From 8dabfb4a2eccd772c1d436511356088201d792fb Mon Sep 17 00:00:00 2001
From: Ravin Perera <33562092+ravinsp@users.noreply.github.com>
Date: Fri, 17 Dec 2021 07:08:26 +0530
Subject: [PATCH] IP ban refactor with hpws. (#354)

* Refactored corebill.
* Integrated hpws ban tracking.
* Removed session handler helpers.
* Improved bad behaviour reporting.
---
 CMakeLists.txt                     |   4 +-
 src/bill/corebill.cpp              |  91 --------
 src/bill/corebill.h                |  24 --
 src/comm/comm_server.hpp           |  52 +++--
 src/comm/comm_session.cpp          |  36 ++-
 src/comm/comm_session.hpp          |  19 +-
 src/comm/hpws.hpp                  |  64 +++++-
 src/consensus.cpp                  |   1 -
 src/corebill/corebill.hpp          |  28 +++
 src/corebill/tracker.cpp           |  60 +++++
 src/corebill/tracker.hpp           |  25 +++
 src/msg/fbuf/p2pmsg_conversion.cpp |   2 -
 src/p2p/p2p.hpp                    |   1 -
 src/p2p/peer_comm_server.cpp       |   6 +-
 src/p2p/peer_comm_session.cpp      | 297 ++++++++++++++++++++++++-
 src/p2p/peer_session_handler.cpp   | 342 -----------------------------
 src/p2p/peer_session_handler.hpp   |  17 --
 src/p2p/self_node.cpp              |  20 +-
 src/usr/user_comm_session.cpp      |  84 ++++++-
 src/usr/user_session_handler.cpp   | 102 ---------
 src/usr/user_session_handler.hpp   |  15 --
 src/usr/usr.cpp                    |   1 -
 src/usr/usr.hpp                    |   1 -
 test/bin/hpws                      | Bin 43656 -> 43656 bytes
 24 files changed, 641 insertions(+), 651 deletions(-)
 delete mode 100644 src/bill/corebill.cpp
 delete mode 100644 src/bill/corebill.h
 create mode 100644 src/corebill/corebill.hpp
 create mode 100644 src/corebill/tracker.cpp
 create mode 100644 src/corebill/tracker.hpp
 delete mode 100644 src/p2p/peer_session_handler.cpp
 delete mode 100644 src/p2p/peer_session_handler.hpp
 delete mode 100644 src/usr/user_session_handler.cpp
 delete mode 100644 src/usr/user_session_handler.hpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3be708c7..2cbbc4f0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -38,7 +38,7 @@ add_executable(hpcore
     src/crypto.cpp
     src/conf.cpp
     src/hplog.cpp
-    src/bill/corebill.cpp
+    src/corebill/tracker.cpp
     src/hpfs/hpfs_mount.cpp
     src/hpfs/hpfs_serve.cpp
     src/hpfs/hpfs_sync.cpp
@@ -57,11 +57,9 @@ add_executable(hpcore
     src/msg/usrmsg_parser.cpp
     src/p2p/peer_comm_server.cpp
     src/p2p/peer_comm_session.cpp
-    src/p2p/peer_session_handler.cpp
     src/p2p/self_node.cpp
     src/p2p/p2p.cpp
     src/usr/user_comm_session.cpp
-    src/usr/user_session_handler.cpp
     src/usr/input_nonce_map.cpp
     src/usr/usr.cpp
     src/usr/read_req.cpp
diff --git a/src/bill/corebill.cpp b/src/bill/corebill.cpp
deleted file mode 100644
index 53a77f36..00000000
--- a/src/bill/corebill.cpp
+++ /dev/null
@@ -1,91 +0,0 @@
-#include "../pchheader.hpp"
-#include "../util/util.hpp"
-#include "../util/ttl_set.hpp"
-#include "../hplog.hpp"
-#include "corebill.h"
-
-namespace corebill
-{
-
-    // How many violations can occur for a host before being escalated.
-    constexpr uint32_t VIOLATION_THRESHOLD = 10;
-
-    // Violation cooldown interval.
-    constexpr uint32_t VIOLATION_REFRESH_INTERVAL = 600 * 1000; // 10 minutes
-
-    // Keeps track of violation count against offending hosts.
-    std::unordered_map<std::string, violation_stat> violation_counter;
-
-    // Graylist mutex.
-    std::mutex graylist_mutex;
-
-    // Keeps the graylisted hosts.
-    util::ttl_set graylist;
-
-    // Keeps the whitelisted hosts who would be ignored in all violation tracking.
-    std::unordered_set<std::string> whitelist;
-
-    /**
- * Report a violation. Violation means a force disconnection of a socket due to some threshold exceeding.
- */
-    void report_violation(const std::string host)
-    {
-        if (whitelist.find(host) != whitelist.end()) // Is in whitelist
-        {
-            LOG_DEBUG << host << " is whitelisted. Ignoring the violation.";
-            return;
-        }
-
-        violation_stat &stat = violation_counter[host];
-
-        const uint64_t time_now = util::get_epoch_milliseconds();
-
-        stat.counter++;
-
-        if (stat.timestamp == 0)
-        {
-            // Reset counter timestamp.
-            stat.timestamp = time_now;
-        }
-
-        // Check whether we have exceeded the threshold within the monitering interval.
-        const uint64_t elapsed_time = time_now - stat.timestamp;
-        if (elapsed_time <= VIOLATION_REFRESH_INTERVAL && stat.counter > VIOLATION_THRESHOLD)
-        {
-            // IP exceeded violation threshold.
-
-            stat.timestamp = 0;
-            stat.counter = 0;
-            std::scoped_lock<std::mutex> gray_list_lock(graylist_mutex);
-            graylist.emplace(host, VIOLATION_REFRESH_INTERVAL);
-            LOG_WARNING << host << " placed on graylist.";
-        }
-        else if (elapsed_time > VIOLATION_REFRESH_INTERVAL)
-        {
-            // Start the counter fresh.
-            stat.timestamp = time_now;
-            stat.counter = 1;
-        }
-    }
-
-    void add_to_whitelist(const std::string host)
-    {
-        // Add to whitelist and remove from all other offender lists.
-        whitelist.emplace(host);
-        std::scoped_lock<std::mutex> gray_list_lock(graylist_mutex);
-        graylist.erase(host);
-        violation_counter.erase(host);
-    }
-
-    void remove_from_whitelist(const std::string host)
-    {
-        whitelist.erase(host);
-    }
-
-    bool is_banned(const std::string &host)
-    {
-        std::scoped_lock<std::mutex> gray_list_lock(graylist_mutex);
-        return graylist.exists(host);
-    }
-
-} // namespace corebill
\ No newline at end of file
diff --git a/src/bill/corebill.h b/src/bill/corebill.h
deleted file mode 100644
index 8ac0bec3..00000000
--- a/src/bill/corebill.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef _HP_COREBILL_
-#define _HP_COREBILL_
-
-#include "../pchheader.hpp"
-
-namespace corebill
-{
-
-/**
- * Keeps the violation counter and the timestamp of the monitoring window.
- */
-struct violation_stat
-{
-    uint32_t counter = 0;
-    uint64_t timestamp = 0;
-};
-
-void report_violation(const std::string host);
-void add_to_whitelist(const std::string host);
-bool is_banned(const std::string &host);
-
-} // namespace corebill
-
-#endif
\ No newline at end of file
diff --git a/src/comm/comm_server.hpp b/src/comm/comm_server.hpp
index be939ce3..3bffe279 100644
--- a/src/comm/comm_server.hpp
+++ b/src/comm/comm_server.hpp
@@ -4,7 +4,8 @@
 #include "../pchheader.hpp"
 #include "../hplog.hpp"
 #include "../util/util.hpp"
-#include "../bill/corebill.h"
+#include "../corebill/corebill.hpp"
+#include "../corebill/tracker.hpp"
 #include "hpws.hpp"
 #include "comm_session.hpp"
 
@@ -57,6 +58,8 @@ namespace comm
             {
                 util::sleep(100);
 
+                apply_ban_updates();
+
                 // Accept any new incoming connection if available.
                 check_for_new_connection();
 
@@ -106,6 +109,29 @@ namespace comm
             LOG_INFO << name << " listener stopped.";
         }
 
+        void apply_ban_updates()
+        {
+            corebill::ban_update b;
+            while (violation_tracker.ban_updates.try_dequeue(b))
+            {
+                in_addr ia4 = {};
+                in6_addr ia6 = {};
+
+                if (inet_pton((b.is_ipv4 ? AF_INET : AF_INET6), b.host.c_str(), (b.is_ipv4 ? (void *)&ia4 : (void *)&ia6)) == 1)
+                {
+                    const uint32_t *addr = b.is_ipv4 ? (uint32_t *)&ia4.s_addr : ia6.__in6_u.__u6_addr32;
+                    if (b.is_ban)
+                        hpws_server->ban_ip(addr, b.ttl_sec, b.is_ipv4);
+                    else
+                        hpws_server->unban_ip(addr, b.is_ipv4);
+                }
+                else
+                {
+                    LOG_ERROR << "Invalid host " << b.host << " in ban update.";
+                }
+            }
+        }
+
         void check_for_new_connection()
         {
             if (listen_port == 0)
@@ -134,18 +160,12 @@ namespace comm
             else
             {
                 const std::string &host_address = std::get<std::string>(host_result);
-                if (!corebill::is_banned(host_address))
-                {
-                    // We do not directly add to sessions list. We simply add to new_sessions list under a lock so the main server
-                    // loop will take care of initialize the new sessions. This is because inherited classes (eg. peer_comm_server)
-                    // need a way to safely inject new sessions from another thread.
-                    std::scoped_lock<std::mutex> lock(new_sessions_mutex);
-                    new_sessions.emplace_back(host_address, std::move(client), true, metric_thresholds);
-                }
-                else
-                {
-                    LOG_DEBUG << "Dropping " << name << " connection for banned host " << host_address;
-                }
+
+                // We do not directly add to sessions list. We simply add to new_sessions list under a lock so the main server
+                // loop will take care of initialize the new sessions. This is because inherited classes (eg. peer_comm_server)
+                // need a way to safely inject new sessions from another thread.
+                std::scoped_lock<std::mutex> lock(new_sessions_mutex);
+                new_sessions.emplace_back(this->violation_tracker, host_address, std::move(client), client.is_ipv4, true, metric_thresholds);
             }
 
             // If the hpws client object was not added to a session so far, in will get dstructed and the channel will close.
@@ -181,7 +201,7 @@ namespace comm
                                 messages_processed = true;
 
                                 if (result == -1)
-                                    session.mark_for_closure();
+                                    session.mark_for_closure(CLOSE_VIOLATION::VIOLATION_MSG_READ);
                             }
                         }
                     }
@@ -195,7 +215,7 @@ namespace comm
                             messages_processed = true;
 
                         if (result == -1)
-                            session.mark_for_closure();
+                            session.mark_for_closure(CLOSE_VIOLATION::VIOLATION_MSG_READ);
                     }
                 }
 
@@ -233,6 +253,8 @@ namespace comm
         }
 
     public:
+        corebill::tracker violation_tracker;
+
         comm_server(std::string_view name, const uint16_t port, const uint64_t (&metric_thresholds)[5], const uint64_t max_msg_size,
                     const uint64_t max_in_connections, const uint64_t max_in_connections_per_host, const bool use_priority_queues)
             : name(name),
diff --git a/src/comm/comm_session.cpp b/src/comm/comm_session.cpp
index 9ca23fad..45868c7b 100644
--- a/src/comm/comm_session.cpp
+++ b/src/comm/comm_session.cpp
@@ -2,7 +2,7 @@
 #include "../hplog.hpp"
 #include "../util/util.hpp"
 #include "../conf.hpp"
-#include "../bill/corebill.h"
+#include "../corebill/tracker.hpp"
 #include "hpws.hpp"
 #include "comm_session.hpp"
 
@@ -12,11 +12,13 @@ namespace comm
     constexpr uint32_t UNVERIFIED_INACTIVE_TIMEOUT = 5000; // Time threshold ms for unverified inactive connections.
     constexpr uint16_t MAX_IN_MSG_QUEUE_SIZE = 255;        // Maximum in message queue size, The size passed is rounded to next number in binary sequence 1(1),11(3),111(7),1111(15),11111(31)....
 
-    comm_session::comm_session(
-        std::string_view host_address, hpws::client &&hpws_client, const bool is_inbound, const uint64_t (&metric_thresholds)[5])
-        : uniqueid(host_address),
+    comm_session::comm_session(corebill::tracker &violation_tracker,
+                               std::string_view host_address, hpws::client &&hpws_client, const bool is_ipv4, const bool is_inbound, const uint64_t (&metric_thresholds)[5])
+        : violation_tracker(violation_tracker),
+          uniqueid(host_address),
           host_address(host_address),
           hpws_client(std::move(hpws_client)),
+          is_ipv4(is_ipv4),
           is_inbound(is_inbound),
           in_msg_queue1(MAX_IN_MSG_QUEUE_SIZE),
           in_msg_queue2(MAX_IN_MSG_QUEUE_SIZE)
@@ -81,7 +83,10 @@ namespace comm
                 const int priority = get_message_priority(data);
                 if (priority == 0) // priority 0 means a bad message.
                 {
-                    increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
+                    if (challenge_status == comm::CHALLENGE_STATUS::CHALLENGE_VERIFIED)
+                        increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
+                    else
+                        should_disconnect = true; // Disconnect if we receive a bad message before challenge verification.
                 }
                 else if (priority == 1 || priority == 2)
                 {
@@ -110,9 +115,14 @@ namespace comm
 
             if (should_disconnect)
             {
+                // Report bad behaviour for connection drops occuring prior to challenge verification.
+                const CLOSE_VIOLATION reason = (challenge_status != comm::CHALLENGE_STATUS::CHALLENGE_VERIFIED)
+                                                   ? CLOSE_VIOLATION::VIOLATION_READ_ERROR
+                                                   : CLOSE_VIOLATION::VIOLATION_NONE;
+
                 // Here we mark the session as needing to close.
                 // The session will be properly "closed" and cleaned up by the global comm_server thread.
-                mark_for_closure();
+                mark_for_closure(reason);
                 break;
             }
         }
@@ -242,12 +252,15 @@ namespace comm
      * Mark the session as needing to close. The session will be properly "closed"
      * and cleaned up by the global comm_server thread.
      */
-    void comm_session::mark_for_closure()
+    void comm_session::mark_for_closure(const CLOSE_VIOLATION reason)
     {
-        if (state == SESSION_STATE::CLOSED)
+        if (state == SESSION_STATE::MUST_CLOSE || state == SESSION_STATE::CLOSED)
             return;
 
         state = SESSION_STATE::MUST_CLOSE;
+
+        if (reason != CLOSE_VIOLATION::VIOLATION_NONE)
+            violation_tracker.report_violation(host_address, is_ipv4, std::to_string(reason));
     }
 
     /**
@@ -323,17 +336,16 @@ namespace comm
             t.timestamp = time_now;
         }
 
-        // Check whether we have exceeded the threshold within the monitering interval.
+        // Check whether we have exceeded the threshold within the monitoring interval.
         const uint64_t elapsed_time = time_now - t.timestamp;
         if (elapsed_time <= t.intervalms && t.counter_value > t.threshold_limit)
         {
-            mark_for_closure();
 
             t.timestamp = 0;
             t.counter_value = 0;
 
             LOG_INFO << "Session " << display_name() << " threshold exceeded. (type:" << threshold_type << " limit:" << t.threshold_limit << ")";
-            corebill::report_violation(host_address);
+            mark_for_closure(CLOSE_VIOLATION::VIOLATION_THRESHOLD_EXCEEDED);
         }
         else if (elapsed_time > t.intervalms)
         {
@@ -356,7 +368,7 @@ namespace comm
         if (util::get_epoch_milliseconds() - last_activity_timestamp >= timeout)
         {
             LOG_DEBUG << "Closing " << display_name() << " connection due to inactivity.";
-            mark_for_closure();
+            mark_for_closure(CLOSE_VIOLATION::VIOLATION_INACTIVITY);
         }
     }
 
diff --git a/src/comm/comm_session.hpp b/src/comm/comm_session.hpp
index 6c381a0f..76a6ae8e 100644
--- a/src/comm/comm_session.hpp
+++ b/src/comm/comm_session.hpp
@@ -3,12 +3,12 @@
 
 #include "../pchheader.hpp"
 #include "../conf.hpp"
+#include "../corebill/tracker.hpp"
 #include "hpws.hpp"
 #include "comm_session_threshold.hpp"
 
 namespace comm
 {
-
     enum CHALLENGE_STATUS
     {
         NOT_ISSUED,
@@ -24,12 +24,22 @@ namespace comm
         CLOSED      // Session is fully closed.
     };
 
+    enum CLOSE_VIOLATION
+    {
+        VIOLATION_NONE = 0,
+        VIOLATION_MSG_READ = 1,
+        VIOLATION_READ_ERROR = 2,
+        VIOLATION_THRESHOLD_EXCEEDED = 3,
+        VIOLATION_INACTIVITY = 4
+    };
+
     /** 
      * Represents an active WebSocket connection
      */
     class comm_session
     {
     private:
+        corebill::tracker &violation_tracker;
         std::optional<hpws::client> hpws_client;
         std::vector<session_threshold> thresholds; // track down various communication thresholds
 
@@ -53,14 +63,15 @@ namespace comm
         std::string uniqueid; // Verified session: Pubkey in hex format, Unverified session: IP address.
         std::string pubkey;   // Pubkey in binary format.
         const bool is_inbound;
+        const bool is_ipv4;   // Whether the host is ipv4 or ipv6.
         const std::string host_address; // Connection host address of the remote party.
         std::string issued_challenge;
         SESSION_STATE state = SESSION_STATE::NONE;
         CHALLENGE_STATUS challenge_status = CHALLENGE_STATUS::NOT_ISSUED;
         uint64_t last_activity_timestamp; // Keep track of the last activity timestamp in milliseconds.
 
-        comm_session(
-            std::string_view host_address, hpws::client &&hpws_client, const bool is_inbound, const uint64_t (&metric_thresholds)[5]);
+        comm_session(corebill::tracker &violation_tracker,
+            std::string_view host_address, hpws::client &&hpws_client, const bool is_ipv4, const bool is_inbound, const uint64_t (&metric_thresholds)[5]);
         int init();
         int process_next_inbound_message(const uint16_t priority);
         int send(const std::vector<uint8_t> &message, const uint16_t priority = 2);
@@ -68,7 +79,7 @@ namespace comm
         int process_outbound_message(std::string_view message);
         void process_outbound_msg_queue();
         void check_last_activity_rules();
-        void mark_for_closure();
+        void mark_for_closure(const CLOSE_VIOLATION reason = CLOSE_VIOLATION::VIOLATION_NONE);
         void close();
         void mark_as_verified();
         virtual const std::string display_name() const;
diff --git a/src/comm/hpws.hpp b/src/comm/hpws.hpp
index b6b63e4b..aa287bff 100644
--- a/src/comm/hpws.hpp
+++ b/src/comm/hpws.hpp
@@ -2,7 +2,6 @@
 #define HPWS_INCLUDE
 #include <signal.h>
 #include <poll.h>
-#include <sys/types.h>
 #include <variant>
 #include <optional>
 #include <functional>
@@ -18,6 +17,7 @@
 #include <fcntl.h>
 #include <sys/wait.h>
 #include <netdb.h>
+#include <arpa/inet.h>
 
 #define DECODE_O_SIZE(control_msg, into)                                             \
     {                                                                                \
@@ -84,6 +84,7 @@ namespace hpws
             pid_t child_pid,
             int buffer_fd[4],
             void *buffer[4]) : endpoint(endpoint),
+                               is_ipv4(endpoint.sa.sa_family == AF_INET),
                                max_buffer_size(max_buffer_size),
                                child_pid(child_pid), get(get)
         {
@@ -100,6 +101,8 @@ namespace hpws
         }
 
     public:
+        bool is_ipv4 = false;
+
         // No copy constructor
         client(const client &) = delete;
 
@@ -107,6 +110,7 @@ namespace hpws
         client(client &&old) : child_pid(old.child_pid),
                                max_buffer_size(old.max_buffer_size),
                                endpoint(old.endpoint),
+                               is_ipv4(old.is_ipv4),
                                get(old.get)
         {
             old.moved = true;
@@ -152,9 +156,11 @@ namespace hpws
         const std::variant<std::string, error> host_address()
         {
             char hostname[NI_MAXHOST];
-            const int ret = getnameinfo((sockaddr *)&endpoint, sizeof(sockaddr), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);
-            if (ret != 0)
-                return error{10, gai_strerror(ret)};
+            const char *ret = (endpoint.sa.sa_family == AF_INET)
+                                  ? inet_ntop(AF_INET, &endpoint.sin.sin_addr, hostname, NI_MAXHOST)
+                                  : inet_ntop(AF_INET6, &endpoint.sin6.sin6_addr, hostname, NI_MAXHOST);
+            if (!ret)
+                return error{10, "error in inet_ntop"};
 
             return hostname;
         }
@@ -605,6 +611,56 @@ namespace hpws
             return max_buffer_size_;
         }
 
