+			return false, -1, trace.Errorf("chage output invalid")
+		}
+
+		if strings.TrimSpace(value) == "never" {
+			continue
+		}
+
+		switch strings.TrimSpace(key) {
+		case "Password expires", "Password inactive", "Account expires":
+			return true, 0, nil
+		}
+	}
+
+	return false, cmd.ProcessState.ExitCode(), nil
+}
+
+// RemoveUserExpirations uses chage to remove any future or past expirations associated with the given username. It also uses usermod to remove any account locks that may have been placed.
+func RemoveUserExpirations(username string) (exitCode int, err error) {
+	chageBin, err := exec.LookPath("chage")
+	if err != nil {
+		return -1, trace.NotFound("cannot find chage binary: %s", err)
+	}
+
+	usermodBin, err := exec.LookPath("usermod")
+	if err != nil {
+		return -1, trace.NotFound("cannot find usermod binary: %s", err)
+	}
+
+	// remove all expirations from user
+	// chage -E -1 -I -1 <username>
+	cmd := exec.Command(chageBin, "-E", "-1", "-I", "-1", "-M", "-1", username)
+	var errs []error
+	if err := cmd.Run(); err != nil {
+		errs = append(errs, trace.Wrap(err, "removing expirations with chage"))
+	}
+
+	// unlock user password if locked
+	cmd = exec.Command(usermodBin, "-U", username)
+	if err := cmd.Run(); err != nil {
+		errs = append(errs, trace.Wrap(err, "removing lock with usermod"))
+	}
+
+	if len(errs) > 0 {
+		return cmd.ProcessState.ExitCode(), trace.NewAggregate(errs...)
+	}
+
+	return cmd.ProcessState.ExitCode(), nil
+}
+
 var ErrInvalidSudoers = errors.New("visudo: invalid sudoers file")
 
 // CheckSudoers tests a suders file using `visudo`. The contents

From 5355aa9835bc15f7a1c2c94c9d7e80157881378e Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Fri, 1 Nov 2024 08:56:17 -0400
Subject: [PATCH 47/53] [v14] Add troubleshooting info to Usage and Billing
 page (#48083)

* Add troubleshooting info to Usage and Billing page

Turn the section on validating usage data into the intro paragraph for a
troubleshooting section. We don't actually need to compare the usage
reporting system to audit events, and removing the comparison makes this
information concise enough for an introductory paragraph.

Add H2s for issues we have identified with usage reporting and billing
on self-hosted clusters.

* Fix grammar in the Usage/Billing guide
---
 docs/pages/usage-billing.mdx | 70 ++++++++++++++++++++++++++----------
 1 file changed, 51 insertions(+), 19 deletions(-)

diff --git a/docs/pages/usage-billing.mdx b/docs/pages/usage-billing.mdx
index f3a0f1a2ab4c9..5a91ced765815 100644
--- a/docs/pages/usage-billing.mdx
+++ b/docs/pages/usage-billing.mdx
@@ -64,25 +64,6 @@ Set the `TELEPORT_REPORTING_HTTPS_PROXY` and `TELEPORT_REPORTING_HTTP_PROXY`
 environment variables to your proxy address. That will apply as the HTTP connect
 proxy setting overriding `HTTPS_PROXY` and `HTTP_PROXY` just for outbound usage reporting.
 
-### Validating usage reports
-
-The system that Teleport uses for submitting usage reports is independent of the
-system that Teleport uses for submitting audit events. 
-
-Teleport processes submit audit events to the Teleport Auth Service, which
-stores them on its audit event backend for retrieval by Teleport API clients. In
-contrast, usage reports are aggregated on a submission service that runs either
-on self-hosted Teleport infrastructure or Teleport Cloud, depending on the
-user's plan. The submission service persists usage reports in the case of a
-submission failure. After a successful submission, the submission service
-deletes the reports.
-
-It is not possible for Teleport users to independently validate usage event
-data, as there is no way to set up a third-party usage event destination or
-retrieve usage events from a Teleport backend. Reach out to
-support@goteleport.com if you have questions about usage reporting on your
-Teleport account.
-
 ## Billing metrics
 
 Teleport uses the anonymized usage data described in the previous section to
@@ -144,6 +125,11 @@ to compute a daily TPR. Then we average the daily TPR over a monthly period,
 which starts on the subscription start date and ends on each monthly anniversary
 thereafter.
 
+If you recreate a single resource more than once an hour, this will affect the
+hourly average. For example, if you were to create then delete 10 servers three
+times in one hour, Teleport would display 10 servers at any given time. However,
+for the entire hour, Teleport would report 30 protected servers.
+
 ## Usage measurement for billing
 
 We aggregate all counts of the billing metrics on a monthly basis starting on
@@ -155,3 +141,49 @@ Subscription, also known as a high water mark calculation.
 
 Reach out to sales@goteleport.com if you have questions about the
 commercial editions of Teleport.
+
+## Troubleshooting usage and billing
+
+Teleport aggregates usage reports on a submission service that runs either on
+self-hosted Teleport infrastructure or Teleport Cloud, depending on the user's
+plan. The submission service persists usage reports in the case of a submission
+failure, and deletes the reports after a successful submission. It is not
+possible to set up a third-party destination for usage events to independently
+verify usage event data. 
+
+If you are using Teleport Enterprise (Cloud), your usage data is accurate as
+long as Teleport-managed reporting infrastructure works as expected (check the
+[status page](https://status.teleport.sh/) for any incidents). On self-hosted
+Teleport Enterprise clusters, some conditions can interfere with data reporting.
+This section describes some scenarios that can lead to inaccurate data on
+self-hosted clusters.
+
+If you suspect that any of these scenarios describe your Teleport cluster, or
+your usage data appears inaccurate, reach out to support@goteleport.com.
+
+### Multiple Teleport clusters
+
+In versions older than v14.3.1, Teleport does not de-duplicate users as expected
+across multiple Teleport clusters that belong to the same account. If you are
+running multiple Teleport clusters with affected versions, the count of active
+users may be higher than expected.
+
+### Unexpected license differences
+
+When distributing copies of your Teleport Enterprise (Self-Hosted) license
+across Auth Service instances, you must not download a license multiple times
+from your Teleport account. Instead, you must download a license once and copy
+that license across Auth Service instances. Otherwise, the Teleport usage
+reporting infrastructure will identify multiple licenses and misrepresent your
+usage numbers.
+
+### SSO users
+
+In Teleport, single sign-on (SSO) users are ephemeral. Teleport deletes an SSO
+user when its session expires. To count the number of SSO users in your cluster,
+you can examine Teleport audit events for unique SSO users that have
+authenticated to Teleport during a given time period. The Teleport documentation
+includes how-to guides for exporting audit events to common log management
+solutions so you can identify users that have authenticated using an SSO
+provider.
+

