From 38116e89fdb8a36db94a8d1453912bd71ea53013 Mon Sep 17 00:00:00 2001
From: gchaps <33642766+gchaps@users.noreply.github.com>
Date: Mon, 10 May 2021 13:01:56 -0700
Subject: [PATCH 01/11] [DOCS] Adds link between security docs (#99669)

---
 docs/user/security/authentication/index.asciidoc | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc
index 805ae924a599e..54142a6fe39e3 100644
--- a/docs/user/security/authentication/index.asciidoc
+++ b/docs/user/security/authentication/index.asciidoc
@@ -7,6 +7,7 @@
 
 {kib} supports the following authentication mechanisms:
 
+- <<multiple-authentication-providers>>
 - <<basic-authentication>>
 - <<token-authentication>>
 - <<pki-authentication>>
@@ -16,7 +17,12 @@
 - <<anonymous-authentication>>
 - <<http-authentication>>
 
-Enable multiple authentication mechanisms at the same time specifying a prioritized list of the authentication _providers_ (typically of various types) in the configuration. Providers are consulted in ascending order. Make sure each configured provider has a unique name (e.g. `basic1` or `saml1` in the configuration example) and `order` setting. In the event that two or more providers have the same name or `order`, {kib} will fail to start.
+For an introduction to {kib}'s security features, including the login process, refer to <<tutorial-secure-access-to-kibana>>.
+
+[[multiple-authentication-providers]]
+==== Multiple authentication providers
+
+Enable multiple authentication mechanisms at the same time by specifying a prioritized list of the authentication _providers_ (typically of various types) in the configuration. Providers are consulted in ascending order. Make sure each configured provider has a unique name (e.g. `basic1` or `saml1` in the configuration example) and `order` setting. In the event that two or more providers have the same name or `order`, {kib} will fail to start.
 
 When two or more providers are configured, you can choose the provider you want to use on the Login Selector UI. The order the providers appear is determined by the `order` setting. The appearance of the specific provider entry can be customized with the `description`, `hint`, and `icon` settings.
 
@@ -24,7 +30,7 @@ TIP: To provide login instructions to users, use the `xpack.security.loginHelp`
 
 If you don't want a specific provider to show up at the Login Selector UI (e.g. to only support third-party initiated login) you can hide it with `showInSelector` setting set to `false`. However, in this case, the provider is presented in the provider chain and may be consulted during authentication based on its `order`. To disable the provider, use the `enabled` setting.
 
-TIP: The Login Selector UI can also be disabled or enabled with `xpack.security.authc.selector.enabled` setting. 
+TIP: The Login Selector UI can also be disabled or enabled with `xpack.security.authc.selector.enabled` setting.
 
 Here is how your `kibana.yml` and Login Selector UI can look like if you deal with multiple authentication providers:
 
@@ -292,9 +298,9 @@ xpack.security.authc.providers:
     order: 1
 -----------------------------------------------
 
-IMPORTANT: {kib} uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications. 
+IMPORTANT: {kib} uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications.
 At the end of the Kerberos handshake, {kib} forwards the service ticket to {es}, then {es} unpacks the service ticket and responds with an access and refresh token, which are used for subsequent authentication.
-On every {es} node that {kib} connects to, the keytab file should always contain the HTTP service principal for the {kib} host. 
+On every {es} node that {kib} connects to, the keytab file should always contain the HTTP service principal for the {kib} host.
 The HTTP service principal name must have the `HTTP/kibana.domain.local@KIBANA.DOMAIN.LOCAL` format.
 
 
@@ -386,7 +392,7 @@ xpack.security.authc.providers:
 [[anonymous-access-and-embedding]]
 ===== Anonymous access and embedding
 
-One of the most popular use cases for anonymous access is when you embed {kib} into other applications and don't want to force your users to log in to view it. 
+One of the most popular use cases for anonymous access is when you embed {kib} into other applications and don't want to force your users to log in to view it.
 If you configured {kib} to use anonymous access as the sole authentication mechanism, you don't need to do anything special while embedding {kib}.
 
 If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding dashboards and visualizations:

From 7262ac53c2ade6cce273a4ca56ab0fbfc128c3b2 Mon Sep 17 00:00:00 2001
From: Brian Seeders <brian.seeders@elastic.co>
Date: Mon, 10 May 2021 16:38:32 -0400
Subject: [PATCH 02/11] [CI] Don't do CI stats reporting/failures for feature
 branch PRs (#99668)

---
 Jenkinsfile          |  2 +-
 vars/githubPr.groovy | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 4c8f126b4883b..db5ae306e6e2e 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -6,7 +6,7 @@ kibanaLibrary.load()
 kibanaPipeline(timeoutMinutes: 210, checkPrChanges: true, setCommitStatus: true) {
   slackNotifications.onFailure(disabled: !params.NOTIFY_ON_FAILURE) {
     githubPr.withDefaultPrComments {
-      ciStats.trackBuild(requireSuccess: githubPr.isPr()) {
+      ciStats.trackBuild(requireSuccess: githubPr.isTrackedBranchPr()) {
         catchError {
           retryable.enable()
           kibanaPipeline.allCiTasks()
diff --git a/vars/githubPr.groovy b/vars/githubPr.groovy
index a2a3a81f253a0..594d54f2c5b5e 100644
--- a/vars/githubPr.groovy
+++ b/vars/githubPr.groovy
@@ -64,6 +64,10 @@ def isPr() {
   return !!(env.ghprbPullId && env.ghprbPullLink && env.ghprbPullLink =~ /\/elastic\/kibana\//)
 }
 
+def isTrackedBranchPr() {
+  return isPr() && (env.ghprbTargetBranch == 'master' || env.ghprbTargetBranch == '6.8' || env.ghprbTargetBranch =~ /[7-8]\.[x0-9]+/)
+}
+
 def getLatestBuildComment() {
   return getComments()
     .reverse()
@@ -234,8 +238,10 @@ def getNextCommentMessage(previousCommentInfo = [:], isFinal = false) {
 
   messages << getTestFailuresMessage()
 
-  if (isFinal) {
-    messages << ciStats.getMetricsReport()
+  catchErrors {
+    if (isFinal && isTrackedBranchPr()) {
+      messages << ciStats.getMetricsReport()
+    }
   }
 
   if (info.builds && info.builds.size() > 0) {

From 59f42ec148df30c60617e3c56794e2b938037e40 Mon Sep 17 00:00:00 2001
From: "Christiane (Tina) Heiligers" <christiane.heiligers@elastic.co>
Date: Mon, 10 May 2021 14:12:24 -0700
Subject: [PATCH 03/11] [Saved object migrations] Collect all documents that
 fail to transform before stopping the migration (#96986)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../migrations/core/document_migrator.test.ts |  14 +-
 .../migrations/core/document_migrator.ts      |  13 +-
 .../saved_objects/migrations/core/index.ts    |   6 +
 .../migrations/core/migrate_raw_docs.test.ts  | 162 +++++++++-
 .../migrations/core/migrate_raw_docs.ts       | 121 +++++++-
 ...nsform_saved_object_document_error.test.ts |  60 ++++
 .../transform_saved_object_document_error.ts  |  32 ++
 .../migrations/kibana/kibana_migrator.ts      |   9 +-
 .../migrationsv2/actions/index.test.ts        |  12 -
 .../migrationsv2/actions/index.ts             |  30 +-
 .../integration_tests/actions.test.ts         |  47 ++-
 ....0_migrated_with_corrupt_outdated_docs.zip | Bin 0 -> 444632 bytes
 .../integration_tests/cleanup.test.ts         |   2 +-
 .../corrupt_outdated_docs.test.ts             | 154 ++++++++++
 .../migrations_state_action_machine.ts        |   7 -
 .../saved_objects/migrationsv2/model.test.ts  | 283 ++++++++++++++++--
 .../saved_objects/migrationsv2/model.ts       | 214 ++++++++++---
 .../server/saved_objects/migrationsv2/next.ts |  16 +-
 .../saved_objects/migrationsv2/types.ts       |  39 ++-
 19 files changed, 1048 insertions(+), 173 deletions(-)
 create mode 100644 src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.test.ts
 create mode 100644 src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.ts
 create mode 100644 src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_migrated_with_corrupt_outdated_docs.zip
 create mode 100644 src/core/server/saved_objects/migrationsv2/integration_tests/corrupt_outdated_docs.test.ts

diff --git a/src/core/server/saved_objects/migrations/core/document_migrator.test.ts b/src/core/server/saved_objects/migrations/core/document_migrator.test.ts
index 1cf408ea96a56..45286f158edb1 100644
--- a/src/core/server/saved_objects/migrations/core/document_migrator.test.ts
+++ b/src/core/server/saved_objects/migrations/core/document_migrator.test.ts
@@ -11,6 +11,7 @@ import { set } from '@elastic/safer-lodash-set';
 import _ from 'lodash';
 import { SavedObjectUnsanitizedDoc } from '../../serialization';
 import { DocumentMigrator } from './document_migrator';
+import { TransformSavedObjectDocumentError } from './transform_saved_object_document_error';
 import { loggingSystemMock } from '../../../logging/logging_system.mock';
 import { SavedObjectsType } from '../../types';
 import { SavedObjectTypeRegistry } from '../../saved_objects_type_registry';
@@ -724,6 +725,12 @@ describe('DocumentMigrator', () => {
 
     it('logs the original error and throws a transform error if a document transform fails', () => {
       const log = mockLogger;
+      const failedDoc = {
+        id: 'smelly',
+        type: 'dog',
+        attributes: {},
+        migrationVersion: {},
+      };
       const migrator = new DocumentMigrator({
         ...testOpts(),
         typeRegistry: createRegistry({
@@ -737,12 +744,6 @@ describe('DocumentMigrator', () => {
         log,
       });
       migrator.prepareMigrations();
-      const failedDoc = {
-        id: 'smelly',
-        type: 'dog',
-        attributes: {},
-        migrationVersion: {},
-      };
       try {
         migrator.migrate(_.cloneDeep(failedDoc));
         expect('Did not throw').toEqual('But it should have!');
@@ -751,6 +752,7 @@ describe('DocumentMigrator', () => {
           "Failed to transform document smelly. Transform: dog:1.2.3
           Doc: {\\"id\\":\\"smelly\\",\\"type\\":\\"dog\\",\\"attributes\\":{},\\"migrationVersion\\":{}}"
         `);
+        expect(error).toBeInstanceOf(TransformSavedObjectDocumentError);
         expect(loggingSystemMock.collect(mockLoggerFactory).error[0][0]).toMatchInlineSnapshot(
           `[Error: Dang diggity!]`
         );
diff --git a/src/core/server/saved_objects/migrations/core/document_migrator.ts b/src/core/server/saved_objects/migrations/core/document_migrator.ts
index 1dd4a8fbf6388..4f58397866cfb 100644
--- a/src/core/server/saved_objects/migrations/core/document_migrator.ts
+++ b/src/core/server/saved_objects/migrations/core/document_migrator.ts
@@ -62,6 +62,7 @@ import {
   SavedObjectsType,
 } from '../../types';
 import { MigrationLogger } from './migration_logger';
+import { TransformSavedObjectDocumentError } from '.';
 import { ISavedObjectTypeRegistry } from '../../saved_objects_type_registry';
 import { SavedObjectMigrationFn, SavedObjectMigrationMap } from '../types';
 import { DEFAULT_NAMESPACE_STRING } from '../../service/lib/utils';
@@ -679,9 +680,15 @@ function wrapWithTry(
       const failedTransform = `${type.name}:${version}`;
       const failedDoc = JSON.stringify(doc);
       log.error(error);
-
-      throw new Error(
-        `Failed to transform document ${doc?.id}. Transform: ${failedTransform}\nDoc: ${failedDoc}`
+      // To make debugging failed migrations easier, we add items needed to convert the
+      // saved object id to the full raw id (the id only contains the uuid part) and the full error itself
+      throw new TransformSavedObjectDocumentError(
+        doc.id,
+        doc.type,
+        doc.namespace,
+        failedTransform,
+        failedDoc,
+        error
       );
     }
   };
diff --git a/src/core/server/saved_objects/migrations/core/index.ts b/src/core/server/saved_objects/migrations/core/index.ts
index 1e51983a0ffbd..ca54d6876ad75 100644
--- a/src/core/server/saved_objects/migrations/core/index.ts
+++ b/src/core/server/saved_objects/migrations/core/index.ts
@@ -15,3 +15,9 @@ export type { MigrationResult, MigrationStatus } from './migration_coordinator';
 export { createMigrationEsClient } from './migration_es_client';
 export type { MigrationEsClient } from './migration_es_client';
 export { excludeUnusedTypesQuery } from './elastic_index';
+export { TransformSavedObjectDocumentError } from './transform_saved_object_document_error';
+export type {
+  DocumentsTransformFailed,
+  DocumentsTransformSuccess,
+  TransformErrorObjects,
+} from './migrate_raw_docs';
diff --git a/src/core/server/saved_objects/migrations/core/migrate_raw_docs.test.ts b/src/core/server/saved_objects/migrations/core/migrate_raw_docs.test.ts
index 45e73f7dfae30..1d43e2f54a726 100644
--- a/src/core/server/saved_objects/migrations/core/migrate_raw_docs.test.ts
+++ b/src/core/server/saved_objects/migrations/core/migrate_raw_docs.test.ts
@@ -7,10 +7,17 @@
  */
 
 import { set } from '@elastic/safer-lodash-set';
+import * as Either from 'fp-ts/lib/Either';
 import _ from 'lodash';
 import { SavedObjectTypeRegistry } from '../../saved_objects_type_registry';
 import { SavedObjectsSerializer } from '../../serialization';
-import { migrateRawDocs } from './migrate_raw_docs';
+import {
+  DocumentsTransformFailed,
+  DocumentsTransformSuccess,
+  migrateRawDocs,
+  migrateRawDocsSafely,
+} from './migrate_raw_docs';
+import { TransformSavedObjectDocumentError } from './transform_saved_object_document_error';
 
 describe('migrateRawDocs', () => {
   test('converts raw docs to saved objects', async () => {
@@ -120,3 +127,156 @@ describe('migrateRawDocs', () => {
     ).rejects.toThrowErrorMatchingInlineSnapshot(`"error during transform"`);
   });
 });
+
+describe('migrateRawDocsSafely', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('converts raw docs to saved objects', async () => {
+    const transform = jest.fn<any, any>((doc: any) => [
+      set(_.cloneDeep(doc), 'attributes.name', 'HOI!'),
+    ]);
+    const task = migrateRawDocsSafely(
+      new SavedObjectsSerializer(new SavedObjectTypeRegistry()),
+      transform,
+      [
+        { _id: 'a:b', _source: { type: 'a', a: { name: 'AAA' } } },
+        { _id: 'c:d', _source: { type: 'c', c: { name: 'DDD' } } },
+      ]
+    );
+    const result = (await task()) as Either.Right<DocumentsTransformSuccess>;
+    expect(result._tag).toEqual('Right');
+    expect(result.right.processedDocs).toEqual([
+      {
+        _id: 'a:b',
+        _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+      },
+      {
+        _id: 'c:d',
+        _source: { type: 'c', c: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+      },
+    ]);
+
+    const obj1 = {
+      id: 'b',
+      type: 'a',
+      attributes: { name: 'AAA' },
+      migrationVersion: {},
+      references: [],
+    };
+    const obj2 = {
+      id: 'd',
+      type: 'c',
+      attributes: { name: 'DDD' },
+      migrationVersion: {},
+      references: [],
+    };
+    expect(transform).toHaveBeenCalledTimes(2);
+    expect(transform).toHaveBeenNthCalledWith(1, obj1);
+    expect(transform).toHaveBeenNthCalledWith(2, obj2);
+  });
+
+  test('returns a `left` tag when encountering a corrupt saved object document', async () => {
+    const transform = jest.fn<any, any>((doc: any) => [
+      set(_.cloneDeep(doc), 'attributes.name', 'TADA'),
+    ]);
+    const task = migrateRawDocsSafely(
+      new SavedObjectsSerializer(new SavedObjectTypeRegistry()),
+      transform,
+      [
+        { _id: 'foo:b', _source: { type: 'a', a: { name: 'AAA' } } },
+        { _id: 'c:d', _source: { type: 'c', c: { name: 'DDD' } } },
+      ]
+    );
+    const result = (await task()) as Either.Left<DocumentsTransformFailed>;
+    expect(transform).toHaveBeenCalledTimes(1);
+    expect(result._tag).toEqual('Left');
+    expect(Object.keys(result.left)).toEqual(['type', 'corruptDocumentIds', 'transformErrors']);
+    expect(result.left.corruptDocumentIds.length).toEqual(1);
+    expect(result.left.transformErrors.length).toEqual(0);
+  });
+
+  test('handles when one document is transformed into multiple documents', async () => {
+    const transform = jest.fn<any, any>((doc: any) => [
+      set(_.cloneDeep(doc), 'attributes.name', 'HOI!'),
+      { id: 'bar', type: 'foo', attributes: { name: 'baz' } },
+    ]);
+    const task = migrateRawDocsSafely(
+      new SavedObjectsSerializer(new SavedObjectTypeRegistry()),
+      transform,
+      [{ _id: 'a:b', _source: { type: 'a', a: { name: 'AAA' } } }]
+    );
+    const result = (await task()) as Either.Right<DocumentsTransformSuccess>;
+    expect(result._tag).toEqual('Right');
+    expect(result.right.processedDocs).toEqual([
+      {
+        _id: 'a:b',
+        _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+      },
+      {
+        _id: 'foo:bar',
+        _source: { type: 'foo', foo: { name: 'baz' }, references: [] },
+      },
+    ]);
+
+    const obj = {
+      id: 'b',
+      type: 'a',
+      attributes: { name: 'AAA' },
+      migrationVersion: {},
+      references: [],
+    };
+    expect(transform).toHaveBeenCalledTimes(1);
+    expect(transform).toHaveBeenCalledWith(obj);
+  });
+
+  test('instance of Either.left containing transform errors when the transform function throws a TransformSavedObjectDocument error', async () => {
+    const transform = jest.fn<any, any>((doc: any) => {
+      throw new TransformSavedObjectDocumentError(
+        `${doc.id}`,
+        `${doc.type}`,
+        `${doc.namespace}`,
+        `${doc.type}1.2.3`,
+        JSON.stringify(doc),
+        new Error('error during transform')
+      );
+    });
+    const task = migrateRawDocsSafely(
+      new SavedObjectsSerializer(new SavedObjectTypeRegistry()),
+      transform,
+      [{ _id: 'a:b', _source: { type: 'a', a: { name: 'AAA' } } }] // this is the raw doc
+    );
+    const result = (await task()) as Either.Left<DocumentsTransformFailed>;
+    expect(transform).toHaveBeenCalledTimes(1);
+    expect(result._tag).toEqual('Left');
+    expect(result.left.corruptDocumentIds.length).toEqual(0);
+    expect(result.left.transformErrors.length).toEqual(1);
+    expect(result.left.transformErrors[0].err.message).toMatchInlineSnapshot(`
+      "Failed to transform document b. Transform: a1.2.3
+      Doc: {\\"type\\":\\"a\\",\\"id\\":\\"b\\",\\"attributes\\":{\\"name\\":\\"AAA\\"},\\"references\\":[],\\"migrationVersion\\":{}}"
+    `);
+  });
+
+  test("instance of Either.left containing errors when the transform function throws an error that isn't a TransformSavedObjectDocument error", async () => {
+    const transform = jest.fn<any, any>((doc: any) => {
+      throw new Error('error during transform');
+    });
+    const task = migrateRawDocsSafely(
+      new SavedObjectsSerializer(new SavedObjectTypeRegistry()),
+      transform,
+      [{ _id: 'a:b', _source: { type: 'a', a: { name: 'AAA' } } }] // this is the raw doc
+    );
+    const result = (await task()) as Either.Left<DocumentsTransformFailed>;
+    expect(transform).toHaveBeenCalledTimes(1);
+    expect(result._tag).toEqual('Left');
+    expect(result.left.corruptDocumentIds.length).toEqual(0);
+    expect(result.left.transformErrors.length).toEqual(1);
+    expect(result.left.transformErrors[0]).toMatchInlineSnapshot(`
+      Object {
+        "err": [Error: error during transform],
+        "rawId": "a:b",
+      }
+    `);
+  });
+});
diff --git a/src/core/server/saved_objects/migrations/core/migrate_raw_docs.ts b/src/core/server/saved_objects/migrations/core/migrate_raw_docs.ts
index 102ec81646a92..461ae1df6bc3d 100644
--- a/src/core/server/saved_objects/migrations/core/migrate_raw_docs.ts
+++ b/src/core/server/saved_objects/migrations/core/migrate_raw_docs.ts
@@ -9,13 +9,32 @@
 /*
  * This file provides logic for migrating raw documents.
  */
-
+import * as TaskEither from 'fp-ts/lib/TaskEither';
+import * as Either from 'fp-ts/lib/Either';
 import {
+  SavedObjectSanitizedDoc,
   SavedObjectsRawDoc,
   SavedObjectsSerializer,
   SavedObjectUnsanitizedDoc,
 } from '../../serialization';
 import { MigrateAndConvertFn } from './document_migrator';
+import { TransformSavedObjectDocumentError } from '.';
+
+export interface DocumentsTransformFailed {
+  readonly type: string;
+  readonly corruptDocumentIds: string[];
+  readonly transformErrors: TransformErrorObjects[];
+}
+export interface DocumentsTransformSuccess {
+  readonly processedDocs: SavedObjectsRawDoc[];
+}
+export interface TransformErrorObjects {
+  readonly rawId: string;
+  readonly err: TransformSavedObjectDocumentError | Error;
+}
+type MigrateFn = (
+  doc: SavedObjectUnsanitizedDoc<unknown>
+) => Promise<Array<SavedObjectUnsanitizedDoc<unknown>>>;
 
 /**
  * Error thrown when saved object migrations encounter a corrupt saved object.
@@ -37,7 +56,6 @@ export class CorruptSavedObjectError extends Error {
 /**
  * Applies the specified migration function to every saved object document in the list
  * of raw docs. Any raw docs that are not valid saved objects will simply be passed through.
- *
  * @param {TransformFn} migrateDoc
  * @param {SavedObjectsRawDoc[]} rawDocs
  * @returns {SavedObjectsRawDoc[]}
@@ -52,15 +70,9 @@ export async function migrateRawDocs(
   for (const raw of rawDocs) {
     const options = { namespaceTreatment: 'lax' as const };
     if (serializer.isRawSavedObject(raw, options)) {
-      const savedObject = serializer.rawToSavedObject(raw, options);
-      savedObject.migrationVersion = savedObject.migrationVersion || {};
+      const savedObject = convertToRawAddMigrationVersion(raw, options, serializer);
       processedDocs.push(
-        ...(await migrateDocWithoutBlocking(savedObject)).map((attrs) =>
-          serializer.savedObjectToRaw({
-            references: [],
-            ...attrs,
-          })
-        )
+        ...(await migrateMapToRawDoc(migrateDocWithoutBlocking, savedObject, serializer))
       );
     } else {
       throw new CorruptSavedObjectError(raw._id);
@@ -69,6 +81,58 @@ export async function migrateRawDocs(
   return processedDocs;
 }
 
+/**
+ * Applies the specified migration function to every saved object document provided
+ * and converts the saved object to a raw document.
+ * Captures the ids and errors from any documents that are not valid saved objects or
+ * for which the transformation function failed.
+ * @returns {TaskEither.TaskEither<DocumentsTransformFailed, DocumentsTransformSuccess>}
+ */
+export function migrateRawDocsSafely(
+  serializer: SavedObjectsSerializer,
+  migrateDoc: MigrateAndConvertFn,
+  rawDocs: SavedObjectsRawDoc[]
+): TaskEither.TaskEither<DocumentsTransformFailed, DocumentsTransformSuccess> {
+  return async () => {
+    const migrateDocNonBlocking = transformNonBlocking(migrateDoc);
+    const processedDocs: SavedObjectsRawDoc[] = [];
+    const transformErrors: TransformErrorObjects[] = [];
+    const corruptSavedObjectIds: string[] = [];
+    const options = { namespaceTreatment: 'lax' as const };
+    for (const raw of rawDocs) {
+      if (serializer.isRawSavedObject(raw, options)) {
+        try {
+          const savedObject = convertToRawAddMigrationVersion(raw, options, serializer);
+          processedDocs.push(
+            ...(await migrateMapToRawDoc(migrateDocNonBlocking, savedObject, serializer))
+          );
+        } catch (err) {
+          if (err instanceof TransformSavedObjectDocumentError) {
+            // the doc id we get from the error is only the uuid part
+            // we use the original raw document _id instead
+            transformErrors.push({
+              rawId: raw._id,
+              err,
+            });
+          } else {
+            transformErrors.push({ rawId: raw._id, err }); // cases we haven't accounted for yet
+          }
+        }
+      } else {
+        corruptSavedObjectIds.push(raw._id);
+      }
+    }
+    if (corruptSavedObjectIds.length > 0 || transformErrors.length > 0) {
+      return Either.left({
+        type: 'documents_transform_failed',
+        corruptDocumentIds: [...corruptSavedObjectIds],
+        transformErrors,
+      });
+    }
+    return Either.right({ processedDocs });
+  };
+}
+
 /**
  * Migration transform functions are potentially CPU heavy e.g. doing decryption/encryption
  * or (de)/serializing large JSON payloads.
@@ -92,3 +156,40 @@ function transformNonBlocking(
       });
     });
 }
+
+/**
+ * Applies the specified migration function to every saved object document provided
+ * and converts the saved object to a raw document
+ * @param {MigrateFn} transformNonBlocking
+ * @param {SavedObjectsRawDoc[]} rawDoc
+ * @returns {Promise<SavedObjectsRawDoc[]>}
+ */
+async function migrateMapToRawDoc(
+  migrateMethod: MigrateFn,
+  savedObject: SavedObjectSanitizedDoc<unknown>,
+  serializer: SavedObjectsSerializer
+): Promise<SavedObjectsRawDoc[]> {
+  return [...(await migrateMethod(savedObject))].map((attrs) =>
+    serializer.savedObjectToRaw({
+      references: [],
+      ...attrs,
+    })
+  );
+}
+
+/**
+ * Sanitizes the raw saved object document
+ * @param {SavedObjectRawDoc} rawDoc
+ * @param options
+ * @param {SavedObjectsSerializer} serializer
+ * @returns {SavedObjectSanitizedDoc<unknown>}
+ */
+function convertToRawAddMigrationVersion(
+  rawDoc: SavedObjectsRawDoc,
+  options: { namespaceTreatment: 'lax' },
+  serializer: SavedObjectsSerializer
+): SavedObjectSanitizedDoc<unknown> {
+  const savedObject = serializer.rawToSavedObject(rawDoc, options);
+  savedObject.migrationVersion = savedObject.migrationVersion || {};
+  return savedObject;
+}
diff --git a/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.test.ts b/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.test.ts
new file mode 100644
index 0000000000000..80c670edd39ba
--- /dev/null
+++ b/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.test.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+import { TransformSavedObjectDocumentError } from './transform_saved_object_document_error';
+
+describe('TransformSavedObjectDocumentError', () => {
+  it('is a special error', () => {
+    const originalError = new Error('Dang diggity!');
+    const err = new TransformSavedObjectDocumentError(
+      'id',
+      'type',
+      'namespace',
+      'failedTransform',
+      'failedDoc',
+      originalError
+    );
+    expect(err).toBeInstanceOf(TransformSavedObjectDocumentError);
+    expect(err.id).toEqual('id');
+    expect(err.namespace).toEqual('namespace');
+    expect(err.stack).not.toBeNull();
+  });
+  it('constructs an special error message', () => {
+    const originalError = new Error('Dang diggity!');
+    const err = new TransformSavedObjectDocumentError(
+      'id',
+      'type',
+      'namespace',
+      'failedTransform',
+      'failedDoc',
+      originalError
+    );
+    expect(err.message).toMatchInlineSnapshot(
+      `
+      "Failed to transform document id. Transform: failedTransform
+      Doc: failedDoc"
+    `
+    );
+  });
+  it('handles undefined namespace', () => {
+    const originalError = new Error('Dang diggity!');
+    const err = new TransformSavedObjectDocumentError(
+      'id',
+      'type',
+      undefined,
+      'failedTransform',
+      'failedDoc',
+      originalError
+    );
+    expect(err.message).toMatchInlineSnapshot(
+      `
+      "Failed to transform document id. Transform: failedTransform
+      Doc: failedDoc"
+    `
+    );
+  });
+});
diff --git a/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.ts b/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.ts
new file mode 100644
index 0000000000000..6a6f87ea1eeb2
--- /dev/null
+++ b/src/core/server/saved_objects/migrations/core/transform_saved_object_document_error.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * Error thrown when saved object migrations encounter a transformation error.
+ * Transformation errors happen when a transform function throws an error for an unsanitized saved object
+ * The id (doc.id) reported in this error class is just the uuid part and doesn't tell users what the full elasticsearch id is.
+ * in order to convert the id to the serialized version further upstream using serializer.generateRawId, we need to provide the following items:
+ * - namespace: doc.namespace,
+ * - type: doc.type,
+ * - id: doc.id,
+ * The new error class helps with v2 migrations.
+ * For backward compatibility with v1 migrations, the error message is the same as what was previously thrown as a plain error
+ */
+
+export class TransformSavedObjectDocumentError extends Error {
+  constructor(
+    public readonly id: string,
+    public readonly type: string,
+    public readonly namespace: string | undefined,
+    public readonly failedTransform: string, // created by document_migrator wrapWithTry as `${type.name}:${version}`;
+    public readonly failedDoc: string,
+    public readonly originalError: Error
+  ) {
+    super(`Failed to transform document ${id}. Transform: ${failedTransform}\nDoc: ${failedDoc}`);
+  }
+}
diff --git a/src/core/server/saved_objects/migrations/kibana/kibana_migrator.ts b/src/core/server/saved_objects/migrations/kibana/kibana_migrator.ts
index e09284b49c86e..f74fe7e7a6e1c 100644
--- a/src/core/server/saved_objects/migrations/kibana/kibana_migrator.ts
+++ b/src/core/server/saved_objects/migrations/kibana/kibana_migrator.ts
@@ -35,7 +35,7 @@ import { SavedObjectsMigrationConfigType } from '../../saved_objects_config';
 import { ISavedObjectTypeRegistry } from '../../saved_objects_type_registry';
 import { SavedObjectsType } from '../../types';
 import { runResilientMigrator } from '../../migrationsv2';
-import { migrateRawDocs } from '../core/migrate_raw_docs';
+import { migrateRawDocsSafely } from '../core/migrate_raw_docs';
 
 export interface KibanaMigratorOptions {
   client: ElasticsearchClient;
@@ -135,7 +135,6 @@ export class KibanaMigrator {
       if (!rerun) {
         this.status$.next({ status: 'running' });
       }
-
       this.migrationResult = this.runMigrationsInternal().then((result) => {
         // Similar to above, don't publish status updates when rerunning in CI.
         if (!rerun) {
@@ -185,7 +184,11 @@ export class KibanaMigrator {
               logger: this.log,
               preMigrationScript: indexMap[index].script,
               transformRawDocs: (rawDocs: SavedObjectsRawDoc[]) =>
-                migrateRawDocs(this.serializer, this.documentMigrator.migrateAndConvert, rawDocs),
+                migrateRawDocsSafely(
+                  this.serializer,
+                  this.documentMigrator.migrateAndConvert,
+                  rawDocs
+                ),
               migrationVersionPerType: this.documentMigrator.migrationVersion,
               indexPrefix: index,
               migrationsConfig: this.soMigrationsConfig,
diff --git a/src/core/server/saved_objects/migrationsv2/actions/index.test.ts b/src/core/server/saved_objects/migrationsv2/actions/index.test.ts
index ba6aafbb2f651..df74a4e1282e4 100644
--- a/src/core/server/saved_objects/migrationsv2/actions/index.test.ts
+++ b/src/core/server/saved_objects/migrationsv2/actions/index.test.ts
@@ -129,18 +129,6 @@ describe('actions', () => {
     });
   });
 
-  describe('transformDocs', () => {
-    it('calls catchRetryableEsClientErrors when the promise rejects', async () => {
-      const task = Actions.transformDocs(client, () => Promise.resolve([]), [], 'my_index', false);
-      try {
-        await task();
-      } catch (e) {
-        /** ignore */
-      }
-      expect(catchRetryableEsClientErrors).toHaveBeenCalledWith(retryableError);
-    });
-  });
-
   describe('reindex', () => {
     it('calls catchRetryableEsClientErrors when the promise rejects', async () => {
       const task = Actions.reindex(
diff --git a/src/core/server/saved_objects/migrationsv2/actions/index.ts b/src/core/server/saved_objects/migrationsv2/actions/index.ts
index 79261aecf675c..d0623de51e4c3 100644
--- a/src/core/server/saved_objects/migrationsv2/actions/index.ts
+++ b/src/core/server/saved_objects/migrationsv2/actions/index.ts
@@ -22,6 +22,10 @@ import {
   catchRetryableEsClientErrors,
   RetryableEsClientError,
 } from './catch_retryable_es_client_errors';
+import {
+  DocumentsTransformFailed,
+  DocumentsTransformSuccess,
+} from '../../migrations/core/migrate_raw_docs';
 export type { RetryableEsClientError };
 
 /**
@@ -46,6 +50,7 @@ export interface ActionErrorTypeMap {
   incompatible_mapping_exception: IncompatibleMappingException;
   alias_not_found_exception: AliasNotFound;
   remove_index_not_a_concrete_index: RemoveIndexNotAConcreteIndex;
+  documents_transform_failed: DocumentsTransformFailed;
 }
 
 /**
@@ -523,28 +528,13 @@ export const closePit = (
 };
 
 /*
- * Transform outdated docs and write them to the index.
+ * Transform outdated docs
  * */
 export const transformDocs = (
-  client: ElasticsearchClient,
   transformRawDocs: TransformRawDocs,
-  outdatedDocuments: SavedObjectsRawDoc[],
-  index: string,
-  // used for testing purposes only
-  refresh: estypes.Refresh
-): TaskEither.TaskEither<
-  RetryableEsClientError | IndexNotFound | TargetIndexHadWriteBlock,
-  'bulk_index_succeeded'
-> =>
-  pipe(
-    TaskEither.tryCatch(
-      () => transformRawDocs(outdatedDocuments),
-      (e) => {
-        throw e;
-      }
-    ),
-    TaskEither.chain((docs) => bulkOverwriteTransformedDocuments(client, index, docs, refresh))
-  );
+  outdatedDocuments: SavedObjectsRawDoc[]
+): TaskEither.TaskEither<DocumentsTransformFailed, DocumentsTransformSuccess> =>
+  transformRawDocs(outdatedDocuments);
 
 /** @internal */
 export interface ReindexResponse {
@@ -747,8 +737,6 @@ export const waitForPickupUpdatedMappingsTask = flow(
     }
   )
 );
-
-/** @internal */
 export interface AliasNotFound {
   type: 'alias_not_found_exception';
 }
diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/actions.test.ts b/src/core/server/saved_objects/migrationsv2/integration_tests/actions.test.ts
index 832d322037465..d0158a4c68f24 100644
--- a/src/core/server/saved_objects/migrationsv2/integration_tests/actions.test.ts
+++ b/src/core/server/saved_objects/migrationsv2/integration_tests/actions.test.ts
@@ -41,6 +41,8 @@ import {
 import * as Either from 'fp-ts/lib/Either';
 import * as Option from 'fp-ts/lib/Option';
 import { ResponseError } from '@elastic/elasticsearch/lib/errors';
+import { DocumentsTransformFailed, DocumentsTransformSuccess } from '../../migrations/core';
+import { TaskEither } from 'fp-ts/lib/TaskEither';
 
 const { startES } = kbnTestServer.createTestServers({
   adjustTimeout: (t: number) => jest.setTimeout(t),
@@ -1014,41 +1016,30 @@ describe('migration actions', () => {
   });
 
   describe('transformDocs', () => {
-    it('applies "transformRawDocs" and writes result into an index', async () => {
-      const index = 'transform_docs_index';
+    it('applies "transformRawDocs" and returns the transformed documents', async () => {
       const originalDocs = [
         { _id: 'foo:1', _source: { type: 'dashboard', value: 1 } },
         { _id: 'foo:2', _source: { type: 'dashboard', value: 2 } },
       ];
 
-      const createIndexTask = createIndex(client, index, {
-        dynamic: true,
-        properties: {},
-      });
-      await createIndexTask();
-
-      async function tranformRawDocs(docs: SavedObjectsRawDoc[]): Promise<SavedObjectsRawDoc[]> {
-        for (const doc of docs) {
-          doc._source.value += 1;
-        }
-        return docs;
+      function innerTransformRawDocs(
+        docs: SavedObjectsRawDoc[]
+      ): TaskEither<DocumentsTransformFailed, DocumentsTransformSuccess> {
+        return async () => {
+          const processedDocs: SavedObjectsRawDoc[] = [];
+          for (const doc of docs) {
+            doc._source.value += 1;
+            processedDocs.push(doc);
+          }
+          return Either.right({ processedDocs });
+        };
       }
+      const transformTask = transformDocs(innerTransformRawDocs, originalDocs);
 
