From e761503f11f5076bfbf88a427d470beac65fcd08 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 30 Sep 2021 11:00:10 +0300
Subject: [PATCH 01/16] Password Hardening HLD

---
 doc/passw_hardening/chage.JPG                 | Bin 0 -> 23269 bytes
 doc/passw_hardening/hld_password_hardening.md | 670 ++++++++++++++++++
 .../passh_arc_sonic.drawio.png                | Bin 0 -> 27848 bytes
 doc/passw_hardening/ph_diagram.jpg            | Bin 0 -> 30903 bytes
 4 files changed, 670 insertions(+)
 create mode 100644 doc/passw_hardening/chage.JPG
 create mode 100644 doc/passw_hardening/hld_password_hardening.md
 create mode 100644 doc/passw_hardening/passh_arc_sonic.drawio.png
 create mode 100644 doc/passw_hardening/ph_diagram.jpg

diff --git a/doc/passw_hardening/chage.JPG b/doc/passw_hardening/chage.JPG
new file mode 100644
index 0000000000000000000000000000000000000000..43ea4159fd65a1cd1ccb463c94718abc50aa23a3
GIT binary patch
literal 23269
zcmeHu1zc2H*Y_C)7(hahMnXbLKw279S|p@X3F+=~00TurP(e^SB}EuY1Vsr&1cq+u
zlJ1)M4p`{D&%O6~-{<{)-~0O<e}}WrIXl++@3q%nu|;>IKLJOT<P_xq2m}IL2LA!*
z;iJp4Ue;FuKt%=M00007z=Vha7+{G2d{7Fu1~9=g1T5=5iQm5i)Btd_W#%{l1K;6;
z&ywH;9G?OI;Ov)v|9&Iz8-d>l{6^q60>2UX{}F-nS3IoE8Pu%p9IS0Y{;}>s59|q2
z&~C`Mhxxr+5fyn*hMqYM08vpt%0FxioVb1be%luRKT6SWo_{0o8-d>l{6^q60zVMo
zJI%){dRj!3kDq~;S5#0)lvfb=vv&Y+9=HN{0M>vxzyPR$cRRoV{JU?EpofppTe-P8
ziSqC`xN=`HcQm!&HgmM+@w(!~!^?e|2N0L?a=Kz>YvIOVYGG;ZAi=uuqMDV#+FXKF
zM^NRoiqkm@D{BQG7mG_i7d6d%Y|TW>S*0Wi@Wj1Dz3iRrE!?g!c-h-IxQcp7Fdp<S
z3YPa@^Ds(^yO>`U)i^KrwFdYk!T6OHPft&7PkwGk7fT*q5fKrd(|kO9d|Y4+E>~{{
zw<}&;4z5gJJ2-FQYUX0?<Yw*Yz_8!p6;nrdHwi{}cWZOet5>cHnwpyna+zM?H|OHz
zHNV1j#hjm)%bcIzTv(9z4Bu5=Q^v2uo11+f-O1g>?qF<lGad^&3wsL(H&+l1ULHoC
zFGT;R#sneyKIosq5Aq1s5k2Q(amCHzJa|d&PcYYM5iUM{&2N*=Ei7_IoadK%;yn9c
z93u2TOZh)SOH$n2Ow??jc1M>l!(Xy+{_oAUowej)lllvn;L9%suzOJUaB*?Pc@B^K
zM<@>7fT9Ps`!1+pONRdozu$xWTOj|2>o;8g76SiP<=@iv8?Ju~fq$#=Z|VA92G<W`
z*TMm`a6Lg&7TpJ&17KKK*jSh_Y%FXX7z_uG_y}lY;E@p>#V4jDqo$%HqokmrV?9Ab
z%R);*$;i#f!p6>dij$gwho6UokClUyW4{v!3<n1f7mxJF5mJuhl*c*#?H~FTK#T*y
z!N`F^7y%4o2$UFtehbip2}vw4g}I-_{Q84nKrykfVK}&WN5Be*qW}g33dO*LVqsx|
z`AdjD_#MC`#v(bvD}#MZ{R)iHnUpUuG8u>IY~gD%jn+kGep8nqTs(3LN-AoWldNp)
z90Gzu!e>N8&z+Z*lUGnwx}>S4t)r`_Z)R?B)zZq^#?{T;!_&*#=lYGCw}Nlq35mM@
z;9+#kqu98V)U@=B%&e!`&x?u?C8cHM6*X_(*4EWGynByqYwzgn>h9?s9vK}QpO~DQ
zo>^L6SzTM-*xcIQ=L-Trzp(Y4vtRfk2KmCk#DrqP_W6Qfc!C#{7!&IRFE)vcI_!$`
zF-E>X9MZFq$%U_RnfNsp$xK~Z@yMA4hFO;OSv%nDpD`BnU*haLV?X%n1@NH|aPpwU
zfE2J=9gw(uUVv!F3k@J+ZCh<WR$;*39c_`C8$|<376r0N7$I!`D=s3@O<Xj<d`=n-
zlt%2aN53Smoc+YQ8%Y2~4N9$M=&$MnY$+k%ub^%1>le$T`GdnxT1b96riUV}PSjjP
zgw6Fi#91wm;hT?j3|vA<ZzQh0MgyzI^dvFSKqSotG>~u7-U5@6B~^p`<z+duJsy4&
z-(^PQ5mKl7k;dD^3wVup>j&wh6<Qs-Dg1+ZPj|olggrXGYXwb9DO}?ro%T^dzV<(L
zTNhe+zLu0O_VQ`=jcd%v&lb^QIgvE7M;`<caa@GZRo?_`TGb@Rh<j+t4droEPZv1{
zhIUC<j2akSdV9}$`<gMu%`s0m3np6Lgp>f$5Ki*G+Fsd?{*u;4#zt!XIj>kxtl3hg
z#F|_J_(iKz<9ctnrr%Q1`_fuLl|mZY#8uO0HXI$Va5l^)K5o36cm4XUIs)#zT*Sk*
zu&`oN<(zjoY6D~x(Po=!*a)(i99!P*sf{je<T-)$XT=G+PTtV6Tq-|*QaBNO_yjR~
zqQg+p6Eu)J9Wg6S`;e^Jz$^TcbJ|`$vx49mm(c1rC;3aKWZeV+by?ECx*&nr1+J_S
z4#gRq>sGm=v2r5)dV#33rL&O;G!Rt;M+29;t5=2dD+2J?QvOSq_%Fh;@@-*we_0sL
z(zvqRY_$LjX;~^M@IYfER1Hhzuz=7(e+Wot)l)RU;M=_Y2@P!H=9|5)h%9Y!<D|_g
z85!s<mpH8gcnDnbdyCpexxHxHY20eTXjObERaqTR^V1XSqr^dzj{&r@Cs$F+C^rh#
z1)fRiBeKFD_6y1f4FE3E#|LeU_M3xGL%jP1?t=zE@%|uSOWb4ogTSOl;`t`kD_X-U
zC2b4_bED9}^Rii8ok8kqf8n>SwN@F*FS^G|>m)58eEt>G3#FMGF)L{+U)sicrJn0@
zhi1L%jPaDTv*E(O#8DSQYJPg&HSXnz3QViR!EM?;H-=i1_}xn4=B9IK{pzdT*%smb
zK9VZn-f&T%uIqEYU?Q$zuXKXuip)(p2|`i0(nL~mXMx~t?qsBas;$4M0@=WW>nBg2
zp)E36IN(0U=b-J1J<YiegIax~j)Aa|Q%Bg!qem>9KIqW1(PlT_5_qS2cOl77*(|jv
z{n=cF>Z6EP$90k%_fb+mN03*722L<Ve6VjWg*vZEu0q~!I;yniiffR6d_PgI{3dp|
zEYb){mtZV1tG_+>qR*>HzGJ=UHQkQ4N9gCl(?pX-U*NwvDxs%3Dosh<9Lz-+nJpP>
zK|MIoR}pQTuORrL>62~ev3tS>G$-9k8qh$*eY)l;&Q{NT?$b$FH@a4m2>DbbePjIu
zGakj#)!V<F3qJ}8;Ga?Pcreg9DHbDHo_a8=(u67Z4><k;9M;z-)q`0DL_<`j_r`ap
zxDVulJjC%ZMEdMiru$f7-r27LY1cRaKyiX~e+FRce<om>9gbb9NbUs++s9t|(&e*(
zPt;&ywrGImDjGn&E`(1x8o4`H7*<<t#=8sgPFOn$N$@orMS}YQ`=6`_40YuY-ajsr
zpI;Y00MwP`*dT1_wUkMiDKVs`0pQX*fd=lLNP_n@qaHLG-;G;I{CQWhg1E|Avn64r
zgb)B!sR9qwu<Q>lJww&tVysR9DZ)lqidcJs%D}~O1?DGiBKcjKXyBg2<en3J53^G~
z01b>Ov`NjztO-DPc288W?rxXvp#k_(D(dLmF_b?I3Jp|mcFwT?SI|HWZ3?_O6+X0q
z2B@Wm30tKmTdNm#&_I}jx-=zxG1w|`Wol>xY+iRCb#wr1Z2-1@hZ1}t`)g~W>&2>D
ztByP1_fdlfYS{EYhQ7aRg$8bjoks(Sa^Tp@@FlJC|3>=-l;EM}IbVo}?GL~9ZFoH3
z?Y9xN!4Vfw0z;eU+zu+B0oKjVwSUe0ZsM-i59VjSFdwmb?hoAcg1`#@39#d&kYF@`
z<8cQKNQQy95A9k@4HJOKc2qCyCXN~ut6@_d#>QIykI4P#I}PMRcptfaK9=EO4y}jg
z1*MAO_-oSsvibhBUjKARCccvHuupp47t-MeLIIM#FBJC37Hs0hL!Yha{z_!NlXigl
zA949fDt?~TuOgY5v&pKQC|eowv9+pYQM5L8Xo0x?(yWmzDWrC4saT36pV9f23I`U`
zRI^dKi%|8lwj&z&OhbXXwbrEuQI1n$`?{i<sM1mbC<LxXg#d=F`>(B1u1jNEHL;Ka
z<@*Z_V<Hr(4(>TR)n!6)ZW}mI0rePQ<5l)G+V-(dKM9Mh3wLSy&(l8i!EeFNum<<u
z!+jkr+CQ<&7QWeK@O`_?Pz^()RTemr5*@1cMOTmss%}9C;axB^(4u1QMT9!<&yOmH
zUoxQ1+zniin!Sz&rcM^_f}a^BW6^+N_0uH6kSMVEfpy2uZuQeP{iRPT>Wmy`vpj2U
zr@pPo!G>ApM^Z2F%E|I{<31LhOdKH~uR9YNwXH|oQ<0^~8q)tKJ$&8&*;2olei+oh
zjDszgnX7mu*E(9gFP405z*u$u@>N6*g-$2+8)KxMHs(F!h8d%Z3<`1W!JpJ0Nr<6(
z2%yC7{9P-igLdkeJ$x*82n}=#@$3=I<_k9Tg8D_T8Vx+NGufu;GWwT#RvEOU9%!_F
z>ycfS5;TaE^m(O81q-$ygJ_@&8>JQhNp*|ZEpdB8AK6(whUE)_NVBEw7$`L+i-gY(
zSV5E0(!ZHGhxNC2*DI+lMrznzB^sE%fS5u|ngF0$y=_ImzJdnQ`MOeC4x7bTMu*h2
zE(!y*km$dd(4BRMEu>sH1l|yl0q^3Ov4W<ggs=gBazQC{9xF!}A<0pU8;(qO<*2r3
zESt8qJ8da+kc?GbZg<~tN3%YU>|tWQYWS3r{vx6Xl-s{E(@E8^g>ri}X5$pvNgvlm
zq8jA9#Ju-7Ed}r9T8*FqBP5SXP5nAM?G4M^Sjv$SD{y`M@F5QS6Ti$?zFZedsR<42
zT{i`Vc(7vTKs3)frFC+Z-m#}pQf|`swN;saFXe~#gs#4`#PF(6eY*F@$Ek)A1;J)7
z3O#fkGrY+a-r@1TW@v%A?v-c2Ezp3qe+5w?8fdm3b!?L?erD@q@$pI5qKU!FY)iKq
z8HDqUuMVzYNvfG;j;t+ai~hS@k_k>{CT0Wq54UAti8hVTk&b;A+Q)ae#%n8Pcnv8h
zZpf{?<$W;*5DxH4(|#-%^=DOG{9KWTXctybwTCbtFHJW9_3SMw?%Zo17L~2tY04id
zo#}<i43@w2VRLVW+Nh*YJ(u>x*7Efa<K}HJyqYgS@3_PhoNsS89{$1L<8c9540CQi
z-a0F2CUyK{d1&4T3kSjzC#pN?9rbSw86oG_V1*@BK?aXdtI7<_Iut2ZK6kn@3d_Pq
zi;+<>mYjsg-?c<!a75f#6-)0BnBqyV44G8D_oAQ&BeSIe_JOD~K;k4CP%lExRkdar
z$~%%fSIGgE$mhk?<hnE3+c#UI+44?J@_J9mAYK8JQehfPp&If}ttxIrKR4>`1!d7H
z<jii3FhEwaQAadsI8ZTjdP+1cTAPCWp5aV-&$Xr)1qH+B$uOyhfM+L)0hynN^!43j
z4pGFkc|VF3A+z?>vSW2e`;npXIpV-`jpeVpiO#|~R_u9X%gWot<zG5HuwX^RO%M~G
zO1jq#Ky>ViS3AWie6wd34XFg#wN+Q$`<Jr!kT53^0mx9djkZsEbz)|Jy)(IUh0sT$
zbiI6?S4Ad@SKMNrMUuLj;tmqAOc=Ubyqa9h&pvQ-*k(<Zp)WzNlwdbU_*LRE<FwS;
zJR&_0-axp4Dyv@39m0S&+y!^Lu8Kc;t+04M&}oVKVR#w4FA|{?ZUv$NN2%>gTs~X?
zsk-d<ORGa_j0kjx4C&E;j9|nko-N|l=I!x46+4^6Wf-Ut@`=zuQe6Ea#qRBG%RLuV
zMt~@X+~sV&3dnus3$e;FjN$1D^bY~o(fTS{vsyG@7BNuzL8cCNJn@QZ*^+E!uY3An
zjPntB!S^+FYHyytru=*j@v+CtWm$sh4RND6W^_!Hq7x347R#dQ1bf)<p0fQbWo^9P
z-hKv5c+Qr~P;wGs{H}Gfd=?FB<=YWewy?09j%S?%4JbVC>GmqRdves`+m^>i06JJw
z!Hz@cy43V0e8Xfcf;04FjN#{u=tJE4^5ko{?5z^aXUE@--``k&W?CK2hCv`)=h0hm
zJL7rrR$ek<rB@@DMudq{@{OR&Q0=xLvY#?vm&Tk=flf$+)SZF2VOxj$o^4FU$K<T;
zX%}mx&?AQ64}H=1j-kA>b|q4VR7SGqdF%?Jx_iX=1xIrn%-R7lHJCGZY37@C{|yeT
z_f(AFN|$~obwSfd=eFCN^?=(}+}Z1_Y?{O~d?IAEo5~jxCMGq7Tkn<$OpQG&ksk6_
zWd5{=V^UKrPG$SFXJ(~_%OS5g{q9)!=cnd=s~RFqpzr;XR9*V`{L4(Efz8x68$u2G
zG<p`+kEPs58LlB(bwmn=2Ku~G->i2c`QEq+<nRT)0d9n%1Y3Vn=Z97M;WA9PpnITy
zGgBs^hbp-=`W!#BCaCgih0>(^+{KyZx4mR}m5;AfM9J`d@_WU-@9iVvJqxBwc-%^L
zIH?e!%0e<*nv<~AJn9i~v*E{iCU1qf>>lTFONZ>hHpxnfnj@uYnG;U5nUYNS4_;8_
zzp2r!J>|8nNxb<&?!HRgrqNsw24?!br)Pc4iQ`7?+z77KzwwMBy+0Ram}bYs<ZF;g
z&+YY*U(0lHB1bUe1?sxnQ@6{f^BOtDu*4@xA^oMHtLF>D=jLNgAAYd9aN)>ls#lcn
z@@RRqi#qL4ZJ8ff?y@M>;Yi+~dw3^r`k3L2G2Ll{TOpk;$WQoeeWC4Dlx_K^c-&LP
zjSXD~V;NUD5#IE-lW@cpM;{ZAu#W`3-6$k8;j!+;l{iAkKc`Po#g1I<NexzuPl;?7
z@+;xspXq*;&!dA}v--Sdf0Bz%Ipf94o%5bHIu1yA!<EPo%aGzcpDhHZ2jXSfis=#S
zG11!{9?LZ1lOjn(GSmZswg`$Nj|GT?cR1u^cC*u}xLcFsa1y2#;-N{zg<Gm;ozBqf
zkBQ5s_t$4llXs#4CYzF3Yp>Wzn@`cZcgSqtZX123&UKxl_D32sD<1bG=A%r5rc@*h
zu0n>OWf-E=`r$<UpO>~aN$hEs+9YO_el<=0e5>2v8+jE&^x1$cx_O-W(GqV>RR$Kb
zW@f@Q2^VV1c-PS|ze0==wp3-8(VK?H5;Ncr0e1?W=+4uz1+3vXD`Cq*SlTMC7os|q
z9~E5jVyus4Jaf6)Q0s)fUj<9=W{83EErti(kJNY<2D3Ib20uCmdlXijXNu|~`2>k<
z)(2)DUT5QwfhE&UI~#5Uo=kvaSuePkRmX&uYVbL4>ztD&HtenSwq-%o%!g=kG(It>
z=E_ScE(sqTz>uZBDNB1(Sr$0SZuKRY#5N0G#`vmb`M+z~%>Q?^?0(RTR~D8@3en~|
z+v$JSmMv{SoP$~x7<O$-h+WTN30h<DS8={Z5i~Qa(wTbebFU2-{Nz>%w#9Tf(axDH
z!FWE~0un2qt9fw2_r?5FMwGP^M+x~$Ng)ICbg6>+_3DWBRL|o3USS^`a2Rr+K{$fr
zy>=ve`qn-VJUvyM+|6v1KYYM9ct7|0%(T(1029=)=A&CCOA9-B-P05HRJ+b0z%*Cx
z+~-l=-kQi0rf=Em6vyHolNKLDQL(uTa=5}@ruIB`zc=`f@eYyhda?)^LU;SQwWT4F
zdhhlN5~&`bnX7bSkJI!YMfZ3S_S!UDu8PIcJr=&D?uvx`bQB_Fg(3AF$!*MC0x?w&
z()(RR5XRTc!r@9iU*p>xoS<)K9`g<j=sla;9tmJ9ZnrN;i|0!84%{teIF7yA>=R_<
zc`?YgJH4!Xo%fC<mTE($_|B>XXTl;PePA+R&aADVDXepyuW>wBtn_#gkx$){QG8SN
zo!s2`-eJUTl3s6*QID?1<AhJBfqB^N;x2<r$H!4U$CLq0=8CL$5**_X=c<w|X`7w|
z>6%k%lfCld7(fHVTxHK68e9#=Ej{ZyZwim*bbZxV8E@dY>kGG195c%p<d3kM2oRMo
zDvg>Ki)GY~JAGE<c$S3orLTMUFaDp-F@a{-TYppCa5{;TLYL;LW=)iqv|}aj+j9-3
z+p$``zRwMln1WslX#`Eb7+G*jk1yTZC56{0r+}vH#Xb}Y4`@$$4${Ta3ZG)N2mN6z
z`o*ZJ>eXW<pf4U2Ajp<my{YJCvW?pZA9^jn%Ur>;hdEch@F|HvDXmwlyz`ibVcx6I
zy0>(+{-}qrAKz0^Bt{gdAdjJqMK!F(z9aT>-LHL*Ml-r-b`THefw3pwBf8g`Fh}iz
z80F+M5n?~8tD^y2?z^B_BIdZW$p$?;h%;x8#L;AS&eBrv)_fTA)90Vqf;^Q44eLX^
zNgZMfuu<28A7U-y2V2tA5427GoOI0IuHAqI_$){dN7Ewf?(GWIJ>NXd7(=6rqlTp=
zW#PWMry}nq!|?l7nm=(21;W2OUB7re(2rFR(CgdJ#!P<6#uSKdf?n^JBuC;wlH;f4
zz%lbL46%~K9<`|#xmDNeI8E7hg_fwN2@3t*Nrcf~vpjf()}1XTP2TvvtdAfkFoz3U
zMl<|pt_BG|G`DI^lRjIhrnE<(C<|zl3#FV6>gCGbX}6;!m|aVI)|OX1HNeH#&Fsqb
zBuXzrLorA5TZ-gZ;C*BOuV5J28m+H<m0pzKv&ezSimGv@kiL8qL%jt*#o@-s1jycc
zfjrJSmn1s|%ccAzx38=6ud`415@xcG)w))Fr_yAVsc7R3ax9!{?Yo3WDCdW2jp=Ni
zdG0-LxXK=%WIyWe#@lqfuQF2y&*KSQFfxFdRP9UOcqKmeh#U7`=3di_-+c#|1r3(X
zT~c%;eV+FGeE8B{oy9wo%yf|FvvzaM@wXr9JKv$g?sR;5yv;7xesxD-E_amp9A!<`
zoc1?T*`F)idy7<hO$@nu^$g(C0;6uBNxT!6i{}w5kkx*y@6=k$bT4gs^kYYRE<|Mn
z2^P;d(WCG^PQs?^emYea4A(PiWN1;I`BecNXyB?Yy!m1E-nPkN8tTI{FyO@r-&w65
z)}E>bG!MU!U$+R}-2&aUp>#BWR|-aA$)t)-Nlm^VLhbQvs_(^uQB6rOShg_@ugTlb
zUZ{R<B-&ao1(&QciWL51m>jQEQplwpzBed8P#-QJ(ZEgmo@n}&aWI5*EoPTv5X^#T
z9UfVx?fWoV*=!h@KM`_>2CYgk&hhjoLLv^)K;{U>f;kQmlKK-324K9H&|^c+fPU`o
zlwWc9$OncnQhYLkW|YLm?~BaZ*5vy}{oNfZhP3>WUV=>i8n)<)_rv_j6_UmxgY|Kh
zd>Hiey^IF*J&Epzu1wb|;ukjKH6DS5)oBGbFb2?njW7HZ=P)D+?%g`IE8y0U9Bopl
z7|DN>w`^O-KO5daw}L8@LIv3py}EaPkO-M!j;(d$rl|;UUz%L9b>up-Q5BqwCKRbR
ziVd7+2{ABaEWD|`VWR}ptn7j+PSVG759PR++PoycyEQ$uu~l7DYL$e~BUMYkGMNb<
zngAzW91W1dn-k(et^9bG(<9_R)-<D0DnvY{DItDCbr<2dn7577z_2O+sj-ejj6bZt
zF~?}3yP&W2#7v~7@Y9}cWiIE=V*-Bd)?Ag4qJD*0=uP_a6N;=$dA;8=u!o~3zm{Kh
zuK7NuC$WlFn_Dhmc8_6tW*E}gdbNuf0m(Gbdq>pA{6?7xdv1!;Qu}3LX_vqw?zzy?
zV+|vN7vMQ3yrmx6o^vFtcy^Nv%6qj}^!{J~FNkl%)=FFT!YnAxJiX#y(cFVC=FPA{
zVRLj}5l2;Ts;@_UL(pWG(<cOYy(1qYHQ9U-oSXs_sekHMw7WpG2U7x0Upw42z17#b
zSpzqf(ySzW`eLtCl;7&Y&NjGV%KzoS+K#s^mrg8xOgmZJ*2!;sa^!i5bgz%I(M>+x
z)C7tUEy8fT=Lt9H+QAU7$+9|2^Bx8RxFN^A@EJSx@X`okISHbpasv?aTQKtf?z12E
z-+wKugP}jze&~<>Q0UKASszTA&@Svb!^iciz%>y`p@;?w+>;1{z8?fQJ44BS8Fz}m
zGx}in5uf}P&ppVqYw+Pr*X#e9Ked836)SMhQPfcoU0XTj@@^+H%*mh;#v1X4Ou)0^
z<=V&lmKINGD94ahEhs}Jmp3iMweHv7P+xxevRwCx#4=g@`7p%u(--?k&n#%1OX@aI
z!7n@)95nQ~HNO7FY7!xjQWv5O4HOm>xYHx#vy_?n47QY#><NN!sG1wqt&Lfiu;!EP
zJ&#tzvFFE$*nhxdRM;TCH{ik>H<!BD8A~dpo`%WwAdDI6yrnzII`lL{e^ci|QOCt(
zhp4pLyLQKfqj6_EEa}q$y-vX+@uDA8EHj$2MC>S&Eij2p9)-LGZHgj2G>|N%0ZK_B
zn8@iss==tTymEB?`KAqOL_@G|zBW6hOV2*JpzU}=Trs=POR0uUoCof5mk#qO^JQVy
zj+_@A@I&#H`=6w?h>M%I$Kb0>pei3e)mc4tvAufXv&pU&{bIDO$ttUj$;LVlilgE^
z8}$A@0pQFfi+v?P6JDd22XBdg3LomO-prn5BZYv5?N9H1?$iB&8jKaRldggp^|Kz}
z9s&m=mm^uf_N&zi#t{;CS>n3(aC>9+_CO;i1hm_lY*9Dnlu@W!G*GLfCkwd1e<Cqr
zQ(3TJ`xt^}XNLj}kQrH!Lh7sUxGS26D~gj{Yo>b78%3fsz2XcK{}YKb)BMuMGyi%t
zow$EMk>cNW^N)!BI|v^@-v5mIFBrQO|If`rlGjfHa4=DBRZQ&@2_hDYDm(9pKiDD9
zD(y)+a5(-l8(LIJgqMDv!+nGLXGzG(X<|zvRQ=m(xhVl6Qa=wM|MLXqKM(v*h!FPQ
zj*}k(tQ>(8+t@BqFHd>dY^B>$w)EX$>QCbL>lp~8pEhFMWvQs&!`=QW#~Howce?FT
zpJ|Bp^JI9y*uL-8DK(|~W7*Bpud>ekSawn1@+j3kwC*)iYY+FB{~XNZ{B1A$i}&YV
z;57!h@Rr2yi&x-4Y!1JZ`iV04uY&a#H6Bp^9VHd|e^=wHqWPKD#Kq{tsPrlUBZ8`A
zHp|w+3WFr=X4-cG&6stKMfYaXhv|>mlnfHLB?s4ZZQ$GsU{Pd(?A7VNu(w4?dseT#
zu6}6gbqsaho)h)5Gk_gb1qQj`2KP;csctH}Cmzxv_MkloisOLg56!c$K7ML5GnGU{
zw3#}RXReaoFP}L$Rdn{F)>!1VYl#D_Yx$YOnc?mQB&<DaDtz+i>6dmx$W*(ekQI6G
z8fwcsj$9`@BGV1d)-ru0yHjuSzJzP;a`DY8h&zmT<j9DfV8hZR`zIOxJtysgMyoWL
zpbQ!y`F1)eHxcyl8p6Qj7ZWH))P0pV`n#Jko=};YW3D&UYAnu2Z}SAt32d3`(P8!)
z`OqmQ5s3b)GfqnSO29$PYJV6kFyeb~fnls9=&zgqNw!)pQsB{ks_|Fj>w-EMwu43@
zMn~$B_YYRV!Gl$0+RUQNt((Y6J-!pS3^W56K7P`AbbocCr1lS{2IV&|w)QXqc%m(6
z;0|b4I5~c`D`=GV?TWm+J036E^0`_9kah2Ir}#KBg9Y9RI1=_)uT)e<FJWH2cw<Km
zJN{c&U+;9kCMteSOcsNu$zaJzplcUalJuNL5i^LDx19EoJDIKE_~OuAdy?h$QyE|q
zPPe6=_ck=j`$~)R1>{7BV<msCo^00bgw8#)hz}L4E^``cid|0<tf0sO_ajE4%u&ng
z)RlLs?+-lsMD(E}ZrSKUpG_5Uv0U^zd2xs7tt%|=?9<Acn-b)RU<e=Xq-E<W@-lys
zUY($U&<h6Mrm+3Uijs9|5Jj{$UgXoOtj}nzqf6BWd+VL;hDRdLaT1P{*&gwA+?30A
zJf;^nKR>DJ8BLMs_3ly>MTw}E1Qtt+#p35@gNBW?YelgmQD+;Mldlxh#e)fi^fC3g
z<-7L!pS@C*ULvA(ld8+z%%c_?^qhP$oQg}H8yifoZ%?j29POvQ-1n$g!;Cl9W3I0)
z9q=i!YVwxM@fKJY&Ce9db9T&<$;u_}%N-{@IS$x0iyWVb&o-Xb8Dyw7@QAl4=DllZ
zgcIqKH1?FqLs7CAGSjX}ZqKQA)<OChDcx16m*F-(e~_qOCG4L*^UFFLbJjM87Uvv^
zm$Ma9OnR8MoWVQKL^(!XtD-+LD}!jGQ=DhEjg6v-Kv15mi^p~Hp50c1Wln^KEH_%O
z8C`mP8mn4tZo!C}-@PzXW|#5eM4qvs>Qm6Td#qCaME1y;xL)OIZawFztx0-)VD(7|
z=LbOvk7<EDzDcFHsoLyb!~;`pmMFVn-9%$m$qurF^4!K$n^IHj%02G4`lZaM4X*N~
z{=kv|iAy5Wa`JiJ*%!BshOaAiIPjR3w^_vbuTY7X9(e=pV-@$+RK)B|AVIR;zx0y6
zx9EI~Cy^L!h^kp)i~wY+#fH2~IEMV05}mD|ceYfp1V@uI9qbm3<1w!g8Zem@#(W!>
zPGxL2Gi+eC^v@$BIVL8rGtWLB;MKI$eT}Ee{K+jxu*qv?#K4}gXKu`@dq_I%X`PIN
zEZ`Op#IJ0u_w;cQxXH_9SA>lyXY@}D3O>4F$aaRa<+|$9wLHNOUG`Qh=eTZWzffF%
zbF^QE;Rb9XiAb$U%U-U>o#h!{MDcSfO#k)pwb%0QCtqgQ5*B5vUcuM*bColF{GM=9
z?6JgBVEs#F?pTMRW1lT-d%9`3rUsoM4N?u@{J2_X84PU=S(^IA;yXTM!WUi35h*xh
z@S?leU-?q_h=$vo(U?2F_iZzmJzgz$E}ct>vZ&S|y{hJHo3ny_+)dBI0obPNtTbJ!
ztV<P)I>ca5-bc4LH}&(N`G~f9xMs;k=RMo(?=XQ!P;lTQ4L=Sk9P;+-_fMRCIdFh+
zqxWR2v(5U7?yJRyogO@V^0n<YiZ>Oadhcv1+@HTbfxmS77H%DXgfXX5`AbLr_85I5
z*7HFF6XbOxI%O_^;U`G=DkP(V@PWXa%Oyf1t>G7Bu#x`GvpP&coL=OVks2&U*#S<l
zbSF{a+xe?#Ab8uZZl=RwGTOdwF23lFNk)rewok+zgukz1%lv1_W@t(3SQ+=QQQ(=m
z_)OX<XjN&8K#orAT=9-qoYVQ6Oi(8Y*^3qSDUa~_>Lfq%QZ#O0^VVmQ)z4lNebMI5
z{(0DdVO^c`Ba0`t923hW=vJ4kYu@L@(6|o@^4sk3>Mv-^YXM0f0;`sRy$o8R9#(=%
zg~HJ5vvEax4^6plV0ZGco3EUmqa=DVzdafEx(&gZ$NHwiFVDjFX_J?DkN$C?n*I$Y
zXhO%s5zxrmh^GFmf8lhk{T0G@X^}nV{SB0J^+^Jd!U8Y8E~DxYcz+F)^FkvIpJH*4
zq(f@DZNHVi#rRtt3hmR%0=hj+Nz7*Hu7$=b88fKk&YYD#51$2TUS)P5p2wG%eVzp1
z;}iZ<t?^Ilz3HgrvCOm8F728rVyScpqL4o4u%L6Y#qGu2GkL7fO1(}<y$G#4T`gmH
zbMmcXatAjiZ|`FR+r*+u*~cHR#aaMnP)WqK(b|d|#%wACT#VNFRK~ct4Bk?2Rm)bB
z2ztcD(iF|P=r5KC4VU8V76$msGFQ>J&f7B;Mc4EU2hYoohqAUI%U?88*gEykEcf;3
zy$pZIrl%~1OY4MNPuVO;P=6;ZY_K{@uMZYQqiaDkW+y2#N(&ktw2A8$G4~yhB5ugr
zy-rrUP8``1q2%U4e(%&ULm2t+T_ucA5pfcK+t|t_?7~c|MHTqT7)N)fp0FbdZyX>~
z*ou3cM=mW1<>hZWD!gn%fkKw?Oi8#*`|=ygQ887&7MQ1Xvb7L~c~N0$@JGsfjF2+l
z9Zlr42fy{u<>*dU1k~zwRxb=$ZZPLGg*s80u#RP&SB!`|cRcKth~oojy?SSQ>5^oD
zy*EB}Q+l?4{=h`(X|dyER2)6D&fyOrNb7CcTMzODW)<?Tk9tN2x<(jky&rKip|GX6
zG)-dT5q-xtd!E>vyS635Fx1ruabR9hr9?gW7EJzfS2yf^?MbQpC`wbCkgQIcDfy{Y
z5?)xkZlx#j%UoIR@T*wz3q;j<GTy^;jN4ZP=Mx<TLSCE`zx>2U`yqIQA!KdOctK?e
z)5qLN-tuw=6^k{M1y^VkICX?IlQPHxvzy$xT;safOazo-@=2M^Y111NM^yyVc(|&!
zquKZpmB!YpDGjHhJw|$MDR}!%MalEJGC8-6V-h{hI;P#RMo(wW*Sm#lD{&|0ePmxU
zlP5G3RC^8;{wXp7oQ{;?9$XwZDP4T-&#L%y*QuP*mB>}GqOiJ=1Oi)@zIm5_MkY#3
z`}vMePi0cm<mj29P&2xo{N3Y$(qy0AW>tjxWv)2VR!UEr+Xg1;7l8-9zQ#BIGOqbe
z(;b}b!h79WDbyRCPP_MTw}e8O_~xJ>K^32CDE*{CyBds%K2SD4G4qYtQx(j0Nz>d3
zLDTo2b%Tg#w_B<(!zBo5C=s~PRt`-_LsHCORtZth{E84@g2#`!ZN|hN(QZ6wO|0>0
zOKH$yaCcQoX&~XFSiF!jyPRnhKMlSI6PZm2(A1LaATV%JOe|9mpX$8DeC(*?X0E;2
zYgUaHRZ)GK2_I=?q$_S7B|ZUlaPe`1DS?JOK4}Zhj+ttLHPm4GnYYJmf7L*G#IQke
zv1tGan7;V+$QXnGBl?fF?ZM$djPH@GuMzv}`)B5gznaUSiFv%&>%76NhOyp|fY6Ha
zq_X{34z|N4vpF=xzWF*sSqJ?kVVAs(gy*ts^fMjs0HSjruOZsNW{h5<V3<$4Q>Ei`
zXNhpki8xZ=&V8$ec2BY#&rf}}iE|9BZU&ngi~v1@@uS^YGwqJgs|HfVL*<&M$j&}J
z^>!5?L<Fa9)=4P&8|!G3M{{RC3SAJP5}|dKrVunCh(GJg`PiVVsG{f`wNe&6hjZlh
zdYcq+!aKw5ZKmxkB=z3wZ_C+miJq)Z%cYOLpsW<knxVe7p3o$6OQGS!?JXAxiJ1@A
zc-ux>=6Lesq`SnKO_^SH6FR+gmL^K9iQb60-*0kpMPS_&DH9+}c+Ej<MJv~j`f|mw
zp&8e~Vzpv&lxg5NJEeqZqR(KPJEy&VE%#^h6~=3jy3@Wv938-AkhddV0$w-f<sQ`D
zi`-Zi>ylAa{^5wQa8V|G6V-#e4oi;L@fl%?i6PAd<d7OwdEn8bbD@^3>F&j9Fc$w$
zaD)oK{*0@B`Ug&eno~A|m!Z)6Z3Q;Z#TidjBIoTL$3m2G{H`xUCo+#8U!69h<pNxV
zu956u=R0sY#-8fE#IH}O8CIW9lSPKyKZ)?oF#+$O*Y@@QIsLQD+JE)GmHd--A`9f*
z#)kEo1JjFl@7Ot<uOsMQf%*A%3Aq&<ZNf&l)28++d%GSFB7J~u^$POf^puJZJ5^dO
z;2ocMb4~Hou0pkGbiYZ@?K!0PZrv%UlcMCBt5&PK*pB@%b#hO3t_O~!CC@&RTsVsT
z$;YEW8qA~M!;e@ir%j~@hUgkw<0IuyJ?_z6n_SF``<B7_*Y`g-lKYOOU*BTmX!9*`
zip9wbErQAf#s)d6!XJFCOszg{8Py$8Ad;i4=+Z$01m`|gZ)4jIZ4!Ye#b`m-Q))QN
z4-5!OH-TYj$S`<9z8L;SZIcHT7`K6fzCi=^-~kMxO&fYFFb=?Pj0RqL!8hmV7uzL|
zfNANg;E9ZYMKrL~%a#O1Q3t<<ui|%AFVfMY#N>AciGsjW!c+zDPvTO$9-w+a1GkbF
kP4=LI3%jsjG!WkUo1EY1{Fa^HE9<x3`5)8DMChLX19TAE-~a#s

literal 0
HcmV?d00001

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
new file mode 100644
index 00000000000..8b2524b808f
--- /dev/null
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -0,0 +1,670 @@
+# PW Hardening Design #
+
+##  1. <a name='TableofContent'></a>Table of Content 
+* 1. [Table of Content](#TableofContent)
+	* 1.1. [Revision](#Revision)
+	* 1.2. [Scope](#Scope)
+	* 1.3. [Definitions/Abbreviations](#DefinitionsAbbreviations)
+	* 1.4. [Overview](#Overview)
+	* 1.5. [Requirements](#Requirements)
+	* 1.6. [Architecture Design](#ArchitectureDesign)
+	* 1.7. [High-Level Design](#High-LevelDesign)
+		* 1.7.1. [Flow description:](#Flowdescription:)
+		* 1.7.2. [Password Hardening Constrains](#PasswordHardeningConstrains)
+	* 1.8. [SAI API](#SAIAPI)
+	* 1.9. [Configuration and management](#Configurationandmanagement)
+		* 1.9.1. [CLI/YANG model Enhancements](#CLIYANGmodelEnhancements)
+		* 1.9.2. [Config DB Enhancements](#ConfigDBEnhancements)
+		* 1.9.3. [Secure Password Table Schema](#SecurePasswordTableSchema)
+	* 1.10. [3rd Party Components](#rdPartyComponents)
+		* 1.10.1. [pam-cracklib](#pam-cracklib)
+		* 1.10.2. [PW Age](#PWAge)
+		* 1.10.3. [PW History](#PWHistory)
+	* 1.11. [Warmboot and Fastboot Design Impact](#WarmbootandFastbootDesignImpact)
+	* 1.12. [Restrictions/Limitations](#RestrictionsLimitations)
+	* 1.13. [Test Plan](#TestPlan)
+		* 1.13.1. [Setups](#Setups)
+		* 1.13.2. [CLI configurational tests](#CLIconfigurationaltests)
+		* 1.13.3. [Precondition:](#Precondition:)
+		* 1.13.4. [Case 3: check secure password age (expiration) and warning configuration](#Case3:checksecurepasswordageexpirationandwarningconfiguration)
+		* 1.13.5. [Case 4 – sanity test](#Case4sanitytest)
+		* 1.13.6. [Negative cases](#Negativecases)
+		* 1.13.7. [Case 1: check basic configuration – bad flow with invalid input](#Case1:checkbasicconfigurationbadflowwithinvalidinput)
+		* 1.13.8. [Test Open Issues](#TestOpenIssues)
+
+
+###  1.1. <a name='Revision'></a>Revision  
+Rev 0.1
+###  1.2. <a name='Scope'></a>Scope  
+
+	This password hardening hld doc described the requirements, arcquitecture and configuration details of password hardening feature in switches Sonic OS based.
+
+###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations 
+	PW - password
+	SPASSWD - secure password daemon
+
+###  1.4. <a name='Overview'></a>Overview 
+
+	Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards of securing the switch.
+	The complexity of the password, it's replacement capabilities and change frequency define the security level of the first perimeter of the switch.
+	Therefore - in order to further improve and harden the switch - a secure mechanism is required to enforce PW policies.
+
+###  1.5. <a name='Requirements'></a>Requirements
+| Requirement | Capabilities | Config Parameters | Notes
+| ------ | ------| ------ | ------ |
+| PW Length	 | The PW length should have a minimum length requirement <br /><br />The PW length should have a maximum length requirement| The user should be able to configure the minimum PW length <br /><br />The user should be able to configure the maximum PW length | Min PW length is between 0 to 32 chars (default 8)<br /><br />Max PW length is between 64 to 80 chars (default 64)
+| PW Aging | The PW should have an expiration date, after which the user is required to change the PW <br /><br />A warning to change the PW should be presented to the user a fixed time before the expiration date arrives. This warning should appear in every login so long as the PW expiration time <= warning time. |The user should be able to configure the expiration time of the PW.  The user will be able to configure "no aging" for the PW<br /><br />The user should be able to configure the amount of days to present the warning before the PW expires | PW age time is to be between 1 to 365 days (default 180)<br /><br />PW warning show is to be between 1 to 30 days (default 15)
+| PW constraints | The PW class represents the possible characters comprising the PW. There are 4 character classes that can make up the PW:small characters, big characters, numbers and special chars presented on a standard keyboard <br /><br />The account name and PW need to be different <br /><br />The new PW is to be different from current PW|The user should be able to define which characters classes are required for the PW out of the 4 provided<br /><br /><br /><br />The user will be able to enable or disable this feature|Legal special characters `~!@#$%^&*()-_=+\|[{}];:',<.>/? and white space<br /><br /><br /><br />An error will be shown to the user if it tries to set the same PW as the username<br /><br /><br /><br />default - enable
+
+###  1.6. <a name='ArchitectureDesign'></a>Architecture Design 
+Arc design diagram\
+![passh_arc_sonic](passh_arc_sonic.drawio.png)
+
+(flow description in the chapter below)
+
+###  1.7. <a name='High-LevelDesign'></a>High-Level Design 
+
+	In this section we will present the design (as thorough as possible) for the secure PW implementation.
+
+	User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
+			
+	The feature will use 3 linux libs: pam-cracklib, chage and pam_pwhistory.so
+
+	pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
+
+	The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices.
+	This module support many options, including the requirements of PW Length & PW constraints. (see option strengh-checking below)
+
+	chage: support the requirement of PW Aging, change user password expiry information
+
+	pam_pwhistory - PAM module to remember last passwords
+
+	Note:
+	See linux 3d party component chapter for more description
+
+
+##### Flow diagram:
+
+![password hardening flow](ph_diagram.jpg)
+
+####  1.7.1. <a name='Flowdescription:'></a>Flow description:
+	Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
+	The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs. 
+	After that, it will save the configuration and results in APPL_DB in PASSW_CONF_TABLE.
+
+	Note:
+	The table PASSW_CONF_TABLE should reduce time consuming when users need to read configuration, because it will avoid to make additional calls to kernel.
+
+####  1.7.2. <a name='PasswordHardeningConstrains'></a>Password Hardening Constrains
+	The PW Hardening features will be support different options by encapsulate cracklib, chage and pwhistory options according the constrains definitions below.
+
+##### PW enable 
+
+	Enable/Disable password hardening feature
+
+	Note: when this feature is disable will be just the default password validation without strength-checking for passwords.
+
+##### PW Class
+	PW class is the type of characters the user is required to enter when setting/updating a PW.
+
+	There are 4 classes:
+
+	Small characters - a-z
+
+	Big characters - A-Z
+
+	Numbers - 0-9
+
+	Special Characters   `~!@#$%^&*()-_+=\|[{}];:',<.>/? and white space
+
+	Each of these classes will receive a Regexp to represent the class.
+
+	The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
+
+	Note:
+	In order to implement it, the daemon will encapsulate some pam-cracklib options.
+	i.e:
+
+	To request at least one character of every class, the PASSWD daemon will set:
+	pam-cracklib options: lcredit=-1, ucredit=-1, dcredit=-1.
+	(meaning that the user need at least one character of the types.)
+
+##### PW Length
+	PW length is a base requirement for the PW.
+
+	All password length enforcements and changes will be applied the next time the user would require a PW change or would want to change his own password
+
+* Minimum Length
+
+	The minimum length of the PW should be subject to a user change.
+
+	The user will be able to change the password minimum length if he has the necessary permissions to change the PW. The CLI command to change the PW:
+
+
+
+Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
+
+##### PW Age
+	Along with every PW set to a user, attached to it is the age of the PW - the amount of time that has passed since a PW change has occurred.
+
+	This PW change can either be from the initial config wizard or from the CLI.
+
+* PW Age Change
+	Once a PW change takes place - the DB record for said PW is updated with the new PW value and a fresh new age (=0).
+
+	Every login (and PW entry) will check the PW age field to see if it has exceeded its maximum time alive (the amount of time before the PW needs to change).
+
+	If so - a prompt will be shown to the user forcing it to change the PW before logging into the switch. Prompt PW change view will be explained in TBD.
+
+	To support it, can be use chage lib option "--maxdays"
+
+* PW Age Change Warning
+	The switch will provide a warning for PW change beforehand (this is to allow a sufficient warning for upgrading the PW which might by relevant to numerous switches).
+
+	Along with this warning - the user will also be able to control how long before the PW expiration this warning will appear.
+
+	To support it, can be use chage option "--warndays"
+
+Notes:
+For implement the "aging" we need to change the /etc/login.def file and set max days and warning days, this changes affection globally, meaning all new users.
+For read the information per user we will use the "chage" library.
+In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
+
+
+##### PW username-match
+By enabling this feature, the user will not be permitted to set the same username & password
+
+
+##### PW Saving
+Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
+
+Note: will be support by using pam_pwhistory.so, remmember=N option.
+For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
+
+	password    sufficient    pam_unix.so sha512 shadow use_authtok
+
+###  1.8. <a name='SAIAPI'></a>SAI API 
+	no changed.
+
+###  1.9. <a name='Configurationandmanagement'></a>Configuration and management
+
+####  1.9.1. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
+
+##### PW enable 
+
+```
+password hardening enable
+```
+
+##### PW Class
+	PW class is the type of characters the user is required to enter when setting/updating a PW.
+
+	There are 4 classes. (see description in arc section)
+
+	The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
+
+	A CLI command will be available to the user for this configuration. Once a user has selected the class types he wants to enforce (from a pre-defined options list), this will enforce the PW selected by the user to have at least 1 character from each class in the selected option.
+
+	The CLI classes options will be as follows:
+
+	None - Meaning no required classes.
+
+	lower- lowerLowercase Characters
+
+	lower-upper - Lowercase + Uppercase 
+
+	lower-upper-digit - Lowercase + Uppercase + Numbers
+
+	lower-upper-digit-special - Lowercase + Uppercase + Numbers + Special
+
+	multiple char enforcement
+
+	There will be no enforcement of multiple characters from a specific class or a specific characters (be either letter or symbol) to appear in the PW.
+
+The CLI command to configure the PW class type will be along the following lines:
+
+```
+password complexity-class <lower/lower-upper/lower-upper-digit/lower-upper-digit-special>
+```
+
+##### PW Length
+
+```
+password length min <length>
+```
+Note: Where length is a number between 0 and 32.
+
+Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
+
+##### PW Age
+
+* PW age expire
+
+
+	```
+	password age expiration <age>
+	```
+	Notes: Where age is in days and between 1 and 365 days (default 180). 
+
+
+* PW Age Change Warning
+
+
+	```
+	password age warning <warning_days>
+	```
+	Notes: The warning_days can be configured between 1 and 30 days (default 15).
+
+
+##### PW username-match
+
+	password username-password-match <enable/disable>
+
+##### PW Saving
+
+	password history <num of old passwords to save>
+
+##### CLI permissions
+	The CLI commands should be allowed only to the admin user. Other users should be able to view the parameters but not change them.
+
+####  1.9.2. <a name='ConfigDBEnhancements'></a>Config DB Enhancements
+	This DB will include a new table "PASSW_CONF_TABLE" (Secure Password Table)
+####  1.9.3. <a name='SecurePasswordTableSchema'></a>Secure Password Table Schema
+The table named PASSW_CONF_TABLE in CONF_DB will hold the follow key-values:
+
+```
+secure_enable=True/False
+passwd_class=lower/lower-upper/lower-upper-digit/lower-upper-digit-special
+passwd_expiration=N
+passwd_expiration_warining=N
+passwd_history=N
+len_max=N
+len_min=N
+debug=True/False
+retry=N
+difok=N
+minlen=N
+dcredit=N
+ucredit=N
+lcredit=N
+ocredit=N
+minclass=N
+maxrepeat=N
+maxsequence=N
+maxclassrepeat=N
+dictpath=<path to cracklib dict>
+```
+
+Notes:
+
+	Similar option will be saved in PASSW_CONF_TABLE in APPL_CONF.\
+	the main difference is that other applications read from APPL_DB, and not from CONF_DB according Sonic arq. In addition, CONF_DB contain values requested by user, when APPL_DB contain the result values, meaning that if some option fail to set in the linux module the APPL_CONF will have the founded state of the option.
+
+###  1.10. <a name='rdPartyComponents'></a>3rd Party Components
+In this section you can find most of the options of pam-cracklib, chage and pwhistory, we are going to use just the options mention in the Arc chapter, the other option maybe could be use for future features
+
+####  1.10.1. <a name='pam-cracklib'></a>pam-cracklib
+
+Options:
+
+##### debug
+	This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).
+##### authtok_type=XXX
+	The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
+##### retry=N
+	Prompt user at most N times before returning with error. The default is 1.
+	difok=N
+	This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
+##### minlen=N
+	The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.
+##### dcredit=N
+	(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of digits that must be met for a new password.
+
+##### ucredit=N
+	(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of upper case letters that must be met for a new password.
+
+##### lcredit=N
+	(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of lower case letters that must be met for a new password.
+
+##### ocredit=N
+	(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of other characters that must be met for a new password.
+
+##### minclass=N
+	The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required.
+	maxrepeat=N
+	Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
+##### maxsequence=N
+	Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.
+##### maxclassrepeat=N
+	Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled.
+	reject_username
+	Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected.
+##### gecoscheck
+	Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected.
+##### enforce_for_root
+	The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.
+##### use_authtok
+	This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.
+##### dictpath=/path/to/dict
+	Path to the cracklib dictionaries.
+	Module Types Provided
+	Only the password module type is provided.
+
+##### Return Values
+###### PAM_SUCCESS
+	The new password passes all checks.
+###### PAM_AUTHTOK_ERR
+	No new password was entered, the username could not be determined or the new password fails the strength checks.
+###### PAM_AUTHTOK_RECOVERY_ERR
+	The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if use_authtok is specified.
+###### PAM_SERVICE_ERR
+	A internal error occurred.
+
+####  1.10.2. <a name='PWAge'></a>PW Age
+
+![chage options](chage.JPG)
+
+The options which apply to the chage command are:
+
+	-d, --lastday LAST_DAY
+
+	Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
+
+	-E, --expiredate EXPIRE_DATE
+
+	Set the date or number of days since January 1, 1970 on which the users account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
+
+	Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
+
+	-h, --help
+
+	Display help message and exit.
+
+	-i, --iso8601
+
+	When printing dates, use YYYY-MM-DD format.
+
+	-I, --inactive INACTIVE
+
+	Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
+
+	Passing the number -1 as the INACTIVE will remove an accounts inactivity.
+
+	-l, --list
+
+	Show account aging information.
+
+	-m, --mindays MIN_DAYS
+
+	Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.
+
+	-M, --maxdays MAX_DAYS
+
+	Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
+
+	Passing the number -1 as MAX_DAYS will remove checking a passwords validity.
+
+	-R, --root CHROOT_DIR
+
+	Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
+
+	-W, --warndays WARN_DAYS
+
+	Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned their password is about to expire.
+
+	If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
+
+Notes: If we want to do "age" configuration globally and not per user, it necessary to modify this file:  /etc/login.defs, example:
+	
+	PASS_MAX_DAYS 90
+	PASS_WARN_AGE 7
+
+####  1.10.3. <a name='PWHistory'></a>PW History
+pam_pwhistory: PAM module to remember last passwords
+
+##### DESCRIPTION
+
+	This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently.
+
+	This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
+
+OPTIONS
+
+##### debug
+
+	Turns on debugging via syslog(3).
+	use_authtok
+
+	When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below).
+##### enforce_for_root
+	If this option is set, the check is enforced for root, too.
+##### 	remember=N
+
+	The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged.
+##### retry=N
+
+	Prompt user at most N times before returning with error. The default is 1.
+	authtok_type=STRING
+
+	See pam_get_authtok(3) for more details.
+	MODULE TYPES PROVIDED
+	Only the password module type is provided.
+
+##### RETURN VALUES
+	PAM_AUTHTOK_ERR
+
+	No new password was entered, the user aborted password change or new password couldn't be set.
+	PAM_IGNORE
+
+	Password history was disabled.
+	PAM_MAXTRIES
+
+	Password was rejected too often.
+	PAM_USER_UNKNOWN
+
+	User is not known to system.
+##### EXAMPLES
+	An example password section would be:
+
+	#%PAM-1.0
+	password     required       pam_pwhistory.so
+	password     required       pam_unix.so        use_authtok
+		
+	In combination with pam_cracklib:
+
+	#%PAM-1.0
+	password     required       pam_cracklib.so    retry=3
+	password     required       pam_pwhistory.so   use_authtok
+	password     required       pam_unix.so        use_authtok
+		
+
+##### FILES
+	/etc/security/opasswd
+
+	File with password history
+###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
+	Not relevant.
+
+###  1.12. <a name='RestrictionsLimitations'></a>Restrictions/Limitations  
+	the secure password feature is not supported on remote AAA.
+	LDAP/Radius/Tacacs is under customer responsability.
+
+
+###  1.13. <a name='TestPlan'></a>Test Plan
+
+####  1.13.1. <a name='Setups'></a>Setups
+	The test setup consists of a single switch (director and 1U, IB and Eth).
+
+####  1.13.2. <a name='CLIconfigurationaltests'></a>CLI configurational tests
+
+#####  2.2.1. <a name='Case1:checkbasicconfigurationgoodflow'></a>Case 1: check basic configuration – good flow
+
+Test Objective:
+
+	The test will create several secure password configurations, and verify them with show command and will verify in the Redis DB according the new table present in Config DB chapter. Also, it will verify the default values are configured correctly.
+
+####  1.13.3. <a name='Precondition:'></a>Precondition:
+
+	Admin user is logged in and secure password feature is enabled with default values (can enable it in the test if needed). 
+
+**Setup descriptions and objectives:**
+
+`	`All Switches.
+
+|#|Test steps|Expected result|
+| :-: | :-: | :-: |
+||<p>If can’t be done in pre-test:</p><p>Reset secure password, so it will be enabled with default values.<br>Disable feature: </p><p>[no password security enable]</p>|secure password is disabled|
+||<p>Enable feature: </p><p>[password security enable]</p>|secure password is enabled|
+||<p>Perform show command </p><p>[show password security]</p>|Configured values are shown|
+||<p>` `Verify that all the values are equal to the default:</p><p>Min password length: 8 (characters) </p><p>Max password length: 64 (characters) </p><p>Password age: 180 (days) </p><p>Expiration warning message: 15 (days) </p><p>Password history length: 5 </p><p>Character class: Lowercase, uppercase and digits </p><p>Different username and password: Enabled </p><p></p>|All values are equal to default|
+||<p>Configure random min password </p><p>[password length minimal <0-32>]</p>|min password configured|
+||<p>Configure random max password </p><p>[password length maximal <64-80>]</p>|max password configured|
+||<p>Configure random age expiration password </p><p>[password age expiration<0-365>]</p>|age expiration password configured|
+||<p>Configure random age warning password</p><p>[password age warning <0-30, **not larger than expiration**>]</p>|age warning password configured|
+||<p>Configure random complexity-class password</p><p>[password complexity-class >lower| lower-upper | lower-upper-digit | lower-upper-digit-special<]</p>|complexity-class password configured|
+||<p>Configure random password history</p><p>[password history <0-20>]</p>|History password configured|
+||<p>Disable password and username to be different </p><p>[no password username-password-match enable]</p><p>(configuring to disabled because the default is enabled)</p>|username-password-match configured|
+||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly|
+||<p>Validate all appear in show running config</p><p>[show running-config]</p>|All appear|
+||<p>Change the password to a password that e.g. length 33, different that old passwords, with lower case, upper case ,number and at least one char of:</p><p>`~!@#$%^&\*()-\_=+[{}];:',<.>  </p>|Password is replaced|
+||<p>Check “return to default, perform the “no” commands:</p><p>[no password age expiration]</p><p>[no password age warning]</p><p>[no password complexity-class]</p><p>[no password history]</p><p></p>|All configurations are configured and returned to default |
+||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly– age to 180, warning to 15, complexity-class to  lower-upper-digit, history to 5|
+||<p>Disable the feature</p><p>[no password security enable]</p><p></p>|Configuration is set|
+||[show running-config]|Feature is not set|
+
+#####  2.3.1. <a name='Case2:checksecurepasswordhistoryconfiguration'></a>Case 2: check secure password history configuration
+
+Test Objective:
+
+	The test will create several secure password history configurations.
+
+Precondition:
+
+	Admin user is logged in and secure password feature is enabled. 
+
+Setup descriptions and objectives:
+
+`	`All Switches.
+
+|#|Test steps|Expected result|
+| :-: | :-: | :-: |
+||<p>Set history to <1-20>, CLI command: “password history <1-20>”</p><p>(possible: 0-20. Randomize 1-20. Let’s call it X. Also randomize a lower number for false try (1-Y).</p>|The history is configured to X|
+||<p>Change password to a different password than current one and different to old ones (Repeat X-1 times, notice, in the middle there will be next step)</p><p></p>|Password is changed|
+||<p>Inside the loop, somewhere in 1 - Y, try to set the initial password (that was already set).</p><p></p>|The password is not accepted.|
+||<p>After X times, try to set the initial password (that was already set).</p><p></p>|The password is accepted.|
+||<p>Disable the history </p><p>[password history 0]</p>|The configuration is set|
+||Change to the same as last password|The password is set|
+
+####  1.13.4. <a name='Case3:checksecurepasswordageexpirationandwarningconfiguration'></a>Case 3: check secure password age (expiration) and warning configuration
+
+Test Objective:
+
+	The test will create several secure password age (expiration) and warning configurations.
+
+Precondition:
+
+	Admin user is logged in and secure password feature is enabled.
+
+Setup descriptions and objectives:
+
+	All Switches.
+
+|#|Test steps|Expected result|
+| :-: | :-: | :-: |
+||<p>Set age to X:</p><p>` `[password age expiration <1-365>]</p>|The age is configured to X|
+||<p>Configure first without a warning </p><p>[password warning 0]</p>|The warning is configured to 0|
+||<p>Log out</p><p></p>|The admin user is logged out|
+||Log in|Logged in (if set to 1, only if not after 24:00, if after 24:00 it will be forced to change the password because it will be expired, and the test will fail…)|
+||change the machine’s date to be larger than X (X+1 or more days from today)|Date is changed|
+||Log out|Logged out|
+||<p>Try to log in</p><p></p>|Password is forced to be changed|
+||<p>Change the password to a legal one.</p><p>e.g. length 33, different that old passwords, with lower case, upper case, number.</p>|Password is changed and we are logged in|
+||<p>Configure a warning to Y – notice, needs to be smaller than age.</p><p>[password warning <1-30>, not larger than expiration]</p>|configuration is set|
+||change the machine’s date to be inside the range of the warning|Date is changed|
+||<p>Log out</p><p></p>|The user is logged out|
+||Log in|Logged in and the warning is shown|
+||<p>Configure 0 to disable the age</p><p>[password age expiration 0]</p>|configuration is set|
+||change the machine’s date to be larger than X (X+1 or more days from today)|Date is changed|
+||Log out|Logged out.|
+||Log in|Logged in, password is accepted.|
+
+
+
+
+####  1.13.5. <a name='Case4sanitytest'></a>Case 4 – sanity test
+Test Objective: 
+
+	The test will create several secure password configurations and check users
+
+Precondition:
+
+	Admin user is logged in and secure password feature is enabled.
+
+Setup descriptions and objectives:
+
+	All Switches.
+
+
+|#|Test steps|Expected result|
+| :-: | :-: | :-: |
+||` `Add a user with random capability (admin/monitor/v\_admin/unpriv) with a password that is accepted with the feature’s default values. e.g. length 33, different that old passwords, with lower case, upper case, number |User is added|
+||Open a new session and try to login the user with the password that was set|Able to log in|
+||<p>Configure random min password </p><p>[password length minimal <0-32>]</p>|min password configured|
+||<p>Configure random max password </p><p>[password length maximal <64-80>]</p>|max password configured|
+||<p>Configure random age expiration password </p><p>[password age expiration<0-365>]</p>|age expiration password configured|
+||<p>Configure random age warning password</p><p>[password age warning <0-30>, not larger than expiration] </p>|Age warning password configured|
+||<p>Configure random complexity-class password</p><p>[password complexity-class >lower| lower-upper | lower-upper-digit | lower-upper-digit-special<]</p>|complexity-class password configured|
+||<p>Configure random password history</p><p>[password history <0-20>]</p>|History password configured|
+||<p>Enable/Disable password and username to be different </p><p>[no] password username-password-match enable]</p><p></p>|username-password-match configured|
+||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly|
+||<p>Change password according to the new restrictions.</p><p>` `e.g. length 33, different that old passwords, with lower case, upper case, number and at least one char of:</p><p>`~!@#$%^&\*()-\_=+[{}];:',<.>  </p>|password configured|
+||Open a session and try to login to test user|Able to log in|
+||Open another session to the same user and try to login with the most updated password|Logged in|
+||Try to change password from second session to a non legal one|Password not configured|
+||change password from second session to a legal one|Password configured|
+||Logout from first session|Logged out|
+||Log in from first session with new legal password|Logged in|
+
+
+
+####  1.13.6. <a name='Negativecases'></a>Negative cases
+####  1.13.7. <a name='Case1:checkbasicconfigurationbadflowwithinvalidinput'></a>Case 1: check basic configuration – bad flow with invalid input
+
+Test Objective: 
+
+	The test will try to set several secure password false configurations, and verify they ae not set.
+
+**Precondition:** 
+
+	Admin user is logged in and secure password feature is enabled.
+
+**Setup descriptions and objectives:**
+
+	All Switches.
+
+
+|#|Test steps|Expected result|
+| :-: | :-: | :-: |
+||<p>Perform a show command to verify the configuration later</p><p>[show password security]</p><p></p>|Configured values are shown|
+||<p>Configure min password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range (0-32)</p><p>[password length minimal <>]</p>|min password not configured, error message is returned|
+||<p>Configure max password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(64-80)</p><p></p><p>[password length maximal <>]</p>|max password  not configured, error message is returned|
+||<p>Configure age expiration password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(0-365)</p><p></p><p>[password age expiration<>]</p>|age expiration password  not configured, error message is returned|
+||<p>Configure age warning password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(0-30)</p><p></p><p>[password age warning <>]</p>|age warning password not configured, error message is returned|
+||<p>Configure complexity-class password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), it can be any data **not** equal to: “lower| lower-upper | lower-upper-digit | lower-upper-digit-special”.</p><p></p><p>[password complexity-class <>]</p>|complexity-class password not configured, error message is returned|
+||<p>Configure history password with random false value:</p><p>Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range (0-20)</p><p>[password history <>]</p>|history password not configured, error message is returned|
+||<p>Configure username-password-match with random false value that is **not** enable</p><p>[password username-password-match <>]</p>|username-password-match not configured, error message is returned|
+||<p>Try to configure </p><p>[password age expiration <1-14>]</p><p>` `lower than warning that is set to 15</p>|Should return a message – warning can’t larger than age.|
+||<p>Perform a show command to verify all above configurations are not set</p><p>[show password security]</p><p></p>|All configurations are not changed|
+||<p>Try to configure a very long password (above the max, even hundreds of chars)</p><p>[username admin password X]</p>|Should fail – longer than maximum|
+
+
+####  1.13.8. <a name='TestOpenIssues'></a>Test Open Issues
+
+Is this feature support when user uses multiple sessions in same time, i.e:
+	Try to set a new password from 2 different sessions at the same time (for the same user).  – do we have a lock mechanism? What do we expect to happen?
+
+	
\ No newline at end of file
diff --git a/doc/passw_hardening/passh_arc_sonic.drawio.png b/doc/passw_hardening/passh_arc_sonic.drawio.png
new file mode 100644
index 0000000000000000000000000000000000000000..81efbfaddb8debc04ef8e0482a83ce5735ce5172
GIT binary patch
literal 27848
zcmdqIcUV)+*ER}>f?%PeAYG*Q-aCN+NgyF4C?cUI^qSBSMd=C>P?TPzNk^rlf;0tb
zA|OQs1r(5?bohp+yx;FV*QwVzf1Go;D4U%<Ypq!`bFW$VnjM3HLC(@~&{0rOoHaJm
zx1gY)ECoN`X-|PWr{a8qz#mFq3y3a7dEcc)3X0Qb{R}XE?j$F?n<IswoZjD8g0j*s
zp1yv9a{7X@vUXlxk`8z~XCFIvUr7%~KX40t?(XS;cfvb5{QZoqw5*JTw2FkRG)h`g
zP)<i)4*ZgpkyMaTw*LEhJ7-6ae*`K>N&^AHR(KBwPogilgrUGM8EJ4^P8VE(4;1D9
zz9cEii-0>iUS4jFR*pCmJkV~aAg3fLrwDEfn;4<YOa*22z_lCR)e-!GING~<9yif*
z@$qyAcMMhJB&8+g6_k`Dm5=R4+Bw<z;QvF)@l8iRJLkVU65!^EP*N~=G;sH{Qgk<j
z`Y7Omg5zfb9DRK8o*sWcCZixJE2;AL2Y!KGj(^{Ea16lP1D&#hat6Sc|2Pe_#sA}`
zfB-o;CvReqHw58r?k#I&CykT%TZo4pF!nEZBY>wQWd0VSfcA30DVoU}BBW&;tpW|q
zkT{~O3DQB<8iVw(^s%rru|^mZ9qoxwoU<O3=<bddlm#9%gnBt6u!;^Y2CmMEzA{K}
zWrU@Xf?p5;I8E12U)Mt~P}V~RuB`7R?@3UE>U!f`l!!PY)=JOL$3K90>>M{250bwQ
z4l5HF7-S4}vV!>Nn<9u%k|D%g##zqOQU&Ragb-j5Qx_|OwIa+|5lRX)$Dv$I6y2<S
z{p|G2fe;6*EXG3L$PA$y=q2M0RJ#Ppo7yYl^$5NJDuzUNv^hf873=A4XNXtE>A3=J
zUMl`}dMJ6gydKiU4UU%cR*^NZ&~=m7MJgx+NUIpx`T9elNDFry%2Phb-BeKpW`#fp
zA>@H<2R}KuoPrX#LV1H<28wWHc`IiE#sd$NmP7gA1Koq1u!j2P1V<7|$;5@IqX+ks
zHZl%`1i}LBNV0)JatNHcA<n`Ms%T(|vv4uMO2eIyhI$Gp6?;s8i9vvui5&qWD{t?m
zC=Df`l@K0=N>)%sD8$g!0rVBAVvcon_X>o#m?)bd5mw50xR*KHM9;+&?_?sYjJNlc
zbvBp5sQBo)I9nOI`D4rt?R}Ijob^@o6!ma={w`jS020*IFaTm9Z)R`er2}Nj1*wqC
zNhmm68RKA~j3Sv@$oUfp?nb&Qfl8jH7H;}p5CdNmH(gm>l7oS)p{aqio0Wr%qFw;n
z9<EH#bCYv|D*2*xR8aDcK{#a<KN(#kxEo%Upsy<pBM_xwfo|4LCVFNLfdpl|(ecz!
zvhX7qkqq5D4RBZ$7iA(w4yj}2X+iYzG{za3`gr1rrdTU^18I9D4+Vs?nV*3oK~~2{
z*~8h@+=S?i_l5$aoqT;A9L?OoqR}<=Lc$49b12jy&{QeNQ5NQDjzpQ5%6K?P>+AYi
zVw8;K{FFWQ0{ractzBJ>G0JFHXBQlh;X%Ng$hkS|$QlDF7C0{`!pPX$T?Xo4i8Zsc
zv(xd%>9|A9bOM|dAReB|x(*0O6ReAetiGF_os)~5gDw$^Qc#h$^LI4S$3mPvWet#y
z26{wgccdA_%2|gbXCf1%=wxiEh|$+KaC7z{nG&28p~et9dmTATZ&REr8jI8+x+q#(
z_>(-nbj@}3U0^}p=I%~NZwn)QAh5~J32&+3?<Qxi=ZAMSGJ?RQ1Lbw}t$^vKW&!Rp
z&i3w>dj4>Gh!@@t<?id|8zfEi*75f;L>v1k7#SJ+dtw5E0-cEgy7F*cya&|K%N6E@
zITq}IQglSY3=HJ-EuCOMoV~BSTOgKTtfS)U?%?Q#M|yi>bahFlIxq(#BSUX5V}z`?
zfq|k9M9B>9?{DQ}3iGv72FuLfTaSPyxas@JDOy|086lnI4U`BT`Y?w;3myAFu-4GJ
zo+v+qAP-9gZ+9<qy}#x#@CQLY$lOy_#To%8KwwCegAv3^-&Duk1ZxcDvza{x>22wA
zY?qx~kS~#BZf$3Y0080!Lz%;@f~3veJiHu?EG>;xuvT~z7g;wF%-2-`q3dXe^LE4A
zfp$89&W6rr9#|;S9`595q~PglVCfkEF^~om)WaHPDX-_{Kr(cfS3tSBT0&&)JzZQB
z;YzL;Lz4iMiVp%N?}3z6Bue|^mCbcjJoGGq%g|_fId^v@Kcc6jr@STHA;8&F8bPp7
zvLd>Bo9SD*1qOj2rfX#+uVjh^$Y3b1WDovF$Ux+M3E)E46YJ)SmP32EOPitOz~_D*
zp03U)Lq8oi0>((%%Fq>uHMI8g@<RIS+JOd!2EI61d2c@_g#ZE}5NBfP=Y+)hS_fG<
zItE&KTS~)^fzC%x#?`~r8m(YSvJbL`xm!3AA+jh%02I0y92x`jb41Hq=qjTWh>C%(
zFe3|dA0t;oxGr2p#Y11ln`kKu^E0utgITHIRFM97l$^Jol>*U94(em>14ZMY&Oi<n
z@9S;qql7Vo5_LRC1{MTwh(E9nYb@`542Mc6D_I=?i9Q5hxQZPPV<;EsFOLdRPzLc<
z*TaaYLeO=PmL|djd}aLnjEu4N3eI-+BoBXkxVycA=`s3PJGv3=<(wQ`i3ry~3tbm;
zYaN_78Y`oVGIFy#4&2HpcMt(}Epae+n3KLI+Stz0R5r*8=|S{VaswZD8#&?Sl?-+L
zWpF0S(xz}%8ML%CT*(@Zk#>ieBTOMOZsxLJ&FK1?;XR$*2`ca)ABdheNnT$`0o--+
z0!9QXV08=~WQoeM`Xrp26UM>U2n2gwxIMTH{>lL8vsAQFc61^IC<Vy)IZI;{bQBE;
z@(M%;QzJYHJmMxpkn;&rbU?Z&19>{i$3a#O$T0jjI{y`_!T<m4eB=z=Y*_p$D0nH1
z^>t9B>&qE5Bo@oj&hrd|w3jb$idqIiD9v>Ybf{6(I@CWSwqM6>@>fs|_Qugg#ui~H
zI;;?t5wVdGwE973HHL3rzJFhrciLBSy6l0Y(xb^oWB8*$Zl3Oy&%yl%8ERXt->2l{
zPWpf^+PefQXQe~f(-vDj5y;mC!+_^Yy9i3!h=`rjENAF)yGlliaCh$(yZs1$=UEvg
zAx=?cvD$o#C)_BestQ%_C>C38O(s!%rJ!V})S^7J3tC(-SFH+U?vVE|eX$kVcbK7A
zbeBPlJfo7U`e!6<_~qyjg9usN{1SB;G{QjaPYt}dhk260ZgEaOnhdSH+L@TUewM=`
zCSAeu<Ly~q3M%xK`(6tS9joKU#3q%Io=NFv%RpQ?cA|!}F3kTzt|<A^u`pOfUTH#&
zvqhs+OKp&qDPF4`T5vV&=bsC87v*4%62j-GcyG{9{SboZ-fh{>;%dM(Xlj?C8mMsv
zOuVtTA`)n|%Qk(lv_l220y84O<BI$gRfGMHfG#&av?yh+GVP~migu`$vu+uxIto)v
z9X-o?Lx74w?BL1iDvNHm|8+sCY+3t<H1c02PnNTV9e6R;xeX)C<L)MAWgFA84~9b$
z@^9xmjJD<p2xz3HWvwn>3ViiGd^P`hzsBmW%UXWS@Wz*Ov!3NYMlQ;^{Q30-weh^C
ze*CMZrHJj6e|c`-OnwAo1ZMFr2d*Gl0vNBI5xbEe_U-k_bQw3{sHoetl%$|xmvl8k
zKJHbrDUx3w+LyFspTnW<&k?HXAIp%p`OcI>)0b^><Yg5DUo;tZi=Sddw`}v)nSZ*J
zeXe6tD7^SIo3y5~tO^?s-2QsVP050M#I(%U_Ewc89N&)HZ$eOUuu}TY7u;@t?}>$J
z<kO+?_m7KhdQ&&o=8SXCNeUd9#<rx7ltKiY-WQ%yaBXNenlkWwUJvn!F7vx^fwG7R
zSHR-{{Qewxo5El8up@nSam>47V4LzFilO^F+nsyp^8C@=tvsZ2|3Ldm`r_cdyG6*y
z!7;sS1GO-&d%Y2MIXV1vOCwcz3`&|=QL8Zl%ldPQ`EXB0u6jtoy72qQ3?eEty%DNs
zFC>&iVer(0dJ6xJ>=Nc$Y`QYltR9o(;XW{a;APl>u#CzhrsN0stuJqev+|1XX%;#+
z_%VJD9<Nz{9zNgVCuHC<D4TyRIzMP*{7BcK;A`85Dgs;SAKTD8d-|SIkD<b|2fIHi
zdgveSn}UAP=#-(T&LF(E=9Ll=<BFcJ@a0L9Ek#$u((t2<290gr_XnHE^j|$~*Nj<x
zZmN=gzKl*MsURd3SAx-jF|7Qh6e^PuPVZQ-tip(hpPLQ3(c~V=vsD(S5qD=VsU(Cu
zXEJcrXB(LWG>LcNs#jeuWx$&*^OwL|ubLUW*6o<yZ+_v{*2FIs*gj`g*0hZ6cK@cx
zfL)Z9ra}mUDc$v7u0UOb7T*6;nlJe3sjBABo|j*nOJW^+qnk@xw|KI5OwtB=H8NR(
z&8OO9-;;$LDk%;bIe$RAW>7>nBTrn%e6!<;R58mQ!4w9uj8k{|j%U(||C&jO9h0jy
z$<w`aA~x5!FLrl8nS>9uq>jAj-gL7xp5yXyq-}s)3ydLO#;os^&BgFqq-%^yaaja>
zv2q=q)fD6Ej2|!ILlaI1NuB@SUT^=8E!_VuX!Ord!)LZ!h9_@DqW*;?F9Eg3ihY^J
z%Prf3ER$`_;-+6tZCt4G|0ygwoy|us!Vak$zG7maxEaB0r0f?xOI*%Zn|i|W>$!#k
zZIx^k=R5oMv4qy4s*0BUx6PS`evaHP+L#z<g((wDa9VpQCF%nSJ<nT&vfYDS&)^*C
zlpgj*|99AB&2^OAYU5z|kU$YPT#yG@Z2xA)GW1era%xLua(ulG7fr5czvQC{!Tba6
z(KOQM7$_+Bm}i=o{=s!KW^?0VKJ*`+@C82F2nt$ECPjPCx}-jhHU+hI+aWbC`p=e3
z5G@q|;#47us_G{C0ZJg^80(|S2chxYkrW_Q%%9dS6JOQ!18pd%f5Itnj^R9ccR?H8
z8-V~Jdm9<JK$~OD5ty;*&i_xUg53C6hL!jDtemduFM5_+{o&=RbTy)60*6BE6|;1G
zy}Re?+&by!z!&CY&;<}~K<{~JuhsiR;cz%%Vd3c4Z{CQ=$Ry?F<%wu$WK`GGbW9t>
zvDJx7M3WtDXx``m=kY4t9LR$V{T!<i5fkhEZQ$i4-MqV0D(~3CV)8W-gB=f*=00}u
zAz#~oWp}cmh@9NeZ#yF+TAL=)z@RxR@f0p9=`Yoa{Ji(de==F>l)1@k53n8&+5JD|
z`3pUg=B({>_MFF3+>9df#QM(7{nRR5wKQINC7XSgMzn#Nig(71s)_jfXHEa$Y)70#
ztCgczRYPXzEy)bC!hHHP5y3S&8<=T9ZHgZh{yzKNrmLUC28T^+K!(TXF225DDMTd&
zt0?MzWaKSj<$UR=+cZeh03tS;?kP@&kp-J8%qnFWp9^L6{SysY1-&*kXzTXP5ELkl
zFMY%kzOCNDqXPe)D1?};cZd}=kLTxqBO=a^+Gn@Ed|OxdR<W1SeTD*Eos-2kUPa<&
zs%}ia47>GdZM3>tMC>bvV}Y~z?#P)QqxboxR)dRB9}dTSM~j&Cj$$`*GU_=&qy&*C
z&q^oiQ1Xi2{&=pMQ20)2wbaF93Z6PyeC}grd9lHgq4h|+K(rl!DmIFh<PzcMYq@&$
zhk%;c<7DP?#NZAKwBe!dY3Jl3+<RG6osMA1$I9I39xt$XA|g_$rAGq`@j+Fy3;5}8
z0)Bp5BBHj<XUOHKNT_A}fWeb>POq`i@}Vf?X}?1he}+cTO@e&6slPSqX|<)vH!GIu
zTR@C<CJ-~Pp=~OL?%e7an*MPfVcla{g2@xNEHY1xq<idqT2gF-BSSMJ5yqopVvrY$
zc%xXi@LYA?Tjj6y2nX#&-Z-jOL8IZh&$NE#&c#_3K__ETE!KEP4VhnMa*%%H=amO6
z$SbicAulOerMU3f3N9RA$<u+RJKqG6F_u3o_FR5!H5Q{cN_30L0@{~VjcJIN3K~_F
za(17&TE7qZL{G)bz)SV;M+l8OUDa$^Q<m1WesQ-|abJdlaFff!RSg;A7%^jfEwPuc
zs^Vke9@mvBIw#<#hc_v{sU9`oc!}{|+Fm*zmiOToLy0fM|0oz&ovfzxlU-zkE3<jR
zA@$WIFmVNFZ<He;lU`NUH492~qL=jR(k+pr%*?4%b!!w+?DPeDLABC3{?ezx`neCR
zFV1r>!noVMNQ3dHLJ}s1El25@)27x##YfyNZ!JBqg%7*nK1-jaHZ`X3%?NsN;R+g`
zHiYkPCl7y%QIlwfkhAEMrLGq)Ypv#Jer=ptWZ!x9dW-jl9_VPTcZnUYqg7rq6IMN<
zNmfexxgV-!S!{cAY0^@Uvm%ELnA^+HcI|0G=^5tIis|bnFGk9>1$$UW3x%$f&wq}g
zRwb@e`L7VOVxHZ`1B3`Ve)z2AoA#w!Rkr369uh@fUiTF>WV|IFEn;iE=M{qjUVpvv
zoT>081?_?kuvZavmbsL8H&ll!%eB-@N*vMKt+zJ3J5b10$#MmZy~}Z@6y?vdmeORk
zOfV*~PTQ^xJ>_(1dzU#*I$L*)@OLQUSih<MUXewWt+-8hF$Sae2}xSv+nl(9u%_Ho
z43(EC*~H%YFHJfXVJypSGMDOVkK{K0xM}JO{pr*z8@^{X41$3`8!oCI);w{BRV>Ud
z7ew~i7w0ODmf&jvIPnuDJe5V1)MbVd9dy9O6&FR(FO-V;r`jie-rQXZ#tm{je>P!e
zE*LxbimOvx0xk3>D<|~o?84`&xb}+ix0F;++Fx>7y(kf5urTs^>Uu>)aE-p0GBCEp
z(i~jJScLkcyX^Ee^Y35nJ?G9TO&f~3P;vOnsyB9ISLy{*Ye&jzoR}rw9o^TrM((K(
z&(KmmvZ`5ly{NC+awJc#xSl@l=R5V7Hs4Jfbn{Nr7o5Mwp6WqefD&s0-O~oe@z(Li
z9R?fY7U=tl5%zo7>Jm&90w7+V;npx(X%I2KMtyh~s>K>7GOPS5xgB(|!KBTr3b)~T
ztyO2=D7UQ4tz^2Supo=ID;U+N#FaZU!%HB+-9<4)*}v|ycEqL~Du&f$tgH-Pn-tc=
zGi--baiR|eSCsq)le70Vf$tA(=?WRdx<kT-R&ux?U<DFVLy*6!nx8JT*?OaDj4ew(
zW?M*BV9d)}Y@2Szvfj&%Rp{N-dW~SBcA$oFshXrcu;BWgsRUO#X<xo^P%TZyRPCfO
zBNq`rWoBs$tZ(%kBf)eq>kQMH_jeJG(bJ5KAKk7+#dhd_#@%G?Agpay6#IX7`jkia
zi&X9F+jO_in_R=K@oo7u8(8j~i-pW$-TNCt%nP5UhEm9x24n&`k4~Y-0`Wz+<u|Oe
zrl!K?>CoN&!R`~z!ph<gONO6m7l@I6jpwp<^x*Hs40ylHCS0TxyG~EI^l;k$c0KH(
z%}^}aA#8T+vTERhc!oy6%^ph$Ge=J`;{wsQ(R*xEp}(3f*kOW$V_(@9-wkY_o<l`S
zP&MKmDesTE*U(Mc8;xC5?|GKTZbh(GoK%=2Uxz&Wv0msFRF(X$zvrc)bD~Z5hLGf7
z!G;K`Iz-+eEhcwiFbPDXBFWi~*_322gIeO^HCdbZ*308!Huaaur53S~dh}x4Z-8v_
zb%$8K8GVLIm+B;r&Yd7GyYdaw30a(=(vkHyh1u`Rf|(|Tb09L#53(lFGB8@+j%A_G
ztBgj_Niga1<-9^EUycURun2+B5ykv+a^mJu^7x$nV@ydH1eJ0}C!~`h+i{!<BAi-#
ztbu$m)NbhI;Ab8yY8j8~(U19lf$f~RB*N!0*!@ZpQ|g%ia@_WwDEi?Kx69}in=gJJ
z0L-SOCttaJMML3%Y=sk3D<n3H)EDV@uzR+r-usr1Pc-RdmG-MhR1rdl&tV_-?0)49
zy3^-#Dx(?rNQ_AaMJ{Xn<-@)Tx5&NLYgCrLNyYO~>wg4qbhzpyDAhJ4K2aaV%2r#*
zdBuymcF?1G<K79cxQvESmysljau#ZT7)c%JmJP@2^7JgtYx9`?+Ce?FanL-WOW8_`
zS+o9Cns;Q|g&$42eh4z>i&2^>BfU2@AI@wP!y3CnPTi&oW2~I5o3Vm`9#&3TfLvMx
zwo1mXQAJ@+x_Bv<T|AyC*XI6DsEIBczM<z(Afmw|+WUj5*=L@vd21?I-fscHLqLTu
zm0@cZ3ev9U<{HEWm7T#AJXuqk4mG>_!ZT-0KnUUDQZyO~?MF^k|L&9jT9<u?zdY~r
z=H{+UWEb?k@b8>5A)0C<vrP3zq)K*CRP^A`P-v0)K`~&4fuH^PlI`Ed*BjLGqI)ii
zvGNss7x5ema!y~fM(8n)GPXnCZ_C(VcTS4N3_nrvZU3=?Eh;p9q<f3z{JEk@-|u||
z=6QxOocTLzmU?&2bPHPFWGc<;oOS8je>7YfW}mLStcBY9(;y%IQMbgpAbsW)^ZrcI
ziH_F!Y4^B;xCYHhY)IIujl0Xr<_=1|L^*JG|3yOUVE2%a3*v|`CFP0!El88;ty4|V
z_Z&*>-@}`iOc+@+R5;;M=a(US=U18w`sz2F2RhoR34@g}%EbP|$=uNAi<ylp1;fK)
z+yY|V+*=!ia)VJ^tp`=tH|-W$4QcnbZ(N!BdE=@8f9&Av^WW(?>v_IjNn}&(&rrO_
z9XjW2e)ox9#Y%IOdx+^n#mt@*Nt2qX%rKM2n-?OSn%IUnC&WjS(luSMY)Rx)`LjiF
zT-%%B+>A*nmo2bZ?Ca!*4=+HCjHKI29=qE%_!-x7UApwdq*gQZtJ>@fl^>x-%o}gc
z2e3S-Q{TOzL;5i}Cdn7%`s$J$Y?ZtJ!?sfAhx=)FPn&<0)vdLD@q0V)R>N8R;%L@T
z>504aI_Vmor~JdV&4Yfm{HgD$CaF)=KYsYD{+aLh{)XEzCv}+2yT2J%nB@f3{h+6u
zc@ui^!$hFKp~juUBckl&Ky8#uT>oDGT-D~=hf2kywS{ZAB@Y_<xmdVW{kR5KIP_PH
zT0nb;sK{b6gIay4I6_K8jyLVuJF6+F=Fs=QAOE&S3=!q7K?pxbtHs-)Ch4b!JI?Lz
zY|~lS5m;>+1Kv~6rzl}xdf6>~u9uq(zd9NbLzXwM`Q<eyz|LPkFAlxLS06|AOMFqi
z-Y+F+n`>em<2Umm%)GxbZYqcSo|a(A46WzuPu={w59n#rlHv;0IlgL$ZnX*qr(}Nj
z$ZC=hS$Alhi)>e{zHeEA7!xEVAB1GGNI?I1XABATu{mB&dKXu>&iHlW5xRjb<Og=8
z=0qr0ag}9nHG`N0o&#ZZz4b~S$YNw<1}I9Sp((;&2oqghP)Vls)3w*e*7=#X-FBGR
zdGPh7EvPFJzH9A2mwhwyuTGAoA5L+ZJX?7g_wm_L3^#r{N^_e;d6q|gmyOShondEg
zwPg$N6YHvQYr_=PD-zz-($L<=nJo_{zL=Gf#*mr6_)brKvill^@!sq*$u^83zpy+d
z0MMR2`(n9(!XH;G01iR36HBsRRW&N=?s02aU&dZ&b{4!>HplqByjjiHtii%TaCzCN
z9JQ`O-;*OiBf__q8(oAh+f9D`=5@#PwJi0>H5P0=L^SXq!`7i=If1lnIog7~{#ux)
zd?k0m)4{P8bN1mF(yv#1?**Zdx(1BmZnh&f`mY(>8-Eeu)QwB#&pGUG7Ei628|XU!
z<KxSADAdU1<J`HRxtzZG)SvkpVpETkA^5@XgDniJmfp2*gRL%&g=~)T2NjNPlnV<~
zXo%G-cR!F{2W(S7W+SF5gI@EA)SvdxTV>m79#_ZHESRwKFPt6Os*)uQ^5pDCOiw%2
zCk}7w{5wEt7gr@@dJp(4^pWzpMVOTb&VP&_XgI%H`wrh)F!`ah&(Cxb)0Ho-vm=|W
z9*j5)G&H<}u}Be8=!#0XYY>Jdty9wlKA%h(b^fsSpz}6u!?g4KvU>f&wXpscoAP;;
zdajj=_o3}Q8e)SQoFCk9g6t9kD=MIf@o-+%Vu(hfSGTM-AFpi_q=M)#r&jg1fx3OD
zffr4XsL){DBj|_y^WPdu^e)ZYer72vNLw#5k)m0`hh<C3ZZ-33?A>li5IPP#XX~_W
zAOyGJ>aydofnOAiwv2Gey(q@~!BtjHj5(UDm?@Ki>Gq6B`FJ?L$F}ZaBJvK}nwE*l
zX5pIPpPZK>CuuphAsbiVw)cBLF!3KZDD=BFqwfD#)LN|CSM|w~n+q<n;9Ng|9-3-?
z|23^H<vvk0;-9A;e#JIprga`}n6&hJIJL=k>YI5BWrnBk{qdyCGJZ07Rc6CEXlE3K
z>uA&3cF4K$OE)X5ymR@b7WduOG{xS)yqDJGrTUd^tM%sOS3(*RI?xBH<8wlQj&(af
zy0|>%34CL$wXZ>go0n2a>5cnq*TPLM7r=8r$h<#`Z<%qpv?Ub#@+cxLOuv`s*}QRC
z$bt6?K9j6<GwP&C*wvU#W%;c@3#p@YXj#6zeL(K!C8fg`LeYa#XIg@@c&Y@#KR%YP
z%nwF1g=S4t_z@#FdtXo3dw&l9;$@iXw=mzfznlFnIGW56B>W@cFYQw)<pOXmhk31r
zf~&mwre?)vJ1XKA)TIgv3kDBQ1b2L`$H;Foi4k??A>{7Wn7P%-)q|nl)<Q<H0NUvj
zZ|*gJ*)w%|m%*PY+Q!@>RFxe5O{BVKHCXUg{{zfC`#@l$ilr2d=;Gbh@7iVif_DM;
z3uuhdfdhEmJO7E>LYjes9Npjf7a=eAA<daM!HUPL)4uFtI|++!53c)W;M-$w8lC5u
zZx&q~P#zSpQ-AgfYFGK94!yM+dNz(6OWquI3rN}9mEadM{mgs+am4ipkFYAe9X%R^
z<cTL~nC@`uU~8G!#MpqzGyVPz{b^I*1OxY`(3PJ%dP4hqLZwWBD-Fx$lzgBRlgz?R
zF$qdt78*ODtM2!MnM(Kh72&Q8L5JfXHmD373WRLFe|$FT;DpY#)<<Wy$7c2LOT5xJ
zaIjs|c51OQXA-jwe-ivysQ&EYtDa1Lv7N0ZroyyvGd}cG>Q26pXQNiw+fc+eAwwWO
z4m1B-l%~8hH1uK;8T*vslOqdd^A)+g-3PXffy-ELES|MHO+#$acyBP|&8m`G@JhTS
zPH@_Fqt<!;P}-q+-<7V)$I59ZzyIFbZYdppEg9hR0$jmm&JVDpk=Zp{<d44h!k5*R
zTYoT4--_TrPK8{)mbh>Jy!}`z+V6Fetz!1(XUHNW7FtayScMC-czeB=Nzg#GF*S*t
z?4}JdKxd{-TzI)j0YB%i(qqwhMtJ(_?C$*5c~XPRetmz>)#jiB;1=9b*xD&kw0flI
zNAXf;xuOZ3e-n}7H#J1H!qLD<=Xt!8ad#-%rz*LhY#nWReIvio{qys^=7OO2{)N$H
zPoxRIeX=uu!hUM$akh@Zh{XCpJ>GK+2$LIcdRmKq=b07zEc*~jt4#x+E*~r@jH+0d
z&B5OU@a(J*6H1$9H+{0L8`s5J4||{asmLU7Od{1<k!u>XbH+2P(_6@@hy25Z6I_Y>
z$H4hqW==|$eCf+_x7wjHw4%Om05^Y6U|%9H?ZiP{XPS>VW)0Fe<X$I+D5jJ7^k)5J
z=9~U`jS~8&%!}KHL#UP@eCKJ_#%XaJYf(<o=rx)uy8AT0eQrd&6S~gy`GsI&A6KK%
zMJu@zBjV##$~OVOA&M-xJc2iWZ*CIq^FpVr_F_AOn7i_~t8pV8qSNP8_it03q(i`9
ziEl)*_cB2-s`euL-w)8Yi`wd^YEt4H@mq@o^>!#{)Bp7k?!>T8w<3$3z+n`-o7OPy
zSoW>7nMxtR;c6U|7*t4);&qa`q^ovs{InW=ewAMI(xrSexaqatx-z%j-@Ou>uOGu7
zeu6$MyaOs=XElP;IsnBH4wwi)afq!<h?uWrv9l0{1UE*Ky{;I4c3$6Z9e>oXjLAO@
zG+ephjy?TN)%`Q!;a{{2AWw2tiKxFQ5y$C|0;p<TZ^Ev&4fEC0L&FRanBpAg)oQ@C
ztX0_I$N?%DsixPA-7{Z4cpY~KKg7xW(dRc*^%-CqmJY1hMJ?X79LV$SMx;|$(FuE)
zDBP)saS|_HLAz-l%_@g3TvG6`pN<v?IJjPds5z4>>i)JA?|KvS=%YfR^cg@+C|wXm
zyB($*w3;Kn@Rp2}rSDEXEW2}JVpe$1T2W(vzxhhdnQty;6u1Hf^SzO~^{@>1S$46$
zl&c4?Jlp#jYK9J3SCMOSo2o5d6#}x{BWLw~q}{<_r|$-B0Uk#6^_@7@$Ke`#rw;aa
zu0YLNp#Cdmc8eO~Q+eZC-|dbm(Y-8!K~yAN$p!=TY9yfEnLK1a8vz2Kv5f^M_=sok
zhvxY1fk(+mlc;6!)q$hy7g6h<rjUL!6?uM;ySu|L-MMa+Y1bG6w_VhkY;ebwZ%h&k
znZy*e_%vglA6CWzCW|rB@;{ROm?+T_2lIx!&=aEOQ-@oLCofbjKE8!{G-XgI$Kadc
zDG5TV@i(4nc6fM&mNs6*su-70jmj~^(urQ{dNH*~3iwm^!*BN&R@Hx7oHgdmQ$u&c
zfV=;bjcsAB0qbf)G+A)ci7roORK)idz5^<oHH~QW++b8~*kb|A%N?kds1C^J8Q|w`
zYHo)b9B1@94^Fd$&t0;7W}CEBTP8Ub5&LEg)E)Z%w6ZmKUQ1Il7>WbTKoH?d$FjPP
zw;KF()y!xqgdCgy-xK&K$qabT9KFcw@6Y0?BOK^_!dWpSMn9U(p2h!D1aR#sn7lDN
zpl1VaJGMhTG@st?<k5uho6LP)qlT)dnF2b>T;D-C%HVeFk#5{=gprFh>$%gp*)zOJ
zWUI;<tw(_%X=lJjk739BB;+2;%2f*sNIV!s%C(0Vi&%-Me39))iOH3HL1q|0?r;<s
z#A=*l@B$^1*AGA3qWIPjUSw@i_L=5nTwg&=cZ%N^*@Da0b9!TnQ&N*9^@ZdPIBa^G
z3`YTN!l~rbUfTJSPt)$-vjBlO5zH~Ael42rE=%G4%GbIxvHEw+s~*zE#*08ZOjz?4
zs?CiwM!(Y4+GQ|^ajK5ow((iN=1gC;?r1tc$8fQ7ay~9bc{CDumCY~xz1j1LYu}Zt
zs&}^ax6Xhnw=AuCy8julQthuLBrX|)$u49we3t4|i^zpvI&Cn}Dq#J}F3ylDy6oKo
z>w{0VKJ!rP8mENHZ(r{6upO<v%6c@v@j8nBaU@%N4~s_xqv91%DXQ`v30NMlb8SC*
z^!r9mB<9hGS|vSotstnXr#^i~kZZ&|vuR9i@LR;ueTyywwX+L$_Mle8sb=LqO1fAH
z@*qO#z_b1Pe0nZlUPm>IteSK%h}pV)xyJA-1B@ooDN$sg!d5F?&N&gkM_(oT%=N|v
zS{E3wUd3V$<q}Z!S~ffMEk_U))eb0;&qKOiO$T2+rS3gTeVoC+jlZZz7PCT|Ev&X4
z6<U^}2cj7TgyrQ?-l0a7h<G}o$bXAk2dXm?uXJ6j)?d&th=q6OT%yI?1NwtB=^u6+
z#<B`&g!~zEe%+TO0I}#y<mzZeT3EDC@BLZMqv0k+SRj%3nYNoLDJgTYWtxZE_D~a(
zJc+B%Kh*nvZx5W}mlQv7%1t<%k3sqgkm<$#aFilEmC~x>y4iHto`l(B#f0Ps5AfT+
zzToOB0Y6awPGgGx>jvhb)4PY>ahQ&`Z-c~FVRWb2zHzBlo}sP<ejiLPN?6)Ry^%C3
z%L}mtbr>%Lqy-@mBtr}Dm8MyeSXO<#Qv?r|xxs-N4>bXSTZQl}ScV#r4M$T|Justd
zrQHSr!@zS>Wzo+T)M(QR%^o+j#|jh;J%uAdw|oU1=LFHopXP<om{Wd(F8a0^z~}Ru
zjQ1f&2iQ}?{M8nsXu~U*cj*doZxc8n$fvM^SGQ>5*n`&NG`{y`nB*BI<QhM?GVmcs
zPo@EsVC0X_S<vQlm97cB(v8y)6N?@J10#Ip%ALr_NMUvLCrr%DBC4wCfNc>`Q@grv
zQ|n@`c8-4YH1!!iFn6gN6*%6Tlqq{h*8I-TGkqk>kB!{QOK~{SvOODD8@%OlZ!7}Z
z(X-&#_8*nC4nAe&hu1@YTc*o8#wt8HBc{{Ff4n%nQy86=cHFdE7)h@pPxAkel9e5-
zSh<*Sw(GyjZI0o8m)jW4$+p}Ed<?%p@1q93kRwv>T}@6F{P^su(D(xg?y#ZFr3%+L
zKfszR8m<xJ!+ReTOf3)NF9qL8#TC%#=cQ5B!`Bz+%*ou>4KsMX9#FK?3A_@c)JUVO
zYx8hW%>EpfSgx#gzvigYsvyeQoQC!@6euzWipFePT-ZQ?X=%(ktDqx}-M)ful$mxx
zUpoo&3{w>;Y1<+$X{4#>_DOr|v+up$%Pp<?s@q}Ai*4VPj4|XBT2~gAMoMS3G`YjJ
z?ZzAYOSfNOHN!UtATm>=80yi<_XYf3(p)qxWc$~*PY+i+nk;?DxixK(`V_;Z?4_;F
zbeBf^)~T~DpDOLblx{~JS2-!D`UKiuylmR&Q)6Lg7g{k6*_tHAJV*-BSWhT>?ml7o
zK3!p>?)sDSf7L`OsOo7!f%7gfLP+!LRZV3P<3%u+C2Sf{pXWY3h4U2n&!`{QE5Y}#
z7z!;+M3z9$`Fga^9Fy1-@3%A3VIQ#*&)vx>ohpAT=be$ed33NEUhB}!6!f#IvxvAl
zwUbJWvDDS2I{0CGl>0q1I1vC*ny1c_zpMq#2(*<qmOs}&xE_A+JEXLm6}uK370WJ_
z>B;wBkKDX`-!syHH$ms>KYhI1hP}0aLD3VOW|~@<ZCu?@9eA|;!S!!bn@@YC^0soW
z48gU2OQK7yD*ATTd!;%ix0JyYKmKl`rFwGna2N@Xc@Z0|N@w~|nomev{EX5*#}}^J
z)BjY9f1MECW+Vt0#{UvWb1Hef`?7V~Sc!0x^SCk(zNynAay3e|IivpkE0mq8>(pix
zTi?mQ-1Q+r+s8-Nz`!8z`YE@mrohC_%kGon+8zJ+>Hc}jFqejX3D)(Yolx#4%_}a^
z-}|$k9>dY$!QLVml=g}nopvy)oSYogb2n^>O`~F+%RnSFP0}5vcea-9>zMYoreea{
z6V40mqW36k-Nt0cYw-_AqtM9)|6)+;ZXZiherL=J%G-TURP=(kRtnxfRzjAdpDlC?
zWywFSI)#Z^bEEKMHN&ZYzr)VVtQQj#lbJ^O!ecUhs438w_2o0Hyr7^#lU0=G?UmtT
zX6l|uk2(5-3C~u+K7J1A8x-E?Qsnt~=O4k`UsXJLR25%EuBLt~xU60~y34);#<+uN
zrN}(5Z2F>BaKzeAA!TN^H>5v5Ss<~jQsiG14_77|AA1$Oz8p>~ZrgHAzY}(ish#x4
zx&2{dJhF46z$8srRdswrHhZX=GH@eseXd(RY@Z~4@MtgScem={nvC6RY7RN4_`GCE
z>C8}$E2%1D#a}O;W~=7wkxHAp2|(Ss_sq2mCGl+~mZk0I?@QV=2#ejgRU@70KBF&X
z<26gVgXunXqGFl&^HUOd#A(`m<wIsiN5=qI3|w_Y;GF4KEA4CXZrWocZgrA$DusJc
zsELUXpoi=5=RKF%-qwWLEVr*cNmJrVyYX-M3x&LV6Rhaa#bEu?E5}~=hWf<B2#m9z
zLF^*swa+hKF6&c#9fM6Z)k(pa#T-uPmi-Jh=neW_8^?)rT+LaoU5lrtk0v))xPT47
z{*T&3-Lk{AmtVOZ;%syOw0zD8@U~aCSD%QXsHSAZj^Wk6kFg)`6qchCRo&GEUQyxZ
zqv;>3Edp^#<mS82hu+Gy(*eO^9Kq<swTdCtCHX2{Mc(!vnbDU+k{<f#KiuQMxUN&T
zF=KnNh7R)=j#QuJF#y9<-QTGdw!#`;0yV)dYCt$A0}xr^qW?byMV|a$3StoZ%l7|x
z=KqGWC9!l{_SVq701g=(b<~|ZCFSr6x+ekNYQ|-<va&9_n~TF>j0wX<=9zkbZ5&S0
zvwf(=4++c4T2y=~3~mNJGpYnBOiK|jx`c7bg0j6w4joOFeDnSTbj><gZ*6*9+13Fp
zh}`IC+TCxDJ&Rx&s^zwKMMOm8eddhDUwCE-e=4<-n(dA~A4cAD&I(Ok{T{ma=l$;=
z!w0$Ff<#e8+FWV@mk&KYWb2>`O)nA#a!(c%7V=lij*+SwFvj-rRXv>zPy6+Bb=yD9
zZ=_1u!a&ev9zAi-QWN$>S?A5&^Xyq0b&Q;xaa}zQUlp``@1J$a>4G*G6~x`|xOLvx
zAzjg3R1(%AEd<Xr1qF?q{QS#&UQPO)o%=f*#jc~}*R`f=obM^$`;o+drM%T|aj?94
zU&D6$TKF^Ty7tSjXi_OR8b4F*HIqAH!$X>PzCD)rn$a$~R$qM~E~M6Da{TM}t?BUa
za&OX18>RQzcMoN5<>uzz_VQmEHjZ~~@!&<@<chPdz2l}G7efwtmSKPgKqepX^V2og
z)pdFsN%Z=`Wf7<^`-PqF>N@%m$k0fsRq^%apjuo9UC_>aT8t2tF-1Mh(;qLRU03!7
z@46qrB!<8AGVbAKeXX<L!Hox5o!`4Em_0`mQtc%e{8il5^~%Jrpna0=+xmeG9CNSF
z;HzHW{Zflv%bv&GAzf*PnE20H-{V47KG$!)lk5Kg%!h-TlGMTPQCn1NSm^FXzgEX!
z?jAR5yC?(l!Kyn3TlVtBdO;)D0JgE#2k$=VPZPqtJi38g7w9Lxew*r*j^X3{fWry4
zF63(nCYF)9^TUr0`I$vqZL?M`B3B-vOj5-egON|+S!`pLCTWrdwYBmMt1Wx_2P?DG
zRk8tt>mM6NI-pZhhd0~5nvdTlw>;1!PJ0?SIQGdDr&$_Reuyi}`V9?6dp7@0WjKrP
zFM-_S=Eo(s$4brI(>lcHqnl_1ZRW(GgPG(P{RKvD2fM$A3(YvI-uBOSBu&h`y4B&6
zm-6n_vR!`<-1$`YLo(pVieck5v-2)H$(esUlHoxd>*@=iVL=H-T)!yAEvYs$?J}w}
z>aE`}WtvC(zTV@h5?75{<oRs}zs_s-(aq6YF+K4A@p0bzR7$SMR)4`fyNHe+lhl@N
z-Fm#Z$Ld`71DqE97Iyx7M_Z_;V-*g%F0<@jW|H;2?o5|Gro|8J=cK;vuCXfLbD2mU
zN~KIX>r&;Yy^~3Pt~Y&Hr?Nczya6*7u3z#a2VfABI4^ps`~p2WV7%jORrQCN%{Qp0
z3C_{vsP>+FYw`TDQ~+qexi{{^{|QESFe-0bVLyt7+C`;~_+P!o=S_b*@E`9;=<1m|
zF^>Ow5f=rntmOH{I=4shT>i(y$bg%F==vGYuEZ}EeBK>sxQx+023Ub=pZM^MkLJ-M
zTHI3F`YPZn@#2YXL4v21+VbpM(p%DVW=e+>{MFS%q`n#{2C>eU<BVMX<0Qjlh+|||
zBo6+E&}i27W5s{UE`7Cq>OYLfMY(AM5H9zAYV$d|?59R;hGJ&YS=y@VEmmNx%%Q(E
zsHAqC@*96hGz|v`E>K;)^&tQVSL6kD+73kjPeI4n|KA1ip=GJ|$N#K-?L=ZQ51S$N
zCxX*5GhxhEOtV4OqFT6hq5qG69doB#HKpU%z@_2h;VOGb3Hn)jD5PF5m<{XzuRqWv
z3=4NMw2_`ylx8Rc(}X$u#jMINA9f4^{M<|Qx%<a$q{NaRw=!4|XHN?v*60ZA5{Ou1
zB+c+cb&#N4G`XqR__jdsfsFlI#NuFq`$x6a$ycQ3PfIgYfxHF9%ruFsS8_{1M4#}@
zSF5z@O_O3bA9(=RTzokN!d3q~jJtoTY4N4fNfTbuvsRFb4wu`g?Irl#{p|wM(%SH&
zFvzlHedC3%W16?PzmC;NafzV;3~#P9u39{jbu0pjOV_#DnYzA#wHMQ2CIChAC{LV1
zI5^~=49-dDzR*AJC11@J@67LT;+qUr;AzL9LbK!Ta>>;fk|2RO_u6re^)Y-RL?=td
z_s*Y{Nt4G)o`vXV)+#=W{hU|gote*HKVN7E_Cb-<aUpM|JS{xOstv>iGc<xzL98iL
znB{VCcX1IWOI$^Ze|hdQ@Y=ka1v*)_MS>X_Wit!G5I`R}{q{x^a5I>>OS48WSYc6-
zFy!~e424AP8mITim2Re^FBFs#r{^A>y}-%&c&Nx+Kw?7AhVpWoQrr5$g*bMpLbcT<
zxd@3o5h13TPPMfvuP?en0X(6K_ap3?#m_jD2M&p&q?&$Fg@O!WxRL1j{s$zAw~cx#
zcvWL<8f@+<sHv%7+R?0@>tC>el+G3STTd>p1DK2s?gYmo^YN2KXQ-chPQ#k^J9VR)
zMdN8SXuZ&$AiF9?6<ctZN>#cH<X(cYUs7~?$i1A`N5N!dYRVGX@%Z^AcLRNW>Pmlk
zM`x-}PpfN)?+28^+DI_iIkP9q12ve?-y>EkAr*8|d|xVQC=b7^fvxxHEJgfaJ9mbz
z)ER+@P|-IZ)Jndzgzi~@?6(LU(98r!ZzzNR{50M-t=s+mLyaymLv8PHZ*@qlqKTgx
zl+jO6@AH9n;YB&|71V!zjtOuNN_$SJR~U3;j@&#!Qv`;u<>S2#GuR9W0_?q!p}U(o
zqqgCbb01%;*D$telE>6%-GV_x^*!1+n=6h9;bDVd`S|!0S7jQWvQqv;;tiO7yXf$y
zVcutHWqGt71T-8S?$s4>`ag_rYdt#foHdF&S*mmE)RpQpg%6V`{uBekWpAw3={?6T
zn3wIGEhZ_#NzOFBF(d4@Avz#52xfj7f9~$8C3|j_vEsDv`bl~;*iB!8otWG*q}W4U
z;JnHE3*`OL_0bPRw_EoUuclIB%fj~8AW6INZ^Ed<cIMfu#JleGTvYOSa-bT`UCa;q
zZ@G>5L_;O#+{e<t^K+y$E!Tn@lpb}+7DfT<bH*j8;^f>OuVe+<_RdcFSF@vezoZ`P
zM$uv4cwvgwKqnUyKMkDyIn_L|TDB3wEPm%4m*|v?MU9hLP6UJGUc3U#eHx^l3}veR
zOP`+FFT~hVSHkDn6<K=jQfNJz1;Z%FRsu4p*aML;*T@P;3$BB;{93(*y3>5|(@Y-)
zi{>Ez*tj_6WiAz;+h7-c<uIZDSx1gTcXE4@{QknvwS5qf<GvrRG4FfZ*mDozG_`^@
zg)NIM4BknE9H9X2G*A61)qlwnLr#wMO7uVdYe<rW^#U8J#4v>>e~qF(pP$I$uXhJ;
z0)Bz+jPuZo*HT0FuNs!0Pu#y|ALNO5<y}QKgJ^VF;soKU8sP+``!Qet#pSW}?$#>2
zF<_Z#57PvXc{4@*Y5JHmG>K5wZhHs#1*boWI?vxfl7lok-9A|g0Ol0-rqk~$5qrg(
zSK@c;E(0PYxiDdAR;@P>>(w63ND7Tl*cbIT7=H@hC1`CAF7b+p7z0PG->vYSSpHfj
z%_bh!C8O2BbvKk&-gD|&lMTln>d#v7WH41#b>m%y1s*uz?l~@|-pD6mv2VtKmmS@Y
zR7QfL$w-Y=`&Q?74|VoQENtSQQjm=*=o1eL%EbHZ;u!6wGtnog%k;r1Zb8qBZa<E5
znQGqFuyme)_&3(nm~7I{y)5g<P*K;Nb03*>%B1N+_`QD3=<s2{S!gEDKkas0#|t*G
z;>O}L(CG`TVT?Ck&ECDVQO%plzR3PMg6*}YrM7pT3>R>lU&K<1=u>bGX0>S}k)aI0
zv`WE5>W`<j@Q(g1aYS~+{Lj0u0NwyOG$phlV9y0!)&+@KJKVd|P7>&mP1CxOa0EU-
ztkLT}5~?JwUSFDcAywx#mOK@<=k6uL2xjD?u8YzJtbpMZ4G|V+?CR@dWBeFJ&)!~r
zquytpqVvYFoKKW4*O7qvGV{)@j$sxWq~QtSr7m@!cuv8@OV#vwv=)!Fa{cs_j)5f4
zEKS8w8j%wK(>snjy^;Ic*AD%qxQ_R0!B;oF_Y=>>Q*3Vbki}S7Sp`WOYTcD^R*D4|
z{uy8<C1fT36mjLV2z6YZSf>8YjKi6*iOp)q-XgG?`zRPAt{<*-@@#(4J8uq-Bawc{
z{VArR;4-5I{GjMeSH{o{P^)JUKb-IHjjVC*FT@WO#^}cbqELnAcAv)l<C>iqejObh
zRK;}-!lz2UDR_aLFN%i*>}``HUW?l&74~Z#Jpu21Ei4S=p~^5a*3Cf*bzocWExx(%
z3oINsPuO-&k*c_Od@PFy|Me$Wu)_@k*k25?kRbUuRUO{!<6d+uzk8c_Nk#X>sWaIL
zoJvfPt08_XpC6&iuPvJLa%`m=;QKQ*>Iw70ap9K$*Krf@t$E&YMdzrgz}o?=q;H9M
z@7`1i`H*d|<L&eDS?-iaj~17L0l5ZPO$!jAx!&kiB(7g4w<{_uW8~#Pddp{VsbiLc
zQVkS4#$Lr;S=I{)Y5MfDm9)kmb@%QNutHct!4lKU?6x}9T=gP%ka($Xott&~`>7<0
z)65-apo-&2*!t9|945&H!L;tL$B_&=b~e5n=(d6JE&}-RXVE1h`1Qq9xYj|f5f*Zp
z^~Sb~<Z*XZzfJ{zlNu)m&}0~^8d}LBg@wM~>65U|+bvC#TiDErL)BmnTrarc#N;ZR
z%#F6+&ud-!#*fI>))D1kGM<mM%29QEjF|L!|K2e>s_Z6aajr~&Jz!`&RIJDgK}#09
zo&jZ%fEz@{F`d7D39vPNylq;rq3UwPYcfgof#2<NNAO~ss!efF@opbQww)9on&Wj!
z$+(Xn*Maw3Fafc6UDUQI{hUNL6tGcZOwsVzJR70#yv7n@Hk&0+C64_}%|%>+%<iWL
zocK3i6ozx(3a~IT6?-p(0nu(-qPCDjy7YcoU0C5bkNgUKIf^LO;zL7?MU<sPmigab
z)yf?IxB}~lOR+#uJq0|Ja+0>i_{m-WBOi`WPE@Q?k<<c$_JDZ5o&4IjWpYQxaq1<^
zzh|<zk{Wh`lEF*#W~lRF{{6_PBIKJEn86IPl@G1?Wj$=Y?gv(W`R=PtqrC4T%EG33
z*5+ry8G4)34vtTUh~ZMXNz30YzUX#+d)MF3P`XbmvY%OV^pR&b(RyT|>>t^xH_h%^
znLkdy$E${Tr5%A0iO8R0>7!8h7D-&PYQIy=bX}Q-T06pJt2hCr(!e2mg7wU)Xfl-%
z6t=Vcf#@f*O!cQUrS0`Gl^98}dX+405xeqihc<dn5A<h%;U;)hjA<ky;ue6a6g6-{
z`iW&GcmYtJDu$rlrUPb1PX>4mtB(#>z$k_~LG>4p3*9jSb~vA`8jNNwp`-+}bw~9S
zFS><k!$&ifQsJMb3|JAOVmnktOdrirrK<q+N0)_god6|{7{2Pk=nKa!wH*pV&H%+V
z;0?3C<wtb&jLJ|{t&=bCizP(oaDd^~NB4Ass_g$e1U+g@xA*SEFPP{p&P?5^Ka-*8
zDXKB}JBxi@;$d?{Usj{GfKYt?hYt+i<*4U&LwD*m`@6dG@n4?~^ewC5KL*znLF*>2
z`I}7phvhOGbg(?#k^46ANyHw%I9q_q@rk<Tp8oh!*+vuvzu5foK}+nhugI(=cCQ|(
z2goJ_`o^1}k{={5z8~-$?0rKM+rRw;&KAbsF!a=xXEe}atg8zr@6|3=ubHKEzy&p~
ze^Po~Qi{FwEm1yz4<~aQgSBhlb`}8MREj41pc%vxFxVUpIBs52c>39P-w1g~2!=ee
z+H2$&ON?JqDu)jU=GvGuW`&D<VOma{TxL=)j%?yD{l)*K*86~Gv$G=nL#tuaETNO`
zlAZn3@pOUE9uHMC*|4k(k#KxS2K_t)J1e}ncHO3!<j3+pW1a0Rw?=esEF>m6uA}5l
z9+%4-Db5ZHUY?M{(B;*<ey#n_LRGu?-_})bUCZ&Lz{_VZ3}(#@q_L7-8}|RD;naU<
zc%e}Ww~}DgeKj3^Fh*DPt~1!O=^D}bhnmfF73S<E&HLZpKNPwhb6)dkkv*&Mk>|Tj
z<Fc1!EOp*~SMJT0wJ|9MfeNODrs}b)b;{&%j!^`41GG;gR^IU3C330QAX5el*7!7&
zIBxCfY*g1K={cl4R7$WnVqF7tlGX5@4=3MWO;c(jG5Gc#x)D%3dgAh><&qG*W#-U$
zETr=sPo8bqc9aEjC|d5IWVmRy2GcDdmN+vPe)XoHo4!Lq$At(CIGzyw%Q`qgJ3T+W
zsa-U{RlHfvnbIsv%j~E58lRw%d~?m|5qDI-Alf)B*?=x2#zL@tC!|Y`j;xPXJB;-w
zcVv={PemI#@m5=$18<u?VFl|4j4cq>bJg#SiC<~UZtC@mn)g$iUg&=oV&!1FvhqyS
zrZD9b(FY!G#gATh)85)^I`#;E^&k!`%G&JcE~r3k(JAUD1{6tTpK!hZT&KtNoc}!>
zU=sfqLjM1W1OG?J6sQv3JK*m(YjJ6$;*)hA$6vrddHSbjU6LroD(^UG1zTBeoyQe$
ze0fioc<qzfkMp6BX9T~GMTW;XdxJ>z_*_M<q5@COQo+(hb7{#QO_fE$FQ=2E<<0}O
zJg0^P5;C98WJ@Oy434oiK=3{}12%oo9BueK%Or~a<V4-$^xyQjf{V~xPhyzqBc*a=
zh7XZ|5i6krFE<KM!pdnyFwv?CKV3Ul@KZw3<U2+W1|<iZet#`?UtU2q8Ht>AHMBgI
z%zr;6;AYrl>yuN@A8CUaS&JO?`$69hwXdxbQX0JT#<j>G0V2$Q+2ZTCITr|TBd7D7
z3O}U2nI4!_;4XYizJI@9IO~5@_0?ffb#1@WAktj|(j`(7lF}vJ4bmtror*AoNFyyU
z<j^P}F@S&y57N>h-CY9%oHfsT-gCb1y7-5g9c!<>*1gvKi+hN9pvA#ri9#56V#iV<
zWj_3A{FZ~!$zl{>dH(&~(eL)ZS^&)Dlx3&MUyGa7+YBGkHj9eDQi`q@DB*}xJ>L|0
zA16w?WqG1pVdPk!wV4yRg|(e2#E8H}mNC7&UTd5Fp-^ik)pAV!F#Kg#!^NnSr~VFk
z$kWqL<kUev{lB+3F*r3eAIO4+bk@Gv|6?6n<aT*>vNwKSUh-kPAuo6S%Pp?Gy?K$t
zp6kwZ{G#tk;#eVbl76*6MTOp1ya~R^xr1*xmH-{=B&l^AdiZUpx^)vEeB?BckT0@?
z5&sc8y<p02^fd#RGW4^2^k}t3tJ}Pm&j(y^lFl$70zu+InLs1d7tt<SJ;19Au=aPx
z&byI82kjZyg!C%&t$vfu4*HJlVAC!Xz;f>^60wngI%Ss#DdPry%X@r<c#wN>2A`it
zZT1m(^J2~R3R#6B*xCV2c?uY%X{h>UG!8g7njj9`dQ|FSP9BKy-xv=i96Sc5XhvbT
zsgDl7b5y}zbgYJC+>I0D51%hFW-s~S$maktEdp3N&R3g8cCa@%rNcdFzj#<>*`5Wq
zz~xpfWz*W=((*?*UysiBX2;01B;^2#^4ywE$(6YBUVMaF8uv&n1y5Ok_scn~dw!kS
z;l^0>Edm6g*LzJU(kV6}L8R|qBlmg5eX7SAlQmX21Pr(u`O>-IYRZfur%8lgiqwig
zE*O6<8$JWS-f!Jn%djfRlM2EvQxsl7$si6gRe;z4WEP_z7@m~{o^4+}eLsT%zM=3~
zjd1q>pxPrdmzBPR2zPqEZ>VQrd{CsESaN#mb9E4QR~csK#QdMF{wobT%`9OQ(2*<Q
z*B8f}aMU?y$ZU8umYA4W3bLFr01K8WKuE7dV<^#;!1bSu_X#&TjXW~#2o}G&TuJPs
z4mY&G^snI-6Qd3?lt_f2fHZLbULs-obC6`$C-O_3ub$7kmxAs1*v-YF`$=9FJc!p2
zKqslWxvxU)_}rLfUcf*y=5xMlGI#mfM&?^KVO@Qa(0uFhA2at6faYw06#1(sf7O^s
zjKNZHFGPXQw6SyWAVR)6NS&Bxo`i1fo>qL@o4W}kD@Yt=^buGqBTmpb$fT}!8=BFi
zJ%0MS<Jm%=+1k-&0#QKo2FM54Pz`rSp#ZxDOW8}}-5|4cN4>&tU{kjhIWeWi56Jey
zibde!-=3^-hY2{%D~4ZGba!`e0y46I^d5RJ3$h17=DhQ#3eAZ?a}%W`6ScwE1_mH{
zHdfZ*NG$vZP7IoXEZ`o<sU<d#Pzu7=v$&E$Rc2tUYmP5niDASRRbb!{Y6IMY;4Ajv
z0C?x<G7tS}a_+9TO7qbd#Z1Rj!D6GA(`SU@0FNT!CJhcW?hkl>DuRUPpYWww(S@+P
zkRum*`aeK?Q(t}Xx(@j>iABHZwZ)OGVh0y#bPIU<@kc+vq~Lof@)fYUb`NALv%oVt
zM~={^wVjTtqo}5=CpMAd4<adAa6N1llO8E@^6=olL{|xC^zJ2UwrG0IK>7jwr^QYQ
zlc6b@NLdHal#GU4%qw%e$SDA17fPlU0E9R+qSBW*^fICzK-AMm6OnEJJ}d8b%<FCs
zJS)T|pdAKH8?+<mm3wKQEC2>6TirG>6_qjtkD)Nc;K_F?FsrPbKAp~ilvfA9dJ6gm
z1+r)<rg#m+CN$5mQJRh;roZKSrL?ZNrWbKQRKxGK&V9OBlsJk(Bq>|db{yOC;H^jt
z?xCf@NTDJyP?NoUz|^T@@clhOFUIR>A~6`M+xWufZNa>Ebq1&q3M!7f=($~&hs9qA
z$nbyEn^sPswQm!s?c@Nh$@lnlunKUC5j`y_wudv2?{i>e^<6sxt;{%7ok}9)s`03=
z6FndFad5YNbqXA@PM0O@ObQ0`p!xeQ+C*^pIyH5o)H$^jNc+d(VPW3Xm^|d5U%0wo
z{!Rg=5XHOO3wSx8)7OQG4c8uZ+8Thwz5nOWdo&n$hc|}E;tUWA>71~#&eOmH8`-jp
z-!%+L7Xgwg5yTVG6k|-GW0p<`MN(1{$fIPjmV!c4o+uk?Nh4m~GnFSZMZIY`fqTA(
zURFS=VWC6rD1y>RNxa#m4*xUqjuN!cRC~OHFqCU+uEpCKbk&T0jHwUU8jdp5JtY7v
zoZiuLZ?9$oz0OhSM3#taV>$g7%y$5>V9KNr9R;8>AQiKw;N3Q%pu<kCRg9_0$XND=
zw#G^m{pY&?(jxn6rm-&O>`4j=-4Y?Zqy<l%c1aYCK>dHfV#9pkdq@`!NKKR==-Zn;
zHGtlfv<F?-F823GuUhT9w;f??g6L@J{}+pdp|rFV<)L@povK^TkXq!3{!WeFH2;Q<
z&#EJ5zj=iaHN0cNmC1_)&lN(&UYVMjK4!Tb5kPViTN1*IYVzu^3w;wYFF*M})zU~4
z5q~+VIoR0N0%H|zZ43P;qzLVB0dFb)5-arh7Y8avP=LAyTuS!45PHocey^=1NTL;9
zH+<MLGrP0a=6lRyIct~*?%gG|RA8h3ngrnr?x6^nGdCb&DWH=Po{)wcf0`6+;aypi
z$=kiWLz*`b$sj)hc=RR7PVOsqWi3hO;{ht@+um*9$0w(y-F6dW-<0D2QBqP8yDLk-
z4yLtWjk}i#B{?}O`_oXz32>NVHx}UzF|~vbCu+f4#=$A%_D1ae^GRs=3o|m@%(A{0
z2t9~-ysy?ME5RF60-ad`bXsOTwwYWUpmu;UjFgmAAvOLxJ*H(S!k*itzF6gb7dYoD
zd1d<#Qs=S#268|4sL|1yPbqC!Fm6)A%!;(QV#Bim-FfbH$SQ1mF@a}eY+uH3l!55%
zbIHYp;2Q3elp!rQ8g-+T54bPbDjQ2l4PGx0rFrZsfAinP(Uc+L_Z8(c^M2<ab~Fn4
zk~LY=bmLGV)8_A6F}JKa_@imBXFJX}dh>AWrHgR`y1`?koY;3*u7rbJ6eUo{5r~j#
z<H@jdg${FUptLm-yD{x1+lMQHJ)TBmY{8Vb9%Ily^Vh~TJS^Fz>7k91MlBZ+I^I!h
znF8P5BDxJv-7;i%G|lzYy3&+dgO=>lc?>P~vFVg{S7aEdxFtP7vv=|iBd%NlfgQ0Y
zY^tZl)Xb}+B7Sz(JYh{&w+#JE0q@lrBGeR#es|xU^m6%nZ~Sb*<vlML2YvC+SwdcX
za*V0}O*`h<xQ$YRE$l8>eTh~}iz$(qP`f6gVLM^1<=>aIP-#}+e?y2Q_<2|(@ODfk
zAH<xamKnpk2bn}&I{3E*5BIXI6V>)q28tvP9C>eSa5VSAGCoxKSJU1Sh<S|^BuW1e
zED(@3n%%xl7%P7hZSPXq0&RPhj&>*FC`Ays{dy4XbN3wP!c{OvyA<mo(Qs5)0v$vN
zL61k-hcI98T85HupCQEpU#;T%7{$Fu&|=l~<B+g71poNR&Ot5W*#*yP9;#7`KNbg(
z)z8`TrxDOuGWDpP$ZcvxDQTJmiDVm8lcp$me?V}F(d>=x4o*H5L+Ivh`ss9`DmfX0
z>ekjL;g_eprk8&wms=BL_`DQxaES5?IPz&UpZPHsh7L)+@Gf}(Wq3w3oD8k(g@5mU
zzS*$0I5uK;^r#|JY!725Xo-{0?1(Jns!L&eqW$fq8!{VTVSdzce;kn$6XS8^Iqz_F
zv@s}b;})jF$e2ugxDl+f*fPsEvA1<{PSjXv^j@=QQu(52)>WVKsrwW;&s8VR1>7(3
zL*ZiHZrZlS3ss5`J0(rpKVF`8Pk(6T7|@%Lkn$dP96tHvEF`dI6sJQ*h0M-(JiT7v
z%;(XpUBX)osdu1F&OC&h&>Ih96Xq%nNM}7~vn}*W`>WdKl6LH42K5SvH9$_|x4hFJ
zjY=sU!uy*o>blCOZf|}OYXEPaNlPDRm1}M_u(RQb+bH-ev{^;--PvqcIzz?luJ1*r
zvik={6&cv<>d^_}AWZdQe%8EE%5h=C=kU<eQ=0L(UcJMZ<((w6z_fkMOJzho)cjHZ
zQ}qygv<*gdug^o?jdCz1!z)eYe%Gfi%aO)h7fF8{Y1h2Ndeye!*T-q(avrH&(UOtL
z{j~*a6eg<O920DK1YwWy9^xk=mxiET$gqG$b{Vb5-+*@`f29g`il~)qkGcsSud>iY
z-eoM_dMUo={h1t+Y+?Ssh`*fQ>jiJ<e%OX+M=cn*%o+{|0_Im8qTtqHUykx+zEH1u
zTcx8(@oiaX4iQ7pMoF{B{Va7?<YQy~TeQlJRa4rpy>j#|J9;=m)*st?btUmz9U};K
zCdo;t`8R%L?5^r0ln%Ar#Yvl}YWccq!Cy})`3YC4|Io_wJli>Xaj{0q+Tx^U%f?5s
z&UUO)d$@7mi|6ex4UCxk6;Du&pb%3o)r&uFf#XpoQ@0^)o6OZiyd?KYQbp^Ml@+~4
zj@V{A5@E&gY3YFU+-t9rmnq3ZJO-TdLW`!)3AQH+#v3cgVV(@8w`Zo`k^|H74#s-f
zLIV^Hla0$0U>^wpGEiFnv&khPs~O;a2-SgxgyR<7y5+LvGcNqC+)pfux>#`(jG(xa
z?rHC}TAL%=9+9ffgN(l+jED}(I6P%C-N>lm`V0<16&>?~Jfhb0>D45PIF<tnyw+P8
zf;Pj!SuY61q^R9KDTztlu*$1n7chVK{;`cY_l3$Un>}_~nQg@+rmp2)+q1sR(CU{-
zZRar7y5z#gT*s%rL-z;5fsu2A5xygc8Vra%!3iwTK>mSn$q|{GZr8#ZT?a<~gMfjG
zm6KI<k7L16K{`hY=~G#CHO=;I9au9VA~~m&O?Hc(G9f>7`jH^fn#o(QR;u3&EcGNN
z!mP|G=}(~cvKPB@h-0RU=)ELCW~sf;YiR_WR6OFM4tg*rOy4d4n!;<)Rk(G!Qd>?s
z5nxL7sNo+VjG}d<jk2u&TGgN%^_wj#F7e`esQ<+NhpyRzqai-tCrdJvQ|hW`Y<%^D
zA=*RVrl*eMJ@#yO>uU`LJkq7F!d@2(kU0S6B=hgBzHPXUbhI(o(FeruE<qrC(2G|q
zVt*Wy=D9E0ztO>qL92|z*GeWE8TH=Qmv^73UBnJu#Az<41nEdUQ8637-f@9tQ2wUX
zDJtxSkZwvDX?9iZhERLdU2X;!2ss~V^|3y9oF#rhCgHoxIhcDZF+YDUmn9O0r$}*e
zt7K6=f2R?kp3`Kv!+y11snuJv8`5g){44rIA-fW8@<zRt-sIK7CB6a7JWawcB=-2~
z?DyIEW^iJe`s)mRhb@i+$U%Db)%=FjU>Rh9u`c;)XJ2T2V{k|kdwnoZ;jiK&r<JRG
zr|&f~BTFPT`1_LVb3bBBZMOF5elePVJ!>b@b=kK6>n-iCp?bSHvH>;E4{9)5D9P(c
zpAqQaP$T1IqFP5OuZ>~Y@bQ#~+m~Vl!M-`f9L~<~73~&sR3HES3yDkIuzJYNPASdm
zX(MOd6<E7sx7_OB_m%Sb^4?D^ShF<cM+pMjxGS{`t__!r-dLG1*DJd5s>z1b)J&C9
zEe1HWeYIF2(C(CpRyeqg*lM4S(T(b24cQ{}_}Yr`M(uHuq2MZ*B;zp#$nur$d}PT2
z#O_YBrX69`HI$McAo-+}A?%e`T2dl~v*cmG0%40WMIwax@!eIbpLu9n-*6#96f17W
z7ETb-B1%9n_}e#+qZP`iZ~nsF3czvZBw{~u?*Yi2lE-;;Id1W$FhjIAMM_yK*;qAl
z^|7QRL{%pdZp)T0IX|0r4r`uo8Cxs>$izqT&%b6*{!m?5U5_pz@L)k!Fiyi`>A;he
z9y3y&mYC)^nM53@ZSR@Nh|qz~uOerlL7I~pO-w`X{+XRrf*7c&-B(mnBIU;@p={1Y
z37|>Damu|kBA=9d98v1GAEhiWy55N<a4Y2DPi^dcWgo-1Sk(IQrUuukRq1SU@y+bl
z1I3-m8mdqPkeHQgW@o#*_ydyx<c5xtQVEE!3xQ@suWshqF$MGfa~Aj}bWIw(Hq~Rn
zkF17XBTG;P)hCU_Jc#0TP1sZ(a%TDVs3yR&A~ii7sM)`Twx~mB5fdxU<R&_>)n8n?
z`B0~+`619JGLn*t{2ehA%JAcN_gjo}6J)lIQ+iAvngrF)N_kC=O-4{w%G@DSQ0lJ!
z-@i)&PF_ETIKF%dwn$i9fTTMrF4+L7HD4i0jeR=rx41POU$yhQzrQerLrWJhtzh$R
ze(DR#XrbuIz|GImZRhiKw!of!8JTgraC32Po}z9^^1-yu%PLg=k)h;t)wNBU2PZ#H
ze@2vKz;yP_i+I>-h=ZXQiDx3Lk(9?hX<}F)1z4*+tD!5PydAV-bY?Pwyt27jj8@#M
z_!8^3pQk1>u)bOsdOzf-mukFF5npfCnQdjke}&-c`T&ll_YfzK@JB3#@<aYMNsZmL
zpNcD`6L;R4wz|Tj#Q{8nk9gd#soIRv^NkIvJf98b9n-c;1Qt$(A&wh*g`IlByr8nJ
z$_Y~qSC08fEHqj&YOA4tB<gMRTMiVDqBb8J>K49}tY1Fy57U3$g!}<n=pZaM_B6|Q
zY*Dzm=`=P}M~`*b^9|_M$7WsFFc3Hcz&=p!IFv`s0}1y@qT-|E60BRL@g7wYb&NRL
zkh(rET?|8XiL{iNV6UD-HROLk*g5;>-c0MWKWT>_GmNF?TIi}w&g`qNtBS2g+w&Ma
z)ODj$2RZpLj&Ec18qmabqJ*9zJ_<6mBR=&;kTEvK0_~weUY)3CU#riuan5B@myC8X
zOw-b3{q1a8I;Yh1o@&AAu`g4P3qWhei<F6Y2Fq=o>)od78|?=uzulZ?)AWd)ax6{#
zRO@(GD&uh7Xnh789RA&0qLEs;5@{bEN~s;R`<)ox=V1Uy6Bz{E9e(pQ?VqplRWdiH
zWPs^iHzj>%yyj_@T9fCSXui6ZHkZHR8l;p%RQF9amrSJCX>gwCb`H*7^BvE&cfhGl
z3+TZfR9LouBat^T$VN$9@z6nsK}VtLl@<6=?ra{bKS=_CGzgXaRmaN#<u`Wp9VU#`
z@b-d~Z4LAESiDrY>DBC?`dV?4cNbIa8kyG9(wWnTpM)G^H+`3TvJV)68*bW+y-~9U
z!UM0q^49YR^<56K#{~NY!JYVLu6MULK9d%HkWFsZ)qE;3TF0bzv-if+v+%5o-(?Vh
zDYx)Y7?ph)8p;u8Ngv+zINhFzLy2nBVIG_60RQ2)nw_XV>w%IJ_o#7k?G261Y@pCY
z0MhA#=lLS~v{U5uLffaj&@1QVMpybPVzE%9*!-K>SH{@mI5i=z6M@URYJhP}O+DXm
z-t+EAT>mm@Sp>30CwCZ{Nc|zeBGU4L_Qgje9P6bnm)>F<+rrt!%~FN<5x>}hT5!Y4
zBB&VLf801GO;>j&zx2xxW6-Vu3aq1eY;GK6M^NSoV1VbrO+dC)`XaZGR>Wl(fE$V^
zWdPcrsY=yQVY0hslR8_VRJ5#~fQy=HnXB==H|Ao4-UKKi%&+q{jqHHN*$McTgkQ}F
zA1zsQ+_`jyqg{z?7Gyp1-Bv)En|k`?q$i6j|IHaR=QfPkln`_Lb{NJnj9&+c=GUU@
z_NVIJ0tu-SJ>DT5$@=fy9aG8&1*%_P_dgv7FQP=sNzI6Ueq^)mFVVoDtZ5oZ$@iaZ
z$f&aw=MI~`#Yvke->M_{6F^xVG@^yw&VYc5a;V-eA~q(b0GKO=QNm%MK@$!-cU#tw
zqn{zEO)zeUyAY*ulW6)@{C(}U_g;BF>%2F&6dx~Rv-kJesY|zO`=NVhQXKZ#p}6ux
zpy}-MQCTrW@yai8QH47Uya8yq1tK4XDwWtcnV8Qe@dV6dOnM+ZD3NV6c5%7PF}h@X
zs{lI@v*R-KnQwa&?L-wRnaA`0UbQ8+Czj?02$;s(gZxMgj^tn4+1di|O1e<_VL%Uc
z=`_s1xowKQo|Nj(H+i3}ev!ah1HSB*fy;el<JLVzDn1P<#xmzjfkSuek)1W~Q2Zw{
zN<UsG2M0?6<!u5O8Ep0R;<I(2t#7sqZ9?jxU?udu^br(+nM81B@O+TsrI3%m;CYdw
zT9_OCLNDRI&ingm;{=qvmqt-~CtNN{`8$(ld#?M7a2Y<!woDYTxD7y@a{{qirBH$a
z03hr&Jm9=w=BIfz6Oz9CyI9-wO2+jU;b}v~V=6ozjfs9m-O4L_0+Xu~2T5dQe^mhG
z)5@W=bFnj9UbcKwWup|r;WL;%v{zWleUGuUeBOdWxM~cRMsfc`!Qt{3&WdFWa-I6R
zYKIvY8f_!pGI~r|Su*rMdyKr<hL6>jGwLI2S=tIm+~nl+pCRpKJ<lR`Vft#C5=t4r
zcMA?Tzv-7)%FKJn!F=T7VnOLaNs?ifuE?nEz`g+Pupnhw(HL1|*MvT2W8-?HeXE=7
zTjW~@a9A*F!58DB(Z#5nxN?`34r$ZKu`lc%!sm9}2G=H<8JMrKtv`zdkK>>-74V@|
zHK1u7WXh5Bs_E))UCq$O&IGf63=S2AT6U;VWIecOfi(f#Wl+2D5g_kb@aV4)0TnZ4
zMCWDkKHYasgF(j1cen3c7T_vEu5P&mWi)L1pdzDnAo_oSi@;~OwoCsvxzF;W!lTS$
zQH%maQ~=4a1dt=!S07>5p+r$ADMdbJ<BM9LKiI;}jdkV&is12II%SlgPM$kxLQo=c
zRWI-ko<HQ@WWdc#5C1bA4ji6qz{1;tL~{ieBaP<(3MExW!f8z7DC*G$*Q|^I_qK$x
zjpr}<aF={BR&{tpr_B-l*%Um>5GD{l9wedF)i;HWJR|mafW~S(H9PU|se4kE!_SDH
z@PRX(Es7vE|9&XqiO&sG4u@&LS`xzc<^=gRT5EVmk8<>xkg~3ZPjMwFVgrYep_EPC
zXl(Va?YZ58Kk!v=s`!0z+O&EbnhsJIJi=bk&Rxw;E<8%L9yQXs(^Cyv!N7FBp8M0`
z=N+N{wj%=Bqn5RL;AEO;$sm<Y`=>?~m7X_Emhn=Dd_@KYUPVpzz@Z1+2AnMH*X#tY
zBS@l-!rWG(ky1vDVo-z08Q=?>pRdhE9pl*7Vm($nIbK}L=KT24mrn@^Z0=Z1)i?dR
z%yDE=mDQwEv+-jjQO2EeLz8+o-;xdydFclrl}SHcGd#$zmPb6VS#Ec+Xb*!$vm_kr
zVw&ezc>Jz|d=ESZnlJ4JUbx&Woh*9?z*)P@06bD1$_W{5`~YKp3k1)Z>a+}4Xx_xQ
zK2MqACQ^ptOR94Z$ZR{88*TJ>2R{j>zS)(OmE2PA{(iS^H&w9k-2C$6?-jgUEL1)W
zIoN+aktwNpYc3N<+r);q_K)ga31m#B;MiUrGQ`IGaeL_mn;>7#eUSP^vbLJKzi!Ap
zqx%MFB?@dXs7$5W10sBXWRJ;+D5XSssA@5rPO$xyaA1g!4D-SqC8K!_>wDch9Kzgm
z_0{$S_LwyBY9V7ZFddR*3&?m^pLdc8D)SxVnJzG>QiD7+4iXHH;qX%BU0rMEgSW(`
zJbT`viL|f`(xYcCDY5ibv;k#+&9$YbcN3z5WR4rG78t=uoet;b7bC|3112$?1nk<8
zYh;b&y(;P!b1ar0QhL;4U(a2{6+`a6s;znPeQuZX#=LQz@?mB@W)sqS#BLS3@&?ML
z@*#3{Bu~L4miSuw43|MNIA?)gMw?fjTeJ3%y;irqZG8Hm<%c3`fQXbluYCXY->SB2
z&S6uKsBSL$zSjlQj2jPAf^Jx<KKZVl?@hj|>JwgG1>Uzuq<Okv*NXiQe|>U~)=Wxr
zPiMx@*o%@-<EE{2sFD`Q^j|`S1&{xPLDvGDK;dyqrhhAvYoV)=^7;?CTrMrx@+);X
zo}D$pLA{_@cCkmtMzGA<#sjuJlOxNKQ`NUy^F$p!_8Tp66tlu0@vr01f5gshq|Y+V
zqgA~0rWmS$sQ(-ki52!E2~_>sklY7VjN%>U8lFEbkg72|y^l$+EDJF{6109<hr7Hc
z9nhB@^k+VtDzD&R^44=8L~Q}!F>J>EV6R?}wss-)tAQAm&nHW*4t(IPZ4=($qx+aa
zg2>~BPKW12{CvLKp~coDZ;HLjNj4q+p*3~b21EdHG?sdB72ZysE8^im8tr=0@|~+o
z{4by`r9ZQ^Pb3z75kK0$Z}RF2{|l&enyCO=is>Z%w}YvT?>>uwYRPvT#G7ui;Y7Ru
zCAAJH0w1Bp5&z`x>V7m|oABx1!0}2*c$kFP<0*(HEyx-Wh1%sKqgs#;TxC1YG0}4g
zoPrA2cYx*WC1C_g*mX++CQU(@VPPs9vyl=w&8~LvQh_i{8!$c4`}te=uBgx`+&*B#
zggcc2g3;cVQMnNakk?f0;IPA#&d>Szr4<QR+S(rP@<j?V4KeE*bhkDa^R)-Bshkbi
znCY~IQp<1w&8~u8>i17Uj4c~ig--~}pzN$d>i-Y@lQ}r`Xd=q7_ra2K{HVb9sr7cR
z@weJA0fSd_R7(W^Z$*jaoHq7WXEOXBfxRnoR-(y~*<vW}tg8IpJq$(EZv=>Gt+^lI
zUSgBP$TVl&k4i5QJiBssK?C>bh4h24m`XY<4`c267U;~cnBn@Iq_@(VNWENMKj%k~
ze!1$8&CyQ`<PR;3yg%EHeIzLBmgBq+g1ZcA0b5HyOtwBQ_w^Ckx@R$@cDAUJs;^L>
z?SUCZRimgw!8mNc1*9223B*9nRg|~Y3D{7DXE2-?|NU2107QOHr6@A+oQ+K2ISVMC
zekMEt9Lc9e<yvA)H$~YROnfuB=Z@xJ$%yF!rd(@W@GhCB_+~ll(fD>GK>6f9>;;Zb
z3%>m74AcVj6EzihkKnI_Biv1PtQ8j<Rp#~{t_tQy>xeq=4Y4+8!2{0Mv%=VQ^$9#9
zB*eAYpb^I3wH)e5r^6kNFn8~vMFUDr{GY$vt#O$6Y4^a72FP~Gp!>~v;=G#wHUaPE
zToXe_@!Y^)N1Tqvuo37(jd~oI91{;u+<O8#CE%t41rBH*zfD6m1{6sKC2RJ=P9FjT
z1QQ=$0`RGq>q6Dg-028RGXM|wt>f()leH?k_xeAdK>|#A$B2Wws%Q;luj92g^7rxa
zzY8+GzYnVYTI205!t<39Xcd7+=7HOHr$H~wJpX09EHTeV6V(>LrYU~VWlda*7Ex#S
zLl@}F%K-WLbd%s)0Zs%+TSmdBPQWBr7|4sUEl1-Ex@J|C2{`+o%gf8*VYZQ4C%G)N
zi62!F67xJD2h$1ssRM1HJ)UTn3UMt*1n`jSxw*lb6R~k{pF{v1tuCOe-6PQIx-Y@O
zPf|M%|9<CUV~awSD-;kAcs~=_m%xI`vrw#_@k5kkf!VOH1)UGfXn&T&UMeeXApS-B
z*@cNpLn?HNuoE6i&9Go87!p3D-;}`3OzJeU3Q^2{`l=A@??=IQS<}8hRiNlo?Jq5K
zAa&sA2#LrDGs!V+bYgY^B>)RZ+0^{2C~Vg_JjlU(9FFb;#Gx}vzwoNXwl{V;k5^hO
z?Ni1B#L`CZV5R^@zS+m`VRzS7GqpBvFG;-aZZ5`F5@o8LnB-vOHr=ZK8A(c{mom5S
Yjg3n6F6+QgligEQe4$YN+&c3A0Bl(`jsO4v