From 1823162772513b08da8fd69943b76efd643bb2d2 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Fri, 1 Nov 2024 10:41:45 -0400
Subject: [PATCH 48/53] Fix TestEmitAuditEventForLargeEvents (#48228)

The test relied on the fact that AppSessionRequests did not
implement TrimToMaxSize. However, now that all events are forced
to implemement TrimToMaxSize the test was always failing. To fix
a wrapper around the event was added that overrides TrimToMaxSize
that does no trimming.
---
 lib/events/dynamoevents/dynamoevents_test.go | 23 +++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/lib/events/dynamoevents/dynamoevents_test.go b/lib/events/dynamoevents/dynamoevents_test.go
index 21a9ed30a6195..656fb52eec4ae 100644
--- a/lib/events/dynamoevents/dynamoevents_test.go
+++ b/lib/events/dynamoevents/dynamoevents_test.go
@@ -312,17 +312,30 @@ func TestEmitAuditEventForLargeEvents(t *testing.T) {
 		assert.Len(t, result, 1)
 	}, 10*time.Second, 500*time.Millisecond)
 
-	appReqEvent := &apievents.AppSessionRequest{
-		Metadata: apievents.Metadata{
-			Time: tt.suite.Clock.Now().UTC(),
-			Type: events.AppSessionRequestEvent,
+	appReqEvent := &testAuditEvent{
+		AppSessionRequest: apievents.AppSessionRequest{
+			Metadata: apievents.Metadata{
+				Time: tt.suite.Clock.Now().UTC(),
+				Type: events.AppSessionRequestEvent,
+			},
+			Path: strings.Repeat("A", maxItemSize),
 		},
-		Path: strings.Repeat("A", maxItemSize),
 	}
 	err = tt.suite.Log.EmitAuditEvent(ctx, appReqEvent)
 	require.ErrorContains(t, err, "ValidationException: Item size has exceeded the maximum allowed size")
 }
 
+// testAuditEvent wraps an existing AuditEvent, but overrides
+// the TrimToMaxSize to be a noop so that functionality can
+// be tested if an event exceeds the size limits.
+type testAuditEvent struct {
+	apievents.AppSessionRequest
+}
+
+func (t *testAuditEvent) TrimToMaxSize(maxSizeBytes int) apievents.AuditEvent {
+	return t
+}
+
 func TestConfig_SetFromURL(t *testing.T) {
 	useFipsCfg := Config{
 		UseFIPSEndpoint: types.ClusterAuditConfigSpecV2_FIPS_ENABLED,

From 9c1624d6d4fb2ddac3b5f051194d3a5fb386c765 Mon Sep 17 00:00:00 2001
From: Gus Rivera <gus.rivera@goteleport.com>
Date: Fri, 1 Nov 2024 10:57:25 -0500
Subject: [PATCH 49/53] [v14] Increasing timeout for pam smoke tests (#48232)

* Increasing timeout for pam tests

* Adding commentary
---
 build.assets/charts/smoke_tests/01_pam/test.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/build.assets/charts/smoke_tests/01_pam/test.sh b/build.assets/charts/smoke_tests/01_pam/test.sh
index 442f2cea38d8f..8ae6c34f8f529 100755
--- a/build.assets/charts/smoke_tests/01_pam/test.sh
+++ b/build.assets/charts/smoke_tests/01_pam/test.sh
@@ -6,4 +6,8 @@
 #
 # If teleport is still up when the timeout expires, then we're 
 # probably OK
-timeout --preserve-status 10s docker run --platform $1 --rm --entrypoint /usr/local/bin/teleport -v "$(pwd):/etc/teleport" $2 start -c /etc/teleport/config.yaml
\ No newline at end of file
+#
+# A timeout of 20s is set to account for potentially slow startup times.
+# QEMU eumlation may slow startup time for some platforms and during that
+# time the process won't shutdown gracefully resulting in a nonzero code.
+timeout --preserve-status 20s docker run --platform $1 --rm --entrypoint /usr/local/bin/teleport -v "$(pwd):/etc/teleport" $2 start -c /etc/teleport/config.yaml

From 0effea884f86aeef0edac3a94c38524a3f2a4d53 Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Mon, 4 Nov 2024 18:58:42 +0000
Subject: [PATCH 50/53] [kube] use local image for kubernetes integration tests
 (#48321) (#48386)

* [kube] use local image for kubernetes integration tests

This PR replaces the use of the `nginx:latest` Docker image in Kubernetes integration tests with a custom-built image based on `alpine:3.20.3`. This custom image includes a shell for `kubectl exec` integration tests and a compiled binary to act as an HTTP server.

This change addresses recent issues where test workflows failed due to problems downloading the `nginx` image.

* add information about the image

* source files from alpine cdn

* copy files from alpine

* Update fixtures/alpine/README.md



* Update fixtures/alpine/README.md



* source files from alpine cdn (again)

---------

Co-authored-by: Alan Parra <alan.parra@goteleport.com>
---
 .../kube-integration-tests-non-root.yaml      | 33 ++++++++++++
 .gitignore                                    |  2 +
 fixtures/alpine/Dockerfile                    |  9 ++++
 fixtures/alpine/README.md                     | 50 ++++++++++++++++++
 .../alpine-ncopa.at.alpinelinux.org.asc       | 52 +++++++++++++++++++
 fixtures/alpine/webserver.go                  | 26 ++++++++++
 integration/kube_integration_test.go          | 13 +++--
 7 files changed, 182 insertions(+), 3 deletions(-)
 create mode 100644 fixtures/alpine/Dockerfile
 create mode 100644 fixtures/alpine/README.md
 create mode 100644 fixtures/alpine/alpine-ncopa.at.alpinelinux.org.asc
 create mode 100644 fixtures/alpine/webserver.go

diff --git a/.github/workflows/kube-integration-tests-non-root.yaml b/.github/workflows/kube-integration-tests-non-root.yaml
index ac2892e75cbcd..af1c4613b4630 100644
--- a/.github/workflows/kube-integration-tests-non-root.yaml
+++ b/.github/workflows/kube-integration-tests-non-root.yaml
@@ -28,6 +28,7 @@ on:
 env:
   TEST_KUBE: true
   KUBECONFIG: /home/.kube/config
+  ALPINE_VERSION: 3.20.3
 
 jobs:
   test:
@@ -81,6 +82,38 @@ jobs:
           cp -r $HOME/.kube /home/
           chown -R ci:ci /home/.kube
 