-      const transformTask = transformDocs(client, tranformRawDocs, originalDocs, index, 'wait_for');
-
-      const result = (await transformTask()) as Either.Right<'bulk_index_succeeded'>;
-
-      expect(result.right).toBe('bulk_index_succeeded');
-
-      const { body } = await client.search<{ value: number }>({
-        index,
-      });
-      const hits = body.hits.hits;
-
-      const foo1 = hits.find((h) => h._id === 'foo:1');
-      expect(foo1?._source?.value).toBe(2);
-
-      const foo2 = hits.find((h) => h._id === 'foo:2');
+      const resultsWithProcessDocs = ((await transformTask()) as Either.Right<DocumentsTransformSuccess>)
+        .right.processedDocs;
+      expect(resultsWithProcessDocs.length).toEqual(2);
+      const foo2 = resultsWithProcessDocs.find((h) => h._id === 'foo:2');
       expect(foo2?._source?.value).toBe(3);
     });
   });
diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_migrated_with_corrupt_outdated_docs.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_migrated_with_corrupt_outdated_docs.zip
new file mode 100644
index 0000000000000000000000000000000000000000..726df7782cda3f4afdae7b214eaa482ece1fd725
GIT binary patch
literal 444632
zcmd43W3Xl2k}kYi+cv7UZQHhO+qP}nwr$t8ZQJ%&@9Ep8`=0xri0*&iipUk~$C_iN
zW<FzNJUL}0fI%Pu{`&lODv|%kkN@)p3V;n@sOP9hqofD{08G-9q#OH3oLr#*06`uB
z0RTXd|NK$*pO>3B{@<5F|L5g84vu<`M*p!&Tz!&mz~8U(*J|JZf33oS>OO<{=LRvr
z003zJvWkO|iItJHqk|5;`9IY9Yr((dU({;o$tIYR%S_MCNLP`c=<V$-qF#NE4BAf<
zzmKZ&p`wwH)}<fY+tJ<A1pp=v2FD$RK-LYX5t4H|9cPBknLAkMRD`<!mIau*#ewl1
zM4xrM0?3%ewn+^mzg-N_B<OkTjhx_504G@g4W1geYKnMkOMvG$*bCkt7}ZHx3u|on
zD?M(~u%jNv*bt?Ba69Y(^VNlZL6iWPF|5oGi|wazA(43~_*tCUfe{~YYMhxVS!;?W
z0nvM(aQ)4}VM*a|N)alG$<cA020DOWQIV;%zMYt-zP-IUpO`tMWb$Z#CP`akDR^qy
zo`igaJqFBbUpj-rAm`jX<tL{nc>p95)g~}`ef+*u*7!J_siZfc6chBZ!9zFDKLYk2
zu10Vuk<Xj+@=E#Rc+@}cM*0_5>(H}N8yFk?!_5e_NxFZ@-?*9jN+CTnJ;mI7Co@MQ
zRwq4W?~lt9)6^#bK+fX3rd3(9%NVy;-j?s`bAJJYMQE#wLjZ%E@R5dy@%D9Uk{$yn
z+N1bz4(dWBxB_>@OO|#Tpek}B8_I(!+VUvQ017FHd($g^@hEP=6+)QDC(tO`Qm0FS
z%D$?|y1^;FZXk!&HXtZ|%>YJ?(&SnO4~El-{5Km#tV`tQ0NxBW{@7^sM=<`yMk_sQ
zGh-tMM=Dxs2giR{`lB>S_b>SyOQ+N|<5lCw{$vw)zjC@}Wlwv8L`1m!z4$+Z04FIn
zMMm|bey<O5e_TEyoZ<c+*0H$cs0fuP8DJHR#PF!7P<fC*Fx=<k!;9D84(bQ#OskIx
z(tp!d>W{Xjy1pOD|0g1d|Dvsq(|-lzkBSI?ujc<aAaf~J(AXch@Q0|xw?Ev;UPqzf
zbHR!}RUhW$$#XL?NiTi#%Lp0J$h*PBQ+yfuKrvu){qJWOQFsrh`3||{4jmM5`z7~e
zoiuR;Byh2fg}^6`0gxvG)&?=a72N)^u(S-ClOn<i@UJ5AA310B$3p8lKuE|x`KI?r
z{vQkJET|pK{t*c2Ki2&ve-jAmi~mSDJ=Fhr!uQfrlBfSQ-R72EW6{Bo8R+mGdVw@0
zUx%=}!$u*$`XCWD)WVFy+>OfI$X<mwqsd-DiM~L~+_b5;IAz1~_a;6#i3J$E!FkY#
z2hB~3tt^LAfSnOFXZWZ2r$f1VRB7r+*#fHi`zg031VJhrN*QYi8CX!1I5h0M&E)LK
zE!3sW?0%rhVree%PR~Rl73Q@P(zW<5&rJO89sJ!p(Lb@W5TC}iMXN!>MwJ93h-Sjy
zHWYa`13(W)JxU`kWj8K4DMsczPBSJ&IXgZnBX($S4+9$p2W#u(q{o^|_X-M({Ly~=
z4e{Ud<}a@rGrr|=g8cC+*xx+KbY_1N$KfAtmHK<PHYwRyA`2mJZ=Ns8&nT9D79i$T
z0m5`y#x%EpMO9t8jjURfHLrl<B%fYsYI$&UTunU5@K2Cgg+VkTFbeY;0L8ta&8s5q
zgN^153kv8P#NPDfB3MdBqCpnBp!qj+xa^A8+>EANOip$`dtXo5Y<aA|NmSNz>Wjno
z5qAqHI86%L1Hkvnt}1$+h|7&8wSS@++q@iCU+b!uITaaDF@mC?C)lBn+BQP1!B!i=
z-ZI44EB4KmByunLNW5H(H4dj4#Vas_1)?NXLq5shrcH_*Ib7RWtuj+|gfy(ax`!F_
zu8z`y(~f4FxrIZIcpp<kwypQ)$*#ngtSM(X*=Uq{S1x2_KLKb}rASILHgOl{<~<zH
zGS=qj;gl%mo<m|HUz<o17t;|2THmM}U$ZFS7W*2)1glP9l4!Fq&d){sRuuXGqBYcP
z!Q+mGz^xUS$7AOOWTqEGlkTZfjdb@FV?>BP+cBq#7Xm(`69Q_@s<C0cKo|W15~v?R
zKNQNy=<zB{vrXyh1tVp%NGldBjOiO(D)jTX!f2r@%4goLyT~!#%z{;Ol5qJnn7Q(|
zEGmNR?$rA97sjI$<N}8WI$Y=w<EV6h0WO*G*bD(;(B9dPNPb{^2<N#AUsAJBUO{aK
z|BPb%YjMb4iri{F<desqhrOk&x~t8A$JYBa7VHd4yD73$E=W$49v%nWadz#_zMoJa
z1khrT^IFe#Sj!;aX%=gRI#=rRTaUWs_W?-zZ{Rn-+-%M&XykifFJG;81}VC(xN5%M
z9gd$N+DbdE%@^;9pom6D)bn|`>`LEH2Rj<X^jucut`<&TpL;qP6@!MSz1*!n;WSLP
z%0@FYxmaFC1P5Kd9!Qi>dQ_T_-@$&hKFRr5zJIKa@LaLtY;clMH$Ii(h^IV%pK=rt
z2lZSVrDm{bNt(}*gQ|m{PVjBYD(XgtfnbtrOBS9mg}XwF?NOoHu}{%l0qJr27fipt
ze~b=)nVR;l`?Wv9yU{1HnVK#n%M*~3mKQM~xk4kAE=eN@1vMrsYB2&}2A+x`!Qfee
zEE?0NeNcz>d|Y%c5?N$Xn;l(#fh*8jIvv+<*`mbJ{hWi%E3pgI*an7KuMin<9s*+$
z03AeXN{P38XR0;~o-|d&FmfyYO%82AeGq#ZSX-mrI2Q2E!+*q3=MsOfA*qO*YOLqh
zxbrantb&8Ft^cZWoPX^9gaz5P>r1R=aP1sAm)Z1N<ZiZk8oSGSTY`fsD32SspSwaF
zC|t0#`307?dV00rOOS+c{L(;E!%|+$+9L($zQ4uivR1!Z19RSZhng>qh?l{k;vAAN
z=aYB?V&u-fl-7@VP>VFOp;59mf^u9L`A9ctnVX`TVr5<A_F7NtLTKuZUyd-^Xp>oM
zs-|`!+Tj8l!bBy0TJUulOZoWvxv53*3+(?c?|LvrdXabl0JcPbSBNbBS&05keQ$Di
zQcT=jdxjQpfxt(c!`<A(CE65+rVZ?cmYkv5jPji$CE64X!6hQX6%`ARpTnhj<2=@w
zW;<rP?%1;N+IFgGd*-sxX{zb+dCxf~VYn0&tM;o8=EdXhgrqe=Lx(gk02lTLZ0Q$A
zX^4*QntJdozEZdRSOLOysF1o1X)cYe2Ob>#kq6o2=UTev`cdT#rZGpnBSU6iZ1rg*
z^H|cA%M9)3=(~m&xdST-u8CmmRRQv$g4X&y)4a0?0PuZA^TP+@IE6>vjU=_HfEycV
zHl#NTAslw;_qy7|_b|dRd3wd1fj8R$L+vlgad9<X(fc}jNIi>Vh-Q}NSw!CxQg&Cq
z#HNMJ*G}Zf3tCcN+*mjO;K9=yiz-}bT=tpcnzR!-2DZ<!gRdMs!G~B{*1@BgH_`xv
z-#q6KZ!K>CGl0B6#R{hYd1jJvT#?F=ZWBG+1*z|ptZA%!7p>@MHLX8?R`$x)f+9xR
zHrjT7)(7-b3AVYlxly^gy;AdU;@SoRL$hO?Lp#qpv{6-pLgdzxzyk7pRnwF8QlVZP
z00{Gn0@Op;qK6~g08ayj+c)#B1ne?{6TkWDf*?i)lJ;ui&d>_=;++b;U4uFV$cd(c
z4i11qH`VzHXl7zp_JRMw+HOJiUOYc0Y#`yS;ilTQro|nkqhpkVV-(a~G~^=*1AxMf
zAGPh1NX8Vvv5ALLc|UT60AGw=^-BSmsBOVkE|)yUZg1CspEP%9S-`MDqd<`_py>=i
z_WULQL(pwQsj&TPTWo!|ej%{bCSc>_&jHzXfa+S;&R=%70K;C}bMRJW$uh%RLlq8K
zk)~*1fnx(T1($9YgEZF$Z?5sjA<(ys=F7q||M2N~9)$*w#g7flKwa_baLVs&!6$ac
zPzK)U5fjYRGGHPlw*bh01j}>i98^hE>mKYfQ;^XefHMqBB!9!#*x6+Wt2ZbI*<^tV
zG7hi}-k@8IA;@%g*4sk>u|DEPWQ~7J5>&y?JD6^&ObzN<-1|vGVX${tQiOs!ut5#F
zQRp70(re8Llz$^+PbtaD)Ym$IgyN6Di;r0mYpy0K1yS#fvEbRly{w|mMm21ksYgMt
zky73`;YiJ>KHHxfa+XvyQVUs_?0~zf>eIv<x+D1;eH{5^RdMHrfItBaPyvTXIQBd;
zTz<@AV~$;*pP#YH*fg$4hL2Pr>w$DY0l03cqcey4erz~$&5_5ml|@#QYi}17BVFk7
zzSS;<&pht_=VMG_V5`O0Y{!HJA<yxY*93t#^K)w|RoA(MJY9b&@7o34PW6cIb$xM2
z{gZz=@?J0neHlX<O?<a>o{zTnx{p11ojZ`;Re6Xeq(#R7D-?)~wsFWTG)hnB4uiQ5
z2n8C+30*K7rP=$|zVodZ0S-O+^qq!Il|QEV=72Gd#e9C{>*<6dmYj@t;f80r`C@V4
z&NF1q1o2@T-52$ZEX&<zc8q_$UWV>k$cD=DoJpeA=JtKH6D8?yR4Ocx5`Fv|&msKi
z=7AZcUnV_dlpIQ=49UWg0Yh-9Ta(nPJ6YJT8XDw<atqK#nrspt(52e@fB-BkxV>&C
zIIVn|ghYV8^k^xki2%6j5IX?wc5WD69^qMiwlYu$HRH#X=bW>E=6*MU>KY&1IX!uP
zt>8Oc47CCG?KgLBW~TyKQI3pyv>LT22X*hSMvU0b6>bq*>jKtL9j(xOuK2O=Cc~<Q
z0SpJIaZ}W&wzLbd_6Xtr?EHFHvcu!!5}68hBD{AmDggX;xVI#BJ2<{7V5kqDpf{0R
zbt(Xn-zm1o9YP%JH}Ly9ebki0-#viuEj~aUPnVzN_c*oHPyktgq^;+E-yW&opGIF$
zM|dr?B!E}IU*Y%b68B8D+efIU)BWCfUdxu$cG|4B?32?{X4}`g{oaqbYf%=_cFn|B
zuw1<`ae0aCx<%ANt`2EIThn^5xuix<)<kTcQz$|)laAoWGNL?Nuln3>k6t7CHDI$6
zp||q}>=Xo~?;aZW*qi2qs!{&u`bF8%2$s&@M@Pb+y{g}e!Y`^KFO$JOhhdssJK}X+
zfp|kv(%jbtmBLT6A78EJvx|EtA17PQv+s?-_kxfD8*p0V`OQAL#XKwB(=!tAH*BkB
z5T@kQobyUpQnRCb60(T}D5}`4;=_GwNJlaeWJr%)drO(Fb+-U9c7eemlJ-@u*9eJ2
z#>*MxN1uAwa!?3oroqYNlLokB2ia1nZG`@Q_A}&kAn1o~Ec}VGXIk_|yPRiUO;wAI
zo7Jx_a19HC5Rfj)NKG#+*<Lasp|EU=P)~_#n%Z825c={KL*1w6cA?hzn(y7AkX3gQ
zN<i7(X@t3$iwUcx`IVVG&Dtj9Q-pvc!L#VuA@`9v8`J)U3L&QPIzO%g<{-r?olqQ9
zoRX<IvzO7Aure@w<w`Nbq|Q5oKTe)M$a7CQyu-%T*|C#|%b20xb%Z*Owk!{h%Vx6q
z(p+b4I6wL=qT^TQ>~Wam+vMq+b7!rR2-#LM=vq(i26f^2R41B2BFR@}tF_qrKuP_x
zAHkeib=WQ$)k<&t6Kc1S(6<{Hnq?;rsNKM{-O(~OBh3c(k3NJ<J4BuR8Jg+VmmD^k
z#s~1!CNj6ge}ENAfmGC0-^u*yGW7J5=n`cUS}G0T=_$Kt!!ZAfPYKy6#gWkl>224<
zK%9<+J9C$(dW<TCwql-t&Rfc;%q2csX7|0b-GA(z6Og9LPz8kySwz+P&KX9Q@yenQ
z#QP#rH<Co7-FI<ocVHUcQnt~5I*_!Wn6_)20P5Ih(g`OKjx&g>zrmT9|HdVP!L@MP
zo)v&FX7H{nZy?)k!-Cd^tjbsRIpycn3#}&AHt#Rx?<6W_t2Cc1u&cU6nQl1L6RVBB
zKj9UnGdayD*13`Bd#SNG_%z1s8J%w*HE{zamVP~hPL=v?^@Wbt1HCwUqj>q&FKk<7
zBVc($Pii%pRDhenD(1vj>JkB|Gc6_MYFz|#xw2U;EmlPlE*CgQlg?Yc81O_9t&u_<
z<31w+7=?3INtREw!39?k?Ya+-+)ONib+k*nOhx1!zIP96KEPf>V{|_TKt|(JVWZ>o
zwCymCS2`==@-l^(8p*(b*v}<9^K<v@?9lD<x14DpUcI0|b_l2lPd-*R`f}8C`+Uvs
z!P+-^X8!8f50>Uoh^;$mTYpFMqmVNHoUxX%j1{{*CZYM~-y)7ANr$CIeS%FQCvr9;
z6*wp`L}FViF5?{oHIrWUgT=4aA!%4q^)e*gWGN>4!K=3fQr6tUmKhA%J(On+@TUWc
z>@FE5srDrIIC9E$#D(-^nFHLE4>-UK9jNZZkz{5NCIH){{lRzyRWE0|v5Qb2Nm&ie
zFqF$3=KFxz7Z$LUMX6{t6UPVjE)I>vz$g&`aEOjGF$&XpyDVezINDy4=I%IKo|`H8
ziVHXk=Pgw0)$CR6pt9&u;|g(6f(e|y7FVO`{A66)sO@<hLz|uOv(D9FH;>QpVjrnz
zI-e>J8BP05S}eh4rFPW&WHLH+wX{lvHb|ebQSq#kIX;yn`RUTjuNM~tc`GH?sfSo6
zP3uYuB9X}UN)%!c0K>)Qw!taUYJlt$F9?s?dc{v0Aju}v#~cnbR$@NTzr=zq<zjJ_
zLM~(+VVZKDpB6$8rN#H9Lic<hiIIo;)XXEmq;Q9b;_n;j0Ub0NccpJwhThTmqz2<8
z%jyK%dYwB`MAv*<#h79|%QvTd&vtOqwWJdD>l;4`CImxha_)UAh9rN5fg9?(2op<l
zYu77i#p&Xb5Qae|TCXn~DP6k13R_l&uktdbX4R&LjT?$rb<ziIO(F*K6^>(eb|v1+
z2I0Q|N=*GaHQ<(?>Ii=>$R8%!H$M?D5j=+Kz&kQ}h*SBrV6P5mWxZEQA(Exi)L(~H
z<|l#Kr~n%-JQ>0|2auc6)y75*f&ZYkejXDhX_Z<0>O=1KQnh4!?V`<#6*uBe;%D|d
zzkV!$^}}nMAeLW{^Z!kgIjbdLQ9lOI#7jvhUS41M0$!}WoiE>L0%FUTu$;&XnX5b>
zaI!4;BBqD%iJKkkk)91Y@Dgp3tElYz;YA6H08a#dnR!zh{4u~7yaRYoKaUvu>s{NU
zc?>@M%T15OdmVWBHTSvhA?jdj%=}u5%B0HA@<OTO4V2Zl5*Ay9JcF3nKBXI+37@$H
z8Q?9w5$kg^8+TD;Wnadzex^PN`BekSHa!rSKK#}GL6+ub;u=7{VXn4rk<KBMUmIxK
zy^)Ty&kgB77*k9Vq!b(;PQRa+z&$U(*$+Y!@gPEM5cMWkB<C%P>PfG<hN~c}n!WW7
zAcWf!*8H^!^K%);6=02WD+7&Jh>=~;IsgS%crLt8{eCOGuvsr}mV<0c2y>)J`IU-O
z?U&T544%voxJT$%t-lVF7*a&V^KuEc@lVTCDH4f;lcfa8+|YO4aPyQ{RK#GKdLAEd
z&HU1?kx;fTPs3QZGC%r6*@3hftunS)O4itTt_ib6u598*0hL~J<>C?(z;3o`L7iAr
z#Vh;61fiwPyR_eU>Yjjn(qg-+Y38fk&W52sYMGDei}<CTmDqNN1kzCEu_fi^Zug0K
zDTcYZlBEt5;`A~nje=UA4hZox%`8HyzoMr=W61Lpa07T}fOBc?QE4*h{Io!Xg91ZK
zi(jTYjy56(Y7V5i(ic!td>K?N4Xqvw$OO2QE{c!uf|5x_$1Q${2j<rsZ4U?`y#J`T
z9-a;paZI%@$@sHfCCp}W?o{DqFjA|0__7bL8-5P>^&%U)8lS4mpl4eta<vOGJF&+(
z>x?h+(VkT*{rho~0bU{$G9r=MlH_^Z9eIHkB_b#xHi}uh9~(vx;|w1!g-Eo1nvsoL
z;qfe+<{B$jR++bU)N4i_U{5rF8`w4lzf9B7dYMgNSuTB;&k@$<_BUjfTbPXWV1P%g
zSOAR{6QERwW1{MS2ESY|hZ{9X!xa^jC5kGJT7-|`D>P%n`ySV^=#(PSyJ<-W#y4jK
z2!f18J_?2OLm<7>zPX4!uN9JMa|;*vO<1qhR@3RM$^3D=vcQT}I$y?FAPn$$GHdc3
zc`xm9-mpjxMP#;DbTkuf5qOO7Z(?v_ix42TYZ8V%4_R0JeM$^n?D8JbqRKZwi)W!W
znL9cZ^0yZG_X+jEm+e@(*!9@gdDYERRTfywi{uN~pFcOZv>f$h(rU;ho^~LSboVQo
zbP8Y4nVl}Vc(q=P0>S+06&SFguINThjJRZUF$Nj>xUSY+uDp$H>Uip-b35-h-ZIt2
zPc}@n%&$Of+?%pi4=D`K-@v*Cvh&#-Ld^ngKixGm%d<6Ycn{dqSSa>N%^8X_jki>$
zyXr5Scq?cM2(rwspn7mN_2Qt5k+*Z2IC-3P2XAc_g|3{}!JZQ|EZ1M>XQYBSVqn=+
zN3#-c5Duuc=U`#Y${=~X-?21;<H?|-JS#A0F#V$~X6fXQQ#V#bJ*khMO!P(_tQhtI
zjRb&RvM4md)S8^KgI1Oq=S=mI06P_fPLXe<CIx^q!%U!G<PT_JHTBWnb-O22-^an_
zKceElE;3-+JP_db(%*Mh3U@k}!B<}I#jd(22ydmy`^5FR_BTQ8)4-rxh=h0!EaQ?9
zIk(7T(|FV&OxzBgN!l+OB6+1oU$W*7%iuMCavYbL4Ls0Ac%T!N89I`b&becN^Dy91
zK2R?1&OH-h7wIW)^tG>dO-dvLn_2LO)Tgb%rs_6Z9*`(b`P>6)gdV@xU&^{EdkW<R
zm%h4=2{sZ<;bNlR5?F51%4U@Agf81IC)%yM7#k%WpE|m-swK2C0f1=ZSZs}U%GRJ0
z?y&B#;klZ|D34G`hE^c(N-BEkOn+IL1i6^!dCc<2W!G6WKI$Scr(ddNPCL6&CaN8P
z`s<(~Cv!_y)mwEC@V7$Sc<WdpcGD&+ksExCroj$0M!cjez|qNfz!J)pm7Uv^W#eof
zAQ`VtyUexE^W(<TqMKaZ0gtli2_s7#u#PXzmX2f3NeoB~z@NQr{7UFRQ5#F<n{n9;
zlh*EfVr8j;)C<hU5PjRhx9VXEaPp35SP@~*WfEqHIv7-6`|i5&H4(XmYHU5MK#27|
zEFb>3<6CqPRCB@9UOqjMN$M`UcAy4BOf(~rqCokC{XnBz*8!2FQYOEefI9Y(!?1HN
zzmm>a>Ol*<xJn+iRk*pad~mNPj89=w+T~2)YlDgMBugf{b=PXO=hWcX&~-62IyITs
zV#mf?XB9QhNA^c5xfiCf7$eOY0zg9!JM>yzGTz8Xi9G&>mgiBlEH`DQw`jF~#c%=B
zkxU@EY$X}MdiE~1RNRi~dvTY^B?xn!>}$C){07Qh@i^qT^XHTbb0lddH&HM)ZVg~+
zgdj>XAyp2}64lBPN~iZ&4je8AbisovMkDAR_2Z`}Al+xMio(u}op^!kmr?Qd)w1L)
z&W_&=Uker)mz9m9re3J6e>bDSVS1^yiAB5MJmoqBz*fI_&3WY;pr*O+J%Z-8G0IZ!
z^+(TPmCRj;JHbgh57QlkJ8O1K8dm;jS60GNVDI$Ksnwj5!6rn{dYl}*U}**rpia@O
z^mO*veq!wwzJz1ubZ%DPN%!FDdg+A|-0kVSf=~avc&(m4>{u<8I{)%SszhWih$$nF
zH&Zi0KHoAta=dK}nt?+lD<RLymzUY5q<j9|nxU}a0}lrqm&r<G{t!-qGeStPhu4!g
zrc6u6j$%t|S@-)1q46~wyIL%BQgOEL%2(t{_WJaq8^Q95E{80|_yL1)J|%6#vmc}4
z1~l!~2?%L`c`v;pW$Ez;p&nm6*~w4P2|O#@z2{rByJpEXaUGex(S*ZtYEA0=5n5V~
zNG#K!lG3*O;Dk=l?%H-JeZ*S5<GVD>0-3Ugsf_(5s$qHSfN@=#g7>587RsWjG9J0c
zqdCEBFo=>S87w@ltz(eFBB=wN9MlSJZre@P$v7iIc47vK(LzgKi3&e$Y+<<*b2sj@
zF!?g1-_s-+4N#`@yG++?B%Y%(o^L@~6&vxCb<QF4B;3<?yJ<9D4T`0<js^C`XS<j_
z(&#1UniN`Ta!*ekww*th6fb`_*G?p1sW=p6l%)9f`7Vs`%@W*)Kradk5n%loUN#hN
z9s?Gmx?;|T)%29x6)sbSD<WWQD#n84r)UU@5322Kr+FhKV`Ur)qi?}+F5Z}Jdw~tP
zjda`Kyz>@aX`Pi#k2W6sD3e=Ry=GS-*X|8YVX%(Wi*pA_QSM0O{8%pmojR4&I2;f=
zJx+>uOV-HgZvHXCQSeIixJeO-39}l#);*$WUaX*>$0NlCieM~XakEH=w9V`4v~((i
zbt>a?rf#Y~%EM(=oKx2*ibqj7$iPaCn)7phcg3{`j~;4~<EuBO)6($J$#P?M$c$~2
zk>I{fMarB+H-ovRLHH}sN&Kyp%I{JnxlO$p2<O#J#mP}UfxuCGre6ew0Yl#96@byQ
zW6IdgYQMZ%3d_u$Ru4Ap#kg1NnU|#JlZr_|TQ0LmZLnohEG`|A8`I*5(t1jrp>XRB
z(~9Jz#Ex;=2pywof`15YYpz#00}pibfCwoNhTBf&jSnp0*{_<z(ewsWrvQ`M;3K)x
zkc2}_0<R76T>4d^S-%NF#1Fr1!R-NYIL$gS<RkKJzMl%u1nZX>UPDxxa1MGF<l^il
z6I~N(r`xxOg?5*Ru`^ksjwn?u*2uKC!Fj^mu120w4Bc7M8;MzgsN%0L2WxxK+x&`#
zkCpBb5snm^ig^j~^p4G>XdxapT2$d42sFJFRIXU1A8brwoC|h24>eL#zU8ncp8YHq
zA<LajiR~6G0%}83cafVdr|ZUv>-xm7{Pxc?CHQZLA*awoUn1~J9Y$&Dvx=oqIobP<
z6%H!fKY5U9p<uUTQ@c*_dfa!lBSy6RaZ9zGIN0Rc>(j9N1dzB8uqM!;%SCP+ihNIO
z90trj<nCS(#uL;_3ObU_MQzlc*sF!NV?(uISs27VKLA9}o#ERHx-5vax$I2Bb#1Pu
z;ogAR-zKLyUYQD8kLXo(BvWTqnVpgKYd5Td!Vo8<B)y8i;u2)-kG+2G^e4RH6Gusq
z6()vQo_HJr-mZLM3oHn|u0!GgZUzmOfN=?#WgXKI%FiQB=Ac@bKZW}fLxRNFxl%#8
z@fYk1${><<-7j4Q`rIWWY}GPbJQwBGH7%EJE_)8@uV)|gTSS)hDv}EkU%&Qe3>a(_
zmLw$_n;H_`o|JcPSrZr-sn(d@Wk67V(iOMtmM-KUv<~}w3q?8(fVJIghCNt1jGqdd
zeTNAa8cbkwl>(<->SFXv5(&3MMn-ugyT}*AWce^<nk$cKH?7KjO7j3KsHzFIlv&E|
zd!$2LEB;{ZvY5avE9{cy#%e<96z4fdQcmon4pf-2b1x~8uIJ8s-7N_^8U*yt){Qtj
z>|Acx2aGnv%_cFORoc^5(&V5*e#prCNKC@l#@WLumZ^H8mnHKM$Mc*5dk}vaSx-hg
zAaZ!-(f6I|l}@c~08;R-aoC<diDsBe;MbV+2ydm4sZ=^@BtT}v50YM)lUAW$JdT`c
z5qOnoO5Jwr_InvK6~DkPDD!j_G1>#ID1t;b^e&T3EmA*G2=zo}!0z_;sos9GvwmeH
zl>9RHD#&zEH^*NKbt$)_3<9|=4<hBFh|rSEYi*RK;`9m`3dBt7{-IC(Nxf@o?{+v)
z^vac8?AkueH}MpWsy3mS$>uManm^cf!e8R%xiuAcu<nYKQhQ-ool8QP`|<kHa<}mK
zq}5MI%<VU&H{Jd-`M%k4ua9y&!FM?8C*^~0Dq3k^kxQS_mlvi6ay!pq)3kpm+EV_A
zq`0>Ml(2dT6+fDb{Fkjg%@O`@)vO?1sL>;}V4OEX<*$)-cm$<&UR2WIfhaI?#7!fv
zp&@#_Y0b(^LB9g4cy3z%*1cyE+q_L=S33crC}`@(M1)^o(v_`CoB1o#0hh0ccsPy~
zAxwf-Y+GhO4edq=wP_eu_`}r4Ym-cuNdx4ux-j*0j8C}Z<PFd8?3I`%CPExL!wcgM
zg3UHt>x^Aw<8*GbCcD;-i7bTK&wo`gO)L0LX7+au=bpJe%7C_6fyR)%=q`=C;Pco9
zl@yf``W)!T5h<taE=ToTw0xT0)-82UVa8l*g^7Lwko2VigS6Nd?I}K<iX7Xd5ev^*
z1;ce4TiE>M)LyXdAdx>Zhp%or2|Z+4kc7S3VYgmM1Q%6oI2uLgFc0-7r|?7|Y9*y9
z=?E*FCS%0MyU}!1DyVw!*oW&1`#ewrEV-u0V#q-67ImT8kZn~twk|eQo<Fj67w?tQ
zRh;BZeq+3LveCCuybuG}Bkr~XYd>$cAomN-6NW#MbOv*>VnEl9aGd?Bm#*j{#%}?0
zZ%k9{LV(%qtn(bqStyy4VzZrT5vhs7+WFBiG*{pcmI9?+!`tsU^JDTZHD`#)dMp<e
zP9R*eHsZR+dZj6j=P@hYrWEfd`xyVJr&$a$k^~CYi8C~c<|<z7k}9v7XH5VL=$f-y
zAes;>^AeNT+_VnT+agtgUL_u#Q{!|{!P<6j_8ELL$+%^_H)SOC98HGxV+D6=j!lYO
zPx+)Rw}Yk<rx8xY2u9H;HjtFIf*ni}l75{l)~kmumxi<g1Zk0B2%$~)H2K&IX-7Nu
z?0FG^3s<9q3i|rzox3t&#+c|=t_|kuI-W4O?3q(=)S`|DsD4bWdf%{S!<#q#Ca%8r
zVC_%MP*qIx>L!-@Tl(#zMdQ+3Y69wMPswLx+cNnX!Czd(m8oofM7BPH1$n0fD#5&!
zG;s;_#S7Q>efOX+I#QyK5)SStG~(d=3PK&R*RE!|>}J!N$j{3rV@$?L(Zj|pA>0v&
z3+pkeLF~%lob}RfRgGemAnt-GBV2~1qwH!m+p5uKludY>zk5O!bNd8n%#e;B<!Xk=
zLtF(3H;lk*0+M)_Zx&Z&5CAPrHa{`|U*p{L&eWxs1~M{&RhX|dPCMitp_nz0A!~sB
zKPp4<3^BGp#wqUy^oh-Bh;!DL<_A9+!C~17?~u+qUEH1$-;y%+WnyoX##y4Ul4RV%
zRKYTFC@l;hr$x_SvE*ibNB2fEf<HsX6LZ9%A_kR(!HTN#_fSqutDQso5=+d|Z+S|q
zbxb-uiA$C(a2g?M=K7zYwJ1?`<*h4YwbVWC@tP*52X&H9lX9L>t4>;W^K0HS6Dx{~
z3H9$i(2B69MeMg)j@-Dc-?U?@FF05p!96|`<Li`C$GU7gq7;R%!=l=mx)mCs(zbV8
z%FHX8gPW*5#K=ahdPqX_g6v(19SV@XV$Bc5?0Fx5WksFC)X<}DEoUMIJpQ;{W{(D$
z<!ox0x2a`S%(iY5+seo(+>b;D>5}?Q(cL2UxsQM5AgacvoVg8ze2Y<2?!pj-a0X)$
zr4HS6GJ3PD7=8rQ?Zlj3aU6*tiuzHW*vhiWQ<+2DQv%xK!zOpA2S1o&-{$Fm_%8l^
zac>?meH<^r9-n@MeKGQef_-muzbG;IGz)_ELz*XP#0F=fo2%?&t{5Eeu_Fi7_2LD@
zZS@H^Z(x$OXN4!tH+rVI`Mui@DP$OX4#412`2Ohr_&0Y$kxaRvnu6naF(`K3%X0iF
zVAwq=Hm26Cw{$tmgbWY#v~GgbBZ|%TPLFo1)AeNdr{!rV{RPbN^Q5O!F8aB$DTQD*
zCVG=}&e<9csgJp<+_HiJ1w2PsgxZPq@m29KkCWG18X1O`<v6S{JsF#!l)>+StAZmd
zk?*Svxkg(P?~MB^r2tM12+Nt(c!Qs)a^^gnPA|6xUt+&QU>HAYhtM&3qOZ|FgoF&r
z8Yuh<;X*#JrGsYS=C$}8a7cPN<dR$Y&&n1=G+7Th$&F;V0E&Xn9@vzufs=-uP^B7v
zUJm-PpntDrLmzGlAhote4uj@i=3jDr)wCy+$53(#f>^#ja&ihe%1J9T-woStey?90
z=!_z$sJ7enm|^<F5(K*W%;PKCWZ_wx%zi~70`iNvxAOx0A&m@u;+Zn8!N1s4_|OU`
z>e-sm#;-p;`+madkNC(7<XT$&<n-+Xc+iRB#|60Y;RFU~?a|0a?ZFH-{pR8SYC?R@
zsWSU62RYn^H~l5>1uQ_A8-Q`Cl4b4F>J!})_>3cM1o%z;or<jdgX>c!0S?@E_FJ$d
zZtSY=HR<On&%Bwp$urN58Nhd=WDkYUQP1w-M_d2*)HDsnS&s?Wr}Hh(O#qOuY0KT~
zlho}qGF*6%4MfC8IF$U-e9vPHC<q|WHYx@<K>lLD%nYq}P7Kdh{&yu<`FGWGNa+`w
z@E-;1f9`?$eAd`H%|Gh=7qLU?55ufvoGbS)-k$a!LHK`}iT{VT_ZKPg-w_l4N3^{Z
zD_lBQQe%C=BLF%A0yG70x)2-vdVil<eh?RBeYJdTHFIroZ-f{Fac{mbA3pQ!ln53$
z#r#rM2A-JFnMj=e=^%(Y%ycuXjN3!sED*HDnT8n#{b`yd2}<!P-HKY;2o?qez;jCS
zNs7@4DWSzF<xCy*#LThuWCiuiKG209DNHjAjQb#Fq|{;)R69(J4D_^g^t250OtiIz
z#t}4&64DYuvO|@;<*W&EzcAU4`iNeI%E+wK%Gk(;tY3xN!ie14UdhTdrK|h!Zu<bM
ztEr*E7>Rpyef`J7`<ee6ZSOCx^V*B<@Y^5S9u)ZBux03t|H+p5H$3MiMIT8d7vvrs
z<hWDB-bB24j7Hj@jw;9?PQC>@>g<#}ioH9Bt=<wgjV_Pg07@pdN)w1D3%kvR?Fjv-
z&6Y@+d#S?+TB;lQc6RJ@JhI=jQc{(zL@VJJ9xhhOU}riWqnpp&&s*=E&)nBuJwZJj
z3CC)Ln6<beq(_?8()w1y;)U>}7-U&2`g_)tx6!|HCVCR*!jSpT4HwyIN)iF3Gj#Q>
zav!B~S$F2K*MgnU6?1RGLSjCspb)g<`k4*W1rytbgHP9L5pjfLOoMg2zhi#;3@D$Q
zvvm|MXJKzDP6ErqxTd84R2=zYX?U?kp%4v4hjE<Npd|$+;)X@8zA<C1S1~uVI0T8)
z!wQn(BmmO(i*<7i_rMC*BRvw4Q#@Z;(8nXcP(wLiQX>+m*qpE#C$DntzfQ8(>})K@
z+?(dNTZkF;6d;5aVv5x4d7JXsfK|9uqzh7^OApIZQvs@%8Jl3jV0*(rQOlpTZQiYo
zEY8yNlx$wY7@=D00nuTg7to1>rs6K3d7*POKC-0>*XMxeRM-VuCha&$#nO@bP!B8f
zKSUItB3_yrog6Gaj2H?1#llOAoCXQi+zaVCM8U63Hqt>VXQPtbDw-@qk3`s!WhMkc
zIQ(O}aHATWo>NwQt&ot8`QjTKV>0kq@6tIf3~gYGqCzkljJYYKC=oZfCi0X8z|eqR
zSpmzUY_(M_IbHqyLieJ)=viTpsn6?;xY$phj9y0O1R@?6y6?%j7YceL`b{%&9p)Y%
zDRwJo8_BnnFfH_gZNDHBn#dPqkgGoDm@p1wI>fm003Q@=Xg!c9V$B%}pU7W-3TCAX
zVR;8Ih?Z*-SUeCxRFte1-M%3VWp%ZUEwC^4UJr8)&JGhm#@;y|CkJdpI=DCxe=qm!
zy+$5J$&fYHKa!-?tvam^5NlMPS~p8s(T9Dmig1kijLf7LnnZP!ce=Jwp&pQnj2?b*
z5}0ELP$Gc7ZJltk4qtc3WpTznhh>8Ew^q3j19&RR)dHfP#~nE7>uX+@9(7Qd*d(7p
z8R%>I8KFmV>OJl2N6^?6s7Qv5RwIXZm!;O8&ccnlTw0lft9gW*MNzdU+EYta@$&Qh
zs05(Hkj+;SFzD?$%})9zXhLyEMMXnLPtuj|akLLDdkaw#vI^IA7E`W}OwYW@gZ4+m
ze(LjE6Sv7%$>Pe<x}6P-*t$#z5E6xFqjmIm&{ahN713|p{;IJXZK%|yvg4*`35(>M
z3Z2%@`zt&ZB|C(#r|!6eOv=vXo*Q?cqe-0et0EkXs!n^7vg;%FfdPd*be5;pN|mEu
zQlbsRroi6YzhkLOJVQ)&bu^OAa2_qyIJC=pGMy-NpB_^zmuFGfMb>XplyHh1(kkk#
z0?G_}BGG|CN#ciL#hhAX7Eb57(~u0LJKo$rWA`nMM=iZ-ExfyIO-wFGwyINvljELn
ziuZV~*m|=td&j%CgSp?X#P_S;?-{yTJAH^alH701X>CZTaip-_W~yOJ;4R@|_-Gdp
zVnB{6=Ha1(*f%)$^IhS{#-5i4)4*&g#rg*32oDp%2yTKoG5KqwQdeph^_tYjD2K=F
zWekw4$gPVsvJNe90@+<**ZLFq>2K&EgP*{E@qttiamU#Kvc6HXj4D_XfHzB6B8@lI
zMhN7|KDbG9mRyEyu^>BNzWod7@ama6BjisRZTMUEv-v;E=)Yw@TUjC*VfR?H_yaRV
zcD2&ZLI`Iywp}#=A1^hPEhTl?C>6A2y2x}GTy9=wb1d!kB98p-Pu0r>#uql!k(8Wa
z{m@M%FzCx|B_)P^9>Qgvj8z32u5#LQpkW$vx*7Gcf8MzN(8<~UJ}fT=YE%1__5+)g
z2-{P3$0*uP9x({dozmu8a&0Uvsz!&sN!9K)hPe__?AUy+Sso1v2-?vB8r%xB+}|#Y
z|6rov$6)Vlg5R%04Lp9Gx^nR5K*S095)(2N6U_D7&0>ZaoDU*9?|QSlazw3SR4t4=
z;o~DuPQ?#uh>29<AW&Zn+lyrBU@$D-QgfyoS$#Gh$6Ni_cuH<3wKAO!LpD0ncTY=j
zl3K<eeI*;LdKjBoO0xJyX-3fBA>)RG+Dtv66rz<?5I2q@5#YQ~@B!-C@aqpcr1Xf|
zqJdWRc{L&AKJs{7o3YvF9IJATOGM3Ksa^OKfO1TEii1BF2v~teX`}XCrLzVO57)F$
zERC_H9Nm^1)`6ZNJG|2N?T2b+7dQMbYI>ty8u`jN4M%<VPtAWcwp=>11rV3SY3LLg
z61I~(YbiV4J))0i5NU%%E&)(Oin|X`R{1FEj!2rpoL&{L1rrCES6s81uXz^ighf8A
z#0DYy8;`-Uj!NEV#ypPW6V-8|oo~VlhH_IwgOKs@p2S(y?%uNC#wwCB(CO*>Le?Tj
zq5_DX_3wiTYAe4Gl7NY=NQXghyx10ki6??!cLKC_{pJNk?Lr%lF6C7vRofGTM<k8L
z6T$^iO-~;WU<zDiFNK)FmnFcLlLC%usthG1!ymI8B3io36RFK0J~&0ejqjw%gRKZ-
zS=NI&JJrNvU*0Q~Mn@L(<`@SEJ}AY#p$6*>F{U)1u`$R4D*Z~_FU@MG#r_$Kp^Ha^
z>IN^k1B}08DqF$$Gb~c{w`$IjgjvhdLXo{_Lg<>)MPo#M;u^Rh3d(I4`;D#l>`V6i
zVIM4$che<hox93aT~^A}qLOwErwC`uDbd&SJCB=%)Hhr~{*HQ6h{v1f0{6?Rz|}=u
z_g)JWT*mh0SY_Ks#WW#Y3U;NAQlb@B7Utx)F8+I2+tu|F3*6ImYEM|DE4}+p%V$DY
z$fintr={z1v@Hc4*V3=+_wM%n_JJ><1#7DZsVs8N&)KMCFz2c0-N6_$5f}os>1%_s
zo{4kd2H=U~0fOfIpYtr&SQTXr>h95KHC%PALp~o5CA)W17T1x};T7N3?{3el8fe{F
zC#0!uh)u`yPg5&5O)sxi&CA`Hop1H*m60p_HR_50!+W3pzkiU?Ns5aPOvTXTe#FsE
z%pUZd?&wnTPqesWkP5N5a1o#}X{^FOEX^}FS558fgg!@b#tVTbP^J&mz5GHCMg+G;
zk6pp#Rl-0PjobUcU7~RKiM>5!6*{s%>ZLNx>|ObwrG2KhcW~Mvi6~Rwge2m=B||rz
zNlCS7l#L;BvtVR6(Pt;XV!Tn9oIt0wN%ZchJ-8n}or%mN#eyXMnjp1g1CiuRbnVfS
z`Eif)U;AxH+Y))=Te+G=Pyhf6h`-w!(*Coi8I&jK{w4o1DAT0m^{1wx`_yb=Gs3f=
z2hh!2`i8D8S+qExgIh<^rAj_gk@xL8KRa`^)@*8xK*E;Oa)bP^1ZJXTkQ0O!29MW8
zZl(+bA;8I)h4A+m`~Xi4$I-ha?sl;fvjhIRv%0EwxxW9%uGzltbo1JHIY6X=0X@Mr
zj_4$G2Q7}3C-Yr0DATAOifUzcnq(3Aq16?@!TT#-8b;#SFexm246<pAKTRo5lXOlL
z_`N2aj9dzlNNZlh=SN(Vjft**Fmtgl(y5UWeV~%;Q4)W$^6Ztsvmc#zWZBkXbNm}x
z1VyVnMl!SLq0oIYY6_MD?Zgc|ZMvGDAIz}pC)LtX$(>$+v4bbbgxny1v|KpTtx4Xm
zdOOkIU)5$msAwJ2W{g605#(k#dC=?gGp72VK0K_3OANY(Rj<i?5~VG+ilFzk=;moH
zx%3~g7|N{Dzg9XJ%FlUli*~4SuWAG`g2|)^1)c|H8|Q*cLSSzJ{9ot-02wrUX(^3f
zAh-7&nvIuL71e@nkZ1{<`*Ihd@Gxj8wMhhCvK?A7@hH)>hvG^wGs1*O7!;*U<OfGC
z#FY~9kf<dQib~^zF~%@;d$*XQR0E<ERYq&{rA}0iM>xGFc<!hauJ(&xbaCxslH@2U
zM>IGq{dK)iLx!YRtd#rpi0Y|8etd<tfG#fzsObsiwWO60LKG!P0(o?_kjpMQaQs+c
zQNWfUqlGxINfEk6hNq45Pa#2pBVrg^aQs#mDpF+CNX)fmu<}x*dnwLFpg2?#LSz<A
z?2V;QWKAwk1nSqfa6{g}mKu+hkF$&C11DlG$@*Q7B&||BpWOrjw)rbrFPBy$sjJor
z8l2F+5^Ih-JwVxSPtVEHbnV-(E<W_et0shsfW#tKGW?3e`9AEYSuW9qYj+h93J9@8
zz3Mc5EFRNfIv5dj%g+hGpQKRgp~~SMuZ;M$zx<L=OsB?qDaz`9ml6uFB<ArBw2?A~
zKZKqQ*Q#jKj4Q%T*E3@uSS*$T_$hKRgo3kys8g$$dKI#dRrR$d_va(dDAQH6WuT+T
zf*s|wWyd-cAlq=Y8@`9#;Ur(tba;98#ov?d(<@U>cDC0&bp<_4V1#gx97(O;T!~ow
zs7*f_LTfa#blr>|2oxis#dO=T-ELGHSc&m8<(Q92j<V9a-xRUGyuN#IzmQY(r7NzO
zad7T`bVkyTAk|zX!Ezz;Xl){_dAUsuf|gYGw=0qOsP&jR@lMK^Y1^eUOSDNh#Ai?D
zZ1TJ!Ld85jtG+2aMOAj(Jj$6Hdwe84p*>lBzbAkKZ-dcjU9`^4K2P*<n^llFO(FC*
zx@%^9iZZw?by&EVjY!_AIBm5c6+bsVxuAku!P%UCTs1^yb!nNUB<uK?q`VL8Pnwht
zeNV`=9&JAj`8CMoeYJY6zjPox^n{0_X;QesYeC75wWRanrWxjDpr}@frl{=c1@E-E
zTBeBr8j#aw*nxo)?zB<ZWuu6eqvDhKtJpF~&lcgzi2)xQ#_bC#;%kw{@-yY~H*gZY
z_iyr&UqDKY^DQjlGX1(#XcF6*#z+GRU}0uXzZGrRZDVevqOZ&lTA2SWgP*`TZdd95
zgzu&6vZfh5?6*v+evOcHs5eTu<6^YlkcCAgqYDYi@bM^p%u3&2&rC|52%oJXX#-g?
z74_Cd3{#ra2sSrPIl7YzY8QEHwNz^S!-0uqjL&b$<FI!SsK=PNF?tUuf9Xq{wvi39
zvOH={WAl^hx7iTM4B?Q_J1@jrn8qULlVo$TzOs|jYkzwB*|FB+v=LkC+SklcDM7nO
zpKQXOz|@^<11cycL8stYqAXOvd1pU8pC+{=L=b=7y}Wv+g8&a(|NWfUNkTokpIN~+
zt)V#PzG4o@Y^5MH1kJz!J?Xjn?0$i0qMLYA`{PLHiJlz|-O#yn0}MLgUgPkv<5dtE
zd-o$MNfRo|2M)0T!|ur|70Z)X$&1l^&wn9=^`DMRk-DEb)Sqt5-%nCn|K}v7?4Op*
zU-B;i@z;#>|8SDh_&+BpeN*G&BFK7D2UzIT`gm0F{5dG<DCKG>nP`Z5LPzL`dU6MQ
zaG9pZhcdv(<rFj1az+eIhv9aQ`vX;BCL5zBU+jCO{h`!P)J`z!j?vDEP>D=xl~hxQ
zGSWhQolujGk_?ZE^UX~trf8_drH!P<$*87wfXoBNF;6hk?fe;$QwWbxZ!ps_FjCPm
zQq@#bG1cfBMzD@fiAsv<{Z95INn29?^kjJd7d;soZfx@Z)|2_mt&fRQE<S$_6D@yx
zn6UmQ@ctXW{u!l|#QF<(i&)Qmc!}2;4F+(}+9~)&KEbG(3JN0Q=O(?_ZCq@2`ya15
zpJ7Qg^!I-_B+v!XWsP%F5j#*1v(8cphY%9K?|=zJI)F^lkM5yuzz`)fk9%HM!w9us
zCR~ST*G%8Pb4|Z{d^PUU_p~#X(#!ff878172rB7%HSz;{mXE>d(5O0f*>BVAw`?dt
zz4HP;Q8RaG73KtRV!`L*_g5#QbT0uBQS<5I^<GZYaU%HF`$2|@?gmO9pdF%DvE~mO
zB#CM2c#yCZ3KwYN@c9Fwl8Ek<su=@ZWcK!Riz~4$-T4G&y1GBW#j?qG*D_aA)KLd)
zAu0=E)c^SPYF23Y&`>=CQgJJmSJhR^*2#r#4i_?Dm6tysM5Aa?<g9VlT9C0W1;rSI
zTQHW1IHCi;C+KHi{KF&HlZVyGj8#|yaVo|g*^|)?gl|Z+8NHKR@*X>?5i*qYqP&23
zJ3&Z^MZq7lKo*Uvq14_>pGV#llsOC$8CKU5bmkX-*?zD)th$mQ<daxquRMLCYjoc1
z$G*0Gg2SMruAwM}yKpN2?TO=JY!g#q#g>weOm_pIq_Z6*R1mR{^6vW(Z^K@1N1kNZ
zEKxHU)+k+q#i;4g(g~*~tT9m<(qjh;n^-(H8ECrJ#jfgad7z&G9m!-5DzEfW^o{h9
zWAILLnYp}eAxB)&5388DNvZ0rrrBs1`>?Rmx~@q<u;RP6zv4M{U<zb|fq*q0zVgu#
z6u`&$5>&1$!Ix=3weLatFE!d^V~`=7Xz56f+1de3K`|Dk!fY895(<xq#9BDKa1|I5
zJB`@R@4@=E2!6d2zW%OY5gx8690yhjOH1BqF<%Z5D!^I(`FXhvG|dpwoxO5zyj_h`
zo$0~-=~eGq?dJEsaaHYMr+9xwbBm%y`nJl&(V&ar?(xPy^wD175g)Lh#IuQQEAuk_
z$@cJm`aAM@CfaJE(#hjeLy4wG(UaExvhzMe^zsM?$3aKziqoOq<!h71<~~Q>WX&dX
zxf3LED|0^k^LTKzZt1SfKtm=JO@<ozblwOwB0$)HFHszBcWuy=O<GUSfRwE*G{c|Y
z&Mz-nP^b(fEz-2+p+n=v*bHeNFmGXL^eM#o#yZ7>j*Bp21<fMp90^6?6cAYiGSUiL
zxfOjd3nPIv4V7KbTo$Drv`%FuRl3B%MCMmT_MAx#C4-04(E{iLCg@6crv?QY&+?0K
zPc+T#USbD_AvnjwI=ZVR^#{#L_9i?sL^6U`(<P=&<-nm})eQP)$L&dJ)9Ug?_i9+i
zudyGX!ALHCB;cJpl=C2biH9~L93P!RF&2*@9JJqFfk~;&JFEZ<YT*6G53R3iJsZ>d
zZ)qg4Zscv^*ct}si*$#t*9S;x9vh^o<IZP(*XEARi*Asa2rh@(Qj(lTfX3<0pVOoR
zLdIfPh`K|gm|ERSNlTHlV@N*h_6-t|(j)hZn<I2%T;<k(4mCPx78rc0PeA7m!EeeL
zx5-%Z&o^%oZP!*Q%og83{{<0Ne`=X*!B6df4-w}72@(IMFY>>D2-^RDLPTnM2F70y
zVf+UoP#XRL5iCjnONhwQccA=l5b@X9%uh~)R_YHt9Q}E9%K!7;3_ACJLd3s2n<;zA
zBAH-rOMOV*x~m5&Tr5yG4Vlj!a*X2Qh5=fJ^L0yCUHyN|-BWaA@%t|LBo*7XoeDa(
zZQHifv2AwHNjkRGv2EM7olO7E;GCKHpINik+|0$k->dejT~EF1eLi2?`mEZdO@wwl
zctvhiP%-pyFm0r!I7L`Bq)s%RrX{fB*ecSdY(?=32%YXyR!Br%sh+JXNP5DVFE<DC
zhS9F+d+*=J&t22ko2A#4U0XlfVM=ZkHARxy*W`_~Q$#@hI+_iibF3P!I_j$`oJ1G-
zl_5oMm%0dT%u3^Ws<81Cj9T{@bX^nV9Y-9rNq4CPzmjg#Z*;J4P6#5#peSSNMuB$c
zyJeIXs(~I9a-fILL%(gHwzkMkIi{2Ku<6aQ6n<H$NAQp^pRzHohXGKLU(8%3_1Sh}
zPR#PO;_~P#<IE*fR5AwFD`)FPidjr9%~^Lrj0|yy=BZS9!zPyHq3KE7c><-rh)9N6
z6A2EAurf4(M|?*qL&*43mR8BN#NRRzwiCF4kNdN@r-9aq%h+^wW0K~Myf_w;>M|Ms
zhF5+7@t?44m2QQVFq5_9xIyp_Z;$GkEV#l9%0$R19RSJn=t9Yo=<lIndVHT1ngO5P
z)r>v)_nf>QRzXJ=RTincg7(K2M{uU@e?Sb0UwEHSf`R$y4`gs(%45T*;ay?fGDezT
z!?`fhy*8-%9-ibd(DGQPcRqBvP05}Yykve4Q?VAtQ)Ki)H(G3&CZ4Dgtei(yMg(Kd
z1q=dp!LOKQS!D0vKK25dV1D3)XaW+w*1#G}Uf%ZtuCt>0)9PT@;|ut{2<1}z={_2H
z`yvMCA~5wHXKe5<KE4^Xlu%ZBA(fmWa_fd$TT++6%rrjwsmO&X0PJ-7A9XOZ+qQuG
zqL}>4ubv(kXfrAlb^<ftQ|jO=1bw)3YgqH{f;+>`gVQC}sA8UboVa5+LJ=^e_un7M
zkb34?-Wy+|pPYU9KxWRd+g_9|RwrLWO=Nsj@NgQn-N5`qLTEapA-Ppby6QYdRD~SH
z=-4Br2Bfh-l!W{$^~@SblzBNdYS04B(=JCtL&)5k#N0oV3TTmGbe|x>FAJ~S-y14&
zjZ|FWeM2)^;9({a$Q}j8)~NYCXuX2p=e*2dMzARgedL%$#MH@)al5b~WG}?*kR1E)
z^1p64AP9tI*#>V72bBc3@rC@ADYv~akPQ`~Z4N3?fnq~1pZOuL`O0lA@zuERo~BQr
zRq{yql6G6(zIDsB4m#w=Q>RrPOpyr}3mMG}Hh+6b6uMU2Zvy|ecAU;sMFeHC<a|%|
zCCE__@!M*-=4lYVPOH9qYk%X!7yc^gcn`;&b1{ny&ZO#^mdUDF8r(d~T-5h_eY#>f
z%q4o;7*#_;(r&NGwTFvyxVR_ce~)_~jgMRM5YW68k$;~o*0)IYuc6$K(kJgNa?^Sy
zTjQ{78Tv6%S@j%wZ;iWADC0&UXs1!_@9S<a`1vQrcj8hbcY5TRXVufqzmwr~Eb{|?
zQQ@<S#sU9R!dYkaS>W^7A+Un!f)@)_#rO0@58<Z*$4(Ba``;30z3F@cs6U-HN!>cW
zZF%Q&?ctcV5=SL9JdbP4t*s_s!OhbRF$j3l^5pqeJYVQ-TvPRR<bJ+J`z2kuVr&MJ
z3<4$#p^YCoyjPXdfAjg%$ddj3QqKA!W?GH#s;RcKm48)W(f%y}Jf)r**1w$NscCR*
z*#EwMrl#hrCg7IelCvW4!&hpXDp6s=iB#}@&4Q{&GM2X}SMNa2T6y-14y{{=-`H%W
zHPaGPh~Hmy$y9#F;;6Yc|56L5U%bB0(Rz0|EvR`qVi;gFu;Qy1b&=~nob#QJKK`t9
z<B3j#(6^7zoA&W>)zVw74lF0K_PY>J#^6bEsbzf=-u52SetD0ji^E*lin_2Zjd{}c
zE!*3ZzWC}lT9vW(y(m}6-oBcQV9@g~wkR#8l*>xM`7+C%*mZqy8$n~HCH`zY8Zy9m
zxCk9mR2$eCq+`-JpJo-{*a-eMw!9cobief6x7B?-;<&v^riwXL9gZXm=jqbIP-;2u
zW7;dDfe33xRi9HclsSGRrp!5d8UZ<m2k)N*7lZch;=#IeB|m^y7g2GgYs5zd9eNcy
z(~Tgf25;I)zzvd0YY~!z3lymL6a3ON@djl_bt9%vL<3n7Hi}N<$b^zq?P=)+LLMF-
zGK7bSOYLJ&J93H6VH;7tKw>sR?AA&3SyO0AeyW;pbnO}$<$Lw>C?!)1;|qP!3YQZX
zv9xMVxPZ<eK|+R8d(`6F?<Y<??Da|RI9_P#uYZ6rj;6$Au^epmNO5iFYd$gND{%mf
zd~POtw3TL20|jg$?l#2;f4HgFS9hw6MA>lklInzrAfOD6Y+r7fnLwkO)uYIB9ul^|
z-?D_(uBO1esyS+E@PBYppy~X|%tO%5!tbW!=cVc`oui`6)Ie<W;9Hc)2TN~Hm^?Zs
z$yd&|)$ftQ>&r`l@W5CtgOA!0zE#@Xk1t<BTEyKgz58{*$4clT`=-ymm3wY|MeyC7
zl}Gml_um80e?+T^IZm|yY2f)MTK(^93jYtF)&H9{g@2fpWDFqc7j`0-;KaztV2Z)S
zZdOL+4pAj?Z%(RaTB$}_W_psrz<x%Of#RM)Lgw+|-XtKEns#bp+JuE|Km5kUNVqc0
zd~L|whs%(v7lPq|{vl@NKKc<gI*E0KmVRPyQdYEwJ6if)n#Dy$si^_uI31Isq`vqt
z1=GS2w5it&;Q@Y<QwTRo2Gs@56Jat2UN$CXVj>m+AtqyWKbHP6X<j+sl^HLBamq9$
z95TVnQOZxrI!edfT3)(N$4|-LI8xu<PntG8*~U@Q$1$Ly0<Ql*h!%F9;ryGx=>HIS
z{)1>Kv=mP${$r`M{#_XVm*o$82UD~EGoS_aUr!tUZ-Ca?-JOc^KC6l_-+w8WwfD}M
zm5B}hdiA3Hi0ZTJ{*PqV3j#rf@5B8++}?j;E|!YI)c^FU|I?5Dx2OL9Ip%60{r@!P
z;^Jnq{wL<1{hNdcpBl3x>t&BpBOwsq?<9TvSwL@@SjbK>Zu$7LF@V~+@sXm+NVU9^
z@UjD<p@9_!z)dy)3JTel@WK5LAM1a<O!|y6EcvYes6WyFBIf=#9`1idrT!;8T&NF>
zC)#q;cUyzx9axe_gZ7HK#FOL@HZ=G(Hc-E3C@djncutbA5+U{=l%9So7Qvj#luW9j
zWp#~S&Hyc`QLbf~-0p3zi%o8=%YIbGM!4^fROWXZ*{_7>wddz&7+bHSsm|ly?>bYR
zcYj+twN9H*N-ol)L!$ziup?gdQk6BqKD0SaJ`}P~6<&S2e;(bdbxYC&xOqNatSr*W
zG=~95R@JIT^wYH&%64D$F24W5Vb49oc%^1f`h|3`UP_GSlKa!04q7=-b#i@17v3IR
zQyDPIzwCi&b#f-gBfcNhnz|Ut%=R*J71DzG^Se9?m2mtCJ50ciq^>@iG8|c7Z)$HC
ztxmB+D{r<>XMZ2ZQ#j~<7PaU(R_QZZP4%G1W2EE+1SZJb${5*Fu7xAK=yP2S{$>om
zFY~P0uJUB$SoYkgIJ36)Zn;QPuW~q9Jw%VD``ccFPZuIIdYTfvq7BM+f+a@>@~Emo
zT=~KWCxm?X8|9?~dR?8#U^cA3p6MjDuO2st`bNrcl<eKqe`SeL#^}ddJVBz!@z|Y8
z(o`IsU-||aB*ld#^tByzNEn?+IsO)ed&eB)F_sw8J6V@IzGDwVIf3#>QQBI(RH7qD
zE>6k^BQrTvXOxQaI7C+GHjd-y)SJ7O9C1-^LZ$eKX<RYFYoQ^sce(hxs74PCf$QTN
zMebguazDu+4k1h!m=G7bdTqb&bZ;T^8a}}Vbg7XNjB(}9VCP?`3t{?H2Nnk(eZ^6Z
z)TAxy5NjTzQ?=~GT>aAN_;ywHNZ=jy2g~A4&FC$p?V|8*HV{*Jl>{4drWWBB7pg2f
zm+Bp@Dp!|7f|h2ZGjmvJyyXyE{F1?y<;I*dH17?!z88hIfk~fHHrzh%dH5GSoMGfO
z83;7}-GPPYJG-Di=tIe9-Cw|6pT_mDkKi**A$?a6!w86o(!Be$w?$&=pt?$S7pPw<
zY7gN2K+!VYHJ`%4^sjBr*N}Sitt60u_oVqP83o4e96J{S>Ke#4<eEZrdQG+d3ltSo
z38)`X{ZAt5>-?JjAUyVv^LPo|JD~fzo^taYo@i4+9LQrq^vpQ2Jo&e>;f3lenorEN
zDFU!n)@b4nH1(46e|MS?JN&>clzT^|P0XLW<>_$)nU3J4^~IE(gxM}N1DSR-97A{E
z*E&Fv+zl=x?EBy|o1JzIFAp*45~jIyBJD;~Cujej1n?l=N$t)h4Y4&hb}ek}7_!E1
z3^?Phw8%int)p(@+Kt)8rQMTHy5QA?*$hR9eGs(u*%U+(&DX*KE>xJEw*t0Za2OMn
zejvkena#$xg?73v2N%`kGHdUAMmkE~RrCr{(@Qfh!&N#V=2Y&u0yl*wr~>Ji8*j~4
z-k5&*{CLA|@8IHQLrX#oE`zBjXEJ>x5B97j!$;ggFnnY8w*I&7EYw7X{Cmobi_U0U
zQ4wZLf6#$4c{DhKF$WqjyCmH~ioPViR#e*{qMFLbQCk=%2%F3@Gu?;dzMY_RyC--c
znsy*K_9cfe6*LA2lx)pCAaL3o%tprOK2hn=KO{`5u@XCwy6mZDB#OIqB!9U!eN#q$
z^3I-SMdOUupSTq~0ZAc*_S72>oD2ZfJ&eFc`6e9U<^xQu2l&d&zj@yhAhDAy@I$=z
z9f=0q&*WJ_`P>lznP*94gl4H8Hz1at^h*NWSZO58`;H=L+s#2$;7u`8_E25B2I>Yu
zc#O8bdTb0mAjvqK-ocV&QXJ(zW9H!}XFuHy8r?*~58R^d9Ry)*-lJ6vS3$jL1zEwN
zvVSWQqtY`s?sm3j<A2ODi?#sG+c@#y{ST`O5}SOYPtrdERR(C;ijpev(wNh_u2~jW
zUgwc&i|RFC{lHkB#9>;ip-dPBL$U|dR#9L>`nLvSAV3!rAVyoje2CWA?2vc+O#)B?
zM1U5xDVlMyiImx3S{M5y(MDpZoN+IESjS-THugYrlWx6tNyiZenk~uF2!%4w#5$yk
z#BDtIGUNfntGJQGLEAH-KFTX&Svy|JIY&A;qPl)R-Ol<7t~XwX%k$Pa4tV5wBCQI=
zFXlpxC+7RmDAAEp>5zvrQOUM@a_|8|(Mx1L+aR%*lxeIKR3IN{TJmCu7Shf3MWaSW
zc0oh0Y83J6W5(#7uCQ}CKS+`vZ{$IQ0k&83Z|o&UE3z`f${m)Fd(M`v>p-&$=014T
zJN)5mi1|k!8G-7|5w0r<lWM_20*R|c(%%k&W!TNoyOuVK#>7xK(T<S^a98@Z(A#@E
z>V`*x;$^`t&@DGW!_vnQl1mn(R6}Ki;!VRhj9fRHj2~vq8HgKtFkCI2y)H6O;(W6C
zGi^An_`5hehIN6-pf#97B6n?~JbebzeVwyHt4u~rx^470OKc1w#4MncFYd-^+{0`o
zR){yOa!0Nz#_l1^MKSh(`Yq^3@>T@aJgT*~&x##-ah+t6=&p?y;nFU6PA+t38swSr
z<z5Q;`JXrK!OA16`5{hiqQZByK!(6wk};BqU3E|S6=|nBzCWINba~!Au^0Q7a-k|B
zDO5CuMIw8hwMaS|AH9;Tpj#z$^!O4aK9r_qbf?!)KA;){@2uHj063$_nRF;b-4!>(
zpQ(GVc~LJ#oXf<#>%DA5Necbso_}_6rG-fczm}rNIis0z7DqL0Nvy2lMo+E4r+kQ{
z;K-a5r8nS_;MPx#?fd)*A$J4j`H;47BdTD0Z2U#dM)>)Z07h06ri2q9Ppn`R3EY}s
z9sl&*{c*9a2tB?={G;pVV_{g~cV(kt<i^MFTmBlbQ?%9%to}&=|0)*r<5~~xLbuph
zN0fqBdZoiP!nobc43Q8ck1Qt4FbC)Y;1#Ocr3q^}um-HWFRH=i2k9LNScvJ%9I{)l
z^8xvd%`cx_RaW*0;#9wO977zo2a=r-mR?>W)Zg=s{DaqsJC=pdlCy&3tw`q3I{D7f
z?MXwTkbLs9OwTbwXT5FUpd-;SobbAkz}S$^o)moOvhI)_LnvwFnhzGMvjUk9?w3qQ
zc%6#^VG4}$w}k*6kQ?v6r4ogC(@!uW{5_7+Q?cX`f&u5ce6sLn7oDwN382B$d59=}
zJnQVl;lhD4b~C^bI+@p?-5^IF$z!VS1G&IgVF^-f>E2LhC@U*Sc=%8yKS>e=SYB4#
zTNyoQhE~WqBS-A{3O%PbelVN@{3~dm0IYXFh8v1M><SX?S9?AT59--tU)nA*r8HCj
z74a2l2}j---HwngLr_a-3LlQ)FxNKtcc2LVASDn>>Es}wS19co$@MDeA-}|n5rWiH
zZJ=f>9NCCS9h*NG=#dx`xIWs5&&d<yc@YyLT>mX(e0`p_R3FK2UUwsjR(xMzF6r+B
zFY%1sx6<Mm5}y=fF-P(#_2KluKH_LE4({d7sDI<;bBq_^qCf#=oPM(bUFe?`b{Hxu
z36{jo86D{7KAtDz?tRVrVU_I+lA5Q#dJQ80Kh%@~_nU8|I^li{L2!yN=0yppGWbHG
z74FpyQsPBSE>kUwNu{*v!fN6f?;|lU|AMYo#C<?bZym=NK!uWl@>OOF_kq2mWX@4d
z7&A5FO}t|kFFaKc4<?19gk3x%iZ=ySe3`(Aw}d@P3Y^-Z3^RG_qoPPm={4T>;W`M+
zCh`c(S9}?z2O5q@0EqJ@eAFC__zsTX1PFpEgCBeRp~~ME^A1>eIiqS1E(X$aR>SN7
zR|yBK=M6tbdhZSS!Ny})q`qGPt+@V)(51m|SKucgUuuS3Q)!4lQ=j0(L3#9hb1~k^
zz7WJdzMf$`(3XP`!u$Ng_8dV{<(MIL%q>Tt{z1uG?3FzwTLVSc*bvWo)smWfgs%B{
zh>T(RC>o+z$62vO5nf{ou@@xS1!PUcCe43XUtnas@3;U^0rA)ftE%YyX0+$mh%^<b
z2o|x$MU55SXd~<;8i}7ug>eReZ#4V?2l3kcZDTOvT?9m^L|62teS#QqNkso#j*emr
zvEdftPk|c15&Y4vRI-xb)@R@;=|uw>#bAW=x&za1NUisz-nC;QxyqrJuTfaIPys5D
zBZH(sC!xsV%@?Est{;h$w9}yv)$jSmc>BpY8BG@a8KjYvI!UKcQlXhg0OP+{MXE6l
zVQ@ZM@d)f=80FP!llOCq74`!yN_qEARooY98}$v#r>O<T<F>6C`4@?Hm!;l%?1SeG
z5CH6sEhpMp0Cj+<9@?^6uPH7hwBDc~RJF}&4IXN_YZ*io&4!;7!fQrsnp!nIGAwv3
z?3PgnnJXcqy-igyr|{{MA{6bdqGF$EV!x^msf5&)VfcfYkG;nq8C5YK8bSd#C*z6d
z0s3ilCHYpcO+O4h2<2{_KT&n~(ugA?CRk_+`LP&EsczvsqEU>b{L1j*rmKj@zf9~4
zNyugE^zI@u8mGdc{n54G_>!huAb0`#qsv#)fp8x*=<%dYkzIxv+~l;aIXx!gyh%vy
z0HFhRGX=_3hOkl_4I~j`%F!6u0hSK19lV4p^By3s)NCvZJAj^w#V|Um3}*}Wf~iLn
zEOr>ByuV}z>JOZ+eYhkJwJmXjf(~fnVs!I({MrdR>P@v^duc0T5)N5SvPlVzwWy=w
zyAemZbqfcnMn6Zjb}y^Tju0)rS;~d}GKy?v$;Qn`DbX*nTh~S?;q;vwqXP%os~H#Y
zxZDAs+x7$=_vGe`uvbLKeq=eZ3e1!u`9u~H$cprz=dJA6!suz8L_Kjr){1j^m&i{d
zh@DW3dPU*OLjBknnL58hWIcClRfLIXm9go-$II9}p^T#HvrdW^qrGmD$*fCI;s1Dx
zmGHt%{jAnr!NY;l=Z<X`RJ>G7jj<}Xi8`qvHu*r$N`UbGaf$5CKo8bPAV#nJ;nDYy
zr6jy5vxcNZ>eAW2L#w)N#87|)v?EoEt;bnihaV!7UF(tE!GMM7ugDiG9P)-z<auG1
zNndzr;#d5A@HB8?urE8(kgB`4R(e?B@cpBQ26A4e2qO8~F;24VhSUPbKtkHdyq{1W
z`o+ayuYT+~*vu5JZfvi;gBh)rkcCON0Z~v~V&Raa_*Y>lqsuexW|7(Bo{d8NmE|OC
z0u-B_>}@;xz-Kp_%(nKCRR?CI;H^|EFft&&9pcwn4-T8q$i>f8k=e^xOO~l<Mn7kg
zOHFPcqJ59WIJ1V*T}ahm(xXj|!SZ7^fpSpy+B<O%O%fdo$wY`kiP+FbcrWadeC&X{
zIN5Ft<@hO39+pKMNzW(-9#S_izg}4;(D4C!AQk|?lMx<D=Gnpr_5Dks(%pu#a9W1y
z^+`8J_|mI^m`?!W?(*J5fT<@Ji?nDBi)4{;Xc<*>z3AjT3?!5z`X^ma4=Z^^oJHkR
z8xQfTP%UD6y3;{cF;!;4uyK(52S`S}QJc(bYT&k*{_>&=vFPHxCJHbjlb3nJ#aWsz
z47w#tTGzCPpR&JtHgn)aHw@d$6EFvdePK(IwCot3lnNBst2tyKb9oUB9L^dl&3O9(
zr{m?q;Q0EqXUCa@5oyRTfhrTOx{Ai$YX@G;`XMvaD8e&}I@mp9$n`ZJB8=gSgT;vg
zPfYtKMXJq(NXjGUcv7uL>&h{R*nQNW?H5O&5bu>lK0g*bM$7&O;{DNZfI{cKO4`Q{
z5-K*Lmqu1CsYgra;Mbn-Px+R);PC=InCNnReGs3ltB(z=m>YsVCez8o3)K5~%_(D>
z;TYqG2)G8~asFgx|FJu`%eYrV8g0-a17p|pl7KdXo{scgXK7fYwAJZfbL#y4w@A#d
zPijaa)xK_|Y@TfIZnHImO1)i_Q7X-t2Fv?41YOd%YGEpxzoDT`o?tWKqLq8<iN$g)
z`suUJ22V9gepx?0F#pzNALfKF3*3Y2n^HZrQ8WN8tJR#3%8!~lB}-s&=F2`FK-A8E
zO|lU8O%gUl?C?b}Td^Ry=1w*W?6f8V>(pQ40lR0D3v<1t(X><$R1-K0QDp{6f3X>}
z5#iU)5+0C-s_6V1(rP6P2Q|lBWS21q!4?W<LSs9KK2=1+i!^)?(b?j|pCJQUL-U(x
zJmIHLGUQ^C2K4E@%<bfdXlW0J#uxSrqima6DTh@6YjwXX_XN65h)IIIL!g`Iq>*{P
zTlYH%>*!gujjq9}D<7HY_7G6*BKF^_@~>>``$!6Tu9%tDwzEAnSve#|w{(Vi6iVPD
z{Ath-igpy6)9G2(j({jeX$C@IKlk>&vI0&^f0+Cro+qd>5)6<5Z-f}Exb{)Zcy%h+
z3<^n$qa$?6;uzb<S{OzYVZ*3I2g9u-47d*u(G@2SmAE^Ekl;6uo1#Q2UV?!2#9)~g
z#|S=8dlPg1L5223)9jX=6c>HN8fXjNipFGJ4Hdikw8#=OV;uOa3Nzr`?UX_f>a@DO
z*2#i2;S$*5%eB?A1)BDgkOkKc=rT^K>V&}h7|lTsF)n`LOMrCR)L?u_mW^qIHfC^S
zR2v`0^Cc)9oB@){3>+;)ECxitKhvZ$06PMP%HpOI{AGME^CX@Mq}<d6m*m*_jVMf4
zaw$ONcy<!|*+)X2NuVqkA0rbh%uch2=?3{Heu+u)@vg{0RO0^xWvS}BenOeoHr|7I
zNQ_3VQ4OE5&qqDiGnYIyFb{A`aC4zqXD=oDCf#8OtNe@4=@F6UnT^U27rl%Z!%5nn
zJvece1;gTu2OH6}A<R=5V7se6al76so>S()a)rCN`K`0jNwrrj?EVSnEK)7JV;|-s
zQTlR<u}(H6|C(XN<@`>+;*EajFPUlqNOqY)Jb1A(MM^=l_QdirYSq5XA-zr3r?CwU
zG5GU)#tgtfG<K3MK2P#b=5e3)8yWndU;_UzuH>Ys=nf{4b=5Aht02CiQvPw_8b*GC
zheXm>aObsQstfy$w72G(Un^q~vs&x1AxB~JEGxT`4<QS4Rs@~pUXIHcG>m6COm))a
z7_uRs#LkS=B|ex#dyV-S2%6;7F8n%`;KYVhTmvxIFxHu%u91@MK%tZ`(4AA8+icb4
zbceagy;*HJ{-er4ek^oGptWNk->L+{XD5kI&T5~FbkIWns&2AWw%mgYPYB^o9w|eL
zQ*s;_FtRbis5YoO;CeGiJ9SU|IABKhioC-p9yfcpO?<wEZ#a*wbd{L1ryMY+Vm+|h
zm)1t6Uq_hK5OKI-6eg+}-55^s4pSp|lph~^@N?%YAmPP8Rv5SNH!q?r4Rbt*X$~PM
zB#a3<u4^NI?&)mYyd#;>37lRG0;iAKK0$t-BVA!>TP?ot1^o(EFl1W^2ESDCIwSPB
zN>Q(p2lY;Lcmp#3VWN8<$={Y+3Sy+1(9u(k#15{XmvP`toz}$Q2yauMf$7sT^nIeY
zJZ87c5gap>5{EdBM9wnM9v%U&lslQ1!*wm|yTU_G6G%$i`H^OUoMOZt{%y$(DYf@`
zLR1MHfm+f>J|-w3`!J7aV6ni?9MdfgFoS;1dAESTt8j9vhu=dO5sU{UmWy!YElHtI
zSI$XSt1|WR-GC!P76vEEQEn#!L7e_<BU#!TBH;O{_?R8=J<cIP@8?lud~(XV0U1I$
z{rlh}y=sG%F~+zr)(-3`H^n=O5V!KmYv9c1ik~nzuDGQbdwksm7j$;I6c3kt>o)VJ
zab+Bed*8*ry5(H2Kcnuh{2Z^4#ty29w!FF+9lF(8&ND~@Hep^Za)Y~ph?rM*7igjT
zZ&S=Qo+DyZ31X7O94aoHDPY#*8GX>^uqzzn+bG!Jws@D6hO=ifK0GH6OP(B$eAOFY
z&uU&&T9ZbDLLB$(zuEE_yNwi3KHD2+teJ^L<l99;On4JR-Hu}UqSUqt%u9@;lv$3!
zKRhd&FvjMLrU0kSo#PM(vMX58j}w&*^!3L@7FZ6tr!G$r2V{p{;~WuTkGdjGXMgcH
zOs$__Y->Y)s5<UAoupi@#;pTIx>kyfD;&dyw_D9VaFkXDq3RPo*MRchNT<<^{9Tge
z)|K`$;y`9(<ETwh;W;2Jakcmwv?b~4VuH#PlV;)XSw?H7|0A9CmTO$TF`?K|uK>t5
z^FE6Fj+h&UsypI=(40PS6XYnkCrh~Sj$N131E@8{UJKuJFD#mxdnhM&a$^4*$&rI=
z^ZEgjw2}QUNd4N8h-2-z1Ofao?l3&2Liem=K-KAb@DYHe`8&IaLbH>S{v+{wS@#WA
z-!<i|@n=j3KuuBvH5;!Wi_$65sUdJORJx=5s7BOc(>{Q<H9y|I#WpO)e;s~0MlmFQ
zb=6f{u#3P##K{ZZ4BF3_Fe4bG&!~+KiLxV55ScGYLwkTFKG+JqPzWP6tz%1bZ5aiT
zC<LM}QKDxq{@|UH*-WsjI8wHY{eiP)8K4(+2LJL|e{Y|h53Y=4ebSl@s)1>AF3Ys<
zIK2NTw>lAo1qpeYhNyf4QOX@~BY=>d=?;dMVFIE9b^&?Bry?z84VJ=k&|(W<C|UVS
zBKAdr7pbPqZVGZw_LO~-sQ-z~9}~q8dh=ehq;Lm6*yq1o6@b33C>)hG#Y*$xCH|t*
zSoyOkz@S3iN?4)Voz7=sQ!j7%z>;F?2q^@kWzPrLYpfG=f6fWXwVobCvg@}a?j?fd
zGbXF1M!T7$kvfY|A;>i~^z*GV<L?&wPTz+M;BSF?0hI8Z(>%pd-k#7makMfIZG_J`
z|0VA#t1Ly+Ne#PJBV2;ZF;Wi*xl@v8IEGrxqWc}txdb<YD>{#3gp`ZHl5xcEx9@M+
zY2pu|J_{1zz_6dM7V`nDiFQxR1y3CHMrEIq(WO=X{7~-JBBh-6yU-$zy>b3%gu)4V
zrc@Qp{!q$8*yh50HBw_UE(a#T96OP5t)wJndbfLEl_?AQ-3`H93U6+#xCAbv_B4A4
z(bGwWzLnOFMu0e$qXRXDFle@cTWq<3mbJkO3ou5B_&Ga|?r`<g0nYQ%SwEsh{URC2
zeecKC4fB36)@IKlE@_TcvZUwn`i0$<28Yn-hCS~M5oo~H7N4`F2*+laklH~?Q{9T9
zx0vi?f-Xcls=U6+Xq1lX1eRDQ0%LJbY>BC?QRrYRWPxLqN}fVh`1NXy{n!d1GQr)H
zB0F}`7uiX~-P18D^wPhTa85j3km6~;pU;$#3G|6<=GO^f>v3z)OGO^?8=qr3s<`9d
z$F;7#_MwxNd@w&?RE}l*^bkpDF0|C<WRHM=^fdbp8*yJuua1Td8}-812W%yt&9yJ+
zO3W>e;1Ww1+0CPn1@Q`97$E)pTkuJ5Hi1YHidXgyLxYDJAP+-ghBxZ-9iGALzYa>r
z_P$*rl<%tyHs_8@hLuEQ2CKK%*^{LK$l_+1BF~|S6}gJoULD8XGM$Sr>K9`6<L!af
z5$AIjbWLJNc|fwB2r11vx3rnmB_4H*XAj#{&qmcI=`<F_c$^HG<mQD-vZpxO23dE9
z7qip!f}V)&QMUi#5WE2KghWJY6)XTMLQ63}Wl)=(&3={C|AyIA3g-&H&4i7W%K2o7
zJy|#12VLO2j8_=|+nxYKvvrib$`2ibfY<6FSnOhaCZ-<!`ce6cWUD?EOcyA*!fG+F
zKGbhZ7}g4dKY)WSK;lK^k@6d1#$yEY7G|7l+=z))0m0#@oO-(xMqwlNVW|k5w7e9I
z+0A8<lO*>e3dXtwMa%S9h1U+!#2;XqJra6u)=dWmZ??0HB=|u3BPI<LzV4&IXUG%N
zR^*mE+)tV%ZW?52a{3%09>sXSf%52|A-u(m_Ch(r$qm)KXQC&~FpdKsc1|q$T)-?4
zgP&zH!r6p-R_0?#mEdbhNDnK)co#<0KPCx$F%gYb@JJMUik{CqMm_vBKI^?Y_(W%}
z8Bg#X4LHj7Oy@|iEz=5@AwESAIijA@1l!$&RKYU+JpuK!t@Thj<R9>BUz2;K`zyOJ
z_lz0)oY)F~F8(kuox3>U9J65Xi*OvILCu46Kj8*H>!&GYtyuyu+}guj9yZGavW3x>
z?@fLn>o@L7%B_c7Emh!0>Mm|uBaeecmMh=^iA)zr$r}-73|jjP&@>9;L}FOF5(m;l
zm{*}xb5PKSHnv;mYjH@l%hh6_Vg{Lv;I$48*o6-jEI6i6_DChmY@?iI3_a%#KBF59
zJhNmNuuv4nZVpxtwaQtv#JwfhDv;w&Ge26~uID7|a-OL~p=Ce}g;0&&q2xZ>72Hx@
z1ibN?9%od|jju6L-ZZo=%;F>*>?<Rg3zs2TSc!nOq%^FFSgc-rTSN7u!DuBwyvBL0
zj|xlpVPaF}@u{D=iMYSV&rtc1g9z~T`pRmgyA_8_&*V*j?xUCpBNqN14b<xG918If
z`~yrZ9OhhBA_5C`4sFFCGB$iMYxY5R^I!&m5_*3e5uD_ff-Nf;$(cwoCA*?!VSJJ?
z`r6^rdST)&&}Du$e782M-@mf8)-LgTwS8IVb0WTIG$yOg=3|yL8R|ZuYl1Piph%1&
zb&Fo^Yv|cwu$>Q{QY2gzQU9ebjxqu2AialqNRaz$-b&vPIVB7KTKn3ze~AySi-{8A
z{@eM5teyFLIbXEFpACVrsK6gaCh8lPn6L5=xQAG2=bVCM83fQ7SUfT4a<i0JrovGd
z^$ajbt2*iv9&AFfSo)?p`%Q%U0_P*_s^f~`M9}O7+*V3}J`Ih`8={orh5umbyQB;b
zcFJQ-xF_#oc2y9PtzX*;WI{c4qRf&{X{PZL#nJa}a|6BEj<rKkGHa-Uyo$tu-0g0u
zg0N?idOvfYR-<51enVwD-Fs(!nFn2!LTRP9_D6dhk~-REy9A-|)IAZ%f@p!?dFGs;
z_mrN06UHXg?)M8SE0Rq^YC+t)H|@?uKm*i$Zd-0=RYJ}Ri7~*17V7JHShe)y*TLk$
zE#>{52wTme0k$(h%!RSnHF#U}*m}TbxIpt#%-<P}lpHmyFED$+ILyj9tA=0qH4?sP
z+g>Y+!lcPapF3aHw6_)ic3e>EhG1zF8DP2N2>UgadSLBLIAQM_as~6ZOU#^TI?OCC
zOcnh=YC=0@Nug(JsnkSeLCKrWXe?ZDsPOh;GJ8^K9`-XspPRLXwFSWl*PVuur(xpj
z2A7(j_+7?u4c7Ubm=VFE=b2poWj?-MA{-dc2U{Mco?(!#BOb@od}K{VB6jJM>0QNA
zyZ}Y>+n=EM!Hx7&7wH36vjFC^Y(`KaG9=ThK8}t%fD#3MJRik(@(Q}YK3eK1f4zsa
z+Vt*Em9OGSDI99D*$oHey#sazS;zPXVd8_9HkpP}V(Wm#tN7-2d?H?!lH3@QplQY#
z^bgJvZ2cgskzcR?9f{N3cxRJ4-g*Z~4!5Z8nD?vFy^=%JhpRCJQO=M9^9~hNvdcHF
zGTfb+v&mVyKMgtVoW)88&X7c%2{u9$rz^%52y(W3UEceI#>U;#C43uG-GR-RIZU*u
zAL5t5P?HV1uM~gbMhT9?W7!4$Eqf@Ds82b+JzyVT^BXmn89(3ReC(q9CNX|9946*I
z51e;K(@28(i`F0{?hfh$?^fj3<Sd!~;3u!ulLiTwe649rT{cW6B|^D&*hO(JHG_-$
z8(_1wnomNrYngL;Hc0~hcr<9qlI25gK8`NpN)DQavxd=<QxeHvcet`9aUm{shP^Zw
z=H^$B+9l^`{+1J1q<97U8?K94W`u77g~39;_;6|BiQ-AKSWOit?UHtn^9j5JArM%T
zsV+K*FpanN!~5~@WTXoG&B)t3P^PIWn8Oya*N6!@3N8dSOOSX{ANt0qZ}{lQv2a~~
zy~(5>)4^A=`Wl8^efeT-ru1KzzGz&Vv@__eO~qaK@1w8tMAYBjzxnPBk6IbB%|k8O
zkS2pN8ow!hQaJwP`rEPNyB)$(xj6lSEWUmJ<IN<oj_VzS^=i0r`b;icTzMnLv+dAV
zr@4O&Yi2`!0wYDeQ3>svm_7<2-ZXcX_+x`a2cT~XeQtnyxfH+yU}0bGx3|&ihqU2L
zfT8ef^QMt?j+VyMS@*88JazKbT4%P*fg$GPDI9+ByI^caQ=|Z11U9?>lFk#iJZX|9
zc||Kt_cmQt+A+{;G<NE>s2l4ak&8U83Pjcp0o9WZyY>IH742l*P|0(E)?U{BM5)o3
z|Km$Iv1j>RG_X*Pw_*XcZxNw`iGiNTVawB=zJ^(&X-cR0*K<Ju`~eJZL?-q1Daq&I
zNrO#}guFnMM8SlfoNljL<*JnGgAlBnOezazSt<mzVof+s#;Afvn4|Pv>fcC9iosMH
zO(;w4to86NHTk9o<?px5qsdAyL_u8FiBYbsTbXtH&jU~DxQk<p(OHJpdVKU`or0>z
z41ZU%uoB(`<mxyp88tFTlFk^)paPDX`_I<ndift^R1i5Npp-ZjT~C!N4@PRu{iaD+
z%iuZbgm}^cQ`2mh)nMr{qL(RKBCNXLsf{=D@YfOqfEB8DhkpsvaLC(`OS_(DH%sZ=
zn|aEz$`Ajok?ijev}K`oeh9USod)ojKfdOSam9PIXzI$<G$lHmqlGgh3S<cdhp11E
z5PS_4Tx$e^lyY_b&fb5j9weKJ<#H6ODURgGR~u6A0^AtuH2J7srPe&+{(KK4hA~rT
zMZAh6Wwhmk@90x6G`@pkaWSI@z9LG>@MQP1tt15XIiS7(a59YLnN;M@HT(@9=64=1
z$XCAq9guVE?Di4xklFzJwBO0>;T<~A8X`C5M}WWgHs%Lyn0uZwDairpsa}Z~<PHDf
z7;C64=RAO$=6gDRkFypHjP{Q|^bu@Ey>~Kac0n_muEl)Z?%5cpU_}A*rwB6&bD-2k
zNKgUkk7@g5nrYs!(f%+)y*!=a>Hg-NRA5#cqJ#9onZdfkm9}4j(6VBz_`n92>ry7-
z;G$098Az7Z$~$~h)9UrKeYN9UVB*!ItyK@Ld_I@Qyd%+%w;MCqV`qrxSi~6yOKb(0
zW`ekv-ZJ_<iT6Ap(@o>!U(#hl>g9nOq&^|JAmIf$WD+2pWX?bijF;kS90O{Zi)5c9
zc^4(naib!>tf3%%E{rdW5$GW}Ns*mNi=%^w7qqvHF<erg!9%r(pV4LNG%sUSBy~5)
z^2D8C6J)ja+(3A^ZR_MHEZL5>w%rL;fv$|6x_5MHoLRapVvWY8juE!~^(&a}D)}>5
zz!g^$_%=~n=a1kBgv`ZmanQn8TTxw|Jt<u&y*OpOc5Yd3A7ARZ(qWNs%8&oXnH#Jc
z3M<_gb$xigaB(7zU((;Q4Xds49L3ND?KZB@nq46WWKH@`e8;~P`?(eaDwB?3`tkn$
z8BAHOsNsn<<u;;={r*v${^#@-OzO7$8kZ3la^LLSM$}U80n{Yf(WQ~*8a7|YzZX#|
zwd!Wgvg0OxjXVQ_CL9Ztp|1_2J88lZ6j_|21V>a4M?kdm+0F1bl=yfpR^~}yvLI__
zYq$fXi~(X7+;LlSR5{kRUE|rdOngEF%s>W|nF+O;pB3pj&OMFcFGgT4I2nU0zhF$2
zBgwDdFpIr0>R5oQaSi;gkL*tG=Pu2seO4HnyXb+LERYg3T522yL&Nx8UYRyY5l#`z
zIm#2z(W_+=u@B6~(H9pX4>@66VYv}=gSg$TOi;M8rGs@G65YRhX8RLqsfG_gj$t@Y
zzhd~^D^nEg7Eqnc1$A?S>K}(+!E}75%BoneA*};>3o=OZ!yn;qFdU-;%-zZ!AY?CS
zQXL6_ijRJk-1QBHiC64cm-K>!n$F{YDt>gSI?{KUDRDKZZ)ySYqA;)NPlCp#ksp7X
zL6*+;h`DUzc(PofoY+sa$faI_YFq~=oO?dNOE(Y42{P{ocjQ3$A>RlINp@3Yjca{S
z3l5!1^wK_OBrVf`3hc=Qe|?M&)I1PxQC)-{!1q1=6j;%6415w(pjyjXvgtr_KZOqy
z7FedgQWj1+i7{k+-`kDgCcGaI*Q*7khxo@B8ZvgJf&PMIcN#@p@q;k?W)@JjA4cy$
zU<_mr(-lDwoIsxpao~^$FV0q`ER474gP`>5Ikxt)@*$f@vFO3LqT>-Sl^{)O0Zrrl
z%_efBqGJfRm<Z4S@jW#*>c+ubzrP{cHDaZ-dGxz^P$5)OG2FJ~9auG-09yf&1>b7v
zi(sxBw4o$*%*=(Ot=H+-Y!t+EP$c6_t<JE=7#=E1{|aI6h@@mJkMdjLp;U4podPpX
z+JSWe!FkLSJ85l-N_%{DV1e=O?Fcqya_7B=oS0#p@1Kx((93$x*A+c><XOk!s10^t
zb`YgP@1DnVI+bwahv+4m@(%Gju`avz<ar7l!y8?_#q?WeXz>6C%h?Vte4kwuFhCf!
z80B#Ic78qwFN~TNNlDdPz8HP1Pz~!jp2)zZlRpCwMf1Lbz>f5dk??$>iP<AFr(PvO
z+<=JOyzr24g4t0i!?h2l|Ays^s_*2IR@l52*BM%PpqUaRWP4Q7;y}71&_OkdEG}Xd
zdP`(%+)0J^h|{aGa^o3=x8<s^$F5&X>UB*DB)b`LM1Dth7VGOgCpIgL0`_OOWgkqt
z{`fO?Pg^1-MSj2sUZg4;pL_r{ItH+gNZ11;wPZFvxaGan1PpLIB0)R-ASYNfI(y-e
z3e)VrHL+b6g0I;73s^FuZ31hVx!uPBp_4?-6py^&c{9r`<a`~7o!I-F66lX{XMI3a
z>RhLb1Husq;6kWy(7S$sIQ%7&T}J`G<{-zXj3(G-5s}NK_0Ed4f|}q>kgLpm;u`<R
zX4a^civE|8^N2{+jzw1eV<h{d%Eb@jJzE1!5V2)43-*wD*}(6ATy9Ize7X*!4S}P`
zj^8L<tM)og*w!pCdN1m0mRm8+eiq!~wVpfHIRMSq>EJVNy*7-8TPABABn1?SX`dZ8
z0JcLj$ivPXPhE^Og=sT61vMgFjz^#)&RuX5H1n@onfrk@j?WxUpCunip%RPR(7Gdn
zPJ|^5G$ufZp*X1f#$X6q+7vIv;2j-{KpAp*ca^bHoWu7E8~I<>-yzRK)#~COb0Lw>
zS&TrHgYbeVrDv1kg}Ph{N0G3P;tea9=&S;EmA5*Wew*7^zt4VDotR#s&OExy1J2b_
z>&$)EM#dH_tl>)t<U&l!JX)8CTXkhFeCRRrg5C9m$0ps(G64DIFo0Zwkhs>~=JM#1
ze3vxFrwo=RSs`4dnSvdE6Oi6g*gKFSYyX$&)KizQtXcLgGDeveIUR)FoOWfmUgIh>
z`HRMG6F!Xe$V8rF+(2zw=2yx_(S%MPkl)%wH*Xu^^bvChvh>OHH8h|+QRbQ#!Im%2
zd16C=qQ!u%Xypl2&kk?3VWlSxj5f?p`C^%)S21ww5)W=}2X2YoP5!3bYXnsO+67TJ
zvx;hH;M*O-U^F@-;3>egXu9raZ!I{b%J*m~e>=OzTU0(ePs<j#JN!X(f-(<6t3yE1
zDK$<;)J{duLGY<n#x$Y;!YP3Qz!v15lbppQA&EzPnvLKmN*6H7;I}2=99nc5*!8OL
z3QMN-E3mDc<LpJ-RWMz^`T>Me!!-d@6UAZ-BKORbhMUc8i|c1lnw3cjt+xr$*TQs#
z>I#Iy`;INhMYC@k+~!<cFXHD*ByOk7McZ$m2|um;ye2wui9?pQj+f6vx=b*$O|^5K
zXzsr)EeoOL_->#j)9u4eTkEq|>&+$2gVmgLQHz%h;~b4^8g8xD&91f{o=LmX(pp|x
zc^9lz7pZkCC4?uSS~1*e)mFuFO!(sihvY--&Dy1pEii-Z`Gun-m5i9`JnHC`jaZj6
zQ<$xt_4v(FQ_&Lz<qYC0<y8?6TvHMRL=ps8n0ZYf<lF<O|8}a>F=05BhX?OSNq&Jt
z8P9p)Y_v!_8fD|>N;oKlONo3W1TsDrW7=*#lIL+TiV>t+Brmqb(P1iYyN;lI;u{)B
z1uE8Chr917)N&va5%oXd4wqmI66ICDe#9fw=)Ud{1-7Ns{^{u|_Y8Mu(XU-F1FO=c
ztef`_MZ9hh5Hc1*;g#zGrYuS!*3@?vwH7p$R<CF^4z6!$rXo7F0TuP@?9{H~mbh!?
zyZhS<D%(0L;YGCcTV%>tu?OgaJ=2$0ZIB$E)5X@7H6&=Q*?;E5*>y5*H&2<agr_^u
z(&@A>_0$t3od5d?98Pw5T8v8y!l0{lh>QPsa^f|JRJZ6o+t32~L5C+%M;s^<qb6g@
z#Z1WVJF#MhfG3e7+MpQcg$jSor3pLoIyvSF{QdRHT3;n#8~h5Uy+6(<zx0*Iy-mv`
z;#I;2<(*c=lJ=XX_PLT;vkO+o)rT`42Az@jjA}!ME^VKn#5D#96^-+yqdrMCxGiu2
z3-h-hert(3Odp~t)X$&Cj(y}zbCZE*43lndcxOvCB0mFvEVFS<){*=q{?nR`m~PUh
zM@w7RRN!69z?7udtQP6W?_`!Zf8{v-gmGo;Z9{RCallvXvZS={YmiyW+`q|l%}=;4
zoe5{hcbT~Af#mQ*{$!XPg*#3*_&((K;Ecc|?k$~>+t!V|WkKk>wwBa{TDDFM4PX_>
zngY6p)dD{stNiKu^&a}t)QDGNEOTgY);Xu&*;yz??ce~<P<2}FP=!THmsRf0b=f}N
z;=c5>#HhEbc(k3*c3oPts(4|qxu$Yhb+w_~*5nn64D*ccaC5a<Z+uP}KeM5=Iisl2
z+Nf=5S-#a#*4*0ur?6wOyW@}5dDPV3fLgMRnT@}jYL&J%jy&Tn4sdC9)d_kP+I{P(
zBUgJYZXUH$*Vk8w;@TIzl9BC0TFQqt6<C>c?U~lNe}%7>h8WBO5uW<=2#X4}S8!>R
zbznF1Q!BK+*{>~O)jU+I%2CF6L%+<YDcd`JG<@~cHeuZkn<ZtgVdG1Riz=&4WNM9{
z%lQT?`YsOxW7Xo)s@%-ly>Yd9GTGlb7`D|_$jbP>-kgh!6>`Xs6Z)^Xg`U!FHy9pV
z?XMoB^W*M{)#$jJmsTpYqkc+*p-31>T3?h^Rom$<p4#7)hIS?KRg-$GET30xDt48z
zZ`4V<FFKT3(_dSz)NM4lUs}{93;0t#r8m`4$Y!1xQSRZLXS&<Z)^!VhjK5a<WPXVS
zEvy)jYm%J!M;ij(L@@lvKWe%~dK^^)0U|rmFIcQ4LWrjxKfqOgIxAHz2}tN6zjHRx
ze3c-keOHVxM66dmApb)Kso<db-O9}ZY`m@8iv9>*TXFFXt)nL$QgR)r&|z3$``f(a
z^2ufYtfsCVH^~h8f!w!omnu%>|IkCwI6LvOI9MkzSQ~hE3aK$I@CiU%-um98>WF>#
z!ckGk!qtW2i^D31=e#Ao^M9y%T3gcn(Q@0^ROvsLHF?+lGLHN{HED4oa+4}qLcf&;
zTs-;fd(+)j?AP|^=k}@p<M<qa{Bdn6=S;sn!=3T6;&z$m`TJKuO~}QAM`y{`DDTkl
zv;Pl~>&(Y#Ko!UBH_RiyZ~*XI3YvM~j^xV##xA{TYc1p%4@TxIIZ`ayZ*kz;q01ed
zsJa?a_x-+v;hE{h|G!t~K>oFTM58*CdH(ggME;A8mjSbl0W+hmmHU4?ME<%a)$l*p
ze<jN7sAOhmrdwO@Bx|LeCFSZ)fPkMRbxvz?{w`zNUU^%-n_Ko27lDK}<o(ZK_9>GI
z#WhC=|3mNSKh*I1(m!1AU%lSuU%ejn|I#)yaQi>n_5TxVxJlhx6-@&-R|*88EF~O0
zDkvqqRuY#Q)tD<&P!<L*MLned4Lke*QatGwFn&a2T@#KPteJXkF-Y0S<J@G~T5MXI
zcT8D*a5(6vBh3{ThSIVa9+^D}&G;5fel*5<_tVkD!N$h*yKndV`_*R`{pDikUh+^G
zC=6y~GEHaTo@6YTg%fxj#Mcjx9P=%NO`rRLj7E!A3@zBIPpV3^Jr<fUiV+{ma7s-<
zI_e(}g8pZF>{hXn^Hbs%t?`^gh6~xCgp<p4U6N8DIblkPxQdl?=n8ng<=+<k&)i=A
zHRJ?Ej1zxAN5C3?D<NBBR{#BgN7zj-)y<?cS5YRvM(>I(siuoqlCVfAy$kK4rd<hu
z#zN(V$#3vw|55zfc)-ekL^tm!59K}@GM&htgMfC^*E5X34+fRyiRxMg<7F?)I7GK*
z%B1c3E8ZSO-mJy@u$_yS=h_0JuHhX*D#4<;tfQ@mJGL>7;0qt|8Uy%wTPyO>2g;le
z21<J(qO{=g2H&}30Yjuws{0$_)*?^1QK9D?ArYMV%vRxOfM-{Wr#EDCK#{9!wM_cq
z%O)@O`Pcalwbqm}+l*|XUL<Sf{vY04H_-sUy{k8xGxf-{g2fYaSEjX-mxThNwxxEa
zI9Hcub-r6<X2D6JQ0YGuOR!{lI6<V-%V$o(pw{7DqzsqqI6Z5j55h4`t#Lg#JCP&&
z#WalIIKM*^vk6UL9ku&IrZ{{@YB}MOXaK}?7!eRngtZR3A<3=PAtcxu0~e~WmMAm(
zA@YS3u0U2YSi{@HV;XL2zPv?be;f%^F?{ULO@&U@%PHf7y5xu=SWu}RFWhh}6a1?F
zkAwig?Fb9u55&3`JV(qw$rBMQ#)r78XQd-8r0O_hbL`?`w4~}*J35#oQBnAOm4Ymn
zphLn&&`?xRLI4D8K|E0LSy6t_*d(n?z<Y7+Pk`56UmCVx7#VKy5CXkK@b(Zfrbb*5
zP|>zW3PBtY92cM?gDNq+06}7o^aH^W(>m5F&(Mnbwr;Og)5+%o57laeJ&29W2b@9d
z+({j?JByevfk-!R&MRPu`ZC^<#mN^$nIpf8zIceJ%_I*dYTDd6Mw7n!UT6YrOwuv{
zlFW%uvWbcZ940cYkPOoT*K+p@78n#V5!)(H*pIIlgKcR1>Z+3#=}6EK;GRYrq<YSY
zfNVq$N+YQEzcBZeVO1~P+jN&SsDMFtNk}6gz3J}m776L@?ru<N6p#)<I;Eu>>6Ci+
z20h2)Ie7Fu?}z`s954McGizqnTK8IO=Khtt!DQi|;SaRYGeh5d`fS~c?v9Y5yqK%Z
zvpS#lWB!=nxXcZNhUO%&_<(F_mF)RG`Ug7Zb_ja-yGDmB`(`Dlqnj=B$f5+u%cO6d
zHn}rs1{D%a*4z%>k*#)a-W4~fJ+d&t)8zAnFsG`k(Ard=@2_{LE9$i|QFn1xlg~Es
z-2$dq*XVJ~Q41e)F_}8C9u}L~c4rX7Pk3@hhbD)#kgcEM+*yAy8E?FwcP!q~T@V)w
zk<IcYD{;hUv7_asl}X!MwZ$=`+m9LE>6>ksh*+QyI1_z2<BQN(Q4M{cb<7{&z-tkb
z^Yql0z0<(y^QW^=*GC+z7KJ-6cctAQbS`*|xef#QCL}nKt8HBl##{zJ!reb}VYTZz
z$eJcF-Y=e>>lJ_vkg-{+X8ICjP+PTFUf)LOq#TGCqZsfgsY-r$-*8(EQJ$r4@9?cw
z&ej%;I!6?adevILXpj5iBPAtMS0mA){L|H(h)TT0J(U5^8t(|R#}#E0E1d(Bp53)N
zCI*HDAx_Yr^4X8vFI{DAXr{Rp3Tfp|<4meA`jT|IF7;spU2Rz>b+(&EY_NNfCY(64
z^EVU<w<<<9jq=`dI266B-TD&CeRgtKSaDvIf)urEY@U3qo%T{P(GtM5tSBCuljpSl
z%-_WBmi%J%(d+Gxo=ZiC;o!m}C|tK#W?t+<9&yY+d`ih~t9a0GIu{T!i#c_wXWutD
zQ;-9^93pvyScpB@{;rO^<RzO_eeRIcr|2-J0?JeKsTHP?c4@?meR!5HQ+77mf|{SQ
z^V}J!PbX>PAbM2QUvJSoy`Z?fCD36~m4n#9-#G6R^|muMsV2&uwt8}`vMx(!B&;NZ
z{@w26D<aX=^>CqHr1M&pgDr2=Enx!JySuzuw)4>=&mI*zoGh$%t&MPp#NT=pRhdcm
za=oSSB>~Cmpig~RZRz_lyIf^jWyGQbI8R^Tw}BOO-bU=;X?SfRB(Q|sUqTJvvAV~g
zOfLnEw;n_IGIv=2rH{R2=pZp}=i7wv!+v&;mN<0j;PWj4dilubx&n1|JaS2$i@JD`
zBf`>=dyH&Ilo6rh1x5(UO{d^RSuv$R7GQKA=r3W)F@2DVN(V4O?>{(ezMg64i%^#I
z88v;Af8KO5)NSjuoV0?oqwSOn;H9fOfKORR=Oe9q)~F7C#7qyh#{h12lwg`F;&jV;
zC?h_ydsjdoDR&sXH4oQn4iR#Ck|ca~8r8|6;dqzm7|7yP;Pv^4vNoq@(X2@M^6Ei7
z(D4F)pqJlQ|M>bB_7A?;-rC4kkH*wO$K(nYzyP0pgW3<U;7^nRdaA8*`>jMgus>`d
zaoyjkbBut_UGJ(h&|7U#`=PTdN}|ng7$YfFB}^kBb}m6dIx1fI?@&Vl6$S;nwmeD|
z2CmO@V2{Ux7|??U*ZK+uv&*wU_W~*%uZo9)lITthH{dSH*$x`1VqDAZmFxvlelI1n
zv|SgnUE+8EztX$3U1GysXuydpz(G>>WD?VlF7a`f6o}T}tw0Z;7~Y5Q9fAQ#nXL>*
z9do0UCVxmN0hAEb{wFC%o?lCea3v*34n``mIplrm-N^Jg2LL;mK;1(|9Ev(r5qoze
zYWHG1PNMP*DgYg7fiyW5#Rq6<cr4i-U*l9?eP{3|irzRBTmBTOi4f7Ko_LNtI=hH@
z%06HCns0w6B8UTN^X%g*q?_0W8R)*fxxaw|>DQ^Hrt|+Veh`9*p`3|<L03PNg`rPW
zf>Ix{zcn6UPLavM<ksaWx*I4hGsz%hBONfc8)%Iox^KNFBVCoG>d8On38|{4hKq7d
zWuSlhX&U0Ybp;)riFKycxEqfSh|By>1^M5P4&7fA#LdHju8|QfAUu$pK)cvmxW-*w
zSRY*W3|}^xw7}UM;Ypk@K@Op=47^wKEBI_m024@6TE?*XkPrCFFxSZ5905+y!_u+P
z9zB+2^t|GeNHg{MD1=Y^osgizBe>49b)$X&56?Fte|CC)*$PbOBi#Wi#UeJz4vZuD
z$p<8~G}!EOz=9})P5K-&pxR4-mKvJm7+j<m5?-EXH0T9@7nUg!A#Ha#Z8s%vw~8E1
zi^M9AohB@u7!9TDzL!2T7{U_o>t#5v{Hq{lNY+P9sM7H}5ka5!_)<7AezS<6PkUVN
z;|-to_$@<Ms!IzA8>p@<LIVl4!n^A5hY1j2Kunu6NGt!kds3JpHtFrTpiPTkNdI!q
z6C=+9trhb)O$h<ZKp8Qb7TmbQ6M=!U$rK`97Gk#8ke`_LPG8&^L_wfd_{(g@??ePK
zW!|^R61&-!gP1a}MZAG2^S4AC7}38vsx?=(91x_+(-?(L)&{}HIN}BcGU3$MCVb+`
z^nv8w)%auk<W=It$##KTk7o7AKF@_aEE}*~BJPdQ13a}9z2->Kv~1VW=uAq){`a;V
zw2^)7cojF2ivYjT@|9fVXZ!d|lrp-s{}(A`f{}x}sk=awG6VbnnNo(Rx!j)XyTb!A
z0R=L8r8h1skVEh5vi{5h{K~QpO#A;|^&fPMT0sBtY5?dzd<ODOiK?%@DD)fbwGi{r
z!r?zGtI1ISMeL3414K=Dt&=}n*I&1+{z!MI9F54Uu1xAOIP{*ThXE1h0~}Y57EQ#+
z=a98gXS#XE%z5nGm?sfpc`hVadCu?&&fu~xFtVR8<hWR%DK63Ux!bdWmUYhruKNxC
zLq+geOL5PH1xpb0AWP&8pSFR%lJOdoJ^|Vtpm=}$P`+VO5Dn3vSQHEhszB`rU<JaW
z*ZqL_ZT{#4_z&c7{TP|+8tLfS&|aZX5VK8W#ZS6{{-K+PKXzlNU@t}|rB5v-Bm}Ud
zf37cL?MN*sb=~_HU=Ho4y@Slp_miaj#oje+Y_)9lt_K0xr5gsp1ojOF1{&m4CAXFc
z5)3Q}*qDEBkgK7nS!ir*uT~5+Tm-QFu<#&T|2O_8k`+Az65=J|_bMxRD|jupad9t<
zDMhJ4Bw6qJV-pntVezp9s93DS8cE915SU~>{&&_yyFQ3fNq8gPNmPu|K#)dHRY<t4
zkrb{NCH*R+uMgtQC>xN0y6CR{`y%0Z2l9L@#}5Me{=_`5cgT5&xqS2mVMqi8^>bi+
zd~ycwQMd^bXJfZ6=eFWxV=w5EkYYc^6%&Z{7+utaW3EUetEXZlW+vvMrDtIVYmU54
zRFD=j3>^Q1B+NTLT1Hy7Tqa^U+Pa4rhL*fi#>&Q0#_HAuEPW3CJ0DIQi1QtYlhHnB
zXUCJL<IOH|!MGb$yKioSXZv6osSC(eo4d;pQKU6O?C2T?Bzl9RDJox>`@)#*gx0^3
zQJZwe{Rp+y^VqauPv~r;Dh;|cu|r+$X=mkgW}d|uzKGYJZw<EGFRj$Qc?(>E#WZB@
z$L!yoe!;fgLERnvO!Z<pPDy3s!m;ix3cYf1)xJ2z(MKbe=bhQ}qOXn<##jRAH%*jh
z2b^d1dSjM+QRNpDdr-9kT)M+6%E}$5w@|sozC_45m<v-?x@JyBYu)Cri+0?Dq+c!5
z#)~xzl6>ERcT|@ed3$4{LG|%$TxCAZUWAG@D$5E7H~N8;*?Dl9iG`N}#}Ug}S?+@R
zMQ!%RcugWyG=yRc*W}vcH!{ORMLE)&qDe8M^#WEQsUG`<YjtZAGs>?M?&Kx(TWZQ}
zBUL!xHOVP38#t06v^mjyt9JY;X&`T8B2zZ{<4*B&@+l4McZ~DJA(XkFipZr)S}oQ_
zmzX8PxpS~m-&}H!YzRc|9+~PMev)fFwrH!^7d(izAx&65k4<sBj1{=c2-$pj*@eVC
zktV#SaGUAS^?Z|87`EQ!a+92_qf4BsAc$6&x`X<{YK4^Upan-^iMZ{7^pl+;7*E1<
zZ#-~tu1{Pvye`qJV;@p_us&e1xrA`L9$_v*%0XnZaWT?TUyf{joa>m27*buVi|Cq^
z)hy_x_M;W)5|un3mQRRHj@3xXJv%+xx+dOgY-Yyk0{_!6{b*50eo-Cie$l4v+x^w1
zQ2%oO-&+-Dpi%s(RRIlSYVh$qA82FV0vrGD4r8rnt7mR&WMNKis;6b6XG2Z@=$nlJ
z4GwC*Vq>Zi0~l;D0x9N2r30-|E26Wpu?&`$^QjEGg~h2Ps4sS2(lZiQ5iwVg)sZo?
z5t6CpZ-uAmuP)EZ;K{}rt`Y#kqwiR(sj72jl2tsUX9TJ}XB}%rF%vT_8#7lC6AO98
zQ*SF_Az^)UioV@R2syz-BH{WP=GUz!*#aN(xrj2cGzBj&PEOt4FW?{n`W~k)BYo$w
zL7SasUT<p;T%i}h#`3$XbZvcs(e}0V1$h)u`<0a$N4Q>@=*NtE($bW3qM|@1KE|fb
z7f29;wvba(kRr&G12q8!wo?#J=r-27kr<*3dwX+?GA_&zSlIedP{+?tE1^#0atuhF
z*cBcsEF804T)Y5zZ5Xol)A$yc@4WW$4~LHSm*upz)-ty-wJ^9o-Jbt;>_7ueJeZFq
z11_c_us#0$fxeAMqhn%u<<dZddfjl`l9JRKfWIy<@FgU;hBHEBo>t`kh0D93pecv^
zWsV)gce{NAoE+52D;FT89&o3@z_|YV<fs{GY=NtCH9rsF+`Mm?pOkb|oI+A$Y7cOd
zNG;mw)zC`%g?h8@@v|;F?+dHd@AcHlEh3>cv_C7`xJKyL@aV@4qx$8k0`ZgH^FMbB
zw0J+9#y=B+bHD`=eb?Kd4P1;AU}OBvQ8eiFY4ml?u2w-2I1s4)FxdA&rq)_ad_tu3
zMtp39@@%4VL_2U%UeS!526@lNi|hrzcBQ7Jl+-t5P3wS)3WL<9A%ZF4Z2%KtWOdPO
z0HYITRJaGO8j&;`6gmo`q6Ejl38t8a{ce9j;>5?Cq;UX6;rY+vJpWg5mag-ke-S5M
zy79+KYw51;S8~V3H{N@SS3c$%@_{CLnJuY*3e4XbApgg8H~;Cn565(x57A-zB#Vjg
zi_%89r(;piNso(XDiJ|ZVyB5bz*2^nEh!UoW+)|jBcq|L-<=>w=x(6d>%pQ4E(zE{
zhnuu*%19_z)5NS1UKm~GUfxT6z<nNL5BzK?0tA5_3*JIGDMS7(zS;3P-%K*D>dTAM
z+*HZBPmiC7Qg@LdK<=9`H7(u+Eau$JN5*(jOO8cK@}Wb>8U1Ldxms^rAI}NLw*TSB
zVqb40G=vK%jr?bvv8yy6sDna3y;f83M)i0OgA-tt;WO$smyQ!ZPmv`@UVf*Rf`gC#
z6Kr-oW;o$+I}&0XoM&FZUA1jlnuI2YTzi)Qvz{*jxNVw8P~MSYv4Hih+p8a0vvt9m
zA@f&sGw*dPy=iPDiy_G`Z)$-Pe|~~9o-eyShnd?Mtk0;2D1rnK>x!bK>dYduj)?&j
z4`-pqp~s+NuuNwTa!pn{=IH88PzG})L|5Y<;@#O_2|_hT?fLksq5Bd3WODU=r1>=D
z+14c5mm|9vG4;?D$(%MCu#TT%FO-wH44Ux!Cg$V{z*^)a;h!W++h%T*6<!j{S~ooj
zr8%}-|BPSKku!pCHkd6l7OJj}j$%ewzWH%ouA%TUv_buy%6PCV+=gNi#785h;=@V^
z^Dk?hWusFAjGp8RGs@lC8;jBx4(Hpj_`$RmFodp<f9iJ!@SMe*KzHr|&siHVwD@&{
zcWp&9=$SRd>~!?Z^;nrS=xA)sbgy)S3aI9w_JgXwi0C#S<iYfQky|24_E36HN5GF}
z@@WG^r!cQ@w`5wn9;7re5*6?vpTGmv#~q_jH^LOl_|{5MrCJ_o55qpiN#o-2`U0j#
zWEhV}TCQ`yrqYJ<q9@*j(7q1(%dQ~WiAB=A_b3FLeaozem;(LgLtGNpu_Onm)AeWS
z+)OC6+@j8R<__<UtkDfujD3FgL<jwFb^V_I4nUEP?M&!`AVB2SUEY$sWW3;|gc7?L
zKvAg0sT4W`sxfI+;+r?arJIjl>o;TfDk2+UYC4@}&qovsIg54kqQ6t;;TWH@p*F3x
z96bpv1{3n@E`c&ELIOJ>a9MvZh1s`PNR8Oxq-qJ>XXU_EpE4WD=8Dzl;(a%4V&^GY
z0JTo^ix8|hv&H*%wEXa89Eop~$@0tw8D5uvimfWZm4;+0EGQ_b=z5=EBpwTkXWP{;
z!1K;A#+fYg3k~V;9sKp|h)rY|@SWPYC+U<PR!#))pRg9f*zpjp6qN)b6LO5cP~~xj
zsOjqkxY5;eO)RIMW6V4lD}6K@gM}3=Ps7SJWxK@Qb52aq8AADBQxV$MxcHvj4u#QF
z81H<PCwp3dL6@DLxg0JHB)e8pjAZ-%I`B)I3?3LXWZ>+1h;^s2sm~G_G`MGKBGiip
zh>uRzyCu1EoH_=2Rq8Lkv%M?8qZXY<PPPuTyVJnq_WQ2H;E&vhF7RxD+7IXJdskvS
z^Dnih(p_~J@Qdeu)>mneh)GOPaRv~yN#*FER|SwDmt{x>rkznqp2PAn_If1hf-#Y2
zBN?Nc;K|Cs1&BkRv;t0K01n(?;s9||bO5hOnm9QYpiwg~4YDAS5t!VJOyB)PBu)%y
zbOJPfrg9u32e6b$dLtZW#zRFf1Kc~_Ugvoi74A(YB}c$xoq=Q7f-9ji`wzlUu%c$6
zuRZQj0r0w(6L}iX4S4m5seP?xRlZ(ry3V&;y9y9y>5;pq%?4c4+Yn%2kABld+vpjX
z0dc&I2IC)C<sTryReC@wDIp~hSjy`Hy5;P@y5*N-boe%wbXIgcJhkLunlK1-ZMPFL
z3S_IhX21Hv3qk~3G&gvEeS;^%`KHb7@JuwHp3+j&;*j;iwM2;B*Gzw&7Y_p}0O*mA
zLfN>R3-dEtG049?6N2Qqr*8XJ4EiyKp)Pwui@J8OE)R<}_vq6{?n!40ElI}<K|>20
z9%o%O=p-1T@slk9#{)HUE#*VUEdvo}$6Zm!z#wmEE}~@;f<%q~Q$$8f&0Nyi{_(&-
z7iI}y%7cn=q;$KX%d-Btj)Gbdn!$8|_3UI<&2h$1L`zrAP}K3<P}6aZvmj(jP}dxg
zu35ydCl74i@0cews{vroGAP!2Xa1G6PM|GK*Z~?cPuo>O9$RBkMd8EuwIh(N9Svdn
z^xv@*^B-911_S%O0{jJh+<>LjzG5jfnD4Mu&sQu(1H@8yM)0Of2|-wy#QeFIHOqJU
z3=&5k|AWJS$5J41uCdh5#Q9Y$HK6wmOLgX(=l?L#=x6CuNB<d10VnzuOWiQh;h0{D
zVIIu)xwQfm2xRg_XpKCwqkWUm^wrks_p1C6{Cz&_ZX|sYTj?4)ft;)`QQ$&UnSWf|
z2TRuyOUE9ig0q0F$ePoW(`~!tynME_{(<9E*>+id90`hJ(~N=4P-8**fmhS;Nobpt
z^Vv-E+vZfsQ2CHPK3K+pCa`n-U`wmpvK2-u#?37}79y?w!h37CQs2KQ?JpOb;4pyY
zMHSaZ-YN+L=W9%z5j`lxVVJn*?Y-0Q6uiE+&5I^EFHJ8ogmxRiv47u2+Pj>>GbB^N
zSBUJrQyNp`{oPFbcrADgEwtg1Owp7MJ(<dteHsb+S<^H>E2L)<QmpU}&~_Jf;hVuS
zBKBI9v{=ce%vnmEAK7qQOPM0&<8agAX)pOAgrSRiEUU+jAIZGQY5{9)5j$xrecDl~
zsRRwJA`at5uGLCsxA(%a+gF7!g;Hta(D7xcety0WC(P*!_RpRZnS0D8mW;1q-cHJT
zY27KmSCe$0cOdA}v}>RCW_NjWy|8Xp)U`r5l~D_Mg?fiX25c@T7b?S?xLW-{Y2;Fx
zf=w$!a@o1^z{OM1Y*6L(o7JZH4I$bhc;6P-*U|d5_@kdMZ;h(hi@w`Kbx&RyZm50@
z6B9%^Q&{wg(Q}HLlO>K1yl}XyO`T>@<0IEOPi8n0m+K|+pEwGH*Euv5WbOhDFb42@
zu)mL^^uOUKIv|eHefCr6o-Ef(`9un{?x^<kebD>R9g{8ytpH5&+nA5Av7@j``e#0q
zU@NA@m1ai;bMu@aM!oXmi^0~_$`%$u(7Q*!Rcll8*r4WAT|#`>#h~tVYAeNQtE)kr
zJq1@ifquDbv#0SSzC_mXgDNgPj!ap8E2fT^iLj}j0Bho8CFk*4mH8)f!9!VtO_QFw
zd$?YYU%l<niXpsXjk+LcRJTMbC_qO-%+-VAqTSSt7a;d^4|$6JHG$j!E2VBxw<6n~
zAL{~hdu<phu|&y;u1Hqp)7)W{_xEFpAn-N~n4s7K$HP)R@n6W#6ce>l0B`BTu=2;s
z8-|sbYq~FDuu0G@%y+)HKZ+M}YHTeZgnfMYIS9N)z9Fss@xzb;Mu!#;e-F&W$sR>@
z8`=O`)VptAkDfT6Hh*wh4`X~*_dNN{UiM1a-tg+}1^dvzULkOytR5vqLD$DDv*Uin
zO$NAWHpREh=k&pQJCU~&#QZU1*UG=RW<G~|>9*6($Q!JWSt%B#J;bSvlDypMiM*e^
z2js98(lyIgMQbATKq2yYN8mxv3+IY(*rrb4H<RM4nJt0G9HQ;l59jP30ya;~9?9BK
z#wIgkoGjl@Ru}m=53#$K>}+M%slm>T+Y|p>cBWF|<>eOHq&YPV?!)rR7Ad^$2hysP
zPfOm{ir#DGF8N3kIYXn=gI+0ugA`Gy=|A_zWS;d)%v`12@~w5XQ&LIpzaGlIb9lEG
zAj1bdnE&&kyax9_i{sb6I{TT3)H^Y8G6~8X5sFt)eAZv#0;S}VM}82CrY`yn4%YlU
zkj&!N!mZe_sEC;G=)u0B!4c-Zfsf$E*s@I0m<*Uu5K=<-h>6qu_zm*{{mbal;$SE!
z5Fi9vFc1-}8NQ~yL<2DfW#(nj8Eq)ABG3cl3NQzD_il?Y+S$m61~5dTdSux}?uqV+
zNCyV+V$)gDSu$?ZZ8L1sZ!^Myo$w(wA>BusLqbQ2K$1opKw>~DJ-Ecfy|^@B9ARYo
z$OvYv4X*tN<{69x42@sZI5-U542(9gQ~{%(hAtn64kHCa@5dmI$O%~t4mCuN>y1#I
z#mEEx;7J%GaRpV~LvHR|T%{;t7J5chB{0-PEb|AGBs~LS22V9LV^P5o5Q&$Uv6h#!
zl&jwPwBY2D0Kd9v3+3h0Vz88*C9gU19sxyb!&>6r-o1-CUPK5KOCq;Sh>TrO!m^m>
zc-yd5_d9O~vP9&v0=|^MO-};0--p@yG$y(~-D&aADiKI<G@p9csqS?Ds_uMjg!j+o
z3A{)B6cvvVq@>}Dd34gnAwKdE70pn>$)gwhX&a@Z5;aNy8as4YOorU+<Ft;K5*JUC
zb&bz0UzRH<$4!t~Y{{X>cb>j$?GP!EZYeC;H<|!4Xi5_FaAR)?;v;1z(R+YBZ-nI3
z<RLt6K&{pEfaYECMf17`A?3$=2b~T~slAaX>mK~0NAs^|V|2;V(!O9xE8Y^ol2L_6
zCd-c+=pcKU1jC$F^Iopci-bAbsM}CJhH|BVja_Xm*YuTE2f|t1%<4wf#bx(h{+B)>
zAGw0{XGaZ(r-#{Jj_2cz&?deQuF9Htsqol>kITSD@7RO(t<|c8j=Eq9VLeCwCh|+0
zhV)BeyQl?)ym$+a^E1gBE{$`Tzba#Lv^P{gF#MVN&-?OIw{V62zQJwmu+(@3>5UkT
zs6@p%5d8ax<Wm@KCMN)=Eb=X4Soeqa(T1kR(FQOWx^W(fkXudKbRGlmdAfK34=5=q
zF=U(d$jl&GR7aT@<Q?zy6+jH;qPot`x*MG#WOuv85xx_|Ik}5Omk@rdAiN*GpdZ2y
z8jd~sR(d~SK|g{YbU$+`-6n?fC6w1KeC;%RQ#VD3TyZf#LTWH_4n0;u|0XvY&lotM
zitQ@M381H9->Ad??o@-oCc79BsVQ*vqJZu9P1#@a6uK5VKg&~GE#&G~Q-&U<p&Ah%
ztA0m4N-08lAtDtN{p9^%&eVYBEQDoSOVbNXpN_n}tGBDGvAw4qjzqE1?^c#ia(HrT
zd~$d^ULHh~kUj`cdw?Tg>hCQ>{vhLF+mt&N@N`)HrxU{bhvwdZQ|&^zMVmEoTed#c
zoeYu~F=q$@3M!OaKM2^u(FojOfP=O|uJBBwHiVi&K#`DeK{!H?K!1XB_X+z7DH)0j
zbg(cJtHVU&6lcA`xt;6ePDtYGXC`)fFUv+yLLRaE!ny#CAPGy1F>oOBQ40(#Mp8}A
zMF=0Dq(MSGOar4JiXdVlf?WVdq;rSR1mka@(}WaA%d*>{Tq4T{WD6!cU>g>98TAx5
zDao_7Ieg4x8w00Sqskd{rOfiPAF8w{ZOPc<j*5R2j7b45RXwvx!Z$0SCjLpdvqIHr
zh~OPgFDfl*Xz46-jedC`X+NUVy?X}_HE5@azR>4C(O&p`cp{xeLbpSUHy+zQ+GRPr
z%X#W(<*+<|`%fJOoieY-*%*EQSw}%TaIK>^?7(m8=z!io>L@rsSxqtS7KJuccCdRK
zWUe4?cW+M*)G!^aNFo?L&ZFR<XaZPMy~h1jYS`mrO?*jSBgQa?QReFQEls!npddhS
zPzN9wn}^D6Fkg%gKfNF9Pc20>8G+IAf>FtXxlI&9giFR@YDyPu4hVjB=?>O`;?{vh
z015{w-WQ*HOq2X@e1|3`USI){Mj7zy%>Sc`+8X_I9h0RWTMPm)4|gi2M!f*lPo5&@
z31_>>s`LbA2?CxVJ|#mBhbyzQqWO#!a`(hN53{7Wsimo_3F5(HZt(o*l?FcwK^HKx
z$x#R9R;<r=LpD!(_@~*HCyw<EVmC(%4_<w~H9(?1GMypcV3j0Wv%ds*dbhBS{rJq_
z1#NvU6MrCUmK5^=<@BDXbH1w98|8OBrnMzK8yFjSQ)+{aYE3n{g^v#`iwtBCVTbIx
z`r0O1HZ+a5@bB(UBB_oX2A8VS<U5KFuX~0SsG&a}VxSt?QA@-<+Ik}{|5__iJM|bI
zkE=1IVlPy4eKzxra574TUy*k$3W{I+WWfQe2nj9BEtz3!eo~?o3ol#73w%elB4qg6
zQdIFvcx!F^Nu~QOw<IUlyAW~Z1RpwTp)poc2}_e?F4>Ile!eX}Pq2V}8knKTgR>Cb
zRM8<KMV+zq1nwye&x_fmJ1s}h<>ReGynLAT%m+T{6+Ss8?C4r}U-FbkM6i~GYnsyS
zi|L_xW~V*R@QK^Qg`eH`&CJX#ecA(;raLeogvLs2WA3WOvHu8OzlaO5t?kYO&Jk2}
zb0%SU&*uj=4gJ9sW7$ouNezB}%k>cTttEs-e7E!!yNz}#TQ2z7+MulFl6B<apy(@5
zIY=!x3QhVU!rOD%Y{5`TxUx<N-4gEIrN;fx9Hh~Qubrq9q<8K^t1x}BAh?B5bGD81
zS4~#1_Y)KVYO?<S?k_AYuD_%8Go}7#e*v{XPe(^rAbQB9Gy6Pez*%Qqqq9>awo0>L
z9vRot9dyH>Vbq*v1N8?@60kE^5&}+K{(qmmt<iOr^k<Xbh>A>2x+@)(fFGe8rE*n&
zYXrKvoWHrbU2<`WZqW)le-=$1=qqPklAB=Hb6rZlPDl;|t*Dd3!$L5iAut5iu735p
z5*_WIH3f!0GA?|;G%u+Akm?<d?Ufwj!EDQ&x{n2osi5GeNkpM)_~<<@r$b+uX$D`$
zEIZ!gqD1)Qcy?|#PN&0`>89jMch67aegx-`K`46b?xyaLI%}%q<&4u?PN@zr;_Hqh
z?Df?rFrhd;7t*&IN$P@9E{kKmLQ>BAGlL`N8oj8oD4uOL*TpL*)}|9=z+wUNRq=}C
zs(2;peE)1ic#6raEa)?g8dC_fa|<5~9JFgIPJvvJZndyAV&?F>iam-GB0o~AbX-zn
zH)Jvb#}c+4KILe>&e@j>w*qz^k#%SJomC3z0~!=@pF}^iZB(l=gj@dn>EzxUwslJF
zJD%Mbm_2;zystZHvz#)MBB*gUo(i<xMm8ERl|vCMVG_>9A`vv~>U`TLk?p~f%c^F^
zlnAc^(00?-CUMq^Clv@UEBEqvP4c24s@OTKa+%YyTd0DIW3ZHBVm<g%f_L?uH+UQS
zD_N-Kp*@GM8pN6LC$-hkeXRO?wzbC<@<GKbSFnndT3d^^`^Xv>opu*V@FqM(f%f?j
zXe^x2Xm%ol!==5|7qNg3@EDxz^O?$9BXM$ijxYQ5*zGC4%yz3ZrGNJPC|#=oy>WO6
zw^92zd+NluA>^DwGg%PQBvj-o>Eb;_&dC_ZhXPExyl+3Zje1bi!hh1(@#!d?>dUk3
z`DMbts=AMqbD=6wQ$TlFem~%0rZIo^)4J7_(_Z-&+Qw=CH3Ssa{tZ!syfq>uEF`HX
zm?x1Z;M^6)=kgM-AwzNO74RdJ4J{2_4Xq90)hpMZaZHOpXD0nY?Z<5U*&KjE-2RXF
z&-`oR=x4hAM~r?Y2rx8=yHS|ikWhyFMz>&KB#2rO78&Ru=vku7P_rF~jB&$<xB13C
zJs*PO9h(IxBW3s?D+R+vB?k%x<3>#diFUgZv4U=Fi)l*g_t1VPB`7{ESA3wo1eEa3
zf2uhCktw^XIDUl*HzXyZ!^KT7cyZh8m&T?ZiAoEH)e#YhL1LRWFLghpR4x{w1;>(h
zjL=I8`aH8KF&eAQZ_ar%lz}7Z0w#%YpMc{8d_N7gw>49PXKhn|SDLfRck$>f^#rwd
zFSXmEM|!sK!Ae<SuVU<pxn<}eKnnBxOUF(;yQ@6=my1pN)Acp~et)t(#h2!ZFD+<O
zaZ=Hy3uH}NZw;>@3%`Ct{(-ZcbB;mD-!k<?MvIOf^_Am%PL}>lYNL-Fm4+@9UQDD+
z3|D`gIOcBCAij{Grl{dz?Q*Oftf(59kAhxw!5nXyeaIRLQQGz>&#xxz#2str^(|%n
zK~vdo<5m%;NR>BR_MhEurEXrnl|yMr!9i|TY!7uksZhbLmd91^FjQDBTquvOO3E>t
z9_>#X)Pa3Q=7qrna}PIT!d3XWU)lotrhCHSme|Xzicb`YdKgUQK|TPB7|M#u0V`p5
znQ}HP0DQerRVdGw7rrv+*0W=)=FdVcm+4$ukE!RJNyF7uIo?5m#Y5l4TgwOsn%}U9
zutS7UoN1l(F4I>JPjaR5ylV<5t21gFLT%%A#B44|>qb58?yBqD{Wy4!r&$U5)6A4`
zaOp9mk3`F2SeUSc^ZQT?Gm}@Xxpgy=CZyb0C!EIz)<>v+8UxVj@@m4t7z6@P17IHZ
z_l*JQzRLAgts9P1ww#$MhTfe^&d=;)!LNhh%5?g6F{8C6Ce?tcVaS+m{CQ1rcB1%)
z2ZpGXqbys6?bTFu?*4>lOz4cwu*7~+^-qJO>UX-m(qR1iixP^_&~>QsNcOV1?5X=o
zsL@t@4-0FTFP%;=FYjKkjZAP$_vAq{bHy<PRwqnl=2yKc5u)!>3&;nv<XU&Ie`D6V
zk@ME&WOurS`I4y^D<q_U%k}(hUDa}Lzu|;XGWAq{fzNoROHYpLwv#bO<<hR5gMQXl
zQrV@)yuG#OnYhaX?y!+hHZ`AF1qzaNZE9aZ?-k^m;Kh(*2Wd;_eSp+4GV76RH^v)=
zi|)`@{$La^OHZ<DbNn*7R5*b=29ZQ>K-Mh*gE*Rj_G0qZjK=yJ*XOvxIOP&cz%cR!
zFJ7>3OW0G$a@7usoCI;oGqPv_C4_+fG*(s;QK~!o;g)2#u-jHK;Xg)8ljrIk&K(BW
zjsZgQS6^i;k|@e^hCd2yO=|QBKdhOL%R(RDhL+e{PVL>zP}xCfV@uC3Ds1HVK&k9L
zouI7FEJm!6;Qlb6%YQ=B_euBzXv6d*?u@leA$#lcSY#S9o;~Gs(}MSg_oDmdq6cyK
zrJsa|(0f$u5Lvk*#X9-Dk{IVRP9z}G%QN3Y9rv-~S5%r9^M8l|+e*fdy6(G9v{Yh$
zq&N=1;<TCEyBnX?9OtQL^TtrPIQp|^%gJUVp4@cNLe=~}$M{j^6sm)1#)6R7hz4SE
zsb91(A-nht-NpKgN}lTW+qe7$*vzT|pDW>v@i1g5wil3cD#%9!3*YYNe<x+5q%i<y
zhJar-xFwhvOwCfvh}?Z|AJ?U;jj)0=At>ufbGy|>@noX8)fSYh0>J>M^{oXG-OVX+
z)-O+++3j(x95dB)m$T_2*<`7Vd52X^KMZk|TTzE_JkmnjVmX`jo4|PxGV1X8eb-ct
z1o&y6#OIooxf-My0of7G8YKm(EkpX3a*bcap+;0xXCvPQ&cL+G!7&<kqU~Z$8f=SU
zooSwhw4NW7I#DO(nkk(<wVf^Qq;7Uu_in>Gd`ejW$Q23{Ao-xRHpWSQ?9BFR_n=7#
zl2b92yTbyeczn4nDez=P^C`mK+F3rimdH#{z4tciWZBBLpnl2u0bL||x}}GP)5zZE
z<9<$5iibwjZ0sX0l2ZGH_wgHEW4@pgw@;%M=R_74*sCnaMU+27HiA(on++*HQ!_e<
z4$QV2S-q9rw2R?OSFT*?H~W<7kX*Y5(+76mA2UTvxyyOjPF^jww<$C5C7e7~t<fg-
zL$fMKH$P(`H}00VQ|H=jr1l8OpAdvZ)~W9Jt2dz4`;oR_*5}blJoNtbaL;OC?LDlf
z0<OV?tShQB7E9Xrn>){(x-0g_Rq5Oc_d+XKOuB2w7!NV-L{wBsM-k^hxN2tCGQQox
zjuSfY&z7lwW4Wd+7UK2rLkfG{qbXs1sZGYIyn`_t-G1e~MJ^B3cvvlz`L-vKv$MpH
zS`*KDft-AH-NWir2ko!NAKo>2Q!sq5TmBp>UQnJC$KLq0PE}sp?CT)@;!kIUwk!xs
zqyuv4*$0W9OJy!uoo$!WkUEHKP1ca%Tu`}ht>Ii!0km2}#+yr;qsdjT=?S$5xSkp9
z?ISa3RQ1Z=IsOhzf$ZnxLL;gm5QEqN+wTYQfAP-W;-(u+=}+=({}?xQL|(^Deh}A@
z$GTE(8`uxn!Ue~X=D!C{f0_Na!0BhR|HZ&ba_Juer_{+kk?#X1Q2HsI0y{4P=)9KU
z{)_VhRn)JY*9`zLJK93*w%(n#ddWuP6Gj*<ZStp_aGF_f*AF@>+U`??=vloo0E@j<
z!8U&T@n>$Q5i>8eczs%DE$lLMelaFSbd3Uk;D6KU86|@0!6VQ8>8o`Ezaa4HKkWZ9
zX+;eeY?b+<e{%5M@`<x+{nnBFc`SxFwXZcjbGA>5)`MiZdC!Cdzje<5bB;n>1h)X1
zqn9j{TUBE_yV0Q+2(%1=JfwFDM`+bFsvXT@dbycS2TyUPT}mHM+ii9d9;w<fy$~uK
z+`>Qcnk1TzG+BT+38P~Bkj^KeKq9L_l`M*9EFWt<?v{zaOf0eB!O?b_js1#Qw8U0K
zl2leW1S#}Mg{*2|K6_$k3l@Jc1-y8_+|)T_yteKukMNwh=j{20`JPsS+9}?tt6Cv5
z)XYwb!UeX(0aFs-XYIOzZaks2I7))Ml1Frcj0L@5!c<!w1^nYr<mt<8*T@3|Tvt5r
z#ptkAj}hz6Nwua?z9g%3R_$x^e}Ku17UhLT3B#|`#e_F0I=&{PbYJCFy}tE(_WV<X
z#eMB6ZA4Nm0ztP;F1KO)#PWwuw)_WDtV)O}Qz)1B>D)bzQ@7XU%1*iwEap%Z&yuDW
zTo)u8c9?ZvVxX^OLo<nJ%<j9NKj@FsE+#-v7tk;yHXk$oB%+hwAh0p_`kC*_tP}O_
zCbG3la?KiE*kN+mL^O{0ZXIIOS(*64)(qF`eXfsk#J3-BUif@;Md=JNTO@=y0c#Oo
z!-u=$J8LSWMxAd6H-tVW8*MW@{}#OCmgqFSetQejj)(s$C0V=}U*KJy7yA#**)psI
zM8!m`4xS7>&Bdr53e7vkYQvltT7(Q*Xv~AIMy2iJmoQxWz^V9vgu9lhJgeZg2m>Q5
zcbhQQai-@Yt9j5xbO&+Uu<61m80VTpvV4uNuyKA;`davqCDqG<sAL@nnmY?{pUS?_
z$EQ0^d+%*>-B-bnO|7Jk_E^}`gY>|Hd=ob4EIiz9T(V2f<<~2E>!Wx{XhI{aC#|W9
z3Y{5Q*lX`pp*<wCckM9ea~$Jw4l}0xRyKJ?^UHn2Dqb%yN_|RFnDA6O=@K4~`Sf?!
zD9Z|o7c`I*)T@{`qd0Uao}+p-IlN-E$BNTgEsshH%IO-dJd%`isKwhjbez$1T<cG8
z4pHaugP|4o5#43DzmD2Ry{a}SHz?=D#a*Zy>K6NYxa`n6)wjCdW)BLhWQiiT6RAmY
zjF(BbyNkC*DWDt+mhs)^+hd<Aazns5f{A-CQCsKgb8?8D^13gc)#_7bDO+Ef99GIm
z4x^1Za!$&rV3!Rh#NIKl>gW|cz|^5<e6%MzBpuVpna7Si;66?GZtx*ax~Iyy4FSs=
zW!QQ*DxNIpM1DQ)wcYJ*I4yZhLoS8exx%7VewbL5!Q?q+Q!h>}tH>HkQ*pfOlEoer
zr2FwQFSuK<MD}K61b^9|jaT>2-E+s;&08lCFBL}TXO_>vBvJIx62X7QbkBRvh$OPC
z;rPTYIcUE9d3VDrA)Ok`VB)qnhEMuvp`0GT9R;RaLM55Lb{T)MX)sD?RJ{HEyK*(i
z`~hse2Oj|QMu`9E4#giep6~Ba++Yd+;(PuqSAPqKfyu8QOV-yl9^h?rhBIFX7&0C@
zZ{DUmNO^9zL{#{U=pUYoc_Hz$K*5}a4>j+Xp)mwO`*v#j?A%{9(0i|yK!*`^8#0?s
zvEdmb9UR>Z*c^ZzS|pKY74NBWrKORef?tn;fglc+mgWr930O0(ARmgJ=YWZ(KL2WW
z3%e~N0T(P{LK;*{vS#46K(CRmKpz}<RS?GJo+v;WS^GYr&pWs;cd!+?)0n6pUfj!X
zT;FqjeymDm=wS?(>N(kgY^#~w2Ckw6S1S!8MmSgD-N%;!4BEvA*<3OCG+u!X=6bv!
zvfXusLl)8J`LZ7a$;uZc1-(R<g$B*$1&f^#<OqO4ZOL943-v?ub`0xB(8r0|^0-4+
z$&^X?WO<K1GcaNcU`Rv{!*kM?)qpGVil2XH`$VY^$^lKP7Y^Csy$G;6xZ*?7r1(?{
zYBvB3F#&=K#smCSoX3a7IXXZXv^cmt<maaGihiV5Em~=GjMWJAe*UIND{d=KhENxq
z(fh?7GC!Z!Cn2aKW2`3YN-ri-Ld7!BAzlFJ<%PTka4}WKhu!t<O&3#remvK;lCj`R
z#svJpH_r*+LEMm^T^>F`9Tac@aqm-?%#zQ=n}%WW4x+c~MbN1vr6Jw(a;JJe4l8z#
z?xX9&t5>a+$6m3u-vJBI(F8B8-L(NGEp-3WO^P3m=D(+#{>ak&+f544u?%9F(bQko
z*3z5TospN74pWd(ke7m9L&KEC#I${eatjm8`og5O2myRx&L0|@E&hW)ar}wHPIjyR
zYW@zne>__>g3-wda&~-mRX(vm{0CTG^y&{M*}ylF0<An|R7iJ_l8_*fJdpSfF5Pp^
zzuk!tDWNZhpnnXB3P}q|2+93KxqV{+7I-rP`s>XIJTz}rq{+MhCF*^o2EkkD9~;G<
z+6kUez>sOW`&s8?#k9sQEH7g|2rOM7(O<fUIHOh8^cqGPp1GW95Dy(<bWsl1n-@GG
zDODjUHPU!-6CWKFNujnSsjFpfXfAGUs3l_|h;S18qVe7i@Fi*dhx}H@Y-n<S;`|)|
zb9B09{7}FtlIEDl0J<OMGeo7vTOMi>05(|k`&~S6AxM75pe&rG`|vhX)ZOp48gxxL
z`TnwA6EHW`jPzeX80ebvb-Cb%Ys%g7;)WQ!m?`m7B<s?Rmv0n_Uj-0knO0mXQ!vAL
z$Wh7*pz$RnuMCjLu-rDQ@OGOKhl5kEfxl0I1?2=l<9PmAxOh&OBad{4M%v(+!P*AN
z#6F-AwzF%a=BSostJcB7Cx%4jO>mS=rQf^m`7Ant4gtz|yE3<di#P8y<UX%|njpk+
zIjW!DgF%woq;8IU$U?uQ$>EdCw~BfATt`cN3ik7QN1T{(u3|_;gb7Yj6b<{Ez`Lj(
z0nKtPlmKY77anMjXm304!T330Jr>mL@3bY$x6#3*M8P_Sm+HcO(t8Ul@Zgy(!6w~F
zAC7J|RTMKyKPu+Z2CCJCW|BA>ryP;&`!bd>7PJMa6b6EsL1C^>4o)+l?73j~0-aLm
z;y<6cEg3b{8VWchSJ}r$y6xohVYrz}%G>Pq7iOxLJ2P|Ycf603uZ|<_n#vRO&CxYQ
zB!ct0Uv7f=I3>(aF#tco?(y!YH2>o#CD9!xHNcn=tv71BLM)ueJR7!7<tef7Cf~Et
zp!LkeaAybtJ~JKtjuJ#A0}_6W0=El){AUQ#&#V=9Ui9ju>lNzc>PBXKu_!Ot?7}qX
z17MA=;b)f0W8e!EmH1B}9Ac5KOB1SYtMST(;Q~H#hmWrtt;IDkviRw=UYd}8VA&h<
zZH?yvR}7!id%I*EplqlwCU5=RE`okb&1E}8>&<XcX=avGFtTEtqy<M)-y>KNSzVbh
z0hZJktgTP%E&I)TX|rwnn+A<cs?*QjZk}*NPUD+0q&R!hG`HyG@fXe0;>tcYSmj(s
zhgGTL%{Tq92rF&8PR+O62$P3s3^5%2QRZM=e8OMFkvW`h^neMb0N&H5l{JraC5Y6>
zj#%{Nd!D(Nlr&jAG+VuW`C2&q{jCzV7ZRvhLVGa+`p+m?-Wf!V3d9;<TD-ASf!b&9
z-~RA0*}|<j!?<{k|5-rzA>ZsBE`k_Gk%&+OT^r@Wy=1#;mw}!t<hgW3Yft%vdr!)E
zR(B&6{QI%l5n&dYC(I4Z<aU<a&0`$xjH1tSSn_yXLfZ|WT^=*yQO{_H8&_~~VYU}e
ziFzVsW=mx3kqwi`FMj5NIxBo#7T8lF2F@-E&iwF^lTZB<3of5dtFdavBUhIYv5fXW
zvCjif3ZMuudT};1N}DfYs8**+mB)5b)Gpzh;X3Lc^BZi$9(!{rQ{qDL7Qp5dk}5``
zyJKS?UiR5Tj>?ub3&XEUov@PatVlI!z29c93-Ni+cWlK)LYyLpEH3!ExmWqK-t=?L
z*VHkW-<b<gz--F=NYV`$EZ6_<0rR(uDL)H2|GCh3!^ITPJ-e?LQ%D5O1$m$8<GPiy
z#^Gs!b)Xw)YwJd7@<nKBLK?#$Fd)#CmQs|JQ83cOGcdxJLR3&P@VADKf<kRgH;>Ky
zbLJo9ZWUraumj563~c`;(fY0G@-tz7q3W`$8x}_dth%s#b3~qCVYDqoT|`YpJw%N}
zABb9sx`~>JR4!B9XD?mDtYHLSnaYE%?!jOaQFjmteyzu7Hmr|h{vcr~{}#n_pmhJO
z9HS4cEB*V0tv?+7&&x4DDRHmMF`S@s3^CN#a?D-$Kg%)s&xab2sJ#ZX(U?u!ji01#
zJmWBKN!zHZ96E#bxGFV69YcH>{7y(vtrqN5I!GBPqz<t0{O02k(EBfjzusKFhBh~p
zZLd)G9}@pNw4o31%@1Y)qtMjR)Ymka(Vfwr(Vx+pd41X2uzh)XT}R_tT2IIOL8ixd
z=ruv|r2YSq>3SD`Cet^i{KZHDBv&X<t}tCU2oo}DV67cquk;cYB97w$Bn6xg{l$ap
zs{t*^50rAgza$2NCrG#*l;4PX7=C-h489Tf+<;E5w&+)gdw>t9!f;_R8R_raxW$Es
z2a?yvHM7twHF7K7^LR{ILM2s1#Y{_F@7G38T%XngB>m{^Y)yovkdjS`Pi@mRe2+T2
z+~lQ*++7~reQezz;en{UqO^invW&A%47>naET<UPni%irW``ZU6s^0IlVNN?*+WY$
zBB3YVNlx7}17YmhiNAuEVCBJt8T)VvdmBFi4=)Zk9v3%J2^W{Xto3%zI+j7HXWl}&
zESXvt87eZ--VE^d&JgC?uA!tT?YCzclP&1AlV?$~G^8UlVaGFI3JN%1-;jWhjGLui
zovG{B)<1GS{O%*GABY%lU;+4R9ZMmm^^G|2`~raOznE7OU88?}sQm5N{^hnP==JqK
zy;X+E><rStL#0nPsBYemTD>MrD3)cL|DG@b6e`7!Pf7pxnS<`oUC;biLib;o`G6iw
zCR<Q0E)Jua=6I)V(ASw;mV~_czA_D(xs<n%ias#NdjbsdeqXhizp2&@6E_PJ6>a80
zYn#v{d~=}0%c1lHfEJq-8kh3K2$9R!`}sCD-!qlWsj1?3@SM;0Ha-+(z*@NY66|AO
z)_WNym<Lv%AT@VcTrfU%I{u{An|g|Jzr9a<sL{_4V<4xb@7W^)Sew<x!{)Y5g^K!N
z!jA(3(Z^d4_s{Gl(mAHelleNSRF};^H^6{vPi8;q-^W~R(C-m1HCTyJR}ZAy^S7kO
ze@o2tq9}`$?I7M09k&Ff!>bft&OOIqQ5Ax`^Dgh2e~fRt(PvX5sO|mYR&(3&EJH9z
z%)S1VoT+!)B^>dTr^=5gSWJZgIfiRz+eWIRqbhy-8Ok&<1wP8;_>?bW<VzM}qp7jr
zMnt`d`+PX@1gvqZZfD!0UCKR=>g*xU@_~a<ESRjPc$z#mJa5kGNf(3$e=$bSXXc@Y
z7-S*hqUkg8VAN6yXBS3q6dO#&kD<+OuY-Yh{Xluc>}Zvd#O&na<N)@sT7+~uM5Xti
zck~bPI1olr`ujDc-!PUy|NYfiDsFP4%DB+`T4<MgxEAw4Ny=+0WvD9|OIhi=5JaZq
zIk}XmYfD+fsCauT)x`V5DOTq(6+L8R!O965?h~6B4SLO5Urxpr&CF6k#u<&6hfHIV
zW?=XpnVIEp=9ch&c%U(^2Fj?3B`+c;BIg6G;{G~+ESKym04)yVD!#R+_Y`_0kPb5r
z37M5wf|5qKi+YBciIIVho`If@fu5xV4Ksj6EYKGw9>g^%;=)jk2B3Tl06yHzh7enh
z&eo(L=fR<9rxnCz0E<_PL1YFq)>Nmt?MKrCWm6_2O=qX69GwVZCr%@aBgWDdO&qif
zI9O`rna<6r)XQ1Q!hE-gvq%!NvbdC+WzALv1ALDKTUlLA2YNyYydwRHCeHkO?s*W}
z4pbkRTLf-sGUWeUp8ED&{RRN~BAi=tf(Q5g3!FJ7CM$H(3b_jHw5PU43tkyeZ;5$C
zlz8}>`ueStWgH7i9$fOus!`Z&qCXPk0#mW);>CtR)A51Zxl7?_FX2`O;H)|Na^{qB
zRFU%0JF~+i#K4u&*$Zi53s!}!9EulhIrWl2oD;A6y!vd<e)Vj)e_vns0S+^;v>lkI
zE~fsrmZ-&?<#=Nr?WD`2z0q}no0pfYkrF^5KHcL|;#@1Q5jSj+*|3(u@&>1>g|zR%
zWQdBIiD97KYxTh~7U`)5o3OfClep2(Y0WTGqz6WAL^g~>(1k?tmzWLn9AHEfys-K!
z4ic8r%nrO4aR}C6A-kb_qVO(HPB`3h(edaiEVN>=lH0Om0)$)S9iP^U0=lR~-%u}D
zuj<RaG`4!tYXkiz3vMQjsIzo5?<01>`0;TV4=iRk*eET@2fY-kL-Kg+*)&$hOy$}X
zPczDv6q8cAt`P6!Ep$RLO07m8IiihN0jVg`Sz9SXnD*VzMcE(ZXc6XX<e&R8sLbJc
zHFrRI2HQO_vcx&2umIpmLqa!Tc)tqM4}5PI3>%GsPymL4m1085s!tXvCaWD6ynQ^q
z^)9rAM{hO?yhaLdx^BL0%F&}fy#|fjX(!y#;qc3fqcbU0K}V=7$XZ<cc+($<>;A?R
zC&4eMU@os@C8NtPt;1sf)Yz1ljhFYDNkt4uWp@MJ(sl13=2)O3|Ks;Jrnnn=|DMwc
z#3p;gAlFwfL4&;Q4L2<Tx-Sl(e*Ep~<<AGX<|?B9##ICw?gj$ezcIz-072Wr8c9y>
zQuGSR@^ZFbPAoQYjPBC%`4wRt3`5WUA_+F8?oxIeKQzh#PHs#T7<7QveW5StHVhbn
zGP4lAB-o3w9#JjJ(M#`f3?5=<W4<I~DtG&A-$VPf+r&41$3$OWUBuX1UE4_5#o1VZ
zS6f}gS<0AKLf=}uB+|Wb_MxAxwG_pu5|Bs^!x^bN2uUmmsf#K|9H~2(Ulz<vM1(q^
zSJKnOo-Qtc2HGkBvTMjA<E*qR3i!agre$)-QkAy^JOg))7?@#9I@2xoQrB0vmM{`2
zP<Iw4={xht7%Csi7^+#2wMe7Hn0NPy0z+Q+GNh&M7K1;qd4|}F7)XUAVTB^{i1w(x
z!>ZiYHVHxs9GSyULq=wj3dyZuVAuXJ6GVXPnV$N>+)^_g@wVwlEyxu1ovI3!kdv{x
z3Qql*Y>dduaMuZ@#*|a1K!nLkmAwrKiE+{`^6Kot=OG`Frl1%3Bv7ZbN}_4#<2QQE
z9vYV%eNm5R7J6dFHLMzmm@>2{cBBpY?$FnN%c-}bd)t``Jw-`LK@QK@(!}-sR!<_z
zm__nkNj#VwwdsNigZX7N|8a#=JY<5BF75IA=>5s@$3hA;%W@hWJH#qfK?UY7W+%25
z4Dv=w`xKw=XsqvhJ3W(2z^O~IUy-}jTVK2!?0cD7<@``(XG|wvx2;J-RQ-}`)kMnm
z%VeaYX2#iNYW%FhZ6@aPFH<srsQ5%hSv(EU4db)<K1t1*)@$mv`{~CDo{gb>+fj27
z)<@Ern$2ASbC#F7fn9Xmsr#w*P64~_6z=zKr^d&|T&~-jSm{{_8y8w@fGEA_*p{$c
zaEO<(bAil+-JLz1w7oJH=ch;4p`oT)$EW)5VEm6N{x|Bj8}#EVb=$uxxzi6y{x|Bj
z8~guW&5i#}%|XMw`PkHx1GFaPz{dAu5cqGy{GGb(o6dvAHUYLDu3Lj}&fj$YpPAe4
z8s9+Nrt;gwZ7V$2v~5e*v~5~eAt@i{&IU3TWC_C>5$HT!FVDWxnLRHVTloG8J!qqE
zSs%sQ16SuCY1{s7g?^xI1MU0`WcPntmVcyeJ5QQw+H1Ox=qZ!r8PVOzS!#WU`tIGo
z)3*8KV#Y?ji^Ye&tuK%1drGRJ>vM9Fb@`39ZQDt@9P7IS{i9d;8*ST-a(*LGyLMk7
z+5XkD$j<G|5d#<WA8FhEeV}h6{z2OY8uTXr@>klneL`5C$V+<=bzNMJnfkj|-%(|O
zmVhBzt?EY3wqKtaHN&5rZJ^0{{WIY2`GK=7rV9Fl9=O9SZ&kDuxcVk|p^LkqO9&EL
zLuI$+<~3RMKO>C4akkw!)$cglKt~bOe$dcAqaM)Nhc`cnuLW)u=q20VauxqF${&O<
z3|Hxc8^*h`2tOf&d10r+G&iF;r|AYJ5BEXkE6W{$hH^suef@ZqFjed@9D*nnJgk{T
zf|)fO!-ZwCFyI@MIE>V!@Ps5a(CgKvER*)ga3$3U4O#epoan?2MZnB5{+zlJwqcyn
zY{IM_o?K6KqT($e`7CZ~Eb7ob$hqhxEYh6p_oOi~3vC8DEwRA75jH3}1h#lZ2xoVv
z`El@x!*>ewqeuAN#rh$!bHif&2{J*f?7%(w<M%g^Y2;`rtjH@YBPC=6cxEXFkkv7x
zH~I=PC4t+1gO*+&FpD30{~O4>q4)2-kJQbBT!T!|AZQiK5@|q?De_Ms^XG&705U<t
zf!Ytp*-l#RDW()A0VCnZT)O)n1PIWljb`s{$5wq+nOz4&K2$hYs~T)>swY)3b|ovR
zAxHEvn+@*f((PpDqWeEZBBr?ILEz};*HRo7vDPZat85SdZv7PuFAj}rolTE@{a&(-
zvEW#;pt#}vka=nJqtV9w^3k+1@DY9paDfOtO~w|2DD7ad|Hs^00QH$H{ld7rJA~lw
z1b26r;BLV^xVyVsaF+xR?iL&ZBse5Ua3}ZA=A7M}By9FQ@BO~IR81AB+I@QH>FMe2
zU&|8=1mdSh9y1k!+WkF<aUG6`B87uM&4G?W;6kd+;7d#_)UhBTuRw5of~4!t8(zPl
zpqO+N=49hA@J|^i9)zY<0xgyZ7KVVBM5htZ9N30xb5>_UVnOXP>XWBzw7+WATG@1N
zTE2DSdg^109ZNh_J%Nv_?>+Yv)U2Jh3&iW=hZx#Q{ziRBM^H=Xr(s}O+b`J}X+w-j
zKtWWLFT982mLQI?Lm+_2$e8@(kDyK!m<-a_0>bhnaQB}v#-d4y%IX;uikUVH@Cyr~
zm&-wsMA{+MP0_ufp?PUnr{guK<dxfurUve0qY_yFGe2cxO0xfES<pT-owYOEp!F$-
zAkJOei~7cbxR#}LiR>+x44qH-<FlrV+e%whRN2pcTcX+_ukNyWtuOFCxpU6gzbZL6
z+naxPIc(Nvut4RNLAOPCX!%}aFU7GH6LU-TjYy?u%F^3fmv&Mdf^qjZOLVe{5qBXT
zO^2D(d!;;2X$!K3Thcs_g++@lP6ED+q`Pd4(%G@O+Zi?5ZEnRoZ9c&&(Mb~*Xy5G3
z4)%tRM95e^Id|TTIX7^f>9qU&xnxQ6S(8SMYe1xEpePiBnhH*)j^PwAi!jNTIawUb
z&HNRU8bQh_hXR~{(-W_zrcza8?W_jZo(XlblaR>1qTaQA7GaqJ6X$ew5i3>|e5{yD
z1sbbZh&<M~5m#<rr<_BsWbTW0&$F-JwFCa~M*n0}K5`xYWmEq4PRrW-r^finrhN4K
z-{0z!l1Ej?w_E){#>z{Q^--JhcVvFDDVhFlQ$EmsSU+6x|A|d${(sM=l>ZN#a&@tk
z=g(Ha{^)uTf3*VEqq42}ex}aDL6^AQ8a`@M{*FUG*pv?^|FHfETYhO%GMB+{KgHwm
z2VG_c9fA=A6^wI$Xa0pvsjA_=?TWTT7F<w>aamNP3?8tlp7vKOVAqP{Ta@pfL?giL
zhd<vZz%M`9l#l+M|F-bH*_5zlzY)0yLiX(pjgPhh{ym|8Q~cAWd?5N*`?~+MDFLm3
z8FD~UZr^?bMrX!ncD@JN9ya%G^<3>yv+|#B?)z52f49FM%u2UiUj^S(ks|?-ratV-
zd-I^sl~>5Va7Z0kOLI*ae{*0znU#-j^*gijVPg;L2WkAvtP}z$h;lw7_F;fXBm&~E
zKfxovp#o@Y_3zOZD*$EiuzsNRM=<>#kG43xf@^(ftN3lS#f^Yps{EJ^#eP>_GKA9L
z02F#gKOthxXcx%}KRqcQHWeQs)nPEPZXEQ~R}8AJSTgNE#3PQtREO}j^&nj)NkK52
zK44Nge(&V*32fux_~|J97kiqqO2@Edc)^Ls?BFeSSd^1D1UESxa_H_MVNi>STria5
z`6fu+<kK5n1Yb0No5TeYbcp(D?>qP8fo<=-H$`CpEYkrj#vgt4-?QysgI4~IYySkV
zojknye{#@DH3Ksvo4!dnJ77+ilrgwsZz_^3BVbOK<Nshzmvhh%`FBizxV%<$N1-PG
zS$*h>`IA-u8>av10)6X=`N-Y)oeOmLcGzsBv$LlY2sk5x-w&Ch1I@;#^vi_@LiXgw
zbgMG#$ya%x$uETPK0R3P9O=MtN6CJ2fy{{FA3U5iwTzS`oNRT?IKu2y6y3PgbWN?e
zl;<4)59vQ$tE6NCEc6r&G(zPB%Z$}e*(NDF+BnD*8R@B*x(R?%-_+zZlyCmhxLL=a
z&eblq>ShV<o-v-0dWv!E=L18GM9r+MG4NV~!qo?ucS2sT+WXne_q8?;a(%?UCP)Ad
z=nRhdU#f#|X_Ai!_Nbav#Cv75vpQzx+`M|Kz{%rShPSHHTv3_P%*7U_WSMegsUGB0
zsWKb$^!P>hB=;nCk|H_9En$)(dq^nR2O1OLpYmWaXkudKeZqPmN~rQmYXt?NAl}zJ
zmm`xfrATxq-EPDD@N%W8>7w1mVNGnc<33<a5IQIXTcdoaxu+K^Qb5{m{o||Wyk9HS
z=x<MFKD;BmzXs#bx8R$bDeN{+O=fXYRTUPM>H@|n1R91(*NI3yAqO(Mxy^}m?8OHL
z8jElgwdh7OC2;7Qj_g*m=5pBBE?VKS0w&xOGZk3VtD`5J47WRf?=VLj0g51MmJ|$9
zv^X0jHjfc-9yuo;UVF92L^$0^tTlmJsYGC>8)P^z`({ik0Rq=h$2sv(jqk)AOM1Ap
zPs(%}J#a1uC0-+3l>V)DrE{#f>$`JP-Zq2W{d5eYb1NNR21Im)$fI(Tc6@vg|78L8
zE_l|_o$9P)%j!f7*j19`wETjECnkc5KGCqE##xiQlst*tQTX6Mp17TTQV~OS^Wtx3
zZg|y+cahLd%m-|dYn2N@;W~vSnBXXzM?|II#2|;BhzqO7<$%6IkpYt=K{YVv6c-&N
z>XBU(*THPqI($QmnZ2@?mk!tMQ9sfqpUj+Wtu8-)J{SRB>22Y*|KaAgLMZ7DHp-Kv
zXb@(jnW8SDl!Np&Ya0?;o4-CVA*)wFZ6FDte+WW*JQUt74p;EknxfJHr!0RMUN?lf
z2&x`(J1(fpXLO8f1RKX!b{X4XDcfI{s0B6VWLe8vyUbc?R^#L7pw=5Zl5;hU3xvcM
zbzE$<1H;VWx3Qg;!8~lSxGul&r&+0MOy(4%+8WoeCBr-0mSQlMCN|i&BW;)NUQ32n
zj$kcZfefqqOL?f4fw@&S$y%NW*9r`RhwXl>X!yj`KOAeu78_d7>q>`HT!b>y@T#uX
zdO9#Q4DD&Ys4*u}-e9PfYw2X?9CkyR!TOct(^zQmIXQ*l#E@A7OD#4&%n@u&lA0lD
z%;KrkDNC7G1R54jUv_HIw2Mbn8@nQ^nYt_bBAFFsH*g(a&}Cx8qpq?Kiki5QO2wXm
zn>=Ztanu=;si>|Kt!qe%*#6vg9bhoRt_jUMI1=ja<|M&vAwY(joi*@DCeIF!?{GB#
z!<g>dk367Ib)R4(a)f3$vm32Za{W=#t5I=@aHATFFN!*DoT`L*t}E}b*nr@z7~ixX
zrH-!%T#~;$Pqpt$5;L76TG#1aVQto~dKvnL8}Q%leBC({ALq><n?K)yJ8R}K;yH#2
zX}+X;7yh2q-ELs<Lbu!DUB0(mE9unbcA`j`QPzSYQw?PD@L+ITlIR}l>ziHUv!l<S
zg|k1;?J@;v%OuU5+&u?0HpX57tM^3&-jS*6=4{S??qRx!+|r*ux+%kE2n5PL`Wh+%
z<P-<O=Yl+!{j>fYO&hY$%Kp3X^PS~}(>@^g8ORQy{+(Q4GWNO?ZIQ$6-8|;|Pm%X7
zgdTOzs$B@?U!=#}zfRxRX{29i`VyWgt=-6=e}N9GsG)kZ$-dSf#vPn<K@W1;%c5-c
zls&guIVy3#^RRH7h*gC?`HGAPFvk|gQbYnmc4qM-eUs`1RTVuaqx^UvWXIbUbrsiG
zg^0Y=L*i@k*EOv%PJw|~YdmLny`0L*b=b!|Y1%F=cMFVV9Jm6$<I6p7M!#4k5BqmD
zqE@ONvR|t^cuv00i{hD8X3s=+;afc2J{?Ak-n;pu*Uh(}&yNo1|Mao@A%yjaTk=;3
z>&KAUPa!OQrf1eN&ep<89CjAWa#pgMrnC-H|C*>J1#o!&HiY$KMEj=@)+1m4-r4;}
z(d?I$7#;?I5Y{GO{e+YLJ&_+mSdYZ9wE-b4WdXEyji5jg#5)=Rc}k;By3c9N&*KVf
z6+c@To9uQoygb}v+i!CyN^QDt)!3EPqc%pqLs6G_E2@Xo)-x+44<#}GT$$twg@>Z%
zCB44dp~XkvljF=okL?Vb!sEJT%4ArI7!rx$E&K7YnWiltNX1cFT&<n7=e;D>WQ)k_
z>g0rRI0b0&SOXv>z)=C!!0kS*GJ@zrQ5e3{B89jPX#8;SU*cmZTWu{}#&4H!GKnYO
z<ml^k3kzftm_gy^$ijqzVC7LIJ*hfx4yWfZPJKdQWt=k)bJlCjduW~gX5^5Xp04c^
z!=40kj}L*iRn@VMhNiu0iKhH3X`6l+MIc`s3oVOI=HLXLUQiX4<n81ydc<Wxe%$<e
z&y$(ZMBtFI1NZicVw{MPkhe3PyE`PAPp>2zGpE_WWwWWwm2ou<tqC|i7W9o|9IS;U
zCk`8)B2{14_MM!5$iQvrbeDh&nA@@%M!YAWUlt(mzM5GbO`Y)1C0GRZ^mmD?(lKi9
zdEYJ)G{&;|I`i&?@|5mXxw>wOmJ_iJ=b?#>$mx1JEIg#r8?one+T+*+sm))HEtf>x
z`?AKY+;op`XPrME?5OXF*?3;{44}^S9ae@V`VIu8iqU>rDPeCRn3DzzN6~9Ojyadl
z;=ZW!P`_yqjRQ0glS&mnzmh4-W-1q$1qU<0kt<?){m#b)8T-~HI(>P?k(s-L%k@<K
zqgf8ACg#yh41^~6xoNpq;d|-#C_WO(>=imIz2K8DaUhlh_k1|uaB)~ns1Tv3ZT@KL
zNoUPwwvt1Amu>4}_umDfe!P=E1)&}h=zj&FetRo_3v536{qOIk`Qw-WTM+7jjQS33
z>7zlY-;wz#2=!+&!vpPy^$VZ#Cj{^RcVM&T6X_#CsOlFDBQ}5d`rkP8aL{&>a?{QL
z&*qoF=I=Q4LlElW<bQ!C{W3Q9%ODhLB+aqM@UfO3Eo@!Hox^S3q*Hhs=#RjrADTNx
zGG<YrMv!_?Q4={f$MzL^WAd}V#!;;e0UDz|{>J<igL?GO{C7m?w`n<l@$+wS&EFIH
zH^o0=P!IfkcoTjlYX2F7`a4|n;iRXBCn+BdK>hQbeUEECZ0@lD*$)9I0yi>rY+mC*
z->b2xPO>asf-Pi;ULp-7J!KoDbcDY-t)Bu=k8bt50MvsdKCB<O_E!Mvfgxjiy85jE
z(f=i``5P*KI`!Xh%}40{&Z+loFnSc%+=?|-j9pbq!b>^a!?If2UDqdwRnDOM$*KPi
z*PPilM?T!MOhZLcz>3w;i#3=3gcFN5@IQq$g?eftlK<vJezFOF!>b=`!bf=Z*M0pF
zc>KvGlvi|Bkz=(qRgh<rx6#zJvavRhXZ_dAI7Psz|E*2<FpU^+=zsqFWD`E}_3z)F
zhjF@(5c#GF9*C$!g#d8_0vi1gzpx4ap2#=73djKe)_>!X>AjvR@Y1L*XkwubD5!NZ
z#!8rH@{pag)Y&hTkSPV<K@_WJV6|!;R_-s{P`IekFu*DC^Y;+xa(2>6VoBpSLYv6q
zGhp&v#xU|T3wK7Bn5~KR2*5UTRq7SK^R^${Z2R!?@M7ib%Au+@DR)r~-iW@nwY5@!
z*zP*xsKS$mj}R$-r0Ptfb|`*q5*v#0Fp~VM19%IASlw$ZGfMnjs?@TnM9H~s^x<}R
zHhSbV+pu~d!5UVR6IufkY``E2Y$yh!4F0uJ7{*3Xb@EfH5sR#`-F84l@*{MCFYw^?
zovEdBk^D8F@q8B;<cZ&tHzPy%1Lkc89Anql67ex~Ai~8_`x*O+5c_pRV#WC(r6l-C
z(A-ySm9u0szgm-F5JCkToeJuE9^&0EKh(p}jth$TDl#5Ts56dT+n^;Eb)*6=Ga?@g
z2D%>Q1K%kpV-G7g<%p6{-}|IBG{Jd!X&Ad_y1hesq7j`GV9)!<L4%Oe)-FAo3>rs+
z@~`L5oIRy;dJDqO!e61HK&3JDK%|9<1bj~GDKRh$&?>H!f9BFunTAi0u0TML>qH%G
zL$$BX;xJvu6W~yYF#9aIv~a5=HnTm_6YunRZ!An~XeqBx=#6q}Vj!{(do9T8z58>!
z6Tf2ti2=f+*HztZysoQRj`rtuv6>EP!Peq;lMYEQmDC!xW*ZQ>!WRz?C=<M|To3rn
zhu%HOd;2DLnXmM|WNs(5DudqU{qr}6x^B!3C!*^)b2*%s&~B+2Yf727{4-4)9>Imq
z?kb~Nqa%H}w8%$MW;t#77n7;ct(F)&!znGpCK^mz*~N#P@`jP0Lk6oU4!A96s-9in
z1f6$%cDcWkczrIo(&SV9l(zq{Wc3Dl-1M_Q4um8dJl+r`Vy1S}>ZirmBbK!95j|hS
zrWvj{9)}z1Szly`?Y||%wE%Q83-@Q=^1!K8F_c`wPmEFV9y-BPQBu=<XD%ene=@#t
z)X2M8ql|c=#K^hLq33QjIk-oat-^}QM|psFMn@e1G`J+?3E9H-;YAwr*T8IzDQG<M
z!`<g%!78NbTjyp)Q6ew2JT_zd@2i7IdWQmIn~QGJWFksT_H@>8+H8(Gd^{I8oP789
zB3F1ubZ26sUynGr&vg4?VoFVI=f1$N2u?2jI%{p|=Hubz#jB8+yiaZUS@~VjTfR@v
zwNt*{ejFWoKaM~cfhSe51Kp-q3{pj2$(^R*L|styn#6HyF==hM>>XsZ7!L+jL#(Bj
z>#=DGX)V#}X@|J+X5W{cf{!0q2+qmRi<VLFCEe0-r#<;3cd<|4d|_rLHlupQ>bFya
z8!kF+3_iEe9$RuykC{bTX$PNW7c-}n95i=-aMIPtFI{=LicZg0rPI_Bxz_<b8EejZ
zQi^O+*wnUegA|5s2ZPCbdC$VHrOprCYMAJ|*^#c`!vs%c2jeG$MF<&36YY!K*$q<}
zs!bT&=^WCl1g=G7#`J~1lNjRKpCTqJs~yjFA37)D$Qq|N^4Z&dKM(;AWE66!jBzeX
z(M|yY-`#vS0|76E!8yTKU*d=F97LMGx(wWcZg9{9Yg{FWx+^4M;d2N$6@3g78o@G%
zm7XWLoz0`XI*b)&TzwChu|SvWoX{>5g7?xEW3lh!I_<II>Zaq?bL@<ORJ4$8tT=pY
zg4IBH10@PD_X@f4r=WPV<hf<*`Q3N3HX&i5FtU+s6!n~$c4r~X-ik(n1o&e#Y=PwB
zAmAWE_u2fKPaq1VQ=YyT)u3?4?NxJPbH`kEamXYk9Pa#9bo=Wxm!G_yM^yE{yq({^
zH$DJM<Il$i@XJq-`=j6g{>8C<{8{_<;yjQ^CXPdU)Z6(Tna91I2ikT&8&khD>mTuU
z{y&4<_1#V=AMti<V>PbvzVmh-%!=@vPZW<r?!V*E58lqh$v><gY|LM><(J+Ls2`Q!
zolM;nC};%8aekit@ktzr^wf{u4q*Cj;j^HtCM@tk*Xx&QYFDHh*I*EZe?ji@+b|X1
zX1IM5=pTo<{^agF`gi`@`S|AUJQ((WYveo-3PZ@Pe-v{6J)wV7{L|feAo`d`@t^L_
z@x%08>_4aPn)k1CgnoD050mWtHO`wK^?3gI=4e^|%H;F|?C&2=-|Yi#ie1@U==9y}
zY!6(aJRoQ?4^nvWc+gBaW4`4V|N6jw@^~KI>USQ`BaHjY<FNyX{|45_!a0BrYWNl8
z{u?UaLGCI5sef3%kbJs-47tzM!Fl`zxyya&7aFMsbON8C9-t2j^Y)*-Cz44;V#}vi
zo=6m-hc`hn#8kE=2$P_^8bs13gD-9+3<H!>DDwdZci)qyc>oKia1ay{8kvJD+tMme
z0F$VLpnJeNDPS#;fW}A-<*?Oo3YlSOvs|HtJR_eL4Ppb}?_C?Y`duW@5AZu8pRy9%
zAMm?tZ7y5oAKiwPfxFulKoGw}f*)jxGrlu?>Az(m<DXdz4|4Q~od07M)`oF|5_)qB
zHw6kjl+$UzfP(D^?6P6B?V+W7#Gt_M&Pz^8hSg_=;WwK_w~d$fAxqp4WUblvnUIbn
zif4L)7Zolaucg59YJ*%TfTK6(*sD0mM38nfplOG6f|OETfKIpgBRAT&@sxA&Zr(A4
zFi`35VW@V1><Okx4ycMhLbH5^CF<gq#TxSuAW-HT2ZI{TgRLzA>q4G~g|DuD$cEvE
z*PE|Mt0nyIZa#?OlbhJgN7ER7FN*(4V|b84)kh@pAEhzO)&0Mi#=ua=!p6#G^1n=D
zuu?$&j_D7=t3nxD`Cl^~5dHjCN&R=S`%jn-kX!Kx(6CgjSPnoZ^MT$3-I3Mwl=6>+
z<w%{GiRwwkYDsCyak@S0DRH{;Yq~LM+nZ~npotVzV<Y2+Of2icUmWxW%Y#f7`%FAI
z^vFBGX-{cRBj!)S&rrhSnCGczM%G59g*!OIB~K)o9F!Cq>d?0V1!P6Fg_{W&rnbNh
zoyPE|aHG!zaKfZe9AI7H|0wU0h8r27p@~RcSc5-{n+kiPOhp|-HD;6$92DhdE8(SJ
z5%%1~LRPZoxtD^qL8y+kmn2nkyrr$UhpkUp8Ep5zYJ|2HRljc^@xb(|uddr50EHX=
ztK5;_Ncx{)CYJxzJk?@`G}}MssRGfX#^`~-F!bW)P_&+&(FDtx+gs?A23~nn0GVG#
zL+~3!m~qnkN1BAO3)g98Nu$!2QTWRkp$-hn$&Q4|jfu;Q(G84`Q0ucK49b*;(2r8f
zN=rq`(a;V?k4uNr501#tK2-hcO|ov#Qc8|cj}6L2KUB3LGb0Q{p3;pYAkZM5)1J!O
zT@1)DM@V9hjgExVOVUb=j7Z6Z(#z6Dj1QZ#Yzz+2&<)a;2JEoFQ`?=4OEE$rOtPL0
zune9Kj*ieHZh&YYPW{nZ&8(5B+PbOc`(m93-2&PoYVZZn_w*^sFH%W<!|^|!xo@c?
zk34guYBE;1B4{hA4eQwfuffdHkMnEoeTA%MqxR<uW6M}l0t%3(p}<OwUhLVa&#bVv
ze5O!99YjH2<8L}ucHabPQxQyb|CFm15D?%)z;8>j0Yc_SOqI(}$F&~8uG23Vnh-n7
zTzAuEv-0v}Yt-TX{imA#Z5+~q+yoERs+qGO)htCCk&gYVSn3PU&YReaw>N7a_U61j
zDK{9e8~w)$ww+Y!M*OU&(LUoH$8^9WQQFx%!$b=Kv3Lqhpk?&A0|DWan(+k@db0~u
zb9(M4s%gBXO)2uUhh^vVN<GIsXth04<HTT-y-y(Nc{&}n(Q2((`r4@7xEO=!O9aIR
z8_CFohz1b%^5^3w8o9aEB<zX^)#hu`*lh{bm6Ub?@hF8jWdV_yTJvzFxiBt@G#6Qc
zJSwlQOWy=3lLEIb?aG?y-8w>dFEH?G^p6cKD<gb!-G)l;=9tl=M^?$N3MJ-)$jjV!
z*Zh1ZK$tAH5;SYS%=r?qtnK13$rwY20t0<aBdWx|+gv=Qa<wCN`K+*?KSa2uzkO%M
zofJBl_aRj#HOT<UvzN%zH!0R+bax*!yKCAYFJf)iiiI&tLL`3h(m+`tRgoo2g8FDr
z-JOwF2jeN*qBr*Zv5IFX@{K?LX%#eT&Qm6j-~%1<Al_MXittdKBt?j<{dGd`uRhiI
z`zXZBn+F1Y!+>deRI%P+L($o996=NDll%-cPbUr|n1Q?Cfug!m%i#%uD<<@l55?Mn
zlM9%W7GYLpY7;cIha{jmkfVo6in-fkVjL>usj|Y03?w*?qFAUFWE1R@3!2}-><(LC
zW2*<efQO(U?JBgqq;;sT=cRgwWfu7CbdU|`<h3Aa{1>{X-O4ZQxbUiJlA4O?sL}*^
z(+4_24Dxf6NXyeVkU?lCkijOeIS*&bKIk?M6T)K?2C*kvfTnKDC*daxR%IsbXF_yg
zyohjm33WMlkhJ+l+Kc~G50tBC5SP#^%Jm3R8&H+XH>lsG(`B9W65*y{vEq^>*!0-f
zvpTJ!yF6=?fu|yCpYh_x`ORX}LaX>QH?EVz+)d;;%_1}1Z3Z6Ns*9AH`$Mle4(@ow
z{oEO^IZn`e-7UcXrE{K!dUk1al<vI697mHiA4^l{EQcnL^x2PQPUO0&{?_?my<tE&
zV7z7NZT-lO6E$)PdCMFSTi`?sjG12tk<W$gAVv;H#@V`auG+J=KG-1qU>8IS>_B|J
zK#hmk7u-{n;l|ZgP#wYQvy3ZOqs_L6&~!i_WsrSdOTG8kBG+t{m;eRhCE7Wct?rbf
zI|cPa0Cjy2$*<cojk)8vP1XM1D3K^2-3zKjQH741jC1u~rqPpIC;twD5G%GycIgYv
z7oM*udP92g;H}JdDC%N6U#}|9-{3nUxM;rq9EDwBp!S|?O$Q4l+(N_Wz1mX`cLMC!
zNU+>uRqDM5el#PkdM5db3Ti$yU}0qLRmHnLh4|^W*km)jvDyp9a(Mau?~cT4tczKD
z)oIrp6#Q>$;c5hJut-T@JaphN%tzPXXRCBKw&%~_kEPvv+I@J!6=UesO$iN2WTu<i
z&TE*X>*O4sxQx%VK_Nw@q792@rlL^^FKBm&I7390%82ta7j!>Je;biMqU^pKQgb!e
zAkc%}0%oP7^KKx-Bg^Y%h%f#2cAK!k^egCJF2uuYW{G*&bo<}x)(89dn{Iu?h8R`<
zmu@{<Y>_pS@_9{JAE-k0tjA=Z^R*!k_#_JpNeMCQEsS|XP5-;nqsj$sF?g8*@m=62
zz>wBjt6-1?k}9usb^<~3*aP@Q{7?fW(aOV4<)H&pm$6-1kK~j|6-6aYOt)TsXua4P
zZN-khuXo)U+|@+ZFcar`p;qcVN)?Hl_2lER$5*j8PmlL~&$6rT*>Af$?DWy{vtcIO
zUM$hI>(k7}NUbu!MKc#v4w^x0tkky=wPa~mq|J79On5X0C@!oDb0!l?8Znhz1^6EK
z3R7jXDt43Cos?)vNRpmN?DxTD-&0N;ud0c)lWO7>E-h%hujh8@a;6HJQ?((2I@aU|
zV)KVk=Y8q0UL})tlh%IBxq1NGShpAuiXj!Ry5RggmHafUSp$U#iOt+s%rtf#c66~a
zII_T<bl8hjDU*3$&$>d3jUGfMWS7oe?u`}ysqsdCigNc6?Lx!rXQGHcw<$VKBVnsF
zp9$=#Y}E>%sLrz%g$VEQh(>!>(Ld>DeL-EzRoAC`J_2LUldqTvCa{Qpv47Idq2aVg
zS{IN(0fx*bXOzxZt?ks@E9nw^3NeHug2=`5x=1B*HP9gvoJ7cOn_UHws#yZ(<xrNh
z&<AjbmFkFsaJ=#=owC$dmszTfYV`4T%S>ND&iDF42ePLcKD3uyZlBKQX}2<L6R`v%
zGP*!q6?xZd;|%TK#JZ=kE-2e@lJSCh!o(4BhE(~gBl^4n0-}-E$b34o)^o)%f&@z3
zC=#U%+%ZlBbQ67Vce2OiYFA*pZ)cf*Ytxu%lhn(kt_u7GI0+s_?~C`dfS3HXj6hW(
zm%;|-4Mz%QqTy;#oG>3f{j7})&yN(LJhOAwfpnsQsw<@1XeUaxG>GR0X_x{oNB|lk
zd<k8@0Gn?4BoimWp}xHvvM(7jx=qgL`nfg&Sp`b-{IPQk!KOsk&2<ZQ76}@;E23j)
zoO#v@(XV&b;p+J8;X29c=yLDoQ4E1P&;_)hdm|h9b_h@Ng%bQ`pPgh;Od-7PD_@6g
z%xpk`^r&~lu6EMziHn#s5WxcWVL!b&3seiq4K4;3x_5T=teVQCv_86Bj6{`(!eEuH
zR8NpHEXcR)O6r2BE8;Wbf+FiMiI}tYEZ5noF0ONaQ$f#yeKXq>9gW)TPaBa*(-6g^
z(|&o?I(d#E)z*;cTfAcvT2o?oTLDy!5ew|3klz<L7FT#CaZBES0(a0+?nUuT^0Tz9
z;mI(z=G)=-xmg@0sB7eD`ROkjWLIUdU0;vRRf=ATxL<Y=(NQ{i8zY@GrIQ)I@BnE~
zUl<x<06ZQFHSo{XpY3#FYOZ!9A!}|-aKlveKa+0Fw8g@*?iOoskLYH;nx|7A-O^W;
zvrCCmm2)zaiak(;%w3KOh`$)m!LRoqVwr>1RO65q8!p3Nj1|*9qyl_+2tkuJa4U4u
zJ+#}g-n~RSy||wc!~5`NlZk^SEB8I0%Ss)-G7Q2Rbhj}dgp~{@NPr8_Gq~vLNf)5$
z#4i=)U&U-CdgTV21qtIV1Y|6Cl?8Dn&6=7VOXby=ngq!*M~s*bi~UQp$!5Ap8$L}Z
ze$);TQ9telItJ=~ig93EqO6UtY@Sp_jd#5O0dz8(m?!1BI|bf-8xU<=BmG5@sC&s!
zptrf?MVtpd%PTi0r^Jg-(`C3WSLb{--p8N6J`RBX1i1djhW!C>eI!u%7rh6Y84%L=
z^XDhP)zQg?QQBEkLeWaj-dN7nRzXzULgHUZcn|LPBVodC;jP~Su8(~E`|$Ta0$kZv
zyqn(vYDoD3pzBXbcz;jip8>9s%9hf2Drh=+0pcu+1-+X2z6z+yCR{fG%Rvc>k|m_A
zpB78s?JlRbv?Py(H!*iiPUK-wU|>>)FUq6%slHG$OfQ5cdyO=iGHn)1CRr*{BI5!6
z6~{R!%*EOHy=LSQS-kYv=bHnL4^6n+0gw(g5G*^k&+N<TFO9q^84orXBf(;$o|F$-
zWSqaV?%TI#;w4v-WS+Id=BbeH6;Glg7tWy&539xQJ_QO&6NS4hBn1WoV`w$TQZ`<O
z(I?e5vV$w;_G+#E%%3)7qT#D(^E${5OoH3W1w=buW4;n7)KsMyDg?AKE>}DF1$&WT
zPV5kk9MyF5t##jLlUv~E5BoeuVm(OXLgsaapKJ$SLs5V<JtOBY0u#n+zU!KOON<(G
z`QDjk6+4KETFlx{jiKA6c`sbqh=a0pDa>`CPW9@`*PUHTF8V24awM=+sSiV;B(f83
zJ4UR+IcVsjIWVLM)}(XbR?@TAd&=5k9^zB)wHhkutt?SKsi=RbWKo@Cv9Xk1L{5dC
zhxhkzN)5z=N@+`_TziG<LReW^=|qywMp~HqGWm_J<_PsoTNX~*JdbPcQUBIDJoWZx
zXI)BlrRjHjO)Hq5-sEcSt0NoDk#cw*hwI{M-Fs`FGBPlu(N%fct{v|K%TNz#xWCK{
zG;Ne-i_ts3gb9;faarHQxV#EpCvQLB;!snOX&$p`R8*S&`0`Vt;n1#_LwJM!$xc_2
zlM`lDcamrJ-Qr6#ZxMmKb*V~W=xZrk{gP)6x3O+u<F8D1n>>{+>OF2o!6*nv+t{ve
zA^p8Q6yMzXGkQDiEzU177i}f@&I>&sW4gMTBUv^@?TX;FulFj~x|b=tvVL*2CvQ=!
zD7o^rZ{s2xqs__f)9TghUKcT9!b~|W5c<0&p2MO__P5VC>au8hhlaGHrpt_+`+!MB
zjkF}Ld1CGj-LM2uYDMd-lWW0+z)QT<P*en$Q-#4V6p7>1kpf8~kr_jQGd4Suq!L3x
z20AA7b23NpL-`}$a~d*!s;>2rW|5wxd8^&m{YBZ-)D$`qn-$#=`OQc^6tQOgxj$(P
zF$$Qld~Mm<c?(GU*yh{|*F5H<*Q``d$=5el$KEcN+$**I>i#g4*s-uJ`+F4{YgHPR
z_*!uGFL%l#$-36p@4nVlJ9m0BF}!3N579q2eV!|z(jzrRS!+)dC589W(!BazFHIoT
zG69<PBAWYaJJV-)i|A&aW1rXaDeL%#$w!wMTI@19!j!wZNDpI*tEpo0CU)Mv;)z=#
z<1tCwQa+lXj~bEa=@0%2^0*582?cyafBXvt{H+r7`$5J2gaSVL{qNPF<Kw#a8w&V9
zrcRez=us5#cVr$%0Uu~TtX~BE|7p(S|3wr~`acS9^}+8RYvz*D=zRBmDdxjlr-3k$
z`6vqbI}ZJT0zRDlBN6DI*z!vhP)c$b-g79A+u!~+T=9+?24tDLmiwoiM-X&QY;039
zaE_oLupn~MKvDIiz|@q&znZyRmL+*Y{t@o|_Ud8*N~->R&;h^vgaSVLcm5lb`-TEW
z14=6&dEUQ?+ykM@BJQ0>QNZ65`ZvWtQNRbHkM&FWPZSVPc+20b@h1vca@=40{JWs{
z!{%<*6k;Dm0sr~tzAwD}yZ!x;_t-fY1suB2yzt~z;EET9h7QE5qd>s?Afyhn`Qsy`
zzd5j<P{2pG`W*`Ru(5~r!zKO8g?9jmKj=qn@-G09`0y(f@HbSxLjg4alK-%Np!I-%
z|6>SilAR6$7ywu$XhA?t_{&GgU9CScQBUc?-9g{L6zWM0$o<5`pT?ByHzO}Vh|$K9
zA|c(M>vtkAEjcI`1jSq=xH%=iA;pw?ohm1!eH<@BUqu7nrOyL0V-#Lk0w~JugG#)B
zY$^bu!U95f1cFZD2Pfw@!!T}?fFRmV6sXu<gj0C~DMRoHrPHH0w@N`f4mJ@p%nw2c
zk0K|>kC-bb&DsAJtU&?|ryg#Xe|xhN%tpX0s_Bn`VN`l%5pt+t-wE3TZ)=tz!;k)3
z-u?v-Y6AHBu>N<vHGkl3Yc1LXZzr8^kC2#Y;MU+z6+a$xAcZl;h|qI^Qw=m?Qn_Io
zDbfXuvcOWMi~%r1NOU8UfC)T@)xLC~NczFRv>qPBQVwV%53+!6NY;=}Oc5nO?@r|v
zOe)=A3p285#r7$Ap*c|PI1qHSazBf-;Jgx|w^+n9B*2MPAm*h$FtUDtg6IrLR*4-H
z7PPE94P78)%msv*jcAMl`MW$Tq_kx)BPHm7r-tCU8ea(k-8w-qfZkuL5qw`F`oLUz
zDPIq0fYAQ3^!fLK`!D$FL1rK0?LUF905bdU?yDUjTGCg&c<rHsF!!A>$V(cb#-Z-U
zC2o{gBHU4wSKy@g;3aN4bSvEQp?PZ~x7=hx%wAA@m}ET`W`!@T`jSDNQM4um#|6hj
zc;2eh*HCcyS9EpJtc(bQmDl~NO{)smb2~3{1$!z>O<8k02uyigty%u@i3rq!+(r_{
zH$HO{55s^5Iz}d!rYHSUX#o}L9JGn(;^?M=&w3+{CngvX0a%KpjNP#Gs05|+F#V7W
z&AZ`IIf+esdw7IUL<CzWC;dP0ZcsF>eMFUSnIzv-yEB022oN@d`~R&#GyREo>jIem
zu>My9{l*Fc_}(?d9yZ<;v@PM*=nuK}dPpLml$V81$O_LZAz{WO9-)AK^~RsYSn!!N
zW=>kG#_6PD4pr)_KlBEmyKK<VVZczoKT9J2JPnFGs%bYXw$G9l1Z%<z=7bf{S^}zp
zbVR2qr5FixBm{4$X;(;=Xf*!KBL2-gjnm_yoc3*RIP`kaIsz(sBFIEth)J*posUq;
z4EScA1j_RAxPlHjfrfO`B!j5((PV!JvjtGM%rf)d51OJ>3Yz~>EcSQ8{3jOscZ%Yl
z3A6dXh1n-1_5YQ=>)0t8nkmoI9{R3-A}vA}Dppn{Qpp$uv|Y#l=WW*ohIhB$f5-F(
zTcD)D>GVN^EdL6N{SDLq#A3hI@jvp^{x0SJ&cc9Y>su=`9TTEXI5fR5c7B!1$nfqW
z77kYWnXX$tG#{2*F;F5#QI<>;z5LWQ_;)?82H6xaE%K1lT-g@Ll6-%O$R_^J5LsAR
zXE^bZ*-->a+SBv8fnz3$NP1~|v|l2!AOA#T;RZ?^<wEHv;Mt(rhN+L(#vEZ7N1YxJ
z*%`e*npT)eGmcQynF4>u_y^T3Z{>3*1O)^X3{dJnHT(Dt<G+JsAF(+`)jh57#L%-B
zqTjcj^k-(0MZND4Nmm7%alXL&u+YBN^8$}rK?W5$8H5Qhxuv1*czNI0C9_9{wp?DQ
zEKEE^)grGD1*G5>wFE?kNI?Ke8TnSMSU3^rF5Cyq8;^92xxRHFljHDUc?DmA)-CR=
zCDrZl!sG#;UGK07^Sl_P+is{$Qbfdg6;`7~C%wIg=XZQ`U-bcF1CaZ?xy=5R%WnOU
z(GjT8rFm(6*Dy%ubp>`e&E}q*`4bd*hS;@iS9=^UF-9F!qt>7$LCURX($7UHmLYZJ
zo(i<uU#?wgBv-y|ec~E3sc_kRPuN*RDbq<F49^<pY(D+8QQRDdmr{DY`Ct;W(gvzh
zo)bdXluKx{xI-!-syi79_4b%olpTy-DeVdg=8i{dH@b5FZYz7o#z=SMYa-Bv5_vQM
zGtF~)dd=~a=89DLrw1_Z9DR*-rD&nUJlgn7BN!(hrZmK)!X!jbsGMJ(;qkOw6skqj
zr$i;dE^2hCV9Gp&%+}FzgVycSDR=R{U6X@WCG3?P-O;Sk<Dg)nyW%WputY>%kD(W(
zq@)7P6g&%bDl8hGcA1jZ$Gzu2jyeb)syk$<*{P4U(SN5AfIM%%P6+b0OE(+7{VqG3
zkVw-#n*!(R6^GK)7E7Ix%x5=T_op%+d$}49qcIVyK8leu^X*UqX5tzby`}2wj2(Xx
z`_?}=`4qLu-ddciB5^-AujUyGZ#hDl5EZ3_7ZB_v$33l9zY1fRyI0_0H^`fy-fcUA
zV`+uDhRtI?1sWVvVeFHx6Rgm+9f@u_OH<($^N!oBmN?DYxWUs9PR_i-{{G3`Y2Jny
zMNGMk<JZ;+v|{09$jXWKrgcpskw{YBs?@v2MHXnM;M&wiupG~a1)odMV>p%BGntw%
z_`S|acJkXqm?9D4tVsRx!A~@>U%Qnk6j>+kRlBfo(rd#IQ<6A71YZq-VI8akk}Fz0
zD9?z@>@1iqq$FR&@VA??DNXkG8}j!BNxC=&qFALVX(gGOv$P?w;i=;DLRJpF8qyBj
z5EInA{a=kQvb|;SJ_zxY@){$(4JQ3!R;6~CdC~6R3uSX62LIf9v@1x!b+sHnR1UQf
zA0A^ZR&X7CKat*>{tP1agUDuo)cc?kbghKc4C5*DnJN=oFiftq;F1tJPgz~g_WIL>
zKttV2l&JWDN~$cqgRi{avhN0c5+YD=#<1?_O5muhxq;Tnk-Ygz^8}2CW~I`Mw<Xa@
z<30F9^6iP6<YeHRt4Wq}=vi|SsAlbXt2C10YDSIWOWB08<2Z_**+Et#?F{L$my&Ta
zLXB>3m2A0@GFNqAl|{2@%AO2;Y!&oJdloMb8+rn)yu7Q;U&g@ha%ME>!B6^J7uEZ-
zs?w)tsV#MEe#<TI-sV@5)Yl@Z3{2Nc(x(ljYg*HDN>7jH3|;o9GrfXSMdVm^Qjf};
zQNcspNWZrfd`?$t&r68h_h}n<UIMx?a+gq|u-`)#7h5K>-Wi94BJVs3MVufKZ=3Ln
z?v&)Rm?_i?{H{YPe#+|<qTpG7y58c2Timo3L{cb`FiFxoJhQlaJYRhAL0aoz>w(Y{
zy%7~}aqfuH*q|qN+q`+i3)~b0!iNGz(X)B_>?lqB@+v-bNp;1a6TNw}6c)uTI%EZV
z6clauG+`leXd2`f0%x^0%gR>Jj_Ukf2#*g6srIt72ho#R!}m_X+4*es-K3n3F+>R`
zyX4uu><dyer_}Y&pe4bhJ)$RYMtH`WUfk+0ax4HvWC-R}0Qu(|Y}z5d#bg)@9(m(T
zU>packNHt5C#E)dQYZmI!NT3uK)*|%Pp|E>j?5sxUm=>1sSZ1xL0BO(Va_SbD@4WX
zu;8NI5nXe|<o78Yl(F?vSM(74e$2^>ESt>)K&@CH6!n_S<s4Xv$vn5x?I$|;qaA+v
z;SF#{HjINwPsWt4wIz)utK41FIIk_@IbEtuT0gCt9*43q1-?YK0*#m_Jw~ofZuhCo
zOlaR<HMi({lRn+@{5sw4%{lwYAw9+Zt5ek$&^B~c^6rxZ?e63Q@1Q;H_n*%zcV};A
z(d-WkEWhlV8<tg6PhlhDn0eV5&ckH~GmrIuv|YrskA3RF)Lq4Jw^DL{d~l_Pt0lJk
zqIIFoPn>7svUHC>XDfM=m8Sdbl5DHd^`j~-w@DPoAvtsZHjsj!<(W(f8jZmLXruO<
zYPIkKJ3b~N5PL9(WUwe$W^?tM079uo;p%3N1E<(^3%Zz8SSBy)Bd0F>^+s6asHd`<
zoh8v%Zp4^Sa$<-sPmlTe`nx5R^B@Q0Ah2wZ`koaZtTj3lSF^QB@BzA;lv1eUZ24|~
zS@QDseq%_FBQB=x_jNO}(gx4-lVvV_Y_6KFA5{e-Tw?;4wcUrI2{-PRC|!gXc9LL4
z`CeI0<!^ne*puQGs59sxJycrm5p@x4D?ew|S$1PiM`0`+#Ojs0Z8-O<nBFy6OqMzX
z^MZKQ;%s7151XEWbQ*>=F88xcAsbjuG#q^K6Eb?e)-_+g83=wyqZ*sgP_ML5EAaXh
z=MpHs)VL#P$AW^;zhC`eNL9Kmfmy9KhFEf`u=q(GL(*t#-_yfFO4D6MWHzy~9W7ZA
zggG|%T$wlZTtTV_mOOnS=|#lP-D7GZA%UPP!P8NK-z`e{wQ5k2T(co>RyR6DF0XQ@
z!g0w#)X?H%aB)99Yu#`py3Zf?=c%L{hn3nk36$vKqRlI@tYdL<C!cA1<%#bQESZ(O
z_S`+^{gUtX${<SmX2)faN{0CE0*%N@_h4@J(lP$_iihRb!>`{B`gkx`cJ)$}-~oX&
z3F804T=^@@;SuY66x-Vhb?&O|r3-I==sF4bBofY!0vm;$1^H`K$jKmGWHV!7V#CRe
zA=YzJj@9|j?Rq1Yie9}6VO&Yy%H?RqlI4P9ITe-XukJhN1J2j08kC2qNHn3HmV4&6
zjL~GCx9q=kIb1O9H+`=3^eAs?+vV`)tex<%{ctn)1NnP3Zf;aHC5wqSPkC4~vm{8J
z`)V1%*30n6J*hbP+77u0?@z<OB)-qwdD3CcS_A2!D`#5h_<Z_x&}%8&@muH`JL4%r
zYsF8A8SbW>UPMV53LKER8UEphqMk0@oSp=MrgxpvH0ar<edIHjPY$ImxHF{-2`^+#
zrz6~5MW-6dOSeTFScT>Yl$ci{aHK~1^jsuZ%M@ifhDykDUp8zcxF}B5?T(bQ@9dwQ
zUBC3`B+z|3Cl>tm@IYv>Q=Mu{g-}UJ!-k1x6@TaG>~j9tt`N&JX!S|_?p|}k^<}<v
z4;A&x>zACF(`$8ZZqRBD`s@?W)}_bIEALr8yqd{L=9+a<^j{erLBo-;EGg#&kqtF|
z(I$x0r9Q?;079nT)5j%-u)45JpC5lYVxGYl3`%Mv_pxq|b`K5o2@)3;CS?1^E(Zc`
zEkVZUGY54yXm8c@8}Bblo?W-dpSSKk51+rK3B`CidtSPr-eqmdfb(@2!qo7dBt?dO
zinS~Sldtg>ma1?R4fQzE%mUD?ro2KeOnh22PZOj(sF7$jOM%r8DYEdaJSk1@{1BVn
zC%%NRT4>6&ufO5xeDFqbB|%i-WDXS_!{M58pjOGivT1n#g5jQ{SP}E0G7U5CXlW{?
zzDCc4c7Z9AU1G{>({@|YCqYiMnJCF(r3J50J|RnV5S!A??gC~e7H_sMa&nH`IxoGG
zY!0ehOei%qRGMNEoUHB9_g^hHvl4WoONP?O4((Ubwn3_P+{S4^-pf#VSx9c!{HZy=
z+aOV7%1jV{PEix1wh5V+O!t~&-eM@Mw<Lf9zQ1r2CLZJS>td1%dkKqL>(Z;J^M+w%
zmEcd^4r0{q$t7lZR9sJ$bLixsCk^{%<*7u7n`_ev%&u+3pLp{cqmjRl-@VMOi71UK
zDTm5aN!D({3%RCHA<wpl^=1Z5wCmFY-e`nzL*PP2t~3zj#`pGcyP)yXGy9S`JAHMe
z>&7Xy_4c4BZeZY^@gs#0ty|(OdK{4!Nx-y{w#%7vMJ1%<LVS2an-G$<RKUFQ>^@td
zQ)5D+V|uLxS(j64j9};fhSRwo<!g^jgBJd3R5l1wUSAY%Daxp+kMoU+jq@Lu#Y1c)
zlQm}Q8qjJw=L3VGs_K1XKbe`pe1cD8vUnNDWYN*p1ta(ci{NFoqi3(5-t?!w`F@yt
z_6p?lZkv%-QFBhJ2BeoeF3kq7mbp*{N7m<#TIPrL0(}G9R85S1Aq8}w?h*7c<TNIA
zOjSP#y+<bQVDOq!6W3D`%<-(2{Cd@X==oN#c5ixZ0cVi-1KLoYhm(0sa&PNiXWS)N
z9LcUmO%zfU!Rp#I9WYKcxiHBx8kJbR41ajpqOanJKJs8PBO>w&<FR;Lrg~hIVF)KB
zkR7Z(HL|2L-eUV`b|aDG-MxGj{lsV3v!L5mqHMU+V8KpaUE-beXJ%fn9fg1k3Cv7O
z!LOxzBP^moR`hq`Yov)wEkCfW;K)m1i|+=oRhB@n*GF}=P|~JO10p9~OHV$)O6A``
zJGX>VNHN(Vxg{!D+t@ub77<1uA+Git@ZlF09(jWR%KHV500sQ|IS?4|{Rp8fiC}9d
zq5vC^9+V7%LJS|dlacW&Scn7g{%iE<16cJK(n%K4oGEk+$*waOYAu^7+ZU#GSS-A7
z&9M%9KIBrzbS~zg`z_`Un}Q~Yvcb{J_ynR-5V~;t9;TVgd8h2RfmSot_s`!#t4eIX
zbF82bp?Qf%U}{<RetCY!aWdhRcR|VEru{R`4GamUB~msP7O7Fy!JXK*dqr_-D%HbT
z!kg;@l3(Mac?sUMq3H)zxH|bn);ZkFId>gGL^$N3ZqLUK=7_^wK()c0cTQ=B#;jOm
za2s|x_!6%|`2)KyIR}uB(UC?lU<LG>7nQF2LGyHrbirNlao1+{xGe|JdqQl}Mgv3K
zteTgaMrV9+g6RHIKab2i(@#Q3iPAp&5n~vBOb4P$Ba?>v<P^==Lv2@MoKJlQ;pJG@
zknD}eXE)1wOdB%V3z->fa^$-a)pqwhe=HT^xlDnBYzF_lz;>1Lt`QIE_4F@}1dQai
zTOPJggwO-zMd4?_G;|$AJ*?_JKF4+siNuGI-AW)9!CW;LU^C?LZ^2p``#6PxmyB=6
zVQ{siogFHdQ8Cw(;noyN`aIlrC_W>uwsM%b2y3bHBRZ_CO1M@DlgsRDDEuf`>9GvJ
zAL)#-Ix<X4JZF0CmYJ$0uxC|^TCew1ygV^}Gvcz*qI3IHM%P)^{>i3hiv`4pSVpZ$
z2Sax5XE;vmR{hQr90vB%k-)EWt?V?H8SSrTB?6FdtWyrTTZU2+)88pfMR;!}u#V1;
zeI)kZqxJ)AfR#CkC}}+15<eAuZ&8fwg#I2T-KF-54X`zlHw&XB?z1*qz9-31?`*bk
z&e8WiAinTTV<>BgO&R+N+)y79=%;0y8P#exduF)g3gL~(7p>dF*CChHb#f`@dZ41!
z=rG_?<5j*+dsJ+og-h)p_JS|)9qZf4ij+1`B5Oe-R!v72>RzcA#xWP{tGqkT&E)d!
z;jc-D^mOMjcU0%wYM4?+M~WF<CG!q_ROsE2^V!^}h}@+~RG6*mn0yBnkEa0fbO;51
zj>yKv2&xUS%xADU7xG=%gpWwVK?q7XpWou?%Xf?`@+|pqpEEtoaQC}zDf&4p#JxZh
zftNLeQ`6HyEoPqpJMfKIrIpj2Mq^mIutVb3Xw`KQ+*-bCus!VHC;YI+W0w4uo}n6i
zbGdp%MXA_WnW3=DJ;&RcYS&M%Z9_H6e#@`>?w%;WNO3Objf}5@!+hN}&`_1BjC22Z
zNbjafi&X?K#nFuki-jKT0rmMrm<$@&&9%p}<SHLZ_2eP!OcbbDe&T^iJq1muZ@1Yr
zln>sJ9iUy>eCP`G(PTvyl~)+r8MEf`D=*D(UIa+L`<1+O5`EZf%v=I}e2O|d+(l7s
zWU(EMgmtfhmQk=Bcy(@tFOxW@X`Sir1yeRh12+bD1XtA~Pm7^r5x@!wyij&Wp!+Ax
zDDXa=(5?{D*$LQ~5vhw&O$u9yUPW1$o2k6B1tnQkJ@t43oh|AL)uuKgpjR8B)ZC;q
z(sMgBl#Ck$mzEB3<tZL2Q!eb*WN%>2?<OV^Z2GPuDGh-zP#zv`2?i5^uxxll903k(
zN6%MR6D_`BL)MViOvydFv(_1M5tUUl3!jDmoEUN1Ex*Ivdd&US#`Pdl;Iqf^=!fg?
z4bO*gJD2%985JZD5EtHmVR$}-+rOpPJ`!#p)zCHrBrs)h)um_NNw~1f#P=2QrK;A)
z$dKP8?-iO$!kbGOMzT=R`Wi2%zUVtR=t-3kw*mp~OpYTGe@+D>&?6RDidHZ|7)Eiq
z;V&r=!#k}?0+uKk$hN}eK>pIj*_1hn#%REHYm8@`Ydh=Z*d7NvDBrebdN4V&fk4C&
z{ooa}TP+b>VYoSr4t+iCl1uf)Mcd8roE!=tFQ*th{{dTO3p*!qnMjGPs;5wFSRNCF
zX$}}exGUTN8lT5WFCu~brKYvFH*)Ta{*xnQ4Jx#mCmMrA;YruPA~h$RJ`O5`KB<Ok
zyv?$3bfRifRx)CtsjqNVnZl>a3hW@qGA==}=Nw7MO~)ds@}5yqxjD%Xp{-g8MY1y0
z?Z4IKU;{-sC9eX9)iu#Iz6F}7LpwoUCM|wKnT!}IWuc&IB3L7zg6QIMR72NJ-jiRJ
zzEH;O4K6Nv%Kc=!U<7U|Zyb@zo{n5D6sG$V{bK(naktqxK3}zm&i+AE@ReCgbnyCe
zsCodV!R-S3RB9dxrg8+V{>kpH@^yL0KmhUP)R43!z8tlnWa0|)iK0My0yrggsGy`c
zW-ppYa<V;#L?)J8nSmryouYtXakFob_7}N8`U{4fSi458h_c=p95X%bN>Q9f^A5)m
z#k-u_yy5IrIRO)`kqlVum?t9Au*}kR?Rp<5K<mlv-xGKbw~L9IX-MPKL#;W^<iH@p
zWsjAf_yjaJc(_sfS@g=+JdqfIE`>O*EfyhH0%q|(al_dJYUTM-$cSO%gD|3mp3I0%
zxa2%<5!Vi+s$JmZ35!@YCob|#lN??9UN1lS74ZHE3s^=%cUxe<*9<;aoX$6fzFA5P
zI>G`jo${Kj$90pSXfj_n^bj}^ND<EfKVm45t{-i5p%b@--@oX0lNGGoh+AqluUXq{
zX_A#iWT4<@x}hkH)YRu{>K37-FYR^o@{_{J%~pp#6TK8Ks)XrfN{;AziISPYnK~F!
zIz$>iQ~(t$g0-l1%v}V|stjBg`dMpXG}RwZHj}VBDZ*}$F`iZrk`?5GOH{>PDN^8`
zJlb{w8EhTek^Sxn0adZH{8K!bv$xK9di_f(CyJ<|yKt{A6r>=u0(2K>BkUX;9FS1A
z2{U$ro`$2Xh|nhTqI~5|4jC0-|NJ2Y&7NFqKaKij7mr;%w3!N53GyWw##IsPVhb5?
zYNYgLjF?Cxaz<9?`;rf*8-b|Um+~G<5z0_$Q&LpKN499;#Ao}{0fmm%QE;PNH#0Ad
zHcq~nZl5_?D=I6f!nkWqs>Y5Nxzh5f9U12&5ddE;noIVBb=nL-;(zwv<zr{-m`Lt^
z0V+>84|d9o@tGBL#|G~Ug7V16vV{Um+(L3_g6PER)OXz0^}9pi3e-qbLz%dZ$8BWV
zHw-FJS!vX277-fhFIOC=VS4KAlV#NCmaCz6s?(WG=2SsXc`V1&HMSQzB2A>5@ls@w
zxmnrWOZ!s1RM};bZ-YEK3UM)uUidr-gvZ_K!-%g`mBs{o(psySai!KbsFuuwy)bzX
z$9>QuV&tiJOV)_9ht0zA$GqBFP7zCf#gSN4{{e2GEqt1kxhI(rfxQf~D19s-hkC36
zJaurID0m%cp4zw-VDzH!fPeI{1htwQTTChVCxOWs;sn1LmR$co%)Mn)oXfT~4Bd1$
z?iSqL-QC@jK!C;_f`s7i5*iPh;2Hu12m~iM1PksV4Fq=!_L05sId|W)@4iRI`{QF!
zqv;=XJ+-Q8^{Q2K%{hVb@aDto^Nxj!!0A%+d9;I|)YY{*X|u>+Q1zQKBpi1}uG`m(
z@Zr4!zF5O@KFq%GZ46{)Nw=$EUAp%AmNULj>4vQ(h|*nqqmAuS&!r0hBFqH})8*|9
z@{-rr^$;ZwBl$A^#(<2eXYafh97;eD^)FS=_S5;tlvpY6e9qqSu-1ccd!SQs$5kg+
zwmh58CK;dJ<{<yDUu$W2*N67>-BkG@(o}aLU2wi?5ksrHoE{%_!Q-zdZLAeI)3XY!
z0xx*7Qi~Ban{>)AJ<F+pH;FSHFCXbR`05ele1!9^B0@=Ld@yHKHnu*MN>{)bQ{(!z
z;P0`sy5eICBn)#58GjUZ&U2Q0-e{PuH*4K9TImIg&yot%C+6z3@5v}WFlNYJ7%q%V
ztA?XdA~o8rF1C!E+i&6-8y@V<O`46%JW<K^_hPpG-X1D#Oyp|vt>W=(q<$-E_4u<1
zI4x1VmF_{kq96hJ%%xy`p3w{0`eerMi_BW@F;3H4^5s>kO=9}j3U8+wKj_~X2OGs0
z($gl*Yu{o&4Sj1*NjnNm1DqN^F}+s5Kj%vDtuy!iG0DVoh6vox|I~%@!^IY1HznND
z%V+3?lw)ZD;@A*60wH}-&yJih?uR&7gA^U)v_(6-N}O(}iJaskWbCoo<A}kh9v7)6
zLhorPT!Pv*9Z?Y?Mk_d;U6Ju|FU!USNJ*XnwCYQ%e%7{=^<3lUH6q^jLoV#`<0x3(
zT!`nZ_8hQ^AkOq-qvibk;CMs*;(p{eCCC511lQrU=lGBBY9FL4ey^MT^`&g~7kA+Q
z(p~LG$N#>o{r`<d_M_LN#6~0!8ri+1TMrW1hyxE2*~t38B(ndFyV~Hj^<3lMt_*)i
zul*w;{Z9z^e{yB`4+!|b0O|cV{L}g&^m+g}{Qc)o2zXa{bslLCdox`ZO>+faehqbn
z7w*>oML8z*FsFY3k^6l#|CEOIFFyT`(9d7mW`EJi@9XqeCsz$*8YmCNS*;K4PYC$`
zyOZBxjl6%O9Q)PXzp5v)v2A6;K)*rXn@&e))3*tDx>Y8BMCb$d0Uv?E5$*GXI<Yal
zCnr^Z5bb<*`d^}*-)Q`!g)^di%8-Mj<*$mU=#RXMnvQxNMawhyu%KeFLmvxm5*2RL
ze;&T%=jG+3ub1JhsiTvWsL!Y3=A>_9s;6S)6|R{bkeYdpD<{&##9xDC>*j|#hD0gL
zOAExK1@gMn;_-fdU>cXoN(!Rr|AS^{s2QhR{#z#AcBT)76XRo0Ts69OHePyudI?T$
zL4LwOY-#le+zhJ<`$*J7#j`Ryi|Vi|AKNlQYA{lWiMfVG0MG1|Ploq^a1nEv&k=ow
zQ~_#`k8Z5aNs?}B@SRGW<_IJ+@$m%8xXFV|8Lr`vZ3p<1q*UVUgEw$%$L-A>1H<ez
z2~a+OWDz!|tnT`O3jv@yw6ZtG#Cms>?%y1ng(a)mztyq;1_X9*PN9<J1n`U8SLOrT
zcYazJH^+)NtGPA)81TKkZ!M}RiA^CiIc<5a!6@FkRG$2it*STktMvl-PSVhc=F6RO
zx%HF@UTvVukDOJHrID)u-#M4>JPQT%fy7wuC&w=riOg(RlQvpY9_@AdzB0p2{#3S^
zx%{O<r9s?snZCx!>|OH0>2kHI3TN{MM7hcY??v;wK6(imQ#WUso~H?u>>`XMa$#am
z%?GbP^M#1V92uk>m7oo>M0)AJivA!#uzdJD=Tn@+*)&&Mk=kAJu>svAo1N~w{Yw*O
zhRNf$u+I9G*y(5JD?}dKDU$=KStI%>FY3P}R~;=KnGBq_jZkcH>N1|+6G(FA{nR^L
z*?Yt9nse_-&K%`my*X={@O=7=p8p`VG53r?rF7I$S8}jryy<@T=iI~x{Xq2qztr{V
z&n1-k?M9MUY2`k)M%ykQf{y)i=owZvhF#LdKe&x>em=b2zuKwvN|1xwNFbM{POz3{
zaJVt}Ewy~I(G=JSpHp$QHCf!`Y`Ze88cZ8;qIt9A>Hj9JZnS>3wA|veANB3a-g#-`
zzLgoF=I}k<i~##@i|wA0-B{!SAAh(&TV5aDhV3yt_7!b%U>B8ax3|goAsTo!!M~C-
zBR5N6s#5o}w03i&)ob77%}z32c1f(01n-V!m2r>qX!{~M`u#mG?~P-q^`L2T4gGi1
zcAGVgrS^dPeZ-CU#qRt;FKGS<`<?3#My}BA-(^sB+>hRaLn-sN<iQ|tg#I11chk4v
zfU7IJXyvlDb;-aB{B@u{Aeo8Frf~iK=aS*G2W7m>ip9qdVi2foC~jzLvA8D_x`Fkn
z8&;d^>6^^=4?3v7#2e7H#zdM@en)rw?%e*-b^ZxC{}+DezmW6))Onsg6rKLvFF*Y8
zC*=HJe*PcbXTU!rGx{|Q^w=xgzr=<Avu^$Y7yfHpzuNx-c>C9I;b_MG@novCxS=Pv
z$%}F7w+~sA*sl|RW``;!dW26*Y;Y9`Uyp$NT;D9AXDIra_IHubAFIYr$bSIi{4!_2
zt?gy`gDD#yn%qB1$o#W${<%Vc`|sZxzpNbm(EgP{|L;s;Wn7$pRV85hZ%e)^(YF*7
z{L;F&^>q$rDNu(Mwog_4UG#Mvm8;;tMPFxo;h+95Ql>xQ=l{}9e?znX8!TELLY2JC
z50mk~ilP4Vj{er;-|_Q*K?e03Hto;&`LHI6f`NO{x7=4CwXf-FSgL<mF272?rQqU)
ze+i)f*Prf>0Q!G}Mr+;5+WO9{>Z!E8!V$Fz{VVxb#aq_D0QCLc6g7XOdHzS<vp)go
z|MF4)0HFU1%l$Wi{@4ETx9vegdq5CcJ~ZBcdH?+0iz&Cg#orDDzqZS-_P=Zwj(_Dq
zP#eSb|4SmBpp;+`uVRatL9L0KA$MHjAf`3G4bPzL=YFw9x^^c19(G=S#-dsFb|%3Z
zIZi=I`qZHTejz#up^mAk@ZU6o(6yjW*p0vIlKmduo<7+9seHrT#|N8>p&=mf{rh$|
z=dgBm`i)1&@4@K5+CLcni+-odXDRHZy0YHsX+xt}h&YN5i+EHi5wnuCmKOH=p`;vJ
zu7Tbq<$9aZ+#7<{Yb=UWv=~Y1OooQHdZ(*0=P)wQi`EQ5UYD0|TCMk}YN><1c+P+l
z4j`|z!eEQ@6MG$X;0i%bESCk%3jK-fVpI-0sx{;9x9;l(ucR1=F2ei=Tafi0E4?ur
zQVuXcZJW9~%8nuHYZaJ}FiW*#GJZ24ArEWI3y*kG2hnMw>EG!b)lJV54vou8SA6^`
zOh!;BE3W0}YYq4Fa2<NGLNYNaEs(0}rE8)*ozv@>3b7Ez!Z<bKx`;Q)0mxs4Ka=fc
z1gagp$GKzpeDDZA`3V6JQY`$w9kU2Y(lY7FUIEf+o*CqiDR%sJ9el)h`ug#3-L_pM
zm)xPO9=!~z2wPWWz<9*V=LUGmsSSy7A(&||TvK}Ak(8+v4>_2NUASjp)_iNWNiy5r
zEh+0{4A7tA&KtrjGb9>o$4wfwF)aSXPDd6H+n%-si`DM85Zp}p7P9R6xB)pY*N)p-
z*A$R)iz(nSkXRd4fdH2<9j>EFO^j9{lR#ECP7<qHX-yh^ant7hyL{$<FB1DcCU?09
zU#j`g{<B45>GgjtlHclEHgq$yGt=$Ow$m~)lXZ48(vu9oW$1JwAZ;hLjy@5}E#q66
z{W)`78-oD+EC}Wr(?QVvRWt$(3ehE>a{GgS{pC&&vnD?Ltsdt;cw)=HgY5q=fAX*L
z^3}#5g(Ae7nEcKrXXilJT9<;##E7RNTK&VS1TG`YN{#>B_yL9QM96Ri_MvamN`5{6
z_7oGQOplFOK^|uP4U&PRKd^<y?+R4HwkO&&EqyDv=mmUx#B8Ot(<Da4cWnYY(vqe&
zC@uD;;_O5sk_F8ai12+tpkX6JO2tCROo2?%wIFZDT`^_q94Aw+)xOeF=eCWIIU5=Y
zk9frq<0l=!E%$66U$0#<^Wv=;4JS%!;BU(9Oj&vLUx)rkzxDmWy7DV{br}z9q2fPU
z4|Z-G4wk>CZwwzC#;^7dPUE-ru=QW-f$*2qw9amtX-d|UwO^~^&r9Oi5nKS)fC&Nn
zL<!&Bl>sX7H_8R8dAPWE+&ya5h<?-|sqh;342w;F8LmmQN$((YiR$>KcrlB~ZGyUu
zCz03Cj>{tO7{cVadn1r2NCGk7mO*+68OX+a`Xck__Yl3qFVg5Aedh^wT$0m+33C4<
zGuS`)PRsw(cm8IE|5{}KV_ReyCiQo8bX0Q8UB`ug&rmsue;3HkS%J*ON2X<E4u#@@
zRNR8`xuk*+Q>>r68X{QmJeRWLCEgo(0pMUpDBA0!EBL|PJ2U)S(bYhp_fs#5KkT3N
zhZ$DlXa;pZ+?j2mARtKp+g}TIZl*k@YA-CToUMeo9-!uyo|eCDf8&R#{?-0ry7>oX
zgNPAukveksqn#ESoEAo`KYZ(bc>V2Hw8?jIsu|T7?G-_RUwX&e2I(eVA{U}3yi|><
zS|w|UIY0z1{cLVc@zbyH&?=X!<V~I0r{6vZ{JeKcd31<(uMU=Z9wwy}CSw~W{Ul7*
zOYQ*@A!8{gttThz(JiIcE#ufN{j6Kok4{R4PR5*0T8B>7tx!s(P{zJc+OSa8$5Kkc
zQpVa++Q3rQ6E39zmvM$mo4{oQ@TH{jWz6uUwee+LQ>2trWb9I;pQgxq>q*J$$yn)0
z>+8wBn3PhVlyRDrHlCFA=aZ7<ld(X0ivk$Om$r@AunkVL4WC9<Agz-Zty6?}$T4~-
z5P8T8dMIL@%5k15P@c+5p7tT2cT=JFVx#wPq4y!jbu-2F636uj#q}Ynb<?T!;;Z%W
zsr8``ce4%mk`4EW4fg@qx@p*YaoKu!*!oZ_yICrGNh*6pD*M2W-3*SsgpNG|j(wQB
z-5k5U6uUhVyM2gc-PB~gIAlHCWPK>v-OSm&kFtA&v-?2Ly6K<w5<KhSf7XYw*v-D!
zOTO46zSsv8>!ua!#S`n{73)K5>1J)|C2i>uZRvyfbu;?)68ZHA`t@PmbaUSHQr`4P
zhGvXgI#aV1hS!b}_I4Qxp}F9&<;&Oh6ZYgA^2IuHvlaK$&Jy;m8H&Zaps?l9*LJ6M
zCmHgnIy18s71d6r^-dUysJc92E3m2^PV1>P6c}<AW-D2*T}<mcHk2500ad;wsO>W7
zjxpqBb*8T@Os$<T=p8f^W_2N`%-63SH0UWe<gak%uPmOboj2&)HWaUL!KlpRuk9s-
zs<Vw{8p8NLY)p3<8nQY#bx!xr8;Ux(kXIJGs2!Q^`D7@#<1AiTa#p)M-S^W_a>oVe
z_!gtKQ=mIyo{Q9(*0C_Yc3hyhcV39p1<x^Gy>>vLr+A((%bC})_)G1aK;Oo^Se6T#
zV;*~LPeXUwJdcqxt7Fl-+Np-#>3I<&7gEOpr`j(KJq_~$3(lgBC403?4SnbH5(_Sn
z-M8empFO)@&2x)7Gwv4V)PD8s9hnyvbs^f#H?AG>?5UdPZ*~^kEncc!@a)^47jJgK
z+RYQM?K|(zo#*v+=G-l6t(`gVU7i>9b)noX@UI;`?`fMCympq{ExD~-Iq$ohmkd$R
z@rZybMVQ-0m_3QG@KS)vDVSR-nCU54c=STmdd(es&7SpI_%T3b7|hKX%ybwm+=`(p
z#pd?KW`@NUKGskLYjbOBGXrZ2&kd-?hPm^GnaPGl03lSG(A<pBOq<ZcH4UnqW^R{e
z_B74H+W;zWU~Xk#rf*>JVj8MGZSFK}W;|`-F94MlFt-3#qX6epq#b)V96Qq-d#2H?
zNgJ$08*Ct+mW-a(M4ncHo;FzLmYnC-l;>8G=bH$aa4O6VY|M2o%uVE1aHdxq#IM$c
zUTq?2!09wL@HN)?G&a#k;A|rsWFzZhBbxvYI1R@JF2_0#$0lkOoTX}mq-tHHY7^`X
zXK>yibY2&5-o)I8bL?+W?5|7gZz58_sUP%IDAu_tHc@in%()wna@U1(H$f(FdXo(T
zlXZTRO^jtY`|<|)^1Ar)CQt%SE3ttmvCb>8iPi>ZZQCGiTNiEHgap7D12%{P)&&DL
zvF_lUcN>&<>ypw8DsJIgO5r-T;o48ab-m=Z<m7cM<+b(Xbv=5t)OvIrd$gbR==#xX
z$<XVV(`)O{>$(+bsTAqh7ik+7>H1h{DOl-PTWK3u>3XhfX{_rwuWOsE>jn^LNfYRp
z5ol`@=(?tADW~e#rD{J-)%DiblGoR<(%074*L^Xir9P$OG^K4krR&eHCCjg40V<6K
zOzBD67jM|-rP&uvqZ*Lb>x<SuhP=>Yd|^QJLSOL3W2`eh&NBnbGkwXk83c?;DvW7t
zj43XR8RYm$rub>%_$i_I86@>dI`wIM^(j8}8T2ocY+t6yzD$XInE|j*(y&kCvQP1_
z&!E1WWO+AD@@`7x-3-`ilEG=3&}mA*X$Es|l4Eb0VsA=fZw8TklA3%PhkS~gd<G?F
zk~wGkQO=Zb&J4(SlHPclz<7$^cm`u>l6`5Kd}&I2X$B}hNh>~$CqBh1K7-ae$=W(i
z+BzlLIs@^aWb~gV@}Cm)pTWAF<h-4xyq%Ja%=)^%Pc2p$c|1nZ``Jeb>i|bAU-7t~
zqNl)zFJYfsthn!ZmZI;wk66M1idY`wad&QavJa2uKC@U+$?;@v?^hoY&4Wi`1vbaS
zxji3z1V;CT#Y#4h7jyegd?ZE>KrL^Hj=M~{V|}<e_vu>-(~l=idWU?3IS&Y0@*f`$
zn)Foo@W0>ZZz-NRo;T^+@ezN2fYFjCc-%{|sxCH`<pUEu*;wu}@?mw^>s;<#@DX)6
zAa5ync|5Y*)9fR7urJ<Ha&f%8+;{CGd2j&qdy944DbXGIlZ$en)~_((cwC~l@23#u
z0iIvJ=J9|;PsvZdH~YMP#iPe_5`CLL#oipC`Q>pQ_q27V|Ku^<XZ0(3e>~OJJM&Y-
z^nlc_z~%T$ThGUz0xSEXekBLTOKp7@*NBooB5$fGj|u{Y6RuGtw@QBA0`G1Y-uO(o
z-;8!CNqYVfa`P*E;IR&0uzHA!-afSd7vaP2VbWiO5C0=tTupjImiAgV({T48NP3<0
z<hMYn@P7tMtfL#;F_C2nf(R^7s~~^_a*r@p6t!BK?tL%<!)SjHK**)*$$etSFaBBR
zn(#;X`5&vMf2D7X#WO`c9!||157bD1x<~sbIgx*;dHf63zF&hH(az4y&B}bNGyD+j
z75&dKR50<7xc}mx4GNwe*1eI60Wo#qy1afGR&L-e@COQ7s1yPN(igWF9Q92V1rC_^
zk%Et%caxNSoYe3j9V$+2WTri~%iDCFv=Dthq93`HbbKGtR^72^L#)3`yC=j5^@~4M
zK8pCUj~Jad7pKn$g6CTD>4rypU;$}A`C4}DD=WAr2+fKQJXs2*M)lN0%`C&UY*xhF
z&Be#RPzqW~4l(037=I=ZoP7iD&c1}lO~Q9WZiZWM32EKY+%p!tV=gCJ*1GE^FS{p_
zZZ3yYE|Z2AC)bj?7Xb{$vdc;N-7Ra`H>Z~q6T|p5$2`2e_gpiTZ&?a1vESqN(I|fP
z;8py#INWlXKbh1$+%lPRxi;B#+2W@F%#9mfOS;Kdi5l^{Ku_RFxD27f<Na6~LN=O`
zU)z=M!2vtN#(-{;{Z<)IWm@d1@<&FKUzw3Bm!DtlALdy9L4Wc;$Vi$0EhF_8i4iBQ
zA&o96eD-)MKwC&}V-hHu#Nw+tZ%XPoLNr!)A;%)Wg-r(y@7Liv4Bwfm8^rd`?$-NN
znf9PdJOx#|Xe4KzfeiP3@e9|RxfK?Zp900R2n_qUYOTEUW;(>p3!0z9cdKtM&(3wP
zncl}YI^Mu1?-S^(1Om}`@a72XRGmI}82#u(U_spIGSi#xput0hpZi-w5zu~+CJy^=
z3nMYw*<p~81;;@pKDuT?mwTG39rMd$z{fS5@^M5O*zT<jv0L7^<}cV_b{|p$>gL1v
z@MX*JX?F<8o?X$IJnfG(l*rE-J10)(e__X$c}V4&&ab6?7E=Y#uh5@~O`C51u$Hxz
zR_^sGi`*3zV~p5i49X4YQbu+`r@&SY;&qT4!!L;-Lsc@Dwnkk%T&p3?#KHNn8K<)0
zAvJKR%&MXz>Z&k>J{qk3wbP$2GY;<ua~O5DsMBk~H18$b$)bzaO&8`@GyYraSpPH8
zC~r~TwEN(eeld0Y2blqj|HqjDu3wn}LlutSc;>x-)!k=kjXYx7L%~%Gu6`t+7b5<^
zF|oj=_P{Zr;%0V?M$Pxtq_G82OQHzf9#54l%z9KhIdXeb0>mH4A9M8^lYg$x1CxLG
zZHCr~H>T`TUIdLP%oH7G(;wyQXns1x9siB6-g9v-wPR?=C>39caHcv4+ZE+$X)yv!
zS!+|Z129Q~|A|1W^C6aiXi3TFE42iPc%Ud*J&;LE0Wn&`9ti03P=iz)&*c6<<Nqt?
zg0u`M*?TxII-&n3PT$_#l>2`>GyX*ahJR2ui2T=?F(WsZ=(mGnld{0yj*JVvOMS-v
zkAofFS;(<26uCZMSj~PE+u-m_y!1u-s)l^12qYR=r<>#?h58KxxrhJIn`h}s3g}s7
zo%b%GaWuhP_v$RzcrmI{GD=D)v}W|Ra*3t5>iMeZ(abe;4c&>2xSDIK0A;3Vx*EE~
z!X&jMRa9l>GP?T0#JVJn303d_QwH4!%f!kg^;%WT0p=#UkMP8nB+X-0L}sS&!fO1)
zd>yqIRTO6CqQbhA#9AGVK~+#0Q)*$YUShe9dbuh_8FPJM!(`$o9nEc3pdFL+gc6A=
z9!gsAgj%L5njQ1I!uq<zh6#;%Rmc`oPT>cS#HtDPPpVj3%&mnVPZQfFG=B~uJYov9