+        void ban_ip(const uint32_t *addr, const uint32_t ttl_sec, const bool ipv4)
+        {
+            const size_t len = ipv4 ? 11 : 23;
+            char buf[len];
+            buf[0] = 'i';
+            buf[1] = '+';
+            buf[2] = ipv4 ? '4' : '6';
+
+            uint32_t *addr_buf = (uint32_t *)&buf[3];
+            if (ipv4)
+            {
+                addr_buf[0] = addr[0];
+            }
+            else
+            {
+                addr_buf[0] = addr[0];
+                addr_buf[1] = addr[2];
+                addr_buf[2] = addr[3];
+                addr_buf[3] = addr[4];
+            }
+
+            *(uint32_t *)&buf[len - 4] = ttl_sec;
+
+            write(this->master_control_fd_, buf, len);
+        }
+
+        void unban_ip(const uint32_t *addr, const bool ipv4)
+        {
+            const size_t len = ipv4 ? 7 : 19;
+            char buf[len];
+            buf[0] = 'i';
+            buf[1] = '-';
+            buf[2] = ipv4 ? '4' : '6';
+
+            uint32_t *addr_buf = (uint32_t *)&buf[3];
+            if (ipv4)
+            {
+                addr_buf[0] = addr[0];
+            }
+            else
+            {
+                addr_buf[0] = addr[0];
+                addr_buf[1] = addr[2];
+                addr_buf[2] = addr[3];
+                addr_buf[3] = addr[4];
+            }
+
+            write(this->master_control_fd_, buf, len);
+        }
+
         std::variant<client, error> accept(const bool no_block = false)
         {
 
diff --git a/src/consensus.cpp b/src/consensus.cpp
index 8b6d46e2..14c0c270 100644
--- a/src/consensus.cpp
+++ b/src/consensus.cpp
@@ -7,7 +7,6 @@
 #include "msg/fbuf/p2pmsg_conversion.hpp"
 #include "msg/usrmsg_parser.hpp"
 #include "msg/usrmsg_common.hpp"
-#include "p2p/peer_session_handler.hpp"
 #include "hplog.hpp"
 #include "crypto.hpp"
 #include "util/h32.hpp"
diff --git a/src/corebill/corebill.hpp b/src/corebill/corebill.hpp
new file mode 100644
index 00000000..16427946
--- /dev/null
+++ b/src/corebill/corebill.hpp
@@ -0,0 +1,28 @@
+#ifndef _HP_COREBILL_
+#define _HP_COREBILL_
+
+#include "../pchheader.hpp"
+
+namespace corebill
+{
+
+    /**
+ * Keeps the violation counter and the timestamp of the monitoring window.
+ */
+    struct violation_stat
+    {
+        uint32_t counter = 0;
+        uint64_t timestamp = 0;
+    };
+
+    struct ban_update
+    {
+        bool is_ban = false;  // Whether to ban or unban.
+        bool is_ipv4 = false; // If host is ipv4 or ipv6.
+        std::string host;
+        uint32_t ttl_sec; // Time in seconds to enforce the ban. Relevent only for bans.
+    };
+
+} // namespace corebill
+
+#endif
\ No newline at end of file
diff --git a/src/corebill/tracker.cpp b/src/corebill/tracker.cpp
new file mode 100644
index 00000000..4601be48
--- /dev/null
+++ b/src/corebill/tracker.cpp
@@ -0,0 +1,60 @@
+#include "../pchheader.hpp"
+#include "corebill.hpp"
+#include "tracker.hpp"
+#include "../util/util.hpp"
+
+namespace corebill
+{
+    // How many violations can a host make within the refresh interval before being banned.
+    constexpr uint32_t VIOLATION_THRESHOLD = 5;
+
+    // Violation cooldown interval.
+    constexpr uint32_t VIOLATION_REFRESH_INTERVAL = 600 * 1000; // 10 minutes
+
+    // Ban period.
+    constexpr uint32_t BAN_TTL_SEC = 600; // 10 minutes.
+
+    /**
+     * Report a violation. Violation means the connection has displayed a bad behaviour.
+     * When multiple violations occur within a time window, we ban that host from connecting again for a certain duration.
+     */
+    void tracker::report_violation(const std::string &host, const bool ipv4, const std::string &reason)
+    {
+        std::scoped_lock lock(ban_mutex);
+
+        violation_stat &stat = violation_counter[host];
+        const uint64_t time_now = util::get_epoch_milliseconds();
+
+        LOG_INFO << "Reported violation '" << reason << "' from " << host;
+
+        // Check whether we have exceeded the violation threshold within the time window.
+        const uint64_t elapsed_time = time_now - stat.timestamp;
+        if (elapsed_time <= VIOLATION_REFRESH_INTERVAL && (stat.counter + 1) > VIOLATION_THRESHOLD)
+        {
+            violation_counter.erase(host);
+
+            // IP exceeded violation threshold. We must ban the host.
+            LOG_WARNING << "Banning " << host << " for " << BAN_TTL_SEC << "s";
+            ban_updates.enqueue(ban_update{true, ipv4, host, BAN_TTL_SEC}); // Inform hpws about the ban.
+            banned_hosts.emplace(host, BAN_TTL_SEC * 1000);                 // Add to local ban list to cross-check outgoing connections.
+            return;
+        }
+
+        if (stat.timestamp == 0 || elapsed_time > VIOLATION_REFRESH_INTERVAL)
+        {
+            // Start the counter fresh.
+            stat.timestamp = time_now;
+            stat.counter = 1;
+        }
+        else
+        {
+            stat.counter++;
+        }
+    }
+
+    bool tracker::is_banned(const std::string &host)
+    {
+        std::scoped_lock lock(ban_mutex);
+        return banned_hosts.exists(host);
+    }
+}
\ No newline at end of file
diff --git a/src/corebill/tracker.hpp b/src/corebill/tracker.hpp
new file mode 100644
index 00000000..ae164248
--- /dev/null
+++ b/src/corebill/tracker.hpp
@@ -0,0 +1,25 @@
+#ifndef _HP_COREBILL_TRACKER_
+#define _HP_COREBILL_TRACKER_
+
+#include "../pchheader.hpp"
+#include "../util/ttl_set.hpp"
+#include "corebill.hpp"
+
+namespace corebill
+{
+    class tracker
+    {
+    private:
+        // Keeps track of violation count against offending hosts.
+        std::unordered_map<std::string, violation_stat> violation_counter;
+        util::ttl_set banned_hosts;
+        std::mutex ban_mutex;
+
+    public:
+        moodycamel::ConcurrentQueue<ban_update> ban_updates;
+        void report_violation(const std::string &host, const bool ipv4, const std::string &reason);
+        bool is_banned(const std::string &host);
+    };
+}
+
+#endif
\ No newline at end of file
diff --git a/src/msg/fbuf/p2pmsg_conversion.cpp b/src/msg/fbuf/p2pmsg_conversion.cpp
index 12ede0cc..f250c667 100644
--- a/src/msg/fbuf/p2pmsg_conversion.cpp
+++ b/src/msg/fbuf/p2pmsg_conversion.cpp
@@ -17,8 +17,6 @@ namespace msg::fbuf::p2pmsg
 
     /**
      * This section contains Flatbuffer message reading/writing helpers.
-     * These helpers are mainly used by peer_session_handler and other components which sends outgoing p2p messages.
-     * 
      * A p2p flatbuffer message is a bucket with hp version and the message 'content'.
      */
 
diff --git a/src/p2p/p2p.hpp b/src/p2p/p2p.hpp
index 534d13ac..ab5dc95e 100644
--- a/src/p2p/p2p.hpp
+++ b/src/p2p/p2p.hpp
@@ -10,7 +10,6 @@
 #include "../msg/fbuf/p2pmsg_generated.h"
 #include "peer_comm_server.hpp"
 #include "peer_comm_session.hpp"
-#include "peer_session_handler.hpp"
 
 namespace p2p
 {
diff --git a/src/p2p/peer_comm_server.cpp b/src/p2p/peer_comm_server.cpp
index a68e2faf..ac9e569c 100644
--- a/src/p2p/peer_comm_server.cpp
+++ b/src/p2p/peer_comm_server.cpp
@@ -198,12 +198,12 @@ namespace p2p
                 else
                 {
                     const std::string &host_address = std::get<std::string>(host_result);
-                    p2p::peer_comm_session session(host_address, std::move(client), false, metric_thresholds);
+                    p2p::peer_comm_session session(this->violation_tracker, host_address, std::move(client), client.is_ipv4, false, metric_thresholds);
 
                     // Skip if this peer is banned due to corebill violations.
-                    if (corebill::is_banned(host_address))
+                    if (violation_tracker.is_banned(host_address))
                     {
-                        LOG_DEBUG << "Skipping peer " << host_address << " from connecting. This peer is banned.";
+                        LOG_DEBUG << "Skipping connecting to banned peer " << host_address;
                         continue;
                     }
 
diff --git a/src/p2p/peer_comm_session.cpp b/src/p2p/peer_comm_session.cpp
index 93054596..6bfcd152 100644
--- a/src/p2p/peer_comm_session.cpp
+++ b/src/p2p/peer_comm_session.cpp
@@ -1,32 +1,317 @@
 #include "../pchheader.hpp"
+#include "../util/rollover_hashset.hpp"
+#include "../msg/fbuf/p2pmsg_generated.h"
+#include "../msg/fbuf/p2pmsg_conversion.hpp"
+#include "../msg/fbuf/common_helpers.hpp"
+#include "../crypto.hpp"
+#include "../sc/hpfs_log_sync.hpp"
+#include "../sc/sc.hpp"
+#include "../ledger/ledger.hpp"
 #include "peer_comm_session.hpp"
-#include "peer_session_handler.hpp"
+
+namespace p2pmsg = msg::fbuf::p2pmsg;
 
 namespace p2p
 {
+    // Max size of messages which are subjected to duplicate message check.
+    constexpr size_t MAX_SIZE_FOR_DUP_CHECK = 1 * 1024 * 1024; // 1 MB
+
+    // The set of recent peer message hashes used for duplicate detection.
+    util::rollover_hashset recent_peermsg_hashes(200);
+
+    /**
+     * This gets hit every time a peer connects to HP via the peer port (configured in config).
+     * @param session connected session.
+     * @return returns 0 if connection is successful and peer challenge is sent otherwise, -1.
+     */
     int peer_comm_session::handle_connect()
     {
-        return p2p::handle_peer_connect(*this);
+        // Skip new inbound connection if max inbound connection cap is reached.
+        if (is_inbound && calculate_available_capacity() == 0)
+        {
+            LOG_DEBUG << "Max peer connection cap reached. Rejecting new peer connection [" << display_name() << "]";
+            return -1;
+        }
+
+        // Send peer challenge.
+        flatbuffers::FlatBufferBuilder fbuf;
+        p2pmsg::create_msg_from_peer_challenge(fbuf, issued_challenge);
+        std::string_view msg = std::string_view(
+            reinterpret_cast<const char *>(fbuf.GetBufferPointer()), fbuf.GetSize());
+        send(msg);
+        challenge_status = comm::CHALLENGE_STATUS::CHALLENGE_ISSUED;
+        return 0;
     }
 
+    /**
+     * Returns the priority that should be assigned to the message.
+     * @return 0 if bad message. 1 or 2 if correct priority was assigned.
+     */
     int peer_comm_session::get_message_priority(std::string_view msg)
     {
-        return p2p::get_message_priority(msg);
+        if (!p2pmsg::verify_peer_message(msg))
+        {
+            LOG_DEBUG << "Flatbuffer verify: Bad peer message.";
+            return 0;
+        }
+
+        const auto p2p_msg = p2pmsg::GetP2PMsg(msg.data());
+        const msg::fbuf::p2pmsg::P2PMsgContent type = p2p_msg->content_type();
+
+        if (type == p2pmsg::P2PMsgContent_ProposalMsg || type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
+            return 1; // High priority
+        else
+            return 2; // Low priority
     }
 
+    /**
+     * Peer session on message callback method. Validate and handle each type of peer messages.
+     * @return 0 on normal execution. -1 when session needs to be closed as a result of message handling.
+     */
     int peer_comm_session::handle_message(std::string_view msg)
     {
-        return p2p::handle_peer_message(*this, msg);
+        const size_t message_size = msg.size();
+        // Adding message size to peer message characters(bytes) per minute counter.
+        increment_metric(comm::SESSION_THRESHOLDS::MAX_RAWBYTES_PER_MINUTE, message_size);
+
+        const peer_message_info mi = p2pmsg::get_peer_message_info(msg, this);
+        if (!mi.p2p_msg) // Message buffer will be null if peer message was too old.
+            return 0;
+
+        // Messages larger than the duplicate message threshold is ignored from the duplicate message check
+        // due to the overhead in hash generation for larger messages.
+        if (message_size <= MAX_SIZE_FOR_DUP_CHECK && !recent_peermsg_hashes.try_emplace(crypto::get_hash(msg)))
+        {
+            increment_metric(comm::SESSION_THRESHOLDS::MAX_DUPMSGS_PER_MINUTE, 1);
+            LOG_DEBUG << "Duplicate peer message. type:" << mi.type << " from:" << display_name();
+            return 0;
+        }
+
+        // Check whether the message is qualified for message forwarding.
+        if (p2p::validate_for_peer_msg_forwarding(*this, mi.type, mi.originated_on))
+        {
+            // Npl messages and consensus proposals are forwarded only to unl nodes if relavent flags (npl and consensus) are set to private.
+            // If consensus and npl flags are public, these messages are forward to all the connected nodes.
+            const bool unl_only = (!conf::cfg.contract.is_npl_public && mi.type == p2pmsg::P2PMsgContent_NplMsg) ||
+                                  (!conf::cfg.contract.is_consensus_public && mi.type == p2pmsg::P2PMsgContent_ProposalMsg);
+            if (need_consensus_msg_forwarding)
+            {
+                // Forward messages received by weakly connected nodes to other peers.
+                p2p::broadcast_message(msg, false, false, unl_only, this);
+            }
+            else
+            {
+                // Forward message received from other nodes to weakly connected peers.
+                p2p::broadcast_message(msg, false, true, unl_only, this);
+            }
+        }
+
+        if (mi.type == p2pmsg::P2PMsgContent_PeerChallengeMsg)
+        {
+            const p2p::peer_challenge chall = p2pmsg::create_peer_challenge_from_msg(mi);
+
+            // Check whether contract ids match.
+            if (chall.contract_id != conf::cfg.contract.id)
+            {
+                LOG_ERROR << "Contract id mismatch. Dropping connection " << display_name();
+                return -1;
+            }
+
+            // Remember the time config reported by this peer.
+            reported_time_config = chall.time_config;
+
+            // Whether this node is a full history node or not.
+            is_full_history = chall.is_full_history;
+
+            // Sending the challenge response to the sender.
+            flatbuffers::FlatBufferBuilder fbuf;
+            p2pmsg::create_peer_challenge_response_from_challenge(fbuf, chall.challenge);
+            return send(msg::fbuf::builder_to_string_view(fbuf));
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_PeerChallengeResponseMsg)
+        {
+            // Ignore if challenge is already resolved.
+            if (challenge_status == comm::CHALLENGE_STATUS::CHALLENGE_ISSUED)
+                return p2p::resolve_peer_challenge(*this, p2pmsg::create_peer_challenge_response_from_msg(mi));
+        }
+
+        if (challenge_status != comm::CHALLENGE_STATUS::CHALLENGE_VERIFIED)
+        {
+            LOG_DEBUG << "Cannot accept messages. Peer challenge unresolved. " << display_name();
+            return 0;
+        }
+
+        if (mi.type == p2pmsg::P2PMsgContent_PeerListResponseMsg)
+        {
+            const std::vector<p2p::peer_properties> merge_peers = p2pmsg::create_peer_list_response_from_msg(mi);
+            p2p::merge_peer_list("Peer_Discovery", &merge_peers, NULL, this);
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_PeerListRequestMsg)
+        {
+            p2p::send_known_peer_list(this);
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_PeerCapacityAnnouncementMsg)
+        {
+            if (known_ipport.has_value())
+            {
+                const p2p::peer_capacity_announcement ann = p2pmsg::create_peer_capacity_announcement_from_msg(mi);
+                p2p::update_known_peer_available_capacity(known_ipport.value(), ann.available_capacity, ann.timestamp);
+            }
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_PeerRequirementAnnouncementMsg)
+        {
+            const p2p::peer_requirement_announcement ann = p2pmsg::create_peer_requirement_announcement_from_msg(mi);
+            need_consensus_msg_forwarding = ann.need_consensus_msg_forwarding;
+            LOG_DEBUG << "Peer requirement: " << display_name() << " consensus msg forwarding:" << ann.need_consensus_msg_forwarding;
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
+        {
+            handle_nonunl_proposal_message(p2pmsg::create_nonunl_proposal_from_msg(mi));
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_ProposalMsg)
+        {
+            const util::h32 hash = p2pmsg::verify_proposal_msg_trust(mi);
+            if (hash == util::h32_empty)
+            {
+                increment_metric(comm::SESSION_THRESHOLDS::MAX_BADSIGMSGS_PER_MINUTE, 1);
+                LOG_DEBUG << "Proposal rejected due to trust failure. " << display_name();
+                return 0;
+            }
+
+            handle_proposal_message(p2pmsg::create_proposal_from_msg(mi, hash));
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_NplMsg)
+        {
+            if (!p2pmsg::verify_npl_msg_trust(mi))
+            {
+                increment_metric(comm::SESSION_THRESHOLDS::MAX_BADSIGMSGS_PER_MINUTE, 1);
+                LOG_DEBUG << "Npl message rejected due to trust failure. " << display_name();
+                return 0;
+            }
+
+            handle_npl_message(p2pmsg::create_npl_from_msg(mi));
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_HpfsRequestMsg)
+        {
+            const p2p::hpfs_request hr = p2pmsg::create_hpfs_request_from_msg(mi);
+            if (hr.mount_id == sc::contract_fs.mount_id)
+            {
+                // Check the cap and insert request with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.contract_hpfs_requests_mutex);
+
+                // If max number of state requests reached skip the rest.
+                if (ctx.collected_msgs.contract_hpfs_requests.size() < p2p::HPFS_REQ_LIST_CAP)
+                    ctx.collected_msgs.contract_hpfs_requests.push_back(std::make_pair(pubkey, std::move(hr)));
+                else
+                    LOG_DEBUG << "Hpfs contract fs request rejected. Maximum hpfs contract fs request count reached. " << display_name();
+            }
+            else if (hr.mount_id == ledger::ledger_fs.mount_id)
+            {
+                // Check the cap and insert request with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.ledger_hpfs_requests_mutex);
+
+                // If max number of state requests reached skip the rest.
+                if (ctx.collected_msgs.ledger_hpfs_requests.size() < p2p::HPFS_REQ_LIST_CAP)
+                    ctx.collected_msgs.ledger_hpfs_requests.push_back(std::make_pair(pubkey, std::move(hr)));
+                else
+                    LOG_DEBUG << "Hpfs ledger fs request rejected. Maximum hpfs ledger fs request count reached. " << display_name();
+            }
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_HpfsResponseMsg)
+        {
+            const p2pmsg::HpfsResponseMsg &resp_msg = *mi.p2p_msg->content_as_HpfsResponseMsg();
+
+            // Only accept hpfs responses if hpfs fs is syncing.
+            if (sc::contract_sync_worker.is_syncing && resp_msg.mount_id() == sc::contract_fs.mount_id)
+            {
+                // Check the cap and insert state_response with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.contract_hpfs_responses_mutex);
+
+                // If max number of state responses reached skip the rest.
+                if (ctx.collected_msgs.contract_hpfs_responses.size() < p2p::HPFS_RES_LIST_CAP)
+                    ctx.collected_msgs.contract_hpfs_responses.push_back(std::make_pair(uniqueid, std::string(msg)));
+                else
+                    LOG_DEBUG << "Contract hpfs response rejected. Maximum response count reached. " << display_name();
+            }
+            else if (ledger::ledger_sync_worker.is_syncing && resp_msg.mount_id() == ledger::ledger_fs.mount_id)
+            {
+                // Check the cap and insert state_response with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.ledger_hpfs_responses_mutex);
+
+                // If max number of state responses reached skip the rest.
+                if (ctx.collected_msgs.ledger_hpfs_responses.size() < p2p::HPFS_RES_LIST_CAP)
+                    ctx.collected_msgs.ledger_hpfs_responses.push_back(std::make_pair(uniqueid, std::string(msg)));
+                else
+                    LOG_DEBUG << "Ledger hpfs response rejected. Maximum response count reached. " << display_name();
+            }
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_HpfsLogRequest)
+        {
+            if (conf::cfg.node.history == conf::HISTORY::FULL)
+            {
+                // Check the cap and insert log record request with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.hpfs_log_request_mutex);
+
+                // If max number of log record requests reached, skip the rest.
+                if (ctx.collected_msgs.hpfs_log_requests.size() < p2p::LOG_RECORD_REQ_LIST_CAP)
+                {
+                    const p2p::hpfs_log_request hpfs_log_request = p2pmsg::create_hpfs_log_request_from_msg(mi);
+                    ctx.collected_msgs.hpfs_log_requests.push_back(std::make_pair(uniqueid, std::move(hpfs_log_request)));
+                }
+                else
+                    LOG_DEBUG << "Hpfs log request rejected. Maximum request count reached. " << display_name();
+            }
+        }
+        else if (mi.type == p2pmsg::P2PMsgContent_HpfsLogResponse)
+        {
+            if (conf::cfg.node.history == conf::HISTORY::FULL && sc::hpfs_log_sync::sync_ctx.is_syncing)
+            {
+                // Check the cap and insert log record response with lock.
+                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.hpfs_log_response_mutex);
+
+                // If max number of log record responses reached, skip the rest.
+                if (ctx.collected_msgs.hpfs_log_responses.size() < p2p::LOG_RECORD_RES_LIST_CAP)
+                {
+                    const p2p::hpfs_log_response hpfs_log_response = p2pmsg::create_hpfs_log_response_from_msg(mi);
+                    ctx.collected_msgs.hpfs_log_responses.push_back(std::make_pair(uniqueid, std::move(hpfs_log_response)));
+                }
+                else
+                    LOG_DEBUG << "Hpfs log response rejected. Maximum response count reached. " << display_name();
+            }
+        }
+        else
+        {
+            increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
+            LOG_DEBUG << "Received invalid peer message type [" << mi.type << "]. " << display_name();
+        }
+        return 0;
     }
 
     void peer_comm_session::handle_close()
     {
-        p2p::handle_peer_close(*this);
+        {
+            // Erase the corresponding pubkey peer connection if it's this session.
+            std::scoped_lock<std::mutex> lock(ctx.peer_connections_mutex);
+            const auto itr = ctx.peer_connections.find(pubkey);
+            if (itr != ctx.peer_connections.end() && itr->second == this)
+            {
+                ctx.peer_connections.erase(itr);
+            }
+        }
+
+        // Update peer properties to default on peer close.
+        if (known_ipport.has_value())
+            p2p::update_known_peer_available_capacity(known_ipport.value(), -1, 0);
     }
 
+    /**
+     * Logic related to peer sessions on verfied is invoked here.
+     */
     void peer_comm_session::handle_on_verified()
     {
-        p2p::handle_peer_on_verified(*this);
+        // Sending newly verified node the requirement of consensus msg fowarding if this node is weakly connected.
+        if (status::get_weakly_connected())
+            p2p::send_peer_requirement_announcement(true, this);
     }
 