+      - name: Build Alpine image with webserver
+        run: |
+
+          export SHORT_VERSION=${ALPINE_VERSION%.*}
+
+          # download the alpine image
+          # store the files in the fixtures/alpine directory
+          # to avoid passing all the repository files to the docker build context.
+          cd ./fixtures/alpine
+
+          # download alpine minirootfs and signature
+          curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz
+          curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.asc
+          curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.sha256
+
+          # verify the checksum
+          sha256sum -c alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.sha256
+
+          # verify the signature
+          gpg --import  ./alpine-ncopa.at.alpinelinux.org.asc
+          gpg --verify ./alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.asc ./alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz
+
+          # build the webserver
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./webserver ./webserver.go
+
+          docker build -t alpine-webserver:v1 --build-arg=ALPINE_VERSION=$ALPINE_VERSION -f ./Dockerfile .
+
+          # load the image into the kind cluster
+          kind load docker-image alpine-webserver:v1
+
+          cd - 
+
       - name: Run tests
         timeout-minutes: 40
         run: |
diff --git a/.gitignore b/.gitignore
index 6adc620d19d35..c87cd2d47bda5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,8 @@ default.etcd
 
 # usually release tarballs get in the way
 *.gz
+# ignore all tarballs except the alpine one
+!fixtures/alpine/alpine-minirootfs-*.tar.gz
 *.zip
 