ztVU1F<57zkLVm<tU|AQJSi_^yJA{<Mlx$h6mRQE4UOa@J!TiCpVK}jgM{{Ec@RTXm
zvW6|Os8%g)2=ys*g=KwZVtuW~^bmNCDa-PMW8%A7^@btLIp$`|kGqMjwVLNch{8;f
z@M^Ne0yni+Lny+`CGfiJ#1C#7BSWAjrgV7iv&0HF^{OF^CgzXuhQ-8YH_iPapf^(j
zyhbds<XA0t2+f=MJ-ogp@#C?^@(|>T=?(mYU*h{?^|m3bE9Q3i$D73VV@-MeykfnX
zpolRTiHfWPF-FBVz7~bCC=z8_2mJW*alTKzW3Ne6EgZ<=D~|Zu7{<afmGB&J)yoI?
znu^C#GF5aPNYpE~_*$*U;xd(a9SFaa&+#>HjAdu4x;s#Oskq{6CmahgR6=vWVK48g
zYfKwUGE`A@c*I_@Ue{tU7GtQ)>Ok<We5&r#^uwW1)xm-MUBy{lo4{BENnw0ljlek6
zsr*Y_Q^Q!=yo!+nsZ+&XU90EVt9fNn2co_5rMl+xvD|r8UkA#)ircz&%&}k*CCCmo
zdHH9L##dvBA}WeI#N-v<Jz6xzqD7P$ckpw{zj}Nc8Osn+wb>!dsW|ay;}{G7q(roX
zYg|6$(Nr~-`bp*S4vBHajz_EWSo|kt!5zY-@&%9P{jr=+sxNmamMX42+9}3DeUz|v
zaKy{|P8)N_l6_P(cOHpXY@W85jK%sWbM6qdmd~7iS{}>tQFYlNZ>_jEZIc*_{Ha8_
zgXdp9dfL=Bmi|-4bcfWx;^4G3U@YOMvg8iYZTZS+^WE5+pQ?d7l(!Z4R9Xn&E*vT3
zFgd0$1>!Jyp)f@xIXOBx1$;SqJ~>77ZaKDY1+s2=v2H~Gog59F0xq3A51k@vp&U!0
z0!g8~NTDLwQjWn=fzVQ3z)}$tF2?~^pn%Iuz!eek<*4x$aPZ~1@fA^0<d{<w9;L_&
zrznE-<mmMj2=wIn^%OBC<=7_`$S38+Cl!Hwa@Zt!+?iCw>f`8N#sTc(sPD$XPUDz+
z<A~(rC^_RG<8h3oaiI7(TI)E(e;n(U8v)3T9LkL(%Z>h-8$ipATEGpq;KuyUjflsM
zlFSX#<;M8R4dmrU`@jux=f*mzK|rfPj;%pbtwA5E0kGDfR@8tUYA|<d5J_uLvT8s^
zH5dyuK+zhs<{F4^4c4_Q0>l+L(iKV36}`_D!03uv;tIBL#oTm7ByvSbcLhCm#h7sg
z3c8|wbcMWh#kx2`z&b)sI6~4qLLWT>a2}z)KLWcPVICYIQXZkaIRcp;VXPbhC6CbB
zk060ZqurBGYrc;`;ngt0K^Y@rG>30&E%Mb-gab52__6lmY@d3nUlR_Q8<E929I>_0
zSBItb;~L?r+7GZb6;-FC4eA(?s5)%1wOUojr48^H5f0hUu{Ez(XQvIh8Bq*5T(Pwi
zREHS!qZ;9`+V@m8rdB5z45}DCVs%)rY|*cdF&JPmBB-#Rs{AxnooO&+Z$w_<a8}vI
zUmZbc8DCk$Ujucp|5DjhU!68RXlO+0;ILQO`l9;P^ni#F(T@F6W%F5e?(~q45#^4<
zZDl(~b+AA`cmbQ#{<C9ae08G0puz$%sl#{27WL|AfdPgE{4D#gj-S3%X9x^gFOX$9
zoH(|zSBE$B6E5Hy*$+83y{k@b7&KTQF>=^(Y;~%RZx|3*AY8CtaBSYI&S@C(T%cHR
zxOQwOuMYL>$6UY>weQ<)%&AWH9Mo8NB<ira+hSZD>p8%&K+tSIv-@eOI?Hp&d4asy
z;bON<ygKr{pJD;e*M4-jskJ)&e9&Zp)Ysu)x7EKo;e0@1f#}+PWw-gZ`px-Jzyjs9
z!#$H;h{D7pC~|})Q-n2fgq2W)4U&Q-oq{#Kf)$^F4SKI7Tdy@)ua#J@4S>OthQS(_
z!HS2$2DR9drP!LJ*h-|>25fD~U~NrkZ6#oBgSlbJv0+WIVI{F)gGgveO=yinXvIxv
zgOX;+oM!zf%}O}U24rAKZ(vPeV8w4>gE4K%K5b1tZ6!W!0~D~tCavMl;(Dz<7x!f@
zgncgN-CTsz+^fC0VDh=>oVjr0x%j2IQ1Q9g*11UkxrAHcAfRwmsBoC9aNK9%5L)4w
z0^tY?;aA^<gYkr;lZC@|h2y^phw=)?eh`jy7fv{73PNj&ifsy0ZHgOe3Sn)Esc4FD
zXnM8N6inI_oz)a>)D*wa6e`*j+uRiC+mvwa9R%@?iu4Xs^p5NE4q^0;De;c5@qV@G
z9ZcjMo$ej}*gJm4J5<m+_M>;?OYek>t01hasD!I9&8xW4s}RnsnD<u^E?2J(u7WAA
zqTgJFn_k7QT!l(r#kOBX240Q!Onuw%xCn|ogi#F2`VwR9d=qO?JdC0kp!LO1*d7=A
z)OYxrV#vamEMezJtc~$7EVm!e7guw8K&+|cFeP_T*Ox?dXG^Tr<}faIfY+CBbbC&$
zdGjzkcgWqBVsz(9texmE#H1h17l(7Zr=>CdFv(<4)%OwS&U#DB<HHz}0ajmv_uEq~
zpJom-O@<tN$=~mswX_KyMo_@xTWSQ4pf1~ATADr{rY#Q|`I5Tq?6tJMJbbl0AnHqW
zu)WmMd~uk&Jml+3d9ZWa(vEc)EYT0S#-`l<?AMrZm?$x*cuh>X^WCpS^DtUsfbkmt
z&GuKnPosw!5<@oEWN&s({MtAV!`u3au5nGbhy0q}AEveqKE5U~-P!SLbvcZ08xXuE
zT-jdmYd$#4X&ZWZO|i0b?bl9u7#h%zb&Vsr-FMUY<}f*6Q1kkc<j&?zi|Ju(zyRkp
zLHqX1&8L;atbiexYx4G;i<>sd!^pdS%4@v9?a`a2_QUkMLDOr}z@3Ae*1*Gry8+2-
zqWkTYo96pN)4PTHOVfKISP&Sy8UaXwj3k331C{~FK)R5+z+Ip&2n`Yqm<B`x$v?ej
zJU&>tOG(Zhy6=AG?+g$8!`;NMI1_($rRzUWF8n#p{5`qw7jfplom{9uJ|yn_JlRKz
zKv2yi70e&Drfm*g4da^gx&tDr<t8G64!i%5T?i<X|N4hG`q#np<qrk<fCtzLdHjEL
zLNR~1UHkpI<u6X2MXjJ``bI=&;?st{x-m>KG+-9<x3f#}=8)N?@ZhCc^4EM!?0Iz_
zXi-Z`F-yjrHqH%1>&u(|?JJuBEk8?%UPZc(X1d?>5jWqiKU$CT{X!`@?ra`weQT{=
zpJlV+G`*N%vH9YWs0-V1`xIOIUSi=%>Ca5oL`lQk_a?X%bQWLUha!?;2O;$b5x&Lv
zf$%AaLJOS<^9PU~0r-|q3$_2AXb8v<M6E?qikt!(L`)6h3Bu7rEJc5Uupt$HGm7yV
zpdVxy^hk@m6hjYGj`$*oK}z>6;uv-*+7rN8&`&9cx1cdxTM!?B1n3lGE#>}}b&TQ%
zf(K9pkQ2lqW%E`P3aSImBl-siOG&<kKrv1sK0yB<L@CX;L|n+k=;(;O2(-c4Qg?X#
zWW<PZU`GTaC>a+%F<1@A07wpc)L{ul<-&W7I*a%<_^1O3N)5#t1`;BC2%77lfnstI
zJwYFaq#-y2r*^PF$*akpAXXx#0fvIkf`HW|vj~ph1_aTd_zngrV>Q7nco)zBY(`Xs
zQdUzQB4i^Hb>KY*Eh4;xVpS6z0x%IYf+VpYYIc`{u&@D0fXHC24x&R~NN{Ke^(rwo
zq8y+`3LhJz8$mIsK#B|-90oj+0>hB#fPKMyROI~togh6bJS7C&V8>PT=Y);O*}xGX
zQ4rZG(sL9cP&SwY*wmrCO7Wbs5pfZz3gO|r)bU~!=Q&y<h8UOv0V`N+74tcf7o-Iu
zf%raXro(0xc!+ZeXhB>Ca0aD!;H@$rqI*?&7x9AA?nUk~ZxFtMze53R_x$&Gm!P!!
zpZBPKKvqyO!~lI5yAtU&;uB>qaxUZQ320B}Y3E>&KA-~K08|NhB42$BWq>L`tvUyT
zABF0JctO0t3a|lDCHRSYwGWgK`l4eybP7;`VU1!yK1^1L_=L538XDh862cE~K$`|s
z(mx@sW`L@9&Ij`Y9WbZKD_Nfia<NvQL&-aQf?j}k0M;1OIF)!$G`UEt1E9B^j-5Y)
z&OoF{(`c1~v(RcpD6lgkC>~4-6rgYvnnkXThFWy?2CD-|Q3OyO0kc}wX3%r!hYst|
zFTgCI0Fk4}EPC|-RJWrzL>-ugC4e`K>4-S%R!soKgvNHJ1-(NwLTNyCWS`Zkwt`l4
z5{9q?7QhWCj=Zy;)fiCH&W4b8KqIUMpd;F>1{WijO?4~uy2CSAIAjmJ0Ng;?0B>M!
zAU06$BD^MgjrN*#){HB#8lhUMIush&5z^t;dD9Wn+0yCPA=B|HSUy-jv?quhga(WS
z#UjKap+V3<q5wij8Ym5rhVDtmM!<%{hQfxyM!|;2M$QIg!`l^`1y!>`i8?ugjlrTA
zp5R@U*{9X+51L;Z!B(N`K{*IRpk|0CaF<~gSZxIT*hvwxgxHMcNx4fh`=VMAdeC7K
z+zR%^ItT31&+=B^q+eK6i&Zm1H9IAOS`mHG&T-i8&u++f@n&tRIiaSVC#EOu$17*`
z2GUmzc``jJsp=Ja@2m}$S`@w**0XO<zFT=~R?w@SDd4c2Z&fiZUg>+jy;S1Teg_0&
z*4B`VS^lX0Myv3OMBI9}@d%GW!?0=4>@2f>XWC`9(e4D1(T3=;;7csc_o0z3{(iSN
zKmZm56d6V#oSBrFmYe7;#wxlgw?E}D<FeTD;(BDs_kyzJ{_yDQCZ}n;|NYTP`UY!%
zIGuyt&W~*Z)+*Dkx0cMGC#>QI(|9>tbPf_CCySk$&&fqRw-<{X1S|GISeC~rWnYU&
zU)u>foM$(kpKNeGX|z2`y6LO4+G*Gm_1t$`Y_&OPyM=Uh(b5#;TfFM&?O~*2pf4%R
z753e~36D+ZFlD|erI7H+zJPCi*yJ>6^SRyF6J3`+1~SOMVHyhbeHJJgQ#6$Jp6Q0~
z_6m0QU09c5S#orKK(_=<d|Hws=f`m$-bFj*_Z8F5l>|9n+{2rX-8UD#Z&q=Ifa#s8
zK|~NvP!(1cs0zawp$cMx-a^-i*~sDL{T%ObaFw8gHRLgX6X=ZOjB0`@cK<mI^uT0>
zVM5vh_EJAIT-EQW2r&wJ3=xF92by3kqPK8(ksdaz?sXake+0WgmeE^;y(|tHR@FP%
zJ9mO-AT9{Y*ey6-kVC>%_Ri*zm%sy%GiaH-h0#m#P-C^V(>KT{^aAk!eHr9ObxC#D
zxq90P30erb03ARikQTvyOqX1T<Es`OeZdK!H^>qcesq^ihbXI`I~9X80dFuQ$o;^V
zY=;A@x*eNAqevftZ_p$N{74$bF9C<)tE`>rL7X5{P#e0R@FnV@_v%R}c?VH2CwK+W
zhU15KX?-}g>d^5q<UM2sp$)^2{Ziy`Z`HTsWzYfA3few$8<wBoCC4Ff^}18ML%b6!
zxH+gf<T}VVm=fs%^b+_Iashq`cnQV=OQKQ$_96RN6sQ5jV#qhhUI<=PUc_E>Uie-#
zm)wU>4(Ses4!sVM4xb+)A6g#T9ugmZUwyhdw<^5K*x}x(8B!8d5>gUe5^57<6Jm-a
z2??OM0bDX4eqBxP7!7&@Y6k|8-+(Wj4u@7BcN~PQAhm-6ux?l``46vG6FMkE+W~>7
zcj!0#m+pr|tDK#bL6S&;z+A{3(hc6F&Ed`CGr_}yRm#qlkapl`An6St_de|scq4uZ
zL4Fh>Yb&dinfHVXnH?E1515Chjhl}z_b6%&`zN*)H9ED5Y)U8-q8Wl2QXWJbJ)b9x
zS&jhNBI+3XLDfh`FN7<UE4UOvn;>6APBzL1yPlejYFl<PxD?F{#SBv$n2#u@9%YCf
zPemfj7i^0<PLYoxXB35r{f^2|wl35bJWiHRD~A@9)*mQ|ZA|SW>k;__aU9Y`lFul|
z8Kr@pL;X|6BeXh%7}X4oo7fy#PBQ8a`!f|-dR7WOk{E#-+Z?IeHi{ctm#SA*E$B5W
zH;y@Ow`Ei!b^%qfbX+(wgd5A8u-g&YH);!;muf?HIQTVM4T3pC7<so$)H*gR)wGO|
zRAs~ya1F9KcehAXDs~0cv=m$L6Vw_4bJA|ls55L*Do+{5h*>}lnmKJZLlimoD{KyI
z4eV>`XVlr$=Q6vYLI^da=2&5*VVq%%VMJk)-O^FA*ofH6*b>+Q*!$QN*umK2*oxF$
zROVD&)HGDDq~&Dfq{C#$f`!m=kZ{m(061ug;6#K(<V3_oq(t;Ylte%xY9b~M1P9BN
zj0UoX)NL1)jBP`$Aq|(w4iy3>f)X)Yan^9V*`q43XQ-TIpG7tzy5g;gb%UZrvD2xm
zq{JfnL%qPRlxv9HXi<#Vn$#vTVqsoLM`UXp-QrO<Gbf5s@39Z4mSz2dy+B7KYoy(b
zQKQ%^)XP#W;e}|*Xh~X%fbr5FHK%=L8Rvb%$|WD+H#1wen@_K1GH!i~FW)C$AMl>M
ziA<JM#~10j7b8TY{1(oD=IxZ%cTTArwt;iYJ*#&2{_FJ$BiR>=pV!rQ?rCGkmj_21
zf$D^T5@z@4W`Sa6fe8eGl6+@F7n@(tHp2>xw?`w>?!EYAgXyFvBD$$um9AW1l2idQ
zgMo@SMcNpJ6EGDio*+wPWh@<TB`d1bFg?^HoWeEODRpYN9!Q5?DU~`yh6VB^@*Qd!
zpfCnjF3o~9fRyy8kOXEgQyXT9ScX~X1GASd$0*|{+=dNPPeo25=&&k%p{@^_B+;=@
zQm3j9o5a?kRdS-@51&NWF;X&siAZmwmx&f~z&^=rgUiSZ&tX1N+X!W}bPh`5)Mp`<
zXl0Uxh%iU0vxrH^1XKw~jS<3!q+_adON9~6hdx29^qD$7h>viBN$ERvd;}lvgpd**
zm3kN-%7mrT2Ws_DKJtlYN}e!l>Dov>;DnlzJC%AcAHjs1QY;mFL>*uPpoB)v9?FL`
z;itq(%^qBbKf$7uMdcJx2bv&Ja-en!twWqpP+FjV7g|R#VW5NwGmxD}v!kSARBEOY
zmT?QNqntogs)BjS&WGOIYZQ^gJY__X21t`A>9CY?VF0QtspD{b<N>q^X{9^ZB2|;D
z2r4tW4qYKsi5iwq9WEOagb!rKpTJSlhGEL0hNK`c<LICkK2dUo=}^;4t3=>qZ4noG
zDA~a@q(m^7iFCk)YD$dMR<eV^9;g$pN>5=UQlG$EJcX>VDj5;9EwaKL7>CR!q%Cma
z35-MP6Ur7v;Wf-z`V+<$W??fdSK0?@i@UG{Mj_>cyd_*Hrld*L8gz;|p{n$rs`Wwg
zY69}GDgxe9`-hxr7X&JsQu~Ky|B5ZQAeM;C_eFPTZg;WwyoH=F`u-j&qR3~swGwb#
z7zWi4tez@8q!R5ZRxP!qQ@;p|RZ1Y_8KE0}|2h?^Y!!Nw*n{3C0d;!BGjJ_4oCQ`P
zQw5$wcYD!)Ml}=Rh&YE^D-0)r?Z{REn>gTLn1f6esEHYF4KtE)MsGra6T(PkoROLc
z;2SU_S!ZAqFPsDRj_PCNBBC2szcKa8P)Cd=TDS(RS=Je?i5xBs^OfBP&Vk(m`+-zg
zVT*Wfoc#^3YngqBHy2zRrYK7R@g|0UgE2}`0KM7Z(J)0R3KVZKI5jL%CKuBi7d`;9
zk;+B&W`NtlN~Cf@bC}0~{vj&P5HYM{zkW38(Fiffv3b8c^@6Mkz?&KV0`^$O1mq30
zg!ETXyM(oXuUs~cefo!}-v_mz9DDYQQXPcvB6|zM#bJW7%K&dmcn<8P^fHz=E8Gbt
zPAw|y8SIB$D{6_=A4%0L;~BaOx<asI>|ciYQ$b|T!*?N9T$X|Tov=_Uh!kcx89*4_
zO$aX3&kakEeicau5+-qDgVVwiWHf@v5QTA%UHb=Mx>PpO8j;zE!gy{paJv3Em@ajR
z^hmHD=vcl#o$5`5ANUxhzX_%(BLTYNfq#IFO1Gh2iNVoe@1@(Yt{C7(FiM#=v?~g@
zBFsg$4S0nJ-+{SE1)yIE!--%gRFc6r_{Y5clvM2zH(<BBid%O0OW2BR0Lm2sT$AMJ
zajdi|sUevmz))l?=`DSQZ18zuAZCf=NdCP<%e@f8{UeH)-MaAey*KS1WcQKihnvDz
zn~&~FgpM{tuil4WV+pSw2(P^<&=&l0|25j!>l2fo`F(=$rs-z1q)pXn+<k>YUYw{8
zZO7e?>m9f1&AaRy?(G|P^-@!QS_|9t_J!N9?EAJ$a<{t$xK00+OS~y{V5kAJEkUS(
zt8Hpn8b{sfTPtLCf7{d`13TMCQWbFx#~~B49HIjnHD7npMTbUePIdv!{TwwzyQs~B
zRW&=i;N}76nuT3VBYNp{0>AH9D}0hMA(R=Hn?zG9tTz^krc5{A+wTVg?`iLE4Dv=V
zXBh8KR@g4TNJ{jsV4bx~-n2_(23`$q+=t!X$$~T|+HY%QC>wqN3lfg{DAQ3TKiz+1
zJbrJAbALzL9w@Ctp_Eus`om)I-Xdv3|Ah5Eyjpr^B{wbbF6sUn?dszF&DlWDifKxF
z8zHEjImWN?K7D3{QWEF>r)bMq-~GvZol}>?hxfaqfm^2cEcbqPci%Iv(ns&wbH@U&
zyzb9}?{}<@-fO-XpJBVdRpBcBpc1)k5%ZN)P1)y~yYOWu&wa8B32r5uD&Gel#KCeo
z#xMG)b5UcKy!kLE6d_N#{@G9ja~GO8fo|+bTtPBrvgb5Mon>+eo7mXdnn5nY!IBUf
zpDdJ3Cq|8r2~;_}oz0<gKm1T;LAWo`Xeo%~)!3u4jYy>Hp3&IaL{&1k>=L@x_=XMO
zZ=A(Q&5Ev>n?`%z(joOmTW;a>vgECmqauA!i<X_DVzZJ)Do5!oCJZZ@$J5(Zn=B)$
zDGcaNh`{9~QAW0_j0v{JrOTAHwBZiUUGMgv#+jRw<5TPuypG;##BLK-66#I&QfJbB
zjU2*r)crI`|Cw7R@u0Uk>kM+{B8^r)HjJoSak;erJERj+VZI&{Wu`|tmP2;J!#k<6
z0(Sf?r*Lbf%Z+y;*(i~4DG~pB6&>>hRcfPTS)TwMAb~E`i_NZGR~a=|Ic6V_<em;2
zZqBq^I4j)Qr%IeooP11#Yay<bbw=BC#<f-Rt*}ucd6DF?l7xQulx|^4F71m`mgpiu
z<r6=-kWF1&nU$o%t7!ZY7dmS<9iB6#RyJw#V(P7A209G`2I+}xy1scjd6seuUR(mB
z#O>MW!XD>BR>NedP|&1|Q4*qJGFT|Lu5+vK><i773y!k)kn)^66}by-w3m@`<AS>R
zQb5wGm~!TcfqX*&U8j6fT$<FeA?kpYaA9r^oz*VQfcax(j%L-&S=priT-fYcMBRI=
z!k4#Hoiu@oc!j$7jC1*P(KzeM(WP>@vKTsKY)V$PN^3H@6D0GACS%baVYzhJr}V8*
zs%XGxyL-x_{d-;8lQ+^1_hN>-MB_XMQfN0K^UH$c6m7B7$E|fm&EqWl@>xw-PLrK=
zP|70zYhv~(lsavjvGQ#7=F_M1k(?7<m5yClwvdqm;|qTFPjBo#+*Zw5^AD8^IF<L<
zhO(=R+6&LCrm|0Frwz~7xeF9xd|-A;b+Sv|Rf@HGJdfr3)ou1oLz`J0(yRQO=eX>?
zx_0lgR2`N9hO-6}G#?`b>fY5g?G@JVA+TFl)umod^b$x_=n?N}YuDM*Pq3t__@>lS
z<q%v!IyJ@p@UL7fHe+4i-F%kL8pw9AyX)j%;a3D*7iAisZiz8TD~3?ypwdr;=DqG+
z?V8w<yo*4}&_U6IPq_Oi7VyDciZV|M8o@{Q%Ty#dQ7W{rU6XPzno0O+0^O&wxr_8j
z<JXe7wVk+Q2#OiJP4P`**MjWiOH_&6YM63U11xp4vzcP_t?IV<wTGF$_WS31sS}n;
zB=MI!SVHFH@HwN*30)uiQ^erVMP*aQw9+b^IWhIVLU(gx@{C6-NBNGE!#X<fIIodI
zf`FI-m5d;%S4Mj^nW^j(O*!mZ`bdxo9Q6tArL~Ceq<0WPkU@ZN+C?>G|JDnqH~9*R
z`UuUs)C93dZB=R?v4^HwA9Noh-ys`*8!UH0kWVRFqJ)a`^E*pYdu7*)@U|7&#au<Q
z+a?v+ra_4_{ko^h>*@8#PguNaa|TI#%bCX0Fe6;MF&WD|o)dnP3cq63dLBM_C4e`(
zAWwG?G`NW$^fD?cC*+4r)By9UI<-5B2N%4QZ7)P+#2Jr8*XuQ4*o3gU3czwM3o=d`
ztio^9kFZS(d0$@IqVi2A4XKI*@0Cu!t|$Q;GrTMvH8}!XTn9U`3&v3Kq(4^(*5&me
zgrZ<2wxC~H(2)g{dx<YoKt*P1E+E|veO21QVA#WsnxIUJkgQs{o{g%FKj@|lqC=JT
zR_K?LrZv^`Hez7P|1lRq2W8E#XD*wJ!GC8v^+Nw!QxOaMOWiXIQhhE8Wz-`f{ZoCt
zZ*z1&R>K1x{Wks6C3d<WEIjY>zl$V3ujsFdG1*ZByrXGm`Q%84QWJBWnLk+3R9M17
zvaOG+PVn@UIS0c<`I^q|gVc4H!Y-Q@ABJ9{jy5+d%&|-<DXn~MR)zqFAay*(QeIw^
ztaLCq#zg29QWtX}Xhes<J-j@rM9F_gX+amMMZBD$B+4_laDut^8P(SFnAze|*P8OG
zv@%rdbbWd?+ElxDgMp(z_D_?I^fwI}7VVKglGt<EX0`2^OU%Y4xVXvB)=!Y(k=X4a
zqF9eAiRsqWT!7pZgJp_~SV-yhKby;DcD+vy-9vdaVloDGQp@G)8Jc<>@x2V5?nd`@
zLSpJMzJ|LK$I}ps<mk<e?U}185yruZ!}NFgI|+Pm__dq1crr6W_+iJCZ}WnpEDGC7
zl82wgBUw}GKPZ50uj=Zc5+H6y+OO$}<;2W<pve#=7%E;{)yvMQ?;o_2X4UoQab*Fk
z_cYFBvSr1P>mE6<SbwRqT&&ZHe;vd5fzz800&~zkdd6a+){`k5v6%5)?_^z%$9#nD
zzG$slFFXBYAiOCGJzZ5VvdFwquO-!Cz`LmpHlV|8;LMo3&T(wOQmovgU-pDWyx(N2
zXr7)xvS=+2otm_0El#g8ImYFf*qiBlKS!AmEkOa?^;pHaqF1p8QbtTqkPeqWRx~MY
z-6!#;A!si!Pt;R`B@95yX2}RB3)lQ_)Xo)qhDu+P>xUNf?v@IX5S-+j+q21o`zGL4
zd^Drx-cysdDjV{=Q+cJtggc2gHNo~$dU4S)W;N`O@Cd%<tx4;(L@y1b+P*WyB4Ern
z7pbFGU4yz&vJlGlgqB`nGA5mAapSOf%Jw+eYPNm8g0t!EhQ_pO9pP6|8|AH$>s5vs
z^&2$ikcElbZ7!;xOZSkJJ^_mlu$2-c5}3YSBN9{7=!8yzN*jR*iJV*-{5Q;Z?RvEc
z*5e^QAuawf1DdXgEQB4bmUp^w{xKB?h{87%WdagCQze(@%ZaTAz(<!7c51#Pq;Gob
z6e}vJeA6mFy~pP@aILj}1Y@m8*>2W}dm6)9!E;rEADg<?sFVGqejrpo(qIK_S)=2p
z7jw4#5w9Y2J5%RIKc-2ATknkKff;Q|v1qp3vHvN*+?h7BHFJ+>kym+da<q!8BJ(+O
z4-bFVuCBX2XNq~6PPPu~0RQ@1!?*Z~DQhY7G8AP_<+Ou|i`u>e`1PjzV$83YdO+*4
z3QRrAg^fAKANRG+UNhOvlxG=dNhLN}rH0Y+eAS_2jYlnF|2i7>leIliwPbZhxiSfD
zl2!Y#K<`p>T+{N5QC@Q5z;vAbwCsn);f<<69oJHzL>v?LG-_a+BxT1NN&}W-JoYn}
zi_w)6Q;Jjtb}Jc<Q&;c2_U-$hiL7tR4@)LlFJ}nqbyTlX!YQ0OP1yn?ufHD=-NngM
z%62NUURr{%&P*lB3$KJZf6{BU>)qcdfB9Nj(89v=@rI`>()@JC@ZQhrk}`1Zp0JXu
zIDRY)^U1m`dqFXyN`+`X4tX_U9ouvv?PFobit?>!7JH9;lAKlyTXZ|6$meJxUZiEB
zR=grH3u85luSdRBZEG*8F9|J7)HuqAs)-s(T~A=nCtz;gc`#h)eZ`x8_-`We5sM#h
z4JPmewv$9sUhTVj#4SuTh{V6zf3&?No=iBWT-QE7uHc}lc)@09xjAOm7KM3!<?(v7
z_{5K%e069Fp-0Ei^YPeRTbq`L`6H(e(aG=rB|cpT`SnktHFk^fmSx4^;&$2w25_Lq
zhHu$7B1Xfvw{~`zI+}ObnV=N(9%;kkP&>Y;x5=g%0CT%337O^>#26q~`=B+Zy}3tx
z_+$^HR|8sfW5+qlCo-OSO{+BTHiYY9-{f<D!&S#tiC7EE%xjc6>GCI$cbS;Ji;9SX
z@bN5a1MxpTJR9r$YU<H9UJQJdpf!;%)tt6Vfy%LW3n2*dclqz<j#CF@vgoYnrH)dO
z5Hb|7#537q##79cyiv&~fH7akv_EP2$fV1Ku<-e(%nXxXg?_NM7sxY{%aCSC3V<rC
zNgHR%ZIA2aBQcdH=R=icW0G>Yid~zz;~58`<{IX*q$Ea$6WJ5ly~+E9Qgw`bdA#bZ
z;<jPh0DN*K*blj6U&%~^pQYR}CUn}TMbg&K^AO}+bl7?;bcf|K9Ue@hrNhH8_L?`g
znAj>mLs7KTLr1h2*210Kn|&2Nf%jEu@3~fAHb37b6JktwVMt}Muq~dt2<aq356y&p
z!vs^EJbB=BvPf+#!`rgD@ZEyo{`iQux8={*WGoVi;+5|BAmmj1^stQr1d`a62V+rB
zJodAd5K)j(MORlF=VRK-BVf!1mkLcl@evskBZ}Eb3Q`by4t{jIl2isHXgpRbX;Pz|
zqR-5$wd)d5%+kf&Q?pTOX;S<=!%k9}LcK$+EGnox-lSSE{UY<j^7wF(C6k-ox{pHA
zs5?pb@)*3RkTG}S<}BW`b~L5%QYG~D7?Ui?Q>Bdl6xTQfu5;bu&#R2?wdJ|@O9J=T
zu$u$frmt_Eh6g;k-ANpKvwH>2uKGYPMFLHQjQtt2m*WUWD)HT?oBDIE1=dCic*0H!
z*}J^M+nz5I(q><9z(=k%(Kg>+bO}os3YB2ljLcB-Y}&XtskWzgSq)0<*Y@i)R{D)R
zYe<7~Tr+YJt&|MYe;|L^<Ym;j7>CV485dT8&-g6%0I$kgGR(ok<=eaui97l8jHXu$
zBgQYEx;`%X)^!$D@mzhs|JjFfo|(t`jYiS&i|=a7p7RFMEzWyFom(Y%K1vfcE@Vo5
z+qg+?2IUeun>mFUHMBo(o|kQ0dPlt|;exj>V$ij;`r-L|Vd+M}_sok6OYr^azKrH~
z{O)fqGn?K!bSzzD6YW<$4)YDGdagNyz0YWXa&gTccD<0(b-N?Buf0uuQu^tYZzWl$
zxBwg(>q6@r4v&hL+!Qti<6d~*7nZK?omk(F{CQ5;&Xc^;JS}o_o`r9YaW1;g^6U%q
z%X^K?v55&j;vEHEWRz?=Zdj#s{ePUDRZtvJ8>asl5-dP~1b2dk;10pvWpIMS3<JR(
zl91re;O@@g4intn83uyO;5InRzc;%VyR}tYees^|KBv!jx~p31eEmM{Bj^}VZ|H9T
ziR0QV$5&6B{oXcNh`9-<loJ}rw~XAyTXQ=oIS~@p_C$Emw4LFG2Nu)glG29<_VxF4
zdaw3$y0`XrI&h!C#0k*lRyNUXKAWTOc<i9Vmd>T7Se=URwVjIHt(=NG-#8VI+Bg;8
zy>zmb7j&{!enkDD=*hX{=*>C2>!n%cyH~e-DGd2H*ha>`u@Vk?dz=xq46m&{xyqtx
zi$C~-+H>x@yQN%vm{Rn7@}~FQ6zwXC6GWAW>R->O5Q(X{V`iCbciDJWoqU8TU$fnO
z_T_UV6pNz!t@hVx&Bea`L?NZ$x6+a;s|`8QXk>Z>GLXDZUBX<oCj8^rc-z&8(pnRC
z3Ova`sb7C4>GDuxJwh7C-B7x3bvQ;gQ(+PMw;Xki+Y+IM13*`xs-Jg}nH=|wa7-A{
zanovp^RnX|XuA=Ldp<lt=+95yw0eHlb&OD2Gqu-zM6s<op6Ol#T3PQ6*-0KnkDQ(!
z`BR?EDUJd_VJA=D0k5mnM829Zzq}|q{juM#|CNx5@`PF9wJ#;xOB^<@Z(D5mdfmpa
z8(4c^`efydgb@$cc-P%Satq`K3vEe;3bnHzim>+@wrnZ5W(QbF!3At!McF#sSw@{k
zVs?36JC4#qYpv3_F_5f*GTBlTq`mm#U`Jw|K)vo-4uPiK^LG?_T#zBLLArOW^0F2p
z+k4u&;I)=eNhjnH$XCD-I`GOihg9=Z!jzg$qFgC_<~wh4uI(tDZAGd|?m3$qELDmu
zi9k6ew@|ZiGO=FMxK1~gucCM=-1gWxTg9FZtbeXhx}pr9XEbP;EA52v(wji@DD0zK
zf(~`I?5zlezk-sn1{a68wxy6M1j<gd1@N>6UWVj#IdhbmVgY%<9~I2P>#`EaSM&T(
zh+=5oH^nBF5IHSLh7?U^d=_Dq9PO~UkDAG)aq0?8+1?tn6CCf%Mb%0mwe%%6gtqNc
zUAN${qUHQ=Lpr?4&N3<mMs#R*VVcb2%*kh8bym(l<(vg+GUF-ydXnvgG(r?_Bu^ox
z^b_$s(7{4qYG>AXWe)tV+1%el$MSFK20O5=w6K{IG$mCEc4Hxq`GbWg9>6cX$*&*6
zAnGNu*8t2y2teoYt@ID121^0%8?6zYNf;x8HmN#GK~Pu-{8<uG6*Y>#3a|H7FegmK
zQA?1l_q8*}nX8mQR9V<}Wltd;Zx*Rlz7%kWrZqs+_vEO}-fd|I;k)RrGe6AQ4}I+#
z)B2Rg6}!$%r?c=S(V1oXc`baMIWOevf|k4$Zm*Vg=_%wRkgqpN{?b4bkc8i4qOu5K
zU@6usu-2L*tXxp0Nyw0HNU$G5OE9yiZ90^Oz*E+lTXpiQqkl1nV>){h%nHb#LZo{B
zz6$a3#NR*3u@6JfiL%XI=Y*()=6epA4Hdq|$HL4jR%FYGeVt3K08vq3^vqO<ppTu9
z2j+YmQWz@iDQlw-|HW*>oa`KBxfR~C;Hbg3CDf}mR`zL&YfJk`op0-9HR`TM`wXKC
zMokUv(K;e<@KU8AV#qvGRVi+xy*SJK`oO<_r6{t++pG1uS4&TVK;r(>UvAROajZi2
z%mC7muW59&-}@|xo7jH6sm$nq*$oK$o1P|evP6mR39Z2JU5tF=FF1yaY&q>lGM#t(
ztcG+u0D9I2GVj0N%D4;gCsX)WB~d&kQvXu)*p!&{m5%vS|K74%=e3*2;ICT_GYP4?
zs_e*1nV4V>ytjv}zj7m`CrZF<ySgCa3;EzTNjJ2=*ukFP)8=TK&h79;+9EMB-DO_G
zliqcvm7RSn(k4D2>Ipo@_BtuLq`d|N;A=W0Vw7-7{GK6Wm25!^eV0Z_`<#!2&o!>`
zyS#!`vVjZV+4eIY=DY<>wVLNZya@i#y_YRBJ0*~OL=s+9J24p%ymS*j@y0@Cx8aU<
z1}unmnetcCWxi%&XVh!Ak#{|$idas0ER2qLv^Q3kyEm3HyeF0>t0$Jz>tG<a<X|93
z?Lhw8-JO1)Pdv_39Vvf>?zE|C<+QoR>9qNWPMF2Ty)J@Vn6xUHN@Zm%I@69V%7poI
zREGg=)FT(MnSq*&-qs}T$XOBw$UE-OrNela?D97=Lrt%RBT<o&ZoqGf&x~E>e)@Vq
z5iFmYz+hzh&RQQ_#xnsy+a_a&?@({_8&yxV7T+a({mY%rSH_RH1I3DkvK#H1W;#8=
zx|F`YJg2=!VB>eHg<!PH<7-r;hS(-E(i$9D<3E&Dhj8w(nS<Dgt1X117hsCd7H|ak
zp>P@L?bpOk+)*-Z$-}g)xLdKa$gqLAVQEV>ZhXNiu4r<rUfLqTssV;RHs^YrXxGwl
zx>xl0Ui1>u*0b+olg_0#4=ZTTv_SX;M0B}|<pdhrj?&s%{P?r(=^>=9s?sXSbh*~9
z+Zy5J(le<T`1P$M;m*v%xtgHb;?`QPnKT00{c{z3<0%8_G_iM+yjs$(cd4{3<93u_
zWN+>vW6kbXr-+a(e{@vx=Ug=-;>r1>)7`sB{fHHL%4z2p(R+HbJ=lu_7L4QsoLY5W
zBjs6a)-amrLC;|e)y#LCcxmCuC@0$O);s~-K5cUDaFYIgWt)B>zi<6$<mUZB85aHI
zbEg(*LLnBJOuf}~8@<)Z{s#+tJnjeXj_wCLCX|L<(mjb*v~$i;A>i}yUU#oP^P*L&
z>Z?gwcO?KNGM&L3kMdo0HM_pOJ88IRtN7EsG5z{bJBbso$7$1T9<xY(p2lAu>H60)
ze=abJNMp_mv75g`($zW5%WpTkN+hdhA<BXY%uL!QqnIDdXlMw}cJ<=)<pwcz0Cx6Z
zUV2N_z6@Q<b&Xs}oX{yg8Z|XCUiz63dr@5o;l89sj(g8{VfAmt!Ea}T;t>6b7><tS
zt*-_ixRcYrD#{l}lM;}s(&XS<Vv-tSyod%!NxscYlYQ^Wb@O{W&P*N?Q-$WMNN}!X
z_$T_huQ-@043=#Xxspns=r4q6c(P7TiJeKng)tLCy!4x2^}JYR{xFsZ<{1A@K*gd4
z{`kr(s@kIC+t?^#F$>b*b&alAD!ru+kBcL8rXx6frsXj(y;uGq6hW>uxoM*5EEycC
zE~jB2KZw~&kgrNFu2mYw96$S8o%|GO#3h)K|98TPmmZ=ZEgX)mHje=|Wq6t<dW)Iy
z9P<u_yJ_}J?0UH7lw|aCY(FrrEou}*0UHu{gIt$U1d@)Q=<})1@KQZv&>#T?F%uq&
z7!TC^3Dn+?kpz;kx4nTEyqGj9-{cu1DwQ;HG%edT2_y}qXIa%%i^&;&M?8OwrzHF6
zOCB=5$15$(HRN`-nx&(4RK-~NrEG9HSXIyy2rNF$?gL5|({SE0TCM>LtOH5$F^-gH
zR>GVmjhSg?G*mF^8B$j>oF&_z*Miec_<C-A2$qkPG-wQYDQChDOuI2Io(ZE1ug`un
zW9HCozWAUfn4<uBm#R!${c-c1y3q^nS<eZPFm!e;zn55pvV5lT?=;O#-eA)B)VwRF
zhyQrB^;<W--JUMxt!`}6H*ii&4BhjVn9gr_DdX;1s<vgRgiDgvuhbN=nzd91bVe~L
zs0n|O6#Rk2#1J;)zZ`_RC$oVh-V>c^NlE5d8imuLr^OKp<$4p*e)<CWN|TefX)mlQ
znByAumLV>ZCgG*jB2fNQsH7xd;K4n0O0rq{WIS$m?R{@xWhrKki=|JK+G%z$1V>X+
za-Ny*;zzDz^dN;(oXCI12hUG_txHgSqPa+vlpG&;d77CknZ;v*5&7m<{HcMuh`gLd
zq`ESG>W2Xj+riCG*OHwvj-|wj0i;z;4%KX9?tIb0u*`l0lx010h4|E0Fq(hH>~sry
zdd+$1bzja+>z@-CvN|cz(~2JAx!O)EwiX^D-Ynl^n%=Vx<JiI67z+R0o95NUh!tCP
zF06LaXo1Pu>(w>P6I(nR$3$vO5SnoBWqx@7v^pbA?;iRtwB0(q2lE%hQfpODLATy|
zXQ&8g6;xhXkeOgy)iM+yTt$CjrBGNYGRPCnH0#I|m+C>R;5QeNuc0G7)q_WCcVih_
zr=moE82Vm8!dOOgnJyMW%n?_~|4u=zTYt(>Ez!tbMCmgunxWBiJihgqWbnZ{WOL9%
z`mC#f&C3cakvyh5j$6d*tha^s##%7;-oI8pmQ7Ew`i`xjT1@HVm)}JZ51%v(WkcTw
zU(s6ayh(JXh7{0SRYBm4B3lJn@;6P8qO(I<ou^RwiaOQ&)M$bdu(KBss?X-84#?d1
z{ZWM0@UFzno0ivyQ>`61qItY*S&~(oUq>n^Qeo|wId{-34<Z?#wnx_1g%)|HBE4gY
zb4I79u1@O+AM}^tL?Z3`?=wwWBju03%jctzv{S(lqP^ONu#1Fx>DyaJT7+MeJRURi
z6y0(7MSP(2Z6u2JL4r{&Ku;<^z>%3N%$Vq7!GpAH1`AuB4)*Zw<^b3B2=Pa<th0z$
zhSEVc!kPFPU0hLWW*_I#t0LrRL^ks32d?#XEJ?wHDcd;Gg#}Rq2Q^<UaaowSg2gvd
zt`7CL_k|BUAInafentzJIFtyO9H$7ZID`wVR0Il$amkTq*)c_pk3ZeaeQ;WK%N95S
z(@;d$e(T@3s@-5pJ>M`L^(6LTt{GB$uV3#UQjV4+t&0+)1)b=}@(O8KvfF>Enad*9
zhd)RsLOTY+BDVE0$@Fx)2oo>={b&4h`)?b-E?o^71<7JYLx?@dB35(`U^%`=Uqg~)
zwkXVBWv|AaNoNz5u88BQiU83TDNv8^>BMefM{fv5olC3!70o1ENZ%nhWOCL_JxOO>
z)mL4?_0L@<@b9Xt7nnR~5|{*&i%%Ab3Uk651=j3F)jat(n0{G0(SlP1oH}U5oel+u
zt+Mowb~i*kYHA0J^^G<i@Q9o561M_ioz7COJo**psp`M`+VYiNgswySxboY6zhGdv
z;4#CzDKogW&gSc|+h3s{4S<Pzq3)v@T6P!@2A|~m^6vwdn}%9;#7xtlqERY(sCam3
z$dQdNBNkG*NT=KefgX(+nEDQK|1`}7(6}7e{WQe|NLeVBq2Y)tc`N$_OaZA6SlmI0
zT)^6_N5}rnpJiCK%V)v_dnabp>e+C#4_gAmv_~SDH{lOu<__t=g9ii$zm(ghDu*U#
zk*7b&`_g2?{3ZYJtKkY}P0mJ>dbHzD&#J|XB}`nBeEw;Z^s&r*OsSrTRkwtCmf$&Y
zEIcq=dxS!(qM!4*t95NW=QaQ4wAZrn+LX6|VWWn9-46A9tD`ue;d8?ye0<F}(ZrR>
zKFZlzoB~feoG1l1fFGlFY0L!7VEZj<IOQFgP6S}7l*!=p^T-szDXjYWR+V-8nU!ZY
z!{pVIFU8&JX^C7SXA_%SdSr>Bbfw<p1-Om!s<$tI-|9EM4=~3fie{O!FQb)l5!J4B
zAAi>A&=_2nDPDfPOV?<QXVtj$Q2R8+YXc?yYx90DHSNh}GW`|)2&`p$uK4O?R;FdU
zq2%$j;#u8`Wt|Ib9UN)sZcJrd)=Hg5l<L#biT6^mG!J)Zo-3HYbsOz19lO9th+zqu
z(0Z*vB$-;SIVs+{{k|{z#eX9+)`>hsg`}_)*L|N{e$|!1ul?l~FuzPUi~AJixoc|d
zLiNa&diN+dnO-P*kd-TFbrBeEcarl@YLZc=Qe-QvTBB00LaSC4A?k)QhzGrxe@SWL
zGlSHCQauD%3IpcY5$4)S``z`yjvqSArbY)}G2x}RIvqiqVSMcf5vTK>_C^%W0{>r-
z?xP#PrPoMo4ygydX#Xf=)0ZiDtl5CPd`zKJjXvP1nQmh~uN-NuDcvkpF+8%T_|S4<
z6zF2I)8??!G5e(Z#MGLlsKzj_SpME{e2!#%&ar59%ro}XWn<@(im%G<+q6)Pib|P;
z?%uS6{qZ4B=U&USTUL!2(s!=6l?gJipGx$=JXn!h#s3lH+_@<ksmR;FAK|FosDYq-
z@UdifHU>3X%tp-%o80wX&z_XwTa#RUIWWuBUq9+Wkl>lHc$6$7K6*e`+aD#5dxuC^
z5g-Mu0=cQYxH*Omr9MEDR&_w{V`MPj7%+Xd!^j7K9LXF#EIcNyWAy<vAYJ%{`Gud{
z9vvT68U0i;6GaZC^(wt8Z>*rKTa^%>o5$H1fEMgFfOSVh0hB%`QxPtuG<wu}uph)r
zCT4$K1$S;7c1Zdw6|6-0`Qt1*%V(C)TW<RcGt~eRQ$P31MX9{tBPdlzwVwr2U$!WH
ztZ*#wZshp9csx&`_YA5t#0zjdTH0y_>{d=7&Yh2&veeo}MheqJd3<aI=efqYpjMZO
zcLqnu#(HsC*Fl&$&wOG}Oejr~<mcYR2)7Wofu@*6_FDL;0l%?h%eJVe`FYQFI}*Je
z&l{a}w{ao>`qW_*;l#dSV68NgnIZ~GnD^F0nju8Wu`96Au?JzQEb}uFcE%jG0U2e@
zxGCpjB0>GT;>?`6Js9Udw^v7D{Py!-a?PaE@W4fl87qk9;K%HCz81a~3+(=K%35#l
z`v^2{(sJhZKDS8Z6<iqY@WZC>NI{3v!<Xr*(G{Yl#wyl&X%m2XMz>J#{f<{0oc>Ao
zvGcKW4NBW56CrHzeS0!R4scn?3!A$)*?vew8Tzwdx*_J>#N0NS45aFV63@QO@XtVv
z+pdO|Skuz&oD1zpw)X$cR@?X21j2ArI4%3GPcSK%T+{2n&mr}p^QJ2kU@89o9|#?H
zfK#Khnul7nF9k0b&~gZ>9UPybnt960`mo~q!!F1!sP|Pkx*OUjK#@YmXZMzcBE75x
zKV967Zt@_(5q-{`#dMotG7gmK5sVWUzs0CD{x;JP>fy!q#P;OUKThGV<NE3n_>rA^
zh<m8aps`d=Cps~RE-3N?U%>&STMHKshl|$-v@CikH9riaIL0vq&(9CaYirLA&MJ3|
z15B?T3Q=kP2o(QVmMvNmSxP{L=4b9j`=5)yyt9z-`Nm_u8hEG!6WR>LKY#y!hoow9
zBBGZU+CRj6M$k_sZZU5$8Q6FMUS($*TX~u20hDB)LjQwLtpi~p=p!P1Z}`nQVdh`t
zV;1l4w`)4N0s(ICbXhc|Y)h@(-gA_j=RtLf11BU$PiEMsBo>awaV7s8ve0A&R8VSv
z$Td$t)XxvBYD~qtE&DOiAdkNGj#q%E@>xCW1HWs=;&$o(5yIFhW~RHNrTEQ?)f@S^
zPwlFHE}s_e`p!Y8RssI3M>JJ;0Q5Eg`oNQz{iaI|I^`7^A&i6{S|RHl3|+{g8U#!T
zgAj`$<GHP}Zl1d0i?vX3VGNG@@vBZHpt)iRWt+-xRGz_CPe7ywf<yD`b*XyhKJ;Z5
zKk%QT9o7Af+DvKokCUX-b@e6mgnbDGFqQU6CBYDjR=!_VIq3u!%amAgPh)BEVc_h{
zweBqKVc=!RIg30Bdew;r98xNww12X>`_}rronjU{SyObORUPf%d1nVuUb%#lT+-en
z#o()e@@PclC(W+{1?rv$&z;)=TShwMU#$7^+BH-?>yl(FH+sS$iv($bpL%Ek7yw82
zC>^Y$kXb^{z&K+O@qj6MqDt)nm{orW;Fo}DkiX1Zj90UshCDwJc`SnuWk0@LJr9`Y
zWh*Aj_(PfBNfT+X@TJXN_DlDKD~ST{6Wtu6Wz)kzkC}hznxfarU@G4n>zzyzJ1Xrs
zH`A~>Jbx`Z_W&I{AoG{TZwA=U^C@^N9{>yLW>S$JyiD`y%eFpwrjh>o{8d-aOS3r~
ze9%+9)1PU20X&6Zgy*j*EGjG}nRD=WEMJ@4KJal=m}K6ZZ6P7u4Ax+Mp^3@9)0Pdl
zMvkNSWu`ZlZ}_n66E%gm{-XFKbm|FR4fgBG)2)_9>Qep~QUqGhxiZ|lT#oHedv6qp
z>Rgd8xcoagqNeQ0latO;m{u`NZa7(50#W@c`%s|W{>>U}jp%BT(G4#jTWuNH=PGlw
zhb2B3sIG{}fWqdMnXb4GZ7RPT>RVf-_|;ztX7RS4o+AcP?5mCU^^fzxrc{z6;q9L&
z^+jryaB5Ag+xJI{QB5lwy2KUBhRrCCkJ;j112+H0F4EN&kt(|-?^gkDN|VY=9KcPp
zE@eB9{OEn;9|(n*FV-u<)kMWo{YLJRNeonBl^tarWlknHW(aT*B2&!rHs*~OmI`rd
zIc4kZ^1h2|W5(Uh>+4h_o*UPDm!k2ED7}!i^?U)l2{<)^y1lP9wHt)%sGT#}CrbwJ
z0P(jVY|{q$=ItvZc_~_b`npqIb$igS$hXDLsJU!4*;W#^47ovP+I3L6?I8jB$HQS9
z&?wT^mNK71jpAAbQ7%V2tYGMGBh2Qfwa$F>_zsmD_dR$)RoIgCl20A#g9!(s$dxKQ
zllYYQbacXAxBs^)4u9opMs3kXW)!8NND7m%$o|RTF7c#9iJ9HDBiU2adk1UnDcknR
zTb30akamTJM`J-pf&Wgeae1pAiUN+ZUQO#p;(AaXiSYNVxc2T6?F6c&@3}BOD&Jpv
z@H4I?UtjC5B)4%s&mW&%Z{cew9Gh{bne$m8hCV{LivhVSVcx6;+x4U?v+af{6}2e2
z!)PIOEf<PZ*WJz>^lH?4P!G<a$akYBqi`4ISnDnJGLN!Mb<v#19W*U6<$C8shY7^D
zZ^)m)au1}Uj`c|Q_(Mi9cE6XtFQfJ;jRRc$+SGn&{F?k@PLgP%=Y4mTvEtz^9`4<7
za8pxka37rfi7`>0)7Elgz%po%J>C%Kn0J4^*cAS7=nCJv+C|Vc$Q>llRO9sXrJM0@
zEJc9A_c@$RH#-=8z~>Y`9*UnIjN)9{Oe1`qwtG`JmQ0C#_1}S6tcFLowuuY@*ySJe
z&cPLn_164iGt#h7f3@jMVV|QqQSK&W+zk@+8awnPjEzEHXpvEnUGUI(H=z$ey6VyN
z^tn*eF2j0>0_kyau)An@)Lw<^!c<~vOFwaT55H&q=KiC<Z{{Q(rHUiK`wuu%pE?ih
z;PkD%8eKX@1uQ&PiRzm4OU<j#Ph2Pv!C4yIqUOPqzV7G3tovXC*xq^JxR1|aB%F-I
zm8;3(dw;SQr`I0EbT?&iukMUt2}=1`f05J*m4E<T>eR>1$~L4gpGg7^E5mmpO;Tz~
z*Ghx#l#V?Xj=!G_=HSyz<|O7MrdV;!`zKTN>$B^ISJhnCCTbQ@HyTbT*y$A~)<lqQ
zup8zlPSvTiTj}twfpnkCHR>}csKL-JkhtlE*}85|(i5=IJ`e3T*1V=W>y+}MR3sj}
zcofnAjL|A7ATRF=d)m*}uG;><3leFO7c7`k7Q7pG9%=?+d#T1c4{ZTez4V_o0r<^J
z=~=-*PcKlcvm(RNL4KlEOY!qvkai2AxVfmtUWBdQJ@zOw#GLTSRb<V&AdAajR6>qu
zuSi>SiWw+wRhk+%rgO(UJ>x$_$l@@jE^%(U1p#0sXqf;4XZgb+T4D@CM#U+b5{YlN
zAmg*|-Pf##8lMj*P7KikN-pYP2nFcqpPN2F;+E9x)bq1yAgSAx|JAtEgG#;ptSRkC
zf5S&PK`TFA%trvXRrqsY6*I-x$JUCh_31Uiq-4h?`RUFvsjO6b`RP--ILS{Ah2%wv
zTB_>Z+Z)gQs{*EXr^6sxOC?(ntWYu5T`!XtPM<MKSw|trkb4L9jeTS|kCubx`GHRu
zkJgb^;9;grDl=XwjR%x=6tV(*D;D#q7CMylptD>)quEFFw(ChpDJ7e6D?xRLyC;?V
zxv_N_=51F!BneZ9wW;|#`<9MmpW;Nvb3v*;<xC>hdZ-^r`SgZn`?=0BCh^m(@=Xb~
zAJl9V=7M@N3VAbap007K-+N391G(3>xVa&3eaLnj9442<#TbVlud3kvj#L5Grz3|c
za3<f>J39y8UIHnl^j*%$!Xa!vi>ru5EHw^bV=*E%zy5N5&V$ocA6YXu->tT)CT?%C
zkXI$Qh;l~T!S2}gD;YtAViv%U$;x>@PpZNlej<Lkh0lo^qU-_P#$uJ@%d#zzZB%DN
zN1&NTgH<4dE;kSVvSSl$>T;-^1y$<zSF&HS$nLl>l)}V~e8tHV3R%Gk7Qpu6-W)Aw
zt!+JA>F{Zl8~)4wlj@bYtiIe<fN+X$DPp!6aLhD2DQL)4uL?xWrIvZ^Y_E-W3x|)L
z3yqWU1uS%%;W5o-ZVC;$jpa25?%=M>cuse!priJWjaxiQY)S!iP+86j^Oxo?rz#5#
ziwv`HMYV2}xB3&Pjy=;(Dotvf>TiuR-6&?=w8a}A(H?MQvB{i(J<NBzUb6t0J~u1<
zR{4gYlj`z;ANQJd7a@X4DU(fsv(q-6<vBSBdfGH6EXVuN&2}cIB&$#*ozKa?>(?#T
zzGGSK=;dGTqDg&<EPpS)o5js&|EwW@mNbJ<wJpHSEP;+vQxXhl4mJmOGzRJ7R0N5V
zQi43oeH5c_L8`|Ko2`qe;N$2jT(car986P!A_mn~fqQcYgWk9@mImlvOn{$eWnTqZ
zFdr@$)$#BF*)6K#oqCYEr8^(c{$%qsu22*YXJ`~&%P`zVqM)nO?5t_?nI?AzhaeSJ
ze#DBa4;0bve|gK><1N1)(}O8QNUW;Y<T^RkR^UaJ3O<4V+qw2d?IQAC^}jK}XnSWx
zUe69R9BQ7aEHQ?<H+x^~Pol3<jrj_kyKN!|__tG8^Ws!_DdZ^nr}&32xZFx|4P_d=
zO15!bRFc&6{he-lMf<Pj77V*xijpw)-@PY)?|ZvuIPQUVjP1YlIC7toVwYc3WCOJ^
zb+ed->c9*dYOouy9ZsvaekT&%svLL}tR~<a&>b)_saB_(-{j9aottNctFepKFKbx1
zSh&;<S|^Qsu2%$RJiT{?TlJPN{HN^2<g45wMrDv_#pON2`T6#aAdic{=J(wnS@E&)
zv8YeSwQ@rg`W|ABzW4ngectAe9-C3Oc!~>&RlJRyYW!-BC)I14LGkd-2JmddY<6Pc
zOY}EU{=(MF$xhROHrlBgb}FO1s-X0S)uqV*xquy&G1ClKP-s=NnG0bY0a?eV6ypxd
z;kRZ)Wjf`$wMwJEQ!x+S8<XI}bMX~WJ=5w6Go&Sw$0az!l8ODOL%^HD&?c+=iI=M=
zZZ2Ij7$*`Z5;R}j4!!DN^hm`${x?<a*}qQ4c+BTcwU&v@B>PDGkyuB+S(8?CRQ0pq
z&E{r2KO+-MVhOlq?4ovWN5~i{Jrlb7ezn<u=hn{})!ZmDe{Q9obkC~XoD1tyj!g0P
zp4wwAf*L_x{R}IwLfqmxRQH4m${vXC9IsY+FpM-KnH9t32A^!%c(r{*AB$OaxYnA*
z7q``XhdmpPKdd@-;#Cr&i`QCscpZFAT<hdgs;ZT`UL;Q>8O%&BJ2BiFE&d8=DKtpZ
zkZXtQgI-R7G33bzSB@0zTgldJSYN`erBm++2PwZ^c)xSnBJPPx!#AKTI@?HjT~S0>
z?VwcW`66e%LpsEVFp*Lr##3NzEk`;$fe*X#*A0dAADqzFYK&hFB*<I1UVQV&g<bV5
z?Yz6ip}AWAt;d1!KuMQMsYEUmbbaL9)q?w{6fYz6jFKsLIc4DJ#mn}^-_9KG`Y)Mk
z{8RL5IC5MIuqS2Pb@V=%85iJK&~hS9e}`#>ybYlJ?h_?{L$cmE#NO%5ORpydtPg$7
zG5ggBC&TY+Rm1zq)yUUYO281dEBrqdn%@IB4ko_<aJGp^i4E1Ou4Sb<^!0HzKWA4>
zsDp9bx1`O;)O8y;Cv`=CK@Tx*-I*ppGWPXxXr7>$QhfZmAky-(wPnHAPGFwbB#j{z
z4YV^t$uWoTy6QGUi`*H4mQrF$MROLt_7Tn7pbrgbu|l@jpE3yuja9z7a!E{7kiIM(
zL|si+8TvAqlr7tUc+Bk7y6PyUMdb)0#gtw7VxBD)U#3U(m`lwx^cP4A@#CLGFpQC^
zS_(x`gWM9F_-Klo%hX@<Krlc)xuuW4`TRm%O&EeomxYj-2H8$o$yV<<XUNw_pU=Ps
z<`)>?IQsHu_L*G0fb-kVNqfoO=vlPEKRrM8qV!40J29mNG)m8jsxe-zXW#KINW2mg
z2YrH~324(UsVCYVG2sBe!Fc}Z20oMZ(6PEm+(HayW~s5<Qx_z?BynJlAZ>|mD_)VD
z^q?-_e<aoF4fD`A!+@mMrJZjYdfo=%7k-fYo=x=Ph0^*fb_@(x2Cgr`pL&db;a$Cc
zA*AK$M)d6U)WvLwA#KlC4HL(_=gUV$GtN{63rKyOy7q|w3w1T3q_qoR8N5-FN0`b=
zTjA#fKL45#Ou#B28Rkz*1EEjII-q73Pig8rCVS)cj-^>X``^pKa|ikzbixmU$~@o7
z4Z^*G>7U^F)2no`k3^Hv^Yk|`dWJ`GiD>Q~e*d^SSnBI*D*8qxQU(*-*cF&kUd?$L
zeM{2pz<qAI>=KD=KC(3?{aE_en>P|tX*XM58au_y(m}<%n@D<-E+_duU-Mu2bkWvC
zv`Zly)U#!!zBL;6k?l}Zl7HH^Vsfd))Zn#SN<;7Ezs7|@o8heXl*To`G}A0&rI}T*
z70=fQWy*SI|LL1mfavmmJGjk5|Cl64&<TmazVLt?!>LQwPWY}6tI;Xdet|BatnrRh
zOm0F}W7hzhR<dw<JBL5pL=N+w%LC&}3%5<%HG>qbR@(>}QxYF24noim0G_vm39m&d
z1e$c*w@l`h>!LL2SW>iGG<>AuD^x&kyA$U-F{&GfOtzz?9h)mtpQ8fFqhHS{Ek2v^
z*!T(~?aJF#?#%WUhG5F*dcXP8rtgj>{0PyN+qi9pYi70zuIw+;Nwhh@i+dXL?%Spu
zly3f5(6|;CHl<4t&;8}*Zo=gi`{fYM%12tN;gPR><=kdAT@KgJKun9v#CqW3P_^NW
zgUcN{PBEAB#mtZv$tXu75IKj7{(V<#_r7T<#Vf^YC(aS4bt_=_spPRpEqG`jJtfJp
zs&TYs(t^0B+@$LE(4DNPf6T(qC^|}nH1k`s8zcO_Ye_icxX?H3k*!TBWDso|?VM$%
ztQywWEsG$tYCz6!T;}%pxO52kHLqFF1}CwY0A+fU4Z?wG4KR3)k6M4HD4Neg@92Jw
z<>0M1@&O_8O7=}e7>{yEa_fyE{7&4o{lR(%lxy63;=V;i{E&JYW!Fv^Bs8AVXus1}
zK$#}W=hI3_Np;EF;s`upZq=%sZxL@p4V;Z;QoZsQxJh7-x6XI8)VK0S)Enoo5pFxA
z`gqGARZRIg;ACy6f~1W3l8b)+{QkjXf&ktJ-f39*ip8joz4~I~^Aip}S+O7=alpgi
zyRz)HVn_-0s$0F8m{>?3+1fG4IQJ_hR8Iv19~SoE#ld-G;~@rLJnL70?cfyED6tA(
zzTSWl1OLvW#dtM3aZyY*_PG?1ax;*Nr$)F8yZh_rh_kZySFBEQ>+$JPN#E^`5CbGG
zrs@7pr&T6{!lJ?p9TXlt4(afJtSVI6K3jL}f&=nMh`U$!Y=W?El%03}URl(J4+lJ^
z#i#Qqn9}X#InVrBrG{Avou-<28-Y<xm`sM@DB_k>wWZel--<l6L?X$8ufPMA>6zER
zA$UyMM)uA;f2Y!;`rrq!L5ootGX>zjRiKk_Wq7>mb7CWJZ#$?rt~^}Z=;$q`f0wh_
zADdGUYvAj4I&4i<>QQn$UwH6$X}Y{nhAnyTT_ZS1E2BKegIEl7f4WsvA~%%y!IZYE
zr&#tdNDQ0-cC}&C_w<QGrt*Kj?NBf)BdDk~wFww_jB(jq?`*X=mZjvib(EN&$?UZ^
z24_VgEdWyvvOgS-ehfdNp#Eu8x(36O-*pb>DO7~U_S~EYw)IVug6xy4TSM<~qDg<k
z^KPXDixR~PP`5swDO`Ppf`#+@_P`Zyt>gBE)<y2gGUbWP<Xg_N>7xuW&)dTdu4pFM
z=&cuLZobKJjV?R-C0r~Q>etma#k%8A0%P!lT}ed8yr?eVjuLmGA*WQ`go>KMaDU$}
z;oGxH*lKmA6k&{AGX9$nrZ(m1vS$STIacrTlnSZDVXEVkk>cUKFUMJ{vm=e@r^4rZ
zo-+q`pqT*G7bVv%heIOWn6#}cUZmuvq3Hn^7HD5uG`#Lc!zXj0HAnCIwh<cEj9<*E
z`rUyTe@Ku8J5Av~BR@U$sDJWX<i@>y1y}rV_TiLotIx3d_wp5?F{peBYW=&13-bpB
zQ;%Cr$oxl1ka38>3T-x#sxK0^y3YUg`z-u^QiTJSP<7q6G~MLSA%q%R;Sb%)N}sf%
zMJpKe^v!9#JLRforI7p)9eO27gS}l6o7Iaxl{5VAKQ8mdW9#v<zvsR~^XNseG_%Wq
zJofnclWDyB^&j^}FXink)jT;=^DM)SG@*vEu8362Z9Y<mqS$y=yH6Ribq%z=Ey5);
z2zialf){S2R!fQWK(fd%wxc-DWv#rA;edQXex^meJ)z8s$spd3N<MMLJ28~Ye|Y}k
z(qlsDCA?`BV6PM~S7bFW+~fQ&<^3sToS|6Etz+~eNpvY*XbOAb^6NO%8qGp>ElTq1
z2<f3yp()oqg^ozt(I%R`o>qlU6^2Rv$U1m@K4BxB+gxyu0msxpbgZmT!t15H{P0z3
zg=@yWPCA{z`;UWl;|fHXvMlxln18k8FZ|@fjz!`uR^y0UgIrC~Bj?IAESqJK32!c~
z6iF2f^O{L*UjrhCTBY)86}{+Nb!pA&%{xc^>G2{XSla2q^<sAI4)oc&(-;fRN^d{Z
zPwW<wI-$NW7b*g3KPwc8@|;z?S2C~@j8jFo(>7!dq@OCyPhN^s7EYd7OeIZdp(dC~
zubaZ850B!QDB>NmwTYyzz?W`~69dYz9MEc-ki=munT{@B%-T+oQn<b<$wczT6)}?3
zC()1lk<#eiDo<^H&=kUpdt`~v6%2i?${@;}P-nw{)Jomdk@?5NWX%2h{itUgz(S$R
zNXomE&Tddxf!~dZW;%g>lTDMSR)Kqr#%m$#V)#FonL?cTRwfK87o-X~VFoEmzfS20
z*r?(q)0KbizMqoFDg$oW6ELpEvv|ekPbAQrWzG+@8!VAp0SNyzD+zwsD*V*Qn_4Mr
z^r=LHc=HvhghZZ`Kh4kSq>ClGd|O3QQOP`sUC?{<$hSTX-~1!K9Y@QNR=?eH_!wQf
z+Ujo)a#gAUihY~@RHmVeJ5BE3<#^RWiDLI(IsJD&J;o$b8^X2yd5c?xZG?o^ens@#
z!~iGb^f~d7-nFwz(IL!z<h$6Ra6dnLxp&vYL3a47qnaIsEE^dzCAa)~G=A2(;^ypA
zM))K*-k5Kz=f!$NhK<Lpi}A+lT!5PNasI^S7*n5VrL)(@0|5uD2Qr;%tyex(zjT=@
z0$Qq_FE%-q!tT$?Quj&>zdIUWWmaXzQ#)!d4RHG#n2)Xi1$2yw=_(d=*nQ2=$l$x$
z<13%8aw6Q=88KP;7JZiq&*YP^`eh&o^MR0nihXK<&{ARKBQSPGvrH-Cp>LGw3M?kT
zeQhXzXF>CE%tm;n{ANY0l81$O_|sM1vScmsWk=oHbnnTZ!q|(XPJbW&Vjh#`pf*Gt
zkYdJ<PEKt(kF7`TXrU7Aa{a2NJP4PZt^GD$ipEv}AEPE;rt2}(j)fTDK}0YozsaTw
zPF*jVl)7|CtUurACFnjpR<RZxf1p<0y5oGjGQS>bwUw_q%*tDNS<_u;k`UyYHS3oM
zzqKGs-f;E6@@V}r{equ1gU&SnLeS20Yd4TrA*c|G&4CAwC^2Q~7d!i6H}<Q0Cy!!U
zC_PctqmB67b}f%iobtXr(Y_dI&NE^gJ6YS(oY-qnzCYD5+_Wagq^9R&b>16@;AR_d
z8zH+~q3(Sr8qWT?v0x=y7tuPpA7HilGZs_JXPko*hAM?r?5(h`-#Z?9F7el6E6rt@
z`kP#m;heR2B(J!4HqO$(ZG-@)&4(awS8!MM>wbF#*7%X~(=zvH@h^qQ_{au+Mf>>~
zgPMk#P)ah<=^33>oz-K@>(cxv1(36esgU>H=&*w6=YphI4(+MRnO0rxcp?hYD_>sE
zQO)klcyfwmF?4Bk5#^E$pN%kNU?vo&qrmEe9du5W18H>AZs&ppvyS&RrEKvsM};D6
z0*r|pm%nY4i(aCzFPpp;kW1}UD=9>-MSGNdrFvV6vqNsEhTTPTHE~X_)8#wXHh>7+
zz81RNfp4<dNfxL^0m^#h&D%)%M>g&7yQB58WA1dSH@$WHGC;T<UV2agMg`zye6%68
z!MBO^dhk4SIcmH`EZu1%yHBGTYKQh4XH3oR%e}u|df>?Newgh8x@Nt>FC!5Uy>t>5
zqRmmB+rt7Kxwh19FYc&mWUW}Gh1j9-;<ThKmsCUhnq@`dM8mKalzgK?=Ax~}UxVn3
z0;928F!piWwII`3=1qGFN2TxL)0VF4pk_loS6bcfg!A`Zw!BMSq=!Hk`{%#UDH1nM
zmGfnEtEyR_EUv3viNZr~0P?kB8DVav0<N<Y6h1>fMwd-ao}RA9Jn4!pb4MECRA$Wu
zZle*U070!SWyB$So$%9vkLz`Lvl@TnqL1@xM4)C1z@)%~66XFO<TsU_tRu+$R8!iJ
zv(lyO)+&Y+x7rM;05wtyUWmC~vv+F=^{%>caC;wi#la7Kj~MF)mz+}<Bj&gnaa}S#
z3@Z&Gc5P=wRdm%zCJOcNT9BEzj;^;R1>A>OS=GZr8{GQmFvsC>17(3{N|IV(pXVbK
z9Au@?Sgssaz#N*Wqd=hD#m6p>XRo_U$pW4Yl8}ifSFYLou6Y$i+!8$GsY#k3Tr$EW
z=p?x378cW_F-w3d;a6XjV#(E<EwT+l*BMoBPEm|w!DB4;P#dH%`vRyK*E-5S`@!?I
zfLaY7^=VsUBA}mn;55OtjUYdQs3=DE4R5lUB5BeahR>z(dh;<5p)G3`V}<#B<$ZDm
zFli_7KcV*B3T9*qLJ7_&$SS{<zN%0HZ3#QQ0{E4Jj^T_XzntdCRaw}ggyu+_0<o4u
z9)Y67FX_16_iqmBN`Gv<e-4}1`5vZj{0MW*I}4|$lVwRHF3}U(M`%HWOFqO&>J)s<
zXR(zB>JG5OCEI^0%4y~bm9fkDDS$K`vbo}Z7w+Y+jnG@!{q%m7;8j{)mkKGUr>7E(
zo7LVUJfkfbP+-T=gyhQWFu!Fg*!6f7QzMq4b)4^<VV}uAxO5}m{&VORfiEN|vyuL+
zjmd}6mXlS%Fp@@}<8sCzBdpF_2hhmzJY<-#vq1^J)?V()*8)N>8n7MBN9opS+e<VS
zy4eIfp$cVgI~u3#0uTe3P7yU?Z4gF2+ivTT<5S#3((*IRob28YFG0X<aIgSpC-*tf
zbIS`YQX`1UcBR4eSy+URqph9U{;0O%M3ZTpdz>QAIv^V-9}P@hZ`<Vf6)s~zx}H|b
zudd-xI2BJEx>6@|p#vh6o%|stQ6Z=99>iS7&6e%ti+P9%n$hW$sNhoP`%M8f{fWo^
z$^pnMArSc(JiGmq-he<gW|S@s?O}Lxt4aP5r?=rWM45C5ti2LLDAgVuX8l)((K#i^
z`A`z2&RlWJ0Gwu1I``;2LBwo3GPtfLFdj7Un4yY()<a3NsH6zb-;pL2P0^Ps4-SoL
z`>#q_H4D9S)I~S9Newj~{Bm-~$705FCmV}SEt%m!XxGwyeW%L8Gq6H$8ITr*^Ji>F
zt;})uL$v?Q1`MiI0j&=97iSS9nQrDjxTk+==1Ysay7j6*1roY^@>~9>L~@A#`8>6}
zt$|_p0F@S;72!JDU9s*H(K?3*YVR7FDak<vUYF=IAi`2+xC3UsTSSKmx7<|XfKpCw
za}kK`agLUx7$FE7fTp<Gt5tX|s<pI9_7<f!Bvid$gBZSso{PHHv+-Xz-M_ab(cxk^
z0?wm1ngn|TLE;C~PV3E~JKO1|V%BOA0H@mRM6iL#F~95YHH_{U*?tFWPlRWZ$L2#%
zpwMmkGHLBt1#OGU$8TbPefP(tZrgr8YMh7R)WhlBvv_PTb`7WbD?8dn7rYK9MI1Bg
z=Z)y@>$^8pSDT#oR-!ogeX%#IG`T^>;Pttlitdrly^W;t{hAfH)6Z53OW&c;cn06_
zlvIP)hOa$<Gk5C~(=Ohh`}<}o@%%;3rl*Z<XWEDE20ac89UH{sGv*Hv?WQ!3OIyIC
zGUG#|_6UdV2XXNV3hL@F4=T55Lu9WL-<|jR#>?@>k>MPkF82A@KggUaY$wej;8#=s
zl=jUAtHTUs{~m4PN%Yq9>$uk?&yC2tT&^_UZLP&lx@mHlAW6yrvlTMUWBPvcstp-r
z4d(kRsN-~hoVUy-Y%K;~+Y{MWQCUJY>kv?xxBX3vIA7gb@O+L?ulNT!Wh}ifE^ZV>
z)LC9x<k67#yf{PiA@<iz;2M=c&S)EQ6>NFzffNY0pv@Tq#K9L(Eyl8i+mh=dercHZ
zMYIAC<WDTC;v(#@&^~VQ&n(=Q+0DxHlxx0hq+GbI)@RkbyJO6_DR(U8?feF%-2FYi
zhB8On0nad!ovuX{4l{oWle#ny<m%5LjO{H=s?2iWwaXqWwx_xoNbqbuCvmtFHzd^g
zWs|UAJym1&4PGs(+-ILMX}yNxjS`k^h6I>B-bmJEZt7_?T5E3T&#BoXXszkfOia9C
z9uW?~YVBjnyL@Tm+e~<-#y7W1sBDWCp?H;U<blJA`}E&-SqXIWr9zVM*=eNNMd^NZ
zVq|N&aWi-|BXErd_haKmU3eqsd6{@2FU<ISZzuZWsW(HZ%DBmHops*1$||!NMXl85
zu{KZ&^|(l5<?z^XrG_a5L3on4@nGv!Q=ye`&&3i~{!V$|Pd*J<CVmremZiFlQU?2|
zlDiOR`C(7AizNT!g3F+bVFbi|_aax$%W<9w=^DDr?<dWEr&DGz9@SwN=kZyF#4YUM
z!;K5@_8!MjoFc?G^~%Y=l+v;Isk{w(vm0d9;&@K+t}s5vc~V5BsL)LX*{9hmjr{ZI
z7oV=WP(U{0Ftw=<)sTwlH`QD6dPN@nW-in>X5G8KC-7h%7YeZ1wS%!7Itmpm)^9~#
zm7~ZB^6%XD$5~RAT1d*SYG)i`7oevn-0}S6942fP%bK-)6@2bwynny%_uXVreE(MI
zF**U)zdiWlU*)xh#tgo~nIg^L@jKlIz#r1VQJJa>$rV~=b}E7H7Ug7%ZRvvMPJ8u5
zF0M-KrI!tZYq*5V?6gTTpOy5zYKAc>reC;W3xRj1`HDT&Pj@e-Rl+`k`euJcVTO8&
z#(IxBmzN#%zd4p;TBvU`Y9DmC3gjy~HuR}l?exF#S)ZxZIZtGmU&;vn<=Dx6Xnjxh
zzi2G~^*Xk$%Be&>(^!!Ie>9f=dL9425t?iNCz9xY8JhnGwyb<aCuMQ?;voFZz^0|8
z{kOGmcK-?ImY1@vMAz~vJPVQR`4Ev^$NA1B4`lTM^u}B^hB)LDn*cAzK;%a<dKx$)
zfsz}cLw!;05TnZ(f@|efJcmKO-3y&H+!=I<(Pa+7?RF@h6QL&VD{wnB|Khh@z#?D9
zBOSa-Up$9PP24*%ggwVKJWgN@B9S9O=kavD%P}B%RV@&t%NSAt&y=$F)0iHe8tp=#
zoP3Wt+p;14?(5<_wKnwNzp$!obL=Aaj{X<_n_>2UajljeX*nFvkkTCF|Bs>cGp^Oz
z()EAxJO3}Z*3Ac-AMbUp#Bt{<N{{w^OTE3%uxCYo(u^tt_P<!ZmUtbMU7T<BL*mQd
zFRy56U$S6?VZP@?lK$11k1)ptb)`EIO;@&9%K(gfF9XIZj#6HDz+gKM-B>N9g)J?m
zN9|0$V>{{G7ZrqItbOch@P=ac_{<ttCpmbV6iGwI7wGxK+*kpfVN%1}U(~Y+nRlTF
zclp~9qNw{szlvLD3BA0q0QV;f)XtOm!!tH?BL!qCbooGG`T&}(%Zk#k|F)#hZ`Anj
z!RE0L{0P6o8c%U^+uvyKoXd?yjXuAAOWq&vS@|TX!8R9%Roh+fYLhY+yF3~rm)sb|
z-7lwC4~_jtR4!Mu1pVOfd$PNvabM74$EXkLUd3=G4)*uHY#QC<-xS*6a#_~L`fw^k
z<D0pfW0FyJL)6uFV#np`ILy7V8nq0%q4+mw<Nk0B%y8d9+?nsslp#-YlN?1=4I!}U
z2Uj8yFT=-N*R$t@!EBgG!+mytYBQ4u7pzQ%8zth#el#Y2P%fsH1%dfIO8YGDxIwv|
zmI9$?R~@5{jsd5CeFRTlI<mu8{Xo}L9rY=WlgD$Dcksu9N|pYEh$XkFHn6CP0xEvv
z&5BVI>Mxe-s?K=Qbh{GC-<^m2esGhA+X<HNKe94Hbl+}@;l@T-3|TZN9F{jf^U&%_
z=9uAnox)zCrg@Esej1(^+vCLJgFTNHxeRI@AIAGz;+tr6Gk4VORGJRiZ}E-h96Ii3
zhwb=uo(fz}QRH0@9CWSjwtS7|zcCG3|AA%i4?}ewkGDII2l%0m98i{{cq?KS{Ub^~
z0HY#Q#c^i&>XVrR`Mosys`^nIC1EY{p*_o>sd1-u|8_9*_$I$w?V)Nnex{RuY~Bhq
z+4ba}aKs#Qcj|?T?Ar1;=s0TK_doRAH*QFW4zt>+ppwM`(x2bJSPN&TUCfTfJypky
z7qT;M#~K<@&z^5J;<#r4e)oaFPRCS$nWqmAnd5he6*mU{d%3pWyQC#YU}ouK#s1WO
ze<@XEd+qk)K6+_Kg$m@cqptq^y3h$6E`(J3`(%*VkTKzI4xfr5>RT;H&|&&4(vau2
z*VP+d*x=^6E~hg+#3I#HR$9V>hylv$R*+`DH4pthgwMJJKl!I;rZ@YeG-|M`F?LPK
zX;nE@)^DmrtuXpayh_xfr5=u5ce*Ys&u2qz_9|Z4_%$9q=2nC2Ie2qjy@efI<aRyR
ziYfg|_FFu*!*?B*73mthHg8y(8$Mp2m!XXm?;E)vRD(0{Fdl^DAaCgm)qrX9hS$1#
zdJV;d<MNeVhPIA}wxZR9$KR}^7m|$Hd^HUF&Cb80uK&0gkks=Dx{P>%Wmyaz3%OO>
z!DKG`hHx$yWTbNG?0`XupsY8gNrB7JuLiGS)g}`RKlbZP!Xta*mb$~9s{&8N=Jc<Y
z18uX>WkLgz%%<;?)%{hguPDIhaG@pQQE)d*ElV&PsDCHYw&TTKVUheVjd3JB+`#Al
z^Hou)vJ`<S;zw!0Jogn3H-N#FkuhleaJ+Qi&`(k$oOWOMef4J%lXqg)-L`C$Ryl9c
zUQ~ZC1~0te{3J5+&&xgEwekm5cfQ?)hVI;nh>z<LCb%LzvA%J{(b!Yc!1B0iF0mmV
zzWw<wjF<GuJ6LDnIP4d|-)k+m08GJDpZNpYBY4V@`$YrdpY-j|J2aWP3kWS5$Xfd_
z;d4(?yX)!H9HBu2Cj0fL;iZ5WYexGGj+Ynsa#jEBFJ_m{K`^Jng1IC3R##l?Z*-i$
zR<mBteXtB8#tD1v#YH0<hPcA?$CXp1h=6kj-NN~{9+6cxTac*P-Y;U`d6#H@ci0fi
zKUM|G7)5_}uMVq@-j}}Pq`@|%Q;Y8csouZwh(1eKk_+}MoRrgdLZH}|Zi?#)YpvF3
zeT)C_cE}kRz)2d&R~vGtJx}GV|2!R;J(*81hn!&D`T5oza~v4f6PhaZcNMUvK3@fp
zX@q0G|4P@K1qu6+QOkD+oA}c|0mV+0_j+HrVhg<zir-dc5p|bHe!V6OT-ARHT}0!K
zXEz%hYYq?i9{@Q(#=jA2rdKTyj46vx8173{%{-k!g(!Rftq3Kex3_4{s5(hzlW=y<
zsH$dh{7-;^;waCv^uZrvpjZ|y!9%U>C)QuCsP(_$c<t#e<8m=8z2OrDNQg#1+ewH+
z@r)SGfKQn>APNxy{>4U1SJDTc2mfMa(ZYY>J+*cIE{RgGd0D&h&OT-xVWpDE&XKZI
z?hPJKW74qLG#eZ{qsbzEX=$PPC;IYWuX_!6Q}fkaC^4_-6Qp}s_)bmu$SW-O!ZF&A
zKsD3no~8snudCspFV@lK70Y}u!Ke5R5wxXuE5jGgJE84vQ8`A5Jgh*IqQS*11k4wb
zE)(EB(Dm#7$|UxF1eQZkd6VfKy`WO==NAs~h06o*CaaKkM)0Gr_YeU;Rx$k6e27-P
zC9ac%DNNX?NaspyW>A<M_H0*#n*y*upuj5Di!Be}M}HZ=wu-H8OiznJk^b`<77D%^
z@eGlK;l4n#4=N>DY5=&Fm3c}+_)&*<jUOxN<{pof==-l{K3E&^z)egSKa9W*_B)I9
z9TtH02<Q)7;+5ow!*Fv%6yBEM({M=K2k>UN7i^Yf_>9Fpi^6cB#IJdwMAvLwmFOFi
z^^I>ZkAGqao@PwAG8nA&_@3~>HB9zQ4#6g=)LR#X>sW6;e(gGTip;<E7%2Ms8<`aO
z0(>_yDFtvn)8&5xo>6KU*@j0V2Yv<RNdHF9_g)k_xaJovXhlghucfoCwPWsrmQr}6
zv*pCaix#5mU_8GLEZsN*1XzL#;v5K>$%gd!G8iBBwwfr8)5&uHE-zf{Jy!^95OJ%K
zX2pl$P~h@HX+JAy+g$j)uW4ClTSq-g?1l4N=Ps>pZ=HL5>#=PeR~G8)uPn4GQ~MdL
z7D6D47JIxHt|_bu3=YE9!kO${#vTzM<%*A#m;h5Q&_6Wglh>r0Y@@--Iw0e*@<_PU
zJ63=Pf<Cyba3qV0><!r)6*Z%^M4absMrpt3qtdDt{EBT~rRy+SF4Hd`EuZdvi9x9t
zWDOD?D#Txi!%TSz94@xQ4E&{E7J>v1`DEd+fbXSX@X&y?r%-r1stkxpfA)D7NW$Tj
zQhx!~R?6P1B*+Bl4U4Z!AQdgem+Z*|;2|X>4f5%Ce;t%yun-dNWN<u0;aVjIkA-Dv
zvk(5kdWj)9bW{L7EiPnZ8BNK5u+^%0QB0ZxXLhu;FYZ{{+2jrB-<>Q;!8(EDdArn0
zv#uzIb6DwYJKc~?XJ1obu|&VGFYPE@fxiwv_EYsYFJ_YXT%W+J{oqcY4^CmF?6+Fo
zK85w8xo`@f3-Fm-p+E6Wz>>De%A8W@?*UjL7pSHjG#tmcm%&U=2yUyAVUZ{1`7I!R
zTOqIVKuYm5@C42f<qD7m1@5XTpN;P~m9)MT;G@uJp*;pGD>dN-Cd~55eufVpInF2a
z7NjG~;TfL-U$6qlXmY*@g)2ND%Rbn};=yx6LaiUS=D;0Z8MaEcc%@hQ6N~KgdM;z-
zRYU8V(JsjTB^r^x@v!H^aGDeqHc6h_864JUAkINtTM};8(Ing|9SU#7%Hale#hP@J
zk!r}=*?VNz6p@$UMeK%bYMG?GEkUO!cyRK3BWW;H9LPQhu<HcxP!Xm@l5}FaA(?#C
z3q!<1b>nr<`i$9RzRsXV*5O>GIQSrg*FE)Y7fTvOW{-%sUWNx`5c}Eq*;ln+_aw5Z
zoj$l(QiR(XJA<}@)!7F8#haxT?*$(G7^IqS)U&D(>|=($W=7D$jZzUO<-5#VXPWmg
zT=yg4N=BcJlW+wZ)-Dk)V+QVbOiJPeuuHsfJM-2g?P&@g4A5%WB;6;xA!ykRGF=yU
zSJxQH-<k3*6Cah}DW*yN1bC+~h<`bxC7Ee3k|oN6!!5kni6S1O3ySbWfWI6(8#f2S
zH+T<E1gvH}E4!dvhkzensI&%t@G)tQ1O-Kk=a~pycazjQ3E#0{jPgQnPnjfE!o6h$
zFsgcGi=9HdZc!vI-M~<>t8lS25RQ&8pX!H8)Y{c%Q_{f)+|P6zK^c}tJ0@9aRBg|O
zVS~pDF~10VSsQeC7=GH#W`kkwWe>F2r2g8JI39cyM);fHeyL-&oyCLcdJT8HtWS)g
z2-_E^f=fID@yKY{qD+Es3pT(Ph4`RSG2Qn#e-MsP!mz450TY$MFi&k)o$!c6)_x^Q
z_Y=38_JlNNm!xc!LVH5R7QUQ4p`GFzg4og*h6Ky-w`DxCDr#L;%J|!+7vm4A?pq1M
zVV*F4CREEPOBlugZ+;v{B#nmbGjZIc`RQaDvYCJRmD^bahr%7rNl6pu;uiz*!ztVs
z61#q3lXQ-nJSPOF7VnBXO*4zce|hOrjaCy4<0eTkahmY!>@v})961)Zp1^UVziny8
z(Kma0bbK3SFso{Xmf0Zbsc#GXL#?LdTWC(+ED6H8D&|gFxD&0b%Zrn$<%va;P>9FM
zKoiS=6|GoeHCc8;+QMb{phv-@3_g&G;W%|5{EBm@CT6ub7XH}A@)V4Ywy(z1jfS+%
zih@uZbVv3-p)kBxTsO%{H5m3bfVc7LS43p|Tc@7hi{`;ee%g76-RW&K%qhVX?sN$6
z6>Iiu0uHSgmiq_fhIkYXS3CjN`^V$Gt!EEt(d-?5_$)G-#<*bN+6i!)QOd^oqeep^
zbb88g_{(5saHVQ4iL!zq+#`8~NBe8(4PNCX7MU5OftVS*Z-kj`NS^1zryC8sr45Bv
zFH!lGkvyP59*WPh8<!NGWH@C(9d~vJGb_dI5^j0fW##NEi7vOBkLzw+rRxmnACB`^
zh?j#WJ)(4t1gnZ1y3PocK*kkE!x?ycN>~PeSw}N!-fX{MNVus{{E>!)uXh@mVL=A3
zMonDz@bCJk@#*{d-6?{jJcuNSZ)p_b!RkpSzT9LmfQNUEKm#GWP=d6g2$cguqjcQj
ziyo)SaP&TsZvf7?GCYcNqiChjGC;HbA>!RCzA+_msH4NvIJzg{qFEcOg$PVR+jr#%
zoWSYkak%M)!*D$Ivx{-u2EsM5&Y`#{|851Kv9<w6ZXi5?-+WuDW7qbB8MS;cn;oYi
zea5f=PTnavDVF<-@#w`u-+`LZs}k<S`$*!87+t#>ZKMIxcML9y24STX#`RY-6s6;3
zEG~`n!^Fcv(tQ))*2!z<*i9&Pvf1TuwBns)+YQO|9R>J@+G6Wi0ZtFfxPA9xs|j^!
z@^EoH?D5!8Hg2?LD@;pY(gcoJNIuW^Q3-Srq@e-~k%Me=klA7HRU_b3Xq<#!HB3}}
zdr;U7LHjOS09TZ)oaC6Oop*a7C3{<(WJA`u9DoL^R7UkSb_|P%?3F5SM1;Bma}utM
zr1@eopI5IIt=H@y>cn0m99l3M9>m47TWS<`)`}ZLsAUr1^A*7US!-4Md=qXAhH+n)
zF7m)@o?6%w9LP)&_IrGAPq=om*@RDQd?Us24>I^lJ0{`#&88prz=s}1c(yP5SXMrf
z%Byak*xPEtd;8GS0`<7WKlE5QO_GxbLLa#dr+^H*!>fg7`sQZTi&DV9UEyL4g(hjI
z$301!SN9*5muaf~(s;Izgp*fzDy(I8`+5qrT{u?B^M<Fn23g?YVr-g1XP+dLPJoi|
zIJmK7g=#+=OQfB7q&U5JP(-CsjA~#Q%gA0a>^swgJGH7+HUmF1@SSSIZIenvLp-W|
z?Ucr}^RGw{6^AQYT5+oFWqov8FdoD?fy*d8fHZ{y8$JE;b0Ge8wC?QmRKvRgnN)~y
zzb!gz@vsuhd>2wi`0?N)?0%a)H4OCN-N{swQ+hOR`NfY*q^aw?bB~RD=%L5cgF7`F
zo%M4IXz@r_7Qt)L0(hrvt>*k9h^q&}kCLq0H<rY?)%jovK)H7yd=_Q!qnbnuv^SJ_
z&(fUN{d)S2pdSX~d@1ujq}fl#M0per$Y}VrXf2w|1w(PpzF090qH;4j88-Y{@oqBP
zWbdh9c(YTzUf~Ky%T5JlTp*J5(w!~#wXhm589Dz3sPUSOwy||UGk$LadrxDoD698!
zQI;(Z(#-R{DCrAZ2gWt~4ixCCK=78qUPZ<~x6es6S*T881~+h$4QxsS4e`xVULt)C
zq&-L?iABIQSGIT+dsURWG*`BGqiXLG6Go<^u1guBI?tW~G;!EKQe=>~Xl5id>q#}I
z0@uV+zmsUYQrMfosZj@e>k8n>vK6Xx($R@@>dYjcGam&+nC>Zt_d>&h&j-lP_-9FN
z!fv{G7;5ws1dH3*tSNZ<bT5rF&LZaOAs>BOjh1=u30baVW?v=#X#;L~p-rI)^=M<J
zVFb>(iOOnW&H(Y<BHX%CXsHnW0r=ck1{ai+!MTzRabq;QvLs<x8$7uE0?U->#`i1^
z)77&Q>8A6R>ZvJhKGm6AUzN>%#9&#4QtaU4zU0~!^L_BK<gUNfo>g<4CKJU(eF5%V
z&Msq7<L_tkw>DjE*V4u;J$p-oUvqAnCf;`_jzs9w0#+G}x|;vK5oqQmn}&B85ceP9
zLF4lKLv(3>06KB7*Q4(3EKX?7xkrdgdv`5k<GiH|?TOPvGHX%2ZIXO|S%P+6(wVO1
z$D|?E@Pm&AwzGJn=De{$OYQBCS1OY(3BjiY1@PB_Cyg+glF9w2v&F?UZO~xI{uD>M
z(l0zVNnB9Q=S{ehL9g<p=I9KzA2A+&E=0|9xcD_g=~&Kfik}O&sLrmrx}gk;!y_RX
z&cmhuP_i$YKMyY#t4Nc0g{cd}wL#Zl^oQY%;#$?YY6z@3I)TSF3LmtHS1jTK+B-NP
zxBkZrMPq16FwIy0!^^dd9pKYqxxYWxLY3pWJu##A`Xmm;t(({#eg!AwH6FfVK0|5K
z>}S5k<+xcb+%-{rLPV1x0cR$+$5Tx^O5x~L0SJ^NBK6?S>7Fx_cWcfhCSEoS*L?zZ
zgs=6YcolHzp43k~e}qydLvJze&klhi6cNYB3{Noyo!&$p`KfSUa;=s+afp^tz39&R
zVSdGQR9VB=RhIY02H$yJ@Puk%OGR(^Mk|B&U<EXYg_YUS@<fiEvKIwmuD}jsa1@(7
z+jZ)H6L4qX8i%~>WY(HSyJgY-N3n1H{}nUnZ0j7zdcX!B9w}K#BiXr{3Fk9ussu{}
zSwM$oiX>i3W8Y+>E;J7l@qmoKf+8fF%@i_aiWJ%+(&QID5FsiqE;bfQ+<jjl#c?fY
z>HPv}M}4CvE)dH+Xj6I%9WJs&TY!(bPovMR^#o8mg@+Ni^tlKLPbuoo-qFI{QkOq{
zx1{g6j#(AfT~crXNh<Gc$tEY=<dDJhAFsa|A3b%m6!qqupO`W*=V?!ny$^YEB29C4
z%iQ|K#i_5^$6Cl~+axJ5i;Jbv+~T^!hnv-t@XAKI+ik0{EmVx?vkBvT;;jK(s@-PS
zecVKG{^ZXuRMd`Q52vj}ah*0&>#2_d<MihTc`Oujjkn`7q?(LmLpozG@#cjeIa*F+
z7O1!aoJj3zoVIA1roJoCp-PeUCq7{o3cbEsDynLk2|m6a@*49Ei8N;22pl2fQxR=s
zgY57YG~u$w{Zat+<^Xsn(Ci!Hr_*4kr+-1)C))pne7@7*duCUrwyA{p`2H0VFOlFm
z^mtH@qFZ1;CKE!sCt5ST>bWQ(q<UGRYUWP>zZ66X7~K<{&4E$lr)b|9RS**|5a5%7
z5WB;}-Vb<R4f%e;M-A4Xgfvdl;AI?{bE0K%in<<uAW7EM4xch4D4oyH_fz>?IYpf<
z+(3SN94;;{($`&D7!%53!X1V3!=exp@Zg}~IAe{as%BQ>QbS9oAskOT&w7*>SST1S
zPK^~jqk^6dm4(KJN^hz}*qBh0w@YwR(PVFDvG-F6cBx76Cqc`6A;RZ)N6#0R=-*r7
zNJ3G@l!(4P9{-n&TLE8tV*X<V_FGVh`@}0nWr{fWgx1cbqfVX}UvtF56WcnMwx0N=
zUNK|15I34mQPw0g(`Hl+m{FAxhL2p>dTh3Q;vtKdEm|6gd;K+K#wHP3ya20x1IfZS
zLqWJ!?1We4BK_8}Aq$SJs1f^n;X#=NZxWRUWn4h`gVBzLD&4$MMgtmGg*OPRP~6P(
z)#Ljk<2XAc45!GW^vh3?PZVb{cn_DxJUJ##5^xC$MKVl~3&bU?(Kc~I$Nwq`D?LmM
zL9I-m^I@7Q!$*bfb23e2gf@9$u*ld<FE^A^{|+kUa_A5*f2k=k@D3x?`t<lnXjd8B
z<0Gl3XFe*_rK>|w5D7_}BWM}fusPB%gjQji!+8qqi1Z2_OMsyYExwuXX@sF*-3oiv
z^OoQWN0Zk6I*NNQXsIs+E!*UQ6{xI}UK!$Lt488X%nbG_WnSqT1s+x%c*ldLx6&xA
zr?nf0FM~z;w_gU23mxlmVWmtmeYpxRqT~6nDh6Lb>8x(@m58vus1}{oM$_6U>2Q-;
zqQBP|IuR0LJ&X!9v$L3PY*BZ>Ch<5Jfj_PLY<Rw+FWw+Z;Ed6`5YCak&=C@Y=g7i@
z5NL&yVXZd|3*}lh^?7eJCZ-hOm(X1emFeq`mo3~Fg!Z6@pS|!`0x&wX1PWwBb9z<4
ziqg2065*lxt8wOltXWnFOj!{g@6QgGl(Pe&Pxw2B>(v%^OoSb-!hJ=9_{+ZCr*p^j
zkjnLQ(oIPmCD%d>$pK-Y*RwH70;xHcw-aH1uLS$24%><n+(c}Sp`^<Wh><K}x0JEl
z!~@O4?-d4e)Dk*vkSld=<Y?*|=wHN5LrvY(m~7bO?*mhn0x<fmpx0yK>$!jnH&$YW
zrYhVY__=Z*oaqU}hG1PY>MWybNSwn*ZQ+haBij~^bV;-h5A(Gu<OU2!A)EOniszJ(
zHPC1odszf7E6iI0qv7eo8u&F(2G2IF(9G3My7g(JUrRsRq}kuZq1EpzPUB;=`di?6
zoFlFNB&n#(%qV=F14KgM4Z<CY=)SSnT?-);Zc)=)h9nI0JRgS(w|itf*sf;ZFNh{z
zqwC39I@nM8yx#lt@K7i$77P?~Z|fnCYfL}eq^CpSr_}V00;z|lN&8`&nqZ4XeB@2i
z1B9DpQ(kiNz0G7~r4==AvystmUZlZkDA2d5tHffTn6sq6O^H=5C{?0#2n*xlYXbM*
zZW|TGkt<QUp+)%1fOsAOM87YayFjf0eWG!imrxU1p=OR863vwG@e+<45>6}9VIlaw
zQ016V4)+@!t<};;4$+J=D{!33U_aX-#EUd@w8{a5#Sso5;308!7`Mt`GrqHUQM;O%
zG)&JBCUhnm<ZnxD@L7n13HTCe1UrXk8#2~3ApB4Gtr*rReY(c>PGu5aVx<tS64#C8
zKeN*#c40g%@C?q(WjHh2hqCFz;W>2cpH|>yYrB@YrBQcYQbKUK(F<jaV50HDrHu?5
z>nM0&;jbo>lSt@{hGwq~5BKdSey^Zxlsi!D;U7~qaVTo27S5~nKHHxl1=M4D=M5z)
zdnM{UvCiiYL1|%4Giqt{6UM<E{ns{Un#{};Uqskc32!^oV4ZIu>-2&t`e06=7QCs!
z@I*m}P&`meRh2*qdW*l8$mLZZO&5=CqS=GeP0(e}t$k7d4uq2f4Bbuc-N&ZjRv8!(
zLWxgg!>7048aJ$cEJP6Gb4<Q$Y-k@-Gq?Ab@G|?@PCm!c_$1ThC&h*xR$nc%!_us;
zyzmdHoTTRdf>~&PF&{qjW1d=2D+hD;>5$&KrB(*<GyIZ7?h}Cpr;o=GF<^0N7nrjs
z=z=+mf;Bh|tEF22wxGN7eC>KR#T(7;)}T-MX!frFyVnbK;iloJ>r<#lrbv&C%rqsP
zkRQJ_8h3}YBgClnQ!)7-xLXEl;R?;#m)6stdHrf;M_n{KU<Ltk_XU_*NZ96mffm>y
zG5B*R8O_|#o4vt}O_=9duVy!eqORnVzW2go0S@O@Dz4bu7QoE}+r<)w{f|;y)C3Ez
zWEWJheF9t%lC{h)4N+%P44V5ZwC(v$f&nMafQU$-j>&{s%(ZKAZ#_KekqQ3WEuACG
zii>wQav@P4-6%ZKTP$hg>*z&EGjB4KQ#_Gnd_68xTHp*n$p*_rp?2<Jd~`Y^tF+9U
z$pZmEl%$P9G7g_tr(suNhcITS=IrZ5M(bc)!nZRH6=!o$@qNO26P~J!qnMDn!?-hq
z4x@Z=G45;@nord13(E=Khg%|Lu&DnEExV{cbQA~B>Xf-y9#%dOo)0hrX*!B)walXa
z;$|5a+Z)27{+j(r5QU#txUbf8ZwReGouh<ma3CxyZKq4=_C16B;zg0L8sv+6rk^iv
zVPQ&qsFmZwixoM)%$>3%U*`A|FQF0%R&}lPA;E!s{@pZDca}wiFvmZDJUKYuKM9tg
zgtFK98k6QukAF$F$)s@4eu@i)n!?5O7Mj8>a09;Er&KQ9(>V1}7{E2bGW_!TDcL3~
z+u#cLJ6!yCU`Y#31>HFEj5r@UoC<};b_uRiWHo!#hG=qP>4ESs`uHDvaqFWz@;k6(
z<D4u-o{XyX{1Ow;OS~=CzQkyvC7UcMp;<5qHDT7ir>ZCZJ1>YrOW_Oqr2;+)Zi}sA
zS9qlZLEw9%aG{=1vxK^&gMlue#K^i}-6V>ZrDv5K=#`MmIdXn}GH}R_f(OIVu}SVE
ztfmady$tVu<p>+iq9^?1+&4H49|iba*n#qXYlP2*Ik8$bdu3nUd;;ed3VT9}Gcg~R
z!ha78=$Z#>V;!nJs|ZTU{A%{y<0EG(J?BA<VHd51H$3@iz;Vq?3jK9L^wufeh@N?;
zQjHsDie}a{8ZznS<k1U<3}atK&>bL1Zz#U9@^Av(0vgtp!h3zRY(+7@p<zX0q$%t@
zU@DlxEd%0q`n(Q47f96)EZHDDn;^LMC#gzG$atVtxFR9m;q6lLAFCZBEVCh5;Lz~t
z=5|j{OXxBs50t^qb#ZP9eXOpov78<X{;LSyT=gWph?!Jq5$+TwUM!y5pW|ez!UlQ|
z2pG||PV=Ps%H6Rp7c2VO3meNF@*jm?YT)_VY1H$b6ddXu=TW~ws0B#|w1~NjJljY7
zu@0|O22bGV&Mi8Ly&P#YlE=m(@Onsu$E0Go6^HiW5c8d+z}e9{p>>=1ipceJ46TE+
zqbIVxtTCCsRgIu!<XT}*d$?Z-M{zyfF~YDKG80<yZF=z#$JX@BWh0-}vVR*QUM9l`
z|CPd7)4@J84a+6I+*9ur;-(^8+K2TUjec|$7|K96!ZR9l)Eo7F9*t6+%j%?OYVcMV
z>r_S<PD66da%DgB4+)BOf>158Lq!x1EpP~q>eOhx2bW^+Y4~gTc-9&0cY&R+%dexL
zPV3S(1&_^O_Y2LqIL&3d;%FVp@L8liX*MPIp8&U%dfAUcP15;dde2pvH{0;)Z(Nbb
z3(&YYg}uuf4dWT3nUC%{5xjaYyt<kU-oS!|U0^5yY-q-%6$KykfE6iK!@GRkE{Uaa
zco%qRcq!DiNovM#nXmSW<5g(6cIsJH<fm}a?L3a0zeJ0fY)Cp+k92MC5@oe8--5%{
ztJqdi7}pzKxNkgMUc6HHPrZ1m$?sqhdQ*g^_AuWbF05kvnQ-}0;squSxq<c^&h&Ic
zW^Isz3D<;ZM5j;W+&*@`kV8_=7vM7?a~sEl$mmGl;MJprp9#N<d6Xs(Cq40sXvMA0
zUj!k*q*uh?0ztS|gr`K2y(SP;oIxA)DfA<&h1rIIhOIpj7pd4zXdZ<&Gf#;+Zl667
z=S@0uKf$`na1`{ZdNM<Hx6qri_p%2Tll;h7ds$!v$<|9f^w$v-Z~s(;HQusl|4Tgo
z8vvW<t?6vJ)uVrStH&B(B>&<e&<jYdqzG_HCU;6Gwd6SlS28OA=V3|JgUV<^7sd*L
z-zQw9urqzI*_TJ*9v8hgDaFQSABVs$^i|^g)KbUvfWQt3a0tx$0|Yi95a6cCgaAju
zw)tReph(_@(=EN-lj7JH+Q@yAR+IT?fDQ2z5;ci)9k_=^0pEPwe{g6ZEO(6y3J0dH
z^YJNslD`}BdY5_8&ppc{&@JRZDvEWxl!YW|h)fss)j1KhQ_5IE1cUPYOr#&$Bwail
zEka{*pbOs5x|14R!Sl6T1bq&kV_MurA$_w$h$-SD0g|YVhLcvJ`9;^;Pb-DX)3m~a
ztNQcf6$`!(nW#re;bhPE;$bfy5hWa(4<r?C^zb;f?_vcO<D{+)wvZOigk>Ep6lLpU
z?W>I@8>dnB<w#K2C-wxFU60bp;QRU9!#zqKXCs%6^il6%mp&41io%p&9Op(EI$s;$
z8qWafD+$*4gRmUs;x@G!Iz11ck21x;?>nJzP|qfV{m`M^impjD?CMpduY0H>COlCt
zyip-PQ%OM8u3m#^DWwR)Os9Wg!ATVIG`DI>zi`A$@e|MVpy!sFLi3gy?=)SwwGZ4{
zbF}A@UeHoBh|tN5`4=BtkNWT1UM@fdC+Gp_ED3tQ#MPvDm6RBtyZCdxi@j*nC8}nA
zP%MWMFhz{zpsJ;HT~O68y-Q~d7rqraC`ss%Z61JE&8%|qs)jmmeSg(lobY~8LLlGt
zcn;({CGOH6Hz!67Cj#XdkwaLcQ06{R&;hGOjaJeuKinf%3jbhUg_9ijv5_zx9UN6P
zVT)YD<=O)Ut7{zVZZ9c7EdcL;3;w-U7T}WiPJn@d>K2E<?!SNzvwTJRtv6~G6xY>=
z$1sR`W#92WxR)s&)2CaeFD|YTWYZ77^sa%o*);I_O7zRUzAjAcTZLm{^#S2e3j9q`
z+0Rj7tfX6iQ(~(1q{sW32af__V^wlcH||hq<9z+wD)~77pZo-o6VC|;e`W}#iE^FM
zG&TU){$5W;hT}qK5WEDjD$k1nv9u754~^2_Ym;4UX{9{Qa~6XmLoT#558u_vCGBvI
zTmVx;Olt7LDFGEc1s4;>Y&tFFuuv|8%ZtijWZ#vleQ6LbDG9=1bz<mtxi|i-;Q5;`
zu-Zp2c5-ASd|Slu(<CaLVc!>Wv7uYg_Bk=2p??JThZNy0=A9S7FL*v?WC%3}TrcTn
z4{QrnPr`4S&ijRE@48meZ(2u<Wu9(=8So0xdhwmw0}-OxYM1i-tHlMwZ<=cs<>H5D
zDC&Xorje{H^NUb7)Nao&<QRskXii=F02_&e=+<eT6t|LEO2ci%IXVprml{-vXA@n<
zHH&k$QK8ihq8P?s{TxIgX=QL}MZQrB{>e0tYtT6i@<_iGt4)ICv&n{GUiLu|Dp5C#
zO-l5NP#9i|Rk2Tnp{OSQ;bcgCHWRDs{A{QTw)!gI8cg2>x(uf5p%jSp;vsG@p*WdH
zh|B6UVd+Wd<}!cWZ0Z{o&-5$nlu)a`*zAE;tx%KX-?sV_@U%im&3eabO1h5BPc9c~
zo5}|cKZ)QLH9zPJW$5+fd>Zd{9(c+l<4>&dYu2hE2l_N$7n4tOkW2ff${8*ANBoH6
z?pblWsU)V^#r;Ws`_GhM`~VNX&2DGL6z0T4e>!J2Z6ryRbbunjIMeD`p$J!cxTUp^
z-N%D0$%)0BuksgstOjjG+-ll2R(w<DqW<Kd2zR0J(x7co%^7j{Gd}*;k_?leUA3}P
zqS+UQaf{`H+*{x6VZJkhczP{9r&6dHEfMZ_qA}5!Z6LVtInG0SL})J)<5O|VfYVA=
zMa_jyXtM%OGyWp~6LArZs_FzQ4(R4(>{+%m%9{Pk0Ke4E;Kh)GbM=rBc=zT5M}dt$
zK;h$U>WU?VXrQ*dg+Um7oMWSMXq(DOXTJto;9WGuz6#Me>PD5T<M2!CRcmyMglloP
z#CapW_kA$WL+}LZ=!pY#c*iHhFE#C|^PlO7q}d$DS1aTEbh7yF4vB^N<>~$J^0<fs
zx-3Txg9kmX+4`+77rxJXC8XhX^KUb<xY0h+Mq$raiy~ZA%BCq4gH9`aOwnDTc=l9^
zhdqYgql_zT%TUzjx8O+h=1ygM(rHQ#>cd>}8m>1vv`H#<*V|5fPASH}jAo0mz7NYU
zw+q;1_-w{4_3m;zx_IRXf;+bcIVmBnu!~~2+N$sm7Z1gyadh!RlZZiOaZ6BUKPRMx
z<+#<(7unIpb+`a)aAnEhly<aOsDtfQkvMF`d6NqfbAn+PA8kaAk5;C^y5k>MZ8Z^j
z!TzPuk8VW+eq{@^`|AtZ^!EQ57VFopuYYNzRhinckTanNPx6B-7DkQZ2k4!zj;t2e
z4Dp^f1on*qNQnd4p+)Qy(fj;F-~CZ|L8)s-o7dbrCk-aJzQVtc!-*|Jfh<Q%PMk1-
zN9hf7oQT_H(zY<%B!#3tGRzonLm#=Rx81~JCw|<i;IXJ7@)EeX#Dv4e8VH1B++Hmd
zwTfe9cqLpV4G+M&M2l*DA>y3+SQ-a=gEo9D^%LhZcuA7kJ}GKE)d@c-M^J>$oDzZ;
zl`zD5RSWBu!S^V}c645?WoC7Xu}WZ~tXVrcVb`G%KGL5lEkuh7j`hClhpRlM5FDhN
zYYWH0dx;Ig5}RD?hdl1g-bPHjYSr`~iBf4C?5JHSEL3ttyF%l+T9iq!$}beBr_Kd=
zO&8!MB--GHa9p}82=90bh;t|WZN7`rOUEhD(bviIt;qZ{?H#obsOA-&?B59zQ!^;K
zXgoL|r=tja8(z$Hlx}{~xm)b#7x!27SR9SbCeCs2$Klq944+3kYE0B8dPnV9!bDW`
zR?{>k{6wVNCEG;~$7yHaneKwSTIKOyR7Hb`2i%N8BJ)vT98^@T6qdG#_fMo*j!TJg
zjnYvvEVwno0k@J`c0wgQ*pPr10)(lroJ5eWHD}O&!C7oL{q+8gc6L@g(uJkJ;&HL`
zwXvE!!XnIEE<PIO_Uu<7F8ByrnFtp}Pfi%geQEK|^YEgw>RdNAVPv27DdBKvW{|U4
z2vgsKy8N>US3Hl;{#0`YWyAwCPI-lEDxB$uSw#u1bS4x)QP=<<3h4CL6|gT6RGl%6
zQDf_noS9G^?+Kr<?K*ot$jt;FtkRu-s1m93c#)GI4Z-q@XOHe?-J*1B`4hSbvT8pw
zFq*v4>B*n|cpG#MjYDma!=J2UINMj^0%@D+o92xKd)+Hs*TTFtB(Ye;C*39~JWx`Y
zbcb^yS_!H24Qunk{2{npfADeS42^_rTLt%IYGOCWou)w<&AHyi&8&t+5k8_du`R0o
z{B+&Aaci15vv^udN_2>~B6ENxZywadYT2|A2{XOf%azpcJ`Ro&wlm%2XSXS?q<UgB
z5O0YFv?ZmbZWp=Io3C{7X4!@jutj-SxT_MaiU4?H4LGa=p)nT5{aW^@3|1@w=ljdx
zx8fC=aaXZ;^qKIpBx|YPiZ$!{05pYtJfKLBSrk{@<QO0I--<t_Q*xvJvJ060R!o3t
z!gOBtq7OvI#f@sRITSVcLdMC|wjg1cr-sSGKv97boEsTCIXCF++VL>Gq07V=SmMBX
z)LR2f8b{!XmZ5S(b8MIZxppmc?KnN#r`C^8kVrar72un8?~|s`87_EA{Ga)^rU^M!
zQ`c2SlLzAGo1}WSScG^mftzPnn+-YY>|@*DKUHBZb^cMFyCm4`%;04CP3Sb6C@w5t
z&PrS@JY7y0x^x`P0Nwo5cu-A`Ix3OOYt5r4vOPg%kcX)E)hT+^5@n}~kE$DcAI^iX
zt2C!E(FN?2{?o0W+sDHfjVrX&)8*n~f*57!3^jlqyBMxP7d~9l9#1t%M~DxVajn-3
z(d29mZjq`u3->=h=KCrDT2Y;V=a?GK9)nMi>np{JdvgZVcLAns^h~5o$yIvQICex1
z$Jr;qIF`8`Wtl_Kb;~fO(UG!f;W+kRupC<=EN3PYPGpiz>>ELrpsys(=H9DS&r}Cp
z=DrfaIg`lxaYl%^OK8q0qH*A|GXo@h41LdDwirz$g1fW#`SlL3M__x|Y!c8(TM(7K
z%zvmX){$Tpw#Y&sT%R7O@JvP(#EOjy564x?J(cnsLej7^`vo@xgHVmXc;Q{9Z~)?6
z)(vaub9Z@NpK+I$BP-X)aF4f0CIck3Nz$YJ7ka)8{4a>8voI2CS?$q3yqyt5w8n*q
zHh6r)45P`sg{jsi@(UDlYxfZ6JdeYCj6UVlzJWPh=qbUwQsH<EnryaCXBlV(cMvd~
z%#QbQ+xR)g9`)c>&NglVL8hRcNhcZh<3VmCOLCe1yd*DQOSl2091NC-*p0`Tw8H~;
zhi1W767&5^n^o+04?#qx^Ro-?E(o5rB+W63%&RVS@@vVZPVV8K7J=&TDnzwAdpORN
zj4Nl*cl+9-JV)T#BOJ<3z2W6Cz$wA57~qs(D@w(ID5W}4NE+6I5m+vjN9-W?y+-(V
z(NT&*QqW<9zf9ja!oNTqFTt<)<jo4RLeSx<5@!i;Z(#@|e;94>8p04#%`P5)D{+19
zD2xe5#Dr%HWe?>i;lV-ZdgD-_<S@+*8oa=~lQ^6*)UUk2BF~V*_dFwcuBj}vuBr4+
zC=sqrz_pb}d(J6_UNA`bNzgMVDLVWkNAZE#B>^zCpztq>4;RPhE`G113qGlhC#q(S
zjmbh;5BOw3H`C{9&h+^J@5X3IS_eWWlX6s_s<<~%qgr#zyhj!ibkba!gH9Hey3on`
zvQdW<bkbA`FMuhaA8{=jcjtJ^;N^mq0<PSv#IT9x<LV-KU9J=)%0MMwU&EXKz)KXv
zt#E~Jy@TVt&r9}EhYz07T=e9!Vi#k49PpHCVz1j)xB|Bi(Qlm;u;8#b2T#`fB>zn=
zc+&3E?RFPDY4^i`xC@?)B=BTpH+a(E<KW5h0pSA$N_+)s>c_xPD`U{6{SS|Kp9hb2
zgD2l`@MJ!GsoaQ8S|TCNt%ez*q$j^a?_ofII2xWK#lSC|OZ263IqIQ=VNVT!<#l2H
zFO?0d@k=2y6>z*9zIb19;S1CqQT+38?mMN<DA(c7#iaV$)$GUBjmhlsYDmaL*;(Z|
z$W(ZwGM^)JWhsM8f=M;4vqr<&$5QafLA>XagHA3WTaWTPVWwV;!6<aHHc4lxnF)Q9
z$!xN|iVPE0<4+{BJhnsLP^!xtO7O++niZ>t;tF;na-<I6>UaWPK_~L^Dk9C0JCymW
zk1K_IY<5HMW-=2muc`w<t3fFwgVfMIhZB&pKNfO>fe!W{&Nn6-+7xa#G?QC2zfXu0
z0CQfEo;tGk!@@%be9#zxeF4hu*aCX6HxH_{maS0Dp|PmB$wm`GR@0|cB#iVJbToo4
zjfTQ7yU;$|9WjM9<&exJ#4L-h*D|eT;sGI6O0l7t*XD-}B?)$(sN0`6-ajYH6CM83
zi>!3ZHX3RQ>6LvJ;n(kBBogLhS`Sz0C}${qvub3z$xe3-%(Cb?&3K0OV*fO-q7HJ)
z4NijL;g@dci2LiAp?LmdY?jych_7tMgH~@Ibn7HE+rD-HK}R)?#qGkLW<LJ)w<0dV
zD6n>HjJ$o~b|=4~6cDAsXm~vY<CS7~IWiE$U>MGh)-F!-#Ml31;<?ybdlJ7iU?hs(
zAoSyb?Sb%Z0G<924Hz8dI;walN#mMEZnzU-aX*^(6dK>541^a$t5xUhq3mf%>4q$(
zsX@4kh4qC;j)<%2-n|l5@=nT#D}y6E8--tnikCK1_zho3e>`%raQR_)y?8$EhCVRi
z=2oZ2uVy}LmPQU&ZjnMmg2kEKK)dla3aE>3R&>#&SkZ<;({;mEdGNJzH_TV%hwUzW
zVHw*!dLDnGDBDOvpy1_V`M_xUClwS;FEls?a^(oLA*{j>|K1XOXLm&xuQrmD0cyOJ
z4$R4*z;7_dOgsp6bZtS;=VdPB80ry4pQ_}U6iE{&lCLK3Of;iyVht?{<LL)RVYO^L
z)J3|V<;_v8T9T9r_gyc79y?>1e|d2pC^6^Yc|xi#J**z``FbVF=Eh{EM5%&Bkuqp2
zUnx8>PBX^Z<TX@V4Kw;EH%okh+p&Q#Uk$^C(mLV!MmWAVkF_`2>FuQ<{3G!&9#S*M
z4TdWs891}NgGj!~YytWX3i^PqCU^N%wXC54T3wHUbCb<ThPw>w&}G=^aWN6{1Bp=O
zsnwn0YQL8GqEWZMXbh{k5j75ARhhyUjhay|;h{1PKYm`iUd?{d=zX2Z&rHZO<u24+
z{PCh_BPkclJUrgTt@*T(p?C0<$2-YF8z_5qP&qYNQuWrtVQ55V61@wJ?<BbOxGs;M
z@M<%;TlzTfC){0mj&NHaIBaPge|w|wexpXF7jbKD>!YQryOQe2yFbgHN1(OLcDV}(
zn^m-0SnB@+yCyjlr9z|b#$9I>bqH6_6i19B8K7Fdb#?(KK&JCFx<)IL#*y5|Tn97d
zXF@pVVB(*Q4g%FWgcq9JbWWa=+hb<E&;-NNPiq<cdyagEM^37YL!C<RbcLEdy9P%(
z%<*Ol+R~KB1#QvNr#wdMiId<j0he-jcv>@6T5Vp{SvriJtHN{W9S}%xMT9#LYIc2}
zX!6PsAN&7Kx$6-6WHoaDITgxKlmUOF+^taUt-Yk@iCiJWH^njm1la?o2S+r`Ne%Jb
z+}I!llAedlacdhnik5l2k2{KgQe^@LG^77?&3>{kX*V_V(bT9hVY<@l=L-4rlk*DM
z4Z>S7^J#ZUUlb*E95vkWo9*XQ?xac{MDXFNnVn8B{F*X2L(8)|(-5xYnB?tzsPc<b
zh!??|El;t3s;>OMiVj@HXi2xL$@#-27s(XY*NBfqTm{bJv!!koZYH;BxTGJ$r7ctN
z{;zQdcZYM2?yqr|MoFtGkc8vZ01l+w6*%Z3Pu9WNy=&0PlX1IqD2n<&4+_CQ;;u4q
z8T@@fOEmG}`FXTvWqi=4D7~`{Llmf2DK@@U*m5C^?5E>cZ4{m{G^^Uj4S*N%qL+Bu
z2or#tBZGNT%rge;JS+e&g*do5G~1NiAF76S9FX^lR~DM*4a4c+orFG&ne1B#<zb(i
zZMZ;cItn*iU_CA-90WmU;uTBqh%5QuE8ZZSlYp0pjprhNL=Yy&s)bnzaq^)2k{7N$
zFNf^Gt)*h<V^z(b+U&(;{)}-K>JfPK{5byc9^z2JRqkk3lmzn`wAS3M90(vL)dgt3
z8S>@QG?z>#UmiZigQCCAOkGb$X7pfDnZgx(vg{~dEgb0+2PTzCelig*h;1bHly2R4
z1F<j8Mq{%z#0Gk!#?n)JNN<KydXqGoa#C3^o?GQ>C_BVm<6HFPGwA;tBl}6{{g)_S
zVbTcCyg~9IF{0q?o=iwWiE<Bty5_W*xcP)IWCo!JIS2}mTR&dR@gtfiJ5U$wJWNdL
zToq7`FfRHkzUV2)^jv8z`?(0l^hxm5e&q`BYq2N4Hn++<7E_4D%7|z9K*iU!!&A&B
z(l2OL42|)n{)VT9GhcF+g|%}Kw=A?EPm$8iA;D@M+{VSOId2xiU&i}|v9p9b751s6
z+^Ga-28B9GNT;a4XOaA}Z<L5%x32-7@Q=o|zAlMc`VPhOI)hV#BXc1{ec>U;>*6jJ
zwLZJPYi6vPCpHa2WgsPt<l6CC<|zda2XY2MGpc{{)aH)`Rl>Q!@^j<!(pkbiqHskU
zyUNFB2AKw*m$s|st5K;}hR=*wqvD@0CQZP8)7Ze)o(wzPo_c*%P7RzYY?7+e4PEvl
z39S1CG!3j-=h8B#tUDu@1*<Ar`mg;+1+ZXVik~!F{Po%{%7c-g9Giu$eKh9<KObHq
zSk5YvCst7jE?-CxD+KU~UdpjD1*)py7q98Y8Crx3x^l5TWZ)IW+tII0Hd#(XlEWNc
z(M4C#0LfI-ZhH<|xSe(~6oAf>7i>Ax=s;PtzgPU`Kvd%#CN~<-%d&-2$0j5w={VyU
z&8JC*(_lEL-S@MnFTh_V`^(4%=x=4w!u{-wJS4P4YBVVOsKWY?XJNf9g^0}^A=Jl6
zi-ak(PvRKU84Ul}B<y7^Xkpp*UUt8mB2`bOtbz`#@dlm!9NJ2jb0xtEJ7?1@PFWmt
zAhwTb+|T(u6bP|0r_t$U<e6~34sMuBc($97c1h>6EkX+nT_n2L8v(Y{kHaNY1%-P9
z?8+eA9Gpy4z+&U(AP15D93&8_(X_7jk8`OxGs6EPJMGx8>oy<jCaA3l!Q3!Wa}t()
zkI1KDt6%P7=*%&R&|zFDbA}FOnP+x;x@}eB%}j+nLB}Mt!n9`wx^XO*orCVjK|of|
zcsYH`a^`iHqM*R`gTQ|gr;M2#*CTJ+W$Ii+!EZC!80a!<zw~t%qu3G4h2&e&Z*M43
z9;&hJ|7O6rj+h&K?<yj)Njhf)xnIFzPAw)Q7hQ^G0%k@>BVD2MgyKpysjP}!6KY0N
z#@;HC!$ve&%5zOEln<yFl8d0XSZ0HrOrh3W6>(Xk6f#Tw6ziGTn+x!DP_dO{+MPo%
zU+LeYbjbTS*uND=z#ALDvGFa+=tkQp4_D=3aW%ERSHj3_2Li?uM$@JQE;;4%2oZ~o
zKS1LN(=PVFHNnyN)%9#kAL#&y{Nr3Geo2gn;;jW$IpMcLb;i|5w~&!53n%xMKQC8a
zVxiqqani-e`IW7w<b17)JjJ+Lqfk5n8@QRs<KwDT2NGu&%j{9P(KMbe53?m8{Q)31
zXIFE8oJj@Vdl>wEfKCjmsY)<!1UKVCOi$4tBo{dI=Q<u6IbD`cqT&)k*LK>ugor^n
z{y*07+7dZrdn6vscFm*`h2k+}4mDaf*;OS<XSLbDClhzaLr(-89PjS%@~mPWUPf~&
z9~rhXn<O1FQFJv>LH^Z39T&h|Ip-u@OoxbwT&2kPC$7;_FNrvJ6ga1Mf3Euo|9HB*
z4({vivM&f|{cDiViZ&(hPLF9!HMn7wPJH}i`o)kR=ZqTx-lFuzxg&!f>=35()$Au?
zcvx1A=>ro+>h==lrBFl<x^)BY6ZZ7clmDsLrFH&-wy}f%XVmz}!TRM#4vq=cgM||Z
z%d>|FAwiimv@&(rU>-z1IqOfD6xLl{?PsN8)S5Yhk}D?<shM6iY6u~amySwQ&1|&f
z3!{|1!rUYlf)N)C$-#(c4QZTFb@k9OY)KK@$Gneb;q;gr6Q+U$KdP%#<9jD+j+K=<
z89wB5RiFEY6@dHjg}q@VRO1V=(Kb(y={$#hx6&0Q{-=kc#L~t>cu6W0Cke1i>P>|;
zzGp$WK*D)e)JU@9dzOH6C0eI8Jmd5i`t;Q@yJYx?$?OhKWVa%%XK-muh3)=}n{iOA
zODgLirG%t=6n*_Y%IQ=f0q#*MctYIO$`T)-Ig8$r_4Pz{PCp0~mPuYOWJVRhdx;fV
z>P|&$b|^89Qg5>RgHU4|mpTyk%5aB&JiAW7k3obmTseX-sP_^ZN*wfA9}7}God07+
zYjv-p1|Q_Pa4-9-g^s?WdML*pC>?G)(CodRz<aN1-Yn_qiNixUfAf@!M{tGB2wTGC
z<!rx?i`E(890z<x_$t`s?}v-)TDC!Augjd=@MDsNcsfCamV++X@-TZ!Adq4b%0$!t
zPUF;>V^Ju*Rk1=dugYlYV*<p6QLP6(Y!Op5Q5vDZrQun5>f_vCEu|WubC|l$%c1^D
z@!n5@&fz%iUH+_>JuR^x1<sl{gJT6Yn#)#Q30JEWeQXSFfF~qQY-|j+!dB@~;ix7p
z)8@rZukc<NZY$~op@OaOS*#ilmBE|p3MbuU95Inckj<i*QDb_ove^?_<1&}l_-TE^
zcXci>xZShfF`K&KqT~Er=WO@zV4{_ELNHr#?ZZ7s<va)B3|q@yQFQ=SiHr@?e#y#9
zNa3~VIVwOd3FpS?a7<C0*WS4%)*iJ_OX2&cmp>e>l&k`I?Drqz^R8xPnBl2O&E)88
z8n;)mzpFK75=G^J5?;y6cYg#o6DXdf4XruYcO%*JMqeMt3XFG4LkCw`Fda8S#qC6w
z@10`>93s@s)KZ)Jaa-|nbOp-MW!z`N4mF^e{YHg*q+pa6ji$d4Ux>Vbo%8kV^-(|m
z$;E@rPe$w3eildfUWVe54xTBPozf5Yy@H#HL&}u60Y8-1s%C0n)bh^bSr}ANVds3&
zogZksa7`*aIGp{5{<c$ia<-P7s&Sz?$KM}CqN_^J$L-Pm3t+#wR<la`ipL#~tJW*L
zXo&kVP~TV>X$iA4%GlW<Xu%<v*?$QLnkjrPh+q16VVd`FW<OZOgBgd2;c+<U&5}5;
zn6SJr%#;Vhw?T?y@REMu57^LYjb;mFY0hdmR4#;(z5pa;UexE&GL=o}>)l@q#}zb=
zplX3%o(Qr$8g47uAT-yD8VU~$_fS0TVkg2aQUNquYgOz1x`bi89{`^(Bb_0^b!8Gf
zE&+V#83tcSKKMCY3rA+_;ota>FBDMqg#w=Us-aBUtIY5<(3`K-%zyUPvQtI)!ZRAa
z@vm&AAk?>72$)xld_&eJ6rwX86=&dIP2s&l7_~SK0*>{5WxZ<swU{Vh`;{x{d-k^-
z_pA6{)O<~VHxzFR+Kr}lSr}M(2m82?Ptu<>j)xFh^`IvXw-=&vs$4D1_J}<aPNt!x
zidPfRZC@5cnNr44t#nNX8@0$S?4yh{@P*eF$kVI3Q7saYrw#5|y#OG{4Vf2IUb=v+
zcRTq)Z$4isOz~c5Wiy3skKL%WprvOv<?0rE6OrKgzzhmhycep2XQOVQ;>MT_gAVN*
zx0*hy6@NS*kCpc<S0L;u6{il!G4(d`ih0H@az2Pnfk$*tYbY)`l<E~pA=noffX0<O
zA@$(Hai>WLz-xyG*oZQ;pY}?qphJ3)^ON)-x2i0wJOsCR%1}$gr6mP$ZG3I9joS7#
zRBWXpOs{ZxRJWBZ=~2-~hU3Dk@UD*wi#>HF9&I7S$4-u{Lj_p?X9jKP7avVLDr-bF
zZoYtuv3HjyYz?Cc(HhpRvAz5`J-9-GAutQ|;3&;H@hF%)eLPHvQ-Pqup85}#YR5@m
z`0-B#FuB(XEpui+@$De|-R~7%KV7qj6f18i@RVQZZ8RJs!&g_#fXy`wm7WzdmgulQ
zn7~O(-`pS^Unq7Zg8Ppzq=$If-<1XaR9S+3>W$iuZt6m8_f23qA-r{@xI5A<gP($y
zE@IZ|v7q_taPu#DL-i+DtnZdug%dW2%_qCOVM1|wwX06$QBYA8RIPV=N6k+skgIN?
z6_7{#f?dqvO;_^C*jrmIj5!;>a;<9Z5|ef^``a=3tb|zRUP`fXJ(RQ}Jh#A8?*|r~
zL5smelec78m#;J2ArR*0Y69%YLM5a3qd=oDV?Ivi@p%0en%&3HO?#lf(Q5kCHvraE
zxQUQIGZ-4LWxag59rLH*fmjDs^)t-rRC2>BYzu{BeiSUlJ)t`^NNw}ZL-NHph@Y~p
zD3o(m9$_=Luuo~LOqvse1!V;=zSmmKsi+XgTn!)MggLD&5nAsrw$Z$cq5%C%(GsW&
zC)wvhqm}F<>o_yZV2EtPT@|C*(PF|%{~X2b7ufe~sBLD}gnLQfGk7vu0B^=th{xV3
zeiEQ+X6%L{c1<<(*L<p7eqNLoMyV|OA1H!)-#`f9DwAbX*q4I#vt50CP04!I*_ZOZ
z&fwv&3+Fr)#G@3xi`s9G(&vu4w^TxZgbJHo(`&8jd^0O*99Ipm;*@!28?3LI2473V
z*tS9N_6P~eLv_Nm0pcLW>%t1&YuPm#+v`E$>SaFwTTBIXI0Phkxi~uUey-pJ?|RJ+
z+Tm9!z=`ms_hwm(YM-2dwrevmwzypYd_aT0OYIvZ=0XASewuSlZ<<vC9?Z?EJtQ~%
zBsZ-wt#Np!LdLH}C$1V$wX~HY%)c;i-0G|r1WS;9Vc!Y|@n3c``5PvpWP6)20%dGY
zHppa9d%ev#W8rod$`Nbk(T>DXf>#8%g%yeS3lmWkJJwX%EsGZ3!h$AMf4)eva2}WX
zS972z)x^2|lzGBI17h6&iQ*2Su|lyuRuGCL;bxItD8bdzWTGh*8&|t!cCL~t(atBg
z+)D0asU8r55=;Mq3Ny&#Qeg%W3Aeh@wtomzMf-1({tp7owopOK>jWIR44A>30plCx
z3AIW~cx5ZY-ayeS?`#L}+Ol7iICIxl22SDt)pQxo^hmg0C2p05qlQjS6L94iZWWsi
zp1zA69@*RANl2$lp!sLzb;4{kWNg#;D=n3sJgF<=ql97I?os;<)xsqG!<X@G?(`Vv
zn@I{|n(5C&Ug0YczJ&p1N()8=UPkS5MMGsgFkkwC7+OOuGxfF9i=q}T26T-Fev)Lz
zAu|>3Q26kM!XfU;ukn*BpRiMVL^N6rDgm)3-GujLrW~AqIB<kpJ8I~_z+^6$kka-n
z^CW)?zqg9b4tCQDX1fBD%1k)BM7(|(m5tuHIEf-GmE9x-xWSw18#o{hqA`h1@^dwY
z(X*f^0hczf!nU)<AONRCIVc29D=S{esYDdRK0CUSLsZTw9*STKS9(IPhj@nQ!=YxM
z7=&BZ+GeLI>3l6^@#GHGK0C@bhY#QmeajWJ4bOQv0;4)-N8u>cEPv-ogpW|NUfQyQ
zDT-U?=|V4tT)NP5sgt7WH;3Q|kGICOR;j$+Yc4Z%D893sBM))3%PJv5lmlv3a#~c`
z%X;|V6zIFC0yh%{ZF{Qzr~m!;D*f`mSH*-!tAt;xWV4X`@AqpeQ#Vy||ND+ge>~On
z3(7@Nji=L}s^ootP>tUAYt`g^*Y!v5``NfG){>z>ZugJXIk&s82Ho!ZTJCn27kU3(
zNp82mD@w#+O|=YnE0oW~O$h011r3aI=&9`NH(@j%MtAwy=jQ$Fgl!KB=RNIj(16+{
zk;SXeU0WR>ciUGLhPBlR)p<{bo-X&gL|-*ErZ{TcSw%i~qtmoo5y|JiPU1edutOJD
z7sJcaXzp$cw<OTwP|@Nj=N88&5+|$!$YF>S)T(x+)M%StZ*RD$j$H1Q>`n!p@Zbns
z?AEQlbH<0TUm;H_?{z<puhKtwsMTQI;g3UkF&c}B^_f&t^1nOY_>t7Dm;F`T;eIdC
zL4{;(<4nMPFMCm9<7feK42n}iH12WZw6WLqhJA_~+no_!6YB<{cKHv=FiN7?nAQ3d
z$)kfEMK(cDILQ><^y{8hu<nfU>$trYMumw7vH(iL{n1n?fG_nGTIwVd3j2ogHM*vI
zRH{+P{;GJN54aX@tqV%qsl6I{YzBO%cF+&~i>efQ4=QU}hkw!SPLEqcmDa&2$xtpi
z=n=T8s0JqH(&UK&n7*`$OFw5{pbOR19X(hL^HgHptWb@O-bOP!B<Sx*QH=vLb99Aw
z@Ni;rq+AvUJ1Z8vNrBy*(4DaCf7HMZr7XwV*&xV+$U@A9^Wl6djh7?sOfDln2TZXa
zP&2jV2{RMaDHlvlImNhhRKOK^7EbAdGN@nCHEX}X0S$sAmPJ=ZQ(uhiuCrVgJ~$VQ
z=-wv|<3`@HX#125)tYl-F^!h9qgKt)sdzG%WnZA=Z9MjDgq=VT;+5=*2;)&0j*Sb;
z$MlTFch|#VMVcM%)$N|2<KY2$JnWnr?h4TnlAUfcjN{Z0#d4*GeDJAH?aBkIiPf&=
z*}}GSOhkvj1Sq6SoGc0<^=bZZcy^;@UYd04Q@%%LW8N@)6zxR&#Za36Wk(;FrY87A
z*rMPBG(u9V3AglHtEI1~)Y7ko;9-xKJp+ugEgO!27nEUaxCSp)4i-uo+?hm^T)&ze
z*J`6-S_y0m5-ngDyHMrO_rjvy@MN$Itg;oFdF*&`-2mt(%UXK<1TDLmDf?Nd9XJQ8
z9Zmgr&??_h#Hl~mPJ%bXqw#C&RXjIxT?6#>@u{-i<#*vH=}6ewF9YQT?P_+N9ku3?
znNJK^Yk|Q{vpdG;O|zTAT_qGM`aaEWRJyg|IPDJ;<DH>mlf$7GU88~SKpmIkU|W8c
z?fr-17g}ar4Ikg_MXT5>Z^TVZCOwHd$@WxrRb;2YaVA#Ed0(dWmsaS`C}<&+%pyGc
zb({^CmaG)$B~_?|$Bj2oG3WH<%aJYg{&Z*VC>>70ss4Vf15Xu;7jk8JN{*g0#UI9t
z)UxYJ8|~EFlFl)h=X>kP=R85(_`92;!C7ASOC2qQwkI#~1o40?6twU_)N-p;v#o*X
zUyJ>D`q#~oIl@<i*!|qwh4=bI;_0T{y0~l!Uzw4-qI|E9W^IQqKmS>s%Q!mhB;5q<
zUHFvemad#lU}7@+uV#2R;8jgyG9HAyN%KlEdQXMcP(0<kKpGx&%Vb!m5PMmH@%X4$
zdiXF9i}@cR&SED1z*&Ppl1JnDD_bacEi1`!A}z0qsd((-Mk9Ulp;-{a?UY1E6*HDr
zqmfabCn)=%3{R`m%>_Z1B1iG8a}ADNE#Rfd9}&#{dU^`Vrd|Fra1t8|t*89TgfM*4
zoz^$c&wQ6juwY<9OFz?~ryGmNB3lh>qyhN+QLsI<_N!rvGzt9v6>4UdshgMf4#7e^
z!H)`bmI)NL`YFWqlw~{>fdQze!lyHTP&w2S`6)!N>8B7c=5h16acQ^$yBZ3htaWWX
zgVu#+tSO|#t*BjtZ@Zze2a*pfk68jEpv!QmMOWoDG90q5;efI`%oCyEM6|D7Qw|Z9
zPldNUaSqj&hHd<f(cE@0KjA37bT{#HrJU_RNIe>!Y^wlslj!mLtMN!pm*r5_+86K7
zs)ai|Xf|hDr2a`J`M;Wmh69?-XqCUF)(II~+}{DW#1d#U6u_d?fsjQ{10p5XGXI!_
z?G(hg&$lR503VmF6sAvx#WMpaBgu$3QqCC>=t_`J`jlUWG4dE{3G#TzoA45rL8ioA
ztKw3zkE0ob3)X9yvR2|5l(lYC)2|(#urpDL#J*8zZ<pZKuote=!~-aXurf?+le>sc
z25%|>|7{*Fw}L8LDtXs?Kq+n%UY;)Mhjif;OA0!L+R5z9Aa^ZKZ4u9j!!o7I4tXfY
zD@gu*!n5oOFPstXi)$&GmsT(}ObJFCg};s$T_L3#%6KYmAjIq;H8}|d6I#=7XN)6m
zB%8pMdbxU`!o<<AM;{OCDpm@ou7cMSA-E+X=G!prP=|r)_u*%)n$~7@;S-I9eMfZ!
z2G{qb6V<_S^)<P4q7Gr<h2kMmViXmphbVA7Clp;wt`y9Ptx&C7WH@<kP|YZF6PEdT
z4SW^yaUv+CBF~A9Bu$VU3hzfKdG#(WGqXrswYCS@cZ~}x;j-efPy5$FT@`h<sf&ew
z-Y8VBV+$&|0l|O6susxC4TagHx!yWKUpoK#JLyLvGr6Qfhe^%Y#T2(ZL(%z5PNNuo
zPA4=z>bx+hOVzJ{+`C4tckz{ZDV|nZcxq2gEU9Lm-l3y3e^%J0c1ORTjdZ<r8od%F
zDZD<0?Io)3PGRdH@jusaD#!~Bn%QnD2N%_QBH$L)qf#sbD-LMzARMmh*^3X=^R@M~
z>`h5={VJX=md&S&<xL5ysh1gQi!(aNKPEFm%_?)FW*e~}6mq6f*XOf;@)qRjHmr)c
zCIc%H8;;`AkSN}J*;cYAcA|91S&?+YB~(8}X-qeq7U@f4PRFJULvxat6+47`%f<H!
ziA;f8;Enak$H|4~YJjdpktNC>v(K6>9%b>cPxh7BXh~ilQ0`QE7T}^d`BOY&9sP&x
zi^f6Afb|-lo5LW_4jvFC|ClGN>(1=<I91((B}Dj|8N`{fKFe3%=o|Fpj`A?u9?XTd
z+g-qAnt!iQZ0r>{7V@r8`H0bEWXbljGS<67uV~@B|D`z1n!obmG+znAZ-Vq!UYzD4
zQQjqri$%CjWb6Z8l*Y1*4+Pxj7{DoF4~XX!u?ylkNi0I0JBi%x>{Qz2c)PymGS=ch
zOuE)+G6^xlyE%+X2bTxO3Ux-7iX}_JGKo!>VWB)Zmv&~7qikFII2Dmci#X*N4?3xb
zgEZ|oaty)VB!&Lq)5o)!*F9A7DcZk8`9IK{BOun&py<zE#4Fx3Djdv7E0L!ek2si`
z7#fZf&93*MQBwuq`tun~e`0WwBH@85@f4-mX>gJoJgIyo;?l@o#_1)LpnZzsot<<V
z>?GCnp=jegv<F@YHi&!KM6<z3o1Y3C=YNi8Ds(gwIVb{3cR6pcgD#bWs4*7KSn_&|
z9SW1~55ZY5i^D$a{M-;iYi+Y1)_SU>@0dQfRtpdZ9*v=D!i${iML5D!Ce`~3+DiU+
ziQ{Tbzr0$D2`N<=sL6K&p#pkAWvbp!sDN745QW+T#$JsO@M~rI``{|cI|&UKJF~<~
z5J8-(9~bcI$H$f?s%Ac?$s-Dak0>cK*@TLHZjguQQ~65BM@AcGRGnBbhOP4B^6;+m
zgA9%0=K{L?-^d)?y;`AAeS5L_5DG0(5`H8Q(KMWkeaf#AC?XLP$3PQL4_ku<z^TH!
zEap_pBzSK1z*V_Q$!~dP3ik`m_|hF2dc)D4ko1-Z4Imr8!bAF35~1NyslX`>!($%G
z;eneyT|xcRJsf4&t;BKn2z~u-WzFJb6Xk!Y1tC1FOS>6-DoJp+vczYKU}&{-c(qJt
z76A$d6v#Fn?4z3?f-peBV|2q5)|f%bfKIl_nHAwU_}(A{3JdfPYYHsfFbvaa3KX!f
ziy`Kfo0CmR>$wt&<O{+P1$m$$Dvn_ZZ!lg+1_I7mJGDR9U1sSCN-XmVzgEWxbhs<r
zP3P(n?cb}^;N*68^y2DiMwkkRSeKR)lBXxv1P`dGq!l((@J-Kb?_HGx999c&6^U+~
zAHV1<qS8ort43d+^rVWL(k8=Y<YmvR4sMc!I-xiX8jS8e1OBNVBE2E#sR_WL20aPE
z{-{2pIqfq*yo^bg)Ih#I-<SHy!h5tXO`DhKlW>pH$H@?QITvpGnZW~*TDDnEI*xNn
zA(zxtPWORG#|ZLn4k1rd67~^GhV_WN^%;)q#JQ@J$9tbm@RmGu;{8%C@b;j9>-DOl
zYR)sp6CB;obqvMd?h7@e>PQNE84wOZSwqXBD~0l)mi~7IsgW6E;bl)zgF}MCoynYq
zw>#2;ryWXdg=}+&qIYEt8SOE$>6S$=qwE34x<`aFaT>j%x2u*`k+74y!`zcZw_|=E
z<x(|tGm6lPJlBZ`b<22$ik5mP#tjET8w|aK9l#i;&PBOMDJvoiqR~ljl6I}(v^_iN
zJWAc3T%0lMR>RojlCxa868a~EBCS%BlVaW8>Wym7TcxOA(n(X@_}(6>$lE>=FPw4#
z2;phJ_=jW>iWPNr{OZA}+k}5{tXGwuNCc5QtOnCLjdMwOWw(R4<u$RIwJ3IM1GPq(
z!>7UM=vkWaTyH%^P{S>f%a6)o5xVoXM1>YNlDsreqfvIt)8z7vRQuw=Xg{RjfztN4
z(eywmnf5gNBRHn<$WVM|dN3hvQQ%bcaW)QEJI5f>s(GOo-2z#B24Hi;H2BstkiDR=
z(|UOa+wcMz&9Sm-s&9QuzXEvHzY-cm&8L>Ypdu<MI!sOe6v5BIu&}6xKY~@ZVkDs~
z@6|y+nKRXGV=;qv@Nr^ZJG8KfObt@d3)oP^TP-Z9b)#5TSy#KK99B_Y;KEwFJ+Qr~
znm9M9Bz|v8*dWY;`e9Mr;Wgf4fY_8))-_Md3;2)GTzftjsMMLBUI!`s-YV5-Q@iIw
zdBH}uSd6CbDCB%%0xREY;#1(9;o?mb4nXn=`Ey>K76)5%Yql2qx^h%D(^pgX@T=5V
zrpuy>W!;JeU00Y*3`slH5bkp9-8NyHRqHqv=Z|ZD9;dDxfzsJ*4j(jmw&1j)$VFy*
zf0P*ptSD+%O=TMABG6dhBDtQ#*&*gz5y3ZF%LbP>Iu5}XZpi|)*0v=Y&2&wzpQ*hh
z$x+&r{1g&y8VAd&$wX~uv&JUO^n-Ce%SeFSFI~*5KW<TOoMTd2m-%vEPH@k2G~N0I
zbzsG6;L5p0`ntQvSh{oN+@#REm(Vd<x4iLy_@hV5{^(I&^F%UX%b`wvo=n(t!NS7S
z1q;1H<_Q;`s3yP2!U-*ty({NJWyv7n`NK3L?Sa4g%i#67x#IqVC&R>fBK&2tUr(jP
z3ixVVtVf#f(I<4J`M!62IWOp+y2E#Yojfqjclfbxns4+3uhw3c+9bk}htK5I{MixR
z)%@p-ws50HoF0IkUfGwg<{!CH*3-F4{_mCXO8&mK5N=jO{rDO<MJ|E<N7><b(8iLB
z{zozYXxub@l!w~s6xH)j|Cf6HRd@$fwk%lWjhp5TaritG9#25i4?gKSCNC(5_k6q@
zz8b6{npyvnIJC(n`g`yDR-ubu2`l9Z(pe0i^|=MhCKt%?Qlee88w+)7azQ{fdpF?$
zU@HnyG<)9j2F~zOnAKb|5*8HToJ(-@*|wgmf|=nm>1+)i>R$jK`)tTg>leD-t6QaF
zEb8n=?{;=AYo&N`5R~vt_BSo~T7NW<7IH4*orN936Qi}vN)@WmTgOAeXM94b3}<SS
zp$=`MGH+5dA1uO&`naKU;?c*AYgO~9I^C2-;B|8dv53k`@D~iWW_Z+DrNAt20?#Xe
z&+1pG>2W^vUQ9U@vu2;Bm|Ex>FFQsig_CQ^ROEyH1x@6t&N-Gxt3Rt>ubG=p6Avi4
ze?)-9&f{tq*&<lLOQkrkjP2qXmW4XumEIt%ERk5in_88(J@O^@U-Db{_ucGOG4f*=
zC5*f_Dx5}v4*8%!hk#ev<nPVv@4wP}g=Q|yiqHZZf(jmDdF)__ez7nxEuw}eSF<hL
zX`)%TXANZ#i6tfB4W2F&Ay`x+{9e+SYG_juyzu__%!YHde#9F4n#t@kt-yZGfL{u$
z1NV9WWs7)$AfMF%_naxSqy52*2G4tvdgkRrtKevKlG6>V*v~cI-=pyAAe{ql7vhiX
z3%HfT&y`?4-uHu%6>4T@dDLz^7A{AbdBY$rIk8@OEELjQMvoS3VLK!|ZzyTxo622L
z|6pW&+-kbIPd6K|)r|usgRYx7k2n5|Iv*Vgw%@?>sWi(Er;EoFa3}NlQ^n#la^%3?
z$%bn^@L1cOansU?SCKu}c~Z4v69|Qvs%)bKaL4*?9ES*gNyEHp0d~3!?;ZlG6`6p$
z57DgXdpMWK9|cya))lIk_XWMI(K2VR%Mvd-mKrshClMLL#DNOo4>aUY1X|#g5QEnX
zld5&kgoK@1n8fcrAq;iGBM*~K3BdIMm%(y<AW23-W@o6&NO-+)g=&4-Ut;}8$PY$E
znL`;~FWjP8Hw+SQ8_YGT9F^h20vj$`*;lpx)Dkr}Tms#dU)`a9y|7lbe!oa}M*NAo
zbe=6dP_JfZg?rHMAHksk3R&DQp#U(Cjao}NSRvdtf!*Sz=4(XF-=dIRah4dar)Y<2
z`Bt;Xh|9HGxAun~Qd7ryb=!N5G7OCyd;O5eEs;<xMyv<e&--b?e1BY;6NJwjwii1t
zUrQ_%wd|Xd@KCMT%EUFITg<-_;LhMM)!gBOr}{LZOT|%CB5}PIU8UL=hNQ7F$lfX`
z=z}jxgU}HS!#$N`1H!k5B{+(@9lfIw2|`f|oWrlf&F2r`aSegK)S3`IdS^D=;R%S#
zO5i$lloxtjfOH7dvO5CsKxKmWvRQ5tI$A{GRp~Mh1Pdk3X+DfVUwpTp2BOYy*TAHL
zGO~ppsJ=Ryy;EV^s(Gi6x5I3Iv0}=wKPU*LlbMT+3N!0Go0Bj`9tgiD82nt46kqXa
zsa)av2ddY{?WUczn(@1kr+T@e)*e)^m;E(pKsn=Ab_t*BD%!QwndNaKyEWuix_-Wa
z;(5aBGsGS;C>N<Af-HJJ?79keKux(uVbLr-v)m+~=ImJVoUBWWRTVZ$J<#SIN|Eor
z-E9QF_CigNQU~a(R4>cP{CaeXx3d^^m-s4`+VZlmF9{9u99Sxwkhff+d#cfNc?sD(
zjmgaDIycq&f$A0XI!=Po6#>oue294N0wwLXA2~YGOy=@&YOQL2GhBBf$ERUcjF%3u
z>LUk)?eb9DQ@4o6wZf_h=X6n2$UKfOg;f!EDLhb(R<T<n_Wkq<Htb^EUOhW-s!cGr
zZT5{uTK&S?r-&R!t($1u#+-U6X7L=r@{r&yX2nJ^<4{%+tGu0-138e6nLS2;B5LPV
z#QqO#=Oo{4UG2O!#@u#ZLzpmuNri4ZudhToDv8gCuwNu56FS*RbivY@-*Kh6FxP7$
zr@HuF6FI>3wg4}QJku#<M|rE{XyGo_)spKvmTSrNCl*{F_%37qKXJ&5cb&1#a~Y-H
zF0ly`u#+#zIXV;d3d_pEixRtAhR5Z}Zob%LB50E)jc4pz#DlV-<dH-{`2(A&#Vzau
zRN#rkarS$bLxS5^^QyX578N61-!>=ZJvlq)&`<EW&5_fJg%i%UUEFOIEB19;@v%Uc
zSGQPfbW$bCu8~C5S}0MW!!>rUrFq34inzx!#(p7RKPr#yZ<5X-o|con)0c9k|61PZ
zrN*%a@*dEIPS*uAhu2Mf0@j4MAy1J&Cv~S!htHr)fBuM&g&S3&ue>e?%QE%}oZwC~
zZJ;+_PvF+TK<J}};n!#t8=z83y_4B0<zTx3YTq?Z6K5q^|5Er&&L{^M`jmv+rsT^}
zSmuj?F43Q}?aBRnF~qA3pjO+<06r;TIhj8(pQmT6wURtSZa-2;^|Wy?%{01H=rith
zqqS6E;wFU`nBXPCsFcX{eu_hGD6w8=u(3j?y0p{^f@bFi1^>dkcchXHh453zpo;EP
zGzA?ur#zT<+-&<yf6uD!xnd%OR65BVF@G5<2B)Vdzbv|u)38!Tck4HDj_qH{IWB;X
zl5L$X9~f&UVAiqTkMNqbHD*`3@Mii$%68Msalrcz$ny|-N<(xGkB!CQk}5aZ*lo*m
z6&`l#$~j{NJwHBG{>bIhvwvxD=_)i)N|enMh)r$nkETHxO%)2|5>#nfN!RQ9MRUEr
z+l$?)aeFZ_R`8)x$xF(*P@~rhQ4->iuL|+t^<M)nXi%gwpC=04Rc+hV)VTf$E0?p`
zGqWmRaFZalLmMDpt&SYNElN!;v#MRq)aZ?NdQqugO`YqF+P7EdXxphS+IFL3Ue(*p
ztn%6a6T>aA^~($FnDB-v^ta{1O~P;?RhjzL<jk&xMo^d-)6?hrDX}WyIF*cmTh*zV
zUL`pM+#WS3Q8ja|E#FjnP-azcCkNY(avEn;%}kA9Z}?IEz~x30S{G9w>9z5*pZGd@
zN?ut_*U1Sdb6<iw5EGuNi@iB*>jxtMKjPf|+7I8CC)oF_F=ZcHl7i20{-uW0Np1tP
zb_T3$BTl=)uw1g?>)w6E^DHg3ONLXWT>cbJfnu~$wk%FjU?FvnGM<QBYYyg(`)=}3
z-V`j=YKT7m$)Ex_u6BiHydBh1S9{68Ak5Tx8<dYck*EB^v|gl`wks}!>jj7Mrl@Cv
z^UEQwaeZ9vdM(vf=Q)_ewcMYFQ<wXzh24^7?Ga%}p+T8bG_%jt0&uQhMr)!lUnY1t
z%827?lkrp&6<Rqo!WZJg;2Pn_KCF+VoW)rh3xk`QQ#dPUSJ2w&u<&6I4N~2{5h&yA
zk0aj3(LEp(ijvHza~o%T=?en^CY!scTa$aOaNFToj++S7ReUoB1KC+o_D_$O_nFn_
z{%vf6?9fzp6#gv%50uD6;o|A7SGbEIkDt2TX6?pI!}O$EnXxf0Ht_(Qa7bVAfifuc
zceS)(jd8S-bvO&HlAWHFg0F^hrv)(uS4P|@+fL7D*d3{XvnLnn>z;~PxM2)8nk?gi
z@nXq%_!0e+N>Ti@NcmBUOb-g{hKp`}_*F+2rdJ*9?LS30ZHAhBOa)=WWbcB>-hV3K
z2b0#mV{NI#?J{_5at`Wf>IH+Rh;VZ+AI|b#_}Lq#i22rqqo#Ku9nVdxm~oLPy(hM(
z4nR2?rn)G{@6){hnN^nFB*L-9Gba(sk@>l>8|HX^P#4Vcpe*@&!W@|#%(1M{g*i3^
zaI>23Hs!3YppJ#mr~3Z^brh(n0m@J(YZ20s`9F}3P?1+nzcN(1_ZXNaN}BlvtF&CO
z<M+Zm*zuHF%SI?srz#0;@+bm3PSs5p?V#3wD5ReCZRdE$Hhh!G_)1<q&ABQDf0mV)
z@lICx$QSxSR#TH_5$f@qH}EHpdJLI868-`VP7M=_!TF-hT}{dOdM#bo;(DsV8@$3>
z3|fKv@*Tb|OZ|aB&2XzBWt0qusopZED3;;+iVoE|b()_3b%KvolqT%#(Xk%wA82_U
zS;+H*$c#?bX>Oa4>nm0ZfA)w+40pAhY>+ys?;=N{k{WV+SK|>}cXpZ}g#-0eW2)ix
zV4|xgMovx9BDH&abe<G+O4$m0)5(OD3ixo1mGcrdr<7eh6ittT3o<aJS35h!)~#1l
zApwr2%!#~#JzA?}^>Y#_=Ti}Ni`%ml6;RswE)d8&o9KwTN#6KfTv#D?WjSl3jNPhk
zKI9gqA83O@aKWGrYUXk!YG<0@az$nzdSH4}MQCo2i9X2<%E8%{GuihlJGvaVn%L(;
z)VXjJc)VrOdwvw@1w6;%f<csH5p|wC0XHedLQh>^8K(pbHlP6RDq5kMGs|^*bf18h
z{-+&&xgJVop_(vA%B~P5YIx4&Y<gM3F<&hPS$6Yr?kd_KjGsY;ksV)^G$?=vcnhl3
z-&1jEw*(J)3gGX9)~e}&sKtXp@c9xHY%51Yejm#AV+!Hta2*^zpazaFkYQ$FyP9nt
zsoNhJco&}z(lV79<r4`$^a$0QkV*aFjSz#+&|3^jTCzBdhg{z5%)(XdRUaV}Hw<#~
z94|l{sDd*qQb(PT&$SWu97EY-*M$|~khtn>r-}l(tngiWYT_^|pL~f>70iWNrYQlx
z6{Oib!B0$<k%VI3cnU?dqzQgdf(3XlD}_T1E%R?)^E-yO&GQB(7Yt-xjomJIy;`nQ
zJnQ9)rp7GlGES&rd|+%}Ej?is;R(W%gK#2I?tnKa`EQYWCgSM!;}yi0IGgO(%%tJG
z=t-O67Jz?|3W0OzLd%RfMqIZH@-+j{O3_WUVBzN2O5y4X@zk>klpczH++B6Rs<o)y
z!)T@Qck9lE31_%A>&>zCT4q*%3S@m28JXwLeio^w>b9x2LUjJfT<sA0tP<y(P0x;U
z!9MYfNbhu0k4P5P3Pl6Zxz3j}Q&$UZgDKir7Os-crVF+TL*rug1-TJg9Ji8|KWaa=
zfb7J<DD~0ZVMT0}zq@o%qho(jtMk<TchnUlGfkHB=?0vSGK^OmU}SJ0oTO0Q%{n+m
zso}Y%FP$OYJB(-^jp?S5K~dV`fnU^Fcwn^fXn*+orZiMShv4la{<)gJyw7vGakiiN
znyCd`A2b0{Pb=v>!`XToe_=|H`v@d;?w4GL`4@GCYF#lg;Uo(y$VY%X(Gq#WFH}1;
zf1k*;Kxhspsgt4j<v6$}XyEQD_JQC%If#!l5;l3l_?cicgVEIA()_hFhdWgBhF<K+
zN*;PSd6JgdJV5z9(q%Zb<hd7QN~b1P>(Z4TIJvF>{yD}5r=EJ$s@b_S8y%xmjKJab
z6`^B=;!KXLcOLH@xfR~=yB6S|{M0ZKrG<2A0@gIX!1jvK)JZy8hz9IdR$J%-)yQb&
ziGm0(O0s`yoEAuFVM~|2=dJ3iW~P@!?O*$HgKxiCX}dhUkTwhM#>v(Q2K&cSJtY^`
zar#|-;~z5y3Cx~8Ku^^>Z);Y)BmU<MGWTNX>}a(0IMWV&F?{@=JsM0bZl?ITFyj~|
z2H|0)OxhoW-u(*T^!Ns$-l18%9Y(@Pjq9WBP_3GmPi2Gqap=g~hw|e)gye-<_DtXq
z>P4$WV{lKOD~}tUa-q0pVb0K7t=j(HIZ3fi3E+`sRKO(lZfjoLRGSUfFzzaqhIww^
zxf`jn(vf$$xqW7XQ*q`2$*P;AEqFBb$R%C*sZ?zJCsSN^+X438^8pU~9MY>+%@hud
zrlySU>U#E_+OA~-y~Wnc`Bc6(>iRq#d`erw;6_*wOXpk~J9=&pqSeL1x(zss-)_z}
z8OFq0LyeiHD<f|F>Zynuzaq=-P9=9&hWN1qKTBRpqHy|dQNrO|7gMUNM8v7jB0LB3
zr-{6r8rcgMMNgk-Qigv!VK$CwoP&k}tCFr@`rN}<AcrB%L%S!Jes-<^qgWB4JQ>1}
zQkl$DI#L$xKkENz3E%gCmhgwT7}5uVu!>0|T@0y0g5i>QH5#TC4>Avz6jsP)Sj2{T
ziTT%xtWKc1J1>gDT#+3n!BNs=N)|0Pj&c*$rb=#8tl4rmTjK=6QyBYQpyE4J0g|AK
zRC>3h|KBa({cb@L^bpBbQG`=GtjKdf_EnCwHP_?am2Uwr9wR`{4)8d4!hfh5ov)1I
zyV{4FH7JTx+2Q$eJDtRtFx{Ml5%>enY2hCDCV@-m1qSAeiIW+YPIF}Q5)O8vZ*xQ_
z-x_No%D{}X+QZ|!c8<+XC{FeQF-Kq2JD+02C%K5rsDPiaqb^Jd|CFoSvlv~JRL0sQ
z^&;p~fBqStg&W3NGfM!Go&1fU5HECw2EfHq7hT{st%^+xQ@L>$6uKtVXElC<m}rNq
zA>Br2hcxRgk_x$+<FptELE)BKo5D+u*O<veDtJ&gw;*`3_Pbs6#%#kaB<<#|P{A?E
zTamUX1#N?i|EEtsrdYpxOmR$jr%;$(EKeyRpMGR%Wr`KKysRlDFt(K4hEtKlOO7=w
z>R*$k+TtlQeY=kw{83cAIa5Lo{w5tA{F4ghV@pHdM2fTBysYUZ`Q}w6=-_WI9mD>v
zuyV8@qdbBzuH@}v8wJ&9S#G9oqfbT!Dpi1!cf6YXM8wZiV6POCX2`sA@C>=1__7})
zQ4$x*$&{U$&8TPrK><nGg#sp4Kv0o=;Q;&+OE4LAYx0+vE;V~$VnqQAEnDwoo2(<e
zdgn?#fpWGuc$<{3UZAh{`Bu}A5~ONgtit1xBs>LZANC^q@b6*QJ~Tym1L}l?A70Vk
zA#O#_>IEp5j3vBTX)2qM;0JVPzCaB;uxf>BQ}^3mK{b1NpDM@vQt>ix<Qsp9Q7yve
z+8Im;1&4V-E>AK|)SU}@xvtE9WdnR36!RS+?&-n<?(tXSTCRZ)H5qQ}MMa)06x`O2
z<?x20z%Bm#GQ9vz@rOKP;Euws5W}_cG*p+b8i_B0DyeJ;cEuQo>X1&_^$}j%V3V{_
zHNT^}{y{3#X6=y=Mq;&0R|SsMs(Dy3>*}c)4@>^Zo*ry#Litjo68TQrjb`d!MQ~vA
zMZ)TwCyKf|s&=z=&^tONmf$W_s>p_+@%~g;*nWRNK%5c|m$<mix{59Au*A?*Hv2E1
zlM5r*eihb+6j<o?C4xg0LJSrYXv$&q9JY3xCuf&l;;Duov@-C-R%nhVra2!GZYL$I
zB<|R{sO$>_NBG@xeFP|vK;y|1J4Ad#NTiZe6JQ5jmEwu56TYnUz0Tyqs(i-RS0Oi0
zx<Va5CHv9^wOrA+qI&!))E+mRrh(>+)3{0{D6%`tl{y=FVvWKrBE7{c2Jm<ORp?aV
z10wblcJIPEUxj$7y<|grORw%Ow)R(?*fIhYinFK=29<k-o8%m}I+XH9l?hO0oJ{Y8
z(0sc%M%k)^od#!&pJ(6Xjn`3$8eu|csMC;MHzv;0a1vpT-q`O1pl8zRJcaqDko(yO
z)p>gU0C>*hc2BsE@XatB<>#Y8KW+yz_!3v^#`RKvH+R)-4)t0*E*#-O!>tJ)WDT@R
z{qb`F*eG2!4|k%S=X^oIgT`m54?O1^2%Y$?uf27;xhwPt0kux?R6On##@bq{Af_yg
zL`Ly`@4G_xQOaM+*e}8dzB1|C0?0HJz_8R>ac*xY6#;%R++r0I8kV4-q5@BoI1<@t
z^O685il;Q%&!bbYy>B!v>FCRr!LJdt*Zix64Shszh)S#ca7OGL+{YVFa|^UR(I;UU
zJ1aHkaw`5*o<keA;_O~7QN~9ZeC4dk#WcH3&gY^@!JF2zXVg|vB=g-YrAw|9J~~ni
zABo1NSJ;;oe;MgQjr4%~(RaGPi0V|B!fR-P1?#w5{H4A@*mYPpc>>-Zpy#oWUIo>S
zwjp@?;*2cdMS`w_e376>9r3NA18M}d5Ub00K07X7LJdDRH=5bqQWXpj%g`^*Yvwr<
zc;p|BLMyX-F3&4;+n60c9^P5t76G+jHS6aOjVD~Ot1CCJQ}(dXXaiBQ|5nno(C_af
zfC`9ilD6jR>=pP4k`%Tzz$4K(uMRn}cBOFXNU^?_7qR##;8w|dFFFwZ77C-NsB1LR
zTN9MGcOwzB&?s;o3I3rI(7i>J2xU7{4yE}WbFS|NJ3MZVK(6aDTvSrS8Q1r!E40*!
zww``G>1RK*S2?LhoJI8tr?ss?G4X|mk~TO!Cq<=@hE}+u;$C&VX3RJu-z)hS1+K1h
z1x0_J;*m((t0w2`hN#KwJZ`CHSu+l857+k!jSch0g!$s0DY=nXe$ChWru_D_xyLP~
zD1i)XW9_Q-R%^mZpC09IMQOb_cfM=b3IDS5F=;CEyiBng?S^HFi%YHT(K}ljpupYL
z8&zYM*qFA!ujk;c4mEjNf5wY8$!hY^qmoW4HF%_}H*y_-?xRz{jR>x0U;0>AJf|^f
zmM9Oa$xF*&qw1Hg2!sx-5RZ0IRVM`eJz02Lgm8+z;_sqpgiBVahHzxmK71%O3+Sp4
zoUi_E$La`NOk3r}yz%-mLq#ptqwMPzcAl4401uaRG*ifnc%62xlKlEeuI6hkd$AFZ
zJS3!s$5YweA%Z>zqkLVVqH*SiXsE~bn`ag2>&~8U;Rc7BQ-6(U*=NF36hrtx7iYC9
z!Ej`Hkcfkh3phV}ZeixxbG^$q2)i#-liLQsy=PAL-hCDve?m5H8N(SGJ*j~be2StX
zydeiTPilva8$@`#-H%eM5<jcO87wj-4>@0WK^Np)d_nn)i^KwRhtO^vfH|LXj*B@T
zet~!FMP->yA`G!|nDZH)Zp>L*;bP9Gd*MM@mYB%im%Cx-Yz}sQuEK?#H~C<kkzl9D
z(e%{`jynH7<o`vm6VE4$ZGs%rv;Plvon;PQmasDeV$>0o&5$Z>7j-_TG><xe6{-<O
zD2bFafaPK5E{>ge7Hf2}E9DqG>s!N-=Lv;n@L=^yA$S^YhJ;X4_|Gz7&c@;`-oGCK
zKQF#hxKL>(!1%ERE~|Qd-FnTux0V*}-hdJ~i@Jh(7GEO0<mE7Pyf{o4vu+)G^n<GX
zk3*u)g(tz0K7Z8tJ9#vrn<c8_=GhSt?qg7=O@?C%7~TP|_MJNKh%{VZu}U*5`gY|!
z5w83c^Yx&l5zTs&#Nos=90MOw>96XI!ZjD=614`Sad61+&?ZSU{9DCts48V&R-xyx
z=2h&Wa98f`Mt-TjV+l*-j(#$}LNm9Y=e884%Cb(iz^f=9RWT4$6oJP<4Ngq`D%jx3
zfZeNIHJ{pm!%|V&70$_*@5wPeROjlcEWo(T>~ynKhN3#&%OZ{0hK(LdoFav|)AKHm
zGG~q|<&f2tk%oLENBE=`jAP^6<-aJpLQM}Tj;54Dd1lo&L&d3`lr1$g$c`n7B(I~M
zcl%!%D~?O^cEqmRzd^NLKAe@wJxYuEz?Ho|XcQhBs-->0aU+fLrv7TStM(c{8hV_*
ztmxLvAZ_IOQjyTy>Vk{pCCO^O?V5N%5ixM<C8Re=55;ngRE5Y{@nrJw-Z?)vmh2+(
zq#7E#&EXuG=c4FF_WV-Vre?^HR;`CJ><!+lUU=FcK8VC4?rEYj*{b#Z@UHfdo2fEn
z`uN+ri>Xg-5Z}5a$7pl9^5(Xv=9t5h>6F#W$BD~_#5&06c1R%hOuCO3)oSMO;o_D)
zc<A1VXu~I++lj=W6kEFkaQA6?SEJ`E7Qr0d1%<8atMugNp?)|mLILcpaC3x*v|G?_
zFpT@90370Xz1?<yf0)-^0Jkkz8@HM|522D8;$7!K<Dw%_-suzD<}Ev+4Sp45w<ONZ
z47aIdv&FgcX?vQ02g;)Te-#Sa_6h&fA^uI!FaJ%5iD3r+7QM+-va^~|CFx&8a)^b$
ziSRqG8*Oo7O3KRqi{TNX`dFOQp3bDJ1#*jjVdxfr#mFrl?nk%ybWyI5{4+#0Qt%!t
z2seqs5RuhLUQ;3mSrsR72f0y1|9G@C2F8g@GoBQ*rK4R)=TNEA^SKbuIt`SzocKQ|
zN;d|&DM}xX^jMX~;Ue#-b%^NKGlz)L;Y7wS4k#l$-A?v>%sW%&^#ENzTYo|mE$(P*
z3i{SETPP>ePKk7|pFKedfPzAPg2EB8#U2=|6v?uj$Rte<RSDELe$Oo2s1m0$_=3rf
z)#M!ERlb%82YQjo{yh?{w_Qv<$OS)r5?W)9d6x)pp;q?!cqSAv*mBNyHdr-`yxoL9
znX#>bUid~Dtv~;bv><eo(r7pJaLE0*aGdZ!_NfONWFJ)(Jl`TPBb~PQvtH4{rcf99
z^|oK%!%J^hhY0<8+3#QCG;uGXo<WeZBJkZ=$uL^kp*oS%WC`K@o(;@_V3(o<@eiWh
zh__1OUGSH<&aF3X9n7zShjS3vCJ%-78!dB_^hh%rIMyXfsHa<;>jXa$|CBX8meA`W
z$9yYGYc4<VDzr~C$trK&v8GajDeFlU26+x{kMRb5?C#2a#1k{gYeG8jHG4wThU)`;
zm)PVMJJ!EF93Q?uAWB#HU~@!5CwdHg=L_Q}6<|we{~17^nnx0OjdHjFt>*WA%|1?J
zs)JYEzRXmn)3MH#Iec{}r#3yJTh(r$aW?1mWG-+E2ak3`L$Fk-ktX*7rQ+(<E{<aE
zXMVgdgP_R5kaCEhC@eOou(UwG7{gO}UQ%XiL07?*SlN2V&Q(LryWdm02~Ja^oZyts
z-r=@C8xoXZccgue%li1Hijt?<N5zSheVcet{Pzf+oMKJH^RlU@ye<Q|@W579e<-_>
z6m~~)Z7@1q(o$Lp#nJ~QnowcJbn-JQF!e;9=9H(l;h!=_iSmGz%rx-IQ(m&`Q|7mo
z2V*j5AE)u}JuBzy$-~uZF6~dR;uWbJySWc{%?@t7T@$Naj8gyy_`Tu>Rf`p&qz@j{
zbi2=RR391C;M5YaCf1?atccxF!lQrPwZq1srmlu*s+><Yb?n>RfqpT>_%twb5+8ke
z$G#um)k`6l!n8m1sPIUFGOB`XTRB_mSK`6QeqQ)tf9O8K8`2Myz(%Evc*|wU0;tNY
z?d>#i^0JqL;qO|m|DH@PftI3f|6NOw|6Y~Oge%~vrWn-v0-%e$dc%E1LAE2zwxXlm
zfIE#sq?cx;qTI9p+%H3uwwl1`R2P%zsn|KW8e2A0)b&-J_sSDa>Io6<@c0L$tS&0i
z#loE_Jv#(+?%uzYJ}{!R#^V-rxXBZSrCKeTBSYZfffL~Ip(~c~{Ki!JE1moJuMgBx
zc|K9j$)_p~PYK=!6!P@BQ)4!Gc$jIl4A0jV5MkMI@?Fe{RCHK<H>n6ecu&yGlT~~T
zEXSv8jCZIGS{!>(2A%6aaNZZ@>!YTwt9X{`qTXNI)1+y}37V9`oQg;0&jn+78_@R?
z?7uYnN>3TV`J4ZWQ2C86(C}Z8bBGw1+1}U{XljhFa7ma>YPOG?D5!gL<$I|()a^od
zaVWOoutdf}b>AIyqViB$>Y5;rCtVvI(8CbzGZf`tKInu~aJpOZzR<Ngy4Vl|6*=jt
zYFGH0Y!!-LFN>ZWx06kWMN>x|K|x&2acnK~wnv%cr=n0!E{MG>I+6_f^n<D!!Cn^K
zU|HD)cTCQ6lO~r%d6DLfbN8rR0J~jHKXZ6A{m7BIl+4tRLe4>dWk}vZ&!uECV|-)U
zIkv2;dz<F;nojjN|8WcnkIy39rq9eKmwc!2iK97Enp=x!4;Fu&06n_<CR5@=6T6Cf
zw)XALlN0Q|R2(R$VrtCPe<}I2OSsI`vttH7$v*c-+=jlmvNPs`Sv{9v$?MWkxF#rE
zHzM4lKEu%whJQ9xXV$1_W@AgPKm#xB^_}kkw)ok+gpb{fLub#gOy$R}&w!q36EK3e
zUTW7;&rH%X8{J-<)6_h5wi-rpsYF%joy=0an-#~ybhQs^o`G<QXEb>u8`MOugU<@p
znD2|Gzo{lKL`}`?klq=kJQoR-hdGV1yN3@i;nY|N>-_m1KI_%g+ojS0I_N##+ZT3A
z@75%p(+}hLTGasYheZeAYXT=`eysM&<2bp5n+ms^udgu-dnP4NTcHZb)H!g5$L-g0
zL99KVY5J`QmMP(ebOUeWlZV}0IERPmKC0t`Tv4)0O?})aazHcRM&WM}Ev-a)pvSzS
zuXh9*WvPo|%E4Izgu~^s1a!k~xVTx^b*Prw$qOY4yC#Y`C+BIuxZsE$^Nq?Wre9p#
zm7AOY@}5cJClh-#@mVp4vkRTWBV94Jd<&oF8*Aa3&|uJtI_PV+Ea20C)K%W;%&Dwq
zvmulEF2HNS34O+D$zyDOs#^|@YJ+8{0*4z^>kyU?5no!urwxVF+&s!hdFxYiAD1Ph
z3)22gcsS6rO5zPR4u1lEZQdSFyQK~xn)&X0c<YS9$cL&oM{SrfW(hA~*dv4HxbSM$
zZ!|lg2=botAY6<dcBG_Qn3)w%4t3Qsym%5Xg`9cxn0y_gFG~-oL(~>#^U5JIRKmS!
zUFkKyHuqK2tSpf-&bA4D&X*v1@i4BZ@CBY)L$wR>#Q$A(=n|+^oztSxjK7(e9r}EH
z0X3RucPh*nK$@z>F&fgw`oUo}HELos{eji9=+LQZuILa-^mJ1RPpjEcyIxKI+Dw&j
zf5~!A4@~aWDE!(C*|s<|74!Cn!n&C`Ji5lpUersuIvBYi+`U}%)Fne*P-eG;%kH8J
zBTsq`EJPGs@1YL%&1fEEY)C^z6{@<jW;U5OA7I;*&{*iPTsDH++XHn~|CMpLG%Q1J
zZA~mY@#tKr<%~a;*2_-BbMidD4&l7H;@^t+%>Q}5c;wWB?KJTpN8sWq%lEp2w@dPQ
z4DgZKA8v^hP~l`X{XxHIYTcjt)W0QXt@Wr)q@}K#4Y|@p!bOx~82UpU#F7o-EmL#l
zk~@U=M`~t(%6=$9TWjdM0GF5x%KD?dRsh@76{>mFq-gr0sa&U}AtUyiflA43N=hY)
zZj3VcD#WGTNh5i$%5CahINi5I4{Tl^3Lj9XDEn>it_D@FC-bp|EBcEj^&bfJ4{Pby
z2aCA@)tUIb+frgqtgDy#*f8~IIfQuAnK#w@TX-;fnG%UvKN>wrF}aph!kid8F~G?P
zZ>kq{x2x>Ynov)n)5Sp;G*wJo(HGBkD^?1R4H9p1au`h74K-Yn6Hr_5P)6J7j`P>W
z?P|7Sx#YraG2>opV;;b-d+w6-rLW#C_=i=(F(|E8dZ_k<>H1*L3fBcuL&M8eBXdP5
z8inO1{=w~3_;vA0;jV@7e7}H}9x;v-B@sP|S3ojPE2`Dfe?AnRuNjX+v{IP9SnOC%
zO$r;$^mY#!Kab=)mkHxCaWiWk&PCl04^@C4$XgY-P0M;sZ0$V0YSkLwHc1cz%jexU
z>ib1=kNs}n{HuE}<p1qmK6B5gU1v_e<k`zky>$C``<Ksr>!ia^{jlhh6z)E|fB7-n
zPtq2(7JZ!m#?#;JUEb2S{`>h??)jUxsKq_DZ13{9{Wkt>^YsT_{>rzO?LGDSdtbOL
zfB9!GTV09AHou=4wd>rgyT036^hy3wy%+AsQ~t|O($=-bctbPaT)3<IdUVh3Bjk5;
zzp?4hb;pf8YeD`GbZq~p^26iqlpgf`+jp<;pMm>)=lIw9_9~AmpZUK{Bnp40K4VRP
z=-n=@tU7Vwu^p{T7cO2jwXLHQKdPEmR@Do4RW((ix6qKRS~Wlwu31^tId=iascMAR
z7cN@b)^Sqn33!UtSu3nOVnur!ZZ8nNEvgz&)zP-JW5w{Lc)(1WMt#z$Po|GBjV3Ei
zWSo?hoK`C|E?ZPBNYvLoZJE_Vd*{;Dj-_q$>V#_+Ej!_a0aduav{U$S<tn^hduvDQ
ziJf@4i10(-#mg79bsRPi_l{pUr*%<llQYMh*Jh-$^=3Nb)bp&l*0#*tdLxr+HL_M}
zj**^+7x_eB^9BFy!tKc>$7pf^k8_1PTbC|vJF$H!UOl-{P?w!5teJa4>%tQkE;=^G
zeh+lC&2Q^yTQs)~|2}=@fU0Hf^IGvPTUrB5B-cNaO-~bM&RyKmHvUrfr>aat5?|MV
zs-?#=ww;-)68-nGZ=-FC=Cv=zH}*e3yC!3>Fx0qQ{+^lrQpq3K#HK3z2CNqR!ut$$
zm}dzmXr-MGY0pbd&@#5+=BIQBA55?6Y@55RW8u;jQx>1F>?I*lHS;VcC&WlALuIXZ
zrbUj?6|fwM#bk{$s>X?9T%_@5!8=YQtWF#!a;WZbv1&GXR7uOl>b{5niPhmu>1=sZ
zYBW9^BKHL9C?%edI@F=|BBr1tmqY4U*wcdz(~Z&<d2=XTRVF2gxE<?8>7sKF^}rM~
zF9@ic;>`nf&EE3Gc$--xCCi5&1k-s7lmEYgbTs=?mcvmxBCzIgx_!!7gwYKNpk^v%
zT6PeF@0BiiPR$gDph1lE1n8PVJpsBkyrFY8naN1pjVq4G9GJt6K5K1G+DJPOdm$(*
z6SMe^Y;=s!C$1B{-H062qd)OsFsWvArf2rCbPp&_9+~-Lvg3hZ9EDSoStGrb!i#ss
zt?YFg$@kky9j*>*#%a0E<LoO<>H_FCi<B<rwr*QBG|hXDlRBU3m;9rY?&>v(Y?5F1
zUc!2Eg?H`rKh=VK!5TcAp6BnXn`?2@K3}s2XK&`QLT;O1A6R^Zm2K+5YD*g%3;$3)
zZ*wFLTSIaWD(7b6vSpK5N^}3Y(1v8BPu$83E>EOvj`~riJmcWSd4Xo%st|-#0`?yz
zr~dv@o`Caixme;?7J4|*`}Y_es-$^ARl-Z{&oxSCf3z{xa9b!Lu{i9kyn2bvVb@H(
zMqbnsVtV0Y{xz(;Ermw-d09Im(!5>B;FAIhfJHNJc)PeXPn2`g)&bVV3bhN&^Tc>J
z?5y)u$nA!`Cb7b?n+(^)pze$5RG)$an;el1VSXl4U+i3GjdqloB!<~Z49;Y-^cN;g
z5MVmXMHPY~ZoA~q<pLbVO3&xuWY)?a#d?7);ViYKMHkqV-Gq;pdQG5%TGp20=}fht
z*ivYzNDr!aj+Hu!jj=Acf0z`<r%h%o%4j{T2X8XpW#A9gNisM;m8ptS^<w;~tnFOJ
z91gm;6Y6&6tufNPrcO@?`Au(gjxU)pa}5S{>s=<$%$n@U6DIM`SxPsN7W@8Rvg;Rr
zqw)M83NkGAaqjA&0XRP3QL_*D6RA{8;lKsHdc2dHrF>xwvSBD_czmFCPL{ma?BpO+
zDZJe>PftpZ3{e<QHMe`%mDFo%H_<TkCq9xa7#ZoiCQFIOskC*J4|?`o&T%ms4ZGD(
zwVx?BF7;K2S9sP<ip1{;kq@+ZwJSnWLxLgQ{5sU#b*VgDLuHo!qb-J2Q9oSb_mQ;0
zq`hOTD8bj}yKURHt+Q?0wr$(CZQHi(eYS1ebN=t0o5?$w`(<v@m0q26rz)vmJ^i6p
ztw&4Jj2)~TizTIK#u!gk+^Ja%ei4UWSiuQK*@Oqp0x~IU4e8`ctcIYBBN4QmV{~-1
z{?$XJ)2^_d#hUH#nE8=#XT|ZTK0SOh<UkD1URZ)#vwD(D@8!_7`p*U<*BVuDoYBu-
z+%$VNMC^jQuG*>xIY=Fd*d@O2e%oG1y+iLz)8-Op2ZMMI@gimyM}9X_F$h*Ba$o*E
z)zo3oF8Y2LD^5zPPqjOMnS0+6ZNY;rqg~vCZ5JsV?oDbUvO)mIxfg{Uj{uM4)ALRv
z<6V3iL%YC5J*OGVb3@>yfFPu%UO<_0ysx|bW#r)(POS=a2?Zi;!qyZM#TX-3X*&9k
zjG5N_DM|{4%JJ9yP?Eum6c$E-=~m0r@|bU%{1)R#)rQUca5{R4zuzD9);O=gJ3|b$
zh(1v{o>?n}$D=CmVU?CJl*Ui-cyPWKh&Zo@3APF3g&LmjC*yrIk+z#9B705wWV(bs
zZ;=N+vH^|UfGZGvWaC>%fHI2VClZ_E>9~1398fkE^jE|ercA%3``5>iio6$u^O{s#
zA=rJU`O@luGR)Ji7RqO2IddUq#9qY7+0(~AmmIqgJ$oJw-=J*tkm-}f3c1|$iAP6D
z57>yWxe85ok`dL&`t3<?yUmY%;ihI&5n>bOR@{QEqmNsw2(?N3m>RlPe`L0dJt92u
zrQURno#T^2luNnKl0vvLX+2N99%$6ybZI?zlcHi?jp=${Cb?KCWpRm}<#HZ-?x>TP
z!B|QB$-6r_q~hnE`%TP4<NJH3S%q9Z^{d*1w?Z=6Y<lQUb%wCAhF_$lb(4yTJ}JbZ
zHR4W2lD}>dPM2+D*N(AvMoH71lkwqYi9Nm8TB6Q_BhI~KpVS#RmdS0ih=C)b2b7e1
zSY1CvB3{KV=qmY0hrdM?8_%uZ0MNW@ZLHP&K7SY4(Y7U)2PTZ&bi1ZF#5`zVo+9ad
zFWETBJid72xyk(M8BK~)bWxV3mS(rf^1@(5c)k?~62_3j71A8c=n;t*&o_yA2DAcU
znzD+`g2#lcQ`z-)VfvDEiVjexNIDRh7J$+^b0adHIL>LGjrIYLC(EN~8j6DtG9R}^
zvRhguxzgs0?@V4HwR!){Nf7=?ePz{o_XeFb(~V=zY2NJC=B*Myj~I74E>~b%(DCR+
zx~QsKz*!Ci)-M~gVP__JyF-csaUP|BSDcPF)(ZWInYj;h72`;;6_1}>Jv-k<)cIS`
zAFCTxAp1JRH~FpbNIDt|_wca0p_oD9lHnU)tSc-0EOFe}c9k#v1pbs={*x73_!0Jo
z@e-656Ct1=;zsuI>Y&EkSDP<gs$DF++FkwDZ~Sz&)dQ)nC-{Kr8?n-KtI)6DIxe=)
z1o3IyUT(f3u8l3LMlhi^pOffoTJHy4rr#D?0Y))37B5a>+T`|jSIiVie12*6Qk(H_
zlR<Dk1VKCGXVwoxIf_Yx;0tO)@oyTPeTzEVdHYc?G`y>4FIm~CDA>?2MNepCcNKHI
zb`J4l?W`CP4kg_3U19sr-K5x$9uPULs#~i!fA0)NBD+{;uT0RH-XYOyXh>7JK=LV8
zvTc$DLQm4sUWj6jO?)}0YOaX5LBklf$ms>6f|h4Bwe`tqunb>?)_StLhnhtpSL~x=
z0&2%N@Cv7b(sg8J0p5H^xy7{NBJ`D-<8|>XH3{kqwGeZvPt%c5f>7eTcn2t?o$IAy
zqH*{K#fwOMT5gBNB0K{0^2BSdwpoa6147Oxxop6dh5%`n$Oiv6>K3R>3qn$RG3-vN
zWU6wA4#CM}IR+=CgGzjHu$D^_`y9!D;A5GXQQ@vPPo$9~`oj*EBA0Z<I~S&TyFsT3
z@e*AGwcb{9nSiN4%$*X(jKB5A6oFeeoBNSB;6bmHb`{$MHQFS1^J)zJ%f8{QnxWTi
z@p4M@y=i*hNve=v_+Pm!*o|r4lsth2En>CfWJ}fdj*+5rV*6%WH|y&=<iA|0uB&ZS
zf?iXDBIGT(^$bdH;!;+hgQ<s`s?J!Kd660pr^C<r+?YYK0s*rWf7wY$8rg-z)g+LJ
zZG5Szn!XbRNNjn60xzN$59Izh=weR*GFPV3>HhT;B+TM~hbN(r8n6>d62oxcT|*sM
zJtNpR10)MMT<9&O@KZRuN8wZ8vopACh(dFt)8S})Oe6XR*TR7;g8~$f(pXnQ2_ha|
z*G#k6U~B7s8{}SV{LU)eD<QSCG+qG3oZ|Gi@d!F<q+N>~0k%Z|K8<8x%iH&h1@S}r
zv+vR&{ySCaAA-$lSOt%lY9fKM@lUp-t)<opp*tIdVx<m2G4LP<Ei(q7HNUZ%C^Lo^
z#QClQoV-o!E42&t94ftu8fbUN-dT1{v~J7<BVdq^&9~UdCWV@09Sd=m9GVn6wf!3m
zAufzRvgvb*E^Ok|=mIaPtXQl3I&5#F-&mdW<eBkl2ZBNhPP<1=8UoEq!Vl^akwDk~
zP<c(kNA)D{7Mc9vwr|iT!=)R{S^#RVa};sFQdxr2Se^c)I!wJci*rm(V}KhNl~Rr|
z&K&0jiglLvQ&iO#s-r?|gB}s%CWyc}A4ghrXlm2sS79N5Q3Efh!Mmzj4um>}RM==O
z4q!_2OxdZfi_4N>za$D{Eq=uOY6+*u$fI}Xzf{y{x^L1mE)i?*7G}PE9z1OK_2Fep
zn3`hs2;j^CF$E0L!bDHU4$1D{BFyji&OQb)ZGwnvDs6GKeUKAMO8&+tdh`q>a^jAh
zKD|wlH|CucH?CBXi@K{1X4*QMTASY4ZjlRIVw&gh#c&z-9Ys@ES{_Kk!4~^fVh8f=
zAP3LUzBzXS>;x{)U{<ZwVNB7V!zf2i?xA^$)i%o_@w~lrHXl`KY<+@*Pit@U5<j@u
zsPmfa7E1p8`$Na&){ag_!K!_PcN)?l8DWoU<$CAqIGnaoyjD{UUBZH0o{HuftSufK
zyshuIL$cWD#r^&v%No3jpl89x>&Rr`vZ0pK023!T6=S*-P=b=FP+7WwLKMoe0JZaY
zjD^tLn%_TTdguE@e)H5KEGo{uKhdaVOjj+1l3{4rR-})TVv12o<`95WdcIL$i8Jel
ze4{C^sD9ov4Gzue@l41DwI@GPvv{Pc#WyR&ol5JjN3vD<{m%g>b3R={@8I4_wM9=V
z1uS_Dr~sZPTU7P>^joRPR5NH$AJbdG9SKM62%Pxj6js?ztvtYzC<{xAAIjTw!B8!r
z4dtC<!bD>M>5Vk;ib+wC)Q>@tDXFA8!LgX;l#*T!JjmJsaT6nCL<FfDUnX8~l8xj#
zcv-~jU9#k*nvc>jt;10)zHfR;9U+&F+=N+XaKO+6^doF)2+cPA)C>Z1qF8Ya)W=-{
znAMl+i1_Q64nF2t<gFB%YP3o5?k0YZDo(;&dexnKSjJX{=F(B1%`=?!tg#)=UNFcy
zH|$}L4ERPl=}DF@#_7ro4{lOKppe3vI=^})ee;_LeWS?2Rkb~1t%B%o7-uM|py0l@
zb7A^qFTP@uQyG}k;yKD$rsb$3TI@ktWa_F&QRV#sCT1d(gTzzOnNqkIJFB<=*+U<I
z4ARG-IGj4(&2ZYdQ3mGK0a44?-)xa>XHT5boown;b7?r%&?qyC0-yLISu?dIOu`<f
zbDR=W%|Ox?vG40vhN5JSGGbUK7!=8yet{@EJZj#dHFAsTP4~l(@K2e?mTz*(=&P;j
zgDw2?c+}>qyd2ZDywz-4I#X=uiij&+>ceaSx}0?(xl|!YE6tO%lL=|(hr(<_d9P8X
zRKblU-yAjZf`x6tgxQtJ>!Y|A)mlM1g$esR`=jvfXGu&GB(8YLcJdnHS&}gjo^G)*
zeOLPe3*EgkVr&y{I|er)pLXpVYZ+I$$xUj7A=?7B1km^v=NqScJgv7egvh53pobR+
z3;Xz=Vcql7*@2RR?D#(VV8NdihB?EPpq)Nyd&hXsF|tOGcfaCf2bxo}kx;e48z%2!
zFHF-oH24=(yzqW%fsD0UPcVDt2CU=eh`NAD!(JpB`}=IQz>{|zx+!Bt8C^Z3yuyj8
zc`>^OQAra!c#hL0g69lUOZ`<Y(Frx-^MLd5;OHL*fn)g`(fy116BLgwft*Juj&kG;
zf&{G`SviWk)5{WWC>{A(J!q@F(>ny8xy>{1UO*r8vUX%O9Ed&lBp1`jNpi&_jM&B3
zeuvOPTW?J%rJUsQ?*Jm+t1y)k$aAv@U=C~+Ap1)4guS)}R4*Kx)9Zc*9HO35dl^>>
zUDxuwzs)Z65?@-Y>KJE4OgtK^+pMOUM8}e4)`=%DWACPT`-f9R5FMSA)b_FVuYYNC
zfJpc0j4*SIzVP8-KjuMdtq66juFbe^`(;d&<`r#6>9bY_<_FjunJ1AyD;jm29SS3h
zNM!)u+K39+LZ}mTu%hqGAVkn>s}S(%xz>5{B8_sZG6Xl=GOj8d_<qtec)KOTuTF5s
zJ(Hy^$i{s1n&E0+(f8DbBhD!4Y*3{EMIl5|Mj`eyZ$$hW=GQlvgi(g^F`fuJjFBG_
zCrm?^cwZ~*M}Bj`2knp@HbDoc{`vTk0@)2_NprqJw`aYb@b5E)BHlc)%0}r_Q@y3Q
z2h2D)p#*71=MxT^u}=1<JzTp#&(?EK)mS39^7O@5Td|=Bfg2<red1Q*6@#0^0wpNg
zkMDje?d*Og1uAlg)Jl^{*|;e1NDIFwu)?V#zEW;e4f0NW>g5xNq*vDef`Q^j%q}aJ
zWKzd3uhMCWltVJKeb=YC@o<E1^JLq<`WECWmji2eaUL0QZtI|9!+u5pq?hx`rg{1E
z54X<##k89{z~z*cDB9P?FHc0Ptfx?nuhY}7eBsd~$`PRF`d5z}2$8goHdEWmiOoKd
zf3yZ^?0jNV(ri&J*pp;N#~T1D_;FDpk+6B_5Q&ZtI>g{#`6+$TeONixY}5oN44+Oi
zv_%=(vs7A!Fpw&bo=o?JiPJw4c=+O@QQ;ABL<Cv?%&Rg4@Xb^e73Y{G)uf=PtlpcM
zu=>P<)zo?iYJPGdd3u?@?G;!GIIX@sJ!A3|)#UI(k`^}T2C(=#W8RpW=p(nJBRcI5
zWoK41PV&7LaLEFN0@NvnPWPA(KH%H8Wx~B*Et4aS6I=4UYlG9EN!O3rEOV}RoZxLG
znR8P-SwE89jop|7=~SUS_a~n0nQU%VmHeV$X2@#1R{R-aEhhfD*D{rAc|<mL{J?s;
z8cJZ9qT<F&c?=-wVzOsoiJ((uiwnnrOrtwcPNSobTrYbwX2_J9F>sHraf1dY8Pm+5
z2eBv84kl$j%_>b`ajvw8sz%ZQHOU617{-wX97aeLa(KZ9Au@q`3n3*>)?yxr%TqY%
z0i+3kFqKM$Jp4|9bd*kkP$qXkK9qp7)MeM_)bSJ^5PlkQ#i+GT0bmLYp3A|^Sr(Qx
zD1?>bItM=_r3!np4J}A<Mm$<{iIEmGZ3|(T78(80s0^3}a+|~X-P{s)(-xp-Nbp{t
zs*h$wQqS_e#-Z%o&09+QP(7fqUEBo73Y&)KY5g<d`!QFyD=no(aV@-sgKVukSy5_w
ziO>JV30sz8i%FGamvKME2@AG;u))+#g!z}$Ny6GGGFGNkk%;#!Zba;UXD*lkbNFoU
zcC3sdAJlymQI9xKu#wy&5$Q~dym!eq`N(AA5|c4=?6Zdtb2&24@jc`RMzf3-8enye
z2DS_ORaN0mGvbn5YnzNO{6;n8W~zf>)GZbbsODL2S-BR64aH5?&{%1&00q0%V5>Cg
z_gI>&$}DT_gikfDwu~$MJ;Nb0Kp@^ovEl1Z*oo{18`5m>b+b^wL33zvEu}p~$Vxrm
z#7@dBpNg`xu&47QT9F`sQX^PP=x1Lg)TWNcyOg}g{0_H%D|T|nn}l5P{Fb~2M8sY#
z5aQLIHv=a~!HxBUtk1g%Y?n&DUKb!bWGG^L$AMDH%Ru7UIHxR6A}IA;qdXTpNVnSt
z0}5YB_9ea8Q)u3NyLcyM;_*<BWa)@pM_-oTyx)zsxR0I(BPUvZPX>85-Inbrt|7az
z3@s4&l^cB*we<NzwU@de(v#lYHs!Gm>||IadQjp7_PZged+y)oOmw>UhB~^2{Z|l)
zS|chFj^2R7JoMnLAH4a24*^|A-%MM0&?9MIAYuz?FpT*q)SCe8&@d;b(B+r7<`aM0
z<(FPTtS&n=35v7J$~S0w1Eqqmk+S%C@po<gIiyuZ^#1nb=hM+{kzN8hv)QtdZDml~
zvybF;XG>N)4Alptcw{W5)q32RYq0u*sA=1D48+77^}d9QjfTP*f;c}_Ih{cIr2n5o
z9wX`&8Si-HnLS1B<91f_d1RB^Yb!kamM>?YlkdMPY=*L3U!vG{%NKGJYF2#CLI8Wj
zfsoU~ybL*F!=+|J#6jJBc@^dhbBez1nAQ=&U)n;cGU0M-)F$??o939T?VQA=0ZVM?
zr$0nFzMHVXR1PX(LKJ$qUS%_{-ZNBpxa4b~N1eWMv>*dee|H{zIuS+>k_mYcRPR0#
z89msDfD?4?@x>yf2*x#FFj%cZTz=gy!uxo2Ds=bOLs+f>1v1)x^==`Nr1Dc>|0HH;
z$$Y++yQV#qQjz`oKBi-mVv1i04XP-e3mjhR@qna}^+mb6e`n}8RuExGsssyX=9aGT
z2MM5n6n2pMp@)l3-qIgDR;6oSuU;qXRbJGc{ZkG6@^rJ3Ybm5d9iq-%2?6mtPS?Mn
zX+B0K+66qgW@3hezICDVMjg<V3G`~-1vQv*-k&@J4;;`xhNXJ;P{mu53*_G|Nc3c6
zm2mp&myX1Gts#^gR2B|Z#ydTc>%Lt{1qH8`gUqU-OL1rDFtqyN_0`AWnAEwf#hTqZ
ze~j{+_vV+KdylH=zz6dmG&ET*`zas(mB~s7Q>M(%<d%LU8l23x5C>?V+tv-%VF~|X
zIPv7k67GcN1Pma4P*#SK|6QQuF4UrRA^{xBDc&73G8t$a)ggqhhb{+<a#;g#MPFdR
zdtD*yv#1H)yP<Xr;)k2Um7b>y2EmarjBof-G5SkFRG@M`lvO8opTx-?PH+$v@1)uL
z4GW?iwYSm%dB3`&(i9P<yTrD4@VmU~c;AHOct2<LQT6X;oZU#QjM*9`q}ql@odeGb
z`7U|hSouquVdnAxZ+SgY@oH|p=C(|J{O+mfo6tylk@V12(JI{ahJ+e$=9HOYmsCBJ
zOoQ~)G;{DR^>=j9PjXZJV=MPBKSy8FD*)ywl^<G|BfP|<Nl{FvU$nM`!mIj~9XX#p
zB9_f%--H(l#0RVedBi;;aa$Go&T~8G!P5I&b-|;Xun!j>mI<r~+;4gH{zDXRTHd-+
zczq2($Wo+mo2UqPUwPvgaYp*4Jo4Af*>Az~A0hDK0YeLAiP1<cl<P{cKBLQYpVY88
zXX?7EC}Wm!*?Qe(+of!8MMJ&?H*>P#lf!r6j@@xhO6IATLFBq?m6xWSc{Eq~ipIw$
z7BAvvxt;88wYTcBd;o1>LVG7gh=9+TJ6pQOQ;UrAPHq_T9bZnmnX%_f7Dvip`EsOf
z4pJK5I!t2UeUCEa+OS}h)wPl3JFH53$!45&TZW6)&<%Hkm76w$@C><|*J|e`a3uka
zHyhJE1Qeigrn@|$!3$dgx`+We6u@nO99z@Mt9_0S7%lv%jxMa0?3l`d4Ls}Rza%Sy
zcUu@A`Z)uk%G1-{6v=SZjT8`FUZ=Ojhn|Zzs3CR*N9b;7%$JpdCY+MKMSmefZIS(!
zRJd`D(sd4(wUu5E?;oCVmf^q5|89vtd!;_haimk@D^b%n)SVcHT+s^6tU8y%gF%AX
z_^Mdyw_bkdiqIrZQog76cE(&u_}6rLn$#Qr=?J&C?hk$J{1|3?v&*~uS2%B`4<o%x
zA~4Tx{qFS_NL~sU1O)&900Q92rA!eep#_;32mk;Y5&(b?00+R>z}bM_!q(Wr$i#`>
zK}3d0z}eD3$xhBtl$ljlM%2a0)Qq0tKQEZL)9W!>8tO^A7@63ba4_gG&>6ehs3=1M
z0DHHj=>Mm=xI+T~f;<BP0Q^^nO?|n<bmvN$*_mmU278HlIH~DMnVMHwnu+O&>WSn1
z{r$ys8=ui3hZ&NOF*Sa)^i>e{1IlCA4F3Io6#D)^97!@LB-2CwP#6Wxq`?QuqKk9l
z;|$J1`Topc5<Jp;%o%h+n4t$us^wS(o)9xd0LlQY(b#cQM<+%On1A5P8X_9=FAPtB
zI}k}I`u%|^_$fwO<S#P_nioAuShd?(il~R@$D_$6ivVBPu=$n?Jl6`~j!nsr<jo<l
zcmp3w^1t|mxllw1x$?3?__d2fplLGqLUDx7%#cAJJnk?d8WGHeOU9(#P$_W1N{I8F
zNrK_dL*@-q5V*841<AAc&$y{6Y=8^mT$=RV$`=SBW~ReV<aGsk(*)X4Hu#sI5j2<4
zXZU%uBmVu9x=jkeTmlurcQ{V{<$0&_y%{O|;1jXD9byX+a^~We3NTI>kQ^zXGvDWj
zFP!4l!|;ZO(2EO&7H~(wj`7J?3&!s6Ld^H%)884wa!FSU%>F$>l6pdl7wUCkOmv8c
zLU0z4dLpU|pwGdZT=^&8?#~P3!#{?R3<$%gg!=&;3nBY_v6HaAdH<(F_$osEKpe+A
z&+riFgl)5Tfhx81Ic8x3mOQM%QyK!b@BwdK(-1=<=u%|J(GIrY$|(N_m;5iZ|Mz?P
z*+8oCLV#CJWOl`DJFnOyZ31&mpn?r$1l}-nj(o;<(CH^I9wAnM|HbCvKQ`~=Z0fcC
zv8n!l#ioVh|A|e_e_Z~j{r_c?dhR5!B9>hrAmCTN9{|*zYzi};0Unr2KX@?}A#xi<
zf{&PRXdX5I=!Ki)nc-XdERjFWe(>p#xf&|UVA|Ld*%Tv^U8BJAZB@v8R>MB6A-n&O
z2~v)R&d5wO=~x?pE#{a7I=Jo)Ns!qja0>znMZX^qg&<iHVcF9hp)!=9Vt=p%Q-?5A
z)RaYGmJ%ThFN90^7IeA5;wl&i3RXafk3tV>a*klJfC6gaeT$|%a2@~@Fm)+kUMvbt
zokhcm|J@03VaO3{{4@Z|yay#JfB-r`RM~UdSuJ4EK%NUoQcUnHUKava6|!I`h0wVX
zGI+KraFGq+L!BMkHLSB!(7aTdCG0_vwY_d=-w85UDghQIcobL<Dl@>lo+EBI*pO(-
z!hCTun3R<{Ub5Q(4tBd5jzSM+GB2zcOfS2LLiqHNxhP@~H_`x(m@rHbxM3J>GK_2$
z$&3g$@*i^a|5l=8fKUNkl@H8ulfXNDgfm5?pmQ$*b0)<xoXxGUi@6tH0-T6K_$<1q
z04fRFg4}Z0JVt~r$jRe-Qb9By0y1?$gfHN<Cuv{=9#w-raWcHj6Lc(b#lWc(O30bF
z0-CZwD@*%a#xnwM9w|QX3c&NbqYlK(M${c=6W+KB!#}zFhqO8pDnhiA4Md9$;N)7s
zgHQbO-XrIK2EqYdNzeqhbsCMFaNs>-LUIZ;Pzwby(+Ioo6dnqUm891%-RHe^M)$ul
zO_~wj_#q4cz}xqKqqqM%)5ia$xBnkZUwN4+Cuyv`SP(i35;(IugARZoAc%BE5{1fx
zC{z?ggoB{a5HG@vQ$P{vV}dA$a}}<SGDQ--nANA5K^eL^gLTEm_MXZPPIJ#`?#A6}
zU20u^2V8BP{#~Ox&F=B{veWt4nr1l(IU<#4B*_iz_mEJ4%<w?6&=<7*w`e!Ae81z%
z`I;$vTYl#l)oR$y;oL_d33dTK9`w5zX;?yHFy1NytX<?wK(Sf`;^@x8{BJ>oamF3M
z2;#%Z5(n?wcjNAW?c?Yp@W)P$%27+Jo@bS;=H#bxr@%6<a_iQ6J+4MauB<6Phk;yG
zdOsrSSl?DIt}j^*)U5njFM3$9HpZGg<IHn7@>8}8jz4o$4}EEW2y1@+m4az&_VSzG
z*Iu~qsoY*FLiW>v@1DQ@)?xoixQRIJRFQKLiF4W1yMPQk+r=FXA#T^g>Bu?x$a&d1
zZruW*uAL99x;0+sOfkc>Z8vS)hfdhfg&68G=&o1SJ%!nM*yw(5a<?jUr<asLO2yFA
zH3f>24vv!f>SbEcGa$2O+-@9zv1RP(-f)&lvN&ZoHTW|_XUCk?w~5o5ac#lcMa{m(
zXV*|RMRXNC@*sugHm3p6Ma$*4*A;J&#`lPbvl<-g;)~guW^z8)B+b%F!_;!*NUPKQ
zuD1Nf>6t1Xv|Btvzu2;YZD@q5Pn>JKgkqk=JYZ@QT*EQFO0|4)?7UfMpG8fyIgGJc
zs=k@jWc|5#oq2HGPU*@i;rip?DiYy(;1hc=6zlcMp^58Eb73zGj<bg6^5VDG{3>>u
zJvO_=Th^<Wt>fz`3NJ?5i{0|FR9+ZY^zno9`~W|oqBB4pJMT|z&4w;16AZ|0&=SBf
zF*wt|+hUY`$%Eepptn{9XuFRr+9le~Du)>}v{jt6RU6u=616QW^T;snKrido$3Dly
zJ<>zGq?38Q!@XAI(GbS6dw8LS2k3#fq8L|9idRR)Q-|gSmh8or<{=5q0~^WxN0KM%
z&nVb<57*x@tgDC4HMUjHvbC!3!^pXquGgXVyBh~w^f8I9QC7W&QMc|tbY5D&M?SZi
zZf`QT2b(*!?A>xb50LJMNl$}gA3bu<x4dr|aZhdcYQJ|?jE}@0zP6#h6QjL#GGEs2
zzMrBWdQLBX*L!_)#QDRt1cDg)hj{$jz?KJO@xhR6O@TLKU@j3sTSP&LMM0LPAfU4F
zY}(k_TIkZMvKN(*vFfbnF4x6YD@j&INnNfou2vb@TU?xmV@F$dLe{b&Ah~daIfNZ%
zLYj2a9e&&-@9N?+BlA9UrI@`iv>r&FzpwMDVg+j-WgR_eJ^R5MSmCml!6FxtFPCAU
zm?1nEXsVWYsb*-d+bmZsdSCj=98wg#*Caa^6ek)HkD*aP)+3kIBZ>9mo9787hzSV=
zh<3t=YeU4Oj0$#*MXM&lIk|tf*{Ca>XPt9dLfhC(on@Y~DlsNL(p_K|*3?FXRY#L;
z!?!(+$*P#yZso6@Z;jS)<5F;PEW9jL&#yJ$eKSx!j8=c}&5plWsLy7tSEK%UeLD#B
zjWzs4d)+bKJcYH_*d0FXjEVS0sA1<ltuj}v(r?&WE4H~U0@WF}_@lH0qjZr>47Deh
zCnp1EP@0@4-e^!FD=M|3mSU!q(5h#C*ehHF95h2tDRxCI7P6J~*-V62O4V)0@AQxk
z*(!asj>5d&OoN&+TXiuN$(nZRjbHKRR;+TK?!QlC$2Cso8ryiqrz~cfJS}a7y*844
zF|~EkU-qAR+={y{=RLxCPqK+_-1r$ct(=r$&FR^({Z7xnFU_3RVX*z4P*7@7w75-r
z9FgVRkn)@n>g-d=;1csN6S@_&Jt^4Vy!dZL^mdF2EV})4P$QwclhCK*_4RXb+4)=q
zqBeM#nV$A!CAcw@`iXe_3`~BVQ$LWa9(g4n?`o^XclPRwxC{)-fX1z&th1xwXs7(v
zR_;lEAE55idam`le*}n_xze`Ysz06W86Nsb+5L1s>D(>`@zKfjyr+Eklw97@<oI4v
zAAU}u_3E+R&oCXPO||-Ir~d7mJ{)Rf_Cw2RNAc=J?LkLr;X>PX{AVspQHiaAbFJ~<
zt~pT<uZZjrLDPP;I-IDgP+{h%;Vh})YnWkXx>57gxavW@e40GbsG43KKS5<2mO2%h
zHeNVod@<74IT<<DMP1ld!?K~}U~U#tU30Md61n;^`PG!-a!Os)MLnlmseD`Qy{mM-
zq2h67e0+FXg}1AR`t7_@AXa7UrUu*Bc5yYN@|-`3qT=DJ`z_E@nX8iWV)0x9U!}#T
z3fg348@37pzS1mHL7A@1Ojb<B(|!_E%*IozO5EWpyx8f~WF=#^f>vF-Mo~pwUfrdm
zyQZp*uC4hhtoo{B<0J4NdljGQ&<`i8%Q5TP-+6hv&I*AdFQb8tm}frg#rAHC;gT3R
zTU)BW`unXG8OBrgn2v=re{Aw5tYb|rmS^nSGd4O!J8O9>?z%N@59g&Ng&EygnbVLN
zI9VA-0Vh%ZDdW16p<Y_kof$cvOzP2Qj%ceNqnA}aqBhfETORtI3)G$#Lc`0PbFE|0
z&Et*Dnc_`m$JV*=-Cl~e=ktr!iOYZf!mX;wZ5cH-JxU9u8nk?UR$)S6UvaJ;qplu7
z+P>{7KhATpk7KUfJiS7`#$(aIe`aKF%HM3qj)MNM$^ow6N15mWygh*4E%1Q=&FTdL
z<^cdI>H`U*ocZh0q0FOK;eq_k*Fkq|mXBke#EZqkHAsPs#1D{7AMoYnW(0xWVqggC
zDPqursANePheP>54uA(_YhR0doBfx1ALvSWB4>s=tKR~xe$QB~i`#<iv~r-dQpse0
zh{39msrjisj}PGa4S8qOMsI+Qw)YcqB??zy_wLR%z9YW-gT+Hb@E3s7Fg0Jdh*7%8
zp1F!$mijXu&8#l<)>l=oJ9W<=E6f!lR5NC*xiZ$Wh1~Mlw29Mc#k1}VqV{swtnyiJ
z^}c7KR&zL3uRQBpeeD%cE4hx^y<Dp$c>7Vgtw%5JF?;(*y6u;p$G5`si@Yb79w(e5
z5UJ;74#%f3L1!!^^=Z3iU#seOP?C5WP1(X;4}!mlj6(VJh0Xk`;cymzqK7+hQ+-b7
zrrg6Y%`|1peoA?UXCO333C7FKYQR1>FT4zYWa?-2E+ictEhd<8+zt%sdM$FdiZq%z
zklBOBtNF{&qbIHTww75&-3Dqc6N)Z#OULNqGiWv<&$;p@eTc_2t&erHQOHa#OXJk`
zku}VPHtymApRvzty89Q8qo79X4dm(Utd*~6-D$z_opYPkjHXq4amtquWe1n4n~&w^
zT7C*#=#+2u^1XWP&EYKSr@$%~?%KOn?b+ficb5awIyU~U!+bqgZs^8$U%fF@2QZs8
z^9#qNl={xhA(DYlA!xUv48Da^4Tk2MGgTY+M~7B6FSmsB+Ftr;jY~5J$F^luy>DWt
zaw4M2&cw&0+a<QlWl5dRu}$|+EOoI?Jgge`0NL1DD7OBgnc4T^t|(4~oajC^qI+Dw
zKXofAmxErY!)GaW^*xjLUHxO)`f)L4u*cty;&qjGjHgemz<V&aZ&)3ut1Ptjxz{H2
z)6Lr&Le<M~Db@veR&U0UyQ9i|`nBl#Y_2a!R74quK*(V`v^u*!qXS(rgKT2AJO#lE
z@!zFbpE0ouDbYeD;+oDJkfdzypqw}47+vE(q&v=nX)zzZ_DH)-J59zYuO*K=X0twh
z*z7zmy^C_KG_3d3sQMfilV$<+?#mPOKvqQMt1JnX86*uLQzn7$$AZ4)@(eQL8J3P7
zDHEwF%~gomi;SElr0rUEf3J=l=LSlKc1%2Sq!uC4W?@ZJXKE$zYFBh?bF{RFcy#`B
zYXBM)y(iG9C2VYO7XcG(-^eg`ak(^GCBLT<-_$j3S21tN&9K(ZI@0G3Npe^cUKR30
zi;W@0c}>w&L-S;&X@<MY8w>lP>GPvjd9Yf|h(uNCdF}kmtRr%b{@E^A{TvO&$J=zU
zzk1kds0ANY#m8O4zlB8_eIAAF`O0#8gSES?I+WGH^1Ntl+ubx+6g!N%jcxnc_+0tE
zH?SK$^g2ZDy}Jj`JMqN_{`=DXobkIc_7Ni&LH8Z;;!{&ZwtC=p{<&fPp1b^Hvw!C$
zogUjWiE)CVDGGDnHTQao_2vTmcv@D)3fpic^LXp{;7413<@nS`-|W}`*?x;W-qO-|
z58G~tZqA(YQwY(GU)btaywY-)&#!>6#(3AVUO6}N*Cd%W1Jjw7teljJLJR{15qFt)
zu9Ii;LpaqXsmw)YHF(Ve+44mCOfqMlX^qTmvG@ozNt;Z%kut|vovETYaVAZ+vo&!h
z$8w2%!*usTUy-+ha=p|l#pb|SD=mB?RA%6l4Q%&!bd`$fO_SJ~J&c@2zbNB+>Wz{$
ztc(P|xu?%hQXx=B!BbqAeaS5)yJ_kg29g_ju|2-W4e|5H&{avm{Gn(*v#da8PKX#U
z?B>&^U23A)C$Dt-m#OAx$Ue($N%IG#fn}p-O8Ap?U5zSCZw--WFW5mXQuZ=LqXwI>
z0V%E(qKj8L+H&v(9`(^0r(K5lqZe|Qi;a7ZncKV>c#2h<iL9`aq_BaduztP3B1}lu
zYWTbYF);$}GLY!SmE)uB&x0YcoS0Z`RJ8QgwYXR7C~B+<)7U7}*kXqQJX7IInP>``
zm`JH`&6M+jF6PFokhHFj^n7Q6nx~=Y+NiQm&5qkrMZIIF@h40gHZzfyDGHDCY{x0i
zGUw9E=Q_KXq1+3n7+%%{mk@YKM#=UCeIAG1bta~V@5#;>vshl1#~_kJHA0`KvcXJw
zWlPb6Z;sE$fc3=T#^uf2tQQu(UR8rXt@&!C-&DlyYDC@2KNq7h{P~q~O9V1Zt7Hwb
zzZ)c>k4P)k$VoK8YBC|4*+}?YBzX05G;D}?7zyr^tE3Z?BirN}Hqwi&4iaj#I%Lr@
zo)}~eS&810jPJQZ53mXkRSC6#MM_&qr0k|rts{#+^D923M>d6*EB6%&(2Cc^l-o{9
zJEmQ(W+hn1M0(gHjUqr+>{n@?`Vy8J0hgO06*E7PZRDIn_y`34fPgglVC($2<^VGJ
zBD>LC{OD(ZaP#2W`T#J1@ECwb`aseFm<-@(`VbgUp@6*gAgcXX>i}B%;8z3o3_u(J
zVhl(efMyI(5dH}50BU<+qQGu@fZPKZd!VC%4*l5C;Jp3lZ-9OX06+o==>TMb5(F61
zU`qTD=}>|LECfIX{4j$8AmJbi`dr~)jQU{Vpv(g_4A{c~?(qOf0!ZRuNbx|50$AeU
znEG(zAWi~k>EMk6-toZ21n5Trp!$U4;Gp`5>M*JPC41EMFerh?`4A{UNb*pV{ZItJ
z$N50jASruR^-$GdD*CYM(3JwP>fn|Gp7P)q0>JA4Y=JWR%x_>UfwcLMEJ0}XsMf%n
z0@UWfj`hG-AYJ`!`t0W5Uj4fBfG+{xdjK2|Z~?dd2KFF0pkw{7dmJ2qTmusJP|g8M
z`PkWjW&@n|c-jEy1EhEKcfe==iU_0HqiO@M4ZzwXZvnLp;NIEY5x+rx!T199?9rV8
zzxMmw0dRxF^&8!RaD(;*n(cAE!G6Jg3_#x@bpzE6VBev21K$pS-+{kD@CNV=nB9Q_
zK@bLFAdLrF#>1`@fGr1W%41*f>y(3Y%Hum00I~#gn}fs@K(d6G&f{qI6WUYYfW6Nn
zX$n}G1KSkfHir%EL!1HN?u(y+<m^*W_zRu^=@ek&z-||SKLs1*qvJr23D|Mqeemm@
zfqxqSzyu4}17$;y59o7X$_5bHQ^ABR<wJxDFv5f(G9ZZ#oHJmJ_G2=j%?3B^Sz~}7
z8URTLOE6$c>O)C~STNw4_H!~I&xUB&<NfoYGJs1S)J_LS?+;<XN9z}{XVeBt8?4)7
zQin(zB2tHu(x;>eqRxj&9fE2{QXQ<@r)tMi9bmPmtqx_i$E^;zG{CJ6gS7|Vf?yw*
zxx-$EXzM3ihtb+oZHKiDtEq>b+=pvNz6snN+^)yH3Ggxi-vWOf0=^^Q2I&h5+edUq
z!3)|QI=ln93MSvDTnCjKvULZ`4LRNOa0k>4PTT9-gRckI4OQDyafj6nW8af;hu#Tw
z+w0qpyCZ*N{sMg&?5c;~33}ZJena35jN3<kL-~Qq8#ujVfBSP4M!zTZ2GtvCx2N?6
z*Bgevhkr->1@ar5w~r2jAPiw3i~wCh$fhWUC5~)CXj2^IoPc*g;4>@&HjZ!~kH{oS
zHja`(=wuuanqOd!aX>6(98#SC+bH5Xjt47791rX$Oq_u1C|VQ`0GR;oC}L~Q;wXkU
zjvOPPYfgg|*1h0<^sj0R{(~4G1p;URq&ZP$aNvS53us7w1qF(X5D`k~Fa?fCzBo!q
zX^}ZfkZHa;3-XL$lLAhp7$gNEX@N0`03`)#Nr7{6z)8L|3%W^x2L<+w7^iroqXM3$
zKU$%;vOikEh&iNYWUt_qJfUW6q&y>)KuI}F4L_4|EY-ZEazw9a)x4#0$ZCE|Io3+P
zOF3GNm`gbxYd)+w@!w#!B0G8Fzk!+Z%$5RL3vA7}Ero0(Vt?jko1uN8T#H<r!LLPd
z&GG-n!Q}^?A$-8$ii*uEIK%kF#TFr#Bj*U0$)j_{bS_{zqvZ&lE`T~C>InV{^5x?>
zW9kT~EwDP{Zu7G*&^lvp3;c@m73R&)ouMyB-4yaV!*7eh&kH?4@QBLID?L$rhUOOS
z&fk{f_wds%P(NYy2-q$BdBXGI_sfqvL;gVa5!GYpM<9-79H6NV-B8E1(wC_YX=#94
z9q~*LdS*n&))$%{5?#m0(pRz$ooN8Y3k*9jNROj!Ky4jmTSwb8@Z!da>xWxMj2o6+
z$BY{Uq8X-JNA22QSjY9!m*WQW+HY{jc^N%yfPWeBUB?IC<Hrdm--~cZf*Vb`N5Kg!
zJCNswjk3o;JG93MAa+2>jV*G3$qg{Nm*$3^8+G8oBi|Fw4o+$SDce)d4qb8p%MD__
z*Uk<(-M8k(Kh>w49r+K;;g1ggh(<pob*KD+q8|!z=cF4PX$MI=VCn{%vgfSrr*<Iy
z!KxdqazND$T05}R4qDsS?8aN$_uTSl--~fa-ihuTh;fIu9h_+gwHw*IbKQ#EtjD?S
z|8r0GMY|KTd5_nP?zZRS&d2Kye<1Ys#~TBGK<u9Ji-$K>Zco-5DQ{5cjpb(4>`ucQ
zE^iF|PQ)AX7y8%V>(0a*RBvSM&cz#ecew4&#vA+>`#0Qgknd2>p1wEg^Nz<GpRXVO
zp7;xcZ$R$8?hVs7)^Diq(Dw_dZ@BKx>I<xI<o3?%3-C99??CQN?hDh8(4RjLf-JZ`
z9LoUNrBHw+0&RheOE~Qe5pIE8+mQd?>2M50BSS&y2uwzDG-C)%$xuYz1`^fb%yk4U
zL$Rv~d!|4R1Tm&W4n#AiNQm(Gb_BHpQBh>K0|D*{j02I;M2F$5XmZ}+v^PXQBz_<X
zgbaSNL<y2~X)+~ohzv==2^JzE17Ybw36Ka91!JxVGDc&t2vX(=8m6q_1ouRKBnc!5
zGNeR7MF}hka!g~m2@)p>v<$Jv3GYOqVv@9@1W;qb335<lL=EZG_>v>)#%Pqp<Kl3X
zBqT-2$#Ezm;^X4LYLb*AtH#J`G8JQ34XH{ASPe1D2~S0_3kl#2ezrszW9IizmPFd(
z2$m$Y#uRJfO$llXV#mgyE0V79He+@Ra<6gSMS+)u?;`+CakzxraRbL-9MZ9I$VCa+
zM5W>==OpGM8cwm<svj=k_{ZP5oDF?Fw)HgF7n2~L{~o^hZKnCi#r_tt|M_-v6Q!g0
zY_e_;m=b6hh~0a7Vrl90%#c<U>oY!fY5ef~NJuGJV^Y@8;AtwRq-kkcR;H7BeV~$h
zEDY^*6cP4-VqIHN8uQfPJRBHS;>%#N;v_yEsTrB6feP&WGNCSdM|F@)*~o;XDa*TP
zy<jtCH;v;G(ItzqROn<Zkgj$#169-gbu-lP>A2uHKR<u|U9XMRjnzo5FtM;W2gXjB
zn!HFM;StoqZK1HO=E@mVB$J~2rFW}zU&v%Yl~C%Wa;hXUaRHXn$Sll`Zad(ne72aB
zW^wE<?eu>bk8E5Lj!x((x%e5GnTh;cKAEDZrB(J|qO4LH@KBZg(;3xh&eA81SX7PR
zl-LQl$qz(d2Uv%)Vw19q@>|~Jh-_k`EK)Gl|6X|plAjl!oW)Bog_TA<kvyGpbb``N
zkdc_Z^;Esw&LSabYOATOm`P$G`>yxGPGh0%xf&Qe{d5$pEuk&w>bZp@5%2^$oqPF|
zmZW4G=q$@ePN|d_pOS`~mKdK)DG{r5gGxS;MsiH)dcBrpOlmeKH8=S@nI!3$jdV6j
zxjaSrhtNV+u#%*VT<Kx1>G?#w@$~pevgc%WN^&kIZD}r563H=f@t_!~LfHW}WxqsK
zQCHT}Heik4x9sRCc)8kRaqEfXTq49S`@-HC<)YANepe{|<ktZJ3&#&^EN|f6%>E1W
zzlA@1F?_bQkhZm=G-y+3fYj9gPHV4DM#fbG<l|FoAx0Hg+W<C&qoScjWxlBrsi|o-
zP_xeK&B4sY6`O*T6W1Rw<4JQrHz}GPGY_`8Hn_SdAS@r#XVK2og)3D~uSyf-`JT<S
z`ftQ+08>6NStv&>#z2}Fru?Di;C=hkfVx)|ON<oJ&(|vS<Tza@Z9|F{1;%!uwE;vb
z5$BKaKVdMmLY?>z4DE~mU_hkSN#RsUP&L<YK&76XaHpO{h8+Gsv9MZO`yUoiCkzQw
z=!+_uV3YNZpVoAeMT*{QP#7nn7|8{ITLVC9Yk_qWDmSV6D1Q{(j>#tfmPZPv_05X?
z>KE`|Twc&2h!-R?d(!RdFrZ6-;?V_m1pRU|ap1$uf(Jbg?0GZ%ukfzViWi_?xQQ{5
z6bb!Ly)e>lR3>*HSJ*LPW{hJh#byDEZY*x3rbppf1|oN#xGKn;nyiYRM}ujF_&ilS
zcB^RRy*g2@p0^+fEOP-|f_j%i?dW5gRjXp$Dxz=Ui)z?tQVrr?xDu!^5CxJ|<HSXT
zNwGq#P8MBfh8PCxWb_HvKj*w;h?Bp}EbH8GY;i#|hx(5k|1JEnv&1WK(N}JD*?Vg4
z>;zka%Fw2(%h!8Yh3b$N<$GxDbPTn$N@A1>8vI9=OwB`Qetv5xfn~Y5ig5F)l2b@D
z*W^)6G&r){_t9i^O>}eXw0T5&0YUkcUMpLs9%7ktMomV)>IY>6U4*Ht(M!4fk;!5?
zS_wAt<S><+s(npkAM%t*P37V8%F4t~gAQm9P7{UF6gJic7@K8E+eGp|4G;nSpVPib
zR%iG9Z`wirqX8E3|D^%PsK8QMLH~~iJU4=wkYRD^E9vli7>jIJ5RHy+DZ2cohC_(h
zC?8kS)7QzrGgVS8@xQCc`fZD7uw?4hhAXIsb4rZ(+YkuI&-<(OT(nNwMfxr4bVM|=
zRTj>h?0JU-1@-R{FmOP?zybaD@V8Tdf1$7g;4k;WjRbiPVvl(KE2z3XO6l(rrG(6j
zX#dU;U+$Em1ro(yK&m+Aw|f!uZqTQ?;ET?DC-`=oN%3FF$tq>g(6Y(>9JBgT<Qo?K
z;7ZzpXbQ|qUEG+nKm6qdAa^F*iyU*o6e>`<qs+#8O5AAq?Y7Mq5F->W)S9ND!o4v0
z#Yi;FL%KH0GS4h?{Yf<qs^G1;gAk;YMam<1!WbcLulvjs?RRq8X(JFSZGMKr6Y|fa
zVi%%YC*`@-)YD6;Qllw|Ij&&xqJZiz(Bg}5Xtt$=3)M0qCa*lCE1~O+qgK=&q(fMq
z39K&cQgg8il%@V$TN3h1_69!d)us3|T)Pt&(E3M1rl@uODD&3VLFOODww6QGDsoi0
zxt6_~%evR5S~iN8Tyg<_M}S&B!xQ4(e+Rs$&CpL8+{_w>VwnlLVrijG$ATI7Cny+6
zE9T~AVct%dKJ!UG^|CPdB}yvw{~Z!loolbLebe?aCL<2OiXMi-)Rmx8juH2ZNhHLY
zWy2DXiJpE~s*lnaClvxTK@nLpw_V|I6<|L@P3gnL+GLEmpQu?bZ`Q{k&F=;>x2;_6
zPA|z&nezvgV(Ig}W6y774Q=p+S>yf?dCa6Nq8g~{!uZL%V6J_r2*GXs0BXhw)?^$q
zCjg$NGw;w3W$(&2L{aye61c__yGEw{%bsUhXR&BY94(*nAenN2Czg}a<^or@nDHJB
zxYFc&ROf=$XTa~s3rtY~lHBoKG#kaALoVUR<FevbHB2I{fw>)l?t;GTa9g5Kz~6Qp
zV=I|@vl!O7v<{OWjYQ*9PTpOI{wpr`_=l%TUv$*kBsftLM-)Rtr}))}=1_E?amw=&
z7?a5dhgezV0cyIT{!p56-Ya(u;2JCTS*Ry3^LZy-v7j<h&G2HB(tQLoYXVWvl*9<g
z#Z-BcIv~+nC_9TbnjG|*E&IiD_Q4iR9vM_pci@aX>|D+4GOpH;f7s@GTHVJE5jZ&-
zN$J5j;0L<U&n@=nQ}5}O?J}=x2ttLjPMOkIpnWLUNr=9}|J$Zk4&eFJQ4pixqW+XB
z<sfFQJ?q5jbp=})Uu{3fs^eF8mX_9Rxx@=2#qgt;*C-gwA{H!D0cMX2Bih_}SniS!
zqf!;0UER)FeaC3Nrgj*{-N@RWU|?_2C1~aqlOL0`-FdrSTRI08+wTyyvg+<3CG<KX
z^k4=iosc>E*B{XmOTMCP0SH%j=(XF)2j%gE+xSk>OjikA&NCBGStal_M)ZYLlwo!J
zjeO_WaR+&P{NMJcu{fw*vRkGp^9R>52eVL!)M3oah{C9ORltI^UT854DAefsYvp}6
z@#wwwVTc|kbWk)oE2E&wB(+K;Gc!h>6m&G-2)5oFi?8eC+xi?8{{*15U}$>!EsKN5
za*W||k^xST%3LrwSwsREC}!z`2o?9xLa}xnqXI)mBB2f<aCs#_X}3^mK$eUc@KU_>
z5+N##JhK_Vaf(0FzciTG^JAE$5tmY{IA$Wb|1c1GFuQG9z&<_5HBBNn9rP2{^9W=0
zp!@4CNDv>KE+Q`Yf@jRj;cy!O1*fd+$)8YAh^F8WR759S!4XJ7Cv0ChrhzI_6S;X%
z-g2X3<>2t7{=D`2c$Dp@_pA3TQhT`>Huw67J^wVLlRL#WKej7Qgw`}5EPacx5PirD
zP@FKeI?)xA%+5y~hfQVXlVC+|lph#IZo&nAkUP_Jyp}mGCzJ4tMWolD*jvO7c47J;
zkzpl+g2W@-bPFA9DB@gFSTgoXvO}48OZgO`9`GC?8K=9DR+NoZT<u<P^(x9qCCYgj
z+t^+P-~TI8DNV0(@>0nrVR<Z#&#se?#i)v^S2lSCg%`k%o7S)NEDXJp)msT(Q5pAK
z$x~AKm%S1x7oLCc!cPPDQ<CSf(6d_VTc_i%qtrGXII}%47)iCFOSKg7MG4~dd?TKf
z^(p15y{TnkQiH2}IiHTeL`DPv827schS7%r#cFk<rLXn;H2q34@9@<x8m!8zA2j==
zxpmEcc<V0N7hRs5)re!X52m;tXs$|SO=gu2hi=yoC>RC|0LEU>cZ;4{KTl_9D_6wA
zSa)tGn_-SqW33a9I0yrZ{~XLx&CgZPRa)nlLFe!UL_H<|38?<wY#i%HTG4Z=4a%h@
zenCOnnF-GJiccrHCWLb2!mZ3apJfFfQbnCs75$%B)Li)r^6@mo_W8T~<^J?rqlBIL
z0LU@~j7M0+Tc6DzGs!tDx*N7=uh9BsTMBwsl2?YKt0Ddp?uq3vyPhsg!G;Ci36A0(
z#*=mj_u>WzrT>hJ55vM6&7eBnn0uDNx9)CW2ItAIhFva`u7y=+hAGd|v^1`4z1bzR
z;)Lr&mFeW!B#&@|+q$WPU>HZsSk}nURGOI`eh4ZTNHVuN^bajxG|TRdP{VuMX=-?t
z`mSxLI!DZaJnDL4(~ctVW+Jwo#)kfR(|F<!1TZSM$^@yEQJjl=Ix7WOfl7XhUh7JH
zQ2z>%e=&fxikH<2*=2@M>w^_9uj|^!7^c<!pJ3*&>ep)3TLJArD1bj+w2d-TjTKag
znroW}VH?uS2<|u_lS-vunKqYu<1K)#S~(Q0E2-;v;x=CH5LNJm(+&jk+FFKdGA*wX
zQQlg?1l>k$&(U8jVE#-fLCxr#xX{Sg9XVHjWcpv;5nmQVUL36E0g_f2AHc)bF3mkK
z48s2hXZILfN%W`-KelaiV%v5yv8|aHJGLjbt%-MRd*Wnb?bx>O{LiU+&wX#z{c@}N
zQ+I#q>aJC**6Qc?Y$R&#AL~S!q*JQqu_F%da9ca{n16Wwx&dVh3PND-2f^ADB%M!M
zi5H27i-J;I<HopdQe2<3f8`Pi@S`sBH;xM6euM|f-;Bi7Mh%*l``r61?+Vm%t=8T_
z8bqMBpW4+nNJ1rmf#`XC;Q-#@(HkK>9Y@_@01whj<&N<2n}U*W*FA`rqi;^AqU{rY
zZXrJ7=ukQk1%kGM#MYh-NkXO!=tY;_X1jtxq=LWH@P4P1KkGCfl?|zTE~w8fH2VMj
z66%*=MkUM9qEM5)mnZvviCO7eG;U3ya|xLMd=(MakP#G--k3+LOGoGWlGFi&udE?J
zVr$X2l@<!mTT#!DV-5Dxos7_F$);FQ5W)6U$%0)4z=HlS$2E^HELq$Yu&Z}jK|zUn
z!H+)spcJw+`+M-8KQ>!|e^Ual?l8I(z-^44ce*&$zilq%9~l0SM-3hc=fYtwZ{av7
zOY499OGS=D#k;Fd9YuUJ#ZlT4!V<X^h}A}w>TnU*x!%ub<&Bntbt{U|I3~FzN}_W#
zd?m%??Wdg>P~Q`w)MQ5WFNj3SKp*oCvAyjPaz&W1UXg#_i>pSsUf-i~s?4Q_F9@O4