 } // namespace p2p
\ No newline at end of file
diff --git a/src/p2p/peer_session_handler.cpp b/src/p2p/peer_session_handler.cpp
deleted file mode 100644
index a2c604c7..00000000
--- a/src/p2p/peer_session_handler.cpp
+++ /dev/null
@@ -1,342 +0,0 @@
-#include "../pchheader.hpp"
-#include "../conf.hpp"
-#include "../consensus.hpp"
-#include "../crypto.hpp"
-#include "../util/util.hpp"
-#include "../util/rollover_hashset.hpp"
-#include "../hplog.hpp"
-#include "../msg/fbuf/p2pmsg_generated.h"
-#include "../msg/fbuf/p2pmsg_conversion.hpp"
-#include "../msg/fbuf/common_helpers.hpp"
-#include "../ledger/ledger.hpp"
-#include "peer_comm_session.hpp"
-#include "p2p.hpp"
-#include "../unl.hpp"
-#include "../sc/hpfs_log_sync.hpp"
-#include "../status.hpp"
-
-namespace p2pmsg = msg::fbuf::p2pmsg;
-
-namespace p2p
-{
-    // Max size of messages which are subjected to duplicate message check.
-    constexpr size_t MAX_SIZE_FOR_DUP_CHECK = 1 * 1024 * 1024; // 1 MB
-
-    // The set of recent peer message hashes used for duplicate detection.
-    util::rollover_hashset recent_peermsg_hashes(200);
-
-    /**
-     * This gets hit every time a peer connects to HP via the peer port (configured in config).
-     * @param session connected session.
-     * @return returns 0 if connection is successful and peer challenge is sent otherwise, -1.
-     */
-    int handle_peer_connect(p2p::peer_comm_session &session)
-    {
-        // Skip new inbound connection if max inbound connection cap is reached.
-        if (session.is_inbound && calculate_available_capacity() == 0)
-        {
-            LOG_DEBUG << "Max peer connection cap reached. Rejecting new peer connection [" << session.display_name() << "]";
-            return -1;
-        }
-
-        // Send peer challenge.
-        flatbuffers::FlatBufferBuilder fbuf;
-        p2pmsg::create_msg_from_peer_challenge(fbuf, session.issued_challenge);
-        std::string_view msg = std::string_view(
-            reinterpret_cast<const char *>(fbuf.GetBufferPointer()), fbuf.GetSize());
-        session.send(msg);
-        session.challenge_status = comm::CHALLENGE_ISSUED;
-        return 0;
-    }
-
-    /**
-     * Returns the priority that should be assigned to the message.
-     * @return 0 if bad message. 1 or 2 if correct priority was assigned.
-     */
-    int get_message_priority(std::string_view message)
-    {
-        if (!p2pmsg::verify_peer_message(message))
-        {
-            LOG_DEBUG << "Flatbuffer verify: Bad peer message.";
-            return 0;
-        }
-
-        const auto p2p_msg = p2pmsg::GetP2PMsg(message.data());
-        const msg::fbuf::p2pmsg::P2PMsgContent type = p2p_msg->content_type();
-
-        if (type == p2pmsg::P2PMsgContent_ProposalMsg || type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
-            return 1; // High priority
-        else
-            return 2; // Low priority
-    }
-
-    /**
-     * Peer session on message callback method. Validate and handle each type of peer messages.
-     * @return 0 on normal execution. -1 when session needs to be closed as a result of message handling.
-     */
-    int handle_peer_message(p2p::peer_comm_session &session, std::string_view message)
-    {
-        const size_t message_size = message.size();
-        // Adding message size to peer message characters(bytes) per minute counter.
-        session.increment_metric(comm::SESSION_THRESHOLDS::MAX_RAWBYTES_PER_MINUTE, message_size);
-
-        const peer_message_info mi = p2pmsg::get_peer_message_info(message, &session);
-        if (!mi.p2p_msg) // Message buffer will be null if peer message was too old.
-            return 0;
-
-        // Messages larger than the duplicate message threshold is ignored from the duplicate message check
-        // due to the overhead in hash generation for larger messages.
-        if (message_size <= MAX_SIZE_FOR_DUP_CHECK && !recent_peermsg_hashes.try_emplace(crypto::get_hash(message)))
-        {
-            session.increment_metric(comm::SESSION_THRESHOLDS::MAX_DUPMSGS_PER_MINUTE, 1);
-            LOG_DEBUG << "Duplicate peer message. type:" << mi.type << " from:" << session.display_name();
-            return 0;
-        }
-
-        // Check whether the message is qualified for message forwarding.
-        if (p2p::validate_for_peer_msg_forwarding(session, mi.type, mi.originated_on))
-        {
-            // Npl messages and consensus proposals are forwarded only to unl nodes if relavent flags (npl and consensus) are set to private.
-            // If consensus and npl flags are public, these messages are forward to all the connected nodes.
-            const bool unl_only = (!conf::cfg.contract.is_npl_public && mi.type == p2pmsg::P2PMsgContent_NplMsg) ||
-                                  (!conf::cfg.contract.is_consensus_public && mi.type == p2pmsg::P2PMsgContent_ProposalMsg);
-            if (session.need_consensus_msg_forwarding)
-            {
-                // Forward messages received by weakly connected nodes to other peers.
-                p2p::broadcast_message(message, false, false, unl_only, &session);
-            }
-            else
-            {
-                // Forward message received from other nodes to weakly connected peers.
-                p2p::broadcast_message(message, false, true, unl_only, &session);
-            }
-        }
-
-        if (mi.type == p2pmsg::P2PMsgContent_PeerChallengeMsg)
-        {
-            const p2p::peer_challenge chall = p2pmsg::create_peer_challenge_from_msg(mi);
-
-            // Check whether contract ids match.
-            if (chall.contract_id != conf::cfg.contract.id)
-            {
-                LOG_ERROR << "Contract id mismatch. Dropping connection " << session.display_name();
-                return -1;
-            }
-
-            // Remember the time config reported by this peer.
-            session.reported_time_config = chall.time_config;
-
-            // Whether this node is a full history node or not.
-            session.is_full_history = chall.is_full_history;
-
-            // Sending the challenge response to the sender.
-            flatbuffers::FlatBufferBuilder fbuf;
-            p2pmsg::create_peer_challenge_response_from_challenge(fbuf, chall.challenge);
-            return session.send(msg::fbuf::builder_to_string_view(fbuf));
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_PeerChallengeResponseMsg)
-        {
-            // Ignore if challenge is already resolved.
-            if (session.challenge_status == comm::CHALLENGE_ISSUED)
-                return p2p::resolve_peer_challenge(session, p2pmsg::create_peer_challenge_response_from_msg(mi));
-        }
-
-        if (session.challenge_status != comm::CHALLENGE_VERIFIED)
-        {
-            LOG_DEBUG << "Cannot accept messages. Peer challenge unresolved. " << session.display_name();
-            return 0;
-        }
-
-        if (mi.type == p2pmsg::P2PMsgContent_PeerListResponseMsg)
-        {
-            const std::vector<p2p::peer_properties> merge_peers = p2pmsg::create_peer_list_response_from_msg(mi);
-            p2p::merge_peer_list("Peer_Discovery", &merge_peers, NULL, &session);
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_PeerListRequestMsg)
-        {
-            p2p::send_known_peer_list(&session);
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_PeerCapacityAnnouncementMsg)
-        {
-            if (session.known_ipport.has_value())
-            {
-                const p2p::peer_capacity_announcement ann = p2pmsg::create_peer_capacity_announcement_from_msg(mi);
-                p2p::update_known_peer_available_capacity(session.known_ipport.value(), ann.available_capacity, ann.timestamp);
-            }
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_PeerRequirementAnnouncementMsg)
-        {
-            const p2p::peer_requirement_announcement ann = p2pmsg::create_peer_requirement_announcement_from_msg(mi);
-            session.need_consensus_msg_forwarding = ann.need_consensus_msg_forwarding;
-            LOG_DEBUG << "Peer requirement: " << session.display_name() << " consensus msg forwarding:" << ann.need_consensus_msg_forwarding;
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
-        {
-            handle_nonunl_proposal_message(p2pmsg::create_nonunl_proposal_from_msg(mi));
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_ProposalMsg)
-        {
-            const util::h32 hash = p2pmsg::verify_proposal_msg_trust(mi);
-            if (hash == util::h32_empty)
-            {
-                session.increment_metric(comm::SESSION_THRESHOLDS::MAX_BADSIGMSGS_PER_MINUTE, 1);
-                LOG_DEBUG << "Proposal rejected due to trust failure. " << session.display_name();
-                return 0;
-            }
-
-            handle_proposal_message(p2pmsg::create_proposal_from_msg(mi, hash));
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_NplMsg)
-        {
-            if (!p2pmsg::verify_npl_msg_trust(mi))
-            {
-                session.increment_metric(comm::SESSION_THRESHOLDS::MAX_BADSIGMSGS_PER_MINUTE, 1);
-                LOG_DEBUG << "Npl message rejected due to trust failure. " << session.display_name();
-                return 0;
-            }
-
-            handle_npl_message(p2pmsg::create_npl_from_msg(mi));
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_HpfsRequestMsg)
-        {
-            const p2p::hpfs_request hr = p2pmsg::create_hpfs_request_from_msg(mi);
-            if (hr.mount_id == sc::contract_fs.mount_id)
-            {
-                // Check the cap and insert request with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.contract_hpfs_requests_mutex);
-
-                // If max number of state requests reached skip the rest.
-                if (ctx.collected_msgs.contract_hpfs_requests.size() < p2p::HPFS_REQ_LIST_CAP)
-                    ctx.collected_msgs.contract_hpfs_requests.push_back(std::make_pair(session.pubkey, std::move(hr)));
-                else
-                    LOG_DEBUG << "Hpfs contract fs request rejected. Maximum hpfs contract fs request count reached. " << session.display_name();
-            }
-            else if (hr.mount_id == ledger::ledger_fs.mount_id)
-            {
-                // Check the cap and insert request with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.ledger_hpfs_requests_mutex);
-
-                // If max number of state requests reached skip the rest.
-                if (ctx.collected_msgs.ledger_hpfs_requests.size() < p2p::HPFS_REQ_LIST_CAP)
-                    ctx.collected_msgs.ledger_hpfs_requests.push_back(std::make_pair(session.pubkey, std::move(hr)));
-                else
-                    LOG_DEBUG << "Hpfs ledger fs request rejected. Maximum hpfs ledger fs request count reached. " << session.display_name();
-            }
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_HpfsResponseMsg)
-        {
-            const p2pmsg::HpfsResponseMsg &resp_msg = *mi.p2p_msg->content_as_HpfsResponseMsg();
-
-            // Only accept hpfs responses if hpfs fs is syncing.
-            if (sc::contract_sync_worker.is_syncing && resp_msg.mount_id() == sc::contract_fs.mount_id)
-            {
-                // Check the cap and insert state_response with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.contract_hpfs_responses_mutex);
-
-                // If max number of state responses reached skip the rest.
-                if (ctx.collected_msgs.contract_hpfs_responses.size() < p2p::HPFS_RES_LIST_CAP)
-                    ctx.collected_msgs.contract_hpfs_responses.push_back(std::make_pair(session.uniqueid, std::string(message)));
-                else
-                    LOG_DEBUG << "Contract hpfs response rejected. Maximum response count reached. " << session.display_name();
-            }
-            else if (ledger::ledger_sync_worker.is_syncing && resp_msg.mount_id() == ledger::ledger_fs.mount_id)
-            {
-                // Check the cap and insert state_response with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.ledger_hpfs_responses_mutex);
-
-                // If max number of state responses reached skip the rest.
-                if (ctx.collected_msgs.ledger_hpfs_responses.size() < p2p::HPFS_RES_LIST_CAP)
-                    ctx.collected_msgs.ledger_hpfs_responses.push_back(std::make_pair(session.uniqueid, std::string(message)));
-                else
-                    LOG_DEBUG << "Ledger hpfs response rejected. Maximum response count reached. " << session.display_name();
-            }
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_HpfsLogRequest)
-        {
-            if (conf::cfg.node.history == conf::HISTORY::FULL)
-            {
-                // Check the cap and insert log record request with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.hpfs_log_request_mutex);
-
-                // If max number of log record requests reached, skip the rest.
-                if (ctx.collected_msgs.hpfs_log_requests.size() < p2p::LOG_RECORD_REQ_LIST_CAP)
-                {
-                    const p2p::hpfs_log_request hpfs_log_request = p2pmsg::create_hpfs_log_request_from_msg(mi);
-                    ctx.collected_msgs.hpfs_log_requests.push_back(std::make_pair(session.uniqueid, std::move(hpfs_log_request)));
-                }
-                else
-                    LOG_DEBUG << "Hpfs log request rejected. Maximum request count reached. " << session.display_name();
-            }
-        }
-        else if (mi.type == p2pmsg::P2PMsgContent_HpfsLogResponse)
-        {
-            if (conf::cfg.node.history == conf::HISTORY::FULL && sc::hpfs_log_sync::sync_ctx.is_syncing)
-            {
-                // Check the cap and insert log record response with lock.
-                std::scoped_lock<std::mutex> lock(ctx.collected_msgs.hpfs_log_response_mutex);
-
-                // If max number of log record responses reached, skip the rest.
-                if (ctx.collected_msgs.hpfs_log_responses.size() < p2p::LOG_RECORD_RES_LIST_CAP)
-                {
-                    const p2p::hpfs_log_response hpfs_log_response = p2pmsg::create_hpfs_log_response_from_msg(mi);
-                    ctx.collected_msgs.hpfs_log_responses.push_back(std::make_pair(session.uniqueid, std::move(hpfs_log_response)));
-                }
-                else
-                    LOG_DEBUG << "Hpfs log response rejected. Maximum response count reached. " << session.display_name();
-            }
-        }
-        else
-        {
-            session.increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
-            LOG_DEBUG << "Received invalid peer message type [" << mi.type << "]. " << session.display_name();
-        }
-        return 0;
-    }
-
-    /**
-     * Handles messages that we receive from ourselves.
-     */
-    int handle_self_message(std::string_view message)
-    {
-        const peer_message_info mi = p2pmsg::get_peer_message_info(message);
-
-        if (mi.type == p2pmsg::P2PMsgContent_ProposalMsg)
-            handle_proposal_message(p2pmsg::create_proposal_from_msg(mi, hash_proposal_msg(*mi.p2p_msg->content_as_ProposalMsg())));
-        else if (mi.type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
-            handle_nonunl_proposal_message(p2pmsg::create_nonunl_proposal_from_msg(mi));
-        else if (mi.type == p2pmsg::P2PMsgContent_NplMsg)
-            handle_npl_message(p2pmsg::create_npl_from_msg(mi));
-
-        return 0;
-    }
-
-    //peer session on message callback method
-    int handle_peer_close(const p2p::peer_comm_session &session)
-    {
-        {
-            // Erase the corresponding pubkey peer connection if it's this session.
-            std::scoped_lock<std::mutex> lock(ctx.peer_connections_mutex);
-            const auto itr = ctx.peer_connections.find(session.pubkey);
-            if (itr != ctx.peer_connections.end() && itr->second == &session)
-            {
-                ctx.peer_connections.erase(itr);
-            }
-        }
-
-        // Update peer properties to default on peer close.
-        if (session.known_ipport.has_value())
-            p2p::update_known_peer_available_capacity(session.known_ipport.value(), -1, 0);
-
-        return 0;
-    }
-
-    /**
-     * Logic related to peer sessions on verfied is invoked here.
-     */
-    void handle_peer_on_verified(p2p::peer_comm_session &session)
-    {
-        // Sending newly verified node the requirement of consensus msg fowarding if this node is weakly connected.
-        if (status::get_weakly_connected())
-            p2p::send_peer_requirement_announcement(true, &session);
-    }
-} // namespace p2p
\ No newline at end of file
diff --git a/src/p2p/peer_session_handler.hpp b/src/p2p/peer_session_handler.hpp
deleted file mode 100644
index 3757275c..00000000
--- a/src/p2p/peer_session_handler.hpp
+++ /dev/null
@@ -1,17 +0,0 @@
-#ifndef _HP_P2P_PEER_SESSION_HANDLER_
-#define _HP_P2P_PEER_SESSION_HANDLER_
-
-#include "../pchheader.hpp"
-#include "peer_comm_session.hpp"
-
-namespace p2p
-{
-    int handle_peer_connect(p2p::peer_comm_session &session);
-    int get_message_priority(std::string_view message);
-    int handle_peer_message(p2p::peer_comm_session &session, std::string_view message);
-    int handle_self_message(std::string_view message);
-    int handle_peer_close(const p2p::peer_comm_session &session);
-    void handle_peer_on_verified(p2p::peer_comm_session &session);
-
-} // namespace p2p
-#endif
\ No newline at end of file
diff --git a/src/p2p/self_node.cpp b/src/p2p/self_node.cpp
index 33cb66e6..64414947 100644
--- a/src/p2p/self_node.cpp
+++ b/src/p2p/self_node.cpp
@@ -1,5 +1,11 @@
 #include "../pchheader.hpp"
-#include "peer_session_handler.hpp"
+#include "../conf.hpp"
+#include "p2p.hpp"
+#include "../msg/fbuf/p2pmsg_generated.h"
+#include "../msg/fbuf/p2pmsg_conversion.hpp"
+#include "../msg/fbuf/common_helpers.hpp"
+
+namespace p2pmsg = msg::fbuf::p2pmsg;
 
 namespace p2p::self
 {
@@ -16,7 +22,17 @@ namespace p2p::self
     {
         std::string msg;
         if (msg_queue.try_dequeue(msg))
-            return p2p::handle_self_message(msg);
+        {
+            // Handle the message we received from ourselves.
+            const peer_message_info mi = p2pmsg::get_peer_message_info(msg);
+
+            if (mi.type == p2pmsg::P2PMsgContent_ProposalMsg)
+                handle_proposal_message(p2pmsg::create_proposal_from_msg(mi, hash_proposal_msg(*mi.p2p_msg->content_as_ProposalMsg())));
+            else if (mi.type == p2pmsg::P2PMsgContent_NonUnlProposalMsg)
+                handle_nonunl_proposal_message(p2pmsg::create_nonunl_proposal_from_msg(mi));
+            else if (mi.type == p2pmsg::P2PMsgContent_NplMsg)
+                handle_npl_message(p2pmsg::create_npl_from_msg(mi));
+        }
 
         return 0;
     }
diff --git a/src/usr/user_comm_session.cpp b/src/usr/user_comm_session.cpp
index c4d19fdc..92ffa86f 100644
--- a/src/usr/user_comm_session.cpp
+++ b/src/usr/user_comm_session.cpp
@@ -1,24 +1,98 @@
 #include "../pchheader.hpp"
 #include "../util/util.hpp"
+#include "../msg/json/usrmsg_json.hpp"
 #include "user_comm_session.hpp"
-#include "user_session_handler.hpp"
+#include "usr.hpp"
+
+namespace jusrmsg = msg::usrmsg::json;
 
 namespace usr
 {
+    /**
+     * This gets hit every time a client connects to HP via the public port (configured in config).
+     * @return returns 0 if connection is successful and user challenge is sent, otherwise -1.
+     */
     int user_comm_session::handle_connect()
     {
-        return usr::handle_user_connect(*this);
+        // Allow connection only if the maximum capacity is not reached. 0 means allowing unlimited connections.
+        if ((conf::cfg.user.max_connections == 0) || (ctx.users.size() < conf::cfg.user.max_connections))
+        {
+            LOG_DEBUG << "User client connected " << display_name();
+
+            // As soon as a user connects, we issue them a challenge message. We remember the
+            // challenge we issued and later verify the user's response with it.
+            std::vector<uint8_t> msg;
+            jusrmsg::create_user_challenge(msg, issued_challenge);
+            send(msg);
+
+            // Set the challenge-issued value to true.
+            challenge_status = comm::CHALLENGE_STATUS::CHALLENGE_ISSUED;
+            return 0;
+        }
+        else
+        {
+            LOG_DEBUG << "Dropping the user connection. Maximum user capacity reached. [" << display_name() << "] (limit: " << conf::cfg.user.max_connections << ").";
+            return -1;
+        }
     }
 
+    /**
+     * This gets hit every time we receive some data from a client connected to the HP public port.
+     */
     int user_comm_session::handle_message(std::string_view msg)
     {
-        return usr::handle_user_message(*this, msg);
+        // Adding message size to user message characters(bytes) per minute counter.
+        increment_metric(comm::SESSION_THRESHOLDS::MAX_RAWBYTES_PER_MINUTE, msg.size());
+
+        // First check whether this session is pending challenge.
+        // Meaning we have previously issued a challenge to the client.
+        if (challenge_status == comm::CHALLENGE_STATUS::CHALLENGE_ISSUED)
+        {
+            if (verify_challenge(msg, *this) == 0)
+                return 0;
+
+            LOG_DEBUG << "User challenge verification failed. " << display_name();
+        }
+        // Check whether this session belongs to an authenticated (challenge-verified) user.
+        else if (challenge_status == comm::CHALLENGE_STATUS::CHALLENGE_VERIFIED)
+        {
+            // Check whether this user is among authenticated users
+            // and perform authenticated msg processing.
+
+            const auto itr = ctx.users.find(pubkey);
+            if (itr != ctx.users.end())
+            {
+                // This is an authed user.
+                connected_user &user = itr->second;
+                if (handle_authed_user_message(user, msg) != 0)
+                {
+                    increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
+                    LOG_DEBUG << "Bad message from user " << display_name();
+                }
+            }
+            else
+            {
+                increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
+                LOG_DEBUG << "User session id not found: " << display_name();
+            }
+
+            return 0;
+        }
+
+        // If for any reason we reach this point, we should drop the connection because none of the
+        // valid cases match.
+        LOG_DEBUG << "Dropping the user connection " << display_name();
+        return -1;
     }
 
+    /**
+     * This gets hit every time a client disconnects from the HP public port.
+     */
     void user_comm_session::handle_close()
     {
-        usr::handle_user_close(*this);
+        // Session belongs to an authed user.
+        if (challenge_status == comm::CHALLENGE_STATUS::CHALLENGE_VERIFIED)
+            remove_user(pubkey);
     }
 