 # editors
diff --git a/fixtures/alpine/Dockerfile b/fixtures/alpine/Dockerfile
new file mode 100644
index 0000000000000..4b66c356c5466
--- /dev/null
+++ b/fixtures/alpine/Dockerfile
@@ -0,0 +1,9 @@
+FROM scratch
+
+ARG ALPINE_VERSION
+
+ADD alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz /
+
+COPY webserver /webserver
+
+CMD [ "/webserver" ]
diff --git a/fixtures/alpine/README.md b/fixtures/alpine/README.md
new file mode 100644
index 0000000000000..a6506854275fd
--- /dev/null
+++ b/fixtures/alpine/README.md
@@ -0,0 +1,50 @@
+# `alpine-webserver:v1` Build Process
+
+## Source
+
+The `alpine-webserver:v1` image is based on `alpine` `minirootfs`, but instead of relying on Docker Hub's official Alpine image, we source the original files directly from Alpine's CDN. This approach mitigates issues with Docker Hub and GitHub Action network failures, which have been a common cause of integration test failures.
+
+The build process is specified in the `.github/workflows/kube-integration-tests-non-root.yaml` file.
+
+## Download
+
+To download the new `alpine-minirootfs` image, follow the instructions:
+
+```bash
+$ export ALPINE_VERSION=3.20.3
+$ export SHORT_VERSION=${ALPINE_VERSION%.*}
+
+# download alpine minirootfs and signature
+$ curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz
+$ curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.asc
+$ curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.sha256
+          
+```
+
+## Source Validation
+
+The build process in `.github/workflows/kube-integration-tests-non-root.yaml` validates both the SHA-256 checksum and the GPG signature. The signature verification uses `alpine-ncopa.at.alpinelinux.org.asc`, which is the official public key used by Alpine Linux to sign its assets. This public key is available on the [Alpine Linux Downloads page](https://www.alpinelinux.org/downloads/).
+
+## Image Build Process
+
+The image is constructed from a scratch filesystem and incorporates only the necessary components to run the web server. Here’s the basic Dockerfile configuration:
+
+```Dockerfile
+FROM scratch
+
+ARG ALPINE_VERSION
+
+ADD alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz /
+
+COPY webserver /webserver
+
+CMD [ "/webserver" ]
+```
+
+This minimalist configuration ensures the image remains lightweight, secure, and tailored to only the required functionalities.
+
+## Image distribution
+
+After sucessfull build, the image is loaded into our `kind` cluster with the tag `alpine-webserver:v1`.
+
+Note: `:latest` can't be used otherwise Kubernetes will try loading the image from dockerhub and fail.
\ No newline at end of file
diff --git a/fixtures/alpine/alpine-ncopa.at.alpinelinux.org.asc b/fixtures/alpine/alpine-ncopa.at.alpinelinux.org.asc
new file mode 100644
index 0000000000000..b4b34a5b3da96
--- /dev/null
+++ b/fixtures/alpine/alpine-ncopa.at.alpinelinux.org.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFSIEDwBEADbib88gv1dBgeEez1TIh6A5lAzRl02JrdtYkDoPr5lQGYv0qKP
+lWpd3jgGe8n90krGmT9W2nooRdyZjZ6UPbhYSJ+tub6VuKcrtwROXP2gNNqJA5j3
+vkXQ40725CVig7I3YCpzjsKRStwegZAelB8ZyC4zb15J7YvTVkd6qa/uuh8H21X2
+h/7IZJz50CMxyz8vkdyP2niIGZ4fPi0cVtsg8l4phbNJ5PwFOLMYl0b5geKMviyR
+MxxQ33iNa9X+RcWeR751IQfax6xNcbOrxNRzfzm77fY4KzBezcnqJFnrl/p8qgBq
+GHKmrrcjv2MF7dCWHGAPm1/vdPPjUpOcEOH4uGvX7P4w2qQ0WLBTDDO47/BiuY9A
+DIwEF1afNXiJke4fmjDYMKA+HrnhocvI48VIX5C5+C5aJOKwN2EOpdXSvmsysTSt
+gIc4ffcaYugfAIEn7ZdgcYmTlbIphHmOmOgt89J+6Kf9X6mVRmumI3cZWetf2FEV
+fS9v24C2c8NRw3LESoDT0iiWsCHcsixCYqqvjzJBJ0TSEIVCZepOOBp8lfMl4YEZ
+BVMzOx558LzbF2eR/XEsr3AX7Ga1jDu2N5WzIOa0YvJl1xcQxc0RZumaMlZ81dV/
+uu8G2+HTrJMZK933ov3pbxaZ38/CbCA90SBk5xqVqtTNAHpIkdGj90v2lwARAQAB
+tCVOYXRhbmFlbCBDb3BhIDxuY29wYUBhbHBpbmVsaW51eC5vcmc+iQI2BBMBCAAg
+BQJUiBA8AhsDBQsJCAcCBhUICQoLAgMWAgECHgECF4AACgkQKTrNCQfZSVrcNxAA
+mEzX9PQaczzlPAlDe3m1AN0lP6E/1pYWLBGs6qGh18cWxdjyOWsO47nA1P+cTGSS
+AYe4kIOIx9kp2SxObdKeZTuZCBdWfQu/cuRE12ugQQFERlpwVRNd6NYuT3WyZ7v8
+ZXRw4f33FIt4CSrW1/AyM/vrA+tWNo7bbwr/CFaIcL8kINPccdFOpWh14erONd/P
+Eb3gO81yXIA6c1Vl4mce2JS0hd6EFohxS5yMQJMRIS/Zg8ufT3yHJXIaSnG+KRP7
+WWLR0ZaLraCykYi/EW9mmQ49LxQqvKOgjpRW9aNgDA+arKl1umjplkAFI1GZ0/qA
+sgKm4agdvLGZiCZqDXcRWNolG5PeOUUpim1f59pGnupZ3Rbz4BF84U+1uL+yd0OR
+5Y98AxWFyq0dqKz/zFYwQkMVnl9yW0pkJmP7r6PKj0bhWksQX+RjYPosj3wxPZ7i
+SKMX7xZaqon/CHpH9/Xm8CabGcDITrS6h+h8x0FFT/MV/LKgc3q8E4mlXelew1Rt
+xK4hzXFpXKl0WcQg54fj1Wqy47FlkArG50di0utCBGlmVZQA8nqE5oYkFLppiFXz
+1SXCXojff/XZdNF2WdgV8aDKOYTK1WDPUSLmqY+ofOkQL49YqZ9M5FR8hMAbvL6e
+4CbxVXCkWJ6Q9Lg79AzS3pvOXCJ/CUDQs7B30v026Ba5Ag0EVIgQPAEQAMHuPAv/
+B0KP9SEA1PsX5+37k46lTP7lv7VFd7VaD1rAUM/ZyD2fWgrJprcCPEpdMfuszfOH
+jGVQ708VQ+vlD3vFoOZE+KgeKnzDG9FzYXXPmxkWzEEqI168ameF/LQhN12VF1mq
+5LbukiAKx2ytb1I8onvCvNJDvH1D/3BxSj7ThV9bP/bFufcOHFBMFwtyBmUaR5Wx
+96Bq+7DEbTrxhshoQgUqILEudUyhZa05/TrpUvC4f8qc0deaqJFO1zD6guZxRWZd
+SWJdcFzTadyg36P4eyFMxa1Ft7BlDKdKLAFlCGgR0jfOnKRmdRKGRNFTLQ68aBld
+N4wxBuMwe0tmRw9zYwWwD43Aq9E26YtuxVR1wb3zUmi+47QH4ANAzMioimE9Mj5S
+qYrgzQJ0IGwIjBt+HNzHvYX+kyMuVFK41k2Vo6oUOVHuQMu3UgLvSPMsyw69d+Iw
+K/rrsQwuutrvJ8Qcda3rea1HvWBVcY/uyoRsOsCS7itS6MK6KKTKaW8iskmEb2/h
+Q1ZB1QaWm2sQ8Xcmb3QZgtyBfZKuC95T/mAXPT0uET6bTpP5DdEi3wFs+qw/c9FZ
+SNDZ4hfNuS24d2u3Rh8LWt/U83ieAutNntOLGhvuZm1jLYt2KvzXE8cLt3V75/ZF
+O+xEV7rLuOtrHKWlzgJQzsDp1gM4Tz9ULeY7ABEBAAGJAh8EGAEIAAkFAlSIEDwC
+GwwACgkQKTrNCQfZSVrIgBAArhCdo3ItpuEKWcxx22oMwDm+0dmXmzqcPnB8y9Tf
+NcocToIXP47H1+XEenZdTYZJOrdqzrK6Y1PplwQv6hqFToypgbQTeknrZ8SCDyEK
+cU4id2r73THTzgNSiC4QAE214i5kKd6PMQn7XYVjsxvin3ZalS2x4m8UFal2C9nj
+o8HqoTsDOSRy0mzoqAqXmeAe3X9pYme/CUwA6R8hHEgX7jUhm/ArVW5wZboAinw5
+BmKBjWiIwT1vxfvwgbC0EA1O24G4zQqEJ2ILmcM3RvWwtFFWasQqV7qnKdpD8EIb
+oPa8Ocl7joDc5seK8BzsI7tXN4Yjw0aHCOlZ15fWHPYKgDFRQaRFffODPNbxQNiz
+Yru3pbEWDLIUoQtJyKl+o2+8m4aWCYNzJ1WkEQje9RaBpHNDcyen5yC73tCEJsvT
+ZuMI4Xqc4xgLt8woreKE57GRdg2fO8fO40X3R/J5YM6SqG7y2uwjVCHFBeO2Nkkr
+8nOno+Rbn2b03c9MapMT4ll8jJds4xwhhpIjzPLWd2ZcX/ZGqmsnKPiroe9p1VPo
+lN72Ohr9lS+OXfvOPV2N+Ar5rCObmhnYbXGgU/qyhk1qkRu+w2bBZOOQIdaCfh5A
+Hbn3ZGGGQskgWZDFP4xZ3DWXFSWMPuvEjbmUn2xrh9oYsjsOGy9tyBFFySU2vyZP
+Mkc=
+=FcYC
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/fixtures/alpine/webserver.go b/fixtures/alpine/webserver.go
new file mode 100644
index 0000000000000..b41a818ffc18c
--- /dev/null
+++ b/fixtures/alpine/webserver.go
@@ -0,0 +1,26 @@
+// Teleport
+// Copyright (C) 2024 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import "net/http"
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("Hello, world!"))
+	})
+	http.ListenAndServe(":80", nil)
+}
diff --git a/integration/kube_integration_test.go b/integration/kube_integration_test.go
index 2e74ff76ea2db..9c5140a28023c 100644
--- a/integration/kube_integration_test.go
+++ b/integration/kube_integration_test.go
@@ -1436,7 +1436,7 @@ func testKubeEphemeralContainers(t *testing.T, suite *KubeSuite) {
 	sessCreatorTerm := NewTerminal(250)
 	group := &errgroup.Group{}
 	group.Go(func() error {
-		cmd := []string{"/bin/sh", "echo", "hello from an ephemeral container"}
+		cmd := []string{"/bin/sh", "-c", "echo hello from an ephemeral container"}
 		debugPod, _, err := generateDebugContainer(contName, cmd, pod)
 		if err != nil {
 			return trace.Wrap(err)
@@ -1541,7 +1541,7 @@ func generateDebugContainer(name string, cmd []string, pod *v1.Pod) (*v1.Pod, *v
 	ec := &v1.EphemeralContainer{
 		EphemeralContainerCommon: v1.EphemeralContainerCommon{
 			Name:                     name,
-			Image:                    "alpine:latest",
+			Image:                    localPodImage,
 			Command:                  cmd,
 			ImagePullPolicy:          v1.PullIfNotPresent,
 			Stdin:                    true,
@@ -1704,6 +1704,13 @@ func newNamespace(name string) *v1.Namespace {
 	}
 }
 