zw~EE`&^VaxzSGl7+J<VqmatQt%)!nvQqs=xT{>R&PZp~c64qDsS-$&6V{O3F!%WAg
z?y|_)tF_@*_1jaHJLHYXpCi)wcZsY3**jF*Px2{|l9ve1uY^O=`A;JWy?<l8dilCY
z=}S51SIS}j{JVNqfc%|`?I-<|Na@E^S<|6%>;Ihi|K0W0sbu^0B?1!J1wUj7=*v&z
z$AmNp`1Q!2^>`$X2WEqtw!j=dOCnJ=|6|_f?a$aR#a^hF)SlXeo;*1bG;tBu%pQ9(
zzgNoF;M|fRJ>0$)SRl`AfUV5e0oaFv^=taaJ*`Kdd03;0IXSrVAmnZ>Ovxsy?3E0u
zFO|vrpFlgUK2`g^*`h!kN(lZ=v<BT6<~O!lOJHW<)xa#NiL5e5$tE7N(4QwH7<=NS
zTCGXcC%g!A{1+CyXiU89B>e1JRzL-w*90CW9i+RvNmVr33eid=$rw{#IW666GA11Z
zT#BFN1~EP!5S|R^jw*}h$eT%sXC|D9ini94oIv&>ykXu!U~x%6<rwrJp{!Z}_aqpJ
z>g|+`?-o0Lj_%e?b1a=*pnY4Qtq}6q1+B7Fs@Tt?IDuZqh4ILdN<K+LurjHkJOJl!
z&AmGDt}*q_@yqLz|4tnBaB6ij`zj-#%X&%0v^F>R@EMNtK|S~g7mCFMn$|M}mIomZ
z!0zeY2tqgQr?i5Vp(#Asgu&nc^zVODfyNz%!OcYyCPx&mC-eMCPZHXp6vJ0fR<gI8
zpgc^TRZhMZL_T#C+GG+sbcqn<8Xg%fuG6X(9Oc@8v0jhy)KJ7#eN3U1Pg&gqHIX^(
zvSo47Yy;MJet9{Ox25qrKC!tnBUL0W^(!G2ec;cSb<KS7xZ%{FJy5R6E$?}Q<@pr(
zd6dseGUK_foZXdss9MFjZaUj=<Ep#*ihJFPwN}FnOk<T*L)8}WDs%N|OdW`TEvWJ8
z`q;~DE*vVxE9rycoIe<O#OmOpxWHGo&DS+ev?bPtfaCxoMyiQKtl=f}7N)*`KbYle
z6kqm*+pI#}>=btUVRr1XKGs3P?Ua78i(}hHpWjZ&?W8d3qHyJUw7ENdHB8JC_hygv
zC)5p!H9p=spL3^&Wah(eFAq-gvx{V&?wsoBp-Q@5#y3jg+A_R)E+#Ct;X8rl$6uT4
zMrn!gqVs1Q@-tc^&Inw?DMXR}WVb^;F2N&tqoY;9X{-i_Wpk~=8!hPT`POUpzg<$J
zUN6i>yZ%P=W<~%OBLEi(Y<zQ;qs<>4yPfW<@qb;iEX334OE-DAH%6?_Zo>J(xgJ^2
zdDROqAN%kAh%bgdH=QJV0e6&Nq_Hox<-Si~yeQ>peIXl~6LmkP@-0C#-wx8{UMvxx
zqj|0oCEug|?bM_0AcMdWB!lNBpfVN3&Z2^sP@(0Pp~vfkFF&9+e?kco6BJ>xkLhI>
zEHONP5cXfCL(5=7$y_1U3Sk<MQqd(M{Ao3Xu6;n5x(ZF>?3c*{nb)$O{sz`7;CU+J
z{T2U>N2Xx_4nI2XEv17lR)(hTsSGSnzRo`w=>BeMN~E!~Au(`O6sq2EqpL>uV_X04
zCvBorfvl%;$@gdt=pq_KDJ5Y9($8=j9r3LAqVEEkv1o!^4%x?MO~<<gYDzi3%k(t7
zWSW{qYMDEORn>`Ge5o?^Gw|(A=<WKufYA8^FjpvqMaT-o=xN?ecCVT`0|Wx-m7Z$<
z7UqO*q+2}qG<c~=zGQPYjk_9(JuOo`54D_YA%1#ei}Kd6=O~9ppdh1uNW7nM-qh6%
zT?OD6+y9yc;z0-tUI|)h5l)VMYvc31$+;dz-q|YMsoEQq0f6CuDoJ>X2sr2vvz!2o
z=ez4H{^lpm6;su4B`rl$eIQcbAju8sM2&}W<$()0&os9u{UoJ&5|F*TO3V3B`Ys@O
z+s{C6tpLcEfO%1);hIUvIx7t_FZC60fEi>-gW0+f;>b50LFz+lqZ+SQh>((tuuqa6
zmMd14g{2BgX|YsTSMEo6YRaWhCrPi!8e8j5Y9^&=oKDdFN`Tj8-?2C$Wt&$q0OJG}
zy42e-sBqVn+HEPXu0=G=n>P4yuX1+SZTNEPc*r0r)4C#3C{#oqe<w+lmn=z>@%5pi
zU|=tbCRA$7MNiCkQqd|g=+vqGP~SQ!>vC0Te>T3oR%|a$-l%8Uwde5luYiU8_keL?
zx5TXn+J}GY8ukg9|M1ZKLH*SCr!y43;}gcM5o_FQ5f=%Z)Qz-wG><Hr5Rds8)`coD
zmsDYsS?si0@J;-PzQp+#GcwwNU9AhC_LkH-RZb}d+B!uci-DH<8?B+%Ba0fKGXld?
z&K27k6>|}mvbVyH>3cK1Ml-T1_1ABLC7s3M-pbMVZ(cBr70-GbkPjPBi|sO%+It#x
zB$bsMnv1QP`YDx6(3NNLnmoIj)aeOgTantRzQrUdMR}FlDuzW4??#&zZ5`!Wn~kbM
zzS;az#Vym+O5{N4&DcqFMOg-&`A8fa$$U<w?kp=irE9*F_`$yq5zdg$AE_CT1aJ@I
zHcJ(pX9%29^jSsxQ%lQP_HtQ{DnH6_O*Yd?u;b@`UD;k7HOHkng`_oqpRlrRhNuCQ
z9V&DkPBAx3|7EV8W&UoXUGh_VW8R@RMzD$Rc9QC%|6q;S&n+i5Lls`~%>iYjBDrZ+
z4scw=;Xdc#-VtzeZ@Xq4?;IkG`~lVNAf8yOpl+BhZ+K~FXjIKiX_$V~SUV$NxXqd3
zgg~}uE%d=oQy>Ht|CLhE`HGe2eMuqoq_Uao-qGo67^1NZ6!qxH*@u3m9K4tDpU>Ak
zonfBS);vW#eHe~-=sf759YaN8*UfmlcHFu^zLgE>()nuW{5&9sWSQvmDd=rQN(beo
zN0?+6c1;6IBgl_RO<jTuB~9scZN{jOGS84*TksC$k%Vq%C2|?qM&1b*T&Y4|VNLCF
ze%SdA@;XI3C#<a0*3@q@QzrjxIz{Uvb+i=h*=+MjbH4J~%X%7Vri?ivjKTdLyRA)l
zBxM2}K)!fgx#ISd>kt=Z=vl{XZG`*c%5lxuyu)+Zt)lfruKGl-*>;nTQ>SXm7T~%@
zaF@V$NbWePOFFg3F_{Z>sLU~0V>XFG0O6UC&SF;E)K63$Ix*!alC>SnEwYf6&%_n5
zX<m3TS#Gs++F06`w!xGpSV}E2k@Pj2#5<X!V?EwumN`2&-&$I#fT9I@k66-Ts;+6#
zYyYU(Ao#ibwB$fpeJNP=ma6&M|7}7PzfTOzwFEk|CSxk};2!HNGkvL1qGlNB=MB`)
zO`J2X_U3auMpLF0h;_T0342I!yD}l}#;v7~xEh(5*s&(`-Zcv0_5I8x)SB4|xklR9
zNhLUv9CgP|Ba2S4R!y0e%A>VEh;|40_6pgnX<8<MRYz;~FM##(F_qH9fZOv*SAhFZ
zAE#iUXS;o9#Eh|5Nt2Y)(Tg*<xA(2bmr+WFlShiQZkq<bH3Xjl!?$}A#W@R^CALw|
z_~Jccnex22CRQ1}ddj7<NOQidY~m?x-l6(q@IJ<XXk9iWjy=SUa~<Qu6|~C?HMqrk
zzu)F>)LjS;fynDDe2pIFG{<Z&R_s+|z*EJI%Z=5kcGr9kp2bX`!S;rc_CFVsveHHe
zfGK%0S8#RiRn5nFcdO*H>J`n!0Zq-r+btLD(KZ@qXY7K?$y|=b+`En3Nq5?#V7JjH
z=TTDE_^p%aza3GQm)!L_LGfDv?I#zO3J(_I%dKMPD|)xOTDNq%4OhMPBfGH1V{mz_
zyo}Yn43B?0VEp%ETc6d1+Tw_>NlLu^dZY)PADeYqg`;|Be7ys%<YSG8P1g1bD#M&J
zTiki{#)(gtLmHfDO4*o7t!VI3lHyFJ+0rXU7!?1AVELvxN`5z*;CPA<s9G=i99gnF
zxF}k$q2a|LY7{l^Kpku9M;Y`t9&{;uDn|&?;U5xKw4tw_QOnIk*~h<uJZifZyLZ03
zu8>}uBm>ztrvXoidvDz$59|KqOffjh$%(zGSK`sd52e)e((}>_G;?LMWr@8U`BK??
zZ%oe;YwByR-jw|L%q1RW9$zXx)&#hFpHDaKX_*xjtJ!|r)>(dfDGlKoSp1L8$hwuu
z)Cv|N`?4*wyZ_dqzd4U3{h~yOh~v@^Jr|hU$*Y?98}s$mlfOCR*-h&8>Gx%D6|W7B
zElRD5yaD9^?h$C+hX}%+#}`8ygWw}WZ3-ke31CIa*;?9}@2>%Iv!ZUmUqVFpVS?m<
zl{I?Z5c>UfXk|5GiR&Fn1gGH8qTTD>DpZ`P@<BK)ni+OB3i>L12%8aE1v0E)609vX
za${=*6570NHI$+Kkn2Cd=b<pFw>N1)$;VF*4IrVfQPO=GG6{5eb<DEig5DS(EzkFq
zmhCtD51)^KRV6zC_=ea>R*aZxKTPM*V^)|>rXj+;kQ2Msp!=cwANnG}pA)xicpUd{
zhiot$D44dbZf@s9@c+8H5n&q~$R?ymD{u7QiW0-+MyuU**!cl57a7DEzLO3S2Sre>
zV6L;K^}IoRt38@z3d4Mg#D~Fy;?Bsf#eUg9Cd?M4UA{x=L-#kFn+o%Yf6-3}AlRo!
z3oL&hm=4&egJS|1yXX#(0}l+-1YGc9DJ;&u@aV~q9Pb!5bj==KBGB}L0iuCi5@N2;
z)1+wAB>{{IVj(CK;M4DG0uCHArPYD2hR}lidA<}hC5n@<2ShlB0)YDvEd_orK;nfW
z0<3_|ets=KJ;tYeMfXt`d`9fXFMYm=CQBU25Ps={gs$tmF9Ph(UeO}$Szc?&D!LDf
zsYz>|#rL({Tb_Klj!{nij~}-R;tlJs9JJ5ozQ=35ih)=_36K9m$V7<Jyc#cZAgoT3
z_`jY_L$o1x7X<I@PJ9`!5<bSLR)N|6HkWbT-32wxxFMw`_@2iRJ#j4$3n2V!J0JBg
z!Y-swNTX(k6OTS0kRNcoFu(ZXo#}b2Fspc&C>RK+$yr$%w*|!JoXw6V^2en)GnKUd
z+%;0A9mBnKrQ5NAMhzA(_`G;{OMkqL)pBg|92LbZSb3b!1)~;UD9l9hBeY*vD6j-*
z3LwizEPcvMNh>^Z)6LYH;)=f&e26stY|_sUR9?eABRD3~I8v>w6J0JKR1J~HmtMce
zJjTB->Xz$`5Ef^e#f`v-)v~c(fu?C$w&uxzZzQg4EUDow?#8c}@?L?<HbspXiFrIA
zaSD{sm9AvhOMxAfxX`=h<;92#A6<XgYij`rPSq05gdO$MUyFC@bwL=x*9B{@bM3|g
z{5%=Dkf%dD20G7wUHi8|34@Wk9rxKl)`qKmsRkILyw??oWXiB(CA(o$st<<s^p&rR
zDsebDQXM{BWUN?B2B&8zse#&yO&<NO`<%{0`3ve`LA_vb0nmzZLwSFOtx|&WIr`sd
z$fCf{pAi^4kSt(=5(k|coItChbf55?b}(?7kojX|UgW=h5n(}vrY|OY5DabW2S7s9
zrD+(I(4f*)5Ff^SIc--FLsv7Dh!-)|JVHgC*k(vU;enG4_NO|S8`CyI56r-6gb9A^
z?B$Q&cH|mwODA^S*g1vZ>kRnJbfUZg3%}IO$>LIBwBdIol6NA=r}?aJ3J5$h<9sk8
za(iJrJ&?J%aI$?S+8-%uUFjdOaAxqscxHx3P)3ae<#_j{bVwrWdP4)2aB(LF?Sq{c
z>UR852kk{p<`Ds=Xt`FdITSRzTg#w>Fi#Wwyv<-9B^Noti<G=GH?vCh&!4`}SI>Qf
z&-JFynWF|hAE%7h9*<p@8>oHT4}+xUJ7?*8`Tl_5-KcZ+U=IrNl+!ie!3xWog;dY-
zqo<tukSO(u8nj1CzKC;iau{KXp%{wld?{J~!|J@f$vWr9drB#gEKd8xJ9|13a-ocn
zSX(@ZiK@o`^!w&{!&9)rprH5wy7(88cnk-*7q{sqCIhphNGGp#QXVM<ah-Fj5x{+%
z;yqD{H(!wsPx*IssiZdg3=z3QEiI0U$3^bxsn4Rj3Gi%auXbUt!c@NUS^K*dmu*xY
z=K<E-bLz2oEFCKKYicsV=I^knk~FN{N{*o^g{U`?gbIVK=o5jSsxfESaf!~Pwws}N
zF{<x;a<)a?DuuIrSWoyVBo8J3X0fYcB|e%ZI4Z9Nt!{kj4I8oS1F1;~3gOw~Bu8T@
zxfWd6{^fx^U%ZPKWTh3Ew~m}%O8o6+1bo(LFMaSl^YTALncb<9EAMD~iR5d!60eRD
zds*q4wl~V2JKe`i4oALgcNNoEsfOm#e}rL8S<A<dBQ+<lms_pbFx5Oc{CUu;RHrYs
zr7nFST(l=Jx8<&Bj|5ntUL=va`(n5c+5RX(bsr`<4Nr`DV~c@QIHBPu1}&_1RxEB-
zv=g1?GgRRA%zF&Y|ABAX+S1B^Cwi?Ev_kb*3#8@r<FfxtV)YZdv34Xj8)VfZx2`ST
znW`j!q4M@dUgJg8tuskbpL)qNj_^||as7ta;l=8;#Q$ED%TJNUuME?C%DMHO&EXJ<
z;oK;HRS}=EA%;!nw5;tECav8$H6}+bhs_nQa*t>a?XcrvvfUVeGX_aGXooG{HD$(S
zZKCUw=Poua@guFiOu$^5zF53Ji^ZZ=U>d6nIB@Zn*t{eB?{}jzn)E0IEALqI$G2?Q
zh(_A*20zSINP<iyg2M-@!zvlZa&$%>ZHBIUm2>^GmGY0(tGq^kdz08@;Nby~JAt=B
zp$qegw|2a`MzeZAs=BhZ8qq69E_aolXEjum!B<T9N($Rr6@Szb>+DQ^X^L(syXyUH
zYlC^S{a3WXJlrEXiqAIGW5v&N{h;&Fn&2BUkDDJ3TC@&w2<0>Iaf}grGW$qbGr8<J
zJo~Ii5^30l7KAKuBWLXyh~X}mzuT!Ov=b@1pl^MSpPR^ftT3Nem@b9bTZeM>8>8N;
z|NNqBi8J<y{fbBkV9mho%Hesyt2@)&N-)_vhnl-s(DJ1HRs-j~wU3%T@zd8@>fSU>
zR3O4*F~oyeYTiB32}`9di6y5+h3waED*$~q8cHv!;D{h`j_TZ9&8dIk*FJ|4XZSyQ
zgVu}~d&34tkP*!nTRvR~U8n*rRr}ZNu2gz=7-mB#B`JJ4GH%(@*zw-5oSd1fvGca%
z&5GlIhuFX<J_VA|P!{!$W%QJx<bi(m*mSEb;|vv0RKrasr5xL^EYd-Hy!@s*a<Eq~
zF<vpbBwZfxfcEyq%x#GKgp3|9#Hc1UM*0>VT~)GD{#`7kZA7LknL@Zl(cnvMPKM0T
zN3uhP8UJ0j2!g5~C#qDO4U%E7Hywdn_O@3?&0vk;t~Mbmn5q;y2~(X)+d+<CA*Bpi
zzCe|Gh9a8p8zOSjcWYTAqy#gD(qLtF@8(+_mJ^&zY|Ayc_B*B3*yRQu^%B<}`DGee
zk8Sm-4n`4d+U++f?sp&~7E82T617NbFCmS`CzZa)pI@hca5Vkf2M$uY3gub^WdJsX
z)u1l^Z#ozFg)3Nfk%nbDv)`=m)1KxhsCC+B?2v`0f4w{Z#(tPM`*Y1A|HXA1&2xa9
zdFui7(u$zu64mhBz|NtnyP(bH9b4pDZ3beJItLpL{>JdfnqiZ}AcZ4ePc8LQBbTF!
zp!M6}*LUU15`!lFO!~j_t(6f*YNJo;9`RaYe1AHf|HOM}><4|bjO|b^`XN}6RoPU;
zlvU!-s=kR(HUCzTW~XI|saZ<TACPDDVmoyWnPrUq!@sKXpfZb~S}VP(lhBP6(cSvT
zhR=h`@?s~)Yh_)HR=SebGWT!N&<;}NMFXd0B$dV@V|HZ`-tiB!=r`_4nzHgTTJ1ZA
z5mD-6Ld!K_oSH)M34}$B9nQM^pVP}WBmjU2*B`WH5D8%H*W<jo{R`H`qrlp>`le6+
zC8c!-tuPz69|uX%nU}9nlS=1J@}pY_z$dfCpr$*ef`OR}nrQij<KcwzzA^83f8DK2
z)(~Xb*l+iW;}H3aJ5-R%b9!#`VLn;6qx|Y#HOACFQ1~lo3&UbqFv~pSZWh=nxqV<P
z^wc1H94S0t!!}-x*8*e=B1AsL*NTD89NBl-^X>>Tw!OY*4?Sm{+O{?zJ!QKLt9Wg+
zb*!Y9a6ES&KW5^7G&YY3QmjxHdWlwa(4K<y$S?=r>t!2RmZGuFl<VquRsL-)8`DlV
z*L9Qa)&DJ-d4+S{=C(h3z{+PwPq2=S>C+5xZia$|{bSY4+ig(8Z}x9NLynil_`Z)+
zFA%Ga`{{F3&?%QM4fNn0KMFEKwakU}N|DiyefggCa<6%J;eYrv+I@t2XA^VF`}T)&
zeX-ar%Cfqb`kiN@L~Ej`Vry|&i&0=n_h#$tNbX{9&Sffzrrxf{oSwvlFWmlZd1*%F
zGe7@bMC2vF|Mu&B|LbM^>+4~>E|-W9A02mYm0=!(*!=NvQJ??C^F&B!D)BWEFQ2Y^
zbyQ&B{A`EV_7cn9FJ^vyi)4Mm+{f9D1^IS>><aO=w!rb%1(%o+`aN`gH}P1usSi_v
zHiQ?Y-BrkiCa@d2g{RNT|L-&RazLwZ=k`UegR56WznZH6|N7x6ii}6w>ft^L<~owy
zokN5@`b1H9b2~QMw;$?5Mcg42my%Pqt~9&yf0MaI)^Z{{(3}gV0=Vy1eIq<k+;gVv
zx%0_!B#^>aCajo;w7Iq2bt(syBU4o=b(QWn#UuUDo(iVL3`4xj23aDt?UcprgLQ_i
z5>PzIrbYcs@1S;J{vvXdlHrIVn{>X%`N&*u0QN4HHvx++(Jh<oF8yO400U;1`s3!c
zTC8r>w{=MejP|iOh4VJi^#k_}gV7pto+W@W;42X$M9zN5V&9x5#pL_G==t{oS8`Ta
zg!@eReP~FI5wPr{Kxn4E<S?>X1Pp~BRKxyGT=Y1pkYUumth`xJ068|vDL*d4V??c>
z#28EHbX37Sgy)lB=o&E`b{(jpaAn_iMa0M)lK?m&V2WsE&Oiu^z*<4vbRu-v8|fXO
zw%Yk#;dx@Tu^!@SMR}QxFTzUVm=Q{P5qsqa6_6dxGP=uRKgg5s{>nR2u{CpYf?UoK
zo%<#gAd`8CM4!VXl+$h*>L3LrPaGtY54s6QYt2K`6^C1u%vgv3mLU`Zh{$OZRTGs~
zh%X3Ohuz=JmX-NxO${So5o@>GB)2ss$6+bRV>4W$+gzBO&5d_^-i8j(=%`wF#<{|t
zNmMGelOK7KrroGF$H}uB$4#(xoult>NZD;MUY=R@7cs}E>Gy}J_Zfv=+G$_5sBX&z
z_8WENoiM{lMNg~>f5)lOnOC%#{aI{InYp5S!mOC<uIQaALdlj^3am(_I^~CKt_|ua
zjq+wq#4#y^_M8=GuwAR*oU>e;qHh|IT+8oiLiBRmCJT)kJTBfn?iTLE50FT(FYm2#
zADr|s7qX;FWA7Nl8*)Utvw=Bckv^m!na+$UQ5-q-P~4(~TGT3&A;%;cw6n9^(V49B
zpTvc(el}RzP^-3K{COd^G|sq`rm>W_Wk(x%0oAAn3p_0Y8ckUnY6DR>O}E{wwC$~M
z|L}Gr@FtlO86#PX8c%mhX|-jb)lMi)Z~AZCLR?-vZG3QE8l!jhaCjxVdVR)w_Re~Z
z?xJ5FlD|{#EJDFS>G@AU26f1ZDq;L>Av0KKd3MphHmNMIt6;Utb$UVAxlSF(6CMb4
z9N@7)FYdgC(0ra%dA`D*+rgXLxhd*im&BcrY)2i2tU~Aaz#vQ-_Ji9k(zrRHxp{=#
zb;*_V*E7>&g!g5J-=<x4CMxudEb$N9$5WEO{MIg@^XG#iEKNRdu0(eRy-a-mUGSuu
za^8()b=E>xgH~6z*{%kvkWsaTQLjZniQ78AYgC^vm+a{=ac^*cK>ap?G4w8azpm<l
zN19GLP9xNk!I$nAyvD&jBpl>kDy9en?oeeQ*}<ELhGh6{ixJleyf}ej^Y82*uDMzI
zHCnY=emUhd-Kxg;)zc~(JQ$1Cu7684re>W&>8xYRbuhInP5=^j4I1idRqbC=>Yd{1
zBQ96HSmcE(er@SK@rIX|J8P$gYsfOq0o=B($!<N!{3lSkVrAxOr-qKl4$Y_F-L)@)
zm)`@o_A7bNAN*6j0g1v+wLu!u1?O>SSe77WwhY3UcdAea!q`O3kp!pWQCLi-!Dp$T
zzWCMyxm?I^HZHW8uWy-M(;1->ic0H>uqqj~JlO~)>IaN>&mV`%N{4~5hd|TA=$*q>
z*U3fv!)}DTDW0^sK+B+M_8Z{v6X`_XXW9iNnwBsSE0KxNwWgy|wa({#(*W;wqzLs3
z@_!hi{}5M;@5wSO24G+-k^e8`%Ku4R{WrPte<7|eK0I_Vr*MU1W+pGgLkVP$!NtkY
zynj=)s4_*uK%HY$n)Ji1=z~?X=%4{%B&F<DI;F9EqE-YRYt@E~wl+nvM7FQ4o<2W}
zmiOFiH`}jVrzg+P`K?zY*2_m9*bdA5XsODr%3u%%N2o_><1!Pnh|@BX;lM<v)9&(i
z@5|#}cmN;gzN?89Rk4a_1KubatKwX^Y+ka*kweO|-$Y%sHLl{E{n&J^6^R1>ipSuG
zM)8|IsCnLjiBr*J_+7vDwDH5FkD~u740YipCsf>{!AuI`bS5ZFo6VrKDZ=Owm$p7!
zkP36VVdQVkU^bjq)jDy}X8VhcG%RnZTEVbUy>3v<P`hltbh1>poN7OxYB#Hyzo^Z9
zj7a!EU4EZweJ@4(aNvQQm5rR)igZefPv=PRo0Q;J4<UUo-nf1&Rd3AS?HI}YSY~i5
z)_zXu$s0E->=8u^*7#F=+AIzhd;*px_VAIBExSD%N^>7XElu3Cdeoo31>=w`T0jv*
zfRz_4uzPSNN=P@oqtTRgy@%n<k5|AWWwk|;<1Nvuo!)8=qcLpUD$0Da+jSCGnM)<d
z0zkh&6vxv_YE2@vx_c}b4U5QFd8k9c(m-Tvny7DvZ(s$Ft4~9+(^pLNCb5JH(4{2-
z3U_R-`P4lO<Sy+!trK<s-18f@+F>H}9H+VIi2bn7-l%GsQ?cLTSwHLnHV0S``pzsp
zXWB2q3S7kl=6(q5wYFRtuabP&`J5zg4zP5g^?U$OW<ssMW~Y1B`g@`#6kHDMJ)A|i
zP=x)vXjF{S0-yRfgO*ndJ0d7gPiL_}3E0PI3&T66Kn|AmlaRj^rq!;KlGe#{%BZe6
zjaG<eWqdsQ2%gEgxKnPQtePMWiNHfd;W0zSLxe1x&QL7)TY2bpMCfRo_92bVSB(yh
zI)IddVS`p1r)FCgqlZ`9Tyx=)`<&i#2~+JNSFLWgp$L)t5wR;O-)@|8r#7jJkLPsv
zNvO{f{ZmFGN!J947mtuxZF_*KSBAkgT>GWk<}UW_$lVSs%l%g4YpV4i;tXodfN!`H
zn9?y=SRwxam-m2q2Ab=`>dvLBE~s&(pZ4!K?fS?Y`f|kZox{%Cp~s^w`YZqQD+=7T
z*WdB<gQHHXwy)w)FuUJh_5GhecRw1FA$<4V?=T_74{~**`QN5d?JADD+Nxb|Z>Luk
z`0I4hhbmG2)FLAouD>J}-5qd=jaPN@6P>x7t7<PL)~;Osv*tRg`DUrVoIJKiH*tH<
z^WLik9t%1LKQ1BjJhtU94`!tl+@u89)bPm7DCe*TN#gyVR&FFhKd^|8!k*#9)0~3q
zR>DB<30QBS(KvFxB33}_?5J3wfP{ny0NE7@G5Ufu?g_aQ13hg)zz$%svM0QAo`~K!
zDlMoS6-kU;&%rdnLb?0gmZwnmI5hesC|q1_tUQw<CuD8?5R<z!!PdKco@7)XCM5F5
zyWaW{f#FoMvHD3_>WblC`<d?Co3lIVW6;>%I_1ZsH1jG!)YUJ=RUF+$4t5#r;U1h+
zSH5rOzT5FiYW289RwCy|9vqd2a=j@6YTB1igQSudUCS)zGG7e6udNVloy`G%jy@ZE
zAM0M2l^4;|PkwzkI}>5xLLp_$y7y^rgYV?RRzHyTp%MYBeC))oz-x+D4E@Ys3hSNG
z>oJ4P2j7M;qi!lF_w*u$F684-NlBilxN6yKP5M)UoEKn}$MD+#yL}`0AxqQv7Fj$t
z;x~P?jWA)jNEGrgFSsZUnn+RlJfXc-PJ4g)RhCfMYVf}U?dbxJX4_&V2wIVBYe*Xa
zcdB2=g9C&SrFle4l?2nhg4H+gzy^-Nyc~j-v-!y8I_V5yBIk#T$ZJ|k8bMOEM;po0
zpK^jq4f@94#}ar=li=twe>1dO<>}bay;!8St@F-B<>EP}$(mC$AJAm-Q7bjc`JN_V
znWlRNr(?0mzEUa1p~`xnCN)jd^7RRwWEsypT%|;Hf3JN|(8bNfK+j8B60x-1)>s4m
zb-$^=ge}1tDH)L|mqsGyb9Px<aHgDUkd{`I?c{c*V)EIaAI3+w#J5G{$dR94o>J;<
zAq&yU>GAO&8G4<wI+MX(ie2mW`n%v>ENqYGZuWMJ86gdOPSox8bUa{K>~V$PefhdF
zfM_nfNznN=uT#!ozE>ApYDm&~KhaitH8Q6+TG~C`^=N9)x9*I&9e-v^<~KsHt*+f6
zBcnG&<XFqX#6xh!IQGqBf`5F5V0_|qKgaSiqd718PFK*>#CLl9H~ciDOP-W6YkV%N
z?fH=PYO=RHZDxE{oAu<-t#fh?t>P<VHmA#cNiqjbs!Hy?-EE0bdvflwQf`ygj~Qh3
zWrnh>y4>4#?;mp`Cx^%jKHSRdu1;%>lnd^UDxLmzuVcvz(bFmc059noj)kY+|4Ku$
zjr^U%?~*eq^Jf?X1YBpbGn0*`-`~BL8n@Z`Q*zl8pm!S(40Su=6bonxC1;2&(ilv}
zdstngnOuGF5A`yRmiUjb*AM-jCkZX`X@S#1mdWYUQ;10Uxm#Rc(qrd+(=W|JRtuez
zmy3QaVI{L>CSo_&!AJGbA>ml(u`JK*ZJ@uCMJ$-V=F72j|9nHpG0;d<cQgO4b}^6f
zI*=rG_bZ=;`J}l(QdN!JOKLp!biQw~^!`s$ca=O-TI%B(NBQ$?&e7Y^`6i$B>?L2&
z+hGnrJInQ-F0ti9UCya>A8VtVDX*EUnW}E#E9pCk*Ei@BCPbKSeX{4ag6F$|t+HFc
z*IQg^L?)$uLY>>}$uN9wL}OmY(<ws>+aBQ1j~(IZ0r^fTW}|3)<><0D#x+pSF-^c6
zVt<j}R<xln?$e`j&Yb1V35c3GD4L;@<&&VvQ@)it=DC3$@{f1)1S4!ZavVJa{`VG^
za^LIY((=*t&JvcINrP8+4X>m6gBbh+7Mj%bv2Tp!X;;}sd2FTcKermP_0t}VI_(BW
zEYlVz%KkE+b=m5UgdfD%PjCPjNxR(JC#DamebNFnYn}L7-tP+!QX|r@1Uia5_HL2m
zwH|t!UA8w<S+cZsw+s$ktPhrHtCV|nFXkJ*?X6bUooc4CXkYmBoDRP&viR4LyxTtX
zkX9-5)LwqLKBPDz80ugT)e>0h9{kYL{9)9*UFjXEzKEZF`aS)Jc0{G)#;I`2qSiE*
zb<q#$hw2xaTHU2`s{l_W+umlaiZkh01MRG?+L_<(Z=<z7nQhZt=DC*{?%N1IWR#2p
z80xrfv}!J!)`U5J*8Jj5(Q^2$-(#xbWvDt8u3vTPR&{EiZTH*)Xw+OdEMUm)so>u1
z09L5%l~t5;FXnE#9S)UQ^6)Ght_wa)AL>8xq#JE^eQn{0exREXBf%D-(3C>9GbbFY
zc7=iuxfPg*mvL$6iMG?H;E7dWV`cVP5hSdMVS`g2s><TP3BR;J4;xUO|EhpswY664
zmrx8)T!MxlPp^|TSVc^aptMynKo7#olf4K}sSoAN0zD2clC;Sy!U>qNizq7gSW}x1
zfQjcyV!97zHM)iFx%ELQW>ySN&Lv8M<_-8g%Hq7a4T)-tljg$0+PY8;^%S)y3#+{6
z4qR_uU)uCy7>e<dTwrv@(3tzPaar3e_t%NY<Cd}O%ztBdY;c9z6fif2|0XS4@6yz6
z5o`6wEYzv1TB(MWp0}XqykYZ8{GOkwm`pTx#66Ey{IK}V@4(9s{$&>sP9suk9ME5|
zH6UthTfn-Eeu&3TN-*X?z`4D=v&99q<i;Gq+*HJ2J=d>IDHWY~oSf)ZmiUa=?ayqe
zHLy`O6H~_KitlDi-zXok)fM>CH^#g2cV#8if4mQ`AqKMs1o`uM3!@T;{d_9c)gCWl
z@VaFYS`%sUo0c2c#8!Ht!4&(Wx!eVMdKE*psnBu%+EQxjy6&=YWT{@cKo6||PYf~f
z<YBGlplVBrmP*SEBmdN-@G2vZgrjef?zJq(u&K}kcz5wW;kHd<ai-Pjhj;o&7NoUb
znP~o532J$k;{;oLo<&}^eID<yf!B9qfPo1AHic*S3uGqrU55WIBjP3g$G;?=W*E-i
z(J2cfa4gr{xdK8{v&jBH)_+yBgq_vM^2NWsv|+sAM`_T0$KtbI6{uNjWD#Z#f#J#>
zh8^{<?>1VSKJ8`w<Cg8UNvHe0k@7u!+y|S)jd|RSvud3+o!_6JWj0Spj-K$pj>y}_
z^-(>2UIF9bZzC{9+!)OSY$7Wfn=S2bGjL5Sj9uo%kCqT3Gz+80epQAPFJ&*o4m&=b
zpc%lTRYpm&Um87*z1g|Bt??8acRg_1!JNo`B-(lRhUk2|@q%>iPP{EcaO^pVIPK^N
zZEySybYbGS7wD^0xj`fnNlaKog!{mz`**_GM<h8MUDSR^n}eJHB@0=1%U_vB?)_r$
z*(*f1i(DDVP({DaXOXh-Sg(v)Iz3{TLomX(9?_U=1wZR{R3-=*Qw);pA+v}pDAWP|
z7EM@*&ef#)eL7Y9i~FF)%}eJpsddsadxg4U{@@sF;U+{eWX~XZsk7*tc0R#E$zp9+
zbD5@up~&A(ZaaXXhIPm9rGJ~<3*p@kh{>BR)a{lR9zS_4a0ExrzlZBScs)hXZr)9|
zIV$k1`>%c2q_xlZskn_6pOm$a+s8+=PKMBCv*eiM-EX+gNvP!0=0zn7Dv|hD`Gp!_
zvalf{P)=pPWd+y-DVihh3D%un8R;4`&eGO}xhSMHKe4G_Ss-48A$Cbjbywl&(xmBo
zv)sTR_=q%6ZksZ}t~{HdKyi%Rb_WMCFtWV8h9mgJYQHo+>qynz*~8Z(TwIP~yu5_#
z+OJ!rcJ@2U825ss`@eM8j4Z!cKGkz?T?TlCeq|MYu7*_apnMGvR);+49F;>`C_w0p
zgZFoS=qEuGd7$s1qPItklgjfSsGM+`n9)Yqou%F6iqksd<n2)9AsKMcvNn;ic4j2!
zlV%tUc-5VDdFmeR-%j@^@W$h~lc<`S`!3SdkB_wSk9kNPO;m+|Ql|y9pz*hXx?OC?
zD{BS&YXxD;A>zxhnwu0Fly)Q=v~gQ4d@VK6gJ}g%9wE%j>o6iGr#@W_fToFq!ImwR
z&L+;4xB%PEJ-1~pT02}Gz?9z>*Bj%*9*XZa)0b5%v4`Duz;T*iRra@4<xI13`G)n!
zMTe=0OMxx7fa}t?-Q`UYv<<4EhmX0vTSxTZjoB+95{Wsx@G<ngX__{^HoAxrLkqhZ
zj(z_ogspLuI4;y_bC|bGXqJYCZ3hRDb?TB4a;iyss)<Q|coC}j33Cs4p-a-NUCdKl
zypAzu&T4g=X2iNOm6ho{)5gI8GbmGkbkpb@VlxN|vxNZ>c?zOr;sI$%pgK`Qhk!4Y
z@rbMUNZi%<*%Ic=WhRvi61)c|{E3&P)l8OcoWHs^N&X^Y)XRCp7Cm-%I^*fZLNAYx
z+*OX{yOhN1U%PY6mKGIdrhvyRVR}M0Nldq-@SD2xNTl_RBWJ&o@mb-~R_WWMoOcvy
z?ow%g*{BV#6?&=FR{w_SBv)nBQ9gT8%wdPqx91}Dhm{^}jcFQPH9nrAfm-Rs4ZsMC
zOzB3<kBt4C^gW`t-^MzwB9EKDBUY#BpWbdPAd>N?<HyrqJw9$wKm5uB0(`ecN+eYc
z=`so^nFGy)nd9iuuuOJKq?m;f4d5n@o2!qV8jq`An9IuM8Vu6A<oWyK<*<hszr|;Q
z<d2v<Z0||>o?>j>U3Jgc0-Zc;E1hEzW07%(vjBwGPE&y+B=ueHz*U^e@$WW!YfaQG
znna_dptTj2X-@7-xnTVtMfw}po)q+3*757G)Gw_rWNiKg0deb(gEuw0kmdv%AJ)he
zWvE^J&Y)0w$f|f0#tiQ39r`D!*vks9kat8FYGRN41Od9PNFyypV}0>$|D|r{9h1)-
zvDiCUKVA--i?06TUou25kV6gqomeEF3^1))$UB?VU*CPs*Z5ObSS>Ef$d!162zXGu
zR?clZ{C<CJ6<T(N(`=Id=x{v_{m3Kzn}_Te{$`91co=ZnO*(pP9n{MXFE@JH-M(k<
z=I;V6U0*O6vE@r&lOj9XlWbi(KPSV&IYsb%+`e9KR^41gE<M3_IT~qiQ=u`5<H)zY
zGLUz1nO;1F!W)MUm4`Nv4%l_DrX)atFbJ?-=P`uIquLZbS6S!AH9QA+*@CIxEe<ax
z9!Fv@^Vg^^52<kUyah68Ya4GIc4!v5k{9@?VV}K39^?VHD$GdMblPPlVQc_6-?T@0
zU4o?DvmCP}4$Iiqx{&gj@}P>a`U*%vUt7rU3osmd{3m8XF*4viKRZfFV-@xJ|9IH`
z(Azn7Q)_k*73%>0VQHsrKZ^0?XV_$%VeyydUs`wk$7Pw?zFvCyhlQOe9F_6>+)A|R
z*awGzVhx0Zm<>cJfD|e~RRlu>2GO%Z9`-@#Kromf^Y+24KnV0fKL)}Q1yX__X+cO(
zeb8+XJRlUoK-y~vaS*a^Aj>u6CmEO<L{I?-9E72$_AIg+tWY2vR0tXx!hk4mB$$vG
z%PiqNcwzxdB*cek02$0284MCwJsHYSNRSB{9#VK<p$Q%yigX|p8F&;KJXHu*0>XTs
zYyt{<9~~<}47j-%4IXTXiQpK-DjBRI7-l~eE50JQdOs&C@g&$kgozBYoeXt9WVHYc
zE0{tRNnVsb1M)D~%S2cQY~O@j2MQ;Ix&Vn0`k(+pBiPb}PX}BpSkr_{HSn7%@=_oH
z5T_dQOpIv-?6glB2yX|Y->0RD+7fhO0=oha2--A3T|xZ+P^Cc-oN91!0XPxls2C+L
zxN@*Mh?5s`I@lE?*apT7f!zj`)o1AhZ2-O8=l)Ltf@<xvcY@u3{wFBSB9R0}fY3dW
z@&e02_?{?6f$1P@Pvot@RuHjj$P)<C2Aouk;TcLegayR#4AT=r3Zi|6_Ll%7mqZKU
zr6NN<73H`1525t%A3sSt0sfz#WFf}=--ME=f(>*HIqaIKz71^qEXi#Fq+6)(KRl@r
ztV2}$80Np+BqLS0?n2c2F#lOnm_B7zG(fl*5b+$Lv;PtZi`8#}2O(jK_YX`0(w;;6
z3<|SiJcg+ONzYM-|AQxiv*L{Od-9^81c&UP@nWHb`~#XYz^GZ#Y5FZPAk<9>h~O7Y
zVThn*2HBh#CqwrNu;L<gSqTsO;GHOPplAo_oxbJ3ln>%N(d0l|vf>{0`|=Xv^oi?0
zMVrDihPi?acu}V#5DSQyL!&`vZBS|br9dLBKKV8z<_HFmd>cY-ID!sz)eeCU<nn;K
zlTdXSp$YMS5lc>p8wh7R+-<~{fdV_sZG`_!r5)imQj$Q}9db`Rk|23cEbcz@YhJs5
zgpHghLSDEvNY@kPU(Y#6>UVIu31$~kU0>BTK^KZ+U-m!63i+z9^O~d!HT!=9l!QZO
zb`YO2dV=eA2%m9!LVi4x_y;mwQ`&{)gRK9(p|EX`$1~(-XfMd|zZfMr8K@$1Vo4dK
zlIZ&cVRq5*F*vqFHg++_A?dO)q)bXgi>T@Zu3a)hi|BJS+*L{v7ty%L_?!d|3^LsP
zUmFPmx1xDti13L#w_-hGs4vA}f8n8vrs?3^#SGPW{t`ckQeef1tI{Dz?9f3xNOr3_
z{)Lq)>Y+n;koZW%lPbpJ1RE~m#fpb160>0?2o5hYwc#ZQ!bpIkE}}|_`L6m+UV>7M
z|Bq<#tPLkjtW>5AQBu(j9inA15hu8kWb*7kl1WKwVb+Zka!Rr>0qLMfFeToq7(yfR
zzd0ovl&t8(!WSFxq~b6ebiJ6g0`?}X)M5mUsI<ZZ8)&^Kt-?jwph{IPy^tTXdQB)b
zGR-!Sl@f$=G)?&SV)|-AYvC=$#5S~RVSr*G8<w?*$70B1GX7AMVoKSlxFQ%gBx0G^
zV<`S8<-&zyB>w2>!n<RLj!2DTj346ZbJ%X!h7!wj$ZnXM;;nPUZn&EgPih?Afh0vT
z$86rgc}3R8eBMDuMcT()-XU8>9<s4p#i+lb{UmGt$w@Ii1$D=SuW|kb`Nz1gvEWE%
zaD%Kwl&l10A#-dnWzi?5uNmN0k@%*HlXx8cI(UQ}!;`G8lMszV)vP~bLRL*$GKl}F
z<!mH}fqZ7Zlkl!1P#K7azuHYNGhh#+yiCO>3Ge!S*+eEu5&QT}gLJGJ;m(5HhdWF+
z>q#=;5J$v;s*Fg8qZGhA9hPdICD`bpS2Hyok!lf|k)nD$J20H+VbhxxQ9CqlJi=h)
z;c(NzdUPEKntqIWDn@*T{_pjic2sF`mL|o(xfMJ+#<Zx|!IBkEM#PB`7a;tKq#Xt~
zes-|ZaGB{sJ^qTK9S+T)OT8c?X?85ONth10R!pi%=?ak@GdF5>JX7EPintwm3!Z*(
zs;NS~OEpB*P@3sPJ@$&c9d-+Wx{0O^R|`y4|B~4m@Ii;E1-xpI+bkP6wSr^EpcQXF
z*kUdK%w1u&<7t6ikG>duG=~L-tdO6x0-)5*Wa?qg@c=|Whm=id>(y6m&yfH)0ui~R
z%qF;O*Z}yS1I*^yz^WClbAAA1XVm6^gSiK=b4BP}cqvAxkHjn<IJ$y)PXCDH6W85m
zWL5`UULibZdPGq-zp6*oL3~92IV^0NU(d3leNOmD{1)^v<Zs&R94JAwgBQ04r99~F
z#6R8V?kr?L%F~DJOqml!xJSc_XuVg~hVKxk4@zspc8GO#BHX}f9c*tCnjR!}lF5k|
z*qLqv^XNBp=Gh>A>JxHiF^Kfp6K-R<jCk7v_oNj>yNZF`F}$wz<mnRFg2dhF_k<()
z6|uA93AKfJ74|gp21@ia7DTv;cp4q{<Rl3}?K8jO6(k{zL>++LlejK?X7%M2hEVCF
z_N2%QrQM_V{FWCUKeTXz<clRtKpGN1%yHw~hD920y|e0xA`G4%sWL#jr+!`W%<0Q7
z44EG_Ghpe-oELGl*LVZbg~l=veS^`3l^-%Qe6(|S1Kmbs9LX|(yQgr??n`eJrwvMd
zX7}amfiRA$8_?cE=t8I)Sq5=E>-iG*kkk$HfZU&@eKC9Rw}Tyr&u;9W0lu(3nA>4j
zBTpco8^34&cQAi6kx<f+c#!-%-Buv!VEkU}KMjz|A3-EGzkg=;==$y%`kkV7fMrMN
z+43F1AG<f)c+?TZbEE%k|Bm91+Z(YxntcQNEb)&1i5CzoGMv9NbA$V=@Q(dS5D?Nk
zyuI_|UFZ|sv0r4j=9%`L;}iPp*MA5tk?Z_tmUkX-I9W0XN~d5ln@|)nTD(x^LYZSs
zm{4+4Nmh9Cflw24yMYu|%1L;{fg~VBH9U%`#0mxgDji7c849^0dks%Jkco!I9LlgG
z-G)i>&(V{DgLfQ=xTb!G3!n%*mW0B{jUp>ToJ&2HcBA!1qoBxuBNvZi{nzhF=8e%E
zxg|+Tk#wveiT)A!8JZDEV-^W6$%rm9gb5iXHe_N3$CiR8jYKPr1|J$KOO+I9K@lcP
zJs+7U$)6||Lm`c69$7C*!xoo-u@}Wikv&FEgN7L;H)LUkz?PaJtw?Ky#u23(8Z$<H
z8|iDtttN_vAtlMCCZ2-f8reQ1XeL}An1G2GB{gJb2CpW~Nc|@Yp(sg5nvqrujUh^N
z=!dwN2KwR<K~cDlLN(<QX7dnCQQV5G9R)Y0eq@cLP<`x*@;Mm*qcd`Ih{TMgK7K`o
zhztcIB64sDU0jZcnjq4A$hjzyS1gB08NED;V@P+G$T_b~)PPE3h`Q+C+|_`*7GpW`
zYzTRm#yPr8X@mR{<0<k@lH(@OQ&y0I1XCrle28P0?<Uw&u8YD5(=oDjNI+bvi&hwo
zX-K9h^;y!FrU%V9>S_pem-Z(5SqYL;R)RAod;yLiwoIaU0gqECOL!{KN|vLD&31$n
zli=r)BbfhJ+6eFm3X%>gF++58G($84!>?$CUkV5dhzxSUP{Y*N1WAG|Z)57z!$}%Z
z;pF6A)dd)wruM|PVAzW8s{ab`!omnToKEIjdOo9=lvQSa)78%2tLqwMl$k25jlM4s
zt`cV|D=8wbmx)`dhctV%aGKk$-!nvqd|UT+AdNro5bEWv$shpQzYg1`o(u=fGX&rM
z4Ea<H%o1BC%erYgoAvLuho}C_@0O$b=7J4-P^Yga_V93|x5hsIjbp7$Uv0yg_;VvT
zCI;oKf>_!IbuBKS!$zg**eNWl*~ZwP{VsofS$MRUxY^^=!=KoZiEBCL(R943noiM?
za6jMYHb4kFNkLD%=4N|3Bsh32uj<#Ymc%uZ(q7lat;$E(^D8@rPeyfp=3%IhH{WJs
z!R8X|FGl_K+)obaa4Y-qqxuheM?wYZ&kVbqjGSaPW)1;zT6e|MmA^UF^j9}*6}o)*
znUt9G>X@VZCI2>|%W2}7U-lfS8!*|~X=&odW#uO2l>SB8sbZ9KlRik~N4?+SZ^z^&
zNouTU;^mYkbI6or6(;eLvyx`HwZu>N|L((QsVz!ZWYW(&<7e`TVK%5Y3Sx{0EsW8j
z+M3-S4<%OUR<czPA1&piej`p#O(y097+6V9w=p&=1Adrkxp<2MegIky+1H3k?~`aP
zEcX@R=O3>UlM;E^T@3)r(k_4y8ty_r7qD3*@YCzkKyWuMW5k%in*d{^&o{H{ZQPKr
z9=!LbVNfp%%$FbA^Hp^J|8@yAfbIG5>vl@?>FfQ6sCla&&-I;>#hWx3NxV$Y10_lP
z#NMs>b0C#$-yQ|B9Lc)hKD;WUoHG{^{5WON|9n_|3uMCib%ifbb4$x2^<5cwY%gnt
zC$QJg&ID=e!iV`=W0zz9g1~w!+}Pi;397p}Zt;I+3xi&QTk_UNDLWlzj)rf3gRhs(
zME@_&-Z4m%sOuIi+qP}nc6FD!y34k0+qP}nwr#tfvN`pB_nWzQB4&Qvn-S+<MrN$s
z`|R8&&&stxnL7o~Mpybqo@c;Hu^Zv@u@yTI04p2Gy+zA;2Z8G;5hoYBibUl#f-CdM
z$dH3p3*w#87dIyup+oq~%Dj<J1daILj&s?;JeqmN^y?`(lOHEfO*6MPl7Ou5ES(Vz
z*(udc0Xny&P{IX{QNicKZ}<HK+3}*~7n_sr?ry6YbP+4kCVm;8lkzTA0OIP-n*H~G
zrPIsTf2Y%Fj*&&jg3mCL#d5MI!A6cfKpjYTyWcX-#`jk$d_&roK^t&?9hJuFm?YOz
z%Oty?+D?-Yp5$OU#7KJhxub;^x>Mk)>fEmkELje-;`VR>)w=fZ)?NQyE)lu-HZMn`
z#WJE+qQYfy&5{7~1OGBd7S2B+>_Z3lqiFMg6rXg7p5`8;pSn2;mkF2t#a77|?{k&&
zu4vX@RFp2O;MM3z!i&g@Wy*veFm3S_QBbS0a{tB$A9GtGHqy#2j)Aa`wp(OG5(=q(
zk&f1P7P8aQ(z4UCGt<(t(gFk<;fDWI5vQi2|E?m;KUJjaKUIXT=zj+LSBWq#hvn=n
zu8hq3+Z$!G^;&)Se7lmo;E)q84ZEe)d#aB+X$R>-S(usLhDxcWdF|7*42{fsv5qFD
z_U5v~yQ|>};MFO~Y0=kep{9aPTkV;$i>=dG>LmyI7pp0*7;CmO{(4OdeO~gvkZ4qM
zo$B_R^gi+;6&;`IBKm^*)_kk>A}9Qny&3w_($m`Pb-l*tT)<07#8cxu!k^N=5l=^y
ztlw>30Edr_-ySDECo8whN)A<~gvp)b^Y9bv5U(fMA3BP-qvTcp752ToJ*yd2GqVjT
ztC;znHgg-*chD!7<|d!yGWrz#{%^1Db;j&}^YcE*RRD!=>;jR7=EM8duf&$9BA|6a
zfkPb+WS}n~%>>W@IG}$+y{DYMlENj(d8>gVA|M)|gTev?%mc1}US;CR6yYQO5P&{3
znAcvz&uS?nMq7izxv-aBfH(?B_vJ_Y)8Q>^kpZ8o0OAz|1Jwq4LM3j*g;r0qm*NB)
z&M8cc;fWI{uEdt0n+pu(1R3#$NiClzx$hHEUr=0_2psDDs7GVqhM5co<tj)RmXwGm
zgW&^z;S!2u^)<<tc+&3GtA=x9^#xU~CNGO6L}B{|vhAQ2&)5Nd_S0-sLD0Nroui{A
za#gJnKMaF$qX*sYKtKJ(eZvPnI|4<-M<nKA4N}7dZ9WM?aB`#qwIquhCSM0E+>oeF
z2svw(2NQ7y1~P7>K5V%AhrZDB3qc769H*?-V#m*v3$tSd$eoO)E`d6C!-C-{475F}
z;@VfN1vtAC`QbS17Pv)dkOO<W2`SJ;dAERGh|w?fE+{+R)XS}bJx&szt=kCdLCyBo
z3Y%zNE}C)Q;<pYevG+O5DPmwCfE!-PAorV%TkjC;Z5nlNiextCL+|`vfF>~9QWA8A
zDJ;rB=#rkDxeI1c2MM(y#1D8%hQyjO6qkl%m~ZZFeJ*xOW?zj2>l`tZRkAPFmb?zc
zuTO@dPPFni?hIhMN<m>|h%_qoYaRqt_+PU>hb@AXvV&Q^6OogBSF)w#K`h1H3pNvv
zniMZ5xZ!5ff^(2L3e0=J0~)*4k-R)q*t*vN{~%ALFp))8;55}sfTjx1oTN~6mXwLD
z4wH3^+{hsfdOqsM?*j+<0#6nHN@<DjEugy?wiePXkL>gXMeI>P$$VQa%4DW?&HW`^
zsuSoh0hqY%cy#->GW1;AhD>cY9JCtbg^F;YJ_HK>3ot7Clv&wN-Zv?G>#+DQH$1AQ
z*!gE~@O!$U2a}b)OmO?RB9^EaIUC7)6REQv4?l3hR=5T)-ACKsy!rE(Md78L;Dknr
zHhp63P9)O7C8X*`C9_7&zDM5X!vQwBMFpw1`2=)5$}^@gEAar+CHr2}E|6xtBc&1=
z(md-J)?9PHUw=k{VU(+@#bMF&VGY;>&KreL>#u?|Ir~5=3Ck7%Y4FS4DZioF6WF@h
zZxGY|LOau|T%b4kX31teqIme>YvyTR%hhJkFJx@$9NhOccJntZxqIOD?)6Qn^!v4G
zc0D5O_Oc3zUtK^yBun*u(d8|#L=yxnLBDan`4)5?0;H~|)N|2T9}#5xh@q9Qalk@q
z${I_jN(j?|6?p6(*T{EWeKmKUA-K9lixq`z8-EwiV1q?FC75{usA!=x>ypnYtAHt2
zKt4x>Z2MJ91yw80ju?5YhL(E1P%?9>W_>W>uK0eN&)M+LI);?h*n?s&Jwi01?#?R{
zqvzw0=6PZYuu#XtF=IX9Xtt3tOQpdvApXG>OZy!M@%79uuwh8=_UJ#q+s|~<9y6-@
z?P+UM7AxYCi4MVe?W>_74gs&+2Us@_Xpi}KH|N--=YxNP^asni9f|;r37$T`>D11D
zmZ=k*FT0xU(oI2>05Pwfqtgq@bBAs*KV9vn*rH*tn040)YsGe0`G!QnNSy<(ldmM#
z6OF{nyv3OGdPJoVnFnqg?-zD69K`j<kwp9ZSBQ#DA}*i@u3NCo#QGk*r#fOIZZ27L
zS2BFCln>6+qlkqE8Q6Op<trlfG3i$fIh*!Oz#EGjufBGT-{fzZV`>PtmrC9392ofG
z@W#^x+;Njj#t@2uz~QaI*jG)nNkNDx7S-WK`SgT6&8Qf@zeaZQYSAIdS-y4yXfW7}
zErH9`A_vT(dE%IDc3%RfZSvNg>gB?PGq+9ShQl1E55LTneu2Ceh*P9Z&+Zk>l6jX5
zuaK(9^6VI=^V$1n1G6MZp3PP$SZBLHD?FV_xnCO9J04IIP7I>A6RQ3eXxX+;aNzi<
zpuf8vIal2}6IBy|d3(_7{2z0Dm{ZuP5FtK{>xa8S{7~76(bl5>P3cKtB43noUfLCB
zJAKhyW=|S^u0nZ;$!<t<Y=A&OPOK6O>bX`$0-jKU-O8v~4r~1ZwFxpS@yr#vt+K2g
z0?-m(V3w+6mnl{HwA=loeCQrEkdgft)H;L%#`Nus{`(>N3)YS_eT%V(1*j^;1ZnA=
zIzzSJ4ryg)iZp?rl^GcDzsBSw1%vEHGUOX@^(+&|9n}S~9IDpXE~|$ni(3+IL&%Gl
zM)qd^#hsmntS=zB#GQSu*|r94J}5!UQGpxZ2I#r-F*#(zD=QxvBTMR@8|WH)V^TDg
zPIk8UCC-^w)!+l<eABi?8YVLIjuqP0gekc=q>P%A!6ic~nnL;Fh>wR;^rHP{FOgxR
zTaeQ=2tw8@>((l^e~n|N6{vH02Zh2Ad(7oavzEPAw|!ot;W<FMvdNkX7^7vrbZwJR
zBPh5LUm=O)-J|X;HX7fHK9_>sJEh^+e{qI4QZf5G7>CiBAM9lkqC`*^=!WG@ihSWE
zV@Ofy%qaz70A8U^Vyar$wko7u-EpUVs9OsETHIB;_}$lE&~IDkiqJ)8&gR$aSF83|
z)bhnz{N+y<N!F`iqk6@r+o5c@qz#hokfm?9-;Gc3CHa$1UD>PK+Am|}=71MO7h@en
zn_@m|F4|P|hF|GjQ;VaAfF8IxJ^`cVW!8LNDEV4>D)1|Arl~%o=CP^ZUsC^hue-X7
zrm>SH@#d_gRZ|(JrcaPXlVQd3ih}hfW0QLuj<p6vr9foBV?{<;;FLy2mG!5;M%H4Y
zjk1X`WTP@&{S`Y5!A4(WHXF=UT4}BJ3gXo(RAox?z}7<Ba)X#HW?mz~TJCLFh?%qz
zBKyb*DIc5AWS_U_5i<CQ9v5F>{9hkDu$aIJF87^Mq>BzmdLBJkuDgR9w1kN=sSrw<
zqfAXO+_uNeNSP=`2}RlLWlXzhIzP<pv9iDh9r4VBf!)^?8k%dmMEmopy*6kWnnTAt
zxrl8Azm)1yOStCVVpH~$Z8uluwzT^)UX?BLVow!!-1@pO{}lPa=IOp0nSe=S9AV<{
z!e4*5JJ$m&23i7A6hSk(LCRUfJDX(m97Lh7>Ec(}Y64rTjyOuPcBgQPrkcHe8X7kj
zhT5eyD8ix%t8U%e*M@Kz)9inWSyvN*Ka&xA%9pX<sCk5EpybwkgFIk&fmUf_jd%B6
zDh~it@J*~kwdBmvunQ?loYDmD{jszeZ7Dcts-UxU)0H+l%?0kAT9P~JQX$M+zoCiX
zlbyUa)d|$ImAH;x9il@B1yHNoeSSIqCU!CE*U?kzxK3f~cGzKe^HEH^wo?RqDs98&
zM<P|6hL;g*95TOhbrECy?I6k(s!nl&u<h$8m#6||U9*_KyfI3qG{k=kjSXLOA`m4a
z;ZnHCe-QVDi~iiNWte*R;|_EQxkv<y+2qwsU9ZmAh}a-m>>>7a6@knfXeP)8ndT8u
z7K>2oMz`;+vMzY-f7vZ_sY+v*p<~m-h_QwRG;X3rF&|H6&z--Y<rcZ=Jmx0f5w{DL
z(sB%B4^W!nWl}%L$S4%Q(hx)Nmml@1U(LgWeDyKrfeIn*(JTrmBDf=0Nu1Hpt|5oS
z$n8~$8>sF}5A0W8G^<?I^A4r3*;kEX)ay)!^PF^o%gf6SW|7QcLu*z#UVVoM*QLd)
z`uDpuA@B~|2HnCd%<I?AAI*^*d$c45d(V65$FzKBKK*c#oe2DzspXgDn&o_N2J?}S
zin*IM5*p&;!o-=j7>GcbQa-!Nc*O_txs#>DnjJ4`-hD)Pi2(D|4?|A2T7_vw_~q<<
zuk%-B&fL6+^VbM2Q`fjip93zOh5X|Rz^{F-BIOrRHj+PkhEJf<6s1{~jCo+C&hyf<
z@c=3#uodbOVDb{EtbC08K~A|6-(QLL31^AsHMenYfbK@D;)Qf@)5-=4J(b*bvoHai
zCdo6lE)b*8M3w&01(vFsC`SwgF;p$`X(n7FR3(!u;lwOjd-ocVd2$vL3C6^tlEt4U
zkQgWZhkU`86J1<JHl49B`ykbHKY3;<<3HP02`=A7@zW^A=DP6H&=|o~rq5m;2_YFq
z!O)$9yL(g31kvu&i@d5n{$x836HJl<223@1K6eMY|D9rKqbkiR57HDqDMsbYN-k=Y
zX<Je#Ox(ya>_3aR&M@j$%s>pdxZmAwW<E%6B%+$}Yo+rFhw+#pG$|8W68z%mo^=zx
zc#Vz`fp<wxC}v|pgmdFIC@Jq3v#fE0tRcnX72czoRu{80WG=6oerk$wZ8&GY3uPN3
zFsh<X+N0e9mvcTG!evD+7@)LFJaX5Ok}igcOTCe8VF%}qapG_TBAQnxG<&8+G$xj;
zClS9zty%Y#;yPH9tU(KAul|^~5Uk8q<DsLsb^SV~kdox}mMKGmX?h=5In^y(r3bLD
zbK<oc5eR!E_-W)J0Xl|03GI#8*H<Q&vYpfN7l@~<M_lqqv&5}qymLuAGN|u%sq;44
zJRMs@;_vW7F<MBUPvcI}80--R{BSU7HnraK5Aed?b!it(DVE~rlTOJ*kGvHL%NSs`
zT6psAr(~XCu}}M<;@;1d9Gx@Ay`B{vugWwpEJO+3=uhu}i{2APPWM%-A>YZ&dH!90
zu|jB_(-!?yGG6-@iDya~{;aoL-XXb|8Pd6~Go_dvJVy_K6;XDiE%HKw83l7M!0DGq
zQOO$51C#iicRmV1WW1}p{p<jw%nTRf1DOPXJ0mE&baW#piU1MA4WZ<xSuFjW%bg9#
zIPIz)cX+pXSeCeI`-XEr7=5sWk+4Z|_zv-`%L;!uuS0GEO8PV7NizuBp8re^!<YxG
zltI-=mux2T6`!LG)uncvn{4x_ofh%?LZfYE(D1>oe%4|TmVPZ-pai;$f+L?W3Z>?n
zbZ!PIXr+Q3$8iY#bDgnp_IgW+_$@TA+;}f{2j|c{LeE)fl@~jpNi(kn2UMFRPc@q&
zFw&9|K18N-?I?9yw)!Srz}QuEKgy>Mj!b4RLu8ziPqRvV@{8rVa3D3UW!9t?)mR&R
zJ<dgq#Mnsfnm;M*@A_yb=}>B#2CI0z3o!j_2k)>4)w9}=fiwNo_Vu#v=I!G)=Opun
zjR^f(u%}}s^A}0jj4kTqb;qR1G$uU?Ufk<tk3aXL!J8amAUEf@Cq~YEEHz@|XpQRe
zh7Th~a_)n?N2R!T!cjMBQL0PXY>Nr>aRKQq-~sPGOZpAM%yTmgM=Tg@D6FhgA*QXH
zRkU_mbg0{?qgH{`FPZH3EcrRBxt7-7&0U!`>whrn6Qzl~MShKJr-{k_^JHw}N<v29
zm6eICG_=5G3T7nb;z8|!g++}Gh6$0t(Md_6GP(UqvnZ7H32ew~2Ei0c(MqGb*o!3N
zJ%iHvf2kWZ6Ddd%G!58MbAvhZBG082#ETEi0G8>a?B37?UTE9_lNt~nEmL}0>7(Yh
zA#TN{{+XqDjtir?&A`+Odc|pK@0Vi9g%wuI7o`yi7N?H-Rw2<}fgN07Y!jsO=n10K
zk>AmW`OyCBb{n1Ohx*~`CWT?itY6asnxcUCh*4Z&MS_G>W)4z^LMBopxpFcK5n~Ey
z+w*6&FokU3Y!Q-K<x^^~Na=4udCtxNt8a_9v0g9Yn_Ryy4c}F0FlP`yT%c#X+G_=V
zU@}DxDdSSKOIVQi^S-RFT?J6CFEBO)&<y3?<B{A4ASbfDc}<$!BRnI*4rK`m5TGdm
zp?j5^PFmM)^g9GmNaDr&0C!v|so_|7*Bac;KZq^u1637!VG^$Mgd9;p><G0avHDam
zXwV%bdl+m)sPL|V?WMn0#16R-`)EgRQ;I($?xs0~?@bE8C=+Y(RINoPE`Mu7jc-It
zXo(kiD3hhha@;i=s4b<k<96|cYeVMGtexJAPTuhHET;KSIia!PM9F7|%X<e+H4hr6
z=o%mx7<APgY19hf(J6>GN!x=Hj?C<fK|L*@y{E_Uw?^<s_NTFAmJL^D4NZHJ6OSbz
zJ@ZGsgYQrG*a;(S8<1@uAQ1Qj$u0KsCR*rHbu&Tgyr3)oi=oumr^UZXlD(O<c0I=E
z)aBG3Es<gg4h-__Uk<IE8rXRp-pL}DgFvC6yp`Oz8Bus?33++`YP~}nQ@-)=AqgkS
zw+|JT4DAyLoM7x{4}prN@K=mIGfalaCemVi!@(KwZ(Wny3@7#m**{U=m!`fwgso#v
z&}V@71;{Zl%c?ic>Rt#woDJqH3JRVTahYBH&Gw|1zQLaE!B`JjF3%z5ZPPw{rKE-~
z!)BR}Pbkg%<@-bz|8xl@KPML77-61H6Q$Oi5dOR9%(5)svVz)-tbi1DCCw?0N3Cb}
zFRP|WKXq0ZF^_}2({baen55}C{R2ba1H;DIo59)J^QkttV@-|YtWZd|BdksP5KflI
zGMY_Yu)ajvyd?T8Y4^NGbfIFaLe6SL_AiMPG37IDoOsIw!zqUG<#r_w8$@nY_aQ|0
zBd)hjTa<akyHW)y%rU%5<3mQ1Ne<&d8Z5iwNa@GOu>kCNs9;0FAK65y;%o78`S=L|
z*5nwH2CR({=H?v}yk<kZ>=E^6zdC`aI-=mZU9=@=H?qBe>PW~9$J?{^7uI21*5Qn{
z$O@(5rJD3gH<bXxQD2**_8ljuoyTP_7rEy*)2)l=2UD*{Q%T1e@-rG%X{kH1MO?Hz
zPScj`4JrO-a(6G*$2Wn+gQz(NsHJ<C*?S$CC!t$3&GJ8od37}Nj+n{6|3-M9(N8bS
ze&waG$k_Y~-frYo;aTbyy;U@IS2R8a7@q^Qi(D2Iua9xM+Wp*}N*<%N=PW|=--z8%
zIK<8xLe3hl&lU<E&fXsv+1;-Jj{r60Hba=T;_H<Y_tP1u<yE!u`TQ|QFY)&7{phck
zs<*#<pYqUe8CPeF+{HS_qQWe}mYRtd6;Pju36FxEvprMuJzC{Hm(5?d+A0{>avV|;
z;#h_$ScczBSj7fRmA-OpSZ)hM{F_32b3z~My#?dB4k$}RX&tG3TX+EyNqu425bq7}
z$C0e7^&ytZF16R<0icfK&6muRtBPw>oa6e=@%*?FhPV=Z?2*WEv$J}oc>~-7xedWu
zAn^1Lr5tOe)XbHy)?CD6w*5u}n_L5$NqR%x12Vu#;w*-OWXjY`@#<!kiEQy~Khr%N
zo;7^Sc+n~6Hz#Mo9J_>py2OY3Pp}QtCtcHri+?SPrcCN9AhVX>nM7yx;=QMGzoR$I
z=#7gv!v-^3e5N&7q?)|5%y6){uray7q|qM#?kltyLWKX&+vMDCwJE6U>8kS~Pcx+}
zXGVBp;@GyZ+&8?`x4tCdEJin5w>NO=tb0p^u9yv6GXDs$`7o%vJpc?Vf<(m#a0=)s
zvP%WSQEBg3ldAzZyzBZRGz!z?zKvN7BE$S`@=KYpXDHngh}9@WlhYq63Zu!@=!ON7
zt05;ofhS0Z56|EdN~$OXmneEr)QipN7HBD245)+s|ESAC)+J{fBvqSC?KRkU{zYAG
zD4+U!*8G#8<ta)}oxYDBtg??$PG)=-JFLrJhH3_2N#Yz*#kX)~m#31KsaQ{e)0fb=
ztH{-tp+%R-UaQa)mLX@BHF;=c8-~5h?#^AP8qVo&lradAdW5Yb*&2h{?^#{PupP!|
z;_+u>WE;=N4cDJ+K_hZ;i0?*%PZOe-#Tu6raVk7%Keq{nJ0)iY;9K+XY_jDIHeMhq
z+YrJ~cotbc5G*jVEifj?DUvQMB*^KwuzPi_J^cE!Ale~UgU8WzZq#lGIh1fyp7M87
zyTSEO19jJA@g=)#C97;b=f#2PG2d9_jJdoA`_UHjmSxDg<&$B<n&M=1U@CqYXF|l(
zA>`CDA!h|ZEY6St+JZODp}R3d{$B^S%krx6c<721=c1;e8AG}Of!ju>jgCW)oI_7X
zVhY?-hs9p|WWW3jN%>rUPE8Pi6}E#b!WS#T*Wg(21%qdW{RRvD7vE<7OXiSn+R*MZ
zhHNEW@??t?e52HsDRbAdelYp}cr1d5>L2z^Z0z-HQw8p>=a#pQN#q5SN-27`Uu{Dn
z$YhPJkD-?8#y@W*&xtq#dXsYcfx~2dor$;@stopUmL=f{S&@nIf#fCO<S6&#s0I2I
z_kRppHf?Q#_V*?<afj3|Yvan6M{Bz1{3|qXA*#O^D{@8EI-}GOlGTKSZVdwrgG1D(
z;9Jr=R?0s*REJzE9&FUG4Jr)_stjAIf^AArs7uXy49zS#%$6~#mXixA@h2)@o0lQ@
zE8(60HW4(up~<;jXHnvk8FV%GyW?-U@8euZt1WK?|F!8b%)&Iua_Mist9YzuM&oWz
z^q&~Etz|=a3Oz`iwrlTW7Qri^yO@!!>Y1&q@ocir7W+vB7^%i1GKSq3$D@};yWz~^
zNI?JD^uA-ySQu`9m_@D>OO`);CO9GY9osYl?{xHQ<{Cd&1E)jsik(`j@|ht9^cV-W
z?Npe974*rJ@w5i6J<;@DLndh!7ovbI0fqha<Wc6Uf^dBZ>y8zPvLy-QhN0SO<PY2C
z)R5ISOg`q5g9H&5SL#1crueC4ZC9@$Z{7IFF(b*w62@<8@m|GqkE&dl;7@nmV~+_g
zQFGB}{Zia|x@C)zot4(3mDUjl=biNM@jC-NX^RzA!6jA{TZV&tbA-=2L$)mbAIi1r
zZvBq;U_iFi#-hr`J{rtbSmOm_{YB3}^u|DR$I^6`(TTtYgJY)FDd@(tBGqtWnI6Gv
zQf3P+z?kzeWNX&WnH3*UPf|)(pVbslpJt@FC9BzG+p!UIc{OM^rDiu3b(w8d>tU_;
zys>okOcURzJT=#=x_O6Y{mO3bF2LCp#CyW!QqAeIihp&Zy_wm)nfbX%L>gYQ>uqfT
z*5Z`YHRS3M0lA5(bQR&TNugoA;OQ~i98$E23OU9h9dGr%iTLDZ_H;jfd4l?c8gNNj
z-9l(LEs)po=?n6nE&o$cAkc2w(Qn(m4y2v$QNa1G`S}PXwXgR&w=vx$iuq`hAhZiX
zrd#i)=}x+^M?CI*U7`j$I8t0(!LD!Iw(lUe->`o!GEL`#Bm~*#x}8GUSyO<=#gE6u
zi+>}FAVvi}CRQ)Z+zpQqbIi*pfv{4;vw3=S6W#cUFpdU!WE7&cjDQ<o1~GK)k_f>g
z!^x#!;gp$uj`ibsKw~R6<{<ZaisiY?ETjl3$U|poM_2AZ*X;bWSZ#IhHVEi37{D1B
z^1{cwcB<?+X{{q%0!>p8ssB7^JD36Xd~+8F7;@<tJz0;Pz5P^zX^(i>Jo-p;#;M4)
zv?2Dn{^K3yuQPsVW4>>Lu$LnJVwCbC%1<2(N3<~`ahtQXyOVrx^L<Q+ctp4}W>a_2
zLYIp&=86*UIRR2)OIvcotzZnSV0@9qqv&w{u^v`(J(zJ^sBu*&N$Qd7%8xUo2{>_l
z%v65lEMYguRH)5TIOIuswx<!?Z8VBmP~$AgY(rD*ud<#d#o(dToz`}m7NI>!4VVVq
z%*5a3=9S6pDCBl&yMnW#&h}r)(s{J^cA9<Ft-SApIC&qMe(vE}VRYPv$W;8xos)jS
zcMU(JY+EhFqCAU>`7rHF;3PInuRRNBC3*@ZVi3}83O7%HA9Lv|MD!mU^FM0#KXL$n
zy#Q;N0y6*^Me9p_On-8pzwobdB!1A!d~S!*)J(l)m`w0zoB`7bfvRqUCEz2+B@+dg
zYm;1CRG-Jo=_Hvl(rcXP7i9oPX9#*@pgm)trEDYHavIaj^Gnd|=C^+(I5CISlHb(Y
zPHN@jkrYliN?eO}snWP^pIdiYr(QYB(u^o>!|1ZtDstB1pJX>@8j`xF3J&DN?AY$t
z^1-wFJOjKHwp=6xRCg$Ax#-yO`z$?*a4mtZQQ#^fv^(KkE}uo>dimpi7U6D8L}>wz
z)sBv>rHT{a(iE7<B5^J;%=7E`#^?Pv=Q&!F4BL}79dKDDtVVfTZgn>6=S!=l7@^0W
zLO8AIQCdult!M7G7&zL?JU6|o9C-z@%ws2QwB|QWk~$_Fw}yB(3-C7^a#~N|91-8o
z2n2?`R;8ZxXk4_RhLnFDb(61oMT~n*13hy~Zar&sTr)b=Slj9xC>ACBC6jJ`PH|W1
zd@RM=V;-M1P{|(Qiyq-?8wur#L8j!Rz<W+Ty_hS?+?SSWwlL>guIE?Ke&#Y2FN%#L
z<5L%2E3=JJgya+OaL>n6e3(5zzq+OQ;Zo>__kfH#Z)}lmWWR#)-N$$gkMkMqxXJkQ
zlk@UXT0Li4UY{9CGk5X+hJ$W-e%|yRyg#>`smS5OY;|RzdgiOVaC0p`X)nsY`0?VD
z3bw?{J|8-CWj^r`INg8Mjlg8M?PqlF_C9|#CQAC!g-!Z0CKBiQ>u!YOW;A`5u5?8H
z$Kw&}BB^oFq8#0btc_{x;__dOgJli+NSE51hZf<Ulh%>bVN(jrTm{EY#S^M{JhP!_
z8Wr6+1>HKWTpp}41r(+iGQ%{I!UU#*1u{ZAQ6x*ARDBoMK!$Z;omnCDP6w2{gj+*Y
z*BXmW$B*(ERGvGbxIh|Fr(0(Dp2Uw4o5!EW8-njyUfSu7$@vb;>gP!F>$KtRyaXzW
zs#x=c!y1}#Z`|J!6y=(pe8q3Boey*Prv)DUBVVbAGdcE6VoI?m*Y~%?Mpbr+TdMI4
zIhe)*jNzV7?=P1%PiCH14*Ib(Tk7-Tee{UZrxsrWEBcK!-Yz<y?m8h_-O<zCT5_d{
z%Ut1ky4oAp3d7&OF)lz2qIgzuf7s`JS~nn_AU3(!jlOCC^SL-C(CFZZU6fXpg1k*&
z+`a#zq0j8XzQ`2lf8@=PrxP<C27JshN4a0I@znh8@ap$u5{z25;AuwQh_td=LHmu9
z=k+4|!R1Zp<10wg3KnBaR*Y=H?hcE7oB2ZtTc#rOZa%|@S@$M<*%547wDF;o8IfsF
z-T+%pfQ-Z~n6n4<W&L9OzD$SK1!dK}jj>%P-~#&khAQ3|ocAUI0{cRieg^8pKb-3l
zCJTKdjVKnI1MSmgLW8>|3Q_<k<qgdp@w+AJ2zYVB`Jw9iZTgVS6zN(+*4?AjqN(^A
z>54=8IsC^qSy&75@4a&^>gAW@wC8_JkiX)Xb3ieDVc0%NwXIPZI0Hg<?I8Q?Gt^)C
zO@XU?#Kr}C8KH>IiR71q-ezxn$i}Sf4KoCl3?)y&z-J!`fmz4}5q$laPGc^)u!8$<
zd=7^{bFqd$NLdMBLI%K6Ut(HY<<<ERqOXalvq4Jwux-^KiS3Z-&WMPM!3M4N_hee}
zsy|3^s{Jl>0fPE_RycV#R|q6~1K*@b#e;oT{kuQh&CWMTBu~igfT?d%Fl$uco`CD`
zxbJ3ZAD{2I&v_*LGw0a%bfRX7Q;V?5Zz)f=QDp8<!g=kgQcfiBylS7p&O9o-A3iv*
zlxxA9ui(CxOgk?g`3EvUDSiv?=S#z<WH~RgyoB=H0|Lm_S}79xH|gXj?F7AKk}3BO
zYrCKvL1Yu&^nehWfxLGs=qcChwD)_|n!2w_&9Xv7-p8<+bI!`~na~ZO{D9XbR>K==
zE@%$cq%-#{sI=ZA@=r#rA_iMuZn7}IaT(@7xA|MjIExu`5)h-3j4}?P>!*&i+!VmY
z0T<EhuII%grEgHHPWMGfZ3&VbN^Vew4_0eXXSe#|6Ii3np1<-}{fe;7f>|wm>QnOg
z-;?CN%$NqcI=kAvVEr<O^aX<DA4uj4;!7y!2SVhFGz5_4iB;7fIx%X;mT>(Wl!rh6
zfVLx2dH2Y_TD40DNVjtvy!}<ezvT?oF}VAaK7*ynt?btKF;Gj;n7h^Ap^9F1KAj7K
z`O3&YR=J;~98vx62XimJ2q+7A_=iP_jcoXYK{0)-yra^T`w6#Y-=k9ZKP+4*#xo)U
ztx(3{iJLow__-xl^lk{94PmNw?459%0hbR_#G=7G$@QSTs2Ayv2SQ;ga>%YoouQiV
z7`R4xkT*1+ZQ+mCKX0$l-~K)WKD#|%aUSPLa3V2Gr$l#b<de`7-=dpil$p?&{Z#?E
z3n@3>KQ60*nf#%;B#BVhL_3irZ>V$MqZ}bf1EI))g#qgKH7cwLu_%AVrUgN!um|Z#
zQbxZeletq;6-UFw@dr~ULeU4yzmfI6l60+!&%*$N3i_ONEdi%W(rid0-;$PV6pfv7
zngF7@PT5ULf{&QSdU>@n3V{#O(#23}Gv8oS*AO4qv0b0<Ir3RXW%-mCP<{pW1WG#g
z3ha0095F;p`YjRS&1wvFu&`Y$Mcwt3_*CErHK+#!;KPF9cXU62k)=><;LBs`y#Qig
zZwUw*7T+sH@Yp7ht}dEGPq^A@=)N(j+#F@aQx>7cX=Ah=R4&h7zA0<HyX-(YoqjC=
zNc{W2HBpaZ1`M_FP<q;|wUuVU8_~XGJ`8G!Fd*JxwZgBy8>)Vh;XpQ-D6f_vXB7JX
z;9eE%W&HtHa6CO~`GY~dduIIM9k7|zrH*h<zI8T+tsACD$KbPZuDh>Ne$(l|ihg1y
z4}3_}$_L?Ex!0V;%b37|o!GdpU|@}*jslzkSgQPb?gWERiTa$)z6=3mt8F^D9%8Id
zp8}(}8**?~;GmyLVrSAs=_G@HnTZThQ4v$2!abzV>_Yl%4Y+>;V1pTy_sar=Q$aBa
zI|&}xs!gzX171DJ>GK7pGHHt3wt>970$(8UXP@a&eRzQA{AAWQvxpwMQ#pvy2C<e8
z1aXBQfWY^<fd?U0Si7%*X&J(u0;_aA-B|0|K;Q(+h@OW0_uf$U-H1x7(Jv+mK`D%6
z9o>U`p#>A!`0v;+Ga`+xq2seBoU{=klz6$Vu7qN@sg|}_(GRbFU1)NH8*UXf!e}v-
zS0p+UAx(~_T&My-6S9tY+?0C>6p26ou~KPm%L$5fH#uRPlfi){3`;%oL;92Ih(#Wj
z>Dm=$&iw&0-WO?)LydJpIgfpAs*~<ZeZ!&C$kU}`fOwr!YF|Q)oxz;<$N>wYBR?3X
zVEV3$7jUDcqEWq=VF#gAe}rq|rs{+`wfFdCFJ;JN2iwXbU)f;?zlua-0A=h~A0`s4
z!&z(S!%Dh_TzOukZ@3NC0ukmUh~+n>LDoLfFDx#@Z(z<{dPoCTJ?M`gWX|uw|Eou(
zfAt7DIf;`sv8Hd_-+0)7^yW#ep<5I)cXMhH5e7ITyUdAGrk4US@2ZMGw<2kh%AU#f
zTds&v79z?_<P(my_OV=Zh97H@5zKv)&sIvukc}Pga-CrrcO3F$IP76U(4RHOSGz>5
z_C7&{5kRqeA86({0O6@Y#=>L^dP2Bz(UJ}BflkuZHPhRzr{6X8g(SC+;|Tw=3r7wC
zI^Mf?X5V#i(VJJG)RnAcn?XJ=Xa~-g&hl7LKwOXzpJorTNlFG$^5mDmFaCBW*+(rm
zX{nA#P`reT!`%Cct@+6=+ILoF|5=s1tJyBnQ%2kBRkq#QL*L3GZP@xj;!2Rmf<!Wl
zh5*-&2mZ%vNMh1vcMGQa_L#)>K%q<62)Wg&kd3Pqd{baSE~|SRBA9n@caA<uuVrdB
zPsCc~6!9M=P{E|=Zl8Nl-k$Ug(_d?)ZX6!;u_)(9aKULRcn?Z{lLql%JI$L1wgp=b
zu$^SkWgueHvthQoF0iv#`{G6dmTsBI)QsMcP2&QBd!dR%GtIjIvLv~b9i%F?hLOlX
zHDj8Ct|=rN6xM(SVrHE|Z31Y308CU4Aee*4{MeCa@#pv7{Djy!5>5sWV1qmHVNJ}_
zO$~jNZs<Ez8G|<g)53V12FgBUU>UWUv%`uOf1^4A`~JgWkBMCPSZu)zFn}joWdQB&
zD5y+>86@#{<htRi+PNVGd+?UOYGqS0(+w~avX5^xs0sx)g6*aogN8jmL=9#`7vVrH
zOVQX?)9gUB*&PWu4E*6S`GM|Xgt2oKX=MCjgG5-~cZBh>7%7&ksO5MX#Ly@3`;-<}
zmC$rKnGeh<qY=Jbke0&{hThIz>`<>G4JLxKsqy`F|L(ba^Ro<AbL?2ORbbJTNW`Tv
z*FNfk3O77L4*2Tpg)UguSoQ<*(;Hb+s|t8R$oQmXK%OC;t_`D~*Raf5h{r%_p3GB#
z9M@gpqW$2n)H!Lh^#M!?+6;NGd)-U5>LXf<){oNB%nR6&I$v%tUOdm=dhSmMcr22Z
z<&Ht@4jEINE<wt{K=*0MOlE0=lQ|#Qhn=IAzlbYkZJN{B2&eCo(g?4iP4HsV(T#c=
znab80`I!bJjfuTMTl|bIiitC8vDFXsxu!$SioF%HD!sb&<`j#?-AV8W={QO#2W|z6
z@G`1u`~O*EJK!=@#btc|12J)9p?56MBM33uV+PLNBt3l4g84I=PEX6fXCFMTuZ}mV
zL)VB@;}_JXKaoB6D~YnMwGk;>r?UQ>15yp~k9wz&?UilQkQQ@iGFAP*Y%orDdwNoZ
z{-F)AWM**NGxM;iIto`-8Oz5b%uN;gX7^awiI7ox3yfYE);6OdtC!hG3oRzxD{mDW
zd>#0oUFakilTufry8W48MW`S^W!}v$a`9vM^NkSLii|$=ie{qvP;sAA2-<SD#a;$Q
zU6ueS2L>%yUw5ru+v@qFbgLOQHxjNjee$a6&!2$Fv|NgVH<mK|Cm*=2C7Oo#gzzpq
z#37HtJ(A^C!Eix;ItMwd9rp4pn;zHPZfgHDJaSU2P=vMCc|#4ATcOFgW>wTupCQJC
z9pN27*5=9eBWDRY=1m@_L3d`&G`6XOD>~Mkz`+Dkc2jeSC*L%7Ob%NUvMfSowgVNK
z&^EGrfm{n>+D9+<F3gZ;Y7rt`{Oz)8!V}n`XqnmuWAuvOc(?$~XqL4Up^05%5Bm&f
zdKt!By?O_$;iR?<-o0sW8!Udo-ls=e^D*d)DIjwuMe6KOwVY^$zK%Lx|JWaZ3_y2&
zV;Hpx-E=l1_KaiLL$CH1{48>2oEa!lUTj`NdGTx*ZRP=ay$wRB#1aEVxhfQUVUV*r
znT0O*8=vMQ^me5@BH)QWwaLIAh9urH4AO#w^p->2fbWTN-$dosd<kB~ZGBp%MVipC
za=8Zk=+-fGNdxy;lEIUuEV%JPc_)33D*~>qK_|XsOW}0~>4#0-41`#$5$e0h2)?Y5
zc4OnPN1A9Y=^*XGmAOjV8NDG(5EO=N(-?Jg${rokG9`S5sM|bx^74;OOX`<y#c{eK
zb&=Zg=h6Co7wLfPlIm}=0LuOF`(8}i^Z|X>G{;{IrfC3@+1`!nh<;qSy27xtKs2_a
ze0wcDiY3WhvQ7{ti}t|lJCN^~<9?Ap);4|B?offvAThSa1!L%?98VBILW@EcFPSVa
zS5zd#K(BN|qK=3g1^$)%<Yazsm!!-f6%j_S93Rw(>XLK8?i2@YNC_I_H8+rq``Zwa
z?E`*=c>_&c&X8xiGt9k&3hdfD_i#Z5bEAYxwb1#)3qd>!na7(=vH;Nbk+3mW??sbx
z=JBhzd-Ti^F1({`cP1-nf8x+{?Qf%f*Z7(#2Tls3owIR4UPs$U_?78si~E<f2ir%`
zEc+}dbuv}vNVF&_%Hs6aNiH(G5~VC>B2gR{wwy!;Oj@<9{48D2;;SVl+kz^9?UodW
zU2{LN1=dI<Vk_Tb*4d>v*Or$il^Qt`H?lBmX<A@NYQ5aqxjh_#|986;eiVkYIR+nt
z5NzVq^qnhPmH1g_Kb$;lBFwqmY+Zqj-wv3{v|20LwRjs%oY1VVu>r~R99!dl*Qn8q
zeIr~MSlrC7J{5Z~3zbIfR-f(g<*PsK!H*(KCrAFcva_48a(xF}jk~&C5z}&x0FniR
zNsq?E>QVA@n091h=Pgc1D-LsKX+YRGjX1->S!ur1@v$2`KNCiWxb2UUU)n?vtf^}F
z>d}ey!+!HR>pcfgZOFy)1K5)1pN?tGfaNPQ=P9LvbtjP-hl@F8{_2h*D12>=YlNBH
zc3ha1atqS~l(vd<pto8ASMQvF=o9EI)bZJ4)G2HCIaAr}@yBPHM)`7QR!$MhB9@jm
z++P<cP49VPj^}BEUI5-kgQ&qNRz!eYY%9E?WDm+B!7_x@lK9mgsU#$8kTqoI95H6o
zhAgVwNYh^|ca*Jk;>XlV2~Oyu4g-AiOSsLTg1KAlss3{5(<jNg5e-pCm&Sg6Mo4yV
zl@3L|a0Pz-_8P5-zf?op18%46%7C^~ME5q$y*Yfz6$U9jcS6w>b&?s}q|`@@pptc{
zExyvbRLv-Bk+PAu*Hl2bag8tA!&la(YzfrX+UO$}$m~{J?*TF4)<KvTMX^D&vY58)
z$85`|zG5HSgJJ&YLJh9Fr|((XrElA?Y+z*AX-LcX1*njqg=%(?*K7kk%8WSNL%rrv
zgqt3L-c*0DD;zczzl&QzOP{9Vk;X%@(9vr(bl2zDqx_*>J12Sn!OW~AZrUFe@HevR
z=Xip?_D-c2hSo4<7wJIy7^Z*({hFnUxswE$nxUGx7Og37Wdo*(zvkDdHB1#V_Itm4
z;1bwj-%s=!?MU_}9VdmUAELDbu-T}BTsE2Qk_SzC|3+etp$TvfJ&>yQCsRbWDWCVe
zFk|fKTsf>GIW#1?hHx4jdlhZZ!Ax4_jcWXOrys+9?p*g;Y8GzGAE~2g0XFzi?g{^0
zgHjrBC=PB{MPWVH4=UQ?-+NI!aywx-<Y*Auj=<wOi66c{a$rnWKXV&~wpIQtOK=0F
zTYv@Q1Th3uk2w(r_+p^E(mM>a7h1a|5YicszP&`hu5s^tc4EKZgFkjS55K#Kzn|e>
zdu&GWdx$%trln*i<>2lV@1&(45l%1n7N}=;24-e>$4Hsknbrn)nTX~(8f=8(T}se^
zX1@VGAjMt@FYge-U7V&n*o`)@>n(vjHjwKrAb<_uCwd``_wVJ8o+fRLgQlcU8~&2>
z*5+X4B@K<X?`2D?s$v>P4X5R0qiew?b&a5=re~X>A{r}=q)!d4Ce@_!;&qwwsyvmW
z!gFJdu0r#|W&v|rQdPtab7ED{jq{x5yWi+FRoiB?S{hypYRx_D@){G3>~b0%Uutw#
zMdlTXJ{R%L1fNx+J{O7_M{~=WJxRgkOzCg)+JC>)(5%Q`HH3N8qI=LqHK@OqA+5A>
z%Y`-QXVriKS2bIYWnJA?IV)G!>sp`J-d`?+-yJ>{&sG5Ms;#0XkNX||za6OGTRu(i
z)+6|TIu^dRbiS`De4ZD2-l>{=lsZbBcNVWw78%x>MVkSU>-e|V0;OBuJXdb(U02rx
zC0iR`SEg3HY0i)fR~kMpv;c;sX4cQGxJF*&rtd}o|2lujy4kujwz<pP6&=7s=G`ae
z?fZVD4@L|ONRgZ=27FGZZ@D1%41y~bdbtyV@jxm7VxgCxyfM=Ea3_^E$`+vDN(GZ`
zF03%}`+8>7gruHBykX+^rZE|!Si(&HAaZIQtotft*J~KEoBFYhr8#=?CaT6^j8{zG
zcGaLY*)9*<rfTE{#@?6BZE2tD+#k<cB%MxVMYF*Y7s}P7mjqa_Phjr~)-P`~WS*Q;
zLSfs8P=!BXI}Cy5WOGVln|kwn0t<sZrdf(}jy1Ecq^26$znj0=0axVzUXj+rsCg{5
zs4}ohl+%h>B`OmnXS);^<|x|}x~EU1+V{NM4Z*uM<la*C9$abP?yeH)M~hB!N^Ev|
zQ^$?Ocvx9Jv2RVVU`?3K1zDZdnAH@F(KJmo1^ZqQuw&F%roHF9W|q9{wVypBu3~82
zKc~;vdKO^KmKsc#94eMF>N4u%MY@QC+z$j#x3qIx%*wWhMBT$X+&w}rE(Dg}om8*W
zgmxzX3ciCG$?lw&K%V~*T**N#^XXUmepURGop^jM!HQ&I3XQ{!lwu2gv9fim?(0(z
zc&iDHM;dSU=Dc*8pS{b=bMYBC8V)Yd!B%KDY0d5U?a6NBHI4Hcj71Ke>UE;baYe!U
z%IWYA!(oZ|c&=iyU3+q9c$l~)YHJzW1qExN19zi}#oK*GY-RRkfZ|{yOWxS6S;M(|
zY`%(ulrufF;xAF;QLLW*pOM1@vE*%y<xR*+O=62hYqcSnWiQa>F+R0Vu4TW5OKpR-
z0^C)tmIedWOQ)|(Y355S`b$sHr+U68Rg8C8Lg#y<r!%qz0=R|2`{LW+Vw;mR0%|s|
zRnzu@z6Z<HzdCVit+2)co|9s@Q|G>GY`V=Ck$?B(8&tcd{x(ehWf^zGp@LO6Ac(iT
zTG!XJu|dW#)8kq0|7;$bq{Pr~7ccAAFP$gZSlBlxEz%Ae%Bo849o~P%nurvc*dwH;
zJXFtyYp6Uma}%=Wc8M{9pBTRlS7l_S-E*Ur6|4Y0sl1!kn3`#k8Er{_nJaJ0WV0wR
zTVBSqsGK`@QoKNaS~l3KS`lo__FVZVF!6Tbfp7vJLRIf=F@fD0P0BSc9liHbwJRpD
zi>7d7S-L03Km7M_g1aT|el?_lHrl}e<)pMs{suQgC0l+`BE$EJV;+~I!exU_m}4Qr
zYHPvL8)KCP#Hvl!^7*f_+IS<qhh7JFA4BKd^kpl4O@FmRL>ApP!$0GchB1auJj~$@
z_NYA^uJx_^MvJZCtmpU)p_AjsBLu1aX!HGU9uu3FAdhd_=S7~Y6QieulGT~!X2OET
zn23W{?0X33J!r8`f@jxpK&NDm>q)sQFCot=#@+T2Pip3&7vcUc&YtbW;$FXP2qh-I
zbC10o?_nzY6tiR6!LQ&0ImVHCoRKa_JXr>AwIZ%&L!Pgv!+VI^sqz<Y_Czc8{Rzz%
zi~Uyzg8S?41J1PD=bZf>^^--Tri3qHN@B-)^;0mb%xP`s@=SnZ?Y!BxTS-&jw4L#^
zLicpnKxP#MuSbu)w{4%>yVi+?+{xqdbO^e?Uu*7&r{6Wcupy!Fv0-1olYbe3e<7*=
z^%Fz$mX>J?*tJB5R01_^`xVR9u+dLz?A1=&F`Cr9)il1rPCM>IarKX5Ox5UY9p%`)
zW6Ws*cjaJUlaHYN>+P(#V<PJ0a@j3S<K)PCAi90Z+%BTHqv)i)3+vk1rD-EfszojP
zU98$;X8NjtWwYb3ZKTtw#%(X#W2;MhPkU{}ppOi33?=4+CT5kFz~IfD&gGtqZ_>ac
zX#_WJB!!Ux@z^!9?jh5Df;Ija+ozwkA;AOyKjYvy<6o7{i|JO~c%QH8rv1m=+vDn$
zYJt`$EJbBkm2Ie^Z_C22aOL$xyMxlTY8iQ&ivh3xmpY4RY7ym!sziE=bx_Ni?OwyL
z>pR!$hq-MBv~6yXYc&Bgf#_Mt&BwaXJGUg^wa+Ah#||%q=*KqCl@+EL%&dndn7c;?
z(hFau+LyLwio(rW!LM(i|EW`c@S{^6?q>RA^5f1{^E23h@PG{U9Q7E@tPRZ!j2sy4
z#N}Cp9nJNWZ4~t-SlJciC7c|LO&FQ}bApj8qYkr~J%hEgm8uFf5a_?AB;EfECs$Y?
zV6aDEARsWbpKCVsWRo(SE2n3sr<m*QrsyPUTxR@>PmNcP9|ZzCkMEjM=gKZ)+gW{E
zxvRgkjKzWk1v3?;ng$n|?CrHrM;;fP0>S_S?lxOpl1c@J28Pl|MwW+PbcGoH7P1vG
zxPwjgJ$yf*`CmXi{(uTAUb+0yUI)tk8N&bDpv(<)n04fw42-OexR`X97!3a#q4y8E
z|BU}HglGRZ!uTA#<W%MKfBz54-rnBAAJyl`po27-`=}}(dd3Q<d#vGs#SvT}^ibB1
z5D*9|Atvm&AZ+Yke(dq?TwJ-#ui$c?KMZb|{{_~6V#U?T7B>n71XM@ye;lj-Ate9*
z6DvT95n8r5LeO=W^ww5s$N%fVG=oJiw3dqa<2z4Zdnp22)DgnaVbU|{w!=-CCe4!e
z8b^8ksy0WGc)nR{modCHpJcX?=QJYn$h$P6ERAFEK#%B6JJ$=FL1-eFVSB8cl;iqF
z3Kl>L<xhg;PYNbNf+j)=*H41iPYOapf<i(HlTU(^PYR(=f}u}}uunp;PYR4ef{a26
z9Z!NCPYSL?g04ggKTm=`PYTLHg33Y)TTg;pPYP*If@x2Rct=8bR{#W)j|5Wy6`qe3
zUH~SOk0w(9H=d6-UI0Rqk3v%bQ=X4gUI1a9k6~VbaGp<aUI2`fkBn0Qot}@KUI6|t
zAN^ke{CYnAdI2a;J}OVa4_h3!y#UfZAJe@6@hzY5%>W2O9|^($Dp(&Y*Z@pIA5Fpl
zZdf00*Z_n=ABDmIrdS`R*Z{&<AH&!H;aH#G*Z>$q9~r{{I$0k(*#KNkA6?A=epw%X
z*#MM7AC<!Zwpkyy*#Od6AJf?Y@kyWX=>P~}9|_?ADtiCF<YD&Fv`27VQEm3vrg!PK
zhk3a|?pu8$TrscrygYqnTO(;(!!25)aa+SQTBCShkO=n-JpDUbLlkeZ1x7GmP;~Yz
zHb+4D21z{wY;N%h4m|jXrNSjlkRXhhAWVMPpH#udSiweI!6sl5hGY`PXc9(j5+-oN
zhIHM-tC0h(ks~j1y@7IrgL3^pejA5!eTi~Ii*f^vaw89uy^)iHlau|Glf##jeVLO(
zo09{blOrE=z5aBA{dE2Lbi?~}eerZd^K=9CbR&0_z2TLE<CXp8mBZ(ied(1$>y-oT
zl_PJKy}_1)!<PNUmcz%EeaV(X%a#MpmLpG>z0sG0)0h3#m%~?=ec6{o+m{2~mm^<z
zy?%IueR%zOc*A>meQ|h0b9e)Fcq6x&y<wSyW10PBnZsw9eQB9PYncOWnIo^7y+N9T
zLz?|Xn!`t$eMy=_OPT{snj?>!y-}NkQ=9!&o5O(3zO2omt<8b1&5=*O-T=PA0lxkM
zzTpGDz68FZl~;(JLk+$uR=$arSA>~cKE@l8og)v=9KstE#(S8WJDi$(2%9?$n|lPo
zL&=ZSoEwJgTV?OznOE?h!#^MC&#%6Suc13P8r~x#AK8jvzvIWy#e~u2`p`v)(Pi?`
zCG^l0_Rxiq(WT?i#ebvA&!LMlqs!J%H}6wb?^AdGU#y)|bR|H5remXHCmq|itxh`X
z*tT<H+vyk`+t!V3r(@gBjizV!oY{Gqeb}>a^;qZBLw!~C*Z-l@<fGHpC()EA(YCA7
z6syuU&(l=T({{7b6tdAaHqcZy&~`f0lseP4-qF<F(e@ye{Xr<Niz+LNDsPi3E0Qa3
z8ZWCFFYlr&E1)ZHs3@zbDDSW?E3qzbIV-C<D+l72<>QyvXO@*`mbYt{6>FC_ua#A=
zm3Q-%74nrgc9d0ily?HkN&)4qpt4#}c@K=`9~i5;Fw3$qt2QaiA}On;Vauvvt1c?b
z0xGM963dDbs}6I^5_7ATBg>j2D<HOIKDJeTs%3eqRl9~|v4&OivSszMRX3MqA(vHS
zi)CetRj0dUsk>F{ljXnkKo82vAC%L&xRbKD(>A4(BBfKe?tJdYRHgHn=`*|TLKnVT
z#EvqL$K0(I*p8x!j)KaLlJk!Itd8RKjzZMOM4@Hsj!JKkTHdLPZ$9(mZ{V`8;H<dd
zJU2*V`?Maof)PAtYHlyePzK$&gWWHtO@nA>#84I5c!S+XrcDuTtHMwr*?59I@K3nn
zJ!Pyz7;SUQ0Hmx7NgYMkL6^54V`wj~OGzD9)xnpyIc4ZJtBXk;W7EN&u>Q-?d03a7
zI^nECJYn<7(1TSMq%n%1gGO&XRMqyoE=gltP6v<P=CG<uy)H^)j7|ru(t4??W2r7v
zW5Qa8sM6-K3dmU(wmgcjgJEMmRn^{Hm%2QztwUgAb6M5xRu{KC#;1dGZoOI6`B;~`
zJOR)lIk)+!>Ormx<Qj!p|3+XvVA~d3m&i3PwT??*vv1p_SQp7PMzxNaWxZhAF;$nr
zHDSI^m}PTs3uLSdZ5hR0N7u2Qux+od``t3Gv5v1}b8g#hR~Oqd#<h;UZoO{Xd0Cg!
zGU2{Xyl(Sm+e1_r>^_RJj>d02a?zGkm+U^S-^zWV=slsdj>m7~u+Hy3J-rUyX?eZo
z{RH$iOuJ~%tFLsQs#!<wv}(O**{nysB!62Ks_%545o(^faCz$oHq~C(bUL73<O?=9
zT<E+_6R$r%4eq+Ow|jp>J?j%_3%^Mq9vAn<MLpjY=#svPARZ(4#*9Ck6X+PZNhh8#
zxL+k6*#`*3U&9OJQ{N5d4kiQGl&@$7ic9YnbB7lIe9G5&0)-ZLlet5U0Ir!UUV+l%
zyN%qDdw|f)HFVb>oV$Mg!Ds+0^A%-RQQF<S{_q5Vm-!m2t3dN^Tz{w%z*&36*;TS~
zx28XG4iK!pM()bzz8l^e%mT1GTrqYPx85yp4X*?E9j=MG3O(+ow}v_a+}BrvU8T==
zTU#S<0O9LvNS{BbcYQ*G;UE^0D{`Nr_`5lw;SmrI$u)*gf%4s$&`>FeBkzjcr)1{t
zuh7UbNFeVT(I=nzZU{J-24XX~qW3ATy;}kfuYmXrt_ge!9qy)pL#-gL?JItt((AiT
z;K(ybX!{!W{SV3AfZt#|h*kKC`rUM!x;L3xG?&ZFb1j>6bo=-#LBJQB)IZa}>yJN-
z_ir@)oUbpF*WEpRbt{A7>#ta-PlZ>+xI3Q@h%!8pDKKl8AM62{;EPCq%)vMz%U-ub
zGKC*4g~?0&-u-Zy6>~sK+8@r_wYmZ}udFe-b6@k9d7<6Hd8fsxz=QtnsGGD=L^i+a
zhbpli{|RQ-x7yOX?C|aG4U0$6h-cs{<>B9Zp~hE_iQ6E)4^bHAjn}<y!0p^;@4dXm
zi}W&%K;m)bs}AbLVfKgjo$l3tP2<1M?A<|Z%6E)v>$Ux-jb9<?rU(505bl4%piC0P
zp!h!!l>h$(gZ~?${%<h&U%2~UF!-Oi`#*x<FahCg`g;&K0+-``3D|#QzW?+HA(n!v
z_BVlnEn|WIKk&J=F_XEe>;K~O|3My<(hcv4slF_v-&)a8`K+^adI7(bBPcSjXX6o0
zSrx<p1Eum;EZ{qhn2bnFL;zV(5W$~_H@5MJx1c??vy+IRw;FbyGo<OV{jfL?Z`qfN
zy_*NRD{%YSpP0C#qqAdP?|I8*`#$$Md*S_QufGAF{-~MRN|~~h!C>vL&{w+TW%RKJ
z(ZX`GkJ|bjSKPl+p*=>D=-l|qY478{y!l$qF~U}jBhT&E6|9f9>tm@ei;(M$N}F21
z^WAHwlK%&AzGKdN26)zT?9uOUK=O<CJjW!3vYIm*g}DuAjwayiJ(Sq!;B_*TLx0Rj
z*zNHVL!WbxQZt$DT+vYSeu)K})`Uf9oW~QR>`@bm<+JfjXF-$k)B4t-%gy>}Q@c&A
zwlqW7i{&jmccj$dT36Uax|SI}@1GsFQ=rEswxf21+P#6fsiFFq;9|mu%sX(B)?&NC
zVvhU5;<4lIJzUzq(R7P8{LLr->)F7j+F{k}sn27}MF^($@pJkDgZ^0fA!+m2#DdT_
z?<*}2taOKZxYnUrxMig*V+G|2Sl^zvW<i6()F$-2)ZjpP>cV|<)aC2>{+9&X$M(5{
z*Ru(T1$=>adjoE*pVRgD8UW3M-wC!IhIS{uteN@R4u>aCNOZmKYA#56h_5HcdK_M0
zu9iC6^KL3TJEf|<pN64V^wp8K58H(d{)t&;6dQBB-0tk?*{-*=;FK+Ny<S#4-dFA`
zW_(}qg`<;iswH_w;)&yd{+Ev1`Mp-VKDYQ?%;5mvw{7B&Lf}N_1@Pd?^9aa;XxrEP
zb)Idi91mh*ud!B}{=EO{h#TMjeC+<J{=M-WZSc9Wc+#D5`>}LzX7=L-;Qi)vE0j#N
z>=L+@43fD%9lg4*CiyxO`g%@0bsNtg*v7W!?>D&E(sj{)h#H?M<kryFck>?-rpt}e
z!+NXW(|Dh_YpGetq-tV5wbnxVYG!gU*zg0q-A&tH!WyX$oklC2+Ufu;Pm`=JbM$V0
z%r#Yr?O)YeR>*Lz#YRRgLG}$|J6R}RURj3Yj5rO@!DzS=&-h~D0||4_;q`1}w2&hY
z)CA{DDYFy`S#z37HC=A8<mq@DG;HRpqz1U?+vPh_Tiuu(@`QZ|M?#yObaT}w#wNI(
z4ZJj_s?yhyrGUOv?~hB678<VAJclVyHJa_8dgM{<Ds~o4Gqt<GBtA`s(;#;A%3T82
zCbyQHEocKn^@umhde_6Gr)iVpfrSO^DLb9{Wz(sp<5nB@4pHTjDwu`EBd(_A(j!hw
z+D=7zf+t-@UXq%5P6wm6cdTfVUEM3x_S%q^!-;j}Yb}(trJe3Wy9v$gDYsq&y#~uM
zTKQ3C;PeypWzMDiQS$&EyE$@|)*LGd@Zo*AMSu*6n*amEz-B{itA}Ag#;sn2kKy<R
zqrtE(KWY#G<SW6xso%W^B}avEp=!=*4_C&g-8T0{5<Zh>MC{*Eu{M<qW`(>b{^VER
zGD**Th0Lcj=<ilK2|s|^HAf-tki!?IP@dM=*lIDAls*q?k&LFkIiR0kUh^}5>%tP)
zuF|7{8C1Qc&y|m;WzcTu>b{R@8FF-}TF5(Uch@h&vEs%lGVAh2Ldy7P1`GF_pIi_v
zpp)A(V*#5;V{*{h0N|`3^w>*E3p;5{F6Qo@d;`)mbA@bov~|1iZX}0sF~292m3@-Z
zEknoemqmLlq-zyWne0(Q0WY>?)3hHw_CU@?-s^jZh&sFOGyIBg=fX00jF>}#?gcWg
zio1gHyl1<DUK-t5?+kN)XpogTsTMAwP$sOp-y~M1JjFDPs>4w|eCet#t@WCq{N@YT
z1(lmx+!(9{tGhep-?H+!gRt!P_N{P6ej*qYPwMSxE9~4%$=U`bCG&c!V%3zsGehe+
zHuB*xUfWw6u=SYGZj^+*Mz1OTYG|@~E%4G)#E;8$Pu|6ooH_E@NDGmA0Z*Qf1<-ZJ
zP;?wI>Wyelm1zxI{Y+)rx{6ev)RrzAPHUqEw83l%Myyz9WV4E-BQ3a@OJ+(~Xs9{6
zq6@D*YWkcY;Pg4^jGQ7H$T<(pi0QuhBw2D$J!V|(oDw#B8EIKtlQru*x{wi3%k9s{
zmYCg7-9!R}hKWe+e;<nxKHi#yyxr#0XJ7A!yES{b!Gk+z_LxbAKm8sgNJipMJgIPU
zV)ruYSog<ANf5E{j!HcP6q=R5L<;!4^!t1mb&ZCep^yl-nvF#bMN0#qz7PypuAcnm
zUrc!IYcZ|31t0Q)XdaFiy@rTMd=tJ=)(=!OFh3#baQHjDX$mmjJjkDfeR3#Q`cgjd
z{3|8;0%H{$3owjsl0>;L{RZlYhT0;(awc(bt`SCC(MhUMAFp7^EhNDZriDv{{kW=x
z_G}0MK|-J9_*23Vs@+m!fKW&&BMSl^9E5#vbG<fgAaxbN1q(bw;R$`ypicPxd~`*&
zA8^VwdrpOO@)S?rB=VJC$lpzsK&Tn5xHktU>?@MXN_wsU{;J!Bp6Q<!#25$6OX%gN
z?DU3LrER-~hEzy@lBJmR>P@}e27PrCtGZ9z{PzolLFIMHg(G+1pb8QaoY_c9;>S1+
z1FFlr{`x`91jB?cuwmxEDKfo1!xCh-Nm+hW5+}V$&ZNH@fNrOFmpOLPINWIo@RUT=
zQUz{)I?p!{Y|SAv$BV8)(jn$d2<{ysb)G`g@P$0u5I4_S(|Y~CtL%sBJvgCX_{5Zx
zgI#^$OR3_XE#d2M&fx{Oeu}O94q3cD?wlx+71-8?QkL`s%m4XOBrrqY;XujvKFN}n
zzP{N(qs-y?(zv0-<R|4#{{GuIPCGko@z9sDiAi@6`bSr%+txg#{MvEfu6FL$VVuhf
z_UKU_Tz4;fdg>i(N8@+pZo%=i$itwoBpJ)xcm|4_g0#4uq1k%U4!sySA5xEG9sOH$
zJl00zQ!90&X9?~Pv50xM+_?ug^ulEMgBQh`<sj7=O$hFSfX?`~qcFid6#zHdDUAnm
zkHHP0<E_#3SNhH3U1*Mc8neO1R)^2r>9MrY?;N0IBtN>mtKwbJ+B8q7^YW>kg=$<U
zCEeD<!oO0aPSxy<wYjaoAe0$BvZySct2Z`3L0I}MgMqQgMxIZsID4$aglOCJp0Y~2
ztG%aJe~fl%PY~gDUZ?iM2*N4xGXzLgLbcU^4Bv4!9ylZaDJ-q4JenU){!Zg4B>{@4
zI<|qlKb3gi(PHyz%wl>-34zT<dmTpRht@iwL|iv~OW$5w+FIsyFtXvelh8arl}}>`
z(y8=)p*AjC3q^}#+V`BXGv2xAW$PT9Cs=rLb+}=Q_bl_QDCWdJm6kgZluYs_lt%4a
z{H!ybH6?0UJz(_nhzKtQRGI}`@_o}N?@ues!t^8c4;A?mmymamd)PmvC63I!wEh#1
z1`&VD>)26Js{B0n@vmRD%F@@udt`q4P)`vR?u?%sgWTFxaWYNm<^{*uwRK0&oQtw)
zxapNo`kIvN;#vbC7jN5XUXbF(A^!(Scxkf|S27q>?$AD!Gc1Wb#Z&YH%iLmfxa_}v
ze<<=JW(g2tU-3JGN^i{%<yGa{(CemOmf!hhbr=5WPjg*k*fJSx62Zdf9oq<w)JQ(d
zr^HAD;NBS&<$_PrZu*K$o3vt2AGB)aW}G5#0+(F#<uQ*C9zNvoz6Q<n-OznZI-Q)r
zeJeV$uP8h<EPiL0uXuC{@9y@6Kf5>Husl<h7NyBH$pGZ$K5^lgTz8AP5VOLm@i{M<
zn0>lJrV&!gm<5hmPm&UZG#wx&G6iCK){vQR9?Vo_Ol}@);GuN-o*4ML%YhA&Hcc4P
zqu%65jjZilqVeAn7vDk{8(gyxa|J|e;gMDIK4n;T{`fKK&RZ*3mtTDogxhvct4sva
zBRSI(KZhk8CxZ!;t5<XD{cf6~@5jqYMn-l|`s?M$FlV1JD;?s_Lo6Q-qCfRjg^$H{
ztp#5<?eF3f>vD~kNAf{89^jhTmdi_q`=ChCg8VrY^y|R_&tk4dg9zsD=i;GVV6DkE
z@sSupJh$vFiT&I{Y@~l^A<y43jV9LZ0NN*MhtNNrR`q+O%m{<`=@KM_xWP94?U^d_
zcAlk>R7v12gB==0sPbf8@U7%_A57?zN~9okpR^HOKqa^q-EErc?=2MJTaU!0!Urn$
zTSTQ4)(m(I67XZoH<$r8dA8s+thsE~L(@oM%@A4)Ik{IDg1_A?@#v9O#MucquE>+<
z`Y-*+D_c!Sz;KlF{C~qfZhq<B508@Y!4Kt>l=k>s(lMcxz>x_ZHv+0rMj<Q<*o_o*
za>GOlouHdaigfG{#pq-*TkT#G&Pf8szhzTXrJ8W~U9+SFIBG-5!wOnx9&nIGFEDd6
zzM`I0p|>>!25*jKonh1j$-}JnxJKMl&wEzur~i`ao)-y^u$BF?Rt$ul>b@aqv-EnG
zj(e--=^bDA_{BQKIy$jbjB}nLQ04q=->9*=c*5`#soQnpRW7<;N;e(`Sx7n*hx2ss
zebV2ovkP810l-#?7qL;BuaPzf0Y&<bHGTrHzs%aRTn=91((7FdYf4tv0s?WV+*yb2
zYNa-9V0xP;>M_(*v&KSYHnGd|5NW3K{_*tmi^`(C<ny)Rs(fmMQe6$5LUJ>-v!|YZ
zY(yulyY<3fu@dnZl0)eNva+Ab#LX{0tJC0kE4@mx$G=BEui<<<zY}v$*#R<htE%vf
z)?!cTR2uF=P{dFrnS$mBB{UJJy1P33nBE-&bTnU2{s#T?62`hF+I;K&D;!3wsVYg5
zBDaXF8B2#TLx^5Qf?Za(`}<Sv0L$}2+5pSv0brGJ{LIv$UT(jfIY|JkP>`oyOQwuW
z_T~Ol&o#adJ@ynH{*+wvB!c96!!BtwL$M|~F5g75PEAzo`tfW~IDKn{B@n3DPHOuC
zo9rjhi-G^mcS{^faY?RLAqC?3)Ne)}B3n&1l`Fw3pfiXSWPblBcQ=CTp9My>uIQlg
zGV2%kmVI~A`h<wuni-&9ZDEDXFecz>B(CcK!ce#&fC6M~7ZB(|>BqzeG&cDoNf#>H
zL>moB@VA@5R+g_B3wvY_ZcoWuw2K)Iv)SA_3Fp)I0)vz-s}j`GZ^<|fEw72D+4)fx
z{2bj```uoCTk)(7Jdz9!%*)EzgSazL?Xa`m8q@BT5|jN~+0M-wai=(RW>)gemYy*S
z&9H=$PAhW-wAGfXaYs-}uEQZ8NOA)oqJBhMbVpw$Rhs#xDUfer`f|*33Lx7UCCYGj
z$XUtJnaY<a_EY|pek`DBiqZY*i*jNeq6DXp2p^%|p=1eA0pV!<V20+yJdbpyd`t;S
z)nKhjoJcYm2t?Bd7LshOp=}AiADg`sb8kYMV><N0U7wZBEzVp65+Xk0OT9zI2-_<n
z@^Y^b`c06YSk=90Z)6s&E7(sv03_K$-T~J3*p~6oDnAzvEwJ{xIW}Zpur(*7O7Y~2
z=mnaFi~Eii#`Jh1!pot(g>Y=)f=FH5{oCTF4Do!oD7u<8ln<^*)5T0?%N@1EN+&26
ztKI3#34EeBMMWW@QrSNI(%z;P3|-s%ihaxjR<JPuzl_AVQpX>jgN-M%^RTZpCTsCu
zCsO+sRCg&!1c7QLI1|BOieN8DHc=|Ps?9Y?wx0FD3OQ)<+V&)!eM^2_eU}dwb&jQ>
zm1g^WtgMXnWbuAybb-FHf0>CcR?K2A9@x8V1v2}dlx|B`EkBBt>WK#wXQrx?4S5#>
z;R&FqY>}Qt{Q=P)WWMdj!Ny&>yL?0PnjzA2<t%IT{puA|)O06M%omfN_LPiDs>udw
zo>(qMIhFP~FKqCWcQ~20jq8Q!BZ{gI(SojmG1Q;>TJ$bcRLD=Hs{_`jxSmElf93nv
ze9c^$FCN7WzuJX2NY@7*Joz}K?~;-X8SLV#M>fq`4FlB2Hm2AO&+lfTzLNmdr(8^S
z3b-Z{5p|nZXO2b#_cYQ8Sf{iN!p;X}C<u&l-Y2N<8ZdR$Gj(WDTPX}95aVOnL>6=t
zAUUdck^WdEV@yGta$L!w23onf)1`M4C>_V2hD7e}>+|N!Ok%G-eqzVYm-<FPXgFO@
z9wvY6hDSfd2GHoz&Xz)D*ayuWeu(n1sZKC9ytwdzmDsq7wlzY#pC2$c`aUqonu@>u
zj-Sm#;Jia3S(u#pxLM0Zqgq{}hHN8Ow~B1+ng_?}dZ%DWr_y4usX#vpM&FdC3#o+{
z$Rk)G&_rP6lU)ma;%j%~y6{J@Mh(8Ev@2fd=L8GSuI*^kl@*rSEzip0+%|g~syvvb
zCiQ@6nhgE0lhg`tHKZY;KxbSX6=X>Xck)^0gvqb5XiM|cCPd6qWbJr9fM;o{9Ib;B
zcsWfAwG`QmdyKIe^MKLpoeRc{J%V6Xr|Dcu1AN?^$y^2Dxw`k6WHZ;S3Tp%@rhFrC
zL%p_P@<+;VUu^ID{XRqV;4g;Hh*+~5Vm+e8$1-pH<eZ6ltduK?BVF(iE|!?9vNe_?
z7=InuId(=fU9%AqasG5sj5YZVwzu;H<^1&Qd=>9<axG1bSFpquk*d2-PLlEf?APbK
z{d3!8J57M5eG+u6Gk26}0ek989A<tBnpfAo6dT&2VZmL;!j+jCbq9zWe(PG|?T3>0
z-g9lS=7!j47pIxrO>Vif1|3(BB86!OXkWHq>h$bmL-j~C-h@<KgBO8tU<`WK{5<gm
zVESaxvMHy)GS!5|lF{W5rhhaY#BMMa2Z(hUoj3BFqCkc`)``Cmi5sm-OYb~|V!WUu
z<0uA5HiO3xaYww^(td2!4;THxO0BCPs)*{p*%T0%Gc8_kp^;q`aDWN!XbTnQM0W5@
zS6OAgh|E-!{1@3VjL2k#Cukqf5m?W0g0*9Ebe}y6;%V=U>k4)+2w^e_%TLBAy${ct
z9d)kN6YtpcT)#%OI3B$DJ{=ii``N^pI%{Lr^2Ui%wHuf9St-aNS_rnnjfgWkmIqPq
z3eaR7$P<PhE$-U?NMIEWj6Ej4OBPOL@giY=k!|zpiFTb>J_vGjR^feziQMx41Ow@M
ze#0&P^W1(zF>E|9rvxOt3jG_xV@L^xLoA@4^ELjQl}qO=?;!7SoV|o&yCq{8$rLCf
zOH8PdSSY~hwW5t^<il3ZNP45DYtBjOh+-f`kxUY}IPZ>bmFBe;FYJeMuZ{8Sc;)BA
zQy&Qlb<ie5XP^|9Fm{rf`L#0(6>=Y+kgWq^RmuBI$2A)!4PrVK-IET<-Jss7>0Y)q
z-f{q-E0v>+AZ`X(AP-sPX2ykk?}fQ1%xY-0%6@$J@<LY-7<hpNLVuo;i_r_uNjjjd
zwuX0q{{V-bp?mpDxX}luM+t?uzXUEXPB*(ljN;5~qhU>b3Ts{|@o__J+$;Jng$)0l
z1I5Y_&VcG_tZthUJ$hq)V$i!a9EpmBwe8FE1j33|@7iu>`v7c^q6$)AGBt^K+m{t|
zW$#*Ph)~e!GwPHU{`%3>PY{Bq{Wr?*w;*ZRyq|s|@1^69?Ic^aCX*DA{Kupn+aFgk
z1B9q31>Q#J*VqqZb^BDVH&eF`1u7X-)#YrH*%=@Yn#LKH?F|=AFckV*@l0BnMkZC=
z)+F>pd(>|ubK`jQt|9107~l{4E1qA6XthZEE!PETCuEl<S=*)$*Bty3dG|7|b(Je4
zbKMOSce~!d>l7>L_B>TJ=^VW`>TGW7%&_JKY8%beB`a36CX?j^(SCsAMct?#!!=3N
zx=fM?$&=ZhXYQFzFT#N-t_gdxuu|SU1T}N15{#v^YZzHLAR`Cl*nYdub%OPlI7vq=
z?d5ur0&n#9N99pUgLwY=SX<84JkdSx58;{<osqkl-_G*B#+RrBJ-e_Y*|=P7>481$
zRy}d}3uYy#y@F&v5DyLajJb*3-L5F@FK7BUxjSd>_eIv5KIEHHBGaULiM$X7sog3#
z?wwW$hmUvkFjYg8-e@A{iahSrW$t^|wu97aw8J8FUVL238r6wC%!O!X+!{;LMyY?w
z$#==U+G;e=1g*cHc^Cf?Rn|^PN%V$oa?p0dD%!LoTdGO2;i=XM9pNq;uD{!cwR6|L
zJl+kf3ksLdT(bC$<Z;S($3Xb+1#X?ZDfRY_IG%+<-oLH5Kvk&d9mSropVsNT%o4b$
zjTCBPwM-Wp7t}Cir<D0LIlFX4#;dpWUkL^if~*18HRb_(VF5D2ljk9th7Vvk!mQtM
zZyUUJdH%X>EQLPc{NsTW49Jv+b2>ZN+2m`x$?5R6O`iVfEFDdD1=u!(UOcodAKjMl
z6P6pK{uT&)IZ8FHQu022e~DE&{;r=VZ=sdioHt6<C}5cW6UXAkq9fh*#RP^NF%e8Q
z{`N(p74vSN=sdnAK$Kv=pXtC|g-X3*Kdze*>Aj6ktcoY|-v|p*MKj|$$>4z{$hgiF
z!9vKp6-T-m`TD0wZtU5t72n}4YGYS@Wl{zm8&%}XK2AQrZP~b%&jaZDks`MSrVUph
zpynX1DU=s-iOjf9`8tQ2lZ|L8=e@m-9)~zy*1%uBZCfzjo4eT4#?xtW;;|Zl+Wa20
z(<DeLa77H@dCy-`WH>*(hrR(yH=x59Ip>n~I{S~nHZ>^OyApr(SGX6Xd3m%={uIV(
zaP#UN>Vns5Qs3FS+-o6l)fWxWC*$WBA(jXMb9oM5c09ED)MwrRo~wClDnjolhjE*^
zIL2I{&QIvsD-rg^GX!AaXCBV%P4Pp)IsnJ!2uv{0Y>sr|zJQX(;+Tw<g+q+VXr|5<
zZ4GfC!g8GHs`&*S7}M;SSdRU?EKzg2XGFV=dy|vxxOfQD&B0Ah^|?27Qr!KH&G(L=
z?VwDU=RNpAolN$9m7amXcLaxjTkf&F0Bxomib6f~i<J}gG09A$lT;1Ei`)(kBq6ft
zE2I72A6t0#R}=7ZXWiqI=vPq`nyGuoPNUva81`ebJFP7H$~})aJF&XcQ~Vl=OKobI
z2;}n@smT+_9X%|ghDY+RD3e{)ZQ@Eygb3HLeNoRt>F4q`?Z;GeSe#=>(5Z48r2Tgc
zX5?41204s%D5{@hz_!gMk^bUVq92E*96c)Cr^7rmIY=0yYDvtoN3{Z?AhLjE?u>dM
zY?O51R6gpWWZ#5DayMzFEuZR%Nbdzclo~B{9&fJDKcAH?6UsxKS4QB`C-4WWUkQ(e
z^T1TMM^$D7_Cvt9chxq;Z)9iZ^Ow4(L=?xnK+BF((O}`ZP;zDSlHI_k;Uw573^~=I
zzWDxIu1_e`?KI3Bq&G>j9AVs*12~FHlB|9o@wa@F;OFmpxp<}F)Q~drxMQ9$i8UHY
zHYMgT9nf3zYs#_n_&36+m>wYuIwRyWp(P;VqhQC4K;tC5YsjHRndg{iMqnSy5jnii
zL8e?=(7pj7jXoB)0y}y_@@wHlp9VYM;^b_;0p_wZ`^=7ml>WQozc7qJ!2?%X785dZ
zNLtIhjhMJ)U0Ea6#$3viRXvWb5SmnD4)E;XiGb5f73%)j5zc{l!l5>BH*Imyq!DBh
z%gqfy=vL0`C7f8In~|QaHPttqL6;^bOyvPzf#AI<?T(Z8GN<fFAs*M2>tH0L-lre4
z5beO;dY)C>r~`k;=4iz2SITOY{Z|E;Xo+&PHywRD{=>ad&=uLk<7+aEe`Mll8Sn6u
zFxmaS{QVfGLA`|$X_@H4zG7>D46D%CHvzlV4Yzx5!&eU7&)I&ebez%Cfg+gK-yN=9
z(8P-iU_Z@Gx4KRbbse1uDYVKPRm6EPDYB#UF0X@DMqA2$3?YqbuZ?I}w^;7{9cPzE
z-F?_zp)J)$AX4d9Qi!;DCpULs@`-sg?(+%*dFddbl>Mov<ch6%<2og91>x#@-?U@J
zE`s?h`zI;GuAGR<uQQtF$|zq)7_G;{`R@Qqt;bkrtc&_KD|h-~UVOW@W$IF<E~-=+
z!m?D95QyTwezm-AuKXfPG0rV!fuf?^1yIfHKKWnY7H|O>z)T!2!-n3$Gd#q^`>(XJ
zq7qFQRD(I2*x=@-I0J=|frnM~4)B<ch|0J5h|ob%dJzuB*Koe9RID7OBKme0j?X=_
z$%-D8k)G|jl?sC$GmUOMjhps59RvJdQ_s)D(32&yk=UyZc4z9R%HY^z_~0iT`>!s?
zQC$-&9!VP<KRCa*P;pMyWXMJcnjm84t8yfYN&2RBH5M65^{-G$C;cXqyI(vGkg&qq
zgRX*%QjON_n92_IuQV=kd@&3UtM*{H>4tFxm<sYUm)hh@V0-lkRMl0lkxCkbWmhEm
zb}5!{)ea7O_JhtTx$w-ravlK~u>_#bpv+jq`g3r@a5MRtG{E;4UzT^+u~0C1)g#Lg
zd(}a|cfNEiB1eHR0wCNlryO(OE{R%G6n}k^zcCJZjQdE?0D_nzk{M^;=ogCpWn;rM
z7PZ=?5w)CLnj}}hi|+b1B36GMWt#*+t|3tp$?w?K@c!wYV<Ea@P3D(NEM$UVog5Va
zR(gT>9e#(=ok&}~5trNqnUnLKDchj*GbVpuxtSxsIW7w8^lITqjVNriJc;;GM+Q-7
zp-7psD}u&-iK^~Y;f|u#pZI<(Oz#l(`LsvWtzX$Dp(ICs7B|l*;f1B`@)>qU0;sm#
zA69xir}RlwtkpQ(NrMGaD*{R#Nj^hno98j%{s@yu{oDI5bpek*Pc3%Wb_`2d1~Xb>
z<$TWi4hP|P7V?6RN%EpW_Ecluz3gGhbKr};$ZgtS+@IEc{-pmh>j+s;M1K0LKeHGx
zHwt$K7w2ww03*i?3X6!7yMCFaoMM5amJ45SaG(K5_oT1TI?tK3l{JdNW}IGfk}^tr
z?1VDItWzU<lr<LeX1pA`bm@sM+prPcV1Q-hWzaF~-Vb!F8s|Oo<hf=J&GvK*r_k?g
z#1JS^-CypBE4*PMIFXa4cCKi<x`Ce;xr*DExIZKVs!o}|lYn~HIQTMYe?G%sTqxFn
zcN0bn*5C?s{()A4m?7i9*e@tY)AziDKl0Qu=-kozx!peBoc^w2&i}^FfWU)iayyLO
z+N6u%b3#@SA+$KA9||OEn%xWxBS?G~lcLIJAE}by*?yB((ExiiAoIdwTwEfNh;e@N
zVMaW*yX}yrlZp0%rbT=sW|k}90G-7|RaIG!&kq&en_x8x_<@W@CGGU3WEU$J6D3Y5
zgc|ocXSME1(g+<pw;$$j-^sN1uuseTmI`<1GxsIRHHr#46KLaF#)UvE7eu8nCI<-#
zvkLd9!~nR2X+RHr{Ku<T$mfFO%K(JJw1j^skf9E4Hw{et2?4V(Wc!<Nx7zpIr|*PH
zr8-cAG|4T{=V`@RNVv$Af_Z)ta6LjY&%u@TfxX_S$}r3t@&cDZ{5(>dH-DNkH!jD9
zAWXXA{TP0LXl;L~A<ffUJ>uWQEW~EIQ>ur~bTyGPD}US&^nk<0pt5D;*<Zn{>S4;3
zr^rwz7biWGNW{P3;Ue}kwyp3d+M@OkB<wmmgKCBNqy{||atC0$2VVY=T_TeS9bON?
z5~Y}anbfJs!M~)}DDUI42*P2Xa;?$Y<g)QR^*byX3SeyKzuuX>{u$8=KEd!4vw(36
z!|SutJZ^rZH_siM+`(6W16qnq|1nD_HV<k|bJ~^e8*DfbaNRmCNjEoZB+<7xB0V3B
zhd(R}P{WwApt5V)zs8jHd~)>crqLQopwh><(xeOK@CcE-!Dn}Li%-&swC*PH#uh0#
zdEv@RHy+eS&-?>qp|4|Er25lA*4RbxIE*yfwZI*bO_y9Q^ejsne*wLt8oRw>xj0?a
zBsPC?CX<$_O9bBwf$dG2YF$9@YOE472R3S7XyMS_&+q``3mH8e^F+|FC+cnz5V7is
zjpAY{uw=QH%$+r&RNu1Z7LI~kPvQxMyda&A3o?7~Ywvrc_0&p+cWakl1oy9IE|Ev<
zP`9BVS&khZB=_Qw)T`+WS?*QS(RPeIS6tLxoX;>OwsXpI74Km+O~hS>Idg0?cn=F{
zHqVOM!{uu|5x7GfnPPOl#Ml{gzk^#ra&ce|sO1k4;A`FHJ&=y`<|<pQJ@^?<EqU%M
z1klo!@`tl-;`kxnlPGu6`hc`Hiqp#)D106a&w*i^*XJw0^w1K8&sT3i{4u}Im_;(t
zkEp+9Kyh#tHHQ1C<gwDv&jd`pSG!yMoh!R(B-Snxj3~><A|zcDABFDl&2xi^Ot8lw
zVjdMMk@)9E{s{>;T_htkl2owQT&_gnC7D5In*^cwFJ)D<k_#=66tO+fQ?>)c-7mYU
z_IJ*Ze{UeEl0XE88zwnpsl4lUfZscLc7?-(rs)GIkxMhxOUco5up?q@)|fZkaZbX>
zm%gj{-;cd4-AOrHCc~5t4EsJCX(S8rVx{j6?oH}S*N5tFmn9VUA$G9(l^O=)6vi%a
zow<Ru6MtSWP9!%<f6LJolJTi;aY86)o?$zX#ExE^EOS~7&#rH4tf?`xo#sv9-=Q+g
z0aeG+UN6j(O=``hZL)SPn&sml9|Fe67`nM|V;U};6pPexDcZ!LECpu3aHU4kj2gf_
zbo_s%VD_|5$y@XOedi6V(aUPZnkGTv&h%eUe3mt_Y_c^;gdS)WCmv$CL*bpSPD?p>
zpwJ>J;?Ouek7H*zM;$v*k7<1c7_#|~=5w+y!gf#J`fMfrim+pw|6300W!}qYc-lkh
zLGeJfzW~*qdbyp9jB6<I9giRtdeQ)s41J%(B?Q`q+@f9SCWVsF;Dpf&vMLaJ5kA&k
za?aGzM(GEVhj7@Rnyg_1N3u)ui~QrZq?iYqhlh|=?O6gkl4&6WvlH8@Vp7L-Ff4oc
zM`K0R&be4XW_w>mcZ~osals9;hto&t{b`ucK=z~W?;r&9+c>cFd=i0BCl%?@Y8K^Y
z2@?b#)dy7~W>0?W!Cu6xA5BBlx0m)@$TfkL`6OMW5&~0bm|=6=dg^#;o1BC#ZHwUH
zBtPFF*%yqEz;q5qvuSKRW0Huop0~S=V#X*YspYb1f7FRCFC!zBdJ`JY*y9Mc`cpo~
zNjWe{*6M{c^0jv={lw^m7XGD5jEnVZcjJ>z(KnzcZjMSJ4d1D-YNekpF5Q_xyu|_W
z>yRH2&yfp1wlfs?IhB=dP04<SiQ7RpvD<Uf17Yh|Jnoc-H<q(*Ap41kN)kmuXaVnD
zvo)yhQZPr8l&e`CS`$O=tAbcXXQN?ACg@_>TGhRbC0}eFds=vZeh9sQXj5S*jJDh6
zg5s<~>%DI4e(nJG@DyUxhe153W$I`xBl`Uqx(Cxx0Q)(+r0D9Y(GDiEDh2|=Czp<A
zE5xCc+=vUr3_DBN0g?8c*h?Pebm0ml%1}+b$bpL%&?enPLm-5Qd!G8HGw?7p#|}RK
z4L{N_Juvg5u%CWNEjK~hhJU3Tz)F%|+nfS!8$F*1KjD0G@pyAq=e`bsX84dbOaoGG
z6SEP86k${MUMPd6NR@WD&wLoBH5oM`Rqi~50&PaYbq`-p6x3Oe`>_QjjrTp&{DSc9
z;eau$qJkZ!LMk^X%%@}dO)S?9HXspVlow{!cBawruh%|p@JF8H7l#><ZPlxzZmPHu
z*Y%&eLpjEe8F<K(`{Y{9i*Sn@YG!c9P~4p{T;Jshr)a7K`ukH<$!dzp<VIePN#q|B
zy*aO2w+{<R=teQ4AwT0a><>O&*;FC6VKbQI(-#rVyZ01(JBx6}0Zk3!T*DfO=d_au
ziCMydN~a_BmeIMfE#HU55QtgM>^L$dH8(2hgO6!>rk()au<Hp)$GLe(sPWG0srN%n
zFrg4?7ZWquw-7AqN(Ua^J?a~OG=Oc0`zF@LRcWSXM1}7Iqg;K}-hz1uH$|!1kT7!?
zR@9nq_&vnsYTV^~v7c~1aUz#}nZf{N<%<DCf0u$dHsUFT*sjlJn=5yIkI4Q^S5h%H
z)U8Qq#>kY(jrJqP7550LZ4_1=v(p{Qvzse6q~x2jr+iJA>~X{D-k_9vEV)0vnW*Uv
zSkY$20MvwbACh`u25xFBaE+|C+$3~~F86ekW;?#5PY?>3i_GR>IbYxyn=(h94*v|z
z_$bk-A7ONS(M;6wCpX-9n3sBIe<RAd@q-N^-UVFq`_g!%z=u5Ml{SFeK^3+$&F80|
zllfdi3<r04lD(P`5PH4XAvP40-y1Ic8c9tswh+@hC#xLey!tWK4<w71&~?bB8q$*4
ze!1&%+`HV~UuNyIRG?}dA02Y`PnRb)zQvIIX=G3qV?McR{mc7MmGper<b|PXiHnWT
zP2xr4SI-Di=`;4ehgx&I4`HLExRJCMs_opYj2&Vx><5n<86$((llM(**LrxSNrybP
ziv0$Xl-^V6j-8195z+hhw6Vqj5!~ahm34buQxb6ss<#|`jIEMQ_Oiz4B$zL;Ap_C#
zs1F}&0ol)mY+D7?(B?16KWGft+BI_recu?7hePDM9>RwO06z>$aXlzrMq1}kjqJns
z>P2i4ti*JJ$%yz2@eVO_Fw}rjk|9X$Wg)2$S48Epq|~=Ym-+uLI97UOQ0|=c-Ym?J
zi4fX6MSV7PG2ysNYK74BW#;;bNvbi@yqLxdV}aVdx4#HhqwoP@;>3b#^F)eVQxS9;
z_uoZ2?5~=_b|B5bs(E9U2EMnpNnUrrbo8-DU{8c_wa2DX@PustRt%W2KY+<Qg7{`y
ziU%i_f3*2QHx|ndF0y{(M~xVj0V~GC<tSRsK~X(@-3)FWxB-L9&&(ESw(8V48WFWr
z|NcD6{H~H6)AGbiHL^YIRO;04LgT;V{_WPO-!f%ABEU6vD<n5K<6ERFK?7}exWw8_
zu%rZwS2z>JCvQxV?9A~7qO6fIsnNlBC7~TPbU-3CCH|uX!o`|%V7>YoKfi1x_fXmQ
zlGp`~OSiaOxQJVRdlbIpmT8EIKqo?-*^?i+G(1u77@;s)&bXRQuu;E+D&^#laL=4I
zHHO2OigU-?Q*zWJQyMv2*+>EL#?DX;zkj~}x}=%1oy!W1P8eB?#ZSX0cFa5W-woy9
zod;!0`{t{NX`gtZ&Wq)03g*vjGMGMb;5$BB;lKY{my!F0+>`w87pJ^g?M|K8CeT@x
zboY57Ha2djH$UX+4r}23IE*0Hsync5$tj#A;Ma1V;NX3GeB#bE!Y?8AYJ<~nqOV)v
zcv#$!W@q8Ga4>`?6G=2V%DBfY@EcY<yo@gK^lG#n>^JYwy{dVzt}udqfF>_*S{V)b
zU(oQ#P%a{N;kwZN+RCPmTtUqub;*&eRTzQ~#AHr8P`XtQlmZ@dw&UY4xM_LfTs}}{
zs3>mFMG3`M?xS{|q<WnY$ZO&>By|SIxbwsZ8XQ6)Vj)Ny{jbhdt<bsnjAdQh3<9P2
z8KRq{1|cbF_HEHx-w^*wNaIT%W0F9>UzGY<a{&^u_D0;^unnN2b<`v^SOE(B(ig$q
z?0@kh*7mg7_7n@vp_Xi{y2B?-+;959ZtECgwAE)cSp(+kCk@9~K=MLT(xu#T=olS>
zvMR@1k-x^6IA0^a6@>c=-Y7y(cB^+ZLqoq@V}+-Ge!>}nyw$nMe#aQTm)G%UT4$mk
zF*Cwu(M!dakPoV>N{6r9niw+T<8cv)Ao*%2^?u?l>&wpuE+#g7s<n|Car~-HP3~s{
zMX8a#)6AJEi3~JuAv*9Al=;a8#C}fQsQc4hL})8s<J?SPyL20U>a3HsHK2}#N}0bu
z^X<<}(eF4!G;n&#=qu_&>SXIIO#HJ<s|uN?udE#H4FIU9>IEm2(*Vf8<mh}W$Vz8c
zbAOhT6ZAfk<u8fGr+~NRA5}9H%|AJKZt)E)>nbf??x%3j|ISR9n}ClwZ87c$op`LN
za6#|H(H)hu8Sw1TYyj1{G!};+7A2^`O(^W&=OBhmEAn$s)XgE@)wGa<Z#8HG9&M5M
z?366z%u>S=Z>!p9qC$vGl8_qx1%ZN?Eym%ac413_bcxa-)7UX*AI*I@+?j+KqwZ_F
zIWeSFmL26hQ+dUPRUlW4A+c190XBBlswfET0Wm|DBbLeWQ5q?((W9Y4G{HV3r)BR>
z9DVmNfm=J4=!`10<U<iEfJJ@8k1@wT=zWh(4CqtihK(qon)wzqFr4|)I8!gkPB~^=
zvw>8Xe`~I3vb-c`(GJlG{Y2!g7LRm~g4c|iKbMNeBk%ruk3prGw2(Nly0n0Gb4#sX
zpgs>m03pC!{+AcI4-Ta7Z9@TPiy4=Y%%F57n}|&FcvL~%4l`~jfIQrbS1x!q2+CeD
zW~eK{r!NCqDM{#B%R=>nPH!m+4Y}^YPg|Qifp;JA;Je@t-F2jW&K4$^2`5eZh8vi$
ztf`1}ct^AD8>L@8b7ZFi9l7P-0Ny)Osmtl`QtWl6uAJ;y^V~H{UtbFS|FksYm+Fi$
zA;PsoS#_CBKRDZ&QMM9BN&X=e9dFUzOvYAPRF98Rm9a*jYymM+_Bk^LxIxZ2PGZ6}
zcOed`uro-j-+S~&&zlHhH-D8&pw&Zqy^5Rw<wH}!RX>O4Jh@l-oV6`oKBoXeHFZ*{
z?+sXj3LG4}q?Ft==CA&^-spb^u!W20;W-ltsS#=kg;kZ~*sROKBpCsCR6T8tvCS<7
zixU;PD9WaqZK*pK#M<^v@*}vkZy@bJ=;UR8?iZ;8S5u}XWa62%vcIl#k?#g-AnEjW
zV&xb=d0em4Ij;cy=4=*qRw~bvmIibXrNTmOiaOX;N};7f?0bHSQf<T>JEF>K_z%Vm
zpLeJ;97?UZ05`FRc|R0Ml;K+f+%lL|Hlc@eM%=MeVIFuA-Rg8|=FvLwjEnf+`qH#s
z<zV5zH_BL}cxPa};R>1C?vLi_rlhB_#0LuUGy1lyOvxXs;0XfD=n5OXoN6+A1xD3=
zhT9r+%NTlnSBQr`s?}i6qU3vd$Z*BFP?1Ep|FT}YoGB4*fRB%~a|k6AE|Q6I;f6{X
ztkh4{Y2dM)|8;-9!js`S++Kn+Eutq)>f2;VFW8eR+un|s^Ux^@Z2POmfNV+#d2unq
z(-LpfY$b4Z-0~aBB7C;4kNBD5c^v+|T~zzj%>|XYv^t;9e32`>!jeK&thhm4cZ`Db
zwPxq|3RmA83nx@fisKTcc|JJ`?jnw_6e)j9LCFZp@rk(^H*=H3*%U|o!|AG7+wY5o
zhi+`lVH$U=v90SsPU9hQ%P_2989m0ln7bQUyQvrLaoerH7^pQ8v!=L%ZHMTQM6XOv
z&tf!OjlYQq5dU*+CcVy_{f8ozx7~le-=^(Te<&!!5nLX96B`)8e+;GV-!Q<jR{Dp5
z!ekTh#Q3mz;#RD{BK{d_9i26r32!RqMs;5r-555{Na`;on>MEJqs7Ii1XZ-4quGr0
zC)wT}J3D3op0lzIRe8T>R66%UlVN|g!&<ev9N@eop#`%U_1FjhuqrDwBw#PpBU$1P
z*_+aAmxt}KvmWIJM#+Uf@F)FbZZ6Bz_8w&%j&uQ57ED2B1{+Qjs4Nz^LASxx#Gakq
zzkPsx3-vL5+eE3Aq_S?CP`#=KKKy~K8G6%#BkAUu<m4vIb+q1}#j>EJ)AiemMjtPn
z*Cr0gN$=$fCk453p0@7-$l|Rb4pnH{DbQ$(u-~Rw=Q-2e4^p^-_PF*M)p!z_WXGB1
zk9u|)fJs8eMeI!VG)DtN;!%ZDHYXl2P)#gG_ZA8ZDSjG%$-cVnzoEN|$2cK(1E(^`
zrNLtRyHC=K(e;z-L{nXT@iP2U>+0YtqgKm<dyaW0X<v;R9`mO?N>FgUs#z=HFu5RI
zKUa!+(mwA+65*cXrBf7Vn3+MZybslz3(`-zYn1Atz^)BM`b%vj$FnimV1?YOzCFzk
zA~{vuzC7Oa8cd11@%mkf9c`$<io8f~^)KS#C5kP2BQ(<`Wt)+sxtAh0pT9KPlRrUY
zp5Z)%Z0>l1+(}@i-C-zblAsowW@94ms1;A7OZ{USN^wa)Ed^1)28}{0B==_mOW^c#
z=EE-b!MD(HF&;oYs=U^=uJDRA+iq)ZSMXJuT&R7Z2F_TMfn%kuAS+w`d3o!|9BeV`
z12dzqRsVUhnc7bzfFZ(8<!Xisqtn^n{=540rZHch(64nx+(^kd$5Dklo;Gb3{=(Pv
zYOAJRWO)Pi5(Me@hviMLo732h8Cg)2hw<{g|Bw!}hx*r(^?17qM*2w1{A%JaMZ@zP
zAIcSe1m`yfzw37)m4sG`yyqHPPfd3iqQ)l0y?cD3XC$hjhAt)N3{eL<aQQ}Y^spIc
z<t#L9QnSl>s<Tx}k>DA=q$zx}f3GuP!anRfpgh<LT1<p|UOtOi!u4Ez*1DkakPV3G
zki!I+JjWY|nHA@OzL|!R+YM;lBBFQ148op8Qe;y$8J}c%OYJk$bOf5yAEDbjv_TMe
znAhmEG~Z>NzV$}-%0&6!LVSU1ro((&kv?~#&YJ^lj9HvUta}xa?_`~T{<TE?c}l;G
zZrT!Gj9J~+@9zS24|>OnptwvvHhwa)WFvI)?@*kosJsy6_h499P>=*eKVJ`KAM9(O
zQIfc@V4L7Av>R9n&GzL%=@(R6I3qUL8#8x@*HF&6cp5UvGsvXL@it3Wj`aC?>n1lS
z0b7*h>we^YvMs0%#kyvtQKITG((W7~8w-8189?&x1hK|ZHIqoNpy0-gy}WX_rRO;W
zj&*4oztSNGf@S3qP<AZqL`L=jDh3_+Y01uu0V(ugSM~ptL~R)gFT9{6*ObRa*4#=;
z^VjsI7o^%zUB3w)I)z{<S3f3;+;y~)Fz$e9;1$Y4<Qzw^bc^^_o?^TI))@0&($?mJ
zO7lgQc1P-oV_5O`>~QEe4!gWo2Un(Cj=ZPG;GFBIDgo<8N3?xHRV=tfIW{H#XWdlR
zgk^dV)pocx%cn4vZa85?ODPRM@Fr0qNgCk%SzA!aQd2!DUF1h65$2Ly)toZdQAaZD
zYKSsZc<!H|8!`N9B25|q6vnq0x!&f?pe^HS|MiFQ{B49>^u?6%#YMdz?e5<b8&fT0
z_|B*E(Ki9@EA=FD6Keoqurr2Kd+KQ81ogeTpjP<Cm*@qug>I_^MkpE4F5E%Vf2V6)
z|FgFys@@br*>7h<Ot^zL>3g2D)09A|h?&4et3EaNmkP6DG#PIs><W6zolyJhS=V`m
z&jWvYpabZ%p#b+4MxpD&*b#zAZ8<hjQ7g(pU8O&|f#}j8QD&X2yHHBP4>H-vkAln-
z8lyfXg$Bj^jvn%2TDlJ%{0Rd{hsxC07i6#&pVo1gFx8`4Kk64aNq#k=mCEl`kn~Us
ziHKjARTQvu%ko9~Q<L&FM#dm`H&D~t`<u9Lb5oi1H^KHgaarGUb#z5&Eu|=aio0`=
zJPG21^eSl$?MUxSc#XyxB#$SYJ6zkkMoyV3^UjFbheq;>0G?6^km9AQRW|1M!U=_I
zzz^K!C<Ou}t=VEOX#sTi;SGx4#qBZ7@RN4Z&3Scqklk_8m)?oqIBiA7<m^Bf*%PO%
z+$-_b^$Wm;mgL%wpIJYnfIofam2EC_c-7_t-(NxG)^@(*`CUA1fxNl`JZom?mTKh;
z<0ak`7&;)vwvM6Lu1s2^#4g>~uL!~eM&6p0&p7q9Wf{@)UR2JQ*<7Rab@|88+x(a(
zoIsXN{A2E`N+w8Vn$UCRkGtJ^c7H+yR;u=e@0saTSu=X1+T3Tu0e|&L_Hx!Kp0lA0
z$@aqz6IW3j<!3cRX+Sp4A@{R1wCR)5C5m2%Zi17+tpv#Rl<q2vrl*nwGESKKw`-A1
z<}L!Ii%z+k*opKj$dn~rs^3vz+vKiV?rs<y0ig~HnBw;xbKY85KJ*!h{*OQMQk)3b
zO=8~_Go2_&GJnBXiN)FPMLf^ejScq4zRK)$1QNo594yWGJVV}~@L4qmlF=$;5{iH2
z5Xlu~yfq>pbUdp8kap+{k){hI=dY}M42aK`b**DNJoN+DUx{s*REGqL$s5Ws{{etN
zf4}3}r^<=HmeRzr$J1fs2z|??ah((M8ZWD&{{x$K{gq?H!*!9SL$RlOS37$zroR7P
z%m~81aW)LmU+V+SusULVAsj}6L-|b6EMZEnXja$pWiuOn`~_sKq4%kpb>~E<YSwMX
zyI+}BVyxt;UNNgmOTVDe`Beg)>#62lgfFk9o56z2_U)p#i;51r(&YhZX~4gj_bIHh
z*>lH@f_KN@hGkkqidA+?%j-6(*2iRkAoKK|JU@M$1nG>5N?6=gv@jsjartW~2@Hg_
z6sGU^F*&i4z5xR?F27@08ilBuUL(@?yds$w4{Mi9kP@!IGKuAVT(7jUc*XS!Bh&8g
zPlrn}wf$b>*22`w1W>J4)z8*S8LZvnokiYok<0SjTO8Tq+pcY+ke_FgMd3~t-Cnqf
z91>!B>a98^QoJq?ETx5THl`bXHyrl`w8@(KWl5GVmv|PoZkIQ-U!pg|^g5|<5Pbk_
z>bZ(0Cr?O(b=yWEBAspg8rRyqMm8tt?DTtz9!c~4!mJbt1~E=)1y~ybSi38YaZ5n8
z<X$hCR0g<qFsH;7)8{A*XQ%H_lC#qo(R#H|<cjm?-Gw67ZX2$&%E@>5uwFa6m!`0*
zGST>mlnrf-i=r4OKU=y7sg{{RgBvu0jHqB()W};+&r_IOZ)R|FJkhw>i_y?clQEo=
z_!wO(x12~y<R`W7POn%;@bKv>P3y^YZ!!4w;~Cn(`WV~Od@t_rX&+Z;HcRUA#~0lP
z>rcf`?9WhtmvcXxihU@_OyzauCG>$Ni~v5+q^6Po%TmHOga-jcAoNsOQ<4uf@t-ba
zGY~UMS4TRzd9#(o`7~!RFJzHV6KN5L5(eMRrtMO1-PIT{m6PccTDPJ<zKD)KQzGU4
zM;Pfwt-DB4{Gm24_k9dU=ktIQ%juSNZkw*^p9fR~c(lD5(~urI0Y|4QvXeX0pa=6O
zG9TjxmCq!zPi_f*liw#Ffm#K>B5}VcY~zlx_{bc3oL{4F$(;ykG<!hM&)v=Q57&Yd
z(MMH<KE;ta{P*kFIDS#Mh8w@I$AkW&kcDUrqiST9?Z*Nn$em-^7i2Dy5?8Y*Q-eZ>
zn-nb0k^OrDt_Q)?`bN=u7x8S7>79+SrO771amFvFMCq%Z5;`}ss>K5LYnL2=6M2@`
ziJ1sjgb09j`h!(X`B)88N~M^%btBA9mjve!R!vI=6R<AQu_ncY&k2CK@RCF5I~hZ@
z&0rgLH^%6oq6_5Ip~>MytBJ`65laqI#a{s<mz7H4j@H=>yDf_9=CYDYSI|qm{pmRS
zHYHtb@_#*+1+rJ^ERdbb1hRKGVjvswQ&_)bGhH4mq3?sc{a8VFq2X|<T;LR9=1Em<
z<W;%X2hx8vp9H&1M^5Sal#NQyn2~S~gyR>9D5}QYMIT2~O?MaZQ{B=R0{zlaB;H-r
z3ahk%$vm&M*TEUrEBy1PzzmS$cH?<XGXUTWBCje$H{BPR^i}YOe+X7Fz2}R0-L#R<
z!__PNS)g^rGTgyogs(+}DyLpH!$u1Jju(}oB0ZsaX$%~L5j<ayq$zCs+A-^;k6hpi
zb7*a0z`p~p^%d_}hLK+J8mj%snlyZFH4!B@jQa`2JIL=tF+=}gYHu+X=NrU-T!S*0
z9yylw@g>P@xR;K0xPx(iKbtm1Uix8Kj12CigJ#6QAZ+69u2jrFhS;?}DRO=776-d}
zrAL5;Uq6qY<8r3pu@z2=1Wx8xec5m{_h=FSr(!mvktLlp26pklc7ARxGc!dJkIJNb
zh)mZ72GMqyM=Q#z<<v2$n4T^khkH8aQ@whLPfm?LH?%H*dwN_?teaawkC8A@xI;<D
zql$ik!W@KSBu7GQH{Km!S;djm-M?q#%^0To+RieZiozXHt?5HAzoec?G!7LDmkyAs
zz|Zm*rs217jGBQzvq@3~cL5z-lt-H{TwALpoIQ;GT<S10qoNPM&NYQ5U}72lj^R(@
z^Yr5=-9ERHYb|i|69K(bVZMjn67<utB|(}{5V@;H(%2VEH+?V3>Bh695;vCCy4aD=
z>?D5L9>hI&8LP52l-9xASnpR%TAJC>vNsH+TytB)##4LXtP&>Y`dVEJ`&of%++R7J
z>9~IHVmhv707f5F9!LLPi-EflbWn#+Nq+}pdrm1<*McqW_<`9iEewu|=$4{1(k~&W
zRTKw(P{;PQi>KY8q)#0ImQ(z`h&Hg40@%Zx<gVLFFu6-LHZF?Nwmi14Vb1=)R>K)?
z*z0+$k`x(~75u#5b;6&u3;E#qT(a$LB^Uw~a_sM~bX;)~83fy?n#K9#sdM1QdohEu
z7r^(g;lDcuccx1RI7OT1w|(XLFKoxs-o-dxBCHt4)tvM)qdmCW2z`NN?`R2T5{;A_
zUm+;sNH^iOW15wm^a5cuIT}c$eHWp7NVX=&7S6qgu$mluGHl30q@4VNn*-xvXvl^<
zi`37v!v9v319S5qVd95L;J};d@9^c`6*-2Cz<uMNn0dd4r5%`qU5<YMc;0G2MZ|$g
zun}n5Gq^f>N^|TZ$l++#P7!MfA<q%&TbIKx6_BZ}$%yy0S2LMHQ(f`-ZIdJ=Tc1N;
z!%Br{sY#N5rlqk1@0e^^j;&5vjxuip%D{E=a?}Kl$ra?-F9@UI)?$QpKj5)U84kuy
zk9TK_FysnxtkrSr(UN)+_d{VA41x6@U*Ig4ALiEEB+Iur6*=NO{y{yXCYvUm&3(W{
ztRA+-DZvrt9^rJjdvE)*DHzLGT}#b8ou^Jw20bwd3()vC3*7yJV@Mwq!1UcAXLet_
zGMZC<f|RA<zEV&XJB(wzn~^vsoD1M*OtWfU9_XXo_-me{^ufr|VFFIDZheuj(l;`S
z3q~u>q1kdBs78D*e|Dx?M=kTOEbuR}#1zUdm|p5Bky*Yk1ZR_eM<AXlUZ$A2Q?8_c
z3ouay7NRpR21szCmpM$xQW^F?crd4Xa9$<0Qf677bdodZ`Q9e*E7#IngaKH5O7+hL
zJ5?z({NMARhF2Tq_GE`?IlI)0LRE056SKn}B<_$EvYp`T<!WED<<{z0#jL-S(Ge;y
zYfqND0Tj%0qOW?i7u#~8I+m>Vf&q6wQ%cYD$GJuV3rDw-cjqyR06CWjC5LmlOQ5g2
z1VuZE4;wF49nHB+j5(ak6<&2wbBW4-Lt=*gga>?%7;P@Oewl@0BHeBaAn~#$(FFKi
z*FAXw*eHHQx{zC9^lUl-KF2D1N<u!;EDLBxG|9BE`-M1GpfQcT;MDZcEay%}<(Ab$
zvIzSL{gwz>p5<~{OZQX`qO<Zl6#ZK-pI|hLBmM_V{;}YnmCuz+C<Dn*E$1tYYT@$y
z7?M5=JI8uOr2B(sa}N@(AVB`)>r1!%(bb1;(HqS*r9EXm0aQ$5RSS?<(zW*5K6Hz$
ze^Nv?_K4PWBL{h>OSl$R$oe#eIyGu@X&*<450Je!%sQG${6OsiE-Z@`KPeHe4AWcW
zJWBhmid*T|0wH+j_#eLLAaYHZz83P(8v<3_5L6u+skcHZy~~F#h)MJ7>*d6z>Tn|7
zobyAnB|_UJrv|8YxIa9GdS`zi;Y_bebT6}=Iyo0<C@vxOLt<L$fEzrKK%1B8WwV;H
zZbw?A|GkQd{->kp|AZo;Pone=*`G-QVTsaLB_17RfWLhe>K@%Azy#>u*uR-Ji+V2o
z{-zwWyhC0sYmbz|eaYPE9r7kw+sniBJ=HOEJLHb2(d5eGGf1&2q9i^l&IpPM6ZZ@B
zU&CgisYGrq9_TF+#G4QH$w=y9hhj$3%ps5pwS4gHt6eo((>TmVV-Rt0MV3E8zY#Ym
zBYkp^W$RQ$Fe?LgvV<chYqYWnW<5Co)h!rTi566_AsZ9!#Nw&RuRVP@WmE$)Nm*SB
zY;?&@rL5)*lIe+aDjcpYD=F*6wSnnN-56v>a=Pr)v3$RfztK&%N^f!xmGX;Q0Iy4~
zssb3>4iuHewd4z<9+QoSN(GpV$V5#VD=g9J*2$s{7~#U<Jm<#xuBz1>tE4wgDNxT}
zHPC<q4Ss}XQ$7Ma(x1H2zl6}9Fn85RKjmG2I62?^!^!TEQ@KxO$%(pZ8an=X`plH!
zqFbOHm9cRB-U;HfR-|cfV;`>Ru1576gJ)Is>HW4B&|Wz_R?)d4f8NXrhiJNHW{zkI
z%q*R`jgKbm`4c;hl!jbWhG{zHM2Be_Hq*UmPKmjhr)BY3BQ!8<XOvT)(L_cQdLtjB
z*TUWJ&R@elGT3#dC_bM@FYvKRds&&E7KMVezJXQgG_Eg+(#7rq_0GW)4LD#G=i5D^
zXQU`ib7Qso7LRL~TeXI{qfWJXKP_|<&({<Vr_+eLi0&V32LDXpupnD@{%2RF>^%La
ztAM}A#|?48QCPM9=_=3Gk$=MF)RBM8B~m-wA?rVutBLQYdbyX#5P&CZ1Bjd7?kCf)
z@(0oXxPt1uF*7T<e{h(h5}b3a`qeM4Q~g`Ks`ewv51kf3Ixyc&PY9gn`8PIpsN(nf
znoT45^ss((gu6(6e_CKQjloSn$$cDu0inYJzo(n|Q<+wVAFzrec}hAQqaS)i?q3Tu
z*x!C%E<NE3d@IV@x)8SQaJ}d8t??j9_t5-Nv@oC06KkE|{iHcGTsQ`<vO&?Wo`FQg
zvQSPKy(3Tsn8dK&YhduG1xDr5$`0B5eIll%uZ^(a%<mH<uv_2{&B&tdb|0Dv#{j+E
z!WQ#S%4%6RV-D8#Yd&tCi_R}#(&j%0`_vCN>?eoi>W3#D4l*q<tXbVoN^&IOh|6S6
zC8|DsA^Mi9`G0xnLlmv`0=NLZkfJkrfoz=GAvks-qV4lagI$3li9FEZ$kQGsOBd2P
zG?#Le<(o(5Wine^QRQZ~CMVLGX4KzXvy_z2gO*XYs_O$u34@R?gI^TRcTC53;i^te
z!$_d9@Dwl}8vU}Mi>t0D|I^HteBXl5b#b%tT_HxhTp2|^K%ev<r?E4y>&L=Q&0sJN
z^oya@l9OkrVJVOBU;==w4;Vu8CQzo@?y>hecl|V8Ifou_IZD#1$VP7M377{n(@*bp
zJnyw$e=hAWeIoycn3E8Lfkrt|3J}H1g<eHpKZ}388|4Fmp1R%{4Kb(UgOlYD2*R*V
z^9i{<c8LFI7YajyMg&J^4_DKyCS*Tc-abZ2-&%BZoP-*SQFn6%XPUhWZeAqoHO++8
zsCp=3Khuvs?UT4k3ka)S-)q-Kd0=BXR@Gg@-RuuOjn~>5vHyG?``hoe^6PwTHl*(s
zj-o1UlAoitu3gltGUr)sd_xo4J3axQ_nyL4-0OMtp3{8vN5u)yd<QtXP7c!7^Q+12
z{;+YopD~WOcf6k8$y6jaqKr(U5wEj%bcdYX{%arG?G>Y;MoBOksssqYshBc?)y85T
z?fX}<Ing(ZY%;yKp<7N#b;95B*px8#42bFJbz`Kt-oXA4lY?SSq~A*z4`HcdSb29#
z@dnv=`%2-cl1R>+AO(m5!p4JGg-nBUJ7jCU1nxMiCknG}!lsy+oKc>wMVHHt%BXdQ
zV|;arqb>d<gpM^*MMJbv*_<fEaZ{(}s>hi>jm|7j?q3FBL*ijm&C!m=En~CrEGwJ)
z1vvD@7va53-%8=_2NG6O;&)N{yy?Zvbr|nlhPk1lOB1E1z?w0(R)n>@0(z~B70P8L
z2eYNhE)3VgA86_io9n@qVeQKuNX*ddT#dA+Mp+#!r6xGj32L9YhMjW2C1xt~k0#6V
zsp(JAmjY{=!CAj&REVx=T1O^HVbfm-L#TnL(#i55Cyjwa#Fzu=RM%E?q3P}r+}`B4
zu&ym+8~e-}#TaYB%N{m(s-M+hG_>8JXBDGL%S_3Hvy7k4_fts<(&Zy#V5P$56(U{4
zSg|gIPZ@}np24#P651W&zU-f+apC>)E;dI0_T-FSGQ5f0e0t1Gc=enTVAb4Al#c$+
z*LRij>lPecI3F>YbxbW=D6i&~(BDN@aaSzncdlbqI;`7mn(X1G|B*-Nk7X=-=5y0g
z_Z{26TQ>f)IHu_{OLIZGdqYl;?xb?+ic}MtNB<d3(Tn9yE;ydI=Q%KooP-o=wqiA|
zt4{%L)eO9VAAJg7(*UjM$(e12Uq8hkV`;N9YBq9DY~bIJ=+i=l@VUUi@Jd$@9xE}C
z*IexeYdMB4l~!>NYl>c#hehRJ$q%Ft!qt8tSY)ma*4`v~wtp3O|4IC`9jt22{PFw;
zk4XoFP%TS*IoqF}#JX0|6<lbkL({C_2Hg$#%s?JPPp#+G@PPIITLIU4PY-9bX`@rX
z^#meqatgS%@!|%aiF7)6;YPSFQ=Eg_!$}=HCKA0$BJC4+I-O^`t;VzEUYO7v#m>7N
zmI@GY<zK+lA!125e{WCG)|&}qL&}VskRS5wBwm)Sq@j8ozPomar%{o>L>mr%WMZ|D
z$tN;1EJIWrl*w9pmV+lr{tkW;#vJsMxm;5bzEPlmA>t^kv2k=MnVxN=0VaC0X_`9;
zM$S9dS}1_g4Z~??vdlnKucxv_cG()jF935Bll)TaP^9@3pG^tJN#B_z`&dP9Bb`fO
z$~lGHK5wvZ%7fi#+L^WyMbheK7{N?gfX%{Y*nRAsB-+zhWLBUe&?d|^QKO~3j>$>V
zBtT|HYPv*cxGMVg7kMdE4*N%ysXZuSE`uXix*<@H9|wnboj;e+(7UJ}7^z8SqiNcV
zX?tim7Q}tVIW?1!j70^o;^iZ#&CwgR<u10-EMPkJ?W(m^dOvPh?+O9xjx=VISunNG
zh{UialltNBB?AuhxoPw~^{W*618fH7$E7jd92$@=@rK^@W-BydPD^J|135mzl+n8*
zEClAHwK&x<VcU7dv0;ZY&gZg7yh=+lZ78chz?Bzd>n^@f%=azQmEN4672aXRsz14q
z)2LKfnJzieUO|s7u<6~A4%x1yG2ObOU#9k=Vs^WoGF_-C&6uGfj_j@#UNI6kvJb8%
zLLO{d;?o%6%+~6P$MwWCse(>XFH}>+AL0hN`7>CoGe6Nw2EIAJSHX!jy@Q@riPUus
z*_bEuUVDkbdq+3umJmXgE4d{hIc*lg;kB)Bx~bjgQE9DQLid%fVj>LV3O@thU4a4A
zjBF*_t79h0JvPE75G?9aQ^BGDpd;ZzEE-agn=SiFtLeivOdF1x3au_2$n+n%B7-<O
zF<V}HxiH8k2uh!v@{6mG-O<gDBJkWzUn%56Lzw`ir<%9X3@6Y;w)UdaPUc>zLdc`^
zKyjO_pBbg+$u=MZma3*(zteDVYQeL}7pr?$7jWvG>Ufr+MGNT^zeZPtooux%nF@a)
zjwhIUAbNDJ5|O3ARdTOY+X5CR@z+p~00;0yF{`jQDx%NDdRu$qx=ji~RXP?X=$)X%
z_TWUe6lPCy+LmG`ISuYi+)7tPLVbz}oD?D`Qmcy8($i|H=#|CDBXp_um~e=dUhiE;
z;BeI8e60U8hqbG9K!v3=n}_y@aKTaw#XQ<bHPAZ|O*K@1C1#>6voK7cnH%~sfp)Ka
zH0%e1jDumjnYxENCy7ZWv^40;G=-6^11@s2LW5L;r#&?nE_c@F6NP@d8Qj)I7aSXn
znoX0Ey!Uvvzhg?orqVNGdg3;$qu`URY2#x?;*L_x+J07MVq+Y~>i`zMUx-d%+|b`I
zwCSjV4mml+AJ+E`XQgAG5(q4p43Na`Qk;k{V9Jpph!bf)r8{ahO&O$^7fGz!fgp;)
zE*I@Ckm*I<?bt5MOg<2?>2TUP83UIVQ*?@9(>k7Ty!3%9%R|%ugbgH`O{+7Y&b#4+
zV))1=&O2POzA9nn@PI2@$==4cA_(-R_*avS9`|XII5$T35vQJ&|3n|gE8xu-`D0$p
z)Mtx;>>g@{AzCT;U_m!h4XpaRfDSqfs^K~{G!ZPJyJ|Kl){+tYkRWZ6uvl%F{y9KA
ziUfyMfC<d#v8-wcI%A)NRyp#e{XsfV65$Rki|{2u%#8RxfJ66vpp}Ne(0<RdMrl89
zE<qww%odH}hXJ;^&B;W|_6u=tXNzh-K2go(U7VF|M8mzLs>%DqG-GH{4P|^XpZ?j^
zC*OX*a1jSfdmDi3X8=quj&yQ|8`RVVlfC4ea7?#b8_~k{sG5iQGo2I~`Ky|85w|^|
zHTcTW^$_FuVkBFqy3@U&KW0E+FvOk|?&Bqrd-_u~!qy}AFAsluW!6)>r@x}JZW?=J
zqp8#>bt-XUk{s2Cp#_6ij~Gsgn73+ztXSsd-0y4XExstLM%}L*OC!?H^Lq+qexC2-
zmVKUIi&YNo6DV5-N64*;{kuB)pC%tmFUvFmqa|twxnW66v#u)1<(7RC2=>mpK&^%S
zlCxD~=0#Ska39#)C{`QaRHvq9fvar4UZ)rZm2{Th!wQY}q+a0CiW$bqfoxe9#eSf?
zZz;@Ai?KQaeX1%&w}m^Fr7#bi70&~gpRD)B4Rc#K$S&Kvu1nE4zS>|z7A@E&+po?O
zdRg9R0Yb5`RS?RKmH`&ZF})Z#Fm#qB9M~3??RSzHvIQxFt>f9|7Re->f)UP?ImK2f
z){%NvhKVEjB-07S8oQi7a6(@XA46x_xvXr)h2dS?EgG*EWE-L6{JTHE(mF$;cgnSJ
z0zK54#H<YF!`)RydsmasRLdaS@>KI6d5nAdBsF<q*qaGeIo(g*DqT%(prL;Lj18dE
z0k@zD2sOrF>DOQr6fSQLJOsE6i)nqh4tt=GJv{7*v0NJzUnT!80bjz+y;jcumBJwU
zj_!dnY#==J^gtOlFjHpu8W;6YRx#cKU*cI;C3j1?Vol7a1wjWdb$4X((z7l;<8|ON
z2DE0hZt0V#upcJ+sg?A#@MGNTwfxm5vzm&>N#wFv-y)`K{JD&TQ>)lSm|bv1m0|6i
zarCks7UTN|*hH9J(8+CD$)7!uI@#j<Rpou@o!3{=Sj?e!LMQg3SU#MlnD1fFjE69)
zkV&`d8;$|HY-F%eB-1Pj&NZ7+d{)AckuT9L+nwcMZO^qCWt)Ckh?R!y)dGdv(m@a1
zB9T|GVL&?DZYooq8s$NMu5xO_!)AghQAgLdePwD)OXmAv8_pqU?l}#%+bFAVyBn|#
zrsbrM;OTBMZYCL6EiIRNsb$q!R0&4u@?8b$`B&UE3J#)Ct!cyU9OX%{ky2j5zfH~$
z$@Zr+VtRTU=c2sp(!27lOYd^$|DJpFK6=?*C($c*4I|HZz?Z8E*Dt*F|JD>YN8ev~
ztB2Zrzv#TBg}Zaja0lEQtC;oiZQ|-Fbgn1{rewvVOYY5a`tRRUHgh<qXxsR;sdOLp
zXwe-Grysu8J?KH%itKhjw+rK>;X9l->4lk2y2;(6x#K0WxQrIw)<kv)s_~i#+lgDG
z)m3X`>%DIBs$06tO&9u{?e_T-W+TUM-dvR7_!nPc&=2ln9RD=8;2kN_hlqsqzCFwx
z<=1lb&by-YqoO!>$$Z#^qe$<oS4Z5ZA4TjB@^JScqo2o*6XFRS4rKdJ_(CzV`xT;J
z)iU(HkQd2opX&Lq?ebbZbUbgC+vnWF;>&YAo(e5FvXxMY&gX@wW~X-x?Ki4j^Z7_1
z=0U~2>nxtCd^vp~G>AN3Ma~XV$uk5gcJr<iVG)g?FI24}`$BXiAE?n99|+KmJ`d-5
z09ETXyvUh6E%J>b3Qry;y%Ts}4m%0FPq^qYA|~*L&1v1){9PYd$Yg*Oa%yq=$#=vr
zVaji!1rU_=-boYa6Ez#;<Sir0_48twy}POZMcmC6AO#qlAo`;wZMeNYnrs?#3V-rm
zdbJ=5*Gj|%zE?ov&T_e5^kQ6LqiYmZOU7_xPN6r_D3wA5>Q_?e)WC8t{gLF+t_bnp
zF1X4=bXMd%&s{D$sH~bi6%HHor_w!uEXIY3)c41QPNy+GI>~0TS}mnbW}*2u(l<1}
zLW0@a#)%3Uj>Lz;@&Dm+VW^v=+>{MVB{NUqJ_3-8*VCP8o0+r|cxTccBe|FQWos;P
zPa`;KkKvzWla{R-Hf>KMqrsWwyr+?H;(s`DT1H#5nDi4|Bw?88<pj2blJJ04!vDhJ
zM7=#M&WCFR#^OxirM0ZOEq9VYR|}~8(OCyiJ)Jnr!7F4rCR;QmjHLvgVO>TriQKn*
zq<twkPds?sW1adY&*IrBa)cWW&&-p#9@&c_X6ug9Q$&$_o6ti<MDb19705(+7!mX-
zPi;UAdr88y%y(FEk#PQg;pn!qWybx2(^A%Rsg`D`2I&-IVcg^;fw1C!{){xn5e?15
zLij^4P-^WKSiq$h@8iyT$~~-)I`2;&UzRkU1Wul9WVnCa9gyv@u~@5~W=(4XXL>ET
zK^ea10iPpldBE35&T*mVXB{SeQZLR5WN4qc$VWd}z_yT&d?o4&gIxw3XqUqM#?+;h
z&Vs}uye4L2J=+DRlJ@(7>NPgfccyi+tYXDDhp>rw>n};NMx?3KLE_0(Bkgn%Pa9?s
z)FFjrt(7yaYc7PlqNN`Z0^E%ObXiz-#^a>g19<Q_x<l@kjU95#&;cm!afxzjhg@Z7
zU*w6`hA`fr>J|TK^CHWyCfmG@?s$j1K~AkN7BZEwV`4V;<CKuWk`i$<wO+E}$<j;o
z1Ve`UZ7%O96ysKMzgay70l{}=^eRciz)uUDnfwdkemm@g+v#TEacogw=qs>NmMACj
z$7s`~qoOa#IL2k3uFCL#*-k_7N%Q$&mN=<Oq?}4>B;*mC`hmUMDH=}$dcQY>!GK)3
z2sKqCWsAsk%c-hJOxK)du8l@E@Lv_#swAr-N~)iS(I-`rj?9_=mY5$H@rpT-MpdL*
zPX4_zW+wY#X#b&js_`HSC|SLj$K}+qWi-RJ#Z40x98Q@3Nj0@qIyeFu%8eQhB;(q)
z0!(~Tq_@e8XQMwAuBy`0VEB&^x2&HLCSR7&CdXMvYHfG{7PMy`-|>-Xj#G2GOVMu}
zxSuH$gPa-?HYV2M#101;myeVeki#5v`HoNXpQ6Ja5|v)nJ%jZ}S6RE;se#WJ@vEck
zLXU?<c$taM4IS1x*X>sIPBqu!Vn|Oq>m>%GO7D)Wk&Qt`gvEY)!$)K!&9khYc2tSY
zLWW;+`u_If#*$JrQyn3v>0yxv9o+hVH)i0Y0dC*ZzTbk6n}z+{l2E2Kg3783p|7{E
zbQRZS07wk<>6aHQVqy-xPR_MK=uNxsE3KAO%iv}e#ON;`r&y4U<9!rhl+!!Q!uoF3
zS1~&mVBGtE75;x}*UlOl*RCcLjB<O<2nH=4AL_5N(l-sKBJajfm<iVZ>rwfkdH#$r
zjovY87FiP^<#GDu&?Y&xZ-CH9=&8XH;e9WCfdqu{JRK@JIyAVC7B4DkiSX~IkCvg0
zZDukw`bjuG8SJcO+*-pVXxANcy<$FQDJIMz!h^F1pv8EjN*bsHibW=5{*j2>zESj^
zv7<<cCsS*wC^lj2afuSe#6PUg*j%zfNxSV{Jyc3IVR;)X;TnzQ0l^7nwL;EiNm&Pv
zqpyK0n7Xx&dOW4MWWOUW`a`gqK2cx8>Vz~$SLIs=U9^$M1U$o-<&s=tfOE^KcLus^
z-F&o#JM5x+$BEP@52Bo#^@*9-<g6mjy^;P0hAklaxNnH-5EG#7_sXzAxgV2I0^uH9
zi3L=x#0dp(b_xBXBGUWII%Mq-jhTs!-b@W0!}!jPyCR9p==JUf!~9?#fiK6xuV;@=
z!iO-s5DDfj!<muuTD^o1F)Mi!i*Cw^5#DTMbh<>o!#V6Bo4q}awbZmjNv<ZPVK*z7
zyaTHXS{t4G7|g!7zpPtHpOvC#)cTb4KaUB1B(nsJ7ksP<FYI6BMPH@|uSu_)Q14_~
z=|;ONCrisT{TQBrpY9`U$8s82vq*w|v6E)|HA^#mlGVRwTUOL;y1PtC?GIpJI+|`;
zRKYJE1pAYRO%dF$b~t4tO*0V6CPKq&8@U_J411Aj0l7nFwH>WqmCkm^ow7cypPH<g
z>Va!duTV^<h~3Btc}WVJyS=&nYKP2}3SSLRf)VQE<OE+>g1lo*y72%JD}tfJs2GO#
z9RB_>H~qVSCzR0n!Bt#ge|mx6NAHqEVUvqK5tiZAt#bN~mbhj8DBJL6C-?9|#dzEW
zKS3G-OCduy?uX5IIMwE+F>YhkIXnI1Y=>AH)e|Qa#dYJ+F<x@NC*(9)h1+iZgaKuZ
zJ`h<=_mM^vx|)86W_Y1AMhbmkA@`2}P-3=trG9?Y@0Us${eBxtM{Iq>QfdksRa__<
z&_|ZjFWgSR`G98-?Scy(4|`Yot%>k=VsxLcgsup$;)0d@&{4SIOtw(an~<bCgwQ*T
zWqc>l3a1>yy+5BX71$`@Vp$PBpBv!C3ck+zUG0KVamb0sd~~=}374eX1JUe`lW%6I
ziBXYWp&YDiY4#gXOWz)NSC*HEo7#<u3VJT=;1jWqTcXiOkMc1gBJ7*S3A2CQW~I46
zpM#{XY0oZ%9mgRUuMA;Dm)~f(0)t`wBR{9)XQ~uYp}(r_f|aJt$Is3d@nkHcQ_}}O
zVqJfBwsJ_7Y4&JGdp^I^G#gDFkjK7k>nxN2SW}AF(!@RIm$Eat8&1dU$)b`z1<kS*
ztjq|@p!jPAt6;^1m`|Sj8&#w`S?xvhgaM32TrcsgjC5b3k?CdiQT1%CcFRtZYKCN#
zt=lSvr!enT;NHZ#ab}`hk%B@0EI(Jv6(+mV^!vg031GdRw4!X4ep<Ydo8HKOQqpUc
zUZ(o#dcee=7DxHL@al*dE5+lX9kTv6BWBpg*W#}n3O}QC5DUTCNcel`gRmS_5;kvH
zO_v0n(c2bAaXTwBaqK`ek!O@!H0ebRSS5;1t(O{)R<?5$Q~8T7lm@$KpEA&9xTq)Z
z2up{-_`kX+nrTwd$$fWDM&8f@Gv9vNC+mQJGiYPgIsEO@vw22+Bn~6iun<V5pAvWK
zGX5F0Pkn-_$mQIq+GeZKdSOl!M~^GDcx!v_!D|LAbxkNmM@Bk1y_G+iRhXl@T#h;n
zM=x4X#dXW{O;=^M2soPNdE42E-2fx@xX@mV;eN2`P=7R627Jv3J`d$blIMT&#j9lc
zNr>Z~lu6skjA)!6A#{6PoZqgf<}u?Y!g^js{!vQC2T|nD{Y~Xfp8hB^z^U*LbCVmv
zKe)KEAFU8es8+O*`$$!sCYIFWq~d5rZQO$@57v1L4Bx|G;)<0{?#mkffmtl>x?ac#
zP#$w-m+ebnmmhQKT)LLu;<S}0R@UIN9PrnQF5)gwY14I10j4)rs`l_o4?n@<zM_<l
z_2v*^|6|};&m#Ti%*-N<8~Wp=f8e%ina=BMapoL_Nb1Um;niojV2QXXBrbHZ^@;2H
zwfVV`)rz`h?WL<#-74sb0GtGCbCC>QToMjz;qLHdXEAygtA(Ew=^)Rwu@8_nVcBY-
zG$lE4*G!Hnt*B&*F6J==8BTOmL}Rk8?>L&^Kd6Lfy^-Q1`c>XWx>_2Dxzk_ewb4mZ
zl`z3ei<aim=*qSH#=XKTar!toMLVUiHFpvHY<Yg5EGTPImjI}+EGW{(rOW8Ckp%xK
z#~-BhYHtbRz|qI#QCG>#Nu3n~D>|u3_!~9Y{*ibv6IDFCK%!dHGS?(9^hxtF4qnJo
z54*WYdkt()xtyb$@!h2BO)hGqs$(SbAR~qUYj(!dV+12%C%PiMG*&>I%hd^Du_I?m
z3c@htLu&X6OP7V{yrs7YeQBVFy|Ic}xA5XrA;WSZf72*Bq@$bE&#agtFi6{9@DYHt
z*An-4L`iJm`2G&(0r;#|D8T+3))4_g?*GEy{Mpw_h4T$D%C&D;(iZ)U6!2Ggctw=H
z5Rg3!IJI&264|MLw^jXcFInh)%|#w}VakH3jU@nc-CVmb_%h069QpeFg6O?YpkKQO
zk$nPrmUHjJCk<r3fUeX$1$N1gP(uNa*Di(2SSjrcsb4t%3@Jy^obFQJc|b7Aj8+NN
zI`dtDHes!SK*UI4D_tyyeGefoyE8H!%~_T`5}n<`V9ez)O)=M4*x_n^a5JtZ<9PK_
z=uDIRS#J(MX(f9q0Z(Sy1+cRB5H}VaHqxn2dX>gNx+W<(bWKt+hQrBrUaol-*ITOd
zk<aSg!Ny8mm@6-uD>qDT#+ZM$*f5q9HZ#;ub`Q9G4hEW1i3;4cOJJVTS~<^=>eR{=
ztcoyr=!_uf*^^PEgYo?JE{F6RmtRg!4q;1{%5aRyJUIZ+DAduIdUgbhwjUMduhaEL
zYgSo?^x1?7Zo2)DlL_#(kIx1C@jY}qlMPNI<LR0G+NnRo<OWriQCq<{0&A{Uwsv`>
zF9M;1QdW$Cg3tXSR!`7=Om=#t9Vp&l=}n0~(0WDKpRF&tzLX`vSqmcoAxe%$ZdFD)
zQPrm`A1m%)ZVP8yVs7C6RW%p}*HPo#A7+FBhOjOB5sp>n%XC?1UTZLx(d4K`Cgj|^
z*eIOvn9H&1_lGl*gg%r(q6I)edbBHt<5;p_W(u&fMZeFJ`t-<*o92n-2dd0ujxv~o
zc+4`c41)20h|vcuR-CELm~Z7chj>~)Oe|!SB2L+)Yq92>ov4+uXMOivR<c`vll>x^
z3Ogz82Z|jE;XrZ6GQEiv$6h4T-sNbKK{!xc+X~agPOJ{G)Dc#7DwXo|QUPaKgf7*_
zI>ecbk!(LyC3$XKHTJl?imo*&`sX23{tops0d0>ehq<14jZyf-{ZYN?g?L{F>i`Q6
zhwXJbV1)-pnXm_(A!A=o(&neb2GX4JJFCgTsGE7SC#&%t1$Q9bN0o!IVepV-zYR}1
z6f<P-zmK!A`Kp0;DoVl7++^@QK<$(W18NbYxiJ$L&WLl=L~;3Jve_+%O$Vw0WHx3E
zaV!XTQsx>?^N>>_DqT}5_6BTRx{i+yp!a!7vQi!Hg*Z)>`(SN5+HF#>mH+byny)5V
zp3j#JO4>5}xWA;J8gAR~41TM#cr$8!IF<L;;8;~A8#hY5i|SwjDFACnj%A{oaYJ3V
z0frb8rjL#s%c|<E97<DlQC3Zgao9-(0b4Wd3hqc9yv*PsYVVv<(yPd&<@6cD8`GP9
zZXl1>N^iP)bwvEB@EFFQf`^tB+Wp+H0j3?eb7o(;-A{#W-0Ya*bmw7#V_E;5hIHVw
zuF^g#JO0kpZ?S;b=XOw0LQQWS4}+qf7&j9IL%eWzU@0d$Rmz>xkn67CCv;yat7&eh
z;%p<qY6?gLnl%&~#Y~fO709?BtN6=KWafNdDa(T}t-pC#0nC-<y*NO8$4Zpv>P=S}
zR%T7Y8_9%Ie+->p^S3klFpjVrC&<&iTinKt)D*QMBd+V7YoMG;53&|kuFFD9rfEjD
ztNIOrCM>GiVl*XmB>FC@ao{@ET-sO4Dp5RKlgbD?jKu2^)&;YtEIfmFagC9}3!G}K
z4Bp|aywTtTVW!{uEn%H=8-Ea4&D2a|W5w7y9t*2p?5z+k@T0ztY#mRrMd>FfD{u40
zOl?0Sy1Ai#@>h!6{ceHmW)xD-dS=$aGkc$Gym>0pNaHF|))>w$<(-6XYkM?mHuW1x
z4=nV>^`?6ZvBq;&rH>!qEbN0h;B3}TEe2=x4rf)K<I^!4qXRB+<#AX^wMde<8B^gQ
zn7PJY)g}c8xDSuxb76h!PqSgcj$yYZG>~6Y!W^ujH3NQ2TX%QV$<e#KiFYS+RyG^i
z&+NX<VDAq{lNm?KSTTWSOMb)P#I3}#d5^)!BcJ{65xIT$5#fofI`$dEQO9Braz|QM
zCHyO&{^9I^Fl4oQ^{pEWI%IYKz<OCWcc?KVnd(nDQIw6VQ(;p%L+zTfIubaABfqFZ
zrmo1M)s#-)hml=1G<rr8mS;1KWKj(r&*#xXk3-SIH?(*x&lWbT?7kE&T~;Lfzhkx8
z#QChkgEeMsR2VAKwxw8Fty@X$ov0=*E%GXca9lKDjy_4chSFk@<Nh*`I6N(lG>xT`
z+=O0Qq;qpdL@n%t@;)5{AK%Cc$Mx{DmHAdiLY5c~pwkXXtSVcErd=x=!*o@@v)Ola
zJ?C#}Eq!cw73JK!NLv><=%U0U(x!kI;@mjHIX9#A1Kl|qmdsp9U{Z7LYq|JJI{Kn0
zy*gi{m8CGFKbs(YFa@{SDotCk)`?AV1MB#w8`yNdHy@_6*HF!slb)B2+x<>D65S#B
zyvzIyr8+5Q*imj;unJs#>rbobX0KD*xoQpn%DSv-<<sh4B_(y%JBVa(YBi~og_q9H
zpwglslP_@}`RH3EPR*OU`>o<uPU4>oGf40c&p`T0WSE@jlHIRFvb^i+I@OAJlZ<#B
zxwc+5My{o=>we^UyXxz6Rt4s*s+$+3(QuHd$IEG-z-$Wgt(#mpzpqeJo1+!X``=Np
ziX49y>CR^<2=5-lf89?yUkbH(vu!5+5^>s09I#ZgM023q4tXP~UqbpIf<UHM&qfIj
zD><VkYNg)5G_O6}m^eSjWQrl9M%KUkuMtAUde+U1bRf8f1LrM=;se2ph^vNVGJ>lj
zo!s#8{DWg~XIHh`Pv-jGb=tNsY}{=IGCgqTOrXgNqErtv)F&GkjwL@XWP|p`SpNI5
zeN?;n@i)fqBO6s3Zmk#g2w?5~^g$1S$2go%TQiLXsv_Ow?=^6)UoiqRf=fae=lzFA
z?$a3ijj>8{1lpAn#^>xfTS?#G@73AdVdF+dI*7VhHNF|^qq{O`M42*0y}G$|(mU)B
zRs4-?Tj<rojhrD9k`K>He^p`GXf_Ze;WD{ZNlzb5_cr;$ruSH4@^nei!*VSYo*Cok
z8$S-4&m_oZibMJbr>@Wz7}6I70*|a>inVb;G(*;OD7H8r6?Bieutc=6-H#i^W3F5e
zfZblCYuGk1q<SBgN)hK}26G%ey5*Is+e5KeIV{)4F`4*9qtV!tkKyEX2~~3`Ro*1y
zhsx>Q<xIRc)+=V)U7ZjdM9%=Lt<zd={80Mi9Z5Ls;>aj+3$6rFF$yN~*Glv{7t$;4
zNpl<8+Ea8rSAMGF!>;EF6YDw0RXd+6M?D2*k%C{En9k8{d`UQe8~^LVw@;tTW8vH5
zh;%NGg>R4N=}MldF-*2EBrwlpC69?Nli)_B)0LdGl4nI&rjkhe6rQ&6$HNyII~?{e
z>rq7NCE)=F|F^QY1-?itSZ-tz25O0KowBz_2!9`;9}{sIOX4vTzi{x3l}hO+21X#`
zGE8vy6FoZ}{^CWRmWl=Z4g4f<;8NxdPM`$K-LAdaDR;{c#u~gLrmCzJ2H=Huk^ntX
zz_@x9og!2+M=IfRaLegD>MPcm4il7cy*SszL?7$909^?vE`hCWwg?6sRCw2W@cyta
zm!_^Q5?LI<NW+r~k93SHlLo|<c<Bgf20b6(<IUa%GTy_fL`jbKFpN1|%88a&yXZzo
zM9}JYqS(Ww268bUvr_+&j&4plSw|Y>bD@u8ipze#@Xua?Wn|GYrnn4?x||~!)bB42
zv<b3(V+at^OEMyh3Gj`zWnTEY<g-u~AI)(DkPMCD#`u`a;irEJtWLm;SXl7uShj3L
z{c^g|*Q=PCk^W6JV+%l0b1W<Ad_^{^;W_}WR-Pk9xg%7<dK|%lu9#L>(KfM)47n<5
z=_02|*n@@DFi(&QO5TTV#OrfeI)L$bjPcEX^Eu`zQ%Fs=R_3XO?2oZ1L8duaT(^HH
z#Ff>>D)yvIAKPRUf3E(WY7F(W)DTulL6188My7_En!3bW|9`H;!eh<b(^w@IPgi;1
zhk$Hv@id#J{-NOMw9r?!jPA(S;=HBUQL7KrcM2B1U8Pc?0-NaQR!`;IZz_7#VkxQ^
zOaAJ`%C|q3W92sfQ!bjuHofnA$I!<L&a5>OfD6U|IJ2&;4c!+DY~f*n@LPD)*0Hu2
zHw1pGEygR}Y+DS=`Yxb$9V14vy1Il&8O5m9u-+K-)Vv1r93QrqsjQ!GciD!h)$|;7
z?Gwa^8|lHji#BEJyfFl|*23I1Lr*^B?$a0Jj{?PtZ}c-*t3L#5xtLc;#k}-O@U=7b
z-c;*%^=FbJ#D7ro`~$n2SIgGS>V##dQUW|1L%;N{%1^vYXn)boJzB3M^NF;hF!Uuu
z1&3e@_|khLcY3X2Z7pG|@rbmM+mxo)G}H;Yn?C53=}Ur#mi3RpTB@N9;9jfc9m|ra
z`7(_|tUFo@*a>~NAZKeKvDUs61Fvc-Ble=ZqpQiv;+`s78~s)mjBOUGaN-{$vOb|%
zN(XsE!=ZEl?>SnZ-dYefJ<6X=++Q2%A$BlX%1*o*nE*Iz6^2U<GoD*G=<vT68b)QW
z2VvMURz=D-r*lm9b1Q(cC+h2AEHEypr|%6iM<AQCo$V&QSEZQ_y;$|yFkUP3f*;YC
ztJ0FmqGI7o!|DI2YQ0mbR)klvycKJI$j^Og(iQQLY`yLlGA`c*5k}uJK5pO;x(l58
zmi`!a-JsY5hN8<i%kT8k_#_nP+PsSXPR^glYMQK(hMNoY4-P8}d1x=gSUwPoPHu=>
zO&D-p<v@exf;MFHtW+&k=~FUe>8eb#S!W#G-MnHwq)2DEdbehn?^s6s`BvgFmzv}1
z%%0|O%>@@>%+uc52!=5?tSG24&zaDRYU?$ksm;Q392d+4aahk*dB8-tQnzA%VJe1G
zd7)1oNwk1-Bef`WvJ>Arc}Z7>5Tvp4RfhR-|KBu&wpR-qJDj#pSWptJ;g3GzxgSII
zwHOStHy^{;o(yI~Zq6|8aGHv>Ic2L@P05Tu8H?mhVm3qn5-*l~5ou|#LrHyHqnbq}
zUfI5N0KIGsW$6~BK?c~?`5o8dHhDE!>JOXn^GkzQqvNfDoz6DAW;JHbp9j)Ku2MKP
zo9r%I*iJp=Wi>El>(FQ?O#?q3w%Zi?nh#v(5GHGND_TTSEpN4#o>VSkt&Z7JmaKVP
z&ZcR>(-ghd)gh;DA1%1OsFjGMpL9u237Do;sDC(#zScIAmie<;T4wvyiS(}UD(;j1
zsws$3`faG4ehyIcRoS2$V^#DbxPjk>I=N%#Db`~H=odn1E+gw8G2?dQU!+(@1!-9G
zi@fA1xA28aV!DXOW&2IHYW-NcFDr=%S2~i2KUsKdYUmVy2|ZA?LAJj=Cf_XZQ}@Un
zq>GQ)`kzX`*LahAsF;6nI?JK5o9-_U0#qnr&^i!&n0o=!%yC6*<nF_q89Gj?py#>5
z^v}K^JXXd{?MVw?DWPx4tGNDiv$;~&k5%ml>Vh?PQ)X?goyKoC`RHV+*XtMy&W*2x
zOE?KrmxMdH)`9#tL)h9nPEu0aRa{#uBo6%1EaDyvH}{gTj%U78lFOPJShQNUJ0~DV
z6ZJd2(WlC=wyK81DzmQ0MO@r_+L=ovOMGA`?GagG&XbjGi(TCg%LubHMxu<z&L7OQ
zbA5QTP?41BS%bWpWj>MZ+PEgiooyCIHN#4|_pFI@ILxo)XK}hD<cR1_s&kyD@W5))
zNU0fd;v~btkxx!9iW~Mxb^bn*x~#iv3*!*gUs#!H)HZ{mEzPmuj|iRIyYp51#pzzf
z{`xGw-7CEm$i+yJ4%aW9%b)MTqFCYN&QkKOOFBZ34^Q?Aj7(!GQ}pec7!4OWL|XFd
zIejVd<5UNHt_Y*I1e57Oo_-(5g+<)sX0T~+!DRmLeZwLx0GX`=#UH~I5OE3|DBdI|
zyBk#d+he2jIKK$CtV2$h3~Dx0#tBnAWB?UrV?R3|=Q%067BgWGZp7)d$FyQwTH#lE
z7ML^kJ<YxCYkp#1BdTl_`!+*KMuUCBAadeBG07As%&1zPO=R{>72bPXNlzZ^G&@3t
zEiIB1?vA-V#ec08i;+9!UTwp|zkiGFAWaM6Ha6{KnwA5_tGIxrBu^}3tmFA7k>d@<
zo_<m2Xj;A~tc4T!Z&zj7qwnH=>fl$L!1#*R>-cwv!qIc&VmC!;M6jrn`?`(avV<8{
z6AUX-Z;r5~n!H*@2UfC87*85|K`w_50BJncc%O6}Q$y5O^4|?$*Iymu3vZY9xI&+V
zj%r?nN+fI8z#ehSgGOdLc<5j@54MHl@S<X$;$uqMZQ)Ja^(WF@m-yr)ZH!sk$b#SI
zLAFoi&z_X)F*UR0C`Hm{A&#4zy;*pS%OA)`BqY2MOr?8bn5aau2G36RRUvUJrcpi?
zW#w`kjBGu%dHq$mmRzXcFVM@6y<bkAb~Sz47t84*_GuY{Rn<R>SFkCQD(~bv(oRhr
zr}@z>%wA;5s7)OJ>-_1V08Q5h;OKJho*8uCIZ;*z=Z@lTCAHGvtE<?q{G-AjRSTz<
zD;&mOa~bQ(_<DW^d3i>&kxEYhh@6rf;yhCYhuf*~cj7C1;3%Hf4+8M*5l4)L;e4eb
z1|~pcCSc?|C7qf8yR1_W2fLFYsM=E8EgKDnYF%)jPloRmvl8wB(iZ_-|EY1ms)TdE
z<z%U2H5@p*Z#A5ih7%Hdx|*(+FvzvE(@0<h-PBKDS(D#!Ve9-ye{;}LYGpmK6mEKC
zQd`$)6|2{JZufA!Z^897iw-Zie&33ND`)H&z4z>^ZhL+w{P*?2m9ySHtSo6|@763j
z0#8>QS)V&)P5Ij^4xW8u!J)&wE->qzz884sz42#%*!Pq+e0pQy^KiYl4(&YqmWN*4
z+3TVzoU(q#mFxnUzX6~4xYyT!*UnIuwDr2^*Z-$e=07}o@0Q%x==oOoH+HUx_5G5q
z&pmtN8Mo}}+?@R`>~1{2bA4+q9G!gIioHjD=as$wnscvueS;(HcWk-7zG3HY-i_SX
z_|4zZX8;ba?=wb6e)X*~w+`NT=Zq~2ZtS_<zOVZZPv-6({X6C@gs0a#*ZX?s`lDyW
zQRDmeio=)x)n0UPOLiXo<}bhe!@?Kg-apr8=HS4yzt-y(_qiJf7p#3SaQ~mkh2mw(
z1K~}|?Rih-Js$p9{xbZR@J)GN#bWtRIpbfoi4s;-oWAIk&bH-?mM)pr-q{5Y6-}!u
z8o2u_nktfwc4MMq^+1`sVO2%fyoK%aS1fL?;@()aWO;k%8EuQ<6r-z}TQ#+t_03+$
zedR_KQv34G?%~TTnvhe2rz@5OxvwG>dP3J45>`VZIaLS0KZOx@Go@n>tghv4oy*(j
z*K)kc4TC4kXK^2{S`BY>v~{+f-UXKqam$ykT+-fo?EKlBcpFECaNhacJ&7iZ)qrHJ
zwC`<OzP$bPj^%KAVi^}*zG4cO>0|Xj!Or#t?VasQ=C#9{GiD8}SkW=R4gO$j8+^-Y
zoYQjKHdE8MS@V{5wojZ!ZmLKj(E(p!c@-h^iMo0xaj`z!{@1xn4VGhLC7hBq?#UW#
zJqbpm`^Ry$ddiW+d{tg?+M>B_OWK;Ox%&Ke%}zJy$&}S#ni}Ie=QU_4yG=_QHdYnt
z&kKP5z9dD3+LvSv+_WW&mYi~!sNjD`t)xnhZrzQ${ZjOjZQCiN)1#lk+-)rO+&lc?
zo;0um?jZjxesCK$ud>o_W-&yrgZHxpX*=O6K2(e}*I4WfVJE?-XZ4#m3txHv8wt8z
zsO)NO65`qmHwnms-t6SUZD0k*qI&8LF=nLO@R@s#2Jk9j-OWq8g<jcMxx&|Uy(`n*
zyF#kK-(n|U@@6~cILTQXU3KeV2BE$;k?9b8luV}u@Nn`Mk5kMOb-af?ztZSDB5aCV
ziGzgF!@dDWb%ricH{Izn;GlxPM4(TDqq|x{&Q(0*rxRcgn+kvCod7nNu0lY`bYcEG
z15v|#BM`Ur3108oG;0^EYfpHj30^iaP&J>e`EZ<_Q*b9iyN6@jwryjRjcxp6+qP{x
z*=%fXY}>YNJ15_FbE?kex#)|onwqJ4t7fLF-~K&MZZvOt;>9Uiteg+qCfm?9Y8~$W
zOewe=RoK=*dHc|%vyeiO6B)AZN&G)_sR@=LuoF!NMM+MvJyXwSq&>N*ap753$J=ak
z7+eoyorJ7|MRx)JU$@z{No6VXrVa}gg*7LO(7JwXgtrH4Xh-LoZ9dd-JevdxJdmv>
z;}-!%KTL1JjLWGBl?nU?MUmuu735GBN^oS$lZ8FqY?=-eJ*DK|%>XV?w;mtKvpiA9
zwJC9!_Ov4A&glu`K;}aRC72Y0VJq%*y{J_J*D-O&ln;b@IW`FhtM8jH8rq4`vxa$|
z$R+~e{D7aAUX6m8F4uO9hgse5yY*L%rEkIEgAsE&vtLBkD1Y^qYPy(_t41*lDvc19
za=|v`E*>)z{qUB2(dw73BNAQr!9jRgS%AtUd4#4ot&l>FNy+sCP~o7!P7cJc*&ZPG
zAx}QdvVtJ5jH6u%t5txeL$OcGyevci>xYUvG78^lM%Tto7WOK_@?4%Z^(m^FD0He#
zA^h}g$U(fi6oA)wJ>o8hfD-#0?6)a)3f^TBcj=lq^@nlLLs-on$8$)PCFy(e;c9GA
zby5T^SXOK_-C-8}A|9f~Kewb8dD>cWu7pUV(E)Iww<z)PyRG6~ReiS2jb9-QtW$qh
zT^$fpY{PLPl0t)J7uU78doFs_J;)!F9%ZhedS%apfLog!w2CfEiAP+c)GNLAyvtc=
z`@;@vHur*nQ(6E&OVo-f2_G@Ty|_;KF^cb;>CMyU4xy98fP(tX-8^Q6KtgHD=ah%B
z_x|W?Yeo8eO?gg(oN#H<*zGqWw_vLPL5n#2Wb_A{gWTGg%#Tq~LN}i23tF4~a!YFL
zMB~MO55%g><9xY~NR|N^=3DsC_TNZeG{RHRe}SlCGeEt@Z&^#vj*BG=)70Sp{rn-6
z+66DryawSeWqNymwt@MUAzKTB%i|e`=IU;e1d?X+M^k&m|E-{*OV^MK#_<rp=-kmT
zr0kUFUor+{?f!K$E_`i2xU98?G{}#{Sg6A%`;iO~a{}ALVyURWRu_>DPc5V0ms?`V
z1n^44(hSC6XitRu$lSAOKZCdxMO{Kcjvj6Z)~@vL*IzB0oB0tA^H3pmkJZyC#VsqE
zjQOn4_bibd+8aWj1NljTQS?zG5BfF}HpL#wMI^5h1`ER=ikl~+GC`}MA-$znI`MXv
zyGk9z|6PpkckBer${9x|U5jUIplGFkYF>q($@;|=h{t))H+=3234N2XiezPgjO^f`
z9vGORe`yM|FG*}%1==~%4@0W%Cy(fgh6xJTV^sgDp^J#U9hx1{&|&g=V&d|on8!{Q
zplN_^C{A{9&)-HH+E3LX`wTc|VyVh)IX-vi-{RE$4$n8Q7^`2SW24+gvy}nTZ)=Oq
zbH`)dl3?*xKFJ%{A@>PV24d(K-JA&`x0LLtcqF2vU3050HL(ftnu4xpj<*XP)w!rH
zQXZfKw1gFSy}$v|Y0A&xmbzKX1VOFRmKRD0chkn!Fo+ERrx4kASKKm_k(#q{H+@VA
zTYc{@%A!ZZw&)pzxSUFmqlD?MYflFJQj)R)B-s(bY^g9GU{fu$xA4zOWY0GD$h+i?
zC6fDM$W0(i?>*TQI5B}a^+WEvgP$6*WELOu$H7UsK6+2!O5N@QEl;~4i9);`JRGsX
zh!m70XUNk_wY>fzlWml5mhfnv@(-`Qump0PJtN(?1Fq=MTJl}16+%PKjOV{Cxw!Yk
zwX}O@UV*Q`yVrsx_QH04nd(kN@lP~<Aa&?t&&z6#wg;|)0Ga-|-bzS_We}}Kz7Kh4
z#;Vih_9_p^!E(fvfVPq#)efbxWiELVv&rMmPH}NOI24^CW4TW@?yRX%31f`Ljrc+2
zZjpcgD97q5_b4fP3uV_TN5vQjaO-j`;I3CaahMjlE4`Y3JKAD2HT7+B#^e<KP_`dK
zGy_8NIr7o}L|Z)D@`%CU9sGhRH@SS7bD!%NH=BQk)nw*hF$VET?uKGDh-2+~TAc{&
z>5$kWelp-iOpI-<d<=h8B#;a5b1qZo>(UFozWA2D{ife)6T-t^9A`#q4TUX5pZ`lB
z%K5jPpZDVUh-S9XB@WWciVyGekDX171f3eQm2mRV3loHf_&_$06?R#+<}9}Anlk!>
zs0G$3$a@XKu0ZlGF%92!5n_VB{{7h^habZ#0YzS$Mbb&}jTF^kKi*+QAW2RSW5Ki-
z++rK8MlX*Mom-Z3&PpEPz=3W3mj{_?2?NHd#h%KSQo4{R3_h{v$t1ht*QWOw;y|z+
zl#Zh7K9qK1-l8F8bjy;n8Z;LniCnOuVqww->S%trS7KHqNx{nn{3k_U7#7M;PJ4L9
zjoRuXkc-M<sN<oLFD7?uyNt`%j~y_<0TG-SBH+GxNk^1DnWxB+b<9L&Z03Jn`N4iL
zY3aC<v%aC0JlLwU=$s`eWg$pe8eyD!cmgcZnI~_cr)?*<9;tK_Ba^chb^31jryN}}
z?n#nufWf0WSLXNn0!v0{Unvs#Y*dRCF8cYaFks)&`Y5vAR<oN1ox_gf?STCv67D_^
zO_=&H7A4gtT`%viQ6B|7#kt9+MV0^njn8sx$?+I-2K-;8qHc;Q%x_IVd(z#PF)Pp|
zvTjL)Zl9V`)`kxYR(vt<@9Wg0k~H#46~JSDLgwFs2G*k0{IikYCaX;5VjXfwH)zW;
zBE`O$TVMo4)~@^SA)SPnFwD$+cB-tOjfxXT%<&*}mOqlqIL}i$K?qsK_(=}C2`PEy
z`V7W*=G4;~8TKb;IS4Tpgd{R;Lw0NwXO?m&lZx4p+K*S6%v<P<S&KOuTi4Fap@}qX
z|H9%!sjW-rvyz{Tv@Nl0zbJk^w}<hBoO8?RKL$>>!@7?o2Ch2?7o!&kA1Q(+eZ1o~
zr4$%L=uh=@)mOIp%8UGgP4WaBMJ4y%hdFUlmX7We-2;4Km$e9PFw;!hdltYQn6=be
zFV1xbX|KiN!B&8?VzlBRQ^XZv+*+)#O$(u`A3LPklPBeD-fvuP!`o?3O?KlJX~D2H
zCRJ*S8rONbmJGo#1+bPTmerO4*!NqkVj{z$#NJd{t^k9t?-!m{Mnh-svEev^QgdkN
z$@^ovtQWzqu-59IZl^d6^4ETW7Hab%mh2C5yYj#m!d|d_*21BQ{no!yp2E_RPcR|(
zn0+^d`G8D-@ip%2!ORI}lMy}959aC~m;e5gZMRw^k?&tMRD7H>I49>6qJtSuc0}wi
zo33R<JA<fxnq7QMo0*zndzu$FE0MRzaUBy2TpXrYC&6*W4-v~EJ5dFdpGf(S;aX!d
zaA*f&we*tmfbZfnupr_G+Qz!`$e9JcYexkb%-P+;WrIVW1SXtZn%Fy;#Ub}?=Pjt&
zMq19QH(Bj!eo0fdR<{9LcI3D`*kVTilw4?TGwZXi{Z}X2>AHBYzn81s7is;m$ENYZ
z))C4ZFk1UgG2sj}BvDkNK0|Cg4QPP22~GV94Jzs5`7OR<w9W`~gSH9ZNcTHD4-@RI
z!#%@)bBulkb3YJbT2s72Ci&Yl0VXicFLfvPGZiT_ln^WCvqWE@@M`4Y%2W5_dShDI
z&_w-QifN1SLsjJJ7&O5_P(JD*?=P*j%u{>}!tMUXaJz@vWEJA!eKIfT9)O?b3&Z&)
zal*zA6&)z`3DvZ}txh_<>T{ERgK7p8q)BWewq3k_W;ZPNF8pks5E=q+VSI?gZe^|C
z9!I)V?7Vq?xKPQwQ29twquv40=nXqN>Eu-@PHn71e(WKnTYheI?AON9b4!OZT%(ge
z!FAHde^%J;G&|LYCsY1m-E-qS14dlsVx|c50v3kVv>(rbD~A4??}$Q)NwHA%$?XlS
zZ!NPdeRb|E|1i|<J%K(84rAFd=Ff}x7UEvXn|!Nywc?=fFJ1eeCz8+YAoyHUk_!pi
zGAA598R79z`hkNqx53JGO+wzqGh$0PR>&zHC}^oi*JRXgnW-P8;1rSs$1IEW$1T&3
zTTQRCY8OONEJ)~F3=YwUtUq010|Z(O8LOz;C7PxN@4|af;C4of>;pttOn5E4*#Naa
z=BhP((TOoi^2D+aw-QFmy%;SqO-1nW#i~fA=jk<7oR=!cHKy9p^`KRm&X#;5hi#dJ
zgO(inqDf(=Y6&L8s#M@oHztzdbVN?Bfl7MQB2Av-A01em1z=yojz7B|-Tn;?D6|4^
za!h*zY!el@WZi{5f9{WRT5}4pGwI%e4_in&lsSI-&ND2hBj%t&#Z731u=|R1+_cI&
zw*U%dgHbU1y}e2zp!lpWM;v{om=S)&B}J6i)k5AS@1S*Y!UGS8sH(CQ)GG#<hU4d`
z*<z<{&&8#(fA1`?!BFm}&I)p!HqI#EPglNW@a*YBQG#!Vgp2%{z|r}pqN55b;x9G!
zI)T>reghf%J~T<M7B?1RdC5hNQ6KXCk9g-)xjsE(GfKE~;1n78im5vPX$$MHe-9)v
z4*o?hpc=Q}+4PW+6_U!yu~kNcn0snGib!v&o8SwSry-#FnG()vRzQ=cS7wV_dAyTX
z3h<SJrw1N}TVJnqj3({nh>z-~$=jO|&dPgG5Cxr)uh~PxIE5}-J#>Qe`p@N$kpbh!
zjdAo1lII2L_B0)#Ny}*gIz6-3YD#58l}OeXM1wB_At4#hyyuqPN&gzixe^2vx`-=O
zUm9OX4)~NKRJ*kMjxGWbR&6VlF0oU98M;#iJ@7D^M<x3k_7T+v=CccHLe#@1`(=%P
zH$Lz90is|1osX$1OMHd;EbG6x60C(B!;oW|kjt+Ml<eQ!K8hAj&y-ITCoYWpL<!|4
zv7nuHfCoKEQ^--hBV<Cp!aI#vTrBxlr@)t3<o0?TxPtT#Z7~el(1)n}nyt6|geO?O
z`dFeudyeAEz(bY)kWAb~B?qpxlx-rF>MMmrC6zlk%)!q8sas|Pa&OLOu+5MPNXy(B
z+Dam_CEs#ZH7*u1V|A}fe{m5&1<?ie>L<f{wSUu_9|_{&LoYC$Z_hM@FG~pQ)kEx>
zs>+?{cE_`U=K1GXD`0Jb{M{CDzawX7O3>(F)frjWK~n;Gv7L@ip98>dwDi&p{H?~9
z&{bHcXQy>zaZ9nv=cvTxvYNhu_tKcI$>a5l$=^}xoqV@B8i-bkgQG4^u<a`Hm_I`<
z8`Flpwr*x+z$8h7DB<ehZfR|zLt}|-1%jK{GTp8<m<1EhOmReRYI=ItBE}t?#bk5<
z-Ck8U=ol`9t7t5Q6eOqLOfj4|_-YuD2nIM#pvZ)mXCWMa-1-N_b<T*;3zh5NEmp}s
zk-N}W_>}q1sSK;^86ypk*dqUSt#ITD{bvI2XE>n<XB?A5m|Vr5R3ySOVL}MX%v*4C
z;uUv(CH8QXrY}S#v~6Yqvl@NUY{Z3hajozPnXnhr^OkCa{SdosHbSMg)9Q+>q?U_s
z9~{$;cGA{AAIGyVw><%3S)}KX(99o|SsNZg9L%bnlNR(~3~`G`@OV02Jg~Zrr5P)S
z5bAifGwp%yO(9!pHrEcj7mc2ia+#Rw(VVUBbLP<XV?hY+t^C0%iNIc24SK{GY*cXi
zL9JGe%!v8YT#w0fl*fDyxLa7yP`{*~(z@{M)!GHpOx`eGQn5hS8Ba?8Nny~o_8qTs
zdxwjX^kN;B=Qj6cP=E5JN%>K={E{S~IxrHgEJd;&<ET(Q-M@>{_8;=4y1C&cfg{%0
zQBb3zl*8!{<N$Cw22v&$B|8E$KKLpTQptpXkBG@lFvL&tQb#FtqQ|a|<_WL*i=yyF
zF|L+4(^;qUwKk@qN!K~fuDT0<H~xSQU#(krl6jNqTlHGu#Srkm`&1ghFm8mRYbjz{
zUp0r&WVK=cDz__{;NoF%r^7%+UG!_`fv{^TfI-A&csr>`swE6I4IGHosn=yzb)spW
zSOFx9dZxiN%`X(#-zEJm>bvOk_wi*h>QU6@zW8>C-^W58b(bPG>pZ{Bj?OF{d^>e*
z^-zscu5BYcOy1kRn0fiN^8M^v#SNoRwuXLAY}zdoit1p0{@BLkDoWCp`_G2R0+383
zL1^F2lE7%p)Hc-QuMrR_JHq&+H@_oirONl^<uiGXsABU=(5qN_1gYrqNj*59HR&>?
za%rTD24<>>vZ4h;O?ag7g4x}l`=<B98vR)fs6N16j2Tv*K$SIykLWMV3)NPgjWd;s
zY3fki)LTG=yR<gruLaU*7hd`qmdw$0d&MfQ1Fs*Wtgx%@En?eKSth1MZepa(eRqpZ
zv4UyjXZ-WgQRaq)PktXY8zwEz0p*90^V=38NTb8WA7WPTR>!}LX}c|kb&9*FS2g{W
zhA;N`7C1VI@so5O8C6486DXOh&`}~Q=-#Hoy3t|LIG5t&AI_uiYDnd+$;8_<N})|W
zarajod~K#_LQ+>|EzQFK$G?g|tS4~}y0_#eMrfdm#FoB60~!uWF*yG>qey;IpQ8xe
z0(xZ`w(Qx*Y}Dfk4^)vT-c3yL(faj~a&j0^NFkUy_ffw_e$b#Db6T6{gKWqiPv4!l
zLHHzydb@ERNSUJXOsdKiFMv*y{{tcWP%%b_1un50Gy3?u_+XumC~LB}OBiv|xgxE@
z^hHcCg%@i^F?lF(G%tw0iu5nbvTg$8a*XP+?z!)%)KEOf)Qfi4>jUL1UfHZ@Z*)MV
zd%uLcFRI6uSUviifT<djd1E+_IeaxzPq@P5y<#o8f<qw?Go3Z1-ioF{XHkqC|Co-t
zZY`j<Pezc8HqB4G^V3kXTc&A?kYJ2k)$$A_1AP~=!=|Lcr{Eg)QS8`q?`RKZiTv#j
zc(dN;G`J;2$zAX%-1PDJ8_E2(XCAljpK~5y@N9dFI?MTT#MANgr(JNT6m63L`&;AU
zi7q1MR=v{yPr&T{LJsLkgf525pnLe^v*bkomllzhp?zBNU(yaM3&BdJorV3HNUrjm
zatU%BYLz<A55m(A!r=x<RYKcf^`?1?-EtY`uPYNAQWz9eGB#&bPZaH}B9tqu)h8GY
zYFNcIDYW)>|4W68`i~6H3XNnxt(7t_&J9=z-p~lkvV#F{jsbGtk`K)@`+t_(M=<f5
zE(cMDlyrf^&qsC0zB3W!`?R?G*1>Vl)v>Fx?dKvu)tKjvX&TAA6k_7-wG>Ms+Wk<8
z*t@+9Ut}p=EaO#J+qrN=7TQhQvU6AK4W_g&H)RLvx@zqRQKx55@D4|!*z)gpEZ!_?
z(ib&*a9HeRAo)0*nW(SL(ENF*9JozR%Ts1D14>i!^j~bh0QCNiiHxxR@pNC^q=gU!
zNORjzM1{9}B!$p&=k;9jC3g%Z*$pY7IcFv$vcS^WOt|h2<wkT*?Vij6@P-g%`1ZgO
z^@6CVWrZ9$1)1rm=|vHb;~JOtyv(tp2deu-+(~a66S4YG)G6KwWv7rw6v#BIu-U#E
z;=^u&NeT`y#W!NqwpMXaU)=f*Nzms6if=L?ad|0M!W-#Qx%;84(zUp8+1Y5(>k(Cn
zdK_Em5&|rWm2r%B=UPP?El()dZM#wHylHOijgs2p=YPq~8tHWlA$4tS&NUW10bXut
zu3aywdW8BpU#WSn4k(*@k0P=*QJlF8-KZZ21a>>(d*3rPSawGAkm@CRxfYOHSAmoC
z{Pw1UcSYmt7~&&^uQz<Rc76&_H|rk@*92_BpgpyH$6rZly2AT?&v-s_gz(E&AK%kU
zz#Ms@HqE>PYY=e#_&<)Ti<aK_mw-IEUDESxn2XDMF-O1ACH?E395=4v?&%s?ET1)q
z4H7Q&mE~J-P`h29ERT)yG-Z|?(u`Q(YGo5oQbBhm9INK(<eiqNE((lNw<<U+dxgQg
z{rt2SuxmZhwqg2KcY$hhThxLN9y#r*VBbVZ@$_6$lr?06ks1`EvIlbAwsB=)^$5{3
z_6m_D%$*vM{7bq#`L@wX^vFih2~s~N&JsA-SgC*AEvIA&FzQab9`AQ2Tw9`6q6h?-
zGc+$0da4m65Rn^>ECdm&YwXEWJK(;lOfyn`$H=x6d&<b_NfLrL*~ip-r%sOSf>KJA
zov+RTTmT=xfbhjD+>=#9*rx~noz+3lx2r<(voN=C2pcLeyy|I&Sn@}=sFTaT?i{Is
zb~0zpQTfXrptbZ90ePDn;{u*?H}0N@<TvTRJkk@}isN-@S^5u&?o6(%vE3c4k(O_W
zOZ?SKhVw2Td29K~vAiVtQZkR!PH()Cbx-5xKVd>*GzO%}`h9L>ukNMOz?jG@75v}@
z_wygeetJa$M(8fJ{Nsz+fQ#Le)ekH0SZy?RLY<>Kyg|mH$Dz7>>n3G&SehnX`kO?j
zK?Ou+=ML%ogquHb!5mC_7eEzwaU_hvU8m~&s8m%ay8V&O>ucg&rGHva;MC=3pOh_J
zXld7CP3+`PmQT^-K1&0|IuO=Q%I2!qE>XrKMRiuCyS5B}Ebya|-bVbGtm@O`q(^<6
z2Kma1-4Q88b=A%uk|xCN;`7;t>MNkZD!1R2`R%{uou*ZdO64C}#aXK=zMwT83sXeN
z?J6I{l4RA5n3Sg8)>8$wHlqY7fosekm@_<1My<xZ2jF1nv}hmFFQ$Ui7*d!z4iqB%
z)R>-xyMeW}gxW_jT{k$c&W;DG0nYi`k{dYq3nQ-bd^s=Rd=wK~fRiwr35Gyr#yc@D
zO1oZm0?O|uqo!MC-Dz3QAY~?=mYl1}!mdy4j?nd!UBcwTadOY7-)f)Q8$%io2lRXw
zV{%7hD(aNY7V(BMSn=lxZAvX5Un1l-H+{vppc4FKP+6~7Zy}UW)3ga4^21>dXX%Ud
zxV=KRg^!XWxU%d%n!SDkAlx<ApvD7C2HMxDnw69;X9q&7P!o-4XJlJM5A)^trHL|D
zPGsm?D}y<Ju!~U~Nfjl;h1)#RguU^mC83hLenpM=IFH;~?5<Ll>4xs@xR6A?ZrE8H
zrD$&+n$)Gc$kpbH>)~QeY4rP`*}6h*WMY3d=qI%CuCXiJ<P8c|HBq@0*;ckc{P~N<
zo?xU&^M%^RC`Uek`#Mt%nWEH2tc0s09@Q@SsQngGieAc|r9i@0iRy2qgaMfJ9r5|K
zdGMQT7vVo?m^FI@rOFe$c$YKiVmG9O>rv}{Q&OJo#Q-@01x&f`{9JIY_;J?FF5S~q
zt+ES3;Vc-99GxtB8qQ{VwB%2^?YXjOMOoM6UU(X4rZ%6lgM}r}PC0hisE$f0F<0rS
z!at;9jl5)(Rj#(hEpy~sqs|JmG*`!{D(@&Yc?h&Szk?#{Ge@=q7{4nko$O@(Achq@
zK=?stcO)pEBmd3Ab0&Ht=8ioanx8J#m>VW;P5Q`B?NZoJQI5oyUZc<7mb+U;DS#(e
z^n{>GHc4RL7)v+gjr~CK6SF+MR;=&Q$6kI8+7F{~xkxi{XI5mi)f7Yz<!Zia)BE#`
z&`x+%qjj8u>U7bg>5^{$sJtu3Qiq`JupVF+0bV47d?P}nwTU+GN-_1f5l1;FHmlK7
zfAEf@ElT;N8`YDWl4?l0IzaN=5n_8P6q`4&w^<Sz>&=-xpyXN4k|I7u8i1i(n)W7s
zqs=`U8msF_jEX6T4s%h_c`%0T@WcFbNrcCs>!oV`3CE{tf8)amoP#jAH^KJoZ0kTl
zAhu#*c~6N7y0zj})!JAf*v*2N&y+te|3!Ag$=Lwgr#4a8@vbSyI_GB!yK-iA?-pDS
zH|kdDW*fBM5mTqb+;7czbg5Q-bcH@fjr2qY1w7wWp7m0s^-r66GLD^6_)Ro@_m)2!
zL{nP`?txgvIS;uG8-7z3vaCLb#a?J>nbj9}Now_;9ba){XgIEKkV=Y6)b#15N1-X~
zDUya*+%>zi0(UQ>T+IAUnM$_2SS<)i#`8>11cu3~1Vt<Elfn%{qX2<48jNJ`k{M{F
zR)L_z-p|YT+J))NU{$FvVtdzQ#tf8WHyLSg&yCw6WEgv^oU}JBc7^zKGd@*G$15&)
zbxwK&u}t!M>!=+Nji%0wDRa!c$U)p1kB}@qGTlX#A?N$YHQxV3_GDB7*qeSUwi?L=
zq8_k?Up8zcuM$KltnnPu7i-Dhs-A02&}YEqQ(o}3EtHeJPSj!o<*UX$C&?FR-EM&8
z8Rb>HyEfF=M|t+8imwyRkiwb*0oVHp`o+=X=oYNRA+6EgYO&*M1!ru#Y65?{96kGg
zw+oziS$1ytMw~XBXqBtW)l?LcFb0W#H-*nto@ExiRJpMGH$AIG5vt7RffM!}wp)3Y
zHGBakw^1SD1;RUUDdg=JQ1QtqkI~9bX-O2{(3cqC+=l4iUr@$!G|)7V3zMjSt0z%6
zambzSkDZDuMcAt%e|91voryf2@!V=xrys{v6oPK*0x17V{N9n@-4QDMJ!sO%pr>AS
z>rIXi!nB8DLht4V{VEY!aIVtM&>ctsGCuVxgY)okY?pE}9!OPkZ+WM*efr>K0pmwa
z`PG%c0E%^&c#yw5P_R+&`+z%_*QJst4yo!qeiZA@XCZFc;jEzow{dMK3w9NjcZYc`
za;Kc~&Zz5|6IJx+OR~uPZ>ZiE7v+>fwx-w6Fs^+l9^d!d2<YN2!K>dk{5%D16QV^-
zI;+mu5jNkgWupqGa^Zl(FJ33_aFAE32BXj&xBTye#x)1G&&t&%46|}9hYbOnxe-%Z
zc$6l*ByVe3<ZX{jW^LzJX<{MtXUWRFu`5NDy8DVarz)=&vp1U!U2h*2qNtKwH7LpT
z)~#ZXJloZSutk!3(&%jb{6cUAEoni{T$2q;4*Ey|Sz9@H?@fArZf2V4EYsYHBkx>I
zxi1!W9(uLDHgtJ6M9EoNy$mGpUd*FhOn_URz-353bMvviqFBuf7dJ(YjYrU&5AUn*
z1S~~8Gh}$2<na8ES_H5bMYA+|N$nD`n?+~h7^Oz%(=s|Duk7Ff{{sf28t}%5j?#8X
zg^BytUERa4y0i(>#!cED>XeNQ&mWCaXoCV&9m&O?J<2SfS?Brf&{Arp_zL!{Q^!$%
z^SuS%3_!6}3pYcTnKi#2<W6m(GQ^Dkqy+PWHP+=`_1rvfpPX!>b*eWj3NSysWxY<Q
zWUr`pcS89oTFJ!$170DS-N|V4BzTQULrXSXsWH$+^2oKJsbSZobm_3$ar!^q9C}7L
zbt5lmAUZd>k8hmzCoak{C;nz*mJG6Ovi7XbB;$q)28Q;GQL>B-y4nknzT3X~ze=KQ
zfsd}0_5S9_$o#6t=(LgHkBv=BUub@oWy6u86&hujJ)n=~QEG#M;?#h3(xxS~@?)Rv
z4C4lkciL~Jq)9mr*6ru6X)mwbxo}i32~cZ~+p@YoPZEl%DL-`vla-@3+qlc8)~ZWZ
z7)9O#6#a{0;L;LS*XKa)bb!{R>?P;~f`2DCHKvqdnwPMJ92J?<&@39zQ`LqR#+Fjb
zjHl$ylZqa%c6o{duiU|L_Z)^x4<f^T#0Fjw;zr3lVKO1wBJ~O+Vre^Drl4$ZNi6&*
zHLqVqHyuasaLs-fKcP6D?mxq^d<NG%MzQ>}V<D~q$*^eUmP%6QV(;L?sTsW8It_5$
zVFxDOWtAxZ94}^6f_{}~{jFE4Y=%2)FvzRv+}}oFUwn|g&(s~Z=bpKsxbzfGZ8WE;
zmxZ@zv?&%+5j96D2BAGFXX%kg>UY)=`aRSZ*cx$nbKXLHMD^H*N+vm2t)Sc2>@wWs
zbJnT=Z`oKLKl)<?neoWwbc8+P@z)l|2NR$zgE*wy;WHzZhLOO7GR`ArDC&{m9l|b2
zSJ4I>07r^cB}02q&N?muJ}O;BsuBO_C_lE;0MGncno+A5dhLd^P>*A5q(*fqN~#rv
zcbOC?sOhhFP%Y9P9oi>grusbfz45n2CF)45Ndm;$q1v#MCQ+1)mR~iim)247z92_O
zu-nkY+qtF_Nw1K#e2;w3O+c_?qkb3!^nM)m2v_XLmr1`Fypp+g<Z(P-)Ux;OEApf*
zzD7p#<V@yJ+<+>qxB4KktSQ?w>IX(RO}U+ZOOP<7=3Sq;LtNPg%C8>r!Zj)Po5MSc
zw&wW4Wg0bm9FATO@)I4Ou6r|fL11i{!BdZCVD`Aa1v7Wz*r2CT%zBFK%D+J%nFCul
z-*d;AG54r7o5>zPL~KV`KFRIMbpcV5&6;Qy|ILja+*`&KhevQF({RMLY6ZXM@t{~o
zhG`hiOxl>bL8>gso;`9Z5oyp+`NbW=>>9N~U{@h53Z6OCN-{!F*^R9EH>Xcpsz_xB
zDDcf=5~f-9Q<&P(v=ZM-Hb+?RPh}|+>k)*PtOd%>o3HsqHbqqN1__6Lt!jc|&JsVd
zy6gB0sNn;YMPsV}Dnu)KY|V1C3qH2A-(P|y{ctFK)T3F2OnBNAgMTD|6#{wVxVteF
zoIkZO(Cl|t5~a*C+OGwhn$;`1Mk_fPYkKVvr`x*}?Y?IQZgaMNmq>?b7u08^7p{tf
z9ep6Gf$~f}4A@@5enW<oqB>`XlQBA(y;;m9Gcbr7`sWp4m|1AmvNDkD`&k%T48uc-
zYz9uL_<8YU4z<N?C~*>^UQ|F>U)RK2IW^|&j_*Na?J>lCI<iL0uys%5zf&GQzy~Wd
z3l_F}^&=Zq&kjtWeR4)tWD_i})x)UHea%?W$;`Px75Uu?#hBj4e9p3P)o+fHlZ%!I
z!rxojQZ;8&i?GcwSYjXhkJJl>Dh5lLi<LSP-VIoThcTWiiKN?2KI)`*?MxD`MZN-P
z5L`_)hiYXF^h7}^FFw?6BuO_mpcVUV432Gc#;&2qqmoCe!=sc>kYyF!ERPHaWs7Uq
zb?(9;4OFWj-C7@7ROYC3m*`aF139OHm#NFl%$DDJ@;G47%Yv0v4*<m&nF02RKFeWH
z<5O}qL#Yn-AHoMv@>E8RTG?|RYAVKm*^(aX&}T0`DeDPGiMcQbCIz07#9}s~^zK0u
z5aE{UU>BZbmR2<{^;zW21&A%RQwpIQ?BjskeWNH<_6{Fg%-S@Y@^|2yHCIXbO|lhG
z=z8I{O;-w<2Rh;Opy?-6F$3~vkJk?mwhs4{z-H9s;E~n17Mqb_Su9*7bwJlwm^uEr
zaqSg9eUYgbK7}((a`2wdm_a3UEAYOW3&c6*U+1Yrn(E|$s*GSw9Jje_rZ5+k9jj8q
z`4AvsPXY5)?4DKsVSgu*0H#xGxF9sQow|G$k`DmNK4%qjtrMf}+J?kLIPC4=cAGn)
z#*nrltKg;FBkbd;Z*9-@zyVper|i(cNz$XN?!PY?bE;b$%KFCzsje<$bG(k6?Q}JY
zncL0wA|9L3fp*UJ%J|%s!{@#Yis!!VM~X3v8ZMfA{)2Mr0P8v+@f#cKBJas?m!0~h
z=FaP-ki3g#J3%Hu1x4bO|6}r2&UJ~*CETJWzu~-b;2Jlv26DTn!L9?{plTtcJ)azc
zpGzx79yY)r5`B#2_P5C9TXZ2LH5h0(B|bXQX{X9{yGk`Lukxw5CQKeU8eJEcHYDt#
z%FKC<5`0t^y`bz;Amlo_Sodv`fB2y|8NLt1yDq`KBBl1ib*ezVXFHwi3vg?bH~4f3
z&;(xY?AErd6=oKEax!CQ&Cq%4zSpSqZYAO*TXPXBkXMG#7;sV*q|~}8Mw@1nOe!qI
z9kfdu4jkvs4|WO^qj6M*FW*N^c!!|fqU#c0oC{wLJPP07szBi)+}(5gwyHz%%A4rH
zKEUB<KsOk>CfQT31DSTxdXsbN7&L(9?2!<=$}yvPXop}TYt*X{O@0+~kReRmW!cB;
z7^0V1R7x2Pzt_3_2zQRB;}6S#AK?>t1;f2|3v0*l{0QfT{oBfj`7Mh`E*gJ{lAoTF
zs3yt)9R=#`b)6dRgHTb?N#b1aHTRw~E@V~n#@-(9q&FROj(7*ye;`%-Ix+v^6KG1@
zUneNKbj_+v%!T6P)$!vHsfyqtzP&#i9Mxvf%&T)6H$iWOnM7YXBVcRrq)zDKma;{1
zEiJgNAz4mQQNK-FP&t~FPjj(%Z*wrL6k+ujBjRK&SJ;`XFj-SudEl9AYWs6)Ip(9g
zgDYDoPguLd<AT)uN$H>Kg{wy5`tPdB2r?)J%>AwN;dQF*7F53!M*Nktb@SGI%E>ro
zw49JlF{v(P{n9clIUI&x>NGmxo9MtDX#^mV|K@5<Tikd=k|Z4dyvD3JMIQ;9-Gf0*
zPfnFQvQ;@@AYHDLm+U83knQn%{Bgh6m`*-w*mz3bJm$<yWJP4@*Xlj_q7`?i?2U7X
z;C(MFETog>%MoqG$citR&;l>c=d0^(&A;#s?mAibVkc{aP1yd{+@;c6-@hW%J<#aE
zyVvHNf0^=a)y!cGM)?IhLk-Q9%X<E<Fzs2Nya^+k4Y8dcl*CW=PnNvAx&?Wcm6R1?
zfC;)h@Vtg38gJ_}Y*(3S#w;_|Rjw@(F!bs%UX--*i+2alhVAW?4jaZZ<Es#el~*PV
zp=ZA8GMgM44l9!C))gd$|Ik*(Ap5AF_5qn)yxpXO6qYDnt)UyXzFoWm&ryHYwFpX>
zd6ImvoZtV<l#txu-^x~wXvFFJ1*L4O$p(3d2ZGs+?+I}(*6avoC)UG0=MUAg;fE=C
zJ2cUv%uM8N&7I^7CxsNaP4(h5_um!2u}e0*EGN28fVe0{kotQ0v81qWTY*C<&v|Rl