-
 } // namespace usr
\ No newline at end of file
diff --git a/src/usr/user_session_handler.cpp b/src/usr/user_session_handler.cpp
deleted file mode 100644
index 0dcde16b..00000000
--- a/src/usr/user_session_handler.cpp
+++ /dev/null
@@ -1,102 +0,0 @@
-#include "../pchheader.hpp"
-#include "../hplog.hpp"
-#include "../msg/json/usrmsg_json.hpp"
-#include "../bill/corebill.h"
-#include "usr.hpp"
-#include "user_session_handler.hpp"
-#include "user_comm_session.hpp"
-
-namespace jusrmsg = msg::usrmsg::json;
-
-namespace usr
-{
-    /**
-     * This gets hit every time a client connects to HP via the public port (configured in config).
-     * @param session connected session.
-     * @return returns 0 if connection is successful and user challenge is sent, otherwise -1.
-     */
-    int handle_user_connect(usr::user_comm_session &session)
-    {
-        // Allow connection only if the maximum capacity is not reached. 0 means allowing unlimited connections.
-        if ((conf::cfg.user.max_connections == 0) || (usr::ctx.users.size() < conf::cfg.user.max_connections))
-        {
-            LOG_DEBUG << "User client connected " << session.display_name();
-
-            // As soon as a user connects, we issue them a challenge message. We remember the
-            // challenge we issued and later verify the user's response with it.
-            std::vector<uint8_t> msg;
-            jusrmsg::create_user_challenge(msg, session.issued_challenge);
-            session.send(msg);
-
-            // Set the challenge-issued value to true.
-            session.challenge_status = comm::CHALLENGE_ISSUED;
-            return 0;
-        }
-        else
-        {
-            LOG_DEBUG << "Dropping the user connection. Maximum user capacity reached. Session: " << session.display_name() << " (limit: " << conf::cfg.user.max_connections << ").";
-            return -1;
-        }
-    }
-
-    /**
-     * This gets hit every time we receive some data from a client connected to the HP public port.
-     */
-    int handle_user_message(usr::user_comm_session &session, std::string_view message)
-    {
-        // Adding message size to user message characters(bytes) per minute counter.
-        session.increment_metric(comm::SESSION_THRESHOLDS::MAX_RAWBYTES_PER_MINUTE, message.size());
-
-        // First check whether this session is pending challenge.
-        // Meaning we have previously issued a challenge to the client.
-        if (session.challenge_status == comm::CHALLENGE_ISSUED)
-        {
-            if (verify_challenge(message, session) == 0)
-                return 0;
-        }
-        // Check whether this session belongs to an authenticated (challenge-verified) user.
-        else if (session.challenge_status == comm::CHALLENGE_VERIFIED)
-        {
-            // Check whether this user is among authenticated users
-            // and perform authenticated msg processing.
-
-            const auto itr = ctx.users.find(session.pubkey);
-            if (itr != ctx.users.end())
-            {
-                // This is an authed user.
-                connected_user &user = itr->second;
-                if (handle_authed_user_message(user, message) != 0)
-                {
-                    session.increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
-                    LOG_DEBUG << "Bad message from user " << session.display_name();
-                }
-            }
-            else
-            {
-                session.increment_metric(comm::SESSION_THRESHOLDS::MAX_BADMSGS_PER_MINUTE, 1);
-                LOG_DEBUG << "User session id not found: " << session.display_name();
-            }
-
-            return 0;
-        }
-
-        // If for any reason we reach this point, we should drop the connection because none of the
-        // valid cases match.
-        LOG_DEBUG << "Dropping the user connection " << session.display_name();
-        corebill::report_violation(session.host_address);
-        return -1;
-    }
-
-    /**
-     * This gets hit every time a client disconnects from the HP public port.
-     */
-    int handle_user_close(const usr::user_comm_session &session)
-    {
-        // Session belongs to an authed user.
-        if (session.challenge_status == comm::CHALLENGE_VERIFIED)
-            remove_user(session.pubkey);
-
-        return 0;
-    }
-
-} // namespace usr
\ No newline at end of file
diff --git a/src/usr/user_session_handler.hpp b/src/usr/user_session_handler.hpp
deleted file mode 100644
index 3c72590b..00000000
--- a/src/usr/user_session_handler.hpp
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _HP_USER_SESSION_HANDLER_
-#define _HP_USER_SESSION_HANDLER_
-
-#include "../pchheader.hpp"
-#include "user_comm_session.hpp"
-
-namespace usr
-{
-    int handle_user_connect(usr::user_comm_session &session);
-    int handle_user_message(usr::user_comm_session &session, std::string_view message);
-    int handle_user_close(const usr::user_comm_session &session);
-
-} // namespace usr
-
-#endif
\ No newline at end of file
diff --git a/src/usr/usr.cpp b/src/usr/usr.cpp
index 0c1a4190..564ef771 100644
--- a/src/usr/usr.cpp
+++ b/src/usr/usr.cpp
@@ -12,7 +12,6 @@
 #include "../hpfs/hpfs_mount.hpp"
 #include "../status.hpp"
 #include "usr.hpp"
-#include "user_session_handler.hpp"
 #include "user_comm_session.hpp"
 #include "user_comm_server.hpp"
 #include "user_input.hpp"
diff --git a/src/usr/usr.hpp b/src/usr/usr.hpp
index 313adec0..90ae1d11 100644
--- a/src/usr/usr.hpp
+++ b/src/usr/usr.hpp
@@ -9,7 +9,6 @@
 #include "../msg/usrmsg_parser.hpp"
 #include "user_comm_session.hpp"
 #include "user_comm_server.hpp"
-#include "user_session_handler.hpp"
 #include "user_input.hpp"
 #include "user_common.hpp"
 