literal 0
HcmV?d00001

diff --git a/doc/passw_hardening/ph_diagram.jpg b/doc/passw_hardening/ph_diagram.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..e6ffa8eef1d4b36f019a70b542f157facf3e3fdd
GIT binary patch
literal 30903
zcmd422V7HGw<sP(#fFH8bQ!7AM0yjj(5sY$4npWv5;_Pv7HYtN)KHX80-=K;6hR2R
z6MB)}d++}^>Wt1e_ucpX?|tvxonLa+Svh;{wO89~mvhp0@&#~JQC2|~aOxBQaEkB&
zoQ$8ot?=lP@na1&Sp{X8KmIsP1t65uR{;Qf2WN<e+{52=boGAwiu+Maz|f~Z;D5Lh
z=x+CXr49geasR{r{~79nnK=|pcxaXIb%qccCopS9fUjGAgWbQvrr+S;uP{VQ;}PMR
z_XPO1<xjBbPq3TwQ)j|6^<SR{KZSgShY0XJdpnn}ZGA0YIlgS}0MsO0bqHTN02H7B
zkOMp<!2hk~FL^p90RSRf007b3zi_5806@uW0Dx-XFC6oG0D$xr08rfa)C6Mk2Qy~~
zzo#uM0D$#$0Dwdn03dG%050nPVDzuLf9c{s=<9EUI&_47IubsX06Ty=;5UE*zySaT
z+#x`GfV%)*fY8Yx;1Pi6^w;wBmxxf#oICTioIiK&?70i)FJ8QG{=$Wemq{;QymaN#
zg$pEPBv(kUUM0JF@$xnDYgfq$@YSzGPJOLObmlyv;?+wRE)lT*W;yu;AUl6*f{2pn
z6eHj?*(oBjQztb5dV>0hPW@4Sh~OOY`Lkz;E}Z`QxBgYYsWYce5uH6pdg01BBEqwP
zQ>Tf}oIOWOcI`a*b&6Xz7zG|^hEwtis%rtYAucb%qVftmnD|VboZ<PMcq(RoVUdR*
zQ!}V*L_xQZW#osV2^Ni))vS-k3B>6L{&f0l<3Cy^*wUHPM8s#$pCkPHfQ;a3r%w}Z
zE}Z__GNBNfCR0Ci?fNa=v**b99%z_+;1_gyk+(`r!6*dz{Uy9gApfB$G^}Hc3B1O9
zG61+tsCJr+hzuYF7>$W*Rh(AzU@qZQ&lk-C8)ftqQRb16QmSGX8xF^VMrgqYy+<5c
zc2neOl#j8bLhrg)!Q<U(oduT6zvn;pV?@B=7!4Q1>-lV3BRHpf1X&~Au&#yDwo9OC
zhchrO6KCPJd${b(VTwnx2l&6nbfFLUd_|Je4Y$pXofJJhl&r+C59${ugkjC&d?JS~
z%_!#LfyPLV9+h?ZKBky$Q=7CMUduPka57+=0@gPyk;9NosF@F;S3j4n5L5*oG?Hg7
zZnS9*h9ZU7dh;m!@LJkDmoN>{c^o`q@N}zw(MQf>pu@YPb^32;PXK!Z&c*k{y`wC@
z^)Dpetv`IPmSeVfB|SOw_oDdDeZ-lV8RHPvNt>Dx3&ppkmV#|&XmH0`-b#pkJhP)L
zdIp{)$Jr7&y@?|Qb)?3-a2>NiiUynS=i{bI=;dwXdz!IXD);<xf)x7Y=y5M~VYq5Q
zBZXrcM?$Lv_RyPcn{~;5!mpKK<I><aA;^7WCF0Cbvh$RfnuD6me5vk7{-VOI;4`^E
zmsxvVOS&sSbHDq$3B!$HeA<HI>OhJdS=@F|qvNfYrk$Oh#5|oD^OvuXbGxySxOJpT
zECBnt<+z00hfUr#qsPI<mkg@|w}7%}*G+E8B`0ZcWu2SF@jYQ2Ih|858F27Aj(^ok
z@|z^+#a0T~HUb}QO}DdK$vfqtNjc*iE$p4|Ik4S$yNQ4>(KGFWJQxGA&FrA~Hh3mR
zn01F!FVDMpG>>XvGpyo8kK4ND_-Jfpz?)aRhPCS8h|tI;wpf8hh$tCcOs?`Z5C(PQ
zm@RQs#*zWaMbtu%R@cTtmbvDUc>Y(1H|l;-3%mV;#_;=NJO(*xBpLib-aciA<Ptcp
zRu`XyGYpgE!|hpshk|wRMm<HwnEGtn67e@|QB#!YOnWAM)70v!;7(7~R$2y<sBtE&
z1ZG9)lHRe<r0EzK!Sqox1}MD}haGH@Y{@28!{980!4=-7B2INnvMV<zjPle%n@<2W
zg*m_Q!@)d7n=*-iJlD7n)@ajcO<7jG+znhPeT88LCo)@=?TEoFiQsL{R(Llsu<_a2
zy$=EwruPIQoMO__pyE+o_`P~lRa%j$csA&cJT}=)&i8cMmf_L}Y-u>n*<LalXPPrw
zZFw)r*FqiAyga;d0>Eeg>MstG8dSQj_BZh{1;YkImlw_OQ}IstFnJ&vI_(^;Z}wQW
zl|sgOU9JY%9U2-Syh_~|$+c`uSE?j$me%DVLF%Yohk!>+PKOCUO*SM}fGx`+MbWZ3
z-ZR3l>xb8A+1oJ>v)q?)Y)h_nmNzBo+^4uKw){WWRlVPL8MRQGx$eAB(VW=It}--5
znZ72{2x3StI_I(WWNv07l2_}CnR}pSiI<%kU9m_BhmaifY1TTE&T{Rdwy&G0l9gx7
zfr!OeK@WRJ(?o9Z#??Aqt17{5+4)eQZkU`LV<V0+UzkJGOPx%;>6KNf_iA9JuVo$8
z=VGT|k@S?jFCRUBVL^5M`9LJ5zpK!Q?SXZDKIN9fd%r6S{8jY+DBfmh)Us-kuF;k(
zdZm;}on~pF@-=$gDn!F|J=T-C*;>hC2?!O;u<oj!`}n~uUma%@hRxzp%B>&p@AeDw
z#t!X~QQ=21e96*X4mvQ#*t~!ffY9;q#yf}j4Y;sfmq7<_#XU)=arrlA5&Oni@<v&9
zF))1-t)!>#Cvpf9CRTe44NmJRt@R@3q9e;&u?^FivMH98pvg9B?X2oJkgl?gi?n5U
z5!fAERZ*y^58;oF*tp*?&^Oe}fh-E+H7qBGV1yk7hw{>OlN<~Jlb8m_P5`_I`Ds|e
z)@%_l!9Fep-8a88pf8Zsx~EI4x6Rq>SyBQ?I|1lKzm<sFwQpNSY=(a>fwFEj9R}H;
zB9z+(V0$u}FV}|hWCW~TWO)5Zp97?HHvSrD{;SaS;T4j+qlM!Lel(&_wy1HsKmk>-
zR5uqRc({+|($fmjrxY!M;SHLUqn3F&`*G7^!tzK2yxC@1kkwehBB@@vXkOAiVMij=
zVrmgMI=H|-zHI#13n(@HXvU`SCa~SnFe!)v%wMNr`D!ho8a#S)&S#y+sy8Fe;^WaV
z*I){UXL=KzTsLVlU?@Aj+R{?|TCdbWWD%9Gi1yxQ3)7`Gb>$)T$zw8r4NY^PHyTn!
zneRl_E{JUw$;PBhqH`XWy~`^VqPnXXVSq&E1w~q$MszW*D(02aFG+uy9v+Q#!#sPi
zq;&#_A%^U~9LPKY@KLLHV?iQ=IX+Y;fQgA$3v#>A(TM?n*hQ&YhUL}I_hMYiU~5Ww
z2jX`ea)KBH_Cr)2QN)3GS2f?~muu+ZITY@pF7pI*^6Ix@A@x%#4VcXK>;`f*&2lt^
zqDUq>wYy*0N1vq1(CtY|I-?q$oeW$<e%PFWsV{&=lo{&nEgSY-L=T24-fts)n}2tJ
zY)-%^g<JWz*+O_FhQ{x0#OamZSlV1(I{{QukT9?<MjQqS%4YQ5HR^U16q0&8TA+EY
z2q`J%l=T$<``P&AfU-M4?FwB3G&E|(U1#)M?qqLdx9DPbA1p}*_Q{4s!5<%$*JVm?
z<CB{zK&lm3ClA)W9Gq1Hf+}YFdWQ^`2PKI|b>GCR?Y(v5$&f%MZrno0de{UO%@rB(
zo&a*VScPrIu;)MD!D))o;mEaovB&td&TS8P4|MKu8__Me8XKf!?6PQ&)uMOJPl1=R
zC&iv?B2TE3-8$&k$(XcR(UOq~n%ZX1zM~)d7`&Z%*)!<YE7!!f$vaP|1>9`1Lg4gg
zc$>&=8*AZ9uvXnzn3i0z%*a&P!QZ*+32ofA4zw-+krCKppcC%;OuzfI&i4k;pu;96
z1}!yw0<c>Nn=A+l3qjUA+0uH)yYDA!x@m8fn%-6s=bR{x5Kn9sj@M>Bh``2R{d~4Y
zF%mH&s)lZ0P~UP>%yK%@i%Kl&W2rDGOR4IR!)YU~H+^JvWiuXIeE2uDy%`d9r1KP8
z8$Q0Uh(7`F>{%a`nTLomkXRiZRY>yHYq=^Fv)V(@G;}0^dgPQjQ$1Jp!W1D7w-qk+
zNGpU@_d`l`Dc`W5Xn5TtEa2FZ7ALycb$6HytmI}pCzj}Sw=V3_Bf4mFg-+!l%bDcJ
z>OL(`A*Cx&U|vB%xt38KtN-5_YARZ9X=daCsxAtvi|^w2gH`u%Zo9c@0*dav<dru|
zT9=ylgxR=Y_S6Nz=Pv2D2XPi8IB^)&e<?Nh=#e+P*3g03hC+(y%R?0?U%RcyF(PkX
zmSZ_=y+rYQt@?n9wSGvaE<MxR$kq!62XA%ZW_BH`I<_Y8P_5B&X4`O2Mt+~oPQ#{o
zQk(R{`XBaGEs6F2oRkyXmfS|?`}x><8;prM0fdGW`eOSh#x5WEh9@YnH-&T!9N%-X
z8;MIz6J%8KpCiTS6*|E3@kSn*dgkCs8_ZHXHlload&PKztsyeCRJ7TgM5l;js)#kQ
z?O|<FKDX7Ht^S)*WMkm56GxKM_S3bag%a1<J5yW4MViNE^xv71mgBCesVzML^uMdA
z+jSdz<&}KpLfxYkxs?-u567q#LS%V|JsDyMZTAXmtBw0Id$^+TB~TWszl*4<j2o>T
z^)!mIHXid3ns)Y;Zn4V#fKSh~9%*ZAD#^_$Qs3e$0d>EXEa1Y;ND6OwUxQ}upn(=M
zoSM?#o$9wAvC$B9FVDiiL<YG9F3_;NH#drNpN>U!aG>;Tf}d5iF`RS5G>9weL|NJg
zJvN*jpb<^N(5>>xS@bh*AkwtPY=w0W@}HJKcubidM=p|r1zjoL(<VLXzQG?>x)f9}
zX_wa$>jFO-7Y|qget|K;C=AMj)#Qu+?o7hj>-Ymhk|viHk%>1cYdA};`NZhp>-Z#f
zP`RLHXi5LXm!-v-&knxMqbUhwhUCx7gA|rVLt~xmgY9gvy%5(G4J}tyi`kMwRk<RE
zBYqWQo2T(z6_zAz4eLdXcjjDx(i5~50Kkz_%YSv8`sezm8t^&Zp4$A(jv&m(gNwb4
z%UW8n;S7tAk4;|Ij&0Z_Vf~^`S&_^+F$1eEGTsnwz00Y+)Q<MtdppmP(R?EV`Wwp!
zDhRIW?5z|x?}0*Ur5{K+1M~92l9}OcSR_=kFk}S*ddcpB(;rmwc{Xab5L{9md3aFK
zk>6_B10UY7X*a*~qeXhB$nDP2M7IGU-RAvH@e2EYYErgIG*M5^tp)YqUFih(Qfj5-
zO5vZ>`z`qw<d^q~tVH(ZgzqGG;raPL)f<E3MsOTRwo5~!4CUfywULC`KUpz#T28Vt
z*R=}a;%5E0It~s`AA#EmKR6K{EFknfV~)noYHMCaq{xad>PM&kln;NurBG-#6LuQ^
zzR~ap=VCutvMY%Bzap1(?1jwykIh8}FSFImIqSoq8qHI-C7wqqsxV%v@x~C1!1+KI
z_uax>$?KNSVu6eG{vna967>m@Thd0KmqDISeptsjgT^U{)6^Zgn~Gg}{gbjqtPn;<
zQ7`hsL5ER=kS#+_MHmgE1#fLe)xXN!y2LyV|NlzW|DYOLuIXpi^rJ%AXDH2d7ewR5
zin3(8XD{}_5AcSJ=q+tg?YaTgz%D9PQdPn*9asQ3!}miBr=lSJb|^@R-cWp@bRHuk
zbL-+t)M|q256j@T>q0apX!*wp{*SZyzXTD5ZV)`1H4-<w9gSF<@6(WhU^*RD4tjlq
zdm(LdRO5Nc*6<X(K+Tgl014;&A6@@`y&{`?0(e#6ORReWP{0`pUiszrj@1y$1SH)k
z@yV%;1b5p9EQo8xB1xv@E0AT`B63e;PL{u}hvWNOG`=?Ppe30ycOu)y^ZH%1YRnz$
z42$xWs&iEBvm(0WYH*kqh2$VlHcLm7L(o8vQ0+%^LWGw|Uu+#H+M<Ksf5#fpHr?mn
z9hH(ycf6HfdL8CP!B9Po#1-;&XNsM<L7z9rzOcZqd*cC1duPK<MeGM#GkBIGrRYV@
z5{V#8iyTL~cO4<9NyWIPJJ>71yQ1l1Y_i5pE#8zjbx+~yjMy5;S)_+ehalomW*hW0
zPZpvZd@fbti&RuO6RcB|5~_#RT8kKo9t29r;BPEjNvOZ9nHlO^i?It-chSElA&je4
z+%}J7@nl@h3O03=wn2*O;bWp-$?$`Abw1_r>YHbVH{=t~8mg#~-vJqL>0<V;bv;W{
zoc-ty&R-yrldrWAZBKI48pV3vpb7~10#xp*0h|$VZL0iYV0i*4*>7W!);1qqy~BS3
z7(B8JOK$Wj1e`iMD11oHGsXLi<1x!ovEweQaii(J)_bJ^DfKVwQE58>BG2dNZ#vo(
zm~P$FRvq7VL_&uZuJeszLVZMYABN=_#Yb|>Fh$S=qN;1R!acX?sfwf0>?~JHeF`I4
zd_2P)f%!d*_k+C*cB8j|GII5OQ&3IFw)D~gmJCc~o~Z#ke?`rXs?0%kku$aEY_Jf=
zfO>=FSV-lAR4LC8@W5QyXE<`3DUpuH)X5bKHOMwA{v3##T&^9e@M)!_w7)%BbcVNg
zR$yjDU2nV8EO*kT+<&I-QeT`QdZ?FEuie>&?Nd;tl{?79MbgFAP;Xz=_Uf<=ZyZF7
z3c(a9Fg}!#4RILBUfL?>fBkll%Y`q-MyuEb1$mdtdChFy86ndSlB;fr@F?lG4-f&v
z=`!imfJ?H;QMuqV>RMTky>Aa^hNYg9ef>sFuUjRSS_eC@Eh=18Uy+}blnBxB+aX=e
zKD1o*eR=}8IEn)sgY>!f6`$qebrLl)ebg9cKP=pf{tK*|zyIB5h}bP8K-fLy#FVsb
zzDO|Mw(?!WzM@`-dsE|->h*(>`={(Do=@7Ss60~oEbIMBh}q%MEo0hi4||X)1yZk(
zOY`ybJZYKbzNg{dt$j|>_4Wg}Ih6;99Al<)j2C8wP~dV`g&V?;h|&`T+=M2FcCfDz
zJIMw!g7tkd{^r+P49HjS=hJG|o8;2F#P%CyC*Q+d+#QJSXRWPh!C1Im0tV67J?u%^
zw`C4C*1f(lI0zCa`@LHfrk3O)d94+ZLxL4)BEu&PwJT1UK^}FaM+zrlavVu%#J#l3
zmmIbW*^-g&T#p}aV0AnD?%6^Pg;u)5&ssjN<rd0Yip;t<dQH$^duO4QkW^Wwmp|Sp
zu+c_6$uEskU&Ml*IQ3<DtzU^<>}&9t78FJ?*?WayVVXrE@a#h-J+e#<chWd=p&GJ2
zQw|{zQwL?&P-fZwwHm-Fmqng#yU?A*qiZdk+^_dx@Z+PzB;E8FV?E={g4wz4`v6|M
zACb$Ps}9-g%O1Y@ZvAH2Utrc#A5}CTK(0s#Q$2Stl7aG_{p%<}a5Sug7g<jpkfp!^
z)EcuCWmaENS*T_55_Z&jDlOeQEC1k3>yjdlN7GCI$7Zpg{#YR(=PaT)uM-?|nLC0m
zTWwTm+$#!7NARHC-rRMiVt>0y=JeEJFQf~%yVDk*reU2p10C;YlMrvO&X$Z6;Ft|E
zSqEFrqm~P^vh2WfQjxXr=G@h*Sc-Kwdb^pe8gcBgC|k!2ik`t`FO834P~{ZluA7^!
zhZ{m=*K|BNidi}F<XuAnWpPd>yu2bxvlmyC>|@iC=e>jr@1%bMyIjosm=&qOE>@mi
zj@<1(7--Icwc2o$#DmFzB5rFOf_h$dMbMquTGp4{yUiA=n|<@TLGfqtmU*-(s@Ls=
z%wpn{$ajHjg5qQp>OeBE9(7CU2UEa>CzM9jN3!*V^uDcw{oz8NaYjGGO8-8~Gd2{d
zQn&>3!3`@w%JwIM7KmDe9!7ZFU|$prRlAlD#-35G;Z|l{DOW^^!bf5wTCPuAIRWTT
zJd2@P@OCU<y7j(1S3R!Kp294~r9!wL9#Vok;Nzn?S0xMiFXEPMhSDTeIAdUu(P&r6
zYDUlbypJs`y%`b@8hqr0XW136{LZ!P7n44Oh>*S2(*4oGMne2u*Shkoet5c|3_P=3
zCyZCWa(u-3`Qv~pBkQ=xj;znYouY<-LoI>#iv7xkJqrpNpQ&jIp0Ubsrj5)zMM67p
zFh@#L^rVRLr-dL-p#<ErRls;QNNh8;TM2^7kWAsRNuDs3FZS5s4Hyx-4mLuKqSPsR
z0ZhO|1;6v^vAyP{o!b%Jz0Uaa;ZlxF??O1%b!>HgX{{T|1DEgIz);XKiIg}%h3`yy
zhN%eWPpQ10e+EuiC`BV~X?R0`-9igJ2_kdVbz+L`s(mR3$won~c|djYE{E~9Gd9(p
zdbw5S9R`HN;n?o$LIufOW;1Y`T2-zsZPmR9cMSnkg&Oo|Ki2hVl3d=z_4V71QgI86
zVZ3=R*%!+Xl5*Uh%aV%gLMbpfHIZ#!q_*e^SY4!_hRHnwNI`}!dm#d@B{R^ZlIF+7
z_Alqu&A2nQ#}=n4l&0ZSFkZ2N)T{Ox2RZOoa|#Tjklg(lUWy{UO|P9b;Ub(LKt?Rp
zrN#UHDJ~jP3u-&4vk))6y?>?a2|#x;J$tR9IXH9M{seFqTzOQ9_h4ldpkWnh+SE(|
zhMD*5j#|iyjnXdG*IThYNfs3f%=g}|dYft~t8o1W)sC}&6vRjHc3AfS+o8}2U?q89
zG0R!qa`AJ0mu>9wgeU-zflBMAkdQ01*UoT}_Nbp7H9wCOicG?)Ug8R&u*;6T*p-*h
zx;0d`pzX<#ZbN5~(CjjWo8Iyf=MTqCavF!=C{?tTAsVqX`Uv$<czY>`*}wPBv@$M9
z38OB)w4=j|e^ZauV&|4g6;y#K*|NOoFV?5XSm_I~D!R!eOn=X`h(d%uENf7HK?7H#
zGh9)&q$RtGA@gcm(V8PsKGODFj_+UAc=G{c9rh@56_ch>+gJm6D#fIoQnYPmW|gJo
zVhz`PO*5Ue6ZM!TSEm0pHKOlX+z5}=PBy<fKX(ikVh8k$MK0+T)691iv$(it6<2z1
zBRS+-yHyW7Z|*M++=*zl<!~>Lnpz+3P|@Aw<2A0UQ)FYIdIC(0%MCBe_M$_7dA(2_
zKQHQa=`D%QqL^-cSLMuc+%x(Yu92NO_5ueIxB8G*HJ$5+hsNt@1P!sZm987Pr=reb
z;w-NcR%N$kC%uOJyO)5Phmt~vG-@@hf+hS#BHGHkpS4UOyWO>#sxb^N>-KMZmj0ng
zR-W$0#34Dty?o#8R-@w%kV4eY5hMQh;K>1w2EIQ62)!eWAO``G|35gsWnJ}teYDMr
zOdex;qsHp(W<S6F<Gm9=O0s2I-G%Xu&4X|Vd+jQKIQE5ol(hc96$EZ>er?d1Gp?@h
z<9rk-r8%3fe$Jp@ZyHm+d;%yl;%>xZ<ylefo{i|>AdBw8H@1SWx-fR;Wh!wXy^Emq
zIzGb%-F$9;2D;TEVW&00o2_RjwAXHV6H%wJ<Rc1{rP*m?uN`N0Qfy8ck{4cP=IVA|
zDAtrfMdE8;gvx};bIZNW<C5>Tam$7Wl>_wxk;rFRc36p*>8Qfx8?eK2yRvt8+8ZYM
z+Dhzcnl5X1hS_SAYV!%$roh}*m*EXN!{|~#_si7GN4ECw7TnBSB*j%HV%$!-DNT*l
z@)k!o{D!q(6UDnpG++X^B^F&bZQb#xYM8?bU|WJEw&cBw5u(Pf&6;ZHjnXMW9m7mP
zXAiLrl`2eLP4DDliYm~!V$9S*rEzjI=nILwnhJ=DNsm(k(X6S%FGeJh7Ox@FH&T%B
zDnM*`sEqzb^I(a?u^VX`qGUVl@#POlOKQSc?_~FgN%pd;tf*ZcTA{z3awJmwtLmxc
z?GROv%6BE33Ug#1)U^j<qADE@yQF35-~KXgTp$>X?$Uq%V3NGv7}7Wl)%N5Lppeu^
z&|G=DdLT6_wfS!M3Td0#Riukgi=ahickJ(5@!HW{&fwIWJk%8D+TkU-*m&<SuJ-2L
z4s%eE$PM9VO}-}pppp(5Z=f~OI?hDp%eFqeM=Y5Qxg8$VI-XV;Q2S|r_ejkqg(pEs
zK9Xv8uFsamMzjHACNt9Ou+_ffd3k(&@Il)Y-xgFLccpH^8a!S*PaD0z&c~`43R?xn
z!@M*DGD~HV4u%c=WkoM&a+^|7d7uY3Q`!&YTiOEp9c(#YHgw`ZnP3VqEgePJx%ytg
z=7erFX&cc>&pOr>r5<rUdjxn-A*HKtDa)!!RG(uWt`Q`q-c{i;(hZ{ubJTWnbr`Pn
z5IZyGcSc41o{56hqGUUtr<$}KVfnV88J!TM()7?fQue6v+9N)#p-FSso;<D)=%lT<
zQC|mb4R&YQX3hCrn~Mb#XJCNyO*C%OYKChlFQQ>y1Z}d<xu`g^>G@2^!A7p;_y&rz
zW*QY=-Xa4LfAqWHttb`o)sWu+4H<X1{mrbZ0_y9yBLy48g_90C<JqvRs|Gn!+(%?W
zraS!+OQ$hOnCJ$#t-qxeTZAD(`Hw(T_lISX5Pcgqlm{c~MBVkR15x8DUjo%v)4Y8j
zzEo+s5y*DgJU^&F%M?MTA~PReKB1s{z1t{Ld_>^$gUyP`(RtD5M7<h6@=td`;tWxq
z`st&y><_n#^f)8ZGWj^_?m55?q9ChC2jdjv%Hj%ebAjHN!Xc=&GI~5h1XI57xpH-R
z$Qq-JuhKh;MK`P5o)!1;^Bio@+Q^W&vQ-k6IrF%;qq`$-Xw~V|;HG%bh+=yDgITxi
zvIsS?m&qA@%kCo2m-guw99cA5Khzf#v}En*!W45SJYS;Fn^U^_t<J5kC9-2{tE<lC
zCjdXcRkDt5J2!s6X8OuU<@S?EkM5h_n^Tih|KDom{SPj_61qnokMOP1A*}v7ZW$?r
z+=12VS6i35H?`QPk&5DAuA58nR@Kp(4A&sus@b-y07bI+B;U`D$NN$#$R?CjU=V+B
zWL!2h3Q`WUEpa5wq6vF>IM5H4tT57ek?Pc?o2Vl2mEZnFFrSk%QDDrMaiWqR0%>2-
z_uxoyA^uxe9>LR#J&Gb0BxlEP=_ddt;rr96jxV;M-ujjCJA?JJ^Frb=pQo>kei$iU
z2i}_}{Vo}{zsdL4p3^;=aI8u>l=l1HDCyLJNKY8A&MeZwsP-WLe2FH9fZiOE^{GBp
zr6z~36Jg>wCwZOGTfp`ar@JwovTeA}QKP?q`cQru;KDZ}Ivrf^{w#4NabMBM+%jX^
zHy**s6@5EN4=ruDp%|yQwFEha0vj#R7k8F`ZX{aL|Dr>i*?H|>OyX}W-*-LwZdCpj
ztB8knOLB@<yOCj_=JE9%R#OZT?PA#_%OT#SGJI<|LE;4PJRs=_?8@Zi{J)6!!dIas
z{DV@QU1;gsh_C(&Yhq%skeT0Q@*U4M9&3ztu%)P34tQ~=FBpb$)7g8k7cGG#=mHTX
z>|9)$rIh1${htHO-hOwjv($ga+-pZl1&5RU)~uguNo72lDi%1LoN`9#e%LZcOKE~n
z0|fG)`^w)1^Ndgb-awo2SUB|+VWh9OOCnwN#6iupySMMNN}q|G?*{hjYww!JYKR?w
zSlV}!A^*b}=>C$g=Qo#p|4mG{B>IJapYmmQoQ02mH!fB$$u5kc1ZdI20@u%_*jw`A
zPys{k6klo)GcuaohwN_djs%b_{01PEVYp~nw|V=zH+v#O`+Jmc)~N08b~1vLNYxz}
zi<zdnXUd9uXXMMdXDz+^Ax{8X-OuH67VOo8eC%lpV2NW}cQncMX!|`N{k^7NaxS-e
z%FwBW6!|HMW74rNnqmIKjrpvbk1(k&sS*lkh!|^Y5Q1DtiU`)C(3xi1T&M57q_+Y?
z41~aJw=wymltBe~!r5Y*1GkaZ(O*VY0+775Tg2kTg?5t07O_EAJ<dn>ob`NKO|cVs
zHgeM0A55(x<tjwtwu^?^t|f!LVuLVb^YN89VS5Bs!wgH;)5$CrLSE$^>U!gV9W|en
z9j$A>Ds+Lxlo4ZU+aqJ?0~<4(7Jo*q=;~SEa;mAyzS5Ki&SU^`T2`3(aMs6{+_h3+
z4w(tk@#sUeJz`9b4d)N!UV?DK)zu|kimN_Ayfms8n=bg3c=UUEc#+ogMMPE^**)|B
z5=kj)`ehV1leXo__*B@9QUp)?j9Q@pkH{rWnGLw-Pbgc`(ubDKSn^=gcEE-EUyV_Q
zPiu{I03BbilF9Ot{Ypa1BmFBOE8M-$;%r*XHF3G6B2+;~nIjlZ#u(1%H}=}96VqLg
zws#0Mi?r-$*_{Z^{8mBMEY!GeJTs~EapQ^(4t?QO7QpQJSK@z_K)d4v#zg0M%}kbN
z=>D6@9!#C%tSjZqkbKYjmWKXa!Z_4_)GX6FCzh_#<TouyQg0814R>*|5!1ih>Nw~s
zStYxt5%K&R&wr8q27&a_E2bz4iuVVMwWK!G{MAkXNrcrEg~3KS%cZSC2bAwL<|P4{
zOtb4VdcC>@K>gd_N&Int>Uy{H8o6!DEr;op$cXu2llHY1*Xc=-57OZQ_q+$)M5U-X
z8Dm4H8R<PzI1IWV!{wG)VmD>7M}~Ya-_Cd935s)=P9JBn;KgYYhV>s!{QK4(Ctgad
zi}q2mEwF!YvN?4aFQ2z(1*Kv$|1E*am?<gjMn2w6hTo%~JfIaG7>Jkvs?5Bhhuf1X
zFSyza6BjM=$$>A0el{CKJ|&-8)>q7LKK9^}@yX|1nIj#o5Ec|>os?F+rgc$pR^3n&
zbPvQ{iK2QkqtSnvLP!beYEX(6MyG`fv#HHy#4}{E#u^TdijHo0Z?9CS-l0EQK5Dob
z^&|)P#gKvoNWUP+7qd8YcN0|GR&k{8!H!Pp&h%<lMwx9Nww!fkB>Xp%TsaSM=}F|%
zdkL-qQJqwFZ*m8WXwbPe6Hl+2^xPw+Ffg5%ROk^`FCO2l!^}@htThq2tBcU!M^Jq2
zgI6n)w^WHidIM(-BC<^9uf*YNH`pDsx$`?WywZ#;5ng1Om2u;aS>-8jNq!f{b%;tv
z-eWZOSxMP@?ny=^d+`h49YG6pBpx}=3C)E?<+f<ZQtjAnG1h^PyNOJ<6qxPop>P;b
zc1<D!J&Yl9Lnbk1l8ZRL!_HisaUo0q#VBQ#jgb%u^IB}e+~Jm_U)98y=~6e!u`h?j
zSfY%(Vkk20$JW94%N2JPL>qgp`pj09+m4&zf!PqB>zaOH>Ha===jDg?3S89k&f7LL
zea>zk4%o#BkS#}o;OmZ0HO5P-TlEQNSe_6u|1g(tSK>>GZiXj-W;gwgXP`WM9Bu`$
z;*lUR+IFxs<NTjFll+n*2*C0y!Ebk`bS)1&lxC$*01F?AOpm>GN%NEhvI-1$*kQCs
zDwi^SSKd}1XTJ89att)Fcz&61e)yltnE3&EIazH>N@iYa^cl3(VMgkuDj2bLbbNGB
zCg&VzBjz4ZH2t;&s-dK~<&Zn;K8=M!=pH92)FepSW8)HoBjEIzfHUvE(>^tuJf^&R
z{Q7k0YyOG->lBV#h^410{%J{D3L|SNS%Ee@TJbA18tu<`FobP-^=81$Qo=YY>w<o>
z-1XrEaBPyfYDgNlMR}{kV_A}6OdLNx{JDR@NxYZ&Q$Vn0m9FQx6F@5oAr0$h*spu<
zc=%<&@#w(`Agka3&D(fukkO0EjhEJyTg1nCvxMWNB0`80z+>M9u6DuSdLqn!M&11L
z$@~@~4U&JS>Tlv6lP3Ta-{5a}5ebqkm+ADDsSI&?ZR)V@U~`2VF7k1EAN&0C@^YL5
zM^y+BaUjDgSGq$PcLvBSQYltw$*hvR&e~VuXx&}B78e98ZRH~dKW%JH4X_)@(UVgk
ziIgZ#k)QHC6AFvtsPshor{A$Jw(rD2(ozw&{c=;cwF+d5Qa_vQj^~Jvd3U6*NGU95
zpU&B_7aZj#ot(>%y!Pn?FwGvVHRHY1<s46>SmG#)0Se4dyi#7n8DeL<!bGLs?eQ%Q
z^VL#v1cg)Km6gX(s!MBC`zm?%52El`y7pMqWBoY~<<^+mNglP9VoBE;JUC2lHIFQN
zWQJqehLQESMw(T|qoHk2V)64K_3Qm$mN(9v{QM3vaUXC3ji&L8Qvx_L3bh&lE%5nI
zR(G1c;2=6EzSBh&5k=Z;L;H4Mh8CNqqk2W0eIa=#-SG>H<$vreldh@5fNMXK`;&53
zetB7%K;@Re9k1iP%i8mi*1Bfm%bHXS^Hv5WN9%-xV0d2C%iFr|iCBO8v(nGN`Ltw=
zzn_uy#VCQH5=Y&ID}HcWw-ScW7rEk;#%E|TnY#hH)lEBw!?KC<K0)2S75g)B!>zvO
z;_8Ga4vr3X+(YKb2HpY`f6%-cD0#gtboTM>T}?@;4-Y_u1;dKoGkxF9U$Oq1KcsRK
zcOD>ew&*^cTFCrS_1l&GrXE8>*JE#%7lgo}c{j5ZW97@H@?bTRm~iA!xjLO^rfsYE
z1VFsO^WG<*T;1zP;dsC}sVwdU5I)i@RTXWVQLSSx*sx(uE1sS!5!+po<Ge^-m2$VE
z>3WPj&F;v6I%82idL-~`Q9HUWWVsxWCe^ZVjOol$cGfz$RV^^QuhLd4bv=4tTT5XA
zXjmVrmJ+ys+pcYxT-g`VdjvgrX(P@%lRQ4a8Z|bqa<IO&<1o6?63+X3ne_Ms_FXIe
zKqPg1O1`tRjY$Eu>{PY}Y$3v46eZoj&de_{bj7*NM#yTytM`Ro9A`~sD|TSIqP)Of
z4OQ#~`;b&Hz{sB7^27z5s2sekYQp+D``P87Tc#3$A#%mK;YE7cwy~3{0yLE2V6!}u
zVQld>yVKrfBPnvBr1y;<ktNK5x=iRi*#@uvTj1z9W_a@^++Cd}9w}H%aWfb%rY6yN
zn*NckE^fAfx;ey=W^kh<R$d1t&lpl>Ro_9=ZFf5%78}rrthkcxp?G|Er*F_;P@tPe
z$#T#zN1r_wUyJ~y*^($m-gy;P?o}Tn+p1{0j#AeN_2!BQs0l>Y$UVj7d*>8pmy?2x
zp5*eG-tAjb2&x%uwDe?}lPugp7`YWIMw-c6m~uv#<mR=|phU)04nmFG&Ndu~=a}_|
z4o+SlHZ?Frh%{p2z&3q(p`K!eZC*+G7c&rjSqfp?t=ddv2MKW>U7t0iDdXfGTe{Ba
zi-y$?;Zzr*)^`)070v3*ENFSd@7MJQ(8X~aa0)bzw7L~(+4R1PuEy8eHb>?*fNHIm
z#1@&?$61;bhn8fsvS2IDT6pjqqb+7A17lIETv6~ClxoK<!S1-r;-y)4aloruO?#9u
z?-on8dEoZLJx3YPXK}m@GS85aaoe?sLetIUTJ_X6_<cUbo!MtO)=C}PpZjVyy(>Pv
zDB~59Q&E6<+X274Zu3?srx+US02)m*iq|PAt!sy#)hll?em|HI$zlDr+l8w=l*MUP
z*F06OPfI(?AqIgD#KI{d4u*{|z4dS^MZ-q^2R)c~2F0=6R72di*RQ0;=cy8FHi-oy
z^+O6wBeq47p+<?WZ<u|FA_YBN6IrH6-vp-IHSAX{L}juy$OSsYgjGoNU-8t-?|%VY
zES%41puW_>(6(%gWuD#<)xY5yHaTc9t<E>-_>$!{_U41aT#z6MYgbL_I&v_qAPLOn
zBtIkJvm}twD$HzEvnZl_#9c7A|GPIEhr2~fZ@0R6{y^d_L@ld&yNqnDmF^j*9!0PI
zHeslt@$32=?KM#^y`m}ByI7}KEIE4fjkuP{+(0@-rg@-V@q{f~_B}Oc$Y%~ggApP5
zx*~Uj=@lC!N7|I}m!PpNquNanyl&3m2L7%vIFmWQ$zsF-wWu4bU8-OK*UNUKB`ju_
zaoegJV#vrLY+JJ*3Z$G>c#j>8x7zfj<G5uxqDp!(tY<7c9$EOz#)1z=Di_{aWKZqn
zWyje^;u>8;rGSqUsJO-j1;x4Q!P#|8>U7~y@lnI2h?^~qy{yw~qAfCyo&memsBHr+
z+yxp4N&Y<<NkWpZp%gu{MbeNB4H<1;<RPXv+kzv)3s&Qs&wcnbUnXHFle*!|w~K0?
z;TZW~9$qExhIHbS<tS<>rx2&?k`eKe!uVr`*|g>`PY-b)FeGRvY^nLHFBAC*rBa@*
z$EUp>M?Am$W3v5Al%$BLICzKS*^j+(0ytWykkTqpY&1G}S8F_PrO&WaFSDN}=*mji
z0Q@t3|D`s75cJdi5k}UR+yt2mb3lZkA7Wb~e5>{%bDYA&^dP2Tw}G&t=Ei$<q2-pw
zG$L|oLBgbco!eo1V%J0_Jiyyv!c9<$jFUHnF9vW<{s(Q(Z!!P=w>;>q{*lFj0lDe-
z?MA|sBM8stg?m@XptS5z*$o8{qf>s={B}+8_$AV(%};$ej29%X)?qlT<-ZtLnJCpW
zc*xLP@nWBKOJ-$@?ZDbmQVk*8Kiu+Sv1hpaY`SH_vs-V%bj@l%&D8H`1OQus4qHG%
z(eRx$E|7wj^B$`kZ(X5elbYNqAYHYfoWC1M-I*o*J?anq5%n$GD=mCxJi&)amGh(z
zk75qu=R(&5PXHMTFG|jXaO#Oa<0LL^TQ0k$Ni}jFe_$m#&-?B_uKm3FvN`o8Pk$n2
zB>Dt!J7@ppPYqpra`z>*?6be9z5n^iSJ9V$`*#|?Zjn8CAul_5DH4Y-4kgxW|DB4{
zRG>wyxo!d}N2_j702NO(S&lF|nx8I#el+N1yp{F<rlqM(r3~b)3h{87U1IU;JP_=R
zj^_zTeU<9D!3nnQ3=zvszZ-;s3zET>fJQZ&c;%dPkzLo<sTQ<0r|(=yuJ3{}hs4=K
zwNvB<0t3oPUNm)875lEfUO|0$H#{cbb2WX-ztyl+51Af0=N~_6vMGFbHVtj7-0XM)
zXgI6{Jtx-kUjEe{zTHtojY6V#Vkzh93Cr{>u^@G~q0}W`&4*Pd0Pk0oNE2<-|LHmY
zPrW(~|HY;es7Swc=Wd1zPkcA7H*-Lay$Kufj;p?W`^2*dJY{8f;!^59=P${ocHA$S
zj-^uGZ05FHRkgtAJlcnSw;mvbeEw5|e4#vQ=lV|o)sz+JH=1s*I(8o>_Am)r{u5SI
zTeRFmZSomKGec>?eqz&>6~INi_5DxOet@TRfh!oLDXGj4R=%URY_|xrue_rj_TU{t
z9?C|@L;dEX@qLZrAVL80|54|c>uL6kWz$=|u@6&Qgt-TMJU@S!)Ei!^TdfXayS9tL
zE!+4of}Z9d^}4C2?<Xd0F|1TzW`v=MRq4DfyT^nh4@V<RrP8h`e<j7lN#CYj7r$kn
zz{(!SqAH>9F()kldk|70Y!6H?9Le1Uc>Z}h=o?=b<$lqG1Nzq_v}teS$iA}buxXZo
za45{^1fbzt95tKsOC&LZK#$eD?w$b7nfN4MFp0lYmz3VmKzzQ-7m3+TpZE<hKsej_
zS82Rgevg)Ll<d6Gekrxe2)W$YMPHp@eB3`_rwpdIrljDT+IM~C+va_F@b6FIjm4h-
zMeI-Lta%_oGxNTL^q=%-o!S`B)tO(ty&l~o)!kldOHfTOK{YsXdX&JwEN*?LaYj?U
zt41Y9;59ZjOivr-;`gXda1il!{Pi_e=Cuv`p~*ut!emxF+TUgRZ6;Ku$#p9sch=)Z
ziI>yi-K2(^iaSo&*hK$`=sIfU=YOpSNPJ%<{kDnod-id`GxUYL@4Ge;@Ne5Vih87}
zJHp1lZr^-kOXFUlRCwC^T_vIuKy;dk=H{b!s;ygB@UAk^?E@fhXI-U8r=H(jA6nKL
zdJ67xiQe4p+Y$CMfiNah7HQTFfcMKHh4vhErUbxNvuSEUxW^3@gBxxdg;_=18H03=
zv$Q?3+`_0Xh=YQu;X(}-a{>_eU{mheEamLTZc)EJ)?Y{6YM3}X5oZupe~55xjrY8b
zw2kqPbGPZDS`KK)^AJ4&u$4#qzPwwh{wlW~-LQ$4duUf6XBAwApDs@?JQk<0QEY{N
z@NNg0sX-~~@gP(*GB6_u>$<5XAHh&oK(1113i11`b3Sl0a6bK2^Wptdc?N%~mGElq
zI}cBHp|<0z<y+2th%(mD>g&gO)F{z^KsI7p78-q-X3<ZM@QK~W#;E&5$O@OAX#ELZ
zY&taxiR$&mw-2aDNgSR4`d-I^^c+jxMYhu~SPkE9Yk`VXo&aP8o!+Qd|Hs};^g3!8
zTMCovKBCMx0X*Ak6UD|IlZb{m*6keZEU(dbvS-YVvl6_0xJ7}R6JPrI!$j;-OTE*>
z0JdxHd&SETA3o53t2dvjP9Ju26ZJuKcty>}xq()fXG(n~plMFKyQ1iqpLg9)02hWC
zqX*mxOTp@9x4Of=E(M#I6!>YoeO(GxFv$=2x)i(!JZ>D-30VBsb*Rh9|1i9@=>7w;
z71-)%q`Ai+10`P0I!<3dGJ26QmrQu4gcD97$yb)$m}tgly`+mm&mE$rE~I3M#bIdq
z!TW-U3u5<knS%?byQAWuWZ=@GgdWVzNn5g3dp|>UHkkGap!6BDVjHXBC3uS^;gvP*
zdGS5(A}bE9`X)gkgIbxhZ~D-Ec5;UKZ7t0>(IERC3K5_%%3#w?rVEK=jo0-)GG#P%
zk}LFMH{>sDQ7@Pm7wc4lSI?t70(HHDu_1-gm^p2`0GcMfNw`8S4nO|d((&T*NKmD7
z34gIY!|UFBE9=dhNwFL;V$nf+A5BsCO}l}Be2{`j7W1+K#cYkvn5W>V?<c$*k0wJt
z2L;5_SPDKMi)uFCtR0N<^m&NauGsJQiw$E>wj&7?foIg(a`K&#<E7kd8$XyVmPuZZ
z@vg9F)%-2oqCli<_>GV|9G37q?=4$(-EyjB`!abXlJKHN;fEZks181z#W5B0WRX;7
zwB>P?(|{{=Uh7nj7rk{C-X(gWqE7H^dW&IRDM++AzutUoB$M_d@Y?6DL522##K%=>
zdG21VMH0brbgHl82Cs!D*@cPLZ>=!2)qctdMAZ(!mL4U(?vsqGG2z<>+54g(V!pRv
ziDYu*woDg6HCj<!=4OGcqVpp)W|8y)!LrGEgm-!<bCQack~i=8mMVi}kAhIIGhb=z
z=hh`By*vTz@LW;{S&M)tT#uSs3Lvb@J>|`l_;fbHnd#X%7sO^z;hmJgGLOu{g#yP+
zQthqqTMCHN9LfdaFvKq5#dZ<6-i%-)OeX>jqGiXm_qam!<k&+>K4f*H!jdJ`F3u!p
z)z6M=x6$u_Py@BvESUFDb;3U7xWjQP=@Z8&J<FmydA+){Iw;S`9xwWIWdG~ig6lxL
z%Lzc8YjyX!XM}kRxWw`3F>Th(<H8(Pm|*f<=vd)#R}svbl0xl*>I6$2@20huH#+C~
z<NPELRIfjw)-Ja`)M3g~qM=4`*^)I|R1yMt)uC=<$d<y~Uz}wD25KlBU0BmFkG;Cl
zL>|w4r!cJF)*vwF8LKW>w^RlqJ6%4qTf9`Dkhz(WE9zGNF2>$gs7#4ZzQmKJXDDoW
zCd{E$<xm`}-UwxyOfGOQ9El)MH|P==iH@Y@d?O2vj6dMj(I;!&?Lp6nG3R(Db<CEB
zd>Q`KBba}__-w&$0ZEHXf_f*vmN+n<O%DdP_hYj=A4l6+DZ1l8a<Er3f*u}$dBrrK
zR8?<izcXshb(&tMHYCgZ^4WB(UP<Xrk!@+Qc{fmF$c3iA$IRKLH+^{GHN&SVm{CC4
zhAnsL=Rj|&=5x(Z1yAuln|^&tQxuDV;t1xt^6x$to#htZJi4?k%)u7h&=7}XirFa-
zek;2!el0%FHq92l#z$`hBU$W$ihY(wKz#^M>t(#QJlgYUL?O0Sn28K#Sf{PE$f-0R
zuekJZ37p~db^t+Z%M|><w1C6Ru019U6zd>j$RS!bsFO(-Y>U9q^>PTR6P!ZOx}kA!
zy1dbD1v5`0GvGkG=fz`M!misBY1oL9xhUIom5V!4mnkS!v^9jSfq|AD_o`CMR)s!w
zQ*0q6xz{Dd`L0&Z8*f+Uatmwy%a8BRNWd{|5iO>KGlpc^UUA(rT5C&eX6_QHdP+h?
zKH$rP*Np=jt3qZqWFqS@L#ml3k*H?>TA;5lr7(vR7TV>pZ5TFpy&uN?uD8*Qb9{{(
zJ!BYd8Bm<T?V-=2ExUZ>td2qbt_MykfGTcAw0ubA4}Hk@*xC<x5rrh1F4u3BPO_kE
znZj#|Bcw~-B<s#LEa_<L%BRARnb>3n@f6iQ1S2ET`~BcZU}Z-9i<-p)O~V(xS>q^k
zaA2~vZY70k<Uq5wj)HpUqjJ3+*}k2m<OKYpgsy{HUtEu5suxzTSG8WK97(NQqL#Lx
z8z^KHnvgO(zi?e$R4-2Ah6n?Vqx?|ILS=SHU&5PO-8Z$D-#ldP?dG$QPf{X#%J+GW
zTh(5?<*-wFX%?~j5l&%{+4s#II9j6D{p-yIvbhpUJHjUgZ$d7+1cMM&<0yOq<ItRj
z+$D=d7UpXxldPFixr%d1g4z&HOtH%C^%wowi?W(`V~r(<c&V%lB28nnxFc?bOyUh{
z9K{dWM2UJKNVbdV4o9<b_QnmPnVYpN{oH$#-F?w(z&tm{nX$TxaBI1H_Ay~wF7?Aq
z$pxG@8#pCG<UEzNWC-szD{gYnDXU6pE-^^RF@Hqq3~k(vv~~7QapjgAsAF2x_C~^0
zm_8cS2DHf-34ky<-+IF$yj_=u?C22{^AhbAMp~g%(>*_%<M3~Eqj43|X2sbxI6-)M
zj&oS4ki()JC$_U9z40Y|W`TR=W@})<xrip~#+c~*E*aGsk^snByN>V!51P%D_#Jut
z+II559*uvmu9%+*ji$I?!-TC(Sr13+Bh6Y=Qaw;lqfO}+txivta)FT!Faw@$1}|4P
zKn4cFKpTvcEgznQg~wzGa^%Om^>{lL0q4vqZx4kVGR2=RH|QV82<#R1x;g1a{?Xu@
zr>hD5yPh5~du02j*ZuH-sbdc&9`;FJ(RFqz#yG*WlvRli=HihGYxailHee1F%GK+8
z89&f9u3NPCr&(l}Z6%~5NZ<M0qTo^-Kt|-YmLZELk(tC|Xt=@FL0Pz9oP#VA4K@I;
z!uF=CVBVlda&f({TcgUfi3J{FOHbkc#fF!ROr0XHNZT{VCMPBSjq3s?hpKrEtfl#?
z!1xXe#Lg5cxMF$Z{rg&ws2(=LC=k(A(g}QYaWb#SrmNhiw6#fsdT>hVniJ1yQN6%2
zL&Cs@q3ks_7&iD=84#N|&gC{I^0_}zeZ@zGXEt-U!ov_9qMpQ#1TWS(24kZ-UI%H5
zUc;cHV|r1+?ixpr`rFpLQjgE29>2VB;pWdbUG`f{eP7&;xQ+S&=j`wQnP~n6{Eypj
zIHO4my?TV4=kgYF(BXSKx5(84y*RQy?AG7FEC~0uy_6h3pE!V62rGE4R=T_lITB9V
z;lYb6XO9iHIUjq@C{L`dLJf)iR@aWNvE|*F{bRHCul@r5&&<Ft?==PO#$+Bd*7<}7
zOT=v5+?nh=4n+7xQLgc89?FCqu~B*P&r7T{q#jX-T1rTO<;FsTD_-w&ZPB;YX>WJ_
zFLc<=P0-;UVV0eW8vG5=lJQetet`c|ju<@u!O$Pq)9kQxe+#_JjfeCKTzd+I+c#)M
zT--b~uw0Xow6_yjVmei8jTf`G0(7tAhH9j2N`n}#AR;fPh<RNSjH@mwD>2-LD3F*L
z(^SvSc&2Zs?N9UL$S>&peG&EN+&|o5ASB#&I3~YTY=@(9^9^MaW3nZ|8G~h@y#;yM
zGK7^f8BJZt=Bj<-;VrNES#x1`6^2*rN2dG{P(<&$W4R84>I0Ni=3(U{UuW6p$DvEY
z)0LXOxeTRD_kHEI5gW#tm3=p?#1behHx4RXhq5aF7f(?E6Wf*@K*m4UB^@SvFO__t
zvX|36x_C+8GDq9YjxZ<B&sgGR|8|CsqqM``dB^RuvFE-vg@}my8B4SyZAChJ+~s4t
zC46wYh3I0z-cd_qr_tlsi`2%KR%w;Ac^mN{yE+XFw!>TT9R-Ed#XDb)AIDyRf#aVK
z=%v8MRR(#xkr@cQxcY5Z9@A|ehoz=DjvG4PSq^9<f54?0bC*_W%odIeDxg=YEq7ZU
ziYM|+H(k+EY3Q%)dbD@cK|{1JRX7@Zq;mYJ;C^-1u`d*o{|nY<7Ix~0VZgD)hp<on
zMEAW3$X5!3(ft)I^|J`M+V7&I5{LeM!BUjm4gnSmI5a@Tu;$V6YB$_2=Nib`NW{*I
z+-@@rD@h30XaL>*qRsEg9O`z_({LUsQL5v=q-L(iW4Hg%khqXW$nnWye~v}1yhDp&
z@eOKPCS69t!P*IJLE$2|^ps3YeJ`t^3{<&B(bT%m>*BnszNc}7YfUe;rp$EVu`gM4
zoo*!^JZqDpY`kFE6;37+VGz_(PO~()<HTf;sXP5lu6$3RGAXTb3Yt<_>^FH7)TJk^
z2F{H}#`@iS+x0>B?Zei+K|D>j^hiZ)P8w<;O|W@C)N9?^S4P#ajS4CH&>!g(ud~}U
zYn(I}FsT&nHc!}S&F~UE=5en4)Lq$ba*Jv3ryH?|iWDyf$<fUsFEapj(J!9){YFIB
zX91hhb)?qe8M-rSuz|p|ed&sxKJ@ji^jRSrCLBsiV6^v0;U4M^>nztN97+;J4-NTU
zza8ep7K(6~VVhtvle4*h>h=%X|J4l#I*w<(ZqTT?a!QO(W}S=Um1VE=jb1TJhR~O>
zv-hO@LRaHE|2Jcbe?m>_lhcoXaQ5x`e`bk~f9C&d=Q_ih%(gW%j=c>iqCi0UKqw<f
z4Mn91LNX9SF9HHWAP511AfQ8)k{A$a0USCZln?<UZIs@n6ROf{kQO@LsN+$mJTv#q
zIrrY@-uvsz{+=({d#|<j&i>x@zDrbW)HZV?46p_Mo@UqOJrZ?oO9;VXYEj(+Svmt+
z#aYg`Wvy58$E@m2;8xcnID-_$w^*i0T_`1h#lW?-lXglq)R+y{n5|>HyxyNR1b!&#
z!dOpj?>)+Qyt_~8@t3oC-=d>~gVoA(bnsd{!lZ<-7OY%fR62lp9e4)Jw}gxs?AlQw
z{0XrpWZ~*3TF-x;R(AJ`QPKB&GM%2}ent@>{hpq51}+=u{EnV99?4o?L8m9Ru0a;G
z*BXre0wi>*FUIW?li@=@=hR~|{pl?F*GESTlm$y)+}z=U%rVB3e(x?W2RB@nxvUsE
zd2+~T7c#N+gh4K6>Q_PW{$~%|nW)*(>Uzt-XkDpM%kgpHL0%5)4v2PxOexh~ChCw-
z49^MOT-sXV{qy&l@54+(H^#8_<>iU9aXc{B9|nfSTTemS3{;wTVP1|Z5(X`1cihb%
z5-3KtuoT>dH$6y3sGlFNeQ5;@?A@BA(do7zm+(x1jE~LW0Z`h)ihMX$Fp--Ak#J(h
za40Z-@)pk1@|?2A{M1Hy$6JPdx^EdS2Lw#m%frIYJgU0BP$AuhuItSPro!}rV-dM9
z2Rt_&4=VNI>XzHj7<hqcOxjk6tXJ#Ga4i1kFMRZ&!KkecVU#NCI74;Nus6@`0i0y-
zMIe+zPix3T)wPr$qn6&m^naQaux7UrXZVy9UHt$k-&21Px3qiYNXb?U?J0ltFWg)G
zU&y$EHx*+Bhy1c88BUsA{c>o36$FgNYB@D4({i$iZ)V8X8<jH)NJh;-?<V&VJKhI9
zs!Ie>Gz#zM;GAbIZ~6Uiv$p@9o#5a>9h60{u?4v`qPyH)%#EE&74?5fc!Tub_Izfb
zvRau?iwZ#(W(Je+tEVXd4SuO^t)V#L+PO*(uuZM0^<&g4N5~_@2>T(G45n9~_SG*<
z^k;b(RY`!nO8?4L6LL0Rx>t#zn>^BtOg{0Q4(}+0Q);LcQma{y?z;PFbNstLlhLCS
z_ol=;y~JF1q3GFRz~DM$D$lJ|iSwZ3OHaR(bn;vplnwH23;j?ZAQx%09A!T*EOl#^
zx}5G|)F3RSBY#aIEitr`Vlv05a9{K1e^B^7%=_Phv>ys8EDg@hS!Fgw<9yY+%W5*L
z7mAun*(6+w2WPq!_|#P>TnkIh0cDt3j(P8tj-fWB0<@Fh{+2<us;1qGcd+-s-moaP
z*=KRZvxLSd7;yL38`Vdr(bpN0@kCh%v#328F-)SbGwz;6gi_FHBbk_*R%s-3iHY=Q
zcs)<i`A@Gge>Zh=C_`$JYa7;OxZyTfV8hkfXGEA}E}wX|NQ%4)=icaHQ3rJ^6-oE<
z*&Ruy(^V(7oZrz^U4~4m-qTfE<LchgRZpILJ+{LOu`+x4>o~RHFi$#8qF2Qb^D#S?
zv3NN3O`sA%&7t-8?z-k7y_S>fw}7!q?sjWRF|#ijX7dv-eYD+Y*RKHtd&~JbpZ(Tc
zS;-hOl+Q!+^Z;A5xVWfd6(<uJ#2OLN7E{t`_%ilEi?!cz6SHa7+sEbR)}2Pm`dOF^
zBrkMGg}2@b?V5L$yLiW^B1R@i@|G6=Zy2&4dOWD4GqIiANzqzYpV}&ZNZZU)<Ul4^
zl?I2oQb*|W-=+=pJ&u0qC2zdqfzmzyW(S;LTu_r<je%f>r&bkUcp@{${eYjg!v;-5
zlXT%2iN`_Oura*w5w}{VOrpikh_-@aCuE)l?%~n-lLbN4KC1vqS1n#%<E|)StKd@^
z)j0EAH)?V9=_!}Zs-QIv%y_$RC|mG@#U%;n9aZcue{#TNo5)OAYDTx+)f`qUeoqzW
zTAo6HUvgRJcoLl#eKGMsPcBkVO|Ba}b3cg^d-MCRwtLw>TJ!H7(-^g!<dvmzvI@VQ
z)v#;S&MYXPROOU5MpNu~3n(f}!mW`WLT?#toC$Px;a>~23rXL{YX1C*x$<G8|N21U
zoTXIj<lFHjH}=$8XJ6WuLKwvnmA`S+rg{&rsTI-RhhQ+q6R_R%c`@en@8D$_{i`+#
zlF@PSm(6``o#+TMG|Zbjv4huDRtC`5E3}?7C%8A8D75R8PGU6{dbps(rPE%_=HaLx
zs;a8aja(a~JT`Bo8TO*35nepeWk3T;-+>{gd0NE-BL2dnR&;Yz;Tvgae~uOFN*${K
ztVu6*e-rh7J9jxp^auz>h&N&kExi5AZ2J+_QY+UeB|f{>(o@Rm?6^aT;TVk5C3X^T
z8df~ekGXMp#P84~IZw@JIVB|p0c}fL-j?qrRPqP)ZkVYIn#Jgr&4aHTwb!rmkx8G#
zQ4eND<PBEd&0pG~YrwS9jcG`L$%zGNb{0!K=1y)aiL-mgK~m2_@nYV@P-WntmIHOc
zYy<%Yo$N9ZB0Z?go@o#2TzXQ_e(gX(tKEnLYvY;*%oXw~tHvPz_)WucjCaNSs-9X;
ze?BU~OGsS%)>fFUaj+x`d|e8Ax50*p6<)syZRm|}x!K-Wa|cUooRnmz!-3dSUP4|s
zkwn>rM7Yrfas+d+nG&|P&bI56G~0tr1TY`XY{WgqI-&neWQGTuQ_cvY)|>}6V06to
zk9T^k$b=#up-GvN_$FXd>(i39OOu&LnFmGo7-bUr6XJ8$>wwG+VWz5?0*O3Tuh)3v
z<RIz|gq42(&{SZHe$}Jl%lc}v*NepKj&j2dCyM|)?Vbs2u;Hb4ok&`pYI-46-^yJT
zn5S7Vq?d0i%aYnuP1GL7@3!omc#TS<G7sjE!2oS1;`W+^^z;J!no&+BuyEMclO$=u
zA$5?1yHU)J89K_GxGcMkHR(?b-XtB58+SV;X-WY}iYW0pS=FrC=AS;B6`QSJx?TjD
z%$YE2C<iTS`-n$V&<(|N-nO2{(zVQS?Q!9vXw1n#|1_;8sT+|k-b}eYP1?F)ov}!0
z;3HUmbO%j{M}uy8bZB_Y(c+kbV*4H2T;Kjx>sz-=!KvX5dA{*_<u>@Nf+}g*=fWXb
zS-B4QMb-Ivg&ud0hHM95|CPzE)vj~%HsEA$7EyDOQ+LkrZoeUH#}QL$=R2;l7*$eq
z1ia3-n^}|6%N*znAZH`b0bNX!jcsg+SIYYytEVm)=h}#et6!N^Eb0TCZh3_|E!1Uo
z)yef%&ux*E0TP1Baa<5vXA&$_FwP%CAZTAp<rxT%FCDFG#DNVAGaVG&%f}y-dI8yB
z)OY58J(A{SaG6Tt?C`R<H0h;h>I00QBBKG@o2_svj??G)2x6%JR?b{Y_`r+4u4s?)
zw8?5{5g!}NSWB1tO-CYr>cytcjtDjvjw8T^LqhQh5AIsY%E0062DXJ=Pm^4Slj~KZ
zB4a?@CDN9WKM(w{RD>rMK3TM#a22!GVN|&Imcb?AP`@HX-+tE`f4zN!T!1RTim<~P
z=9NW+9SvA18zbg?8cB0bLnn_EOV#ZF*J)BYLt`naymO_w@!EMa^8+jd!3iXd_YsKs
zJCl6**fkqpA2}%Np3Kv+1zXzsK)a7<XIpkr#Xc?gj(*!@)l^<vq~@H$R&GvvmfL+^
zbfp}H-*It@^VGolp>#FGh`>JYQKb|qi6_UUpRg;G`MXueqrj7-O-=GyDtITo=SGhP
zb76G>uZysA)IAt~6b{ZxU4q_Sa`Lt^G3@E@7=~-uO<Rro?OXD~N<4y(-+H+s2nfF;
z$!31l;y9WGIH_TcMPu{T$Zu3q9m<F0gv5=u3TXi^Wr`=)dY)F#G$SW%JO-Q0gK$TI
zdrKjkraeny_oWx1Q`SIIe|$VTv?RZvV3s`*Wtx6JifbRD|6XagP3V3UTVFy9z0yTu
zSU*xKG1a}t*h~b!sxP5EPKtLaj(tj?sd);5AHi23C=GO3o4N$biU6$bRmgc>Q_h9y
zLsV+beOKGU+I&V`Fre**XxG$i+m%|mvuC3PJ12*0?#-FWn9dzH8~}Fy2+=lqA3RaH
zIZ`79W_;;I{Dc^|oHO5nhd-WMb|-G)b=!`#k%7ee!Xn}`n4TIEZ3XhnEcHrcWmBWX
zAU75+<JWw}u9ARO4$<&QQfyC!MvAHt5BwETSj=088AiZ1hJ=-W>#y37Z={-XffXSi
z^i}cn44dKMG{?eJfR$Fj8J+sFo;AB;uFfzOa{&Q62mBSO_Mas40z52Z6BUNcmCb(W
zK6`Wec_7`41lgmw9r3j8?51yYg~;KNAaR2T9mYZ0bd2{0^V{Dbrr<Vt5Tsh*YtnI9
z))=ngCMIHjC?8m~t{e@Ir^`FW>6K5fDEZlYAFcTzKf2K=Uk#d$7`c>hTkDH+(YCvn
zKWVsrHDpGHqwW^>;^1W7LSulacF2N4{0pO->*Dd=T)5{BKz-pG0@vELHPhTD^7`1m
zuFcg8#5jgYXXH5$LF_mmXhR$PHXv*UfVC_-z%TUVNehAB>4BZ-Xn%1s+wBCccmjaC
z+R;@hw6I|xuZDDGSRiXIe%*6AtHE++H_dSl24^o0{@J!;Sp8s(DIb;1osp*?nyJ_N
z48mpR1%9Z-ip*ZO=pcz7pXuru;H<yCFzdx;)X{TmRYWeLEI>9sKi9m;ck3LV`WtbT
zB_fPj!Rl#Ll<(8}$--TbSWq^)(Ja2hFyGc*SS8ASFV~9~e##h6F~+ElEym_l20~qT
zulFgouf$AG70I(Iu{Z=SNF2R6N`+X_Yx_zx2`J|Kcy<?-^AGlUG80o7WqX~6BR-7&
zrhZYziXkg&g2pVXQJKC**~GO~$2zMg^s>1$^wn<T)%n$S*vYujj%QMPK^-)gbLWH<
zXhjDs1US_UfNab;k!`G^v=St?kXu$7F;eM@_ekpOY=`4ZU0|j#L^V|ZTZW^@FEM=e
z*`c!G@Mn!?;B1o<<{G3}QLL$1I&0OBKWz1fLHS_6`w4!d!kC$hRejDn(|g)1(?31E
zO|KqwieAa3+K98mzG*XNj`c0Wu^r3RlN~Wx(>rcELiE#M*NFVxUyg%+_jTd~v*KJS
zxoLGcY_L*q>{&@LN}+ReE>Qwg_q@f8gR`n`13YuOwzFD-j_-4wNPBcAt>63TahzOf
zS+?0D*K5ZgLYSIo1g!FD`difyE8T*B;&mdyy{E5#@uy=@Bd5lkV@OS6?WQd4R#BT8
z*_ck*hp|qmEDTm)|3SmD^m$LiA}|n2A5UDMYLLWmTEX*|hYkv2T(#rwjNVYP0zk|a
ztt>#-NtcaKmm94Iqiii?;!gJYKRW^C7*7!2tgiR1W?fog`oHqPlj}rDyOjr52_6dr
zFIU|wu2CX=T{Ecu59`SM%@r=<oWz4}>=_CTQZ_61AMA!$%0)ZJF59rSztC?p8843$
zm;yLQ(rzT<vj5QHj5*Gw<JS7VaJ$@P^X8}(tdsf^V4sgunp<Z|5vb^!l2{7GzS+sw
z_E|lCx?TDzdgw*M`Yn9QPmH#H4^!|f3H+1<dhNZEo2cFrl$BQ~UDX)&W=s8`7;eIK
z;o4na37c&>%$YjlIhnY8;R;zDtL+%Jkq}2L)z1Ox<hwSHI^u!7I6&Rx=O^s+=6^A0
zJa60bLk)JUV}dQhO6W~aaj*|Fv>KnNSz0L<Y`3Y&E#ZG-Kmw+>i1i5ekrrK>hwQPG
zkWjfZ`C~@iB}2<<l6I3tTO)k)4N5X|cVbAqI}_TU2iu8hSuO8K$EK-MT-)C|(8qAL
zJ2{^6;mNTN)`*t=+`ORA!}bfiJ$UaL=KsA<>(&f-#D^0>Ng<`3ejyvoF@IziWtn*U
zaBg|*1&JEl9}E95Qo&_+s#EvJA8Go0WdmN)8ScE4m{xve+WB5gY}EdE_2P&f^I6Qj
zytfRGmjyoe-dW&7kFHJAS7gYn0;o_6X;<V2?oBY5A*k85KCbE>z1OT^>mFK^pxR2P
zXUA6~_SSCK800{;=ZLE8Yy{|AhRC?30MzkW1<r<)-P6)1xkg59M>fKEwzR*`dl<zf
z8duX0oqz1ikglkQOqu~P=S5N^ULXuLx>}N-QJV7!6TtPxVS@z?I46?BL5m%M#ykFq
ztcAQJP-T^Y_2s)K(l+OR+3^24VeBtoet%KDP;!B;?oX+!%9wbk?tjr@_kHerb$_I?
z5er@2FFTyQn_WQ${y8$p?af5}wf=se*z#ECR*a;w3MBJM9_nI0iYgK`>Y^{Ec-rky
zgn`rng%(xwmf3`G@_~?kk<yI~Zi;@Ty2w^o4L`O)tu_T*14AZ$Ety3>>Ep8!gJ;hw
zNjI|h6B}7g?W21yfJ)TPB77IIw>Q&W1^9PO9J(c;w31et-Ny{R*o{k{&-3GFe}~z#
zCTx(GEY1%5vma!UVX4X~72w1gBQ}AdQ{|X@rHLaxwB35}RVhMcpudCMk%$Gw;^i|5
z(Z<qSP|8cs^HvS(7Z-1gIiz|omJgL5b9faCzVvIf<3neMT3<SJ`(K)!d7OLN)u?(f
z(vBE{j-D|xM!RN?h#fUf=&kO8F!J*ZsO^cltN+~V_wsh2kC78`#-3JJvw8dXz@k|1
z-wQ5TKk;2_i`U8Fiubm3*8rU8<Us8M3~~umAN5Utm%;zlU;Wc3gjyr4IE&0wF~QnR
z2Xp}nf$^=DCc`Fq+p@etg<=twZpd=zHq-}sZtVAJK<o=l1?A0p0|wm8iF1yb6740o
z+)gAaT^=dj+&z`L<Yy8RQ2O{2*!|I`@2-r5DUZYfdvv-U74_p=2D&nSe`Q#Lo!U0N
zP}$<f-pU&n4<_AH`0p$oovtYlle5m`X{O&Pxl-qbQV=a#dO<JE2|Cx3BI)g;s8DY$
zf9i0-uc-+iI{RvcWL)03+*R@o@;L~=PQ2QM<h71+Evhf4OJ1|GGGBi4MwiLaASzWV
z-$G+=D&hp`T4qLldfE%vBx{cmTG8qH<YtAW!J>xZHWF5Wb+XSDNPl83@>BtkK{OOb
zn$NI7&Vl6$c!t(n)zm_U=Els1GK0YLyNvJ^Q$WL-@E~o^IgD_7W3zmuZKwrV`j#PK
z#<SrZK1@$XrjwClaxR{}8RfW=W0&F{FgV@(XraFg6aKrixs2Lz&}yB|7_Ju%8p!CO
zEM%u*7kZf37X`Fm>Dl=~bLPCt67P3(46-@TO3c0~%JSmiQ@MpM*=Y-XHL8)Ydi0Zq
z`8~l2$EcKzjvE&iAXfSe;+H;7{`2dVB9ZxvAl-I7QTtxwdP;VTk8q6qWI8|b0g~_v
zTt^6*^zx07!UuGrC$<ZzBj7d7y1@~(%3jcBg`&5c0*lAqHtNmxhTnmebFX5r-u?ZB
z&%khHUZ+Zwl67Mw%e0x~R`ZmndIdZr;$C9bMy#7bVbmmoJGWD^FLD(lUMCdGd&q9N
zFE%!0Alf*Lcu~hB2OJ6&3rQWr>#`Wt)xGg7t#Iq2e{EuJAU1fxK*#!Zr|a{F!4OMZ
zQmp>^qq&M!4K701n4uZ_qTXKDh-ozLPm}mqh5M*Wze@5j$QVmJqh=C^N>t}KiW`v%
zY^Z~mW;#~^+m*@fa!M>~PtkO?YP7s6K-QI=KP^VqtUp*mV&Uq-9N@lqak7GQ%{O_G
z-$0nI1bAc;fuD3ppZk#^X!eMVJuNdezrPEd8<m4;Do&C}FyN~nX}?W@HS~3dx!DiQ
ztTYDH2iqZDkM$>Ef3gEBwrbw7wK9%V@k+H<tAlD->4EEn%Utlz%fP4aiqcg7p>D^^
zci!h)dn9|CYoazh-TBp&Tvf7v?9dLC1D@u*<otRml8Mt5eQv;_dOWSm86(spiT#oN
z$^}nH19v=}FB+9zAuYwv?d6Bky{_Vs@h_xV{8!=khyK#aqZe9GLz#8aK*iJL);$!k
zT`J<$G(gVRzY?{wC7?dKSHcL$p8svYeDEyKrszEA>2r7I3xjQ!>fMX?IFRWs`qMbj
zHkE@Tx)Oy6zI~qiT)g3JkL>jPzAoqdhxtLxbp}i!_<;u%#`3FkqpJ5!jzX6MxuJ(W
zKjqlI2pa}&7KA0GXi!Q~Tb7q>^kf)(({*~{b-vl7Y~JW-1(9XhB?Xqw?H?mo?!lk!
zExMGmq^^r}vpn--ISJ}vUo#J@dgt@>CC`#KfMp)~s{BX2p?&Qi^5pwJRIU;lnUn5+
z^_wDk>5sQ8knVe_u?!0C=f51;Ybdp}6j!M|UEZ_?2IY97kV8sI<W8BLJM6ueU+>8K
z1yHfVHjW@EVixssHh(fuH1UNh{M*vaXVC+8`~?)}uuwZi4^iq+w@GES3XM<XH!CO9
zu`!7ojU%5prF#vRx1gL9M@#cqLs!R{K$1#Ee>BkeTHrp{6@67H8ziGQ*fimA#>Dep
z#7}KkwhE<P8?5AWGaz<L5a5kOmf9#TjDt5*!B>%A&f!DrYraQhI$6-IRnbRUBplZ#
z-`wpwQ~4uKIDsR|z~am%U8VqONStHp3`EgcpSN}o!%-KyjW`NN>8wwxN3t@#av#!1
zIt+#Jf5Rvk{2SWH$1WL#1BI1~N%!hovU!6A&m=Y}TYQ_aA!6W;^J=oWV={{5vhvlf
zAd7I{X7dc8<z{ASXG|mrDke3zSbQH+#!MF@$<pgm&2Tr*ocHoQlDBr>GTi0ipX%y%
z<j$IxLGGhrOF251<Zt3+M3q`G7WL}OKe&1AT~Ug>dn#8p^^lx`9~WoC<@UMFLwlMG
zl9>|!4R@4ZHG_pfh2yEUdQJ_a=);b@A{xACN$=P?kjENaUxS&^o6&q>IR36=+6zwK
hFXnLEzWK$8|G)E#NB`d%pU3zAU~9ZzXnt=g{{i?kl~4cx

literal 0
HcmV?d00001


From f2fed5f640172df773378e628fccd8badb8520f9 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Sun, 3 Oct 2021 17:18:52 +0300
Subject: [PATCH 02/16] fix some cosmetics details & add notes

---
 doc/passw_hardening/hld_password_hardening.md | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 8b2524b808f..e022829b0b8 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -138,11 +138,14 @@ Arc design diagram\
 
 	The minimum length of the PW should be subject to a user change.
 
-	The user will be able to change the password minimum length if he has the necessary permissions to change the PW. The CLI command to change the PW:
+	The user will be able to change the password minimum length if he has the necessary permissions to change the PW.
 
+	Implementation:
+	In order to implement it, the cracklib option minlen=N should be set.
 
 
-Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
+	Note:
+	Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
 
 ##### PW Age
 	Along with every PW set to a user, attached to it is the age of the PW - the amount of time that has passed since a PW change has occurred.
@@ -165,23 +168,25 @@ Once the user changed the minimum password length - the settings will be applied
 
 	To support it, can be use chage option "--warndays"
 
-Notes:
-For implement the "aging" we need to change the /etc/login.def file and set max days and warning days, this changes affection globally, meaning all new users.
-For read the information per user we will use the "chage" library.
-In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
+Aging(expire) implementation :
+	For implement the "aging" we need to change the /etc/login.def file and set max days and warning days, this changes affection globally, meaning all new users.
+	For read the information per user we will use the "chage" library.
+	In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
 
 
 ##### PW username-match
-By enabling this feature, the user will not be permitted to set the same username & password
+	By enabling this feature, the user will not be permitted to set the same username & password
 
 
 ##### PW Saving
-Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
+	Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
 
-Note: will be support by using pam_pwhistory.so, remmember=N option.
-For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
+	Implementation: will be support by using pam_pwhistory.so, remmember=N option.
+	
+	Note:
+	For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
 
-	password    sufficient    pam_unix.so sha512 shadow use_authtok
+		password    sufficient    pam_unix.so sha512 shadow use_authtok
 
 ###  1.8. <a name='SAIAPI'></a>SAI API 
 	no changed.
@@ -642,7 +647,7 @@ Test Objective:
 
 	Admin user is logged in and secure password feature is enabled.
 
-**Setup descriptions and objectives:**
+Setup descriptions and objectives:
 
 	All Switches.
 
@@ -661,7 +666,8 @@ Test Objective:
 ||<p>Perform a show command to verify all above configurations are not set</p><p>[show password security]</p><p></p>|All configurations are not changed|
 ||<p>Try to configure a very long password (above the max, even hundreds of chars)</p><p>[username admin password X]</p>|Should fail – longer than maximum|
 
-
+Note:
+	There are 2 DB to test: CONF_DB and APPL_DB, need to be test both of them in every test case.
 ####  1.13.8. <a name='TestOpenIssues'></a>Test Open Issues
 
 Is this feature support when user uses multiple sessions in same time, i.e:

From d0cbc7a8d9dc887a5c9e63e2bafdebfb8ad9716a Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Sun, 10 Oct 2021 12:29:58 +0300
Subject: [PATCH 03/16] add init chapter & few remarks

---
 doc/passw_hardening/hld_password_hardening.md | 455 ++++++++++--------
 doc/passw_hardening/ph_diagram.jpg            | Bin 30903 -> 29750 bytes
 2 files changed, 248 insertions(+), 207 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index e022829b0b8..bc543d175ed 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -1,6 +1,8 @@
 # PW Hardening Design #
 
 ##  1. <a name='TableofContent'></a>Table of Content 
+
+<!-- vscode-markdown-toc -->
 * 1. [Table of Content](#TableofContent)
 	* 1.1. [Revision](#Revision)
 	* 1.2. [Scope](#Scope)
@@ -11,15 +13,16 @@
 	* 1.7. [High-Level Design](#High-LevelDesign)
 		* 1.7.1. [Flow description:](#Flowdescription:)
 		* 1.7.2. [Password Hardening Constrains](#PasswordHardeningConstrains)
-	* 1.8. [SAI API](#SAIAPI)
-	* 1.9. [Configuration and management](#Configurationandmanagement)
-		* 1.9.1. [CLI/YANG model Enhancements](#CLIYANGmodelEnhancements)
-		* 1.9.2. [Config DB Enhancements](#ConfigDBEnhancements)
-		* 1.9.3. [Secure Password Table Schema](#SecurePasswordTableSchema)
-	* 1.10. [3rd Party Components](#rdPartyComponents)
-		* 1.10.1. [pam-cracklib](#pam-cracklib)
-		* 1.10.2. [PW Age](#PWAge)
-		* 1.10.3. [PW History](#PWHistory)
+	* 1.8. [Init Flow](#InitFlow)
+		* 1.8.1. [Compilation](#Compilation)
+		* 1.8.2. [dependencies](#dependencies)
+		* 1.8.3. [Feature default](#Featuredefault)
+		* 1.8.4. [How daemon work internally:](#Howdaemonworkinternally:)
+	* 1.9. [SAI API](#SAIAPI)
+	* 1.10. [Configuration and management](#Configurationandmanagement)
+		* 1.10.1. [CLI/YANG model Enhancements](#CLIYANGmodelEnhancements)
+		* 1.10.2. [Config DB Enhancements](#ConfigDBEnhancements)
+		* 1.10.3. [Secure Password Table Schema](#SecurePasswordTableSchema)
 	* 1.11. [Warmboot and Fastboot Design Impact](#WarmbootandFastbootDesignImpact)
 	* 1.12. [Restrictions/Limitations](#RestrictionsLimitations)
 	* 1.13. [Test Plan](#TestPlan)
@@ -31,6 +34,17 @@
 		* 1.13.6. [Negative cases](#Negativecases)
 		* 1.13.7. [Case 1: check basic configuration – bad flow with invalid input](#Case1:checkbasicconfigurationbadflowwithinvalidinput)
 		* 1.13.8. [Test Open Issues](#TestOpenIssues)
+	* 1.14. [3rd Party Components](#rdPartyComponents)
+		* 1.14.1. [pam-cracklib](#pam-cracklib)
+		* 1.14.2. [PW Age](#PWAge)
+		* 1.14.3. [PW History](#PWHistory)
+
+<!-- vscode-markdown-toc-config
+	numbering=true
+	autoSave=true
+	/vscode-markdown-toc-config -->
+<!-- /vscode-markdown-toc -->
+
 
 
 ###  1.1. <a name='Revision'></a>Revision  
@@ -68,7 +82,7 @@ Arc design diagram\
 
 	User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
 			
-	The feature will use 3 linux libs: pam-cracklib, chage and pam_pwhistory.so
+	The feature will use 2 linux libs: pam-cracklib, chage and pam_pwhistory.so
 
 	pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
 
@@ -77,7 +91,7 @@ Arc design diagram\
 
 	chage: support the requirement of PW Aging, change user password expiry information
 
-	pam_pwhistory - PAM module to remember last passwords
+	pam_pwhistory - PAM module to remember last passwords (seen that Debian already supported it without installing this package)
 
 	Note:
 	See linux 3d party component chapter for more description
@@ -128,6 +142,7 @@ Arc design diagram\
 	To request at least one character of every class, the PASSWD daemon will set:
 	pam-cracklib options: lcredit=-1, ucredit=-1, dcredit=-1.
 	(meaning that the user need at least one character of the types.)
+	See explanation of cracklib options in 3rd Party component chapter.
 
 ##### PW Length
 	PW length is a base requirement for the PW.
@@ -181,19 +196,42 @@ Aging(expire) implementation :
 ##### PW Saving
 	Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
 
-	Implementation: will be support by using pam_pwhistory.so, remmember=N option.
+	Implementation: will be support by using pam_pwhistory.so, remember=N option.
+	Seen that in Debian its not necessary to install this package. Its enough to add the remember=N option to the common-password file.
 	
 	Note:
 	For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
 
 		password    sufficient    pam_unix.so sha512 shadow use_authtok
 
-###  1.8. <a name='SAIAPI'></a>SAI API 
+###  1.8. <a name='InitFlow'></a>Init Flow
+####  1.8.1. <a name='Compilation'></a>Compilation
+	This feature will be disable by default in compilation stage, its meaning that it will be not compile, just in case the user will change the makefile setting to enable, this feature will be compile.
+
+	In addition, the feature will have CLI as "plugin", meaning that when the feature is not compile even the feature CLI will be not appear in the CLI of the switch, and vice versa, when the feature will be compile the feature CLI plugin will be added to the general switch CLI.
+
+####  1.8.2. <a name='dependencies'></a>dependencies
+	service dependencies: SWSS & DB containers.
+	Description:
+	Password Hardening Daemon, the service that trigger this daemon, should start after SWSS & DB containers start.
+
+####  1.8.3. <a name='Featuredefault'></a>Feature default
+	Even when user will decide to add the feature in compilation the feature will be disable by default.
+
+	The feature in general can be enable when changing the CONF_DB of the feature table to passw_hardening_enable=True/False. 
+
+####  1.8.4. <a name='Howdaemonworkinternally:'></a>How daemon work internally:
+	In case the user decided to compile the feature. The password hardening daemon will be started and running always, but it will do nothing, meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will be awake, and will be possible to use.
+
+	Note:
+	This approach can support reset of the system, because the daemon automatly can verify if he should be awake or not.
+
+###  1.9. <a name='SAIAPI'></a>SAI API 
 	no changed.
 
-###  1.9. <a name='Configurationandmanagement'></a>Configuration and management
+###  1.10. <a name='Configurationandmanagement'></a>Configuration and management
 
-####  1.9.1. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
+####  1.10.1. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
 
 ##### PW enable 
 
@@ -272,13 +310,13 @@ Once the user changed the minimum password length - the settings will be applied
 ##### CLI permissions
 	The CLI commands should be allowed only to the admin user. Other users should be able to view the parameters but not change them.
 
-####  1.9.2. <a name='ConfigDBEnhancements'></a>Config DB Enhancements
+####  1.10.2. <a name='ConfigDBEnhancements'></a>Config DB Enhancements
 	This DB will include a new table "PASSW_CONF_TABLE" (Secure Password Table)
-####  1.9.3. <a name='SecurePasswordTableSchema'></a>Secure Password Table Schema
+####  1.10.3. <a name='SecurePasswordTableSchema'></a>Secure Password Table Schema
 The table named PASSW_CONF_TABLE in CONF_DB will hold the follow key-values:
 
 ```
-secure_enable=True/False
+passw_hardening_enable=True/False   # enable/disable the feature
 passwd_class=lower/lower-upper/lower-upper-digit/lower-upper-digit-special
 passwd_expiration=N
 passwd_expiration_warining=N
@@ -289,7 +327,7 @@ debug=True/False
 retry=N
 difok=N
 minlen=N
-dcredit=N
+dcredit=N  
 ucredit=N
 lcredit=N
 ocredit=N
@@ -301,196 +339,13 @@ dictpath=<path to cracklib dict>
 ```
 
 Notes:
-
-	Similar option will be saved in PASSW_CONF_TABLE in APPL_CONF.\
+*   More descriptions of the field can be found in 3rd Party Chaper
+* 	Similar option will be saved in PASSW_CONF_TABLE in APPL_CONF.\
 	the main difference is that other applications read from APPL_DB, and not from CONF_DB according Sonic arq. In addition, CONF_DB contain values requested by user, when APPL_DB contain the result values, meaning that if some option fail to set in the linux module the APPL_CONF will have the founded state of the option.
 
-###  1.10. <a name='rdPartyComponents'></a>3rd Party Components
-In this section you can find most of the options of pam-cracklib, chage and pwhistory, we are going to use just the options mention in the Arc chapter, the other option maybe could be use for future features
-
-####  1.10.1. <a name='pam-cracklib'></a>pam-cracklib
-
-Options:
-
-##### debug
-	This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).
-##### authtok_type=XXX
-	The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
-##### retry=N
-	Prompt user at most N times before returning with error. The default is 1.
-	difok=N
-	This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
-##### minlen=N
-	The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.
-##### dcredit=N
-	(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of digits that must be met for a new password.
-
-##### ucredit=N
-	(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of upper case letters that must be met for a new password.
-
-##### lcredit=N
-	(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of lower case letters that must be met for a new password.
-
-##### ocredit=N
-	(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of other characters that must be met for a new password.
-
-##### minclass=N
-	The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required.
-	maxrepeat=N
-	Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
-##### maxsequence=N
-	Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.
-##### maxclassrepeat=N
-	Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled.
-	reject_username
-	Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected.
-##### gecoscheck
-	Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected.
-##### enforce_for_root
-	The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.
-##### use_authtok
-	This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.
-##### dictpath=/path/to/dict
-	Path to the cracklib dictionaries.
-	Module Types Provided
-	Only the password module type is provided.
-
-##### Return Values
-###### PAM_SUCCESS
-	The new password passes all checks.
-###### PAM_AUTHTOK_ERR
-	No new password was entered, the username could not be determined or the new password fails the strength checks.
-###### PAM_AUTHTOK_RECOVERY_ERR
-	The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if use_authtok is specified.
-###### PAM_SERVICE_ERR
-	A internal error occurred.
-
-####  1.10.2. <a name='PWAge'></a>PW Age
-
-![chage options](chage.JPG)
-
-The options which apply to the chage command are:
-
-	-d, --lastday LAST_DAY
-
-	Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
-
-	-E, --expiredate EXPIRE_DATE
-
-	Set the date or number of days since January 1, 1970 on which the users account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
-
-	Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
-
-	-h, --help
-
-	Display help message and exit.
-
-	-i, --iso8601
-
-	When printing dates, use YYYY-MM-DD format.
-
-	-I, --inactive INACTIVE
-
-	Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
-
-	Passing the number -1 as the INACTIVE will remove an accounts inactivity.
-
-	-l, --list
-
-	Show account aging information.
-
-	-m, --mindays MIN_DAYS
-
-	Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.
-
-	-M, --maxdays MAX_DAYS
-
-	Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
-
-	Passing the number -1 as MAX_DAYS will remove checking a passwords validity.
-
-	-R, --root CHROOT_DIR
-
-	Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-
-	-W, --warndays WARN_DAYS
-
-	Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned their password is about to expire.
-
-	If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
-
-Notes: If we want to do "age" configuration globally and not per user, it necessary to modify this file:  /etc/login.defs, example:
-	
-	PASS_MAX_DAYS 90
-	PASS_WARN_AGE 7
-
-####  1.10.3. <a name='PWHistory'></a>PW History
-pam_pwhistory: PAM module to remember last passwords
-
-##### DESCRIPTION
-
-	This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently.
-
-	This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
-
-OPTIONS
-
-##### debug
-
-	Turns on debugging via syslog(3).
-	use_authtok
-
-	When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below).
-##### enforce_for_root
-	If this option is set, the check is enforced for root, too.
-##### 	remember=N
-
-	The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged.
-##### retry=N
-
-	Prompt user at most N times before returning with error. The default is 1.
-	authtok_type=STRING
-
-	See pam_get_authtok(3) for more details.
-	MODULE TYPES PROVIDED
-	Only the password module type is provided.
-
-##### RETURN VALUES
-	PAM_AUTHTOK_ERR
-
-	No new password was entered, the user aborted password change or new password couldn't be set.
-	PAM_IGNORE
-
-	Password history was disabled.
-	PAM_MAXTRIES
-
-	Password was rejected too often.
-	PAM_USER_UNKNOWN
-
-	User is not known to system.
-##### EXAMPLES
-	An example password section would be:
-
-	#%PAM-1.0
-	password     required       pam_pwhistory.so
-	password     required       pam_unix.so        use_authtok
-		
-	In combination with pam_cracklib:
-
-	#%PAM-1.0
-	password     required       pam_cracklib.so    retry=3
-	password     required       pam_pwhistory.so   use_authtok
-	password     required       pam_unix.so        use_authtok
-		
-
-##### FILES
-	/etc/security/opasswd
+*	values like password_expiration, need to be wrote in the DB 		under username, ie: username1/passwd_expiration
+	because different users can have different remain of expiration time.
 
-	File with password history
 ###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
 	Not relevant.
 
@@ -673,4 +528,190 @@ Note:
 Is this feature support when user uses multiple sessions in same time, i.e:
 	Try to set a new password from 2 different sessions at the same time (for the same user).  – do we have a lock mechanism? What do we expect to happen?
 
-	
\ No newline at end of file
+
+###  1.14. <a name='rdPartyComponents'></a>3rd Party Components
+In this section you can find most of the options of pam-cracklib, chage and pwhistory, we are going to use just the options mention in the Arc chapter, the other option maybe could be use for future features
+
+####  1.14.1. <a name='pam-cracklib'></a>pam-cracklib
+
+Options:
+
+##### debug
+	This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).
+##### authtok_type=XXX
+	The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
+##### retry=N
+	Prompt user at most N times before returning with error. The default is 1.
+##### difok=N
+	This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
+##### minlen=N
+	The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.
+##### dcredit=N
+	(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of digits that must be met for a new password.
+
+##### ucredit=N
+	(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of upper case letters that must be met for a new password.
+
+##### lcredit=N
+	(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of lower case letters that must be met for a new password.
+
+##### ocredit=N
+	(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.
+	(N < 0) This is the minimum number of other characters that must be met for a new password.
+
+##### minclass=N
+	The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required.
+	maxrepeat=N
+	Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
+##### maxsequence=N
+	Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.
+##### maxclassrepeat=N
+	Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled.
+	reject_username
+	Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected.
+##### gecoscheck
+	Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected.
+##### enforce_for_root
+	The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.
+##### use_authtok
+	This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.
+##### dictpath=/path/to/dict
+	Path to the cracklib dictionaries.
+	Module Types Provided
+	Only the password module type is provided.
+
+##### Return Values
+###### PAM_SUCCESS
+	The new password passes all checks.
+###### PAM_AUTHTOK_ERR
+	No new password was entered, the username could not be determined or the new password fails the strength checks.
+###### PAM_AUTHTOK_RECOVERY_ERR
+	The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if use_authtok is specified.
+###### PAM_SERVICE_ERR
+	A internal error occurred.
+
+####  1.14.2. <a name='PWAge'></a>PW Age
+
+![chage options](chage.JPG)
+
+The options which apply to the chage command are:
+
+	-d, --lastday LAST_DAY
+
+	Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
+
+	-E, --expiredate EXPIRE_DATE
+
+	Set the date or number of days since January 1, 1970 on which the users account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
+
+	Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
+
+	-h, --help
+
+	Display help message and exit.
+
+	-i, --iso8601
+
+	When printing dates, use YYYY-MM-DD format.
+
+	-I, --inactive INACTIVE
+
+	Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
+
+	Passing the number -1 as the INACTIVE will remove an accounts inactivity.
+
+	-l, --list
+
+	Show account aging information.
+
+	-m, --mindays MIN_DAYS
+
+	Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.
+
+	-M, --maxdays MAX_DAYS
+
+	Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
+
+	Passing the number -1 as MAX_DAYS will remove checking a passwords validity.
+
+	-R, --root CHROOT_DIR
+
+	Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
+
+	-W, --warndays WARN_DAYS
+
+	Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned their password is about to expire.
+
+	If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
+
+Notes: If we want to do "age" configuration globally and not per user, it necessary to modify this file:  /etc/login.defs, example:
+	
+	PASS_MAX_DAYS 90
+	PASS_WARN_AGE 7
+
+####  1.14.3. <a name='PWHistory'></a>PW History
+pam_pwhistory: PAM module to remember last passwords
+
+##### DESCRIPTION
+
+	This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently.
+
+	This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
+
+OPTIONS
+
+##### debug
+
+	Turns on debugging via syslog(3).
+	use_authtok
+
+	When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below).
+##### enforce_for_root
+	If this option is set, the check is enforced for root, too.
+##### 	remember=N
+
+	The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged.
+##### retry=N
+
+	Prompt user at most N times before returning with error. The default is 1.
+	authtok_type=STRING
+
+	See pam_get_authtok(3) for more details.
+	MODULE TYPES PROVIDED
+	Only the password module type is provided.
+
+##### RETURN VALUES
+	PAM_AUTHTOK_ERR
+
+	No new password was entered, the user aborted password change or new password couldn't be set.
+	PAM_IGNORE
+
+	Password history was disabled.
+	PAM_MAXTRIES
+
+	Password was rejected too often.
+	PAM_USER_UNKNOWN
+
+	User is not known to system.
+##### EXAMPLES
+	An example password section would be:
+
+	#%PAM-1.0
+	password     required       pam_pwhistory.so
+	password     required       pam_unix.so        use_authtok
+		
+	In combination with pam_cracklib:
+
+	#%PAM-1.0
+	password     required       pam_cracklib.so    retry=3
+	password     required       pam_pwhistory.so   use_authtok
+	password     required       pam_unix.so        use_authtok
+		
+
+##### FILES
+	/etc/security/opasswd
+
+	File with password history
\ No newline at end of file
diff --git a/doc/passw_hardening/ph_diagram.jpg b/doc/passw_hardening/ph_diagram.jpg
index e6ffa8eef1d4b36f019a70b542f157facf3e3fdd..56555e732caf34b09ba6f5c28284ff3f9d351784 100644
GIT binary patch
literal 29750
zcmc$_2VB$1wm2TUBB+QUQY=*IQUcOsl_n)3Bq4NGI-yAk2oZ2~LFv*ZGzm2c1Stt5
zG%LMG2`vOfdRKbqA6H%7d-uJ2-~Ybf=S@DzoNt*kGv}N+Z6<rYdmjL&v^BIe0Q>d<
z0Q=}4z~0CGm$g(?EpHp>X=v%H|M6fyJAhvHp8^0}T)jLDG;drqGB&yR<=*#l$J+Dm
zcld8=I^NapFW3QqPO-mv{;zHwv$6HGroZ%w{`K;pcTOLy4IMsX{}sOX1-AMMhkt=R
zAO@=Rcb?PX%l1FPRzJZ$UU$9d@6>;J-}<h{7kGdUE4er$zV!8_d>JvLtt%8vuZ`$m
zE`TS%0H6uDL5KfW%MW_Gp#gxaD*(WOr$6plB>@0sK>z@I|Brio&jEmwzXJfow!3#c
z?))*BgY@71c6I>3VlDu{WDEeXyaxanOurBGN82B~_%G&qk=}-jK2JCL#~$DeumxNM
zXaQUS)&OxjBn7wvkOau?Q30xe1N*;}FTV%q<>29iU&_(LhYuY-c9enP*wJIh7#L47
zG8{i~{Ma!jW~LJ-Pn}{u#lU!)<@6~QI(+I2l6_xV9yoZE-tg4%W5?-t|A%GoC4l+p
zzK;ja9@xhN*w4K00Q0`Rw*YQB`wr~;qkJd9;Uh;69XxPs|Ch(6rvUVh_Z>KN_|%aT
zhxgOp1nk>?;NYRd%tub2Im*Jyc8N#kIyffwtRzq$0)^f2K>U_iR9xCFCFkxH-9cgJ
z<&(a8!_dmc(>uPTOV&OigD}Exp!(>wz(+cAE;_a^DEEEunJ!BQ_a8WN=;&ek)9cJ%
z`r3E+*s()L4}5)v-Zk^V(`PP8>K{7HA|-v@;7$fB(B0#==%QDjj_}And?a(j$}^_8
zeVEt!Gv8i6fRWyAKl1@*fC^wJF}bC&cuXk<+SuhB>BQcH1s15!s;R!KGu)C2yo#=<
zfvZ#nc4TX`>R)|5DqhkOYV*nTV|{vP%l#Mzo9DqFQM|k!Su?UT6qD{M9>WD;-gqqe
zf{b~gXp_VMUKo{oE~#f|1@j&gW|)^Fz{57dZ93bq{V`IZtS@%sozU2r*l!(khet}n
zXv8Ila_Sr<(NN2<-&Q-+#HL$|^PuOo904qRT=di17#`sgUzwf;&Bnx|$#!Q!1!nH~
zF+Emg#I&1yI9rb55w7WokmVI-$hCNVvkLr#fYsZ)%4v<%OtoPqaFEHTHx>hP&z$xE
zttIhAw4M(YSEq;U^d`=@Q>vTOTZLfiW%vCQbXcKlXB+ah0ucAzWk+;ae3OJOd9^yF
zHJH_9j#v+IMJwDKj4(g1QNUFwYl^HD^>txlUFm{tY1163&A$}aj^QF>IJ7wW6178e
zquFcGID}JKS{LYMF5fT%p_5h5aIngMr*mFl?g{mA_l5DZWq%=t@G+9cNSv3ROWX0r
z$-=vqjz!a92VWSF$sE`Ox0hpv5QQUeS0^#N{GMO}tG>yyvztR@&ODo}7@Ob&+B%l&
z;TxL@!-0%kf2K1l6v%8sbQ9C9E$lhQ#<_9eCjvFE5DI}$xbZa2_ngsC*jhn2QA^D3
zNS3j`Vl^+)wN^R&Xawh<q>`flmGfCDO8tk}jxiB|MKrfEofg;;m(u=@^8$D^>#Tt3
zHa>k|eng}nX%Q#`Vu6X66d{R21#JC(e7P?@6}IA5%LZ|CSKh0#x?qDM4X>Fb=*c+t
zj(YI&ctr(F<2c4AacEj)@vJ&TcUXB3uwWn1jBv4s8e&oeKM?=Q866ug%oR?4gsn1n
z^2I6x)BJ>iNc@OPXi`_ZsfbN<cwV>hvo&5eAdFA|n;bPH^ecJ``iz}T)py~QCFs~b
z><jsbkafBblql6SRW@7cc->v&U&dZ$G+sZ~H4fER%oQ&fPq*t<O&p*~a}@O`f98}O
zS<8eW848VZYo-I=mKOe%Nql3RAr0}Wk>HVYqRa8}f{+hY>Uy`PkGbBgyLPkPcOJpf
zQpcM%*^ZsB#l>y)``);d_++-jfGPpf8CzY50xvy%n@o@$OBM87j`oTeP+VgLLMh}-
zq*tfBtfj8CB&>#PA26Bjd6{H~fN$;rC<R~nkr`RAYP0LE?Rw3C&Dh)JJSC}QfJ8jk
z+khEMb?Iv06Yh~;QqaQoonbCP=$k7=F9;KOhXz6S7{_#2R~KB(bWV{#5d)w6DytO-
z!gFI$H)-SuFD_j-51@XF2N0PnUxC+{xm27I_PcPMYra*$ni;}{N-J}nvX;x&;NEFD
z@(;r(iL+2~B<e#{&euz{h1O{XRzpnkKG=AN3Q=)z!AO&cIaW?yQn{fobH0z&sz?pF
z)u30Ie>bO@3fx3T1~0f4QwA?ZCOQ0ys){B@PvfL+PL3KIy*1Pr)0BYo2+Q9MPn1ZF
zhSjuxuDvpoV$FmZ6ZH{4|5a^pA>2v?mqNjn&t<byW~X}1bNAQrl*7hI2W5RAZ3hv|
zV993B#I;-~SY$Ad(z*5)&TEdHA@{gni8Mg?==$+hTE+X!VvARvwzv1WmuJ`%-=>OW
z<sxo;MleR?McniuB*Lz#X#f%JQki^Bu14W#R8h#Tn7`kI7d+LoJelZ-cX-yrJ!IOm
z@E75@ytN?W5^ud;&?JKkUf+Te>olKwhG#mN>+9)Dy&`d*UnTKJ8scoM+p(0{IZ-YZ
zhXm2_F~722D{ORvT&FtFG&<#NA?on0?%Ht@6q+9$I;SrK6F{Nnjhgb?<;2zXnWyIW
z0Fn!~AaAFX{=0QE+v1}8r%WLP8K`u%p+<LA=nBP@iq5GnlDvqNU+8a}PhO6FQ|2zP
z(zJaXj*HiA8;n4rF|XF=+0iH|GWyvY`<H+V`MwW+SepM3VsQOtF>(;KtIQ~x8!W4-
zaIS1b%6@6g-J~N%9xftJi0H!Gg86sG`H^x1bsAHwU^Pz;GDplphy}V_w{$rwO|YuX
zx(~f7JVTuk`Z!&EeGak*$T*pbt-lAmROKBi3Jq@^Xh@AE3LcAcM)GgfSH)VOlTaf=
zpX~;8Vs;i->*v<ky%TRz&6CQA?+rRe-0KYRBw^B0mmXiS6xv&S!MljpETX*`YOW_B
z)Nsk&$--VwJ<eLjbF6Fm%%Z;O-QHh|gbhegbA6`-N2~Zwo_XyeGPg+xsimSqW&yf*
z5}vzrRH5)G5~?z(DpdFwUdM@;d2?ZXby&WAt72ts1<lJ7H5fHL|0ZDE+>IA$FdL9-
z+tT#0tmT@ffGR5p+q-^wk`0E{0cmORE#_aT7QFe+O<|5rQ`i9oR5&vbEjg_)J3b7G
zgS-<5d6m)fsc|#eq1y7N?~PcAhQ?@2$K8*z;&T{{Zuzvpp@ZExLICgn&JC+q#-=Y{
zOioe0I-=g<8NSm%4cD{3uNk@VE;$<Ba|^!*SR2g99NqCKEHAm-DE&;NSRouW^t7j|
z!^993{kgri=#9?7<BBvEA2V#>{bG{Ygv5vWqH4xBvF6lEH5NIgE~iCY9$jn@J7<d^
zJE>xGrx=8u`(;77R5|KxY^9lvTZ9Qa9f}|$GVfo<bP12T2M;ZoB3MZ70W4+(fOf;U
zqi=k`LMf5f$FM569ULfoc5x)BEo!K!GB~Xv+KMudCsHW46^Ka&H)&_uK?iI@+N?AE
zb{X>_9zX;{T|JDpDugnG);%>{#W4D^zOJ7Q*aO_ne<9^C<7lXPGx8z(SV-w&kqy$?
zGr=ws$~+g1@EG*}MxyT`#pGQaaJEDj3_`t#+Wfrm##~XdC%73gXA5mkz|aM1vxcfT
zKoadA&1fuOQ^IN=4^Ry@`PA=_ojEb2$;~q1Y45pFyM!H0S9cBX^f8B-v-J6oj&&l=
zxoDb^(n<%Mftz05YfSC9)ANBG$=egasWnCN=B-ZR_V*DS`6f&*Z-PJ9#TIf~l9Y{W
z-fYWkRg6W-pKqRA+eB`SJ<aphAqu#7B(yLEqr(moCKks}LACg~o>s-&ScyJulV_4B
zk{#`1Wn$DGR*92|=rk_Kj5Tj<k2Zym^dC~pmo*Fh{PewPOfyD7%iVc<*`rJBMrM04
zM83tawzYLkAIXLKM}`&8-Iw+}8paC7F+pxs6@`zm;N4UGXNAIJQVDNo>QYy5;A^0U
z#t~4k^T$_KEt5Rt*@+Zw?U{(M@Z40Jpmxy|xofSihM5HG4t1J2LX!u3{<tRpR!b<w
zig0^Q0A)xm5{cx!n~?Js?{C8@B^rTJZVV=#V_yLwv^Yj7%;)f!Eb`X{cAawnQ9ou6
zaD!bl;p3H2996n~q3!~0S7_N9leh;sKQOsls2S)by%H#>7^C0hT350@*VR+$5yswd
z+Enw@W+U8z#%Y^v;fn!D6)ghIR$FPTRjmb-z@~Ho6Kyi*Sn(rK6KzwXR@6|2)%*M~
z5O;xNnIpvz0$U2v4yoy@s96{9EW3`dyts-DeE;a1Wb^O_f3&iq1-6r|tk)33zax2>
zLh5+uG;4O&aQ<lLk-{=v*|AQglaRvCmU34Ed_o37H9Sog<UB1r&F5!2mMgS(n;M8q
zk3S{mi#T|d`igNQb`1@Cj4h!zH+2f&6s-eONnp;D^`Vw|t=8NRBq&PW<e#{Nr=+o$
zsF|WEzD1NI=^B3p`rM|ll`+_ooV>cu$%T1)zgDf@Y_$qSXX8U|Opi2WpwVpy_z-h3
z67pG%$pv=t7it7%yyy-;{50*iS-ZqLMhEUblVS)P#TVoiq>UKV$vSpxt{t75sDgRO
zM9M%tRwb2rsQ)Oupqcx?fF52Cn&+*n!%2$nNwjLr=95<-V}4fqPUzK5f9{>u!B*sI
z$yUw|->1-FS%w)CJ(%SMnW<>@UJAmTr3}iiY4g!l2g&yVX}HiSLs`o`Mo}2Q+qIp3
z+zdSrgF<de;ywUQc2&}Y(*GBQD}}HS#ah|GNx{2RXPAtdv$FE~z|Upoh!6HdH`e^e
zXS_)_>sXa?MZ!^50+R1=*W<`mb9332={|!B-vQ@#d%v=H-ja`$=Z)r)-m4vjZ50dL
z-vJKM1tko3I$ObEgQ>7GVtj!A(7iu_c6;Bko3rZ#2dP9|^QuzZ()?E4cc3;*u}xUh
z{_p#gF&^|aP`oB)!kFE8*3CtDd#n2Mp8&dbsWH0mGyJ{#XU+lAd1Wo%w8J+xBRvfz
zq55(b<Ld#(dWEZQ0|2KYUbFzOacuk=|GA1F=`b#@5AOVwp|<>vO4Y8pwop0b+9t&Q
zF*DA#D7Gg_=I^H`-ENQ6{J)?463wOoPi!KHy`q4-vXw#vfugO36?&GXAq_daT*msZ
z_09Efxel(TA9)?@)71{{s(%uhAfQ~ImVkXy^>`qE`Q>-<Vk9BR10!TZP3}faf%77-
zNvu3GGgnneze|~0T%8FX8m|FjmS+Fh_3Pg-TXwRf3jCG!w&Kq!kdCkk+FImyAcD;&
z4HDTFX81_R>pPAA1RP2#7qh(Yo0Oi@`7V7Ue*)^M6aOKNFIMo>KnC3@Ie8J7mm*f0
z)7U9i1k^MBzH-)Nf#mNWmM3x7p5g8RE<OE|5Eb4P=B9`OCs%|+h&~SwU+e6A;*e76
zcfl5O=&TykV^F(wuKHhy;r}HmeEnu)FJh}kQk20grhddT(PnrrR1O(m&0^l9lwuuP
z3rf%cLpqrs-UZ0uAAFztw_5((<86NAIyrYo@Z7yF`JXOGvCfGRuTwVt0Y_SWhjSik
zqe4u%^d&9UNM0HQ7AVxx_*C)Y&@VS6cd)mIobu3#Y&HD_JqSptxzk9l3$VclI@Lmm
zAv>%+>ygLExWhyGsJ($_s3ycN=o<;>;?bhbB&v>Hbi<ir*Jbd5vTrrADzzos=1oO1
zZuS)EZ{gwj_Nt<dvCpsHp`PbgzGf@JQ_fc|Q>^Kc>m}wK1B@7)xTNkKWi>gT84o5~
zM|(k3lDu<avO4Z{qKZ<Dg&~e84!_1}d6%Njw;Mb*c_;|9j<?h%0@@xnBY>5BB$f5)
zLepS$?G#s7rU@SMDSl9rh*b(h3(s6pLf1Lgkcz0{J!diyVro$!YpZN!-Qu@}YUY&a
zaF9L+Hqww_XLpHNmx5=zBGP2o=P2$Y`^)xOfy~k-L_!nme84e>AxMKc+x#p-JP)p*
zA)?<J!~z9*QI0dJy`2@#aqI`|=TNjA`XpAe2cYeiH0ZPT`D`C|rn|9$`HK)=z3vBq
zixqZzfQPo*;}Y502WyBedw_#Y8_ky5amSE?<4WgGPgOkt3_jm~1lgb8T^TtO*}v)*
zH$*;t*|sphta_mLl9o~7t;W#2ERRfmsE<)~F}&)rhFJCp@a&ej3W#5=utr~&oRFQb
z_8a>u>9gcCHZ&@_sBt_etdE7zS;Qt8Y#h)3>w|&SS5Cx%nLB2t7xPL?upPl;fx!v^
zheHF#xatU<{HoE|Ro-+i2`e}63JsD8$t9TLLh61;LGFMOdJN;_L?5zGt#in4#Ti!N
zlZ3e<U`1T(!$=k+p&!`T?ZuU<^@(SppF2LmEN!!tg3}9W(Pwhf4<Cwt|F(~-C}%Y^
zv_}AiL;Abv4x7m~ar1Y~sjHXd6Q|Vg7{yF@qFs(Z&(VC{5bs;oMMQ&oM>T~tStv;T
zys=sKS7)FiXD%>s^y|c*Im^KitOtU!*aaJk7tkF-LVa~H8lCQ8^my&$=Ys9rPl0#$
z031V&)|RrSqRVlccd!N5vh@SpE>KjveZ_u&QC;5`&tZc~zXH>Z=5%9_iLFQ-mQs__
zuo6dznM;g+oh-Ck`Cvb_ZeM+a6r9n5<J|nIuA9`L*J;$#H@dM|B`OH)98@vR5(I{>
z#f1%ezi}q2!k{kiq>j^+m1~cyvAma!FX}OD;HjPb)oZCXa(n=#JWsPDXPQj_>wA-)
z*q&)IW%=|Ao)cVdoX-vP>$5ObRVrgZy6_XV3fwTb1bbJ4QBk)78{urHF`w0DeQsKz
zi{XrV*riIF^;>#2nA)jf9EJ$d)KNBjuRUhtq54Ko)J@&ff<{~RF0hy&kV`U@Qo%)5
z56}Adw~AR4i3=4lOD+D;+)JS*vPE+V3FqB>Iq*m%VZszGVV{f5n6T@@Ve(;SiM)N@
z#&^n03Kq&0;C%%#OU-b2enja?Oocy~AQxS*R_n$4Wz}63a8YCKl4Ru+VV(?|n#5q1
z`JVvx&-7a6^;}r!ThWopC!U=K)@`l&8?-1jZglK`(jwE<00-D!e$!b$$gg*4<~t|!
zE=||gjZRZ99z+VXI+v$5wmFeyGi<9Mp3Gzcpz(e;U<e-;o18zv7pe?~4n|j@;Ca1I
zLQ-!(eR#~jKVH31pxl}*HF-?_U;^r%uoJwX!!(IeES{@CZy4yV+?2_MBfr~#y;#&C
zK7qTQ*8fOVZuBs@=dzqAgmY;vt7E*|CD|4Q!C*tx&AYK!U|4SU)GBi-<Ay@E^?vzq
z`vlQyVoqe!TV<iVN!-Rn5hqtPRI)9?lv;(4FxS_Yp(sn&D7EB1)P9V{Sy@%-D=RYt
z1-XoLb#I;C++XpI*rFA^tPJu#9@{HMVkjcw;u|if>Os~BmYgb&AdTw-<7k|3w<Igr
z$9zl!cb+OHwp$%6bVVtx&zaN%az$4f-WAVIL(APv&g+HSBqcYotU*5m6`5J}q0H6_
z=UT`aR)Ax_p0#+rqfx#G2x!9^1ogbA(Z{O{l}yJkra3E%GfoM<FZtz=An^+m&O74I
zKo&*8UBD>4{b?~m(SBJA4>|+%;1aN8F&`0>P%ZavB5_MfvSW3~PDAxN@|Vo}rH-tw
zx?~ILY<-;$)j#PR(*gQTl)7oG_)l;C^8WIWK(yg#Q}$eSbGTPkSzq+i_c9D}4Ovi<
z)D+UKgqK^wW!1(;hG~DqA|0WR6g9hA*Kmnb_!%Biox!Y(FdDFnnW<O4P71J>>oSPr
z`rVjvQd)u}CmgPt9MhK+JyNC{pp|;u)yvaBGy((-;bkRnqf#%P;kgTY*3#raxk8oX
z!~?b<GPn7G9dkf)nYegH8+eOD(iwa*Oc4Q2i<EKlsbKX|{k`dgJ1n?;*0tnlnlRjG
zYBIY%p*X(lWLD4|<i4{OTW-21d+M7E4d8TDKY`i&?tW?G#b?ez=TNg{GWd5M@B#Qk
zz8cDaYxFxkepQpkEf;XCp-5So$tc7*e6UkfTD|>zRxD?qN6veX`?WirUU<~7mNH4m
zgM;knI1(AjCf@<Ru4omzR$Fy8)e4Ii%%L4uVop9b27hz#QiVhBTy5F&%d#cG5VMJB
zN2|=x9qp+hDg3lXxRzXe|EgmS`Kj)Wrc#k$&d1K(GbK2}Lq*1AmH}4^g}5O!>cSTh
zeeQtcG=F?6vbPJgs_}$2231#cD!h1$eNGK_rk0uUbA<DnMA?uJ?<=W(omdZ4ShDL%
z(i!Pq>dnob`U$BZCq9k(Nv?4oVtk=yjrsU$`TGw?b7k<PLI(i<qwBM;=UiQxoHe0E
zXV(^1(zN})$VFqi-Owj!#TSc+Ymj7q+Ac}7M5mw&8WO(<4ErDKzw|uyE9dX8zPgLX
zyx|LF2v#0Y(?JJ7FUNHC3vSEOlkS<D+W8*(_VaJ*o19SdBZ?0I5NM}!XcTY1EbQqR
z^AK-Fq3uCP1iBvQ@Bw3U7ia7I0(`5s9)%BUB_PxxbE;vUeUZLK)Im$v%7M8u2Kf54
zXgNi}G$z!+q11)<0&j*_z7{jy{G2pLh<IoS%?a^{tJgV<a3iL^NH-^wA4@XwcJU_I
zAXb=L*fbrg>NK4V(K#b{NDEdIs>8`_?OnP=(B~wNs?V!b=ALRukMA)YsZb{0wgJZL
z#&D%I`Ps7K4S8eT*ElTr3o+5r=py~DPM(};V2k>^_;cxB!%7&W)?RET(+V9{D7y7Y
z-j&_mAb4(8BhJwg&N1ykJxxv%PUu|IgQK&;=hWs2szbM0&>zd18zXy)x2mZ5VDPnv
zBdq?_3YSyjuDryl$ls17&}}1rAZUi1+9;1a{*<wITHZJnTsX6HbsZ7ZOXRn!O$WbK
zpj<!1nWHh)D(apI?Y{@?1i#pqP)ka&KeY!iTGbdu4m|0agMzoO0sZF$M_JDGC-tX@
z<RFK!Vsc2hNnU4oRMp64p5Gs8pq{_5t5I*BmwtVdzU(CeZ{j>`|4<kTU!<YlLGXV;
zL44IX%@y7dL^q+uTp!K{S&XY>kQyFZQ5jO1x!gWgRP0^3T|GJw>V6-vZ~VEb?Q7xH
zM-f!_>3h>Oh9R*P*2t^^6Rji=SN)V(pUF6>s<q}pMZfS=|8=R#lTz7lc=`xzm;9=X
zC8>mBd?y%Qaa|p%Op2K<ZHb0oyzlwCt259yZ`D<Nv&Q%M2lf_8u{ava>e9{bU*k7!
zUDAs*7*_nH_(pRi&D0=qmITMK9ad)3x`>S&))&3m1@{q)4#Q#ztWd}n#F@Nfo!L}G
z6=U)rL@n?iayisG?Co!E0*q&bwQB((`1s}sjwxPqAFt?!b#pu!(EKPKqiRPLYN5F|
z%=ONZ;)x6c77I+62&^^VLt?>a`7W|@LniAivUg6uV8{?Z4J7XYiax@yl}AKs=QySN
z)rrF%FF-oSi*?D0sY;!$4!s|p<`F_H@vu*2Mks;M(dDoYjP-hAhU~mX(9N}bnMM*<
z4{dQE_}q)C1eFhlC`_T}?-HaPbJAOB%bg&k*5$*uDbnE|0f2JiCHIVno$iq)3BU$L
zp!zz0{2!b*;1pOeEu0YB%vyd@pNCt}Z5k>Ia76Q-$oq@wI5>I6Ey3?Uv>kuJ_{|u_
z`S<DfnDhV<>Uq)NMsTD5Jog>|ytA}hoW8GUW2&F^mSu@<iAsYM!*mM%bHw{Pb#8ng
z>j4Ko7blqsOTI7}>1#5^&;roAh@mR_mMq1f`=G8B3XZa82YV|g40v*(C*tP>di)6>
zOGm=XO=N%`RO|ReL=3;`1#WItV|ttbVpB6WnN#*s9(*KQL45DFrc)(09@@I)PYfMm
zExeRp)>&VlBz#Tom5w6EYR(c^ivxq6OhqNU;FUe+K|l!C^EO=Z&$5^(oh7ayiUuYN
z;=1D5uwl-3!F){7c&8*~h@Ki;zUE<_Kw4tHw+&UcZa!8k%9L0X457iHUD5jLfmvP)
zsR%gTQUGCY-gHY5`}`KWvl@kkcqW0{zW-1g%WK&{pT4o4^I@C`50UY;)x{5Q+G&Hh
z!s%h3TCsdvbp9ODTFrHF1|MM|zOQ7UxE(=ID?e}UQvQBO*hyHtOes>hNrhoE#BBF`
zR75g8KTmgx8}Fr1JPDrqW|8kdgxA|P-Kyku07$`)hgqHFU>B2PAH!Ii#g;%UAA+;i
zY-lrx?XemN=vmd8E%GAX0dFTK{<FjJ#f^{v|D!(PIK(;HAv};ooN@J-Ct^ZzA3)d7
zWGv*|uetFE)SM71$Y@&}Rsyj~X4Va(2;M&&Q~b@bVSJpuDnQ?zY6hGqe@`A9c=gop
zk;itcTVD2M3ksy&5De0i60TEnjo1_qBV*7z{4mRs%EHLJ$#qP*1!B8)8B^6VT|wU3
zbZ{i;Qi@D=Q21uh<w?bW$G&BuSxb4!Czjk;wI*)&G<3CR49vUlqb@79R6+$)uTT0U
z-^1!DJc`YGKksw(!Q3YI_@HoXYes!e-*~rQpNDpyOVz&iE;EL#f{ClG-nk)zpXTT9
zqL5pI8(gUxk3H{S`}KR9=ihMN@KuO7G2!{-#8Aed%SVjT^hwo9>N^A9u0I-(-X3v#
zzaaY=l7=|)?fHpYnX06Llv(O7Ls{Tf4aHaBYPky*-w@GG6+v~So%i(Tm;)0v<rM>Y
zGWtbp>oOI8*>_pPJ7f>QRI@d?8-o+a?O;V(icREACd5Nmf%r}sT724RL;KCQj+o9~
zM&+_Ys$wbL`FH-ge|8T9(7{JB<rnXrZ*=neN`>d6(=v*wtr!2Kqle^Nnv1QUUjAJw
zcn=Vr{9ruW&3Dxk*&nF*iNO1XhHj6Wxof`7_xv~N>j~=rcSL_&TUeE~{rlr@gFQL6
zb+v`hs;J$-p(<=^@n{)XSjuDyD{$A8tp+TlQXVy(F?H<>^ED0*2V2*fk&p-vCw%CW
zC%FT~m4IVkqnQ2S<vu%lYi*m27Pj`$v%6csZevk>wNkvAxm~<m{7nDYjsPyM#guiS
zA3J|8@5!I@`z|MxhOWZ@Zpc66<WyCkY>-=jq|oEHrCK0g0&PaXiiE`@q$k@$BbPgG
zU81FN`+pP&c_^hAOX~V3*0VHp{d<)EJ~9sk2Y2ge*!NYM7Ok9a-Qyg9A}W@;6P6l#
z2u8~u!j9;e*Y6ZE0(g%;0UXx)7TE#x6Hn{`FuNOj0As!1BpSQ}@1y4Uy4f>^EuJh4
z*@EU)ws{l3Er%fEGH_eF_^pXk|HMrBe<9o*V<j#5%R5P8PpN)_>zY~%jkG<$%Ukw7
zZ`Ms_GJ3wRkuPY**Z+AT{=WESg8y~DdfuSHGRs!em75FSRu2oE0%c}?2}H#bYv=gW
zgt>u$MTd}#RI*)C_fTvvwyU`-0l+kK5pYudq`&mo<{5_boAyo1mxYHW<obL6Q6F_A
zsCH~|7A|qU+&6;(M8U@UlzKK^&{CXt+hS;9GVgoL$0{t%ogSv0OIZ%Rn$8VW%}yQY
zq?M0rymbvN7RY<-$=Y&xQFnag_pV`26T7lrmom&%%(D_nid!n~)_NaKzr8@kDVaCg
zr$UhhnrmUI&I*#|<eVx3YFw>;K4G*PVP7%Z$<q(KrK0H?b^%ifu2u-eaGxeVL^~vC
zR$on7B@DDKW?CarVQ5~8VqlmnRaVloS|{R-N1is_ts3H`*%sPzRL8Tz@7S7ta6Ya5
zR^8)mPkw0Y94DFlY--sxZgRy9v9GDfrN-(Uj|LGpG7#H#{g8@^V?pl6dlX1^!g+6j
zrT6uD<5|svVTL5u`n<e!1(z4UmMLS5y=`quC_M@bnm&2{ui~I$57V6d)$ZyXPbqSB
zs-DQfE~^c=CJ&529G6{VHF3xnC$lC)l%CMbikjMXZgT}oxYc{Wv0uJOq`FwCcd!eL
zr(88gN4dk<uZaniYCd29F3uT!(S^RpX0N5l8dzM`&2M8sHFgM~c!=D;I`G2$QeA!t
zWRSJ$ow?$)s}_@#M9>{C&noa1*x&OU_1N$E0GkJ2u>UBb&byKAn%%cT8u%+cH<)ZF
zW+Q|T(`P*cl9X-iLi!fyhNxt-N!{L9L69?{t=R_nl;RoD8J-7f*^FCh-^_KZRGZT_
z1n~dB_ygK!Y^&UJxgfQy``zN>-H^Fsdw^x*Y}**`#pu2*e`h(7z{&ig+&w^h1X6kE
z%<C4wxr;v<{{-zjQ$IP!V*f12+)hi36(M)?uJ?F_#(-RgTCA^<64lEiz`#&lN})+j
ze*BV_aYU1;Ik<z1`&|KrxYMg|GiZ6_DvcxkY5cR=KHUcg_`V}nKBK(cmN<F)GIA<i
z;{9`6V9Jn_m9x5(1SItnhjx9A`gCmd0d3=xI<u}d&7OcG_^jdX5Avv?(H3u)(&N|U
zEj_bBhrEM7TOm4*4F@eM2wid##?a2ROxS=X6f}f|oj9=Ydw2TS-hWP^CAl6U%t&eK
z+m`j=T^gNPXfwhc3C8Jd{A$qU`nsAY0p!~8oDejRz?ASIj>XG(42~OjW~e3nif0~C
z^^ib=M{1%tjI&1|W=-(IYxLcnOEMi(Ela6Ga&3<5T2&Q=p7@aSiN6*Sd(Bx7L%9(k
z{*E1F@OjoE&xOJ)6x*xH;z=4M{;WUptezHmI`-n7=bDZRYV%Op^LmPE6(8B0g71`8
z0LAY(5_>O}<a;wsn_5vvwYnAZs796611p~A*T;UV$V-lZ(@zw=B3`n5JSNLkjB_|s
zCXBNh<?=M_Y0kFPh8AOds{}0Ulab7rLix%eW2Dwaj)UG2JU-Xrxj#$1@#(n#Qu$~&
z@1eT@Z8{H59QIB7h?IJVT{0V=r<%w7)-H=J`g~2}M$FCL{s~?VY{Vc^-#q6DJqF<s
zj+PE4=~Um%+obg**KodGu|&JjI4g3M>y{`f^i=g@Pt*q=|D8R+{WT+x<0qgF+4YiP
zltY6(CaoSQVsJ+6D`}N2DGgyl!vZ=*(S<uB8Cs7&H5$|Am3+SV4cH#$b0%&ULlOmE
zPCJy;aqFGsY{ANtv<#7d63DAYxu!K6k;G5cIEa_MWbQp5rPkf_wr#OnQ)l{ixY1Gh
zsVp%%_a+uO8nC1~r&nF#<2zD*^(`zVL%an-Mu52Q!uNB1$To0pOyZ&79>9!K)Uwm^
z*R8k`?Zy?F$Fnzqn1`b^Yvsm)kk?gd3!!)H9x%TDx#<sh*nE@L9UhpmZt-aMY^TzA
z%EV{KX3u~NZ+gs?j(COIczK7EG~d9N@Fj$jle4ZWdYWgta=u4vRi>SHA<L@>iSQ_N
zd{aGiqzBqnhjcdrg7!bIPFmbyU?|&YStSa*1@o+E4eiUy54EwtD1MO1e!5&;JF{JP
z1>iUR3t->5mb<RxyMcRv7Y(y!7v!hK-ULmQtp$e9!;qlCHdEh0k^ns-Neyj!FSmQw
zMQ-=`9-v$KK;XpT&cNxDJGQ8!&A(4*7cVpI0a7?Ydw@KZm8f5aHeQtuZ9bygWV_#z
z4twDwe%vwo`OO4}b5HI62aS#QQQHK!i|2|NbLt-1$&c$HD{d>$beu^x;kJBX3R$=A
zQ)ktTdV9#~ZaJfNA^mv{FVxy~YY##tuhuBMXuX-NISML54tC}dKi>}%L4b;nm^wGM
z28F<#FjHAxPrHidu+hBnTQS#UU9r0iSe}$}@4hl^<d}udi5`478P);5-9_O?wbh6z
zolN>vTk~>9Kp_XAx4`98ZE~TZ^Wu8rn?1m@%qy7Ib!x(x{9&l;Ajku2Eyu-U?<zGn
zWS7GHYFqGCqU%_~WfH{fSuNJep0VGa$-QV3ROI|{Az{|@U}G^uwfK~8t&0!C)CRGx
zwF{)f6{CW965)#Xz(=U5^%OB5i?;Ca+|@%~*#jIl4tR6yPAWrlGd0KF>uRmBE;!CC
z=h<r>%=&`^@E1P>jc%G`1C1T>X9U$oJo+}mgNr%v?qv7)W272`G_ne0ZY{)^?p@Kn
znr1{<(27ZBrhJ6r8`8MX@^0WTT+_t-{l3dTWBU#>G|o^Pt<Ub}9H$>Ss(MY?%tjf)
zPRzu;d%XEfjJmsaJaGCMr6^AH{l3^!-`o79J_zQ`FI7#mIurkFfIy%qUwSoQLNj%v
z1+js~K6ys8V>XT%zphxRC}7_MsD7$CvMrJ0+allgvGdvZw#s8X`QC{s=I*C|=%zpL
zo)7)%2z@gX(3(~^LXj*_(pl`SbtZnBuWKP&lpdeSS&qv;IM8G8m*D^mluA`%bFP1m
ze@qYGH12>A9`AQ=B^{|Xys-W5T+l7cx^$|`X1cupfmP6W*idu&T=u3&L)(V(?3?X#
zwp)z+!C<p=+2|6o@^7=<F@?%?zos$XXyGc-^7^eXVh$a`idXl}`%<##22|B9VDeer
zMwQA;s_@%7emyi7uUJpqz)J4N*bCYSwKO2Koq1|G+ESe<X$x(AVSITHfDgRuqG_kJ
zjHIf)Tl0xEcU|6eEPNxYTg&j7B`k6tEbC+QqIp((LNz!W_1Vj%9~&xHKq>VEt2JDX
zIhQt9r(jRulyR?`DK7v~1}!HP`^WvwOPtfi`{sy`7;5e?gOsP=phl+LQyZH3-V+L+
zmlw0~_U4TuZIcwC*lrSDZRGmHMQ7*uQ{8hkLU(rAfSC7|E<K+i<N_hYsEbB-=Ia+*
zjNddGSJ2|~ROU19(#VAeC*RQ@PP!!+Ft+c6Dm1BfvhZwE#C(7M2DODxR3nR7Q;$PR
zMuWh~Aee(6^uQKAO17A?tUbROL1-z_eRR5Swa0M^pO{a?l$IvqfUK<ehgud@Z*?;;
zB#@;rf%VDS>jtCbdThR$_bhy(af=oAYFfI9HCRU-MT;?+1N!JJ9NiS`)HCb%9qbbl
zwz+9%B@%xp&uBaXn*1q;e7<5XEOup0IaVoP=wc>9jYvi%+lr0%_M3!;A=|q;mFGj?
ztolH!B7vKw9whdt_Nk`F_5&!JN;8k+^E9EtM3D&FVjn{oZBA*+aZ*@*6Rz2ChS6X5
z<|qx;mES3Xlpmz%(`O_ZgoC$<8wWL_C{fn<Vm&dmX=y=q2hi5W4T;W#MxH~)MK|9M
z?U6s<EsbclrVaQOZh=rtvHC8j8{nBPP>^kPj0rqJr0@6`J~SaCwUGcd!bdYB6-`1h
zxpz(%(^jp2GZPZI>tARU-wy7Z7E@9ly7XH`k*p?2t+rZLc>cyjH6Mj_fZ7hV80S%}
zQx98&MZN>+87F>lsZS7=DYx;8mth{jT{xs89Dm_<UZD|98fYjy`GhPGhR&3&>aaeh
zL(=%wi;}2bVQqYf*rd+=steX1dX-z#8^M5u*6H?U`)e$_I(4p1T4~P9Tf=f47cFkD
zI$$n6EVGr*7S~d4R0O*x3C+!ydv<g*f%oJ3Akz?=@Sw@4iDjn>zVT%bqUfwntP9At
zU7YInaLl$K@<YD}tA?stzoHH<-Vm>CuT~3jyE&m87=VJ<ZN<n~d2@;Eij_=l?nep=
z-?OXg9Mw0+_bI<#gX?5I4-H16*sgPVHE81G$0vKh^CZ^koe2r2FH<>A>`OH9th_;s
zGoGBz`-n|2%Ff0`<fozTrA>|nL*S%}+2|<vJgJ3(&BLOE={xBbZSk{~3~yc53&P+D
z9KBO~3C3{vf>&W41_dK)*+rWaxNgyt*%bv&`sQ?x@JV_PI=FeKT{3FPFR(}1Ip!{b
z9c$5Jk@bu@{paPZpX4S{72!PMOyCsiSK48{u5<;`F9lafFcYJ=*LP|14YU^KB5gHG
z)SY5A7UWyhRsErzxB8qy?Yw0g{+08hn7|nPCcbaVL)2pJx(@*+osx}zj<NZ4iw2cT
z;$<}%rLZcV?Nq;tRLL(jM8u-qNzU7~s>V#PtF)_)zYh#y^vo|{y|>=3{EbibRcnd}
zSJQQUAzjx8?#!P_$I{~j2}Gk+BK?Nu&OCDfCc<1R2nCS(<*!Qi+tq%d==OerHc19@
zbBu}bwCmFkb1mKx<!(1Z1Qzf45+_Huzc?+3geRWOH)2XS6Nuzox(^g)igVd|fo`a*
zKH*LVs$3G0j3`b59KQLz3%_rn!R@uqYnB<;4fg=@)!lD<zj;6L(O*+_amD8oduf5s
z#sMeI|7`jPihVa1e^&V*N|Wk_g3X0<MuAIb>{#Uk&j-4cP2V3|KG`RSk_eOvBql74
zZj|_^b~~T6BOvavDJm^}WOL+C&@nr4KMHY18}ETbK))2h-JmV$HN{$$Mxi~x?csm0
z;lgh<zghsw9~K~d^XzQfzyjUsUC!OPK51E^;#q0EjZR-Vc13oWp|?@`r&~ud0-ASP
zKSwQw26pkiymMIUziG^VJv{T;&*Sj>sh=CVhfi5wZu<${`JZ2n-S<2D|DfX=;Z45#
zot+%EZ1ehw?H{I0j$V3*Y7cMklp1o)ij+l@?8d$PRcXRin>ZAWn><cpW|Crrqfx}y
zR+xxz&!(soZ}ZoyTikVSNjRd5^<gk66je{1%j-q%m9R`6I4@^Ewkl)_n`FUg%AQ$n
zip~4nWX7WDp6SUK87WJ`z18dw4Z(6ANX$jjkI9TMER<x#(S~GH*!6eN(uwW~Sj;fl
zN)R^S&-7M72p8HZ&9Mg<-Ka5qa0GIH{<|>!T(c$)dpuibm*}LQ{@A4-IzZ2pbSQz~
zLyvaXj?rCxeAbs(`1#K*{)G4a3m4|!2$j_kS%A|IzF|Cq{_5f%`kMS<bz4fFa|S*6
z8vSY+pQ*1h@OkN|b7{&yqGu!WSHMcw_m*D~oQV=UIXd<9zU>{l!>9iYLNoiT*OT~p
zVwD<@+iLmCPOL9_ZAoy;F(7pDFHUFtgrLgkTFJ>zwu!S>63%tZdO<dMKMbF9n}aDk
zuGa%(u|Iby6(w<NwQmnl%Q|GQDpXPJ5O5`POU*8SY-*6Ivi`bacG6bPr{!ernLvl|
zF*CcRF_q|L*r`B<w(0vrxL*!ns}bL3{+EiOF_Anb;YIg8ukQhnL9porM`P11JoxOw
z^smJ9tpV{1SZf&g@{IBG0|FQS((?Po(Hu=<hsR29g+wGtPEJ@q)koz7GI6MaK{UDP
z!vtq0c=2>ekk5>diRA9%VZW2>mbyzQ&-8b>k}d0jC(XS+ad+?*T>KFr{?D@$-v{!w
z&hm8#6x4k*B64!qD*ScM^jOArs?^Ewe3gw*X@-=VC>0`g<(kLlk=f*yvo%R7RGnp5
zZ2BUy@A0}+(<-|TW1+nK9zd|_S>PklnmfP0Xic<6=eA!sa<nNBPMXoH{be5k@>7TV
z;(Yylh;6%9@LLM!K(r;*&p{XZd4cwS$0~c_5xI1s?I?8lqjkeT@c51ifE&7$_Y<~1
zK|@3QOkB0zjxHNL8bSv3d^w<#UsahSePR07@}8afvxO8%oU?#Jw*#Qz&qjX%=v>is
zNLG3)JR_y$fWwegAC&?7WrwR6_>voj$ElgIi(htHx=k+8ZHIQVt4aTK+S3p7Vy*>c
z^RL4M7T4u#C%d+P&##qjwE2+?*f;rg=jOMsLGmHf?eQ&B7OSs2HXZa-)E_A%gL*$p
zYs9YgGk`MU;$H@Ji1#msKt)YnZFb>OKfb<@T~<VyERt;tBBPI(3EYRwyn(&CJ&GK$
z9-x^Xk7i}B!ls?*ywI^|L>;rR_Iksq8YG1@FMc?_SvELhK>y>04wTb6V*4<Tmn~v?
zxm`xf${gnFHL>mTA*Dou{`W_LGN2mxvEhLI{R)-7I`(pj-_~X4Qpn5tkREB~tFtXR
zk`xwFk?&tPUypD2Y#Mp2xLNUNMT;KLTRDna05t&1w+1a;*R4+*7m3Cez$Brp`e#8v
zwdD}~ttLqsYL1|n{9zab76*eW3fO-HFok~ji2{t7O`TQ5z|TQGeeWAx7f=_%FYmUW
z!^!`R2+70FRc`2w`m?^h@VaC(U2gh4V7f5%m!FV*2lp4h@G;9?s+s=KiwZz(?EwaY
zP=-cBZbD+u6}#WKYXpQgecS`=uv3WVG#dWvWqg8lsDS2Bw|OCGQf1g*y4A5YkS(Q7
zZg^W6(fQKn=D#6M|EtTGOZZwDVtk?YQx$A7*+*l3s?B|S#r|B)@W6OE_fTNqkYbhr
zRnx(ap8x$_p09)^P?!IrtB*o^$FC^ts>7r$_?w+qY!Pfr#NSE~^Un#W|6G|Ktsr(j
zHX$ZmFFyAf`L6LZ>{esnw4-5kdwXZqbZz50_w9ZXk0uXr@y)^L+CsOh;{w>2M~{%b
zInt#fyDD)uef+fL-ksMXDQuc|J@gfdxkp32yk1;Gr%qK--+&mD70*Yhdx+^4!@~l7
zkccNCIFr(f#g0Cg36?haD$FT(Bk*nh5-ktIHsX>>XxCVd=*YiqnEwKZ_k_07kE%DK
z=8K@Lr)e$35QkS&lHH(^rk!beQrqGL1@6Mr<rxjmUzBW1Ltiz?tF0(Yp+P~+Fi21Q
zNx}QJ<ppbpu>G>Out-{gXJ1}HteIoSaUdTKTb#ss+)&*$LgO079?3!LCUM}^lgzJ}
z@{do1S%||>eeloM{2gs3c-&4+Id&f*+i36z&y&mtcv+CIa_@{y3=E0*md-=Us*TLj
z^Uuzjyt2F<-4xe;8&=fWO`Wn-XLTxbBsKblKAX0KDMBnbgw|xB0n-k+%k<3*8B|ng
z=o_E=A!?0;92X@WshfmKj!uUd$2LA%C~AJHKN7q}SiE2Rd9y;Px4Yew6DUR=Qgtar
zXOwr=v5s>9EiQ!kNEH{g40?!Q()U;4$UEa`9zS$1TieG<*_93-&6~{`eWpAJh!ZEA
zEA<7BD?Dy{Vu6a9X%)cEDMqJz-cKr>_m_<zaJkvTu=o9`Dh(bSQ*%(cvf>t<15_qf
zrD!SN^BXxKc?A=wQ7hr9$;bhxf#h64Ug}_LQTW2C*RJeiuiEXIBAk2dD5lAWw5yeu
zHNe*}ghez@UFA9^tu{Ym(8FPFh}cO~@#&Xsckw+W`yPLlmcZyeY+LT7_DL3xdy<yA
zJsA5+)RCiDh@;STwg4tD5)Fl_^pO<roM<wQyFGSx2BBz2=voHxb>(Myt*-KUEsAs>
z!kF`b-q|aY`teRCyR-HKLjo>}(QpexMN!O4apX-io;|>!w1?GcLwYh4*#uQn(GId~
zCOn}cD3^XnwdWmF=5#H#wkpE2KTPD2%QJ>*2B!qUKmzPmLeE|L`Gq<~PNR)yJ;Hq0
z(BAGeTR#F+&bYGG9ZRv~KO(U0LDP>Jyx4DONII<B2=^_-o7!`-iYeTT23KgSg%&;O
zv!FRyW028c-^K!XZbwf;qV1}aZCaa4etD;XaXv8NXhyKfJ#>OXya(A{tv*J!{#}A?
z1g{gXz0$IV>wKp1np{Kjt%=$iw{<2i7wn@W4NiF<Lg7sXP-UQsoa1v_-O?#jg=^lV
zPgS3^$FrCc)UBb7Z&kO=D?dUdOppT2ixmXj9&82cL7AfWnYf88FAR*&Yz)lI6T~y<
znPuq4+uO}MSP`;N;o<ul4>7DT7l%GIy(}cUyuQ<z5Q9xMMwZ>c=I7$Po>onw$m+0{
zlQtIaQ&s56bjMYuP$`-g$fjvwReQ^Sb2u=Ie7jAXaJ#{5gB!Y^@5MF#ped1L@+77H
z2}P5)KT5;DWznvaH1=Z7pp)&5B&~4l*=WbLg+u$BG~rnu4Q)`}dZTW2-nEJgya;s<
ztUxtt^*qdFgxy5;`r$^;V~ZLP3b=cO`Q0yN9BiFZLV^jf0uuvLgv}>;dD7s7XMqN9
zDps)MN^eJ75vN_<C$kt6NU5HqHhgos)Fk+gmN8?iUw!XDnE0qG4QdxU2b`to#gdea
zIwE3U5g1=HMy~*&tRy8*(~c3d{seWd&)V;@O$>{gA0Ez?JHR#Qh<)cofPRy%<*`Hb
z1&c555#x0?f^&-TL)aQ@68yx2bV5muB|xKjO6Sc%EJ_-|>eE@MPaN>0YPnX98);mB
zWPo#J>FKbXd)grVYfk1z-|iM2D4$|QYE4ys6IO&Pnsiprc^kC~RdPim=a0F1xZY*T
zhpR<<*=zDS%niCTU!3a+L<W{2U-~NpB$MM=9G2+Oi&ztd)0ic@qNkH!eh4JNIBC-8
zU==A#1X9>!i>BwN=8+ZOh<~WeqqWy%h^e5dK$bL<uIim#dTmI@uc&z?Asg>?!h~qX
z_E5%8a#L12LB*Fjxnkbh++EC;b%>iVgb`gKwmuChDG);_yaJzCLX3|^1Rk225{6^2
z-om+#oUvA}d2ex&s5#;Ug#e7Q5~H76rpe^zI&oiMdQFaYunB2K_V0Qp%?B*Xx55aK
zZt(WU))k7c@~;XAaj3(KI*E}9%BEOJ%nXnjgPkS=^SXM}=moT)3~lKRNph+<Gk)vj
z2LO^mccUr9ESWu9qiS}r{xUnZP6Vb7L+4<qQ^FZRu7>?4CJNJ=h}3u`X+pd(-=O(h
z4+5)Cg+41x&C=Z86XEf3Tel<dNx_hD?fJ^hDD#cd8Yn$=D?(_0Eu#+9_3xcoNPMqi
z$0la>L3^BRWq+-ph^Di0(q1KO!15zpVwwHs&DGYxv*k5!yDTTKJWZ7yl2Sf#BrqG-
zc@fa^cRnwDuX9H1)WowOemgla7lhu;yFP4XhSaq?>ao7}xkkL;0XGcq;&)tUG*sSi
zOVERr<5Ov#w>;NN$K`8I4$t7z4v_y><GcMrF8QS@a1v`Zm#dNZ(~)jttQ*7NM||pv
z9A9wK+1D?~@`IQiOf^a5D#YJ)re!E%*sri%c0PjEnKrU9-6|dUhSYLbv3hq8P_4GY
zPx}#hes$aq>;GNgMoFnsq}uNR*kS&uj5+fg8SAg3=9p7(;e+>c7q5kWJUMK<qnEtm
z06@T6pMUoNf2tWbn!-LyYwhxs`P;MmEln%?jCbrn<xYxAyloL&52dZ7+?i?1TNz5$
zS%HkDcr8Vo&%bZGEYWBGY~F7r&_$w4Ib~PEJuoD%=KY;Zyj1yZ3%c*fq96GD^$o=F
z`}ND$0&6-bQ%?bQT|agDC;0E|wk2`fqPdn%W#!k772q*bCr*6qo~8!OUM_Z%c$DHA
zp;xcnZ0(%$%f6WJSpU=Qh@;uW$oDPSQP@!rEqgL3%J>eZ1XmHN?F|`7;E2=P-#jH~
zRk&)n`8Ge))Jg1QKVIGKF=xW@tg9;t@Z{HJ<+xmbP{XAh^-uZYkv`Z!xEtPD@y?a_
z2aHd@kML{VsPq%-l1-u9ERHjF&iKf*;sjXMm1<*FPDNJzd@GT(s?-R$Fm{zk7}fN*
ziIsTw<hHn7&33aJ+afBMrGVhw$?yZ4Dy2iH?c|*YJMHX8mIEDYfE#jK`&*8HUl-8-
z1HabVAD=k?<fTgH7HFfep{DmFjrl>K=4$eiWo+OJ(f3zyfjyO7`88e|`*tq$yR`&>
zc3%ekg!MPO--1kctH!f!x6oHkPVROFI4!!Z9#~WR^+Nkj&UVk}(Cl#;M&Y5A1)zw;
z&!{huc>%job8_P~^s{=u8b7~7&lMK>VoY=zS@s9RUT+=lpfr0BpvjUAW;Ff#3~>yh
zX`AA|ZD(8&07fDnIl^P)d}aC~wXq@CTsZ#`t5pfB)hYC*c2L4$R=3SHR6N?__m>HR
zx(Q6#^MrbedS9eY6?P^k<Ru)_OU4R>^cChjUix{+hfv=d{-01o#8saQ2fsp#8T6P-
zF!8uoNVI)ebS`?fhxcKypSSj)pI{rmsQyd5U0#eb6*J`{oVPk<#Y<3*zk{@Y%l~rq
zkt*2S8iUEj<YfgD;oe=MQnDJw>LD$#T09(1p(yi%xFS5PAuyR{wH$#I#0$JuliS%b
z^CBS8;Eqo|ef!X%(iH175(7;8&9qfS1&LKt8-#jD$SymT_JBs6;zbm{ul+tVyt}CB
zk<lHe+7|<UG#i3}jqGx8<in(=H(ICqvB10#>?XV#RS199{auO3`*2z14KwgyYCWw-
zBr*b;as+=9zeB~*^I93R6Q7Y`+aUGbN5_tx?`!+Gc6J>VwsZJ23&wO@Gh=CPH=&Sz
z0!8-uUsuc@S4S8Yy5~!+cTT=uzVN9!X+mZ~CG3`U@~7SN<f#veSzzAGQc#)|D<X-n
z6xv0*^ooj_<Gec<bQ(1JY00I%VMELKe|7Wn1nUJ;@{-TUJqz42s3OzHYodJDuOxiv
z)4ZqIiG`Y)h13oqm&{UWx?y<D6=OUfYu#-Gcb=aA7?T<=#~+-{^0Guhs~5KuUtPq~
z6_@{GSM}@E&uRYck~j2NUT{g@zGJ@XC6!z;{&<8zrBuTMFYUXSUcV{wL?y_6<(eDi
z`96xJ!h^q|q4dPx>GuJp@){PI^p7Gw-R_SIuVwZGxJXdI3GSV(GJZv$6W`a^rdg9_
zC_AM!w^u#atKRJjp!WdRfB!wo`6q66i7oNI-=G^Y9T;6HC*S^?-syV~|1yvC-=ETW
zGIR6CL8|{B$MOC$sDuCJxiAmIf8$t9$g~dm$I!m^^Zz7^b8ac|>_@xUZT0`Jz3UEZ
z>TLVeEmd1oL>Z!hDAO`R1VpNU%s?R|VFj!VAz{b}Xjm>lkWs*}!q5l_Bn%S>5D>7a
zEG5VY$d*lr383ud7mIyMTl?1UZTnu=cU|9KCpp)7a_)1FbKlSX{C-c|m+0Tjj<umD
z8?%;(L7{IGI(@;^##G%q-?w%>D1G9SRp6oDroUy6g8?_C)e1-Ju-|aZ>kq+>?XKvS
zc1>EDDK%<pAmNL&02&k2>6VHUL<H0l<IIJ^cU@B82XKa?lsOo1`ZVE&S5LV-o@3&U
zz)Rh(g)UC|78Ld=OxbOj0{JR-H|u!Y(Dy~Z5cdJPZ>Zx^bB!6M7oX*}tCiF&vfG!?
z`fx!a*-qFEL4t4_VWvKeuP4$r-L6gw_rw<R+Ys#ou5Ffl_$&LYf8l}_{xq;Zqaw5y
za#ZB`B@@rAuULJ%-ln{fx8@y~7f$}z%a{2GVUTjrI7#NRE`9|q|0v>r34Qp_6n|g*
zSXb8HYEcC{<sQY<NB>A?Ry>}9sHgT-l=r}PGJ}BulYGJr(M@2?Yp{)%z8uv&u`D@n
zCbGjY^|@=V{XM@&uQFtND-V7hZglMNrcZ@BS4;msl0T;c{Hu7Yjo$P{^#hilt^10{
zmyDqB5+8R?>bz(Z)DycVLPuWjou6NQSN6Fk6+_2iuB~HG|8<AWC*FSI#f+farm?vs
z@<^FVdMMa0;N{Bqx^uVbkQ$FO;6+g#&+SvWYlOz7A|5r;*eA7k+X+&PcCFf!RXP+?
z%7FAqCwq{PiH5F?#SB_25p571PSNTfNZxr>v<^MgE^AHdY0{o%h-lK?Coeye=xHD2
z8dO(dL9?;1<6*dw1kWGY>N8e;Pr-spP!B}Mg9Ny!w2+x5Rf6h@mA7zz*wk!?$rrtU
z865X7RdPRkvA?+8N|b67(Z2^ME1>7el4SrxJUn5>OV~IqqdNl@aN$YwwYGj6OzNL?
zf4Rou{FjUs=A;Zor}l5kE_E;|X*aVWIox~T>TX_ISG*K@=9rf+Ku9R#qz9gSU*TwS
zRA35L{joFWAdAF8uvpl$7ICy3_t+vO)weQWa@~0I^xTro;6VoYo8;fkAJ#P`yb?Xh
zSV1#`1{T+%aOnjp{k>zV#WE#+MQ}hX$j7eEXUAM~l>klmDWhuqbWKima*`|62;!A;
z$>D`Uub<rMk|R|^mI3|}IK1P1jG{^`Ei${|Zg#j}>Yz{XyFlfcWsv4WcwQTuur=s=
z%P5_TDe56Qo0(z-RyC}>I1h<C`w?X<rn_X=*luhaTC@?jl<j_4t13LDYMQ^6rMz<d
zz!eX<0pVhjs*Xh~pAtpfRzc)D)=J=D#+Iq$TTSl{s}v$ra0+xH%E)N;#gntwzUnJ|
z{m}{j6L96np+6nC{?pubi0eNCd-P@J^~o$*fC|dbQ{T7&8~4O4{IzA8#2d(3L%#(k
z*3ixI{xYO4Z)(WvN1w36lt%Cs=sdsAWDZS2xvr8wq?tZz!UoO0xa2Ci_u(&d&Goze
z6GfV4X;Pd)jeMDE-5tWn>ASShdKsc3uYnwKh=1Q82-ZIsF>N&8C5Y|Hvl5>rX!it9
zW2<gdQqmiO7VZp`Fs0SxZnAMtt~9!z3K{*;A%b$ld3r(3%4#8jVt_YhCSmTH)jQkA
zDI@QNT4e)!;)*3z?^J2Ymcwb0_1q1$_A~ZHbktDfl16=$6OA-oPOZ*GR1}sa;JSSX
z#0a13rji!@LJZ+pQc6rS3<cp*Odqp2bWXC9`u9cbcu~WUn&f#wq%4qEA0a>E9@R~G
z+Bg#1Oa%vu3QEgQ;PO*2y`*@2v-1=(L_}k>8(EK_sOGmZ_S(rzo(9M{3P~XbQEuS9
zI2XZZ7<>O%KDe+(Y)R>*-j!rd5!S&7-@jXUp_P-sdSsF)SJ5h0(RR1_T-_mOLTnL0
zCQ}aDB$JZcXKpca9w#R!J?~N#_rQx@<shW|tYE*zoJo=YZXC-i?u2tTlH)To%de=H
zuh%K;;iby)B9FHrr1M!tGj|u;9F}D>t86^2D)2)O`||eZz&(rWQFu3qh$1tyRlA@+
z`V6z8HFh6W-CvL1GA9%3L{o7@-y;^O$leqvwv^hNHK|*x0dQq}<vkN+dN4;^*&M>9
zSmT@{v~m_@;6$bFS<tMMjI4n4^Tq(c+mViXN8{KC=$UPui#6TM9(v$7bvKOE)vJo9
zHO!<*&pQui_mssG4PlQZEx)B2!kSlV`2|#;dE3k@l;=Mh11yh@4Y<!+xpZAYOk#oe
z>Rm23uyGbSZ+V&Ut#WwlySsAJp*3-|$Pjqtm;@rmTpQAB?w8ed&ex5+t3$Mb{31i?
zktIu1>#PQ(MNQXWCT?yvz%BilKi}0NJZ5^{AR+~LegPbU>g;Q#R1|Ri;#5Uk%%Qw`
z&u%JYt<rKZulIgvx)UW@g5ZNXQ4nqqlbwENFrObM&52qUo;=uCtf|qk>=cGPRg}2P
z_IOi3rrRjSiTbp^IuOja{1R|ldPZBTNxs?l=+?NVxTfL&HTCma-xVd?xmnN_4)RPB
z(1}Qg#QR=ib(TGYwB;hMs=3)6X_$odv<x{^XaOpxky#Fl$Lb?<2<iDdnS4bv&1d<^
z&6L9~j`;q>tK=8VW8Qwofvxejoydm>wF5nG-0R`6%WER?x<C!LtQ@^~FRSS2(SqFG
z5WZ=f6SEk8Y|CUVT{X*=EsPOL?B90_C!OztY|b$su~j+z6z|J6SQB{96YekZo@cxw
z`sG`tqn&q?#V?P~#a=+Iw(Uf@<;eT6EQ+j<PczlKSK2eyK)}Gah4rey(L{qc@ee3M
zr+rGKOVd1H60v0`r0?r_?3fdW<XH-lhR(}lyTnM}&D+cgrJ6fZeUudjn=ev^6&)}4
zB;Xuqlq}~1u|+m&T8){`DZx9&=4n-Ziy31d70q!Jg1<_Ti<!OQMtJ4E3lpEmFSoTT
z&I)^T;NlqzW)kJN+8ouCj)ai~Ak90CO*|hzyyNfQneXXRo1I##AuUgR*`iz4#&}*K
z9;>X)w(WZ=g;)cXgK$qyC>U-U<bMvo-u=yTA%~yAr`RjEm&Q(y%Ebqt?mRrJqnj(u
zuovx>cHh@n+*O$K4$fWfvr+8$p}mWgZ{jUq2r|*xwz?$}Ih+%*vwbTB-d>LNC6-rU
zyB-)+bg4=MC1(9rQ>-Ts7@@12+Xa#NAi?Jj_fy7<8}4BFfS9&sQVAZ!F8~$8rxAD=
zMNz38RvZCV-rDJ)R%EE<1Zxt|W={ULZeldcJG0%<$IbGHZ;ZcbM8xgrK3%{=p<qe&
z{a5U^D`{Jek6R+jzk8K4>30a9E=aOwQ}?9p4c!vLPK$=gSi~f34F?C$H~N8DqQ~L)
zyQPP!x+kWIUCVH77_Xo-kv2pirKsnjtaOyaH>d4`s@1rNTZ$E*N0tt2LtJ3xy2s9s
zBuZKrrl8T!skTTLJlWJLXVT1eq})^`>{fCU@>u^E3Mqhv=nJ>ku)!$0xfgJeNcUCM
z(v9gs7SkfYEsim+zB@-M%qZ%Gso7C(;+Q34Vm?Alw<7;7dgS{=FYm51_WFQ9a%mc6
zV%!a&k9Y{rSBcPtv~)nt4L3ns0n~4(jU<n$?CwgY;8?DlPLJw*w2{!+i3ClzXGb4)
zo!pf|?%>TYfwT5Ts}b|jPI@Ifh@AmZrZBX0>3v;IOL3Gs1}F&OG}oKb{CiI%pM^Xj
zbG*b&QFZ~-X)^C1n7Uf^tJXq%Fc9F)?4#|<v$-!A?vm!LNa>_&JZ=|0Bt|~=gP@aM
zG2x`(msh#H;qxoDBcl7b{l0teco!+%_F05hQGt<>PgM<1+C5CigH`TK+%LVlXH63E
zp64k{G`BTz`Xn8&R5%^>QWIfo|Db~~06u$d4}NiYJq`2xRk#Vyfaz>`0Wb&{GEt@7
zT?X_s_Kz7Oo#O85v}X+Pn6tdRw%99{(50@WLW;FHT7N8^siNT+il^suq@+5*UKR+`
z(_boOrbSeBTC?~x^bH<wx%W}B^}}a?e<a(>@}dZVTNFTMT@8>>)hvslfYfE6)z|}@
zJRLY6L~ul#-5e<X+m`RcO%&F4sTeO%a=@UC=EXe^y^`i7Iuq%~p3EI>dp9(3>|ODf
z%KV8Isz&~CuFuEz4lI9-x_P&jCi$Y$Q(lz3Eg(=kN%kcaeqls`qhEM3)iCVM+4eo)
z!^2p`#iyk~PY+Gc?!8cW)^g*Z?HhmXQf-_5jmE8x8wZJO{Iv{GQ_24mB8<{3hW%kW
zh>5U*EROAqA9BimY_RW%cd|Q`_|>bMxx#pjdKJfa;g?r$+pA*SVz$&MP@qkQJr&7E
z57f<t*j;KQ?{aB|7{9q;FskAUQH>&uy0q)S&WC5-W&^=+AjI^$+m!b_4W^K*jq$FH
zIk>qJXB4ZOa1kAmE~0t7iYY8q@ecExV!fG-J=xjjTdYRP9CW&BwlJb|XFhMf@@1!Z
z^J-2bb*aF<1YA_@Qqno)_#vqHSuOJ?o%GafN8Z%);tb#ONNLB`AE+;O8Wqc*D0fDU
z6Vtbvk3(8#vQh7O?&8FODxg9D#F#1IjAG&@D!3f*>bW@=78<z-^>&*J;ES?efmVHZ
ztRqbS#6k&a_YE#}WTUU`>JH4<ELgITm!3%TS3LWZ6z07fO~2764izt-*#_{Kw$?c5
zHRo{iPc*E=m1Gy9f3O(+;jy;=q-F3Q`k+(yn}vgns%Ne<70)~4_IwcM9Dbvy8^hvA
zBUf_@q~M6opPo<TgE%3ejiUa_eX$;eukAmm`GJNu<K)=!SX;I-!zB5S1A;Dnn<2X8
zd&PejG^q<q;phK`pwQbe!wa9?5ZAl-8`Kd2`K~sEx2OFa5=NUKcG0bki9^skjmBp$
zW%XTuq3?v!kyCQEnQ;1c1S*c=z)~S-s&ZfXep7PUGtIYPjj8C)3f=oFT_=g51H<YI
z$)xu@d^SOaMluolmlF?B>rsSI-V!q%dhLGhh5>%y7Krwg%c6!HtQF3v^P5(Jt%;Sc
zI;D1m$A;~Mi9XRh=+{r>EnL{vYuW)<M+LFrplv*A@nb)C{QfG)_8(t_wHv9887?92
z5)1I>uk6F>+F4L{7j+S3GI-UtoF`#7A0EXOI1y70dF>K+rlRH+#5$ot(N;@3eery>
z^EEi*XAtkSO@Qp%5kz8kTG+%vO<=XK6}kG5jU%Q*L5+I;AR=h;`jth@<>T8HRTxAB
zVG^0@x%`-CReb8&uX4%9jI!-{wk%c1<gpBrvNf~ROpf8~d<s@y>j4&bSe;f+niqOd
zUQpekeOy9Fwt(^@RhT!lT-2&O1nf@IvU{eHx@UNorKZ2}C}@rdEL-7{&;^Sn_x<qO
z`R)3>HYpVeT3LJ}T;?o=i#EW59O5-1wS5W<91*Gw8Mn&w5QxfcxGOsq4tD_u=T9u8
zl&o$~f;A>|i^!cxTBtfH+xOt*nwtPa>+)NX6(h!bp4<7FmiWVk=oqcVB0I?LCmY<Q
zDm=)ufRPb-=K8YPJCVZ`n!G8ycu>HmBOg`pH?;ge4+;p?k)tMrv0-8*Pokc0Z4pL4
z2Y?2wdmycq_~9Q~#TK9fy6Ox~DzHN#?O~F^<6jsN9|b*Saml*u@PquGlX^4M*5rYr
zp4X?C3nD&i!8@N!23udbRetZ&y*NJ77+j4V=_5^m`N=GKEadsoiZAzv^sXI#&-2>9
zyZ6@JTO<1qSViSrm}MkyYU#<5;`H#Bhk3V93!?X9x|y%&ZhWL}=Hz&&68RhKhK~0~
z!G1c3s-+;%4Od;HUq@d#ZvP-bN-)|X(#tu|>*PfojwmfP^M(5UTUh?#@kUbXU@&cH
zyJc1_zBJ3sQtE0b6{Aqwm@C{5tR$|QnN&9u`}K;+xh4my*>2>4R}A7acVw@)GyAS*
z%i|co0o6l-;wU>_X4e%5Rt8Q^6F_5}3Bjg!VEdSdgU)!Ej4>O%xgB<3%T$~a<Ulsg
z6ECI_)uD*(uvZ!JR_Iqc!qfHgXUYF^&;B!(aX8$D&}WjLGqW!I)`WbZWYew_o(*-b
z$r2?Eehxrp21J}{F(FaLID_`6-;y7<#bndDTe%Ug4U}ehG!*1eGeT}HIa+mY$x;Yc
zZz|HB6W_L`KjIpXTQGA_V40Xf|A5bPj$*}9RyV88mQm<{*dScwCvh}yI>HnXc{9yv
z&{xAjSE+S|Mm3kr^quUGFCVJdOP=)zEnucytyuHdy8;Jriq<sY{r=!Xuafkx{my+q
zs{Gu<3D@Vvh%d2k1r*=(T+H9WKHXZBkcMFPEJbk_`byCX*vgE_h|HIvZS9@dVs#X4
zfz^+SKa`iQPSIn(a_NQ`#o(c6s|vb(bD(A)W@l_9>TgDDP+qPQhoK9ev<qcgF_um_
zk7WEK%KX}T;shP+c&o?9(1bbs(s1sd7x??y5`BKV2)j8X6jgqILXBNL6JrQhO&0>u
zH%Dh&?=TsgN<A|_TN2IXv|~hYVZyng^>Ky)1YfP7<XJOyNHoqc4?Kon`N4pBM0-l&
zgsv4j?%}6Ny*u2`YB^;fuAl;;+7rk$xk^r#`X!ZogS!6ecN9`QnRFnQ;6Z4T-X|s!
zm{(X!J$?QLK{yc9;O{tSWr))-EixsyxyTxXzZyvl0)PSx#_gd`t1te6*YIr8(6kBs
z+L;!8iI}z<@(f9%`-Ew3S0KDAxtcF-x2?Q#?>Q~j30Hd8Dt<)r`~oMpCjT2P=kxMx
z9d%-My8*^8E7#rCNSjNJ4K}-={lS(eevZz+N(JNj+zHlR%I5;EBH6d9e;+_PDvp-U
z`L!~V6nn2%%<doh?+408H9KTSv&`!!f+gM->o*5TDRQYO|K9euStj7$t@y4h;|oz5
z>Pf)?`KVE~!pAmh*6=>>h(7!P5XC9+yOQTK#hK9C5i%OlB+pPlEJa4m%p3RvM%Anh
z#7M}a0Y#^0Sg&=$t-l1n3lRhFyz&d-<!4Q=AI12o3EX`Q8$IHM<E(RE_0pZ)$47bz
z1V_kTeWM&EQaoedhnU-+n97~)&(3vMPpv}7BRHD=ere1-=tOQt@tp)bo4f+(Q6JW|
za`**x_E$@>%^|w&oJYM2eFDVQeeUDEy{a6|^xPrfih63t=JLtO<uRXdYpL8fT{XIv
z+w_&^Ej_y>AkdHwY$m}C)cAdl$4&I5Grsa^Wo9LIUvQxjMZb;8O;Ux@>N<N=EqBLD
zBrF=g30+m1$n+(NXeU|`nm~(3FfHGPzt;N>6AMa)TFH<b>T{ENiq(9Ff#Y_D;y#wr
z;$;j)bVmK@yf_~_UZYSAmx)g#@Sl{t1Jgy}BEp7L7N=<ld2fqJC9~dEc*7}6K!qg1
zZd;+6o=pZ;z5N)0w<NFkYT=Y2h!Gu8I+HM$Ixj+Rp7O60p?gI2wLYOu@=1mL?(Ook
zJ^5rp`0saHKJ0O-mk4DZQ1=Z@f0@F8fXncGl(vGK7O8a>8L0*NhI(l=`OSwJ<cXbR
znp2rcjI9&lk(m4lm&f2%4^S+~yrYzPojGY%-hM1pq1bFg>i=}&Tv0n{Tiz5N4VfaD
zetVka51j~3)zG{hQ-AhJ>%#4oyF6Ww2be3`K?ZvcXFSy%zQ=P49n2>hcQcGI&9``h
z=i}M+OL#V~pIyJ?8qfcFV89_4s;;$MgSw+Q@_59lW7&FEar(lDd4*`-6p|H1FZ<4`
gh<O)gHc#NfKPbh2EdKuw{3o2^Z_+CF|3N$d2U-dLF8}}l