znxYf-DQHESE<c7$ThiUf+b-5a3+!$zauwU5e(52$6X&h#e6!MjYr<wN;~lBVL>&2T
z5$WyzUX9c|MWJsPj^hN9UvnpW!t=w4EUU+i=5=Ssnx}khNUDHe!lf)CUcXETfXA~L
z#}Hr7^W1MgVO|_fG8g&OuZ0!dI*aMf7|mQBB(auSA7JS<x7%3Ec)2E8iV0U)@+1)v
z(cgY-@VE;ed$=P~m3OX8lKOCc2u@4m-tk*IlJZYqtr;Rkb4az+`X(>gog>wtY5>F*
ztep}HugG=<bdMnti%V?~spn*6ek$%r&yAv*Q7*}3+i+lh`Qn%)vNohdYbFPmCo7xd
zq-msP<RG|C8Zzc}_-~ipV6ND!$Q;<7W{h7&)kv%jc9Vy27SPeYwrY6>r<m0jFtd#J
zTZhL%e~8Y1G6U<97Cr{m)QZkRI1~>Q=V^j>cQq|K3sm)qIy4NYxv`!L)5G7SrO_9n
z-%{w;43+O1cdg{Znt7u?19|4tmx3*=IChH~LBH7how{y1O1l{73SN{BGtIY_Q9?;y
z7s};}`KOg`*$0<2hBR;sKU$+%ck;C*p65_l_Zv3xVc(3z89zaRA$Erx-$C&C^RBwL
zNL{n}cVcA2S+$;LDXAIM5CNr98#akE*yB1<yoyUR+RuT=d1sliw*EoFSQ+2@^@pgX
z=LDU(7k}@qXD-VRMFaU1B(jfuC-N&!UUNx%WjnA1tr`q=P?vN}6h<aYra^1E8`}TY
zU_0f)LjcrV(_1Q1CSeEsZqe=TRO7h+yU^TK5Mwg5*4!0Uk-T#UW0K&ePVWuq><|yU
zYX*mq$joCT;4(q)s6Dx!Hk<INaU}J1?ftgQyRa`G*iI`(W4#)&4qQOyTbB!HWOK#`
zdSEL8v^i>9!_bI&yeT!}Ch?mDEKcppRgqubVtSXAS6)$5_|yndc*mYh<dm24y|e<C
z6N6UbH5+ogYy-!gf8_5jS#u0zc4^jBDH*byd|OJTZcC8a_;6_~w`MZiI=KMII4)h-
zO@@Y4nf_*u%5V?j;S!55bd8mj+~i@@YoF>s?$kDMzx0T*Qn~q7F?>9GZ=XroRIZA;
z)hnyfhaLAE6;HP(O|!<Y?p*2e>Z6s{#i&*nlE1#=1;s)@)~|uOVl8l=^fj=UyvDQ@
zSJz8OwPm3Cpy|MM;<1GzO{t)uuBon-PAocqaXA|<Ox|Y155FL-z-=>4<R{0rDpxy8
zC}h|wiyp>uGhI>0&aIrYz$$;kJT9k3{?(1M>5Cqk&&}kfsUz)Askqd}XcDfhYvzz)
zql}BfMSTs<d~!ZjBg@${VplwF13Fu`;ugrQ%h5?-lC6(E)RX0Yb%#BCa$BxB>?$Hk
z=E8G;y=^~lPi);27Ihb;krrT#gV&SY$8ECN77c9OIBP1s2S&*bMGzlDl_Z!2bKK;S
z=V;p;4I{1i+giaV(L1HaciB$-65q?Q>w+h}HkL#1^RebcV&hU4z`#+6q+L{+^5Ub7
z*-JXCLvERQif3ApdjazoUb}Kd{n*&gG1%k64nn^}lpud<wCo=bavnel0nbm`$bQ|L
zDs7PaMVev%bT^z5A_1rX&PIQBrGTM#1fB}Dn`*Z(+<(s(k-QG~Qp0${x#+FVCFh>d
zJq367ZCUTs-*PzLSbV(}2jW)1UYE|GKg=zS;|b$|vbutX9xw>TZomd)fUGask-%K&
zR;;h$o)JAw7UY+(S&1X!S}4Ctr$oelDOjDDhquMVg*MIgbA$z1i`XLhX@1wZefzOc
zuWK{W-I>M~Enqy|T^K2%oPqBS!(fOpW_rsQJiLw~dHV=Ru5m+`j4*pEm8dj+Jj<AN
zv&0?C!@v6#)#kTM$)O#wY+lpQcanHXNz=#jYXuseVG7D7Vhwm2GGg+USkY*0kltqX
zpAGY6ZO!}(9x`yg&%ogjwbVC2<A|)DyNi2{O8UGoK!;W{y4bK!-;~#0Oj<oOjOE|j
z&JPj-xM&OOVW|a&`RwY{w}hId4YIrD)f+JLDc1Hr10{N@*h*A-sB~pY3ggM)Xi7oV
zSNOn5w_o_$n+K_0W;&2f%cHOU?t-Wzsx9uKc@lZU9qs7aOmn!a2|@4bPYZ0Jq$hl+
zJ4R!$G0<=(bl(q4NqY5Cd9iaOgiy^#Gm+1gsF}T6R(sdmEy}B)BLh!yb0-l|WqUN^
z`zSHHwB0YVIHY*;$_!;c-(Lk{(eKR#t~-&96uFx^d^s0gNiYj(_^laT!=R#P->^`y
z0Fxo~5|Q9CA6IPaW~JKVVyZ8CbTT@J*|ZCcY5vVEoF!hZG?P6ArJg=-QOU3Y9bX-3
zl1SUiSt+uW_#01uq@6soWsQ&q7KkozUFT%!I`cQ#KSE3C)~I1vFE+NAJ-={$e0H^7
zS$J1fLLvR;lyy$_vsmAE_TP**n1=7yOyonR13HP#xUpgUXe2<fSzy2~cPpkc#@tVL
z>1&A93kgSKH4z0x@?US3kG|Mh?~UHy*1m-SQqa{0Z#Y#qr~X_N4IMqWz=C+A`hUkq
ze8%Mk8aWZRJvrWHyo?2(PyOwm2kJ%-1$Z<0wQav<?(z^sHY``9+%CM*TI`{+OAW42
zQ0@Qyg#CD)J}ji@w(G;c@h0tVR*?1G+az*tC9K)~visE03NnwpKR0R~b;{-TRxo^r
zJe`MbI_`(6+`mTNvP1Ui5nQTldf`-a?_^tbq2;7S%jr94=rA?ot}!$~oS0~w_yFSs
zXTSEIB)7!He5^e(67^HjJb=H0HKTf^akxL_e6=eZj`MbCQEwLw3Q4gFiwl*ty;Gj+
zSdsP6UBQSP9dY+UWq>q7)`N_)5+{_D=cEI`e9?ilLRWVf5!FqQr8`6EcYOgsQN8OC
zT)J%z@wP9<%`XNt1h@fZ3f!=LYUig!_b*Tb72ehj(>fW%=%i7x0wwEABl31G>+2;g
zGS15$<*4bip)*K}^Os!cK9Cl~U3Bh2=d8p-<{?=7dYseUG5#K1n#A`Vl8S8SH1tOo
z5&r)Y8~cb;9WU};W~HW0hBZ#<;VK{Uq2x>)_CNI#XpFTrLR#fmcg1P4h#vo>kB9ny
z(}&nZn6x}|v1z=ravj|#ML*gtln(^R8>1pb%WS1n4Ajz`WLJ){lCxtTQruR`LM2s?
z^J|AxOB;%-FiH0@3`@^(tIY!K|L71<U1y6pSUzkPtp$@LmW#SfNuC4!Iqc2AQgkF*
zp%DPVuY6v4X&1uG(m0G7r|bRFV-<T?=qFL*fsBCsA_kLnT=u58XQN9pB=f$}n&y5(
zNxthO`*$GE^t8V<&mbKa7$g^@KnjY)r9dQaK`bdQ(k;3}jMRV7S??xkytc&y8As@M
zxF7?m-um3TcSbuG-U{d_;FuVa@dvnwp4;6u?+-EmVXbzTc(NWwI1#8~Np@dgL+<(*
zDATtSS@e$XnOD=&>kiqYDhy7^ae8<>1b?x?)=~O2tmysCRiUd){h$lz3rMR_;4w{6
zb9eionjNr-ES)i>e+-0_6PGJwYlAJg`Q^Co+@4PV(9Xgn@{4H=L4fCH3x>;WF`2^w
z96a7@^{X-{4;#F&)UOPOPTkQ&@W{I&qB*{^$|V(N_$h3yRlH(lDxEhx6u_i4<U%r>
zba_xM(U4ea49(0)KGvhnsF6AiN=7RwdF6;bw|@f=Mx|(SqUiUA^NSpsN?M2JGUNO;
z(G8t@0GeO`G<Du5><mH<|Awp7R!2f1uPh9$-cFRi*W<gOnI%k*c*_&w(_S69nbT3c
z1fih9NM-GtG@jj1WDEWNd_&c!DTol^WH@w$_U<ALk4p&U=^hF%qWWS%_>D|BuA4yw
zRqzf>H>^fqAE_BWI!49=yCQ+zMF%JEZx{U4)1ns8q8f40htLHWV5p!66A69Pb^+;y
z&C2P3s1$<7<MaV;*T(sz0ZHwOy|!2#YSQJeunULS34*^Fx@YxQBblZy7TTN<SCtat
z8~))-^idKU<oD*@71zmOHxGq&KcVMN+V(G9rtdl@AX-~$=9`dOAZPC=uKG2_x)6<D
zZdcC>qG>W}tQBAF?{>t!?J>%!jBVEIjSIDKLtE}oE%X^kHRz(Vgm%I%Y3OMfN|&c*
z0xeXlM%W$z5)i|S)J6_#>4q1BW+U4Ajh<6f7cxfGnsHVc8%2Z{Y&6gvm$bJ<b~zo?
zNZ$8Ut2w$6&uh(6io+BEWjD|6n%|{MzGz7rCNhHveSN-6N}|ubXG}`5LVMf;(e<K4
zilLKhDqooO-%k=ds04CD{b#uoxuv>iN37J(C&#X(ibe?XCisY8kC~f8MS%LsK)zcr
z13<JZWc3G5QIjwv^(2H56?1Fix;a@rKRpbuAcaR@GGTD&3NEts(4V$rZFbGMf{W<@
zi#seiB^0kJ&3zj|E!wCN_Q4$Yz?&3ZS39sG@-#!~&|Du*S*d70Ym6@;OYG_xIL^}F
z9tA3^8>&@GPRm12!8zn_vqe?KrzY--U&e43je57p%tS-h;GCxCoV#)zNz|BdKuza@
ziz&Jl=3nWAzfC~|N7p2qNLPAn!>c9^a$twVHRKHqO?a1o19;u+Vs+vr`gWnvF=KEI
zY3?fmTNnnuHg?~<YN9GIC-$df8+IN0Gdo$c9P7)tvcys8<bRu+9;nnytaK%9(ov2Q
z=|DnI=U3ZKn%JrC>@dW}-7ot~s`2Lpmhf_X#NL1Dv=;9UeM2fpgMy&}0Rce)?YopH
z2}B5vUj59@fq{V7fbf8f4V(=aEo_Y~j7*#u9YkeWgq$r6l<njV#aP+pWW`*ZOwAaX
z{&RteJEI=6g(HKNv5l$<G!Q7@UyA;JhKoBa5HQ%|&+Y#El!oqHQifgS%<RlGO9PDf
zybN`vi&VYjERDS^K;j4x*jZxdv<6ph8Qb>C+wxugopn4`5WfOuLsBzr{OIV&N>5+!
zMh_4$Qs(&$_7rP&paL@~l?~j$#tA^P2M~~c%XVxbryDM{+p0iMWWu*%ZB+S?ep(HZ
zALkO(C~T8-8f*y<W~d7SVC35cw?Gd#QOE&Z%mi};0j@GL1SB-BU4&WEgBmKrRmten
zHyjx0H&q*H4G%%iBA)>*u7MBiVF9p-o2pyk>e%0AMUEmSCXn#UD*gb>J|ID;yx4=s
zjQIXAzk;ho_c}zaPyqdJZ6AMX`@u#SgbxJ-ghurLsja0kgORDze{1XeQ`i5D|5MvZ
zO&x1oQG)G^&4KEq##8Y<HR?qJ^s(6iK)dV3%Sj4H{@=eLr7<l9GfvH0@c%5Yk6f2+
z{-Uu{#>b-K(St<9K?Wl+_WU>;fT0zHgeB1No{90@9<FwkR5o+o^wEQz5yfAoFQPl!
zZ`Wc~q*u*9rzbwX2wA%`R$o`{RjJ!f^^5+T0ssV@W2|DL>Xc|&$UCcbhtKLoH;b2X
zUzeTVai1pdrUr<AmU&Mqy=x3otA3pfuIIis_vEtvE-8sPBT|;VX0#+<<oQ#vb^+|t
zRP<#xH93j&IVt1kJV$lb^p6lk;o>*o7uW$YV6V%IVrQEjieAE?@z*_Rl#FgK7BizH
zg<J3XzIt*gNk?fl)08pHR)ARU%*LjlC*Kgcu(m_wC|gG-a3tdiH^VsrI)(Ud3<Q<$
z*QUVF44#7Z<_VlyH>=<-D!<<)&Maf1ubp{jpDszAc}QlLFUd&yruO^V;EtZN6;b<?
zfFzXjf)+bOS-H4a)?%g(t7_91Kw61dc*in}v-fi{y*}!#e~EG8Z&k(uSZM*p8LW9s
z@XhkClPPkoI=MrYlW`AO!Lk!@*-5QTLkzjV+RDHATCer_m^S^|&>X*Ut-q1`+@K;(
ztjzHmfp?chquc8pxEXl6H5ui+b9Ua4b;0ni#s<WJCH#iHdqhFB<8EjZG1Kn%3e}-(
zk!Wa%8}C(aga6XDK139jlZy?DC1zNAlBGyxV<|RT8;~X7tD+dSi^-F*oJrLR-oF;6
z#1MVRaSj;@H;s6OVa|Ud^i~eKBQq%}(pwNW{5}7*Z%Y`j#uj`dP8?kTT!o+f?Nn1W
zBR;Ui6D$ZFq%2JFxw<bJB1lZNBua@NAhz-OB-rU!^xK~HTrq=mM_M_j%%<CL)!Gs*
zO<pF^pEQo&JzonNpB9e>Eg3QvGZw!)<EipYe*Ho#!Y|^!&hgejxsLeVcXESb1ABaO
zcqqips1@rHyiPpyJ*4@_NNu;USWOC0>4^oz<YakdQ3OV%55~l-^jX%54etn&Js4_K
zY?|fdWz$1;Xly7V7dMhoW=xVMcce7hl08B|{%33sqZ61aWwhu|9_2ik@oJ=n)fs{i
zk1)C$)MC7B_Ou{K5o=^wGCid#KOY|J)JdktuaM}UP~cvODnJJ#Hd~s~an#vcT}(hq
zhpMS6#mw41^Uv%m`d;3n$lR}Dj;aitTHsei0^C?tQ-6{_ViwxUrK%K?mH>YQhf;Tb
z0A)lY&B=@+BG9^pi!jg&ayftR!8Wl<zssH9F~#?KZswuKaB4efhxRqldWc=e#Wsz~
zEz40H6zhZ{`$ds%O|n$5ai@H#EkO6yxr%UsYKS@?hgfzkQ*YQktFcuwNvAM@d!S$A
zQNKN#yq;ld&1ixjAMbNpz8bPx5ky_m8KCtCf~1e6E%3(FYz^6h;;-Hflb#SAvU@rs
zY^tT`O<9Sk4jZ|5Z1tp1zz*#dRtb;+hK}f!yC1jns}ag|s@UyZie|rm(!O$}!&Arb
zLcupa-z5jRJXXkiijrsnp~GSsFTxwjxJL#+(-5&4@Qs;d&4DS7p-GXKHJqNT{dPVG
zWaaIk<QI+&z4c{6esOB($eFY$6Wh*|Kx85~lShE|+1gp#h;sH%OXv@8Mn~MJ0mbn;
zymOaio492hfqaWCsjW|6pZ@^N6!R#JoD25U>4QMOd<)19L`1^~{6Tg@pU<tvbUTx5
z)}42fvt30o8W=}UQ1nYCOX(haP&Di<(fGlJebAM^0<BTtG?ZVi1(MDQgd@u1>*~Y-
zE`yA++?ILb)=U6&(E2gz(E26Bn`@G@%AE-Z0mqHd4fbpN_dYI%j}4r)ncd03;P(~l
z3E>LvI@`-8-S|Sr2UpKd8}10aU8j7;fwqpLL8hZqnWU$U{-2SsRQrlwzh%AxMg=Gs
zn{iJL|A(`$3aTUM!o=M*xVr`o?r?E;ch}(VT-+f*fCT4W+}%QO3-0djF3bP#!`43R
zR_)f*JWNm5obKtV>F?NgesLjAzFoZwd*KVU19`sXnEGAr3H*qNZBAk|!GpCH-<Q5{
zz`$f9&SlTUuNQYke8X^)d02Y+w~=xPCm5wvWhwQ?Jl}<g#7dFq$2;DaUFWeAWk<if
z@b-Ux8NHe6<7k|AN^AFd-dBzCw+{Wi@gr$Jp`RPX(0DUg%ELo2m^XuR7f?xweJ-11
z$BSYbJ+kUYVwKe~_Z^9V^^7w!e|4#;aLz|3fBda8o7giYQ<Wxhr3$|(&5dYYBzQ6F
zDwAt@FaN{qiW?X+JLSfRpv8$Y?yNBuI?vKVw=7(z54<t-L?~Rwp=&&9SpzjA)p*QE
z+Elpz$5qJeYZFrMr@zBM;I6Saz%t?WBU#f>ISRWg`ZPpYj4m>E_QIBEarWMGNPUq4
z?S9|ytV`+Xu-qddrqNS#hABDVxlNN~TXe~5MARA>xG>dbIy0?^YWP>#_PaHTx?wjc
z$5y=%ItvxdzYBP)ur)7@G^^%Z%}s3$nea80aSsE3GT2?WMiUF3Hx}mFVLe=*n#uai
z1YGX5heI)m-!PSh)mVxFsJnM39R=<WN<Wr1^&ARxYV<3p{|0U1uBt{0B!^GL{J9NQ
zKNZI^65VDO62@z<p#~=YUTfq^6He%PM@rc46~@Y!3~fnYg^V`YlAXQ7;48I+KTVNz
zie-h6dxe07C4lWj2COO_)5s-x&(G-mKIrl<L&Qv#2Dgh|)V<u>S3BLE^4q<c7TlTA
zF0FoRc1fuHE^oool9JO9v24`ykA~N}-);&v^LzB+Jh{#FbPkJIf>9NTHOqO`F|YC4
zF^$)ABHaddAk6;`MXdByC#yd(Sso$;1ke97%(F8${>p0Q^gn^#{|Ss}jm!13V<>ro
z=M5J=JXEJrf0fpS0`n}yV8nXEyitE=+0{DQacJTzZ!e`zZm;E_Z;IuM`Xl~ZY>OR<
zA!X)@x@XV2$a$jW9DbIV`m&*905mCXJ(3`AqExmM2iTfE9}m~%@3WCP8_k~|&>gA;
z1lxYIO6Ib9ey)}K-u_E%67}f(h8(h!L38Ne)pUOD?`oc))l%%qn@O8gwe|tCy(oi5
zf>0z|R<3?4x?c@!g>J%+mix$HNm+c~rky&bPk<-pyt|j*<Pj48%Av}7OY|nN89tkI
zLUr&~zmQ=1OR_Ry{F&;?Sp9>gXQQ~hsMc;5frlYTt{|JxtjfC#zFVh+1OEX-5-WH|
zX5ZrH<uA2E!TM|$Nd)s*P4VYz8+`lQSe}9i3BIpOx?37pjWrqgGL3%Uu!IZ_uk~#B
z9gC(Y<|RHvUAfeqM2I|(!oR%D>V5EJSox{($xI2S%f;d9mB?x{E<WLXc>k8DqON7X
zQD;xU_G#Q!nLiH(t@ZhKF<)~*HPVzIu{^VLdR0d$h(aK=nPT63lf{1<%=~k<eRl)T
zoYgAO?G63EK9B!s0r$Z%c3e^r5Rgv)KS=ezT7bp>O$#V~gVoVod3Z}qY@9Dqz`%iS
z7pQ5+&}Y_gIE6xnb&yiU)W?Jo6NNlVkxoX#Zf_U(2VULa`($7vznFY@5}C~R_(w(e
zu=SI3&_Dj`!r6E8TGP8Np89>A@uTIXG2f865!|qfOt!36x6QG1&fm{=dVii;i{3i^
zW#s$|YTM%#jEPtC=s_q$(tvgkb_+hH+Y3PwmHLJC3t0p1HkdJ3*aTu0!Vct&in19D
zK`jbB1=9fG*n?39%LSheaTfvy5`ZIwiVq$Tb^L`kg;It*3(XHv89XoQ_lsl-ksWRs
z!Z9R46!{m;6!IaGJM=SzP)MMt@h^cX=tER@xHgEe;P)N~lW*)WUyx9s;h<=H5PERF
zpv1v22VVvAu_Jy#j)SI!#tx3|u`xkmM`DLAflv==?LiT}n;nN{4$<u)HsPs(_<^nf
zT>{Mn$<*@+HZq`@f;D^8ObBYe=s+>U;6Z{R^-ZvA2x_2DL%4hNOz1Wd9N;}6^g|qb
z@OmJ1;49#HAc!F8OxSABzagAL{S5ij6SxVn33Up04-pki)#JMPWfRRCQU+4H2lWz0
z5W<-p;~V5pm{3TO9x?<-s9<$bj7{iAsNbT@7?6@sS3S1mZ~%ycU>kBY1n9mH$xRd&
zJOI2}hypn(04gN}g&g)9yal9oumL&x5c~u*e(<O$PZG2NEGtxIuzio=CWQ-G3*ssi
zDMWLKK#$NSzYDZCOb7I5Ik^z!9_vlyOE_<2e`sL{vXIOkrcLh4FWyjsuz8S^A^4(@
zm)MWcuTbx>NFhP9Y(}qeUC<&uBO$iIwxQ|p*d|y%(7r(LnBev_^fdG`hH65AQA&_Y
z;I&{Y@N_h5>`WSa?SkiEz|d9*S|no#3S?st6$CmGHPR-Ey~m+*(DrEaUn&rFkZYbz
zP<!-38zJqH=V2?Tbm(fTOh|g-dilc|q3luTQ7cGv{A$ikgnE3#?qG-@=HV;wbwp~q
zOx}9oLbHNVp*UfQP<UV*xE295swU<=kzw%=oX|u_JSYy#Klm15Y8Xtgduc-y;fUaQ
zNF5k|z%Fvt9GQIY-49`bsfWpdZTjLMya-i8V^ZI{AIt)k1IdH!K=T9j2g{;bjit%G
z3AjfqtP)ZmtqE!jZ47CQ(1B^us)og6rDs0O5#l?9K5`S<7^VZ&B5lo?$xF|D7zxC8
zs1;aG1PAm*qnbY^6DIAwXrX5iD~S7u`$+q6p2TC&r(b^XE~>J7v9qz`*HD=VoAjEz
zn?Ra~nRJ=Z^@#T<g}{bJgyzEBKqEuP!o)(!!^A?y!pcL%LdU|(Lm<P)Lde6#!U>>e
zpk}~lAZH+Ez-Az2z<I)*GV35M^3@R6xYwZ6+?Xu%vW6JKwIh1MGLxO+Eo#=-oACCq
z1{=b(quxWDQY@0xw3|HioQHM7_`%&1pW-fJ*OZ#D^^k@L!TF)y!=5rNveh`7Z1ieW
zJI=|sL7dVp($!3wko5?Mc0&3g-=m!heS<#OT;3$iCZY%`59Bof5N7Kw^Y4vlm+6$(
zRT<$1gn{NzzzbzdZHkjdoiDd%3qd`isbVEz2jj*yF8{V^wC3eAS&VC^t>*0X1zx!A
z7b?A$_d5J0*8^VAi3QykX(%}upWPK44E)8-)ULDY57-Pk+@Iv$=j<1pSN-o_|Bh-`
zZ*&Aay#E<g&hM_#ZH%*9DA%tJ42z5><h5O{@QKZ+)I%rWcX$LQ7mi6M5(qeTJcUQ6
zGSez&@jJFXJMlQIHu%K;nRiU6a*|mSO7QU|dAPq4a-E(O+0-ymaRJ!qc-!guN?U1p
zDmmpHI|aSnyeMyV`@eq#_)A6I1+DJIWo6V`O=f|G4{I*5WIPVeJ73UAg?(Rl%b&fw
zKIk7AHc}ULpNGMgpWc*u?Q5sqoHyf1%PTRbjav1)4m`5#XUH_cwr#q*dB;0wwY-_?
zjYCLT5;-BPJM5Jb$M$=YI04V&)nfZ*4tUTzDo6@)K_k=ip6C?41+4`lvqzIGJi_E7
zR2!-q#R%2_e-*+2y@S}>$0gtrX%n{>9Lft*4R1u&LF>(OX}1}<3DU2ET!&ai=-~0D
zy5!&V=p_nkhINKq$Lc`!#=b1sJnPX9X@+w~Uq|WS^M-dZzs%b->}?NufVe<dN9@4&
zw!UQD?Cfn1dw?WESSMS>S%vY3cr>{b+YIP^2|<S>gBHf~$7<nwgmFQ>blu$Pr3=jo
zNrWRq6h`u=e`LSh+NA2S4x5B&hRKH&Ch$jkB)&Y_<m@>JRff%n6Gr!Ecoe^s+8ph{
z4`YLDjyx_N#1CeJZ-z34>_YSxdW3V)cM-Tu-{jc@_h^SX!!*MiLw6DQvpn)&vTU~Z
zHiun6Y`~sFbm97=KPtJ<xmaI1ZYFH{^*)5OhmpZ~L3%-Npa(*%Lcb!kFg>bXhHXam
zB!;{Mzl8dQ`h}3eKfs|wqQjs=p~Im=h`^r1pQ8sty;6JAdw=m3^rrU4@rLq7@n-fW
z_WtG#<4x(!^=NxZeMx+2aQS_+d~<lyx@R)9H25H-G^8{vAAS;Q60RE}4>Aui5cQS+
z(ecv%61>^m!xm}`)eRj8{Yv|2csaVM-9r{4@|o-L4)e<Jh<xd{`Os?|A_5(R_D=W;
z`6zJ-b?Lmh(Hj&T1oeUP4*5#;NOak}dC{YpA1cz@9UKJv0s9-3f}9$G1p%&?!kwIp
zT*Em$XpS)R1NxoF;LejioE}~kR~%m)y?{f~2Z)3*M-CD_l=vd55ncvkil7Q#z%Pjk
z^u^$&uoIh&U=Ou{P$eo5mQ)8?VW3hFig88SK>foj;FClKdSX;kEQ>Zo*&zNyDu9-x
z15RLcQuvDAh95%zLoE=HWJ53qCSU|mw28V$ut$7B`HE!rrQZdC6NrgHMWH|rCw3cl
zi2fDAjJ)3lNP!_i!Awpo{zF0`@(09MI5XycYM?8|4n>J5bFdCVErJ<ZzX31{BLhR7
zqC`v~>eF=(V@BHV5B!T!Pi`eq5ndBg6QP4ti_%AGhTCrk<i;4K&=Oq~(-G5=aEMw&
zsf9Iz@8>~~0mftGkk5-(gz2EyLYmQqL-%VT&;cbd{3!0lh$9zKYvH%a`&kjJ5%7U;
z81Uo?qAlV-!!JX>p>4r$p>9FDqV!?+p>ETM3xvami-fcFBLX3S03bWi1xODh2Y$w-
z0@X1>F#cgsVEo1?rNAP`qA(*jqu3_jrkEz55d9eehya8FA^}l=kZ<tGkgkZ7_>}0|
z9Q{5(WDI-?4vISRDp3oGUC~_$gQynBD~N5@ej#8KMl;2^=xS68k}K*qX1^j(AETOL
zUDQ9+8~qCM(_oJb9K=v2&l496dqlXx+Q#j-1~y|{kiUmKqF%vo6ZL;uSnOZu`q?~?
z=>kP@M9YlUjd4`TJ(yV!WaKh*Jj9gw9*omjG$*?4D&F)(UK5|ISS5;M9EbUJ)MSWN
zHJ`Bf#XXv7M%KcjXuu@t#^YHknoZ|_xgV;rx@=sJu6>KrfR86F6Pb)xAoH{faeJBM
z40>1h;$ypqZl*v27S)1=Oks^V^QY=5aANyzFNjR`XlE{O<+ZxNNX{hfn}e^Nd~}Rj
z3PZtd2sm6S`cL2stMc3&usVrR90XI&QFNWeC^{WngcvQhodiRTn8Hd;0@x!z5}OV!
zLM^AIh6ZR-5Qr5s7ZE1eNr2#nG1OQ9n&d|kAn0<$qWz?7aS(brWRX=8p_m;?IYm)h
z(y^Ew<gm_NO!zFKnmxdg+#_U`R1F?rNYNNEi>77`V4-LX<w8&s0lZP%h0YSG@dDN;
z?t*8rQxJ=Ulb*#nBDf%?MFC+Hs3BZ9)9iph6pEo-q$zww|B?no2_bE%i&T@w$aO`t
zA#5p&hLZ-w3E^##iprBp#In(BA&Xj*_QkT%ZQ+WtlJLZ{QEkzRq>`8^#zPyBra1tk
z6icFYp%$pN+(o!aTH<<0wqJ{Ak{l=;LmLRD@c{PZl@SfN({KPH3dgVpv}s=eTGA=`
zl7w4i1JSfFK!E%#+#O<?6yQfe621##i(mAXL`>lrwF`BGP*j*?K;a|q7PSj^^o1H7
z5JgTB>5i2`RwN4ON>UQ#haE<qb_Iwfy;8u6B1P_^4#TVA6xje=lawT4LU527VASY~
zyaAX=loT|gNMSf=49L@bfbyg|3QN(EaCba4q#{XxY*GqEZb%w51F9N-k-=V=jQ&f&
zzZG5U)u6V{v_RG;&*z}d9Kp`_C>_@3+Y6&jXIq1976Uz+%&DW|i`v=ta`&4;UwcQ5
zfWA5o<AOuB3BKG-DZ2NUoMAecmlw*9H%Xi|l((DidZ}UgOd-{Mc(vgmSEJ|S>$UXG
zf>-Q2%hrCKESZmPrJ9cyy5dPJh1S2@H}5aWZYfNYYDZygH#%~HjJ+cU-DBThK3arx
znHG($KRmt{qw5Q+t97@06yM9u7sFDE1>u&<=~{!*ON%mc?I=Ksj19!YqjJ>TcQ_Hc
z=`f`fwxfE~v?obT6*9|eS}Ao+4r0@_sEDJU)U*OgDyIsJwF1LKM$`;1Nxo^^zbmld
zQ<;gC+FWsLhyE2I4yFqK1Z+=*?r!5qL5^g*@ErYliZL)y7@5k(*+jw$2g_nFCzBf#
zmI>%yI8uZh076~hWrgXmJp2HsB;;9MK#lxZ%1aAGy4bcI>Pw}h;~OeNe9;k>9~S!G
zY+C^-p8txrE%s>bTP?7h4*=c8$=;*nJ{b~qig*s0fNn#Ia?kjpWtJ4{2f%M3^4@y@
zrb!*OpA`QYNpwRZ^`bBsT&@?4TQ;YiOwFWm@^$V&Qk5Y+7R;kLgCw^$S3CkzhMh|S
z*(!nxr8TrpREix$HS51>&RA(^>8q$ZNO0GMsYwc`!=8a=rCQbQi$Q!zBfI3F<goNM
z`b^PQ`h-F#zT}u<*mQ|jn291vUYYVx<T4o60+5v=t`lE6KM`X%xO{d=Jwji3PqE4e
zP2;jj_205Aw*zl_Lx9E@nu?=91rDbdqsd@d5lQK`d+3M`1a6He$f#H2XJ0vo6ca8}
z!iZ+5TKH~Vnw$rH>aiA&W{JVyhcd+ssen2Ty(Ig8k<76ZyGrhK_5~t7XeAb6LrQ%*
z9K^IqhU{Su;Y%@eCQ{P9ZhtY7l0URKU_3DwHspVNAcXjP6+8-uU%nx%L}8XDQUdZN
z1%)F_{CUJ4Zu%FhvDLd3ft^2MyD75YLsXu<3U<1IK+ez&LYNNAiAv@0m845g!@fDx
zXrpFIv$X_z4;iy*p=gOr>M4n6-bCsG2c_Vp&~LRgraP^Y$(0DWY;<lNF%Xx&1>HG_
zC;XUuYZ6};BOcFHL)*I~?cNYqBe5&uY1N2IlNQ|jYL~(_*f8xnL6@^KFe>>BT({W&
zW}GDzg1|=^*>OlNsFZrRK=&iY%MqZBrcj^yI8dvR5@IgPTf=Kx{tc0LcylODbmm)u
zLTWUoA{~&+_>M2C&pQESz>UC2{--?$>Kqx!?sw($ycr>*)GvnoPm}+9Nf4f)LKm~4
zco>s*T2Muo!!Q%>MunR=_))U_Bu%iqxa|mQK?|2{&X}-BHRe1W|D%^nUWCUZ+FWCM
z)|h`6Q;ROAhL|s654T?B9{+3zZbh<s{J;)b=Ixq5!RGjzDJZCn=UpDfq_a)9EaI76
zEphm`xnkM9Lh>T7(V|j_qWb{16D|s4<C=E<E~f?+f!aX@pP+G>ObP2Y?m3{^lhtFm
zBW+wM;9An2(aF-hj&mhhc1hNi*iya@-zTZ=-#3LT9J+t){%Cv=u|u$FLVfAGP$R+{
zXn)59box3|6~8SNBU9@u-LF_kux1c{Te6Z@k82o>k@d_(sgH{JdS5)W%IMY|$P}58
zV5T^{uF1jywy*~=_^8%xQ46T$9_6m(RM0MIrc_dK{-w{Z@D{1#Ye-rpU)o7lB-eKf
zu&^H#bG5e+IDmNKt>dN2;mzBf9~w}=;QLy)M)~p;F(y4lu}Ln^ENdul#DhciJjM80
z#Z|_L9uIh${Hg)bbQ)yCu&SpFIgN^QzZwasSIG36TJa^{+ND6E$iTdogoT@=d}azW
zvWMMv((pcGEvV;6_Mn1cl9)Gv{WZYg!li7Q-;C4nB)*j?0#qMyP?HyngF`Y-gEa|=
zAZemWr^6N_Ah@U8<V~{3jf1o7;1z@P;FwPRn~kz-VMaH~l{Mx_$3n~56b3UX2>3qi
zz$_kORE{*?Rz}X0WxJ;Bl7>>Hp>~LTM4ly;45gL|6CIwY0B7M&Zcm(r!lmi!PXIL}
zE`5HeSf<HK6+y|nd6Uk%B7Ky(7pbR3;AYIsJ5kr-LZi4<?%q|JHo&80YhDk))S!@3
ziSNU3J2k=3eEFJ2qyt$0u>0HRrSkK!(1PM5#m7HmwU-Md|1fmp2lm{bmCikF3${~2
z<xu8V5h4&P>6ha`azK2_rv{M8r3pm<+sB$j7!}&;`qFbSuSi7Oj3OH|sDG{j1jy7e
ztSD>$Slj&rmGFm3mc<zpG9nc7QY5Pu!C2l>sK*w|T}zOB((YW3In~%x@H+M@j<+63
zI`Nn9e>*td_w*N+5C-p1In4!tG?f|t$j*IP&~BEw&0l4*Wel25oQ=0EuWvls&=UuM
zy3?$b!U$PWpRlBYhFO@^mmT)fRGNbcM<%)6+rryY(htk`236fJW<N_qeQ5gc5Ymu|
z4Kro%%hY^$#DZeV87rg?PSSi~Iu5_ZUPQ6JZWw}<ZE*6nXQA;8>mQ-iu1LO8yf38B
z(KTo`>wi{$?I`?kD(k;XvsMkH-g_4yHF5`bJdSM_&N8%>JVTAJCFhy%J^jltW+qVj
z0PQA);Tg&^c5ymtZ9k7lXq*>~)f-+TYB(8#AMw(RBdnsWMblauuRqqb%Qx`YUhG+Y
zr(;PEH<XiK+g~qw-h(nE>wZ1uyA?f3$OPuh6<HM_!d4Kf4S<>oG>+94K?JZB$5T-n
zOmcd|NG04JtOK)uhrWW9imZH97eRD?E85ftKxDSLPSmcxNry+u`R)?*R@_NAi3|~y
z()5r_*vDSX07S)tqB)omo%n*_ImzdWG!gni)iFD`zZF($)?CWTiZk>M-1$&i$N<60
zBI)5sep)_r%~w7qWM=yqgC)lCw4V)bMZt4gSo$aQdX0up2A(Pfnk!|K%ToLfWZVW(
z<xeRyniDbKRwP&!zdnn46}zXyOMyE8%|59%$VKzaKMFJ<)2gm1Xz(Qoz$zffF6w==
za{JiQdqp&zh~&Q5!XKKhZH(zqpWf4_>9X$8Up47JtK>?gFOXm>Ce#NQb9Ogj?cS;w
zk3hsJk-Q8h9<kZI@YDpBwce$YZO7QK6;4T^ui_-z)<`<Ts@$zXY35qW47PX4;rpD$
z5wC^klygU*AX(p$0_<7UjKcX8D6QiTTq*)a)lywCS#3=%5EY%HUaXlGH@%@{SrPbF
zww_RRU?lk1Mq)%~j^=6^m_4&UTQ&j-_ARm@O8R*QfCQt-^?=eTT~<`5K}5x1J*II7
z=NR3)f?!Q!B%M3$SQ9>#d*f7rPf35$gVQS#$3NF3BfO5dCL2HicBRgwQ>7AYlx(vT
zEI)|Asn1r11TV?;*uj+_OX1X~Kx@g%s;#JWJ1BS76W7#HHag0D1&`y@=vBj1RLBMi
zsEpZB!B)h~Xr2IK$$qi=iNIF;Ob?zzn?8hRuxd<&X`}Pl7%WH4gw|p$TJEH`+LPd4
z&*#wUqTYZmlR*FNWQeAdt1_(_I9o%f*2b9d`PyUp6HAITIf}uQfD>!Ao@10^a2<fJ
zSe1_a0fGUiazy3YDYFc_MVtWaZ};k~n(vae9A=MG(*{^RK`XCnpJfp&jGM!zG55%S
zj>1oC@KuZtS3nF@?Ky_GtPo}(`AdYPgPRoRCl7U=+qS3j@P+U=E?sY~{8`yX<tzPe
z6{GAfXj-z0QFYgjU)GJ}V9ZdnZAg<Q&cNCOr%G#0b3>>V<iNi0O1G-`lI;RskZ);x
zqhD<c=V(?X`LWXAzQ6C5+`i^Bu(r;O?_}HtEZhtI`!74S{~ui2whb@5t2;o%bM{n7
zz-}d*Y)vzo%p+?&G0&eRA=2Wekf3wvpFMiZ%MYT}HMeFLV;h!L-dz0i9HOre0VQK=
z9vohiAhuPq(}Q!eW5frt?6JaW&wbTW)`u_exqfl&jDmPxc%)7DpJkp%_iOiXZoYY_
z^7C+|l5vuaB#uAPC$RW1C+N0bnd`6An#12@m9BH1>jr@@9fXy=?}g|D$HyWL`WySc
z-(zgqk_-s)DwyUa@U4Ph{mzRoC_40bFpbu3TD60`_AP5Od{_WmMlyLWY}LhmOth-r
zmTgGYvGU;yH_m-0FGgFMHhqcOil&1^iCcrEhtWGs_t!i6guor8$|u*0t5fesvi;8f
z48Ii=y!CdD@a7kTtup}`Z@O^Ai`BqBf$r*(hZE1f7Z1{#_r}mC0ND>^cdQ55Yb@af
z_wdOX_N^Pw+{<)AB;&WYzGf}9t(7f~2kvub|CegKE(sZ=jV!Y8i@K|^g(`-dJHj3%
zuKYpe)v--FqjgL=VIFL{#=1w@KdPq|YjUSW)vO`}hpb8^^B8p1ub6bs&SrEX+SY;0
zp-*%05B3N2uWb|ffrZyu8}3BIlS@fYXYWIAXw5i*y)O~QYLpN1Y=f`s^Cs_w7l<FQ
z@-5xDO_v)#SY8vku;1VJB7zoCw(_qOAB{zZUoR%DAqk0eL<<#2r~YZe+@8`v4GhEt
z>q<!V6u42E+!$fjbjKpNywO7S;l~8yNMI)2>A?sRGeZgUm_mxAESB@@zRoVw2acE)
zfAhFa{Dy1uM_J0r<g<{_ZfT&^wI~TXW|=-cRL&V@h+$52PnS51k`5!(!BMm*ScKVS
zMG(*X5F1&ceE|9<RBAI7iuCa|3E|Z(8~#1DKa}w2rWlLo)vtf|f;Q6t%myw+7)RpC
zu%>29vEPM~Q)hI7hk@v%w+8w!Z%d4!OikOpa3Z=clcdaxcf{zzq|~81?vgHAWe8mj
za(8d(u-z4Xp+OGj6v=zufLA8Wl%*KKFJcV5Bn5#SC`oeREA9*%S_zAyuyRcV^utZp
zFpxx8copRdE#)iR5_Yq32oxH0DvJQwra4-z#f&L&qL`M(0vCNwnpLeZ{*IDx;%sb%
zQ`yts@U?%P(wtAk!)tjV5woOkDQ0cN7hN%=Ru$4+^hL}PQW1nlo_IK6wNZ*)R=n-#
zWmH=nxx|K-Bsr`w3mb}DRy1f<c_J1Exa>sn)%qPVBUUmnFKbHDa&Y%nv@kw&lrfvr
zXN#6q`W>M$ljGCe^yRmB_?DU?Qykk7Q%?(kD@sVsj_Q4m;PUY`xySzGKF9NZ)m8dE
z&+uzU_;mjjNJ^%tG>e>{ZpcM0`Vh4l*f{pcYR~)ZX6(OlJ~tc-eUylmzUV<o^?nxB
z=te1(I+m;y$JSYwQmp#nLVta{zsnqHI{Ix`_M_S<j`-1s2F0Q)By#n`wN3Ik_VTJJ
zj>`0_o{43X>LU%E1)@1W9om(Lo186(11ZUGBh4H)$}c_uSxs!a41u)zS4@`64Tyxc
z$(3cld2nJmg4}*7@{n*3TkfXWf<e*<c7fz8@tQ+66@W6?eBwd5{-4JxzbZ*v6QwPL
z=2bWxQR%1V(-0)7%+SZ90o=bu^#%Sr5Inh(N?h1wU-fLoghm3USrBqoTEKASDd5!Z
zOIGq9hAAs)??SSW`1crVzHpS$e-=h)MWQQ`*9?Og=Y%p%d%IX!O|_EUc&cfRv_2Wo
z2&p<Lg?x!)qq?7I(y8SPgUcCMMD@Q#bA*bQc6D-aO*sYJ_$#9u9cbN}6dkScXb|=k
za!$SYla^XjA#$*N^8JQ4S1ZF;JTV<sB(iuiv1)m&V;Xa*M`v=zlz7efWTJ<kRDO*c
z4>$Ozl(3{gIl9%I;b69#AT>xaWi^Q+HPB$-#n6!BC}%ZsnfaCPCYB^|GFmUEFwA&H
zzy7<~jkChKAEj--jY+W`rR;Fe<#0r&pQ5E(sbVy^r1dFF98&0%4!#s3C{7%fcoQ}F
zOlXlHAQt{yHtWB9figN*Wa805^fUK4eU2h&E-U!raS;|RpzjJ&b_(GJ1XSXrLRJ*j
zMs+Geig<cLI^j+BV-hb#(Nn!d-iPi3;+3yHhtW%vTvzD`iguF{H^h>Mb9;ifj`(=b
zlX#?7?ZHue?--_j9Fjkbtx54(bE0wsd-_s3eOllSw&0v7S8b{hcmpZ=;J*PcP2VJ2
z_GmD>{G$<?ohkbsBBC#M3MIXR(a_Or%(tw)>M!L71kEJLNWbn?0e_HCQqJ>iV=5i!
z^oN8o_uWt@e#@k%bQ0RatiA^Vm6e#)1oEY{HpZzIn)i~U0;7khc)fR{Nhvv6C=(TO
zMk%YCwp0s=F3SjPDebzVfXkN|GG}%Jh4-gcs;oplvz;)ccTTOq=OzP5?Qa8x@wByv
z(v?Mrwk3kTTePH(#)gv4Z9Rp&iPrzB9Ch7;`;}I*uV-Yy(KDFyueYuH+wN!wrDQCY
zr6QVUU-t*4;?h|YYqS5D&%?(4s6?Y2=nVb~Lt^q(HCAT~+Z^+TDSa>_htUkIfn7W9
zRk!E_)^QMl#uHeH`m2W@qa))*dZH%PPdbWGTRK>`cst2_@6Vce@)186e}(CaH|qWK
zFD_>DDOKW1L;Byd!_ghqlIs?DD#=x3mhqN8IKiq*jM!?8)IoHAs%@DQ;3GqT_iKTS
zV4xIAtk>xF)l#|OdtEFrNK>{SAEt~SLqCt5-iZ1~(-z{syi{KU1!eDm1hvB%E!Iy|
z$<XR!cMa|2q_R=0>*m^Ux;tGnT*o|}ohE>TGbNVaI97B(er$iQweEIY6Z6046oCIr
z9NoJST}qKEW%)c`@~m4MfaAR6d7UXG5-yq=Sv|u-H;m@YrZ?ra(p${|Hrai@3D9Or
zo08XUE_<P_>o#}7-0H)qY~-3oS6w@$u->gleGxQ}+Idj3t6u1RUD-wXw4<tNN=P$d
z!@FmF+*Z%&VO+=Q=y$`J-`TI5Yy9fasQc;=|7Y9bt@71jq5AaH1V7MILfiG;g;|6s
ziE1LUVbgl1b8*SO(p&C{j<UGVB6)f$vh<5K4#V1a?~xzT%$ECJd2ZAiMd7wLX`Dxt
zG&2dMf@Q;M>o2w6{dom=SF`hptSKj0-0%<P<M0ofxXce$6KcMfw$*)a2Hku|zli=0
z`~9&slsOs1B5AkxBG@R4Chy1}TI?A(sy4oIJ<EqLd5q<p+%_j#M2ccre!ik(cWj!G
zEx@lm_XMtw!imI~1ghC5+5VF4{ezU2G^K_G#M+~SSwi4u2(*!0lHd#1iRg&X!zn70
zaFW30Ajnp`S5Z=$)vUu|8S-bRUHOd-i!PuRSWuZF>LBYWX+5HITX-qSi==r==f9rY
z<HO{}s6g-hHFz4=?X{*lMU+@MI)*fSQ6@F#Yh(%@HoetXtzpt^hNVBM{hOugmoAW5
zq&Ez1-x5RdGvw}75-gbuXCrX4C`K7PTJ*La<QXz3;L$6Gsh7l)|BU1O)hV?=KN}Ks
z{nZlrQ)pFeV%SNJg!I?Y@1H{M)asTZ#k?8xR}xExeB!+lUUDROGQ7Kwzdr|YOL?&e
z1B)I;??FF^o|p+F%PT>VLCE67Ogjda&i*DAL7^F>jWr`9z}ZhyXLh?(QSvKNou!J3
z%QcV-EUPD%vjqhB8y9tb46BP&<Ck~GNoB9=W@rTo%iFJ~77N+;&9o0*-@d;{wZY;a
zAq)CE*A+9r0kP#1Ww(y9Zls?7t_!|Re93zk3@;8M8{yEp-6F^#i;2s{myGlxOU8T`
zwdnsF6F2&aymKT6{!k}hO-s>`aO+y_VGDBpjyPVCvapK08e3(h<m|2+@)t_9e775_
zTlC9F-yNz?F^aCR|7k5GL|M1)gtfFSJUZWOz0@duecG8IxB~t?bpOIoS7--3<=m0F
z|0_rN@=TTd7FaR#eiOZCV^Q-{t66u#g({DePi%K=naXV*A-R4gXYbT_*iFg9l+RUP
zcVc`)@Sym(BT-(eY92eo-e%J6<ldx}>g6+o-c)eGDtyRL+jy7MV9+f<pnjDcHN)?v
za_CJk?4TAZx%9jG?i?BY^|BDIkD)o&jkF_%k5#4j`mI6+?_|8Ouin*%h$QRHm0fXE
znk5qR&NVF(@rONiYnIvd=*>_VLNdNG4H1+2aOa2u&4Vf>L?>eQXp2FfTn04MA7IMp
z{pJ@-MxSsjJbF^uJPk8OpSl$CAHO!QQ*MT0qthoDIMW4<v*cJwWt%8$Sk14xOH$+~
zs01(wHgtWdb!j^ikXSQkkb=gk$Y=~$m1)SdLQ$eV1(B({p`If#WyVi!`|O&~oMLEL
zQS)iYO7vsVC#pO?8dD8N%SlpJ-U8}SM)oQshkbTOEu~Yc8D(QW`@hii;RMA~i>OWG
z8IQzK2dSsvli_?bvck&Jq?D_o=9rx_7}(=V92;S{8RECxPiCUOir1srPnJicTF`<b
zk+zIX-fNMW!TK{ap58Ar%JFB&P)<_holyF`<kJHuySqNZ?nY+$rBxeIOZYhml`1El
zK$;XxEk~P4Ae{%YP{7L|kT$B=RmA&j&zPZa8ey;NOp&N%;*9IiL<D_HBarsgz+!?Q
zL7^g3n`VL^MWMo1rX<t8W;Xhi9FW!{j}dasWl72>8QmG4o+YEioE-FIPs*o@I5hNU
zsFkMRYZekK8(*A%UQ#o0L8}t*HAQ^jBU`4cGTfdNi{SIlYv`8;<C~%C^#1W`EZv;X
zrQo2<{PT^5E?LZcNXmz}^}4UI%9d)5L%T8>#69dj{mt4ZYb9$%(dOIlt%`(te!Wjd
z<UB2*FmBD!&nS+4%dt_EQj}7WC8s%$pYA_Vwn0sxWx2b(rIGqkaMcW4IEsV&t7_YQ
z@hkp6HvJBVE6efBP&U|)rsstn<HSO4FdqTOr-9KktR3~dY0FWoLD#gdXLrJ;{vQF6
z*D2x2_Tlx~UVCD+a)q)(ne^fDV|e&HV&$6st%F@Q&)N9x-x+*1gO<y4#u?48V6&eW
z-!_(n#5+?ME&m!+x_hk6c{n$9J>BoGB)*GGcpoClR@l_}0p?qPSMh_qd6-}8x5gry
z#vRw1{nxLTdgVG32yR`;=Krp$Hohlk?rDs!WHe{`H|ts8e;&@%)j=pi;JHAf!MX&?
z@9lUX&}_MKX_=DhpP+;qLQ`(n8|u!bN-MJ5fZ6AN)2jCHRh@UIKeVCGNS?b<Do`qp
zpXb0v)xMd8h6x^g^B=>(h@&KEy1q0d7cLzVDhuS@<lVEGwy86;#&IpP&uS+EOy?aP
zH`m{fGe6aM+$vUo4})fdYPa6KP#JT%)7R^pg)!s$-XQatc*R^oej2i_V~zpKIIr9Y
zTAp@?z?Ii^E*JIFl0~XSgK@+00PC0a>rUKxMuod{A6l@Z*2-&`b|dKzVL)Kg>-T8i
zH@zw&VP6SG=~IQaWI;h6?<R@+h0|*EAfao&-3Ok1L$FsRl7FDqi|%-{?;gxrMjMMg
z2`9)*qxh(%<g22&@4@ZF(Trwi<TC1;&~5V*)Q#W%Lk4m4bbXF_wQIp^tKtEhkkHfE
zVb;IFbh3>A|A&=Zujh-~)VAl9yKdhzBoJ8|W*X*qc2DusaO4R5OhW_Dm*d=!N%W4X
zOR#R0F1WOkt}$<Ru2?@kgbKa{T_OK<die5^>dsA<j_m?zov4#{z%lU!^MR^U+ZPx#
z{&ldV>qnExGE`0o4<Zj@&a#tl-O(_sh&8k|^oBs-R^ZleA5-W)IBI5j@082kk^0x#
z2W3GUtf>yQ6VKYSoF?bx@3xbJLS*RY-yR<~cV<XR@fFx~ENbbURo9QN!Drel7e-Al
zN9UzZ0juJx;z}LDd{?{uMNhI1spr<{6H4Pso!PFHqm8W2eqE^VS6wFi42Cyio;M_`
zO?HlR%l7RLPwNMP-LKk@)xfxDyQ`vu7y0gec%B)Z((>Qszj@WzWZB9+BbM#$tIt|m
zcNP+iUkD%W&Q1hQ|6G>;DV?axzjK`DJvp9Nx=&n)Q{+qW`gje$!FH<Zc-q>JO6=5R
z(lh$leLpAA=(OBR7NV`px;34S;)C9o9E;W=s;jzhTVBa@{=ocxbl-en1xjbAo_wu8
zvtHS><7e{7I}|MEue2L6ZQfbvRP0a;^@8~f9Lc&DTH{!|R@>Zb^YQ{~{q~Ij{9eFn
zz;?iPK-{yZr#DVenqwr?VMBU3N+;FHRP7>uW#X$`53Ui0d{dh_jt5SRKJ{$d-to}D
z&95;07Te)~J}JaOSu5;c^kt*b`BpQw*cQ#vBpklk6?eB+dnZf75k)gNZ<);&g(Z(x
zG0FI~URWlYVS<UX-br3`qit;Q*^OpgN3gytd8kX_Mt-8gnO2&Ojx^SK-Yfl!{zhRx
z`9nH^{sUc_v0&5r?{MnG&ntA=1Y<WVL()++jUQb<%b59U^5k?xs>T+53sTyc^K>Vv
zTG&$GQaDcz(slNYp--Ae#ws>c-Ex9ZE4s;9KNc3BnP^s?7RH{@EgcN4p7U`MjD4*P
zHCPGt*|ITG2IoD}Y|5lD$Jw}RSi|-~Fjt@Ru#=Ol$>L~oDzlI~!I)=DNPp*UGRjv8
zoSEi4IRkd{Y6rg?o1b*bTc~^x>R*7vHTJUZRQn$+f&Y<q_}M9AWb7FR_B@A4$9STV
zl~JgP)%=YQssAIN^TZ8pUMowtSsSay)6!~w&%Xl9QSkW}eOSRs`|mV$L?kgjszW^R
zX%zGYD+A+#yR5T9JU*spj-!i9=cq<dDrA^`ucpi#mwya4__krKvhaZdYsVU%acSoD
z1wrqjHi51!57i-eGIGz_d0HPDln*aPz0WkIb0T0}BUN#o&$dF8iVtvjIPxe;MG%8p
zJjEUdtJVGZsh_2FR~p+|zSqa{2~V|<M7*62*R`ENv1@u>kZ;5T5^pE_qW|fD>+{a-
z+L+QjN<L8_%d6h}U`66m#&z3qQ04xgvO&+pvp&$6V2wq^AJHh4sHsjuKkYL^53c3T
za=)1&-(<guAA85U#~sc$Hxk}dog=<Pw>)29XL&%5vkp%6C*xHQvd1f6=W0{<$eS(y
z(53KQ#9^)VdANDFd!{qv#qPy<tCd>EK|x}{E^mLt9~eovhGLDUg=bWDo=xW)Ml_s)
zv_4~jJl4}cW#v0FkJx55j4WT8dTzdomB+IwbSDK-e6-HrI8HVPAbmKzTJPq6av(Du
zS50cm?id`b?zC%wRg8M~ds}N0x26Ba$AIPouF1p78%xe}+MEL)Lw%8tD}Q!h-;b;)
zb$hW0O>@<6r>AM>8$0`U9<3~2fbKcl2*H0mYYpe1?HWjlz6I=w`_1{%Rclgd|E-SM
zST(C}{|@{<be`RApI5azWm)ZhdphhDnEFaf<1F`{{mNY$kZ{r1yijV8k7dr@+dsW@
z-Mr`QC)?;SYj1zsMEm0K(7FDw{Nd5lPiHKA`+{*rLD>|!FU(@|I|kh4Ns`O&>2b<W
za$3>IWn$a2OlVKCz)#A~hY>)&T%Ub#ubv474~Hgb?aRthWdyD=Bu#i_w;L!U!0Syt
zQK}N~s<jhJS!gS|b2Kw9ky>2}EZtP<jeTdM?9zDKzWn?9QhX~S2!4cVy=FxdTcAGt
zU!_cQUR@A~OEY`JwrkQqAD2v9=^-m+%jM}cy-WLfeZ`~t(r9a;dcy(hn6fHY3H{@1
zmO01ZebPch`An5UdtJ@Ecxi-E&b=dEPDFjg4eSAO)tq6jL2jRC#2eyEs!jHn9GW^U
zYC^4%O5Lvgw(JwaQtqS0BJ=9J&QL#C^mqQplO(=lZdP~y&J(!A&-hCnmo4l3{D2ff
zxs@WaY4o+gw&b>CMe}TK+xdR)=&OL8mw;^0yy+c>h@jYvTbku{7q;rY>XGV^wZ~+Y
zKszfhTeXZ)B3(d!cn8~~NxH)#gOB7(aoGH+!OdiL5V19%kw=H`uLQd@;hGnnJnLrU
zPG=z>t(~O=Yk|Q0SM?p`c+R~>Ya3&pGTWLN6KgOj+r7W7x{dy0$K}(~@tkDi-dx6l
zi28>@Skv*Guha=$WqyT2!{6od)YRtG=H_l??tD86D+-3I#+}@qT=h7Y-+i)wCL{B~
zpG>>@sZFYmg}$@rwO&)GGoRtKKi3RPUz~1OE?EGN8Q<7kjjW8cJ}VAuH&)r@g0+qo
zlbUuMKDWdN|HywR2Luyf<wdR9$~w#Aj99-<+G1Ch3)LB!szieg;Q;IR3BfrPwU1}k
z5qWKGFY`*lLg4@_o%!Zf>sIGsR3>#M_4a`KvAnaLmx{F=x7a4mDdzgZ5T~Ovl=tP)
zUldCS(jz+Jl^g<uv#R@e*(q7%ehAmA;#7a7lWuN1ho#xI9Kz>g{4N&~;KI^u;j!It
zEku6rdcu`h;0)cM|6L)7qagadTLQ;%neo6~L*H56Yb-!G##Ue6t7d5&7BQmp*Eol8
zF>P_dq>;n5R%&UXM=J|svFH)e9*1bFS`l>@F+O0V1P(rJDeldZhdYUmH-RySu!ZUK
zWXK5ZDC{lg$RUJbC?p9wv%%1}QV;XCyr%+>mB1~HZ~?07%Egq9NKj{22yoJiXOT!N
zuTh*7x?JA}o*ppCj)TfRMr9iVKb~_-%9r#xMLB<YI^+)I6P7Npe_6Lw|CogwfR2-?
zB6@P#ZRaD~pZF>8U3c-iZBWY2UvIP_13%N)-?Q|NBvF8LGQX2O$TUyYdL#z*4^O`{
z&}&;sJ~x9@$<6j`n!m^%;0AD8oq4>v+L<ZjB(&gau`bhF*}da<(R`>T>JEH*rkUw^
za9f-YKS5m3BvWbN@UnVOeNujBpOYI??)Z4^ZGqqEVtWr10K2)poO*!nWR1{~$#g~P
z0#B}#noaD)JjFac$47MA)=tfus$7~~gO1;4yF0t9yPYip(`3_z2`1}tzgzDbjdgne
z*^Jyl9UR2hAd?RWLVd-}RhPid9_3fe(=pv%j<&Zho;(+9ufLN%d6>Uw4)FNdym29V
z_Z>CA%ZKM}={C_Q-wp%<ykEQ;NW6K6?NgEIH#A;0TpH{*8hEvyw=tYtH{qY^)R>1X
z&{jWq{mkD8_`3ZU*oPRQ8=>o?IhxMaT(#N;vIaF)&Nq1+%+u-RA3k@jG&s$`!DY>I
zmD^gC>pfXLse=@k<lw?PW{y70z0{ZF*va94e_etn8RB54wf}|x1QjrhlOz)XpNy=M
zc^Zrf^ZJt7Y9bcdM{V}blC~z}mlDRFx%f^D^&$cM$YIn7O0TOt^mgN?O%kh7Az;aP
zOIQxSEyY~P^uqR_#5ZC1`sx{ej-KkXB|i23<?3}J{E%cgPe<mL(f$nu%z;GoeIiXC
z8}!o}%+^};Fdf#kG95y`m{mB+N+m-53#Lc6oJkNS<o%4~#Uw_Vvg&Ho%PzMd`Q<yX
z#h2Ce-WldNw)vq0;Q0p=>L{ZBAPAeUTXE~!3uclDBUMDT!In-KgQr@Nem$zEB{};i
zSSW)18e#Xz8a4Ec>ov}y;4rd(EC-9-`FF`)3z&AdMM<Nho-i7mCE^;$jea2!+{q?(
z_uStzh;d6QKlUMjd50!>y@FYlFTU!>7~&qVz0!%`#YP+675;b+5Z`MGuUo(vT$d|a
z4q?CZ?AwP2$}3ajIf~i%vSPkJN&dB@>`bA*WelAb?(bQ_cra4d5cwhMg%NTX0F(cK
z5vxSqvX=VeI~3%B87N==&}jW?I;`f#r(l&s=brA=Ki1|Rb$ggD`e5|?az=Os8NIg;
zT=Fh{crquVE*s6hgOs2T%hz3|@U*>3=4!0)4KbW&7782fz9E$vkGsGKy%Ck>>g?wl
zUOR*$G}9BXE`K#>VBc<+%2{zyblh8~Df^_xJycdaK4_7~OfVhczCpc^$}?n2DWV`A
zVaYI*{|<P5t0qBp57bd25f`BCcaFqpttEGmXh*7JvvcYf#$>XS?y=(em(AB7wU33J
zEhB0JQJd8jKA4GlS4+#znZN;-Ks0kyYr<RwP+QUd%RG|wiUZCtQy0|dh)%GEew`Tc
z3{gbrte}J25tBTir}$|OQ)b~Zm){~^Q%AA+C6wO^#;pm{o=>4{pB%HqyMWm>Tn8$;
z;wO0=^#$Ay8PPqc+5*mgB}&BNRSNd+nci{GrYZRS03)X4QRZ#dm*@loDuquwT&A+_
zAW=WSg2P>RJS3dwDn$kc;EvEX#4zY4X+VmBP_BT`FB&g2+rNiuns_b6y`orsp4O(W
zcl_S@Ea1?6WOmBU{ON$?l<}b5$ZfX%dzm{NmFd$QFOckXHPYXSWi|p&#0pyPH0|Vh
zfQw(oNnbpW6AQe3>sdhF(0G`#^jb3P0uMa&l9cA_aJe>a9gjAdP5wId)xPK?(IiLe
zuN@fxzeuBXTJep7s=8N}<XZJW9*4gB@tuih8(uyef9q2sjZ4@6P+6_HI|M3llD{<=
z$u)O)@k-=R_&*<*J62!k8b6?uEX@^M-_OAdz`+fS0V>~?+NLgBx|EdW2JT1~ybk%h
z>`z6{R0*uK_dSf>-2yfz(4*{E4X@muGfRzEUQf0Se|Px!7)wmTwGz!FEQY@i6T6DM
zc(gB^b?rTCSPA3$X$Ec3cUbS_$tYAOdJrtwCQI7esiiho`h)LTdDjD9BeKr$f{g0=
zO%o(e*X?AgThZ@tqKS+2v{Qq2CG$UA12%T7E}ZhFZ0|dFLUlRsdB2t5ci#DrmePK#
z@|PDn8y)z^lD(}capb-E9}S;zqwhXz&L6FU%(XiqOQm%ccz*KsEKM!3w<Lp#9ldPF
zisjkBPudlp1@WfM2C0UHyiN_Pnj6+KWwzp-FY(3^{y7A{29N8Caqqwvm4T(nvI6T)
z=|>~AirTGbRao~tUw7>);qf<4`HPuU80z-x?v?pJNk#?x{fG7lvOt5*&b%AH&+|kA
z<%4*TD=0dr*uQ2wxHsuq?!=OSZ}~({fqP`&@q5(MOy}_pFP9DLbZ^es7(V;&JVKMZ
z1F>}HWXz$UhQ(qds$)feZoiMyx9?mTXnNq*`77~a{nln~=gGI(kJQnNP?LbOFS*xn
zUdKzGb6;xg(i){Ar3MV5_6p|%HnxInJlUtG+2%SL?u{#xVo-1Ox(}OL_4A@@m#ph2
z3)>Z*&fTg1@KL=BBhOVjO`BKQD$XpKJ1Kr&t~h90ZzdlT>ag0T*R0p&`}h~8XqxUL
zx0BNuc~8jyIN8!qu!7gTZvK6ia@*Wu+$$dWI;aV)n$~fS<kx|XM)T2;75~6Z{K3lG
zdYi{dX@KD;m&GD{TB6>UwF8H>)fZ*yfSzhj%r?z9`)-@_nNPa($Y^}49JaGF?@v?N
z)2u$vB)_o0^~%9R)X>N>Hfm%;$I{0^Fb@?KGoDWWL}laYy<4Zpf){a@x&9$WvHqRR
z9NC?6qtVp!ZI1wLWl75<*$K|s8|{0~o@3_4>dF1Jy*n;5NTpePE%NtFoVBpd<?Q}0
z2sFX{voc{fBHm9$rqQ>v>n33G2x&DgM-#O2F3I-w@g(jH>`c94Ebvri-uwRJy3rth
z^g)=@eQoN5b3@m2iT~_v{lPCNt6yts7Ua0m?BWULhMuojzc&xM4RI?a%&&VBVwn&<
zseg}dtLHa9Qw!LwYSn2rley6toL!9-a{6d{J5kD=j1{?HtI%KkRU_t~?k25So$bN#
zo%<&D)h%zM1DT0gOUI$C&GdTf_4aS($$G%+_2xn?qMAheIc!)7njF&B+#IoHyxkwf
z{CQdpri<YsRbSqcb-Rg*$bz<hzzbH2W6{9xS4xVh?2$-?Lc~8j8qgNpXpV|N4@%QH
z#D0->%*#{pSM~K6+h{`XYh@S>84T`R=_K`a?_s6!cuTDc+Oi#-qSj!Wnz48<EH)2H
z1z+IMrD<putEAislk2Xgq)ZO>DK{;iZ^~wAejR73$iFp+f?w^?d*^h%N7Abt;!8=g
zpHD}*8rBF+{SK7%#YE1P+U3+*iaMe+9WIun`hyUthk29sU>ZZg`~>`VVAYqy@#C%N
zbSzDt>zWgD!Vre%1H-{zJh(O~Y2R^#a9xAPqJZSbEcJb7wvk+%&YnoPeh?_DD4TvL
z=~o9K7_=0O_B)hc5_4B5ix8v=LV@o0poBD>t<hL}(56FS2LeMo=u)HGM)9l5>zxbW
zitI9`a)F2VcDH*%S<DD@3bf%<8DFGD#9^rrP?&#B7_G<K3Ua@xm+$bBo7Ki-KhDjb
ztf*adrMLX$v70GXffvbqeh-+<)K_Ec%5Ra9w<IgE?5EIDLGFsqe({*~$yehsbt@4z
z8o*MLB;PK(`5&ykV|<_6@;)4+u^KeCZQDj;+fEwWw%ypa8ndx&r?HbK?LOyo_Spyj
zv-j_LF>PMmv)0`6ow;V#y5~x~(~WJ^u#-~}f_1!Vo*5pQ<n=O}GnOs%OijI{J?fl>
zU@OD(tnyp%rf__~n<*%Ly3B3Kl+_KNOzu`Vr&+LMz%8@e1DU-XoNvjxX;;t1cGILQ
z>M!ee#7JvsUAf}@&cMafteTFAoQe8A3q@cm@I-6zQ`~i0<eANQlh!%Xp0I=w6`QW|
zES{ISqqD-@swWSDK7qcyx<==n=W`{(P{K`3s<SC~#r8!91Bpgjeb4L7>+F+qR@M*3
zef=b_j<+*sVeRAKIkIwvNBf(+BaHeo9x{)})fy}FbxXLV*ZU30%9au)I^w(9an;qw
zr95sa&&J%%P)H6qOlB^NqjCgy_Hpj<eY@pWEgFxvF|kRiw{KM<ep!~j;7n`vF7tZ?
zmL44ek0g|XjBR!#S)ER=x5w$!Ph;luv{ueF`@P+P`f&y4>7GuGL1QG&PugSd%QvSj
zIM(u|!3taAyVCVWj6<fe4E719=F9U=EwBT((u=J_?Xg~d1BvIKI@c3Ft8Q1VMMrk@
zERUtqjf|+RtF6Bdzw%99$tSM3zcSu#-(QPo$lN?}O__|Jb?wt_%iqYmX$&^K6TBU}
z%*(9vz>Q8|%d(QYTwV^9?$@_#JQ!|!-5DMwurSP6MNd^}q@k=XJ2hf?=v{{t$9+^(
zPwAXI9K_A)otRGXs3ot3Io-Q0(|29GzFhFoucXlnlVr(SU7aoWYBHV*JrQ4I-<}`0
zsJ+kVad7StJswnGTYqO1Ixv@<qp*&jvJep2=FSStNT)UbELCcLD?Km_Y9Mkx=;mqv
zJWVb$_O=+Su3BoJF@Z2{zeMv=6<%Jy$nE%~@m-lNjz;5))$`#E&Ksv+36pv=G$oH&
zPZ3Pq{P;`F^Uxy!2MP9fSS{3ff^p_kfu$e`zNEF4j0d|ems93yzf_r3GX>l23I7LW
z><(;CzOanq$?6Q}s3#}|4Vf1e&lnc;bK2|Jz{~;>#mtfEP#KCd1&_dwpeTl-xaU-J
zp)FU;y}&KxwAl=Ret5(EdfUZNS=k`KVU5UX!mAA{yCVoZ&81FXE7T&-hwRUuik*4*
z+gmA^&id3tA7o`Ho%eOc{W1l)TH5kem~Ymd6EyoO6d=x!n7VPqcUI%6`evvqSCncI
zTSJwUT+Kbql8(tw?LOu6SP8vcysaono&^SxtA|G9c{)=w#oN_#2&BYn32{{<Ol?=>
zgE`|cMY<Igukw*m!5yh;7U|yPTip=umhW&gr9aMC<WnTveWX~EKk-EjcNOM3$U{sE
z@gNsx8&c>xnp2RSCO#)2KBxLzdEKu^RfHFp_O0T5f2#>peUI|zhSG_hDO=ayzg9?`
z-R^K(bKkfeqXeyGJ~p4uC=X#R>zaMtiIh4^0UF{+intPezmr{zG9uUZgE1dC4t$AP
ze#9|F<DFsLKtUn@ESH;1>jrg-U6RTnv@U@9VN6L>Ns)w4UvP@gDJG3Vz5q!q#flKO
zg|tVD0QuM%!Ze<aP~l@VWwghN3nA1_45ey-id_48!HgTYko^h%7#;=WqRfqwLl4;$
zObw4~AoL{i6!`wo&FJTXB&)b$7X@^=*q4!{P>B1_gg`R^&G;@KYSOX=>eszX+?Yz5
zE{pgGYJhi&ftoEE6^EUiOA3I+CBX(KJb@A{(I>y>+p(q{UC@{KQWPm#=h~5?>TnPh
zb_Ru3<i++nQ^={d$8V7<&%x(6W#&DS$DJ|~WeoUT`dzNpK{qr!PZGI$zl6bP2O@iN
zlqgv0`Q4UZNwP;(oYIer(Cp|vGdrJ}(m}Nr5w=Cu%DkSk5O^uxPV6N0TP9a~-t1Eu
zH>9%_m|7WG87=CGm1LA>lovXkPVD)yCw$6ew!JR{I-aOkY8yT-oU1>2uJdY|kHjTo
zdfe*gXy@iYz2&KplQv!(gJI@a$GZJNZLQx?JQbs}ewzcDvV3LCMSH&})b7q0+g2mO
zBk9%JtP@iyy<1+t$5cM~WOLplAT`=bS>3?Ejh9LNvasKHCMM-^)#XgbKx43e>&e|y
zsZm;0VGlN!>i%dG?TXcj#X_t(plxhc7qQmw<wSLJ1ILv<aV);zaqKOA+HiZqjW#_%
zY1VSIccx{fMuH#9ZlK)Sa#!9TwV)8&lip73nGyr*lfVdesKnATX{(~mOzD&uGE49@
z(H6(@<T-O+^zc0gw_J?ap1e%6z5Tm=-o9|wIJo)ob?MS&lkty(x*dtqGqsg^h{@p2
z*i9$Htrw@tj-Vq(wJC<_>%j%Q&C}Yg+O5ipFHLxoc13mjTaz~kl|2+kYm91(WtLf3
zJq6N5R)&V_#^yc)2i}2l^LbW+CNj_59D0X(1FfiP+#_#wuQKJLF#9b712{N18YIkw
z;`YO}568+*4#Tb}Z<eBU%$dsC%~fyTUQ0_XACKCWTy9Jc4J0ooPQIB})2SsQonD??
zHdrmr&+}XgJg8uenJVqgbxfHKrxt>fW4XB>9k9JL*%540TI@MxEL*PLa^z{nKe<;<
z<WCT3jf~n3&$zr*1h=2Ket$k*^uJtSG+Iygm`<hn(qI~DUrX@)8!_>bp_b@OiEVqe
zJ<VyiF?beMV@nrNaW12HqsFvUzox6#>C3Epf#FyYnDN;zwu}6$hj7hY>P2MvUFX`{
zWAex}NoV<Yh*RcA8K|eM*$UT=4t<Y-Ij)S2cFtbXGsDnG-B?}uW%AW5xXVi>3DF^k
zp+?R^rg4ME=~;<J#^skEn@Nq`#VGm2@^Qn?=2)o@t|5i1@$IN9jjJY?o@13Eox}yU
zQm0F>hf6Pa;h5|sPK&8CmZ+`kudkepc`Jct95mQY(0m#;k9)0fXWZ^C2giew<sjcd
zzK=paJU%?$33NJ-PYq(Ha$W1*E(d^0)i{#lIGyh+qaE5B@mXCRM`7c<D3OVX5Ey@p
zP<<*7vXoe{&Wlxm@@gENom;0b)>-s*lxiq+i}-S;twJNCzHc_GS^j#8!C;fGYF;}R
zhm&RLv|%{;)(*~e%*Au}2KdhtT1xkCA*H|p0Pf%c0C@iN03TC3ZAnLcLn}j8Mr~SZ
z18e>NHmv0o)iV5($Sgzc_Nr=SW#+}*Dhi!`<*B{Q@aZo9*_6O6TT-++tk3FFag=<O
zp9hzm+6iGOzK??`UoJm{W?rj_Izo38@&#}SFldo%4i1oyYywUKM)bX3N#?!J3{F13
zlA|w+x%Q`!0!1Z+(2erDF}JI=HkR|#4whq%3a;pJ>MXWJmnsI1tHU7a3@taCo0*W;
zr9)}2i=4O|SqPNc^(DHpjAsI`rW%er`7=m2nJ0UNktS?j0@Y4H|3GhUPKZi%B4qM%
zf)M`Wu1=im^Scm!mirhuxH3m`W-wvnc{$ji>$yR246DSlPa0kM$g%u`O^T}dI{cy)
z{=rb)%^#>?aQ8UNA<6hmefC+y4K5ZGP4yPJ?CLbA_s=y(X{0C<T9M8s_4D(eW8_V%
z-Hl%l^qSora%EX-cDP&oTRFz;)zen33ZK4QO^M$PN!!~S9&5~7KPI)_^e0AX-=y6+
zIz8KCc^Q^Z-@GlT99NVxf1*fY=NOAzKinE~onJp;d@kRMe0v$msF$dElu#c#`&|3r
z_n2=F^ZfPgD0O}Di1V!SF^R_7G0oEh=Bwu0iZi?BgfN8pgxDt?J1ibTct|u{Prr|{
z2QE7~6AbM2-_5QiA~NSmhtc!*G<zkduF<5@;t}K4ga^U&u37U-PnZM`xy1)a#}JW%
zJ)X$8tPo}7z10DFmMHU0_11(Xqfbfp_{6#R4*~T&KiKe|Op6OHHzg#?cn`fLYMZH+
z4V^V&zlgfH8}w#|sK$D%j8`qRF{GtnW~HY8(CA;_pCeaIOs}O}#;&$(bsuaf8&x#g
z&AW<ZU~4`Zt>v(a5=L|xK-&%Z9Cju1qt$iUcxC6{@F`1rACaQn?crcmD*-1lW9?$A
zn>;B9?#HwkB#q%SvUM|lv(1H7N5+mQ4<Qnr;ATt;aX*5AFg#PVSbZ1RSE6h^of8w-
zfch^@!MdEjqqHC3jKETf!6MOv7prbtzlQR6lKl9nLhNsCNdNJvnF^QISVI+>RrFia
zE^C;}fF9*H%)M$Auq|-3`cvCroZLnW>=Cs%_>NtbkV(<RF}_@A?5s!u7`q~B?EU7F
zA8n6!YVr&KREs6V56jtMNMJ=g?I1c!4ENsLCqC$hkeT838H6%PB&hk2RCoSm-{M7y
zai{U|>R8BJKA`D>gmRMFlWi}Z4*)G+z+i)SKNz?JekMEYUcsYA^^F+rX#?fgi3fC&
z*O4bIac{D$NHF&GAiDnCRm<6l*QSd$lv#?xg~fCrxOS%N4+6|N`9mkWM{VWPo!J~3
zb(dQl;E?a8HALpTl4d=P`87#|))WMi0sM8}2FksA)ft1gHulU@2!Iz+SLf`(2%xD7
zkUqUna0G!ICLMwlzQc!YoNneRG?5z$A#YJ*Iw#2CuT|(hXx9VqV)#I{s)De-m!$YY
zU4SvdJ0II^KoH_mM(KMJZQD@~L?+_8Ch34%(au@MJ6da#&pr!yMS5PW+p-1P?rFEP
zqrtp*B5I%|^EFqQKY~O=@9Qw|K1;&!eC@WqpV_eRu&1>!x!wo#NZ|Ba<7IpVs!J<G
zaQlGK!|V{$xY5CTKtT)rRj&NrYHJ=3bO(q8wVBy8R+BHYc5xlS1)*DOZTY(Llp^?4
z_|<12%>NlE21eZd^@E-@?kjOiXfCZ;BOr|Mx*S}cr=edfs>LPJ>1{d0BFu^iWN2rW
zw-sT4uwE=&yg0Im?Xb3&%<+ViQH~!b)S^JJS%no_*vN<o=0Hddsoz|!fw}<vEndz{
zum@aG1TaoJ%@OMr18gm~d1LNVVtBT6TCs)WwmUP_4w?h{;uGEahUx(;Ekl2;&5E@E
z)E3uxt#XNMg_7n*yBTp$v#lOduWB?=1B+{Rx%Gt9+9TS`oeB*)+D2Q67iv3$4y!6C
zBFLxgXsN@{NN8)MoP+4EseIbgRCkqVW=@)SntAe)#fp5E#GB?{^O2)UQ)3gr+?$JP
z>p>(Nd}3)o>WuDwX`LveSd>PN=d`&sP(`ElSfeP(m49*9x>Y*WofrkCP;9-eQtY#?
zQ{vlMmX~%`%-0_LZXh@|R@zXcNKRe|4fq-#-F(O``T5dAuB_YFsbtINJhTM)qY_<H
zf#yT9gFQ*NJ8`92?!r0E%=k`Ei((Kd=lv)|(}tp}l*prF4JvhnOEp^7$bCq!9{wgF
z<~aVEhSA%UqUlN~+h<BD5Tr(9q0!K>J^)@4I&JB(tMq~Gi{|_IOh0u9xj=Qa(~i=X
zk`LOBH97IEOGRAxhA^@6vR2iyegII>S-#Tx>yCyzO2-188qr<qipLUpn!u{+$MXTh
zMN4&1(@Iqn@&R?np-vj6ZZJ$RnM)q3@Sqtu6H^bx^>i)NfWdmtmM{LD#d)i<-FbDo
z2w`e)8#W_dcNp`$=h)$$p%>@yXMCw>uW&3|@K0}xo=91zZ`14fo1f+)4A&^VgtDkK
z??=`?V`v||UT6Iyi~pPmY~R$&r~f`}Is0As{&W^MGtj2{dmg9#na7>}>qNd^qn8i=
zHhOs@HVZQ`Ss_*J<bCdPa;!@1U{_bySL(&5@PO?U@vDe(FDjZ+(I062Ju?HJ08m6}
zd3~7T_jGkO{OQr(fB_{lV*pW_deGitx&R}FXmqxQP#XdOemC#<`h9niZ{E1j@AHm@
z5&jBBG1L3|-hPi!+~3C@|CB$BK0Z~pe#a;%ccUk+#`DL7wcJ^!tpJVNt2awy`Ss_i
zD*?c+#pilYzQYd=N%s)NH6eF9AL?sp;9te?ijj-UeVekAA4@Vrr{cl56-ki!_>|O3
za=|)e-|1X^@4X?YaCm)bARq%+TAisLfJKV}Xwa9f_u5^q_QtH&+R(j@l(S?EZ@o56
zt~U1;4veu?xz}93m_G0pI<_s6@z^mUhGc8(oiK%H)na=*U9JzT*EE=>Ey1nT;%LH+
z3`IP;?!5R~Dd)~7Foy0((<48ySG|EYJBlMe$Y|TO@>f!vF(0gX(EAX4V|~~tc>|_K
zWRMzX6OdF)hoQ|59D>&INd{At{kHUe4gOQt2hjc|Ncy&g%hr7wrcdn!o$TjN<!kbd
z%RlB*+l?ykP&!)$%g9E|l*khmsFBOmblI(yuOd%pR>b?LmTzaa>wUHDhdDkdkto*}
zV(KjlEjLi?`hw<ja%m>79U>Q$Dmf2Vd>*lKY_UjKRqM_uS*&+wvexgMyn30{DxGXQ
zaCQshZkp0KWvaaKgtM?78hG8bs@!}EdI5!hdd=-5Uf6e?SiZ(lJKYSZPxR`TJuYW{
z7J_fccC)pt-q$v}k2vc~j6zM_51=k9T|V;hIh#@|h4j$eNc+z88Bij;dI4!S{1r?X
z;m(mU1fPaLAsRoljeJlB^eGj$65=uz_u~FV&;@D4PB?Mj;K7Ptt>)RAG77#gl8<P_
zPY|7WI5?Lx0tLU6LGYpG84Z8fujW}mauDKyT7JPw^|geu(|ZpGSDX&*DhE9gu3#F4
z-M~{}x(-yT5aZ<@Tl_pnzs1o+Pj8@zyQ0KMgNZ@bQX)#uQKxKu;zMe|USr>FZ(WF7
z$?+L!J;u_Ut>e>uljJI1N#y>(t-Inhx9OpK@S4!Wv!<WNa-)oFyNt}~T5f;;VzBrC
zJ>$#0hvK&SHI?Egg;}>dMalWpZ2ZsH<s~J>CG2F?x!s6PdfMdGD^|5mIOblqHK|4+
z+qIO7$~62Cjd5k^j86H)%VfmJu}_h;#bgZ{lJuX&1&Q9jHRH2G9??@UB*attfI;q%
zT@+0oj7wxO$WMjQE~g+Yh=>RHC=NaJi64QehIk1?h$dPUxtVehht3~Ls74~^>mh@8
z`CKJBMt=B|3I=@M@(rHmcW7Fs%8yFoz)~eJChEM7xG>An1&XsmhsU3QFq6CZ>H8i~
zf|zY_%Y+X7_AvE@7)Jc2VLHnWnD$Ee-$)@MtF{P%X@hsi)zADnHdzz5Ik1cu8Y&kW
z^woP5<`(t8CpxRXN{<YoShPY8I1MMFalima=;-M(h~f&xr4ab+1Ou`SEX-!<<cZPI
zarA{sI&>R|EOklnQ<&BWA|wy>BK(+>^nTObQuX=3O#5l+gGH^p-JHQ@cuE;9El*Y(
zs?nl~<pH3gk!-CPa4KZ&!guD6JZ$W-qFo@s-<TH&r5A5B=Nrm0KnG|rN2Hk2s0PIY
zHjVK{Q$P1D9kRBT5$)?mmsorX(Dl`^9x@VO%&#H?hxV6V0Q`hgH(0Qz1cLCRKore7
znDL^)<b^-F)c09(kQR`F2fqjun3kQQUuZHES@PD>|7#Iv_~2EvzeD&HS|L0}A8U{;
zSPZgk_;&C$K~1C$b_}G3@Qzh@mTxyYqsReXxJ(Wv{vof-Byt2lYuejzF5X+*5H#Mp
zcfQV0N5m#yIFHYT&o{S*7=NV%cxW85N2~a@fMDpXLfUB7W?nyuTTn@QuMjOEKBFbq
znBhzISC|N%oE1{>K;_F)$V*^JPZ64p9jZKRg~1WXoBCeEXLE7AoyK@~@Hh}aeV<q1
zbtJk=d0$cx7*9c1o<_75A#a0fSh?3R@(Emwc-5o5YCAm6*3Pe~gJIEw<c!j&<Sp3q
zcjrO175$esPP2==VODuzYQ<GT>N9#MtoL_()DzoTYdG^{MMY+kV-iXB`zkbXY~SY^
zYk!b}c8?>XJDJ%uv|p<BgQ54jxxL_;(`1~lp9Iy!8j%r~mw}wtcO$!1!{lX;$#da-
zf|%w0IC1`FknwVF+JHU0G{hT4qyXKgGeX1$VOJK&rT|I$4SyN*#Rs!*Q-tq1ldvHN
zm6nAJs<~q*fY`dK0<1w+d1pcaM0$jckI*yq3U;4@bJsQ~i<$lIQ`hY$whoqkHaD2s
zv*eZSz&<v2mlFM}$R5itdoyfzd(cBw5|Lxg+QaO)_O)aamv#k^t5+);fqWSjYxDup
zs4`Kmj`N#FvG%m)%Whoic1?}*x9nR=yUDOLY_em3)7*epzA~zl)5SCpEMF=>diS)q
z0=s2?z<%A0-RbIG0b={^@{K~bNMYEekSl6GqbzPu3k&*6Y+NE8$Io%cuIdDq2UxnB
zzY540MxV80k|%70h<Cp-*OAyCf_Nu00z|s%7BI8KPaP|dfh3zAI%vN85vUCWYx>Hi
zQxg@K6)I;7KyCmy_~X6SrfG&-ahK4U_lV>7(X?+C<5tUng0$kv3=y&WU2zO7-`P?g
zRuUv4C@RlO70H8!XR)-+pL0Gxtx1;OS~>0wOXjJSGkqKhS}*40X+Pf&n@#DQCG>%4
z?Dhmm<t5(tM$!VuwFNZX^nn~4x9b^6#lCmLACO@^7eGY0tMmqW69c#~fe^C=Mnq21
zBcvA5CWHfJlVSr0;0{5CnTDfo7T$6`yXSCzwmiS*fIEge*2QXnknG90=zObv34JPe
zW-eTCzQp}Kp~X*#HT#)zN%9?DDgXZjv3{Ft`yYlL|AJUY{{pf8E4=FeMC;A>;sqA?
z_6BDn>Ddhc3Pp3k2>b^uRTVQSH~hW@L+HOUk=IO*+REv-mH!6-^=st^e_wf$cD(w@
z&sF~mAx9_xFa<D_Y%*l9s!G#+lgbXdaJMWlrG`Ttq%Rl(FRO`7vpF&}r_Lr&w~rI3
z6RpZBD7d63A-AEVASni+Hzc&}mDp4`WuKrlM6?cvR{ny%cSsetgV_5#ZI;*+9TRv!
z;;OV1v|tC+{E%dS13^vY=y=~lxE}`4H8s$9$MBm$0}i1*;ekHVZPmSrm|v!lAwdCv
zdwzjXi^NZ_LBH#h{luW6W`Z^}AOHYh@4d1=-zWQL4C-L|8@~PzCJa!Nvi>B5w)U`~
zNpUei?5IY9C=S7gET5)X*<MYsbm;={KDSM4(yWc69<|cBJi}H|q#e%|$VWV0p|?6{
zLP6;ag}mLSco-0t3$K0)92Zvf>*z^~X}YYV5fje$r;|~RtBxy;XDUvHH%~OT7YfLH
zWfOWG958HUWFa^Gi(?YjJA>1(b+6~fm*Z4Ad()lC;0BC}<|<{+VaQ|aj{OVVNR<SG
z_7PK2@OYAK(^^z{#E8H%B}D%jXNCreN;&IzMB<ZZV$R?eC3^HGE^+=f`*!S`N183n
z<x51Ar-19PGzP3i*!)V6hD|c8wx%-#F(exL@q}734&nLW7`<{`+k|;jgE;+sy(}W(
z#7g+Lo#c`7ScsJ}EsTqGW=3P9MUYtikj7~WZ!(`9N#^CWD$3hiR8+OKRR9V<%!lQJ
zIy#+QETj72NIFyy&GVD5RCXPIWN(zS-$6cAM!tdj(s6l#M~HTiXqF>Vh2tP9$efnZ
zB12WES#DjIIxF0BqzGy0qExyIUuwyLW!@ulY%|csavdalqfpssg0I<AQn3mWdSAEt
zZNIU5cM3}<Wz<P>vTCo3u5W<(XfK=8DG*{a1)QCmlzmAVAnBFt1?ar!-r9k~nQs~J
zkpP!EBLtTO5QpcOW<VFi0cICE{6fn6oLXO_voN*5kXdSAWy4W{Sx<X}o@&JI$Y{03
za>NNELU@c`eR-^47TN0kRJA~}R(;NCx_DOIa*;_Au)+LO0aa__>PiJLL{16+qV6OB
z7B3f-wPrFP3Mj=!9nfrUtit<2&Pb{PuNI#Qzn$wvWrFo)Ax|C)N>%For7R#te_1Zd
z4QFO^WiE06#%Om+o67e=^C&1@K#b9F3{J1gt-5y}CWem>!tJb~MI@KL%>t=Srqpg1
zq+5s63%Tf9w?M?K`gd#|p)=^M?wns0(4yEN84QL`z{4GOmO1!EgW^c~SvLtjBKE&{
zJ7jSX#`HK3`vIc#cH8h)!1$7$k>mx_)d;=R*;-ED3?)lR)o9WedCaVFn??zJjJ0v4
zuZDvBA(F$I<)Axr`hjQXX|y8lE;jipglX4UMzV|^!{`ck311g?=#>KixBS`Fr9(E8
zYBWn2La*M2yxbmC|Ew&$eGnPlT~+8_NL~?yP<~$%5Lvz~*Zum%oFzKA3a=P!MyQPr
zc@}=iM?$usw<HD}A_U~#02CFMm6D!?9((4_8#R_!!<gkqUwu@rD0DsMTs^P{OJmvy
zP8pX!Pw{%!(><BW3WK!h>08OJn2RKW(+<7{J@g7UR&CtyJ$<`p2)y*jIUSk1&o}P4
zAc2_jVZm@c1mh?yr19aEZ_iWD!*<mUdkOMl!GnnX{9dr3aMwf{9fnW_DBD=k<T3GI
zmFkG20;-TlXn3m5GGESQ4CN<Yjr+a+(Fyn&rwAOWm{i~6d*!?QdETX8@%_IBr+>~&
zzvBDf3;%x;<3+=_d5~#&0h5P_haq;&fayp)nJi#=`2m73(2@`coq6>yp_04AB4@LH
z7jAzJjz5&!xeNgY0H6f@E8+H^k0t&dZvO+5l!u~JFs2al*-=UH!%z(e2VJXh^gWU&
zA%nop`E%74TxPGrDBaYIld@6jVOCD5>kw=+dar~uKWxhmZnG-_C}g+)3jP}Bfo=>Y
zp?^Bi8jz94>{A{>z2}<S&Ev7_`E04O^-Fr0^P1E<fX#v5@+Fmj(846|p*={6o5zmr
z@0rGVyFA6o%hGzwz2QR-m4sgPW~yYqLr$u_;0Pg&Ke-46wQcB&W8D%5amNN{sHVEp
z&EE1EEZ~F^LKf`~v-u!7%=+CRdQY|NQV&Nh*ag-tB1=IWAyKHTVE{jD&n3NB3;9Yc
zQ355%&f-Qji|PHk_61nUG{rhg`;FrYmKjk+%6wFsGV&ShV~5t(@c_&tfoJU%B>NN~
z2v6>Z^VHfeamMZ^mP;{J&vM_fq1!W$)zY}A19iV+Jg#7{y%sP9|6sFs4soAvGo8yF
zeoZ8GVEp>IFe(Nx&(rO}{u(5KVjVY3Y`~cJYtkchAm#$4CfGD_|5wLKVJpnAK`Oz|
zPVAj|g~=<uGKcXi!Z(_|`-i&MLC-y$WGD-{O_Rj_oWeV2Wc=JqnnvL_RLiQgVJ@S_
zz=jM`lp}hymLrXpM!=081J#%~`1Y$EeSuKU8?cX~^{AP<e2lOV((CAIP~Y#KJ4ST4
zj#`1W8LW3qm~~J-v1b|)L{U9=+tf9e*JjxiJNTBEBkUO#)Cp^Vz16RiO9v=&W}q4p
z6Rji0P?8|Y9xhjP`VFJV_|hV9`avm--_3iiRvzG&q!p-^;$;)#)7}&vR|Hu>V4Rl4
zESb68xP##4nP(?nq)yTXSA!@_SMcSqKudZf08ff*)4c#5TT6f+P+u3t)}_0@94Wa!
zNKZ4#_N+8nSD>3T_kULRPqh@6l46-tYYIrZC4C6RUzoAbbuBdYMNLkPc-r#;$>s{B
zfC&C7b@SG{qOz=_z)a^@d7e$XX^UYT$Lgy<RSPY+gzM-E^_b*vI9)3<!SD?566z&D
z;=IIJCe7e&5Ug0F*E$UPj3fyvGs6f`h@Xx{mKF43PShiGg4ONXLRoqpf3<-ag)}(T
zF|<KCc3Gt|kdG`B<(DtveK^L3mKltX;B|M7<M@VS-TTH30=}`)Rf(!B<DhlaW@qMN
z__CXTLW(Tx5V6YYRM|fW#lxCy3yG|%WZ80};jR`G5aNlD*<Su0$4+8wC)Cah=U;!v
zEb=n~2yw_!$G-=$HK6}{1hBFGjqmI~M1X&4Xd*^yYs97`X<=%`tH!E<?9kED(w0cv
za_et?DVTECKh_=@8Ln;CDcOcWGl4_{2b!1>X##*EKq7!(s6~QPRaHr@0{UoF<{g8C
zUQ@-Zssadw)-?l|QdY*>I}C)!O9+&m3grt8ZJ`3_)XCt701SQ+9TF0Q&^n)z4Eqk-
z0T~vJD>hL7fZC~=>~2KfjiK-^|9A9h^XruMKcLTF#yE+O%Sy+Rk59#jReMM9DM_(v
z-S2(ff<N?iA#5Jvi3|7g)slNZ(c=05W5j89EvTO*aDx7B{XbvkKwL=lUtj+p!})LP
z|8Fnze_KDr_q|IpDd{nZdfE^c9bO=CM&eHI>P}2<4xHbu|7TVuexk;2dAB{{UvkEO
zM*n|z#{XvjzjxRF2WKP)(x9Ea0E7MtAbbQIdqM(RMN3ad&roYmPe%vr10SuYXEXq&
znj8%P1;v1<1AeHdXRrgp5gQj12MQsJ35x(YT;&Uan}h<0i;sD70xkIs^F+REijuO1
zmtr9rpvJFxVR3O`F(rl10u~G+1eCtI%C`Ed%I*g(eJy>C_petDZ9WVU0{A<V{e0yy
z4;&Xp@613-?<QmT(?=5T)Gzj?|Lrn?rR<1!4==KmfV#dqN-=H)B`Ikz9#T(og`g=E
zw^=}w4JyBpT3$*DZJhs^W~<$ybJHF0O7jFw(W}2n8gbtgEVTVOoAI~@rpNv9Y}jBQ
za@xc<E??6x;;oVxnHdoSd|K!hJnkLOGwY3+BFV8@Y<D~{U!Rw)g^c)3IjqX{XRXMc
zrB90J_P*&Wg4y^$&TgJrR$KFb!Z3#%BfxM4F|Gmfb_1^>Rq55#z)ilhF}=6^W=8J4
zJClUpPcaY-s!P&!U1r-sPdr$+Sd$gb3@A0Lcw?rw>hzd|ASUwhlADyoX2e#Y-!Pjh
zQVl6bz?TTXaclxcDk$}{wq}*jfYK(}kc7S>7N}E;V9(sl1XRBPYQXjeb`12P%usy}
zW*?zKj--&06y&gC+*Ar#Mgqa!_+i*68TYbRm!K8H7+m=#JFS_^f=F&3t1W*5t-l0`
z)bUb7Me11Kb<5K=RsOyN*elLIu;tGdNC|N$?GG>jfM?9Vge~>|-@KFRCd;4E=3?R(
zY^fd34qX?`RvalqVldZp>&KP?CMKYK3a}iYWvZps5Y&eWo6D0ve!GQ7gIZoHtbn8P
zI9L!E!FJN6RneX+42Nl$loMCg;>UU1paTogtg&|pF<i7m4#xA%)9xI9d)t3|vww<Y
zyu@8zcBIVmK@4Z89BNi&qk+t8>qk0RYV@!TxUKYGe>xrU3i5(=MkEkznU9w48xTxJ
znXwh~MvW5C^eK@|?rcmFL;*+uAiqb~4i^iFamn4PAxFxKNT@d=Vgvl_ai`Vt*z4MP
zJyx2fd)|<?Mnr5NH#I}2I&_hGra$YQOCTaGHRL3){&MpIYEe{~iZ|bz4e%0J>$9uW
zJCUr)wC4LQ2B)_H(Ozmxd~|BsH==pH!R&6AZ+#wVAt|y)m5qU+n3okYA>GWVb@EWC
z%YiM?sA>*2EF)S;Dt^4Ak|GxjWfkNs4&&%5I|OV;0D$+cq`#CQ-5W?o;1H9>FgyA)
zUZue}UT#S)W$|G;Wk_n7g&=bX*Vle&X?z)XZy>nI2>>kbHVMFq=uldO{-(m=-J(_%
zYKTD;LU4@O7!bsn^B&l46v_qIL3M{_Ol4}3^>21uq$-5-JOt7gh~N7PbAb$ydi*90
z$hpzNsulb=B@MwA6@86^f)Euf<QIZZC?c6}bbv`0gaJqs<!l$Vsi%v;m%s)GMEkRb
zF7;p?H<x+<gRb={PX#6)0S+9+nwOvab{pJXg&P1b8*l(H?utA=ktJQO6GxavR6_cB
zqn`TRjdye#-=YtN52sAKGsE3nP@pk{IDGP#TuMGH-7{3B;sRPe?yAvGL2DRNe>{y3
zW8!6{c@7jNQjycwf{Ap(kYd-1gKQ$>0L^g!PRzb^Ud5v`g<cssKC_W#YQ4H`HB%5J
zaCoaTp(4$N0d1j2P9~yWCuW!?Ii@(wbpO#hCa=9`ESSKqvFjA<rYO>t{-8Q9!?fIJ
zv@yhE>e!_4`&TIDlvIxzS-<n59$($X#*g7bm66nQ8|v*a*#1l_;jCaXg(7};8CMfy
z8x2yD`Ap|!4P`T0)k8Cqy9pTX%f#$Q&I{J`hmMtzTF%?mZny1DBA0p8ZSzjbC-r&9
z=e1zeOAwjeU;1FA(5j?@pv_JC&W>oFcvdZgKw%w1F-gqyr}dr8&n3BCaz5~5qcC8|
zeZo_S8ieUmD!~D`MC5}xn3RJdE;NR<pCQ`vj_6B>8jLWQsp~|_;~V~hT|XuA5P`Z5
z#B%Nm<3kG@oa@-1nJ+VFJc+?3vck?rQ=14!<F3WLAU(L3BWS~cy*ad@tH$IK4Ou||
zoNm889@SlWji=X?rgLq7+{9QeqDe;=OpP;qzHBPi5WX3<!Uc$;X=`bOPV#NAPWt&X
zwZ`tu^L5=jjVQ!eV}UUW-2g=ZqqryROg{RzEN(ayPVu70g~F*^-Z&y1-m@CTvTmhW
zyHP2NF<SA?bY=Rgn5uL9@-HSLKP+o#p*#pxmUB#^VBBClxWMOSq<HU?X1~BZj@YQw
zYSE2QxJz4-mmbn7((h+SfBzOtniFH2`5mmmAze7@M=F?oZR%3E)0V3wD!WSJr_Ja&
z`NG6!;Q=z2!{|A+O6JsgFcB@w<*8K(bCZJi|EZn!duu;b<|v)jRWBS;2u?89Gh3=I
zDb*JbLQ`r)qvUu<6c$quQ2c1>d5fevwZr8Jn*aeaXq!{5EMCx)bS@$b5KwdWP>-Pz
zl|_GNlXI9ltvY<kn-PFcV;_mBzaeY?Sf|xv=Hzxo;?CGGuN8=)$y2nf#PjTSp<lM7
zu=~BIN%p0uL$lLndlhtE=5cS}x+GcYZJiH`n?1Ce4B)B`XY}|Sc;q8!7k{Q)9Bj_i
ziQ-pBAr0{lb0p1Z<g2r4^c@bWbzi^qezjFp(?G5iOBa#|EtE{<&7T#rJv8mkCF&!K
zBbGaKP-t5>nvBi8(Ihq$IN2tC=~@$+nx*mV3v^EPi02F$XOg9Lbq!Z8*QQD6OooVk
z4$2KYVEq&Y1Jk!{8@M>#sRr%Fvr;WFqX9v4?ge%VWe}VOrAvTE{T1hgKMCBoSH>O>
zDkS?+kJW&Wi7;T?N|e~ZNAbGA%&(7I6%xjO)Dc`vD20?`uopaK#~^-Jk1W!VpvU59
zR7($A0D<yiz<!rrj5=^UXYwB1074g1sHcgvSM0%}AtQOhW_iRuNiH9d8DUu%d3j6-
z!ge;QpwDKuhs-L^zXKDNp^p~TxY>l0KHi{;<0Ce-ZTQ)zZ)~D{>?2zsWHv2mfgc1t
zd`s58*yAdyols22>;xu5aD-c+X5m06Ee}OUdQyr+m<zAnShZT<XtS)b-`8ZUU#*|B
z{PBRHv4}3M;~g+@LH#8vMZN!pN>NIphZla;GOvGb?opMK6dQyq;RC*FtS^MGFZe|Z
z<zfg}oW)8;`R&PKTxVbFJu2q`4g8zGiKGRe-1P?kZ8WCS-B=n61I?l<L|U9%zaQG%
zG6$f)9?NY$v44Exenlqco$2A_#h&4nXEC308i8aFdYEC0ls3<2(@g+HCwp~Q5l+Tz
z=dYox4bLaLdk3FRalV^wKXrpzDjdzJ<oX7eVhhM3)FTEql|hMv(^D^Z)70{^5{ZLN
zT)j|$%j?7Acty3{PFDlkWYAH07y$9}P6$wop$va~5qUI?$(O^1E^K;1hA76HFD$<s
z(53N-L3Dg{8^@V`qUc#SxaaZ{?^hxau@QTCJC+^$fmHG3tB55?@)*(&Y2IXbHNJFd
zfux`W{?bfm2oZl$K20Kn!9XF_2$`i|*htmTojuF1k}KV*<!G~fr5Ktt4lY=d`<`tR
z$i}%FDz=gtFQhE@qm>xU#15~^vgHZ~84^UqAE>75NKj6^HhEM{hEd{zXU0IcSq+_6
z>Pe82sq4`6n`r<`w7`umhGIlw_UVc=>C{d5jy#Z*?qB&#mST6Db{`+MgThv*C{tPf
zfyI8p>tgrV7R&dFB=cSVe4p<fUK{-n{OV_aJI6UnOi7KC|5XNV{-jrbF9pl~xfG=M
zZe+rmJ>1*XWd}w&1S<bdtqvxe+AUNA*l)1mGxbq+Y4p^QQ9~X;oP)n;9tpj%3Tq<y
z8Ho7JAZo_xca_7>Vym5aOT6=aTXTPDYws;gbA#VXhySI*`X}o6Uv=)kX=D1y0h5TP
z`)H;JnLir%pnM25CWhi<w9o+!rK@$Qk=)xj*iAVHQ|wbYq`OjKIp$<8-Q{#6WPMa=
ziNninz1d#eqkGi)LNb%b9A%3o68Gb4bGR&7rh7JW*eH7p2gVgzYeyy0VJA!id*@>C
zDfo8MHn?Caqjdu<ABfDl>jmGAcmED5wCoShF~8kk#`^GX8UO$zt3vr-fBfyAKTE*s
zY-j3VNNr)QZ~m*&;w?(h`6++667|o1x0!MfCH$^W?p^+(-+lRSb=|M_!`{E~yA=8E
ze|a;P7Vn=&t3tzXSb-P(YM!9z4#qauVEoRZe*RWOcCVfX-Xm+~du07<YyKNW?SE)F
zj45@>Y}2ASP66cPb9vU=08`@HD$D}nCCd`|`}c}rNtY#tbn*)7fj>dXel{W&euez#
z^a>89qJr=SvNiR!+<|1mkyYX%8oFWK&GWTm|FqCX*NNwXw@cWZ#XI^OQrnC_xc&C!
zan@E_xia&7y%Ag4YG?~&)<!%)(zrb8wJM1tyC#BTibF>i$W^%{Sa<rnrxk3+;-g)L
zv^!5zm0IHNXVWs@;9_ba*%(9rz<9FZ1KB)eoitsWLv&IsQ8{`)?OZ@-i!kV%BrtV$
zd41eSZV|0FvqktO;o?MYd00H$1G@R(=elr%TuwBZV-o-wQIr&J(_8M&7COm=M22L0
zVa~Op4{wG&5Jd5&vxD#&@{ezKvO_=g3sk<6NWn8+0)H9kii1z}5q&xh57^~z%~XaE
z@Fx}4#4{KbgkYQY`qHz^Y8X5;HX=%t8=<6tnV?%t-17P0*pc@1$vPlWCCZnek5=l|
zk8`88EtPpPM<Pp}NhaHk8YPRYPU<RC@y8X-OKm`+hO}O00b3#T{%Aw%tpW5^0JA>%
zcOu?dOa0Y&EVeLC)a=_Yc@u#%V0a}}ces?vH9MOFW1kMAM*2rqt^eWZKckR1*W%OJ
zyVJ0|pF;efTW*&B^~^jWw%vT07cIz<WI#UPM6}<O3~LE*f}en(Ig)z?js=~)Ubd>+
zf!_E5;@cy{6j^jR;Rarv0jVmz0pvZ;0Y++Pj(|iqx|H#GetYfGrUt2^uUpKS%h|wc
zdj`#B`I1xe{kB%9EnK18?FS@62>yrH)4SSO&UaF@$BUpl7fl7NJ?_ZrWsGDjv(<;I
z2lgRR_;Z67MqE}+N<POQa4%G{5+B-tLhbHI_!gVmcjItF7=Te6d2NCTB&S~L^|*Uf
zg-O6XgXPlC*(tT%Cr>9aA%izQOtoQn&mTd0D6a%A(uPg$iru8fV0afM#Q8d6FdL%g
z4b&zm^dA9?laCm<g{0G65_?Y{#kdplV1f%E=iTmAv3*NCMVA^_WmKawH^Du54BTBB
zyu@A<7(su5drFommsUN3fgo8zmgIBp)BBWoYcm{q1PN!31V(|#IT1ChuT(c$w!=7f
zKo)ff4qX~%qjh{IRQJgg{np;K@@bWDba9n)J76gtvPOZs68K3z-OqXho7OQF9vSwX
zfi9pM0)g|$CY4ZYDce)4z)Z<M4#ugY1}7Ic*Ml(M1#|i_U1mw;gjaqupxfr9^0TU@
zSuE8W3w3hmhmDk;XT;;uzN#_%arABft;3H(<X)~nHlNPD_@6TF_E7)fW<O(-@He?#
zu=f_3#9wl=KXgX_=4SsPOeIWxH=ou)1OL%xJw<#d-Uurv*bw%OoSLavGp--Uk>iUz
zyxI@6HDVe9Mi+&v4)h)3FBD%cnRUH*;ab@$wTQPOzr|xYVNUVr;-<1V>NvrVZhDB_
zyRYvLJ$1BOch~Qh<JyV%p=|?33OqtHygQo9>0=s$7+dSj<I_{tY9-6MQYJAq@q!tL
zD~-fz(-#kHxxF~cNBmp#$Sa~6)_aj>lp=9NPQci@+b}%#8WvzohLRk2JNFttpmhOg
z4wDlOg7m3ndy(oi110%SNY<DS{-&8x4UpDd`3;jZX)Qx;NLkn5s&Mr1-H@ZMs$f6r
z+`nQM6NRNcn4lOw#E%dGI2%$km@{*vj15>#4!5q%0j3Wn<$H*YH?@7(P+X)rPdX2O
z#={?6Lu=r)aA<iSWyD<Pw2Wp3p<ZF6f@R=v?id(&_!8BwT~;FLqJ;8I%n-~7muy#^
z;Cv(b5y3^aHvw`01zq|h?5uziqXT&g6_>k;0Tf#+{<kZ$)KC*lYRz<Eo)3tL<xfRu
zMVVLLQ~uLSsQ2g%-de^80^QpC$2XxdYHQ9?{%#cR+9)i%p2@3JY|;=z?=!nQY6hA$
z0tQOc=VL~evtfGxVd=uAg+j^R^ao&Q@rS<DCTnx;JqQ87VQ|u1a3sR13(d1`NGJ2W
zJSeKYEqr;}{?4+wTL|au^*e&@pDjJ$UUjPG_b3PUjwt>te9)%*d2#%I;ctI0I@W#_
z9d9MzT#&BhD1z67pa}0Hm8Xtt3`m%g4Ytn&sj#`+E>+v0xP8Gre5aD&HIdX6k-5+Y
zv15Bq+!?OM#v5B-4!%pB4#4_XO)lJYp}OTzFyVczs<BzEKRLUcoj$#q>$&9AERCRr
zDWr_=m(*TU);)w*+-fGs_;{y3(JBv$d2DrAt8hKmANAyL(y|6>DQl*z^0m#o6jneM
zaEuVTdJ&!Ubf_vB#xus{8@VjKx7JB3rg((b!Yj7ROQ9vOjzDL40&q{@8#gN+%Fg50
z*ITwDL0b9j&+A4nbU(Bu-l)3Qi^+(ZfAP0_lIEtP;a7ag7U5AfD-N@V#=p%u3wY;m
zx9yBSW}nV{=WoZKG2{=dK|?j)LSo4c(MK1mneH!Uwa_CfMceJ(40dFiKdqmTT>4U>
zkPg$<uw|lHkr1kx3y*{&e7tU8da*2fgLIJoUS!xyO@|YpV7d=^k<XJQZHc12Act=|
ze9mJ{jO55ZVzgymCcWeYsV6aOCT?GvCl0V?=SV^!QZhRGf|>$=1ApBnHA+CLdX1w^
z>Rigw?yNG^y3*za`j0sE(@}<wuw0<t9mU{X{(L*%%;4|s{Qq|0?c{H;?_+vuW?HK9
zR!UOh_kY2Bp&+8+z@aH<F>E@3)CJFau<N}Bpl><>5NBn*HG=ImGi~wD_}ByS&%TIn
zzB8OOsMgp;f^xP-p4f3Y=sf;eP)K@AjML1_+arJ+kklqQ#yQ5lnc8JZD)H&vpLKOV
zS{va5&8aG;D#xazg}#5H%-UH;%9g-HRanRB2UP?^ZJupx(hoT$s}Y;5-eqoLWT2yG
zpr>PGU|`fcieR0bkeihLc@)+N+4viXJo;{qt^u}2tag0r)^8<LqIP_mN^VkGR_yTZ
z4hAM74(7(u(Knl)_aMMX57?b5p?`;6ci-*)5qYp;^4;cHf2k|*o*&*PUH%QdYQBH&
z@KgSP@5erK$!zn&YjW)AAtK_sqfV@diJ%BU<m9mn@r#P$%4Hw4%x+=%1+<$x4L}wj
zO8W+0dV+Jk`2cwWw(!`tFgPKGAO$0r?NFWQIj^U=FkGFS!)?mz|HQAK|AAj$9Cwd~
zY_mEvxYu46JKmm0mQ<(}VD=RU9hM(CRBo5>ica<-uh}UjdC$dB=qw%=N5&>Q>(@97
zk=Eg;%MuNnnJ`Lm^-5$A6b;aG@K8eO+2=?>7mUy}mO%4?$;6F*NHA_hTE-w;AN?54
znL!JVn~z~xXJ-bgP$<cdiWh)@aQ#MP3R7d~rE_okX-LrJ2U#Ch0k0@b3b#2oPvj$A
zyyXb`8Jm6qi<STR5UntjVYQh71T~q5J5~w0=O}X6^;byWK2E@M<S&T)4Dg3-j;bnT
zbw@5iw1UBUGfMo#lF88wSNxyW`pE<&t=5Fe5iHA6wu&Ovm?m%dljge}&I+Nhw)m0L
zNdt>(o$dU-Kb!UU`d4&_&vN>C%8+xbo22Y<6>n^G-hT>!ZI12bbhMX7A5Xz@J{>~a
zgQDtJJd^M)S?>o`u-l=mA>lo}=;Mcy$4M>vwh#9$mQ3ty&e{{svuW@q>c>9M&mZn@
z1)}613Pi#`p2P96snR-#in7R=%jk-mnNV3$NxO&{)BGyX;NMHZxPNt*e>`344^OA~
zAD^ym@1W~o_?r@h|EvW0y~2b5_^Cv3U<82n{UQ*{``HuIpHuQn6%`$|y~D3P{Z#i;
z{_qp<P&AiCQbvwcGrs`DU(!>G#zzkAg%Q$=&w<1xMwV0e&q0|dY8Lx^i*Sp81Rt^F
zE$EMdpiYTP;82n+RJ@^R7>$pDKnWobwt$YKc#KQVPb5aBDdrx|vy!s9c$Klwb?3ex
zXLZs(#OO!sJ+LkH<(B#`i+#~-Ynpdlo-_{*S&gCIJ6A5YDL#w<14g_^2Ye!01UPUL
z;1M)7Oox=;FR6<=)F3OR3nZ+k4kHKoIyWG&vR^?s8iUt>D@vEk7x6>(HUWt5p=o@>
z+gHF)I2(|@dvRoa0478>YB4%HsO%k$k_1Yhf|{<&m$Y_tdQf;$l7XsVSR*oM>;diX
zrZQVUCUK!j;IBpF*ONZ=i2=TrJ~Nw4>C*!}6TC2!HdQV};cQqJyX!-LnDCwgO8zQ~
zGMpkviwq^cw)5?P33o2$Qz8LIV18F4EO;WGZuT^;KTv@;m_ReEzkm-=ttM3=z&9Js
zAQTN}eGoi8SsQp{#OrEV<hB8;96~Zo-CjKKQ+#K#A#Y!?-7piqgRW!pr}7X`x6=<W
z0kPkS3HSl{q953V&E!C3yFh&X4wM525W<1PE8xt~h?)dU5hU@mOEEE?zWhLdCfMEX
zyOQINtp3mygdR`fZJv!N>mBVU)2x73mA<0~FWIn~VJO$<8bXSo_f>wgC7wz2+Q<<X
z8?7{{`115)BwyVf7-?>zt&#wK4AltT==I=%qP>A4^m*(3@eGy8<3abtQErtFo|1{*
z@#glW1LyllVK`txhC-IaxmK(-1<y3C9kxpIhluhkIMY&3`_)Ji8LFo?S9^^_h3(ek
z%(H_p@v-}c6=yg#TxcFPYc;l}3pJcH^F;&JSg3+n2QNPq@3sp}$|d$tr`Dx>(Xn$Y
zuqP{|xI^?vA*-3!Ea>_N3>YgcQxYc?T3SX+&$-`B?3<o)AE^5_@lax*INt$H?%FGH
z-c^}j>+5st!7GvTG$lG~hdlk{gK|Dz!@+3Peu9M9O?#jP&&*vWjmvQHTzhn#Vhat=
zFi&onbn=_i#YuG&O6&J=N4811JcS^b0;}>?BXX>RCkuGysNMCJL;Ww0Ndvo~2J2-o
zzzoE0XqH>o*=u!|Rsv5yU_E{yZ-2X-&9sX1ce_j&-!J|wr>?DfcThm~LE(lnilYFE
zWB-*TZQAwR7eOZOyVXMuC0}VvM;2d4#kJ$1c?YZU1qXK!dw%{Q4x6R<AQdG$?Y)7z
zn}E!|%-gGbsgA<=Q$2R9U|+;EiFM;OX%bf4C|iA_K+IBR28qM4Sb&st(C3FaOgD!L
z|729p(*>j=h{G7n=3@-Xomt6)%J^01*0v5?(NIg7P6oWm5ye#X&vfozwv-%|?e-%l
z5^H4JXvZx1((W`>)rTS~h;8d02dq^_dd5X^s<DTZfvn~ek|eE}M@!A6zAeup>?;Bj
z;td%}q~(#f^)pT}^;a!XR1Z$g6>L#G_WOET8rizf1(;^~nMypD9zDL9B)!z$cWZ8L
zhplnE2%%fz?4VkwtGYQ^j>mfVl5xM}JSl9cNuz2w(gg>GdE&M7^^NZ_FeR0f&9f7`
z!1PJDSAZEJ;Z>7(Kyjjm+e&<~ut5AC`#v0aZk6W1pnlPg^>z~?KZp%`^IFs|fB;wW
z7?SNdmbY#eAfilp(=3HLMk;t(*y5wGNYPvkZ8~}Nf*omW?T$)!jGUO7rLdX|1Hj$5
zp)972Ir@ATGJlabQyh^zgdNnTW$oh8%kBC$TjnGGYRGRRB>sJdA^so3GwuJFW8D6b
zW2pY;=l?#-nEk)9%uh8%bi>3&?>VR8UHJd38aqP=Ln{YUYbz=XLtT4Adn)?BrySFF
z-RA$Aa(?zX$JI36zl|7v@1{e1`<$v#*4Y9TN^g%8M!qc}A7%$vpOF6%#dvQY%X~~s
zic*^D^`exHfv6dmsh+fhl!*<8RK55-Ce!F}e^UWnG1=r0TQ(*E)A~q5i#w0Bp74FH
z4Fe5V2Wx#5BNGi96L%#e3t7ErKyiK^Ap;AFiL;dtd7e~sm4%gzxvi(EoLvdrpb2R5
zWT)3FcQ)MvC@^vpPwNoK@6hN^Fo8=SPviV<ACGro`Lj0qEf>@N-7r7##ZUP|F8;TM
zS^DssVG=kPuH@w@wj?AN6!@{I2w=oHIY)tOUy#~s=pF1GU&y(p-4N~VF5{3S=&!D}
z7!*92fKUqdjlO&qObiT)XERQ5V=DxY?;k*Ae|`1%4Rt4b2D||MuB(n>{m)%>n*Vv9
z4tBa$_7>KE!%v~b{}Dg^25o*S>W)LaBz-rg%DZs<c}0KMNUd-F+oialO8x#7wEZ$_
zdb;Mjt96Y60PaCUbUow1@b+O%?!5gvh$$GN&wB>@-P``TxDnp@0ES<08UTR%uP=^@
zf!g8SD!%~Oe_NlNe0;KUdR*4{|Hs-}hQ--sY1>F}cL)|-g1ftWaCZuKclV%$y99R+
z?(XjH32wppNIyL@&-B|p)6-x7sDp!FweMAX$-S?0t^K}8_&&o|&esy%mWN<LNij(i
z9|MRMA3i?veR$-q`(r^Z(*NNHqxq+oYHnj};`T=*`n|B<pTF6S|Me2=^uGPAvlhgr
z-VKuY_g;ekK`qTd|HrrJF}l3-PbPn{g4X-C|NZ%!FZ+x3@mI~wVk;wCD^@Qpc_&Rx
zF(FlR>~CL$XV}#sbzj}W9N+@oz}pjQ(IKIy0u?gSHEwE^aso1ta^qh=b<04fkAhGi
zfw2#NFjJJIQ$|yR2?BswNJ$R|+qoeMvyMZge!$q1^@F_&R2FKu><C@K2S+XUv+HZm
zrN&n{kr|c`8F3Zfe^FRZ&;Uv7gh||tBu8=%?_+@;uK=%SL8319f)=VX&Vj&D))j`M
zp7i?dQpFJP<jgZ0e+B}78}E7g2HfD?c$x2?|K|kZe>I-{e+riWgz*gicfrz|+32@m
z`5{38!jSG0WQ|}Kh!itNID<Y&%D2?jVb|}ZO3pZCe-V|?bRFcXQ2yi_zn^9p`vigK
z{YeD=<)`^W2K%3$=AV?oX4siSesh@bqZMSVIdK1Gq1_Dw!Vm9@G<$De`<KlA*VBXl
zX`y?69NYl5ejjrDKDN;td-vhLnF8@{@h#)%Ng0Fp1Cx6s2$@>Y5>b6w(1(7qRQKb4
zn+MV6a54{b{RnWw%3v5ell}s8^Hhwlknks${UyPd?hjw#;lJAT?(4T`Ujchj9i^0N
z(rx^d@W<T5#1J>`1M<e!`tnBZ<LC0U$<x%quS9<*HEL#t8~p)h2D`rGKXPf!)PQPI
z{78T@8@U)}$})|}0BnuiCv?xC%%Mzmg;-!}hB_EL#GT-&Vp3b*nsT(@smNWQu>uFC
zBcg>G!MkJ~01AtGy_EDv!uTVO|K1K&vRnwG?^gcTB7^I{IWi#qH8KEyM}}wP-;rU)
zhw_RnwOQfvBXqxVcV2RmBIv%CzZ6%FIkg`&bGpF3^!63xC+X3g5T>f2srO?T;p?1$
zld{|Z92$>hDk@~e7=}4gUlySLm81feN`4C|7WJen7PT#`1K%9EAW?DdwE&xm5Cppb
zgpNP}Ln1@WU0{8(z>?6of?hf2?}9=ZwD(*73iF@(e16+)L@<#D>|Opqc`qmb`4saX
z5!L?hP4@T)8?{2E-DZ^mxg(#9F)#O701}l%cq>nU82}vt7>Q>TZi>c%Ct*Nd@&ob-
z9?E$G!PcMPHR7S519$`*!P@gB(&8mVqAT*x&bSFg2}CzC`PWX6=sRO5>V}hNtFBjD
zk53-&Rt-JaHMGYDLHx2q__Ki(hcWyFZ_nJVzAxqFzvhR@th9c((~6v*(9^(F1yin7
ziHJ@$C3w(^#J!Syiy_7Nl#`W@)OxqdCzx7dQ5>sq5XORxIEMXA{DwuGmSGytpo_+U
zLf1mm;N(I8)_gk!QxsQ3lXgJ?4KLV4Qvyoj3tn~=M+04$*tFRRrqiX{s_D8<mhe6&
zC6W8F?0lfJ0oUzuwG7;LS79qUv|y2Bj)WC7iq_Cde-8<qW3I?<5{flX9;nc;W6{!#
z_mV1gXpoIUw{Ndnh9;H>dZwKWoPl6%Am#F+wdmYT<Dk=IHc(_SIhp)LPf^?%Z#LX5
zG0eNwgm#Ic546<*vWy8w!&u(wyX#LR^#{10cbyGjnVZ7pwx!}LlvE;QfE4jVOgWAD
znz|=|_OoQ7Ls8VEI5eA#!8`}u=aph=E|N-8ZSmWUABIwX@v*ciL0025=3hM14k1r_
zP`L4Cx^hQZ$&(8-FycGRSfc8wNYqyrtBz`0c;gfIx3P`M{SoYfdpa45ItM#-yLjZ6
z&yoH-_|E=)=jD@&<!HX=aiaI#$Mk=!81xv~{^LAb^*xRM{`^fUH~9lkw+{4PT7XqW
zQF9@B$J0v;(%$iO*gx>}kTGQ=Ze|03VvFnPNYw>+U&ZE@Sd&cz|CS<)?4aUt@aR6z
znZX%e+wJ0K)3_L_M*qkvn8K?R7Y*vl)2OFuA)k8ZU#~aoZZD76j_&iC9+-XYcS<uU
zLruAQr{CwxW@zyQy#1P?vFBxCjf6tiI)@Rhw?Hjf<J?6|1TL~^jRMxaV=-uU_$H9Y
zs_cn$(@R5a0`f)*!Y*fs40BI{QnFayhl+tc5UQS06v;|zHQj2Gh1>LQyNk>X3#~Fo
z!mI~$7;7^}^<T~g1(9kq3657=K$@v1eW9;%BfpqS#>vXf2OaKD*eD?7&LU0`V99XS
ztWiS!Mw&WCpqOrPr@%lMeV`bi(0oYR_w3FtX-lo`x;x8Y0r5RXB+?$NKn}Ynm}Id1
zW({u8yinJLfKRD3i!gJI{=ZjbMXZ$IlmBwub^bTUUDN+ok!k;>BBPP9b4QEy@?lb5
z11X(A673*GE6pxI6sofp1k(G3IpPZ5Cf6Pn><hBm(}!A2fWQ_CKtSB*QXkeFnG_id
zK`aXWj;K@$-7yM+zRKK=xmN**$Z5k6#$FIXBx_*vdw!V63bH-opICn4#mXwMOOgw)
z-UiB0`@?pGmbU$+!?GAG<d;@C{hvnx{PuufwfQk>?;e2kE-n1uV=vp^i@pEA8~#$*
z{{5boz4+|kwL<ZK$H~0Chai;jZMS;6h9s~r1&K&VkeIo;Lm_6gGC|Opn64Oe(ZD2-
zli%EOV&mc>Q8Kr>!C*>y@e}kzNiO{nMcASVD`6!O=;0DTXF(0^8H7N=h0p^SGD9*2
zYN2{L;*qgn+!Q_$sDJGyLA2CH%?$%UqM37B^u>+l%WuIeWGDorbPERO<iLLbMcpw4
zt!wsgMo$dy6D}gEodScCGeFnBA1Nma>H_T^4H)sOi<3;@D0L~172-b1P=U%PzUiA7
z?i+%Z+z#sj&Hkjy>BZyZ%_41Uc4v4sEqZZTP0F@|oL3N_n7>=LMg*;zN}}=uxi8oP
zf?w)mXftX_iV&UBcWj(g1)(rXsOh{0P*EQEBZ3|rsB*Utf1T_QamfDhZ|iG;G`hWi
z-4&ev&92}Hsf*cuk|6V!+Jlb9!<?#FK@KG$Ym^X)ajA!NL!gSZ4up7Y2q|$BX+{|o
zg9i%3Nnko5J{ukduoF1)l#2t~kU#|~1g9M^itBfiTp-XFoJ*I82(F<C=Ijj@bf5=y
zg*HdZO;RlTVn*J*ha_Z%2~bYn6S8*T0(1U?JETyYQ-(FC;G1*nt^m|F6_Op{_@fK~
zUj#<V{;5d*?F!l04~i$aARt@sCH?<TSNM-^<A2}^?VfNcTJz3los-ko5?oqUsc|f6
zIO9*-(`Hsky>1MUF$m6IYoe^-8Rv}Lop?yJNT@upx%WfZ?5W7sLLfVMG-uYNAIx%L
zBt6i2pkQLzU=G;)KghVvVF^ijDb0XMg5WZY={(^{k|1353G-K;#5w759X?xD_`X=4
zdegaa&F^JOm=q$O44JPW(z2)PWoJ->RNp|pJ;4A^MHY*)9u`{5vfOq>O_c1Vq%Dm|
zfW4#9RgXWaw9Yvn3YvV^9~;nIUv9ZSzg`}5A1*$74xZ>tj?;HMKkIpW{PKMAwDq!C
zjtZsw{ubw(5@}jjvZve@JN7MqS^G+#sX*2e2o>+Sd+g>kbdR@L)DPF6!G<$Af!ME9
zQb3q6yAxi3pD1xq#01r_HZ!Tl>A;pMH!+|DBz(q7@>!m3c5?w7FIwR>-pm#-%{~-l
z%ko<sQ;bqHAnE(O6xZ=DFQ2DQ4iwebu~*i#zFu?ER_!BNgqy|j<$E3rT>~F_9|G7~
z^?^wdhj7Cs5SCGd<-S3FjmVRe35|$u?$@08yJ&}*+-x3aN6p|h+Xn-7pMTo6El{rp
z(v=OiO|-3T7)KA^xzr`<`JAgb%Fz<OsDBy7kDf-7#aB<CaR~OZilA%DVHIA9pHjRr
z&yqRV^;9w#Vx(P%A5HQeb|Qv84lu7k_DiKo=@p;3fjg$M_Oy3l%i`vNCTncJP)eyv
zr^T#qpyFCGT!Gp^q*9g918JRu?ZAvyXS)<lDFBRVEC7JXW}!t5GEUS$x<25s#`{1(
zYVh-%_RirW;Wz^QHek}LB+c?A<u1xnze;`ga5ms;RZuAJq#OUqRi>d@@^MVplRo=f
z^rekm2ZXMR5Z)MBdXUMLaA;mI4wy4JP-+VHMVU>KAH&-zDfuKPrc`N}bXU1vHRFeW
zn$q;hiqa|LnU%Ps<9AMM>=WpwCKt9QS0^VIkrmZD*E?q<r<-}Y<_b)Y2Ws2sT+43k
zz<at5>?&sZO0Ma<DC{o=!|{maSRqdO={DjNEe-YHmcbaO*twpy+q88yPY|l``IeqU
z(T2kzaw%fnJV&1kS3i{~tV}1$dVPoom&g9afg^7k1_2jK5V#I?Y^red;=c3}D;LJ<
z2H}FFI?K7fb?$#jCo$G@LNrv>vma{Cd?J{lg=72S-eIU5XwOw1w4Kts?X+ZVP&J$X
zh)0k;d4B!9Rp?dUsE!_+ZCX0_T>whcvuIY)G`@Dv#`7M`+jmG^GmZu+>!}1yhj2mo
zt~pqVf)0kzMFz%0xG)vv#;AtXMvxNHi1muN51oU{bn2IngAVeUNE-CQQJ-Lh{1sXe
zT(|C{tNKv??8ALRPV%q_BNoNtb>Lx&NUjl(uluN%Zk_UZgxp(>X4#H=*SZ>J(<(S{
zQ{JE&%;rv5Y{LxLN#o+2hUovR2jHUtQh6mk?E0pJSDs|2!_2_IF*Vy@Ze{1>=A~c%
zhC9>O_ZZGvhNiV>yHRazc%3)Z=#xEP{ypEtejaIYGC2M?5Pdv#Z97-0tv~+Qn=`LX
z+g{4f73SRMyYs?v=%juos2lW^&;9#9!CGr(NM5&sgyMc~rexQNUkLp+otWL=Z314X
zStJ9ue8WCnPQYDAz6@c5oWx~#QM_2kYkLLo4Uz`)51h0~TWk{z53bj55W7E^4?NhW
zX7l%DJi8yPSh$(^z6to+PTpS#SlPMzmRHcuET9scg*&<4G&*x17%ii40yKG|)pYnd
zioP)i?{z3f3=fJ(eKtV*;A9mLi(n<BA0&%Rj-O60pg#-U%*O^^jl%W@-~3e;ntYZZ
z_8K~w2T7F*-iPlbXxwy&KhSNii#$6+Zcs@)1^P&y0c9%m{cnbPAbL8|5$_oEk&cG|
z)Uua=Er*f-RA8>Y(yjpM9HtFYBQ04@ObXUAji1v5U`FzaGp|~Rk?=DBZdk**WVnJa
zAz@<*+Gm|7sgu6by9IrtWHn_T{J3sR?3|sUOif?PQbAue+McV#VrvPsI&<u!--#h2
zy$r6tb%48!{z(2Ft;@lcvO>8mEkVp;?|igh(=g!;%RI*xeo{Za-Dpe*aMwt<SGae#
z&tFB4qH357PSYL2<j9L$r6Gm4jaRP4cy!}sMVY9Rq)rDq$IIPQD18Kf0<*pkF~Cdp
z^B!Vy(+SCglRH~tIK=?4Zds;MVL5iDUMS&%+9@ni$%v)XD<%E6_y?g54__nE+gEq%
zQVDi@H&1dE^cocnc|M_;FOi3Z5>n<5Uh{0d<`zDM^-_Z*+(-%!Kb3jB8M5f<$t1E)
z$NL<^A6QqqhlR+2X?kC%L2BpOHFc*NJQ^QEM&UvjXy^;-o%W%EX=r@2qf8Gw(JqEd
zMs|caChC27vXJ``P@KJ{*9&*tPru@#X$sB)S8(L{`G7=$nf8{NpS6L*_#C?~{#)JO
zT*h%+k;SCRW;OTGL-0RKhmLF_l3(|`Q9syQ*Y)<2<mL?iymA9K$llEL;I&B}E#S(O
zBRH}?wu-8EEsiMCV$`4kL<*f4)iMMd4x4{Ts1EL+D!}q4<N%;NF{bv6FJW->cKjqb
z;iMwl8J^o-+A#dl^-WNNAfv3Vm$Tn0520#QsYFIMeGCwP++)ndE6I))<lIhln~{Rd
zQrP9i*=Ss=>4Cold`RVZa3^A>Dn;8lw`5crLf<KQRx`LZ{OXg@+kyK0lT=x#+S>0X
zMue~HE#Sm&pSpOHST59oeh+d;{NkuhF}#Q%NNU-fU)iu9f%IqA2NLHYG{5IO1>Y03
zYR~OQr3-dY&kxbA21rIo>#*y~LE^U`GUfUSF1Xv*a2=ZQq^i3ytl%4;UUcP2Pmtop
z>W45v9Z!pR++x71!``@}1gn>ElIdFPAGnj2DT#ojE~Su7pohnbHW)fz=;h`?n;@d`
zmp*kl?;3(u!akLQo?$TX>ww#U6s}&V1v4%4LW!fPLn89e!CYhu*EV)Lv&ztS?_l&S
z?S$+y+>h!fsdBu5Cn0~U+8SMEqG|^XZ|b2@L?xr~fuPaO?I{lR;}cmX>*DZ_VH=PH
zyXXuq7ZYs;HxV)88KU22O|V=THsq7L{So3{>3=CfiuVyW8vYic;`m2IeI>!MCU1+!
zYy^gIATEV!J^yFgfJa6XnBup_U*Enx4Tm02ELdLdN|uHo$pChn@2y_>ifI{4azeUX
zk<A7TREz08cNu%*yNsOZyErV+qtt@}YF+(Z8Mjks?5&V-I)QO2V#laD)neW9;NO;L
zv4kEWu$$MEoH&l@ijn+S1)HJ9Ld&-&mJ#r`qcQybHo4cZunBQCIe2(Ds<(T#B`BHJ
zmX4f}ZdpcbrL0Zt`t=@6(tU5&09C=*&cC#NEp=&;uTReeTex|v7g*Lh9;b0#0`T3^
z4K{-!A=;=zV04jE&=$UfUKGS;mx6vrnUUq_cS4M&$b+zEOV68qhU1{3*iIppdN5(Q
zMDvr<2S^HL1w`V-Gpd2#A9gDfIywu%FstF73?2zU7R4NAjitzPLhP$7$#p&YcExm$
zyg@jysS-nHuP&CC%83_$L4fMjk(EVwooFm9ZHWB-17V`h_5BL^yX<&Vh$Pk%1;F5!
zmJFA+FHka>^z^9uE!A@Or4uP!34Qs47CBaaP9H*Np5kYf@75?v4SSVGDDT1jG}yo1
z=%grb38pyZ7bC&Rsdhl24L_w{oSTmnrfMh5c(SEty`rP33J~;xD-OesnWzi$L6`!O
zUFCXV*Tkz`dr$xqjj*6<H8$SGt1=07PTsW2F8h}Kp`Je5<(=ZRcUbEiFVVbQiQxy4
zp7}xyUMYAqn<3)2e5rBYt_E-M607!#^~Mj27jN)xJvhZP*&NV=-LPj|^|@iLN2}xX
zUO&hbg8k5~ZuML3;s@v83$IPLseaWi-I>P-{7nA%*uq7J_Y=+y+`F`N$wPDg?vX>q
z`}DiYi}zExr%A6iWv(!@%^ES)p|?}^9?J0^AFW<5#LIr(vNxy>rM>E!UnAOLqMr^T
zR%gDlyK8sBq5!_#g`Uv-v^PjMmc<l)5U{E+VxKT2a&rRxRrIkfmGy$(i0u{T@iP;g
zJR@^<o~ApN<7je?l9WG-4P9!L#Hp0e8dYtglC~k#i&aFWs8QZf&860M0#n|oX~AQd
zVou^4cElsh0F;3W9~l?kLM_~{UpMsUKYo}I5}ZWTi#(>45d1i`Iy*ax79*~p4fKxN
z{MpmwJ~0qn)$&B*c;@87CPj&tqbwyV&Q~>m)$dh_=~tB(&=$@7OQBftj!xx9u{j9q
zL2K|CdQNj}m8wt=jL?9bpa85Uly5af34vk0Hv`sj=qui0_oknU4@6OUXkmT%MgeA`
z0t;W}MA+SxmIrXw%y{Ji9i4!<9EwtKLqPN=!)^kLJ;Cm{2r*JusV;d-3HiQ-0Wli;
zbVuuOeKK>ZZQi7_%>J$u?I@1YQ`ln32!*&EqbDb+%jmg;N?x9nMY&#`&*1(2(NJU5
zu8RLmYwY0uBO8wUSSxl}{@EA8_Fprc!7@p72~@c&X59`?9}Z_52JKp+$KhL+NM#NN
z#S9oT8Js-v{a*AePcTAmxfM2pcV&yK0*(eOC}^MY%H?~mNG=FtBRrAgk5}(gk|s<P
zOO~@grOJvSnT2-Jr!isLvl^_JV>Q225q)$+?Zm_!9&-z`nI3iXQ$L{_K?{^I6EsOY
z`p9t1e__W~^d-E~G{r4&FZ`7k<s-6)9$k&jhZy;17k;m2`K?1jiu`Cl;Mp(9CMK?^
zh&QUSiYwqnF;bXnQz@Pa4`c(nm71#Lb?MwRrp-@;U@%!;{M_!>?zoMOv&zJpjXUOo
zgNX3K&RzZ|^!85%o4DzY*yQ5?iCuC_6W(povxKY7k1bdGZcWj$++C(!bgb`pGj&ux
zn)eoJP!3vJt$-arNdO{(t!ng*SWBK<6X#x}d7b(7<ktD8m44+DI|D;nD*JHdnT`V`
zi<q{9(}eI55cq68rG;NI+QY~n<z|<`edbqjHyg<6g+<&T@-9B2YzAE)KfZ9pRGQ;#
zR0dY+9$BGpdDIB{l_hg=eYaQ7t^if5@{rRgYwejfWJ;SvcT`&O4gXGxwkoBp6P9K#
zmG%u!5_0GZ0X4b=?>^Fzx6}JY%XMZ7RAZ(`gU4<@AK1*ZiK<voT$$c5X?`R~@YdF<
z)pMI1vqUGgtbUmeSelsg<6{zNYz^CS`6?K$a3b(yn!AuT&*(=RVrk&=YL3L%hBn)e
zv&Rp|_w43|w|$K@HE|eP>|YU(;PsYfXHhhmS7t5kXZa&nWo?}uH2b$m&ROTy9e)|x
zFxbCLNnctuG^=>m5BXy_H3&WzMmOUceC*XUu;F&-S-S!MX;;GV3))A~$QnroW-U8L
z)wt_$3pU_1r0m;d2g0xoa^>-$A-af%*bP+>pC`l^rvEkVl9RW~$omD9c`LbA)IbtW
z(y^^6=fG+UIFuv8__QzvMj?u8{t%Uqs9D6@c!kmjRo&&4Xmb=)xc&NB%7{$!xoj(^
zs?vdjy8Z4dU`BDDo}?~L0%;!AXC<jH*0YzN3>Jn8Eo*$)fRu&xRWJfL{yY9g828=@
zp*;$XJvX1W!H+%jE{)P5eS<#OGH1NuIw&oRLzT6#`o!>$HIFW@_3@rNwk-S<js$(5
zH5c79KCRf<@L2icfx8yS$fd_Fx6o|)qWC7T#yTjvQ+XRXf9`=R!(Z0?lYFRYClZ6g
z6E9k9y4c}<s|6%u#Le<^hMJHMCT6MMTjCWhI`uc*oX-UgyQ1nt{AYfr8YzUKr%-u9
zMpx{g-td=_{j|E?GNk-|Qj>LwU=T-j45-G0meC5v%%0t7RRDl7TB`@*pAQ;}`X%3J
z<S5#2dDgTW2753CO!$S)zoE;T!mflKGh8*eCBTl=CxuxA>~xeQE6gUM{t&+=o3n2Z
z@+i?3YPU&HD5|MPEp5S2$FNhm&lG*RS!R}ad8qoCt<HWJJ_%6LOqlqXeVAjxaJVd7
ze1C0FS+w&+DUO_-011@YpC;+1<SO<Bb*+dv{}yz~WkS>rNzGc4&j~v`er+zi0j&k%
z<s`UcMoWRHB9Dg|$B|&W!)n<vw-^0U*!khe%7F{(S9~FfHQ$HiTe%ApWz`p)j}Iow
znNf<6?MMhC?-wD@09r*EvZF@F1_|@h&hQ>z(P5tVs}qHMdV_bdZ1C}Q7~39pz6_cx
zserY39L|?mud>;$bh@s3377Fbwl}dadR(uUpS`zrsl5%P&H?fh83T)xvg8U`@e9n>
zLa{7ZbkThb3PB%p%G$v;JOEr!1h2C9&dj&n`ROI07w%ZP>oPI<1q(90cGqR8mQ3`J
zNP7A{tDo*86|7#SSg-9dnWDl}n`8I~wH@g1>y-VRg(U#5EN~;AyL|^f?qSn#FD**;
zC4>^Ho~+bZzAaRwvrU{Vd+axUHf6Kj_-?RyHf}wciu<#7;YL^b1+y#sEO}@4ZT^JE
z`{0Cz%ubk-<`q>cHBq$XUaK~5q8qiD6RHEEZldeQub>aA1pdu1GZk)Pou=DK%xS7_
zLQX}<sSA}sbs~iH@5gvIL@$~dpjCp?$HLxPZXHbG@mS7^_87yeaU#<Fpz{nbO1%ai
zW#zbTw6%URWp}0PwPzEujuq$vFtT%Zl8jfM#Ry>N6}vwqF(Ti+jY93yt1TVl09<2Z
zcqOa9%oBekLt<_^lG}u(c;f=nqFi*E8X^ncNZw;%H^r`QjNv8mNf?C4_Hj@5Z993f
zabnPxZIZM+I?I=BRV2LJA+zI^qIPNsKNlYK+x8%LdOBTdHOe`C@{rThlm9hjr>8Pm
z(B9C_kB12H)Y20PU67wCT`YE{`w&frlR1JutNhh#NSNa(ifFdTxh8=ovcL$V<|c?P
z$ww1YItJJ9n2{)H=w-0BdG5;>*pCKOw?s+OUp4{>LT1*@CJW94NRuCNYqsIKYPEmV
z9gP*(^ms5z01f@04{vg)ZpoxdzoRnqFBl!9I*hgD4UTE4FxIt};w~>vvoEZCg#C)x
zFw!)<J#dk;SjGj#)uytZeD=##ujgh`gi(=9b-+e*PPer*x@6t9pFW^y&ECjQ`~3AF
zio8E`&EieS1o_p6V?=jH8{u`*PvsZP@fXGqp@eaca4`zmQ^%)N>R=|Mi$lJAJ)N~{
zmm9T}3zcyS#nYXJpOk|uLxVNc3q7;cIy=b>;UnMR>wSo%K4+<OE|!EJBTeV=y%Cin
zjl~%iDHfEg$tRQxNN@<l3ktH>v&@scXP0Ynl(}&72(e7Fq%SiT09h`XP9bsH>5M?g
z2k0k+8!F7lgur6#qtqM=bySmhMl7*-m#$^_S6)c9q8viWmSB{`UCo1=z&ElS8^8o2
z<sp;l=hr0=x>Q{f{+Z;ZOv;m$21jw5H@ZdH_59v^EF{Fc+j2c#vsaC>&MX_V*K`Ql
zT;Xe6inH(uDk#3B(yA4{AU1;I#h-m2BFz}hNp$AGfE>bM(2DRhkKr_}xiK`TgYhB4
zK_vr2c`Ji+bd-TIQC$vr6LJ7sW4YF&*|dtPo=3Qp?11B9N@|&Bg0Zr#ALW=9$A}+3
z;<gZjHjU!jahx=gXB(lgc@x{+S$Pb<kWlPv7(rfya?fv}k77mamtc6jKD)3sNG1!w
zz(Q8UuEKFOzicu!XJ%l1Fph3IeH1X38mq0um*t?=%%!_5%S<3(RuFv(W~t8f1*J1j
zXEbt9%x08ypUWix80H8z>#Fq>=x>s}X=%+PS9%HOKZ7?trzrL(q|<FU-S+jR&9^qn
z29-rL{klBt;txJxC)9D8@){2xlHPBu2T_G?$y_0#MhQc>z6_LmmdhH}Mw7=wN1H}n
zjk;NnwsK*^lsD(3*Bs>SYCf8nKm@U|noYfXe-F@);!q4LVwx4DWs8~^eugg}KN_BB
z`IL!NhWqptMu)(wLnw(4k7iuv%CLx!DtuQe6OY4Y2v5SyGjev8#7!hwR4Zy@D|<_b
zQSyE0t3<UtdmcORR9KJN5#GD*lA$olOG<5d)J8%EaI<VE`(3_CpDme)>)Db=o7ef!
z2LQ7T>s>1MxwV;z)ii1(a{@AE5a7s>rehN`IqGhtl&_}3E9)P-TC_;~^}CP(rnGrd
z)ID)WL{sJ4v=S3UpWIEs#QP4i;<GO8`jW=+U88j%^k>tgu|x2vV+jbKe9|->8t9(z
zxeNd!?o(EW&=`VNvLu#6s&WTTr+pX>VD+|j&E|%ix~{7-C~@x4MO&-qah8Ggi;G_r
z&9!?<dv!(Nqy1VX?kDnt-0As&PgHh#*E(ytt0aIvqPuwNURyyqMQh;sPJN4AskOP4
zz$%?)S%sl4c{N&k-&l=3Lqw~=8V#nQ`(q7?URMztP|C)^U1vOE$BsIpY5wqf_0)&C
zxh32WjX6Cm)4cmzedZCXmsVRM8(4j}x<MKTqg(CxQTLBJ%y@HZEmPQshT|Z<#dsbH
zF&ie{iv26gC_n6;3@aJ8NR@R>T=jtqBI5YaQt}IL^ecwpRrvsx&&0uQBoP`dShWfG
zt4>BGZo*p$(S&OWGK52sFq?8_AuQXhf_AdQin{31<X2k`>mRA<7PpJ!@%0*%5u*x&
zvhc{BwY%D@zf*n<UTwA1c?vV*)g&lQ(_Mrb#3YK;G{{8mKlg<Vwq7TGzuikmM=cF(
z5%DvfQ9cxKC39@v|L17pKA%X0M(2?pE1rWspDKCCO2BEZSgVDrL-t~RDYa{}_L;t(
zrJ9zfIEAYliEd;y(28?*tzjbHdw?#WY@&L$*0aYE;h|JACwW3keGKVEqD6lU_B6m;
z@vsRqrO7PZSg>9;$Y}QPTNVeRpog=#m!^V*47&d8G4hfaif=ZGFx3y8oppB#8PI2C
zCl6_*Z;>$Ey3BAfw6eER$!+Fdc(sH`lb-F^YS;VV)$y^JU9=d*XC={A$Ddm$wc&!{
zwIePnJOtpK8d%s}Lxpk${Dk}z9l9zWm6Jbt!-53+)oZ53AdR85*?EdW$!B}FJ|FHT
zN;4neA=0X|WqFrrsCYa^EFh3EDT(_3jMatczY$<vGB+Q@)&PVL9@P~jyTvByJ~DcE
z8cK>QOz2&K-jcieRuiJsjU~H97L@Et^A~${OLNzzyb4gTAU^pO&E3vHaSo&`b!-jI
zz#q(X!?7i0VV7&TO29WF;yCGB<p-9m5nJFaHkW=A90B@`I<|%HizcxpH8ym%SN%%l
zWoCXdMfJ2bhWdpy6AFMm^mcK53om=!k|tz*b116&6(Y7d8Xenu7anA{<ofNdCa5a?
zHBXpsj*o`2jD}{tUB=}s7DuUokj|1bkIoI!WqY>bHcLzABz&%AGOgpBYUUR|Vavtv
z<S*XY<_q)jU%a7Iuhf%r6Z{xB2R6RnyLX*E*9d?*2IFT&qjPB#=;KXN&e`?l?qD->
zTk$=mURE0S+Z|dy!84<dZ@V$Ce`&<}FGNh{{(9hF*Jthi&HAj--$fOE>$DgO(V)sR
zprq<x7&Lw}F2C_Fg;TtrIn+<v1L+`9^us~a2lc@t$$3LXdlbU^?1K9*Q#ZonhXGQ|
z?c$C;up$|Uyg`5@C{Aj$9+a)X9}b|Lgck7v$jWvE5@gD)T~Nh2{H3?e3hsiQ#kbJ{
zz^fc`7<K`0;@#gvP87hgC+u1y{;X~P)@Resm(l)pc9iWu+0lO>%KjO={b$%w@1ZF>
zfkYTeBG^7{0eHheKhOk#op!e$sD3=arm1Nwehf|DiR-uAEW@F`KjQr-wfQ&n1`pNn
z$oq~Rp}+V1|KHW-{|3D|ng79k{{!evMN!ra?F+Jxtu7Ol&@zSrS<y#iRU}EcBn5C{
zH{>8<=v(!k7I#S_7xqyb)Cjeb?(E0eJpC9^hqye<QsVkogGf-`Bf$y<<lJKY?#NG+
z&KriL8Y#a30Mm|C+YLOQ!;=l?zLJ&18i5f;obTI=Ri7wujLgW3*p0l?JtsT#9vv^n
zCr_fMTWEPXnKB3s-DM5^oXc~AQ6p3GS4lX7P0IBlXL((+45dgBH4x%Kydy5ErCNll
zk6nfiffI`ctNK|B4@ITu(79;VK>DxM;A__i76Y#;Ln(CofclRQ${3Mc&?IwyOr!vv
zSYu=1qv+Tpu`oWBA%$ev<-vR{2J;M_dgxrAX8~Mo?<GTStysw{4k%8?Fyh3o$h)Y{
zxmOs(>iWP@q9HsNsQr2y%N^ExNMFtlP?L3WpT%%UjR?y5R*6@_Va)#QTvFzW;5}=7
zmAbge@$mX?+jZnzDk?OatFq+aqS*^f0vKBmfMuWBbWjnI`SWQWC63o_$Hf@T2+~}>
zxvp|9a}Z0WGnbC&!861cwk@<xT@=MoPugvyuB(XR^eGQ=3rTy%*RnB#!c=IbONh|x
zb4wU@7{U?wh5JaHFLMT|{25qG5J*;#i}!PF)rv1wYaNq`OU_g|-mRUk2|qN*vI?C`
zX3$~3u@{R=?@9-5ZGEz@66qy~dd`!iiCSWLwt-WNVci}qt-ig_M8#6$Bln2IC|gn<
zx>t*IX>qmg-*x`NvIO+5(_891pSiBM?EEj%>bDEZ?DY}+>%jAG7yJWw{-0d%p9P*5
zL*akV>ecrHi_9rF_>*`2UT8}=e+Se%)`a-pG5UW8p5GVxSK#@7TIfFqJbMpy_2Xry
z_H^|PT@b>i7=tTDcBO$`MZWi@%tWqVMLM8K-^_HOL-lFHp=pmqNYBnNea1$>UfPXR
zg4?~m!ok7D-VPb<c52?E2qim6C^TeW2Pxu8x%~PSuk8{-G_^TgH1U$GM6_9kr3P{@
z@_8n2PZ^+p)cw^|e=Ce$nwENEY|<z<uA;;}T#~bds$Ax4Im50-*jH>r9YIPknAZ4$
zZ?&Hiqr&4%F5bsb)#QAlVCJm(fUR~CxKcpl9^PDn7q}9B5<Z+`M{|HTSIP57U(mC*
z*~_14_}`r(5b-C`itje3c!$jYpD_~u3)}B#Vru=~JLRay{GS~nf2R@SFC8pj{um6P
z_?s9j`0vEn%ZLHX!Iu7xzMtQ)%_lMe&;vJNX5~aZLWldmj;MYM1&fV-GXo(V2rIni
zT(ZiE3ob_892;W2O2-%*0%L(Os*S1-!O;jJHxO)$b73HfoF=szVw*t$7{jCm@h*$C
zbbX}}1=^9XO1P%PnV6wg8si>AFxTSA_5@mycpHeR=195$t&KsJB-s2jp7;7P?)SdV
z?VSWXkF}waGb^R8^+nvzwC(iO&)xUU#6RDUCEUl4t<CMkzu(S8t|Pn=pV!y6lkt3W
zKQl9i&iID+rcA&7+>=9^|Bb1$8cc_ukPzswy*Ac%pEnoZH`X?naKAIxbKmAA2A=hG
zY$yIXPbzF;CPyF1wio$L;MWLsvYYhV$(GgOl>=SuEi!_@Al~nhYiWl#y4QHAe+#ge
zyC>q!{>vbx<G;B&!Tn8-)wlhXpu~B;L}sRe-$A%h9Lc$&nayEgj?{ILf(`0rL@Qk;
ztQ`JOTtbRP{stz*+yH7VMdfez{rXeA43$JRSkD(<c-CRi`EO%jVbvi_K>#Nx^MDpf
zX1G#wx*^$A<VH+x<td2%Z|{_RaT~kx2GTfrajvEU|FEwZ9CUGZo5!d6Zm8G-1=)F4
z1>vW6`YyyH&0jF=wwdTpQRjC~@3a<g!Ndmv8Rz^r<n%vo;P?kQ{nXRb3wJ;D?0WpG
z4T(9Qj<sac`4wx@KF0tDc~Bpsxm{+NY>xj9<xJlfV(C)S(4g_8q}uv*7c9z*q^w!%
zNrNY&)ht?*)&zimaHE#yk>ZLF)zrS-am=_w3okNdtU&KU+vZo}(URtqvzV8%_=-4y
zSX%0#_vWGZ#;>P?w!zxljv6aIXZ@DqpR*qJmGwkGYVc~8;J1?$Lw?MsrQJ;r$J^d2
zgfieY6>m`t{5ZU}o$Se-acRczq14N;)k1i3VqTUE#Vi!CIUy@+W^`Z1rV*kNWGe8q
z#Q03V7N-{WgS`%y#!3@KHcg>$b&LI}HhFTYG{7_<b`GWZqi$Wo$U`2V(hRVFj!!c|
z$|;AujdT*Lj+u%}K|}s0l<CNW*B#d-niX^9P=ew^phpb|8FW_AH<q3j+|@gPbGsK6
zDHKDrDN}QMzj29nhJ4~-qzAej;go-(<8Tjxz6%3=n}*z*4W63RaG;0B&#V`ZQtdRk
ziHVt87XQV-nh%xq6iQGFrniRfA6*bxjGnx5Gg6<7_fh#h7?jfF0nBRHYG$oj=7K4U
z1J73J_Mqt*l>!RRErHION?jEYxG#wFhfUn&jgQE`QgFdeyz#|pOfxN;Yio*n4Pi8&
zlK_!M3)8#m+ZSBVN!6`<M-A#UHltrgkBxI<$G^q*kY5ThIx+y~O>a}dQ+bEAnKo?c
z#D`VSZ3f$&qCZT3^&W((O2h$1Z}o7~ah}ddUm}hF?C%Yq0Rt-tGLM6l(3<r~N=izV
zp=zeU4bGTyM5wk|PaiJmjh#rJA0<*xiJ1NVNxV~_l8Kd{J(-5!EHEvF`VBtm^Wnkh
z<0Fmta_I?#ZE!-$WF}Oo$Wm1(^A`zU0?ZQ7qKcnzslR@Pn%;WxBu*v*Q`a)GKKo|+
zH%)IeF>4mj=zMLOEjkaEN95^pgTvdQN!#9uVH{BF9?ddrgF<}3tSQraAi1#Npy@Pe
z1JAGxe!mt+?;u{M2lin@`0}bFPj@AGvd}!(p0d>#F9P#)ULJ8O??Az2m<PQABecbG
zIM-}{M);Ji%Bm%oXayPZwn0=YeFax@b!BB$GfnNb-t{+PME^2ZHq|SIWU_s!n(YzO
z_S0L9(DF51q?SRgrV0%=$USq(Kz%V7k@v9A!$1ov<Vfn&ZQanV52rDTm`z2_u)|OT
zE5QK8eEqr^An|cdwGZ|f?i1%_wfjEvuyz)7F8nbO$8)R?XrgX*013!(ih3Z{)`cMg
z{w(;btv(NAxJD`o*n{YIaD~P$l#qh(OD?~vps^L4qAHbGe0we(xlrC8j_$0Tvp;`9
zJ?qNTph7RQ-uIrI6t<GVUNw1TIL=?3mwVKt&`+SlBz+7DSRzJ--BAS3<%)fR^8W=F
z_N*>l^t1Qagy=`m48O|jXXW;6Ijz)?I?%o6vQN@P7j^o_^xxi~6_E$651bPshqZ@|
zw^MJt7$t46K<Jsmdj{ydQ>J@}UP>;gT5mKihojSRY(sSJP0%u)<zW2<-IkEB-Sc!_
z<Co?O@W9Rk)~_r<%Ldqio3H$rCKUl2D;paf8xu==5}OxYX6JU3hu>;y5R5DrzcpDe
z)tV13CAogEyG3Hlh&FbBqSC(Z?|p#-O;jJ5z)<kqVl*p&@&T%PY?EnwA~Tp3z!BK9
zW?s<8oKOmh(3HK8RkNlC8*$!(af4o!R-nK2_eC}!PAb|?_K0P#a%kGy;Xd|Nbhu{J
zjFzDG4dZl^vDiZyp5(3HpnkZg8h99`={h%|dqsD&WyUWrDrzb!b9BmKpKhw9m|k0(
zS;NLZvN|^VX>k_Tp##FULEEk)qC4xVIle!d+K%x`M<#{S{=>(hOMn`FS%ex)Od>cJ
zTVfs@tb}W5lw=-`o9GrPwoF1ahq6`hmALH!Z|NK5eX||1;$pmX$faMnG8J>WG@uGV
ztjIqm@{PcdSTWKNq1K8~(UqB5(G@4|BOo%a<+y^F6)!sI=T8qU;_>MPyX$lD(&xr#
zF}vo2t7iBI97YBAjs%9<`q%Su^-*v!PB`Z+H9F!uImw?&iQmV4{FmEe`Fc-o9$^62
zFneYQBVz-MQc&|U^(!Eaz-6J>^{@32wJ?ny>S7-pc;u4L^li?;RHd(j7k^$mRM75~
zAqBPH+MYWhjo8+?Kc}b1cs_>jKh`~H<laGtzdG@;(qCEoQuAkjrXc=a8(<El4Oy5l
zBO}ATO)kSt839pvY6l}jHR`^={@MYLE#~J{opni_mw7>{7FgvMiJX}SathgrEGTqC
zNJZhg^>olMdAx5(J|C0ZMojRCgdve}GimZPF5=)uUXkn!q~NZhW=zhE<(LkuSE2Em
zsTYB|kRoJI-C+tJn)*CZ3kTW}qxg#xx{fovZT2&Jq)y-n!WQ_&`%iBi?7<fZEgeC>
zD4iYu4V1^oBNaxa#J9*Ro;#YGoSdA3&1OiKr`d6}GCVVCvzk*+rLf3V&UV$oZgOJ1
zb!N8J)8~`MD#YHz0yEAHiA;f7SX61v&YID7a{Esus+oawiov>vc)qwzW}6g!?`X=N
z94Ms9k43<t0-&hk{8flCXLC(TMm{fef&;k<tbtWkWf7~4^_cPK<0l%zu9x(>!pc<v
zKt}MMKhx){dNw#qXod~xn;$)vK3oT4wbb4k*`-%^V)18GdG;%Jd`xg`31(kFw5J?m
zsR#*>&kNuwy>#Qut7aAgvhvA}cLH%<u57&G0vgn_s1M=#5D^3jCpxNQ2@IXKOwBss
zq&;rY7ne>6Xumb%r8Qr0v8qiKtXQ>mmvLqg1XIcN3s&7A+j8p?JuCQE*9NKQ&sFN(
z+HNRm4R1%47St<LB$Tp>Q|VB#ecdr^OrbepR!pYKggK87L#L*eD%49ls3qfN)f-Dd
zlHaepE;KpAmn{_C7k-GQCNXCg6dN&U-7bOoj$3V_*CAr{GRWEP<=)}um*b0^4k2K$
zM!xnrefYTGAposuoUk+r_c6yx1>c1lM&x9LRNk>VmkvEzoh&p)L#52nWPvF0i?QQp
zrF7c{g+z*l8N)DGEKNOU?x~hbPcC_hV`Fkpjv7-w&m2W}cl$;`1=De?nQ`Op1iOw@
zAwJ;e_w#gSCkulmwiLr@(O1#e+#Uy_#)ILpUHzDZJF=2$%0p8r^uh$nXnnm@JT|RI
zt`okmQ!$Pls{Wf|#FSu9<Pw{tui&qkwP*{{Io^@+P;=Zt%)@HC{-PKOV;kU6Gh04p
zB4g<i*nD7OkMTvI?><Agd~J8X^@?_}2qF%bVcUb!Z_|R_Qp;F%fY7R4N`h|p@ST3g
zg?rv^3cnJr2@;IYR+^=2p=r~=w>80tXX0%(v9oTX|G0-4J-cBE!ah0|Ol=ml)y@Iu
z<l}b60J(oA6fT6zM?6Pz7p(59CDaokg$}<r-9qo+Z2VWU4CTy&ZFm7(a9_yy3Y;_P
zTpp-0c}mkVsEOXKPRKg8?ps`SlGxXedeq8rr)or(<mw-8zew$2b&sf&7IDE03MX_5
zeMM_D11NuZ7rcyV=}Jk9g@p)&d=Lk}(9)P5NJ~;vv)>MQh-+!)#l`t2y`H@`)Tm3(
zrsXcBZL<Oc17Ez+i~=jf3tVA-jOtL3_KutvFt0>!4KnW=A9u+RNy=z&!B(J15omt!
zN@H+G#Y|Mx!ihM=;E?#}$2m0r8W0P|*pC7p!?>+B16(4-F3m(a>UD~+S=!ku0-3p5
zaE|qXIQT$NPzB@(biq>Rozv=mrc9YoUz)?T#)S_C>+nCDI+{A_>k`mAFLVZ{jZ5-x
z;mR)RtdsLmwosw;h%&YYoNW5mXV!Mi^6etsc2r{Pij=fLYV)h&_MBRA<-3d!b|Tq;
z;{lf_yXF}LwmiDEtI1^D*oA$ZVA`Bx`J#X_)fz;p(aE>XLP?0isTo1Z7hH;!Ufk$D
z@KewuV8dfTJ75#z0b+nJqRch3EB73wBYW?q<0En4=p;P5$yjAp&?E85p#Bs87Jq2e
z8_Awf9_pG;OsC+i_Jl+xCW5%p?QOS!r=$1y%Hzk3fCw>p(b=QmwmN`xRKB5o(dD9t
z+=wGs7ult5L7f3tsA^jad;ny3COxu~k@oi@L3>Ca5ifqd06pZHd5(nD^wa_tPi6F;
zLhm_)i&l_G1BB!A<9a{O9PFg24iX9F7dmv**X)6}@i@d0tlfkR*wnR?!4y9NG6iF4
zjHA@mAYDF~<RcfxWEkFGXbY!yVyR{B{*0Dp4(?u5-+lMo4!1g*cU`01s0r!E&%+~S
z?sek}pCNb{^kyP2rNFNxNlX(k9R{u=Id{LuG3%Bbd{qKW<m5yNwcy^NRX=}pxoXG`
z7*^(72fb6-g4<dIn<!IoZkKKJEcp0-9T6_x&$H-;3fyDF2ch+}!WHiHdRM5qd$@Et
z@tJ{!n6yQOZx*q1K{RQjC-c(MVBd>0@jNH;nTgUQ)0P@`M_?U3Zy)GYDlaj9M~K>h
zq<AwmgY<GGdcHxuf85%!ES7rM92>U<P`~leRv8Jt+5-*=3*X!U`x=04s?u;*#+bIu
zOyyCJ8ilb0%#ST_IF?02goy!N{dG=sTxh{jnVZnb30S9Gxbq?j30BX83Jpli8&K(w
zjMJ6XDmv9gb*3gX3kzIRSeE8i$2K`1i_6+`^D9U;W@hG=7T1M_HuikPjp-j&Ac}aK
zd$hIZ5EELZE{#jR(IXu8?@?Z8%O>71O)N>qi5%A|Mo7=EXpzc*&y?lT2G=JFopD|e
z6<%=6du7&J0qAJ^Sm+%~#;BMbcqn`^*d8D<>hYzHA@W_*$xgB5Ck`aY0g6?);}Uh-
zM_W|IJVFY0iX)F7=5xWnDt+wb{K~HIbrT}JQOAiF<5tlCH28D<xruQzT<REwIp+im
zpVVP(JYz-r_oNZW+PZYkQabO{XXz61$i=-o1WR_Am}o?#(-iCqdnecG5Fs_vq$Tjt
zI?M50a91n7ig;OveT%ULO)_n3t1WG=<_~hTM(E606v47!DahoE#48L#pd7E};evV9
z>j<Z^9D0Fw#9>HQh^R50L8mC{gdaL%oThnW6Kr>dJt|Ws0f#;jGDK+nIfSnrX36UP
z%Od7QI(v<8u+y@@dlYptxLp*6du$|>aj!(TmKYf4f=bLpKA=zFIeM|nNIHBrywt|M
zT9~~bLrdf_)%LT`<tp#Rb&R652ZV+-bVg9EUQ67x0n0PJfqYc9pIWQ*O$O_&&j8vK
zb+?0kR8mFm*@2m(8Yyb&xmD!N?G1vnvvZ#+S<8xrb>s8uYv{&E>}UsmCyD)v`ASVJ
zMM;WAX*3L;y?cVw!pw1HU-~F^ErJ)}5}<BU^SIn1n+ZX~?{N=Rm`&)BkLlsT!Jxy+
zRQhV)7VB!CANS#^#G>Q5B#xdC`5}I8BoTwnElBc>F;3B>M8f+UE%wcmCT`#;#mIu|
zht^Y*N$yj};rEfaE3=P8#5GJcXQ(CGF^<P4;2fb7W)K_dkXregDaccg)sh01b8wLL
zl1o|YU=?4uGV15qtah(c-KhBWWRBmcnBvhJqmG*Jnzp{N2%AT3(JTI75JQ)S`pVb1
z+|{V%Y=*x4^iJeGJzFdlv=`=0ixv+*YgJoN#nBo&#~ksF%uucAnez;a((?A#$4;kG
zjAqK`a`ogiDts6C!LpJZmFIojf|>^8Ov{xTn^s^wHW>wGU2B+IjW0#V#pQNer;9;)
zKrJ}CG&YpupOvc_-Y6T^ETQgJNZ>6dtvkSJWx)?t9{bX16gQLu;5#`OB`7clq({{o
z5l5gG;6}L=(31)Xu?GPL%S6vk;RfvrGvDjb^(1DpgSp{daMm!~Z>%K{fpUq2k)Tk=
z_Fo#|+;6~A+94_z4cPalB_o$#!hVLrE_=oGMF^~!8#^0xiRBF<DOTDV7=DsDAoQ30
zfh9+@O#^_QvF*x>f-?lp!7u{IRq`brEu0ZU$3Nb1SzuR?zqDH1JVo41-dpm~#aKM&
zKB6hIb?|o{w$sojk}UBj%TJo#+Cm>;>vUjE%x{TPWsBt61UeuQfgZQ!?HXi5yb)22
zLVox8(A@FE&70La!jBz!f9=$w_^@*2ip*)P(@Pb<v*8p$x{c|Zu4f5o{`pBiH2ybm
zilk=c-RBJoy2M>C`;q~ikI60IBlJny7QB17mk$txk1!d|d9=GXz1{>IiS3Q#-|0f0
zKa?vozoL;z7b^$zAgD`@@xy&ieH*Rj2OX8y@03qqmwCk<@`bp=>O$DcCiVB;59lH&
z^Us~oTim;Ks9-#C=F|pFAJ4mQuGr|fho&a-pw2~ZuP20Cu+oSh#dIMal9Ra9?kMj}
zt|TJt23L;Xzj4yWf_HBHk~l`EOol|KN+$nNW!Q1PbPuDBnlso}PepO{v=k=q<CFvk
zzw%pjk9%+LZc)1=_5Ll#i<LthhsCreynAlOWUvY6{+cYF9H{~h@JneRLjWZF+$&yI
z!ANr^^b5uas+h)?<LZG(bR8{BbDb<d-Vc0UkTvWo;X2G=>(pU7?f8S%1yZ4GHqn-e
zJC3Q#hBM+!kvDeyYmHicc0uXBc+Otj7(BfR+tI|uuQfvkE>8#nl_%N&A0PTeNz>^k
zaY^N>pmx;u^o6L(Rkq))04BTD*9HaTg4!+DGbhpbTI9dZm%A5S@!%Fdy*+E~1@w(u
z>N=R*G~f4th-*)d0~}iXg?Nq!XQk0q@jwkibTy}zwLfe+065@ueYn9wa9Xxm$EG9~
z-^jf}aC`y=3IN!Cp?V{0%w&uMcPwyAPhHu;7U%v%O4-IJCKC0IFVD$iw66aAf}*le
zK~noMHPvmf&sa2+6#AKfrns<TmnJAz+4Gf7>(#x!j`dZ#4g1RuS}k(6({?NA>$mD^
zjNGQHu}dTTNix&7x?}shirM^x0g6&OAKtn52_Kkm(s}fOWMmE+h+c4*fg}y*ur(#G
z$Vna&>^t_mk3o^Av$t2hc@F_e8ZU<5scT+oAWCt5&U8kQY;h=)EHtnOVU-n0Y8$3%
zs|yFRqO6yT9F>R=-^?^dXIcMTn1)kIr7nBNDfpB-p9u_uLS88yls)h}O|G2Kf`v4(
z679vlt|sn^W=;{eODbRhP1#I0rEP(o^<B&{%%Q-xV-&EcQt)Zfd&KK7o1am3m#ZmO
z)}U{&XuP)5B3tZ?He^uk(VP|Qv3c;ozE77o+u9Cvzz8+xgZYq&n=y+m*@R3Nr3Av#
zxKs!w007Gbu#%A4ijb<&Alt_7qw4BvIyfcZDl44VP|`s0F)FCl=*wb68q2zm^zId(
zj*`00Rf9@r9bjjmx=hzAW)Sl(eOE08N0Urxo|<28iW&)5bKg{@;tEZvjEA%yw)sIK
zH>F(<T@7&m|1tMYVVZT>wr<$AZJQakZ9BuZZQIJQBQk8;w#^JP<3!e~wO6e=Pwlho
zKl@@`eD~ke=j>z5(OVmDlh_nTX-JCF56Zk}{fX9~Co0AGCQ`RcrZ2+yhWQh{A$JIj
z(Id_zf6gp=r!?sa^`#X7n~%+K|CfbThyK9OIcuH0hRkwRdzI&pGD;+@E8B#c_(JDd
z-ds7yho%>cb`)xD?9<b=mU!KO@MflAyGdPEPnh3SUUP{o;IPqTrlT~6+xsCmGSI+D
zu6-KLK+9M+z5rGsqeb8YGw^sM^r&FVcx>ut3XEA=fEHC=cap#ReU80(>WWw7NfgmB
zE}|Fw)JiG~O9U&w0?(s!ToUG7JU?P_#%(aX+!jw=ylq1iXTC{%8gtpefX6SJHYBq&
zW=UcQ3#)Va*X~4;oTctZDvY&15nJ7e;5dWnRp!ym_ng7T<%q2-c5y%pyjVOU4X9gh
zU{pp&B8D+i;gc#@r8#~hF~_O~ySZkPzm%mRl3-`pGr}>b26%o@zOXf@W-B#gRzv1B
z>`NJ~O2)sC)=Qzg{<7w^wfLsKH9hY7??!ujZ)RgJ-D~h}jeHT|eu~>v%N!Ur56M-4
z^Cs!&GIfGm(<+9lMeLfFFI<vHmO`P6g&~xL*Hr=h(gKg_r7aLalK*ay!P!#e%uEZ`
z7;8>j%L}Q-?YO|0D#SuY+k|fLhDsAF*s6Ep6uccF60MOKf<+vSn=h}!u!MBm!b4ax
zZ&35ZtwUYO>!In*>tWtK`-BG4(lY;cjl)Gaot`May{>SYSgD*-6H|#jdb!?cMbe3H
zp&qvdgwJDrGuy5Fax!38O}4Xbhq14_YJ4`q`}|P=d4krxCfiC4FXKcgZo%~|V<*Ku
z5$?%6G{7V2AbZJxOzZG~C1j@x<d*8yR%hBF@54yI*MAsW&U(PsYJWRdSJ!Cia*0vl
z8hmnEus3vAzdSpyt0qR@yF%+fNULYRWL3^MUS86di-?knfcyj3ZLyQy*PSzca(e1K
z{OtWY*hL1Tt}hFjw(MY4d7L<VI=-v;^;b7-TnhT(m=zR!aWo{V%>_%}LbT;A_}pvG
z%j&AnhS^D!wW(G`kh5W5Ffw|W#wwuG0W_nN>78q#BOPX+F0-}$f{98;@dN}>24dr=
z^kRlG?_&d>#PmV*>87Q9wt2iDBOlZ`R7V7Jv1O1QuX}J87&?}c=alI(?No~$N1tr8
zCy$LQ0me;>wzf6gQZUP;mKbEFMpb#56JexlgtS!S;dg9nghX0pqdm~5R<xfgmrQ)`
z1{Tx4-z}z>4Smzr8aNt{cURVBFEM>MZ?&B%MC1!f6I{+hPZY&7<@MWdw9@xpquw|*
z6(}Z12Y#~QXNY$8te#LzJOJTk)fXo~+o>J_+04>E?PrvEzZkys8M2XF^|X9%C$Qmb
zdpuNAk{mQbM|661<5i<WdWLn=Ky~$z#+>CaVJj;yZiQ!qP3wz~2<8P1mh2H&*^J`_
zkA#1;|E{(J#-oO5TRB{FqTLWeioAD)qLStR!*Km@FRyU6SiZEmYI47B!|WXABnmE8
zxbP!h-MEDtp|paTq&b?T*#h<2_?F3I{+@3=3KnRb2O68u^awJFzSZ&J38tjX@2n5O
zzif|GRG-eEmO|FtY|6D7=KVyeAbg9YxF3j{k@A}jN|fTbUrX$v6Z1#PDjGYPm9az7
z#6_2bxi_7)Fx)C-U9O;Q!n-X~B6lrNH8O!-cJ^Xq(L=JQi`~lo$v`*%R~FiVz?k*Z
z(uU(5;0W-*zM4RkrZwt2If(%0D!g9rAPw9FLzIMQcx|jPGKymBL9bGr=4{H=tI2}(
zR?NB5OW!WE!{Pga560yad(_saDo-|LBwTDQ6s=j*fhWWqmwn-6BMm*&#3~N1i=f+F
zqoKIyTe+L_CJ<>*Zn%2cgjbFnx1VF06XzW%TwSaR*)v%?>Ga7P0l5B00f}$yDB;SQ
ze^rYCVa`>#v&`u=OnApui^#Er=`SO#0%4A8NKl|U*6i#}-t8%=Ww;nv*!wRv>Pd&~
zbAGINc6T>CKR@3eFqeLgM_!G62I(@2ZM9Us;l-GHkhs$kW1l(YYysPO@$Ql#Eu1K^
z4lizpkWjL#kYbyqkub`($IHmee9>BFG{Qto>=pbKTr@FwqOZM`6yFqPTUR@oiP`2d
zqHnisO)K+OsqbgeAkUmfxm%0;()_%NMq5jjgO>c{7E!D2_po<`-nh`38Idt{7f;h_
zez#>SCKArzlk|!xtx>ckOoRGo1sKoN6rXYJ#(OQtRfXG;!D+KOr^yr(8#b*C3$6uB
zK3xrs-Zpuj=x?L(3j1Ak5%r~b0tDJT^u!Lw72U$ZWHDwwYb#!hBJopAu*7xF{n?u`
z*_&0}=~$Zc>*yUe?G@+Y@)MuVS_9Ntv;hGloN1fo(zW3yff4zHRNg=pbKnkTa<%AK
zc8x@-saq?gmR5ou`FHS7*B|Jc-OKJj&viC?T<b=Z7d@{kx6X}+4hnVRJ~L=N+jDS8
znDH)OWuIWD3vX9Gn{zu3KK~)s;*T0Di7E{Q_2ow}`1<|(a3{C_gga?}ft~*R{t52%
zH@n#XNm#)gyKNi>I0`c(k)vPQ7pR7^JFTCcQKOenoiKo#x{gMnhK7}%v^#8=k+eH+
zpqqeodVDYwoJv7CD?NAE`1=t2?r~p`I_%`n=*ee?9@zkB%@d6i%(`Rrb5b-?vsxAP
zw86~uFh6Is<fCNcqv8S!GwLaNT1i<GnQ=<msU0ATz;Ub-%nbVg7L-(yBeWZ=3{1>4
z49qla0Dn?u&kloNT?b97Bsx>z*}?Rv+Zg~Rc)C$~Ng4Zb=}8GnmvQ<r8JgMgNjZr_
z2M1WVaCkU7XJ>=IQB;6Y!mQ$;{}Cwkr|M~SDgl#!*+by)f7wF-{SOelgbAR(foORD
z7#vCEWl@6+bpr}0N%=5|rij2*jzdkq(<$?UOVR^kY69-sLGiP4)}H(gzXY5YKu3@)
zf0^|K)x6`U$`8;MmGAXw$p#}}PcGs={KC!@6DhMF3Ld&g=igR;f6YI-6UrX#1F1(T
zm%zY6fcedTd?=s-l^aw(@gJ3=!Ld|#{m07v@hs`>=q9g!y{qD1uE2la5%}LwO#kT!
z{1^5m83ms2C|{01W_sCo!mEOMhedY;^-L|rAUj>+@1!6VVTY|(Jo_GRk15{m34Nj>
zpuP!vKWioOzgtD+QK)0kG$O%x3=ts(D_zh?6Ao~AQf>5LZ+YEKPCRYlT!?zQ;zz6r
zSW>B2NEWT(glAfaLI~KLirRj+w7uU8Ex`ug`mMdrn+{H;+W2cI4WVwaIF9L-vM4KK
zAusJW5ui~>A<_Ov-$WU0{;`GRNCVRlib&R78ZralA(RL*7AiP07&vBxQ@2qc@;8eI
zZgQu0pec@FGPT(iF?jldreW_oTeMEa?4dN(EUZQI3{sRqk#^)<M#}zvaTc1va6vuZ
zyp?O}@RJQLGC1uQ3gl)B%#dltbtnit{Y8KB@7f|2`Z&)}cTXl(Zy@wO<1H|jm=*NG
z`&ql#_g5q4;65~CD?F1Al&*@Z8~DFIB~%_cJtrZi^iuKzV{eWsmD##9QzbCBAB?Z|
z=2X&??SgYc{h%}Zi|b9kh#}jUOQhNmpj!b~p6+8qmN&2M%BUSE5YHgl!*ewk9VN|^
zjUhJF;d*Vv&aOAM5u}t{LgX*NSRLO6=^x5$U>yY48qHm3EZf$TZeKIwH{!=ddzkf5
z9vys-GoQ^AOq{0i|I4rUry2cj0+HmuUMbPP^h*7Alj+}crT&E><!{U3K~iFF7OrAa
z23CS*lGerFQzDE1yGhHNdH<GDMs`xFks+MD7W^zB#2)zXcDVjXrZ4Dqk0?MR^WN-M
z&&XKb7)!LAiprg@p@4v_se_?}sZWlLfP$%psjP*Eg_nz|qM_~=8$YN?a$?k;NY+Ht
z!cf9o!NN<!)ZW}s)>Nfj*IYr?%K=fIV-e@T%Cvb0A@6PlGySEQk#T_BE@#j9N^87B
zNl=BGk-QP&0GS$^2bc$#x^uyBvu|#pK=R|umUUny7H3t*J3z5jzffS9Cqy7w!d#Fx
z(bv%wo4!jm&We^t`}xRNQGT1>h7|plf-3XY<vY;>a3F7z;|x}sj(OsV>Gj(qwEA;`
z#uN-uflc&CkKm&~9T=|tJ2Q5hLN~vx0RXTmB80X3<9`G^B0L&-(EXFK2sr7@?@#c~
zU)#zY|8pz*-#xqkv#kvKf8<uCp_ze&#ndo}jdqS|Rv%b;@Y9eYdyE1emf&vZ%M!PM
z(mb({m1NlbUa&EM)VcAVq)bP?yc74l1E8jc{&#F{FI*1g_CJ*U&x&jj=^^0vRd)Qp
z)IR@xMgDvH{EHR&-)JB2k;A`7Bq7=A!!MA+?t>kmry3s>p@*WIr2Ihhj|Q+X8z}7b
zkB=5eIz=liEuC3gb~x{v{&>)|`DjRP@Wr-n>yp0mRj{zPP|&c5u%V1wnjDp*r<0(W
z3Zt*4p_7<o1z(-KK*It08JHcP{tFFxhHi=;XJXrhSuSB`UUou)7Kn3rOmLcix<`_}
zQN6jArLj~I|GT(D6R~)cI$tXVYaK~)GfiVD2Qwdh!2-~rKHAadb{eJ+^QQrr=Is?5
zGd{lF|7u>*eH#OTd7n32<{5*^sELv*hK2^_5QY#dk*_!g6mdv!{JRov{=1iXKN~7q
z$!Iy6kwvMA(OoJ!acS9T@HQ3`?2surf@~}432V7@5fKq&XebA!FZjEk&nzv)7|r;E
zgpAyw2;|V^iRd?LV9Z_sFlju5wWD6Z=uvu%ydB;A|HeH3vusMFOK&ZHeZzo#J^O#(
zJ#7D#J^LR~kN=|IXrsm@fdBzSrfDa|UVJ8^rX__u%aaqUH-r&dZqUK(5ug3Ao&?WT
zeWc#H2!TF;PN6p-F`ZMur%q`?LRPaM!S@BmuViwDuEzTh+z(owV$N%e3_Gj7{Z@H#
ze(5szt+tk((2ItDuLTCY>A{0=>4mn35P}J?19(FSMiACtH|-4|!H5fBF(v>69TC7A
zlMf)m=|jYMGkr&t7dH?=QIWPMO;VOL$7C|0EUa`GtH>*tbuM<)IZ;$AFRKozb}rOn
zH9421ZG2G3_WhJgx5n%C`G?N=Q^6uhqI`?53dVl@{#ph9xAw=swae~*CWXc2rmHDl
z{4G^$@6Vp||E8of$6*xm$fGwTHbcivj*hJK^!2Xv0Dxu5uPLe|Bla0G1k4S6`U8x)
z_{&FG{c)B1MKCgOEjs<PK~{&=C*ZHI!><3h4*&l<Qo#QYU57QXG?*HOu~W`TOHhSQ
zmDvz<vPS>Sb=VZT`Jc-UQ#RTOj0ym-%=TB_CbzFMh2!6B<^SR+H=zmXq%_?6+w3a2
z!}GwqH^v&1J^>x_IwjiLe>JKX3>is04B>VV!dN2N7-&^|bnaVy5481TC*|bVS$U2I
zRzi2ZvWA6LLl2tVou{Mgz9Z?eQ)r%K@H)5kNmAE%V4V9hoHJ`So16LRv+L#P^ElVj
zbNd(S0i3KGO81<F9u5XP7}<N_$5j~iO-=F15VFH<_={TS+rT!Lud@Z|z2W(VNSB}4
za9dnKrIO(Ou1dsr%dAy472KbNgC@tFN2jU%{&oZB_|UoNx1vdL7(nfb%ud}27=ANP
zkc8QZSNb!@4=u!7e%*u^w^#SCNsNPy{q2L7uIw!3MZ`aXl4oR17Fh9aJc<1gc&{R#
ztd5tYq{No;lO=?Su9beW9dhJ*s^OCVn7&jJ#EC5|oZb5FI`G;$fSWqZjwqT{Z5^?W
zzG@n|+3YSD!Chc{p)6?dQ{r-)@x!3vQ4u0I5u$TcO#H}6%S@YBve@-ubKp{%?4I}{
z0~uVcqwRVE=YW_uEPlplKj>i4gu&<1h#3rvZwMUd;o7}%gyWasW$(77v)u=)cP_MZ
z+1-|@-kFM5A@#c!ur{7k3X&2@sw)bGzr<y13LG`ztc2Ri9RK$XT=Na82xA>NM^<P#
ztIe}bk&CzkC~7_X7vS%7;cz}NTNQje8rP396u-opr&ne1bK(wQ&~I6;;4WSA8HP@`
z4;gVp^ob4>NQ~w1@d#FnMrD4#eN&0KfTI$XH1@W7p)otOk`ZU|440A4BwG1F-&j<?
z%~MU{TP7pz;K>oYn?&E3tn?wh9W#x8<U=Nh&$}iC?a`nejTe4F=lLy{vmbu=DHNld
zWK~~UQdUAnYI?-Dxbh-vqvJiGuVBxewCFe~SuKtFSWRVlL9^2N0XCZLEui=)WvS^g
zMpjJisV`@X_qbs2Ln?(%tIJUTaHo7xsNZrarjpzB!~NKH#jQ6ulg`1~#r9VemDX^R
zd-L^8^c!$*O;BHacsBa=n)hf?s*cZK4t00iQ+Y*A>!aoJ$9&hhZOgCX5AfeFM}c~u
zL$u9XE^oN5Th32BPg|~^z}sFoTA^JZGySpOUbBb0-a4;8cS89*-owdrUw_R{e|y`I
z%i(+Pi=_V;m-BtROVx9KXk6ZYUe?2TIn3;SeVA?D@;Tmo+WKtXet*O`e)z<O&~Yw|
zkn64A!v6ZByN!FtCbpZZHNFd~?8U-l*e2xomce{D_HR66BLf_+g+i0Wh&TlD?7WBy
zS-jhLnOpk4n?ZUt+Iebli{N4}cW4}eTghWrqZbQ1L6$@pcuIR1DpgpE*$6rvjH0Y0
zi&zO3{y#E^>juQ;N{PyrqMJnHm51XN#Nro9#m`ttG)|ufa2*ZHW+AE<C(0Ej9Z34n
zeC7R%LX7H$h7FbK7EVl;Md}s?YFUKq7RuGJoM;XsrlZd{kySScr`dRHT8BCfwAXXo
zfX?P_oGqW*Sk~Hu%5=V$b0aP^_>#q-p+6X+I;X<bvPZO0hpb_WY*rPxoRu~-U*ot&
zQ||+A;7+i{!eUK{!kPt!Gzjci?I;<>@{v~cwG4)<b0oqxq|E;g!Kgl>s1`+4Ylx{3
ze~2+-j;6)xP=(cv1gjD0vE02`+wVVDZMB`9Je|RYArtgMTN;$-DxlC(NrJ;Qq4V$=
z#8=fGtIlI5G33YbV}s4p0scM@P%afgZCOvr+v9?oXN|V~R+6?{uJ%YS=xu6Au54G;
zmPrE_wcE1Wpc!F}HQ)kkm<d)V!*8{Zz`ZYYp+ML)N#yCP1!L&y1h%F^+^#~bMj{wR
z7W%T7guSx;5v#EKJEdV3;SO9hxpur^@)BQ3bYI<6g;ol~?ifc5UP=`<L508GK^*oM
zA!}J&W!povg7^{!i6@F;Hq>af5LKj=(7c#VFMrSRoR_8eYIUjSFb4uI){9O?5!~XO
zN;pC8gCmF`xL5}R@16*iVJKWRdBh5$&<485MiJ4~JVL6e-h>?c6imGm@aYV{i^cpb
zWz@OwzV;`2hndHocJEkO!Nmd~ZB)TURDP6bEn#Rxy_!&Z%JHut?LHurR58dYP-W!G
ziYw@|D;P;R{T}prOHB{AOm3DlC{OxubRTLK4pUg!V6YOwp0XXgqv22^h12R8+R`~}
zr>SU$E=ooeRs|GORFUY2y+D0=Z0Trg*8z{*3AlE5IOLVS#)8IMkaw+4qb6G9E?hb|
zLYdoVAPnpPz#6{2+gBaL>z27pGKS)CFct*m_xWqNu@Hy^=4xTV_QibVDJxFxNlpvl
z^oc0;djw=!>isk{Y(<kUb|v-r(W;RsqrqR&vKf03Alkcm>xC^$i{SVv<bquoeFrTN
ziGwSn1p--ha;DO5&O;1#&p<}VO5{g;A6MCdx}Pz%GA19olrGo7=H%Xwb0i~^)Kp`m
z<7KozjeuBLB{rY;7YTEI99fo`RgBp7Q@<CERihTR@8M0#Ug|xrg@|r-3!lfnh471G
zs)%VsXlc_fC!0nCCHc6FrnJv5^HSgzu+Lx5b>6Fb;C7~L3H!=^W@X=iuwnjAz`90h
zJRwijw$O!;F%4}6JWyS+s%C%N+!umUy$68VFIu06BQL65wfA?&Qo8HGfhiX1B8H#@
z)n5ThM%IP?hEv#$33FJhXVwM71cROb?SdB)Peruw>;5O9RF<xnA?=TPNe0+olzL#8
ziE|e(HUTiHaT3f)F!sSVe$uy;N$zI^?dT?rV7KbH2Qc;~yZ{%^EQcRR2YzkUx@4z{
zsI|FBh01UjA_*ia0G>Gq5^Va@3GccnM^bTcruw115Jf#Xfg~K@EAw&S4?Q^`r&OCF
z9Hjf%iYXNsylGv&T4dy#<R<GmpoXAJ@Mwv5SPZekHhEU8EV)6LT_<#yDEgs!nr$()
z?fFx7kpn3Pbt<$zlhEes!Wn!L4eXK8akg53<Yi3~$~thl{iYl!jz(xZF7+yLc=Fx{
zOy4gCH-{a*uNA)30MCR?SpjGoa9+$>RT8p!P}dStynoya0TW*ihF6f0ErFMjl?1}s
zhrZ$&*8%F^awEw1Zb~$)aET+$d*D=do&;_MgE5NSiSu|X8`cCQ(}6wKB~6QpBfUY4
z55^71ii3`5Bf&^r2vLT9{un1|Lc!9<ABk0Zlu;BLGHF7JcsxJ-ovGMc8#ZJs#|?5K
zKq^*Pee;@?6;*biuHulwzjiP&iWxv<;Ki<NzpodpY2bxawwurnV_^>80&)zec!{*o
zC0)+h(5XM0?j52`*dUuEM?d08*$#GwAi0Y$eY7l<bP0-l4o2LrK{fQs^5U!yj`+zS
zesQiyrxkX{9+#?1W2+$5CSV9I&Uy*zg1w|2?P{~Ex#7?A#vkC0)UK2eGFTtV#X&mB
zE2s`;JJgq|9;75*2G#_jm=FJWo<!qs@yg22iq^$#E%ZiaN2?u4;6XTe@DnjVn7A|;
z^~;GJ%+og0OVn}!41Ih{TZ*oY7RNPpxF|1&ZmwNTrkXtNORhR~XqfdBjMR>kyi+8)
zM!KuL*zZihCzu|pc@phcPn~6K#>?y`M<pa1sbDl{MVvG$5#$|W94!bamFl>P#Q+l-
zvba7In=QG>hN(?E-wcv0Nat%}##?{^=x+nk#@QxR8yCaRzrN%r6x^KRwBE7nJX1)0
z$ZWS0RS8aB8Cl(XCyxGsR|}mNN0+>^{hi9p6GUwbYJ`y!Ua~2Eq=Y3jnm_;D>`MwC
za&DGzEXfsQ=B7Aq(6S4#>2W}i{wZPF9cao0aRF7?3Vy9kbA@5#Au*qrxC#OT3G_op
zTe*Qr9{OUL-LoPOa~8%QSXE@!3x@XIhrdL=WxK?r?n9XWOh}xXaQeVY3U%f)&u=Q&
z@FlU-4=+^J|2u+atKV-Z+<-lkAK6M?=uR_>8GeuPY|@93cB<><Z0ls`dC=n_dg4~?
zS^d6q%cNP?a4qo04FfSVs;{*A=lM6tOm{tp3c%QjiJ^mFH_Ep-p-kfj>Mdzh&*fJJ
z8G9UQ0wXzx`b+y%J85V_Ji|^fRzOOm<_Bqy{?T-^4Aw-j<rchzuwDu@pzU;-d~qHm
z9-J)wig9}R7X&Q%74#kI<8_}DIs^{qB_xDE3$Vbg>Pj$Df-dsZG{~!1Jxp?o5Y)3j
z9i$D1A(kbJRq)W<ZgFL9@aN~BlWSFEwrTCUUBZaOTi7N02+~>?EAn)jUt>6KPl(#S
z$reu}3#QEX-GB#472}gKgNTqF2V1<q;E*-|PQ{xPNF8yWpxna=k(Vs<w}E!H6mxXK
z3$p7}%zDDx*Lp*^2OTv4i;qGa^p}XIO{A*wen<;4y7UVXz>6D39(a1LW%Mu@Nyfca
z`=8ZLg83$}lvGdyik$=Bi?>?rwE!B&ShG5%XI=aEI776Jz7Ql*RGP`Z;w&LJ*{LTv
zl}&|ka8!clMOM%1Z_0A1EW*smPJL>E*q1Cs-apO3y^2AWT?GgcJV{(AoCrMDXMaoN
zrnE(J-?%n*>CEzv$&P<vYL_-G&C$L;wbGsv)SY9dPY4ysFs|*FNQ(zybL=rOb1A|w
zW(vBD)R)AV!8yd%SBRb_ab`mVbGqyRLNm69Trsd$=H?tI7Y(=wH7r{TG%QRIP}IQ2
zkeMn(**ql6@F!%F@zHcmrOOD}BoR1`l#lVB9|*vZvK^{NF1%!tmF2tyaUos0=;KDO
za2*r<c<%S#eQZvmR0R8!h?S2zO0GpdFc=#W2Xz-?;@G99%siWHxpuxYF?7-PaPLg-
z&L5O<O;>1};fT_5y*pH54h1eLr*b=rWBwq9k9Q||9s}+f^cn*A4UMHUq)@nCiXk*)
zJ=BLkC+;&8x}ZjqotIOv(Cih0Z&h+sqNvS^XqAWIz2Y=0wV=XmdXL?yj>;ffdvC;P
z<AiZJB>Jlx*tde#aMScarZrVG#qJ!MwPG#gMOW7oztp>wiQ926H#ck=6|L%Gc$+dv
zo02?{dXX^OLn7?=hhU;ATgCOlpkB8soD6G;@Tpriyf(@-PWIgDBZ~~K(M}+|i!`p$
z&=d0qpj<$W8CXe7)7uI1`My{G{Plw{(nR%r$bB$hemoaseyYH6;$>nnh%MlF4+WYj
z=8u*E**u(tnZ{Isa&__|{R8R>5JfWBUoq+zap6*z-2@_f^@nj(p?)g<h-!34ZYWBX
zs6AG_v%>_zDZRsI8O!Wf*NCbxL3oFtMPd+{p=veZlFyh1!30G7fFo&*h|=$hBZ)yO
z0P#(C#bB$zl{jI$>p{teytB|{2T)s_<_)iDG4=Jg^>av`&hE*r#g*kPZo2jc0y={o
zw~CJToaXeMFe4kj*(E7*M>&IU!IB4(!j959puu;9u#}ZS(gFscVbOA&NA32MR{mB$
z7=n#YP^N}I?ooSa;;4Yk&<15*u|@=-^n`h-cUhErCm%fWl9)CkW?ni*ik(r+#|vZ%
zkhmx-f@y5zU=Qj|l4|KFh$<+x05lTf*(Vd>ff|HTdWAHAZ8CJ^C$6>f`Hz3rJNTH0
zxJNp76}45*88$9ySX#EBEv#Z^R6Y)5agjSt?+L%+Po5f}W<pH5vm~c0RJNi-DrX33
zkm{P;RiIpi2T1M0(+4^Y#r2qu5T&Dp%EsrAudoPpp~M}a2w@GH^gN3uWf82T50cMV
zRkNg~vT9LTR#YCX34?Gw(&kRwXPq`WLWXe2>Of+soJk6Zo=N@$!EL_ZcqL*ODyaqx
z#|!U(7R~0;R<B2&@saq^T-FlC=q@LAb_GaG>p$;KRmogpQiFh^0{8(-4|OUL5I~*B
zbeQZmiIwlCwdfbFh3{|{#8e+s??Mr0(ZY5-+Tv&%2-FW4;gwpCD=&Msmo3FA`}U(y
z0v9(XCZ#x93ipF&ocopCcB}rSFWNKQH`3P9u7Mu02Dh0eb3)>s4uh0ngjJ|bk`4-W
zly(0xBoRAN)XPDETAYsbl&h7om7ul44qtb0+Mqsu<Cp-~`}kBEbsOhe3UfI-{OFD-
zG9uV^4;r5u5ZwnhZ2%Ci7$|$B92iOh-)xe^Te8-?+6#b(ISuAmQ5F6r4Ic%O{5q?K
z+PRI57OkSFc+H@B?F?PrDjY-Sc_blmfPEiSAFC1_G6?eVdsIPLfCBVEX;eX`peSt|
zHAb{R*ffQqplGIqEWgRUW&)_{j2~eMdfvpDzmSk@tPosdkGX~j`=y%^vk3;&sfRAf
ztU%XTv{QWPKvd%39zmvDYY4LhqsgLvQVszP+8s>pU2x76F&?LMts@tYsBT&Y)xA`x
z(sH#<v&)0N@m*Ww)OP)2K~7E=p4jkFZ<qh?MIK-gUvWuctL0FhMA9`i2D3ZfQm8r5
zehS*;U5gR^kcyv)fs*3KGc$bYSxFO;I_m`JkaPsnsaC9M2Ni(CB3yIa0Z~gpWHRpJ
z*XKR*-6i3YwpOk-`7qf?w8z2H&>WdalPJmhc{E4yE51f?V&KBOdojuhHb@3Kcf29Q
zSu-eCo+H*E+$G<sE=OCa-1YVC^v%1k-+LeWvB8(*o<Jat=00tJx==a4&vQZW3L@^V
z;%-pYN{8>L!bH$*)Vp2w;+PL}{|aPD6;{V}iJV0d0IU90PE1D=w}9+|Zwv%ogM{NB
zA<sYJNdiWDrj4mv#L*Aqt_vH=V($;B7)}hpuh<eje9yAw&ecM)=7n3#AqYSABPse6
zlnfL$l>)mW44}pjgq@u{w1t7a9f3KKfEpN@Qd9}k%RQ?Vq;Y;=0{n`AaoS*D$rC9=
zyxL%3?b8qqREqfN_UuB*Ho(JuPrVpEzf*rAy*mWBTpA`$<W)P*q*lHGMn7bY{XeoG
zD>{McB=BfOS&fG!NH%Xou4ahPc3uUCDKT#7`#`yo>VDt?AxMiF8;G&6YY>%%o|+LY
zF^GaG`%N;ync@`ZTZV+y0@MM7z@R`Bt`Y+kdB-o<?aoD2BV<p@iiF<gr%%Hd8HG82
zhr#28Zk<IA{DD`T8y(SwCek1VBZ*E})_Z<V^vz4wRFnqpkYDKqV%K2^p+zWrzfRo+
z{|djf4m}Gxw!?ok07f<l6C~d~|0T5sv|KdK&-b}_Z!fS?hz=-5#v|M_4eof0IS-rz
zivWzH0ON^4F&H_0nx1|T?w_XjB6Y&w{`#2P<^SH8TkU`9m^%%N`Old9^lQxB;D53w
zO~Ib5fQQ9@)JyszQbuW$UdBoJpJ|q@FO+54vemtWzj^_ytLgp@tqB;l7{B<3vj34A
zMHC<fGrt6rKjG8=zG%YszhtL>p)s<KbHV`v0))(7o2AuV3z+E15-39zD02Aq38NrM
z^_`GfBsZL73kX#pqRUIh-MlV$P0XeLHvOg{oe|yZ&}O&Pd1zt7t+QVDQfl(#+TWJy
zy1ZZE?6W0q(gVy3;Roq+695Xd?79O6T!0Wt5JUjO7{-r;bd-WGLDy<BLR=%QaZ8<-
z_eV}Dkff?8D7WBRgpc*blI1RB|1a0VpE^JT$1j`xW%1}w9sWZ+`WJQhH^rmnPy$9#
z&pbL)a$9tQ%*6OQ|KPwne?XwTpKYZS#L5E@lGvZ%KoskslD6D`;5bQ>cE^hs=>PC+
z{|I7HlRudLdP_O{V@v%}75};!4f=m*OJ!huDMw!l{^?&=@J&BCN&l(rKzoX~I`9Ah
zJT!l$rT&C9|A%t)FO=L%O-nl*wPfCA&xN}=X-iRCsg#3wW9o=X%mei%R7{POi|24K
z<KY!Rva0lyjb9xboBJ#7qq05x1gd?+{78n#x*`yeK>-N5j8b*AWkm#Z6pE`08TgdI
z-AiOUq@bCrj&F?f%<~D8Bq%QeY7!r9#~asKo>#8Ztvp8E5^U@jV}pY~TiBT5B}|xG
zoeUM_L3@l;&b`rbs-bzFI-aXO*X^!u(J=a#qCL(Z;zy<5MG4c9Q42Yhwl<8KqC|k|
zOT%sv84;yOjRc8Ei#|esU=q?+;w?-^3$kS<?FCSo%vChhI|)lhI1(X*I4{`ArmpW-
zJ-ocM@z-|c*Oj#vIcsRW-NsB+qvl`bY$aE`R-bme=s)Ol+&1O2E?42|Hv9CCJQQMY
z^ER1#-3=V1RIyvFcNra5Z(gTGblvI9dp>TpTyMU?Z`|iRb<w*tFd)l?H8_G7X~B^y
zok~B}R+hFBH{<cRtY5lrxG%r|LU!H0`wgG<z7xvpbuGs0v0WDYhX1@W%=c>)obTau
z`rG{tajy40i)N>Qctkx_(Xr?fyeJqku~>uP`;0ynC&dqDN<w#<6a*DU*~tiV+Ws<Q
z4!Xzysv!>~LnOT+4^ojdiM`IW;^Vp;4a#hYr-^V2pJbyfC~G<D^0=7D`Br7gxL6rj
z>55W<`NXlZJvS!KZ8J9YlhLBd(2t}3vMsBC$7Q~pWS59xx?dWj0NjzfTbVMZK?4vm
z0=FyHd#YYY`y^4o8rFzVuu7xxEpd3U!y+Q9ot8P$B+L;l#LRbmQKn;VT-geZb(yZR
zdFiJ?1jpGhuu)a@aeYsv+R1xkX|AdR1a^k(<rJaWrG{Ir++~<$2awVhc<#h!w?S4S
zPYT?{DxBzQj`b_5HX}<>G((^wgOA6fumzeI@)~w&JXG$XGO0>*Yefn6C*D*>aLNV7
zBg(4MN}+M3G<fj?T4f~G>EyaNG#c5e%o^Ch?>{Hq>(#Icl|-2jSPH|6&8AFXpI?nN
zQY1rA{HKa1CTKCVhsNE=c&I0X%^XIB7_q+TvdM;0rc8>Pvyv4Vl_w$1ny|EWXabW3
zmP&0O<FY~uaB?If9t2fO#xB|MNDiDiV$F1H%RZpg3^(e<TK<fFJSgFLvG(A)R)d48
z$53Ks1SN+ZI~@bJk`@x#n_bip5J@eO(q~mtp9HJSqpkG7{rW6NUC;-mtjxo$)W@vM
z%irkzkx*efI+5h0C)QrWthvJFRjz8eYGRa}Ki%UT?9X{k+kZ&AqbMv8gI@`!Hld~S
z<noBYA+60yWg#10?sbuiEI!TY;84$jtKBr;TXgDT5NK&dQvh{w6!sSO;~?mVQ>G}^
zXO>@wdLpw1?6M4Ddir>HOWQ$f2FBq7MiZhTnXH0O6>abWV<>QfYQLgp{1IIF*MnuW
zsnj!o5iv>qQQH3FKL6N0p6b@yv06O$-rfI0g7eK0wC(8PWUX+P)og}UY&Dm<mQT6<
zbGwQTKKa5o17+36J)P8KV;ZeBw{hR6Wa^`G^rLd<L*Icf$&rs{^n*A0EkEk546{Tc
z{_QgkEoO#Lp^xjuwf^f?2Js3v(ULW!7+0p&*=8+e)XT_fSL`QV)c)Z3@6hjKONJzd
z{R&uWP}M$^0y-?C!~oU%Z2@&(d~fR5+}6l)%SNT<Y^I-8U4#`eDRMly1zZ7{iRsVz
zJoOY;h=)n_S_?gPkwtOKgG9>ZlO55fC|C_+yc&J}Gs<}!8iMZ}WxZCnq=F-D9oE&D
z)H32?R7^|dhZGJj=l6KRCnR5_Ie{Nn%t7un4k2-8cVc=H2$l4gq_-Hrp(f-8IUVtF
z_1f(hkM@dG9{Y(Xd65iHSHwS<>}$Mk7nwlcu8N>I`m{wsAHzF8=E=uUb&4aRMqd1V
zZsFAX&CgtQ;1$zNjq;Xlk_U_hX9H%#D4U1~VskG|_|-1*og?$94XJRs;ZQ?g9NeUK
zjs|txT;rcKdU+fi-k>98`G9o}o$^Om*sZoWC6bXGHg<`Qf>@?8hDGUxhTLWF;P*Y|
zoMKU@u61LoizC)yInLu!j2ZJit*CDcdm+BEDnmG#7hF4vKO-lMCdLoA4>)g)-aV5y
zhP@KCtvc5*AG)U^X3V`0t(!xuL-S|EPc-c+{cD231kFh#I`D%jwjh4dXd5TbjL76C
z*x3fktCk0Uv#c_>uP*|&$Z1q&-i!n1InSLbhMlwI=9kv8T<c{N8TG_ip=>Ly0v*Pf
zvxjN{Z4h38hPyRUXE=R<+<8Xb;nLZ8z_VjC^W)8AU*Q9(F0s>LTneKvcv3tdKk5^d
zc?C6)jqmv(U5e6xnTFYt%ex$rH10geB%%lJED{Ws9p`$UqD)7*Y-q;q*Nqk+;unZu
zyaj(Z<luk}wyZ010k9m<+UAQ)5a>2bKhIC(_5dNRpv2u<r{8x4a?7PvS04h0-~#sS
zJ>c7?Ek2FN8~kluq6Kd!5#rcj?=ocQ0v`es2pnEIEL~X10q+QX=|>T$1s$i=TndF!
z1E`Ny#@B70F5@%7#>~iXblDFKMf%{A82t)vs5e!tli0x>^Tka)%2ohC?^NH@3R+iD
zKyIx}4B24((^9so0;?&xh=4#O;+%&1XIMfw*L=Po_RoA1neQmc|LrA#^#sKsiw;%A
zha{#f#i?h>zcBa;ZJz{K9Ni`$v<S@0tt_-NuTbUh0=wvQV|EXMx*xFTLC#_rwqV(U
z2i%3SOy6t2GP3Ur_l^!R{0OuS%KKYvU^E8!Q)q4^#Qzh|+(9_+h!<(G=TPes3Q$T@
zo1qXM7=h6#F!lnZ3;v7+!@QI>_!p*K7DM39bk94?&<r{s;1V+cX}@ARy)SS;u)=P)
zq;?K8KN`d*lD#LwQ-j+Xcs>5f2twr&t8r>aa#{E48<^WBBHd(9*+`ry^`HmB?n6MR
zhh#q+93Hk+E=WxbEl}0kigaM=J091*caKudMUZ|kDZC)<Cn^$$4n;u@K_gC+XM~+L
z`;8njdA8v;k+ia-RaXg$Pu*jE8UMtrI&c=4(cv~O(U5NcbfdjFaU~*Y@ukwjeQX>+
z=Axhp%z3GApe6+1Cyre$&hvF3GM61k5B4I1o(08%)}z~L)>X)IZz;btl`V5x2P|e5
z(~EP@f=p=-J#Yw9D+ntnnO-c)O)F8NFQf%RU4wYi=8iF5u_}iQnI7O2d8D)tSXzVK
znDGD|g!B~BTE;4fG|Y2zA+NSanu6bT&kK_7Z=~BDiJdpXofxER-Y|=!4plWpC3CcN
ziEdLn^q?oI@m}XK<1=S61u?*!e(L!oIDKg8O~5!as<c-MQ_eajWo`hdpWd*IAZcU)
z`G=|eb80yV3y{dhuuK<Z4zuRD>Ab=~bw1BHGE&Y>d;Z%1xCiF-;Wmm~kbHpN?iB02
z9r$gH@|gbo%Hy{5oYqX*3ur-+{?w$yZ~oYzw8~=nsiM~k>f!xyv(4Py(3_0bMh{H)
zA*3e6l^N_V;@z;DyV@QwuLi^u*Z`kUJQI+m=|Rhz*SHY7AV?=3C|Io@Q~q%tG*ZZk
ziP9*EnKRi-8<HL7$`wB|tZrv6A>Z0YsN~d78<ytED|^x>1`JMbO;c6Y_pPUO^VZI!
zB54|gwaUkU#P5L6k40NZQu{s;ZRFpyVwaIp4@KS1kx{iGHfT3sQg;otfofvyfQExH
zxp$Mv)3xVKpMW`smldO~Yix?D13zp<O9ST$9spe)gJgm^C<hm*_077cRW%Cg&LIr0
z{G!n{KQS1{Gh0U)6`F<>z+E#PC*f09$4Dwc+2$oqL(QW(Lh?-c-Y2qFoD3%k#r%Ok
z-+KALwW0l7CU-tHTeM@nRVVbuLs(@sFv(EAnE+BQ=7KdL?jUrUl4#DpOROg|Jd(hW
zod=3Re|v(nYX*er;W`*Thj4k<vTAN_*=0C$SbWiXZ?x(5fpYt3jBdm$NwkH2-qdyQ
zKE~xw;R?aO^g$hCD|B~TG!VKN*AJNULvLZY$g><G@T!dajpO(9{o4%0a$yL8RZm$b
z)HA%Hbqh|1r#^P}Ee3Ba@G-b6)N@VX8#^hr3N%A(Pb4Yi)_6~IK$8V4;LW<<4Tk#`
zY7cqbCtW}Z;Evo5WWY7>&L_58+f4qzJRJMEr%nGmQ%y-D<4Q|M_0+YcZJDLDh0g2@
z!WXBVJ+ARmiqrJ2+4Faw>J<UFLFZA9!G%8P`>JWT9cD{YFPcR~%}!M&zm`EW;9Uh$
zAU2@mN1(^+15Atb;T7vwzS+)<GUGJBIdIQs1`(g`&wyi0EK!R0Q^CC(otuoD8eGud
z!^P|Ap8#;3zjH&DKaTw@!KZ7?39xn7a1H{;y?D<ka}VeC*qHFz1QB-Y_5}Mi&f#om
zwSPwDo303V?g6<J;R$uxRU3Og>g2t(p(@FFZ?F@|N`uLviu#~C)5Cpe7@fT6`CoTS
ze$#^RuU<1vZ5ZXc%JzrS`aMWu3zb;;HV&&|8>>QCdOfU0T<Y6fC8+p$pcPC2`$9Fq
z@Vg?h{tfN}jKv(kwjz#Qv6+fg=3ONWy{kfv_Dz&)IjzJ(fCmw+`et?ev9qg4_4fx(
zLuCT|+~Aw?+!b}krYqHYXp>%b#I{xSZ(!9`SG@C>xCbN2!#m}A<6QepnhFQ57f6S!
zQdiv0%n?^>EZtvz%@rn#ch$dnz`1?LgkMwQ?am8?hsuja$<LP+WgfrKtI)6~H8})L
z8Z_&rolQq$+|3_v?zC!4i95StsxDS?)21iKaS`|jewon{koph@(SaIxs3tNaG#vMv
zr@b1N2TY0QgBg^qs~V>i;eO1;VWCE+FuhDgc^&;pRPV|os-DKPF2x>#+Fcl20SU4&
z4J{~l@TVb~@uQ>m@gmphXMoy_#3VSMX}Y*SYY#B?7@WDQ9h9rl`jSPj#}GPG!koH_
z;<-+aftR(g3Y2ElHSN2L6g1t3=;_}l+jtb-FSl)sLI+}OXu3ZO+tE`ni|_}f486aB
z6%B()c`D_!YMOvZ!gHI@xgc5}_Prt-1C~~}8R7WXe^CeAONye+7<X?&4xgsj5lg$J
z`E0Y`wP|O7r8c<BadUuE9*e&{k!fzKFUcj^Pid~vm^-_Kd$LPe`L&H{`gDb5Euj0!
zI;}dn6zj+4KL&>bhx%G{6-BtFMMQ}`VTj|gtUXuj$G+V~Zq8p-qSUrkd{CZ$KsV=b
zKYsq#Q0UJ9<&sD{>lYXR03X_4Imx^Jf1Ttf)pe|p#Sn5jnU5Q?S7Pq)k${exNjX&g
z07Qx2e<b<RAY#q3ap_E9d+5JSY;r>FiIq`Byz;9wo*{ozK`k$ba-&exD<^u07K@M^
z6pExmRq+Nylw1ctxZ09)aOEXO<U=ASJ@3qZF*S8HbvXjNI?&2|OeWPHIG^WE5|p4s
zcML3`19Dew(rdxrxu$>HNj;Zi-}I=527_>Jm*}+DQJr;abyLPxHNmY2j1cCCOC_~Z
zf<E<TSM`1*SBH0W?01exS;<lRu`fh5B&1IJJ+S^qqKXX~#v_{+qEt}_O?X=+%5svj
zyY|$6p*ja$Y=nrt%oq+c)lw~2jH4hSeOOU|Jed+(Ac7;-65nYSkOXDSsF<hN_{)Bu
zLglbN6~Q4YEHtSI-C2M(ic_l}xBhUN_JoMvc`%P8B)XCx^b6~7(yW2L5dt=tJ~zO~
z06{ohe+k#rKG4!)qHTYBLWD>sCL1y!<cc!gp{n4;H~v~^BB5GpF^YWvJz(@;c|gNu
z0w*y~Ipw-M>Ht-wA~t=x-q-q!PrN)hL%q08b5IW09^iH$LDCT{$?8aF;l9hE?jvDG
zwQqP;Um%|4#@k-BpDw%R{Ea!Uo&t3wW^BcCWlqI$)8dBqnIr}>>)q3Dzhx?~6+~HO
zerT0P;q@ojRHd3hc;W)&ETesLsIod(9Vvdx)_g%sJUitloLWd&+$<RpjRrRA7Va8e
zHLmsv^x_GyW=qNTS#CPJK|FJ%O%bZvrrh_EUDuh|4c}~q)T?p5<@0%c!y4N@dDIH@
zg&PJP8JN?KDD=f{g(-1F3T-vopeV5eN+s?d=8QM`H2jGcZ~&E3GFUM+BbBJ{DK(K=
z*Mxs=I2EN@oN~f~3JXECWK=lyE<ClY)%(RhnOT3I@amoUf~PitWu&fpArtuiDn~sx
zza24e8UlvPu%k7l&v(W1@{bVZd1kc4Nv|m&ZkPa`_V`8&=aHG~>94vzY%p$KCpsy>
zT(P)DbB7S=g>uM~BoTU)D@WaSsfTZ{xx;8Stidj@HpB>i-@wT<jLXuHzE9*dS%x?T
zb3>?h#a1oFT>LgKy0)f+qg1M+k}vlt80XkC0m3t%JXqdqthdgM+DLF##%Q#2$)XY|
zO&uFOicA43Aka@9R1iR;#?*tpsy!b*iq4~xI29rmR)a47n=b53!e1E`^r$E-UzNf{
zrH_WgI~%=no$|)v2iScg=>#K%z7hD5JJp?vLG^s5)?nB^5p36723Uk4;9bqn2mytH
zx6)u;bJ}e8;+m(}NS5iJ8aE#rn$TJ_tm{At(9aUc`W4jHGFiCrN-am_eI|BS1x2GZ
zdy#G9{ifS(@Cf~2Xm$d;C@~9*Vn)A0gpHIOr7X2Phx?|gMTBj%s>;;_RI^_hc9l*&
zG(#kV9!@d9h<+NJL}P%!SYvLS!vmRq-efT(_XM1Z_6IR}z;3LIa|DUbS;R?@o`H8R
z4FANWK^6_0I}#oSRuGD&P$51m9I{nV>lb{M9_0fOUuH5Qy0#>;)xQJthkxwXk6sc4
zJWsM|S%WM&Z<K@6zA<Mo?}cetK25UB_f53q@42wPBGKf3zot7iVVd45;RQbjE9Yy!
zn?aam4pVnZ)y>bhIofZtQJ%j%*LiE1g;jWB1g`1C6P~Ez5X=F%mloU1`lY4J5t~L0
z3-L14a4j_&J!cnOU>DY!#XrKg_pyDn!4W<_A$_UVBv}nvGXK6Z^9gon{%{IMJ8e)=
zzkLvW2$R<HbH#{;rkx|mfAnl@TK59~n_{O0ZGGyD%u?BAbJlZm1FRFNSvzpm)Rebu
zRPM^%umzdh_<#k3MNVDn`V(BjHenDM@V9!UE*_-R<{$SO`<h~myx*h2v(H$pIF?2H
zxoMr*aOO}^k0-3RDJ>qel{(LR7`B6794V5pN3XaT+}y7HkrQ18c%YVHaPWSIKZnS?
z`Q|H)($1t#kSHOXgjS5^kW?{@cmc?#ObDCf@XjWryC$%x<MleV%rquwgTrs=Npb-c
zyK(nGL^Ge-_(PqKZjnG%2k0-kDVblBD#6RC6cmp-VlJqyoK38PKP=-wHrJ2nra{k(
z|E4CO!r-b38NxQ@Vt=8^ZsddoBmZRqf%n681S)LPWfM^-j#WOVX=2B%TDT-*oUjSw
z3|`T)S>QQmePt|RO;sZ;Co(k21ogVPyT7M?++WLzI;FJjw#=y{iFBv=vJ(Lf#$H%_
zspq+U_Fed>1-c?hMz9jPFT_8S@OcHi8N43sL3w;aj6LAQu?Xp=z5~U_+1t@FR4m+F
z4Chn=t+GaRbfS!zM`A4rfu0W#9#d|CWSYas`SxQ&<oJCI==Z`u?XHSeFWY}zo^bxZ
zCr_CDPn9P!u^Im;erJFAVvGNKcbWD-$rG~lZyjb|ff_s}f90db{wq(z>2DWX{)Ifz
z=<TYXB!czC%zWM9>}uxP(0-Z?mkArRl^GU+5O!G`M5;lUA?hMDtE7D4QBY#W>3Izb
zT|hx(cx}ju>WQwfYvtzQH9Zj&v{7<!^>+2#@4h{HrFCT9y?ytsLDsF1v0Y!(Q>UDh
z)j?RMxQJGTuZnO{JvS#s+N_w2Spq=c+wt?h%)ocea&Y_V&3S>E4+eY%{rk-%pO_1m
znmcj!`NjN%=Y(UF&_waZt^OE0Ps`Bubl2+Elxx~>u-fzWEsqhO)wT_s3G|7^z0>UQ
z`mT5Hcr-<K%;s23f!QU)GJEdiRg@3jZ^~Ei=hVu{+4Y90=nu-DoGm=kuh-H|O>Arn
zq|C6ilfRalLIz=@%RtN43bBvKGZTM7VcXzjTUkwfoY=TnX@J5|V(X}ah~ht|B*Ri!
z%CZ&N0e!}hkG28tYU#CE-RGM`(?Vlqi0yCeDQjWXaC;bwn24CrQ&?Kx^uifAd6!pP
zYgm%0`0|%CE+&orq@@n&P9#<umG;!4ir$uLCOcQ`-);Nic!5%8eb0sa0YNnvuAOI)
zHlJiMMY6=t!H95SZ%4}OjdZ=5Lj~~6J=k5eb|W)amZ4l<Wn-|XL}6>qgKbLxU8;$$
z13rpjCYT_hCkko@z9)HdbdVV<BUYCDwr6kgMwzRXLq%_$>9bT>=g2J$S8s04<sRG4
z#?Z%ef3^`?F}+t<*$?4^knMaV<mk%<^_tT3vpB<2OA9N5xe<1<F+HRhJKPN*pwT&+
z_H==QB6BgsHZ=f(l4#I5kkCxf)AD0Cjvg#fLq~zrLm-nI!*p@q0Vd$Y{WN&AN!hx%
zs0nf4n|}NRis&@ZFF3|YAA&JL3LmnRR`#%K@dX^9Jxip9a{diDs|NTurLgBXjw61A
z<~={;1_78LnqNpcySvOJ_jtU{7UmtS>AlGoKK{=e0tC8*#p~z;=K~JE$ZX?Fxp4;C
zNtP6s=e&&j1K@jxJ@&t)Re}tV)v8m59TSWp5#WWc1U)tl!R`byA;kJY1{2@`K}P_f
z6GFK?EcQGDl4%%#Ag5wJDv(73`UbsH=^yl^kfI`_8L5~iK!<4BF}V4%Bc&g-575)A
zehvSi!rIgU70{^(VCcVxm4#S#z!k7R4~l==kixx<3~vF2`LqhGAvb0SGOc3BmBo+K
z_Ty?LsB0m707C5ayJ6?QfVMFy?=t9!MyB(H5XQH|PB?Yy4>&55b=IkOx4-2d6Z7X>
zghT<rKe_QDu=Q)-C;;VG)j-xve0XBWMF+QsW#!RsS}!|%0Iv%X?L;KND`eajN7$!X
z$A&P@9Hm5^4@ZcV7sG)PRu+WAmm4f2c+U!_sujm4pUom<8SjxoI%9twCDgx974l~k
zgbViiffK|i52sLwG%!vQW_BPSr#3K}XHW4A*(i!xo4fnD^&@q*UiejqIYs&_Yn9~&
zSPNS#;Y+~F(9~MvWt*7%4Jk9a1P$At3jPihco@JD8<54FOcjqOm5icUmLM2GMLAK#
z7!b=Dxh4;E08RABgu{<&UrJ2=lSP;_=MwZc4wWpq{Qtw*Ielju1Zh0BF|ln-Y@3s0
zV%xTp3BK62ZQGvMw)IWy&F<Ci-t0Mh@vDB{(|<r$b#*;YXBq!e%cb0YVYg70yqp%o
zKE9FiVwtmaQi0k>`cRRCu8@sZXol=i$WVS+iY2~-5fO?9DdS+HZ=XNpUL_8K`KLFI
zz_;=qB$SZDW8xpV#%P*+=U5xLVpd1CuCU-`$taWHn==%F`i~InmbFix-5X{y<RM{<
z9^oaa;-A2jM>%V6N?qAxIV`Jm#(7qLiAk4`l(RL}aTh2||NNLRR*fLhRD|n+pGp1T
z7{!L&VFFd$==Qe4f*WxSmP2?EH$oqTJr+?=hpq6Ift-Y5Oj@Uz0n0KWoDl5M;UsL-
z_UF3+=!nD;LiMY7Gq(<ue>G$L{#kT+u`}EjHc#jKeHoxY&j$F1`_zJciJ^qe4)l@J
zFzgY*9o~rHO9X!^x5aSnilK)qE72Yw;1Dh^%qFQ?tKfh6HSW1XO?0Ly5TU4)9qmrU
z7Ac!!hjT?s-zZ7gmI}schmV!S1kZ1X;d47O=LJUrh;9*(TjNkX`;dkeId7G8o#B;N
zHboZMTTxv9GKl@xZ&$!>e8=(NR!zI<3VY*8amI!gE?)LPGSI|Y^!;?PAy+B|8(=nE
zjvNgLXMTY95mlDE8#cj*o&#fnEW;KDH{wG1hlsjRhGKlH*zK645(%O>DUP1QIB;fc
z@ff$<vIyE<d}XU5BLWl$8BG#m#AwaNd|0qAUxf$T2kY7r!>=9LkRJddb#2k(uk2q{
zD9<YHU6lw0EUEx;_1t+r&m{1VFnAu$l%%H%_G^qp=?hVN2cPwWP0+CK$n+3a^@E;w
z`eoN~2PpXPs!HDNrA2?fmWHI?7ahM!N0+xu!MC57ujBrp?^EI}@7AGb$iJUC+8@eu
zT3JYQTJimcQsw$p1vgRe0M@F}iTFizQ-~lmLVyrDYZX~c5P@ak)<*F5Dc{He<y6R{
zh$B&sNOvQ{MwUa@_=UwO&?D(NYfzXk)=1pjGx3nuSja~NZnK`aB|ab##EBEN7i}+Z
z#6JLBVG$IrSSab&-eRDjg6C}BhP2_U(BN2LdwFqr$0JQ>JaS$5`i;0lj6Rg+crb#S
zd9A~+b@2vqBZ~0AK+4Fg7*FuIe^q=k;g%#qAQ<b92`kp(?qLmTU(;N(cWY<eijwYf
z8t%H>HY}%APF4C~ogOC4L1OhON>d*WOi5uz0;oo+W{%5L+%^4YX$98`Zth;kFd8iq
zcM)GvFRr91ORJe8O2iwcn$RpU?>i~#uswtO!qZhT+=wBrx*M%HD}Zs;6gghT6EKn)
ze*fo-gA348WaKI!EF}#JDF*7i6kpyaZaTh4bl4c;R;jF<WlO*)-;c+EU|5tA+0jL5
zgTNwXhQush#0f5OMmbq#G<O^;#0;cR01Il{AG>X2nAop4B`x6f3!Ht37{524avcLR
z*FB1;Z0?8s9v8+8r|Xnp*p4hnNN~AF7ON-qvLOUs)b{|;b6ogac@j-AO<frHm$s#}
z_XQ{>s6Xl?=mB=`T4`B*JxR9o=o`iy#OeY;qkVi-=|==}&Omw0N~hq+!UOQt6owk_
zeE&?<tWp1c{{_h3PAq_K9|DXA$j&x;^^{o*p5-xxE}KP^&5U?EJN1t0o9tUhm2t9W
zjh#8z_%x7Y5RdBbiPC_)ETYn%h6N&dPm011Jr({CkEYL~eQi?}&&_qY*OVA4<$2Xv
zXL#LQ!tu?yThK21N@Ptzlu&EpQ$uIFjOzCS^=^x`N74hOG%~^YfPjtK>n|oc3Zp9#
zDl<ZvQdBp=T>vmMi%28&spcUgqO#KRS#lfkiAAyNbeW`|68K!Q(k_b##HzS_zW6{Z
z58`|NruA!X8>193T*sgB6<MXE4MASkARR6F7bjo>m{WqYHHb<kWh#&bX(sM%E-!8e
z#Tjqx-+zp+!nU6nHu)Xy?h>6UJZ0c%gar3WoKo##MmRZqRB})Ko1xy%n81tBhaHrP
zKAEMgpxYJRrj<5fo~)RTr$#qXSS(ioBft|5<z6B&FSeyo3kt^eDHP4tDpNQMsk^vb
zK2&&pQNbjf);qskJ_JH8^oZb?Udmr=;8CE@pLKdkCIslq5=q&3^owZi7~8B66$bor
z_>FVXmTl??N?NF(7*i8o3*%M=ffaWs8H$}{)kiWgD&X9uq`Lc>#?Ps%n<U51(!SDQ
zA7XF_l6~$^<gnHt8V%pJg;??gzx@z%j>f*%pu_^}xOAw;jDth6yrW=@Qw8L0lN{))
zKvv`r=1w7B_|};MJIqDO*+>Q&s5h(Vy7;%nEa_p8x;+Xwd(G=PsJE1P@8|Uh##DFO
zyb(`uZYyUuhhN_vBcGnY7(%$Hml6D<s{|x`BuZR+cCpnSgnlpX-tYqK$rlv<P2#Xm
zBQ&cS2sBjmLl{(u3QCCvn9Z>1(Sm<*+lKp<k70>@T$vHUnnYe1N!s@lp~u7FmRjp6
zTSHL0e;bFk%BYv(jC}&fa>a*qqKFmiQ2aQk^^7!)i12sLu?2q{%lSkf(DQwj8|UDn
z{y7xpN(7kCdhe6yjt?P}1;O|C8E6|l4;P~}nuGUB$O#RM@&)tRF$|LduI_A{BTn$(
zyQc1r!1PA_TcUl0vrIN1jCX%!3JcV^c^mo4>b{j2Sc~h*^3IR(8O*@m_@e(SLcbfb
z64f>!KwZI^02|Il4E^<x|I32T`WhQq#aQDq@_>tvXpLoOboRFgAG#uoX~?r3ht(g&
zOv7F6vvOYxz$3)2@6an7RCi10R6|C}$YUd!1NN;yvoee)Rg|4DTy&Oc%FGnZ4n~>q
zb(Zu8O8r%MFOi(iYQi)<`;ec3I!7t1^T0l#LvUf(A81YvwjKQb;zsBdiiHE8eJti$
zoa`!lD+`HCOK)B)0xXtZb|1w6f`fM~@OZCuUkKQD6yQ>TcaaIDaACRu2y8|qAY61-
zASdqtxj_Y%)?(HlNqG3KM8bgb&w`|+1#1At1jg`b&3Z9o`T&ghnP)gy&_rPmo+{x(
z9r0IMBwpVkma}rGTLC}q42v?T+}A&1y)4Bc>UEcP3OjN`bmd{)p~R{u&?xZm0nRu+
zbWmU;`Hl$2CoPa{CfNW;fX0lvz!xNn1@{FzgOp59<89R8>-R2AYiE>iq2owLq`o;Z
zgV{Q95}}Qm7NHHvrFQ^Ds`*3xUgmb|EP3~};2m61373P#fw>}QI?vA;qzCzLDi*6{
zV2IFq0jM)d+y+1>)&?nsOL`0zLLnG6)PoBUCXk`KkfYE%TsS<2IDq8GDCdjxuZmjj
zls1gkC0P-(gSG%p*OnYk%JA^no706|D4%ZVEdP9QzC-nbpvT}n)n`s0J##x_HOb0I
zr3@fnL&>2mZ*xsdS_Jr;Y2t1)h*{s?%GAS}qca=zx}tP4&vz!*Xd%`^5c(@U@l<|N
z-h>FVDK+HM7$Q0yW>}EKi1aUq<anoPrtal|65qn5u~7%fl8aM4P{Tl`tDWLbC>^_M
zHvA6(<UWiTX|sn9c632BtF*B48p0tLhnE$l^r>*ToWySKzwbPRAgdf#5zoPkl7TnB
zIlrA-jY!e--!Sgri9P}n<0&fJM!y<Y!ZBAH+~20ypNK<7>nmG$LqN6_9K<4&a-P4=
zad`w$gBCd3z-!-OOpnko&ROhU%2y-4rKoLcOnYm4Io(t7v1*Lq(6Fdk(cCM*TO32w
zAW%3X%<Tdo8OJas1YM81HVAPm#g3^+W|$V?uLUT~(gOA1k$Oi|RNuYlby4EtcLnjp
z9a3vbl21x1CJJg{4UPYh*BXC>e7`gRcYMcd%8G_|qC~A-(6fmsdgwkJ0!W=25QBB;
zAt3AL8$LP+w1-A^+w?BBX|t_$qMQ*_j7zf}Bc#eET*buk%{xMYc<MM&VX-Uti0W_y
zp@m>g$%32+_}&Bmbj$h}K?C1z$$C*H!_4XvR|QP`F)(eD*b;06C5$q8dfEzL30-~5
zxNcC@6&ArFm=whv(2yIIfByRWP`yX8H`myZLiWhTs+meN)Qlgx&m@UiK2$GQF=~L1
zUPkzfAvE7hPE6+~)KVcFLXeUxT5{Q%5WD;0;@p^JzS!dK*&Npg^t!ug7tPwHg9$A^
z5j!^b%iJmEt>e$8*`ZPX7$mk*@bi9Rc;6KnEt43?pxH|!Et`TI&hM;xRJv+Ge>2$J
z;~51Jr~T*%c>mVTF=XmQvz8Xa$xiQ4qLbuEG_rysvm;gwL!#cKR4)qCZrLm&+9B*=
zsqP|VGruYj)!p^RzMg>t)@M^M7@D7p+Nt;l<ppIafotqr;u%4b+ZArtQfDt74;HIb
zs0=>#J$SWp?P&fQgBT!Us;m8`+9G1e9aX6emmH@CM2Dq(ACtoIx>RzQ_e-#55OIR3
zzt*Wt24|do*{#c#TNDn!l9EH;r9xx3i5C?c?6WNKAb7_G-ws_y00n?Ti>Mm+IjLlU
z_zeX(js*r9@JZ#ZVT6&b3K^*dZ|CogaaQl&11-26*{%}j1SA4%bwKy!*jl8=6lcWy
z)dLnyurMKpObHIyt=NX;xsXQhczKR*hHpq}LtZeh7Jgy4^XqlPm7e!M2NIie9Aa63
zuaX6(b|jB4mz)_u8~$QQxc|HP-e`OedVpK1|29w8<{2XTCcH~7NgU}~Dk|RaV6H%_
zl%V5N)Q=4HM~lz)87jk$WOlCaK&W(M2TZS#bZL2c{`W@8R1unJfWQ?o1#+aC)XQ;!
zA|4o2=)p!D9%(5mCn?D#lYWFF!YVQ24K~y7LYnDO<(_eFf;;owC#XHV<lO`ko_<ji
z{x&(~H24t-Fwr#LIWbP_eQ$4PR@?F8dk%lctK7LV6ry+u^3WF06>wUs*)~Zpcr4`v
zhTjJfh=Y#7|N2@y@{N6Dqd|c*F=L9uk1;R)`%e<2tKE?ie^tRKwTIG>l@qpve@~>5
zHf7YAq^`93?_yoFSu=s1Q9%)t;lQh+UHH*ccDoX#9H|DL4yy{3%OO+HM<|AXeji;v
zKTg;9D1C8>k){m|`3lr!(td9WmypR3S3-Ar0w>l@oMlxS9M^VikbA{_3XhUy=SWlz
z9A8kxr{(Td<%W;vs%CMZ6C}nB^-WX`ZfTuwF?4Tq_<4zXSqOKrBJ?K)$>v66vH&2X
z!SzWI#u^-cDK#M8OuN1xk@F2^s+oQi9Q7R8GWzj|l3+X7+JN7`sNxL;1<}QY#6&r`