+// localPodImage is a container image that is used for testing
+// It's a docker image that runs a simple web server
+// that listens on port 80 and returns "Hello, World!" on GET /
+// This image is vendored in the Teleport repository in the
+// fixtures/alpine directory. Check the Dockerfile there for details.
+const localPodImage = "alpine-webserver:v1"
+
 func newPod(ns, name string) *v1.Pod {
 	return &v1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
@@ -1713,7 +1720,7 @@ func newPod(ns, name string) *v1.Pod {
 		Spec: v1.PodSpec{
 			Containers: []v1.Container{{
 				Name:  "nginx",
-				Image: "nginx:alpine",
+				Image: localPodImage,
 			}},
 		},
 	}

From 699817ac15fd22738b013340136c632ed8dfa972 Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:42:21 -0500
Subject: [PATCH 51/53] [v14] Support double dash delimiter in tsh ssh (#47495)

* Support double dash delimiter in tsh ssh

This PR extends the tsh ssh command by adding support for the
double dash (--) delimiter before remote commands (e.g.
`tsh ssh -- echo test`), aligning its behavior with the standard
ssh binary. This improves compatibility with tools that rely on the
standard ssh binary behavior, such as sshuttle.

Fixes #18453, #16589.

Signed-off-by: Tim Ross <tim.ross@goteleport.com>

* Support double dash delimiter in tsh ssh

This PR extends the tsh ssh command by adding support for the
double dash (--) delimiter before remote commands (e.g.
`tsh ssh -- echo test`), aligning its behavior with the standard
ssh binary. This improves compatibility with tools that rely on the
standard ssh binary behavior, such as sshuttle.

Fixes #18453, #16589.

Signed-off-by: Tim Ross <tim.ross@goteleport.com>

* fix: update tests

---------

Signed-off-by: Tim Ross <tim.ross@goteleport.com>
Co-authored-by: Samir Aguiar <sjorgedeaguiar@netskope.com>
---
 tool/tsh/common/tsh.go      |   5 +
 tool/tsh/common/tsh_test.go | 177 ++++++++++++++++++++++++++++++++++++
 2 files changed, 182 insertions(+)

diff --git a/tool/tsh/common/tsh.go b/tool/tsh/common/tsh.go
index c3bce55a74c2d..a65866b796d18 100644
--- a/tool/tsh/common/tsh.go
+++ b/tool/tsh/common/tsh.go
@@ -3533,6 +3533,11 @@ func onSSH(cf *CLIConf) error {
 
 	tc.AllowHeadless = true
 
+	// Support calling `tsh ssh -- <command>` (with a double dash before the command)
+	if len(cf.RemoteCommand) > 0 && strings.TrimSpace(cf.RemoteCommand[0]) == "--" {
+		cf.RemoteCommand = cf.RemoteCommand[1:]
+	}
+
 	tc.Stdin = os.Stdin
 	err = retryWithAccessRequest(cf, tc, func() error {
 		err = client.RetryWithRelogin(cf.Context, tc, func() error {
diff --git a/tool/tsh/common/tsh_test.go b/tool/tsh/common/tsh_test.go
index 4301a7ebdffce..7e8506fb2eaf8 100644
--- a/tool/tsh/common/tsh_test.go
+++ b/tool/tsh/common/tsh_test.go
@@ -2041,6 +2041,183 @@ func TestAccessRequestOnLeaf(t *testing.T) {
 	require.NoError(t, err)
 }
 