diff --git a/test/bin/hpws b/test/bin/hpws
index 26dd64b3eac2bab7bb9b37d8742a1264d9411c99..91634d23613fc2b8c29a69f966eaeeecfb4749e0 100755
GIT binary patch
literal 43656
zcmeIbdwf*Yxi`L(5QxYyQHkQEvbCb1CM3vU5KsaH2SrV}C{<|)$pj)HlO_``Rv|hW
z&2$`1RV>F#4^@wP?B!5f5vfQ3C0JWe^jM3%*wk8`ZL~#2jhC9=_xr51W_CgbDDV4z
zKEFTChRoW}v!2^}*0Y{<nLRV>O6SbV%*e3Jm1SLM5wcHJm}$DA^&x$OVwzQK9fj9Z
ztdp(5fCmXq)lX9eYSq=FMVm55<FinbuQ*d7`j@9@I#U`8S!V0Hfr^|B3TsNVL=fbo
zt%dgqh|-puWI06PdyZ43;iGxvE7N>sn$MKE+I~}-_OWgJo3HEpmorhv%ao+$Rra?~
z74IKjFW>=XNTDrL8oqCUk9HpJm8%KoYJKVa(y0}g()7c)+L|R3CycAD%CD`dYg(PZ
zx_Dy##0dqB!GiJ9ZptU^#g{J-P3&*&3aK9fm^juyf6I$cuC_;QY#6ubci!W-Y<zz0
znuV<U2L4RHS=qchC6l<h_?w46-}F$^qz_}KjDPOaV}JhOr^f=7_PPY@0}(u%2LB@%
zI}m*f3>yglKWXU4rlI$w!>6%_I_&{kcR?DxjcMe+nMVHa(%}C+jr=py(EkNC4&<MT
zH1_-@jr`}*$ay~v{Y`1`r$LU5zy8-lY3%>6H2A3yVD}dS`1CaN_oHqgKP*jS=M4Dg
z^a13rOe6p5G;*Fuqqipw{c&mf<&SCTThriAP9x{KH1@1aBWF(<yeAF*oHY1b)A(&}
z8arP|L;s^R_$SinU7V)93)0A$okq^pY3#fzjr@Dl$Z1VOe@+^EI@92<OM@SuMlY8X
z1I7RM)7ZoLY#{oN)5z&gLw`{kd+tnw-<1Y`dK&-#F^xTSY2*w}gHNQ9Ga-%MzolvK
zlr(atq>*!48hhSOgCCbhPCO0$%ry8s;7_yitZ91vWY!;pA^#ZbM63Bh8!fafvwrGD
zyNF+`@n)UV3pvCu>ql>4JyO}Qralzp8l<S8$SN;ix*}Lt-WaNA2$h#x<+JBsR$dio
z2rR8>3<VnIUpAvQSQnUIv7|Pj>ISTtKKqLDhCoG?#hX<PHKBmqHI}aktguSw&MmKR
zsHqE;2O1iJ4UOg1^->!OG=|EnYb%yETJ!uRMS`mftfGmHjkU(U`E%x#HwGG31{xqN
zv@BR<&6_u;e8&8R<xP!&^2$I%sHVE6vLX~HudacOtW*Z@t}zfQuMF1J1u8>qA<Qz&
zRK)w5#`2oF8rXr?#$^E|U7B)5S?T3M!D<*J<Vzt?T4B*HmqFB2QCS(NcPk=tNlj2V
ztAgdrD(b2lmsKoJS-~chHPozxWtRrlq*`FCt8NGcq|4}yiB@B%p|YY8Zfmd_gO$qz
zA;HwIu>z}WLe{cSu&!2K8?B`kHE3{yGPOF?&{RhkS;6{HO<k2$ukhM4R!!Z+imIxH
z@`}1OxQESkp<un$ShKXQqLv!!DxspjDb#3H2OE}Kp_&zl1^Tmcd3ois<>l2CHMJIc
zy1J^o60U=uS_V&@1)#PzSgDPzuc&FT;K2HtDr<R7Em&4m)C+=`#sCaMEiI|3s}52i
z{0Buawk}u>ITfLrV4byuEdU`sfc998%bG$}!BurueGoDm0+lPtN|V8!Bx<azsH<lC
zD;k!fO^EOYt0q_(LIa_AMdMPdsj)T?sJE(B^i<Xc8|g2!qFREt+EU#MgDO{7FkUKZ
zYpxGa*NWiEfb_(Qdem}+>EX1ZqNa|fLM`mCTUw3|f?0K1poy@e@}lxW>*6`Hr_U%K
zUr;n5d7HW$e|{1<zQD%}kcoXk>K}%?3(C^9ibm1$b&$|xVrS^)R#?hXSiTOz{a`88
zy{e-GQoFg`Ht>E3{@nj)EB7b-XIac=Hp@{funikz#gW%|W#Il7AYgqN{_g(XJ*XdI
z-G_SOM%2`JxWjxz!?#L(wzWyaO()eHMGyQkDKEo%7<}aArSxSc^_l&w$)oltMOUoz
zuEBTd{e8|xTL=u^z#IGF_usALwD-e*q48b)@R@r5YW=XU{G&A9?uQ?)@zeU@kJI?Y
z{qQGfd~-kisT#krAAYpPxA(&rXna>c{COI0J!o6JjDLzX-tLE=qVb*ouIRZJN5>_v
zy)OJQNvvgcx$wuk@Cg_GL>GRa3;#72-ps4nz;TakE;D};&porb%=}6Ge1k;UtlLHW
zTo-=z1GYdsCdqK&n_YO0Rdcnv@H%v*s?CKrb2=+FxbW0%u8l6d`+Vau7hWIT2+JlH
z-t-wOwz%*^jc}ChF8t9h{2mv6m<!+O!eihjue~n(@FW)f>%x0o_=F2@#xkq-x$y4w
zaE}Y0Jfb4Q4{W|7qac^aoqEY};qzShTo?WX7k;D*KhlM_UHFq+_%Sa0$u4}M3xA3W
zU+lu4>cUTR;YYdfeiz<$;mch3(_Hw4F8t{({9+gW>n{8<7yb+vzTSl&?ZU5i;m>s8
zn_c*`T=-TOevAv>=E9G4;WxPOXS?tlUHEfc_{UuMb6xmNE_}WVzr}?waN*ls_;D`$
z9v8mQh3|CXi(L4<F8p{GzRQI_&xKF8@Dp74eJ;Guh3|3UC%W*K&WDWu^IiBH7rxkq
z&voG^x$q-h_zPTk+l8O(!jEy`r?~KiE<DeS%vJ2dUucjhr@8PKx$u4$ewqtk=E9e_
z@C#k|=`Q?Y7k-8dzs!Z7>B85$@TD&NY8QT%3*YR*U+luSy6}D%zRiW7?ZR(x;V*IF
zH@fhby6}&=@N-=FO)mUpF8mf3{&E+--G#rxh2P`Cm$~r%@OwG_SoZo`Y|9^M4`udt
z`oquV>`GGf`i^a}t=`ci@ai2k4R?f>vEJ$G#Wi{;VNRh=r@)znIdwYi0)HL`%qi2^
zB=CoXIaN9v1%8)sHsLmb-z3bb(P<X=_k=kdoO*#@A<U`JSuF6c2y<!TlnK0(FsDRk
zn!sBLb1HNS1%84sr$EOR_;JFV`kY*WA0*5v&#?r)moTR~XWv&qjJ}gFr#Poe;O`RV
z63FQk_-4YK>YR3guP4kY&e<ez17S{W&PIW+Bg`qyX%lz}VJ@AVW`VCJ%&E<(7kDmV
zPHE0!fiEG<C6!Yq@N~kQ+MH<uUqF~sno}t7c*2~@99!VC33KV?<O+N`;Zq4)0-r>9
z6ybgUWc!aLY!mJhcqm~`T~4RKnS@U#+%E9vHv|4U;Y|X6NSITUvr*u836Cb+Ch(ht
zIVCyG0{@=yS%m8aeuXfnAZM|_zaq@3$0-wdCt*%G&NP9y66RFn6bk$VVNNlQE%4)n
zIkh;s0zXKYQ;K5=d@o^6CC<JtrT+<Y3URsw{w`ro9ZsjfHxuTR;j{~UJz-82&L)8y
z2y=>XHVS+lVNMNBo4`v5b4qZU1-_avrvj&5;JJi31vrZZzJxGSzf&ggbiz#e&NP89
zAk0+n6bd|^FjKr^3w$<VrgkS+;L{0TNZ1niB*IMP&b}|C{|Qec+$Hc(!c5&xr@)zn
zrxR`$`16|p&mg=>;13BiMLQb>ewT15;WmNaB+QiTGz<KD!c4_Zy}+*!W(sx|3;Zj>
zOubH-z&i;u<vP=n{MBuM<tloAcJ$?M`J-?8!*A^?n?EO>eSMW>`Qx4}DW<L)WLdp=
zx8G!2`@N%Jr9VFPC?vE6{&;o<O8=xDfAnvm6Ol3-K*N;jS=8HAUEm$nBJvmQVwOz7
z;C}%F!XNkTM6tj>_ABuFcYKxQkM8sDNL=L4*zJG$tI$XY9IFKmqri0Xny3B{a;&Ct
z{_xb^X51~HJ;VI5sYAh@@Sukhe!T3?UIV%en$v9I`e+wKqCF&E<Wz%#ck__`i~Z3X
z_eA%#mOkh2DBVli<{O{OXsYNa?Ih6ckCk@%H~4pSW&5K$;Rfate@3T2TADyr!n@fj
zE`6@)RNlwRa#8GwS(A1)d58efUgzhK5-#n`h-I(4!?q@scHZz4=ih<rD1DU*96Bym
z`l?&UYltDGqYGlXw2rHJ@76I}Ax5Cs;}5qF62%h~5*`&~jvz-V<S80COprr~q>0_f
zg-c(BeSf~4_Py%8Z3X<}58t@g3Y`g>z5dw3ob9wV@c>eSf6}gXUZQtfmT{R-g`X?F
zX3;MC6>hcR)<m@Ft!QU!X;<@&T~=tw7S590*;_JEw3dG4-Mru<@Fk+J`J)|)6-c(Q
zr3Y$ztfrcd(*0D}eO0V<zuPm<+=O{}^PtR@_NL-~RX;?Pa#{~+;$>*ia5iY?+LHi>
z+cTosU&U>!dsw)1e@6Jm{grDU>dt5reWBGbq=yEz=BkGN0%ITj9V>mypRtpb{%BcF
z^Nk;6G_mQ47(2QrT9(^=ejiYPvO%hn{eqal`hukF5I_i3LZ@tz=4Eezr+Z)M>ommT
zTg^AV1&?i29@|QfkzKiJIy=F*Dl~)w(G_h;DY<Zc4<mYi^Nsrtl+vT5e90C@+P&-B
zH6!}VA8kTFEZB=~?GgLF<&Q1sq5?P;QRv;=?yu~`AZS`_NjCryMF+8ER=7QPN7o?w
zY=1_l43#UARGnfyokqf*jL<RuaA{A5NS<7}w_yW&LMn9t-Sl23=IH3QDSu^KpDaXC
z<&O;-&54g~FKXvI{nmCaJQ9!gVAS9IX>V^d+rAN5V94jZJqEY_j>z7(dV4{{+pg4Y
zXX<uO>UK-&w%y#uBm3Tg4bSofzo0&_!XGW%JuL?rEwV2`{PMsWqG44bR3r>rM`T~>
zwkLIK{Y{zE5qS)4(uU=tzL_@0*7Fv!>)-C}eO78QHXi-Bx3?p5Kj?XNL~>B6?uOxx
ztCWt2KUq5mcfW*lIwED%fY|AX%um)X#9cN7cSL@SJNmFAvXOLh_pqkh9cf3St=*A*
zjw;^m?H#u}@&O9aZ_xB;?_;T!<>;0HyD5bosctiNN2XKX?#K)>?~atHVkV1@$h9nR
zfp=qycSGv7Ep^+Px@}I~u1?+7r*4;}ZWpI+7p88@Qn&up?KFMc5wVl5J|lTICV6*m
z@-7#5%7r8J9hx#GDdq;#zIdb%^;<`RHrc&<K0=qrB8+ilaij}Qmk)gl-ay}9^GR=S
zq`hfWScXDo)A5*5zl*xWhv1SV;!Iu0PHfgHIwGAW#Ii5B0dpW!IbX}d93vIso?+fw
z`Ls&3-5(zjq0Jc2->gIZpiDKm=K#QX@9hf5DKx|RGh#^HXF7Z^#vjZ6@;f&8*0XnE
zZ0{l<qa9*SBD%k~mqUDfEbq=Wpo(R`BgCFAQpJ7Qs%47!*J$4Mp)evbS9w7shTDhx
zqY>UZl}g`jN*`kzBJObOJ5lNLw(yy=Sl+2hXQR^jjMDi%H^aiD&Nn`!=RM<uR>t{O
z`pX}EiLNihuyg)OIOZ9qNigKyB>5z17m{q}dNek^o&ymkzIQF<XqT)++u#y!%X*N;
z^1ibgl(FniVergWCjQ;c@Fe6aw@eljvu{(vIilHqH|>c=c(DjSRS9oY!cWodcQY(Z
z3V-7Rwm*BE63)~B;p5%3&p^Fc{s;6?EN{muvHW-?{2!!@`zE*<zCdp%%Wo3lo>$l(
zNR~(>ZqI!LtDRdQRHYx7ZgpP|M?a*=k!jrI&w;!f3!v<<)URhkgX&wZfd$6Pxyshi
zd9l0`m7R4$>{+Gkyv<EKFKOrN`+9rZ&~Y3#{+LWPu?Xj#*-=b&o=Yeyp0^k>5EHk7
zINa0gjr<hTXLy?ox^;;3$5w(Wmi<pUKkk{R6rSu>_$FGgo%`OzGRhFv%(Y-$p;&h+
z)^ikV*VV3uJxbP7$(o;J&G6pc&e>Pecz7F=xz#k)yICBK)e!`bP=afe;A55GTit>$
zr(jO0iC6#8+Z&TfB+|YHynCCZJ^6}vu;RVc&3i0)xz9^%0B_QQn9MbB5iPh=NqI+H
z=&_ZQY`2tOqtCW;_nMfSlHzU2KZ=3Tf=2NQZ<86SX-+j}Riw{M<T7Rg?^EsQlB2*_
z9gTd5itP|&C5j<48rjc0OIR%wkQ=PTPvO3(i0!^o%NojV8(h!U<_%#Hjr4%iA6;)@
z26XHB;op;bTyiCMU73^{-bSOXH5VdHhtd6s7cmNAdC`!#^9}Y$+;c1ABJTTgAqo?`
zyFj;n7LA+@Jt~QFQ0TyniPa@r1`!o~c`FZOq+xKtYA|qwiP<|8<<@2)e2M;nWYwuz
z%8G@`iqn)8E8SL1r4`&<CU(8g*0V82&9|XO$@yiYO|RuDIbX0p<Gup7oR8s<?c9VW
zz5_Y_E%MYxQ$4-AuiHeLKmH_vr$J_I<p~$Z7dq1)?is?_W4==JpA4e7=W(T`<0?8p
z=hfS(W(w7e5ObM(qcX#ycPGFf8Q@eiE`2F20drz7ni7p{0(E#BUwdU*ZG?uz$rMTA
z#E$n&wbe9Bxgw41J#N{L!;)y^8IjG`UT;eW<T-osqDC0ojb^HL+u(&ocSBh;@(bbO
ztF>-IEN@<e`1vt(8#d}6e3O3mOi_O5GZt@wIOo@wb4?zh=qWYcNR|v7%F6KG{s|U|
zsQZw06OcJtBc-Tl-o{rebX0g7=?1So0W?H~_hq!ShYA$>*ma}P*<WYuM0ac*oos7-
z>OWvnVk>;<bO8(A4=6t$TZ-1mEQn!H0)s^jw)>G><k#kH#9Q8$?}MSA`l0>QpQF?t
zzwUIXf0(h*PyGg}pA7ZgRYug1EsP`VF?ryKp(E-yU@;T3qLD37?cKbd4UEMJV9`aR
z)NDT!q3^tet(7J*m9jg%7AeK~8TVcBsTWi2e)O^mlY22!!9JvpXQ7jQxdlOugAsJ#
zosw6w-$6g314pS2JXZ?ecirRVd5Ck4#sPPD8)F6z8jX<-|JAEOji%&cHKd{t%M)nX
zDRFi`sKeX%YOUeY@DGrhxGHJfKQZfipAsq6;hv$=GZ%xnc^hA?kjJRN=|T6=DIkZ-
zFSrK2AR&A~NNpVNfuj%|$Hrtw0!xaa#94_YWk+N&h&gy*FK-n|Dr>Ro*}=+7JHf?i
z;`Br@GXnO8+1tO3PLBJ=xIObD3=G&+ru?uKyw<bazbNP52<KyUe5Rq`@)=RmkLoI+
z;<_Ls2o169E0v-lZbj3fDA}X{)_KlDTzaOK)41IWCr~zSyHdA_)a}01ZBOdfg7IX-
z+=x4P7O%0$wQ_$7USYiiYBbUgCJ5hyLb*|4qM{BJRHZ9ax{pvJDyVHFEsM!5QmA+3
zQ2<zt;Xv)^Qk%pvDLSU*h#&(Eb3y(NOUn|5IFGf&Xn!=*q_B7=WQn6yI6lP9Fs6q<
zEbsmmHl6$deI56GekE1wg#9ND785s|U^^nM3`AVrUyI4Te?zQAx*L)82AmTXY({t+
z3A5Jz-l3(55vogPc0_J-@$=rz{{!JC7W^#0pHzPnDjlvEbhmUQg23p0=}0UQfN>X<
z4R<WEQ0}?q*0VuJVk&?{D<T==eJEvFiSH8iF-f!Us<o}eyS$aHS4`v}`_pw#lXxqq
zbF}jwIxpOlwW>Il_bo8Ndq1zE_dI9NdvV{(WiBUffWGZOScy|1yUiK&8FRpo=?8D*
zuiOO5Le7{y9~IFE&6Wg(B(Z-19-yH9#7`h98hIEL;ca}ixN7_3a<QODS@0@|VZjw{
z3y!A+n1`&y{b)*T{T#3|h%u0(FJrO%k1H@rxiU(2{C?Resx`Kn_DK&hT+GlEPRr#G
zhA|-4@YM=UjtPjmyXd0mj#%D>%DTH4WO3gXXi6$s2b%3z)mVvaNJ7lg(XnZ{Q=5TX
ziI!z5-m8SyGg7sz$t_|EMPQw3C3e!{q=+aE0Y#iY<{t^uRbG~D;x}noim;tiott+M
z60c+^8RPNw!WwVLd76u7oH451QWm6ipJ6gVl4?+rN*1tx;!%{*HAv+-4qQ0s6>%PC
z0uayum~8CCqEISi;-~>3!u9F|lT9oqmiJx_Tp7zQVc^Am7tD8gG@onWycZRLEd-v~
zB#8Si#Bw9)`E1Z_$5zuy#9%;&WGzW3@%5rb)DJulY-M-LJWxn`I1fC<Zi@T%&2wpZ
z2=R+N$I~Gmc$rW>2F4^lg$N`!SA-u$beEucZeyr3h<-uPJj5~R&!8yrgrIq%(-CRI
zJsM*<Z{Q^+prjS5K#t=?`zm?<4vXbf+j$yGcbwkw$f6&;Kl&PaXQpyGIiDcsFOr<=
zz}cTg2?A${q=}Mf`_uI1R?M-M$})ps2?A{k#Q4M8Sg18@J%wMD6n?r(ILs6B=-tmV
ztA(Xm$ct=jmiP8Nh(P493W9lbmCRR+Se37uVE|h5Hdy>Js<=-7@lteGEIZ>m_L^rX
zEI{XtnuEfm{kI`)dlh&SwSNKU|IInojF|t!xzmPmXg#OVG;`+|R>dMLQgf$*%-ks?
z9hR0QP~6YClW_z0Gv@r!41e?+ImWmBr_pQaAGOO`Pz`^^vL9cDBJTO?H(+4gx91WR
z#;tdt8@5-|t$AHKnzv^{eWLnJ1ELb~08md5p&^OaLED|382@J)6XBqPg;JnrYe5QZ
z7di}a#lmX33_;rl^@(0q#<EA!BG4`d7|Z)<08lJDOPLu_W}fCYGXc8obu^?7I?YVg
zvKttGJT9l}G0`Y*cj&{nyFeOgUsnRrk1@WWZy$Vv{IB%gMP%GFUg`VUY{)WhSxtRG
z>ig;q7z`CEL$ft*70qyjR#B=|#6`s)svtX-U8q!abLNZtE_bWQql$W}xQ{B7`LuDE
z^6FlwN_5J7M`Db^^$_=r#*I)oOT52c6>(BP7MZmdw!y^II|X`EI|;i4ne9V(he=a+
zB#s5C!;eL}aBl$T0=L7~XyiE#-dOfrh8HZp7c{Z;3Ms<WDt{h45smC2ZAYXSW}>mu
zUEI*cBD8obpIX+2KF9WKK;)1Vks};y@s`bcLBt|k*eJf07U`7c$+qeTv=56TX}6|~
zD@Zf!NRIE_{^)-v-d7D0nHfUTJx5#fYz_@XgT4t<uqVLw>$plZF_ygy5rgel3FrB^
z=UY<vj>gkR$%vT+vCeH50i!MV-f>JXdaK}1a6<O4m)OYAoIut7UyWTf6~j3u3#({k
z8t$>t;+aFZ>kAx5@echp1x1F1o0)RMT#d$Bp<@j3o<W)z4J`!C)=unTpJk$FTNcrP
z$giO~yiMM92@MI$+b_u5gtNSNym}$#kL)vGqfBRDDh3lK_~SH7(@^z}4QG(>Hp;Tr
zz&W2(*mTaNh;=w;E@$(&XNeTPzq@07Ed1#Np+z${UFr&{YyUu9-pF)Xk@ujI`6>Jk
znYNPo{$&*HyVouAw}?dNWbnWZ6Vd7o;jUuz*=P<{1eo%+Yj?2#YWQYl%YUE|YI%Vh
z+;N3B2zOxQE%u$M^~UVz9<DA~ZO*V3{Sm#o2QRV0SX?Oc{=QiJFatK1;F*ND?<U%7
za>=<cG?w=(MKemZ>vn07=Lf1?JN+*5f5P=`&h)A7h7F?Kf2EDO^Sv#<C4}i%;$8yY
zy+GRoAs7|=SR3BPLQaE9l@a%%r{Uc5lo4&5X5+r8ZX;HM-+30tV(2FkGD$|tN<0~$
zV6Ay9Mq^wE^q|bx0g6tlRYxL0dR_C3RRhu(?H<K@;ZHq^Q{9<??i>#D7t(xh%d-V;
zm!Q(y;>o1xefnGF6NGT!brG3RE?^-pm|ku(X1`w{F1T9S?m1q$;DU=G&U9N7OmcoX
zSzJKwDAvNF3C-!DP}RVfeveybE%AcO*ROv|6cs2%UZv;^rVQ-GX1Np%qoTP=(OwbU
zk?`+TW8&Nl(QnWtXcKZB#$RkbUttQXRJwf&u8u}tCAuRr4UvopG2Q`T|8%>+7*0}n
zSvVx!3L;Iq9moDmrdvgM&~&?21%ObdOSkW$St{K=yvSzne1=X!fWE@<9{2o13g7*u
zfK2cF4%Rzgy8sw%xk|U%A<TQ(zY`a>tU8xzM>3x`vH}1&xHPqza^a_ixPy=JB$TR=
z&4D+vNd;CL_b#%x-HNz^cAlCIgJ3N1a(Ozp|5}^&&Q|tTamf<*tdYX^-b`}nQ;V}`
z?}|yRU%!z%uy};RpFRm<pH;Fu62D=4lq2p_g7+ba;D{0>*j9q?atnS5zH>&1;3t*f
zxa^5>aEbE`PJP%>&yIeeG8s13c@Xlfg^ZT8?Y`eKaK1#~gtzh4TI-1kIJFm($Vy)<
z&!enaqO6&xthrNlOSapZX|Sfvi4=1`LQ#A-82fKVwM^W5c&EbkZwPTj5-~2?xKJ1t
znYv-WKPprAcu3c@IFMChvC}$as9(n(;}|6=x?eaX)CG|y)MqLKC7H$6E6Rh0`dwte
zK8#9qs9&ZBUUFs8`<jG0eERg&HbZAPA|5^b4l_dBGl&@|?)%wvSNFUJ>)V{7^MTT)
zd+*4_(gM-TXyxTRI96%}_C~xaYm7u~IFW(G6^k?ClY>Lf9G-ubz1}0e&R5HO`&>xD
z^BQn?10K{sQE2uUu6J25GPr*`6Ai&A$mA&a`!{ViWd@=IO$l)#iF@vs!uNIwATtV1
zLsOik6RCybi`3Gm&zm?}d<SAu#KTi}DDiJyBjOh*@iJY-eYd*B?}SZl&Jf7gzTwD5
zIF11VZvestINh3<4G3qE2X)S4|3l~O6X)<1&MAfzOk@BMO7Sv!Q=FR7xmyGZ5cmCk
zq0ROt&U^)gSnSd7;cYA|t|xb~8v7sBmMzlV9=~+H@0Zgc$hhhgIKY|W6VW0h?t4s4
zPl*>_7SY8@Gz$^EOo`rxxI!;1Qlj5y(v15SyG3)nJAauVqRCDB!(!>N-8uRW&s7Nq
zPi#%GL&IIrQB7xQ_wixIq!av;guY=rMf`+fDS~B6gn^Di>Q#0A$-=ej*G6P4P9kn}
zS&V(zAN`eoEFP%u8NCYLi(F;Xd%s6Opo#aXF*8&(@y3hL4CB2m2yW-A^O8-33xpRP
z^8mV*dkRq_+Wlj9`uRS+A7^JOIjgqo8UDv)Kssd}ibt4ZpB{y{dUga}*wZJllT_CJ
z+m$x$yFl4@uCnhsCdjz&PgtrZ?Hft^zNPFNNlTF6v<mG}IRwq11k<Md|IL`(FEPni
zYaPZ$qtdtseGiXJQW|?^h{ok^jgO!eZB9213}YhWAes46HrQllY7*N1nc3JWnRx?P
zv|LwaZarjX?qn!4Gm{kKL^vcf3nEQseq4<$otYKoK{NAbWWaj^2g}R>n1Wt}Pe(1V
z*^40r8+>{hGfdobofN(krn-7$F2uGu-!B46o31kRZkgMWL%)Y$N##(P@DVhYJdBCR
zd9#y^Ryp+X`J%KJ{RyRo(u1Cbsv{rdLfnMGpJ1o+b?8*$Q#tei@nIt#ZMsy6->AeN
zqr`v4X(sNQ;TFFZ;@g~Eg{bL}`9<Z>lCJ|{a_H@+AWLf~(|gBoLb1p+#&NjE<GqF7
zY=Y-M=Gk;(J|i^l*{z!L4hz$iW7+$d)4+(tyceEPvrns<9>(sDe277pwL9_=ig)?u