zns@P&{&J4eyL^cj2-QOIaLNe&BWY<AgMD6e3gs{aKpQJRVxd$T(ZaguEK-CW$F-8Z
z(^1-iMi%;}1~0`!?1!M~Xnod_{&Ma}MVy{-)4hM=3|d8siPZZv#qR(M6vxLx1}7(%
z1&4ApRd}`%qAE@piXFI?-v3LSIJA!mGZ)Q9C(ws-QqP<b-1dhi%Z*)y>&mReVV(9H
zaJjuEXMhJH$%G5(vYRNaAWCu&MbZu$N6qeMs`Hdi-pZdjPa!nji_6Ewt}G$cS-qlW
zGecSJ<Gz;j0U_=<YxxWs`kMCjKj=R=i#8IY5l5%~vi6SQE~Q!NS!CFouO;_o2IQLU
zuX|q-qX^;{L_v6Y3$(|KRYlO3-ir%hnx^o=D`l%PP(%)sPs9DxW>iU=trio5OV{am
zI=hy|GH^P3r`{lf`G-x5a7}hZEI>&~0|w-%m#VK?5i@=LutZBtk9-)SEEb9(-uK&&
z6Ch4G2tfCqERYbQoC41J3+!E_*Qa2V)NoAk?P6<&fdiLu!gqF|_x*>MBLjb+Sa%!N
zFxONmmS9cWOSdfL8e(@rT#EAhh4x2+C<Q8l+FQXYM4+R*7KAJ0muNEb*P1>i1S$vi
z!I#m>>58Zso*T$0lI{xykFPH}y0ori<Vpikb-%V$JFK7U=)Yf&xZ8Re(k6SxQ;)sU
zD#ty@7Z6``iU}{r!W<w@WhtH#6n#ypR$=6BkKS$Z!4SUx^1Db%IhNCwHReFSyDhj2
z|57kh0Pn!B;>Fn~3JN5jwZc2O&k2U$+xn$!^!OvJ<cG1`JA9huMip4h5P|O9xWad5
zY%(4(8Xlt8R9Jg*?xFnU3jPOiU^(*;K#24~`Bt($8G0LOunU_u@gWj^vf^US>?dam
zcVzgp2Ff<{uF3wEp$o>MkDt1kwmP#H8EP#n<<C0Kx~-peGpxyhz7fDuz+9@y(tSV5
zyJDUG-Z8!iCDg#ui^vqYz}Zo@4l^!Eh7XIX?#g^em6>wxY}K*=`T}&*V%E;6CDa{X
zfOdadI@b}3N9^o_?=0MvVc+uOYYBh0PFw^XN0ybWJ@aDF|3HYe3-eDKrlt@<2BBI?
zOG{-I#b*sX(U%aFj8xHHF6-Mx>Y@d-as-gS{_i#`H~!!ernYoT$mWsHMojZla=Ni}
z)DZ1{hHu~^$VdrH#3noNmOU!7bQB%YwHA#e)e1dcHstqigI+?x5%Xees#Hy2s&Bjp
zg6o9_>9wJqrzrl?mDRqnZt<)+P%c%ZdI_L()ma4@k|WKrJ@7$$amO8>PNecKMUN0f
z$;zGm0{E5vawhJ23=L|Exs;x3)8TzAIW?%FN;oGnX?>B17(MyO;S<QFbPq1i7DlRQ
zRn+bh{wLL!M&!BBLa^l4m{44+DL6cYEjK0sfic$&ScH*7lcQ?KO#v`5CS!0Km9@z@
z*f;-@a@Ivqq$0CSXQWg8=<+RsJtom7hh<~VxKT*poO16ZKJWG@Avp(?WU`7f7a)iM
z>MR8_l~fS=(5gM`BB%-22&f5EWzZ5mQpdA{pY^rGZ4qD_d8x;LUq18wNr-*Hgk}DS
zfY9(02P^o-2vi)*rk517MzT`vDBBxFW+tzDKmCRVjT7sOJ_by4<rncI=`Pnoh~XEd
z^&CPCY5$00s2hIi?l3bhUlhCuMtt@H1K*IUhY$neR;~g^Ge^n(!?@f(1`%eC0>!hU
zEOlmi?posvr|ki@Bb{lsqb&MJmkcMKEt-?<?4+Mf_@a_L+uL<aJ&Xe5Y*tVXh?FXH
z%u*@31x|<(g?7=xZOmEgfpEl%l^0M-nf~N4SyEsXMm?v&iPD;0@Dyr+JiZB@iq;JR
zInsNw<Uh^REF4N?vXDbbSuj{M2?%2)AXDTlNS8G4ELF|_qDIg3jpB#+(~c-BxR$M>
zdPE2-IQ_Hb=;%@H(#4EE=<E_VHa<62)Ug_h(-ey%uUI5OlY_TM5jMlcY;@>Cx7R>a
zu1B)xf+RH|#GE-uE<MPt8CF&}BTak8QJfjD3=1(MiIlPzRZA47$gcEIJ)yN*ZjZQg
zsWD2QR_js_`*lJq)k<n}U85szk!fMCJDXCaIBe>wpMa@}wd_z*%)ay+rGTEehq8p!
z_`m>!F^M8(_y8QpZ?@}!(Gzy4F<E}BQAn+oa;!0VdW{b+-Awk9{EUBgfG8Y94AjaX
zD?ea%foGc2L8m!UX{zN`bBgp^)@#rvMg}5qCxmxe^Z>By6^>%1I>qw3zlDMRx{aHP
z*mlV2zNy|%bKq!`^U89Ph9vC^WLNOOX7q+=jj=FV$A8s}9?J5H^(5x8SjVfoV!aG7
z#tW8MpL95M3qWtBBQw!jk5W1@kRtVG<|#yg-%_5+&5{h=YSPdqM$0OWZHURKBPq{&
zNy--=!eK<zdt?lp#j`c({m$T}T|Lv`jGxf4d0w)WaN9I98U61|V%B`C;g<c+hC2>J
zKLg>m$LCEA+ac1GNw#GA@KqW7)6uxcjb|Pfv3rglGmeQ_Wx7Bgv4|o}%?J|)6*lcP
zilhZ#6G5pmEqX$AwfU?_lS0LmP|8%y62;FmjwNu;J;b6XE;M^CZ0eVUaIG$AH00#6
z1QmGlA9QGM`)6QTIU=G4SStncE5(ofm9Ybve}9!T<0b$4SuF}YS8<T57#+RYTZ-32
zRoR~H$7~$tl5dg1y=}s(s12SPk!bp1WoZ>fw8ZLPT?#iGrlLl@9abR%WUhc4F78me
zTnX7%f$eZoqwYz+L{cH7L@U`fDQYP%?&$_Tg85_W;R(8z#>}~2VEg9A%vrlc=~WuL
zWQ4n7N6q2s%`=Dyw$q7(x&Kowsm^C4P-GB?UQDryWU`ZD;0C;?MgJ2mz<RYNWe<wT
z1?X5rplUByr@_$W%8lQNVdRf}*Jy5N>hi8_XX9L30Sl)kofWv=3vn(2=*@RH#o03`
zS3XcyCkwK?x!wTk#p#o7JK*rOivX{uF4}lz6(VQp`R%!*i+%NuSTLNGSa~S!u&QYE
zCxKF71-MnzMF6foDy9<oBJ~v#`>$*zG8c0+2DmLPQQh-E`rhchM<J_q>g}_|hIovq
zd}Z%4xrq^SSjOU(E#$EWDbX_HQB#7QcywseOQF<m%$eI;Uo^}xGx0s<xYbMJkiXw|
zc{E?#<H_keOwu_a@OPNNbQmy35^BU=!0R1${MoH;*)A`isMa0$UUIOsHYuC6a)F}P
z7ZH?tOL2lVT|D!P>CY7VI=+3*;8WyJXNr_9Xo_DdN|wDW8k;asFL-Ie`46|krt;--
zP7=eOriHQmc1oINn%2I_o@U=#2v)z>98HGk)HJI)XjMBIs5F3nYWww{H)`S^#-Ke!
zB3XV$)@n)gp;gbG<SFk(5rnxn1iwN|;Le5ce_^KB24bNK^vE3MgCLbVolXV)*uuNl
zvJ*NV#zu@8wQ}H72tELY&PT$2Gn1BPLER05*Leo{MMoxmOsEnvA&i^;Y!Duse-QpH
z)AX39=O!eKyhf<{^tC}a1ciw?T50Kr+%3GVqg9<jkPg0a74y3cskf`rnuZ@|C^>I%
z#7N0dbQ3UyHiJq01~cPW10Rn_UXWIof4biYa~Iy0kkRl^ioE^^WySp#>>>7q#$V(O
zQ21KWBPIH{(kqa3gO~pb_A5}S{<0OEtN3m$)Og)^sW)SMoQg0eH7~VlQxoQ%(`1AT
zi9DibKYy(&Vz?u&_n|65lIKO3AU#CZvMKv3qd#=AD}O~&p3AZ;3#y_&cw^M0(trH5
zBPhysb&H!fM>r~&`}SL*b>fpzJ=Bo=M)tEhW;PL$JDH$he%c?C4Qd`!><=eQi|2RO
zfwjB=>1XO}*TVFq=&=Bav$WLu%h;WWrraNeswIuK{R$<==Lsb?W+VewrA<^gJbTEq
zUm$D=)&0zhAUERAmBR6{EVr3?qLSZ@OThA>Xo~*&1OC+w^2(=Q{^OJ7gqSHxk*$Be
z?VFRRPqpn^`IfEryA^e=qG#H>oG4IzO3c};W6$_*cjw|{k$rUcrrBk}zzC^j42PDW
zp%T-h(++aGLOW1!rMi#k?DuZ2X@wZ<zhk=~AE3KdV6LIJ4Wt<bQaRPWFmv&)Y+vnb
z0M*qtG(s?bJ!lud48Q3DktZ|DXoEVh1V`UpOxr}du*{Z$csVc06VY5{mdKy}S>lsH
z2{l3-@O~~CM}*r8`~*Y=Y>#eZM6!`)&w0%g@ZK5J4sX15z>_gj<l!Q1*oV9-_vM;a
zU6^G*<7|*^A#0{#e5>(xX8SXe-&!gSHxUJB?T;;5Wj#(QxZxB&N&&E5m!gE<!%}^*
z+uUK)Oc|2QS;rBg?Nr(E`Pp+wO4Fy--;jmJ%ZU1<yfw6ONDNW#&-oN&O}>d8uQ4R$
zhD;BOfS{{6?uc0XbD*IFOG|nF0gAcfTuZv7?vaRjhhRh;nUa&jlqyknH?ug|M&-Ih
z3}+ppD+Wfa%>*@kVF|5$P3A2gt0isHVo@a@=FBH-<WW2+r5^UUjQytU0TA;%!bOIC
zF(e2=)K6W+?=$JeV&IJF2|5oeF@1fVvmiZj<X#{`gD-;Q?g5!}1)|b!?#&!`J^Lg*
zNwMSv(1-kL&Us>Bk2oaGY7Ue;E<BR1c?iW_Z=Q;Up&wJ*^eN)hp$N9)WqZiVoW?mJ
zMZeryftz)g3Mg0!eK*axk#tgH??0(zg{n?jyS1Cnw({j~>}<U%dF5*}XcjulGSB$u
zEWPY(Q|Pa@Wq9s}=XcGn%pBGLhe7F~_9B$+yYqo5I+5m0Qp-1J(oy^uyNF4bGfNHr
zVy(yar>xS;jnXlVhGkbf*!}FGh^UqRkc4tc(*LyOfTINk`^qcaFP9$>+%?odm)mTq
ze0IWJ1If*Oh-#F*8S+oU=am-KHJhEaR4))l?X3AD;*_75Z1nP+I`W+F8FmoLO|D2%
zPwED=6F^MN_L2g8?dR(xG7H*?Jx<ZD`7|x=-QLACT5YPS5DsodH*hyNKDp#R0s=N+
z=)Xj~ke|(u&6ORnJ}RYsYm+}-$igqAO5c)%o#(HG(YNcpl9mF05cI<@?1V(&r&Yh2
z_SV3uju-5Ug1>Y3fvF-OVEu^Y`a2zVW6RUa3@p6C=!`q4tgRyx`Q!fR?)@Sj<yq#g
z2U{s|$mvC1|5@DgGj(<Tji?|QNQ{<QICaLdMrtGzNeh*WEyTbh%!6R6a6v-p>Y5$%
zihPFUq14-#p^#jyc6$PPJE`UY<EL#&mJZ#{760rRHoAVp$(JIA&2;MhQ8RjOZimjA
zS;RbIKLC)WzeAnew36nkPc=2KSE*9Eq9kLxz&zO0-H@Q2xEhksPba{9+y5xhH0mN~
z@`KtjYqmDc7PkX^;zGjuxhCdF#BxN2859|~IFLsn%bqt-;il`JKH=(msnfo?dDMXs
z=QnzI+SB3SGKRKkbexN=32uZ61%Nv+x>G|bMNRE3Xi}hEdl_=&y|*R%%op8xO+WM$
z%33bB4`VI1mpm1?C6Daq+b-<!HI73Y<PRhw<(#3%IacX3k16PMn|b!NdYa;*b)RWE
z-THZwCO*6{&4NCOI<s{0Ij#ptLZtAhX-C&!Ko?DO(in7cewEtF5|9vF^ccAv=bt&w
z#i2Fn?)Miok!SXT(=;mEBb9*%h(_rR7b3Cz)8>sM#RhEh?l?uxCXzTurjZT0R1E;$
zLNFEH!S_T5;Ha*N+&1flSt4b;QT=Bvfjrqi?B^|k6sPUspiOCU%_Qw~r|`YB1wOEF
zZZ@Ehyggu$ye%RmFVjL6ZJ3J!xz%|Nd%u<19O$TZ+Av}7E@!8+)$XY&twfH7MKh<~
z=SxP$^M_J{Zye#zr~`ycu<_wW5|-M()cdxs0i=2A6q$+9lQGir))qbjp>%C!<&JDU
zpGh=p$!{%Ff~e1XLh!_F&F)GVAeroy>`PhD^jxOq9N+F{1R9A9C+Z5;!V?K{<`DsN
zc=>AA+I+0ZTDb?_aHqD!GW|Ubl!-QzizZrH-huM9znqhoY|Ec)l%XEmy-Qi2VNO*E
zk=|;cUm>!1Db~`gY7|?N36jl|PS$M2{DKvrc!*Gr#w0`%jlwmd?@IF373C)i(OD5)
zTftZ=P1TM1(&?UdAy3Eae7+<w?PEY$_xfBaU@nsr&(D9I-GBb{gQQ;L4T;bMFG9=R
z^A?N4V6w%wBzF{|R1gj0%u!nzd)$eJ+>h-8x%pCr$qLWSS=`)A;I3C<0~KzU8McPV
zOGT^2kLrZ~m%)K~tH+pokrDd?#pRV-=wxYv&-2Q$zS7DaGe*Vz7a{aT)qq;(@Tj~=
zcT|jI^OWL@g_L;@QynMd%SDYh{jJTed)_+NZc4$EL#~S;bPoghz?hgRTruN*8(jcC
zgEvd#3(>&7omhZ>^q=3?6^lJrFQ!$m18Pur^_2+6-$q$e+BFF3hg`Dw@qbMMc;bl{
zl~6B6>`*U4ro%B6%w@dcG+A|ONoaNa854bIb#j*(L_IcY5Ddpwr^lO1q#!Y7+Vt<D
zTr<r1YRLXNizTOVpsE>ZmFFm@q!FI}HhK-cq-AkEWa*u=xpzhk5|{;fX81_TyjKw@
z&25O^tzJ~AxqM7=cNHk+rlRzIo4$s7cegHb&z119W}DaEz<FLdGwmwcU=>)yd~Q9y
z$A0!cxjzj5yVMgH4Y(3!B0AL(<d-H)+kxuVsq2CD@)R<M8kWnuUe4o0qlWLR0;z&q
zMgPbzkqq1>wzuIvnGgdlOr3xdqPz8+?L^9&3DN_deK43p#U5yX$Ipg&2j;m$%=&|Q
zp)vX%WGXRV4d$gGHRRGA=8+I0_<50P#6opb?DpW@!}WVf3IN)<vBw}+!+iq!stodA
zqCy~;f~DxCz!E{?bUp%X&ZF~MIfJP8H_`7W0(ykASYaq92h=PG(*y7Br-LF+X}1DZ
z=(KYy3-Z@Nm69#2*bc<TI>b>mvFIzueK=8e%JiRpv*n;Din2sHIN~PV+Q>!?8#b1Q
z0{>MR^A6O>C`(6BO$szU8FT5<Z_JJe>u-f}bpOH!9|k-g!!m=61kTCj>x*T<bib&g
zL_%Zyh^3$T%VcT)pq9|n4#<>wJ*Iu^fE-hldv}#el6kaB?bF!JJ+8xV&Yrv=l0Oz1
zZAsfF!Pq-7>2gY{jkv`^Xyl+3RRRs)Q`TR(u5lNV!xaI84#LJlTtKZ$yzViTzzpsI
zUKq{7$A}9M2SWDgF^h45Rlqz4qodn~3+klq9h}^Dx35zhds`JwX~fjjC=vLPB0CR7
z_Mp4~BDqyj%K)mV)a`~Phx(jTS=dSt=PL4fe%7r~q)Mq!pFhD|mvUe+IwkH6e(#-6
zL`=+Gnc7B=jisWgkdE}C3>Qt$@<zli%-WzDzI#N7=m-Y^sQN$QP1ovzU2LajFSLg>
zn9?Zn$(^<U4Z;m@4H86fd@xO%>9v@@?SM3^wvmb?B;3SmugGF{!1zuMC4D9eBfcc}
zl@&Zhp}m}ls%v4=m|!2j%=NpU()$A{50ANFOFcx@Ef<H|xqMp!+-U%WL)mTuSW_)~
zP6tP_!~E@-&~4^lZi~YDD)fN~TdiL{@?VKpg8OALEQJ!<__1UebzI%XpEJ+=QTxmR
zfXOs^10_dry0|ST2U=`(Wk;;Z1pPd7&>iR&;11ZKD8F-!dCs-8kiaD_Q)IG7>>>yI
zZ)$o^h3PB3MLfh?iVg`TdtSi?_!pOg>{2fORd4;^Y+VBbfxOPFFh_#;8I4ZrbZ9!>
z06BirpyW=FaYhXXBnu7ZIV}3l`JYI@Q*mOJp?BTzL*=+|6DWx}U5!0;q9AOv4A#jj
z5cvFZItEo|caHsp54;QRYG~t7rrPrHQGTM{aTeqU5~p46zR@=^4s0L&fCc;;GtLC=
z4W?@cwT?$q%!xGyC-iu_Wn*eVm?3nFej13a9Y@%Xarhjo0<S1|HUw9XJV2NoR;0!?
zx+T$D?Bj>KtG_S8x%Bo5wNInOp8ti|-kytfT$b=Kfv#o0xvSP~xdM;-KBEv@VC3Y3
zFK1xKjdtGk8)(^^A5wjc$M)b2;_M0}(m7e|MJ!*9;6D%bZDVI81XJ&0juq{~Ok8x+
z7zC~2Z!T;Khx)@!v3LpnTE^l76ft=CX0fJLY&49$JsN$WnT-H^>>lkg*i2&_LKO1X
zKPq!vM4KCfy3ynt8<<sJ?BMgA5##RgS0%$MgDFQU=?DJ-?7;=<1w9T$XiMJUBB>Of
zj#ehCZN~3mm^6f)(EORoftXN_VBsEzq@)eb1txGH9WUUGM+&VG_y>A3QXViQFKkvR
z9@sLktxelve@U6m!HB?@)3UaJ=6~$YQ?fnbbxk=)aOyl4yT<SmCYq|jw`svq{J|jF
zgpNUaLtU<8wF%MfU9MuuN>zZuQ56hMYC7snrOuQQ(ls8-&a($;CLQH6$@(4*s%PZ~
zBm%lES%>iHk}m*cQ2r|fghbbZVi_teuW~VXPpNPgzhzWBIo&*uHf<Y^M!I&6l^szh
zh7np_RbG2VEhytH!ZYAU3GWQG)O*?uCfPG7b4S3Y{W@d{C&;cY(v;iRbzLTXhJM|f
zK#!x)9pEXLe%?G$k-mPA<&aPS7>Ta5@u){?wXw}3dbPr<hOCXyY<n|^-)(#I@t<Mq
zKSLgVJ-4L&MrQI|uKkAg0q2(Mp?|xx;xWZC1bpOZHSF=s@66V8RGA$tIiCz~{kqxA
zsP~AvURa=uV3@Nc0^E=O&K8Y?-aF}60NvyGw&s;u=Uzlb0M3JEEelHrktpPSBChDF
z0C*~^4GMyB3!wHm;(G?OB$V!-4WqkIC4Ym{rrkIT_4cqMLXM#E*~?POWu{ZVIUtyx
z7I~OEg+XFJ$qGKKxTKSTxL0JM0d`2Qc_YT2jATIWJ&d=9cf{Yk)BOqRff+n-hL~u7
zLY1cm%^5Zp@YNr4Blu8vkXgv`aEJ9n@%&`Q{Y~s_78DR06#O3YybZDwP<9VpI6m{1
zSUztIK!$g}rpL^DwMA0_ch6k;5svlGL^((x4v!j6Eq0oCmV`*DUa+1F$A!c@F|FxK
znw$e7e#3U`Z>N)WP{k&0VRni|U1ifwQs4$_h1&FuMas35B$3E2@vkkV)EX(X!QRz<
zIxGKw8q|miJR${+?yv%1eb=WpouFaCZ730|mSXR)n~cU26zgdd09Hy=D#-b$F_?cF
zFei=+n?@P!v`1VO6B9<2Qxoft%ZMW~h)&mt@+~H<B#gwE&Q*L~2(018LagB*RlyjR
zLTwJ6G?s%P%nh@eneS|7HJt3WbqUMYpWAO({$E_7+A6?s{VC=bK!iCW;Py-~jVl*C
z$Oo-ppHP8f+J8-n%RjLnB`(9L_-uAfYCs<HDwdr<w$LZJW7ERv`&n+@fw_v0E$b`p
zSxfU5p<Y%`q(w$U;Au{?I^bIKE$RCsm&f02Y_92(>MBog0qOOjrem2kGtYDrB0FA`
z687mjg`98Zy1u6Q&w@%hs+-T6ke!K=?I0TX_TDvLC;GwyssdKg%p=KD;e`(11U9IS
z^?v(c4&A;P%xdz}iF8@S0c)fOJz~Q>U}QClI*Q@FNDj;<L4L@sv(Dq)t#gnJ47Sw2
z3B9tL=t_hr^aYw4&oDAwIP6PiSkn!)BG<h;H=n5y0kcy_lo3%=WQc?#xe}di@!SN*
z37$W#7n}e0XB_cUoyaztv15ot><MJmQ+e6R`ol77+i1Xx@LZLjzvv=1s3TgN4JnWz
zc#Gh0fIcb5Demw$jZ}Lue^E(M@H;{jqvWH2h2$e8wIropzw^D(p(YBihavEkfG^iJ
za{k8CDEr1+&q5KTKAP$bc8gYc<<*74qCVe^H~tO~o}oJAcn(HZ!DCxHj2V%c#{)lE
z$kD+~jOFO)+DD<Np}>z?3b`qyZg@(=H#oQgM)FEWO4<8siuwVT&P=xHjcyz(v9WPY
zE^`sZ(H9HXFOZgPGf+-_A&q<OTA9+>dwE?VR!<UsfeI=LU!xpOI9+wk(aaE-b};o`
z$+PD@d<6*@^&+tU!GkVL&q+3S2s)>W7wH7QI8vYpXTY?p2U-isl_!*hX#%9J^Mzd2
z7Vr|s;4YF|yOo6{!a8~zpFl2rBmFyV1j9J29$Em6b=H$G>8d~8jN85yHFp4yPG0T5
zquTUIPr1#E>GD?D&g<emraF5?_*3l0b-dmKa$eI^OHwuYOjx%`w>q-L{etN1S*Zkh
zG1i6tCdI9-gzjo~^nGR?2|0nkgutMTqA^(AJ*0rWW6HU8nqpI8@y2LN=sR>H?b8;t
z@HNM6wen?)s;0lX+&8!X{{4<G%V$)P(U0j>I{EjT?r+G%9#Z&4RllT1Q%Yr?|1u~x
z$p2xS*4h@n6KcJ?S!BD(%{cz3P`+itE{n661N>o^6dMZM5$n%BysGo#s;qJ2eX;!q
z71&^4tm3~F_yu`c4uf`asy}l>2T!T}VBUH@W4DyMwf?dOJ2o9A_U?qWn3?A$+zn%e
zg@K!_bJ_eHUt&V{OO_@Px@ov-?uWC#`4LOJbj<fS3tg+0zftq&(0Ps1>zm;(1HfcQ
z)Dx<_DKA}Olsfd^WsvG7S+f#_v)EVI%ZX1?<fu~Q6b4y>%$RBTj60ATj^M@%=PUgn
zC+#Jt)#jPY#WpTDm@J}#){#c5X?OtU9*)E+Lh<iE=sU;NFtV~CKtm@>IXRi<=#4k0
zA+W+gCd6P{E|OjS5D!ci{VQulP(1{n+PZbXGDsk59~NkrOxLSXA=J>*^4;|bc3GLl
zxDl)O_J-2hU15CK2dE3>2b!YkJkz5H8!l<4a)w0d-W6NY-iJzXfc~6*O$qTz{&er;
z^RnduZ*?YcYu3`|mJQuc+g86*&R)M$)n5Ota=XV3@J;=84@aU@W#Yz)R>$|YkgY!Y
zNg+!vN(#g3s0+>=`+A!F;)qWs$FW-WNS7Agoqh+--GT1NyV7&7)zq~z$(hZ1r^g9m
zhWmCg!?m!BUTLV;VRo~hGq`H%IK!?UjES;uh=MlboaJQU!@^R+s!w!cj%45*KlPQt
zqo=vN%-;S-+P7U~qX%Yubp*xuFfv;CNU(WpDI;f*-U7FacAlsyo`0j8-oRhW%_#?1
zlhUlg#<W;T>)bGBx<lk>HVQmz`+Y#7ll`GGz;oA9ly72i<acmx;bJ;ahV8;qN6aH-
z@sJGWt8}h-+z8uU2{1lcvRdG~>Za?xm2X{}*Q%x^754*&m|$2jv;v3Ucy^`CV?;@t
zuJ@-K9UgEaeH9^)G2H71))Oc^qgN83)-`vwv_tV!cZ=%21BsjIH16&X5;x7i8w>u|
zg0GBaN!AnZXG=_TCMw!#y~3x3kCOG)xSYjL!3l`ag_T$D%eT&j3lbGH;}tKD<E!!u
z(c_cI)f{h$UYF?hnCJD@SdS5P4Za5)eI0ikA1t5c)Bs<Q&r9@~7d;1PhkBjnws5NE
z^{%R=V_V&ZFNpZ@RzhagUc#ukwp4&=;K^AmA!8$z>*4QevQ`U%cFl`1`BRz+ejhu<
z2;c0OU&t5K4@%}qL2vXrlJ<(q5nDD7O$x`5da)q?q6k5YV0d--qArau2i@!~n$X+z
zx6GfwlP<0vr(^uPhh__cRNSsOYiWa;bTi+Q-EG!3jx<MRN!1W_tg&#$9wk9*Y4<DP
zUSwmqyEaAi)FHZ>q<GZ)P*{VB+rEq1(wc<v)^BEN5&(NN=@5LO#9*t4{W&HgoG|sM
zNz8=c6bL@NG*Obgyz#4_pnNLoYk9T*(t0LFwmL|``56z0!1(uXZxD<lg#}M31Yj_J
z+&l>r?^p!2z(v=ovq0A6UI~&skvdncNvay}KFK+1yRA~6Gd+R@Ba`o!ehR_CM@fR#
zTv9+e{-pb)f$`6YHA8KO?@7JZlRv#)n(Od(WvY1E_xoM+xQ}E82WCfiz8<+zs&O?;
zpfN>P2E;_9Kq|SP4BX3LD)*?jR|XzJ((i;HE*8<wo--0LleiZ;LeOD&AG9KypvFsr
zPIHWnign5G1|O92oc(K2=;$i)2Yrm5*X;)iR|FmWv+D)%2E0OQI3hJaJOAnaDK$kf
zTk0{d$wmaI^rd9jcA#WPSR-|W+VTtr(xa9xw6&2bc}y^ZIh%tB;3s*sG6x;j`tb;C
zudx}`5DWo%)mqXKee42mOtsu0qf8BQe;L-mVT*$_f+{D9Nuq5!?3x!oH77%N$Ixl+
z3?x_G?8_`yw*SjRc03Y}Jum`SC%o6{>4f%8mPJ1Ik1Rxo<RQ7;p`cy(8ho`t78@p5
zR|&R^vI7EaoMV%J7>Cixc!@T@%G>aQWZUc#Q%(<EJS4YCY68n&8>kYoziZcM<0$S3
zsNLXcA;_3X#>lb)&_@4YC?DZZL|kUs>%tEhAAVo}v|%it(0=*SD_O53#Ah|7I8IFr
zg*TGA-`l$a<!3dwlbO{xG2U7q#E^lff%^eM?%Fc>>W|r8`MH)$PSll?7#xSc^)+HT
zD#%WatCb2(9EiNqRENL%Z)+}pbJ9KvkGl4dO*;*ad>{#85vPV@;SXQUQ2Im<HmCE6
z&dLqp#VinD>eLFaWb=3l<Q1M6e=o7qRFi=YuOP8ej*sC8o89<)caN(7?kKtU;cp+s
zejG`*oX5U@XCzRPK1GE$H)l|6-2CGDIrb5MbzT67Jd}LJ#sl!#EF^6fX$*Q`kXX43
zb0;(ez8r26M8r9(sb1da!KOQ%{KGF&$1C(K!Z#Z)TQCn9RE*@_F-ll%$172Cw*Ue{
zi8lg0`-Z=CJ(iiJK_6J#(>4CC!^S<gaMLQiL38tIHLI;vtDZkQ$8uoye=?cL(Px+X
z(G>zOjqYA9r9SWj(qVXI2anlyG5zjBe(?~yb$r%Gsp8G_OI|$&<7`gXGlA$a)d!v?
z9;9JGiHQn{@1_KJ^*(-M41WHhfIuuWuKZG%DdXPWEnhrwrTe=hb3+C8w7M8yS0C%U
zTBZCqiH(PUUjJ4>vTB@dPk3-epR`KYlycwl&j2ighKU}nM=9Si2erzBgNx)ztrF`d
zQWnl0d;cw{?)2}Dfua&ZfXrCxS<Vxk>&zQ_$H|8mTM@Q9CW5BTdrzFb0e?aJpMG)6
zraF&*QdIuD<QG_z6XL#-Cle4<z?e+?(_1~Op(qU+!Tw_bqaIs4Y3f?}9Rv>7A=YL|
z<m!2(MmWm-*Eza}LiICAq8cLI>miS*a<`9_E8P$OOq(T5_wH_Q^R1sP=T+YGNa-a&
z{i~{An47?!pME)pS!UR<gmU;ZL*NR^z@&?3VvTFLv5&E?9Q84My3W8G9g9c9{an@Z
zg8n27osuFHlk+*FsD7qJZ7o<8uLMZc#;k#ToYn@PPrErr@;08LxLy5FN++iFR7}9y
zE+9;EiffIDamfDi;(4zse*`LE9dut30xMVe_xn#2XIV9|duy1qLK1`a&;ZP&@WG0*
zDTM8cFCuVHxlPmZsonJD>-2s}dPqo4Ej|O_Bq|)C$l3YcUPf(MxR&@ns6OZynOwY3
zonab85UQ;8gfI+*EmYlVoFM7578c689C-g<T$rA!z+H3~EEJu}z+Kp_fL(od6dh^N
zdozu8x_XBnf6EmZq>>3*dv;!6J|B7)>nmG6|Ci^m!5X!-FdPWT7SaD_rrGuX6l%e-
zwZRyD_<Q~0Be2o>h~sY*><c9qRbM-@dJMBVQUeOTqCg^!GHd4B$`SVD#?<M}NGax+
zL|t9cqG}mjK&_^hBv>sav(#i&gknKQ>qoL=l|1oFc7cfcDi>SaYN70qr;*70&9%iE
z4UjywIrWzIv_18P3$=}9#fd*Y<Qcz1K#=mwl7@^@f-4#Py?M$1q=w1CeG=aP^XP*=
z@(VW<G)lMD_(@W-=y`>UWRUKlYl6ZBZ9*E2t$vLfifjy*2wVS?s)6wa`mJ>|$bMeM
z+B9^zk6s9C_n3TH-RHS>0Fp%j-QZfqGRpWzmH~+oRe`hKJ2xDz)2(?Fa7YW1zkXn|
zb^CzZu%GknBe!sQDaO|-O1WXTs;s$bpzDtWVGtC4TH=rK+7k%=+l*1OgIy(ak3D;C
z;yr7^ZCBsht;Nv-ECw#Ra+Uil5$A%T=&PNt*(|1B;I^eT#A$jG20P6(_2^O2#3UCX
zN;8~z03nCh(8SeZi+d()>n*5o#0+7g=O;E(X;Qq2&al!KoXu(L8GWh({5V%BC55B8
zmcldzq+h7Hd7?_z*wy9YXxbEA7vCt=YEqxstzrij$vIfoXVr~yxa_`*Q;9V#*;K>N
zu8F?Uo;G3{zRZ+_f(c6T-|{8TP}n&N5rAK}?)_;=$HNL96#X>jCFBYUSrGo%X$u;w
zlmVrEL_rCDF!F=B%#i+e<{2vWYD0}ERiF|>VY6VwqRa?KWGFnyJ~FGGzcYRXm<6DM
zoI-&RTG&?3I`$PfJH1aiBKqh+6U_wc|Mm=21Xl3*qbUrV=BQK}GA)xKc(a~~;W6*@
z<rl!p#P;Vyj10A&lx76b7}SW2zfIsM9BZl>C9`4Gf}gvtX2*wEgP8W|j2zcOwh7fB
zbt8&cK7Z)^8g~%+$5;PE5^?G*vtqtJTYAVRX9dMO%$5XoF({w^ZzLnd!L*TM>9ZV3
zol{M9_n{-AVO_{E8cIUZO&8?;%STlG$q|ex(HraHCdy61_@oZ5F`Fho5xp3LYN`=d
z@95yrtPa;qUFMWDtPP3PX7)iDF@7gZT>NN=%bzV##_``fxC2jx6YWfKBGegM&y`{k
zBtUlPmL2PO=C06#0$CBZo{I`;_@JvGipa4BIdNkE8BkDU^?C3ocK59T%?D#6;nH0-
z`KKd0Sto};c=5C{9pSf4FR=jf8oY#6ta7@nA!wbM6{{YMWyT4*ULDJ&%JdNxhM&$X
zJwVtJya*cb&PPFw5Bp<&QPT%$#Aw9ik1-;Z)K473Tv^JQ?nxty(T0U-q`HMEq`Juo
zq_(XwJA>&FySR;^ZLW-vEn*{s(Td?7?(ng{1kw?WGO2dvPhK)<2d0p+wctpA0pwXQ
z+$ba@LXRf@s@}%d_L?i)t?hRIFN3NlC3{Il7jN+Ol`gHWJT>nhd7@ggrTStuE=u{L
zHN-PEBI?!#*3({%w#VoRjTM*N7tDaCN^*t(Z1e~B*Kz$`!DICgN5LDxi`;**e#^Oi
zy(jNkxq1Z{zhX5wuY7MzL}ZhA8n;g^60p$1hApK*V<YfViEUUxReP38GAKPY$ym`J
z%g9T)nw_=qz)IpmW|OAwUH;)mh_F=NDmE7UiGouw?inwdcmU7YEQAEgJ;FdvXxjLq
z(P?IJt1MzQAkK+Qj5+2&Sp#qkqBl<8jNBf|?<}_!Npi<GT1QkgD`6_Lx6esav^Mje
z^HUb7_D?ZA%Eal9n{;ZD_!fU@9ZU%dc0bYrel|nBZQ+&^Zc0VQDqE=6X|~lTgLS8q
z$U~XlMr6oA|JWo5gS{kp5f?U?v%S|gNxm+xmsMFlE_6>=JPQ>u199usaM{33gK<G4
zbk*a76Yw(F0t@}|X8SR_HF-0{$Adlin~nlpq<OA0a$ciqUXme?RA>=R!L9qk`p>fT
zvgBcjWGvy}KTI-QhIklVR)wt^d`aJns)<QkaiLz{u!#)}zInZ<vSGVFB5r5+3pBi@
zPo(h-0cEXjB&vI=L(M3yDmPw{N^hvH<<R+7irSvFl$SnUjLI((f`!PRt<~<QOhi7f
zY9cBJdoE$<+wSW!`pc@lVyBh5wN7M}y<_cDyLIKQG0*37J*57QdE^>ezX^?KX$RHt
zDy*$8&ha=nIBeH9H_<G&8eFwE9wpb^T`n&#BmBy})n~4^dp`N=yJN361ev*93_K1e
z3!#w-2)!?1QXINDOReGUVjFA)YW1uOM6J`WSt{@4WFLRiMD}SmA5fSV=ZKG~W$y?-
z2E7+BsRx+*CUx%Tz*sCj1jMQ?2#ThFdChI-CTZd&9o0!j?t6@nrOXo|<A4`ujLWb?
zM0A;~?rDr|c1q-^jU}o{8Dq|)@M*r-A`^SM87jINM(b*b-Wp&5l{Ec%JcW`4|D7q)
zBipnWY-&eM%Xr7^byhG#Y9~um-41Oephty{hoY?`S_5a<X1q)bcVO3YT$mMo4=#G5
z=nvTuJgl&1J)qejZor!bK=@As8L>P$mYN|utaLIveb6?)ZS(|Sk#dXf1f;!ROzN)_
zn~oC=faCsL8Eb!CWZDd6b!Hc(^ek=bUlzM7Mf#lv%g{FGvJd?jBJn+JAifxdE&8#9
z%s`D|xSsGjUGNSVCo}KDSrjyeU-m*DS6~k$M6-GdE6DF)`S+rnA~ZqUBl+^mb{5q>
zGAepPYVt~ZLyk{+YI;I@04ctNkYhVn#bO|zx|g)%=lT`ilxV@%QuOmkJ$7wqXW?-P
zgfmYA<T(zGs412dXx^+wKkp>MixN$5bA<vuw&94@$X+D^PNFy?q4JnAW^gn6-RHUx
zGC>g&I`4Gb;yZaX{@8qE=#?@by9JCkTXR6k!RJ|ibl8DH5e-7LmsKmdar<YYDP{Yi
z&yqi5dx&zPn<ca(wpLv$L1X=uRfiWBH@^K3*3KbVlpsp5&$ey-XWO=I+tz=!ZQHhO
z+qP}Y?@h<_%%WpDW^s2F6&0CLStsw!x`)fkd8`lCYHobx0xtZ$3PVUU-!OpvRDfc3
z!FKj4#8K7hOlOW=Ac-B2Py*h9i$EGL1wT|G`te&7-40d`o)eD2wGRZ+e$%hr2wHKp
zuho1Kg{}`k)e!JZADrH%P9V_*h_dm9;=##JqQRH3b2P<@`yjqmVQbx%D~SmWSSF6g
z7X~|>PcXX3EP{`J{WU6!VbH7+Ds8imz*>{w%;c07;=(mX@c7Zx{2Nl6S)?6^cMxa_
z2?d<o?;W7B(#ExRs6AT(-~Y2e;Nn#P4M)O>3MAdMiY(p<A|RuqmLJy%xw0}9g)N`j
z1_gcnBA|7$Pra~%Z=$$xaxWBuUPe92Eg$0r=n+m?2t4Tvij1XWb|UNwv_Vj4rux!<
zqWzid>Yzl+4rr{yabU8of5@47tKQ=tqwmqQ=8a0f(QkjK8lj{3(;h?;T^e84c8J4Y
zxV#yqhDUz9WzcEF=?8C3m4O7XGP!iHju<*-!Uae3w-Qx7ei1i5>7MU0evN6?Rd@^<
zDJD*bqB?kOta0V+=OQ#RSN*iH@lo&n|DaXli6K2}8~^}B$^QwhI{$aHI;81gkF%Wp
z)8SQedczhfno4TrJlP<YVB-xLCC1CJ7nnxuSFYeyLIa;MxyZ!JZukf8WaPfVpC2iX
z5V9E*QVQ{a$T~p#k3J;H(g4_414ugsPFb~mT7!RG-rsLilISAxNp;_<3egOO-w&_b
zzqg;b-#(28(e4`K!|h=yOK2`tlB5ge+Ke5V(-nDq)2MEEY#Om_SH6$swJF`6mY}Ng
zml0jh3&WX8^~S1tnG+;SS0Bd8n}gjZ{rZ#Jw}p2`6*yJQ^b=4Rkt-uj?#gCvc5`ca
z3nW23{i5-@2xpVBdWL|NMj*~2_+;Nv+S*;Ft4Ec=kw<{}E$)td9eTHHWT#q~aw48|
z)8-q+nq>L0)G|5j3|<C^r$K-8GtPt)T{MytNyL#F$lSiQqmq3ttr*mlT=xMLYIQ!E
z)5=_DJ_9kFR=-8Jbag(u%2YO!SBJy2n7_4^w_7riOW+F(-}0&(+l6csqgNH%m1ZUo
zq1>vwWMsz;I3#y(3kJ^^vz6|j^t_t9D;d5O;aV>Xzo!56_?nNx(xKnpa%3ubvZh?k
z*NzP}XqviE8d?unh_|(2*euUU(ST*Rai>=r#a}UNOVVYAEIV`JMV76rQ({V+8Fm^v
zREt5sj<l3Zu&ky0Zno<vHMU2gtt{(kIxn_ZHH)k6^3y$;L(-(%OqyFNYtlg+z^eOr
zkN^3D7)4rGA6C+8H#zJz$fLOusZ=7)U2L`AM0jjZjX5)dq{*^kTUr8TE#=@qSxuU{
zw^M~yTDCs5gBvHsUlUBR${!`<I_SWg#Ed5%>LN2O>>A`2I8|`)0r!_>zIX>jQFPbV
zU-$-$mnpi6Dr@mvdQgD{try&wRoD?9gb}>p&L~du!-2~90b%TTU0F3cHL?hd>_Mrm
zST!zJAkNf3$bc}mZ#!Edu><SAKqvYa2~7)mOzCdzB=8GcSPNGiE#ew}Z3@jTr&ZHI
zC3&fB{7OT{q&T|qR9UrYscEJnYmvFPrbURo^#lx}^i#vV>m>;#st5^ed^c<o)`Rwy
zq;=HutmnD!2zVWEoEcj&iWct0Nx+lvZ(I>q`UD8FGN`hzUB3#bBeC?1X&PLghAc<^
z3Li+!kuwdlGBH^8FNoHkF<b=eW(2stlVB^Bq)UBSKj%eM8^D!;o~ph9ppgJOR)vbn
zjLFFiNvrN0zv?0D2gpaNQZoH*f0n`HaSAO1GoL$Y)|TuUKUr4H&6@Ld1;LDc<;S3<
z!#xOG=)EoDI|X?1e9m=a`UYs*2X36BRtnPI0<I5=O}G7|Y);%|UQh}ME9Jo0e{D(z
zN6U0K^bvCamP3LWPvvv^CH`q6N|wdxP*d@gU34Zd<W5lE%?0A&(Ww?}?L}<^7T<B%
z&yp7UBqnphQcQc$W6#&~HWHbM1dcrEVe#@_TLyxJz$(fK1j#-82EG9z9Kp3e4SH+%
zpEgcFpIsi)$1XN4O~KPo(mv8oFm4AjLM)h5(RUsvL#)gRAWjzUldxbJfAa;SMp;Vy
z_9*xYz2?An>E)6q_l!2@pzw8k&Vxr-w_*w%WSCT?TyT{)_f~huA732(TT3H78f6Y-
zcFIYaoLR#^=QCqKy_&n(0^}JIHucFK3DRys%S-TCJa3Wdab^A;8Ku01zHrE=k~Fge
zrku+N|ABKhLVZB$cECh=%mmwyU{Kl&M+9u8vC3|Aj+)-^SXOab|COcNgHQFfEqV8&
zB#}B!#xbb?$$bo~=m!OpqaI^ONl|jKo-OlaO^n3oXG@C&eO9JLo-a`jeSnb7D8mpd
zlPNWah_d*Q6R4oT4LygQW^U&LP?Y66(b-(eoG@8zzamWgqK9Ax)!%_n1fQXe!;$`k
zLLv_sXTd%)P1AAG|KZh6rT~#W#}{PpZx9IKlwTP$h8M_hf$uMx@(=eJ+oXiwZ`W})
zET7uht4VA5<Xt;U+Xc4<+%sKUOKaH*%Nre<Bnsu*b6BPS+o*SSm=5(Z*cVR8!qWl%
zL}Lbh<{M3u=X>$EUIr)j#87P)lswW+MW|^-C~ANk?nOTRWJz5B-psS4!^o_RX?4j)
zLXn_FaZ1w^#|fb*z^4n@_<*d92CtjB;fgK{YK%|QNNKJBJP-HC9cL$SCQ($--sXx)
z0zcMDD5-)_8*&ujf@pmaMvYsHwm#d{(NSE`rBPnDIl-esds?+P;kciR=3^LbxgJ1l
zHJ+oc2yJ?1FR&asI@%zOjH4Zz0}t+W#)&0n(PHGF5=vfWW)Xfzq^(Fi)?2820pJ0M
zR*q&&u07#&miN%yhif;SVN6-c1FHr)MhBn<Y>z=(5eTcC*g9|zH7zVbgS7-xj8kBd
zEVu<;YJ-;*YEUWKUwO?e1bw87g=!mkD7v;t+*Nn9v8I4+UTc1ry2RvWBFRZZ7x}|r
zr>=l(F(H(ca+C!j=9VZ0v8^L2Zs3)E>w|5OB5r=doIp`6n)TeLW4{n^B3Kc2+b?|B
zf;fJ3O>bw?`Ew~Aqw4FmuB#1MnM<l<<u?Jif@s#{Z9T7akF&|ivy!NM=t+-wIbNn5
z*%~+%oXpvtOdYc9IdtbjwGN+qsbjrjs7ch;<n$O26OC)7m7%IeLviog6mkJ{s)x7h
ze&5`JA5jW#>dSeXgi?q}kXlrKMP1R61M-L%Ey0<Q>Rd!%Au=qXmqANZfvJ&nB9J^%
z6NSb!aZb?9H(1ej8U5UDaR987iye!7>4berd^>>4_%cbnboCb+tsU=(#r=qNuFe)E
zR<ws~cCN{A<PQVJcBV3Ny?7l$`4h1ybMjcCvP^Yc&}g(dC2E0%5t$F$2Gjjt1WTrS
zT@c25s;JpYzhzO`CdmheH4SCIZnUt0nSuZt=0A-Wq3y?8!_zX6>ZYcIHdB9R=|h5T
zGe7@4pst;PA$U)0`bkzXvi1SC<Dz3?&xJHQ&?I)_07bK>&i7LiXhRv09PGJs7Ld7>
zGY4T-$ms%$VUD@>DS#L4-3e%b7vnEw{;I8IPdt@aD8wz7wU%jIqqPAMgz7s?2Os;W
z3fLA7c)`#<&`;C92F^vw+cF4dyT{g?zbktKyPy~9q76wxID}a@v{Zxc(5C&BwHOB~
zQGE1GZmG7lRLAV_K0lCJ=Ni=^y?S^;eOma$mX%OY*{!E3HZ9l{Zbd(F@lsrBQ8FoU
z1Bo`dWJa}=I9XWllG0;4SeO9J5~g17Wa35R>=`Y(-|k}mfLf5Z?dxHOO=r$tJVhgB
zPy{YUWCsY=v@2=a0v%tmgE3%TocN|(V?$Bb*q+l+X;=2_5%!!P+*<QSPH%0<r*)nQ
ze$=EZySnSxl)W6O^kI4hLE>`KR8Uv44;U2zRmIY#52mL*F@$xQ%8@$juwaqN4o5S`
z2B0b;qqwZ^th)dw^b#m*nQ8*)j4<U2lopb#Rhnau)Z#L~UWN8bNBjlx!VSW?@(8{j
z^lH~(;3*w3T4l)H9mV*P&FRM$!|1}(i<Ay_=)ff={gm}ry-<CarHA6AlKHb#Ssik^
zne(TvRiQ(}AR=L>F}bxp*&|A(gyI|&`q1He<#D#t(o^I8XSuk<C|hcibAywUxcq5{
zMr3w4wWI}uasHfGrJv{*0atEbd2>7`Z}5+)W?L4vNI`h0=5f=DA=Td}Ps6A1P9FGm
z-g%<(n~t;yc{*+UZ@%C5?rnG5-C`5x3Fn<UXP3Tp?@rRDj>7;+|20vIxQ0V`5Rzb?
zD=9v-*(2jTUc0ZfJ|3&MuPev<aM7z*wvH%dSl|7!0wWhn$9Ak)3(x&F>8uO+LgFn2
zUoa)b5xUXY>@){Bv^WID!p#6)Y%m-QXM-?^I|#sBga_zt6G6RTdU`30Dzp$w;iU+F
zPlhE5SGLH%PDB3f2m10jmZ|i5P}E6+kwrJ8io1*!d)gNE?aWOBL9|Nx$$y$gmbzz_
zT6dW3<1Oq1EzA=!Q`3O8rt&AJw$;);Ynb7+ZScBAxKUE_C;Y>37LIQ4+UdyPpC$q!
zJt$22Wu^FAgB(+Cwo`h#Q~WP!0@*Y}UNq+IV6R$3Y#Us6t*<+mIqf@L?qo0L1hC=O
zf!sC)`RZJDtu8xfS?`E9_vEaF;5QuB@Z8t%KGM5C5xsVM*TC_b;eQ5rpW1-s*n#9Y
z1?4z8V%a}(Tw%BmF}|ve&NRqlIDvcJLUNp3d-txq<~i;XobF<0^3}B8;MMk6)XrvW
zZrHT{`Z~aN9b<WKvOL8E7)kEwkUr%se6tnb0-NmlCiVAH3E?Ap3j*aP%t<VKW1fEo
zz<5i5^%4mU+6vgOO5V^mYBjfg+T0Any(*-BV%$UE$yLuT9>12E<orO*?rY=}F6S7r
z=;p6zY2991K2=Qb{BZ0HI(3T$?igM38uZk<=GR)q%jq0k>YZ?T*W8{t?$)D{3aUw5
zS0vQ1kY02o{5+F}(ou4B<R7h(_1cH`x<>Y1GWL1~_x?)$?pJ<`)!ySnr(!KsW$xVT
z;oiPxKF0jkryhPFFTB?Y9RwYq!Vx32a;5p34;|dE>M>xq|AiTv0j+03;9}bIgUO6u
zj0zuh9kiuQ$>agJTTu$?w>^zEMkPmI9n`(y*JZV!W7-oKk9jI0&SaQ^qBR8_tkMVL
zmX3^cvQ-b#92TiIEK^z1=SWRuMt6R=!%uDy8Y`eFJBd-79;q}1>rzQde-uj|iL>;E
zsrHXt>6^n!1B9P8##F;c3!fexeq`XrXWHANIg(e#&^L7PIO&2{a}eb`%idQGHDRLB
zAjcobA<aMzCSF&_8`h?MFp61w5T!IAPR1Zkz7uuS7|p$&QCDzvn#Z(9)Wk%uj>=DF
z0N&|YD+yOyR+?Y%`CxyENv~%ejN`OMBIjd)q0*)Z7Wgye2dz?*z0dJ-o|Q<Rcy3?n
zcp8{&Bs6mX#}Qd=fyT7Q8SFNJ{K#+yfX>;M2R!AM8H$rAw>(Ne*`9U`)0l-teK<b^
zcocVlhdn%qJ3J_QPY--E1^G+=`^yznePrM8otb?DKYI+voeImHih1|i@RsFkxR+*2
z7dpw229NZ&<kQ#<tpnUz_5G(G!#r#hO$+RncIT~e{jD+j-ppyVmf}W?ek3{u#LGyV
z0*=FMv~!$uf65T1E(n@khmm3YeXuRO8^&jSWh~$R>w7WTC2038%>pVhJL_Z&!<-bo
zDZyWr5g4xw_#JE_eHqN#cCATNzl0hOr$rFsaO%5CaI$Wjx88xtNPJy;YoFtB&IK+t
z%|Tt;Aco5!^ZYSrT$erLP$0#TPzuxd57VBA-6e)!G_<}E0IO*qVA=j%0)?dstX6xO
zYKWx?*j6b{;*8eex=OR@zob5^(5UC=REKdPg#aF+M`B~y9dE-?rZrR5%??8}pA64r
zs9j<~Zp-VCS==ZDzF7u>X-fl93|n1pCmtX06BBUG*)>yjuZfZZ+f`Iohrd{eY7}Gf
zYNz*C$;Mk_I@-+|jWr?7l%JGM@w`W7!9Hg_k>v^8{8Wg!DHu2DYTb$zqBJskNq9fA
zLZAzGMM;h+U```@=5$!nm3}T3w#{}rnNn|i+b36u>ZnMik-5v1ANgPc=0zI1SEJ>u
zv{9`_+Lf8vtF=YSsEdjz)~Jl4tz)7aZ>tG|<p_3YokJJ{-2SL;3Y}@!hsL5?wAn>(
zao3>aO(M;$JQbTo0J7o3(rkajfZ*4V?K8||<LGqyThuWXIvz$kz)a88baZICX7WQ@
z&R&!i_ioV+p;@F=+Zqc@X9%W!9iOY*>g4ADs|oULAmnr>9Zu=_M*B$fbxJF1i>mwd
zkhZ7o=|K!7TM|_NzB=!|)}$Mp_YYNJrK-wVGR?Z6lod_J@6CheN0*9ujm(cGyYT%O
zuHc8%YKvJh-4Iu?+i>hK-Ei$tZ@69ft2lYrz=uVTsP(W}<IIuN5bEtNt+rk(BJ>64
z<xFTBT4ti<c2~#WC2;1CS{Zx068z;cPVcLwOU~Mw$ye30-;w)yzYgcA@Eq^R6M?7L
zCR40^DYgM`s;_oZcIFO|-{=ne3mfVJ_UAitUcXkJpo|w${ok>YC8Iyx9heKeFvN^M
zQT2$fNPdxjq069O3@jQLHw@sJ1YG(a=iT>z5oN^?j%MR<X$b5F57K}i@V;V534F!Q
z0}Btl@nzFByP((KLMHVL;<5REfO@+Cj`$Qd;v&Cg^XO%vyMJBA&^(`E)v2Qi>;~*K
z%-2-+81i}0JdlMg8EQ6)JO@{3Sul_(QXj-qq^5H2oD3<aG!eZ>&^3V4v+`;|pGYCl
z8sdIjpnVoZepeu9GNWuq=txr=zz+=LEc3Oq;1x;VSR0Fd4l)|H1vs`NHta93u4vh3
zM1>z{5)dAuT=IFdr`ed`4%Z8GM|j_^PXnoikd1W3c+OEWu4nzKP$V~<(#iURIT1Pu
z3bBra)akL0RNffik5(yQ8z;VN2Yy+cy6Y8i)V{j6ySuv|b53XOtN)ti&hloi5w^^N
zz<?QM`sTxiUk4T`Pzh*5Ul}g@0tjuQ<g*KlkE0{0SXPRcpN0B}7Z*tsQ^;7T&{H5O
z5}}03)hinmkoA}Msf*AmDAm}Ry57FbobpwK4N0tQa?N(7dpz#kc6%^2mIwy&L3bdX
zmbP_Evefkos9S)!;#E1-93PWXyeKWl3cRj5rF(vp{4>OXz`k>;t2rs++~$o#>!k+Q
zP7bUx1&fhBXbVuq9sOMduJoS{XJWo$4FbmY|HiID$Jv9vxT-K_C&%1Lg85B1fIxrR
zn^V2zMFgMXmjsw`X0_aR7{HJoqxTOI3-C?(cZdjIPB|FhU$ydl3lj@4;~j|u)&@Z`
zQ>sdlmq<k&oKi}VR7qUK^L$;5azTJOOcm=vQPGE4CZRs0L*l~|y^Bm@4=!k$l|aP_
zgc+EOPo5pNLz8AH9iO5L#vr-q1rSq=Ov+aRYczC$omT2FZ3;t-JlH0+|LDUWGKg0@
z?&EGXiudWR_&2vtxZ;=hO#JtY$(>;)nK;Tg-`C&VY_VQo(5Sz0&u$;>@O9DqFPMn;
zzkS2OF31&j9o(juMnnz{2dBTL<kWz$YhtCZITKEc+5YF8pwlz(*@+2OUwXJ8!9hmk
zL*<KTI?4|?!d%9ibO<D4MDsQd2PF$2fr}ZVm&GH(vV_)xd_|%M7DW*9faYK5IttBl
zpPb$w#q?<zJ+XP?%YGqJ=N3_Ux_y9BgBFoFPD3P<;f&Q^D#2;ypu=&GvS@P1?i24w
zlZ-;iv$Io8^7GhGEO!{mbxINPkm9OjtToA|NUSr$jab!N``!F{vJZb^6Dp{psC<4&
z_>gXFg5hWT->jZFv&698QPgitaVyXTa>%;|jJM!5wm>x;GtyUt-Cw+*)3t%OX<Yq~
z__{^oO@g5liO<b&&81hkg3Iz-Ii$Z}*bM+X(JGu4W3tq%TK+EjL9-*CRjY0QR-%`n
z>EKtmKhYnqtoW@PXup9iZ^$igm5c|iGqA>sS1`amp}`vWlYjIASIOsyuB?u83QK~~
zvP-$Is3=~!2l`2lEDluF4lGVQ6|Ox{(qd8?G!=RV)Uuch{Q(U&f{KiHD4FIHku)aT
z#r>Tv1>*R|O7#(TW=y%c`bJ)5A+p`b*LH)OI_PPBl`LCf+fK{ToSuop>MfD_Z_isf
zo0h)WDIZG_VeCo&q(~M>lC~eVEw0I3p<Gl#8A---0s$Hz`uo*|9sG+4zoxKj@5?al
zC@~GmvT)t{O6E!wY;XZ&Lz?*@b^N&?bt`7ADywF`4#nSFFGZqzzI{km5dx1R{^-&m
znEW)Bge<xE1GkNkI&v$B!*628(`!}z^6pl4$W*DXP?RcTR%nx98NVu2B*8Gg5O>0?
zbwCFWmRNzZM4(R3sQ4|^gw~miaM3b7i2~B4TGs**^X`M8B^yap597dOLN{=*Rz=Gh
z{bprXuKCb8tYnQ&S`~h-0>2k*qzyioJRU~MN2gTdvWI*a71~L86Gr3;Wqhuss$z7!
zi*J~s<t-o!mLt8O<ur}T_v^i|#>qN0zQlFoH@XS?QY4c$<i<hV1~wzAq9NBI94A&1
zC~BmJ92Of6zeZzEXI$a7RTQQLXhcAPMETk7lXPjYtx&?6l?dg_-?4w`12RePWe!IA
zt=gf{6NR88He+!QA+(--lp4<+UNw7U$@YMmgwed;T_R9)fq$*xXxVu)z5MjS29t@g
z+feBfgYf(EBp8Z=RldwUaj4SNAcqt6gcP{nLDTM!P{T$NPxB4C#(CKg7S>DO0D7s}
zMDU#O>*)HQ*zOgC-(8r6tu&4E899nMX!t6H8~#R2zF4$XcOt8$Q(pGbOmx|wu=~>r
z<19%WX){xdro~n@VNH57kAP91j;d<i3GB-1+o;DQmDhJqpygmjQv96>4u4bU3K<iR
zq&T5Aj79o}+jrrbCm$!}6>w&&iFYGbT+2hMdeV=UEW92GlDu{?i0ptavtMsZtRyk^
z48IE@ir_@yM;0DjB>;lX4SSx5(0!CYLZ=rwqBtnwpqEDE&@73<S$&Gd2|H7Bk_GEJ
zhIH2=B=t#4G6TKBD2kkH!u~O#cC5=22_dy2=+F{(R(r|NAr~&@Z{`1s^)SP{6(p%6
zdPXvl#w!~8R`;WWnCF`%G4pVA31-4b{`%1-Xsg(<qC=r$)q1V@YOG!9GUKvS1uPRt
zB4E3qKD@tcg`hkuw5C3~Dmh<;o)eO{GgipjD?9KFj&k324~;OB7KFWpuei<vK~dS3
z6LH*!N}q(~!!fN0!kX*?_l$q<0hG@>P!P!|+64fnI1gDTUxl-@VH8Mr`PPA#HXk^S
z`5i-7U&|nXdv@6GWVm>b935Ubi(8;_&DPN|nOU&xco5{({4<gxxAL&;>5<R1_X2to
z+#2=XZJ;Z){W1jS`9c_D1-9|pu!$QH=1LX2=4_L}`|=2v`O?<e=&&i}wXK%YDCXFC
z#X#dko%#y1@G`oe@mKhD_B!r!{fzQ<NlkSEhVWG>EIprgfTp+MOQf)OFW`4AccaVo
z!n$KtWu#aA_$%OjxBIoOaM<H3T_#j@V?Lj>$Lja?38sC5>-pJ>{lZ?CD@8`GV}hFF
zB2miwwOl=~(9~9fH0!$k;Zj<xwU?=<uHNbk6~>U8bu)5Pt~XNw0(b})W?X#XK~GY1
z-aIv&mMJG9JM!=8bUR_*(>vR*?j8>?D;mvn4xnyj!CfaD2(<c#4fx?1pmGUBbIK%B
z&6f-4Ys?~;e=Aq6XNKs$2x_VM#GIRq!VF$-$sW{9<mrjyrsFy;UuEB#f@hmo!bq;0
z9pUX|W}1@PV4|DKMWp}5Qlzp6DLS#L;z{+FsczQ6^jTRBugEk?kF>(uD&J8fr;Fya
z<}-&xKyF*}-Ow%X0{U}gWRFa+I#!EE^C^Xk!s41h{!+sB2U<LwueY&&lGQO#s3_VF
zmpedG6_t`9ibA+#jN#<JqydB>yJeSpeZ3Jda3J3x+TDWVjs5Ky#RkBiG&PQ9#+w#`
z*A$USjw{4ye!B6$ZMS1iP5Ru7Ro+z7cM4(2@lduPY@Rl_t3BDOEO?UVP?m6ZHo=Vz
z3$)a1UXyP1V<rGQpB<%GyEY6rm$aVOg~&ah9jUfi?_Y+qv)jAA_ai5-Kj8n>mnQ#p
zZKeYV06+)?0Kf=<17K|6Y(QsWYiwa;;zTFFp+WB~F3zT4C1)UMX-;E9BkLhyMo0f2
z7nr!y=`lF`|1-KU{io4I{h1G5$%i4-&affCw@wg5PSsGOKv%<3!NJrAFEJm}%cow~
zP{9#QD>zuAD?J=Sy`zk|mV}87wIphJPI_}Ks+zsGiGm}Ug{_%_CmFg7mewlI%zOlv
zg^iB1H*A!Fv^Q_4mw;t<ayS#8C_d5>Ll17v%3c7P2bzc2pl-e=9Mz||U7ik|=^V>3
zFnAj&QR*Qw4F;B7K$ePDVv1&ug_((wo`I3Rv5A?P?G!nJjXEk6EM1_>UsqBCic4Oc
zj*ApjV*-RiB_VSFEP-+cq*8oxQba92AvY@j53-Pogel;VUlNq`rc-{)sbF#vzeSom
zSs}M_w+H>4Rrw#=^m2|r!?y1t?ct=J?eBlewPkDi3Ge#>Yiej=z?sQ<_5FZiK;@JH
z|La5|w8#pzf&&1&q5n@R)b{^fg?d_DD+*f;^JjL-*jsC}Q`f6|=cWalymPapvn6?w
z%tb)9aYfQUFU=INSzfg9uyK;)CF(v(Ej&Y6N=sPaAeg|vfIBaYJcwUgFONv>7!<Nt
z5GYvcaiI*5q=32zo!}&^ot^10{W+pVQM6&iY3A4W_cixXZ$|p~HQM?^SZn}_S6Ndr
zlcu?Fsq&uzul>YPuXjAy?&j|~Jm2Rna_ue;04h;7Q*mrkMa7dv{e1rhc^&PF4C+WF
zQgd-IQo86|Gi_bXr*FJd8_dlmWN26Q>=g>kH30P#Se{4nG-AwG$fs!))oDGG!L}TS
zae=^uuE4F+88Au4-5z=M=Y?!|jqT&qckgE7MO^FiJN(>b)aXo_3*Tkj`pRYFCbyXS
zkr4A${MM<yPqEn3T2X90N8MJv{4EU!S~_8GAZrW@Nv0dCX|xmYmO-Mx?9$e<7+sGE
z-|tcOx>gfVlm^FNbB&Sc4p;5+!^Y9e5WByqgXO<F6URo%z6%R{-jZsYZMFr}kr}qj
zxGnIY7$@NOXRq>CCeAnOhtF~<!)84}J%N-u^~;uH3GU=olNAkfmXp|yz_mvEQC*aj
z2ZDq!cJQgIb!BcF>T!SOGs-U8s?9;`=f}QX&fdR}u4Ypo!Tr3DeA04fsSJ@5Pbu$M
z9!MlJ?Y+b&Q~5IO$}Sre$&9eusu8V@iGvmMo6t3@Q|@20#}(I^rHnZnICN6Nq=Xv-
zBWW+a_C{rh+G8@+=Oe`k-`Rt76^Ejc8yrQwU|Rh2%@4q8pf4^gsL!zoFdv|+7w@JI
zEK40k)ki<Lm!j5h+KRMRV6dTS7RBSo+VoHSxY|X9@q*)ND_iP_nv^x>$2%Z8wuU0<
z9fd5*ux?=8@EORswY_a5Y#PQs2}m)nBI2r@HJ{B0Y&o~GRirnJ<(J$*)JI{v;6-=m
zdI%D#7gYqT!WT~cK0{>5GSuyIKcSSvLg|1jk|&Jqschh0+qaqcgI@gVfxHNBT7f<Z
zX)&nm{Sergf0CQ4)A7LMSIzpJzZ@`%V|<Yqjl~XGgc`Yw*pbUN8}}TW0kqLcR5TJ-
zy|{d!)Lp?677_GHbh$xUfX})uxYnfaeMY%cBK12o0^)aFH=^-=7W)M85|l_@&hIqc
zGSu(QWKKV?r-aTpfIR?ToR1Ri2T`Af(X2%tXQxjySNsX}e0~PJb@^5cFx?<+iQUjn
z>DVhrn{)Nr#4AVJRCv&=mKs{BS~3e{V+nemL(w!VhVee#lfPmKn#P0YOCU8`ZXwo}
z-Fsd5_R98DE`1gxO8xc56!zwgU{yF97e?GcTQf}=NEW^41kMO}Ad(YFd-@i45qqXC
zyM~N@n0qHGyZTnge_?fx*1e)cwGtQ4_6uiq9dr8OR+ME@lU=TvY|^P2IN}w2TN(Zi
zgqQqYH?#fGoVXTLNqGXqtNS&$Uci=jpZ2mpH=%-HINdMrowD&L<c8GB>V(6rX91LA
zJ~Qe=-#21@g1YOdH1^IBW|^MHS$6;uTDd7CL5+<2LgTk)Be?`1Hzz6q)D1L;I?xL_
zx+VA#Q`?XMdX#!|r6UI%X1pU2km{ckBY2l{{K*JdgQE8Z&w09T^^@Z-f(*y*lM{TB
z>x%_;!i0;za!1vNNND<F1~`)lOjg&3U=g1olg*Kl6(-`;UcYtY%*n#YlRi_#s5Cej
z{&w_sC(nw5C6v5<3TWdS-Gzi)ePYy#*C_FReCZdml<8(hEpj2l!I@$~12Ax7l#*1b
zS5g{!qH7XEyCR89f!CsA?Bcdn2T9Diwwt#HFp*BQE7s#bW*TK-)|NVA>LWbJv-k?6
zg!}c708Nr$uQdC%060{)Mf=Y-C~PEjFYM?}!jdr)Wisl73@;<g^ELK#^Yu?c+88uc
z=O$%!lCvZGepNy4)WNVq?m)?q!8V*m*!P5fO^fc(stY`0?KVt3kJMngc~kPWCl`a2
zAUI*|n4DxlBT`-LU4;tn>Z8Vsq&>;rdg)W@%!pGABSw=SL^oJ8PH(^<jRAw4WH1oA
zj|~YQ7zFu4HM36DX|UT2r*swW7h+NNuHMDNO~JEk^6~hvedHI^bu2MdStIQ|yr@;M
zTC3yqf~Mx%ys7CMxP3b$-nZymf}xSi22v^VihsjaJ2Ur+vEhI21!YuP39Gpt)H9i*
zUDboYK8`vkGctZNL3g7A$1MQj^GMJ&fEL(r>2jv}VYT~gk(-jc*(_J_9OnzoMgYcq
zFVhsclz3TWtGZ)`?$i4b8eO>jP>wpl9;EJ^ZH*T(#o%_}R8|`|th4VnRE_n|rDyah
z7}lO7I;Nz^6I*FJ{X}ZX9F^87%+w|gJ}Zvb)rk@-HWg_E@vi3dJKuqAb|rH1Bjq#N
z#qetnHn$+>`>jIkH&v}ejk)fqt)axyYYT#?8h6>Z^&2)Ky==cJ-w-$!bv%&a0KG|w
zOj6>qvU1c|20|z>sE2}rs*!67a~En;t(*HKLI*mreg_eJ2&7R`vc^juXJW^QAAxxh
zykQ}g2720BSf@XX`?{}weD(=FOE5EX;@U>VRZMUG3Z@jralrD#&vbltntBH;!$2bG
zjN3d0JiVY{w$sy4ckKQ1n%N%t3;bUh!8+*L8|EME8T^a?ci6N4{|9?U{|S3(@$r#=
zdea8k7&Q9%)CmK)sOqT|YN=WNFH{4kR8Y=J&mA>3AA#RL9SBl~oo<Sresk=T4S?1>
z(>TMdKSjSJMI$w<Q&CSF&P)&Ub3sc!Nj5$yDX=u7nxUhSlr@o={6jOd2V@yIiFJmV
z;Sj)#l1g%dc88ULiJ69hnWmwMrI|+GIE;;UhHBOjSa#H;OrbMH0S`;?xR>x%u!Pb&
zwUm`)*!oqlHH6f?^_8SdOTM}n_qGS1riLB@jFqTI&);7uV|N4ezxn$d{z-`+Ht#w|
zc>n+iZ2u>0#`>TBKGm{h{r?CTcW3}WkmrB12!a9t0I>WQ++9m#<t07ctF~rhS-gR?
z{dFkZNW-<lh#-8iGdnFPM!|Ymfk-Qcq_j^EC}_vP;GEjTLMpU4xCJmpSBNg3HmI2N
zYQf+!H$DCuLlDUOJ?Hn=1CP;7bb*G+Y{p~OYla8!*O6PDzO$5O1GO4|F+rB3@LI`e
z-rdX6k|a3?M?wt1Pvs=%!Qa$J-r<SL_tW9(QLhJB9(3t(0z1Bz_;z#U(rS-d9elL^
z+#c-5cOlHAo%fbyB|OHar8UYTrcS}3{yJ#s@~NZGMPn6=)r1efi_KnQufA`6J=V;3
zpLpLU{^rKLiY6h3v_o)vd@Vwqdjru%2Tcp*JR-<a`YnUGsDs#Menp%+$7^}|s;(iP
zzN;#~3aH8QO-jQ>L#>D@;#*-ZDqCC&q@_*K1QtAL7#X*|1`J0FQKsbX3ig?$nWY(3
zer5YQKwU_TaiMz%ya`wHj*F)rstxFtD4_QuJj9BBHgvIrh{|-dBc=GEZz*%XU)fls
zshg$V+@gu5n=j5Z4P7%`oOTmnHVFNBD7D#Dc+tHC>+UWe!CVvP($dbq%7%I#_uBGW
zcBo^ay1r(`xr#{>UZdLPUYL>-Z6YIKUYrwZy(kQ&by;BME$8MXkRW$ez*fnN8Lu1r
z%d99xIAMOpx!_r7KntRiB>FIW-r2EPKxYJDj~})W=gn=XM2+7`T|2IpT-S*GZdSaH
z73d9jh#3s{9qz4j$QB0pN6p$^AMef}Za8-s506*2%WhvsOf9&B_}rO!{h8T;qr#t0
z4n~ahE;Vf0U(GA}4Y$zWj>unFtH8>k>JZnyUVt4Aj0&&^(YgxdEpgAxU=LnM-&>Bc
z2T)rc?8}Ef58;hRKagn8%^&~nsug(gm353agZvAHDHV$u;NyEq1^8JCiOOp4K^7$l
z&U>fk>0Q){9rs*Z#az?D7`cAL=#+gLMvOCN>FVv)KojBDhAH4qY%h@|^abfoK>yy8
zJBtYZ*$Hw>K>PA3LtLyUpO0T0*FDpA5nt*W_nhD19HKT%B$uoUDC~#vE`6^ox@B|(
zlYMXQ7LXSMr(T>A_3|vk+Rir8xjKwG??auQY;zkl55BQ*DK53&AyEL@@5%;y7uTXU
zxjl<;@0DRNJn<Eyks}ny*Z)1+$gg)8;}@mvhr8co&$zPRiZFCn?t13a4+o&2G`5gk
zD2uMiW4)aJhJH}TLa>pUn>0U#RhZe<rpz3wiJ{=n(xrcFV<vYf!j&g8_q@|kVK|k1
zuPU^oJ%)PF#)u`oRAUeGnVLMBtPLY2(Kb~zjWL7m0O<C;a8Wnm%6hhVPc5dM`XLwb
z_NjRW75o#QB{lk+5X#V6y>iX9fpU!vTe1~)v7^mvDPVxxhOi6;-~-}*VmYq7>WE<=
zu%&`K$4iM{ve5fI$OzqScud1q6VTiEP~LE#94Tu=fD7mSBG#T+f*(Q^A5vmUJ^=E+
zCPGR{GbpU=^uX+{{}SJsfGfkoz1jWdrrRTTA!jsGI-ofou?URIOS#5Yhx6u~LD+W!
zt=BxF0e!sB7jEu6k-+*sNAw9L$?zYU(v!eFaRa9mc=O7fNoNvnuSH7u<t{pc#~rk#
zjymwgjyka=fatUX<4ewPz>Jv>jSdnH2Wo~)Rc<ElGHYA_Rh<;HVb?TC_chLCT>caE
zXe<^jP9(fw%~@|%fEQ@Jv_+sZ4t-SS`BvOFS`*oW3L6mkvOEU`uGaPhVBRn&j}~i#
zgYC>_u$HqX?k}dA`ujcEax|52Z#zpiu;{ZY`Z54LbTrOv5yuBB;sn2BU;G#KBL~X=
z1}?kJP<{g403Lp`+)c5mlPM@yuTbOP&zqDXf9dZemP|*-YfF7TDfS4l5IhT_GG6le
zYe>1puU)nKqK9a~UI2B00e?_m?(U2ZNZrzR=I*iZCY*evk2v_q9<uO}J!WFVxlc!h
za~@+sVvjg(aqVYfy=F1FNj8$DhYsD|<e)`5jPgz9mv`f+b>V|9mxjgkFALE|$&ZGa
zbLECwGSKcM_!R`Vy_pdnIQEtPoO<nv1=gVoO#*fvcOiF9I=sna;p}8b-DGQRBy!iR
zVQa$O$uk@YIy{i{inPk}f^L1qy0=5F=|-el4ZVPMX(P8>-aAgW&BY!Zllf;hDg6-T
zxN-V8qqZ2Hk@VUA>)QNqVi;XpvYwKCe(EJoY#!N=4XAJCb+`LZ7Lryg3?ER<<O?0{
zk{_d)Aj{&~%r;Uu{<PR`R-9NL1J@K3-I{W574he9OBDWje1sQeVuTlcV#KDtqJu9#
zu%OCUU`7>=IPbBVBA1W=ekd&56c8^6?6&gNG>{eju?t?_;NH)QGf8t*Ggm^Cv#x35
zTm;}Rm%}<d&<_eN)lI6JM9*LNy<Za07#@E+Qd=*KF`A%X@itu2A6#quJXm`LDEB|d
zFRXQf%CF{6(28lAc@`XXzRoI5)n*AL$H3I3CtB<5C3+AV@xfSLom*;;hUco{bP}RU
zQb_kN_LR{FzG*4R9nER*p+F7fNzFx4;P*WF&d^h51F@YO1vEU_+3`mga$jGpV+OfO
zJy?#<=}EBx+Ptwz=Z_S6Q0>krO{}h?rXn<oYdF^t)DgZ`ceZ1=yLeL3Aqnr<Jm=<z
zKSJ-YB;;F*D)7hjSWSc|_=SEYez%|}GPv`?5Y?ufNS7G~4)~9IJneNZd*ANOmw@m#
z-jr+g%ksP;R(m>6%}+8D_#}Rz+HltldsM7Ra$MR1_i^Duo{%C2bRo1J*fK?NID<nr
zQDG&5v8RuMgVC;Hr&zi^DC|v6{=ecj-rNztYRZSpYd*5DTZ&0`GflT+D@U~kTu7hT
zOows@w*&kJ_!DyZ(l`&FWw@)k1B7|qQg67*)PIT<=*0qmBrPQ5UUyh*E5nZcT+2*g
zXd_0A%AF~h+rmQnvuxQYBZDMx6@$o7W16|}YlIU&_{;vX40Nk&QJ~878r<V&q4Ac?
zg#Xi#o<}kH;8CiUPR=H>Upau<H)3wxGTv`+whxx`4ZfL~E7uyb$0g2NeF#Up3C5@#
z4u}9e_-8Z4f}(G(Tgh(uy?HN*DiA=IHSxhwUeB^k{8W*B0h{>JV(9zYUNrK_X+CLM
zem6#e3SjTk#kROJGga3^>A%9cPLDG6fiP3U{u12qIL}tRKKx}#?9)<$jZ|bgcc;7p
z7Nr;mOoMq^<fM%nAZF#l2VdXF=JZ`L&2zM`hyJ4n|Lz%9a5KBwOWKf5=UMzEmN^qR
zGz_aW+7s!t$e(ZDpUs+M1odt|?`7QuC`kypkz+U>c_zvKXYBSy+Ie`6%6&j-OKCRZ
zzJN1#4C+1t?wVt-Q3EeG7P>nQw0H_<z|o<@q11Sz$y&w-q-C+r*W2_<`fFPlC5mzc
zz21+#$Y6wgke(f_iBHJ~dGdhV-(m*fTZz1TbbP}pI$AcXcz7Js3u889i`Osud0%~#
zPY4TA$RS`E!;1iC2RL<21gp<`uH@9;-}6m0v$0QPq|eu!GW*Ix>XoE0KS!M+`Aou<
zg`LlVl{mq!j9jB`nrsH|eZAF?VsKCaMAaYGt<c{VE?2x;v1~=b;gYo}iOd!+aLZ2|
zq<7m7-^G9`1j%ok(TB+uSzp~v=^J;N0q6y`&{Pw$qY;Bv1p=#fZ9&ijHO(G3nCU5L
zZk+;^P4SJ&CZ@UAl1M;ZZ?SfX)6bM4paZ)(t@K_$e}NhHd8E#UPsL((P@gsNUMWxe
z7kSu(ay7K_L~<TR<-?l0T=|2#{Lw|8_GulYO!4DNjtqx?-Ul^bG82L@4PawD310|Y
zDJ#liua{({87N+gsQtrIHMliy*iOL1JOt;OSoniF^ETG?0DmfS_xaAu!NN@cQ?ul+
zUJKw4W{b?)FBy|;vo**r9(%k)>Iq`#6Z44KAOt%&Gjlm<#xR|q9|!!?ch&h>V{uPC
z=BN6R!6w!f1c4sdR5SS*xK@pJAF>8{<`DcB#UhFMg=#v?ga31yRvyp%3bA)&MvJhV
z8fO;xm3iqSKk!3PhvUO0OY`amM6Y0?S9ESUgSHO3US;|BQnCenQg!U?kSpEQs@Vv*
zm1Qq(|68H-4VyPNGU;G3YnE5!+&Jx)(~0}o&CY=bLGTF;rc|x1#E@6a(|~`T@2orF
zQMHYD9$h4!Wa8vo;wlTICe}vb`Pr!Mqfadh2pP3R(LyCNFZ9$#jrj-Xj2&ob={~5O
z688#fHf&8ti#X-}9-p6shEP#A(@HQF+k3(+>w?*v^D18-%-IJ#mf!>9qkevyJ2Xbj
zFi3xe*d@}xRY6_A9fJD=5k#dc6jw^#lxL+JM0!x;I=EdvYXDp5N_G{B+o%pNJ9RH+
zuFEH4!nIQDVnzn9oD2Tx?Dq0YlK#obMK|PA<Xo0#lpmA6iUp6mofmN0<Wz*!2lXBk
z0^gQMcK?1S7z=;@1uVgg;Nfq;(I$dzFF&=j4Jf5|VjC<7-K)_ed~0w24&cB$q^$Te
zH58BF`|{K!yoA_9v6R@vLNRf2t&~_rUs>u-a?EL)Vw<9NEou$Q>Zcqf*s{d4TUM50
zu0L6Tf`=Pca}=dFUIv|P5N$pzVq<hiv?akRa!ki+8M0qkB%rYP*@F`~+(CXMn3kvF
zyz!WVpRC_(%<iK?DlQKtUot&qs3b<R9BC9~0g@<>Fo~fc_Wdm&eTC!z1<29P$yr5<
z`73PAN?cuwP`R@K*dO!~<#zhuiQsV++9<tt`m(LAiC~Xp>)U~|h2Z{Cx*igg^E1Ks
z$Yu`n9DfX+NYltsp~^q*VFFEC{CtHWs%vwz7(&2c0XM!#y#8R(^#_&$g}bxt0A3Tb
zX>k!ET&E~j@EzpA9Z2UlNV??yq5K%2U-}@p)$ZN|&xd3t1DnFxCHZVd1uLclyV_wL
zZZJMcbf_Gc&oLSG*n|7+P1ZJURh3j5co8L!@7WoXnt-lZ^MMv~F^zR;Cu<I99cTKV
z%6nAi#YR|n#O5{KfZ~M5qYK<z9fqI!iv-jhy4?wSQ9RsT31Cl?U$a34I%P2h`NneG
zo-s_BU&#f}_64`6!rRwJzCykFbk?^e9&L8nXP>8q8BY0jHv8jQMd=Ttb1Z35_}L-V
z7@SyjTGM*{H}mXYWYxAJ(YZGosW$g)2sMYyy|Pl6lA~5lQTvTul2+@|efUcj5Sw}>
z$JRIq%xrY?P^^$|m}`4|@n^mL^dQctFz~shysmb<?b4@8(o$pF%@eI$;N2Wa$%W>9
zyqZ%|a}1(w(XL*oaiPJLNBr%FxyYdyYw-5z0byx4uH0V{Z&|19Z>>X)`)WP}tmw8e
zHbc(&jbaKLBN5d|O;`YKA={`4y8elr+7vu?h@lwfpxT4nInjac7{d2quFY<IXfG_x
zCZu!vv@uPnrtJzGOu8|KNFoXt5k!iiHW(tpVIveM@sJQkFZ_s@fLH>?8(|IdvH0)x
z|5$J?Fc@hkVB3Vf3%^<$`69}B7)@;TjpL(liJ#mX(-OREpP7dFE(E@GFzVdzK;A|O
z*A<I~@dYG6|4LiaI<IZCuHSzUFx7{m7uCz%9sb$!{^3FX;yMDBu%ANYpj_Up>hRu?
zcgNJiw}r5SUI7lK2dwK1e?xw#JFM}W0$=xsns*e3nU!wONg9Ao0Qnng=MLrT49I$T
zj=^sm!56=C)Nge|`uRY>zGM@N2ZqMLMysLJq3Lm(vMEr5CCFm{&Hj@<#C3MS<R@QJ
z-z_r*Z-B3samx$fkzP2>wwpf>rPYTdetNWE{De*U{3g{;F9MeK9RD7C5a3JYtBo>3
z48=eIqQO9K?uN|%PCk@106$2|FJ_i#Yq5T~{)#73Ni44~)P8>@Up*F3sT1QZyiE*i
z-k&==qX;a6RKnZ3fC?2&a^Km}nIte_03bN7O5v0<xn6S))}X23S)^c`OV}`LIqZGb
zpE}qn1)&F{0d%H3&^y=(35yT80pTdhkEkp#Y(RmS!WXE)0%ppyY1+)9IsRrwV(5wA
zh>CLyUJ2OQhTa_SulQ_5D$8K;BH`Xnfy0wH?&7}tR||+2IM8@V!dL`Xcn|!Z_Sr6^
zi(Hgo9&BFW<rm>L(A#l_Ib*tb3mNgbc^l*zMu=|9?BW}lfM06$eiCRivACc>C)a!-
zC%B)^r2Im=taCr%zj9^_5b&2a*#{UOwAOxbF6C#R9KTsT7J#IE1!D9b;Rn;%z`KF(
z93ByUmcRcCzu2(lo~!-LKh={?dF0f=3X{SU2uTNqnk5cVfL5@gJpl>h`!z*&Vcj-C
zbM<)cOjGUn$~0de+P3VEi0N1FTc;;TC!4~OIuLF;cb_&y_*4|U;z&_$#aEoZj+Yz~
zZrZ1FX**63Z<(N+p<Ld89^L?uAPc;y#tUK}Ra#N_gtF4Wm%ElZUVY?69e?x*Lw+Z~
zy&c@+{yaZ9N2Ws#(0&zq?h4kqq_gNj<)eCir9f6Q3Jcvb9vYjxac<;Bm;}{UAJny%
zzkReY6EaUx_Z`gRzgxNZvUEWBGQjPDNAUeq>*W}ezCZ$q`L#qm2x%bnO2vXXL7gS9
zpd}#nr>!XelU`~C$XJ%ZqXqJAxp7BWXY%{Ybwm-O(E&B!^66epLbnRaTB4mX{bf~t
zpLNJXzSkg`6-p0=>K|F5*M(xmIN#6p>aN0eua{Hg`F)bCFpE?B4Z64LFUgIzM6t%K
z5TirsTNvSc@YKUXAXdLQh6cbXyQu~G0bRo_+sYj*(fi#D+x8E&JwVL|h-L?Q_WE;o
z%kS9l8+zTo$Hs5p|K)MFAZ4LiCV6N^pBqDQ%uOb+Q7j$MWR(VD!Nvr+aASy6lr8%f
z2_aX4+~Wfv`5qx&kSzbLnd@3_+kM64=&yS+_ze<27ID^<W1c*#1JV@W+)6DV)j;rW
z8-sm%;5fMHn69wpSPp2VHl)ZC?|wD+520flMn(#Cq+kwJ2Zc=*AwL|zXoC}JKz^FQ
zG<oL8X&gZjufoG}l?!5?m@*3?<-3gk`2j#d#vT}yrV?Z4<RE)l#)h`KWm<E&*pQvf
zG+^+7zA+|PwnZlVd*xshgF<rF#OopE-aw~+Fd!j94gd`k6bZnQeZcDz`}<b)1A!NX
zzXoW^9Jrfih(3U&wd9}*Q!PdD&de3WfE{*93Ecy0!(4hzQGjU(TELkP&94()#4X1Q
zgh|$Y0!sdUCOxvIggtn{vTl#hDQ2uxC@wHiBRJzXqM!^QN#8z+lLg8i%U}erh0Ya%
z=;qSGgm7hBBZbbL{_JEAb_5p)0-4i342>o=m81w4o|}aQRnQ?os_2m-RoD_CRrH9Z
z;Teq(3EB||or*#~+>hvZ_7KB!e{yH`dMXxBWlImC(_>?`&?Z_oVsZ^zbjIILI;6U0
zW}s1}#rn8Y*0;=I48e!hn9GpQfDxNu5%Y_U;wC?FdKGY`tK&qv*?(`u7#nJMIV;G4
zbEbdbnmT;O^E>mY`)sFx&)BgXYL`Vf)wY$@wd1zhc66-uWZk`T%sc$qDV;0v{$UBy
z8%<kt5My#Kafs!3OP;bdO<N{UGgien`7jc$B+;M=3@886qt9K9eh-qi|IB#g$c@xQ
zOzz@AZ(@HVo^{XMMB1*@;x67H)8!;=b}Kl(QuIQ{Fa!8PZTbu2#nHA))YOdfnjKDW
zA$Weu^G6wv@cc_Ou^cud>*T)%jOu+a(TN>0h7uU*3Ot0xmsT)yj~I`nxa(DKz-n_4
z-4jhb&^;+bv_QZM?B3RcoWxwn%!Eb>=2<z2Bar~i3BOs`t~3r9Tob@XskOFEsDCJ3
z0c18e1&-Cf_q|`(jwB#lblt5EYCq+e9;Mk#q9(-5Cxjg{V%Z>wPevQ&--BC!9A?Yu
z%MEkcNL6%IXQ~6Ga^r^URce{%!t|tLB)q(5h;M-ZW$PtEV#<;e33(KFVka7W2LX5F
z4W*a~B{%m_@*+X|^(i}+1sty4m2jf?5OK(m3WdhekU*@XD;7!viSR(#&a;Em6MQ^Z
z-)}fx^y#ID;5kQ6-kg{mjDM>RnZzxPaR3TEVZXcd&1;8aR=%8*OQ#)>6Ut&5x|tNh
zj}LONoA(wgY%}dC#E;nt;Q<vZrPacN*HIO+McJ?79d@Bkj-Zk$KF|~{KCmpo940*g
z6twzZoSjpQC}ER^$F^<T<{8_zZQHhO<BV<Fwr!lTb~f2;{<}>!>8h^2=-cnB6yC>2
zx@A=pVh<PT-s{|yzQ(67F?_d<<e*gp>HdQ@;uY97;#H;!{eJT|zFv6_-?gP2y3O1_
z6%l?fekl|oUm)Lx*__lDu=GL^xc#aSH*@2`vWzPxZl<Atyi|}zS~hQ#`D8mj)Bu==
zIZh&t7=LBZ-iQGC8jU_QSBoX)s<d6tOFf@0(OoOj_bw-AL&gWRGo(VTOOq>Rb8Ci3
zdL4FR&F{Mk&@^RX-DVZQL+<D5^a{2QzBVKPqR@NuW_TtdQa*_p%XhRi`a0iEc$Vji
zeBrl4X@{`K$4tDa2_oV{+E>NKW6xKIGBX8I;dxP}a<|=x-g8iZ-;HZyGV_AFx#h-|
z1$B^Q^G2S)t}oI*_vUQj7*a#NRaFA<6XIoh$G%vGyLWfaM1xR4ax4pP!h#@axL+XL
zvSafl0n%*JQ)8yL8`!tA7tQLQW#5O93$%7*-49~rJ{Yq0<&@3EP$Z=N#&wk&FyMY<
za}n)O(o$#>4i~>i^i%U5VvUUB5V}XKLdCyF+D9A~iwArsZ%vE4vpweB#vK>;Vj($r
z0-A^tul++8abx~~!QDG%zi<0|kcbVj*2NJsF{&AVU!Q8~UCoM#Z&jTym=f3QnIG4z
z@TTs~OnZvI@p)4u;2u&thXZ_n(#WEAM;NytX~cwO#x)fBdLo+{))xX(^huU!N5E&D
zM1y#aIOc@F75gR{cjw);DUIrCtHMA}NfT-Bspzmx3VPs9WrW{$ZbOmIg=I*J;x`5{
zOjQ|(zX@?;(7g4>ETSM<QzKAkh#}C<!@eFSqDtMl9ep_+T8?U<AI#G%_%;e%u>RQV
zP((f?9}i;hOOY=ta$9)pGFUDxQr^~>69u)u@=p)BYY~UGTsM69o&y<0&V);F(YX_=
zlx``XQ^xz0$pv#-#jN&!f5aGy>x9B~N&D=Yc<U(`EOaE*E91w{v?TOGm`Vn72ZPZg
zN5XV_BjeNfuk8$h!yQC!9B1ci{Xs+CiJ6JC*CnGYD{+g69kqprJH(2Kb9T!UfOeo(
z@>M1ya7~8_hwP@b>rMhA5o^YvSO1kBiMmtm0_(s}%t8{v1q%2@wXI$E?Msv!<ie&p
zkEWg6pEd(&QzfxWJWmQEs=%!Rx<5;-i5^`a-rilE=_3kh&&4{KJ#;6}iYOAP%Lfct
zi~WoU=by+pj|fR2N3C$1pu7@L74<QfM+3zbGC^rq7WSn^0^v)^r%h7au^N9++;t1<
zqvA~2o=Z2q48c?EkyqWO9G11_2Z)}%v76-IDua1;GtE&B+$w>+cL9REC+GrSZ<dNJ
zj;m`?q3DEAQDVx3sty%W#~G$Bo!la^PUaz&O!pE?W??H^IOQ#^B=d;4Bi5{9e41lB
zj1|Bjb0CHpaYVm&@h39Ic!m&V=A+E3mxPB>i?B#j7DAPT+Y)!lQx>*@wc(iN5p9&V
zip&KdE9};oW9RY)SJr$u^@<U}@~em!rBf9%vIMb+8pn_5Viw;+CZviH#4H4e6K{mE
zbg_%t8x=%GHH+L%H2jjNq00>pHe}1#ko!;Zmh56tTF41L_Y^HNh5SE5ARaA4g@bqK
zz|aV;1fISqf2-v-2dCi1Z~FoWeOEq^Q?KBWA-mGWrXT3zjr&91f3(5=_&-9_gqq~v
z@rZ-`Y)3(U2l4(h?jd>)q<SzfX+2MvSXj!=3~U~7f+a6XfTu#VQzzQ3v<>H2s0HLh
z`9cA-FxzWr>f!(?TOq3TR{+=g7gRaPRdgO+cWnY2hO4WSs=NKQ#IV^LhMBS~V-l8B
zIdVbs>8f-?{3~Z&^(7B2P&u9|$yd6uzy{k{$h(oMy`2-=a?5K&Ar0i?$QnS^3GZB_
zi7)&*aAEOp<$)EG{KYa&I{49o32~-uT$m$|j4(kCIzN-ZOfA7D^xiLEGK6l8T)$1;
zm=9RO(H5{5A%i}j-ROomh4H0jBHc^FWQun?jnT}zI3a?o7Yl~CF)SA>i&5rvc_GhJ
zkaRgm$oOEnh^oRiNV2lCjK9LRSu{4EYRz4VmbWXK1@j-5Ov&7}MiHvmibBR8H;EYW
z0`A%oU95ACs!+Y(stcUMEuB-ajg6h|7O?IkID&^mJ}mCW{8PMa5$lOM1Kxs2dM*rl
zh8^x62OAC3F5ZIh$tDS^ZhDpLysssCbCr%W3F1s}3`}cC=R#iKl-UQ0G2dnx!Q(m~
zXvXX_CEr*;^a=7cfhi3JWEsrh*O)NU1_o8)Tq$x!a7$Wd)V}bH2x)?og20is`@Lps
zkTi{#QJXYPC$_QSIxhk8<P9+9njb*zKb!!gh<lj%mi6;&$G`mrem3NSd-zCXj{R)N
z3D9hT0NYFy1xWp>shz_@vI?>1+Q;cPML3H>OF|2iVC2fWtF(CRQ9)x@?|8<h=%fn~
z4agbm$AlqQ@IjG6e2Mf-%?%M#OHc?I6)8f-rK)(4>1HbSoi|7likXs$?`R~PKbYcy
zm%I=Ny`pv)6LzzS70R~(pDSJ$TDMQWRRl@6%?tBsxXqx-u1j(G4MjM@CSsrw6S0*9
z)f%P!Tu}PdD*6T7nAb6ewI(}r=m0NFV<Eqbla@SD0Fm%To|*pFo#k^_h~GAYsQGx1
zXt>emf-%z5Aj3jfumZGHL6;G_us<``r!52gG8RaG*3%Z7R0c^4m;UlM>HsNTz&Xc(
zzIbpZWRvs5{uP1P9F#AERNe`=Y|ID@#z<m8UPg&u#L%mNbPp~?&|)kuG(S=vF|)z~
zvfC50(&Z90m&fPVZmg#ydYdVvX6=deP;b1m%g~L{<wYrdHq(TgO2U+4ztBj4jLvvh
z)rtWs<R4dzY^Yx1FW{H52(2HaDT$KFC~3-UQyrY%Bt@AXl@R#RCPDFmU@8!Q7GawY
z%g+gAgK!gYd?FqqZuHd!&3GEj8@-JNujB<>-}d5?^z6XC)*y`Ak2~u7laYiBa*Y-?
zHetaQt%YOQnRnWEJtKArlB#68N)zZ+IftN(;ssnlL&wexWK7rLhII&T@M6~iEW@qw
zck(D5+Bqy?JP8qhZ-2QXZAS*I_{Cl3J5#3Q#hL)>pho~@=*yoX`~z0@F^;Py_$g>6
zFrV8Q<IlF!Kanbsj_L}$bg`h9A>;2U6x792C)QT!+;%8HQjC`f5~_u)2gfXhtw-AO
zWOPyE3Fubwj4`+QKw-V|N#|sKryvhuF3A*DJVwdR8F7q(h#R80VE=QmOCnqoz;Nf}
zd4N`>Q{I)>MFl+9N3#q<!hU-SQzeLA1jqK$HxX}~viak3@acu@pAu{QKkSVH(`l~c
z2a@#tE_gJ&6-5N$AK`vMv6jrnjaiVp5V5|}Nm9nHU>?Z&?O@p2pE%{D6jg+ZeYK!*
zY@uf&>xYLCvD4DTNoSSPc*CNm+1BV8D0xgN5&^y$WQpWAMaaT8L&!5XJxh?jLH$e-
z$i_JPWk@nJkNDx)W<Hej&ZquIp{HN=tup+vFygl29x;9wH4=3KWb9K9L_;hlmO-NP
zXcJ4J_>IbzgC8^3O4wBC;x-(O^v(N~G|qwPm&^iJMfh@Fk61HJKkr>&d}Cn#j^0I!
zND{E*zcfq(mLv&SUbc*-x-l|iZBnZ0<yRvDWYk=6$OK*R45&N4F=5aq3#J!+hJD|g
zKu3&ZD2YMx3Y#Xs4i@jk4YcRmECT402fsZ|OAs_Dg2Xxy)D~1@$$oVCy4EQq2$LlL
zFn&n71Pb|>z@QV6VC^4hCO$!N0nl&sb)Ett?@t?(^j=Vl#vTxh#+JY)jl4f1eiT2{
z@dckY1VV3Q31@>+#uWIl3DGmNj#lk0WQaLpfGGuU0Jf_PE$eMMR-h2%R6MtYDL(zr
zf@rlRbe9a6*7Sr-Yka|D`d+jN{m-6>wX?2p;d%IlW=Y-Q(Rp$tRK9#M<*#qng$JjP
z;yIC_war>x8Dr+|$O-dz?ZTpirwEv^c`||40a@9yZ-dfcZPdzz^<iTGFYpAwTUmr>
z-jb*ILD3p!dt0jUjF&(D(HefRfS94WYWr69Ypdl9&YBo=3gw^}h@4+on(nA!C&I%8
zU&ZfD(#o7F!N^>){%DwrHKa_%JgH;x55h=uj$OwEOXEF&3J0jV!iteS=@KYD0c%1F
z=#LSF^k{{yIF}(xu-~FBWP@EF$e1TSWS#6&orGGU9&fu1+e9PS#4}pJ#t_B>4XbLX
zW#4dAG#?OSbu@lZfPaYnTM(V~zSaM+ub6f6Fch0Dzgi#W0N?_>j|#6gGT+Z8yoP93
z$|VxcnhddaEGR&fB%r4FrYl-|tKK!HlXIEkO6vhE@uIZy3ZW8xvM1&FQyI&3U2z@s
z;46zic*{9lBIo}}qz{6TAS%5dcRxCfPg(XgN9D?rZ4?rP;RnNHJi-@DK&XKy?4|E`
z;T${LStTg)qPPmWb`oqv{OZq!B-(IwrOOL7t%eBa(`qE_;GqYA6rspAbV?EwxXy&B
z-i9Np8xh+KEXH=PnJ(#u$}GkH>ml|G7PqtVZ@icd@7i)~G3<QAp(7k0HE2iN^H5AL
zFdQFI4OXvMw<n?^&8}m4lAZe3#2}7<{B3Fcpp6C2NaFzu$^^iI@qjQ9G~?o*Sqp7K
z3(bMA;rEpl5C<6L^gU6RqX6VzD-jk|O==~aLxkH*Iwp~z46}in7g5V|Y6Y$Xkd^{%
z5q0wo`5@>;rp%DVBY&24@k7p=QC#q|%-D%kq)hxtdxW(%=?<wQ+GL-`^_?w=5ah$<
z95a2ppz4K_6f9W=Hg*^$lbTI2F-8^W253(GpGl9!{G;onp;ek%Q{h;(`d#I5yRDTS
z+!+uKsR&Y7rLsy6TO{3P0k*172#Z_1TqehfyJW~?;sX$G#eD(hr;IAXBZ~cd_=u2^
zJ!(t22R-5Fpv96{*Bz<wRAr|QCn7vVIT`8Y8Bs~NpXm|fok2bCiu@`y+`*0W4`t#5
zV$}%Ke3`;~ftc*?na28tr3ir0=>v~M=E@pvur6)3C7J5Osmmipya6K#2{P1!!ze=Y
z(_s=4LKZwHyCp@@pdzAaP!KRR#>kl(;>AMOVB9#6=*{TdFdfF4Q~Lw=g+ZWKo_lgf
zZV6JaIa&%-_<X9ij2uGwL9mh&0tV+6!OIZFX9XgU&<TW*dVqYHpP(wXq=7SH?is}=
z@O#ZALMSPJe*B9+dqekPzPdi)^W8lX4IHCkk`AXBIPs9wgFZ+@1ja>3=53KAnyiG8
zt_4WuW8b-iT(RH(ZYFF?xn$q?o@~jWIOXOD#+wg)_werWs>M;Xe9$Q&@Gf{&kWYAJ
zh!(#DdM?xJq)|YMuXw^GR6kKPYd|fV&P$ABg1L$a$GJWDNSBNUVan*{%pb-0WO_sB
z*}ZR%N@#jeB{V&7i1b90C92jC2Iv__swoVkz|ZuZHT=?TF7kq5Hy?Y5v&{!k2``Bw
z<53?~iN6Fz#;`~j{D-?mp~V(OPsIM`*^LWKds1q^oe{WX8fibKiG^Zg6F@1^2nJ%n
z+Uyr*Y<M*e)cZ>ksYgo~sW&}676pLrMd=aHo||~{YKmW57D<cxNV&E!FjX-bVJH=r
zC=mLgZ6Qt+iXbuMT^XLP<`t2?r7B?-N^1q;i;MmO+3b|3%Kg&5lY_m*DB;1XKypl;
zZ~KHTU-<Va%9Wp|6<LB)kyK=tTKYLpR~l`NF-rYPo`z_Ah&l%ocmH+~G2og*uvf=1
zkSig3kDY+CKTgmwFpD70&-|T`$fCzhaKZbQ8s-B~Tw*gC>+4Y4(SB~zS-y^i^|ZH!
zwkfUCihgp=LHFm}$9jv_qs2pTFok}tZKMCKy$&MN(at?y`Q#MXQ%LV9Avg|xoIi?h
z|NMA86no)BCSS2%I{)`AUoZ-poWQu`;966~7w4rjqu1YPL&AN!UdiIySjdzo&vs=|
z((Q*m>sq`s+K8(nEq9lY<lIrCes6s<;G1jXQLwk3iVBrWt2u@Y+RcMqv8q0BR<vQt
z<yFxVC?FxW>gMVCLQeYc9!Id%N0I3BHii_l<61BV&Hq`2?uS)-v-)6npjjn#u$l7*
zx#l`_L2tZyTU}7^(drGZTX~akm5n-mf1~BiZMxY9dCJ}<t6Im=Msud7z2%LwH`HqJ
z;jJ@wd!`vR`~_;0R&O?hbZ0KRAYSROJ8Mk)8L4oO8b@sT3zQk+lkR?xaJL$U$lXt6
z3`qEMrc4*{Yo!dl|KGk1ApZS%Tk4*!JkhGV`v{d}KHa7-FYm01W+}95n=He5x*Am)
z&9%Y2T2-12)Mb8?`I^e#sPwn~+C6YY_EeOjIU$n(c27J`4`;^F1PaW_A{KKrxACV3
zi}=H=_6-uqrll-TptDdE!JL%2BN8lcM=VbRPa+R@Si7pAg*ell)h$qewufzw`tB3S
ziw(!cZs;Hm;X7(;-L$H>>|>xK&%vyOFLFU_OZrOt;+xaS)N+&AEcBT>y;15ty)lfs
z(GT71MB~`$!x!6x4Jc(fb+<p$hkpd)5WRYxu}IR;=Je!@cZq|njrin>t~-wtI+o06
z?;qcR_1E2aAUieYWA9+rc@gz%t^U+Ozv=yhLdG?nrMKwuqK{M=H0?JR>x4j0M)1X>
zRApPEsRc=D{mx6LEWp1>DNCaDx{#&MPnlxBKz9ubk|R&7Q%DEj%)P19pDWbb&Vul-
z0A=Bh#wNh44OFZtaGw&gwPxZEU0kBT0Y!Sac9%z;>1LQrY>@6}3P$H`DsaKN-}|!v
zne~!%%@WZsU)(jo!*sVwX!qjNP*Nuim_PS<!Rp4$MGg8>()F(d@Y~GXcBcDp;j{))
ziSUed3&K8V#3(fFK$l|`BH#HFE%4fk2UCIm<rAsh)!A<DfOu0DlkEvF_W0-)@eOZ=
zonUtm5k|{g3?|F787$@9wqR`qGEydfs5jTBvp3C1$e1%-<44ZkTJM6+raQ{iyd`y4
ztZ`YSa|7KJGL`nRVf3k^nL6?B%W}+L*BLE{ZOqwH?xt$oUuLDLMI6H$Q>gyN$`xIy
zO?+>jg;r9hQt36r4?Uxe9k}aM6Qdr2TX$)B%P8>3O8{=SZhm=7YtWBS<=?LEQ-Yjb
z37pQ8jhaH)PtbM7-RH0^+(#R|FVP+ws~fmCwwIaL7W17SnI4<^X0Nvv=X<-;O|W9t
z+jv{<MqyGGIjUwme<75~I{`o`wSNz`Zc?g71dk_iSEtGv<KSrphw5bGtuGT-rvV9p
zzVFxX4KQD94Of04zClG)uPz=ph~*M)BYoQ}M{W%EKX_eIV07jo#P_#uQ+@YfM2jv8
zpc1*)C4}A+^5c!DlnTz23ZHPr6t<xNyc<WIDF#89XzR*_{A|%bSzK--^)A%0w9cj~
ze!i8PaWyGQfwIiNT-%s)?YPrmevY{7lMR1aPo+|)%TJ8fYzf!#)^d#=L$N`JPaNcs
zKsFZvdm=gAfO}J?=B$EvzmNQQw{Evct6YCvt2Zcv8vVG7TC#uOM6a2AS{W^kI~I}i
znnrI)m#XCoG*Hyb0r7>GPPI+9p}&v0kvOnMNd{Y@@4P;ea&}V3W$#+{3>wx;xDD3u
z2<XlTZxRSNTUvf7M@@GTN69dh1$O_fK3elNDCJJ47e8t_pVpMOc*!VQxn~WGqzYKd
z`e98y8*ln=wYs=&HoF=n>D1X6_0*f;wsT-1#wuRovB|-53~X*~Uim`PemJ?>I$3YF
z{0&sw=ssK5FqVrM#pUXqwP1e+UMQYKnbOL3H6z1*G%2Hjf60C%Ki>Z=ZAw25RaW|6
zJL9w^s{4=}(y=B!W|MmrHl%y`mlBR0ceCWFrQq=8sYMCHG<s@lzhy)n*6qJ*)j7wQ
znec>Fd*zpAp!Y;KNF+irLKzfP-Z&!!SI~maL)1~vESn&+g0R5hCP}eldM9R37EGjk
z#&NcVSunPG=AuVOy^$JScv??H)o`b<6GELKDm<U5ne(SRtMjw2!FI`&8hPAR0oK92
zxUi;$$oH&#n0a6johE0c+1<g(aQI(J(nu3~Ng3Tmwaylc!$h^PoaJ-Rc0{a1Ra$A9
z9FMc?;@LX1@SD(^qBV+K@Quqqkx5??>qYt4*C%}R?Yk$DT_0`dLot(_)vgw}wU++H
zL@7(H=N<AMdqp*!N?!^0qqF_%u$AiYDO>zbyX!HFB&Eku8uQ!Sbld2ESB;ewq%Gb*
zK55gM-~s-2xY^JBtmxkSpQ&lJJaB8Nf<~pz<f65aG8g7}+%~>q-ajYjlZR54mM62a
z%|p+4Ni{kwMz$Xl8cG|5VRYq}8ZGv}+D2JnddNfDX{clTa4qwGHe5f&K|h^M4@0Y=
zIc=7o+i{;y&JKP`S!Olah<MC~w$q8qa<ffeVpsf*<3r|R+n>XOX)|_t%S-h?Tc8OV
zP8+6l=~}xyjTY-`u`{X1f=FZZ<ps_vaJ8keHbI;4xLT`?=C55T!~;qvboialqFs2+
z;?tjuAF}w|>>DYWy$!z7M&82H=_QS3*R4D}4!gfy`x_@PkcY=v{}qw8N5wMWT+`m?
z_tLi{ReIf>Zf^@Q@9%@s*qVPRUA5y*qVRfr7Ar$0tRJIT*e`!=?6fk|nO!UolQWVw
zOLJn&AhY4D3h%@35Ne5E<(Xf!ws|UToVT~$m@locPiJi7%1)b?i?vc|vsKx>_M5&^
zSzE5Sz30OdjLd2*BUtIO`FtD>Czi<t^WFdXK7Wet3!8cjveWL2>XsK|we;c5;f-Mn
zpiNDJH+61@%#~g+xSVnW=kuDco*qAD2sGDts}ZtDp&3*TZ3gwHlZXeqb)E3Ot!SI0
z;{1X766(j-PMQQSi04mRmBQ~c=g$M2@x9SE3h<zx%gSh<x2UGG@1{z02Fgh@^*P_M
zDAc2!r)T*`4dqU~c8?VLrZzC2GiB4Jf(Unsx__5Xgp(^DJSZx{(M3lS@{PA2#?g=5
zo^j`5E5Y4mDH;0iqQtahmzh}LJ8Aq0sC?b(b?uB7-+7hj+}Ur{YEqf}%FzqU?>BJ?
zihUe+5)MM>TVJW}{vXz+R$uNJ$lFSR-s~vQULIxAPH`_Y?x>yexOtI-Gjc^D;i~a)
zB>1}&@3%2;OX>9ox_ci_SrDznxpkS3khp6KYoL4MrpEgrb`#lie%j4!Kgm?$7{tfh
zZG|_$sF4hM<rE%o{9W6CYULE6QXOC6wb->4m5<YV&6eK#q2%Z9wM5Ar=S=la9#x(-
z<<@qJ+=T-0&-VejCPb!D&b)hdTNJ|VhOX?L3=`fmHJ2V56f?1|V7yFW9=muK!nkpv
zNBD#=^;EpEN+d}TW3ZoKx1x0@vkJ<vaV5n>PqLhTC55CvEJb94{}Zanxs;xk@T8lT
zNV3`Qfk_d<cJA`nem&l1oSTz&PNi~CFvaclbJ#)Q&HRLAmVTs42<JmL_NLrpSFdVw
zFnsa#wBFPj{$NiPMPY{{FZ}k^Lo|Uo=hZ?ccq>HJzIQ7eIQ$U~5_LIV3)Jnv?#!iP
z{wD5LY7O1?PL=n$mu!8gEL0a`oeFIevAW11H3UT^GDmmUxOIPwW3Mp-#EmUBXW)2g
zKt|o(Rdvw;gWheef^tK8S7Aumw*3s=N|DM0^I54r5r^lT`PW`f4Z=}Bo#JZ1j#SqZ
z!CGzEq{vN8MQ2FsyR8<7BCU^pswr)JWlznB8|#DJc*JgScNwscD3VGjoMDbFvLOTf
zI^Rd+mA^bRb9(O5Z+|;qsL{r6hD~=Y^?TlIUBk-jtH|izqGhmJ%7@~1+WLZ!C-Q6D
zI^T7qwM{o~m5HAk7$$CE{5*aDh#>W|lwt|Ozn-DvM;N1o-dd_n9sS(1)=*>n`HH>t
zIsZO$lT-lF4KVy!5?Z~g%QwJF7>-JGOkA^dFM*$pTD=G&40{>yN4QPZ%~-wQ*FRqO
zWoKsyb4dYt`NX4kfMS1r^&!DEE{}q6LgV%R9j+IE=|$r`(}d}vz+_zN|8g=(x=aSo
z1K&ufS^EjCOl$#^)^>V@{KpvldWM)~s@W}_*y{VaUXS~xHH^~&u-|EDZzXoJ8W+o9
zr>9H!&pIR5r;_pkS~uUwc6AW3%N;XE(LOiyr_X)*GbP}9R-A9BG#fXX9sCV))JM28
ztlUJcn|_W4&y(@x+%i$GEh!J#E#ACKCPh!=A3K;ZYcyJY+Cuqt3-_zJN}kr=Cke5N
zI?~Y-7II1j{0@&*NH?EZd?^HgX%HQ>QL!}2p<<-vBY#tG{o6pDw^dIf=-jzxcIek~
zZ}x5#0(<(5+tWC-p|=Sf!mgHUV#bXu&aDi+8K3r$;Ue$$H)LUg;c`en-IH-zV_1MP
zuyc8Ox0SZ0znq19$?nZuZk%}GND8;`%s11Bq=nx(N*j%m(x7MSfM0-?-nhkH{<+Yf
zdi|QG-gCP!iH(AB0eB!^M0=~R{ppqW+A=(JB6lp%INtGO*9#0Xe6~3wuaJ9la?~gx
z=OG42BFZahjx0hC@hJNRLA8{-u1ydKI+kY^rBDho6m@1nz5)9k^*9&#y>QEa4ct{a
zE%Zg7ximr|)i7O~fTJOlt;R4AKQiz63GE}86+9*B6{a2MUp?xSM|oq<x|LCL8zfcs
zE2t%3qevU>P|QjeK#Zy6bgVcesf%^(LcS-IQZ#&0%EYrD7O${AK|L?!c#SF(vkSkM
z_Iqo;lY_?JmHxqX=s;>K_*#-e%wf`4-B!?TewCE5DJXbC?We5m{l<5lm5TprsrZiV
zWFvdC?iJN;-3Hsn%wEt%u_4W%G*TYdX0Wt2y%JBEKXmg?5xRsc$`4x5l}#s#Y>Yp3
zDHPCt6bDxSRMfp5>W4SHVzUg9lA7O>=Xc|;YT;ea68Wl0#)0`v(5G)-I&VI97+?%s
zu_a?@Xqne;U;i~$VV;8EPf#;~2ocE7d{79L^Ah^;fUO3GO$T~67V3n!@}0X5)iuEQ
zz--}~i)#5{Mofz7vPX(kf(&}d5O^IAl_N+RM8)A&PO`TyA=|?!X2oM8!QZwVQ`-i|
zd{B8QpE<=iKz03+j*(j___1;0l}ih$3&qk+I1bek<oH&j9Q~0ze*F>Q{8pnF{c%*G
z^28sYS1Kt~gTMQtKY#l28>pEvNz~~U1P!oN6U_fm=6S#uPBrkz9Aly>L-<BYFj2q3
zkPkg(UeF31PPZZ-g*?cI-~Wyhmw5<a(z~tvoy)7Zoel0P{gxh60Y<o4^np;*U){_Y
zs(Gnk>El+x+M}g{z2hSKxfx6m{@xBF8~Bkn{#y&O-m|h=A-wX=g_m#`&{93u@9LXM
z_2^u0cvh=mkh`gze(Fnv`#7rdlqUU`ULn97yt!v6>ID<!`|kwccBTBQ7*t4ak^E~_
z@VOgzvkPXpPs!pK>V!kRmNHlt0aZ{pF$!1-{u3(L#}fG*wf5OVi}v1xCFkz2ToY83
zSf2SYJ5=biI`wD#kGfQyHN((>n1%-vrTHz*VJuC;gEK;(Z+@Q9JuxjeCVaQuI<9E+
zB<)J@TFe?<J>FI>P-mE3TK)^v-KX^*&%P_5FRaOBN|^9(g!f^(Y*X{pa|IJ`om;CA
zyH|PorxLMy(y5UmcW(+Mho~flS=1!$j`;ftnt}%y#p20IAli;{s=ee<zXg?$04bN+
z`r4c}h}!d)WHKr_i(sZc)Cna`v&$4>ArHwHxcDNqkE8Hz<9Pn?n1v{olB}h+?ktcG
z&beT2w+pgsi$1Lm6$(k7#oBy@<VD@utPn6tKzETKbl4Sxy2rpX8V@VmNA^kOs)Y3~
zdb)-J&R3Pg3jN#7C^@X(IcG<aj+7HPV<@^@WZ^J0?JMcP5i&jgoN=nl>B{!pal^~i
z({jU0wd3-G*|d{i7sB}&h@)b?o%Yyhc=_%=loY$ZH>*d?n?PMhE^?-$p91IWm7v7k
zfUenfV(+1EK3i!xC&u}YnDx*^3{0%+D4xTx+sF$Cu-0m(7e&5xhV{kc(*WSm7`t~U
z9^-;Ov`?N!ZS>gXE(^A|9zi9X@InHp%kBzEjJD*?JK++9&QaEOVIJLa!Kxh(h^q$U
z#x(7@C|qIqpHe)5A-@)V_+0MlD^3=n!_Y4a254$D(t~VTIN73tm9-7PH`BUsTccrd
zwc{!+`Jt-3{*VUQkoc2U>lX_x(}VQTLhGG)X`@9**#f*XRKfNgOB<IxYQXX?$X2fb
z59Y;r#%%Ncl6hYM+e+=X*?KL3*I>8FhJ<Fm@rHLwfgBRK>XB_<IWqf*@_;5RA+f|C
zZhDHrq>(7cJP}DQ%ly!M>$tiCK@KnT^t62F#BMgt4)w;u;z<p`4-vD|xx9hmU!RX}
zc-IZn$zTnR@eYhOQ!S)N!Ol5Nw`Zr>kbQVvIu=NHHf>W=XgJH#d6aA6z}U3I#(SJ}
zj6Imzq&dykq)F%T+9iioci^A)tuBa%0JVm|R*k`r4rcu+2fOAZXwkP5qJzmW`h<GK
zus52}6Q0GOCDW_l;@!!n)#~9^wSM5nVHa@NFf=(HRY7QsZI+5JYf~5YddQ<#m!{MN
zS?bzY;d8dv9xnQm6arg>p7w~EJ8-}|5DSHIikbJ(;}mYhAPul)eOeMLg$tO|s+iG&
zsANZ9ytD}&R;7RFkbIwXMPamOe9Gy|h$Lyp_9oO8XU~bJ9Px;)eDJyJg?tM9$?=5-
zjQfDBY`%v=gj>L@9MIjkJd_>g`S_*-junOlunTvLDq6?6fk?~!89-<jK|}twTevBg
z^Xc~=JLAs3JL7R>i^s<d007wD|DT<4r~gyW#|P3IdwBhuyKzCXlWU}bbUhIsx5sGG
z@g^vKP1avK-X2vPD%Ox%RG6>MShDAj15i^_a%ai0TmT7*W{qP?(J?ird9MKFv2{U{
zH>YGkY71e>(cZ&P&Uy;Xy43*yWu6~@`u6h86!R_5qb_r2#)o6WTDNgN@eXp{22X8k
zXRTX)nUgOKF7Rj7lg@qU_`B%xa4pZj`6=}0>Ckp}w*uFfrV}INd*joA+~sb{u9Vmg
zwS*1i905p}bH65UjV?W&rfT*S*?-O@vDeqPu_almQ3I9B+(r}XttDWpwX)fAnf(j7
zk$Iati&6mMEf0}XN{?RLJt$IeLorr%c#l2OPr>TA*FIknH|jqd&(2-FS$GMi?)0AE
z@7xDSlJrWv{>@)q?tWDBn?_tre=`@XJ`R{jOQp9<9bzZk32`j{!NJa>U0zC&aT!`9
z2Oj^hC@RTSbK8FL!_FgJ?m0?R{*)=$R&?Ib&i(Yf#L(03d5)x2@O>=Z-#b?;DajNq
z#bma3c4PXHaWYGOVDpi*r<n<T?@ncZFwZXDtBQ^&WT;>jwIsk>sr?R|^q1@X>%9wi
zrFwdp<a{YN;^lc5NjOcNMJ#s`{*tC&jYdDql;dFc+1S@ea`HRzcyqdHHWTL7?bc3n
znk9es+$PVaMq&i8ob6q7UT1J@Oa$fXHJLmcp-UCKjnlo3dF+toWqqtd{o&?QN>F9n
zs!W-7yL^%66!yz>i*=dFnp6S2Z9v~Wq{<i0TUtzgBJ*76SixB2?2pw1Z-z2GRdM@^
zrAf?_)?#conyK`Dc&{{94eb)xJ7H9jNO?W|S+Ou>A=;U<lJ_gfr`$jM0T~C6#EkGx
zMQGeFAFB|R@8+OOgn1j;S}Rc<`7}f%qseLI!jp=37S~#4csk6TR>MWUlOT&5$L~Dc
zdB}TSs?PM*uELV@BE$83q*MowMwFn|o>inxBc*mjh(1Yzb15~IIlr{E#8Xw&YIi-(
z`INoj<)~Lpoa=a&8|k_k-SsYQJez{#Ex<>j{<6w149W3`7|ZcRiF^MVrYF`Lt{%~p
z#gD`1>^I^tDO7~DK8>9a;e0*17CtK9FrtQ!r?LDi1-M=z8oM~r*V#^^{qXWraSWew
z{+aIU*wM<rLkVMav8GNXWNm>`AF%M#9d<)1bPS(}dvZEmo7HR3v+Z5>#`@TO0$l2s
z{-fe9?yF(Y>xWZ(r{e?vW%=r!j*^SYhb2AQ*S$Z&;O2Pu38FuFN3-I9+hrsdV)hq;
z+^Z9bxA9IB53!P9E3Hl_Z6qs8Uni7)dGDes)MUC5A(`40(;cjIkaf+h+LQqAi!FH5
z>$Fd~x(117n_a-52^47Fa!H!E{xOxrbETNd0PMR1rZ`F;g3HrOmAs>{3M|oTqx0b0
zQeFcAM@o&{lS@kwH_`LsfcM%*+pdY+b7L{$#vNtpIo8;YY6qsL<clIIsb6#_P(Tc~
zt{vDXC#oQRS+IX$#+}KRca6PxCbpn%q5Hamz{Hm58dJQWoCp_#aQ{<oTkfg_qAm|{
zJrvcN6ith_t}J|%4R`Hv$SM!;%Ga=&6<|{&yT#NuD$vXrw9b^m0Q?>X9@1qyaRjXM
z@cg?OAE`6i<(j-f8}dqTh)50a1N?q0$-i5qD|Ni@Te{j2Ha-e+lZKK>)fZghH3T_;
zRRGZoZT9YNbx4IZ-d)j94!IN5;45?tt@;AfuwEJXgZBQeGM7~M5=DO&v8n`Zj6iTH
zvIKE0uC5Q79M}qk-3#*fZ?_>>cBy&cQK?{w@OzO$@$h@lLP?dbUeW~;-IQ4psul@|
z^C}Rn2B~ldVzfaF#H3<_CYGw2XZ$QLg)#A<rs4k5plIHdbrPBvWazBu5^3IQR4MqU
z2DZ97DoYb3L9$NBENN6WXg{ivM7;}89@xed_l>ADFN@=a8Fiw!(BXY)z#OpZtkk)P
zzQiRl#9J&)DJ}mTq03@beaMS4C4U@}D{D<jGoUE_0Q8Q4>0pGYLrgr^g^8qvuln4j
z#u;;(w|r|ivI;J6^~}_AW&_ewy|#H&S)uaoR<L5jIv$YC4N#YjVW&&|F)S%ju}9{u
zHUNAi7#)Zt5Fz@IO5OguSk>}FoNfdxd9<g%qFW&sII*u}Ucus(fNx_K>63$Kh@$cd
zK~&}g3Lf1*ymvB3cu$EC`25r$0iSqlfQ0~w2ck501B`u@{r$e-X728o4$XPo2)BA4
zw1#CIGrMF=umGKj>gEV*%R@q0{yI`!iYRMt;VGdG@sORl6isOAP|#g<2pG9__<NXm
zJJQ-&tJzu6XW6|u94f_Ia^cknGVsVzkz1bG?#eh-KZLq`X}(g`7a#;`2+v-H<!f`q
z>U$x~{vrkGU&ym}_V^CheX%36asP%FIC#B$3D!NPKbkUMELd+BEqBV6yX30g$O6R*
zPp&;!ZzorxiIFaEIlSVIT=sPEk=7Xj*AVJC;y05$amG-YpSa8b8x^aFfsOzNejDio
z!>$M+dgkE8O?mD2M0jXQs~wL>6#?o@_j-1l>4PNs9p(NP#XyxYQ01yr`I!~|p49!%
zAWLQs`FK-*Lg24K$34xwF0R~py7iP4z*$gT<dqa|t*9=5Wkh@^lu_OY4e$&8Se_)Y
zi%E?Oq&XPP-(0}@D+5e&$R&aA;SycM!7biWq=$ES0KaaK4<bkncYGw?L%^>PX<Vl+
zFDvzhl}~~&Z}zt``%!(uuHjURP6f5gug;tbern$(upynL!=ZX(k=XOehWV$1(F;&=
z2XwHxK8?Q5#Cn&s`pHB#fG*jJS+*#w$Li$D(7NK(TPzKBMl<`zt#uAridCp7l;N@t
zWC`~(JCfB!gxADVx$-nEPR&Uz(fx9s#*vWx=<CG^YZ7_0U%A6qg9AT!>kCCme1fl2
zlr;s`T!icCz-$%QfXivoopi1{N|;l*yj1L}dmn9O)_1EYKfqZ`e&S27@RyUnjQ*@2
zdfPk7_zC5f?&dE4b6Tvg(L>@64RSAoIsSBjR=(rn_2=!%3di*8WIIela!n;M^|srI
z?q%XWOd~twt*}Gl7F6H;a|>bBfwSEPkoS$JyNEh8dHR)dmK)+vLv%$|h%nR+7KQNQ
zs}9SdKuhs?$90f_jVaz$<GBwbuORz^pfbGknZ3qw-in+T`FKKl(26@uTcTqF^gtZA
zxKSW`VmjJSKLkK4NT~@B78z!6!PQE<;-pK1%E(#Bdp@0*?}3TR@}eN<M32fsUl@1-
zsyz2;JAm`+k8v`+(n^ZPiq&~yxH!5}t!}{LC-$(q6Wkw=+UUbBM;%x$5cah%qg+fq
za1r5x#qQpPDR2sloIkbnnR!95TFnH^=^VWn>$AB0lL^|h3euCjK&hazy_^t{3g8w8
zw<I980v{nxQDi|=-j6N1jBGuKZkq_CS^p-_C$i2{L2EKWKTVjgYnf;8BtaLe<FOf0
z-$|!4t~R{B;okEtcabMb7cV5JtHHzDb8%JV$N)3%5FTppm4LdS)ALq~B<uc?7Up5(
z0GZe2*5GBJR%}dR&E4KeyDMaQuF>Q`>NNZaJds?$3!y8>5o`)l0?wQ@QNw%0A}t^h
z>E`q9<zHfzHK%-SXt%6%VtlQQ^Xb>IFQbh=YmJ$DbRk6+Y)z0VQ#Rkclh+x~s+t6X
zX@%P^?>Iv3(+u0u_UVA(H?12QJod;KkvoAMX#4VN`V;j!aPFEiu7?*V?;9*#X|H3S
zN}dZZL^Qtyi<VVmRNc&*Iz)?>HDgqJ$=9;;Q48Ana^o)ea<jTE8fJ$jcavzn18+#E
zHVJ<Lg?W8^&&k!gG5nUo9i>9%JjMs0*%2}XpnF8$)QZI6bk%K;X4Ue(4)TuP{`d!5
zAQtr4XF?`xm~lgjlsN0^a$F1etI@<v4SuK&BDDZFL`{OU+*o7~1HP!1un=CnjEtZ;
z0R3x+23S=?3cWzuN1ivNloT%LmwgSO^g2-PSO#(j=OylMw3?h(>o>)yOtOz^<`F!o
zU&0rMD87j+6OREl1ukeyJaI&|W&jrXSA3dO_^|4Bl)Vf9;q{q5_`mm=B})!Q@Tk)H
z^G(%}*T<&PeN*^E@888|rks|vvnJdn3$Fm#%}19FI7H`lmJQjNvg>t?jSjY2QN+iJ
zfctsOrGoq&u7C-siw=*a!u<MNLEZ`F8%odidN`#jMffAx0bIor3HR~O0SgZ1{z+UY
zQ21Rk6OjaT<(4($R%d??q}C}qW+qtkg7%2noqP|r7vMkIP<WcgwqOs`flAvpBP~0`
zw!VaLXZNX%5x;`;4sGV05vmzAk^i0yani%tGjY}^A#L)aM^p`+<ngA}Tk?5M^w&cl
z(xJ)N@Q)cGNgAT+jOq^;@5_j2-bz61iKAkR29Vq_W3HAnc@B8Lra7Rw4Qg>Bo=AzT
z4y=?kXv2rPBavHC8A#eFKl)&5Sb_pAb>wYP@|p$PM;blmD7to=<pooVelf=b+Vr_m
zG#pS=pto*91Ys`{ks}Hl1@}Y?-0?Tq;xCHedEGf1SG+=5-Q?ztZn<n;{0jq(5UBg>
zSswctyv#0Ap#VjztlE!fi7FMFgeY}`zqUw-VxJ*IvFAumwRfJ(DS!MOQfHe)^p(vK
zj74XERJjinRvLOb{Lw+o%sDh0qj!AmeK9JRlCuKG02zpy3DO@a9jH&3M4-M#198G;
z0&&6!8R#M14)U1p9QdW#-CN6F1G)qJ)w-^ozzTrB)(1ZSEo(|Wbbf1WMz~8SLhDKQ
z@E3Jb%9;0*R|kGqf|b{s%cOVi=`O~@GhJJD-Lf;XV|g59oYgq)(Y~{mKOwT!YDV2l
z^{;nyk}n#?m5#MDRjQpq(PEu9?5GDH4RY&^3FePdyp{13YENjA3!b>r9&e+9(x^Yd
zAq>Pt!P>n1@Hq!TvRQNf;Vwb4&?q&emPj#YeNPW+uyUlnHIrf`q$KFqY;a;p_Lsti
z;Vi&#`VzINF|VX4kvvmYoon(K%V!0Oly3!ej#{~X)Lj!a{cKT9Rq$g%w9BVFP#{?y
z3Mm6}n<aF;k^&SYk8VI=UYH3Cc6yxR`2bjHP)fD1rlCyZeOb|Pa%&<A*SP#J-M}J>
zZVw7?^^NgS_KwPYmco}}26wOEKcxAN2YC-F)Lgr8sM%G)kkb#e(~N;6V7KrifcczV
zJ>zUWH#;}GQvoL5*3>_3YEpze`6UQ=3yKhNmXyJxO(=gN^QEX2A=r;f5L(QXAo>G(
z@+gH^7TR0LS8~q6ji>slg_*(a5T<cHv&>KYFHZ6W*uhadIA4hkVmdhW-%j?V22b>b
z3e8;nXi{$Q&t5CO(EeEx8$!OAC#ANj%QO#(pf4k#n_Wgk1?RSLh{<VtORr(^Ixuqb
zJIp7^Xt(X5og&CM=f8OHdGdeVe~)=YysG80ueYnVlAblVi+QfV{5yZ);_MXL#$0AX
z+`o17#0N)$_ZDDU=xm=)&3|v-TdlCgu|1amvKgQwS!j;PeYC&$_gw3fgV0FObpzd)
zQSROw+Fx7hj?FUs0Z)4-+*+&cl;wJKu4^Uw(ou60UUER`{MMnC{-@$B<t)a41{+X;
zwZBsCs5PQ8LY1{3<JUhudZ;8xFZV>T(EdVAzvam#mn{AO8x&5l1cYrKlT}NXqMl@E
z>!GDHuyutIFr`@#f$uZHf=97+Q3Q(o<l^BZ?|egeTKR|%7$%ifgBPgCn~GVkE&zQP
z<N2ztIY3Pp1BzkC$?H5<2z*Pd8ETq~p;sV5cjY4+vgYm^&@-KBCq;43vbh#niue&C
z{5_&`0i=Z$&LfcR(2{E03J&ueIrcq(5w;`SfpgAIK#}0aJtEAO$r)qz;(HD_lJ6N-
za`%1W_J)wOF-Q5P;!N2LC??IGlx+^ubE{M!aAyIXP>+v{LcG9|COz2phUz+Rqslmo
z5cBk0l&a30Wz=}#EIsENm8PP<w7%7GnK4d|1Kzne%|$&2`PzRK|I(&YgmSb0K8T+N
z%}Rwz2kE(QaN;#^J@CaFEhOK;jBtt--44uc9A;Mega7hJe09{ogud?4{BI=Uj>A&f
z6wrd)+G>Sf2J{unZw{^rSCYCN{hNYwKef0TZn?KtfaYY^a4n91mG2R;XRYa!Z)^33
z&Q!yyRK@THmtL6D_{n}*Gp1%)P-+3WK1*Hf`4CT1ctO$bcz>Q#{T{DTfO6RL7Oo9Z
z_YYQ0h`>$io&-<in$!i2_hMLy4CcNmp(X1)vKFam4(MKmkj>YVO^TVoN5&Jra#h71
zJcbnq=qm+QfUs90JcEPi=KK0xM)~{+y4dT+rg25kfsDVR61NV#p4jE3t4g(jJ!0^*
zstJ>m^Y`flT_HvlmHDu1Ldqr_h$ROi3E@;tycR-GoL58!WDE2{Lzd`}%(XfsQ<1nt
z2BmAvkj%?;NT!v%>;|P9&B5zK?sBI;9IjJH+Obb%$W=zT)K_pzxn$YQOb=7RXiI_2
z3qytF?(KHmDQLeVw(9rYpu9POY94WAMeFjHnllY=1TrB4-b~_}@gZb+k5;fVLOdv+
z@4U&!cUEu)bO)Q^kKN?;SUR)idhu3p%7w?}h)0rw#}R*y(H5heLneV=gW_fW9oVal
zr2)NR^<$6|L<u_!<iZ~P*{jffCdl32_fuMRs+dwQ@k|1ymYEe(jHt;~XF@%fb$;Tv
z91x#~4IK%|PE4?(gQ=rA(`Z|>lgE>)^M+d<yDv}I`y(_&+=7a7UI^;Iegf`LYZk<@
zdV=v@ww5F;#`A>JtVMn&FVj*eR2QIGeO9R}%Il3=0PhjFb9laF`4{*BqhDO8Ui39G
zWPm<9QWH4k8IXrN1-vhJf6tzsGCskz7Fk7fqg&9LhyEE2k?~+Rd^fP^gS&omtN~lt
zP+U}&H(;3I`a8x9>smYkmhwD*xeF|zWJjc$CAcxz-6Gj*YFLq34?%&#lR{#^S425-
zS|?<<ZqgAy7c#BH-j->nb`7US9aRqlQKN1%B1ONu6_H+W@Lou9>ash9f+RYZ!yqeM
zvJTs-9%IILH_!~a-+|cyJ~-zn4z6N=(v4fIaIE*-wQF!5=T@4BK6VN_U^xi*#z|Il
zEvaXl6a9Q02JQiB40#{-F(YQ*)(2nOeMODl8m4UZnbs^-kc@XQb-43jAKD2W7u}})
znyu&TY#AN5%yKdY+Ji~o;Pfr@@~nM!bEB1iGLL>jj|+Vk-|!kIKWF%uj+3nH2(Vq}
zCc*1CID6y~jwY$W0{Qxpi?7tD88LOB>U6xjS}1mJ+kx{Rql`zEl&_Q*)Gt#@%|cH9
zPv*#dSaBCi2>4`evChtnm4%#5_EY%Afn#eqZ{QDp-;diNs^b$I<vuBTFV(Qm(GGV>
z4}iy&rbT}0*0UDnHSsPP`=_>K$keV(;y3w`Ek0JFQrcBf6?AG7kL+Q=A=dMJth^3P
z_NoiD)@nN32x)^)r;(~n;}*%|kLg%rT|b=l8IA|4YmLs$(BY$Sm;zh7;T2^6U+w5&
zu)%ygA&l-T?zWQ5z?Sl<R+YJ_mI&z*Cvezj^|Rw9Bi9`Ml{gcJgQ-pXr@LvnW81cg
zO`8PF^LdtxWUWyda9jH6zeYo*5pUhNVQW<NB&{u&`1IZz`hz2%!eZ|T#Yw&v?_F%-
z;?NKU=zU$IR?kX3;pMe@=46AQiwg7H22>ki0H0b|xSH>MO!y~GSq5QjwvfsUc~ArM
z>EK7h2E+^Km-fJH&MoR7GTXo_f6@a|nC0iRy5Recz%POF;r)*Q+!1p8;??{g3FE!<
z`Ct;ki>3A`dm74Zo}x(c!OP(HaO^!j1Z38t1eBNjbHp2T^4mO$OHl%WRlfKDNFiF{
z1So@2)=;lBvL??T)~_oSf4i>@e|iTElzi~QW-p=Jw?k_5GqRdO=>Z(WdyRTn?}0h3
z*d0Yq1B&Y0LKu)Yt3rUm3aP<2DeL^BY5-!73!MTN{zlxeF!W}VcOWr*0etJNBzHlz
z7~b$~ZtV%*dXmda0pRF?EnX6!1Ni_S0o4`kKC=@zg0B6*HQ=9Z+e_(@?fAhDUP3WA
zG3!PO?pk0(R|M0WBe?RVdz5aBy162#!j%6LbQFcC8iC{rsY94}ad8J{I$A{cL6<Ji
zWT3{Nd7L$eV_RmOuBe1koyt{Y_1d^1O(J7urL)XJ@eGcYDt+|j-p`l#hw`<C6M@z*
z9jpbgs8E<vH!DzBl1~$0)GnMe7mefsSRX`MI{wc+-Zzb0iGI#*FktFI)OCN~Lf?eI
zVf=Njj34o<iX9-^9Q{L}5WFt{iEwBi@R^rjhUlOiq&b=cD8DNh9;pr;kx=qa^#!2(
zi~kdBT^HCDX>@cRn8Z;l=T9V5q-2h4=k%>h>f1zRWEAhsgn+}$^8L7_-WOm+mK0T-
zcSZ#(EH-q%7g!-u(lrJh75LQQ5%Qu81Qhwclt<tLKsU(DD)6|N;5ZD(>@qKyKAK@!
zFF+FVo&y790(a{j<X>CRB=lmtLA^(zktoPC#$o^qQ5Q_)FfyZafVC)((d*1;4MeDB
zBx{o)ys?>`Y)UJdF$am;HuQ_!)s>!qubV(ZktbYMn-NYXns8*YQ2b~RhFo)m!1b!c
zJ1ptJ$T~nrAaokaa_oSph20Q1+z-Oo!n{A^S9l6tLp2D`gz2<ieGS-Cy}*k}+FfMN
z$l3PT`_2h*TOg^?vMq&vZrJuu;aKV45aqagqXHq{E<2D-AWNP89n3`B{rBw1qI`{|
zQ<_U#TO0<0QciRD*3X{M(3zH9`we%+iAZh+PCDbS<}b6LLcT@vMjWDJ3EI3U_T$U?
z0qUuN%%zYuNKEwu!ae9hyGhC=c6LxkG_UCPQ0=^6J>KoChT@!A>T5bf{k#gUz^Q7;
z@E>6H4Ym7zz`~{yhNief)2T^7=faKxxXj(}q&1sY8>UFyQbeg7`?g&vKHyhPX>|nZ
z1TyjlnrqDYT#UgMAW@MdHNaA#2~Vs~$W@gC1t%kw`W|&PO-pKuS{j<THL)N;sK+rb
z{SJ_>!#U7lP@W7(^Z&)%I|YjpL~EMcwvDsTwr$(CZQHhO+qP}nw(Y&=+}rce-P1i2
z-O&#dQCWz{h?SN3P*Lm4_5X?Y<njA6xm$xCnURhpvo6sj2Cy@fOGg3)Y@<O!&e}A8
zJ^m&2iLnMC-#F^Xhlc(H)nQQq58Y4^%AnU*4w2Y9Y^-_e#s5HpQ+Y`%x8b=*R)G5l
z^Y5R@;Wxm^rQ;K```4=a3uHnLii3zEszfyTz);N~LyiEDJWqN7NKFO3<^%(~QpB$z
zQJo@^W(KQ~ARSZ*qDrQrhpzJ{MImuZegIF?)3KYF{$#zEPGvA#Pl!jFNLyqrsi>-=
z+N8^i%0%LLKsfx&xV^m*Dpy5dl7lqGb(QM)6(Y)@@GxP3P2;N%i1x!qz7asg3c>Va
z$^E3Uf*9+)+uHq;|MTA43iQWSLvb?F0iBE__yt?5ofG4QTY7@X!oEGfl_u%T4Ge0b
zdY04!jAPGW=rU)2c(UF@#56|tlbQ~CpYNsl3!{wG3H<Ctv|pl=EpFEa@y%&9u6`Hh
zUPk#~_>>0VCAYfk{!c~$v9=R0VkqO$7cqy}@T>`S{uaS%1QPolf@9ssj-CE*4vfsR
zcmQFgVlHm!>6<cp1*aTZ+4HAlgyq1`$j1nIbMvxtVqtSAr^F*(4BUE?{6cEYLkMK&
zOn;$xdY~T3fGF4?3YZH^+~GT&yB<A$$saqN8dydAGT#a85{JCrprDp76Jqz3yX`9G
zugJQP-^}`uSxCz_l-7_lC#|B{8+6ETrydcJ^S8)v{n*knI;ER;7!$kU&q$tzlPmJc
zWF2~(=(8<5l$JGsTkJ6zww%beGbnvP^lUrs;4=fgcfp*qAaswu1a<Abd~p|d!k_dc
zaOQYp1N9{sa5K+V2>TG#=~cVd<%!A~fJz*2(wWIdNLjwLHDbNuN@m}`Go%qictGpx
z{mGq0HGit0LJtJp6lT97g+mj=8$nL=tnqS0fLH?ku!I_btM|S9917a{d=S~Jg&_ST
z!WA+w8ycgMldLJNGq+t9qA(Rns5R*d-31&arKQ=}Of{zWWkOnNS-W%A4f3P&kV^;@
zu%!e5c-AcG0(9u6{Zx1Ypq?HPhoDaS@4Y}u`yAbY&wvz3zqpvYHm^PG-u$va;kY3@
zLCOlqxfdDrhQn@A@y_lEu5$UR`0MaNEHUSPLx4>Rk8v{TTD<Zm<ioSWN!Y~PY9tH-
z_41{??#QKx2dul$r)J!>zU7<|^^^G+8wboCJy3`Lcxp++?2Ok>9A==#@1ot7ZXE0(
zMukbE_pxs{?00KvfplI0ZA$6I7L?EeJ7cEdjqU(%PaGOpqSsyX6)DvHX8bFa^V~{9
zp6bxPVHm-ASuha6iWogR!TgL7Ob(Zs8?%lSl`@{_1?fyD!}s&1tz(^^^p4JCX0#ZZ
z_CuZ-`lnBKQ|NJ$N=y5dcF8OKc}MVyZk7;KlP~Ki(GRVMnlaLjT!os~1F6DG<~qoU
zmcxuzBW|<7rUEh08|EjtGu9jdOxhEQ8_DxmSN@m0E!l_XxH@IB&AO=}HZSfQB|DDX
z?aOj$aawO0qY<ZCbB~OyejUZqKE8TQ8;6XFN)PpCU@T~CsiPy~f_ysk+F|Nb+>Lkn
zpQbs%WfAmV`POkkZiJGADogT1=DyNIt`NoXvlPYgt_H=iV2(t;y45!PNv}WZ;pS;v
zimcxgT^uKX55N@#z^2DoNGChYbb6x8@J)-_RLLI`Ox?bhzHq^sde&`=0W1}QEnXh1
zDUlz0Tm?Agh`ZSNJcwU4RSE$!RRR7UU#)PHz1_N1#8XQTFKQ{aATQ=9+N<#6IyJ<k
zq76ugscAqd0M_m##+dqA<eteQzr`q<Jtjjt_)^S6CPy36t!xF|gH2$}PX_y@$md$z
zA!}=p7HB0)ZivxK*&*AEfkb2BE9HYYi+7~z=v#HZ-pFn#uLYwX-qc(5I9bBiV=Atk
zIfhE(^(OPge@NOT<EhO3oqTduy~S$0piz~E^SfwqmS;am7+NLQSzzzP{={^r%!hmB
zSzTIcb&Vv%WxzPyzZ*=6b!uRPx!R3#WKw`q0f!9i4k0aA#mVM4Cba{1YM8GVxHink
z5w-8twzqE)2H`3q7tSSnuQM(itN(nn3)Br<iQn$@b1SJ*@XXBLpL=}1CNz^G%k?uM
zKSFk+j;z7F-2nFlk@Ue_&P?d2ob5@BlK+Uq4)V|C5R#A&+Qeh{RutD4Lwv|;u?}Gb
zEc?@+2#{nBc;D7IAm|0OLR}a9_#=WkeB>Olqj}m-9(^y&ON)9R;YkQ8{#eVUktE5W
zQRTT~5SUEk79{7ZcXl|{+!H(EP}~}s>3t1yoSLX3M-+3Jzql0;%c;rl-p<O#hcFeS
zz67KUwoJJDf3Mj$SdvqNnPrWt-X+y7e*)@GW=*T!8#9=HsasFPwlKZF$4TAK@}$W$
z{$=m}UML|ThwVV-{~W;+uH|;6|K54~h5Q^f%dO{ru}qzsul*$#*QPzI2`%YROfmjs
z47jc}TKkdhe+gu_;-w^w)kLq!l$YP9O<z$W?3SJEGL8-omiY{_+cym>kNs9X1{9Ah
zi8UHg=m0?@Is85k<#z$35)B9sS`Wmyfl?&jo^>2N;$d>yl6&}zO%Axp%@^eC)l^IL
z2{st`k6Q=LfMR<8Oaq|t!*pbuZtR=ua4!tJ7tG1f25KcpcPc9@N#B2V--siBv8%H@
z0!uISS~>`E)BKV3(0`CK_KNC0$lzvZ2utjnT}J@LUnQa^V_6_-?3>I1$(<uYyo2Ii
z@M9@WLV?EY1>N`JW<cdyAU2{6%dQ=?EpF2H6K>C($)p05kOlN4_oYOj^ANrkIClnV
zrqklPve8@BYx4xE59QC6xk9BYgQT8k6zyoQc&wUvdN|hQDE`elj;Rz}%qYd(TvJnJ
z^mQqGk6EbK-fYPg3R%iht$pwgB#LX~r#<`gLjeiapz^1FpNXCmR5~g1?p4N*G+18M
zU=4!*V2NR1h9e-qXG1Kj-=5gNu}3N9nEW+WH8shNTe&|0N7YHoNaO2~{Il5Req$3+
z=Yf+?;oN^JQg2{_JE5}R%s|dt3)v)j2`;~AXNs)+dyoV(_`4@z9hrk6@$;{1IZoG#
z1d~Dc-jP4MrNH8&x7}P~kTB5GEYR6PF9ge}#!ZF#a_u9Rz(~6;&9-_9qipf+KVRN-
zr|yix`xKncqe*LPM-y7!a%-&s8t>w_IotHnkB=wLrew|QV#9i?N!O%s?YM(ee=F&A
z*9ga331i>e8Jb6tW{N_h+p#XYs^6S$n=Un+<2m$~BIdr(j`T$$@3GE<?C_`j8-5iR
zybHYkcB+=H*Cxsn@ayJZ1&tF{THOY{{?zZHwRlz|1rFbFEr*C_yK_z_9LrPv>z&T<
zeS@weMBY=HcV4@9ZkwK?Tg>O>)c4SzgGsiXZ~Xgiz{A#$caz9G5NZ=ObANtNmNmUd
zU>61;8YHSe)OZaIX)qsSAqow}SywP}5c7J(*5xIXmgjoh+jD%aLT58&AjrjgM&-s8
zO%5GQY>FFpNlnLQ=BHZ7O&I}?Qq-eqDtM+?T4oz{YfZ;)i!;S0Z1Xr=>st;L?#JdQ
z{ftxCDrv1*<~!>&f>LlUW7PKU#;IIsajaGGtxl7ip44_V#AyvpFls73!whXJ4f~ZT
z)aV*6I!3|HD|^E$DU#Kcz52LcCC-D#E7YoLt~$ki%o2AT#mAi!6Sw4ntYp|WN-bMO
zS6#xv(H3_q&BrXx$FWQOoJ+8-<(fD0t~-{2pVs~0*3|IpDm(_*U+LC^hAq^+b=O-~
zq17*Y$S*0n>#8=b@I1!5cTL`tj4#=<9DDAfcfz8Rw>Xr#E-*j+_4~0g)V1s`H+BOw
zrgyV5DZOl}J?A)Im5zg(Gt|F!H(P^xw9q}18asxRuZ{hIR)gSHlcH9qa)5-Ogynh5
zS_q9ORf<q78&EAAP%iZ7_U!_~H7c=`Dpwk(j@DGp*3_=oP$&s<`ehAu%^h?qnr$^b
zc7}rcD`NXKW{Bx(C>dHy9L;1b-DcZU1<|6Y*4!OttN&bNxANU@Rt&f554SGSI#_93
zY`J&3Ez3i*&LICOQFAXNb51wjz|4-I=2V+{xHNl;Phnr&wTyJv)7*9hxgKKOuGrkx
z>=-!M*pn%5ame9(O5Are4`cUgbUhCoXrm{`ITPncN@~zjhkF+qZL><U=;$;&M<i&g
zzK=2Y%sKb0+<qABK2~@3x895Fu4H<3+T15b|IAhYtZaVO<G-(N@9(;$`d)JXXuqZ;
zd`b$!r?l`WVR;rgZO=-u@~Ct?qZfCwq{dep=aWuo_$s4q>a^UHH$=;(T6>pRtu`JX
zy+6!F9#{8L#&&D<+`u1W|El#oH$P}|QjFC^%;i#Q{3;-NHX3Z}QnK`D*FWQ<cD{g&
z?eLv#^IdxSul@9O1o}tggS7adtTCe${l!QLus+$NkhJSY+A@N+aRhN~L~srs5YA_j
zHB+`X>!xigXKJeEYT`sF$+v4`*iymOQO4HM#ot*%*g=E5jZs+$Pu?F-wpOH6m9Ev|
zZFE?aPu`5F+2U@EXi*71Rc^*rY`$o#c!sWIp|06*@mjtqUVa+7xEo)#E>)@JsP_2A
zT+UQcvgK^_aP@?ZUJl~4*f?OW?66oNwP2|(UtiH~>}*ZR(ZrTnZh>8@`H;B&Xl~Bz
z(dfJ$*w{v2o_BWMkG$NVsn&ds?s(p<+H`W?ZlSzz(N&hMEr-`t-F?~qP~NT7^%eXs
z!M<$WR_gssfpj_yx~oRsu*s~u5Jg_urPp87MsC?=)PL=UefkNx3xu_XXRh)n(*K^t
zV&Pt?yGDoYWMy5bj@~E5+Voj&v+z9pD8*vs-fp{2AK9K2IeU!1i;QpC6;|oSQU47c
zE8!Js=|)@cE)2i1fckAOzowP0+_BR5T`iHeWwrhkUA*Cz?_kC9VcmGqaa#U4`v{zu
z#usY!M%m_GqKZEuxahF=@;VOos%(>DjJ$P&fjK-&`=jAk!{_O5vKDFu_RkutTzhNX
zX7OrS3;WfyfW^yZjOBy5{|!zv$2D;FJUP=J9NRsbv8reS;`A>2W3YmdAu~j3Ildey
zeImYGWNZm>Yzc;;eb&xbVQDb<aQ>EpE@*Fo0Obq;YN(-0KGh*(4*)s}04)k24HLa`
zeNHhJ&CzT4LpnI*ErQ7_n4?F4us|RtZw`Wg9|9!U<G7*Gb}7eCi)=bX8}AYmu2Z0P
z-4tT8w*Te4&KsyDcJKwW|0UY*dXcgfC2B2z+2T`&X{bNw>2ngMKgm*Wf{9N4um+3e
zuU@MCnz2aTq(~plqP|;s3osqLSsF0xrE3y4Q1zT&%B2D&`gH2!$z*f}E&jY$yUKf(
zy)#{Q=j^|J+~69uz|{;O8r6W+3;rsQdCE9u$%u0mh<ue#6Veth-Cy#W`vt@}BH=!!
z@q{p~ZH+T|y+jww_Gpk<!Z@b!h%*I<Y>^Be%RCO?+opwkTMdImD?|03Y*1-nhK~EC
ziN>DurYOl)%es$P&HA=D1W}?4wF5D;;3e7%uOG*RM^F@%o?9UX4`$b$&oA2r-mJE}
z)^k1gedf3m02uyr)vUL5$G4<k0ZHR=7PywJd3&}Zr_(r%rS7rVfYkGTXqSAEpmH`?
zp%Kx3Xt4klo3qmsWUEEl-W<1u`c*v`UKi$8r9nqtD_6WXRq0dfTQ+z=Jc>~!>tUVG
z8d)I->0tBaf=*CjGH~<eAoJ`%1&qM;Og3*6srx?@vX)6Dm`~4g(|9$Qn^&`fSVv-k
z919A9MaEbQ3b^LwaeCyotxILw3y9Y#CQj9+Q{Or5VI|lTdkC=)GD?@%Ah4W>3mk|`
zoQNpdd)cFVi+RZXh}mOeV^?2C)p-KO#?A8KgebXS#X^AwOx}lJ(GY!GWU$E?fHatZ
zYOPwC&<}I&>>RZ*Gsa;xa)PG|pvOqp9d4a8g)Z7e8_wp**bM7#kr%!z?Bi;FvX>4R
z<%M4{-YT!tC_GosMQ%;$hqf!0W^_ZlW#iTSp{oRY%yw?DB6nC1`^^|no>^>-il%Rw
zEFoYYb)_>~39_u@ImYFKS*Xk+-S{^$EAyXGjV5BoA0h^Xg<Z5;XKIw}D-z!?P=bV@
zOjM{GDNz2!0fyyteGW@$+Kd4VK&~WJDw7Vcl#%!7)sMhGgAkoQL+cwmap_VmS+kG#
zx+70{(M&62ro5ez-GkgAz}5;6J%8TYiFHV@ohW;Y2gfH-uxwF&0<yf*!(m4ZZ<%7j
z-c<2niRn%fJ+^%W_lmLXdf~Qc{XW_4dJ*k@A@+W%7^|&Sc(=k9>8`5rI(^esc!Z(!
zhgwS&bfc2-6mSb$Vov|io3y?pvkZ>@81@-k-uyhxvdoCAkbWL#?#JGEVd)BDIvS4n
z(rjBMO)tONMgc~H<FB_3SVB~*1)ePDyMr>>oP~CY%ykjvo$vISSn70gSxt!qMd)`{
zyojt}XivO_MEDiju|*)_7=z#lTRO&;bN(s^lm!ww7$LoegrP_ysdSrHnr%#EwqP+^
zPuq5E<&l1f61pd%Nm@kFf6Nl!Pl1N)=3|+IZvf{OZA3p@jqJ8wym?vqrAK)r??2AA
zVF*)xye^N34Xc&CJPej`NvUj!vP=tzT>DN)#xP?!iFqDC)U2gz<=$zZ+cR2Oo%WA`
zvfA9+y%|Twe)EKzv3ORFBGjk`Ue51(fN1rIupiMQ<(PuNc@sJ|azyNlz(uC4j6e3p
zn2pG{9CfWexTkR!1|MIUCJGUSc0*m<VfC^xS}1c55Q;vPUceBpTE<;EjX4WgIpZi~
zBNlZa#$7NJQTzs_Qj3H>iCB7;+pqL}E|sxrTCSCHRLeGd<XQ;lTDa$0M1Lr87W{iY
z2CVSjqLMA*T9^WhXAYTOwU}Nto5rpt^Ab>fCILOdf@>dvaF~V|W5!$^<hj6h$xWr<
zpdw=Ntdcn$nEZs&p^@TIT9=2w9;jN<3vo`<2TTM{6VxY4+ef5(CUa{1Ts-fAJUr8R
zYAhe+E^+$F<kXE49pyJFX&ax@`#RMEXiRvmnLDi`%bcmbbJR#;9tRGotqVJnWvLy6
z5mwIQ*W&;oA+X~$4a4N4bMSE3!1IrV^>i5U{VoWpKS1UM`yE%YikFWamET2V^4_6$
z5mxpMX)ax{cYZ|P?yX0wFhc)zU((dmmBKO&ZRcf|7{|QU#2(vn1$ox(WUe%O_|dK=
zN{*cTUG0S9MK@J=*jaiDXgNynGVDHz=f#g&I1BYiaQ)LbPNBCJp0^V2w-fGn2IA^C
z=gD{`q$fn`q<fYfAlO}LFNgU^9Nin^#(tRR$z^K{Qwwp=N?9@TXc64QmQ-yZxwDCU
zpDZb(X@8Mknmg|@6(l#^HQb10n(L*tYW{ty_0;UY_Vu1PxhxPSmBm@zF{PoTbZQ<G
z`}XJPUw+3o=3Q3npNtL8_q6a2qVPRDd<%6>>?jmrAPMDsFEBf&B2vQpss!oz@llp9
zsZ);*&2%thvED_i!|bU-`SE}6emIEGcWes=0Kkv&zf)1+@c&s+p|)wesDi^Y$`ZY~
z@B|dBLsnRV3d$_K1Z}+-?l8`w-1G-&I}IfBl%q6$bqKCSu?(Qx&~uHXf6^x7g)Q!-
zE>--{T}(_Y@r6zrd-Dw#;gGzqX>u?n+mN&W)d=`+3`+Le>8E$^?ON|-ys7Vm^=^k8
zN_-Rvl4z0_Klwy@QXVuw>_3^v8@j7(|5l%#m)ED)URi(js2vBk(y&TN3IR#6Y0F0k
zu<YSAFxIwlqin2G<REA*e2-t6x{*}Ynr?wM7qztU!;XT2sjMIeOlz4rCrQ9-c>uBt
z2SXuKUBOA(9wuKWdku=dK;wM5F>bRIA^ubpb``l|X7bR6Fx})7Q1!6ry1m$!BPgV&
zf(W;8G8yQO7$tRV`S`f=pAhcR;y$v}qY=PIuC@tS$A5}VZy%s>EPKU1oq#&%LI;wE
z38d{=3CTx)ds;)3V0WctqW_8@0sB#+umoa@D}w0INZ{@f4*dbOk{7a9gn(zc20M=z
zVxZ+3(rF}%HR86x8phRtg-YZihqi=H=&HB|g$L}Zg|s9aq@1)RkjDqP1K2YNR=>0N
zYERQVZWO}@GjB+ua!o%0v#ruY8l~?Wj^6^_t4EE(0=g!aASXztB}=F}3?02x=-~?5
z0`uuIkeQDgv_qo%1(1(dEwWPHB#$F0IS6!l?1{xn)Y<}tk^asrm-1xFXUkgzb9VoG
zdC0+6ALH;AetF@cJd0o!e!yx_^}B8^ig4;f1>7e)OJ=6dU=+2F!H~1D0st$_tol6T
zFJ_5vrt!DOL`-Y%SplEljr*+;HZU<{6N8Mohhs|rTmWnoCzZ=pKW%Xp`frskIPpj#
z%@(L<jE@Uu776=?_V{5_!FfW~vP>D0PbazX5CKNQGqg*Kcl<Dr{-vEtY|`Hg<_Pd_
z7Q-V~JC{sHF`q?n!lIeL@Ldx6_~#@kB1Y$LgK5mdeu#gnxnPN@SY22bqn|I9CAwj6
z8txjITzZr_0}9BBt0P_NSWp$Vf-^&Kpi2&Ft0Y(Ecy(I2b^$PPQYiuF-3*nm!`mrU
zU*$EY!E-xD=2B=A^GKtcSZ!-FJ^S5<fxw1=;Xm5<r!UVhSKG`>%Rr+Zv%nZkX4~nP
zPD^5DAK(}XPuwIY&}W+5XEKKCI)!jr?x#HE^8cid81-{RqmXC3PO5Ih$82Q1le<l7
z(>@oE#4Q~oGSHtU*vBR5El$Ipf8QYY*KP{+5kYYxSZd%EiZBj!k>~a8i7AR2vHKV)
zB0m*LyDC@yd;@k3tu22$oDFsgX{YYOQM>QJBAE|G@OUu=|FR0S_1Dcka44qVTefsX
zX*{Z7!e9DMWW=r?3+>{5W+Aw0I3Tr=cT*ijh&9f{D#_`J--YMw&4qImRxh&p0Th{;
zC<+EyTUqREAz52n-mWz?J8r(z*j%+uZ<{Tcl#)9y-7p`UY?Q)Gu_Q*tvSI_=hQlPM
zgZ*CU-rN;m(w%X@_|f7XSGOOR(JC+HMHujX@uH2_VtPtbHTFDJ@y}ub;1?ISXfR*Z
zu3!ycs;bU++>~j&gkksip0&-=k3fCb8N$?GJo8Fmq7Z!1H3PEl`*lVq9_=0Ggy3cB
zEr^}8A4;k@f-Kyz(6H6jhjxrT@yYJBvgI5nEhe>#NfE_$titD0UTUQ-%1r)v4kZLH
zNy81qDZ!~raA3A)2Gs*9w7LkM<v#qlnr3lz+RB@dlNk1ArBS{Ra4^gFSllAVPOKC-
ztJKPOh*kMDFjG{;{s??tW2&0xw(L{BD0Lelu!Z7dN`lw5M^AIYl&9pNT0XUXJ!w29
zz%HT~U4eDf63NP$Ee-ElOdE6y498iX{Py6@ht#gIa`kJwc6?bio;YKZIIUh1u0}IG
zAx?C}d9xhjD+l9!%#30}l8m~<WZ46aP;#As^fH@TtcO5u#sHtSk!04X0?>Oni|(;g
z++AYtkap@LO|hLp-FknN%qL5Ad_x}2vC-C&6;-=YK>9RwB>^rKVhKDK$6H`1b0m@*
z8x5zeN#H{Tm=7nTo>NKrLDc3ic2)6FGQd7$qgGmEKN`z|98f$VG*ENZbh`6vpV|}7
zD#{MSt_Le92@3&xUet9hPo$L|CKK+OV3Ca}wWV|HN^~Pxba!tcWm?11JxEa+kG*QX
zq^Dri^ANJ~EK*!MllYXVHR$5UY;V7z|F_P*LcJp)(Er=czE1z=oP9n2f9mX;p^?GR
zIEtNeMqFAfaBjeYpq(}Tzvk@gKR5pz`kzIbQ2#u40RW`_6>0wG&HsI30l)z;(s$CQ
zHMcP`H#Byn<!4u?a}pC{mA91Dm#{FSwx*VG7dNG)`;QLBZnUlr=1#^mR<?$g%1V#`
zzzF|*egC8Vciz7L?J~c0UwHHVizoE2G5#;c)1|kku{1LO&tRJW0{ut(?}9b<<`B`G
zD`sS6q*~~s#pR}}DqN-LCS|G}q^Blm^aFrgBy`WJvE`IA?XG>SJ}j^@f))N3+hcz3
zx8C>vs)F@DT#pGP`5fM`0RWu;O%u=m@?cqXrJN0oZH(FIbm?e}T#Wv6-2W2;<m*gG
zC(YsZ(b{J91Y`9~YWLJv<&_g|og-8TLLK!CfCj4VHHoHoo$<eO0fJ=5@)8D|+ip}c
z0-6(rd&EtA=7tGLqU7)foW)k4;16WQTz3f$W_ZK5GgI9S#ai(o0&KTgCpe=iH(Tku
zznzS`UXRmTAH3~L_t-!#TY;)r8Qm|HRy6=JESp~}FoSIF;k%xxq+YC^tCX?7jTSGr
zq(f5TmHar=QSo|SH3Si(<6~13;<GC!#|C$~0Edda^Jxgk`UX@dDX1`->ft&7sR!0P
zxs&Ft@7X%BGoozZ*)(17xg>T-q+s@;G<@GB5yJ|+@)+QU23%4C-U$ZwX)uX~P*UOL
za^4HpGdh{0C6xTVv)3iOU-RrKrR2p>Bi8-aKLGxk);zA^)5jHrcA1Bep@~hN;PyaX
zj~JuZPi)&PsmUL5vw*9&XGB&#K6dqRURyU0FY$Yd)L%jz_O5q{fM2XaA670nTe@&O
zIoL#GdB+B5JS)i2u;F#}7*-r;nX!=rNAeoRNyI!AqPWaS7|ba+%-LAXxikF?Y#UTD
z#G#9cqnH$XQK<GM&ROo<=!_1{CN;%Tn~MFo6$dfZhcc@Ur<d+(z_Ob|jZJqRH2bjH
zBiNl;tlpruJ<+kwcg@;flgVE>mG6SPd$HChvbv+Wtx$BCe3s~HcKourdSm1mn<Qy2
z&?nvVYkW;9Q7s?^o;G248;IO4ice3i1*f)%2Ashg+5(fU!Q8uuaNn7BSDgdrw~(i<
zk#+j<E=or4J!Pk%1^M`qBR|?q-nnK!fb=c0RonzEUqV}tjQ4Z1!-l_vIX}T}KmXqN
zj|eBKp*vT}sVcpo>`2r%hsg&k{bT6gHAbXs#PDO+gq+``D|a1+pMaya$b?|S`i6D2
z!TYtBR73CDp&NH<m#^qGL)#IWDM@2nNm$b2>stx$Tk+Q}THIegk1N6R0f8(l@)<jd
zn(srlT~d2bnbBxpEZ3{XHeo4})3GQn^-w+*f+W~TV`QZDD5Vy%#7R_#LW!Mt0{pqL
z(8MET@`rS$_W~8dStX1{RNVFmf3IP?e1iftdc^`YCbDCa;`)C-ur)YkN^q)_q!vkx
z&J)6s5<6uKER`G@%D|}=A*+=nEM+Dv6=<7>$JzHIH*YbO2jDf~_&X@P_SRoh&-ans
zkPkZ`g+%#=k^_9c19vMykg5Ywr26xvDaaOuy4&<+cxyFyJ@VZ5($7=V7sG_nUn<e}
zEYklrPWf{(4Z2#8+$>CORjY3$lHrRp-AG@(@gMZXB8A?HXSK1~pZp9B*Z+P0`Fj{B
zj>{{J<wj=ywqF!3nqYz_t$`z(B1?h|PvZK;;Jz1rv|pM)nj@3*ZvAlJ6!B#jac?Fu
z+DHyOTMWaS%Wy9+F%?N3IjV5nSUz%Cj!Rn#*OkEWrExKYUCwA*Li10Me^-VvN9xjz
z)q1bHY5#SRghwp%ozB{xP`f9|hAVmJ-u|PH^n9>%k(5U|_npcca*={f16g*Hd=5$A
zI!uj|e11lvS+W5p_|IU`#F^9>0TU*XIA$U_W}`W#<c5^6NeMY;BO`0#*enkDR2J1t
z7WKFmgAuuuddWi7%mY;cgJltiWdn(23ytM?Lbcfx3$v+fiwSb7No>_@&Q=_EC%tDm
zx9EJj;l<2(7e#0riK&s|%uzFY<LW8Z^AUxIqjb#H40XGZ@6FiCmbmIo6{+iZYAL~k
z)KAw;KbL{$&RDd2;_g&tH@mGlnXbKM&w0z&%;sY_=Y#0YRBjig@5{|sF*j&LJka7!
zzzjYL0xtzdd#T>TPQdynbjk=6>L;``Jetc-Q=D6w-O>KQxG0n<KD8DWt%4L<Ivkqw
zPeYj7KSlZSg7MNw6JO0HChaOVEh`R<t#>Q>d#(Gi$Kga;l-VA&E+?tdwB_`eOAg%?
z#M(0voki)M{7i4fRwms7x6UD_hN8!9q=W8+_*Y31Ub6J>IwN!bTD65tnR8Cw73ADA
zQJG6p-sM@J65SCPiJ1N=Mkh#^qB%MW7AbKUM}@(LsWK&uX$nKtfcPa0(Znc4@{x9?
z!-kcjDW>#BY3+6rhFvBNvkVHB>EyH&Sd-#$D;j3k<jir2N3&-4iV-eVQ=OJ13T(-L
zx=Y&C#Ye@(g_n}0EJ-ugRN6MQiY_VXos%6k6hyV;*xO1h&erQ&&&HG7#}hjajfGv7
zlI-icJRQwm6UscN<hn1)WZ_Vay#<za0b4rs9)`n9tdu7<HEMVjN;?|nJ=G1DFA@(i
z6Z4#ur8gB>ot+NuvdIob6J4zpm*C1ru@xe><ry8V7B@c?$MqJ+KNgRH%i6rvB={A0
z-fbQi@fYo)m8qkv<fN<V@HLko#~csg&V{nonI0b7Tehpzva4k9t7)+-PTZP;JgSTz
zUeim^%#O4xRQQ$3Gb<Uft1jJIl06EX9~#$7*v*c%D>SpK<hwPDxmA}QtubD;Hc#Ij
z<?t6LJXM-HWvVpGnX=2S-deIg3cMa2J{OB0?XwrM`e>-53KNY^&{RJ8#<gn>at7=)
z%~=V|Whk)46(Ki4V7(>!whDv&Ng;>ku%%7W6;mS%S0guDBECL{I|Czu!_lLXShAQI
zN+l%=3ne!XB)-OrI~OH^%+jNm88Ye_%F)xs)6?74(?61#uQj$jZTatSBPWX2)D<%+
z3pXh@l^S2GO;_7X4tE<VhpVkw7v{>(Eh!utovlqDpPH{W*4$?n+&AXj$DKmLS_XUi
z*FaOHVGLyj8_hWCB%^Wz>U4I-%v*-eTfxs=_pn`tt9P$f2eGz@{}K|OU-Q?2^F5lu
zA)7(ho<a?X@%ujW18Hh6VQ*`N2f?KVBe^l`E+}j-`MhE!<h4AGHZ<S9MbLBUxyy;U
zas2o>WVwDdorLHfR^1A4xX(RUXSte6z<t!CqRs-gUF<$!9QvBPPu;*4L{9CqTQJ<$
zu1te{{Ujz=!9LGDL&9e=t~@Z^XG#v>PC29{`Lkc%6Ch5>u(X2k?<yHM93$TNe7<k5
zPk?)1%{XvRKJ**vXHOo?bF0Qi8F`VMT0q>I!YdGVX6xzGbFtd--5}em)tPy#4W}*w
zrq3<#A7!}iiF3@%J8;|!H$b3HLZ7$6Kc}R@Aa<O>S>k8bKH5ys*;2QTbFEWnQgg*P
zKFA&ky-863;03c>px-0B&y#c7S4e`i@g@f*=@|}Eg~BDSPbN0y>pI3fbu(RCavMtu
z7P`6~Mb%N8@+;2H>;BWmq8<~CcMhJq?@65joO1EZYW0^T5k$KcN;efvzNHSU+R3*t
zs>abO@w_!04!X;npOu+DD&3c-%Z{<tlNlPTPeUERz3Q(s`B;y)7B1gCCw-C4TkRVq
zyelz1I-fI|&RdDjFTE?cZ<^Z=2HuOim)E72u~lkr@+miFba^p3)=cbB*s=<PrB&v%
zSPZb!>(tXRk{Pz0Rqy?inXx+aUJcd3tMdul%L`t{k%t#4n?3UndnYM{tIZWx)jp<|
zfj5#3;wZiOe$g>=a$+F{bQn(gWYEFNWHAE%$hhSBa}dJ<bZ_x$ImvH7%ryUT;KxR;
zao0+co|Wc$zeQZNZaT2xvZrgaN2{JZ=_EG(c4W0yn@X+MuE_YOH}&h=SkPGVblf8i
zR@NW-O0w|ebUltAedouzrMJLSr>D*>b?3kTb-%GhXv=WZj>wL)*p1it(cE}MKNos)
zlNW_8V-#~1<g@PN?{*CJ*p<F8?J4H5k0h}uB{57b+21_Hw_0QoUw{8h^7a*TKj~GF
z=}N+4PRyWB-MAZ7+RRmO?aAo4eO@yC@mhg+zl7-M(R4rZOuoIUIT*-UfASuA+bB82
zUIjy~Ze^#XugZR%WpYl##uT@D(?6KOC!OJnOR^^@-_I}d?iJ&>$M`;b4gQE0m&zPp
zeG#!FHDqLah^nGxnuytg^~Bvi#&U0-CS83ojp&VI)R|%rIlw_)m7B1pJ^i3)_pE3?
zB)h7=Gm7RCWUTE@KJ83u1sCSWc89+9QYYP=o3`zZxE17|Z~ih|eMI*FX(&v1X<xhV
z1q&4^BJ=|q0E?KYuRkWkjQlpA=4<0PU9mm7+RbvrfGN<5k@kJd{b*H%*&-7}Tb&zX
zT^j^;TdV<E^#8Mni0dRF;<$o2Yrk6A46akl{a|{=Ewf}?nRd6Z@I}B3;|U5Dnui<g
zq6vCP(@!6(w;#M#ziJo@T0WpEizxcKb5sJp%8XlGJTQ-jhiTrCq$U81`q7n#pU8}B
zYt7?+O$-KtHX<kssLvX(l3rryUCDD1HLUkWael>8G#XHGUsiK}<S~IByd*0t_2ktr
zg`h7Z6>I~7$#etH%Js9JTyd-GQ_(up)o!MMWc!Xf)q%RM#kTM2@lio32}2xmft0lb
z3u0#wn)9@IwTacItYAxOmx<p>!e)mq^R2=uu2~!T5#`x;`w>Jf6DycI7y7A+<bIbj
z$+dKi$GL-Q*J(Wz)6zu4tL)F(k9&6rOS4KXF6F-s2?+ma4E1Q7xp4|`UCi{Bm3qjj
zQh?&!rfT}?@x@X)8twUIWmgU{gF|!nXyZI5pkPi|E+<BTP+*Ln5ExX%FonraSY9d6
z5FoG+7gv>sP~qd%IkPLfXVklT{Dwog(j><w*j6`Nc|p12AI=AaLJC2vPh1A=aX}PV
zTXe6?)RWLsjl@7sUQ$6vOyw+JtX7|h*pfh~1YVz9xfafEg*qTpRPS!@GjKv^?Gh)}
z!T|&_MOGUetM}=6gR$QYFBZ9Wg5KC2V%hB8Ws_++s&R*d#gz&+o8Rw9;06aUYYM(f
zn0P`5i%th>F)J?#F;n4JkmslMH!lp0;IPp(%Sj_3B_&QqQY;i{!9PgK1=3wi-~+Q|
zGrMOZanMWM15I1s2~a3^(COQa!&i1${@`u{xUW2Ets8Kn*^d%kQ#z9+sFqnO3;PvW
zhI8=p2}Yqw$3S$vV$;r}1%YKj7UW9LG_ap_;f(}qSL_g*um^E3wc${e(2Gb=18s=4
z=0FwXUK*k|fTfn{#>&V&jH=5u1S(n$^6>uAjN4sK7H>{*tVT5U=_q@?*7dadVjlGQ
zh=`k`q*H7kEOzwL)h6GyPK^64BEB#mHd`#v96{}^3#S|{tQPQX{OV03sFvL@VY^y=
zSQh$#^v@R)R_-iuwl`iTWs*8SBc-_ssI?SmQ9g;KFEO@{m~uRq7t(<;of#y*&M-wS
z$ylXO7uLwu`KI?0l^W9Bd$tXZGg!mW^)p+!4!i|ioQG5NyaJykc~LXUoCZ{03XtBq
zfy*Qop}BY3f}_oER83>2o^l=!Sseo8(jt(uypL*IP;K9`QdVFEGlA)=Br?xwMQ8Vn
z2k`#Wp=Nnq)KkZuENBm|b_@U3{7NTk>*u(QE&3WDv8*FbTlU)i<6(@A1R=&gr;Mnz
zea9W8H%;xd{I%0(SI{pBdd#P@UMDluRccKr(T_}O;!|SfZqA6<7G9pl_WZFkXdi$?
zBWS$X#r~cOQY+$%&jq@;LMpz<g45m!3*6E6t!8rFxXmNX#+WA#OGEFfB@xb%^jqHY
z?Q_SN^^?op2Q`2d_tv+tT;^PjV>9$?obZyC{B_Iw*z}k^@w%7P^L`Qju+k=uo@Tm(
zq21N0<P{5&FW*644o6nw7>jss>cVBRo82$0j=?515+B{!knI{ZAcK|+yo`-Nf<enJ
z``KS$mefa)uI!A4telHrH>9=Qi(q&^dC1C@SFnFx0A;1;#!9*k6LV2*NQ2FtU4Lz!
z-Lvs}m(S}1CYs|Z3p_1hE~=mD>s&|tb}$F;KkQ`9gl&i8zF98H-?~+r@bLs$DbX~(
zSsXH#O^K{*7(i%2_loC^m#o~Zu|V=m2$v89U<sC}5Q-6(gXn_dE6jm-z`!IR^#5(7
zFifgL8X*v%mnI7dGT<XKVN7JJvZr5c>pNYMZ{;ZWM+rcHM>votN6zeFeyzVBN6d{n
zN#y65qgOGq@@k;tDS3r>_c4(Q-Sam^Y|0B*7MO@rH=C|9j3F>>CPw2E#>fk>(Ij}L
zr}58bf{iPgFGf}uPed^PBb@;uj=ay2KCKe2PZsWUJkN0Q6v@oD@nKgvc;Xa1U?i8E
z(m3%d+>=_v6P(PAT3<SMMIMJ6RhNvy@{&a7VuC?p_oc&|_Pn}a0<>tnK&+siDGRM0
zHxFIsh$PkuE~dCHrZ_03h#5+#r46#CMc73EQ-?Np+@S96h+xYyoeAsS2q?sYE#!hB
z#G=hE8%2VKd*zUWa4SFdC%2l(Z+Y&STwPz8Q1Y2s@)4C7yNUruWqb+%iEj1H3eF;^
z-J3?Q{Eo+bnk`ml<i*R}-<0WTxZ{ve7$X0~AYEd#A_|Jx$)y&Xi~ZqpUnAa*TQkdB
z&$#Jd)ki_Vj_B})4;PjC9eYPwgt-9fUnM{RRP20;C^=zPeC)&gix(sg3bhA$#Pi_$
zzvZVFcxxqNc>{I~CI+YR{yMm1&&=G)^$0lOON6>EJ@g9pLc@f~8?%%N9+J~|e{qq#
zoA2dy{?hOBYtq?71mM1M4eqdv2SeJpf9(bQ2?B5eJUPcw`&+#;42B-MSHzTsG9V6^
zl>{q;1x9MTmtY?Yj8-ke?XN*-livZn{L4K<&34|a=V$^QIn>zfeUo^VUxXk>4Y0hB
zH(r%T4#AWTCLNMDPIozA(sxwnl9(RHuoH{SGa!DDi?1HwWX)U&Ipe^)9h0Ig1csDf
zENqq!K`mw87(N#gu17VLs({EW1};~R*4#%T&SmugRKtv+WUeNUB<P^~jO90gw!KFs
z4X6i;T}J|w_R<t;MChcKI+4M*IIez<5+)<FIG&$>l&8(E+4)fCavYV9vU%MGpQ8>w
z4v}3wD_A|B{nE^4MTz$HXv4W1cM&;qt;-@e!CguBjh?mXmQDa%1l@-c2N&|Sq;%zw
zFBKN!Erbcs>tB-}mfVYRk3R208Q>-iP#XqYO9oR*_7LF#Eg|<TKbYz)@e=?HR_r}%
zO4fxU>Qi6e_rkPV_UBpGp)Bms4xXP|kd-NZwtO?>7D9L$s7&4Io=IiN$*7PigBZ5K
zPxwOu3tLiy40=;c2x)x|;|2xapD~`sgB!F3?gs#Uz~nx11zOdOp6(hVRr+qiJ>=EO
z-rFtO383sF;htMIh^4`sg_pTA_yoIGior~{U!cEb0LGd}fkmv|1zQ~5?n2Dg52Eo>
zwFd*z0}>FGEHO&<-d$U!laXo~eBo!sNvSJDnOPIoYHS>WJzPX4U`!l<Jsg&u9EP17
zgVht*M|TgX#%aBwv5Bgr{87SWE*`9tdzLf(KA6$uK#dZ0Nr3<a_4xhUl**l`_#^HK
z;#CL6&OdHPd&NIG6#72RQO!7{$>HZd&}`F>QXtK)|66+Kih&l*3J8#QKw=<;Ho^{=
z&jbwvvTE!iZc)=x){?l6kTi&J5paM|Kdij(fxe9arM`ty<T^sGlN|AHKARkfosbn<
z0UZva#UoM9<_R=m1gKE`)C&-0JOm=7xg>=CqQG2JT(!Br+Ty_2I9FXFdcLA|R};K$
z$P1G5n+pX8Nty8jCb0c=Q(eLkRNxo)rqsDf^^fEX^cPvGO=aur0g2XH3;A|f;JV{}
zTX&2fbZlCPdVGU}cA1tW3P-TJ&v?BPntB=DXYji6(YSc#rYLo9nQRNh_jgw3T6+iz
zDpkcA{U2v~#Hp0Cv+D0!bEgrZwR?~bOeK|a2%l#YmJyI43|YnzL6N%UPNdlp4EzzX
zTX1|N-8%iT6k!pGwSWe(cR7A04yb&hfzX5D%nCzfu@8cf7@qzjN6ybP$1KZuC#B`+
zss?jJ)5=gAx?E*xK!rrv%JEQ(hy8vT7Up+-i-+|3xQn6fj=gb23+K(#r@gtJs_}3G
zy;Fma6E2m8ued<>Gcj${Ox&3rhPcF05>i?z89eEv8N&JUismW3ZX7MB(*}l9!V|3w
zc61F!bf(<N6)zjL$9AbbB0xY)?>>>!`;Z$yEFw(*?-J;1Rw9}9dx6}=!+u;2FFLD8
z%$y(?EY?KSKhXR}f5I9Z=P?#=f@XqB7uNC^2lLLKp9qzOO52fUC*1Y53`in*daG|Q
z!?{%7xK_xIvJMldSeW}MdX1(A(ECqezchJcK51{5GG|Mul0w7vL6la5z+3G91R);P
z1elkzsfb`2L=|El5)g$=svN9g91c(ogV-wBK?<HfdWBiZ#x4k~8u!x0lk!fBN=v}u
zT(z?GtIPDp^vTCWRS*v}nJ#PhwMSaN(%QkvA)0grLD-|O88@D2MNu>Q<7ln0ySQ1|
zlxm~XR}LPfUZ}zL>5QtT&bmj+w$Y?z8cLFZmwn8RzJ{N5<FPsP)&MhdAv(IfOvUHL
zAiOqg*~>dfLEbGTL3_Qne@^R7a=QUhXQPTo#+?<OoSCs}x;?T}1N}I${5;Y5aDZuq
z!GX+1E$$OqY)|&LDiSgW_XC1>*z~@JEOLz!u({lv8GwPcIbl7vKlc}2)z!sOXhHu_
z<o~>}b7+H2Ua&8r|583|YVGs@)U?h&gFco)@?&*UtBswuJjmgy@Ni7^WTJCL?jJ9b
z_HVk`k(Nh;x60umxV5t1?eOX1%XAF|%2eT6^TfeJv>@bJP|)2hMt1Qu<bdyxSAe(E
zRDdS=xQDl{+#E@InVI45gMJnWp+TFx`8!a;yC-gU?eX9F+O6Uc`p<e0`3zDY)cDZu
z_a@j~hgiGxDFNj+EJ_Yk_J_Zb)Q-x!X&*uHLgD1!2K?1FOaA6^#KTiZ-*VRA!w#|u
zDDTdJj%X4t{BTzqN8L$Br3jqJV}4dbjq!*ol4#Yx^ZH4g>yknV>^CVaoBZ7i!oYm^
zs{Q-4{pX}f1AS|`9KAntc+UjSqmr@-;AzeSMoU%@($(#2;XGf(<=dyB|IjSYGdst_
zWKTR1whUg85XS?W4<G0_c`mk*uFOHY`w2JSmMl(%{387siGqN*^*yeEg@%F1&vU^L
zdu#8>ib!AfxFF}F@1l^zcAs8$eA1AE65UyarpW{wy{BF8_)m}rjo5k(T(I7EU8aLR
z>v6tK#{l<Xa%61MJ}pDpUL;Hf^S|p{Bn-ugFqrb4Fc@lM7D2VvlJBA0rmLfBXI+HW
zBhol(<w~QcHz&>G+q@?6RDH}<UI>KiK3r)p9*&Fa+~!I@#SW6w<{Sd(yjboi1uT5`
zUbh0DH<5=m#a<bazG;DO8sxn=rM!IQcH|4ovpj$96TH5h!CG7WgIwT6UdnPp9VLXS
z=oOQ($eg8I|Jpq|v7jRTns-4?cR?_C0eTPR($37a_~^+Yoz&z!%fkls7I(8(RZL~|
zUTkM@N~Um6r*Oz1{b6ImeXkh$u>GTNGL6^Y=WcRbUv&?GYOeVr3o>P@6pGyX5$syY
zwN^pmT6yNMqQ_c843`|_U@S#NR_W8&p3wQ<noX~B-e36t7LK9<@}V#M1Eb0RIQaiM
z9CiD*zsvYPA*0qmF!~?ue*{Nw{tFzn*vrb*jML3XJ;+d1NJ`h3`hTKPTQHp;w=f6j
zL^t5>ge?>>h`B&HDSIjpbN6;R8TcTRaX(8201FB7KnsIUp#1j~Am(BvKDGkJd=d^n
z5Xrm%Rzjv&)QabHPy~Bo{jw5oDvxz?xyxi40nktWfOLcw2Oy<6(BYz_FQc+Aq_Qsj
z3~4#RWL|!=9aDl+eo$CjKIUoRM>3_IG88O?DS}i!Z(Fcuy1-w+=yBRStB`ZATEYJg
z*M1`zhp_*fIwg?*1Gv`u{|(pvH<)=ZAr~hlO)*2`DpMmNEkP||tgo-Hh-UpWD)=y6
z;xW3~mzvhwdkj<&*A^hj#OMtk6h_WZFCrj_9YYR~D5)iA0ZHs59Rf4N1_B1;PkHFM
zX?}@*6_r^65)4e190@1SAVWRI2;7j>6k8VQL|92;G~^W~7#JWJ4j+odsh~M388@al
zEIQ5f8Pxpy)zn#m1w!qkKE|NfSUw#!XFd~e5)XfspzPkhBVA$S01i}Srz;)h8w9%&
zn8dH&0x?1aeW+My0h!RLBLibWcmU1>Flr`9e(({--ac^`;EmjAnsuwbRT&&uIc**n
z*b6+9a5=}QwQp1v6^_LmIfV5mt^hb*Pz7Ky4o%rfYK$j>P4LMM0Wg^^{zPo(!#W=a
zoSBplpsQYDCGdZ>VE>^Iotj~3l7j~TfUNevvtaiBBfkDW*%vUJ<?f|<oPOJkv!1|O
zy<`0kvD-FujnrokX<V_nWLX9zN)i@7)H@x7nKi~F4be$;1?4vxHvpvOQ?u#}T+?aM
z80{~>3=T<RWSn1vH#{*&+1hp$d8Q*k6#Ju1yYD*27~%Fxh>0zHA#QTqK74bZdgs2n
zvo`mfj?Y}daYEwPcXUkOe$}>-O2t{bL7d*Z0U6#T_6`m8GDUrFTKd{>yoM^1TS<sE
z3y~|2GoqejHf()$4Oltz%cwX9msd12ZE2}!sy0^GJ1YuuD~pieLAY(na2>sTO8Mt`
zrfv$tAYgKCf49N2D$nz}L&Y;h=4PknCKb*oqZ*;1LM1S3Wb05cjtwUyJ;4yBWQd@W
z3~}ec2X8`hp}--*Z9zg2SC+wRzVidQY9n{J?DLTBUl0orw%YpnBmv=lXCuE}51hlh
z?FHhu+c}8#;=_0Jnbtyd+vILWdg2i9Q;5w`fc%R7$45yqIUWSh=_b!7?yvH>zCPQT
zJzF^n;lbbfNyLXwZl`^^Rpu#aj_=MeJycDqx27~u*LvA_VQ2$kU&qc+0)f0O=R7}N
zsI8uB{wx^KK^ZxODmj>(tNQ~$wO@@p)l%@U4WP!qiElIm%ZtAV`!MmEcm9AAG<3Qg
zZeKnSt~X5{VR~UD==_?&z=W--Ve1r$pu5K;gKeYVboSbr)T}bh@Lz|IOaeK=Lzj{#
zu##?v<z44aJ6%b$iI2<@J;aH-snhr~$FZl6rO@w>!azAHdGpXz!vQ>ndTmm4I)rH~
zkSEguI?-~9q)ki^pIE_z(gXKs`%fDCUX&w^23VXX=A$1Rb^9__UPLV2keRoL_bic2
z-G3%k<afOb_CJLWH-#4ABTjI|xwym+r5X^#y@ACCZ;I}-#TR#q+<h5r>C^>DGzZ4L
zI}<}g6GrjHb9|WGeQMKK|ExrXQ^$sX;-SOy65{=~xP6G<fB8V(<_SF}4Lw8^-Kvk@
zIVRlSikIZ3PT|Y!OBb1yC{WQBJ$(~2|4WVUCzc=D7RmIcbNEt3vnH0LOEz{Tue`c!
z+@&|&<CjYR{<Z$ecG_8YntpehlwJJXk>tI*J+J-geRBQnecGliQgvf!=TiwBXCWO2
z8*T_BZzwcxXjEX=rCFsoUXfzYp~fFimOYv@g*t{7hU!ttU#6@YhT1B_AXk)9A~TVS
z0BuarEnHe5uZETAl4oBi$}*FmsZyqCs(4dLUa4tlsl0<*7Av(dD6}w1w8$q->}6Nn
z%rxK52;WU*ckn$KYMDw0XGF(Q_u`VgoN7Q)f8$#T<Fqs|U5R3~?9ZLXpIS*+U$JB9
z;q){j^E`;ZN*8TJe>u4mb!akVUm10{8+8=P8B2e2nVCvthyHYY2X}0iJ=Vw_AI_b|
zb*FJX@N8$CJ*B~!Ig~vzFMX(@J=*6T!*-{)Jt*!<Pkltw89&9JUd5Yj?MaF4&Ea)m
z@I8qBN@smUmqEQVg=%sHU1^27YlRk>L6Q1u(>oyrg}z03m_@UgMc44v2<ug4d+^yG
znuRj;(P^`jpVpPLOkG;hExXq(7xgL3dCT@V0e&7h{_~Uk=Xz9lMK<D2Hd3SpRoY93
z>G8B6I83B(^(+YM|0?ZDpsDJ<_(PJSl&K;~lFVZWnTMpz4aiL9@sTD}hLXsXA!UkC
z5k+OJl&MKFCQ7AJNP}7VpX+%q_j%8|_xoGxuGRY1x6W_x-`;2MefAmNMeSFq*Vn{5
z@)=3r>Pyzh-NW7XHO|y5yF|%MKKa_Er)|&KoY~J}sc-DQ+SU>7`$x0OG0DA1RmP=B
zIC=Qw+KT+$9xjceGGDbW{*D!%=qR3eyyw(?=f)1k5<j)TFzef|#O}QmE33cRZY0!h
ze*K$piJS0XRe}HSzwhha9^YEQCb~^$k^h<J`)xMrOwj3Qc5RB4-|0}X>1;rzRb$S^
zb0s$m1MhfY>tx4IdyN=;c;9XKKs(p{dh^IWr|Az_nR;=%1In-?^-Yie*q=OQUwXB{
z^+nvUlG)Y?^Nx?B4GyWIW(wvaiTrK5;yW$)zfY@-e>vM5D;ocz(!6p^C*+-D$e@47
zKymorHbG6jJ-U?!;*$=K-{<N)(9LqsZyMQSKiwIhc~D?;pt;;+Y{TP2x+ib(bsdf!
zxSIWUR5$bcMZQ3X<UjYEe%QoYrR&@=wx856nJ&oF3^bA+FU#v#k;f)_k#_IX(x_)8
zdQbnPCTkTWZB~+b@wcOVbuQb_Yr_wn%W_^PnJe<;Ue>vBd1rw|OzV<f=_B^%6mQie
z9gw_WCK+!jxp&_!V`IVQ*000GBkxVG7W!Sk?w6P0_uRP5E}yxzx$oQ8en#KtHKm2w
zrMVYM?-l#*yfLimQqgVU;ZbnNuQ|%MRnP5uYNv5k^DFK*Z_>WI-Slwt>~0hD3#@J~
z3B5<hae?z%@R&e_PyD5Qy`1}`KUqi@`?RDSYKf^bkZsS|%rVfT`FXIWFuf*MYwc$)
zH}ltJrm{t*N+qxVwmX0RaIN<8KE>gI79YKQi`Q>?722-^=GFhzjs4Y;UHCaUyRuDc
z^w_JW9)}+FTLF0;e^qb&qI+g5x>c{DSz*-sSCgRd!%X3c55gmDrYQw?A}+Zm9m%vG
ze0Cwr$R$|P<+qPZzsC))$_j`6r^&hN3z8=5ld}%BE`5>Tl4|KP-Dmpws7r0PrTp-%
zVjm^TGOX7nPwPtoPM7|$e@m${l^MC{YgA<>Gy0%3>&cCWf;T3j%mz|#Z&PwxSJt|1
z`0%$ksb&d0Y!M#fON8Bc&I)!E>DkD|ILlpfzsFl_<9$uV$?eJQ(xMxa-Z!*<-nhE#
zMnbr2Vyi=A=j(7ckxVzsqyg=af!p<d^{%zf{h`~Anw{!uaeUimr_^MlRM8rcTg-T?
zWKF-D+kjhsWXbVMZdzMQE_F9Yy1C2zF1h38cBreZ^84SBjh(Ocl-fZrgsZxZBjsD?
z>EZkn!;^2mMfIBpzApP4Q$@4PuQ_a6N&nX+1AYDzJ(0|B2NZt%dA@AA;@4OI1m~h_
zf3@2#OusDt{y2Z5sPCnKd*7M_ISMm57;9xpDoS1sPt+XWEW>r!_CueHjK#K=bI-6G
zpGrHszxq{lReaZ-7<*xNSABb7P6@ST`Zeh<gTgOqclw4k_|^*ee&*ueJ~I5?=Pm!=
zoC5WimWJO1?j1V1!&9q1JxnL^u+H;wo$X6kv#Qv-)%kxHvGt7l(O50h_4w1@!rn2Z
z;*{yn7ox7V@gHn!zEsk`v(UWmrny^~rtBMg*^RFZg99%ex0lu0o@{hW^x&_z9~lCC
zLM-ih;})l4x&pTt6gG1d`dv=!-_9iZW)Jly55etp@gv`ZsOioXEAQ>NSFQj2ZGxUE
zYjFXUf8O!SbRnX2gXKE$Q<eQzrnl`v5B|s-?^a4Y6)3fS;_0z|y-z-t&0Gc76)jCB
zy?iefmE`AF=8v|pDY}lQIK1U6;iS4zIPhD)Hd?EcK@_|GY3zF8^Qk6J3LIIyFJ;uE
zwVP+G7Bb-!+RJ&vIOT?+dF~z;(OkN~8vz2*E58ny?dec^FnDTJhb~v_SmTGRuu7vN
zgC5UD1D2Y<GPfUCHMCjyp{;PmbXmy9(*uLD;vL1ky2cK_Y70vEql%j^1)T|OkGc6(
z(bXlQcb7hG{Lj?V6-({teiao&-0vAqdh_7>C$2x+>F)N9UA(_%agBce<e$knn(6aD
zzfS8O9u3SoHs+kyzt4I2O!Lvd!hh~RX6RN8b=Xq<^K3+=r9HzmpY7D4HLup&J+-{>
zGhbVJ{Z8Rj?aA%&%PnIg14S-H*Rk!J<eaLQ=nu>(IJS>>Iw$9o^UF_4o?#pt+6-jQ
zTe|pvJrVlB(nEIoTxitfo-NEB!QV_?iwt9P{^osnXnDwdU3c2rF8wNx>I+pJOcS3%
zuT~ZJJUX=1e5{jk?+R?*a^F^^u6w;zzM+5ffA!VpHzr+NQr&&7Zfw=K)n!AAYu9u4
zx?5y%n%_`pzpl_wxibIzAER&MqNW8ug#=Dyaouv=VN-txt6wd*wd+RmK)zC}#2@d5
zDZ##Kc1gRc=ZVw$0+ZUNe|D5JD(PENwc5%%?RmEPrb%@>O{4mm{>&2V`x0&mKvK|f
z*sXA{r|IwRex@4};8!C1B#m8@Dl=@oPX!0B8>-75-mLIVbkT__-%I1+RDsujY|hEA
z_6%jyxTcK>%z3)_rrZHcT2Tu2Xc~v|#4&Y0F|+Lt&c*IO^Z<Lm_18*SZi%eoJG5mC
z1%9?ZU36mIiaW}Kzz>7Jf1A0o4tp|LVYkIdJne~#$p&h4@pbZEMN*h3?7L<A8GA2$
zI6BdgUt2fr)*{4kZFRz9#^A5<B@?A36WznZA44aumVS*2ykWgmUG{o)PsttW=j(6C
z{S9n2-?wtHc~kpW#uDL?FIHWJy^~f}+Y)({>V{KI!UD{E`$tVa|IPfGx#C%P)Kgz`
zfs*3Q-eZE!RcR#_E$znJ>hx`vxeZ9@x=E!BcK;OZN?%X4etUFThP7w)bJpr-jJnZv
z(#0O>C(qfo-AF#XrP#;hrpRuMl!WJ4x9s-g^t#)|k6P(&lH~PbT>W;eBSFLL%t@B|
zJuG$hAF!!g%YUtsK6z|I>U+)S-x#g)tj$zyp1j&}f!Rs_<kP%u=O%_Yy68fTTkc&<
z4cV~NcGIBwbtQ|;_sl*_>PuuME8DZ5h*P)NRJH#7O>^n$=9gjzMQIq!s6)S1J_wfH
z&RDiMgS}Qh(EW48;FFf=C&}VWBR*Qe6O$)y)3Dp^sb^GlzL=hQV0d_B*$X58zCA*%
z0(T?pTG?LfZl-bic=l`Z&acm^f>#Ax+kQFc>h%)KuE%yN?47TBRAur;nCmosEk~(t
z<_E{O7pxVkRXX4jnCn%)$M(Bf*4tL)l9rT7quz=a#?60kzVAMGE|x?3)T<6=+m2IQ
zy+iCy1p#!+g08d5?i===T%5djugP8$nY}BoIEm>l3VUkjy6dT~sEu5ad2m=-fJ51i
z^0#V#c8%SC(RzKrJ@rY7v~n=dz12^f`Z9|qQ`9}$zdb&sruem+$s|bW3CHr4d!i0{
zfGa71d)jLQ_T3L?k6q_^Vq)oas!>fF{)c-Rm;z#7eP7n&o|-TeqVE|ZWxj52<8V>w
z>J1?g=T-TyFfDnR7Q*sMb?JTwH)CyU-P79z)ORg=sTHE%%Y0NfeVxk5H$9_w^EW<9
zj|{u^X=#~-!J&P0dMD}1P1MD{tk`z4nMQJW^VtHsArpqmm_ppa1HQ;r>idlac>T7Y
zyJ1IvE3>^}wVykSnTG9WiS|S(mPf~VE35`RLr!_h1;`zv?hNb;ec*On+4SKyk7pxt
zs&s?Dj(WXl^d7QVTpmm%>Tv(;27hsksK%*_j<IaFSQ85ATLX3od&!DZu^Lcqx*fDs
zGe|esT~;Gv5#z@6)6x2iHnC9AZ@ax{qj0)o$iN8uWB>4u72iD4&Z@Cz_nqy?PVM_q
zy^b|6LLlMon#H@b8v0fk<<lzM>vTRM<#p_v-1~BM{x5z-<?e4q!dusK=7rxoH&(&I
z20hPgKjgA{YVB!DnxStm$972tFz$TK^tj+mkBsII7pE!Bn({SG9MNl>B;3D6uqWSS
zYW={mMo}}TcFFI!%;7{Q#TwRuBUR$rwJa@0I^V<#pKUsYW$qS8Rr=Wd+;uwIVQ8h`
z<}h)r2+akxQ(m>b>RHNDoI$BkHEoS!a)OIH{>X_R^JP&=sM#wy#<QW1YpCb4zXNUc
zb-P5?2yxc)p=+<JT{9T-(%AHK=&)45NsTArKLu>c<qRw~J-b+)EbpNgw3hZ-`DK9`
zK{<1lEnS5hVmrQB+pk`|=5YiA&Bkhs{puitbB>vNRO=if>qL#Ducb)|JYkA8;fgoW
zeIjtsZd0%3C{GVpR@-+UqpsEZ!8;`XM3|V=<Om!zju+2sNXwH*%Ug9LFLdkij&Myk
zjirB9X^T63%DL@rnw%7!{XR^=oIWr&8k6O+=D?J;r_{ShM(!2c{OGziyx$<u$oq%u
zz21%!>D|2?&;MHFIi8%-eaDmXAYJ*ir&~HNb*l7lv0K-41HjKQoW4O7wf>Ow2V<=@
zM-unx9e=OweU#>})t8kw>D<HJe;!h)9TASY$PitqH{JEk$?yI4Yq5C|Z<;Ti(%R5R
z=NFaATRQb8fwr+}&-z}&H2IE;u2&aLn){2z2w^^RwbFTs4yQa^V&GmZ?JKWxm$RNl
z|MZgN*j%0wK98S`FCBtkxSSI0zsADe^Q+CsgPniSzGB$=gp#)GmhZb1_xfaE^_TOS
zuD`e5R*-k&>WmsL@to-2w%B+(LCyFb6XS|h59#_JRBhJo_hv3r*?nH(p<Y(9p;$A=
zPdcWlHQeC3?w)p@b_M-fYpNYLL&qbuRy`MM5eq%?=d#$lDf82^Ux!v;CnZj>C$h%Y
zA6v@NYRBE$%9ZxQ^O(#L?^DNu6^|6g${D<*U7?F*T=e7q^3rq#<y0}JY*+O?`qny<
zvRewzaY-5}3aUIA!kBFuHIN*n-prLF&YD~)eeQ_bqn_J2w>BPa@*B(D)2H`qWqQ}&
zch4)Fg6Q`h3S4{squ1n;pH!w6UoU%T=o!6Hd#vYf`711G=z3`Nipk~IIN00<R~+?|
z&=Pnm(Xc|+4tq7?%F;_|PV&?NcSJvWPI9IVU6x8TjJ>Py`lbG}m9iI%-|aJ`4anQ^
zD8WZO{>=%a0^yH`&Zn)HH%u}$dKAgDdl0+GGw<+uFDz|Pe$bADb61|ER~*<%6V14x
z2%H~S$|KK}A(5UZ%NMHr=+wqWZ`Cc_aYZ`kgL9><m#QUF(;H!|mxhal*k-eo{Jav>
zrf%<RWU*!W24-$MiCjDWV4JuG`z-N|p%EM6R8$)!cqCZTBh>1)t}o<&H1R=Jd1xzV
zhb|9olV-!+M92LMEC$?5p3?t*l=qoQAh97<g8F)=a%LV?Uh<AhXVsr&8u+YfHb0%b
zEWu5`rlB|OqeRH&C+)GWkz!|7FfC^v9C=jjNELBmch&MOazR2g8V9tE*u|P@&#%Q6
zXj6rk2B|$8c_5^6daaPc4@P}DSzq07)hjQXy##5V?4hnq5y>`O<hX(E_IY2n_w9Bp
zqmOz{etBk4b48Nd>+A=c&fdc7RQAF&bPw;dL}oQ+M$nf?Tb6&u{9<HQRTNleba@s1
zwQw^D(-L(SgAA*9&V8G{O})A=#(e*PvCPlK3K($%+XxnJ6@9ns0)-D*Te@6b6tebN
z>uWvl5;KWOT)ItncNKei`rS(X$hb0z;R9;Bm?uig=<Z)RelItuEc^%$Ytdib(g4;2
zRX?_swlC#QU&@rHA1tsuJv?{2VvAOM--_fMD*?>%*WFv+uG*sR#XGe6Oa2m;n4SRU
zu>sNMcEd;3F-wvYX&UaZaiu@xG&MKxxWlGas5ZH!zUy2>_^LDEp)SYTw|WS7`(6on
ze3Ok?<1?GrqBL4{OZUa$%27;gf@kSlC03U+oKBz`lF;{G!&%P2CYqZ3<-rxOhDrN0
z)R`Nq?5mb~R9+=?us_jB!?AoN(~&sEcy_Hksw-<lrPl8-RgV26d1d^()OwNWbfLr-
zxiYEiXeDyxJh{K{o%vQ9XZ7~Jf$qVg4fdNw=t2szen>M^E`IOwE`RA#%jyRQ-8MF)
z@i^Svqei>$3jO9CJOTWtM5Na0^>Pa*aom}Doy>ed+fB7ky*cdNvz{S|-6L^A%a`}Z
zZYx?XE4OO5N_G7jS-Id?8u@wyzZjpd@wfa8`@L3C`S&im&YUzvwO(5Mko;bCt!w(p
z1qq|sr*bc@X!p=N9h|IGBPjXy_s!70k}}2MEer`?b;X`uwV{s+v-m5PUS=r$uE0Sj
zNBQU8rYTm2K-$}8wD+$m_n3GN31n29ve?3zc4V`6zeb|n(F`HW^o<(c`pxtcb@GNk
zulcU39ySp-doS}g%<xLEsCI?9sMN0eZm)MRJkI<|m3MhZzGep7%N*w#P3JmlzW$Zc
z;Tq4ZtsRC3=r=7sxrpOwlgv{qjd$!rL6YHbD=wVQddR9Rd*Gy=yKs!C+LupkPtWJM
zi^tUR{&ot-aAj!T9`mi~tXzyWSgCg+IsMUxo7E*Y;}+Rl`nN{^^*nFeTDEoIG_Qe|
zME#L-L2p0!mCAiPYIUu~;1TZ&wZgQNmC~`QaZeUS9cI9C1wW^0Jk0+^VL8@9%5x-4
z?S$B7tGfd}8DAfjwofpNIEY0retqT6-9)ct%N(}!Ef)yLQa)+ysb$Gqkt@C3bg)5U
zklQ;ZQSPl3bs6KG0minCEssrnC3{ZUeNNk~66aZad>2*`T(mV)xgVCc<Ng)umeb51
zZP@om*L8T+(j}~Cf2z9Spx5~%v3GH@%bA{XWE!c`7j?6gTF@I6ENZ@(s?5wlvx%RR
zo=!`(?eLmk?@!2PV3p&Z5At)L;gyO`+^|Y*=V_G|8{-z6-7PkLwA+)^tF|`taJBb+
z$gXtRsm!ycqSldTM8C)Td@^Ujmn0c3-XlLh98+?xcyjjoC$`!pE8p54se3z}u>bfL
zjoe>}<pF!!)!uyc){XkT^~T+yKFJ4nZfl2{_Gg@(4DSq2OnFp6<;<t~CuFmytxVTl
z_pLXTX~i6cO1yTw(>ZgdV`_St@Uv{b_Mt_knSZ#MHG;gwf4_eraYOg!g?fDlRh^ri
z9QEo34&MAp!aYV?4wWp+C|xTY!jV!an7O0=_x>eD=R4PY@2<OaSwmv8xbD+4+hW@k
z@23b_MA}hn^KIM9ZYZ$v)3)ApY~0IjI&0Qt>1%CKu!(3gXn1MR;1{ea(<7}BbuMwq
z+n`P@<tID|!U88!bog$qbn0okyD{U*@<Z;*^;KTOOQba;*KVXS=H>3o^mr2eAWm)@
zhlmOfhttPZi|;MsNx;}%NQ>D2Ft;+8F{nvdw}vxce0(ZJxG`gqfzWNLZJ*cuP7<fv
zxcu(%?GNpF{JcgJADEq8yEiPj@fFjy#j14Nm2q`<b$XmsS#C$tJbRj}m+RhSJ!03z
zcF=##vK}uE)f_MB<d69w89WSfk#DfB85+4~*p8p|I;%}>DL3RQzr?0@Lui>qYsQ6w
zoYo};3``GX`EGi$9*B+MNwSlQjkAtX<zqUlafP36OV}C4_8401qhl_jjK$BicG!eZ
zg+IvFUYDl1o}Fr|>6>?H?sY7@Uxvl<;y5CFq78XR_Hq=pW_%2w*Y-0^;chjpEMt4g
zeb3`n=>8Z^g{}8OkKJt>km~Z3qpP@Sd`gO@)b6v}{>FR!OOFipvv3qEv1AME`Z&P*
z)O|&N*&%<%AKL`A`;$82FIgYv3}4Ie!Kb^PHe1MFr-5dB*&v@}yJOU4c|q0JyVN#{
zk5XUgqPfY<VsX`UQNT*N)FeTRo>NsBg8WwWzp6ia{(cnrCYQM?s9i0ji6s&9E-^%Y
zs!XX`_U!|@&u3D9P+R!?Zlcl^%3h^5ZK(0*C(rRphHU9&IV-j&1bapWa_c5~WtV^1
z=Da7a=8P6IZTa#Dk?IW@1w8$=8J|U`cs}|2uULHN+!3+6XT4?Xt6pjR4x?Lq`knmh
z-`1mzlgmH$Tp3W&ml`Wkxb<i~x0$$S?G09;;|9`=E+U4}n`3yrgA@(u5`WfIa*5`s
zh=~N+ew61K3#V35s^cn8WC?68*IHDtOIGalGXSSy$?P2!KgDh{+8x)u?yr@jOXIEe
zG%c>7*BE#jBEO&hPE-43Ai$FU%jo%)E7zw~e-DWtZDRfrXusm+t5&*u+jrV9)EGaw
z&@HfN$Is07?V=J=wE~ZG`d7Nz3%A{DPokfoYT;6N@nF<?`N{9gKSmq3a&ak)1g@&&
z_EYXv5!*gImdrgU{osg_-q|YQS}yl*A!h0~Rwc^O+SPnH8vcX+-O@@P0eU_v-nO58
ztt<4frN^5YytGc=o-p5&&3bYD&(YYfW~TOmk%97*oyAKUBeey))N+Q-SNdB;(u`ac
z|32+)I%Tq?DO%;u;AQOCC$m>Mr!Tx&leTGOiPMLl{P}^yi3ta=9Z$}7yY^J?E$$c4
zS#?zM(dx)9ZmOgKG5gMj&UIUc{B&0N$Zw)I_uCO};n#Dcynoe=4Kcx`{Y6E0m#pyW
z2w7j&?;YK?GO$czby*jWx^eUi1I=D{Tam2u0UM6?YAh)zA8HpARTzwC@AfSyzfvtI
zT7IKZvFLDGa`jYud_wH@W9*LfyuUS6U$d`^^xfkvS~DW4G&zu_sM<btE0ZU~{{E-8
z8-r!`ajKSXDqh;-t+;sVJk!L6h#zW+n|aK=qI-*Cj#_Hae!rG;p=+<f%TW{K{^P7B
zzbnJTFG<G83HCW&<$XNT&t5YX<2=rO&OO|B-Bl&A=DuYw*&o<!KDs19zFB~7U8>v(
zrd>YbXU3BaC6|cP9gAcb{2`YpL*uz!*YY_-S?dXr$*7y(68i$oR!3Ipu_#Tck4+`6
zw_1E*PXKo89$)0r4|kR6YV?)0IyXk%d+pTVmnQhCID3CUqUrH{5`TmX?R6EZl#=df
zng7X2{Jd-M)zGI{|6d9Lsk(L7Y6qPj=ea!un=?OzGsg8LzSGv1#pb@6PTBq^P%<=7
z_|=rbHqPjPv1nt#80W)F4~IEhU;OGA=Ivm#b+A5}{$t9(vu3}X#RK6#-e&LjSLoiQ
zk+;8GNZ<*!&#3B?_;kSZnZb{N)bLXvjkX!V?BEy!&3`(^K(s54JH|j}R~-E@2FVX6
zb0cLiI+7AoVbqKHmBma{9&$3|1g+FDQ*~nG{i7SqpeD0u@v7+N>fg8YUx{sX;LOgI
zNTbob*~P#>y;?$_JKP~^b)1NnVRgt($x>D9c6ruy4Pg%3mEzntwx+xJk8#SbYdDc@
zs>a%t{=AjZ(<d=#A7g_BUHWPnm8?~1?}Zj|HpHC_dr|-N^y74e9Dxv?HSbh}ir5GB
zug2?0T0zGYE*hnXO)H-(_KG|neQM^Af?m!R{lH)?)s`Th;AMH^@gLZN&C*ra1E?C>
zLVixGj=OTNqm$yR3UX>cV#TL4=a2&Q2*9SqgG~SZ#e%Jb7YoST{D;{9!HWfLVGNp(
zuvS6T6~*k;RFLoBo^#M5dd`6b|6+lUyS1l}qX*W~*4oz5UUcSQ%VKam=w$J{BSQZ?
z5gILEa)4V8oJTSR9~YU?eC!Xp*}G$XEX4`qLSvISdi2~NCHeA2aNOuAI3JTmbUvog
zO6ub~tM^tx7zeTXy4Zx&n6;J{OpQ~LQfu9<F^eu-m@$xmZQ_qin~gIT!YQpuq%=7(
ziQcMM1Vn^BA~E%MQc-i!;6|?Vg};tLivh20&HOQ822`Mb%)FIhVoZyn*-VPbe?uL_
z!iQpj4W)!1%F+jGjfLz3MvN{ZBOD9(zn5U35#`yAG_D14B8mosVJD1;!CW~JLNp@5
zMiS0Q24CrO)iAy3`0)fV3>yGoh7CRh{>zN!v*KDx$l(s20jXEsTu^Grr<yPmc4lB;
zH}I{24ctr(AK1;>-O0h;2P-Tl;)9)$n}lQGEQTXx7Z~2rDroA$tlX<$!=D5+!Q}S+
zCpI}xz>Vt$#&vI^TDlZyZVf*8xON~+!^RbNnR$!`(6O8HxDHYiX$oKjYdT_{OKFM6
zbpitW%n-4Q^1#-NS=JF7Fc{BG!~?4V|0Wg~KQIM}A%?F$QA~rFumImm7{i=GL<9Tc
ziCDR?ypT7)9<!>M07NWXLM*SBFww9Q4g?}7OcTg*gQMFohJk@^&13kk1ku3a&V+#}
zFuc_Bsv+MGgMt=dBo}&Oi6dl)29^*b3~ZaX;1qEO5@(s7aK=A{1oyRkMWTVl-SHIb
zFHA8s?r_}mLxF&aJM);J1u+Qj67B?nDGUrzte?5gg0#Rd)rbdn#tV#q;S&a0V!ME_
zpMb~0gAl(4@wi6_0#jfZif&JvWSL0|{7{!@U=ZDWz>`DBf}7r*?5Fx5`s@cED{OA8
z*$p4p-NVivabSZuW;fD%PFm!<L_=GOJK;s9z%fLHg~(2cbV&?mkvcKQD}W|2r<e)!
zxBx^U&||>B>fz;v@_+~60YqH<IYl(ExQnH@h^v#|49(vQ7MvhZ2%2m?yF?lIg$wWt
z_yh?HCK?(F^0Ok7n;^J!Ph35*!OX`T0Uvj6IRRXQLSlmKXU1`7cM_mtenPb+8XL0T
z%t>xAFa-lb1812o5yodc_$1kJ4lcAM$V~WwDFk{bz70;bUS|M7etyamiX<8s#JAZ=
zLSgbj0(X9s>PsZaL~s<*xHAD6oN1@b1SGKLH|6i7nQ%H!H1JG7#tlqCVkkFF<afR%
zJ+N*x@xV}S!VOFzH$f4Z$LESJX{Qj4AsQG&di=l?A~Ga#W8Io!($Ru7mS|v*O=oRK
zL12jDJR|!e(&M_u5sfQ;1V1hXhM{p?M#BY2mz&k`^T)*#L3Uu=lvW1}13x4DEr(6%
ztH7c&;SCDKv#;0zKf^2>CZLc>7!dq}kuWB-DuCQ?W=#AGdJ88GoS3vkL-N9g+zM!c
z4e7Y|kgk}4gRp^?mcFmJzk`nV5n)XO+^S)MT<pXlL7p*JctIFa96}_N%alp8s}<a!
z_D%txGyxD=ri`NloLL<S%itFSWWAL%t9%4#$WW&*B4bqy5wE|AmWskKtS^YM<}!PX
z+>#QvCV?Pb54Qfv1@^oHJ~aX)#H?NlQuSsbz3s7J5%1*TF6?S=?PKpFEWQ=bGX+5)
z?@e>B!X5%b90#8aOc38oC<Vb8nXuxc;Lu}4#ETNZAtN8Sj1(N}ZSC&k>TwWf?NbX=
z4}o@W{E)y8v;`MeF!BUYi254zpm=l<TNlrnfI&fkQ6Rvg@#_JgY6EmbS7-2@2}l6j
zRMcAI1rU}L!2%X$WFXlb`q$DRW?qOO1H}CDG^8@%UJ^y3^?RW8&axNxZGgsrV{k!k
zuGUzTh?e3GA`W(-I|@SnzJ=`#0ViD;Pg4M(%JYEL($T4k1NKJ>Je{TIFbRsVgN(!)
z_x~4QcSIUD0F5t<(?0nHfNMe6hC7(?6|@>l<8Nw7ftOIRZr~+Uz`D@FtbYMA#OG|`
z{{|R;3*>;CyDA&43<nA2lik9=(Cm6{vcU$rNyq_OQd?nu#-4)?n9zEYoKc$WtinZg
zi1_wMsczCfejfyTB&7iUeO^m(X@ZYaU>gG7v$p;)X&;Zu`!B#aA4dQj@0Z>+3fP|S
z<FeQO1MsYmQvil$wSv`NqjkW<%%Fn<_wke)Xn`H@K8}0s7tuU}WN7?DA9Ng29>@Wg
zLHy?bDFbevA&72Uj5Wdpfeb0&gU>U*BGfW~4G+Y?m*PVfy#y1yYaVdrt^Wdyh;_)<
zx9M_kb_Kv-(L%)f)NQoDu;^yzVT&ZXK{AZgcAa1aihIpd{#`L@83?RXaC-<iSU!un
zktFLjpp--#VO(ajC<5T-&d%ekz|U`iCM4X~Q}3b%#?QBzoZ^JDJOUZ^9y+ZFnui#N
zd6pL{`@dxH^uYC*5Xhk6d+?JMz~3`ZhQ9w#2CNgVfTSQp3vhy?hk5fcz!r|6uz)Yi
za>~*3AR*!~8+KI}&aROEg&G{oHwUUiYZrL9VXs0BE#eNntWLR}fPg!&FXavcP>%UC
z?mqz|aylr;-`=;;<`V$roL5ZM+()Z1A<@ird;~#0_#r#<D=_g6f@BA0owpjb44|&S
zZOI`3e)I9c3QfSe5BT7--mVTc@Z4FCpK%Ce2w*=VLVCvW)c;>H;Ab2K86fXV7hubY
z0S5RCcDUdM=s_(5RM_DRKw+vw!1~ybR~x}pUj{4>H^95+Xq6`<ySZf!0vV`^Dt`Ka
z8DKZB%sC1Q0F*fg?*up*5KVt*IdO^Sv;9Lb1FIQ`4dCz!tqjm|0vGQoEGMAp?<&1j
zF9>))2r@(lh;Ks+44eM=YJ-CJK{7nnk{<R2_+YLRdEdEq)G`o)E&|{pweJG{0CaxP
z_2~F7z=&!*D8peU4I`kFE4JWMhArZZU!w(<wv-^{bQF>uB!xVuxD_Np+B_-vJO6Jf
za9mK30&;zZ)eVC9zP$vD3)(kmr8tQ1>y!0-(j8d%Li$)2I$WY1H?oaE+(H`i_`Me%
zm+S(pgKbPAkMBo`4fSkhet3p*vj~c}Nw2#MNdsqhqf;7M!Q+7u1X+U+Ei(rYWYs~C
zg<IL`EqdVDT_Fm%5Yr5k%|iAhaV2`t;u3bF5QLVq7H#i)0q!Lb)ZvMZ<^yV6{QREV
zqarH<&cneId9eKy_|A=0FOdwp)in3I@7eEVWT$3mD|1NO*;PeOMFrP$)?Ikp3EDRW
zZcO-t@7z=(M4G$5Kw$$I0=)Ag+O-h4k^-O?zC_sg37KlMfVif<IDSWgEHr6W;X5~K
zeaN6^cWx-~dX$J)_|8oxVywB$I+HUcE;K=qC9MyigAOJJ^cpa#uyDNeD^m5y?%d#M
zrXUC8yeqv&lSpse2!XyUtSTepykep-8xuBeDDY0~&+v^KmVTt*_?-*fBtmdn!ub7<
z_nQFg`@jd^xH*m<6pv2WxIrL*MErq!q&IHZ2T*H`7eH9z-^LAD8A#7A_{Pmc#4^m;
zxFKt6oWnzoM(;kHQ~@Z5+D`B~fPWCF);L5$LtSEK)lU|iw6<_;lke!TiE0oE*w6tF
zpf2GLo*f<&V>=!3+_6t(hmnDnlfIv)iN3L|o4C_#cF-diQgB*&5Fx>{!^R;ZEy*Cw
zjbR4l0C6UT0GWzE?@j~RL1$ieIE@aFC_9ja#_3ATDm*(R{6ePdY<8f)>uwLY1>xCY
z6fxFZW`E@_c)SgQbPdpvCY>EDej`<nTy~JaX9o&$Ks4tbp0XvK9fF2Y%0aZPPl0zk
za3Y8>ZNNX^*}-uHDL6hn;<CfCYYQ?DfqGYp-6g%P{}MeY9-WXK5D4(HXJjww?BG6%
zT5G%jbGP-$%7B|)#LUC9!<sRqGR(;iWD#+pL=8CnbtOBQC&13oySMOlOCU-_u)mBy
z9M-+?M1ycU1A8^`N7=<;Wmw5LI!yuY>~e_$EJU!Y$d5B1c3_|#W_UspoJ0ppNQSuG
zWdv0Jka@4lMGH<)tRSX3ata;x4Ar<67+IZ3hitgctEs8rl_r_=gx}RBO2QOE$-+yt
z)5O@;60+{Q{M^-z<h-0E^;~zG9u)T3IeWNnC%K%6(~`KPg(u-p2$ANd3bK_PZstIM
zN4KyYvjIuC7kuy~+D;lGTFIz33rLiN$wK3FC1w?#ggF-@gPu*o6nI^DiFOPz)?8+t
z$e9wyECjjli*O$4B>Vv_<ov^R_#{k04v1#2CcS1q5G;;^4}P|eb_r6NVKyc#(J1gv
zY-4y5?nexc&q5UX96077Q1VMO6MCc?6F~9*AS7Y3Mf*Pinx8anA)SQ3|91iAF44%!
zKzeq;lW;P~Sg@5jnTd^$mov*GvbO%G_49s9Yq0Z6Vu^+UonthJgsg;HqLIZWtt~t|
z2!R_2Xt0U00|jj2g%f;<mO_lJZ|HBLC+%|3Kwm=N!_?H(!`((-diKz$A-Rx((-J!5
z4#*|^!L!2zLZrDdjO^ieoJk=-lgQH;1(57(7ZYa(OGYAE$*2a49Mbr(MHU*TD>19^
z?68y>8T4#+pulSo2p9xX!9U<jG-t$EbD8xdXG$Ei5M%;R3=8S(@DeQ~`RqVJ4v6Nn
zlVABsFVTLnAf*{*V?uVIz&r8zUwC%t1m~JyvzCl|iHYLlGcG$&IQR^KhA&UQO?ru@
z4z5<A1jVBhvI7MHptGT;_K%d3&JI2QT>xRJe+@jcXGC$ci<o(Mc8CBkM<63%&JvA+
z*3c^m;MX9s+ra!Pp0`B%i4t+n63t}ci3YK~E%w1#utP}#S9%RPO~DmI{L+vt!?+0!
z>APVv`V#4-;c;;19u33)mWBw_HQ5rKPa5_o*gr=F3$|Nu_f{!r3$a`<?f)4pP%vlb
ztw;~9LkCO9{Zcb^2L)`1X__)kn;~#4X5%X26=??-I_x<sQUp}Huz$ZdMG{w<7bPy_
zS-6!jS$#=oMtH4rX$v}BqFRSS#D=(@n<?S74x<1OHrDr$xUQe+4ntQxZ+ks|PXkSD
z=N+>vVdyE71zyfrxYlt&h%`4NlPx&@)jC_d1500mR<tsxci=1GMs$F<l`zs;hnQ7(
zt-~aWjMdp%hXSuBi7W`ObvzMc&1Du#&XhQ2A;?>n3TmWloi?<P<ZB%YazHfiU*33$
zbgeTkhLmQ~wGIW|R}*amz-yfzairk*Y6Dm6L@nH(gh0oxDtsYb>*z?J2F0TjY8?au
zOujdWCSB`%{_g_JZAX)p0T(ZcnTOXpF_K70m{aSJMZ`J04{$V^cWX9-Ev%VqNAPy^
z7)r!Bwa)&9CmMuX*hP2t2T5FGX>^*-sdY>#<BIM)aSSvzW?poGx4{dyqQoV%!6~Tg
z2h?4@*rOh7H<O@wlPpSD2|{USNm<>zo%G72Ypej!k%!e-WRf7hwE}3Kt+6Pu4Eb?x
zvF~q)W$3O8Jn#S7h7OicW8u2~2s~QfHRz8TICdPyMO<UKDxkxjQ)5vuG33#GR*6Q8
zU@Gt6A;#s<K#BXW#-hMA<XZAh?R)~@fe?94V%#`Al(>*<;c7byt_9&5N;->>b}fOu
zsBvdqi!3ZIL=qPuaMw!RhYpsgq@<7-9e~Q@OUf1diLkvic1fsUovn>L^lUUGrFZYr
z^!0I=ZJ#NVo3}VE7v5ZPLx?oD@F9B$4VMQX!0{5!-Sl9EPys%8N!f%B5LZ%4;@f9r
zp>etrvkEUMb-=q@uoy*#)!CAg0<Xhh@i*6k@RBkQG1gpW0~Wpk1gXbxcHEJ4DYw!R
zsd}VKIkNiV%nIon@W*j14=8;XeCn`W-*L3y^Xpl0f|beAfU`1j8wXxgZUB$&AhR;Q
ztV7&D!^&Ql+yYdee*!KXJt!WXP*hTAB|*&w<&TP2NEem-HmJ463oy5+q_7AlW*%Nt
zzCtX+oT8F~){xg7cYM4II)QHoKKSh)Ia{P!;}9*yoo(@T2U#b>xjXbq$bOBIzjpwr
z!ZHj-3g+&GKo(?9MgX=U-1DRGEC__`T+8pH4m?c{d~oDea7rCLvK{V5IR#{hY^sY*
zx9}A_9QpJ?)W~*(;*tW}9{{q(Tjtx)i%!?(>HNtNEwYn0;qbrd!Z8(M`xjG0j2l3O
z-o}9IJm7>D*%{b*_F69mwtE4xwn!Q6BT#Mif%|1DFb}J9MvLs^P5P$IfrSZx#E@_Z
z>9hyRr-2VH2A$9UF9z<a4Fxfv@OD5kSsn}Kn+Rw|!HcoaD8(SE^T~#_e{+4@W8xK{
z9Ag5GgTRB#6JN9x03VpGKq<HYG~qOC^X`H3(=%&1xbtNkLJe$-bizT%i@K?=4gkk<
z1DE>XR-f`mjcj8nj=u&n_iiDDc@K%f^6u?J(#~gh>i-u5=X?~zfP%oGFPa(wAhWMK
zM;rvygVBpYcvOIb2SCUUH`DV+fd_m8?g#e(F|guA9qjS13Q$0XLatrq#dJ{+_0qwW
z1vqkiH(F#6a`6{y5rkZp=wfF4#abm;;FCB`jap~8=iy9_K>Z;-x0_~QzV8E*04~Jy
zK(s=D=&S2%YwvC^JNJ4o1tuUHY)U#^Gy!t`c5uZNE=0!3|5pgy{ay+}KrYxa6{{s`
zj={8_CKiIV4y_Q*HgG0zLLe|l_+iJ9gJ2#MfDi7C6}&VkeFAu+yC2RGD5wvGpflNR
z{XlyX`7dS@T4ZNi;z)=n1VOGKTP_t{2YO9~e8dDe@u3xCh5$tNhX~M)p?;(W2-pce
zcq&L0MT<P20Gt>IV(_x77{iCRF_>0x2m<Z_2gFc|0Tp7ni~b0FZ~GagdT^bFL<~OH
zixzpN_(be`Q&Q_stpi49;U+eE-zT)l&QQUPYq?Qi8#20snZb(!kaI4B@CPrqu-{Q5
z1Ft76a429yu09eJ?kuH&!BDvqYaROoE%prGh+G{)zV>;99(oyjl!-XhNy{uk9cA#L
z4!Zh^e^LNJ!11~JNW~VoTN?P_^KEiFS|Ob6{!_q#!hYm*5H|zxJ<XNGTy!X*7K0G>
z=W;<|>OpSUvPbB(F5qGBJT5G>Q42AT3&gSKW;FQqE+B$EsD|OOXVVVUV%QL#d7wZ5
zWCd+!bx%>yC|wM^5?%ou&_Rzp*CVmBk2@g{VxzCH^nRfJ{Nzikhh7Lm@}+<bO~^ij
zk3Y|V6`v3-vHDL@Bmb+y=05R5VM0PeXviCg!~ylYK{*Jw!E+<D>cfS=Kea<a2*?qH
z?|Khw0U?aQ2N$B#7_AWhsxTZAxYw-^n4>oK%z4s6Tr@!|1e^){gFgtE;F}cTDFrO7
znr9BPJ!pl1Gl4e;0w$uz<$r)~8;O=c<X*HwfE<P2?_9VY14YC<zHqT2aPW8v?7_i9
zk@bGGz@XuYq9nMJBYv?GsH_M&p74^O$_h0yXbGSx3389cl#=Pf*`UP+bmO~l2)wO=
z@4XK6z)&mr;C$EFqD2P1AN;c;WL=E(W)+<8VesQPXqNs&+m94BbD)sdlk_D@6KHHO
zPiuR7blBi$7a+cIJ!T4gL&#dazou%T!V`EIobNRb{{?yW{X7cDP=wV{?3f$`$TA?`
zz$5H#N3_WBxPpJ1m#oootwu<F&4&iPi$P%9IZudUXS6~PMcCN~f+;Wo#Tc4LX2SOX
z6N`Z}!aYyQ4XqGR1&Va0L)i6S*BvIkp>x0kJvKhDQdo6BeQq|Ey8M?w>C}1Qt;G{9
zFkt@Q(~V@C+qkK&yWnm=n-3ATirjuNthTm{fs3BCj<ch%oAB<#J7#zLnHJvd-$jH3
zzbu1Ah%|RkdL=nPoI^u^#<fo{VxW4H0XYl4+uwl>kmxEUS!mL%!gu@q4<loBcDJ7b
zuM1zLY)6bWmstw0%s`Mi;thN`AU>CX5B}PX(h;QU%|g!Ga3{QHK;bGS<h<MxaiXM8
z9oQa4DF@ERgv&A%cxPSk0O`(SNWt-&-MGE}@P!YMLZA;~SN-G%tk2);zl|Ogk51U@
zM<Box<+c#gd;JE-QEQDCVD4T&Ss8G%i<o)%UjGzg8RqQulSRaZ5-e~ux67@Xjez!e
z5T)VUa5e!*wZ?C``w=$7pdWE1dFuWj@YKuSG}Zw468PZ2so;m-V3in|@ci#+qZgt0
zL;zgBx}Q-2fGW=eb_@D1z_=<50q}$38a41%0|pd6L>jZ5_z%FdMHm9$f?eAfp8(+b
zHa>O|E$|^UHf~UfSD*%k*Gk~w@JH`%pF#^v__5%*-7X5sLkA8s`83l^fpc#Fa==eW
zi-e+;0sPPm?w%6a!-oI-`>HfQ%?pyG{{}zth|a(N{ro2ag-44rqreGH%nDF*!ATc8
zgBEz}+~yX(-HJeY<z$hMq?MlzM=JvssmDRqPF+22*w2B%yaO{FuDpB%T40#+_|6^z
z<#oq?)sR*`H3zK>o@kU${@%e%I;3{yq6OYc2&o7(W}qvcPz3Xf1uU@Otmo#T1%}OY
zd<P4G+v|RO#6>!+Tiie^1Ef4ItW!`Pa=FqoN|khAzAXm@IXsck<^KoZ*|1Il7%CQM
zWBMZv0q|y!Pv9%cqXp=IiB9hzC>yRHj^}(uGP)@iqQkZn_d)98P`y&+rd7(e4ug3n
zN9=0Hi_iiSxf*T<k%Fs1GU%}CQbR}Qp<kPXr<7%lXl3xnrxbI_B~xOd$;oFVNk8!t
zEv`3G(jgbOd}k5g36#|aa~wXu%bL&v6Gc^Ao1B8TL!<`{om!<2WYC-^!}1oiGQbT#
z+rvR%c$&D$AgGTr-|(%iXl3xh8=e9##J}^|BPu}vcl|uwceSI%h4VkFI|BZ9B<Xgy
z0OtcQ3K4}ljn`;p@FJYnqM$rv_$(csbY}n@1wMFu4eR_bz=)^$0qKB~q^)i71}*R*
zgw}=>X2`9tpkc*e+O`ra+|q>>*B?xC-1!6q@kOIhU4gX18o$s2`yo^qa&HX-dew`-
zx=_;vZsGFZXmPg^T#JHFL%_>uqT3FVbgf6j{{<N5S`>gG6GuF|B0-wz#1XW>gpDo)
zbBX%B;kpAWz;=@mG1Du?(BeX?eVl6{03P5mPx%45l}c>Hz#Vk7C|5(!5)?78q3ift
z(oD;&Knv`P(5E2_?-rdbKM3kkMSEg}^O?}%LhTLQ!72nyTXpcesDSl$*Lq^$le^FY
z|NBL91i*F;k1Sm|!D3&B7+7o{T3~3+huFmWQv(MNfUGosg-`E`7T61giJ3}vtK9)d
zNXFQS6>joFiwmvu5G(8&Ja7#EYv=I#b0h#g@N7$if`y@Q`LlDVtX2_&;Ra{O;BneL
z2rVwO#KQSBf^Zpi^;K`L82DY5W5mE2m1u#X)dpgwtC{ZidVsK{vYHt9_jk0wP{oZH
zSiPzylyul?96<|=rRdWjT!25~O*8nKQfmwyF46ut*=>h^9ka2Dug8^v9N=s=k$c@i
ziESwkRhYO|9Rk1R-l^<82AW2`;C?B5d1E(@PH9VVLU}#+QU(GSXQfhRZvu+X@6k51
zE=HLkp`y=z=1n6CMISV&|E#hPl>^Ze9C#v9o|zpjFp=_z%b|p17l+H>zCSbA{DB+b
z(Q33Z5Y~2c4M4#OpoHCMn-R<oc%Yfb!)vh3imqQvBm<%q2V{#)i3gcT&j2Smv@$@2
zFok9{ZrW=BVBmO!KNiC65a{Qz*|yCB`?y<s`Z#)EEp4rB9qn=3dW#qCSwJHPOb&4C
zfw7@qx8fp<4E^}G9hs2{%_#917bc5=lU|cZdN{^1dD7Ao1*b)%^q>WCAA=F65~s2R
MH<WC_NEpoj0CjrFvH$=8