literal 30903
zcmd422V7HGw<sP(#fFH8bQ!7AM0yjj(5sY$4npWv5;_Pv7HYtN)KHX80-=K;6hR2R
z6MB)}d++}^>Wt1e_ucpX?|tvxonLa+Svh;{wO89~mvhp0@&#~JQC2|~aOxBQaEkB&
zoQ$8ot?=lP@na1&Sp{X8KmIsP1t65uR{;Qf2WN<e+{52=boGAwiu+Maz|f~Z;D5Lh
z=x+CXr49geasR{r{~79nnK=|pcxaXIb%qccCopS9fUjGAgWbQvrr+S;uP{VQ;}PMR
z_XPO1<xjBbPq3TwQ)j|6^<SR{KZSgShY0XJdpnn}ZGA0YIlgS}0MsO0bqHTN02H7B
zkOMp<!2hk~FL^p90RSRf007b3zi_5806@uW0Dx-XFC6oG0D$xr08rfa)C6Mk2Qy~~
zzo#uM0D$#$0Dwdn03dG%050nPVDzuLf9c{s=<9EUI&_47IubsX06Ty=;5UE*zySaT
z+#x`GfV%)*fY8Yx;1Pi6^w;wBmxxf#oICTioIiK&?70i)FJ8QG{=$Wemq{;QymaN#
zg$pEPBv(kUUM0JF@$xnDYgfq$@YSzGPJOLObmlyv;?+wRE)lT*W;yu;AUl6*f{2pn
z6eHj?*(oBjQztb5dV>0hPW@4Sh~OOY`Lkz;E}Z`QxBgYYsWYce5uH6pdg01BBEqwP
zQ>Tf}oIOWOcI`a*b&6Xz7zG|^hEwtis%rtYAucb%qVftmnD|VboZ<PMcq(RoVUdR*
zQ!}V*L_xQZW#osV2^Ni))vS-k3B>6L{&f0l<3Cy^*wUHPM8s#$pCkPHfQ;a3r%w}Z
zE}Z__GNBNfCR0Ci?fNa=v**b99%z_+;1_gyk+(`r!6*dz{Uy9gApfB$G^}Hc3B1O9
zG61+tsCJr+hzuYF7>$W*Rh(AzU@qZQ&lk-C8)ftqQRb16QmSGX8xF^VMrgqYy+<5c
zc2neOl#j8bLhrg)!Q<U(oduT6zvn;pV?@B=7!4Q1>-lV3BRHpf1X&~Au&#yDwo9OC
zhchrO6KCPJd${b(VTwnx2l&6nbfFLUd_|Je4Y$pXofJJhl&r+C59${ugkjC&d?JS~
z%_!#LfyPLV9+h?ZKBky$Q=7CMUduPka57+=0@gPyk;9NosF@F;S3j4n5L5*oG?Hg7
zZnS9*h9ZU7dh;m!@LJkDmoN>{c^o`q@N}zw(MQf>pu@YPb^32;PXK!Z&c*k{y`wC@
z^)Dpetv`IPmSeVfB|SOw_oDdDeZ-lV8RHPvNt>Dx3&ppkmV#|&XmH0`-b#pkJhP)L
zdIp{)$Jr7&y@?|Qb)?3-a2>NiiUynS=i{bI=;dwXdz!IXD);<xf)x7Y=y5M~VYq5Q
zBZXrcM?$Lv_RyPcn{~;5!mpKK<I><aA;^7WCF0Cbvh$RfnuD6me5vk7{-VOI;4`^E
zmsxvVOS&sSbHDq$3B!$HeA<HI>OhJdS=@F|qvNfYrk$Oh#5|oD^OvuXbGxySxOJpT
zECBnt<+z00hfUr#qsPI<mkg@|w}7%}*G+E8B`0ZcWu2SF@jYQ2Ih|858F27Aj(^ok
z@|z^+#a0T~HUb}QO}DdK$vfqtNjc*iE$p4|Ik4S$yNQ4>(KGFWJQxGA&FrA~Hh3mR
zn01F!FVDMpG>>XvGpyo8kK4ND_-Jfpz?)aRhPCS8h|tI;wpf8hh$tCcOs?`Z5C(PQ
zm@RQs#*zWaMbtu%R@cTtmbvDUc>Y(1H|l;-3%mV;#_;=NJO(*xBpLib-aciA<Ptcp
zRu`XyGYpgE!|hpshk|wRMm<HwnEGtn67e@|QB#!YOnWAM)70v!;7(7~R$2y<sBtE&
z1ZG9)lHRe<r0EzK!Sqox1}MD}haGH@Y{@28!{980!4=-7B2INnvMV<zjPle%n@<2W
zg*m_Q!@)d7n=*-iJlD7n)@ajcO<7jG+znhPeT88LCo)@=?TEoFiQsL{R(Llsu<_a2
zy$=EwruPIQoMO__pyE+o_`P~lRa%j$csA&cJT}=)&i8cMmf_L}Y-u>n*<LalXPPrw
zZFw)r*FqiAyga;d0>Eeg>MstG8dSQj_BZh{1;YkImlw_OQ}IstFnJ&vI_(^;Z}wQW
zl|sgOU9JY%9U2-Syh_~|$+c`uSE?j$me%DVLF%Yohk!>+PKOCUO*SM}fGx`+MbWZ3
z-ZR3l>xb8A+1oJ>v)q?)Y)h_nmNzBo+^4uKw){WWRlVPL8MRQGx$eAB(VW=It}--5
znZ72{2x3StI_I(WWNv07l2_}CnR}pSiI<%kU9m_BhmaifY1TTE&T{Rdwy&G0l9gx7
zfr!OeK@WRJ(?o9Z#??Aqt17{5+4)eQZkU`LV<V0+UzkJGOPx%;>6KNf_iA9JuVo$8
z=VGT|k@S?jFCRUBVL^5M`9LJ5zpK!Q?SXZDKIN9fd%r6S{8jY+DBfmh)Us-kuF;k(
zdZm;}on~pF@-=$gDn!F|J=T-C*;>hC2?!O;u<oj!`}n~uUma%@hRxzp%B>&p@AeDw
z#t!X~QQ=21e96*X4mvQ#*t~!ffY9;q#yf}j4Y;sfmq7<_#XU)=arrlA5&Oni@<v&9
zF))1-t)!>#Cvpf9CRTe44NmJRt@R@3q9e;&u?^FivMH98pvg9B?X2oJkgl?gi?n5U
z5!fAERZ*y^58;oF*tp*?&^Oe}fh-E+H7qBGV1yk7hw{>OlN<~Jlb8m_P5`_I`Ds|e
z)@%_l!9Fep-8a88pf8Zsx~EI4x6Rq>SyBQ?I|1lKzm<sFwQpNSY=(a>fwFEj9R}H;
zB9z+(V0$u}FV}|hWCW~TWO)5Zp97?HHvSrD{;SaS;T4j+qlM!Lel(&_wy1HsKmk>-
zR5uqRc({+|($fmjrxY!M;SHLUqn3F&`*G7^!tzK2yxC@1kkwehBB@@vXkOAiVMij=
zVrmgMI=H|-zHI#13n(@HXvU`SCa~SnFe!)v%wMNr`D!ho8a#S)&S#y+sy8Fe;^WaV
z*I){UXL=KzTsLVlU?@Aj+R{?|TCdbWWD%9Gi1yxQ3)7`Gb>$)T$zw8r4NY^PHyTn!
zneRl_E{JUw$;PBhqH`XWy~`^VqPnXXVSq&E1w~q$MszW*D(02aFG+uy9v+Q#!#sPi
zq;&#_A%^U~9LPKY@KLLHV?iQ=IX+Y;fQgA$3v#>A(TM?n*hQ&YhUL}I_hMYiU~5Ww
z2jX`ea)KBH_Cr)2QN)3GS2f?~muu+ZITY@pF7pI*^6Ix@A@x%#4VcXK>;`f*&2lt^
zqDUq>wYy*0N1vq1(CtY|I-?q$oeW$<e%PFWsV{&=lo{&nEgSY-L=T24-fts)n}2tJ
zY)-%^g<JWz*+O_FhQ{x0#OamZSlV1(I{{QukT9?<MjQqS%4YQ5HR^U16q0&8TA+EY
z2q`J%l=T$<``P&AfU-M4?FwB3G&E|(U1#)M?qqLdx9DPbA1p}*_Q{4s!5<%$*JVm?
z<CB{zK&lm3ClA)W9Gq1Hf+}YFdWQ^`2PKI|b>GCR?Y(v5$&f%MZrno0de{UO%@rB(
zo&a*VScPrIu;)MD!D))o;mEaovB&td&TS8P4|MKu8__Me8XKf!?6PQ&)uMOJPl1=R
zC&iv?B2TE3-8$&k$(XcR(UOq~n%ZX1zM~)d7`&Z%*)!<YE7!!f$vaP|1>9`1Lg4gg
zc$>&=8*AZ9uvXnzn3i0z%*a&P!QZ*+32ofA4zw-+krCKppcC%;OuzfI&i4k;pu;96
z1}!yw0<c>Nn=A+l3qjUA+0uH)yYDA!x@m8fn%-6s=bR{x5Kn9sj@M>Bh``2R{d~4Y
zF%mH&s)lZ0P~UP>%yK%@i%Kl&W2rDGOR4IR!)YU~H+^JvWiuXIeE2uDy%`d9r1KP8
z8$Q0Uh(7`F>{%a`nTLomkXRiZRY>yHYq=^Fv)V(@G;}0^dgPQjQ$1Jp!W1D7w-qk+
zNGpU@_d`l`Dc`W5Xn5TtEa2FZ7ALycb$6HytmI}pCzj}Sw=V3_Bf4mFg-+!l%bDcJ
z>OL(`A*Cx&U|vB%xt38KtN-5_YARZ9X=daCsxAtvi|^w2gH`u%Zo9c@0*dav<dru|
zT9=ylgxR=Y_S6Nz=Pv2D2XPi8IB^)&e<?Nh=#e+P*3g03hC+(y%R?0?U%RcyF(PkX
zmSZ_=y+rYQt@?n9wSGvaE<MxR$kq!62XA%ZW_BH`I<_Y8P_5B&X4`O2Mt+~oPQ#{o
zQk(R{`XBaGEs6F2oRkyXmfS|?`}x><8;prM0fdGW`eOSh#x5WEh9@YnH-&T!9N%-X
z8;MIz6J%8KpCiTS6*|E3@kSn*dgkCs8_ZHXHlload&PKztsyeCRJ7TgM5l;js)#kQ
z?O|<FKDX7Ht^S)*WMkm56GxKM_S3bag%a1<J5yW4MViNE^xv71mgBCesVzML^uMdA
z+jSdz<&}KpLfxYkxs?-u567q#LS%V|JsDyMZTAXmtBw0Id$^+TB~TWszl*4<j2o>T
z^)!mIHXid3ns)Y;Zn4V#fKSh~9%*ZAD#^_$Qs3e$0d>EXEa1Y;ND6OwUxQ}upn(=M
zoSM?#o$9wAvC$B9FVDiiL<YG9F3_;NH#drNpN>U!aG>;Tf}d5iF`RS5G>9weL|NJg
zJvN*jpb<^N(5>>xS@bh*AkwtPY=w0W@}HJKcubidM=p|r1zjoL(<VLXzQG?>x)f9}
zX_wa$>jFO-7Y|qget|K;C=AMj)#Qu+?o7hj>-Ymhk|viHk%>1cYdA};`NZhp>-Z#f
zP`RLHXi5LXm!-v-&knxMqbUhwhUCx7gA|rVLt~xmgY9gvy%5(G4J}tyi`kMwRk<RE
zBYqWQo2T(z6_zAz4eLdXcjjDx(i5~50Kkz_%YSv8`sezm8t^&Zp4$A(jv&m(gNwb4
z%UW8n;S7tAk4;|Ij&0Z_Vf~^`S&_^+F$1eEGTsnwz00Y+)Q<MtdppmP(R?EV`Wwp!
zDhRIW?5z|x?}0*Ur5{K+1M~92l9}OcSR_=kFk}S*ddcpB(;rmwc{Xab5L{9md3aFK
zk>6_B10UY7X*a*~qeXhB$nDP2M7IGU-RAvH@e2EYYErgIG*M5^tp)YqUFih(Qfj5-
zO5vZ>`z`qw<d^q~tVH(ZgzqGG;raPL)f<E3MsOTRwo5~!4CUfywULC`KUpz#T28Vt
z*R=}a;%5E0It~s`AA#EmKR6K{EFknfV~)noYHMCaq{xad>PM&kln;NurBG-#6LuQ^
zzR~ap=VCutvMY%Bzap1(?1jwykIh8}FSFImIqSoq8qHI-C7wqqsxV%v@x~C1!1+KI
z_uax>$?KNSVu6eG{vna967>m@Thd0KmqDISeptsjgT^U{)6^Zgn~Gg}{gbjqtPn;<
zQ7`hsL5ER=kS#+_MHmgE1#fLe)xXN!y2LyV|NlzW|DYOLuIXpi^rJ%AXDH2d7ewR5
zin3(8XD{}_5AcSJ=q+tg?YaTgz%D9PQdPn*9asQ3!}miBr=lSJb|^@R-cWp@bRHuk
zbL-+t)M|q256j@T>q0apX!*wp{*SZyzXTD5ZV)`1H4-<w9gSF<@6(WhU^*RD4tjlq
zdm(LdRO5Nc*6<X(K+Tgl014;&A6@@`y&{`?0(e#6ORReWP{0`pUiszrj@1y$1SH)k
z@yV%;1b5p9EQo8xB1xv@E0AT`B63e;PL{u}hvWNOG`=?Ppe30ycOu)y^ZH%1YRnz$
z42$xWs&iEBvm(0WYH*kqh2$VlHcLm7L(o8vQ0+%^LWGw|Uu+#H+M<Ksf5#fpHr?mn
z9hH(ycf6HfdL8CP!B9Po#1-;&XNsM<L7z9rzOcZqd*cC1duPK<MeGM#GkBIGrRYV@
z5{V#8iyTL~cO4<9NyWIPJJ>71yQ1l1Y_i5pE#8zjbx+~yjMy5;S)_+ehalomW*hW0
zPZpvZd@fbti&RuO6RcB|5~_#RT8kKo9t29r;BPEjNvOZ9nHlO^i?It-chSElA&je4
z+%}J7@nl@h3O03=wn2*O;bWp-$?$`Abw1_r>YHbVH{=t~8mg#~-vJqL>0<V;bv;W{
zoc-ty&R-yrldrWAZBKI48pV3vpb7~10#xp*0h|$VZL0iYV0i*4*>7W!);1qqy~BS3
z7(B8JOK$Wj1e`iMD11oHGsXLi<1x!ovEweQaii(J)_bJ^DfKVwQE58>BG2dNZ#vo(
zm~P$FRvq7VL_&uZuJeszLVZMYABN=_#Yb|>Fh$S=qN;1R!acX?sfwf0>?~JHeF`I4
zd_2P)f%!d*_k+C*cB8j|GII5OQ&3IFw)D~gmJCc~o~Z#ke?`rXs?0%kku$aEY_Jf=
zfO>=FSV-lAR4LC8@W5QyXE<`3DUpuH)X5bKHOMwA{v3##T&^9e@M)!_w7)%BbcVNg
zR$yjDU2nV8EO*kT+<&I-QeT`QdZ?FEuie>&?Nd;tl{?79MbgFAP;Xz=_Uf<=ZyZF7
z3c(a9Fg}!#4RILBUfL?>fBkll%Y`q-MyuEb1$mdtdChFy86ndSlB;fr@F?lG4-f&v
z=`!imfJ?H;QMuqV>RMTky>Aa^hNYg9ef>sFuUjRSS_eC@Eh=18Uy+}blnBxB+aX=e
zKD1o*eR=}8IEn)sgY>!f6`$qebrLl)ebg9cKP=pf{tK*|zyIB5h}bP8K-fLy#FVsb
zzDO|Mw(?!WzM@`-dsE|->h*(>`={(Do=@7Ss60~oEbIMBh}q%MEo0hi4||X)1yZk(
zOY`ybJZYKbzNg{dt$j|>_4Wg}Ih6;99Al<)j2C8wP~dV`g&V?;h|&`T+=M2FcCfDz
zJIMw!g7tkd{^r+P49HjS=hJG|o8;2F#P%CyC*Q+d+#QJSXRWPh!C1Im0tV67J?u%^
zw`C4C*1f(lI0zCa`@LHfrk3O)d94+ZLxL4)BEu&PwJT1UK^}FaM+zrlavVu%#J#l3
zmmIbW*^-g&T#p}aV0AnD?%6^Pg;u)5&ssjN<rd0Yip;t<dQH$^duO4QkW^Wwmp|Sp
zu+c_6$uEskU&Ml*IQ3<DtzU^<>}&9t78FJ?*?WayVVXrE@a#h-J+e#<chWd=p&GJ2
zQw|{zQwL?&P-fZwwHm-Fmqng#yU?A*qiZdk+^_dx@Z+PzB;E8FV?E={g4wz4`v6|M
zACb$Ps}9-g%O1Y@ZvAH2Utrc#A5}CTK(0s#Q$2Stl7aG_{p%<}a5Sug7g<jpkfp!^
z)EcuCWmaENS*T_55_Z&jDlOeQEC1k3>yjdlN7GCI$7Zpg{#YR(=PaT)uM-?|nLC0m
zTWwTm+$#!7NARHC-rRMiVt>0y=JeEJFQf~%yVDk*reU2p10C;YlMrvO&X$Z6;Ft|E
zSqEFrqm~P^vh2WfQjxXr=G@h*Sc-Kwdb^pe8gcBgC|k!2ik`t`FO834P~{ZluA7^!
zhZ{m=*K|BNidi}F<XuAnWpPd>yu2bxvlmyC>|@iC=e>jr@1%bMyIjosm=&qOE>@mi
zj@<1(7--Icwc2o$#DmFzB5rFOf_h$dMbMquTGp4{yUiA=n|<@TLGfqtmU*-(s@Ls=
z%wpn{$ajHjg5qQp>OeBE9(7CU2UEa>CzM9jN3!*V^uDcw{oz8NaYjGGO8-8~Gd2{d
zQn&>3!3`@w%JwIM7KmDe9!7ZFU|$prRlAlD#-35G;Z|l{DOW^^!bf5wTCPuAIRWTT
zJd2@P@OCU<y7j(1S3R!Kp294~r9!wL9#Vok;Nzn?S0xMiFXEPMhSDTeIAdUu(P&r6
zYDUlbypJs`y%`b@8hqr0XW136{LZ!P7n44Oh>*S2(*4oGMne2u*Shkoet5c|3_P=3
zCyZCWa(u-3`Qv~pBkQ=xj;znYouY<-LoI>#iv7xkJqrpNpQ&jIp0Ubsrj5)zMM67p
zFh@#L^rVRLr-dL-p#<ErRls;QNNh8;TM2^7kWAsRNuDs3FZS5s4Hyx-4mLuKqSPsR
z0ZhO|1;6v^vAyP{o!b%Jz0Uaa;ZlxF??O1%b!>HgX{{T|1DEgIz);XKiIg}%h3`yy
zhN%eWPpQ10e+EuiC`BV~X?R0`-9igJ2_kdVbz+L`s(mR3$won~c|djYE{E~9Gd9(p
zdbw5S9R`HN;n?o$LIufOW;1Y`T2-zsZPmR9cMSnkg&Oo|Ki2hVl3d=z_4V71QgI86
zVZ3=R*%!+Xl5*Uh%aV%gLMbpfHIZ#!q_*e^SY4!_hRHnwNI`}!dm#d@B{R^ZlIF+7
z_Alqu&A2nQ#}=n4l&0ZSFkZ2N)T{Ox2RZOoa|#Tjklg(lUWy{UO|P9b;Ub(LKt?Rp
zrN#UHDJ~jP3u-&4vk))6y?>?a2|#x;J$tR9IXH9M{seFqTzOQ9_h4ldpkWnh+SE(|
zhMD*5j#|iyjnXdG*IThYNfs3f%=g}|dYft~t8o1W)sC}&6vRjHc3AfS+o8}2U?q89
zG0R!qa`AJ0mu>9wgeU-zflBMAkdQ01*UoT}_Nbp7H9wCOicG?)Ug8R&u*;6T*p-*h
zx;0d`pzX<#ZbN5~(CjjWo8Iyf=MTqCavF!=C{?tTAsVqX`Uv$<czY>`*}wPBv@$M9
z38OB)w4=j|e^ZauV&|4g6;y#K*|NOoFV?5XSm_I~D!R!eOn=X`h(d%uENf7HK?7H#
zGh9)&q$RtGA@gcm(V8PsKGODFj_+UAc=G{c9rh@56_ch>+gJm6D#fIoQnYPmW|gJo
zVhz`PO*5Ue6ZM!TSEm0pHKOlX+z5}=PBy<fKX(ikVh8k$MK0+T)691iv$(it6<2z1
zBRS+-yHyW7Z|*M++=*zl<!~>Lnpz+3P|@Aw<2A0UQ)FYIdIC(0%MCBe_M$_7dA(2_
zKQHQa=`D%QqL^-cSLMuc+%x(Yu92NO_5ueIxB8G*HJ$5+hsNt@1P!sZm987Pr=reb
z;w-NcR%N$kC%uOJyO)5Phmt~vG-@@hf+hS#BHGHkpS4UOyWO>#sxb^N>-KMZmj0ng
zR-W$0#34Dty?o#8R-@w%kV4eY5hMQh;K>1w2EIQ62)!eWAO``G|35gsWnJ}teYDMr
zOdex;qsHp(W<S6F<Gm9=O0s2I-G%Xu&4X|Vd+jQKIQE5ol(hc96$EZ>er?d1Gp?@h
z<9rk-r8%3fe$Jp@ZyHm+d;%yl;%>xZ<ylefo{i|>AdBw8H@1SWx-fR;Wh!wXy^Emq
zIzGb%-F$9;2D;TEVW&00o2_RjwAXHV6H%wJ<Rc1{rP*m?uN`N0Qfy8ck{4cP=IVA|
zDAtrfMdE8;gvx};bIZNW<C5>Tam$7Wl>_wxk;rFRc36p*>8Qfx8?eK2yRvt8+8ZYM
z+Dhzcnl5X1hS_SAYV!%$roh}*m*EXN!{|~#_si7GN4ECw7TnBSB*j%HV%$!-DNT*l
z@)k!o{D!q(6UDnpG++X^B^F&bZQb#xYM8?bU|WJEw&cBw5u(Pf&6;ZHjnXMW9m7mP
zXAiLrl`2eLP4DDliYm~!V$9S*rEzjI=nILwnhJ=DNsm(k(X6S%FGeJh7Ox@FH&T%B
zDnM*`sEqzb^I(a?u^VX`qGUVl@#POlOKQSc?_~FgN%pd;tf*ZcTA{z3awJmwtLmxc
z?GROv%6BE33Ug#1)U^j<qADE@yQF35-~KXgTp$>X?$Uq%V3NGv7}7Wl)%N5Lppeu^
z&|G=DdLT6_wfS!M3Td0#Riukgi=ahickJ(5@!HW{&fwIWJk%8D+TkU-*m&<SuJ-2L
z4s%eE$PM9VO}-}pppp(5Z=f~OI?hDp%eFqeM=Y5Qxg8$VI-XV;Q2S|r_ejkqg(pEs
zK9Xv8uFsamMzjHACNt9Ou+_ffd3k(&@Il)Y-xgFLccpH^8a!S*PaD0z&c~`43R?xn
z!@M*DGD~HV4u%c=WkoM&a+^|7d7uY3Q`!&YTiOEp9c(#YHgw`ZnP3VqEgePJx%ytg
z=7erFX&cc>&pOr>r5<rUdjxn-A*HKtDa)!!RG(uWt`Q`q-c{i;(hZ{ubJTWnbr`Pn
z5IZyGcSc41o{56hqGUUtr<$}KVfnV88J!TM()7?fQue6v+9N)#p-FSso;<D)=%lT<
zQC|mb4R&YQX3hCrn~Mb#XJCNyO*C%OYKChlFQQ>y1Z}d<xu`g^>G@2^!A7p;_y&rz
zW*QY=-Xa4LfAqWHttb`o)sWu+4H<X1{mrbZ0_y9yBLy48g_90C<JqvRs|Gn!+(%?W
zraS!+OQ$hOnCJ$#t-qxeTZAD(`Hw(T_lISX5Pcgqlm{c~MBVkR15x8DUjo%v)4Y8j
zzEo+s5y*DgJU^&F%M?MTA~PReKB1s{z1t{Ld_>^$gUyP`(RtD5M7<h6@=td`;tWxq
z`st&y><_n#^f)8ZGWj^_?m55?q9ChC2jdjv%Hj%ebAjHN!Xc=&GI~5h1XI57xpH-R
z$Qq-JuhKh;MK`P5o)!1;^Bio@+Q^W&vQ-k6IrF%;qq`$-Xw~V|;HG%bh+=yDgITxi
zvIsS?m&qA@%kCo2m-guw99cA5Khzf#v}En*!W45SJYS;Fn^U^_t<J5kC9-2{tE<lC
zCjdXcRkDt5J2!s6X8OuU<@S?EkM5h_n^Tih|KDom{SPj_61qnokMOP1A*}v7ZW$?r
z+=12VS6i35H?`QPk&5DAuA58nR@Kp(4A&sus@b-y07bI+B;U`D$NN$#$R?CjU=V+B
zWL!2h3Q`WUEpa5wq6vF>IM5H4tT57ek?Pc?o2Vl2mEZnFFrSk%QDDrMaiWqR0%>2-
z_uxoyA^uxe9>LR#J&Gb0BxlEP=_ddt;rr96jxV;M-ujjCJA?JJ^Frb=pQo>kei$iU
z2i}_}{Vo}{zsdL4p3^;=aI8u>l=l1HDCyLJNKY8A&MeZwsP-WLe2FH9fZiOE^{GBp
zr6z~36Jg>wCwZOGTfp`ar@JwovTeA}QKP?q`cQru;KDZ}Ivrf^{w#4NabMBM+%jX^
zHy**s6@5EN4=ruDp%|yQwFEha0vj#R7k8F`ZX{aL|Dr>i*?H|>OyX}W-*-LwZdCpj
ztB8knOLB@<yOCj_=JE9%R#OZT?PA#_%OT#SGJI<|LE;4PJRs=_?8@Zi{J)6!!dIas
z{DV@QU1;gsh_C(&Yhq%skeT0Q@*U4M9&3ztu%)P34tQ~=FBpb$)7g8k7cGG#=mHTX
z>|9)$rIh1${htHO-hOwjv($ga+-pZl1&5RU)~uguNo72lDi%1LoN`9#e%LZcOKE~n
z0|fG)`^w)1^Ndgb-awo2SUB|+VWh9OOCnwN#6iupySMMNN}q|G?*{hjYww!JYKR?w
zSlV}!A^*b}=>C$g=Qo#p|4mG{B>IJapYmmQoQ02mH!fB$$u5kc1ZdI20@u%_*jw`A
zPys{k6klo)GcuaohwN_djs%b_{01PEVYp~nw|V=zH+v#O`+Jmc)~N08b~1vLNYxz}
zi<zdnXUd9uXXMMdXDz+^Ax{8X-OuH67VOo8eC%lpV2NW}cQncMX!|`N{k^7NaxS-e
z%FwBW6!|HMW74rNnqmIKjrpvbk1(k&sS*lkh!|^Y5Q1DtiU`)C(3xi1T&M57q_+Y?
z41~aJw=wymltBe~!r5Y*1GkaZ(O*VY0+775Tg2kTg?5t07O_EAJ<dn>ob`NKO|cVs
zHgeM0A55(x<tjwtwu^?^t|f!LVuLVb^YN89VS5Bs!wgH;)5$CrLSE$^>U!gV9W|en
z9j$A>Ds+Lxlo4ZU+aqJ?0~<4(7Jo*q=;~SEa;mAyzS5Ki&SU^`T2`3(aMs6{+_h3+
z4w(tk@#sUeJz`9b4d)N!UV?DK)zu|kimN_Ayfms8n=bg3c=UUEc#+ogMMPE^**)|B
z5=kj)`ehV1leXo__*B@9QUp)?j9Q@pkH{rWnGLw-Pbgc`(ubDKSn^=gcEE-EUyV_Q
zPiu{I03BbilF9Ot{Ypa1BmFBOE8M-$;%r*XHF3G6B2+;~nIjlZ#u(1%H}=}96VqLg
zws#0Mi?r-$*_{Z^{8mBMEY!GeJTs~EapQ^(4t?QO7QpQJSK@z_K)d4v#zg0M%}kbN
z=>D6@9!#C%tSjZqkbKYjmWKXa!Z_4_)GX6FCzh_#<TouyQg0814R>*|5!1ih>Nw~s
zStYxt5%K&R&wr8q27&a_E2bz4iuVVMwWK!G{MAkXNrcrEg~3KS%cZSC2bAwL<|P4{
zOtb4VdcC>@K>gd_N&Int>Uy{H8o6!DEr;op$cXu2llHY1*Xc=-57OZQ_q+$)M5U-X
z8Dm4H8R<PzI1IWV!{wG)VmD>7M}~Ya-_Cd935s)=P9JBn;KgYYhV>s!{QK4(Ctgad
zi}q2mEwF!YvN?4aFQ2z(1*Kv$|1E*am?<gjMn2w6hTo%~JfIaG7>Jkvs?5Bhhuf1X
zFSyza6BjM=$$>A0el{CKJ|&-8)>q7LKK9^}@yX|1nIj#o5Ec|>os?F+rgc$pR^3n&
zbPvQ{iK2QkqtSnvLP!beYEX(6MyG`fv#HHy#4}{E#u^TdijHo0Z?9CS-l0EQK5Dob
z^&|)P#gKvoNWUP+7qd8YcN0|GR&k{8!H!Pp&h%<lMwx9Nww!fkB>Xp%TsaSM=}F|%
zdkL-qQJqwFZ*m8WXwbPe6Hl+2^xPw+Ffg5%ROk^`FCO2l!^}@htThq2tBcU!M^Jq2
zgI6n)w^WHidIM(-BC<^9uf*YNH`pDsx$`?WywZ#;5ng1Om2u;aS>-8jNq!f{b%;tv
z-eWZOSxMP@?ny=^d+`h49YG6pBpx}=3C)E?<+f<ZQtjAnG1h^PyNOJ<6qxPop>P;b
zc1<D!J&Yl9Lnbk1l8ZRL!_HisaUo0q#VBQ#jgb%u^IB}e+~Jm_U)98y=~6e!u`h?j
zSfY%(Vkk20$JW94%N2JPL>qgp`pj09+m4&zf!PqB>zaOH>Ha===jDg?3S89k&f7LL
zea>zk4%o#BkS#}o;OmZ0HO5P-TlEQNSe_6u|1g(tSK>>GZiXj-W;gwgXP`WM9Bu`$
z;*lUR+IFxs<NTjFll+n*2*C0y!Ebk`bS)1&lxC$*01F?AOpm>GN%NEhvI-1$*kQCs
zDwi^SSKd}1XTJ89att)Fcz&61e)yltnE3&EIazH>N@iYa^cl3(VMgkuDj2bLbbNGB
zCg&VzBjz4ZH2t;&s-dK~<&Zn;K8=M!=pH92)FepSW8)HoBjEIzfHUvE(>^tuJf^&R
z{Q7k0YyOG->lBV#h^410{%J{D3L|SNS%Ee@TJbA18tu<`FobP-^=81$Qo=YY>w<o>
z-1XrEaBPyfYDgNlMR}{kV_A}6OdLNx{JDR@NxYZ&Q$Vn0m9FQx6F@5oAr0$h*spu<
zc=%<&@#w(`Agka3&D(fukkO0EjhEJyTg1nCvxMWNB0`80z+>M9u6DuSdLqn!M&11L
z$@~@~4U&JS>Tlv6lP3Ta-{5a}5ebqkm+ADDsSI&?ZR)V@U~`2VF7k1EAN&0C@^YL5
zM^y+BaUjDgSGq$PcLvBSQYltw$*hvR&e~VuXx&}B78e98ZRH~dKW%JH4X_)@(UVgk
ziIgZ#k)QHC6AFvtsPshor{A$Jw(rD2(ozw&{c=;cwF+d5Qa_vQj^~Jvd3U6*NGU95
zpU&B_7aZj#ot(>%y!Pn?FwGvVHRHY1<s46>SmG#)0Se4dyi#7n8DeL<!bGLs?eQ%Q
z^VL#v1cg)Km6gX(s!MBC`zm?%52El`y7pMqWBoY~<<^+mNglP9VoBE;JUC2lHIFQN
zWQJqehLQESMw(T|qoHk2V)64K_3Qm$mN(9v{QM3vaUXC3ji&L8Qvx_L3bh&lE%5nI
zR(G1c;2=6EzSBh&5k=Z;L;H4Mh8CNqqk2W0eIa=#-SG>H<$vreldh@5fNMXK`;&53
zetB7%K;@Re9k1iP%i8mi*1Bfm%bHXS^Hv5WN9%-xV0d2C%iFr|iCBO8v(nGN`Ltw=
zzn_uy#VCQH5=Y&ID}HcWw-ScW7rEk;#%E|TnY#hH)lEBw!?KC<K0)2S75g)B!>zvO
z;_8Ga4vr3X+(YKb2HpY`f6%-cD0#gtboTM>T}?@;4-Y_u1;dKoGkxF9U$Oq1KcsRK
zcOD>ew&*^cTFCrS_1l&GrXE8>*JE#%7lgo}c{j5ZW97@H@?bTRm~iA!xjLO^rfsYE
z1VFsO^WG<*T;1zP;dsC}sVwdU5I)i@RTXWVQLSSx*sx(uE1sS!5!+po<Ge^-m2$VE
z>3WPj&F;v6I%82idL-~`Q9HUWWVsxWCe^ZVjOol$cGfz$RV^^QuhLd4bv=4tTT5XA
zXjmVrmJ+ys+pcYxT-g`VdjvgrX(P@%lRQ4a8Z|bqa<IO&<1o6?63+X3ne_Ms_FXIe
zKqPg1O1`tRjY$Eu>{PY}Y$3v46eZoj&de_{bj7*NM#yTytM`Ro9A`~sD|TSIqP)Of
z4OQ#~`;b&Hz{sB7^27z5s2sekYQp+D``P87Tc#3$A#%mK;YE7cwy~3{0yLE2V6!}u
zVQld>yVKrfBPnvBr1y;<ktNK5x=iRi*#@uvTj1z9W_a@^++Cd}9w}H%aWfb%rY6yN
zn*NckE^fAfx;ey=W^kh<R$d1t&lpl>Ro_9=ZFf5%78}rrthkcxp?G|Er*F_;P@tPe
z$#T#zN1r_wUyJ~y*^($m-gy;P?o}Tn+p1{0j#AeN_2!BQs0l>Y$UVj7d*>8pmy?2x
zp5*eG-tAjb2&x%uwDe?}lPugp7`YWIMw-c6m~uv#<mR=|phU)04nmFG&Ndu~=a}_|
z4o+SlHZ?Frh%{p2z&3q(p`K!eZC*+G7c&rjSqfp?t=ddv2MKW>U7t0iDdXfGTe{Ba
zi-y$?;Zzr*)^`)070v3*ENFSd@7MJQ(8X~aa0)bzw7L~(+4R1PuEy8eHb>?*fNHIm
z#1@&?$61;bhn8fsvS2IDT6pjqqb+7A17lIETv6~ClxoK<!S1-r;-y)4aloruO?#9u
z?-on8dEoZLJx3YPXK}m@GS85aaoe?sLetIUTJ_X6_<cUbo!MtO)=C}PpZjVyy(>Pv
zDB~59Q&E6<+X274Zu3?srx+US02)m*iq|PAt!sy#)hll?em|HI$zlDr+l8w=l*MUP
z*F06OPfI(?AqIgD#KI{d4u*{|z4dS^MZ-q^2R)c~2F0=6R72di*RQ0;=cy8FHi-oy
z^+O6wBeq47p+<?WZ<u|FA_YBN6IrH6-vp-IHSAX{L}juy$OSsYgjGoNU-8t-?|%VY
zES%41puW_>(6(%gWuD#<)xY5yHaTc9t<E>-_>$!{_U41aT#z6MYgbL_I&v_qAPLOn
zBtIkJvm}twD$HzEvnZl_#9c7A|GPIEhr2~fZ@0R6{y^d_L@ld&yNqnDmF^j*9!0PI
zHeslt@$32=?KM#^y`m}ByI7}KEIE4fjkuP{+(0@-rg@-V@q{f~_B}Oc$Y%~ggApP5
zx*~Uj=@lC!N7|I}m!PpNquNanyl&3m2L7%vIFmWQ$zsF-wWu4bU8-OK*UNUKB`ju_
zaoegJV#vrLY+JJ*3Z$G>c#j>8x7zfj<G5uxqDp!(tY<7c9$EOz#)1z=Di_{aWKZqn
zWyje^;u>8;rGSqUsJO-j1;x4Q!P#|8>U7~y@lnI2h?^~qy{yw~qAfCyo&memsBHr+
z+yxp4N&Y<<NkWpZp%gu{MbeNB4H<1;<RPXv+kzv)3s&Qs&wcnbUnXHFle*!|w~K0?
z;TZW~9$qExhIHbS<tS<>rx2&?k`eKe!uVr`*|g>`PY-b)FeGRvY^nLHFBAC*rBa@*
z$EUp>M?Am$W3v5Al%$BLICzKS*^j+(0ytWykkTqpY&1G}S8F_PrO&WaFSDN}=*mji
z0Q@t3|D`s75cJdi5k}UR+yt2mb3lZkA7Wb~e5>{%bDYA&^dP2Tw}G&t=Ei$<q2-pw
zG$L|oLBgbco!eo1V%J0_Jiyyv!c9<$jFUHnF9vW<{s(Q(Z!!P=w>;>q{*lFj0lDe-
z?MA|sBM8stg?m@XptS5z*$o8{qf>s={B}+8_$AV(%};$ej29%X)?qlT<-ZtLnJCpW
zc*xLP@nWBKOJ-$@?ZDbmQVk*8Kiu+Sv1hpaY`SH_vs-V%bj@l%&D8H`1OQus4qHG%
z(eRx$E|7wj^B$`kZ(X5elbYNqAYHYfoWC1M-I*o*J?anq5%n$GD=mCxJi&)amGh(z
zk75qu=R(&5PXHMTFG|jXaO#Oa<0LL^TQ0k$Ni}jFe_$m#&-?B_uKm3FvN`o8Pk$n2
zB>Dt!J7@ppPYqpra`z>*?6be9z5n^iSJ9V$`*#|?Zjn8CAul_5DH4Y-4kgxW|DB4{
zRG>wyxo!d}N2_j702NO(S&lF|nx8I#el+N1yp{F<rlqM(r3~b)3h{87U1IU;JP_=R
zj^_zTeU<9D!3nnQ3=zvszZ-;s3zET>fJQZ&c;%dPkzLo<sTQ<0r|(=yuJ3{}hs4=K
zwNvB<0t3oPUNm)875lEfUO|0$H#{cbb2WX-ztyl+51Af0=N~_6vMGFbHVtj7-0XM)
zXgI6{Jtx-kUjEe{zTHtojY6V#Vkzh93Cr{>u^@G~q0}W`&4*Pd0Pk0oNE2<-|LHmY
zPrW(~|HY;es7Swc=Wd1zPkcA7H*-Lay$Kufj;p?W`^2*dJY{8f;!^59=P${ocHA$S
zj-^uGZ05FHRkgtAJlcnSw;mvbeEw5|e4#vQ=lV|o)sz+JH=1s*I(8o>_Am)r{u5SI
zTeRFmZSomKGec>?eqz&>6~INi_5DxOet@TRfh!oLDXGj4R=%URY_|xrue_rj_TU{t
z9?C|@L;dEX@qLZrAVL80|54|c>uL6kWz$=|u@6&Qgt-TMJU@S!)Ei!^TdfXayS9tL
zE!+4of}Z9d^}4C2?<Xd0F|1TzW`v=MRq4DfyT^nh4@V<RrP8h`e<j7lN#CYj7r$kn
zz{(!SqAH>9F()kldk|70Y!6H?9Le1Uc>Z}h=o?=b<$lqG1Nzq_v}teS$iA}buxXZo
za45{^1fbzt95tKsOC&LZK#$eD?w$b7nfN4MFp0lYmz3VmKzzQ-7m3+TpZE<hKsej_
zS82Rgevg)Ll<d6Gekrxe2)W$YMPHp@eB3`_rwpdIrljDT+IM~C+va_F@b6FIjm4h-
zMeI-Lta%_oGxNTL^q=%-o!S`B)tO(ty&l~o)!kldOHfTOK{YsXdX&JwEN*?LaYj?U
zt41Y9;59ZjOivr-;`gXda1il!{Pi_e=Cuv`p~*ut!emxF+TUgRZ6;Ku$#p9sch=)Z
ziI>yi-K2(^iaSo&*hK$`=sIfU=YOpSNPJ%<{kDnod-id`GxUYL@4Ge;@Ne5Vih87}
zJHp1lZr^-kOXFUlRCwC^T_vIuKy;dk=H{b!s;ygB@UAk^?E@fhXI-U8r=H(jA6nKL
zdJ67xiQe4p+Y$CMfiNah7HQTFfcMKHh4vhErUbxNvuSEUxW^3@gBxxdg;_=18H03=
zv$Q?3+`_0Xh=YQu;X(}-a{>_eU{mheEamLTZc)EJ)?Y{6YM3}X5oZupe~55xjrY8b
zw2kqPbGPZDS`KK)^AJ4&u$4#qzPwwh{wlW~-LQ$4duUf6XBAwApDs@?JQk<0QEY{N
z@NNg0sX-~~@gP(*GB6_u>$<5XAHh&oK(1113i11`b3Sl0a6bK2^Wptdc?N%~mGElq
zI}cBHp|<0z<y+2th%(mD>g&gO)F{z^KsI7p78-q-X3<ZM@QK~W#;E&5$O@OAX#ELZ
zY&taxiR$&mw-2aDNgSR4`d-I^^c+jxMYhu~SPkE9Yk`VXo&aP8o!+Qd|Hs};^g3!8
zTMCovKBCMx0X*Ak6UD|IlZb{m*6keZEU(dbvS-YVvl6_0xJ7}R6JPrI!$j;-OTE*>
z0JdxHd&SETA3o53t2dvjP9Ju26ZJuKcty>}xq()fXG(n~plMFKyQ1iqpLg9)02hWC
zqX*mxOTp@9x4Of=E(M#I6!>YoeO(GxFv$=2x)i(!JZ>D-30VBsb*Rh9|1i9@=>7w;
z71-)%q`Ai+10`P0I!<3dGJ26QmrQu4gcD97$yb)$m}tgly`+mm&mE$rE~I3M#bIdq
z!TW-U3u5<knS%?byQAWuWZ=@GgdWVzNn5g3dp|>UHkkGap!6BDVjHXBC3uS^;gvP*
zdGS5(A}bE9`X)gkgIbxhZ~D-Ec5;UKZ7t0>(IERC3K5_%%3#w?rVEK=jo0-)GG#P%
zk}LFMH{>sDQ7@Pm7wc4lSI?t70(HHDu_1-gm^p2`0GcMfNw`8S4nO|d((&T*NKmD7
z34gIY!|UFBE9=dhNwFL;V$nf+A5BsCO}l}Be2{`j7W1+K#cYkvn5W>V?<c$*k0wJt
z2L;5_SPDKMi)uFCtR0N<^m&NauGsJQiw$E>wj&7?foIg(a`K&#<E7kd8$XyVmPuZZ
z@vg9F)%-2oqCli<_>GV|9G37q?=4$(-EyjB`!abXlJKHN;fEZks181z#W5B0WRX;7
zwB>P?(|{{=Uh7nj7rk{C-X(gWqE7H^dW&IRDM++AzutUoB$M_d@Y?6DL522##K%=>
zdG21VMH0brbgHl82Cs!D*@cPLZ>=!2)qctdMAZ(!mL4U(?vsqGG2z<>+54g(V!pRv
ziDYu*woDg6HCj<!=4OGcqVpp)W|8y)!LrGEgm-!<bCQack~i=8mMVi}kAhIIGhb=z
z=hh`By*vTz@LW;{S&M)tT#uSs3Lvb@J>|`l_;fbHnd#X%7sO^z;hmJgGLOu{g#yP+
zQthqqTMCHN9LfdaFvKq5#dZ<6-i%-)OeX>jqGiXm_qam!<k&+>K4f*H!jdJ`F3u!p
z)z6M=x6$u_Py@BvESUFDb;3U7xWjQP=@Z8&J<FmydA+){Iw;S`9xwWIWdG~ig6lxL
z%Lzc8YjyX!XM}kRxWw`3F>Th(<H8(Pm|*f<=vd)#R}svbl0xl*>I6$2@20huH#+C~
z<NPELRIfjw)-Ja`)M3g~qM=4`*^)I|R1yMt)uC=<$d<y~Uz}wD25KlBU0BmFkG;Cl
zL>|w4r!cJF)*vwF8LKW>w^RlqJ6%4qTf9`Dkhz(WE9zGNF2>$gs7#4ZzQmKJXDDoW
zCd{E$<xm`}-UwxyOfGOQ9El)MH|P==iH@Y@d?O2vj6dMj(I;!&?Lp6nG3R(Db<CEB
zd>Q`KBba}__-w&$0ZEHXf_f*vmN+n<O%DdP_hYj=A4l6+DZ1l8a<Er3f*u}$dBrrK
zR8?<izcXshb(&tMHYCgZ^4WB(UP<Xrk!@+Qc{fmF$c3iA$IRKLH+^{GHN&SVm{CC4
zhAnsL=Rj|&=5x(Z1yAuln|^&tQxuDV;t1xt^6x$to#htZJi4?k%)u7h&=7}XirFa-
zek;2!el0%FHq92l#z$`hBU$W$ihY(wKz#^M>t(#QJlgYUL?O0Sn28K#Sf{PE$f-0R
zuekJZ37p~db^t+Z%M|><w1C6Ru019U6zd>j$RS!bsFO(-Y>U9q^>PTR6P!ZOx}kA!
zy1dbD1v5`0GvGkG=fz`M!misBY1oL9xhUIom5V!4mnkS!v^9jSfq|AD_o`CMR)s!w
zQ*0q6xz{Dd`L0&Z8*f+Uatmwy%a8BRNWd{|5iO>KGlpc^UUA(rT5C&eX6_QHdP+h?
zKH$rP*Np=jt3qZqWFqS@L#ml3k*H?>TA;5lr7(vR7TV>pZ5TFpy&uN?uD8*Qb9{{(
zJ!BYd8Bm<T?V-=2ExUZ>td2qbt_MykfGTcAw0ubA4}Hk@*xC<x5rrh1F4u3BPO_kE
znZj#|Bcw~-B<s#LEa_<L%BRARnb>3n@f6iQ1S2ET`~BcZU}Z-9i<-p)O~V(xS>q^k
zaA2~vZY70k<Uq5wj)HpUqjJ3+*}k2m<OKYpgsy{HUtEu5suxzTSG8WK97(NQqL#Lx
z8z^KHnvgO(zi?e$R4-2Ah6n?Vqx?|ILS=SHU&5PO-8Z$D-#ldP?dG$QPf{X#%J+GW
zTh(5?<*-wFX%?~j5l&%{+4s#II9j6D{p-yIvbhpUJHjUgZ$d7+1cMM&<0yOq<ItRj
z+$D=d7UpXxldPFixr%d1g4z&HOtH%C^%wowi?W(`V~r(<c&V%lB28nnxFc?bOyUh{
z9K{dWM2UJKNVbdV4o9<b_QnmPnVYpN{oH$#-F?w(z&tm{nX$TxaBI1H_Ay~wF7?Aq
z$pxG@8#pCG<UEzNWC-szD{gYnDXU6pE-^^RF@Hqq3~k(vv~~7QapjgAsAF2x_C~^0
zm_8cS2DHf-34ky<-+IF$yj_=u?C22{^AhbAMp~g%(>*_%<M3~Eqj43|X2sbxI6-)M
zj&oS4ki()JC$_U9z40Y|W`TR=W@})<xrip~#+c~*E*aGsk^snByN>V!51P%D_#Jut
z+II559*uvmu9%+*ji$I?!-TC(Sr13+Bh6Y=Qaw;lqfO}+txivta)FT!Faw@$1}|4P
zKn4cFKpTvcEgznQg~wzGa^%Om^>{lL0q4vqZx4kVGR2=RH|QV82<#R1x;g1a{?Xu@
zr>hD5yPh5~du02j*ZuH-sbdc&9`;FJ(RFqz#yG*WlvRli=HihGYxailHee1F%GK+8
z89&f9u3NPCr&(l}Z6%~5NZ<M0qTo^-Kt|-YmLZELk(tC|Xt=@FL0Pz9oP#VA4K@I;
z!uF=CVBVlda&f({TcgUfi3J{FOHbkc#fF!ROr0XHNZT{VCMPBSjq3s?hpKrEtfl#?
z!1xXe#Lg5cxMF$Z{rg&ws2(=LC=k(A(g}QYaWb#SrmNhiw6#fsdT>hVniJ1yQN6%2
zL&Cs@q3ks_7&iD=84#N|&gC{I^0_}zeZ@zGXEt-U!ov_9qMpQ#1TWS(24kZ-UI%H5
zUc;cHV|r1+?ixpr`rFpLQjgE29>2VB;pWdbUG`f{eP7&;xQ+S&=j`wQnP~n6{Eypj
zIHO4my?TV4=kgYF(BXSKx5(84y*RQy?AG7FEC~0uy_6h3pE!V62rGE4R=T_lITB9V
z;lYb6XO9iHIUjq@C{L`dLJf)iR@aWNvE|*F{bRHCul@r5&&<Ft?==PO#$+Bd*7<}7
zOT=v5+?nh=4n+7xQLgc89?FCqu~B*P&r7T{q#jX-T1rTO<;FsTD_-w&ZPB;YX>WJ_
zFLc<=P0-;UVV0eW8vG5=lJQetet`c|ju<@u!O$Pq)9kQxe+#_JjfeCKTzd+I+c#)M
zT--b~uw0Xow6_yjVmei8jTf`G0(7tAhH9j2N`n}#AR;fPh<RNSjH@mwD>2-LD3F*L
z(^SvSc&2Zs?N9UL$S>&peG&EN+&|o5ASB#&I3~YTY=@(9^9^MaW3nZ|8G~h@y#;yM
zGK7^f8BJZt=Bj<-;VrNES#x1`6^2*rN2dG{P(<&$W4R84>I0Ni=3(U{UuW6p$DvEY
z)0LXOxeTRD_kHEI5gW#tm3=p?#1behHx4RXhq5aF7f(?E6Wf*@K*m4UB^@SvFO__t
zvX|36x_C+8GDq9YjxZ<B&sgGR|8|CsqqM``dB^RuvFE-vg@}my8B4SyZAChJ+~s4t
zC46wYh3I0z-cd_qr_tlsi`2%KR%w;Ac^mN{yE+XFw!>TT9R-Ed#XDb)AIDyRf#aVK
z=%v8MRR(#xkr@cQxcY5Z9@A|ehoz=DjvG4PSq^9<f54?0bC*_W%odIeDxg=YEq7ZU
ziYM|+H(k+EY3Q%)dbD@cK|{1JRX7@Zq;mYJ;C^-1u`d*o{|nY<7Ix~0VZgD)hp<on
zMEAW3$X5!3(ft)I^|J`M+V7&I5{LeM!BUjm4gnSmI5a@Tu;$V6YB$_2=Nib`NW{*I
z+-@@rD@h30XaL>*qRsEg9O`z_({LUsQL5v=q-L(iW4Hg%khqXW$nnWye~v}1yhDp&
z@eOKPCS69t!P*IJLE$2|^ps3YeJ`t^3{<&B(bT%m>*BnszNc}7YfUe;rp$EVu`gM4
zoo*!^JZqDpY`kFE6;37+VGz_(PO~()<HTf;sXP5lu6$3RGAXTb3Yt<_>^FH7)TJk^
z2F{H}#`@iS+x0>B?Zei+K|D>j^hiZ)P8w<;O|W@C)N9?^S4P#ajS4CH&>!g(ud~}U
zYn(I}FsT&nHc!}S&F~UE=5en4)Lq$ba*Jv3ryH?|iWDyf$<fUsFEapj(J!9){YFIB
zX91hhb)?qe8M-rSuz|p|ed&sxKJ@ji^jRSrCLBsiV6^v0;U4M^>nztN97+;J4-NTU
zza8ep7K(6~VVhtvle4*h>h=%X|J4l#I*w<(ZqTT?a!QO(W}S=Um1VE=jb1TJhR~O>
zv-hO@LRaHE|2Jcbe?m>_lhcoXaQ5x`e`bk~f9C&d=Q_ih%(gW%j=c>iqCi0UKqw<f
z4Mn91LNX9SF9HHWAP511AfQ8)k{A$a0USCZln?<UZIs@n6ROf{kQO@LsN+$mJTv#q
zIrrY@-uvsz{+=({d#|<j&i>x@zDrbW)HZV?46p_Mo@UqOJrZ?oO9;VXYEj(+Svmt+
z#aYg`Wvy58$E@m2;8xcnID-_$w^*i0T_`1h#lW?-lXglq)R+y{n5|>HyxyNR1b!&#
z!dOpj?>)+Qyt_~8@t3oC-=d>~gVoA(bnsd{!lZ<-7OY%fR62lp9e4)Jw}gxs?AlQw
z{0XrpWZ~*3TF-x;R(AJ`QPKB&GM%2}ent@>{hpq51}+=u{EnV99?4o?L8m9Ru0a;G
z*BXre0wi>*FUIW?li@=@=hR~|{pl?F*GESTlm$y)+}z=U%rVB3e(x?W2RB@nxvUsE
zd2+~T7c#N+gh4K6>Q_PW{$~%|nW)*(>Uzt-XkDpM%kgpHL0%5)4v2PxOexh~ChCw-
z49^MOT-sXV{qy&l@54+(H^#8_<>iU9aXc{B9|nfSTTemS3{;wTVP1|Z5(X`1cihb%
z5-3KtuoT>dH$6y3sGlFNeQ5;@?A@BA(do7zm+(x1jE~LW0Z`h)ihMX$Fp--Ak#J(h
za40Z-@)pk1@|?2A{M1Hy$6JPdx^EdS2Lw#m%frIYJgU0BP$AuhuItSPro!}rV-dM9
z2Rt_&4=VNI>XzHj7<hqcOxjk6tXJ#Ga4i1kFMRZ&!KkecVU#NCI74;Nus6@`0i0y-
zMIe+zPix3T)wPr$qn6&m^naQaux7UrXZVy9UHt$k-&21Px3qiYNXb?U?J0ltFWg)G
zU&y$EHx*+Bhy1c88BUsA{c>o36$FgNYB@D4({i$iZ)V8X8<jH)NJh;-?<V&VJKhI9
zs!Ie>Gz#zM;GAbIZ~6Uiv$p@9o#5a>9h60{u?4v`qPyH)%#EE&74?5fc!Tub_Izfb
zvRau?iwZ#(W(Je+tEVXd4SuO^t)V#L+PO*(uuZM0^<&g4N5~_@2>T(G45n9~_SG*<
z^k;b(RY`!nO8?4L6LL0Rx>t#zn>^BtOg{0Q4(}+0Q);LcQma{y?z;PFbNstLlhLCS
z_ol=;y~JF1q3GFRz~DM$D$lJ|iSwZ3OHaR(bn;vplnwH23;j?ZAQx%09A!T*EOl#^
zx}5G|)F3RSBY#aIEitr`Vlv05a9{K1e^B^7%=_Phv>ys8EDg@hS!Fgw<9yY+%W5*L
z7mAun*(6+w2WPq!_|#P>TnkIh0cDt3j(P8tj-fWB0<@Fh{+2<us;1qGcd+-s-moaP
z*=KRZvxLSd7;yL38`Vdr(bpN0@kCh%v#328F-)SbGwz;6gi_FHBbk_*R%s-3iHY=Q
zcs)<i`A@Gge>Zh=C_`$JYa7;OxZyTfV8hkfXGEA}E}wX|NQ%4)=icaHQ3rJ^6-oE<
z*&Ruy(^V(7oZrz^U4~4m-qTfE<LchgRZpILJ+{LOu`+x4>o~RHFi$#8qF2Qb^D#S?
zv3NN3O`sA%&7t-8?z-k7y_S>fw}7!q?sjWRF|#ijX7dv-eYD+Y*RKHtd&~JbpZ(Tc
zS;-hOl+Q!+^Z;A5xVWfd6(<uJ#2OLN7E{t`_%ilEi?!cz6SHa7+sEbR)}2Pm`dOF^
zBrkMGg}2@b?V5L$yLiW^B1R@i@|G6=Zy2&4dOWD4GqIiANzqzYpV}&ZNZZU)<Ul4^
zl?I2oQb*|W-=+=pJ&u0qC2zdqfzmzyW(S;LTu_r<je%f>r&bkUcp@{${eYjg!v;-5
zlXT%2iN`_Oura*w5w}{VOrpikh_-@aCuE)l?%~n-lLbN4KC1vqS1n#%<E|)StKd@^
z)j0EAH)?V9=_!}Zs-QIv%y_$RC|mG@#U%;n9aZcue{#TNo5)OAYDTx+)f`qUeoqzW
zTAo6HUvgRJcoLl#eKGMsPcBkVO|Ba}b3cg^d-MCRwtLw>TJ!H7(-^g!<dvmzvI@VQ
z)v#;S&MYXPROOU5MpNu~3n(f}!mW`WLT?#toC$Px;a>~23rXL{YX1C*x$<G8|N21U
zoTXIj<lFHjH}=$8XJ6WuLKwvnmA`S+rg{&rsTI-RhhQ+q6R_R%c`@en@8D$_{i`+#
zlF@PSm(6``o#+TMG|Zbjv4huDRtC`5E3}?7C%8A8D75R8PGU6{dbps(rPE%_=HaLx
zs;a8aja(a~JT`Bo8TO*35nepeWk3T;-+>{gd0NE-BL2dnR&;Yz;Tvgae~uOFN*${K
ztVu6*e-rh7J9jxp^auz>h&N&kExi5AZ2J+_QY+UeB|f{>(o@Rm?6^aT;TVk5C3X^T
z8df~ekGXMp#P84~IZw@JIVB|p0c}fL-j?qrRPqP)ZkVYIn#Jgr&4aHTwb!rmkx8G#
zQ4eND<PBEd&0pG~YrwS9jcG`L$%zGNb{0!K=1y)aiL-mgK~m2_@nYV@P-WntmIHOc
zYy<%Yo$N9ZB0Z?go@o#2TzXQ_e(gX(tKEnLYvY;*%oXw~tHvPz_)WucjCaNSs-9X;
ze?BU~OGsS%)>fFUaj+x`d|e8Ax50*p6<)syZRm|}x!K-Wa|cUooRnmz!-3dSUP4|s
zkwn>rM7Yrfas+d+nG&|P&bI56G~0tr1TY`XY{WgqI-&neWQGTuQ_cvY)|>}6V06to
zk9T^k$b=#up-GvN_$FXd>(i39OOu&LnFmGo7-bUr6XJ8$>wwG+VWz5?0*O3Tuh)3v
z<RIz|gq42(&{SZHe$}Jl%lc}v*NepKj&j2dCyM|)?Vbs2u;Hb4ok&`pYI-46-^yJT
zn5S7Vq?d0i%aYnuP1GL7@3!omc#TS<G7sjE!2oS1;`W+^^z;J!no&+BuyEMclO$=u
zA$5?1yHU)J89K_GxGcMkHR(?b-XtB58+SV;X-WY}iYW0pS=FrC=AS;B6`QSJx?TjD
z%$YE2C<iTS`-n$V&<(|N-nO2{(zVQS?Q!9vXw1n#|1_;8sT+|k-b}eYP1?F)ov}!0
z;3HUmbO%j{M}uy8bZB_Y(c+kbV*4H2T;Kjx>sz-=!KvX5dA{*_<u>@Nf+}g*=fWXb
zS-B4QMb-Ivg&ud0hHM95|CPzE)vj~%HsEA$7EyDOQ+LkrZoeUH#}QL$=R2;l7*$eq
z1ia3-n^}|6%N*znAZH`b0bNX!jcsg+SIYYytEVm)=h}#et6!N^Eb0TCZh3_|E!1Uo
z)yef%&ux*E0TP1Baa<5vXA&$_FwP%CAZTAp<rxT%FCDFG#DNVAGaVG&%f}y-dI8yB
z)OY58J(A{SaG6Tt?C`R<H0h;h>I00QBBKG@o2_svj??G)2x6%JR?b{Y_`r+4u4s?)
zw8?5{5g!}NSWB1tO-CYr>cytcjtDjvjw8T^LqhQh5AIsY%E0062DXJ=Pm^4Slj~KZ
zB4a?@CDN9WKM(w{RD>rMK3TM#a22!GVN|&Imcb?AP`@HX-+tE`f4zN!T!1RTim<~P
z=9NW+9SvA18zbg?8cB0bLnn_EOV#ZF*J)BYLt`naymO_w@!EMa^8+jd!3iXd_YsKs
zJCl6**fkqpA2}%Np3Kv+1zXzsK)a7<XIpkr#Xc?gj(*!@)l^<vq~@H$R&GvvmfL+^
zbfp}H-*It@^VGolp>#FGh`>JYQKb|qi6_UUpRg;G`MXueqrj7-O-=GyDtITo=SGhP
zb76G>uZysA)IAt~6b{ZxU4q_Sa`Lt^G3@E@7=~-uO<Rro?OXD~N<4y(-+H+s2nfF;
z$!31l;y9WGIH_TcMPu{T$Zu3q9m<F0gv5=u3TXi^Wr`=)dY)F#G$SW%JO-Q0gK$TI
zdrKjkraeny_oWx1Q`SIIe|$VTv?RZvV3s`*Wtx6JifbRD|6XagP3V3UTVFy9z0yTu
zSU*xKG1a}t*h~b!sxP5EPKtLaj(tj?sd);5AHi23C=GO3o4N$biU6$bRmgc>Q_h9y
zLsV+beOKGU+I&V`Fre**XxG$i+m%|mvuC3PJ12*0?#-FWn9dzH8~}Fy2+=lqA3RaH
zIZ`79W_;;I{Dc^|oHO5nhd-WMb|-G)b=!`#k%7ee!Xn}`n4TIEZ3XhnEcHrcWmBWX
zAU75+<JWw}u9ARO4$<&QQfyC!MvAHt5BwETSj=088AiZ1hJ=-W>#y37Z={-XffXSi
z^i}cn44dKMG{?eJfR$Fj8J+sFo;AB;uFfzOa{&Q62mBSO_Mas40z52Z6BUNcmCb(W
zK6`Wec_7`41lgmw9r3j8?51yYg~;KNAaR2T9mYZ0bd2{0^V{Dbrr<Vt5Tsh*YtnI9
z))=ngCMIHjC?8m~t{e@Ir^`FW>6K5fDEZlYAFcTzKf2K=Uk#d$7`c>hTkDH+(YCvn
zKWVsrHDpGHqwW^>;^1W7LSulacF2N4{0pO->*Dd=T)5{BKz-pG0@vELHPhTD^7`1m
zuFcg8#5jgYXXH5$LF_mmXhR$PHXv*UfVC_-z%TUVNehAB>4BZ-Xn%1s+wBCccmjaC
z+R;@hw6I|xuZDDGSRiXIe%*6AtHE++H_dSl24^o0{@J!;Sp8s(DIb;1osp*?nyJ_N
z48mpR1%9Z-ip*ZO=pcz7pXuru;H<yCFzdx;)X{TmRYWeLEI>9sKi9m;ck3LV`WtbT
zB_fPj!Rl#Ll<(8}$--TbSWq^)(Ja2hFyGc*SS8ASFV~9~e##h6F~+ElEym_l20~qT
zulFgouf$AG70I(Iu{Z=SNF2R6N`+X_Yx_zx2`J|Kcy<?-^AGlUG80o7WqX~6BR-7&
zrhZYziXkg&g2pVXQJKC**~GO~$2zMg^s>1$^wn<T)%n$S*vYujj%QMPK^-)gbLWH<
zXhjDs1US_UfNab;k!`G^v=St?kXu$7F;eM@_ekpOY=`4ZU0|j#L^V|ZTZW^@FEM=e
z*`c!G@Mn!?;B1o<<{G3}QLL$1I&0OBKWz1fLHS_6`w4!d!kC$hRejDn(|g)1(?31E
zO|KqwieAa3+K98mzG*XNj`c0Wu^r3RlN~Wx(>rcELiE#M*NFVxUyg%+_jTd~v*KJS
zxoLGcY_L*q>{&@LN}+ReE>Qwg_q@f8gR`n`13YuOwzFD-j_-4wNPBcAt>63TahzOf
zS+?0D*K5ZgLYSIo1g!FD`difyE8T*B;&mdyy{E5#@uy=@Bd5lkV@OS6?WQd4R#BT8
z*_ck*hp|qmEDTm)|3SmD^m$LiA}|n2A5UDMYLLWmTEX*|hYkv2T(#rwjNVYP0zk|a
ztt>#-NtcaKmm94Iqiii?;!gJYKRW^C7*7!2tgiR1W?fog`oHqPlj}rDyOjr52_6dr
zFIU|wu2CX=T{Ecu59`SM%@r=<oWz4}>=_CTQZ_61AMA!$%0)ZJF59rSztC?p8843$
zm;yLQ(rzT<vj5QHj5*Gw<JS7VaJ$@P^X8}(tdsf^V4sgunp<Z|5vb^!l2{7GzS+sw
z_E|lCx?TDzdgw*M`Yn9QPmH#H4^!|f3H+1<dhNZEo2cFrl$BQ~UDX)&W=s8`7;eIK
z;o4na37c&>%$YjlIhnY8;R;zDtL+%Jkq}2L)z1Ox<hwSHI^u!7I6&Rx=O^s+=6^A0
zJa60bLk)JUV}dQhO6W~aaj*|Fv>KnNSz0L<Y`3Y&E#ZG-Kmw+>i1i5ekrrK>hwQPG
zkWjfZ`C~@iB}2<<l6I3tTO)k)4N5X|cVbAqI}_TU2iu8hSuO8K$EK-MT-)C|(8qAL
zJ2{^6;mNTN)`*t=+`ORA!}bfiJ$UaL=KsA<>(&f-#D^0>Ng<`3ejyvoF@IziWtn*U
zaBg|*1&JEl9}E95Qo&_+s#EvJA8Go0WdmN)8ScE4m{xve+WB5gY}EdE_2P&f^I6Qj
zytfRGmjyoe-dW&7kFHJAS7gYn0;o_6X;<V2?oBY5A*k85KCbE>z1OT^>mFK^pxR2P
zXUA6~_SSCK800{;=ZLE8Yy{|AhRC?30MzkW1<r<)-P6)1xkg59M>fKEwzR*`dl<zf
z8duX0oqz1ikglkQOqu~P=S5N^ULXuLx>}N-QJV7!6TtPxVS@z?I46?BL5m%M#ykFq
ztcAQJP-T^Y_2s)K(l+OR+3^24VeBtoet%KDP;!B;?oX+!%9wbk?tjr@_kHerb$_I?
z5er@2FFTyQn_WQ${y8$p?af5}wf=se*z#ECR*a;w3MBJM9_nI0iYgK`>Y^{Ec-rky
zgn`rng%(xwmf3`G@_~?kk<yI~Zi;@Ty2w^o4L`O)tu_T*14AZ$Ety3>>Ep8!gJ;hw
zNjI|h6B}7g?W21yfJ)TPB77IIw>Q&W1^9PO9J(c;w31et-Ny{R*o{k{&-3GFe}~z#
zCTx(GEY1%5vma!UVX4X~72w1gBQ}AdQ{|X@rHLaxwB35}RVhMcpudCMk%$Gw;^i|5
z(Z<qSP|8cs^HvS(7Z-1gIiz|omJgL5b9faCzVvIf<3neMT3<SJ`(K)!d7OLN)u?(f
z(vBE{j-D|xM!RN?h#fUf=&kO8F!J*ZsO^cltN+~V_wsh2kC78`#-3JJvw8dXz@k|1
z-wQ5TKk;2_i`U8Fiubm3*8rU8<Us8M3~~umAN5Utm%;zlU;Wc3gjyr4IE&0wF~QnR
z2Xp}nf$^=DCc`Fq+p@etg<=twZpd=zHq-}sZtVAJK<o=l1?A0p0|wm8iF1yb6740o
z+)gAaT^=dj+&z`L<Yy8RQ2O{2*!|I`@2-r5DUZYfdvv-U74_p=2D&nSe`Q#Lo!U0N
zP}$<f-pU&n4<_AH`0p$oovtYlle5m`X{O&Pxl-qbQV=a#dO<JE2|Cx3BI)g;s8DY$
zf9i0-uc-+iI{RvcWL)03+*R@o@;L~=PQ2QM<h71+Evhf4OJ1|GGGBi4MwiLaASzWV
z-$G+=D&hp`T4qLldfE%vBx{cmTG8qH<YtAW!J>xZHWF5Wb+XSDNPl83@>BtkK{OOb
zn$NI7&Vl6$c!t(n)zm_U=Els1GK0YLyNvJ^Q$WL-@E~o^IgD_7W3zmuZKwrV`j#PK
z#<SrZK1@$XrjwClaxR{}8RfW=W0&F{FgV@(XraFg6aKrixs2Lz&}yB|7_Ju%8p!CO
zEM%u*7kZf37X`Fm>Dl=~bLPCt67P3(46-@TO3c0~%JSmiQ@MpM*=Y-XHL8)Ydi0Zq
z`8~l2$EcKzjvE&iAXfSe;+H;7{`2dVB9ZxvAl-I7QTtxwdP;VTk8q6qWI8|b0g~_v
zTt^6*^zx07!UuGrC$<ZzBj7d7y1@~(%3jcBg`&5c0*lAqHtNmxhTnmebFX5r-u?ZB
z&%khHUZ+Zwl67Mw%e0x~R`ZmndIdZr;$C9bMy#7bVbmmoJGWD^FLD(lUMCdGd&q9N
zFE%!0Alf*Lcu~hB2OJ6&3rQWr>#`Wt)xGg7t#Iq2e{EuJAU1fxK*#!Zr|a{F!4OMZ
zQmp>^qq&M!4K701n4uZ_qTXKDh-ozLPm}mqh5M*Wze@5j$QVmJqh=C^N>t}KiW`v%
zY^Z~mW;#~^+m*@fa!M>~PtkO?YP7s6K-QI=KP^VqtUp*mV&Uq-9N@lqak7GQ%{O_G
z-$0nI1bAc;fuD3ppZk#^X!eMVJuNdezrPEd8<m4;Do&C}FyN~nX}?W@HS~3dx!DiQ
ztTYDH2iqZDkM$>Ef3gEBwrbw7wK9%V@k+H<tAlD->4EEn%Utlz%fP4aiqcg7p>D^^
zci!h)dn9|CYoazh-TBp&Tvf7v?9dLC1D@u*<otRml8Mt5eQv;_dOWSm86(spiT#oN
z$^}nH19v=}FB+9zAuYwv?d6Bky{_Vs@h_xV{8!=khyK#aqZe9GLz#8aK*iJL);$!k
zT`J<$G(gVRzY?{wC7?dKSHcL$p8svYeDEyKrszEA>2r7I3xjQ!>fMX?IFRWs`qMbj
zHkE@Tx)Oy6zI~qiT)g3JkL>jPzAoqdhxtLxbp}i!_<;u%#`3FkqpJ5!jzX6MxuJ(W
zKjqlI2pa}&7KA0GXi!Q~Tb7q>^kf)(({*~{b-vl7Y~JW-1(9XhB?Xqw?H?mo?!lk!
zExMGmq^^r}vpn--ISJ}vUo#J@dgt@>CC`#KfMp)~s{BX2p?&Qi^5pwJRIU;lnUn5+
z^_wDk>5sQ8knVe_u?!0C=f51;Ybdp}6j!M|UEZ_?2IY97kV8sI<W8BLJM6ueU+>8K
z1yHfVHjW@EVixssHh(fuH1UNh{M*vaXVC+8`~?)}uuwZi4^iq+w@GES3XM<XH!CO9
zu`!7ojU%5prF#vRx1gL9M@#cqLs!R{K$1#Ee>BkeTHrp{6@67H8ziGQ*fimA#>Dep
z#7}KkwhE<P8?5AWGaz<L5a5kOmf9#TjDt5*!B>%A&f!DrYraQhI$6-IRnbRUBplZ#
z-`wpwQ~4uKIDsR|z~am%U8VqONStHp3`EgcpSN}o!%-KyjW`NN>8wwxN3t@#av#!1
zIt+#Jf5Rvk{2SWH$1WL#1BI1~N%!hovU!6A&m=Y}TYQ_aA!6W;^J=oWV={{5vhvlf
zAd7I{X7dc8<z{ASXG|mrDke3zSbQH+#!MF@$<pgm&2Tr*ocHoQlDBr>GTi0ipX%y%
z<j$IxLGGhrOF251<Zt3+M3q`G7WL}OKe&1AT~Ug>dn#8p^^lx`9~WoC<@UMFLwlMG
zl9>|!4R@4ZHG_pfh2yEUdQJ_a=);b@A{xACN$=P?kjENaUxS&^o6&q>IR36=+6zwK
hFXnLEzWK$8|G)E#NB`d%pU3zAU~9ZzXnt=g{{i?kl~4cx


From 242a436e0c9730ba7d638f1a6dde05a1e9a25418 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Sun, 10 Oct 2021 16:30:32 +0300
Subject: [PATCH 04/16] semantics & modify CLI commands according Sonic CLI
 convention

---
 doc/passw_hardening/hld_password_hardening.md | 76 ++++++++++++++-----
 1 file changed, 57 insertions(+), 19 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index bc543d175ed..2abb33940c9 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -206,25 +206,25 @@ Aging(expire) implementation :
 
 ###  1.8. <a name='InitFlow'></a>Init Flow
 ####  1.8.1. <a name='Compilation'></a>Compilation
-	This feature will be disable by default in compilation stage, its meaning that it will be not compile, just in case the user will change the makefile setting to enable, this feature will be compile.
+	This feature will be disabled by default in the compilation stage, its meaning that it will be not compiled, only when the user will change the makefile setting to enable, this feature will be compiled.
 
-	In addition, the feature will have CLI as "plugin", meaning that when the feature is not compile even the feature CLI will be not appear in the CLI of the switch, and vice versa, when the feature will be compile the feature CLI plugin will be added to the general switch CLI.
+	In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
 
 ####  1.8.2. <a name='dependencies'></a>dependencies
 	service dependencies: SWSS & DB containers.
 	Description:
-	Password Hardening Daemon, the service that trigger this daemon, should start after SWSS & DB containers start.
+	Password Hardening Daemon, the service that triggers this daemon, should start after SWSS & DB containers start.
 
 ####  1.8.3. <a name='Featuredefault'></a>Feature default
-	Even when user will decide to add the feature in compilation the feature will be disable by default.
+	When a user decides to add the feature in the compilation the feature will be disabled by default.
 
-	The feature in general can be enable when changing the CONF_DB of the feature table to passw_hardening_enable=True/False. 
+	The feature in general can be enabled when changing the CONF_DB of the feature table to passw_hardening_enable=True/False. 
 
-####  1.8.4. <a name='Howdaemonworkinternally:'></a>How daemon work internally:
-	In case the user decided to compile the feature. The password hardening daemon will be started and running always, but it will do nothing, meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will be awake, and will be possible to use.
+####  1.8.4. <a name='Howdaemonworkinternally:'></a>How the daemon works internally:
+	In case the user decides to compile the feature. The password hardening daemon will be started and running always, but it will do nothing. Meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will activate, and will be functional.
 
 	Note:
-	This approach can support reset of the system, because the daemon automatly can verify if he should be awake or not.
+	This approach can support reset of the system, because the daemon can automatically can verify if he should be awake or not.
 
 ###  1.9. <a name='SAIAPI'></a>SAI API 
 	no changed.
@@ -234,9 +234,14 @@ Aging(expire) implementation :
 ####  1.10.1. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
 
 ##### PW enable 
+Set configuration:
+```
+config passwh enable
+```
 
+Get configuration:
 ```
-password hardening enable
+show passwh 
 ```
 
 ##### PW Class
@@ -266,15 +271,26 @@ password hardening enable
 
 The CLI command to configure the PW class type will be along the following lines:
 
+Set configuration:
 ```
-password complexity-class <lower/lower-upper/lower-upper-digit/lower-upper-digit-special>
+config passwh complexity-class <lower/lower-upper/lower-upper-digit/lower-upper-digit-special>
+```
+Get configuration:
+```
+show passwh complexity-class
 ```
-
 ##### PW Length
 
+Set configuration:
+```
+config passwh length min <length>
 ```
-password length min <length>
+
+Get configuration:
 ```
+show passwh length min
+```
+
 Note: Where length is a number between 0 and 32.
 
 Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
@@ -283,29 +299,51 @@ Once the user changed the minimum password length - the settings will be applied
 
 * PW age expire
 
-
+	Set configuration:
+	```
+	config passwh age expiration <age>
+	```
+	
+	Get configuration:
 	```
-	password age expiration <age>
+	show passwh age expiration
 	```
+	
 	Notes: Where age is in days and between 1 and 365 days (default 180). 
-
-
 * PW Age Change Warning
 
+	Set configuration:
+	```
+	config passwh age warning <warning_days>
+	```
 
+	Get configuration:
 	```
-	password age warning <warning_days>
+	show passwh age warning
 	```
+
 	Notes: The warning_days can be configured between 1 and 30 days (default 15).
 
 
 ##### PW username-match
 
-	password username-password-match <enable/disable>
+Set configuration:
+
+	config passwh username-password-match <enable/disable>
+
+Get configuration:
+
+	show passwh username-password-match
+
 
 ##### PW Saving
+Set configuration:
+
+	config passwh history <num of old passwords to save>
+
+Get configuration:
 
-	password history <num of old passwords to save>
+	show passwh history
 
 ##### CLI permissions
 	The CLI commands should be allowed only to the admin user. Other users should be able to view the parameters but not change them.

From 4b834f0e0cad83c26a4e4ccbf11e411300f7abed Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Sun, 10 Oct 2021 17:00:03 +0300
Subject: [PATCH 05/16] add field in DB per user

---
 doc/passw_hardening/hld_password_hardening.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 2abb33940c9..d0882de803f 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -357,8 +357,11 @@ The table named PASSW_CONF_TABLE in CONF_DB will hold the follow key-values:
 passw_hardening_enable=True/False   # enable/disable the feature
 passwd_class=lower/lower-upper/lower-upper-digit/lower-upper-digit-special
 passwd_expiration=N
+passwd_expiration/user=N
 passwd_expiration_warining=N
+passwd_expiration_warining/user=N
 passwd_history=N
+passwd_history/user=N
 len_max=N
 len_min=N
 debug=True/False

From 8c2e89a7baa80bbb70d59d39fdfbb2b27d609eea Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 21 Oct 2021 11:26:43 +0300
Subject: [PATCH 06/16] add yang module, ABNF description, init flow chapter

---
 doc/passw_hardening/hld_password_hardening.md | 815 +++++++++---------
 doc/passw_hardening/sonic-passwh.yang         |  82 ++
 2 files changed, 490 insertions(+), 407 deletions(-)
 create mode 100644 doc/passw_hardening/sonic-passwh.yang

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index d0882de803f..28871608f95 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -17,26 +17,21 @@
 		* 1.8.1. [Compilation](#Compilation)
 		* 1.8.2. [dependencies](#dependencies)
 		* 1.8.3. [Feature default](#Featuredefault)
-		* 1.8.4. [How daemon work internally:](#Howdaemonworkinternally:)
+		* 1.8.4. [How the daemon works internally:](#Howthedaemonworksinternally:)
 	* 1.9. [SAI API](#SAIAPI)
 	* 1.10. [Configuration and management](#Configurationandmanagement)
-		* 1.10.1. [CLI/YANG model Enhancements](#CLIYANGmodelEnhancements)
-		* 1.10.2. [Config DB Enhancements](#ConfigDBEnhancements)
-		* 1.10.3. [Secure Password Table Schema](#SecurePasswordTableSchema)
+		* 1.10.1. [PASSWH configDB table](#PASSWHconfigDBtable)
+		* 1.10.2. [ConfigDB schemas](#ConfigDBschemas)
+		* 1.10.3. [CLI/YANG model Enhancements](#CLIYANGmodelEnhancements)
+		* 1.10.4. [Config DB Enhancements](#ConfigDBEnhancements)
 	* 1.11. [Warmboot and Fastboot Design Impact](#WarmbootandFastbootDesignImpact)
 	* 1.12. [Restrictions/Limitations](#RestrictionsLimitations)
 	* 1.13. [Test Plan](#TestPlan)
-		* 1.13.1. [Setups](#Setups)
-		* 1.13.2. [CLI configurational tests](#CLIconfigurationaltests)
-		* 1.13.3. [Precondition:](#Precondition:)
-		* 1.13.4. [Case 3: check secure password age (expiration) and warning configuration](#Case3:checksecurepasswordageexpirationandwarningconfiguration)
-		* 1.13.5. [Case 4 – sanity test](#Case4sanitytest)
-		* 1.13.6. [Negative cases](#Negativecases)
-		* 1.13.7. [Case 1: check basic configuration – bad flow with invalid input](#Case1:checkbasicconfigurationbadflowwithinvalidinput)
-		* 1.13.8. [Test Open Issues](#TestOpenIssues)
+		* 1.13.1. [Unit Test cases](#UnitTestcases)
+		* 1.13.2. [System Test cases](#SystemTestcases)
 	* 1.14. [3rd Party Components](#rdPartyComponents)
 		* 1.14.1. [pam-cracklib](#pam-cracklib)
-		* 1.14.2. [PW Age](#PWAge)
+		* 1.14.2. [PW Age/History](#PWAgeHistory)
 		* 1.14.3. [PW History](#PWHistory)
 
 <!-- vscode-markdown-toc-config
@@ -51,7 +46,7 @@
 Rev 0.1
 ###  1.2. <a name='Scope'></a>Scope  
 
-	This password hardening hld doc described the requirements, arcquitecture and configuration details of password hardening feature in switches Sonic OS based.
+This password hardening hld doc described the requirements, arcquitecture and configuration details of password hardening feature in switches Sonic OS based.
 
 ###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations 
 	PW - password
@@ -59,16 +54,16 @@ Rev 0.1
 
 ###  1.4. <a name='Overview'></a>Overview 
 
-	Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards of securing the switch.
-	The complexity of the password, it's replacement capabilities and change frequency define the security level of the first perimeter of the switch.
-	Therefore - in order to further improve and harden the switch - a secure mechanism is required to enforce PW policies.
+Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards of securing the switch.
+The complexity of the password, it's replacement capabilities and change frequency define the security level of the first perimeter of the switch.
+Therefore - in order to further improve and harden the switch - a secure mechanism is required to enforce PW policies.
 
 ###  1.5. <a name='Requirements'></a>Requirements
 | Requirement | Capabilities | Config Parameters | Notes
 | ------ | ------| ------ | ------ |
 | PW Length	 | The PW length should have a minimum length requirement <br /><br />The PW length should have a maximum length requirement| The user should be able to configure the minimum PW length <br /><br />The user should be able to configure the maximum PW length | Min PW length is between 0 to 32 chars (default 8)<br /><br />Max PW length is between 64 to 80 chars (default 64)
 | PW Aging | The PW should have an expiration date, after which the user is required to change the PW <br /><br />A warning to change the PW should be presented to the user a fixed time before the expiration date arrives. This warning should appear in every login so long as the PW expiration time <= warning time. |The user should be able to configure the expiration time of the PW.  The user will be able to configure "no aging" for the PW<br /><br />The user should be able to configure the amount of days to present the warning before the PW expires | PW age time is to be between 1 to 365 days (default 180)<br /><br />PW warning show is to be between 1 to 30 days (default 15)
-| PW constraints | The PW class represents the possible characters comprising the PW. There are 4 character classes that can make up the PW:small characters, big characters, numbers and special chars presented on a standard keyboard <br /><br />The account name and PW need to be different <br /><br />The new PW is to be different from current PW|The user should be able to define which characters classes are required for the PW out of the 4 provided<br /><br /><br /><br />The user will be able to enable or disable this feature|Legal special characters `~!@#$%^&*()-_=+\|[{}];:',<.>/? and white space<br /><br /><br /><br />An error will be shown to the user if it tries to set the same PW as the username<br /><br /><br /><br />default - enable
+| PW constraints | The PW class represents the possible characters comprising the PW. There are 4 character classes that can make up the PW:small characters, big characters, numbers and special chars presented on a standard keyboard <br /><br />The account name and PW need to be different <br /><br />The new PW is to be different from current PW|The user should be able to define which characters classes are required for the PW out of the 4 provided<br /><br /><br /><br />The user will be able to enable or disable this feature|Legal special characters `~!@#$%^&*()-_=+\|[{}];:',<.>/? and white space<br /><br /><br /><br />An error will be shown to the user if it tries to set the same PW as the username<br /><br /><br /><br />default - enable, default remember last 10 password
 
 ###  1.6. <a name='ArchitectureDesign'></a>Architecture Design 
 Arc design diagram\
@@ -78,23 +73,23 @@ Arc design diagram\
 
 ###  1.7. <a name='High-LevelDesign'></a>High-Level Design 
 
-	In this section we will present the design (as thorough as possible) for the secure PW implementation.
+In this section we will present the design (as thorough as possible) for the secure PW implementation.
 
-	User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
-			
-	The feature will use 2 linux libs: pam-cracklib, chage and pam_pwhistory.so
+User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
+		
+The feature will use 2 linux libs: pam-cracklib, chage and pam_pwhistory.so
 
-	pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
+pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
 
-	The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices.
-	This module support many options, including the requirements of PW Length & PW constraints. (see option strengh-checking below)
+The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices.
+This module support many options, including the requirements of PW Length & PW constraints. (see option strengh-checking below)
 
-	chage: support the requirement of PW Aging, change user password expiry information
+chage: support the requirement of PW Aging, change user password expiry information
 
-	pam_pwhistory - PAM module to remember last passwords (seen that Debian already supported it without installing this package)
+pam_pwhistory - PAM module to remember last passwords (seen that Debian already supported it without installing this package)
 
-	Note:
-	See linux 3d party component chapter for more description
+Note:
+See linux 3d party component chapter for more description
 
 
 ##### Flow diagram:
@@ -102,52 +97,52 @@ Arc design diagram\
 ![password hardening flow](ph_diagram.jpg)
 
 ####  1.7.1. <a name='Flowdescription:'></a>Flow description:
-	Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
-	The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs. 
-	After that, it will save the configuration and results in APPL_DB in PASSW_CONF_TABLE.
+Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
+The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs. 
+After that, it will save the configuration and results in APPL_DB in PASSW_CONF_TABLE.
 
-	Note:
-	The table PASSW_CONF_TABLE should reduce time consuming when users need to read configuration, because it will avoid to make additional calls to kernel.
+Note:
+The table PASSW_CONF_TABLE should reduce time consuming when users need to read configuration, because it will avoid to make additional calls to kernel.
 
 ####  1.7.2. <a name='PasswordHardeningConstrains'></a>Password Hardening Constrains
-	The PW Hardening features will be support different options by encapsulate cracklib, chage and pwhistory options according the constrains definitions below.
+The PW Hardening features will be support different options by encapsulate cracklib, chage and pwhistory options according the constrains definitions below.
 
 ##### PW enable 
 
-	Enable/Disable password hardening feature
+Enable/Disable password hardening feature
 
-	Note: when this feature is disable will be just the default password validation without strength-checking for passwords.
+Note: when this feature is disable will be just the default password validation without strength-checking for passwords.
 
 ##### PW Class
-	PW class is the type of characters the user is required to enter when setting/updating a PW.
+PW class is the type of characters the user is required to enter when setting/updating a PW.
 
-	There are 4 classes:
+There are 4 classes:
 
-	Small characters - a-z
+Small characters - a-z
 
-	Big characters - A-Z
+Big characters - A-Z
 
-	Numbers - 0-9
+Numbers - 0-9
 
-	Special Characters   `~!@#$%^&*()-_+=\|[{}];:',<.>/? and white space
+Special Characters   `~!@#$%^&*()-_+=\|[{}];:',<.>/? and white space
 
-	Each of these classes will receive a Regexp to represent the class.
+Each of these classes will receive a Regexp to represent the class.
 
-	The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
+The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
 
-	Note:
-	In order to implement it, the daemon will encapsulate some pam-cracklib options.
-	i.e:
+Note:
+In order to implement it, the daemon will encapsulate some pam-cracklib options.
+i.e:
 
-	To request at least one character of every class, the PASSWD daemon will set:
-	pam-cracklib options: lcredit=-1, ucredit=-1, dcredit=-1.
-	(meaning that the user need at least one character of the types.)
-	See explanation of cracklib options in 3rd Party component chapter.
+To request at least one character of every class, the PASSWD daemon will set:
+pam-cracklib options: lcredit=-1, ucredit=-1, dcredit=-1.
+(meaning that the user need at least one character of the types.)
+See explanation of cracklib options in 3rd Party component chapter.
 
 ##### PW Length
-	PW length is a base requirement for the PW.
+PW length is a base requirement for the PW.
 
-	All password length enforcements and changes will be applied the next time the user would require a PW change or would want to change his own password
+All password length enforcements and changes will be applied the next time the user would require a PW change or would want to change his own password
 
 * Minimum Length
 
@@ -163,9 +158,9 @@ Arc design diagram\
 	Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
 
 ##### PW Age
-	Along with every PW set to a user, attached to it is the age of the PW - the amount of time that has passed since a PW change has occurred.
+Along with every PW set to a user, attached to it is the age of the PW - the amount of time that has passed since a PW change has occurred.
 
-	This PW change can either be from the initial config wizard or from the CLI.
+This PW change can either be from the initial config wizard or from the CLI.
 
 * PW Age Change
 	Once a PW change takes place - the DB record for said PW is updated with the new PW value and a fresh new age (=0).
@@ -184,390 +179,397 @@ Arc design diagram\
 	To support it, can be use chage option "--warndays"
 
 Aging(expire) implementation :
-	For implement the "aging" we need to change the /etc/login.def file and set max days and warning days, this changes affection globally, meaning all new users.
-	For read the information per user we will use the "chage" library.
-	In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
+
+For implement the "aging" we need to change the /etc/login.def file and set max days and warning days, this changes affection globally, meaning all new users.
+For read the information per user we will use the "chage" library.
+In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
 
 
 ##### PW username-match
-	By enabling this feature, the user will not be permitted to set the same username & password
+By enabling this feature, the user will not be permitted to set the same username & password
 
 
 ##### PW Saving
-	Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
+Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
 
-	Implementation: will be support by using pam_pwhistory.so, remember=N option.
-	Seen that in Debian its not necessary to install this package. Its enough to add the remember=N option to the common-password file.
-	
-	Note:
-	For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
+Implementation: will be support by using pam_pwhistory.so, remember=N option.
+Seen that in Debian its not necessary to install this package. Its enough to add the remember=N option to the common-password file.
+
+Note:
+For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
 
 		password    sufficient    pam_unix.so sha512 shadow use_authtok
 
 ###  1.8. <a name='InitFlow'></a>Init Flow
 ####  1.8.1. <a name='Compilation'></a>Compilation
-	This feature will be disabled by default in the compilation stage, its meaning that it will be not compiled, only when the user will change the makefile setting to enable, this feature will be compiled.
+This feature will be disabled by default in the compilation stage, its meaning that it will be not compiled, only when the user will change the makefile setting to enable, this feature will be compiled.
 
-	In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
+In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
 
 ####  1.8.2. <a name='dependencies'></a>dependencies
-	service dependencies: SWSS & DB containers.
-	Description:
-	Password Hardening Daemon, the service that triggers this daemon, should start after SWSS & DB containers start.
+Service dependencies: DB container & INIT_CONF. 
+Description:
+Password Hardening Daemon, the service that triggers this daemon, should start after SWSS & DB containers start.
 
 ####  1.8.3. <a name='Featuredefault'></a>Feature default
-	When a user decides to add the feature in the compilation the feature will be disabled by default.
+When a user decides to add the feature in the compilation the feature will be enabled by default.
 
-	The feature in general can be enabled when changing the CONF_DB of the feature table to passw_hardening_enable=True/False. 
+Description of default values in init_cfg.json regarding Password Hardening:
+```
+feature enable: True
+expiration: 180 	// days unit
+expiration warning: 15 //days unit
+history: 10 // num of old password that the system will recorded
+len_max: 61
+len_min: 8
+username password match: True
+lower class: True
+upper class: True
+digit class: True
+special class: True
+```
 
-####  1.8.4. <a name='Howdaemonworkinternally:'></a>How the daemon works internally:
-	In case the user decides to compile the feature. The password hardening daemon will be started and running always, but it will do nothing. Meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will activate, and will be functional.
+####  1.8.4. <a name='Howthedaemonworksinternally:'></a>How the daemon works internally:
+In case the user decides to compile the feature. The password hardening daemon will be started and running always, but it will do nothing. Meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will activate, and will be functional.
 
-	Note:
-	This approach can support reset of the system, because the daemon can automatically can verify if he should be awake or not.
+Note:
+This approach can support reset of the system, because the daemon can automatically can verify if he should be awake or not.
 
 ###  1.9. <a name='SAIAPI'></a>SAI API 
-	no changed.
+no changed.
 
 ###  1.10. <a name='Configurationandmanagement'></a>Configuration and management
 
-####  1.10.1. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
+####  1.10.1. <a name='PASSWHconfigDBtable'></a>PASSWH configDB table
 
-##### PW enable 
-Set configuration:
 ```
-config passwh enable
+PASSWH:
+	"enable": {{True/False}}
+	"expiration": {{days}}
+	"expiration_warning": {{days}}
+	"history": {{num_passw_history}}
+	"len_max": {{num}}
+	"len_min": {{num}}
+	"username_passw_match": {{True/False}}
+	"lower_class": {{True/False}}
+	"upper_class": {{True/False}}
+	"digit_class": {{True/False}}
+	"special_class": {{True/False}}
 ```
+Note: similar table for PASSWH_STATUS in APPL_DB
+
+####  1.10.2. <a name='ConfigDBschemas'></a>ConfigDB schemas
 
-Get configuration:
 ```
-show passwh 
+; Defines schema for PASSWH configuration attributes (PASSWH table & PASSW_STATUS table have same schema)
+key                                   = PASSWH:name 			  ;password hardening configuration
+; field                               = value
+FEATURE_ENABLE                		  = "True" / "False"          ; Feature feature enable/disable
+EXPIRATION                     		  = year					; password expiration 1 year in days units
+year								  = 4DIGIT	   
+EXPIRATION_WARNING                    = month					; password expiration warning  1 year in days units
+month								  = 2DIGIT
+PASSW_HISTORY						  = 2*DIGIT					; number of old password to be stored (0-99)
+LEN_MIN								  = 2*DIGIT 				; max characters in password (0-32 chars)
+LEN_MAX								  = 2*DIGIT 				; min characters in password (64-80 chars)
+USERNAME_PASSW_MATCH				  = "True" / "False"
+LOWER_CLASS            		  		  = "True" / "False"          
+UPPER_CLASS            		  		  = "True" / "False"          
+DIGITS_CLASS           		  		  = "True" / "False"          
+SPECIAL_CLASS          		  		  = "True" / "False"
 ```
 
-##### PW Class
-	PW class is the type of characters the user is required to enter when setting/updating a PW.
 
-	There are 4 classes. (see description in arc section)
 
-	The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
+####  1.10.3. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
+```yang
+//filename:  sonic-passw.yang
+module sonic-passwh {
+    yang-version 1.1;
+    namespace "http://github.com/Azure/sonic-passwh";
+    description "PASSWORD HARDENING YANG Module for SONiC OS";
+    revision 2021-10-12 {
+        description
+            "First Revision";
+    }
+	import sonic-types {
+		prefix stypes;
+    }
+    container sonic-passwh {
+		container PASSWH {
+			description "PASSWORD HARDENING part of config_db.json";
+			leaf state {
+					description "state of the feature";
+					type stypes:feature_state;
+					default "enabled";
+			}
+			leaf expiration {
+				description "expiration time (days unit)";
+				default: 180
+				type uint32 {
+					length 1..365;
+				}
+			}
+			leaf expiration_warning {
+				description "expiration warning time (days unit)";
+				default: 15
+				type uint8 {
+					range 1..30;
+				}
+			}
+			leaf history {
+				description "num of old password that the system will recorded"
+				default: 10
+				type uint8 {
+					range 1..100;
+				}
+			}
+			leaf len_max {
+				description "password max length"
+				default: 64
+				type uint8 {
+					range 64..80;
+				}
+			}
+			leaf len_min {
+				description "password min length"
+				default: 8
+				type uint8 {
+					range 1..32;
+				}
+			}
+			leaf username_passw_match{
+				description "username password match"
+				default: True;
+				type boolean;
+			}
+			leaf lower class{
+				description "password lower chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf upper class{
+				description "password upper chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf digits class{
+				description "password digits chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf special class{
+				description "password special chars policy"
+				default: True;
+				type boolean;
+			}
+		} /* PASSWH table */
+    }/* container sonic-passwh */
+}/* end of module sonic-passwh */
+```
+
+##### Config CLI
+###### PW enable 
+Set configuration:
+
+```
+config passwh enable/disable
+```
+
+PW Class:
+
+PW class is the type of characters the user is required to enter when setting/updating a PW.
+
+There are 4 classes. (see description in arc section)
 
-	A CLI command will be available to the user for this configuration. Once a user has selected the class types he wants to enforce (from a pre-defined options list), this will enforce the PW selected by the user to have at least 1 character from each class in the selected option.
+The user will be able to choose whether to enforce all PW class characters in the PW or only a subset of the characters.
 
-	The CLI classes options will be as follows:
+A CLI command will be available to the user for this configuration. Once a user has selected the class types he wants to enforce (from a pre-defined options list), this will enforce the PW selected by the user to have at least 1 character from each class in the selected option.
 
-	None - Meaning no required classes.
+The CLI classes options will be as follows:
 
-	lower- lowerLowercase Characters
+None - Meaning no required classes.
 
-	lower-upper - Lowercase + Uppercase 
+lower- lowerLowercase Characters
 
-	lower-upper-digit - Lowercase + Uppercase + Numbers
+upper - Uppercase 
 
-	lower-upper-digit-special - Lowercase + Uppercase + Numbers + Special
+digit - Numbers
 
-	multiple char enforcement
+special - Special symbols (seen in requirement chapter)
 
-	There will be no enforcement of multiple characters from a specific class or a specific characters (be either letter or symbol) to appear in the PW.
+multiple char enforcement
+
+There will be no enforcement of multiple characters from a specific class or a specific characters (be either letter or symbol) to appear in the PW.
 
 The CLI command to configure the PW class type will be along the following lines:
 
 Set configuration:
 ```
-config passwh complexity-class <lower/lower-upper/lower-upper-digit/lower-upper-digit-special>
-```
-Get configuration:
-```
-show passwh complexity-class
+config passwh complexity-class <lower upper digit special>  
+Values in every position are boolean, for example: 
+
+config passwh complexity-class <lower upper digit special>  False False True True 
 ```
-##### PW Length
+
+Note: Meaning: no must use of lower, no must use of upper, must use digit, must use special characters
+
+###### PW Length
 
 Set configuration:
 ```
 config passwh length min <length>
 ```
 
-Get configuration:
-```
-show passwh length min
-```
-
 Note: Where length is a number between 0 and 32.
 
 Once the user changed the minimum password length - the settings will be applied to the config node and will be enforced on the next pw change
 
-##### PW Age
+###### PW Age
 
 * PW age expire
 
-	Set configuration:
-	```
-	config passwh age expiration <age>
-	```
-	
-	Get configuration:
-	```
-	show passwh age expiration
-	```
+Set configuration:
+```
+config passwh age expiration <age>
+```
 	
-	Notes: Where age is in days and between 1 and 365 days (default 180). 
+Notes: Where age is in days and between 1 and 365 days (default 180). 
 * PW Age Change Warning
 
-	Set configuration:
+Set configuration:
 	```
 	config passwh age warning <warning_days>
 	```
 
-	Get configuration:
-	```
-	show passwh age warning
-	```
-
-	Notes: The warning_days can be configured between 1 and 30 days (default 15).
+Notes: The warning_days can be configured between 1 and 30 days (default 15).
 
 
-##### PW username-match
+###### PW username-match
 
 Set configuration:
 
 	config passwh username-password-match <enable/disable>
 
-Get configuration:
-
-	show passwh username-password-match
-
 
-##### PW Saving
+###### PW Saving
 Set configuration:
 
 	config passwh history <num of old passwords to save>
 
-Get configuration:
+##### Show CLI
+
+Show command should be extended in order to add "passwh" alias:
 
-	show passwh history
+```
+==========================================
+admin@sonic:~$ show passwh
+PASSWORD HARDENING
+Policies					 status
+------------------- 	    ------------
+feature state                 enable
+expiration 		  		      30 days
+expiration warning            10 days
+history					      4
+min length					  30
+max length					  15
+username passw match		  True
+lower class	  				  True
+upper class   			      True
+digit class                   True
+special class                 True
+==========================================
+```
 
 ##### CLI permissions
 	The CLI commands should be allowed only to the admin user. Other users should be able to view the parameters but not change them.
 
-####  1.10.2. <a name='ConfigDBEnhancements'></a>Config DB Enhancements
-	This DB will include a new table "PASSW_CONF_TABLE" (Secure Password Table)
-####  1.10.3. <a name='SecurePasswordTableSchema'></a>Secure Password Table Schema
-The table named PASSW_CONF_TABLE in CONF_DB will hold the follow key-values:
-
+####  1.10.4. <a name='ConfigDBEnhancements'></a>Config DB Enhancements
+
+The ConfigDB will be extended with next objects:
+
+```json
+{
+	"PASSWH": {
+		"enable": "True",  // enable/disable the feature
+		"expiration": "30", 	// days unit
+		"expiration_warning": "10", //days unit
+		"history": "10", // num of old password that the system will recorded
+		"len_max": "30",
+		"len_min": "15",  // num of min characters in a password
+		"username_passw_match": "True",
+		"lower class": "True",
+		"upper class": "True",
+		"digit class": "True",
+		"special class": "True",
+	}
+}
 ```
-passw_hardening_enable=True/False   # enable/disable the feature
-passwd_class=lower/lower-upper/lower-upper-digit/lower-upper-digit-special
-passwd_expiration=N
-passwd_expiration/user=N
-passwd_expiration_warining=N
-passwd_expiration_warining/user=N
-passwd_history=N
-passwd_history/user=N
-len_max=N
-len_min=N
-debug=True/False
-retry=N
-difok=N
-minlen=N
-dcredit=N  
-ucredit=N
-lcredit=N
-ocredit=N
-minclass=N
-maxrepeat=N
-maxsequence=N
-maxclassrepeat=N
-dictpath=<path to cracklib dict>
+The AppDB will be extended with table PASSW_STATUS with similar objects than PASSWH table:
+
+```json
+{
+	"PASSWH_STATUS": {
+		"enable": "True",  // enable/disable the feature
+		"expiration": "30", 	// days unit
+		"expiration_warning": "10", //days unit
+		"history": "10", // num of old password that the system will recorded
+		"len_max": "30",
+		"len_min": "15",  // num of min characters in a password
+		"username_passw_match": "True",
+		"lower class": "True",
+		"upper class": "True",
+		"digit class": "True",
+		"special class": "True",
+	}
+}
 ```
 
 Notes:
-*   More descriptions of the field can be found in 3rd Party Chaper
-* 	Similar option will be saved in PASSW_CONF_TABLE in APPL_CONF.\
-	the main difference is that other applications read from APPL_DB, and not from CONF_DB according Sonic arq. In addition, CONF_DB contain values requested by user, when APPL_DB contain the result values, meaning that if some option fail to set in the linux module the APPL_CONF will have the founded state of the option.
 
-*	values like password_expiration, need to be wrote in the DB 		under username, ie: username1/passwd_expiration
-	because different users can have different remain of expiration time.
+Similar fields will be saved in PASSW_TABLE than in PASSWH_STATUS_TABLE in APPL_DB.\
+the main difference is that other applications read from APPL_DB, and not from CONF_DB according Sonic architecture. In addition, CONF_DB contain values requested by user, when APPL_DB contain the result values, meaning that if some option fail to set in the linux module the APPL_CONF will have the founded state of the option.
+
 
 ###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
-	Not relevant.
+Not relevant.
 
 ###  1.12. <a name='RestrictionsLimitations'></a>Restrictions/Limitations  
-	the secure password feature is not supported on remote AAA.
-	LDAP/Radius/Tacacs is under customer responsability.
-
-
-###  1.13. <a name='TestPlan'></a>Test Plan
-
-####  1.13.1. <a name='Setups'></a>Setups
-	The test setup consists of a single switch (director and 1U, IB and Eth).
-
-####  1.13.2. <a name='CLIconfigurationaltests'></a>CLI configurational tests
-
-#####  2.2.1. <a name='Case1:checkbasicconfigurationgoodflow'></a>Case 1: check basic configuration – good flow
-
-Test Objective:
-
-	The test will create several secure password configurations, and verify them with show command and will verify in the Redis DB according the new table present in Config DB chapter. Also, it will verify the default values are configured correctly.
-
-####  1.13.3. <a name='Precondition:'></a>Precondition:
-
-	Admin user is logged in and secure password feature is enabled with default values (can enable it in the test if needed). 
-
-**Setup descriptions and objectives:**
-
-`	`All Switches.
-
-|#|Test steps|Expected result|
-| :-: | :-: | :-: |
-||<p>If can’t be done in pre-test:</p><p>Reset secure password, so it will be enabled with default values.<br>Disable feature: </p><p>[no password security enable]</p>|secure password is disabled|
-||<p>Enable feature: </p><p>[password security enable]</p>|secure password is enabled|
-||<p>Perform show command </p><p>[show password security]</p>|Configured values are shown|
-||<p>` `Verify that all the values are equal to the default:</p><p>Min password length: 8 (characters) </p><p>Max password length: 64 (characters) </p><p>Password age: 180 (days) </p><p>Expiration warning message: 15 (days) </p><p>Password history length: 5 </p><p>Character class: Lowercase, uppercase and digits </p><p>Different username and password: Enabled </p><p></p>|All values are equal to default|
-||<p>Configure random min password </p><p>[password length minimal <0-32>]</p>|min password configured|
-||<p>Configure random max password </p><p>[password length maximal <64-80>]</p>|max password configured|
-||<p>Configure random age expiration password </p><p>[password age expiration<0-365>]</p>|age expiration password configured|
-||<p>Configure random age warning password</p><p>[password age warning <0-30, **not larger than expiration**>]</p>|age warning password configured|
-||<p>Configure random complexity-class password</p><p>[password complexity-class >lower| lower-upper | lower-upper-digit | lower-upper-digit-special<]</p>|complexity-class password configured|
-||<p>Configure random password history</p><p>[password history <0-20>]</p>|History password configured|
-||<p>Disable password and username to be different </p><p>[no password username-password-match enable]</p><p>(configuring to disabled because the default is enabled)</p>|username-password-match configured|
-||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly|
-||<p>Validate all appear in show running config</p><p>[show running-config]</p>|All appear|
-||<p>Change the password to a password that e.g. length 33, different that old passwords, with lower case, upper case ,number and at least one char of:</p><p>`~!@#$%^&\*()-\_=+[{}];:',<.>  </p>|Password is replaced|
-||<p>Check “return to default, perform the “no” commands:</p><p>[no password age expiration]</p><p>[no password age warning]</p><p>[no password complexity-class]</p><p>[no password history]</p><p></p>|All configurations are configured and returned to default |
-||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly– age to 180, warning to 15, complexity-class to  lower-upper-digit, history to 5|
-||<p>Disable the feature</p><p>[no password security enable]</p><p></p>|Configuration is set|
-||[show running-config]|Feature is not set|
-
-#####  2.3.1. <a name='Case2:checksecurepasswordhistoryconfiguration'></a>Case 2: check secure password history configuration
-
-Test Objective:
-
-	The test will create several secure password history configurations.
-
-Precondition:
-
-	Admin user is logged in and secure password feature is enabled. 
-
-Setup descriptions and objectives:
-
-`	`All Switches.
-
-|#|Test steps|Expected result|
-| :-: | :-: | :-: |
-||<p>Set history to <1-20>, CLI command: “password history <1-20>”</p><p>(possible: 0-20. Randomize 1-20. Let’s call it X. Also randomize a lower number for false try (1-Y).</p>|The history is configured to X|
-||<p>Change password to a different password than current one and different to old ones (Repeat X-1 times, notice, in the middle there will be next step)</p><p></p>|Password is changed|
-||<p>Inside the loop, somewhere in 1 - Y, try to set the initial password (that was already set).</p><p></p>|The password is not accepted.|
-||<p>After X times, try to set the initial password (that was already set).</p><p></p>|The password is accepted.|
-||<p>Disable the history </p><p>[password history 0]</p>|The configuration is set|
-||Change to the same as last password|The password is set|
-
-####  1.13.4. <a name='Case3:checksecurepasswordageexpirationandwarningconfiguration'></a>Case 3: check secure password age (expiration) and warning configuration
-
-Test Objective:
-
-	The test will create several secure password age (expiration) and warning configurations.
-
-Precondition:
+The secure password feature is not supported on remote AAA.
 
-	Admin user is logged in and secure password feature is enabled.
+LDAP/Radius/Tacacs is under customer responsibility.
 
-Setup descriptions and objectives:
 
-	All Switches.
-
-|#|Test steps|Expected result|
-| :-: | :-: | :-: |
-||<p>Set age to X:</p><p>` `[password age expiration <1-365>]</p>|The age is configured to X|
-||<p>Configure first without a warning </p><p>[password warning 0]</p>|The warning is configured to 0|
-||<p>Log out</p><p></p>|The admin user is logged out|
-||Log in|Logged in (if set to 1, only if not after 24:00, if after 24:00 it will be forced to change the password because it will be expired, and the test will fail…)|
-||change the machine’s date to be larger than X (X+1 or more days from today)|Date is changed|
-||Log out|Logged out|
-||<p>Try to log in</p><p></p>|Password is forced to be changed|
-||<p>Change the password to a legal one.</p><p>e.g. length 33, different that old passwords, with lower case, upper case, number.</p>|Password is changed and we are logged in|
-||<p>Configure a warning to Y – notice, needs to be smaller than age.</p><p>[password warning <1-30>, not larger than expiration]</p>|configuration is set|
-||change the machine’s date to be inside the range of the warning|Date is changed|
-||<p>Log out</p><p></p>|The user is logged out|
-||Log in|Logged in and the warning is shown|
-||<p>Configure 0 to disable the age</p><p>[password age expiration 0]</p>|configuration is set|
-||change the machine’s date to be larger than X (X+1 or more days from today)|Date is changed|
-||Log out|Logged out.|
-||Log in|Logged in, password is accepted.|
-
-
-
-
-####  1.13.5. <a name='Case4sanitytest'></a>Case 4 – sanity test
-Test Objective: 
-
-	The test will create several secure password configurations and check users
-
-Precondition:
-
-	Admin user is logged in and secure password feature is enabled.
-
-Setup descriptions and objectives:
-
-	All Switches.
-
-
-|#|Test steps|Expected result|
-| :-: | :-: | :-: |
-||` `Add a user with random capability (admin/monitor/v\_admin/unpriv) with a password that is accepted with the feature’s default values. e.g. length 33, different that old passwords, with lower case, upper case, number |User is added|
-||Open a new session and try to login the user with the password that was set|Able to log in|
-||<p>Configure random min password </p><p>[password length minimal <0-32>]</p>|min password configured|
-||<p>Configure random max password </p><p>[password length maximal <64-80>]</p>|max password configured|
-||<p>Configure random age expiration password </p><p>[password age expiration<0-365>]</p>|age expiration password configured|
-||<p>Configure random age warning password</p><p>[password age warning <0-30>, not larger than expiration] </p>|Age warning password configured|
-||<p>Configure random complexity-class password</p><p>[password complexity-class >lower| lower-upper | lower-upper-digit | lower-upper-digit-special<]</p>|complexity-class password configured|
-||<p>Configure random password history</p><p>[password history <0-20>]</p>|History password configured|
-||<p>Enable/Disable password and username to be different </p><p>[no] password username-password-match enable]</p><p></p>|username-password-match configured|
-||<p>Perform a show command to verify all above configurations are set</p><p>[show password security]</p><p></p>|All configurations are set correctly|
-||<p>Change password according to the new restrictions.</p><p>` `e.g. length 33, different that old passwords, with lower case, upper case, number and at least one char of:</p><p>`~!@#$%^&\*()-\_=+[{}];:',<.>  </p>|password configured|
-||Open a session and try to login to test user|Able to log in|
-||Open another session to the same user and try to login with the most updated password|Logged in|
-||Try to change password from second session to a non legal one|Password not configured|
-||change password from second session to a legal one|Password configured|
-||Logout from first session|Logged out|
-||Log in from first session with new legal password|Logged in|
-
-
-
-####  1.13.6. <a name='Negativecases'></a>Negative cases
-####  1.13.7. <a name='Case1:checkbasicconfigurationbadflowwithinvalidinput'></a>Case 1: check basic configuration – bad flow with invalid input
-
-Test Objective: 
-
-	The test will try to set several secure password false configurations, and verify they ae not set.
-
-**Precondition:** 
-
-	Admin user is logged in and secure password feature is enabled.
-
-Setup descriptions and objectives:
-
-	All Switches.
-
-
-|#|Test steps|Expected result|
-| :-: | :-: | :-: |
-||<p>Perform a show command to verify the configuration later</p><p>[show password security]</p><p></p>|Configured values are shown|
-||<p>Configure min password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range (0-32)</p><p>[password length minimal <>]</p>|min password not configured, error message is returned|
-||<p>Configure max password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(64-80)</p><p></p><p>[password length maximal <>]</p>|max password  not configured, error message is returned|
-||<p>Configure age expiration password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(0-365)</p><p></p><p>[password age expiration<>]</p>|age expiration password  not configured, error message is returned|
-||<p>Configure age warning password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range(0-30)</p><p></p><p>[password age warning <>]</p>|age warning password not configured, error message is returned|
-||<p>Configure complexity-class password with random false value:</p><p>` `Negative numbers, letters, chars, fragments (e.g. 4.5), it can be any data **not** equal to: “lower| lower-upper | lower-upper-digit | lower-upper-digit-special”.</p><p></p><p>[password complexity-class <>]</p>|complexity-class password not configured, error message is returned|
-||<p>Configure history password with random false value:</p><p>Negative numbers, letters, chars, fragments (e.g. 4.5), numbers **not** in the allowed range (0-20)</p><p>[password history <>]</p>|history password not configured, error message is returned|
-||<p>Configure username-password-match with random false value that is **not** enable</p><p>[password username-password-match <>]</p>|username-password-match not configured, error message is returned|
-||<p>Try to configure </p><p>[password age expiration <1-14>]</p><p>` `lower than warning that is set to 15</p>|Should return a message – warning can’t larger than age.|
-||<p>Perform a show command to verify all above configurations are not set</p><p>[show password security]</p><p></p>|All configurations are not changed|
-||<p>Try to configure a very long password (above the max, even hundreds of chars)</p><p>[username admin password X]</p>|Should fail – longer than maximum|
-
-Note:
-	There are 2 DB to test: CONF_DB and APPL_DB, need to be test both of them in every test case.
-####  1.13.8. <a name='TestOpenIssues'></a>Test Open Issues
-
-Is this feature support when user uses multiple sessions in same time, i.e:
-	Try to set a new password from 2 different sessions at the same time (for the same user).  – do we have a lock mechanism? What do we expect to happen?
+###  1.13. <a name='TestPlan'></a>Test Plan
+####  1.13.1. <a name='UnitTestcases'></a>Unit Test cases
+- Configuration – good flow
+  - Enable/Disable feature
+  - Perform show command
+  - Verify default values
+  - Configure passwh classes of every existing types
+  - Configure passwh length min using different valid values
+  - Configure passwh age expiration using different valid values
+  - Configure passwh age warning using different valid values
+  - Configure passwh username-password-match
+  - Configure passwh history using different valid values
+
+- Configuration - Negative flow
+   - Configure min password with random false values
+   - Configure age expiration password with random false values
+   - Configure age warning password with random false values
+   - Configure complexity-class password with random false values
+   - Configure history password with random false values
+
+##### Notes: 
+- After creating a new policy is necessary to set a new password to a user to verify that the policy match the configured.
+- Valid values: could be random values from valid ranges.
+- The set configuration should be validate using the show command and also should be test from the APPL_DB.
+
+####  1.13.2. <a name='SystemTestcases'></a>System Test cases
+- Test all passwh policies together
+  - Configure all the passwh options.
+  - Create a new user and change an existing user password.
+  - Validate that policies match the configured
 
 
 ###  1.14. <a name='rdPartyComponents'></a>3rd Party Components
@@ -578,63 +580,63 @@ In this section you can find most of the options of pam-cracklib, chage and pwhi
 Options:
 
 ##### debug
-	This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).
+This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).
 ##### authtok_type=XXX
-	The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty.
 ##### retry=N
-	Prompt user at most N times before returning with error. The default is 1.
+Prompt user at most N times before returning with error. The default is 1.
 ##### difok=N
-	This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
+This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
 ##### minlen=N
-	The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.
+The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.
 ##### dcredit=N
-	(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of digits that must be met for a new password.
+(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.
+(N < 0) This is the minimum number of digits that must be met for a new password.
 
 ##### ucredit=N
-	(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of upper case letters that must be met for a new password.
+(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.
+(N < 0) This is the minimum number of upper case letters that must be met for a new password.
 
 ##### lcredit=N
-	(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of lower case letters that must be met for a new password.
+(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.
+(N < 0) This is the minimum number of lower case letters that must be met for a new password.
 
 ##### ocredit=N
-	(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.
-	(N < 0) This is the minimum number of other characters that must be met for a new password.
+(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.
+(N < 0) This is the minimum number of other characters that must be met for a new password.
 
 ##### minclass=N
-	The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required.
-	maxrepeat=N
-	Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
+The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required.
+maxrepeat=N
+Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
 ##### maxsequence=N
-	Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.
+Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.
 ##### maxclassrepeat=N
-	Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled.
-	reject_username
-	Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected.
+Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled.
+reject_username
+Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected.
 ##### gecoscheck
-	Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected.
+Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected.
 ##### enforce_for_root
-	The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.
+The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.
 ##### use_authtok
-	This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.
+This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.
 ##### dictpath=/path/to/dict
-	Path to the cracklib dictionaries.
-	Module Types Provided
-	Only the password module type is provided.
+Path to the cracklib dictionaries.
+Module Types Provided
+Only the password module type is provided.
 
 ##### Return Values
 ###### PAM_SUCCESS
-	The new password passes all checks.
+The new password passes all checks.
 ###### PAM_AUTHTOK_ERR
-	No new password was entered, the username could not be determined or the new password fails the strength checks.
+No new password was entered, the username could not be determined or the new password fails the strength checks.
 ###### PAM_AUTHTOK_RECOVERY_ERR
-	The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if use_authtok is specified.
+The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if use_authtok is specified.
 ###### PAM_SERVICE_ERR
-	A internal error occurred.
+A internal error occurred.
 
-####  1.14.2. <a name='PWAge'></a>PW Age
+####  1.14.2. <a name='PWAgeHistory'></a>PW Age/History
 
 ![chage options](chage.JPG)
 
@@ -642,51 +644,51 @@ The options which apply to the chage command are:
 
 	-d, --lastday LAST_DAY
 
-	Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
+Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
 
 	-E, --expiredate EXPIRE_DATE
 
-	Set the date or number of days since January 1, 1970 on which the users account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
+Set the date or number of days since January 1, 1970 on which the users account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
 
-	Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
+Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
 
 	-h, --help
 
-	Display help message and exit.
+Display help message and exit.
 
 	-i, --iso8601
 
-	When printing dates, use YYYY-MM-DD format.
+When printing dates, use YYYY-MM-DD format.
 
 	-I, --inactive INACTIVE
 
-	Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
+Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
 
-	Passing the number -1 as the INACTIVE will remove an accounts inactivity.
+Passing the number -1 as the INACTIVE will remove an accounts inactivity.
 
 	-l, --list
 
-	Show account aging information.
+Show account aging information.
 
 	-m, --mindays MIN_DAYS
 
-	Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.
+Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.
 
 	-M, --maxdays MAX_DAYS
 
-	Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
+Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
 
-	Passing the number -1 as MAX_DAYS will remove checking a passwords validity.
+Passing the number -1 as MAX_DAYS will remove checking a passwords validity.
 
 	-R, --root CHROOT_DIR
 
-	Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
+Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
 
 	-W, --warndays WARN_DAYS
 
-	Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned their password is about to expire.
+Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned their password is about to expire.
 
-	If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
+If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
 
 Notes: If we want to do "age" configuration globally and not per user, it necessary to modify this file:  /etc/login.defs, example:
 	
@@ -698,47 +700,47 @@ pam_pwhistory: PAM module to remember last passwords
 
 ##### DESCRIPTION
 
-	This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently.
+This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently.
 
-	This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
+This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
 
 OPTIONS
 
 ##### debug
 
-	Turns on debugging via syslog(3).
-	use_authtok
+Turns on debugging via syslog(3).
+use_authtok
 
-	When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below).
+When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below).
 ##### enforce_for_root
-	If this option is set, the check is enforced for root, too.
+If this option is set, the check is enforced for root, too.
 ##### 	remember=N
 
-	The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged.
+The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged.
 ##### retry=N
 
-	Prompt user at most N times before returning with error. The default is 1.
-	authtok_type=STRING
+Prompt user at most N times before returning with error. The default is 1.
+authtok_type=STRING
 
-	See pam_get_authtok(3) for more details.
-	MODULE TYPES PROVIDED
-	Only the password module type is provided.
+See pam_get_authtok(3) for more details.
+MODULE TYPES PROVIDED
+Only the password module type is provided.
 
 ##### RETURN VALUES
 	PAM_AUTHTOK_ERR
 
-	No new password was entered, the user aborted password change or new password couldn't be set.
+No new password was entered, the user aborted password change or new password couldn't be set.
 	PAM_IGNORE
 
-	Password history was disabled.
+Password history was disabled.
 	PAM_MAXTRIES
 
-	Password was rejected too often.
+Password was rejected too often.
 	PAM_USER_UNKNOWN
 
-	User is not known to system.
+User is not known to system.
 ##### EXAMPLES
-	An example password section would be:
+An example password section would be:
 
 	#%PAM-1.0
 	password     required       pam_pwhistory.so
@@ -753,6 +755,5 @@ OPTIONS
 		
 
 ##### FILES
-	/etc/security/opasswd
-
-	File with password history
\ No newline at end of file
+File with password history
+	/etc/security/opasswd
\ No newline at end of file
diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
new file mode 100644
index 00000000000..0273b7a70cc
--- /dev/null
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -0,0 +1,82 @@
+module sonic-passwh {
+    yang-version 1.1;
+    namespace "http://github.com/Azure/sonic-passwh";
+    description "PASSWORD HARDENING YANG Module for SONiC OS";
+    revision 2021-10-12 {
+        description
+            "First Revision";
+    }
+	import sonic-types {
+		prefix stypes;
+    }
+    container sonic-passwh {
+		container PASSWH {
+			description "PASSWORD HARDENING part of config_db.json";
+			leaf state {
+					description "state of the feature";
+					type stypes:feature_state;
+					default "enabled";
+			}
+			leaf expiration {
+				description "expiration time (days unit)";
+				default: 180
+				type uint32 {
+					length 1..365;
+				}
+			}
+			leaf expiration_warning {
+				description "expiration warning time (days unit)";
+				default: 15
+				type uint8 {
+					range 1..30;
+				}
+			}
+			leaf history {
+				description "num of old password that the system will recorded"
+				default: 10
+				type uint8 {
+					range 1..100;
+				}
+			}
+			leaf len_max {
+				description "password max length"
+				default: 64
+				type uint8 {
+					range 64..80;
+				}
+			}
+			leaf len_min {
+				description "password min length"
+				default: 8
+				type uint8 {
+					range 1..32;
+				}
+			}
+			leaf username_passw_match{
+				description "username password match"
+				default: True;
+				type boolean;
+			}
+			leaf lower class{
+				description "password lower chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf upper class{
+				description "password upper chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf digits class{
+				description "password digits chars policy"
+				default: True;
+				type boolean;
+			}
+			leaf special class{
+				description "password special chars policy"
+				default: True;
+				type boolean;
+			}
+		} /* PASSWH table */
+    }/* container sonic-passwh */
+}/* end of module sonic-passwh */
\ No newline at end of file

From 6bfb50eec5d1c1e21e035e8d10d3eba90fd35fc7 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 21 Oct 2021 11:49:32 +0300
Subject: [PATCH 07/16] identation/cosmetics fix

---
 doc/passw_hardening/hld_password_hardening.md | 115 +++++++++---------
 1 file changed, 57 insertions(+), 58 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 28871608f95..038d0295290 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -1,6 +1,6 @@
 # PW Hardening Design #
 
-##  1. <a name='TableofContent'></a>Table of Content 
+##  1. <a name='TableofContent'></a>Table of Content
 
 <!-- vscode-markdown-toc -->
 * 1. [Table of Content](#TableofContent)
@@ -42,17 +42,17 @@
 
 
 
-###  1.1. <a name='Revision'></a>Revision  
+###  1.1. <a name='Revision'></a>Revision
 Rev 0.1
-###  1.2. <a name='Scope'></a>Scope  
+###  1.2. <a name='Scope'></a>Scope
 
 This password hardening hld doc described the requirements, arcquitecture and configuration details of password hardening feature in switches Sonic OS based.
 
-###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations 
+###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations
 	PW - password
 	SPASSWD - secure password daemon
 
-###  1.4. <a name='Overview'></a>Overview 
+###  1.4. <a name='Overview'></a>Overview
 
 Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards of securing the switch.
 The complexity of the password, it's replacement capabilities and change frequency define the security level of the first perimeter of the switch.
@@ -65,18 +65,18 @@ Therefore - in order to further improve and harden the switch - a secure mechani
 | PW Aging | The PW should have an expiration date, after which the user is required to change the PW <br /><br />A warning to change the PW should be presented to the user a fixed time before the expiration date arrives. This warning should appear in every login so long as the PW expiration time <= warning time. |The user should be able to configure the expiration time of the PW.  The user will be able to configure "no aging" for the PW<br /><br />The user should be able to configure the amount of days to present the warning before the PW expires | PW age time is to be between 1 to 365 days (default 180)<br /><br />PW warning show is to be between 1 to 30 days (default 15)
 | PW constraints | The PW class represents the possible characters comprising the PW. There are 4 character classes that can make up the PW:small characters, big characters, numbers and special chars presented on a standard keyboard <br /><br />The account name and PW need to be different <br /><br />The new PW is to be different from current PW|The user should be able to define which characters classes are required for the PW out of the 4 provided<br /><br /><br /><br />The user will be able to enable or disable this feature|Legal special characters `~!@#$%^&*()-_=+\|[{}];:',<.>/? and white space<br /><br /><br /><br />An error will be shown to the user if it tries to set the same PW as the username<br /><br /><br /><br />default - enable, default remember last 10 password
 
-###  1.6. <a name='ArchitectureDesign'></a>Architecture Design 
+###  1.6. <a name='ArchitectureDesign'></a>Architecture Design
 Arc design diagram\
 ![passh_arc_sonic](passh_arc_sonic.drawio.png)
 
 (flow description in the chapter below)
 
-###  1.7. <a name='High-LevelDesign'></a>High-Level Design 
+###  1.7. <a name='High-LevelDesign'></a>High-Level Design
 
 In this section we will present the design (as thorough as possible) for the secure PW implementation.
 
 User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
-		
+
 The feature will use 2 linux libs: pam-cracklib, chage and pam_pwhistory.so
 
 pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
@@ -98,7 +98,7 @@ See linux 3d party component chapter for more description
 
 ####  1.7.1. <a name='Flowdescription:'></a>Flow description:
 Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
-The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs. 
+The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs.
 After that, it will save the configuration and results in APPL_DB in PASSW_CONF_TABLE.
 
 Note:
@@ -107,7 +107,7 @@ The table PASSW_CONF_TABLE should reduce time consuming when users need to read
 ####  1.7.2. <a name='PasswordHardeningConstrains'></a>Password Hardening Constrains
 The PW Hardening features will be support different options by encapsulate cracklib, chage and pwhistory options according the constrains definitions below.
 
-##### PW enable 
+##### PW enable
 
 Enable/Disable password hardening feature
 
@@ -207,7 +207,7 @@ This feature will be disabled by default in the compilation stage, its meaning t
 In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
 
 ####  1.8.2. <a name='dependencies'></a>dependencies
-Service dependencies: DB container & INIT_CONF. 
+Service dependencies: DB container & INIT_CONF.
 Description:
 Password Hardening Daemon, the service that triggers this daemon, should start after SWSS & DB containers start.
 
@@ -235,7 +235,7 @@ In case the user decides to compile the feature. The password hardening daemon w
 Note:
 This approach can support reset of the system, because the daemon can automatically can verify if he should be awake or not.
 
-###  1.9. <a name='SAIAPI'></a>SAI API 
+###  1.9. <a name='SAIAPI'></a>SAI API
 no changed.
 
 ###  1.10. <a name='Configurationandmanagement'></a>Configuration and management
@@ -262,25 +262,24 @@ Note: similar table for PASSWH_STATUS in APPL_DB
 
 ```
 ; Defines schema for PASSWH configuration attributes (PASSWH table & PASSW_STATUS table have same schema)
-key                                   = PASSWH:name 			  ;password hardening configuration
+key                                   = PASSWH:name             ;password hardening configuration
 ; field                               = value
-FEATURE_ENABLE                		  = "True" / "False"          ; Feature feature enable/disable
-EXPIRATION                     		  = year					; password expiration 1 year in days units
-year								  = 4DIGIT	   
-EXPIRATION_WARNING                    = month					; password expiration warning  1 year in days units
-month								  = 2DIGIT
-PASSW_HISTORY						  = 2*DIGIT					; number of old password to be stored (0-99)
-LEN_MIN								  = 2*DIGIT 				; max characters in password (0-32 chars)
-LEN_MAX								  = 2*DIGIT 				; min characters in password (64-80 chars)
-USERNAME_PASSW_MATCH				  = "True" / "False"
-LOWER_CLASS            		  		  = "True" / "False"          
-UPPER_CLASS            		  		  = "True" / "False"          
-DIGITS_CLASS           		  		  = "True" / "False"          
-SPECIAL_CLASS          		  		  = "True" / "False"
+FEATURE_ENABLE                        = "True" / "False"        ; Feature feature enable/disable
+EXPIRATION                            = year                    ; password expiration 1 year in days units
+year                                  = 4DIGIT
+EXPIRATION_WARNING                    = month                   ; password expiration warning  1 year in days units
+month                                 = 2DIGIT
+PASSW_HISTORY                         = 2*DIGIT                 ; number of old password to be stored (0-99)
+LEN_MIN                               = 2*DIGIT                 ; max characters in password (0-32 chars)
+LEN_MAX                               = 2*DIGIT                 ; min characters in password (64-80 chars)
+USERNAME_PASSW_MATCH                  = "True" / "False"
+LOWER_CLASS                           = "True" / "False"
+UPPER_CLASS                           = "True" / "False"
+DIGITS_CLASS                          = "True" / "False"
+SPECIAL_CLASS                         = "True" / "False"
 ```
 
 
-
 ####  1.10.3. <a name='CLIYANGmodelEnhancements'></a>CLI/YANG model Enhancements
 ```yang
 //filename:  sonic-passw.yang
@@ -369,7 +368,7 @@ module sonic-passwh {
 ```
 
 ##### Config CLI
-###### PW enable 
+###### PW enable
 Set configuration:
 
 ```
@@ -392,7 +391,7 @@ None - Meaning no required classes.
 
 lower- lowerLowercase Characters
 
-upper - Uppercase 
+upper - Uppercase
 
 digit - Numbers
 
@@ -406,10 +405,10 @@ The CLI command to configure the PW class type will be along the following lines
 
 Set configuration:
 ```
-config passwh complexity-class <lower upper digit special>  
-Values in every position are boolean, for example: 
+config passwh complexity-class <lower upper digit special>
+Values in every position are boolean, for example:
 
-config passwh complexity-class <lower upper digit special>  False False True True 
+config passwh complexity-class <lower upper digit special>  False False True True
 ```
 
 Note: Meaning: no must use of lower, no must use of upper, must use digit, must use special characters
@@ -433,8 +432,8 @@ Set configuration:
 ```
 config passwh age expiration <age>
 ```
-	
-Notes: Where age is in days and between 1 and 365 days (default 180). 
+
+Notes: Where age is in days and between 1 and 365 days (default 180).
 * PW Age Change Warning
 
 Set configuration:
@@ -465,17 +464,17 @@ Show command should be extended in order to add "passwh" alias:
 ==========================================
 admin@sonic:~$ show passwh
 PASSWORD HARDENING
-Policies					 status
-------------------- 	    ------------
+Policies                       Status
+-------------------         ------------
 feature state                 enable
-expiration 		  		      30 days
+expiration                    30 days
 expiration warning            10 days
-history					      4
-min length					  30
-max length					  15
-username passw match		  True
-lower class	  				  True
-upper class   			      True
+history                       4
+min length                    30
+max length                    15
+username passw match          True
+lower class                   True
+upper class                   True
 digit class                   True
 special class                 True
 ==========================================
@@ -491,12 +490,12 @@ The ConfigDB will be extended with next objects:
 ```json
 {
 	"PASSWH": {
-		"enable": "True",  // enable/disable the feature
-		"expiration": "30", 	// days unit
-		"expiration_warning": "10", //days unit
-		"history": "10", // num of old password that the system will recorded
+		"enable": "True",
+		"expiration": "30",
+		"expiration_warning": "10",
+		"history": "10",
 		"len_max": "30",
-		"len_min": "15",  // num of min characters in a password
+		"len_min": "15",
 		"username_passw_match": "True",
 		"lower class": "True",
 		"upper class": "True",
@@ -510,12 +509,12 @@ The AppDB will be extended with table PASSW_STATUS with similar objects than PAS
 ```json
 {
 	"PASSWH_STATUS": {
-		"enable": "True",  // enable/disable the feature
-		"expiration": "30", 	// days unit
-		"expiration_warning": "10", //days unit
-		"history": "10", // num of old password that the system will recorded
+		"enable": "True",
+		"expiration": "30",
+		"expiration_warning": "10",
+		"history": "10",
 		"len_max": "30",
-		"len_min": "15",  // num of min characters in a password
+		"len_min": "15",
 		"username_passw_match": "True",
 		"lower class": "True",
 		"upper class": "True",
@@ -534,7 +533,7 @@ the main difference is that other applications read from APPL_DB, and not from C
 ###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
 Not relevant.
 
-###  1.12. <a name='RestrictionsLimitations'></a>Restrictions/Limitations  
+###  1.12. <a name='RestrictionsLimitations'></a>Restrictions/Limitations
 The secure password feature is not supported on remote AAA.
 
 LDAP/Radius/Tacacs is under customer responsibility.
@@ -560,7 +559,7 @@ LDAP/Radius/Tacacs is under customer responsibility.
    - Configure complexity-class password with random false values
    - Configure history password with random false values
 
-##### Notes: 
+##### Notes:
 - After creating a new policy is necessary to set a new password to a user to verify that the policy match the configured.
 - Valid values: could be random values from valid ranges.
 - The set configuration should be validate using the show command and also should be test from the APPL_DB.
@@ -691,7 +690,7 @@ Set the number of days of warning before a password change is required. The WARN
 If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
 
 Notes: If we want to do "age" configuration globally and not per user, it necessary to modify this file:  /etc/login.defs, example:
-	
+
 	PASS_MAX_DAYS 90
 	PASS_WARN_AGE 7
 
@@ -745,14 +744,14 @@ An example password section would be:
 	#%PAM-1.0
 	password     required       pam_pwhistory.so
 	password     required       pam_unix.so        use_authtok
-		
+
 	In combination with pam_cracklib:
 
 	#%PAM-1.0
 	password     required       pam_cracklib.so    retry=3
 	password     required       pam_pwhistory.so   use_authtok
 	password     required       pam_unix.so        use_authtok
-		
+
 
 ##### FILES
 File with password history

From 3aa7fe72e65857e90d82f7f8d0f8ed972928d83f Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Wed, 10 Nov 2021 11:29:07 +0200
Subject: [PATCH 08/16] add more descriptions and fix Yang model syntax

---
 doc/passw_hardening/hld_password_hardening.md | 173 ++++++++++--------
 doc/passw_hardening/sonic-passwh.yang         |  70 ++++---
 2 files changed, 138 insertions(+), 105 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 038d0295290..e4ef9e0751d 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -26,13 +26,14 @@
 		* 1.10.4. [Config DB Enhancements](#ConfigDBEnhancements)
 	* 1.11. [Warmboot and Fastboot Design Impact](#WarmbootandFastbootDesignImpact)
 	* 1.12. [Restrictions/Limitations](#RestrictionsLimitations)
-	* 1.13. [Test Plan](#TestPlan)
-		* 1.13.1. [Unit Test cases](#UnitTestcases)
-		* 1.13.2. [System Test cases](#SystemTestcases)
-	* 1.14. [3rd Party Components](#rdPartyComponents)
-		* 1.14.1. [pam-cracklib](#pam-cracklib)
-		* 1.14.2. [PW Age/History](#PWAgeHistory)
-		* 1.14.3. [PW History](#PWHistory)
+	* 1.13. [Upgrade Flow](#UpgradeFlow)
+	* 1.14. [Test Plan](#TestPlan)
+		* 1.14.1. [Unit Test cases](#UnitTestcases)
+		* 1.14.2. [System Test cases](#SystemTestcases)
+	* 1.15. [3rd Party Components](#rdPartyComponents)
+		* 1.15.1. [pam-cracklib](#pam-cracklib)
+		* 1.15.2. [PW Age/History](#PWAgeHistory)
+		* 1.15.3. [PW History](#PWHistory)
 
 <!-- vscode-markdown-toc-config
 	numbering=true
@@ -43,10 +44,13 @@
 
 
 ###  1.1. <a name='Revision'></a>Revision
-Rev 0.1
+|  Rev  |  Date   |      Author      | Change Description |
+| :---: | :-----: | :--------------: | ------------------ |
+|  0.1  | 11/2020 |   David Pilnik   | Phase 1 Design     |
+
 ###  1.2. <a name='Scope'></a>Scope
 
-This password hardening hld doc described the requirements, arcquitecture and configuration details of password hardening feature in switches Sonic OS based.
+This password hardening hld doc described the requirements, architecture and configuration details of password hardening feature in switches Sonic OS based.
 
 ###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations
 	PW - password
@@ -54,7 +58,7 @@ This password hardening hld doc described the requirements, arcquitecture and co
 
 ###  1.4. <a name='Overview'></a>Overview
 
-Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards of securing the switch.
+Password Hardening, a user password is the key credential used in order to verify the user accessing the switch and acts as the first line of defense in regards to securing the switch.
 The complexity of the password, it's replacement capabilities and change frequency define the security level of the first perimeter of the switch.
 Therefore - in order to further improve and harden the switch - a secure mechanism is required to enforce PW policies.
 
@@ -75,14 +79,14 @@ Arc design diagram\
 
 In this section we will present the design (as thorough as possible) for the secure PW implementation.
 
-User password as explained before is the first line defence, in order to support it according the requirement section and user preferences, the secure password feature need a strengh-checking for password.
+User password as explained before is the first line defence, in order to support it according to the requirement section and user preferences, the secure password feature needs a strength-checking for password.
 
 The feature will use 2 linux libs: pam-cracklib, chage and pam_pwhistory.so
 
 pam-cracklib: This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords.
 
 The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices.
-This module support many options, including the requirements of PW Length & PW constraints. (see option strengh-checking below)
+This module supports many options, including the requirements of PW Length & PW constraints. (see option strength-checking below)
 
 chage: support the requirement of PW Aging, change user password expiry information
 
@@ -99,13 +103,13 @@ See linux 3d party component chapter for more description
 ####  1.7.1. <a name='Flowdescription:'></a>Flow description:
 Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
 The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs.
-After that, it will save the configuration and results in APPL_DB in PASSW_CONF_TABLE.
+After that, it will save the configuration and results in STATE_DB in PASSW_CONF_TABLE.
 
 Note:
 The table PASSW_CONF_TABLE should reduce time consuming when users need to read configuration, because it will avoid to make additional calls to kernel.
 
 ####  1.7.2. <a name='PasswordHardeningConstrains'></a>Password Hardening Constrains
-The PW Hardening features will be support different options by encapsulate cracklib, chage and pwhistory options according the constrains definitions below.
+The PW Hardening features will support different options by encapsulating cracklib, chage and pwhistory options according to the constrains definitions below.
 
 ##### PW enable
 
@@ -136,7 +140,7 @@ i.e:
 
 To request at least one character of every class, the PASSWD daemon will set:
 pam-cracklib options: lcredit=-1, ucredit=-1, dcredit=-1.
-(meaning that the user need at least one character of the types.)
+(meaning that the user needs at least one character of the types.)
 See explanation of cracklib options in 3rd Party component chapter.
 
 ##### PW Length
@@ -172,7 +176,7 @@ This PW change can either be from the initial config wizard or from the CLI.
 	To support it, can be use chage lib option "--maxdays"
 
 * PW Age Change Warning
-	The switch will provide a warning for PW change beforehand (this is to allow a sufficient warning for upgrading the PW which might by relevant to numerous switches).
+	The switch will provide a warning for PW change before and (this is to allow a sufficient warning for upgrading the PW which might be relevant to numerous switches).
 
 	Along with this warning - the user will also be able to control how long before the PW expiration this warning will appear.
 
@@ -190,10 +194,10 @@ By enabling this feature, the user will not be permitted to set the same usernam
 
 
 ##### PW Saving
-Saved previous passwords in the DB,  for enable this. is necessary to set how many old password you would like to save.
+Saved previous passwords in the DB to verify that the user cannot used old password
 
-Implementation: will be support by using pam_pwhistory.so, remember=N option.
-Seen that in Debian its not necessary to install this package. Its enough to add the remember=N option to the common-password file.
+Implementation: will be supported by using pam_pwhistory.so, remember=N option (N- number of old passwords to be saved).
+See that in Debian it's not necessary to install this package. It's enough to add the remember=N option to the common-password file.
 
 Note:
 For saving password with sha512, need to modify the /etc/pam.d/system-auth-a file to contain this line:
@@ -204,14 +208,15 @@ For saving password with sha512, need to modify the /etc/pam.d/system-auth-a fil
 ####  1.8.1. <a name='Compilation'></a>Compilation
 This feature will be disabled by default in the compilation stage, its meaning that it will be not compiled, only when the user will change the makefile setting to enable, this feature will be compiled.
 
-In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
+In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled it will not appear in the CLI of the switch, and vice versa.
 
-####  1.8.2. <a name='dependencies'></a>dependencies
-Service dependencies: DB container & INIT_CONF.
+####  1.8.2. <a name='Dependencies'></a>Dependencies
+Service dependencies: DB container, INIT_CONF and NTP service.
 Description:
-Password Hardening Daemon, the service that triggers this daemon, should start after SWSS & DB containers start.
+Password Hardening Daemon, the service that triggers this daemon, should start after DB containers start.
+NTP service should be secure, because it can influence expiration time of some policies.
 
-####  1.8.3. <a name='Featuredefault'></a>Feature default
+####  1.8.3. <a name='FeatureDefault'></a>Feature Default
 When a user decides to add the feature in the compilation the feature will be enabled by default.
 
 Description of default values in init_cfg.json regarding Password Hardening:
@@ -228,12 +233,16 @@ upper class: True
 digit class: True
 special class: True
 ```
-
+Notes:
+-  Old users (existing users before feature was enabled) will not be influenced by this feature, only new users will have to set passwords according to the password hardening policies, or old user when changing to new password will be force to be according the new policies.
+-  Default password of the system will remained with default value even when the feature is enable. It will be secure password only when the user decide to change the password.
 ####  1.8.4. <a name='Howthedaemonworksinternally:'></a>How the daemon works internally:
-In case the user decides to compile the feature. The password hardening daemon will be started and running always, but it will do nothing. Meaning the process will be in sleep mode, until the passw_hardening_enable field in the Redis DB will be changed to enable, then the service will activate, and will be functional.
+In case the user decides to compile the feature, the password hardening daemon will be started and running always as a service.
+The process/daemon always running, but can be in sleep mode, the process is checking that the "enable" field in CONF_DB table PASSWH is "True", this value it was assign in the init flow by default, so only in case that the user change the field "enable" to "False" the process will be in sleep, waiting to be "awake" when the field will be change back to enable.
 
-Note:
-This approach can support reset of the system, because the daemon can automatically can verify if he should be awake or not.
+Notes:
+-  The service/process will be run from the host (not in a docker).
+-  This approach can support reset of the system, because the daemon can automatically verify if he should be awake or not.
 