zFv=;JE6>)qcz7k8P*0r6ti=bI(VlCRjzkv3yC~a*(kv~Qy7tJ(lVgOd=qnZT2eR}J
zeYL34i;@Sx*_XvN0@$>7vyux?_dYt7_tac*&@hA>y8Kh=3{R%=(|>U(X#DgpM!r)x
z4jAR-PxnS?{$dCpyEEE}N8OM<V(X;?6q>88c;seTXbxkt-3!|2hdQJE>epy2M_oM~
z5Z=bZT6ZGuC=y$(D^7#14yk6mnhHL&FIus@5mvlgO9qm}6edH5fy}mujpGmss1wsB
zM>c@k8z%##`wy8Np7@QnlcX?0I3zm=B29L<?IjQ=w<wD8pxNOMWWXC<uIzBYiO|I`
zMdkR6Z`cg$D-qr3wQ<Y`anBqne4iBqGQBndVx8;rfzg($EsFDJ%pO2(gfB9@k&itB
z(LovOxFeyDFrX~w8PFlH*oh4Eu6pix)zG@J%%%;mFo5Eozf6OOxbHR=M)^~8UHYMQ
z>=6#Fl}bnAF^KOQ^ywG+UozT`XlPA8K+E9{t!u9k2mK6vg-*KvB09+Ps1&~W=ezuL
z2aI!mi_bQpHGH19H8K;g+U?;kZ>wONw-KAU%7Y3%gWM{QAZx1j#E@3O0uH0I0HeRq
zVn2E^c~o7=fq*~&4!KTs<L1l7%A*-kanHHRyyxAs_P!Sn+KuNPVK?qjIud_@cv#J}
z$`CtfhV;>tBkIQQ9H8ZJyK((x;-GiYo9M>hs<GCk##)@qE)(v1euZuveztTY`#=WF
zI+(i}{zePgwS0Kx*3miGy|lX?TYjwsbCr2)`2_&-*fPdpD>%_-c*KZ3p6s(sWztm)
zu(;<jWy>)vj4e}O%Rz?TnMc@XQ<aWHKExkxpWXDrk@i^!IQwcj+&=rurSMEFdm>^R
zeRdkx7Km*re6MrGYy30<Dx9m;-i-6)KudtZeVm0)N*(4Bz^9fp3G0Anq|a0H_Z+FS
z?gi&Tos~!}0lbknPUNXG52P4g&VK{!7h^xTL|pjM929ZSOdbu!eLr!p2=;dTKZ&u|
zm5#&<5Z|{!>D~4<nsP*Wq4EGNhZ|!z&K3u~f>1+@ZJR^~dG<)*YvOX;#Mq|Yh_O#b
z0~6lHRB)sB_SM+`$MPmC32hA4xaSzQJMO!L5)5k-SPwFc&*>AHhrc*|MCnLWL;T^o
zc<b{=>SF5vEr;vkll<^ZEIWu$gp04{!Y1wsNZ~t{y948=%V3;y*BK0A`CN{-<wP7V
z#`0djSOgR>mgAm3E6#*_?mdppO20<&9ifLqY7v$g1o4OK;f2o~sfT|6&c0d>*TY+8
ziGw_dM0mJ|r&jn3Egcm1Z7M)vJlwqt9xnPiv&Idaieyq!zLtY(JpZpm?PQ<DJwH-1
zZlFXX<59>sh_5Fcp|7W@{!DCu_`Y69pD^Crd8ED`e}I<5_4S-mcqW$pL&PL}eH)h!
zanJXq@Xh2B-S}x8jB}npjR8DT@vLAR$30Q$AKzK-RmWVmBz*wq9-&iDRUMa@0r7|H
z)bH;&Qm6h2oPD(%u2VmqAx@ox;Db}opCC@1E`{$OSW+jQdNx!z^)}98y9c#(XS88;
z#oZ5gIk+wRn~Lew+iMmu?k58t-;Ty{ze-X#TsUMOD2O!sz?OD#NhdU6bF3&2x)1yx
zGT`wgDoOWN)kQEx?E^oXF0H>DQG(W=#oamPYAJjlU?rMt{kah9G>ig9Tdv=#Qd_`G
zZ)6toWk=+0J+wi^nQE;!vXlPNTLygeIR_w~!v!%OL??AjUg4NYvcJA@L=q8|U8HmU
zF|r_Td51mRj?bUt$>yEt>xf41Bk1z+OQXfxawa;ZBT}nv>7Edi`+wW<?x`7_;jXN)
zIBXc?-{9SRcQ*H>s@A`u_3rGI0K-Cz=L*Pw^x9qWfd$>3b>7Grtapqiv}d?#&(Onf
z&*QoM+Ed)OJv+Jzaqxi#-jZzb7=^esiLe!-HHjFh5YZ$eS0TQeMC2$$Od|&H+CH=a
z$0aVW@xG7OhPu7RT9?-d!fPz(wFe>1<)^{QPaG|W+3z=dAs{AupMD)2n%xlzK@DVC
z>|EaWF*DO`CTm@05`>v7U}iGdRP?Q_NFww}lsZ+9Miyc`CF|nr)uGgcOpZwzn(A$o
z_%L9EmTxQIIi1pNG8)N^Ml2&~c-vzrthGb7U_EWd0xFqIkVtrj!iM2?F}UP5`IdeE
zoO0za!NZ(FQb-mK$ti+JlT!+x0dewdNl_j&r>r9b4$Y_}T~6uVYI4edTxfHe`h1$?
zl>cECiF@`*;d|grKxUfS3+tUzPX<O?-Y2JIc_Xh3L7jSgTl^4H<NTaRGkt~Ux@nMl
z7tF7b;Y1E@#nI<Pq-)@IMJCjf1@hjm&MrQmYSYv!U@B~ER(bCz_p)UIJ)C}aEI7j1
zF^{UE9f{Ep-*?_hzvNg052Mk0(Dnma4tlz~9h`kx4tI8ZeTq1!;3DbE6S>I1v-nc@
zUOq$Gu!UWd7zP#2+!KMpyRGoIoaO4FA-yH<oJ+sR-5B<u8ZLWrn>^LszZv)ePj$(Q
zQ{5YmhK@d`x>6zU?kVx=3|E<fx8~~UulVas+v<21BU4rK*f|>6i%byS#@FE{EdDy#
zW>^$6kmH_zQ_cO*y%_k~(+3TUvLg(O0;)n-42Sr>9hN>UmTWoFuy_odeYG5JSnRw&
z9CQMP50(v?^i162k;1q2bZLVMi;tf|SWG?vD^c;YdJnEoSnyFR8JY6Xm4pTE^s&Es
zI>}-SHI+K<*U}{OF_2>G*~_3&p~e-#CWR3EWYKWL*Fh($4xm#@IW9^dL(Ka(|BiPr
z#3>q<3wY~Ro}JV0u<q!&2w&KPx}D)SQO9>(y_@%>CIV5+>9r$;OPa+uNV&*>8aA~=
zp3L({KWC@^6Qd`*O*Ti~mggj1b+h7PlChc|OZn+q1g?HZ<U%BqsC<P4KD@)I#+MI_
zMe<^saW3_3h*W1ZII*t+ps08te<h*3_ll)gOBnre&xa~we=)|@oo8}%rq6~)dYo`8
zRlx%%Kz!eTOds~kpJcm_Bpdz=oPD(%ZrHzgzBtH6^dsz#rf1@w<E8NJ8s+lSSHIx<
zk26L9)ghCSp1veDqAE&}!`Ls3xwP~9%Acc=k_|b9VR1zcncsPbIM~7{mxS8MJM~af
z8MMPSg2BiT%7f1D|4s%ZM^dJn-;ahVYR~ZeM4Q?1q)Fn1k2u`pp4_jq@NGL4g_+-b
zz~WqZ95CAQKJ)t^Z)8439Q1N@M46Ns=J?8-$R82B&D(g~J=EJW3d<w~9OaF?EW<)^
zMBW2|daw1nF#%fTU=@Pe>5O<87h`);ekrCmRmfmyN=5RGR6MZBXCtbknRs@D?3uCk
zly8KIk6p6fdm<@I>Bi$pG#`RxY{n-X1B}wKUd+kBV<567EP@%DC;9l-YIf{FLt**P
zAe^B<QaDsNBoqXZCKO7QnK~2{<v~N?ZZcri?Fxkh9{;jnih9Uk>jayj;KjJWfJoTr
z&bTN0G#0)mPC;Qp;eD{QIpeXFGp4JD44e{ls5v-p;g9b?xqS3ylH@piP#2p%d=4Yo
z)j@p506@6CQ1!N&Y4M&r-(E+tUlkv-h)E<xBX5BrCa*gZBU|PDcmw9P3ZnsYT19{Y
zTO*W$iRW$j#Qhn4Zf20K692_oTI1i)(Gtl885#hsMB#h4qMbW>M(s$9;!KgD78?n%
zgs<{BDze}Sbq}%xqXx`Y_X)9xs`tlQ<O53Ra|tONG8h^@%EVEF(JDcQZ@tk~khBrE
zv;()zhYYI`XoG|mNzpgLAz>wmG-363awRj2qC99=P2B_r*z5|c1Kyqf&!3tMQ#syd
zSZzUcA*{Z~oD%o^R0`iUCjl~Hbr0-t{)j!evAl1FS;q&j>5i|w@fY#15}-EvX@JKx
z`W|yRdVV<cV;Y|@?;#ehg(ZC_mGo2BCNxy%p#xbCx{&__oPAmPO<fL><p3Xdh~?!L
z*>q{(JaOq2v^ws&S_)qdm+i)-GoZqWdicm8pNHx`rmfr4);+YXdx$>wYD22L5OJ$N
zs&JYaAMt%aZe<9oCyXC|9IZrf<B7Ms3PpJW-HQJFM9mmCjHC^|7z?9(_fMdF7?eZD
ztUfyUv0cuSeRa&zI`C}JIHjXS>9|wr7^!re<<_wTI@+8^hw-puH3lLrcK(2KDP%o>
z_<lT`9z50Zy#6?bJfi<(vRa0%P6(-Il^~1>;dlSZ1=t{jSa=&><yrlE#!2J5(E(`u
z2xZthEQ!(h+gX^#zwl!;-V0IaVTwlL3-?rpP6+n|y)8e-hz|Eucw2_x#^JX+93+^%
zeYPKm|Ayl)PZM(zcfgXqVU|9a|N5gN4d$^2Xz3Tseco_92TgXp;dlx_<z##n7;NQ3
zYEueB7n$24#@)#UHiNz%p#j%_V54<$&kLNF;=bdKm$q(U_a`n#Bb>X3it8zfu1^%=
z!{X>fJl>1fWQHd_TrcU`8`*%Vz!3Dy*Uk;7Qzi~}n^>PR5#JH8I^U*=zhRKXpJcbk
z;tZYH@)4Xm+hyc`BG_Yj7b}MQ!GJbBK!UjEV;-W!eHZ1q$gc;v(|%OnHWlE|gss76
z>Gae9YwlDn-qAHu4p#3nV6GfP-fh4f0oN-K%d~dnFiO#T7957&gr~T1xO+2-R{bp7
zHd5TUs@{B3Z-``w?(D72Ai|8m>Wt1qEZo*%T<L^)7z;P26+^^-lW6Af_TCyspCt|0
zvKA1m{7S6kQzP08?CLQ6^I<)WP)h><?Q~h3UuWrFPCAdJw+hc#Lr!urImp@H$Aopt
z1Xut^^);cmj|s2|>l`j^QbvwZYm^kiRtuFB0&AR4`mkV?^JyOh8rqXWv_?KtfNm(h
z5Y^pKD{Vu0fTNxx+={`2R3^{SmXThqqKBGChav^+lz5y^9_tUI$aY&kjI!=wGV~1M
zm|c3d%>nVuxf0*+e~nxoubTVIkEIU%VU&9xMSOQ*jKSD}JID`;bYT;dXP{FZgl(Fh
z3%W0h$$i{ENZqKzWcgT1<qo__pqfDPxIZU7Nm!)dsF{>mYahov$uQcGOcTl(2xyLh
z5=lhQ!ij8Q;scCZ)JVJ3AW^%#JrtpKdDlIXY~2B(57>DqCAxn$k<&<3zQb2l!U)lx
zb~Ea*m$(BVDN>+t$Wl=dX_kt+{zJ^vI}k;A(52$B$~vJ;w;5dvQ`Ba(c#O?(i6d%|
z4y(E2j(fsV_zH8ynJUFEhaJw(xZ%{6tEHmaKUOFYhT99&a7_P^j{Og@?LC>^mW}XM
zEN{zMqTi$RuarFOspi~*_rJX^{oOFxDT4l3UW?*+eJofH%=uSSh6(Z~!G-U?QVfrQ
z0gVhPB^gS|rEVp+fV|Cl5sN^*SPRRV20_TB4Zi<s<fkxSJxI$idt@X1=xw<Z91edP
zP>-c3cH?Ft%Hvsm!1NBtqY(>;@HW2U10_6E!pHJR!?*Aluq)3`B6I|g-KjB^I44t?
zMNa!vG|LBhhCRr<pyiBJL79wySJa2-f4zsta^R3bI{|VfXi18$7Y+$pL8J-V;Yy1R
zT19!#pj||UnAnr{1m%SvnxGAjM$gBx_o7?TpFiWSIPQ5#3g36I`b~EKW?1ih$;_!O
zS3w(FFOJd=M9ZV!KL#bHWArlKU&1TiJ^7Nkq$9HNkUq+VVd5i_LX&Waj|7p%NAHp=
zxd&8~2lde;b_Mb-m82Wk{~-a%&lr`TVbe#yI8%HS=TOFX-$~)S3X9~VkM4vW&R(`v
zTdsW6eVKMdXr{W!3{6%y7Qd^*QsNgV@fVI1@s}#`Jx9C5p9k@6-QUpxAIgOm208YS
zonK<LlhKy^SZ4MP@t)dYwtU(yP^-|k@Ha40oPSUd5APu7H-KC#+h+l`Ia}oQ3BJ0%
zB}9EWr}~Wav;4{zlP7+2Kjh<EdMOcC_jx#H?u4TUAbpUeHwh^h*xUJ%_}ULhOO8nU
zS`QXalyobO?$&PBA`pb!;>;v>DuFbC58oLopR7}aPgDO^3yBWYyGb2sU-zeuNEL#T
zRo(a~3GZFsBeVMWekgFhcON2I2$8%<pS8B54T@z*qW&3Whsq2ciJt(}-`unspZk0m
z3?O<GLX=ei?iGMrHvn+~xTyrt3_vCcf2^se%75Mj`F8D4cH(yrB)^k9dgESvDL78`
z7vQt>m$mz2rS1O7rJapKh0(bv6Co4B7l!jo^5skMdvFVu(tRkwQkrnyLF)nR!$-;5
z6Pfa!0lpa@=R^>i@K?TokF`F6obKH`;+R%^+Cd1h5y5wfhr0@+$jFd|-Knq-LPhlD
zqwrQhe-V{^L}&&PlNs)sk`x2|uwrmpF{ktwLk3WXyDo|jp!I$1Jhb8A(tTNQ1>3(*
zzh%Pt@{SBy@N4{}o!%DthT((z<DQh*{t`2qE;_(R0~j{nB_ZXi-PY9ZrUTdy*Twj`
zSJT*3pQKzofE6!cL6Yp(WS_$d_TO#^i#_@a-}?pH%xHUS=`$ch=)r!L;V%3*0KeZ)
z#};9J3qEa`jBoD`pM|m74ev-eCJ>I^&4u_*e@Y?5x3nY<+NBELvz;U?dMWxLVlP~p
z$PnVmrTZG5;vF}JrOya&Yw0`P<6S)dSPq2011ie%^NXvRI1Zp{pTFo={;0@<7GPjr
z!*l<)Oxx4&R5yP4A!+>oK`SAuZPBjOuXR+nm0VSF<?QJ1N*0vhw?Rg~F;af|BcJ8G
zlITBYM?aY}mcQ<h<KOYmti<+vnC9LO*+qXazt=G*`uUvbCo`k}DCr&XM}K%%hJVtZ
zn%?DaDqXXv<l2%&CEqG3-_@4V_|Yyz0p;mmUCQA1)&Kwa%IJ3;)$bZ|h$|;2^Ptzz
zEY~$CE9>aNg9m5lq%JEXGb=l12&@=1xSuHsw4^|e(Y2XUW@e~TBVCZen^I9^Wn^hm
zRrZICoQ(XHR$;-Uf<kL_mGl~aVmDA_hk|x}MMGo2#;+*{mIfMZ{F-gkia=e+#xL{Q
zD=Jp=hitF$mt8flV1`{bd*(T#3yT*nvP-6yUOw{zdvqgr)rT*yKG+cYSLiG2LbcWZ
zn!Wf5;={KG?E`&HJva`_AIhHbRIs9{F=RK^2P$i-*VuuY&@%WgKfkiJhQ5RA^7GYi
zOp7si!LJ3^1ydYLf}v$8di;!YlHpvtzNT`y%^&u~OTh5=(U+gUEC}_hmIdn2aVvw%
zYwDKT6^(X9Qlz%8slFa!Dr~ee)DWz-XU!yqc-5X#U3DRupu}#hsS4P^YEaI*V#cNA
z^Gd%_Rx;z#()l)juNYyn3JtW?FGS0aF86D{kvU!o6}y@mX_Wp&XnRGlDsZkHT2|9&
z<3GG*FRQN%HU#o7TvorT(XPd>L|Y5$_@m$qN%f=8TA}hlWw5EX%BBl-rTRtaBu%QG
zKj&;WhUDk0C5rWLN2_AYSX*_qc5I4|KidpG{Azhqy^XN9`5Vwl&mjy~RPYDPT^L(_
zAX*8+&qN1mR>D>25B!dE6~;~<>J@>;#)_qIGDlUPn(8Wh8M<LfLvT5|6ZP^-(N&i2
zvvLh;dk-9o7hf^|3XH^aZTu|y6?4s?ysV-YBX|W3s<)R^q#9xjxu$4Q0c0MUZanBp
z<cG-Z+F-C=H5y5SfnMJbtVF}?sv7*zxx$spPlu=avO-t~$RV?m83;eCZC`%H%+fg}
z-;@qhEHGU~T!Ae=*nPq1DrB1j+n*Y_eZq!uD$?-N=eCk~uDI3}miYB=lfVv?+b=TA
z5Mrp>=riU=h{o{JF%En6@Rz{p*UJ*&@OM9{_@VN?aVB)*ssby=H8mhD1Xs8?I2i3d
zbryb9{dyU>+K7CN9{%7tJ0-BXG7zXjR?zU0rt0cIL)th>b(xlRuJ*f4$0L88g|Qc`
zs|!>zhac##^!=&ba$s+A?3agv<;(=-MOGhhJQ@xxY6V@?7aZ?O*t*;0_u^q_GEpRd
zrQX(6sYu}u#T%@0NQzDJfHJw9u9JkM^QWGS4(vzeTf_y%f;(*toY>~gn?qNI0;@wV
zdrkN@)(%j~G1ABy{JN1{jk(*!XzK6_N2&_;32o99fx2%u1)2~jO`%m44ORA%HK9Nw
zY05FQf(`OZ_jW@d)YQOiUl&+f5kfK(w5FiEWeCW|WfjYjqidL1AZ>s+P~FVf2{s@b
zRk@>RRbWY~+Fpi4%WP?BZ@V*HQ*ts`)ld@(*nzsrhBfseXcgPpDN2%NmZ6PW9ibT6
z{rgqPX{cD0lE4AQhE+ENS0Hg$23IgS7`aLBH3TZE`i?t<ZPFRqK}wygSC&*X1}09R
z;h6h4b=6g3Hoq8?>gYz>KYxDNxT1n0&rm;Rawcuh&;|8N8!D;-7uZQJd4|qV0}jo(
zz}EHn;?_WA{#Ah`^JI$4zcjE$@%Kev8E9w}wxaVqLp>(VSxMP;lTwFnM{Hm<Q5&q|
z0x*Pz*(#jRg*TJ4t{(X*jP@sdvj#&+&2F5#)ley~uDYgh5!@jQkCc!875<_{E_0Vb
z5zONXpehhT62gpwW~Jf;swzU5T$k2VVj6E?PgXTafdxjgx2!(hl3ELx4zY_0i|lz=
z?^G_MgtCSpRuaM5BkvwHb*dhMy{Y!=;f_>YAFRU)T>DVR5gLG?fj=eqmIT%Wu{tT5
zpko(HHRX>1#@|)*%FE_rO)%q%Ipwk>uosVRTs+i*7cgB*Yt-NbrW_Gh8K`cmRjUlE
zp>btV{&}`6HkSnKLag&D8fA4^U0bo#uB)j<XkdLS%U!OQu$aT@QdYgna0INZG^-mb
z&>(cj8tF0!17<0A7U;L>YXYa~cBZGV#a6_`W6^k@q1WqZDra!j)HNYj1?wn&1(XD9
zYlExUbF*e&u5euCSk?>|A6Ep-z2mS{)O<~KwVX2R8v-lsRalLI+nTLcazU(AtIR^Y
zzG6*n5b3}~yqaXuRoF|^tY}(cDmX7wZ>qnSR8%g{=SyX<evR%v-JOzussdD#9C|w5
zO|}cl__UHnEto&6*v3>9Lf%r1VT<zV64fM&JGzFtirQpngR&o{+ysOkpXBB?0m~bt
z?^J$9I}TXi8d~EBE?iUW1FmS*j!0)}ItSMQa?h$f%lHrtL0(QtCH;Zx4zu76CfSlQ
zg@0N71^K*&jxIR6aj4uXnBoS|A3Ui3RDa6AGy_sJ^;w!3XD3~2GO4UD5C#LUD-LX5
zQ{D19_maXmJlV>{qt7nj08c|G&FqsWSJc-cgL3+|mj*djB$Zp%)8FgueI9==<FDk-
z-rgVJZwLO~!e7Z<fbsVQ{!YESxA$!PU4p;*UA?`pJg5FH+}+#T|8L5(y}duey9E5x
zJ7S$K^x=Y>32;?oVfkX|9lzR`Bl+n4Ik&r3P5sJ=*3tl$OtOKMZMbUO0Iwy}XUr^}
zb+Lc;C6~^*?D8whzA<;+`~_EDweXu)S1hTl3REv$R&(9*+7)%d`foQhhMHEcTD|7_
z!lLo#P4G=Tzj)F)<0vxY<gCd&8^AkW){n!zz0aVmZG}Hj-hlEpl($5Cd-+Dz8{h5i
zwQ;U_+-<$R(@=gB<zkd~qHIPvD&E_>5#^%^e0K@TTs+Xwh4TLQ@V&S=N*nfmZ|@wG
zIEa-i<NCQ)#_HURlZOq-Y0DUrOZ+MLOWfMqdyXQJ*MaFR>kLDGGxQAtFg$nG@R65z
zk6xA2Y+ZEH<g?E^<8%rj|4jTfLoOa7OI|kauEpQYXy-!MX_XAmy(M#oXK-maE9>$M
zSf%V~M%8Bcz~`pPDii|RyAgjc!Z))}CS_!nB>CHc{s8rp-1Q-;miBf5KQx9%8Qk@m
ztx0|hdRL*o^%@Wu8?(aKkbwGa)c+Z8qtx)YGFe}h$$A^8X{aCLs6I;7e@8VC_4Ext
zi_rFNZ?7cu>BDpH$eccW<n39d!|nK>>BGm|mhB&2c*|h_@Z#{0%Z5*D7+zd5ys%{W
znCZi9(1CvX@Em>vxAkMl*#bE<<$tgL^}zpn;P5?Qk5aT<c+zU13qwn;{^i5{@W0Rm
zc!yrD!V^`=9M9_)H>*;kt-||kLExDdxlE44Q{HkF>w4xIUZ(!zuX=-oH|W8hO#s&(
zy%QU(K&w;Nn+;k=ma4#8{Bq%qf4T6MUY|>oS&JXA1#fan4xT&ZW#$D9T6mCGt}%E-
zjhDf9;_)0_#_ok$5T5Un%jh?5H*{b0s`kO1g2K~^(%xxW9^On9*x0#G!)?Qr+|M-3
zy!ij(D%1VaUv{<b*p<4xMVI&J@)2Eb*5z(pzNX8!b@_=d2kSsMUYBR;a-uG0>GDcl
zR_k)5E^pE0J-U2Emz#CDTbHlt@@-vyqRYWLFpt;enYx^)%UQa-QkT`b<da~$ZqemE
zx_m^Jn{~Ncm#^vaZC!q%%fUMEkJsgyx}2!XS-QMZm({vlsmoh*d5<n1(dA}c?$+gN
zx_n!gpXhQh9>C;vye`kw<wRZ1(&d%9tk&g9UEZS0dvy7TE;s9Pw=Q4P<=eXaM3;lj
zz))uV%da^b?E!iC=q)c(+4pdVXFjH8;BvgLxU^(ei7&r&QqhF`3Fpr&$)Dt#QIbEy
zS2DeD=8R(B^rE7HITd#Q-2>N}{QAWq>ND3XenW4h8ThC})DJ&I{c(q=Kj9Gdryiny
z^dagC4pD!et~c#ArD=chA^4{pqTa|$S6)10#s&761xuRhLQVGh1-^p9{PUUwDq34q
zTu?Y+tioDWLE|zUmxU^pSOv0Yt+xtr$QCFlnLax|RIyY;OY52nmNeDWR^``JSp|f!
z#b0I>RIRCNT(d%zp$1j6QXM_^0m@O=5U8yngTAY;4N+wcUU6HnG>98H5-+F*7DU0S
zicp1B5Li|&hdbrVsvyKbinY9=p`l`pB^>6ST+{^tVpqkAno8V=tR;<&Rsqg=c@UM(
zb^j8c^ECU^%)k6?b6%#@X-XmSYWm+G@CcjC#fE>rzA>e32zAM=oclTr0OxYUAJR9b
zJi|?l`~LhBfcpe<vEeuC6;raFms!7<`Cnlz>q6Yn2ZrCQXH40n7aCmeu<eH5tSh)L
z<Ql>7oAr??&3XtVa`pG$<-j6MCha%t3sXL>`HcNWk14M~J=ZP<HtQEtwrPIaPdknM
z8f{&N8~W7noAs0_7wQV5-|(CEGYZK+9e=#c`plGOJx6}7;rjEh1&%&3>q)boHKkei
zfkdwU{l5lSH-DL4*O;=sAA?!1nX;uHf3BVnO=;{^+Eex$Jooi({kG;e<(*ZAQ<X-q
z!QR!6->lzFY1XlZzF%{!f7AS?|JrX>l&1WPUN0Md+uZ2#hbU>k;eS}?ZBzEoGX3@c
zS3mxd_b9=p+(+TA%lOTpp2iKA)MlM+_A7<=DT@B|1~%pMAmftV@SFWi@nQ163|^XO
z_@~`x1G21Xn!kU4saheCmpAZg#ugD~-Ckz+wPQ_u8@r9%R`9s>oBhz@2PiGI|5DI_
z@%IiY-2B!?Taj*5#bVR33bbrpn&N%j&?eLV#Shw2wfI3PtUYF<slWsHKLnoo3w6CI
d4F6bz&?RYkxl5y4)u`8~*8hbY>Ebi!{}0Dczk>h(