literal 0
HcmV?d00001

diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/cleanup.test.ts b/src/core/server/saved_objects/migrationsv2/integration_tests/cleanup.test.ts
index 48bb282da18f6..1e494d4b55861 100644
--- a/src/core/server/saved_objects/migrationsv2/integration_tests/cleanup.test.ts
+++ b/src/core/server/saved_objects/migrationsv2/integration_tests/cleanup.test.ts
@@ -100,7 +100,7 @@ describe('migration v2', () => {
     await root.setup();
 
     await expect(root.start()).rejects.toThrow(
-      /Unable to migrate the corrupt saved object document with _id: 'index-pattern:test_index\*'/
+      'Unable to complete saved object migrations for the [.kibana] index: Migrations failed. Reason: Corrupt saved object documents: index-pattern:test_index*. To allow migrations to proceed, please delete these documents.'
     );
 
     const logFileContent = await asyncReadFile(logFilePath, 'utf-8');
diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/corrupt_outdated_docs.test.ts b/src/core/server/saved_objects/migrationsv2/integration_tests/corrupt_outdated_docs.test.ts
new file mode 100644
index 0000000000000..e48f1e65c120f
--- /dev/null
+++ b/src/core/server/saved_objects/migrationsv2/integration_tests/corrupt_outdated_docs.test.ts
@@ -0,0 +1,154 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import Path from 'path';
+import Fs from 'fs';
+import Util from 'util';
+import * as kbnTestServer from '../../../../test_helpers/kbn_server';
+import { Root } from '../../../root';
+
+const logFilePath = Path.join(__dirname, 'migration_test_corrupt_docs_kibana.log');
+
+const asyncUnlink = Util.promisify(Fs.unlink);
+async function removeLogFile() {
+  // ignore errors if it doesn't exist
+  await asyncUnlink(logFilePath).catch(() => void 0);
+}
+
+describe('migration v2 with corrupt saved object documents', () => {
+  let esServer: kbnTestServer.TestElasticsearchUtils;
+  let root: Root;
+
+  beforeAll(async () => {
+    await removeLogFile();
+  });
+
+  afterAll(async () => {
+    if (root) {
+      await root.shutdown();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 10000));
+  });
+
+  it('collects corrupt saved object documents accross batches', async () => {
+    const { startES } = kbnTestServer.createTestServers({
+      adjustTimeout: (t: number) => jest.setTimeout(t),
+      settings: {
+        es: {
+          license: 'basic',
+          // original uncorrupt SO:
+          // {
+          //  type: 'foo', // 'bar', 'baz'
+          //  foo: {}, // bar: {}, baz: {}
+          //  migrationVersion: {
+          //    foo: '7.13.0',
+          //  },
+          // },
+          // original corrupt SO example:
+          // {
+          //  id: 'bar:123'
+          //  type: 'foo',
+          //  foo: {},
+          //  migrationVersion: {
+          //    foo: '7.13.0',
+          //  },
+          // },
+          // contains migrated index with 8.0 aliases to skip migration, but run outdated doc search
+          dataArchive: Path.join(
+            __dirname,
+            'archives',
+            '8.0.0_migrated_with_corrupt_outdated_docs.zip'
+          ),
+        },
+      },
+    });
+
+    root = createRoot();
+
+    esServer = await startES();
+    const coreSetup = await root.setup();
+
+    coreSetup.savedObjects.registerType({
+      name: 'foo',
+      hidden: false,
+      mappings: { properties: {} },
+      namespaceType: 'agnostic',
+      migrations: {
+        '7.14.0': (doc) => doc,
+      },
+    });
+    coreSetup.savedObjects.registerType({
+      name: 'bar',
+      hidden: false,
+      mappings: { properties: {} },
+      namespaceType: 'agnostic',
+      migrations: {
+        '7.14.0': (doc) => doc,
+      },
+    });
+    coreSetup.savedObjects.registerType({
+      name: 'baz',
+      hidden: false,
+      mappings: { properties: {} },
+      namespaceType: 'agnostic',
+      migrations: {
+        '7.14.0': (doc) => doc,
+      },
+    });
+    try {
+      await root.start();
+    } catch (err) {
+      const corruptFooSOs = /foo:/g;
+      const corruptBarSOs = /bar:/g;
+      const corruptBazSOs = /baz:/g;
+      expect(
+        [
+          ...err.message.matchAll(corruptFooSOs),
+          ...err.message.matchAll(corruptBarSOs),
+          ...err.message.matchAll(corruptBazSOs),
+        ].length
+      ).toEqual(16);
+    }
+  });
+});
+
+function createRoot() {
+  return kbnTestServer.createRootWithCorePlugins(
+    {
+      migrations: {
+        skip: false,
+        enableV2: true,
+        batchSize: 5,
+      },
+      logging: {
+        appenders: {
+          file: {
+            type: 'file',
+            fileName: logFilePath,
+            layout: {
+              type: 'json',
+            },
+          },
+        },
+        loggers: [
+          {
+            name: 'root',
+            appenders: ['file'],
+          },
+        ],
+      },
+    },
+    {
+      oss: true,
+    }
+  );
+}
diff --git a/src/core/server/saved_objects/migrationsv2/migrations_state_action_machine.ts b/src/core/server/saved_objects/migrationsv2/migrations_state_action_machine.ts
index 85cc86fe0a468..8443f837a7f1d 100644
--- a/src/core/server/saved_objects/migrationsv2/migrations_state_action_machine.ts
+++ b/src/core/server/saved_objects/migrationsv2/migrations_state_action_machine.ts
@@ -10,7 +10,6 @@ import { errors as EsErrors } from '@elastic/elasticsearch';
 import * as Option from 'fp-ts/lib/Option';
 import { Logger, LogMeta } from '../../logging';
 import type { ElasticsearchClient } from '../../elasticsearch';
-import { CorruptSavedObjectError } from '../migrations/core/migrate_raw_docs';
 import { Model, Next, stateActionMachine } from './state_action_machine';
 import { cleanup } from './migrations_state_machine_cleanup';
 import { State } from './types';
@@ -74,7 +73,6 @@ const logActionResponse = (
 ) => {
   logger.debug(logMessagePrefix + `${state.controlState} RESPONSE`, res as LogMeta);
 };
-
 const dumpExecutionLog = (logger: Logger, logMessagePrefix: string, executionLog: ExecutionLog) => {
   logger.error(logMessagePrefix + 'migration failed, dumping execution log:');
   executionLog.forEach((log) => {
@@ -211,11 +209,6 @@ export async function migrationStateActionMachine({
       logger.error(e);
 
       dumpExecutionLog(logger, logMessagePrefix, executionLog);
-      if (e instanceof CorruptSavedObjectError) {
-        throw new Error(
-          `${e.message} To allow migrations to proceed, please delete this document from the [${initialState.indexPrefix}_${initialState.kibanaVersion}_001] index.`
-        );
-      }
 
       const newError = new Error(
         `Unable to complete saved object migrations for the [${initialState.indexPrefix}] index. ${e}`
diff --git a/src/core/server/saved_objects/migrationsv2/model.test.ts b/src/core/server/saved_objects/migrationsv2/model.test.ts
index 213e8b43c0ea0..bdaedba9c9ea3 100644
--- a/src/core/server/saved_objects/migrationsv2/model.test.ts
+++ b/src/core/server/saved_objects/migrationsv2/model.test.ts
@@ -36,12 +36,15 @@ import type {
   CloneTempToSource,
   SetTempWriteBlock,
   WaitForYellowSourceState,
+  TransformedDocumentsBulkIndex,
+  ReindexSourceToTempIndexBulk,
 } from './types';
 import { SavedObjectsRawDoc } from '..';
 import { AliasAction, RetryableEsClientError } from './actions';
 import { createInitialState, model } from './model';
 import { ResponseType } from './next';
 import { SavedObjectsMigrationConfigType } from '../saved_objects_config';
+import { TransformErrorObjects, TransformSavedObjectDocumentError } from '../migrations/core';
 
 describe('migrations v2 model', () => {
   const baseState: BaseState = {
@@ -778,6 +781,8 @@ describe('migrations v2 model', () => {
         targetIndex: '.kibana_7.11.0_001',
         tempIndexMappings: { properties: {} },
         lastHitSortValue: undefined,
+        corruptDocumentIds: [],
+        transformErrors: [],
       };
 
       it('REINDEX_SOURCE_TO_TEMP_READ -> REINDEX_SOURCE_TO_TEMP_INDEX if the index has outdated documents to reindex', () => {
@@ -802,6 +807,23 @@ describe('migrations v2 model', () => {
         expect(newState.controlState).toBe('REINDEX_SOURCE_TO_TEMP_CLOSE_PIT');
         expect(newState.sourceIndexPitId).toBe('pit_id');
       });
+
+      it('REINDEX_SOURCE_TO_TEMP_READ -> FATAL if no outdated documents to reindex and transform failures seen with previous outdated documents', () => {
+        const testState: ReindexSourceToTempRead = {
+          ...state,
+          corruptDocumentIds: ['a:b'],
+          transformErrors: [],
+        };
+        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_READ'> = Either.right({
+          outdatedDocuments: [],
+          lastHitSortValue: undefined,
+        });
+        const newState = model(testState, res) as FatalState;
+        expect(newState.controlState).toBe('FATAL');
+        expect(newState.reason).toMatchInlineSnapshot(
+          `"Migrations failed. Reason: Corrupt saved object documents: a:b. To allow migrations to proceed, please delete these documents."`
+        );
+      });
     });
 
     describe('REINDEX_SOURCE_TO_TEMP_CLOSE_PIT', () => {
@@ -833,38 +855,89 @@ describe('migrations v2 model', () => {
         sourceIndexPitId: 'pit_id',
         targetIndex: '.kibana_7.11.0_001',
         lastHitSortValue: undefined,
+        corruptDocumentIds: [],
+        transformErrors: [],
       };
+      const processedDocs = [
+        {
+          _id: 'a:b',
+          _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+        },
+      ] as SavedObjectsRawDoc[];
 
-      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_READ if action succeeded', () => {
-        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX'> = Either.right(
-          'bulk_index_succeeded'
-        );
+      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_INDEX_BULK if action succeeded', () => {
+        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX'> = Either.right({
+          processedDocs,
+        });
         const newState = model(state, res);
+        expect(newState.controlState).toEqual('REINDEX_SOURCE_TO_TEMP_INDEX_BULK');
+      });
+
+      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_READ if action succeeded but we have carried through previous failures', () => {
+        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX'> = Either.right({
+          processedDocs,
+        });
+        const testState = {
+          ...state,
+          corruptDocumentIds: ['a:b'],
+          transformErrors: [],
+        };
+        const newState = model(testState, res) as ReindexSourceToTempIndex;
         expect(newState.controlState).toEqual('REINDEX_SOURCE_TO_TEMP_READ');
-        expect(newState.retryCount).toEqual(0);
-        expect(newState.retryDelay).toEqual(0);
+        expect(newState.corruptDocumentIds.length).toEqual(1);
+        expect(newState.transformErrors.length).toEqual(0);
       });
 
-      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_READ when response is left target_index_had_write_block', () => {
+      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_READ when response is left documents_transform_failed', () => {
         const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX'> = Either.left({
-          type: 'target_index_had_write_block',
+          type: 'documents_transform_failed',
+          corruptDocumentIds: ['a:b'],
+          transformErrors: [],
         });
         const newState = model(state, res) as ReindexSourceToTempRead;
         expect(newState.controlState).toEqual('REINDEX_SOURCE_TO_TEMP_READ');
+        expect(newState.corruptDocumentIds.length).toEqual(1);
+        expect(newState.transformErrors.length).toEqual(0);
         expect(newState.retryCount).toEqual(0);
         expect(newState.retryDelay).toEqual(0);
       });
-
-      it('REINDEX_SOURCE_TO_TEMP_INDEX -> REINDEX_SOURCE_TO_TEMP_READ when response is left index_not_found_exception for temp index', () => {
-        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX'> = Either.left({
-          type: 'index_not_found_exception',
-          index: state.tempIndex,
-        });
-        const newState = model(state, res) as ReindexSourceToTempRead;
+    });
+    describe('REINDEX_SOURCE_TO_TEMP_INDEX_BULK', () => {
+      const transformedDocs = [
+        {
+          _id: 'a:b',
+          _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+        },
+      ] as SavedObjectsRawDoc[];
+      const reindexSourceToTempIndexBulkState: ReindexSourceToTempIndexBulk = {
+        ...baseState,
+        controlState: 'REINDEX_SOURCE_TO_TEMP_INDEX_BULK',
+        transformedDocs,
+        versionIndexReadyActions: Option.none,
+        sourceIndex: Option.some('.kibana') as Option.Some<string>,
+        sourceIndexPitId: 'pit_id',
+        targetIndex: '.kibana_7.11.0_001',
+        lastHitSortValue: undefined,
+      };
+      test('REINDEX_SOURCE_TO_TEMP_INDEX_BULK -> REINDEX_SOURCE_TO_TEMP_READ if action succeeded', () => {
+        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX_BULK'> = Either.right(
+          'bulk_index_succeeded'
+        );
+        const newState = model(reindexSourceToTempIndexBulkState, res);
         expect(newState.controlState).toEqual('REINDEX_SOURCE_TO_TEMP_READ');
         expect(newState.retryCount).toEqual(0);
         expect(newState.retryDelay).toEqual(0);
       });
+      test('REINDEX_SOURCE_TO_TEMP_INDEX_BULK should throw a throwBadResponse error if action failed', () => {
+        const res: ResponseType<'REINDEX_SOURCE_TO_TEMP_INDEX_BULK'> = Either.left({
+          type: 'retryable_es_client_error',
+          message: 'random documents bulk index error',
+        });
+        const newState = model(reindexSourceToTempIndexBulkState, res);
+        expect(newState.controlState).toEqual('REINDEX_SOURCE_TO_TEMP_INDEX_BULK');
+        expect(newState.retryCount).toEqual(1);
+        expect(newState.retryDelay).toEqual(2000);
+      });
     });
 
     describe('SET_TEMP_WRITE_BLOCK', () => {
@@ -943,6 +1016,8 @@ describe('migrations v2 model', () => {
         targetIndex: '.kibana_7.11.0_001',
         lastHitSortValue: undefined,
         hasTransformedDocs: false,
+        corruptDocumentIds: [],
+        transformErrors: [],
       };
 
       it('OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_TRANSFORM if found documents to transform', () => {
@@ -967,6 +1042,37 @@ describe('migrations v2 model', () => {
         expect(newState.controlState).toBe('OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT');
         expect(newState.pitId).toBe('pit_id');
       });
+
+      it('OUTDATED_DOCUMENTS_SEARCH_READ -> FATAL if no outdated documents to transform and we have failed document migrations', () => {
+        const corruptDocumentIdsCarriedOver = ['a:somethingelse'];
+        const originalTransformError = new Error('something went wrong');
+        const transFormErr = new TransformSavedObjectDocumentError(
+          '123',
+          'vis',
+          undefined,
+          'randomvis: 7.12.0',
+          'failedDoc',
+          originalTransformError
+        );
+        const transformationErrors = [
+          { rawId: 'bob:tail', err: transFormErr },
+        ] as TransformErrorObjects[];
+        const res: ResponseType<'OUTDATED_DOCUMENTS_SEARCH_READ'> = Either.right({
+          outdatedDocuments: [],
+          lastHitSortValue: undefined,
+        });
+        const transformErrorsState: OutdatedDocumentsSearchRead = {
+          ...state,
+          corruptDocumentIds: [...corruptDocumentIdsCarriedOver],
+          transformErrors: [...transformationErrors],
+        };
+        const newState = model(transformErrorsState, res) as FatalState;
+        expect(newState.controlState).toBe('FATAL');
+        expect(newState.reason.includes('Migrations failed. Reason:')).toBe(true);
+        expect(newState.reason.includes('Corrupt saved object documents: ')).toBe(true);
+        expect(newState.reason.includes('Transformation errors: ')).toBe(true);
+        expect(newState.reason.includes('randomvis: 7.12.0')).toBe(true);
+      });
     });
 
     describe('OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT', () => {
@@ -1006,9 +1112,20 @@ describe('migrations v2 model', () => {
     });
 
     describe('OUTDATED_DOCUMENTS_TRANSFORM', () => {
-      const outdatedDocuments = ([
-        Symbol('raw saved object doc'),
-      ] as unknown) as SavedObjectsRawDoc[];
+      const outdatedDocuments = [{ _id: '1', _source: { type: 'vis' } }];
+      const corruptDocumentIds = ['a:somethingelse'];
+      const originalTransformError = new Error('Dang diggity!');
+      const transFormErr = new TransformSavedObjectDocumentError(
+        'id',
+        'type',
+        'namespace',
+        'failedTransform',
+        'failedDoc',
+        originalTransformError
+      );
+      const transformationErrors = [
+        { rawId: 'bob:tail', err: transFormErr },
+      ] as TransformErrorObjects[];
       const outdatedDocumentsTransformState: OutdatedDocumentsTransform = {
         ...baseState,
         controlState: 'OUTDATED_DOCUMENTS_TRANSFORM',
@@ -1016,18 +1133,132 @@ describe('migrations v2 model', () => {
         sourceIndex: Option.some('.kibana') as Option.Some<string>,
         targetIndex: '.kibana_7.11.0_001',
         outdatedDocuments,
+        corruptDocumentIds: [],
+        transformErrors: [],
         pitId: 'pit_id',
         lastHitSortValue: [3, 4],
         hasTransformedDocs: false,
       };
-      test('OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH_READ if action succeeds', () => {
-        const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.right(
-          'bulk_index_succeeded'
-        );
-        const newState = model(outdatedDocumentsTransformState, res);
-        expect(newState.controlState).toEqual('OUTDATED_DOCUMENTS_SEARCH_READ');
-        expect(newState.retryCount).toEqual(0);
-        expect(newState.retryDelay).toEqual(0);
+      describe('OUTDATED_DOCUMENTS_TRANSFORM if action succeeds', () => {
+        const processedDocs = [
+          {
+            _id: 'a:b',
+            _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+          },
+        ] as SavedObjectsRawDoc[];
+        test('OUTDATED_DOCUMENTS_TRANSFORM -> TRANSFORMED_DOCUMENTS_BULK_INDEX if action succeeds', () => {
+          const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.right({ processedDocs });
+          const newState = model(
+            outdatedDocumentsTransformState,
+            res
+          ) as TransformedDocumentsBulkIndex;
+          expect(newState.controlState).toEqual('TRANSFORMED_DOCUMENTS_BULK_INDEX');
+          expect(newState.transformedDocs).toEqual(processedDocs);
+          expect(newState.retryCount).toEqual(0);
+          expect(newState.retryDelay).toEqual(0);
+        });
+        test('OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH_READ if there are are existing documents that failed transformation', () => {
+          const outdatedDocumentsTransformStateWithFailedDocuments: OutdatedDocumentsTransform = {
+            ...outdatedDocumentsTransformState,
+            corruptDocumentIds: [...corruptDocumentIds],
+            transformErrors: [],
+          };
+          const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.right({ processedDocs });
+          const newState = model(
+            outdatedDocumentsTransformStateWithFailedDocuments,
+            res
+          ) as OutdatedDocumentsSearchRead;
+          expect(newState.controlState).toEqual('OUTDATED_DOCUMENTS_SEARCH_READ');
+          expect(newState.corruptDocumentIds).toEqual(corruptDocumentIds);
+          expect(newState.retryCount).toEqual(0);
+          expect(newState.retryDelay).toEqual(0);
+        });
+        test('OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH_READ if there are are existing documents that failed transformation because of transform errors', () => {
+          const outdatedDocumentsTransformStateWithFailedDocuments: OutdatedDocumentsTransform = {
+            ...outdatedDocumentsTransformState,
+            corruptDocumentIds: [],
+            transformErrors: [...transformationErrors],
+          };
+          const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.right({ processedDocs });
+          const newState = model(
+            outdatedDocumentsTransformStateWithFailedDocuments,
+            res
+          ) as OutdatedDocumentsSearchRead;
+          expect(newState.controlState).toEqual('OUTDATED_DOCUMENTS_SEARCH_READ');
+          expect(newState.corruptDocumentIds.length).toEqual(0);
+          expect(newState.transformErrors.length).toEqual(1);
+          expect(newState.retryCount).toEqual(0);
+          expect(newState.retryDelay).toEqual(0);
+        });
+      });
+      describe('OUTDATED_DOCUMENTS_TRANSFORM if action fails', () => {
+        test('OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH_READ adding newly failed documents to state if documents failed the transform', () => {
+          const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.left({
+            type: 'documents_transform_failed',
+            corruptDocumentIds,
+            transformErrors: [],
+          });
+          const newState = model(
+            outdatedDocumentsTransformState,
+            res
+          ) as OutdatedDocumentsSearchRead;
+          expect(newState.controlState).toEqual('OUTDATED_DOCUMENTS_SEARCH_READ');
+          expect(newState.corruptDocumentIds).toEqual(corruptDocumentIds);
+        });
+        test('OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH_READ combines newly failed documents with those already on state if documents failed the transform', () => {
+          const newFailedTransformDocumentIds = ['b:other', 'c:__'];
+          const outdatedDocumentsTransformStateWithFailedDocuments: OutdatedDocumentsTransform = {
+            ...outdatedDocumentsTransformState,
+            corruptDocumentIds: [...corruptDocumentIds],
+            transformErrors: [...transformationErrors],
+          };
+          const res: ResponseType<'OUTDATED_DOCUMENTS_TRANSFORM'> = Either.left({
+            type: 'documents_transform_failed',
+            corruptDocumentIds: newFailedTransformDocumentIds,
+            transformErrors: transformationErrors,
+          });
+          const newState = model(
+            outdatedDocumentsTransformStateWithFailedDocuments,
+            res
+          ) as OutdatedDocumentsSearchRead;
+          expect(newState.controlState).toEqual('OUTDATED_DOCUMENTS_SEARCH_READ');
+          expect(newState.corruptDocumentIds).toEqual([
+            ...corruptDocumentIds,
+            ...newFailedTransformDocumentIds,
+          ]);
+        });
+      });
+    });
+    describe('TRANSFORMED_DOCUMENTS_BULK_INDEX', () => {
+      const transformedDocs = [
+        {
+          _id: 'a:b',
+          _source: { type: 'a', a: { name: 'HOI!' }, migrationVersion: {}, references: [] },
+        },
+      ] as SavedObjectsRawDoc[];
+      const transformedDocumentsBulkIndexState: TransformedDocumentsBulkIndex = {
+        ...baseState,
+        controlState: 'TRANSFORMED_DOCUMENTS_BULK_INDEX',
+        transformedDocs,
+        versionIndexReadyActions: Option.none,
+        sourceIndex: Option.some('.kibana') as Option.Some<string>,
+        targetIndex: '.kibana_7.11.0_001',
+        pitId: 'pit_id',
+        lastHitSortValue: [3, 4],
+        hasTransformedDocs: false,
+      };
+      test('TRANSFORMED_DOCUMENTS_BULK_INDEX should throw a throwBadResponse error if action failed', () => {
+        const res: ResponseType<'TRANSFORMED_DOCUMENTS_BULK_INDEX'> = Either.left({
+          type: 'retryable_es_client_error',
+          message: 'random documents bulk index error',
+        });
+        const newState = model(
+          transformedDocumentsBulkIndexState,
+          res
+        ) as TransformedDocumentsBulkIndex;
+        expect(newState.controlState).toEqual('TRANSFORMED_DOCUMENTS_BULK_INDEX');
+        expect(newState.retryCount).toEqual(1);
+        expect(newState.retryDelay).toEqual(2000);
       });
     });
 
diff --git a/src/core/server/saved_objects/migrationsv2/model.ts b/src/core/server/saved_objects/migrationsv2/model.ts
index 318eff19d5e24..cf9d6aec6b5b0 100644
--- a/src/core/server/saved_objects/migrationsv2/model.ts
+++ b/src/core/server/saved_objects/migrationsv2/model.ts
@@ -16,7 +16,7 @@ import { IndexMapping } from '../mappings';
 import { ResponseType } from './next';
 import { SavedObjectsMigrationVersion } from '../types';
 import { disableUnknownTypeMappingFields } from '../migrations/core/migration_context';
-import { excludeUnusedTypesQuery } from '../migrations/core';
+import { excludeUnusedTypesQuery, TransformErrorObjects } from '../migrations/core';
 import { SavedObjectsMigrationConfigType } from '../saved_objects_config';
 
 /**
@@ -97,6 +97,31 @@ function getAliases(indices: FetchIndexResponse) {
   }, {} as Record<string, string>);
 }
 
+/**
+ * Constructs migration failure message strings from corrupt document ids and document transformation errors
+ */
+function extractTransformFailuresReason(
+  corruptDocumentIds: string[],
+  transformErrors: TransformErrorObjects[]
+): { corruptDocsReason: string; transformErrsReason: string } {
+  const corruptDocumentIdReason =
+    corruptDocumentIds.length > 0
+      ? ` Corrupt saved object documents: ${corruptDocumentIds.join(',')}`
+      : '';
+  // we have both the saved object Id and the stack trace in each `transformErrors` item.
+  const transformErrorsReason =
+    transformErrors.length > 0
+      ? ' Transformation errors: ' +
+        transformErrors
+          .map((errObj) => `${errObj.rawId}: ${errObj.err.message}\n ${errObj.err.stack ?? ''}`)
+          .join('/n')
+      : '';
+  return {
+    corruptDocsReason: corruptDocumentIdReason,
+    transformErrsReason: transformErrorsReason,
+  };
+}
+
 const delayRetryState = <S extends State>(
   state: S,
   errorMessage: string,
@@ -481,11 +506,15 @@ export const model = (currentState: State, resW: ResponseType<AllActionStates>):
         controlState: 'REINDEX_SOURCE_TO_TEMP_READ',
         sourceIndexPitId: res.right.pitId,
         lastHitSortValue: undefined,
+        // placeholders to collect document transform problems
+        corruptDocumentIds: [],
+        transformErrors: [],
       };
     } else {
       throwBadResponse(stateP, res);
     }
   } else if (stateP.controlState === 'REINDEX_SOURCE_TO_TEMP_READ') {
+    // we carry through any failures we've seen with transforming documents on state
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
       if (res.right.outdatedDocuments.length > 0) {
@@ -495,11 +524,27 @@ export const model = (currentState: State, resW: ResponseType<AllActionStates>):
           outdatedDocuments: res.right.outdatedDocuments,
           lastHitSortValue: res.right.lastHitSortValue,
         };
+      } else {
+        // we don't have any more outdated documents and need to either fail or move on to updating the target mappings.
+        if (stateP.corruptDocumentIds.length > 0 || stateP.transformErrors.length > 0) {
+          const { corruptDocsReason, transformErrsReason } = extractTransformFailuresReason(
+            stateP.corruptDocumentIds,
+            stateP.transformErrors
+          );
+          return {
+            ...stateP,
+            controlState: 'FATAL',
+            reason: `Migrations failed. Reason:${corruptDocsReason}${transformErrsReason}. To allow migrations to proceed, please delete these documents.`,
+          };
+        } else {
+          // we don't have any more outdated documents and we haven't encountered any document transformation issues.
+          // Close the PIT search and carry on with the happy path.
+          return {
+            ...stateP,
+            controlState: 'REINDEX_SOURCE_TO_TEMP_CLOSE_PIT',
+          };
+        }
       }
-      return {
-        ...stateP,
-        controlState: 'REINDEX_SOURCE_TO_TEMP_CLOSE_PIT',
-      };
     } else {
       throwBadResponse(stateP, res);
     }
@@ -516,34 +561,55 @@ export const model = (currentState: State, resW: ResponseType<AllActionStates>):
       throwBadResponse(stateP, res);
     }
   } else if (stateP.controlState === 'REINDEX_SOURCE_TO_TEMP_INDEX') {
+    // We follow a similar control flow as for
+    // outdated document search -> outdated document transform -> transform documents bulk index
+    // collecting issues along the way rather than failing
+    // REINDEX_SOURCE_TO_TEMP_INDEX handles the document transforms
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
-      return {
-        ...stateP,
-        controlState: 'REINDEX_SOURCE_TO_TEMP_READ',
-      };
+      if (stateP.corruptDocumentIds.length === 0 && stateP.transformErrors.length === 0) {
+        return {
+          ...stateP,
+          controlState: 'REINDEX_SOURCE_TO_TEMP_INDEX_BULK', // handles the actual bulk indexing into temp index
+          transformedDocs: [...res.right.processedDocs],
+        };
+      } else {
+        // we don't have any transform issues with the current batch of outdated docs but
+        // we have carried through previous transformation issues.
+        // The migration will ultimately fail but before we do that, continue to
+        // search through remaining docs for more issues and pass the previous failures along on state
+        return {
+          ...stateP,
+          controlState: 'REINDEX_SOURCE_TO_TEMP_READ',
+        };
+      }
     } else {
+      // we have failures from the current batch of documents and add them to the lists
       const left = res.left;
-      if (
-        isLeftTypeof(left, 'target_index_had_write_block') ||
-        (isLeftTypeof(left, 'index_not_found_exception') && left.index === stateP.tempIndex)
-      ) {
-        // index_not_found_exception:
-        //   another instance completed the MARK_VERSION_INDEX_READY and
-        //   removed the temp index.
-        // target_index_had_write_block
-        //   another instance completed the SET_TEMP_WRITE_BLOCK step adding a
-        //   write block to the temp index.
-        //
-        // For simplicity we continue linearly through the next steps even if
-        // we know another instance already completed these.
+      if (isLeftTypeof(left, 'documents_transform_failed')) {
         return {
           ...stateP,
           controlState: 'REINDEX_SOURCE_TO_TEMP_READ',
+          corruptDocumentIds: [...stateP.corruptDocumentIds, ...left.corruptDocumentIds],
+          transformErrors: [...stateP.transformErrors, ...left.transformErrors],
         };
+      } else {
+        // should never happen
+        throwBadResponse(stateP, res as never);
       }
-      // should never happen
-      throwBadResponse(stateP, res as never);
+    }
+  } else if (stateP.controlState === 'REINDEX_SOURCE_TO_TEMP_INDEX_BULK') {
+    const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
+    if (Either.isRight(res)) {
+      return {
+        ...stateP,
+        controlState: 'REINDEX_SOURCE_TO_TEMP_READ',
+        // we're still on the happy path with no transformation failures seen.
+        corruptDocumentIds: [],
+        transformErrors: [],
+      };
+    } else {
+      throwBadResponse(stateP, res);
     }
   } else if (stateP.controlState === 'SET_TEMP_WRITE_BLOCK') {
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
@@ -611,6 +677,8 @@ export const model = (currentState: State, resW: ResponseType<AllActionStates>):
         pitId: res.right.pitId,
         lastHitSortValue: undefined,
         hasTransformedDocs: false,
+        corruptDocumentIds: [],
+        transformErrors: [],
       };
     } else {
       throwBadResponse(stateP, res);
@@ -626,59 +694,111 @@ export const model = (currentState: State, resW: ResponseType<AllActionStates>):
           lastHitSortValue: res.right.lastHitSortValue,
         };
       } else {
+        // we don't have any more outdated documents and need to either fail or move on to updating the target mappings.
+        if (stateP.corruptDocumentIds.length > 0 || stateP.transformErrors.length > 0) {
+          const { corruptDocsReason, transformErrsReason } = extractTransformFailuresReason(
+            stateP.corruptDocumentIds,
+            stateP.transformErrors
+          );
+          return {
+            ...stateP,
+            controlState: 'FATAL',
+            reason: `Migrations failed. Reason:${corruptDocsReason}${transformErrsReason}. To allow migrations to proceed, please delete these documents.`,
+          };
+        } else {
+          // If there are no more results we have transformed all outdated
+          // documents and we didn't encounter any corrupt documents or transformation errors
+          // and can proceed to the next step
+          return {
+            ...stateP,
+            controlState: 'OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT',
+          };
+        }
+      }
+    } else {
+      throwBadResponse(stateP, res);
+    }
+  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_TRANSFORM') {
+    const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
+    if (Either.isRight(res)) {
+      // we haven't seen corrupt documents or any transformation errors thus far in the migration
+      // index the migrated docs
+      if (stateP.corruptDocumentIds.length === 0 && stateP.transformErrors.length === 0) {
+        return {
+          ...stateP,
+          controlState: 'TRANSFORMED_DOCUMENTS_BULK_INDEX',
+          transformedDocs: [...res.right.processedDocs],
+          hasTransformedDocs: true,
+        };
+      } else {
+        // We have seen corrupt documents and/or transformation errors
+        // skip indexing and go straight to reading and transforming more docs
         return {
           ...stateP,
-          controlState: 'OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT',
+          controlState: 'OUTDATED_DOCUMENTS_SEARCH_READ',
         };
       }
     } else {
-      throwBadResponse(stateP, res);
+      if (isLeftTypeof(res.left, 'documents_transform_failed')) {
+        // continue to build up any more transformation errors before failing the migration.
+        return {
+          ...stateP,
+          controlState: 'OUTDATED_DOCUMENTS_SEARCH_READ',
+          corruptDocumentIds: [...stateP.corruptDocumentIds, ...res.left.corruptDocumentIds],
+          transformErrors: [...stateP.transformErrors, ...res.left.transformErrors],
+          hasTransformedDocs: false,
+        };
+      } else {
+        throwBadResponse(stateP, res as never);
+      }
     }
-  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_REFRESH') {
+  } else if (stateP.controlState === 'TRANSFORMED_DOCUMENTS_BULK_INDEX') {
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
       return {
         ...stateP,
-        controlState: 'UPDATE_TARGET_MAPPINGS',
+        controlState: 'OUTDATED_DOCUMENTS_SEARCH_READ',
+        corruptDocumentIds: [],
+        transformErrors: [],
+        hasTransformedDocs: true,
       };
     } else {
       throwBadResponse(stateP, res);
     }
-  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT') {
+  } else if (stateP.controlState === 'UPDATE_TARGET_MAPPINGS') {
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
-      const { pitId, hasTransformedDocs, ...state } = stateP;
-      if (hasTransformedDocs) {
-        return {
-          ...state,
-          controlState: 'OUTDATED_DOCUMENTS_REFRESH',
-        };
-      }
       return {
-        ...state,
-        controlState: 'UPDATE_TARGET_MAPPINGS',
+        ...stateP,
+        controlState: 'UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK',
+        updateTargetMappingsTaskId: res.right.taskId,
       };
     } else {
-      throwBadResponse(stateP, res);
+      throwBadResponse(stateP, res as never);
     }
-  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_TRANSFORM') {
+  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_REFRESH') {
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
       return {
         ...stateP,
-        controlState: 'OUTDATED_DOCUMENTS_SEARCH_READ',
-        hasTransformedDocs: true,
+        controlState: 'UPDATE_TARGET_MAPPINGS',
       };
     } else {
-      throwBadResponse(stateP, res as never);
+      throwBadResponse(stateP, res);
     }
-  } else if (stateP.controlState === 'UPDATE_TARGET_MAPPINGS') {
+  } else if (stateP.controlState === 'OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT') {
     const res = resW as ExcludeRetryableEsError<ResponseType<typeof stateP.controlState>>;
     if (Either.isRight(res)) {
+      const { pitId, hasTransformedDocs, ...state } = stateP;
+      if (hasTransformedDocs) {
+        return {
+          ...state,
+          controlState: 'OUTDATED_DOCUMENTS_REFRESH',
+        };
+      }
       return {
-        ...stateP,
-        controlState: 'UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK',
-        updateTargetMappingsTaskId: res.right.taskId,
+        ...state,
+        controlState: 'UPDATE_TARGET_MAPPINGS',
       };
     } else {
       throwBadResponse(stateP, res);
diff --git a/src/core/server/saved_objects/migrationsv2/next.ts b/src/core/server/saved_objects/migrationsv2/next.ts
index 536c07d6a071d..07ebf80271d48 100644
--- a/src/core/server/saved_objects/migrationsv2/next.ts
+++ b/src/core/server/saved_objects/migrationsv2/next.ts
@@ -32,6 +32,8 @@ import type {
   SetTempWriteBlock,
   WaitForYellowSourceState,
   TransformRawDocs,
+  TransformedDocumentsBulkIndex,
+  ReindexSourceToTempIndexBulk,
   OutdatedDocumentsSearchOpenPit,
   OutdatedDocumentsSearchRead,
   OutdatedDocumentsSearchClosePit,
@@ -82,11 +84,12 @@ export const nextActionMap = (client: ElasticsearchClient, transformRawDocs: Tra
     REINDEX_SOURCE_TO_TEMP_CLOSE_PIT: (state: ReindexSourceToTempClosePit) =>
       Actions.closePit(client, state.sourceIndexPitId),
     REINDEX_SOURCE_TO_TEMP_INDEX: (state: ReindexSourceToTempIndex) =>
-      Actions.transformDocs(
+      Actions.transformDocs(transformRawDocs, state.outdatedDocuments),
+    REINDEX_SOURCE_TO_TEMP_INDEX_BULK: (state: ReindexSourceToTempIndexBulk) =>
+      Actions.bulkOverwriteTransformedDocuments(
         client,
-        transformRawDocs,
-        state.outdatedDocuments,
         state.tempIndex,
+        state.transformedDocs,
         /**
          * Since we don't run a search against the target index, we disable "refresh" to speed up
          * the migration process.
@@ -121,11 +124,12 @@ export const nextActionMap = (client: ElasticsearchClient, transformRawDocs: Tra
     OUTDATED_DOCUMENTS_REFRESH: (state: OutdatedDocumentsRefresh) =>
       Actions.refreshIndex(client, state.targetIndex),
     OUTDATED_DOCUMENTS_TRANSFORM: (state: OutdatedDocumentsTransform) =>
-      Actions.transformDocs(
+      Actions.transformDocs(transformRawDocs, state.outdatedDocuments),
+    TRANSFORMED_DOCUMENTS_BULK_INDEX: (state: TransformedDocumentsBulkIndex) =>
+      Actions.bulkOverwriteTransformedDocuments(
         client,
-        transformRawDocs,
-        state.outdatedDocuments,
         state.targetIndex,
+        state.transformedDocs,
         /**
          * Since we don't run a search against the target index, we disable "refresh" to speed up
          * the migration process.
diff --git a/src/core/server/saved_objects/migrationsv2/types.ts b/src/core/server/saved_objects/migrationsv2/types.ts
index ac807e9d61776..f5800a3cd9570 100644
--- a/src/core/server/saved_objects/migrationsv2/types.ts
+++ b/src/core/server/saved_objects/migrationsv2/types.ts
@@ -6,12 +6,18 @@
  * Side Public License, v 1.
  */
 
+import * as TaskEither from 'fp-ts/lib/TaskEither';
 import * as Option from 'fp-ts/lib/Option';
 import { estypes } from '@elastic/elasticsearch';
 import { ControlState } from './state_action_machine';
 import { AliasAction } from './actions';
 import { IndexMapping } from '../mappings';
 import { SavedObjectsRawDoc } from '..';
+import { TransformErrorObjects } from '../migrations/core';
+import {
+  DocumentsTransformFailed,
+  DocumentsTransformSuccess,
+} from '../migrations/core/migrate_raw_docs';
 
 export type MigrationLogLevel = 'error' | 'info';
 
@@ -175,6 +181,8 @@ export interface ReindexSourceToTempRead extends PostInitState {
   readonly controlState: 'REINDEX_SOURCE_TO_TEMP_READ';
   readonly sourceIndexPitId: string;
   readonly lastHitSortValue: number[] | undefined;
+  readonly corruptDocumentIds: string[];
+  readonly transformErrors: TransformErrorObjects[];
 }
 
 export interface ReindexSourceToTempClosePit extends PostInitState {
@@ -187,6 +195,15 @@ export interface ReindexSourceToTempIndex extends PostInitState {
   readonly outdatedDocuments: SavedObjectsRawDoc[];
   readonly sourceIndexPitId: string;
   readonly lastHitSortValue: number[] | undefined;
+  readonly corruptDocumentIds: string[];
+  readonly transformErrors: TransformErrorObjects[];
+}
+
+export interface ReindexSourceToTempIndexBulk extends PostInitState {
+  readonly controlState: 'REINDEX_SOURCE_TO_TEMP_INDEX_BULK';
+  readonly transformedDocs: SavedObjectsRawDoc[];
+  readonly sourceIndexPitId: string;
+  readonly lastHitSortValue: number[] | undefined;
 }
 
 export type SetTempWriteBlock = PostInitState & {
@@ -233,6 +250,8 @@ export interface OutdatedDocumentsSearchRead extends PostInitState {
   readonly pitId: string;
   readonly lastHitSortValue: number[] | undefined;
   readonly hasTransformedDocs: boolean;
+  readonly corruptDocumentIds: string[];
+  readonly transformErrors: TransformErrorObjects[];
 }
 
 export interface OutdatedDocumentsSearchClosePit extends PostInitState {
@@ -249,12 +268,24 @@ export interface OutdatedDocumentsRefresh extends PostInitState {
 }
 
 export interface OutdatedDocumentsTransform extends PostInitState {
-  /** Transform a batch of outdated documents to their latest version and write them to the target index */
+  /** Transform a batch of outdated documents to their latest version*/
   readonly controlState: 'OUTDATED_DOCUMENTS_TRANSFORM';
   readonly pitId: string;
   readonly outdatedDocuments: SavedObjectsRawDoc[];
   readonly lastHitSortValue: number[] | undefined;
   readonly hasTransformedDocs: boolean;
+  readonly corruptDocumentIds: string[];
+  readonly transformErrors: TransformErrorObjects[];
+}
+export interface TransformedDocumentsBulkIndex extends PostInitState {
+  /**
+   * Write the up-to-date transformed documents to the target index
+   */
+  readonly controlState: 'TRANSFORMED_DOCUMENTS_BULK_INDEX';
+  readonly transformedDocs: SavedObjectsRawDoc[];
+  readonly lastHitSortValue: number[] | undefined;
+  readonly hasTransformedDocs: boolean;
+  readonly pitId: string;
 }
 
 export interface MarkVersionIndexReady extends PostInitState {
@@ -351,6 +382,7 @@ export type State =
   | ReindexSourceToTempRead
   | ReindexSourceToTempClosePit
   | ReindexSourceToTempIndex
+  | ReindexSourceToTempIndexBulk
   | SetTempWriteBlock
   | CloneTempToSource
   | UpdateTargetMappingsState
@@ -363,6 +395,7 @@ export type State =
   | OutdatedDocumentsRefresh
   | MarkVersionIndexReady
   | MarkVersionIndexReadyConflict
+  | TransformedDocumentsBulkIndex
   | LegacyCreateReindexTargetState
   | LegacySetWriteBlockState
   | LegacyReindexState
@@ -376,4 +409,6 @@ export type AllControlStates = State['controlState'];
  */
 export type AllActionStates = Exclude<AllControlStates, 'FATAL' | 'DONE'>;
 
-export type TransformRawDocs = (rawDocs: SavedObjectsRawDoc[]) => Promise<SavedObjectsRawDoc[]>;
+export type TransformRawDocs = (
+  rawDocs: SavedObjectsRawDoc[]
+) => TaskEither.TaskEither<DocumentsTransformFailed, DocumentsTransformSuccess>;

From e0c57e08fd13adf297c78da745ac1976289292d1 Mon Sep 17 00:00:00 2001
From: Clint Andrew Hall <clint.hall@elastic.co>
Date: Mon, 10 May 2021 16:27:35 -0500
Subject: [PATCH 04/11] [labs] Fix reset overreach; add method for testing
 project (#99672)

---
 src/plugins/presentation_util/common/labs.ts  |  5 ++--
 .../public/services/kibana/labs.ts            | 23 ++++++++++++++-----
 .../presentation_util/public/services/labs.ts |  1 +
 .../public/services/storybook/labs.ts         |  4 ++++
 .../public/services/stub/labs.ts              |  2 ++
 .../canvas/public/services/expressions.ts     |  3 +--
 .../canvas/public/services/stubs/labs.ts      |  1 +
 7 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/src/plugins/presentation_util/common/labs.ts b/src/plugins/presentation_util/common/labs.ts
index d551b733ecb8a..902c22681e55e 100644
--- a/src/plugins/presentation_util/common/labs.ts
+++ b/src/plugins/presentation_util/common/labs.ts
@@ -8,8 +8,9 @@
 
 import { i18n } from '@kbn/i18n';
 
-export const USE_DATA_SERVICE = 'labs:canvas:useDataService';
-export const TIME_TO_PRESENT = 'labs:presentation:timeToPresent';
+export const LABS_PROJECT_PREFIX = 'labs:';
+export const USE_DATA_SERVICE = `${LABS_PROJECT_PREFIX}canvas:useDataService` as const;
+export const TIME_TO_PRESENT = `${LABS_PROJECT_PREFIX}presentation:timeToPresent` as const;
 
 export const projectIDs = [TIME_TO_PRESENT, USE_DATA_SERVICE] as const;
 export const environmentNames = ['kibana', 'browser', 'session'] as const;
diff --git a/src/plugins/presentation_util/public/services/kibana/labs.ts b/src/plugins/presentation_util/public/services/kibana/labs.ts
index db78103469880..fe0767ff09d8f 100644
--- a/src/plugins/presentation_util/public/services/kibana/labs.ts
+++ b/src/plugins/presentation_util/public/services/kibana/labs.ts
@@ -7,7 +7,6 @@
  */
 
 import {
-  environmentNames,
   EnvironmentName,
   projectIDs,
   projects,
@@ -15,6 +14,7 @@ import {
   Project,
   getProjectIDs,
   SolutionName,
+  LABS_PROJECT_PREFIX,
 } from '../../../common';
 import { PresentationUtilPluginStartDeps } from '../../types';
 import { KibanaPluginServiceFactory } from '../create';
@@ -31,6 +31,16 @@ export type LabsServiceFactory = KibanaPluginServiceFactory<
   PresentationUtilPluginStartDeps
 >;
 
+const clearLabsFromStorage = (storage: Storage) => {
+  projectIDs.forEach((projectID) => storage.removeItem(projectID));
+
+  // This is a redundancy, to catch any labs that may have been removed above.
+  // We could consider gathering telemetry to see how often this happens, or this may be unnecessary.
+  Object.keys(storage)
+    .filter((key) => key.startsWith(LABS_PROJECT_PREFIX))
+    .forEach((key) => storage.removeItem(key));
+};
+
 export const labsServiceFactory: LabsServiceFactory = ({ coreStart }) => {
   const { uiSettings } = coreStart;
   const localStorage = window.localStorage;
@@ -75,17 +85,18 @@ export const labsServiceFactory: LabsServiceFactory = ({ coreStart }) => {
   };
 
   const reset = () => {
-    localStorage.clear();
-    sessionStorage.clear();
-    environmentNames.forEach((env) =>
-      projectIDs.forEach((id) => setProjectStatus(id, env, projects[id].isActive))
-    );
+    clearLabsFromStorage(localStorage);
+    clearLabsFromStorage(sessionStorage);
+    projectIDs.forEach((id) => setProjectStatus(id, 'kibana', projects[id].isActive));
   };
 
+  const isProjectEnabled = (id: ProjectID) => getProject(id).status.isEnabled;
+
   return {
     getProjectIDs,
     getProjects,
     getProject,
+    isProjectEnabled,
     reset,
     setProjectStatus,
   };
diff --git a/src/plugins/presentation_util/public/services/labs.ts b/src/plugins/presentation_util/public/services/labs.ts
index ef583bd4189a9..70c40eaafa2ef 100644
--- a/src/plugins/presentation_util/public/services/labs.ts
+++ b/src/plugins/presentation_util/public/services/labs.ts
@@ -20,6 +20,7 @@ import {
 } from '../../common';
 
 export interface PresentationLabsService {
+  isProjectEnabled: (id: ProjectID) => boolean;
   getProjectIDs: () => typeof projectIDs;
   getProject: (id: ProjectID) => Project;
   getProjects: (solutions?: SolutionName[]) => Record<ProjectID, Project>;
diff --git a/src/plugins/presentation_util/public/services/storybook/labs.ts b/src/plugins/presentation_util/public/services/storybook/labs.ts
index 396db52460053..8bc526987d95f 100644
--- a/src/plugins/presentation_util/public/services/storybook/labs.ts
+++ b/src/plugins/presentation_util/public/services/storybook/labs.ts
@@ -46,13 +46,17 @@ export const labsServiceFactory: LabsServiceFactory = () => {
   };
 
   const reset = () => {
+    // This is normally not ok, but it's our isolated Storybook instance.
     storage.clear();
   };
 
+  const isProjectEnabled = (id: ProjectID) => getProject(id).status.isEnabled;
+
   return {
     getProjectIDs,
     getProjects,
     getProject,
+    isProjectEnabled,
     reset,
     setProjectStatus,
   };
diff --git a/src/plugins/presentation_util/public/services/stub/labs.ts b/src/plugins/presentation_util/public/services/stub/labs.ts
index c511ed26ef32e..aee7ce20bd86a 100644
--- a/src/plugins/presentation_util/public/services/stub/labs.ts
+++ b/src/plugins/presentation_util/public/services/stub/labs.ts
@@ -64,11 +64,13 @@ export const labsServiceFactory: LabsServiceFactory = () => {
   const setProjectStatus = (id: ProjectID, env: EnvironmentName, value: boolean) => {
     statuses[id] = { ...statuses[id], [env]: value };
   };
+  const isProjectEnabled = (id: ProjectID) => getProject(id).status.isEnabled;
 
   return {
     getProjectIDs,
     getProject,
     getProjects,
+    isProjectEnabled,
     setProjectStatus,
     reset: () => {
       statuses = reset();
diff --git a/x-pack/plugins/canvas/public/services/expressions.ts b/x-pack/plugins/canvas/public/services/expressions.ts
index fd733862c4b67..35493341e0e88 100644
--- a/x-pack/plugins/canvas/public/services/expressions.ts
+++ b/x-pack/plugins/canvas/public/services/expressions.ts
@@ -25,8 +25,7 @@ export const expressionsServiceFactory: CanvasServiceFactory<ExpressionsService>
     if (!cached) {
       cached = (async () => {
         const labService = startPlugins.presentationUtil.labsService;
-        const useDataSearchProject = labService.getProject('labs:canvas:useDataService');
-        const hasDataSearch = useDataSearchProject.status.isEnabled;
+        const hasDataSearch = labService.isProjectEnabled('labs:canvas:useDataService');
         const dataSearchFns = ['essql', 'esdocs', 'escount'];
 
         const serverFunctionList = await coreSetup.http.get(API_ROUTE_FUNCTIONS);
diff --git a/x-pack/plugins/canvas/public/services/stubs/labs.ts b/x-pack/plugins/canvas/public/services/stubs/labs.ts
index 7caa1d0139a70..db89c5c35d5fb 100644
--- a/x-pack/plugins/canvas/public/services/stubs/labs.ts
+++ b/x-pack/plugins/canvas/public/services/stubs/labs.ts
@@ -14,6 +14,7 @@ export const labsService: CanvasLabsService = {
   getProject: noop,
   getProjects: noop,
   getProjectIDs: () => projectIDs,
+  isProjectEnabled: () => false,
   isLabsEnabled: () => true,
   projectIDs,
   reset: noop,

From 6d269c5062b9dbc9d692265db56a85fa2d5431e1 Mon Sep 17 00:00:00 2001
From: Brian Seeders <brian.seeders@elastic.co>
Date: Mon, 10 May 2021 17:42:39 -0400
Subject: [PATCH 05/11] Revert "[SecuritySolution] Get endpoint metadata
 (#99452)" (#99719)

This reverts commit 5893d67b4b34c5fdc9446d5e63cd908d777c8b3b.
---
 .../common/endpoint/types/index.ts            |   5 -
 .../security_solution/hosts/common/index.ts   |   9 -
 .../ml/criteria/host_to_criteria.ts           |   3 -
 .../hosts/containers/hosts/details/index.tsx  |   8 +-
 .../public/hosts/pages/details/index.tsx      |  10 +-
 .../pages/endpoint_hosts/view/index.tsx       |   2 +-
 .../components/host_overview/index.tsx        |  13 +-
 .../server/endpoint/mocks.ts                  |  10 +-
 .../endpoint/routes/metadata/handlers.ts      | 163 +++++-------------
 .../endpoint/routes/metadata/metadata.test.ts |  87 ++++------
 .../routes/metadata/metadata_v1.test.ts       |  78 ++++-----
 .../routes/metadata/query_builders.test.ts    |   5 +-
 .../routes/metadata/query_builders.ts         |   7 +-
 .../routes/metadata/query_builders_v1.test.ts |   3 +-
 .../metadata/support/query_strategies.ts      |  20 ++-
 .../endpoint/routes/policy/handlers.test.ts   |  24 +--
 .../server/endpoint/routes/policy/handlers.ts |   2 +-
 .../endpoint/routes/policy/service.test.ts    |   8 +-
 .../server/endpoint/routes/policy/service.ts  |  30 ++--
 .../server/endpoint/types.ts                  |   3 +-
 .../security_solution/server/plugin.ts        |   5 +-
 .../factory/hosts/authentications/index.tsx   |   1 +
 .../factory/hosts/details/__mocks__/index.ts  |  28 ---
 .../factory/hosts/details/helpers.ts          |  66 +------
 .../factory/hosts/details/index.test.tsx      |  28 +--
 .../factory/hosts/details/index.ts            |  40 +----
 .../hosts/details/query.host_details.dsl.ts   |  19 +-
 .../security_solution/factory/types.ts        |  12 +-
 .../security_solution/index.ts                |  12 +-
 29 files changed, 185 insertions(+), 516 deletions(-)

diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
index b9e72bcd625ec..c58e67b5d4fd4 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -414,11 +414,6 @@ export type PolicyInfo = Immutable<{
   id: string;
 }>;
 
-export interface HostMetaDataInfo {
-  metadata: HostMetadata;
-  query_strategy_version: MetadataQueryStrategyVersions;
-}
-
 export type HostInfo = Immutable<{
   metadata: HostMetadata;
   host_status: HostStatus;
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
index 3175876a8299c..a579d8f8d8ef3 100644
--- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
+++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts
@@ -25,16 +25,10 @@ export interface EndpointFields {
   endpointPolicy?: Maybe<string>;
   sensorVersion?: Maybe<string>;
   policyStatus?: Maybe<HostPolicyResponseActionStatus>;
-  id?: Maybe<string>;
-}
-
-interface AgentFields {
-  id?: Maybe<string>;
 }
 
 export interface HostItem {
   _id?: Maybe<string>;
-  agent?: Maybe<AgentFields>;
   cloud?: Maybe<CloudEcs>;
   endpoint?: Maybe<EndpointFields>;
   host?: Maybe<HostEcs>;
@@ -76,9 +70,6 @@ export interface HostAggEsItem {
   cloud_machine_type?: HostBuckets;
   cloud_provider?: HostBuckets;
   cloud_region?: HostBuckets;
-  endpoint?: {
-    id: HostBuckets;
-  };
   host_architecture?: HostBuckets;
   host_id?: HostBuckets;
   host_ip?: HostBuckets;
diff --git a/x-pack/plugins/security_solution/public/common/components/ml/criteria/host_to_criteria.ts b/x-pack/plugins/security_solution/public/common/components/ml/criteria/host_to_criteria.ts
index ff454da7b1fcd..19eae99757849 100644
--- a/x-pack/plugins/security_solution/public/common/components/ml/criteria/host_to_criteria.ts
+++ b/x-pack/plugins/security_solution/public/common/components/ml/criteria/host_to_criteria.ts
@@ -9,9 +9,6 @@ import { HostItem } from '../../../../../common/search_strategy/security_solutio
 import { CriteriaFields } from '../types';
 
 export const hostToCriteria = (hostItem: HostItem): CriteriaFields[] => {
-  if (hostItem == null) {
-    return [];
-  }
   if (hostItem.host != null && hostItem.host.name != null) {
     const criteria: CriteriaFields[] = [
       {
diff --git a/x-pack/plugins/security_solution/public/hosts/containers/hosts/details/index.tsx b/x-pack/plugins/security_solution/public/hosts/containers/hosts/details/index.tsx
index a0f4386be59a4..dd55bdb4c6948 100644
--- a/x-pack/plugins/security_solution/public/hosts/containers/hosts/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/hosts/containers/hosts/details/index.tsx
@@ -145,14 +145,14 @@ export const useHostDetails = ({
       }
       return prevRequest;
     });
-  }, [endDate, hostName, indexNames, startDate]);
-
-  useEffect(() => {
-    hostDetailsSearch(hostDetailsRequest);
     return () => {
       searchSubscription$.current.unsubscribe();
       abortCtrl.current.abort();
     };
+  }, [endDate, hostName, indexNames, startDate]);
+
+  useEffect(() => {
+    hostDetailsSearch(hostDetailsRequest);
   }, [hostDetailsRequest, hostDetailsSearch]);
 
   return [loading, hostDetailsResponse];
diff --git a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx
index d88e4f048f917..1ff4abb78b210 100644
--- a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx
@@ -50,9 +50,6 @@ import { timelineDefaults } from '../../../timelines/store/timeline/defaults';
 import { useSourcererScope } from '../../../common/containers/sourcerer';
 import { useDeepEqualSelector, useShallowEqualSelector } from '../../../common/hooks/use_selector';
 import { useHostDetails } from '../../containers/hosts/details';
-import { manageQuery } from '../../../common/components/page/manage_query';
-
-const HostOverviewManage = manageQuery(HostOverview);
 
 const HostDetailsComponent: React.FC<HostDetailsProps> = ({ detailName, hostDetailsPagePath }) => {
   const dispatch = useDispatch();
@@ -96,12 +93,11 @@ const HostDetailsComponent: React.FC<HostDetailsProps> = ({ detailName, hostDeta
   );
 
   const { docValueFields, indicesExist, indexPattern, selectedPatterns } = useSourcererScope();
-  const [loading, { hostDetails: hostOverview, id, refetch }] = useHostDetails({
+  const [loading, { hostDetails: hostOverview, id }] = useHostDetails({
     endDate: to,
     startDate: from,
     hostName: detailName,
     indexNames: selectedPatterns,
-    skip: selectedPatterns.length === 0,
   });
   const filterQuery = convertToBuildEsQuery({
     config: esQuery.getEsQueryConfig(kibana.services.uiSettings),
@@ -145,7 +141,7 @@ const HostDetailsComponent: React.FC<HostDetailsProps> = ({ detailName, hostDeta
                 skip={isInitializing}
               >
                 {({ isLoadingAnomaliesData, anomaliesData }) => (
-                  <HostOverviewManage
+                  <HostOverview
                     docValueFields={docValueFields}
                     id={id}
                     isInDetailsSidePanel={false}
@@ -164,8 +160,6 @@ const HostDetailsComponent: React.FC<HostDetailsProps> = ({ detailName, hostDeta
                         to: fromTo.to,
                       });
                     }}
-                    setQuery={setQuery}
-                    refetch={refetch}
                   />
                 )}
               </AnomalyTableProvider>
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
index f654efdd89ce1..d28bf6b38fd31 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
@@ -321,7 +321,7 @@ export const EndpointList = () => {
         render: (hostStatus: HostInfo['host_status']) => {
           return (
             <EuiBadge
-              color={hostStatus != null ? HOST_STATUS_TO_BADGE_COLOR[hostStatus] : 'warning'}
+              color={HOST_STATUS_TO_BADGE_COLOR[hostStatus] || 'warning'}
               data-test-subj="rowHostStatus"
               className="eui-textTruncate"
             >
diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx
index fa644d1cbcdac..c5d51a9466235 100644
--- a/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx
+++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx
@@ -86,15 +86,14 @@ export const HostOverview = React.memo<HostSummaryProps>(
       () => [
         {
           title: i18n.HOST_ID,
-          description:
-            data && data.host
-              ? hostIdRenderer({ host: data.host, noLink: true })
-              : getEmptyTagValue(),
+          description: data.host
+            ? hostIdRenderer({ host: data.host, noLink: true })
+            : getEmptyTagValue(),
         },
         {
           title: i18n.FIRST_SEEN,
           description:
-            data && data.host != null && data.host.name && data.host.name.length ? (
+            data.host != null && data.host.name && data.host.name.length ? (
               <FirstLastSeenHost
                 docValueFields={docValueFields}
                 hostName={data.host.name[0]}
@@ -108,7 +107,7 @@ export const HostOverview = React.memo<HostSummaryProps>(
         {
           title: i18n.LAST_SEEN,
           description:
-            data && data.host != null && data.host.name && data.host.name.length ? (
+            data.host != null && data.host.name && data.host.name.length ? (
               <FirstLastSeenHost
                 docValueFields={docValueFields}
                 hostName={data.host.name[0]}
@@ -222,7 +221,7 @@ export const HostOverview = React.memo<HostSummaryProps>(
             )}
           </OverviewWrapper>
         </InspectButtonContainer>
-        {data && data.endpoint != null ? (
+        {data.endpoint != null ? (
           <>
             <EuiHorizontalRule />
             <OverviewWrapper direction={isInDetailsSidePanel ? 'column' : 'row'}>
diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks.ts
index 23ea6cc29c3d2..40d4b1a877b2b 100644
--- a/x-pack/plugins/security_solution/server/endpoint/mocks.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/mocks.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { loggingSystemMock, savedObjectsServiceMock } from '../../../../../src/core/server/mocks';
-import { IScopedClusterClient, SavedObjectsClientContract } from '../../../../../src/core/server';
+import { ILegacyScopedClusterClient, SavedObjectsClientContract } from 'kibana/server';
+import { loggingSystemMock, savedObjectsServiceMock } from 'src/core/server/mocks';
 import { listMock } from '../../../lists/server/mocks';
 import { securityMock } from '../../../security/server/mocks';
 import { alertsMock } from '../../../alerting/server/mocks';
@@ -131,11 +131,11 @@ export const createMockMetadataRequestContext = (): jest.Mocked<MetadataRequestC
 };
 
 export function createRouteHandlerContext(
-  dataClient: jest.Mocked<IScopedClusterClient>,
+  dataClient: jest.Mocked<ILegacyScopedClusterClient>,
   savedObjectsClient: jest.Mocked<SavedObjectsClientContract>
 ) {
-  const context = (xpackMocks.createRequestHandlerContext() as unknown) as jest.Mocked<SecuritySolutionRequestHandlerContext>;
-  context.core.elasticsearch.client = dataClient;
+  const context = xpackMocks.createRequestHandlerContext();
+  context.core.elasticsearch.legacy.client = dataClient;
   context.core.savedObjects.client = savedObjectsClient;
   return context;
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
index 104383f398646..0d59ff2f4ed7b 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
@@ -6,18 +6,11 @@
  */
 
 import Boom from '@hapi/boom';
-
+import type { Logger, RequestHandler } from 'kibana/server';
 import { TypeOf } from '@kbn/config-schema';
-import {
-  IScopedClusterClient,
-  Logger,
-  RequestHandler,
-  SavedObjectsClientContract,
-} from '../../../../../../../src/core/server';
 import {
   HostInfo,
   HostMetadata,
-  HostMetaDataInfo,
   HostResultList,
   HostStatus,
   MetadataQueryStrategyVersions,
@@ -34,11 +27,9 @@ import { findAgentIDsByStatus } from './support/agent_status';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 
 export interface MetadataRequestContext {
-  esClient?: IScopedClusterClient;
   endpointAppContextService: EndpointAppContextService;
   logger: Logger;
-  requestHandlerContext?: SecuritySolutionRequestHandlerContext;
-  savedObjectsClient?: SavedObjectsClientContract;
+  requestHandlerContext: SecuritySolutionRequestHandlerContext;
 }
 
 const HOST_STATUS_MAPPING = new Map<AgentStatus, HostStatus>([
@@ -84,11 +75,9 @@ export const getMetadataListRequestHandler = function (
     }
 
     const metadataRequestContext: MetadataRequestContext = {
-      esClient: context.core.elasticsearch.client,
       endpointAppContextService: endpointAppContext.service,
       logger,
       requestHandlerContext: context,
-      savedObjectsClient: context.core.savedObjects.client,
     };
 
     const unenrolledAgentIds = await findAllUnenrolledAgentIds(
@@ -121,10 +110,9 @@ export const getMetadataListRequestHandler = function (
       }
     );
 
-    const result = await context.core.elasticsearch.client.asCurrentUser.search<HostMetadata>(
-      queryParams
+    const hostListQueryResult = queryStrategy!.queryResponseToHostListResult(
+      await context.core.elasticsearch.legacy.client.callAsCurrentUser('search', queryParams)
     );
-    const hostListQueryResult = queryStrategy!.queryResponseToHostListResult(result.body);
     return response.ok({
       body: await mapToHostResultList(queryParams, hostListQueryResult, metadataRequestContext),
     });
@@ -148,11 +136,9 @@ export const getMetadataRequestHandler = function (
     }
 
     const metadataRequestContext: MetadataRequestContext = {
-      esClient: context.core.elasticsearch.client,
       endpointAppContextService: endpointAppContext.service,
       logger,
       requestHandlerContext: context,
-      savedObjectsClient: context.core.savedObjects.client,
     };
 
     try {
@@ -178,86 +164,42 @@ export const getMetadataRequestHandler = function (
   };
 };
 
-export async function getHostMetaData(
+export async function getHostData(
   metadataRequestContext: MetadataRequestContext,
   id: string,
   queryStrategyVersion?: MetadataQueryStrategyVersions
-): Promise<HostMetaDataInfo | undefined> {
-  if (
-    !metadataRequestContext.esClient &&
-    !metadataRequestContext.requestHandlerContext?.core.elasticsearch.client
-  ) {
-    throw Boom.badRequest('esClient not found');
-  }
-
-  if (
-    !metadataRequestContext.savedObjectsClient &&
-    !metadataRequestContext.requestHandlerContext?.core.savedObjects
-  ) {
-    throw Boom.badRequest('savedObjectsClient not found');
-  }
-
-  const esClient = (metadataRequestContext?.esClient ??
-    metadataRequestContext.requestHandlerContext?.core.elasticsearch
-      .client) as IScopedClusterClient;
-
-  const esSavedObjectClient =
-    metadataRequestContext?.savedObjectsClient ??
-    (metadataRequestContext.requestHandlerContext?.core.savedObjects
-      .client as SavedObjectsClientContract);
-
+): Promise<HostInfo | undefined> {
   const queryStrategy = await metadataRequestContext.endpointAppContextService
     ?.getMetadataService()
-    ?.queryStrategy(esSavedObjectClient, queryStrategyVersion);
-  const query = getESQueryHostMetadataByID(id, queryStrategy!);
-
-  const response = await esClient.asCurrentUser.search<HostMetadata>(query);
-
-  const hostResult = queryStrategy!.queryResponseToHostResult(response.body);
+    ?.queryStrategy(
+      metadataRequestContext.requestHandlerContext.core.savedObjects.client,
+      queryStrategyVersion
+    );
 
+  const query = getESQueryHostMetadataByID(id, queryStrategy!);
+  const hostResult = queryStrategy!.queryResponseToHostResult(
+    await metadataRequestContext.requestHandlerContext.core.elasticsearch.legacy.client.callAsCurrentUser(
+      'search',
+      query
+    )
+  );
   const hostMetadata = hostResult.result;
   if (!hostMetadata) {
     return undefined;
   }
 
-  return { metadata: hostMetadata, query_strategy_version: hostResult.queryStrategyVersion };
-}
-
-export async function getHostData(
-  metadataRequestContext: MetadataRequestContext,
-  id: string,
-  queryStrategyVersion?: MetadataQueryStrategyVersions
-): Promise<HostInfo | undefined> {
-  if (!metadataRequestContext.savedObjectsClient) {
-    throw Boom.badRequest('savedObjectsClient not found');
-  }
-
-  if (
-    !metadataRequestContext.esClient &&
-    !metadataRequestContext.requestHandlerContext?.core.elasticsearch.client
-  ) {
-    throw Boom.badRequest('esClient not found');
-  }
-
-  const hostResult = await getHostMetaData(metadataRequestContext, id, queryStrategyVersion);
-
-  if (!hostResult) {
-    return undefined;
-  }
-
-  const agent = await findAgent(metadataRequestContext, hostResult.metadata);
+  const agent = await findAgent(metadataRequestContext, hostMetadata);
 
   if (agent && !agent.active) {
     throw Boom.badRequest('the requested endpoint is unenrolled');
   }
 
   const metadata = await enrichHostMetadata(
-    hostResult.metadata,
+    hostMetadata,
     metadataRequestContext,
-    hostResult.query_strategy_version
+    hostResult.queryStrategyVersion
   );
-
-  return { ...metadata, query_strategy_version: hostResult.query_strategy_version };
+  return { ...metadata, query_strategy_version: hostResult.queryStrategyVersion };
 }
 
 async function findAgent(
@@ -265,20 +207,12 @@ async function findAgent(
   hostMetadata: HostMetadata
 ): Promise<Agent | undefined> {
   try {
-    if (
-      !metadataRequestContext.esClient &&
-      !metadataRequestContext.requestHandlerContext?.core.elasticsearch.client
-    ) {
-      throw new Error('esClient not found');
-    }
-
-    const esClient = (metadataRequestContext?.esClient ??
-      metadataRequestContext.requestHandlerContext?.core.elasticsearch
-        .client) as IScopedClusterClient;
-
     return await metadataRequestContext.endpointAppContextService
       ?.getAgentService()
-      ?.getAgent(esClient.asCurrentUser, hostMetadata.elastic.agent.id);
+      ?.getAgent(
+        metadataRequestContext.requestHandlerContext.core.elasticsearch.client.asCurrentUser,
+        hostMetadata.elastic.agent.id
+      );
   } catch (e) {
     if (e instanceof AgentNotFoundError) {
       metadataRequestContext.logger.warn(
@@ -298,7 +232,7 @@ export async function mapToHostResultList(
   metadataRequestContext: MetadataRequestContext
 ): Promise<HostResultList> {
   const totalNumberOfHosts = hostListQueryResult.resultLength;
-  if ((hostListQueryResult.resultList?.length ?? 0) > 0) {
+  if (hostListQueryResult.resultList.length > 0) {
     return {
       request_page_size: queryParams.size,
       request_page_index: queryParams.from,
@@ -333,35 +267,6 @@ export async function enrichHostMetadata(
   let hostStatus = HostStatus.UNHEALTHY;
   let elasticAgentId = hostMetadata?.elastic?.agent?.id;
   const log = metadataRequestContext.logger;
-
-  try {
-    if (
-      !metadataRequestContext.esClient &&
-      !metadataRequestContext.requestHandlerContext?.core.elasticsearch.client
-    ) {
-      throw new Error('esClient not found');
-    }
-
-    if (
-      !metadataRequestContext.savedObjectsClient &&
-      !metadataRequestContext.requestHandlerContext?.core.savedObjects
-    ) {
-      throw new Error('esSavedObjectClient not found');
-    }
-  } catch (e) {
-    log.error(e);
-    throw e;
-  }
-
-  const esClient = (metadataRequestContext?.esClient ??
-    metadataRequestContext.requestHandlerContext?.core.elasticsearch
-      .client) as IScopedClusterClient;
-
-  const esSavedObjectClient =
-    metadataRequestContext?.savedObjectsClient ??
-    (metadataRequestContext.requestHandlerContext?.core.savedObjects
-      .client as SavedObjectsClientContract);
-
   try {
     /**
      * Get agent status by elastic agent id if available or use the endpoint-agent id.
@@ -374,7 +279,10 @@ export async function enrichHostMetadata(
 
     const status = await metadataRequestContext.endpointAppContextService
       ?.getAgentService()
-      ?.getAgentStatusById(esClient.asCurrentUser, elasticAgentId);
+      ?.getAgentStatusById(
+        metadataRequestContext.requestHandlerContext.core.elasticsearch.client.asCurrentUser,
+        elasticAgentId
+      );
     hostStatus = HOST_STATUS_MAPPING.get(status!) || HostStatus.UNHEALTHY;
   } catch (e) {
     if (e instanceof AgentNotFoundError) {
@@ -389,10 +297,17 @@ export async function enrichHostMetadata(
   try {
     const agent = await metadataRequestContext.endpointAppContextService
       ?.getAgentService()
-      ?.getAgent(esClient.asCurrentUser, elasticAgentId);
+      ?.getAgent(
+        metadataRequestContext.requestHandlerContext.core.elasticsearch.client.asCurrentUser,
+        elasticAgentId
+      );
     const agentPolicy = await metadataRequestContext.endpointAppContextService
       .getAgentPolicyService()
-      ?.get(esSavedObjectClient, agent?.policy_id!, true);
+      ?.get(
+        metadataRequestContext.requestHandlerContext.core.savedObjects.client,
+        agent?.policy_id!,
+        true
+      );
     const endpointPolicy = ((agentPolicy?.package_policies || []) as PackagePolicy[]).find(
       (policy: PackagePolicy) => policy.package?.name === 'endpoint'
     );
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
index b916ec19da17f..f4698cbed6203 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
@@ -6,6 +6,8 @@
  */
 
 import {
+  ILegacyClusterClient,
+  ILegacyScopedClusterClient,
   KibanaResponseFactory,
   RequestHandler,
   RouteConfig,
@@ -48,17 +50,12 @@ import { PackageService } from '../../../../../fleet/server/services';
 import { metadataTransformPrefix } from '../../../../common/endpoint/constants';
 import type { SecuritySolutionPluginRouter } from '../../../types';
 import { PackagePolicyServiceInterface } from '../../../../../fleet/server';
-import {
-  ClusterClientMock,
-  ScopedClusterClientMock,
-  // eslint-disable-next-line @kbn/eslint/no-restricted-paths
-} from '../../../../../../../src/core/server/elasticsearch/client/mocks';
 
 describe('test endpoint route', () => {
   let routerMock: jest.Mocked<SecuritySolutionPluginRouter>;
   let mockResponse: jest.Mocked<KibanaResponseFactory>;
-  let mockClusterClient: ClusterClientMock;
-  let mockScopedClient: ScopedClusterClientMock;
+  let mockClusterClient: jest.Mocked<ILegacyClusterClient>;
+  let mockScopedClient: jest.Mocked<ILegacyScopedClusterClient>;
   let mockSavedObjectClient: jest.Mocked<SavedObjectsClientContract>;
   let mockPackageService: jest.Mocked<PackageService>;
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -79,8 +76,8 @@ describe('test endpoint route', () => {
   };
 
   beforeEach(() => {
-    mockScopedClient = elasticsearchServiceMock.createScopedClusterClient();
-    mockClusterClient = elasticsearchServiceMock.createClusterClient();
+    mockScopedClient = elasticsearchServiceMock.createLegacyScopedClusterClient();
+    mockClusterClient = elasticsearchServiceMock.createLegacyClusterClient() as jest.Mocked<ILegacyClusterClient>;
     mockSavedObjectClient = savedObjectsClientMock.create();
     mockClusterClient.asScoped.mockReturnValue(mockScopedClient);
     routerMock = httpServiceMock.createRouter();
@@ -122,9 +119,7 @@ describe('test endpoint route', () => {
     it('test find the latest of all endpoints', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({});
       const response = createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata());
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_ROUTE}`)
       )!;
@@ -136,7 +131,7 @@ describe('test endpoint route', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -162,9 +157,7 @@ describe('test endpoint route', () => {
       mockAgentService.getAgent = jest.fn().mockReturnValue(({
         active: true,
       } as unknown) as Agent);
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -176,7 +169,7 @@ describe('test endpoint route', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -221,9 +214,7 @@ describe('test endpoint route', () => {
     it('test find the latest of all endpoints', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({});
       const response = createV2SearchResponse(new EndpointDocGenerator().generateHostMetadata());
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_ROUTE}`)
       )!;
@@ -235,7 +226,7 @@ describe('test endpoint route', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -267,10 +258,8 @@ describe('test endpoint route', () => {
 
       mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
       mockAgentService.listAgents = jest.fn().mockReturnValue(noUnenrolledAgent);
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({
-          body: createV2SearchResponse(new EndpointDocGenerator().generateHostMetadata()),
-        })
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+        Promise.resolve(createV2SearchResponse(new EndpointDocGenerator().generateHostMetadata()))
       );
       [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -281,10 +270,10 @@ describe('test endpoint route', () => {
         mockRequest,
         mockResponse
       );
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool
-          .must_not
+        mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must_not
       ).toContainEqual({
         terms: {
           'elastic.agent.id': [
@@ -326,10 +315,8 @@ describe('test endpoint route', () => {
 
       mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
       mockAgentService.listAgents = jest.fn().mockReturnValue(noUnenrolledAgent);
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({
-          body: createV2SearchResponse(new EndpointDocGenerator().generateHostMetadata()),
-        })
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+        Promise.resolve(createV2SearchResponse(new EndpointDocGenerator().generateHostMetadata()))
       );
       [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -341,10 +328,10 @@ describe('test endpoint route', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toBeCalled();
+      expect(mockScopedClient.callAsCurrentUser).toBeCalled();
       expect(
         // KQL filter to be passed through
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool.must
+        mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must
       ).toContainEqual({
         bool: {
           must_not: {
@@ -362,7 +349,7 @@ describe('test endpoint route', () => {
         },
       });
       expect(
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool.must
+        mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must
       ).toContainEqual({
         bool: {
           must_not: [
@@ -406,8 +393,8 @@ describe('test endpoint route', () => {
       it('should return 404 on no results', async () => {
         const mockRequest = httpServerMock.createKibanaRequest({ params: { id: 'BADID' } });
 
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-          Promise.resolve({ body: createV2SearchResponse() })
+        mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+          Promise.resolve(createV2SearchResponse())
         );
 
         mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
@@ -424,7 +411,7 @@ describe('test endpoint route', () => {
           mockResponse
         );
 
-        expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+        expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
         expect(routeConfig.options).toEqual({
           authRequired: true,
           tags: ['access:securitySolution'],
@@ -444,9 +431,7 @@ describe('test endpoint route', () => {
         mockAgentService.getAgent = jest.fn().mockReturnValue(({
           active: true,
         } as unknown) as Agent);
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-          Promise.resolve({ body: response })
-        );
+        mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
         [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
           path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -458,7 +443,7 @@ describe('test endpoint route', () => {
           mockResponse
         );
 
-        expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+        expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
         expect(routeConfig.options).toEqual({
           authRequired: true,
           tags: ['access:securitySolution'],
@@ -485,9 +470,7 @@ describe('test endpoint route', () => {
           SavedObjectsErrorHelpers.createGenericNotFoundError();
         });
 
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-          Promise.resolve({ body: response })
-        );
+        mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
         [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
           path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -499,7 +482,7 @@ describe('test endpoint route', () => {
           mockResponse
         );
 
-        expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+        expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
         expect(routeConfig.options).toEqual({
           authRequired: true,
           tags: ['access:securitySolution'],
@@ -520,9 +503,7 @@ describe('test endpoint route', () => {
         mockAgentService.getAgent = jest.fn().mockReturnValue(({
           active: true,
         } as unknown) as Agent);
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-          Promise.resolve({ body: response })
-        );
+        mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
         [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
           path.startsWith(`${METADATA_REQUEST_ROUTE}`)
@@ -534,7 +515,7 @@ describe('test endpoint route', () => {
           mockResponse
         );
 
-        expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+        expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
         expect(routeConfig.options).toEqual({
           authRequired: true,
           tags: ['access:securitySolution'],
@@ -550,9 +531,7 @@ describe('test endpoint route', () => {
         const mockRequest = httpServerMock.createKibanaRequest({
           params: { id: response.hits.hits[0]._id },
         });
-        (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-          Promise.resolve({ body: response })
-        );
+        mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
         mockAgentService.getAgent = jest.fn().mockReturnValue(({
           active: false,
         } as unknown) as Agent);
@@ -567,7 +546,7 @@ describe('test endpoint route', () => {
           mockResponse
         );
 
-        expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+        expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
         expect(mockResponse.customError).toBeCalled();
       });
     });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata_v1.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata_v1.test.ts
index 0d56514e7d395..e3f859c26601e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata_v1.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata_v1.test.ts
@@ -6,17 +6,14 @@
  */
 
 import {
+  ILegacyClusterClient,
+  ILegacyScopedClusterClient,
   KibanaResponseFactory,
   RequestHandler,
   RouteConfig,
   SavedObjectsClientContract,
-  SavedObjectsErrorHelpers,
-} from '../../../../../../../src/core/server';
-import {
-  ClusterClientMock,
-  ScopedClusterClientMock,
-  // eslint-disable-next-line @kbn/eslint/no-restricted-paths
-} from '../../../../../../../src/core/server/elasticsearch/client/mocks';
+} from 'kibana/server';
+import { SavedObjectsErrorHelpers } from '../../../../../../../src/core/server/';
 import {
   elasticsearchServiceMock,
   httpServerMock,
@@ -52,8 +49,8 @@ import { PackagePolicyServiceInterface } from '../../../../../fleet/server';
 describe('test endpoint route v1', () => {
   let routerMock: jest.Mocked<SecuritySolutionPluginRouter>;
   let mockResponse: jest.Mocked<KibanaResponseFactory>;
-  let mockClusterClient: ClusterClientMock;
-  let mockScopedClient: ScopedClusterClientMock;
+  let mockClusterClient: jest.Mocked<ILegacyClusterClient>;
+  let mockScopedClient: jest.Mocked<ILegacyScopedClusterClient>;
   let mockSavedObjectClient: jest.Mocked<SavedObjectsClientContract>;
   let mockPackageService: jest.Mocked<PackageService>;
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -74,8 +71,8 @@ describe('test endpoint route v1', () => {
   };
 
   beforeEach(() => {
-    mockClusterClient = elasticsearchServiceMock.createClusterClient();
-    mockScopedClient = elasticsearchServiceMock.createScopedClusterClient();
+    mockClusterClient = elasticsearchServiceMock.createLegacyClusterClient() as jest.Mocked<ILegacyClusterClient>;
+    mockScopedClient = elasticsearchServiceMock.createLegacyScopedClusterClient();
     mockSavedObjectClient = savedObjectsClientMock.create();
     mockClusterClient.asScoped.mockReturnValue(mockScopedClient);
     routerMock = httpServiceMock.createRouter();
@@ -113,9 +110,7 @@ describe('test endpoint route v1', () => {
   it('test find the latest of all endpoints', async () => {
     const mockRequest = httpServerMock.createKibanaRequest({});
     const response = createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata());
-    (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-      Promise.resolve({ body: response })
-    );
+    mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
     )!;
@@ -127,7 +122,7 @@ describe('test endpoint route v1', () => {
       mockResponse
     );
 
-    expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+    expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
     expect(routeConfig.options).toEqual({ authRequired: true, tags: ['access:securitySolution'] });
     expect(mockResponse.ok).toBeCalled();
     const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList;
@@ -156,10 +151,8 @@ describe('test endpoint route v1', () => {
 
     mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
     mockAgentService.listAgents = jest.fn().mockReturnValue(noUnenrolledAgent);
-    (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-      Promise.resolve({
-        body: createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata()),
-      })
+    mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+      Promise.resolve(createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata()))
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
@@ -171,10 +164,9 @@ describe('test endpoint route v1', () => {
       mockResponse
     );
 
-    expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+    expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
     expect(
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool
-        .must_not
+      mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must_not
     ).toContainEqual({
       terms: {
         'elastic.agent.id': [
@@ -213,10 +205,8 @@ describe('test endpoint route v1', () => {
 
     mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
     mockAgentService.listAgents = jest.fn().mockReturnValue(noUnenrolledAgent);
-    (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-      Promise.resolve({
-        body: createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata()),
-      })
+    mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+      Promise.resolve(createV1SearchResponse(new EndpointDocGenerator().generateHostMetadata()))
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
@@ -228,10 +218,10 @@ describe('test endpoint route v1', () => {
       mockResponse
     );
 
-    expect(mockScopedClient.asCurrentUser.search).toBeCalled();
+    expect(mockScopedClient.callAsCurrentUser).toBeCalled();
     // needs to have the KQL filter passed through
     expect(
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool.must
+      mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must
     ).toContainEqual({
       bool: {
         must_not: {
@@ -250,7 +240,7 @@ describe('test endpoint route v1', () => {
     });
     // and unenrolled should be filtered out.
     expect(
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mock.calls[0][0]?.body?.query.bool.must
+      mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query.bool.must
     ).toContainEqual({
       bool: {
         must_not: [
@@ -291,8 +281,8 @@ describe('test endpoint route v1', () => {
     it('should return 404 on no results', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({ params: { id: 'BADID' } });
 
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: createV1SearchResponse() })
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+        Promise.resolve(createV1SearchResponse())
       );
 
       mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
@@ -309,7 +299,7 @@ describe('test endpoint route v1', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -329,9 +319,7 @@ describe('test endpoint route v1', () => {
       mockAgentService.getAgent = jest.fn().mockReturnValue(({
         active: true,
       } as unknown) as Agent);
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
@@ -343,7 +331,7 @@ describe('test endpoint route v1', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -369,9 +357,7 @@ describe('test endpoint route v1', () => {
         SavedObjectsErrorHelpers.createGenericNotFoundError();
       });
 
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
@@ -383,7 +369,7 @@ describe('test endpoint route v1', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -404,9 +390,7 @@ describe('test endpoint route v1', () => {
       mockAgentService.getAgent = jest.fn().mockReturnValue(({
         active: true,
       } as unknown) as Agent);
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
 
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
         path.startsWith(`${METADATA_REQUEST_V1_ROUTE}`)
@@ -418,7 +402,7 @@ describe('test endpoint route v1', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(routeConfig.options).toEqual({
         authRequired: true,
         tags: ['access:securitySolution'],
@@ -434,9 +418,7 @@ describe('test endpoint route v1', () => {
       const mockRequest = httpServerMock.createKibanaRequest({
         params: { id: response.hits.hits[0]._id },
       });
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       mockAgentService.getAgent = jest.fn().mockReturnValue(({
         active: false,
       } as unknown) as Agent);
@@ -451,7 +433,7 @@ describe('test endpoint route v1', () => {
         mockResponse
       );
 
-      expect(mockScopedClient.asCurrentUser.search).toHaveBeenCalledTimes(1);
+      expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
       expect(mockResponse.customError).toBeCalled();
     });
   });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.test.ts
index e790c1de1a5b8..5c09fd5ce05e4 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.test.ts
@@ -12,7 +12,6 @@ import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__
 import { metadataCurrentIndexPattern } from '../../../../common/endpoint/constants';
 import { parseExperimentalConfigValue } from '../../../../common/experimental_features';
 import { metadataQueryStrategyV2 } from './support/query_strategies';
-import { get } from 'lodash';
 
 describe('query builder', () => {
   describe('MetadataListESQuery', () => {
@@ -205,7 +204,7 @@ describe('query builder', () => {
       const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
       const query = getESQueryHostMetadataByID(mockID, metadataQueryStrategyV2());
 
-      expect(get(query, 'body.query.bool.filter.0.bool.should')).toContainEqual({
+      expect(query.body.query.bool.filter[0].bool.should).toContainEqual({
         term: { 'agent.id': mockID },
       });
     });
@@ -214,7 +213,7 @@ describe('query builder', () => {
       const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
       const query = getESQueryHostMetadataByID(mockID, metadataQueryStrategyV2());
 
-      expect(get(query, 'body.query.bool.filter.0.bool.should')).toContainEqual({
+      expect(query.body.query.bool.filter[0].bool.should).toContainEqual({
         term: { 'HostDetails.agent.id': mockID },
       });
     });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts
index 51e3495938606..a5259dd44cf2b 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts
@@ -5,8 +5,7 @@
  * 2.0.
  */
 
-import { SearchRequest, SortContainer } from '@elastic/elasticsearch/api/types';
-import { KibanaRequest } from '../../../../../../../src/core/server';
+import { KibanaRequest } from 'kibana/server';
 import { esKuery } from '../../../../../../../src/plugins/data/server';
 import { EndpointAppContext, MetadataQueryStrategy } from '../../types';
 
@@ -20,7 +19,7 @@ export interface QueryBuilderOptions {
 // using unmapped_type avoids errors when the given field doesn't exist, and sets to the 0-value for that type
 // effectively ignoring it
 // https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html#_ignoring_unmapped_fields
-const MetadataSortMethod: SortContainer[] = [
+const MetadataSortMethod = [
   {
     'event.created': {
       order: 'desc',
@@ -147,7 +146,7 @@ function buildQueryBody(
 export function getESQueryHostMetadataByID(
   agentID: string,
   metadataQueryStrategy: MetadataQueryStrategy
-): SearchRequest {
+) {
   return {
     body: {
       query: {
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders_v1.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders_v1.test.ts
index c18c585cd3d34..9ce6130ff7dd3 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders_v1.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders_v1.test.ts
@@ -12,7 +12,6 @@ import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__
 import { metadataIndexPattern } from '../../../../common/endpoint/constants';
 import { parseExperimentalConfigValue } from '../../../../common/experimental_features';
 import { metadataQueryStrategyV1 } from './support/query_strategies';
-import { get } from 'lodash';
 
 describe('query builder v1', () => {
   describe('MetadataListESQuery', () => {
@@ -180,7 +179,7 @@ describe('query builder v1', () => {
       const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
       const query = getESQueryHostMetadataByID(mockID, metadataQueryStrategyV1());
 
-      expect(get(query, 'body.query.bool.filter.0.bool.should')).toContainEqual({
+      expect(query.body.query.bool.filter[0].bool.should).toContainEqual({
         term: { 'agent.id': mockID },
       });
     });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/query_strategies.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/query_strategies.ts
index 506c02fc2f1ec..2f875ec2754a4 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/query_strategies.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/query_strategies.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { SearchResponse } from '@elastic/elasticsearch/api/types';
+import { SearchResponse } from 'elasticsearch';
 import {
   metadataCurrentIndexPattern,
   metadataIndexPattern,
@@ -13,6 +13,10 @@ import {
 import { HostMetadata, MetadataQueryStrategyVersions } from '../../../../../common/endpoint/types';
 import { HostListQueryResult, HostQueryResult, MetadataQueryStrategy } from '../../../types';
 
+interface HitSource {
+  _source: HostMetadata;
+}
+
 export function metadataQueryStrategyV1(): MetadataQueryStrategy {
   return {
     index: metadataIndexPattern,
@@ -38,13 +42,11 @@ export function metadataQueryStrategyV1(): MetadataQueryStrategy {
     ): HostListQueryResult => {
       const response = searchResponse as SearchResponse<HostMetadata>;
       return {
-        resultLength:
-          ((response?.aggregations?.total as unknown) as { value?: number; relation: string })
-            ?.value || 0,
+        resultLength: response?.aggregations?.total?.value || 0,
         resultList: response.hits.hits
-          .map((hit) => hit.inner_hits?.most_recent.hits.hits)
-          .flatMap((data) => data)
-          .map((entry) => (entry?._source ?? {}) as HostMetadata),
+          .map((hit) => hit.inner_hits.most_recent.hits.hits)
+          .flatMap((data) => data as HitSource)
+          .map((entry) => entry._source),
         queryStrategyVersion: MetadataQueryStrategyVersions.VERSION_1,
       };
     },
@@ -73,7 +75,7 @@ export function metadataQueryStrategyV2(): MetadataQueryStrategy {
       >;
       const list =
         response.hits.hits.length > 0
-          ? response.hits.hits.map((entry) => stripHostDetails(entry?._source as HostMetadata))
+          ? response.hits.hits.map((entry) => stripHostDetails(entry._source))
           : [];
 
       return {
@@ -93,7 +95,7 @@ export function metadataQueryStrategyV2(): MetadataQueryStrategy {
         resultLength: response.hits.hits.length,
         result:
           response.hits.hits.length > 0
-            ? stripHostDetails(response.hits.hits[0]._source as HostMetadata)
+            ? stripHostDetails(response.hits.hits[0]._source)
             : undefined,
         queryStrategyVersion: MetadataQueryStrategyVersions.VERSION_2,
       };
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
index c8b36a22b359a..ca9b8832bebd0 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
@@ -13,9 +13,10 @@ import {
 import { createMockAgentService } from '../../../../../fleet/server/mocks';
 import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers';
 import {
+  ILegacyScopedClusterClient,
   KibanaResponseFactory,
   SavedObjectsClientContract,
-} from '../../../../../../../src/core/server';
+} from 'kibana/server';
 import {
   elasticsearchServiceMock,
   httpServerMock,
@@ -29,19 +30,16 @@ import { parseExperimentalConfigValue } from '../../../../common/experimental_fe
 import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
 import { Agent } from '../../../../../fleet/common/types/models';
 import { AgentService } from '../../../../../fleet/server/services';
-import { get } from 'lodash';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { ScopedClusterClientMock } from '../../../../../../../src/core/server/elasticsearch/client/mocks';
 
 describe('test policy response handler', () => {
   let endpointAppContextService: EndpointAppContextService;
-  let mockScopedClient: ScopedClusterClientMock;
+  let mockScopedClient: jest.Mocked<ILegacyScopedClusterClient>;
   let mockSavedObjectClient: jest.Mocked<SavedObjectsClientContract>;
   let mockResponse: jest.Mocked<KibanaResponseFactory>;
 
   describe('test policy response handler', () => {
     beforeEach(() => {
-      mockScopedClient = elasticsearchServiceMock.createScopedClusterClient();
+      mockScopedClient = elasticsearchServiceMock.createLegacyScopedClusterClient();
       mockSavedObjectClient = savedObjectsClientMock.create();
       mockResponse = httpServerMock.createResponseFactory();
       endpointAppContextService = new EndpointAppContextService();
@@ -54,9 +52,7 @@ describe('test policy response handler', () => {
       const response = createSearchResponse(new EndpointDocGenerator().generatePolicyResponse());
       const hostPolicyResponseHandler = getHostPolicyResponseHandler();
 
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: response })
-      );
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       const mockRequest = httpServerMock.createKibanaRequest({
         params: { agentId: 'id' },
       });
@@ -69,16 +65,14 @@ describe('test policy response handler', () => {
 
       expect(mockResponse.ok).toBeCalled();
       const result = mockResponse.ok.mock.calls[0][0]?.body as GetHostPolicyResponse;
-      expect(result.policy_response.agent.id).toEqual(
-        get(response, 'hits.hits.0._source.agent.id')
-      );
+      expect(result.policy_response.agent.id).toEqual(response.hits.hits[0]._source.agent.id);
     });
 
     it('should return not found when there is no response policy for host', async () => {
       const hostPolicyResponseHandler = getHostPolicyResponseHandler();
 
-      (mockScopedClient.asCurrentUser.search as jest.Mock).mockImplementationOnce(() =>
-        Promise.resolve({ body: createSearchResponse() })
+      mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
+        Promise.resolve(createSearchResponse())
       );
 
       const mockRequest = httpServerMock.createKibanaRequest({
@@ -115,7 +109,7 @@ describe('test policy response handler', () => {
     };
 
     beforeEach(() => {
-      mockScopedClient = elasticsearchServiceMock.createScopedClusterClient();
+      mockScopedClient = elasticsearchServiceMock.createLegacyScopedClusterClient();
       mockSavedObjectClient = savedObjectsClientMock.create();
       mockResponse = httpServerMock.createResponseFactory();
       endpointAppContextService = new EndpointAppContextService();
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
index 45b6201c47773..ec1fad80701b6 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
@@ -25,7 +25,7 @@ export const getHostPolicyResponseHandler = function (): RequestHandler<
     const doc = await getPolicyResponseByAgentId(
       policyIndexPattern,
       request.query.agentId,
-      context.core.elasticsearch.client
+      context.core.elasticsearch.legacy.client
     );
 
     if (doc) {
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
index 8646a05900f80..8043eae20b30e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
@@ -24,7 +24,7 @@ describe('test policy query', () => {
   it('queries for the correct host', async () => {
     const agentId = 'f757d3c0-e874-11ea-9ad9-015510b487f4';
     const query = getESQueryPolicyResponseByAgentID(agentId, 'anyindex');
-    expect(query.body?.query?.bool?.filter).toEqual({ term: { 'agent.id': agentId } });
+    expect(query.body.query.bool.filter.term).toEqual({ 'agent.id': agentId });
   });
 
   it('filters out initial policy by ID', async () => {
@@ -32,10 +32,8 @@ describe('test policy query', () => {
       'f757d3c0-e874-11ea-9ad9-015510b487f4',
       'anyindex'
     );
-    expect(query.body?.query?.bool?.must_not).toEqual({
-      term: {
-        'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000',
-      },
+    expect(query.body.query.bool.must_not.term).toEqual({
+      'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000',
     });
   });
 });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
index 987bef15afe98..af5a885b78040 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
@@ -5,21 +5,18 @@
  * 2.0.
  */
 
+import { SearchResponse } from 'elasticsearch';
 import {
   ElasticsearchClient,
-  IScopedClusterClient,
+  ILegacyScopedClusterClient,
   SavedObjectsClientContract,
-} from '../../../../../../../src/core/server';
+} from 'kibana/server';
 import { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types';
 import { INITIAL_POLICY_ID } from './index';
 import { Agent } from '../../../../../fleet/common/types/models';
 import { EndpointAppContext } from '../../types';
-import { ISearchRequestParams } from '../../../../../../../src/plugins/data/common';
 
-export const getESQueryPolicyResponseByAgentID = (
-  agentID: string,
-  index: string
-): ISearchRequestParams => {
+export function getESQueryPolicyResponseByAgentID(agentID: string, index: string) {
   return {
     body: {
       query: {
@@ -47,23 +44,26 @@ export const getESQueryPolicyResponseByAgentID = (
     },
     index,
   };
-};
+}
 
 export async function getPolicyResponseByAgentId(
   index: string,
   agentID: string,
-  dataClient: IScopedClusterClient
+  dataClient: ILegacyScopedClusterClient
 ): Promise<GetHostPolicyResponse | undefined> {
   const query = getESQueryPolicyResponseByAgentID(agentID, index);
-  const response = await dataClient.asCurrentUser.search<HostPolicyResponse>(query);
+  const response = (await dataClient.callAsCurrentUser(
+    'search',
+    query
+  )) as SearchResponse<HostPolicyResponse>;
 
-  if (response.body.hits.hits.length > 0 && response.body.hits.hits[0]._source != null) {
-    return {
-      policy_response: response.body.hits.hits[0]._source,
-    };
+  if (response.hits.hits.length === 0) {
+    return undefined;
   }
 
-  return undefined;
+  return {
+    policy_response: response.hits.hits[0]._source,
+  };
 }
 
 const transformAgentVersionMap = (versionMap: Map<string, number>): { [key: string]: number } => {
diff --git a/x-pack/plugins/security_solution/server/endpoint/types.ts b/x-pack/plugins/security_solution/server/endpoint/types.ts
index b3c7e58afe991..8006bf20d4517 100644
--- a/x-pack/plugins/security_solution/server/endpoint/types.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/types.ts
@@ -6,8 +6,7 @@
  */
 
 import { LoggerFactory } from 'kibana/server';
-
-import { SearchResponse } from '@elastic/elasticsearch/api/types';
+import { SearchResponse } from 'elasticsearch';
 import { ConfigType } from '../config';
 import { EndpointAppContextService } from './endpoint_app_context_services';
 import { JsonObject } from '../../../../../src/plugins/kibana_utils/common';
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 158c2e94b2d7a..46467a21ca7ab 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -305,10 +305,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
     compose(core, plugins, endpointContext);
 
     core.getStartServices().then(([_, depsStart]) => {
-      const securitySolutionSearchStrategy = securitySolutionSearchStrategyProvider(
-        depsStart.data,
-        endpointContext
-      );
+      const securitySolutionSearchStrategy = securitySolutionSearchStrategyProvider(depsStart.data);
       const securitySolutionTimelineSearchStrategy = securitySolutionTimelineSearchStrategyProvider(
         depsStart.data
       );
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/authentications/index.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/authentications/index.tsx
index fa78a8d59803d..9e85eefe21e8a 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/authentications/index.tsx
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/authentications/index.tsx
@@ -58,6 +58,7 @@ export const authentications: SecuritySolutionFactory<HostsQueries.authenticatio
       dsl: [inspectStringifyObject(buildAuthenticationQuery(options))],
     };
     const showMorePagesIndicator = totalCount > fakeTotalCount;
+
     return {
       ...response,
       inspect,
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts
index 9dfff5e11715d..7561682e070fc 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts
@@ -1370,20 +1370,6 @@ export const formattedSearchStrategyResponse = {
                 terms: { field: 'cloud.region', size: 10, order: { timestamp: 'desc' } },
                 aggs: { timestamp: { max: { field: '@timestamp' } } },
               },
-              endpoint_id: {
-                filter: {
-                  term: {
-                    'agent.type': 'endpoint',
-                  },
-                },
-                aggs: {
-                  value: {
-                    terms: {
-                      field: 'agent.id',
-                    },
-                  },
-                },
-              },
             },
             query: {
               bool: {
@@ -1427,20 +1413,6 @@ export const expectedDsl = {
   track_total_hits: false,
   body: {
     aggregations: {
-      endpoint_id: {
-        filter: {
-          term: {
-            'agent.type': 'endpoint',
-          },
-        },
-        aggs: {
-          value: {
-            terms: {
-              field: 'agent.id',
-            },
-          },
-        },
-      },
       host_architecture: {
         terms: {
           field: 'host.architecture',
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts
index 1b6e927f33638..a581370cb5720 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts
@@ -7,23 +7,16 @@
 
 import { set } from '@elastic/safer-lodash-set/fp';
 import { get, has, head } from 'lodash/fp';
-import {
-  IScopedClusterClient,
-  SavedObjectsClientContract,
-} from '../../../../../../../../../src/core/server';
 import { hostFieldsMap } from '../../../../../../common/ecs/ecs_fields';
+import { toObjectArrayOfStrings } from '../../../../../../common/utils/to_array';
 import { Direction } from '../../../../../../common/search_strategy/common';
 import {
   AggregationRequest,
-  EndpointFields,
   HostAggEsItem,
   HostBuckets,
   HostItem,
   HostValue,
 } from '../../../../../../common/search_strategy/security_solution/hosts';
-import { toObjectArrayOfStrings } from '../../../../../../common/utils/to_array';
-import { getHostMetaData } from '../../../../../endpoint/routes/metadata/handlers';
-import { EndpointAppContext } from '../../../../../endpoint/types';
 
 export const HOST_FIELDS = [
   '_id',
@@ -45,8 +38,6 @@ export const HOST_FIELDS = [
   'endpoint.endpointPolicy',
   'endpoint.policyStatus',
   'endpoint.sensorVersion',
-  'agent.type',
-  'endpoint.id',
 ];
 
 export const buildFieldsTermAggregation = (esFields: readonly string[]): AggregationRequest =>
@@ -108,8 +99,8 @@ const getTermsAggregationTypeFromField = (field: string): AggregationRequest =>
   };
 };
 
-export const formatHostItem = (bucket: HostAggEsItem): HostItem => {
-  return HOST_FIELDS.reduce<HostItem>((flattenedFields, fieldName) => {
+export const formatHostItem = (bucket: HostAggEsItem): HostItem =>
+  HOST_FIELDS.reduce<HostItem>((flattenedFields, fieldName) => {
     const fieldValue = getHostFieldValue(fieldName, bucket);
     if (fieldValue != null) {
       if (fieldName === '_id') {
@@ -123,13 +114,11 @@ export const formatHostItem = (bucket: HostAggEsItem): HostItem => {
     }
     return flattenedFields;
   }, {});
-};
 
 const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | string[] | null => {
   const aggField = hostFieldsMap[fieldName]
     ? hostFieldsMap[fieldName].replace(/\./g, '_')
     : fieldName.replace(/\./g, '_');
-
   if (
     [
       'host.ip',
@@ -145,7 +134,10 @@ const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | s
     return data.buckets.map((obj) => obj.key);
   } else if (has(`${aggField}.buckets`, bucket)) {
     return getFirstItem(get(`${aggField}`, bucket));
-  } else if (['host.name', 'host.os.name', 'host.os.version', 'endpoint.id'].includes(fieldName)) {
+  } else if (has(aggField, bucket)) {
+    const valueObj: HostValue = get(aggField, bucket);
+    return valueObj.value_as_string;
+  } else if (['host.name', 'host.os.name', 'host.os.version'].includes(fieldName)) {
     switch (fieldName) {
       case 'host.name':
         return get('key', bucket) || null;
@@ -153,12 +145,7 @@ const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | s
         return get('os.hits.hits[0]._source.host.os.name', bucket) || null;
       case 'host.os.version':
         return get('os.hits.hits[0]._source.host.os.version', bucket) || null;
-      case 'endpoint.id':
-        return get('endpoint_id.value.buckets[0].key', bucket) || null;
     }
-  } else if (has(aggField, bucket)) {
-    const valueObj: HostValue = get(aggField, bucket);
-    return valueObj.value_as_string;
   } else if (aggField === '_id') {
     const hostName = get(`host_name`, bucket);
     return hostName ? getFirstItem(hostName) : null;
@@ -173,42 +160,3 @@ const getFirstItem = (data: HostBuckets): string | null => {
   }
   return firstItem.key;
 };
-
-export const getHostEndpoint = async (
-  id: string | null,
-  deps: {
-    esClient: IScopedClusterClient;
-    savedObjectsClient: SavedObjectsClientContract;
-    endpointContext: EndpointAppContext;
-  }
-): Promise<EndpointFields | null> => {
-  const { esClient, endpointContext, savedObjectsClient } = deps;
-  const logger = endpointContext.logFactory.get('metadata');
-  try {
-    const agentService = endpointContext.service.getAgentService();
-    if (agentService === undefined) {
-      throw new Error('agentService not available');
-    }
-    const metadataRequestContext = {
-      esClient,
-      endpointAppContextService: endpointContext.service,
-      logger,
-      savedObjectsClient,
-    };
-    const endpointData =
-      id != null && metadataRequestContext.endpointAppContextService.getAgentService() != null
-        ? await getHostMetaData(metadataRequestContext, id, undefined)
-        : null;
-
-    return endpointData != null && endpointData.metadata
-      ? {
-          endpointPolicy: endpointData.metadata.Endpoint.policy.applied.name,
-          policyStatus: endpointData.metadata.Endpoint.policy.applied.status,
-          sensorVersion: endpointData.metadata.agent.version,
-        }
-      : null;
-  } catch (err) {
-    logger.warn(JSON.stringify(err, null, 2));
-    return null;
-  }
-};
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx
index 4474b9f288570..244b826c7caeb 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx
@@ -12,32 +12,6 @@ import {
   mockSearchStrategyResponse,
   formattedSearchStrategyResponse,
 } from './__mocks__';
-import {
-  IScopedClusterClient,
-  SavedObjectsClientContract,
-} from '../../../../../../../../../src/core/server';
-import { EndpointAppContext } from '../../../../../endpoint/types';
-import { EndpointAppContextService } from '../../../../../endpoint/endpoint_app_context_services';
-
-const mockDeps = {
-  esClient: {} as IScopedClusterClient,
-  savedObjectsClient: {} as SavedObjectsClientContract,
-  endpointContext: {
-    logFactory: {
-      get: jest.fn().mockReturnValue({
-        warn: jest.fn(),
-      }),
-    },
-    config: jest.fn().mockResolvedValue({}),
-    experimentalFeatures: {
-      trustedAppsByPolicyEnabled: false,
-      metricsEntitiesEnabled: false,
-      eventFilteringEnabled: false,
-      hostIsolationEnabled: false,
-    },
-    service: {} as EndpointAppContextService,
-  } as EndpointAppContext,
-};
 
 describe('hostDetails search strategy', () => {
   const buildHostDetailsQuery = jest.spyOn(buildQuery, 'buildHostDetailsQuery');
@@ -55,7 +29,7 @@ describe('hostDetails search strategy', () => {
 
   describe('parse', () => {
     test('should parse data correctly', async () => {
-      const result = await hostDetails.parse(mockOptions, mockSearchStrategyResponse, mockDeps);
+      const result = await hostDetails.parse(mockOptions, mockSearchStrategyResponse);
       expect(result).toMatchObject(formattedSearchStrategyResponse);
     });
   });
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts
index 562b7e4fbc167..5da64cc8f7a90 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts
@@ -10,58 +10,28 @@ import { get } from 'lodash/fp';
 import { IEsSearchResponse } from '../../../../../../../../../src/plugins/data/common';
 import {
   HostAggEsData,
+  HostAggEsItem,
   HostDetailsStrategyResponse,
   HostsQueries,
   HostDetailsRequestOptions,
-  EndpointFields,
 } from '../../../../../../common/search_strategy/security_solution/hosts';
 
 import { inspectStringifyObject } from '../../../../../utils/build_query';
 import { SecuritySolutionFactory } from '../../types';
 import { buildHostDetailsQuery } from './query.host_details.dsl';
-import { formatHostItem, getHostEndpoint } from './helpers';
-import { EndpointAppContext } from '../../../../../endpoint/types';
-import {
-  IScopedClusterClient,
-  SavedObjectsClientContract,
-} from '../../../../../../../../../src/core/server';
+import { formatHostItem } from './helpers';
 
 export const hostDetails: SecuritySolutionFactory<HostsQueries.details> = {
   buildDsl: (options: HostDetailsRequestOptions) => buildHostDetailsQuery(options),
   parse: async (
     options: HostDetailsRequestOptions,
-    response: IEsSearchResponse<HostAggEsData>,
-    deps?: {
-      esClient: IScopedClusterClient;
-      savedObjectsClient: SavedObjectsClientContract;
-      endpointContext: EndpointAppContext;
-    }
+    response: IEsSearchResponse<HostAggEsData>
   ): Promise<HostDetailsStrategyResponse> => {
-    const aggregations = get('aggregations', response.rawResponse);
-
+    const aggregations: HostAggEsItem = get('aggregations', response.rawResponse) || {};
     const inspect = {
       dsl: [inspectStringifyObject(buildHostDetailsQuery(options))],
     };
-
-    if (aggregations == null) {
-      return { ...response, inspect, hostDetails: {} };
-    }
-
     const formattedHostItem = formatHostItem(aggregations);
-    const ident = // endpoint-generated ID, NOT elastic-agent-id
-      formattedHostItem.endpoint && formattedHostItem.endpoint.id
-        ? Array.isArray(formattedHostItem.endpoint.id)
-          ? formattedHostItem.endpoint.id[0]
-          : formattedHostItem.endpoint.id
-        : null;
-    if (deps == null) {
-      return { ...response, inspect, hostDetails: { ...formattedHostItem } };
-    }
-    const endpoint: EndpointFields | null = await getHostEndpoint(ident, deps);
-    return {
-      ...response,
-      inspect,
-      hostDetails: endpoint != null ? { ...formattedHostItem, endpoint } : formattedHostItem,
-    };
+    return { ...response, inspect, hostDetails: formattedHostItem };
   },
 };
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts
index 45afed2526aa3..fb8296d6593b0 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.ts
@@ -16,10 +16,7 @@ export const buildHostDetailsQuery = ({
   defaultIndex,
   timerange: { from, to },
 }: HostDetailsRequestOptions): ISearchRequestParams => {
-  const esFields = reduceFields(HOST_FIELDS, {
-    ...hostFieldsMap,
-    ...cloudFieldsMap,
-  });
+  const esFields = reduceFields(HOST_FIELDS, { ...hostFieldsMap, ...cloudFieldsMap });
 
   const filter = [
     { term: { 'host.name': hostName } },
@@ -42,20 +39,6 @@ export const buildHostDetailsQuery = ({
     body: {
       aggregations: {
         ...buildFieldsTermAggregation(esFields.filter((field) => !['@timestamp'].includes(field))),
-        endpoint_id: {
-          filter: {
-            term: {
-              'agent.type': 'endpoint',
-            },
-          },
-          aggs: {
-            value: {
-              terms: {
-                field: 'agent.id',
-              },
-            },
-          },
-        },
       },
       query: { bool: { filter } },
       size: 0,
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/types.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/types.ts
index 4bdf97b489805..3455b627144bf 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/types.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/types.ts
@@ -5,10 +5,6 @@
  * 2.0.
  */
 
-import {
-  IScopedClusterClient,
-  SavedObjectsClientContract,
-} from '../../../../../../../src/core/server';
 import {
   IEsSearchResponse,
   ISearchRequestParams,
@@ -18,17 +14,11 @@ import {
   StrategyRequestType,
   StrategyResponseType,
 } from '../../../../common/search_strategy/security_solution';
-import { EndpointAppContext } from '../../../endpoint/types';
 
 export interface SecuritySolutionFactory<T extends FactoryQueryTypes> {
   buildDsl: (options: StrategyRequestType<T>) => ISearchRequestParams;
   parse: (
     options: StrategyRequestType<T>,
-    response: IEsSearchResponse,
-    deps?: {
-      esClient: IScopedClusterClient;
-      savedObjectsClient: SavedObjectsClientContract;
-      endpointContext: EndpointAppContext;
-    }
+    response: IEsSearchResponse
   ) => Promise<StrategyResponseType<T>>;
 }
diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts
index 0883a144615bc..2980f63df8a67 100644
--- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts
@@ -19,11 +19,9 @@ import {
 } from '../../../common/search_strategy/security_solution';
 import { securitySolutionFactory } from './factory';
 import { SecuritySolutionFactory } from './factory/types';
-import { EndpointAppContext } from '../../endpoint/types';
 
 export const securitySolutionSearchStrategyProvider = <T extends FactoryQueryTypes>(
-  data: PluginStart,
-  endpointContext: EndpointAppContext
+  data: PluginStart
 ): ISearchStrategy<StrategyRequestType<T>, StrategyResponseType<T>> => {
   const es = data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY);
 
@@ -44,13 +42,7 @@ export const securitySolutionSearchStrategyProvider = <T extends FactoryQueryTyp
             },
           };
         }),
-        mergeMap((esSearchRes) =>
-          queryFactory.parse(request, esSearchRes, {
-            esClient: deps.esClient,
-            savedObjectsClient: deps.savedObjectsClient,
-            endpointContext,
-          })
-        )
+        mergeMap((esSearchRes) => queryFactory.parse(request, esSearchRes))
       );
     },
     cancel: async (id, options, deps) => {

From fcc2ac5799d48444bc8c30ef25c26f49b0b7e76d Mon Sep 17 00:00:00 2001
From: Yuliia Naumenko <jo.naumenko@gmail.com>
Date: Mon, 10 May 2021 15:24:42 -0700
Subject: [PATCH 06/11] Fixed alerting health check behavior when alerting
 cannot find its health task in Task Manager. (#99564)

* Fixed alerting health check behavior when alerting cannot find its health task in Task Manager.