 ###  1.9. <a name='SAIAPI'></a>SAI API
 no changed.
@@ -256,7 +265,7 @@ PASSWH:
 	"digit_class": {{True/False}}
 	"special_class": {{True/False}}
 ```
-Note: similar table for PASSWH_STATUS in APPL_DB
+Note: similar table for PASSWH_STATUS in STATE_DB
 
 ####  1.10.2. <a name='ConfigDBschemas'></a>ConfigDB schemas
 
@@ -265,10 +274,8 @@ Note: similar table for PASSWH_STATUS in APPL_DB
 key                                   = PASSWH:name             ;password hardening configuration
 ; field                               = value
 FEATURE_ENABLE                        = "True" / "False"        ; Feature feature enable/disable
-EXPIRATION                            = year                    ; password expiration 1 year in days units
-year                                  = 4DIGIT
-EXPIRATION_WARNING                    = month                   ; password expiration warning  1 year in days units
-month                                 = 2DIGIT
+EXPIRATION                            = 3*DIGIT                    ; password expiration in days units, should be 365 days max
+EXPIRATION_WARNING                    = 2*DIGIT                   ; password expiration warning  1 month(30 days) in days units
 PASSW_HISTORY                         = 2*DIGIT                 ; number of old password to be stored (0-99)
 LEN_MIN                               = 2*DIGIT                 ; max characters in password (0-32 chars)
 LEN_MAX                               = 2*DIGIT                 ; min characters in password (64-80 chars)
@@ -286,80 +293,87 @@ SPECIAL_CLASS                         = "True" / "False"
 module sonic-passwh {
     yang-version 1.1;
     namespace "http://github.com/Azure/sonic-passwh";
+	prefix passwh;
+
     description "PASSWORD HARDENING YANG Module for SONiC OS";
-    revision 2021-10-12 {
+
+	revision 2021-10-12 {
         description
             "First Revision";
     }
-	import sonic-types {
-		prefix stypes;
-    }
+    typedef feature_state {
+        type enumeration {
+			enum enabled;
+			enum disabled;
+		}
+	}
+
     container sonic-passwh {
 		container PASSWH {
 			description "PASSWORD HARDENING part of config_db.json";
 			leaf state {
-					description "state of the feature";
-					type stypes:feature_state;
-					default "enabled";
+				description "state of the feature";
+				type feature_state;
+				default "enabled";
 			}
 			leaf expiration {
 				description "expiration time (days unit)";
-				default: 180
+				default 180;
 				type uint32 {
-					length 1..365;
+					range 1..365;
 				}
 			}
 			leaf expiration_warning {
 				description "expiration warning time (days unit)";
-				default: 15
+				default 15;
 				type uint8 {
 					range 1..30;
 				}
 			}
 			leaf history {
-				description "num of old password that the system will recorded"
-				default: 10
+				description "num of old password that the system will recorded";
+				default 10;
 				type uint8 {
 					range 1..100;
 				}
 			}
 			leaf len_max {
-				description "password max length"
-				default: 64
+				description "password max length";
+				default 64;
 				type uint8 {
 					range 64..80;
 				}
 			}
 			leaf len_min {
-				description "password min length"
-				default: 8
+				description "password min length";
+				default 8;
 				type uint8 {
 					range 1..32;
 				}
 			}
 			leaf username_passw_match{
-				description "username password match"
-				default: True;
+				description "username password match";
+				default "true";
 				type boolean;
 			}
-			leaf lower class{
-				description "password lower chars policy"
-				default: True;
+			leaf lower_class{
+				description "password lower chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf upper class{
-				description "password upper chars policy"
-				default: True;
+			leaf upper_class{
+				description "password upper chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf digits class{
-				description "password digits chars policy"
-				default: True;
+			leaf digits_class{
+				description "password digits chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf special class{
-				description "password special chars policy"
-				default: True;
+			leaf special_class{
+				description "password special chars policy";
+				default "true";
 				type boolean;
 			}
 		} /* PASSWH table */
@@ -399,7 +413,7 @@ special - Special symbols (seen in requirement chapter)
 
 multiple char enforcement
 
-There will be no enforcement of multiple characters from a specific class or a specific characters (be either letter or symbol) to appear in the PW.
+There will be no enforcement of multiple characters from a specific class or a specific character (be either letter or symbol) to appear in the PW.
 
 The CLI command to configure the PW class type will be along the following lines:
 
@@ -504,7 +518,7 @@ The ConfigDB will be extended with next objects:
 	}
 }
 ```
-The AppDB will be extended with table PASSW_STATUS with similar objects than PASSWH table:
+The StateDB will be extended with table PASSW_STATUS with similar objects than PASSWH table:
 
 ```json
 {
@@ -526,8 +540,10 @@ The AppDB will be extended with table PASSW_STATUS with similar objects than PAS
 
 Notes:
 
-Similar fields will be saved in PASSW_TABLE than in PASSWH_STATUS_TABLE in APPL_DB.\
-the main difference is that other applications read from APPL_DB, and not from CONF_DB according Sonic architecture. In addition, CONF_DB contain values requested by user, when APPL_DB contain the result values, meaning that if some option fail to set in the linux module the APPL_CONF will have the founded state of the option.
+Similar fields will be saved in PASSW_TABLE in CONF_DB than in PASSWH_STATUS_TABLE in STATE_DB.\
+The main difference is that CONF_DB contains values requested by the user, when STATE_DB contain the values after getting the status from kernel.
+So when user will use "show" cli commands most of them will get the answer from STATE_DB, instead to do a system call again.
+For example, if some configuration set by the user fail to be configured in the linux kernel the STATE_DB will have the actual status/(state) of the configuration, and CONF_DB will still have the user configuration value requested.
 
 
 ###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
@@ -538,9 +554,16 @@ The secure password feature is not supported on remote AAA.
 
 LDAP/Radius/Tacacs is under customer responsibility.
 
+###  1.13. <a name='UpgradeFlow'></a>Upgrade Flow
+When user with the correspond permission is doing upgrade from image with password hardening enable to password enable as well, the configuration related to the feature should be remain the same as was set before the update.
+
+When user is doing upgrade from image with password hardening feature disable to enable, old password will remain exactly as was set before, the feature is setting rules/policies to new passwords or to new users, so old passwords will remained as was set before.
+
+Note:
+First time, the default password will remained the same, even when the feature is enabled, and if the user will like to have a secure password he will need to change it, and in result that the feature is enabled the current policies will required an strong password this time.
 
-###  1.13. <a name='TestPlan'></a>Test Plan
-####  1.13.1. <a name='UnitTestcases'></a>Unit Test cases
+###  1.14. <a name='TestPlan'></a>Test Plan
+####  1.14.1. <a name='UnitTestcases'></a>Unit Test cases
 - Configuration – good flow
   - Enable/Disable feature
   - Perform show command
@@ -562,19 +585,19 @@ LDAP/Radius/Tacacs is under customer responsibility.
 ##### Notes:
 - After creating a new policy is necessary to set a new password to a user to verify that the policy match the configured.
 - Valid values: could be random values from valid ranges.
-- The set configuration should be validate using the show command and also should be test from the APPL_DB.
+- The set configuration should be validate using the show command and also should be test from the STATE_DB.
 
-####  1.13.2. <a name='SystemTestcases'></a>System Test cases
+####  1.14.2. <a name='SystemTestcases'></a>System Test cases
 - Test all passwh policies together
   - Configure all the passwh options.
   - Create a new user and change an existing user password.
   - Validate that policies match the configured
 
 
-###  1.14. <a name='rdPartyComponents'></a>3rd Party Components
+###  1.15. <a name='rdPartyComponents'></a>3rd Party Components
 In this section you can find most of the options of pam-cracklib, chage and pwhistory, we are going to use just the options mention in the Arc chapter, the other option maybe could be use for future features
 
-####  1.14.1. <a name='pam-cracklib'></a>pam-cracklib
+####  1.15.1. <a name='pam-cracklib'></a>pam-cracklib
 
 Options:
 
@@ -635,7 +658,7 @@ The old password was not supplied by a previous stacked module or got not reques
 ###### PAM_SERVICE_ERR
 A internal error occurred.
 
-####  1.14.2. <a name='PWAgeHistory'></a>PW Age/History
+####  1.15.2. <a name='PWAgeHistory'></a>PW Age/History
 
 ![chage options](chage.JPG)
 
@@ -694,7 +717,7 @@ Notes: If we want to do "age" configuration globally and not per user, it necess
 	PASS_MAX_DAYS 90
 	PASS_WARN_AGE 7
 
-####  1.14.3. <a name='PWHistory'></a>PW History
+####  1.15.3. <a name='PWHistory'></a>PW History
 pam_pwhistory: PAM module to remember last passwords
 
 ##### DESCRIPTION
diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
index 0273b7a70cc..25f5fea4ee7 100644
--- a/doc/passw_hardening/sonic-passwh.yang
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -1,80 +1,90 @@
 module sonic-passwh {
     yang-version 1.1;
     namespace "http://github.com/Azure/sonic-passwh";
+	prefix passwh;
+	import sonic-types {
+		prefix stypes;
+    }
+
     description "PASSWORD HARDENING YANG Module for SONiC OS";
-    revision 2021-10-12 {
+
+	revision 2021-10-12 {
         description
             "First Revision";
     }
-	import sonic-types {
-		prefix stypes;
-    }
+    typedef feature_state {
+        type enumeration {
+			enum enabled;
+			enum disabled;
+		}
+	}
+
     container sonic-passwh {
 		container PASSWH {
 			description "PASSWORD HARDENING part of config_db.json";
 			leaf state {
-					description "state of the feature";
-					type stypes:feature_state;
-					default "enabled";
+				description "state of the feature";
+				type feature_state;
+				default "enabled";
 			}
 			leaf expiration {
 				description "expiration time (days unit)";
-				default: 180
+				default 180;
 				type uint32 {
-					length 1..365;
+					range 1..365;
 				}
 			}
 			leaf expiration_warning {
 				description "expiration warning time (days unit)";
-				default: 15
+				default 15;
 				type uint8 {
 					range 1..30;
 				}
 			}
 			leaf history {
-				description "num of old password that the system will recorded"
-				default: 10
+				description "num of old password that the system will recorded";
+				default 10;
 				type uint8 {
 					range 1..100;
 				}
 			}
 			leaf len_max {
-				description "password max length"
-				default: 64
+				description "password max length";
+				default 64;
 				type uint8 {
 					range 64..80;
 				}
 			}
 			leaf len_min {
-				description "password min length"
-				default: 8
+				description "password min length";
+				default 8;
 				type uint8 {
 					range 1..32;
 				}
 			}
 			leaf username_passw_match{
-				description "username password match"
-				default: True;
+				description "username password match";
+				default "true";
 				type boolean;
 			}
-			leaf lower class{
-				description "password lower chars policy"
-				default: True;
+			leaf lower_class{
+				description "password lower chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf upper class{
-				description "password upper chars policy"
-				default: True;
+			leaf upper_class{
+				description "password upper chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf digits class{
-				description "password digits chars policy"
-				default: True;
+			leaf digits_class{
+				description "password digits chars policy";
+				default "true";
 				type boolean;
 			}
-			leaf special class{
-				description "password special chars policy"
-				default: True;
+			leaf special_class{
+				description "password special chars policy";
+				default "true";
 				type boolean;
 			}
 		} /* PASSWH table */

From 149cdec9c8da0f18829192c45419b35cfeb8f154 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Wed, 10 Nov 2021 11:51:54 +0200
Subject: [PATCH 09/16] fix diagrams

---
 .../passh_arc_sonic.drawio.png                | Bin 27848 -> 27940 bytes
 doc/passw_hardening/ph_diagram.jpg            | Bin 29750 -> 29908 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/doc/passw_hardening/passh_arc_sonic.drawio.png b/doc/passw_hardening/passh_arc_sonic.drawio.png
index 81efbfaddb8debc04ef8e0482a83ce5735ce5172..905d9e794f1672b1dbf030888ac223de83b65d1e 100644
GIT binary patch
literal 27940
zcmdSAcT`hd_bv*EN)Z7CR8*u$7o<awB7qPHErHORln{C-0Yc~qC|ybbkzNCeh%`YE
zM6rMrse%-xNKrb7^s{*VzI(pkx%Z5F{y1Ztd&k%zVehr(Ds#?ft@+HgqmjCB20C^+
z3JMAaO${}D3JS_{@cBV=3f$pl?f4G9D82RJP>QGBR~9HJXwTzeCU`f3gOe+Uf>%=Y
z?=M~nF-M#?o>x+hS3<(Z!$Z{G$p-6X<K`{uj=_Ul;JF*l-pRoUWB<2|gqVc5h&Z^!
z&|(l?Nfjw6@JCWsR90Nh>~DD+EXMs`0;NU8fB*qwCwF_CpEvlaiw1wh#lUSzDEI{)
z$bkCCKM68Yg5XQV!^0J0jIq^n0<Eh{1HqCq;I@F423kj(S3(v1c6D;WfG;@4&INZ|
zMb*&@=LYVmLqKz)QZkZqqB0P0-@wMf#>?qHq#O?hgSWx{9f+~Erx(%~sqc=H(;;fA
zVUUKZvVRBQi}CVy!nyw~CN3>1dpwHc%6NYd%-_5A7+)tl(53{hBn-^uza|Y7ar)OZ
z`T9yqI(YgKJ>f`Cl&6HTjhL;-Um@-`ptJu>HxkU0i1=S2(ncP5I~h$Gb)=NIgC{{v
z6{aC&4406E$jOM=6Mda!eTWibVlpr-T|Xx~1E{g25g4L6)(_>VEpFo}qwOIpW9YAe
zRB?kM^&AlXc5VnH+R4U?Am{I^>4dR?IT^USNvO*ZWaMNZ?h=05NNG^rPutX01*)Qg
zKx=Ai;?=PBCMtSJX#^CGMc6~#G!O_o8yy!MTHOiaqN4@%Fu-cMnWCMwWndmYx}L@e
zAVJqu-Q5wU3s<p|60=wLwX<__g83Swj4-<3p^FLD*vME8?&|4eCMDxZP(f;HI!dCA
zuzFC4nv|5kfvc;uE*L))X`rr!G6FT!4UoR}9>7MRl0JS!Edy_7QzS-LR!k1#>gA>*
zt0AYSVQWvcha79$MaCBjhxqELyJ(?o<oq<;KrK~oLw9d6Np+N%jfst+la`l@3R2D0
zUZ1GrD1|lEbF%j~#1m!VnnZnFeWa-b+6;z5ySYg?I2!310+AXpIWvMQ1Ys&>V=w7#
zgodaZ>N=?TOL<{|Y=1pZZ38=7O&=^AfkMln^qlOxfl;WdxZ&K*+_5lERc9wBUmJHH
zRZka5LvJlZFCA4s7hPSvxQQ)N$JP(6ui>v|FYe-ulmpTnkvP0R!3!tu@2Rc<{&zt7
z!mtJg7<(NLStm`biJp@!25I80ikBrwY8tz1$U5mEOznMDywxP65ITB#er7<Xl%@_8
zcn8!@T0>gT2Vx>=565X>P2Jta5E4?Js(Kg=BYQWv2@bAd<PCTA5GQ(@5_GhY5KWX9
z5$EOuL%}2<o@TmOU8I_pnZ37;pQE;xJ66Ti9>@fjlPXjj5661gd-x)yAgcCK>V`gY
z`VKG`bv2@as;-e40*;q5#_4<eLQyVAeNY3Tg7DDtHU+Z+CQuv?f%+r#9h}@f!6Oe_
zypu1&UdKenOUupA#?csKKrr#cA)rW86AuK@$J<ZU&e>5)(-UTh^6_-DQCHPfQ`a{!
zhM5`=^)w~*98|>Q41i#a9E{)$zP*jbJ<yWsVlFBKQ?v_4&Im;`R7c5RUA$C0;BHVU
zV*=bw*H+&MD<f-q+%;dA7DU_8-pK%^D`i9g0@PJuP>89VyQY+?my3a)AruRdknplI
zaB+m9pb$qSQ3mDWpk-j9LGU?N7^vZbAj)a`7{W}{@e+Evwpc7yN&}BKFvEx&%6JpS
z9n^8hrM%#}2Cg<JxVMD8v7wI<3N4K=@b>}|9L1rUp6W8*su*1tRdr7<ExehNgomL7
zQC!_a4=P~{x`A^uRG0WG!&L_h_1Bk@h8UZ<;|$CU(MU~cXPlW11nr_LCI%J5;jl=o
zx2Ffu%f&<7*~eE5V@R+w5mzG^naDcWip%QRnR&U`f@W2Xy(Nj-8sg3>URZrIReiLK
z14iH8$WvEF&BY5XqiH9h>#w1Q6PL7=c9C-TFmU%UbMjU*(RGEYsC!F!YnmBosOuUV
z7>WDp;eEAL)FklsNJDQuoQ#2(q?))I2IgY|v3C(OM7o>0sv|WphAzf%GZ#GwO3nlV
z^A?9YyW%7a{p|_v2rw8aZ#QuiM%78qObz8rB<N|`co1RUvig2_X@40%oVTv3oR^b|
zDn=6LripQs&>+ZZK=skuUU*GixSt~!jf|dwv#gPkm%X94q?sd125l+^Obm)LwUuzg
z*s7X%ILUZu=t=n+$jEA#N@+RB=t<g1OY7@tXhX0D#(uWC_TmTvUe`rjPUYAtv^BlO
zP4(e+Vgx%^h_iu*i@2K@M$1S{)6iGW)fp}c^E84SH;a^ndOI43+e1AG8alE>A60QR
zHz`k7tgO1OjEtJAuBxx6za5dF<z@yYXlv+80dR)8Ya5w(N+LB?O?_<;Fh4nI8Feu=
z2R$?v<tGKTbs=hKcuG5Zc&ieLW+<@sdJ&1zC^SJ$9H(V0?PrG3HipT$ihILV)!lUb
zJ$!vV?QrfYswfu}9Dy^DmBp$#dEsOwT(wM8@Y-6oco$uFe~7&a#!c1_iS&{q%Gf#B
zi|Oe~qKT?t4TNe+NT{L+9z-`aN1_|XRmDu&UC&QNLz}3Fce9o8g&WAZ`QvmvRW(&1
zTHZQX2wKb&E@kR+Jahul&C~>G>}9NBD(B%ZtwwaSleR$|&)%_LOWVsp?PVP7@mK(K
z2pOEckD-yf1I7z!WZ+-}6N4f&O>~`&i4tfpBu>>tUs^*}&t2Wd4`M8-0&45{;$4Bg
z`+|?Vt(}Umo4<w$xGjZub{3bg#mM2k;CgaU2S;6B9V2lMJFnwK;@GH<QBT`JT-^)r
zpsFY7AuZwP>u2f<tlw8#+Sde$0*^Hy4t~e$?C}M*4eI}1qyJg3!T<l-|471;J_w9b
zP;gRcs;Qs}R!iBZ2`q-g?-`l&IUhXeeT-hXdQ$BqD~$PB7$=qQ?fu(D7yMZtSXrT&
z&}!B<LZ^fUOm4$eZnHp7hxMxJXi(7#Qm-q{E&jSS^2-71=ioaUlJg$^JmBZbSin)h
zvZADcfUK-+x<?tGhi`u+e(`H<Dp4xOeP)I%%6KxAf+i#P_V))&G3BU~^06ZdLr1@R
zJC|KQv$2IE%j(ChuLa%K^z=km=$OZpq3#k^r>H2Io+(ovqKFIgDETUkWV?)uy6kqq
zyTfdmyn9SSq~4Jf`QPnx15dV7m;^{SlCDxeL4=+ZUQS6Y+qE12Zn|(sjfR9Ee|;BU
zf{1^FT#)xcr$zkYq@Xh5dq9|H;{7!Nt8WtT>KGTpeC0w5bv=J-?B~4Q;XyDEf^grW
zG0CO~FnsjmQ$a#*ko(rtjHd^nO}?F1dv6AUe-TK<oVRE~L$A`fW=K3--rH~SosTKo
zrO4NJItv;N{cx5_hMOY4?|lZSWC5g80*PPlQ$!%H*+I!@uSjGW_5EL*cX+6ngo5H|
z^YuTnLW|FFKEE3pPjj2RDb5#x;5Gh#7POcV)Df`K|JIMK(fQBL-S&YJr}Hpr4*B44
zzME!hM;wYV=TZzTjuN6{)-$YgCd}FW--+DvL*2vX_ypD1uU}u>YCV|3iT)%#lyvI8
z&y1ccarR%FRx+$ae<T^9unz<rsX5WRc~Qu+8M=IZT4d?3ro7w+k1&U`*VLJ9Y;4y;
zyf!ap$`Vs;tCBNI)FM)gk~-{?*d^TLgB0A#nF`{b++Y`Xkr^L)@{oy>hNOF!o2DH~
z-V8hQuR-RW9T~q6Tt>%s^VJs~NZNzjcDW%5qQxcpEmhO)EhArTnRo2F*opaYzs#-I
z=XQr<Pb|zjNji?Fi40WfT;6r;ut%MmOA6uhw-mW7Q<PLahn$x8v4CD*DX6b&2=G`X
z<1b!R5jY1eX0!(r_!P`Pg-^%f$S7`MVXd++BJ4y2&BvQ;k&MO_1;(d0OAW9+pNk@6
z$?(!Wvew?M=#90(g5aP;^AP6m-`n;U#v7`cWORE9woTqAwAo!AtxsHy8B>&R@cW?y
zM*eyzSNDW^p)D7hJq#~=3R;{j3>0_!YPHtHxd5d=&4Tva76mu?_?5}rWPN=Bao)(^
zSCq6*e2Lv%<sp`v%O*|qUn13S2yHLPf0RtA<Cx{XPBQQHzn~y=^>kDMtQzUFJ0*P8
z1!;xf`@OU<mm6Y~^ZKnIFsJwvKs90-BjfdBUnCcL%UKVqaM#91p7U1hY#A>GuQW@o
zOeZ=`Y296?Mt*2tsI+?@S^w5N)GOapxll-h{0(*T<NPVK9baNOG9PN6KFk1&@~p$L
z!O7cW6P?<=ZbW|j(5^OGGF@?-E%^XGy%5;P`&~0=zl&XngIV<O$4WEofOQ7-QIQu1
zon4AUOgKC}!9hBEf`<n7UzDvoQrt?r5QrE(6<Dxw;^_x@rAOuZ`Au?<NBzHXikQ@8
zS^e61As4XDhaR)=Up*N+iSzV)`i=f97VEjmht8TbAFytJj<MvX&F^!%GjDMNI8f`q
zU1~97{6I-)rx}q0ZJXstvLIjgoI2V_yB45uMXqYEm&^Ei-pf+M2S`m@-j+lJ$0k=~
zpZ885FN`_3%KhqcVV~zGvIsl0I4y5(|KB42w|VLRn;;*{%H@G&(s#7nbv2A8fD6t$
z7%EvWFUS5Y(}A_>9-Yq&3J=>@9K_%}b@7*VNbIuteLjmBg({9G0qk&5pJTjQ5HbF8
zK25gdl734-F_Vx%#_KEbaxWK*{|$<(<)3WM)lgA~>xMR$z0gxCSxodPrCVC2As*xi
zMIaxxo%!MP_P@gJiEs=@e;zMqo-idFSqq-n7cKHgu+CJnv0+lOacEBOJCjg|BjmbB
zfKllyORX~aboA+)qD&N&d*{DZFOb=#%Q_AiGv1{nlU2#Tln;AV!6T+;Qj|2L;;wt|
z?oxoBAJE<=|H9dAGEv{ApuV9)0mV3N<gWox=DZUEuyF6|MMY{#P)+N6DAIH^&{2T~
zEF52QDIz)!Wz-o}D5!6@_5plKlexyuNCm3>=BLPi-V*=$|Bp>2w*DHacG~~5CgnCN
z#V%n_qY0J9O(?J{5~Xx<6dpz~Tz2@FaG|5CtE<+&^RwgeWKvLG2opAbigb0o5g8GI
ztg>wv5EP8IwY3%C;koPO<@I)w7m@nxx;PDqw<}8hc*buBQ`x<X%ZGUXK>GUD{p{@R
zMG|L8#*T{vWofWe`Olv$^m-gi{-71wTrPp>KpGjP{fvF~OstWxR)A?1T&9Vj<GFgQ
zEmyVM%Z4MbAB7`F96btzk9F2cJ!3_>+9XKB`cC>EMLhs(=9QBlP{Bq@kCL_TRw!RS
ztB<DzN*kg6@|d{0Q0nwCnKw=8(Q^{gvZp~My}Jat9@&|iiH{WJFGdlaPhpBM`bO`h
z8`FH^pIX1vm35yv2cNzmWN|-+MNpe7pNoavD77snQorilca}?*afo;7`sjso=yF%h
z7*X@Sk;1FZrzx4lSSd@N`lM}=B`O_IZQnOiJ!TZLZ{=uc&gly@;x%L9gw&anzE8ER
zPT8=qaUfuCpb?y`w1V1^^cUFfCbTcU+q(Q#y(KMMb>!i&z%8Cf5>FlU9n9D)o0C<H
z_4@=R6=M;`LNM0y^n5z$4*l8DS+a%(vjKyJ)G091SJcmj4&2N;X$;lP*xFa*Rn}hW
ze%?umM%Q`WfThP5WO$+4PE5UgR{P59xwioC8Xa%0Uhzz9St^0=Vflcdo;160ai&f=
z4erc^<0*C2q;Rne&Mdhg^gHu64g!U5XB8l7I}94ii_2U|CYBK&hwpSY_-2b{A&NFi
zljnbZrboXtl`fxbWHThA-WeMO{^KVn&$XJ(T}^a~T>NuLJ=*Y{v$)i%Sg2MQIXlWK
zP(=2x8-HH?^z*`-x%thcYBYDFoV1g5x_h}btpW3~?)SMvYrADd`)Lhrp%QL;?y|)e
zP0+#1=zN59=gxBEYr*a-ih64Sy85m=j*VMk@6hEIsjo$#Tfj&h_(N-T8zQxN(VogH
zrEZhU`HdCMG)d1#SzGq5AJk3@j1Sd9q@9i5J9ohYfP;stQMhD><mqssuLNyRmp&2{
znH3srsg+?BX8vw{Q#*AR;U&NHm8g+bSi9mG8*LU<0%qx=4w$7oY+@E<IfcNky%r>)
zN~}CYtD==?(`NBfhJ(pwZCg3$C9U~AzAy?J>PHkqjjhp_MbR!7j-XsHRkC|$X4rOH
z5yTHCuhEW(>bF!he^e9c$Oio98O@yv`mCCKXl>Ael6=to6=|1A&Q*>Kg}EWzG+E{A
z=s;e4P!lYL2flH;6%UkOCK+u5B?Uw7rs<l&mae@V?8EB6S}nC`(*7DUrWM4Ge`6pL
z__}SI^NuQ&$<KkygJStp))z16@qb;k=y(M2Js^gb%a&_1;2u{@*a}brlhQwyDw}Qt
z-I_K3IbT8~mEqg<7Xxh8&vj>O6nXRCL=GSNJ!~p=<NydebX=I<IRn|OyiC8?+bqq>
zz<`>hPf343O44~`bfBrH7x;EY1hxUxTEho)qlkJFv6%fm7d3~KC$EIT5OV$kVWWxz
zZQK<wNuZD#pnF|KP1VT734WYk1iXD)Z+~@7on7v6Ix#k%`WUR4@8q|cm3G@l(G6B)
zXUb2-#aJ`0@A=*0LNC4(^12(!OZyCIQ(=IWSB)$;Yeoz_i$BPXuJ`NYlK14KgciF$
z;g+Q_Nv5D@9g_DckwlaKVD9<0B*sj#HGPkrY&Var+A4K_c3dXuZ<#bu#@*e@vPq?W
zRxy5HtL<&WkwweB0<HAC7T+t?HOOo^kEq|c_)_opqUTyTE?=M#;A-tzy<y#aW)NqY
zQa<>Yd_8ul?{BA!R3l>w4+&g1jU?LAWDl1oeIuS)bu&Sme%#F!5k_BDnpEHaje50G
z;W}$VC(KsvKEPFPM`Lf<RYG5yGXE#6A6;eyah@Fa$FV#pID9sAQt21Nh4P<};e|w>
z0J0ih-1$!7MtP9=+0UfZ#{=bdJZtmUAJehM4$Kzeor&<~R`?~aa0=$7{VfVooXE0V
zRdNKKi{-ceR*(FtlF1jrcmIg1j*LJC$Zl7)l=l*QihjE)spaQ$4a_7E(JwS?Y_1B^
zvEsJfcAamHPgEFw<2eISxvhR@x?K6~L4@w;snkh$WUc74g*$Zl$(h}_4~jL@0)uXb
z{mHmLighb2SNC~x7Nsgxq%RwH*)a>#4c2SP=zr8tLKo{swyIz73Jbj)W^k{&Z+1os
z-dx(%&(LD>bN>;0$vGkS-Ps~3c^1F8FOp>=FW3#sO}kq-E<KRvI#g(1QQ}f~E#Fmc
z@bSxsz=~%DNRfxDytO|^&tdgX#R<MN`iM1pWOVDNr|m?Jc37?Mj(}`7Qd37cL?S6+
z>6XsOr4e+kJFMK|B~>JgNI?@;zVs8oINfVXTKtST`Mvj%<r8@lq{n8XE)_;BLZynk
zusN=~Q%78P+8grT5nlaZ9+IEL>j<Ou`%}94`ah~-7k*XIqpQ>*<sJr?gv@!3#?qO7
z#jZp)dI&{#bF^q+6LL!F20Qf!<yi&l!dLiP%{{$#Gw;0qk+}Oyr8UM|g~7jggT^J>
zuLA&a*#cM>=08=@;}74$8u3b`4s=X@#`<R#1JRfQM0zjmg-M3~`O5pdqS;#cv9#%G
zL9^wg{1_nKk$`HS9*#*dSfDmILrJUBS`Y?vJ~OwX&}NpNTZf52Ol-QC4&TqsO~;Ey
z>Wf;G3}_j@%@481dkR@egmZJh5o{t{jEuae|M?jc9W6sXH&<kt$M+VV)jy4%)2EJC
zRLBSfFCu*JxkUBxG9}R`5k2|gVOp~2*`PvO1QI`z%wn!&rjY*3F~iF<x&9Kg*rA-K
zGMmQ4Q<VIDr4l%4bu_ZU@2;v+<@HhnGv`L8hjBGGIvO)!`y2wnUXa+&TR&w5w%;*y
zbn#AEzJW&48zgZ@M&4h$Rn^7~6?|fH5vCSJTNN88q|1w7^@~h@e2JWOJm4;BgHHOL
zC9UJRjF+y-g6mrTys>~PyCkJPTRSx~;1zzU{pwa`VkqleID3rlBRKKP1<*O_-6Uhi
z=^Yf{2C`*dQ-w!p2cLg7WwH7)<@uTag+fe1(jV4mBau!q{Q)*cSy@cwoD6608QL9N
ziQ4}{{Z;Y+=UsTQprSIJu%nk%gIDB4(6%MJjBCa<-f}(pfZwjf?~xbCYSHI7=<gy0
zvHOFv)_rwL=1y(oXci8RW$D5`e1}V&6+*K6q%@0o;(A~I^gS8{A!(k0#HO6M_f*oD
z4wk7ft0E2Njt?JJ3)QwXdAPafcej2*Io~H-eWdq{6Wwu1n3c15A$8cbIn^PH-dVtw
zLxnsLcg<jyq^GNy_oF*o*b3FdE$y?2275>i<X45id&rs>I}fjEO5^8y6~b9><jWIp
z<opoLfa$PH7i#t&!M5DpZ__*6EMOmWq2p+J!FWkpW8eI6Jl8X%w@}ZQHFwhAJRnon
zj*=833d>PC!u0px*Eea|748V|mR|3FkaV-}TUaHs)1g9b_oi`(Xj8r<_WXRi&A~#e
z_1-!Of_v@Sn31Z{^+@W1(>BK!p2aztanG;WscF9Lg>c^5_llP44pENpZ??EG1zr3d
z!UNm;W6L)&`r0i%?uJUNk_qSNhl7jCPH~PKO$!?f`KPZjV?IDOmp{X6;wz*3`H?$b
ztd76UCD#Wp$5A@IYsf2^ba)7N-p#{U5zuCRXS_^ZoA{5m@>cV%hjny!vsK)Wk1u}v
z_AO`q{L12sWvz74=#YC+Q9qcUBw8Ou{So;@wC*d|Z*9(Qhl*^=o1B>l#3pD(OjyVn
zOO@*NlsdLuwsV?~eG{4I$-!l^Bv06H^1RDe^Q%*DfuzC{ak1;6a!RApD${s?ajAm8
zsT{|`sO62{7Q+o2Sj&R9ww$!&fgc|$b&I36*rVHXZ*Es8;}+CkDWo~<2hff871WYr
z`wv_?<cLAPE~CrQ+8kUyxYM!I9f`&-7ZtNT5UbJ3zHi%wAUnxS^8R}!Sylw+J2`a{
z*8VM<b<*j$Au#+EhYYy$XeGvqhLk3C*MjZx%KK?yr>(_7{L*MG=kT(%4=k3g_^IW~
zzHwPacB%YiHYc{LzX>zk*KvyU=K|E1p}fUwX~u^;#i?3&K}hsj4tdTFf9%@VfsG`7
zHRfL<I#*<21P8CRZwg+oQv+-Q`DPF62RMos#=i1bYOTvPSbB+1$vnSrSYgq{>#M&9
z$)4dwEKN&bwKI9vHK<IPT#nS^*9VL;={o{Q%9v+!Ntt!d4}pvGc5$W~_Evt#$he3=
zAn3ee51&58FZ4ZajNc^BP;pr+2pf^FD}?G9-SAmUs{1hW)vj-d?PkY>(%i|$rHUoT
zxg0s?fKIoX;5Uq$cS_wi58?DqZy$*7sI^)u%+R;&nWo6*3khV`_z3uDj}F<RQtPA?
zgZOdxWb>ygbp1W<UH6@i(qn?QTk+rm*m=<tz8B(vlkw$U`jM3R+vVRq#JmggpD@2B
z=@3Ul7Tb+OECc4_;rO2Ktf>cYB0|11=@WUzn=M5Zepv9fD7G!dtYOz%hz+H^-!=PD
z@q!))>E%8B-pN-ALQiosk1Jnvf22DH+d=wVczat>s4&v`+Y_q-a|cMJVfB>^3`g0*
z-86r$zh>+ZhnLW*NuHr(ApC$;Me=S#UzxWI@uKxtRXTsv_uk$1>8jS@&ql48rjFf8
zQA+O)`{NqZET#0=Hu1+BJ+^*>=3F2D3n#NtA0st69-w*w-GpC;wl7)yc}?Yc>PN78
z`=sZ1A0+i$V#n|$l4%4YGfExaT5fvwlSJacrb=fMlaPqhsfHVp6Sr*B_LQ&dm8jX%
zR<-jdeoJ8^Cd5tm<o+5-lyTkHq!xL0U-NV5dWEuoYTo|Fr%&2d@dAu@9>lUU(prD^
zUB5%?j~*WwcIaD6c^^U1I0>H>$!<Ex3RyWEe<}j;zct2ll|(}d*enbf$Q_A5h?=O6
z8IT<yVx0>5{ij7XpyZmOOEb?m#d0PrX?zKdEN}DtT9B`*sGrDP7+|6w0;SYNHWqEH
z$5tN~N74ysF-|XxZ{E=n+pgwn-iut1=RMvUM43DTYL#(*Xw0|=B-SuR2x&;6;z_jg
zRSzCMJRN~(_TfY?UJ?>|9h1`UbY44&D@j9|QW$`Dw(qDy-<wxabcSEynLqp^;`W)c
z-?$gUn?9V5-YfJ{P!tKh#ycInR)~?~)+XMFua{_M(Ac4DPE`*^-c;U9f0ceM{HKkA
zbP8P4s#HgeSNnmw;y;3$(|UNeeW0(RG<-gsaQY*;Q&{^4XLb2#tg36PhV4-MRZw?G
z=e4d`r{?v6YkDphOQ%coRu%p96_;JefjU2=h+l@q@-wC96?YwmOP{_U^f*0h^WsYF
z+w?u}k?XBjUbpAJ3mj}|2>ZF?(6^n#aVXfL3@0XJ^-<23DeM%w74<qT?0D*j6g?6R
z*~imsZYKy-^v~m&gbGFO^z3e#eE6h|$b|Qq@hKK`2E{+f;hZ|u5Z;l0<5YBQZGBFj
zcur`?tSBO}wASd5MvP5Z&xO2cBDpZ3uK3FZL?FLEUD@5K9Gn_)NOmMp&FYXZUQ~X$
zl;53rAO7tHJnp0_dB*LrX|qwzTy?`y$H@MyE)6MpBwVVFKkq%%!ND;Z>2H=&WX@;O
zRJ6BNWPW-^xnrk}Zo!)^s%BG4-oqo;<zPUIJl39?n<Cf($!+m#p|xb(W9LKTUhOlx
z-P$XBfm2^LYh;uI*~^wB1EN&IOb&6kn49+AE&JjVV_$z>D&jw}`UW|xH<LEXsaR#s
zI4$TFkhcK%QN-CDI_`hAlLZQi%fSUYIRSqZNXE#`$73!@Lsvvq&8#<Bg#1SWc^dZE
zg+k=%>NWpqxsO|*<x=vk1yQq{2*l{`>C@5AW#3_34}(&EveKTUC6!7FZ7bf<yQ@)#
z)U0&<CNUFGPrRttHG@h9U>I?(@6YiT>Gh;iM}KEz$GCZNsjvolCXr@ib6Sp1{@s=u
zn`r+*T*twcj|L%hqs__gap^e(?!*%w%GiEjp7f-b`D25Pc|it{8-A+Pc0ctFi%tOe
z2~^&0?coPultUd)r5nw$xnD|P;~??pPrVP<{OYc!G|}Tj%}q;U!=f$NhPf2GCR5<N
zM>%%%o6jn3pwdmlKh-c#f2@Vi?A7+k<nZTvDL2_=EH7ilB93vRNqKI%?*>0wi!V@f
zsj;r;nQgv<)#+Xtdgc#}nIPyq0zv2g-fV*I3p)A2<RQ`E@)l(*y6>@Nk#v-Gk^k?p
zOP)rRwaAad`g&OOvfj6P5>gWt;x&lH_$CrOFO-LOKbfhNrinuC#Ozi#!nc-^<I&I2
z*A2@IUeo@h-MvUnReCnNxbveE{;0qHbiRx?`n&L=9`W0=%|LZtR7f(?ld<?i)AQoa
z`wx6XA`zMcxfO~+GC6xe=;caI?6(}N%c3D=SyC+HVZ`%7pbI&RKG&wg#^CK34XitH
zzoR#RJqJXTGC{T3?km5y6<J=~zAX|K|M)P^m$5d_c}u8Vq(fqdzA>?*e<Ue+k30iy
z=bWkkO=cC^fxHZ4NQo`j|I!|GFkn|9>H4$B>GT%y;?0YaK5yo}&U@+0OE(u<iIuBf
zmEn7~F?<3oQ72cs5*!;J@UX=N@B@!7L$?@Jx93$MX1u7dSK2m)`BTAFCcIZ5da{F$
zwK2l)r#^M0SFJV2Qsin{%4Ms)XUr-A3=u@P=wbu_borj-77=ra)MQKE;x}fAwP&Hl
zsjoWl!00e3`yJh1L-*?6^*7jE5ZrK1v-VH=(m>r78;ROk#E^r3W+sd-r<jl3fU-V8
zk>8u0&ZkS>+7z>TkeT4j!X$tuGtK_^A*2y~U6%)BzHpv2Bw|zyA`~guW<R3FB-ELy
zyB(!U9^e7FBrKUsO+(_=PSc@2<{a@jxd?=!?f<NTj5hhtVOF`1P}#ru2$eDA@Xj1S
z{Qj<a%+?IJhMWSxh8(`QNmkt+LQ6@h1>MxPYODPP;AW#@bL?{BF&ko)2P%XmSBEG)
z@mX|p%|Hh249R<1>n_BEv~YgzHlBKD?|JPb&(ZMb?r}VRk`tXE6B3sF-mEm(^&%ho
z>+nipY-vi_p-An(cH0c^FTe|QphaOK%T9OJ(+d2<&V?dRBDxQE0Nqkw^<NktQVi)n
za`Jpin#UI6l-r*vzr_t_Ss|;wR|isphk4TUP*$mdw8tQvB&J*fi4Xi?vFC0t#Cd4q
zRgU^tR1msB*Pmdp_`bYMD-`)~R3S?CtV_21`HMp6vCZ1pko*S)T<Cg?j*p_a&GOxl
zcLv?HSBT$6Zs~lHm(tV%B)W*xX!VUJK4D)60fTV=h4ji1bYENSR<`k41B>$c$_;Nn
zdG6=pt6YwWSxiC!Ur;?(#|+og@6dLgmK^W9!TWg0;$n;9-TI-r&4;YHnoCCqVled!
zg)eg*wO~-X)9zPiYR&*sAES+NRIM6188yiQ<&{=ko;#>n`l^VoH)H_OIpU6@gxGLZ
zQ0e@)Yw(4%z00WTvs(<VwB=`IC}|9zMVr3_S~(o)L4#KHv^7fHCYMT5V~rzB{*y+i
z(txE4s?_71wTp#EjwZxTh&^gV(2&Zy>^j~7KFOV}pO!SRIlXt@aW3j^Y7UW9KJfH5
z$;CMDK>;jvTYD}QGW@iE;SF|S;CnS%q5Pt>+cBxRk_Cq@#0`73tCDYECHkc<x@6-F
zGK|PYB^!@0+y8ftbt;nU%Y_!)d|TOdc|cH{OUNo@k1t0a$ke`lq~!^D1d<aYzlTAJ
z@Mn{OR5PG4dNeu<{#f!01P=>xvFsx@=bxkg2X3IZc%v-Ui_5S{|54;~hZG@nwWf5;
z{WJZxfdywSGle2YTJQ5MPz^QiM?H%}etgtzGf8`|=ll^B#7`k9xw{yNUr1)TWEck+
zf%cH^?QaBbD5S<jMItpE@85qVZ1E?AnIP*v#`HPrKj{G1i&k_0J`3;<HP9a7RAwy5
zyC%_|mRPbbOJcJ!C?1_vyQnD2<N?wuZ5h3H0Z-aeW~NUbJ55dBU0f}g8u(qJn9nl5
zQ`0FmCzFesUwE3`va?ZrxYDxpvaDD8&o+OQpv4O&Rzb6fm?+lbXZH)BV=-_T^5Ykc
zm>3b2;*PYU47$%WH;3(hk37?+Au+@|w~0c0Dyk!qJCZqG-qB~|Ce}-%HC$AHA=9&W
z{m`lFH=C2of4=iYZTk#JsY}o(l>1Nv>*M(pr@IIeNX4=?sVnxNG{5<^py4=>VwX%6
zprKx84n^7^3B1po2ZhXD`d0io3_H!ibhOr<`*3!n02Z6s7Ji&Fql|wh2!!b{JciYS
z=tzA(*YqZvAPvd1;;wI4s4oDJ(W)9tO@|BRK0k+0_3q=^udi~D1V4qUe@O*;FNqo~
zFmKu#uCjxR#Pk)%<*VN71H$owUnikl=)-fWL?)yz=wlXXTK_l50)uGXWi(iotnI=s
zb%t7s7aS2_DQ%{ce2KLA*<&@$&`e2*18rWsY(-1>x_irWidyHPMC7}Kt6GEQh6Xww
zbKTiB#4Trbh}ZSVd-sGz8DF!+pt!hbOfo@d`hN7+uT6vt*07b|4xr4ZOTDrl7Fr9=
z6Fk9G=GDm{^QS28=_&1~)%XmMQ3DO$*tL~`0rcAT;lbWQPQY@0O^p=0lp_-_KmSXG
z@<gTG`+fcWPCth#@XKS6r0z$hkrgd@XHTO~QAL5dy%aUE&wBd#R=q<P`|j?~N~hh;
zh1BF^D35v^lX-;BBN-pq{MyKcQae;8#M?nBKPEPIBV#iAVz}TZ<)~gLQ*SuX6n%`0
z$QyGpn2LGGFCD|D79+DT&F|BS0l$l6CkUzpWZ={G3DRc$OL)6n!!igdGR5sq`7DhZ
z(p&{oe}ZA0it^g=Y;jxB{t-qeKdW*4+{TOk1<6(l%9Qt6Oy#F2<jhZw=uQW-%Xs$!
zb(RVRboR`x(*vEi>keyH$*FXtq}MFf*q)NL>G%CLPW_G_9&k-zvi9}6{WpGmp8s6v
zv_A7u%Js{$&=)-CK`y`wm{}Z6B{daoN$*r#2OZRBwu3bWPzw(pFbNqwxyZ}Qi_+FU
zgR!?q>gp!^c?pQ2i<Te<!VX;8iQ@B97|V6^mFurj{(Xk80{xjUzMj)V6ddM+9Quz|
zV-w$#m5ZU6&7sK*aXZKEEJ$j0_R<s+J3FGXX`N0dTYm8A8>$1Uuso0&J$bdkM`&Qf
zG$b%(r7e;khPOte(YKLt3A=Wc<=PJ=Qc0v)=MWQ<i<V6U<_Yv|HW(k%sx}2QGU+=h
zG%XRCOvN))X?=4sCE!k2W~*cVly7IV5WyhK?A*@nygSFEe2_;&;>d`f*qv7Tc>IWH
zatQ-i>Ik~RR$)rT`oo%5cl&|drh{LGo-Ca3o$sy)`p$wgAdLtbVFrziSZ6u1<=a*+
zE|lh$@M@)fbEVs$rN(pSX^@ScT4<)<v}Q|5s*JxZ+jrG(?7Q>XNo8)!K;>xs_l*`!
z6VeIg-TB4A$5YC$I0)Y;N9)`k{i!!q3YpKpCpK~aZIDHV-?uyOd@^vu8FHT7wNCv}
z%PmKTq4rO1=gSjT^9Y|9^upi8U+!Q1{^mqE^+S;909Te~D9+A*Z>e5TNy%!=`%m|+
z6{gc1JKj5+<iq_9J?D|<#mX3Nk>jKrxMp~s`K?$ve|eVwCkyxU8^v{AW2JnvI@gCU
z!m4nSuMq1z4F4+mM<?_eduz|h+0#aQjq5b5*G_pCT~L1cMD^a;SL;&&$H`T2(cEth
zIoh)}Ys3pG?ytTXDAmiQ>hu8lG+XY2$)kg7iW{FK2deDehYG3l{i_NR5!&uN{M2%D
z)TL7JypV4D%1I%^^3*>02WOAR11>!OH^~g>Hd`Lm-zx9Vf1AG@T$5R<1-jw9X1O(S
z4wA!3@pnY?>Y;^{JLB%xLiVe$`DWD)I?LchiRg0q`;*6+ba1INebd<B&mlmY7{(5S
zq&%nIj@`dcGxo_P0)yoLXSAW5t&Hj4-WSAQfk?C<-9~E!(<e_~ACEZc@K*vSlPi@{
z4>^3CbKvy9gd%7;7xe@Mi%$GA4ZWn>faQU~;d7I_E&$V>ZmPLjnuoR>XZFFBM?tku
zf#3PcS5&m`PLY80lWN+S>**h=Fkfg5JAwcG%XDhEWLknhY<1NG99^Lrd~BR(R`0Ge
z+d-1Vsxr8;zN-#fJ$S-C4Y?^sLrSNt3Ec4-ZSt=s7$feUVj$bL$Gk;7c=1V-6Qs+5
zhpB>NHH9MPb;z%EZVPMgugPNV7#x8N%3ecs^jg*hE0AXgK0Q0R3ksOKKQ^jB=hZn3
z9iyfd%d3wKfJbEFr_W5{-x;<J(YYcb<?-$I)VyJ-)y1BndWCn@ewXECGQwBFe=PAR
zgbweX4;*jwvHj}1IsbWRMLSfnm2j3Ri?-TEVNN!NCo-lU{%2S#kwZ~iPWyAwZJH-0
zRZv2^?%1ifgtPW<Gj1gsyx%C+N*Cbc<2xG4?Jqd|ljq-&Dkx>sM(w)&FyQI#p#0%?
zanC6=_FKMB3aM_0<s7i{rD^^eSc|(86A~rRaxwX|3NR-TNypDf47E|El}K<P{^yX6
z>8Z;_ZG^fo=4Sls=;=$)t)4sIn)kc2Zy9uDN-y1NyE<C^=MMoGOnhN?xmeE9tuNVf
zIm}zzJp>MLXrb=FRldG>DH$N<NX@;Smyv6()&{pc6#}YDro#nyw^#JM=elcG=6wl0
zQD?6rV%bEz&YX<H20R*dI&O=RQrlJA^%iq0p)N&wW4ql68c9~BAvI$+m7Bds-$o%v
z0!(hXDez=aK`|?r81lU$g0hD+X$B|R{KizB*60T&491<#U!J}+J)%p^v~@bMLw9<_
z#Tsnp#j5S(7iz%Z>A+@zufCs8MnNcm(WNvVOT!w`F(Jv0MJGI~?3Z7V%7+eIi|AnX
z9s`0nNX_?Z``<|x9D-mY=kqH0ij8%t&$;7XmB#zSH;4aAnQy3(0QEP8e>+u5%Ni~S
z8qS#3ee`9O{7dmkwoDEe8tk!q90~tB+A7QZydSf@^tHbKLlTdmf`WyiDG{8)eCwNx
z#5g$g#a)sly9_@a01Fw_z0W{@PT$)irGj?xF)=ZH-X9js>cF^;dsxoL5`kb<8kbNd
zD-=c|7i4D62wto#kfnaPjqnezuxifa=HXd*T=}X1WFlS$vzC;U^pR18jz@<F1)&qo
z0q1X`1J`~IEAPyl&&}QbIefFHQh%GaYZm>~;-S3XviAP?x7T;e0(aI28hu<4T3UDE
znCEM@KKaS-F4~b2ee`ngMMg$fbuJh^F;M|Kn)4fB?}e=Sb+huAdDQRs_`APtZ+~4V
zF+$iHyrOns`nE8ck1R!LD)%Rux&*M;wzlg<SrQn!_^Y?ll2cM5U#!(#v8HFckq5sP
zH1KmSV0)Q$;RWDFrq(-2!gC#+lN&{I>tGur%trI-+18v(`N{17VS3i1RpNBKtYdGU
z3cA8fTAXbMKyCK>o|RX7%L>!0U;wsfKV?Bu3JMD&9eo!1U~w)vvP|XQ5?~_Essp)^
z5r|jy-QiLphk@*}?iM-CzB|{`=}G(h8tdI-?XW}0&9ma-;`psaL$HK!Rai76TLrGc
zreL?vDU0@-o0^@`73uUC&3Tm_fnYzqOvM)@nvK#_9-3K@ix12pJd!m_sJ)XqTeEg1
z|M>&t$CFT{?+I6L@zqTg#n#XK87|s%No7pfNygoK#?%nfeLira$$xXeK<{(?WU!Xs
zgg^fQ05h=3<Jmpfo^1Cm*n7wlA#|}b`N+q_l>DN8eW@{Ex#9h6Rlsgmf9GAnv5+T%
zJ7IImHg?`}I%K9TELVQAp4`HjXhoq3zDr_vLhlpSw;uN^N^~gNIxqAUPu*DDT<GVH
z0ZS$(H77^cZ`>zcVA3*!6a7xqWWu?=5&3biT{(fEfS7yQ=hrv4Jok8&{0YLh<p>;P
zGq1crdm(PIOLmeaoGTl(^=rg{fJjEJ%^b`ZCW7MySlvEqtV(h>xhY80|ITF@*Sz0L
zUt<-6*hGJSi8^zMyY6CfE5lPpEL!MHxwnxpJ!$WE7GAyGym#GAVZnPL4zbJ3cR@(W
z8iUgsWqW&x)P3US2N3FopBXduxq;3N-YwIp^Z986ChtT28iD>n;Sr$^0ev2Pu&ZDm
zl6+zIu%Tv_`=p&l+w7r>5r=>KR<?q_ewOujB_V60GZWiJY(gd1uk}y7Yuxk)`&Nah
z*{_j3%141Y*Q{Pw->;K~xcy{Ag|Ln8rsSfWZv9%a&g|!_8;tBY<k7ce1c1P-O_{GR
zYj-30D?kz`CMoRF9m#)if{nSH;=Sba1J%}l9<1cA0Py;Yg;D^We*2j5XY-*ae#PFQ
zD~%6)wEZt6I$Z<2I)V=17FJ3@2>xZ*DI1@O<XU8e&fbSC*F-ZUc1*lE#@g2`|A|Dj
z`MY1IBJUrc*d7-D{r)EM7?A%zjiX0Q-;68tGQ`5Txw(HSwq5=5GA`~+CfNUVJ(BGa
zZ+=gxt1SEX!jvQ9#_qE`_Rx9giPI$Wa&J!i`}eWNkHF$ODozcSFc)Y31gzS@fn<(x
zg&AyLs~F(s@2lU>E{%X)XJqMEg}Ll|Ca@&^BasVz6gPLg4M`O=cy@rT-Vt$2i38x%
zK@!GRPx!B#eOIlhvjmn|vhoPQ>Q!LFYB_Op-lhk&+-g;EyoehlDj&X>CMK@ADyQ7?
zR|t4sGCi>>tn#h-fVj1Y0*T%w*^aA2g&@NG9CqUL6(5;dciTAZ-Wg)t+<qPY39=aA
z@2!<4)!EMUQc=rBPP*RkjjZOW%9g`Sfb#GYr_UCV$pZAhp^y0N6kOhX{-7_G6V0?W
zhoN4t`}m{lQ5guw2J%!+l$%s>t95=DSuAwV`GoDx$`9K6{W(p<ob2|sE@5nWBZ_u<
z<n7&I)qb&@4XBD3jB+}iu?WPxLUoDVIf_~jA3hvnUpnjTMj*%;l94K|U+dh*M^Rzt
z5nWHV3A)<aMd$f-kzj#Om7!f|0@D|TggAH=6%`@z_!_(2*aUX1JWOZWW*hy@`$ryO
zp=s1j>Id!Z?Xxm&qv*~?q!APCYF9;IOM5b}*8Gq;j={Ez+!0OvCrKwz#H{8+^f)}1
zf&1H+J9KvmKlMdo2fTX};n#xyaBVI0!_(!F0yIr~%P-#^9qi2IhEh_g@N!1PFmA5?
zdYR`n+$3?9#(%M_^lh_E3cub^Qy|N{E7jL}9RI|+T~gafYW4eYtLC}+aS%%x08ra7
zL^-ZawKrTjCl~m~qj?eDpu+tiHTC-27)HmD&KO{K`d#FA%hVpC7(e>Ulghy+1b25)
zolGgg7G%&``-O(Un{>F#-=CkRJp8=&hEbX3kqmBPj3XO*^9)a@x8R%JTjf&#Z%{os
ziVKH(D?K;SfJ1m}d~*t0B<(!#0d?os*vR%oK%y0KftSn3)!KrSiH0&u>m-!Hf1md_
zE?J|9+S!;3_$1U#KFgt?0W4>$-nB>;5@sE8VCZ@h0A{*Xz>;)IJzJOLWl-~B7k9TC
zW5J=Td%&xml=hgFYTFf|8#g}vP*mRr=exWGD>MqO)Kah042GYipa1a)SMqY@mAPBP
z2b=`e&6a(Ms(bCWgD*VoQfkk3iT_LBZ`YpDT9<`KxL3@$AHXbYhIM~1m-i^`#Q~F2
zZzB85_rA`tzcMB~apK2qdbY>Q<1cSzP&ZmJf&SP8Qr~SgwhrPQ;y#=A?TD^%-R+<X
z8FX~8&E0e<{eWhFvtQ3v_`$Uh$>4p$o)43vK8#{czkHRe`Wm%ES0-=H*O8ZgxZDPX
z9MqaBKd<bsnU5*xT4%%DlU!jwG}o_Rr>UAU&RV^h$qkD!DP40cdkS<_ENu1u!Ygb~
zPAJG_oiaFcSw_2wr${$j9=gM6_WP2{l~=FazRGYJZT%ds*L&Za5=!&ULWtA#!^~X@
zWzVVUL}fm<vd6}iF&hHGdtu7ydihgrMipkf9NFt{&+EMqA{#ztJBFFYgewrJw9637
z(Yv{!DP)QEC0j;zU;J;vAy|~#z4!lU?q>{}yst6o0dRx>5zGY_`pIjCh3X86vKvCo
zH(=1>BF>^JQOe+$lem*Wy<a|8de=WaIaqsTPJi(aSN$R2Ja#4P)EM@;71$m>a&M#!
zlS+G*;Tu2WT?Qh$oT3WlC4{;rXC4D!wq&lj8FYkFo^ae=9-kVE>EZPpc|`Gb4@Aed
zUl}jZWRL)H^dwFEnI+hzvsTjCR4w)u$A*ch3=+?^9_SPMU?XOL=yuZVSI4Yfoo-^4
z^P16UqI#$9OKRlK);iv2Oeq??xZU~*bjqPF;kDcJ{7p9D;5*{V@mJG>Xlk4X5lyV@
zbNaul%CZBf@}F1xNH1Q#>3Hw#)pO=yS8QWCM~}V8Z4Xkl1t>f-#ZaXlu<QDh#DBvm
z$I6xMcG3r13d-Mc7ep;InzruIQ$K-%GvlmU5A(8tD%i}!_B$MdJ;X&_nD2N_i6{rN
z({>j>!Q3jXXM@geGJnG!9qs<S$z=opkQF!c7IT$KF8z5zMQ>lzF>l07$$Y13>NMMi
z5ogZPMW(hqhqeYZ(z8$^9-LB_I<;6dRic}Xz_lFIF+B#`FZr^cX^W5XqU}9DZ=lH!
ziboUPg;M}B#^wr{dv!M5I;Nsk(4d6rc;F4dbUG}4-*%w_nGw3U%U&O8etoS^1lwsi
z2%7WjCy4Z}+G@b0`6Nzdo)ZI%c<cNFlrASfKb&9$#>!+K#wu(?&3Ts=$hmVOkJtrh
zJSo-a@Ql_X&6IhttGi%3n6G;JHtjjei7A)Q1(A<s06x$vl+)4yVMwuCkCTCb`xUo?
zUx*x)r$6m4)r+lua+01+j{bgkbF<g%aSTpBv9BwhrL}P8O8e<-iU^_k580^ifCY^(
zsWNV-7qGrUc#Vq&3mOFAOV=gN@ZQeJ;Jx_emn%wijEom>F7F!9OnHSddB>R$*7|Cp
z&QG6MY};G@_zQc0;QBc7V8&PZZ#ZCI_g2*hPD?8b0?&*9$EP#^RKDIT#?QnT+|{Fi
zvIhQ0c${>tVH0pg`T$6;DiTu>X*V=ohMwg6E{#GGA~~)G{~p0E++|c^g2C0)kN}+9
zwQgRPc2;9l++^}u9MDX3M)A>5$AeKglC#Y}C-J}?zqN*eP>9d=W^Cp0!IyHw$655S
zH#yauOXDwP^`d`St})(?KF{CxrOHnF2?H$b_9{?&c+Z%)wEK7?Nj>hO3Luqkv5Hz`
zJb(V&B8ZWmzVO8hxpL#m96Q4NAPSst{}L4y72^!TS|RF~W@8J^J3fFqdu-nOc1ce|
zgX#3%g_~AIfOGf^Xf6Q}5uKWh3&To5yWeiWiVwb+&q@luN@SoaKF9a`Q5x{VnvyEx
zH-8}Bzf2DR`b|lnpX<rJaPR0iE&}KBzdWv1`NaU&SK66L;l6Q|1I_fhu>5%D7vcgY
zA1XT@ja<d^?Oe3{h$tQ#yDUHK7(Z2M)m_woPgFlU&G5<RJLl^qemcuUvhD?RG6MT#
z5khAmB4DU?{lT)}$R7iFw!+@hz1$UH$OU^c&xPN;jR(SIjv5yYZy3fR(#dM=s#;8p
z78Zc!>E>)z*6y#aL{5>Y<x>J9p3d5%-tQ*rS3Hl;qP$&b1tm*S3Ep)0`FU&eYZ9)^
zbMRJ~ep#mcKqxmLd7fx+azS!@bN3_NANwfRKJ`pweR)UY5qN>hF7Z}Fv<!!pR)veQ
zMv@JRJw0IxP(n|1IYop?bsUFL?v)1=(vM>TXh~nrgH(BPo7BgJ3r>eov;+B8j6#M@
zPueUrPEm1wlcECm=jTocJ0ka@(dBaC(Sak^ptG?Lu1$tC|K#at^vqr~ZW>Iq(4YgQ
z)u{G*_H}I{W0C262U%Z&T6WLmuhXY*za4&x?cZF9>b<LzTipAACLRG32ZQ(JeUP1^
zGWp9wyHLKXumHwXYx*D?^uCKKVg0Me{AFkJmygwX3oZga?&bL}fduK=$_>r}ilB?&
zMWfH!-!xjzr%#okSg#~FN3gVqhAz?mg49Nrw-2aMb4Ccs*&U>-PWHBM(#z%2opm3e
zqN?L;okL?{(u;5XRB((voFAkmpxKkafkx_cp!Qt=3aOVaLyO~5dH~Ikd;bBT&{}~H
zAVwa5EbR1*Bp^EYxvvBI5qPN7DNZz{O=m7Gw3u0g<pkAPZi+<2!zwOxhun_#$^7+b
z8d@;l;ON8Og5caEvkWMfz;|41=U>GV|1A&B+ItZQjbPv)seeJ9p^?j^P!PiWxc9eN
zg@1L1g2V8(9dK|a8PIPVRdLR5j#Pkme|YV0pI6C&+|Xn0l7Oa+2e@_n%Quu$1Opga
zA#H1+zC$n#NkUi2;C12u_RifPeKXnjWdGeJw(Bx!?LVp*bSOn!{e09s<NiG>5`Q>$
zl3m)91>{(wYxF1hL^5Y~6eJ~MOY|~yU)HS@jI4B*EK1|NNFqVQTUDYgSIuMCK4s}m
zmn0Now9-(s&ZLb2C&34fu3=!A={Q9bfw;t<TgHi2Vm1|`jO|MGG;sWN+0HUNIXMf8
zi}Sy0bwykw@SW3P^}KR{b<p0nPjSk+I*e4L!eiaBv9o^(XW+azt1#;o+<=sRS^O}T
zm7Xi2LtpiM<vS=j^?Ue#SG5-J>UH$8?Rr-S&LT)YXiAEKfC=p^v`r+Vs?}Kx<loIQ
zc<yRNr#tG6aio9IJjpVHVimTElX3eKAH26CyW5g<vthA{1t~Se1NIKj!$7F|?ju%+
zhNP#KhWMsQp2;;Nqr<-3A{K2IqJ{V}f9M3IM8#dw{#;xTS=tWuIa1y3f0rv0y`=m~
z?!Yp8xj;|(&%n+6U7IfXD#H(3ae<yJ3|HhsXROkTTMMfEkL{O%=C6`ffGs>nQ{k}a
zYn4_)YT+$M>nS8#m&BeDLhSO8Z++t{yL@&jTc)mDi1qz*)>(%i=W>foD|^<p$a0l4
z6;;N3+Y>iVvc`A8LB7ou2_$>2Kcs`so=+-1M_4D%T)p%9qO>DEM@jRmS2CRUr0TO!
z-Yf(YRsY69j(>MUs_VhW9x`~dj9p#nGClAHjqCs6LR!268e}<gTM)f2hvVz3q=MfG
zSC!P2gSO8X7Z;z0ZyHuwj^px^1JJ)3J|5MvprzP23`36%pHptzl}RZ6c4kpVc!ZF<
z`ITl#KdvqlG0QB?HPDBe7vS9&$I)J1^v864wTys;=fyDMtC^&`2!-;iA#WSjL6+(I
z3AI88;0>q1JFWkA^c$o+&iwTsgR6C8i#K1Dq^qAPC|(g|-ByW&tKAPM?I7J0?tVC?
zItGr^DJ=FJD2ZyR!0f)GPRbo)K=`q1%N--YKd!y@Ke)EX@nH^`>%egT6Bj_ezaF}d
z4gbI3=h#PG|GWDB&$#k2==~qY8Ih2Z3ixn;wAR`H8F4Efq4v*G!T)S-fUlg*AjNF>
z#rtJT!$H7n3k4o^2F|o`jQ-Eoib0{TAO5rK5>ZCy$el*<%cdzELv$}04fMu&$Czpa
za%r=xyIrchUqQ(1`oPoifg)=rAsw+p%MZgZl?t9*9xe-RH<!M_3Ii`ZeMzD?tslWE
z3boAKthU>hT5|Ew=l}Ovfb$Uu)vW(vDUISS6acV%i&;ar<+k!Q6P3H8dPVx}onOja
z8aGcui^Ydtq&#w*{$4xK`1>x)CAMPE1p$zhYF(u6d#>;F^E+<-_b4N>x}4^fzO5b&
z=^P@s<U394WI~`;{No8t5@K*uQZ^a9p7@1y8|tO7q_jgnZuH+;y6U(np1&`Mq$nWW
z0wNp|(%pw}fYc$<p-6iY(jC&`myqr{x&)LCDV6Rzx{>aD=KMXp;17=5o86h&*?HH8
zEpPdYb5ju7W+=Z>`laE!byAj-_1F|%0q2AmW|5FR<dg}*Cp*cf%((|rr96IMn-iPn
z6+}|TGLX2;?8NyrTy)HbRKweQid1&xDUVOguGk^YU#a?lJ{E>-4&8#EcgOFKhkC6c
z^#TswS%zg#?H%S%7qma(q#d=85UclSC;rvfpuj0MI$V|H`+Jok?@3!0(yU+;-Yn~A
ztzMzsVlE=W9Qey`Y_8sgd)9f{&go!TDJ-l_M2{y}I#V_XO{FDhPt}#8d7N_7b~NIu
z*~uRk!^w1*$6cSU<sL23j|W=*Rtt(|+?*T<$ObtizhG;s3rY#7Q(5#9?v@6;VSEH&
z>D7Hkoa1~2xPha+_J;%r2-r9)R%cPOw#aIOut1%CJMDC{bHy(J_g(^gB6xl9o7;JV
z<YGYqDBR_b_W_fN)>UQXKHax}-5<Hj6$q1};kOzJ1mGD;C+0j-MiOgF3EDAT4=~<W
zle(6_zC6uu4}OT#>@b2G1?zgg2e$b`Ndh*OK%^5L^UsPzdoRKoFpix!M?&d6wx7H2
z{8+n>q|<K89&))4DD*hAtXrb@xbmg(P%AebdQ<;t<m`CdcsLO65gQj*-<Jyw_Ry*V
zV2>CA2-{B%2b1sJpA69Ma4>^6Qf`B7ND=IwnKy7McBT={sc60&ka0RhHc)K`@CUCh
zP)$S>@J@ct+Y>U?)}uqUys`9fOrpY!MZvsEKrDqKkpSmW4c{4ofCtMF11>uF3b>k!
z)8^X}A9LhmbY%k>IXeR=U<~uejXWajoI8~1BC9X~IlldfgaoNqZH+cNKn&}gcnam|
zWEcT>!+gtJ^t!?IIbibqn{IDBn3MhLLVr%eEiKvlkWTc3X!gxv<yR<!#rJLCFED>7
z=Ki+>klQL~NdmAa)2k8!KBupdZEbCAPoH*OMOJ?xI43rx6Lrb}&V$7~XM$-BloPO^
z+}|jmK{TDS+D(-EHC-Jj)0_^88V0D}>wiVdj}}s9Cg{bN>&CD$hset8gATL0J&uh%
z_k$A3zefPK4t^S;@P~B(pgMd1w#t>-s1iX8_o;QxMhdh#B%T1FQlOL=De@3(vOeHo
z&CU0vX*YXc`|Cfq9!>%KMaP^@3fJ=k^99vw;N?Io2TL@8<hYogf@H+RXwmTQe~d))
z$umz?ljMOEN+4^8lvM+RBC$aYKRMf9Vt@YpKXNVuOLYSElBZxu=A#HuC#&O=^J5Y7
zRpXTk=v0ELI{6FH3ZajC^D>1R*`M(A0$CNofV46YG#vNdUW0kwT1G2i4Q6mI70i*8
z-)UWa-=S%;$|4!0-h;vcLP}_DskLkX#Mt7o;P+xB(Alc>Znnn&>mg+VuorVfJlmPM
z9MR^KH&Fm$D~n6oo*%4q^53a0WChQ($N}+t4SQ__aNxZFym6Krb<o%ExF3k108O%s
ziP6CQ6@Akyx*rx9HhW9>hx>OM{w`z$Hhli_V#9jpK|_~WC>o4)cPrl2_b+Tjw<9EY
z)<q+Q^I<Rx+9`l3fCDTRWIUpd=Gy>a3cR05P>7^9Fa4A$u!mIP!3G=|i!;sQ(oz8|
z4#H|loHP%HBTnj@N|N*8YVSyuh1!BD83f*)QzBnAuR$e-ZREB>wy!>KHJnE^O*FD2
z1l~Q@{U?4QGnhUL2spuLdhk%-0jC4;d{qI-6Bx*DlOrjmLEN8JH7O)`w36<FZZPOK
z(VByaA@r&QR4ufQPQDv@o%}G97u9)nCG|juLBjppexwWmDc~~L70mkr!2*$kwgHIy
zK8pVVFmXg}KVTFK^lRTcT^w00(FBmQq5Cu9mnUBH#U@9RxEn8;bX~Qf)r*Y+?a>A-
zE(9~=0X8-Y`#z<~XY5QeN$@eAOuPvH8oTMC-`veA67EMl2<Aav3Jmf>!1rptd&i2T
zRP^1=Uwrx<#NxYJUS(MOfZO;g(>&{2y5|92Blx%@aAX2f+Y%;&B^<&8f#A!U`<u2Q
z?!1fI1VogOjLiU+F_=<KxQWXisKp|!{LjBV7T0qDE29o{M%5u%{&ot`iQKZSmubdq
zq97<W1xU?32vijVZK{dj`cC!6%nS)H&|LfkJ;^!qv<B&!Ry!<fEhw0k`01;O$%1w;
zz@<>EX@CENu3qr|^1B`d4GqUm^Tu>-nX7s0<!-YYP-trvw+2-}C-II8&x@cfTl)-L
zj-ZXiY01*D{YmWRA41QbMTC)YC;+1s8yTlwEa>52N64e;FFqB`Hy2y{Z#wUzm)Jm^
zl>h#daa{eAX}{DNYJB9$K+E+8cgAU0^_y7-e%;Df{Rpc&*4pym{BUFTL(gQYHa0fg
zsN13f7RKH7$W7Wm5k?|d^u9#hk$O{VJ6X9nC~>uXw7k45u9gp~;E|N&cbVV!OXRZ%
zTW`L-T9ZQGEfBEQYX<h5$!|mVx$QR=p;5+Lt<8Vz6O&tjqb77Nl*OkJ=XQ@0#9>@j
zMY)!6_fi&vN73{q(`&qV5irz$tl~XO03T<xes+76Qu$Ew%(u>I!|cB?vHHYqfqk=X
z?w7G#<b~lB+?uYg->Vi9GEN)rC4c?OnsvuMF$PSb6z87tLg1>ZK<<m>e|@GaOKafw
zTNDe_L{LEUac316h+hWIVveg3uE#i1#b0Z!>=V&b&r@)JA`9@(n(2~WXg3$R)$=6w
zr;MkCuaP8=9tF8X{HDc1KUpAJc@emtt>%)LHKc`JUD1|@X;q{?tZ_qprHN5>P(8SK
z7TahsCDe{aI|F;Pcd1o(v?=)&XNE*`NtXW3mNMtgj@>T}6V~MP3DM7`tPI2{zu>#_
zxka~L&032UyBpw#|GMGz<h0fK6!Xuu(D;|d!wsH|(}=u-@VG+gs9tmC##v3Ox>wB&
z5uIeJtm-B_&zekGV?RV))la0L{3ya!)SflbnNC!-n&X95nMZ__ZB3<D4EK|vpA~YJ
z7s<-<q#0D)e3Mr#wNYA)&dj|bcy<t9X|uNX5JR2mT9FAD(v`U0X@z=rx`qoox)aNL
z!t;w6j8p(#Y+@W4xtT4TZI|Zy0WYp}MEHBEg54%w;44P_B4iV-E?x~W1oc4gTv`0M
zt~n^rSAF6Z*Yo7Bv-?qB(kI)yZB3mK^2~NGbuB_F`>BWRN2rCtJ>}xOTY^$HSME~3
zPFlgliAcFeGQr@J#>HZkwN{UPyJ|Kup3rKQ)B70SIbmQ|GI7D-JHH;(tkM6n*Pb=k
zIhO28dO!D9uiAh-!tbhGdg2s>m)LYakOPXzZ?^g=lZ#4@Tk@#jyEiM=;XN^Pg8DwU
zLN0d+y%(KT7c$DPuuxY{%#8y4XAj$hydr5L6((t0NjoPEj2wq@;hWdnuI?X49G&#H
zSS4xhWkT){lk=u8y@<h5;M6NGV_hXc5@p*y$i(k9NU}K4L6#rmWDa=}UFc_Mgp&vU
zGFG;VN3kVeRvn*Cj~R~ape&&IyY=;iUX`xA9i8$T3JT<ebbQI=UVFJ`?}s0T8ydA5
z2dfP%sYPZQdOXm$wV==Zp%py%*$~HSqf%gTj+of=s3#1uv0j0-psJE|Bl%a%HTG-S
zm7k=y56SV4ee;=Z8w~+;a>!z5Sw!{i+vgYF*W?#BU7Y;(Gj}xTjiYh*);yKwe$?ti
zria&3cdV4T3DaMeMQ*4GjhC`cHP}0*tlu@Bxs{X<3-|W0E`z^=StqU2@L8jBO2cWY
zM7$S^&7#7HR2IArOdk)wH-#WsvdK9ogoICy;o%yBI@Bty;f<HFz1Lp?18;lVTFeA3
zC!F+d7T^#%n$)Kcx#tB6b+VERUp-StlJpsMGn+*-rigpJ3_)E@W*^u^*-vul+%6aD
zOew_toIk1QmDkr5#)(Q$LiEwf_;mht!DBf^%=|n*>I{@Qn!V_ymonZ%tvQXSmdMXK
zuKB=x=p?y@4xjYbA5~S${(KapY4A60N~1tlH{RDFIk&0O^)Twrk8TQKYP7Lt>1$E5
zjiB|QzdDtLTedAdQe7!$rnZ=+->;FNX*n$>Hn^jhF$zW^QSeOZ?U|#}_G_nQ3LmbO
zrQ6?){BEK@=6?mj(mM5xHVzj8E<;WZM>C96_ixj^&)ZjsD=C%##!Pj%O>9M9Fs=P;
zTf3<(`!A%V857s^@u7g{w{sK{N^mmT>FpP57TbG0d2#qH(nWw-3kySW+FEnYjV6-2
zhh~veGFSEq=h2S-2TkwunzW<Ddf%Q7g(mZ!jb#2pW^ry*TMS~jr;$o6-SL*<)`Co8
zu<_A#!@gQwF7&Rb_d!IFag@^!jws5Wds-wAE01zUzZX1EMn1)_I0T6>U;HYXYRlFp
ze8L<#UU2!AJV7j2+>&z={U>R(k@aiKs>o&37lRL1`@Ay}kPXE9bn&D<F9I#=nCSkZ
zS6pgUC<9m|%~;;IqoR>YT`#@;716qA=eV@L)4fkT@43OF)eDY+9Rw!|7Hr<#%oM5j
zjS+q`sq}k9VbY*Ly+UYzY6N<8Qmnz`>mL-xeaZ*v*;;gDk<5<n3t-s|I@}Y9x}psa
z3T(t>PmpaI_#HsbvRk57hGU>_;}8`V^k4rc`T85Y<5K;#JaO5MmEM$ExGVe_ucqMv
zA4D?z;7H^&xj(N-zc!II!rKT-uKYuVdZT1bGY3yj1|LKT$$|j6(`$+BwlRi4*ze<~
z8I=*}6U0bVj!{vVoJlW{GFnde+|eF1X7`V(J!*jV+l!vpB#TFVtL_{OIGr8-G&EG|
zP72|YYa(2;npT6g`|r1_=|clE#YNRoJJ7?<Fr*y$eWjl{cFI;;{Sq+srYGIk3nz-i
zQE7dD@WU=*2;x#`s@QdzqU%03X$^Y8LoNc;tt$7B>_5TOkj?G1-aMc-cg$@i-E`0Q
zd5@4GzZkbwCk(kbe1Iw?(0%s~TQ!j<g5G^w$=X|4KR^L>TPR>XSQ+g_P&v67mp+u<
zjL52ZWTEBi8n|!*AG(8HqcqLv4s%<_7{np%FLM7aPr}1A=8ir!HxbzZNwav239`(Y
zqU5&}jUtXr0`JGd@@{N|N9_g@RvRy=w9DM8kbXYL4;V&tuJkWTWpfMLs;mZ(R9*)Q
zVoo3C-X{s%N;z%*)JPIq5~yozZ{+uA)ePfWxmNwI*?60Dk*8SuX8PU5W_VOb+17Ra
zlH~@@AvD#dNiVI;=mc3~dl6a)FOo52@bbsM80}j**>(?RQ$}&I_gCIFa5U-HT<A16
z@@JEmNC(0;%j$a*(uKqhDHEhDc*!{Em68Roq-lI^{60l^0-yWy1<6<9gi0>ciYN08
ze|H+<hlaQak`FuHz$#z#H*qhY&*;~$eB89MDWK1`E#*(Z)HLM+c!V&>x|^VJy{Rv1
zAVa5<z%;t%&1;_3{?u&}I-_rA?k63lW*Q61B;@3G$%{P1q@Fd|xY>w3W<qfpg9%vS
zI)a!{iPb6fgz7XtgI}E|^BLvuG^Xb*=dg%+ZMrsHXhz4ZA3qPU+6%#xb^U?xw6Fip
zz1E*<UwvEsoO^}X@=5zF5~>`j{v<_|Yr6+Ak;=bg?tUEUL*SjZ{b$Kf<nP&=Dvl`6
zV#OuDVYm8aS#5~mSK(V5tvTmOZECr2iYv}n2ISLr6X9N#0|Wb|PH9t|*9nWB?$ba$
zc&oq|DTZNtZN&y3^6z*w=hgPRXdx)Akrmtt&mAb}j9OR_Pt`M{xl?wIVIak~+dx&O
z1!xJygFnm1Zd>7(Wu6-d<Hb!B1qXgyLlkP8W&bP4*)s05^)Ja3sN0J~kN>gIbl}$W
zR(MhybtKoJQ-54jtsxr+O#Op{gFp3stb*R>N!?z>Fgf04SyzN+DM6L1^YnV@DQ=BU
z=QiLXn+5}t#?72TJ3lVpi`H0}t8WPuHv5fDXKEp)%1r~xe*>G8%HQeR>&~G3bnhfh
zEiHB?CV%XQ^eO<X6*1+yEZa!VKoukxayccf#6Gbfj771)9a`uA$|*hjMg%$cUsXkZ
zmuT8tyxA{vMWw~o#PIT!)_GSb%TP7_+UNH#W`iF{lNR(xQ*6JtP(tP~(4{qy`vitH
z8oBKS8X)^vQ=BH1%s5Yx64leQZ^nnmTFDFNd~Q=EuaC5T_4H((AKs#{`~UpOLAyXK
zEs<IGRCndU7B%no=Ct_;K>BsVIJ@8deSLYrL!#LcMpp2;!YnHtogV=E(jl+Y*|mzf
z&t#AvFFIljFFgAD{<@KW^%tk9mR)IDLCPatGxcw0txZ)>n6Zd^Zk6S=Ct`!y(Wi;J
zJ@<ajW)H!T4Q}xE&X;+UTAlSZ;RFZB*eRHeK8_X=Kt?No$rs~KmAM<=ZbIvTZRlvy
zB3%Qx8dYasatQ1Ink7F~%mqJB{J{)&7e1K>ZGWS%LCS3Ry`^A*+mD<k(G)`s+WNiX
z5X2gpr{JnG(t4yRaaF}D&WMUnDW%r)riX-D{J_|)EoHV5nxb*NYw({0rJ9uDvh&zf
zwpsFzbcuZyCkhBVo9vE;y{P2FxLW<2c6kK)?7o)*b^*j5A~wc#ZjSrIfq_6-b?z01
zz!#rlU=fN0Cwni`408yJTZ0!SZ_vZMlp|;N`DC%*<CsRe`Q|9q##E!~xa*@baS$!W
z*kys=H-uUW$M;OeO!o{M7rpw6L-A8BrREF|DG46qJ3*w?Y<AcCZXsIPH^OW|%zWq3
zOmvNti9vn=wBHVpuF2Z;i9%MZVor;%8_xV%rC#Q&tDuZl!?)sUo`7+W5#BK0GQk}M
zd=U~jL0;*pbvVBTw4x<C=W^KV^8$ZqDBkyt1mwIXwJGGUcHL+{ve<+$e`Z+%6loK6
zKVkzobgowU^#-++cLOfI>sCo^@rdp3Z^wYd$^i24xFBO-q3>ndRdr!~7gK-P@(qp8
z79W#D;3i^|HukZb)s8dn@(sTm)k`7>N_5FF6hJS{620mO%3p<>;x0QWxY)uTC(q(I
zbY5!fcBiDb0Cr<NPRHmU{Ogu}flr35FppKt0{1&55m~`HsuT(4bOBDA%5stQfc_EI
zmnoK$k_kT+s^0aI7;OQw0I+2U#!^k^jc2VCmHEx=Z563_mPPo2joz5(k|v$-2jBPg
ze+3t`gMzMiSHe51yPE{svn$K&K5itUpD!>9M+gLNlbkN%s9>8sxv&YCjcUt5SzE1z
zApp2wQZ+Ttbhn_&>@2u(nwnGj!&9qhDiQ4-2eeT&!uE^uOr<%21dy$NW{!S8di>$)
z%-;5TBVep4*SgV?{mH#dO&ILbNpCu3H^%LFRHpzKqo#z$d`Wbj7`%=&+*cDV<p0uE
zIPW%|QV)<^YWHYl(wgE${qn9Et$v}$tp@{Y&HsPG6`FMbwg+`U$5bPVF`fX~{}t{o
zK-L?827}i-+qo}>K3xYc0-g+klfr0*+MiOkz~)_9w9`1~KBzfm^1o}~`?WfCD&I^3
zm@Z|IXUf<Z&JPb>Ke*NgT;E8UEKb}^t}+E~T)=jTlFq+PQBneThHONon{*_h8LRgP
zE-C4FhT^(6T@Untd7=WR1tFLqgh;dD;0aN!w9~HHM=Ee%MS{xrFFTn3?8lmmeNF&)
zPw!;*L6YEnO@_<E6GBl3jZAvMX3ulpxM#XU2@kAZZ~d*E<4RNQS|p{SQUd9|4B&s!
z1YR{OV72&3?DzfKV-uQ8cf_#~L|^pN=J-#;#i{#|SGn6!Qfd?=+=GXPG@IH%;|`{C
z8O#)9o2HH@!VZp(ksDt+t1ERtl^FFp=f6os%fM+c0IY`0n9n{GJpHgf@c7d9`mfkm
zc@Ce@e52D^bv5iKt}J_#wbL7eVm6uqn-wxovHk%y^@qvRO2~vkV0Bak+zt_nRH|H1
zQ1Gkd)t;RDUMo)I^Q2zum3=dsD40s&aq#+3oQ)G=x=xTUZh!XN^iU>@T_e_gR;#PL
zv!$sOS{4t)^{k)S_S;TRSXk5nlWqlmn3Dd>2H}Qn%X}{CF^XxtIF?tzYWeChqHzU!
z9h$;bn$H`~JQsf^zMcBG&Ocg8Yll=+nl-8L_tK^ueesHK%Agr#ZG3<>LxC!UM<|b7
zjkzYT>arHUCkI7v+Z7EZ!DYLwUXMP_t3)`g|7;Fbao4W6@OKAum}YO7#z>9EJ-M38
z1_AmLZSyfqzU0wWm`959^Us<uOY)0)a5mhXlZI@Q^7K!qtu|ft%~gN%+n7RSnG0SQ
z)R7vl(1$%6R;hhArHORP4)O<92>7D`j?LW}6x8W>NHVNoB85p=JO9go;;0=I<KCn0
zo|oC*mftvS{CNN&ANKtvv|UEPiyO!FT7wM~c@x5P$I>cSH0&2wi+jIwe-E2j@yv#h
z439hi$LmSRW<TR}h91ywr0^^`;SIAc3oRstgT?9ToH7n2c(jq1A-~2v^oH%E^|7@q
z3F%jWLS(5dy@hNZ7JH}pwuhJ0u=KwgLa3GZBSn$s;2|#KoL{{!&Qfa`AJXdkBrV7T
zUL0hFgpZc0;MrEjDN0lrb0se&t3>M#rQmBj9ZA)lH5xui#Ior3<vsl{KiySeRR3Qd
zB43Nz)nxd7q06m<YCS;|Oe=-$J`jy4FiNsP+M+20=hOqx({9;<;MD1GE$M($dZ<+q
z5;md-P)L3oWj8Qv5CPRf+hnFVTG<A~Hqy19MLGL}qREzY=;((*z+G8$E{_ZW&@d|?
z?|J=*->MFvkG9~t%tF8V&k1oywd<K40hth)hL0%qeJIeOmY@0}r97fQQl#;3ILgnL
z8J97k4fSs9-=Vwv{@^8cKx?U3k@r&PRs(mn8sBgRBRI`mkU7bZg`=DRZj~uhHIzs6
zQ$s7BYm{=Yq%(*+rF`Ymm(#jACW-XAw%Z)8;+q|-Q!*jLP5>EjM&Y+06IITQk&mUt
zMhsDE;pMHgTu+#+A%e(XPrB@6SuoC1Vm1ZB^yU#(gI~adIyi~HQ0})>3JeYODZMHe
z_1zDC=yWva?iRk{;wHaXRoxu&KW)wcw8LQ6u3A=h7YV3bM6l6RKRxg?{OQ`h?Q+Xg
zRUhM=B^$s~Kt&9UVAj-}#^(WN#qU#-k*8Hl8<z~VAx@9F2s3nENIbnsbz&bqPKE23
zX~O8E!nPEJJ^ZjGr&IHK4VlC_U7~(9UN?Hoq$3QjYCcj_*PrU{|7b9dp5VNgSJsh=
zb+yp*fE$Qp-O%!-4r&nb;P{!m047g~n-NO)Z(D}4xUUlg-+#{je{Lj{!c)oVY|fLA
zVde!cfw88j(I4Gn`VEKpvmHPpbPu=nuT*8&8%8VkC0+5VChbdV7plMV<O=nLW9QR|
zo3R4CgQdj8Za1y8a_pLut&AjZI29R18Yzt!4~)(2KeB+%y<W~ac;fdJYd?2kc%%CH
zb<hV#Lr?o3(L}Io27X(2dcRY_Bu4mZg2lfYyZD%`5Awc*-{J1uF6pMQaMNMY_yYFJ
zEC+{=jeb7K{IYghv$D#ivU9d<x44Th8gACl!}+)H_a!K=yll2v(2IKg{j^=@a^-sP
z-|RK3e9Qq7q$XGqU?<zgZJhFC7dnMnq~9k`VSz{MEO|?^a9#*$mn2wBZ<pvYZ`^+B
zCt_lnV?AUsIp7p3)tPdByZd5iMJe`4fBD>_heO7}QNuKkutQ5;0DOu1sSSy*6}pr<
z4B2BWd-pc1<b|75!-@;TJuuC)ZZMNAx<SS-!(X~Q`vx!p=W}Qx#_q0yd|+q^H>ySp
z0^ia10o93=&T{zJlyI;1k!Q~~>yMKU?YP}R!47dqF8zPCHypkF?U=H;W)6(tN_-{o
z*zoe^`3i~UE<&m(&Z$P@jc=DpAU)wGYHaG6W^F?v@gS99A;-u1Fw+HfJ3|(<#s#0r
zOFaA<#+NZvG3eGnRnT~lfmixsswoyhR)?dt=d%4cRots@i7Ku>-?EbreH%EUvUC{d
z*)U;&VYN3|Fa;9Ceh>5XO!gMG<SC_B{Z6gt>0`I)i$hYC1$Moc0F%#+vqT9R@FR+G
zx4$3+D!(5%r_>^)P@>Bod9e!D_BoHk%P)V#HqZ@?F?hs>TsV&K%UXcNco{1K;BwNG
zJ4Neq(px1`@1L{{A6JmUfYiJv+p=zgPpM#x`L8pNswrTg#_XOn<Am%zW~_MMF^~;w
zo}YSH4VF<N4ba1PB)+3{t(C|r;HP>f-J-)2bg#~&h}D`CFa%Yjd(sxtEs5YAtCjU*
zvK@_bJV8HfBgW8XFf6gn{u61{F&W&rp8Ni*Ah&s@cBhr}hObKVK}it4hR>@?$tiqH
z!N;KJap>blC%J!XU}G17I}T<Z3s}OmlAu)zGXI>SpzUqh`GKf@&B#12b{762F2hP&
zDTm78_4U46_0)O_n=u^uYpYKrjvtvb@7%eYjQ$@1_rNt!Lg$Y@Cz9$`-iOB9yoEnf
z-<87B?Ay)!_M4)>;gC3qS7szVPgsKz%mHppy%*QHh7s8WIA7Hx-(7oZNA7-P{lLG&
z4AI}ULO<|^!5x*fC~pdu-X`>l-g=xmT^~|vk(Lh=ayikKXc`ZdZZoz)D!Ph5=E|G%
z1VC8ye~$%eJPe6I7)eo4{E3E2$116Ap=e)mETx<|wPXxTSyCasZ#%>6IUzp<`+NGV
z8#p!IBpAl4rx_nXD*0XmVS<CTgrTaW;&|2Y6@u2`44R>6$wJ1V9iLS+lYQ=-K0<^W
zXUr;N2G($*JANjQq(_X)L$f9S{ff~Hc$7B8+isAG&G_Uyrr~2f<=-#{9w?QcQU_o}
z<%AfG{_M7Qap`*G?r8W>5`n9eL2Iz04$3+qCiu$94<m6fY)A(9Hv5z02R8kIj>RJh
z1_XSosDdN%1RqlWFCW{2MWo_q585GuV}@K10EZA96lD&g8pI<ie}I9d^}6fTJ4^Pg
zn?EM^zF}a|qUC*_fTC?Ke|9*gyfZl4Tf7;E-<;ooas8H$DVQ0LAAzC;!NzamqJ-!G
zE;-|u)Kpa<><6psw!E@rLZ^6vRnMQD*3R3B9?M^iQ9>d$IyxF@Jz9vCU-hDah!Xuy
zE?cIh4hvK(P=2bG#&RRYMZ^};0#djIN-?Yx7wtS4AkfSOvMLV-&>?wX5oj%;tk(V9
z@+L|`A%<1eUtPD)!IB4e!nftS{Sxv`*XNNYFAtg{Y{P+omSWwibzr$gN9RDq+!xq(
zeWhEmc=`B1qLDU18pO-Vk-%3^JlE&T2f0uBzY)<wYiCp9mbADN$t^%H1crjoD9=Mx
z4;Ru#EftgDJk=4f*%#k<3=i7}^$>i0>9NoT-hzSxeoz<@MD$0q@nfwpFkgJ8%|vhK
zITz3#Y*}-R<jhd?`jYN-LItYj{nqeOus9@f1)u{7oX7m{{v>!>&TE){1KpMo)<R+I
zDU&RO$OD0u0k9o^2?9An+Lr^AAF)b}n_qf{V<OHgd8*&f>X9ZSBq)Ng?#XLV=Z4O4
z85@IWAfW{`Yz21gO#DB90KAyS(Ijk;Sc`YQxYpd8BJwC*|4V!G?KJ{OlG$e%4yUs&
h!^~0Qi;h^=QogSwNgF8Ax9@;2CFo1}QdtxK{{#8joels1

literal 27848
zcmdqIcUV)+*ER}>f?%PeAYG*Q-aCN+NgyF4C?cUI^qSBSMd=C>P?TPzNk^rlf;0tb
zA|OQs1r(5?bohp+yx;FV*QwVzf1Go;D4U%<Ypq!`bFW$VnjM3HLC(@~&{0rOoHaJm
zx1gY)ECoN`X-|PWr{a8qz#mFq3y3a7dEcc)3X0Qb{R}XE?j$F?n<IswoZjD8g0j*s
zp1yv9a{7X@vUXlxk`8z~XCFIvUr7%~KX40t?(XS;cfvb5{QZoqw5*JTw2FkRG)h`g
zP)<i)4*ZgpkyMaTw*LEhJ7-6ae*`K>N&^AHR(KBwPogilgrUGM8EJ4^P8VE(4;1D9
zz9cEii-0>iUS4jFR*pCmJkV~aAg3fLrwDEfn;4<YOa*22z_lCR)e-!GING~<9yif*
z@$qyAcMMhJB&8+g6_k`Dm5=R4+Bw<z;QvF)@l8iRJLkVU65!^EP*N~=G;sH{Qgk<j
z`Y7Omg5zfb9DRK8o*sWcCZixJE2;AL2Y!KGj(^{Ea16lP1D&#hat6Sc|2Pe_#sA}`
zfB-o;CvReqHw58r?k#I&CykT%TZo4pF!nEZBY>wQWd0VSfcA30DVoU}BBW&;tpW|q
zkT{~O3DQB<8iVw(^s%rru|^mZ9qoxwoU<O3=<bddlm#9%gnBt6u!;^Y2CmMEzA{K}
zWrU@Xf?p5;I8E12U)Mt~P}V~RuB`7R?@3UE>U!f`l!!PY)=JOL$3K90>>M{250bwQ
z4l5HF7-S4}vV!>Nn<9u%k|D%g##zqOQU&Ragb-j5Qx_|OwIa+|5lRX)$Dv$I6y2<S
z{p|G2fe;6*EXG3L$PA$y=q2M0RJ#Ppo7yYl^$5NJDuzUNv^hf873=A4XNXtE>A3=J
zUMl`}dMJ6gydKiU4UU%cR*^NZ&~=m7MJgx+NUIpx`T9elNDFry%2Phb-BeKpW`#fp
zA>@H<2R}KuoPrX#LV1H<28wWHc`IiE#sd$NmP7gA1Koq1u!j2P1V<7|$;5@IqX+ks
zHZl%`1i}LBNV0)JatNHcA<n`Ms%T(|vv4uMO2eIyhI$Gp6?;s8i9vvui5&qWD{t?m
zC=Df`l@K0=N>)%sD8$g!0rVBAVvcon_X>o#m?)bd5mw50xR*KHM9;+&?_?sYjJNlc
zbvBp5sQBo)I9nOI`D4rt?R}Ijob^@o6!ma={w`jS020*IFaTm9Z)R`er2}Nj1*wqC
zNhmm68RKA~j3Sv@$oUfp?nb&Qfl8jH7H;}p5CdNmH(gm>l7oS)p{aqio0Wr%qFw;n
z9<EH#bCYv|D*2*xR8aDcK{#a<KN(#kxEo%Upsy<pBM_xwfo|4LCVFNLfdpl|(ecz!
zvhX7qkqq5D4RBZ$7iA(w4yj}2X+iYzG{za3`gr1rrdTU^18I9D4+Vs?nV*3oK~~2{
z*~8h@+=S?i_l5$aoqT;A9L?OoqR}<=Lc$49b12jy&{QeNQ5NQDjzpQ5%6K?P>+AYi
zVw8;K{FFWQ0{ractzBJ>G0JFHXBQlh;X%Ng$hkS|$QlDF7C0{`!pPX$T?Xo4i8Zsc
zv(xd%>9|A9bOM|dAReB|x(*0O6ReAetiGF_os)~5gDw$^Qc#h$^LI4S$3mPvWet#y
z26{wgccdA_%2|gbXCf1%=wxiEh|$+KaC7z{nG&28p~et9dmTATZ&REr8jI8+x+q#(
z_>(-nbj@}3U0^}p=I%~NZwn)QAh5~J32&+3?<Qxi=ZAMSGJ?RQ1Lbw}t$^vKW&!Rp
z&i3w>dj4>Gh!@@t<?id|8zfEi*75f;L>v1k7#SJ+dtw5E0-cEgy7F*cya&|K%N6E@
zITq}IQglSY3=HJ-EuCOMoV~BSTOgKTtfS)U?%?Q#M|yi>bahFlIxq(#BSUX5V}z`?
zfq|k9M9B>9?{DQ}3iGv72FuLfTaSPyxas@JDOy|086lnI4U`BT`Y?w;3myAFu-4GJ
zo+v+qAP-9gZ+9<qy}#x#@CQLY$lOy_#To%8KwwCegAv3^-&Duk1ZxcDvza{x>22wA
zY?qx~kS~#BZf$3Y0080!Lz%;@f~3veJiHu?EG>;xuvT~z7g;wF%-2-`q3dXe^LE4A
zfp$89&W6rr9#|;S9`595q~PglVCfkEF^~om)WaHPDX-_{Kr(cfS3tSBT0&&)JzZQB
z;YzL;Lz4iMiVp%N?}3z6Bue|^mCbcjJoGGq%g|_fId^v@Kcc6jr@STHA;8&F8bPp7
zvLd>Bo9SD*1qOj2rfX#+uVjh^$Y3b1WDovF$Ux+M3E)E46YJ)SmP32EOPitOz~_D*
zp03U)Lq8oi0>((%%Fq>uHMI8g@<RIS+JOd!2EI61d2c@_g#ZE}5NBfP=Y+)hS_fG<
zItE&KTS~)^fzC%x#?`~r8m(YSvJbL`xm!3AA+jh%02I0y92x`jb41Hq=qjTWh>C%(
zFe3|dA0t;oxGr2p#Y11ln`kKu^E0utgITHIRFM97l$^Jol>*U94(em>14ZMY&Oi<n
z@9S;qql7Vo5_LRC1{MTwh(E9nYb@`542Mc6D_I=?i9Q5hxQZPPV<;EsFOLdRPzLc<
z*TaaYLeO=PmL|djd}aLnjEu4N3eI-+BoBXkxVycA=`s3PJGv3=<(wQ`i3ry~3tbm;
zYaN_78Y`oVGIFy#4&2HpcMt(}Epae+n3KLI+Stz0R5r*8=|S{VaswZD8#&?Sl?-+L
zWpF0S(xz}%8ML%CT*(@Zk#>ieBTOMOZsxLJ&FK1?;XR$*2`ca)ABdheNnT$`0o--+
z0!9QXV08=~WQoeM`Xrp26UM>U2n2gwxIMTH{>lL8vsAQFc61^IC<Vy)IZI;{bQBE;
z@(M%;QzJYHJmMxpkn;&rbU?Z&19>{i$3a#O$T0jjI{y`_!T<m4eB=z=Y*_p$D0nH1
z^>t9B>&qE5Bo@oj&hrd|w3jb$idqIiD9v>Ybf{6(I@CWSwqM6>@>fs|_Qugg#ui~H
zI;;?t5wVdGwE973HHL3rzJFhrciLBSy6l0Y(xb^oWB8*$Zl3Oy&%yl%8ERXt->2l{
zPWpf^+PefQXQe~f(-vDj5y;mC!+_^Yy9i3!h=`rjENAF)yGlliaCh$(yZs1$=UEvg
zAx=?cvD$o#C)_BestQ%_C>C38O(s!%rJ!V})S^7J3tC(-SFH+U?vVE|eX$kVcbK7A
zbeBPlJfo7U`e!6<_~qyjg9usN{1SB;G{QjaPYt}dhk260ZgEaOnhdSH+L@TUewM=`
zCSAeu<Ly~q3M%xK`(6tS9joKU#3q%Io=NFv%RpQ?cA|!}F3kTzt|<A^u`pOfUTH#&
zvqhs+OKp&qDPF4`T5vV&=bsC87v*4%62j-GcyG{9{SboZ-fh{>;%dM(Xlj?C8mMsv
zOuVtTA`)n|%Qk(lv_l220y84O<BI$gRfGMHfG#&av?yh+GVP~migu`$vu+uxIto)v
z9X-o?Lx74w?BL1iDvNHm|8+sCY+3t<H1c02PnNTV9e6R;xeX)C<L)MAWgFA84~9b$
z@^9xmjJD<p2xz3HWvwn>3ViiGd^P`hzsBmW%UXWS@Wz*Ov!3NYMlQ;^{Q30-weh^C
ze*CMZrHJj6e|c`-OnwAo1ZMFr2d*Gl0vNBI5xbEe_U-k_bQw3{sHoetl%$|xmvl8k
zKJHbrDUx3w+LyFspTnW<&k?HXAIp%p`OcI>)0b^><Yg5DUo;tZi=Sddw`}v)nSZ*J
zeXe6tD7^SIo3y5~tO^?s-2QsVP050M#I(%U_Ewc89N&)HZ$eOUuu}TY7u;@t?}>$J
z<kO+?_m7KhdQ&&o=8SXCNeUd9#<rx7ltKiY-WQ%yaBXNenlkWwUJvn!F7vx^fwG7R
zSHR-{{Qewxo5El8up@nSam>47V4LzFilO^F+nsyp^8C@=tvsZ2|3Ldm`r_cdyG6*y
z!7;sS1GO-&d%Y2MIXV1vOCwcz3`&|=QL8Zl%ldPQ`EXB0u6jtoy72qQ3?eEty%DNs
zFC>&iVer(0dJ6xJ>=Nc$Y`QYltR9o(;XW{a;APl>u#CzhrsN0stuJqev+|1XX%;#+
z_%VJD9<Nz{9zNgVCuHC<D4TyRIzMP*{7BcK;A`85Dgs;SAKTD8d-|SIkD<b|2fIHi
zdgveSn}UAP=#-(T&LF(E=9Ll=<BFcJ@a0L9Ek#$u((t2<290gr_XnHE^j|$~*Nj<x
zZmN=gzKl*MsURd3SAx-jF|7Qh6e^PuPVZQ-tip(hpPLQ3(c~V=vsD(S5qD=VsU(Cu
zXEJcrXB(LWG>LcNs#jeuWx$&*^OwL|ubLUW*6o<yZ+_v{*2FIs*gj`g*0hZ6cK@cx
zfL)Z9ra}mUDc$v7u0UOb7T*6;nlJe3sjBABo|j*nOJW^+qnk@xw|KI5OwtB=H8NR(
z&8OO9-;;$LDk%;bIe$RAW>7>nBTrn%e6!<;R58mQ!4w9uj8k{|j%U(||C&jO9h0jy
z$<w`aA~x5!FLrl8nS>9uq>jAj-gL7xp5yXyq-}s)3ydLO#;os^&BgFqq-%^yaaja>
zv2q=q)fD6Ej2|!ILlaI1NuB@SUT^=8E!_VuX!Ord!)LZ!h9_@DqW*;?F9Eg3ihY^J
z%Prf3ER$`_;-+6tZCt4G|0ygwoy|us!Vak$zG7maxEaB0r0f?xOI*%Zn|i|W>$!#k
zZIx^k=R5oMv4qy4s*0BUx6PS`evaHP+L#z<g((wDa9VpQCF%nSJ<nT&vfYDS&)^*C
zlpgj*|99AB&2^OAYU5z|kU$YPT#yG@Z2xA)GW1era%xLua(ulG7fr5czvQC{!Tba6
z(KOQM7$_+Bm}i=o{=s!KW^?0VKJ*`+@C82F2nt$ECPjPCx}-jhHU+hI+aWbC`p=e3
z5G@q|;#47us_G{C0ZJg^80(|S2chxYkrW_Q%%9dS6JOQ!18pd%f5Itnj^R9ccR?H8
z8-V~Jdm9<JK$~OD5ty;*&i_xUg53C6hL!jDtemduFM5_+{o&=RbTy)60*6BE6|;1G
zy}Re?+&by!z!&CY&;<}~K<{~JuhsiR;cz%%Vd3c4Z{CQ=$Ry?F<%wu$WK`GGbW9t>
zvDJx7M3WtDXx``m=kY4t9LR$V{T!<i5fkhEZQ$i4-MqV0D(~3CV)8W-gB=f*=00}u
zAz#~oWp}cmh@9NeZ#yF+TAL=)z@RxR@f0p9=`Yoa{Ji(de==F>l)1@k53n8&+5JD|
z`3pUg=B({>_MFF3+>9df#QM(7{nRR5wKQINC7XSgMzn#Nig(71s)_jfXHEa$Y)70#
ztCgczRYPXzEy)bC!hHHP5y3S&8<=T9ZHgZh{yzKNrmLUC28T^+K!(TXF225DDMTd&
zt0?MzWaKSj<$UR=+cZeh03tS;?kP@&kp-J8%qnFWp9^L6{SysY1-&*kXzTXP5ELkl
zFMY%kzOCNDqXPe)D1?};cZd}=kLTxqBO=a^+Gn@Ed|OxdR<W1SeTD*Eos-2kUPa<&
zs%}ia47>GdZM3>tMC>bvV}Y~z?#P)QqxboxR)dRB9}dTSM~j&Cj$$`*GU_=&qy&*C
z&q^oiQ1Xi2{&=pMQ20)2wbaF93Z6PyeC}grd9lHgq4h|+K(rl!DmIFh<PzcMYq@&$
zhk%;c<7DP?#NZAKwBe!dY3Jl3+<RG6osMA1$I9I39xt$XA|g_$rAGq`@j+Fy3;5}8
z0)Bp5BBHj<XUOHKNT_A}fWeb>POq`i@}Vf?X}?1he}+cTO@e&6slPSqX|<)vH!GIu
zTR@C<CJ-~Pp=~OL?%e7an*MPfVcla{g2@xNEHY1xq<idqT2gF-BSSMJ5yqopVvrY$
zc%xXi@LYA?Tjj6y2nX#&-Z-jOL8IZh&$NE#&c#_3K__ETE!KEP4VhnMa*%%H=amO6
z$SbicAulOerMU3f3N9RA$<u+RJKqG6F_u3o_FR5!H5Q{cN_30L0@{~VjcJIN3K~_F
za(17&TE7qZL{G)bz)SV;M+l8OUDa$^Q<m1WesQ-|abJdlaFff!RSg;A7%^jfEwPuc
zs^Vke9@mvBIw#<#hc_v{sU9`oc!}{|+Fm*zmiOToLy0fM|0oz&ovfzxlU-zkE3<jR
zA@$WIFmVNFZ<He;lU`NUH492~qL=jR(k+pr%*?4%b!!w+?DPeDLABC3{?ezx`neCR
zFV1r>!noVMNQ3dHLJ}s1El25@)27x##YfyNZ!JBqg%7*nK1-jaHZ`X3%?NsN;R+g`
zHiYkPCl7y%QIlwfkhAEMrLGq)Ypv#Jer=ptWZ!x9dW-jl9_VPTcZnUYqg7rq6IMN<
zNmfexxgV-!S!{cAY0^@Uvm%ELnA^+HcI|0G=^5tIis|bnFGk9>1$$UW3x%$f&wq}g
zRwb@e`L7VOVxHZ`1B3`Ve)z2AoA#w!Rkr369uh@fUiTF>WV|IFEn;iE=M{qjUVpvv
zoT>081?_?kuvZavmbsL8H&ll!%eB-@N*vMKt+zJ3J5b10$#MmZy~}Z@6y?vdmeORk
zOfV*~PTQ^xJ>_(1dzU#*I$L*)@OLQUSih<MUXewWt+-8hF$Sae2}xSv+nl(9u%_Ho
z43(EC*~H%YFHJfXVJypSGMDOVkK{K0xM}JO{pr*z8@^{X41$3`8!oCI);w{BRV>Ud
z7ew~i7w0ODmf&jvIPnuDJe5V1)MbVd9dy9O6&FR(FO-V;r`jie-rQXZ#tm{je>P!e
zE*LxbimOvx0xk3>D<|~o?84`&xb}+ix0F;++Fx>7y(kf5urTs^>Uu>)aE-p0GBCEp
z(i~jJScLkcyX^Ee^Y35nJ?G9TO&f~3P;vOnsyB9ISLy{*Ye&jzoR}rw9o^TrM((K(
z&(KmmvZ`5ly{NC+awJc#xSl@l=R5V7Hs4Jfbn{Nr7o5Mwp6WqefD&s0-O~oe@z(Li
z9R?fY7U=tl5%zo7>Jm&90w7+V;npx(X%I2KMtyh~s>K>7GOPS5xgB(|!KBTr3b)~T
ztyO2=D7UQ4tz^2Supo=ID;U+N#FaZU!%HB+-9<4)*}v|ycEqL~Du&f$tgH-Pn-tc=
zGi--baiR|eSCsq)le70Vf$tA(=?WRdx<kT-R&ux?U<DFVLy*6!nx8JT*?OaDj4ew(
zW?M*BV9d)}Y@2Szvfj&%Rp{N-dW~SBcA$oFshXrcu;BWgsRUO#X<xo^P%TZyRPCfO
zBNq`rWoBs$tZ(%kBf)eq>kQMH_jeJG(bJ5KAKk7+#dhd_#@%G?Agpay6#IX7`jkia
zi&X9F+jO_in_R=K@oo7u8(8j~i-pW$-TNCt%nP5UhEm9x24n&`k4~Y-0`Wz+<u|Oe
zrl!K?>CoN&!R`~z!ph<gONO6m7l@I6jpwp<^x*Hs40ylHCS0TxyG~EI^l;k$c0KH(
z%}^}aA#8T+vTERhc!oy6%^ph$Ge=J`;{wsQ(R*xEp}(3f*kOW$V_(@9-wkY_o<l`S
zP&MKmDesTE*U(Mc8;xC5?|GKTZbh(GoK%=2Uxz&Wv0msFRF(X$zvrc)bD~Z5hLGf7
z!G;K`Iz-+eEhcwiFbPDXBFWi~*_322gIeO^HCdbZ*308!Huaaur53S~dh}x4Z-8v_
zb%$8K8GVLIm+B;r&Yd7GyYdaw30a(=(vkHyh1u`Rf|(|Tb09L#53(lFGB8@+j%A_G
ztBgj_Niga1<-9^EUycURun2+B5ykv+a^mJu^7x$nV@ydH1eJ0}C!~`h+i{!<BAi-#
ztbu$m)NbhI;Ab8yY8j8~(U19lf$f~RB*N!0*!@ZpQ|g%ia@_WwDEi?Kx69}in=gJJ
z0L-SOCttaJMML3%Y=sk3D<n3H)EDV@uzR+r-usr1Pc-RdmG-MhR1rdl&tV_-?0)49
zy3^-#Dx(?rNQ_AaMJ{Xn<-@)Tx5&NLYgCrLNyYO~>wg4qbhzpyDAhJ4K2aaV%2r#*
zdBuymcF?1G<K79cxQvESmysljau#ZT7)c%JmJP@2^7JgtYx9`?+Ce?FanL-WOW8_`
zS+o9Cns;Q|g&$42eh4z>i&2^>BfU2@AI@wP!y3CnPTi&oW2~I5o3Vm`9#&3TfLvMx
zwo1mXQAJ@+x_Bv<T|AyC*XI6DsEIBczM<z(Afmw|+WUj5*=L@vd21?I-fscHLqLTu
zm0@cZ3ev9U<{HEWm7T#AJXuqk4mG>_!ZT-0KnUUDQZyO~?MF^k|L&9jT9<u?zdY~r
z=H{+UWEb?k@b8>5A)0C<vrP3zq)K*CRP^A`P-v0)K`~&4fuH^PlI`Ed*BjLGqI)ii
zvGNss7x5ema!y~fM(8n)GPXnCZ_C(VcTS4N3_nrvZU3=?Eh;p9q<f3z{JEk@-|u||
z=6QxOocTLzmU?&2bPHPFWGc<;oOS8je>7YfW}mLStcBY9(;y%IQMbgpAbsW)^ZrcI
ziH_F!Y4^B;xCYHhY)IIujl0Xr<_=1|L^*JG|3yOUVE2%a3*v|`CFP0!El88;ty4|V
z_Z&*>-@}`iOc+@+R5;;M=a(US=U18w`sz2F2RhoR34@g}%EbP|$=uNAi<ylp1;fK)
z+yY|V+*=!ia)VJ^tp`=tH|-W$4QcnbZ(N!BdE=@8f9&Av^WW(?>v_IjNn}&(&rrO_
z9XjW2e)ox9#Y%IOdx+^n#mt@*Nt2qX%rKM2n-?OSn%IUnC&WjS(luSMY)Rx)`LjiF
zT-%%B+>A*nmo2bZ?Ca!*4=+HCjHKI29=qE%_!-x7UApwdq*gQZtJ>@fl^>x-%o}gc
z2e3S-Q{TOzL;5i}Cdn7%`s$J$Y?ZtJ!?sfAhx=)FPn&<0)vdLD@q0V)R>N8R;%L@T
z>504aI_Vmor~JdV&4Yfm{HgD$CaF)=KYsYD{+aLh{)XEzCv}+2yT2J%nB@f3{h+6u
zc@ui^!$hFKp~juUBckl&Ky8#uT>oDGT-D~=hf2kywS{ZAB@Y_<xmdVW{kR5KIP_PH
zT0nb;sK{b6gIay4I6_K8jyLVuJF6+F=Fs=QAOE&S3=!q7K?pxbtHs-)Ch4b!JI?Lz
zY|~lS5m;>+1Kv~6rzl}xdf6>~u9uq(zd9NbLzXwM`Q<eyz|LPkFAlxLS06|AOMFqi
z-Y+F+n`>em<2Umm%)GxbZYqcSo|a(A46WzuPu={w59n#rlHv;0IlgL$ZnX*qr(}Nj
z$ZC=hS$Alhi)>e{zHeEA7!xEVAB1GGNI?I1XABATu{mB&dKXu>&iHlW5xRjb<Og=8
z=0qr0ag}9nHG`N0o&#ZZz4b~S$YNw<1}I9Sp((;&2oqghP)Vls)3w*e*7=#X-FBGR
zdGPh7EvPFJzH9A2mwhwyuTGAoA5L+ZJX?7g_wm_L3^#r{N^_e;d6q|gmyOShondEg
zwPg$N6YHvQYr_=PD-zz-($L<=nJo_{zL=Gf#*mr6_)brKvill^@!sq*$u^83zpy+d
z0MMR2`(n9(!XH;G01iR36HBsRRW&N=?s02aU&dZ&b{4!>HplqByjjiHtii%TaCzCN
z9JQ`O-;*OiBf__q8(oAh+f9D`=5@#PwJi0>H5P0=L^SXq!`7i=If1lnIog7~{#ux)
zd?k0m)4{P8bN1mF(yv#1?**Zdx(1BmZnh&f`mY(>8-Eeu)QwB#&pGUG7Ei628|XU!
z<KxSADAdU1<J`HRxtzZG)SvkpVpETkA^5@XgDniJmfp2*gRL%&g=~)T2NjNPlnV<~
zXo%G-cR!F{2W(S7W+SF5gI@EA)SvdxTV>m79#_ZHESRwKFPt6Os*)uQ^5pDCOiw%2
zCk}7w{5wEt7gr@@dJp(4^pWzpMVOTb&VP&_XgI%H`wrh)F!`ah&(Cxb)0Ho-vm=|W
z9*j5)G&H<}u}Be8=!#0XYY>Jdty9wlKA%h(b^fsSpz}6u!?g4KvU>f&wXpscoAP;;
zdajj=_o3}Q8e)SQoFCk9g6t9kD=MIf@o-+%Vu(hfSGTM-AFpi_q=M)#r&jg1fx3OD
zffr4XsL){DBj|_y^WPdu^e)ZYer72vNLw#5k)m0`hh<C3ZZ-33?A>li5IPP#XX~_W
zAOyGJ>aydofnOAiwv2Gey(q@~!BtjHj5(UDm?@Ki>Gq6B`FJ?L$F}ZaBJvK}nwE*l
zX5pIPpPZK>CuuphAsbiVw)cBLF!3KZDD=BFqwfD#)LN|CSM|w~n+q<n;9Ng|9-3-?
z|23^H<vvk0;-9A;e#JIprga`}n6&hJIJL=k>YI5BWrnBk{qdyCGJZ07Rc6CEXlE3K
z>uA&3cF4K$OE)X5ymR@b7WduOG{xS)yqDJGrTUd^tM%sOS3(*RI?xBH<8wlQj&(af
zy0|>%34CL$wXZ>go0n2a>5cnq*TPLM7r=8r$h<#`Z<%qpv?Ub#@+cxLOuv`s*}QRC
z$bt6?K9j6<GwP&C*wvU#W%;c@3#p@YXj#6zeL(K!C8fg`LeYa#XIg@@c&Y@#KR%YP
z%nwF1g=S4t_z@#FdtXo3dw&l9;$@iXw=mzfznlFnIGW56B>W@cFYQw)<pOXmhk31r
zf~&mwre?)vJ1XKA)TIgv3kDBQ1b2L`$H;Foi4k??A>{7Wn7P%-)q|nl)<Q<H0NUvj
zZ|*gJ*)w%|m%*PY+Q!@>RFxe5O{BVKHCXUg{{zfC`#@l$ilr2d=;Gbh@7iVif_DM;
z3uuhdfdhEmJO7E>LYjes9Npjf7a=eAA<daM!HUPL)4uFtI|++!53c)W;M-$w8lC5u
zZx&q~P#zSpQ-AgfYFGK94!yM+dNz(6OWquI3rN}9mEadM{mgs+am4ipkFYAe9X%R^
z<cTL~nC@`uU~8G!#MpqzGyVPz{b^I*1OxY`(3PJ%dP4hqLZwWBD-Fx$lzgBRlgz?R
zF$qdt78*ODtM2!MnM(Kh72&Q8L5JfXHmD373WRLFe|$FT;DpY#)<<Wy$7c2LOT5xJ
zaIjs|c51OQXA-jwe-ivysQ&EYtDa1Lv7N0ZroyyvGd}cG>Q26pXQNiw+fc+eAwwWO
z4m1B-l%~8hH1uK;8T*vslOqdd^A)+g-3PXffy-ELES|MHO+#$acyBP|&8m`G@JhTS
zPH@_Fqt<!;P}-q+-<7V)$I59ZzyIFbZYdppEg9hR0$jmm&JVDpk=Zp{<d44h!k5*R
zTYoT4--_TrPK8{)mbh>Jy!}`z+V6Fetz!1(XUHNW7FtayScMC-czeB=Nzg#GF*S*t
z?4}JdKxd{-TzI)j0YB%i(qqwhMtJ(_?C$*5c~XPRetmz>)#jiB;1=9b*xD&kw0flI
zNAXf;xuOZ3e-n}7H#J1H!qLD<=Xt!8ad#-%rz*LhY#nWReIvio{qys^=7OO2{)N$H
zPoxRIeX=uu!hUM$akh@Zh{XCpJ>GK+2$LIcdRmKq=b07zEc*~jt4#x+E*~r@jH+0d
z&B5OU@a(J*6H1$9H+{0L8`s5J4||{asmLU7Od{1<k!u>XbH+2P(_6@@hy25Z6I_Y>
z$H4hqW==|$eCf+_x7wjHw4%Om05^Y6U|%9H?ZiP{XPS>VW)0Fe<X$I+D5jJ7^k)5J
z=9~U`jS~8&%!}KHL#UP@eCKJ_#%XaJYf(<o=rx)uy8AT0eQrd&6S~gy`GsI&A6KK%
zMJu@zBjV##$~OVOA&M-xJc2iWZ*CIq^FpVr_F_AOn7i_~t8pV8qSNP8_it03q(i`9
ziEl)*_cB2-s`euL-w)8Yi`wd^YEt4H@mq@o^>!#{)Bp7k?!>T8w<3$3z+n`-o7OPy
zSoW>7nMxtR;c6U|7*t4);&qa`q^ovs{InW=ewAMI(xrSexaqatx-z%j-@Ou>uOGu7
zeu6$MyaOs=XElP;IsnBH4wwi)afq!<h?uWrv9l0{1UE*Ky{;I4c3$6Z9e>oXjLAO@
zG+ephjy?TN)%`Q!;a{{2AWw2tiKxFQ5y$C|0;p<TZ^Ev&4fEC0L&FRanBpAg)oQ@C
ztX0_I$N?%DsixPA-7{Z4cpY~KKg7xW(dRc*^%-CqmJY1hMJ?X79LV$SMx;|$(FuE)
zDBP)saS|_HLAz-l%_@g3TvG6`pN<v?IJjPds5z4>>i)JA?|KvS=%YfR^cg@+C|wXm
zyB($*w3;Kn@Rp2}rSDEXEW2}JVpe$1T2W(vzxhhdnQty;6u1Hf^SzO~^{@>1S$46$
zl&c4?Jlp#jYK9J3SCMOSo2o5d6#}x{BWLw~q}{<_r|$-B0Uk#6^_@7@$Ke`#rw;aa
zu0YLNp#Cdmc8eO~Q+eZC-|dbm(Y-8!K~yAN$p!=TY9yfEnLK1a8vz2Kv5f^M_=sok
zhvxY1fk(+mlc;6!)q$hy7g6h<rjUL!6?uM;ySu|L-MMa+Y1bG6w_VhkY;ebwZ%h&k
znZy*e_%vglA6CWzCW|rB@;{ROm?+T_2lIx!&=aEOQ-@oLCofbjKE8!{G-XgI$Kadc
zDG5TV@i(4nc6fM&mNs6*su-70jmj~^(urQ{dNH*~3iwm^!*BN&R@Hx7oHgdmQ$u&c
zfV=;bjcsAB0qbf)G+A)ci7roORK)idz5^<oHH~QW++b8~*kb|A%N?kds1C^J8Q|w`
zYHo)b9B1@94^Fd$&t0;7W}CEBTP8Ub5&LEg)E)Z%w6ZmKUQ1Il7>WbTKoH?d$FjPP
zw;KF()y!xqgdCgy-xK&K$qabT9KFcw@6Y0?BOK^_!dWpSMn9U(p2h!D1aR#sn7lDN
zpl1VaJGMhTG@st?<k5uho6LP)qlT)dnF2b>T;D-C%HVeFk#5{=gprFh>$%gp*)zOJ
zWUI;<tw(_%X=lJjk739BB;+2;%2f*sNIV!s%C(0Vi&%-Me39))iOH3HL1q|0?r;<s
z#A=*l@B$^1*AGA3qWIPjUSw@i_L=5nTwg&=cZ%N^*@Da0b9!TnQ&N*9^@ZdPIBa^G
z3`YTN!l~rbUfTJSPt)$-vjBlO5zH~Ael42rE=%G4%GbIxvHEw+s~*zE#*08ZOjz?4
zs?CiwM!(Y4+GQ|^ajK5ow((iN=1gC;?r1tc$8fQ7ay~9bc{CDumCY~xz1j1LYu}Zt
zs&}^ax6Xhnw=AuCy8julQthuLBrX|)$u49we3t4|i^zpvI&Cn}Dq#J}F3ylDy6oKo
z>w{0VKJ!rP8mENHZ(r{6upO<v%6c@v@j8nBaU@%N4~s_xqv91%DXQ`v30NMlb8SC*
z^!r9mB<9hGS|vSotstnXr#^i~kZZ&|vuR9i@LR;ueTyywwX+L$_Mle8sb=LqO1fAH
z@*qO#z_b1Pe0nZlUPm>IteSK%h}pV)xyJA-1B@ooDN$sg!d5F?&N&gkM_(oT%=N|v
zS{E3wUd3V$<q}Z!S~ffMEk_U))eb0;&qKOiO$T2+rS3gTeVoC+jlZZz7PCT|Ev&X4
z6<U^}2cj7TgyrQ?-l0a7h<G}o$bXAk2dXm?uXJ6j)?d&th=q6OT%yI?1NwtB=^u6+
z#<B`&g!~zEe%+TO0I}#y<mzZeT3EDC@BLZMqv0k+SRj%3nYNoLDJgTYWtxZE_D~a(
zJc+B%Kh*nvZx5W}mlQv7%1t<%k3sqgkm<$#aFilEmC~x>y4iHto`l(B#f0Ps5AfT+
zzToOB0Y6awPGgGx>jvhb)4PY>ahQ&`Z-c~FVRWb2zHzBlo}sP<ejiLPN?6)Ry^%C3
z%L}mtbr>%Lqy-@mBtr}Dm8MyeSXO<#Qv?r|xxs-N4>bXSTZQl}ScV#r4M$T|Justd
zrQHSr!@zS>Wzo+T)M(QR%^o+j#|jh;J%uAdw|oU1=LFHopXP<om{Wd(F8a0^z~}Ru
zjQ1f&2iQ}?{M8nsXu~U*cj*doZxc8n$fvM^SGQ>5*n`&NG`{y`nB*BI<QhM?GVmcs
zPo@EsVC0X_S<vQlm97cB(v8y)6N?@J10#Ip%ALr_NMUvLCrr%DBC4wCfNc>`Q@grv
zQ|n@`c8-4YH1!!iFn6gN6*%6Tlqq{h*8I-TGkqk>kB!{QOK~{SvOODD8@%OlZ!7}Z
z(X-&#_8*nC4nAe&hu1@YTc*o8#wt8HBc{{Ff4n%nQy86=cHFdE7)h@pPxAkel9e5-
zSh<*Sw(GyjZI0o8m)jW4$+p}Ed<?%p@1q93kRwv>T}@6F{P^su(D(xg?y#ZFr3%+L
zKfszR8m<xJ!+ReTOf3)NF9qL8#TC%#=cQ5B!`Bz+%*ou>4KsMX9#FK?3A_@c)JUVO
zYx8hW%>EpfSgx#gzvigYsvyeQoQC!@6euzWipFePT-ZQ?X=%(ktDqx}-M)ful$mxx
zUpoo&3{w>;Y1<+$X{4#>_DOr|v+up$%Pp<?s@q}Ai*4VPj4|XBT2~gAMoMS3G`YjJ
z?ZzAYOSfNOHN!UtATm>=80yi<_XYf3(p)qxWc$~*PY+i+nk;?DxixK(`V_;Z?4_;F
zbeBf^)~T~DpDOLblx{~JS2-!D`UKiuylmR&Q)6Lg7g{k6*_tHAJV*-BSWhT>?ml7o
zK3!p>?)sDSf7L`OsOo7!f%7gfLP+!LRZV3P<3%u+C2Sf{pXWY3h4U2n&!`{QE5Y}#
z7z!;+M3z9$`Fga^9Fy1-@3%A3VIQ#*&)vx>ohpAT=be$ed33NEUhB}!6!f#IvxvAl
zwUbJWvDDS2I{0CGl>0q1I1vC*ny1c_zpMq#2(*<qmOs}&xE_A+JEXLm6}uK370WJ_
z>B;wBkKDX`-!syHH$ms>KYhI1hP}0aLD3VOW|~@<ZCu?@9eA|;!S!!bn@@YC^0soW
z48gU2OQK7yD*ATTd!;%ix0JyYKmKl`rFwGna2N@Xc@Z0|N@w~|nomev{EX5*#}}^J
z)BjY9f1MECW+Vt0#{UvWb1Hef`?7V~Sc!0x^SCk(zNynAay3e|IivpkE0mq8>(pix
zTi?mQ-1Q+r+s8-Nz`!8z`YE@mrohC_%kGon+8zJ+>Hc}jFqejX3D)(Yolx#4%_}a^
z-}|$k9>dY$!QLVml=g}nopvy)oSYogb2n^>O`~F+%RnSFP0}5vcea-9>zMYoreea{
z6V40mqW36k-Nt0cYw-_AqtM9)|6)+;ZXZiherL=J%G-TURP=(kRtnxfRzjAdpDlC?
zWywFSI)#Z^bEEKMHN&ZYzr)VVtQQj#lbJ^O!ecUhs438w_2o0Hyr7^#lU0=G?UmtT
zX6l|uk2(5-3C~u+K7J1A8x-E?Qsnt~=O4k`UsXJLR25%EuBLt~xU60~y34);#<+uN
zrN}(5Z2F>BaKzeAA!TN^H>5v5Ss<~jQsiG14_77|AA1$Oz8p>~ZrgHAzY}(ish#x4
zx&2{dJhF46z$8srRdswrHhZX=GH@eseXd(RY@Z~4@MtgScem={nvC6RY7RN4_`GCE
z>C8}$E2%1D#a}O;W~=7wkxHAp2|(Ss_sq2mCGl+~mZk0I?@QV=2#ejgRU@70KBF&X
z<26gVgXunXqGFl&^HUOd#A(`m<wIsiN5=qI3|w_Y;GF4KEA4CXZrWocZgrA$DusJc
zsELUXpoi=5=RKF%-qwWLEVr*cNmJrVyYX-M3x&LV6Rhaa#bEu?E5}~=hWf<B2#m9z
zLF^*swa+hKF6&c#9fM6Z)k(pa#T-uPmi-Jh=neW_8^?)rT+LaoU5lrtk0v))xPT47
z{*T&3-Lk{AmtVOZ;%syOw0zD8@U~aCSD%QXsHSAZj^Wk6kFg)`6qchCRo&GEUQyxZ
zqv;>3Edp^#<mS82hu+Gy(*eO^9Kq<swTdCtCHX2{Mc(!vnbDU+k{<f#KiuQMxUN&T
zF=KnNh7R)=j#QuJF#y9<-QTGdw!#`;0yV)dYCt$A0}xr^qW?byMV|a$3StoZ%l7|x
z=KqGWC9!l{_SVq701g=(b<~|ZCFSr6x+ekNYQ|-<va&9_n~TF>j0wX<=9zkbZ5&S0
zvwf(=4++c4T2y=~3~mNJGpYnBOiK|jx`c7bg0j6w4joOFeDnSTbj><gZ*6*9+13Fp
zh}`IC+TCxDJ&Rx&s^zwKMMOm8eddhDUwCE-e=4<-n(dA~A4cAD&I(Ok{T{ma=l$;=
z!w0$Ff<#e8+FWV@mk&KYWb2>`O)nA#a!(c%7V=lij*+SwFvj-rRXv>zPy6+Bb=yD9
zZ=_1u!a&ev9zAi-QWN$>S?A5&^Xyq0b&Q;xaa}zQUlp``@1J$a>4G*G6~x`|xOLvx
zAzjg3R1(%AEd<Xr1qF?q{QS#&UQPO)o%=f*#jc~}*R`f=obM^$`;o+drM%T|aj?94
zU&D6$TKF^Ty7tSjXi_OR8b4F*HIqAH!$X>PzCD)rn$a$~R$qM~E~M6Da{TM}t?BUa
za&OX18>RQzcMoN5<>uzz_VQmEHjZ~~@!&<@<chPdz2l}G7efwtmSKPgKqepX^V2og
z)pdFsN%Z=`Wf7<^`-PqF>N@%m$k0fsRq^%apjuo9UC_>aT8t2tF-1Mh(;qLRU03!7
z@46qrB!<8AGVbAKeXX<L!Hox5o!`4Em_0`mQtc%e{8il5^~%Jrpna0=+xmeG9CNSF
z;HzHW{Zflv%bv&GAzf*PnE20H-{V47KG$!)lk5Kg%!h-TlGMTPQCn1NSm^FXzgEX!
z?jAR5yC?(l!Kyn3TlVtBdO;)D0JgE#2k$=VPZPqtJi38g7w9Lxew*r*j^X3{fWry4
zF63(nCYF)9^TUr0`I$vqZL?M`B3B-vOj5-egON|+S!`pLCTWrdwYBmMt1Wx_2P?DG
zRk8tt>mM6NI-pZhhd0~5nvdTlw>;1!PJ0?SIQGdDr&$_Reuyi}`V9?6dp7@0WjKrP
zFM-_S=Eo(s$4brI(>lcHqnl_1ZRW(GgPG(P{RKvD2fM$A3(YvI-uBOSBu&h`y4B&6
zm-6n_vR!`<-1$`YLo(pVieck5v-2)H$(esUlHoxd>*@=iVL=H-T)!yAEvYs$?J}w}
z>aE`}WtvC(zTV@h5?75{<oRs}zs_s-(aq6YF+K4A@p0bzR7$SMR)4`fyNHe+lhl@N
z-Fm#Z$Ld`71DqE97Iyx7M_Z_;V-*g%F0<@jW|H;2?o5|Gro|8J=cK;vuCXfLbD2mU
zN~KIX>r&;Yy^~3Pt~Y&Hr?Nczya6*7u3z#a2VfABI4^ps`~p2WV7%jORrQCN%{Qp0
z3C_{vsP>+FYw`TDQ~+qexi{{^{|QESFe-0bVLyt7+C`;~_+P!o=S_b*@E`9;=<1m|
zF^>Ow5f=rntmOH{I=4shT>i(y$bg%F==vGYuEZ}EeBK>sxQx+023Ub=pZM^MkLJ-M
zTHI3F`YPZn@#2YXL4v21+VbpM(p%DVW=e+>{MFS%q`n#{2C>eU<BVMX<0Qjlh+|||
zBo6+E&}i27W5s{UE`7Cq>OYLfMY(AM5H9zAYV$d|?59R;hGJ&YS=y@VEmmNx%%Q(E
zsHAqC@*96hGz|v`E>K;)^&tQVSL6kD+73kjPeI4n|KA1ip=GJ|$N#K-?L=ZQ51S$N
zCxX*5GhxhEOtV4OqFT6hq5qG69doB#HKpU%z@_2h;VOGb3Hn)jD5PF5m<{XzuRqWv
z3=4NMw2_`ylx8Rc(}X$u#jMINA9f4^{M<|Qx%<a$q{NaRw=!4|XHN?v*60ZA5{Ou1
zB+c+cb&#N4G`XqR__jdsfsFlI#NuFq`$x6a$ycQ3PfIgYfxHF9%ruFsS8_{1M4#}@
zSF5z@O_O3bA9(=RTzokN!d3q~jJtoTY4N4fNfTbuvsRFb4wu`g?Irl#{p|wM(%SH&
zFvzlHedC3%W16?PzmC;NafzV;3~#P9u39{jbu0pjOV_#DnYzA#wHMQ2CIChAC{LV1
zI5^~=49-dDzR*AJC11@J@67LT;+qUr;AzL9LbK!Ta>>;fk|2RO_u6re^)Y-RL?=td
z_s*Y{Nt4G)o`vXV)+#=W{hU|gote*HKVN7E_Cb-<aUpM|JS{xOstv>iGc<xzL98iL
znB{VCcX1IWOI$^Ze|hdQ@Y=ka1v*)_MS>X_Wit!G5I`R}{q{x^a5I>>OS48WSYc6-
zFy!~e424AP8mITim2Re^FBFs#r{^A>y}-%&c&Nx+Kw?7AhVpWoQrr5$g*bMpLbcT<
zxd@3o5h13TPPMfvuP?en0X(6K_ap3?#m_jD2M&p&q?&$Fg@O!WxRL1j{s$zAw~cx#
zcvWL<8f@+<sHv%7+R?0@>tC>el+G3STTd>p1DK2s?gYmo^YN2KXQ-chPQ#k^J9VR)
zMdN8SXuZ&$AiF9?6<ctZN>#cH<X(cYUs7~?$i1A`N5N!dYRVGX@%Z^AcLRNW>Pmlk
zM`x-}PpfN)?+28^+DI_iIkP9q12ve?-y>EkAr*8|d|xVQC=b7^fvxxHEJgfaJ9mbz
z)ER+@P|-IZ)Jndzgzi~@?6(LU(98r!ZzzNR{50M-t=s+mLyaymLv8PHZ*@qlqKTgx
zl+jO6@AH9n;YB&|71V!zjtOuNN_$SJR~U3;j@&#!Qv`;u<>S2#GuR9W0_?q!p}U(o
zqqgCbb01%;*D$telE>6%-GV_x^*!1+n=6h9;bDVd`S|!0S7jQWvQqv;;tiO7yXf$y
zVcutHWqGt71T-8S?$s4>`ag_rYdt#foHdF&S*mmE)RpQpg%6V`{uBekWpAw3={?6T
zn3wIGEhZ_#NzOFBF(d4@Avz#52xfj7f9~$8C3|j_vEsDv`bl~;*iB!8otWG*q}W4U
z;JnHE3*`OL_0bPRw_EoUuclIB%fj~8AW6INZ^Ed<cIMfu#JleGTvYOSa-bT`UCa;q
zZ@G>5L_;O#+{e<t^K+y$E!Tn@lpb}+7DfT<bH*j8;^f>OuVe+<_RdcFSF@vezoZ`P
zM$uv4cwvgwKqnUyKMkDyIn_L|TDB3wEPm%4m*|v?MU9hLP6UJGUc3U#eHx^l3}veR
zOP`+FFT~hVSHkDn6<K=jQfNJz1;Z%FRsu4p*aML;*T@P;3$BB;{93(*y3>5|(@Y-)
zi{>Ez*tj_6WiAz;+h7-c<uIZDSx1gTcXE4@{QknvwS5qf<GvrRG4FfZ*mDozG_`^@
zg)NIM4BknE9H9X2G*A61)qlwnLr#wMO7uVdYe<rW^#U8J#4v>>e~qF(pP$I$uXhJ;
z0)Bz+jPuZo*HT0FuNs!0Pu#y|ALNO5<y}QKgJ^VF;soKU8sP+``!Qet#pSW}?$#>2
zF<_Z#57PvXc{4@*Y5JHmG>K5wZhHs#1*boWI?vxfl7lok-9A|g0Ol0-rqk~$5qrg(
zSK@c;E(0PYxiDdAR;@P>>(w63ND7Tl*cbIT7=H@hC1`CAF7b+p7z0PG->vYSSpHfj
z%_bh!C8O2BbvKk&-gD|&lMTln>d#v7WH41#b>m%y1s*uz?l~@|-pD6mv2VtKmmS@Y
zR7QfL$w-Y=`&Q?74|VoQENtSQQjm=*=o1eL%EbHZ;u!6wGtnog%k;r1Zb8qBZa<E5
znQGqFuyme)_&3(nm~7I{y)5g<P*K;Nb03*>%B1N+_`QD3=<s2{S!gEDKkas0#|t*G
z;>O}L(CG`TVT?Ck&ECDVQO%plzR3PMg6*}YrM7pT3>R>lU&K<1=u>bGX0>S}k)aI0
zv`WE5>W`<j@Q(g1aYS~+{Lj0u0NwyOG$phlV9y0!)&+@KJKVd|P7>&mP1CxOa0EU-
ztkLT}5~?JwUSFDcAywx#mOK@<=k6uL2xjD?u8YzJtbpMZ4G|V+?CR@dWBeFJ&)!~r
zquytpqVvYFoKKW4*O7qvGV{)@j$sxWq~QtSr7m@!cuv8@OV#vwv=)!Fa{cs_j)5f4
zEKS8w8j%wK(>snjy^;Ic*AD%qxQ_R0!B;oF_Y=>>Q*3Vbki}S7Sp`WOYTcD^R*D4|
z{uy8<C1fT36mjLV2z6YZSf>8YjKi6*iOp)q-XgG?`zRPAt{<*-@@#(4J8uq-Bawc{
z{VArR;4-5I{GjMeSH{o{P^)JUKb-IHjjVC*FT@WO#^}cbqELnAcAv)l<C>iqejObh
zRK;}-!lz2UDR_aLFN%i*>}``HUW?l&74~Z#Jpu21Ei4S=p~^5a*3Cf*bzocWExx(%
z3oINsPuO-&k*c_Od@PFy|Me$Wu)_@k*k25?kRbUuRUO{!<6d+uzk8c_Nk#X>sWaIL
zoJvfPt08_XpC6&iuPvJLa%`m=;QKQ*>Iw70ap9K$*Krf@t$E&YMdzrgz}o?=q;H9M
z@7`1i`H*d|<L&eDS?-iaj~17L0l5ZPO$!jAx!&kiB(7g4w<{_uW8~#Pddp{VsbiLc
zQVkS4#$Lr;S=I{)Y5MfDm9)kmb@%QNutHct!4lKU?6x}9T=gP%ka($Xott&~`>7<0
z)65-apo-&2*!t9|945&H!L;tL$B_&=b~e5n=(d6JE&}-RXVE1h`1Qq9xYj|f5f*Zp
z^~Sb~<Z*XZzfJ{zlNu)m&}0~^8d}LBg@wM~>65U|+bvC#TiDErL)BmnTrarc#N;ZR
z%#F6+&ud-!#*fI>))D1kGM<mM%29QEjF|L!|K2e>s_Z6aajr~&Jz!`&RIJDgK}#09
zo&jZ%fEz@{F`d7D39vPNylq;rq3UwPYcfgof#2<NNAO~ss!efF@opbQww)9on&Wj!
z$+(Xn*Maw3Fafc6UDUQI{hUNL6tGcZOwsVzJR70#yv7n@Hk&0+C64_}%|%>+%<iWL
zocK3i6ozx(3a~IT6?-p(0nu(-qPCDjy7YcoU0C5bkNgUKIf^LO;zL7?MU<sPmigab
z)yf?IxB}~lOR+#uJq0|Ja+0>i_{m-WBOi`WPE@Q?k<<c$_JDZ5o&4IjWpYQxaq1<^
zzh|<zk{Wh`lEF*#W~lRF{{6_PBIKJEn86IPl@G1?Wj$=Y?gv(W`R=PtqrC4T%EG33
z*5+ry8G4)34vtTUh~ZMXNz30YzUX#+d)MF3P`XbmvY%OV^pR&b(RyT|>>t^xH_h%^
znLkdy$E${Tr5%A0iO8R0>7!8h7D-&PYQIy=bX}Q-T06pJt2hCr(!e2mg7wU)Xfl-%
z6t=Vcf#@f*O!cQUrS0`Gl^98}dX+405xeqihc<dn5A<h%;U;)hjA<ky;ue6a6g6-{
z`iW&GcmYtJDu$rlrUPb1PX>4mtB(#>z$k_~LG>4p3*9jSb~vA`8jNNwp`-+}bw~9S
zFS><k!$&ifQsJMb3|JAOVmnktOdrirrK<q+N0)_god6|{7{2Pk=nKa!wH*pV&H%+V
z;0?3C<wtb&jLJ|{t&=bCizP(oaDd^~NB4Ass_g$e1U+g@xA*SEFPP{p&P?5^Ka-*8
zDXKB}JBxi@;$d?{Usj{GfKYt?hYt+i<*4U&LwD*m`@6dG@n4?~^ewC5KL*znLF*>2
z`I}7phvhOGbg(?#k^46ANyHw%I9q_q@rk<Tp8oh!*+vuvzu5foK}+nhugI(=cCQ|(
z2goJ_`o^1}k{={5z8~-$?0rKM+rRw;&KAbsF!a=xXEe}atg8zr@6|3=ubHKEzy&p~
ze^Po~Qi{FwEm1yz4<~aQgSBhlb`}8MREj41pc%vxFxVUpIBs52c>39P-w1g~2!=ee
z+H2$&ON?JqDu)jU=GvGuW`&D<VOma{TxL=)j%?yD{l)*K*86~Gv$G=nL#tuaETNO`
zlAZn3@pOUE9uHMC*|4k(k#KxS2K_t)J1e}ncHO3!<j3+pW1a0Rw?=esEF>m6uA}5l
z9+%4-Db5ZHUY?M{(B;*<ey#n_LRGu?-_})bUCZ&Lz{_VZ3}(#@q_L7-8}|RD;naU<
zc%e}Ww~}DgeKj3^Fh*DPt~1!O=^D}bhnmfF73S<E&HLZpKNPwhb6)dkkv*&Mk>|Tj
z<Fc1!EOp*~SMJT0wJ|9MfeNODrs}b)b;{&%j!^`41GG;gR^IU3C330QAX5el*7!7&
zIBxCfY*g1K={cl4R7$WnVqF7tlGX5@4=3MWO;c(jG5Gc#x)D%3dgAh><&qG*W#-U$
zETr=sPo8bqc9aEjC|d5IWVmRy2GcDdmN+vPe)XoHo4!Lq$At(CIGzyw%Q`qgJ3T+W
zsa-U{RlHfvnbIsv%j~E58lRw%d~?m|5qDI-Alf)B*?=x2#zL@tC!|Y`j;xPXJB;-w
zcVv={PemI#@m5=$18<u?VFl|4j4cq>bJg#SiC<~UZtC@mn)g$iUg&=oV&!1FvhqyS
zrZD9b(FY!G#gATh)85)^I`#;E^&k!`%G&JcE~r3k(JAUD1{6tTpK!hZT&KtNoc}!>
zU=sfqLjM1W1OG?J6sQv3JK*m(YjJ6$;*)hA$6vrddHSbjU6LroD(^UG1zTBeoyQe$
ze0fioc<qzfkMp6BX9T~GMTW;XdxJ>z_*_M<q5@COQo+(hb7{#QO_fE$FQ=2E<<0}O
zJg0^P5;C98WJ@Oy434oiK=3{}12%oo9BueK%Or~a<V4-$^xyQjf{V~xPhyzqBc*a=
zh7XZ|5i6krFE<KM!pdnyFwv?CKV3Ul@KZw3<U2+W1|<iZet#`?UtU2q8Ht>AHMBgI
z%zr;6;AYrl>yuN@A8CUaS&JO?`$69hwXdxbQX0JT#<j>G0V2$Q+2ZTCITr|TBd7D7
z3O}U2nI4!_;4XYizJI@9IO~5@_0?ffb#1@WAktj|(j`(7lF}vJ4bmtror*AoNFyyU
z<j^P}F@S&y57N>h-CY9%oHfsT-gCb1y7-5g9c!<>*1gvKi+hN9pvA#ri9#56V#iV<
zWj_3A{FZ~!$zl{>dH(&~(eL)ZS^&)Dlx3&MUyGa7+YBGkHj9eDQi`q@DB*}xJ>L|0
zA16w?WqG1pVdPk!wV4yRg|(e2#E8H}mNC7&UTd5Fp-^ik)pAV!F#Kg#!^NnSr~VFk
z$kWqL<kUev{lB+3F*r3eAIO4+bk@Gv|6?6n<aT*>vNwKSUh-kPAuo6S%Pp?Gy?K$t
zp6kwZ{G#tk;#eVbl76*6MTOp1ya~R^xr1*xmH-{=B&l^AdiZUpx^)vEeB?BckT0@?
z5&sc8y<p02^fd#RGW4^2^k}t3tJ}Pm&j(y^lFl$70zu+InLs1d7tt<SJ;19Au=aPx
z&byI82kjZyg!C%&t$vfu4*HJlVAC!Xz;f>^60wngI%Ss#DdPry%X@r<c#wN>2A`it
zZT1m(^J2~R3R#6B*xCV2c?uY%X{h>UG!8g7njj9`dQ|FSP9BKy-xv=i96Sc5XhvbT
zsgDl7b5y}zbgYJC+>I0D51%hFW-s~S$maktEdp3N&R3g8cCa@%rNcdFzj#<>*`5Wq
zz~xpfWz*W=((*?*UysiBX2;01B;^2#^4ywE$(6YBUVMaF8uv&n1y5Ok_scn~dw!kS
z;l^0>Edm6g*LzJU(kV6}L8R|qBlmg5eX7SAlQmX21Pr(u`O>-IYRZfur%8lgiqwig
zE*O6<8$JWS-f!Jn%djfRlM2EvQxsl7$si6gRe;z4WEP_z7@m~{o^4+}eLsT%zM=3~
zjd1q>pxPrdmzBPR2zPqEZ>VQrd{CsESaN#mb9E4QR~csK#QdMF{wobT%`9OQ(2*<Q
z*B8f}aMU?y$ZU8umYA4W3bLFr01K8WKuE7dV<^#;!1bSu_X#&TjXW~#2o}G&TuJPs
z4mY&G^snI-6Qd3?lt_f2fHZLbULs-obC6`$C-O_3ub$7kmxAs1*v-YF`$=9FJc!p2
zKqslWxvxU)_}rLfUcf*y=5xMlGI#mfM&?^KVO@Qa(0uFhA2at6faYw06#1(sf7O^s
zjKNZHFGPXQw6SyWAVR)6NS&Bxo`i1fo>qL@o4W}kD@Yt=^buGqBTmpb$fT}!8=BFi
zJ%0MS<Jm%=+1k-&0#QKo2FM54Pz`rSp#ZxDOW8}}-5|4cN4>&tU{kjhIWeWi56Jey
zibde!-=3^-hY2{%D~4ZGba!`e0y46I^d5RJ3$h17=DhQ#3eAZ?a}%W`6ScwE1_mH{
zHdfZ*NG$vZP7IoXEZ`o<sU<d#Pzu7=v$&E$Rc2tUYmP5niDASRRbb!{Y6IMY;4Ajv
z0C?x<G7tS}a_+9TO7qbd#Z1Rj!D6GA(`SU@0FNT!CJhcW?hkl>DuRUPpYWww(S@+P
zkRum*`aeK?Q(t}Xx(@j>iABHZwZ)OGVh0y#bPIU<@kc+vq~Lof@)fYUb`NALv%oVt
zM~={^wVjTtqo}5=CpMAd4<adAa6N1llO8E@^6=olL{|xC^zJ2UwrG0IK>7jwr^QYQ
zlc6b@NLdHal#GU4%qw%e$SDA17fPlU0E9R+qSBW*^fICzK-AMm6OnEJJ}d8b%<FCs
zJS)T|pdAKH8?+<mm3wKQEC2>6TirG>6_qjtkD)Nc;K_F?FsrPbKAp~ilvfA9dJ6gm
z1+r)<rg#m+CN$5mQJRh;roZKSrL?ZNrWbKQRKxGK&V9OBlsJk(Bq>|db{yOC;H^jt
z?xCf@NTDJyP?NoUz|^T@@clhOFUIR>A~6`M+xWufZNa>Ebq1&q3M!7f=($~&hs9qA
z$nbyEn^sPswQm!s?c@Nh$@lnlunKUC5j`y_wudv2?{i>e^<6sxt;{%7ok}9)s`03=
z6FndFad5YNbqXA@PM0O@ObQ0`p!xeQ+C*^pIyH5o)H$^jNc+d(VPW3Xm^|d5U%0wo
z{!Rg=5XHOO3wSx8)7OQG4c8uZ+8Thwz5nOWdo&n$hc|}E;tUWA>71~#&eOmH8`-jp
z-!%+L7Xgwg5yTVG6k|-GW0p<`MN(1{$fIPjmV!c4o+uk?Nh4m~GnFSZMZIY`fqTA(
zURFS=VWC6rD1y>RNxa#m4*xUqjuN!cRC~OHFqCU+uEpCKbk&T0jHwUU8jdp5JtY7v
zoZiuLZ?9$oz0OhSM3#taV>$g7%y$5>V9KNr9R;8>AQiKw;N3Q%pu<kCRg9_0$XND=
zw#G^m{pY&?(jxn6rm-&O>`4j=-4Y?Zqy<l%c1aYCK>dHfV#9pkdq@`!NKKR==-Zn;
zHGtlfv<F?-F823GuUhT9w;f??g6L@J{}+pdp|rFV<)L@povK^TkXq!3{!WeFH2;Q<
z&#EJ5zj=iaHN0cNmC1_)&lN(&UYVMjK4!Tb5kPViTN1*IYVzu^3w;wYFF*M})zU~4
z5q~+VIoR0N0%H|zZ43P;qzLVB0dFb)5-arh7Y8avP=LAyTuS!45PHocey^=1NTL;9
zH+<MLGrP0a=6lRyIct~*?%gG|RA8h3ngrnr?x6^nGdCb&DWH=Po{)wcf0`6+;aypi
z$=kiWLz*`b$sj)hc=RR7PVOsqWi3hO;{ht@+um*9$0w(y-F6dW-<0D2QBqP8yDLk-
z4yLtWjk}i#B{?}O`_oXz32>NVHx}UzF|~vbCu+f4#=$A%_D1ae^GRs=3o|m@%(A{0
z2t9~-ysy?ME5RF60-ad`bXsOTwwYWUpmu;UjFgmAAvOLxJ*H(S!k*itzF6gb7dYoD
zd1d<#Qs=S#268|4sL|1yPbqC!Fm6)A%!;(QV#Bim-FfbH$SQ1mF@a}eY+uH3l!55%
zbIHYp;2Q3elp!rQ8g-+T54bPbDjQ2l4PGx0rFrZsfAinP(Uc+L_Z8(c^M2<ab~Fn4
zk~LY=bmLGV)8_A6F}JKa_@imBXFJX}dh>AWrHgR`y1`?koY;3*u7rbJ6eUo{5r~j#
z<H@jdg${FUptLm-yD{x1+lMQHJ)TBmY{8Vb9%Ily^Vh~TJS^Fz>7k91MlBZ+I^I!h
znF8P5BDxJv-7;i%G|lzYy3&+dgO=>lc?>P~vFVg{S7aEdxFtP7vv=|iBd%NlfgQ0Y
zY^tZl)Xb}+B7Sz(JYh{&w+#JE0q@lrBGeR#es|xU^m6%nZ~Sb*<vlML2YvC+SwdcX
za*V0}O*`h<xQ$YRE$l8>eTh~}iz$(qP`f6gVLM^1<=>aIP-#}+e?y2Q_<2|(@ODfk
zAH<xamKnpk2bn}&I{3E*5BIXI6V>)q28tvP9C>eSa5VSAGCoxKSJU1Sh<S|^BuW1e
zED(@3n%%xl7%P7hZSPXq0&RPhj&>*FC`Ays{dy4XbN3wP!c{OvyA<mo(Qs5)0v$vN
zL61k-hcI98T85HupCQEpU#;T%7{$Fu&|=l~<B+g71poNR&Ot5W*#*yP9;#7`KNbg(
z)z8`TrxDOuGWDpP$ZcvxDQTJmiDVm8lcp$me?V}F(d>=x4o*H5L+Ivh`ss9`DmfX0
z>ekjL;g_eprk8&wms=BL_`DQxaES5?IPz&UpZPHsh7L)+@Gf}(Wq3w3oD8k(g@5mU
zzS*$0I5uK;^r#|JY!725Xo-{0?1(Jns!L&eqW$fq8!{VTVSdzce;kn$6XS8^Iqz_F
zv@s}b;})jF$e2ugxDl+f*fPsEvA1<{PSjXv^j@=QQu(52)>WVKsrwW;&s8VR1>7(3
zL*ZiHZrZlS3ss5`J0(rpKVF`8Pk(6T7|@%Lkn$dP96tHvEF`dI6sJQ*h0M-(JiT7v
z%;(XpUBX)osdu1F&OC&h&>Ih96Xq%nNM}7~vn}*W`>WdKl6LH42K5SvH9$_|x4hFJ
zjY=sU!uy*o>blCOZf|}OYXEPaNlPDRm1}M_u(RQb+bH-ev{^;--PvqcIzz?luJ1*r
zvik={6&cv<>d^_}AWZdQe%8EE%5h=C=kU<eQ=0L(UcJMZ<((w6z_fkMOJzho)cjHZ
zQ}qygv<*gdug^o?jdCz1!z)eYe%Gfi%aO)h7fF8{Y1h2Ndeye!*T-q(avrH&(UOtL
z{j~*a6eg<O920DK1YwWy9^xk=mxiET$gqG$b{Vb5-+*@`f29g`il~)qkGcsSud>iY
z-eoM_dMUo={h1t+Y+?Ssh`*fQ>jiJ<e%OX+M=cn*%o+{|0_Im8qTtqHUykx+zEH1u
zTcx8(@oiaX4iQ7pMoF{B{Va7?<YQy~TeQlJRa4rpy>j#|J9;=m)*st?btUmz9U};K
zCdo;t`8R%L?5^r0ln%Ar#Yvl}YWccq!Cy})`3YC4|Io_wJli>Xaj{0q+Tx^U%f?5s
z&UUO)d$@7mi|6ex4UCxk6;Du&pb%3o)r&uFf#XpoQ@0^)o6OZiyd?KYQbp^Ml@+~4
zj@V{A5@E&gY3YFU+-t9rmnq3ZJO-TdLW`!)3AQH+#v3cgVV(@8w`Zo`k^|H74#s-f
zLIV^Hla0$0U>^wpGEiFnv&khPs~O;a2-SgxgyR<7y5+LvGcNqC+)pfux>#`(jG(xa
z?rHC}TAL%=9+9ffgN(l+jED}(I6P%C-N>lm`V0<16&>?~Jfhb0>D45PIF<tnyw+P8
zf;Pj!SuY61q^R9KDTztlu*$1n7chVK{;`cY_l3$Un>}_~nQg@+rmp2)+q1sR(CU{-
zZRar7y5z#gT*s%rL-z;5fsu2A5xygc8Vra%!3iwTK>mSn$q|{GZr8#ZT?a<~gMfjG
zm6KI<k7L16K{`hY=~G#CHO=;I9au9VA~~m&O?Hc(G9f>7`jH^fn#o(QR;u3&EcGNN
z!mP|G=}(~cvKPB@h-0RU=)ELCW~sf;YiR_WR6OFM4tg*rOy4d4n!;<)Rk(G!Qd>?s
z5nxL7sNo+VjG}d<jk2u&TGgN%^_wj#F7e`esQ<+NhpyRzqai-tCrdJvQ|hW`Y<%^D
zA=*RVrl*eMJ@#yO>uU`LJkq7F!d@2(kU0S6B=hgBzHPXUbhI(o(FeruE<qrC(2G|q
zVt*Wy=D9E0ztO>qL92|z*GeWE8TH=Qmv^73UBnJu#Az<41nEdUQ8637-f@9tQ2wUX
zDJtxSkZwvDX?9iZhERLdU2X;!2ss~V^|3y9oF#rhCgHoxIhcDZF+YDUmn9O0r$}*e
zt7K6=f2R?kp3`Kv!+y11snuJv8`5g){44rIA-fW8@<zRt-sIK7CB6a7JWawcB=-2~
z?DyIEW^iJe`s)mRhb@i+$U%Db)%=FjU>Rh9u`c;)XJ2T2V{k|kdwnoZ;jiK&r<JRG
zr|&f~BTFPT`1_LVb3bBBZMOF5elePVJ!>b@b=kK6>n-iCp?bSHvH>;E4{9)5D9P(c
zpAqQaP$T1IqFP5OuZ>~Y@bQ#~+m~Vl!M-`f9L~<~73~&sR3HES3yDkIuzJYNPASdm
zX(MOd6<E7sx7_OB_m%Sb^4?D^ShF<cM+pMjxGS{`t__!r-dLG1*DJd5s>z1b)J&C9
zEe1HWeYIF2(C(CpRyeqg*lM4S(T(b24cQ{}_}Yr`M(uHuq2MZ*B;zp#$nur$d}PT2
z#O_YBrX69`HI$McAo-+}A?%e`T2dl~v*cmG0%40WMIwax@!eIbpLu9n-*6#96f17W
z7ETb-B1%9n_}e#+qZP`iZ~nsF3czvZBw{~u?*Yi2lE-;;Id1W$FhjIAMM_yK*;qAl
z^|7QRL{%pdZp)T0IX|0r4r`uo8Cxs>$izqT&%b6*{!m?5U5_pz@L)k!Fiyi`>A;he
z9y3y&mYC)^nM53@ZSR@Nh|qz~uOerlL7I~pO-w`X{+XRrf*7c&-B(mnBIU;@p={1Y
z37|>Damu|kBA=9d98v1GAEhiWy55N<a4Y2DPi^dcWgo-1Sk(IQrUuukRq1SU@y+bl
z1I3-m8mdqPkeHQgW@o#*_ydyx<c5xtQVEE!3xQ@suWshqF$MGfa~Aj}bWIw(Hq~Rn
zkF17XBTG;P)hCU_Jc#0TP1sZ(a%TDVs3yR&A~ii7sM)`Twx~mB5fdxU<R&_>)n8n?
z`B0~+`619JGLn*t{2ehA%JAcN_gjo}6J)lIQ+iAvngrF)N_kC=O-4{w%G@DSQ0lJ!
z-@i)&PF_ETIKF%dwn$i9fTTMrF4+L7HD4i0jeR=rx41POU$yhQzrQerLrWJhtzh$R
ze(DR#XrbuIz|GImZRhiKw!of!8JTgraC32Po}z9^^1-yu%PLg=k)h;t)wNBU2PZ#H
ze@2vKz;yP_i+I>-h=ZXQiDx3Lk(9?hX<}F)1z4*+tD!5PydAV-bY?Pwyt27jj8@#M
z_!8^3pQk1>u)bOsdOzf-mukFF5npfCnQdjke}&-c`T&ll_YfzK@JB3#@<aYMNsZmL
zpNcD`6L;R4wz|Tj#Q{8nk9gd#soIRv^NkIvJf98b9n-c;1Qt$(A&wh*g`IlByr8nJ
z$_Y~qSC08fEHqj&YOA4tB<gMRTMiVDqBb8J>K49}tY1Fy57U3$g!}<n=pZaM_B6|Q
zY*Dzm=`=P}M~`*b^9|_M$7WsFFc3Hcz&=p!IFv`s0}1y@qT-|E60BRL@g7wYb&NRL
zkh(rET?|8XiL{iNV6UD-HROLk*g5;>-c0MWKWT>_GmNF?TIi}w&g`qNtBS2g+w&Ma
z)ODj$2RZpLj&Ec18qmabqJ*9zJ_<6mBR=&;kTEvK0_~weUY)3CU#riuan5B@myC8X
zOw-b3{q1a8I;Yh1o@&AAu`g4P3qWhei<F6Y2Fq=o>)od78|?=uzulZ?)AWd)ax6{#
zRO@(GD&uh7Xnh789RA&0qLEs;5@{bEN~s;R`<)ox=V1Uy6Bz{E9e(pQ?VqplRWdiH
zWPs^iHzj>%yyj_@T9fCSXui6ZHkZHR8l;p%RQF9amrSJCX>gwCb`H*7^BvE&cfhGl
z3+TZfR9LouBat^T$VN$9@z6nsK}VtLl@<6=?ra{bKS=_CGzgXaRmaN#<u`Wp9VU#`
z@b-d~Z4LAESiDrY>DBC?`dV?4cNbIa8kyG9(wWnTpM)G^H+`3TvJV)68*bW+y-~9U
z!UM0q^49YR^<56K#{~NY!JYVLu6MULK9d%HkWFsZ)qE;3TF0bzv-if+v+%5o-(?Vh
zDYx)Y7?ph)8p;u8Ngv+zINhFzLy2nBVIG_60RQ2)nw_XV>w%IJ_o#7k?G261Y@pCY
z0MhA#=lLS~v{U5uLffaj&@1QVMpybPVzE%9*!-K>SH{@mI5i=z6M@URYJhP}O+DXm
z-t+EAT>mm@Sp>30CwCZ{Nc|zeBGU4L_Qgje9P6bnm)>F<+rrt!%~FN<5x>}hT5!Y4
zBB&VLf801GO;>j&zx2xxW6-Vu3aq1eY;GK6M^NSoV1VbrO+dC)`XaZGR>Wl(fE$V^
zWdPcrsY=yQVY0hslR8_VRJ5#~fQy=HnXB==H|Ao4-UKKi%&+q{jqHHN*$McTgkQ}F
zA1zsQ+_`jyqg{z?7Gyp1-Bv)En|k`?q$i6j|IHaR=QfPkln`_Lb{NJnj9&+c=GUU@
z_NVIJ0tu-SJ>DT5$@=fy9aG8&1*%_P_dgv7FQP=sNzI6Ueq^)mFVVoDtZ5oZ$@iaZ
z$f&aw=MI~`#Yvke->M_{6F^xVG@^yw&VYc5a;V-eA~q(b0GKO=QNm%MK@$!-cU#tw
zqn{zEO)zeUyAY*ulW6)@{C(}U_g;BF>%2F&6dx~Rv-kJesY|zO`=NVhQXKZ#p}6ux
zpy}-MQCTrW@yai8QH47Uya8yq1tK4XDwWtcnV8Qe@dV6dOnM+ZD3NV6c5%7PF}h@X
zs{lI@v*R-KnQwa&?L-wRnaA`0UbQ8+Czj?02$;s(gZxMgj^tn4+1di|O1e<_VL%Uc
z=`_s1xowKQo|Nj(H+i3}ev!ah1HSB*fy;el<JLVzDn1P<#xmzjfkSuek)1W~Q2Zw{
zN<UsG2M0?6<!u5O8Ep0R;<I(2t#7sqZ9?jxU?udu^br(+nM81B@O+TsrI3%m;CYdw
zT9_OCLNDRI&ingm;{=qvmqt-~CtNN{`8$(ld#?M7a2Y<!woDYTxD7y@a{{qirBH$a
z03hr&Jm9=w=BIfz6Oz9CyI9-wO2+jU;b}v~V=6ozjfs9m-O4L_0+Xu~2T5dQe^mhG
z)5@W=bFnj9UbcKwWup|r;WL;%v{zWleUGuUeBOdWxM~cRMsfc`!Qt{3&WdFWa-I6R
zYKIvY8f_!pGI~r|Su*rMdyKr<hL6>jGwLI2S=tIm+~nl+pCRpKJ<lR`Vft#C5=t4r
zcMA?Tzv-7)%FKJn!F=T7VnOLaNs?ifuE?nEz`g+Pupnhw(HL1|*MvT2W8-?HeXE=7
zTjW~@a9A*F!58DB(Z#5nxN?`34r$ZKu`lc%!sm9}2G=H<8JMrKtv`zdkK>>-74V@|
zHK1u7WXh5Bs_E))UCq$O&IGf63=S2AT6U;VWIecOfi(f#Wl+2D5g_kb@aV4)0TnZ4
zMCWDkKHYasgF(j1cen3c7T_vEu5P&mWi)L1pdzDnAo_oSi@;~OwoCsvxzF;W!lTS$
zQH%maQ~=4a1dt=!S07>5p+r$ADMdbJ<BM9LKiI;}jdkV&is12II%SlgPM$kxLQo=c
zRWI-ko<HQ@WWdc#5C1bA4ji6qz{1;tL~{ieBaP<(3MExW!f8z7DC*G$*Q|^I_qK$x
zjpr}<aF={BR&{tpr_B-l*%Um>5GD{l9wedF)i;HWJR|mafW~S(H9PU|se4kE!_SDH
z@PRX(Es7vE|9&XqiO&sG4u@&LS`xzc<^=gRT5EVmk8<>xkg~3ZPjMwFVgrYep_EPC
zXl(Va?YZ58Kk!v=s`!0z+O&EbnhsJIJi=bk&Rxw;E<8%L9yQXs(^Cyv!N7FBp8M0`
z=N+N{wj%=Bqn5RL;AEO;$sm<Y`=>?~m7X_Emhn=Dd_@KYUPVpzz@Z1+2AnMH*X#tY
zBS@l-!rWG(ky1vDVo-z08Q=?>pRdhE9pl*7Vm($nIbK}L=KT24mrn@^Z0=Z1)i?dR
z%yDE=mDQwEv+-jjQO2EeLz8+o-;xdydFclrl}SHcGd#$zmPb6VS#Ec+Xb*!$vm_kr
zVw&ezc>Jz|d=ESZnlJ4JUbx&Woh*9?z*)P@06bD1$_W{5`~YKp3k1)Z>a+}4Xx_xQ
zK2MqACQ^ptOR94Z$ZR{88*TJ>2R{j>zS)(OmE2PA{(iS^H&w9k-2C$6?-jgUEL1)W
zIoN+aktwNpYc3N<+r);q_K)ga31m#B;MiUrGQ`IGaeL_mn;>7#eUSP^vbLJKzi!Ap
zqx%MFB?@dXs7$5W10sBXWRJ;+D5XSssA@5rPO$xyaA1g!4D-SqC8K!_>wDch9Kzgm
z_0{$S_LwyBY9V7ZFddR*3&?m^pLdc8D)SxVnJzG>QiD7+4iXHH;qX%BU0rMEgSW(`
zJbT`viL|f`(xYcCDY5ibv;k#+&9$YbcN3z5WR4rG78t=uoet;b7bC|3112$?1nk<8
zYh;b&y(;P!b1ar0QhL;4U(a2{6+`a6s;znPeQuZX#=LQz@?mB@W)sqS#BLS3@&?ML
z@*#3{Bu~L4miSuw43|MNIA?)gMw?fjTeJ3%y;irqZG8Hm<%c3`fQXbluYCXY->SB2
z&S6uKsBSL$zSjlQj2jPAf^Jx<KKZVl?@hj|>JwgG1>Uzuq<Okv*NXiQe|>U~)=Wxr
zPiMx@*o%@-<EE{2sFD`Q^j|`S1&{xPLDvGDK;dyqrhhAvYoV)=^7;?CTrMrx@+);X
zo}D$pLA{_@cCkmtMzGA<#sjuJlOxNKQ`NUy^F$p!_8Tp66tlu0@vr01f5gshq|Y+V
zqgA~0rWmS$sQ(-ki52!E2~_>sklY7VjN%>U8lFEbkg72|y^l$+EDJF{6109<hr7Hc
z9nhB@^k+VtDzD&R^44=8L~Q}!F>J>EV6R?}wss-)tAQAm&nHW*4t(IPZ4=($qx+aa
zg2>~BPKW12{CvLKp~coDZ;HLjNj4q+p*3~b21EdHG?sdB72ZysE8^im8tr=0@|~+o
z{4by`r9ZQ^Pb3z75kK0$Z}RF2{|l&enyCO=is>Z%w}YvT?>>uwYRPvT#G7ui;Y7Ru
zCAAJH0w1Bp5&z`x>V7m|oABx1!0}2*c$kFP<0*(HEyx-Wh1%sKqgs#;TxC1YG0}4g
zoPrA2cYx*WC1C_g*mX++CQU(@VPPs9vyl=w&8~LvQh_i{8!$c4`}te=uBgx`+&*B#
zggcc2g3;cVQMnNakk?f0;IPA#&d>Szr4<QR+S(rP@<j?V4KeE*bhkDa^R)-Bshkbi
znCY~IQp<1w&8~u8>i17Uj4c~ig--~}pzN$d>i-Y@lQ}r`Xd=q7_ra2K{HVb9sr7cR
z@weJA0fSd_R7(W^Z$*jaoHq7WXEOXBfxRnoR-(y~*<vW}tg8IpJq$(EZv=>Gt+^lI
zUSgBP$TVl&k4i5QJiBssK?C>bh4h24m`XY<4`c267U;~cnBn@Iq_@(VNWENMKj%k~
ze!1$8&CyQ`<PR;3yg%EHeIzLBmgBq+g1ZcA0b5HyOtwBQ_w^Ckx@R$@cDAUJs;^L>
z?SUCZRimgw!8mNc1*9223B*9nRg|~Y3D{7DXE2-?|NU2107QOHr6@A+oQ+K2ISVMC
zekMEt9Lc9e<yvA)H$~YROnfuB=Z@xJ$%yF!rd(@W@GhCB_+~ll(fD>GK>6f9>;;Zb
z3%>m74AcVj6EzihkKnI_Biv1PtQ8j<Rp#~{t_tQy>xeq=4Y4+8!2{0Mv%=VQ^$9#9
zB*eAYpb^I3wH)e5r^6kNFn8~vMFUDr{GY$vt#O$6Y4^a72FP~Gp!>~v;=G#wHUaPE
zToXe_@!Y^)N1Tqvuo37(jd~oI91{;u+<O8#CE%t41rBH*zfD6m1{6sKC2RJ=P9FjT
z1QQ=$0`RGq>q6Dg-028RGXM|wt>f()leH?k_xeAdK>|#A$B2Wws%Q;luj92g^7rxa
zzY8+GzYnVYTI205!t<39Xcd7+=7HOHr$H~wJpX09EHTeV6V(>LrYU~VWlda*7Ex#S
zLl@}F%K-WLbd%s)0Zs%+TSmdBPQWBr7|4sUEl1-Ex@J|C2{`+o%gf8*VYZQ4C%G)N
zi62!F67xJD2h$1ssRM1HJ)UTn3UMt*1n`jSxw*lb6R~k{pF{v1tuCOe-6PQIx-Y@O
zPf|M%|9<CUV~awSD-;kAcs~=_m%xI`vrw#_@k5kkf!VOH1)UGfXn&T&UMeeXApS-B
z*@cNpLn?HNuoE6i&9Go87!p3D-;}`3OzJeU3Q^2{`l=A@??=IQS<}8hRiNlo?Jq5K
zAa&sA2#LrDGs!V+bYgY^B>)RZ+0^{2C~Vg_JjlU(9FFb;#Gx}vzwoNXwl{V;k5^hO
z?Ni1B#L`CZV5R^@zS+m`VRzS7GqpBvFG;-aZZ5`F5@o8LnB-vOHr=ZK8A(c{mom5S
Yjg3n6F6+QgligEQe4$YN+&c3A0Bl(`jsO4v

diff --git a/doc/passw_hardening/ph_diagram.jpg b/doc/passw_hardening/ph_diagram.jpg
index 56555e732caf34b09ba6f5c28284ff3f9d351784..ec147349ae2a528f629a04faff9c5345119befe5 100644
GIT binary patch
delta 9810
zcmb_?XIPWVx^`4-D7p}k8qm;`DkY!<M5Re5B%w!CiWmqeB}mN@1?dQ(1_5b-BqT_O
zAYh?a=@6Rq8c@0*@Uhl%U1#reuIoGd`}Tf+yl>vg%seyqeb4jEGfC;(k)HV@@1Vzy
zy-+hQf*<2$!&dG+ipdZ!T-m-jcmNpLFKU8Lt6Bg60gUAR(+O*d)p1uY><=maWRsqi
z@e?x=UP?>+_Dq+s2{`8c`zhcGs>os$LWMXER>S<~?xx3A7mn__-47IgSOpOi%ZP4{
z&_Ikl+-V|h0=Y^P!h5Wj%J<~sE>!QS(-$n_3obC(VCl294J4A-P0a>zJYL$?px>a@
zte)E*9v5)TZRj|4$c+;C)F~jN4Mo=Bjoas%-{!fx8|%j3uNQYtlROaV`=lzQiq7Df
zMopLUB1&g1IT0%x3YJI<qv66+HaTA%W|yHBn>5>8SMa@Bx5>aI{pEg#esS|Jt{$Qv
z!fG6_7!z|>pM`D{%1u$QI+&s<=dY#4X6ss?OcxWk!lNjRjVigoCqokM3A!a57uySm
zvN-}D>ZY`Z6iWpp37io@%#0b+LlkYI`G|am2!>{6!aEx#C_K-|_lo0VDY%i9gBZ68
z7_N`!Hlvj+xuW_(JI$e?eoYSrhE?m!R<UUx_dfr0#9oc?9ds({g3Sk!ig)5Pe!Ryb
z&YMsD*T)%EW5BPATj%>iiOa04pB?ydY(78PWZzA+&$v&w^qwiRQx1I<aK?r2q@Yk!
zuFNxsN9AfzL1#{8A1CcI7NnTgy*_dYd>QHo);AqBmi8KA!4?j(AQ5HkjneMxTU?UA
z8Q!9sG$1X7!g$l4cX#kWl3g9PDn0NE5pHk#1s~d9j)j4p3_l(%M;naWzjN<hwDUrr
zT^+v4D2^W#DXAt<%~NQ-4;#$pEPAZ<ZKJ~$L8;zVC6<(n5<%Z_<2O`da(HussDwc%
zP-4UFws>4Lw&^^JazPbGn~$ewC%wccwQr&Q<*J84UFa#~mgDu3NcvDU1L-FeFZL$r
zssp{D)WXcGY6?}sSnf}84z5Z~CA~^XHl`8^kgiryc7t|7BdD_Kuk&R4Qr!+2BB@ZJ
zyHAI)VbC+GSvJP~CA=B;!S`!Y$!}UlwQ#3Atqf^wP6i?8OZ+9knfwR-nO4}EN4*kV
zg#*^P{Q@h48@lpq;<LIN3f@Y7zX8r#{!a#!Us3-iL-`e%R{%$L`hDBfq-)55Bn2)K
zg0C0ce4GVGXv*Z0rk5B?>c;0E(U(jgzkR-a4ti@bMIsK1(ID%HWRHhC?=LaaU%45Y
zh~40Ywo=3POa);wOfWer+qYXXDim#8FETT4upS!KWi}>{*x1shkeM#j)>n0sV7)CM
z>SDBqrnukD`STN#r8;7Ite6+hpJXjdjw`{Hs#D{xOc38XDUti^;c(4VoQGzC6@vo;
zx!WFOg-tR0`tCWhhk>Et@hw$_PIdjfKXD3?eS;LMI}PlQ1+(4a%aSxnkb)a+3@rX-
z1AnFIC?!0<!bVY?X~hj+Y|4E#O^%gQ9bxg<E=ps)TZ^<am-;#+M7>*vtA%jNK)1MQ
z$xAsgCGAm?g1)8UZD4&m+VHK-<xs7v@Lm)Nn{Il;L~#=gocEaxB|G)VcAyBg@7^Sc
z#V}lAX6lEGLpcJjOx+!h$+lBx?$7M^FbgJyhK7c`Z4bCYGU2*WKD|E{JCN%tZqf2-
z_>$B2th`|#sGmYb^-0h|Xe#Y$mvDGJPr%~egz6a4HaQo-4ZE9u#?`R4SJ~K)DMC9J
z9ROLI9}d|))&~9*nyL}%9aJ#?71pI8D-BQi#^ch&&{$ZrqfWbNT>o6twK-<5sdR5>
zsj<;P+JW6AJ_1B(O3)qhOX8aMaVZkK{PwUAcbDvH_m4Gsj`L1+i47;YSCtJ$M<$f+
z%F6Pbc&_;aD<4`Wf|N#Y+S+6@s$0W@p1*}w>w_rmGnVdUO`)SUb})|ivL28qmCPI7
zh4ea^t0>(%vlD9k;&qr(`i$L{$TT$A&DBy)Rv9xN)g+gWZjVH1L=#B`LJ!NVaj>kT
zFAbR2xGT^+1YUbVj}HQ<pim|P4M`vqVq((6Be3QaHc(tQYSx+L)>$9ny!DV8{3Pi?
zyVy6nN<`lSwmN-XpbC4%g+622^YzzNq^O7xP|w=34O_YUmHH~vN|Ow6DnQfmCXD5E
zrW`VUCT@VLZy8~vp0HCH(RH0TmFsA3jV8IG>M)y&R-qBm$#jPq2by3{jE#>JoPN#_
zn>a>uj_bC%Dq1EirDkfVul%(0Q-hL@gQ%0S|8{@IS{?$fzCM)xC_wIkGR5rvOGPv<
zu)J^m_=&zJ&0%j=B_-fbt%*p;3}WPNXNbsZ<-Iofe&f@@=9s`IpPw-BBNz|NJFN$)
z0X`9QTIrauazs{iq2ML7ih5y1hYwE(wz{#C_dO{$H^O7;^k-mh=tSbD%c(My)alLL
z<*8>PmfEh)FsK`Pv<MXB!~0mk;s@W15ydum5P0lOtw~qO+}7gz(S9DjBkVJA{a^-w
z>79d0B9hYfkrKR63fkX045)^GXoDNJG_=oLhTX!FR`t|v<@L}Bb2(SYuGoK4iRi6N
zU%ZB8n#wz?E2Jk)pn&u!Pu2@_X>mG2B?=)20G68Fx&0V2U#$7=yH#2GOl5idR{#fx
z`w%FzaWf)r>V~>!<DBE*Z4N<)LNWSvF>^k#K}!kt?t(%Qa>g132}MARCWbd{QcV=L
z5{B{>A!zI;e6>=T6xbksDg)0W$$Ph<aSkbdLESMyQ?EWlHzUK-V&r~<0xyVRlvOAJ
zyPDgCqM87ckrZ>FpSqhyG+p{>=MYCOv3xO34i(*NTwiN8LQ!VGHJ2+`eWF&b*2+Gb
z_UJ8N?r@IfX0d|_y%H@PP110T3!WPGt4|1V#4gy{I^@AU<Qs{!2sfxtSnk;Y(9);y
zs->HREl0YF2TWE3nGY_(SrF%CNpuT~AR1nwmYNfqUA)&#&m{^%pb(1DR(Fv@Ib}^Y
zvt+4y1+&QB)A6>v&e|n1R8;uvHL;F%xDdnfUW0hqW$)!2*T{RHrj98nMVdT<FYaIu
z00uXK4=|D;<^?%D-_Mm8-PW9srn!ajIrL&uS=@V;0Cok`N8GileJarv{97O}1OYz)
zoR6^f(f+|yk0D@knCDZsQDOR{^mvl|q~OZ4eG)(Q&jo(kaYGij8+`a4BhReZGWOrs
z|LHGR#&B;1WO0nk=Wx!vC$Mr-BXK|vikm6iB7{RZTl#2tx#ynYR>w}Wytk86O1`Re
zg(B#UH2~n1dvWkdXw}<E%&>Q=QrVrd7C#LeqPR(nJxohh$yC9lg6iUy|5a);l!ke&
zmw&94_@uEEtr2`L-$W0?a3UA?(5YXb2t#LE8b!|5B3OX$TZ#M_b`+(O99Eq_dT0BD
zoSv?oqJ3hpF*s4!9~KOoj4e0#BJsLNu*{?<dsoVWRQEheBj&DHW;tB<0+=VI#rEL>
ziK2l(-0bC*sxg~eUBa}eS$h&Hn{Hd)b}L7wnVLk{sd20u>m$Uo-2^phcl(heLazRt
zj?~}fE={A121}c<Zk|@IJ{X9z9Xg<lv+^^_29?-!i9+@@@Q{jfb*S^<--N&&J$uQt
z2<MumXK@SpN1DG^YPN1hqsy)G*o;3d;iMvG4dsXM3fJ+wDLU%Yh@X;uA|V+SDxmFS
zvTQAgpi_Mu{#Bz_`p&c;@vl$O=5un<?zjyypgB~&k<>GzKh9Yz^ONts*QIkL7OXdU
z{da(rWU!UP{o-Mp`0NN*gEpxDX}dpNcx+HpW#8hD7Js4&NLEa2w_A3LF@|>t{!C(%
z`h$F#Kb^nYZKdP9)2X<00hwPUvty?PFmR8)k~Sn1B?MoMT}|_Oh3z>2_#OcAay~fu
zdt=`BUtgFhL#W+~Z86@yH(;C{I)_;39T`*aM9}6*qR#lZn;kNiBMB0jbHFs~Cu9|Q
zx6)Z{m|rBJ8%p*GvYeYF#uYQPAyvj={<8%Zq-jUz-_+}sx;gY^uH`Oc%`_cN@3+d(
zlpbH{mS`Hz&x<tU+m?*cx}XbzF3gb2%r-Nv`lYBECM1-v6hyflU8?_fqPSl?6>5kx
z7skg_e_i0Ro9DbU2Q;7rT<7W|^Byf3!lR-_J+rLthY#2_w~Db4CpgJj1Hx9%;thQW
zg{9dgUu??iEfzs;^K@*zn0{TiSeX|G2d}70Ap4SqLR3-fi8>8b+X^wDM@7i};?It&
z1pK&=!^-4E)86(%uql!=#g%|}NR74$aC`FR0rz$-48p-ys2jsLN_I#T5wuL5+zMln
zWC8m_+)Hord-H_8QX$PRWb~@~x;QFULj4{JTNj<p81#H+I*R@FzVh-zODS=S#7Mm%
zOX9);**N{7TVH8JSAFm-n6re_6WP<#c`JMvQy5mndzp8zjr8626WWBl1XVNDXD)aU
z!JQ?uBCU9V%*sWzQRE@@bRtMZDlPBzu`4~ja^Vx47i*>DuUR<Dv>4Y{h}!4YFy&}3
z|58hCGQW(^a`WbGt4^y{XXM_03;g#8hf?9h%Axy)r$^8*4$}|#fU9a_dO!RFPb4Qv
zvKw%<*m2tD)+vCJI7tTEEW)-h(1!Nd5d!yl-6j2fn?!($$E9Dp)RQkRZJe0?@n#IF
zV^l>VX5<m@F}8@vXCu7pNKOx!#*PlP=8=~*5Zd`2_T>HIkBE7gPjauP$JRRbOSfwh
z`C-W}7@3HNe!=XWTXW&io;C6Y&WwuT+SBuK#7wn{;fZ5qbDqi1NQO!;zN{#Gho^d+
z6osY_FF!ppv<_)|j}T2!i`Fk{%iAcNiZdGWK9-qV&Y^AD{`3vQkgaNbWO!VDYpZJY
zhEl}2nQh;Xf48|k=ZWLJB8+Pk<;30?Ec?mfd;nNJ03fCkC&o)jl_H8-PE<$ZXI^dV
zjwJ?zd{c~{p|2c@c=^K*V{bY)UG%5I0bnI_M<<V#znPn_(Bv@f_=YAv&{wH{FSwGJ
zKP`S<?fp=lu~(10RR-$K1LI9Y1ij$ZZ@`*g#r&_l%0jc&avwDH9O=c8L_`!C8%n)O
z;^uD_d`27YYdRmp$5qV^wyiw=x$>ze(%=w@YJqG210!YJo)8c_A;43;iCeuO@T+sx
zgr!OO=+FiY?Tk(7l}6BrUT%{kAvfuxlf|B1*8YSl=~dRYk@~j7<Mg=7{74aS6O|?g
z0;Rb&e**~p#VfPy_}GT(nCjwHueemLqTQu_bK3%q3tbhg9(eeuX})8^I-Yu%q?y*B
z$lT@j8J8G4f6?~#Z&FM}jjM47LcBNri@=w6wruGfHK^+ZfeW3&;F*5Uyrj?>QbkWk
zrluIATmSki%rlRzV7$nw#$|(9Biy9$HC(FDY3$#9-frq~@Px!j;yfw+Yw>%=-s+ov
zQOJTF)WC9QeSe4ey<VHnMj|0p_YC_&;C49Z5`g>HbO1**tswh3yR&<CH<@aL2lrMT
zi*aTTUj=##*7(IKmi2#&v`!yIPY{(CIP6CZRn;pXZ*KjKHZEJ38+TolMP~Ll0p0ix
zg`)0F+fp_3T-rELv_{<X0C40+%GmjFN9rr<UkW`nwIB~k9<Rmii(G?TRvA?E9>Lyl
z=@qR0#k$_6U*yQs1&e{@wunNwPJh|c-KGqYAj~}ek)^-kLo!Ux*bJbU_dBjbRStVp
z#X8w`&3fiD=4sLHO<nimZZ)K5Jj2g}%KXgUt?SB!uY2#gcuzM&%w!TTD^08sp8;$&
zmCtOFOO9lN1-3oLk3A?I&6*%QY;8bPV<?bGdy1B3@gCJFQe$*!N#7*J3(by@Z*_7Z
z)b?^s?7T>^p@UObiuA%9dav&Ru`~&P!gqu11+gr59XfMJhB^QCgd4rz4bmJDv5b-m
zj)F7xB`ci<>e_!uDY7)DixVfwzEK|WRk5fYID!}$=kolWwm2(C3){UyaY(WA!h%gs
zCk>X_Th((?s;+b|*fxZRo*(6EsKUhlbB|D(7BY!2jyLlfNbXPrW#Y|oa^8{_Q>LJd
z4Bz?Ej{(D**>;0*F&(B>i&enU^sN(6cqy|NWrOvjgp_Mt1$8$SPwr%UN^^0GfF9b>
z=cg=xxQWXUS_OeXg1xM4t7)=J1~Or{0K&LSW=>j1uNLh<Gz83*M1|tNcT9nC2)D@o
z7rDr`9ovm)yy&B9okl{(q9jL(?c5t@OI4ZIeQJnyMFZJ%Ma2bJzt%!Z^>?<Ct7f=w
z&KKp6+r@5KWt3vZEIFG6c0`Ls4*;F^aq-$i&03Eb8}EiG2Y`&i`m_UpCU|Mf7j{M-
zVEcPClmqt-8jQugviyC<5sL#4mVS}gp7v{x5%;6>)`j%n6%FESoXZN#Bjvcm6jP!V
z-^_F667x_*;`l3DOSO78j9oc@e_j(%BYw=jqU`EBL(e?2j=4QnIgZt|TabVM^3EbJ
z9xoCcoSc=*?%0??BjjQ7U|5A~AKNnq&$1^AH)E_SuvRWsc-`SQSmuz=>o2=?a}?V>
zeaBRC#zi)ltJ-No-pGLJp$G18Zn#IUe1h)AGS@Scx{m7V7zfJ}t1X$HCUE4&5>iEE
zk)-!L=s7TJo~;5t;HAvCuo7%e<qqmv>Zu4M4BZcCFBniHqQhLGMa>p6(GR~zx%IaC
zOvazUE@wD{$)voN69a+%0<i<G&6Kys!z4=B>!)p&*0OPaS52C;XV#OvQqfDAg!eOR
zes&C@-yK-#@*%@JaL?KrmND%$z&hw!ILC)0R}OvHb?zCTkfoN3<TkhDN;F32q&l6{
zQ2T?MSzFM?@l802r0B)az~Dhrq}*VVdOH)(wA2sWb@*lBkq3<uHxL;Km+GbAoIXg$
z8_g&>Pmm!~>j7ZXHXPxI8`HRs!408BOjuR!m;hvN{R)J?9#0Ak%CKud^thi%?p(W#
z!MA0vls(n7ZHtty|4nIH7RK+6T#1IVpJr}801P!-GZ_~Bl*CD4*Y7nrcyYg8YSxP`
zclWvbPHBIEiB{T^pyZKfAqk!^1~T>?4G#b!$<;s1r`{y5>1JcJI|o@(l`P||49dtc
zcSqPcjItD8`mmDv@*;Y_XL9N@SP{8CR3DahF<Cl|hwHmTfw?QUY`L>8RMu+HxcJOn
zx)kv8OqaaA>Pt85?(o=(Z^v4FoKLYU+}Tq$g1V%8v0>+<Lidv537w|C(D(p`wxs^Y
zZv_Gp?ycr*DLxjtvtaT-7-{Zhj%fK;GmWY;r~d23lRXADsd1bZbB_f_P^jtA=tevU
zlkf77y#y;VLg;)D%a#57Df2Y-10&IIaEo~%ILSFa#A*}Uq1gvhO?8U$&dBWJKovwS
z$0?qk8A6-){Ghf{6Q#Hv8y(Sze$k2qb3#tW3;zI3@G88HY4IqDx`=G6L?B1o7|`r{
z48Azt81KscHp#6p5f$rVM;36uNQ7OXQJY(iokm-5a`S>i?@+f$Xc(ClX3!moqHDH0
zQasOWVEYaL{Hl*jK1*zPY~dHg%--61xEWV;Im*%$@?Jx<s&eZz)U{j$@dGS1ILwzN
z%!0B(Kn`182{P9SzEv6CZODS4Y|>vDgs2_8v)SGt9+#)pa<rCMvpZ8s+=#+azcAvS
zjxjc#^`iZ#8RCH~90;rL-MwwVJ{kptSAULe4<Q3><fHSVEd{~Dt{|~u@<?V(rfUmM
za<ENB#g3j2F77tVrNFm{(yk-9$!eeUW=mpL)@UVRZKSM7M;i>0HhXy9_p|pAgfBg_
zVHrGRRd;n>wxJZlv^q*O2M)HwHA|zL_e2q<U{=A=elHc*cP$k+7y>d``0r-JSc5?i
zcLjV_iJ4SCuZAFL-jOUO{9ODoo}Oqi(_6L;M~}Hjxb<DkSmxVp5Mg<{p({{2@p=Hw
z8KiHv7-(uq-3ZYFB1~1}ge+eooT@c*$yFRyMww}O(X^E2<Os1XhpF7*s^wU{x1{lb
ztsAVlwEXI4?QuUy%~Lih?<o=3U@`%}={<T3@7-sQDq|D#sOQkT1yFeR$C5j>*;&I`
zp;g;kGpGDInvv-*?HUzA#(wb%^c_SObal^1g{`i(EvTHI>GXpup1(X++h)BTI=O*=
zu&9{3u9~c|VKl7#3d;t@PKZbKJ#N`fnC00s-~K!&P$DhUx!C=U`1bgRlQ7>^+)ZO`
z90c{is#&=TGW6&Gz-8)}a+a|CBYpc*6oVCCl#t`&bO4xSUMWh)IU-H!yQ>4Z2t>4<
z*k``3yr<O$e#sQKPO3=;HJB9Pnt_?Cj&3e*n{CDl&QUM>bENhBs4+W&BiZsuEO>q2
zxbS1>IG(vBkB^|zq+que@?<Yq>0`6aFwWlkdcygE7dLNa=v{OWm%=@@;Xb*&6LQV`
zZ62=GhUdiOg3w3%0Nig6xWz7YMCIcC-Ckt>#a`U3@?2HO86_TS{kTLM0j$iM=F)}$
z8?Hg|N7>8wT3?6R`rOGcni&X^pCjd9ZVS8dLd4$GcdyAWg2<WbUFw)*A~pH&fK1&S
zJAH-pex|9^zNgd2vRG+@(OsaTVR$YLH?|(hGWw%=dQkHDW?RD20>l!C=z1!rO!Rfl
zsN3z^9dmGsp4;!4q3@X%V26nG2l7Kp+p>pZ2;G?XNhlHmO1o~_2111o0I?Z&r^0N9
z<lI<IJ&?sp>j=Z6BzLj-9k|i~pc%@VoGdbkKMc2FhhKGi+^anRjQjY=Z&ZPQl5dpm
z-aJ)L*%!C|b5`zEErT%}ie@+Td}5qhW-pBI{^s!_wxL1<H)ebCG`hOud4%OplMbAn
z&D8nM)C^R@8m=)PgGc4G{=pXanMWMzsHlKzNq@1&EoR{Br=IyQQ-=MM_$(iXv9RIH
z3Dnp+zxvKUh$M)48d!4ER6z>%gCA0;>-LD0-|%>*<vUqpCg)O7*UGIKp(3S>_@rVf
z54lUOWLDaic)M7Y1>OZ2dSzhbVcL(YsoPpkqnTg!(VV?%Pga3H^?DBg!Bkaq0!N)t
zxo)@)eTvro`M4z!G;0&8;loo&oEOV@CjT=vo;*)on1XC4kq-c@R{li>j<t=SUy`H7
z)50Mu^g#2U$DDH)sVTG?43+Q#0MuR^z<q<=#Z4ouvC^xP4Xc*DCs=Q)gpRrBXXfWw
z1kuq5j*dX!Q9(r8^C&l{X%RyIY{d!IVhh@?FRK$-RZG$jw4xn6oM{6UeMqWkf6mjR
zet1R%H~749Rv>x&oTS<KS*mRFVq%I#=2@_+=ZE*c&E;$_e3MbVVAxhk`}MuA0RQOi
zTZirhC#=Y7`ogZ~qD4f`SB{dwqg_^4FD?|z^NCMQmJy>1{kKzEeIhzX`o|qJ*kV}X
zO$YDOBaf>gqbSHv#4<#B{zPi~N!Jq+X;nFHBD)CQ5&v`e^ax9~(~W>8+!1jORc<<q
zqy*PFq&$14masmdP&>6Aq-2^cTf#SO_zBrp0=7N|Rc1<zLi2w2iS^aD+<(z3KGTAZ
zj8D_^wN8k~jahSCJ8xd4mHv}1O$r+SN06;+Yp(Y%bkqyn+9P^JM%_yb)IR}GN}hd<
z>#)<oQ4B=v#6j`&7PU=swB>mHbin*M6+1lP8)aE+ehlV%_i?nZ_?gU<g*1BdVq*J%
zp78x+e`imBINCohJ_$L>$a!eLGiR2!#eC~Gy7Lo0_n+rzSk;%~TQ!vTcaUHH+`vFj
z^{!D<F!f3tFmh$wp5jlF%Hg5wE}srF?DN=fDvae%I(J+{&q!+ayz^dYeg4=P9=qkt
zJo33>-lD&OS%<N{^hhDNm$AOJuEsr(sQ>$kyNA0X?D-UZu!@~>aoiIvWwwIO7WN1&
zS<M^rCKa3oP$+_feFu;ddPhHW)!n{#{=4e%_ZN9xligOvM2Xn<pDmgbCujQ3xg?Jv
z{E4FD4!tf}mS%mTVGl5+1K*ZVy${R4%hAP{=IitKwJN{836Ef<<p;Vmlx00SIxnW-
zhZoZBNVRo1wyn5FsR}6OtgX*fj9`=JpJ{WG!r;*B-K_lei%I&61<9@zi7QF30cZ!@
zYqU1*mObdG=Utqo&J|@t<3DzHf8qG|{S=`!m%)C0+Ezg?#&Q}`$h+P_il*mzTtK4I
zR1~KIOtp`SKEHg&1b5q6go$e-hlm?j;DTN@m-N5`i4Wi$iHjsESU$nC)2d<?d<9>B
zyS?ZsguhTQX@19wPGU2LcrGR&zmJBP?Ua2sU2lIsdH_(#QkKGRSzraID^<ksB|V{A
z$AqGx7tJqwuq)UNfseQSIFp2NmN8|*q&}wW8kD#%`)M8kvWHc;+QtmG>Wm%KP>xP*
zLqOW_PmdK^Q+Qtoa8L-dB+nobw7SJrB=612%vGnY=)7z^JPW)8Xae9iAL-!qjqd3m
z`Se+7<jV#SGw!XGO?}hBLYO_$VEAD%XKmX+z-MQu!9CQeIkHnN(nQU+Nw^wTdAUY!
zhX^D!K!y8=Yu)~Lh239+o?T!Uq^M~BnQxghDPBr1GAvP6swRUx!0qv4o@iiEvZ=7G
z%edDdqG_Nv>~42i_iWth=yTP5gOl`B!P~INn}lhV!tav8o&34<D+3Gi@xtm$t}Qh@
zglb`T8S=viG63#Nhe?^?5&ksl&0u+}2Dx5?Aksw1@T`(r+Ka^QA4Bi^S@T~Y$4+0q
zyb-JL2<_kPiWBtpG_f(|x?C*CiOERmg*yuCRCe_#Du{r*u{FeNAf;~HK1BBjEABo@
z^k|6rp{KiISC9GhK>X0y-(vXd2}+jDD>k)>!<oxeIJq+#UA|PuYt9wIwLD0+8>%s0
zmO^vY>`AB1{}(W8J#vU6fD4D|CA&e?Fm1d)j8k(BX#Q0SC`nzpQRf1Cl1$sOtbA`m
zd*<mO#B^s(<52=CvBXbPbH^uJ1-}NA%w|QDysoz3_xAV(s-*-He|(C*`tm(M=TIz0
ztjzQlh(e`(SyQC8WS^7sth}PT>vDH@At^+N0ADYO?g;rq1kAea$4xDFcG2U{{K@Vb
zo&r^s?dz{pbpP-J5KsKX)_b01;Hn_y@TUnFT2-AA+lN8h2<E*I!u#ZvGh)QZcNW{a
zV5NkacRghvtK`xkoCYITE%Sd5S<tZn2>&x~M{to&BGQM+dMjCyV_@30PtVyB2yx|I
zm(Gr+NyM>^ppsM!r&3Ltl%xYi)cA`x{%~)H=om5SFw7n7d!HuzZV#7m-pKPzB0A4g
zr}-rCqc~Xp3-c5qDZ{pu#S7hmmVL|b2e*X@3k@1p-nu>pK9REy+bUz{W)<sK9*+-i
z1;>7-0fhfpOsC>Lg??e=4LHl$#;Cc60V~xE9rQiLh$Ao;bCl`FJOf(^!*<ht;Vgqm
zQ->(jzy{O6a1m0pAzuzQ%F5{)lM<&eg-<f=(n#vMwZ26}E?)S|HFOnl;_jhS5y0*P
z&q^Z?|IZ?}jmUk=kEkMhsJ8Q`)oM+>9iRWH?ymzt-+!{c4^kCAdERhBaMcLFr=l7h
z)pYxF_jd5lSirB+zp4O^{8jo_m0N&+p&|C4Ti!fdOwXjmPXi01OK^337kY#wwS^+V
zK8XzweFVi^2(GcD;ZwZc1GxF~KQj#MzdM0{9{>Nt%>QbL{r|x1-!%D87O_qL5>5X}
VlmBGV?LRN6|Jzsr0PMlw{{g4HZlwSK

delta 9788
zcmcI}cU)83wr=c-WpAV@RR|pcDFJDs(o4V)LN7`aLQ^0hM2K6ZHz5S1OQa?c3?T^}
zH!9U2EtJqiIv7x-*Nc1abKgGi{oZ}&y?fsLCo3~+tU2cRzVXd5R{G|TQ09)jfgC$#
zruB?uevF3=HM&n~gK!K5?Vj~I0BoR2SImP=`=0==)Vdu2p1SVN$QBqLZ=}!;0LMGF
zJ~|qvoI#4ssPkW(uYUp<dv){_l2O`Um#~<?SocjCuem7hT3$+R7#S2auqrock15Xg
zdkujFSv6F^>mzlg3noEaJ2IMJ5$*Cuh*C{zL8&(Cw@d5Q-{lr?F^NgU_L;)iAvSU^
zky9?h8Y6P|$;kTeo|KWrdv>;0ib*!Oo``8wglgEyn6PQy7ILqMRuXO<n9D2c<QrJ4
zTWwSA9YOc5?*BkX?txPWEK-!OKD{)*$*r=JVo^^>m*kDNB=T-fAlZ;)2B^J1fH&LV
zn-FT5!G}q;%h|4^<4vP!kn^69xbdW}_d~qI!u6P#0nrRRGSt_2!cM7!Po#&bqeCjC
z%<J5<N}lz{dY^q&sMpkn38wZ@u;9TdJxM(_IucSm{q@rC>@X>I0TynC5r&<Mn<c^&
z3}bVPu#hQ3@@9}*8!E8aTtBPGjbFZ_%65ysp&lFnxX0U_9hGdauBL3?!<F4AfQ0!9
z(6#!5rT@oeV&4<MpW~!iT}YYj*2i3Hu#Kx!3y$8H)wY&GPG+WInldHU>z*7PZaLE0
zCJ#U7z<qh?*FOE>@TQ#Mi?{o6`6NvQjtNssaRftQ8!54<vA}m;6fH}b_Xqj2qZ%5`
zXSLb7lrY2ri#DO=xw`>BniFP5GBlP(-D+Oj&4OA7)1zG3X|`<NZW4H)Ro10^ppYR4
zTP<}e3({MJVo>H=f=|8gL$)IJt8$XLdaZ?>wp)vG%DpWXbz%kUTsBQiT}qngC-5Z{
zb3G#syDpUBw2PnCJJYMaI{pr$qpN{s4zuJMQl5G?l<4%7E0obG?M$I8*IGInh{O~L
z#@HwknW?G#zQNoCB$7O9i<P}!gv*<C>%*6nTH2)nhXSqdQEkeWt5o4bWywE2!r`Uy
zm21hhp-{4NQrSjx08l>vo4|EZZ*A5-ISw8v6zg2<{9H-Nsz?;z=;EMb@qobc(3+8A
zDTQkR)UvZ4YDQCU-|E=|=OpB61CDXN{a+9;6<quW7^Z>?%`H<4!&i<YMLWH!vfDp-
z)+pt<)|>mY)`)_vkNSe5g>ksd(pljc4Jd3ZsXhaaDjtlA&c5^F>6uUlMyFh~%9%4e
zb6VwiYQ`f;Pk336ZTdNB3~!m~1n8kg$7^1E&4(?^H!DVzD7eo>$d_S_c0Zd(-m7U6
zc<)YX%ee=Aa-R~-OK>qd_Wd{<D7L6zew{V@+?HyA^HG(!`>9tOD1`|f?=>Wf=kQyz
zL>}HG6in_@yzOv3A>JMWQKV}qG^*2zo*G7C@lH<l5Dg7hkQlF(v9Za;?W46HC^Unl
zRSj_9S@fWEH4Bk~$FzxOo0@Ns9eFgLnYV9_%wX}s{c;@8Ap2=uJpZt?^nOEx#5MJt
zA+PEIun)G*;(<&-4pvz|vv?5hlAhVYwt<3u2dS}gKwzxSs+Vasc}{>ccexyz_H?Tb
z0AZhSX5j;G8X*MDanb^2CC5uc=G?qk7wP5+G0IOI_&o^h<||jBeV|0sqdCbENg?^m
zPkO^l;j)&Q(m_%g63u-3X_Os#xt{fLH(jk;$eXVpS9);x7}q!qe{F3s8V*fIOAGO#
z#|0!%LGr@|4aOEfcqCsE5Dj^(8VIWqx8%iEja$`W_m%t1Qh1+R(|=KrtyY$d)5=U9
zN>7@k8iyHVpY;jwH@g}ShD8H8YIZZSudoX}uzX4DaHn4zmg6A+cFYy;h=6*SAbZ6W
z%sCf0%{`r+kZGxgfaWA9dIr^U1ZX|)xbP5V8PWaKhjcne5^gm=SJ0YTf$94tKb&d)
z*vo*kDA)f|_Pab?&_X?f%xeGOsDky%ORw<D8DFW2gb#l35%^Q#M*4_P(g#x!Et~co
zZz$SAib}PaGWUub>(x`x>E_Qz^9=bFcKJPS-s=q@WK0-nR7?1A*MxXXCM0mG^gvO!
z)SS>8&GlT_PB^Ss;pka)*32{0@OQ@rYuyK#&D2-oN~8#LyV)cUr`IuihV$d{gazF=
z17!?j-J`JPh4Jl<N~s8*NU#1y5}y22?c6Hch!34k*^-#@7LHH4e9U7(1k;He>;tds
zMvYFxbhJIoub5n7YFn~5v!44N?}gfsrH%&yf0t(%q5U#qGkw<5*%bzd^|uFFXXV2^
zg>_r!cxQwtm~y>F`<eBsuFt276baSk?f{Wzx4t$peSFS)>A{Fx8_R1sh9N)EZO?TZ
z{|2i)0F3VA+vHeZbjwj3v02!%wzQwHUz$hyl7ND*vX92E91`O3I_mca*phd`F)R@p
zBicsTFqn99A46<c=>V|&dfTwn4|0F$U2BJD#?qwP6M#9a*DEFw$WXF;G0i#-%qw?2
zZXS<q#k+qlae07u^?Cy}X>QFR#CDPqI_6BRSpT7fV5{LVN1wV8CY1%gxp1|Lu4<bc
z<L+MR4HN+81(X_~SPAx*6}Y2iVxmVq5zlxBy<*9?lUs?#g|9_$)mDMtfn*oN8Y_)c
z&%M4y&&vW^I7u+4;q+ieJgm-vl|RT3o|-A0CC$2`U)ypq0~V9D8Z~!ZKp5j>-kgpQ
zR}O*&5dCn2+d-tfBq<3?g!J_a6)u2iI!iLI6z;~7SWxmCZ?-c>%iY)L#;xgrb^ZNd
zcu{^k-opdVz2H84u_i|{wRgi5j?Ir_YA=zs#!YD0FVv6i2?G^7^~0r5=#8h79H9-W
z;#n!z-r_Y??x4wsXB}ZAe6c3GT?Kje#ks)+73*wh`QqO7O+@%0MZ~Q+7y4e6e(MBJ
zq3(Pq?CQhUFvcTLFZ9ik)aL4}`@bFltk!j>kRwrjOc-?c1}Ky%HpO<Ck<Q4HDnw4;
zq?M6yo8sQM#QMqY;*dWQx>cmSuibPBc=%nvOMF}wrH>xt<3uY7u^(o*Eb3!zpgE$S
zOtXi;h0Rw|>R99_#@95*H5bLZ=ZO`8b-N8yBQXyj1CGqRvUP2eTz?in{BYsX!YIqQ
z^cqJ(ewmFyI+(Y0-fqZdrn<hf@kuR1a-MNZzU~+Kf_FkgWKO}5dTY61as{Cm3a`DT
z1JkHZUZ|uc!LK~_Z|dtsp@NIoePp&9gU^1xM3a+F8O?AK)bGEG*)kC{O)#5KyIFDj
zW5TGdS=!fXIG*#Q2B*OlT*3t8s(v3lNIEGNha+>q%y-PaYWAF8cMylA&xej>EQ_4*
zKG8W57;0|=!kn}0HUOCuFdyT&=YjS?0ZDC}_JkV1$7h%lEw^C_6m9fj8*`9ZjiIoN
zI4qwpiN`q$Kc$p?SLv(KXnW1^6*<U+l#N>u7C<!z0OA)*T-_<DW+smULx(cq_Xccq
zw!*kZEnB_U$9?dN=MqAK4P*I@YLy`xGqoD~`CO~1w8bT$6>NLs(Q7N&>nC=&5yB6N
z^<o;wqgCgzOAp8>1&_kq&e7FgFw#K$<Q=*~+!p|#iX!+h?`iMD1e;V)n;J-GQv~ye
zR-5sNF58yRN^j?{Mzt2>myJ8dsbL;i;DzG9Y4_#x$LH96Q$uuY(K3IN`J0E>izZo2
zbrdigKE?&qQ-_jXbSbi+mj$FzDWOA<0h<93LZ>(h+74|GUE(_cK=*#^SL7ZcZp|||
zOdLtZB+WK?mW3?B_xP?B9X`Sk$1!(dZ%@TpN8wmSg&T_2urlz6`0;wr0|4Eu|G2SJ
z20Y{bC1{{V>WDutb{4}F9S9|Z9X-fzw~=9{FoUzR@yQ}u0(^X0)+i}RCzw;)-iE0W
zpfUDLsg}~^yJ1u>JrmQp6H190=O`B}rS`VArc2&X{@qB8d%f@n)PTDLJC~i2`Ua?U
z*^i8nYz4Mm3(a?!t^7(^Ll8&i%2N6;oVZx82T<YjNd(Vy4Rcd%xJu*G7SWuv(m<DC
zrIsbML82{%7-2q&g2VcfAUdf0faPoi{7}C^mcD_9`i*{Na>+}Z&PHKR<-5-~@rkWT
z2^BOnJ-{E!lll~iX>O=^s_$k9=8Y@z25DEQd`c>1BAvB;Ru&2I4l+kbBNg2UvUU}}
zy?0gDxTL3~3{^crvO|+)JKAoaKQTTtBkB8L)!F_i>ki$Y><_U^==vPj>e^va2XqI>
z!_US#adBUgR=zY{;%tW|nL9p(=5M%+E+TfP8_mHl>o;7HR|xI|H)WZ>ALc(%mW870
zcrKwRi#~o!l#&?yXYeidyye2jjklkHKc>cropY^-C7C;AvKq(I#U7tbuK24$I2T#4
zE_wiv`v~B#dGS|4ckK5UA<z7FJAI1_#2x77-4;-=fxKjkx=;MJOl(aFc2C68kyKZn
zP&~I;QsscyZC)*@r!Cah>}&(wJ*tiAM4P<~!bh<9oLX39Ff}IsN3q6*AHEz0vv&sC
z`nu5sF_9a2t%XA~{UJkshQ;3XN4op$Sn|teuXhF(MUQ=3T6&Oy+!@>A&DM?de|+OE
zbDM8wOcLGsYE_L^2NTP_9gKb{!iP>3y@bm8I=s(9MeQ`wgGH}bdE*Fe@!i8x8GSkY
z{-NAVC`C_24JDMvxZ2$ETJ7c$aoxb^1Hk#low@yFybOL1Cq=8UQL&koiCG5`dM&Xs
z3!Yns@4A+izMJPD&U1-p6kRf}N7DmK@4Y|e``7fTyfN=DCF%>8{16~_bb~mL?3MrA
zrJo!#$J;f;wDiF+^Z<~Q`DCWRH+bD2$v~-nBLmUJT}!@^AJG|N*HDqo<@Ncy&m;eO
z=r7Yd*J;8|#BMY9`q-V7(^ROWyv;mL^nopBBUD1ODsdri{suei4Q_6CSD(en=y*R*
zLQGUt(MUxd;LM+(9gV9B+B4nwwB7FDdOzvw{tl?$`YJ@blAvwxhEc{WGN$)L@hLQ0
zj%5aJ>C)xmsQ>i(AK1{_`pSP|Bb)bY{g6_)FC#%B@_nTNIG8-TDC$&=BOny!x?>Vn
zdrbsKbNE8Ph(<q^S3_6#p-aTCq3?-vp{8R0!PJ~2ja=seudob?TIECXkM;qw)vBMQ
z2R6CsgKAzF@N^X5q`_ZY13=O)8~{r8w+;Z-roYLy1)?5jFopXs<xMz5Eswi`nQObi
zw7H<nM>tc}aBC{`Q@4!C?5}){T6M!8%!2#)|00-*YCJkagh%fEsh(*Pt#oxSUHZjv
zh}fo{!E*cP0pP94{h)W7Hj8-!|KQM}!G)R4heyypBG*(+1Hofd$4=Wd{pG*lWjove
z)h;BJqDFG|!dxUXN5WRzqw}(B+|v8U(Sx|YkA10t^NUx|_q`NRiIy`%>H}MEMzg&3
zKP8V!D|QXoPuDuydp^y%oV6NrJ(mxpRggW>J6biP``#y}LbN#2pMxg8VmveXyl=wa
z#*I4YO)a@z@{%M+_szzeY!2Ze-DR4dnZTr=S~WIUk%O%c2UvlJXPyYsz25L@)@nWe
ze(l#@AqL1qQ_lw#D^OAgZBUIV;k!tAigi!bYq*}ZP9Eu8dF_nMh{XcwYN%MBVI?{L
z2BY|Qe#M4|C;2#V)V17|y8*)izvpWE+3TX=dmX>`1En#YOrDyWm-DMWDRXPSh$9_D
z??$J~Lb??E<OurHtrMD>9%V&e9?{JUQuzZ#e{{7L&*WQw9E-K6=4dT0&Q<k(bC;@7
zVjbw}LZT0-F6#vqhyI=dlYW}x8LIuj=xi3z$FpI!5Vxv5;*&WtY3{M=gVw_%-~5t4
z7p)$3IM%eacZ)vOvc)-d0nXe+3qU;$05M+s3Eg`ACedvob^crDUFdd`<j)IS{$c4F
zE^g67%ZFM<+V0S~Z>=iElltkS3+M&iKfX7v7);wvS?k^|@~zWm8d?BEk|68~N32~n
z2E@y<sr?^TBKM=2XAS_X)&;J~fh$QvJE306QmDC7V$lJhJ07Vq&fY`=T)vV7;W%;x
zJ*o<n)R9;1&{mldG_a2Eu(gNw@bY~qqf_<<AueN%r>>83=f1$aY#uUxa!eSVt*(li
z=>M#eF+N2L^sYR6L&ecQKW02I;=2=~=gdU-imHU5r)0?}J8jklJgcfJDe1|LgFm`A
z#M$*dYc$>G6nRlz58_H4B6zoZv5hWD_M}?peiG4!t+uu_MupWh&lE;ug+%8iPjIh@
z6H4%Wc=mBx+%^AViq;9yHoxpN8A}w;fN1iDm_QTu!JeRE&pho%_PFvVk4=O6+H!wF
zG=JLNa>}4R$4M9;0xZ(Ahm7FoAo?$t=Vx&KURN<UO2=@8BDqWrY8KE}?!D6UP}N?7
zDe;@CY1e+?^o+PySqqZ6=Rp~~LMjbBzhLV$JY~?YT0Cr3=RC6J&%ZhSTP><MGakNx
zm;aq2=omSz#9M)PXQxWyou+vGEe1XoI2yt#N`mV}9qwl$Sxd@Q>c*{+23NR`2gVBp
z-N5jDmwgx1^Z2dC={Vqt2LQuEwYYFHIOhve{sZoZ-OSRkee!SJN;u;88@jiX^#>WV
zKyF<87!qP%7<E`43P~m@L>#L&YC!)A0Sa$e`JKH0b1!I>i>03!8?fp0%b-N$p?_D<
z+>zInB)2VNv((U+?up;YlRAX^AG-AC=XI+h+s3T~%C`o*dBA<SqDMjMo%^|;cBM_`
z*@yP{u!*JFY{^ECW>>h|aMdlIzxT<^?8%3;(%4Ajz%sO{6!%FKb6WPP80n=9S_U;&
zpU}0UAUKqg4ty}To^%(n*LMctT_O{(XjN(B`95E5c(*@yAFLd@LTXb{o=G$Oihf<e
zqaHw&tjhMa6i%uUm(0`mJ-rTum09!PCv{~q8AA9w8+PkFS>~?f07bbk-A)x#@~#g?
zQn4=86$S2`NtJf0TC{xk4Akk_4ODgG*jDaryyS-aRPo4?E06tPs&wMoQ}3cdpK};=
z8He-<MzT%jvk9jgR`V|_#8lVGkWNoaA{VUtjEU*Pw{K#RK0}0u9xcULEgF(C<gOmQ
znm&3*Jupd8o9Qt2UIM-kt_5S?iOU%s{ld{<|J(4j9num9omGBR`eHRR2Nhphh*BTo
zU(?Ymm83fhj7s{j(I^a3$q)N<`)hXc126g+c!H_F3<+$ib8_!^oaa<Y%$fcZF#G=6
z%s^aieJ10zVLd}dQdxK{XfMNdnbSC=(Y>GBlK|%KaLLP<HEEB{WL3uWb>pdpU=A(|
zp~CDU7J6lT)_~0t*J2rJUp=hXGs1ddaT(NSPQ2N=FjL^4-|rgWZG9y$5ebQjiAosL
z1HIuvi8AvBnSGD4Pnd{V!)xyhmMjNdF3jP^+cL=)vM)v)4`*g4SV~zXrk;p~qBdwj
z&_w|;`@CVv$;RP@?>NSey|yI_w<NB5vIw7{R)(<AQH(y8&4#j2ZT0|K3sH1EtERMJ
z9+tIwBD&LQqPC=rkdO|tgQrI!5n@xaZ00as3sH)Ep8m;GWPBFk$(0E+;O%c_LJ^(j
ze#%?8&Oj9{y~GhuN_7mh$2HL_@XU0*S%n%Yt2o{ph}ky55#U04^@Np>>3eB@{)`*W
z2B0s*s_Y8X!kjnA0RG0FpcJDA>lv^xH#%z33nE`5)9}9EiiaEKxo1nIbw*S+5{!9n
zEu?CCe-M1bkUf_{9AF_(?H4a5sNx7AZu->IxS_}K5X%tBsysbSYal`mqs$Fk>TZKn
zBS*#4Z^7OXm;8VbgyZAy*-}4XnAR4xU|SwmOB5LNb*=7{;#%oPx{s*&Vw~j5Cjjre
zKQoP$`8rJ2FEJXA>IxPF4(skZObf7C8~|SZVA-k|b}lID72ukl&g=^jpkcR*efYH+
zqca-6bF?ffzU%je%%PNG7xJotFYJrL4*>5i1xkC<zRPxkwn^V3yENer&aVfGCZM-Y
zJh@P~HHB8ap(hHMfUMP)D~BnEFEnZo*C+>>AQNZt*AL(AUzi2GUE0~%-x?K4MIT6u
zpE59fd;ApufY#TLaS-jVDT^-(JuU|}W3<B}R0^ynA7||-+swYUE7P%Og>g@7GrL29
zn1`94Qug(_?QZW%X_ov5dvmm6@svcOA2|K-7duU-3vc{hZU_&hb&9-O7wr2nxghd`
za#oQe4Sm7ove@HL?Uz@(EbQ-2%Pkp@WV4JSzuxM<0Og;`l;3(^754t}_qB_6Nw?7D
z_qZkQxAYl2rJZp7`|o^zH_R1)i2nb7@~?mRJX38og|yUxFGQB3lUxK)&MFx1#N*9!
z6&9b2M(WcAIa}Am9q-eK=RCS$CSRW#&L{=KRN{+fJo<Gkb))m6n95LlWf<g6RK)?H
z9Rdrcp}lA&*mbHqVsW_0DI_L`PgAUMo|mWo2d1OK_82o$cBn6qqKeP|;udVSIjs}B
zQMS?0H3aP5E1{9M%blI6(8?wc>d-gWpG4wV?AefY(^qwv{@TWZH97!DXeYICwo%+>
zga`|@?ua>D&I$85Snp~v;sB6>1u83nNg$ZXJeNCS9=lL~*f%t-uX`+pcy3wvd#^uc
zjkn#kXhdIgnbH`VN2Za4`DFdpUBbctTO=}lNuQm6`te#rn=U&mmgK-xq?@Mygps9F
zGKwy6{GR-usGiB%+>X}$2WqH)jSu?k-Hlw;dhh9tbL!D+&r({dML#w?lo24F<7iid
zKPGtD6|JZTxuni~f;lGi($Xd^VreF~?iY;x_R+u%p(Cx}ZnxlebJ_xkShCE5g^(4;
zYS|&gnh%<&6{yCygrR!9yj_MYE@EOzZ8IHz0ARHXBN<D@7(7V3Om0IIMX*rKbUItu
z4;!f<Xb(*Lo5z-hv}Lb7y*22&g5|zY)t+0{Ky*^%8B2k8nwNsc$t<MJlcSIUdo@HD
z(;j>hpo*S-^HT>7$0=-NL;A`d%ZXn?6{fe*JNjsp<8({n6cu+)=rNL`VJuV6(TaS&
zl7W-TWl=q@i_bj9KZ7lI!)09dI|p<pBi1*ChAhGoY_@gA(5%(E%~+EUF#qhMpyH?)
z9IiM!a^aGuaucr&vFWm%D`r4Wm8^RS9=813qb<w>v6EX$bR4{B*)!|m&Rf79@Y|C^
zkCM!PwK{ULqxdSB$Mmg~XT^#9Dl=)iyZd#^wiaI~&}Hwt+RF`|*R|zM1KMK3JXgyr
zekb#?MAQn{)P_TS@LG-^G_o#CowL?Nn#_RLamqEjhYbNYMU?Huk>tao6m?XglH11W
z8gGre1UA7i6YPT4h|>-zH*|%owC6srErY`wPGTROk>h75f7uY<%%JX_dTB{Z9p;n1
z@p7|K_UhQ{u6=JVy4HggzFlMb0U(N?X<f)q3Q5%3s&s^%fA=>K8l%G=meX_NZv3`m
z_JfbVUXvx`+z9|e`O_8jJugFa_f1h33ms{4Y9!NAi25$R<3tZ{NCyZ!VLJlrZ77_2
z(JQoR!KJ50*CZ<s$YsBIY54Y}{!h^UHm+OUx2@rSO&F2YUnTdZPgIV4zCORn7qE{y
z^KKbs`{;S?tD|T^OAZJte%4-<85bZ~WEmv2?YmhPR84s>9zMFye*pN593Fk1@_d?|
z(<Z*;?ixM)XwOKA#L@^yZKQt>xjca#Gdw@o>CK8Co?o7eP#|8*1e|;EGnN9X8Ss$y
zU=PX936I2_U#CiNC%DA<xtICLI$^OmNr}}XYV6N5Ii}`l_}(w5>d8~q1ucbD1!mR~
z!4YJPTnnv~cU-vvw`XSB)Qub0rw~g`Ih&Z?#EC&V?t_o#DA1jm^04P^V$g)jWo{tC
zk!7Co$Yn7XE3FBtrr!vc&CD6d9GmA4yWwj(J5TdJe0`|g^DS8c##xMgSSX|sKOmnu
z;H)(5FE_4m1;FS+?@OtoC+|M6U<Ic`7~&7xTfNeSsqH~7%JaD}AlYg`xQ2cs#JBA@
zA^EuJ(c8~UW4zicy6qDzz%I?x#9pdk<Lzy09&8(gufGJ{w{I}*g~o20xyUV=npptk
zZyrYE&g}}DMMX8UreZ0%0hk@!LuMIU?cWK9fa0EIyL}1NaM4rfU9BdYi{=L|56IL`
z)?Xy9`9_q_X9w5sBlREIgO)1yHSNcd(944_^`D&7Pl9k--Chv)>Y%{SX0C9_e;sim
zoMx)`R;Fgd=SQ~V4**70A##}wxyv#6T@ii#LzxscMD^z4I0AjSEJv+EpE>9;3^PtF
zv<R`O?{w}C)f~f|Ns2=h-aL|w7LeCRoi3nMbnW4$EH)oj->uO~w00}0lS0PS1oe$1
zbGtaQG|kP16s;F-PnG_k4{^4>w17Xlhrbc@Sa<}YHg7?d*|eHyWUrFL1MWPQko((!
z>Fl?x8yjoKs0s7v+y|m3^lU<s-=Lq!aay1DxuxZn3x9+Nwa{Mh%$9CgVyN9$A{e%g
zH~px<qltLVq$1y<Pm*jxe4%Be7P7kT(<0tba68iVi;WRh15ybg_IX@2j2@g$3j={4
z8_qdfyl-;)10N3PQ4LMI&|lrF6Yk@(&%-`=R(A$OYMzoS`aumQ03A=(He9@|wJ7e@
z$=EBL7S-KcDs3iQ({k69Vd|*iiu(;QK?S8gUdGz12LP1WUG1M?6h{kQ*FOgMqka)R
zda(j6V<65M$9&%OlM;Um#Nj2{(Nk3XBI&=52sLWa6k78~0}VbRP>pz3&M6Z=qe^;f
zr)q0I<{vXwIH8PKq6R%G3;4FQpnp1iCgzh2T@Jn-7r(k;hy=~3+8PSsJp~_Es;@47
z)`_+~3;hu;1U>Tz4Uyu6002T9<kZ7|b!fh5-elX-!O>24pSkJLq9Rw=MFZoKc~4+2
z+fSCTr)3?Mp=;~IP2ct`=3<sKkwMw>7edkw6(evN^kMlCXhdyF&&CCPOwAB=EL^XD
zscv+0j0?BN<})`ss<Nb+Q#z@<tClrztaf>MXEq?(R-*JPqgl`Tq=Djw^}}Idm__(N
zW`2=3n0Bwk_gTpO8-X&}HD*-DBW!&smH#t~j!KXu)pRbXSf57=r*4^ijo4FI$PdKx
zX{Xr~eF9(Kx`OGs8U0!R4kihlZeb%uY;P-lIYLnloKl{1Gy(=#O9E@?@*%lx>Sf6R
zjx5Fz8XgNj#q?*!p2jdLx@fpbrLFJPa2bEAWd*a*Ui<dz)}VUPBFB>?ReihMOtpTI
zA{J`dXfWxU5tyD3Q?;79p0&Z(+5HXKz}M*;Ki2!MdYM%s@{s<A8Ee5R70!`2Z2e}$
ztxY&$o>MI_BBv{32?nhx9INOne`b}{YL%N+PB7BXZYFf|(}@dbh}CX2ril)2MRh_l
z(;{k;-fbZH^88qZ{NLu6&1(BaBIGD$=p89R)UN6!huTlk39xT?$W3)T(qaLXrJ)&>
z*mmn(?`G6)3V`u;Vt!XU%<uw#?t8tdSAgpwC{}^wXOTtUS+~Rif6e}R3*gwFvwz<5
z1n@5yqW;<P@nsLPo~?Adnk&##EatjMvA#{R0WW+*E+H@jZ&RUP96K1Z;W1wf2;Kbm
zxPkibZs4E&|G(JzpN6RahnW30m;9#{QOW-jO#jX$|7k_Pe?O)ED_;SCgQ5Qb($`k`


From 6e436459dbf89f8144ef946c0e337622a0a244f9 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 11 Nov 2021 13:16:49 +0200
Subject: [PATCH 10/16] update cli description in HLD according auto-gen Yang
 tool

---
 doc/passw_hardening/hld_password_hardening.md | 244 +++++++++++-------
 doc/passw_hardening/sonic-passwh.yang         | 127 +++++----
 2 files changed, 214 insertions(+), 157 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index e4ef9e0751d..16134e6965c 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -311,85 +311,94 @@ module sonic-passwh {
     container sonic-passwh {
 		container PASSWH {
 			description "PASSWORD HARDENING part of config_db.json";
-			leaf state {
-				description "state of the feature";
-				type feature_state;
-				default "enabled";
-			}
-			leaf expiration {
-				description "expiration time (days unit)";
-				default 180;
-				type uint32 {
-					range 1..365;
+			container POLICIES {
+				leaf state {
+					description "state of the feature";
+					type feature_state;
+					default "enabled";
 				}
-			}
-			leaf expiration_warning {
-				description "expiration warning time (days unit)";
-				default 15;
-				type uint8 {
-					range 1..30;
+				leaf expiration {
+					description "expiration time (days unit)";
+					default 180;
+					type uint32 {
+						range 1..365;
+					}
 				}
-			}
-			leaf history {
-				description "num of old password that the system will recorded";
-				default 10;
-				type uint8 {
-					range 1..100;
+				leaf expiration_warning {
+					description "expiration warning time (days unit)";
+					default 15;
+					type uint8 {
+						range 1..30;
+					}
 				}
-			}
-			leaf len_max {
-				description "password max length";
-				default 64;
-				type uint8 {
-					range 64..80;
+				leaf history {
+					description "num of old password that the system will recorded";
+					default 10;
+					type uint8 {
+						range 1..100;
+					}
 				}
-			}
-			leaf len_min {
-				description "password min length";
-				default 8;
-				type uint8 {
-					range 1..32;
+				leaf len_max {
+					description "password max length";
+					default 64;
+					type uint8 {
+						range 64..80;
+					}
 				}
-			}
-			leaf username_passw_match{
-				description "username password match";
-				default "true";
-				type boolean;
-			}
-			leaf lower_class{
-				description "password lower chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf upper_class{
-				description "password upper chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf digits_class{
-				description "password digits chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf special_class{
-				description "password special chars policy";
-				default "true";
-				type boolean;
-			}
-		} /* PASSWH table */
+				leaf len_min {
+					description "password min length";
+					default 8;
+					type uint8 {
+						range 1..32;
+					}
+				}
+				leaf username_passw_match{
+					description "username password match";
+					default "true";
+					type boolean;
+				}
+				leaf lower_class{
+					description "password lower chars policy";
+					default "true";
+					type boolean;
+				}
+				leaf upper_class{
+					description "password upper chars policy";
+					default "true";
+					type boolean;
+				}
+				leaf digits_class{
+					description "password digits chars policy";
+					default "true";
+					type boolean;
+				}
+				leaf special_class{
+					description "password special chars policy";
+					default "true";
+					type boolean;
+				}
+			}/*container policies */
+		} /* container PASSWH  */
     }/* container sonic-passwh */
 }/* end of module sonic-passwh */
 ```
 