literal 43656
zcmeHwdwf*Ywf{*V5UInUHHweQk&1#q2*@Ca4*~=SMU4W!HH2hBA|Vqe6CPH9IvLG4
z9Zg%YRBcPuTI;Qr)@qT81h53Pwb+MJ>upn8b&k|Zt&d#Wn&0=k_TDo)j{z?C-p}Xv
zhX*oyueH}&d+oK?Ui)#*%vn=5Z%%$*o@1^7&N&XDw$CZd3|-LrfX*P9;Y@W7!{-Uk
z@y;N?0|lqbXQ%|F>gv*>O<Jh&1CWw$YQ94BPEXKuCN&x|Ezo8CC7oYZSd%)AD+uyY
z*OGe$MCwW=lMYt+MLIQnRF8b+ny*~*nRJ-e-=wB}Y#aX;=<?p_Y?SdbDQS6?zY(ow
z{^T|R`=kpL+A*o&y99jH^I)%Gn($IxUoN}s))ko4^uvVuy2Vo_PpGdRUtibIymI`?
zsZ+*JnOxiyE}kUqrhL+#chN$riT$ljA>~H_CXVI%njZMo$=_`K{nh{c><ug4no;xp
zUwr3FEV~$grr(?b=1#~bt{i`t;4d&U+C1&O<O!3W{piTY@BipXpmJX4gS|h3XL8^l
zg0lV5uY_X#;a|)_|G6CWg*ouP9Qv?Mx1ZLXnWNq%Ipn{dL;fo{@b~19e@YJeKS9U-
z?6WY3KCk7F|7;F9=^XSo<-nf=IWGQsUk~Ka{|7nnXG4J7TL|EhIq2_0S$}p|oI}qu
zV4sow$X}jA{=yt`ew3r$f8?ManxkJ{$w42>fj>Hjoa=Mwb3+a}J96NCIq+k1;BU)e
zw>dfVd@cw5f8@YFnxo!DIoi80hn(3t<Xn_P&&zYjUzbBpYYzIcIrQ0`1Al!E{G=T9
za!Jvj|9>rqKG7Wb4|2%an}hz`9Qvek;GfBXe=SG7bvft<<-n(N$QhlZf8WT_uCsE;
zDaj${q#XMEDF^=ZIpnnFpf3XcB&W!kq1QuZJ&^}FM>xkiYwvf_62~#?p>F6;{34Av
z>z0ophxpoF^bXb+RgqPV(J<E(6N@K06%|XCg&QiGqLq<oMTJu_cfo}f)uBjeNnKMk
z6j^ZLtom?6XhG%T`j9H?w`Atriz_0b%4&z16_L7VNODaT%R<YXvP&<mXpGb~L@Pp(
zNI23|QPU`;(NI&gqNcubNs}`_SUOQ~4WSiOv8k!v=(k|r{EDVfWO*n8VbR)fwKISI
zyoy;1uBd2k3RP5vBGI~<x~j@(sG_D0I<inHz+6)(T2U2lXb4qB*+Qsgm{}3?bxjp@
z4Rz21pG~zPC0&|wae3KALcwAvB;-pVP+H+oFH0fTR9RIOYP2gNa&cW)IIF`IwUrIk
zO|_Lvvs$nT<&nDO(CmWHs%#64b~TYuNV<&HnBp`=BUP16Fk8fF3Rf)+MFrEi$_cHk
zi#oN@a6`R(HaSZw>(JncQne-;X>Op2oN!~buA$m#RCsL}r><d2Wp#C=qOxHX^3b^<
z8g6u&>XtNA*0Y9&Dpb+f9Bp!H!jYx$7?`qZX+>4-(u$hOx_SqlTvJ_91*@TodiqU+
z1E9V>T&4AFtgMSTuw7$awX?LY9xTf$8wEj3QwTbtluFb!)PyMzrb9*0vmsmoIhE16
zaD%g$%7c)NM^l`p+U96=ctwNL7>3M9sA@S`sV&$uL`_wd4K-|fWn>AO1Lux7b>XTg
z+J=gkH7#+Po9aWMMyIMi+(a8e{TgxD8b@_0G^tuyNgt`Kue&kCN|uF}hs65J8d1to
zrH9b6%DM*Xi29&-!;%Vg3iN5v0*zNqte99);+!{c?#x*glZq!!&SbN>NoQn`lZpcz
z_4!!aXa8Y{ThIVqs%R7~KL-j;K6ZCDx584E!t!$<@`EH*c~wRUq_(+@4hlCIrP+Vf
zllu$)a~#Gmm+6RQ*hUR>zKA%+D-Zb}gMj7Scii>myHP&axfA8Y9aUH7;|}p24c{i^
z1<r#SZa%K=Ft+{&8F_imgWw}CFI8WDrarSDHF2};L`64M$613f*Z9H>t`Hc!fj9KR
zNAFZ}+I!)@pz)o(@V98Z^X;DU6B_UK!r!6sGkW2_s_~0@;lHNwYkT3psqq_n;lHEt
z?Y;1iX?$ld{Noz$-0wQPjD0p~yxR-^w2}WUMbEu7IxchVvhYV_u#U6a!XItn_gMI2
zEqtei*GDW;YUa@bKo?u|X1*kzdtP&y`I7ic4HD^E-7ezkujX3$4Og-}-pDgZq-!la
z$EmqmExdMJDQdIuW)5e;dJE6G&9%Y8+vgJxTlmb83z#-qc++Q;waLN{F~X6yTlmjd
z_+1wMa0|cN!eiiOu00lhXa?&zofh72;nNo0jAa(@v+(x%x68tR){^6V(-nv|;F*ZI
z3N3t*K_VSy;g7NK!!7)93-4O^<1GAW3xB+YFR}0^Soo<H{zMBu!@`fS@IedjTKIAc
zf0Bj2!orWV@QW<`=Pi7#g+JNCH(K~n7Jj9LKgGhYweY7}_*M%)+QPS4_%RlKy@fx`
z!f&wfV=er{7Ji(C-)P~-Tlh^DzSzRITlfhUewT$WvGBVs{6q`C$HGst@SPU^bPJ!h
z@RKe4J_|2P0bSN*;ip*ij*f@)|1&Inp@pAn;fGoHX%>FCg+J56yB2=Bg&%F<&$93(
z7M^E5=9+5Z&oM}(Gc5eM7Cva<XIS`h3twvCudwhlE&L)2Kg+_`TKL%(zR|*$S@@L}
zevXA-YvIqc@U0d;XyMx|{9Fsa-ol@6;Wt?L3oQJ@7Ji<E-)P}4wD6lO{6!W%82f8s
zFj?@yt*#S{w@354cL!t77VgMUbO&x}ah>i_E%@}0n1LMOT9$jA-MB{GNSITiw_D%{
zVNQi!yTI2I<`n2{6nHUVPJP}6fv+N5K)6ldO9^wT^VSM{K4H4I*C_Bz!kpT?MFO8m
zm`e?>T;NHBImLN11U`*0r#7!d;E{wmrFpKv#}VdK<_#10NWz@LJV)RmggJG2`#u3;
zR6b!&Szf2WAIAW5N#pGn_&vg$y1aIQ-zLl{%iAdM>x4N~c^d?Nl`y9$uT9`z5$00J
zTPyJMggI4tjRJ2c%qhxSB=Ba!Tq1ep0{@6Grz&rTz>g5-6y=o&d_Q4MO`a?8J%qWG
z@`efg6~ZSHb_Bki@Cd^D{>}E^Lf9qTDe#SiITd-k1&$CNNw{6$>j`t}@iq#)m@uat
zZ-c;B5gtXjP2fujbBgiS3Vc4{QwcW;Jd-e|6mOBhXA<UA;*|?Li7=-SZ-&695$4q4
zl?XhNFsBU975F&9oGQFw0v}13Q-tRTJcKZ(25;ZLr2h$XO7J=b{`eNaoC>_%0>4L?
zQ-Iel@Y{qL`n`<;zfPDT-`gPYtArWqy*7b=MVKMpTPyJMgc;hsMuE2zW=QuI3A~vw
zL%CNj@Q(;HgnKgteuOYXw^t(Y{e&5^Jy+m+2s2cB!vy{c;d2N(0^d%Uq1oH_Pw9Wc
zGYEGId?R6oVsE#=5yCSGw+nnd;aP+?3cQ#wL$0?$;HwCi5pEOsQo;<e-dcgrC(O|5
zH3~eFFhi=hD8paV23W3%@61iSbX_p<dNB5vedP=0r3%hp<T$~U@7EPf&Tc}a>Mj}z
z8Snc?KntM0jsd+em@4=((%`hNVB(GFu?UIpeGwo+qVL-7&YEKXh!&B5?G8r4EDZiD
z$(IT+ZY>Os`2_sIZJ!JXCiVrlrOyrK?F_#3Npv^_eoqTLoC0&nTYL6I$Z?t{1Y>8f
z0Ru!rpTmR6v+n_v_Mr#TL452iI1F@oRA;S&>mNHH673=RwO$P<m<uLuP6rdsox#My
zJ;9E$E>iBjE|^@{8BCUS1@m_MpLG0Bwg;<rqy3k_LjETQ<^z!^dmjYpq!Vi&wykqu
zVtcae{k+|Y?VuW)q1sK7#4t_Rl@~oC7%S__6Uo!d_C(h2&1+MI*X|HyzWCRTh&zcb
z*ZjG=JD7N)97%OBIdBvQb1+fXHL;y{6P>LLrs-d!bJLG~+})ihczP{bemVwYqTo?v
zgB|hoU%I<N#O%IowlkaElg;kRW_O!xD!%V6=<p0r6^k1~%YuoLoihs2i}8JF;+KY2
z5e=<MP(_zv>xesVWGXJqW{2r)NBmi|Nh{`pYb|w5u45Lm8{h2ienv_Y9qC_pb$55f
zH-Vm4N4yY)Dt9<?jJzH3>P%@ZazBM}I^y-LA)mR%OlcIk0toJi??R3??1(>2I?1(b
zx}EWMG}_r2-{-01?e6XgJL7*x0{S0odbD>_w!Oo%jcm_iN2_e!&Uhv3+ZkU>=AH3H
zDyd@95nss!7bI@X@;;o+ZpdcWXR~eDY-={VHk)0U%{FGUwb|^VZ1#$5wp?dB;%>&&
zCuee_Gr4h@+%V*n36Ih_G$oi3v(~gP6)!>gX3oi(?tTA5ba^sP9}mXbvBYACSaU6`
zfxf@(zq-5Q?ad=%G8FQgk46-!L0S65kGi`zu}W{$<?O^3T}4NHw{fw8H`id?lZ3a%
zlTr}tI^2Jo4`8A_m^vy>0T`*x^(Y^huLgH50F3wU&RB{<^SnR8hg3e_`!(_iQ0pN%
zm|8a)ErhbazXr%ehp3Z&0*b{j#3v<-if;y0vLGhJzNbl*3jE0?PNR8SxdKbCR#p&+
zvG$?CM4VZ#O4T=7)koikh^4lOGF6|yh0nDli#FdRb^2AE>s6i0Y=&s2&LL8#?}gQ1
zQR93w?G;SCNYmehVdwpsaMJg%Cc%)mNv<SGyO0#bg=8HEB2?UUHRWiN+>d%-5`W7&
zkS2?cQ7YC8gKv~l@p+r!CCF7~S@HqIB@0F?;T+LyzfD_agijUWo4<g@Bn$jXco!*C
zfn_#BG$VY768^%?U`efGXaMa{n>Gy!(fs%5qh!&wO8Ae2!S{j^KFnq~CL{dO_o=zB
zL1-nA*p?fCUh{5+P!)cly0iC2ke{o`5ov7leQ4y~tI)0yN>>In=(_kS%gSddU8AQb
zi=Mbqj4(v$IbZ2nYZHf2zp`)v^lU@(Ic$PSnQD@8&O37xnCg6QQdFwwEXaUQZ2AZ7
z(d~~vh6PV-iwwFo@buZL!mqPuQ@$frg&$pMY4-_Qu$621^j(x8tof_KdYEFpPO%PF
ztWVplJIHz>S+C5n=K1ex=j<zCJhp|w+-W}B|D+hYrM($~H?9&R6ez)eW9w6aDqHaN
z6wE0#?Lcr+CXsmiD)2@X?{n<$l<#%Ld#cS_OkS>C)6c%g_Gk@~GS|RF)Sy^Ni76@n
zQd0hOg=H1`*H*5`)2p*m{4MukQ`Zr1MWcAdw#W?CJg)|GIKpQ>Vi_ZW|0nI}k^mTM
z67ly?uoZ%w^a99C#NTI}C9D<-hz(BqRkSi8V)tIAWewqAxxa~)DtdrPBHjhgU}Bwv
z8PKlh7k|&xW671+bxTHWYzvikR-J<|U4izd--34~i$<+v1qC;<t5d!zWr#h9+nEsY
zN6>BMQa0U;dQ=eSpwNz)6s=1)4J0b@(q?WlrC~6@gJ59z61BG}%FSzq@I~4Ol2xaE
zYXz!L7QD}1N%{WG-o#qe*5XQP!3A^r-F<958)K^Z2C7kVE?08CujIU<<P5Rp96>qf
zQ_goGC%8%OBsVwGy8GTWo)%0!LEtHnIh(m_=lDWr24h`=IeY9|F6x%4YHn54Ja8Gb
zHgWY4*nR6+tY$_=-Gt1r=-tV%M;=<JX58JVKw84cJ_$`p#D9*)#kTOX`({q77o&#s
z85Bvwr{AHX1xujBGXSaFXT$>0$;qOHO0`E;x(>DtGA>fS$x6esnHUWVA<jDvrzol-
z$KUc(%)NSn7fftJ_qv$ol%+B6pq2u0Ca(5kTlnd$qH;becMq(ilq-jF9r2q`teu3}
zq^uFMPQs#RFp{YI8ZdBFj!b_*Q(-Ay@K<(YD)2LVJYGTjr{d+xmz1A#xu|MA6RcQ_
zoMI@rT1jl{O?8w|F$@<sqXx|Xs-g$&ir$4SmA+7J<lkVW2RPGbS1-u!$*w3nv)Obu
zyDyvV%4QuX50w!l79f|15634Wy5vv5C$!(U7fB-C4kpyI3yCtL!X)CX4h5`A7pTz{
zXN@ReZNpIomTk<!WBtny1Hj_F1)Eqq#Jem?O42c-Py`w1a0?1{I9ir4q{`7bqI58k
zuVQjAmE!CqhE`6p2o}SRb5$r=^qd5*f)nYIsleARXVrS$al4EPIuVS#<*#&^FVUlL
z?fqO*^1=1V7U^zK+zX1BVDn;INH}2is~$B?zXb2W{&sdpyv^cg-sZnr_=yES6YyvH
z_#6~^4A8n;I@05S(f!hq9w7kzE+PAyWc&)rbBCiw2Ne7m-Igv>x(rdl{ygxde}s=j
zL3_kSykS;Wx=E3PAVbqV#Wrtd^n{rCG+wN0z>2BKq9mB$qMcD%&$o@yB^5a5Qp<>}
zZ)-U?)4xacZQeTUHuZGpkN=r#PMJ52+Kp&;B2Kj>Y+&eq8A8P+(pNzgybctxE&Oyi
zNgk#&xK3$sgVNyXODqj`K;NyHGcf-{gXB8SecFi=FJWzR4TzuNM3m|HA7c4rmNba6
z^maHs_Hvv%KuF5;2|&YCq76Tt=ydE6kU`lDnkca?S+w*9m-cC=lcfTqY_-NwEi6}@
z^mbOK_7}++!_Hm{+;X&Rg5qrvUf&Z7QEe*lI!u|-(|ZRZuAzuEJwzn7YjMG3a5z+N
zggN!9d=NFu)P-FP#u;}Z1~o9&HAEs5=N8yNSW}V0rzWAAU}C#k^le1NdrziOdQc6_
zP|14Xc2H#nt2oDj3j^IL#^cZe0TqDCMo-MaQXt{{6cA$QT$R2VnPg$I=-5V>GFi~T
zZchbXSzwvtRStrpuCNeXC<MMYNstQs$Hf*M{eA1TG+PjT+96R(0!nHfL)!l4ffZm-
z^T0c>xXc58VK=1$DO;0r)POk0%{b2&j4M9|n)Ht$0!Fty{2`*hA!u%s4fQvPzE#lN
zGaK~XM27{<4RlBRE;=7B?+^G$3MgTPRUpQ3`n!QV_rijk*iLT})+jhE;SRAEeK7Gd
zdM8gAU1oK1R%ST6a6H(XMF|3Dsf3BrMEg^$Wiw`KM@5+*f*+2yi2)t6GLmlDiTfyg
zU`F`8mT;&i<cYg}#;6vPW+5)Ju><^f6hQ<$heZ$^l!owJ2l0v?tK!vKD1g>H09yrR
zRB>7KyJhIEWI-|ADCPU^d{`nC_!4g5WJc9j(X(5t!J8h#qpSbTIn|7q|KZ%}LOHa4
zKXd13nmQS0lASvhWadsG>2S0xfl@)vo%9=ehuAhRn7E|S%muxt(PL>JwWz(N9`;NY
zywZRq<y*@cAQcGALt<vrv(OD&YiQPAK`Zg*t@)@v{dt@UC=i8C`Y3>Uf`|@I-wiGH
z7Np-r52K??RI?;O&yL{{BG$w#jBR1!G+zjJACKzO-)CX6po|)U_HzJ}MZaGPC|OXV
z)EueQyaTuUGHR{^-PQ&wG8UDYnW|+cFjz;(VI~$TsA@BvTu0S%kjC5BltT1x>0hYt
zQSN_=ma6*NiA?!^$@rfNoM_iKiuHwA-%r^LR3Uozsp4!HLRS&dRh%zX6sjt&RaLaA
zDt>xCb<^vZ?V#J*$SQb9haMJ#LC5C^CghAaouX-hdqd$00j5`J+)D~Kj9_w|N>ZeN
zthAKLiO-EtF?%qp_Yl*tcHhMa6+J3L-I4w!m_2^e#lqc7hcg0kegwgZ_-|y2C|E=H
zf_9gKCb>=_rRv1XM02y5i0>h7M|>(|qp{LmoSu?#YP^{bvgz*nB2{0HmXj2oBOI%7
zLcUHA$@nfdDvz^hr!-G0xq$j%aZ8M$Oesh+U_YW}#Kg{E;+N@rRD(ojo{;RFr?q*e
zkP1TcqoD!z1lSbKs6!Kz1?$kA*cAQYVm83{Pe}r!=Lxl12K@spUO_1^T66!MM<5)g
z_r4Az6#N(N80uA{Y~9q@MN?@xSy(0FGm!WHM7DUb&VOR}&&?kC>ntRB4l=VP1Nk(B
z6FtHZ?;5Cy(a;jmY?gf?13lYv9PFQnzlP7)mLKEOi4Km*X*c3F;Q{_TFPwq-qu>(g
zC?g(BA3$qN@SoKz%|p}yIR{s43uQU0V4Tl`1IAf-y%^_R><D3;Zb<^4v4_*kP}obK
zn_+Igz;dZ$|HQid@t>kRS@g>#BJ*S=bBmIByOQ}6d;Hu&nRkH)W|)Fjua9+3MW2o0
zV1<JzYg@aEBT)^)qQB)kXoOl`AcNd)^qd?)s0|60SK0N(+{7-fE?I1j432|o(s6tw
zOOh#}EIMB4+z4MO#ceOd66$LP`tM+_WYI@8(yn=+fg_Do?V7II^~bpu`6D22^L~1c
z-LQew`_E9qbiTjkw}g`GWK1N*;q3)lGlXDNIBFy@an_*2B1(x4^c$4e&G|Lu8!t)V
zDqD$B;P=je4(KNlGEGLx^2r9)HIKn)ObLM=lzH1gp@yeKpK-LhmN7;RNTakpifK<h
zinHCBhwdDT7T40<{Vivd*d{@tzs1Mxb<h4*@dPeB@{c023(SzgL`)D4x%Am*(Pc2f
zM;yW_-{X=5E)N1S-8K>`d6UluCMkEo5?Bk1X91Qds}9tYosiF{)!WvCR7F>-ioUNZ
z+Qw0l3j7Ugs!T;s!9?B*IPrntG_{5D1%FUuVqDK){0Y#Ab?BVrI(}*n6>h%_If?jR
zi0+8bV3*THGCKDTw?`VqNeT-IhlE=}<OsK~kt-8!73F@z?O5diLYXVveivP(!tF~{
zE_>$`_$hiP%<-P`eMyqQQ*!{B-f4jz-rduI(VDApYngESYhuEded8H+B=Y&=Zvp^E
zklxTd40fV#F{*jLQzaV#f8vjCRF2igxm@<Po8eceoo89kK`?gO!+2(PlG1lM`WpJ?
zN$>iOR-Js9t?zHpMDNWrAtSYJ1EeBUQ}|QILF_Y1c1L;+oj@64*J783_?!~_2W5yY
z$`BjNsES@je1U>fBKQd<I3;`H)Vh7#eX3)jxrx84NQRB|k09h3Je8gmamDZHIESO<
zu`T>`R{Jm~A#-*&CXwZVWYL*Qn>(wenfsJB6O=Y1ZEfCxgSL5}Oyhop5_t0sn^@*#
z;@-oYa@Vhb6rMzkMVk@|!y;3+Y*S?F{v%j4?fPJz5{uKD1G@UD|B0$NMoEh97Y=cC
zLF91tzmqHD>WXr|u0De;N~%h<t6vCs7%I)IES?sxY=%wWTqHd_9UcVNX<<Z2`Mxbl
z;Kf;1_k10Cw0VzA1xl;#zjIhOs#057<hs4%$4V)^7x!`eDr$@d6ieqJa3xdp_{`vt
z$b8GI?Day@Y~iQlzvG3|9Nr#>!6UdYj-<rwG32;K?cXpmxPSXIoCc#HpQGS-)s#kf
z37T>QCz6zJnk0b%c2izN>%Go1SPR8ZL}y~==9xL59^zY!cv$M`3YTNy2qpeK2I-XV
zRY?L5&IDw}LKx!PytR<8ZNrfbcN_ymYzvL!_~TOw0AUlxhUYX+=yx=ZBgWw;jPpZC
z!9)fCu9PaLHN~iTyLXB}0aAhEsVwdD3J9?`B7JNN6Nl@`eb=EF`=3fN)k4*lHy9~W
zfjy;2Oj{m+0lX)s0FzWgQh_oxJ*8Wf=&4FH6A`^miGCZMfnNAnIn?b+^v$;DAVpuL
zM3bBP$E1=Y_ZI3L9%B&<9*{Z9jSjV-!<tV8MDyX`2{~<q;54C+Y^8`tDV8FbW<?n2
zFoa%J7Mw0zD}HW7CQ~HB!bZf7c`2B9J~#%?WOj{O0qgzfT9?)vteQAgHSxO)K&ikz
zGmseTh2Y%YiU2UWo>V}1(J@z{Yq?X9YNYnynC(H{77gO;Oa*6cay7%(kpbZpE{br<
z82i)+_|-E<;e$QhMoX%weWcQF348!u@SND*H(2TS@wt|MKZ8u~mC2%?GUZNFg|=vd
zhoIl21k<J;{+2#D5PHY9@Y7j?v9aMAmlpW|eUBPnRyD4h4YpLE)vj?qYHahWQDstO
z>?bmJ?LkXTWM)l5+dDEFJtZ=iLAsV}MdsE6M&=Y<nUR^K7$?FZky#KqBJ<@+L0M)d
z*D1>VM&^gefD?CCk}EQggevGo*mU02V$*M<Ghx%WIdoFK!3;F1z+|q8O^<YgrOg|5
zI#6156`6O++>RLfWjISVhRTEwr*Ssx82YW3*=Q9*U%AR<M~+jK{(@06<@-RAz*eq8
zO{KS^Qtv(-{3`L;7}`ht3?m+GTB*eU0`7t~J*LFpt;8>~#gCOXodx+lV(8|RfiN-j
zjuX%T4dwgq97+hse)N=Bm(PDIzpS1tDo|BkMGwXOVdax8OiWX@ih^4<(3$=5J+O?L
zeOlG@FlJ}`Jq)@5JLCUA@;06W;G}U@{_@jw7S9UA(&_;pb@waQJ`jD>#b#k(ZiIM?
zvRx?6(t@FD4>eY+k%3f2`FvlN-mb3}RY7&0aDJa!tP#Mby*(ha0JZng$)dkp0m~!{
zror9NCwHkn`IhRFpL1zz?DRE^eD8bM{%9+Iv?oFJ8zFqm_QY;HSp-#*>!bq|nyal;
z{1#bg9?oE!25sU!ebRE<uh3YIy0tVwYzq@-&9TT)B(_?+Mxw3`DW<=g0zMZiwPFwn
zD;~ll14)t!lc(K4W?T5iXW<Gc6V;~29|pBQMFvO@9xytDf35W-DU=Wni4KCu5gn%e
z2E>_lo1)xrbZ8|5!kHBv`kV+2geoe=7hmqO*J4*nul<~3C*|`b2^`IJxaqY&fyMhr
zF)&(lwMFr+I7v_&VT(L}yumLJ4V1TrI}+N6@xcp#4!+1vq@#B>a>uKN)+3j>)S;UW
zl=7`Eg@{yO3=>m%HBA@GIkb*E#G&<BRY!Uu#P=O1{V(*tM{hf%q4h2}d)9KWLo2aR
z4D<)|6^7Qd88nb@wj_ZYxRN$@Itx{J7h&&*dKO{p+#2W8o7(KLPJgRl*KQ#;e}xYP