* fixed test

* added unit tests
---
 .../alerting/server/health/get_health.test.ts |  74 +++++++-
 .../alerting/server/health/get_health.ts      |  15 +-
 .../alerting/server/health/get_state.test.ts  | 166 ++++++++++++++++--
 .../alerting/server/health/get_state.ts       |  61 +++++--
 x-pack/plugins/alerting/server/health/task.ts |  13 +-
 x-pack/plugins/alerting/server/plugin.ts      |   9 +-
 6 files changed, 290 insertions(+), 48 deletions(-)

diff --git a/x-pack/plugins/alerting/server/health/get_health.test.ts b/x-pack/plugins/alerting/server/health/get_health.test.ts
index 3c494dac6785b..c31a71138248b 100644
--- a/x-pack/plugins/alerting/server/health/get_health.test.ts
+++ b/x-pack/plugins/alerting/server/health/get_health.test.ts
@@ -5,9 +5,12 @@
  * 2.0.
  */
 
-import { savedObjectsRepositoryMock } from '../../../../../src/core/server/mocks';
+import {
+  savedObjectsRepositoryMock,
+  savedObjectsServiceMock,
+} from '../../../../../src/core/server/mocks';
 import { AlertExecutionStatusErrorReasons, HealthStatus } from '../types';
-import { getHealth } from './get_health';
+import { getAlertingHealthStatus, getHealth } from './get_health';
 
 const savedObjectsRepository = savedObjectsRepositoryMock.create();
 
@@ -221,3 +224,70 @@ describe('getHealth()', () => {
     });
   });
 });
+
+describe('getAlertingHealthStatus()', () => {
+  test('return the proper framework state if some of alerts has a decryption error', async () => {
+    const savedObjects = savedObjectsServiceMock.createStartContract();
+    const lastExecutionDateError = new Date().toISOString();
+    savedObjectsRepository.find.mockResolvedValueOnce({
+      total: 1,
+      per_page: 1,
+      page: 1,
+      saved_objects: [
+        {
+          id: '1',
+          type: 'alert',
+          attributes: {
+            alertTypeId: 'myType',
+            schedule: { interval: '10s' },
+            params: {
+              bar: true,
+            },
+            createdAt: new Date().toISOString(),
+            actions: [
+              {
+                group: 'default',
+                actionRef: 'action_0',
+                params: {
+                  foo: true,
+                },
+              },
+            ],
+            executionStatus: {
+              status: 'error',
+              lastExecutionDate: lastExecutionDateError,
+              error: {
+                reason: AlertExecutionStatusErrorReasons.Decrypt,
+                message: 'Failed decrypt',
+              },
+            },
+          },
+          score: 1,
+          references: [
+            {
+              name: 'action_0',
+              type: 'action',
+              id: '1',
+            },
+          ],
+        },
+      ],
+    });
+    savedObjectsRepository.find.mockResolvedValue({
+      total: 0,
+      per_page: 10,
+      page: 1,
+      saved_objects: [],
+    });
+    const result = await getAlertingHealthStatus(
+      { ...savedObjects, createInternalRepository: () => savedObjectsRepository },
+      1
+    );
+    expect(result).toStrictEqual({
+      state: {
+        runs: 2,
+        health_status: HealthStatus.Warning,
+      },
+    });
+  });
+});
diff --git a/x-pack/plugins/alerting/server/health/get_health.ts b/x-pack/plugins/alerting/server/health/get_health.ts
index f00e79a0d96ea..4a0266c9b729f 100644
--- a/x-pack/plugins/alerting/server/health/get_health.ts
+++ b/x-pack/plugins/alerting/server/health/get_health.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ISavedObjectsRepository } from 'src/core/server';
+import { ISavedObjectsRepository, SavedObjectsServiceStart } from 'src/core/server';
 import { AlertsHealth, HealthStatus, RawAlert, AlertExecutionStatusErrorReasons } from '../types';
 
 export const getHealth = async (
@@ -97,3 +97,16 @@ export const getHealth = async (
 
   return healthStatuses;
 };
+
+export const getAlertingHealthStatus = async (
+  savedObjects: SavedObjectsServiceStart,
+  stateRuns?: number
+) => {
+  const alertingHealthStatus = await getHealth(savedObjects.createInternalRepository(['alert']));
+  return {
+    state: {
+      runs: (stateRuns || 0) + 1,
+      health_status: alertingHealthStatus.decryptionHealth.status,
+    },
+  };
+};
diff --git a/x-pack/plugins/alerting/server/health/get_state.test.ts b/x-pack/plugins/alerting/server/health/get_state.test.ts
index 7b36bf34377f7..643d966d1fad0 100644
--- a/x-pack/plugins/alerting/server/health/get_state.test.ts
+++ b/x-pack/plugins/alerting/server/health/get_state.test.ts
@@ -14,6 +14,16 @@ import {
 } from './get_state';
 import { ConcreteTaskInstance, TaskStatus } from '../../../task_manager/server';
 import { HealthStatus } from '../types';
+import { loggingSystemMock, savedObjectsServiceMock } from 'src/core/server/mocks';
+
+jest.mock('./get_health', () => ({
+  getAlertingHealthStatus: jest.fn().mockReturnValue({
+    state: {
+      runs: 0,
+      health_status: 'warn',
+    },
+  }),
+}));
 
 const tick = () => new Promise((resolve) => setImmediate(resolve));
 
@@ -38,6 +48,9 @@ const getHealthCheckTask = (overrides = {}): ConcreteTaskInstance => ({
   ...overrides,
 });
 
+const logger = loggingSystemMock.create().get();
+const savedObjects = savedObjectsServiceMock.createStartContract();
+
 describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
   beforeEach(() => jest.useFakeTimers());
 
@@ -47,7 +60,21 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     const pollInterval = 100;
     const halfInterval = Math.floor(pollInterval / 2);
 
-    getHealthStatusStream(mockTaskManager, pollInterval).subscribe();
+    getHealthStatusStream(
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      }),
+      pollInterval
+    ).subscribe();
 
     // shouldn't fire before poll interval passes
     // should fire once each poll interval
@@ -68,7 +95,22 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     const pollInterval = 100;
     const halfInterval = Math.floor(pollInterval / 2);
 
-    getHealthStatusStream(mockTaskManager, pollInterval, retryDelay).subscribe();
+    getHealthStatusStream(
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      }),
+      pollInterval,
+      retryDelay
+    ).subscribe();
 
     jest.advanceTimersByTime(halfInterval);
     expect(mockTaskManager.get).toHaveBeenCalledTimes(0);
@@ -99,7 +141,18 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     mockTaskManager.get.mockResolvedValue(getHealthCheckTask());
 
     const status = await getHealthServiceStatusWithRetryAndErrorHandling(
-      mockTaskManager
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      })
     ).toPromise();
 
     expect(status.level).toEqual(ServiceStatusLevels.available);
@@ -118,7 +171,18 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     );
 
     const status = await getHealthServiceStatusWithRetryAndErrorHandling(
-      mockTaskManager
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      })
     ).toPromise();
 
     expect(status.level).toEqual(ServiceStatusLevels.degraded);
@@ -137,7 +201,18 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     );
 
     const status = await getHealthServiceStatusWithRetryAndErrorHandling(
-      mockTaskManager
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      })
     ).toPromise();
 
     expect(status.level).toEqual(ServiceStatusLevels.unavailable);
@@ -152,12 +227,25 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
       .mockRejectedValueOnce(new Error('Failure'))
       .mockResolvedValue(getHealthCheckTask());
 
-    getHealthServiceStatusWithRetryAndErrorHandling(mockTaskManager, retryDelay).subscribe(
-      (status) => {
-        expect(status.level).toEqual(ServiceStatusLevels.available);
-        expect(status.summary).toEqual('Alerting framework is available');
-      }
-    );
+    getHealthServiceStatusWithRetryAndErrorHandling(
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      }),
+      retryDelay
+    ).subscribe((status) => {
+      expect(status.level).toEqual(ServiceStatusLevels.available);
+      expect(logger.warn).toHaveBeenCalledTimes(1);
+      expect(status.summary).toEqual('Alerting framework is available');
+    });
 
     await tick();
     jest.advanceTimersByTime(retryDelay * 2);
@@ -169,13 +257,25 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     const mockTaskManager = taskManagerMock.createStart();
     mockTaskManager.get.mockRejectedValue(err);
 
-    getHealthServiceStatusWithRetryAndErrorHandling(mockTaskManager, retryDelay).subscribe(
-      (status) => {
-        expect(status.level).toEqual(ServiceStatusLevels.unavailable);
-        expect(status.summary).toEqual('Alerting framework is unavailable');
-        expect(status.meta).toEqual({ error: err });
-      }
-    );
+    getHealthServiceStatusWithRetryAndErrorHandling(
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      }),
+      retryDelay
+    ).subscribe((status) => {
+      expect(status.level).toEqual(ServiceStatusLevels.unavailable);
+      expect(status.summary).toEqual('Alerting framework is unavailable');
+      expect(status.meta).toEqual({ error: err });
+    });
 
     for (let i = 0; i < MAX_RETRY_ATTEMPTS + 1; i++) {
       await tick();
@@ -183,4 +283,34 @@ describe('getHealthServiceStatusWithRetryAndErrorHandling', () => {
     }
     expect(mockTaskManager.get).toHaveBeenCalledTimes(MAX_RETRY_ATTEMPTS + 1);
   });
+
+  it('should schedule a new health check task if it does not exist without throwing an error', async () => {
+    const mockTaskManager = taskManagerMock.createStart();
+    mockTaskManager.get.mockRejectedValue({
+      output: {
+        statusCode: 404,
+        message: 'Not Found',
+      },
+    });
+
+    const status = await getHealthServiceStatusWithRetryAndErrorHandling(
+      mockTaskManager,
+      logger,
+      savedObjects,
+      Promise.resolve({
+        healthCheck: {
+          interval: '5m',
+        },
+        invalidateApiKeysTask: {
+          interval: '5m',
+          removalDelay: '1h',
+        },
+      })
+    ).toPromise();
+
+    expect(mockTaskManager.ensureScheduled).toHaveBeenCalledTimes(1);
+    expect(status.level).toEqual(ServiceStatusLevels.degraded);
+    expect(status.summary).toEqual('Alerting framework is degraded');
+    expect(status.meta).toBeUndefined();
+  });
 });
diff --git a/x-pack/plugins/alerting/server/health/get_state.ts b/x-pack/plugins/alerting/server/health/get_state.ts
index 5bd80f2c6d29f..30099614ea42b 100644
--- a/x-pack/plugins/alerting/server/health/get_state.ts
+++ b/x-pack/plugins/alerting/server/health/get_state.ts
@@ -8,27 +8,38 @@
 import { i18n } from '@kbn/i18n';
 import { defer, of, interval, Observable, throwError, timer } from 'rxjs';
 import { catchError, mergeMap, retryWhen, switchMap } from 'rxjs/operators';
-import { ServiceStatus, ServiceStatusLevels } from '../../../../../src/core/server';
+import {
+  Logger,
+  SavedObjectsServiceStart,
+  ServiceStatus,
+  ServiceStatusLevels,
+} from '../../../../../src/core/server';
 import { TaskManagerStartContract } from '../../../task_manager/server';
-import { HEALTH_TASK_ID } from './task';
+import { HEALTH_TASK_ID, scheduleAlertingHealthCheck } from './task';
 import { HealthStatus } from '../types';
+import { getAlertingHealthStatus } from './get_health';
+import { AlertsConfig } from '../config';
 
 export const MAX_RETRY_ATTEMPTS = 3;
 const HEALTH_STATUS_INTERVAL = 60000 * 5; // Five minutes
 const RETRY_DELAY = 5000; // Wait 5 seconds before retrying on errors
 
-async function getLatestTaskState(taskManager: TaskManagerStartContract) {
+async function getLatestTaskState(
+  taskManager: TaskManagerStartContract,
+  logger: Logger,
+  savedObjects: SavedObjectsServiceStart,
+  config: Promise<AlertsConfig>
+) {
   try {
-    const result = await taskManager.get(HEALTH_TASK_ID);
-    return result;
+    return await taskManager.get(HEALTH_TASK_ID);
   } catch (err) {
-    const errMessage = err && err.message ? err.message : err.toString();
-    if (!errMessage.includes('NotInitialized')) {
-      throw err;
+    // if task is not found
+    if (err?.output?.statusCode === 404) {
+      await scheduleAlertingHealthCheck(logger, config, taskManager);
+      return await getAlertingHealthStatus(savedObjects);
     }
+    throw err;
   }
-
-  return null;
 }
 
 const LEVEL_SUMMARY = {
@@ -53,13 +64,16 @@ const LEVEL_SUMMARY = {
 };
 
 const getHealthServiceStatus = async (
-  taskManager: TaskManagerStartContract
+  taskManager: TaskManagerStartContract,
+  logger: Logger,
+  savedObjects: SavedObjectsServiceStart,
+  config: Promise<AlertsConfig>
 ): Promise<ServiceStatus<unknown>> => {
-  const doc = await getLatestTaskState(taskManager);
+  const doc = await getLatestTaskState(taskManager, logger, savedObjects, config);
   const level =
-    doc?.state?.health_status === HealthStatus.OK
+    doc.state?.health_status === HealthStatus.OK
       ? ServiceStatusLevels.available
-      : doc?.state?.health_status === HealthStatus.Warning
+      : doc.state?.health_status === HealthStatus.Warning
       ? ServiceStatusLevels.degraded
       : ServiceStatusLevels.unavailable;
   return {
@@ -70,9 +84,12 @@ const getHealthServiceStatus = async (
 
 export const getHealthServiceStatusWithRetryAndErrorHandling = (
   taskManager: TaskManagerStartContract,
+  logger: Logger,
+  savedObjects: SavedObjectsServiceStart,
+  config: Promise<AlertsConfig>,
   retryDelay?: number
 ): Observable<ServiceStatus<unknown>> => {
-  return defer(() => getHealthServiceStatus(taskManager)).pipe(
+  return defer(() => getHealthServiceStatus(taskManager, logger, savedObjects, config)).pipe(
     retryWhen((errors) => {
       return errors.pipe(
         mergeMap((error, i) => {
@@ -85,6 +102,7 @@ export const getHealthServiceStatusWithRetryAndErrorHandling = (
       );
     }),
     catchError((error) => {
+      logger.warn(`Alerting framework is unavailable due to the error: ${error}`);
       return of({
         level: ServiceStatusLevels.unavailable,
         summary: LEVEL_SUMMARY[ServiceStatusLevels.unavailable.toString()],
@@ -96,9 +114,20 @@ export const getHealthServiceStatusWithRetryAndErrorHandling = (
 
 export const getHealthStatusStream = (
   taskManager: TaskManagerStartContract,
+  logger: Logger,
+  savedObjects: SavedObjectsServiceStart,
+  config: Promise<AlertsConfig>,
   healthStatusInterval?: number,
   retryDelay?: number
 ): Observable<ServiceStatus<unknown>> =>
   interval(healthStatusInterval ?? HEALTH_STATUS_INTERVAL).pipe(
-    switchMap(() => getHealthServiceStatusWithRetryAndErrorHandling(taskManager, retryDelay))
+    switchMap(() =>
+      getHealthServiceStatusWithRetryAndErrorHandling(
+        taskManager,
+        logger,
+        savedObjects,
+        config,
+        retryDelay
+      )
+    )
   );
diff --git a/x-pack/plugins/alerting/server/health/task.ts b/x-pack/plugins/alerting/server/health/task.ts
index a6f1237c43583..999e76fde696e 100644
--- a/x-pack/plugins/alerting/server/health/task.ts
+++ b/x-pack/plugins/alerting/server/health/task.ts
@@ -14,7 +14,7 @@ import {
 import { AlertsConfig } from '../config';
 import { AlertingPluginsStart } from '../plugin';
 import { HealthStatus } from '../types';
-import { getHealth } from './get_health';
+import { getAlertingHealthStatus } from './get_health';
 
 export const HEALTH_TASK_TYPE = 'alerting_health_check';
 
@@ -71,15 +71,10 @@ export function healthCheckTaskRunner(
     return {
       async run() {
         try {
-          const alertingHealthStatus = await getHealth(
-            (await coreStartServices)[0].savedObjects.createInternalRepository(['alert'])
+          return await getAlertingHealthStatus(
+            (await coreStartServices)[0].savedObjects,
+            state.runs
           );
-          return {
-            state: {
-              runs: (state.runs || 0) + 1,
-              health_status: alertingHealthStatus.decryptionHealth.status,
-            },
-          };
         } catch (errMsg) {
           logger.warn(`Error executing alerting health check task: ${errMsg}`);
           return {
diff --git a/x-pack/plugins/alerting/server/plugin.ts b/x-pack/plugins/alerting/server/plugin.ts
index 1155cfa93337d..3d3b478c6480c 100644
--- a/x-pack/plugins/alerting/server/plugin.ts
+++ b/x-pack/plugins/alerting/server/plugin.ts
@@ -220,11 +220,16 @@ export class AlertingPlugin {
       this.config
     );
 
-    core.getStartServices().then(async ([, startPlugins]) => {
+    core.getStartServices().then(async ([coreStart, startPlugins]) => {
       core.status.set(
         combineLatest([
           core.status.derivedStatus$,
-          getHealthStatusStream(startPlugins.taskManager),
+          getHealthStatusStream(
+            startPlugins.taskManager,
+            this.logger,
+            coreStart.savedObjects,
+            this.config
+          ),
         ]).pipe(
           map(([derivedStatus, healthStatus]) => {
             if (healthStatus.level > derivedStatus.level) {

From 0b5d323613c35b9159224b5b650c07ad99de1fed Mon Sep 17 00:00:00 2001
From: Scotty Bollinger <scotty.bollinger@elastic.co>
Date: Mon, 10 May 2021 17:30:57 -0500
Subject: [PATCH 07/11] [Workplace Search] Fix bug with updating a role mapping
 (#99688)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`id` is not needed by the server as a body prop, as it’s inferred from the params.
---
 .../server/routes/workplace_search/role_mappings.ts          | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
index 8c7792f56fd6c..5a6359c1cd836 100644
--- a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
@@ -66,10 +66,7 @@ export function registerOrgRoleMappingRoute({
     {
       path: '/api/workplace_search/org/role_mappings/{id}',
       validate: {
-        body: schema.object({
-          ...roleMappingBaseSchema,
-          id: schema.string(),
-        }),
+        body: schema.object(roleMappingBaseSchema),
         params: schema.object({
           id: schema.string(),
         }),

From b5380697ccb9c2463d6ad96d1fa8e01a313093e5 Mon Sep 17 00:00:00 2001
From: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
Date: Mon, 10 May 2021 18:16:03 -0500
Subject: [PATCH 08/11] [Fleet] Add keep_enabled flag to preconfiguration to
 prevent disabling certain inputs (#99656)

* [Fleet] Add keep_enabled flag to prevent disabling inputs

* Remove console.log

* Fix missing key definition
---
 x-pack/plugins/fleet/common/types/models/package_policy.ts    | 2 ++
 .../components/package_policy_input_panel.tsx                 | 1 +
 .../components/package_policy_input_stream.tsx                | 1 +
 x-pack/plugins/fleet/server/services/package_policy.test.ts   | 4 +++-
 x-pack/plugins/fleet/server/services/package_policy.ts        | 2 ++
 x-pack/plugins/fleet/server/services/preconfiguration.ts      | 2 ++
 x-pack/plugins/fleet/server/types/models/package_policy.ts    | 2 ++
 x-pack/plugins/fleet/server/types/models/preconfiguration.ts  | 2 ++
 8 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/fleet/common/types/models/package_policy.ts b/x-pack/plugins/fleet/common/types/models/package_policy.ts
index f30cc0f87d05b..04362e6ff9402 100644
--- a/x-pack/plugins/fleet/common/types/models/package_policy.ts
+++ b/x-pack/plugins/fleet/common/types/models/package_policy.ts
@@ -21,6 +21,7 @@ export type PackagePolicyConfigRecord = Record<string, PackagePolicyConfigRecord
 
 export interface NewPackagePolicyInputStream {
   enabled: boolean;
+  keep_enabled?: boolean;
   data_stream: {
     dataset: string;
     type: string;
@@ -37,6 +38,7 @@ export interface PackagePolicyInputStream extends NewPackagePolicyInputStream {
 export interface NewPackagePolicyInput {
   type: string;
   enabled: boolean;
+  keep_enabled?: boolean;
   vars?: PackagePolicyConfigRecord;
   config?: PackagePolicyConfigRecord;
   streams: NewPackagePolicyInputStream[];
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_panel.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_panel.tsx
index 75d7a7549f721..bce48d3108aa7 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_panel.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_panel.tsx
@@ -120,6 +120,7 @@ export const PackagePolicyInputPanel: React.FunctionComponent<{
                 </EuiFlexGroup>
               }
               checked={packagePolicyInput.enabled}
+              disabled={packagePolicyInput.keep_enabled}
               onChange={(e) => {
                 const enabled = e.target.checked;
                 updatePackagePolicyInput({
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_stream.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_stream.tsx
index 84f097813d484..5cc1fc4130256 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_stream.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/package_policy_input_stream.tsx
@@ -83,6 +83,7 @@ export const PackagePolicyInputStreamConfig: React.FunctionComponent<{
             <EuiFlexItem grow={5}>
               <EuiSwitch
                 label={packageInputStream.title}
+                disabled={packagePolicyInputStream.keep_enabled}
                 checked={packagePolicyInputStream.enabled}
                 onChange={(e) => {
                   const enabled = e.target.checked;
diff --git a/x-pack/plugins/fleet/server/services/package_policy.test.ts b/x-pack/plugins/fleet/server/services/package_policy.test.ts
index 2516073793a8b..21241e6d5723f 100644
--- a/x-pack/plugins/fleet/server/services/package_policy.test.ts
+++ b/x-pack/plugins/fleet/server/services/package_policy.test.ts
@@ -390,6 +390,7 @@ describe('Package policy service', () => {
         {
           config: {},
           enabled: true,
+          keep_enabled: true,
           type: 'endpoint',
           vars: {
             dog: {
@@ -428,7 +429,7 @@ describe('Package policy service', () => {
       const inputsUpdate = [
         {
           config: {},
-          enabled: true,
+          enabled: false,
           type: 'endpoint',
           vars: {
             dog: {
@@ -501,6 +502,7 @@ describe('Package policy service', () => {
       );
 
       const [modifiedInput] = result.inputs;
+      expect(modifiedInput.enabled).toEqual(true);
       expect(modifiedInput.vars!.dog.value).toEqual('labrador');
       expect(modifiedInput.vars!.cat.value).toEqual('siamese');
       const [modifiedStream] = modifiedInput.streams;
diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts
index 234fa4df51688..e4d34e551c95b 100644
--- a/x-pack/plugins/fleet/server/services/package_policy.ts
+++ b/x-pack/plugins/fleet/server/services/package_policy.ts
@@ -614,12 +614,14 @@ function enforceFrozenInputs(oldInputs: PackagePolicyInput[], newInputs: Package
 
   for (const input of resultInputs) {
     const oldInput = oldInputs.find((i) => i.type === input.type);
+    if (oldInput?.keep_enabled) input.enabled = oldInput.enabled;
     if (input.vars && oldInput?.vars) {
       input.vars = _enforceFrozenVars(oldInput.vars, input.vars);
     }
     if (input.streams && oldInput?.streams) {
       for (const stream of input.streams) {
         const oldStream = oldInput.streams.find((s) => s.id === stream.id);
+        if (oldStream?.keep_enabled) stream.enabled = oldStream.enabled;
         if (stream.vars && oldStream?.vars) {
           stream.vars = _enforceFrozenVars(oldStream.vars, stream.vars);
         }
diff --git a/x-pack/plugins/fleet/server/services/preconfiguration.ts b/x-pack/plugins/fleet/server/services/preconfiguration.ts
index 308abece9f4f5..a8be94ca61c0a 100644
--- a/x-pack/plugins/fleet/server/services/preconfiguration.ts
+++ b/x-pack/plugins/fleet/server/services/preconfiguration.ts
@@ -285,6 +285,8 @@ function overridePackageInputs(
     }
 
     if (typeof override.enabled !== 'undefined') originalInput.enabled = override.enabled;
+    if (typeof override.keep_enabled !== 'undefined')
+      originalInput.keep_enabled = override.keep_enabled;
 
     if (override.vars) {
       try {
diff --git a/x-pack/plugins/fleet/server/types/models/package_policy.ts b/x-pack/plugins/fleet/server/types/models/package_policy.ts
index 5a8fd70a9b84e..fa467a4185bd4 100644
--- a/x-pack/plugins/fleet/server/types/models/package_policy.ts
+++ b/x-pack/plugins/fleet/server/types/models/package_policy.ts
@@ -46,6 +46,7 @@ const PackagePolicyBaseSchema = {
     schema.object({
       type: schema.string(),
       enabled: schema.boolean(),
+      keep_enabled: schema.maybe(schema.boolean()),
       vars: schema.maybe(ConfigRecordSchema),
       config: schema.maybe(
         schema.recordOf(
@@ -60,6 +61,7 @@ const PackagePolicyBaseSchema = {
         schema.object({
           id: schema.maybe(schema.string()), // BWC < 7.11
           enabled: schema.boolean(),
+          keep_enabled: schema.maybe(schema.boolean()),
           data_stream: schema.object({ dataset: schema.string(), type: schema.string() }),
           vars: schema.maybe(ConfigRecordSchema),
           config: schema.maybe(
diff --git a/x-pack/plugins/fleet/server/types/models/preconfiguration.ts b/x-pack/plugins/fleet/server/types/models/preconfiguration.ts
index 5b871b80a6bbd..e988283c4aad9 100644
--- a/x-pack/plugins/fleet/server/types/models/preconfiguration.ts
+++ b/x-pack/plugins/fleet/server/types/models/preconfiguration.ts
@@ -67,6 +67,7 @@ export const PreconfiguredAgentPoliciesSchema = schema.arrayOf(
             schema.object({
               type: schema.string(),
               enabled: schema.maybe(schema.boolean()),
+              keep_enabled: schema.maybe(schema.boolean()),
               vars: varsSchema,
               streams: schema.maybe(
                 schema.arrayOf(
@@ -76,6 +77,7 @@ export const PreconfiguredAgentPoliciesSchema = schema.arrayOf(
                       dataset: schema.string(),
                     }),
                     enabled: schema.maybe(schema.boolean()),
+                    keep_enabled: schema.maybe(schema.boolean()),
                     vars: varsSchema,
                   })
                 )

From b248472e82cd736a68170eca3d1d9e8115c2ee71 Mon Sep 17 00:00:00 2001
From: Nathan Reese <reese.nathan@gmail.com>
Date: Mon, 10 May 2021 17:46:33 -0600
Subject: [PATCH 09/11] [Maps] show empty tooltips with actions on click
 (#99337)

* [Maps] show tooltips with actions on click

* clean up

* call canShowTooltip in _getTooltipFeatures

* move view into action

* cleanup

* i18n

* add comment to clarify if statement

* tslint

* fix security tslint

* fix jest tests

* clean up

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../__stories__/MapTooltip.stories.tsx        |   1 +
 .../common/descriptor_types/map_descriptor.ts |  12 ++
 .../maps/public/actions/tooltip_actions.ts    |  15 +-
 .../maps/public/classes/layers/layer.tsx      |   5 -
 .../layers/vector_layer/vector_layer.tsx      |   6 +-
 .../ems_file_source/ems_file_source.tsx       |   2 +-
 .../es_geo_grid_source/es_geo_grid_source.tsx |   2 +-
 .../es_geo_line_source/es_geo_line_source.tsx |   2 +-
 .../es_pew_pew_source/es_pew_pew_source.js    |   2 +-
 .../es_search_source/es_search_source.tsx     |   2 +-
 .../geojson_file_source.ts                    |   2 +-
 .../kibana_regionmap_source.ts                |   2 +-
 .../mvt_single_layer_vector_source.test.tsx   |   6 +-
 .../mvt_single_layer_vector_source.tsx        |   2 +-
 .../sources/table_source/table_source.ts      |   2 +-
 .../sources/vector_source/vector_source.tsx   |   4 +-
 .../features_tooltip/features_tooltip.tsx     | 131 ++++-----------
 .../mb_map/features_tooltip/footer.test.tsx   |   6 +
 .../mb_map/features_tooltip/index.ts          |   9 ++
 .../tooltip_control.test.js.snap              |  30 +---
 .../tooltip_popover.test.js.snap              |   9 --
 .../mb_map/tooltip_control/tooltip_control.js | 153 ++++++++++++++++--
 .../tooltip_control/tooltip_control.test.js   |  26 ++-
 .../mb_map/tooltip_control/tooltip_popover.js |  50 +-----
 .../map_tool_tip/map_tool_tip.test.tsx        |   1 +
 .../translations/translations/ja-JP.json      |   1 -
 .../translations/translations/zh-CN.json      |   1 -
 27 files changed, 247 insertions(+), 237 deletions(-)
 create mode 100644 x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/index.ts

diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/VisitorBreakdownMap/__stories__/MapTooltip.stories.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/VisitorBreakdownMap/__stories__/MapTooltip.stories.tsx
index b96fb42c3d1f4..1aad25fc89c0b 100644
--- a/x-pack/plugins/apm/public/components/app/RumDashboard/VisitorBreakdownMap/__stories__/MapTooltip.stories.tsx
+++ b/x-pack/plugins/apm/public/components/app/RumDashboard/VisitorBreakdownMap/__stories__/MapTooltip.stories.tsx
@@ -44,6 +44,7 @@ storiesOf('app/RumDashboard/VisitorsRegionMap', module)
                 '__kbnjoin__count__3657625d-17b0-41ef-99ba-3a2b2938655c': 439145,
                 '__kbnjoin__avg_of_transaction.duration.us__3657625d-17b0-41ef-99ba-3a2b2938655c': 2041665.6350131081,
               },
+              actions: [],
             },
           ]}
         />
diff --git a/x-pack/plugins/maps/common/descriptor_types/map_descriptor.ts b/x-pack/plugins/maps/common/descriptor_types/map_descriptor.ts
index acb0d9329e065..0bb9c7cc6f02b 100644
--- a/x-pack/plugins/maps/common/descriptor_types/map_descriptor.ts
+++ b/x-pack/plugins/maps/common/descriptor_types/map_descriptor.ts
@@ -7,7 +7,9 @@
 
 /* eslint-disable @typescript-eslint/consistent-type-definitions */
 
+import { ReactNode } from 'react';
 import { GeoJsonProperties } from 'geojson';
+import { Geometry } from 'geojson';
 import { Query } from '../../../../../src/plugins/data/common';
 import { DRAW_TYPE, ES_GEO_FIELD_TYPE, ES_SPATIAL_RELATIONS } from '../constants';
 
@@ -41,10 +43,20 @@ export type Goto = {
   center?: MapCenterAndZoom;
 };
 
+export const GEOMETRY_FILTER_ACTION = 'GEOMETRY_FILTER_ACTION';
+
+export type TooltipFeatureAction = {
+  label: string;
+  id: typeof GEOMETRY_FILTER_ACTION;
+  form: ReactNode;
+};
+
 export type TooltipFeature = {
   id?: number | string;
   layerId: string;
+  geometry?: Geometry;
   mbProperties: GeoJsonProperties;
+  actions: TooltipFeatureAction[];
 };
 
 export type TooltipState = {
diff --git a/x-pack/plugins/maps/public/actions/tooltip_actions.ts b/x-pack/plugins/maps/public/actions/tooltip_actions.ts
index 365a906739991..c1b5f8190a73a 100644
--- a/x-pack/plugins/maps/public/actions/tooltip_actions.ts
+++ b/x-pack/plugins/maps/public/actions/tooltip_actions.ts
@@ -6,7 +6,6 @@
  */
 
 import _ from 'lodash';
-import uuid from 'uuid/v4';
 import { Dispatch } from 'redux';
 import { Feature } from 'geojson';
 import { getOpenTooltips } from '../selectors/map_selectors';
@@ -36,11 +35,7 @@ export function openOnClickTooltip(tooltipState: TooltipState) {
       );
     });
 
-    openTooltips.push({
-      ...tooltipState,
-      isLocked: true,
-      id: uuid(),
-    });
+    openTooltips.push(tooltipState);
 
     dispatch({
       type: SET_OPEN_TOOLTIPS,
@@ -63,13 +58,7 @@ export function closeOnHoverTooltip() {
 export function openOnHoverTooltip(tooltipState: TooltipState) {
   return {
     type: SET_OPEN_TOOLTIPS,
-    openTooltips: [
-      {
-        ...tooltipState,
-        isLocked: false,
-        id: uuid(),
-      },
-    ],
+    openTooltips: [tooltipState],
   };
 }
 
diff --git a/x-pack/plugins/maps/public/classes/layers/layer.tsx b/x-pack/plugins/maps/public/classes/layers/layer.tsx
index dee1a26efef42..4167ed4775219 100644
--- a/x-pack/plugins/maps/public/classes/layers/layer.tsx
+++ b/x-pack/plugins/maps/public/classes/layers/layer.tsx
@@ -77,7 +77,6 @@ export interface ILayer {
   getMbLayerIds(): string[];
   ownsMbLayerId(mbLayerId: string): boolean;
   ownsMbSourceId(mbSourceId: string): boolean;
-  canShowTooltip(): boolean;
   syncLayerWithMB(mbMap: MbMap): void;
   getLayerTypeIconName(): string;
   isInitialDataLoadComplete(): boolean;
@@ -452,10 +451,6 @@ export class AbstractLayer implements ILayer {
     throw new Error('Should implement AbstractLayer#ownsMbSourceId');
   }
 
-  canShowTooltip() {
-    return false;
-  }
-
   syncLayerWithMB(mbMap: MbMap) {
     throw new Error('Should implement AbstractLayer#syncLayerWithMB');
   }
diff --git a/x-pack/plugins/maps/public/classes/layers/vector_layer/vector_layer.tsx b/x-pack/plugins/maps/public/classes/layers/vector_layer/vector_layer.tsx
index 104d0b56578d1..db781344eb6f8 100644
--- a/x-pack/plugins/maps/public/classes/layers/vector_layer/vector_layer.tsx
+++ b/x-pack/plugins/maps/public/classes/layers/vector_layer/vector_layer.tsx
@@ -88,6 +88,7 @@ export interface IVectorLayer extends ILayer {
   getFeatureById(id: string | number): Feature | null;
   getPropertiesForTooltip(properties: GeoJsonProperties): Promise<ITooltipProperty[]>;
   hasJoins(): boolean;
+  canShowTooltip(): boolean;
 }
 
 export class VectorLayer extends AbstractLayer implements IVectorLayer {
@@ -1033,10 +1034,7 @@ export class VectorLayer extends AbstractLayer implements IVectorLayer {
   }
 
   canShowTooltip() {
-    return (
-      this.isVisible() &&
-      (this.getSource().canFormatFeatureProperties() || this.getJoins().length > 0)
-    );
+    return this.getSource().hasTooltipProperties() || this.getJoins().length > 0;
   }
 
   getFeatureById(id: string | number) {
diff --git a/x-pack/plugins/maps/public/classes/sources/ems_file_source/ems_file_source.tsx b/x-pack/plugins/maps/public/classes/sources/ems_file_source/ems_file_source.tsx
index a61ae85c89ac6..209dc43f504d1 100644
--- a/x-pack/plugins/maps/public/classes/sources/ems_file_source/ems_file_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/ems_file_source/ems_file_source.tsx
@@ -196,7 +196,7 @@ export class EMSFileSource extends AbstractVectorSource implements IEmsFileSourc
     return fields.map((f) => this.createField({ fieldName: f.name }));
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return this._tooltipFields.length > 0;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/es_geo_grid_source/es_geo_grid_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_geo_grid_source/es_geo_grid_source.tsx
index 7bca22df9b870..69ec0740948fc 100644
--- a/x-pack/plugins/maps/public/classes/sources/es_geo_grid_source/es_geo_grid_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/es_geo_grid_source/es_geo_grid_source.tsx
@@ -471,7 +471,7 @@ export class ESGeoGridSource extends AbstractESAggSource implements ITiledSingle
     }
   }
 
-  canFormatFeatureProperties(): boolean {
+  hasTooltipProperties(): boolean {
     return true;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/es_geo_line_source/es_geo_line_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_geo_line_source/es_geo_line_source.tsx
index 9a1f23e055af1..460c1228e50a8 100644
--- a/x-pack/plugins/maps/public/classes/sources/es_geo_line_source/es_geo_line_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/es_geo_line_source/es_geo_line_source.tsx
@@ -359,7 +359,7 @@ export class ESGeoLineSource extends AbstractESAggSource {
     return true;
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return true;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js b/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js
index 781cc7f8c36b0..7ed24b4805997 100644
--- a/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js
+++ b/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js
@@ -226,7 +226,7 @@ export class ESPewPewSource extends AbstractESAggSource {
     return turfBboxToBounds(turfBbox(multiPoint(corners)));
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return true;
   }
 }
diff --git a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
index 3de98fd545827..8a6e97bf2a1af 100644
--- a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx
@@ -464,7 +464,7 @@ export class ESSearchSource extends AbstractESSource implements ITiledSingleLaye
     };
   }
 
-  canFormatFeatureProperties(): boolean {
+  hasTooltipProperties(): boolean {
     return this._tooltipFields.length > 0;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/geojson_file_source/geojson_file_source.ts b/x-pack/plugins/maps/public/classes/sources/geojson_file_source/geojson_file_source.ts
index 363e19fdb1587..592c2f852f0e7 100644
--- a/x-pack/plugins/maps/public/classes/sources/geojson_file_source/geojson_file_source.ts
+++ b/x-pack/plugins/maps/public/classes/sources/geojson_file_source/geojson_file_source.ts
@@ -121,7 +121,7 @@ export class GeoJsonFileSource extends AbstractVectorSource {
     return (this._descriptor as GeojsonFileSourceDescriptor).name;
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return true;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/kibana_regionmap_source/kibana_regionmap_source.ts b/x-pack/plugins/maps/public/classes/sources/kibana_regionmap_source/kibana_regionmap_source.ts
index 12e4b00c3c7b9..b0241876e5728 100644
--- a/x-pack/plugins/maps/public/classes/sources/kibana_regionmap_source/kibana_regionmap_source.ts
+++ b/x-pack/plugins/maps/public/classes/sources/kibana_regionmap_source/kibana_regionmap_source.ts
@@ -104,7 +104,7 @@ export class KibanaRegionmapSource extends AbstractVectorSource {
     return this._descriptor.name;
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return true;
   }
 }
diff --git a/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.test.tsx b/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.test.tsx
index b65536c2307d8..b265c4883323e 100644
--- a/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.test.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.test.tsx
@@ -30,10 +30,10 @@ describe('getUrlTemplateWithMeta', () => {
   });
 });
 
-describe('canFormatFeatureProperties', () => {
+describe('hasTooltipProperties', () => {
   it('false if no tooltips', async () => {
     const source = new MVTSingleLayerVectorSource(descriptor);
-    expect(source.canFormatFeatureProperties()).toEqual(false);
+    expect(source.hasTooltipProperties()).toEqual(false);
   });
   it('true if tooltip', async () => {
     const descriptorWithTooltips = {
@@ -42,7 +42,7 @@ describe('canFormatFeatureProperties', () => {
       tooltipProperties: ['foobar'],
     };
     const source = new MVTSingleLayerVectorSource(descriptorWithTooltips);
-    expect(source.canFormatFeatureProperties()).toEqual(true);
+    expect(source.hasTooltipProperties()).toEqual(true);
   });
 });
 
diff --git a/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.tsx b/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.tsx
index 92b643643ba2a..692e1fd18efaf 100644
--- a/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/mvt_single_layer_vector_source/mvt_single_layer_vector_source.tsx
@@ -169,7 +169,7 @@ export class MVTSingleLayerVectorSource
     return [VECTOR_SHAPE_TYPE.POINT, VECTOR_SHAPE_TYPE.LINE, VECTOR_SHAPE_TYPE.POLYGON];
   }
 
-  canFormatFeatureProperties(): boolean {
+  hasTooltipProperties(): boolean {
     return !!this._tooltipFields.length;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/table_source/table_source.ts b/x-pack/plugins/maps/public/classes/sources/table_source/table_source.ts
index d4c7a7474c57c..372fb4983d7cc 100644
--- a/x-pack/plugins/maps/public/classes/sources/table_source/table_source.ts
+++ b/x-pack/plugins/maps/public/classes/sources/table_source/table_source.ts
@@ -143,7 +143,7 @@ export class TableSource extends AbstractVectorSource implements ITermJoinSource
     });
   }
 
-  canFormatFeatureProperties(): boolean {
+  hasTooltipProperties(): boolean {
     return false;
   }
 
diff --git a/x-pack/plugins/maps/public/classes/sources/vector_source/vector_source.tsx b/x-pack/plugins/maps/public/classes/sources/vector_source/vector_source.tsx
index b28cd7365d69e..da5a236a20936 100644
--- a/x-pack/plugins/maps/public/classes/sources/vector_source/vector_source.tsx
+++ b/x-pack/plugins/maps/public/classes/sources/vector_source/vector_source.tsx
@@ -60,7 +60,7 @@ export interface IVectorSource extends ISource {
   getSyncMeta(): VectorSourceSyncMeta | null;
   getFieldNames(): string[];
   createField({ fieldName }: { fieldName: string }): IField;
-  canFormatFeatureProperties(): boolean;
+  hasTooltipProperties(): boolean;
   getSupportedShapeTypes(): Promise<VECTOR_SHAPE_TYPE[]>;
   isBoundsAware(): boolean;
   getSourceTooltipContent(sourceDataRequest?: DataRequest): SourceTooltipConfig;
@@ -115,7 +115,7 @@ export class AbstractVectorSource extends AbstractSource implements IVectorSourc
     throw new Error('Should implement VectorSource#getGeoJson');
   }
 
-  canFormatFeatureProperties() {
+  hasTooltipProperties() {
     return false;
   }
 
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/features_tooltip.tsx b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/features_tooltip.tsx
index 41a2b98ab4b28..f85b1c5de3619 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/features_tooltip.tsx
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/features_tooltip.tsx
@@ -8,26 +8,21 @@
 import React, { Component, Fragment, ReactNode } from 'react';
 import { EuiIcon, EuiLink } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
-import { FormattedMessage } from '@kbn/i18n/react';
 import { ActionExecutionContext, Action } from 'src/plugins/ui_actions/public';
 import { GeoJsonProperties, Geometry } from 'geojson';
 import { Filter } from 'src/plugins/data/public';
 import { FeatureProperties } from './feature_properties';
-import { GEO_JSON_TYPE, ES_GEO_FIELD_TYPE, RawValue } from '../../../../common/constants';
-import { FeatureGeometryFilterForm } from './feature_geometry_filter_form';
+import { RawValue } from '../../../../common/constants';
 import { Footer } from './footer';
 import { Header } from './header';
-import { PreIndexedShape } from '../../../../common/elasticsearch_util';
-import { GeoFieldWithIndex } from '../../../components/geo_field_with_index';
-import { TooltipFeature } from '../../../../common/descriptor_types';
+import { GEOMETRY_FILTER_ACTION, TooltipFeature } from '../../../../common/descriptor_types';
 import { ITooltipProperty } from '../../../classes/tooltips/tooltip_property';
 import { ILayer } from '../../../classes/layers/layer';
 
-enum VIEWS {
-  PROPERTIES_VIEW = 'PROPERTIES_VIEW',
-  GEOMETRY_FILTER_VIEW = 'GEOMETRY_FILTER_VIEW',
-  FILTER_ACTIONS_VIEW = 'FILTER_ACTIONS_VIEW',
-}
+const PROPERTIES_VIEW = 'PROPERTIES_VIEW';
+const FILTER_ACTIONS_VIEW = 'FILTER_ACTIONS_VIEW';
+
+type VIEWS = typeof PROPERTIES_VIEW | typeof FILTER_ACTIONS_VIEW | typeof GEOMETRY_FILTER_ACTION;
 
 interface Props {
   addFilters: ((filters: Filter[], actionId: string) => Promise<void>) | null;
@@ -55,14 +50,6 @@ interface Props {
   }) => Geometry | null;
   getLayerName: (layerId: string) => Promise<string | null>;
   findLayerById: (layerId: string) => ILayer | undefined;
-  geoFields: GeoFieldWithIndex[];
-  loadPreIndexedShape: ({
-    layerId,
-    featureId,
-  }: {
-    layerId: string;
-    featureId?: string | number;
-  }) => Promise<PreIndexedShape | null>;
 }
 
 interface State {
@@ -77,14 +64,14 @@ export class FeaturesTooltip extends Component<Props, State> {
     currentFeature: null,
     filterView: null,
     prevFeatures: [],
-    view: VIEWS.PROPERTIES_VIEW,
+    view: PROPERTIES_VIEW,
   };
 
   static getDerivedStateFromProps(nextProps: Props, prevState: State) {
     if (nextProps.features !== prevState.prevFeatures) {
       return {
         currentFeature: nextProps.features ? nextProps.features[0] : null,
-        view: VIEWS.PROPERTIES_VIEW,
+        view: PROPERTIES_VIEW,
         prevFeatures: nextProps.features,
       };
     }
@@ -96,69 +83,37 @@ export class FeaturesTooltip extends Component<Props, State> {
     this.setState({ currentFeature: feature });
   };
 
-  _showGeometryFilterView = () => {
-    this.setState({ view: VIEWS.GEOMETRY_FILTER_VIEW });
-  };
-
   _showPropertiesView = () => {
-    this.setState({ view: VIEWS.PROPERTIES_VIEW, filterView: null });
+    this.setState({ view: PROPERTIES_VIEW, filterView: null });
   };
 
   _showFilterActionsView = (filterView: ReactNode) => {
-    this.setState({ view: VIEWS.FILTER_ACTIONS_VIEW, filterView });
+    this.setState({ view: FILTER_ACTIONS_VIEW, filterView });
   };
 
-  _renderActions(geoFields: GeoFieldWithIndex[]) {
-    if (!this.props.isLocked || geoFields.length === 0) {
-      return null;
-    }
-
-    return (
-      <EuiLink className="mapFeatureTooltip_actionLinks" onClick={this._showGeometryFilterView}>
-        <FormattedMessage
-          id="xpack.maps.tooltip.showGeometryFilterViewLinkLabel"
-          defaultMessage="Filter by geometry"
-        />
-      </EuiLink>
-    );
-  }
-
-  _filterGeoFields(featureGeometry: Geometry | null) {
-    if (!featureGeometry) {
-      return [];
-    }
-
-    // line geometry can only create filters for geo_shape fields.
+  _renderActions() {
     if (
-      featureGeometry.type === GEO_JSON_TYPE.LINE_STRING ||
-      featureGeometry.type === GEO_JSON_TYPE.MULTI_LINE_STRING
+      !this.props.isLocked ||
+      !this.state.currentFeature ||
+      this.state.currentFeature.actions.length === 0
     ) {
-      return this.props.geoFields.filter(({ geoFieldType }) => {
-        return geoFieldType === ES_GEO_FIELD_TYPE.GEO_SHAPE;
-      });
-    }
-
-    // TODO support geo distance filters for points
-    if (
-      featureGeometry.type === GEO_JSON_TYPE.POINT ||
-      featureGeometry.type === GEO_JSON_TYPE.MULTI_POINT
-    ) {
-      return [];
-    }
-
-    return this.props.geoFields;
-  }
-
-  _loadCurrentFeaturePreIndexedShape = async () => {
-    if (!this.state.currentFeature) {
       return null;
     }
 
-    return this.props.loadPreIndexedShape({
-      layerId: this.state.currentFeature.layerId,
-      featureId: this.state.currentFeature.id,
+    return this.state.currentFeature.actions.map((action) => {
+      return (
+        <EuiLink
+          className="mapFeatureTooltip_actionLinks"
+          onClick={() => {
+            this.setState({ view: action.id });
+          }}
+          key={action.id}
+        >
+          {action.label}
+        </EuiLink>
+      );
     });
-  };
+  }
 
   _renderBackButton(label: string) {
     return (
@@ -181,38 +136,20 @@ export class FeaturesTooltip extends Component<Props, State> {
       return null;
     }
 
-    const currentFeatureGeometry = this.props.loadFeatureGeometry({
-      layerId: this.state.currentFeature.layerId,
-      featureId: this.state.currentFeature.id,
+    const action = this.state.currentFeature.actions.find(({ id }) => {
+      return id === this.state.view;
     });
-    const geoFields = this._filterGeoFields(currentFeatureGeometry);
 
-    if (
-      this.state.view === VIEWS.GEOMETRY_FILTER_VIEW &&
-      currentFeatureGeometry &&
-      this.props.addFilters
-    ) {
+    if (action) {
       return (
         <Fragment>
-          {this._renderBackButton(
-            i18n.translate('xpack.maps.tooltip.showGeometryFilterViewLinkLabel', {
-              defaultMessage: 'Filter by geometry',
-            })
-          )}
-          <FeatureGeometryFilterForm
-            onClose={this.props.closeTooltip}
-            geometry={currentFeatureGeometry}
-            geoFields={geoFields}
-            addFilters={this.props.addFilters}
-            getFilterActions={this.props.getFilterActions}
-            getActionContext={this.props.getActionContext}
-            loadPreIndexedShape={this._loadCurrentFeaturePreIndexedShape}
-          />
+          {this._renderBackButton(action.label)}
+          {action.form}
         </Fragment>
       );
     }
 
-    if (this.state.view === VIEWS.FILTER_ACTIONS_VIEW) {
+    if (this.state.view === FILTER_ACTIONS_VIEW) {
       return (
         <Fragment>
           {this._renderBackButton(
@@ -247,7 +184,7 @@ export class FeaturesTooltip extends Component<Props, State> {
           onSingleValueTrigger={this.props.onSingleValueTrigger}
           showFilterActions={this._showFilterActionsView}
         />
-        {this._renderActions(geoFields)}
+        {this._renderActions()}
         <Footer
           features={this.props.features}
           isLocked={this.props.isLocked}
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/footer.test.tsx b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/footer.test.tsx
index f8e60c7e6cf97..96ecba4fa0243 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/footer.test.tsx
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/footer.test.tsx
@@ -32,6 +32,7 @@ describe('Footer', () => {
         id: 'feature1',
         layerId: 'layer1',
         mbProperties: {},
+        actions: [],
       },
     ];
     describe('mouseover (unlocked)', () => {
@@ -54,11 +55,13 @@ describe('Footer', () => {
         id: 'feature1',
         layerId: 'layer1',
         mbProperties: {},
+        actions: [],
       },
       {
         id: 'feature2',
         layerId: 'layer1',
         mbProperties: {},
+        actions: [],
       },
     ];
     describe('mouseover (unlocked)', () => {
@@ -97,16 +100,19 @@ describe('Footer', () => {
         id: 'feature1',
         layerId: 'layer1',
         mbProperties: {},
+        actions: [],
       },
       {
         id: 'feature2',
         layerId: 'layer1',
         mbProperties: {},
+        actions: [],
       },
       {
         id: 'feature1',
         layerId: 'layer2',
         mbProperties: {},
+        actions: [],
       },
     ];
     describe('mouseover (unlocked)', () => {
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/index.ts b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/index.ts
new file mode 100644
index 0000000000000..a6909dd43d42d
--- /dev/null
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/features_tooltip/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { FeatureGeometryFilterForm } from './feature_geometry_filter_form';
+export { FeaturesTooltip } from './features_tooltip';
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_control.test.js.snap b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_control.test.js.snap
index cffa441d04ff5..030de04987ede 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_control.test.js.snap
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_control.test.js.snap
@@ -15,23 +15,10 @@ exports[`TooltipControl render should render hover tooltip 1`] = `
       },
     ]
   }
-  geoFields={
-    Array [
-      Object {},
-    ]
-  }
+  findLayerById={[Function]}
   index={0}
   isLocked={false}
   key="1"
-  layerList={
-    Array [
-      Object {
-        "canShowTooltip": [Function],
-        "getId": [Function],
-        "getMbLayerIds": [Function],
-      },
-    ]
-  }
   location={
     Array [
       -120,
@@ -62,23 +49,10 @@ exports[`TooltipControl render should render locked tooltip 1`] = `
       },
     ]
   }
-  geoFields={
-    Array [
-      Object {},
-    ]
-  }
+  findLayerById={[Function]}
   index={0}
   isLocked={true}
   key="2"
-  layerList={
-    Array [
-      Object {
-        "canShowTooltip": [Function],
-        "getId": [Function],
-        "getMbLayerIds": [Function],
-      },
-    ]
-  }
   location={
     Array [
       -120,
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_popover.test.js.snap b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_popover.test.js.snap
index a0ed4496c8281..3887d44bb5e72 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_popover.test.js.snap
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/__snapshots__/tooltip_popover.test.js.snap
@@ -48,17 +48,9 @@ exports[`TooltipPopover render should render tooltip popover 1`] = `
           },
         ]
       }
-      findLayerById={[Function]}
-      geoFields={
-        Array [
-          Object {},
-        ]
-      }
       getLayerName={[Function]}
       isLocked={false}
-      loadFeatureGeometry={[Function]}
       loadFeatureProperties={[Function]}
-      loadPreIndexedShape={[Function]}
     />
   </EuiText>
 </EuiPopover>
@@ -106,7 +98,6 @@ exports[`TooltipPopover render should render tooltip popover with custom tooltip
     }
     getLayerName={[Function]}
     isLocked={false}
-    loadFeatureGeometry={[Function]}
     loadFeatureProperties={[Function]}
   >
     Custom tooltip content
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.js b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.js
index 85c4fb2bca794..2c8ac1554903a 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.js
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.js
@@ -7,8 +7,17 @@
 
 import _ from 'lodash';
 import React from 'react';
-import { FEATURE_ID_PROPERTY_NAME, LON_INDEX } from '../../../../common/constants';
+import { i18n } from '@kbn/i18n';
+import uuid from 'uuid/v4';
+import {
+  ES_GEO_FIELD_TYPE,
+  FEATURE_ID_PROPERTY_NAME,
+  GEO_JSON_TYPE,
+  LON_INDEX,
+} from '../../../../common/constants';
+import { GEOMETRY_FILTER_ACTION } from '../../../../common/descriptor_types';
 import { TooltipPopover } from './tooltip_popover';
+import { FeatureGeometryFilterForm } from '../features_tooltip';
 import { EXCLUDE_TOO_MANY_FEATURES_BOX } from '../../../classes/util/mb_filter_expressions';
 
 function justifyAnchorLocation(mbLngLat, targetFeature) {
@@ -48,6 +57,28 @@ export class TooltipControl extends React.Component {
     }
   };
 
+  _findLayerById = (layerId) => {
+    return this.props.layerList.find((layer) => {
+      return layer.getId() === layerId;
+    });
+  };
+
+  // Must load original geometry instead of using geometry from mapbox feature.
+  // Mapbox feature geometry is from vector tile and is not the same as the original geometry.
+  _getFeatureGeometry = ({ layerId, featureId }) => {
+    const tooltipLayer = this._findLayerById(layerId);
+    if (!tooltipLayer || featureId === undefined) {
+      return null;
+    }
+
+    const targetFeature = tooltipLayer.getFeatureById(featureId);
+    if (!targetFeature) {
+      return null;
+    }
+
+    return targetFeature.geometry;
+  };
+
   _getLayerByMbLayerId(mbLayerId) {
     return this.props.layerList.find((layer) => {
       const mbLayerIds = layer.getMbLayerIds();
@@ -55,7 +86,76 @@ export class TooltipControl extends React.Component {
     });
   }
 
-  _getTooltipFeatures(mbFeatures) {
+  _loadPreIndexedShape = async ({ layerId, featureId }) => {
+    const tooltipLayer = this._findLayerById(layerId);
+    if (!tooltipLayer || typeof featureId === 'undefined') {
+      return null;
+    }
+
+    const targetFeature = tooltipLayer.getFeatureById(featureId);
+    if (!targetFeature) {
+      return null;
+    }
+
+    return await tooltipLayer.getSource().getPreIndexedShape(targetFeature.properties);
+  };
+
+  _getFeatureActions({ layerId, featureId, tooltipId }) {
+    const actions = [];
+
+    const geometry = this._getFeatureGeometry({ layerId, featureId });
+    const geoFieldsForFeature = this._filterGeoFieldsByFeatureGeometry(geometry);
+    if (geoFieldsForFeature.length && this.props.addFilters) {
+      actions.push({
+        label: i18n.translate('xpack.maps.tooltip.action.filterByGeometryLabel', {
+          defaultMessage: 'Filter by geometry',
+        }),
+        id: GEOMETRY_FILTER_ACTION,
+        form: (
+          <FeatureGeometryFilterForm
+            onClose={() => {
+              this.props.closeOnClickTooltip(tooltipId);
+            }}
+            geometry={geometry}
+            geoFields={geoFieldsForFeature}
+            addFilters={this.props.addFilters}
+            getFilterActions={this.props.getFilterActions}
+            getActionContext={this.props.getActionContext}
+            loadPreIndexedShape={async () => {
+              return this._loadPreIndexedShape({ layerId, featureId });
+            }}
+          />
+        ),
+      });
+    }
+
+    return actions;
+  }
+
+  _filterGeoFieldsByFeatureGeometry(geometry) {
+    if (!geometry) {
+      return [];
+    }
+
+    // line geometry can only create filters for geo_shape fields.
+    if (
+      geometry.type === GEO_JSON_TYPE.LINE_STRING ||
+      geometry.type === GEO_JSON_TYPE.MULTI_LINE_STRING
+    ) {
+      return this.props.geoFields.filter(({ geoFieldType }) => {
+        return geoFieldType === ES_GEO_FIELD_TYPE.GEO_SHAPE;
+      });
+    }
+
+    // TODO support geo distance filters for points
+    if (geometry.type === GEO_JSON_TYPE.POINT || geometry.type === GEO_JSON_TYPE.MULTI_POINT) {
+      return [];
+    }
+
+    return this.props.geoFields;
+  }
+
+  _getTooltipFeatures(mbFeatures, isLocked, tooltipId) {
     const uniqueFeatures = [];
     //there may be duplicates in the results from mapbox
     //this is because mapbox returns the results per tile
@@ -81,12 +181,18 @@ export class TooltipControl extends React.Component {
         // - As empty object literal
         // To avoid ambiguity, normalize properties to empty object literal.
         const mbProperties = mbFeature.properties ? mbFeature.properties : {};
-        //This keeps track of first properties (assuming these will be identical for features in different tiles)
-        uniqueFeatures.push({
-          id: featureId,
-          layerId: layerId,
-          mbProperties,
-        });
+        const actions = isLocked ? this._getFeatureActions({ layerId, featureId, tooltipId }) : [];
+
+        const hasActions = isLocked && actions.length;
+        if (hasActions || layer.canShowTooltip()) {
+          //This keeps track of first feature (assuming these will be identical for features in different tiles)
+          uniqueFeatures.push({
+            id: featureId,
+            layerId: layerId,
+            mbProperties,
+            actions,
+          });
+        }
       }
     }
     return uniqueFeatures;
@@ -109,10 +215,17 @@ export class TooltipControl extends React.Component {
     const targetMbFeataure = mbFeatures[0];
     const popupAnchorLocation = justifyAnchorLocation(e.lngLat, targetMbFeataure);
 
-    const features = this._getTooltipFeatures(mbFeatures);
+    const isLocked = true;
+    const tooltipId = uuid();
+    const features = this._getTooltipFeatures(mbFeatures, isLocked, tooltipId);
+    if (features.length === 0) {
+      return;
+    }
     this.props.openOnClickTooltip({
       features,
       location: popupAnchorLocation,
+      isLocked,
+      id: tooltipId,
     });
   };
 
@@ -129,25 +242,36 @@ export class TooltipControl extends React.Component {
     }
 
     const targetMbFeature = mbFeatures[0];
-    if (this.props.openTooltips[0]) {
+    if (this.props.openTooltips[0] && this.props.openTooltips[0].features.length) {
       const firstFeature = this.props.openTooltips[0].features[0];
       if (targetMbFeature.properties[FEATURE_ID_PROPERTY_NAME] === firstFeature.id) {
         // ignore hover events when hover tooltip is all ready opened for feature
         return;
       }
     }
-
     const popupAnchorLocation = justifyAnchorLocation(e.lngLat, targetMbFeature);
-    const features = this._getTooltipFeatures(mbFeatures);
+
+    const isLocked = false;
+    const tooltipId = uuid();
+    const features = this._getTooltipFeatures(mbFeatures, isLocked, tooltipId);
+    if (features.length === 0) {
+      return;
+    }
     this.props.openOnHoverTooltip({
       features: features,
       location: popupAnchorLocation,
+      isLocked,
+      id: tooltipId,
     });
   }, 100);
 
   _getMbLayerIdsForTooltips() {
     const mbLayerIds = this.props.layerList.reduce((mbLayerIds, layer) => {
-      return layer.canShowTooltip() ? mbLayerIds.concat(layer.getMbLayerIds()) : mbLayerIds;
+      // tooltips are only supported for vector layers, filter out all other layer types
+      const isVectorLayer = layer.canShowTooltip !== undefined;
+      return layer.isVisible() && isVectorLayer
+        ? mbLayerIds.concat(layer.getMbLayerIds())
+        : mbLayerIds;
     }, []);
 
     //Ensure that all layers are actually on the map.
@@ -198,13 +322,12 @@ export class TooltipControl extends React.Component {
         <TooltipPopover
           key={id}
           mbMap={this.props.mbMap}
-          layerList={this.props.layerList}
+          findLayerById={this._findLayerById}
           addFilters={this.props.addFilters}
           getFilterActions={this.props.getFilterActions}
           getActionContext={this.props.getActionContext}
           onSingleValueTrigger={this.props.onSingleValueTrigger}
           renderTooltipContent={this.props.renderTooltipContent}
-          geoFields={this.props.geoFields}
           features={features}
           location={location}
           closeTooltip={closeTooltip}
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.test.js b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.test.js
index 5d7b078ed9674..e33d83e2837fe 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.test.js
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_control.test.js
@@ -28,9 +28,28 @@ const mockLayer = {
   getId: () => {
     return layerId;
   },
+  isVisible: () => {
+    return true;
+  },
   canShowTooltip: () => {
     return true;
   },
+  getFeatureById: () => {
+    return {
+      geometry: {
+        coordinates: [
+          [
+            [-67.5, 40.9799],
+            [-90, 40.9799],
+            [-90, 21.94305],
+            [-67.5, 21.94305],
+            [-67.5, 40.9799],
+          ],
+        ],
+        type: 'Polygon',
+      },
+    };
+  },
 };
 
 const mockMbMapHandlers = {};
@@ -236,10 +255,9 @@ describe('TooltipControl', () => {
       mockMbMapHandlers.click(mockMapMouseEvent);
 
       sinon.assert.notCalled(closeOnClickTooltipStub);
-      sinon.assert.calledWith(openOnClickTooltipStub, {
-        features: [{ id: 1, layerId: 'tfi3f', mbProperties: { __kbn__feature_id__: 1 } }],
-        location: [100, 30],
-      });
+      const tooltipState = openOnClickTooltipStub.getCalls()[0].args[0];
+      expect(tooltipState.features.length).toBe(1);
+      expect(tooltipState.location).toEqual([100, 30]);
     });
   });
 });
diff --git a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_popover.js b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_popover.js
index 3a600eead4079..58084a498d7fb 100644
--- a/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_popover.js
+++ b/x-pack/plugins/maps/public/connected_components/mb_map/tooltip_control/tooltip_popover.js
@@ -7,7 +7,7 @@
 
 import React, { Component } from 'react';
 import { LAT_INDEX, LON_INDEX } from '../../../../common/constants';
-import { FeaturesTooltip } from '../features_tooltip/features_tooltip';
+import { FeaturesTooltip } from '../features_tooltip';
 import { EuiPopover, EuiText } from '@elastic/eui';
 
 const noop = () => {};
@@ -55,24 +55,8 @@ export class TooltipPopover extends Component {
     });
   };
 
-  // Must load original geometry instead of using geometry from mapbox feature.
-  // Mapbox feature geometry is from vector tile and is not the same as the original geometry.
-  _loadFeatureGeometry = ({ layerId, featureId }) => {
-    const tooltipLayer = this._findLayerById(layerId);
-    if (!tooltipLayer || typeof featureId === 'undefined') {
-      return null;
-    }
-
-    const targetFeature = tooltipLayer.getFeatureById(featureId);
-    if (!targetFeature) {
-      return null;
-    }
-
-    return targetFeature.geometry;
-  };
-
   _loadFeatureProperties = async ({ layerId, featureId, mbProperties }) => {
-    const tooltipLayer = this._findLayerById(layerId);
+    const tooltipLayer = this.props.findLayerById(layerId);
     if (!tooltipLayer) {
       return [];
     }
@@ -86,28 +70,8 @@ export class TooltipPopover extends Component {
     return await tooltipLayer.getPropertiesForTooltip(properties);
   };
 
-  _loadPreIndexedShape = async ({ layerId, featureId }) => {
-    const tooltipLayer = this._findLayerById(layerId);
-    if (!tooltipLayer || typeof featureId === 'undefined') {
-      return null;
-    }
-
-    const targetFeature = tooltipLayer.getFeatureById(featureId);
-    if (!targetFeature) {
-      return null;
-    }
-
-    return await tooltipLayer.getSource().getPreIndexedShape(targetFeature.properties);
-  };
-
-  _findLayerById = (layerId) => {
-    return this.props.layerList.find((layer) => {
-      return layer.getId() === layerId;
-    });
-  };
-
   _getLayerName = async (layerId) => {
-    const layer = this._findLayerById(layerId);
+    const layer = this.props.findLayerById(layerId);
     if (!layer) {
       return null;
     }
@@ -125,7 +89,6 @@ export class TooltipPopover extends Component {
       features: this.props.features,
       isLocked: this.props.isLocked,
       loadFeatureProperties: this._loadFeatureProperties,
-      loadFeatureGeometry: this._loadFeatureGeometry,
       getLayerName: this._getLayerName,
     };
 
@@ -135,12 +98,7 @@ export class TooltipPopover extends Component {
 
     return (
       <EuiText size="xs" style={{ maxWidth: '425px' }}>
-        <FeaturesTooltip
-          {...publicProps}
-          findLayerById={this._findLayerById}
-          geoFields={this.props.geoFields}
-          loadPreIndexedShape={this._loadPreIndexedShape}
-        />
+        <FeaturesTooltip {...publicProps} findLayerById={this.props.findLayerById} />
       </EuiText>
     );
   };
diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/map_tool_tip/map_tool_tip.test.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/map_tool_tip/map_tool_tip.test.tsx
index 968361aea6780..bc869dead4556 100644
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/map_tool_tip/map_tool_tip.test.tsx
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/map_tool_tip/map_tool_tip.test.tsx
@@ -25,6 +25,7 @@ describe('MapToolTip', () => {
         id: 1,
         layerId: 'layerId',
         mbProperties: {},
+        actions: [],
       },
     ];
     const getLayerName = jest.fn();
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 75f5c8c901807..a2eb51e929fd4 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -14088,7 +14088,6 @@
     "xpack.maps.tooltip.loadingMsg": "読み込み中",
     "xpack.maps.tooltip.pageNumerText": "{total} 個中 {pageNumber} 個の機能",
     "xpack.maps.tooltip.showAddFilterActionsViewLabel": "フィルターアクション",
-    "xpack.maps.tooltip.showGeometryFilterViewLinkLabel": "ジオメトリでフィルタリング",
     "xpack.maps.tooltip.toolsControl.cancelDrawButtonLabel": "キャンセル",
     "xpack.maps.tooltip.unableToLoadContentTitle": "ツールヒントのコンテンツを読み込めません",
     "xpack.maps.tooltip.viewActionsTitle": "フィルターアクションを表示",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 2b562f4cd4410..b07661eaf5e26 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -14269,7 +14269,6 @@
     "xpack.maps.tooltip.loadingMsg": "正在加载",
     "xpack.maps.tooltip.pageNumerText": "第 {pageNumber} 页,共 {total} 页",
     "xpack.maps.tooltip.showAddFilterActionsViewLabel": "筛选操作",
-    "xpack.maps.tooltip.showGeometryFilterViewLinkLabel": "按几何筛选",
     "xpack.maps.tooltip.toolsControl.cancelDrawButtonLabel": "取消",
     "xpack.maps.tooltip.unableToLoadContentTitle": "无法加载工具提示内容",
     "xpack.maps.tooltip.viewActionsTitle": "查看筛选操作",

From 45c6ca42d0644a942e5761c86877744a8146a7d1 Mon Sep 17 00:00:00 2001
From: Justin Ibarra <brokensound77@users.noreply.github.com>
Date: Mon, 10 May 2021 15:48:57 -0800
Subject: [PATCH 10/11] [Detection Rules] Add 7.13 rules (#99725)

---
 .../application_added_to_google_workspace_domain.json         | 4 ++--
 .../attempt_to_deactivate_okta_network_zone.json              | 4 ++--
 .../attempt_to_delete_okta_network_zone.json                  | 4 ++--
 .../collection_cloudtrail_logging_created.json                | 2 +-
 .../collection_gcp_pub_sub_subscription_creation.json         | 4 ++--
 .../collection_gcp_pub_sub_topic_creation.json                | 4 ++--
 .../collection_microsoft_365_new_inbox_rule.json              | 2 +-
 .../collection_update_event_hub_auth_rule.json                | 4 ++--
 .../command_and_control_cobalt_strike_beacon.json             | 4 ++--
 ...and_and_control_cobalt_strike_default_teamserver_cert.json | 4 ++--
 ...and_and_control_download_rar_powershell_from_internet.json | 4 ++--
 .../command_and_control_fin7_c2_behavior.json                 | 4 ++--
 .../command_and_control_halfbaked_beacon.json                 | 4 ++--
 .../command_and_control_remote_file_copy_mpcmdrun.json        | 2 +-
 .../command_and_control_sunburst_c2_activity_detected.json    | 2 +-
 .../credential_access_attempted_bypass_of_okta_mfa.json       | 4 ++--
 ...tial_access_attempts_to_brute_force_okta_user_account.json | 4 ++--
 .../credential_access_aws_iam_assume_role_brute_force.json    | 4 ++--
 .../credential_access_domain_backup_dpapi_private_keys.json   | 2 +-
 .../credential_access_iam_user_addition_to_group.json         | 2 +-
 .../credential_access_key_vault_modified.json                 | 4 ++--
 ...access_microsoft_365_brute_force_user_account_attempt.json | 4 ++--
 ...cess_microsoft_365_potential_password_spraying_attack.json | 4 ++--
 ...edential_access_okta_brute_force_or_password_spraying.json | 4 ++--
 .../credential_access_root_console_failure_brute_force.json   | 4 ++--
 .../credential_access_secretsmanager_getsecretvalue.json      | 4 ++--
 .../credential_access_storage_account_key_regenerated.json    | 4 ++--
 ...nse_evasion_azure_application_credential_modification.json | 4 ++--
 .../defense_evasion_azure_diagnostic_settings_deletion.json   | 4 ++--
 .../defense_evasion_azure_service_principal_addition.json     | 4 ++--
 .../defense_evasion_cloudtrail_logging_deleted.json           | 2 +-
 .../defense_evasion_cloudtrail_logging_suspended.json         | 2 +-
 .../defense_evasion_cloudwatch_alarm_deletion.json            | 2 +-
 .../defense_evasion_config_service_rule_deletion.json         | 2 +-
 .../defense_evasion_configuration_recorder_stopped.json       | 2 +-
 .../defense_evasion_defender_disabled_via_registry.json       | 4 ++--
 .../defense_evasion_ec2_flow_log_deletion.json                | 2 +-
 .../defense_evasion_ec2_network_acl_deletion.json             | 2 +-
 .../prepackaged_rules/defense_evasion_event_hub_deletion.json | 4 ++--
 .../defense_evasion_firewall_policy_deletion.json             | 4 ++--
 .../defense_evasion_gcp_firewall_rule_created.json            | 4 ++--
 .../defense_evasion_gcp_firewall_rule_deleted.json            | 4 ++--
 .../defense_evasion_gcp_firewall_rule_modified.json           | 4 ++--
 .../defense_evasion_gcp_logging_bucket_deletion.json          | 4 ++--
 .../defense_evasion_gcp_logging_sink_deletion.json            | 4 ++--
 .../defense_evasion_gcp_pub_sub_subscription_deletion.json    | 4 ++--
 .../defense_evasion_gcp_pub_sub_topic_deletion.json           | 4 ++--
 ...nse_evasion_gcp_storage_bucket_configuration_modified.json | 2 +-
 ...fense_evasion_gcp_storage_bucket_permissions_modified.json | 2 +-
 .../defense_evasion_guardduty_detector_deletion.json          | 2 +-
 ...nse_evasion_microsoft_365_exchange_dlp_policy_removed.json | 4 ++--
 ...microsoft_365_exchange_malware_filter_policy_deletion.json | 4 ++--
 ...vasion_microsoft_365_exchange_malware_filter_rule_mod.json | 4 ++--
 ...sion_microsoft_365_exchange_safe_attach_rule_disabled.json | 4 ++--
 .../defense_evasion_network_watcher_deletion.json             | 4 ++--
 .../defense_evasion_s3_bucket_configuration_deletion.json     | 2 +-
 .../defense_evasion_sdelete_like_filename_rename.json         | 4 ++--
 ...uspicious_okta_user_password_reset_or_unlock_attempts.json | 4 ++--
 .../prepackaged_rules/defense_evasion_waf_acl_deletion.json   | 2 +-
 .../defense_evasion_waf_rule_or_rule_group_deletion.json      | 4 ++--
 .../prepackaged_rules/discovery_adfind_command_activity.json  | 4 ++--
 .../discovery_blob_container_access_mod.json                  | 4 ++--
 .../domain_added_to_google_workspace_trusted_domains.json     | 4 ++--
 .../prepackaged_rules/execution_command_virtual_machine.json  | 4 ++--
 .../execution_from_unusual_path_cmdline.json                  | 2 +-
 .../execution_shared_modules_local_sxs_dll.json               | 4 ++--
 .../exfiltration_ec2_snapshot_change_activity.json            | 4 ++--
 .../exfiltration_gcp_logging_sink_modification.json           | 4 ++--
 ...ration_microsoft_365_exchange_transport_rule_creation.json | 4 ++--
 ...xfiltration_microsoft_365_exchange_transport_rule_mod.json | 4 ++--
 .../google_workspace_admin_role_deletion.json                 | 4 ++--
 .../google_workspace_mfa_enforcement_disabled.json            | 4 ++--
 .../prepackaged_rules/google_workspace_policy_modified.json   | 4 ++--
 .../impact_attempt_to_revoke_okta_api_token.json              | 4 ++--
 .../impact_azure_automation_runbook_deleted.json              | 4 ++--
 .../prepackaged_rules/impact_cloudtrail_logging_updated.json  | 2 +-
 .../impact_cloudwatch_log_group_deletion.json                 | 2 +-
 .../impact_cloudwatch_log_stream_deletion.json                | 2 +-
 .../prepackaged_rules/impact_ec2_disable_ebs_encryption.json  | 2 +-
 .../rules/prepackaged_rules/impact_gcp_iam_role_deletion.json | 4 ++--
 .../prepackaged_rules/impact_gcp_service_account_deleted.json | 4 ++--
 .../impact_gcp_service_account_disabled.json                  | 4 ++--
 .../prepackaged_rules/impact_gcp_storage_bucket_deleted.json  | 2 +-
 .../impact_gcp_virtual_private_cloud_network_deleted.json     | 4 ++--
 .../impact_gcp_virtual_private_cloud_route_created.json       | 2 +-
 .../impact_gcp_virtual_private_cloud_route_deleted.json       | 4 ++--
 .../rules/prepackaged_rules/impact_hosts_file_modified.json   | 2 +-
 .../prepackaged_rules/impact_iam_deactivate_mfa_device.json   | 2 +-
 .../rules/prepackaged_rules/impact_iam_group_deletion.json    | 2 +-
 .../prepackaged_rules/impact_possible_okta_dos_attack.json    | 4 ++--
 .../rules/prepackaged_rules/impact_rds_cluster_deletion.json  | 2 +-
 .../impact_rds_instance_cluster_stoppage.json                 | 2 +-
 .../prepackaged_rules/impact_resource_group_deletion.json     | 4 ++--
 ...nitial_access_azure_active_directory_high_risk_signin.json | 4 ++--
 ...itial_access_azure_active_directory_powershell_signin.json | 4 ++--
 ...consent_grant_attack_via_azure_registered_application.json | 4 ++--
 .../prepackaged_rules/initial_access_console_login_root.json  | 2 +-
 .../initial_access_external_guest_user_invite.json            | 4 ++--
 .../initial_access_gcp_iam_custom_role_creation.json          | 4 ++--
 ...ess_microsoft_365_exchange_anti_phish_policy_deletion.json | 4 ++--
 ...ial_access_microsoft_365_exchange_anti_phish_rule_mod.json | 4 ++--
 ...tial_access_microsoft_365_exchange_safelinks_disabled.json | 4 ++--
 .../prepackaged_rules/initial_access_password_recovery.json   | 2 +-
 ...tial_access_suspicious_activity_reported_by_okta_user.json | 4 ++--
 .../initial_access_suspicious_ms_exchange_files.json          | 2 +-
 .../initial_access_unsecure_elasticsearch_node.json           | 4 ++--
 .../initial_access_unusual_dns_service_children.json          | 2 +-
 .../initial_access_unusual_dns_service_file_writes.json       | 2 +-
 .../prepackaged_rules/initial_access_via_system_manager.json  | 4 ++--
 .../initial_access_zoom_meeting_with_no_passcode.json         | 4 ++--
 .../lateral_movement_dns_server_overflow.json                 | 4 ++--
 .../lateral_movement_scheduled_task_target.json               | 4 ++--
 .../mfa_disabled_for_google_workspace_organization.json       | 4 ++--
 .../microsoft_365_exchange_dkim_signing_config_disabled.json  | 4 ++--
 .../microsoft_365_teams_custom_app_interaction_allowed.json   | 4 ++--
 .../prepackaged_rules/ml_cloudtrail_error_message_spike.json  | 4 ++--
 .../prepackaged_rules/ml_cloudtrail_rare_error_code.json      | 2 +-
 .../prepackaged_rules/ml_cloudtrail_rare_method_by_city.json  | 2 +-
 .../ml_cloudtrail_rare_method_by_country.json                 | 2 +-
 .../prepackaged_rules/ml_cloudtrail_rare_method_by_user.json  | 2 +-
 .../ml_linux_anomalous_network_activity.json                  | 4 ++--
 .../ml_linux_anomalous_process_all_hosts.json                 | 4 ++--
 .../rules/prepackaged_rules/ml_linux_anomalous_user_name.json | 4 ++--
 .../prepackaged_rules/ml_rare_process_by_host_linux.json      | 4 ++--
 .../prepackaged_rules/ml_rare_process_by_host_windows.json    | 4 ++--
 .../ml_windows_anomalous_network_activity.json                | 4 ++--
 .../ml_windows_anomalous_process_all_hosts.json               | 4 ++--
 .../prepackaged_rules/ml_windows_anomalous_user_name.json     | 4 ++--
 .../ml_windows_rare_user_type10_remote_login.json             | 4 ++--
 .../okta_attempt_to_deactivate_okta_application.json          | 4 ++--
 .../okta_attempt_to_deactivate_okta_policy.json               | 4 ++--
 .../okta_attempt_to_deactivate_okta_policy_rule.json          | 4 ++--
 .../okta_attempt_to_delete_okta_application.json              | 4 ++--
 .../prepackaged_rules/okta_attempt_to_delete_okta_policy.json | 4 ++--
 .../okta_attempt_to_delete_okta_policy_rule.json              | 4 ++--
 .../okta_attempt_to_modify_okta_application.json              | 4 ++--
 .../okta_attempt_to_modify_okta_network_zone.json             | 4 ++--
 .../prepackaged_rules/okta_attempt_to_modify_okta_policy.json | 4 ++--
 .../okta_attempt_to_modify_okta_policy_rule.json              | 4 ++--
 ...ttempt_to_modify_or_delete_application_sign_on_policy.json | 4 ++--
 .../okta_threat_detected_by_okta_threatinsight.json           | 4 ++--
 ...tence_administrator_privileges_assigned_to_okta_group.json | 4 ++--
 .../persistence_administrator_role_assigned_to_okta_user.json | 4 ++--
 .../persistence_attempt_to_create_okta_api_token.json         | 4 ++--
 ...tence_attempt_to_deactivate_mfa_for_okta_user_account.json | 4 ++--
 ...ce_attempt_to_reset_mfa_factors_for_okta_user_account.json | 4 ++--
 .../persistence_azure_automation_account_created.json         | 4 ++--
 ...sistence_azure_automation_runbook_created_or_modified.json | 4 ++--
 .../persistence_azure_automation_webhook_created.json         | 2 +-
 .../persistence_azure_conditional_access_policy_modified.json | 4 ++--
 .../persistence_azure_pim_user_added_global_admin.json        | 4 ++--
 ...ce_azure_privileged_identity_management_role_modified.json | 4 ++--
 .../persistence_ec2_network_acl_creation.json                 | 2 +-
 ...stence_evasion_registry_startup_shell_folder_modified.json | 2 +-
 .../persistence_gcp_iam_service_account_key_deletion.json     | 4 ++--
 .../persistence_gcp_key_created_for_service_account.json      | 4 ++--
 .../persistence_gcp_service_account_created.json              | 4 ++--
 ...sistence_google_workspace_admin_role_assigned_to_user.json | 4 ++--
 ...ccess_granted_via_domain_wide_delegation_of_authority.json | 4 ++--
 ...ersistence_google_workspace_custom_admin_role_created.json | 4 ++--
 .../persistence_google_workspace_role_modified.json           | 4 ++--
 .../prepackaged_rules/persistence_iam_group_creation.json     | 2 +-
 .../persistence_local_scheduled_task_scripting.json           | 4 ++--
 .../persistence_loginwindow_plist_modification.json           | 4 ++--
 .../persistence_mfa_disabled_for_azure_user.json              | 4 ++--
 ...nce_microsoft_365_exchange_management_role_assignment.json | 4 ++--
 ...rsistence_microsoft_365_teams_external_access_enabled.json | 4 ++--
 .../persistence_microsoft_365_teams_guest_access_enabled.json | 4 ++--
 .../prepackaged_rules/persistence_rds_cluster_creation.json   | 2 +-
 ...persistence_user_added_as_owner_for_azure_application.json | 4 ++--
 ...tence_user_added_as_owner_for_azure_service_principal.json | 4 ++--
 ...privilege_escalation_printspooler_suspicious_spl_file.json | 2 +-
 .../privilege_escalation_root_login_without_mfa.json          | 4 ++--
 .../privilege_escalation_updateassumerolepolicy.json          | 4 ++--
 .../rules/prepackaged_rules/threat_intel_module_match.json    | 2 +-
 175 files changed, 304 insertions(+), 304 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/application_added_to_google_workspace_domain.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/application_added_to_google_workspace_domain.json
index ef9daff745bc5..b447e59e71435 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/application_added_to_google_workspace_domain.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/application_added_to_google_workspace_domain.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Application Added to Google Workspace Domain",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ADD_APPLICATION",
   "references": [
     "https://support.google.com/a/answer/6328701?hl=en#"
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_deactivate_okta_network_zone.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_deactivate_okta_network_zone.json
index d2d5b53c99c33..fbdf3d58f2b81 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_deactivate_okta_network_zone.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_deactivate_okta_network_zone.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Deactivate an Okta Network Zone",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:zone.deactivate",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/network/network-zones.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_delete_okta_network_zone.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_delete_okta_network_zone.json
index e566ae7ae598b..b0bd850c1d63c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_delete_okta_network_zone.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/attempt_to_delete_okta_network_zone.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Delete an Okta Network Zone",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:zone.delete",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/network/network-zones.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json
index 0287565be0d7c..3e2479369ebb2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudTrail Log Created",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.action:CreateTrail and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_subscription_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_subscription_creation.json
index 6a077053039df..d50013c90b122 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_subscription_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_subscription_creation.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Pub/Sub Subscription Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.pubsub.v*.Subscriber.CreateSubscription and event.outcome:success",
   "references": [
     "https://cloud.google.com/pubsub/docs/overview"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_topic_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_topic_creation.json
index c33fb44b3f6ad..5438b8fb2a8c9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_topic_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_gcp_pub_sub_topic_creation.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Pub/Sub Topic Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.pubsub.v*.Publisher.CreateTopic and event.outcome:success",
   "references": [
     "https://cloud.google.com/pubsub/docs/admin"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_microsoft_365_new_inbox_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_microsoft_365_new_inbox_rule.json
index 778b7ecc30192..5fcfbd797e9d3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_microsoft_365_new_inbox_rule.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_microsoft_365_new_inbox_rule.json
@@ -16,7 +16,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 New Inbox Rule Created",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"New-InboxRule\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_update_event_hub_auth_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_update_event_hub_auth_rule.json
index 52bab1651157d..a9fd96efcb383 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_update_event_hub_auth_rule.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_update_event_hub_auth_rule.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Event Hub Authorization Rule Created or Updated",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/WRITE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/event-hubs/authorize-access-shared-access-signature"
@@ -64,5 +64,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_beacon.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_beacon.json
index e3505365af83e..eba26c7be6e94 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_beacon.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_beacon.json
@@ -12,7 +12,7 @@
   "language": "lucene",
   "license": "Elastic License v2",
   "name": "Cobalt Strike Command and Control Beacon",
-  "note": "This activity has been observed in FIN7 campaigns.",
+  "note": "## Threat intel\n\nThis activity has been observed in FIN7 campaigns.",
   "query": "event.category:(network OR network_traffic) AND type:(tls OR http) AND network.transport:tcp AND destination.domain:/[a-z]{3}.stage.[0-9]{8}\\..*/",
   "references": [
     "https://blog.morphisec.com/fin7-attacks-restaurant-industry",
@@ -58,5 +58,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_default_teamserver_cert.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_default_teamserver_cert.json
index 13203b0534135..6fffa5c4634a0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_default_teamserver_cert.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_cobalt_strike_default_teamserver_cert.json
@@ -10,7 +10,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Default Cobalt Strike Team Server Certificate",
-  "note": "While Cobalt Strike is intended to be used for penetration tests and IR training, it is frequently used by actual threat actors (TA) such as APT19, APT29, APT32, APT41, FIN6, DarkHydrus, CopyKittens, Cobalt Group, Leviathan, and many other unnamed criminal TAs. This rule uses high-confidence atomic indicators, alerts should be investigated rapidly.",
+  "note": "## Threat intel\n\nWhile Cobalt Strike is intended to be used for penetration tests and IR training, it is frequently used by actual threat actors (TA) such as APT19, APT29, APT32, APT41, FIN6, DarkHydrus, CopyKittens, Cobalt Group, Leviathan, and many other unnamed criminal TAs. This rule uses high-confidence atomic indicators, alerts should be investigated rapidly.",
   "query": "event.category:(network or network_traffic) and (tls.server.hash.md5:950098276A495286EB2A2556FBAB6D83 or tls.server.hash.sha1:6ECE5ECE4192683D2D84E25B0BA7E04F9CB7EB7C or tls.server.hash.sha256:87F2085C32B6A2CC709B365F55873E207A9CAA10BFFECF2FD16D3CF9D94D390C)",
   "references": [
     "https://attack.mitre.org/software/S0154/",
@@ -55,5 +55,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_download_rar_powershell_from_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_download_rar_powershell_from_internet.json
index 1d54ab02f3476..7cfba90cf67c8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_download_rar_powershell_from_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_download_rar_powershell_from_internet.json
@@ -12,7 +12,7 @@
   "language": "lucene",
   "license": "Elastic License v2",
   "name": "Roshal Archive (RAR) or PowerShell File Downloaded from the Internet",
-  "note": "This activity has been observed in FIN7 campaigns.",
+  "note": "## Threat intel\n\nThis activity has been observed in FIN7 campaigns.",
   "query": "event.category:(network OR network_traffic) AND network.protocol:http AND url.path:/.*(rar|ps1)/ AND source.ip:(10.0.0.0\\/8 OR 172.16.0.0\\/12 OR 192.168.0.0\\/16)",
   "references": [
     "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html",
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_fin7_c2_behavior.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_fin7_c2_behavior.json
index 300d72fa855fa..305612da0f47e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_fin7_c2_behavior.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_fin7_c2_behavior.json
@@ -12,7 +12,7 @@
   "language": "lucene",
   "license": "Elastic License v2",
   "name": "Possible FIN7 DGA Command and Control Behavior",
-  "note": "In the event this rule identifies benign domains in your environment, the `destination.domain` field in the rule can be modified to include those domains. Example: `...AND NOT destination.domain:(zoom.us OR benign.domain1 OR benign.domain2)`.",
+  "note": "## Triage and analysis\n\nIn the event this rule identifies benign domains in your environment, the `destination.domain` field in the rule can be modified to include those domains. Example: `...AND NOT destination.domain:(zoom.us OR benign.domain1 OR benign.domain2)`.",
   "query": "event.category:(network OR network_traffic) AND type:(tls OR http) AND network.transport:tcp AND destination.domain:/[a-zA-Z]{4,5}\\.(pw|us|club|info|site|top)/ AND NOT destination.domain:zoom.us",
   "references": [
     "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
@@ -57,5 +57,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_halfbaked_beacon.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_halfbaked_beacon.json
index ef46a882cc7b8..ed6fb726896ac 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_halfbaked_beacon.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_halfbaked_beacon.json
@@ -12,7 +12,7 @@
   "language": "lucene",
   "license": "Elastic License v2",
   "name": "Halfbaked Command and Control Beacon",
-  "note": "This activity has been observed in FIN7 campaigns.",
+  "note": "## Threat intel\n\nThis activity has been observed in FIN7 campaigns.",
   "query": "event.category:(network OR network_traffic) AND network.protocol:http AND network.transport:tcp AND url.full:/http:\\/\\/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}\\/cd/ AND destination.port:(53 OR 80 OR 8080 OR 443)",
   "references": [
     "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html",
@@ -58,5 +58,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_remote_file_copy_mpcmdrun.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_remote_file_copy_mpcmdrun.json
index bbda3c0a4f49b..f026df5fd19b9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_remote_file_copy_mpcmdrun.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_remote_file_copy_mpcmdrun.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Remote File Download via MpCmdRun",
-  "note": "### Investigating Remote File Download via MpCmdRun\nVerify details such as the parent process, URL reputation, and downloaded file details. Additionally, `MpCmdRun` logs this information in the Appdata Temp folder in `MpCmdRun.log`.",
+  "note": "## Triage and analysis\n\n### Investigating Remote File Download via MpCmdRun\nVerify details such as the parent process, URL reputation, and downloaded file details. Additionally, `MpCmdRun` logs this information in the Appdata Temp folder in `MpCmdRun.log`.",
   "query": "process where event.type == \"start\" and\n  (process.name : \"MpCmdRun.exe\" or process.pe.original_file_name == \"MpCmdRun.exe\") and\n   process.args : \"-DownloadFile\" and process.args : \"-url\" and process.args : \"-path\"\n",
   "references": [
     "https://twitter.com/mohammadaskar2/status/1301263551638761477",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sunburst_c2_activity_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sunburst_c2_activity_detected.json
index 1aede9216de12..96d87cc39d82d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sunburst_c2_activity_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sunburst_c2_activity_detected.json
@@ -10,7 +10,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "SUNBURST Command and Control Activity",
-  "note": "The SUNBURST malware attempts to hide within the Orion Improvement Program (OIP) network traffic. As this rule detects post-exploitation network traffic, investigations into this should be prioritized.",
+  "note": "## Triage and analysis\n\nThe SUNBURST malware attempts to hide within the Orion Improvement Program (OIP) network traffic. As this rule detects post-exploitation network traffic, investigations into this should be prioritized.",
   "query": "network where event.type == \"protocol\" and network.protocol == \"http\" and\n  process.name : (\"ConfigurationWizard.exe\",\n                  \"NetFlowService.exe\",\n                  \"NetflowDatabaseMaintenance.exe\",\n                  \"SolarWinds.Administration.exe\",\n                  \"SolarWinds.BusinessLayerHost.exe\",\n                  \"SolarWinds.BusinessLayerHostx64.exe\",\n                  \"SolarWinds.Collector.Service.exe\",\n                  \"SolarwindsDiagnostics.exe\") and\n  (http.request.body.content : \"*/swip/Upload.ashx*\" and http.request.body.content : (\"POST*\", \"PUT*\")) or\n  (http.request.body.content : (\"*/swip/SystemDescription*\", \"*/swip/Events*\") and http.request.body.content : (\"GET*\", \"HEAD*\")) and\n  not http.request.body.content : \"*solarwinds.com*\"\n",
   "references": [
     "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json
index d6b6b7d06404c..c3614e0e69e9a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json
@@ -10,7 +10,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempted Bypass of Okta MFA",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.mfa.attempt_bypass",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempts_to_brute_force_okta_user_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempts_to_brute_force_okta_user_account.json
index 02de6e8f2b910..5556f3787fbdd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempts_to_brute_force_okta_user_account.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempts_to_brute_force_okta_user_account.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempts to Brute Force an Okta User Account",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.account.lock",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -52,5 +52,5 @@
     "value": 3
   },
   "type": "threshold",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_aws_iam_assume_role_brute_force.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_aws_iam_assume_role_brute_force.json
index d4fe403f5870a..3ea689aaa3570 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_aws_iam_assume_role_brute_force.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_aws_iam_assume_role_brute_force.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Brute Force of Assume Role Policy",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:UpdateAssumeRolePolicy and aws.cloudtrail.error_code:MalformedPolicyDocumentException and event.outcome:failure",
   "references": [
     "https://www.praetorian.com/blog/aws-iam-assume-role-vulnerabilities",
@@ -50,5 +50,5 @@
     "value": 25
   },
   "type": "threshold",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_domain_backup_dpapi_private_keys.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_domain_backup_dpapi_private_keys.json
index 361b5f9e3e62e..c031fcbf464b1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_domain_backup_dpapi_private_keys.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_domain_backup_dpapi_private_keys.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Creation or Modification of Domain Backup DPAPI private key",
-  "note": "### Domain DPAPI Backup keys are stored on domain controllers and can be dumped remotely with tools such as Mimikatz. The resulting .pvk private key can be used to decrypt ANY domain user masterkeys, which then can be used to decrypt any secrets protected by those keys.",
+  "note": "## Triage and analysis\n\nDomain DPAPI Backup keys are stored on domain controllers and can be dumped remotely with tools such as Mimikatz. The resulting .pvk private key can be used to decrypt ANY domain user masterkeys, which then can be used to decrypt any secrets protected by those keys.",
   "query": "file where event.type != \"deletion\" and file.name : (\"ntds_capi_*.pfx\", \"ntds_capi_*.pvk\")\n",
   "references": [
     "https://www.dsinternals.com/en/retrieving-dpapi-backup-keys-from-active-directory/",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json
index 20674ebe4490e..0d94ac36944a9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM User Addition to Group",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:AddUserToGroup and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_key_vault_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_key_vault_modified.json
index 92675a3202547..27f76a13d657d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_key_vault_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_key_vault_modified.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Key Vault Modified",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.KEYVAULT/VAULTS/WRITE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/key-vault/general/basic-concepts",
@@ -57,5 +57,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_brute_force_user_account_attempt.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_brute_force_user_account_attempt.json
index ba3e7fd590a52..8e9c142929a05 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_brute_force_user_account_attempt.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_brute_force_user_account_attempt.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempts to Brute Force a Microsoft 365 User Account",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:AzureActiveDirectory and event.category:authentication and event.action:UserLoginFailed and event.outcome:failure",
   "risk_score": 73,
   "rule_id": "26f68dba-ce29-497b-8e13-b4fde1db5a2d",
@@ -51,5 +51,5 @@
     "value": 10
   },
   "type": "threshold",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_potential_password_spraying_attack.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_potential_password_spraying_attack.json
index ba80bd5e8e962..14314feebb712 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_potential_password_spraying_attack.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_microsoft_365_potential_password_spraying_attack.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Potential Password Spraying of Microsoft 365 User Accounts",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:AzureActiveDirectory and event.category:authentication and event.action:UserLoginFailed and event.outcome:failure",
   "risk_score": 73,
   "rule_id": "3efee4f0-182a-40a8-a835-102c68a4175d",
@@ -51,5 +51,5 @@
     "value": 25
   },
   "type": "threshold",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_okta_brute_force_or_password_spraying.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_okta_brute_force_or_password_spraying.json
index 754d0f5ceb8c3..16c2816e30690 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_okta_brute_force_or_password_spraying.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_okta_brute_force_or_password_spraying.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Okta Brute Force or Password Spraying Attack",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.category:authentication and event.outcome:failure",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -54,5 +54,5 @@
     "value": 25
   },
   "type": "threshold",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_root_console_failure_brute_force.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_root_console_failure_brute_force.json
index 9920684706eb2..fb296d82b992b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_root_console_failure_brute_force.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_root_console_failure_brute_force.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Management Console Brute Force of Root User Identity",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and event.action:ConsoleLogin and aws.cloudtrail.user_identity.type:Root and event.outcome:failure",
   "references": [
     "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html"
@@ -54,5 +54,5 @@
     "value": 10
   },
   "type": "threshold",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json
index d7499f7e6b4b4..8eebcc5c45096 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json
@@ -16,7 +16,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Access Secret in Secrets Manager",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:secretsmanager.amazonaws.com and event.action:GetSecretValue",
   "references": [
     "https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html",
@@ -52,5 +52,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_storage_account_key_regenerated.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_storage_account_key_regenerated.json
index e2eeae45e1d3b..d6f5a05c86e1a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_storage_account_key_regenerated.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_storage_account_key_regenerated.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Storage Account Key Regenerated",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.STORAGE/STORAGEACCOUNTS/REGENERATEKEY/ACTION\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal"
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_application_credential_modification.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_application_credential_modification.json
index 9f51301f86490..d695695e2c23b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_application_credential_modification.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_application_credential_modification.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Application Credential Modification",
-  "note": "The Azure Fleet Integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Update application - Certificates and secrets management\" and event.outcome:(success or Success)",
   "references": [
     "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/"
@@ -56,5 +56,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_diagnostic_settings_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_diagnostic_settings_deletion.json
index e43135223dd12..31eec6ee4d1c2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_diagnostic_settings_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_diagnostic_settings_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Diagnostic Settings Deletion",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.INSIGHTS/DIAGNOSTICSETTINGS/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings"
@@ -56,5 +56,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_service_principal_addition.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_service_principal_addition.json
index 5c9effc2bc203..43557bfeb31ba 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_service_principal_addition.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_azure_service_principal_addition.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Service Principal Addition",
-  "note": "The Azure Fleet Integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Add service principal\" and event.outcome:(success or Success)",
   "references": [
     "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/",
@@ -57,5 +57,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json
index 3ae05408ac81c..8daf17dc8c386 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudTrail Log Deleted",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.action:DeleteTrail and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteTrail.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json
index 75e3e4f542c7d..c140a1f9b9734 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudTrail Log Suspended",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.action:StopLogging and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopLogging.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json
index d05b043923482..b5984d5d624c3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudWatch Alarm Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:monitoring.amazonaws.com and event.action:DeleteAlarms and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudwatch/delete-alarms.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json
index 77d8deff1c191..a512cd8c842ee 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json
@@ -16,7 +16,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Config Service Tampering",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:config.amazonaws.com and event.action:(DeleteConfigRule or DeleteOrganizationConfigRule or DeleteConfigurationAggregator or DeleteConfigurationRecorder or DeleteConformancePack or DeleteOrganizationConformancePack or DeleteDeliveryChannel or DeleteRemediationConfiguration or DeleteRetentionConfiguration)",
   "references": [
     "https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json
index 7de02c3a3875d..abadb416deec8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Configuration Recorder Stopped",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:config.amazonaws.com and event.action:StopConfigurationRecorder and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configservice/stop-configuration-recorder.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_defender_disabled_via_registry.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_defender_disabled_via_registry.json
index b84da1825dfc4..8e1a1bf005f5d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_defender_disabled_via_registry.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_defender_disabled_via_registry.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Windows Defender Disabled via Registry Modification",
-  "note": "Detections should be investigated to identify if the hosts and users are authorized to use this tool. As this rule detects post-exploitation process activity, investigations into this should be prioritized",
+  "note": "## Triage and analysis\n\nDetections should be investigated to identify if the hosts and users are authorized to use this tool. As this rule detects post-exploitation process activity, investigations into this should be prioritized",
   "query": "registry where event.type in (\"creation\", \"change\") and\n  ((registry.path:\"HKLM\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows Defender\\\\DisableAntiSpyware\" and\n     registry.data.strings:\"1\") or\n  (registry.path:\"HKLM\\\\System\\\\ControlSet*\\\\Services\\\\WinDefend\\\\Start\" and\n     registry.data.strings in (\"3\", \"4\")))\n",
   "references": [
     "https://thedfirreport.com/2020/12/13/defender-control/"
@@ -58,5 +58,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "eql",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json
index 9a3eace06d5fb..f88b8b3589d93 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS EC2 Flow Log Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:DeleteFlowLogs and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-flow-logs.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json
index 79222e3ef4cfb..06fc3a3f094a5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS EC2 Network Access Control List Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:(DeleteNetworkAcl or DeleteNetworkAclEntry) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-network-acl.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_event_hub_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_event_hub_deletion.json
index bffeeff6123bf..0ea25e05915c6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_event_hub_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_event_hub_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Event Hub Deletion",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.EVENTHUB/NAMESPACES/EVENTHUBS/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about",
@@ -58,5 +58,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_firewall_policy_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_firewall_policy_deletion.json
index 38a207eadc36c..f8961a832ac1e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_firewall_policy_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_firewall_policy_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Firewall Policy Deletion",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.NETWORK/FIREWALLPOLICIES/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview"
@@ -56,5 +56,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_created.json
index c24c1dfde02f8..7fbe044738386 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_created.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Firewall Rule Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:v*.compute.firewalls.insert",
   "references": [
     "https://cloud.google.com/vpc/docs/firewalls"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_deleted.json
index 4198753f104cb..4cc8fde077c3e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_deleted.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Firewall Rule Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:v*.compute.firewalls.delete",
   "references": [
     "https://cloud.google.com/vpc/docs/firewalls"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_modified.json
index 811a386614b20..614da7f79a46b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_firewall_rule_modified.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Firewall Rule Modification",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:v*.compute.firewalls.patch",
   "references": [
     "https://cloud.google.com/vpc/docs/firewalls"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_bucket_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_bucket_deletion.json
index 0ba5d1cfcf403..805f21f875f02 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_bucket_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_bucket_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Logging Bucket Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.logging.v*.ConfigServiceV*.DeleteBucket and event.outcome:success",
   "references": [
     "https://cloud.google.com/logging/docs/buckets",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_sink_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_sink_deletion.json
index 7e90b357e9055..6fa62fe3a6313 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_sink_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_logging_sink_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Logging Sink Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.logging.v*.ConfigServiceV*.DeleteSink and event.outcome:success",
   "references": [
     "https://cloud.google.com/logging/docs/export"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_subscription_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_subscription_deletion.json
index f2e7c5a7ca706..4907e0f13e550 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_subscription_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_subscription_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Pub/Sub Subscription Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.pubsub.v*.Subscriber.DeleteSubscription and event.outcome:success",
   "references": [
     "https://cloud.google.com/pubsub/docs/overview"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_topic_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_topic_deletion.json
index 7603c0da2c959..7632a73ddfa90 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_topic_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_pub_sub_topic_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Pub/Sub Topic Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.pubsub.v*.Publisher.DeleteTopic and event.outcome:success",
   "references": [
     "https://cloud.google.com/pubsub/docs/overview"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_configuration_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_configuration_modified.json
index 6512c5ad473b4..abb6912f0828d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_configuration_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_configuration_modified.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Storage Bucket Configuration Modification",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:\"storage.buckets.update\" and event.outcome:success",
   "references": [
     "https://cloud.google.com/storage/docs/key-terms#buckets"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_permissions_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_permissions_modified.json
index e79c14e76cba7..8eb238c9dc796 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_permissions_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_gcp_storage_bucket_permissions_modified.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Storage Bucket Permissions Modification",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:\"storage.setIamPermissions\" and event.outcome:success",
   "references": [
     "https://cloud.google.com/storage/docs/access-control/iam-permissions"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json
index a98f57a132ba4..8ededad39f415 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS GuardDuty Detector Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:guardduty.amazonaws.com and event.action:DeleteDetector and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/guardduty/delete-detector.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_dlp_policy_removed.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_dlp_policy_removed.json
index 0bb0d45e9c342..b39aee071a874 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_dlp_policy_removed.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_dlp_policy_removed.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange DLP Policy Removed",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-DlpPolicy\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-dlppolicy?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.json
index 6e68369e16739..c4de503b66540 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Malware Filter Policy Deletion",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-MalwareFilterPolicy\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-malwarefilterpolicy?view=exchange-ps"
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.json
index 66e35150ec06b..c0dcec7e1b0d7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Malware Filter Rule Modification",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-MalwareFilterRule\" or \"Disable-MalwareFilterRule\") and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-malwarefilterrule?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.json
index 2c744077756ef..5273115ead302 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Safe Attachment Rule Disabled",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Disable-SafeAttachmentRule\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-safeattachmentrule?view=exchange-ps"
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_network_watcher_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_network_watcher_deletion.json
index f1c2575033fa3..27a590f49cb31 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_network_watcher_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_network_watcher_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Network Watcher Deletion",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.NETWORK/NETWORKWATCHERS/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview"
@@ -56,5 +56,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json
index 727bd4a579566..4eb3bb47beff5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS S3 Bucket Configuration Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:s3.amazonaws.com and event.action:(DeleteBucketPolicy or DeleteBucketReplication or DeleteBucketCors or DeleteBucketEncryption or DeleteBucketLifecycle) and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_sdelete_like_filename_rename.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_sdelete_like_filename_rename.json
index df9a50bb80bf0..116525ab3dfcd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_sdelete_like_filename_rename.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_sdelete_like_filename_rename.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Potential Secure File Deletion via SDelete Utility",
-  "note": "Verify process details such as command line and hash to confirm this activity legitimacy.",
+  "note": "## Triage and analysis\n\nVerify process details such as command line and hash to confirm this activity legitimacy.",
   "query": "file where event.type == \"change\" and file.name : \"*AAA.AAA\"\n",
   "risk_score": 21,
   "rule_id": "5aee924b-6ceb-4633-980e-1bde8cdb40c5",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "eql",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.json
index ae1419f1f561a..b1ab19a25d840 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "High Number of Okta User Password Reset or Unlock Attempts",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:(system.email.account_unlock.sent_message or system.email.password_reset.sent_message or system.sms.send_account_unlock_message or system.sms.send_password_reset_message or system.voice.send_account_unlock_call or system.voice.send_password_reset_call or user.account.unlock_token)",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -85,5 +85,5 @@
     "value": 5
   },
   "type": "threshold",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json
index ebe1cbf18d6a8..cc2d47812b48c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS WAF Access Control List Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.action:DeleteWebACL and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/waf-regional/delete-web-acl.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json
index 5c20a8a434095..ee21d03f8464b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS WAF Rule or Rule Group Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.action:(DeleteRule or DeleteRuleGroup) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/waf/delete-rule-group.html",
@@ -58,5 +58,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_adfind_command_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_adfind_command_activity.json
index 86b1a156bcef2..97ba7da6c5f3b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_adfind_command_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_adfind_command_activity.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "AdFind Command Activity",
-  "note": "`AdFind.exe` is a legitimate domain query tool. Rule alerts should be investigated to identify if the user has a role that would explain using this tool and that it is being run from an expected directory and endpoint. Leverage the exception workflow in the Kibana Security App or Elasticsearch API to tune this rule to your environment.",
+  "note": "## Triage and analysis\n\n`AdFind.exe` is a legitimate domain query tool. Rule alerts should be investigated to identify if the user has a role that would explain using this tool and that it is being run from an expected directory and endpoint. Leverage the exception workflow in the Kibana Security App or Elasticsearch API to tune this rule to your environment.",
   "query": "process where event.type in (\"start\", \"process_started\") and \n  (process.name : \"AdFind.exe\" or process.pe.original_file_name == \"AdFind.exe\") and \n  process.args : (\"objectcategory=computer\", \"(objectcategory=computer)\", \n                  \"objectcategory=person\", \"(objectcategory=person)\",\n                  \"objectcategory=subnet\", \"(objectcategory=subnet)\",\n                  \"objectcategory=group\", \"(objectcategory=group)\", \n                  \"objectcategory=organizationalunit\", \"(objectcategory=organizationalunit)\",\n                  \"objectcategory=attributeschema\", \"(objectcategory=attributeschema)\",\n                  \"domainlist\", \"dcmodes\", \"adinfo\", \"dclist\", \"computers_pwnotreqd\", \"trustdmp\")\n",
   "references": [
     "http://www.joeware.net/freetools/tools/adfind/",
@@ -75,5 +75,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "eql",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_blob_container_access_mod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_blob_container_access_mod.json
index 7e4e8bfe69a0c..16eabb82de0f7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_blob_container_access_mod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_blob_container_access_mod.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Blob Container Access Level Modification",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.STORAGE/STORAGEACCOUNTS/BLOBSERVICES/CONTAINERS/WRITE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent"
@@ -64,5 +64,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/domain_added_to_google_workspace_trusted_domains.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/domain_added_to_google_workspace_trusted_domains.json
index 79a0629f3fdc1..96f246f9403bf 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/domain_added_to_google_workspace_trusted_domains.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/domain_added_to_google_workspace_trusted_domains.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Domain Added to Google Workspace Trusted Domains",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ADD_TRUSTED_DOMAINS",
   "references": [
     "https://support.google.com/a/answer/6160020?hl=en"
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_virtual_machine.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_virtual_machine.json
index 3790c3c35fb19..8254e9e1c75e0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_virtual_machine.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_virtual_machine.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Command Execution on Virtual Machine",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.COMPUTE/VIRTUALMACHINES/RUNCOMMAND/ACTION\" and event.outcome:(Success or success)",
   "references": [
     "https://adsecurity.org/?p=4277",
@@ -51,5 +51,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_from_unusual_path_cmdline.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_from_unusual_path_cmdline.json
index f05496fc641a1..d82313c758972 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_from_unusual_path_cmdline.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_from_unusual_path_cmdline.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Execution from Unusual Directory - Command Line",
-  "note": "This is related to the Process Execution from an Unusual Directory rule",
+  "note": "## Triage and analysis\n\nThis is related to the `Process Execution from an Unusual Directory rule`.",
   "query": "process where event.type in (\"start\", \"process_started\", \"info\") and\n  process.name : (\"wscript.exe\", \n                  \"cscript.exe\", \n                  \"rundll32.exe\", \n                  \"regsvr32.exe\", \n                  \"cmstp.exe\",\n                  \"RegAsm.exe\",\n                  \"installutil.exe\",\n                  \"mshta.exe\",\n                  \"RegSvcs.exe\", \n                  \"powershell.exe\", \n                  \"pwsh.exe\", \n                  \"cmd.exe\") and\n                  \n  /* add suspicious execution paths here */\n  process.args : (\"C:\\\\PerfLogs\\\\*\",\n                  \"C:\\\\Users\\\\Public\\\\*\",\n                  \"C:\\\\Users\\\\Default\\\\*\",\n                  \"C:\\\\Windows\\\\Tasks\\\\*\",\n                  \"C:\\\\Intel\\\\*\", \n                  \"C:\\\\AMD\\\\Temp\\\\*\", \n                  \"C:\\\\Windows\\\\AppReadiness\\\\*\", \n                  \"C:\\\\Windows\\\\ServiceState\\\\*\",\n                  \"C:\\\\Windows\\\\security\\\\*\",\n                  \"C:\\\\Windows\\\\IdentityCRL\\\\*\",\n                  \"C:\\\\Windows\\\\Branding\\\\*\",\n                  \"C:\\\\Windows\\\\csc\\\\*\",\n                  \"C:\\\\Windows\\\\DigitalLocker\\\\*\",\n                  \"C:\\\\Windows\\\\en-US\\\\*\",\n                  \"C:\\\\Windows\\\\wlansvc\\\\*\",\n                  \"C:\\\\Windows\\\\Prefetch\\\\*\",\n                  \"C:\\\\Windows\\\\Fonts\\\\*\",\n                  \"C:\\\\Windows\\\\diagnostics\\\\*\",\n                  \"C:\\\\Windows\\\\TAPI\\\\*\",\n                  \"C:\\\\Windows\\\\INF\\\\*\",\n                  \"C:\\\\Windows\\\\System32\\\\Speech\\\\*\",\n                  \"C:\\\\windows\\\\tracing\\\\*\",\n                  \"c:\\\\windows\\\\IME\\\\*\",\n                  \"c:\\\\Windows\\\\Performance\\\\*\",\n                  \"c:\\\\windows\\\\intel\\\\*\",\n                  \"c:\\\\windows\\\\ms\\\\*\",\n                  \"C:\\\\Windows\\\\dot3svc\\\\*\",\n                  \"C:\\\\Windows\\\\ServiceProfiles\\\\*\",\n                  \"C:\\\\Windows\\\\panther\\\\*\",\n                  \"C:\\\\Windows\\\\RemotePackages\\\\*\",\n                  \"C:\\\\Windows\\\\OCR\\\\*\",\n                  \"C:\\\\Windows\\\\appcompat\\\\*\",\n                  \"C:\\\\Windows\\\\apppatch\\\\*\",\n                  \"C:\\\\Windows\\\\addins\\\\*\",\n                  \"C:\\\\Windows\\\\Setup\\\\*\",\n                  \"C:\\\\Windows\\\\Help\\\\*\",\n                  \"C:\\\\Windows\\\\SKB\\\\*\",\n                  \"C:\\\\Windows\\\\Vss\\\\*\",\n                  \"C:\\\\Windows\\\\Web\\\\*\",\n                  \"C:\\\\Windows\\\\servicing\\\\*\",\n                  \"C:\\\\Windows\\\\CbsTemp\\\\*\",\n                  \"C:\\\\Windows\\\\Logs\\\\*\",\n                  \"C:\\\\Windows\\\\WaaS\\\\*\",\n                  \"C:\\\\Windows\\\\twain_32\\\\*\",\n                  \"C:\\\\Windows\\\\ShellExperiences\\\\*\",\n                  \"C:\\\\Windows\\\\ShellComponents\\\\*\",\n                  \"C:\\\\Windows\\\\PLA\\\\*\",\n                  \"C:\\\\Windows\\\\Migration\\\\*\",\n                  \"C:\\\\Windows\\\\debug\\\\*\",\n                  \"C:\\\\Windows\\\\Cursors\\\\*\",\n                  \"C:\\\\Windows\\\\Containers\\\\*\",\n                  \"C:\\\\Windows\\\\Boot\\\\*\",\n                  \"C:\\\\Windows\\\\bcastdvr\\\\*\",\n                  \"C:\\\\Windows\\\\assembly\\\\*\",\n                  \"C:\\\\Windows\\\\TextInput\\\\*\",\n                  \"C:\\\\Windows\\\\security\\\\*\",\n                  \"C:\\\\Windows\\\\schemas\\\\*\",\n                  \"C:\\\\Windows\\\\SchCache\\\\*\",\n                  \"C:\\\\Windows\\\\Resources\\\\*\",\n                  \"C:\\\\Windows\\\\rescache\\\\*\",\n                  \"C:\\\\Windows\\\\Provisioning\\\\*\",\n                  \"C:\\\\Windows\\\\PrintDialog\\\\*\",\n                  \"C:\\\\Windows\\\\PolicyDefinitions\\\\*\",\n                  \"C:\\\\Windows\\\\media\\\\*\",\n                  \"C:\\\\Windows\\\\Globalization\\\\*\",\n                  \"C:\\\\Windows\\\\L2Schemas\\\\*\",\n                  \"C:\\\\Windows\\\\LiveKernelReports\\\\*\",\n                  \"C:\\\\Windows\\\\ModemLogs\\\\*\",\n                  \"C:\\\\Windows\\\\ImmersiveControlPanel\\\\*\",\n                  \"C:\\\\$Recycle.Bin\\\\*\") and\n  not process.parent.executable : (\"C:\\\\WINDOWS\\\\System32\\\\DriverStore\\\\FileRepository\\\\*\\\\igfxCUIService*.exe\",\n                                   \"C:\\\\Windows\\\\System32\\\\spacedeskService.exe\",\n                                   \"C:\\\\Program Files\\\\Dell\\\\SupportAssistAgent\\\\SRE\\\\SRE.exe\") and\n  not (process.name : \"rundll32.exe\" and process.args : (\"uxtheme.dll,#64\", \"PRINTUI.DLL,PrintUIEntry\"))\n",
   "risk_score": 47,
   "rule_id": "cff92c41-2225-4763-b4ce-6f71e5bda5e6",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_shared_modules_local_sxs_dll.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_shared_modules_local_sxs_dll.json
index bd938fd3f9979..4fd4c708eda99 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_shared_modules_local_sxs_dll.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_shared_modules_local_sxs_dll.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Execution via local SxS Shared Module",
-  "note": "The SxS DotLocal folder is a legitimate feature that can be abused to hijack standard modules loading order by forcing an executable on the same application.exe.local folder to load a malicious DLL module from the same directory.",
+  "note": "## Triage and analysis\n\nThe SxS DotLocal folder is a legitimate feature that can be abused to hijack standard modules loading order by forcing an executable on the same application.exe.local folder to load a malicious DLL module from the same directory.",
   "query": "file where file.extension : \"dll\" and file.path : \"C:\\\\*\\\\*.exe.local\\\\*.dll\"\n",
   "references": [
     "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection"
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "eql",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json
index 7295094419406..7c67a3f037538 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS EC2 Snapshot Activity",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:ModifySnapshotAttribute",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-snapshot-attribute.html",
@@ -51,5 +51,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_gcp_logging_sink_modification.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_gcp_logging_sink_modification.json
index 959f5f48d3ba3..ddff312a362ee 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_gcp_logging_sink_modification.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_gcp_logging_sink_modification.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Logging Sink Modification",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.logging.v*.ConfigServiceV*.UpdateSink and event.outcome:success",
   "references": [
     "https://cloud.google.com/logging/docs/export#how_sinks_work"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_creation.json
index f248e61e9e0ce..ec9373352254b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_creation.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Transport Rule Creation",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"New-TransportRule\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/new-transportrule?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_mod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_mod.json
index b7493914c9bfc..2503f679464f1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_mod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_microsoft_365_exchange_transport_rule_mod.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Transport Rule Modification",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-TransportRule\" or \"Disable-TransportRule\") and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-transportrule?view=exchange-ps",
@@ -51,5 +51,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_admin_role_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_admin_role_deletion.json
index 517d2b8526abb..ba84d38d7e4ee 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_admin_role_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_admin_role_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace Admin Role Deletion",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:DELETE_ROLE",
   "references": [
     "https://support.google.com/a/answer/2406043?hl=en"
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_mfa_enforcement_disabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_mfa_enforcement_disabled.json
index 514d08172d04b..551133ed2a58d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_mfa_enforcement_disabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_mfa_enforcement_disabled.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace MFA Enforcement Disabled",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ENFORCE_STRONG_AUTHENTICATION and gsuite.admin.new_value:false",
   "references": [
     "https://support.google.com/a/answer/9176657?hl=en#"
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_policy_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_policy_modified.json
index 194228e119205..5893782912b35 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_policy_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/google_workspace_policy_modified.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace Password Policy Modified",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:(CHANGE_APPLICATION_SETTING or CREATE_APPLICATION_SETTING) and gsuite.admin.setting.name:( \"Password Management - Enforce strong password\" or \"Password Management - Password reset frequency\" or \"Password Management - Enable password reuse\" or \"Password Management - Enforce password policy at next login\" or \"Password Management - Minimum password length\" or \"Password Management - Maximum password length\" )",
   "risk_score": 47,
   "rule_id": "a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73",
@@ -30,5 +30,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json
index 771d4363182ee..aebda3bb268d1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Revoke Okta API Token",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:system.api_token.revoke",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_azure_automation_runbook_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_azure_automation_runbook_deleted.json
index d0f482d80f657..fb468ff8f6d7d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_azure_automation_runbook_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_azure_automation_runbook_deleted.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Automation Runbook Deleted",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://powerzure.readthedocs.io/en/latest/Functions/operational.html#create-backdoor",
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json
index 33534d777272d..9d1c0d3758a9d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudTrail Log Updated",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.action:UpdateTrail and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateTrail.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json
index 1fa046a285a4d..14f0419cb4073 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudWatch Log Group Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:logs.amazonaws.com and event.action:DeleteLogGroup and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/logs/delete-log-group.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json
index 800e576e22c10..6d37a106aa9ab 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS CloudWatch Log Stream Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:logs.amazonaws.com and event.action:DeleteLogStream and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/logs/delete-log-stream.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json
index 944814f1b47d1..94b1839dfc5dd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS EC2 Encryption Disabled",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:DisableEbsEncryptionByDefault and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_iam_role_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_iam_role_deletion.json
index c42c1d23fb486..5ed1aa4386de4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_iam_role_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_iam_role_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP IAM Role Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.DeleteRole and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/understanding-roles"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_deleted.json
index af3ba32403bfd..134278f30abb6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_deleted.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Service Account Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.DeleteServiceAccount and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/service-accounts"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_disabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_disabled.json
index 5dd70497b7ded..a7750fc586729 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_disabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_service_account_disabled.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Service Account Disabled",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.DisableServiceAccount and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/service-accounts"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_storage_bucket_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_storage_bucket_deleted.json
index e5875576c5190..c534dae963970 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_storage_bucket_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_storage_bucket_deleted.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Storage Bucket Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:\"storage.buckets.delete\"",
   "references": [
     "https://cloud.google.com/storage/docs/key-terms#buckets"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_network_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_network_deleted.json
index 0994537218ad7..caad64c558863 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_network_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_network_deleted.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Virtual Private Cloud Network Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:v*.compute.networks.delete and event.outcome:success",
   "references": [
     "https://cloud.google.com/vpc/docs/vpc"
@@ -31,5 +31,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_created.json
index 4e21cb82c4cd6..7e2090de29c62 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_created.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Virtual Private Cloud Route Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:(v*.compute.routes.insert or \"beta.compute.routes.insert\")",
   "references": [
     "https://cloud.google.com/vpc/docs/routes",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_deleted.json
index 47b1a0af8cafe..a8b8b12b60960 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_deleted.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_gcp_virtual_private_cloud_route_deleted.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Virtual Private Cloud Route Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:v*.compute.routes.delete and event.outcome:success",
   "references": [
     "https://cloud.google.com/vpc/docs/routes",
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_hosts_file_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_hosts_file_modified.json
index d202cc6e84ee9..56c943c85cb2a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_hosts_file_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_hosts_file_modified.json
@@ -13,7 +13,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Hosts File Modified",
-  "note": "For Windows systems using Auditbeat, this rule requires adding 'C:/Windows/System32/drivers/etc' as an additional path in the 'file_integrity' module of auditbeat.yml.",
+  "note": "## Config\n\nFor Windows systems using Auditbeat, this rule requires adding 'C:/Windows/System32/drivers/etc' as an additional path in the 'file_integrity' module of auditbeat.yml.",
   "query": "file where event.type in (\"change\", \"creation\") and\n  file.path : (\"/private/etc/hosts\", \"/etc/hosts\", \"?:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts\") \n",
   "references": [
     "https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-reference-yml.html"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json
index 1f0d48e2ecbc4..7b77a414dd1e0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json
@@ -16,7 +16,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Deactivation of MFA Device",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:(DeactivateMFADevice or DeleteVirtualMFADevice) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/deactivate-mfa-device.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json
index ebe8df9c785ca..2c43b0560e660 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Group Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:DeleteGroup and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-group.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json
index 98e77bb6cdb6c..649c859de8184 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json
@@ -10,7 +10,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Possible Okta DoS Attack",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:(application.integration.rate_limit_exceeded or system.org.rate_limit.warning or system.org.rate_limit.violation or core.concurrency.org.limit.violation)",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -51,5 +51,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json
index b8c81e467fabb..94837f665af75 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS RDS Cluster Deletion",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.action:(DeleteDBCluster or DeleteGlobalCluster) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/delete-db-cluster.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json
index bd56daf3c6c9c..065c39f8f676b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS RDS Instance/Cluster Stoppage",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.action:(StopDBCluster or StopDBInstance) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/stop-db-cluster.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_resource_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_resource_group_deletion.json
index e513e6573e756..221f1b1e46eb2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_resource_group_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_resource_group_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Resource Group Deletion",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.RESOURCES/SUBSCRIPTIONS/RESOURCEGROUPS/DELETE\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal"
@@ -71,5 +71,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_high_risk_signin.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_high_risk_signin.json
index 6aef51de63ff0..b18ab4090b1f8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_high_risk_signin.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_high_risk_signin.json
@@ -12,7 +12,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Active Directory High Risk Sign-in",
-  "note": "The Azure Fleet Integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.signinlogs and azure.signinlogs.properties.risk_level_during_signin:high and event.outcome:(success or Success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-risk",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_powershell_signin.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_powershell_signin.json
index 73aae9f6983d1..7e77d851eac00 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_powershell_signin.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_azure_active_directory_powershell_signin.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Active Directory PowerShell Sign-in",
-  "note": "The Azure Fleet Integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.signinlogs and azure.signinlogs.properties.app_display_name:\"Azure Active Directory PowerShell\" and azure.signinlogs.properties.token_issuer_type:AzureAD and event.outcome:(success or Success)",
   "references": [
     "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/",
@@ -57,5 +57,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_consent_grant_attack_via_azure_registered_application.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_consent_grant_attack_via_azure_registered_application.json
index 10a0e1e20ad4c..f73c30f55eb3a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_consent_grant_attack_via_azure_registered_application.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_consent_grant_attack_via_azure_registered_application.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Possible Consent Grant Attack via Azure-Registered Application",
-  "note": "- The Azure Filebeat module must be enabled to use this rule.\n- In a consent grant attack, an attacker tricks an end user into granting a malicious application consent to access their data, usually via a phishing attack. After the malicious application has been granted consent, it has account-level access to data without the need for an organizational account.\n- Normal remediation steps, like resetting passwords for breached accounts or requiring Multi-Factor Authentication (MFA) on accounts, are not effective against this type of attack, since these are third-party applications and are external to the organization.\n- Security analysts should review the list of trusted applications for any suspicious items.\n",
+  "note": "## Triage and analysis\n\n- In a consent grant attack, an attacker tricks an end user into granting a malicious application consent to access their data, usually via a phishing attack. After the malicious application has been granted consent, it has account-level access to data without the need for an organizational account.\n- Normal remediation steps, like resetting passwords for breached accounts or requiring Multi-Factor Authentication (MFA) on accounts, are not effective against this type of attack, since these are third-party applications and are external to the organization.\n- Security analysts should review the list of trusted applications for any suspicious items.\n\n\n## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(azure.activitylogs or azure.auditlogs or o365.audit) and ( azure.activitylogs.operation_name:\"Consent to application\" or azure.auditlogs.operation_name:\"Consent to application\" or o365.audit.Operation:\"Consent to application.\" ) and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide"
@@ -68,5 +68,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json
index c0884cf809e77..7d199f72a22bd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Management Console Root Login",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and event.action:ConsoleLogin and aws.cloudtrail.user_identity.type:Root and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_external_guest_user_invite.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_external_guest_user_invite.json
index 9b4ce4e288e71..fa04b1f724ef7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_external_guest_user_invite.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_external_guest_user_invite.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure External Guest User Invitation",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Invite external user\" and azure.auditlogs.properties.target_resources.*.display_name:guest and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0"
@@ -64,5 +64,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_gcp_iam_custom_role_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_gcp_iam_custom_role_creation.json
index e29e7584626d4..a823f162d405a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_gcp_iam_custom_role_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_gcp_iam_custom_role_creation.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP IAM Custom Role Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.CreateRole and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/understanding-custom-roles"
@@ -63,5 +63,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.json
index 79d8d459a76fb..46c771e5b5ede 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Anti-Phish Policy Deletion",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-AntiPhishPolicy\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-antiphishpolicy?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_rule_mod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_rule_mod.json
index f35d2cf28a78e..471a010338085 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_rule_mod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_anti_phish_rule_mod.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Anti-Phish Rule Modification",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-AntiPhishRule\" or \"Disable-AntiPhishRule\") and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-antiphishrule?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_safelinks_disabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_safelinks_disabled.json
index f43aa8fd16790..d348d790f0c4e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_safelinks_disabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_microsoft_365_exchange_safelinks_disabled.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Safe Link Policy Disabled",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Disable-SafeLinksRule\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-safelinksrule?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json
index 902abb51a6f99..fcbbcec5f06ac 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Password Recovery Requested",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and event.action:PasswordRecoveryRequested and event.outcome:success",
   "references": [
     "https://www.cadosecurity.com/2020/06/11/an-ongoing-aws-phishing-campaign/"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json
index 1bc04428c85ce..03fb7e44b200d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Suspicious Activity Reported by Okta User",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.account.report_suspicious_activity_by_enduser",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -94,5 +94,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_ms_exchange_files.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_ms_exchange_files.json
index bd3e6129fa3ab..2473b4c3d2b51 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_ms_exchange_files.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_ms_exchange_files.json
@@ -17,7 +17,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Microsoft Exchange Server UM Writing Suspicious Files",
-  "note": "## Triage and analysis\nPositive hits can be checked against the established Microsoft [baselines](https://github.com/microsoft/CSS-Exchange/tree/main/Security/Baselines).\n\nMicrosoft highly recommends that the best course of action is patching, but this may not protect already compromised systems\nfrom existing intrusions. Other tools for detecting and mitigating can be found within their Exchange support\n[repository](https://github.com/microsoft/CSS-Exchange/tree/main/Security)\n",
+  "note": "## Triage and analysis\n\nPositive hits can be checked against the established Microsoft [baselines](https://github.com/microsoft/CSS-Exchange/tree/main/Security/Baselines).\n\nMicrosoft highly recommends that the best course of action is patching, but this may not protect already compromised systems\nfrom existing intrusions. Other tools for detecting and mitigating can be found within their Exchange support\n[repository](https://github.com/microsoft/CSS-Exchange/tree/main/Security)\n",
   "query": "file where event.type == \"creation\" and\n  process.name : (\"UMWorkerProcess.exe\", \"umservice.exe\") and\n  file.extension : (\"php\", \"jsp\", \"js\", \"aspx\", \"asmx\", \"asax\", \"cfm\", \"shtml\") and\n  (\n    file.path : \"?:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\*\" or\n\n    (file.path : \"?:\\\\*\\\\Microsoft\\\\Exchange Server*\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\*\" and\n       not (file.path : \"?:\\\\*\\\\Microsoft\\\\Exchange Server*\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\version\\\\*\" or\n            file.name : (\"errorFE.aspx\", \"expiredpassword.aspx\", \"frowny.aspx\", \"GetIdToken.htm\", \"logoff.aspx\",\n                        \"logon.aspx\", \"OutlookCN.aspx\", \"RedirSuiteServiceProxy.aspx\", \"signout.aspx\"))) or\n\n    (file.path : \"?:\\\\*\\\\Microsoft\\\\Exchange Server*\\\\FrontEnd\\\\HttpProxy\\\\ecp\\\\auth\\\\*\" and\n       not file.name : \"TimeoutLogoff.aspx\")\n  )\n",
   "references": [
     "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unsecure_elasticsearch_node.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unsecure_elasticsearch_node.json
index d545a92e87ad2..41ab4386c6817 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unsecure_elasticsearch_node.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unsecure_elasticsearch_node.json
@@ -12,7 +12,7 @@
   "language": "lucene",
   "license": "Elastic License v2",
   "name": "Inbound Connection to an Unsecure Elasticsearch Node",
-  "note": "This rule requires the addition of port `9200` and `send_all_headers` to the `HTTP` protocol configuration in `packetbeat.yml`. See the References section for additional configuration documentation.",
+  "note": "## Config\n\nThis rule requires the addition of port `9200` and `send_all_headers` to the `HTTP` protocol configuration in `packetbeat.yml`. See the References section for additional configuration documentation.",
   "query": "event.category:network_traffic AND network.protocol:http AND status:OK AND destination.port:9200 AND network.direction:inbound AND NOT http.response.headers.content-type:\"image/x-icon\" AND NOT _exists_:http.request.headers.authorization",
   "references": [
     "https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html",
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_children.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_children.json
index 736090dd66003..3a58eb309f5b6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_children.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_children.json
@@ -15,7 +15,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Unusual Child Process of dns.exe",
-  "note": "### Investigating Unusual Child Process\nDetection alerts from this rule indicate potential suspicious child processes spawned after exploitation from CVE-2020-1350 (SigRed) has occurred. Here are some possible avenues of investigation:\n- Any suspicious or abnormal child process spawned from dns.exe should be reviewed and investigated with care. It's impossible to predict what an adversary may deploy as the follow-on process after the exploit, but built-in discovery/enumeration utilities should be top of mind (whoami.exe, netstat.exe, systeminfo.exe, tasklist.exe).\n- Built-in Windows programs that contain capabilities used to download and execute additional payloads should also be considered. This is not an exhaustive list, but ideal candidates to start out would be: mshta.exe, powershell.exe, regsvr32.exe, rundll32.exe, wscript.exe, wmic.exe.\n- If the DoS exploit is successful and DNS Server service crashes, be mindful of potential child processes related to werfault.exe occurring.\n- Any subsequent activity following the child process spawned related to execution/network activity should be thoroughly reviewed from the endpoint.",
+  "note": "## Triage and analysis\n\n### Investigating Unusual Child Process\nDetection alerts from this rule indicate potential suspicious child processes spawned after exploitation from CVE-2020-1350 (SigRed) has occurred. Here are some possible avenues of investigation:\n- Any suspicious or abnormal child process spawned from dns.exe should be reviewed and investigated with care. It's impossible to predict what an adversary may deploy as the follow-on process after the exploit, but built-in discovery/enumeration utilities should be top of mind (whoami.exe, netstat.exe, systeminfo.exe, tasklist.exe).\n- Built-in Windows programs that contain capabilities used to download and execute additional payloads should also be considered. This is not an exhaustive list, but ideal candidates to start out would be: mshta.exe, powershell.exe, regsvr32.exe, rundll32.exe, wscript.exe, wmic.exe.\n- If the DoS exploit is successful and DNS Server service crashes, be mindful of potential child processes related to werfault.exe occurring.\n- Any subsequent activity following the child process spawned related to execution/network activity should be thoroughly reviewed from the endpoint.",
   "query": "process where event.type == \"start\" and process.parent.name : \"dns.exe\" and\n  not process.name : \"conhost.exe\"\n",
   "references": [
     "https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_file_writes.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_file_writes.json
index 495f4885f2145..3ccd4aa440b42 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_file_writes.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_unusual_dns_service_file_writes.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Unusual File Modification by dns.exe",
-  "note": "### Investigating Unusual File Write\nDetection alerts from this rule indicate potential unusual/abnormal file writes from the DNS Server service process (`dns.exe`) after exploitation from CVE-2020-1350 (SigRed) has occurred. Here are some possible avenues of investigation:\n- Post-exploitation, adversaries may write additional files or payloads to the system as additional discovery/exploitation/persistence mechanisms.\n- Any suspicious or abnormal files written from `dns.exe` should be reviewed and investigated with care.",
+  "note": "## Triage and analysis\n\n### Investigating Unusual File Write\nDetection alerts from this rule indicate potential unusual/abnormal file writes from the DNS Server service process (`dns.exe`) after exploitation from CVE-2020-1350 (SigRed) has occurred. Here are some possible avenues of investigation:\n- Post-exploitation, adversaries may write additional files or payloads to the system as additional discovery/exploitation/persistence mechanisms.\n- Any suspicious or abnormal files written from `dns.exe` should be reviewed and investigated with care.",
   "query": "file where process.name : \"dns.exe\" and event.type in (\"creation\", \"deletion\", \"change\") and\n  not file.name : \"dns.log\"\n",
   "references": [
     "https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_via_system_manager.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_via_system_manager.json
index 8ea2de6edd9f1..73370f48253a6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_via_system_manager.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_via_system_manager.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Execution via System Manager",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ssm.amazonaws.com and event.action:SendCommand and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html"
@@ -57,5 +57,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_zoom_meeting_with_no_passcode.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_zoom_meeting_with_no_passcode.json
index 1e8c499a9b2a8..9ceb2d7143713 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_zoom_meeting_with_no_passcode.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_zoom_meeting_with_no_passcode.json
@@ -9,7 +9,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Zoom Meeting with no Passcode",
-  "note": "This rule requires the Zoom Filebeat module.",
+  "note": "## Config\n\nThe Zoom Filebeat module or similarly structured data is required to be compatible with this rule.",
   "query": "event.type:creation and event.module:zoom and event.dataset:zoom.webhook and event.action:meeting.created and not zoom.meeting.password:*",
   "references": [
     "https://blog.zoom.us/a-message-to-our-users/",
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_dns_server_overflow.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_dns_server_overflow.json
index e4df5e0774dcd..51bf90ff1eaf0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_dns_server_overflow.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_dns_server_overflow.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Abnormally Large DNS Response",
-  "note": "### Investigating Large DNS Responses\nDetection alerts from this rule indicate an attempt was made to exploit CVE-2020-1350 (SigRed) through the use of large DNS responses on a Windows DNS server. Here are some possible avenues of investigation:\n- Investigate any corresponding Intrusion Detection Signatures (IDS) alerts that can validate this detection alert.\n- Examine the `dns.question_type` network fieldset with a protocol analyzer, such as Zeek, Packetbeat, or Suricata, for `SIG` or `RRSIG` data.\n- Validate the patch level and OS of the targeted DNS server to validate the observed activity was not large-scale Internet vulnerability scanning.\n- Validate that the source of the network activity was not from an authorized vulnerability scan or compromise assessment.",
+  "note": "## Triage and analysis\n\n### Investigating Large DNS Responses\nDetection alerts from this rule indicate an attempt was made to exploit CVE-2020-1350 (SigRed) through the use of large DNS responses on a Windows DNS server. Here are some possible avenues of investigation:\n- Investigate any corresponding Intrusion Detection Signatures (IDS) alerts that can validate this detection alert.\n- Examine the `dns.question_type` network fieldset with a protocol analyzer, such as Zeek, Packetbeat, or Suricata, for `SIG` or `RRSIG` data.\n- Validate the patch level and OS of the targeted DNS server to validate the observed activity was not large-scale Internet vulnerability scanning.\n- Validate that the source of the network activity was not from an authorized vulnerability scan or compromise assessment.",
   "query": "event.category:(network or network_traffic) and destination.port:53 and (event.dataset:zeek.dns or type:dns or event.type:connection) and network.bytes > 60000",
   "references": [
     "https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/",
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_scheduled_task_target.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_scheduled_task_target.json
index 5547c01a4afb2..b66b5a94fe27f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_scheduled_task_target.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_scheduled_task_target.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Remote Scheduled Task Creation",
-  "note": "Decode the base64 encoded tasks actions registry value to investigate the task configured action.",
+  "note": "## Triage and analysis\n\nDecode the base64 encoded tasks actions registry value to investigate the task configured action.",
   "query": "/* Task Scheduler service incoming connection followed by TaskCache registry modification  */\n\nsequence by host.id, process.entity_id with maxspan = 1m\n   [network where process.name : \"svchost.exe\" and\n   network.direction == \"incoming\" and source.port >= 49152 and destination.port >= 49152 and\n   source.address != \"127.0.0.1\" and source.address != \"::1\"\n   ]\n   [registry where registry.path : \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Schedule\\\\TaskCache\\\\Tasks\\\\*\\\\Actions\"]\n",
   "risk_score": 47,
   "rule_id": "954ee7c8-5437-49ae-b2d6-2960883898e9",
@@ -57,5 +57,5 @@
     }
   ],
   "type": "eql",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/mfa_disabled_for_google_workspace_organization.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/mfa_disabled_for_google_workspace_organization.json
index 678f85c562154..b393fa13db8c7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/mfa_disabled_for_google_workspace_organization.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/mfa_disabled_for_google_workspace_organization.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "MFA Disabled for Google Workspace Organization",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:(ENFORCE_STRONG_AUTHENTICATION or ALLOW_STRONG_AUTHENTICATION) and gsuite.admin.new_value:false",
   "risk_score": 47,
   "rule_id": "e555105c-ba6d-481f-82bb-9b633e7b4827",
@@ -30,5 +30,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_exchange_dkim_signing_config_disabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_exchange_dkim_signing_config_disabled.json
index 5c2d08825eb79..280d40537e448 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_exchange_dkim_signing_config_disabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_exchange_dkim_signing_config_disabled.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange DKIM Signing Configuration Disabled",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Set-DkimSigningConfig\" and o365.audit.Parameters.Enabled:False and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/set-dkimsigningconfig?view=exchange-ps"
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_teams_custom_app_interaction_allowed.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_teams_custom_app_interaction_allowed.json
index 21baf5e4232d2..cb87e9f7cb257 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_teams_custom_app_interaction_allowed.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/microsoft_365_teams_custom_app_interaction_allowed.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Teams Custom Application Interaction Allowed",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:MicrosoftTeams and event.category:web and event.action:TeamsTenantSettingChanged and o365.audit.Name:\"Allow sideloading and interaction of custom apps\" and o365.audit.NewValue:True and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/apps-upload"
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_error_message_spike.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_error_message_spike.json
index 81344ecdc2dd2..67524e7966f8d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_error_message_spike.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_error_message_spike.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "high_distinct_count_error_message",
   "name": "Spike in AWS Error Messages",
-  "note": "### Investigating Spikes in CloudTrail Errors ###\nDetection alerts from this rule indicate a large spike in the number of CloudTrail log messages that contain a particular error message. The error message in question was associated with the response to an AWS API command or method call. Here are some possible avenues of investigation:\n- Examine the history of the error. Has it manifested before? If the error, which is visible in the `aws.cloudtrail.error_message` field, manifested only very recently, it might be related to recent changes in an automation module or script.\n- Examine the request parameters. These may provide indications as to the nature of the task being performed when the error occurred. Is the error related to unsuccessful attempts to enumerate or access objects, data or secrets? If so, this can sometimes be a byproduct of discovery, privilege escalation or lateral movement attempts.\n- Consider the user as identified by the user.name field. Is this activity part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?",
+  "note": "## Triage and analysis\n\n### Investigating Spikes in CloudTrail Errors\nDetection alerts from this rule indicate a large spike in the number of CloudTrail log messages that contain a particular error message. The error message in question was associated with the response to an AWS API command or method call. Here are some possible avenues of investigation:\n- Examine the history of the error. Has it manifested before? If the error, which is visible in the `aws.cloudtrail.error_message` field, manifested only very recently, it might be related to recent changes in an automation module or script.\n- Examine the request parameters. These may provide indications as to the nature of the task being performed when the error occurred. Is the error related to unsuccessful attempts to enumerate or access objects, data or secrets? If so, this can sometimes be a byproduct of discovery, privilege escalation or lateral movement attempts.\n- Consider the user as identified by the user.name field. Is this activity part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -26,5 +26,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_error_code.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_error_code.json
index 4cd3583fa681f..db12d5a557ac2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_error_code.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_error_code.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_error_code",
   "name": "Rare AWS Error Code",
-  "note": "### Investigating Unusual CloudTrail Error Activity ###\nDetection alerts from this rule indicate a rare and unusual error code that was associated with the response to an AWS API command or method call. Here are some possible avenues of investigation:\n- Examine the history of the error. Has it manifested before? If the error, which is visible in the `aws.cloudtrail.error_code field`, manifested only very recently, it might be related to recent changes in an automation module or script.\n- Examine the request parameters. These may provide indications as to the nature of the task being performed when the error occurred. Is the error related to unsuccessful attempts to enumerate or access objects, data, or secrets? If so, this can sometimes be a byproduct of discovery, privilege escalation, or lateral movement attempts.\n- Consider the user as identified by the `user.name` field. Is this activity part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?",
+  "note": "## Triage and analysis\n\nInvestigating Unusual CloudTrail Error Activity ###\nDetection alerts from this rule indicate a rare and unusual error code that was associated with the response to an AWS API command or method call. Here are some possible avenues of investigation:\n- Examine the history of the error. Has it manifested before? If the error, which is visible in the `aws.cloudtrail.error_code field`, manifested only very recently, it might be related to recent changes in an automation module or script.\n- Examine the request parameters. These may provide indications as to the nature of the task being performed when the error occurred. Is the error related to unsuccessful attempts to enumerate or access objects, data, or secrets? If so, this can sometimes be a byproduct of discovery, privilege escalation, or lateral movement attempts.\n- Consider the user as identified by the `user.name` field. Is this activity part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_city.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_city.json
index c516ae87e9be8..6c6f5b2a6019c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_city.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_city.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_method_for_a_city",
   "name": "Unusual City For an AWS Command",
-  "note": "### Investigating an Unusual CloudTrail Event ###\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the geolocation of the source IP address. Here are some possible avenues of investigation:\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual CloudTrail Event\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the geolocation of the source IP address. Here are some possible avenues of investigation:\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_country.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_country.json
index 8263b06cb6b2e..689b8a1fc02e3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_country.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_country.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_method_for_a_country",
   "name": "Unusual Country For an AWS Command",
-  "note": "### Investigating an Unusual CloudTrail Event ###\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the geolocation of the source IP address. Here are some possible avenues of investigation:\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual CloudTrail Event\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the geolocation of the source IP address. Here are some possible avenues of investigation:\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_user.json
index 3228031911147..50a1c7c817131 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_user.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_cloudtrail_rare_method_by_user.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_method_for_a_username",
   "name": "Unusual AWS Command for a User",
-  "note": "### Investigating an Unusual CloudTrail Event ###\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the calling IAM user. Here are some possible avenues of investigation:\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual CloudTrail Event\nDetection alerts from this rule indicate an AWS API command or method call that is rare and unusual for the calling IAM user. Here are some possible avenues of investigation:\n- Consider the user as identified by the `user.name` field. Is this command part of an expected workflow for the user context? Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key id in the `aws.cloudtrail.user_identity.access_key_id` field which can help identify the precise user context. The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.\n- Consider the source IP address and geolocation for the calling user who issued the command. Do they look normal for the calling user? If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or could it be sourcing from an EC2 instance not under your control? If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance?\n- Consider the time of day. If the user is a human, not a program or script, did the activity take place during a normal time of day?\n- Examine the history of the command. If the command, which is visible in the `event.action field`, manifested only very recently, it might be part of a new automation module or script. If it has a consistent cadence - for example, if it appears in small numbers on a weekly or monthly cadence it might be part of a housekeeping or maintenance process.\n- Examine the request parameters. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
index 03f422fe3ed93..fcfa402c11a6d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
@@ -9,7 +9,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "linux_anomalous_network_activity_ecs",
   "name": "Unusual Linux Network Activity",
-  "note": "### Investigating Unusual Network Activity ###\nDetection alerts from this rule indicate the presence of network activity from a Linux process for which network activity is rare and unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected?\n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business or maintenance process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating Unusual Network Activity\nDetection alerts from this rule indicate the presence of network activity from a Linux process for which network activity is rare and unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected?\n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business or maintenance process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -24,5 +24,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
index 2e586bc25e9ea..9243389de0d97 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "linux_anomalous_process_all_hosts_ecs",
   "name": "Anomalous Process For a Linux Population",
-  "note": "### Investigating an Unusual Linux Process ###\nDetection alerts from this rule indicate the presence of a Linux process that is rare and unusual for all of the monitored Linux hosts for which Auditbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Linux Process\nDetection alerts from this rule indicate the presence of a Linux process that is rare and unusual for all of the monitored Linux hosts for which Auditbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
index a378e7cf0a1d7..e77247dc0e931 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "linux_anomalous_user_name_ecs",
   "name": "Unusual Linux Username",
-  "note": "### Investigating an Unusual Linux User ###\nDetection alerts from this rule indicate activity for a Linux user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to troubleshooting or debugging activity by a developer or site reliability engineer?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Linux User\nDetection alerts from this rule indicate activity for a Linux user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to troubleshooting or debugging activity by a developer or site reliability engineer?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
index ba16e7f1fe79e..11f6c2605f6ad 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_process_by_host_linux_ecs",
   "name": "Unusual Process For a Linux Host",
-  "note": "### Investigating an Unusual Linux Process ###\nDetection alerts from this rule indicate the presence of a Linux process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Linux Process\nDetection alerts from this rule indicate the presence of a Linux process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
index ed35a35d32920..72db8ff93d4d4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "rare_process_by_host_windows_ecs",
   "name": "Unusual Process For a Windows Host",
-  "note": "### Investigating an Unusual Windows Process ###\nDetection alerts from this rule indicate the presence of a Windows process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package.\n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Windows Process\nDetection alerts from this rule indicate the presence of a Windows process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package.\n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
index 03431adc0f555..5e3d5757b160d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "windows_anomalous_network_activity_ecs",
   "name": "Unusual Windows Network Activity",
-  "note": "### Investigating Unusual Network Activity ###\nDetection alerts from this rule indicate the presence of network activity from a Windows process for which network activity is very unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses, protocol and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected?\n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools.",
+  "note": "## Triage and analysis\n\n### Investigating Unusual Network Activity\nDetection alerts from this rule indicate the presence of network activity from a Windows process for which network activity is very unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses, protocol and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected?\n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
index b874b0effdbea..b73637c1a7cdf 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "windows_anomalous_process_all_hosts_ecs",
   "name": "Anomalous Process For a Windows Population",
-  "note": "### Investigating an Unusual Windows Process ###\nDetection alerts from this rule indicate the presence of a Windows process that is rare and unusual for all of the Windows hosts for which Winlogbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package.\n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Windows Process\nDetection alerts from this rule indicate the presence of a Windows process that is rare and unusual for all of the Windows hosts for which Winlogbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package.\n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
index c4a209dad0448..d3cbc34bd1a3d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "windows_anomalous_user_name_ecs",
   "name": "Unusual Windows Username",
-  "note": "### Investigating an Unusual Windows User ###\nDetection alerts from this rule indicate activity for a Windows user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to occasional troubleshooting or support activity?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Windows User\nDetection alerts from this rule indicate activity for a Windows user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to occasional troubleshooting or support activity?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
index 2e29fbd15fd76..643a85d3af816 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
@@ -12,7 +12,7 @@
   "license": "Elastic License v2",
   "machine_learning_job_id": "windows_rare_user_type10_remote_login",
   "name": "Unusual Windows Remote User",
-  "note": "### Investigating an Unusual Windows User ###\nDetection alerts from this rule indicate activity for a rare and unusual Windows RDP (remote desktop) user. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is the user part of a group who normally logs into Windows hosts using RDP (remote desktop protocol)? Is this logon activity part of an expected workflow for the user?\n- Consider the source of the login. If the source is remote, could this be related to occasional troubleshooting or support activity by a vendor or an employee working remotely?",
+  "note": "## Triage and analysis\n\n### Investigating an Unusual Windows User\nDetection alerts from this rule indicate activity for a rare and unusual Windows RDP (remote desktop) user. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is the user part of a group who normally logs into Windows hosts using RDP (remote desktop protocol)? Is this logon activity part of an expected workflow for the user?\n- Consider the source of the login. If the source is remote, could this be related to occasional troubleshooting or support activity by a vendor or an employee working remotely?",
   "references": [
     "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
@@ -27,5 +27,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_application.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_application.json
index 0040b559f46d3..bb4cdc6ded201 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_application.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_application.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Deactivate an Okta Application",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:application.lifecycle.deactivate",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy.json
index f3ce089c61a54..54dd1f0741488 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Deactivate an Okta Policy",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.lifecycle.deactivate",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy_rule.json
index 71e3b4dee787e..495404ac9e108 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy_rule.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_policy_rule.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Deactivate an Okta Policy Rule",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.rule.deactivate",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_application.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_application.json
index 8f4d45db88edb..950964c81458a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_application.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_application.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Delete an Okta Application",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:application.lifecycle.delete",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json
index 031acd36fab14..43b146b1377b7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Delete an Okta Policy",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.lifecycle.delete",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy_rule.json
index 5bbfa7460a970..3e32480d958ea 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy_rule.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy_rule.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Delete an Okta Policy Rule",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.rule.delete",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_application.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_application.json
index cef2e3c157abe..47c0c836348d6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_application.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_application.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Modify an Okta Application",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:application.lifecycle.update",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json
index a96988fe61d95..05e48c9175daf 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Modify an Okta Network Zone",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:(zone.update or network_zone.rule.disabled or zone.remove_blacklist)",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/network/network-zones.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json
index 4890d5c6f96c6..78451913b110a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Modify an Okta Policy",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.lifecycle.update",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy_rule.json
index 666a4713be90c..3d89183e4a921 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy_rule.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy_rule.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Modify an Okta Policy Rule",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:policy.rule.update",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json
index 58c6828b70c44..ce68423ffa4a4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Modification or Removal of an Okta Application Sign-On Policy",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:(application.policy.sign_on.update or application.policy.sign_on.rule.delete)",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/App_Based_Signon.htm",
@@ -33,5 +33,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json
index 3425a8f16e7bb..51be6cc2aba45 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json
@@ -10,7 +10,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Threat Detected by Okta ThreatInsight",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:security.threat.detected",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -29,5 +29,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json
index 09be6c963d4b6..2284e08ba0caa 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Administrator Privileges Assigned to an Okta Group",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:group.privilege.grant",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/administrators-admin-comparison.htm",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_role_assigned_to_okta_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_role_assigned_to_okta_user.json
index 11fcfe1aab36c..8aa425e4faac6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_role_assigned_to_okta_user.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_role_assigned_to_okta_user.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Administrator Role Assigned to an Okta User",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.account.privilege.grant",
   "references": [
     "https://help.okta.com/en/prod/Content/Topics/Security/administrators-admin-comparison.htm",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json
index 1e2467e5c33c0..df234db46fed2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Create Okta API Token",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:system.api_token.create",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json
index 96e3acb487b55..df70b91b8c8a0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Deactivate MFA for an Okta User Account",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.mfa.factor.deactivate",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json
index c5043862aa99e..a9bbbca91e2b7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Attempt to Reset MFA Factors for an Okta User Account",
-  "note": "The Okta Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:okta.system and event.action:user.mfa.factor.reset_all",
   "references": [
     "https://developer.okta.com/docs/reference/api/system-log/",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 5
+  "version": 6
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_account_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_account_created.json
index b11804c881203..5ec70f2970d28 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_account_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_account_created.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Automation Account Created",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name:\"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/WRITE\" and event.outcome:(Success or success)",
   "references": [
     "https://powerzure.readthedocs.io/en/latest/Functions/operational.html#create-backdoor",
@@ -64,5 +64,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_runbook_created_or_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_runbook_created_or_modified.json
index 64b9b0103feea..f7ef529895222 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_runbook_created_or_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_runbook_created_or_modified.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Automation Runbook Created or Modified",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name: ( \"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/DRAFT/WRITE\" or \"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/WRITE\" or \"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/PUBLISH/ACTION\" ) and event.outcome:(Success or success)",
   "references": [
     "https://powerzure.readthedocs.io/en/latest/Functions/operational.html#create-backdoor",
@@ -32,5 +32,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_webhook_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_webhook_created.json
index f13f108cbd7a5..e77d1f91747e7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_webhook_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_automation_webhook_created.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Automation Webhook Created",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.activitylogs and azure.activitylogs.operation_name: ( \"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/WEBHOOKS/ACTION\" or \"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/WEBHOOKS/WRITE\" ) and event.outcome:(Success or success)",
   "references": [
     "https://powerzure.readthedocs.io/en/latest/Functions/operational.html#create-backdoor",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_conditional_access_policy_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_conditional_access_policy_modified.json
index 7fbb8fffc6e50..00826c3d6162e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_conditional_access_policy_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_conditional_access_policy_modified.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Conditional Access Policy Modified",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(azure.activitylogs or azure.auditlogs) and ( azure.activitylogs.operation_name:\"Update policy\" or azure.auditlogs.operation_name:\"Update policy\" ) and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview"
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_pim_user_added_global_admin.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_pim_user_added_global_admin.json
index 4dc965e2dadbe..1d5332beed4f6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_pim_user_added_global_admin.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_pim_user_added_global_admin.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Global Administrator Role Addition to PIM User",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.properties.category:RoleManagement and azure.auditlogs.operation_name:(\"Add eligible member to role in PIM completed (permanent)\" or \"Add member to role in PIM completed (timebound)\") and azure.auditlogs.properties.target_resources.*.display_name:\"Global Administrator\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_privileged_identity_management_role_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_privileged_identity_management_role_modified.json
index 7da98b3f179ab..0a75c0feaa516 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_privileged_identity_management_role_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_azure_privileged_identity_management_role_modified.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Azure Privilege Identity Management Role Modified",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Update role setting in PIM\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles",
@@ -62,5 +62,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json
index f1ece4525079a..79ff9080c8f23 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS EC2 Network Access Control List Creation",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:(CreateNetworkAcl or CreateNetworkAclEntry) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-network-acl.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_evasion_registry_startup_shell_folder_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_evasion_registry_startup_shell_folder_modified.json
index ec985807b3137..947c1c748af69 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_evasion_registry_startup_shell_folder_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_evasion_registry_startup_shell_folder_modified.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Suspicious Startup Shell Folder Modification",
-  "note": "Verify file creation events in the new Windows Startup folder location.",
+  "note": "## Triage and analysis\n\nVerify file creation events in the new Windows Startup folder location.",
   "query": "registry where\n registry.path : (\n     \"HKLM\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\User Shell Folders\\\\Common Startup\",\n     \"HKLM\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\Shell Folders\\\\Common Startup\",\n     \"HKEY_USERS\\\\*\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\User Shell Folders\\\\Startup\",\n     \"HKEY_USERS\\\\*\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\Shell Folders\\\\Startup\"\n     ) and\n  registry.data.strings != null and\n  /* Normal Startup Folder Paths */\n  not registry.data.strings : (\n           \"C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\",\n           \"%ProgramData%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\",\n           \"%USERPROFILE%\\\\AppData\\\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\",\n           \"C:\\\\Users\\\\*\\\\AppData\\\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\"\n           )\n",
   "risk_score": 73,
   "rule_id": "c8b150f0-0164-475b-a75e-74b47800a9ff",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_iam_service_account_key_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_iam_service_account_key_deletion.json
index d067a66d6f525..34efe6e0b3d0e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_iam_service_account_key_deletion.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_iam_service_account_key_deletion.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP IAM Service Account Key Deletion",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.DeleteServiceAccountKey and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/service-accounts",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_key_created_for_service_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_key_created_for_service_account.json
index 2214da96f7ec1..2c84a68b7603c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_key_created_for_service_account.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_key_created_for_service_account.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Service Account Key Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.CreateServiceAccountKey and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/service-accounts",
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_service_account_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_service_account_created.json
index 3d72eec6dfedb..54d4c01c66ea4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_service_account_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_gcp_service_account_created.json
@@ -13,7 +13,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "GCP Service Account Creation",
-  "note": "The GCP Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:(googlecloud.audit or gcp.audit) and event.action:google.iam.admin.v*.CreateServiceAccount and event.outcome:success",
   "references": [
     "https://cloud.google.com/iam/docs/service-accounts"
@@ -48,5 +48,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_admin_role_assigned_to_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_admin_role_assigned_to_user.json
index a7d1c67196d8f..681d9f4f7d4c8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_admin_role_assigned_to_user.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_admin_role_assigned_to_user.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace Admin Role Assigned to a User",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:ASSIGN_ROLE",
   "references": [
     "https://support.google.com/a/answer/172176?hl=en"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.json
index d5a0236c186f1..819c047a2c64f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace API Access Granted via Domain-Wide Delegation of Authority",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:AUTHORIZE_API_CLIENT_ACCESS",
   "references": [
     "https://developers.google.com/admin-sdk/directory/v1/guides/delegation"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_custom_admin_role_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_custom_admin_role_created.json
index b9e768834d72e..2a68fc2604f8b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_custom_admin_role_created.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_custom_admin_role_created.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace Custom Admin Role Created",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:CREATE_ROLE",
   "references": [
     "https://support.google.com/a/answer/2406043?hl=en"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_role_modified.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_role_modified.json
index 16448bd6d2f71..daf5b9b97a522 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_role_modified.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_google_workspace_role_modified.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Google Workspace Role Modified",
-  "note": "### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
+  "note": "## Config\n\nThe Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.\n\n### Important Information Regarding Google Workspace Event Lag Times\n- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.\n- This rule is configured to run every 10 minutes with a lookback time of 130 minutes.\n- To reduce the risk of false negatives, consider reducing the interval that the Google Workspace (formerly G Suite) Filebeat module polls Google's reporting API for new events.\n- By default, `var.interval` is set to 2 hours (2h). Consider changing this interval to a lower value, such as 10 minutes (10m).\n- See the following references for further information.\n  - https://support.google.com/a/answer/7061566\n  - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-gsuite.html",
   "query": "event.dataset:(gsuite.admin or google_workspace.admin) and event.provider:admin and event.category:iam and event.action:(ADD_PRIVILEGE or UPDATE_ROLE)",
   "references": [
     "https://support.google.com/a/answer/2406043?hl=en"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json
index 155be18fe8add..0930201f0422e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Group Creation",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:CreateGroup and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/create-group.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_scripting.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_scripting.json
index 280a5d528777d..712e98d4ac941 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_scripting.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_scripting.json
@@ -15,7 +15,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Scheduled Task Created by a Windows Script",
-  "note": "Decode the base64 encoded Tasks Actions registry value to investigate the task's configured action.",
+  "note": "## Triage and analysis\n\nDecode the base64 encoded Tasks Actions registry value to investigate the task's configured action.",
   "query": "sequence by host.id with maxspan = 30s\n  [library where dll.name : \"taskschd.dll\" and process.name : (\"cscript.exe\", \"wscript.exe\", \"powershell.exe\")]\n  [registry where registry.path : \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Schedule\\\\TaskCache\\\\Tasks\\\\*\\\\Actions\"]\n",
   "risk_score": 47,
   "rule_id": "689b9d57-e4d5-4357-ad17-9c334609d79a",
@@ -45,5 +45,5 @@
     }
   ],
   "type": "eql",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_loginwindow_plist_modification.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_loginwindow_plist_modification.json
index 00b12ab60abd2..d6ffaa532a530 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_loginwindow_plist_modification.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_loginwindow_plist_modification.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Potential Persistence via Login Hook",
-  "note": "Starting in Mac OS X 10.7 (Lion), users can specify certain applications to be re-opened when a user reboots their machine. This can be abused to establish or maintain persistence on a compromised system.",
+  "note": "## Triage and analysis\n\nStarting in Mac OS X 10.7 (Lion), users can specify certain applications to be re-opened when a user reboots their machine. This can be abused to establish or maintain persistence on a compromised system.",
   "query": "event.category:\"file\" and not event.type:\"deletion\" and file.name:\"com.apple.loginwindow.plist\" and process.name:(* and not (systemmigrationd or DesktopServicesHelper or diskmanagementd or rsync or launchd or cfprefsd or xpcproxy or ManagedClient or MCXCompositor))",
   "references": [
     "https://github.com/D00MFist/PersistentJXA/blob/master/LoginScript.js"
@@ -52,5 +52,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_mfa_disabled_for_azure_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_mfa_disabled_for_azure_user.json
index bb606d158c83b..e13975684a722 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_mfa_disabled_for_azure_user.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_mfa_disabled_for_azure_user.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Multi-Factor Authentication Disabled for an Azure User",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Disable Strong Authentication\" and event.outcome:(Success or success)",
   "risk_score": 47,
   "rule_id": "dafa3235-76dc-40e2-9f71-1773b96d24cf",
@@ -43,5 +43,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_exchange_management_role_assignment.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_exchange_management_role_assignment.json
index a040cc3a3172d..a0e51fa3b8eed 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_exchange_management_role_assignment.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_exchange_management_role_assignment.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Exchange Management Group Role Assignment",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"New-ManagementRoleAssignment\" and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/exchange/new-managementroleassignment?view=exchange-ps",
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_external_access_enabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_external_access_enabled.json
index 737ff8a85c0af..570ac0323dfd1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_external_access_enabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_external_access_enabled.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Teams External Access Enabled",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:(SkypeForBusiness or MicrosoftTeams) and event.category:web and event.action:\"Set-CsTenantFederationConfiguration\" and o365.audit.Parameters.AllowFederatedUsers:True and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/microsoftteams/manage-external-access"
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_guest_access_enabled.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_guest_access_enabled.json
index 9af98a2598c04..492c3dcd5bc9d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_guest_access_enabled.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_microsoft_365_teams_guest_access_enabled.json
@@ -14,7 +14,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Microsoft 365 Teams Guest Access Enabled",
-  "note": "The Microsoft 365 Fleet integration or Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Microsoft 365 Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:o365.audit and event.provider:(SkypeForBusiness or MicrosoftTeams) and event.category:web and event.action:\"Set-CsTeamsClientConfiguration\" and o365.audit.Parameters.AllowGuestUser:True and event.outcome:success",
   "references": [
     "https://docs.microsoft.com/en-us/powershell/module/skype/get-csteamsclientconfiguration?view=skype-ps"
@@ -49,5 +49,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json
index d0d3200d00058..3a13c02a368ad 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS RDS Cluster Creation",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.action:(CreateDBCluster or CreateGlobalCluster) and event.outcome:success",
   "references": [
     "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-cluster.html",
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_application.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_application.json
index a13c92f6d654b..ee2fdb5b75eac 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_application.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_application.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "User Added as Owner for Azure Application",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Add owner to application\" and event.outcome:(Success or success)",
   "risk_score": 21,
   "rule_id": "774f5e28-7b75-4a58-b94e-41bf060fdd86",
@@ -43,5 +43,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_service_principal.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_service_principal.json
index 560c674658e67..aacc17bb6be53 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_service_principal.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_added_as_owner_for_azure_service_principal.json
@@ -11,7 +11,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "User Added as Owner for Azure Service Principal",
-  "note": "The Azure Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:azure.auditlogs and azure.auditlogs.operation_name:\"Add owner to service principal\" and event.outcome:(Success or success)",
   "references": [
     "https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals"
@@ -46,5 +46,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_printspooler_suspicious_spl_file.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_printspooler_suspicious_spl_file.json
index 52a835b3d6fd9..652a9a9466f01 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_printspooler_suspicious_spl_file.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_printspooler_suspicious_spl_file.json
@@ -12,7 +12,7 @@
   "language": "eql",
   "license": "Elastic License v2",
   "name": "Suspicious PrintSpooler SPL File Created",
-  "note": "Refer to CVEs, CVE-2020-1048 and CVE-2020-1337 for further information on the vulnerability and exploit. Verify that the relevant system is patched.",
+  "note": "## Threat intel\n\nRefer to CVEs, CVE-2020-1048 and CVE-2020-1337 for further information on the vulnerability and exploit. Verify that the relevant system is patched.",
   "query": "file where event.type != \"deletion\" and\n  file.extension : \"spl\" and\n  file.path : \"?:\\\\Windows\\\\System32\\\\spool\\\\PRINTERS\\\\*\" and\n  not process.name : (\"spoolsv.exe\",\n                      \"printfilterpipelinesvc.exe\",\n                      \"PrintIsolationHost.exe\",\n                      \"splwow64.exe\",\n                      \"msiexec.exe\",\n                      \"poqexec.exe\")\n",
   "references": [
     "https://safebreach.com/Post/How-we-bypassed-CVE-2020-1048-Patch-and-got-CVE-2020-1337"
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json
index 88f542f246863..5ab6b41582030 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS Root Login Without MFA",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and event.action:ConsoleLogin and aws.cloudtrail.user_identity.type:Root and aws.cloudtrail.console_login.additional_eventdata.mfa_used:false and event.outcome:success",
   "references": [
     "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json
index 5f499601ba6aa..8f01db818dfb9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json
@@ -15,7 +15,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "AWS IAM Assume Role Policy Update",
-  "note": "The AWS Filebeat module must be enabled to use this rule.",
+  "note": "## Config\n\nThe AWS Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
   "query": "event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:UpdateAssumeRolePolicy and event.outcome:success",
   "references": [
     "https://labs.bishopfox.com/tech-blog/5-privesc-attack-vectors-in-aws"
@@ -50,5 +50,5 @@
   ],
   "timestamp_override": "event.ingested",
   "type": "query",
-  "version": 4
+  "version": 5
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json
index ab99f9c69c847..9a058b50683b6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json
@@ -16,7 +16,7 @@
   "language": "kuery",
   "license": "Elastic License v2",
   "name": "Threat Intel Filebeat Module Indicator Match",
-  "note": "## Triage and Analysis\nIf an indicator matches a local observation, the following enriched fields will be generated to identify the indicator, field, and type matched.\n\n- `threatintel.indicator.matched.atomic` - this identifies the atomic indicator that matched the local observation\n- `threatintel.indicator.matched.field` - this identifies the indicator field that matched the local observation\n- `threatintel.indicator.matched.type` - this identifies the indicator type that matched the local observation\n",
+  "note": "## Triage and Analysis\n\nIf an indicator matches a local observation, the following enriched fields will be generated to identify the indicator, field, and type matched.\n\n- `threatintel.indicator.matched.atomic` - this identifies the atomic indicator that matched the local observation\n- `threatintel.indicator.matched.field` - this identifies the indicator field that matched the local observation\n- `threatintel.indicator.matched.type` - this identifies the indicator type that matched the local observation\n",
   "query": "file.hash.*:* or file.pe.imphash:* or source.ip:* or destination.ip:* or url.full:* or registry.path:*",
   "references": [
     "https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-threatintel.html"

From 4831826bae74f7927dc59ab2d9a4af265dc87ae0 Mon Sep 17 00:00:00 2001
From: Andrew Pease <7442091+peasead@users.noreply.github.com>
Date: Mon, 10 May 2021 21:38:20 -0500
Subject: [PATCH 11/11] Update Timeline Template README.md (#95814)

## Summary

`xpack.security_solution.signalsIndex` is listed to be added to `kibana.dev.yml`, however that generates:
```
FATAL  Error: Unknown configuration key(s): "xpack.security_solution.signalsIndex". \
Check for spelling errors and ensure that expected plugins are installed.
```
I think this should be `xpack.securitySolution.signalsIndex`

This is for the steps to create a timeline template.

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---
 .../security_solution/server/lib/detection_engine/README.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/README.md b/x-pack/plugins/security_solution/server/lib/detection_engine/README.md
index d383413088b9b..5806df1de0e3d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/README.md
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/README.md
@@ -35,7 +35,7 @@ source ~/.zshrc
 Open your `kibana.dev.yml` file and add these lines:
 
 ```sh
-xpack.security_solution.signalsIndex: .siem-signals-${your user id}
+xpack.securitySolution.signalsIndex: .siem-signals-${your user id}
 ```
 
 Restart Kibana and ensure that you are using `--no-base-path` as changing the base path is a feature but will