+// TestSSHCommand tests that a user can access a single SSH node and run commands.
+func TestSSHCommands(t *testing.T) {
+	modules.SetTestModules(t, &modules.TestModules{TestBuildType: modules.BuildEnterprise})
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	accessRoleName := "access"
+	sshHostname := "test-ssh-server"
+
+	accessUser, err := types.NewUser(accessRoleName)
+	require.NoError(t, err)
+	accessUser.SetRoles([]string{accessRoleName})
+
+	user, err := user.Current()
+	require.NoError(t, err)
+	accessUser.SetLogins([]string{user.Username})
+
+	traits := map[string][]string{
+		constants.TraitLogins: {user.Username},
+	}
+	accessUser.SetTraits(traits)
+
+	connector := mockConnector(t)
+	rootServerOpts := []testserver.TestServerOptFunc{
+		testserver.WithBootstrap(connector, accessUser),
+		testserver.WithHostname(sshHostname),
+		testserver.WithClusterName(t, "root"),
+		testserver.WithSSHLabel(accessRoleName, "true"),
+		testserver.WithSSHPublicAddrs("127.0.0.1:0"),
+		testserver.WithConfig(func(cfg *servicecfg.Config) {
+			cfg.SSH.Enabled = true
+			cfg.SSH.PublicAddrs = []utils.NetAddr{cfg.SSH.Addr}
+			cfg.SSH.DisableCreateHostUser = true
+		}),
+	}
+	rootServer := testserver.MakeTestServer(t, rootServerOpts...)
+
+	rootProxyAddr, err := rootServer.ProxyWebAddr()
+	require.NoError(t, err)
+
+	require.EventuallyWithT(t, func(t *assert.CollectT) {
+		rootNodes, err := rootServer.GetAuthServer().GetNodes(ctx, apidefaults.Namespace)
+		if !assert.NoError(t, err) || !assert.Len(t, rootNodes, 1) {
+			return
+		}
+	}, 10*time.Second, 100*time.Millisecond)
+
+	tmpHomePath := t.TempDir()
+	rootAuth := rootServer.GetAuthServer()
+
+	err = Run(ctx, []string{
+		"login",
+		"--insecure",
+		"--proxy", rootProxyAddr.String(),
+		"--user", user.Username,
+	}, setHomePath(tmpHomePath), setMockSSOLogin(rootAuth, accessUser, connector.GetName()))
+	require.NoError(t, err)
+
+	tests := []struct {
+		name      string
+		args      []string
+		expected  string
+		shouldErr bool
+	}{
+		{
+			// Test that a simple echo works.
+			name:     "ssh simple command",
+			expected: "this is a test message",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"echo",
+				"this is a test message",
+			},
+			shouldErr: false,
+		},
+		{
+			// Test that commands can be prefixed with a double dash.
+			name:     "ssh command with double dash",
+			expected: "this is a test message",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"--",
+				"echo",
+				"this is a test message",
+			},
+			shouldErr: false,
+		},
+		{
+			// Test that a double dash is not removed from the middle of a command.
+			name:     "ssh command with double dash in the middle",
+			expected: "-- this is a test message",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"echo",
+				"--",
+				"this is a test message",
+			},
+			shouldErr: false,
+		},
+		{
+			// Test that quoted commands work (e.g. `tsh ssh 'echo test'`)
+			name:     "ssh command literal",
+			expected: "this is a test message",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"echo this is a test message",
+			},
+			shouldErr: false,
+		},
+		{
+			// Test that a double dash is passed as-is in a quoted command (which should fail).
+			name:     "ssh command literal with double dash err",
+			expected: "",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"-- echo this is a test message",
+			},
+			shouldErr: true,
+		},
+		{
+			// Test that a double dash is not removed from the middle of a quoted command.
+			name:     "ssh command literal with double dash in the middle",
+			expected: "-- this is a test message",
+			args: []string{
+				fmt.Sprintf("%s@%s", user.Username, sshHostname),
+				"echo", "-- this is a test message",
+			},
+			shouldErr: false,
+		},
+		{
+			// Test tsh ssh -- hostname command
+			name:     "delimiter before host and command",
+			expected: "this is a test message",
+			args: []string{
+				"--", sshHostname, "echo", "this is a test message",
+			},
+			shouldErr: false,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		ctx := context.Background()
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+
+			stdout := &output{buf: bytes.Buffer{}}
+			stderr := &output{buf: bytes.Buffer{}}
+			args := append(
+				[]string{
+					"ssh",
+					"--insecure",
+					"--proxy", rootProxyAddr.String(),
+				},
+				test.args...,
+			)
+
+			err := Run(ctx, args, setHomePath(tmpHomePath),
+				func(conf *CLIConf) error {
+					conf.overrideStdin = &bytes.Buffer{}
+					conf.OverrideStdout = stdout
+					conf.overrideStderr = stderr
+					return nil
+				},
+			)
+
+			if test.shouldErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, test.expected, strings.TrimSpace(stdout.String()))
+				require.Empty(t, stderr.String())
+			}
+		})
+	}
+}
+
 // tryCreateTrustedCluster performs several attempts to create a trusted cluster,
 // retries on connection problems and access denied errors to let caches
 // propagate and services to start

From 33928aecb517a1819412f3d95e4ef42159bddeb5 Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Mon, 4 Nov 2024 15:41:45 -0500
Subject: [PATCH 52/53] Fix markdown-lint issues (#48370)

Running markdown-lint in the Docusaurus site flags some issues that the
gravitational/docs markdown-lint configuration doesn't catch. This
change resolves these issues, fixing indentation and list item spacing.
---
 .../access-controls/sso/google-workspace.mdx       |  2 +-
 .../admin-guides/deploy-a-cluster/gcp-kms.mdx      |  1 -
 .../helm-deployments/kubernetes-cluster.mdx        | 12 ++++++------
 docs/pages/admin-guides/deploy-a-cluster/hsm.mdx   |  1 +
 .../contributing/documentation/style-guide.mdx     |  6 +++---
 docs/pages/upgrading/cloud-kubernetes.mdx          |  3 ++-
 .../self-hosted-automatic-agent-updates.mdx        |  8 ++++----
 docs/pages/upgrading/self-hosted-kubernetes.mdx    | 14 +++++++-------
 8 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/docs/pages/admin-guides/access-controls/sso/google-workspace.mdx b/docs/pages/admin-guides/access-controls/sso/google-workspace.mdx
index 6563c15c528ce..45399cac067a5 100644
--- a/docs/pages/admin-guides/access-controls/sso/google-workspace.mdx
+++ b/docs/pages/admin-guides/access-controls/sso/google-workspace.mdx
@@ -31,7 +31,7 @@ Before you get started, verify the following:
 
 - You have a Teleport cluster, Enterprise edition, and command-line tools.
    
-   (!docs/pages/includes/commercial-prereqs-tabs.mdx!)
+  (!docs/pages/includes/commercial-prereqs-tabs.mdx!)
 
 - (!docs/pages/includes/tctl.mdx!)
 
diff --git a/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx b/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx
index fd98f68ae03bf..5b138fba609d0 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx
@@ -36,7 +36,6 @@ higher.
 (!docs/pages/includes/commercial-prereqs-tabs.mdx!)
 
 - (!docs/pages/includes/tctl.mdx!)
-
 - A Google Cloud account.
 
 ## Step 1/5. Create a key ring in GCP
diff --git a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
index 0152ee196ba3e..aab51ee388180 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx
@@ -198,12 +198,12 @@ chart.
 
 1. Install the `teleport-cluster` Helm chart using the values file you wrote:
 
-    ```code
-    $ helm install teleport-cluster teleport/teleport-cluster \
-      --create-namespace \
-      --version (=teleport.version=) \
-      --values teleport-cluster-values.yaml
-    ```
+   ```code
+   $ helm install teleport-cluster teleport/teleport-cluster \
+     --create-namespace \
+     --version (=teleport.version=) \
+     --values teleport-cluster-values.yaml
+   ```
 
 1. After installing the `teleport-cluster` chart, wait a minute or so and ensure
    that both the Auth Service and Proxy Service pods are running:
diff --git a/docs/pages/admin-guides/deploy-a-cluster/hsm.mdx b/docs/pages/admin-guides/deploy-a-cluster/hsm.mdx
index 749e68cd9f2d0..d538c885a0e2f 100644
--- a/docs/pages/admin-guides/deploy-a-cluster/hsm.mdx
+++ b/docs/pages/admin-guides/deploy-a-cluster/hsm.mdx
@@ -185,6 +185,7 @@ to use.
    DEBU[0000] preflight complete                            cert= config= key= pid=73502 seccomp=false serial= syslog=false timeout=0s version=3.0.3
    DEBU[0000] takeoff                                       TLS=false listen="localhost:12345" pid=73502
    ```
+
 1. Use `yubihsm-shell` to create a new authentication key to be used by
    Teleport with the necessary capabilities.
 
diff --git a/docs/pages/contributing/documentation/style-guide.mdx b/docs/pages/contributing/documentation/style-guide.mdx
index 389046770adbe..9b965f8ad769b 100644
--- a/docs/pages/contributing/documentation/style-guide.mdx
+++ b/docs/pages/contributing/documentation/style-guide.mdx
@@ -163,9 +163,9 @@ for the audience of a specific guide.
 