 ##### Config CLI
 ###### PW enable
-Set configuration:
+
+Passwoed Hardening enable feature, set configuration:
 
 ```
-config passwh enable/disable
+root@r-panther-13:/home/admin# config passwh policies state --help
+Usage: config passwh policies state [OPTIONS] STATE
+
+  state of the feature
+
+Options:
+  -?, -h, --help  Show this message and exit.
 ```
 
-PW Class:
+PW Classes:
 
 PW class is the type of characters the user is required to enter when setting/updating a PW.
 
@@ -417,21 +426,56 @@ There will be no enforcement of multiple characters from a specific class or a s
 
 The CLI command to configure the PW class type will be along the following lines:
 
-Set configuration:
+Set classes configuration:
 ```
-config passwh complexity-class <lower upper digit special>
-Values in every position are boolean, for example:
+==============================================================================
+root@r-panther-13:/home/admin# config passwh policies lower-class --help
+Usage: config passwh policies lower-class [OPTIONS] LOWER_CLASS
+
+  password lower chars policy
+
+Options:
+  -?, -h, --help  Show this message and exit.
+==============================================================================
+root@r-panther-13:/home/admin# config passwh policies upper-class --help
+Usage: config passwh policies upper-class [OPTIONS] UPPER_CLASS
+
+  password upper chars policy
+
+Options:
+  -h, -?, --help  Show this message and exit.
+==============================================================================
+root@r-panther-13:/home/admin# config passwh policies digits-class --help
+Usage: config passwh policies digits-class [OPTIONS] DIGITS_CLASS
+
+  password digits chars policy
+
+Options:
+  -h, -?, --help  Show this message and exit.
+==============================================================================
+root@r-panther-13:/home/admin# config passwh policies special-class --help
+Usage: config passwh policies special-class [OPTIONS] SPECIAL_CLASS
+
+  password special chars policy
 
-config passwh complexity-class <lower upper digit special>  False False True True
+Options:
+  -?, -h, --help  Show this message and exit.
+==============================================================================
 ```
 
 Note: Meaning: no must use of lower, no must use of upper, must use digit, must use special characters
 
 ###### PW Length
 
-Set configuration:
+Set len-min configuration:
 ```
-config passwh length min <length>
+root@r-panther-13:/home/admin# config passwh policies len-min --help
+Usage: config passwh policies len-min [OPTIONS] LEN_MIN
+
+  password min length
+
+Options:
+  -?, -h, --help  Show this message and exit.
 ```
 
 Note: Where length is a number between 0 and 32.
@@ -444,16 +488,28 @@ Once the user changed the minimum password length - the settings will be applied
 
 Set configuration:
 ```
-config passwh age expiration <age>
+root@r-panther-13:/home/admin# config passwh policies expiration --help
+Usage: config passwh policies expiration [OPTIONS] EXPIRATION
+
+  expiration time (days unit)
+
+Options:
+  -h, -?, --help  Show this message and exit.
 ```
 
 Notes: Where age is in days and between 1 and 365 days (default 180).
 * PW Age Change Warning
 
 Set configuration:
-	```
-	config passwh age warning <warning_days>
-	```
+```
+root@r-panther-13:/home/admin# config passwh policies expiration-warning --help
+Usage: config passwh policies expiration-warning [OPTIONS] EXPIRATION_WARNING
+
+  expiration warning time (days unit)
+
+Options:
+  -?, -h, --help  Show this message and exit.
+```
 
 Notes: The warning_days can be configured between 1 and 30 days (default 15).
 
@@ -462,36 +518,38 @@ Notes: The warning_days can be configured between 1 and 30 days (default 15).
 
 Set configuration:
 
-	config passwh username-password-match <enable/disable>
+```
+root@r-panther-13:/home/admin# config passwh policies username-passw-match --help
+Usage: config passwh policies username-passw-match [OPTIONS]
+                                                   USERNAME_PASSW_MATCH
 
+  username password match
+
+Options:
+  -h, -?, --help  Show this message and exit.
+```
 
 ###### PW Saving
 Set configuration:
 
-	config passwh history <num of old passwords to save>
+```
+root@r-panther-13:/home/admin# config passwh policies history --help
+Usage: config passwh policies history [OPTIONS] HISTORY
+
+  num of old password that the system will recorded
 
+Options:
+  -h, -?, --help  Show this message and exit.
+```
 ##### Show CLI
 
 Show command should be extended in order to add "passwh" alias:
 
 ```
-==========================================
-admin@sonic:~$ show passwh
-PASSWORD HARDENING
-Policies                       Status
--------------------         ------------
-feature state                 enable
-expiration                    30 days
-expiration warning            10 days
-history                       4
-min length                    30
-max length                    15
-username passw match          True
-lower class                   True
-upper class                   True
-digit class                   True
-special class                 True
-==========================================
+root@r-panther-13:/home/admin# show passwh policies
+STATE    EXPIRATION    EXPIRATION WARNING    HISTORY    LEN MAX    LEN MIN    USERNAME PASSW MATCH    LOWER CLASS    UPPER CLASS    DIGITS CLASS    SPECIAL CLASS
+-------  ------------  --------------------  ---------  ---------  ---------  ----------------------  -------------  -------------  --------------  ---------------
+enabled      30           10                   4         100        30               false                 true            true            true          true
 ```
 
 ##### CLI permissions
diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
index 25f5fea4ee7..2cd24f3f6cf 100644
--- a/doc/passw_hardening/sonic-passwh.yang
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -2,9 +2,6 @@ module sonic-passwh {
     yang-version 1.1;
     namespace "http://github.com/Azure/sonic-passwh";
 	prefix passwh;
-	import sonic-types {
-		prefix stypes;
-    }
 
     description "PASSWORD HARDENING YANG Module for SONiC OS";
 
@@ -22,71 +19,73 @@ module sonic-passwh {
     container sonic-passwh {
 		container PASSWH {
 			description "PASSWORD HARDENING part of config_db.json";
-			leaf state {
-				description "state of the feature";
-				type feature_state;
-				default "enabled";
-			}
-			leaf expiration {
-				description "expiration time (days unit)";
-				default 180;
-				type uint32 {
-					range 1..365;
+			container POLICIES {
+				leaf state {
+					description "state of the feature";
+					type feature_state;
+					default "enabled";
+				}
+				leaf expiration {
+					description "expiration time (days unit)";
+					default 180;
+					type uint32 {
+						range 1..365;
+					}
+				}
+				leaf expiration_warning {
+					description "expiration warning time (days unit)";
+					default 15;
+					type uint8 {
+						range 1..30;
+					}
+				}
+				leaf history {
+					description "num of old password that the system will recorded";
+					default 10;
+					type uint8 {
+						range 1..100;
+					}
+				}
+				leaf len_max {
+					description "password max length";
+					default 64;
+					type uint8 {
+						range 64..80;
+					}
+				}
+				leaf len_min {
+					description "password min length";
+					default 8;
+					type uint8 {
+						range 1..32;
+					}
+				}
+				leaf username_passw_match{
+					description "username password match";
+					default "true";
+					type boolean;
 				}
-			}
-			leaf expiration_warning {
-				description "expiration warning time (days unit)";
-				default 15;
-				type uint8 {
-					range 1..30;
+				leaf lower_class{
+					description "password lower chars policy";
+					default "true";
+					type boolean;
 				}
-			}
-			leaf history {
-				description "num of old password that the system will recorded";
-				default 10;
-				type uint8 {
-					range 1..100;
+				leaf upper_class{
+					description "password upper chars policy";
+					default "true";
+					type boolean;
 				}
-			}
-			leaf len_max {
-				description "password max length";
-				default 64;
-				type uint8 {
-					range 64..80;
+				leaf digits_class{
+					description "password digits chars policy";
+					default "true";
+					type boolean;
 				}
-			}
-			leaf len_min {
-				description "password min length";
-				default 8;
-				type uint8 {
-					range 1..32;
+				leaf special_class{
+					description "password special chars policy";
+					default "true";
+					type boolean;
 				}
-			}
-			leaf username_passw_match{
-				description "username password match";
-				default "true";
-				type boolean;
-			}
-			leaf lower_class{
-				description "password lower chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf upper_class{
-				description "password upper chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf digits_class{
-				description "password digits chars policy";
-				default "true";
-				type boolean;
-			}
-			leaf special_class{
-				description "password special chars policy";
-				default "true";
-				type boolean;
-			}
-		} /* PASSWH table */
+			}/*container policies */
+		} /* container PASSWH  */
     }/* container sonic-passwh */
 }/* end of module sonic-passwh */
\ No newline at end of file

From a93129041d606ea5086020f55c4e46bf1c11a10e Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Sun, 12 Dec 2021 15:07:25 +0200
Subject: [PATCH 11/16] add more description in the init flow chapter, use
 hostcfgd daemon instead creating a new daemon and remove the STATE_DB

---
 doc/passw_hardening/hld_password_hardening.md |  70 ++++++------------
 .../passh_arc_sonic.drawio.png                | Bin 27940 -> 0 bytes
 doc/passw_hardening/passh_arc_sonic.jpg       | Bin 0 -> 30658 bytes
 doc/passw_hardening/ph_diagram.jpg            | Bin 29908 -> 24820 bytes
 4 files changed, 23 insertions(+), 47 deletions(-)
 delete mode 100644 doc/passw_hardening/passh_arc_sonic.drawio.png
 create mode 100644 doc/passw_hardening/passh_arc_sonic.jpg

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 16134e6965c..fd9922713ab 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -71,7 +71,7 @@ Therefore - in order to further improve and harden the switch - a secure mechani
 
 ###  1.6. <a name='ArchitectureDesign'></a>Architecture Design
 Arc design diagram\
-![passh_arc_sonic](passh_arc_sonic.drawio.png)
+![passh_arc_sonic](passh_arc_sonic.jpg)
 
 (flow description in the chapter below)
 
@@ -101,13 +101,15 @@ See linux 3d party component chapter for more description
 ![password hardening flow](ph_diagram.jpg)
 
 ####  1.7.1. <a name='Flowdescription:'></a>Flow description:
-Users by using Switch CLI will set new password/password configuration (see PW options below), the input will be saved in CONF_DB in PASSW_CONF_TABLE.\
-The daemon call PASSHD (password hardening daemon) listen to changes, parse the inputs and set the configuration to kernel by using pam-cracklib ,chage, pwhistory linux libs.
-After that, it will save the configuration and results in STATE_DB in PASSW_CONF_TABLE.
+When the feature is enabled, Users by using Sonic CLI will set new password policies/configuration (see PW options below) saving those in CONF_DB in PASSWH_TABLE.
+
+The daemon named hostcfgd daemon will be extended to listen to password hardening policies/configurations from PASSWH table, parse the inputs and set the new policies to PAM lib using pam-cracklib, chage, pwhistory libs.
 
 Note:
-The table PASSW_CONF_TABLE should reduce time consuming when users need to read configuration, because it will avoid to make additional calls to kernel.
 
+The Daemon is running in the host (without container) that matches this feature, because it is basically writing policies at PAM lib installed in the host.
+
+In addition, hostcfgd will avoid future conflicts with other feature related to PAM lib, because this daemon is also writing to PAM files for support other features, so it is better to save this convention and also manage the password hardening policies in this daemon.
 ####  1.7.2. <a name='PasswordHardeningConstrains'></a>Password Hardening Constrains
 The PW Hardening features will support different options by encapsulating cracklib, chage and pwhistory options according to the constrains definitions below.
 
@@ -206,14 +208,20 @@ For saving password with sha512, need to modify the /etc/pam.d/system-auth-a fil
 
 ###  1.8. <a name='InitFlow'></a>Init Flow
 ####  1.8.1. <a name='Compilation'></a>Compilation
-This feature will be disabled by default in the compilation stage, its meaning that it will be not compiled, only when the user will change the makefile setting to enable, this feature will be compiled.
+This feature will be disabled by default in the compilation stage, this means that it will be not compiled and will be added only when the user specifically adds the relevant compilation flag "INCLUDE_PASSWD" in sonic-buildimage/rules/config file.
 
-In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled it will not appear in the CLI of the switch, and vice versa.
+In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
+
+Feature enable details:
+If the user added the compilation flag to the image, a user can still enable or disable this feature.
+By default if the feature was compiled, the feature status will be enabled, meaning that the switch will boot with the feature enable.
+the enable default configuration can be founded in init_cfg.json.j2 file.
+In case, the user want to disable the feature it can be done by using the Sonic CLI (details in CLI chapter).
 
 ####  1.8.2. <a name='Dependencies'></a>Dependencies
-Service dependencies: DB container, INIT_CONF and NTP service.
-Description:
-Password Hardening Daemon, the service that triggers this daemon, should start after DB containers start.
+Service dependencies: same dependencies as HOSTCFGD, INIT_CONF and NTP service.
+
+Note:
 NTP service should be secure, because it can influence expiration time of some policies.
 
 ####  1.8.3. <a name='FeatureDefault'></a>Feature Default
@@ -236,13 +244,6 @@ special class: True
 Notes:
 -  Old users (existing users before feature was enabled) will not be influenced by this feature, only new users will have to set passwords according to the password hardening policies, or old user when changing to new password will be force to be according the new policies.
 -  Default password of the system will remained with default value even when the feature is enable. It will be secure password only when the user decide to change the password.
-####  1.8.4. <a name='Howthedaemonworksinternally:'></a>How the daemon works internally:
-In case the user decides to compile the feature, the password hardening daemon will be started and running always as a service.
-The process/daemon always running, but can be in sleep mode, the process is checking that the "enable" field in CONF_DB table PASSWH is "True", this value it was assign in the init flow by default, so only in case that the user change the field "enable" to "False" the process will be in sleep, waiting to be "awake" when the field will be change back to enable.
-
-Notes:
--  The service/process will be run from the host (not in a docker).
--  This approach can support reset of the system, because the daemon can automatically verify if he should be awake or not.
 
 ###  1.9. <a name='SAIAPI'></a>SAI API
 no changed.
@@ -265,12 +266,10 @@ PASSWH:
 	"digit_class": {{True/False}}
 	"special_class": {{True/False}}
 ```
-Note: similar table for PASSWH_STATUS in STATE_DB
-
 ####  1.10.2. <a name='ConfigDBschemas'></a>ConfigDB schemas
 