zeB`rLp7_*M?did-f(0ByX8}fkp~Y9ACo@OYRe7j2wuLyvI@OJTULaadrAMWF&vClO
z<6riy{f(FQ+l}K6u^X>bb)@frcxcVAN*CL2gnWJXp?2fwKD8WdH*TLV208}rj&6)_
z?oIh_mL%{9mtCeCo1vU{8#Y0@4`jfsK_9fj-oUYIaSzph+r5Wj_tI`XB^sNFxyn2x
zx*UK!C5myl9-QbiXYCgDc&5)LD3x01U@2dj(&aIG2K9cq-#$C#5c}*^RY&?&h(Fjq
zE2b)kH1wi<YB|_G8+s`$lPsu$Z==tiISUqrZ%Y#RkSku(XWL#xpZ!|x%{Wi?w*(l}
z!&qtE?gK9Ye#QE*1b7s69IUbOKznG$I<HSHy^NL4E&=@U%a7-&GY_QbUS1GjFCTlM
zTukWF)l$AcaVd}roX^DAF8+)E6CYcy>PRn#_=7du^FKdSvkmK0OE0tKTsb{*u^6cP
z67jLC<n+rIk|gjIE?teCu7z@5_*7u9K!=ar?7!o0gSa@YRT8#90!;jvVts3x#X6Gh
z$~}XQ?ctdRzc`(xmI&$3Lj1v+c*zTgYT`%1*|U~|HSu{D!7|B$`{0Tg#vgIcO!@L@
zpj2SOM9WSeKMxZhehQsfz6RlMxf3TW$)Z6@z}58Sl<y|R8Mo)&c5v>;!hu7y@DZvP
z(?5jxo^8*47+FA74k=Jx(5IGzweTDBV3}mWneaqdcpXozQoaq61b#8Wvhe!nVBtrw
z0mF)1M~&>aON`ayCk&+3+mz5ZX#AA#9O<@zpF+)$I3LpXWA(|0X!T#KI?~f2{$Q<s
z=dMGw`ftJ6vzCLkdiVlZ2KRq16swQmA|mBGO_IRnT&x>AjYJjR<j)(cBUEQRJpMQq
z=*gm!m8ew^1sT6mG9KWelacX<j{g%|FHuXM^e-X4rxkL0_~)t0A$fRRpIQ#q)&tIm
zWs(I~z$fA1k8|=*`JRy^uy>qgrzdy9*1JxkQGYpCcuuAtr+gb}%~aqbd)<%#@qQe5
z*daP_nd-RojSzpZMt$*ThicTL`qXl;Mtv+O1{wh8gHf;J;Zw?2CrRLL-UcwvR|)03
zCKo5*dk44e9oV)PUq@8847j~Swj3K?x^?b*gn!$C_VJ*Aq_DYg$Oc>xIX2*%o)xQf
zV!q|61X<M`YHYH15s90`Js!yz3{81RK+0VA2xCx1ZNMKr&!t!8!?|F93pi#|K7L~v
zj<ODSFfs;M1U<aS2w=44`W~S=#>)4{=OAQap^um<W>8Cn)&BT)8b$BbqJuXT0>lH*
zAa)W$os>@)W||yq+<a69k&x}XcjFPV6KQ#iuGAjf)`>^Tx5KI88j-gfHr+&1m>pru
zDd?1r_<dTJy_1uY|N6GKPt4mL>l`o!r#u6L>-|sORloxQRT^C1dRM`6fH5J)10Cf5
z%<3K99<|%#l4p%SK3YMt_e6V!s`d;y`1U-4JCsmA+n%XC+q12+1Sd|QxHZ$_(F$=}
z2H`41YX&h~ArcwHFon21gD6ypq(<~(wS8zqM|^{2HRgL*ZHR3(mReRL2&*xn)$WHh
z(<87G7K-e5j+TS$_gnlBfOBT{Y|jpk&h3alh-x6qVdpa6L(P0!O_o|}5`>yepk~I|
zl=rQ!%pmj;;261`f%6B9r%YLDojMJioR2ZNhzjZh{M6yV2rcjD-~p*s+oX`(Xv9k8
zrF2$j_25m|$e6K!LY`qUkgyOJvWvha*__WE+_M!tj433AwS_}siXcpg-~p#Z5OqFV
z-7ebbn4&26d#Lv~8Ir1!Trp(=R8cYI%2_UB%41~`Q$FIRH03*r!6X$Z#o9I#Qx1n%
z??i0bjOIOJ$^d`-SA$Weo+}VL;HexMX>7cW3BI_&R_ps`8W~F$qFf9;HZEP0h}SAI
zp`I>~{|<F%^w><7st$mv(D6YP_r{M$ttRl-(!#lSF2#p9K~7^;*i&B#@drCWKKhI_
zdJo#(mu0`l>i+;|PnLt7AXBAcpx4o*m><sOIwR!^N)l*3*|O6NRN-BEEHL<L3hXV1
z=z3^KZ^<JI(l3$=vIo_0Nh6y%PM`Wy;QKvJCohiEZ~6@C=y9Ab1#(+eiC2f`N)6l-
zT}ykVe#fw_&ebt8RUyy&@oXp}L2L^@hZ?u|+6<R&@mG3B%C|)|_h@@PaLJbax<&aR
zy2YhxA(x&B@jW{%_hR(!rw`RFUIS;(S`OANmY*vIdI8=6w>U+{wr`>u;@6FYrOoge
zgDSk~$6zrkc2+k(d$<Lkag&iLPrHd*$dX1Pth#ADnJv^*>OPB>Mn7q!BPG|dmqDXk
zjVpq7g%JF7so|#2gHDHxUUX_H$3+Qbh<aZSZhQM29A9F&fP3ch(4xMzy{+q9{1^wy
zw#Qya8RrN8le@ALfmF=twIhqmRL48hTx6gcHnmh9i3}z_W-RzOMi1^E!4cu+&x*h5
zW~D?W(>hu#Yp0c<*SDfBgPkzR0FjhWe#w3ef*0G21Hl_0QXP)rR!KDgMa4TImk}!3
zaJKa72khLG?`YMXBSu@@dDUiAmOC0A>N(DTaE^clE`a!+4w>8Szx5Q`Ew>%}vg|h+
zz5&jjEC=iMYt9k_{pK8T`w2V>OZm=}B(P+JWv5A~qRpFi6i_%_Ku7E8OMC;5PSH1U
zzmNSwpUXMFZ~h4g#mhN`;g%vfWPWE3ez1#@B%pROr{?#TP0X6dxE1Ao=l5Te0e2%Q
zGuQlnF;r3W`>N?KqvMP477YGlINb5wR!IVtCjv5qe;mYm=X@3zt$C06eV{+S03#0d
z(i{?$>E`%pnD}4e!fUrI!sifw%Lpu!6mXb7{*nv}#S#A(2-HpP+miyc%H0=8+)ZPo
z%DEWZleJ4dt*KlFLsJSecd+rKEFVg#N#x_99kS;q*HOL^CN{QYxmj7NZfwicC{<6}
zq$VE$jH+XusFR21Z)8mv0;}f9Ja@N}9lKvw_`wrUhOR(T7*sgK6$FvP6;?edO%~@!
zu2Yozb%kAIKwz+3q0e)7v!M!H0Z&3SOmpc9JKzy;g~MHRXUaE5lE7sr05Yy{62!K7
zldzRDs;j3vywXfiLeS%jEKs?8=V_Y6IRCnKZ2Is8m`qoP@#PKxvGx+x+iIr8!w!6|
z0m=I+`G84MJPBX*2SZXmx21=-%7YLF9M&p~1}tn90Sau5Q%XON?Qt`Ma5e77ETuNV
z^&KtoVQ;Ft5DJwl&r9sy)-_^VdIV>RJhj;95>5CiUtl8(e-;YCfDs*HoxR5-<ElKE
zY>{t<q0c4UV?$tQ_zW3G4MwXt9Uk1&MUb=+Sr}4QNe6VRD;}pRsA8>hD<&$!2qK4D
zjYP}AquokT?$@nuAOn_PmRt3CEa06VnFw>t87|$b9^M7Fdg60v3(f>333PLfY2500
zXz#s-Jvh8dH18Q<*6@jUn&T6H>eBt+#P501<>~q1z&FQ^`@E==Zi6O0Czae&*I&?3
zSdYP>FUx+XuG9L|(rfDS5G?!oo=LLk*?>!v9y?V`+N6T^Y8AA<Kio3u3Ml6#e0<h(
z1n%eWJ)&)|uWj#;?73GPLghK|Tm2o8lg#)??E`W%U06NZ{kO-^N;o$jH9SvMejmCO
z{dt_Ke5|T`f?fH?KSbq+qjJ<Sr$-&?+1B25+^*|DDEjkcY2Z{<$CD>Pjg+rLlE4dC
zfM$H=Zq(7{efMx4c07!MNR7SU<6J5!V5~h4rw2c2`I-J6jC?oZiA=E!Tm3!E>_cJ@
z#(;1<)JepTLchkg@Ke4dalTUQTT`U*L8Vx+Qf!i~*uOWT@qUPcQ&2STyLVMZkBN1K
z{Vk8@p<}x${Vju$@iuW|oO>PS@3H+j_&dGtx?-pF4rtQXGy8uc<rvT&nloS9r<PvM
z+~ZE~STxzX(|ZCyWn}#16?Em(foGLO&o$YJ^t)e9a_RIZ!~NiQqu9EX?;RdEqyj%F
zlD2L_&pGK^egM<oHAGBLNi==BBoRLWotTu*OoS&rOfTWuA778Dz!3C`*WOJiQz{O!
zRcy?vh#zMdr&RnRoh0=HyFHnr>&%t!KHWdUQu06HUCE+<P6TDLpd1Wn(@P{s`Hod>
z`ZE`tCN@3>a<Bcco^2||p$Vj8mUviC4bbK*s>Rznhs(k0R}DB!jv?<dV4;BP6o_S7
zJGz}x^qvKWd|&LAU$?jgNvnQ{a0@AJUeRd2A~{$h#NL9<Ye9q=fyH^d53q21{Lze$
z9mK-TYsC-=eo<=X@b=#pL!V_7*t8lDjv_x1E%~^PRs*{_O#ggJQX|yT0KjgVELA=b
zSy|DkW%lRxqZQTwkds+V4)osdp~4!a0yKc3da5wBhYHXM>l`j^vPzCtYm_X)RST6Y
z0&AQPd$3@Y^HC238rqdbw8sBS0lJ|>dNy?O_fdVn>t-I{s0TPVWAMQD<N@Xu(yLYU
z5cAAdyqKMmO7W3z{VgEbZp*iTc05dmu7UFXhY2qIyAf^<|2|30{j=2EKj28#p}(y2
z;(x%uJ2A$fZ2ui}6Da!EJ8yeZ9zM@@P)GdxdM?;|VN&v`;6Rm8hspANpsH=SNuZiQ
z@>H-eH%UyS;Ha6D16DtR0}Q&+`b?Nm#(+a}43tVBdIm;h3)6qcxJ8MyOAQjW%d_0?
zn~!8#*GF`porkJK_s?I*X{0LKVbusFr1qSf(ed9C^>I=SQZB5>Av+L3<X9?xM6S$I
zQBm%9sW?YzCzQE1qub#yYBT!RaW37Z6kY>&xt*I${N{lqf#2{Bf^nB`K@abT+;D2m
z)lyOIA93u@&WW`btKpdYyEIdktLFP#Ho#iRqIy;TwqmLOk>jNP+c~$S0t@W=N3i~h
zs6SaWRq>?2(@)I5gEEZP9;!<g4OR@-s7fAIm5frAyvx<EA>R!0Htz*20`*PGn5=2w
zgk0(5`R^G1k#v2Uo(MO4`$5{#-|`i3cq8$l$5H}Eq-G(iXyt28W52`o%`jSO3qSEq
z9v&*;Ygv@XTX=NX<!59N+JnbnxCu!W&dF2=mD4`u%_6$|A;twQXN+>njQ?9+|L}Lk
zodkp1jR$nvm5?j@8<L{yg+rWH5ILN7rm98nZxrQzo%YLQ!2KaslFMm*P(?ZI8K<G=
zlLcQwx58<EiyMM)+V><0jPP0g`8HU*e=%}u&6U&Q7Yb-_oPr`zlTjxq6Y`U>u`SOs
z;P~VJVl3&1Z#bZh7JLW7xCbODY7!2yksxx|=tNpJGq4rqer>dj3`tc<E*p6d8XJ8U
z#|W@d?O3tV4>^=lz8574{FC<pjL+|c_TC=0Rco$nwD&@7i0EvU$&XG~8HYcT^5fAW
z{xBsz!gYAc7gpl$v&Aog__n=Y&<-CRhFa+4I8WXEFRXU*+A`mV{nA!tJt=Kjt)TS^
zYE+QsT&$p7O3ng6*2=aFV4HWYd`{!1_46$1M<~^o)1NtF0XH3L0ei%^Q8&J+Oo_Pm
zo{n?o-RRAJNZ;H5(k}`r7uZ|*k*>U-wB(4lul8Z_L`k<HjIMrCi+~eyi_=PO<#-Gr
zPk|4=jVa$bRD@5l{>=^o9g2rgE&Qg(e`0=tQ?h6;zQe=3^#eXDkM4y6X9?<w2_b?P
z=?ARtXhX#^BvI~AvRRH{z9hN&$*h(5!fiVkK(zN;#sUETAON>+0A3P+n@RxB0uVC>
zlg(Y#!P6(puSiD=(#NB9&#B*=PTaf)KYoo<{e}1ugA3b($+Gs~^s?PeLxj;gHy;j^
z#1CU9%XZ_gK@h({jVxHo_8|pJS=xIGtp~6V-{EUd<Cn1!3(L}2R^kU}7N&z$&*3|2
zuOg=VpFHY_R(#Dw2(b~tZ)V3jOA?64kcHi;un**^*h`1uRzPnNU+W=4Gl-b{Sm#+8
zF{mF}49Y2{ytf!KfI8NBZla%BPs)<V%JvO_DcJsf`j!d4mgT=QubVxl@zb{ZTjZB?
z_ivBqv7s^c=p`|)`P@D>>PN9wOG4IEJDs!lHuqsaSQAgSWtu+8nz$b=@@<YxpF<1w
z-%fFhUHXU3dpX+dM0;!5(;%Zyr6rAZcFE5`8{Z<V{B0jxvdbSk6=QWTtRwE2hCBM7
zEb%|NkWvWomX`QIyA%~#gcDy(ya(Tlm8J89czW5s$WNH##<1*Z;cYE@YwskBCzvdR
z@V7ukc|rbSSTn}~s@fNv_<Rt*>JE9R1sJFodG>!xwOx^)?44^V@;_)LM73SJqxAC9
z%jPCtDP35K-})c*&CkhC`HyEhzclghxrq<wjd?@fakA~-1JeF`8QR{7x)XnIet&;n
z;^TRV4`(OdE$u$)wP0*VUU1rfHowhxpj>@z={2R-mR?s{v7;^fd;kB~fu83(Q}kO>
z^7vcq{~up@y{^N0U4svB6&B|2_Zl+5x&{sy@R>n_1{D-$FDEa5KtbVPXfbe5FI5!i
zNP@VcOY<eo&r_*JT9Cn;R8b7b8=y&5+8Z`<^2RTBN{XiympG%UrPugg%TTo&4ZDq%
zk*1J~x0i;Ngd#3pA=$hv)DU&?CQNr(<x0Li^6Fsu<@1YYx#e?bj~!Jq^@?lV(wSu!
z%|6o|)x@3j!OLq5N2327`l^O#ea(MQU%c}3;PpZKKwsAgj)Ss?(g)u&aGYh$O;NY0
zF;rDov&s$CMQdTZ@#CxN>u5WeZv1%lPFGO|A9zJ)LpaN^I2^6b(&M$M8HRCgV_nr!
zmoL@CN67H^sBirE+AykLQ5$MN$1M*pt!r4~RyMhn8IfAQ=Eg>dsdUlGXe3<k&Y4XL
zv8sDkP4zisLM3ifU3JI}*MM^V#j`G`m|u2DdFiYR$`-hMS18<M1sdq8H?qo`PJ6ZA
z$eg5vieAl4R7$^r)m;{@4vll8wRKG{{=-^sZDUn95*mL_ZR3h2w;pe0brv@8CA@S=
z^`=!_p|U_#xVgUCr3rPRdJSuaCR@&TsJcy2d3~&Sv3_BzN=A=yRaa}nX8HK8RPf;~
z!Oe{>+}`DjS2LD_8<xu3Z{7NExY3pOv0~(~w;Lnjs!&stTU{5zn`Z@AA@8eY6@ACf
zc^5CZ7$aw#i`NEUe5o2l*``-YCH?Wu$&6UM`_;YZ;@M^MO0Sd#Djsx`>Y-v+-YR?M
zsA`PPzV&B4y@#3EuObbv=5>|CaV}pNYjq=DQELW#U%9<3X<Uw7>(*2o(QrrY6VO)=
z7cum*O1_RcV{h>Y*sqsVyiK=fzX;ug>d^8D%@GWv@G^^o&g=FlbMVsN8^zPL664`*
zm3S*J`!BSzDio^5DAMra=9-#NMEgnK_GbG`%NnQc?$YoW@2A37)vKBN^@H5~sm;>2
zH#t@+qG7!8ITEUv==1<5q2a)yRL~Q9f|INOr@LKVY79j)11s|uWmgwvJ%w*GHdtkl
zESroQrE&#LCj(f=8y&p+_M@^b`~t(q9%lUq0=%V~ri_MGMlF4f`!?10Q^+xbcUrrA
z(~T=H&bBpHWq8|-DuRAOn=wVG;fCf=GaRKkx}q{t?Ji!0cX^XWzZ;vw-;IQ#%@Ib&
zhR~AAXdPacOthw;yv*yc-Dur1&_P;1<56`peJ312G^n<{Xhmpow%DyjU}{*7S5|9l
z%j=xg^yoBaf~UM3+zmCzThLLf=*~`2k~FgnZIo&c<;$n#%34XuiBzu0O5lKE!)hYo
zWte!X!pj&OjNFX%_;&H0;|^|{F@`pfs?O@p#dz`el*v>aa|J_vLltJf^DqgGYI1`M
z7L-rG+uVIaf|&UjG<`!BHZF-&R)@}XGgk5qnWY9CnscVB%Y8%UhpNV39$GwKriAf$
z54qy+iM}ipX%e=Hr~8KZOqg>rvfXA?9l9O9f!UYuzDB@`qG7Ib=W(!RW|q<;Ka0`!
zgl$$~C^a=zE>Uxx8Y&ev)mN8X3v<Xsowd<_hkxR=mb$g52<mahtPVx-et1kyXjaxw
zP*r6VOS~m@RhahhUUJNM&5~e3&h(bkqg%3br|A%PV#!2zKGp|SwUkgE31j9B*B^TK
zs99F^5cJKqUk`VL>c(&bR;=2F+K<oxI1Rj9oNsYxRT#7R#L3!sv9wY4=x6+0KEI;;
zQq0M-E}mB*Q?k2gRMVm%4y=HgU0S0CComQ8xT;W1bA5$+m3pLU`NZ+3yRtZ29CAyr
zE~;#j)mTk^<r24{t{$#|^`I;dxxT>S2dgnzB`U??u(C3%iBzIN=#Ev=We^6;60XG2
zZ!=egPSWknO<#|tyYa_~lLCfbuRB>eovW^)8L=wdK=I2^2_jZ_1$%DJ+=~>hSU6`{
zd|VMQ_D;akO7k^0)N{&gjD(iEE3k+Jw=<Wq3G;IpE4ym5aBZwyRUbw;FdnZaS#%ZF
z-gV2Gmze_2%d9xt--|1&mX7B~Rk(4L?mpd}5`U^gtR^$`w7;8Z7nbqqWRzOCV9rz*
zQ&kjkOErcq8c&m`COO;zMH(vWGo1~}UYH8w5PE!)o6Bk}ZxFt%_^j~CNmPK2gsMWA
zBH#hqN`}`M273mBg1B1Pba5oS6bl#@U>OECP&*0(sSfTV_tdIWjZM)o#ObV5a`aut
z7=^+awv0^SuWdYYJg*_6icf1AB3T8C0vTE(=G5?h>(BPD3{*2frKTQBHDmmYsZC^+
z^#<Ic|8+*+_BA&wZLpUZ#^4#v7mYftm;*isp|Z0bH<vZmBcgITcb9}Yb|kbr&Nsf=
z-TgiMJ%PVbcXfB)g1_(JZx{YXtpkj|KjJU{Zalw_zheCD*p9MiySwlGS$Fr~j=q0)
z;_3QNwyHn9qtxL;Z_Z^;%~g(r<&2|u%xYtcV5IlA+%7tGjmxJvOF~#e$p%oiv8r+X
ze3s6fHM?xidBM5oUoh{&i!Ls|<kI;I7G8Gw6<1zWxwxu2RI{YE?)s(m%NoLsH$<AE
z&C6G;Ty<l~#7U=54oo>?>a?*FC^GN(0n^Ko;{LGnbZd9_eMqlKb$36Dv>s_a(&cw_
zcfW>oz@6RQ|3cd2b$6eDGr`wzlm9HF*Syo+eGSr|BYhAl4kzWxyYW&dZ{@JO;}0KP
z*p@eV81X0Iuj@<Q-T3lD=IWo`aZUyW>4!tF4Fi!GI&99+;ph85v!ZaVbMA4|Pdoi&
zJoBaMn~k&$a`9kQ<|6Mk`1=alks`Kq=&)P!XZZ%@w?ZQ&`zD~fQQml!RX$+pRU{z)
zefYaL-Q8Wsqcp=mpgP}_KMnNyxAAx}+MO-`LLSSh(`)$SlMxa)XAT{9Xa3Bg!|xbS
zHq=cGoH=y#mkNSIOKu$$96B{N_`;zxB15N^4lOAiI(p_%7j&SXIkb>J!|j|5`R-rU
zuMYwI^!n5SpIYEk3w&yUPc87N1wOUFrxy5Mus|EWY{sixrwYn`a*4;Qclw}0XYfDP
z1bm90SNm|4;z=yI-oII;_~waRCHK0L;-PD~%o-NY<;gWwmvcSJ%anicNq3m=dVQO>
zfB>%b`eY2xvdXnvmzx8#pAJxXJeDMvR?opR7d<Xb<}CV#D|ju&*`o!UbvquNmkSR)
z$(6>}vUnMM8y<t=W%Ry63*w%Gm#N>F-O&BBTeT176cnDYmi9VY9v%P@*yy=W!wc{T
zBd`C`FxSuj7gxFNm)^2J)D0S>JNRgwo}$w!I-R4_%XC_!)8#t7Ri}6B^dX%-sneZ0
zeOae(>hwdM4$=;Ev`$aa=@gyL(dlJ6t<mXno!+X`yLI}IPM_52PMyB2(>Hbcp-u;B
zhdx@Tr|5KwPUq<KGM(1wbh%D%)#=?jeMqNI>U5`0U)JfHI{i?mgY<woTBoPzbc#;r
z=#<|q<W-~7<vP7pr+4f0A)P*{)15kfS*LI6^h2Ev!c*qFj@IcZI-R1^IXb;er!_iV
zu2aSRKmRP;;Pxv7<3}!2*z>TRXYi(^|8!DdYFX)=(!lt#X%i=ppM1vb((%&*vr5O$
z3Y5+)nLTT2VCKY${c|d8^v?cEO?>^r0m^UD<%Zr!GjQSn<#!yQ{Hq5j|Jnh{zj=W2
z?;N1~u>+JpuFFlkO={Y|=>YssAE4aG%axutYu1_W=!J`$8=}qb8O4F(lJTcE3p8={
z#Hqz4lgB8m;}kd5;`T+fa<Nk^XNHYVF>ZQ<ic4qC9UrY+qM;=X&BcqG>*}k=*Ht^k
zgmA=K>l9b7YG_)uOr_C?Dp{^>1@!<bP!<W*SCT>J8tbF1vJRif7B2}SBey7vYk&n&
zxVkc0=@f@*E99`fqP7}B45U~qDkG7~RgQ3&Jh@mG1c+Xh%j&9-5m}3ynw(<XcjJwL
zT&DYP;W<yUPtE*0RcB19!%aq}>3@U3W4AIF8~z14V^Y@;>Xb)q_H_~f&gF(bsxu}%
z*(OH5H~(bdKEzyX_|1C7q%7xU)-PuMS6Ih62N~MH@SF9FNq6am2A3slyWuzMiaEe>
zjbQlA`pBeaJp>ZDdfV?JU=b)Y`kVEINgvXDMt@U}Nv}pZ*DeM&>lc%@X@2TYJ&pbv
z?OcxxZEE<<ddj3%=mJx};WzE47m|M_{&<=7nMuuhj{IE1_2yp<9Bo4Vc$xLANzJ-X
zmG<rbRVc9eJGEjam9t&LjMS{xOxn_mf32P$O=|QtA`EO&p8eYOw`qQpE?#6fRch)r
z*smgE^PBa%NzFRe(D(NLuWNqOe+~`GOQ$E{YiRc6+5qz3#vki9{3mONG3kO{^u6o<
zK`;K5n%|_g6mDI{ZU*%fGF(!db+*~Bl-#Q*dea-&q(1|h-{Lp>nW+cK{}OnqqN#tz
zy)GcfnW6c6_m?Ua68ZQ8KF!!7!mQiN4Zk+5@o%HIk=qI$yMD7DTJ#M{bDUPwF$&C#
zA0y{2;B9_qgR3YvsAN$ueqE{x@%aw^D9f~e(fuwU$60j0Bu<G+GM{cHr!wy$Vg0@7
c4F8y3^rYowr>1UIqCOM4{(ss?i_f6{A8lKBl>h($