 - Prefer putting commands (e.g., Bash scripts) into full-line code snippets. These will render with a handy copy button.
 
-   ```code
-   $ echo "This is an example."
-   ```
+  ```code
+  $ echo "This is an example."
+  ```
 
 ### Diagrams
 
diff --git a/docs/pages/upgrading/cloud-kubernetes.mdx b/docs/pages/upgrading/cloud-kubernetes.mdx
index cdf11b7050e42..1698f44963947 100644
--- a/docs/pages/upgrading/cloud-kubernetes.mdx
+++ b/docs/pages/upgrading/cloud-kubernetes.mdx
@@ -39,6 +39,7 @@ updating works. Automatic agent upgrades require:
   $ curl -s https://mytenant.teleport.sh/webapi/ping | jq '.automatic_upgrades'
   true
   ```
+
 - At least one Teleport Enterprise agent deployed via the `teleport-kube-agent`
   Helm chart.
 
@@ -187,7 +188,7 @@ Run the following commands to upgrade Teleport agents running on Kubernetes.
 1. Update the Teleport Helm chart repository so you can install the latest
    version of the `teleport-kube-agent` chart:
 
-      (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
+   (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
 
 1. Upgrade the Helm release:
 
diff --git a/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx b/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
index 14746f2b98554..d72c43dd28ab2 100644
--- a/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
+++ b/docs/pages/upgrading/self-hosted-automatic-agent-updates.mdx
@@ -340,10 +340,10 @@ This section assumes that the name of your `teleport-kube-agent` release is
    
 1. Check for any deployment issues by checking the updater logs:
    
-    ```code
-    $ kubectl -n <Var name="teleport" /> logs deployment/<Var name="teleport-agent" />-updater
-    2023-04-28T13:13:30Z	INFO	StatefulSet is already up-to-date, not updating.	{"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"my-agent","namespace":"agent"}, "namespace": "agent", "name": "my-agent", "reconcileID": "10419f20-a4c9-45d4-a16f-406866b7fc05", "namespacedname": "agent/my-agent", "kind": "StatefulSet", "err": "no new version (current: \"v12.2.3\", next: \"v12.2.3\")"}
-    ```
+   ```code
+   $ kubectl -n <Var name="teleport" /> logs deployment/<Var name="teleport-agent" />-updater
+   2023-04-28T13:13:30Z	INFO	StatefulSet is already up-to-date, not updating.	{"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"my-agent","namespace":"agent"}, "namespace": "agent", "name": "my-agent", "reconcileID": "10419f20-a4c9-45d4-a16f-406866b7fc05", "namespacedname": "agent/my-agent", "kind": "StatefulSet", "err": "no new version (current: \"v12.2.3\", next: \"v12.2.3\")"}
+   ```
 
 ### Troubleshooting automatic agent upgrades on Kubernetes
 
diff --git a/docs/pages/upgrading/self-hosted-kubernetes.mdx b/docs/pages/upgrading/self-hosted-kubernetes.mdx
index 6ac6e837a079e..2e87bf4fc129a 100644
--- a/docs/pages/upgrading/self-hosted-kubernetes.mdx
+++ b/docs/pages/upgrading/self-hosted-kubernetes.mdx
@@ -45,15 +45,15 @@ running on Kubernetes.
 1. Update the Teleport Helm chart repository so you can install the latest
    version of the `teleport-cluster` chart:
 
-    (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
+   (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
 
 1. Upgrade the Helm release:
 