 ```
-; Defines schema for PASSWH configuration attributes (PASSWH table & PASSW_STATUS table have same schema)
+; Defines schema for PASSWH configuration attributes in PASSWH table:
 key                                   = PASSWH:name             ;password hardening configuration
 ; field                               = value
 FEATURE_ENABLE                        = "True" / "False"        ; Feature feature enable/disable
@@ -576,32 +575,6 @@ The ConfigDB will be extended with next objects:
 	}
 }
 ```
-The StateDB will be extended with table PASSW_STATUS with similar objects than PASSWH table:
-
-```json
-{
-	"PASSWH_STATUS": {
-		"enable": "True",
-		"expiration": "30",
-		"expiration_warning": "10",
-		"history": "10",
-		"len_max": "30",
-		"len_min": "15",
-		"username_passw_match": "True",
-		"lower class": "True",
-		"upper class": "True",
-		"digit class": "True",
-		"special class": "True",
-	}
-}
-```
-
-Notes:
-
-Similar fields will be saved in PASSW_TABLE in CONF_DB than in PASSWH_STATUS_TABLE in STATE_DB.\
-The main difference is that CONF_DB contains values requested by the user, when STATE_DB contain the values after getting the status from kernel.
-So when user will use "show" cli commands most of them will get the answer from STATE_DB, instead to do a system call again.
-For example, if some configuration set by the user fail to be configured in the linux kernel the STATE_DB will have the actual status/(state) of the configuration, and CONF_DB will still have the user configuration value requested.
 
 
 ###  1.11. <a name='WarmbootandFastbootDesignImpact'></a>Warmboot and Fastboot Design Impact
@@ -617,6 +590,9 @@ When user with the correspond permission is doing upgrade from image with passwo
 
 When user is doing upgrade from image with password hardening feature disable to enable, old password will remain exactly as was set before, the feature is setting rules/policies to new passwords or to new users, so old passwords will remained as was set before.
 
+Upgrade image from feature enable to image with feature disable, from the security POV should assume that the user that is doing this image update have the corresponding permissions.
+From the feature POV, old password records that were set using the feature will remain the same, and new passwords will be set without the password hardening policies, because the feature is disable in the new image.
+
 Note:
 First time, the default password will remained the same, even when the feature is enabled, and if the user will like to have a secure password he will need to change it, and in result that the feature is enabled the current policies will required an strong password this time.
 
@@ -643,7 +619,7 @@ First time, the default password will remained the same, even when the feature i
 ##### Notes:
 - After creating a new policy is necessary to set a new password to a user to verify that the policy match the configured.
 - Valid values: could be random values from valid ranges.
-- The set configuration should be validate using the show command and also should be test from the STATE_DB.
+- The set configuration should be validate using the show command.
 
 ####  1.14.2. <a name='SystemTestcases'></a>System Test cases
 - Test all passwh policies together
diff --git a/doc/passw_hardening/passh_arc_sonic.drawio.png b/doc/passw_hardening/passh_arc_sonic.drawio.png
deleted file mode 100644
index 905d9e794f1672b1dbf030888ac223de83b65d1e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 27940
zcmdSAcT`hd_bv*EN)Z7CR8*u$7o<awB7qPHErHORln{C-0Yc~qC|ybbkzNCeh%`YE
zM6rMrse%-xNKrb7^s{*VzI(pkx%Z5F{y1Ztd&k%zVehr(Ds#?ft@+HgqmjCB20C^+
z3JMAaO${}D3JS_{@cBV=3f$pl?f4G9D82RJP>QGBR~9HJXwTzeCU`f3gOe+Uf>%=Y
z?=M~nF-M#?o>x+hS3<(Z!$Z{G$p-6X<K`{uj=_Ul;JF*l-pRoUWB<2|gqVc5h&Z^!
z&|(l?Nfjw6@JCWsR90Nh>~DD+EXMs`0;NU8fB*qwCwF_CpEvlaiw1wh#lUSzDEI{)
z$bkCCKM68Yg5XQV!^0J0jIq^n0<Eh{1HqCq;I@F423kj(S3(v1c6D;WfG;@4&INZ|
zMb*&@=LYVmLqKz)QZkZqqB0P0-@wMf#>?qHq#O?hgSWx{9f+~Erx(%~sqc=H(;;fA
zVUUKZvVRBQi}CVy!nyw~CN3>1dpwHc%6NYd%-_5A7+)tl(53{hBn-^uza|Y7ar)OZ
z`T9yqI(YgKJ>f`Cl&6HTjhL;-Um@-`ptJu>HxkU0i1=S2(ncP5I~h$Gb)=NIgC{{v
z6{aC&4406E$jOM=6Mda!eTWibVlpr-T|Xx~1E{g25g4L6)(_>VEpFo}qwOIpW9YAe
zRB?kM^&AlXc5VnH+R4U?Am{I^>4dR?IT^USNvO*ZWaMNZ?h=05NNG^rPutX01*)Qg
zKx=Ai;?=PBCMtSJX#^CGMc6~#G!O_o8yy!MTHOiaqN4@%Fu-cMnWCMwWndmYx}L@e
zAVJqu-Q5wU3s<p|60=wLwX<__g83Swj4-<3p^FLD*vME8?&|4eCMDxZP(f;HI!dCA
zuzFC4nv|5kfvc;uE*L))X`rr!G6FT!4UoR}9>7MRl0JS!Edy_7QzS-LR!k1#>gA>*
zt0AYSVQWvcha79$MaCBjhxqELyJ(?o<oq<;KrK~oLw9d6Np+N%jfst+la`l@3R2D0
zUZ1GrD1|lEbF%j~#1m!VnnZnFeWa-b+6;z5ySYg?I2!310+AXpIWvMQ1Ys&>V=w7#
zgodaZ>N=?TOL<{|Y=1pZZ38=7O&=^AfkMln^qlOxfl;WdxZ&K*+_5lERc9wBUmJHH
zRZka5LvJlZFCA4s7hPSvxQQ)N$JP(6ui>v|FYe-ulmpTnkvP0R!3!tu@2Rc<{&zt7
z!mtJg7<(NLStm`biJp@!25I80ikBrwY8tz1$U5mEOznMDywxP65ITB#er7<Xl%@_8
zcn8!@T0>gT2Vx>=565X>P2Jta5E4?Js(Kg=BYQWv2@bAd<PCTA5GQ(@5_GhY5KWX9
z5$EOuL%}2<o@TmOU8I_pnZ37;pQE;xJ66Ti9>@fjlPXjj5661gd-x)yAgcCK>V`gY
z`VKG`bv2@as;-e40*;q5#_4<eLQyVAeNY3Tg7DDtHU+Z+CQuv?f%+r#9h}@f!6Oe_
zypu1&UdKenOUupA#?csKKrr#cA)rW86AuK@$J<ZU&e>5)(-UTh^6_-DQCHPfQ`a{!
zhM5`=^)w~*98|>Q41i#a9E{)$zP*jbJ<yWsVlFBKQ?v_4&Im;`R7c5RUA$C0;BHVU
zV*=bw*H+&MD<f-q+%;dA7DU_8-pK%^D`i9g0@PJuP>89VyQY+?my3a)AruRdknplI
zaB+m9pb$qSQ3mDWpk-j9LGU?N7^vZbAj)a`7{W}{@e+Evwpc7yN&}BKFvEx&%6JpS
z9n^8hrM%#}2Cg<JxVMD8v7wI<3N4K=@b>}|9L1rUp6W8*su*1tRdr7<ExehNgomL7
zQC!_a4=P~{x`A^uRG0WG!&L_h_1Bk@h8UZ<;|$CU(MU~cXPlW11nr_LCI%J5;jl=o
zx2Ffu%f&<7*~eE5V@R+w5mzG^naDcWip%QRnR&U`f@W2Xy(Nj-8sg3>URZrIReiLK
z14iH8$WvEF&BY5XqiH9h>#w1Q6PL7=c9C-TFmU%UbMjU*(RGEYsC!F!YnmBosOuUV
z7>WDp;eEAL)FklsNJDQuoQ#2(q?))I2IgY|v3C(OM7o>0sv|WphAzf%GZ#GwO3nlV
z^A?9YyW%7a{p|_v2rw8aZ#QuiM%78qObz8rB<N|`co1RUvig2_X@40%oVTv3oR^b|
zDn=6LripQs&>+ZZK=skuUU*GixSt~!jf|dwv#gPkm%X94q?sd125l+^Obm)LwUuzg
z*s7X%ILUZu=t=n+$jEA#N@+RB=t<g1OY7@tXhX0D#(uWC_TmTvUe`rjPUYAtv^BlO
zP4(e+Vgx%^h_iu*i@2K@M$1S{)6iGW)fp}c^E84SH;a^ndOI43+e1AG8alE>A60QR
zHz`k7tgO1OjEtJAuBxx6za5dF<z@yYXlv+80dR)8Ya5w(N+LB?O?_<;Fh4nI8Feu=
z2R$?v<tGKTbs=hKcuG5Zc&ieLW+<@sdJ&1zC^SJ$9H(V0?PrG3HipT$ihILV)!lUb
zJ$!vV?QrfYswfu}9Dy^DmBp$#dEsOwT(wM8@Y-6oco$uFe~7&a#!c1_iS&{q%Gf#B
zi|Oe~qKT?t4TNe+NT{L+9z-`aN1_|XRmDu&UC&QNLz}3Fce9o8g&WAZ`QvmvRW(&1
zTHZQX2wKb&E@kR+Jahul&C~>G>}9NBD(B%ZtwwaSleR$|&)%_LOWVsp?PVP7@mK(K
z2pOEckD-yf1I7z!WZ+-}6N4f&O>~`&i4tfpBu>>tUs^*}&t2Wd4`M8-0&45{;$4Bg
z`+|?Vt(}Umo4<w$xGjZub{3bg#mM2k;CgaU2S;6B9V2lMJFnwK;@GH<QBT`JT-^)r
zpsFY7AuZwP>u2f<tlw8#+Sde$0*^Hy4t~e$?C}M*4eI}1qyJg3!T<l-|471;J_w9b
zP;gRcs;Qs}R!iBZ2`q-g?-`l&IUhXeeT-hXdQ$BqD~$PB7$=qQ?fu(D7yMZtSXrT&
z&}!B<LZ^fUOm4$eZnHp7hxMxJXi(7#Qm-q{E&jSS^2-71=ioaUlJg$^JmBZbSin)h
zvZADcfUK-+x<?tGhi`u+e(`H<Dp4xOeP)I%%6KxAf+i#P_V))&G3BU~^06ZdLr1@R
zJC|KQv$2IE%j(ChuLa%K^z=km=$OZpq3#k^r>H2Io+(ovqKFIgDETUkWV?)uy6kqq
zyTfdmyn9SSq~4Jf`QPnx15dV7m;^{SlCDxeL4=+ZUQS6Y+qE12Zn|(sjfR9Ee|;BU
zf{1^FT#)xcr$zkYq@Xh5dq9|H;{7!Nt8WtT>KGTpeC0w5bv=J-?B~4Q;XyDEf^grW
zG0CO~FnsjmQ$a#*ko(rtjHd^nO}?F1dv6AUe-TK<oVRE~L$A`fW=K3--rH~SosTKo
zrO4NJItv;N{cx5_hMOY4?|lZSWC5g80*PPlQ$!%H*+I!@uSjGW_5EL*cX+6ngo5H|
z^YuTnLW|FFKEE3pPjj2RDb5#x;5Gh#7POcV)Df`K|JIMK(fQBL-S&YJr}Hpr4*B44
zzME!hM;wYV=TZzTjuN6{)-$YgCd}FW--+DvL*2vX_ypD1uU}u>YCV|3iT)%#lyvI8
z&y1ccarR%FRx+$ae<T^9unz<rsX5WRc~Qu+8M=IZT4d?3ro7w+k1&U`*VLJ9Y;4y;
zyf!ap$`Vs;tCBNI)FM)gk~-{?*d^TLgB0A#nF`{b++Y`Xkr^L)@{oy>hNOF!o2DH~
z-V8hQuR-RW9T~q6Tt>%s^VJs~NZNzjcDW%5qQxcpEmhO)EhArTnRo2F*opaYzs#-I
z=XQr<Pb|zjNji?Fi40WfT;6r;ut%MmOA6uhw-mW7Q<PLahn$x8v4CD*DX6b&2=G`X
z<1b!R5jY1eX0!(r_!P`Pg-^%f$S7`MVXd++BJ4y2&BvQ;k&MO_1;(d0OAW9+pNk@6
z$?(!Wvew?M=#90(g5aP;^AP6m-`n;U#v7`cWORE9woTqAwAo!AtxsHy8B>&R@cW?y
zM*eyzSNDW^p)D7hJq#~=3R;{j3>0_!YPHtHxd5d=&4Tva76mu?_?5}rWPN=Bao)(^
zSCq6*e2Lv%<sp`v%O*|qUn13S2yHLPf0RtA<Cx{XPBQQHzn~y=^>kDMtQzUFJ0*P8
z1!;xf`@OU<mm6Y~^ZKnIFsJwvKs90-BjfdBUnCcL%UKVqaM#91p7U1hY#A>GuQW@o
zOeZ=`Y296?Mt*2tsI+?@S^w5N)GOapxll-h{0(*T<NPVK9baNOG9PN6KFk1&@~p$L
z!O7cW6P?<=ZbW|j(5^OGGF@?-E%^XGy%5;P`&~0=zl&XngIV<O$4WEofOQ7-QIQu1
zon4AUOgKC}!9hBEf`<n7UzDvoQrt?r5QrE(6<Dxw;^_x@rAOuZ`Au?<NBzHXikQ@8
zS^e61As4XDhaR)=Up*N+iSzV)`i=f97VEjmht8TbAFytJj<MvX&F^!%GjDMNI8f`q
zU1~97{6I-)rx}q0ZJXstvLIjgoI2V_yB45uMXqYEm&^Ei-pf+M2S`m@-j+lJ$0k=~
zpZ885FN`_3%KhqcVV~zGvIsl0I4y5(|KB42w|VLRn;;*{%H@G&(s#7nbv2A8fD6t$
z7%EvWFUS5Y(}A_>9-Yq&3J=>@9K_%}b@7*VNbIuteLjmBg({9G0qk&5pJTjQ5HbF8
zK25gdl734-F_Vx%#_KEbaxWK*{|$<(<)3WM)lgA~>xMR$z0gxCSxodPrCVC2As*xi
zMIaxxo%!MP_P@gJiEs=@e;zMqo-idFSqq-n7cKHgu+CJnv0+lOacEBOJCjg|BjmbB
zfKllyORX~aboA+)qD&N&d*{DZFOb=#%Q_AiGv1{nlU2#Tln;AV!6T+;Qj|2L;;wt|
z?oxoBAJE<=|H9dAGEv{ApuV9)0mV3N<gWox=DZUEuyF6|MMY{#P)+N6DAIH^&{2T~
zEF52QDIz)!Wz-o}D5!6@_5plKlexyuNCm3>=BLPi-V*=$|Bp>2w*DHacG~~5CgnCN
z#V%n_qY0J9O(?J{5~Xx<6dpz~Tz2@FaG|5CtE<+&^RwgeWKvLG2opAbigb0o5g8GI
ztg>wv5EP8IwY3%C;koPO<@I)w7m@nxx;PDqw<}8hc*buBQ`x<X%ZGUXK>GUD{p{@R
zMG|L8#*T{vWofWe`Olv$^m-gi{-71wTrPp>KpGjP{fvF~OstWxR)A?1T&9Vj<GFgQ
zEmyVM%Z4MbAB7`F96btzk9F2cJ!3_>+9XKB`cC>EMLhs(=9QBlP{Bq@kCL_TRw!RS
ztB<DzN*kg6@|d{0Q0nwCnKw=8(Q^{gvZp~My}Jat9@&|iiH{WJFGdlaPhpBM`bO`h
z8`FH^pIX1vm35yv2cNzmWN|-+MNpe7pNoavD77snQorilca}?*afo;7`sjso=yF%h
z7*X@Sk;1FZrzx4lSSd@N`lM}=B`O_IZQnOiJ!TZLZ{=uc&gly@;x%L9gw&anzE8ER
zPT8=qaUfuCpb?y`w1V1^^cUFfCbTcU+q(Q#y(KMMb>!i&z%8Cf5>FlU9n9D)o0C<H
z_4@=R6=M;`LNM0y^n5z$4*l8DS+a%(vjKyJ)G091SJcmj4&2N;X$;lP*xFa*Rn}hW
ze%?umM%Q`WfThP5WO$+4PE5UgR{P59xwioC8Xa%0Uhzz9St^0=Vflcdo;160ai&f=
z4erc^<0*C2q;Rne&Mdhg^gHu64g!U5XB8l7I}94ii_2U|CYBK&hwpSY_-2b{A&NFi
zljnbZrboXtl`fxbWHThA-WeMO{^KVn&$XJ(T}^a~T>NuLJ=*Y{v$)i%Sg2MQIXlWK
zP(=2x8-HH?^z*`-x%thcYBYDFoV1g5x_h}btpW3~?)SMvYrADd`)Lhrp%QL;?y|)e
zP0+#1=zN59=gxBEYr*a-ih64Sy85m=j*VMk@6hEIsjo$#Tfj&h_(N-T8zQxN(VogH
zrEZhU`HdCMG)d1#SzGq5AJk3@j1Sd9q@9i5J9ohYfP;stQMhD><mqssuLNyRmp&2{
znH3srsg+?BX8vw{Q#*AR;U&NHm8g+bSi9mG8*LU<0%qx=4w$7oY+@E<IfcNky%r>)
zN~}CYtD==?(`NBfhJ(pwZCg3$C9U~AzAy?J>PHkqjjhp_MbR!7j-XsHRkC|$X4rOH
z5yTHCuhEW(>bF!he^e9c$Oio98O@yv`mCCKXl>Ael6=to6=|1A&Q*>Kg}EWzG+E{A
z=s;e4P!lYL2flH;6%UkOCK+u5B?Uw7rs<l&mae@V?8EB6S}nC`(*7DUrWM4Ge`6pL
z__}SI^NuQ&$<KkygJStp))z16@qb;k=y(M2Js^gb%a&_1;2u{@*a}brlhQwyDw}Qt
z-I_K3IbT8~mEqg<7Xxh8&vj>O6nXRCL=GSNJ!~p=<NydebX=I<IRn|OyiC8?+bqq>
zz<`>hPf343O44~`bfBrH7x;EY1hxUxTEho)qlkJFv6%fm7d3~KC$EIT5OV$kVWWxz
zZQK<wNuZD#pnF|KP1VT734WYk1iXD)Z+~@7on7v6Ix#k%`WUR4@8q|cm3G@l(G6B)
zXUb2-#aJ`0@A=*0LNC4(^12(!OZyCIQ(=IWSB)$;Yeoz_i$BPXuJ`NYlK14KgciF$
z;g+Q_Nv5D@9g_DckwlaKVD9<0B*sj#HGPkrY&Var+A4K_c3dXuZ<#bu#@*e@vPq?W
zRxy5HtL<&WkwweB0<HAC7T+t?HOOo^kEq|c_)_opqUTyTE?=M#;A-tzy<y#aW)NqY
zQa<>Yd_8ul?{BA!R3l>w4+&g1jU?LAWDl1oeIuS)bu&Sme%#F!5k_BDnpEHaje50G
z;W}$VC(KsvKEPFPM`Lf<RYG5yGXE#6A6;eyah@Fa$FV#pID9sAQt21Nh4P<};e|w>
z0J0ih-1$!7MtP9=+0UfZ#{=bdJZtmUAJehM4$Kzeor&<~R`?~aa0=$7{VfVooXE0V
zRdNKKi{-ceR*(FtlF1jrcmIg1j*LJC$Zl7)l=l*QihjE)spaQ$4a_7E(JwS?Y_1B^
zvEsJfcAamHPgEFw<2eISxvhR@x?K6~L4@w;snkh$WUc74g*$Zl$(h}_4~jL@0)uXb
z{mHmLighb2SNC~x7Nsgxq%RwH*)a>#4c2SP=zr8tLKo{swyIz73Jbj)W^k{&Z+1os
z-dx(%&(LD>bN>;0$vGkS-Ps~3c^1F8FOp>=FW3#sO}kq-E<KRvI#g(1QQ}f~E#Fmc
z@bSxsz=~%DNRfxDytO|^&tdgX#R<MN`iM1pWOVDNr|m?Jc37?Mj(}`7Qd37cL?S6+
z>6XsOr4e+kJFMK|B~>JgNI?@;zVs8oINfVXTKtST`Mvj%<r8@lq{n8XE)_;BLZynk
zusN=~Q%78P+8grT5nlaZ9+IEL>j<Ou`%}94`ah~-7k*XIqpQ>*<sJr?gv@!3#?qO7
z#jZp)dI&{#bF^q+6LL!F20Qf!<yi&l!dLiP%{{$#Gw;0qk+}Oyr8UM|g~7jggT^J>
zuLA&a*#cM>=08=@;}74$8u3b`4s=X@#`<R#1JRfQM0zjmg-M3~`O5pdqS;#cv9#%G
zL9^wg{1_nKk$`HS9*#*dSfDmILrJUBS`Y?vJ~OwX&}NpNTZf52Ol-QC4&TqsO~;Ey
z>Wf;G3}_j@%@481dkR@egmZJh5o{t{jEuae|M?jc9W6sXH&<kt$M+VV)jy4%)2EJC
zRLBSfFCu*JxkUBxG9}R`5k2|gVOp~2*`PvO1QI`z%wn!&rjY*3F~iF<x&9Kg*rA-K
zGMmQ4Q<VIDr4l%4bu_ZU@2;v+<@HhnGv`L8hjBGGIvO)!`y2wnUXa+&TR&w5w%;*y
zbn#AEzJW&48zgZ@M&4h$Rn^7~6?|fH5vCSJTNN88q|1w7^@~h@e2JWOJm4;BgHHOL
zC9UJRjF+y-g6mrTys>~PyCkJPTRSx~;1zzU{pwa`VkqleID3rlBRKKP1<*O_-6Uhi
z=^Yf{2C`*dQ-w!p2cLg7WwH7)<@uTag+fe1(jV4mBau!q{Q)*cSy@cwoD6608QL9N
ziQ4}{{Z;Y+=UsTQprSIJu%nk%gIDB4(6%MJjBCa<-f}(pfZwjf?~xbCYSHI7=<gy0
zvHOFv)_rwL=1y(oXci8RW$D5`e1}V&6+*K6q%@0o;(A~I^gS8{A!(k0#HO6M_f*oD
z4wk7ft0E2Njt?JJ3)QwXdAPafcej2*Io~H-eWdq{6Wwu1n3c15A$8cbIn^PH-dVtw
zLxnsLcg<jyq^GNy_oF*o*b3FdE$y?2275>i<X45id&rs>I}fjEO5^8y6~b9><jWIp
z<opoLfa$PH7i#t&!M5DpZ__*6EMOmWq2p+J!FWkpW8eI6Jl8X%w@}ZQHFwhAJRnon
zj*=833d>PC!u0px*Eea|748V|mR|3FkaV-}TUaHs)1g9b_oi`(Xj8r<_WXRi&A~#e
z_1-!Of_v@Sn31Z{^+@W1(>BK!p2aztanG;WscF9Lg>c^5_llP44pENpZ??EG1zr3d
z!UNm;W6L)&`r0i%?uJUNk_qSNhl7jCPH~PKO$!?f`KPZjV?IDOmp{X6;wz*3`H?$b
ztd76UCD#Wp$5A@IYsf2^ba)7N-p#{U5zuCRXS_^ZoA{5m@>cV%hjny!vsK)Wk1u}v
z_AO`q{L12sWvz74=#YC+Q9qcUBw8Ou{So;@wC*d|Z*9(Qhl*^=o1B>l#3pD(OjyVn
zOO@*NlsdLuwsV?~eG{4I$-!l^Bv06H^1RDe^Q%*DfuzC{ak1;6a!RApD${s?ajAm8
zsT{|`sO62{7Q+o2Sj&R9ww$!&fgc|$b&I36*rVHXZ*Es8;}+CkDWo~<2hff871WYr
z`wv_?<cLAPE~CrQ+8kUyxYM!I9f`&-7ZtNT5UbJ3zHi%wAUnxS^8R}!Sylw+J2`a{
z*8VM<b<*j$Au#+EhYYy$XeGvqhLk3C*MjZx%KK?yr>(_7{L*MG=kT(%4=k3g_^IW~
zzHwPacB%YiHYc{LzX>zk*KvyU=K|E1p}fUwX~u^;#i?3&K}hsj4tdTFf9%@VfsG`7
zHRfL<I#*<21P8CRZwg+oQv+-Q`DPF62RMos#=i1bYOTvPSbB+1$vnSrSYgq{>#M&9
z$)4dwEKN&bwKI9vHK<IPT#nS^*9VL;={o{Q%9v+!Ntt!d4}pvGc5$W~_Evt#$he3=
zAn3ee51&58FZ4ZajNc^BP;pr+2pf^FD}?G9-SAmUs{1hW)vj-d?PkY>(%i|$rHUoT
zxg0s?fKIoX;5Uq$cS_wi58?DqZy$*7sI^)u%+R;&nWo6*3khV`_z3uDj}F<RQtPA?
zgZOdxWb>ygbp1W<UH6@i(qn?QTk+rm*m=<tz8B(vlkw$U`jM3R+vVRq#JmggpD@2B
z=@3Ul7Tb+OECc4_;rO2Ktf>cYB0|11=@WUzn=M5Zepv9fD7G!dtYOz%hz+H^-!=PD
z@q!))>E%8B-pN-ALQiosk1Jnvf22DH+d=wVczat>s4&v`+Y_q-a|cMJVfB>^3`g0*
z-86r$zh>+ZhnLW*NuHr(ApC$;Me=S#UzxWI@uKxtRXTsv_uk$1>8jS@&ql48rjFf8
zQA+O)`{NqZET#0=Hu1+BJ+^*>=3F2D3n#NtA0st69-w*w-GpC;wl7)yc}?Yc>PN78
z`=sZ1A0+i$V#n|$l4%4YGfExaT5fvwlSJacrb=fMlaPqhsfHVp6Sr*B_LQ&dm8jX%
zR<-jdeoJ8^Cd5tm<o+5-lyTkHq!xL0U-NV5dWEuoYTo|Fr%&2d@dAu@9>lUU(prD^
zUB5%?j~*WwcIaD6c^^U1I0>H>$!<Ex3RyWEe<}j;zct2ll|(}d*enbf$Q_A5h?=O6
z8IT<yVx0>5{ij7XpyZmOOEb?m#d0PrX?zKdEN}DtT9B`*sGrDP7+|6w0;SYNHWqEH
z$5tN~N74ysF-|XxZ{E=n+pgwn-iut1=RMvUM43DTYL#(*Xw0|=B-SuR2x&;6;z_jg
zRSzCMJRN~(_TfY?UJ?>|9h1`UbY44&D@j9|QW$`Dw(qDy-<wxabcSEynLqp^;`W)c
z-?$gUn?9V5-YfJ{P!tKh#ycInR)~?~)+XMFua{_M(Ac4DPE`*^-c;U9f0ceM{HKkA
zbP8P4s#HgeSNnmw;y;3$(|UNeeW0(RG<-gsaQY*;Q&{^4XLb2#tg36PhV4-MRZw?G
z=e4d`r{?v6YkDphOQ%coRu%p96_;JefjU2=h+l@q@-wC96?YwmOP{_U^f*0h^WsYF
z+w?u}k?XBjUbpAJ3mj}|2>ZF?(6^n#aVXfL3@0XJ^-<23DeM%w74<qT?0D*j6g?6R
z*~imsZYKy-^v~m&gbGFO^z3e#eE6h|$b|Qq@hKK`2E{+f;hZ|u5Z;l0<5YBQZGBFj
zcur`?tSBO}wASd5MvP5Z&xO2cBDpZ3uK3FZL?FLEUD@5K9Gn_)NOmMp&FYXZUQ~X$
zl;53rAO7tHJnp0_dB*LrX|qwzTy?`y$H@MyE)6MpBwVVFKkq%%!ND;Z>2H=&WX@;O
zRJ6BNWPW-^xnrk}Zo!)^s%BG4-oqo;<zPUIJl39?n<Cf($!+m#p|xb(W9LKTUhOlx
z-P$XBfm2^LYh;uI*~^wB1EN&IOb&6kn49+AE&JjVV_$z>D&jw}`UW|xH<LEXsaR#s
zI4$TFkhcK%QN-CDI_`hAlLZQi%fSUYIRSqZNXE#`$73!@Lsvvq&8#<Bg#1SWc^dZE
zg+k=%>NWpqxsO|*<x=vk1yQq{2*l{`>C@5AW#3_34}(&EveKTUC6!7FZ7bf<yQ@)#
z)U0&<CNUFGPrRttHG@h9U>I?(@6YiT>Gh;iM}KEz$GCZNsjvolCXr@ib6Sp1{@s=u
zn`r+*T*twcj|L%hqs__gap^e(?!*%w%GiEjp7f-b`D25Pc|it{8-A+Pc0ctFi%tOe
z2~^&0?coPultUd)r5nw$xnD|P;~??pPrVP<{OYc!G|}Tj%}q;U!=f$NhPf2GCR5<N
zM>%%%o6jn3pwdmlKh-c#f2@Vi?A7+k<nZTvDL2_=EH7ilB93vRNqKI%?*>0wi!V@f
zsj;r;nQgv<)#+Xtdgc#}nIPyq0zv2g-fV*I3p)A2<RQ`E@)l(*y6>@Nk#v-Gk^k?p
zOP)rRwaAad`g&OOvfj6P5>gWt;x&lH_$CrOFO-LOKbfhNrinuC#Ozi#!nc-^<I&I2
z*A2@IUeo@h-MvUnReCnNxbveE{;0qHbiRx?`n&L=9`W0=%|LZtR7f(?ld<?i)AQoa
z`wx6XA`zMcxfO~+GC6xe=;caI?6(}N%c3D=SyC+HVZ`%7pbI&RKG&wg#^CK34XitH
zzoR#RJqJXTGC{T3?km5y6<J=~zAX|K|M)P^m$5d_c}u8Vq(fqdzA>?*e<Ue+k30iy
z=bWkkO=cC^fxHZ4NQo`j|I!|GFkn|9>H4$B>GT%y;?0YaK5yo}&U@+0OE(u<iIuBf
zmEn7~F?<3oQ72cs5*!;J@UX=N@B@!7L$?@Jx93$MX1u7dSK2m)`BTAFCcIZ5da{F$
zwK2l)r#^M0SFJV2Qsin{%4Ms)XUr-A3=u@P=wbu_borj-77=ra)MQKE;x}fAwP&Hl
zsjoWl!00e3`yJh1L-*?6^*7jE5ZrK1v-VH=(m>r78;ROk#E^r3W+sd-r<jl3fU-V8
zk>8u0&ZkS>+7z>TkeT4j!X$tuGtK_^A*2y~U6%)BzHpv2Bw|zyA`~guW<R3FB-ELy
zyB(!U9^e7FBrKUsO+(_=PSc@2<{a@jxd?=!?f<NTj5hhtVOF`1P}#ru2$eDA@Xj1S
z{Qj<a%+?IJhMWSxh8(`QNmkt+LQ6@h1>MxPYODPP;AW#@bL?{BF&ko)2P%XmSBEG)
z@mX|p%|Hh249R<1>n_BEv~YgzHlBKD?|JPb&(ZMb?r}VRk`tXE6B3sF-mEm(^&%ho
z>+nipY-vi_p-An(cH0c^FTe|QphaOK%T9OJ(+d2<&V?dRBDxQE0Nqkw^<NktQVi)n
za`Jpin#UI6l-r*vzr_t_Ss|;wR|isphk4TUP*$mdw8tQvB&J*fi4Xi?vFC0t#Cd4q
zRgU^tR1msB*Pmdp_`bYMD-`)~R3S?CtV_21`HMp6vCZ1pko*S)T<Cg?j*p_a&GOxl
zcLv?HSBT$6Zs~lHm(tV%B)W*xX!VUJK4D)60fTV=h4ji1bYENSR<`k41B>$c$_;Nn
zdG6=pt6YwWSxiC!Ur;?(#|+og@6dLgmK^W9!TWg0;$n;9-TI-r&4;YHnoCCqVled!
zg)eg*wO~-X)9zPiYR&*sAES+NRIM6188yiQ<&{=ko;#>n`l^VoH)H_OIpU6@gxGLZ
zQ0e@)Yw(4%z00WTvs(<VwB=`IC}|9zMVr3_S~(o)L4#KHv^7fHCYMT5V~rzB{*y+i
z(txE4s?_71wTp#EjwZxTh&^gV(2&Zy>^j~7KFOV}pO!SRIlXt@aW3j^Y7UW9KJfH5
z$;CMDK>;jvTYD}QGW@iE;SF|S;CnS%q5Pt>+cBxRk_Cq@#0`73tCDYECHkc<x@6-F
zGK|PYB^!@0+y8ftbt;nU%Y_!)d|TOdc|cH{OUNo@k1t0a$ke`lq~!^D1d<aYzlTAJ
z@Mn{OR5PG4dNeu<{#f!01P=>xvFsx@=bxkg2X3IZc%v-Ui_5S{|54;~hZG@nwWf5;
z{WJZxfdywSGle2YTJQ5MPz^QiM?H%}etgtzGf8`|=ll^B#7`k9xw{yNUr1)TWEck+
zf%cH^?QaBbD5S<jMItpE@85qVZ1E?AnIP*v#`HPrKj{G1i&k_0J`3;<HP9a7RAwy5
zyC%_|mRPbbOJcJ!C?1_vyQnD2<N?wuZ5h3H0Z-aeW~NUbJ55dBU0f}g8u(qJn9nl5
zQ`0FmCzFesUwE3`va?ZrxYDxpvaDD8&o+OQpv4O&Rzb6fm?+lbXZH)BV=-_T^5Ykc
zm>3b2;*PYU47$%WH;3(hk37?+Au+@|w~0c0Dyk!qJCZqG-qB~|Ce}-%HC$AHA=9&W
z{m`lFH=C2of4=iYZTk#JsY}o(l>1Nv>*M(pr@IIeNX4=?sVnxNG{5<^py4=>VwX%6
zprKx84n^7^3B1po2ZhXD`d0io3_H!ibhOr<`*3!n02Z6s7Ji&Fql|wh2!!b{JciYS
z=tzA(*YqZvAPvd1;;wI4s4oDJ(W)9tO@|BRK0k+0_3q=^udi~D1V4qUe@O*;FNqo~
zFmKu#uCjxR#Pk)%<*VN71H$owUnikl=)-fWL?)yz=wlXXTK_l50)uGXWi(iotnI=s
zb%t7s7aS2_DQ%{ce2KLA*<&@$&`e2*18rWsY(-1>x_irWidyHPMC7}Kt6GEQh6Xww
zbKTiB#4Trbh}ZSVd-sGz8DF!+pt!hbOfo@d`hN7+uT6vt*07b|4xr4ZOTDrl7Fr9=
z6Fk9G=GDm{^QS28=_&1~)%XmMQ3DO$*tL~`0rcAT;lbWQPQY@0O^p=0lp_-_KmSXG
z@<gTG`+fcWPCth#@XKS6r0z$hkrgd@XHTO~QAL5dy%aUE&wBd#R=q<P`|j?~N~hh;
zh1BF^D35v^lX-;BBN-pq{MyKcQae;8#M?nBKPEPIBV#iAVz}TZ<)~gLQ*SuX6n%`0
z$QyGpn2LGGFCD|D79+DT&F|BS0l$l6CkUzpWZ={G3DRc$OL)6n!!igdGR5sq`7DhZ
z(p&{oe}ZA0it^g=Y;jxB{t-qeKdW*4+{TOk1<6(l%9Qt6Oy#F2<jhZw=uQW-%Xs$!
zb(RVRboR`x(*vEi>keyH$*FXtq}MFf*q)NL>G%CLPW_G_9&k-zvi9}6{WpGmp8s6v
zv_A7u%Js{$&=)-CK`y`wm{}Z6B{daoN$*r#2OZRBwu3bWPzw(pFbNqwxyZ}Qi_+FU
zgR!?q>gp!^c?pQ2i<Te<!VX;8iQ@B97|V6^mFurj{(Xk80{xjUzMj)V6ddM+9Quz|
zV-w$#m5ZU6&7sK*aXZKEEJ$j0_R<s+J3FGXX`N0dTYm8A8>$1Uuso0&J$bdkM`&Qf
zG$b%(r7e;khPOte(YKLt3A=Wc<=PJ=Qc0v)=MWQ<i<V6U<_Yv|HW(k%sx}2QGU+=h
zG%XRCOvN))X?=4sCE!k2W~*cVly7IV5WyhK?A*@nygSFEe2_;&;>d`f*qv7Tc>IWH
zatQ-i>Ik~RR$)rT`oo%5cl&|drh{LGo-Ca3o$sy)`p$wgAdLtbVFrziSZ6u1<=a*+
zE|lh$@M@)fbEVs$rN(pSX^@ScT4<)<v}Q|5s*JxZ+jrG(?7Q>XNo8)!K;>xs_l*`!
z6VeIg-TB4A$5YC$I0)Y;N9)`k{i!!q3YpKpCpK~aZIDHV-?uyOd@^vu8FHT7wNCv}
z%PmKTq4rO1=gSjT^9Y|9^upi8U+!Q1{^mqE^+S;909Te~D9+A*Z>e5TNy%!=`%m|+
z6{gc1JKj5+<iq_9J?D|<#mX3Nk>jKrxMp~s`K?$ve|eVwCkyxU8^v{AW2JnvI@gCU
z!m4nSuMq1z4F4+mM<?_eduz|h+0#aQjq5b5*G_pCT~L1cMD^a;SL;&&$H`T2(cEth
zIoh)}Ys3pG?ytTXDAmiQ>hu8lG+XY2$)kg7iW{FK2deDehYG3l{i_NR5!&uN{M2%D
z)TL7JypV4D%1I%^^3*>02WOAR11>!OH^~g>Hd`Lm-zx9Vf1AG@T$5R<1-jw9X1O(S
z4wA!3@pnY?>Y;^{JLB%xLiVe$`DWD)I?LchiRg0q`;*6+ba1INebd<B&mlmY7{(5S
zq&%nIj@`dcGxo_P0)yoLXSAW5t&Hj4-WSAQfk?C<-9~E!(<e_~ACEZc@K*vSlPi@{
z4>^3CbKvy9gd%7;7xe@Mi%$GA4ZWn>faQU~;d7I_E&$V>ZmPLjnuoR>XZFFBM?tku
zf#3PcS5&m`PLY80lWN+S>**h=Fkfg5JAwcG%XDhEWLknhY<1NG99^Lrd~BR(R`0Ge
z+d-1Vsxr8;zN-#fJ$S-C4Y?^sLrSNt3Ec4-ZSt=s7$feUVj$bL$Gk;7c=1V-6Qs+5
zhpB>NHH9MPb;z%EZVPMgugPNV7#x8N%3ecs^jg*hE0AXgK0Q0R3ksOKKQ^jB=hZn3
z9iyfd%d3wKfJbEFr_W5{-x;<J(YYcb<?-$I)VyJ-)y1BndWCn@ewXECGQwBFe=PAR
zgbweX4;*jwvHj}1IsbWRMLSfnm2j3Ri?-TEVNN!NCo-lU{%2S#kwZ~iPWyAwZJH-0
zRZv2^?%1ifgtPW<Gj1gsyx%C+N*Cbc<2xG4?Jqd|ljq-&Dkx>sM(w)&FyQI#p#0%?
zanC6=_FKMB3aM_0<s7i{rD^^eSc|(86A~rRaxwX|3NR-TNypDf47E|El}K<P{^yX6
z>8Z;_ZG^fo=4Sls=;=$)t)4sIn)kc2Zy9uDN-y1NyE<C^=MMoGOnhN?xmeE9tuNVf
zIm}zzJp>MLXrb=FRldG>DH$N<NX@;Smyv6()&{pc6#}YDro#nyw^#JM=elcG=6wl0
zQD?6rV%bEz&YX<H20R*dI&O=RQrlJA^%iq0p)N&wW4ql68c9~BAvI$+m7Bds-$o%v
z0!(hXDez=aK`|?r81lU$g0hD+X$B|R{KizB*60T&491<#U!J}+J)%p^v~@bMLw9<_
z#Tsnp#j5S(7iz%Z>A+@zufCs8MnNcm(WNvVOT!w`F(Jv0MJGI~?3Z7V%7+eIi|AnX
z9s`0nNX_?Z``<|x9D-mY=kqH0ij8%t&$;7XmB#zSH;4aAnQy3(0QEP8e>+u5%Ni~S
z8qS#3ee`9O{7dmkwoDEe8tk!q90~tB+A7QZydSf@^tHbKLlTdmf`WyiDG{8)eCwNx
z#5g$g#a)sly9_@a01Fw_z0W{@PT$)irGj?xF)=ZH-X9js>cF^;dsxoL5`kb<8kbNd
zD-=c|7i4D62wto#kfnaPjqnezuxifa=HXd*T=}X1WFlS$vzC;U^pR18jz@<F1)&qo
z0q1X`1J`~IEAPyl&&}QbIefFHQh%GaYZm>~;-S3XviAP?x7T;e0(aI28hu<4T3UDE
znCEM@KKaS-F4~b2ee`ngMMg$fbuJh^F;M|Kn)4fB?}e=Sb+huAdDQRs_`APtZ+~4V
zF+$iHyrOns`nE8ck1R!LD)%Rux&*M;wzlg<SrQn!_^Y?ll2cM5U#!(#v8HFckq5sP
zH1KmSV0)Q$;RWDFrq(-2!gC#+lN&{I>tGur%trI-+18v(`N{17VS3i1RpNBKtYdGU
z3cA8fTAXbMKyCK>o|RX7%L>!0U;wsfKV?Bu3JMD&9eo!1U~w)vvP|XQ5?~_Essp)^
z5r|jy-QiLphk@*}?iM-CzB|{`=}G(h8tdI-?XW}0&9ma-;`psaL$HK!Rai76TLrGc
zreL?vDU0@-o0^@`73uUC&3Tm_fnYzqOvM)@nvK#_9-3K@ix12pJd!m_sJ)XqTeEg1
z|M>&t$CFT{?+I6L@zqTg#n#XK87|s%No7pfNygoK#?%nfeLira$$xXeK<{(?WU!Xs
zgg^fQ05h=3<Jmpfo^1Cm*n7wlA#|}b`N+q_l>DN8eW@{Ex#9h6Rlsgmf9GAnv5+T%
zJ7IImHg?`}I%K9TELVQAp4`HjXhoq3zDr_vLhlpSw;uN^N^~gNIxqAUPu*DDT<GVH
z0ZS$(H77^cZ`>zcVA3*!6a7xqWWu?=5&3biT{(fEfS7yQ=hrv4Jok8&{0YLh<p>;P
zGq1crdm(PIOLmeaoGTl(^=rg{fJjEJ%^b`ZCW7MySlvEqtV(h>xhY80|ITF@*Sz0L
zUt<-6*hGJSi8^zMyY6CfE5lPpEL!MHxwnxpJ!$WE7GAyGym#GAVZnPL4zbJ3cR@(W
z8iUgsWqW&x)P3US2N3FopBXduxq;3N-YwIp^Z986ChtT28iD>n;Sr$^0ev2Pu&ZDm
zl6+zIu%Tv_`=p&l+w7r>5r=>KR<?q_ewOujB_V60GZWiJY(gd1uk}y7Yuxk)`&Nah
z*{_j3%141Y*Q{Pw->;K~xcy{Ag|Ln8rsSfWZv9%a&g|!_8;tBY<k7ce1c1P-O_{GR
zYj-30D?kz`CMoRF9m#)if{nSH;=Sba1J%}l9<1cA0Py;Yg;D^We*2j5XY-*ae#PFQ
zD~%6)wEZt6I$Z<2I)V=17FJ3@2>xZ*DI1@O<XU8e&fbSC*F-ZUc1*lE#@g2`|A|Dj
z`MY1IBJUrc*d7-D{r)EM7?A%zjiX0Q-;68tGQ`5Txw(HSwq5=5GA`~+CfNUVJ(BGa
zZ+=gxt1SEX!jvQ9#_qE`_Rx9giPI$Wa&J!i`}eWNkHF$ODozcSFc)Y31gzS@fn<(x
zg&AyLs~F(s@2lU>E{%X)XJqMEg}Ll|Ca@&^BasVz6gPLg4M`O=cy@rT-Vt$2i38x%
zK@!GRPx!B#eOIlhvjmn|vhoPQ>Q!LFYB_Op-lhk&+-g;EyoehlDj&X>CMK@ADyQ7?
zR|t4sGCi>>tn#h-fVj1Y0*T%w*^aA2g&@NG9CqUL6(5;dciTAZ-Wg)t+<qPY39=aA
z@2!<4)!EMUQc=rBPP*RkjjZOW%9g`Sfb#GYr_UCV$pZAhp^y0N6kOhX{-7_G6V0?W
zhoN4t`}m{lQ5guw2J%!+l$%s>t95=DSuAwV`GoDx$`9K6{W(p<ob2|sE@5nWBZ_u<
z<n7&I)qb&@4XBD3jB+}iu?WPxLUoDVIf_~jA3hvnUpnjTMj*%;l94K|U+dh*M^Rzt
z5nWHV3A)<aMd$f-kzj#Om7!f|0@D|TggAH=6%`@z_!_(2*aUX1JWOZWW*hy@`$ryO
zp=s1j>Id!Z?Xxm&qv*~?q!APCYF9;IOM5b}*8Gq;j={Ez+!0OvCrKwz#H{8+^f)}1
zf&1H+J9KvmKlMdo2fTX};n#xyaBVI0!_(!F0yIr~%P-#^9qi2IhEh_g@N!1PFmA5?
zdYR`n+$3?9#(%M_^lh_E3cub^Qy|N{E7jL}9RI|+T~gafYW4eYtLC}+aS%%x08ra7
zL^-ZawKrTjCl~m~qj?eDpu+tiHTC-27)HmD&KO{K`d#FA%hVpC7(e>Ulghy+1b25)
zolGgg7G%&``-O(Un{>F#-=CkRJp8=&hEbX3kqmBPj3XO*^9)a@x8R%JTjf&#Z%{os
ziVKH(D?K;SfJ1m}d~*t0B<(!#0d?os*vR%oK%y0KftSn3)!KrSiH0&u>m-!Hf1md_
zE?J|9+S!;3_$1U#KFgt?0W4>$-nB>;5@sE8VCZ@h0A{*Xz>;)IJzJOLWl-~B7k9TC
zW5J=Td%&xml=hgFYTFf|8#g}vP*mRr=exWGD>MqO)Kah042GYipa1a)SMqY@mAPBP
z2b=`e&6a(Ms(bCWgD*VoQfkk3iT_LBZ`YpDT9<`KxL3@$AHXbYhIM~1m-i^`#Q~F2
zZzB85_rA`tzcMB~apK2qdbY>Q<1cSzP&ZmJf&SP8Qr~SgwhrPQ;y#=A?TD^%-R+<X
z8FX~8&E0e<{eWhFvtQ3v_`$Uh$>4p$o)43vK8#{czkHRe`Wm%ES0-=H*O8ZgxZDPX
z9MqaBKd<bsnU5*xT4%%DlU!jwG}o_Rr>UAU&RV^h$qkD!DP40cdkS<_ENu1u!Ygb~
zPAJG_oiaFcSw_2wr${$j9=gM6_WP2{l~=FazRGYJZT%ds*L&Za5=!&ULWtA#!^~X@
zWzVVUL}fm<vd6}iF&hHGdtu7ydihgrMipkf9NFt{&+EMqA{#ztJBFFYgewrJw9637
z(Yv{!DP)QEC0j;zU;J;vAy|~#z4!lU?q>{}yst6o0dRx>5zGY_`pIjCh3X86vKvCo
zH(=1>BF>^JQOe+$lem*Wy<a|8de=WaIaqsTPJi(aSN$R2Ja#4P)EM@;71$m>a&M#!
zlS+G*;Tu2WT?Qh$oT3WlC4{;rXC4D!wq&lj8FYkFo^ae=9-kVE>EZPpc|`Gb4@Aed
zUl}jZWRL)H^dwFEnI+hzvsTjCR4w)u$A*ch3=+?^9_SPMU?XOL=yuZVSI4Yfoo-^4
z^P16UqI#$9OKRlK);iv2Oeq??xZU~*bjqPF;kDcJ{7p9D;5*{V@mJG>Xlk4X5lyV@
zbNaul%CZBf@}F1xNH1Q#>3Hw#)pO=yS8QWCM~}V8Z4Xkl1t>f-#ZaXlu<QDh#DBvm
z$I6xMcG3r13d-Mc7ep;InzruIQ$K-%GvlmU5A(8tD%i}!_B$MdJ;X&_nD2N_i6{rN
z({>j>!Q3jXXM@geGJnG!9qs<S$z=opkQF!c7IT$KF8z5zMQ>lzF>l07$$Y13>NMMi
z5ogZPMW(hqhqeYZ(z8$^9-LB_I<;6dRic}Xz_lFIF+B#`FZr^cX^W5XqU}9DZ=lH!
ziboUPg;M}B#^wr{dv!M5I;Nsk(4d6rc;F4dbUG}4-*%w_nGw3U%U&O8etoS^1lwsi
z2%7WjCy4Z}+G@b0`6Nzdo)ZI%c<cNFlrASfKb&9$#>!+K#wu(?&3Ts=$hmVOkJtrh
zJSo-a@Ql_X&6IhttGi%3n6G;JHtjjei7A)Q1(A<s06x$vl+)4yVMwuCkCTCb`xUo?
zUx*x)r$6m4)r+lua+01+j{bgkbF<g%aSTpBv9BwhrL}P8O8e<-iU^_k580^ifCY^(
zsWNV-7qGrUc#Vq&3mOFAOV=gN@ZQeJ;Jx_emn%wijEom>F7F!9OnHSddB>R$*7|Cp
z&QG6MY};G@_zQc0;QBc7V8&PZZ#ZCI_g2*hPD?8b0?&*9$EP#^RKDIT#?QnT+|{Fi
zvIhQ0c${>tVH0pg`T$6;DiTu>X*V=ohMwg6E{#GGA~~)G{~p0E++|c^g2C0)kN}+9
zwQgRPc2;9l++^}u9MDX3M)A>5$AeKglC#Y}C-J}?zqN*eP>9d=W^Cp0!IyHw$655S
zH#yauOXDwP^`d`St})(?KF{CxrOHnF2?H$b_9{?&c+Z%)wEK7?Nj>hO3Luqkv5Hz`
zJb(V&B8ZWmzVO8hxpL#m96Q4NAPSst{}L4y72^!TS|RF~W@8J^J3fFqdu-nOc1ce|
zgX#3%g_~AIfOGf^Xf6Q}5uKWh3&To5yWeiWiVwb+&q@luN@SoaKF9a`Q5x{VnvyEx
zH-8}Bzf2DR`b|lnpX<rJaPR0iE&}KBzdWv1`NaU&SK66L;l6Q|1I_fhu>5%D7vcgY
zA1XT@ja<d^?Oe3{h$tQ#yDUHK7(Z2M)m_woPgFlU&G5<RJLl^qemcuUvhD?RG6MT#
z5khAmB4DU?{lT)}$R7iFw!+@hz1$UH$OU^c&xPN;jR(SIjv5yYZy3fR(#dM=s#;8p
z78Zc!>E>)z*6y#aL{5>Y<x>J9p3d5%-tQ*rS3Hl;qP$&b1tm*S3Ep)0`FU&eYZ9)^
zbMRJ~ep#mcKqxmLd7fx+azS!@bN3_NANwfRKJ`pweR)UY5qN>hF7Z}Fv<!!pR)veQ
zMv@JRJw0IxP(n|1IYop?bsUFL?v)1=(vM>TXh~nrgH(BPo7BgJ3r>eov;+B8j6#M@
zPueUrPEm1wlcECm=jTocJ0ka@(dBaC(Sak^ptG?Lu1$tC|K#at^vqr~ZW>Iq(4YgQ
z)u{G*_H}I{W0C262U%Z&T6WLmuhXY*za4&x?cZF9>b<LzTipAACLRG32ZQ(JeUP1^
zGWp9wyHLKXumHwXYx*D?^uCKKVg0Me{AFkJmygwX3oZga?&bL}fduK=$_>r}ilB?&
zMWfH!-!xjzr%#okSg#~FN3gVqhAz?mg49Nrw-2aMb4Ccs*&U>-PWHBM(#z%2opm3e
zqN?L;okL?{(u;5XRB((voFAkmpxKkafkx_cp!Qt=3aOVaLyO~5dH~Ikd;bBT&{}~H
zAVwa5EbR1*Bp^EYxvvBI5qPN7DNZz{O=m7Gw3u0g<pkAPZi+<2!zwOxhun_#$^7+b
z8d@;l;ON8Og5caEvkWMfz;|41=U>GV|1A&B+ItZQjbPv)seeJ9p^?j^P!PiWxc9eN
zg@1L1g2V8(9dK|a8PIPVRdLR5j#Pkme|YV0pI6C&+|Xn0l7Oa+2e@_n%Quu$1Opga
zA#H1+zC$n#NkUi2;C12u_RifPeKXnjWdGeJw(Bx!?LVp*bSOn!{e09s<NiG>5`Q>$
zl3m)91>{(wYxF1hL^5Y~6eJ~MOY|~yU)HS@jI4B*EK1|NNFqVQTUDYgSIuMCK4s}m
zmn0Now9-(s&ZLb2C&34fu3=!A={Q9bfw;t<TgHi2Vm1|`jO|MGG;sWN+0HUNIXMf8
zi}Sy0bwykw@SW3P^}KR{b<p0nPjSk+I*e4L!eiaBv9o^(XW+azt1#;o+<=sRS^O}T
zm7Xi2LtpiM<vS=j^?Ue#SG5-J>UH$8?Rr-S&LT)YXiAEKfC=p^v`r+Vs?}Kx<loIQ
zc<yRNr#tG6aio9IJjpVHVimTElX3eKAH26CyW5g<vthA{1t~Se1NIKj!$7F|?ju%+
zhNP#KhWMsQp2;;Nqr<-3A{K2IqJ{V}f9M3IM8#dw{#;xTS=tWuIa1y3f0rv0y`=m~
z?!Yp8xj;|(&%n+6U7IfXD#H(3ae<yJ3|HhsXROkTTMMfEkL{O%=C6`ffGs>nQ{k}a
zYn4_)YT+$M>nS8#m&BeDLhSO8Z++t{yL@&jTc)mDi1qz*)>(%i=W>foD|^<p$a0l4
z6;;N3+Y>iVvc`A8LB7ou2_$>2Kcs`so=+-1M_4D%T)p%9qO>DEM@jRmS2CRUr0TO!
z-Yf(YRsY69j(>MUs_VhW9x`~dj9p#nGClAHjqCs6LR!268e}<gTM)f2hvVz3q=MfG
zSC!P2gSO8X7Z;z0ZyHuwj^px^1JJ)3J|5MvprzP23`36%pHptzl}RZ6c4kpVc!ZF<
z`ITl#KdvqlG0QB?HPDBe7vS9&$I)J1^v864wTys;=fyDMtC^&`2!-;iA#WSjL6+(I
z3AI88;0>q1JFWkA^c$o+&iwTsgR6C8i#K1Dq^qAPC|(g|-ByW&tKAPM?I7J0?tVC?
zItGr^DJ=FJD2ZyR!0f)GPRbo)K=`q1%N--YKd!y@Ke)EX@nH^`>%egT6Bj_ezaF}d
z4gbI3=h#PG|GWDB&$#k2==~qY8Ih2Z3ixn;wAR`H8F4Efq4v*G!T)S-fUlg*AjNF>
z#rtJT!$H7n3k4o^2F|o`jQ-Eoib0{TAO5rK5>ZCy$el*<%cdzELv$}04fMu&$Czpa
za%r=xyIrchUqQ(1`oPoifg)=rAsw+p%MZgZl?t9*9xe-RH<!M_3Ii`ZeMzD?tslWE
z3boAKthU>hT5|Ew=l}Ovfb$Uu)vW(vDUISS6acV%i&;ar<+k!Q6P3H8dPVx}onOja
z8aGcui^Ydtq&#w*{$4xK`1>x)CAMPE1p$zhYF(u6d#>;F^E+<-_b4N>x}4^fzO5b&
z=^P@s<U394WI~`;{No8t5@K*uQZ^a9p7@1y8|tO7q_jgnZuH+;y6U(np1&`Mq$nWW
z0wNp|(%pw}fYc$<p-6iY(jC&`myqr{x&)LCDV6Rzx{>aD=KMXp;17=5o86h&*?HH8
zEpPdYb5ju7W+=Z>`laE!byAj-_1F|%0q2AmW|5FR<dg}*Cp*cf%((|rr96IMn-iPn
z6+}|TGLX2;?8NyrTy)HbRKweQid1&xDUVOguGk^YU#a?lJ{E>-4&8#EcgOFKhkC6c
z^#TswS%zg#?H%S%7qma(q#d=85UclSC;rvfpuj0MI$V|H`+Jok?@3!0(yU+;-Yn~A
ztzMzsVlE=W9Qey`Y_8sgd)9f{&go!TDJ-l_M2{y}I#V_XO{FDhPt}#8d7N_7b~NIu
z*~uRk!^w1*$6cSU<sL23j|W=*Rtt(|+?*T<$ObtizhG;s3rY#7Q(5#9?v@6;VSEH&
z>D7Hkoa1~2xPha+_J;%r2-r9)R%cPOw#aIOut1%CJMDC{bHy(J_g(^gB6xl9o7;JV
z<YGYqDBR_b_W_fN)>UQXKHax}-5<Hj6$q1};kOzJ1mGD;C+0j-MiOgF3EDAT4=~<W
zle(6_zC6uu4}OT#>@b2G1?zgg2e$b`Ndh*OK%^5L^UsPzdoRKoFpix!M?&d6wx7H2
z{8+n>q|<K89&))4DD*hAtXrb@xbmg(P%AebdQ<;t<m`CdcsLO65gQj*-<Jyw_Ry*V
zV2>CA2-{B%2b1sJpA69Ma4>^6Qf`B7ND=IwnKy7McBT={sc60&ka0RhHc)K`@CUCh
zP)$S>@J@ct+Y>U?)}uqUys`9fOrpY!MZvsEKrDqKkpSmW4c{4ofCtMF11>uF3b>k!
z)8^X}A9LhmbY%k>IXeR=U<~uejXWajoI8~1BC9X~IlldfgaoNqZH+cNKn&}gcnam|
zWEcT>!+gtJ^t!?IIbibqn{IDBn3MhLLVr%eEiKvlkWTc3X!gxv<yR<!#rJLCFED>7
z=Ki+>klQL~NdmAa)2k8!KBupdZEbCAPoH*OMOJ?xI43rx6Lrb}&V$7~XM$-BloPO^
z+}|jmK{TDS+D(-EHC-Jj)0_^88V0D}>wiVdj}}s9Cg{bN>&CD$hset8gATL0J&uh%
z_k$A3zefPK4t^S;@P~B(pgMd1w#t>-s1iX8_o;QxMhdh#B%T1FQlOL=De@3(vOeHo
z&CU0vX*YXc`|Cfq9!>%KMaP^@3fJ=k^99vw;N?Io2TL@8<hYogf@H+RXwmTQe~d))
z$umz?ljMOEN+4^8lvM+RBC$aYKRMf9Vt@YpKXNVuOLYSElBZxu=A#HuC#&O=^J5Y7
zRpXTk=v0ELI{6FH3ZajC^D>1R*`M(A0$CNofV46YG#vNdUW0kwT1G2i4Q6mI70i*8
z-)UWa-=S%;$|4!0-h;vcLP}_DskLkX#Mt7o;P+xB(Alc>Znnn&>mg+VuorVfJlmPM
z9MR^KH&Fm$D~n6oo*%4q^53a0WChQ($N}+t4SQ__aNxZFym6Krb<o%ExF3k108O%s
ziP6CQ6@Akyx*rx9HhW9>hx>OM{w`z$Hhli_V#9jpK|_~WC>o4)cPrl2_b+Tjw<9EY
z)<q+Q^I<Rx+9`l3fCDTRWIUpd=Gy>a3cR05P>7^9Fa4A$u!mIP!3G=|i!;sQ(oz8|
z4#H|loHP%HBTnj@N|N*8YVSyuh1!BD83f*)QzBnAuR$e-ZREB>wy!>KHJnE^O*FD2
z1l~Q@{U?4QGnhUL2spuLdhk%-0jC4;d{qI-6Bx*DlOrjmLEN8JH7O)`w36<FZZPOK
z(VByaA@r&QR4ufQPQDv@o%}G97u9)nCG|juLBjppexwWmDc~~L70mkr!2*$kwgHIy
zK8pVVFmXg}KVTFK^lRTcT^w00(FBmQq5Cu9mnUBH#U@9RxEn8;bX~Qf)r*Y+?a>A-
zE(9~=0X8-Y`#z<~XY5QeN$@eAOuPvH8oTMC-`veA67EMl2<Aav3Jmf>!1rptd&i2T
zRP^1=Uwrx<#NxYJUS(MOfZO;g(>&{2y5|92Blx%@aAX2f+Y%;&B^<&8f#A!U`<u2Q
z?!1fI1VogOjLiU+F_=<KxQWXisKp|!{LjBV7T0qDE29o{M%5u%{&ot`iQKZSmubdq
zq97<W1xU?32vijVZK{dj`cC!6%nS)H&|LfkJ;^!qv<B&!Ry!<fEhw0k`01;O$%1w;
zz@<>EX@CENu3qr|^1B`d4GqUm^Tu>-nX7s0<!-YYP-trvw+2-}C-II8&x@cfTl)-L
zj-ZXiY01*D{YmWRA41QbMTC)YC;+1s8yTlwEa>52N64e;FFqB`Hy2y{Z#wUzm)Jm^
zl>h#daa{eAX}{DNYJB9$K+E+8cgAU0^_y7-e%;Df{Rpc&*4pym{BUFTL(gQYHa0fg
zsN13f7RKH7$W7Wm5k?|d^u9#hk$O{VJ6X9nC~>uXw7k45u9gp~;E|N&cbVV!OXRZ%
zTW`L-T9ZQGEfBEQYX<h5$!|mVx$QR=p;5+Lt<8Vz6O&tjqb77Nl*OkJ=XQ@0#9>@j
zMY)!6_fi&vN73{q(`&qV5irz$tl~XO03T<xes+76Qu$Ew%(u>I!|cB?vHHYqfqk=X
z?w7G#<b~lB+?uYg->Vi9GEN)rC4c?OnsvuMF$PSb6z87tLg1>ZK<<m>e|@GaOKafw
zTNDe_L{LEUac316h+hWIVveg3uE#i1#b0Z!>=V&b&r@)JA`9@(n(2~WXg3$R)$=6w
zr;MkCuaP8=9tF8X{HDc1KUpAJc@emtt>%)LHKc`JUD1|@X;q{?tZ_qprHN5>P(8SK
z7TahsCDe{aI|F;Pcd1o(v?=)&XNE*`NtXW3mNMtgj@>T}6V~MP3DM7`tPI2{zu>#_
zxka~L&032UyBpw#|GMGz<h0fK6!Xuu(D;|d!wsH|(}=u-@VG+gs9tmC##v3Ox>wB&
z5uIeJtm-B_&zekGV?RV))la0L{3ya!)SflbnNC!-n&X95nMZ__ZB3<D4EK|vpA~YJ
z7s<-<q#0D)e3Mr#wNYA)&dj|bcy<t9X|uNX5JR2mT9FAD(v`U0X@z=rx`qoox)aNL
z!t;w6j8p(#Y+@W4xtT4TZI|Zy0WYp}MEHBEg54%w;44P_B4iV-E?x~W1oc4gTv`0M
zt~n^rSAF6Z*Yo7Bv-?qB(kI)yZB3mK^2~NGbuB_F`>BWRN2rCtJ>}xOTY^$HSME~3
zPFlgliAcFeGQr@J#>HZkwN{UPyJ|Kup3rKQ)B70SIbmQ|GI7D-JHH;(tkM6n*Pb=k
zIhO28dO!D9uiAh-!tbhGdg2s>m)LYakOPXzZ?^g=lZ#4@Tk@#jyEiM=;XN^Pg8DwU
zLN0d+y%(KT7c$DPuuxY{%#8y4XAj$hydr5L6((t0NjoPEj2wq@;hWdnuI?X49G&#H
zSS4xhWkT){lk=u8y@<h5;M6NGV_hXc5@p*y$i(k9NU}K4L6#rmWDa=}UFc_Mgp&vU
zGFG;VN3kVeRvn*Cj~R~ape&&IyY=;iUX`xA9i8$T3JT<ebbQI=UVFJ`?}s0T8ydA5
z2dfP%sYPZQdOXm$wV==Zp%py%*$~HSqf%gTj+of=s3#1uv0j0-psJE|Bl%a%HTG-S
zm7k=y56SV4ee;=Z8w~+;a>!z5Sw!{i+vgYF*W?#BU7Y;(Gj}xTjiYh*);yKwe$?ti
zria&3cdV4T3DaMeMQ*4GjhC`cHP}0*tlu@Bxs{X<3-|W0E`z^=StqU2@L8jBO2cWY
zM7$S^&7#7HR2IArOdk)wH-#WsvdK9ogoICy;o%yBI@Bty;f<HFz1Lp?18;lVTFeA3
zC!F+d7T^#%n$)Kcx#tB6b+VERUp-StlJpsMGn+*-rigpJ3_)E@W*^u^*-vul+%6aD
zOew_toIk1QmDkr5#)(Q$LiEwf_;mht!DBf^%=|n*>I{@Qn!V_ymonZ%tvQXSmdMXK
zuKB=x=p?y@4xjYbA5~S${(KapY4A60N~1tlH{RDFIk&0O^)Twrk8TQKYP7Lt>1$E5
zjiB|QzdDtLTedAdQe7!$rnZ=+->;FNX*n$>Hn^jhF$zW^QSeOZ?U|#}_G_nQ3LmbO
zrQ6?){BEK@=6?mj(mM5xHVzj8E<;WZM>C96_ixj^&)ZjsD=C%##!Pj%O>9M9Fs=P;
zTf3<(`!A%V857s^@u7g{w{sK{N^mmT>FpP57TbG0d2#qH(nWw-3kySW+FEnYjV6-2
zhh~veGFSEq=h2S-2TkwunzW<Ddf%Q7g(mZ!jb#2pW^ry*TMS~jr;$o6-SL*<)`Co8
zu<_A#!@gQwF7&Rb_d!IFag@^!jws5Wds-wAE01zUzZX1EMn1)_I0T6>U;HYXYRlFp
ze8L<#UU2!AJV7j2+>&z={U>R(k@aiKs>o&37lRL1`@Ay}kPXE9bn&D<F9I#=nCSkZ
zS6pgUC<9m|%~;;IqoR>YT`#@;716qA=eV@L)4fkT@43OF)eDY+9Rw!|7Hr<#%oM5j
zjS+q`sq}k9VbY*Ly+UYzY6N<8Qmnz`>mL-xeaZ*v*;;gDk<5<n3t-s|I@}Y9x}psa
z3T(t>PmpaI_#HsbvRk57hGU>_;}8`V^k4rc`T85Y<5K;#JaO5MmEM$ExGVe_ucqMv
zA4D?z;7H^&xj(N-zc!II!rKT-uKYuVdZT1bGY3yj1|LKT$$|j6(`$+BwlRi4*ze<~
z8I=*}6U0bVj!{vVoJlW{GFnde+|eF1X7`V(J!*jV+l!vpB#TFVtL_{OIGr8-G&EG|
zP72|YYa(2;npT6g`|r1_=|clE#YNRoJJ7?<Fr*y$eWjl{cFI;;{Sq+srYGIk3nz-i
zQE7dD@WU=*2;x#`s@QdzqU%03X$^Y8LoNc;tt$7B>_5TOkj?G1-aMc-cg$@i-E`0Q
zd5@4GzZkbwCk(kbe1Iw?(0%s~TQ!j<g5G^w$=X|4KR^L>TPR>XSQ+g_P&v67mp+u<
zjL52ZWTEBi8n|!*AG(8HqcqLv4s%<_7{np%FLM7aPr}1A=8ir!HxbzZNwav239`(Y
zqU5&}jUtXr0`JGd@@{N|N9_g@RvRy=w9DM8kbXYL4;V&tuJkWTWpfMLs;mZ(R9*)Q
zVoo3C-X{s%N;z%*)JPIq5~yozZ{+uA)ePfWxmNwI*?60Dk*8SuX8PU5W_VOb+17Ra
zlH~@@AvD#dNiVI;=mc3~dl6a)FOo52@bbsM80}j**>(?RQ$}&I_gCIFa5U-HT<A16
z@@JEmNC(0;%j$a*(uKqhDHEhDc*!{Em68Roq-lI^{60l^0-yWy1<6<9gi0>ciYN08
ze|H+<hlaQak`FuHz$#z#H*qhY&*;~$eB89MDWK1`E#*(Z)HLM+c!V&>x|^VJy{Rv1
zAVa5<z%;t%&1;_3{?u&}I-_rA?k63lW*Q61B;@3G$%{P1q@Fd|xY>w3W<qfpg9%vS
zI)a!{iPb6fgz7XtgI}E|^BLvuG^Xb*=dg%+ZMrsHXhz4ZA3qPU+6%#xb^U?xw6Fip
zz1E*<UwvEsoO^}X@=5zF5~>`j{v<_|Yr6+Ak;=bg?tUEUL*SjZ{b$Kf<nP&=Dvl`6
zV#OuDVYm8aS#5~mSK(V5tvTmOZECr2iYv}n2ISLr6X9N#0|Wb|PH9t|*9nWB?$ba$
zc&oq|DTZNtZN&y3^6z*w=hgPRXdx)Akrmtt&mAb}j9OR_Pt`M{xl?wIVIak~+dx&O
z1!xJygFnm1Zd>7(Wu6-d<Hb!B1qXgyLlkP8W&bP4*)s05^)Ja3sN0J~kN>gIbl}$W
zR(MhybtKoJQ-54jtsxr+O#Op{gFp3stb*R>N!?z>Fgf04SyzN+DM6L1^YnV@DQ=BU
z=QiLXn+5}t#?72TJ3lVpi`H0}t8WPuHv5fDXKEp)%1r~xe*>G8%HQeR>&~G3bnhfh
zEiHB?CV%XQ^eO<X6*1+yEZa!VKoukxayccf#6Gbfj771)9a`uA$|*hjMg%$cUsXkZ
zmuT8tyxA{vMWw~o#PIT!)_GSb%TP7_+UNH#W`iF{lNR(xQ*6JtP(tP~(4{qy`vitH
z8oBKS8X)^vQ=BH1%s5Yx64leQZ^nnmTFDFNd~Q=EuaC5T_4H((AKs#{`~UpOLAyXK
zEs<IGRCndU7B%no=Ct_;K>BsVIJ@8deSLYrL!#LcMpp2;!YnHtogV=E(jl+Y*|mzf
z&t#AvFFIljFFgAD{<@KW^%tk9mR)IDLCPatGxcw0txZ)>n6Zd^Zk6S=Ct`!y(Wi;J
zJ@<ajW)H!T4Q}xE&X;+UTAlSZ;RFZB*eRHeK8_X=Kt?No$rs~KmAM<=ZbIvTZRlvy
zB3%Qx8dYasatQ1Ink7F~%mqJB{J{)&7e1K>ZGWS%LCS3Ry`^A*+mD<k(G)`s+WNiX
z5X2gpr{JnG(t4yRaaF}D&WMUnDW%r)riX-D{J_|)EoHV5nxb*NYw({0rJ9uDvh&zf
zwpsFzbcuZyCkhBVo9vE;y{P2FxLW<2c6kK)?7o)*b^*j5A~wc#ZjSrIfq_6-b?z01
zz!#rlU=fN0Cwni`408yJTZ0!SZ_vZMlp|;N`DC%*<CsRe`Q|9q##E!~xa*@baS$!W
z*kys=H-uUW$M;OeO!o{M7rpw6L-A8BrREF|DG46qJ3*w?Y<AcCZXsIPH^OW|%zWq3
zOmvNti9vn=wBHVpuF2Z;i9%MZVor;%8_xV%rC#Q&tDuZl!?)sUo`7+W5#BK0GQk}M
zd=U~jL0;*pbvVBTw4x<C=W^KV^8$ZqDBkyt1mwIXwJGGUcHL+{ve<+$e`Z+%6loK6
zKVkzobgowU^#-++cLOfI>sCo^@rdp3Z^wYd$^i24xFBO-q3>ndRdr!~7gK-P@(qp8
z79W#D;3i^|HukZb)s8dn@(sTm)k`7>N_5FF6hJS{620mO%3p<>;x0QWxY)uTC(q(I
zbY5!fcBiDb0Cr<NPRHmU{Ogu}flr35FppKt0{1&55m~`HsuT(4bOBDA%5stQfc_EI
zmnoK$k_kT+s^0aI7;OQw0I+2U#!^k^jc2VCmHEx=Z563_mPPo2joz5(k|v$-2jBPg
ze+3t`gMzMiSHe51yPE{svn$K&K5itUpD!>9M+gLNlbkN%s9>8sxv&YCjcUt5SzE1z
zApp2wQZ+Ttbhn_&>@2u(nwnGj!&9qhDiQ4-2eeT&!uE^uOr<%21dy$NW{!S8di>$)
z%-;5TBVep4*SgV?{mH#dO&ILbNpCu3H^%LFRHpzKqo#z$d`Wbj7`%=&+*cDV<p0uE
zIPW%|QV)<^YWHYl(wgE${qn9Et$v}$tp@{Y&HsPG6`FMbwg+`U$5bPVF`fX~{}t{o
zK-L?827}i-+qo}>K3xYc0-g+klfr0*+MiOkz~)_9w9`1~KBzfm^1o}~`?WfCD&I^3
zm@Z|IXUf<Z&JPb>Ke*NgT;E8UEKb}^t}+E~T)=jTlFq+PQBneThHONon{*_h8LRgP
zE-C4FhT^(6T@Untd7=WR1tFLqgh;dD;0aN!w9~HHM=Ee%MS{xrFFTn3?8lmmeNF&)
zPw!;*L6YEnO@_<E6GBl3jZAvMX3ulpxM#XU2@kAZZ~d*E<4RNQS|p{SQUd9|4B&s!
z1YR{OV72&3?DzfKV-uQ8cf_#~L|^pN=J-#;#i{#|SGn6!Qfd?=+=GXPG@IH%;|`{C
z8O#)9o2HH@!VZp(ksDt+t1ERtl^FFp=f6os%fM+c0IY`0n9n{GJpHgf@c7d9`mfkm
zc@Ce@e52D^bv5iKt}J_#wbL7eVm6uqn-wxovHk%y^@qvRO2~vkV0Bak+zt_nRH|H1
zQ1Gkd)t;RDUMo)I^Q2zum3=dsD40s&aq#+3oQ)G=x=xTUZh!XN^iU>@T_e_gR;#PL
zv!$sOS{4t)^{k)S_S;TRSXk5nlWqlmn3Dd>2H}Qn%X}{CF^XxtIF?tzYWeChqHzU!
z9h$;bn$H`~JQsf^zMcBG&Ocg8Yll=+nl-8L_tK^ueesHK%Agr#ZG3<>LxC!UM<|b7
zjkzYT>arHUCkI7v+Z7EZ!DYLwUXMP_t3)`g|7;Fbao4W6@OKAum}YO7#z>9EJ-M38
z1_AmLZSyfqzU0wWm`959^Us<uOY)0)a5mhXlZI@Q^7K!qtu|ft%~gN%+n7RSnG0SQ
z)R7vl(1$%6R;hhArHORP4)O<92>7D`j?LW}6x8W>NHVNoB85p=JO9go;;0=I<KCn0
zo|oC*mftvS{CNN&ANKtvv|UEPiyO!FT7wM~c@x5P$I>cSH0&2wi+jIwe-E2j@yv#h
z439hi$LmSRW<TR}h91ywr0^^`;SIAc3oRstgT?9ToH7n2c(jq1A-~2v^oH%E^|7@q
z3F%jWLS(5dy@hNZ7JH}pwuhJ0u=KwgLa3GZBSn$s;2|#KoL{{!&Qfa`AJXdkBrV7T
zUL0hFgpZc0;MrEjDN0lrb0se&t3>M#rQmBj9ZA)lH5xui#Ior3<vsl{KiySeRR3Qd
zB43Nz)nxd7q06m<YCS;|Oe=-$J`jy4FiNsP+M+20=hOqx({9;<;MD1GE$M($dZ<+q
z5;md-P)L3oWj8Qv5CPRf+hnFVTG<A~Hqy19MLGL}qREzY=;((*z+G8$E{_ZW&@d|?
z?|J=*->MFvkG9~t%tF8V&k1oywd<K40hth)hL0%qeJIeOmY@0}r97fQQl#;3ILgnL
z8J97k4fSs9-=Vwv{@^8cKx?U3k@r&PRs(mn8sBgRBRI`mkU7bZg`=DRZj~uhHIzs6
zQ$s7BYm{=Yq%(*+rF`Ymm(#jACW-XAw%Z)8;+q|-Q!*jLP5>EjM&Y+06IITQk&mUt
zMhsDE;pMHgTu+#+A%e(XPrB@6SuoC1Vm1ZB^yU#(gI~adIyi~HQ0})>3JeYODZMHe
z_1zDC=yWva?iRk{;wHaXRoxu&KW)wcw8LQ6u3A=h7YV3bM6l6RKRxg?{OQ`h?Q+Xg
zRUhM=B^$s~Kt&9UVAj-}#^(WN#qU#-k*8Hl8<z~VAx@9F2s3nENIbnsbz&bqPKE23
zX~O8E!nPEJJ^ZjGr&IHK4VlC_U7~(9UN?Hoq$3QjYCcj_*PrU{|7b9dp5VNgSJsh=
zb+yp*fE$Qp-O%!-4r&nb;P{!m047g~n-NO)Z(D}4xUUlg-+#{je{Lj{!c)oVY|fLA
zVde!cfw88j(I4Gn`VEKpvmHPpbPu=nuT*8&8%8VkC0+5VChbdV7plMV<O=nLW9QR|
zo3R4CgQdj8Za1y8a_pLut&AjZI29R18Yzt!4~)(2KeB+%y<W~ac;fdJYd?2kc%%CH
zb<hV#Lr?o3(L}Io27X(2dcRY_Bu4mZg2lfYyZD%`5Awc*-{J1uF6pMQaMNMY_yYFJ
zEC+{=jeb7K{IYghv$D#ivU9d<x44Th8gACl!}+)H_a!K=yll2v(2IKg{j^=@a^-sP
z-|RK3e9Qq7q$XGqU?<zgZJhFC7dnMnq~9k`VSz{MEO|?^a9#*$mn2wBZ<pvYZ`^+B
zCt_lnV?AUsIp7p3)tPdByZd5iMJe`4fBD>_heO7}QNuKkutQ5;0DOu1sSSy*6}pr<
z4B2BWd-pc1<b|75!-@;TJuuC)ZZMNAx<SS-!(X~Q`vx!p=W}Qx#_q0yd|+q^H>ySp
z0^ia10o93=&T{zJlyI;1k!Q~~>yMKU?YP}R!47dqF8zPCHypkF?U=H;W)6(tN_-{o
z*zoe^`3i~UE<&m(&Z$P@jc=DpAU)wGYHaG6W^F?v@gS99A;-u1Fw+HfJ3|(<#s#0r
zOFaA<#+NZvG3eGnRnT~lfmixsswoyhR)?dt=d%4cRots@i7Ku>-?EbreH%EUvUC{d
z*)U;&VYN3|Fa;9Ceh>5XO!gMG<SC_B{Z6gt>0`I)i$hYC1$Moc0F%#+vqT9R@FR+G
zx4$3+D!(5%r_>^)P@>Bod9e!D_BoHk%P)V#HqZ@?F?hs>TsV&K%UXcNco{1K;BwNG
zJ4Neq(px1`@1L{{A6JmUfYiJv+p=zgPpM#x`L8pNswrTg#_XOn<Am%zW~_MMF^~;w
zo}YSH4VF<N4ba1PB)+3{t(C|r;HP>f-J-)2bg#~&h}D`CFa%Yjd(sxtEs5YAtCjU*
zvK@_bJV8HfBgW8XFf6gn{u61{F&W&rp8Ni*Ah&s@cBhr}hObKVK}it4hR>@?$tiqH
z!N;KJap>blC%J!XU}G17I}T<Z3s}OmlAu)zGXI>SpzUqh`GKf@&B#12b{762F2hP&
zDTm78_4U46_0)O_n=u^uYpYKrjvtvb@7%eYjQ$@1_rNt!Lg$Y@Cz9$`-iOB9yoEnf
z-<87B?Ay)!_M4)>;gC3qS7szVPgsKz%mHppy%*QHh7s8WIA7Hx-(7oZNA7-P{lLG&
z4AI}ULO<|^!5x*fC~pdu-X`>l-g=xmT^~|vk(Lh=ayikKXc`ZdZZoz)D!Ph5=E|G%
z1VC8ye~$%eJPe6I7)eo4{E3E2$116Ap=e)mETx<|wPXxTSyCasZ#%>6IUzp<`+NGV
z8#p!IBpAl4rx_nXD*0XmVS<CTgrTaW;&|2Y6@u2`44R>6$wJ1V9iLS+lYQ=-K0<^W
zXUr;N2G($*JANjQq(_X)L$f9S{ff~Hc$7B8+isAG&G_Uyrr~2f<=-#{9w?QcQU_o}
z<%AfG{_M7Qap`*G?r8W>5`n9eL2Iz04$3+qCiu$94<m6fY)A(9Hv5z02R8kIj>RJh
z1_XSosDdN%1RqlWFCW{2MWo_q585GuV}@K10EZA96lD&g8pI<ie}I9d^}6fTJ4^Pg
zn?EM^zF}a|qUC*_fTC?Ke|9*gyfZl4Tf7;E-<;ooas8H$DVQ0LAAzC;!NzamqJ-!G
zE;-|u)Kpa<><6psw!E@rLZ^6vRnMQD*3R3B9?M^iQ9>d$IyxF@Jz9vCU-hDah!Xuy
zE?cIh4hvK(P=2bG#&RRYMZ^};0#djIN-?Yx7wtS4AkfSOvMLV-&>?wX5oj%;tk(V9
z@+L|`A%<1eUtPD)!IB4e!nftS{Sxv`*XNNYFAtg{Y{P+omSWwibzr$gN9RDq+!xq(
zeWhEmc=`B1qLDU18pO-Vk-%3^JlE&T2f0uBzY)<wYiCp9mbADN$t^%H1crjoD9=Mx
z4;Ru#EftgDJk=4f*%#k<3=i7}^$>i0>9NoT-hzSxeoz<@MD$0q@nfwpFkgJ8%|vhK
zITz3#Y*}-R<jhd?`jYN-LItYj{nqeOus9@f1)u{7oX7m{{v>!>&TE){1KpMo)<R+I
zDU&RO$OD0u0k9o^2?9An+Lr^AAF)b}n_qf{V<OHgd8*&f>X9ZSBq)Ng?#XLV=Z4O4
z85@IWAfW{`Yz21gO#DB90KAyS(Ijk;Sc`YQxYpd8BJwC*|4V!G?KJ{OlG$e%4yUs&
h!^~0Qi;h^=QogSwNgF8Ax9@;2CFo1}QdtxK{{#8joels1

diff --git a/doc/passw_hardening/passh_arc_sonic.jpg b/doc/passw_hardening/passh_arc_sonic.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..ec60c40e8a996b053cd60f3e4c4abfb3cff2103f
GIT binary patch
literal 30658
zcmeFZcUV)~wl^FV*fdc<N<ct*2MN6^C6Lf0^sbc9LArFe(mSE|8ahZ19hKgd-jS+Q
zY0}FZ_daLqxp$xU?)^RYe$V~moq4h{)+}R=@*8u`HP>3Xp1l49xC;eCz<?V!0Dv3l
z58!&~CJRJb+UN;P1q@M?{jK08IRKq79s&TicFvA4IjINQI=T<O=lwH1GjV$UPx?=O
z(R`1_zjFrwMmYbZ{J+Y=F*S2CL08&Ef1MrCouh>{Mbr1pf2Uu3r;UH7!@kpw>M&_^
zolG>%V*V3t{1ffw{M;E`r~7+-ljn}#=~*-_W^3c}y|3@-yTtfrb{cBvUv2dFKEMe8
z1IPiS(DZ+6`e9G|Yyd#$8vt-C>PMb&5&(em2LQ;Yf8;S_0swdX0D#(|=g%CU{U!_s
z`gju#2LSf-0f5^&008j^0039-pMw5q`@<LiM%M@EHuuqb+M_?_02_cA-~j*vumhL?
zxX=^`@DRWQ5V)QJNCR%&{GPraZ=n+g7RL94jfI7Yg@cWYi-V1WgNuI$9~X}R4+rNq
z;cbFDckdG3#l<HgCb~<Ertf}da^ri;TNv2rhIjFB@X)z`GhM$05Mtk0yHRxO1|8rg
z;f-5_H?G?ORA~3z0^GXs9oqj$m{`A{`?+}o2VHD-7XZMzaqGrSZ0uj~uy8T%pxu4*
z76!TsArUbtE%rSUIv&lqQ8IeaV^xj#VL`2Dzs6RN;qVGb89TVRR@IE~3BjD)UXe5K
zOKY1&CuCKqnK;)nGBL}VI==Qp#AN5>wtqx-Ly7MGy9_^sKzD<23*8O6P>2v6b2l(C
zurY68qHBGZ5-kHE(LGfRSk^~kTAs%a(G`oJXTQGN#U$aSQ$q~zF-SSSzn%u*qif$J
zyhR9*1Y8xq{D*qqf9~*qRE3$V$DKx)sNil4Zm_G(xq9M64{zkgD+wsjGte?*Ll{L#
zJL->jOqzFX^9?hX(|b*J0#bYkD(t^#OHMw}?ut~DRVC*Bz{$y8Rc4V5r(-T68G3Ci
z^6i)VM`|?A61S^2NAEjLDSCf2xgo^*Q8|6W!)xr{Q~<nF4pgyjmazK#t~Sl%b%ZBt
zWCIP>w95v8@K&D0mx`B9^QH4^<}>)6KFugMKkgEb?V7vuqc82Z57n|proXBr*Z+_;
z@CPf7r{t_3*0<gA2lP(_M&3Me7&7BImj1ztCOMKF<nO1~J94(45+%^Nn|RU!)uLN{
zo2E<2k8r1eSV3>gAXKC6Kqd5QW$P;ntW$8=m<h(-QF#-tY!QWqv7RVJPD|T5o~f97
z;gBf{NHj+(S5eSNr|}>Ycl}^#*>H0CfZEzv%O6Jh@Iw%=i}xG5VzSyeBbfuDC4RfT
z6yli;K_YewJ=hauWo`c)b50VYyee~n=l+tZmy1YMfsK*rA?%A~iMeDfQwmwwYD1!}
zJloMKcPEviv;ab$@eKmDAFi;7x`*&PRL$nCF>+;H8ut0qzMnajc*KRTOsEXK({-&(
zjwl<Pz7=1ZrLnR+9Cfx_7of4M0J6n}lG+kxiSGCVGk4CAQAX0%RGmDYl8oA`wf@?n
z5;1mVcrtBo8a6GShvT}vW`hbNA&e~H5LLq5<(zP0N&_ciq5Ke&ANKyqb*i9s-ITn^
z&Y{oBhSjUzI4t60j60NGB}enu=2o5opVh6UvrXYi5tYW8n)NW$=!4idwJCxFKgz_t
zzg?^eji12CcrtBUWj_d-t>vf5?DIZ9CWuJGAItYvn_DPG{Tn#YV~U74A2p7wm3dKG
zP80}zu1q}7`cXHO91GW3#M5B?K<fvLfAW}Y*ey&ED)F+z)8dRDDE+}IyYt4YG=l#Q
zzzgmqB8A3Zq{3304AXnF)vp0WkPAh(<!0dhWR)z8+#U&ta>p9O(Sr98?dQ)mcsE82
z<a3)xZI)>|tc`MNf=2rq1)i2KZ}{9q4C}i?ASJ{81qiv8Zq<uU&WzoPUF~Z?Zf%@*
zW!W`=+<vMBuf;y`5-zz<S9TiFDjZOBi|rcVANi{5lCipYJI?Lo-8BG@1~c+Z!BT66
z?dx7ZAY$y1S=foj3AelpKF=aOvP@(t7+Z>$Vi^`|UO`AGJ`XqfJ}dsGbmMcHzy+1@
z!iRF-@<$aRm->1(1eHv*F5wFe4FRe+Nl#c;m5tRn6G-Qv%UNEE!w_C*T@v+b?cC?7
zZF-;5)oXz1w)m_&A-VCo_o@?VoRYIk`?vS{7;=`B-|V^1nJsq~r@@zceOEoxo^>gU
zioDtXrpyQn_>t=-eRcR5D&aDw`uO=z?73g#e@VDO_=AyabgSn6HK5WpeTVE_fV0BO
zpr2}s$}beV`%a0fxZ!<j6Oq`racty3M$1~*XC(~aDU=A=HuM$faH8~7z2dSgp+T3F
z(RN_Hr~;Xfi4ouij(pKxM^C(>RSl}Rkj2Ui`8;?TJ`;nh&f^0KuYnql{+Na^gpB6k
zu;9kL(UJ1VT-zTKJMd`q4y3cTJX3d)F7J3>`zpakPqyQh&}Oef!OATBgT>lwKI%c1
zI!DzVxnVg6+l2%3>@l@`?df-Y`)q|H97(89CW>r|Vq~^pC~GHVoHWh_$i=46z9Hd^
zWS-}2&b1$FYTZi9Zw&ll+h8hui{fIi!*MZJalVl$u~w9NS3w$^dV9m!hv9i0At+2V
z9x2h>XNMt!fWl;Cm=DCbPy$F<#i^L5&A_$Qcjd2^RN3(3uK}LkIWYAI+4|FBXjC>Y
z6p@>hdoKQ`U5b-wOt7j|b79tsKhtt50GghAvOYo9M>Q2Nir2_Er-jAOC>n?O(VCjK
zCr;_dTCJGZCFhO=Zf+Ho*&l30GMDG8=Y%s2)ZJze{UW9A&%^+KVychbH?ZI&-rr};
z+VUr+ecm2a5wuzV@9-hJ+wwmH9>%vaKS7P^4|DkMK1(C|ME3(}1b+zq{^a3caH`~P
zquQk&>e8ythMslA!_!l&tJblIX?)^+iBAKYxtzLNZt1a(gY`N`u!R&<1iK!gIAFCi
zi4xbgo60s0T|F==o>0=<yEkwwJMx+L7yz(vw<&(#burE#bD6OsIX4upZe~a-xmHn<
zv2_igz1s1z%KT5U{dY4!Z}4aiw8vGBe50-bZW8>eaWBxrQgUadZ`DQMdHr6|%fHL<
zKh(z#y+BcPq)2_;$$l^B>tSm>H=*)H+N>eoH=4n?lwK>R4z8Z)y|r>NBsSwfDcQf@
zGkgu$?}FMCzbT`AkzLeC`}*q3f}h;mfbiL+;}a792+2b7fgRAm7LbLvtk#3*BQPOR
zhmg{aXuQnQDVmteJ!BF!=0(;-=esEWYH0K<6}Rht$85C+$*pnFlR|;$X*y<x!dx;^
z`LqoI2=o2fX(M+xTsJ>uLFV^z@?WcCnBTK!x7FFQ85@_yjr%j!5KVhysK)9cW%Ls0
zR$^doQ(#UCCtGfXhgMW#orm-I9{R4g_&-ucx{VqsRU_QlQ(b!$G&_+j=L2B4_ZoLX
z^+=eLUe=raXSIOLu5nyH>WRATZB;Vlm@F%&uf*QyVziG2Ln{jkwsOz?z6y0FD){L;
z8e)An#3G}Shz6<$blQF1?Nl__AhLF^D5P-P?<D}2?LQd#ub$!`2o98_RrnIMuQKuO
z4I?TlmK1~nauJ9Th<NuLUlPlJj3rcwxiVZvHY<#VCcXVMiI#R)Z*N~zlfms65ySfa
zG0lPC2=^Ktg@6ZLVRC-`bZ25xQu=2rOg`LW{n!~RSG~)xecte`z{pcOb{Coh`wFji
z=_UYw|2+Ca=K<k<p-DYQ=>xHEw%H1%DgoKHOBW&HwGNU!I;@gW@&K9HI26W!nZCr1
zU=%V}zr(sLL6?hjAhMph$nSVh6&TG)nckV31Vn^dCw5qG(Sb)x1aL}v^?Qh6ub|y1
z%ZGEYW6s8r?v$OKuan0+lSf$*^Fi4Kjm^p9iFqE4Zvpr3zx)$h5$b46z$-k%f~Gf4
z*)W2e#jlJYHQe???Iv8tV<;@O{S${b9CLJP`^<a^LGeBaTejJh#~wJWbab4}%=O`N
z8m*X9k%yRp8=Lo{QShr|`-t%r>LPo;J5S4vU|*V3hvo?0J#9gL^c2o$V18-QrCBza
zum0zSJY$6+E{~4zFu!qyPW4}Y*doQ-Fd(Z+I?sM_i%K`~?>Ey(5t$;+9hWN)+v>KI
zT9K13R4YMx?(*kGIwR`RXA*q6P?-!m<829~7>(HdkW?fcJC{go-5DYV7L3C?2Zqq|
z&Ugo*@LjBo(^L&!z4KPcK5~+D7R7vZmLR*e=JO>T(50EjI(BQ4gKV^c+no1Ux?G#P
z(AjX%d?)zRZ_S>F|CMGkM<lc_;&s#@nn*#l7t0?t@S;-`#RBfT6Y#}cZiRD{vO!(x
z=a_3(>jUv67YE5MIqA=9pO!lDtMO>Yd?{7)QdEEgZmjYA=HFX`VWWd~X3c97%kmkk
zeF5`k%OJQeZYQ`$CmM*9t>4oj+-~Uv8+3fB2pIM~KpkEV9f$q;#w;b<C&M)qr{P$W
z%Rt+n?skKIL2AyDqS6#b)iq$Oe*gY8z`6elK`SJb+ZoOi2Tq{MpVG0(n|;j6#@#D7
zYfM?eXLAkc2^6TZmwMXo65n?XsA6=!23*o>9S-#@6sf&^;K^^CzUJgP-uGpi?i#SC
zhxKeKsc$Db*|5O~yq9tf=%|G~bG9;|$XCzJVyY=X#Ky0|Jqho=^yG}>gocK8iY76@
z(-n&?28yo%=%Ly}VIMu{oYHR#DT~z*$1F>lW{Y=kG1Rj%_(B*vC=?C|acXC5a~boZ
zVrdyGVTj3~mRAq15>L~f1a_{^1!gP>xH_t_4QdqkxQyn9P(IdD0$El{B3|)I_L|T8
z3e0@ye0B{Wc;32hNi$c4)eo{&^H%lAa5qP#tcd{tK>a@nCjg0o<^>sC@&hSNaS2Rz
z=3m0Y{6wND*{0<#;1_ebBu>X1<&u?$OB<LQ`(KjcY;+Z!%cvB%G)sfbANG=gq_>Gk
z_s45!4d^+CEqEm~8ZIB#l#izTVtF7uRuG>W!0>st4?f%XYLipQCN@O9OHmt7PH}u1
zsM=8dp#OBI=8o3b2lWwXWr`kg_P6%z6n+C)_M&5@+xt^s(+r+!(w@mi)Ql4^(al6N
zebBzTS0!?QEozw}j)-5HEP8l5G`Y~6DcNVM;0&h+r<KCbs|Qc_jx(Z%lc7HiM2d4f
z<?#tN{=~pENGvZd_}e^>@#a^7Rm-N$*1cDg@gqHZ>J(v!{3p#5^EuRUfcMYbJ?Z-B
z2SR0|tt7Gxm+I1$I|lk8iiVI<Zi=;G>ztU<LME_7j~$($1Q*9x1F3ggGT)qXWl=9E
z=~#zSM+tmGjZO^9v}wd)t!XqS>Nq%e0NG?3o5W~aZ1$j*j%U3bpNW+0)7cd<H-A6e
za?OODCD*kfB?o@lR@<x*4T1K6=3wJHoqE)pS|pAtZq%%U)V<c^ec6WEaGl%f4l3q|
zMmHsj9++XNB_ZRBLf+f&)p!)AY^yAKs$<&WHN?#u+y*b7Z9HsJg%s!%?b&q9iZX<9
zH9J@^aY<7|nt2k|?ex3Ue<dldXoxzpWJ>TdsG*Hus{CZ?Wk)U(_L|Q>SXHvXF|Dfv
z)X1_e8UZI2z@)orZJ;B^?nV)D5sSPWRiTA~_z)ri79i?;K!^mKEM}9Vs_4E(O7i_K
zj!IPB+wC>cWq~_G5=}ZB0(~V9TP&mtEIZ=2Gh-LG?3}bxB{poHt<;uR*ouyEByXyG
zUeM^2ZSqRjM;W+0U*odT+-m4Ni>Y!LkWsc99`{nhl7W1)z`BJe@nM3Ql;99&{7Ar1
zv9Y$ySk@2OgRtS{Uz=8l<QTA{coLhB=pXfTOUiih;Spv|5otuG<^fI;(kn!`!A(KW
z9#I8?Z9bUnQ`a79U71Q@v_rD-CFHMt6%QI<@CxY``YD2L`T%z`q&%75ds72Hia*<3
z?70x6{c!SFwZg~~x2#i{Cun-Ur^~|7D@xwMVS<9AeUgG)KL+w9y&bA50)7QKU#RxE
zcMS+`MqeB@HPTE<t9UTz5R_j84T!90q=a!=FtQ?(m6&pqE@GCD%#NqAW?y*v#m1R5
zrX_KG+vnqa=M5sa9&FS2OD@?%TfcI39o-#!g!O+d{bfIgeB9^`#WeumK&st~W^WC&
zWt;k|Ra0)X<7JDe2LF5L8sA)Mym1*1a<#>qfe{0`g0S7eusYgdYW&4|P1qI~bdca=
zQ^--i*EC|6dVGq+<I5dKXs$r{a{C*PxF5~Y%Y@?KTHS{yO3mu^D#$ZLms;_2f@Kd1
z!B)J7Nl8hOTr;0_NL;0Pao<+FAe;C)ZK&N8N~tj+9ZDi#pBcM6P=0n=3ODs*%vlKO
z9}sohm^wob<ZhnSM^U##lM1JZmd4bFpK=K&Os8h=E2WP3Q-DlZ5C=ODrc~8(D;Q2q
zZSTNf_MH%g=xjWOiS;`FTZlIgnNyof8Ut0GG>jxWaRL?|H#jcWk3e$;l!)RX0yDaG
ztYQ!u8Sg#m(%s2NW=XXu;Rr#esV!H|-cKF5(U^8Rsjf^^vB-xDjL3xB)y%;xqY#}W
z_ImNTV-5+|%mHJmstXh9Ja=}8oUHifk)?yETk`0ZQ0Hs<Lqa0dnY_|&%J|)T_}2i5
z{sPB-U)*=)XV#6B-Bs}9?Kf1V&*F0^8A@YEb#P%}^U59Vp>^jSKCZQ^hO{brD*0o5
zedeYF%T7gG+*%Y2!knG@{+ytckc~7;r7Sk723CIJ;FVbFb(Rk77K;8KbLmuIDqk0O
zW#7KOSzm(yTPd5P`&dj)N3s*WOG;@x+@{60*6u-%?7VGek4$c|e7A>~`LxGc#+|0R
z8P~4B`9}a?>Z3oI4(`^M@`Z)oZs}SoWc3-WR2LYKn^kZ?J_x%8hy-Y9SaqaOCUiip
z`{PKw2Rofx)T~u<!y>O1Aa-D|z#^WL|Fimgui~PN)yM5~>tbRa@a=cEgpbGY%=eD7
zgn>5AEd#jX9dB;$sv#FbZS*Ghu0DC)TX$QUAw3fFtrLZ_oL+ewi0G<Ek=egW<GRo@
zp6`l0zV#_zp_OzJRk3{ewqNz&;w+7mO&$;RPC3Dcv%=n_>-^WB*!{*rIX;d7bLOXJ
zC#=I?J8C(%UR(p7^WO79`zc=minz%QIlKnksu<!=rwSl`%qDK=K*~UxUTS6$@^0Dr
z4W$ypNabC-rp<uZE&W;DW;R}N_MdqE_lojwOacs%@Xb&|A|W*7Bj(;2u)G?Xb7yXG
z5vKz24?RV^CA2j_H=<E{ieQPfDDy*m_n#HjX16M4&8EW?ch=_7JH-c^aSCLtLFI$|
zt)^KUjAJ#d$qWcS0Pw>;{RV@5?=t?B_x;Qp1ZkbfiuC#k4c<*I4(eBJTX7``6fQ&*
z&%V)Gz*4!y=^2Rw=hGQmOR#8RuWb8Vd)iBSk0ytLfwsL)8#7Izt!88^XM&tzR#Rt7
zzlHU;n{e79POb!DV;@QDL@hx9u|$x*E2Gm#(^9-W_zG?QefwNn{*F~pl@6_bRJy6f
zreL11OZ7>;A^1{M3sy-kP)kVHv>9#O9@Z94C#qanUHFYm6)Jdd#w%QIEjK90>XYc~
zrqfV-%WXH1Za>djK1`|8ZazoW%xiqClaIVAj!8yP?HxqVQ>a?NV6}bNpODB+oOZ&w
zPij4}H0vFMnx>++wW65Z?F7!2vW^~Ws|Jx1U^H23CFjwM)1=|shwZLp29upTjH^?F
zI^i3xu_hI3*&&>9`US#Hu8Dmid#@w19V$JVyGUg}f-biZp2zHU-CFzGSbddNx|?`S
z)>wU<D`v{36V6(oIVGu{Cu2au83$D(HNRmGu!0`WS}sK$s-B@4`$oXk@S1maqEZW?
zXSj6ro4kBGxE!5~2%FsaHy2S%HAakf7tXw<5!k&&gsv?^K1roFn^pl>_y)$BQ;?T2
zEN?4UxV`&W)m;LnVjFrYyFS?}(e6n;Q2k9wg2vsUb|Z0j4FDKi`jfc-mn{5Z@HGIt
zVf*R>?KNPh6nhM;k>l%U;Cc<PxO)va*7W<cy$sOB3~71SHr&j)JUzugT;^LCn8?~a
zFqk36JD1F3I2+<5<+a@xO@vat{Rnewn`zMAzo5(_Wij+^`D=3^XmhoOHqMP`Mipp(
z5PgYdBuwK@@V0Sby_Pi!YJgZ0z1iW*=Hi)8h2GHoc5+(g3+j<!NAR_A2AQvv^fGkz
zeF$aSPL=%Z5SJx+H94hJlV)(tCyNAy-WV+5R+|xzxkcvH5>pd3aYfDX=Avukd76^*
zk-ok$k8iFfh-T)%neZBrSj*<(U!hi9CgQ63flXJTDr3oxhBO7LWY_fOP*2JYHg-w`
zHtwKQ013-o1KQjhv~4aq#~vv_uS^_PMOzOLFyGTqW#M0qC##AQbo6?y`a;%v98`K#
zy;etcl7m_iV8|IZtk_z_$7%q{bD*`05ANzUsO(;5<9KDJsP!0zQg@9vwRV_mY$#en
zOrky^X1qsBtMA@GG^`EV$9ohd=bZuos!#sKSHGWNfS*|<b3k{tpRe>Oc{?Y`QL~K(
zrZY{$>I8C+5ks~?eNAC~&s17NLzYf*TqaOc_*Px!58u=5uOe3O2c{|5(svTAx3-U0
z$IqU`U!LEsUo|w?YVI;SlhE12p;q3s9oZ{OZqP?vaZ89^Jx;P-hE4nmx)ABZ`Al$>
zZc_5r?+|sysbXfw$_a`SYGHwf^|10zHUqdSS(bV-Zg%vHuWVaE@R5z~O4XIzm+X+|
zQF~WfL^;@p4kjuY#^~sE?O_T;tTyFSJf^t{MhaP&UIW-IAz`m!r4Hebw#Ek5ZpW;U
zD*~M;YK!B7bSOij^6)y+^ncM&7!ru#kLKj$WYtBK_C+$R>9p{3p_Da`iWiTLtW9pY
zq<VK53-dc4;Mf<M9{TMh4moR(Fl~&c8!%?Z=Nzb0r-nXO1;v9wqZe5`*}YSCq7LxU
z7$;+`Bvw1(KKns#L>2fvAvY}afc;lCev^6<QP+d*FPUPiHl#a@wWFx0sTA9WX?+GU
zD^)_fMV9kRdQua`ls?`(6S%h8IG?$bC1Yp)W3^~1XfZ8q4M%J`E~J!wxz$bJym4eM
z`>BTDo-=M`Xjkr&nVN|E;FZCZga;yu$xoJ3FP1)eDIQ+~WU$)NF231X01WdMfA_Vj
z-nlk@Z}04QE5l!Nm@582>A`rVC7v!(%^p2Sg^qW|c=qVQy;8~xx=qyiqrhuGLp8ky
zHTSOV?(~NN>G7?R+av1<NhEnWYf8EkD56r^ynCb$$$4opoc7NZEEGPh@K-8X@n_aT
zkQT7!%s)Zezh+73>j?M@Wve3O`%iL5y%!#nxnBc#aIN@RH#xwDdZCu%&tBL-S++E@
z=}AW5^v)Naka7<Z5k2<!O<nvRw#l#~`pu<&6Om9iJgv?AnQk~QXk%l!<tuj3B5h|{
z><r|va2`XZCMiQPrh?gN{^Vw%D5!hM)g&wTRDXfn`6BB>jJiR_>c~QuM-1^$q^jOY
zewfdGix^5yVwNL$L(@!>%vZ$`+ogOtrhmm=($Hmu)O0F^la@$>BVK<LY$qor!RpC!
z{J88bfb~h$MVTh0B#W;MueR%x6=II%NCl)QFo@SCd@Vi{Q-*<z9~gtU+ZtlnBmO~Q
zTe-hdC@t}erG%DX-<%|iGs75}`Kj~q-h6KR!Sbl)73(rh)0;@nkAvd?_T5VBLY>$P
zgG=#l+VQps72fEkOZN#yofx=HwI4*iQpZUZSWkt0g51iP!>TLLxzb|4oe?XU4J;95
zam0yt=t2&sg|!1~!3PSmud<2olEZp>u#GynP1C<H&OO3}xtc|{Z*@sS_Ul^=*H5Lh
zm<k#t`|?{OzA-UpP-mm|RLCz^z1;00yz6xMM@xErxUSMy?ruKoVovIw_i5V9<LIdp
z(3N5+(&4Bt2%C-Y^MW0z?z}d534mpppX!$g_&m7^f|qY)bu;O7Q71rMdGErfC<i!6
zaf9T!tazCjXnpTBBRn$`rqhy49YlFP411N?Cp7px`2s288rom~y4(y2{@hhidZE@S
z>25@=my=ck&{{N|fK{=cG@f}zNtXuRPdBG`KRYN(tYYe)vcyIdnpUo5^E!$U?kP;k
zHQaXid){eyiJQCCM;|;D5fHQL<kdW~A1I}y>gt=I;!Cxms3IXQYrmAvbKZNhKX?E9
z`QPzQBYFbedQ<7Opa{ZH98R5~$`B?{7u4QraM4b&N8V2DjPGCVWDrm;^khA(-@}{2
zg1<5nv~+9<)cX|4_PGbL{$fmpGbq%|H-2yOSiJH0K*f=3`|I1AfzurMMSZ@QKuNL}
zj!vCLCpF!nK1O>37jylQ!8Dmi3ym-Ete{)TJ6zJyCqfDpHHA>Eo9~@H<W@l0IzVDB
zHq}xrFuZIT;zr|hZeRKm_s)OS>6zQmoM{}<UZ??6@7T>XwnYUsC$^Ch%e9mG`jfTu
z+*ngMLSlbsq0yV=e-RFNc(;lSfs#zoS*Ilm<OrOAimuh+G`~@FaBTh*9EJnG2gl1_
z!kd6i#Oz`u-_#gK!|W9*MUDKX3heM-6c^d-dZ2FSr-eS8O-#=l63Wd8c`^9KFNU61
zmFQ9pkEtOpNu^_9WcC%6jnK-0Fy+uhnsY~z0K89LCQgAdfuArX`a@)hVXycH>v90D
zItO~jiVGO(rTK_IP8BPR(I>P#ysq47j6Xx~j?8|iii0@-HeK=KUP`D`aV9!ftKx`Y
zhKo?B#0~5ptMpRg@XJnJ8HiuF74nFkd?RTMdC~QieYwxsspci_#orpr*hqcjdfUub
z?|cccCg{EY$}H7k-8tWc2g^3PY53#Q0>4*lIUq+VGIU@uH{iHExuO17qc+2iRLO-M
zlo8sRUymU&>Cm(0D46j^WIYsQGY}sY%oeY}WkoMYpG9-8Io30C;wj+X-y6z~^5Hu7
zmHVCfGT2jAcQRr{h^#`ZE*d;fzQT;%_cqvl@9jm-Yjwqc`D_g!Ir%$7nf~8&&rat5
zn`!>vO!HUP0e@?ziQ;A9t?aumu0iHtrd6FV!lq<h;Lq9|Wu*oZST7m2V`NI}(fe8f
zBwg}yDcO8FJKmRH9hP+W^TQQO{5LCg!^4&^75l{Q{+F(gVC99*FOb>JRt$~7M67JU
zig3D~C2vPMp@UKcWC+>-_RBmaq#+TUFFPQ6Lek6^jZhpZF?2PHl*#HgQ)`QM(7GF%
zgXK5{&3zaio4pjMWXUaT7zsI(jnb$tyH_;uu$?`B4br#Lk@e=;mOqyZ?xJPHEA?S5
zMn~qb@PSiyAD@`RQ2F0igJ0(6#!TX1Tsv!Y94v*5A{#+Nw*5iqGyvrV(Lo54lA;NL
zNq4{EV%Z?7M)gG^RMH58YTeR!PuZgHFI9d_^1ASHu;RSLg{ln8JjEHPA?<I1M=Cwz
zAvD-Nb=+O-hWVILDt7rsT&2Zkt9q@-)!!)_vHDs-?mOLMROKH8(DGC&ZplRN+*&jG
z3=;hBD544J`v#?@JgA<ImuCH{=90uVA7yqC+e#P<yatE{Upbfn?$-^fsKslh#VJH=
z&4fhK2Brwihn=~uj1)*5mY}%4riO)ub$1VHo0r2hJlgvlyxL8L4)a%Yn{i$51$A3`
z`XW26hRxSOP=ym@E&AEj-xHfKfmeaRpvj94yyIhhM)uedJ7mx<B72U?Ev}wn)L_LA
zX+7C}f=~=|7F8;46}S=P<5j7$wfJH9Ud*%$<i+PS?gt^EJrOh>snHz4t4SF{C<(?x
zMpn8VI$DPt2HOH<XTJtsmc*S4p_~6<b<zj_TZ(XW3Y@g7!j)1@*s^?_f{pLjn#I<E
zs3j3S;vKlsfd|ClnX%qIyb_D9BpiqkYL&;5H0fX)m1i~u-A6F|zIsbZ2rF~t_bX=f
zH_%#XXLY5)J#@us$X&C#9Nyxq5K-=rzMV%xjz|6vi@#BdNfa!&xBF>K+K}y%KPEmV
z)@=E<HtmTlW-b|sS8Cev9rWOyj4l13@;TRgHrFS5P8tp~^aF!zlU+O79QMViSV#|l
zo>QF@mm%i}Q~h(zc}Wz5<CN>$d!=`MZ^vby;Fk*fb5S!LajUQ5yTjq<{9S}qVS)Ig
zIs7sD*vGKO?(?BxuI$EqV#iQUv5qY#5AwsL`$gI+dgEY_z|#RWY{5xzud0J|KyE^6
z*-C=@nQYMSvOlS`f4{?isn>jIRbV8G$8^E9)H>F<FkbXh`{i#nWLJQiJi*fJ_{H?a
zc_Ci4KJQH&W)9>>-w4BHXJz2NQ79@(1No6&mT!(b2eYotq3<DMjcgwSqJ<)D8?cas
zqOA<uUB0nK@_2W#?WUj2<!`B2vo^|p+>2y*ac(F&Jmcd{pntNx&@w}SYb*U0#8@{j
znYw&rZDkZBl;~<BW)af?{gOm0SCv9*-ZoOHc(n776hK(AGC3PtU2uwNoqO66ACBHO
z60!ltw5LV3=9!u{w?Gnn-c#Ngy%3bFt}1KWUY@Da9Cb^OxEGKs^CJCod$LPSL9D55
zLEM+gt0>a)?|PENT>*JoHwM0LYDhl@q90wuPh9v0KmJyfmHE3J&=0PU$Vp;oOMbJf
z`li|OR_)MfSN8QaKyy=4!{(niR<-Chl+%<Wow!K7Bjin}_(|GIb<3-@DBM<H_;FRD
z4w@H7Gr^ZPL2bHxy)`6iD{Jak;JR=ob<fI*$dzGfJX_q=2NP{hYK0KnR(GHqO)l44
zHsD(Er(_p-Hyu)GOr|Y4xKzMwEmY&RZBBBNPEDz}8pH8ve(l_OsI@gSr9$w686gYm
zB2(fwp)n*vuCR6`HwKJ0N`rsBlim7j)19*_t+V2%Tu;$DqtneeTfw{bI(t^9)x&AM
zMxEUArRC7b9O`DG4X6n_mnj%U<%o;$BAI=Ev9e>@Sny^bA&Fix?=@B>ePYV!k=?W+
zEVOJOgxc>(@?$4@K2GE$tK2(1N~P1D*<e=yi7mT7Ta_XY?)oXh@s!8HdeW0tAx)}I
z*CaEJFRn*Fc$wbG2fC1vdr3FUs{7!Il3jKesOyBQFQ&9*SlCOx-#>6<9YJpnBmfqI
zt(ocwcaUz;#~HZ>kA4##^C!6aAO4JF%-_(BrBbS_5T0Ne=f|PZ@Bc+>IF|{J3lunN
zX24L-XJ2~TiSwAt8f|HxbNnu*;byoY=t@ux0utf;QbMt;=)5kiA|FS)|5|uGSg#p_
zcKk!+J<j@+061bP``bf6hw&0HM|eMkiP?BeF;Iic3f^1lk@YQAB0&R5=q@Ez1(G)J
za>c=@;sTeQ6xq<IMu$$tkasi^SrY0WNfK<xYDKshi&(Ri^!Qh55C?W-u3T6qk6TZM
z*?+oqQ=F(T_sOczatC>mp;&<i7K(VpLp^Us{k;z91uS2ij(2%ph2y-VPth7Ay9N|6
zaQjs}gvTDYB7m+thHzrEZe?H7?nPC^gT~lbDyg11k(tL(=igusxS?aT7(;ngGJjR0
z&PSNRz1tIx#<0DwZV?6cZ$?EQ2Kau4Hm2myutyjF(pJb{U5$W%EkR4>6*O*{Lu)io
zZw=LGbJ=OHmg=XH(Xx>2W%KG_sh{~$ht)D5+nFlWWIH<bJ}F3<N3(VyF<Ka`iC=Wy
zP8?|Iw682;CRtK4DC}a+zR84y;rLY-LV|p_P~));P&LN3h<5L*v{ZmQLNj*bwju73
zD2?((727e!uMt~GQBiY>iOm`m`huij3)O}gNX_WM3}+8xW#91LaPGtDdwQ%abfAky
zf=9n=cK3|^g!1h*pqSscsFvyH;CNa8^7ksZX|bfUWBRV$2TmciJm>LvlpEWtM2<?9
zsXO=k5<;DO%JfN4k=s4@YYoa_rFl!YHzhcY1d`S26;3+N$7*p@4^1Yr4IqkUX8l3q
z%Vm#YDz6$7jZ)M46I^Z>j0D%q#-|$}2{+?=C`M>-Fqdx911TTE3;ig!=*?K_vf5w@
zgIbOXO_y}-Y|~n}8t_D8l92<3)qUd+6Xi!z2_pW_tGgbvS+XPQi95k-7jdnU=mlHu
z@1p;Ve<NAuCz~9TDN3nok3F0Y*}RjUPpUBIKK6<pXNtKnC#p?)9<#10kelEUgfWRd
z&4GB$9H6#${-SD9Vp)xgC>)m?s%{ut5Lq{zO;5iAq9=OvdmsNiip0l%Q-7XX(NGn7
zlU~Nk;gp*(Z`cS@2$p$7OLk(~iMFv|YpKR<4D%B;P-R#dI7=A#<y+WWkp}ga=@f^f
z@g;p96%scjp1>p&yF08WM=J|L@lWRe5r34V<-z%LRDwM#s9Wu$c`U0E-U7^R^t@)b
zOU}dBK30;>Uo;Jx>Z?obgTZ>yJK#U~{DYu9)Y=vN6^(MMYk-E0%&NOln9J_0fEur3
zaA}GX-*7|l8|cLXMNHRm?Z<gf>dq=I*4d$kgUI3b&M(#u)BB)MEy6@a`}OtOS5j^l
zJr9Wf!S`mXfT3yFRWd$BcZ9LM+Ek+@50tA>fW?DQ$`Z3b>_ctBQzQ+hjjiBkW=F<J
zOyyoYJF7BLQ}_A~J@U&w%<yln`@zCY)q`#XW_=wErW0JaGhIh35qeycHxqK~jFr|)
zshIHeK(&$gBVKF?@hT3=$UIVQXVRa8YB3xN%z@!%73iT5(^X%rC#<*DOmSn(giFr7
zScst7!W-4JilR**GIU6eeD$F;)C9d`2C|7rR9F`6HR?C?v4_g3N}Ymh5<H;AGQTJe
z%LGQK3cejscubh#kQ@{=<aopBhFVIohnjY$Fk7Emg;3ZUlizZLqzkZmHu>Z^3*35I
zj;q+y`P6<?d4UDB10LnTvNPjWe)gIC{L~bCl}iIp)266X6iXiD(%oKGbk}s*yn9&o
zbN>1RQoy}B-KiW+ZDhQ=LGcUy5_r;nsG0M?p~gGEy=3eZkH^9zww`rU4zQq$!%GHH
zVi$X;HF+1Kj+HAjVQTw_REMse9D$S=BLYnP0Z;kWF?+iV&a>c|RnkS98%E&;+W51*
zhN*3XJjeUpguVJjq$N`tVXpX5rkl~h2I>!bI)|cjLx)s`rMO6IEym(m&C<23=E>NB
zd0yF52E5)R&!36GUop)`DLc;??g;3sXG@ApLIBZ?Bi>>?W~mpEH@j@jXppBhHWG{I
zhdQd0g02C-8c<%q7SrE_UXg$PpD`L?#?1!76J(qCYqE=nCnO(RJGg*b<gJU5-Ty<T
ze7DP<;~S#SJIUkQcIPMkV*aNL+{L&!84#qS=%#gefZy_#p<6B5ab;;&*C#68^U#*U
zEH@_;?8#(e2_@1a?g7tf*bpAN$ugGD7BuMiiS>0eQ#v#Vg+PbR>RG~~E20zJfdn1t
z#g+{6FV1#cnD4^5tRVI@!h(c|xhdhdh{V){>U0CmBPKL{RnBBv6g8hz>xm}>ei>Ad
ziynXXbc^c{eKQ=l9{EiFp5w+O|ADlgkpF%DXaR4T6gHdwl;`|LKiR|!_shak0{#)c
z(QcQ@{fW!FeGhRc@@0$3i%(+drI=>9KE|6ocJLCaVN_<7;QHKIYasZdAl#Ckv)?au
zPH#B5lcz^hH!Zl`oQIG3zQcLJK;Ftk+pp5RhQq=xdNcWbKH09PvUSgY>Za|J7WxM5
zy*l%9<7+?w!?G3WEkRI1{=<VX?~6(d#{@S2VgU^ks@DuakriVt4Q!A@)ruwE!N_4$
zsDEiPzgdWmdE7M0zqivegQZqWaY0s}Tm_gJjLIcW6PRcWPat85L`TRYNgqsS`#psK
zPb}^elNvpwu8{&K>Af@i(8sYKcLJByx-8o>hN0*I+)HV!nYF~^ew<n1WGdK+SjwS`
zrXg(FPRUE?9xwkkeS$`FgBNOp**;e9nEtN|iwD5f=d}4)%mM2YD;sO#(&SY<m91=m
zpRs*<|6%|`srf<bdTsNpO<kdkkB1L}D!2iK<PS4Jl+=h42MroqC<`qgtEMRRya~J+
z0B_E9+(4mJ;xA>k_d}o80^W4~<uQwv3{Q{Gs_$Oq5POY1UR>CSgsM$hQcFnP!*t%q
z#P;&cBDQbbDA7CcH0c?+FAV_dYa8>i<2(`2%F!)ldg0(Kq2<Uqu&p3d%Y9s6@=<hO
z(fpi*-Zx@YFXwqQ`c0&iB!!Vg_fCl`otwf6aZ+O`Y!wmj5cp}1JnTh&K%uF9zG(OL
zGkMIHn15%?B542X;L<L!X1AlQH?lXPaMn^VCr1n$*qWWfvOzqW;-nwj#D^f|ZM@fj
z0^`ef%#=^cf%UP?!hxwKUst2(W9!v9bt;R=w}20NCg_P83LeLVXV62)(5CSFJKno-
z{?m{H#N>*zjIXkKJUecg$4aUEyimc8a?i>HH7%Mqpwy7VSF67$D<MxeJG}KuHGTaV
zQ_EWU<~Uxo!BPWju+<v3X7eM<{56BTGf_5K=@~}sH_ykaMi`TaXQ(8=v4!?z9(s%$
zb?J|D6Sq@DXaiOfn?&`kYI1W({GWD3JbLB#AcZ#sx<OkBot^@x)#`d)EX_*%6bsLO
zl9VQ@rV3nAp}?`<sJUCOJ;1w4+Pj|erT8_@G9RJ9;VY-S>0^h=B_!b~+Jml4e;F8U
zum2^+X?~3VJpaFV;O9aA|4nNDA6E^Pu;oLcSrz8x>L|9Q=&v9Af%t;0BOMqr44BGx
zrRz#2<SWIT%I!<MiOIwfLYJfP5l8FAw^>PVEbljzZjY?Cs)~ALFVz3_h<m9GfGt|X
z!*z_~byi(V7ac2-&3ifHMg%`<VG(y)(AlnId{(O2SvKo{(tn>0w*LCS?O%@RBaro!
z*NN4`>5fp>Lf->9R>uO}Dl<)<Nzmh%GBBgdlh@3Y5?};3dclPKch-0}zue3h)I7|q
z33F76$XjyI=~u$(y6>|ABK|XT#BD8MY|iMjQ?cGzA=$gPchcdN`_63SF{QjKL~w*l
zAK?YdQAOXpG<Yjwg}&zAB<2|mQJW$V4R3z`A>JGNBL_pZb(kr1a@N6RfV-K=G~P1|
zy*6H>Ek6Nr+6m(_nRtzL^gI{?>G2G=K^>s{6nawL*vc1bEgK*RMOc5o;>-Vdf${yk
z&&hzjv9u|n(1RI-$z;SZ+$awUmeq(xGRVj$#uBF36Dfo+)`FKrgJm}G@|c~!YOp%3
zDj_}Yhj5g|MrmoU{+gTj2!>*KGr+6R&ut>GU^6=1-5BWzQ**hOCOcfDf7-1TrWh?7
z4?_$l(7$1b?Z(yY%yn<KbobwqStcM#(IImu3TBfxcxhIrTx9UJDKsy64C^+j(Sy<C
zo(lEs;_eR!UP0PYIDDoZu~HYx>p-;@<AOO#5%n+H;7XKiFoa?K8eg%|x#PGw(Ucah
z#@Z$qsl=Du^o<ah74QM-@>$@3(pGNX3+BoZ!`9`1izk-DSQmb?C@HQxgK^BggqD?&
zdPOh&9B6~!9CD<i=cP?wm*Dh97<NyHD<Cy|<SeP4TNGtXPDBnDnpT%*&kV$#A_=-B
zlVoP}l6B~x=s3Sore7bpwbhfdsu-{XD|Hn0ua$Qk>}bzTb?$DFwq!uo&KwGi*k-mU
ze|Gv8@&7L;_Y^m-I%fEcYlvn8V#||wS1QZ6khrQbwzNha{LgigLz{v^ZR-i+WVO>l
zOW}?z59FVpkFEp|ZH)Rt3Qesf2Td3~6+6_F2)!3XTZRWLtDhC$=JB+=5ppC={LL`u
zkg4U1>mO8^)rhOuW$b`PW7kv-pu>|k`0S198L^SG=pPiXW=h59EqKw~^49cA<L0RL
zORa)SoHq?re^9_;rOAUMUJbjwBTL~OvJmr=rY3vdu9^DM=fTTio-ux#<~=B&4u$$m
zp(<fkJ1ZMBC@dDN7rEM;ACUKE9p&Gdp|^oaovpTBDl8dZ2DSt@)bAIY)h)0R<2l(*
z0AUn5A_!=FK+vduY>uSw4?RxZ@Y*tL6`O-cgr@t<7@tspKxg>j;)}`EbCHrJ{F+~B
z;Nx+OmW+%tmY~_N$hvNyFs(}RjG}KeS^US+KPZ07Mrxl<tI~OifdVY{DSVYNkH`<n
z=UG3fpE!=*BH0RH-e{KlqU8PI2Q{E;*OgI`T<jKEW%cK_hL;MO3{Cz;Q}0r9v%mkW
z=>>8DZ$he<NR?g+XE4dct@OD{NUVg!=*v6aUP)pd6MRSDJk5LuK@LmNf?#EAd~=wj
z@=~i+bRHB?U1p6yvSzylJ26lMg^l!ihjmBVqR7{uokV-^SiM3&FUk2oDF1&A728KV
zhTX<K#iKrc6LSQAQ21kcTkhw;BGij>flTr@raY1w8<JAiJAr>t0l#53Y)r4oJLL)f
z4~NPb^XX_$om@RIBOGr!@Qb4`?xDM)i{6KsA8-VPMXqypPZcefS#F%FR8XoPk918{
z0M<vQ!HtE14tElytg*c-Rc*2v38_1cc;e52-t=_>G99X3{Ot>5Zvi)9e-^QQUnK*{
zd^eVS;U=HF=Y0vd&~J0KU-fsr-CwTtG9NcI@V$33Q~<d7<j)%ar#w7(@-^VbM(fy{
zb6Gs063hHu>f%e?Ye4mrs_;h1-H(gZk>IYA_1%}~mz*B`r`G8IG%<3&5Nf;zXc3?D
z(%jlPIB{^hDq}u^OZ<{RRkbWpxxaam-|77bK=ktG#;W}Do$vEy4?IPZDznh<5%G*O
z$hs?u4fh~{tay-Uq>RsNdV2cPPFW>$#CnZcd?tU;23S<-7aHeWxxW3e6$0JKy1ZVB
zXO&3@vHnhLF${;JEk#6-=T~ysAPU^Dq7WZ`U*gVUo8>Z&JdY4LRb+gx3ImV@MSmC_
z9YN`(8F0pcEwC$QEN)tNkRxDMf=HOuVv02d>z@<^b;s4)$#~kyaFQ5|R%^Ja4GgZ4
z9XF`hztULKNwrP{lJHs7jz2G9Eu{(tsY$r!so9EIFe^*z2aDb2-23{KR-iL`MR+i4
zz2qeRU~@^zJ5lQieUC2C=e-QjPONPmviE#S=nDvnnw(uQ77zI7nJ;7qaqX0IdSX8*
zCw)6>w8y=YuZk8#u@cLHDC5eE1!s#lEgiDTc#(K$<sU}ICa2mamXXYyl5RIF+8ZBO
z*>?5U+rTY#LxWF|tqz3Ic*cH9{<l>3`;x^KT{+wlWQ3}Fx%brK&uwW{X6i;F2>F)8
zmci|wJ8?u1c1C9B3^`fe0U3evNn!tRrEs`<N9c1UjQuTbSGLhI`xcaX!f-X=X`wCF
z)SmK=9bC7$^G2}IG}Ty*ilJpJXye<QinG?hktiaYn}3AgL-g{OdN=GX6?y0LU#i(t
zt>RAhpS)kLRG#dK8a3tgn)|}H8DbmbpvT%F5SxtN1h$&=Ga}PB4lUDv2~hnH_`<AG
zl6?8iXk+3s+doy4Z{*~T##O2BG>cB>T*isTZlqj}$%XUDBfzby%%8FK5Be5&)75<g
z^j2%|Wm4p?ebEml2e<Do+Bnj6L@n$iWU8qb`Ypen33BHK-u)?Xy8mL_+=(l_O{*-F
z4ZRCSvJ4s1aYJ6BevX}xwKUK&xj2uAKdmyDIhc(z3{k}&zj{F3%e81i>FT?b|6ZIr
zJV7H(;w}KN_2p0G2mIPw!7{~bBNoi&{|tZB!7K|S=P|pTJWOSkR*!Ujwi(0J)D+BS
z)$VjOY9XWV^O!8FE&ZJ7&9MmH%r&6h1bX9rb9(Y;GSiDx>x#Vk7EhggGyY#T`aP$=
zo)@^PJ@F~&YDWKCM?*LVCa9uWOqe}BUk9ERJ4#c`^VPa_C%Y<nYPC)}_U`Hv^}!6p
ztXy81Khao+*k<SoN`FeVyTPV>W~k2dm=<XR_GCCFjI#WC4Pc|lcP}2guq72<CeLG#
zn-5eXAk-OB>GzhKR&-`*4JLsb45n|D*sBnLb;HeAr<5L_RZ$-`UTskQ(Ql3dpttjI
zcg3u5{ND<Ei=A?$E&5;O&HBNNuN?pPF4D}Be^NB?hx)^Be^VJ~<q~iCquqZgM43ub
z(xXvbaY4sdaccIKwsuodDQ+H0HJB&(b^g8`sFj=wn~@6JO0t%@ne8^V?rXqchKldh
zmC5CD1eT^?ejq(3xN`fyRivMog>(FO+J!QITqn<0=NV_1YkZ5Dcy+HHIrprH9XN(+
zM7h(9(gga!w&^vuf?ej7gZWlo=A}-gCpy?%2ou;&Koiq5hta6VMK*cKZ_iKAyT(W^
z%C19~rL47kIUp`o<4hEP_zUHK8e~9}wLntSWPZYTPP#Jr^*6Zqw%g^X<x~1U@p4Yp
z9p&xq`w+9rEIJ(OoyUI2IvCz18I>-~OClDb;QKgzCi=@GW_G!&5#G~%dU*C#3u=*&
zAsGF7JJ%8&P3A3yM}HP-|H$K2a_N1;Zo$4Q#$>!~HnlZGJ1TDzHg==xahXA&TV_s|
zLIlImfS?D9<N~&VgP36qb|+i;g%y#p2CU5rUx4@moC0BFY#sC@b3ao&<^|><XhjlI
z=Qn4wnc3qL97+ToXJgbykjrYs2MOUlHeoGhyrgWQtK^gaDwLTH+3Cpo@wsHbZ<E8v
zqOfB0yVWAzlGgz9)4<~hky{!+t3X1f{Whjh8?%gIbmUj@6*?vTea^9)9f3rL5XeQT
z#Eim4lj~{MAmVdiq0ntZH8z|_l{&%%^H}Gpcq}`tNe+>pPf#-s4Cd=}^rszfO-W{}
zhu&kE@mv^67WK0Y653XhchgqJ_FA;Oj=p`nNk(=*3!<8o{MP!@&qDkQ&2}nayJFdc
z%rDX?O{!H9n$S+N5{1JdYGpw7NP7B7L>$Y}_XqK%T{p$QalPKgn_uJmSgEJ07LvHJ
z7xXQGqBc~7X+53j!z1&#h9Pf-%yX&Z`arv?1=tsf56wHqQ<UEHgTlqhl@osZ77uuL
z=FD4=AH1_XXWLLZUkjaSEDVnycF(L+JM<6eSig7YBV5eDR=I<3a)0dd(Jri?6WAu`
zk>0=sQ_w+%OhrZ0b*yfIExb8Prp<$?H(hYW>(Z}~+vA=a2ER;`HTS!>7`@Wujy_Rb
z@gZ(_{i~{(AZg#LhUr3--HE?djtpE_$YPIo&p$&hn&M(~|CGrT$^>4JKZt-^^%)ZP
zY*I<21x`Ip+`1IkcQO7tCTqajB^5Ohlmhue1j}Y*2yS6)?+&Y-><;sP`KQ`Gi$)EL
zEhqh?Y=#7h^l9ZUs7pm{2b<=wuodZO%;`-b(>VEnjbKk&y*&p!uGP$b^j<O$od`p8
zZE9=Pmx@H1jJ-*-=LhQ>lD=sJ0Oqa$Oe3a&rf^}t>Tl4RDuJHQ6r04HayI=vY%Xn#
z4lAafL@*?Er>Bix=+xAhwI&69sqSW8Pzy2>%X_Bec(mb8HMeKtPcAgIJ&Y7uTmDJX
z|H3URsi^no?}}QDESxAg4RiesLX36N_}??S=p+$2a(qEJ#1UGsVlAfJ*@Now>hLY*
zM>F)J4FB+USEvi|+xQ{j-RbPzC?}#W!iZ==2RGH#gxf^6ISvZUt)Zkn&(9QeJ*=P&
z+>RhYd6_NEk8_>E(bZEbzBnsafwG9%?vj4fRHg-6t_P`>N+rRv^^Q_Ou`yr2($j$s
zfp=Gd$A6&i*$<sl!&{<1-|rubZ(@#ld?VwB38?-+Yrszs$b308QlMk1wyFDRj|3>b
z<1R7<Gom}~PjLtcHtL7YUK#W5ka=v9YwprdYxc+lRi-GEG(<{$$es;ztSPUq*enxg
z{x}?}%P9eLeFSiD2Dof7h!SBW*?`p(bj<8%W79jAf|*Pal8OE37jo#l8XcAlR2bU!
zTJ)ToTnr>6RV3oiuaqTI%}_HOu9j`qf=Uxdif3{J6S^GM)uHQtyIGr>gqEpK9mzXM
zM|8wF0_=IZX2lV6sTwZi(8x90f!Mwb1-m*Up^CB{cZv6Ur4f1RM$|P>Rn}iFVh{V{
zP6r-@)~}tfJJyQmK)j?zSi#7Q{g@Ftl{J0>qXrw)T&Ul^9;bCaxl8qdVDV@eb%IEq
zbhvDNKrllevZ`X-tSYR|h&Q|>)}O3Dm!;*IF%X`yTu*vSl3QP(IJKzTPWcGaKAe;F
zS2`)T<X29}`9Nw&H@BcqZeY-m9o=DL{mMCxU9Cuxs+Y$Yt4uD<zS;;#>oZ@_<%sG0
zqFC!^569XD2fuD?Q-dMF1%<eZ;a-I$(j+K9`hoP=^dur*o&pDV*X8zxbV%T`SMB<X
zjRr5DbZ^e%i&S4BpY=-n=jlerb-mN;oy2cx6Wqiyo^g(Msj+cK>LOWUUtd8z;LwY;
zDB0Nq@56dMDvsP1TFclR*w86tJ(~G|!tZLma>130xCdx$AoSi8<4%H|m_p%7qK{yo
zT|z{0e%Jcv;RWBGu7e1Txgq9B1(%A^-q7XoLMY>dYXBlW3DGK?E4P!vbc}<3u}^d)
zu4W{R>5(+uj(f|QerZHJ%;;`)uWF(BMebpD%xSoEXdjB2adcl%l5!QL(4{f5e0Z>K
z-@3AV+IFlI<LQTfZmYRdb3*xH`VG>KlFw^h&q%hN^&u&PFaA$!-yPM|+UyO-gNkCI
zDj*=egY*v4NkTvfMF@zrPy>YCgmVy)UP9<iN+_X8?{K6A2t^WlQ$mw2U5cEWd+&SS
zd)NBz`z^n<zQ6Wfdp&z*_Uu_RPnr46r$e}gmVK@Nd0&_BWzyNj?;j>@-5u&7Qf4Cu
zv$HCG0^cyBZlz@8v(NwG>g@-P>V*27_YL8kjoQat<wV9uM{a1g4Y4H_hOP+4yyG^u
z#gDyu9~^wlz2Z+(iS*%(_bpxmU^lq7alYyU_O(D=T&R-Mm#*>Sgb<!B{tUbl`>MXB
z*NSraQ>x7zdpVRIxSBwPw_kOkEl-K7?d8m&KXlDmoYn)VtH}d_gASb0Q2?OsRItXq
zwD4<QE5n#nkM?e_dxYYPPhvLOkd)6+8;k+&-1<pnU|}>eam;{}-;l+ta2o5~?SZo;
zhkTN{FXFvcZ-^BsEhgxwi?h!)4p~ad&dL(XzO@qlh3{~3NYUWhQ&AbN3aPUV#?l)7
z5(0`1zz~dOtH~S<JXs8dH%XQ-V3UwZu7Nip_UsqizdU*sQ&RJqJaOcES|71<P`kVK
zeEd!=h8R3EZtE>*J;U#0jcw^n5wulnL8F?B(n9(ziQpX9!mx$94rkb!t+f@oW8^%4
z7LVdP$rqX2%AKC{HHcM5-n(8LdP6{47XBV#Aqp#*G3IU;m(^1kajSpH{OMn%RkD2o
z>g(@hi;$~|1WIDWf<a~u!1XPM6k`&L3(s_PwvD28(d&%xru$7e>G75B*SSSuAW8mn
z0AkgXE7RiW@wRLMTr0eyQ37mmI~r#0xcuSBN4hP+&oCOBci24e4ja0@T79V-(wD;O
zY69!^5vgIXZzV)2ujOmDFovjevZ1WP=eoWz>rXwsU4Jd#&O0s{j99tHMRqIv<j*wD
z(cwD!@(w_K{4CpNWObyS)krHUG`qh*eEpxcLQ0AukX}^&KG+y6`Qs;giTnqe#?V<s
zm0?A=KbRe{lTie6zcXyDkpblxEj!zu_ZljDJ&@-tp)0>qyhVi@F@Ff+T%E1tau!vC
zaW=$rIMkH=F@)>>tyR%9$)|)d4vdpd+zO6jZx#VT@$-f&Wdb&kSPv@-UN7(FjDS_-
z0#=!}>O>B`dPn?IZL9H1jGb@MYz@5-Y9?B8Fak!{<6F?CRklmEhqB$Gv$HdZr;RXo
zywiwYlYZ>R*EZK^+r}>OL6d6$h>CxJb4tk_6jvG);lp*|H9OZ9_ywlZb|f-^Kwaf!
z*(=;#9Z?HlILHmrW8EkF0#CpMdAH(|4k}8@`m|<++P`KN$S2VapEP`D1m!-gKlvz9
zY|r#2V`UFtbH}<Thd~g@t%*ASNEqQze6JF(r8OV%9^`iHUUS!tHm`3uy$<x_XQzrS
zh_kO`3d)`L*w&ji^3{&~Hjorl48ek?quRAm04`(N3F~z8=P;kleFFu?nqdcPMte(1
z7;}oHfUe^n&svGaW-S8nK3g0TElC3n&h%QLfuYibD`aoxYm7avfxkTIS8)OJ6_^=8
z(P1g{urPC~iJq$3`pO1w0K|>2Q7M*$tbpn>;37P0h*IL)>oE*F7oLMkBQI#OD1S$a
z4rpjtrE5_t@m=4_JMO@qp_208*AFTJL5;YpF2KpVzsPPS9$PA)ly?=^S3rE#A`)fr
zBjt6JlTvEv@EcM&vIeD4OmCZt!<tA4KhfPE`yhqzHMsGr&5cug^t$G%{>Pi+tFOn>
z`e9})okb2l^1ZRJKI4>^_ywo*N*uO=p_~I^5jV9vZx!`y|HVjsuTN*e1<bC1yTtVi
z{r8GdR~yn9k*sTrk;rFUOT?VVHl}{66_3=#1`Yw~84&VmGFw=lK_w~IG#a~t#WeI|
z5;(`kR&}<?kohZfTDaIVi#L2<)24sVIWSfRZ~zqH%;5ll=bmt3dHo}xppZ~SMjz^;
z(x!`I=E#*B6xr)AIk;}C70@R^-9)G10=n&rvV$h=K&_*9s<z(;L|>xWX!#~}z1aK2
z+KI3DVFC0->DLO7-*i=ew6e>e^A>FHeK)soMLKT@rRH7>=OG}1KJzbJCr0MXvCyLO
zephi9Z;rd8D#FxjgVt2qR<YbdnaCmf2}4VfwMT5SaWW`>1t&EDbBugU8eQ-D4zwnS
zyUuf5G`|jh)8tN~=Z|D(NU(gnEI(kScQ`(j8NYCg+NoIV3Z7n3XMsV9yUDKD-_xrk
zID}0&Ngg2_mY_R9fwv>I6lC|dzl)URIWkmlv_`>gt<nqz_&W9C9BBUf*p~e!)rg1!
zg;n$OI)PMajP&aZfP>lxj`Lj+tX0kcdpB^Mo<KIZefH{Efn?8`O`XaT+Gk`1u4r7t
zUzL=Z+&bvAr}|A+1o=7;Az-&-SZnJEYn;Cu2(M__c9y3aY2Lwrs+g&`CJI5q2)M!-
zSGcs;hZ*>NGuy0Deg+eQ2oJPwB86RyvzZhdaDDP6Ec)o1aMWAZ?5{ASIADj?IOj-=
zMRU@Us{d`bprPBLf;r}8gB*w5_{<!n;Vx~<A2>JdfFiEU93lK<k29#a3h`oEgaX^r
zn~wA|lhPys75Dk%7!AUq3itcxl(W7xuilI*fI5+?EK_1Y=CR4R(juCB_pefrz$2@#
z%OsptpXMJE(+^jj9?t7#wH)3N@<Y87PG2;gB#t06;X3MyG;>IxD%T~}e(?suwAAc_
zk!uvc4J4WN^^&P`jIlfsa93)k7@%v$L=(<rbWjrgFsD&Xr&4OxYVrx^(NWd0b#;e+
zPSvcEyJnLa7M)dPG{d8-T%KfE8YrJ8yq+yZU8Vzl@ZA6jvUT^)*zW@3%%q$b-@oe4
z=q*6q2{?yf8s2gD>Q%ZyD*NK+5)UcUo;Ven7cn-Y4)umh6WWYY(DFed8UgyY)KLSd
z1ltN`7pUE$S9`!mBrr0vy?fS*ukBQP;q05eIWzh^8<;NhV+CWADw@2)!Hp`lYYuTc
zu=*yO@HoDTa<yk+-ek#B*F>;xT-JFq7cecXh8#6O5qdvpvbcC32z(t3zd$QUkCbAZ
zu&eBQ{7z`V5i(VGN((CdM0XN44v;%v3rvQVn*9zk^Ki?T?n!)cDMm9_Zp(Kewum6a
zYt@;@)gtU$GFuo+2da?u8+WqqT(^Sn3dSU(DeE0dYeB0KhC|XErhNx$4>fz@`;p@N
z`)rS;GneN)hffdWH-$tdj{$icmf;z-_U#e>j*EMKUl{v{0H<6<GiGo#DKFDnK8A6q
z$afIvMt-^oI$HZSMEjc67wMR1s)mjU7A$+HoPmKP7&bFar-qL)=DlqX7Y$d1g@wA-
zjmJIC^Dc{uNJ(@;h4Vj|_9D8jJ3sd|1|ycw63K2=4g6ysM%7Zi9O3X&1bgNx_F}5t
zlxx^y=J-cp#ALL{7L0xW*~M*`i(X|9Z~|$@%_qgAGcciHXSuGn^yNENT=Zh`?bVWA
zghJ0!WM{PP8f)Sq%&p2{L%BkR>$`his?mo--7MzTrnEr6w0rZ!4e5B#_Lqg|+A51m
zJh(BO8CJ3&SrMm=dlQqJ@Cl=I|B=(XUK}&uQO!GBAz^wQC$ag1C=qlw{4SRtU6}sw
zNZNHb3!NXSQ@_c}2kH7qWHE?Ju3v2M7JWKYoDC360t}#rs;plC6}{_$=EcL-g50|;
zhy~nd`=iL1V5rO_f1>ygvEAdT?k94`p7~bYZ*5l7#Q|vHem%O${1O0|Gi;)P+O-NS
z=qWz^T<@`%#h}^eSE*tyai`Ux{42-DmhRL)_j>`M%-FIoV|jxM&AXc~c2c7{Hvupc
z`={xe*_W*o{qe3C?%1fiJ`XA_)p=V1roVp}Kn68CbFLz_3dqB#3_mzC<gGED^6kk<
z?^7r0DdS?|5K$>PcE$Kvn)zh<L9P;I3BQMqK6R?d+viB*(MqSUKLd?x$`8O=ZbfS^
zQYHMikFO=mp2^2pT|rioh*g{whs;twiQ)WQ@baj~b7VY`NP%>p?GM_R>KL<oJi6-k
zRFXiY;lywx$m{$v^8MtaW$EgRn}n0d8|fb7A+)4fEjN8G34K}hZ?Y?Drz;<S{d{dK
z>ofdwGJpM-j9ykfRAU#G341fP28>>zJx>O@wtXKQ1;{`CauJF(eZRygJr<G2R^Jv+
zUDm+W!IR9v8qgQaDpBrwlb$swyMSrg_Rtw)-CIT6bzY+h#B#3=81hhiaB(H3>SRfA
zYt@OH1wOrbUM#R{8(pmM*!R{~+=JUl2>VN0sYOuqcFD4BdY#Wh`Em1rLY{PWoFr|O
z50A5XYJs7C`v4yG@-Dd8dhk!=Uq(A&niQ3b1fN9Pj}uWPubb#UtL43EL^^I=p(~;+
zLSvdIo@*HB`ts6^xd`Pc@K2VCSf9y*GpwnY#~o78ZT0xaQraZfFv!93cGT1A28XgD
zsD1e7?+E)3G8>BdS6s!)GFCizu;ODM7RHa0N@<_><=)ux%DW_@C7qn=fS~Bs_q8|&
za#@=oT?k8pnAq1smxvV^=RUN}W@}p<n0)=9!Yo>viujUtNxmp+k00AC468%*c}hN_
z(OXZR`55~^2+Q?y(P~|4D$VZ*!a>wE_vy0+OJg-t3u?>mXFc)H*FsnBX^*vV6(L1m
zbMO`CcDrQk+DKjB+vj1>jj>3LDw{6GRSxI(GnY#Z!PKmrUDu=5n#2uc=j3Doj&X_u
zNTjLHzMe<WuraQ!qK!A<O`@InIFEO!&(@#Rl<@j`f-V+P%})uW(SntjI2)pZk{G#V
zp3%~2_|h5;a2*%^U=78eu`L;DyiUd^d`09D+&%2CmJAYQ;a#6j5&%B4p=q1SADeIQ
z#2-pasM;p!#)*UIYb;SK&t@QF%_y!3CphK4VFEm|>yU=y0oS`^-JFDSwk8;r<7v@J
ztqD>J5N_~AB>Fbqeqc$O>Jo2<DjhiE;5=lF$-ng^<YKB$wml>09-%_*0gDBm&)^l}
z)}+jfS!(5Fni1xTsj!t+orHE>^?otTIj{6h6(}nZg=QYnRI`vU9g;9$xXc^n`pd9f
zUT_;Ds%tDZ%h!0|YM&nem&22C4Tm_MZT^T^=}z9(0A6^4?Y{8O8z&16%mJl49SKv-
z3wj#e^wf1Ai`dv73`=h78V*gL)pRMuPh~8_6!YDX9hP+C_~O7yi2m*3>NNo0x2?P^
zY)6p$Hx5z#4~>k<9mJC#jl6duhzeh^TuLb!2ICqV-ghagj~I9Oi&96+gfa%;in<r$
znH=+8%+J1AnNJuP%q-c_WX73VQg3>_@^6AS?|zsdqO4T8V#f|2=7!;X6$`r>9&b%f
z#(^U(OrNJQ6cpI8CMi)k#m>$1EN~d`ckV`}tmm$6?upHVSp*y~lak+~ov)3M@$qHn
z?LpIx*I^vT7k90RIV|6&39jyPJ?#wj_-+QziT0eW)*wF5;X?KPxVIs4nLl#(u!ijh
z!miK)F}{ghfW+BTZw6@18p~pYe1m3FjIB_w?+w{Cb52Dk88cn!!G;4R!k~g{5L<xz
zH@2!3+4&J|`<;-6exfJO!_v4+^Hn>CzZ#GH#5t8Z!)RV}irV_ja1PPpP0I^1<&DOS
zF;2^LlUHTjEG&>C|FdfN&)+pSj~RO2wL=+UoF5sn0^^J;fYu@FMsRi1UM^tXcIFZn
z`W!{BM3K4^pdIQgHi;4YzyCS)6iM&0+;SsAH-GuLAy8hvWc^_O)%?Zn7{WK<_x?9N
z)Gj9Q?d^~VbvcyG+?%8uezkG?Lmt=$RbcO(*>4%c%`a{U=tm{14Uj4rJ(Xf3Jrs(W
zTu<I`gVJv*5MPdSOV$k4Al>Sdu{N<tz2PJeZBJ=Y$<99=$O9dVBYSi$Z)cE@h79+I
zv?xS5CpKppRBd$^5d+C;^We@1x*<qgO^l7Xewc}~HYYbDskHZurM5Fz@FjJnU{Qev
zAhtmL!P7HPTqRdgX%{=`H2SZ@J+q7-LA^s&HpD<sEVvNXt?q-gNTC-9VV5ni@8Q<v
zrY?J;J1~&Y)gJR%=zZxQ{~7uzWO#evY>i$VeMK4?gTnbONiZhla6HR^nJ||#+)f)C
zBETseiEED42)GLg$?sQc<6P)R-mql0N7MBwLA;cpQuN@R`2q8+llx-3v#jf^Y7<{d
z5eaSsXJSQvGzJoMRz@r;nQ+pF48=dyV}pFPTiz!&$ZS2aov&3Ic6!RV4dzUc5Y(z2
zX@6JN^<sr}F=@|wRTzBn{_*Kff)|s{&3`8`JTzWW=g#izJ|T;3vI|Q8pR$nW*5hT5
z#Oqyz{!@x)R%y7}2Y-`o#@ytL#FeK0+}&xkn;Ucz3RVLPVeJw^GG+FaCYR8x^E<gj
z4i1Jyy85|YVg8=kyW@4^8YI{*d%s^+ip3w^wGEj53ZpVhx;f2BiGLyD4ZZ)+L(l)u
z&-_1??NBKhuQ>cmx+cUrYxErWWnwY&R-Q$5a+~o_J5i0rOn|)c*2W8+pT8Yxf^M;t
z#(*qRQ2ue>0hOfWrQ=Lgs5~h(Z)`(C><fASykpgzNO{fFXn&S+Glif^RK(!W@#Ibc
z-U7<kqP}k%C!Q<`s*#6E3YYk*HL9vxOy3?J->45;4MNiU&|CC-6760JQhpjbF8<Qq
zU2@!VP8N*`%2n#3@K}YT^q_@TO$nT9pMqITK9G@9*dp5}u!5W05UDAus1wpMOEY!C
zzKhku2v!-JU<24~akG<O{4k_sReoBYyC-kdu`_ITg*F>oxXwY#YLbdas6(uuDg(PF
zeA|G<tu8&Zi`4q2*}5GsXLrhCinFfHI~7z>fnBD%rb-L{efQ>%svy_vopZ=_**76S
z|1p`=imTf-vLUpxP2v67p9#d&l;qqDKcn8JNB4)Ph6oez--m)N35Jmq_N~U7MBu9P
z$s<Sc1k<gbn2olCk5s3#KW7h1e(Hr`{id^4>KV1mPeLZWNWByO>kd0}^B)XLRBhY(
z1OA0n4vk}bV<{?I-V6%u4!=aG&6tsL6zMbdP>*i(CXsrAm)VD+hA}^g;nEG7l*AU`
z=gOn0y0^VW@d%MUZRl`*UvQ)8XOY$EUH>x`&>UPkOQ6-P(<!TZ8pFHSS3gT|FtXnN
zBUHS>OUI*4$z((b9kLzVE_WVqFJ{lSY~WsPv3XIm!|kLsI>fh(<I}G>&G6n1il0(!
zgK(G0yoHI%DT~uKh3_h3d!8>_lnP~}4f4D*vgE|GdB3<u2ZEv(xJw&>K`0UyHEWi{
z1^yq4lwY{~){(3>%x!6-zhX*lZK~dk*m?IJsnyc3VI_RqzVdTrs^Rp##ewnl+S=8i
z@5bSVbwAQwv#Y_chJ?BMYGY8!r?Lco35_;dbe-CqpPir`oz#d&><DX+j)-;(yQ&YV
z=hl$^VL&L}m#wmu&(mj{Eha;+cRFen%Y<1{Vu@SUjyL|iHULLs)h66&hj{NDKSf2L
z00!slVUihN_*Di;+wXvxkj8J=m2XS#e!2FZRfp2Atxp5&6o{34cB^HW7*_V$;#Kq^
z50gy#EW9#B*iuDGhjZbYr<*@Bv|PK+^6Z3n=j60DekxdSS7Ai(saA|F4}C>*5;Vbq
z2+m5#j~LaCefk5f_4Z9_Vy)h$K~m8ue;4J23ackqrPvsU4BOx#*H9prxP2t8iDR6c
zR)!XAZVCvfN6JwWVU314C?8nx1CD}g0{biNc#h!Hy+ZozU_fJ~y_gLlQan%ciwt*V
zp}8z0trIbx=dH4U-k$*lx#ovo{w8B=RW>U}SN=`Lv4%eke%CQ}*1a~dfpyzcaBuCn
z(S9s8JH1|VQhDC!@PHEI95k7{Yd?&PG(JgLosQE()=GfDC#mxq!G>t2Z1aa2q%Cpk
zJ4M2X81YjE*+7@98o4>N#Y@SZ$5&hFz(v==Roe9?(+RuJ$k?>=Beg^q)lA$G$LCn}
zk~K@og8pa2DQze_%DT7&k~T-VTHjjqXF>!MfuMcrE9Xb8!-IA~`~9Pdc3#l-wB#+_
zs3yjn60_&h4_%UfUukyJu`-u8Z1BeCJtl_pgUo2{2m4A#)RGwdgk`HkRHx?}Bs^nd
z$Z?2rrqpHmNz1GklRTd!SRe+0tfJgggL?9B-DAq(0Ob?p-FEL)m!6NF=KhbG<2r6g
z(<d)_Vul3nk3(jY=!<RZ#sm6UxBNftz$+b<SJsih)6(VZ+XylFd81Fwy#hiG4TdX9
z8QpVbe+<uUf<hEi`gs>1#f6gGct|@6pe*R_$u;llEwCb*MRR0O*C<?NV=@*#TuN6O
zmaeaS>}MXx$Q&=68(qjXkh+2~M8RBUqBxEi#FQYDC*xMzE!2tI>)QHkJkS(GKCnDT
zS?Dp6{RH*qj>Z_54%8FCZy@W;2?@sAAxYKSFRGcG%BdU3rv>eaXD9~n^ElYNNv!0o
zUc><#r4X%Kv)yc&fc`Ci`DBju@IC0Hs3I$`9eB3IAzRW*xL7xbeF_uDx201eu!c}=
z529vdE`nZNsig9Hbco^(%FX2H`-5&0Cq8r+h3zM$_UKMM+mPb!9|FeBig;S_M(L=s
z-OJ<vM){N%W(KxF9#?Ps3Z4`f`^3$vM6Q0UAz3%CxI;!fW_p@xxG0~CfJ=O<hFo^r
z7DmI~esx|{IF;Nt6+F4w4VP$6)sCIjj3y<g?K4{62Zo(-I747Pqa|T+0)TvHP^tLQ
z=Nv+Z@t0fS^Xq0Jn#l{}Ix&f#GAve7n&*8^@wNl5^PBpa@4>V$@cJ;MD`x^7Q=BuW
zL>|FXY)A|`7@&;E(HeA}gfb!T<WI18iG8g_^DEBF<jSy_r^1>jbyRndAjg@r=z`JB
zwx%sD!HemVzsc4XLjNXn_c{Umwj@BBxZp_f?Rsfr3rW!)#FkIOz#t8=x^}Xg4-p7f
zK78=dnc>Z4#lxekOxEmgshOj_GtHTcRArvCykDw7IKEL?Z6zKMMB}XzKKDqOc>KUU
zVcn$4>HZ@J%q$vJz386yUPY9>=FPB=9C@P=&M1v)nMSc7UWryYcY(I)UUS-qj$)bP
ziC=KG{}@7HDwf@x!EmSB!?T0GY5!T-Pmz%49GKjV1ouxCa?JL$so(x46J8lO_pmHA
zt#vdDFRuVxITM8hzWLo(O8j`JGcDb|y_Qea&`MuBWWL<i!lXE5Vv!JX=Ps#MzSuA{
z87EpW+H=yR@yAt;suPp#5uYhNe8|f98{VXNAX^2PSdWIfH?C`u4%`=-#CnKk?<b9x
z2!4xLtZB{s%w(8jMq4KbjCW(=gg6&naJleRRuS~<0+Ti8cG>KoYJFlXQ@?nIu;^%9
zvszJ1#v637dTfw?`X`y5-ns{vvX0{Ywuo2rp4A7r+5oNNfS&AIx1wNd#*iTJ7rzHI
z!^)WA)2z-t#vu4mSAPHtH}m+$eUB%s-05$O!MieV7XF*1{ce*0$yu&?qujN#<^J;c
zrwASgLOoj;cc-?!<+R3y@+*g=|B!_kdTog%HBBgKCK(CM^QK6qX#T<M7?+ZlkR7xR
zsd9g$u_YMIgwk*}Nb|j<rgmRkg7LoZy3iYQvbHw`JOV@Be9=j$yE*9uMkC(0%Dp`o
zt_-ZZ%uH#;<xV?<+&cd`3VOs_4_hCS*h`jh;DLl+?k4F25YX@jhCzMLnC6Zf7kEY0
zQnRzYkLqKGj)7hU<}M1fHbfV1aWu{@FQi3Os8DwK$#I4-n1<>M7&Lqt^I1vDq3N$*
zH=+NxIBaV0a*Rg@6Q}P*`_S#@jH%dN8~3cw%x|<AXI+!nfl~P;3#)*ckp@}l4or)|
z<9`u@{Ay@&guQ#`1S(mZa#?x!ePeA^TC^p;<f-&fhBI<Gn?oCAfGuz!%!m0dH_;qF
zI<6WWqL*@Q3*v1xc=~ZQZGq_gb&kf_U<WCo6q(Q*IsBUMyVZB!32)vP`--dyLuRV<
z6JyNj^(xcJ2cteT`bpfusX<B9u0eksKmT9k`InEVaAE`8-;{44P#q#;{Na5Gu}!Sq
zPP7M{@&&6ytdjhCNCsy~+V@@bGy$$i`r-2KZ9R`&ZTzlCW8vVFrpeOEp<-V}UwS5a
z6Ae2<qY`9MUbYqcT{7~MSbqzrPBV;oR*}y{2C3TsgwkuzDnx>U@f5ECGeGGxp-4%c
zD`<*yO)0k4M+JNSl5)#0vTdbyviw*zWF7ACq5`i56<b3j@XIY1fmzqj$r!Hky3fD}
zB~AQ@cunD8cKzf`+;CAq<oKwfw-A!V-JK>e1mXTk@EURU%iN!nK@2YQ14TC8s^`*E
z_Dj4PY(lK6M|czjXjcy><4RVPM40nR%DPs6ox2Aan?Lqlf7V(ix~x^(5`b(%pr55F
zubr(tGsuH;Y1uPs9Fzg~ujOA@p?;A$8M*u5m8kbL?S!QeL6Au?0|&N@To}?$k9)F$
zRU72d<kmXizqP?|MbowM>&(e0eoghNzs{VD{MS{l8Or#5jUYsL4*mYFza}_))6PO5
zE*+8)KU|2^ZsPXv>E-Sk0!m!#kljPxV7v){Yo<#jE8Gm<hCJOgk9{jgW2t(+uUt9d
Ys77b;B1}8i0)=K66nsJU;P2Ug1A}~%cK`qY

literal 0
HcmV?d00001

diff --git a/doc/passw_hardening/ph_diagram.jpg b/doc/passw_hardening/ph_diagram.jpg
index ec147349ae2a528f629a04faff9c5345119befe5..1f515b267a2d9cfc7f94ab76a257945b8ed8de4a 100644
GIT binary patch
literal 24820
zcmeFY2V7Izwl5sTil8FBx}`}+N<f-yl_FhA=tX)>klw+qf^?)qXi5o5fFQkt3IqsE
zN+_X8@4ZTWv2AsqbI(2J-uu4$z4z|oN7h(tt~q8IV~)ATe~fi9aPkpwRbEC;25{;W
z0B{Qb2RNBH%_evMzR^Q96&X22=`RJRsQ~!n%q;)_3~_c;lfCzwwvO&^pYMG?j7^;$
zf2aS>8P9j8?=yD*pojbKl>d9TE}EG;nc^Q>!~Z)w;v2_z)(lURS$?J6Khq{(>Cn%#
zqlVgj{4=lcG@Ip5w8>AjoAYC5{4>p;pErH%_?aHY)8b$|m(Oi|K0f!D$Q%Mv$Dg(F
z|8xK+fEqv+a1T%ammWXn(>@&lxV;Sk5WM_x&m<85DDwvZsBk~-F~0%;t~>_-N;@AL
zI~srK%o+UeX$uPgU?Up<Al3l@NIw7ognHjQ`lId-S^OJg{S9A-4nIzN{GTPj4qy)W
z4Il@A089Zqc#0oz3%~~uIvE1o2N0b8e0=^Tz#nJMo%wuRICt*sxr-MF2`^r_c#)9k
z3K8L@%a<-*BqkxgeC6s@lB<M7*GR8jCB@TMKQlS?xhBDx3;2pxFI~KZzxyv9CvO2H
z7fwx_P9r$Q2sll0ih$(QNdtiXvqGOe^;xsO9~TJDo;!c>%<0d?psRpW1o)nx!#8;e
z{}}$6Q>O{e;2$8lMs|Ue{DxpL1*Py^bqyESsOSPlJ^_%4;~#}xR80K0RW-FDW8=G7
zfI`NWPR?;9y_3xM9G(?jRKv5S#dA7M@N=VpQ|C^fIZJRJU-&x-zDuVF&R@8QZ<pXp
z$M9{E@SQn#jqHYM!P)bqKw}5TcjWv6f<kxI{wQR0dTkQP#LRMUeC@t^)cOeyK!mS#
znuLG^APHDV01(;I>m%p53uNUu({-jaE0zuD3xie}cS8w$^VVCAOcGJ1&K#1f21|ly
z6ASKq?m6z*GESxLse_u1OVTV7m26|23#_;S=}883h6^MZS&dt$#v#4MB$geM4E2!c
z;A}H>XQM&S$>y!Wp2$Wg+STKw)~~F?_RE@XZU@`Yq>^YmMxW6yNZymY*2oey4lG=?
zNpr}Cmnx9Drk0Q@sNrr8zR7cxun{thFahdMOK~rc>%?#8y_b8zr5$ww;NdOFT7W`_
zRFoG2*~%NjHYzFG23ZFjtE^+%6A!qYB9SBHwtP{J{(2@H=p`@Su`1#dz)cyj9g~xr
zJ+@XvGFP=ub8qUnK*@l@+Zb8horeiAWN4tIIna9*JgFyl=9>D47C{AOIYDp82AYF4
z*^RUzBbKI+aUsY8HV%rrHu`uw0LEEDY{*zPvO-ddWYdm8K)e!F$xZ-128lumM=_9Y
zp866EMt=R;T*h49rfKK)69A6YE4o`-Mi{a&F`~C^AFi@U_O&<a@?C4M-<7;nAJ%zZ
zpw6wR=dBeIJwIO_LbRP5wsu#$H^mG$2qpJ=ZI&CxY*W*&1d`CYOfq0IrVwa*aJdmg
z=I%MSNIDxp2$CO)r>1l0?g92>jDDi$bk)zZC6&fG34TaXk70yV`qdpymI^@<l37W*
z2TTjfg%`%?()!rOa=ab=v|)&r<emnRXs<THOFQ&>Opo*SIYHdaZ8jj8riVSsGrgQF
zQ8$~T6t{3eLxjDM;MMoKJ4@U3yM&9+!{6^glP*6Ls_<fui@K?sr3=)6OF27=TJ3-e
zf%IIeB@0b<oJSqyTE=mz`d!{_4N^-f>)zfw?PF}q!wD#i$xS~~%hg{b!zX#Mnh9KA
z)+QbJIF7xru=B-Kqu>_yjoSLIo*pSEHI@nP<h9%<Vn7!*1nJR3M9dfwa<noSO|;ft
zdK+)n;O-Y~K+J*@H4od`?v#33WFZP$Zm69XqIfVR%NlM=3R2M%e-XpY8O(T8MB;NG
z)FvamQ%{qZ%N}xAw=(tO>y%`CRa_{~(0f8X7GTFSYQ06sKtRAU_)WcaG44hN98s>(
zEz93{o!UrHSqkSB+mRS%0#vu&XBzP;Tnl_piOAJxD=?vvTir`9yHHOK5>#|1?|swC
zmBSN-ikv6tq8rHq4bBW2WYBErS0>c*CX9Kn)E?~`Y%1z%ceJPNn%ez3EqCq5sRQys
zabgzN-|eN(>jkn@%F3yn(Fk>fkY7A|KXsmi23-ci*(^Jih;?Y#?D2ZD-D=M!H+oF_
z*ym^<xZes@t*WZTLZn<FEk9yV*a+8oWm|zo!NXZ=;K)WdA$W_(J!G-T!A^%HTN2FS
z{lN*KcqIyK$H+T)lvMT0I=0GXde5I)+HYTHS}F2)S#0e-AJ|7QMlm|rq&ZBh&<bgW
zv#r@_Y~(D~06B_j-mEQpjwUZ0;&DmHKW|cX7F=M(>{3`tD2r85&=D{WK=QDrKNz`A
zH7(0n!)#NcsvVps4J{O}<>(5Tc|0glW;a&4Bm@qd(j74H9v&Y0W&IGorH;01qcFOW
zRb;>|Oef;#gPewxXVQ6-X4=J8ueCDU^fxgvU}f_Kq75iD1R+<)`Jj|-dN$#o0=P9p
zh=;BZ-%4VFXDZ*J(UljiNIky8F-Y^tb$(KoqXEsx8Cm7I3^a{0FU7fmT%Q{WV+RF_
ze47)8LAIvS{b-3Gm9NG`=16ZcdcRRHSD)>%UEC+$OV11RxMPKabEd;ftPv^X$Kfd?
z=02=#3sa7K&0A*6{wpRq&~Pc&Se9|QIHg(>A`$u4JOf|)fKI{4yJWgp$7meR;#~<N
zSWK(Pn!X6u?KNfNol%*;Iz&?E-QcR+W}+Nd@9j5IO^bxCI%Ou7T-8#HFj;`sfGGE4
z#pb{m4+<-$M0IH|5}dEn!=8&B(D~ODY@XzjyNWwEws^pWA$szKA)*V3fn7;3UoU;G
zkLgg84tQ9VckJ8qSkSBQJK(>3K6fKwgfQZu-|NC+>K-q}q%INDxhtS>WPkATuE@fj
zEriM$`EBRm7V>K{FnDkusyiKpN#D$bqJ?a78fyj9rJUbLf~j&~-PY;zM;2EGYJb~9
z`t`m*3)C~V&P`Vq=3Jsd1_f4{BqqF{uYWq!qS+@9*_h%Yr9750Cf0??ekQRZXT>L|
z^M{=;-?OWlCLB5bhV(jf%y4+NykB+KD%+b}hmvHyKFbPnI@AzOgX?zEA4Tgt`o`6j
zs3sws@+G0!q3&s;=M&J{l#aBpQ8))vs)*HsNF=#yR*<W1wHALmrnYhYe53ktCVj}n
zmEi272anl`r*W)_u#Tz;`-ru*rhQ+n_O9nf1vP?G>ZGI^;N$#HOS0ao?}ExRfOa||
zI>F!}3R-`b_fVHN!1zAqt6X|WgBx)`AAxP0)6D=&o7r>;61{>)=w!lN_fmax!P^ta
z(Is`yjLIGdXWb1uF0T=gVxwK2R%u2!9A}_P8fIw8XjPb2;C**p;{<>>Z?gAn0&xOR
zBe68%)v=mW)wgPp@{Nd5T0b5+0gQq7S~Sc+Mn0-#Wy>|Md6VhsAD54U`@A2uT3l%q
zCge=n>1?S6D;BBqvu3a(H8sHEYC@@GkvT-+1`N5*Hp`j$t{-<=<1RNOK)4K8faYW5
zt_Bd4`E}q~Q<iXT-Mzhr$$|ccz$u)?5J-LaU}kH{=&CnJa^dcGS;oEKmL40|DqP)B
z!7Sz<i9HVWRdp_`V;<Viu(v-fQPwaIo8(=&js6tKX8_!o4qYV~<uFpR)1`V8S^QEx
z*P*~7*41~t7+L`$X%0qdXmJO3z1$7)sa^ep!|7Dv^mJ=Xshxu^6{Z1fQ_&eN-_*S2
zZ08*%Di}_c3@xFX&Cs&-*x?Pl!;!ZA+qbUWzx*tA3x*1)npr*cN}sFRT1p6I<%!ev
z;O?SPE!r=e+>{mTKWE#)^L}@Thri98GiUKutPD|6zq*cQO0l3?I#@x__TkZti>7Sx
zl(V8inj_i<>9wAA{&MR`u)$#5{2+H_ll?JdQrK5H(QIf>V`viCqYO^-)AB+e{dIbB
zWw{#~8dJP(odB+s-Xx~qYB&KL2#+7DEJPev9eAlm107YU^`<LL5348b-J>!nhxk~?
zxg72_W<0P?QsCfZg$IacYVTmRi_}r!2G^0SSUTdD1N&v?byg`4dbRzihWHwrsMYd(
zh+J|bJmk`~Ed!vhbFn6g!(AOyCOJMmTOghL-(>adyG~tskP~Nu;i@Do_1<DVNav}#
zgsPf$<Y^HsE}pF1Tdk`}=ihwRTTZd<zp6edUD5JF$H%rOI*J_Wg2^h%DUqWzHMLYW
zGstt<y|W%M-a**UNk0=OS9C30kEND&i>z31z~?u3bS!Yv0*;s*X;L214csy%X-;15
zAGv1qy%T>bHiO@y8&-ne%K<+{jYnb<Hg87LHr%AFWjYsDmY1Hpl&+b?!J6nJXeZqv
z4rOOyL{7`4@elLKS|ZmqghNxoi8Ns*98T#KLKTs&Y9*7;QdTKtbsW(ZFO>BB;0j7y
zpcqXpwVrzE``S2IQ-f%_tf&qH78hyOlOm+uD=qs#`7Z`QvTv)nl4G^@1YkMj+u2ie
zp>_#^^NX%rW;+2a9_x;snr<?_okVYPM`z3nSkvS_;pWThJect`DFlZz6fk76wUs%h
zfI8WfbKg8?bt4tCkZVwV-v(V~XT+?ZQdBKenVL?X)gNY%5(DoKo$a?&is{#QY4FYZ
zh*36NCs)~jxdE$>V@pIPajYf;rghzxvTAB|?fhg8oQif<QY|VgJvzW$KmXVxu2IW0
zvtghmepvF^vWt+N2t>i2gv)uefXTB@xv-_?K_rmLrsQRrv|~lSV|v-O_jH$X%XMd;
ztVB&#E<P{kU(|6#$gzWhT<ijSVZj=5g57B$FU&h+k-2_53z=De)#hpyo}Mh16bE0)
zbibT^Kcw%budu@P4JVgvnU2ww(PrKDmir&@#;Ve?fY@5;x&1b&(9MT;m>oB3_8Eba
z>_y{YH~e3wFNE3vDNg_w3_Yrv`E%oP)4NAItb@7&Ygu_Kk5+_v^#*Z`WL+AHje9<6
zj|k=$KK{%5*59pgDs!{2wlbbvtw~8woLkS^CNEst#uhEt*=A`eD<>?@9|CzACYBF*
zE6t-_<!!CCII<J|ok-o!UA5X*yOTD}d6%rhWO+TyDBley@|^(cjC%g}6=pg*kq$F8
z@DwTU_VQ1{^5bMhOeY4JYC7uT>rMdA+!)AvUTcQDHn#22Y0T<31Q0R2I^)>X&lz@y
zzpC-9kD?t|q1cwik<n{pO1-<IGcyS~sH{p2<kM)}&9q{S=Q5}j%-LQ!ko``mfHmEU
zkJzuPY{b3_)-Q0~>(1}5TBiF>(B!U4{Pz|1QF8{`a?T^|uooi0qFjeg$tW)@CMX@b
z8+mnbrbc6~tv<`rNKQ(t8bDR_O;4EO?o{Youg8wEaW0se+8AW$a7L1jt}>>^x%w~<
z_hB3ZTM)r8-WsOACwniOqMGda2m5|8d1ut7L(0&xzBOZ3e-c<rkN>{Hb8lMo@9P*T
zsawFMysWz{CzGe0Mo}6{<XY8%0iD2wY#9rBPSJgN#+r|S#)QASYVbF$+P044x;;cC
zj|-F9x)SG)xHC7L{f^8fHv9}SFn8X2jia8N+k8Sm)#yIM1=N$XC>w9BWvtdjf0``C
z?K;Q)W|DqK>rT3Mx~Zyu@2-k8$jC7yeSQ+&PJ2(+$`-7t*NB^Rh_m{wNbNqYt@{8-
z%~diiGE%k?$sy7incHtpGs~F}9x@)I%HQ@bA5}5v|K^y%`~+}SkCy@)K7Tf~HrU2h
zG<`%I9vq%zykde5)$nYg9UVz^21yx6l;;aBm8<fEMq!=H+iio#IO?SaK-fz<Vz2!p
zbEEhwm&;Q0XG%y^U3Ryu@4nWYvAV=S(ID)7muSP_4a+7`B_)#%eYXuYJwJypshfOI
zB#FeTbDmLiu%1Ksqbfo}Zg<~j=ZqZaG0WuAQi40#T?IO1Vi$HLu%N3YBGVRu!N|&k
zhOxpeX#oKzo^v%h9eQ?}A?Dz7R~xiwV>_l<(jp&$nO%ypk?2p%!G@yl<4SP_t;K`-
z{fs5rC|O37(sKv%J3M8bnym&tC|G#bmP-uz{PpV!0?r`QzMHkeUh%-@TrVhmYL=0e
zML?>-i1Q;Lj;j^FRb^|Q0FLSo&6xQZ93%E!>`wqgCjj)l`*a6>)|?b~SGJD!ngQZT
z#xzc(`(XDIz_r>2=7OItgdFX4^*hveoOcU8T$0!%(_5nCWI+|uyuf2XF2wu|eK|Ue
z_nDFTSXI?3J`s^fEs!!~A9A~ZG9Q5E(eXDfZt)C2adhyva0A5#>BJxi=xg|!rc1g=
zlv8ZGz35HRV<`~#nneu~8a%HWvbMcSsABcnr^8br^KmQFJZ)PcdO^-2TuORIvt(fl
z1j$o^Asg3P?;$KczGHJz_N=hs#!@>3TiIWHu&_W2QplT^K%c9~b9(J%lS0S|TE-T(
z&_-K}1XG!cu&wUsp;#+FhRO!y?)Z!s^^MTq+Yx=h?Cgj}tM#@sR?zh`dd0~4;c}2R
z-Ouj9-k+<DzYPbMw#GJ*e#}*P<a4&tD_5{&Dbu;6_d_~Y_=})a8K!9K%0gM0Eu4}n
z9)NHu<7f3jjr%sbUm`K)G_Q^Kaxv)By{N||$wVuwE{4Uq#UfDfAmk=7n;?h9qj%s>
z$QBzTCBL@`NtYdBqWik;%wVMD=O!RSLo|0)84KpHvUZA*Rnms`j>}MOb>T-1PP(+t
zZ_DF}?*=l-;%rbk_x5t=3UY&JHRE9BrhS51j1NMwB&tA-4|pY3mjqmEEa7MR^nUuN
z-nXEFSUB=}2PN+c?RHqR6WGT?r_kP1<uTxv*OM<R{)}~-%6!S>q5Q$ssD>Z(U`vg)
zlZeV-&uG){=O%*zraQ@Co9Y2n!qd3ayy6`w6sMEKL=)jOZ|23UnJ%KL3JNJg!Vs{^
z(~RaX2@LfG!r5$Jy(*YqVXv!IkdWB0)a&~rNJ&Yk4~^3RNuk_EM{-PM561dlU=1JN
zXX$_rK3}6?ZG<3-dq&+`P2r4Y&OJHZEUvpC!eyTN3TOx{d7mVUXkRqx43#r=jz7}o
z7FL{HyCz1aP+h`A3M?rUX19>DLN~ies|v(6BaY0yG))J1%Hyw%yEf`5srz>egIXV=
zOR2Tzx)$b=!$FQfy1-@CN{;N>5O^&Ke&uTrxt%igvM?TpJ4mMoS4KgtVg8JHVFhjB
z;j(<V5|kq=600%WFRkQkXv%n#LV%Ri`3XP>CgpcqzpmWAPxuCG<IgF-49?Hz6jEBU
zUICoD^7v1~dOi%&HwBW;G2!r<?+`H@nv6^cldW&r?8m8#M!xLg3oW_HmgB@f?PVV>
z^R?LO=EDqcXro?YJm-+NBOhjGj4rhP_g=O!)&k8L^Dmc<HDygqw>|&~g<En#6^UOi
z>GHwr&256j_rf-8$src{pD&v}a}XdV_;(q0dkm_d)#S*EN|o|b8>8XKo}OeD$k3Uw
z-`tkm6Y_Bj(@f&UUh8cI!>Ty50-q4Pe7i2e!(3lJ%H?MK9-9zHm}8=w!)9dx3q}FW
za+uZ7CH&H~i7QjG>CGW~gn=tQ;w~>|&VY9G(TMlNsB*QQzAmgboMT)*Vcs%IxUqn_
z(~MuSgC%fFhpG|hS<+hA>)U)rzk_qhM(2$tOM@G$NfnG{*vO^sgGR3&YbrG}>~(f_
zoP?#ONLQt_4y7h~H=VJB#2_6JYT)>SzWp3~y?s_xA(m;0EY1@Sp;Nj)$G(`t73Q=v
z#O!#Vc1Lw?$|*9;Ny}D4?(~HZ0jgk)NA+fv=A}xw*O?8sS7?DO`kmUW4ST6NX`EY1
zutJ;p<ZUS>35=N3Ve$;8d*kB?F7tq*D_n5e1iWdd$Bbwn0$s}#-?a1hR0N`+Fjihc
z2$lqcKsq@kJtpPzMf2&)j3xa(k$fr?)$4kw;P|d=ACXgF7LOZ}h}tD5e;=G^WuQcQ
zEvw{~aHvuOcAgGrGYh2Kf#no9#<h49>Y(_B!Q?wo`J`tH+*_0!%?pdK{IwfgHy^gJ
zOqw|(n08XQP+jfPenPEIFQwE;gkd>yNWtGvMYqRI8-OHuM9R3O@=SQ?VRggRV~3wL
zqZ#|O4py3WbOJa`hVTRB!G0R8B~f}x6oL(|>v6wmneuCyPj-K*RP$`YHGVrw*SMQZ
z&;@@Djn&N?rC}l=ewp!CR^tbrX~LT96l8fzpmTvKi+7(`z|J9?go&;z59I99`b=X%
z8y|+JU!_u&=?sM1y=kFCtc*5jn3iaO`jgZpPn+!WLt%-vG_G9mssYaY5_bsAKCEXH
zT$W@D>8}hP<kX}RVhyr{N9pJwMdn7bWHL&9W)`wA$ia~H_HJ)g&=bZY2!&0RIek8f
zl9E`?*u%XMM#Y#yC0gUbpga}VS&kY^u9OXU86XoXFwg4RsxcivTQj)MIaTuLP~rLG
zUT3xYz`|W0b8kltPFw*uogxAb7F4u(ki@MWEn9F6I4Et8y=-VAnw(Q(tTPc1KCkML
zU!f}GR<bVQad%trz@|NqYD>m;70DEzr11gw#Ogh3w}rh;ve6y$8P-b;<*wqTIR*T%
z7A^VE^8W5So|v*C3!$Do@l{h(6_=c8O|g_ppa_<S{F4%qh>uago8|ZObs!;VI<RJp
z6Qx?3e!fr!s0owPyp3&>a^#bk?w9T&4m}s@-4SJKW@p{%pTS^Cr`k&Lu}vjlFT}?H
z_%3!YvGCzA`POPU+dTXuB98oEBBM{o)PJAJXB#AQJTB%dR;TxvmA2Y^dx%JV9GHd7
zM^=D7$m8PQDbEd&5of^@TXRN=QJ#Dxc{5loso~$l$hL}H`T+ztlPsouTv&jZsg_w=
z`l_--Ux%_!pUoTeJf~zDkI{JIc36T;wsiJFV!Z47QR_k&&nE#Mt<t?I)7a%&5$b@a
zE`-9Z{n~%AeKh{GQ+*u6Z55wcg@1nBg614v0fE6~ztsK%u3D>PlGoPyg&E!EX&I%^
zmF|WqCxeH`;FM!Cp{{H``>m+)qm6^BHoXJOK~~c{MFu3KHCBN0T)=ZwA+$K|@@N9=
zwEqdfWY)1pLw#gW3#`i$o-St=1QO002g(8~9YoXfC54dSHL1oWM2@V9#2Ej<)q1}&
zE&Yu}nlbCd=iGf+io!wZrI{|OT-A0i#Jc-tiIozSHc`TB6&3w@(`h#${mDuS1`%eJ
z4LCb?NNHtylOM9AiABRvxv)S_nu}wm1Z9z=G^nIyPMSje0dI?(z@T<^mzG12bM#d$
zoz;FiATfb8d~F#T6mvNf9uRa**HUr*MwBL4gL7L(j%F#trOQRV-nn(Sp<16~HD<u0
znEZC|LQK4noDM}V1rjPM(_0}#H|3ScB3eL;JXk;=IoNA||L~L>8NeC0!x_L(p!rZA
zaV>GfkO#!a$IyS1lv^Vr%m;&H&2`dJ@d0+Jl3||khee1a&8z{g4pv+@kW+H3;P=2a
zL6&EXlEKGcWb_B7bG9{p&%(#lf&|fJy$>@Vc~b_pLxj{SevuH>m;KH7RSJH0+Wwd2
z`@OaenSJy>RG759%Aw>cZlnovH(H%Yf=q%vO{L&L&W&_Ni%*JrSOFJ|%k?WaJB_Rr
z5vpq&-rGAd?Q`$)Z$CNx@X!4kK+`GUmxc#4-W4rY4+gMA+{!Z8V6#~!vgzk*4;!-Y
zs#XK@F5)z9p;(cS7qKPDIQ0x-vrA*P)!>f^37gCP?nCd?JbT4OMWN7?Y?J1{DWRvA
z$+jLSJiUusrFG{}(e=-uoSw0Rk=CFt2jI$%l@U{!shaCvvt%nb?G3>xH7PEuBwf8W
zu1VvHl(pZu)1%hQo@Q>tRb*8WI9IMGH9J-4QNrlHSIcf;)#Nwx?tZS267n0b&$kD~
z3?}W*$}K*0cA>#{DwXgUiu2n&0c<$n9i-=LGOQ&N@|-CcQRk;=p*YP4!L<v*K#{r)
zxLpRWgOza}GN>x#EX@zNB4hkxRSjFzq1_pmA6I0V2MBQ}27emi3WU~ZC6Y+4dEnH6
zGEM$9v6=-W3TMx*mW&FmX{45%|29Vq67))7<(>kwzbUyKo}pg6q;tya+c@rZ1v+jD
zsYi>^1>ov1w^k4B^5(n`EjsFUeJ?-%JQmoV`rj}i{l|m<w<J<AZMiw!dMI$Gpor)?
zz*ukj>7<srTQIZTT1lApl&n+wZrjJ*be@o;UUk79vSxt5=Y$meLE}Vm0+8dmKE_)>
zjJ7?re9F^*396}WYLeNUpVHkNl!Nt%Bs~F~PstL{uyfZN1lf|1y?JPO@J%AFUnTc?
zva7eRcUg?$_rI3Bnp*&hDL20SQ}|rkMZ5wYj3utz#58rW)^5w@A+N#sjePA`<pj`K
zdH7t3{4N4#|Kh{nNI&&2(|h-u3O>t#|D&cme;D*fdjy1Ic9b-gN!6-Mmj1amO^jkG
zl(m-UYe<~+N7EBw39#Q!CH?kgV(>p(54T`GcN)cK(_dr>%<r&=`Q{d8Q>nxEJnncN
z$eYVYyojF7FNP^T3TgmcdjbG3Tsmee`j|uS%iTa6xpSZ-7z-i_g3mMbm1r3UA_Gy5
zbAiDKB+}`%S(OE=_`3ngYo<g#QGJy(w$f18=KYq0NLxKlV;eCyq|<!5u61%S)By~S
z7_M7QZXfC^#aI_4!5E5llpMVIU-9wql#UO<&Xw*6)5}`Kvy_3?4`^XAP8!Seh1HgC
zm*!XeE*W?f8!_;-b5*}}5BH*A*Swbt%Z$1Jhv(SlSjM@)2ZD;XwpO(`qhb#(G)b&D
za=Ow~(faBh(PpLQYwo_GkRLv34)H+^xg%;dxFv9-2e}u?!)tX+GtCfWMM|VMbl8VT
zv9uhRJ_r3ni}#H2!PV`UN*m9h$$a^2^<m3m2j^bUwMzK`gn`DKcBsj6{xz(lNM(u7
z6bK|mb3~hoT^Kz$TSqXd0I@LlrEK#8N7-t)hX->kce_v7y<9Fc@Smh=;$S@J7?g6f
zLbSp4iE}s~lw`{@fO=jFKLAL4$?`hKp5*Kr5&$w4^Zl(MYJA8*nW4O1&piltXGD3y
z`kH)PzK5wzPM5D-Yyu42r_22b6uLt7jJP#0&w0Re5(rLZT{s96v(D6Eho)>t!gHlQ
z$pDSnLv^$PE#I}^>-ki$#aa6FqJmn@hN!{4(EGALUW#R5%=4iEm=Pud>rn^Cw5i|X
z<R<e8+bE@tTW^}6xoz!Ux>(W6GukMBEM*bWd1R)1@iXU`UparhI!6w5rqJD26pXLF
zR~m3Pm|ML^;y34{Mg>dh;I!f6D^$z0#nmkcXo8`&mJXcl@#3nsOMieu(DE&H^k522
zPw$<qyx@%C<7+b0vN>9bsv>PR@AyIl0o1?!wY6{iii*hG>v_d}pI}p?94-W!Y~c=r
zN@{I)qFToI)ThN|_Gl_b2f&$EfKwAS<6ag*MOx#uZPBv#-C=RzZtth;LQQdSlns)D
zDcV34L=Kdi;S#QX)uwOnZ(nYC%L(?hq@+*2mAfv=j$iL%7zb6TE_6V%P$MT1-a9zx
zOakkL@{#N2VczA~M@!eJ3J6Q&E_>dtoDLX^OMK>(|6Z7`v8|fhIr_Xog?t!SxrLXl
zd4yAHqDgdkJ_0-DE4vH}T5%pUa8Z%rYN_;AhYGc|ER~8vl%az>)0G)}?d`T&$^xNE
zLc3!pfY_dp)nzAxKgQv*y`9=A?I7poQ1lCuMw9nc6N8X~e&eC`(s|dM;zEReY(EQJ
z+t{BY!`ZP^gdr@^y}3&-C&LxqTc@`trioj31{I4$$T5(^YBr7}UV~{t)(;nL;f76p
zTn9X1s%kRn_xhPiq@5yFNred>M!@@SI<-H)<vi#Xr)_#l!|-EO-IZ?H-(z3)aEr<}
z4;40Q_sI$2-<*t`;mBY-3~@7)z!BY<o*}av=3?Fc5wQK}v*;+eJO<q!4TQWQ?k^0N
z%b8MIRKDpqVNkUW-L!M4qFEg6Egjl)<A!+r;e<ijnc72mi<#{aMT*-22<^QjP9s`|
zz#;)-{HVPiK<AJlZ5r*BV$$^-1u1n`P2?Ugqq48)8|PI^EnkOZy9frcC}>p|lz`^y
zn9&xjtWynO^G5{CziQCg5b_;^!-#>n#lvM4jJIzJ!HB~U4L-8FCra5v)<!5MZE5PA
z7sOJuP8AStW5|uOkG)t{pja1s9l7bJO8V54LKDF9E6cA}r@|*8ZDk5t#`>D;ts1l^
z0P2G5n-0sPbyw;d!SmUb{YpfE^-eMY?M8M5Lc4(}7Qu8%mZ=x@Xeun>=4Q6!lENP|
z^9RE~9>pGE+N^vQzyG!80KoZgmVEZxB2cv5HjlmiKII#v!J*+To+jaw#cz5>`M2-u
z6c}$cw){-MukHGJcvs!fIg1lOg5;!-72k&dU9~=g48Kw$e1g?2KeU+43BZmz>G;tJ
zAawAR)!i&^bDZ$Oqqecl^M|Iz_B-zq>t?R(wL{N6r}+=pn;msN0esp{)LDJcQXZ8}
zuWv_n|4O%-T8|M#>rA;J&lQ{84rd|@j1*d8#e@qVE-JI8nKB@4gbw5b*EDaSb<V0J
z52Ua9bKiPr>cp$Dv*-^3b4wSd>U5{4+i1ygRABjG$m(_tsjjPYK^=x9lA(rX9`a+y
z5x;|+P~AN@nmzSX5ikT&s9~gVeqf(c=o5nqMn4}Eu4Ad>+?d>sl~OdyQXZ)j8v2Mx
zuBZxg3fJchcOoo20ob}y=a&l+hWMPJB_{!?$~0vlK8B4w6UPTSvPGS20u?qcJmxzz
zrk^qI&)2&+3ZAJ|wT;;TQ^aAFK#CoML$`}P-ZgJ{zli57Xt4@r3$`9ql#-!+1)w1R
zML$J~d^*L~8)7?rT7kAB^rh?EATl}2;vDO&0L#*wK!XP;EMk=dnLjP6=onkWT7@A`
zF}atRs$-!VIWVZKqTeGR;M3#Qvdv@rNtkJxD}ybYs}R=B2!(V9CY5$j!d?*Mwzi2k
zylz}-Bhpj#i^A$D&@&fxtG%5Y*aLMyV%BA_vxo4UBeP(}2taLE0>i`C3k&j-Rn3|u
zLmMu!S($BEzEVqa1#x~auIPCFBw9ifs7YQViL*@e``-Zc=2m~ZGDNmhDr%DYiP{^f
zz!i}ON>=rIv4wh88KruL7`L7~B9B~qV>-NI3mL^mL_E4KKTZD7-mx_JY?fRFYpmXJ
zh#X^Xo=3f}fH|WEg}t-3eC;-f;$u9N`#L#`V3j68Nyxy2I(ebx2MiYmE1(IRw|IAm
zyuugO&ysUPIWVpo54(OZkS|)|Nbh+^gF=kDW}<EgpITYePHG?UY{4UjxUv$Ahfqg1
z4uM3}*)1oVH+Qy0)iX{H*%Cnm(*uJcfq{YBrqckxD*MM@26yV)2ISExeMR1~XGxvr
zNXK0HR`xgF1{3?u*-3au8u+&s<J2$O>1;L2dm#<Y%P*dVj~mFo;-Fr{7EFd;+qVQt
zxEU>DKRv|kQ61k3-{fEH&wIZ5+m$o9ca7^S_F~<i?%uU~s(8aCEUHhVkV52Oxx`h~
z5FT8~h)V0t99VuG=a;F-cVL*d*B;uH5H6oli{kH|<%K-Pxm$m1`6G1aL#t#rE7eiH
z%Asj#fX;E`t)^v9ze%qC_s^UQADK!N^LK6q1xVWVoB*hPV%E53z?INwm&|&L#Tx|D
z62BQ_w}Y`Y@aaySHIP%D<D7V%@*C2QJHVQC$P`=299aaW3vP6~6DwwAo;FWP<lCQp
zEWnUmpG>XRB5R!2?qvX?=Pq5f)1GP|%hPIfOo{G5&e-9@1O-CmNa)SF;_8_I1Mfyr
z?hxYm(H*U|ko@RtkCp`P$5IX{`AlAQ1Z_Osz>p(Kdn%uLCRp?lmNjhokp+j)PHEUO
z+d}*2{HwV4?oZGegm!bHDO^~u4ckTDcW{BF-URgxn|g;Pg3723R0uiMc-XrnhU}#$
z$tAYyu9!(kfJ!&r#%UHuj>p`BR}Qc~E4{Hm1$x1lw(Q84@8~WP-WLq(zMXKSkJ4J^
zKtO7=H(Wd8DMP8_6Z8E!Z1OcIssxa{+RzK#!Gux+=K2amHYj))N{435vHt-Y)@zMS
zKBC!GFxi9XiYtN9?rKB9U^0+kuiN<td)Ly13N~cIo%C44K)bwBI7kkvHCjU&OWL7p
zBXIpDw=1oAaBIQ<h#mZ<Nr?zt)pHOy&|s^+b^>6$VgHk$I!fh)b)=USz$Hs&Z_!>q
zrk`)<KGzB0L4xT{jpTZga6M-J*K&cY?X_12#CRN6w!`fx#V9zCh3|1?IBWaj^-ghO
zFZby%7uTL4hM_K~R~7`r!4V0RlHQO~EJa{6x1g(Rnl3>XXJ1zH7G8gDAg*eD%oi-y
zGmsxu@7N8UWC+8#MsgtK!<1c|mA%w!;lHE5RUu^c#*&-u2q+%TK3hEOYCwZxrH%yG
zV{$)Ib`=p|$RrHp^rab2`Ow}He|;a@8`~Hm?1^fsYM1Yf2;|SFi~$f7BY#<=UoOrI
z3OH2>J^IwBzOC(y*CdFWMceh;NZ%Yn3$KGP2DWitgp*2NUtO7GEO*{pugX5wO;?6O
zr6|(J3@ar;)gv!*qs`_lvOzjWd#xcIybYR1y~nozmuSL&ZHgh7A*M5XAUpY+-^G`Y
zjnkMU{43_s5=!zb<nfgY-Sjx=UgL~xOx_7#ZtJ{ExZ_&Tp~)r_1|L=2@;v=IwMLKO
z_Bb!hNxk3Yc*H37((IXBN#h2cy_kfjEq9%sir;XFjMP-;w*cZzfKVhua9|||tga7l
z0*vDPGOGCw7}NGHfZsN)KX*%vH>|O{=}`dXBW=-e!=iQdr<XctRfxr@I&BV%j_AiD
z2JzY0Z^g8x)8<x*e4De630TiU=N{U}3E=ARN+auTx+5*Qb{YH0a$l_edLjD>;7QAq
z%1hIsJNd1WU87V-kt&A-CB8bx;cHDx!G0h4AMrf>WGa!f(YfUoAZez40s#EfE24x;
zuWGgb?WRx9@%}3fpSzLd&G6XO)O=)-K$|;`ixcGOUmQ`THh`E)y+F6K-a=zF5??7%
z%Cx=9v79NbAp~c%4hqQ(O0W*~|M=|XA>I5$Jnx#bnqfktS^Q#LtS~hY(pns=dX3r9
ziPOZEre;g+oN#8p$GxK52QF6AoSsT<F`S|e{-k%TgB`u7V0WC}Z690BSaM)szEF3J
z=Hp9qgMUmDGN3Y1KX0iMO-VIcrXw?1mQ4-RS|J#~DIDlmefoSw0Hv-NNxJ1df!NO#
zHFUZ!ELLQ3B^e|M@)wXeLPwB2j_<9=UbHnDO2fqUeUuonCH1JfqQly9vHXggZo?>~
zzE7^uSwJ0`dwgi#I7>Of>AT=Z1vncf`)gBIzU^Qgo@}1#chXD}`WIR`9Q;MUAp{!V
zAOkb>h2-B)vHe;X0J!{%suE<#invQ1^La#0bNcN|oO;-4m={6!IKD>&u~>NmfaGHW
zw0>5@Gq-=**n|Y`BjKw#AqvTLfnagLHNe@F-+ylIvRc{SnffbtYWyR-*L<Eqc|9@J
z|Hxj1{6A|ii1Po4n7ptmz*FNnp#1B*s-49Pkm{HgMZAdL)z7a5fJ>rJex7u?EPFZB
zhQFou%Z08#tvexukJlxJPahA?3mR_6x?4}O>%8U7us9#X=2;n49xQ%(U+9s?y%#wM
z&JYU7wn2m&G&b$}RdYjLHo$pnji1?nr7v4q%(~jW+YHWLcr)+OPBgsIo^Z!O<4BXN
zZFiSOT=l(?+Duwro*%@ILr?F?u1l`c%#wsz5;N;hTK}P48Ci6&9#5HU6qt8_ID7=4
z0Mh;1)W3)x{8||x()#}9dPrLYyWR<)YwmK`)wJhL=c|VlbrMDTAHnLiI2o4W(W;`8
z>hx$CHQkTl4|FcE8#X<d&T@V4kbI!juk2WoqC;P6@Uk&ZMLAYiRnj)gXJ$2)|IUMH
zo8=AMM6g9r$jqTLVz8)EGyI%nC{uM?<@TbnSaZ$0s%Ng&(-7;{u=N@l@?o#*xh1mn
z$Z2(T0T>h(rQw)a+{Fl_Rh;Sv8R#dE?ngb}Y0r%tVw_sA1J8FMSzUc_iJvgkyc~{L
z4`o?>EvZH^(?X#q1hudyKMnCbyI!|#^=q9zX3^pw-o=YF!}m?K?swj`Q`VRp()<IH
z*7$#oNxMWLzEt(bPI}<n;-D-uc7t_0o3w77XJoJ4qxAMjn9Hh-k)pcL+%hE*6770;
zH;ARav@%)3A)s`fwAiOIrMH_omfLUxjnzs&jJkOS&6Nv~|7o7_BtcBxJaF`3?&39i
zT@m@wXoG3Oj)EKaJM)cA$HcEcnh6;#%qJE%=e&J(%kJ%l{}nAYEfU!$Mlx+z*dA`X
zusE2skLDDtY^oJaP7viZPU8XY@-!Yq0dd*cQHP`8v7l9Ar{x{pkQkDFO};95RKR%=
z=13BnWl)~cJEP`o-R|xrwr+$bED;5H@rvr0t35gX{cT&y3D4w~!v6X{n6$<a;9U+K
zq?Hje!#FnC#KBRdrLeC?54lNw7M}=ajv_7SG11paa22CR7BZ(24y9mHp%<A3Wx+yn
zbYU8U8V0J)T`uA-t@NwPPv2aR-HYG?yV<e?%qHIUjhYQgMC-6+SE@Hjv_lz})n#Ux
zU`phanv4f?o@(Py`eHew>2MT@*0hGv_8*oY9lrGzI9yMNmRF2lbxu1fL%(3unY{Yr
zK_g{u#oNWxruy#-#<vlgne5Kx@8r-qseM3Nw1`lN7qqu$OpDQL!JlJTA+~SWTsB^d
zuC2be95s1ON!BEFQMolt(I#BO+ZnSJx!f&`f@4)4uQq>WU;76*gwOGw7t7eS`s6)P
z1sMjoyh6>p_yuWLnQ~6Lv?_;O(WUK~LC^FBLpGHA>1ic$^Ew6{Bw}{N9bugR$5OP%
z+yRfQRki&Q)c5*PWtd}=#|O>yE6^o{*d0ug0eLI`+BS>y21?Hd#l8}=UR#M2UXnXQ
z?9^o*nJ;adFrpvQhCs}gPuiswOY2GW3*D-r<u2jt>J#;9=dxB&Wg4M-+>G+HdoYXM
z0p_IVBuq(R$!z1qI-Zun$<~ez&W*j{F5+XZaa4jXo)Ku|?s)KOKu$j_EZ?=efNqup
zNJ3YMOlPf3wRRX)y6bOMFg#fEe6n7Py*n;=V{wGzVQ(8U@4;k>QDe<Qo}*m}rZWBb
zE=qe<lyLNeyLEvk8KMz8AW{U9R)-))EK{wmO+pO1V)Ybd<)a>qa?c|Rg7Y*$8Zxl1
zT~jnQIE1l8>rtDNWrJ&Lb;+%I$Knw<(mHZY03wC6tE^EaO<|JF@!4fkPyRZ9T#DW{
zyO;VmRU_0z)*Q!!MN=^8+pWD`&w(`Q4!rQm+og3NsX;AUWHz540#;f%B<E71Z;Hyw
zGc|weZrI<*1%dP!HVJDua^Mf1-~bJCO&4s2;<D5rNYRM*Dqz6l{|JwO>YqjYHMI+7
z%}1V@@Vpf^#E7uwM+)cNPB{StxvrvZ+Y8W3w)tLacq7C)_Z<@aZi@bk?LC41gk542
zRhmGqcF(0=-R080-tO9U&Bfe>PvhC1H8-OAxy5^9dGSjbX%~aN%5e~11JCtEOWYdf
zw4QwM3hqReG9{`b9W$hwLD(4UAT`EKVD>RG3|uZoKJKPuJv#e-yByNxghW#g#qC5t
z=r35!L^$^7F&zxKPGp-kqck)t0!Lmz4z=QUtJQ<}cdyFFHAi2nEY*9?6T9J6F=up|
znX?gwV;Wnnpk8q?0PeE1#;zEO{5I_sAO67FhJ5u!ZGrO4AK4#cLlG+pmYz{q$Mk@9
zlhWb-BHHaz4r*||7SrVGbmzzV&}jqR=v+?PBviiifFdmESvXhlQV7dLM`>mQ%8#^+
zGkHm(dbLF{&q;8yEZ-@eLpa31HP)x4#KUlUGU~Ech5OXAhxy(#jbhMFv0LGfCb&k6
zQ5W86(&pISl2~b1eO!CTo!u%5mL5h<EBH_;2b<?q?l0pI#E=A*>RlV-za$9J9wKgD
zx^JIXudNH~RKGXB>Jo!Ns9d^%2)A`6VJ27ceg9x^fi<$di^<ePT8Fp<v&&2O(y^ws
ziJ8XV>ti4LaF<XAF?GD0X@el}>OgsnPtC0(B$u(HDWc30vm%<hg3~D1OUi}kW@%~G
zUvr2o8-6gw(<@FVKtbchx#++hWi!BaP1+$b?*VAn$_ySg#wbMS{yH+$1)qSHtY|YU
z)0FuDr2+Z)WpYJ651aU2&6+LQij7#^`B2YRPCHGxH#K?=td!3#n}}jCL9e5pYQW>t
zJ#j)plvxUC+)}8C(K$gUs^!`ZFGQj6^>K`sG_HQ2y>Hp7ardD6;V`G=)2Q^QsZY=d
z=e(z~Lg{SNkf6qjoLw}SQ4B2P#yMQ=c=yYw@sfR}o$aJK$yL@kVEVL{zBO2n<?Q|^
z^Rz2HEpoDF3RT<Q3|pr#E@hC<p9Z3|crZ%^<RFn?_Gpo+vmM@z0sVhuH<a15=H%E3
z7%WuqN6{>JYLl;nvS?Za!{mi3nis6Pl|^Ni1(dRe=<*%cTh4!J8?IGLY?9K>$$REd
zm4$52uQ12vLklDdhiej&PSh=B%WGju?=koNL{p)I_C0+}QQbInZ3<#;VNmd40;5Rm
zZ*vn?@u79#5DVm)m@Qp#P-5;3IIn!<yemesBoo-+g%t`z{H;`ry=e-jd5Fp@;yA^%
z<81b6f?apo8?XW;*5h%ky|V5IIg4yh<_^ubF;P;vveGwc289yK-*nJae_Sf9zio7N
z*xGhQ6DM;Qq^h7mF0S?<Y*w?0$N}BE>Xk4M0;?kKmn#3FMeG`ySS*lQRV+2I5>_+W
z-Nc0IC`VdQ^@GXPZ@mJDazFYBXt^B!GpMWB>F1EqNXN3xW4({--<jRWD*4G>y$2x}
z=_?RUdb1s6mqOILkRw?~?cmY47d%#(h6bE6Rek&2e0@0+blvYx+&UoJO#KSKz<~RO
zm}Fz+Z(+b#j&E^6zNa^@{`Dmc{~AX2Pll85(NUpAZi+)B+KuRLz;uIVrJaNWw6v4d
z#Rr{I+|3o!uDsvetI6n{LGvc&^ZTCJlV7?C_!B62p&9<C6Z>#;aX@>w^ZbBF`fhGc
zy$ZE_#}9C;f#suD;(+~WF*;Sl<?=$9JQPE%U24aK&shk3$ziqIr7qvc+v1o$-wAsj
zc94GS{LHb%@#4Dh!RdENSarI1Q&LG5UWp0I+x$7T`D}I{Y<Vl00KWD!_A7Oyes8Wj
z%K#3?+QvqFSx*3uT#M&Nkyafu?dJ-A=5%UT>d}?<!}g>83Hu!a<&>Gwm4D1faDMc^
zk;|Q|@rzGh$F9}BOSG90(M7fuG@u~xnrZp7(khG6AFO+-yHeWYh^>yVCR_|NO?lK-
zB1c;cH4kS2NnzDfu02cih)?v`>hhWXJ^9A1YYp>J?-ISZ9f7KjP1lxfD(BN7G)N~N
zWKg=3?dq$ZY>y1FBrclPmB6>xlRhOK<Ts2hogX22A}PEnylWIxH$W`v1{J6%x|>@&
z7kcVbU1DA3q0;eNpDrqbO+NuYm%XH;CtsNe{<Knv7HRzUL7?bQM{aN3H_z(ZQwf!<
zY2Y{zOXPjFHDtU&@PbxpL$s(5LwMKxn{cdt2rRNp&vXdO%G4HW6lleW42RCU`PgwG
zv%N`$L>R-C<rqDgGCY~0H7oGnTu4i4u<OiQE5Yt7s^8X{=0$9(O7&p+iX`{(tFXfT
z2Wa%mDpdTs3Lk&^-?R!(H%5r@EYXs<o~qnYZ2@`*)mS&I9x9ai3K)XJg-s2-aPd9=
z>_QE~rwwp^NoV<a{rv}4pXyJTvv!dia>=W@H+OIE8OOTE?*K9RS3k4=LK7Gay5E^5
zkKkX`sXuomI|nU{3(!z;D}S)x@=>#40EcmtM@>+LK>|a2qzq!Z;C-27KLTCdn?E6a
z>>kS`)MqJu4Au721UCgReP#F$A^#D==kyifYxv)V@Dcs9#*dRrd$VxmT><4I+I(}m
zXsza?zGUSSKtq+=ByeV6(iPZWgTRN-$+!M$ivO$qVZbuSlfRMBsh?madR~#&NhyOx
z=Q}vkkna;yk0)h=Z!0Y5_iUHsFLzEW*!~3mKOa6{m1klvY`n-kC`ygMYWn%|Pi%&)
zlh?UOh5}BbGk$IAKN6+?(bxa)QiA@(@-FB7fcRd|_P;4uO}+BQNqSXBD<G9WHu(pX
z7nt!A##dmm3L4n;K<KQmp94*7JOQ}I{{CYa->IK$+y8Ih0{-u?KY*XY11}Uhe!^2>
zmUZP_6ZmLyyx<Yo_Q2_r8tx~J{y7}39AM)DN*fC;ubw!RwjWWM1ON))AHU1;%lSVU
z_71ifF;5?h)$SM%yfs`N+^_TkC7?Mt0m(1#DTPW$B_hUjXo4G5V$97$7+ehogcz3y
zT$VDTY(9~C_5_XX#X}A)s)y(x=*ry^#>a{#wNEbo{!8}&e*%~Hb7cR-Gub@0m$<xU
zpDodKdG&$DvqQ5ie`GgIu&w=w(QxThVO=FgZ8W{T@5Z`UzXH%_{gj^ky{VsUM}5}p
zPw_={fw5t$b=iwP3Q*tDlB0@41o)@-*_TN_kn5ZGfuhLHRkXgLgD+#*O7{8_fOhYX
zFPFZw^si=ce(&DbbE5zxyz4P0*V4X$DoS6>7E#|%Wou6&COd=}QDT%+!>)3HL7u!V
z{6+Z9wN<(fpHx+U)wsfe9F=rM-y*N5VZ_KG8!Q;YBA{Md2qX_oV?*b%eBNFEnw0kg
zz{F<!iEEOH@9$7ZY`)vMY*n+!vDSlDEBX_^WIn38stwsLy99>q-qq8xj(wxgKEI&D
z91~RmpDENV0hv0MsH)PZ<Fn;Eyf4NK9wh1bL~wl~O*Zhy${Hxf7ALDUVyxy!&8sGX
zacSl>TV05Zoh`@o8x?hjTNt}8O!6yqqF;C(B@t(kX;oVoG(A8hBg*=QG}sw*0f{S}
zD=5(`&a-)oSglarvDdm2{sy)Ty^Tm*RrK`ZNIC(GOkaFTbSIz4f^I-2xKl3ipl0J@
zpL|j$<J+Sd38PH!d#HLrS(&5<l}D@7>`pnwCP4)*<P*`9D?7J;(_XL}PNUsT6!eX9
zSg5k=GN4&Xx8ALb$#y+%RG!|VYNvljdv}mwH)1zceQ3&W3a-;avz~Nk;{?!aw=BEo
zY1??1C0^ogdTZvrpr)r{=g8_y<wA{74~p}vd<#cR6XdSc>7s%->HbwecIhMkwzm`<
zRWfWzl&Xg8e7>uuPtS(K+FRD^JfdaiZ!+YRwv%_EFsx}_pX5E@OH{ba&AZip)f=f}
zOeX-AdmRt@LkD-`k25T7B<p(&d8gT`&ED28tf7tDpIhZ_C8kx4{gz^esNUeZGHQz5
zmu=u!5|DDXE)K~bJywes{pZ@{UE(pi8`?F%S4<zdivRA_V_KqC_E_FOIWnKRXqER!
zrlZ&I1+3Z#qu#0&AaL1^N!l{A?P&DVnMD?**~mw}n+*BgcW!7ILzyy^G7WrpH)4zi
z^xICE{FBoT4SyH*YAM32>7bK+c|&qTgKH|xy*<stZ$Zd4<4^)PajX`CR{XD)cKY%A
z|5s(L{L{`er}R%~yGUmQe5LfT1HI)|)ydH>?T4`2uBv)8nUdktPce$mR~(nT@f9<`
zJ1l=@YP9}anHn=+Gc|(#cV%k)`x&jZ_+;%a91k@pbb0UDHH8;om)o9`#NdgWRtGL(
zh)g*S-J0nzWWMw#=D(X!{a*~r{vVuK@IQXX|M(rBQwaXY@A!A~-T(V=kN@#IzPxV#
z<afv<q7NC|Mf)d0Y4zM%t4Zy1qpx-fK4fLcIM#=|lvde5?Q0H-Ww>HR#f;qKvAbPl
z`IhGyv8_VRs!E=s0=|?Jl`|GDIx{7Cd0AP>{n;e6tc$3`l<vO6AFg-^1?gLD%2Vo{
za(_HF2)TS$V=Kx%PiW3+kh4orR)o=36%*8sjPJ>AsbHR>W}y~r-{*5#q2%325ii1M
zR=AMOH9Gn9lrBdC0HY3XfAt&iSHI?+84D+ewJ6FuBWg|PQr}T3gqiMPpqMsEIq^-&
z6Ttkcx6Lf?HZu8+;Z$&i=}j0KS`0~AtDEM8SkAJf+L^~rYsNY0gOtO%guN%cBb|Qu
zK&)??L-R3qXCLL}w<<`7xgF$<SXQX&j%URlXmPx#jMPVG#EH7)yfW2Fq`jmnD0Sa5
zNj&1E3hR`!85ZQzzr31+6KQWH+t_8tnQy6PkQ)?Q95OOB1L%eSGNS)n+7F-NP)4yn
ze-8D~`Z?zK%eaNd+i04h2Ia1u1vm8vQ5q#)t+XJ+kPXFLyvtSCWsi5c9yd@y^rdZK
z_5IX2cI(1g!`4Gej4g`2tGQv)CO0vBITsa8FmKO2__d!z>ePL@>;()20n-7~6}_Md
z>epphzRE1rYi`i0ZoIFQcA_B7v2M&E3?K8QG#@VTKcF4)5R1)RdKTVe|9IG@^mdKk
z>gcYd*YQXp%dNk4j=wcWaH(Y|EN=OUHP3CoE8J1Ro<q?|vgq7OxjGeeOL6rgTCVKo
zalIg4ZrM`*n<_s$C9&W7z^lrfNvoX`$Crk^8JcRgHW$obg5wwQ34u|+4&px-k@;t^
zm}~6|wh|EaNnLU2AlCXm#M&~3W3ifMJ?^VGij;leIOJAOnr7r}RzCArKYw5RxvNw#
zfsA5}3Gws5)@urO@XQ7QCHpMXVuh@GxSWCFjzf6l9qX;b|FtbAfAXw3YB)D_(QLs7
z7I_hQ(Q{qn6lY1-21~DsdL?u<?(53(C$6279oIiy>3=FYjI%9_!N>tMD4;xMu9MZJ
zldevkQPj@+h%aXAre0a^qDNu6ugopa0k=@iHNEw#_Oq#>%z{;0uBXNc?uaP3vZLyD
zWa{FTOSYU^wSHlj$E<G$-d28_(dV{q?-!%TQUxvN6fk!9Vc(8$W_wjVqx_=g^5q`{
ze`zot&zrs1zM=o3<L=8pIR1(-u)X(xp!_8u@5?_Xd*Jc&5K(Ec5(fr|C{zgpM3h<@
z7sh68jn!DCyIng~HC8spziH9DifEN$H{iM2{n--(&xVA$x;_gDV0obZ4(vACxPt!v
L9zixT|Gx<Ud;u3v

literal 29908
zcmc$_2UwF!vp62bilQP$siIWr(xr(?lP-`DI!8L82_YceazN?QAv6g!2?Qyj1OY{)
z7b&461f+LRdgm99dXDES|9kIqzyEVLPqOpwyE{8OGrKdhyEz;<{0z9DrmU(AIC2C4
zI70aV4#$q(P*qScf1s<atg4~($BU!%07^P~0RV7vc6ZZNxp&RL(CFH?vY+XpCG62p
z_+R7{yc>Prumb=+0{`Oue^qqa${J=#sq}^Nb$6q5P9fHc0$;NI4nO_|TYQJZzQJxF
zT?I;=*A)1M?Juy!FR-WkBX>%jrf>BvAGv*lhbXYDlOz0FU*FO<iqBd*gY_u60p-gK
zfB|#?Du8<w_&=Kd;-?D|0Jyad08qX9tIQ$^04NUx0O*N-m2tcV0M7po0F-q;dg%7>
z4`Pl{evjJN001kw0050406_N%0H8MhN$6i~|B}VO8S6Dl8)nKlT__)0fFr;fa1Ede
za0XZc1SyaR;3hyAAaO_nC;+IAeoNnesVM2#iDTc=sS_uTpE!Mrn)>vq)2FG=o<B={
z=G>Xnr)g+u&Yiz-f%XFR*^6`+FVIoo3*V3&`PP!^*eOcG3ujKBp_Kj))8RV+?WrSU
zR9C2uumO(J9-*Q=a##;wp@@&_$RFt^3r?Iob^I9B>7(CX8(#oWIzB>m{KSQm=T01@
z)C3$kN_Fh`3EGnvFP)+TUcSyIc2_St=8CYm4hRf+=mvk9P*hynB_iqS9@R~tXXg;T
zbx+^I3g!`4(ko#bpMe|ae6FBd$2CSl&P>7f4ds!aJyUe)*iovJ$4{N0yuC~Nt*;{|
zPM<!0it2k6O4qc<E?&AWtaJPXorvgN-G>=KaaXseQAO{+oMe-D_FU|q1uVL_Yn0vc
zE5{)baF){UC@mE&KprrXklfx<JSiIuZs~Q5aG>u;ix(&@C@Oqx)ZY~exP`2$h00e4
zbZ0Af=-jHC5G-jAvHD^>)|4L7?i)>Q^*U$_!OrfMH7_wwFzTyj(_iLgk3-{G#Y_wN
zTZM+Oyog+er2dh0)F)J^eqIh2+vRB%<AvtEu?Xq%!I<rjJd=|GPrDaSjF*Ix%U10w
zNQ;C7eN}y;wOWXgRi7%;G1%=KE;MwC|4V%|8*ho1SbwuhOTwvSn=6_HCa(F>{TAhA
zY4<rW){MpD%yZ$vYwNV2+i^N3RoH1Ri~78`bIPfiila1ofkt0Gm<=r^IvfHzO5%#h
z{hzCD&5hV-PhWB+)U>5{@IaKxeZ8gCf#A(6&H1YSa9>x6adkScB%bT;9S&*DCXJcn
zmLtqj()WkMO|L2!Fc(S~`!w)-Ine;udm+1OWP4KEo#KW`Ohh!JD&t^+T5xU@eFG8$
zcPLNm)x4j}F-nc=0cz_HSNrYvEO9NqB)#Zkow`!~H)imju2de6b=P+4Jkv5$_{iM8
zXfE{F8(ln}5gqUHZc-m4eX@RI2F1<^)58IEjMf}o?B3=qU6v5I%>9JCg=T*C!KzAs
zC?nU8=F&O=v=ATFN~5)lW;oljI3@lCN6IS%gP_wcY^_WEmz1S<*WnJN5|f9*<@E1?
zrbQZ-@+Y2;WBiijQ*^#dK1*Jfc>MBdnlkYsvP-#oJLIHODY5%17go_S%YUwuLq|M6
zJi@zjMO;ji4#H<t<Wn|MaGB`Mk^2rNy&JnxK8#ts`AGrjgbs|*zikw+EoMJ3;l|G9
z9_c@aVVs)5Ajxlw7nDF6qjHCUWn2F?xRWhdAC<!Wx$N(fQMY17-DKi~Tg$N|U#r$N
z&W|68z>YhGB=vR~^I1iO<@FgRZn9q%hu{hzGZXqaqKpT(=j4@C9Vd1PoVxY1!Qe5t
zgoCfRP^pTsoXL83U0<zVIeodoRMTSb6j(<lSFm6z-KI|=VTdHkSky1~l}TcJGZW%N
zU1*S7I~P!2TKIP%aZEA=H^(VN=#4Y*uf<7mgFaU)X=}}$cD~<u`+k?#5}dKUkv(mu
z3%%5UiQOf7-Fukua-mz7B&4Z6xv?CnxB99+87DEB$_-nKat|Mp*#wG%3HVGO_Z}$;
za}7&jNG;yhe<mGvqtXTr-8lph3ckxDGooO_>cCaa`L^z5Ll38`grt(8$})z5X4GV=
zQ*Sc|Z@<*4v?_Y=5^V`w$5b|InHR@CGOYRd?4&wyW7*k6{X(T?_|O;cw>2_DVYxAg
z`(%8$JF|w1o48K9o48M|R25cv{(5mr=<mFZ&iNMpn<j8461m)Y)>1NGnPtEI<Uf#6
z5^E-JU#0_+zuF|!8Pcc{Py;f``)uVA!b8G9xg(6i7lBOdl@<D4wE3PE8+^6+4&4Dc
z&V!sblK2iXB52vUm@s@jBFXMIM0FHCY7QfEe`dnapk7~jQbh>L#w+zGEI}wW3R2tk
zwc+M`iX{zdlHXJC>i1=X8SYZTy&9tT_O(QI%EIh`Y3|WRwhG8(<uM6QQ0Fl?t)6fj
zEMYSjtj9N;N9ftChq9ZZ=kfinHzRc6o*Ld9Z!O|H7tqD)ue!PhT`MxIiXV{pvU1_~
zzQWIj=Y`+*#3ev(D=Le_yF@ZMTAdBTkcgt-0|7tpX?JKUtRlJ09&4A_&oW}%zx+4l
zxUsv;=M-nTRnRJi3EJ8Pmo=)qf`w%|nCfWjh`g_4y1G%x8KIA{vg|?=78d!L<?Z76
zrzXA22Q1K0@sd4C;>J-a^@WHNT73;um0)mwRLG)^7=#OfSTbnM?~)W$(xIJQIs^zW
zTWfkaq!1r9&hH8GADuM@;l#kAHTueZ)gkKyV-hl_rbzgjkJK`;b18W(=0mwF*Lv&T
z87L-BqjNai2Z?&WwM36Zh~SZlA8g+NSo6J}{AFqWmk_n{4~vllZ`hzkkX;~It%Zx_
z<07`JldeYH(Na)8DO`9j)>@Bqe~Qyba;Q;x7O1BPW5hE?F9(|;D>O>iBGb65J1qy1
z8@%(Rd7iPkn!AgjLqNv)RCLp0$n|QE5Poo2$53->Od0p-NJk&e-KOdoGh`BCeB`Um
zkb3m~GO%fJlinlYKFKtxyzG;1_qc1LF1C`la<x~RqgVv#A-L>O#BLJa)dn`z=Hh9-
z?&@G>tF07kDF&PDUAwfRWBh2~w<2EMO0cPpL%h93To2olS`nVbD7dn{s!D7bymB6z
zyMIc$@Rbi(enx?(@CCGy2|oXUb!%f(s%y7ueRCbj&K5ZwIk)t|f6CN_-A8x9Ki9gw
zb*#MowhEU5P!m0{bz|l-1g);As>-pFf3t@B{zn(-#mg$Zb_j9lOG8n@bJ7b_qnfdx
zkAj-+<>Y))?0j~Jn$*R|;}-lO(aLkNzL6Fjb`w$UUzQow(c33+dI!I=K$_&x>1)@L
zQ{--qE49PI_M1sz+P1zb5!)Y=qoDm-*h9ePa7O0DzFT2M$&D7#M80C_FvQ5K{@!jQ
zeMHpPu7;uy>c`H=km)>4(1pIml_t|dpO=bi&VGn7C0(yI%PDob$mjI@TC)IyH5~7t
zfX<zz=6UU%1!h)YY_hTzr8R8l#qD>?Xd2+z|4!3&EaEXVq+}LnCVU7mTi_D68O5CX
z;Hk%x5@C57Esxp9Xl5_0j3;$QjugEON^6d?AS_|a2!sdHWl6gC$(On`sjP!LEi=6j
z&gO&M#Ni+%rBLz)4?-W@_{w+#b=C`5*R<e&2zZqLM#OI3USH*Y#54NI;L?>MD<4Z(
zyiF#Ub}<U>HthF<ML$)F#-rH(N{NP^CgM%x&e!D+rZU3)L2d9wYj9gUilR_EwIrFL
zN`B%*MoYnES+v?2e}y2UFGRcS%;^yo7P@JeEo{4C6+Mxz<Q&%HX$mo=8}yr)?13{l
zshCuzl@2+I@3?zx(sW@iE(I_q?@f!(Zpz?yw0g?+eo}DqhcY>R2>RL>Q^;aoDQ8&w
zVNYzgYBECVYTL}_j?eDot2__&GA<{#_;#8gWau&6^vcu)uqr3>tLo@`>rof2@{AJr
zvZFjLj10O$-(tkVdkhOQV@x}`qKu*A#N#sg5+)&EUwtx;ZbM0{x;pNyx%CR%%j_x!
zNww=YbaYJW_%I{>QDDW3zM`;Gp+G$h4M?lHC~TY#>zeAfz!MgoimRV*OkKz5-PUYw
z8P^PQ9D8rkKEsAzm`+hsn-32S%T2Wk?BY+6yxrlfpNX^VRwA3iRoKv1&!}+jwucZb
za1R!_5c;Gdz6kb5@j3NaKP#XJe>g&}C8&&neq9r;$~ZxwWx%4c@ZTrcU4rj(BI*!u
zk6tBy?B)c9B-*vy$VxuoS+hhX90INm%^Vb}1h|W?2XM<o>$EyImTWEd_P=!trEk7y
zta4$e1!_lTvd%X1LTQQ=t%#d!bdZ779R-Ad)^si-H9XT~@pFD7HRCeX$dL?-Px+ym
zECu%E_5^(pWHneVxOT9rc1y6Q{4U)5+6Fq{)AJvi&Bh)yW??}N=)zlAZo)@@_hF|A
zZe(9nsomei_#qv~3(GYmCVOPhg9^WzOWyML3?2$mh8ZnO!pvZ%OY_}pRcZ&V&1I`E
zz9i)H*}0c`39!Hq^!57<&B6C~)C-^lRjSz}J*Jeck@h9kj@-|cV1$&>KS>EoNTV-N
zG)5A<iU>)fwSLl+vCX32Mx#q|@)~<)mX~b3J5&d<6{}<%4UfCfJXa9|M|Dzhz!#&1
zq_SF)3vA+8Yq{p#DGopMBKhfpO~OM1sz-?;)S(mDg1myXaot7<`#zP;Q;XBp5I3<1
zF|gZ)upArdAC*^g-dEhepWTfN)4Da9B;%Syu0id*e6MN93AF72-`eqG+3y(c@YyKY
z&DrPp5;7`5J#VB9F=rK<jiMhQz)k7O!JH~qW6tV69G`vkmwUtro4Kb6(o>Im_tMXp
zAeSIukd`p!GvIvhTS`#+|3_j@!7WDu-!?N5uue4@MiZt$AiF1&Au~sCm<Zn9^qZRZ
zsJ!0@l+EP}Ls)PLf5hC4#ak>cW}Byb4om+89J_42%j4Kf#t5%lOocr*x(hq2mRWuR
zjQq>8D3<ig1t)Z8L(9wJ{QX8A{|R*2dQIM6*uvR~Bxsmcmtt0zb{l^J4WTlfyehW;
zx=%5~VJ}^o+X6;svwN<%IPvc7)_naFKz6LQL=Aq0escZFG*o$2PSq>z#J!yen7%Mr
zN78I+%m4HMZ}kHJ;6nJDcJbSc+rPzqt;Px4O-bqK^?b=tT>D5Osny<Iemmma$wNPu
z8Eah>)1M^vuZJhvW$UBze?RzDvQ;y-tQ9Blo}ky8EgQ@&&flS5rEOjs+?>PCY^YPG
zW2&R&JiL*9vM$K8w@a_L>19Mbmt0d?Jo;tzi=q6rcR$tZY$Y5&G>+F-VQE1XIIgf8
z#YoZ8GFJx^oyuKe8;!8wIAu**QTnmo-~NTLC1y&h^}h4oS}?K7#~w0G-i-JOgkSbd
z14VR(>Obdk|H<P&0lSj7D_I`CMx_kuKeccCPe3Vk`hUseYgKHupkY@+PF^_b9iN5D
z9C{WA2gBlg<+5f9gn$3MHiNmHh<OaS{_0OgRC!dH8p8`5oZ)uCI&5ql9SchdBeJPK
z6<ffrr+QMGT2YIk=D$$G|4UYQc`w9VLsyTd$m!7;dzW2`GQqkda`4z1I@4C!6w8nX
z&3I)!P!H|1M*uPGlb>V%kxMbW*yHrs!sqUDGd%8<`sJZA#xWthE@j6LaI(W|H0PNb
zBG{N&N7!t$(p?!x2L_uPUMOA}xpPl=AN^p&ArF~wxt3Va4+oW+I*jK!i8p(KXWMbn
zc)QKSekqigD>QhJG!Sr!WK`A*{vZTiIaRciL{is|YQA*(t{65zqFy=ct(tJ>k}+S#
z{r)1IT`V-;R)N1I=Jnl&q^q2Ax2^fuDmW^{idEcl-31(@#lwfEuPb>(TFgvk#_8cL
zqufFANglZn33b;-ei@OL!eDy@qj$@klv7bp{WhCb9s&ezWG}S}2X}?ebD@Qwi)4La
zZ5@tkm}L&lG{S<u#0?9Vp=Cpnyz@6@k&X7Xl|>}M{!1Bf0mVp7ON(qdjpF)3MN>jl
zn5GURIzk_3V{@HWgMht!ldn~O&|c6};?CX`uFTR_czi2x$^W$72&mcg^3noaFb^uN
z%%{^4NC(z*C!9H}SiiuVV^0JeWt6cV`65tq2&me(jYjenFK=BQJOq#rN}6>h<taP4
z&lZypPA9A;*2LYoctDceqZ67I_TzoPxsaat<*|Cs27t=@$tjj)Xo=B^3|7Wrutv{+
z=6*(eP4Vz9?6*Kpi)tBOUSw2DxDuFbvD1v+V4*Kd2<tUpsMr^ayI8ZYNSrf@FS>Zl
zk~m%8h(`0?R&L}&AcU;6`nBo}8W?OqanGn=q~ll;tRT?U@formicw>VJD{K4V&vJ4
zg<b8}h&!i@8Hn(GR2^JRTx6VtPL?r&%chO5fS1=Lj7^Om3>BZU%>8UPy`*Ebfw#(Y
z6E~}ejR!7hF7?~>^BI0}gLA(Nt+n&eH+1uv>(MW`%`L7dUZ5=MucAO_<<^i)<mEF#
zKnoVvt3?AJk@(#c)N#Pe9mS+<V4#J1YDaLX;IkywGhE=Q5nW=iq-7K{idh@HsGOPb
z#`2gBDF1=)4F`Kc&;t`YUIsaFkS2n`0FPU6gZ8uSw1kBCHCwO_$v2d*q`%+)u;&oK
z6Ye|cSkkRG8-y<1iBsBs8vs6UIPn)aC9nH);xMRvox{0Ii}+cK+s77O#poZvxchYb
z)XU5u)Q-8t6~Gx6=9BCk&3VF)?QAO)bl9D*Q2RKlo-sm4x9#^~aG)g}KXFaSu&$67
ziKcjv#uQwBsY%FvZIfQ$g7zJvexs=|M<`Rq)1FR7nPfM+%_=xzE*zH9&u(FJJyuWL
zQTzST3MZ{mn>X%+d227HvnxY9i>2{{T)3JXtYIpiV9{tWW7KP|X%!VZ&z9z0jWaH|
z%pdeMW>iWpI+rOo2%9sg!@|D~yUQ0B)qI{twx}A|?&Im%Ma21}_04tsz5>_!7;?&V
z)8Q5_f=H@aH1*?%=S>OXu_HE?85ww0Pe3adm-<tkUsk83p<kpX>tb_?Ox;W(tp}}x
z$k6hd&$AetGWAYj6uMZVr%!EhU8{FkxqO7-Q&>yPJKxVqxC<%|>OqeADoCMRWKQm<
z_-lYOg%ABRO#*6d3H;r~1Lk@CtjmMz>SC*W)9ULI-qL;-0B8T)uK$buvM;bdB_aC)
z!^9ecaeT4`(eEbNp#{ZDI6!Mfx9zh)U}fPv^yI?gf}-wuTjB!5{`J$Xb2@kCQ~BdO
zlrU;s*`s032Mg517cgyoUMVJ>Hf-oVgk4Ygn4Tz>?#mrvxdPP~f@x;{V1rI%x50=Q
zczsi~0CVhOeM5B@T944mhMkXsEA#o?o;^P{UZ%#YLF@6{xlY6wcU&4IU6U4fV+{4$
zQ5w@{0|F_h#lV$|OcsGMGWR=zOi~R#zj<ofyXb*OAX=-79Y6Ln?Zrq$^bHo6+-tmK
z&z=p7FHcfN%M?kqF9slfZ@gLs87>GbthAKmJGKl%ltLJI(nV>nD1wdbts|AzdQ{Lm
zGik4agB5#(>05J7X{nbsFL=o&rl#8_NoX2t-(_jYaMFHlc|Am>I*b5CXF#O%B{#%b
zW__kZFpj+<ozR^6Hz^6c(Tgt8Qw=2D5a6>L6ZeOrv#k}W`!oCD1~1VeAtAx9JD%M@
z>(fhBOdgEH4&=G<8MW38U32`Jl|SU8<0nyBbCPW?Bn{8g%^B9f_-y{CG}Rv9H?GWy
zH|}ou>DK7AzsP={%CU3V4v@9+jxw>R+QsWa(v(8HgNkN9>vb!M2!T?+FuF7^D$T80
zV<%xsw?5Q%Z;aR|OPi4vnwso{>@K;)hqDzlC#aMBlIUlBTuRulzorz%+{d_C|5}sr
zIMYNo?@*F^b@^aaL_*oFhzR3}r^?%6A>~}ALQWf2mf4FnZDB!AU+dIpvK4ep8M~J^
zhYVX<>j68;d)c_L7^bjpQ?HYGl0t1$J0ZHyUxi9%Oj&PoP3pXaxfzR!$a>61Hj8FB
zbwogwqEP4}4vTX07`?2cziUyiGE_P-<}lf?!{4z&gF=qw;7xNdInmJ>Vc~`abZl`w
z&}nBhtg9j1dD8;>@=?;m4&E<Bx$wS+bRRX<S>!HNUhLDwKV5rOjgAZtX6s#DvZSkU
zztK<)snSRCVFAhxxAkaVWr~`{PsI&jHI2g`C?@Pwg?HaVP2@QknmeK0pdURp=1oGv
zqmqesQ+9av-e^l7K@jnrcH#)$Ij+Zqhr66pPywQ?DeKx**C?%K$L*-=ztxXi%?E=N
z*GL(*&qN=}78v~YyQC8nOGV$>@e_TIT0&D+1o%O&<|tE{DKPndS1{K~m07!3zwYUm
zh8}^BK0I1PkUiiYZ&V(pJ@W}C;>$)jWy7<girKF@$tf0BcKR>|*EDr8y+!Bcg~KOK
ze_+WA8B46Yo+ez7Ho398H1U|rSk=v0PY32ST*4OQ!(`8Dw9P#Apup<oAPZGWy?!@t
zW^?}Sa6cpSkxNr?{o;#&V{h!_5={%*-xs``D`Pv@r<hRfZ+gL?w?I0eE)UoYK(A;h
zT8U{mCCudB_y+~yzLV*TP%=)Jdt-6~{ivDkSw^HM?Zuh&I5iHOMDQVirgnGcAR5CQ
zYq<MnMT9t2RnhSo00g>|*fN_o!s8~S6g`_}90u<K+3kvXiMMzSnRy3|`7iYp6?0*b
zs|BVyV3`MFLmQT9`VyN7q(Vs<r#eK9bf}=XR{R7K!6?9Vzp-h?l<%UVLxQqK15zD{
z^fV&>)+oWmw)h~cm|u@4uNjKfXGu0KFl6ylgegT4g<QKxz&upNe4HpWilEz2Z$K`P
zT?8pFRnq!IF7woj*iOO;6-%AYu?#fUdK@pfi-(hx9O7P14EZ%A1Ut-GS=r@-;9^ZE
zd^k+UCp7Qu0NX-cSoOl~oJ|L!99&O?%d}7&7h{B)6+sh?jDqk8iF#~qNOtLd4>1qL
zE~6t;@L;p2#IB-XRU{L)P_yhYf2p_gb;U<>mxvH<&a*dpJ3Bxeiw<UueC5}@mvY@A
z%<3knB%~wsZ9(&teSfXnEDt>df(?sud%vE;J-Dkp8-<63GTRY6(rDa!7Xa2pSX+jA
z`98U*%B!1f;xb^$7U}tLb05|1V+|fT9=X)BX<N`x&0%6ZT5Ozs`SAhzD)x_wecEAN
zBxd&|<vCi6TC#QIALsq)Pd7%mqVy+P|CsWBtO&0@QEE14fh$G+SVLI8tq4|PG)Kc%
z?19c2_;0IC;~%O-L-k!xVg$c+B`QdcV}TdIARwb)plr6#(Xa~7eeKQ8ofa`~N5|Ac
zd7(;4wiI&!z$@?a;G>Z0*W(^T-f7b1_sU!Slq^wv`q4IeDk9Pl3H?f}3#{<7;6@1E
z<CR7sRU7J2Q<;;}OS3|K4Ua`fOldC>`$-3^?QDfF5VbOT$;$i%CpIz+l}iq-DIC7H
zbwX4_-CEKn@ujYKBB#IJOTF>f3awB4uS(d<^?S2-1&z=jpGGQ0-{;M&0I6RTXH0Fi
zvY0~`D1pJZ2~2{u1~V%Q9<2)Io;g*`ca87DDooQM`r+0Jz%^Y>Fkd!|T^WDB-;~VZ
z=6}Tj`$Y8GB=o^xSqse5#LdS;#@X8GS^1T!4^T^JV)L~EjIS14Fw)KLqtDe18IXe~
z0fP^Bu3dN>H&=M1<!hC4+eVaAg-Jf0ZrwtRV8pbx7zrV93$dH3rZ@@S6X@d#MpnwP
zZBdEPwSt3A^#T2>hi~+q={VxwkgCe;=%U(rmrV<ASCt~5LA1|ZE%y`aG3!=45-YAT
ze(MQ9P~fGB-EXBsmhsu)Zd&a+{->?~5N~Wyb5-B`cB?;1j!lG@ceh7mb8!S=_woap
z?hiQ%|6wW=?n)nLnoRqTXvPnWcfPCIB&!Dq-iK>9)q!$=R$^DueO?6g9s+z10r|P_
z9R0mL-uB;`n<@t@+=*?~-7*`{%?_CX&k@KYid|s*ESlRH5qG;&*qEHapE<*lZvF@(
zCk88<R@L*1$m!9+_yifxjHBX87gc4db$R`#i;U2d4$c=88>D-Hn!-2pmJE~~AiuQ<
z<E8Cy^zb(i73N16FmDM&t6Wr<(V3gVlpAbhn)C}|mGse2UqKn!4yQ8B*JGvqd}%t`
zF@~Io=$g-S^wzUi?#-}h6+F8|--ls3iX$PQk;9%@CclLZShuwC(xAq!V6p}{O&-T<
z`{WdtW#c|smNyv9v%zMG4ZNBkdw9#efIud0m%vL4MiP-FZ6`h|LED#6&wAxJ+%NBS
z^5h^!Iqa6lFGC0&#o`dtE2(Zd2)nc>%V)4hDGwR8>h)xRbj9k?i$^hbiCpZ)Y2%xr
zGy*i@{xa@mx379LhP;qN&(0wU^1dz(l2tl>7M$iKXOV-RZy>{8-d0_=Fc#!9N{rAT
z8KdUrFuEBQu)ebJ?uM7s;#Y82JWYFhyY7Syc@&41FkNRFY)5~!s&mrEEa)geG^vXo
zhBIUdFAGUt#L&`XEhQPzy<K253X9KwMRlW>AR0Dy<#N5C*i9p6;a1&-N^YCH+GDw@
zOFtAYFIm`Usb%A?Nta2Rv+4dncp7Fo|3=wFo%)6*$xeDe$UDR{9)%H&ZU4X%$w>m2
zwCG!{uh`^$lweD`g4Wui;k43YTUQ-9lEZLbeL?fUG7%sLzxE?UIr;qB`iaTylo1`Z
z2i0g4GCv0qZ3T{aOlDd$y#m)$+EK&S+IpF@=yZM6d-QgGJA78pCz;?0-(36D<CcW6
z!0n2gCL(k`dF-ECbpfhQKk#Om8s?4Z$S90KWhzt-jZu})cqTtaYfC@>v@G!zlm<V^
zt&=gd<a&g(Ce!{F%$=$brCHLRzg|2M_kiS0m6=xoR5k8!O<B~Ys~#l}jf!n<R<B4&
zho76;@_qla&D|e3DFFy0OULvDmRg0kq>s8@y;om&m4{@l=6!204SRWRBxBfV3?(~v
z{>OXfROJ`2N~yu}J)rX;fO3imo=6-UEkjpvNvb$v9dsXiwXZqgv<8_c7WYD4*p)C{
z4WsxB84N`3JqgMQeddl@KE7}xuTY}dZqgwI&o|IlrD^uE3RO7C_p=Kz6C^a{q3(t@
zm{|1UpDBCT+)Mb|_<xS&c}(7?CC^(=7I%Jdu&J@k3l}$gyXb?H_JOi96(X*Bda!-j
zes8(1H$scT+#1%K|HO9LKL%KT(&Z<&e=y+Ow+2IFtc*1qF)J5Yf3QP7VPRY>Dx^_K
z6}cg_+{8xK$ZK}U$xC|gXtb}9bucE6ev!5HKyk~?J|nKGFoH|G8H?v-V@r2y`2yhh
zu0hlyqa*9`Bl7b+UU6wECA$m#hE_#N7rQHI;Rw($q|hN@4S}VEqL5lBrosk!?dR}b
z{}exjTepTHlYdL{p9=K*y-h13uoikNhxK9?r}$LAXMR%16uPpvGgFyYrbqME3y;U}
z&6fzSQ%y@+(+~bhC$#@T@%|m-e^Pe0x!2B9CR!lIv!H)9eqYyHal<dtv}gx9u+-Ji
z-^pi2u<U9=<%Fo8xilBJ6~=ZA!0>}7fFsH#G6%W4)BD!9kJWMx?yoqM#u!+<2=r#J
z^^21%@Bb2E{zEQ68?v^%Vx>&VoqrVN>xnrrnbeMJGX6hwTJFaTbNjCItm^Td5+yww
zR%HrKGwGu&+_ik3hkzqesUzn{9k4IVe<;AIZ)lQ7|CzmXe+=*6_Iq7!P|}+mAmu_}
zulYfM#)e-6*>%onV5vR47^K!;?z-EI<O=ebMc5kqYg=ISM0E`SlKD>na+l=RIum9d
z-0+!A7y9%X6Oc0EVBz>9Qd4WnQJRaXp;9xXtVYhYZ7{$|Y}QdZ^JJ@4^QjLWt|hy-
z)!j>b6ihwi7yaN^>c=*)?i*vi?u2vko-l2X@gyc%JZ}>M$<hW9%WM`+j-b;EY_~^@
zJS-c|8q2Y0YXsML6v&L*6sRbd?qeMzl!g};H1$)xoGyXI+8kYS>Iw8?JI_-siQ;L?
zB^sf2gj@S8cz*w!uUcDkyjkvQMCxFq;nl4%7_lEF(-I!O1QmQ430gc5sB#?m*s(1r
zNz;<ShZ@KDM#AH(W1%}BFe)(4<>?z$K3ZTaomnxTOsVtSoMmnoUN4hS-Fs5-W7+;o
zt6)ZAVWgY3+_6i0`#ELl!Q)`vcmuD2<W2>)Ohk;Rw}8<Egbj)Goh^I+Y-l6fdN3}!
z6Jj!7%`%*^c|r$NM(tIwPWzr;(CuR-b~g=y>7sMRyTHPADBWmYEm(SYI|j+I!p6qN
zPN1b*Nf%kr5)Qos;QTg4k6bG2A~N7iLPpQ2@^7jZ&GU;(z&%}6wOW#+Kj;R3HcaJM
z03WoB7{o=XJ6UJ!f}0AyjJv&ee{r?AUGK5}CeVEuRmmaNR09m`>R8ua)Ld_~b>zDE
z=1BAp6Y?WF%2To<qr_?`&CL=2wR1u|1`Lbnf1YRBzGJl>h2XZWp$NWnUI3VCHIw3O
zEHC`3PXXK^sU?yjDLJRtuQHcf^OX+AV*rT#JKFD0$E{;GO^{_CBgR)+Sa-Nfxeozd
zHgWN)q!tz1#q~Es1&07+aYOncKv{fY(^v0|7{Kbuzrq7JrpKOHs+nd1geP&7f_ur=
z-;)rFOpk^GFKSMFS#|1a-c~id)HE+}VLCC8(?(Lj39fzrk>}-debVMbr5G<?=5cqZ
z|2=(6CTkJE**^~l)+j;FZS#yf8Ou4owfCMC9Kievf{QLSRqJ}bv*-I^hIy>ygo^N#
ziz{t_tN54~#!sdk0%F7m%RcdMP5O02^Z5~(J_h&S=MK8kG?NvWkIr@1lT3}0Oqr$6
zL*+wJsL>Zz#tIEE59^An{rSx-O7SB$mE}Bdv_11NYKArevT?MK9`>sT*LUWb5D2c9
zFO#$KE;%$I@j3Y(`Fa5oH{W+42hUzg=4|mWsWfphL8uR<1W*TmSo^(4Jy){B(|1HJ
zca&>msk#Ht;cfb?hV;-K!~lX5#1hokm*^ksf9$NOiMBI7vC^99sSh$;Uoe&9nn!Cq
z4SLFwHA`0s8t{@`ytw?*5X%tMz0g}3m_z#QSx3=;B+4n&C5qc%F4M{4Yb1=&<})6D
zVhQOijzQ<Qo)`%9XN?_jYbkiGJA^I>edXG2Y%UV#$D`kpJ++qPmFBddobz^S)z5m7
z<B1(DQ7m|92jp2_OEaRn3Rq*i83ufJ<OW5~w-}~;f)`pZW7=WKRZbpiCl!h4#`<jr
zYE^bihm<fVTGDG#$pgVAh|YV7R_tJ$6x^=MocA<y-g7xa@DDC`cV0@_WbM><O+H}h
zaCl1I+}vL!KWyTc0wWWyH3)&O_?S9KwLpoCLE6XK4gnihVPJ=t5v5xmL>UDMOq9v>
zX3n%(2|4SaoDS>~56_^Un*mfu_Kav&YDn#%@jR{EJ$-=4oxdyOqav;HfK?W!Q9u2>
znGQ>>FH2sj`|{~qMycKZ)l5<`(tY#Cxc`ok@<iQo2q3kXAJaYrm@x61_n7~-8(X5*
zvQBnO{1AY8Hc`7-VHg0at4>=Ed1&+G?5BT1@JGR@=?=LsEFfdc?D@f!9@(js>96)}
zFn`t${id=f-9xP0J%UTx?qN$f;zRJsS+`_hrkT!6pOC6=)2=$<rQ~_|*rdAwr|<kg
zPSy3@H$D2ICTV4#n!0?ueWQ%4{<}|_l^<edhLZU#mi=n2reS`s@g~4~?hfDxL;E9V
z{G)(Fz?<d;6IQ7?fe(Sx<(mOvOAsH;;Z9?(;YzM!8WyP`t)C<h9yv)Kygmf<$x#JN
zpXdpgJHKy@IMw$1v|8~R%^@I#N%IhpC%+zfXJq?*>B!FWLx7>p)1(vb7@@yP41TQ{
zZ^!V;_J7dW@Cd1sd#`x0_-sz&a~r8CZJ(+K(qwhVN~<tyj!@|=Enm`tqQO8vUdbhA
z!X}uQXZJ?2OQYc!Sol`0^qY?R$tn|?MLxqld1YUHL;2vE#V3s&TRH-Rp$@3oEcaKv
zMT_Vt_PE{X+Y-*`18Ou|N`=Q@xth<UnfkeYY#1KWt@ogpz=`Or6_7oj^rfNp-9DFe
z4qSVg*`daWwYlfoR?CM&Kw{=iRL2%6ep2cL*m+pf4Q(mO%x3E>vN&RsLi>J?`+b7*
zWc-avkV#?#+QRlM(U!)wXh*Zi@!4|x0_<2zF?EgLtXG4RC-v-hSz|}9raE)9Jp5(2
zGu90ouBg~wM0+~Q%nf#+?Q`=GaKh04!|8{q)NO5~99#EW4Tc(eu_if*b!@1uCsfck
zzbc)QM1Y}P{yewhxZB`%SWqz|))ns>ce=7xHw`ZjTHFjatotZUJ_NME%LCVqGBc&Z
zWj<6+d9ED<j6zk6Oh5g*X)sS}vAlASbB1yqs=AJ_la0`aoSTpR_+lqffON2VCSWd+
zP!!Am=}63lU#a;MrkIKRQiU{&OL2)qI2=Ll`uiaxvat&}@UrIQ7g%@~YWuWdUDbM3
z0sSFB;Y;<&J)s=0cB#&>p2Vp=`4?FH<8!mLeXjs&KM`IHxw>Q9x_0A-V+5}4aKRP*
zV|<p){~~)s(tJwl3041}M@Zi>=*pJL$K>4o8ux-?Ka?Np!QDO`XeFI&&}ZHI$PlPy
z-k45u+DVu4quS7%3LR-nU(DX&Ywp~ZTllcYV7+^mGf2-QT_UOkFZXnzFS<~!@wc?I
z_u83@RNbEzhA$$6fmkJvyl*LsVpkPx{AUsyx2xsnQ+ewfIkl0@>;nC<L+iO?F|2BE
z#WZnn7wzm?l(`a3(k{}Hb!zPpfDL%$q+%nx=0j5axak>V>b$mNU-&^nqk;M>U1-FT
zo`k2>o3;hDX@#I{#8-DGB05B}fKUq4Q*6Ew&5*X(C~b>l5_7GduPD$Y44Y5O5U2c1
zOB~Y$2N%npQ`bJE)s&n2fEb^3O>J)D_=GEbT~U0QeIReb$2v&{jP9$%DvsZMw&Lg*
zccE{QjO)uT9}@7`)ffa)@i>8S(MtSLJ^4DtW>fbKrleIlU~(L$y~?@JpyY=-qe)ua
z{*y<}DS(q2W(u#ghA$C`+oX05e&sA$6>UZlF=ZSRHFpkn*bQCyJlSm4yy5CjIIg`!
z<N3wGjeh%CY(jn+s<bo#BMt;&pQ)Nv*K1^;DmBe{aln_Gb<GCJP3U|@j|J#-%PtV}
zeonL%7^JR*AV(W5ihHUrpW5N>(KaD^4G;40THUv?;EQ{hXD}5GPX3aEzgo2z8neDB
z7bELGaxD|CScXR=TMJAL5RF1YeY$#k<d%Y=Kpk<5BCh+TZk6<rU9+t(Y=;n5Z%y3J
zERlH%6Zpcdi#_!r<VD$C`x#!T9jHq4rL%q-_b14Z-uxauAE{x24rN5bff#6~pkZJO
zf)HtmE!Gx58kZK-bc<VCx%eP6!4V8Tu~BWlA^lQU`$XYwmgFI?!d*=SO^lAy#b#)x
z6Ij!_CfW!Z&o_8x5*reqk=lX-8(^boePoP6P`M8;7LzwDpPKOSJ@PBGi0jfDoD-0h
z8@c|psz^dbQ?a2&f_LfObPWdqI7I3Kn@zFFG%AIzKq5YBY8xhec4~^}6|1mvj}xOE
z!mu7!=Z#~1kXL9x78Td$oq37p3Pom0RCimRR<Bh4&7F{-RAp&+ysTA;<$W)N7;=k6
z#RE=_1~+O9Wcw+vIXm=h&RD1{Nm)X2?N`hmY}lc$KP$JE$`(|WYmw1&P2yQxs(^KO
zx9T0m41(rBR$+lNk<)7qRUA`mZe{!n>M>55)?I=mmuHjK1reW#d_ZLdMWT#4CQcu#
zW~<l$a=AY(7vPTo+3ZG(S$Ht>9SD@n?i}^u=6!5a-7}$MiXD`z+k~oTz77dOA}-%$
zc5ha}NKMW3>n&9R=k}+C9KH?ZOxa+95$x?fa;)LZT;3Qu-XJ?06P}-jc$_vf83ck>
zRxLzDLYFGr3FtgDg7*+`%&aqR!JN9@X{#U<8qYW|%Mot~g)X}n=AjS}ysAx<QGxUB
zgwIe_frE}Il8x(SdOtF#ZNE!6a@9MaU(PZ55sn^h)^C=TNSprabk<375vmS%9CySq
z@epPAfp=wZf`}qe>39<Xf@@Q+3dc}KVXlw0N{Ny~jPkNnyOM$*xJPTyA;iW*tohR5
zJ_|B3Kb0<8{qgh)V>7z4(cyis;MBf|cT+oE$%st+*`N<`gR^e@W}A0CaS+jzZ0u{4
z)fX)?STcznXf#0p%3SGDy5%FEU#bs}LAq8t?lmYF(m-yJZ?*hBG=kDLWkq}J)~{#q
z0T{0RTw#CB`FLw6YkeVQtq<5=x|EJK%(fPSw^$@l3RL!&X#G*)rmBI6fAYwFpg77C
z)kWm$6sE?vMH}(XIlub6*zOTt;c}01diB_=Y-VEbo6`c1e+g^57hS>>Uxv@6_&}k?
z7^mGg$mX{-=UnmP^4Ix<!;6yuC+`2G%lk(#{5?{*tA7ZPs_CmA_~HG;MQMZ*xP4E=
z7GF&mAO|E)0nVHL+4K(-NA9ouy5wsTS{1gXtymch0#+~C0Hp%11~`?^`A)8#ACyE0
z1&9Qc#jj3mm-wajIi9z{!5?3ikzF0TY|k05ZgP$ixn5Gkx?$kpZ;AULa94Cwra``i
z=MeB<^dD?EZ@tQQ3qbh80)*{cS?C;ErdYijx%+o#%uD29Z!Pzb>FcL&N{mtuw21yv
zbTY%gZNKAd<Vr|DFUPxwCq(`~8q?nm%e?(79p1n6b5G;M1<M<qzo5JNYt@(|ztjH@
zI=&ay>UGr7!EV<&k670AdDiIE^=F8#u&y4F5$CK331p?sl)Ik-nYVfegCMiurz&Y_
zM9xByh_X5hRCpMyHS%12{#H%9tGbquJ+fE_0ue!ww3V3M-{js5&18eJGZE3%!L#Tj
zv$MwZnH9$9ysxb$bSkcyFph`_iAqep3Na)Y%|w-u>*II`7^hw?$%rM7h{@CI>?1`J
zT;tKGQM?5=WXO-EUYZ9J(j&@v2$<Ne)qipl<h%4!nSRZI38QX_Tl7Lbj}8F`>SFoG
zrAl=|fZp-v2b-rUu0A%at{uSe`qvhJ!bkoK7v@sa%p#p_VxXywssIo!dH<2eRF(3O
zWQJmlm#i$w-OXQDUlE=KxcKA;#*@hJF8=ZJexj2*mw+y-$%~GfFTd~ie2c69h=<j$
z&-#V;Z%6zFSnvJW@;ib{kpkx@W?%VQKcqN(I*A~%$=|)6gs;;ZB>&tF^E>-7UdYW=
z?p=HTkd?nVopICL@)MgS=f7AdEZmG|=w5IK?XZ6yWpG)9$k}f-0VL4Bb}14mq_si0
zN!0)xu~p!ys<HFGnYpWIlRr5-Op@QKt6G?`mh@~t-*73wE^N}oW_40NY7KHBfVy+e
zcLZ~X3S9&LG4j7<)GZ14Ng;QN_j&ga;1dX$i?=s4-o@%&S)Ti?EPZ!KkQHqS(YrBk
z_?n9A+TU9Kd^nY(Vrch5ww{MixYEG^?XB><0!KL<ucGEpZv8yXl&QCJu_VxQ-qT3<
z;Kiu-`7LveRRk>kW3F)fR={~v_b)8n>;>2U+DZAJ@5lWl<a?gwWf#D$@qC=`{DDPS
zUC!KO#$Kw(`LKNX?GRDwl-fx7GSd2Ox1Ey<$?aEaljKS2Ymk`q6`#QuTOzF+^y+5|
zrKAo4+|`Kz&-rT~{{E&T!4jF<#d`8oYXG!zUc2GW5gh234v)lod3%<19^Az4N;7DZ
zR~5bnvJ%<FZU2?1Y<b5e(|PtHkrmIk^aJ#!_Kg56;MKfeu>A?@>tp9*Yqa+@E>of*
zpTK^~rJ?-%>bE(ftaHCr^zScSDI^GE9J!?X>;TPwHu@Vtk&234vTQx?yojnD28CC6
zUM^0Q7_Fw}NNygTB4x&`L>Kc!^%-5K*bcQeXCvZV+N;k?0?q~HOLd`KD_c?xGrfDi
z=Ql{SSp8+Vj?8@DG<y0yNIq`7H??a_XTcNYowfX=TmQ$Vscw_Exh4GXM>pSTJI?+$
zLm;mxrMR$sorrBJq?h26!}DcZYvPe7O}KnP^B*AZA58d+TMm(p&qM*~tI=uadRV(x
z3`mn^mhK;z6aqzjOpBjQ?UWDC>r(zyq7G)V4BtC}VZR(cx7H=5YGDfTa-ZIF`kYcC
zMEPqbSGl;N-V6O9Ti+`A!AANDp{H9Ciz)au9Z<h0?X89O9AN@oWs%q4B;SN>{%Ra?
zy0}f|R8_mSxQARMsQ|32C)E+SdRL<<ZHg}nT>udV19h%wiYu-K>+H4)i;;4;-K9=I
zK#*7nScc1X3_ug|`4_RA&1~(dE(`b?=sEbQ#d#UQ8g}ELivc6`FH}eh!ti!md%_P`
z&stZqlP)>;2{2cfdgm8pKf$BLZ#+%1S8L}!4<P&zyN7_GK!m=*hzpOvYni?euFC!)
ztz(CPeR@I}gL3n~pT_5aBL!r;#vRtc8TnB^(GL5LfXgY3lB0Wa@Sb;`_x~H}^dFtZ
z%)GbD;Zw^EU#cN9$)3tfvz@Mc>$VKFqeD{_EF%E{BQjaKBo#Xwf*arOQXC~@uEzW~
zy@LeuM@|`DXLTAi?x!~HF-4GFK0ga?)Iaak{_hvlQ&nX>FO15P?iMqA_4(NH6{6KL
zIA^aP)z#HgJ=f5(#qxky$)>_4zVhK%R70W5ttl>a^z-LF1399ld<XKeR)d`6wSoOQ
zzLd)<kKA;mi&-W@+}+>YMyAeIlRjut%gJ1gRB{v0D29dxc>2I!24jp$t5&)Pou=tJ
zp&Jl~pzVPA{8e%u>hic#Dy~a;ExbGbfqwoQaV!knMY%@bf><g7122->%YyCR&kFZx
zmbC8AEk_rdog+Y<*m_}6dig8DooUEhMtKcY<tb#aCM^WiA9tSH*Sex$^EjF)VGW5O
z7r+Md3Svy`yU&PoV9>=$OlS0!oWqrGqilT`$$gcKSfwP>o5q||)1hX95X2z#>uo=K
zt7$fu3$ylpC-GLwY`jaArbFy>KJRlMPEHSv@OhOkfy!$POw#kOEEv5ve-PCg+w}la
z)YC_rHCF;Ul-pOfc!wm;*+67KW{f<WVqpI{JIswxXOb8qG9=`Kr*E)g3oge=R$b&i
z?k!`FU9^2C2RQ_>G)s)o+r_Q;HhkTwk{#&lf-#8;;71gk3XvHVJ&nLAMsYLNU{8_a
zqV{1oK2-YAY7BmV3d!b;9Jt&$_EuuO+f(I!TgIR<8yw`o1Z7Tr!{!W)-J4z}A?7={
z(2Fur=`i1<(j`BMa2&IXEd=fBN0M)LW1L+COO_Y6t5cC^fU;2{URSqsg7XTd5fc`?
z)iV)84nxVg-0Y;`j-s&T3w6%)lkdB1X~G@*Z3xE6$JJ`&)|B;bqi`!ow#K(xsI-Rs
z@L@N*#gVd}GI>v;M3<A-afwgZTjcn&9;4P3?uuU|u$Y%=se8jQ@A>T+i+LCeofirq
zT;ow-u>4@9%)@i7#<343ugt?`Y;e76njF3PS?(Jf9PTT8eaBIzY?>c!<tm9-2cv@p
z+o2IICz&XynZ67^>Ybp^eG|4r!11(aHEAQ-Vg!kJ1!MkhyhJ86zA7*mW=8J+2o}58
zfNrP`hY>^ho;xK{*HAmea|hrcTJimlz`aq8GE4^BiT%7B=#YWFG;41hSkmxqhbx+3
z&Uun+&yB1TJ$#L*uU~mWqXp_!h&8rl0t!gqkJ77BQw%A3IcP?9utfPp>3OvjKy$nM
zn-i=z9IVqio$@PsbPe;x<4<J-89heEOUJq4Z55lMC7M3QTZgkdu-nS6DLXG^8g5E9
zCu>bN)VgfZFgu~2pKNx>`y2voEda}j%S+n7w$><}HI}~ZQTe6%i`rBcO}vsNxTRiU
z&-CpWSjfnSt8JwUr_qnD0v;19`jm;8&T>aVI7}w>XxReUhGALyF6;w+?88;T%T;b(
zby$#om8l^3mGKQ8{<W?BmiTCNs-aK$J#>C9#{E_G3<9qNc{gKa<~m!AoJqIepa~Hn
zt7=-cE^nyq`t6JcWZ@rls^K0qn{2ayk8-@Z%^5h$myDkwG`%FKuoEMd{n}S-dMYR1
zEb8`L{vb>)oJ^ePzP)_>XsZe|%dNQ+tkGo9r^LQl#mWv>azk^~AU3W-oW|*mB<`MQ
zft_Aa1`+i7#%Vv^DQCRgBf`TS4=FIxtqiyNA|+KhJPj*QW=}<Pm)soa?kr-mY5Zam
zZ3HUSwpWAh%#|7ieNZ(#+u_|bFcc~{;Y<eGge;0L5VT_|WevK+W8UM=)}4)77Y73?
zWnsqM<0iy-CFZYcAG3}0i`t%@$d#mG9=1n+bijdsXxG~0ams|nR`d(7yBa{51UNyL
zo2}x#1q0PXDqBj#4VDN!_lMC4Q8>`Er%<PC$eX0<{C3Jf`R;RFj5A$-xB23$X3^hr
zGRM67+SS1vGF7Ry)%mSxKIW*(E832Ghz+o;Gty`2w6mM@Bbt1uVwAhB3Wwd|uq*Ag
z#r^=FfO4OAesTce<TyIJRZ8?C&`Mx3q|2`A@4=ZK*AzNCW7J}25g}0~PPi;lG`BRn
z<Wu#7`NzxMItH9ZXbM^jBr50A6+E&_Z;z;Z7qzX&XJg&Z8I_q_ekSHEyd$9&FYiU0
zT(x9r>MCFj9AUwYp!nCzI$i~r6bQhj-|L-Qg-=a}2OOWB<%Ocq9=y5sOfeSDdG#1!
z#A4Yr0Vf`5A<&0Llg09L9avat>hMu^R>5sP!~>6{CI1zv4hSy71={t(vP$NC{w*#Z
zMkQ!bPgz8~oH1G$H7`z!LeJsF^LqOgDM@o%4%|Kvoa9h-X-ez-XMhj2#&&D4Niu!5
za`nP+(+zrbBOgQwg3LjYW_dFLo%JafAf@Ma;Hh!4qPRF-j$zY!HyqHjN(Ts0G&l8w
z!QIC8G`a&`7K|7+Tz$I}X}Von3#M${^5MGb#FWG}{08Qi6F$k?Toy3-tTu(Wu)SSS
zL{?uvZz~@<WIhHJTBE;zf1@MdN=0pbuldZ)SE&*sB68<W24rJ;t^wNrmCt+Rzj2cJ
z2)pk*uPpy*Plyt%oS997X~DKir=)7nkIrM$sPO;M`0gl=Q+}yDv=Ugu>}(+TYP`=7
z?Ls{~hD}|U<OoW-QuhWgHH_Lv)l~A`0{J=5w~vI6dKY#{EQOPM(#E&vIz$6LRJK2o
zsW~_V)F`fVlK+Z4zdLRxbpBP~Mo6iaA=w@R=plZoXLFXeGq&m?7im*4VZ*+;E4M?&
z&W{@IYbUSU0pO61*FQbLU-Gltt)X8<RS($8{cP#ISLftBr@HsSlII15>f5=uLdfeW
z59d4c)<=@n*Flph?yKQf^L?$?ga&OBm%P^loP>JiQVxV%1A_BvKRvw8PLkR)qxg<=
zIsvci?!nLaHm%(bsO=`qz5>|v{?h56;D6_|Es4b%$-H_YE5Bi~0E?PEcW$h2j^w{^
zqu530d5Uwmc9UA0rDM*WzfSD`x5p8uvdbbqwWB8>r`%L+@tTo_4^btUst`2~&`>;M
ztoG5iS#FEM4gH<^{19UYf%8PHlFJLG_%m6z*5jecb>$V9TtCg`>p4na@&zM2(E(5w
ztfkDun{iM6I#K^V{ubF^M3-y~W}&m6w{gTqq!q_QvToKG0-0ohI{6lSY1OIWP+s%~
z8!w{uUv8|#xh8kU9;kGg+}q=mN3Hq?9n6GL?Z}soAoh~?pX_(hpIi&DuNB{x+&$WU
zQm>A3oxp6fgBX{v^zxm2=C0;;VRP-kc{1&j0F{m8Rr8pDH~gP&VgmZ#_U6~RD<9cs
zCAzfxYaYDw{{`z)o2P-s2h~&A*1O1?=VuOj{2f+YHmEige`D?1&)Msr7+E+Yc9wT!
zeOa7O=vUONcy_=+<f7zME!QF7H^bKtDSL&5UMM5=7P_NBkh<Ly-Gnwb95`9H*@Ud)
zOC3uclC~rGbT8v3mv{vHxji&m(o1YGLJb{^&V_QGwAc``*qBA`s0GHK0J`jKBI1y4
zzrTy;)`+LcUcxmIlm;WztI_j0!SA4`0X&*3c(5?%#p<slA4mLX_<zC;K4%?f4D=>B
zdf06--pK87VVU)_B8I4ie)eZU-X3bh-rSv>{5tQjHhIx<B-E@YZ{EhN1v^eI?xBxu
zJ?FcP=L&kJmMBy%DlaRj4C>L#FCw8_tQ6c1X~06E1cDr=CUdx(B?uzcrkKN(0)K;5
zZFRXaX<8&+ru)z{pK^R?_tqHgFdi+Q_SCq8Pu>Tus5lIE6OveSDDBsraERlR`8oFo
zO|Y)~#wREC9U9&Yd6TVhx>gcvK@rcAUft`MC8EXig3&wB8bl#9vG3<1BIU_!kvB@s
zhH8LWjtgb@x8`s^6?{m-Q1-Pl7N)=Ygzjl79XvmM`s!fk*yfcjMCksBi*zXCDV2=X
z#e?`ljVDwRum4;r{sK-?FZV5#TJE2(TVwrFlQb<hEg!07nf&G8Dt`8}OxAzn3e11>
z@bVmx)fm6(IsVuTv!+><>FGXQao}ANHu7Z&X7c~qx$dYYvu%%cMn`ZE5epHesX%Zj
z0RbZ_O}ZFDXwgv+Av6h1siTNe1f)YEpg{sD1cA_-igXA<2qm<k6GDg3#TQ2%neM%F
z=dSnGdVig7C12TRm$T2=`?ojOR9V>+8}VSDOqO9ghFAO%CX<mCt;PtuvC003glKt@
z`zbsxvK2Mk32&oIGkIE~h@Z2nA7*?&<9AKo2suAxpR{%rzThH_E*gF?uv3|=jwH$4
zo=vJ=5f4!Izri}=NPDu0c17`r&#e3TN@nEu*7vT{`DHw^N&VvPtxgXz&Lp?_*q@|9
zVw|WHS&z(_*f(X@6D<muw72B4iwn+6B^B$Un0FlK?%fNs+aS#r;GEE#WwsO3hOrlA
z^u?dQ`T2sKgZRrh(x0O=0+<&*;J@C#bhp}vi0sY}S!l7|5qWw$n)^e};eF8Rr(jcz
zO7rTWj5+=no0z!Iq`be{da2XI+J_w%@H*A?9DcNlm~Gg@TT%g68gtO(ls@Ty)y264
zvI_A=8r@7=>25=p9eTyOg0b&DRFn#?nxj3oddKm=8TF&P_gglgJ#b9B@H1&2KJ<@7
zaSqJI^7UIquBkb!P`+c0w0KN4q^#h5?$5?_xIuCn9%}?&rP7o0%Ux1395q`sw{lr(
zv0Yjff2i8T_@rUY0hkD9NvD`y+}eD;PGc<rOI87a$8u(xOOE3aMkdkL5H~RWh7>Po
zaxg@8G8&RNlX@4~RV0a>)OSE&PXtsMEl;^+WcNr-U)egX>n7dVq~>f+;R&r5a*=n~
zu#bC8)T0?(t01;2=2b3Fw61t)!VlszukhO=2vBw)%)o{A?O4L*fLC#WPUvi2bG(Ju
z4_ick0iyUQtp6?8wnrc7`8cQn$!_=UVS@Q85!&EpJC8a}-2`~oB}f)_@Oca7*1j8>
zO1!>Vd95OrU#Mly2Re7$BmNrU_s?wpHodGa?4=r)!A?1ZFf=`0QWzyKrlCrYdrFGB
zU^^JT@?KNi{I#Ktkmw&F=15Ioj$v$JeER&uHtolCc0`LO?#1m%65XZyzYWw8d9nHT
zOr6c8KeyyB*#Z7tywygDZTd@ST;Z3BRL~<L`iGx^U>`oR<@oIHEX)YX<%9`#f%`-8
zQp$aZyVskws~QUd6lkU68OXALn$uU)#P!sM6*7k+VdQtY7+?j>^{^}3oRU8fmQREB
zh{Zb+Y-6?U8ggj`RJ?~)XkeB~XJ7n|+XB@d1FaHfgsw)_85%&D;xKiySh%Zom@QBZ
zsU_uxp0?+KI>H=(B&#pT{GNjO<hdpbjQa4gQEC43jS8s>Yo^Zpy$_~YZTg$K|28=8
z7sA?`+iEJnM)&q|$xHBEaAHc(<oz9;V0tU)2o;^+K4Uoll;L_yuX*(2zl#2{g*EwK
z64nDNStF0fy_?hWE%ozSFPRf8pCsEk80J^!uG~K(f^-8NI+S$M5u5o`>S%n3Hwvxv
z!g_K)lfXnUndo!I5d}DhaI%cTtT-gIdbDX~Va2?EKP~gS_}`o#K5&YEEp&>u=E3mk
zTV4;rBxay`yGImq#q-?Ba1d43<w~{7*9%Q$d<7b>X=S6QD{-&l<Lq*Dph(mW%X+D9
zci`!~BV_|7UY^1j?DeP7(sJPi57TO+(gF`Y?sxH>^Ol`o)m45DPj8t>-R5)EBt-2R
zO37bs3qvr&w34|8<0u@w7g5M$IEX$N;Y7E12sB_;(i{$}lm(*7W_YWZvTMio-Esu>
z@#hj0)QqXzGFd{Gr2rS1Yu^1yTc?k0Gl&|L%eF;fq$qe-9UWGE`MDo<_vHWhQ3?JX
zaOJP`=f8pu|0gzS%K32-T9uN83e~}>L#Lw(?$?OprFUup@dLa({kpK;{-7D1MfyQB
zJ>67@m8#n1JA*E}Tbh+v>$4Qxm&XuO1o};2%5OC|obn%jX&IDt*Lr42(bRM)CQA#e
z$B2uLx>RFr5g}{)<i2T|d{;!Ss6ud=ibN5-;9(8B+1FkgPf%NB7BFtuMK)GP+2+*S
zg`kq`!Wc}aODaCd<&J@<aql4-e>edZ)&z5ff~b%e%t^{*yp_^b@<gP7wtr>(;z3&p
z`JI{w$$5v6&aBrBL*Y$15O0BlVv=JR5-Pfz5Q%NFp0@P|fQLJ6YY<rqq!!wqE8<h9
zLBQ*WP9XYS?IC+GHU}%BEj+`y;r!t6y!;#8Yw?q0w51NVmy>^qIvK+(){h02P=O^a
zQBCKo4_K#$lR@IofJTktC}NMH@sK(O2ozhiDT_!(Qpzk3$yQ|SHD1ssdvao!$cW?C
zX||It^DJKJ3#1Dj{EkS4No3||3qp*<B+o}Jw^*)9JS#JIGA+RlJnu>0i-SAm*0^Hr
zp#W*dGpcGvZ|E6D2{oK2N6GU7rFlU-+^RtCy2ledSx&-_FW2P6o|Gw#Dlo{7w%d6=
z#9%*8NY)SvA6~#%2dUte#o>6FPL?j~gt!EsSY3k`Xm+Tr=DJ>ZkkOg#9m|!Sj4q1z
zXbvZgK<`$-7Szrsh%H(VrgarY;<aHfL`}}-Xv3P;s(ASnDxA$1rHV+!BcRpckv@k-
zQycm%#1vZoNsZ0T+6jy?ZgwXFz72>qi`qp@G^&g!c<2u=9T7%^8LC3N4c$}d=iTfx
zceM%BX4WUk6q_&wRL+5+&59aY^AQUyFZ)ChPwv}fZ1l{cRuD>FeF@_4+R@XLRg%Hh
zi&G^LVF%J{oH}!$>!l|B>D^E7Ct78N3a7fb9?uB0fJw~EX)Tf>#3n;N5TDuKkgE)?
zUA1~(dx{*p>+-QiuV?nd(N;OHdtZ4&xL4nRPK(W}sx(SAxgFgW(HPN~>!qlqu5yta
z6YQ7K5~%Bxz^4|J2#s{R!R#okfVL13w-xQL9I2gxbu|xImZ*SAXKYg}mqltG;!+by
zI~d&L`KEKcnN3-TZLVW`V{d2HGen%-^}MN(mpg2qBNX>_jXTu9VK>(Sk{a@0`xM-T
zNTg|K=x_$H+n;;J{5UI`7u`HnMNvq(Ji#A*D7Kg99!890W7~u?9J(xb_%+sTLTjDx
z9Y>(2@H>wA%T?C54?G&L)d|mc@x1U{aeZuSVQx#TqASr92<pECm{_-E<JLvdrOPIR
zkI{45DQ=og9h`}ZX3^$)d4vdd2SnbB&*blUa^qWxA+(ufKHUj!XqqR<lanGQO)osS
zf5tk~1bIL@-$C0z+Pvcu`I`%LNx;$JW?5b3d(Nv}y;EL|bCuDaWTc^kyL1R?Tzg;D
z%1b%wxcqjln%1D0yAzr~-Ivpu0unCuCOiqArfDM}LVGZN^j_+*{2z_gO7iU5PLT&%
z^ehsi`AkP`gt`%kp`P$+l%QLN<F&mxzM|dOrmIo=Q|>tJ93s7#i1Y4P+&LBy?+_Dc
zzR;-N3Q<n93-iDvxAGz~!zQEUcMNyho3t#G>Pc~u2W+ct?V)YQ3Sv#LsTe<>yXv4>
z!-}oU&3F<M-cSUE_cTlxeBg3~N6~r%a4}dEe1&Yw32GB%BRwxRIHz7$YY0Hsj#<+>
zsiHx_1a62P)gM7ur`V>uf5U2Jw+K|W$tjm$xh|r{#EhR<x;kGfXttFulp{V;(kMx*
zP*c@#6hgIgmPNX~8Fw2yt#>z-hnNFTvol;QdPvphgr+ahALs?DY(Bq0sS=MSYSe9h
zjVoInF2b?GB1vy1qMdptShr~Q-Xx5;KPNBLe1=ME0JIjS3!+r-Pyz`63)ygDxS0^B
z3n?f@CUhsWSDd;?U`GQOe4U;FB2$gi(hV1JCz0K0Xq8twBRLUMbA>s<4ftoFwia%<
z!Vz}Il{MN8CH|+$Rg<7j^NJG;>8f0%t+PEi6F>*WP(3%i_U$n!48$$e({>w-d|p?e
zFd-oI3^ilirPtx=B8PgGV=UQrNKFXOuqB9z+!41y(c?^qX?aVA_Ps74&aL|}ll-ey
zqMT1y+5)-#kJ|0|?&}&e{b6P#R-gs|3Iodso85!jm8z!^N_fpLCMOZY3lnP5A8of}
zGD_zOzOQ{zfjg}*qx2RfdKq6kXpvBy9uh#nq82=QwxB#(tq^%UVy>0EI%hfLemcW#
z+<H6;pGfvOi3|%Q_`bRA@6}<S*-T}G1<%eljDdF#H+dV%?>^f5y5Y)F&;Sc{l_{S#
zuZ&h>UF<sjz?TQ)+b<s0YE!oqJ96-?$x`{KK+Z|2CMI<n_vFP_5U<%!PXAvoRr=L&
z?h8)%lk7?|z*97|n)K~pM57D(a8^0w2F!hL)Htp{0(3laTYR%##g*}NRzTvjl<$AN
z)BZ)!_vd&$DtkkeC(;&fR7owpyB~|Qzb;nJ-%NBW)$>NDJ2#PxFr)x{2omEqS{h!P
z-!M|^D>O<v>cgAVvRr1o$;8z!s;WS=zSK!lAoD9@1s%@_ySkA*eXHM&-JW6XS?=71
z+F3{B$AW9*uFnPDd>f$nveu$2((1~o*xl`ZXU<@B_F0QdK1aqa3U|a(M9LSAFuytx
zhSZJs>Ni)uwrgo6@H>+y#KMgaZG4-|z?kq$tGihnAL82hw#Klu$o~^0IGYoZU;-w`
zRi&+Y@ubxS!|v~gq$V}9Pd?UuFn+F;3vzf6Exr6Y-{-Z|<J#P+yB7O9#BZcbUao%>
zZ0UJEBYU|0zU(MI)$N>!^C2a%$CcDMS*9Q%S+!Z!4UHqA*$rP*O?-!r<BNxDa;;jL
zJk7|8tO;r+SWTZRDYADyl(T2KcBlh*XQ3f>d`!s<0Bv@XIgRr|Vk%Z!S9`7P!bjIz
zhUsr%nVmTLRoTw*C26)%1+f^OvDw0algI^2e*=+s98s7HgTa=aGS1vES2$U59;&|?
z?;^%nF;slVQER}BMvHc!*mZcp?7x~^FTZ}r(dX$Y%PIk_5fpM)&wO2(zAk>{r%Ab#
z)OAGg%5PMtjheRIzO?a9h}oJ^qjpzG{E?ri5Odfl_>CH|tJ6Da%fY;*^u*W#Pw8`i
z!QTUHO16U>XUxFwr{(t(Ik-R8K>G!+U5MWPT#w5`<27HsC+8?+BdNbI3M)3__S4EL
z?B?IkkLx`-=dl|}{e|*2<aJC-vANuoh(W~8MOJ6Hp%AI{e{2mmcvTT$cfX7OGmFvl
z@>Wg$4_L%APwU>`uH=41@BCral@0cJf9DV&=L}3v60&?)DNEb=20o+8X1H#Kpf;R(
zB)fU)?67dQA|@uDEa@t91WDj7Tok8>m6)O&;X%jSyRRiJpGaKNu<J>Fvu@8vQ@J?{
zSks}s;|L%rn_zh>g!8o@(gzEv<=f0~f+H3|YMuv+a11fbE!nli7y^SdHmI}|Pk6_{
zZSIq;XZyOk{2n2!FX^Gu6y4usZHq%1lax?c=0?K$aR4;u+W&J$zJD}iaB_B_YSxUl
zo%;+psMk?9IfH0=pKcH3ZS)6h7J@e133E1pWkYp$6>R4wn-;EmaoZ7;HGtlNQ<?!?
z$rc93uHg$PcMi6wvK!AB>Xoy0384G9fX02hNYb^;xCGPWT_9!m7sXz+`8<AJXao%e
zS<IoFdix`XPx#W=PhM{0=y$zkpJ_<ykGwe@o14u~>>DG?@{11+<l(}ze3laGJwuwh
z+xl!VJQ18Ru#WHPq1#m8Vd?N!xIF07jQ&K*SIF%WNhPVyqN~tD-9B8Xry*uMJF0&l
zBf9ATof9arp9?O#w@E`p7n`M-SShFoOOejuAJTsXZ_NQ+*<x^dYh0N9p&8F8FI}^B
zzk2cEI{VO=Bpt6Su`!MYqrP&%V^8yMbFGUa-f_H!2@t8fO-eMLuF+58@Aqv~mn*N!
zPPL6SRtlVbi@O~fb~(vkcRPn7dgPP4{<~mocC!A<ax&tAG4wi>1wy!4U**tU1{e4`
z3Ok)XDaPo9ATQX2dx?LOoG_L|M>FFn?K&dgZ~4?D;ggK`C1ldOcN?@h@ICV|Wz<j8
z9d7cwtZ^0kD&Ol{EK4sw|3_7RU(@DD32v2&?DpJ6(QoC~jEcHCPdUC~clFrqI}M(g
ze5G|B8T1WMz2&*bSp6Lv2g9gEhn?N!1q{=+s-0RB^W!(<0%#NSi}NZ6+T(P8_*|>;
ziL&?O?gU*B`1)yb^i7S^Jef^(dqXs&)fHro3ivV&44}MwS2z-a&g%xvx>(T|Gs;~v
ze#GVhs`(|HL{xFPX>HuVa4VN1x)<t$JJx4Sb9`oI+<Gkds#|XR^f-ccEe|vqPIjw3
z#rR&MX!`NP5bnYZf0v2V(yon7`;t&yV@c;58f_b<T*8zE<WuM7hYPxW(TrP~2k^m$
z2B)aphbx)!y39;8vLJ3M{t<`0^(VsrZm|i+U*j*_FMKHmK>yNjtChdT)~8MEJvC%0
zrxRf|q?C1Nz7ZczC%W!|Ba*=KgLh$?n~&W&dfrG)?z)LJsY+Zl%L3WX=zP@s)LSB?
z$ucdJX;?GnD?FR4+2nOXdOs@__eZrrM@@jPC;;xNA#WTLPXfutx;L2@jDU`#D$h}}
zos<q|3B@y3%;|WZOG@s{Solm&pz%sxIc%O%-1CkD{Oq(OYSGkJfHYNtdpNEmeD*im
z`;p~GUH8ge?*wgYSpFv7%|Qyb)h*G6uC15jGU=`Ujw7WDyuYDWf3f0{wF<)4uAvi9
z*tO<5Rao<|wGq%E>^3etfyZi4#lgVKBT}QKNmE+)s@a{Hj(lEa{?}*lHoYoW?0&-n
zxb=Bxq>vsra$-j|Rq4NArp_(t33#q_R=EV()rK~ygc_+>)`*lsijJ1)tl$9nDg%*L
z+#J>Cf{4o_!CQOw3Z;WJ|DXxPR{0}Ov-NXME0z)jT|tzXUUz#yHX0^k>DYI>16tEg
z3%)?jqmD%H2<Iwo?HHgZ3Y~+5p1}@*vu1!IO^4Iy$J@tbV?<QPk#%JUv85s|QiN+)
zr9MOPKUvR*ans=>(wP8R^C}sd-hF(3PS=Q{N|Ik3b-A;+jXT2+-n--IQC5`P4SOFd
zGE&IP-N*vA|0r3A&kd76Gqe@aDr#<(mlGBA@GZlAC-`2LKR34cyX6?%UwFC-H2Kox
zK&9KOtG_iML9{fH46}%iG?6N>bD5}id{Y{uKAL5y;fl9pDM#Ek6CN$y8_zC;{&UH{
zc1^|o2CDUu*I`|SeQm*f>T>{-A0+`m(v(7lBjhH!aM7%&*r@Q9yQ}cl^K)u9Vi9pU
z-s<Wro+)6|8~~WY4b6E}YI@kibz1Osx<79DRrrZ}#lOY{d=e-3PI{e^T#;2?O{gZY
z)y`o=R^A0UNu_4t1BJ1M^Eu&-f$vRjr#599%xq=VzVDU~!9~qoprnX0{{XE0-k&JB
zqxu(%4^9GRh0>)teokop?cn=gXWCTLqgvhUErf`E!YEH-{zQZr;XJdU8Ip?~e%_Mz
zvP33HiBGTlgjvQ9fn!>xzfP-f+S?Hgz&zk5-mi(!_DXeA@rh?$Qi6tJw9_FY*tJJm
zj3cVk!pGU2S?UQu-u5BORvia3fD-c1{K=H?LWyYZZbUp-e=yOgM)9P-sLEk7>v#P3
zPki30HDSW89B@K=Ep_GaDG=S`aSja95WfVfClZq3$8Itsso#*m+(Y#@Yn?3aSQ5dG
zRjHYKXnX2;hK^V-fqS_|<SVCa`nnbaqRM{*5BMa?ucKcDy_q1kJIGi@sJH|Jid6Ki
zb=}2q-4I6;1nebI&r(940&5d_rZ)hy4nwrFwzhX=!;e*E$Uu6y`H*ZpiQFJ69@eZD
z-+Xp{5eH}PDc|3D;;*YT*8#gu!r8sA#g?FHPYy#%2(HSM!%43-2A}jX)>M78IPAZ_
zIlnHbEb`TE{eGd@iyZu5<$$o7bLG^ffVC)&kH3Dng=5o)Uq9S(mg8T3@XRhUJvlvQ
z2#^(?6IsE(r$rd3DI5y&jH^=8g{GSb8>)?~d6MT_IL@s7gH-(6<p2MJ|AbQfhq%hY
J;rp)Re*h7|X_5c{


From f43cc3939c3afa92572bac95e41b3520b40b27ef Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 16 Dec 2021 14:55:48 +0200
Subject: [PATCH 12/16] fix some semantics

---
 doc/passw_hardening/hld_password_hardening.md |   3 +--
 doc/passw_hardening/passh_arc_sonic.jpg       | Bin 30658 -> 30730 bytes
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index fd9922713ab..3d6f98e35bb 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -17,7 +17,6 @@
 		* 1.8.1. [Compilation](#Compilation)
 		* 1.8.2. [dependencies](#dependencies)
 		* 1.8.3. [Feature default](#Featuredefault)
-		* 1.8.4. [How the daemon works internally:](#Howthedaemonworksinternally:)
 	* 1.9. [SAI API](#SAIAPI)
 	* 1.10. [Configuration and management](#Configurationandmanagement)
 		* 1.10.1. [PASSWH configDB table](#PASSWHconfigDBtable)
@@ -54,7 +53,7 @@ This password hardening hld doc described the requirements, architecture and con
 
 ###  1.3. <a name='DefinitionsAbbreviations'></a>Definitions/Abbreviations
 	PW - password
-	SPASSWD - secure password daemon
+	PASSWH - Password Hardening
 
 ###  1.4. <a name='Overview'></a>Overview
 
diff --git a/doc/passw_hardening/passh_arc_sonic.jpg b/doc/passw_hardening/passh_arc_sonic.jpg
index ec60c40e8a996b053cd60f3e4c4abfb3cff2103f..adc642c4dc7552d18e9de0a04fa76f519f177359 100644
GIT binary patch
delta 23426
zcmeFZbyS<()-ReGEmFa)lmfx6IHgE&LeSs@X@P_yfd(y_wiLIL5L^l*xRl`D7PsPV
z#ic-t6pCNockgfScb~J*8Q;F++;Q(8modV#o-CVluHRg1W<9_4eED%D?B|t_x31l|
zMNC9Ygt>i<l?C}GwtR$GL|nnj-J@biRMOS+Z5bU<Oc4?jpHZr3Yz@QcT>H$hVJx?O
zkI%Y2n>9ByevKv$J257zD?&~=LV_{BNq0SkYApw2d=rQXzix!0c|=CF=5|mwv{LNL
zXg8KCxk^Yl$@q!LvG}l<)@8jN-K&aCRQSTbY<K3R*}-W2O2gNZoj1nin^w{7q)zEb
zU<Er-CWxz}ir$bsZ_I6%J$AE<wevfA*&Zkqugk<fW53kFK~r8iO}E(@rh?ln2X@41
z(Hbb(EehFE(oUmR4ae*>jp2EF_H#s&?i+U=Z)VG`{Zo=Gsm8G?gYYT!l1#5qBtzA!
z-q5XIjG@%!{CQlE2`JnNGth&^abbpKj*!B#QmH1x;(`QkZa2|Uk@PM~&G0st84Yn9
zwU0~u;+<@kWDt;ItdrYI1^;s@45Z-AHGra@EUBZ~v6K6^oj<A>l~Hfob;w!$R`kR~
zQ`N{8ai!a^KYtgwuI7iFR^-{iCyEEMlZuD*ryeRq^n3b2Is`K+q88~I($R%3QwoL3
z>7Xj38=23?X57mqRRW)U#<JfZ#GzwVaJeCa$bmLgXk>9sXo_B|&_7Kc{JApKJ0Qx3
zJGz!D(XB{x$kEz%FGtYS<v30h3@WwC{;a8%GzBs7Bl|e*s!i<}m_cmVB`myzHZ7*7
z{#AHesd+6^eV%BffF11cRy!9VK2fzw?*wIt?uRv=odm0D1=$ZZ=57BNnffhGKUAWF
z?1Kp%Dt?>NYLIW2iEW>uc|`s;l?ii56nKe{hp6O34M>WEv=+CPg`hS}mj@LJJm+|_
zGaC`5$=UxFVv`QcvD%~Xac(@hx3@PL_<Fq<2eH@?M@BDHlnhL^*u!R$9~mQm$z1{2
z2}t8`qjn0zAhtOhu5)XezTd{b`B1C;cuU8ErZ&a{=eIwSSL95hPeTeCtxLW>&wt(3
zq&#o^t@HwrQi=5=6kh=7<o<{I7he4OM8<uAmT&iib($YgNSQ7cbG?7ZCR8lOt>QyY
zPC2sz7kd<=OQrw7YsmTYDE}Gw=Gm7U5k?yeQ_tLEgh&gW&PIlXLo~YHX!E#IBsx}C
zZWu9<F2K>CB!iZYL;lJivVC@pznle6IPJC<J3^Xi!9REt%JUtviaCohQKYojTINVF
z5u^`LFUgs3&Lj0ro2fZ<!T+c-?@MQ^RDCOIP-0`&@<3~7rnx-wxGMe(Q-1iekxV4h
z?7Hed%TB7CLA%d8Cw;0diRcFoG1k}#7+)B#q90k~3sdvw&4^KRg-%56WcX4Msk*-E
z+H|;!@N}R8M?{N@7-|6acvcTHZf?YryIE*-JAOe~MC|2rAvQwS-Nd~WL>}BGb=U^Y
zTImtfWVm|)Ab6y0|5M=5uwp~U9nC$GtR$u&0qSz9I;%+mF8X#0h`B1qqIiI+DE)^6
zq;fMl+C>)qB;4r&kSs%!pDNWhddD)xKr7Lv7gcZaXyo3AIX`*5iI%X|$MS;QP9(&F
zQ+E%~ExUu*V)HLrz5v*4$xJ^{n=9}_O+3-|BvV_nRyH>kiEc1)H<vnjm{k8ZTSjRe
zlFdFg8WgwN`2`X)UBUfp8~TzJh=!n9S>zJu-D@g%c;G$BH`e+j1a7~hr3lrrsXB#j
zp%~CO7yiCpQ~f~lBz-KfmviFZ_X%37Ev`{d&3MUQ`kkaM^=UWf)P#B<e^21DJoi>U
z8*bC4a?+YgpM{i77TDIclx4&w(=x)5B4-IRa7Crtc*z7x;qTjtBR<)gSt?NAxP{n+
z16aSQpe&qD61U+{a?OK(XW$^9a)hdR=f4NZf?(j!uc7}w@4pKm%-36Bl*ar8AaF8$
zbEav_p!qqyR`Sr)#EMKAR#&{Tk=pv#fS#08Rs*|pZFjgO$Of!Hq1&(AgN8d8d9>DS
zG<)<?QdtTnomte{SA}Fd*9xRRPOk=BQ|yLW(8#Tn7N&1p09ekqeeJV&eqQ>dSftGb
z!071iq3fan;BS8zwJTCASFo>)F91nx1XRIk@JY>1eni2S_R~=@%$enq+)Q7jK1Tk^
zQ<ReBa`h<RBrVFFhP>`n&%t857Nx+*KU{Vi%0_L+(7@CzjBEa3%emsUG8Hm$9vr6?
ze*uV-(u0}%AxT@Q4JOE#f2*9b%3c?BTBU9JRLF-sQ)_cZ#yLOhluvap>yHcRssGXu
zGW9a9!WEnnlIYrF*xFd|tzn+>0zkY;gYwTA{$?n-BCwp*pZlN`9SACq8X$knuKBQ<
zp!7qR0Fqo;89eE()~jbl*2q#wsrum(Wy#HHn40bMD5>3w%enb;<A&B)BQj@rSf^`f
zfk~LgE}<7g$#&i*0Xpj|64^hk2Nyrm7l%yyG-e(naF|ZB#Y%P4N-=KLS$h!?lOIC9
z4cRHyNi(-mnA;z35XpYje|XT)?ra~@Adt@ua@hO9q(x7=3<2+ky9>yx#<c8gkiLo|
zBi|8g_Y$Bm*uz78F@h=4^}$kw-?NIJtLNsYjjI6wnIA5#D}m}0@ty3PqTS)sf>_Hj
zaq}`h0G5T=gSh!cG1HMlAaumAN-S>Bhih2Ll<xD+(WZ7Hnu3YFiJ7g!N)_eBEt~=*
zKZhT~jzWSW(?as$dD|YP*&J}&n#nhsR~yFI#V1qaE&x8eb0&2xi|5H<Gpa{b<Be7<
zvjBz_=NA9~>fWs*{nF_;!}kxoD+kyKoXxu8JO0WKrX<tX3S-kdfB;q}^{KaTLNT)^
zV+UkVz^Y;lTtrK=(mstDQSkYl8_^LL*=G&Wi0D+V=&`CeAZN2TWV}8K6R-)*lV`Vq
zmM1vn`NYkvFKHfndT#n0I{N6eJ1gnxo6q(-Xz0n@F#iU)a|iQTl?rvMF#mg*aYLID
z!rd2pRcSWu0w9Q+jIUZ>5Q-PFp9<hU@|7HmbBf_UqD%s}faO5qSSQU74cB91$Z2LV
z(`{M#b8k1>kKZ;QxQD4tm7z2x+8s2b4J5wY{Aetg=VtNMc02glM@z_BLrUKa<tI_=
z0wYJg{C{Mk{*p^kDehkWbGo$hV<ZXN6L)6x1{A@VNbZEECwGD?AN2%pY&uM(jp$*r
zvK@N)4;C5oI1MLn1MzsqZ96towVrS*G1@`-s3Hx$e9nK@d2?|c!@+8W{?gid(jM5a
zx@`kAf~pJvaoee!B&m&}MOeopmG|FU7wA!Kgl^K1ZkW@SC7xuA^U)613fhVssyefD
z2^FeeMF`i25#lIjouq8W!A>IT?zRL*_G%jyJTsE!B=Puq3_ZP*Y7O0=?Y#Xr?I`)3
zm#m9(`_FR6+CL3q*Y^0KodcEK7WD#eJm{Ff7smNU56sN%k-m&V7wLw%KRqD5@k=0l
zqUWstAB|<cy1rPTzmTdUgNeTP6s7$fLK_Ohiel~c+$Ex9sC8=S%bPo%x4&Nm$t`pY
zb`9cktYij#oS+FWo6pVWQKN%$b#Rg~5d#rwJK3-iiI$eiXMhLR_x_xvq}O^iR#u?1
z*4v_?=VsN26$=p#*oQ(JM{MHd!U0XEj(IS(X#<<K2&Y4EUI3n;EK$=JfL9$12PU<g
z>xVBsCYQKdEsq54KAggLg?7mTTV~#a<<1z>S^5q%`qo(~1Hv?34AJY`At(K?ab1WO
z3UuZv&aaK7j#8!XG{MzDe4m4?-Ndo!MA%6C0x&3s(l|{$#!FwlS!T$+Z7b2>*ch29
zc>e1noGCG-ah)Fj9fjX_rf)i#f^pEQ;0N;E)zv8+OhdUrPH@{&@>@3v<GaJT)%Dgj
zXcfDquF8nXrv2zcToX4Zx+zn3=-pzs?qgYz19i6Ps4rkNT6G_7ri*Kmzn6@toK!Hi
zBUYe*vUBr?gs-vQU5`#2x#jDWI_`DOW^2nXT)1pnA8)QM@+za8+HHs<neB*+P2@D&
zZ*>pRKn7>tT_ruQj5(Wn<k-wHA~8a{ei-ND)oA?*a0UAbBY%quWiaCW*~9uw{`rYi
zE6}_G`qMn&0-$5;|Fsmv=z$9O-kIG!4*+<$!Tl-h&<&KGF~loL@3R*vwWKDh-wC#v
zE?iDo9GPrWF6=ZH0FbwePYO-B^^sdQsdQ%0_Ie7*uSwSrZF8>|weaJ?H5n5w$N6)i
zxRCJr$_eP9x8w~JJb6IKrwfMF_i*M`p)I6XeKs(pGe14KjH!pV$K^;nF%+YnnuvMS
zjaSOkdWwA2V){ZhI;xO2BjDr9sa-!XZ<iwbF%zQ6Dl7FvJxS6g_QJeWFIOs4ka)@O
zFAxrF!fb+2Km^y9J&_%^MNZ5+xtwDRdRZtFwll34+KqB#S8>w)g02vSgbr;u;W(3t
z76vEia{_EC*v%&S(N(bAgek7R?Ja@qfysur5w+?V?hx@@Z*E4FFT*dw%3Vz%UBuVb
zgmpQ;E|q{TgLslkk!<5QP9*2ULgo4bZZ$nsj>%p3tVnS@MeGzO|Ekn2F$#_TIjVH3
zZ3{ccFR16RvI<W1k6T6~Jp9T%rIUyJRtA(}9wLc~2e(s{as5Livd#<<ztK8a`ov8o
zxDQ#fR2RV)dcO@h5ohR5&rif={y4WxBoBLs#dp|2@+X^c2~SaZxzespN%p%K@}KOI
zSqHh-hlDi+dB$N!UG)#sicq{o0nfsJ_dG535k!4dN~8+v(u9X`WC}d#&Fx*>X?_{W
zqt%7H9(7|dK-W|5L3UYu-s6cThu5aFJ?l$*P%wtI2otsd67V&;id3?5?2kvShJOD3
zl8lHp&V_HV)kIO-#CA-l%&Ayzf<f)TS#+e_DA{I3umxggZ>2H9n_I#1H4Ms5UQtSy
z`Uz!P6P;jHqY=@~k;rk#(P@uw!@9Dssgmcg=fw?CJBaIK_r9YrQz!Ou!sy1o+*c!d
zP<9J&_50PT1dU$aCEebkTGJ_CY$7_|gs9Clv(4`Uz|k|o>&~r<Ymk%h+ElS)TQZby
zzI)^vcmaT_oo^+u`qTeRSMcHd;`e}lKn62QEqlGZj(HmMkVZ&w(mZ<m;TChC+=8=u
z)0RN{;k}WkL<W;`B&e2IEb4#CEqhI~c;&|OSK2cK<^`R{6?M!U9mAETvSYg3E2y5!
z<%wjZT+gkQD}Pj=mgxh4p8nGxv)h%W6Eg>izy$4KrYDhLYZ=$#eA`hoW0@Pl6TBt@
zq8mWb<_(2@yrh}8iaO`r25B(Lm`nkGeJXAX6KaCpDov*lo{C)^sq&)r?-K0XcY@N5
zl>KTslifa$*|^@LsBda6;L>u6@*jIt?BwY6$fkNzeKoVwly;%FLs3g|PHoa5ybA^=
zDAce>cMOa=Yq)&3+i|InJoYHY+dM)zvMPIxv9^ZN2Qw&nr0Ut}Z3tw>I&oJXF+}%*
z$nTAO@~jzMP3QMz*tV%iu<q5uB}dFOsDyPL6%|Ch5VGab2yx1Ji>^FCAzwJwb%)|f
zSb^K#ipA@3fkQ%2#kXqNg$c)_39q6U1)zTB;pov3H}{_+tb&hipj(xz9~)jj57`u`
zD~+56cbBD<F%EBWwOjWpQ$cxZbX-=pgyN|eZ!#$@+Whi~;tS7&otgj-w~dhROO_{Z
z$J-27jMBauy&VVb=t}8C6|WV;YLf!d8TrC&l?$1TImEdAh`371UNteKvkS=k-nH9j
z_?{ExN6EgdhYZ1XmYQ1AJyA*_Zu-$h8yg-Z+3Lh08&FNJY#etpuzV7v#cOk{U!oJ?
za+SDe_1^Cmyyk?OYiP`N=B_U;ZHjh3e5lkvHRM1j*={4rS9X_V5iue(-vhXk+7k2T
zAq%}><T<(f)Y&t|3&4yi`DMVZasjwiyLJAN<pQu>bZg`?5~4)Gjw<<|M^E;2tv{C$
zuk{Z7P8R_j-MdQx;y6(g_=Q(Oue>{&if3ha%4B#=Ix(r4GDoUwHXzYV`{p^(S7F##
zx4k0IHhX2J@Z2ifF<GOF>@L$A&!!<qy@#=N>@6NQ!p`+K4z-?iUjV-E?3tZ*v)?OL
z8zQS@Nk^A)VHgEb3Va2XFE7{Ah$7+(z(HFVqHyC!O(s8gtnnT9=iX@(n+bGv%loN?
zK~38`Fw}ya-n$Kl9KymPdH8vZaR<tIpkMWzbv$pBrd6xBdVK==G|x`pD=M_w*A&4m
zR=eA@R{3rlU$6^|XblsOvvG;O00iy1eVjOk=D&`^9z{B}$8KM4B%m=DfEH6^4=GJ+
zs(x+Pte&BnkvKTaUp;(PAhTy!`HVtXyI%ndH5uA7L~utZHNCbHmxXM_snYA(Q1V#S
zl3;7I%FEcGQCl-3MpSXFP1ob5w(*D$ugS1u;uznu5&aQ~4#3qg%o{Q)6sriS{(zN{
zr$aD@sl#_%m*kEiPI^at5c|1;vp&wpQN?@-4khtBH8Y}ZWh`!J?65X`@;K<;1t6X;
zo@+^Z18Vo+QM~3kM+L5OwWaFEcwisT?hn}Z6TyMqz7VxtPpDIRq}#~ga?_sI&fG3p
zw<SYdJ#qZ}sIj)BXZaoz3Vxjv-!x$F!;1vj#pbo{DComMptRPtEABC>G#bBY1hlF+
z9Uy8j{;4hmJ_faH3Vs(Hy<3f?Q_Tuz@I9efg(g>mM5W{Tmn8>pT>y49xtkR^kD%%r
zHVjyY2>YAxV&_MW=?}j=>rNP{Fe_B(nAQ(`WWl%bO{&Ynt2_}^7;0x{r#_5zGV|gT
z?%m0AuXU-au)JGU2Bl*xT-<&_-dT{70QLiO;yB&fd@^(MBn)x8>-^U%n3F#2FPV~r
z#u9|$a+ZlBX$-rOQ{m#c<YbEaPVmb#s6Wydn<O#a0JO18G$Yn6VCu-5s!DfOzOu^u
ztP06riLVdpnL;5(2j^K9AtB+O#Hw@abY%=SvnHt`jKW{iO0%9Mg9OB+NK!&J3`~e`
z=h@(XLNx6xnNDh|W@gj2D6i%<g?})JwUA*Ankjs_Ai?1Ythq91GZ=h-b(Qwof^E~;
zJ;p!cNs{vqaH0Lfn~h(W2PdKJ?ce7J{?t%44`{DwfQe}*j{k-FSW85wbVwf}+;#jl
zq}=&uc=6o#tIX#c{gL{wnm$)GJ1C0Xg_dbZXlGm47$!w0iaA(Jt5;Me=$N$GCwXX8
zG<@dI5LA3W+9{Sh`gVc?o1uPii7r;u5z=OoY9Ukw#3r(U(LMCLZoYaHqNkguZDJ+7
zI}Oz;BW<?QRkf-hrz=htV$4~b)C?FH7@RPxGVO<h3|nkVnJsCo>4%}!rcLIuvx-8A
z@kT~Whp&`WiSLMRW>0G4wSKa)7xo<6q=r68JN!fqnut@SEMvOO*|l=yle2vP&by?{
z%?p4)+WC{=gfw68u(?)g>)+U&<=V#w7y&kZ5f8u>^}zIHmyZ)iipMNT&4l2GiMIE>
z&AG>W<dbcjMazwOSRU5o_N2TIJcS&9w%=OXW4u^d?a$eLy_}*vK3=g5#F(r1<ShJH
z-<H2qdEdn=C35xq*IKKdWDyvSRUMD+P73MmSW|5kggsajYgOpmtub~y%{aT)`+P$2
zy+&D-j6m!r{9!LaBFU7G`rdo9VYrr>!a27O@K9c01Hgm9@N=-*?(i;lySZ+C=`6;>
z^>#e>4<80Y?>v_Ns<QWM)m#X!nMfEUXNPpcdX?ZyZfpzjglIR0O~6$wsa)6c^RnIG
zeMPZg*d2M{uaf(<dZh^g;vKVgFFxuk$h+z$K4u~Pjo-w~TyGr4M6t1woT~rcow>jD
z>}nIHhn-&}>_0M(`7pqM6QjV%idrygk6T-v`j5;r4j}S``C(R$pTB2?$F7WT9(A~6
z)V9Nh@>{0-xExnRD{TdYSP1Um32l5|h((8pD8*477`rbuciqcKR$Uw1mha`L1m!)g
zibA#5Y|S+#`NViS`va(C2VgRW(BE90zw4SYX<|mL#Y)i24aO+vm2DeewX>U*XH%b`
z5F?v0q|5#2&tJ?Vi_{_2G?ZC`ax7Sij*dhmB=Uu@h?pk>xccO9%Fhv?<MZ#k{YS6n
z&O?p<-+{UD5vJ?nhPkvtMkJ=miH2#(+7hk3eeDu6z$`Y=n8SFFv#Ir`|0f2@E;KY9
z2Km`}BpP|Q*UGr%y@ptn+$FX+K3rnU^e@;tu=^8Rn*eFVx884wCf`c(69sVA-sUlr
zryRYCFRfe6^=t!1su9wgCP7Orzr?*-fv0+Ho=U((`lOKfjRcGnCm*Jd)$mFv<~?`V
zt-s;r<RylIl~1G&0Kor87#FO-eC1@7L{T(KSE)WR29*3q7+=81a0>{y1O7+H|Ns5|
z|7E|Qev>Gl8fQGeky{te(|~JCggBThacgb{KoVoBG~pN|x9GO|oL@*s73E@)EtF`b
z(p&~-(-HhQm`x3aVsDGXsH1&++f;0>5w2nb!C9^Rlv%p$(`qpwo!$sL8g0t&G34#3
zj%Y1!gF#XDn;jv)^BRA7Ce*%06|LhU(C}2Ny)r&;_B)C^Y4^j!s^6K@iNtjou)K4`
z(^5$}fV{f)y|oAV-WK6s;tlPBSj^>wwJbUKZ~NS};dae6BGquC$VS)j#z@;ZId?+$
z_S12uPyhJs0=TKNy<KoWKgQEji2S)Sh<i+5#mC7;Nl8h?UN<p@LM;N-(-RWX(-Hhi
zN5lr3mN`G{;=2~1TvorH-l-q5N*x!`y}Gy<uIs!8f%v1@09uILO4y>Pw*zrV*bnFK
z_~1JVm_4pZ_>)u5{Y^YY_$sSRho48Xk>Ati^HKG)X}+gd>n0KAzpmXqG2uOY`9J5N
z{?}Rm&*YpMTITECnoG?dCeUkpC!-2G4fg{C*YLk1KJ@KXr+?*pb}gR1bHk-;h>(Yz
zNk-}}J=%j$4Ww&LC%NC8#l|hq?8U^yB+}D&lO2$#ml!8H2_{4YKZrdokI&Hh5<`Dm
z(D~R5Uc}*#0pgmHpfCP54gkQ_toN&30gfvY5jst%mtP<?n&KPA(Znbo{(&(sC|Xl_
zR!!ZoAtE{y*wL<7K3TW-j4pV+8+g9WbejbvlcOIW<u$l_E4Myj{xGkTq9e^D@$|%X
z!BPQ&7Fb}Vy+=JeWd9?V4mH_nSr>3weS?VkfMB#eZw2_@=b--YRQgZr+`}dXi-k)L
zPqYc=)2>R!v2?>tzyU0aM|>F6v<^-ZB_ugXtU8Sm*`|FC>Ey~-+Naz(T7tJ6&~!ya
z!yfk3#bNf*XdkYKx{i*^k4O3JwgosRp;1-(5bFRYa#-E3{(j4}>4)y?(${~W{xXK#
zpLiVL{YLxFZGEwYk|C4Fc8^so9*w+Zey3w9@5(01pTkF0BBZ1;h>~9VLD*!?f!(MQ
zGh!l0PcIZj_%FY0JFfFmO2L@gJ_#0HUYHSfh`)hYJaJLwk9WMHK5+BrgsI@`uAv0T
z{DQO9FD;$+IJk3}8In=5<7Kb9h>6&zXm{TF==w9(4c=O$1Q%hb$D&;#BN`Obg@5;}
z!N!^mPB!u=!0*z%QM6Q&_Lu&>4f0IK8NdEh_#31grveL26LoWw`GNa71m`c?yl2S`
zXZg7|LjEjp-9jE~O&2Ttv5O#8`y!{?c9TPbsYx_aeJ{?&yhX+Kh!i<cF&rtK8Equ+
zL#EwfydIbeB^1%wQHC5$eX!T1tlQO^_B>MFe_e_K1Z`zAP5QSS5R%Kyndx>_qbn90
z_^Vd?m;0h-PPRUN%N~}##tMzJKKd#Luf+cj2n~iew}ndU7l)#$d>#{Md}W>h`<xc9
zJiEg1RWq^^tRDT|uvR;H{lx%(1!d6ZL}}3Y$uV37JhhbQxykbJOuO0j1T3{FJ1bKs
zhPZq*;ySNpucR8f?F-6*nue;VOom!SMz3FS_(RhxCYJLU#`B)p^AUYf@^rzUosky+
zxHHN=pW)V@mbm=aE9&}FIpFf^?{Y9lvm0`%a@URJ4xGvk3|l|_t;`J<0o?lV+M)2g
z?f6oV(2%Z~)JOrTGBU?s`5~$kDpE!5+=r-6?`Pu^%hD*&HIUVUX)ig148m0Fc<IhH
zfsZQtiy^mtCB&p+<E9Q{;*rM+n^!Z^>>G)5^n=}FY#u?JT0CsH5ZyL-WAVwy1+B@Z
zLnFf4s3af6Ty<q70a;$1dZ0@Yj_SI$_NPROYbD>DubuadoOhwd6Yd@J{$~7i0Voqg
z5h|~){7q&6x8V?y=vO*TNwOyQH2&1;Y-8$r?y=DK0RddLFkwZ>0Xg<CkMpy6kKk9W
z6>x3X>4X<r<oLxS2iC`-4chQ6Tq{@Y=6J@MGBJ);SVUpc{B5i+b!qurN@_>^vnz&!
z)sO<w=6l7c^h8cU3{6l&FoCLOm^Uz6idYY1hV4ibmXKH~Iy%-K<Y&cZ-km3uTVBED
zJi<4(%(iZ%WJL4z%)zS{#F6jklVafnhc^#4jJ%k=j+KZ1CjMVRYpMJfJiq=M#%+#=
zm#QZ`5{*#`t!5n-fqpy+&j^cLekuloV2sLf|CsQc%S!pBwSRo<aY68o!WIP=-9<5M
znX_S^i$&YDVnz2uA<SGNX$jc6eg!7PtsRA_#A>*m0FR&^fXq;UB}pWmE7Qt@U%$g0
zvXbqXKbFsI(!B0&s!JQo)-3`Q_w{`C9xS|MkNOdo{rML?T|=T!1hkYRhPu!C=QhsZ
z)v6&|HX*Dh0m`l`>1%pNyDhN@-VoAu4tT^iz*nn$M=wfRHx#?r6{zEYl##%zBPul5
zW1L%g+~2av$}H{n)ti;Kl>sfDV_;*iD95vCeiqPK@r4R8`GKRf+2O0<k_)6YYQUp*
zRITLkUAG+Y-^@mhJ*O9H+U)(YWuPcee;M(UCCnYb4-fJ)KD_=rF35)d3UIyszk>gd
zBEC`>C>R8cg<}Lbe8>;I$<Ci20HjY0-mWZ1nT~XRcA<D<$-pM|9;ThMv({~eQa4j@
zU>7wrgEd|+=kTIPG1UPtsFX@XJe!D^+Jv9*WFjqqBa<mE-Va&r4IU<d)ngNa7ry)1
zfpK_YGs(@%O@N6{Hxt?Iv_6b{E3q!!|Isa6@=}d%yEBpa_HbwTh%UYvX#)>r%o9yE
z*OnnnqoI5af=oP$w=<Lp=(lVr!S0Vse^c$s-OQ#p^><H1j81s1p8dr~#z_<Yu6*8v
zJfhd2-7#81vcQ_T=2>ZD@vJT<a5VAjd{51*DvhM&&(K%r(=pw!sT(|#P7i0x7Do2$
z@K0i!A}kxA&#=rYGT!XNv2BKC9g$8_OVq&MDBhaDqt5A0PaWzR$>dlQyA?s}<o<SC
z$1>!L_bfpuri{owLB8>eI3zsmz8J86*%MgTH^`^(A4g*UI;lh4?+|)J%O_e<qO>`3
z3ON(;x8Lo0E75i`S=q^bMe^Fk6U$;L?LnTouQgvsW_EH3zk<mzSB1+2Y>NrcbM<HL
z<CWLdLrx-jScPR5S%rXqH_+cN*YfO~4OEG{84DyovWlwYFr#-(5$yX(u{KIq$x%TX
z&L<*1Ck8tGDkxN-2rpOHl09WiTC{P`wE{eNE3b+f;l$p)v}5G0Q-*l=AtIzFNz9un
z=EHyW@vjinEp@n+<To(nn+AR<t*LGmrMEg{<tr>At~1$JJ&RyuLHy|MSy66P5(L`7
zY91^-`>$sHyrM26BW7jPwO7ms@R9?=7A+&}?{>@E%`g!OuB3_bAx+-gr2Uf1jV@_a
zID%=lbkjk2A+_hEMDmPJ!zrkWsf3NI0!ja_?K~~{1&|ZfkG}Ho@9p#M!B*7z)<1kM
z3|Zm$C6io<q00PTW)+-4#qr*(qnFgqgGBeIA*yZ2-^G*F{I&k(hsu@w#Y)xW6ob;}
z>5s;9M$TLqw1dX#%N4VFXtt)yx1xHKliD(2>ovEx_zG|~X<+bKMH%mlosQM0<^a*2
zB_*XB_Z48h!*~~MMZ_>14y8X<?l*!p_ayWb!1cct8453XCY8PZt`a=u^A+ksk7Qq^
zf0Fx~pJcpJR>>y@ot5>SCaHw6qPvh#UG7dL80%o-iOVm4>edTXd$mmIOEz3iPJc+B
z8xnE&koFPvW6bL(+>iX15DK5*E0Fz_2gvBAxTjH&Wt|FmSE2Psn*dI;2=$E&A}w*>
zNT7wcKl*Zw24k|Mc%h1=5{CQPr4cR$aXD5<`W{W<_WS-DB6c-mKfmepjFm^38y>9h
z&gG^y>N?SUqW*o!LhJ3pulGnVGNbt3+{bri*!N<M+n;q3Y1PnSM-<3X9FG{(>i5rp
zteC*3d|bqg4H82=aVC8oKlwaHb&oBR4V$-_Pr#sr=-<=>O|1g-n{-X{QC@#&An+e)
zK#%z(OMB(?4=n`#6D{sDV;;%T@P|tNhpM2+Tr8MEUIfOryQ8!pb#GqP2z*Q{pe1-C
zXPwx#No640R9))2Edeebo55Zx9g7$-{LHNC27%u03dbiX_SC;cRxxIU;EFh)=#WlE
zdV0^8_nRggm1w2l=;BoflE`WW7q_#ALDKWjU{Z*=Lpyyy%OlQK&T(f-mk+Y}cSWoS
zfteGV^>QjMrqWTBq&J^?;*o{p2EDu_-?HKjKbIsiOtf&#7lxK?04Ma|HdAl%Pcar!
zbdRK7tu(C#nY>mTk>WRQwQR{?AQzwah$v$q4WDn#<3WOUJY~fQ>vgS44wuhCZGf0t
z(mWWj?CS?i`7=C&$0jd6<_!6ol4VD`$uXoo(E^^MAv!9G3uSyyDX(z;w~*sJjj5L7
zx$%?_!2J^QOUBUnORKdB6nVSr#QXP9W-U~*B@X@FL9h!;9uro&RvAUV?X4L^pMIVZ
zet13QzYl8iKN{yn-Td*XIP#qPW#6;b%VpDss@5Rev^Vdjt4VeO4)OR4p1<0;H7{!J
z#dflo_(sIwglizx(Zg_8Fo9Ub2mdbVB&oT?SU}k`Y%QC;AfdtZ*Olz_M33aP%{=P6
zj<Ku_&4zs%aSmWdw<87!zTSM@F+P96iwJF9>9`ieh_?FqVhfo+ijFX(4tVhRD#^XK
zj$gTXbAvj09bgO|6LvrL!e1W!1^K~$mDOKiw3mU<%2(F41^u#YE!r0g<;`}^EGFZO
z=vSH=B>tN0Fw@o@7OT3Nv(7S(`6|w%a_8<FbH-E1eA?&mb2?v=wYi0OvI8>9pDq8f
z-5CGXZn8JroOi%MK171Qt<x}kPYtiAV9cfHugbAtf}R>O2H*Uv;D0G>rG@$S)R?Ig
z9NoW&lunNtd|D8u+N3~b^Jw-0piM=7@BROWrz;fc2a=Q-=wQ;QP^Y+5a%iiqkSOPU
z<VkLaW@kz8)gX8S&Sj&jO8e3$w|2w*jmknOOAs#$-Eea6jau~D7pZqKH{vy~BUmPY
za~d@+pdIx{6|`=QCty8aMbNfTqg{$y+eUI*{E$?^WS>pxBYL1%D2CS>**YfLxSxnN
zd9*FOWK)n3)cnn+qI!udF>=p{78s!4>DUgw&E3j1Y=<D;XL+)tb&}f&yd=5_315<L
zQP=o;-HNv>cP;R1DIHXaz8Lkbhh6N{hANlOv01HjR1ozb0j{_S#*l4x%3Ohj)S(7_
zd>>XEyXL}0sD;RzTgMTh6R)UGqnku~1s^p;O!<}RIk0Zabb>U8A?~#5d9JH07DB?x
zG$!g`DYK}0wBAE*C_~IDIevw<lrjP(sgAHQUs4C=v3OjGo0rP-yt*rp<e*O{YT_FJ
zao}i$gq5%<sP#+-RU{@mQ-IM6e7!B6Nt(m7I`&WhzC!=)!gXAhi+;pFWZGW9Skql%
zvFjnGk#qZjjOd{K-mnrph*6$<EM=+(QNirB0~#l26fm`L@$I4_;ub_n^5I6TzVQYt
zAK&3(ePWz^Hem#{Dw&Ruh@K!H-0zA5kPn;LF9EE<5fje+b7nru+CuK~5y#+{aA$G7
zmDnc_&ta4ZCp()+dDvisWOR<`-7*emtT1DZdPT=J%>+yL6Iu#1a)|ZlHVz#(<=j7|
zS^4(pNovof;4$ymQMw`pC$x?OVZ&e-2FMqiK6F=gZ7jEnW_ch=bmTMKUSOA%zj8^%
zfZFO+cbHhmhc_(EKlIRa-~!z<4tz}RCI2P@yCp)cDXM(vyL|!{%N__S6m8wY5%Ert
zX^(hE4=0^u{3DfFQ=mD%cc3R`_=6cfe2scD=q~3*gX)H+U;k#%pDB!vGA-&CN8_4@
zBIPfOtUprlA_?oh@m_<v_6gi-wFP(j!tPFeAG6a+#TU*fp=~Y7qI8aFn2nvD6JALr
z_#Q6rGMv<<can=cNMlH9%ATcV@N>?k@($I`E?+tquc5~?Y^-(_#Vz{cH28a~%wTGE
zHX9%wQwBC&7f8g}1z-a8UxH^XPYd4hs}Mfm)L3-jkHtQH(b2soEP8lJmG_W7ix`2{
z`z4#|V{x%qa$L8|Wem%5EM(DP<zF!Dj~ko0^N$qSNcN`J34MOms}u1LbR{-Iat0f6
z5QpvHf297}qK+7u5rHl}{}*$f*rDP-Q(|^?5B%Hgi)LkebN`KXF#?yC`->$nZQ5(<
z)Sh0NRNxt1_UTo932Cay&(0CXB95UD6LG+bZz6>ehJXC`37SU}$<iT#w#m_-yZ(6S
zMT)H2b9IC{kO5UN(*DeSM{7c8NOD3oB3mjpJ9L)4=e<3vh&KO$2&+uxv^73>L3yn;
zpY#GyU2(|spNUKQ7jggh1787X^<fD;F3~;4Sh_v=M@qynxpZ|Co<Fm=Ir-YE;eE@Q
zQSKS2q?YL)Df&MFCt~2VbAWjIm%(8Q8Gu>aF8+QKt7^LUl|tVx92kBC3RCR_rS}k6
zh2?NnZ194pnw)}V*%pM}oHjGO<ywxm9m94uQ;V!QaUsh=r!pZVR>_Cnw+*@p+mHG-
zK}oIrbBxm05&$4pi_xW|zb06JZf1S~$O=8*Z2xrf&l`+|sx&9dM$<sa*+O87q3F=j
zU4!#T)DJ4YMW?<~(O0Tj1EuFuz7GLcCi?&6%f-*41OzSs11%Q-59@D!|8nProRSs!
zE-26x=4(3)xWe_<Y3T-~`KBX}o25iqUNX=9@p3&TD<z}Yp<ccuUG)3%M25?w0>Z+=
zaw#_Yqh12Zh9>scjH7VY<^9M*btT^>ev7BeMd4wN8K`VV?)1lMMzVIo+M3{v3}F1-
zC2uyC54l~rIg3U+()N{Kr53tub8+qrCXTpWd33mo9EhH7zN+<wbLP_k=WA_jqu^*M
z5%@+Yw_l)(or)5yFDxV?6dJdrTDhb!U@!w#HgcDq-hPhq!5#c&w}2(K)x3$(Qwc}d
zl6*-TK#iBNi>xNW#E076x-E%yU_K4bJviT`bhH;xOxbvl)EDY3+X&>G2z0+Hjm?PP
z1j@%P_Q=Mj)858J1po{DB6|<m#u2o&u0c!jjy9fRL}%~Z9!)Z7#3!?Xg(+EzK?<Eb
z3me2r_H0vM1r=gdKO5n_QEEq^ytaw3dGn?il+#o(&4HkJ_Ox$zTpJvlTb-T+JtU{U
zSIMQtr6b17SCci|Zq=U1f~00<kXL@}TscT}Ru?HbPpQTBRn$?naa|XPCO|wv`)+#D
z!-@{K0}_mf$46lr##Pt*wFO#(t%}rFPQJT?{CMS=lj8ajmpr|d6<ERaGdk>9#tamt
z|7#^tQJ}<p_)yt*&bo$&b<bSHD66U8C;nwr%YLx-M<0cnwmi#db~1q{z^#bH+bRlU
zy|V#Y)!7pg)Pxj0J5XUqB)lj@dB?qtt9H2qaD(cvFu6=a{{q5=((LpO?~;9oOLl99
z?Ij`e&V1GvnFo>4J42VO%sXHIps+}iHSQfDJ<p>!Ps*6D#k0znrcSba8DCNkXK7jo
zhQ5$#63S^>n{GtkSL}|O*hx3>azE8ud<Y=^gM1zHo?J)Puv|1yav_vUo*_0%CM2YR
z<Lb;`yQS`xg0(&JwsI#?NQuy<(1+5q!yWj$S7c(%zqE;8(hFL(-+9Y03Kaa+Pp)CD
zbP4crFA4*aFZ8(!-3r7iZw;s4<I=knD*1<Myl-_}ZoTV|gsg7m_J>rTz7<pqmO0S0
z+;pR@x&VZ<#a;{akrDeU(0L>|X07S!dr+p;Wq)@h;jm)vP-ipy!<k96&!s=RGZ>S=
zti4~k81ZWndY^FT${AYEj-h6hQMO`b-7kZ=Sh_ysrOL5aM{Amsuor}RjnQ^G)ey2`
z+$Nq^rN2DfR#YF4xTH0(Jsg@l*B8^;GfMwG$>-W8q@fnwa3|?LYgt-)!f|wY!kR8h
zn5U;MRc69?Htl{y1w)q}At~S&TxQGjZ1|u3s>EHvMy}6ybffeN|CbUI8A{{?v;C{U
zivMiQ?iu~x`jG0r<aqo;(>wprUl;%SPo0H_zw-_Kv);c*f%=;m|00F1S-Obuo7{45
zr{x<w*|UR_Gi5B|+xyA(q(AAABo}~i=T23ti5#mb8$rLis;MA@m<vFv>?Iq&;I#du
z{XSWtv-TYo(@5Cle?uzN|IRr7BGtc+=Km?%p#Ct9gmz(>#yQ~&lx~aPx68*aw(^l>
zwcB(g$CK>Th%WIq?1w2YB8#{g`O}5I2~GLqvIhrs=NoJS20vjX6;<nOP67H8nqqGb
zf5MM>)y*WL*S@zZ_He7%m}R!gJ2^1?O!+U1BzfrR_!qV}TpoX`4Tg!`+~~oiYTo2l
z`8NZt3V)C~H7SYihAAjf$V>+igJ0rkF~(Z1bc?slk<u2JTWvfaPwgqJ3?R++Wa5;k
zZJ0$Z4a(!D9#lPY;F34UdI6B~le;|DQ>LJO>nhQ)@Xe~Th%z1B<}0WKY|Uwl?X<wJ
z(MLt!RLhIdq2w^}coX*rff>p*bjuFU?X1VlytT9NH07qg!ke!F3u}Py<7ys2V&U<K
zJOM)2v?8}mWGjV6ClDo+7&nJgI`UX-sZ9d~FZx!lzuKtv^-uHTKRiuAsdYP78gC8-
zjXEWlY$onUF%_2^kD=^nhluADM+;epBtI<)Met`6yiLevt)r`b*y|+oHy&Y`d!~}P
z<7MM!UN$1F&8K($-c>=FG;$kd>|-+_caOQ(6M6TO<Y`@d4+obW-3aL4f!UBqu-rOl
zwo-b({rx7l3FkUm;-yN{F|9}6?N*$P^5|p)+%<w3!d-7ufKc&ZTkFDZTl$xcwu~m+
zB!Y=*y1rjpgnQ-MUHFLnEvgYlj}6{Wr*4wWF_`LIReJYB?D{IW;f^%sy@k^m=q`EM
zwDP*AYv%#QjHA17=I>wmkWe+bwVZ65l0iH2lkCohFJ7px`^yNoMdJ7OI_lD#8{>Jc
z@v-qO{KB#JCKo6GNJbcV9-y<ZyVV}*E{(a{c7zz*8FBl4CVdS3aU^;E{%pu*c3!&a
z2NGK`6v6pgQDECk_6xKqDqG+3L4~?5_suh^{T}SG=ELxsm6LUsN+}bNufh<w3O;=w
zGsLRBCPsWV1Z&(h<3tOO)*|0^++r4(eig6R`RLR+ZU!aDWTYKE)Q4}p0AQlm?-$gi
zX@89SZk>mvZ7+hvs>@#hlx0NN{V{6MGvb=tl-=i^IlK-zbQ-UNl&AOn_G_R_e7Hsy
zyVxv9-!W)ChI5}Gm^R)?8l1P3;4jhb6dzTP)4sksIEU(N-w)nS<~St2JTB-HQB<7r
zT>2`1ILf52H|h)T<XSaGB4sCFX)+|D+h%7k+<)tk?Z-Z`e16+(--~SfvgE}wg8#O`
zfI-TP4&WN$_21XO?wD1$N!Z9NZc^1TdJSaMA}rWj8;ioVzj8A@H-@7|H&GtV<Wg@^
zN9?{nnS_QIQj9-FK4(uL!<6t(++~UDL~)DopZ?16zW}HX%KT2w&9+tB4~~&>?~6Dt
zd@Yjg9=oFZSiDI?1QZ`rs8wtz-hD61&8U;$>1qC${r0VOZeI43C?0lpZV{86d*T+9
zzf=9x1x&u|5%)-FC4ax(8p@<)q`;X1Tdv2-s^CQ{<J1*plnc%sQ+`Ye4G}l<N1$$K
zUmupN8HyVK->=O~)?^{;2)3W%cI#iXS=7qO{2uzPoGT(^7%Z@B3W0sxhQdemCn)K9
za(73#kMlg%p)Wv{8f|(YQ;l9F-=0~m*2<aons|>rUvqDPwAR-|iV|NeX~Ry~nMt}=
zm3X=eLiendBm0YjpW*Sr4_1!#i%^jyD{+towD}3WXQ;S4A&S)H>#w|IY-FJCjZ8Mj
zY{!IMssV);vByUphOO-}A5!>xLZ5JRN4VvXm4Br6os)JZE-JxHB!?F;dc6p^npwR_
zm3KFZY5@&?zo)?&#)wq0cV{P%g$%=$+zXQ}c#t7G4`SZJDW;|7_@-1ZsRwVp(ZqcH
zIm_(rF&$_-*B<M_h0qEH3c`4=m=Y^@qFq){K=1J6w#<w=?*r7}A}cM^1weuwHEMmp
zm%C?GCeD`U9(o%;ngTlHC*kkt-leBI%{=88xjc_D=|2Ea&e<86mkrHYjHa`D2$1G1
zB&&Jg0ZS+{-_XQ)bezA#qI?xuPp9%!k2UPs1RRc@CtfoCOV6groX_MI3z~nBCEGS@
zM^Bo6V-C}0=g8V8cM_hq{X+YoGfAoPXJH!^2utAGNcV53lFpAK3q8mZZ7!B_`p{E9
zl5w3NtC=*YlDW@e^~89A!-pY(tg!weZ&s@pttm2Lc)HB)PEH4!5%qSdqJh6cKnk7B
zF4=zLC&W_%92%bn;_q>tm-?ZXWbrhMkC7K|5SFcKubE5^>C_C#(nx?KWEUb^kRmG}
zaf8yINEH=jx_L=h_Ui(B3%%z-3*ij~@FxUHsp}ApcX?{xPAd~lHZg3|=!J;7Gaz)^
z{0q9s%fI<C4u@+-ZBs_~d@O(at0h;da`nFWeZ9cj{8Bkp;395jhA!_EeFVDuD{($s
z9=S#z)bdJf%{-|#^y&s&H)kSEc8m93_Wj2LRyC~pCfdojr3cwMT#uG)5Y;c-Du1Y)
z+^d{_d}`JiF4`15wRj*(kT&&$5lnW1B;+Lnx0{R0ar`9gDBxg)?~)H!ELvGtMuk2Q
zM`UYK{EM<Q`F@)Rd7QzJ%JUk7L0ntZf|IHH*JMtr1h3}H(<$=oRh>DqLL7D=m&xYW
z_EZ`>;WQ)BX4VJggJJAg<yvEIUBegbA9^*UzVoV2LG-cW3*pw|J+bN_4Fd{I5mIB!
zVAQ4<mmqoug)g%c%;5g`9>jY3PD%Or`ZLU6^pe*l3Z_wBAo_#3Z^!MpI>)B&{d8k9
z0Kn_6@=%T9_Rv=+Q9{`6qEy_R$hMsdX2SL;x@rH`8}^u2@wS_%_`X(Y%^!60yS2V|
z<L2TKEiaDdM&;tt?>45VJP7Li31+Jrj@ZsIj)@pY<r4}RpphcfHLrfX9kEe&h^d{a
zbJ*cv+MusYh^iX4)aZ#-D&I<8XrxZ;jQ~p*x8IKE37n+&d^DxS<ZhTWW(ol%{4fD2
zWPas@tehDyO>kxxp%*k_p@jXco33KgX9jy=6JT(+0wSA(G#Y=O;`ke;kte4U2;z*)
zdKrr17BFuuclUU^t_%yrVk8Oa28Bl7>K-88<ss=Jj%%cQUi3+3TZu1(MA|*SjgAO+
zkqLJcGRMxm{2^rNmbCz5$cwU(%$7(2xAOI|mSdRP?Vo{yF95VkoR+|SbH7<qa3osO
zTp2wy*IKsC19Pggznzp=2R8ohhJDo=q=|BRC-2q1oGD$y#}e{==N%pcF;S=u1LLPN
z7gx!%ccX72xRk*Ls=6)<2`Mw-9)dQNPNwYp;)oAjpCNZFDG=(;!A8M1xTRku#`G<E
zLtiiOi?+!{mQlw!U?D-8?e`rs@<wVMf0{;eq&e}Obo)g+%ah+~w`H2~zcC`Rbrm&o
zdZ^1^=&-x-_y%p~K;eQh4XtZ5p(_Ov`qE$-xW)Z~RXy||7G%P8&d=!ivw5T!#8=c=
zY1gV3T9qspM5U78TWDx|s$X1FkH`tDWEUG0fq0tm%XG-xyfLV8SBqUEHOx@MNn>>C
zxwB?PybMBBKCy}k3vzFM{w^uj4u&e`&+%V+AJitwcsrw;&(*7ywQCaA((U1m#&G~W
znfJV2<>)Ww?Ozg7-y<+7WP>UonYZ?3jc~Ty+JcOP{#VNOnzO1724I>TphnUYMs<%2
zE6+#th>jnk?=X7!B-3gH$Zg~+55w}O>O)Bkh1PeD+!F1i>f*BeME(NX=cw^1)ghn5
z`>zK?!3e>{21u!$gD%?3o$9T8#vGaevT!)PFX~Zxr;3>&Y2kh(E2AC8Q&wI%YWF?9
zj4}VX-h`m1nRm<fEffM$1E#;)toz_?|BF<VBr=AbPu<1Jk+Ew_*FMJ#!~(CQ>f{b*
zQ_u-ePZQlypsefwQD@ijqK>oP`TM)iMu;8e?Nv;17Oho&m)tLN?@GSj89d^`TX9zv
zvRpqDlqtqd`uv<k803i9#>gD5n>cV3K|g*U*OQEeywR59aX0*ks}3D0>T<6xoq{}&
z7ha4Mb<huxphyEvV95{d(d9YXu#RZ%O)H_t6fv9b0SE`j<YLcglsE-Qmz*{M%DYVK
z-v&)PBP&pJYZ3|7Bf0?Gch`Wl?)us&5wK+OcY9}f&u)@0l8=0rPVh;#pZW?4YxVHv
zylq<6DYcvnG3gRcdKG&stH>#h-HiTGx_%CPqJmme^7NfdE5B%-tP7+wsiPZ~6`E8y
z$;~MzT>^1%Cw&--auB#Z%rWjl!VG7H8aTq3Rh|?}Av;DLbSt&^szi*~#OSF94O8az
zo?DKAGGIs-w+!)!Uo;@!_gy9`E$Y7;xfE_yBgY3-%+D4ViH6LcXqlwVa+<RTPBw;$
zEP+2_#5Jnk51N9b<ycy)7mg7b(y>`0z_`_ER);LI7S&ahQLR;CQxOb7CNNs6)h!+y
zN~)(Oc(m+hCUEn-GtY7}oU2H@lH9>K-ik5bED(>6Kkcd&U>3Q2<wI=xL13&8D$Bfo
z>;f=0NmtnyB`v!P0Q{QxdvJCoUhMQ^&jp}p{Cq2jhhZ#iDKU!iK|0mT$x`JRjTV^|
zW_dDHuiZ$sohcd&#1mzK=ovyH!s|PrQ|HDj%70Xp8(3Piu9sO0U(1%&UBAl#-&pZ?
z-Dq~vCOSHTsow>5mev(`dFFV%oM{wreX+{h8YTthS?-zvPQ8$?wD)UP?-=&28n0P9
zWytEE_ee0)C?!Ncp)(ZzGN2!XVQQj7qc+Sq`U$E?HQ-MWi!6M(B{~%Gj4dmtyj|~c
zsnwpAbFquJ1~Xf4Ji3M|B~&ASh5C9{J6H*y@7P8`u$YQx>S-XdlnkkAE%SpUUK0#>
zFsJFr(wwf!Lw(96E&vJuCPAic<~2<j++qhM`N6t0T}y*iZ2WH5=L4vFu&Fmt>((^Y
zbM}Y3X>!`iqdUwCr%LfV_1>wcN2jUXQM1@PoiCENW8+|O2=P0UzPcif7b{(v#vSjg
zbdE3IZ{mZ)zEmd*<*W<Jlm!9pAJRQ+<sr(jJJ(IOidw`t?a*Ie+^nu1qf0ayRY&m0
z@Ye{Lq19a%C6GkHP*M7a(TVIRvyIWTyJL7LLlf07d_&8C*jgg0NqbQpb1k>xa+gN-
z@dKU(sXmr6Ba>SSXqCz8n8*)TUxc#e1zXf!_s;)a@qW;zMO>#@DQmj(76@1+mtGy>
zr|VB?e*wrv$h~;|IQTa0ym-m3uE~$%7Um1UXPWeOqj$$tzR1PfK)}s+s9$gXiV`vM
zc!|@}p76`{_aiE+v%l>EFmx_eFZ;8z(pU8N8Gia@q-Gxbx@h9Py|29Ac2c3w9_8*$
zFW(y@WyToj-C_5nbui+>j6N3RP>6XH{)Pqkj-WJ=$0L@A?j8V0^a>d{+&2&!Z~iDp
zWc*4Aok-G*qA%VsGcuPWz2BOg`(`w3sFz;!%L9`SDd0R2$Z!P(+HXZAHuIAyLgbDH
zS=`ke8wxIdr|smz0Hz?E=93%M#c!!jw#qT8M$7y*>Wil{ZJAeD!>mgsvwci#jwZB<
z<X!L93_5n-dNvy_UBo|={r+>lbaomC=-%c7SM+asa@5X(`HJltTR8ufrpL>7=h=mJ
zYLCRxcHf$F*Ls8UHXDPzy1&yu9x@B$&H`&DLCg$>W#XWc#LbkGRtcM4q0u)O%_QjS
z4EcF!HAklHU)+_5wCd6QXiM=aZD#~Hht!h!>>!pL#T)aX8to~X*81+57yL16+vO`i
zgo?}Snvzh7v=mlD#k?eTl~Q~a)L1pQ|ErPnifRJu_Bf7?jj@C(y@k+WAOTd`fDj}F
z4Mn6&Cn59>LR3V0OCntm5~>6Rq=Y&mEfhnS7EwBg2%$^y=3DD~xKDT8r}MhkI(wbH
z&wua#Z(_dlvZ{i&pLPUI5||c#24Dc$<FuiB0N!qThyGpdY_;$nY22b_>*aFwZ-!;1
zsS3xDsT<^;0u>+EHAHKN>!X+SiTI|sVg6BH94l=ZE|Z$!>rrCqap0mmZ_O^o!aa+M
zvt4h$3cU-vj|byaZ`YU*Ni(rD8S0bFLWy_T#kx{OB0bxu^$n*?yu`UYB2FUlG$%Yt
zX<(7>?2GARk%v1Owi$<!gzxN6l6!tiI6-)BarKM<tE{;vjlox<HIL%-kkItOyj|(N
z305MV5f^3NwS>?nepMX>J?cuq+_RQMOPFOE2r*Y)C*eRgN%N2BEg&OUVv3)*j@U}$
zb>Hrv6c2C$E#n>Ic8BQJ*noI6_ww}!)4(ffoErf7p~eAsMGbQ7QAdZS6aQPh|0Ac}
zs)aHbs(I8*@}ufwk}ANPdOU~tQ?{nCwXtxg(^Lqb;LX!z8M}VoxA#3XWZ0`Z)05ya
z7hZx7!cFXHGiL{NY`c8xvy=NKPCSx277$`60Z4665B;ep%WDG-k2nYX*Hp<Va6+P&
zXH{-&2q`4%Rz3#VjK`ds;ggfg4x7V2*PT8S-}%MvK=}Se$v(l+r&gW6+llWh!PM8q
znnygu(hT66*Pd;JUBlCIUyO9nDSU+r^~yD-SEF|+2HZkPOS&?pV}V1$8LG<(LDR`o
zSBzy0b~x^`o^P>BEAsVDy&6ZTWQr|I_>S%jxa5nG1?jGG4nD{npj3OdOLF9FOvKrt
zH|+A}h29f#oCR>gGDEXhBGkIJb2UDAAmzo}6yUTkZ%V3T<a;5S?i1?sS#RSu)&u1_
zImSC1B{-6d76>|i7j#{kgi(wMr#EKSA$2PKhL6C>=7r!cLLl)YHpiZmp-HIguG&vO
zefnzyoYXuTWY_)O#!E`v;d1O`Q6&`mnB805UmQHWB8CI~p|YoL`%JSyOERochE#;u
zwJOd7AnkkcsG%_(^^~x^*+G4~d|m8K>&~ilM~ySNeiT3+B&VWSz<KH*Z*}2SomNV7
z{m!L-I0r3RCez?Ol8_Zi=>NW^Tc(DvthHLCrZ_IU?In;zDv$IQ-u=<`I<`go*+lS@
z+w2Mx%;b%aLRN3~!Xln9P>9YApZH5V<1#Rig;9meM70S)5}1oNg2>1AB-Tqz^u(NP
zbSS1<44YA(IJHV9ahSpd-|&IH8)*hf(}3$V-gChcj@$4R9v|M~c=tp|=U`k`x%W%O
zV;uRB2~*4XRhlyoWZ<)497N&$^oj$bNTcaSoh11{(v|F|g38JQi1<#+Ew|S`<sWW@
z0rfL`fqyfv1vE?z!(a(aKE504*Ay4C@?)A=g-=n6+|V(lh6SoyO43j!C3BqdAR864
zb`*bFM}K1M(NRy!A3b5Q|E>K7rhbprhK}4+<gN7e5%?*AEFOn4`JQhx(fDC#@woou
z;JHGUfY=n<VVGL0z9#52U9HuR7F8XpvqB+E$JD`NH7K($gjV+(7uek>kYvp<!i>8+
zt~t7_?f(3qhmV^?f3uxtzH_{p*cj*i<x8I{vLYSd-2oi#54yX*N{ZZO*sh^|w9+=j
z#l_HP;K<71;asiM76C0TV^OyA7C!&q@H%@gz~!teFrBcMLrAiit*IK5r}*SfVt9}t
zHRgXu4q5(Blrw}AcSFL2n;wdBvx|(-;SH?_qp;?xaMqIW9Q!I9<3P?j5qRTGP8n2!
zn7#9zihW;8vowsIJ(oR3gXtKR8E%*M_xGRrgM~H)J?r9s6s|Q1Vb{?$-=7fRSVf!#
z%DmrA5oGY}U9R9;nCDTyEDoNZda=BOIzPQ>aTPkLzu2hL7sAxG;r%d%VPm`g;FjC~
z!ml;27Hs>dC*L|{$I=sOy|vg0#Z2_<0rRHQm+nxe{vwV2YQs=B=8NE8`aAP`&2vxa
zt5c@W?e_t^D;#GR-kcbEu+V75%>ZSsA+Fufj=r&^yxz=4bQ_&;&4btK@^T%0gZ@%y
zE$>-(aN>3-hW>8?XUsQnLI?sqa79}NZFy@oBM<@i^;sXlQna9hh>}i*s&o?6y2vgM
zSP6ZL3W}26jeI**8QyTjM)%BT<jdklSLA~u2x}M^;X6hWSBpx`U6rzRIQI?l)k{oB
z&$s@*H6WX}%DZln$_HRs0^6O<gg07Wqk{Pc0ztUcxz=#pIID%cU!UT?(^5Qwu6|RL
zvy|0%5>^<wZjF4U76=tSxUel}0f}L+8N&|uT5Q($eaz2DooHRUo%>{3)}<W&!Y57`
zWhfk%f6wcmOVclA;Dh!fsN?kU7R%EsFop}=qo(cb@#(T;0$~d5@4~lllvP8JX^+_J
zDIqsd+N~0tOQ;4jc28GpbSR=Me3Pt_+$2Q4-FzH)s_M(b9iR~--19IL=#gU=$Q*oO
z#kf4_qTs`rNfP#uQ#5S*^PvIZC0YT;#e1La41)ZdO)BHW&Ed$pFh<I*>VQgIM~37f
ze9I~GLla-PLKbbW+Ps*u2~dD;X%_m->Rq~v)_*CI=PqINib*)mv)_Fc^TR7KQafpB
zKXl1L_NRpFc@ektJFT+AFN|T?rB!nRvR*KIaR*XpQu@@S$=JxY*)uKr99A5cRr2e7
zxaus<B$96LA^pRxy>+B{xcZ!Xor;51UmSPCUL<g`;nxl9LP-0ycr$nPNi;if<0T(I
zVlHPhpR~0s4jU0<O86e<iz7-3?|>dYRdtOWA)<+{o)l+tj*&!a9>~K*X43G1+rLa%
zr5`HX3n6n-bgwmK%kGXG%s9@JN8x6a%r<h{&uU7Q^fXN^PkPQBJV##P&6ZhwtMHp`
zD~Gh0-Dow-RJ2u+>ak`qeG(OIjUNYX%-0>g8PuTP5qcGg!CB4bxcY2n7nihHYLDB{
zq@(RE?T{g(t8x;M_p_Fs?+rU;QDvP4=ZwIrfa~RYpKsJCIXJ}>Q*lk4ugc9kql`bK
zd@6fR8Sl^2)%FOCfFdtR({T9^ne*@YD%w;OE_U3GG#`P<JN-qorb7S8xjAtp>xGzu
zm#X%oi&UuR$gNu<T?OG4{pp6S$Jo{LhN?}pP;GKgj&G`yRzAVuJoRs5jTZ~iyQCsH
z3#80eva}wtHcibY7iX0?Dg$uy8;Rdv5Q=zXsxIC0POzT8s?3X%Vm?`W#RSW#Jf_N9
zFvqmT66Z_R4jSu52|q1Go4Spm%^DXZOP+?uP7i_|EVVw%RusPe!L5}AuyWPV;>~r~
zC`lCVni`MV&_)B_Vv<F^#&B{{Y7qj7dWBu#=8E9ST!r#X++PEg#QJ%fjblXTZ46k?
zR#JnePnfIQ7f050>s6{8Rw=0pXgE$SNn#IJutiv`%=7J^hJhsoX$^CeE9EMPIIr79
zGEkOn0k5R&#5tyAZ_9n!l*V_p)j42`=|Z*O=PIX;%zcOx7qK)PBqNym(e*(5OHS5@
zUwr^%1jMCJ?_S<2&aM);FXUHerxdE|JbH25v)271lDOgx*u;NO`~Cu%jVEsgN0q54
zx*IRHm~4NT3({xgq=$YqRGD(74GUpPhm*<iew7wn0^L=Bv_^wA`o~|6!R*7wZTz)_
zG#j^fUJ9_kWbY~-@?jwZPFMX+Y_Q}~27XzRi3=e<2W(CjvP{WVjkikP)GEiH);qRY
zVcZ@v2nWe<b`jFnoIfZubBz+=)87l@Kx$GiLSz(qHmau{xND!MjI=o!@A|df$AU&Q
z;+#VUhz~0s)?eL9zrIka<OeEJ!)mUDNDq^<dB}}XN?Ml~8e_JbA;?x2{DP&{09P!I
z`WN5JPq(a->g_#2nlA=giHD^DL#kJRduUMm%`M&1@j~#e6V(wx5_fY3VVQ3fn?7J(
zRVG?4r282x%r0v}7^n%I_uVaX_3$A+7p4L0l2Ss-<u`JgBFT<zlrY?>Z8r<sv9IHt
zsxbHZH`{R&3$XEHBa$X+-CgxdWD947+x^Y9l#Z;QEBW|SbnAS9+id%XYdW-o)lYHg
zigjc{9A&UKLjfQ0YoWP1asIjguyZZsE|?+n6TG4H&)&hQ3uY<xTTmD!+Y)xla~R^!
zWD4-kbepCMxFBkcd_DmrdZp)wz^gw#X!uOWg|SaL;gJ9Qw~1gKgnq+IX{o$8bAP_R
zxU@$VQWxZgb0W7d=MOJ0{2^Pm5wds8{V}Z$b;~P-`9(7&<Ikz+a8Pt6tg$1%t5UqZ
zGR9|qlKmPm$=~BstJU>B>jG=}qDq0LG}3^JOV9q-*YBRNU3QT=)U5s`zpmpEaQ7N*
zlqaoNM<v?#!A#MvU6LdQ8~1Ui%$OZ!UU%f>jMhFq>GK!VmduPWNB&Tcn0Xu+F4U6r
z5EPfwGzW5wjJRi~P+G3k^66|;N6oeJvX<hXO)+t<BIc&y$k|}-zG*M>Q!q`7K=y+Z
zocy3T7Km(d=5gDvaF%4c1!NC-T3VQ!)l=6P7_HrF7Q1dZGwqSliz?HH7V!mpR{?lV
z7)y>J;lJ6)>wD=u<^gE|W9p2Z*rUHa9}uT3ZiJIEb?{T4-{^cOv#y~22nzm+%b!`O
z@(YK0VM*GnU^PFNoA+8Lxpp$R8{jA`abHuqDPd5DBGJJgosVNbr^x~##gyEZEUu|i
zQv}uDk+rEa+W(Gc_JWfEbR+!ekSIN%q?z8(a(2`;{PBNE8i9ybmQQ3l$Cr-oD=VM>
z$%yv9UI#jCIa5FC`zoEr!9}v-kNBkjDskF0y0y#M!R<d=qaytjn_)pkx_J#;#=d=4
z>1w3i9mk{0HNUgivh*@VzII@!fnXRYLaRZ_OTbr27YAEkFED-3S6>}o#KC^mDB=^S
z@=5`yNSG!8o`^k)P3-z3<<H-27d#F10<Ug=SUD~t0&Edm)Py@Hp*n)gDBvN71<j2L
z;OTC-rq4>LJ7?r9`)dTB*+qR-=YtQgGcyqn5Bhx9L1{W1;BrMo!Mq-ERm_#7doz3s
zC6!JSv*~SCe7}5kG(vIsJ4Q3DFTyH*rrgb`+W|!?a)ug6!a`+@4m+9G-?522B>Wo$
zycl-ho@k0X79)5E8RI@_Z>6v&srRYEO#_k}36fs(FbBnmzMox>NZM0(6MI$S=1pGC
z9`C$vlV-b&(Rr?9Fth3I-(GOD%VSb)Lo?Rr6W2ZI-9vn6z_DA=NB^B&_2Xx=gaf<P
zN~zLD%i;%+P;h#76M#xgQRctZog9rv#KV&2Os;)WIFQ8Uvf(a#QU2yzeCS$+@k;w_
z;!K%ABP8k6h=YDEw`n6l78Iq4F=_hEmPh1W<Qm0Yv`e6V9bAsq^G*C*?Ku;A{adbd
z9_srxkhyw5hrd`}UGqL<?He(1><rb8U0yh(w<`tYH)7$au9CJSVR&<Eu-Yii2-OVJ
zJ!C<2-fpMhnw{F`k<0;;QHDe%nP%NEoC(kOJKD;Wrq|&mR1ynAMvH=fvuQ~y^|Jku
zo$`%+C|HwUaI@4{IeQP;lp-z&j^^yuigeDi)!|$9nK{uy{$>-cUpVD$^oUziOh>;=
y5=JZ*S9W;0Nc2OKedi0D3F3HC2r-H^M80Id%tp`*mO8Uca1NF`6H7=9R{0;DjoIe_

delta 22919
zcmdqJ1yEdFvo1UlNCHG~3lQ9gFt{fH24)7=U?Dhz1`j$B+?g5NWpH;V!G}Q-+!HiG
z6C}7?-uL|^-}%ou_k30Vt-5umYId!v-fOMyXLa}L-K+Nw{dukZ$F=g?H}Gx|;uG9N
z-MzuY_!eC~c1J+?nW>YTdsWSdps0q6$2%$(A=&2^G4Yudnr0}q8y{)DKbM(&^t>lZ
zNnV|l?-MUCcU7r%mL(H=Avucf7A4*_QO?gQD5_iLsIZ$N2!^C6Zcu=~LEp&9ZgRA6
z_s@i*R;Vu1%7;{aS|Ow-4a5d|R}QHj;{YmV)+}9HhH*|=%A+P&`$iSbfLY?O#xZQP
z5-;4oo_`8O76F;EhQ#os01Jahx=jb!_!<UFN{5rm2Q*j5TJKhGj6QUkQu6(DBs@~4
z<}_r%e+Wjn`Ib2pQP##9%k7aY3OVc~lg_M*kZ@ZYXsBT-Yy0QevlCer)!FmCcNfil
z+{CN$?TpR$HNL}(tz^(_$&}$MjS2ROTn8(B-E>N_!bnBdGNi_C1Z<&>4C%kGo+VIY
z?9RD3?DwBeZsJmm@QRICo=_e7sPA5x6j?ereIu?UQ+s)7IQnF%K2UoJ2C^rBQrHt`
zN^A#EXKbHfqK##3>ALy7WmuoD)CN2clSVm|63TUyHEvkHiXiZK&jl63Kv+2<AnL?9
zOW6^mv_>wZqIscaUuRTWp7uzgd*<%Hw-^6)>*0YWgR45oXiYykcd~ovo63vom0vv8
zaVXO+<#$OjLbW-SC)6hOt7%+QgwIGy(B>9cmKsA4_r`OYkf6_UvF&$@bf9q)H`CRo
z?W-IIL9?|&3>i4z)5Cj_sYGLWzM6Aiit11iHz`?|@x;Yl51K|+OMPhJ6ZxXwDicmK
zf7<80$XH72GusZM!Y6P=P2dM0M79$!qT{bqG*X&hr1fQKT>?lTXG$JREz}Q_R5Nep
zV5K1{U8^hyUwjW3zkRDAyf$K_nA0+9x5Ut8Yn)vZJc?@)ep$Y>?spwIZ0HGr6b}dF
zBNbYE)z7+l(|=a{e0~YYsg3omEWHF!IZm|_wmK%9TgvP*l^#d7i3JwQ-{86g1Vp{-
zIcKdd+KTl!`gjQ-WWb9$fx&fWxPI&e1|i3uScD&GAMq)=5%DiDV@kyrLvBA4pjpyD
zTU8JfOU+xFX~w9NA+CK(6+WXg{qm_CQU0VN^xV+E?p`Guqg%w6#>PPPJBezXD=Ma%
zyzvxs(4|ZtrD2Ewv_6r3rFQPy)E2W}$;u_bd`oK9lbFhM&3DCxB39Yet@BsA;Y|fN
z?Jq~ZQ+D|F!Zi5Y0C$0%_O4G}P!h=c7aHm%A@~ODO)$!lfE+>iwL@Hb*Uq_#2NNT2
z?U)%qKnN=qwQt1b>+#kZsQbib!lA+Ev@s4~gXny@&k2#>MxH#0K4)*j!WC`0*wBT_
zGsRrXQX)1McfF^3(mn$<JpHJ~aHO2h;IPR0yzzm`$XrKt#7SNJIjZ{5iC?>KAdR!t
zM9W3CysN$Tooc+Dfqd5u(TzS>{_?ElC+pSsg7kwN_0H<s3d0Ic_Fwj_vc@#?o=<<o
z?Q#{2@FdoSvC(AF6k)PN!Z^Dj;}o%O)Ics+=eo2jhJBv51@(xK%s7OO$hxQq>~vTJ
zEXp%BC)JJC>d8;#(&}tH`7}JQCkoY&h{H&?;2dtsA)y*_a_oDOz&c@!ywVivWefG{
z%E$6|i|SlNahCvZ-)s%7Nco22B4~7$02G;%m~$%i#~g?dDN5}LPR(i{Uagdgu1h|(
z`KdRj8m1w-IiFRkM$R=gJZ?tGG}NEb+^RES$`Ea{Y*n9>GZM71Sy<}0w;9D=o~M-^
z!8TBTmpknHGpztN7E3jA!`rxlFD_F3I8)Bn{{+2Poxv5s8x6qg%+)AoLb4n3KU-0D
zgyR3QmaHG-++*5wb}s>y?rGa}IgVq^ZJViiO#wemQc1otNhp3P@<dEYsCwM{#{}(1
zj|W3iWPUbjo*UGi+tk}JbB=g<drS7zIv28yPqY{NHF8-gXnEw69O^mQuJMFeKZA<j
zZa^vx*lbVMNj-O%$}$aG*)s+eO(^T^kPRHlk9-q21OTi(?TXra&c=mM=jqEbb3+kY
z7B47dRx66rH!lH<7u!BI8K|e%o-%>T2pRUCkE<RaqAvj+(n9L7udhrosk;(Ubry8m
zuv7Tv>NXj~?Xa^tny%z$Ken^lMG#*0wsRAz-(@Wt;}9_{rX|d}+4YuM3BH@lXG4-R
zPP8)pyV&7Nz-|xJuBfb(@pV>V6XW}f?_c~CJ_JV0E*>6{2SmygPz`K@1~#cV1WIeY
zNIp}?C+HE=I*^Q)!d+rWfu5n0bz?r1%}j^|sdqz&(UTN{o`+qt)n4Q`#zATY!ZFiK
z>?{R2loX1o>%tKBhqKeho*o1q{wgBu?Fx!Ns!{Ci+*uv<_FSf>rLp4ytTiOlzBkp;
z1{gVmc&25PhQ}0`m&V1O5BAuGPO^J{p2*A4{f5wI+9;1vW94e3CwGcF7N*mU;W!-t
zTlzj<<%_Q#33oBbEZa4y1!VM$6Zq3l)NgI6Q)0&CIe8J%JEIFRe%dT;9CaGYWS$RI
z=`-p=UVdaCHS|C(uo{bN*I_}&y{Ek{g@cXat7L_t1zY}a00dlD;EEuK_CyAXQ!5Z8
zohxhtJHyC|iba@cU=9*F0+H&S6HMe7kb^^&*()RD<TJw=7}7eA6B!wY4R&@VbXYtN
zktojgrwn@{BYdk&G{Rm?1xa}g)7=S)iD}<#@B|4C4bd|;?gr;SaK4tCK~cvJ+-?ke
zjuk$gvdsXY{`pS;0OAqxZh=_?Pst<6U-nrrbJf5s`^B?Rsahu)tRAOKv?4%mHn#5O
zfQ6y-wn#K4$FR$`G+rObI}p{tUg&?gqfQ;eOPki6lSqvWvrXu--DCof77O1g?lZ)a
zYP^H?*1;doX&mx4jr1mOZ~vG)+@3thjGPb7%5Q2(8c)de!f*Njc=+&5j5;ZTSWkPx
zvcfw&czXSq>t;xc)P*smhR<=R(+p@jR)?>-d*oEcGsmR4%Ptrn9Os9$=bBA^>UD>c
ziHWy`y&*zDyA5wDY9B9XeS<8f&hjG3F>*YazR=PC{>yS>jqfcfLv!~&zHG&O_7+QT
zWPfAbqf<JWr}a-F;&&?lSV5@UlLJD$U%;@b{_{_p6ol(WlvRnRS+8%<=_mZ&?|;@!
zJ6U{+G-q6)Jbbek{%l!6wm`EO<NZ@8C(0FBpEeWk*TYkn!J;?b5l?Zm>2^OP1;fM*
z6i3&eAW<42cLe6Z5N3fH-{3kTHyhJbbt4oL@e>p`F)c#wfSmDloSr5`2P2~Sdg-$^
zVN9};WZ*;3dxEI*%?O?nE~q>69DD6bLlBY7!XV{2FY{^b%MuqMO@1BJ_YzGXC731P
z+A2TbkKc{K@X<jBi<VXCCB^g=T;ROL639}Ypc{<Ui=oEIH|*#UZ?$%Vjk>;91P&wi
z>h{kOLx<sS%Pf+!{L<aS?ld0i0F9nIGTm)7%umT)R8pS0S#=2*YuJ5w32^PdKr)Jo
z=5$B!$AaVO@}~6ca%Z1%a`E*k%$m|x2-;l&utCCAj?Z59yT#!y0adK7mw<C--Tfi#
zmqN`CkGzFU(^g%)$8q1MnJxi42KXjZiMVY<Owx-+WAIM$C7`QT!^G9bh$c@fCzGuv
zABm1zwe%)_@Wz`riWeFd)-939Vwt8?WIa%H3ApldUa;LOLqBHT5>=6`Aw@08m}g1#
zZn89RvLGO=T{N&g;ybl7_BpJ%(P&22N)6;>aO=BA7YWCyYC+v=b3y5g!tTzRT;hY;
zMOe4dyinSwy2>DUr3~_&fJ~p&JVJQpQ@6<_;NGjYH8{gu6@EX+Uej0IFWu9sE_qcF
z0H8MfBOW0)(mA8Fl=(!#P*kiTKl3jdY;`2voMhMf0C3AnA(7WPTcvpU@!~q(`tJ9{
zSUY_s*HStdP^To=>Tw?>NOp^aVt2fT(TJIM*jhkZyYc*KP5Ef@E%=_;SbkheAj`K|
zoaHR;-3G6y9XeF2N9j4Cg3|ajf?B<?`ceP!cFld=u}@kf(8^>3(yU*dS;<01^4x`o
z%6E6Cz~<@v)fCvtrn(sy0g~$p7KWf*EuTuv09W)9O)QC!EM?5_R#;Mj6<d<uX8y??
z?433me;+KN{(V;@mY1bJ6-068aLVhe#<-f1d9Y+|Y{;*9e$$N~!YlA*#75iByUDl_
z?2Z;qI5JPIWnw;?J{Hh!;_1zVV;%^TkFk-?e6d)crqVUg4^esnDdD489k$Izl@zdn
zov;o}BGN#fu|^8tjwHc3mCC|CP~xE;t)4RYnkJJZzIpSA(`xf5D*7-aX8_Y|j!tB?
zFS2-4%f!D{PQ*q*`Sk>GLCPo8ZwX&D<L1b5Z%od%JnyJ&(T;&Yv7kAP@$GH{`VC!j
zXH^e+&O!P<TPj@Ei|3Ylchj6yt&mL~$~0Jw7bS3F*4G6BciT1jm8R^gtg+RoPRkn7
zmUTX(Hzw<ko7ExtdWAc7U9%D_VZatAYc`-PO_YT<as76`TLa<;c~M1U^Z}eL-p8nh
zF_NwFtGSN@m0b9H!GI8TnSAHeo?=iF$CgB-C512^({)=TJq2zLn#eOW=6qC@5egDS
ziU(SQ=<@)f(w3B{4W6pPhuX<W4|{kj>*_yjtx7Bj-yf20*5eVz6+dpZmd%HE#cgGv
z7d9PSbW^0)?GPr*wdED|5@S3`8>-*FXm`su`=lAx8M(b$1={IsHg=z&s+<PoR2+uK
zeU$O#Aiu2fZxBj<nqa56w|{5+K=_4HQ*EiKygvquv=b0oorXp63^>rJq4SXaquw5g
z>90RM!OJeBh|JL0yOW6V2^DMffEhR<t3VnXk0x<i&zXkWmZy?g9WY#i@p-F1q=E-n
zd_sFgf3utGC{ha8&E_VCNt7uCKi|Aj)aIith5(sGM`+s*V9&vWu_yT2(=r5z&iPox
z|A$)DPO)?i?@zCXDx`A1CXQmHrn&Z|N|HMN8e$cy7#v_T&Dm&**0!ZIy7vh{6#n&3
zH@NFtDwN#b&%S;ywHs5B)-a(humR+uf7h`YTO3d0MnYrqi_uym1t`VLN*Xku#@bel
z&#3Xv9_NnjEbcp)915Yf?{it7X%1_%pj<u?;SIN$I$88f_wc6wb={J&kQW#)X6lEK
zu}#nw5td8<8M?E&d^Rs3+_79{%zNmVV=vUT0;<wuG>lF&x84xR6?3aTYIp%Ym(bOy
zq!O+rW@_GuG3^ZRh+vXXDX1>^MX3%IA)E1uP*}|g4z~F!F}vY16xVv!1Ek;2znZ6^
z-0d)*EpOp7KGrQrRTax7C!+ZgV&IJstrj*~=^PFqCh?GBoN&cGTT3X({K%rIqvUI=
zB&l#Wp0~BM3u|lBD1Jm8Lzz;^dobfN`QpRlPIpS9$?k2|m8n6!h;?_gS;cBrC~vG`
zzL<-90xoptePotXrB_Q2h5TpG`6kl)kh{KDcXtaPS81caLD+1IkK<joP%%eLxaxxD
zl%HYM#;A#BoYajq{fE84FoQd*IW+Zk4J<9UuLWKVuli;sD7O-ON61!}<>on9Dlo~3
zb197fa+AQ*WWCwx#+%zbqCvKR)VF8JBd_%3(#;2pUAwvJ66|BDk-M2A*4cZg?kTOI
zY9Dqizc$$>-RVs=Q2k3;n!%I6sdhc#=PCd&xES;H5rU`)d<nSSxOMS~@e;6Ia(fJ{
zosIA}a=!#vKez-O>iFAa{HYuNasi#qP?Yy<Sz5T3rzIOn$^8lklh}F&g|MJ}b11!r
zvmh?de70~gBz5X{pWtn7u?;!~<d<3}FNA$4e{V$%+E}S!jP)RyQKxo9?8Thp8;db`
z-uuw>Wv!Mo8ft`Gl(^o7;BxcMqq}<U{B?9(iU48dxRHV#yunt>#eFQ@xKCkRTPZT%
zoMJO&E+(gxYf_C41?4fIuxo?Ge3~;-s2h|%t*Dyli3@t3va_D`SE<Ub2Zn~G{D>SK
z5W~!#EAb^Dp_a=nph6Q-R4VSS^NC9zR+YZ!z(A1<Rd#4D+c$XTp)qz$0ygcUg@MEr
zE&&~$jnD1QdB>i>pciIND-vycNDahsn2Ok2)5)sBcs+wY8(ior)=3qs?z1wgmlWKF
z1Vc`4YZTdv``HX&`1f>w5`laAj4FGVxOm=KDCs`csMB(fGiS1Onrmt-TtrUReMQdr
zj+RtExQ1+89d?ZKDon~f1_0F6{s<9of=z6ac%a)`ua<GjzOIQ1^jxDsX>8LP^};!a
z$RYb+Tyr?iM71p}bnz(LZK7_9$fn2YaXZ8A3UcLPP%6xxxtnCIt#iCOZuThd{PaP?
z$_t~-mL7`}X}z60^eP+nBRi!@jfQm>e9{sZPZMpIG$!7H&ctzdzTG=WGb=`X@ZYaH
z;Z?P8;N%6xinek<!?BzKlPv&XCC4H*{dyO6e0j?TLWF7ZRIaY%JLiVHir%@<CCR?M
z?_{Q$ZhB>z?pU@U<VtfM%~OVp5R9m``6YlG4hes+QQ{QwWOHm_^)70eN{QNqrnV?H
zSdTU|I+w63)$o=cY)BX-goxqg<>k~zmf)gTR`ptifORT52Sp192exK6+){jdOvQv;
z_wG0rnD6^<Ck(l2le4XlrWvtj#AWYk(WitxRR_g^L8E7x{8@cd4iZk5qbL_s-9%0Y
zQk>%;AF>L38lMv$w#WUJOUSH&T*7^C>wAXeiXFu^Ywc)V^i;AvqH)@gMbbu{*kOU=
z^qiT(Oeq;BkZWf7TytE|$_38ao%d8Th7MZ9$XLUJP9uPna4)ra2%k2M%w@gQ7TIwn
zs0{1LQJblWd<b41T#kPvu9T#<lybKC)ko>@5+H})d1YPK+w!TyeWgDBsA_PnjoaBd
zIowPS&>5zS+f#mIFkT5K)F-LgVFsx(3Cx(z9y}r|p*>^Ts5^ZUbO~szX4a<X`)U7k
z`qO~y_~yvnk+t|l^4#oIW&Mddk`nt|G76`p+*A~=<13go?9;MPrLv7sMlA$mt<jPZ
z^Og}IZKx+4AeyC)RO~;>8TI}0l+yDOz)xT!#JRx(eqj&>A2)ez2j$q*$zmoSv1E2V
z^M;griHjR>$8G2nVYw#5512O=`_06|JP36+@@9H11wiZTORYa{2QM&or=n*d`vvni
z<!Tbsl~5JzF7rp%3nW0ji|%HbImd=y_*_vj?Bt?;yRDLS3evMYN$WZmGL#5a=i6@O
zOQ`;3N0}FHBNXOS$-Imt+B|WFqhJSxXVRSB9EVR!KL9vUST-PVOQpY3G&SKnTv}HI
zHz&j4$}&c2b?kb$GoRDBw=}AA!MViHTo%Rqd2k%S{S(E?&LdEtuXmx#eK#E~lSN%D
z!Qp%-&Z!48oEqLqT?^iW$-m1YAxsL#Vs9IF@tLQ6XPtY3r-6FR#B}?7#mCbj(zhP<
zfbHEKPh)z6?9^g_F6t8_FRGVK`}%1gih*4SF}PV)>GMSibW>?KWri+Y?4Fj$^UX%L
z=gE$kyD8mq{VUxp!YT#cocj$sgj4vI?~Fy@&aFWPU!%CbVIga;$5eTP!z>VSJClb}
zO^17`&cLl7AFc;Y^W+uc5O~xwl&_s#x(knLdc*vTcLvVp`lCV^G7i2py(YAQZYFI5
z5wbByqOgjZ0;ulwc2_TjWl)wLH7Srwy#ya@S-J%AVDLM2EO|q4|9>~@iO0~Kc`V6J
zm=Rmw*!5Me1(>D_*T@Kb^{AoYX!SG)ZElH_-rfGv<jVoj$h0~(EEe`ty9h=>*%bd3
z9Jmv|z-HkKY8kee%;RDh74lACMbFA`s{iN}-W$K+{bJxRyx-i4Xr^u^<(4G>rO7%P
z?g*=tF!rCycOZIQRA~3ptL|=IYS`o1gtXit(VX<q*Mr~vQOpABB<GqaCuUy3asYuA
z&y|ab4IJuY_)IiThZehu6I~i!Q|UG(nql_DWPMb>gEs&+U-su)jIUI6B{|hZH8U~6
ze{e71TwQA35S;y6ipWKQi0$jJTDku{(Dq*6!*>=bPHV1tX8ic}G0nrDU*`M2Tg?VJ
zKcn1%O|duL@ld;_g>qzLw)#_l(j6$2-MB&NVQqO0H^nENu&d4@>1E<;VIaGKxabhB
zI2h1|S%f*0fvg4XoiXteK=$vc?m-^vGcyyxylzk2_iwfU@}n!&<q<UeH}TodxL$zr
zXJ`6<#845ZeMh@<4^N{7I0Pzj52dszoh)>#<43rZZSw;-TcT|=LBear!w#%$saS&_
z71R`qK5oSuFK5SbdDY>G557HKh7*-7*AEZFHB=oFdi&qFKhY>JaD9!*a<yS;3L)X-
zqOOQw!Y=wcGl}k%AR$B0MzDXzF);(V$b9J@r5b{~MKA`bG*bM+-6BdZv)4kiBgRSh
zL0C4v^At4aaRfSRF-RHCC-x!=av~qCU0q66IPkcWJ8u<&Tkgs%GuaFPx)ChEBj0Ha
z>#{nther$?bNl(B_QMqaiqyW(&5fDGY5=!anRqw~SjE?ahwS@<uYLni0T2^}7?GG5
zLrk6c;0FP|9kOcFP&`sKl{mQ8BURv-E9T*1<>y47Gan}#-g5$|>ag6)I|DTo{mqt9
z$|n58Mq9_uKNos6{48jddJvHpspu?qpJj!H`=ui`Kk}&%(^%uGfM9^Gw{lTy#?>>8
zEvw()z5hr;{5Q1!gCvGf+%G62?OruvI!>1Jho)O1*L<|a8M=)aO??TF2)S@F13auB
zRMm{rNsWa?Zq9^8F$N_I&xfD5FOTF)?-$nrf24$mhxhglKDR2@(Dv%YIr(&&i|*&G
z<g^gDlLhy}y%Cshn_;Up5EOQVsrCPR;LIg<&nI7a(Cl>=;o%_>D}oz6;(!VMiOia#
z^N4L=88uq=$JkEx9wC*&T_u!@+JvtK`}tI=ZZ3QpCPPiTL0*4L<$DwwhK*$KN{QhK
zSxHPEs*`5jXXRwtW@2=@X0#<-dh#~tyg2q$^s4(mfTwu$pOX+*i}GL5{tuDv=;gaS
zuZmDkG2_bgL%4*PKCHDs*MsO~kXWfM0@<KF(ufSSFIGT$!JV838A`AERE8l9Y^Q2s
zm*0D!L4<37%Ro5UEB}aful_-{%G)c;jh<o4E<>I=)#aA02v}r!z*UlqoQja@Z>X0k
zqY^~&$$owvlYPN;E`*9hp)Ho~K4(0VN8sg9f&`vTJAZ`kk;&OJ52~C3+qvA;3|zFG
zW|#*Cxh8wIpYu2t)uAC+p<I`G7vKxt5w?a`I`cAhEY4HzAIM4`AnwLy9TAm?1pw*U
z4*0ZIh&(MVPlbAjtHOhbMze)bhPMwjntD%%hJjg4d8E!^ypmm;E?!joi4O~(BUBB>
z!64z61Ddx*Cc%B`PO^bH@hPRt@t!C0!GCeDR_WNj&3$gra&D7vEKkUG23%|#Yx*)?
z_~!YWKktxVrq<yPk>w^TVlK)J^{Mr1H*=cVQyeW5vy`8evqVJK(a{<yj`VT-a^BvX
zb#Do4hm19GeGZHfjk*eH@iD{_Z7f?o2(+;x;e*=_(<XCyo2s^)P4b_2qF7#^zK|H6
z@$<cBc(nDUb><#{z3c}NYyG%P%F=<Yjd8GOg1eohHL45xJ&{qNDw)x$W292)VEZuz
zfVg;hau!{ke~f3FbKDviarK-hYDbOgOpR*GH8*c*g~a={)80pno{7j*SCw{bEzMNv
zjC#aNlLh9;y-xeqndDZJk2bf@kNrM*5lvD4hot1O7u5W1>jOVFv}K=CU!61&C4Bj1
zdHAa^GvhBL005#91(}=AWqvtS{nF|Bpt<kzQ~v!WKxacn+s^P$umAvErgfE6l_(b=
zg>R%H!i-LcyrV?FyjqvWV_AbJwo1ZD=j>o6<or6QLtn73hFo)bRqFy=AHk;OU0D&e
zJS<CSPq6Z6qQgbA0Ak<fN$tUq1N^{6y;}4&$xYEik3trYZBxPWS>S9fRQtVsc2cum
zO^K8y%i(ce?c8aYtt~q(EaZy?F-P55hV&Z%;)<!8(xDglKV{YjjMqy--rmn@d)s{f
zq)PXs=q2#wUp!xrwHJBdsJCNtTs@rHXWY#<Us4W@%BF82S%;c&1I@v8bj}1wAM)Au
zv*m5`ru?#j_(W!z-1qpE%n8Y(2M*Ip8eydaq4fT0Nl#sv1$i-(oC+TeXqAt#h}jT#
z0J%MP09Ta~Kf&5D()pO*+IG^L5tjO_Uf(PuRxlQ87_!9d;s^bbo^#GL%&GtAf|gtU
zC$+u{fuW@G=8J+ps@?v91KUVuE9!gH1z=mYdg5)2N6cY*j?t4p*~j}$X9M<sS7*H7
zKja7CtCpz1BI4n({yf_K0pE3pbJz%hprBC;BbEk1$CA4)yoW&BE3o}eiF(+ETP$CI
zE<`jTAaUOB#WYJwu4}TYim{Bl@5R<a3|ek7j(>_G<84R|v_vju{dx@OGF_z37TXPF
zV>caB3epDJSoW28W&TQ$j@QNzdm^4mR)J)#dfe~atO9~dj|%M=)MLV?P*hz_ByeKG
z1DSj4^16|3rsB37#n^yKZPK8wjO8<U(zxwpxZ~Fw*QH2sIch7SOI=inFC_D|@#{!O
zytHy>wA%G3&NT9#GYKrstMZ(7;goDa@~hOsMjmgaLirsDDgv2$QN$CY^@!zN9f#Ld
zk&l|t?^IK~v!gN&p{{=_JK&n0@dAqWqImwIMoW-5o$n_$;!2Yp5&DHRxBtZT>M|hs
zyMp7%{I2|0<XasDLe<qs2pA4pw5nk6$QW8>czI)}<~h*e`AUgl3MC_ggM24TKo4K*
z1VJBO%Yx}-tJIY5>NfZaduA2G*@d~;%3@3Uy8CXzKx?;SWg$EHqOwsz4|~>iHjKs{
z|LOuruph8)9Nh@jWbKIT^u0(;0eB*H(Cc?!5FAJ_sGL=C9o~E!xtSOpJ*Sk=qD^Bc
zLIJi`Z$v?AM)ziTv8;$n-0;qD&f{q^15OSm&{@;HCx6NI;Dq~#_QNHhNC;6_%l5m8
zylHsz*DVC8Xo}e}L-*c2m(W`N(>Oxf^{o{WXJvTG_Cs8Jm@Br_ki0Hx3;VFvs9d8Y
zck%9qG_SF6l4b+!sOxmB_Ky0#*#siX2%=<R(H}g%RQgmy^<7hfaY|}`yxTRSk&p)Y
zxHQuPu@)jPrATca_L2=|YTCz^1^%>~%oZH=nH?IiL0xB9^Ep!|*R(Eywq=4T`N$s2
z%C70BiSmPI@!|oms(YSt!MTwQq}|}vv)DG7s~9flFW&!d1&F`AI=k8i&t$T4isn-<
zmwhhZ#8;E5>^V<;V#e7}XI3P&iLX#=>cTnkUcomfZ%^|e-?Im5?wr1^nv`DB1d>D$
z@Ikd+p!1{ZhqIWOw?WJ#PyU+Z?^p4-xL;bYQYsp&!mcyR**G2ZvE~jNLkhrhPY{fh
zN9NsEFpIR6Xy3hQb)*TZ3@-&|icx?675+iIQLA-2+38?>(a=wo+yg@>JPEzs8;;G^
z&4keWef0mRgtQdpA$fCjBG~1+8=a%M94pek!t5Q)0v30RPa{@8S5nNMH4mB_YCYQp
zgAEWd+u(l;^tT4%zV1(vw^zDua|zJ4lUwmL4tM)GE37Ht98!|3EI8a4QU*QyLWAl#
zto=OiP2XJw<eVL9+>09S?EY@+G`$N7(<M$&a$H-hefP}c4Eu=WZ{uEX6MkVHevw2(
z(;I2(s5#XH=Z7MIO~M>r#LwV({o$W#<6mMJ@a*hGzOg&APU5Nb5jxnEN|<{#bQw^c
z<M1MWx$lOEu~iRx+_S)SHJVQV31)f@mLm;-lh@<39ZZ$iO6b@K4M4R~4<lc1iV7$V
z%E>)Z?_@KagX*&E3(tWqEh?^@BA&aUBsRRS)<S80%uE@m;8`SkuiDzTu6d=7F`ndw
zQ&QBsPbFbySCKR|m$-BVyl|(<uo1@{rl9`p7+e$Y1uc@hr8F!T6sa!qVF31&INd2J
zIC#kUn#(m!l$JCX-!^!Z2j9VhPsQXL)#<VM?G>Olp^jZ)w*<Z-$gQ`twD5uXl2z}p
z{I|TdM-%`u6oDiUp9HC!Bh;3vhgHwUot-$P^HYjb&vv$OGRpWK9?^ie;>wt#LptwC
z$jl1Gg55P^l!YXh?lT}ot@T(Or$w5s%{(PHb*@j=l#zfh`70Ai%Xe(^(JHPpFSdmZ
zwX$TSWFUZ;rV(FBtVPOM)b$>F3kJ+_jh*zuC7`)FG58Yj)`<2@V<GKh*ag+MKV$&^
zJ2DWbUvCsS!gNTzr#yRnME<$03rM|5)wU4Tiz1Zdmj8D|`}mVP8xd+KFv*YTxc?hd
zs6PZo{CfiTur5pn2J0z#=<e?kwSHjf)r@goUi_)=7aixlZ%<>9lbr$fW;26BNeoD_
z;5ltO;(ZT!*7Di>Mm>K?TrWGVQ=@1obl9SSBRr-eCf<|U_+D395u8Qw^~tsy`vXg$
z4aAW_OoSLYHzoD~nUE4+oo1wSz;^67s(K>ds-&Y<Z6FmN^nDPf5HtSq<tA|d>QINE
z0b^oF=Da>Bv?psI8t_mkM%Y&_nai#}`IV3{>WwsoVUOy=iSq}z$9HJ*<cp|^j?m1{
z*k*yB<IJ8q`H0rAs&GmJzjfCdiM-B_fHU*<`=`tq3@3H-V|DaXLprVa1=$}uo#qeZ
zE>Cp4l@)j~Eaqk~lZW%mazB=@e}yuUq2^^-vZ1&k0*cRjych0!R(aDoo-3e8Slf*5
zJqxw?vZ=22ZIDydGMs5|WIs9#l_|>2{Y1tO&((1U7U+%7cVt#$fYCRG@lueTIEFn%
zf8GvS((HkErVm4}9Fq^KLV}C$kokW;10jF_H7d??oh}4*Da`ruRV|>b`+sabjFf~1
zf;Kp^$|3F=N5a_f5ovY1(!|!#`p0PkPe~mW*~RV4JZP`7Z47DYId6;rTC1p!lAMUs
zn5zoG<V4s=f@in%h2C{BSnRX0WUh+Hk4U0aXMXNNe`?XGUBMX7wG&0WH+cV!mEG(7
z-!F&2-`C@Lu`Ra)V}r4yF^#J(%!&#*Y-De7tdRxc*O8+5+#xjtDen-t1mv5Ze?;Yr
zTOg?MfU)qnDx0UX<M3QgT9sD?FbCQl8?(A;iQEC@#%#e_!v%S1MW)%|&3Ec)YbI>1
ztK}QxgfT{ojhrDit9&{wPvCj0M!6>vT=KFrthdWvja7}XCJoQfNrTY^j+9;otn2k@
zPjeEslEoPVmlK*L3~g$1vdIHp_C!8;=g<2nSs)a;&R7YZo&u-V>U*Cp&PxBL879Bk
zE<-d5EvbWw5Px&`cQgLK*SA3bJ>OEPv9vEbtIEDq9nG~E^W#$hHIYc$NY_m{7Ce<I
zZVA$BBsJmA%8|K?PI~>ycX}TBt%FEWPbJ6@v73uGH)agE={WB%lkbr29Ci8Re6$#O
zN~`D&5g7p*B7HQn)vvO-Mjym&uEO9AQvShE&8d455iRYX;(Tv^=3%L}4L65Q&N{gb
z@U^g+$9ace?NY0Z<ww-K4q^msW<FzG*hga^1ODL-s1sC(#^9OnZIv_4)^!ksCcOVf
zztUBy6Bz>MV#M84(i~sl#SX$_GiDiXQUry_YsX+%<P;Oo#L12%uu#@o@S;SB+&W<{
zyXy~aPL~yBjMu|Zo>FwQ?(>zmIk`_X>R8GK1YrGqX2M_WMyGq5qMS7}-N;hqhYJml
zdv(K=V&vmAkc08eWi04k0-f$0&rY~!z^2^NJp@Uz9;GKq2$!PK8;g3CLZc7OVYx|T
z_;)FcAB`qqE3~qTdOslrL>NmfEoVBB%k^ObPIRj%H@s1r=zj@T2&9YGS;Fz(##O9$
zZ#!>HG^a*ra&{<0DGMew|01T&4EzLj`zE|cYp*cxqv6hj;_7iCAe78Tu+~RhFHDT>
zO=lhREN0|nrC&BkJEgWm@(wvOF$*xJtx5CxB46}QNWn1LehP59SJs8;lM_+H1?JV|
zSu+FZW6Zr?nMAo6gCsp>H9gld73Q^p8=KhV6{Wy!jS^>xfLcZ8!LH7n6xZHXSvU)(
zc4l9A#6F`{<(tbN{Ko{aAjp)~FS=#~O>0PI1JUJ)0?U=9Kn#I8%AV1<OX!teQdo0v
zn0*6rto-vd&|-u$$0Nm8r=!b(B<rIHNP)SH%%B;ow^Em;GO_O$iPqr(c(qB<U4C!)
zwa^1u(qAvK_t{#%yZ@tAYBS<4d5#{?Zt9t;0d#pYhTK0XQ$Ha!c9mcZ`Ll)k45mcf
zDQl#Q?mXAcKfh{G7b#Ef9SCSU>>R+wwkbocj+&bt1$t&0N?wI5g?pp?H>|LA)Os{p
zGX?6znVp<m(BN=1*dS`9B`+|yY^^S!JKbO%k3LIttwc;Fq7)1VH#Y1RS=4{wBqemQ
zpP<&D(Gy2P;{t<64bj;$h%2@cf8+bugRmprUa2KyM06Tw!Ky|B0-X>=NG&8)&qc|Y
z3F-V`upEzNg|o8C!9la(QT4rk;kuPn>4m=-GKCIh|Jf3PH_`ib+my^p59H%>PZ6n(
zc}0CnI?eoN>$ed{Z;%sj2C}cWD12A;{q(mM>ZKed;crl)O2Jf!-%vAl70^kp__k?T
zIJdO<lb(;e{hN*t$PK&!sa~W|ej}F7CKtPmbC;H04n-L%I^SJR<Qx<Ec+Yj3{XUXP
zBUu-MpT7RfX_C%IvsTG<P*{D5GZMp@<q_h-LK7T5g7XdUjk2$!S~EF{@#436cU2g`
z>-*`}f5RK$Z@m4tD{B9Q|3$B<U(u+a|HRzAf3%3kayLCssSE2~p9*JCm6`L)Xs^pW
zv)vB*M=S78O$r|~X!cE3Bl;)o3Z{a3&!>(q9$65NH}Cn!(wJhIE|?T!b~UW_c!I;D
z)_8lT3YSXZ>&L1Uv|5KFJyR8cwUKFXQ$di^{rG3Lw|y(s?Xp;j>AQ{j<4&o4nd^n+
zy3~DyI=@hU09@C&a$1zQA2LCdi1kH;rP){CdBi>7RcT-6ML#NDL6ZI2dfQmpsXU=*
zF+A@lebKr8C7@cZDxyi|=jR3bC~(iw+Rryvg={GG`(y}wW6v|urb~b>>8Sw2jqSZ7
zCy$F#_5(}lTk&*NOVX9Q8%KHFzE1!oZ+`bR>O%9~?RoNh-r|XsnOCJ@{NpV0p30KL
zSPV5MAtVMP=l7nOnfbU|UfBw{R$~#DAr!n0mQcRM;F_a=+Z|iJr$1Sr+ec$kiAdZ-
z2e_=FSoTL-3rQfaE)=prGz8&=p?*RL((WR=rBa?;uTTYbOkAHT3pGa_^L|WBB(0B5
z;0eoZ;h&PGQs(u0*}@LR$oNTJHncg|@F+jHH@3k+&f7tbm)vNyTH8Z&U~rZ4uu;|V
zo%X6;ifsZlxuA9J_^V>h61p%DLQ~o^SJPh7nq5WKFhue$@6L}OjKbYn%VL9>YsE)#
zdmD?-d=qrln6diQe(iG94w4;fkeydkqTfN#y2;rurc!~Qz4JsJAnx4?E^3aG3bJ=I
zN3oujf>n$lnq@Q(vJ{ws24_h%FYa^7`H*|*=IuwJlTz#xO37!ADYhCB3y!9HHugRJ
z4R)4r{jiW@Oq&yN456w2V!#dcU0jlsk~@zll9E_`Cx=Wk?$n-9b*6qKl2~w2atYk&
zy&X#e;bvubO;?Z?7?2Y#pA-v-P>!(F>I!?Md~<j6xjWZrsbg!MR{U@^@o|AY{?v}j
zwu7a9OZT-9<7v9F8r2sFI2yG6YfjZwci=z*nZ+kGBIG4;eyhRb_NJ<$>*=j(?i8EY
zqg}Q3rAn1aZ1ku(ug~0f!HrORl#>BxmoPf%Dpz4M>2FMFXc|^(_y(Z<<aadz0Pw1m
zW#0TUUY|J63P{lr967qLeNlp#=Fsb&OFy#y8AYg&ZFc5*^aOCDD&wlAMEnL{^Tk7>
zs|-NMd1BOCT+E}%!L0`icFs&)(O-6va@F)-`r$uLMEG)o9_%jF`dE#>FhY<W^#ZP|
z#k^%vy&qe0mr+GD3;F<z;TSSy;)A@Y``rXWS5rYtR8sun0gNhO_7E=KaAcKG+{zw(
zA8^5p)*Z2!*DggL5wD#p{Qv;i{QgI9@V2jlV@kkIGK4F@glN>sBJ*bUQ*H-E4b>G!
z1B$iTmYe40=3p+HPM3pGYdJ%|r<9o;X{T&uhvI}Ymw-+)=(YBiw4`s8=4UCk6}b(q
z-g<c!LbulYy{CVi=DTaE`4#uHT)k-17{P-Fs%ViE<BrSIvrI*gG8FOuux;DULR2M9
zt<=k+AFQZp4W=V!6>>`hNXEJ(H^P?d45!q48|}(xhU&c!88LQXZ<a&iX!wsy02fW3
zXVK7^J%!j3RW6Ide30@zV!a{NeqV)YC0CBN5OPbS!L-d{N7Z{^{Rj)rDdndpRrCi<
z7wdHYm^d2-=<DA9xs0$V82>L>zQIj9(h>8o9B2M>G{JJBzvf7_Ncv6Gpnn1|{NYcb
zscqci;Q#FRI~Rz**!T}zl&U5sJ{i@Q5^;VPtLX^0cbJM!_V7}!!8;<V4?uL)EoWEQ
zja1lIQnt>`Y;|z;UIGTwRS{DcX6H+h_&OqaLCn11%B}wiPl*2-n*YGlZ=*%<{Qrgw
z;tCqtym7r;gq{g+xO-fyg;aH)0Tth@xC0nPH=@#QL2Cy6WZ(Rr59W|@;bgU$n{loe
z<$YyAZp86iN1%!6nf;i$r-gR8Ngqy+uJR!mAZ^dS+hXP_SvCl$Zkkai6!BW+?~n{g
zaOTVCn9WZh=430A-v6?cLS-o7b29%Y>zrM6UuA3SA;h9Glj#oq_EUdMy#^sFPQ``l
z%WWek$rq^G-CX5oHYBFn8XY!7!lY+l6r-vV>8VUVqS@(lVR+G1-MF}~%q768>W%8{
z>-fi&x9ZN7sv^}pt|9uNvlpfU+mv1#R60MIr**J$!IjCd;>M_FpR#7doomXgD>h1{
z*gp@4>GMicyFURqxdPlaStLkqCfb3u;`J;X7}06niy>_0NSTEGt8ywPpC+e8BUP4;
zomK<aW;Y{g8CB`H(+d@u6pOkU9(Q<$t%&l(fzpY>y$O9DTSRr(n*Yzt4IN^5%1dXe
zZi*2-DV{(_{+?MW<Xnoj8x=Ha)qVhtONTks8;e$yZhK0%8<a%mY8lhlK-D>KouT*p
zV~+<Og*B|6t~u9=>p^^;jc|f7>AR>ACe>A;d&Z4+b#r0<y9T_rc~oxIdm=@n;q>w1
zxv~-R4S^vn2pp!WV%(xCyxv$Kq8J@O*`LGFYGO)lnZDFOaYKgBP`D_iu-8H50M9Xk
zm-8*tGmoTqE|~csdPpyyh+j@n@Q?%3epAEp=^ck!@kDhWuQ5)!9EM%Z5s>aT!Qk@|
z^Z5nIwr^g}wT({xy|>MchD5%=Vk?IGV2c!qP$8a61OT0uNP^(cck*;!>TFDd1TFd0
zuDxDw^zlpc<vl!0L5TXTRXV;(Gd`^En_lZC{lFOSA(?K%JKm$o#TTWI;XuE?fO=U%
z&sL-5XZL*f8w}`pa#|VT=xmLlW5`+z`yP$|#aiVTcOWU2+SW+4-TdbLcn3*X!E%D1
z2+jdjtWAX2i`1SQVxNS$RgCt9EsYmISsz^jkZFm?HnALq?PRvYJ6Cm>5+kuSBjIdM
zWSO=-TTcv2BI7iSA5{0L7g(L;?DwLMBV@yHb@Z&GyGk;&D|N6Q?UAMZy*0<S<)!0}
zLuHh=|JA8oOSjI1%Hy<a6kWyNR(njyw_FV&$%Ba3A9wBLz!sISkGtC3Ph$>GZf1;`
zIa*a~3h52(OijsnaD6WvbjSx>oBI2XXVJS?#nWZ;L&KiAR$-r|Xpx$7&jG{mjenkw
zqAid*eZPreuDnwv!^%zHCGsF{k=(!bp5b$d<qeh%oV#qVMI}@ThmeAQY5Tk%<%eKf
z=S&=yVq8`=a#@ltdPKCAY9WSJQ7#)H8n#%rB`u1LsO)4;CEvA6otsdB$UYN?La|oN
zp&<~c(zuV@-FW{Cc4LjOxL3{XE_X+APd@USDrm-j3i(Fu>By=YQ=rU?K}HX$U*)uu
z*(DCbUE5#b%&uvE6uJj=U8&aS0V48qM-*j2jMKG!MuMVKq9X<08y8>m5->9fk>Hx+
z(1~^uaZ@$g!gAdLT#_|Vze1x%ooNz#6hC@c2PL4+ARvOOu&;C4wwP=FLir*ruj1vk
z=z*W{U5l+)h4#wh&jgi)i$0T|&0M)nCOP3IJq@j~+-A=jFzEW6c)xC=MTByyUG}@#
zsuml|6*Cj#Yu3RtoXKpG0fK5ttkSK{<P}cK*6f5XOe%d)Gdj)=ULHJSks;c4TifLW
z%f<EXdHqKp@=Ha#xMWuYM01eKk|TE(183EfQXzKlnS`ig=xo_0LQ_m76>?rC`q$m7
z!wG+0YJZuQ^A0A+c?@w{c1Exy8SYVSh-TS?{flb_l+|yCTIyRbWbC;KH${19g!ZKG
z*7pYVAXb;lPL=$+V(IO4EIZwR6^zx5BO%f&neq+PezMFAXk-8Bw(qp6<Bx7vUx+ue
ze-`v{TDr>uxaI%rZ9MZ}e-(LA3#2-7is2KoEZE$5pb?Eo>COVJwjutmFjuD`BUe48
ze`0HW1dq-!^Vg0rBpNm{PbrpoyL}j)HWPDTjs*QCa)|~^g9V2hGcJ7vFMHE%1eC;=
za@UD)1NskO%*#_HEH-@4ESYN}nXD=b-t^(xuQy8S#<=BCM=0Zjqt|^x80&#BgW(yC
zr2;Nf&G1(UV?1^j*ZM@yW#nv+G->HCG0ZXn=woH0_VYq>_nfH;avt<#s311ba%7uh
zR)JL79A#m^aEr{`Ts@LBP~V!M7PBHu<-pN2U2E3FD3Bq~(hEgL-p9dX)36{ZERX}&
zHZ0$|GRw&|5x*&r1cfR|FNmJu2o?DZq5d!jCq#!ym#EtCNTIiD<8aJQab7_ec#5a_
zYf_eY3|arLnxE9Lv<KC{%7M8SG`@*T+rt$ECLO61+(=e=^l|yf0Fz{pOe7dQ6Bq<@
z*mtZTbRbRd>QAVG9i6wzn8BF4^2QBV)2Yl{NrPW(if=%#HWm$KZrwqJ$`A;PHtDDd
zB0>L&rCZVubqVT<ek&7d3nM{G+E^nlCF^arl{~|>N+(EA3P>|lki@_z$z_Se5*^Q5
zEQ+5gH$+uo|NK|CjIA<9mY$XY=3Okg<vV?%(T>u}>XI5(h^7NatyDNxE(hJE&NA}2
zCPa#3yF=sMG4Hg2F!F>X`OZxwU$2}T!Z-nZM~dU(R{DNR&mlS{-TvZ!u@|fsch&~^
z74QLYD|+8Z0xi8Ixw-`7C<6)<*zZZNqTy0;h<@LzI&!%?JYk(pGFB@<Kh8zR*FE=R
zN51;ho;5izD-2##oK+wB?w@_#7gl|zN7tHT<tE-4ZrP<B`+Rs7o=}48DW)hwFlib_
zjBm{thdlnFHc;K^)|z!<X`aQJXZMBtXYrt&sosjas9l2=@Dr{faQf9oVfA?9FjA?<
zs}D*};Upd}vfjgnl@hXxCo#{Oi^ot&Bo=&IFH6zs(|@5)YR~`J(3j(D{KU=F9c^g{
z6GYOU)*k|K-sa6Ns-}c;^Y9cS61&hRC8lk7lY4fou;5OsG3=@t*t1K3xQ<ND7IxbX
zZEg^=X<!n%S-KJA8G4FgAmtcSa$)S^Z(e-CY3WIxlW-xSd0k27sF6|pm_2J_`=`F4
z9nxl<Cob)RH{D5-+igb8ZggN;zsDe_sM`)?>&iqpD8oy<f;AyhFb+qs@+2Yq$VWAd
zfGd;?q7fqK*Ann&T>6FLVew?0tD6QD-mF#5pZPMY?D2I7qMeUWHkv--&7z!;rOy6H
z1nuzbEn;{s|CxP4ag|{q8ss3lWN}xeWW?&-C|q#Q$!gwU)7$HIFjzu#d*dgtAl;gx
z>|0}qy_s>mdM`(-N(91+<U@H=if^3OA{zFtjFTM>drG3ETAc;OD(qO#v<1?a+CVHE
zl&e&@Qk0vg&K_q8cC46I$;@Ni2A1q4wJSJFW0FvfSorqS@1j8DOD`ub^G%IPGiS@%
z8A31n;)V?yaiW3x%|ciyEfLFTHjLNFUgD6&Uzk5*(*B;F86tU*lR{?%$YxMA8q3Jf
zTz|Du;JU=~=u|QI_UQL^DPJv-Ajl@EcIqBKo&1;)QTO|HZViWB3H`$7HDXNWpC_j^
zYY0gj-ryV*Jabr*QhA2QI&5IMrA}%SK)jxY&IF`~o{+rPRfg6rRSRoxAaSpIS~~el
z{W5+?mH`}rpj(d(gXxE(aQQhTcki9WBB6W6Ul*=EU*J}MG&=EM8UA2KDY;>nfX4$J
zz?(3qJGMB0OtM#$l_Z%)LZ7mn_E^l_7}3qw%h0k5;WX7mk-nVQwF%P}UxW|}P3A(B
z^k_)@X|#6oLLa2oK2t0anlc`H$h@~#x^Gg}qMBNYn38gouhZ+nB$sMUvMEUy#Tey#
ziO2J<rU(%iC>q@Vsg8u1Il3nPXoKSPgly)5UbH86W}yi@k2MQx0$4j$N*pvxx+15e
zckjeMglFsLP}ie(Rr>RznzUju;@&_xPgOJGkY03@Suw4xf%%+Evu8OH8XVl*K4r|&
zbO1uk9)7pbr^OtnKodlcmI_Vd_)tqstmu66dOwF9<L{zTRFS23mOEx=bmpCvbhxWN
zi`tB(K_+;gAqUmbBb^!YbhfTLTwk&NCm0Fgf&4;v&objSCmaLWL&hnMgAI5eDveow
zhKL=nc%cmP^=`uSUO8k6cSNh5@{>##nISk%_~)EPBEePq5tU9B4M`2u`Mssc>Td+e
z1Q(6Ugxp~$%$;hh{7TqzphllClWy0}vj_4Wk=;npj~@(F!buC$&iw~F;%hv>v3*E7
zlaYU7rA2e#A77j}zQ@}`Ibwfj8AF}OQYXDYYD8tpBqQE3LN;)2%WZAqUK8rBhp5g`
z)K7Yf7~;-acqMbF483}1RZkvXQy!+@+4NveW0{wir)^dH^Q+_Z)0~{ElUttbnRA-$
zz_yFlPhGV>P78<8fLo=#e@jLXHIyv`TAc%X4(<5W#+!9n`d>}%A7uxQg#y<t8Gk%J
zxov5yQqln(Me4C~2+=6^jw0mDjaHw{fBD%1;yampe>SfYDA6$=+!|`OLLa?r=}>C*
zO}bcw<)>qMoL0uJQZj90UA&h^{N0(wZ^Dtz&Cjzjm8FIy!^*Y(w3d0Zg2fREINz|e
zsE>tG_bA~3oj6*Ky@~)c9$s=qIRDH}2oTe5Psrjy_D=OCl62L<P!VwyH-24Q+*`>_
zAen+saP{OHd(OvQ$th3n7)UR=uhc{hD(PAc)z9rW;bz@xaGJ$^ve*j_^Dz(^<BSF!
z@o(*qw?7oycg{3!e{Z^+0D@q6yH&`>GV>tH%<o2Pi0w+1xt&21PgJP*4Y7KkUc~X+
zMjVtOIG6VKjU0*3e;_&`2-=>4FGK0r+4`+DwavJY)-{Nwj>V${`IOVf(e6mQLe}sQ
zLbv-RMzZXU5Z#*@y-4qR8|GysIP2OwB8?0iiu4ug1CDJm;UC1&D$=;H2&a(PRP)^7
zDUul!IhG|)TEOFhwOiFw<n3dm_FxJ8>$#V9MbVBj*db>{4G|~sdSm}Wu;8(HnDLqB
zQp{p0bMY>%kXy7rCyRYi2-P%zEf~p_;I@&WP*@hGcb82`)`Cb7D%BtDkA%4#p9Tkw
zQ7#CVo#2oB3ciu>>a!o|RjkWOo_6(dlc$$}Gh+Ce+iTTKg&z9H!%qOORi9J47<Uj2
zoft)JPnxMyyC4u94}04--0$ysic@_#LG<Vb%~J~x1*S7pH$@T`)UdR$p_u4ByL{*c
zitO;o>Ah33Xco+NZ3;~~OBc6nR!F>hSeJV>*oa@TutdixCJV8Gt3Y~QkMNIkxwgzg
zb0w(UZ+*qxzm3#nd~PN*2MgWETQEzga(f{DS>H38Ede2m6C@3BW3$nZ%hFJ7?j1%y
zCsfWg!M;U)(As<_k5@7`;udXIJ{pquvX1=Ivvl8Dr1kn4rZ~h95mrC?L{44Fot<pR
zmM2|;b1WZdawx8xXhKB$*(w&(R6R^3q;TaTuuOFC2c3;?FiA_on)}ahI$30he3Q&P
zW66~kF-EWrD@#(j(NUL=NyUHqA?9nwE^Zr*5ro65ps@ed$aO|Fp)FmwUQ`qdT|hu;
zsAA|K0YO@*Lg?jkfj}S-O6W!6MN|YrAPFE{O6aKc(BukA2~8lB(3H@Npg=&XU*7lL
zkGI~h`*+qkv-UcB)|z!@W=}%Pi`sq|qpDk!34|X51b!{@dA_Iu|3q+GZ)ruFGOqln
zvQJQEq1v&}s~2Z)OZE_DJ?jELAr-mV%vNwy?~-oF^oZKcxvVHnWQ6TOgsCPDA)j1L
zm3#Ek3v0`-XWtGlK<N{zw+)7yMT@a=e+o;K<aPRFesfbgzqTXJWs>NW{<3_sq`!Kg
zpqsB!iR7u{0{2~cx!fdgp*pRm3id*4^kT8LAv<OPQ3KZftyQf6%;OZO{D^pPS;)p;
ztjvh|`Z1Fp$XiKfBQ|}{QX9A>J}Q+*OywRshi)jlRj=qis_3TxYV=TW-ct8Z+$iR2
zVE&kYfXC^)MT#n-;{y!?4xykj)-~S|FK;F9Dl2Har<$PUjX7(a@r(DSAj3qwDA^mq
zykm($#CPnn3EvQXhBL{<R0=kEvUnX7(`s$7O5iw)FLx6zk9zdZE3=%8Lh)t2hr%Me
z0*M8eZpWaGC+bw&GNZ1IRq5Q|cN&$j_#^PrxXL36tL6gRAYau)>|%={rp@GGH?ZOe
zpnOrwQNRdK;2YG_aZ<1)DOhlw<PVAdZCR-<y;&h=VhyB7H2(1Qc$NG&>~^It3@yGX
z`JAHs9?%j2Kw#W=WX~?pW?_60Wn1l-3F54oZl@q8Yn`!EQqoVZdA}81Skq@66DIis
z73Wxu0zYiKGY9U82Oo+@vz<!&*$B7_39JeQ<}oX&a9P*50iLC4bMtIT7N-xD%VhQ<
zG)#_1vV>=X`0lN_IFKzYrskn+S!i2l*7cx2!kZApZ?DNzyo<JI((vxhyx9IwjiQc*
zTN~r!Xw!Hn+Xoq3g@sUoR1lMQ()5h@tgwaT`)~1SD|yT7+bH0SDZdn~VqEci0{q+x
zo19#J)D|__cpfXfe|*)In#=!va?ICXt*eczezcPdNp8#CXo-?Q4ir7?Mn8>F%letO
z-DBBiA?xc{2$Ue_ffWw#1ampoEc4GjS8vd3N_3a`7<xf<*+E3ZTgBc)xv${|XsqwP
zZ<Jt!|C->NMU?8ypn=C$OhY#nDSopIo#n6uh5g;Q7bY(PdLPU7r-+<;$dm|)eblzH
zFiYKP*t)`dfn)r%T#TO|vKM~%7IF5w-ugaQ*RwW99#4^XJUvn)Jd5BKl53;s+n3vU
z;2HO+lYZ0#JR^uHeJjEM1qY5-0RM|76rHF4rRiasVsLq0rPWxcWaW{ik-B>6%8#8t
zW{xi>j;+bQ2*2>Ub`B%4y+!xb0V|!lHqJ5d$Li(R`KE68LXY6AZs$ZXNqI|fHy)?c
zOP^;)f|B9`?w9cT(jJQ$zq)vzYBwULSVOA8`qkrl+)znavw_qA1EjK?;`_f~jFDa?
z@m(g)mow=aQOg~YK9igXd7Z+g?QSv`*o)JdF@67>g9K@<Npy2CkF|jth=}pf<sOIp
zweO>)?O3a&iwkwZNrew@+&MHxSBn;xbqLXWJ%8_R+h_ia`bc`?MvXL1GA;7#d>Ddt
zO5>D@aTii8^ym^Z5o0aCZPMF|>1a#*Ec2r5$-k36lM0{<A=nrs{Ha)1w@<d9In|RF
zJCMxZYcDGbM?ejFVx&Z5<NJw8x)E0)F$LYAR*~6m>;-2&4+6(05F`lXsKjZyg}dW*
z>r!LnnBn4}6He1h8u!RsgKoQsy62M7Uwh*h!+PRHk@)_y^s{eUjnL^nZ<%NvQ<)wp
zCMHW|2Q)rU5SZD@qY4XirEt_wf0LE$qFf!R8_}gQFnEOhV}wpmf@>Qpx~r_pojIoU
z#ufa9;JDwsIIdnW`+s0v()zWyS=cR{tG6^A+rvj=NpRh+A7NQN6*Df#;yShU<U8;2
zjU~L`{E?Q%W5cuG_VkP|@s}kUJEh^n(ci(<^q%v679ORZG%zr{ssQ}L*gfO*X8LYr
z&BRc5wk8qB6AVN-bt9=zJ89+*r2UdFZJnk2%|{Fg6;XMh4yJ%51m4WC=(GtVviu>M
z-{v&~Ba=I}joc%>z6nv9V0lTSe;@SH$sQd7PF9}PNf<Zqw`M=6`rK<0$ffe2GH+Ym
zs(ov~{*+)pJbRu?P}QRk;jzZJ-qAGbAcwXZm9+SDv9iyxn%m}>wA)d($`ebnPmgfd
ze7GInMERa?9YM~^*JQ%NhgH(6PA}J}#;~h4#dYU=9;2qG;qo%WtUfkzUmuttjgb+*
zlcJr+EaS-@E!OK)qa`?v+e;o}yKz>r+KPF{azHtw?3SLH#rA|v;($IzIC&pYRI4=)
z^AI*<;-(qL&_yaM8Ne69RKrsc#dYH6n3^gW5#}qdr@g(o!NeVyGieDsx-PxibXM$g
za5el;%Xk{0oGsO2|K2<M?PLXD`%^t-3})rJ^8_W|5M&t83bGlLA;fG(x2YXPTua<`
zFYmopTjEemgk4Tu<_KKN+&}oLl}ki?Y-c)C66{0xjOWjit0$ZeTJL|?8s0|QHG_&&
zlr8duGqcs?a{ym_6C#ZhX2r@HjiT`My)XjV3df`Ly+%@UzqR9Z2E?4*%olB0U2Pu{
z1Gk>N!0I<Qth&fv_Ne|`oo+dKZLW7@rM7k{>brFuZqEBIN;`ysfrDhe8-W@P6|8QN
zK!$7zCT5y_oP4>|!&@;A;zutSBwK%8?nMxKbjbefB*3-(JNV~#u*K0ztYYRDNv%G5
zi55H+)40~NxHj(}mgj+dv#b24>p=wcKDAl`x>R0~C?Hf@vP9Sw=T&({K~$&7I%_Ez
zip-vicS@qNP?ZLC&WAL>7VV%mc_Lc++x<c5JNk+4;+$2)R7VVqYMPBHcs^v1bmu2Q
z|LNoOlv=ZOi`3#F$qwdYEdiuxHE>v1MX+yIloTl{?-9>#<Aqk!&(!yvo-hK}W7U|c
zo{g5d_z=(N8^VR>V?uuzBnw9$Y!`9nM1vcvJy1Zmv3U7>#V;yi)kO}fJnY`oWbvn(
zQf7Ze6y`bXe)+|~)1ql#NvQtCAiO-f8~v<(_^@-CyxQZpec!*O{X*M5kTSVaN~=C<
zgxz4SfJcqvzIhB_<E?3FOOt3bY^{Q^DJ^|QH`<cGo8xd(mtHkxy;3Y2m?(e1r5fpz
zjjB<bCOFwCZrwWFcx5!_+qcBN(qv19e#Rzc9PR0(_-JSK?+JfSdRV&btXSB6Zy>D|
z4`r@HW9Sb$B---SsXGfIonmCX!+HwmZW-u<M(uPDr9gum+cIz)CNG<KE-FxtlyCar
zeqSW|8M-*ATQ&rb=HH^mNgCU;d-Q!ml@02oa)rsNzKzkIoNiD+CM7cV2UhZ?FQ|_@
zXFnPj|DeDRv4|9q6PxHWQ-A88Scw2@(y&+Cf|q={-XR^rxrylZ3(B0hIb;P%>iP(T
zlFC`)UN;iaEwB;(VGB|1rMb9*H99C;IKLbSRG+c>K>R2r18cBc1Z8$kmp?%bOs^Zq
zXry%mW+5d-iejUXHau8U+8-%8;~OlsD3{H)XHnNE`^L>?IBuYfqb&B7x#oVDLnIGh
zvTR;Lk!WxFVudB%(`V|X@E#Ws1R1A|xNJ7FrfjYlm<x(KrUe!lRpx5S+`<ac@Q<(P
z4vQK(BEgats&ElV^e7YyMj<*Lz2)_;WNl!al=h$=;<-#8pgm`7k`yUs&wmIq%dq<q
zp_Fnd^Go6CIN_DJZO3sr4FLeul+p~#Q4EqTG07F0s6b0>7?w&c2Wq!PvGVX0JD#3u
zr2_)m<@$eA+N*JPM_r_nUw0PA?xd!7nM~YURTAqa8KEh6kuCt#OG9nJYgxiZFGDJe
zvLag{x881sO4CY8LeLbg_@#F>^cV-o!!naACMQ`2iVH-?`ct0jU>E#0WeJ{7zryG4
zA1LnFO4BZOA{2<}21yjX1o~LO4v*_~qu4`XIK;DSs5BNW1ulRam&xya&K+yF{&Fd9
zX2t%l9&UETFcFpVA=7CwjW`o>FzVjxJF{+{^}>|>(Wtp6)>j0>!Hb5ADCCbh14%%~
zz6j00T>U=ZaYtV4l>#z<5b$d)K~iHzB~L}rA>Ffy*-(26YwR_3m{2&h-rBUGFMT{&
z`io(C7WIq4KZpkYZC;9=N&D$Z;(UH}1IyGFC0Ic3LUGd1xSV@KXJVwHHFs~^gmXPU
zsk*s$nkA64mYy~Aaf+BV$5M`@0KU92?w1%+H2{elLv){lM)USGsrxtlF)KE2ysvY^
zDkuc}+d2P?7g};cHID~E)EFDB`mHip7T7cjlR@m7d9&<I*N7Rf+e=jT$^WSsFfibZ
z7==(ww!j=>CfAkD0A#yl)6Tu}v%4`5ge&q^G5#N%)c8Eu)7O46$S(FC1vr=4)_U2;
zRaSvd;Zzx^wXo};ly|#^lge$I%LObAEu6I^hlSQ=UX2MGCrr$ht8~#!i6sixFIPC!
zMQhT1a+<5{&Fj7=Vatgixmd4_+LZL>Xqg+O)Ds;28&~vkJ3F&Yz%Hu&i*c*@v9P(G
z9^0Cksqt8^%+~k9o`6*{jXIrBcryD{Rm1q+aYgpD-w821-IZpoQa^VX=+xf0?6RnV
z!>uEYab-w-6cu&u+(X~%RZ65&!1kaio;N|VFDKEb)DE&mFr-Uo1{<5B3A}h+xJ5?j
z2`j7r+`K2?MaQw(u(zv+EtuOB^7xA(rtadnw<#g;MT^?gBiZW6x|6K5mj1j+Sj?rP
zvms+{K)vS*NnsnO027DAoqS6*2M0RFHE{KrBh?d$?H7(mHMGm@54Ybv9NzVc3@UW+
zxzFxK^$C_I^h5Jwn&o7QR2OdVXUdwgu^bvj4V)x?2I<3^aIEYcsVUs_40TV|Zdlx~
z0&O0|e$(%4$`*Ll%|H7y-(v$Fif^irky1hF>=JltutC*v%Tu2#fIeM<Vmu{{4+?c|
z(Hs?P(@v^)zppMYDa$n{m)=n(Wx}xwIl=~bi=IN**i3BbLKE9Q_x_t95~q@HYZRcx
z;?BFJj9DuD>ognOVhgJPipLP+2mX}!?(#j991M80qalDH*=uu>hxuOBYfa*Q427_n
zr;0_VN2Rj*Mm^boKo2Ra8?31*JoYU8z+SO6%?p9}_PfK9ai1_rO#+?X>_0@*3ztX&
zijrnnF1RB5iw;h<2wyDcKxOBqS->}g(QkJfi~4Rijh9uEN<uY4IeFD>bfK13rP$*9
z92cRh42(3~^Dr^HMFP{2o|0e-cj0!pqT0fv9CxLy>@WdcRoE2(KJv6rqa{XRbfNh;
zGW+}i1J`MO=b>pJNN;pdzNV-zr+$12Jy0AGKQg2dEQ6(c_h(Cq3H1LUeIAH=7AAh>
zU(O#eKrBuQaLpkicmMhI00zNu96Chwvic(z{D1D7U0D6MQTAU(2Bv=oS{pYXB8iI)
SlVn`PRfS128setH<o^%;B3noR


From 8edc92e2139d1fd2b7a088396877281116717830 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Tue, 11 Jan 2022 11:12:06 +0200
Subject: [PATCH 13/16] fix arc diagram, fix key name in PASSWH table

---
 doc/passw_hardening/hld_password_hardening.md |  55 ++++++++++--------
 doc/passw_hardening/passh_arc_sonic.jpg       | Bin 30730 -> 27790 bytes
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 3d6f98e35bb..056457e9b9a 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -207,7 +207,7 @@ For saving password with sha512, need to modify the /etc/pam.d/system-auth-a fil
 
 ###  1.8. <a name='InitFlow'></a>Init Flow
 ####  1.8.1. <a name='Compilation'></a>Compilation
-This feature will be disabled by default in the compilation stage, this means that it will be not compiled and will be added only when the user specifically adds the relevant compilation flag "INCLUDE_PASSWD" in sonic-buildimage/rules/config file.
+This feature will be disabled by default in the compilation stage, this means that it will be not compiled and will be added only when the user specifically adds the relevant compilation flag "INCLUDE_PASSWH" in sonic-buildimage/rules/config file.
 
 In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
 
@@ -252,24 +252,27 @@ no changed.
 ####  1.10.1. <a name='PASSWHconfigDBtable'></a>PASSWH configDB table
 