-    ```code
-    $ helm upgrade teleport-cluster teleport/teleport-cluster \
-      --version=<Var name="(=teleport.version=)" /> \
-      --values=values.yaml
-    ```
+   ```code
+   $ helm upgrade teleport-cluster teleport/teleport-cluster \
+     --version=<Var name="(=teleport.version=)" /> \
+     --values=values.yaml
+   ```
 
 The `teleport-cluster` Helm chart automatically waits for the previous version
 of the Proxy Service to stop responding to requests before running a new version
@@ -66,7 +66,7 @@ Run the following commands to upgrade Teleport agents running on Kubernetes.
 1. Update the Teleport Helm chart repository so you can install the latest
    version of the `teleport-kube-agent` chart:
 
-      (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
+   (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)
 
 1. Upgrade the Helm release:
 

From b8b7bab53a81e6056a5bea64868e6a7a87d61372 Mon Sep 17 00:00:00 2001
From: Hugo Shaka <hugo.hervieux@goteleport.com>
Date: Tue, 5 Nov 2024 09:48:09 -0500
Subject: [PATCH 53/53] operator: fix oidc conenctor max age (#48378)

---
 integrations/operator/Makefile                |  4 ++
 .../apis/resources/v3/oidcconnector_types.go  | 38 +++++++++++++++-
 .../resources/v3/oidcconnector_types_test.go  | 43 +++++++++++++++++++
 .../oidc_connector_controller_test.go         |  2 +
 4 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/integrations/operator/Makefile b/integrations/operator/Makefile
index 7a2e1a81a7db3..4ac5e5cb0e8a7 100644
--- a/integrations/operator/Makefile
+++ b/integrations/operator/Makefile
@@ -120,6 +120,10 @@ test: export KUBEBUILDER_ASSETS=$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p
 test:
 	go test ./... -coverprofile cover.out
 
+.PHONY: echo-kubebuilder-assets
+echo-kubebuilder-assets:
+	@echo KUBEBUILDER_ASSETS=$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)
+
 .PHONY: crdgen-test
 crdgen-test: ## Run crdgen tests.
 	make -C crdgen test
diff --git a/integrations/operator/apis/resources/v3/oidcconnector_types.go b/integrations/operator/apis/resources/v3/oidcconnector_types.go
index db558031c6125..a91c90f545604 100644
--- a/integrations/operator/apis/resources/v3/oidcconnector_types.go
+++ b/integrations/operator/apis/resources/v3/oidcconnector_types.go
@@ -19,6 +19,7 @@ package v3
 import (
 	"encoding/json"
 
+	"github.com/gravitational/trace"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/gravitational/teleport/api/types"
@@ -102,14 +103,49 @@ func (spec *TeleportOIDCConnectorSpec) DeepCopyInto(out *TeleportOIDCConnectorSp
 	}
 }
 
+// Custom json.Marshaller and json.Unmarshaler are here to cope with inconsistencies between our CRD and go types.
+// They are invoked when the kubernetes client converts the unstructured object into a typed resource.
+// We have two inconsistencies:
+// - the utils.Strings typr that marshals inconsistently: single elements are strings, multiple elements are lists
+// - the max_age setting which is an embedded pointer to another single-value message, which breaks JSON parsing
+
 // MarshalJSON serializes a spec into a JSON string
 func (spec TeleportOIDCConnectorSpec) MarshalJSON() ([]byte, error) {
 	type Alias TeleportOIDCConnectorSpec
+
+	var maxAge types.Duration
+	if spec.MaxAge != nil {
+		maxAge = spec.MaxAge.Value
+	}
+
 	return json.Marshal(&struct {
-		RedirectURLs []string `json:"redirect_url"`
+		RedirectURLs []string       `json:"redirect_url,omitempty"`
+		MaxAge       types.Duration `json:"max_age,omitempty"`
 		Alias
 	}{
 		RedirectURLs: spec.RedirectURLs,
+		MaxAge:       maxAge,
 		Alias:        (Alias)(spec),
 	})
 }
+
+// UnmarshalJSON serializes a JSON string into a spec. This override is required to deal with the
+// MaxAge field which is special case because it' an object embedded into the spec.
+func (spec *TeleportOIDCConnectorSpec) UnmarshalJSON(data []byte) error {
+	*spec = *new(TeleportOIDCConnectorSpec)
+	type Alias TeleportOIDCConnectorSpec
+
+	temp := &struct {
+		MaxAge types.Duration `json:"max_age"`
+		*Alias
+	}{
+		Alias: (*Alias)(spec),
+	}
+	if err := json.Unmarshal(data, &temp); err != nil {
+		return trace.Wrap(err, "unmarshalling custom teleport oidc connector spec")
+	}
+	if temp.MaxAge != 0 {
+		spec.MaxAge = &types.MaxAge{Value: temp.MaxAge}
+	}
+	return nil
+}
diff --git a/integrations/operator/apis/resources/v3/oidcconnector_types_test.go b/integrations/operator/apis/resources/v3/oidcconnector_types_test.go
index fd6146385d301..7f380c038da0d 100644
--- a/integrations/operator/apis/resources/v3/oidcconnector_types_test.go
+++ b/integrations/operator/apis/resources/v3/oidcconnector_types_test.go
@@ -19,9 +19,11 @@ package v3
 import (
 	"encoding/json"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/wrappers"
 )
 
@@ -48,6 +50,11 @@ func TestTeleportOIDCConnectorSpec_MarshalJSON(t *testing.T) {
 			TeleportOIDCConnectorSpec{RedirectURLs: wrappers.Strings{"foo", "bar"}},
 			`{"redirect_url":["foo","bar"],"issuer_url":"","client_id":"","client_secret":""}`,
 		},
+		{
+			"MaxAge",
+			TeleportOIDCConnectorSpec{MaxAge: &types.MaxAge{Value: types.Duration(time.Hour)}},
+			`{"max_age":"1h0m0s","issuer_url":"","client_id":"","client_secret":""}`,
+		},
 	}
 	for _, tc := range tests {
 		tc := tc
@@ -58,3 +65,39 @@ func TestTeleportOIDCConnectorSpec_MarshalJSON(t *testing.T) {
 		})
 	}
 }
+func TestTeleportOIDCConnectorSpec_UnmarshalJSON(t *testing.T) {
+	tests := []struct {
+		name         string
+		expectedSpec TeleportOIDCConnectorSpec
+		inputJSON    string
+	}{
+		{
+			"Empty string",
+			TeleportOIDCConnectorSpec{RedirectURLs: wrappers.Strings{""}},
+			`{"redirect_url":[""],"issuer_url":"","client_id":"","client_secret":""}`,
+		},
+		{
+			"Single string",
+			TeleportOIDCConnectorSpec{RedirectURLs: wrappers.Strings{"foo"}},
+			`{"redirect_url":["foo"],"issuer_url":"","client_id":"","client_secret":""}`,
+		},
+		{
+			"Multiple strings",
+			TeleportOIDCConnectorSpec{RedirectURLs: wrappers.Strings{"foo", "bar"}},
+			`{"redirect_url":["foo","bar"],"issuer_url":"","client_id":"","client_secret":""}`,
+		},
+		{
+			"MaxAge",
+			TeleportOIDCConnectorSpec{MaxAge: &types.MaxAge{Value: types.Duration(time.Hour)}},
+			`{"max_age":"1h0m0s","issuer_url":"","client_id":"","client_secret":""}`,
+		},
+	}
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			var spec TeleportOIDCConnectorSpec
+			require.NoError(t, json.Unmarshal([]byte(tc.inputJSON), &spec))
+			require.Equal(t, tc.expectedSpec, spec)
+		})
+	}
+}
diff --git a/integrations/operator/controllers/resources/oidc_connector_controller_test.go b/integrations/operator/controllers/resources/oidc_connector_controller_test.go
index 910abf8bcbbbb..2cf98152cc554 100644
--- a/integrations/operator/controllers/resources/oidc_connector_controller_test.go
+++ b/integrations/operator/controllers/resources/oidc_connector_controller_test.go
@@ -19,6 +19,7 @@ package resources_test
 import (
 	"context"
 	"testing"
+	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/gravitational/trace"
@@ -40,6 +41,7 @@ var oidcSpec = types.OIDCConnectorSpecV3{
 		Roles: []string{"roleA"},
 	}},
 	RedirectURLs: []string{"https://redirect"},
+	MaxAge:       &types.MaxAge{Value: types.Duration(time.Hour)},
 }
 
 type oidcTestingPrimitives struct {