 ```
-PASSWH:
-	"enable": {{True/False}}
-	"expiration": {{days}}
-	"expiration_warning": {{days}}
-	"history": {{num_passw_history}}
-	"len_max": {{num}}
-	"len_min": {{num}}
-	"username_passw_match": {{True/False}}
-	"lower_class": {{True/False}}
-	"upper_class": {{True/False}}
-	"digit_class": {{True/False}}
-	"special_class": {{True/False}}
+PASSWH:{
+	policies:{
+		"enable": {{True/False}}
+		"expiration": {{days}}
+		"expiration_warning": {{days}}
+		"history": {{num_passw_history}}
+		"len_max": {{num}}
+		"len_min": {{num}}
+		"username_passw_match": {{True/False}}
+		"lower_class": {{True/False}}
+		"upper_class": {{True/False}}
+		"digit_class": {{True/False}}
+		"special_class": {{True/False}}
+	}
+}
 ```
 ####  1.10.2. <a name='ConfigDBschemas'></a>ConfigDB schemas
 
 ```
 ; Defines schema for PASSWH configuration attributes in PASSWH table:
-key                                   = PASSWH:name             ;password hardening configuration
+key                                   = "POLICIES"             ;password hardening configuration
 ; field                               = value
 FEATURE_ENABLE                        = "True" / "False"        ; Feature feature enable/disable
 EXPIRATION                            = 3*DIGIT                    ; password expiration in days units, should be 365 days max
@@ -560,17 +563,19 @@ The ConfigDB will be extended with next objects:
 ```json
 {
 	"PASSWH": {
-		"enable": "True",
-		"expiration": "30",
-		"expiration_warning": "10",
-		"history": "10",
-		"len_max": "30",
-		"len_min": "15",
-		"username_passw_match": "True",
-		"lower class": "True",
-		"upper class": "True",
-		"digit class": "True",
-		"special class": "True",
+		"policies":{
+			"enable": "True",
+			"expiration": "30",
+			"expiration_warning": "10",
+			"history": "10",
+			"len_max": "30",
+			"len_min": "15",
+			"username_passw_match": "True",
+			"lower class": "True",
+			"upper class": "True",
+			"digit class": "True",
+			"special class": "True",
+		}
 	}
 }
 ```
diff --git a/doc/passw_hardening/passh_arc_sonic.jpg b/doc/passw_hardening/passh_arc_sonic.jpg
index adc642c4dc7552d18e9de0a04fa76f519f177359..209cf7150c52e0d642a0b1af69d68e26aadfce6c 100644
GIT binary patch
literal 27790
zcmdSA2S8L$vM)TSAW3nEk|oCh$r=8Vhs=<(zzlgnq9VxvNDjl0qvVX_3`&jyLy#zv
zgGkOGym9Ycb@%>v@9w+rd*AmJVQRXnyM9&Oefo5rKG&1iUjX-%<iYX)3=9AO1N{TI
zUcA8ymXR^jfT+uZRpkC6xN#qVrdtmI0Jx)@3q(Qsfxdy^gCAvoC38#HCx7Mt<P+WQ
z@x+hT0f14^pUD5aA{;2p)e^0=i~e(SK^sSdg`#<4>;K@N{opPBgAe<`yJ$mX&^j4t
zp4Iv{-r_g@soN7bv`)_teaj~<KloWRFAjHb|6%I~{XmQlbJWp7f9j+Er~s}22tWZK
zjpqN4(yw?rWdZ=gM*zUhs9$9ki2y)t003}*`d1la1^__d4*=8*Ju!DN{|lH~=>IpY
ztN?)hJOJR10RTWW3;^I7{T1l1y1)A3ANcwJU55(orxW_e8sGqc0UiLr07rl&fD6s>
z0v-Z*0D{*u02#o|8$amB|C?yKg>~x(VPj!oV&P!p;^JWA;NapD;N#-m#lyk51H5yW
z;NCspJzRW3BEow_X#U=hMlgQVym<>7UGW|s4j#Jn-=ypJ03bHT+6{)A81#S}K#ZF}
zjOz{nHM;w5{`kfCYXkt8ShsK8xQUH{gBHW?0RUJSH!v`9aBpMZ!NtTxclV8(x6mp;
zLLyQ+-7#!pGI}1J*f<mk1FzsCO+E9MNFfVncaQ3EK52;M)3=pX_ZgY_U0h#9$CuZ9
z7{y@{5SG!>ha%eLU~aERVluO`JJ4n*(B^NTVf;oIXbhNGXqg}oJ>@WN-Nw9)iN^UC
z4KxHGq2?_jVme6l2+t$ux8<0;eC97d?2^!HAy9j-Di*G%0r=?lZUAor0aAdgf)~HF
z{9jpur1ks)zCxwTZl1gVcWZZ&g6&2L|DNS~ZA5QwFBIy}hy*j{SxnYSrVjY9N_vhu
zeV729#St806IV4KsHhKZ9ZI$*=7uV5%n6OQUbu-<+J4e-9+KnPdh;4Cx_MV*Jy#;y
z5<?GDL@epTlx?;2nc!$?#!^~{<rD$dwEGy9>xhaMeHX^7lyILi;sd=uuMha3Cg1WY
z#Iq>vPSw|Z;kC?!W0?;%sqVL_4z*}{%3nOrV=%Mt6dxb@*(BYU8MTJj5zpBoq5AJ1
zYDJe-FQ(b8{e%>?3(qro)Ga~WUBPKlo4;SlsxQ}6B2~s#f78JUC(>&XQWqNfBGr&m
z0P!rGv6=}h6U^FEi=CMgEh<+mcbb>d>iuVqA{Qu9pQ_UvsP*%5rqy%lX3CJe15qXu
zr7Ew??UmslA_fw&?bQ0ERf3@lE`<#0_~FOR4aKI@IzB`L%0c6eT@LC_NJmE9;hOBX
z$}o6hgSrB*QdFiotJmI>L>j~V-ctVQ(pKUFo0dO|!(gGiwZ>#i?|RPgsQyPkR#ic6
z@_zS+(@{F#`pmpV69VCkQOah7ko|DwFEas*Z#U{EB$T@L?eo^Yl!zIqD(G3mG5U3f
z3-_Hj6n&g$W!QIe5(NX8@C1W~Q%|JBhT+;UtQkGxv#M*rpT${bGwzYko#LnWJGZ{~
zmG{GO%SpXs982+J+shih+B^xzeflz%iOLoNR$_o?%i4;rns8{j&D@{5+~}W3X~_vE
zL^<deywid(*NnxP$#4o$jkc9URnf6e$;%sqnF{GYCT^>2cp&F5@}3S|1B&MVtTRP;
zIlk&s1iu-Pjs1W%Uc{tq|B|JTQndzt+GP~im9<aq)T*{P%YZ4u7fz3I3ey@i{xuM2
ze#TTT>?WoN%m4m}dVHU)=hO6_x`6AiLHcXllRm^JUbg@CEHA14*C72h?nCcm;kpPM
zH~kGZ&Lj)ulEI?0lFQC>FZN)qi(Zx;p81GFs55^$Jq{S*4OZ)1WIUetxdz<An+|xf
zQJM`g-4t|=T&yk|neMQI%_Tq7cRrHB0NZkjXJ=2?N{@jV=Ao=tGUQVoTE;3?CAoS!
zrI98AgL`hrmv0ZT@ry1vz2c<yKsl!MdVXC5TjksO*MN?i*yk%I*MR%(G@!y4eXSMU
z^_JHF!fBnau}?3}mxtWVTn^u8v{R!*4VOw;qx>0oN(I>Dy?{WXIcBSyKUT?qiD<<)
zYQKCXz3jhzev9Dko1s`|_&d>_gn$Vl-_1>OS!UQDd9fnFDmBKShS+ZDQxz1LPpM8N
z(q+amCND>JUgh+A>NUVZ=RTaZ)q5dLzw9XB#VrL9%FWMao2hx$cU^?Wn_9=k)IPG$
z-<=@u<+{O;5`N^weWW&8`R1n<-j{X}ruVY0(Jdt_R|V4^Pu3WGjQYQ8Rc$SJ-?wJ0
z!;bjb4Artzk*8mwM`{Z9Yy9PS4B$uk^V<0HJlm=EpA84>nx`NZxtY5;D*6nFbpy}I
zy@#tB+5=~b8v+nB?$u-;3`vpsk-hb#%dmQaUl4z5n>jIc6gNecJZRZIv(L3DkL6uM
zsgCB9ekmn)M~Ic(7jqtliavs{)6>Cf&ViVQFodjGsg1||I^AK&w@{n93~OpnusfA%
z7aS{spFHE(S?)te)@&p~;Sqe){+Dw<v3D$*7lg%fNRSq$igr!hHH+3!ON0(K89W@n
zH*Nv~HcqMWs=cc!LPG1b<AcY%3zXEey>zmKFUI3_M$0O2ih9^B$JAokElhlDY@Ik$
znAoWCAnB$nwHQD~1Tq?k_h%h)KU@X6I<VU?I~_~HXQle;&^kFDs|_z$HlNq%``~dn
z7$O|%x~CgUCu<eU1m**et=SmkIXrJGUDM$0JwArKRd%KG)KK!W3)&DP2h}8Wl3+{s
z4EZNa87m1mlW%i1{p=}`o_XE<Yk>AQF=079W{1p@18gN#Vc(X%!qsblWY4}AuDg;j
z%3<aOs?JQBFq@5sf%i527Y1%JpMeuTP*AD#pN^Rw6;1wQY2!Z~Z1ksU|2N0lQa`~Z
z*Vt9~%r(HU^xo`G#|`*Dr+pscSxYGluCCrKqAd+c92uwH;P9C+HaugB24RC09+8nV
z4osAWhq`|J$fHNbvEeS48sKXBZIo(pwHR<Sckg{)W3k_6d2xF0mCSklUSU{KL-$n?
zMek+$vQ$wzM&XNpFw3(Q3SM*YH}tS9jE^|HRg`5F>?EN+VyEkbS(WNJauGUr8_oDM
zZ(+`2nfZ5(7Uxmb=-eeSA*}ET>(S*gE-|lCc`o)9)>-Gj9gjU0Ku%H1#{lYy%y_=g
zJA$7SU~R^LRh`p8tw&2=7ulKTjM-6gJO>;@fQG&#!t3s6VChk^p^PYlJWDv6bWz3?
zE<E$?@tB=e)AxnKkk<fm&e7huOV-6HmJTR*PVQT$vV4X9Q@2yFxkovTSKuZ{?|IAg
zobFl`QmCFH(()8mcSju438y4ctuxiSe)qwcd=e7U9f&fNd2%t8+Ji#SGpt-JWjV26
zSNwx;{5Qq_dXNM9c+aV%86c%O1supVIzm2B!4%=#<Uq1*Rdj*fWY{tNIz696P*|r^
z+VdE(`9e2Tix}<(*m#+G>ny&vfuTDJahdX%`#r1i>iFjj^Q#)A?<rKj*c<0J0zSe`
zHnC{GLd&K;{9@m8XZ-tBGRp|Xj~$(6;~j&;r6g+UD`I9B1U^Tj9MT7@s_J%@-Td`L
zs-NcH_bWlPT4SH$uMIooP6-4q!9_edbEn9m6=d%>^=<u=p-+^9>IErgBj4otaU(Hl
z@0JYFTZ+&ms*fh0AJn9J=bwB(F|1>i&6{_Q$B$uy;JxiQbfJtsQ(hsy7*J=lr$|Ra
zpQYf_-xZ708gHcOn!r<;PGJl30k1$7DrQ}kRCCAn-pV_11Y>h^?aqFa5t>)7s}YTZ
znC@21OWHj_4;YD6*~oWe5~k~R*3b4+M!LifLLC)SAR=6}>Bt?>$$6dR@O>s~cvmsa
zqa^dm8QapTrgEPg0YQ!+SL9pPj!gGF;{IHx^c%?02u7sR-jM%5b@6SicU=_|)~OsC
z3qo(SNB3%S&uJrS!&Mz(W_uZ{w)}4AWejB-q@?CUFL3NhyS4j5=O>ERdR5aG^O^?Y
zkCPtNPX{`+#5+5<b7nU$*tU3&EnM+>4FuDg=imBBM{|>J-<sa2)Us@bu2&`hgjMYX
zsU5>~0DKE-JTu{el2^OUsT64EecAX-^`_XAO^eh(J9CAGd3c2N8nAjW|9RS0?9iLG
z$aQN?u=MCA!BK_Y))%s2VlG#^9gT<A03#;fk9U9LF?=wjf7ASp{ePsAWGR^v`sS37
zmz#}+17UsaWGZ*LENbV@lw+vyw!i$WZpFWI-<gEY<~dc)WssdT!JDuvSz$%P8cE^=
zyo~>5I{rl*)Y|V{Y*58@waLlw^n`h$dCu($Dri(-eZ&~1B0DZ5ZNdCh+Soht8o)a5
zrttC(Wqs$)E(ac!AA~1)7M488t6^>8aLAO&$NjK^UT~JF#Mss~C^%kR&cSGhP~f>(
zAPoHG^GEfbgTY#0<pqs_sM%FQ-$kZ#y#z{B!6!RW5@<q7-EONzMB-LzNE|n&Y<mcl
z*K~{pIvUG$#6X@-$qRNx+Dd$W@{zMBZKb>3tAXW$<(<KKy4FkmrG&<~Na>8{T}mX(
zC^1>t<yih#3((-tniXK-)m7BFa)yH?(P*;mbA#6!8>>ROyOyY>cjTo(vtBKl-pRI%
zdmIsB(3~Pm2-1f+i%&9!bp8B;#_Q=5>gGcF{f7J;rn3GfcVVcRA;L^wEz*{{V@i*@
ze;51Q_*EoB@cbC*9_M|A1%Yl)E<&CC93yWcZe(P(|BG=R9wBAp&bbT#HhP1du%J>K
zYoI)KacjS9vS70MR@NMky+)<7H|E8-M0;OxfA(oq%(}GPfYzbwuADz@-?J6l^a*S7
z=Fa#3ZTH<~s#b-6a|rQz2Jd?V!kQTrHo@gSijLlb!cg+Eu=1#{0HCNf97bQ!PSupK
z+{kI?Qe=u;INdi~9{x(eu?9(Wuh6_KQo07v8OssfULUG-;ifCByZU@0g}&?Ne*E77
zxG6q(V9(-U)=@434!d;AE_QeZw!SxpfEe1c)KlihFp=knvw^dZHS>cCqu4U^8kTcs
zv?}H|e2u;eLB;(d7Hc)HRFAo%f?SpkCe!&C8AX+SB^B&CBGM2Ln6M(lW%xeq4BP+x
zhL)^B*L{=R6d*cf#fZ+!c^B$$D|09kNEq25rid2ulb^NZ(98&@cN(xsX|#MvEG~L8
z*R@Yv6`D}uvf-Y&;OOAfD_%%6+Lp;jZzv=Y4(8=!A|0peH!~*`%rSqbY6V$UOhOXs
z$~A%mH{<K!s5E+~tgJlC`7FyWR4R<m@97lDXoyfv27qeiApl^NByvjs;Tj<SRjRN?
zB)8MlFV=8)DC*+bm3XdYZ&-Vu&6<jHc9X5UEw3J9U<&jU``9o=64cA6Fq)PAij(%x
zvGTmg{Pm^v7&l5@N?Q-`j0z<cuk1`h+h>;(mL=6^6+R$-*OqL=ly+UX<$WCh*YD*Z
z{W(Yb_uFKX1UHl94)xxg-{pSC1-Oy^#Z|E-WcM2IsPp*d`_*V4l7*|+p<8$_0C}fW
zDDKQAsbOcI7rP?aW^&K`G8Qjxd;zds-R2KnFC#dlGJE`IRyrimR;Y;BEjMBVU=ae{
zG=Xj2&!>(87m@9FKG0EucQJg+k+E7f5TXj=*u*U*F!_9^l#V2)^moSYR-+D#C+O^=
zZMk0hif$F(vgBu}NVbH1%ZK|(BBNBc+!Q8;DzUwEdE}BeB;xW2LS4YXLp0F8_x_<@
z*m=OYV)tgq!V?VjU+^)0a~JbHK<n~Xl+ZE!Pj_EF0T5pUeuatVm%qjUOsQW{y8SDv
zWPtx_W{&_JRJ0WhX6^1#4%~h!`v{3U{-;NkU+;9X1(Kfk=F*xoTldnk=MHDHK-oC>
zCXoof))3!9Z~cICaHMZ-5Ep>sRH1uoW`E)u@W)%LzS8>Y&{?SbCys4x93oGND_X|s
z_}ZB^4&h%)42AQrwz>~6-yFGztp_D#GR5-vXcG3PbQU?{=dJ86nHn_6<}It)asxRp
zv!`|H1z+tGLS$u)Jk?!ksM<a}kC$6t^@$e0nG=z}6*~)gxk`#R*1)a6xAo@XJJXzz
z=OXD)^}F_zqSMbD^=I_u1AwXZ3d;>~GxDplMg{V+Mv2kBS`WH)t=I-h1~|zI+)N{^
zr|z0RZdT4bbd~IhGYR){oi227a~t%`X_>WjXWX25l#Q&)@)=~b2a`uT$Y-AQxM7J_
z@~GL+{H*1Qhq-A&mX&xcTd`$7lQymula*^f2s&P(EMU={zQdT4L%D6sV5m3{Y9T=O
zQ6`42kEdAa2AsDkq#};+v!f_<QrVGD$=$kwlBo_VpF{hI^dj->CbdCAo)F7VuS5b~
z9dU(@3|!E=g@x5J%!X-~9r=OFm5=vSvb1^Fy=pxr)oOfZZT92)XnLk{isQT$me)7V
zZrQU(99pEHe#S29XT*ZP5JeP^hPeK5@K^jY3HscS^=7J}3YHf<<B9*fqK5@|9Tj~^
zO4V!)$=x&|`Ns0_hx_-PmxWR4C%pU>RRwI5k#1=-acl4Jt!TSbxDTo#$1AZ0*ft~&
z)%$nYC%%_I0N@Tj_;GnANF^^wneF!)@ac+{n(Ghz3|r#0GQ{nY?=^@f&ylO&Ee<-K
zw`AaYwG$ezOWE_<F`k`;^%NZ3_#n=&vwoNA8o)Sk<w7?Oz6Nx*O3hxCM~OkZ!g*rl
z<Eite3><Q2AF;7>7e{7v8(J|t#$FtF{qe^Eb9nms!_^7+vI==b#gyN1uW|Y{ph~3L
zA}!F>YodR3n*JJ)>OdaUAeP<0r%uqx#tJU6W6WWyPfY8OeNbO1;zP)%{7HHBGoRnb
z88)8t6c!r8;NHFT3Qd}24?<%kLJFN&2xmG5VvenvkT=ovTlPaT7xyAo!Q^?tv2gNg
zzx&q!CFQT^^?OgDkuuMN#xH1Us#m2*M7NCT6C{mT@KtFNbQJ1`dCSVrART;}tRgrA
zrvvf(zr_I|kZ~Py2S5U2sYqe7HCx&uE9}JYl|bY<y|r5h43q%44Uz=_$a5onvETWP
zGz@K)1QP6}YqWyzf7djo`0cuXU#iOoeaW*tl6!)_+5&LpbgOMs$HPJ<$+;s*cn7=Z
z1L%SpJ2i8ai0HadeG?<ur^B&H2)X)bGR4Nov^@#oajzt1deQG5f^(oaImt|OqUQ5@
zNJ`uc)|Pt}7>=#Hx<)Qs>Dnnt9DNuVLts?3>h2y8qw5i#S(TMMpqQD~k%x0cp)Y7z
z*Jm1~#u^p{r-NoO(9e1fOr(mxHo7q(7aLvqSRHhy7A(>|DZ}x_(}i4_d0CrIUN%P@
z$;7h4OJ2hKW^Fg?vugPpO<vVviph=FV*Cy7G{wkIbaOI$mytnzyv`ib(+bVSk<g-r
zl#<feO=uwn>sC*h$21{hMqUv|RU~hIiW_oT3sf`c0T)DoDIrm>+*NawB~yd=YmV>;
zJd9bf>ll37yhD0=1gW`1@adGD#gaVe8M6nFUQ9-LmXeG+kU_7EU1P{g-Rd1FCr}Sg
zc_c|b0ulpLdqU?Vs>;TLs3r`?+94p%?xm9EV;gBIMXf!k%55%-C<x<WuI|RMHS#ce
zmq;Lt0B0j?LMCR#4okeE$>K*7ZLy&68OUQ6nQeKQM|TmBt(BIUVXxsh)q-rg>X?qI
z`Zj2e(0f?-PIA&84(oapge5hzLEY<n(yFXV>V2}Z;x90NTiD1j)W_9B@3n$?b|&@!
z#sKtEa{F{B-z+=KH@_4u{BXs$Nw&d2TgVac9z8RC$q|ZUS@iT9d{R*mdVAfJ!Izd+
zgH?;+`u?KTjp_m|XVRZ~-#X*KfdfjPDj?3iZJGs)si!f`Qyob&5Uuw5=xApamkZ?;
zx)7ZWH9v}o{qplI&$@jI7|^z#p(+~VL}QOT4yN`XC7)Nx0}ia0t;$jg4I55v>$Wb_
zcXtS}Rt;6K|CW@N!&#Vn^7U?~V6Q6GjmOJ-4h#7`!}7?CF<3jwRAjsLOP$rjqIIIX
zdnbi=H;JFYC6}BOcu%SuF5o4=sD;yfqb9~2N8~o_-JwMiJmFDgH@pH5dplLdOE*F+
zuEHTDB$0WD5yjL4=jvgMQJ(95rnmI1Jlai%aXl_uZ;{JV_%a24G-m<iDbmXwi1P1n
z;Wb%s_s@xS={4i5O5}*)-%{FZ(75Ss>s_Si3a>*c&8*J8iP|;CngP|6)GC2lYR6;-
z&;ivt(pv1`MyYrmH9dMl{9XIB9PcoO=DX89V}RanWaL!sO3BqrX$75D%&Ev#Jc7-y
zz{x*fR=1i@_h1UmxQc+guO|5<H~4!^gO_{!4^$PkoP+bI9cHD;=0Q)A5K7?upySzK
zxz>-Snz?}B(8a~4?Q2wDs<UYObM*~Yh=rc2e9<c%O~n$tyiMWG)gdu>w?DqG$d?EV
zBm=`MYS&+K7G@=TDm`p|9503yk@V*7>L<?B&vTd6BJ)qi-D2EN!4OC{1<H%JdN-OO
z(%(n_CKYSj8M9ntkhrB_H|MsVcM2J!qkmd&_Oy_|Y8rIpbH8S^e%9-7xbTva^ThD<
zggjJUtE_W0EKTj+Rr;oyGO{Z;zS~)i1@tbKyj}rUX>3G^MIAY(s7{Hsh?*kLds$(K
zD9cq?h+BDQE>AYt07BHl@)KrQhqk|Q<&I1@$Bir2MY9D7=09hnly4ie38``}VT0Xz
z#YoN?v*gTf>XE&nOI>)LBbQ$vCuX`*tdwb0+U3gX`=K(ZDv82ep=&RH$RFXKKQLs$
zz&B~9|1r@*KeZ#}RXOQ?aSoj-RkD5WL<IjdQc24pr8Z^xo*iT2+ZN(<+^5{cHPyGY
zgn)#nMWTHb-bPei&Qo!^?&KgW1{0C|O1^^FyL8@m0x8dciFyr1a1c;Dkz;unK`(hj
zD@4pB&@82>0cZ2me#4|7c57G%?pnpgEpW7=L-vGCrXBrK({$Kp$x9(@RQ6WhJ;g8F
zg)bg@4{#$MjF}8|7Zk5-s(Cm~e<7`{6cJCew{?N)R5+ub&kQ~P!a^(`H;D7}YBGgT
zgw)oe_-$Ts<=1?JT8_vAd4xprpa7g?bxI_3hd9YFAx1!Hg*02FC#OP_(g+w?@Z#Zp
zGqJ}Y<L&_-<6L=Ij7p4G473`uq*RYMWC$8XjP=`wR421)S+(JCG2Lpe1?Tr?_z(hk
zgX($6001WT&*psmWzh;kY8&?OeO)Uh6DTFQT`2j<_rb&p-Azaq*wa@nW-<(=&|yZo
zp7!qK$@2G^sCBQ5{K>NB06j~V`yFs6=u#E8q#~nm-PdqZ3x_-ST;S|a-Q|Qxwdf3l
zpR3I2LBN$q^m)zWNt$3%nPMq=KDBxht0g=`93@+;7;piz->p;a>}@mpu%<wE^v%aJ
zpOwt{8ga?}0g>)G^+TZ?vkk89<9n`=4e9GnO06i9$Su0U7saT)`hOzEFG}$ly9UTS
z*SSJ$`I!@}ZSxd2e-`*Y*$@zPBDFLCo1783G42VbU%Bx1D75#F9k6W_;p{ZFRPOga
zV`RFev<MbF!Jud@TpFcd)K}EfSmJLZUHl9&e8d=TuUTNn%N?u4r<sl%7#P4J3oiXI
zeHLLPZy~-iJHxKbDelBSlP7V-|JDkbgi@LfmPaPWt933D$q3bctYF^?v?6(FvCCaH
zkIrj(k_r};z9D6In1969oos%zS7HVAXUdunu(C>R@QD!+qc=7zOj5z@=DpBDnl4Wb
z3TtLD^9FNEE+cF^DY0@MBpW#t&#v6_X5(T|P%8*s@qlFlx+_$DlY=xw*bi=a_D}cM
zxswU#99(=!fFDxkafziQ>Cjc!AS=K%)8p^6cM(BB7nN{FS1QM~<jF0g*bkv#dfeGc
z;Vl(0HYM{GrkwaYRV@BUJI3OH*x|H@6lZB387&Oc_BA{F2}Ta7E}l(mL>1Ca>vOAB
zJW(yUM6Er{hF6LX$l;gbf7dVFN?XKAD&X;?kHB2`vO%S)$ES#icm0~-2;DwA&Hy%f
zCl-qZ`gO@@q3vd&vZYairH^E1(+ZnYubERz>h+#!O^j|Fx$I9(-K?A4Y{VPy3cjoC
z98agLlDpWDXQ*YP6jdt6oarnMezc9KvyCu=#V^<O$GbV`7-}yc6tO6T@~_ITB$vcl
zIkdoQ93S+`q2L+4ve`+BJ#u?Il0@sFix%E2BZtobcU=+y06tZ!OW@;cK$d&@xDh_>
zlH^-o1kZV99X~p0^7<-#!cWKH*<u7UmS?h7uOtr9YG*@4%=!ugJMpuw?8{3oIRl!{
zYK%L(p-<}3E6Fd)+sx|>GRsal`TFeD7q*6kMVQ>%ZUafS8Uswrff^H*-j2Aj+Bn!H
zAv^$>9^=l~lxq}#K0c$h``iAMcviFH{Scp>C(8$V@5x$Cln+%lOgi%ZSbBOuPZ7gR
zZ%67C(8=YOQ8f2A%NM4Q7L`hVmGD=VPQm^M#h!8f*=NFt>A3xY)>o?UGWqr$v*VHd
zUQxJLz`YB>%j(u)R()4PTXIrLpU6%K<a;VKAD$GM5x1oDi2QpY$ri)XG5pNlFGHg_
zI5^4bR7G{vn}?!EmveHqc~i@jF~4ZtgD+<{+0Z*1>bJHZw+ywcv-u>fOBt=mW`M<{
zYIUycpOT1?7bkb%Sd|!b4ZsvNIfREkr;&OG`bMnoR%~AY`NO1%c;o3v4QTz@)%#~`
zsGTeaqv5^pFU90&rG^Sha=;iKyIMK(@{_f1mo6~A<SDm=mpjRHAK$deT01)us495C
z^%>W#aeapLP~7ja_^-C$#NOzqRk<~>jF>YY)Z%?8Ek3`A+`|6^K1A>6%ZCKgr~`=}
zu}hdblQNQ~mB4I5J}kMFQK~YIR@`%J`WlGbGIj)+>X0Y@r=1+Yp96g{&3bm_qY7tN
z#H)Rk%5^T-*-St?N$|^4%Ku}IP*OPTRBmcd<fl6ZtmUb>-)<lmkazbN%;I`w7`~**
z(qDmp1wZELH_|as1>R%(n)xAQ{=Eesn{CyVY<5tPJMM8!Qf~_doTFRl1wa6ueL|CW
zx_!9SZY9q7>pbTI2kTPzah3D_(AydBE|~0@x>98W6MPg6iSzK@Ab2%}eb^R2m$?=c
znWzodIF_a3`T$o~%ih;a-4=Qhq)Njr$Bxnz&Ru5=wxwjqzCmb!Go3iprgbbM*=4T6
znS-~vhHrrZRF@}N(xBMjq3L5LxKbXmH<~cdQHlSynWw)bud{DoXk)q|HtIw5yI_(v
z<4{sYD=J&yG<qMPo?kD=I;#cWqloMT1Md|~p9swM+CS`0N(Bp%H$D$1i9ImV!?)qF
zW>*Pv%zFto@)E8RG+}D9l@1CPOCNsB(~jMa%TT%z7ck0WB=br!w>aT^BH>vCC6|$R
zX=g`uwF$L17F2GDGt{SM_L#&z*we!`&hmL`&iyUV{LE089{XM6xm@1G#xG0xDGq66
z&YjUN%x3inb>9Ft@;gyC7T1P6Jzm461VHWqp9NmS;`Vv-c<mcF5*>5jLi6pyg1*(|
zmld?xibo?R+MbQQ*2D8cD9enfFwbK*cfFm~8`VNTv5TgsCSmycydm{f0pgW~XxykN
zTLJEqUXUO{D`ZMihvN~=y?bib!f#rb*d6<1QkWGQLTAsw5;fdi++3Z<Tk`EdA}O{*
zuAt!Ebonm8&6Hg95xh|asayI|>vPsex*c5#Av(}+-6DDP;`w$09m&8IK4#vq8oisr
z8<Raj$e1~HdM<hif5{j>yT`GUOU;DN*{S$Q+E|Xz9a-xmHXP~xH6@fEYaJl(fRc&J
z|10TZSySm9yO^18!pzpkZ+Q0oa>d)XtEv5eWXBTDq(*7XPYfg4sJeTv5)KF&#yo)N
zgxZzm@-;xk^Ua){7`7`d%em!%<X6o}Idl&0EHdUh&nm5Z{ubSUclt);!;2CH^B?)N
zRY~>3?gXEStaty=2BY&9Z_O*CiNZut6iON=&w<l)#Z0j0WO=llkW&7;_?;X!z71Z!
z4WcjTQBSuo4k==B6d4o&uE=PXGEPRaCGsF)6?IhVYF)Cj*=ZY^Kxg0<-B~yyUfMnM
zAw4(U(`xXy;}jyki~lLm|7kEVBF$r~2tQYA_fEti?x~8ITb!_;)hM(wrv^n$3vGOX
zvw_pW(dmlm01UG>Nhz!OxY~0}yves4Z!dD3<5%zxJ5p_eG)YYrj6(V-oMA^UmkoYB
z^DAWU(Q)}t!icq*Um!DSMPmDHm0*v{>ty-)n|NGl&|L#6svZbv{8jI_PjX*)sJ`WK
zC2xbix@u`!=JPHF9D%0x4g|Obg_mQi$yhg>PU*5pue(V{aHH)`3bem0ZY)q|SQ#!0
zYwc4wAotGpVHA9++dAr?^#Iw()Zu{{az(s(q9)dV4Ip^a>AKH}lparQGI56=8g_ot
z&ITZ(bIBcKq+BXlV<@@lIg4u0j~zL}N^q_Lr`?3_n$;bSRq##r&puAbm<@jJy9Vgb
zlZ;3pW=KXQ5Ql(uHKKyjwEoaAdF}<0us6pSBDegCpUR^KA~df7L!J%#4woh4e<&+m
z1}^nI_3HzplUl{H)0)&3mbqdulZu*`5R^&EH2|m18zhKKn)5XK0LPhA)*D0ckv81~
zmY*o68BoFGqEre(*4cG8BTxh3j$*Y6?4`tUovk;N;U|!qca{mHpit2Q_t+*aU1N@9
zrcNm)x&3(7N&%oR8#&7=ojC;vv}k$fj==Oh83X_*Mxir9g6eNf<yuYQuO(<(mjwe$
zIG8v`XnL_hQJDt7ef8`nh^r+N3pBrmv4D!^-gNMe-lUbe5n}@}ij{E)OgpyBFFqCj
zse}IoM#?kQ?#uqf^LXbenKnnMRpX(t#)v-tC;y)j$ij8&ZNG2zE1g^Pt}10CHHs6g
zfwfxEw1TJw!A&K>b<MXOoI#fbhAIvCffc+yT3r=XS`Vy^4krqFYjzD}jgyi@o}FPz
z;|~Sk>{InzDm%a4&kyfXIerq3!LT4id%$JAY0?cNz^S_iB)UpLw#8T*EJZ+fVUeF!
z^qaFtbp*>t*r{p=+(c2KE}GssN9adkUeVFyI1kCY{b&6K>eCCJQX|Egm#$y~-<9jO
zvJ?RSmju&9>vA+!S!Z~OH7l*t&OxEycoyvk4`NOvYtno<RCYp{KicNhZ!@f@SYeOB
z6XRC;#M*545yW2PwhwMbWaiccmV!Xyf{ShbD1CFJH!&SkIoU@)<hl9^^^4yo^iB4W
z);6w2Kh}HKfGI;D`W%b=H2}Ne+hvB#H2`Mwhh4^R%Krw-BcgcK9rk4_Q$a@5JW0Qx
zpPqr<iLx=Obq8?<Bs2<{8j7yRWs$`DNFn&4(_K|3dh}!Wj{Ri15sbPghQ8&MkyFK@
zDu*<}2P+1gNbY0FIZ7F-%HKyhjNb;WkDduBxUaL^eaF74%xR&`vy(h2SB`<6Pcq)%
z%hMdNm%rdYLrSh2eg$-&Is4<yRo`&9Hq21yRPK}0$_?5J4(XdZ|E%Uek&%GZM;pGW
zby9cdsK*!x#3!d}!HFEtiqb~52Xa-;g`<46(?hBXY&0o!GsSEGLx(Y%d8@#0JjN|V
zI#Vt52TxqERT07Q#M#>elU=2;a#09@8Xx8urkboJTc{ymP{0YRCs(;->^nbmbh5>U
zfdI8V^K?_0CL+DqM`2jDIarnR8sOr|s`o*Nut*If%`z!IxNX4MmP-WJ7K965c5&+R
zsZOGaIIu>|4A#ZgRM9GF$CCBj==g^|@ea~3hiX*!%ovX4SdZL+W=9k13_hoyjC7r?
zp_e!pRq1yOAJQV%4Le*rUoK16VDJ;<lQ-M`$48(3p{1XKF1|pRjjtt(K3nn(c7p+j
z*o$eEi(V9%jttJ&`U06l7!=xN%lfphFW5_X*E24gAD!HkDG`p59<D+lvJ)MkP+th|
z8NgQ|sw0;&mSpuaY?&y$ZaNrjs8Y)WjDHjz559klZ-ndo4SOKd_Rgzk4=Fn-o_H4N
zu9&dEKyDGNm%;Q*Tx^MlHOkg~quySMKau?{gI^?f?wabTH<XWm4G<JjGTWxe@2k?w
z<D1CwK7SFpnvutS0vP|}Z!7&<-}DY<$*9Ltl-lw7EQP=MgkU3cQv^SocjU*74%C@|
z8m3XPZ(*odCT0^xc0+Iqlw03mLo%DSekHUf0QvC-yz#t~7EjP2JJLdc{E7IK@9Ms`
z83vr9YUI&)vq);vhmzKgt>l719s}I;Nc}p6UZTL%)X)bpsJgO@dLgY9ZW7zQnMYA(
zFSPj^HH(hKNI52tP<F+1y&g4-xu$b_dXIafCCCRG@KILsvGE~QAUw4VLzQn|{>(@8
z6^1LN)*$v^^Y(cGd+7Ie9dg|ux8?H=^q3*L96JiQ`a+TaXBGeTvYu+`h&A>7SD%XM
zse)lNyp~ql&XkKLo%UWy(5hD(+CABJ5bOpMn_2tpGcIb;SLg9;SuYVwan4(IC6+?G
z#C2bpsxG(~kpVe!D+~+_bf0<T$6D5!zBYe$u5qj7O#z1)IeZrIr280m*+@@SOVZ%&
zKNd^ji?_juHSuRCc}wnY^tij5NoGh~j=OhWE!d4aII;B~&NFoFdRM6NMGcj?Hx$`i
zILpS@eB(S}n4^NqX4221>?V7Td9VEZdWVuv^u9{gtO|<eAQbbupM;8VLu2>8R8r0v
zhfl6xPx}Q(FwQuzb<$NbzU|=mmgFJ7efaLrko@aqw;aLYBUZ$u!lmjuG<~_#e9_Du
zQEAMdVXz8B=6TOGfX(}rA^_T87Cmq7Npwz^Kfw{pMZ^&sJlE^${&`HOoWex6LxER_
zP~)VpD%r{RJ2avZq*(HC;S){ja<Otwc~Iil+R|r8b>5r;P)<BvRu@0#pd3n8uC|SV
z)2#8}kyvhZBS|=|bfw|_y`mYGaaCqE`FF;dEKzwD`g>j@b)&N($&xB{!Y5C9t)exy
zu`<T+xn(SEuW}b_#>gg%<2UERp>4^AGb?lMc#qPhrx)B1vDt&n;B`Kds)B@Eda;!(
z#X^hlxo=1MX}pW!F02m}pPXwi2NG_M`H2)j?WC%@*Z6rPi^hC<%b?0HatbRKBGh~-
zTx4Bkh&G!QW|NL(lJ2MLY)USFs$hCAUpN#fa^JQWIEb%actq=BKXuo}!bdOvBF3~Q
z9x!gO+s$xCgkI!r@R4cOwyGE1Pc_0X6h)Hvm(BAS6@FU#sYY*nQ^&fUDvW<QXf=>!
z{CQ-(z}B0eYRWI{icc-015=`@hC9y7G*6hDqkgIdKe?lmj_>kt6v6NlrU*yXlDgep
z!@_sQzH~!~dPI20goaZ~CcReClqBx}0wF-F)?xOr9FVF*9sekh_y5PP{)|X87sijC
zlmAB@C!p)i)6=e|hCKqaw4OhGiBvG$`$(v58_F1Z5~A<{oZeGG&nuNu%P?N>jlpEB
zz3xqCkE%IAjS>hco5?WQzsx&t$(>?-V=A{5xY^oSb}olUA+%NXfjWj-w8UnVN0(+L
z1%P=p{IAYD*hxAK7y4Ox$5mKY2JgjCB$?mhqMy7)Y3!7G<g`vznTNP9Y8QZEpz=2@
zV#t2-qQp%l8{FEo>U$#yBJS3YCRyP>P-aF#vq8-AvA{F@u&~G#BFdi6%`eW<l7^T@
z?fOA~*aOGHJd*B8ZYV~^uN3uARhK)fBKg~4d~0mDOG{vcrvP`XG?<I_{g<Z?Tbof{
z-h^em153v5dkV7TYAOTFRc*Em5Q%$(yveppk3?N478!Rbj21RF=;BEAxwm}OZmtOm
zkkNf~Cs4KSs7*H`B-(0gcuAu)+<#2?px=3wR!Kde9lDg!%RX=E>JxNK3R39jvN__J
zEMHYLmQ(18(o{40Ruv%SxTGd5I~ueXP6^y;&;~OWBU4chypPkm#%|soQ901OQ!IGb
z+)~TZAeP5smgtdqBPn%AHAnc##3tfg_mvb0C}T#Fczbmf)`V}xCEJPKRQdl+_&`av
zdo)FthSz{>je=0CByWYnYXE8M2C<;Nx6N+4zT-#>%V_3Dz>V|Mzp3|6zWnMtOAT_L
zweHZ?J!h#b9zCV4yzX!8(|V0GQnt^~8$5Kf<~NG$v0>*eWIG+dR68%JjHs(fTp^Co
z%!%t$C&Wh@MV~45bi4or*LK=CW&ZKn>1GSVgmR=PpVekBn@@l<e-=IO(t;*1n!{xl
z{opa^$>)ualn9gZ=-DyKW8iSRjXSTYLpW!TN?;u#0HM>ii6d*rFw@0Nk5qtS2=#im
z73k$W_ftFr7j#X9ESR)LJI<7n9&-!k&U*KUTJkB48M7?LeZM6yD_Z&xU+HRiyQI+5
zGgqTOc4baoR&VfFlrWQ<WK_UY)cZ}n8y+_1z8SkCOSY)b>uHjY0!o*jtme*BEDq2f
zJ6_TjAy2GSXVnTv4w!H*D#jq1V$kSbJ>b^h^5B;r#~yzp(n0>yNS!N?ABt7Gvr<)(
zVcaj&>@b9qQ<DFgda;nrJkiF8H2}lM`?os(lqHXleQhaLB@<BI6G|%M7lvTUIKB)_
zOHXz=>#=RS&EAm(9elUXSV-c}r`Z|jPZ)lyq%JBuy-m6XG+OV8-P6+(W`p9~EKO*i
zp`3=VCvD74=KwZz8PaRAr0JLTv6~{OPNoF>qI<ZVzROFA6y!@fbT^~tG>rIUMLb6t
z(^EO+wt|4b?ZJeTocXP{gQ|}XtRyy`Ua&g#d8*4`8YrjS;&K)PeRwd@U!IwdTxssW
zRdmjrZg6b4%tMWk6J|v}sfjTvk~pWdwUV`xRj^pi%{Z&1Ic)rn6j~9_d;6*>=i|++
zq@>rY174_|V~xKT7yrL2zJZ6EoNQGJRqg05U~u)=m!oXTY47f<Ls4oL*Mttotl(Mf
zAL4QU3Q#NC3N!A0yzt!!J3E48o*m`ZDVbm1%_H~I0&y$;r(*0ok17V-R!cFzeUwu9
z=8&xKj##dC+`%XAbxU-VY3%ymlWGLkjQ_xtgib^!R32z)cuz$>H@WJg+)sl%E@N|j
zvHmO0zxDZ@Gj+E0$3_2Rxl4(SEv|DXp~kEKczw)M#kguC{{DxJ;4wB_7ano2rUNuK
zvAC8y>R8ha8~gcFC!0lOP%O?p#S<5NCQw_H*$3zG9F`9U*$AUE{NvfkNA!%*OpLN}
z!?H5Ik=DB6?s7Awm&@f@Q{yU&MXrYc%+7!J4iY-Wa$-G460#(>6ZHhwliYah49vIc
z67|>#olD@*Iy+%Z^j<O`7kqIIa0?l%ww<R<OXNh98C=F{2)-tJvq!b_G&^tQYDS7B
zsygcT8H`R$ItBX`Mf+_F+)z+Bb&uV?25jF!@6`Erp1&;RX?>Y4Z|FzAS19Ln<*M;>
zpLI*kAQWYF+FV18kWpzUs#Dh+gqgL%#wbY5G`FnFFW;cp8h}WXSqoks@ji>}l?3te
zrT9qhw=OBRY+6M4Ew(&y9gzv)<18n+{4b-d*(LZUyzL=LTxu}_%nxV7`YmK2gLXP9
z)xLVh&*{>^`77Pr437nNe+T|=@x;{6`r!|oS$aUu<Gb_9u!a!c`F>l0F}Xl9sqLLA
z>)IZ9?sldz_3c(8{;%pIOC6bPiJgUhUf)Y2j$Waz0d2m9pVgNhNhMq2T>*o2z6ire
z3FKd^`brs5RIrgdc*lTpsuI6@F@{~0|6M+Ww}kbi*<hkZYKPabUg|u*Xas#6Pe3!)
zw!8UjL|OTzP=59`VDp9IHDLPJ)(rRft+{|<w7<#YS|#_oc#YYRyd+67eS^4l&&uy#
z!;2AB`3+z&`0`a7fb}_Bvf=6}0~ZX(wkbD4X3T&A6pyQEO>Rs8V%itnc+xVz=OpOI
z+JgUT#T4ItyOs`2`RuBoCd7z{UJ{Etvnr?k*_ERyFSWUnL}&=VEa_@_*^7TGw!f6|
zlhFyShNdNmfWZ)TG9_|xoCE#R+u#wELz(4Sgjbxx$S|yZg|yk^BT4SGWsEgv=T3nR
zNtqNbn<q?}f4BQ_D|t6^1~$54Kp?@|MwB~kAO1LxrNuO-#Dc$oWhIsoA%C%XX-zFq
zd{v!*r~k|F4-UTw`=n((Rm<|!?Q|ghyPO2=g$#Q8%e`YVdLA~^vq}`Cc$w?!6y-M(
z^>Y}bt7*HN-LThsi02^Hs&=cFRW@X5gI?hMJ9FFTjM=_?>NTSQS6J=sV7_hv28@#4
z+z+ZgWi5~D%NXXH9G2>GVci=WQv`wwj6(}70j4r^&g3_7)e`IvqVRi*y>yMV6INP!
ztQi77xa4z3MW`?%7J$CzH~S=GUwnH11M|O6(CPN?<7?CK9GktVM8~FzDH@2dfcV|&
zdLIu0-9)DqMvm3>33=7rYrvdurJdwk&br0XQf8ob);@(r#`2&u?E*Nyr|7G{nc!OS
zi@!79S19qdAswCD8rZm!INsM4yaw#a7xL!%d~HZFyRuea@@a|<o!|3I`8`p2BfR83
zC@|wO5eLs1sH5j=s?`!r+}ejodlKj&jKh-K3xZO7(&{}E!FWz=u@B%dgr|Jk)WuUx
z(e3u&@F)-Nwh;BbxGSwPd}%EeW;<3l-Aay2su{J|{bk75@tw}a9BHQDu@?9e3r_Jx
zF2&-kURsL~VXDLCG7t()`1JQK{GCUC`&DP(VP@90Hz%)9rzEjPUHB8HN;P#QA7jBM
z{Mhyms23q5ho;NR!6<BNYqPrO4zM}geN@&AGJI2VZNh7;fk5AM%Y3N#q`-~lUGrpT
zc;Gzi8nvNE5$9!I)+3B`*RK+rCbx^ZJs$qjemAp1wNy}TV7($ifqiz+c(WnLq&HUI
z3hoq2(gJezSdr@w7q*SLKTh6#Ur_N<i%-i=z}feRrB)qmV|+gJJpR#Fyty#T?_-9_
z_H&wfM-8s=8rpiFq+0{rmZEp4jY^qf42^A>ow1|r;oZP4XekZoRHx>{Z)OR7+8UbQ
zZ01Hh411JZpj;$*+Sm}QUpKr}YE`#Yutsjbm%0$O6qv;e3hugWJoKUB^_GUU+zgvo
zsB=uP7$=Sej*=3yei~w`F;ed_oAydf+_uV^MIYZmQ%9?0<>#E?=WQpJcm5I#)xv%$
zw)NpZtY?2>7dcAvuG1lyijrtOdN>K+k8mEFF0R~93%`ZwN7_Hx^HEmho=ItCAXq!d
zF+aY7q!lm7zzu{2&799b-wXDH>0{ch7k(@jkU!qE3t2q>18~0r@UQk`kfV=vvvS5!
zz;+ksNT!jYR!G9!67VZXz?RfabyO1a_dt)hUQduU-tRZB?Gx$N71N3H)f&loF;st)
z_MehpUHqFTVKh69c=e^}#v^G;;~~h2whqpM6~49&HPzRG&i&0^11QLyB|g^xs<c%w
zB(#%(=cv(<X<~R2EE}7RL?5Y9w>;}PSG>yFp#8X2S%>I<u)UDK9cK^hrsxLCdD&{{
zaXk@p>x~v{;W}oR>P({1e8L*8Dyqc01SY8Z1ubZ}B(L$KXs%l_>&}npV)^_WsqN_o
zJCJn=bFcE?zrY@+{I8yUS9=SKR*$Rxu*lB)-1tOv3SvforjqO&7;F|5TYu?qJxqD0
z#q_Uz2e>WZ9>(zu_>BXaDQlpbGhw0-ZKLTZFDhpc9NeHw?=%kpti6lcQY3_xlS52k
zv2}qEFUk<cM1<m%3?HavBwR-hD4-5yrax<-20ZYYtJ~qynoaOI>8xd%FI+zL^_5ii
zxhkct^3r=Mo^B4B=+<KA_A|_3MZUh&-nUY^P^EvfnZ!bdM4vlJ{dNH=HGNWG-$Lse
zv%p&4zLYc2NRTuEj)+d1E$&$^W$h}74B)+Qw5RPy&&b-JXYSC>yJ>tum^bL$J$3|J
zX111tjJ8$4I}pJf>N~ndTiNMK+VTo0nIkgS!4uSqgIfjSBp??Ot}NB1&Mce$ZjANZ
zH4-ZN>?8OFgTRoE!JLG%mN6s_`RQrzJ|cldL=s8$+I`vK)l57@JcvQ)uRxo-`t9RW
z1n%AIZ%k8v7x&e&AeOAP1cFq0bj9w;$K;b6B{zHEb69Ug{g+oMky((Ty_nu;mMsCC
z?^<##Tc%nglmci^6ESXXf9v*iNn38;X#v%9eb-}YKiJzh+BtgiJ!`tLe)$5&u|_me
z)9ZYkO*Wf$F)xN!Z`u}ko*Ue`A|bW*+{4JYX@U0!`9Jbb!gPD~X*}DuisZ%O3}R>8
z#al{>mZ{|$phqxGTWFJFsx^9bLir=+X&Ctb$lNWHA@mEZvE`^f<<F#vN&@Ibg<L$5
z(6?P9eVpHD8;t~5X}Ge66LnAWA6pYms7|?@+@fzTmFq}sTJxqQvZLn%#k4Pxey7}4
z7+oe(sH(D8%1pAG7kaAhH+uCnCTm)YY{0Wk1Aw{u&sGL3<48*00o~GA^oxm5KVGF4
zx@ce3v8)RfI|eTMr9kVmxybQ%o!0>Ci=$^g3tB2CwtE-Kb(l^Xd<`Wc-Jbo<xNSza
zxi}dsF%a%6jdaVrQ%uaT)`+T|(dDyF&s3NQQcbmN6dwg!wkIlz4X@~6NF~{KNS*tn
z29}W)VPb+-Mz>``ATa{z*z2mAL@p_^{c;!)22a%&-H%x7t?>p}9?pq66%&y%x{H`#
zr#Z*R?Q5S=AW_o>Z20@3dfyX8Myuy<jS1I}#*HXbHDo5M(&6{Kv72FY8(xAgspUnx
zckF_28R!KF`?KSai4OGa!E?7pAJzcMW~|1wr-<$k<nNEOofmj)7}<bpRJyd#4{Ziz
zy{*uP3TGT&&-Q0M$N#+HZOXBQ^yc7By;sCu$}$*EDnw^=_k*(XU5T!9?UHcZC1o~e
zFjs0=gS1`HH~Pf5rkniMMyy|IId=>b>-8t~-W$>j_F45t(y0<N2dkGwNY`-DFgy}A
zN+k4vXju*(bnPZhpNUV^HI&!J1wCZvh~QC*I(w_e##m3l-}X#nCWKF`02Bq4&*EjU
zc#U5I;Nwg-Wp@tRqltcHMK~)u?*Y&1_WvLOz7=PqwU1cpS!7Hy-n+k&qA8dqt!qTS
z0fZ?elO&c?D;F!mxvCb`-~PBlnQ2A`2M2F4Gt(kzxN<)|Idnnliu;AP)05r32E+uL
zt?^`sO^5C#>zxITo_AnmM>wYLF|_Y+G_cf5qF?J#R;i~Ege8=iu&ZW!^jtw>y=CYx
zlM57%6Sk>9-cJUu0b=FnHTS<kg4qOUqe7kM^JeqfB<OmIJ{NWQm}T$|ST~T-^d`yH
z>=t(sgJUZ=H`9HaYbC~&v1BhalgvL+3u#!HvJby9pe3@Ziq3DvYq-%Mt{3f|M;@-)
zFBrAy(-AdG##FKaFK`}<<zed*CVQW~?HG>}9{~mp$ct(P8fM`4<9vFag4)L<e>`Qv
zUaZ3_2631SiBocrqky*a*`5$PGWZXLAsmV<zc|aw%R$GQa@+58l6mP4JcTm5VP_}e
zK%(DY)+8Ei#W2hw7Q-66vyHY*Zdl|ev;f`aT~Ie4=r*;Qr=TDZ^AnuzRei%p&lk1n
zja(xr@3OT8#-(b_<V+wVePH5wxZxEB&)Rc7t{Xm|B-7#zmmJtTvDFWFxbQKQq?a(W
z&wJ8#HJU~yy_JCh-Y%0<t0Xk(Z|T1fSA3(ye{Ii|nG<y-<rF!I>e;b9itDv*xj%Pn
zk*x7<11hSD6&a&6z8}4n2~nyyC_N%7Pp0bf0LJNz%A42gpt8Fn799=UKdQ!rsE98h
zQZzFVGs~lCr!oB5bu}p(VZ5UNoria%gVT5{rpv#E`A#Hh%2wppDr2&<58kRGFL+}D
zvo*3)LgdbBI(U&Ig25d6vh$O{p@`?2BY`=XyGB(taHaz$K|&lxGfg1S2Yop8Tyswx
z-TAY=6$q}IkvZPaFRjN%-<@io{vo`raZz=U9L|~9RQEBbcHo>sGyB-!N@nBY_Tz}2
z#{T4E-wo%JJkRENDq6glFOr~^=33&a$N)Y6%f?Fm%98~OUNIlVkDKnn_Xk6Y*voV3
z(1-2fBlSVLvblBP6W?acJRk0`T1{Js&a<|t3?OBzzLnyJ9A@2i6%hZfa}YA6tlTdR
z&t=Ao%%Q^Zc>?}?q_vD-jOiMwlSRgpJ%TT@CRtpnRdozm;&gfy@g?7n^E5%9;M2jY
z;@vi{NfF&F5h$(7j^X)Sfe4UGQOg-T(_fxqiP7zKW>x~}GHVtltjdH~dUiBH2KG6?
zJQv5gw-WrO*ZsdPr^$Vq`(kM9fUsL3RaRHWvmS<!OylK{#F6T%EcW^6mYcoW@~k1u
z>9FA2T=YyBNpn`|fOi5ZP;Hb<<fO}9q_g?k9w>k9YHfEiF1Fyo$y$qJWvi7;Ga0LC
z{9=*^E4wjvTHaJ;w{IZRXoz?vs`X$J(Pw9a{#wQ!`Qr`W@&)azzJV-DP&!M3<N^&q
z%r)A$p#9}{fed9WgmJ21814#jyz*PQ_9bAh*&o$@5@X8t6qgMVkN#IF-yPM|wyhtJ
z$3{^=L8%G}p@!azT#*(CAiXMLAQ*Z;Kt!<6Yaj#yp$UP6j-eMprS}dJLOFz@^rF(i
zAHR3+8|R+!?s#L|clUpLuQlfU)*NfBHTPQc`!x5IWYhJ2Yu-TZTA4%{iP1F<8w@AE
z1?6WUHIgvsnV}kk;MisN^AVLJw@&4H&8<q!blK&(P~~AH^W}<9RUG;%?xKf!foKn2
z=4%G@xhXv9x~a-Hic_XiORAe^(p<z|OvVLEyDJN0R>NAZ$O;bk*g{A_A@NZ~6)7nZ
zTQE(F_T9j17P6r78Zd>#Y5<;bJ-ubbVZTGR%Gxll^L|b>q^sta?P4!bE>6x2;YI}4
zix|7_C|eg=Rw?p13{6a$RMB6rd)?!%?Vk(6XNV4uwK(e$OBM26qF>j(;DW{~-x_q4
z3l}B#eZ3Jag2Y{iP!{=hU^*LWv~53<FlzMh0fM3<*VTVsCIMq;KW8^JN2rSMsofv_
z!nA;7qQcVZcIZU?u%VEYsiKulM3=r?E^p@V)w!5>=-q^5Wx);2vHbp3aDJH~zP7ZY
zFcnhdbS6omJrc0T^?FD~&rN*(LxE*wReqO>ZBD$7jPjN_R7hxYJ#l;oQs1vCI_*XL
zEM>n_s_C2kZN;_*?>VZK$Lp&0i2zD&pIMfk4G6BkL@awy@wa>mi*YLn4F3F~bd0Ug
zrxnBILWW^d%4PU3%M{ET(lKRJtLx+~A`LQo5_n7|TAz6F11DB5PL5OLZ8xuRUIFDt
zM7KhcwxUUJ$iPcPgG%G|FrtNHF}}*ZrOX~iGt#}Fa$GQG-Hf3LnAZr6(>mOA{D1F>
zlNl;8W|-1_o>(Ca{I-)=Y8}d-P7oqR{w+#re3@qUIq}NRGul_0k?9D!^Zt|&G7q|q
zNrsJU*+96!&VxH8jKjzM{4maA)R?5+&8hv)NJn9IvD?ufEDkO)&oYmF$^`SwyV*SN
zk`xy)@GN*=wwgOwUR$U1AWh3(6JrOGN;V?1G;W4ozIXG|)pm^3@-l<3|1IY}y&<UL
z!QzWVn|!O^^{hPIv*lXi9~?=tOcucf4{mMLE_VQ}O0*~n<x_pOTFz1st4fIm>o#T4
zNn;R1|IWwtq|RE~OQ+BRyM?H6Mq;gRdWGr-gL*yssz4T}PMkg1HPwSRw-Uz_bUzx^
zw&RwqqHC0j(ewVsW<K5waba1z@1qxASy}!IK(^qU+s--wot<rA*}PeiH()4}Rd!a5
zw)B17Zov78zZUxc^*0^BP*)bmp7qsN&Af#pq9<*CKK14=fc)dr0q^YS(}BH}t)pgQ
z>c+_YZqj}0ZQDf27WfD)j?-MQp&%vv!~F%OGmfQASW*F~T=#*qOhQ6_L}xuLR0Oo)
zk(F%vZU>geSzm*D;fG_S(!R>Yc{NNB^2$qXONRBULpTwnDVgF}?Y5@2I>1L6O_P^}
znkL*a#^}02)vGs=p{+ffg5SxZa8U@W4pNf387Y?6>_!iIcH^z#Z_q2-@?tD^S;{BK
z{v`P?imKpi2}?a)wowKeL^E%?w?^}MImTmh@GDm0Zav}N;=H(Sna2#w++jkQ<C-4P
zh{HUoi*^@PoA49&!|%qKitImdwN1PTmC38^YQ|T}EDPm&LiCK-x@kz81YDXDeHWaq
zc2;R`&+s-WXR)DU@9sAL(dIRwk&ccnKQZnPg&czyFK<ffi9xOh4r6+YyYERvEAIIe
z#Bxzg_1Ib1R&HC@-500>6}=IZ0%dM+MC@a9FryH)Zs|3nDKEDf;GOh9+)a-8>mo{B
z`g!I2HDD18)F5DK<IdnJA{fNHjWO$Z1!&=pXcK)jQg`^H2yQ{c$4o=JvqcfxUzU%S
zjURhO+wGD*0vm0$MRz!5y*kxzVC2S{wdCl&F|QQS#_vNDnJD)eS<v1fUJz#L^wC@1
z!QY;w#5E(Fs+Mz(!DFZPm8WC?5-9ioUrtQT15RkyegWS6B`H%qqiZCmdfRbHtM#u1
zm4qpC0Zp8t{`z1I1?oRfoVdBa=3>gU#sT)R>hpAH)qW#JPx67RnFP(kv%$JfBhzx>
zLn@s{v)FIy&?^p+6~?A6()`$_OH)19E@Mo1E#b0Ld2K!;TjXA=`UtK{^USARM5dj-
z-)Rq__~g8NY~r$%Ode+h!;}6L14YL+;)uk;r>@7szW4avj&Cg2cS=q;YmB_NiCSPH
z&AR2{741T*5=6rH8qn<D%QLLsF5ULdr6e<bZe;VfwrSAk4L0@HSAk)8Cse+&>@!5{
zKiA9cJq~%1a;1g49V}seKFGWKb_lkkeRW|HN(#P8NJwKep#)yt?pcgUU--hS`*e5&
zfyL3)-KRK0;dNSH7~9>)qIKIweEc}@=lkX@D{i>5x4su>_z9JtGC_Mn5EZC46bF4s
zVqNZO#<}ZGFcP;enEB0O%0e_}(Q$kI@W!dLgDo`Lpte|uII&>mEFv7gOm1lo<w&ln
zMWeGpxfr3OlfF$b8!Xy3IkMmjv8SXryPdO0wi}^t=j^%^xma^Xe3(>72UTiiN`Z2d
zhH3!mOfkkpWdAk)s5(C%oWu5JIYXE=s6Xjy;{!fkNOdwEnX=-u$Sb6-(>uD-r)!M%
z0)mK305IQrFTw-5tlj$kcoTKlty4=EgnelseXzd4@KK;%>cS_~k217f%wfInZMv+>
zKeQeE63BRZt|$j9jAcpG8i_ruIWw>|8%)r9YN(41aMk>N+{|`W;pArt0_88Y%So~f
z;Zdr~eUS5kb}dQ%0fqVQ97`W(iQYZW4GeIZ`v4@0cUTLwJZX@CYgY-BU@8*|VSI51
zUV=dAe*5-&r{P3Uo|bkUGuIzOlan#wF>tdT16PKiYL!qSU3q*|NG+mF2p>@+t%ePf
zkA{o3`kq%<v<9jm<*i_HT~%9|%QOQjPsgy$!SC-Ft)s<mEpnd}lgIFqQ%;=z`D=~n
z@!BZ^K6|<dN?s`tc=tDI+f--F?m<L=iMDR)N|n9}AO2$~h(JhEyBVGr;IY6bE*@Xa
z{fXnhEKP?gRXjQT8Dl|HSVt7h*B(D{xrjHHmnG*2B$9KDJPq9R`IQxjX_F?7)yKtJ
zoiUNxO*vyc{K$*fdre05!om)8^kBZ}Zi0`xX|A0y5lOVn#lgUfst1fE5XK7`OHlrl
zpR$89IMuH`zSNjWMuP%J@&@Lf-~gfXuEfyBx~g)Abg_IL+)&j1>je>DP-)JvXv^l)
ziGhH$ZLGUz7H2O<6t6591(wVo%><>k55RpUfLH;mM;?{`+wgdjw_P1m;yyWX6=^ud
zf>(vYC~{5Lr&XX-_{5>!t2@|pN`DVzeuw$f4ph3^5}|xo&3YcC5E&v2L?qY7#O%|1
z-1O#?rY`ZW>vIb`6^_YlMLD0|z{JIw9zWtqTK^ay@u5k5!VlmqS_{Ye`QBRTW1E4*
zR4`94%qKmK+0LDIl%RsYGzX9(m0bgFLp>I5m(D9t`?MX`f~wkSsOy(awfZ0^cJ?i{
z8L=e|r<z`M*zc~p@(<rCs{14@&HZmqwJ6KG=Y2G#Z`L&n3XE9h38p>-lW|YFbYWNw
zDi1VR4&;-XLc{sk0PLEv=>~#C@hvSSqFAG)pWYA3;h`>0g2C?tIY$=>PlAJ{kpkgQ
zVlW2137)`g&YMwo5_3(k7`jK$f{}8Sx9zF*^9kV4>a;)xAuP!c&emF)^_!`)HZvxs
zw=?4K>dJZeP1TqC=I?>l7Eq0dM0SlZo_iZOPHQOC=ytDz!($*>eh0}aCJqT}MJ~V3
zoMh_4{gwl^DTw;2o<uHHl&XO20gcWQOs_jv{&FYz&-uVP{jM#l_Ii3J8Oh8nrT5g`
z!741b0vMc4&z~EsUmUUTH)q7|s`c>qCky8tlS<5GpX7x;GeO=o?Q3ivot2p9$w-)J
znS$tlzbd&*;f_Jx5nUfo)y^`HO^#Vi3kWS}vTs*a29m>Tt<#pc;3MVAw}$^Fw+bT+
z6qFC8S9o|<$@eOBkQ{s^_UKJsw#2;f)rNEET%1N?{eQ|?ODDT+un`Z!Z~a({Yv-AB
z_DDgY4LaB0Pyn?=3VoN@qviEKU`W{6HI$$2W81Ny^X`@1Du-zh_U@7hn$!ya$AADx
zs$99X9?w>yo+Jf0o2YdnP+xCKpav!mYG|kr1B557&0Nfd8_WfB1Y=}g10)=X3;S+_
z-F^ql%7}<m{z`c%(H3K?gwKPam|-pAxW-H6t^AnkGl>yN=0B0j#It=Hfd~?XrsYM(
z2u7we{{!SdVkPxo!zlLsKMnLBHaLBVMqfuMPy4NE{*3XTf&Zr{^vL}g<J$%8vV8V?
z4Sn!2x3X+wtMnfoOm<2(CXAqgrD>a&3qkjC0dC_NL$|X`*D9UF=!7j5)-|lH7m5k3
z9&f-^C?V}dS;12?_SDp@ZUp=Tz$6t<JXp7kh=|VC9iZ8ldo{`i2v*|Qy2TzGP0Yh`
z`&iZtlKbe9)A1$o55CAYOUpc8zf+6$QZLOZO6j+SMPIO2P<(`??xmQX>Y=B86E4{B
z+dZcHgC^H4!1nF*WR7-M?80OSh{;@0qz~rRlvySH@Ns9B4SGkkngH2<UTcadi9tVs
zuGhIc2xv;-@=~MKLW&fRvIZ(imp`UNG=1*cElqMEjOeqOJnK6;R`K&Id0K5c3G1`j
z@ckYvxN>5bXS+7n&p;^p8I<H*ftKKMYk-|vEgBx!j#_RV3|NFKNX3<n9h&v`-?e?e
zai_KDh)51v&QQq7ZxdY=P!-$Ai;NRvO(?-JcgwwXRNdHQ=^RB)(@}$1%$LdvUdydZ
zA2=ncEu0xU{Q2DbUwLHwheKI5mAl?!e`5L5v&yG`GV>QqTz_;ceY9A%P*(U3pjHkn
zW}2Rzw;91(zN$X@vuQoQ)8JWR>HD{yL{H8LZ9xOM75XRA>bsELsTv^PUCg%$uQ>U7
z@%$SPFM2<OW{slkR6q7>p4wNpOmdjXRl>_|z*-+la(`!@W=`YO=jleK<*bin`Hgu1
z&aI?Z8N%$f%i5PDIc3a^LmlKd)93xL3+9WJBv$$$ez%!IqgJXHwQ+Y&YYN152$jE)
z71jTWF*nidoZ?-bo?abkSut-vX=d4-Y2EFISlo=E;b)ZUm3`2;GugBM<Y8UIv)K!;
zvb^G`ji#&TZb3VUs$gXM%9IYC-iNq{x|S!`x^HNqS(9+go1cm<=Q(XlP!u2G8?n}U
z(T+C-1J_VQV??B{fF2^Wa--9{Q_uxJ$BtL=jkndV<F$Bj4wiemhdbzRIi%(+31PEl
z&TixtCtle+^9-!owE6{D+<i27Bzzb+s;Kl6-PTKb;?lYUk2Uk)iEG~?bO?X*T96x_
z&vurNT)ZB3$fSE;7nFbOeUAfnV*cXDO55cw>u$zUQan(ToJcort5ecZu?g<$7;JF@
zHl2~{jo!^V=87iPn>rw+U!w{BjWhm9-3^_TH{q1U_|2%w>_iN)Q1p3NcNzxQneuc7
z?pR%ITICfa9IsvXNqWkk_2zCW-Hr<C`qvttTgCG<{VErsXtwlw*aPB09mI`e=#zs!
zDU=Hwe3w-qgBd=1x9H}VsmhvZHSO7cjU=Mtg4X;|79Wh1b02K^Mivn<f<<BxZY2)6
zX;5H%=5^U}>>6RH!nL30y6Na%k-%h6DnC=vsz_JqVFtegA~|g_nX2(p$T-#ja+wdB
znjaCW{#{dba?j(4xDZGw$}2hDp)E8H#MhiLo}P(`nV`en<G5?4AKm+!@KlSp>!^r`
zwQOg{)Of|bkwcMpO{Y>@aSvQlMsyv$u0R86YJuu|R;i-sz^x41Ua+K^y-SQ0?mf9>
z#CAHee@vM6ne@10zR+I8r$Qj!5I=1v*p<!CF222;tt0!c&v7}ptjZa&$j){?dEQ(W
z((F^%AeUXJ{}!P{%-P}I<R9-cPzv@49jiXO&+57`tY$UL5a;5D*$IRu$j#qr_x}iP
zX7qZT?#I|gzevavu>fQDI_Q}4AP)Mt>(NH|(CgPW?ng$BPZAm1d5z$zg*f)5ezq~#
zMZ_0fo9%^C$-A@+S@vu(Oa{#ev~NDM0PW`M3H-idXFUyk#2t(o`PA6z_Kp30apr20
zxzPjPsLbAo5^3&C&9Aotu$#dXRO`XOOYIol-SAGI??4hd5z<{dm}l0X#l`?-I&i$r
ztCPAAN$(Ej7ZzaDaQ27=LqW;ZoltRjwgvmk2^>B)gY4$bQvLEwojXtCMzjAOp?+kr
za|-3UBOH^+XA@U&b~I7;1Qch}|22|w-PhgfD<fAAGEqRsr;wnl2)(grTY7`DgUp;z
zulcd(^Zp!1=???hGJV-6a_^KDT|Ye9dE1rGTugNy3QH3joB{rU`7E~@rjN(uZYh6S
zfknq&nX38mWmO-x%31!3xyv5@Bk<V3VL+POtgMth6{-#;;dn2G@;6V9+vxUP`s6&V
z{C)0)9d6#d+)E^8m$9wjUMTd!EGoGLHZJj%12gZ)ueF9#z_o4*T?YO^$pPi#=r+BZ
z-M)+B__{Wp=4y66?kz=iPr20}Ate{&+;&WsvPU#VWfCd5X_x2b?&Xi?NUOM4H2EEp
z_H3(=Go=<Qj3JXwC{Z+fc{FP@+uV#)Ggs1u4L)ZRL`y&EjaCw9u!?__{rNY8<(ZjZ
zfD`324bh()uT0|w>s^S7S|a}90{znY6bSxIfb*WIQgA6kh0QciAhyDP9`&;T;o^x6
z;pqZZ$D#v9egS@LoJmrCsXH<LTgUEdehVcEeUh!bWfo+zEb<(1?dg2czDjzxnJCV?
zem{OK5#>r{Y&YUywT-@VrOb2J_=8Ui%(0A=?QFh~_4Zx|QG)Pg-uqT8UPMT}oO7=q
z)zIxF;x%a!75b5-decmh=2qu6bL2^IX8~0IC+qGR_p=nPh>{Xz4f$j7g^9<Ey~%-?
zn&;(0Qr#?dOC&ggDwu9VINA%3*ss0m{BN$(0HX1$fF5!D-<Mqx?|cXl7UW1rE2-04
zd=$&?>>Am!Q$Vk4R(<5|fV`WT(c{ha%H`>9GFjgj75HVA`)Ff!p(bb2M5EVC{?W;~
zZ=0emeWo*seih;V2p(tRkF>^glw5#2-N)h|566w#xaKzhWuJd^k;S646#_oJQ0|fV
zZYG~Qy*4*v6^<`x1aCSqW>Vjlt*SCQavAmWZ1KeH^s0>MFUtog_$Avf6?#A$C@oIa
ze-s@K+_%!c;T`_r65&I|HCdAv`ZN99iz)tvX~XWjo|N@k;nRx2zXRbqt4JKFJ$UtX
z>TFUJ+zANyZ>RI+IZ<9te3Q%LH;#mif#loXZl&TO1mlQUU8!%gPxv5bJhyf#Bg@S2
zIGQ5KEGaF0(-&s=Dwtl+St!SEPxm?CQmGfV5tJ5X*yf}bHViF%ot_19TmrG<af%J8
z5%>f5yyvCedYb~IKWZ~Wj#;k2cnlncllAJRU+VZmYpdPD<^^NvN;N}5zSIT?JyMz@
zN_`m_tP=4u{CtQ0KbuN`e{)+lvK#>G6vi5QUuSYZnedaO&u)@`CwCYpT~6Us$2#9P
ztZRi%^i?U?tk-d;{|jiBAQ@O;XNvExp_kE}_Y1f)O>0lN5Ipv*0`W}T=}dn6+{2Mu
zMyuO(F<O1B*la7tqpu3ni;ApuZbEJ9vynD_g;<o_RP|<Htx?UDO9mN4a<5!{H;E@f
ztL?MmvsxCz+0-DHDD0llaDeEvzq66YptICB>JtF@^}hh~Z+yxty=e1#{`**Ll~Y>%
zVpOi?8+!!Rusvojp#-br+4v)#VD&D;{1~h=PXPhW*SlNAYg7}8U0`0&80+e!-uGy5
zCBam1cUlVC_0$Jpr_A`_A&=1!y+~7%pO5ir>cV^4ShY(u;y7v~);Z^7!6C;wQy0Cz
zOA#*y{O<2`U^Pd=@<br=9E=rNI<7txuLsBOF4mq5ZW>&}x$n;(+r|6!^@!7`L*rzk
zqD<#*A7*hvlCP35%D!F?!Yt;EvA=BGptcPSA^_)i*(?HuH&*gaq`U0fid?_2^&PO1
zIL0)OI=eKgRFZCQub10dqR$E+L{wyUf`=GJi=(vpEa!Ui_B4i?rfP22b1#41S)b*4
z6}<xhY^EjKwbc+x;4m*_!g?Bi&-*8uNbP)S>N6;Rk6xkFLBMoPG~r!uP;>WY-ot6r
zk3@e_g(^2Zjq;JNa^5=sqd&V~G6_RCRjt-r1)SrtIyHZeT)dRSUSM@2PJ`Tn)7yw7
z1lGB$JyRYDUZgfD`~uuu;QsE_vtRwgrx+QhFQr=HQ0L2_QzH2DVt{)js1E6)WhWj`
zz5VPN`)j~SXws~1Lw&(3*p4O2nJU{>5u}N1uQCeSkuri9@@pRlxZ=ivJ!;(pj4JPb
z+?N&MOXy5i@LCQWlJTg4bZmsb@O;_e*KwP6{2HLVw20ew`?hL1!i9GTKy-Pn-Ab@F
zT4C6oW`TMQuf#Mx+H<3Q`zC$+eR;#Og`b)Da;Dx@hz+8)+M}~XVZ2a$MoX8!U?Kk(
z0PTi3`~>i<N=LA~|K4deRGcYGZgR~Dd$y9RJNFCFXj0tct0;fKW&8`kq{C`%0>_xy
vb#^{1DTt=`%TKkh;v8Yq1<L0>!^el@*FJb_uqp;Lj&_I#SbhRr`bGJFe07lP

literal 30730
zcmeFZbzD^4+AusAC}GegA~1AGBNEaK&Cm>?Ff&Lyq_m23$<Qq@Lx*&O(ka~~-6$a)
z?|7ecZoS`gpXWLE`+Ls!et*1cezVuLS6u7rz4qQ~?aQ&tFMzuWvLIOi78U@2h4}$4
z=dUn>q@;}1z^bw!C7ItUu8;#T>Dog8z}m*a4lF16Kvz%y!H=?kq-Un~Fa81lNshsL
zF!BRC05Hh$C-whb5e^h)Z;EO34fA)f!wilg7K(w1&He_z`~jQ%4G#VR+i8NOFm2vr
zU}m#lV3S{9XNMOKm^SS{+MB+x`vFg3U=eF8#~)+;NIxjXhuLUpU~*l|{~o{|00zhb
zBr)*+X!<En+cW?`=sN&#_1(`hlQ;mN!Uq5#pZHk@d=CKJc?$rP_r7>$_v|-fu3?T>
z;BWw7HxmH3r3U~I^#K65kbe;Rv+qw`{0m+mVEWv{@M(+rnE|W-Fu(%<2w(#+1#n^@
z9>7BYH$dQW5+DV*dgVv@alDF2*RZesNH?*uuVdrf#KpzAiGzcSe+M5I?=~I|&Mksl
zx9{A&OK=w#pOA>~E)fR4`vVEqkDgbr-Nbafi-&`UDgBG-@*{xYCe|`m&Q&Zrz!d_l
zs{~k=%>ZhQ`mO@5V*N1fzo+ZiH!$N|!NS2*!|nnA*jQJwuH3wN69*dy`wm9kSFT>e
zG$9})BBi}aOhU)49W_Ko&m*C(6+IxR^9=DivUC`SS3uIl(Wz{ZPsrZ+O$j-WUkV%^
zlUk&qYYKBHXJBNKf!cY$MMk8hqni6M!%$&{|3Sk~A~3^TyNVeGQz=A%@j0yP*KS_F
zdL7g12bCBa2ndPQuYpthiD<bc5aC60JkMT#`gWa!mresYumhB|YrLEQ;A2`}A-GBa
z5C>djzxq3SKe9Xg{pw&d&8Xv0Q&rsc&+BX&(@t(U;REZaXk`IKdLS(@4aD%6w595B
z+qCYRb*9n#h2&1tZQlgX+eNnPy5ie+*-hIr=&}N0R!O6y#z*<oc?pPyaaTT-C%Jlu
zy0L^+(_l|HuHSyNnIX1X^eT~fHB;5HPR!z8HF%mSm032E!f*d&Ql(C!O*FD?`i{4?
z@b??{4m4;SbU!}SNFAK`sv2MQlNP_9W3fLaXX#tpa?b2AI1(5vR73Q_xDTa%q9T2W
zPrT}IP&2q(;7(;enkBSS9DADj6IED`TvVK7Bgc~Yxr=f;mFY_*cVh;&aJw%m`M2Ub
zL_&aN4A^NP=JpB-ZG!Akhh2uq%@Vqf4djvqkUK`5nqk^vv7M2$w0w$uvm;OzwOI;m
zk5(bmk~Ux9HX|aNTG1XgSJs7R?^(?L6v|IR(uM0sE3|?p6$;Z_0uYoHFM9&EzEcH|
zlyYP<gU2Con~45yB#Jp=Nc0%NBPN`rHzdGS?8@T6H^Q6JNu(UqYB#MUfFg0Ti&?mx
zL7M;q5{`DTxX7ZvO$LG_U77nSCJJkacg)5AbnJ&!BcckeyOx<NU-BR8Da+}YSz~o+
z_vP#&*5o}9Q&Oxu=r{o%20Q`(zNACR;67&$a64COS?B_JT?#VKZc;K&CIwWXb3N_Z
z=(J<0kgU(+Pf-l_22jXISyYz)0HVJ&Af%uwAW@@*`=`8rQ5|!fL%#B$m8scYCYQe5
zNi?4#sK_Mald^pLBv{V_|HG8MDv6a(Dvow156>b}zkq_|d)_VSrqwisIqczF21Uy^
zs#(?o;}t6uHW13NK3M(vsh^yRuf<?}_V(A|$$w!E1aFe4h20F-_H@K<m2M2(vmaOT
z==<4LCiv=gVQSHW{o~w}Ka*NoE7qH&+sUJ@?!&!5t@J0VepA3F6~F%pgHJeA0w-FE
zsIaIQajC-8S-k>)7mSa0W`aYNnfl&<p((&jlRZK=+xpYHdwUZ;uht4sV54;bMA&>;
zVgE$41#CLup)TUPI2Op9Qv`(?F_#<y(a%DeFHA{$k93dNy;eBT##XrvtyBlLZ@wlh
zi|d7*`RCS~7Jhz~^QyC9&h$&sB_Odp%A>g85<o8gznwpK;n2j^?e#H!v+t+Ybe~XI
zf1!Z+-CKI@0)7@*Hv$5p>18<o!(YPA@8ErxLEBFw9OsHR&Ks`>>#WaDK6MP|#>=xg
zA0FcISL%GN%4$y-XH{9gu0xGC4@ZLHwVK-xIm*9^^_o+Cx8*uzGT&Zk_irLo{K^(v
znq!$>z*Io^h3>KZY_5yf_+wS)+XI5@GsXuhgVW8kxX+UQMP1|3!_NUP2&hrE!?g{Y
zNtrc%zhj?sCpVL>yczmCo~F`}lZu%0h|<Fs_4vGL2G`_%ww;hYhjd+ZOt@7VV^j1W
zMwmv8!`K7aq&)EJpX(bwYqB0Ol<csso(NjZ$5YUhTb&BB<C*f2WDIV$<L`$(n$d_D
zGt^<t+RW3r6*Dix%m3mTH+^yEow&Va>ufkQX$Xp>D|ZTS(B8cS6gwqv|D-n{ut3{t
zM|lr7J)YW^lcbcm#$<w%nWD`IY$(ULAmA;>NAdmuA=88mvlBx;4zjrfB#4scBnh{U
z+%^u^Qi+51)apGPzB_ElK~Srw!lUw`G&idQ0XAY%-$S#A?O1Qod*&})0-#%>Q$J;k
zFTZLkW2ny?R;TA^D17=LzV=OqsPq~*gJE>UH+r|D5ga~M#`1j|@`4VC1S9Ea#pC82
ztIAke;oS+>S9=9HZ@ncW3{ZnsoI$oIktjQk-X48TAA)$zC}0oM_@566TCFaqQb<aD
z!BMn<Ta)ypi)nIP!H1*UXGwx(D~BGn2`!&6CDx?HqZb3Vb}pvt(2F(?GbV}~!?f(Z
zQlKuPKEmjG<^t9q%?*qt2~jNE^gP~lUu2DJPUE)W5CY|cKa;L6P$pQ;u;b4SWS-0C
z+ke1#IIqzEG_+r2!R3v=8iPgf)6#yi2eMDT4oY*E0H2AJ&FO|Mt)^!bDhY#=<IAEY
zQR)Ka^(3a>`!$4x)9V;)tGj}XK~P0WLiIkGZY11N$El@iy~(MEh}f7b{@keAqQXDJ
zwwg2LQA#D?s#F)uh*W&JC@*FG5<q*g?QW6I`VA8h_(PzV0G;DIhxQ9vzq|DRDS#FA
zQuh)N-&*XId**jqwUZN^+t_wC!XI&NyeK~18>0DtiufP>q>Yy<N7yIGyc|ghYR)t)
zjkc@3B&j%tO3ni4Nz5thsGE3DO<&EJmR*)7{l_o-qE%up0nx%5FhdUnUJHrVI6lph
z>=~WdH9ngavWAa&?1*#uR$D~0?b8m4B*&7zX#eio#&-Y77tv+*ii!Sl_TAbo^|@c_
z=7=r<IGd!NnL}T+g_b#&()+UR7a@H>rJ?-<j~J96R2EBrRWAk!EiVt8c2#QB(jltE
z2!-W5P;p`ehNRR@<{CsK4h5ww99hwWt8~F>)2wt;Rb;^Ui26?M=Yt96u6o{TYs-Qe
z-%JM<K2Q|+Pr22nomitHIt&)d74*ybS>$FcczM5ayVqqTn#NDx@`||i;X1b12h9fu
zb#1m5{&k!=EFjChuhc3OWJ_Sh-5^I!3Aym*oprpI(f9;A{B16rgj#!Oh<gNAVpy%8
zaNb6G!83)doa8Zi03hxCKg9bN^Il%}iH=FK9d;G4sW>$Y8`XVaiN6Jig@Z3*Dr69Z
z3?7n=L=Ctx4@v8jf7&_TRE<LtQZqEr(3hFWdAYFgBmxO8;3u$Sf8UT~{~UPswo_3C
zBiyWN;<fUXx={v!iKOUDfZOh@UJdQSMMB`T+;PQNy$S6MfO6UPIRJ3?=CNkcRJ8WH
z`>y5v48=@M>H<5SGWREiQdaXKQ`&(5Iva(_H}K*D8fU6@@BpVt*{EVZ8R>G{RK&2P
z+fi0<dvr*zDOf4EL#C|Tr0jrz-a?z|+6asj8jvl)0ELvs+GM*$Pp>U1A38g4x*b}%
zskPZkt7{t0^jIosh#GzY+`j$fPegVzFK44fx2{#%+R;7giu6qKC4dVx5mT`?&mF^U
zG3m{6>@GAKZ4=INOcbx!tSAl=h_X?BUw17soPcyDVyZPgXZFoz+sT`z1IIx5$r3MR
z!8S|fFfGBx8y|GJvK@>*n{E3&{a_4UtxN2kCi=){nyX`_k@IJjgyjN`rQfEC%0GnQ
z(m!^jL9Rorsp1H1&=dqVaGB$7zx7Sa$>d>;i1ZB09*%<rs%$3hiCaK4nrhpeUSGaD
z$b_G4Kq53>Nh62p&&F;lsG&SqDbrkBU5npS^r&oI2Mw2dgILUEPvhlBki2wbAu{{#
zOmj7e*8?_5@zxE=O5#pa$Joh+s=3T~59MrWJGt`|u2}Qb1{OyX&e#Y;#}sXN6&%fq
zsTeAuvS=Cv>1o`_wQvdw8@Vd--|)Qo6Fkx$7lmsAES@tgkruuTs!m^3Ga+Kzd@hRX
z_uI$OdC~4+{nN91crQYc`Raj=PY&>|f9DJu?>_JQ9aq}RYYVxW^GRx=Z$5b_rXARe
zJ3PMr<|IaDbJ=q>8PKMk!7_aHce<s1mqoxAd`AnDU%RP31Cs^7qWGdLG#mv(MM>1E
zC`y~!pS8VP0Ey4H4|EQoGEGDW+-xARFPbh4=DbD*#B1QVqr6(YB<5m)!-CDt<xc_k
zO)<Bsm?W~=qqMvXnK9kw3%D?-v|cviWrV%YgIYz!VJ@+d6q4}!lbcZ3lu;15HPa>F
zv6u1GCE#T{<$+!`)7s(l4+({iCQHM<yALMOodKO<z~<?9isI)~DYU%@O1*1zMBaf)
z&j%?q%@GqGQPG{&&4kFbGn7XwZ4HrZ?^&$9rNBNTew&_E!zquB>Lp-+-%IH%=>#ou
z<wl7%%eI+domG8E8rQ}54{++Z#QHS~^agt0mZITw62?d-i|)^HR8Sza)DK_**}%<;
z2yWge9@`zts;o7wLdu#ic9sWEH0*~Rq8eD3kPT^KgKrnQ)E|lQ9w^XHg*GZ8k#hS;
z19en`#N7nz@(D?Oa~w%R2m=d;f6yx3owcyI;hXL@Nn<V-^k!xZJb6p{wK0YYFH=iN
z90nN^=#QD{dCxLDR`#sx@ZmJOD|i>>;pdYNt(q8z1&7Jj4x`;%>P<fau%bTxCg(pM
zu(XD4KRKD6OFTOjZUGvWLB1KrUINr~JwF$LsGPjKH##!9<^TXE2e>DpIkJwZBOGTr
z{$0ibk&5tm<y)>+{dr6bWK5%<v|}K>1b|#+-4aPlO^+SA@I=ylx7QMJzfah|Z=HR$
zpn@Lrt4bZWJIR?1K=}vNmXAXYU4^d06Z*N`I$=?oPPQzvWO;-uPx}Ye=B6f=B5EOR
z(U~GPlm$qe1{_ue-R08c?tFLo@LvD*_6o#}VEEWlQs>u*H;W;C5#xLbvdguD-SHxN
z7CdakFP6&_5on=}=hl|=JoH=;KrnOT9`BCB0#n3W@ywG5<PvupY-dU%pv#Iu)<(S%
zS;hwr7+kkOF(qKn4~$b}dPB<?3??{`6|k(>N#@?|EzXSoiMr@v`O0t>e}ODl7Ao1s
zq3406_WIyXoNMwt>P(*(3qhD$IoxvI4BcoZ1k-~&nc7?yc?~(niCxF^5CJq{<RlZv
zittT-LZ!Z0;uPX-BXg_9XRwkoCWQ}MI>W3SGTlWJha4taMEp*?aZ(4j5@k?*gScY0
zl)*<xwJ3_XO=-9reu8jku{-2mD`Gra+mV6;o8ItIRtax*)NNY#Axoie^gM;E`K6`O
zyU@anx8Vfe7=+RfvaSvCD08un!Hzp?A0+2{vE_R|4La(6QsBn*K{}4uw^JD&$e70Y
zxF@S;VW;Uu2&+mb;#%nS0dI9@@%tGiG1-sC8!TVx&vdUX?m-kI=<*{1=RutAI#&?V
z=2m?%UMm5gHeTRklSSLH547k>sp^@Hs+HIjh>ugsAK3B@m+B-ym${n3<`yPO!)#e)
zw4VbZ3<PCG<Vhd(tHNSUs+5Ae7~>cZ89OY{tx@(2t8xUH4B63xB$fhd89i?a4HR(P
zY$DWSUhK<b-!HidxUzAjB37w~ZBe~vuv&l8Jt__vqlew9pVsPe31I9VXLDpxN7ac7
zx@^jt(=TdEG~GG2_qhZ><S({j={zaErAWFlHG15q=ofwVZLZ@?khbqgLcPe?4Y#0G
zh1-8(rlak-k^4J&1Y(quy?Kn1+#mu}nB1(OE-d>7bUIt=Nqh+isAIhZl-AHpNvXO5
z^=^MS^Y0N})Jh2Ec+S9rj#p+x#hpdWqnYfEBVnuD-6A85S`*^9Ud=O6UK564+Yh#A
ze8lH%6&kiU+YavzKf(SlYj5nPlaCnRp}Yj(8%j32)9ftsY+5J2wx~sg+nv`x*5Yqe
zSmv8fj5aCYMlaQS02!_+EF!J9uUQ;yGuGU&Tz+It;lCGSZ<WpdVW)P`Ch_nXjmL)?
zL2555@S(bE4!E97(@O{8;9A^+$4X8?Iu+%C;rSN)9I`Td*|HYA`*Cq`VVsjIdL&L#
zytp5WUXqP|oiNg^4WiN-l?oyeuzer7(DUKsI3Esu%aA@B*xmEkd42pO%`?T>?f${L
ztB>Qd#|h_$H3yz@K8l%0OxsmX9Q2{&F=a;XZG#vS)jwE(amva&dp@V#2~-SE!vl`4
zRr*{-7CvN3tjnwMQ@7VL7H`Gzot3DzTc{dTKnW-lMuP+<^($FKK+@74J5u@I#-709
z$}1j)3fhlvI&pM<X+ecwx6w;<Vx*2lKb&Pi$J{Dq3Sb@r>BX^CiB2D~i#fgTF_A1e
zGrgbT!UmF)5#2a2M?7|pAKDaZ^`_q^Agnl%SN@hTa+etY5+K%{W!LS6`{~1pWert(
z2|RwQkUIZabUGC<KXOP97aTmJ($XAMdD`OXRK8?Hs|r!g9Pa8egWg`S&)MYCp#(nS
zXf^QR;7JHvPcm0dWtFUE;U@}MjJ&_b+;X#?vRi!VGugQ{{b~8ralb^qHm>5XT?1HG
zwE$~AtDVbmM0!iSJ-uT>el*;w-n!i8L5IwY_4^KKRJ?q<tBBcz>vGDS+R90%HouuC
z0E)yXe+=!vo!za<=L-(HRo^zB&EomFSW}=!Zb}h>eh_>KQ1I2!vS>-5ifK`>?2aPw
z_}uDHuVJZ*3J$wy0NKdO3e4fz`#h^6eiQZ1M03OzRT&ZSfN!_GK4c_<d!}=QIhbd|
z%-okV+V0BMHx2Y`kQHQX=i-Yy@tX7eB<X>OSLI_k^YMj;p|HN@J2KlhNt|a8lbN=#
z!>eC16&py$DvB1)KX$9{ot-3cu*&0Ad{T+=<S4Q=Z99Ga3%cJ>s6<BruTTEc?TBUI
zYfCxD=F3aK3tnP(jGi(T6_8iBK>L?~t3|#1$<)3?60D*|2vQ(vaz5;N;HL$LLMmn8
zVDVj>+6~{xO@k@@I#ym$wqJ1m&yw;lL_!fL=9Qv>MuTX`2hBWEz!_!Irw&}A!uDCB
zeH}Txd9-B|&V)m@lmTK%@67gXU4CU$m(3!VC5`U7sDmyy<QQKT#vzc>jhRQ|4wq^;
zv@qw4a8^^l2T)La{GoWP#Zv=IL7!OFA?n8=il(CW1vzFT2D+lx{l?k!IQiCrd`;_;
zeP|&AS6Kz7J9Q$8Ub^^_=xdYFTM+?zQCmeRggldxE5j8oWS*T|9s4#A^5K&2&F5m<
z2cqlOx}`Mr4LR+a&pbyT7T8$1JcL$mDy*b+=#$O&v`eW7&B{+$26e*V#gbLDBJKSn
zwn}yz<~w$^Atz1+Xy`+0D>@mMQM#4@3O`C|rz8z?jdjknNE?>&W6H1|5W(HykIq#i
zD=8fAl-tm<SkoRAR6_7{oory|aei*_b8a(MC4ZaDH^}k>#B-~ft^hPH9dO%Ks$ebJ
zXOJ5r^+rA;FZN_4_GKs)C&a@r2stwB;P{P~j_VN=vQ@tFq3+c)|4q)CqL3-Yu9CzO
zs-Z3BHq#y%VhC%Mn%(jicMQqG4QlBH=y$hJ_MkM_nI7<PTL<y3aB1RJ40Nb$gzV+W
zt!PMlXJSXeY5}Y|-UpeQ!$V&_pH`oVgW3;{E+^`d=SSGufn4uiy>*W6K9zZx;7)f)
z>1S@NtTNRdD(&x}8J54k?u476faAXoQFh5du`~foCqOD}&=bu<wP3p|INd9EkDAfS
z<MQ?a;oE7u?x^HRvi+dJBF`lM1MUR#^>}x&-39Am?zwINR#NkCp8j7PD6~T^2plKR
zpGsW<ru7LhPby?D0XM6+E<Vs+0=DyS4nO(l&amThj%Q&L-JNUCL<Oo{12)Kmfg^i&
z2tkae@|@q%(#Ykv$CEL13^r+$ukgkvloMz1)D8Lto5)^2!~V<z8||`?V%=saPve<g
zp+CW|w-ei?e(l^aXr=KWvWB7A>3ZOW=K7(^<E~4<#?GF>Sr^0I0{KDwa@rJR33CJ$
zmn3^``3uY}KR6%f5^&JkX`Q$JwJME+B~tgc<1^Rf@y%HBnx*}uJl}@x9hld=xW?Oc
z%go~W1%jZ9aNTw<+x|Ye3%arF5z-cwg37gV$dhby&d*)}mG1i1Ed15G4XfpEx6!$~
zz~GiZfoP~**d@Ss&*8)P2_)xLbkuQ3TjVz8`7tu$640!V=*A;$Nz$zDoYBxW&=F7!
z^i&91;Y{luk~t^jQSFnAg6IwIX<M^|#W%b%5fB4!MaxmBLy1^Ts&S*L(@RU}A)#B-
z!#c##Ee+SAC%4ho?_c3ZjS57#mketT3$_EU1it!b@dN01@ihBQbet{y81*eTP@O_M
z+9;77fq|$`WlXivZdS5}i*N|8$C-f+SqoJ`U46T$_TxvscP{}k>@m!XBI^+I`wwH3
zFBr>E<txn<U&nlUS$Ds}wjXo#@Amr3?>a+lQbHVt2bLQ4Ty|!6@w<#Eqib<u=0<c?
zg`7+GsNvU`&<*_-ZfppUd1Q9Wj-)0W1WImM#c~XnBUL&g<y5I)vINV+I3_!-(cxZ8
z`igJ;!ged8$mP<5DBVv<S0D-HAU=^8jwPXio0ouHWtJu>relbL5|lE^GT7n<yukLM
zRmy|Lr(LnbWd?bY?NgdQ4~^K@zX*34xs=A`1(=(gD-1>17`QO;^z39iR@+sS8Q-ZW
zfsj+>Eo?s~=*Z2CRrF9~LNPhCx}{}h3u>cw*Ep_~(Zs*sU)0A9h%Dxg&RoI?A=U0e
zOa=*{5)ue&I}~3eLp%}gQSpLPbwH?boB@t{E_HkMWJQXt4Au(U(+UJfIl9)jd(wJj
zV2*YH>>uQeBR9K7UP1|-(M#f`;%Q7SN`IUH;^Y^`P4r*a(!;rx4MlweE1MfrpH@{&
z&m?aVUCC|;dao5}BueKyo%dp1kkJ`fg*5;j@VmFNLUwiDtl|7F)sGuq+>7^c?)}3X
z^`DmpCLnEX8?(ipBoKKgNDrU4eg}%<xx#33aEFM0uXT|9*eh_U?YE$U*^MhS7wdf?
znlBqZRWw;j@!x@zC<&@&7(un;!{YcYjiwaJ%45~^S}o$8l*;Npainrdy&LJ^&l-6%
z&KQ-daPVh__D9=0MnETs=L2Lx^t|&C>W3cJ3|Ef*HPo|J^-OqnrywdNcugkiawcU2
z<OK=bRGAAC%HI9`1LFo2`h9SacC%R#jWMYy#So-Yzrj#!Mv6NwMn{MG@TIgI&TYQU
zj0sh=$~QWOyzUcdQo!Tn!;d7O@n|`s66#w_oy*5=nM=3d#;0vw0yvW|9uLJPySoO?
zwuqP>MeQtAKRTF$j)F^Aj%rTa-bv;A-Agv3cRATBh%LcP`ps`5v!TVyX}osA1Uri3
za@Dt-09Xn>DNA-A#*d{=XycoT{T{@b-E%c$8S9ovfZFnv>ax;4sLJY2eCKlpJ^*dM
zF}84mg*R`uNr85&>W$WprBWHQYQ(!T8$!P`GNs&4tJqN`zhH28u?cnhfMx6xVW`lZ
zIsbKSTjF;4Jv*1gkd=+k)h68uyf74<0vg#B@88qDD%ZjVyT8icBH6oJrE7JTdVaU(
z*|^j@rIJul&d5#pgPvl+czt$~yYCE!;41Qx7c6eTLkZ4x0Bb}EdnglJm{K*WXZKLG
zlNyI#X8giX^vpS%Tjc0FNkibvwjH*GE(iOq#*P9sTw}+1|L}ny<n|+x&$4^pR}8t~
z%5lX51PtH~SdTP((Sd$GrZ~)jauaYR3QxRq=~>CH-@X*TAMCaS&u5|iYK@{;Z-Mq1
z^XDHlB_-_D;~vrC9icZPrmxixZFbQIjEDM0EZMu)4et6$Dyutr#i)8wuPdpFiOSf{
zCv%@E9PLiu+j@GX0gtgdDo(X!c5vzqwUyA~-Xp5s(IkhKI01N<ymXWzLkvGbLU><T
zpi!r2pJm`*(vIN}K#K{kcTc6;fiHzEVQD)hQkc*psN}5L?dU7m#ARol&5L*^Y+k1=
zdUa*;FKK5Cfb9(Ph*&;(_Kpr7xjeRc+-{dz-3A-XX`b|8wp!*ZH{;}{Ep}8KS4H>w
z8@2QD5gyklM(qpFUUShAQ&3fG&2h1khOnJggtk>}%{Iilg*)4N0*J->VWQfQBj%2y
znx=?kew~&AX$a;$Sg7stHq>4I{6_it<VOft2Re$dyBGGU(J&-m0bEH+ls+I%8%5aO
z9)|#jJm=x%ccxUVJUyKBumY&L{dc1d)_ZOMvtokv*95e)$hdWI^%LT>lM_@0TY7ri
z1gC-N^nBrmF;3@`Yft|FV+a8ODKPN2j$^)%J3S`4&F_@>L&Y)P!T28I9s0j`$AS58
z-m!^U!t|x*OPt=9!kjoxl&Py>_{14wkJJm(7DEj)@8L>okxf0{#pdq<E-k<_jaFxA
zU>rrff6RKU9{*5Yrzht{^5Wf%XKhSz?K7UW8yV~!B?9`Az#KjHs;uCt(6{d31NCih
z!&d-ss@btYo`9#?g+KhmW@<a5UfcZ`1t;FS@Nudh4pLlyc}@#nCLpaBaUIg_eau8s
z92D`GyKlg~z&57ZQ*9NL!`ZvL_I05S6tL2km5(7sJiz!qBt0n)p!1hP8A7e(tU#Me
zoY_m7SJz2xk%)aEOcDK<!k^bFWH~zMx-^iCpCSTzw;|A|L$pt^`V}tf-}Tzl7sZy@
zdXZ;_=c4VjBTb>Iyy3OyE~83%5pb*0w;;`8J$rSED(ah<XplaQT>}81|57O9DtpY+
zKJR3jiaIu!<#ISn?TgSfOj#P7ZF7wv>J3we9AyT35!Q=T$UW8t6#k`9HviYO;|TbF
zSDIgZ>Hl46{^dO2FI{P-UdKr!MeEM3XVnC;)}iX-z?O#6EXteS;JEM#Wq1UFg>PG7
z*2BNOf@mS%41&E}ZYYX^w);KuqnC$yF|<ZUC?MV3TV<hFi?2laD5ke?5T&a#Ov#6X
z)Ov!=NmYq9!U@`vtdJ_MS_6CxH`@J=vg^M)$5y|}Uqb~W;YlWYCG4&Yx20H<?*#=`
zzBMH0jqcQ<eQSj#BNny<xpeNkst&Nf$w$9HYn%Jh8jAC%7&CI*a=Qa%vCq=MQ*t28
zKvuDZi$HB`J0N@eDJcCXzs&}3$Zl`v-pdJhcIGB{CIey_)s%I!fl5nD%UY<%g%ipL
zcX#{ycene!RO5w4C8x~|*}1O<%aqivrF3ZeuaHCscdaZe1gYDug2A3hdVq>`Ryk~e
z&(#vgKk%z<SB&3n$%sAX3HakP=lxAIVbBVlXuF3~f{w?Nri&4U^C|WxS867#4ZmN#
zbE?O7_~QS5&6&1wj{42nq>Q0r3RTyHybkSsZ?0AJQSkfTy~>o&>`$-8P;{)@bq*G1
zBc>A&>WdHe;FJ9+DpT=}H)f)um!|i^!^7h!D7x?ua1{!5<7~KMgZ=JDo|VR=sx*dE
z+~Tr5F@WbYdPV?I4e^lYe^UZxwQKsjl}>M~Wx-&z2Co;5;3{Q-b=@!=R*wEr7YI^W
zW=38?yDm5^0NCCpRXS0#_mtdktqXXuO?`_NB$}xi6Y4Usdo!yxcJ45{gRnhWFYfHr
ze%@FTjO3iBBfCp7GidQOi`;9X!??y9(|sMA=Ac+-d(H&#f4}B#RJ<R5kkHV0D^CvD
zicmCd7hF%#n|9%tJz`1?CFI2|G=U>G6~Vhr_6*#?oVvJAv~#=&Z$2RH3=V@m=&p&5
z*heDWn1gHD+cAHq(wS`|#mv}xIg!ICOGRwUmHo<%oB9o3)n668`pw`0xclReyj@?b
z-oB;DKVLYg_sIN_tkJ{aH#Be6^d;=+`8YD!i3_=<Wd}qSzZP%OWx}pk@as?)i%iYu
z2YW8PX+5cNkxq=zH+$^Ivot@=V;OVZdg0Vgjw8kjOQHY9w{d;0SDk~g;JJBQlkX~O
zZP9Ss5(5O4Q2UD>1ztV=k715%wPCgAbn9%@2tnrJ!EU2A!PGENcqjVp_d2L4Jsf}d
zp|{6xel28y@#}4na|%lLZ?s>>V?5)WZy2wcoyhUoS1Yz{+-5sZs5{Tey6*oQbJvU{
zqD;vnc|LR&3s*nS>@wSA6r^t83sKmMh8i}@njPaI`pbqwMAE`^IKPUvS&r2LlOV<U
z<mN>F2b1qD)QM_#Ri>PeW%gec0erVIs3$y|4~i2?4Qa@C<-*Dq>NqM^`j&b_r%$&&
ze90IRxk?8KF+Kh)4lhR^c?bBxn_2@zGz$Wd#BPs@N!>*s1AA>2u%2R3epU|YP*eze
zr(La@u=c#4qm0P+Q=ABB?DPaKt2ntB=e$Y#;as)J{!~$TQ*1`GhTmGw#ePoSLRv0h
z+Z~h%(GQT7od_@r30uRm{J|%dp7C4+)kXKr#jqwHK?>Kmj*v?L+}6t?hw|oca=;vV
z`0T&Qcw>q;#9>wj*Tv<;ujz^(*pwV-w|x9to9lL*sI{ThL!LRau|;3*L3IP+;aof!
zM5d?AgANF91&M91b!AE)Jv)E8Qm(p|m<mjF(b9haCRf8oexVF}Sl(9vzU3~+FB};?
zc^DppIFa1ElA3H$kCUnC=NJxs2)1c<f-+loLD9Mb6OVFR67&a$c~rgP-K=LT%gc)q
zrIkqs>V!dFomW?XBS>ns@Qdx$i|*lz&av3LCu~PlA1?tV{9eW7SC;=qF@QyT5P|(Y
zg|sk1nPm!nW^%qhc`fUNd!wHdmBCZIENzJxeUQ!c$*`O2v&yn!b>P{!3zGNb`9n*(
zM*(%J@GVpebM@v}>Z%M5ij0R>a>DRUq&rDb>1<+Bd(2ZT?SV>gE??8#f|NKWt_V`!
zI=^D#sv$O?3}GA%kU>;?GLN9(V*c@o>Hr5_RN9@n;!<O*sLY4xrskQJ^~BUL_U>7D
z<-7pm-CTSmyx8*f{dFA|8kZB9p}$f8tGyb_{9?+l{$}3LlcB}Rai=(4$rgilBOeb|
z$*08&%pS5@1Bwx{Cw-$lvv$j+7*T)y&~0bUHUeAVT5#lxpii3#{8Yf#rV`1w9{{Fd
z=1q=`s_B!Yw!XO|IT=?8H|J#K(g5IVbJE81rZA_OIB{sUJA#)pta3(kX!M%a9QD=7
zBI&z$fdcN%Pv0r>ELwaG%=q-3g1jz{I~Y>L7*5h_`fVGf^>Rg<KBG9WI~KyAF66F%
zTeUSVA71C*dI5My-_Kqxb6X=+L_HvCq0>jr5+N#xR<JHpVhFcwVRd{%FDAOU+goc;
z+FAlMdKLj2eMvNyPWmmE+=M-Vo7zJ$RFwg~5+pQ_S0xWTZmSkLx#N(j_&1r6L|ssD
zH*EHN-O`ehpupTy;>XS&zz+{{Qs2M&yG`H^{%YD9`@fp~k0$QI5fDWXFcKcY$>>IK
z=!$>w>;NEgs`X}hDO7*B<C7iXYhy}!{&z6d%$?OP69ofFO9nmz16cjFQbrfTM13{I
zdD$Yt;HTrklbi5U)-;3>aCjoo&h-JEh1P>uMTN*%zxfRhb43)I$3SQk^9*hL<Bd25
zbCvhQUkXi&_P=)V6uyur-|mRRxi!=gG^~zpLO|g@RM~t9hN_~)Q%DGV9TzpL)U8yR
zV&ofouC5P@e`5^mPFln3+B>JbI;U(VPk(g|yx709o;@yM-J{iJ6(%T@Yf4k~w5Yyd
zMx6;b68CwoyXs|yQvA{<$jghV@GjWob=C=+2Qww}!+YlF$B_-e#&wXVQ8comt_(ww
zt=b0dAvVH`B)}uKDxc$ysSal~l4+rYNImmqF4Kg*HdOl(xY2c{m^-`#+agw?zEJ=i
z6nKvxSi9s5tmz$Km;B4qu0KX{u;cCGo`BNv7Cy2}ammc_m|JgmU8Tu7s7=hpKO@-8
zV{pWxh%7+PS+A5|g`{;b^Sp$K(^LeBdT;ad%rW<+?W1MZ6#P#^Sm}7g7U;Nve;3c+
zv#Z(WwpwyHT~xV3AL#gGGii{!`qm8l@sUvJD+FG?O17uGZl_vmeX?FYyll*!ixx!T
z$zi(PS98&dTiF#f);0`ni#s~5Y9-ch-v|45$Md@qhrj>F5P!5j^&-og@gDty?#YTT
zM3fawLN!(fP272S1=J>bD`%{!Xsy3?buY`bNOJ+9u&VouPyd1D@A(xP8Lz7^X%66p
z2inalI#EY$#<!Yayn@W}<E4YjY+3R9g_tMAB3?n()GI}smOS%G-KT{@=j=*0z7^Dk
z^vq=linpy7$qCPaOkRCRtOtKb%eDtwmhWAA|0&OZnen@5LU{yn+D3_qUn()<JA?Kf
zJaZ>p^>5m(gPwNIbcU}qH{X{p=PZ=VB_wJUg-w0Xoz<~rjzC%}t-M$^sD)%G+kMHe
z^|Fy)D&Bg<;wrEVoQdxrcv@D%_I#&(CA7(#uX|Bi`uaUdSkDmJPF2c!2o8r(oXGU)
zz?!;ayK~{1pYyeO7M<fuUTw(wO}c%C*ij%DRw%NLIB>_x#iZTBk?H9hr16DRWnFp2
zm8FivT#=S~&ZwNyCk{P8`Ik#X?)XEc1Qdr9S^mL?56B*pJgTlh^9P$E^U59*`F}Qf
zt|GK>sGgwQQRsKY7hZ?5Td$~4jXsy&+70qtw3hq`Uk2|l-$#TsL_Y}yFR7KmJM&CG
zK)sm^f)&<Nu~h`zLx4uEo=D7vThS*!o*x#dXBIV4;nUe_p2A$NqckgHK(0#hKA-|c
zlq4`(6B0wh9M-EkAXOx&y`NDOY^N2SX@a2WR>o<&=ef>nUd8|Ii(2<+X{e$0!P@R@
zR#LsX4e3XcBg{^Ko^JG7x5xsG7yIjb=+0D&o+#b6rybZTRpe2_lK6>M$CUE5`{zKq
zIZJqmo=LRcl2iViT~WMQCr8wvV80GFQR{O$>$Phu%4ORNuoeaSy}|u=I8=3lgWb`3
zz3t!FokrA8j1#n*wrNfkL9t;+B>fF7oD`en4RfI`{~3`{d}B-Z3N+vy<MwL0^V*Q=
z3_O?oDd>Xy>^~&Pdo)+71&`28qTXa@4}ak=K<GatUVJ+vYX9dxk!_A%st>z1uPFIE
zBI8uyx}Ld)W7Z(spP{cHe9f#FE)bc@P$Uv*J*@qSM$Q2Yxz!njj+N@JeS@f=O7}<Q
zGeVI59aIz)&f)Ji_14Rg(tcqDD_{h+$ucT>XD<Rl!7&|?h{F=l;Rae7wl%TESTAOs
z9>=apu}|9gX05oaoxVtDIo^$D&S*s5m{t!P?w9l!?N5dAl;h3Jb9n(J>%eghICS!L
z&Kd6N?0gLV0lx9KrY|~}ccH|UW*<y2uK<N#E;p?D>b;U57Us}xF>X$!BoLT$3NE3<
z3z}=mW<`K@oW=Ny*J@g%EitRTpupwznaC0DP=(^5O%?h_0jWX@VbikKf{gX|a4F&s
z!n<;2ro|xNi7Gldn!Nuo&@U?DW};I2Kv5N0_sB2N^y|_)`p7Cx4!z=B@=b~d9i#Mw
z)mah|Au04Avg8!hTLTWO{#<r&mq@{IEvGiG(y>f&HT;D2OXJI)Ysz&G64%P>rmQNn
zr9FT6>gg|rN1ZdxI&h-*{6prTyFPwKn1eWF@?#a?1rn?#D>ZMEzou+TzL?9Q(mc-_
z8&4D}bUp+hw6mQ1m>O4Tey=)zYjCMS{jq!6Y}LO{>?>UW_^){Brt)wdOP=YyC|LGb
zqO3iUB%+O`I(WiH*<Fa3mw$^sMysycy<(loHWK3V;ku_l>Qi2O7FYW_LT$5M59C<v
zvh+(}+T3G25)lQm4328vOjKgBNG?%v(9KHy@pNrnbhL|M?n{F_c-(Ff%%Nvr>(kqv
z_?ro?5|0M0-73csVE;2rV7an-CG+17TDDUmS-SXBokodGpScfr+X*@ia!B*WwSt}S
z-$6IR0}M4EbhP${qk=H8@CiGB<waSEY+jKf`)-Z)w<_Hp-X+q`wS?7NZ=3}_0)hQE
z_8Ak0h~jxP!SULOyc6TUZCs5lrg{*>t<F=|qrtRlh){Dha>J6VGm0QQuxPbBlw#Xe
z*_R^aA~opnTH?PS>k0k}wKu+gEC{(^dC~i{1v4Lo5?5<w==Wsbu-D6oMOi;;L~~Ty
zwq%FSKHpB@7g!G-7`OK!K7J5nuUL#D>xO<Ce;VIZsLLti9JrdnkQ-a4{~aqMCC({f
zbu*jfj#VUGU6XdNQnaO_mBTS57+q_)W)+h&?}CjqEw@_rr9zr~+d|}wAcM6@yzf7{
zf_wLk)n^vAEZ+_`OBkioxcS$;pclu#1VX=GN%fQ*>7gucVK3?2f;29f^7TeS*fMO>
z3h<eN`=loaa6TtkPPcXiM#`;ZuF;Mq<hp9;wmxF*(kK!NUS@o|5Gw9SQ92cW^nw{~
zIU&cH>*jE5JEStpTygu?Q1AXT;57e#qXDt&4z@drzHZoDN2baD8TXd`g{wb?QE}S8
zaB=<%Ztr*FSIzyxqKV3XDjIYshV?BVL{dTrp5z9~HAoUeAI@9?REY`hzWaYutY4;B
zc<*r&ry&FJBitPV!U+K_X54&C_YkL9?SDGs)G6^NDztu)=YSG_r_-#_wm`BQaXm))
znl<e>a8{|x4z!~XB8yZHcLuEG$a0zGDYXf+s6vId1rG5f_4etdKOp-HxWm~@5iO&9
z_4{#1y=|UFXl|@;(-&x2<sx%j$es=v&|9;^s!j10OAGUmxi!u{?c*Jl)2t34W^WNU
z&)@F>{*Ybe=y536F5fjmuO_w=$GJx+Y(3~?Akmh^tg)jrQIoZ<1#vP*k5l<?GZ1BQ
z#wHEcX`*|h1fo{$n2W2y5{9PH*vL36g(+kMUk}&Ay5LEV5)DhbZP5;p@(|dOOd;ET
zh1Q6hM}|~SK~dNsv=*uHfCWMszCwUrCMzNe7E-W=8ZIgTvuT~MqUVIOov-Y2##?HV
z^Xa*JgDn|bz=4JIlJebCzGZO<wuFkvdG?-W=Xm8IGBt}Qf8c}pq$CUZkP=(JEtjgQ
ztI%lIiC-!6)_qaF0gJsMX}B+y1j}gRWVdx0jmr*btXL_Rx|x}MH#mBp4>t#{L+2i&
zwfx~ND$*_7#%&W;EMFno?jPLk>xMciI{>-S8+_-C(mJL_IetpZ@iH|M$1HXjXbiFy
z&{&Rq{NMscWNl*(4UvEi)Cq-U^4%$6w2k7Ss!}Lx-zFWW?Rrc`h(rw19p6GBqbF_q
zCY8(I96wI#{sZ~{#fds^?kSm7f8da!9VNIC+KcS0td3-nRW9}M;v4=1x8U5R<0xO0
z)gm!@*%ip&{{A&>(^m~7xni#RIU_ne3$s5VIBJWRM43<K(0%(<kw2r~H;=Dn3x&-#
zj;}iG8a5Pvn)*AGR+Xzfws)Yxul<z<K6I62)0b(zPHtV<qwgowqi@reQWT%-99Ck1
z6?h;;^xY`^J7fK-)9(;GU(mF7tVgS+Z5*{yX~dE;zq?c0OJlQK*2omfy{$r&pTal=
zgPLpDprvK~?xM0Wx9jQ@Hsa9-$&~R888c**9=2J;t^ukUrHdB=RTOB-^_9;2=mmF_
z5=T#k0ZiT;x(;I1r=(Z60|%d90)8hyeQAp8wnrJy0h7{#B}Zh`ljrSSt2}&%m@Vc`
zBIm)wkXnxfea$FTWE26a%MSC1fcAvjsNKXfcgPbpI(_?h2!A+Z)8&*Rr{d+Qz<csS
zD7U!Qx;WT!+wXViSBz@-I>qEEIp1lr`46RjLj2}6_dQ!J@@K?)vi?-qsqv-LVdAF$
zrmR1{tS!V#()-piOqI_#=&vULSay#i)QR92J32+ODkEsy1(DE9&Dm>@2A?O2$v;!D
zHUv_7<qo$!b=*-I=N=RqmkZ7ij?4&{Vd#EmLC34gallI_T0Uip_M4YkZOOsA1XPy&
z2kHOsZKVv*;zk>AQmB3sVeIhucZgRzp=f0jo-@6$Iq}M*?p^b_PS!c7u$uaJh~hV+
z<<+v;Ik0~6i$baW`(dVL3rDXb<@EPH6Ka|V0fUYM<vKtq-Nke~;;0IGcy4G_X6}+$
zv$e*oDh<5(YNo0=<#q;jvzQ@H9_>MgOtF8Yv>SzcD`XS4ANpmSh(zYwD3QA{0DvR^
zCq8?XtM<ac@Dh+7aIx9;@$}b|-Gy>@vk@ahFXE%#EWj1DKk5C?MR@Rd%wFF0hW^6y
zd7ngWzQN-=S{ET+Uy0clY<kc5UdpBS7hMRuKLB8j_x*Ek09MS57boW>puhPN;AHy6
z;}2&ph)FTt4KB`xKzFkt02cGF{jU=lZd$QA7z>tUC$QcdE7hPjk=BVE>|u{rN4_hK
zqr~ir=i%WIPlRfYxNs(D>segY4Mmxj_8|@xq}>}hjGipz2L)QCW>B%DJd)QDGv`rN
zR$Na7#@tzSrKf$L)tQyKptB=lQT|zYzSArV<w&V#h1!)s2HA;&D9Gn3TAtgcJ@K}^
z+Dbp77$(dMU+-Y?@Ub(Om4@{O`UeL<q8H`L7bW|(rWIv$97U$KpLw~V4vrX%U~#Qg
zufsKDgRISP8{_-ON*H)o;$Z@Vt#2F_`P(Bt4$R)a*d?;E;FL;SzaQTlU@KM+WE%Hz
zydn~n8nX$Mh+gOxi%cQA6%pzU%=HNAIiMf2CabphU5v4UI`d<nzjb&xL9G;%K(EL{
zL|Xuo>|mW=$C0+6pZv@v87cQk2kq)5e+<fQ9S@u{YzViREFeAL63Ccx?}~1PM`cx}
z#6u1VDDIXst1zqa)38^i54D-J#nB>2XecFQ9@&-;5TDnC2+a|x(0}H$lB-`+2O^8X
z&Y*n<4Ur)!%Uj;Dx<g|lFeTlJYkjJmEq*5X3d^S(jvx;<37YumK5NYOs^w)^?$lHA
zsPoimi01d@I4RCT!=XbN_gT{_R=PbyUY+!YKDU?`q0Re#svq1Wt6H;-!x->69|O07
z<8H}Hj`qxWt5jx;3z8HkYM6ua+C$*^{xUm`t<2R+?SSjVznTaJhWuiW^F<jc?XHFU
zmYD5{sb-i>baUyAqW43>b_OvU>2801^}lufaf)BRcZ_hp2xU4gp}87ECsC9%LEAXC
zC=*26um%ixF51AI*|0iQkGv<<6*|6?qUYjxrm^q<fb--}aQ#z}n06_jkI;Movjk;i
zx~RW@9pjbhUnwN%5r(xsbTx6rl}rp)CDepaFu*N2x|T&F4I5hpFsm_JRNuOaQgP<~
z7v6O>%0#^wKITHGh1*DxHQyzPBl|{s>K!VjQ?i_6u*&sjJLXNS=CJ?DR#u;X<=Go9
zDL>HzW#df;vWiQ9e{1AbA2(6{&zv2{LZhb2_U;EIDxDU0hGP%QW)IaiGv1%;g}Gs3
zi6f;hF3i;RrJW9kN^#F)mMn2?)0t7PX&E#AlCBqi%(R{Fvy;RbD#MfwaT#(0T}H_|
zY^sXW!yU$-RiwN)+?G-p3&yPVq<=6td!fm%vZs@BG{J7)%B>_HR(Cu89$iUtO6*Bk
zY3!=H7Y}Q9O_J!i?o9H%;4;cijpBIk?{LvA=kuYT!^%cuMTM-*wRdUc{Y!eWwFNW%
z=>JHr)K6sQPbvO3gm4#TdF=0e-u|6?b@Z#>IOZAJU?2S1@4q8L-5`aR=XF-8tIg7N
z){L2fiRltrf$jYS3%qX>2;56RkZp&Y$#|y8B$Ugeree}pEBq3WB!=0%oqN`H+I9~=
z&sO!etbPb=;(wB;KWg%SQZj<7c_m60#f=d1Ee`iiH}lByhsKo-Qz49xGm?Tk1zMxt
zPr6_mMNdnd&G(KgOPrM4Kd8A_r{~oA1}iM9SfjV`)*M&ne|`83e!`|;AQ-l~(IVB&
zA`3N0Ymu<Ar2Lln4|&8pX{dSTwbfz1DpTzT<G-=q?KbiCG;83a?4Rga4t_srazY5%
z1(TE}6rJ+MQG9_SJ13*o2fK?!A{D(Pk|)DgpD?k>T@3Ob@6yB5F6t}h2!H`Bbaa>%
z8Z_^(D*jjg&8zI#S;+RB?VAXr$pUPAvzK;A-YR$)t3;x}(9ijOdYfV>u(wChm05h@
zrXfPaDB@-->xVN7LK7`;lLfv2(OGK(h=HNuvm2SqiP9l2MFx^qI3{ssV=9e_Ejk8~
zCulbnp*e_N&>-523F)v3u7~lGvIZ@YkNuG-m>${j;M(CyL$_Bgq93!hgzgd`>>>W+
zI~#t7p~6@H@SzP7YTb_!*}B&YfJ1|?MHlIm4R$$(ueA6P?t?&Q`C^lbXSGhpZJ&`V
ze%V5|j5Jtro)qgnx;=w^nuy1|%@T(QTREzjL;%g!=;)7IK0-;RN_!izVccg%;yK-{
zp9!ps$=hj*BRikhdxzh;RVyvCn+j5oi~nf(<)4D$KMGin1*{j%JJ6XqTKRG1szRf>
zaTbr^aF9j;1zQ+B{TMQe`G9xQWJ=0uL-aeR_ZHsFGGBi&L|-E?c74bHdkkfHkTBy~
zGGX5nv+3$y55@PVl804(HYKy*Rk6OhZIf{-5BkrKa^s6f-|jwtz`H$dR*&xUNOhZP
zs?htI?LhO~=<s3t<l22icaNTBqYEFwT*^(=JNTyehR>gT19x*!Gzq#US95|D_0WOi
z@51R?mNsRddvN4Um<8P5aKsg@Ouj&Gjkv8F-k2b(>vpL(exuD5ex$VMNmT9qS{)`x
z+V!S-BD=!o$j2gG8vaP=`3~=nPl{YP<=N2gF(XugQFc~-FBERkWkl4mK`oZ#H~uts
z^IX)x(d6r}j3G;#<hxP-1kfrWIE?`qP|wiZ9$Y@w9_;h#Pq}>-UNIoD5cdnSDPkm2
zCp<SQ&VzLkR&~L_i&Ej&CpLtjQS!d)0dBOA9Rwcd();d6$RPzL5d`X6m6vPI=LpxD
zc#x*ee6FgF`;PfCp_volx-nx<ZO9|O((ejoB?28Qlp91Ga#r0Ptd30#h()LyAsBtX
z)y)bLG(J9TsZB|rufLJuUypu|?J=2mI8=S7l*=vl7ZpOS_rrvi7k;7izfsF#VnyTW
zr<?}k=k`<_MkpV{Koh+r{ze8zy*NTU_EjVzir_g5_FTf99R&!l9^YJMIIz3I=yz?m
z1vwIZjP8B(Z6fX4JA1-5g3xe5gtPim%q>Febc7;PLl9}lixWkCR||z|E;}AUdFf5<
z{^{07;icoMUO0;velp0Z_PlOrBIB$z=YvFZ<-7oyDmzL4$cV3B>FId(Def*&9R6-~
z&wlcp7*Zd;a<6+hx|S(I0xRXG2&jLzR^MMt;Qg!K!7M$f#)kfv9TE!BZ5QEjurb|n
zcLKsUz&JLl>a5vpiu3!(!~8FDrTNGJ0+>LIp5uL=RGBLBCCg{#rlSU~s_AIbQhj%x
z%~yc=RlvrWyb}<IXDm3Iv$%6gibXV}g;1#j=*1luJ&Te)c3NnzP6qicxR<ZJT(5Tb
zO!nY7JWKSF@3Jk|-5m5Cu}LW0jN1>TE-2L<H76UynUfmHqZ<_ZxX2yMkx}fbhd*N)
zR_Vr2Bb2lLFp8#oGJz#VEPDDyJ;Ky*YS-g!1%z5Dt6tP1G7Ws^gk>#`Z9iUu%)aMv
zV9Cm%7<uHA0S-|VUt`LUPU*9_*WfU2TSJDkSgt>+@^Hg^*;Xf;T$IyM$&WI~{uUu9
zM$ybPugi?$MZFo79t$p4oV>bwV>3^Wc$*zNwx?00waz20cT-85xU-b{8ds#>e&xTm
zqF8rZB;uWs%{k}}LGqN$nzMb!0pYZjBTw4V_Z)D5y!dKn2DEU%oZvL0qps1#>+}AS
zwZj6=ySwc*$+q<|Y^LbQm}U;1NDDp8vkOrk;Dxu^{O(p;fTKvnoz`RPft_K8qjQlH
z$k$_`i+AUP(3v@rhOdaIvcX`cS5lnYE@F+4{Ll<d<NIX_>MS?TiTAssPLv-6RV|;c
z*_8|Hf!rkrS!B^E`w@e5s;m4s=Yz2NO#>z*&qy`mZTn3c&Z(C%8XXVMY@?^SsC87s
z27A%<mw<?{wR^cW$*LcsH%zmm$lCJ3kqQ!*02xtU2G0ojuxSD1ZKAFV=S()sOmd}H
zzA{sL9{W`gYIamTt$AcRxc3CK7S6O!=|>i0BchnS80#t6WfK#co7uLuGBE4a(YEim
zoxpgAgZX@yTX23s;xmye96@@$J)w<k6RVXGf{8ocixd9AUC^DqAkVEs`mg&q5;?6i
zz0Wf&N)i@Iiaocr`n3|L)c{wEU;RDGcZILO^#X@yP!n=iVXGjWW*)Ad>PRnC+e-)i
zi~rTyc?UJsb^9NE6bmZS4OJnb2ZYe;15!*wLy->Bd+%MPhAK(u2tw!(loqP+NDoCI
z6se*KMG%pW6!CKJJoC<-`Q7(7&z-q{ojqsH+2?!KS+n<^b@uu!Bm0P{jR^lP28HLZ
zCY?Sg&YH$OVVsutvI1q^z`g;`(BDfZ2|>W8`=#N(X|&18KXb}T93Jk)rYif5Bpz2i
zgOvE;R#5UX9S8_CBehDW`iaco?POm=Qf)whxjg9R)iogzP;Rm?2qXkC-o7nk!SwT0
z7);E#bNAYitWM6iOFd{V9Yb}2T)XAAG!?C4DPlV8fwE@hnQQKkS&8v$UEsvak1kEf
zHIJu{!8uzBbCCCL^v62S3HgpvZK*n?h2PMh>je|zCg5T_Cc1WSH%;v)^=Fvw43+In
z3LTgGubDbRiHKf3s0m_NBXsCIVV$_p*PP+M8)_abme=!)_JM4tC0qOni0As?s)q1D
zC3@FJGij6%`?R<?mV4z`pOAEYC0&<-F+TwWpk@4Olj*!a?3d@HB}Io`F6479an0Oe
z9#eP39Ut{S>FG;-oeLg9D+&oE`j+0Pf6EfOsN`{t@CG}RlTgVK<QRFeu!+iCPM^(8
z!N6bcA_U?&ytJJCK(#mGChRr*s&XuZz2dgHQ(xFK&MPd6&S|Gydl8JeCOTTW4C+hm
z$2j>6*;G-`4eX4y)5Fplyh2${_?XDyiP=r%1(*nT1ewaq#`T*<78EgMb0Au_Yh5S9
zSMG<tSv-{sJp^9|_Ydv>?wl5$@=u;qPG-Z$Xf#W=C%>qm@zj(%PIqaP1gdT{bNkz6
z63o|;MgIL~QE8zMcu(ibwT}_bd}1y~R$1pPiJD(?H#~l+QY*WD+{kh0dXzG2{+TBp
z1>(o=F}O?4J9M&fld?64TUEWx(6n07_5AR6jY<{iH_!)osjg}T_t!&hlLeP*Rgl?a
zt-?KiYegdpe+YZ#jjFc0BKV#lHWRPRiTOIGTc!ONju%S}@4yXW3YZd*T;Js_-2hoQ
zIwKDX9`gC3@Ix=#;!nINhe)wOe2KO*GKWEzgp9)@GVR?|C`sL3kQJzmLCuzzmX_w7
zFLHJz&nlfQ^sHhi3GXWH6>FIkF6kno${&6{C1x3KVEN`Tl*HCwK+{e0P7EO^yi2~Q
zsHkg`DP`zw{fqtXG7aJ?rwpfF^i8lrX(OB<#KS%ioU8AK8T@dqg0GwbF=A?Y0oVM6
z?vd%mb$e9lOrFYjk=rGl@?+M`y!ytEa&9V-`TBj1mTcXc9DRvDv`%glzsR4OkrJdj
zQs$@!QngAZVRp5~+cC0ga?zVz)%8W->mVSxA#^E35Qou3DQf|ui)bB;tM{2|ayWba
z8PW~LwXB*A$VI)$6n7K94><zNnL%CW$P+bCBdJtHg5L@1J=^unnHjO2z&e>?W^+(a
zjt8Y_wipSao;ZSD4<i)5iNNM`_0wc12{zM1I2aURz=(v<8DYuE8`6T}n1$jxC-DNI
zw=bc*r%@W3$CsXB$tg=g=N>R05d;MsEPg)jD{6J^7~IP@GNYjhqSqX6ey}<I!Ck60
zeut`%z6jZL(!$O-9Hn&ZU40Hp4a{)ZI4vIOQ9}N>^JS+cls<hi!>!x#XmLt4J)gck
zKbJd(v<2sDoJia(HA+pKuBfeKH%)@DGzad#n6!ntq_!-yx@_}vtpkXe$&C}1h#{Ot
z{r4P7J4@DZB3!Au?`DQ@^eiCY{+te%-;?Z*Cc4nfAI4Di!VdzvE5D4EW&}zI7zzSs
zTDyn8;v=o}%V0Nt1`Z!ocPrtiODX1LJpPPr7cM0Mp#n*GPqdJjc~8Bc|BE$EyXZ8m
zTy4HVmEq@BZnvm%uRDpy%}PU#BXT9yGL*O^C###7!~}2U1Xl_3v<1%}5|+MriXD4-
zvaMW+Y%aV<bcDAa%hTul6dL=RhD}4j61Zm`_K6Ojgh85XV#XJH>NbV#+*_S*W@oj+
zjlTJ&1rEm`-J{fk`j!ionnmx$ecO&I#_AfYx5UGX=L@N;3?(}$SKI_O;Rf0$Z%StF
zLV~}zEz#Wsv?t^Cdf>h8ElWl>m`AK(>}4UPz^v2}YOv`u3RtRFHK~pz-6c&o2HD5y
zT2MaO;<{y$#GmIbdNLT6;-SWHwa<ZTA^h?r<om_R(?b-v%4KI={xTbBtcqg9%I1?&
zJCLi3_B2=qeiw4&g`p2{P-DR}Fh{^v*W@r%lt3an_2{7+b5vuPwK7Aio;aN9S2wr0
zmBtf6(qxEkfH7FPU-`;qGJ;+Qgm@MI1mTXDnzQmiHe@KfX{%*5a-~82x~!tIaZYyC
z;L`A=modFk95)LFMSX&Lcn4<fx(EG(F-82q0G{2Tz*2o``QCY!+)FoX?hUdQRQZK-
zUAsMBSxaR>=4ha%GxC$RivgUq6o|-H<be4XSO?q(xb^>#io)s@XPY#+L47Ab2(vH$
z)pRI_Wz_k`U-srvc2jj-MHaZy!D@O=dpzWj^Vygb+)bSNPPfL%1%(OnV}7Alu!yOJ
zTDY8YO8M8^YUE+hrf??layVfFRMa$+cU~6Paa0_)8Q1C|%da}TFx7=V1m*{Bw7w2@
z-lvngo|Fm_g?U@MatwS&IhUG2@7cF9lY|oZ)E`H}@}#!anTY*RmXcPHV|-M2xZkHl
z>BI8fhB*PkSK>Fhy*j^voJ*wGNpFz`dTrh1w(*!kX(2kRv+I&jSGP^9^5L4X3qQg1
z?YC(?Ih^kEN2<bpPu><ap(hCgeoZxVy4-4#)Fdev{YY8HJm^ds!=W>#zVwk@e~QqC
zwS+ul>V{vWn~Q5sbwG*?BNWBJmT4-o%og5jn)mBQ<pbXi2wIQ!Hw~vBLbqop)K;T5
z?M4Ru@F$U9R~V=alkb%>LvozwK0xDp{DTE<n$(dLmdkXF2PCrtaaZvK_dJjp;C{Y-
zsr^g?3sUYhO1TFtRj%T#OUmvaw8Nvbt7e4+RF&T7y7<xEMZ1XIoZz4KzRqLMYii(X
z$D^fKt>D!^<$@yWh&DnD`J@3X<R`gb^sFpDLJRD?ynPE~68Bl5p)UuFwYp(H+XdCH
zHhE2xwakA}skGx}iaN%5p9IW7(X;Jn$P)Z5RtC}dl57G`QN7pGL^*aVP{QFM!1UF5
zUKjk0ZtYdW7VE4If}Pt9v8fuJK^YvHPVb@k(Xy|Z*p)L<x#dQJAVG%6;9`_v%~4?%
zU0j@TI?y7<13Aa7;_?roaUl_S^U;sLX+F;0A&w*~sqE0u?9cqY61$KgefoCjHw|I>
z?0bwb`^WgDtYi-Ed}hzt8qEbnxAF>)+KpkS$tEWg3>;WYi-!W(;}R3v`c3D~j8-)N
z^FGzFrLQ(^%3l+{mZ+fC==tr}SHgYPySyLK9v#`i=z*k~*2<uO(jd=;b}=8vRgs=}
z1ykYWfd$~4qZ-jUtP9pZ5!yK2{PmO_Kl;T#(+p8lo1%E<iDc)PehikY;|^xsjDNIN
z+v_243wlq*ez`jZ?e>%pUs~U%CtqW|tK(7a9gN`N8_vKqGv}fa6)P;4&O<F4#TBl-
zjI|bX8C*l}Xf5U98hh%(bhG{tkK|rNy58%`*A`|u6_gQ!Mgp^S=WV|rP1t>LWH~S#
z#X7J=ZsY^|UiuQrGL-h}@|q26)1vd?PM+!`&8cl3%Be=ic3beP)1%W@gUO%LZjl^w
zHgV~8_PW=ij7M4t2*;IyLZkkdjgODd3B(~qX`ZkfXo1$4LKP^``R<*&J;JmFPG_im
z>trg{eH(Czy3y41@lKZU6wD2r3T~D#!@zu~vR<^Yrc!{rDOn)1^{G7ikHx0!9n2H<
z>pBM4Y-E!=9#LV~Kgt@;Bf%>2+`<%vk$ZK9##hxbTC+{5Nv|(DqIt_>Em|%GSNv>v
zNw)2ldEBLepC?^~0vlEHo8rPy;Y`lIY0BJG9iPd^-emhC^JWKS{NuQr=QquJ*8D!h
zsAJ|(FX~Mo&6TMA=l|V7q!}_~Piuw}&L`Zr5qQ#Q?{Av%Gle#lEfO(Q>gTWGdCw$d
zIcQBP>-O#kk<Z(&OrPE_+nry&{gI9bYoK=v6u{<UD2Sbs7w1<`y`S*>9x$p_W2RhK
zItw#6Mk6~cVd%nXATizbR+ZK$Py>^7y$eviZf0n%O2^rgQ}%o+etZ}p)yZxAIu~9J
z(Vb{u#DuMA;R^pUaf94K+(^GzYRf1HcHhjYisXtZLMmQvs(!(I^1U9bZMY1!g;7rz
zdJ8Y|#@p1$m4q1E9?j?w)O_fh$*zM}pMFYEB7hf4UcRqTD#_!A-rnH$!Tba;Y*Wlv
z9KP};fG>2&FVlYkNo=<q$zYs5ca?n|jw#=0j}03929O^&ix$Gek=eRt1{2EZrgGQ1
zm}adrH-gY9mpRO20j*EKB5cUXd1ps@*(B>B)LRF}zw)*xfs0-`%I{sIbCN|;UpHX_
zr1E;Ao(9>=^Y*U)rje+wZ|%s=Vq>%(uNJxPL{t!MU`c!EJ5BAmE)DkZRtY14fT<xD
z7&N60n9N387~X7o1l_N-HCd`h>b#RNcelHBf5Es~Pm=LO&q3-DxEX`)9V2zZHJny7
zaG2IN!9J0ntgFoz>}HfgHX`q(qano)-soSAgS!=%WZNse3VH~8jDbii)al~z^Km4h
z=4Y9Od~dT$)C7uo`ghM7o6dGHe3$ZY5qybfIU$ka!^?m_V&+bHjP^3jGmgTs-{_tt
z_y6Ftkz$o+?jHx%n6k|1KyF4WouJi`TIr*C`+^74=T3Bi_wLR^V=2<~am|VU)7}*4
zN2VYrKK)EhuAQ&1llaY&s82`U@k3#WDc-!Q_rA8=_UijVaDgO{GTtsIbl=^c9OjK?
zS-l;m=XW!eX_G;8tYz3yOtC2Lq`O<mhW!o3=c&zp%~ClG)i$9I>XHt{OEY*hpHdK)
zh3g92TMGAj^tdny9<05_aT~N=1NB;gWcS)kH>?XKq!i;neW0?lII3#i>(!W@JUIQ!
zC8>J}aSz2I)zIHR^4#ql8lV*tb_w{Gp16(QG~WR0n#klBl1td3Vp3`=-uX-)lbl?B
z)E4rQc=m#K@0iXC`|XpsWrDS5gDiWW4d63Y&&$q~l{e5>pTR4yGaKr<jv?j7jCYR^
z0EOU2iMm_S`vgrEuA~(;p|VN8G42fM)dc^!<k_1#LYjMw56_3}d)K~-Hrfm*o}iKm
z=I6iPqI-O=c{vO7tF1AOKFJ&=)Vg(o7;`qK(H2gd7I{>z`Z01zFhTFp)si>MP{FV3
z`8j>>LOj0mia&Zy<Q5uRycs6byPK={-UTUo&jAc4eX1<2jTIe`QgWP@rDnZBZ*KUB
z^e|5KwD2(|L6@+q-dEJ@TDegR(>9g*rh!DsA?>G-WP?ITFV+v&<(gy3w4j6~_SGDw
zpFKa`ge0|1_*?XSGjkW<wYnZRQ(Ud36-wtJ>%$9~`+AT6qU3?B`3t22Wl(U75WX0(
zZ&H%SfV3RIpvERuWmAF=7DqKK^3`1BOnYk5traiidJ`D(q;jfCIBaKs=B+KgA}Xh}
zHSS&elWEl0y$=^~fafy7bN&B6oxGklENi_1sl=Pzkp{%$E5bdv_rG_%j(ex_VmjcN
z0v&jICwa4r%cSxkIPBR13emIa8GmhWN(jbp2(7Z4uGPhYfVoakDbcw8#74g9{@6cS
ztV%`<$@<ODY}!FdjCyd+N&x>isFJ@R3AjOGyA;4@y$k=!>d96T@0cjnGm6ft@JJIo
zEqbcEqpb5P)s|Ii_#-D;3S2+;)e2Fp*m{QuD*6esFY=Z|Wo0q&c+H8db~Zd`C%3?W
z8kqyY`#bc$O|xVeEMW%#xU)eoww#q8+jc$!iU|}ob<fJU0%eUsB$RF`g(;rjOj5rS
z#h%(dlo)q%(*N#ae{kI2O8`CZP?@n42T4&A4GjclmLrSRs$8`H%X~D3tW`3l5gI@#
zJP#MP#&v7IY>-{&w3(|_9&)-XJw`M^A@n9?A(M3|{ZGSf(d8YFsoV>xn^sF;<Z<ks
zgN+m)_J?#11gT`D$$_z|I*)tK9usnXjkY0~L3DcI1-;6xeDl4S3wiZqxn0S67ty(X
zlbroq65nUISGd(D7R$U+-1`qDik|&f7efU0L75%al3x!JL;SUyWB<Drz&9jc3PeP!
z_HPxJk3w7T{-!z0d}}S2*n;->^l8u@S(T3I>jsjC{2v~!;lp<q%-2!h+ew?ey!V_g
zz>(Eta<1~rcO1&hI(KPk4L$#<QF{8Xz(q`|oO@ttW5^<Ny?-ZBYV|+uF#mu0n*Wcn
zX@kcfQiuMLtrz5aix8@8K~=$ohC^Zac|IP6ZVm2iRh0FMqtc@&WmH^B|E<?-Tzvz{
zSUYa<QuZVXrV1_B-Ypv%8anfVaBXqA5#zrXuD5czZaCF_d!}3WGt)Kq4box&4C<*(
zz^NR_jSE3ETA7OL)Mo>1MQoX+hdmRAxkDa`X*b_9L>UY@i1BN_c$>@l2Ih7$Bpd<H
ze|fc{w3#}$Wq3<#Mq{}}bue&8#f<I!r1Lp#`-!~BFv7b%uK{BIv_Ic8WzX16%XE9W
zN6UG-{{Wabm%j3VFna?(dEDXLyh$yFe;Vq^A27)MHL^CV7iD?K!1k5#kEP0A+Ailc
z9!lCIl*gF&gSrPNlkx^KTbw#Za;WtH?aKY|NuPzTf3^CiudfnEHb>G_*YjTV1tjhU
zIgk96z!duhk`Rb+8osF_<YX+rmf?qhdwFgQyAqVOMiHew3(|r~TBgModBAF|Hz@x|
z!Ts<zv(+I@Cp05&`3w2N5ffiU1HyvZ71eOT9fscx&kG{_s}=Ul;qM3fvMRPY{2NuY
zA+Bc|M|x+aYBsIC|E!}1)XUs80duQMUl5<&?{TSnH9j_F$Y!hYATBop7|sziowoYi
zo9(Yr0f1pY{)m^9_K=9F^X2{H#uT5ucO~OawUxy=D_JeSf(yepOp&i-{Is}#UfC5f
zl!~RRn{*`)7;ZHVcI9WhoNixH$bB{^Y*zt~@kDc@w7JpwkKC`##mvJ;Eyq!(=~M5F
z&u+pN>_%MbI{r94TLmRxXCXdzfJ10j9ag9_?4ZB2sEN>Nl3-iftT}J-e63EEaQE+#
z>K`0LW~4+r4W@u+(q61AzKXHj{YF7RmmCYfozWPRh3hkRV9$m5ByJZGG3}1aMw%k3
z=or$#-sDCh+00b1`N0pHBuT6kyhg$FJj2{yov8M}?Bms;vDNw)OCcC$w#PIV5JkUf
z1Tua(Se=*_#tK-}{A|W;AOrIdUKIrD*z_mnz-9AWW-+s7zF@6wr9#g|^=l8EG}3tT
z9QmNHcCe>;miw<_zq==ft0b))2CWzh|KPKy<#9-V&@N1l(Sc=`)lfKu-C>rzR`{T#
z^w}BR$?;wN7s?|PSKh4B<N6Tk#R%Q-5la`r?+%^q<89>HOO8ZIE0aMqOVdF(aHi?_
zj_XojCw;uWqwI_m9dI)Zz>c8gY~|y(S9xLMoI8A8r}?~y(!vM)M$e_~<Hm7LID0pO
zZBY)C?`0mpi=EJn_7jJ{c7(;hOR_8lQUpfa*CmYmx^tYT^jN`ikwUx3U2l_FY5en4
znLI&?BZN})l`UIn`3?9t&2|ocIlIMVaYxKtT%h0d90r~!X08+Jzey#YRE{c+Jm7j2
z?i^vVm}Bp`m0eQ$&RAv2j3gLsX>5TEoLCd#ld4}dcB|L!5k{5w6kLKrq#15ksDHdu
zCvIgEThiRh^s2(3CsOBq%7^kO!qiZnnu?2Gm=^MyASohWN{F@|P}Ly`zS^x2ZZHlL
zwYfnuZPxlTM{fE=*d0NEmq`yf6-zc>Dr(>6=`9GU8cNr0KXqNB)s}801*sJE=Xkxe
zQO?I&(Kg@LQH)uN-p3b<7$SwXlLggr4XH9_xh9DdLJSVx<MD?}Tw#@ZvV#3@IUCt)
z%H5d=1~UyebzPYxCZ*X5C_Cn^IBJ>9&lchY_J{G^);=ArHpMHT(&r&@bE6O|W95&+
zRfVs=vnXdVnAj^Sv*lWCmL_ud&Q3*csyG4PI4ARbj%8vZG$1$<)eCz=48$Nax!{V-
z8^hJOMk>k7I;=;*8KQ0uQY2|$Da1owB(YDuTJoqyT$)4CdUgfm`t!Wz4J=M5YWIh>
zUui*V6J_RWg(L#)u23wbb)E^05tp!GnpCzlXE|$41>9=4_1)gFYc^zOu4o>oyhro$
z7;BFfA$ByP8-bWKrt^4?>@YtRm_E0EeY+&PhT}1pH_<{oNX>TQ>Xci9V;2(l)q`OR
z^Iqm#3^E&2v=tCpE-B`yv;0nX_dUg5V<9I!s7qUN)|N!(axNn$7sY#58!~hB)i9*C
zXm*Tr9a{&`kxx6=8?dQn4sYGTup7b;#f|{3Qo}a4e00rRi^>)-tDv1gTol9BOyN06
z%cMoVw6Z}W{;biu!^GLaXaV~(8BWK8-=_HR2W74k!aRotV2ntm=BrXdVyv6BvrimV
zXbIyTHah#>9gki4#}(1Gfx|eXDx=0*+v&HL%EZ0-i)CDu)&m8}McJ%HEs^5N*A^5f
z&9?%P?RJ<YW94DyxaJ#xv=8#8NsX3n{7Nyy?YN^d-!bW%zyl}#PPuKhvZ+Fd{4eQo
zPCQFn26h!N;hH{dP*Z-lf=lfqgqu!S7du=RMD^M)w|DWxMRAjW#H5tK3enA+*6<?h
z4nlCmnR(wiQu9#N_9d9|`ZvvK>pA@L`(`-lu4!M*G0(P1#QtxZm2_kyrL^nE-EG<e
zhsDnK^s1zSwGU{gstsfUnlL($0mg(KFSXSsQlosxwhdAbAqzr3Ae-WU9{fDBb6$D*
z#Xp#kZ45hOJqq;M+2LTD@6&t9VTWjddVXNw8xW+9LDs&%SM;1i2h+{kL?HkC2Se@O
zml*f}2GOZcs|2oykaNO!uji9jmo5sIZw4NmvUH^qQS$C7JD-$NGA_?Xhww*d!dklX
zd#iant7AQ>Gj#O8Bp;U#?IyPeO$$s#i>o<WQ}M%gcKwH+U%!1ubKOqhNU8Q%bVJp}
z_aQxLf;F{7RWjP^$$as?MH0x_72UO0P6sm}p19jOshs^9^x;$iWri6bzsrWrhx&zZ
zy-PCUN9VLs_^rdk9$A3PD#YJ?_#?8rj=rM&UCEEuShPKlfnEr5F@R-o&fVY)LQ)2C
zjIG}C<mCQWH%jpP#}zrV?k7!l-y4O0(*TxyaUR;a@_%^-rd#bB$ks0$dTxt$tyg$B
zwQhdNAkJ5wI;4_O@3=izFTAH1$4=^h8V^|L`qwjKEatr5Z0Bi1wf2I#a<5$Zmjrso
zA(e`fgPitFK#1EwM{f|<e`z@{tgt*E+Ho9m9;e?1(gi**E6mO6C${)Ss|@JJZD`NW
zxnvBW$~Cl#0RbL046MHvR;&X<e$y0f9Hg@v_@??!$}a51o!obOf}1tG6N1lF#ms)J
zRDEA=TGjmBKj3pj{`^vncZim|D_&&{BI9i*_o#h_c`t*d3665b9SXK4jH(j&y4j=i
zBj_$EodextOBFyRbu}_#{EZKU&4|#$Z<w6{NHW6+6f-e)cf_}}ZKUbl9~1T=q5s^4
zF8{BlVHQ7@#2wrCvWY_p3ECeE(LT3{{73IDG){QEN+&Tg<4xGZK4`p3oYRYL@3pmZ
z_@89(3=z!8oMIyeb#Nie&PDNC;T8|9PcqlN|8Ol&FBb!J0)sR;gZaahn*`iByu{Ta
zU>h3+dQS!$YeR||>25*8KJZuHEZ{HZCh<Y0<4)oddoQM3{!MemO<UdX*6#bSr^Pr1
zbHsLY!h>Hys+_AR;1Q!C$)TBnwXca@<9`zLZ_f?YalWvK{45KAlQ(uU5k@};y*Bt$
zRT&`_Vu%8&I&STrJzh;NWE&-rPP%6{&?Z*DdTSy~jQq`6DRnT+B!0fa!KTj&g)g?%
z(geYRgrP@0JGbA`@EG+)_vS2T7niqan?o^;Ud8t_RF)5^_fh$7KrK6f#&$XE$64@W
zOPn6+^j@&oYUG1FmTSEb3sR%k(t{Y!!XWK8L)gJms<IeIerb8f63qn<(y6%bN2UpL
z(Qy%WrK~}udEESfc4iVMwNIVIuL;uH7P_*^ddk@GL1jCIE=hJ!8m{M?+=2zUQ(;zO
zVS_(<pW;<!A0`e+qN%!Ri>G_9I|OO2JF7;CYtC;u`g9h^^}5W+Y%0ZheqeqixPOER
z@;!AZ?(*5&mpy&4i2Z4?RxME0VqEe>DhQIE-OA96OOarg?@NxxAmU+36kYlc;Gdv~
zT$(GNB))i+9NCvUyQhBCwI$3uAwVO|VLykM9p<16Sz0J1XWiD{G<i6-W#);9s}>2(
zpGQ}t)x8ow*1F9H-Tsm*n1}kd3*1@zIRcMaU0e4!I^S))6G68i-M!BSmm26z;rAXl
zw3d}jUE$M~+a9fjrb1C|Ftwv|+VGp*ls21ADspF7cVdCBx`<@jM9zfgd!KA)3XTvl
ze3FTUffL06ziE^O#Rq6EW~Y3i8w*fk=iDmOk;pzkwx;lMLZX=ll*4WF%vAwvp7Xzy
zk-ur~HZGm9wYZ?y#nPS9lDHAeCDq;Tc6>ux$zId~TP!aIABc-Q-<xsGa+T)7VPc?}
zQ@e46Nlua9M3zVZyWTaQP0Mh|WxxSh!ybiu#Ev`POSxKn`A9PYu(docI{v5WR&;Mo
zXzrS=nQ&63URLrD9;4j|^7QKlbqv5DXK^$)F@FGPp>CR)(pW{>sBe0A*Gv*4<r&S@
dj((^RCLGn7%^ttd&NIUmvywy})6oB(`41;d3C{ok


From cbe88dde5bc3ce72029979dc185f81d4dd98131e Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Wed, 12 Jan 2022 15:24:46 +0200
Subject: [PATCH 14/16] according the community review decision: modified init
 flow defaults in yang model and HLD, add bash example using expiration time

---
 doc/passw_hardening/hld_password_hardening.md | 46 ++++++++++++++-----
 doc/passw_hardening/sonic-passwh.yang         | 12 ++---
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index 056457e9b9a..ceb736f5c31 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -189,6 +189,30 @@ For implement the "aging" we need to change the /etc/login.def file and set max
 For read the information per user we will use the "chage" library.
 In addition, when we change the file /etc/login.def its change globally by only new users, so basically for change existing users expired day we need to iterate every one of them using the "chage" lib.
 
+See the example below regarding global expiration time and warning time:
+
+	# /etc/login.def
+	# Password aging controls:
+	#
+	#       PASS_MAX_DAYS   Maximum number of days a password may be used.
+	#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
+	#       PASS_WARN_AGE   Number of days warning given before a password expires.
+	#
+	PASS_MAX_DAYS   1
+	PASS_MIN_DAYS   0
+	PASS_WARN_AGE   7
+
+As a result of the changes above, new users will have an expiration time of 1 day, so warning time notification will be prompt in the terminal:
+
+	root@arc-switch1004:/home/admin# adduser test_user1
+	root@arc-switch1004:/home/admin# su test_user1
+	Warning: your password will expire in 1 day
+
+Regaring the policy when expiration time end (PASS_MAX_DAYS):
+
+The maximum number of days a password may be used. If the
+password is older than this, a password change will be
+forced. In other words, the user remained block until he update a new password.
 
 ##### PW username-match
 By enabling this feature, the user will not be permitted to set the same username & password
@@ -207,15 +231,15 @@ For saving password with sha512, need to modify the /etc/pam.d/system-auth-a fil
 
 ###  1.8. <a name='InitFlow'></a>Init Flow
 ####  1.8.1. <a name='Compilation'></a>Compilation
-This feature will be disabled by default in the compilation stage, this means that it will be not compiled and will be added only when the user specifically adds the relevant compilation flag "INCLUDE_PASSWH" in sonic-buildimage/rules/config file.
+This feature will be enabled by default in the compilation stage, this means that it will be compiled, and will be not compiled only when the user specifically adds the relevant compilation flag "INCLUDE_PASSWH=n" in sonic-buildimage/rules/config file.
 
 In addition, the feature will have CLI as a "plugin", meaning that when the feature is not compiled will be not appear in the CLI of the switch, and vice versa.
 
 Feature enable details:
-If the user added the compilation flag to the image, a user can still enable or disable this feature.
-By default if the feature was compiled, the feature status will be enabled, meaning that the switch will boot with the feature enable.
-the enable default configuration can be founded in init_cfg.json.j2 file.
-In case, the user want to disable the feature it can be done by using the Sonic CLI (details in CLI chapter).
+when compilation flag is enabled(default value), users can still enable or disable this feature in runtime.
+By default if the feature was compiled, the feature status will be disabled, meaning that the switch will boot with the feature compiled, but disable.
+the disable default configuration can be founded in init_cfg.json.j2 file.
+In case, the user want to enable the feature it can be done by using the Sonic CLI (details in CLI chapter).
 
 ####  1.8.2. <a name='Dependencies'></a>Dependencies
 Service dependencies: same dependencies as HOSTCFGD, INIT_CONF and NTP service.
@@ -316,7 +340,7 @@ module sonic-passwh {
 				leaf state {
 					description "state of the feature";
 					type feature_state;
-					default "enabled";
+					default "disabled";
 				}
 				leaf expiration {
 					description "expiration time (days unit)";
@@ -355,27 +379,27 @@ module sonic-passwh {
 				}
 				leaf username_passw_match{
 					description "username password match";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf lower_class{
 					description "password lower chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf upper_class{
 					description "password upper chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf digits_class{
 					description "password digits chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf special_class{
 					description "password special chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 			}/*container policies */
diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
index 2cd24f3f6cf..273ad4d09a5 100644
--- a/doc/passw_hardening/sonic-passwh.yang
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -23,7 +23,7 @@ module sonic-passwh {
 				leaf state {
 					description "state of the feature";
 					type feature_state;
-					default "enabled";
+					default "disabled";
 				}
 				leaf expiration {
 					description "expiration time (days unit)";
@@ -62,27 +62,27 @@ module sonic-passwh {
 				}
 				leaf username_passw_match{
 					description "username password match";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf lower_class{
 					description "password lower chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf upper_class{
 					description "password upper chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf digits_class{
 					description "password digits chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 				leaf special_class{
 					description "password special chars policy";
-					default "true";
+					default true;
 					type boolean;
 				}
 			}/*container policies */

From 089b2dd5d58339597606eb96365a4686a1997849 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Wed, 19 Jan 2022 10:27:48 +0200
Subject: [PATCH 15/16] change name of history field to history_cnt

---
 doc/passw_hardening/hld_password_hardening.md | 2 +-
 doc/passw_hardening/sonic-passwh.yang         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/passw_hardening/hld_password_hardening.md b/doc/passw_hardening/hld_password_hardening.md
index ceb736f5c31..a4f36e920e7 100644
--- a/doc/passw_hardening/hld_password_hardening.md
+++ b/doc/passw_hardening/hld_password_hardening.md
@@ -356,7 +356,7 @@ module sonic-passwh {
 						range 1..30;
 					}
 				}
-				leaf history {
+				leaf history_cnt {
 					description "num of old password that the system will recorded";
 					default 10;
 					type uint8 {
diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
index 273ad4d09a5..5a29a4028a7 100644
--- a/doc/passw_hardening/sonic-passwh.yang
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -39,7 +39,7 @@ module sonic-passwh {
 						range 1..30;
 					}
 				}
-				leaf history {
+				leaf history_cnt {
 					description "num of old password that the system will recorded";
 					default 10;
 					type uint8 {

From 71269e34d0893c46137a86981e75de967c183af2 Mon Sep 17 00:00:00 2001
From: David Pilnik <davidpil@nvidia.com>
Date: Thu, 20 Jan 2022 10:14:45 +0200
Subject: [PATCH 16/16] fix yang model, move typedef definition in the
 container

---
 doc/passw_hardening/sonic-passwh.yang | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/doc/passw_hardening/sonic-passwh.yang b/doc/passw_hardening/sonic-passwh.yang
index 5a29a4028a7..b053aa46d02 100644
--- a/doc/passw_hardening/sonic-passwh.yang
+++ b/doc/passw_hardening/sonic-passwh.yang
@@ -1,22 +1,23 @@
 module sonic-passwh {
     yang-version 1.1;
     namespace "http://github.com/Azure/sonic-passwh";
-	prefix passwh;
+    prefix passwh;
 
     description "PASSWORD HARDENING YANG Module for SONiC OS";
 
-	revision 2021-10-12 {
-        description
-            "First Revision";
+    revision 2021-10-12 {
+        description "First Revision";
     }
-    typedef feature_state {
-        type enumeration {
-			enum enabled;
-			enum disabled;
-		}
-	}
 
     container sonic-passwh {
+
+        typedef feature_state {
+            type enumeration {
+                enum enabled;
+                enum disabled;
+            }
+        }
+
 		container PASSWH {
 			description "PASSWORD HARDENING part of config_db.json";
 			container POLICIES {